@ledgerhq/device-trusted-app-kit-ledger-keyring-protocol 0.0.0-multisig-20250822145545 → 0.0.0-web-ble-29-08---20250829104351

package/lib/esm/internal/app-binder/device-action/AuthenticateWithKeypairDeviceAction.js.map

@@ -1,7 +1,7 @@
 {
   "version": 3,
   "sources": ["../../../../../src/internal/app-binder/device-action/AuthenticateWithKeypairDeviceAction.ts"],
-  "sourcesContent": ["import {\n  type DeviceActionStateMachine,\n  type ExecuteDeviceActionReturnType,\n  type StateMachineTypes,\n  UserInteractionRequired,\n  XStateDeviceAction,\n} from \"@ledgerhq/device-management-kit\";\nimport { type Either, EitherAsync, Left, Right } from \"purify-ts\";\nimport { assign, fromPromise, setup } from \"xstate\";\n\nimport {\n  type AuthenticateDAError,\n  type AuthenticateDAIntermediateValue,\n  type AuthenticateDAOutput,\n  AuthenticateDAStep,\n} from \"@api/app-binder/AuthenticateDeviceActionTypes\";\nimport { type CryptoService } from \"@api/crypto/CryptoService\";\nimport { type KeyPair } from \"@api/crypto/KeyPair\";\nimport {\n  LKRPDataSourceError,\n  LKRPUnauthorizedError,\n  LKRPUnknownError,\n} from \"@api/model/Errors\";\nimport { type JWT } from \"@api/model/JWT\";\nimport { AuthenticateTask } from \"@internal/app-binder/task/AuthenticateTask\";\nimport { ExtractEncryptionKeyTask } from \"@internal/app-binder/task/ExtractEncryptionKeyTask\";\nimport { SignChallengeWithKeypairTask } from \"@internal/app-binder/task/SignChallengeWithKeypairTask\";\nimport { type LKRPDataSource } from \"@internal/lkrp-datasource/data/LKRPDataSource\";\nimport { eitherSeqRecord } from \"@internal/utils/eitherSeqRecord\";\nimport { type LKRPBlockStream } from \"@internal/utils/LKRPBlockStream\";\nimport { required } from \"@internal/utils/required\";\n\nimport {\n  type AuthenticateWithKeypairDAInput,\n  type AuthenticateWithKeypairDAInternalState,\n} from \"./models/AuthenticateWithKeypairDeviceActionTypes\";\nimport { raiseAndAssign } from \"./utils/raiseAndAssign\";\n\nexport class AuthenticateWithKeypairDeviceAction extends XStateDeviceAction<\n  AuthenticateDAOutput,\n  AuthenticateWithKeypairDAInput,\n  AuthenticateDAError,\n  AuthenticateDAIntermediateValue,\n  AuthenticateWithKeypairDAInternalState\n> {\n  execute(): ExecuteDeviceActionReturnType<\n    AuthenticateDAOutput,\n    AuthenticateDAError,\n    AuthenticateDAIntermediateValue\n  > {\n    const stateMachine = this.makeStateMachine();\n    return this._subscribeToStateMachine(stateMachine);\n  }\n\n  makeStateMachine(): DeviceActionStateMachine<\n    AuthenticateDAOutput,\n    AuthenticateWithKeypairDAInput,\n    AuthenticateDAError,\n    AuthenticateDAIntermediateValue,\n    AuthenticateWithKeypairDAInternalState\n  > {\n    type types = StateMachineTypes<\n      AuthenticateDAOutput,\n      AuthenticateWithKeypairDAInput,\n      AuthenticateDAError,\n      AuthenticateDAIntermediateValue,\n      AuthenticateWithKeypairDAInternalState\n    >;\n\n    const { keypairAuth, getTrustchain, extractEncryptionKey } =\n      this.extractDependencies();\n\n    return setup({\n      types: {\n        input: {} as types[\"input\"],\n        context: {} as types[\"context\"],\n        output: {} as types[\"output\"],\n      },\n\n      actors: {\n        keypairAuth: fromPromise(keypairAuth),\n        getTrustchain: fromPromise(getTrustchain),\n        extractEncryptionKey: fromPromise(extractEncryptionKey),\n      },\n\n      actions: {\n        assignErrorFromEvent: raiseAndAssign(\n          ({ event }) =>\n            Left(\n              new LKRPUnknownError(\n                String((event as { error?: unknown }).error),\n              ),\n            ), // NOTE: it should never happen, the error is not typed anymore here\n        ),\n      },\n    }).createMachine({\n      /** @xstate-layout N4IgpgJg5mDOIC5QEECuAXAFmAduglgMYCG6YA6vlgNJgCeADsfgE4AiYAbkWMoQQHscAOlqNmLNFgDEEIWGH4cnAQGsF68aymYA2gAYAuolAMBsKviEmQAD0QBGfQFZhADgDMAdgBMXh24AbG7Ozl4ePgA0IHSOnsI+PoEuzg4ALACcGT4BAL650Tq4BCRklDT0TKwc3IS8-FYiYlWSGJjSYCwsAizCDAA2pABmPQC2wpotOgbGSCBmFoI4NvYI2cLJbj4eAZnpgWlRMYhBwofByV6BHmke2V75hW3FRKQUVJjNEjU8fEuilQkOmksFQhDqsFgMxsC0s1jmqxubg2IT8XmcGQxaQcDkC0ViCA8+g8wgcXi89y8+jcGWCPjSjxARTwrzKHy+1S4vwaQgBWlaMk63RY0LmsKWK0QSJRzjRGKxOLxxwQgVxwkxGSJaWcHhuHmcDIKTOeLNK7wq-J+dT+jWEAHEwOgACosVCwdCETDMHCyeSKZRqBQwZ2u92e72i0zmOHLBGIA36YTeDG0hx+BzOQJHAm7YQuTVZfTorxpTJuRnMkpvcqfQGc2r1f4OkNuj1epQdLo9PqDdAjFjjYMu1vhpSR+bRiVxhA6kn6HEZ0vOfQXfEnLwJZI+fRpYLZLPaismqtsi0tK2N23N4dh9s+0HguBQowwyeNSUINz6RPhTXakJpG4JZroSO55jiSROIcRIZkeWAvGaNYcuwXLWjyIjXqGbbep2wrjuK77Tl+P53DczgAUBaQgZkrjYiEZLXJikFwdgprVuydYoQ2Nq8gAorY6AsMQ-C8TghAsIwSxiL6OAKEoKjqMI-GCcJ6CieJkmNGI+FvvCoCrE4TjCKEGSZNutKeJ4IFksiPhZIksqpIqO4sQh7Fnt8qGXnxAlCSJYkSQwUn0Lh3YDMMYxKb5qnqYFwV0DpiyEfpjjzg4CQGjStypG4pZeCBbjpcu35EkEu66rKrlsaetaWl5PEiMpflqQFmlCNJD4Qs+sxRklel2I4uoZBlATeHZma6iBWruEupnJtcgEPEalasuatXnvV6FRSp-kaUFWkhUKPSJTGH4OENI2eL4mLXB4U2ZuqkHBLiZH6s4+RGjgAgQHANgrYhHF1dx6Gvn1sYpQgAC0DggZDrhZAjiNIx4VUnmtyEXg1fJTG0oOndOaT5cqPghHmPiyjRHgHDuKPLceq1IZxmNbZhI53njU4Q4TrjomSVymdi5UgSTrghCEf5Zok6K0088HVejTObf8TUxa1+3tfQHPJQNax+O4Li5bKxJFtkwtfnmGS5Q4tLJpbYSowzgMbcD-wAMpgl1Wv9QZu6BEmo1UwcHiWdmUpgTTOS0vompkjLxpy2jjNA9yytdiwXvgzr+x+zsniB7cIfUaZGxkmSu7LoEXhfkt+RAA */\n\n      id: \"AuthenticateWithKeypairDeviceAction\",\n      context: ({ input }): types[\"context\"] => ({\n        input,\n        intermediateValue: {\n          requiredUserInteraction: UserInteractionRequired.None,\n        },\n        _internalState: Right({\n          jwt: null,\n          trustchain: null,\n          encryptionKey: null,\n        }),\n      }),\n\n      initial: \"KeypairAuth\",\n      states: {\n        KeypairAuth: {\n          entry: assign({\n            intermediateValue: {\n              requiredUserInteraction: UserInteractionRequired.None,\n              step: AuthenticateDAStep.Authenticate,\n            },\n          }),\n          on: { success: \"GetTrustchain\", error: \"Error\" },\n          invoke: {\n            id: \"keypairAuth\",\n            src: \"keypairAuth\",\n            input: ({ context }) => context.input,\n            onError: { actions: \"assignErrorFromEvent\" },\n            onDone: {\n              actions: raiseAndAssign(({ context, event }) =>\n                event.output\n                  .map(({ jwt }) => ({ raise: \"success\", assign: { jwt } }))\n                  .mapLeft((error) =>\n                    error instanceof LKRPDataSourceError &&\n                    error.status === \"UNAUTHORIZED\"\n                      ? new LKRPUnauthorizedError(context.input.trustchainId)\n                      : error,\n                  ),\n              ),\n            },\n          },\n        },\n\n        GetTrustchain: {\n          entry: assign({\n            intermediateValue: {\n              requiredUserInteraction: UserInteractionRequired.None,\n              step: AuthenticateDAStep.GetTrustchain,\n            },\n          }),\n          on: { success: \"ExtractEncryptionKey\", error: \"Error\" },\n          invoke: {\n            id: \"getTrustchain\",\n            src: \"getTrustchain\",\n            input: ({ context }) => ({\n              lkrpDataSource: context.input.lkrpDataSource,\n              trustchainId: context.input.trustchainId,\n              jwt: context._internalState.chain(({ jwt }) =>\n                required(jwt, \"Missing JWT for GetTrustchain\"),\n              ),\n            }),\n            onError: { actions: \"assignErrorFromEvent\" },\n            onDone: {\n              actions: raiseAndAssign(({ event }) =>\n                event.output.map((trustchain) => ({\n                  raise: \"success\",\n                  assign: { trustchain },\n                })),\n              ),\n            },\n          },\n        },\n\n        ExtractEncryptionKey: {\n          entry: assign({\n            intermediateValue: {\n              requiredUserInteraction: UserInteractionRequired.None,\n              step: AuthenticateDAStep.ExtractEncryptionKey,\n            },\n          }),\n          on: { success: \"Success\", error: \"Error\" },\n          invoke: {\n            id: \"ExtractEncryptionKey\",\n            src: \"extractEncryptionKey\",\n            input: ({ context }) => ({\n              cryptoService: context.input.cryptoService,\n              keypair: context.input.keypair,\n              stream: context._internalState.chain(({ trustchain }) =>\n                required(\n                  trustchain?.getAppStream(context.input.appId).extract(),\n                  \"Missing application stream for ExtractEncryptionKey\",\n                ),\n              ),\n            }),\n            onError: { actions: \"assignErrorFromEvent\" },\n            onDone: {\n              actions: raiseAndAssign(({ event }) =>\n                event.output.map((encryptionKey) => ({\n                  raise: \"success\",\n                  assign: { encryptionKey },\n                })),\n              ),\n            },\n          },\n        },\n\n        Success: { type: \"final\" },\n\n        Error: { type: \"final\" },\n      },\n\n      output: ({ context }) =>\n        context._internalState.chain((state) =>\n          eitherSeqRecord({\n            trustchainId: context.input.trustchainId,\n            jwt: () => required(state.jwt, \"Missing JWT in the output\"),\n            applicationPath: () =>\n              required(\n                state.trustchain\n                  ?.getAppStream(context.input.appId)\n                  .chain((stream) => stream.getPath())\n                  .extract(),\n                \"Missing application path in the output\",\n              ),\n            encryptionKey: () =>\n              required(\n                state.encryptionKey,\n                \"Missing encryption key in the output\",\n              ),\n          }),\n        ),\n    });\n  }\n\n  extractDependencies() {\n    const authentication = new AuthenticateTask();\n    const encryptionKeyExtraction = new ExtractEncryptionKeyTask();\n\n    return {\n      keypairAuth: ({ input }: { input: AuthenticateWithKeypairDAInput }) =>\n        authentication.run(\n          input.lkrpDataSource,\n          new SignChallengeWithKeypairTask(\n            input.cryptoService,\n            input.keypair,\n            input.trustchainId,\n          ),\n        ),\n\n      getTrustchain: ({\n        input,\n      }: {\n        input: {\n          lkrpDataSource: LKRPDataSource;\n          trustchainId: string;\n          jwt: Either<AuthenticateDAError, JWT>;\n        };\n      }) =>\n        EitherAsync.liftEither(input.jwt)\n          .chain((jwt) =>\n            input.lkrpDataSource.getTrustchainById(input.trustchainId, jwt),\n          )\n          .run(),\n\n      extractEncryptionKey: async ({\n        input,\n      }: {\n        input: {\n          cryptoService: CryptoService;\n          keypair: KeyPair;\n          stream: Either<AuthenticateDAError, LKRPBlockStream>;\n        };\n      }) =>\n        EitherAsync.liftEither(input.stream).chain((stream) =>\n          encryptionKeyExtraction.run(\n            input.cryptoService,\n            input.keypair,\n            stream,\n          ),\n        ),\n    };\n  }\n}\n"],
-  "mappings": "AAAA,OAIE,2BAAAA,EACA,sBAAAC,MACK,kCACP,OAAsB,eAAAC,EAAa,QAAAC,EAAM,SAAAC,MAAa,YACtD,OAAS,UAAAC,EAAQ,eAAAC,EAAa,SAAAC,MAAa,SAE3C,OAIE,sBAAAC,MACK,gDAGP,OACE,uBAAAC,EACA,yBAAAC,EACA,oBAAAC,MACK,oBAEP,OAAS,oBAAAC,MAAwB,6CACjC,OAAS,4BAAAC,MAAgC,qDACzC,OAAS,gCAAAC,MAAoC,yDAE7C,OAAS,mBAAAC,MAAuB,kCAEhC,OAAS,YAAAC,MAAgB,2BAMzB,OAAS,kBAAAC,MAAsB,yBAExB,MAAMC,UAA4CjB,CAMvD,CACA,SAIE,CACA,MAAMkB,EAAe,KAAK,iBAAiB,EAC3C,OAAO,KAAK,yBAAyBA,CAAY,CACnD,CAEA,kBAME,CASA,KAAM,CAAE,YAAAC,EAAa,cAAAC,EAAe,qBAAAC,CAAqB,EACvD,KAAK,oBAAoB,EAE3B,OAAOf,EAAM,CACX,MAAO,CACL,MAAO,CAAC,EACR,QAAS,CAAC,EACV,OAAQ,CAAC,CACX,EAEA,OAAQ,CACN,YAAaD,EAAYc,CAAW,EACpC,cAAed,EAAYe,CAAa,EACxC,qBAAsBf,EAAYgB,CAAoB,CACxD,EAEA,QAAS,CACP,qBAAsBL,EACpB,CAAC,CAAE,MAAAM,CAAM,IACPpB,EACE,IAAIQ,EACF,OAAQY,EAA8B,KAAK,CAC7C,CACF,CACJ,CACF,CACF,CAAC,EAAE,cAAc,CAGf,GAAI,sCACJ,QAAS,CAAC,CAAE,MAAAC,CAAM,KAAyB,CACzC,MAAAA,EACA,kBAAmB,CACjB,wBAAyBxB,EAAwB,IACnD,EACA,eAAgBI,EAAM,CACpB,IAAK,KACL,WAAY,KACZ,cAAe,IACjB,CAAC,CACH,GAEA,QAAS,cACT,OAAQ,CACN,YAAa,CACX,MAAOC,EAAO,CACZ,kBAAmB,CACjB,wBAAyBL,EAAwB,KACjD,KAAMQ,EAAmB,YAC3B,CACF,CAAC,EACD,GAAI,CAAE,QAAS,gBAAiB,MAAO,OAAQ,EAC/C,OAAQ,CACN,GAAI,cACJ,IAAK,cACL,MAAO,CAAC,CAAE,QAAAiB,CAAQ,IAAMA,EAAQ,MAChC,QAAS,CAAE,QAAS,sBAAuB,EAC3C,OAAQ,CACN,QAASR,EAAe,CAAC,CAAE,QAAAQ,EAAS,MAAAF,CAAM,IACxCA,EAAM,OACH,IAAI,CAAC,CAAE,IAAAG,CAAI,KAAO,CAAE,MAAO,UAAW,OAAQ,CAAE,IAAAA,CAAI,CAAE,EAAE,EACxD,QAASC,GACRA,aAAiBlB,GACjBkB,EAAM,SAAW,eACb,IAAIjB,EAAsBe,EAAQ,MAAM,YAAY,EACpDE,CACN,CACJ,CACF,CACF,CACF,EAEA,cAAe,CACb,MAAOtB,EAAO,CACZ,kBAAmB,CACjB,wBAAyBL,EAAwB,KACjD,KAAMQ,EAAmB,aAC3B,CACF,CAAC,EACD,GAAI,CAAE,QAAS,uBAAwB,MAAO,OAAQ,EACtD,OAAQ,CACN,GAAI,gBACJ,IAAK,gBACL,MAAO,CAAC,CAAE,QAAAiB,CAAQ,KAAO,CACvB,eAAgBA,EAAQ,MAAM,eAC9B,aAAcA,EAAQ,MAAM,aAC5B,IAAKA,EAAQ,eAAe,MAAM,CAAC,CAAE,IAAAC,CAAI,IACvCV,EAASU,EAAK,+BAA+B,CAC/C,CACF,GACA,QAAS,CAAE,QAAS,sBAAuB,EAC3C,OAAQ,CACN,QAAST,EAAe,CAAC,CAAE,MAAAM,CAAM,IAC/BA,EAAM,OAAO,IAAKK,IAAgB,CAChC,MAAO,UACP,OAAQ,CAAE,WAAAA,CAAW,CACvB,EAAE,CACJ,CACF,CACF,CACF,EAEA,qBAAsB,CACpB,MAAOvB,EAAO,CACZ,kBAAmB,CACjB,wBAAyBL,EAAwB,KACjD,KAAMQ,EAAmB,oBAC3B,CACF,CAAC,EACD,GAAI,CAAE,QAAS,UAAW,MAAO,OAAQ,EACzC,OAAQ,CACN,GAAI,uBACJ,IAAK,uBACL,MAAO,CAAC,CAAE,QAAAiB,CAAQ,KAAO,CACvB,cAAeA,EAAQ,MAAM,cAC7B,QAASA,EAAQ,MAAM,QACvB,OAAQA,EAAQ,eAAe,MAAM,CAAC,CAAE,WAAAG,CAAW,IACjDZ,EACEY,GAAY,aAAaH,EAAQ,MAAM,KAAK,EAAE,QAAQ,EACtD,qDACF,CACF,CACF,GACA,QAAS,CAAE,QAAS,sBAAuB,EAC3C,OAAQ,CACN,QAASR,EAAe,CAAC,CAAE,MAAAM,CAAM,IAC/BA,EAAM,OAAO,IAAKM,IAAmB,CACnC,MAAO,UACP,OAAQ,CAAE,cAAAA,CAAc,CAC1B,EAAE,CACJ,CACF,CACF,CACF,EAEA,QAAS,CAAE,KAAM,OAAQ,EAEzB,MAAO,CAAE,KAAM,OAAQ,CACzB,EAEA,OAAQ,CAAC,CAAE,QAAAJ,CAAQ,IACjBA,EAAQ,eAAe,MAAOK,GAC5Bf,EAAgB,CACd,aAAcU,EAAQ,MAAM,aAC5B,IAAK,IAAMT,EAASc,EAAM,IAAK,2BAA2B,EAC1D,gBAAiB,IACfd,EACEc,EAAM,YACF,aAAaL,EAAQ,MAAM,KAAK,EACjC,MAAOM,GAAWA,EAAO,QAAQ,CAAC,EAClC,QAAQ,EACX,wCACF,EACF,cAAe,IACbf,EACEc,EAAM,cACN,sCACF,CACJ,CAAC,CACH,CACJ,CAAC,CACH,CAEA,qBAAsB,CACpB,MAAME,EAAiB,IAAIpB,EACrBqB,EAA0B,IAAIpB,EAEpC,MAAO,CACL,YAAa,CAAC,CAAE,MAAAW,CAAM,IACpBQ,EAAe,IACbR,EAAM,eACN,IAAIV,EACFU,EAAM,cACNA,EAAM,QACNA,EAAM,YACR,CACF,EAEF,cAAe,CAAC,CACd,MAAAA,CACF,IAOEtB,EAAY,WAAWsB,EAAM,GAAG,EAC7B,MAAOE,GACNF,EAAM,eAAe,kBAAkBA,EAAM,aAAcE,CAAG,CAChE,EACC,IAAI,EAET,qBAAsB,MAAO,CAC3B,MAAAF,CACF,IAOEtB,EAAY,WAAWsB,EAAM,MAAM,EAAE,MAAOO,GAC1CE,EAAwB,IACtBT,EAAM,cACNA,EAAM,QACNO,CACF,CACF,CACJ,CACF,CACF",
+  "sourcesContent": ["import {\n  type DeviceActionStateMachine,\n  type ExecuteDeviceActionReturnType,\n  type StateMachineTypes,\n  UserInteractionRequired,\n  XStateDeviceAction,\n} from \"@ledgerhq/device-management-kit\";\nimport { type Either, EitherAsync, Left, Right } from \"purify-ts\";\nimport { assign, fromPromise, setup } from \"xstate\";\n\nimport {\n  type AuthenticateDAError,\n  type AuthenticateDAIntermediateValue,\n  type AuthenticateDAOutput,\n  AuthenticateDAStep,\n} from \"@api/app-binder/AuthenticateDeviceActionTypes\";\nimport {\n  LKRPDataSourceError,\n  LKRPUnauthorizedError,\n  LKRPUnknownError,\n} from \"@api/app-binder/Errors\";\nimport { type JWT, type Keypair } from \"@api/index\";\nimport { AuthenticateTask } from \"@internal/app-binder/task/AuthenticateTask\";\nimport { ExtractEncryptionKeyTask } from \"@internal/app-binder/task/ExtractEncryptionKeyTask\";\nimport { SignChallengeWithKeypairTask } from \"@internal/app-binder/task/SignChallengeWithKeypairTask\";\nimport { type LKRPDataSource } from \"@internal/lkrp-datasource/data/LKRPDataSource\";\nimport { eitherSeqRecord } from \"@internal/utils/eitherSeqRecord\";\nimport { type LKRPBlockStream } from \"@internal/utils/LKRPBlockStream\";\nimport { required } from \"@internal/utils/required\";\n\nimport {\n  type AuthenticateWithKeypairDAInput,\n  type AuthenticateWithKeypairDAInternalState,\n} from \"./models/AuthenticateWithKeypairDeviceActionTypes\";\nimport { raiseAndAssign } from \"./utils/raiseAndAssign\";\n\nexport class AuthenticateWithKeypairDeviceAction extends XStateDeviceAction<\n  AuthenticateDAOutput,\n  AuthenticateWithKeypairDAInput,\n  AuthenticateDAError,\n  AuthenticateDAIntermediateValue,\n  AuthenticateWithKeypairDAInternalState\n> {\n  execute(): ExecuteDeviceActionReturnType<\n    AuthenticateDAOutput,\n    AuthenticateDAError,\n    AuthenticateDAIntermediateValue\n  > {\n    const stateMachine = this.makeStateMachine();\n    return this._subscribeToStateMachine(stateMachine);\n  }\n\n  makeStateMachine(): DeviceActionStateMachine<\n    AuthenticateDAOutput,\n    AuthenticateWithKeypairDAInput,\n    AuthenticateDAError,\n    AuthenticateDAIntermediateValue,\n    AuthenticateWithKeypairDAInternalState\n  > {\n    type types = StateMachineTypes<\n      AuthenticateDAOutput,\n      AuthenticateWithKeypairDAInput,\n      AuthenticateDAError,\n      AuthenticateDAIntermediateValue,\n      AuthenticateWithKeypairDAInternalState\n    >;\n\n    const { keypairAuth, getTrustchain, extractEncryptionKey } =\n      this.extractDependencies();\n\n    return setup({\n      types: {\n        input: {} as types[\"input\"],\n        context: {} as types[\"context\"],\n        output: {} as types[\"output\"],\n      },\n\n      actors: {\n        keypairAuth: fromPromise(keypairAuth),\n        getTrustchain: fromPromise(getTrustchain),\n        extractEncryptionKey: fromPromise(extractEncryptionKey),\n      },\n\n      actions: {\n        assignErrorFromEvent: raiseAndAssign(\n          ({ event }) =>\n            Left(\n              new LKRPUnknownError(\n                String((event as { error?: unknown }).error),\n              ),\n            ), // NOTE: it should never happen, the error is not typed anymore here\n        ),\n      },\n    }).createMachine({\n      /** @xstate-layout N4IgpgJg5mDOIC5QEECuAXAFmAduglgMYCG6YA6vlgNJgCeADsfgE4AiYAbkWMoQQHscAOlqNmLNFgDEEIWGH4cnAQGsF68aymYA2gAYAuolAMBsKviEmQAD0QBGfQFZhADgDMAdgBMXh24AbG7Ozl4ePgA0IHSOnsI+PoEuzg4ALACcGT4BAL650Tq4BCRklDT0TKwc3IS8-FYiYlWSGJjSYCwsAizCDAA2pABmPQC2wpotOgbGSCBmFoI4NvYI2cLJbj4eAZnpgWlRMYhBwofByV6BHmke2V75hW3FRKQUVJjNEjU8fEuilQkOmksFQhDqsFgMxsC0s1jmqxubg2IT8XmcGQxaQcDkC0ViCA8+g8wgcXi89y8+jcGWCPjSjxARTwrzKHy+1S4vwaQgBWlaMk63RY0LmsKWK0QSJRzjRGKxOLxxwQgVxwkxGSJaWcHhuHmcDIKTOeLNK7wq-J+dT+jWEAHEwOgACosVCwdCETDMHCyeSKZRqBQwZ2u92e72i0zmOHLBGIA36YTeDG0hx+BzOQJHAm7YQuTVZfTorxpTJuRnMkpvcqfQGc2r1f4OkNuj1epQdLo9PqDdAjFjjYMu1vhpSR+bRiVxhA6kn6HEZ0vOfQXfEnLwJZI+fRpYLZLPaismqtsi0tK2N23N4dh9s+0HguBQowwyeNSUINz6RPhTXakJpG4JZroSO55jiSROIcRIZkeWAvGaNYcuwXLWjyIjXqGbbep2wrjuK77Tl+P53DczgAUBaQgZkrjYiEZLXJikFwdgprVuydYoQ2Nq8gAorY6AsMQ-C8TghAsIwSxiL6OAKEoKjqMI-GCcJ6CieJkmNGI+FvvCoCrE4TjCKEGSZNutKeJ4IFksiPhZIksqpIqO4sQh7Fnt8qGXnxAlCSJYkSQwUn0Lh3YDMMYxKb5qnqYFwV0DpiyEfpjjzg4CQGjStypG4pZeCBbjpcu35EkEu66rKrlsaetaWl5PEiMpflqQFmlCNJD4Qs+sxRklel2I4uoZBlATeHZma6iBWruEupnJtcgEPEalasuatXnvV6FRSp-kaUFWkhUKPSJTGH4OENI2eL4mLXB4U2ZuqkHBLiZH6s4+RGjgAgQHANgrYhHF1dx6Gvn1sYpQgAC0DggZDrhZAjiNIx4VUnmtyEXg1fJTG0oOndOaT5cqPghHmPiyjRHgHDuKPLceq1IZxmNbZhI53njU4Q4TrjomSVymdi5UgSTrghCEf5Zok6K0088HVejTObf8TUxa1+3tfQHPJQNax+O4Li5bKxJFtkwtfnmGS5Q4tLJpbYSowzgMbcD-wAMpgl1Wv9QZu6BEmo1UwcHiWdmUpgTTOS0vompkjLxpy2jjNA9yytdiwXvgzr+x+zsniB7cIfUaZGxkmSu7LoEXhfkt+RAA */\n\n      id: \"AuthenticateWithKeypairDeviceAction\",\n      context: ({ input }): types[\"context\"] => ({\n        input,\n        intermediateValue: {\n          requiredUserInteraction: UserInteractionRequired.None,\n        },\n        _internalState: Right({\n          jwt: null,\n          trustchain: null,\n          encryptionKey: null,\n        }),\n      }),\n\n      initial: \"KeypairAuth\",\n      states: {\n        KeypairAuth: {\n          entry: assign({\n            intermediateValue: {\n              requiredUserInteraction: UserInteractionRequired.None,\n              step: AuthenticateDAStep.Authenticate,\n            },\n          }),\n          on: { success: \"GetTrustchain\", error: \"Error\" },\n          invoke: {\n            id: \"keypairAuth\",\n            src: \"keypairAuth\",\n            input: ({ context }) => context.input,\n            onError: { actions: \"assignErrorFromEvent\" },\n            onDone: {\n              actions: raiseAndAssign(({ context, event }) =>\n                event.output\n                  .map(({ jwt }) => ({ raise: \"success\", assign: { jwt } }))\n                  .mapLeft((error) =>\n                    error instanceof LKRPDataSourceError &&\n                    error.status === \"UNAUTHORIZED\"\n                      ? new LKRPUnauthorizedError(context.input.trustchainId)\n                      : error,\n                  ),\n              ),\n            },\n          },\n        },\n\n        GetTrustchain: {\n          entry: assign({\n            intermediateValue: {\n              requiredUserInteraction: UserInteractionRequired.None,\n              step: AuthenticateDAStep.GetTrustchain,\n            },\n          }),\n          on: { success: \"ExtractEncryptionKey\", error: \"Error\" },\n          invoke: {\n            id: \"getTrustchain\",\n            src: \"getTrustchain\",\n            input: ({ context }) => ({\n              lkrpDataSource: context.input.lkrpDataSource,\n              trustchainId: context.input.trustchainId,\n              jwt: context._internalState.chain(({ jwt }) =>\n                required(jwt, \"Missing JWT for GetTrustchain\"),\n              ),\n            }),\n            onError: { actions: \"assignErrorFromEvent\" },\n            onDone: {\n              actions: raiseAndAssign(({ event }) =>\n                event.output.map((trustchain) => ({\n                  raise: \"success\",\n                  assign: { trustchain },\n                })),\n              ),\n            },\n          },\n        },\n\n        ExtractEncryptionKey: {\n          entry: assign({\n            intermediateValue: {\n              requiredUserInteraction: UserInteractionRequired.None,\n              step: AuthenticateDAStep.ExtractEncryptionKey,\n            },\n          }),\n          on: { success: \"Success\", error: \"Error\" },\n          invoke: {\n            id: \"ExtractEncryptionKey\",\n            src: \"extractEncryptionKey\",\n            input: ({ context }) => ({\n              keypair: context.input.keypair,\n              stream: context._internalState.chain(({ trustchain }) =>\n                required(\n                  trustchain?.getAppStream(context.input.appId).extract(),\n                  \"Missing application stream for ExtractEncryptionKey\",\n                ),\n              ),\n            }),\n            onError: { actions: \"assignErrorFromEvent\" },\n            onDone: {\n              actions: raiseAndAssign(({ event }) =>\n                event.output.map((encryptionKey) => ({\n                  raise: \"success\",\n                  assign: { encryptionKey },\n                })),\n              ),\n            },\n          },\n        },\n\n        Success: { type: \"final\" },\n\n        Error: { type: \"final\" },\n      },\n\n      output: ({ context }) =>\n        context._internalState.chain((state) =>\n          eitherSeqRecord({\n            trustchainId: context.input.trustchainId,\n            jwt: () => required(state.jwt, \"Missing JWT in the output\"),\n            applicationPath: () =>\n              required(\n                state.trustchain\n                  ?.getAppStream(context.input.appId)\n                  .chain((stream) => stream.getPath())\n                  .extract(),\n                \"Missing application path in the output\",\n              ),\n            encryptionKey: () =>\n              required(\n                state.encryptionKey,\n                \"Missing encryption key in the output\",\n              ),\n          }),\n        ),\n    });\n  }\n\n  extractDependencies() {\n    const authentication = new AuthenticateTask();\n    const encryptionKeyExtraction = new ExtractEncryptionKeyTask();\n\n    return {\n      keypairAuth: ({ input }: { input: AuthenticateWithKeypairDAInput }) =>\n        authentication.run(\n          input.lkrpDataSource,\n          new SignChallengeWithKeypairTask(input.keypair, input.trustchainId),\n        ),\n\n      getTrustchain: ({\n        input,\n      }: {\n        input: {\n          lkrpDataSource: LKRPDataSource;\n          trustchainId: string;\n          jwt: Either<AuthenticateDAError, JWT>;\n        };\n      }) =>\n        EitherAsync.liftEither(input.jwt)\n          .chain((jwt) =>\n            input.lkrpDataSource.getTrustchainById(input.trustchainId, jwt),\n          )\n          .run(),\n\n      extractEncryptionKey: async ({\n        input,\n      }: {\n        input: {\n          keypair: Keypair;\n          stream: Either<AuthenticateDAError, LKRPBlockStream>;\n        };\n      }) =>\n        EitherAsync.liftEither(input.stream).chain((stream) =>\n          encryptionKeyExtraction.run(input.keypair, stream),\n        ),\n    };\n  }\n}\n"],
+  "mappings": "AAAA,OAIE,2BAAAA,EACA,sBAAAC,MACK,kCACP,OAAsB,eAAAC,EAAa,QAAAC,EAAM,SAAAC,MAAa,YACtD,OAAS,UAAAC,EAAQ,eAAAC,EAAa,SAAAC,MAAa,SAE3C,OAIE,sBAAAC,MACK,gDACP,OACE,uBAAAC,EACA,yBAAAC,EACA,oBAAAC,MACK,yBAEP,OAAS,oBAAAC,MAAwB,6CACjC,OAAS,4BAAAC,MAAgC,qDACzC,OAAS,gCAAAC,MAAoC,yDAE7C,OAAS,mBAAAC,MAAuB,kCAEhC,OAAS,YAAAC,MAAgB,2BAMzB,OAAS,kBAAAC,MAAsB,yBAExB,MAAMC,UAA4CjB,CAMvD,CACA,SAIE,CACA,MAAMkB,EAAe,KAAK,iBAAiB,EAC3C,OAAO,KAAK,yBAAyBA,CAAY,CACnD,CAEA,kBAME,CASA,KAAM,CAAE,YAAAC,EAAa,cAAAC,EAAe,qBAAAC,CAAqB,EACvD,KAAK,oBAAoB,EAE3B,OAAOf,EAAM,CACX,MAAO,CACL,MAAO,CAAC,EACR,QAAS,CAAC,EACV,OAAQ,CAAC,CACX,EAEA,OAAQ,CACN,YAAaD,EAAYc,CAAW,EACpC,cAAed,EAAYe,CAAa,EACxC,qBAAsBf,EAAYgB,CAAoB,CACxD,EAEA,QAAS,CACP,qBAAsBL,EACpB,CAAC,CAAE,MAAAM,CAAM,IACPpB,EACE,IAAIQ,EACF,OAAQY,EAA8B,KAAK,CAC7C,CACF,CACJ,CACF,CACF,CAAC,EAAE,cAAc,CAGf,GAAI,sCACJ,QAAS,CAAC,CAAE,MAAAC,CAAM,KAAyB,CACzC,MAAAA,EACA,kBAAmB,CACjB,wBAAyBxB,EAAwB,IACnD,EACA,eAAgBI,EAAM,CACpB,IAAK,KACL,WAAY,KACZ,cAAe,IACjB,CAAC,CACH,GAEA,QAAS,cACT,OAAQ,CACN,YAAa,CACX,MAAOC,EAAO,CACZ,kBAAmB,CACjB,wBAAyBL,EAAwB,KACjD,KAAMQ,EAAmB,YAC3B,CACF,CAAC,EACD,GAAI,CAAE,QAAS,gBAAiB,MAAO,OAAQ,EAC/C,OAAQ,CACN,GAAI,cACJ,IAAK,cACL,MAAO,CAAC,CAAE,QAAAiB,CAAQ,IAAMA,EAAQ,MAChC,QAAS,CAAE,QAAS,sBAAuB,EAC3C,OAAQ,CACN,QAASR,EAAe,CAAC,CAAE,QAAAQ,EAAS,MAAAF,CAAM,IACxCA,EAAM,OACH,IAAI,CAAC,CAAE,IAAAG,CAAI,KAAO,CAAE,MAAO,UAAW,OAAQ,CAAE,IAAAA,CAAI,CAAE,EAAE,EACxD,QAASC,GACRA,aAAiBlB,GACjBkB,EAAM,SAAW,eACb,IAAIjB,EAAsBe,EAAQ,MAAM,YAAY,EACpDE,CACN,CACJ,CACF,CACF,CACF,EAEA,cAAe,CACb,MAAOtB,EAAO,CACZ,kBAAmB,CACjB,wBAAyBL,EAAwB,KACjD,KAAMQ,EAAmB,aAC3B,CACF,CAAC,EACD,GAAI,CAAE,QAAS,uBAAwB,MAAO,OAAQ,EACtD,OAAQ,CACN,GAAI,gBACJ,IAAK,gBACL,MAAO,CAAC,CAAE,QAAAiB,CAAQ,KAAO,CACvB,eAAgBA,EAAQ,MAAM,eAC9B,aAAcA,EAAQ,MAAM,aAC5B,IAAKA,EAAQ,eAAe,MAAM,CAAC,CAAE,IAAAC,CAAI,IACvCV,EAASU,EAAK,+BAA+B,CAC/C,CACF,GACA,QAAS,CAAE,QAAS,sBAAuB,EAC3C,OAAQ,CACN,QAAST,EAAe,CAAC,CAAE,MAAAM,CAAM,IAC/BA,EAAM,OAAO,IAAKK,IAAgB,CAChC,MAAO,UACP,OAAQ,CAAE,WAAAA,CAAW,CACvB,EAAE,CACJ,CACF,CACF,CACF,EAEA,qBAAsB,CACpB,MAAOvB,EAAO,CACZ,kBAAmB,CACjB,wBAAyBL,EAAwB,KACjD,KAAMQ,EAAmB,oBAC3B,CACF,CAAC,EACD,GAAI,CAAE,QAAS,UAAW,MAAO,OAAQ,EACzC,OAAQ,CACN,GAAI,uBACJ,IAAK,uBACL,MAAO,CAAC,CAAE,QAAAiB,CAAQ,KAAO,CACvB,QAASA,EAAQ,MAAM,QACvB,OAAQA,EAAQ,eAAe,MAAM,CAAC,CAAE,WAAAG,CAAW,IACjDZ,EACEY,GAAY,aAAaH,EAAQ,MAAM,KAAK,EAAE,QAAQ,EACtD,qDACF,CACF,CACF,GACA,QAAS,CAAE,QAAS,sBAAuB,EAC3C,OAAQ,CACN,QAASR,EAAe,CAAC,CAAE,MAAAM,CAAM,IAC/BA,EAAM,OAAO,IAAKM,IAAmB,CACnC,MAAO,UACP,OAAQ,CAAE,cAAAA,CAAc,CAC1B,EAAE,CACJ,CACF,CACF,CACF,EAEA,QAAS,CAAE,KAAM,OAAQ,EAEzB,MAAO,CAAE,KAAM,OAAQ,CACzB,EAEA,OAAQ,CAAC,CAAE,QAAAJ,CAAQ,IACjBA,EAAQ,eAAe,MAAOK,GAC5Bf,EAAgB,CACd,aAAcU,EAAQ,MAAM,aAC5B,IAAK,IAAMT,EAASc,EAAM,IAAK,2BAA2B,EAC1D,gBAAiB,IACfd,EACEc,EAAM,YACF,aAAaL,EAAQ,MAAM,KAAK,EACjC,MAAOM,GAAWA,EAAO,QAAQ,CAAC,EAClC,QAAQ,EACX,wCACF,EACF,cAAe,IACbf,EACEc,EAAM,cACN,sCACF,CACJ,CAAC,CACH,CACJ,CAAC,CACH,CAEA,qBAAsB,CACpB,MAAME,EAAiB,IAAIpB,EACrBqB,EAA0B,IAAIpB,EAEpC,MAAO,CACL,YAAa,CAAC,CAAE,MAAAW,CAAM,IACpBQ,EAAe,IACbR,EAAM,eACN,IAAIV,EAA6BU,EAAM,QAASA,EAAM,YAAY,CACpE,EAEF,cAAe,CAAC,CACd,MAAAA,CACF,IAOEtB,EAAY,WAAWsB,EAAM,GAAG,EAC7B,MAAOE,GACNF,EAAM,eAAe,kBAAkBA,EAAM,aAAcE,CAAG,CAChE,EACC,IAAI,EAET,qBAAsB,MAAO,CAC3B,MAAAF,CACF,IAMEtB,EAAY,WAAWsB,EAAM,MAAM,EAAE,MAAOO,GAC1CE,EAAwB,IAAIT,EAAM,QAASO,CAAM,CACnD,CACJ,CACF,CACF",
   "names": ["UserInteractionRequired", "XStateDeviceAction", "EitherAsync", "Left", "Right", "assign", "fromPromise", "setup", "AuthenticateDAStep", "LKRPDataSourceError", "LKRPUnauthorizedError", "LKRPUnknownError", "AuthenticateTask", "ExtractEncryptionKeyTask", "SignChallengeWithKeypairTask", "eitherSeqRecord", "required", "raiseAndAssign", "AuthenticateWithKeypairDeviceAction", "stateMachine", "keypairAuth", "getTrustchain", "extractEncryptionKey", "event", "input", "context", "jwt", "error", "trustchain", "encryptionKey", "state", "stream", "authentication", "encryptionKeyExtraction"]
 }

package/lib/esm/internal/app-binder/task/ExtractEncryptionKeyTask.js

@@ -1,2 +1,2 @@
-import{LKRPUnknownError as i}from"../../../api/model/Errors";class n{async run(r,e,t){return(await t.getPublishedKey(r,e)).map(o=>o.privateKey).toEither(new i("There is no encryption key for the current member in the application stream."))}}export{n as ExtractEncryptionKeyTask};
+import{LKRPUnknownError as o}from"../../../api/app-binder/Errors";class i{async run(r,e){return Promise.resolve(e.getPublishedKey(r).map(t=>t.privateKey).toEither(new o("There is no encryption key for the current member in the application stream.")))}}export{i as ExtractEncryptionKeyTask};
 //# sourceMappingURL=ExtractEncryptionKeyTask.js.map

package/lib/esm/internal/app-binder/task/ExtractEncryptionKeyTask.js.map

@@ -1,7 +1,7 @@
 {
   "version": 3,
   "sources": ["../../../../../src/internal/app-binder/task/ExtractEncryptionKeyTask.ts"],
-  "sourcesContent": ["import { type CryptoService } from \"@api/crypto/CryptoService\";\nimport { type KeyPair } from \"@api/crypto/KeyPair\";\nimport { LKRPUnknownError } from \"@api/model/Errors\";\nimport { type LKRPBlockStream } from \"@internal/utils/LKRPBlockStream\";\n\nexport class ExtractEncryptionKeyTask {\n  async run(\n    cryptoService: CryptoService,\n    keypair: KeyPair,\n    stream: LKRPBlockStream,\n  ) {\n    // TODO additional derivations should be supported:\n    // https://github.com/LedgerHQ/ledger-live/blob/develop/libs/hw-ledger-key-ring-protocol/src/Device.ts#L216...L226\n    // Probably not needed for Ledger Sync\n    return (await stream.getPublishedKey(cryptoService, keypair))\n      .map((key) => key.privateKey)\n      .toEither(\n        new LKRPUnknownError(\n          \"There is no encryption key for the current member in the application stream.\",\n        ),\n      );\n  }\n}\n"],
-  "mappings": "AAEA,OAAS,oBAAAA,MAAwB,oBAG1B,MAAMC,CAAyB,CACpC,MAAM,IACJC,EACAC,EACAC,EACA,CAIA,OAAQ,MAAMA,EAAO,gBAAgBF,EAAeC,CAAO,GACxD,IAAKE,GAAQA,EAAI,UAAU,EAC3B,SACC,IAAIL,EACF,8EACF,CACF,CACJ,CACF",
-  "names": ["LKRPUnknownError", "ExtractEncryptionKeyTask", "cryptoService", "keypair", "stream", "key"]
+  "sourcesContent": ["import { LKRPUnknownError } from \"@api/app-binder/Errors\";\nimport { type Keypair } from \"@api/index\";\nimport { type LKRPBlockStream } from \"@internal/utils/LKRPBlockStream\";\n\nexport type ExtractEncryptionKeyTaskInput = {\n  applicationStream: LKRPBlockStream;\n  keypair: Keypair;\n};\n\nexport class ExtractEncryptionKeyTask {\n  async run(keypair: Keypair, stream: LKRPBlockStream) {\n    // TODO additional derivations should be supported:\n    // https://github.com/LedgerHQ/ledger-live/blob/develop/libs/hw-ledger-key-ring-protocol/src/Device.ts#L216...L226\n    // Probably not needed for Ledger Sync\n    return Promise.resolve(\n      stream\n        .getPublishedKey(keypair)\n        .map((key) => key.privateKey)\n        .toEither(\n          new LKRPUnknownError(\n            \"There is no encryption key for the current member in the application stream.\",\n          ),\n        ),\n    );\n  }\n}\n"],
+  "mappings": "AAAA,OAAS,oBAAAA,MAAwB,yBAS1B,MAAMC,CAAyB,CACpC,MAAM,IAAIC,EAAkBC,EAAyB,CAInD,OAAO,QAAQ,QACbA,EACG,gBAAgBD,CAAO,EACvB,IAAKE,GAAQA,EAAI,UAAU,EAC3B,SACC,IAAIJ,EACF,8EACF,CACF,CACJ,CACF,CACF",
+  "names": ["LKRPUnknownError", "ExtractEncryptionKeyTask", "keypair", "stream", "key"]
 }

package/lib/esm/internal/app-binder/task/InitTask.js

@@ -1,2 +1,2 @@
-import{CommandResultStatus as t}from"@ledgerhq/device-management-kit";import{Left as i,Right as o}from"purify-ts";import{Curve as a}from"../../../api/crypto/CryptoService";import{InitCommand as p}from"../../app-binder/command/InitCommand";class u{constructor(r,e){this.api=r;this.cryptoService=e}async run(){const r=await this.cryptoService.createKeyPair(a.K256),e=await this.api.sendCommand(new p({publicKey:r.getPublicKey()}));return e.status!==t.Success?i(e.error):o(r)}}export{u as InitTask};
+import{CommandResultStatus as e}from"@ledgerhq/device-management-kit";import{Left as o,Right as i}from"purify-ts";import{InitCommand as a}from"../../app-binder/command/InitCommand";import{CryptoUtils as m}from"../../utils/crypto";class u{constructor(r){this.api=r}async run(){const r=m.randomKeypair(),t=await this.api.sendCommand(new a({publicKey:r.pubKeyToU8a()}));return t.status!==e.Success?o(t.error):i(r)}}export{u as InitTask};
 //# sourceMappingURL=InitTask.js.map

package/lib/esm/internal/app-binder/task/InitTask.js.map

@@ -1,7 +1,7 @@
 {
   "version": 3,
   "sources": ["../../../../../src/internal/app-binder/task/InitTask.ts"],
-  "sourcesContent": ["import {\n  CommandResultStatus,\n  type InternalApi,\n} from \"@ledgerhq/device-management-kit\";\nimport { type Either, Left, Right } from \"purify-ts\";\n\nimport { type CryptoService, Curve } from \"@api/crypto/CryptoService\";\nimport { type KeyPair } from \"@api/crypto/KeyPair\";\nimport { InitCommand } from \"@internal/app-binder/command/InitCommand\";\nimport { type LKRPDeviceCommandError } from \"@internal/app-binder/command/utils/ledgerKeyringProtocolErrors\";\n\nexport class InitTask {\n  constructor(\n    private readonly api: InternalApi,\n    private readonly cryptoService: CryptoService,\n  ) {}\n\n  async run(): Promise<Either<LKRPDeviceCommandError, KeyPair>> {\n    const sessionKeypair = await this.cryptoService.createKeyPair(Curve.K256);\n    const response = await this.api.sendCommand(\n      new InitCommand({ publicKey: sessionKeypair.getPublicKey() }),\n    );\n\n    return response.status !== CommandResultStatus.Success\n      ? Left(response.error)\n      : Right(sessionKeypair);\n  }\n}\n"],
-  "mappings": "AAAA,OACE,uBAAAA,MAEK,kCACP,OAAsB,QAAAC,EAAM,SAAAC,MAAa,YAEzC,OAA6B,SAAAC,MAAa,4BAE1C,OAAS,eAAAC,MAAmB,2CAGrB,MAAMC,CAAS,CACpB,YACmBC,EACAC,EACjB,CAFiB,SAAAD,EACA,mBAAAC,CAChB,CAEH,MAAM,KAAwD,CAC5D,MAAMC,EAAiB,MAAM,KAAK,cAAc,cAAcL,EAAM,IAAI,EAClEM,EAAW,MAAM,KAAK,IAAI,YAC9B,IAAIL,EAAY,CAAE,UAAWI,EAAe,aAAa,CAAE,CAAC,CAC9D,EAEA,OAAOC,EAAS,SAAWT,EAAoB,QAC3CC,EAAKQ,EAAS,KAAK,EACnBP,EAAMM,CAAc,CAC1B,CACF",
-  "names": ["CommandResultStatus", "Left", "Right", "Curve", "InitCommand", "InitTask", "api", "cryptoService", "sessionKeypair", "response"]
+  "sourcesContent": ["import {\n  CommandResultStatus,\n  type InternalApi,\n} from \"@ledgerhq/device-management-kit\";\nimport { type Either, Left, Right } from \"purify-ts\";\n\nimport { type Keypair } from \"@api/index\";\nimport { InitCommand } from \"@internal/app-binder/command/InitCommand\";\nimport { type LKRPDeviceCommandError } from \"@internal/app-binder/command/utils/ledgerKeyringProtocolErrors\";\nimport { CryptoUtils } from \"@internal/utils/crypto\";\n\nexport class InitTask {\n  constructor(private readonly api: InternalApi) {}\n\n  async run(): Promise<Either<LKRPDeviceCommandError, Keypair>> {\n    const sessionKeypair = CryptoUtils.randomKeypair();\n    const response = await this.api.sendCommand(\n      new InitCommand({ publicKey: sessionKeypair.pubKeyToU8a() }),\n    );\n\n    return response.status !== CommandResultStatus.Success\n      ? Left(response.error)\n      : Right(sessionKeypair);\n  }\n}\n"],
+  "mappings": "AAAA,OACE,uBAAAA,MAEK,kCACP,OAAsB,QAAAC,EAAM,SAAAC,MAAa,YAGzC,OAAS,eAAAC,MAAmB,2CAE5B,OAAS,eAAAC,MAAmB,yBAErB,MAAMC,CAAS,CACpB,YAA6BC,EAAkB,CAAlB,SAAAA,CAAmB,CAEhD,MAAM,KAAwD,CAC5D,MAAMC,EAAiBH,EAAY,cAAc,EAC3CI,EAAW,MAAM,KAAK,IAAI,YAC9B,IAAIL,EAAY,CAAE,UAAWI,EAAe,YAAY,CAAE,CAAC,CAC7D,EAEA,OAAOC,EAAS,SAAWR,EAAoB,QAC3CC,EAAKO,EAAS,KAAK,EACnBN,EAAMK,CAAc,CAC1B,CACF",
+  "names": ["CommandResultStatus", "Left", "Right", "InitCommand", "CryptoUtils", "InitTask", "api", "sessionKeypair", "response"]
 }

package/lib/esm/internal/app-binder/task/ParseStreamToDeviceTask.js

@@ -1,2 +1,2 @@
-import{bufferToHexaString as u,CommandResultStatus as i}from"@ledgerhq/device-management-kit";import{EitherAsync as o,Left as s,Right as n}from"purify-ts";import{LKRPUnknownError as m}from"../../../api/model/Errors";import{ParseBlockSignatureCommand as c}from"../../app-binder/command/ParseBlockSignatureCommand";import{ParseSingleCommand as d}from"../../app-binder/command/ParseStreamBlockCommand";import{ParseBlockHeaderCommand as p}from"../../app-binder/command/ParseStreamBlockHeader";import{SetTrustedMemberCommand as P}from"../../app-binder/command/SetTrustedMemberCommand";import{eitherSeqRecord as f}from"../../utils/eitherSeqRecord";import{TrustedProperties as h}from"./utils/TrustedProperties";class K{constructor(t){this.api=t}lastTrustedMember=null;trustedMembers=new Map;run({seedBlock:t,applicationStream:r}){return this.parseBlock(t).chain(()=>r?this.parseStream(r):o.liftEither(n(void 0)))}parseStream(t){return o.liftEither(t.parse()).chain(r=>o.sequence(r.map(e=>this.parseBlock(e))))}parseBlock(t){return o.liftEither(t.parse()).chain(r=>this.setTrustedMember(u(r.issuer,!1)).map(()=>r)).chain(async r=>{try{const e=await this.api.sendCommand(new p(r));if(e.status!==i.Success)return s(e.error)}catch(e){return s(new m(String(e)))}return n(r)}).chain(r=>o.sequence(r.commands.map(e=>this.parseCommand(e,u(r.issuer,!1)))).map(()=>r)).chain(async r=>{try{const e=await this.api.sendCommand(new c(r));if(e.status!==i.Success)return s(e.error)}catch(e){return s(new m(String(e)))}return n(void 0)})}parseCommand(t,r){const e=t.getPublicKey().orDefault(r);return this.setTrustedMember(e).chain(async()=>{try{const a=await this.api.sendCommand(new d({command:t.toU8A()}));return a.status!==i.Success?s(a.error):this.recordTrustedMembers(e,a.data)}catch(a){return s(new m(String(a)))}})}setTrustedMember(t){return o.fromPromise(async()=>{if(t===this.lastTrustedMember)return n(void 0);const r=this.trustedMembers.get(t);if(!r)return n(void 0);try{const e=await this.api.sendCommand(new P(r));if(e.status!==i.Success)return s(e.error)}catch(e){return s(new m(String(e)))}return n(void 0)})}recordTrustedMembers(t,r){if(this.lastTrustedMember=t,r.length===0||this.trustedMembers.has(t))return n(void 0);const e=new h(r);return f({iv:()=>e.getIv(),memberTlv:()=>e.getNewMember()}).ifRight(a=>this.trustedMembers.set(t,a))}}export{K as ParseStreamToDeviceTask};
+import{CommandResultStatus as i}from"@ledgerhq/device-management-kit";import{EitherAsync as o,Left as s,Right as n}from"purify-ts";import{LKRPUnknownError as m}from"../../../api/app-binder/Errors";import{ParseBlockSignatureCommand as c}from"../../app-binder/command/ParseBlockSignatureCommand";import{ParseSingleCommand as d}from"../../app-binder/command/ParseStreamBlockCommand";import{ParseBlockHeaderCommand as p}from"../../app-binder/command/ParseStreamBlockHeader";import{SetTrustedMemberCommand as P}from"../../app-binder/command/SetTrustedMemberCommand";import{eitherSeqRecord as h}from"../../utils/eitherSeqRecord";import{bytesToHex as u}from"../../utils/hex";import{TrustedProperties as f}from"./utils/TrustedProperties";class M{constructor(t){this.api=t}lastTrustedMember=null;trustedMembers=new Map;run({seedBlock:t,applicationStream:r}){return this.parseBlock(t).chain(()=>r?this.parseStream(r):o.liftEither(n(void 0)))}parseStream(t){return o.liftEither(t.parse()).chain(r=>o.sequence(r.map(e=>this.parseBlock(e))))}parseBlock(t){return o.liftEither(t.parse()).chain(r=>this.setTrustedMember(u(r.issuer)).map(()=>r)).chain(async r=>{try{const e=await this.api.sendCommand(new p(r));if(e.status!==i.Success)return s(e.error)}catch(e){return s(new m(String(e)))}return n(r)}).chain(r=>o.sequence(r.commands.map(e=>this.parseCommand(e,u(r.issuer)))).map(()=>r)).chain(async r=>{try{const e=await this.api.sendCommand(new c(r));if(e.status!==i.Success)return s(e.error)}catch(e){return s(new m(String(e)))}return n(void 0)})}parseCommand(t,r){const e=t.getPublicKey().orDefault(r);return this.setTrustedMember(e).chain(async()=>{try{const a=await this.api.sendCommand(new d({command:t.toU8A()}));return a.status!==i.Success?s(a.error):this.recordTrustedMembers(e,a.data)}catch(a){return s(new m(String(a)))}})}setTrustedMember(t){return o.fromPromise(async()=>{if(t===this.lastTrustedMember)return n(void 0);const r=this.trustedMembers.get(t);if(!r)return n(void 0);try{const e=await this.api.sendCommand(new P(r));if(e.status!==i.Success)return s(e.error)}catch(e){return s(new m(String(e)))}return n(void 0)})}recordTrustedMembers(t,r){if(this.lastTrustedMember=t,r.length===0||this.trustedMembers.has(t))return n(void 0);const e=new f(r);return h({iv:()=>e.getIv(),memberTlv:()=>e.getNewMember()}).ifRight(a=>this.trustedMembers.set(t,a))}}export{M as ParseStreamToDeviceTask};
 //# sourceMappingURL=ParseStreamToDeviceTask.js.map

package/lib/esm/internal/app-binder/task/ParseStreamToDeviceTask.js.map

@@ -1,7 +1,7 @@
 {
   "version": 3,
   "sources": ["../../../../../src/internal/app-binder/task/ParseStreamToDeviceTask.ts"],
-  "sourcesContent": ["import {\n  bufferToHexaString,\n  CommandResultStatus,\n  type InternalApi,\n} from \"@ledgerhq/device-management-kit\";\nimport { type Either, EitherAsync, Left, Right } from \"purify-ts\";\n\nimport {\n  type LKRPMissingDataError,\n  type LKRPParsingError,\n  LKRPUnknownError,\n} from \"@api/model/Errors\";\nimport { ParseBlockSignatureCommand } from \"@internal/app-binder/command/ParseBlockSignatureCommand\";\nimport { ParseSingleCommand } from \"@internal/app-binder/command/ParseStreamBlockCommand\";\nimport { ParseBlockHeaderCommand } from \"@internal/app-binder/command/ParseStreamBlockHeader\";\nimport {\n  SetTrustedMemberCommand,\n  type SetTrustedMemberCommandArgs,\n} from \"@internal/app-binder/command/SetTrustedMemberCommand\";\nimport { type LKRPDeviceCommandError } from \"@internal/app-binder/command/utils/ledgerKeyringProtocolErrors\";\nimport { type LKRPBlockParsedData } from \"@internal/models/LKRPBlockTypes\";\nimport { eitherSeqRecord } from \"@internal/utils/eitherSeqRecord\";\nimport { type LKRPBlock } from \"@internal/utils/LKRPBlock\";\nimport { type LKRPBlockStream } from \"@internal/utils/LKRPBlockStream\";\nimport { type LKRPCommand } from \"@internal/utils/LKRPCommand\";\n\nimport { TrustedProperties } from \"./utils/TrustedProperties\";\n\nexport type ParseStreamToDeviceTaskInput = {\n  seedBlock: LKRPBlock; // The seed block is mandatory for now because the trustchain creation / parse empty stream are not yet implemented\n  applicationStream: LKRPBlockStream | null;\n};\n\ntype ParseStreamTaskError =\n  | LKRPDeviceCommandError\n  | LKRPParsingError\n  | LKRPMissingDataError\n  | LKRPUnknownError;\n\nexport class ParseStreamToDeviceTask {\n  private lastTrustedMember: string | null = null;\n  private trustedMembers = new Map<string, SetTrustedMemberCommandArgs>();\n\n  constructor(private readonly api: InternalApi) {}\n\n  run({ seedBlock, applicationStream }: ParseStreamToDeviceTaskInput) {\n    return this.parseBlock(seedBlock).chain<ParseStreamTaskError, unknown>(\n      () =>\n        applicationStream\n          ? this.parseStream(applicationStream)\n          : EitherAsync.liftEither(Right(undefined)),\n    );\n  }\n\n  parseStream(stream: LKRPBlockStream) {\n    return EitherAsync.liftEither(stream.parse()).chain<\n      ParseStreamTaskError,\n      unknown\n    >((blocks) =>\n      EitherAsync.sequence(blocks.map((block) => this.parseBlock(block))),\n    );\n  }\n\n  parseBlock(block: LKRPBlock) {\n    return (\n      EitherAsync.liftEither(block.parse())\n\n        .chain<ParseStreamTaskError, LKRPBlockParsedData>((data) =>\n          this.setTrustedMember(bufferToHexaString(data.issuer, false)).map(\n            () => data,\n          ),\n        )\n\n        // Parse the block header\n        .chain<ParseStreamTaskError, LKRPBlockParsedData>(async (data) => {\n          try {\n            const response = await this.api.sendCommand(\n              new ParseBlockHeaderCommand(data),\n            );\n            if (response.status !== CommandResultStatus.Success) {\n              return Left(response.error);\n            }\n          } catch (error) {\n            return Left(new LKRPUnknownError(String(error)));\n          }\n          return Right(data);\n        })\n\n        // Parse each command\n        .chain<ParseStreamTaskError, LKRPBlockParsedData>((data) =>\n          EitherAsync.sequence(\n            data.commands.map((command) =>\n              this.parseCommand(\n                command,\n                bufferToHexaString(data.issuer, false),\n              ),\n            ),\n          ).map(() => data),\n        )\n\n        // Parse the block signature\n        .chain<ParseStreamTaskError, void>(async (data) => {\n          try {\n            const response = await this.api.sendCommand(\n              new ParseBlockSignatureCommand(data),\n            );\n            if (response.status !== CommandResultStatus.Success) {\n              return Left(response.error);\n            }\n          } catch (error) {\n            return Left(new LKRPUnknownError(String(error)));\n          }\n          return Right(undefined);\n        })\n    );\n  }\n\n  parseCommand(command: LKRPCommand, blockIssuer: string) {\n    const publicKey = command.getPublicKey().orDefault(blockIssuer);\n\n    // Parse the command\n    return this.setTrustedMember(publicKey).chain<\n      ParseStreamTaskError,\n      unknown\n    >(async () => {\n      try {\n        const response = await this.api.sendCommand(\n          new ParseSingleCommand({ command: command.toU8A() }),\n        );\n        if (response.status !== CommandResultStatus.Success) {\n          return Left(response.error);\n        }\n        return this.recordTrustedMembers(publicKey, response.data);\n      } catch (error) {\n        return Left(new LKRPUnknownError(String(error)));\n      }\n    });\n  }\n\n  setTrustedMember(publicKey: string) {\n    // NOTE: Set Trusted Member only when needed\n    // i.e: when this command wasn't signed by the device (see recordTrustedMembers NOTE) nor the last trusted member\n    return EitherAsync.fromPromise<ParseStreamTaskError, void>(async () => {\n      if (publicKey === this.lastTrustedMember) {\n        return Right(undefined);\n      }\n      const trustedMember = this.trustedMembers.get(publicKey);\n      if (!trustedMember) {\n        return Right(undefined);\n      }\n      try {\n        const response = await this.api.sendCommand(\n          new SetTrustedMemberCommand(trustedMember),\n        );\n        if (response.status !== CommandResultStatus.Success) {\n          return Left(response.error);\n        }\n      } catch (error) {\n        return Left(new LKRPUnknownError(String(error)));\n      }\n      return Right(undefined);\n    });\n  }\n\n  recordTrustedMembers(\n    publicKey: string,\n    trustedPropsBytes: Uint8Array,\n  ): Either<LKRPParsingError | LKRPMissingDataError, unknown> {\n    this.lastTrustedMember = publicKey;\n\n    // NOTE: Whenever a command which was signed by the device is parsed on the same device\n    // the parse block apdu returns empty trusted properties.\n    // Therefore this function will never record the device as a trusted member.\n    // (which is fine because the device doesn't need to set itself as a trusted member).\n    if (trustedPropsBytes.length === 0 || this.trustedMembers.has(publicKey)) {\n      return Right(undefined);\n    }\n\n    const trustedProps = new TrustedProperties(trustedPropsBytes);\n    return eitherSeqRecord({\n      iv: () => trustedProps.getIv(),\n      memberTlv: () => trustedProps.getNewMember(),\n    }).ifRight((trustedMember) =>\n      this.trustedMembers.set(publicKey, trustedMember),\n    );\n  }\n}\n"],
-  "mappings": "AAAA,OACE,sBAAAA,EACA,uBAAAC,MAEK,kCACP,OAAsB,eAAAC,EAAa,QAAAC,EAAM,SAAAC,MAAa,YAEtD,OAGE,oBAAAC,MACK,oBACP,OAAS,8BAAAC,MAAkC,0DAC3C,OAAS,sBAAAC,MAA0B,uDACnC,OAAS,2BAAAC,MAA+B,sDACxC,OACE,2BAAAC,MAEK,uDAGP,OAAS,mBAAAC,MAAuB,kCAKhC,OAAS,qBAAAC,MAAyB,4BAa3B,MAAMC,CAAwB,CAInC,YAA6BC,EAAkB,CAAlB,SAAAA,CAAmB,CAHxC,kBAAmC,KACnC,eAAiB,IAAI,IAI7B,IAAI,CAAE,UAAAC,EAAW,kBAAAC,CAAkB,EAAiC,CAClE,OAAO,KAAK,WAAWD,CAAS,EAAE,MAChC,IACEC,EACI,KAAK,YAAYA,CAAiB,EAClCb,EAAY,WAAWE,EAAM,MAAS,CAAC,CAC/C,CACF,CAEA,YAAYY,EAAyB,CACnC,OAAOd,EAAY,WAAWc,EAAO,MAAM,CAAC,EAAE,MAG3CC,GACDf,EAAY,SAASe,EAAO,IAAKC,GAAU,KAAK,WAAWA,CAAK,CAAC,CAAC,CACpE,CACF,CAEA,WAAWA,EAAkB,CAC3B,OACEhB,EAAY,WAAWgB,EAAM,MAAM,CAAC,EAEjC,MAAkDC,GACjD,KAAK,iBAAiBnB,EAAmBmB,EAAK,OAAQ,EAAK,CAAC,EAAE,IAC5D,IAAMA,CACR,CACF,EAGC,MAAiD,MAAOA,GAAS,CAChE,GAAI,CACF,MAAMC,EAAW,MAAM,KAAK,IAAI,YAC9B,IAAIZ,EAAwBW,CAAI,CAClC,EACA,GAAIC,EAAS,SAAWnB,EAAoB,QAC1C,OAAOE,EAAKiB,EAAS,KAAK,CAE9B,OAASC,EAAO,CACd,OAAOlB,EAAK,IAAIE,EAAiB,OAAOgB,CAAK,CAAC,CAAC,CACjD,CACA,OAAOjB,EAAMe,CAAI,CACnB,CAAC,EAGA,MAAkDA,GACjDjB,EAAY,SACViB,EAAK,SAAS,IAAKG,GACjB,KAAK,aACHA,EACAtB,EAAmBmB,EAAK,OAAQ,EAAK,CACvC,CACF,CACF,EAAE,IAAI,IAAMA,CAAI,CAClB,EAGC,MAAkC,MAAOA,GAAS,CACjD,GAAI,CACF,MAAMC,EAAW,MAAM,KAAK,IAAI,YAC9B,IAAId,EAA2Ba,CAAI,CACrC,EACA,GAAIC,EAAS,SAAWnB,EAAoB,QAC1C,OAAOE,EAAKiB,EAAS,KAAK,CAE9B,OAASC,EAAO,CACd,OAAOlB,EAAK,IAAIE,EAAiB,OAAOgB,CAAK,CAAC,CAAC,CACjD,CACA,OAAOjB,EAAM,MAAS,CACxB,CAAC,CAEP,CAEA,aAAakB,EAAsBC,EAAqB,CACtD,MAAMC,EAAYF,EAAQ,aAAa,EAAE,UAAUC,CAAW,EAG9D,OAAO,KAAK,iBAAiBC,CAAS,EAAE,MAGtC,SAAY,CACZ,GAAI,CACF,MAAMJ,EAAW,MAAM,KAAK,IAAI,YAC9B,IAAIb,EAAmB,CAAE,QAASe,EAAQ,MAAM,CAAE,CAAC,CACrD,EACA,OAAIF,EAAS,SAAWnB,EAAoB,QACnCE,EAAKiB,EAAS,KAAK,EAErB,KAAK,qBAAqBI,EAAWJ,EAAS,IAAI,CAC3D,OAASC,EAAO,CACd,OAAOlB,EAAK,IAAIE,EAAiB,OAAOgB,CAAK,CAAC,CAAC,CACjD,CACF,CAAC,CACH,CAEA,iBAAiBG,EAAmB,CAGlC,OAAOtB,EAAY,YAAwC,SAAY,CACrE,GAAIsB,IAAc,KAAK,kBACrB,OAAOpB,EAAM,MAAS,EAExB,MAAMqB,EAAgB,KAAK,eAAe,IAAID,CAAS,EACvD,GAAI,CAACC,EACH,OAAOrB,EAAM,MAAS,EAExB,GAAI,CACF,MAAMgB,EAAW,MAAM,KAAK,IAAI,YAC9B,IAAIX,EAAwBgB,CAAa,CAC3C,EACA,GAAIL,EAAS,SAAWnB,EAAoB,QAC1C,OAAOE,EAAKiB,EAAS,KAAK,CAE9B,OAASC,EAAO,CACd,OAAOlB,EAAK,IAAIE,EAAiB,OAAOgB,CAAK,CAAC,CAAC,CACjD,CACA,OAAOjB,EAAM,MAAS,CACxB,CAAC,CACH,CAEA,qBACEoB,EACAE,EAC0D,CAO1D,GANA,KAAK,kBAAoBF,EAMrBE,EAAkB,SAAW,GAAK,KAAK,eAAe,IAAIF,CAAS,EACrE,OAAOpB,EAAM,MAAS,EAGxB,MAAMuB,EAAe,IAAIhB,EAAkBe,CAAiB,EAC5D,OAAOhB,EAAgB,CACrB,GAAI,IAAMiB,EAAa,MAAM,EAC7B,UAAW,IAAMA,EAAa,aAAa,CAC7C,CAAC,EAAE,QAASF,GACV,KAAK,eAAe,IAAID,EAAWC,CAAa,CAClD,CACF,CACF",
-  "names": ["bufferToHexaString", "CommandResultStatus", "EitherAsync", "Left", "Right", "LKRPUnknownError", "ParseBlockSignatureCommand", "ParseSingleCommand", "ParseBlockHeaderCommand", "SetTrustedMemberCommand", "eitherSeqRecord", "TrustedProperties", "ParseStreamToDeviceTask", "api", "seedBlock", "applicationStream", "stream", "blocks", "block", "data", "response", "error", "command", "blockIssuer", "publicKey", "trustedMember", "trustedPropsBytes", "trustedProps"]
+  "sourcesContent": ["import {\n  CommandResultStatus,\n  type InternalApi,\n} from \"@ledgerhq/device-management-kit\";\nimport { type Either, EitherAsync, Left, Right } from \"purify-ts\";\n\nimport {\n  type LKRPMissingDataError,\n  type LKRPParsingError,\n  LKRPUnknownError,\n} from \"@api/app-binder/Errors\";\nimport { type SetTrustedMemberCommandArgs } from \"@api/app-binder/SetTrustedMemberTypes\";\nimport { ParseBlockSignatureCommand } from \"@internal/app-binder/command/ParseBlockSignatureCommand\";\nimport { ParseSingleCommand } from \"@internal/app-binder/command/ParseStreamBlockCommand\";\nimport { ParseBlockHeaderCommand } from \"@internal/app-binder/command/ParseStreamBlockHeader\";\nimport { SetTrustedMemberCommand } from \"@internal/app-binder/command/SetTrustedMemberCommand\";\nimport { type LKRPDeviceCommandError } from \"@internal/app-binder/command/utils/ledgerKeyringProtocolErrors\";\nimport { type LKRPBlockParsedData } from \"@internal/models/LKRPBlockTypes\";\nimport { eitherSeqRecord } from \"@internal/utils/eitherSeqRecord\";\nimport { bytesToHex } from \"@internal/utils/hex\";\nimport { type LKRPBlock } from \"@internal/utils/LKRPBlock\";\nimport { type LKRPBlockStream } from \"@internal/utils/LKRPBlockStream\";\nimport { type LKRPCommand } from \"@internal/utils/LKRPCommand\";\n\nimport { TrustedProperties } from \"./utils/TrustedProperties\";\n\nexport type ParseStreamToDeviceTaskInput = {\n  seedBlock: LKRPBlock; // The seed block is mandatory for now because the trustchain creation / parse empty stream are not yet implemented\n  applicationStream: LKRPBlockStream | null;\n};\n\ntype ParseStreamTaskError =\n  | LKRPDeviceCommandError\n  | LKRPParsingError\n  | LKRPMissingDataError\n  | LKRPUnknownError;\n\nexport class ParseStreamToDeviceTask {\n  private lastTrustedMember: string | null = null;\n  private trustedMembers = new Map<string, SetTrustedMemberCommandArgs>();\n\n  constructor(private readonly api: InternalApi) {}\n\n  run({ seedBlock, applicationStream }: ParseStreamToDeviceTaskInput) {\n    return this.parseBlock(seedBlock).chain<ParseStreamTaskError, unknown>(\n      () =>\n        applicationStream\n          ? this.parseStream(applicationStream)\n          : EitherAsync.liftEither(Right(undefined)),\n    );\n  }\n\n  parseStream(stream: LKRPBlockStream) {\n    return EitherAsync.liftEither(stream.parse()).chain<\n      ParseStreamTaskError,\n      unknown\n    >((blocks) =>\n      EitherAsync.sequence(blocks.map((block) => this.parseBlock(block))),\n    );\n  }\n\n  parseBlock(block: LKRPBlock) {\n    return (\n      EitherAsync.liftEither(block.parse())\n\n        .chain<ParseStreamTaskError, LKRPBlockParsedData>((data) =>\n          this.setTrustedMember(bytesToHex(data.issuer)).map(() => data),\n        )\n\n        // Parse the block header\n        .chain<ParseStreamTaskError, LKRPBlockParsedData>(async (data) => {\n          try {\n            const response = await this.api.sendCommand(\n              new ParseBlockHeaderCommand(data),\n            );\n            if (response.status !== CommandResultStatus.Success) {\n              return Left(response.error);\n            }\n          } catch (error) {\n            return Left(new LKRPUnknownError(String(error)));\n          }\n          return Right(data);\n        })\n\n        // Parse each command\n        .chain<ParseStreamTaskError, LKRPBlockParsedData>((data) =>\n          EitherAsync.sequence(\n            data.commands.map((command) =>\n              this.parseCommand(command, bytesToHex(data.issuer)),\n            ),\n          ).map(() => data),\n        )\n\n        // Parse the block signature\n        .chain<ParseStreamTaskError, void>(async (data) => {\n          try {\n            const response = await this.api.sendCommand(\n              new ParseBlockSignatureCommand(data),\n            );\n            if (response.status !== CommandResultStatus.Success) {\n              return Left(response.error);\n            }\n          } catch (error) {\n            return Left(new LKRPUnknownError(String(error)));\n          }\n          return Right(undefined);\n        })\n    );\n  }\n\n  parseCommand(command: LKRPCommand, blockIssuer: string) {\n    const publicKey = command.getPublicKey().orDefault(blockIssuer);\n\n    // Parse the command\n    return this.setTrustedMember(publicKey).chain<\n      ParseStreamTaskError,\n      unknown\n    >(async () => {\n      try {\n        const response = await this.api.sendCommand(\n          new ParseSingleCommand({ command: command.toU8A() }),\n        );\n        if (response.status !== CommandResultStatus.Success) {\n          return Left(response.error);\n        }\n        return this.recordTrustedMembers(publicKey, response.data);\n      } catch (error) {\n        return Left(new LKRPUnknownError(String(error)));\n      }\n    });\n  }\n\n  setTrustedMember(publicKey: string) {\n    // NOTE: Set Trusted Member only when needed\n    // i.e: when this command wasn't signed by the device (see recordTrustedMembers NOTE) nor the last trusted member\n    return EitherAsync.fromPromise<ParseStreamTaskError, void>(async () => {\n      if (publicKey === this.lastTrustedMember) {\n        return Right(undefined);\n      }\n      const trustedMember = this.trustedMembers.get(publicKey);\n      if (!trustedMember) {\n        return Right(undefined);\n      }\n      try {\n        const response = await this.api.sendCommand(\n          new SetTrustedMemberCommand(trustedMember),\n        );\n        if (response.status !== CommandResultStatus.Success) {\n          return Left(response.error);\n        }\n      } catch (error) {\n        return Left(new LKRPUnknownError(String(error)));\n      }\n      return Right(undefined);\n    });\n  }\n\n  recordTrustedMembers(\n    publicKey: string,\n    trustedPropsBytes: Uint8Array,\n  ): Either<LKRPParsingError | LKRPMissingDataError, unknown> {\n    this.lastTrustedMember = publicKey;\n\n    // NOTE: Whenever a command which was signed by the device is parsed on the same device\n    // the parse block apdu returns empty trusted properties.\n    // Therefore this function will never record the device as a trusted member.\n    // (which is fine because the device doesn't need to set itself as a trusted member).\n    if (trustedPropsBytes.length === 0 || this.trustedMembers.has(publicKey)) {\n      return Right(undefined);\n    }\n\n    const trustedProps = new TrustedProperties(trustedPropsBytes);\n    return eitherSeqRecord({\n      iv: () => trustedProps.getIv(),\n      memberTlv: () => trustedProps.getNewMember(),\n    }).ifRight((trustedMember) =>\n      this.trustedMembers.set(publicKey, trustedMember),\n    );\n  }\n}\n"],
+  "mappings": "AAAA,OACE,uBAAAA,MAEK,kCACP,OAAsB,eAAAC,EAAa,QAAAC,EAAM,SAAAC,MAAa,YAEtD,OAGE,oBAAAC,MACK,yBAEP,OAAS,8BAAAC,MAAkC,0DAC3C,OAAS,sBAAAC,MAA0B,uDACnC,OAAS,2BAAAC,MAA+B,sDACxC,OAAS,2BAAAC,MAA+B,uDAGxC,OAAS,mBAAAC,MAAuB,kCAChC,OAAS,cAAAC,MAAkB,sBAK3B,OAAS,qBAAAC,MAAyB,4BAa3B,MAAMC,CAAwB,CAInC,YAA6BC,EAAkB,CAAlB,SAAAA,CAAmB,CAHxC,kBAAmC,KACnC,eAAiB,IAAI,IAI7B,IAAI,CAAE,UAAAC,EAAW,kBAAAC,CAAkB,EAAiC,CAClE,OAAO,KAAK,WAAWD,CAAS,EAAE,MAChC,IACEC,EACI,KAAK,YAAYA,CAAiB,EAClCd,EAAY,WAAWE,EAAM,MAAS,CAAC,CAC/C,CACF,CAEA,YAAYa,EAAyB,CACnC,OAAOf,EAAY,WAAWe,EAAO,MAAM,CAAC,EAAE,MAG3CC,GACDhB,EAAY,SAASgB,EAAO,IAAKC,GAAU,KAAK,WAAWA,CAAK,CAAC,CAAC,CACpE,CACF,CAEA,WAAWA,EAAkB,CAC3B,OACEjB,EAAY,WAAWiB,EAAM,MAAM,CAAC,EAEjC,MAAkDC,GACjD,KAAK,iBAAiBT,EAAWS,EAAK,MAAM,CAAC,EAAE,IAAI,IAAMA,CAAI,CAC/D,EAGC,MAAiD,MAAOA,GAAS,CAChE,GAAI,CACF,MAAMC,EAAW,MAAM,KAAK,IAAI,YAC9B,IAAIb,EAAwBY,CAAI,CAClC,EACA,GAAIC,EAAS,SAAWpB,EAAoB,QAC1C,OAAOE,EAAKkB,EAAS,KAAK,CAE9B,OAASC,EAAO,CACd,OAAOnB,EAAK,IAAIE,EAAiB,OAAOiB,CAAK,CAAC,CAAC,CACjD,CACA,OAAOlB,EAAMgB,CAAI,CACnB,CAAC,EAGA,MAAkDA,GACjDlB,EAAY,SACVkB,EAAK,SAAS,IAAKG,GACjB,KAAK,aAAaA,EAASZ,EAAWS,EAAK,MAAM,CAAC,CACpD,CACF,EAAE,IAAI,IAAMA,CAAI,CAClB,EAGC,MAAkC,MAAOA,GAAS,CACjD,GAAI,CACF,MAAMC,EAAW,MAAM,KAAK,IAAI,YAC9B,IAAIf,EAA2Bc,CAAI,CACrC,EACA,GAAIC,EAAS,SAAWpB,EAAoB,QAC1C,OAAOE,EAAKkB,EAAS,KAAK,CAE9B,OAASC,EAAO,CACd,OAAOnB,EAAK,IAAIE,EAAiB,OAAOiB,CAAK,CAAC,CAAC,CACjD,CACA,OAAOlB,EAAM,MAAS,CACxB,CAAC,CAEP,CAEA,aAAamB,EAAsBC,EAAqB,CACtD,MAAMC,EAAYF,EAAQ,aAAa,EAAE,UAAUC,CAAW,EAG9D,OAAO,KAAK,iBAAiBC,CAAS,EAAE,MAGtC,SAAY,CACZ,GAAI,CACF,MAAMJ,EAAW,MAAM,KAAK,IAAI,YAC9B,IAAId,EAAmB,CAAE,QAASgB,EAAQ,MAAM,CAAE,CAAC,CACrD,EACA,OAAIF,EAAS,SAAWpB,EAAoB,QACnCE,EAAKkB,EAAS,KAAK,EAErB,KAAK,qBAAqBI,EAAWJ,EAAS,IAAI,CAC3D,OAASC,EAAO,CACd,OAAOnB,EAAK,IAAIE,EAAiB,OAAOiB,CAAK,CAAC,CAAC,CACjD,CACF,CAAC,CACH,CAEA,iBAAiBG,EAAmB,CAGlC,OAAOvB,EAAY,YAAwC,SAAY,CACrE,GAAIuB,IAAc,KAAK,kBACrB,OAAOrB,EAAM,MAAS,EAExB,MAAMsB,EAAgB,KAAK,eAAe,IAAID,CAAS,EACvD,GAAI,CAACC,EACH,OAAOtB,EAAM,MAAS,EAExB,GAAI,CACF,MAAMiB,EAAW,MAAM,KAAK,IAAI,YAC9B,IAAIZ,EAAwBiB,CAAa,CAC3C,EACA,GAAIL,EAAS,SAAWpB,EAAoB,QAC1C,OAAOE,EAAKkB,EAAS,KAAK,CAE9B,OAASC,EAAO,CACd,OAAOnB,EAAK,IAAIE,EAAiB,OAAOiB,CAAK,CAAC,CAAC,CACjD,CACA,OAAOlB,EAAM,MAAS,CACxB,CAAC,CACH,CAEA,qBACEqB,EACAE,EAC0D,CAO1D,GANA,KAAK,kBAAoBF,EAMrBE,EAAkB,SAAW,GAAK,KAAK,eAAe,IAAIF,CAAS,EACrE,OAAOrB,EAAM,MAAS,EAGxB,MAAMwB,EAAe,IAAIhB,EAAkBe,CAAiB,EAC5D,OAAOjB,EAAgB,CACrB,GAAI,IAAMkB,EAAa,MAAM,EAC7B,UAAW,IAAMA,EAAa,aAAa,CAC7C,CAAC,EAAE,QAASF,GACV,KAAK,eAAe,IAAID,EAAWC,CAAa,CAClD,CACF,CACF",
+  "names": ["CommandResultStatus", "EitherAsync", "Left", "Right", "LKRPUnknownError", "ParseBlockSignatureCommand", "ParseSingleCommand", "ParseBlockHeaderCommand", "SetTrustedMemberCommand", "eitherSeqRecord", "bytesToHex", "TrustedProperties", "ParseStreamToDeviceTask", "api", "seedBlock", "applicationStream", "stream", "blocks", "block", "data", "response", "error", "command", "blockIssuer", "publicKey", "trustedMember", "trustedPropsBytes", "trustedProps"]
 }

package/lib/esm/internal/app-binder/task/SignBlockTask.js

@@ -1,2 +1,2 @@
-import{bufferToHexaString as v,CommandResultStatus as u}from"@ledgerhq/device-management-kit";import{Either as C,EitherAsync as a,Left as c,Right as h}from"purify-ts";import{EncryptionAlgo as E}from"../../../api/crypto/CryptoService";import{LKRPDataSourceError as K,LKRPOutdatedTrustchainError as k,LKRPUnknownError as l,LKRPUnsupportedCommandError as S}from"../../../api/model/Errors";import{SignBlockHeaderCommand as f}from"../../app-binder/command/SignBlockHeader";import{SignBlockSignatureCommand as A}from"../../app-binder/command/SignBlockSignatureCommand";import{SignBlockSingleCommand as w}from"../../app-binder/command/SignBlockSingleCommand";import{CommandTags as o}from"../../models/Tags";import{eitherAsyncSeqRecord as B,eitherSeqRecord as y}from"../../utils/eitherSeqRecord";import{LKRPBlock as b}from"../../utils/LKRPBlock";import{LKRPCommand as d}from"../../utils/LKRPCommand";import{TrustedProperties as P}from"./utils/TrustedProperties";class O{constructor(r,e){this.api=r;this.cryptoService=e}run({lkrpDataSource:r,trustchainId:e,path:t,jwt:n,parent:m,blockFlow:p,sessionKeypair:g}){const i=this.signCommands(t,p);return B({header:this.signBlockHeader(m,i.length),commands:a.sequence(i),signature:this.signBlockSignature(g)}).chain(async s=>this.decryptBlock(m,s)).chain(s=>{switch(p.type){case"derive":return r.postDerivation(e,s,n);case"addMember":return r.putCommands(e,t,s,n)}}).mapLeft(s=>s instanceof K&&s.status==="BAD_REQUEST"?new k:s)}signBlockHeader(r,e){return a.fromPromise(async()=>{try{const t=await this.api.sendCommand(new f({parent:r,commandCount:e}));if(t.status!==u.Success)return c(t.error);const n=new P(t.data);return y({iv:()=>n.getIv(),issuer:()=>n.getIssuer()})}catch(t){return c(new l(String(t)))}})}signBlockSignature(r){return a.fromPromise(async()=>{try{const e=await this.api.sendCommand(new A);if(e.status!==u.Success)return c(e.error);const{signature:t,deviceSessionKey:n}=e.data,m=(await r.deriveSharedSecret(n)).slice(1);return h({signature:t,secret:m})}catch(e){return c(new l(String(e)))}})}signCommands(r,e){switch(e.type){case"derive":return[this.signDeriveCommand(r),this.signAddMemberCommand(e.data),this.signPublishKeyCommand(e.data)];case"addMember":return[this.signAddMemberCommand(e.data),this.signPublishKeyCommand(e.data)]}}signSingleCommand(r){return a.fromPromise(async()=>{try{const e=await this.api.sendCommand(new w({command:r}));return e.status!==u.Success?c(e.error):h(new P(e.data))}catch(e){return c(new l(String(e)))}})}signDeriveCommand(r){return this.signSingleCommand(d.bytesFromUnsignedData({type:o.Derive,path:r})).chain(e=>a.liftEither(y({type:o.Derive,path:r,iv:()=>e.getIv(),xpriv:()=>e.getXPriv(),ephemeralPublicKey:()=>e.getEphemeralPublicKey(),commandIv:()=>e.getCommandIv(),groupKey:()=>e.getGroupKey(),newMember:()=>e.getNewMember()})))}signAddMemberCommand({name:r,publicKey:e,permissions:t}){return this.signSingleCommand(d.bytesFromUnsignedData({type:o.AddMember,name:r,publicKey:e,permissions:t})).chain(n=>a.liftEither(y({type:o.AddMember,name:r,publicKey:e,permissions:t,iv:()=>n.getIv(),newMember:()=>n.getNewMember()})))}signPublishKeyCommand({publicKey:r}){return this.signSingleCommand(d.bytesFromUnsignedData({type:o.PublishKey,recipient:r})).chain(e=>a.liftEither(y({type:o.PublishKey,recipient:r,iv:()=>e.getIv(),xpriv:()=>e.getXPriv(),ephemeralPublicKey:()=>e.getEphemeralPublicKey(),commandIv:()=>e.getCommandIv(),newMember:()=>e.getNewMember()})))}decryptBlock(r,{header:e,commands:t,signature:n}){return a(async({throwE:m})=>{const g=await this.cryptoService.importSymmetricKey(n.secret,E.AES256_GCM).decrypt(e.iv,e.issuer);return C.sequence(await Promise.all(t.map(i=>this.decryptCommand(n.secret,i).run()))).caseOf({Left:i=>{throw m(i),i},Right:i=>b.fromData({parent:v(r),issuer:g,commands:i,signature:n.signature})})})}decryptCommand(r,e){return a(async({throwE:t})=>{switch(e.type){case o.Derive:case o.PublishKey:{const m=await this.cryptoService.importSymmetricKey(r,E.AES256_GCM).decrypt(e.iv,e.xpriv);return d.fromData({...e,initializationVector:e.commandIv,encryptedXpriv:m})}case o.AddMember:return d.fromData({...e});default:throw t(new S(e)),new S(e)}})}}export{O as SignBlockTask};
+import{bufferToHexaString as C,CommandResultStatus as g}from"@ledgerhq/device-management-kit";import{Either as P,EitherAsync as o,Left as m,Right as y}from"purify-ts";import{LKRPDataSourceError as K,LKRPOutdatedTrustchainError as v,LKRPUnknownError as u,LKRPUnsupportedCommandError as k}from"../../../api/app-binder/Errors";import{SignBlockHeaderCommand as B}from"../../app-binder/command/SignBlockHeader";import{SignBlockSignatureCommand as b}from"../../app-binder/command/SignBlockSignatureCommand";import{SignBlockSingleCommand as f}from"../../app-binder/command/SignBlockSingleCommand";import{CommandTags as i}from"../../models/Tags";import{CryptoUtils as h}from"../../utils/crypto";import{eitherAsyncSeqRecord as A,eitherSeqRecord as p}from"../../utils/eitherSeqRecord";import{LKRPBlock as D}from"../../utils/LKRPBlock";import{LKRPCommand as c}from"../../utils/LKRPCommand";import{TrustedProperties as E}from"./utils/TrustedProperties";class J{constructor(r){this.api=r}run({lkrpDataSource:r,trustchainId:e,path:t,jwt:n,parent:s,blockFlow:d,sessionKeypair:S}){const l=this.signCommands(t,d);return A({header:this.signBlockHeader(s,l.length),commands:o.sequence(l),signature:this.signBlockSignature(S)}).chain(a=>o.liftEither(this.decryptBlock(s,a))).chain(a=>{switch(d.type){case"derive":return r.postDerivation(e,a,n);case"addMember":return r.putCommands(e,t,a,n)}}).mapLeft(a=>a instanceof K&&a.status==="BAD_REQUEST"?new v:a)}signBlockHeader(r,e){return o.fromPromise(async()=>{try{const t=await this.api.sendCommand(new B({parent:r,commandCount:e}));if(t.status!==g.Success)return m(t.error);const n=new E(t.data);return p({iv:()=>n.getIv(),issuer:()=>n.getIssuer()})}catch(t){return m(new u(String(t)))}})}signBlockSignature(r){return o.fromPromise(async()=>{try{const e=await this.api.sendCommand(new b);if(e.status!==g.Success)return m(e.error);const{signature:t,deviceSessionKey:n}=e.data,s=r.ecdh(n).slice(1);return y({signature:t,secret:s})}catch(e){return m(new u(String(e)))}})}signCommands(r,e){switch(e.type){case"derive":return[this.signDeriveCommand(r),this.signAddMemberCommand(e.data),this.signPublishKeyCommand(e.data)];case"addMember":return[this.signAddMemberCommand(e.data),this.signPublishKeyCommand(e.data)]}}signSingleCommand(r){return o.fromPromise(async()=>{try{const e=await this.api.sendCommand(new f({command:r}));return e.status!==g.Success?m(e.error):y(new E(e.data))}catch(e){return m(new u(String(e)))}})}signDeriveCommand(r){return this.signSingleCommand(c.bytesFromUnsignedData({type:i.Derive,path:r})).chain(e=>o.liftEither(p({type:i.Derive,path:r,iv:()=>e.getIv(),xpriv:()=>e.getXPriv(),ephemeralPublicKey:()=>e.getEphemeralPublicKey(),commandIv:()=>e.getCommandIv(),groupKey:()=>e.getGroupKey(),newMember:()=>e.getNewMember()})))}signAddMemberCommand({name:r,publicKey:e,permissions:t}){return this.signSingleCommand(c.bytesFromUnsignedData({type:i.AddMember,name:r,publicKey:e,permissions:t})).chain(n=>o.liftEither(p({type:i.AddMember,name:r,publicKey:e,permissions:t,iv:()=>n.getIv(),newMember:()=>n.getNewMember()})))}signPublishKeyCommand({publicKey:r}){return this.signSingleCommand(c.bytesFromUnsignedData({type:i.PublishKey,recipient:r})).chain(e=>o.liftEither(p({type:i.PublishKey,recipient:r,iv:()=>e.getIv(),xpriv:()=>e.getXPriv(),ephemeralPublicKey:()=>e.getEphemeralPublicKey(),commandIv:()=>e.getCommandIv(),newMember:()=>e.getNewMember()})))}decryptBlock(r,{header:e,commands:t,signature:n}){const s=h.decrypt(n.secret,e.iv,e.issuer);return P.sequence(t.map(d=>this.decryptCommand(n.secret,d))).map(d=>D.fromData({parent:C(r),issuer:s,commands:d,signature:n.signature}))}decryptCommand(r,e){switch(e.type){case i.Derive:case i.PublishKey:{const t=h.decrypt(r,e.iv,e.xpriv);return y(c.fromData({...e,initializationVector:e.commandIv,encryptedXpriv:t}))}case i.AddMember:return y(c.fromData({...e}));default:return m(new k(e))}}}export{J as SignBlockTask};
 //# sourceMappingURL=SignBlockTask.js.map

package/lib/esm/internal/app-binder/task/SignBlockTask.js.map

@@ -1,7 +1,7 @@
 {
   "version": 3,
   "sources": ["../../../../../src/internal/app-binder/task/SignBlockTask.ts"],
-  "sourcesContent": ["import {\n  bufferToHexaString,\n  CommandResultStatus,\n  type InternalApi,\n} from \"@ledgerhq/device-management-kit\";\nimport { Either, EitherAsync, Left, Right } from \"purify-ts\";\n\nimport { type CryptoService, EncryptionAlgo } from \"@api/crypto/CryptoService\";\nimport { type KeyPair } from \"@api/crypto/KeyPair\";\nimport {\n  LKRPDataSourceError,\n  type LKRPMissingDataError,\n  LKRPOutdatedTrustchainError,\n  type LKRPParsingError,\n  LKRPUnknownError,\n  LKRPUnsupportedCommandError,\n} from \"@api/model/Errors\";\nimport { type JWT } from \"@api/model/JWT\";\nimport { SignBlockHeaderCommand } from \"@internal/app-binder/command/SignBlockHeader\";\nimport { SignBlockSignatureCommand } from \"@internal/app-binder/command/SignBlockSignatureCommand\";\nimport { SignBlockSingleCommand } from \"@internal/app-binder/command/SignBlockSingleCommand\";\nimport { type LKRPDeviceCommandError } from \"@internal/app-binder/command/utils/ledgerKeyringProtocolErrors\";\nimport { type LKRPDataSource } from \"@internal/lkrp-datasource/data/LKRPDataSource\";\nimport {\n  type AddMemberUnsignedData,\n  type EncryptedCommand,\n  type EncryptedDeriveCommand,\n  type EncryptedPublishKeyCommand,\n} from \"@internal/models/LKRPCommandTypes\";\nimport { CommandTags } from \"@internal/models/Tags\";\nimport {\n  eitherAsyncSeqRecord,\n  eitherSeqRecord,\n} from \"@internal/utils/eitherSeqRecord\";\nimport { LKRPBlock } from \"@internal/utils/LKRPBlock\";\nimport { LKRPCommand } from \"@internal/utils/LKRPCommand\";\n\nimport { TrustedProperties } from \"./utils/TrustedProperties\";\n\ntype BlockFlow =\n  | { type: \"derive\"; data: AddMemberBlockData }\n  | { type: \"addMember\"; data: AddMemberBlockData };\n\ntype AddMemberBlockData = {\n  name: string;\n  publicKey: Uint8Array;\n  permissions: number;\n};\n\ntype HeaderPayload = {\n  iv: Uint8Array;\n  issuer: Uint8Array;\n};\ntype SignaturePayload = {\n  secret: Uint8Array;\n  signature: Uint8Array;\n};\n\ntype EncryptedBlock = {\n  header: HeaderPayload;\n  commands: EncryptedCommand[];\n  signature: SignaturePayload;\n};\n\ntype SignBlockError =\n  | LKRPDeviceCommandError\n  | LKRPParsingError\n  | LKRPMissingDataError\n  | LKRPDataSourceError\n  | LKRPOutdatedTrustchainError\n  | LKRPUnknownError;\n\nexport type SignBlockTaskInput = {\n  lkrpDataSource: LKRPDataSource;\n  trustchainId: string;\n  path: string;\n  jwt: JWT;\n  parent: Uint8Array;\n  blockFlow: BlockFlow;\n  sessionKeypair: KeyPair;\n};\n\nexport class SignBlockTask {\n  constructor(\n    private readonly api: InternalApi,\n    private readonly cryptoService: CryptoService,\n  ) {}\n\n  run({\n    lkrpDataSource,\n    trustchainId,\n    path,\n    jwt,\n    parent,\n    blockFlow,\n    sessionKeypair,\n  }: SignBlockTaskInput): EitherAsync<SignBlockError, void> {\n    const commands = this.signCommands(path, blockFlow);\n    return eitherAsyncSeqRecord({\n      header: this.signBlockHeader(parent, commands.length),\n      commands: EitherAsync.sequence(commands),\n      signature: this.signBlockSignature(sessionKeypair),\n    })\n      .chain(async (encryptedBlock) =>\n        this.decryptBlock(parent, encryptedBlock),\n      )\n      .chain((block) => {\n        switch (blockFlow.type) {\n          case \"derive\":\n            return lkrpDataSource.postDerivation(trustchainId, block, jwt);\n          case \"addMember\":\n            return lkrpDataSource.putCommands(trustchainId, path, block, jwt);\n        }\n      })\n      .mapLeft((error) =>\n        error instanceof LKRPDataSourceError && error.status === \"BAD_REQUEST\"\n          ? new LKRPOutdatedTrustchainError()\n          : error,\n      );\n  }\n\n  signBlockHeader(\n    parent: Uint8Array,\n    commandCount: number,\n  ): EitherAsync<SignBlockError, HeaderPayload> {\n    return EitherAsync.fromPromise(async () => {\n      try {\n        const response = await this.api.sendCommand(\n          new SignBlockHeaderCommand({ parent, commandCount }),\n        );\n        if (response.status !== CommandResultStatus.Success) {\n          return Left(response.error);\n        }\n        const trustedProps = new TrustedProperties(response.data);\n        return eitherSeqRecord({\n          iv: () => trustedProps.getIv(),\n          issuer: () => trustedProps.getIssuer(),\n        }) as Either<SignBlockError, HeaderPayload>;\n      } catch (error) {\n        return Left(new LKRPUnknownError(String(error)));\n      }\n    });\n  }\n\n  signBlockSignature(\n    sessionKeypair: KeyPair,\n  ): EitherAsync<SignBlockError, SignaturePayload> {\n    return EitherAsync.fromPromise(async () => {\n      try {\n        const response = await this.api.sendCommand(\n          new SignBlockSignatureCommand(),\n        );\n        if (response.status !== CommandResultStatus.Success) {\n          return Left(response.error);\n        }\n        const { signature, deviceSessionKey } = response.data;\n        // At this step, the shared secret is used directly as an encryption key after removing the first byte\n        const secret = (\n          await sessionKeypair.deriveSharedSecret(deviceSessionKey)\n        ).slice(1);\n        return Right({ signature, secret });\n      } catch (error) {\n        return Left(new LKRPUnknownError(String(error)));\n      }\n    });\n  }\n\n  signCommands(\n    applicationPath: string,\n    block: BlockFlow,\n  ): EitherAsync<SignBlockError, EncryptedCommand>[] {\n    switch (block.type) {\n      case \"derive\":\n        return [\n          this.signDeriveCommand(applicationPath),\n          this.signAddMemberCommand(block.data),\n          this.signPublishKeyCommand(block.data),\n        ];\n      case \"addMember\":\n        return [\n          this.signAddMemberCommand(block.data),\n          this.signPublishKeyCommand(block.data),\n        ];\n    }\n  }\n\n  signSingleCommand(command: Uint8Array) {\n    return EitherAsync.fromPromise(\n      async (): Promise<Either<SignBlockError, TrustedProperties>> => {\n        try {\n          const response = await this.api.sendCommand(\n            new SignBlockSingleCommand({ command }),\n          );\n          if (response.status !== CommandResultStatus.Success) {\n            return Left(response.error);\n          }\n          return Right(new TrustedProperties(response.data));\n        } catch (error) {\n          return Left(new LKRPUnknownError(String(error)));\n        }\n      },\n    );\n  }\n\n  signDeriveCommand(applicationPath: string) {\n    return this.signSingleCommand(\n      LKRPCommand.bytesFromUnsignedData({\n        type: CommandTags.Derive,\n        path: applicationPath,\n      }),\n    ).chain((trustedProps) =>\n      EitherAsync.liftEither<SignBlockError, EncryptedDeriveCommand>(\n        eitherSeqRecord({\n          type: CommandTags.Derive,\n          path: applicationPath,\n          iv: () => trustedProps.getIv(),\n          xpriv: () => trustedProps.getXPriv(),\n          ephemeralPublicKey: () => trustedProps.getEphemeralPublicKey(),\n          commandIv: () => trustedProps.getCommandIv(),\n          groupKey: () => trustedProps.getGroupKey(),\n          newMember: () => trustedProps.getNewMember(), // Just validate it's there\n        }),\n      ),\n    );\n  }\n\n  signAddMemberCommand({ name, publicKey, permissions }: AddMemberBlockData) {\n    return this.signSingleCommand(\n      LKRPCommand.bytesFromUnsignedData({\n        type: CommandTags.AddMember,\n        name,\n        publicKey,\n        permissions,\n      }),\n    ).chain((trustedProps) =>\n      EitherAsync.liftEither<SignBlockError, AddMemberUnsignedData>(\n        eitherSeqRecord({\n          type: CommandTags.AddMember,\n          name,\n          publicKey,\n          permissions,\n          iv: () => trustedProps.getIv(), // Just validate it's there\n          newMember: () => trustedProps.getNewMember(), // Just validate it's there\n        }),\n      ),\n    );\n  }\n\n  signPublishKeyCommand({ publicKey }: Pick<AddMemberBlockData, \"publicKey\">) {\n    return this.signSingleCommand(\n      LKRPCommand.bytesFromUnsignedData({\n        type: CommandTags.PublishKey,\n        recipient: publicKey,\n      }),\n    ).chain((trustedProps) =>\n      EitherAsync.liftEither<SignBlockError, EncryptedPublishKeyCommand>(\n        eitherSeqRecord({\n          type: CommandTags.PublishKey,\n          recipient: publicKey,\n          iv: () => trustedProps.getIv(),\n          xpriv: () => trustedProps.getXPriv(),\n          ephemeralPublicKey: () => trustedProps.getEphemeralPublicKey(),\n          commandIv: () => trustedProps.getCommandIv(),\n          newMember: () => trustedProps.getNewMember(), // Just validate it's there,\n        }),\n      ),\n    );\n  }\n\n  decryptBlock(\n    parent: Uint8Array,\n    { header, commands, signature }: EncryptedBlock,\n  ): EitherAsync<SignBlockError, LKRPBlock> {\n    return EitherAsync(async ({ throwE }) => {\n      const key = this.cryptoService.importSymmetricKey(\n        signature.secret,\n        EncryptionAlgo.AES256_GCM,\n      );\n      const decryptedIssuer = await key.decrypt(header.iv, header.issuer);\n      return Either.sequence(\n        await Promise.all(\n          commands.map((command) =>\n            this.decryptCommand(signature.secret, command).run(),\n          ),\n        ),\n      ).caseOf({\n        Left: (error) => {\n          throwE(error);\n          throw error;\n        },\n        Right: (decryptedCommands) =>\n          LKRPBlock.fromData({\n            parent: bufferToHexaString(parent),\n            issuer: decryptedIssuer,\n            commands: decryptedCommands,\n            signature: signature.signature,\n          }),\n      });\n    });\n  }\n\n  decryptCommand(\n    secret: Uint8Array,\n    command: EncryptedCommand,\n  ): EitherAsync<LKRPUnknownError, LKRPCommand> {\n    return EitherAsync<LKRPUnknownError, LKRPCommand>(async ({ throwE }) => {\n      switch (command.type) {\n        case CommandTags.Derive:\n        case CommandTags.PublishKey: {\n          const key = this.cryptoService.importSymmetricKey(\n            secret,\n            EncryptionAlgo.AES256_GCM,\n          );\n          const encryptedXpriv = await key.decrypt(command.iv, command.xpriv);\n          return LKRPCommand.fromData({\n            ...command,\n            initializationVector: command.commandIv,\n            encryptedXpriv,\n          });\n        }\n        case CommandTags.AddMember:\n          return LKRPCommand.fromData({ ...command });\n        default:\n          throwE(new LKRPUnsupportedCommandError(command));\n          throw new LKRPUnsupportedCommandError(command);\n      }\n    });\n  }\n}\n"],
-  "mappings": "AAAA,OACE,sBAAAA,EACA,uBAAAC,MAEK,kCACP,OAAS,UAAAC,EAAQ,eAAAC,EAAa,QAAAC,EAAM,SAAAC,MAAa,YAEjD,OAA6B,kBAAAC,MAAsB,4BAEnD,OACE,uBAAAC,EAEA,+BAAAC,EAEA,oBAAAC,EACA,+BAAAC,MACK,oBAEP,OAAS,0BAAAC,MAA8B,+CACvC,OAAS,6BAAAC,MAAiC,yDAC1C,OAAS,0BAAAC,MAA8B,sDASvC,OAAS,eAAAC,MAAmB,wBAC5B,OACE,wBAAAC,EACA,mBAAAC,MACK,kCACP,OAAS,aAAAC,MAAiB,4BAC1B,OAAS,eAAAC,MAAmB,8BAE5B,OAAS,qBAAAC,MAAyB,4BA6C3B,MAAMC,CAAc,CACzB,YACmBC,EACAC,EACjB,CAFiB,SAAAD,EACA,mBAAAC,CAChB,CAEH,IAAI,CACF,eAAAC,EACA,aAAAC,EACA,KAAAC,EACA,IAAAC,EACA,OAAAC,EACA,UAAAC,EACA,eAAAC,CACF,EAA0D,CACxD,MAAMC,EAAW,KAAK,aAAaL,EAAMG,CAAS,EAClD,OAAOb,EAAqB,CAC1B,OAAQ,KAAK,gBAAgBY,EAAQG,EAAS,MAAM,EACpD,SAAU3B,EAAY,SAAS2B,CAAQ,EACvC,UAAW,KAAK,mBAAmBD,CAAc,CACnD,CAAC,EACE,MAAM,MAAOE,GACZ,KAAK,aAAaJ,EAAQI,CAAc,CAC1C,EACC,MAAOC,GAAU,CAChB,OAAQJ,EAAU,KAAM,CACtB,IAAK,SACH,OAAOL,EAAe,eAAeC,EAAcQ,EAAON,CAAG,EAC/D,IAAK,YACH,OAAOH,EAAe,YAAYC,EAAcC,EAAMO,EAAON,CAAG,CACpE,CACF,CAAC,EACA,QAASO,GACRA,aAAiB1B,GAAuB0B,EAAM,SAAW,cACrD,IAAIzB,EACJyB,CACN,CACJ,CAEA,gBACEN,EACAO,EAC4C,CAC5C,OAAO/B,EAAY,YAAY,SAAY,CACzC,GAAI,CACF,MAAMgC,EAAW,MAAM,KAAK,IAAI,YAC9B,IAAIxB,EAAuB,CAAE,OAAAgB,EAAQ,aAAAO,CAAa,CAAC,CACrD,EACA,GAAIC,EAAS,SAAWlC,EAAoB,QAC1C,OAAOG,EAAK+B,EAAS,KAAK,EAE5B,MAAMC,EAAe,IAAIjB,EAAkBgB,EAAS,IAAI,EACxD,OAAOnB,EAAgB,CACrB,GAAI,IAAMoB,EAAa,MAAM,EAC7B,OAAQ,IAAMA,EAAa,UAAU,CACvC,CAAC,CACH,OAASH,EAAO,CACd,OAAO7B,EAAK,IAAIK,EAAiB,OAAOwB,CAAK,CAAC,CAAC,CACjD,CACF,CAAC,CACH,CAEA,mBACEJ,EAC+C,CAC/C,OAAO1B,EAAY,YAAY,SAAY,CACzC,GAAI,CACF,MAAMgC,EAAW,MAAM,KAAK,IAAI,YAC9B,IAAIvB,CACN,EACA,GAAIuB,EAAS,SAAWlC,EAAoB,QAC1C,OAAOG,EAAK+B,EAAS,KAAK,EAE5B,KAAM,CAAE,UAAAE,EAAW,iBAAAC,CAAiB,EAAIH,EAAS,KAE3CI,GACJ,MAAMV,EAAe,mBAAmBS,CAAgB,GACxD,MAAM,CAAC,EACT,OAAOjC,EAAM,CAAE,UAAAgC,EAAW,OAAAE,CAAO,CAAC,CACpC,OAASN,EAAO,CACd,OAAO7B,EAAK,IAAIK,EAAiB,OAAOwB,CAAK,CAAC,CAAC,CACjD,CACF,CAAC,CACH,CAEA,aACEO,EACAR,EACiD,CACjD,OAAQA,EAAM,KAAM,CAClB,IAAK,SACH,MAAO,CACL,KAAK,kBAAkBQ,CAAe,EACtC,KAAK,qBAAqBR,EAAM,IAAI,EACpC,KAAK,sBAAsBA,EAAM,IAAI,CACvC,EACF,IAAK,YACH,MAAO,CACL,KAAK,qBAAqBA,EAAM,IAAI,EACpC,KAAK,sBAAsBA,EAAM,IAAI,CACvC,CACJ,CACF,CAEA,kBAAkBS,EAAqB,CACrC,OAAOtC,EAAY,YACjB,SAAgE,CAC9D,GAAI,CACF,MAAMgC,EAAW,MAAM,KAAK,IAAI,YAC9B,IAAItB,EAAuB,CAAE,QAAA4B,CAAQ,CAAC,CACxC,EACA,OAAIN,EAAS,SAAWlC,EAAoB,QACnCG,EAAK+B,EAAS,KAAK,EAErB9B,EAAM,IAAIc,EAAkBgB,EAAS,IAAI,CAAC,CACnD,OAASF,EAAO,CACd,OAAO7B,EAAK,IAAIK,EAAiB,OAAOwB,CAAK,CAAC,CAAC,CACjD,CACF,CACF,CACF,CAEA,kBAAkBO,EAAyB,CACzC,OAAO,KAAK,kBACVtB,EAAY,sBAAsB,CAChC,KAAMJ,EAAY,OAClB,KAAM0B,CACR,CAAC,CACH,EAAE,MAAOJ,GACPjC,EAAY,WACVa,EAAgB,CACd,KAAMF,EAAY,OAClB,KAAM0B,EACN,GAAI,IAAMJ,EAAa,MAAM,EAC7B,MAAO,IAAMA,EAAa,SAAS,EACnC,mBAAoB,IAAMA,EAAa,sBAAsB,EAC7D,UAAW,IAAMA,EAAa,aAAa,EAC3C,SAAU,IAAMA,EAAa,YAAY,EACzC,UAAW,IAAMA,EAAa,aAAa,CAC7C,CAAC,CACH,CACF,CACF,CAEA,qBAAqB,CAAE,KAAAM,EAAM,UAAAC,EAAW,YAAAC,CAAY,EAAuB,CACzE,OAAO,KAAK,kBACV1B,EAAY,sBAAsB,CAChC,KAAMJ,EAAY,UAClB,KAAA4B,EACA,UAAAC,EACA,YAAAC,CACF,CAAC,CACH,EAAE,MAAOR,GACPjC,EAAY,WACVa,EAAgB,CACd,KAAMF,EAAY,UAClB,KAAA4B,EACA,UAAAC,EACA,YAAAC,EACA,GAAI,IAAMR,EAAa,MAAM,EAC7B,UAAW,IAAMA,EAAa,aAAa,CAC7C,CAAC,CACH,CACF,CACF,CAEA,sBAAsB,CAAE,UAAAO,CAAU,EAA0C,CAC1E,OAAO,KAAK,kBACVzB,EAAY,sBAAsB,CAChC,KAAMJ,EAAY,WAClB,UAAW6B,CACb,CAAC,CACH,EAAE,MAAOP,GACPjC,EAAY,WACVa,EAAgB,CACd,KAAMF,EAAY,WAClB,UAAW6B,EACX,GAAI,IAAMP,EAAa,MAAM,EAC7B,MAAO,IAAMA,EAAa,SAAS,EACnC,mBAAoB,IAAMA,EAAa,sBAAsB,EAC7D,UAAW,IAAMA,EAAa,aAAa,EAC3C,UAAW,IAAMA,EAAa,aAAa,CAC7C,CAAC,CACH,CACF,CACF,CAEA,aACET,EACA,CAAE,OAAAkB,EAAQ,SAAAf,EAAU,UAAAO,CAAU,EACU,CACxC,OAAOlC,EAAY,MAAO,CAAE,OAAA2C,CAAO,IAAM,CAKvC,MAAMC,EAAkB,MAJZ,KAAK,cAAc,mBAC7BV,EAAU,OACV/B,EAAe,UACjB,EACkC,QAAQuC,EAAO,GAAIA,EAAO,MAAM,EAClE,OAAO3C,EAAO,SACZ,MAAM,QAAQ,IACZ4B,EAAS,IAAKW,GACZ,KAAK,eAAeJ,EAAU,OAAQI,CAAO,EAAE,IAAI,CACrD,CACF,CACF,EAAE,OAAO,CACP,KAAOR,GAAU,CACf,MAAAa,EAAOb,CAAK,EACNA,CACR,EACA,MAAQe,GACN/B,EAAU,SAAS,CACjB,OAAQjB,EAAmB2B,CAAM,EACjC,OAAQoB,EACR,SAAUC,EACV,UAAWX,EAAU,SACvB,CAAC,CACL,CAAC,CACH,CAAC,CACH,CAEA,eACEE,EACAE,EAC4C,CAC5C,OAAOtC,EAA2C,MAAO,CAAE,OAAA2C,CAAO,IAAM,CACtE,OAAQL,EAAQ,KAAM,CACpB,KAAK3B,EAAY,OACjB,KAAKA,EAAY,WAAY,CAK3B,MAAMmC,EAAiB,MAJX,KAAK,cAAc,mBAC7BV,EACAjC,EAAe,UACjB,EACiC,QAAQmC,EAAQ,GAAIA,EAAQ,KAAK,EAClE,OAAOvB,EAAY,SAAS,CAC1B,GAAGuB,EACH,qBAAsBA,EAAQ,UAC9B,eAAAQ,CACF,CAAC,CACH,CACA,KAAKnC,EAAY,UACf,OAAOI,EAAY,SAAS,CAAE,GAAGuB,CAAQ,CAAC,EAC5C,QACE,MAAAK,EAAO,IAAIpC,EAA4B+B,CAAO,CAAC,EACzC,IAAI/B,EAA4B+B,CAAO,CACjD,CACF,CAAC,CACH,CACF",
-  "names": ["bufferToHexaString", "CommandResultStatus", "Either", "EitherAsync", "Left", "Right", "EncryptionAlgo", "LKRPDataSourceError", "LKRPOutdatedTrustchainError", "LKRPUnknownError", "LKRPUnsupportedCommandError", "SignBlockHeaderCommand", "SignBlockSignatureCommand", "SignBlockSingleCommand", "CommandTags", "eitherAsyncSeqRecord", "eitherSeqRecord", "LKRPBlock", "LKRPCommand", "TrustedProperties", "SignBlockTask", "api", "cryptoService", "lkrpDataSource", "trustchainId", "path", "jwt", "parent", "blockFlow", "sessionKeypair", "commands", "encryptedBlock", "block", "error", "commandCount", "response", "trustedProps", "signature", "deviceSessionKey", "secret", "applicationPath", "command", "name", "publicKey", "permissions", "header", "throwE", "decryptedIssuer", "decryptedCommands", "encryptedXpriv"]
+  "sourcesContent": ["import {\n  bufferToHexaString,\n  CommandResultStatus,\n  type InternalApi,\n} from \"@ledgerhq/device-management-kit\";\nimport { Either, EitherAsync, Left, Right } from \"purify-ts\";\n\nimport {\n  LKRPDataSourceError,\n  type LKRPMissingDataError,\n  LKRPOutdatedTrustchainError,\n  type LKRPParsingError,\n  LKRPUnknownError,\n  LKRPUnsupportedCommandError,\n} from \"@api/app-binder/Errors\";\nimport { type JWT, type Keypair } from \"@api/index\";\nimport { SignBlockHeaderCommand } from \"@internal/app-binder/command/SignBlockHeader\";\nimport { SignBlockSignatureCommand } from \"@internal/app-binder/command/SignBlockSignatureCommand\";\nimport { SignBlockSingleCommand } from \"@internal/app-binder/command/SignBlockSingleCommand\";\nimport { type LKRPDeviceCommandError } from \"@internal/app-binder/command/utils/ledgerKeyringProtocolErrors\";\nimport { type LKRPDataSource } from \"@internal/lkrp-datasource/data/LKRPDataSource\";\nimport {\n  type AddMemberUnsignedData,\n  type EncryptedCommand,\n  type EncryptedDeriveCommand,\n  type EncryptedPublishKeyCommand,\n} from \"@internal/models/LKRPCommandTypes\";\nimport { CommandTags } from \"@internal/models/Tags\";\nimport { CryptoUtils } from \"@internal/utils/crypto\";\nimport {\n  eitherAsyncSeqRecord,\n  eitherSeqRecord,\n} from \"@internal/utils/eitherSeqRecord\";\nimport { LKRPBlock } from \"@internal/utils/LKRPBlock\";\nimport { LKRPCommand } from \"@internal/utils/LKRPCommand\";\n\nimport { TrustedProperties } from \"./utils/TrustedProperties\";\n\ntype BlockFlow =\n  | { type: \"derive\"; data: AddMemberBlockData }\n  | { type: \"addMember\"; data: AddMemberBlockData };\n\ntype AddMemberBlockData = {\n  name: string;\n  publicKey: Uint8Array;\n  permissions: number;\n};\n\ntype HeaderPayload = {\n  iv: Uint8Array;\n  issuer: Uint8Array;\n};\ntype SignaturePayload = {\n  secret: Uint8Array;\n  signature: Uint8Array;\n};\n\ntype EncryptedBlock = {\n  header: HeaderPayload;\n  commands: EncryptedCommand[];\n  signature: SignaturePayload;\n};\n\ntype SignBlockError =\n  | LKRPDeviceCommandError\n  | LKRPParsingError\n  | LKRPMissingDataError\n  | LKRPDataSourceError\n  | LKRPOutdatedTrustchainError\n  | LKRPUnknownError;\n\nexport type SignBlockTaskInput = {\n  lkrpDataSource: LKRPDataSource;\n  trustchainId: string;\n  path: string;\n  jwt: JWT;\n  parent: Uint8Array;\n  blockFlow: BlockFlow;\n  sessionKeypair: Keypair;\n};\n\nexport class SignBlockTask {\n  constructor(private readonly api: InternalApi) {}\n\n  run({\n    lkrpDataSource,\n    trustchainId,\n    path,\n    jwt,\n    parent,\n    blockFlow,\n    sessionKeypair,\n  }: SignBlockTaskInput): EitherAsync<SignBlockError, void> {\n    const commands = this.signCommands(path, blockFlow);\n    return eitherAsyncSeqRecord({\n      header: this.signBlockHeader(parent, commands.length),\n      commands: EitherAsync.sequence(commands),\n      signature: this.signBlockSignature(sessionKeypair),\n    })\n      .chain((encryptedBlock) =>\n        EitherAsync.liftEither(this.decryptBlock(parent, encryptedBlock)),\n      )\n      .chain((block) => {\n        switch (blockFlow.type) {\n          case \"derive\":\n            return lkrpDataSource.postDerivation(trustchainId, block, jwt);\n          case \"addMember\":\n            return lkrpDataSource.putCommands(trustchainId, path, block, jwt);\n        }\n      })\n      .mapLeft((error) =>\n        error instanceof LKRPDataSourceError && error.status === \"BAD_REQUEST\"\n          ? new LKRPOutdatedTrustchainError()\n          : error,\n      );\n  }\n\n  signBlockHeader(\n    parent: Uint8Array,\n    commandCount: number,\n  ): EitherAsync<SignBlockError, HeaderPayload> {\n    return EitherAsync.fromPromise(async () => {\n      try {\n        const response = await this.api.sendCommand(\n          new SignBlockHeaderCommand({ parent, commandCount }),\n        );\n        if (response.status !== CommandResultStatus.Success) {\n          return Left(response.error);\n        }\n        const trustedProps = new TrustedProperties(response.data);\n        return eitherSeqRecord({\n          iv: () => trustedProps.getIv(),\n          issuer: () => trustedProps.getIssuer(),\n        }) as Either<SignBlockError, HeaderPayload>;\n      } catch (error) {\n        return Left(new LKRPUnknownError(String(error)));\n      }\n    });\n  }\n\n  signBlockSignature(\n    sessionKeypair: Keypair,\n  ): EitherAsync<SignBlockError, SignaturePayload> {\n    return EitherAsync.fromPromise(async () => {\n      try {\n        const response = await this.api.sendCommand(\n          new SignBlockSignatureCommand(),\n        );\n        if (response.status !== CommandResultStatus.Success) {\n          return Left(response.error);\n        }\n        const { signature, deviceSessionKey } = response.data;\n        // At this step, the shared secret is used directly as an encryption key after removing the first byte\n        const secret = sessionKeypair.ecdh(deviceSessionKey).slice(1);\n        return Right({ signature, secret });\n      } catch (error) {\n        return Left(new LKRPUnknownError(String(error)));\n      }\n    });\n  }\n\n  signCommands(\n    applicationPath: string,\n    block: BlockFlow,\n  ): EitherAsync<SignBlockError, EncryptedCommand>[] {\n    switch (block.type) {\n      case \"derive\":\n        return [\n          this.signDeriveCommand(applicationPath),\n          this.signAddMemberCommand(block.data),\n          this.signPublishKeyCommand(block.data),\n        ];\n      case \"addMember\":\n        return [\n          this.signAddMemberCommand(block.data),\n          this.signPublishKeyCommand(block.data),\n        ];\n    }\n  }\n\n  signSingleCommand(command: Uint8Array) {\n    return EitherAsync.fromPromise(\n      async (): Promise<Either<SignBlockError, TrustedProperties>> => {\n        try {\n          const response = await this.api.sendCommand(\n            new SignBlockSingleCommand({ command }),\n          );\n          if (response.status !== CommandResultStatus.Success) {\n            return Left(response.error);\n          }\n          return Right(new TrustedProperties(response.data));\n        } catch (error) {\n          return Left(new LKRPUnknownError(String(error)));\n        }\n      },\n    );\n  }\n\n  signDeriveCommand(applicationPath: string) {\n    return this.signSingleCommand(\n      LKRPCommand.bytesFromUnsignedData({\n        type: CommandTags.Derive,\n        path: applicationPath,\n      }),\n    ).chain((trustedProps) =>\n      EitherAsync.liftEither<SignBlockError, EncryptedDeriveCommand>(\n        eitherSeqRecord({\n          type: CommandTags.Derive,\n          path: applicationPath,\n          iv: () => trustedProps.getIv(),\n          xpriv: () => trustedProps.getXPriv(),\n          ephemeralPublicKey: () => trustedProps.getEphemeralPublicKey(),\n          commandIv: () => trustedProps.getCommandIv(),\n          groupKey: () => trustedProps.getGroupKey(),\n          newMember: () => trustedProps.getNewMember(), // Just validate it's there\n        }),\n      ),\n    );\n  }\n\n  signAddMemberCommand({ name, publicKey, permissions }: AddMemberBlockData) {\n    return this.signSingleCommand(\n      LKRPCommand.bytesFromUnsignedData({\n        type: CommandTags.AddMember,\n        name,\n        publicKey,\n        permissions,\n      }),\n    ).chain((trustedProps) =>\n      EitherAsync.liftEither<SignBlockError, AddMemberUnsignedData>(\n        eitherSeqRecord({\n          type: CommandTags.AddMember,\n          name,\n          publicKey,\n          permissions,\n          iv: () => trustedProps.getIv(), // Just validate it's there\n          newMember: () => trustedProps.getNewMember(), // Just validate it's there\n        }),\n      ),\n    );\n  }\n\n  signPublishKeyCommand({ publicKey }: Pick<AddMemberBlockData, \"publicKey\">) {\n    return this.signSingleCommand(\n      LKRPCommand.bytesFromUnsignedData({\n        type: CommandTags.PublishKey,\n        recipient: publicKey,\n      }),\n    ).chain((trustedProps) =>\n      EitherAsync.liftEither<SignBlockError, EncryptedPublishKeyCommand>(\n        eitherSeqRecord({\n          type: CommandTags.PublishKey,\n          recipient: publicKey,\n          iv: () => trustedProps.getIv(),\n          xpriv: () => trustedProps.getXPriv(),\n          ephemeralPublicKey: () => trustedProps.getEphemeralPublicKey(),\n          commandIv: () => trustedProps.getCommandIv(),\n          newMember: () => trustedProps.getNewMember(), // Just validate it's there,\n        }),\n      ),\n    );\n  }\n\n  decryptBlock(\n    parent: Uint8Array,\n    { header, commands, signature }: EncryptedBlock,\n  ): Either<SignBlockError, LKRPBlock> {\n    const decryptedIssuer = CryptoUtils.decrypt(\n      signature.secret,\n      header.iv,\n      header.issuer,\n    );\n    return Either.sequence(\n      commands.map((command) => this.decryptCommand(signature.secret, command)),\n    ).map((decryptedCommands) =>\n      LKRPBlock.fromData({\n        parent: bufferToHexaString(parent),\n        issuer: decryptedIssuer,\n        commands: decryptedCommands,\n        signature: signature.signature,\n      }),\n    );\n  }\n\n  decryptCommand(\n    secret: Uint8Array,\n    command: EncryptedCommand,\n  ): Either<LKRPUnknownError, LKRPCommand> {\n    switch (command.type) {\n      case CommandTags.Derive:\n      case CommandTags.PublishKey: {\n        const encryptedXpriv = CryptoUtils.decrypt(\n          secret,\n          command.iv,\n          command.xpriv,\n        );\n        return Right(\n          LKRPCommand.fromData({\n            ...command,\n            initializationVector: command.commandIv,\n            encryptedXpriv,\n          }),\n        );\n      }\n      case CommandTags.AddMember:\n        return Right(LKRPCommand.fromData({ ...command }));\n      default:\n        return Left(new LKRPUnsupportedCommandError(command));\n    }\n  }\n}\n"],
+  "mappings": "AAAA,OACE,sBAAAA,EACA,uBAAAC,MAEK,kCACP,OAAS,UAAAC,EAAQ,eAAAC,EAAa,QAAAC,EAAM,SAAAC,MAAa,YAEjD,OACE,uBAAAC,EAEA,+BAAAC,EAEA,oBAAAC,EACA,+BAAAC,MACK,yBAEP,OAAS,0BAAAC,MAA8B,+CACvC,OAAS,6BAAAC,MAAiC,yDAC1C,OAAS,0BAAAC,MAA8B,sDASvC,OAAS,eAAAC,MAAmB,wBAC5B,OAAS,eAAAC,MAAmB,yBAC5B,OACE,wBAAAC,EACA,mBAAAC,MACK,kCACP,OAAS,aAAAC,MAAiB,4BAC1B,OAAS,eAAAC,MAAmB,8BAE5B,OAAS,qBAAAC,MAAyB,4BA6C3B,MAAMC,CAAc,CACzB,YAA6BC,EAAkB,CAAlB,SAAAA,CAAmB,CAEhD,IAAI,CACF,eAAAC,EACA,aAAAC,EACA,KAAAC,EACA,IAAAC,EACA,OAAAC,EACA,UAAAC,EACA,eAAAC,CACF,EAA0D,CACxD,MAAMC,EAAW,KAAK,aAAaL,EAAMG,CAAS,EAClD,OAAOZ,EAAqB,CAC1B,OAAQ,KAAK,gBAAgBW,EAAQG,EAAS,MAAM,EACpD,SAAU1B,EAAY,SAAS0B,CAAQ,EACvC,UAAW,KAAK,mBAAmBD,CAAc,CACnD,CAAC,EACE,MAAOE,GACN3B,EAAY,WAAW,KAAK,aAAauB,EAAQI,CAAc,CAAC,CAClE,EACC,MAAOC,GAAU,CAChB,OAAQJ,EAAU,KAAM,CACtB,IAAK,SACH,OAAOL,EAAe,eAAeC,EAAcQ,EAAON,CAAG,EAC/D,IAAK,YACH,OAAOH,EAAe,YAAYC,EAAcC,EAAMO,EAAON,CAAG,CACpE,CACF,CAAC,EACA,QAASO,GACRA,aAAiB1B,GAAuB0B,EAAM,SAAW,cACrD,IAAIzB,EACJyB,CACN,CACJ,CAEA,gBACEN,EACAO,EAC4C,CAC5C,OAAO9B,EAAY,YAAY,SAAY,CACzC,GAAI,CACF,MAAM+B,EAAW,MAAM,KAAK,IAAI,YAC9B,IAAIxB,EAAuB,CAAE,OAAAgB,EAAQ,aAAAO,CAAa,CAAC,CACrD,EACA,GAAIC,EAAS,SAAWjC,EAAoB,QAC1C,OAAOG,EAAK8B,EAAS,KAAK,EAE5B,MAAMC,EAAe,IAAIhB,EAAkBe,EAAS,IAAI,EACxD,OAAOlB,EAAgB,CACrB,GAAI,IAAMmB,EAAa,MAAM,EAC7B,OAAQ,IAAMA,EAAa,UAAU,CACvC,CAAC,CACH,OAASH,EAAO,CACd,OAAO5B,EAAK,IAAII,EAAiB,OAAOwB,CAAK,CAAC,CAAC,CACjD,CACF,CAAC,CACH,CAEA,mBACEJ,EAC+C,CAC/C,OAAOzB,EAAY,YAAY,SAAY,CACzC,GAAI,CACF,MAAM+B,EAAW,MAAM,KAAK,IAAI,YAC9B,IAAIvB,CACN,EACA,GAAIuB,EAAS,SAAWjC,EAAoB,QAC1C,OAAOG,EAAK8B,EAAS,KAAK,EAE5B,KAAM,CAAE,UAAAE,EAAW,iBAAAC,CAAiB,EAAIH,EAAS,KAE3CI,EAASV,EAAe,KAAKS,CAAgB,EAAE,MAAM,CAAC,EAC5D,OAAOhC,EAAM,CAAE,UAAA+B,EAAW,OAAAE,CAAO,CAAC,CACpC,OAASN,EAAO,CACd,OAAO5B,EAAK,IAAII,EAAiB,OAAOwB,CAAK,CAAC,CAAC,CACjD,CACF,CAAC,CACH,CAEA,aACEO,EACAR,EACiD,CACjD,OAAQA,EAAM,KAAM,CAClB,IAAK,SACH,MAAO,CACL,KAAK,kBAAkBQ,CAAe,EACtC,KAAK,qBAAqBR,EAAM,IAAI,EACpC,KAAK,sBAAsBA,EAAM,IAAI,CACvC,EACF,IAAK,YACH,MAAO,CACL,KAAK,qBAAqBA,EAAM,IAAI,EACpC,KAAK,sBAAsBA,EAAM,IAAI,CACvC,CACJ,CACF,CAEA,kBAAkBS,EAAqB,CACrC,OAAOrC,EAAY,YACjB,SAAgE,CAC9D,GAAI,CACF,MAAM+B,EAAW,MAAM,KAAK,IAAI,YAC9B,IAAItB,EAAuB,CAAE,QAAA4B,CAAQ,CAAC,CACxC,EACA,OAAIN,EAAS,SAAWjC,EAAoB,QACnCG,EAAK8B,EAAS,KAAK,EAErB7B,EAAM,IAAIc,EAAkBe,EAAS,IAAI,CAAC,CACnD,OAASF,EAAO,CACd,OAAO5B,EAAK,IAAII,EAAiB,OAAOwB,CAAK,CAAC,CAAC,CACjD,CACF,CACF,CACF,CAEA,kBAAkBO,EAAyB,CACzC,OAAO,KAAK,kBACVrB,EAAY,sBAAsB,CAChC,KAAML,EAAY,OAClB,KAAM0B,CACR,CAAC,CACH,EAAE,MAAOJ,GACPhC,EAAY,WACVa,EAAgB,CACd,KAAMH,EAAY,OAClB,KAAM0B,EACN,GAAI,IAAMJ,EAAa,MAAM,EAC7B,MAAO,IAAMA,EAAa,SAAS,EACnC,mBAAoB,IAAMA,EAAa,sBAAsB,EAC7D,UAAW,IAAMA,EAAa,aAAa,EAC3C,SAAU,IAAMA,EAAa,YAAY,EACzC,UAAW,IAAMA,EAAa,aAAa,CAC7C,CAAC,CACH,CACF,CACF,CAEA,qBAAqB,CAAE,KAAAM,EAAM,UAAAC,EAAW,YAAAC,CAAY,EAAuB,CACzE,OAAO,KAAK,kBACVzB,EAAY,sBAAsB,CAChC,KAAML,EAAY,UAClB,KAAA4B,EACA,UAAAC,EACA,YAAAC,CACF,CAAC,CACH,EAAE,MAAOR,GACPhC,EAAY,WACVa,EAAgB,CACd,KAAMH,EAAY,UAClB,KAAA4B,EACA,UAAAC,EACA,YAAAC,EACA,GAAI,IAAMR,EAAa,MAAM,EAC7B,UAAW,IAAMA,EAAa,aAAa,CAC7C,CAAC,CACH,CACF,CACF,CAEA,sBAAsB,CAAE,UAAAO,CAAU,EAA0C,CAC1E,OAAO,KAAK,kBACVxB,EAAY,sBAAsB,CAChC,KAAML,EAAY,WAClB,UAAW6B,CACb,CAAC,CACH,EAAE,MAAOP,GACPhC,EAAY,WACVa,EAAgB,CACd,KAAMH,EAAY,WAClB,UAAW6B,EACX,GAAI,IAAMP,EAAa,MAAM,EAC7B,MAAO,IAAMA,EAAa,SAAS,EACnC,mBAAoB,IAAMA,EAAa,sBAAsB,EAC7D,UAAW,IAAMA,EAAa,aAAa,EAC3C,UAAW,IAAMA,EAAa,aAAa,CAC7C,CAAC,CACH,CACF,CACF,CAEA,aACET,EACA,CAAE,OAAAkB,EAAQ,SAAAf,EAAU,UAAAO,CAAU,EACK,CACnC,MAAMS,EAAkB/B,EAAY,QAClCsB,EAAU,OACVQ,EAAO,GACPA,EAAO,MACT,EACA,OAAO1C,EAAO,SACZ2B,EAAS,IAAKW,GAAY,KAAK,eAAeJ,EAAU,OAAQI,CAAO,CAAC,CAC1E,EAAE,IAAKM,GACL7B,EAAU,SAAS,CACjB,OAAQjB,EAAmB0B,CAAM,EACjC,OAAQmB,EACR,SAAUC,EACV,UAAWV,EAAU,SACvB,CAAC,CACH,CACF,CAEA,eACEE,EACAE,EACuC,CACvC,OAAQA,EAAQ,KAAM,CACpB,KAAK3B,EAAY,OACjB,KAAKA,EAAY,WAAY,CAC3B,MAAMkC,EAAiBjC,EAAY,QACjCwB,EACAE,EAAQ,GACRA,EAAQ,KACV,EACA,OAAOnC,EACLa,EAAY,SAAS,CACnB,GAAGsB,EACH,qBAAsBA,EAAQ,UAC9B,eAAAO,CACF,CAAC,CACH,CACF,CACA,KAAKlC,EAAY,UACf,OAAOR,EAAMa,EAAY,SAAS,CAAE,GAAGsB,CAAQ,CAAC,CAAC,EACnD,QACE,OAAOpC,EAAK,IAAIK,EAA4B+B,CAAO,CAAC,CACxD,CACF,CACF",
+  "names": ["bufferToHexaString", "CommandResultStatus", "Either", "EitherAsync", "Left", "Right", "LKRPDataSourceError", "LKRPOutdatedTrustchainError", "LKRPUnknownError", "LKRPUnsupportedCommandError", "SignBlockHeaderCommand", "SignBlockSignatureCommand", "SignBlockSingleCommand", "CommandTags", "CryptoUtils", "eitherAsyncSeqRecord", "eitherSeqRecord", "LKRPBlock", "LKRPCommand", "TrustedProperties", "SignBlockTask", "api", "lkrpDataSource", "trustchainId", "path", "jwt", "parent", "blockFlow", "sessionKeypair", "commands", "encryptedBlock", "block", "error", "commandCount", "response", "trustedProps", "signature", "deviceSessionKey", "secret", "applicationPath", "command", "name", "publicKey", "permissions", "header", "decryptedIssuer", "decryptedCommands", "encryptedXpriv"]
 }

package/lib/esm/internal/app-binder/task/SignChallengeWithKeypairTask.js

@@ -1,2 +1,2 @@
-import{bufferToHexaString as o,ByteArrayParser as s,hexaStringToBuffer as g}from"@ledgerhq/device-management-kit";import{EitherAsync as p,Left as h,Maybe as c}from"purify-ts";import{HashAlgo as y}from"../../../api/crypto/CryptoService";import{SigFormat as m}from"../../../api/crypto/KeyPair";import{LKRPMissingDataError as i,LKRPUnknownError as u}from"../../../api/model/Errors";import{eitherSeqRecord as x}from"../../utils/eitherSeqRecord";class S{constructor(r,n,a){this.cryptoService=r;this.keypair=n;this.trustchainId=a}run(r){const n=this.getAttestation(),a=this.getCredential(this.keypair.getPublicKeyToHex());return p.liftEither(this.getUnsignedChallengeTLV(r.tlv)).map(e=>this.cryptoService.hash(e,y.SHA256)).map(e=>this.keypair.sign(e,m.DER)).map(e=>o(e,!1)).map(e=>({challenge:r.json,signature:{attestation:n,credential:a,signature:e}})).mapLeft(e=>e instanceof i?e:new u(String(e)))}getAttestation(){const r=new TextEncoder().encode(this.trustchainId),n=Uint8Array.from([2,r.length,...r]);return o(n,!1)}getCredential(r){return{version:0,curveId:33,signAlgorithm:1,publicKey:r}}getUnsignedChallengeTLV(r){const n=new s(g(r)??new Uint8Array),a=new Map(function*(){for(;;){const t=n.extractFieldTLVEncoded();if(!t)break;yield[t.tag,t.value]}}());if(a.size>10)return h(new i("Challenge TLV contains unexpected data"));const e=(t,l)=>c.fromNullable(a.get(t)).toEither(new i(`Missing ${l} field`));return x({payloadType:()=>e(1,"Payload type"),version:()=>e(2,"Version"),challengeExpiry:()=>e(22,"Challenge expiry"),host:()=>e(32,"Host"),protocolVersion:()=>e(96,"Protocol version"),curveId:()=>e(50,"Curve ID"),publicKey:()=>e(51,"Public key"),challengeData:()=>e(18,"Challenge data"),signAlgorithm:()=>e(20,"Sign algorithm"),rpSignatureField:()=>e(21,"RP signature field")}).map(t=>Uint8Array.from([[1,t.payloadType.length,...t.payloadType],[2,t.version.length,...t.version],[18,t.challengeData.length,...t.challengeData],[22,t.challengeExpiry.length,...t.challengeExpiry],[32,t.host.length,...t.host],[96,t.protocolVersion.length,...t.protocolVersion]].flat()))}}export{S as SignChallengeWithKeypairTask};
+import{ByteArrayParser as s}from"@ledgerhq/device-management-kit";import{EitherAsync as g,Left as p,Maybe as h}from"purify-ts";import{LKRPMissingDataError as i,LKRPUnknownError as y}from"../../../api/app-binder/Errors";import{CryptoUtils as c}from"../../utils/crypto";import{eitherSeqRecord as m}from"../../utils/eitherSeqRecord";import{bytesToHex as o,hexToBytes as x}from"../../utils/hex";class T{constructor(r,n){this.keypair=r;this.trustchainId=n}run(r){const n=this.getAttestation(),a=this.getCredential(this.keypair.pubKeyToHex());return g.liftEither(this.getUnsignedChallengeTLV(r.tlv)).map(c.hash).map(e=>this.keypair.sign(e)).map(o).map(e=>({challenge:r.json,signature:{attestation:n,credential:a,signature:e}})).mapLeft(e=>e instanceof i?e:new y(String(e)))}getAttestation(){const r=new TextEncoder().encode(this.trustchainId),n=Uint8Array.from([2,r.length,...r]);return o(n)}getCredential(r){return{version:0,curveId:33,signAlgorithm:1,publicKey:r}}getUnsignedChallengeTLV(r){const n=new s(x(r)),a=new Map(function*(){for(;;){const t=n.extractFieldTLVEncoded();if(!t)break;yield[t.tag,t.value]}}());if(a.size>10)return p(new i("Challenge TLV contains unexpected data"));const e=(t,l)=>h.fromNullable(a.get(t)).toEither(new i(`Missing ${l} field`));return m({payloadType:()=>e(1,"Payload type"),version:()=>e(2,"Version"),challengeExpiry:()=>e(22,"Challenge expiry"),host:()=>e(32,"Host"),protocolVersion:()=>e(96,"Protocol version"),curveId:()=>e(50,"Curve ID"),publicKey:()=>e(51,"Public key"),challengeData:()=>e(18,"Challenge data"),signAlgorithm:()=>e(20,"Sign algorithm"),rpSignatureField:()=>e(21,"RP signature field")}).map(t=>Uint8Array.from([[1,t.payloadType.length,...t.payloadType],[2,t.version.length,...t.version],[18,t.challengeData.length,...t.challengeData],[22,t.challengeExpiry.length,...t.challengeExpiry],[32,t.host.length,...t.host],[96,t.protocolVersion.length,...t.protocolVersion]].flat()))}}export{T as SignChallengeWithKeypairTask};
 //# sourceMappingURL=SignChallengeWithKeypairTask.js.map

package/lib/esm/internal/app-binder/task/SignChallengeWithKeypairTask.js.map

@@ -1,7 +1,7 @@
 {
   "version": 3,
   "sources": ["../../../../../src/internal/app-binder/task/SignChallengeWithKeypairTask.ts"],
-  "sourcesContent": ["import {\n  bufferToHexaString,\n  ByteArrayParser,\n  hexaStringToBuffer,\n} from \"@ledgerhq/device-management-kit\";\nimport { type Either, EitherAsync, Left, Maybe } from \"purify-ts\";\n\nimport { type CryptoService, HashAlgo } from \"@api/crypto/CryptoService\";\nimport { type KeyPair, SigFormat } from \"@api/crypto/KeyPair\";\nimport { LKRPMissingDataError, LKRPUnknownError } from \"@api/model/Errors\";\nimport {\n  type AuthenticationPayload,\n  type Challenge,\n} from \"@internal/lkrp-datasource/data/LKRPDataSource\";\nimport { eitherSeqRecord } from \"@internal/utils/eitherSeqRecord\";\n\nexport class SignChallengeWithKeypairTask {\n  constructor(\n    private readonly cryptoService: CryptoService,\n    private readonly keypair: KeyPair,\n    private readonly trustchainId: string,\n  ) {}\n\n  run(\n    challenge: Challenge,\n  ): EitherAsync<\n    LKRPMissingDataError | LKRPUnknownError,\n    AuthenticationPayload\n  > {\n    const attestation = this.getAttestation();\n    const credential = this.getCredential(this.keypair.getPublicKeyToHex());\n\n    return EitherAsync.liftEither(this.getUnsignedChallengeTLV(challenge.tlv))\n      .map((buf) => this.cryptoService.hash(buf, HashAlgo.SHA256))\n      .map((hash) => this.keypair.sign(hash, SigFormat.DER))\n      .map((str) => bufferToHexaString(str, false))\n      .map((signature) => ({\n        challenge: challenge.json,\n        signature: { attestation, credential, signature },\n      }))\n      .mapLeft((error) =>\n        error instanceof LKRPMissingDataError\n          ? error\n          : new LKRPUnknownError(String(error)),\n      );\n  }\n\n  // Spec https://ledgerhq.atlassian.net/wiki/spaces/TA/pages/4335960138/ARCH+LedgerLive+Auth+specifications\n  private getAttestation() {\n    const bytes = new TextEncoder().encode(this.trustchainId);\n    const attestation = Uint8Array.from([0x02, bytes.length, ...bytes]);\n    return bufferToHexaString(attestation, false);\n  }\n\n  private getCredential(publicKey: string) {\n    return { version: 0, curveId: 33, signAlgorithm: 1, publicKey };\n  }\n\n  private getUnsignedChallengeTLV(\n    tlv: string,\n  ): Either<LKRPMissingDataError, Uint8Array> {\n    const parser = new ByteArrayParser(\n      hexaStringToBuffer(tlv) ?? new Uint8Array(),\n    );\n    const parsed = new Map(\n      (function* () {\n        while (true) {\n          const field = parser.extractFieldTLVEncoded();\n          if (!field) break; // No more fields to extract\n          yield [field.tag, field.value];\n        }\n      })(),\n    );\n\n    // We expect 10 fields in the TLV\n    if (parsed.size > 10) {\n      return Left(\n        new LKRPMissingDataError(\"Challenge TLV contains unexpected data\"),\n      );\n    }\n\n    const getField = (tag: number, fieldName: string) =>\n      Maybe.fromNullable(parsed.get(tag)).toEither(\n        new LKRPMissingDataError(`Missing ${fieldName} field`),\n      );\n\n    return eitherSeqRecord({\n      // Unsigned fields\n      payloadType: () => getField(0x01, \"Payload type\"),\n      version: () => getField(0x02, \"Version\"),\n      challengeExpiry: () => getField(0x16, \"Challenge expiry\"),\n      host: () => getField(0x20, \"Host\"),\n      protocolVersion: () => getField(0x60, \"Protocol version\"),\n\n      // Signed fields\n      curveId: () => getField(0x32, \"Curve ID\"),\n      publicKey: () => getField(0x33, \"Public key\"),\n      challengeData: () => getField(0x12, \"Challenge data\"),\n      signAlgorithm: () => getField(0x14, \"Sign algorithm\"),\n      rpSignatureField: () => getField(0x15, \"RP signature field\"),\n    }).map((fields) =>\n      Uint8Array.from(\n        [\n          [0x01, fields.payloadType.length, ...fields.payloadType],\n          [0x02, fields.version.length, ...fields.version],\n          [0x12, fields.challengeData.length, ...fields.challengeData],\n          [0x16, fields.challengeExpiry.length, ...fields.challengeExpiry],\n          [0x20, fields.host.length, ...fields.host],\n          [0x60, fields.protocolVersion.length, ...fields.protocolVersion],\n        ].flat(),\n      ),\n    );\n  }\n}\n"],
-  "mappings": "AAAA,OACE,sBAAAA,EACA,mBAAAC,EACA,sBAAAC,MACK,kCACP,OAAsB,eAAAC,EAAa,QAAAC,EAAM,SAAAC,MAAa,YAEtD,OAA6B,YAAAC,MAAgB,4BAC7C,OAAuB,aAAAC,MAAiB,sBACxC,OAAS,wBAAAC,EAAsB,oBAAAC,MAAwB,oBAKvD,OAAS,mBAAAC,MAAuB,kCAEzB,MAAMC,CAA6B,CACxC,YACmBC,EACAC,EACAC,EACjB,CAHiB,mBAAAF,EACA,aAAAC,EACA,kBAAAC,CAChB,CAEH,IACEC,EAIA,CACA,MAAMC,EAAc,KAAK,eAAe,EAClCC,EAAa,KAAK,cAAc,KAAK,QAAQ,kBAAkB,CAAC,EAEtE,OAAOd,EAAY,WAAW,KAAK,wBAAwBY,EAAU,GAAG,CAAC,EACtE,IAAKG,GAAQ,KAAK,cAAc,KAAKA,EAAKZ,EAAS,MAAM,CAAC,EAC1D,IAAKa,GAAS,KAAK,QAAQ,KAAKA,EAAMZ,EAAU,GAAG,CAAC,EACpD,IAAKa,GAAQpB,EAAmBoB,EAAK,EAAK,CAAC,EAC3C,IAAKC,IAAe,CACnB,UAAWN,EAAU,KACrB,UAAW,CAAE,YAAAC,EAAa,WAAAC,EAAY,UAAAI,CAAU,CAClD,EAAE,EACD,QAASC,GACRA,aAAiBd,EACbc,EACA,IAAIb,EAAiB,OAAOa,CAAK,CAAC,CACxC,CACJ,CAGQ,gBAAiB,CACvB,MAAMC,EAAQ,IAAI,YAAY,EAAE,OAAO,KAAK,YAAY,EAClDP,EAAc,WAAW,KAAK,CAAC,EAAMO,EAAM,OAAQ,GAAGA,CAAK,CAAC,EAClE,OAAOvB,EAAmBgB,EAAa,EAAK,CAC9C,CAEQ,cAAcQ,EAAmB,CACvC,MAAO,CAAE,QAAS,EAAG,QAAS,GAAI,cAAe,EAAG,UAAAA,CAAU,CAChE,CAEQ,wBACNC,EAC0C,CAC1C,MAAMC,EAAS,IAAIzB,EACjBC,EAAmBuB,CAAG,GAAK,IAAI,UACjC,EACME,EAAS,IAAI,IAChB,WAAa,CACZ,OAAa,CACX,MAAMC,EAAQF,EAAO,uBAAuB,EAC5C,GAAI,CAACE,EAAO,MACZ,KAAM,CAACA,EAAM,IAAKA,EAAM,KAAK,CAC/B,CACF,EAAG,CACL,EAGA,GAAID,EAAO,KAAO,GAChB,OAAOvB,EACL,IAAII,EAAqB,wCAAwC,CACnE,EAGF,MAAMqB,EAAW,CAACC,EAAaC,IAC7B1B,EAAM,aAAasB,EAAO,IAAIG,CAAG,CAAC,EAAE,SAClC,IAAItB,EAAqB,WAAWuB,CAAS,QAAQ,CACvD,EAEF,OAAOrB,EAAgB,CAErB,YAAa,IAAMmB,EAAS,EAAM,cAAc,EAChD,QAAS,IAAMA,EAAS,EAAM,SAAS,EACvC,gBAAiB,IAAMA,EAAS,GAAM,kBAAkB,EACxD,KAAM,IAAMA,EAAS,GAAM,MAAM,EACjC,gBAAiB,IAAMA,EAAS,GAAM,kBAAkB,EAGxD,QAAS,IAAMA,EAAS,GAAM,UAAU,EACxC,UAAW,IAAMA,EAAS,GAAM,YAAY,EAC5C,cAAe,IAAMA,EAAS,GAAM,gBAAgB,EACpD,cAAe,IAAMA,EAAS,GAAM,gBAAgB,EACpD,iBAAkB,IAAMA,EAAS,GAAM,oBAAoB,CAC7D,CAAC,EAAE,IAAKG,GACN,WAAW,KACT,CACE,CAAC,EAAMA,EAAO,YAAY,OAAQ,GAAGA,EAAO,WAAW,EACvD,CAAC,EAAMA,EAAO,QAAQ,OAAQ,GAAGA,EAAO,OAAO,EAC/C,CAAC,GAAMA,EAAO,cAAc,OAAQ,GAAGA,EAAO,aAAa,EAC3D,CAAC,GAAMA,EAAO,gBAAgB,OAAQ,GAAGA,EAAO,eAAe,EAC/D,CAAC,GAAMA,EAAO,KAAK,OAAQ,GAAGA,EAAO,IAAI,EACzC,CAAC,GAAMA,EAAO,gBAAgB,OAAQ,GAAGA,EAAO,eAAe,CACjE,EAAE,KAAK,CACT,CACF,CACF,CACF",
-  "names": ["bufferToHexaString", "ByteArrayParser", "hexaStringToBuffer", "EitherAsync", "Left", "Maybe", "HashAlgo", "SigFormat", "LKRPMissingDataError", "LKRPUnknownError", "eitherSeqRecord", "SignChallengeWithKeypairTask", "cryptoService", "keypair", "trustchainId", "challenge", "attestation", "credential", "buf", "hash", "str", "signature", "error", "bytes", "publicKey", "tlv", "parser", "parsed", "field", "getField", "tag", "fieldName", "fields"]
+  "sourcesContent": ["import { ByteArrayParser } from \"@ledgerhq/device-management-kit\";\nimport { type Either, EitherAsync, Left, Maybe } from \"purify-ts\";\n\nimport { LKRPMissingDataError, LKRPUnknownError } from \"@api/app-binder/Errors\";\nimport { type Keypair } from \"@api/app-binder/LKRPTypes\";\nimport {\n  type AuthenticationPayload,\n  type Challenge,\n} from \"@internal/lkrp-datasource/data/LKRPDataSource\";\nimport { CryptoUtils } from \"@internal/utils/crypto\";\nimport { eitherSeqRecord } from \"@internal/utils/eitherSeqRecord\";\nimport { bytesToHex, hexToBytes } from \"@internal/utils/hex\";\n\nexport class SignChallengeWithKeypairTask {\n  constructor(\n    private readonly keypair: Keypair,\n    private readonly trustchainId: string,\n  ) {}\n\n  run(\n    challenge: Challenge,\n  ): EitherAsync<\n    LKRPMissingDataError | LKRPUnknownError,\n    AuthenticationPayload\n  > {\n    const attestation = this.getAttestation();\n    const credential = this.getCredential(this.keypair.pubKeyToHex());\n\n    return EitherAsync.liftEither(this.getUnsignedChallengeTLV(challenge.tlv))\n      .map(CryptoUtils.hash)\n      .map((hash) => this.keypair.sign(hash))\n      .map(bytesToHex)\n      .map((signature) => ({\n        challenge: challenge.json,\n        signature: { attestation, credential, signature },\n      }))\n      .mapLeft((error) =>\n        error instanceof LKRPMissingDataError\n          ? error\n          : new LKRPUnknownError(String(error)),\n      );\n  }\n\n  // Spec https://ledgerhq.atlassian.net/wiki/spaces/TA/pages/4335960138/ARCH+LedgerLive+Auth+specifications\n  private getAttestation() {\n    const bytes = new TextEncoder().encode(this.trustchainId);\n    const attestation = Uint8Array.from([0x02, bytes.length, ...bytes]);\n    return bytesToHex(attestation);\n  }\n\n  private getCredential(publicKey: string) {\n    return { version: 0, curveId: 33, signAlgorithm: 1, publicKey };\n  }\n\n  private getUnsignedChallengeTLV(\n    tlv: string,\n  ): Either<LKRPMissingDataError, Uint8Array> {\n    const parser = new ByteArrayParser(hexToBytes(tlv));\n    const parsed = new Map(\n      (function* () {\n        while (true) {\n          const field = parser.extractFieldTLVEncoded();\n          if (!field) break; // No more fields to extract\n          yield [field.tag, field.value];\n        }\n      })(),\n    );\n\n    // We expect 10 fields in the TLV\n    if (parsed.size > 10) {\n      return Left(\n        new LKRPMissingDataError(\"Challenge TLV contains unexpected data\"),\n      );\n    }\n\n    const getField = (tag: number, fieldName: string) =>\n      Maybe.fromNullable(parsed.get(tag)).toEither(\n        new LKRPMissingDataError(`Missing ${fieldName} field`),\n      );\n\n    return eitherSeqRecord({\n      // Unsigned fields\n      payloadType: () => getField(0x01, \"Payload type\"),\n      version: () => getField(0x02, \"Version\"),\n      challengeExpiry: () => getField(0x16, \"Challenge expiry\"),\n      host: () => getField(0x20, \"Host\"),\n      protocolVersion: () => getField(0x60, \"Protocol version\"),\n\n      // Signed fields\n      curveId: () => getField(0x32, \"Curve ID\"),\n      publicKey: () => getField(0x33, \"Public key\"),\n      challengeData: () => getField(0x12, \"Challenge data\"),\n      signAlgorithm: () => getField(0x14, \"Sign algorithm\"),\n      rpSignatureField: () => getField(0x15, \"RP signature field\"),\n    }).map((fields) =>\n      Uint8Array.from(\n        [\n          [0x01, fields.payloadType.length, ...fields.payloadType],\n          [0x02, fields.version.length, ...fields.version],\n          [0x12, fields.challengeData.length, ...fields.challengeData],\n          [0x16, fields.challengeExpiry.length, ...fields.challengeExpiry],\n          [0x20, fields.host.length, ...fields.host],\n          [0x60, fields.protocolVersion.length, ...fields.protocolVersion],\n        ].flat(),\n      ),\n    );\n  }\n}\n"],
+  "mappings": "AAAA,OAAS,mBAAAA,MAAuB,kCAChC,OAAsB,eAAAC,EAAa,QAAAC,EAAM,SAAAC,MAAa,YAEtD,OAAS,wBAAAC,EAAsB,oBAAAC,MAAwB,yBAMvD,OAAS,eAAAC,MAAmB,yBAC5B,OAAS,mBAAAC,MAAuB,kCAChC,OAAS,cAAAC,EAAY,cAAAC,MAAkB,sBAEhC,MAAMC,CAA6B,CACxC,YACmBC,EACAC,EACjB,CAFiB,aAAAD,EACA,kBAAAC,CAChB,CAEH,IACEC,EAIA,CACA,MAAMC,EAAc,KAAK,eAAe,EAClCC,EAAa,KAAK,cAAc,KAAK,QAAQ,YAAY,CAAC,EAEhE,OAAOd,EAAY,WAAW,KAAK,wBAAwBY,EAAU,GAAG,CAAC,EACtE,IAAIP,EAAY,IAAI,EACpB,IAAKU,GAAS,KAAK,QAAQ,KAAKA,CAAI,CAAC,EACrC,IAAIR,CAAU,EACd,IAAKS,IAAe,CACnB,UAAWJ,EAAU,KACrB,UAAW,CAAE,YAAAC,EAAa,WAAAC,EAAY,UAAAE,CAAU,CAClD,EAAE,EACD,QAASC,GACRA,aAAiBd,EACbc,EACA,IAAIb,EAAiB,OAAOa,CAAK,CAAC,CACxC,CACJ,CAGQ,gBAAiB,CACvB,MAAMC,EAAQ,IAAI,YAAY,EAAE,OAAO,KAAK,YAAY,EAClDL,EAAc,WAAW,KAAK,CAAC,EAAMK,EAAM,OAAQ,GAAGA,CAAK,CAAC,EAClE,OAAOX,EAAWM,CAAW,CAC/B,CAEQ,cAAcM,EAAmB,CACvC,MAAO,CAAE,QAAS,EAAG,QAAS,GAAI,cAAe,EAAG,UAAAA,CAAU,CAChE,CAEQ,wBACNC,EAC0C,CAC1C,MAAMC,EAAS,IAAItB,EAAgBS,EAAWY,CAAG,CAAC,EAC5CE,EAAS,IAAI,IAChB,WAAa,CACZ,OAAa,CACX,MAAMC,EAAQF,EAAO,uBAAuB,EAC5C,GAAI,CAACE,EAAO,MACZ,KAAM,CAACA,EAAM,IAAKA,EAAM,KAAK,CAC/B,CACF,EAAG,CACL,EAGA,GAAID,EAAO,KAAO,GAChB,OAAOrB,EACL,IAAIE,EAAqB,wCAAwC,CACnE,EAGF,MAAMqB,EAAW,CAACC,EAAaC,IAC7BxB,EAAM,aAAaoB,EAAO,IAAIG,CAAG,CAAC,EAAE,SAClC,IAAItB,EAAqB,WAAWuB,CAAS,QAAQ,CACvD,EAEF,OAAOpB,EAAgB,CAErB,YAAa,IAAMkB,EAAS,EAAM,cAAc,EAChD,QAAS,IAAMA,EAAS,EAAM,SAAS,EACvC,gBAAiB,IAAMA,EAAS,GAAM,kBAAkB,EACxD,KAAM,IAAMA,EAAS,GAAM,MAAM,EACjC,gBAAiB,IAAMA,EAAS,GAAM,kBAAkB,EAGxD,QAAS,IAAMA,EAAS,GAAM,UAAU,EACxC,UAAW,IAAMA,EAAS,GAAM,YAAY,EAC5C,cAAe,IAAMA,EAAS,GAAM,gBAAgB,EACpD,cAAe,IAAMA,EAAS,GAAM,gBAAgB,EACpD,iBAAkB,IAAMA,EAAS,GAAM,oBAAoB,CAC7D,CAAC,EAAE,IAAKG,GACN,WAAW,KACT,CACE,CAAC,EAAMA,EAAO,YAAY,OAAQ,GAAGA,EAAO,WAAW,EACvD,CAAC,EAAMA,EAAO,QAAQ,OAAQ,GAAGA,EAAO,OAAO,EAC/C,CAAC,GAAMA,EAAO,cAAc,OAAQ,GAAGA,EAAO,aAAa,EAC3D,CAAC,GAAMA,EAAO,gBAAgB,OAAQ,GAAGA,EAAO,eAAe,EAC/D,CAAC,GAAMA,EAAO,KAAK,OAAQ,GAAGA,EAAO,IAAI,EACzC,CAAC,GAAMA,EAAO,gBAAgB,OAAQ,GAAGA,EAAO,eAAe,CACjE,EAAE,KAAK,CACT,CACF,CACF,CACF",
+  "names": ["ByteArrayParser", "EitherAsync", "Left", "Maybe", "LKRPMissingDataError", "LKRPUnknownError", "CryptoUtils", "eitherSeqRecord", "bytesToHex", "hexToBytes", "SignChallengeWithKeypairTask", "keypair", "trustchainId", "challenge", "attestation", "credential", "hash", "signature", "error", "bytes", "publicKey", "tlv", "parser", "parsed", "field", "getField", "tag", "fieldName", "fields"]
 }

package/lib/esm/internal/app-binder/task/SignChallengeWithKeypairTask.test.js

@@ -1,2 +1,2 @@
-import{hexaStringToBuffer as f}from"@ledgerhq/device-management-kit";import{Curve as o}from"../../../api/crypto/CryptoService";import{NobleCryptoService as b}from"../../../api/crypto/noble/NobleCryptoService";import{LKRPMissingDataError as l}from"../../../api/model/Errors";import{SignChallengeWithKeypairTask as n}from"./SignChallengeWithKeypairTask";const r=new b;describe("SignChallengeWithKeypairTask",()=>{it("should sign a challenge with a keypair",async()=>{const{challenge:e,keypair:a,trustchainId:c}=d(),i=await new n(r,a,c).run(e).run();expect(i.isRight()).toBe(!0),i.ifRight(t=>{expect(t.challenge).toBe(e.json),expect(t.signature.credential).toEqual({version:0,curveId:33,signAlgorithm:1,publicKey:a.getPublicKeyToHex()}),expect(t.signature.attestation).toBe("0242303062373538386231393136633036373635343632656266343530363734346665323565643164623831393635326532646562613732313338393738396364633337"),expect(t.signature.signature).toBe("3045022100e9fead4e341f4e145f8888d7897184ff585e23c832a4c7acd15b5a2e53c58d2902204c58596d039960ab9b56ba4f9d27dbc5e647dbe779089e5e7e608501c5270049")})}),it("should handle invalid challenge",async()=>{const{challenge:e,keypair:a,trustchainId:c}=d({tlv:"invalid-tlv"});(await new n(r,a,c).run(e).run()).ifLeft(t=>expect(t).toBeInstanceOf(l))})});function d({privateKey:e="b21ef366414b1aaba29b9576b7c1a661d663cfd8b4f998257dddbf7dc60d315d",trustchainId:a="00b7588b1916c06765462ebf4506744fe25ed1db819652e2deba721389789cdc37",tlv:c="0101070201001210bb1ea0c98526e1ea2deb7c7537f2989514010115473045022038632e8fa245483f0ecdbaa4ca0d455a03e7510da269d2089fed0d5cfa69d3d6022100c2f938d60bf1c34e96a2d332822a86059d90ec26ea222189cd9731834a5c151216046878ab74202b7472757374636861696e2d6261636b656e642e6170692e6177732e7374672e6c64672d746563682e636f6d320121332103cb7628e7248ddf9c07da54b979f16bf081fb3d173aac0992ad2a44ef6a388ae2600401000000"}={}){return{challenge:{tlv:c,json:{}},keypair:r.importKeyPair(f(e),o.K256),trustchainId:a}}
+import{LKRPMissingDataError as s}from"../../../api/app-binder/Errors";import{KeypairFromBytes as f}from"../../../api/app-binder/KeypairFromBytes";import{hexToBytes as b}from"../../utils/hex";import{SignChallengeWithKeypairTask as d}from"./SignChallengeWithKeypairTask";describe("SignChallengeWithKeypairTask",()=>{it("should sign a challenge with a keypair",async()=>{const{challenge:e,keypair:a,trustchainId:c}=i(),n=await new d(a,c).run(e).run();expect(n.isRight()).toBe(!0),n.ifRight(t=>{expect(t.challenge).toBe(e.json),expect(t.signature.credential).toEqual({version:0,curveId:33,signAlgorithm:1,publicKey:a.pubKeyToHex()}),expect(t.signature.attestation).toBe("0242303062373538386231393136633036373635343632656266343530363734346665323565643164623831393635326532646562613732313338393738396364633337"),expect(t.signature.signature).toBe("3045022100e9fead4e341f4e145f8888d7897184ff585e23c832a4c7acd15b5a2e53c58d2902204c58596d039960ab9b56ba4f9d27dbc5e647dbe779089e5e7e608501c5270049")})}),it("should handle invalid challenge",async()=>{const{challenge:e,keypair:a,trustchainId:c}=i({tlv:"invalid-tlv"});(await new d(a,c).run(e).run()).ifLeft(t=>expect(t).toBeInstanceOf(s))})});function i({privateKey:e="b21ef366414b1aaba29b9576b7c1a661d663cfd8b4f998257dddbf7dc60d315d",trustchainId:a="00b7588b1916c06765462ebf4506744fe25ed1db819652e2deba721389789cdc37",tlv:c="0101070201001210bb1ea0c98526e1ea2deb7c7537f2989514010115473045022038632e8fa245483f0ecdbaa4ca0d455a03e7510da269d2089fed0d5cfa69d3d6022100c2f938d60bf1c34e96a2d332822a86059d90ec26ea222189cd9731834a5c151216046878ab74202b7472757374636861696e2d6261636b656e642e6170692e6177732e7374672e6c64672d746563682e636f6d320121332103cb7628e7248ddf9c07da54b979f16bf081fb3d173aac0992ad2a44ef6a388ae2600401000000"}={}){return{challenge:{tlv:c,json:{}},keypair:new f(b(e)),trustchainId:a}}
 //# sourceMappingURL=SignChallengeWithKeypairTask.test.js.map

package/lib/esm/internal/app-binder/task/SignChallengeWithKeypairTask.test.js.map

@@ -1,7 +1,7 @@
 {
   "version": 3,
   "sources": ["../../../../../src/internal/app-binder/task/SignChallengeWithKeypairTask.test.ts"],
-  "sourcesContent": ["import { hexaStringToBuffer } from \"@ledgerhq/device-management-kit\";\n\nimport { Curve } from \"@api/crypto/CryptoService\";\nimport { NobleCryptoService } from \"@api/crypto/noble/NobleCryptoService\";\nimport { LKRPMissingDataError } from \"@api/model/Errors\";\nimport { type Challenge } from \"@internal/lkrp-datasource/data/LKRPDataSource\";\n\nimport { SignChallengeWithKeypairTask } from \"./SignChallengeWithKeypairTask\";\n\nconst cryptoService = new NobleCryptoService();\n\ndescribe(\"SignChallengeWithKeypairTask\", () => {\n  it(\"should sign a challenge with a keypair\", async () => {\n    // GIVEN\n    const { challenge, keypair, trustchainId } = getParameters();\n\n    // WHEN\n    const task = new SignChallengeWithKeypairTask(\n      cryptoService,\n      keypair,\n      trustchainId,\n    );\n    const result = await task.run(challenge).run();\n\n    // THEN\n    expect(result.isRight()).toBe(true);\n    result.ifRight((payload) => {\n      expect(payload.challenge).toBe(challenge.json);\n      expect(payload.signature.credential).toEqual({\n        version: 0,\n        curveId: 33,\n        signAlgorithm: 1,\n        publicKey: keypair.getPublicKeyToHex(),\n      });\n      expect(payload.signature.attestation).toBe(\n        \"0242303062373538386231393136633036373635343632656266343530363734346665323565643164623831393635326532646562613732313338393738396364633337\",\n      );\n      expect(payload.signature.signature).toBe(\n        \"3045022100e9fead4e341f4e145f8888d7897184ff585e23c832a4c7acd15b5a2e53c58d2902204c58596d039960ab9b56ba4f9d27dbc5e647dbe779089e5e7e608501c5270049\",\n      );\n    });\n  });\n\n  it(\"should handle invalid challenge\", async () => {\n    // GIVEN\n    const { challenge, keypair, trustchainId } = getParameters({\n      tlv: \"invalid-tlv\", // Invalid TLV\n    });\n\n    // WHEN\n    const task = new SignChallengeWithKeypairTask(\n      cryptoService,\n      keypair,\n      trustchainId,\n    );\n    const result = await task.run(challenge).run();\n\n    // THEN\n    result.ifLeft((error) =>\n      expect(error).toBeInstanceOf(LKRPMissingDataError),\n    );\n  });\n});\n\nfunction getParameters({\n  privateKey = \"b21ef366414b1aaba29b9576b7c1a661d663cfd8b4f998257dddbf7dc60d315d\",\n  trustchainId = \"00b7588b1916c06765462ebf4506744fe25ed1db819652e2deba721389789cdc37\",\n  tlv = \"0101070201001210bb1ea0c98526e1ea2deb7c7537f2989514010115473045022038632e8fa245483f0ecdbaa4ca0d455a03e7510da269d2089fed0d5cfa69d3d6022100c2f938d60bf1c34e96a2d332822a86059d90ec26ea222189cd9731834a5c151216046878ab74202b7472757374636861696e2d6261636b656e642e6170692e6177732e7374672e6c64672d746563682e636f6d320121332103cb7628e7248ddf9c07da54b979f16bf081fb3d173aac0992ad2a44ef6a388ae2600401000000\",\n} = {}) {\n  return {\n    challenge: { tlv, json: {} as Challenge[\"json\"] },\n    keypair: cryptoService.importKeyPair(\n      hexaStringToBuffer(privateKey)!,\n      Curve.K256,\n    ),\n    trustchainId,\n  };\n}\n"],
-  "mappings": "AAAA,OAAS,sBAAAA,MAA0B,kCAEnC,OAAS,SAAAC,MAAa,4BACtB,OAAS,sBAAAC,MAA0B,uCACnC,OAAS,wBAAAC,MAA4B,oBAGrC,OAAS,gCAAAC,MAAoC,iCAE7C,MAAMC,EAAgB,IAAIH,EAE1B,SAAS,+BAAgC,IAAM,CAC7C,GAAG,yCAA0C,SAAY,CAEvD,KAAM,CAAE,UAAAI,EAAW,QAAAC,EAAS,aAAAC,CAAa,EAAIC,EAAc,EAQrDC,EAAS,MALF,IAAIN,EACfC,EACAE,EACAC,CACF,EAC0B,IAAIF,CAAS,EAAE,IAAI,EAG7C,OAAOI,EAAO,QAAQ,CAAC,EAAE,KAAK,EAAI,EAClCA,EAAO,QAASC,GAAY,CAC1B,OAAOA,EAAQ,SAAS,EAAE,KAAKL,EAAU,IAAI,EAC7C,OAAOK,EAAQ,UAAU,UAAU,EAAE,QAAQ,CAC3C,QAAS,EACT,QAAS,GACT,cAAe,EACf,UAAWJ,EAAQ,kBAAkB,CACvC,CAAC,EACD,OAAOI,EAAQ,UAAU,WAAW,EAAE,KACpC,0IACF,EACA,OAAOA,EAAQ,UAAU,SAAS,EAAE,KAClC,gJACF,CACF,CAAC,CACH,CAAC,EAED,GAAG,kCAAmC,SAAY,CAEhD,KAAM,CAAE,UAAAL,EAAW,QAAAC,EAAS,aAAAC,CAAa,EAAIC,EAAc,CACzD,IAAK,aACP,CAAC,GAQc,MALF,IAAIL,EACfC,EACAE,EACAC,CACF,EAC0B,IAAIF,CAAS,EAAE,IAAI,GAGtC,OAAQM,GACb,OAAOA,CAAK,EAAE,eAAeT,CAAoB,CACnD,CACF,CAAC,CACH,CAAC,EAED,SAASM,EAAc,CACrB,WAAAI,EAAa,mEACb,aAAAL,EAAe,qEACf,IAAAM,EAAM,wYACR,EAAI,CAAC,EAAG,CACN,MAAO,CACL,UAAW,CAAE,IAAAA,EAAK,KAAM,CAAC,CAAuB,EAChD,QAAST,EAAc,cACrBL,EAAmBa,CAAU,EAC7BZ,EAAM,IACR,EACA,aAAAO,CACF,CACF",
-  "names": ["hexaStringToBuffer", "Curve", "NobleCryptoService", "LKRPMissingDataError", "SignChallengeWithKeypairTask", "cryptoService", "challenge", "keypair", "trustchainId", "getParameters", "result", "payload", "error", "privateKey", "tlv"]
+  "sourcesContent": ["import { LKRPMissingDataError } from \"@api/app-binder/Errors\";\nimport { KeypairFromBytes } from \"@api/app-binder/KeypairFromBytes\";\nimport { type Challenge } from \"@internal/lkrp-datasource/data/LKRPDataSource\";\nimport { hexToBytes } from \"@internal/utils/hex\";\n\nimport { SignChallengeWithKeypairTask } from \"./SignChallengeWithKeypairTask\";\n\ndescribe(\"SignChallengeWithKeypairTask\", () => {\n  it(\"should sign a challenge with a keypair\", async () => {\n    // GIVEN\n    const { challenge, keypair, trustchainId } = getParameters();\n\n    // WHEN\n    const task = new SignChallengeWithKeypairTask(keypair, trustchainId);\n    const result = await task.run(challenge).run();\n\n    // THEN\n    expect(result.isRight()).toBe(true);\n    result.ifRight((payload) => {\n      expect(payload.challenge).toBe(challenge.json);\n      expect(payload.signature.credential).toEqual({\n        version: 0,\n        curveId: 33,\n        signAlgorithm: 1,\n        publicKey: keypair.pubKeyToHex(),\n      });\n      expect(payload.signature.attestation).toBe(\n        \"0242303062373538386231393136633036373635343632656266343530363734346665323565643164623831393635326532646562613732313338393738396364633337\",\n      );\n      expect(payload.signature.signature).toBe(\n        \"3045022100e9fead4e341f4e145f8888d7897184ff585e23c832a4c7acd15b5a2e53c58d2902204c58596d039960ab9b56ba4f9d27dbc5e647dbe779089e5e7e608501c5270049\",\n      );\n    });\n  });\n\n  it(\"should handle invalid challenge\", async () => {\n    // GIVEN\n    const { challenge, keypair, trustchainId } = getParameters({\n      tlv: \"invalid-tlv\", // Invalid TLV\n    });\n\n    // WHEN\n    const task = new SignChallengeWithKeypairTask(keypair, trustchainId);\n    const result = await task.run(challenge).run();\n\n    // THEN\n    result.ifLeft((error) =>\n      expect(error).toBeInstanceOf(LKRPMissingDataError),\n    );\n  });\n});\n\nfunction getParameters({\n  privateKey = \"b21ef366414b1aaba29b9576b7c1a661d663cfd8b4f998257dddbf7dc60d315d\",\n  trustchainId = \"00b7588b1916c06765462ebf4506744fe25ed1db819652e2deba721389789cdc37\",\n  tlv = \"0101070201001210bb1ea0c98526e1ea2deb7c7537f2989514010115473045022038632e8fa245483f0ecdbaa4ca0d455a03e7510da269d2089fed0d5cfa69d3d6022100c2f938d60bf1c34e96a2d332822a86059d90ec26ea222189cd9731834a5c151216046878ab74202b7472757374636861696e2d6261636b656e642e6170692e6177732e7374672e6c64672d746563682e636f6d320121332103cb7628e7248ddf9c07da54b979f16bf081fb3d173aac0992ad2a44ef6a388ae2600401000000\",\n} = {}) {\n  return {\n    challenge: { tlv, json: {} as Challenge[\"json\"] },\n    keypair: new KeypairFromBytes(hexToBytes(privateKey)),\n    trustchainId,\n  };\n}\n"],
+  "mappings": "AAAA,OAAS,wBAAAA,MAA4B,yBACrC,OAAS,oBAAAC,MAAwB,mCAEjC,OAAS,cAAAC,MAAkB,sBAE3B,OAAS,gCAAAC,MAAoC,iCAE7C,SAAS,+BAAgC,IAAM,CAC7C,GAAG,yCAA0C,SAAY,CAEvD,KAAM,CAAE,UAAAC,EAAW,QAAAC,EAAS,aAAAC,CAAa,EAAIC,EAAc,EAIrDC,EAAS,MADF,IAAIL,EAA6BE,EAASC,CAAY,EACzC,IAAIF,CAAS,EAAE,IAAI,EAG7C,OAAOI,EAAO,QAAQ,CAAC,EAAE,KAAK,EAAI,EAClCA,EAAO,QAASC,GAAY,CAC1B,OAAOA,EAAQ,SAAS,EAAE,KAAKL,EAAU,IAAI,EAC7C,OAAOK,EAAQ,UAAU,UAAU,EAAE,QAAQ,CAC3C,QAAS,EACT,QAAS,GACT,cAAe,EACf,UAAWJ,EAAQ,YAAY,CACjC,CAAC,EACD,OAAOI,EAAQ,UAAU,WAAW,EAAE,KACpC,0IACF,EACA,OAAOA,EAAQ,UAAU,SAAS,EAAE,KAClC,gJACF,CACF,CAAC,CACH,CAAC,EAED,GAAG,kCAAmC,SAAY,CAEhD,KAAM,CAAE,UAAAL,EAAW,QAAAC,EAAS,aAAAC,CAAa,EAAIC,EAAc,CACzD,IAAK,aACP,CAAC,GAIc,MADF,IAAIJ,EAA6BE,EAASC,CAAY,EACzC,IAAIF,CAAS,EAAE,IAAI,GAGtC,OAAQM,GACb,OAAOA,CAAK,EAAE,eAAeV,CAAoB,CACnD,CACF,CAAC,CACH,CAAC,EAED,SAASO,EAAc,CACrB,WAAAI,EAAa,mEACb,aAAAL,EAAe,qEACf,IAAAM,EAAM,wYACR,EAAI,CAAC,EAAG,CACN,MAAO,CACL,UAAW,CAAE,IAAAA,EAAK,KAAM,CAAC,CAAuB,EAChD,QAAS,IAAIX,EAAiBC,EAAWS,CAAU,CAAC,EACpD,aAAAL,CACF,CACF",
+  "names": ["LKRPMissingDataError", "KeypairFromBytes", "hexToBytes", "SignChallengeWithKeypairTask", "challenge", "keypair", "trustchainId", "getParameters", "result", "payload", "error", "privateKey", "tlv"]
 }

package/lib/esm/internal/app-binder/task/utils/TrustedProperties.js

@@ -1,2 +1,2 @@
-import{ByteArrayParser as a}from"@ledgerhq/device-management-kit";import{Either as p,Left as o,Right as i}from"purify-ts";import{LKRPParsingError as P}from"../../../../api/model/Errors";import{TPTags as e}from"../../../models/Tags";import{required as t}from"../../../utils/required";class h{constructor(r){this.bytes=r;this.parser=new a(r)}parser;iv=null;encryptedProps=null;getIv(){if(!this.iv){const r=this.parser.extractFieldTLVEncoded();if(!r||r.tag!==0)return o(new P("Invalid trusted property: missing IV"));this.iv=r.value}return i(this.iv)}getIssuer(){return this.parseEncryptedProps().chain(r=>t(r.get(e.ISSUER)?.value,"Missing issuer in trusted properties"))}getXPriv(){return this.parseEncryptedProps().chain(r=>t(r.get(e.XPRIV)?.value,"Missing xpriv in trusted properties"))}getEphemeralPublicKey(){return this.parseEncryptedProps().chain(r=>t(r.get(e.EPHEMERAL_PUBLIC_KEY)?.value,"Missing ephemeral public key in trusted properties"))}getCommandIv(){return this.parseEncryptedProps().chain(r=>t(r.get(e.COMMAND_IV)?.value,"Missing command IV in trusted properties"))}getGroupKey(){return this.parseEncryptedProps().chain(r=>t(r.get(e.GROUPKEY)?.value,"Missing group key in trusted properties"))}getNewMember(){return this.parseEncryptedProps().chain(r=>t(r.get(e.NEW_MEMBER)?.tlv,"Missing new member in trusted properties"))}parseEncryptedProps(){return this.encryptedProps?i(this.encryptedProps):this.getIv().chain(()=>p.sequence(Array.from(E(this.parser)))).map(r=>new Map(r.map(n=>[n.tag,n]))).ifRight(r=>{this.encryptedProps=r})}}function*E(s){for(;;){const r=s.extractFieldTLVEncoded();if(!r)return;yield i(r)}}export{h as TrustedProperties};
+import{ByteArrayParser as a}from"@ledgerhq/device-management-kit";import{Either as p,Left as o,Right as i}from"purify-ts";import{LKRPParsingError as P}from"../../../../api/app-binder/Errors";import{TPTags as e}from"../../../models/Tags";import{required as t}from"../../../utils/required";class h{constructor(r){this.bytes=r;this.parser=new a(r)}parser;iv=null;encryptedProps=null;getIv(){if(!this.iv){const r=this.parser.extractFieldTLVEncoded();if(!r||r.tag!==0)return o(new P("Invalid trusted property: missing IV"));this.iv=r.value}return i(this.iv)}getIssuer(){return this.parseEncryptedProps().chain(r=>t(r.get(e.ISSUER)?.value,"Missing issuer in trusted properties"))}getXPriv(){return this.parseEncryptedProps().chain(r=>t(r.get(e.XPRIV)?.value,"Missing xpriv in trusted properties"))}getEphemeralPublicKey(){return this.parseEncryptedProps().chain(r=>t(r.get(e.EPHEMERAL_PUBLIC_KEY)?.value,"Missing ephemeral public key in trusted properties"))}getCommandIv(){return this.parseEncryptedProps().chain(r=>t(r.get(e.COMMAND_IV)?.value,"Missing command IV in trusted properties"))}getGroupKey(){return this.parseEncryptedProps().chain(r=>t(r.get(e.GROUPKEY)?.value,"Missing group key in trusted properties"))}getNewMember(){return this.parseEncryptedProps().chain(r=>t(r.get(e.NEW_MEMBER)?.tlv,"Missing new member in trusted properties"))}parseEncryptedProps(){return this.encryptedProps?i(this.encryptedProps):this.getIv().chain(()=>p.sequence(Array.from(E(this.parser)))).map(r=>new Map(r.map(n=>[n.tag,n]))).ifRight(r=>{this.encryptedProps=r})}}function*E(s){for(;;){const r=s.extractFieldTLVEncoded();if(!r)return;yield i(r)}}export{h as TrustedProperties};
 //# sourceMappingURL=TrustedProperties.js.map

package/lib/esm/internal/app-binder/task/utils/TrustedProperties.js.map

@@ -1,7 +1,7 @@
 {
   "version": 3,
   "sources": ["../../../../../../src/internal/app-binder/task/utils/TrustedProperties.ts"],
-  "sourcesContent": ["import { ByteArrayParser } from \"@ledgerhq/device-management-kit\";\nimport { Either, Left, Right } from \"purify-ts\";\n\nimport { type LKRPMissingDataError, LKRPParsingError } from \"@api/model/Errors\";\nimport { TPTags } from \"@internal/models/Tags\";\nimport { required } from \"@internal/utils/required\";\n\ntype EncryptedTPTag = Exclude<TPTags, TPTags.IV>;\ntype EncryptedTP = { tag: EncryptedTPTag; value: Uint8Array; tlv: Uint8Array };\n\nexport class TrustedProperties {\n  private readonly parser: ByteArrayParser;\n  private iv: Uint8Array | null = null;\n  private encryptedProps: Map<EncryptedTPTag, EncryptedTP> | null = null;\n\n  constructor(public readonly bytes: Uint8Array) {\n    this.parser = new ByteArrayParser(bytes);\n  }\n\n  getIv(): Either<LKRPParsingError, Uint8Array> {\n    if (!this.iv) {\n      const field = this.parser.extractFieldTLVEncoded();\n      if (!field || field.tag !== 0x00) {\n        return Left(\n          new LKRPParsingError(\"Invalid trusted property: missing IV\"),\n        );\n      }\n\n      this.iv = field.value;\n    }\n    return Right(this.iv);\n  }\n\n  getIssuer(): Either<LKRPParsingError | LKRPMissingDataError, Uint8Array> {\n    return this.parseEncryptedProps().chain((props) =>\n      required(\n        props.get(TPTags.ISSUER)?.value,\n        \"Missing issuer in trusted properties\",\n      ),\n    );\n  }\n\n  getXPriv(): Either<LKRPParsingError | LKRPMissingDataError, Uint8Array> {\n    return this.parseEncryptedProps().chain((props) =>\n      required(\n        props.get(TPTags.XPRIV)?.value,\n        \"Missing xpriv in trusted properties\",\n      ),\n    );\n  }\n\n  getEphemeralPublicKey(): Either<\n    LKRPParsingError | LKRPMissingDataError,\n    Uint8Array\n  > {\n    return this.parseEncryptedProps().chain((props) =>\n      required(\n        props.get(TPTags.EPHEMERAL_PUBLIC_KEY)?.value,\n        \"Missing ephemeral public key in trusted properties\",\n      ),\n    );\n  }\n\n  getCommandIv(): Either<LKRPParsingError | LKRPMissingDataError, Uint8Array> {\n    return this.parseEncryptedProps().chain((props) =>\n      required(\n        props.get(TPTags.COMMAND_IV)?.value,\n        \"Missing command IV in trusted properties\",\n      ),\n    );\n  }\n\n  getGroupKey(): Either<LKRPParsingError | LKRPMissingDataError, Uint8Array> {\n    return this.parseEncryptedProps().chain((props) =>\n      required(\n        props.get(TPTags.GROUPKEY)?.value,\n        \"Missing group key in trusted properties\",\n      ),\n    );\n  }\n\n  getNewMember(): Either<LKRPParsingError | LKRPMissingDataError, Uint8Array> {\n    return this.parseEncryptedProps().chain((props) =>\n      required(\n        props.get(TPTags.NEW_MEMBER)?.tlv,\n        \"Missing new member in trusted properties\",\n      ),\n    );\n  }\n\n  parseEncryptedProps(): Either<\n    LKRPParsingError,\n    Map<EncryptedTPTag, EncryptedTP>\n  > {\n    return this.encryptedProps\n      ? Right(this.encryptedProps)\n      : this.getIv()\n          .chain(() => Either.sequence(Array.from(parseTPs(this.parser))))\n          .map((fields) => new Map(fields.map((field) => [field.tag, field])))\n          .ifRight((props) => {\n            this.encryptedProps = props;\n          });\n  }\n}\n\nfunction* parseTPs(\n  parser: ByteArrayParser,\n): Generator<Either<LKRPParsingError, EncryptedTP>> {\n  while (true) {\n    const field = parser.extractFieldTLVEncoded();\n    if (!field) return;\n    yield Right(field);\n  }\n}\n"],
-  "mappings": "AAAA,OAAS,mBAAAA,MAAuB,kCAChC,OAAS,UAAAC,EAAQ,QAAAC,EAAM,SAAAC,MAAa,YAEpC,OAAoC,oBAAAC,MAAwB,oBAC5D,OAAS,UAAAC,MAAc,wBACvB,OAAS,YAAAC,MAAgB,2BAKlB,MAAMC,CAAkB,CAK7B,YAA4BC,EAAmB,CAAnB,WAAAA,EAC1B,KAAK,OAAS,IAAIR,EAAgBQ,CAAK,CACzC,CANiB,OACT,GAAwB,KACxB,eAA0D,KAMlE,OAA8C,CAC5C,GAAI,CAAC,KAAK,GAAI,CACZ,MAAMC,EAAQ,KAAK,OAAO,uBAAuB,EACjD,GAAI,CAACA,GAASA,EAAM,MAAQ,EAC1B,OAAOP,EACL,IAAIE,EAAiB,sCAAsC,CAC7D,EAGF,KAAK,GAAKK,EAAM,KAClB,CACA,OAAON,EAAM,KAAK,EAAE,CACtB,CAEA,WAAyE,CACvE,OAAO,KAAK,oBAAoB,EAAE,MAAOO,GACvCJ,EACEI,EAAM,IAAIL,EAAO,MAAM,GAAG,MAC1B,sCACF,CACF,CACF,CAEA,UAAwE,CACtE,OAAO,KAAK,oBAAoB,EAAE,MAAOK,GACvCJ,EACEI,EAAM,IAAIL,EAAO,KAAK,GAAG,MACzB,qCACF,CACF,CACF,CAEA,uBAGE,CACA,OAAO,KAAK,oBAAoB,EAAE,MAAOK,GACvCJ,EACEI,EAAM,IAAIL,EAAO,oBAAoB,GAAG,MACxC,oDACF,CACF,CACF,CAEA,cAA4E,CAC1E,OAAO,KAAK,oBAAoB,EAAE,MAAOK,GACvCJ,EACEI,EAAM,IAAIL,EAAO,UAAU,GAAG,MAC9B,0CACF,CACF,CACF,CAEA,aAA2E,CACzE,OAAO,KAAK,oBAAoB,EAAE,MAAOK,GACvCJ,EACEI,EAAM,IAAIL,EAAO,QAAQ,GAAG,MAC5B,yCACF,CACF,CACF,CAEA,cAA4E,CAC1E,OAAO,KAAK,oBAAoB,EAAE,MAAOK,GACvCJ,EACEI,EAAM,IAAIL,EAAO,UAAU,GAAG,IAC9B,0CACF,CACF,CACF,CAEA,qBAGE,CACA,OAAO,KAAK,eACRF,EAAM,KAAK,cAAc,EACzB,KAAK,MAAM,EACR,MAAM,IAAMF,EAAO,SAAS,MAAM,KAAKU,EAAS,KAAK,MAAM,CAAC,CAAC,CAAC,EAC9D,IAAKC,GAAW,IAAI,IAAIA,EAAO,IAAKH,GAAU,CAACA,EAAM,IAAKA,CAAK,CAAC,CAAC,CAAC,EAClE,QAASC,GAAU,CAClB,KAAK,eAAiBA,CACxB,CAAC,CACT,CACF,CAEA,SAAUC,EACRE,EACkD,CAClD,OAAa,CACX,MAAMJ,EAAQI,EAAO,uBAAuB,EAC5C,GAAI,CAACJ,EAAO,OACZ,MAAMN,EAAMM,CAAK,CACnB,CACF",
+  "sourcesContent": ["import { ByteArrayParser } from \"@ledgerhq/device-management-kit\";\nimport { Either, Left, Right } from \"purify-ts\";\n\nimport {\n  type LKRPMissingDataError,\n  LKRPParsingError,\n} from \"@api/app-binder/Errors\";\nimport { TPTags } from \"@internal/models/Tags\";\nimport { required } from \"@internal/utils/required\";\n\ntype EncryptedTPTag = Exclude<TPTags, TPTags.IV>;\ntype EncryptedTP = { tag: EncryptedTPTag; value: Uint8Array; tlv: Uint8Array };\n\nexport class TrustedProperties {\n  private readonly parser: ByteArrayParser;\n  private iv: Uint8Array | null = null;\n  private encryptedProps: Map<EncryptedTPTag, EncryptedTP> | null = null;\n\n  constructor(public readonly bytes: Uint8Array) {\n    this.parser = new ByteArrayParser(bytes);\n  }\n\n  getIv(): Either<LKRPParsingError, Uint8Array> {\n    if (!this.iv) {\n      const field = this.parser.extractFieldTLVEncoded();\n      if (!field || field.tag !== 0x00) {\n        return Left(\n          new LKRPParsingError(\"Invalid trusted property: missing IV\"),\n        );\n      }\n\n      this.iv = field.value;\n    }\n    return Right(this.iv);\n  }\n\n  getIssuer(): Either<LKRPParsingError | LKRPMissingDataError, Uint8Array> {\n    return this.parseEncryptedProps().chain((props) =>\n      required(\n        props.get(TPTags.ISSUER)?.value,\n        \"Missing issuer in trusted properties\",\n      ),\n    );\n  }\n\n  getXPriv(): Either<LKRPParsingError | LKRPMissingDataError, Uint8Array> {\n    return this.parseEncryptedProps().chain((props) =>\n      required(\n        props.get(TPTags.XPRIV)?.value,\n        \"Missing xpriv in trusted properties\",\n      ),\n    );\n  }\n\n  getEphemeralPublicKey(): Either<\n    LKRPParsingError | LKRPMissingDataError,\n    Uint8Array\n  > {\n    return this.parseEncryptedProps().chain((props) =>\n      required(\n        props.get(TPTags.EPHEMERAL_PUBLIC_KEY)?.value,\n        \"Missing ephemeral public key in trusted properties\",\n      ),\n    );\n  }\n\n  getCommandIv(): Either<LKRPParsingError | LKRPMissingDataError, Uint8Array> {\n    return this.parseEncryptedProps().chain((props) =>\n      required(\n        props.get(TPTags.COMMAND_IV)?.value,\n        \"Missing command IV in trusted properties\",\n      ),\n    );\n  }\n\n  getGroupKey(): Either<LKRPParsingError | LKRPMissingDataError, Uint8Array> {\n    return this.parseEncryptedProps().chain((props) =>\n      required(\n        props.get(TPTags.GROUPKEY)?.value,\n        \"Missing group key in trusted properties\",\n      ),\n    );\n  }\n\n  getNewMember(): Either<LKRPParsingError | LKRPMissingDataError, Uint8Array> {\n    return this.parseEncryptedProps().chain((props) =>\n      required(\n        props.get(TPTags.NEW_MEMBER)?.tlv,\n        \"Missing new member in trusted properties\",\n      ),\n    );\n  }\n\n  parseEncryptedProps(): Either<\n    LKRPParsingError,\n    Map<EncryptedTPTag, EncryptedTP>\n  > {\n    return this.encryptedProps\n      ? Right(this.encryptedProps)\n      : this.getIv()\n          .chain(() => Either.sequence(Array.from(parseTPs(this.parser))))\n          .map((fields) => new Map(fields.map((field) => [field.tag, field])))\n          .ifRight((props) => {\n            this.encryptedProps = props;\n          });\n  }\n}\n\nfunction* parseTPs(\n  parser: ByteArrayParser,\n): Generator<Either<LKRPParsingError, EncryptedTP>> {\n  while (true) {\n    const field = parser.extractFieldTLVEncoded();\n    if (!field) return;\n    yield Right(field);\n  }\n}\n"],
+  "mappings": "AAAA,OAAS,mBAAAA,MAAuB,kCAChC,OAAS,UAAAC,EAAQ,QAAAC,EAAM,SAAAC,MAAa,YAEpC,OAEE,oBAAAC,MACK,yBACP,OAAS,UAAAC,MAAc,wBACvB,OAAS,YAAAC,MAAgB,2BAKlB,MAAMC,CAAkB,CAK7B,YAA4BC,EAAmB,CAAnB,WAAAA,EAC1B,KAAK,OAAS,IAAIR,EAAgBQ,CAAK,CACzC,CANiB,OACT,GAAwB,KACxB,eAA0D,KAMlE,OAA8C,CAC5C,GAAI,CAAC,KAAK,GAAI,CACZ,MAAMC,EAAQ,KAAK,OAAO,uBAAuB,EACjD,GAAI,CAACA,GAASA,EAAM,MAAQ,EAC1B,OAAOP,EACL,IAAIE,EAAiB,sCAAsC,CAC7D,EAGF,KAAK,GAAKK,EAAM,KAClB,CACA,OAAON,EAAM,KAAK,EAAE,CACtB,CAEA,WAAyE,CACvE,OAAO,KAAK,oBAAoB,EAAE,MAAOO,GACvCJ,EACEI,EAAM,IAAIL,EAAO,MAAM,GAAG,MAC1B,sCACF,CACF,CACF,CAEA,UAAwE,CACtE,OAAO,KAAK,oBAAoB,EAAE,MAAOK,GACvCJ,EACEI,EAAM,IAAIL,EAAO,KAAK,GAAG,MACzB,qCACF,CACF,CACF,CAEA,uBAGE,CACA,OAAO,KAAK,oBAAoB,EAAE,MAAOK,GACvCJ,EACEI,EAAM,IAAIL,EAAO,oBAAoB,GAAG,MACxC,oDACF,CACF,CACF,CAEA,cAA4E,CAC1E,OAAO,KAAK,oBAAoB,EAAE,MAAOK,GACvCJ,EACEI,EAAM,IAAIL,EAAO,UAAU,GAAG,MAC9B,0CACF,CACF,CACF,CAEA,aAA2E,CACzE,OAAO,KAAK,oBAAoB,EAAE,MAAOK,GACvCJ,EACEI,EAAM,IAAIL,EAAO,QAAQ,GAAG,MAC5B,yCACF,CACF,CACF,CAEA,cAA4E,CAC1E,OAAO,KAAK,oBAAoB,EAAE,MAAOK,GACvCJ,EACEI,EAAM,IAAIL,EAAO,UAAU,GAAG,IAC9B,0CACF,CACF,CACF,CAEA,qBAGE,CACA,OAAO,KAAK,eACRF,EAAM,KAAK,cAAc,EACzB,KAAK,MAAM,EACR,MAAM,IAAMF,EAAO,SAAS,MAAM,KAAKU,EAAS,KAAK,MAAM,CAAC,CAAC,CAAC,EAC9D,IAAKC,GAAW,IAAI,IAAIA,EAAO,IAAKH,GAAU,CAACA,EAAM,IAAKA,CAAK,CAAC,CAAC,CAAC,EAClE,QAASC,GAAU,CAClB,KAAK,eAAiBA,CACxB,CAAC,CACT,CACF,CAEA,SAAUC,EACRE,EACkD,CAClD,OAAa,CACX,MAAMJ,EAAQI,EAAO,uBAAuB,EAC5C,GAAI,CAACJ,EAAO,OACZ,MAAMN,EAAMM,CAAK,CACnB,CACF",
   "names": ["ByteArrayParser", "Either", "Left", "Right", "LKRPParsingError", "TPTags", "required", "TrustedProperties", "bytes", "field", "props", "parseTPs", "fields", "parser"]
 }

package/lib/esm/internal/di.js

@@ -1,2 +1,2 @@
-import{Container as m}from"inversify";import{LKRPEnv as o}from"../api/index";import{appBindingModuleFactory as s}from"./app-binder/di/appBinderModule";import{lkrpDatasourceModuleFactory as l}from"./lkrp-datasource/di/lkrpDatasourceModuleFactory";import{useCasesModuleFactory as v}from"./use-cases/di/useCasesModule";import{externalTypes as e}from"./externalTypes";const f=({dmk:r,applicationId:n,cryptoService:a,env:i=o.PROD,baseUrl:p,stub:c})=>{const t=new m;return t.bind(e.Dmk).toConstantValue(r),t.bind(e.ApplicationId).toConstantValue(n),t.bind(e.CryptoService).toConstantValue(a),t.loadSync(s(),l({baseUrl:p??d.get(i),stub:c}),v()),t},d=new Map([[o.PROD,"https://trustchain.api.live.ledger.com/v1"],[o.STAGING,"https://trustchain-backend.api.aws.stg.ldg-tech.com/v1"]]);export{f as makeContainer};
+import{Container as s}from"inversify";import{LKRPEnv as e}from"../api/index";import{appBindingModuleFactory as m}from"./app-binder/di/appBinderModule";import{lkrpDatasourceModuleFactory as c}from"./lkrp-datasource/di/lkrpDatasourceModuleFactory";import{useCasesModuleFactory as l}from"./use-cases/di/useCasesModule";import{externalTypes as n}from"./externalTypes";const f=({dmk:o,applicationId:a,env:r=e.PROD,baseUrl:i,stub:p})=>{const t=new s;return t.bind(n.Dmk).toConstantValue(o),t.bind(n.ApplicationId).toConstantValue(a),t.loadSync(m(),c({baseUrl:i??d.get(r),stub:p}),l()),t},d=new Map([[e.PROD,"https://trustchain.api.live.ledger.com/v1"],[e.STAGING,"https://trustchain-backend.api.aws.stg.ldg-tech.com/v1"]]);export{f as makeContainer};
 //# sourceMappingURL=di.js.map

package/lib/esm/internal/di.js.map

@@ -1,7 +1,7 @@
 {
   "version": 3,
   "sources": ["../../../src/internal/di.ts"],
-  "sourcesContent": ["import { type DeviceManagementKit } from \"@ledgerhq/device-management-kit\";\nimport { Container } from \"inversify\";\n\nimport { type CryptoService } from \"@api/crypto/CryptoService\";\nimport { LKRPEnv } from \"@api/index\";\nimport { appBindingModuleFactory } from \"@internal/app-binder/di/appBinderModule\";\n\nimport { lkrpDatasourceModuleFactory } from \"./lkrp-datasource/di/lkrpDatasourceModuleFactory\";\nimport { useCasesModuleFactory } from \"./use-cases/di/useCasesModule\";\nimport { externalTypes } from \"./externalTypes\";\n\nexport type MakeContainerProps = {\n  dmk: DeviceManagementKit;\n  applicationId: number;\n  cryptoService: CryptoService;\n  env?: LKRPEnv;\n  baseUrl?: string; // Optional base URL for the LKRP network requests\n  stub?: boolean;\n};\n\nexport const makeContainer = ({\n  dmk,\n  applicationId,\n  cryptoService,\n  env = LKRPEnv.PROD,\n  baseUrl,\n  stub,\n}: MakeContainerProps) => {\n  const container = new Container();\n\n  container.bind<DeviceManagementKit>(externalTypes.Dmk).toConstantValue(dmk);\n  container.bind(externalTypes.ApplicationId).toConstantValue(applicationId);\n  container\n    .bind<CryptoService>(externalTypes.CryptoService)\n    .toConstantValue(cryptoService);\n\n  container.loadSync(\n    appBindingModuleFactory(),\n    lkrpDatasourceModuleFactory({\n      baseUrl: baseUrl ?? lkrpBaseUrlMap.get(env),\n      stub,\n    }),\n    useCasesModuleFactory(),\n  );\n\n  return container;\n};\n\nconst lkrpBaseUrlMap = new Map<LKRPEnv, string>([\n  [LKRPEnv.PROD, \"https://trustchain.api.live.ledger.com/v1\"],\n  [LKRPEnv.STAGING, \"https://trustchain-backend.api.aws.stg.ldg-tech.com/v1\"],\n]);\n"],
-  "mappings": "AACA,OAAS,aAAAA,MAAiB,YAG1B,OAAS,WAAAC,MAAe,aACxB,OAAS,2BAAAC,MAA+B,0CAExC,OAAS,+BAAAC,MAAmC,mDAC5C,OAAS,yBAAAC,MAA6B,gCACtC,OAAS,iBAAAC,MAAqB,kBAWvB,MAAMC,EAAgB,CAAC,CAC5B,IAAAC,EACA,cAAAC,EACA,cAAAC,EACA,IAAAC,EAAMT,EAAQ,KACd,QAAAU,EACA,KAAAC,CACF,IAA0B,CACxB,MAAMC,EAAY,IAAIb,EAEtB,OAAAa,EAAU,KAA0BR,EAAc,GAAG,EAAE,gBAAgBE,CAAG,EAC1EM,EAAU,KAAKR,EAAc,aAAa,EAAE,gBAAgBG,CAAa,EACzEK,EACG,KAAoBR,EAAc,aAAa,EAC/C,gBAAgBI,CAAa,EAEhCI,EAAU,SACRX,EAAwB,EACxBC,EAA4B,CAC1B,QAASQ,GAAWG,EAAe,IAAIJ,CAAG,EAC1C,KAAAE,CACF,CAAC,EACDR,EAAsB,CACxB,EAEOS,CACT,EAEMC,EAAiB,IAAI,IAAqB,CAC9C,CAACb,EAAQ,KAAM,2CAA2C,EAC1D,CAACA,EAAQ,QAAS,wDAAwD,CAC5E,CAAC",
-  "names": ["Container", "LKRPEnv", "appBindingModuleFactory", "lkrpDatasourceModuleFactory", "useCasesModuleFactory", "externalTypes", "makeContainer", "dmk", "applicationId", "cryptoService", "env", "baseUrl", "stub", "container", "lkrpBaseUrlMap"]
+  "sourcesContent": ["import { type DeviceManagementKit } from \"@ledgerhq/device-management-kit\";\nimport { Container } from \"inversify\";\n\nimport { LKRPEnv } from \"@api/index\";\nimport { appBindingModuleFactory } from \"@internal/app-binder/di/appBinderModule\";\n\nimport { lkrpDatasourceModuleFactory } from \"./lkrp-datasource/di/lkrpDatasourceModuleFactory\";\nimport { useCasesModuleFactory } from \"./use-cases/di/useCasesModule\";\nimport { externalTypes } from \"./externalTypes\";\n\nexport type MakeContainerProps = {\n  dmk: DeviceManagementKit;\n  applicationId: number;\n  env?: LKRPEnv;\n  baseUrl?: string; // Optional base URL for the LKRP network requests\n  stub?: boolean;\n};\n\nexport const makeContainer = ({\n  dmk,\n  applicationId,\n  env = LKRPEnv.PROD,\n  baseUrl,\n  stub,\n}: MakeContainerProps) => {\n  const container = new Container();\n\n  container.bind<DeviceManagementKit>(externalTypes.Dmk).toConstantValue(dmk);\n  container.bind(externalTypes.ApplicationId).toConstantValue(applicationId);\n\n  container.loadSync(\n    appBindingModuleFactory(),\n    lkrpDatasourceModuleFactory({\n      baseUrl: baseUrl ?? lkrpBaseUrlMap.get(env),\n      stub,\n    }),\n    useCasesModuleFactory(),\n  );\n\n  return container;\n};\n\nconst lkrpBaseUrlMap = new Map<LKRPEnv, string>([\n  [LKRPEnv.PROD, \"https://trustchain.api.live.ledger.com/v1\"],\n  [LKRPEnv.STAGING, \"https://trustchain-backend.api.aws.stg.ldg-tech.com/v1\"],\n]);\n"],
+  "mappings": "AACA,OAAS,aAAAA,MAAiB,YAE1B,OAAS,WAAAC,MAAe,aACxB,OAAS,2BAAAC,MAA+B,0CAExC,OAAS,+BAAAC,MAAmC,mDAC5C,OAAS,yBAAAC,MAA6B,gCACtC,OAAS,iBAAAC,MAAqB,kBAUvB,MAAMC,EAAgB,CAAC,CAC5B,IAAAC,EACA,cAAAC,EACA,IAAAC,EAAMR,EAAQ,KACd,QAAAS,EACA,KAAAC,CACF,IAA0B,CACxB,MAAMC,EAAY,IAAIZ,EAEtB,OAAAY,EAAU,KAA0BP,EAAc,GAAG,EAAE,gBAAgBE,CAAG,EAC1EK,EAAU,KAAKP,EAAc,aAAa,EAAE,gBAAgBG,CAAa,EAEzEI,EAAU,SACRV,EAAwB,EACxBC,EAA4B,CAC1B,QAASO,GAAWG,EAAe,IAAIJ,CAAG,EAC1C,KAAAE,CACF,CAAC,EACDP,EAAsB,CACxB,EAEOQ,CACT,EAEMC,EAAiB,IAAI,IAAqB,CAC9C,CAACZ,EAAQ,KAAM,2CAA2C,EAC1D,CAACA,EAAQ,QAAS,wDAAwD,CAC5E,CAAC",
+  "names": ["Container", "LKRPEnv", "appBindingModuleFactory", "lkrpDatasourceModuleFactory", "useCasesModuleFactory", "externalTypes", "makeContainer", "dmk", "applicationId", "env", "baseUrl", "stub", "container", "lkrpBaseUrlMap"]
 }

package/lib/esm/internal/externalTypes.js

@@ -1,2 +1,2 @@
-const r={Dmk:Symbol.for("Dmk"),ApplicationId:Symbol.for("ApplicationId"),CryptoService:Symbol.for("CryptoService")};export{r as externalTypes};
+const r={Dmk:Symbol.for("Dmk"),ApplicationId:Symbol.for("ApplicationId")};export{r as externalTypes};
 //# sourceMappingURL=externalTypes.js.map

package/lib/esm/internal/externalTypes.js.map

@@ -1,7 +1,7 @@
 {
   "version": 3,
   "sources": ["../../../src/internal/externalTypes.ts"],
-  "sourcesContent": ["export const externalTypes = {\n  Dmk: Symbol.for(\"Dmk\"),\n  ApplicationId: Symbol.for(\"ApplicationId\"),\n  CryptoService: Symbol.for(\"CryptoService\"),\n};\n\nexport type TrustedProperty = {\n  iv: Uint8Array;\n  issuer: Uint8Array;\n  xpriv: Uint8Array;\n  ephemeralPubKey: Uint8Array;\n  commandIV: Uint8Array;\n  groupKey: Uint8Array;\n  newMember: Uint8Array;\n};\n"],
-  "mappings": "AAAO,MAAMA,EAAgB,CAC3B,IAAK,OAAO,IAAI,KAAK,EACrB,cAAe,OAAO,IAAI,eAAe,EACzC,cAAe,OAAO,IAAI,eAAe,CAC3C",
+  "sourcesContent": ["export const externalTypes = {\n  Dmk: Symbol.for(\"Dmk\"),\n  ApplicationId: Symbol.for(\"ApplicationId\"),\n};\n\nexport type TrustedProperty = {\n  iv: Uint8Array;\n  issuer: Uint8Array;\n  xpriv: Uint8Array;\n  ephemeralPubKey: Uint8Array;\n  commandIV: Uint8Array;\n  groupKey: Uint8Array;\n  newMember: Uint8Array;\n};\n"],
+  "mappings": "AAAO,MAAMA,EAAgB,CAC3B,IAAK,OAAO,IAAI,KAAK,EACrB,cAAe,OAAO,IAAI,eAAe,CAC3C",
   "names": ["externalTypes"]
 }

package/lib/esm/internal/lkrp-datasource/data/HttpLKRPDataSource.js

@@ -1,2 +1,2 @@
-var d=Object.defineProperty;var y=Object.getOwnPropertyDescriptor;var g=(s,t,e,r)=>{for(var i=r>1?void 0:r?y(t,e):t,o=s.length-1,n;o>=0;o--)(n=s[o])&&(i=(r?n(t,e,i):n(i))||i);return r&&i&&d(t,e,i),i},f=(s,t)=>(e,r)=>t(e,r,s);import{inject as S,injectable as T}from"inversify";import{EitherAsync as c,Just as m,Left as R,Maybe as b,Nothing as l,Right as p}from"purify-ts";import{LKRPDataSourceError as N}from"../../../api/model/Errors";import{lkrpDatasourceTypes as k}from"../../lkrp-datasource/di/lkrpDatasourceTypes";import{Trustchain as L}from"../../utils/Trustchain";let u=class{constructor(t){this.baseUrl=t}getChallenge(){return this.request("/challenge",l)}authenticate(t){return this.request("/authenticate",l,{method:"POST",body:JSON.stringify(t)}).map(e=>({jwt:e,trustchainId:b.fromNullable(Object.keys(e.permissions).find(r=>!!e.permissions[r]?.["m/"]))}))}getTrustchainById(t,e){return this.request(`/trustchain/${t}`,m(e)).map(r=>new L(t,r))}postDerivation(t,e,r){return this.request(`/trustchain/${t}/derivation`,m(r),{method:"POST",body:JSON.stringify(e.toString())})}putCommands(t,e,r,i){return this.request(`/trustchain/${t}/commands`,m(i),{method:"PUT",body:JSON.stringify({path:e,blocks:[r.toString()]})})}request(t,e,r){const i=this.baseUrl+t,o={...r?.headers,"Content-Type":"application/json",...e.mapOrDefault(({access_token:n})=>({Authorization:`Bearer ${n}`}),{})};return c(()=>fetch(i,{...r,headers:o})).mapLeft(n=>({status:"UNKNOWN",message:h(n)})).chain(async n=>{switch(n.status){case 204:return p(void 0);default:return c(()=>n.json()).mapLeft(h).map(a=>n.ok?p(a):R(h(a))).chain(c.liftEither).mapLeft(a=>({status:P.get(n.status)??"UNKNOWN",message:`[${n.status}] ${a||n.statusText}`}))}}).mapLeft(({status:n,message:a})=>new N({status:n,message:`${a||"Unknown error"} (from: ${i})`}))}};u=g([T(),f(0,S(k.BaseUrl))],u);const P=new Map([[400,"BAD_REQUEST"],[401,"UNAUTHORIZED"]]);function h(s){if(s){if(typeof s!="object"||s.toString!=={}.toString)return String(s);if("message"in s)return String(s.message)}}export{u as HttpLKRPDataSource};
+var d=Object.defineProperty;var y=Object.getOwnPropertyDescriptor;var g=(s,t,e,r)=>{for(var i=r>1?void 0:r?y(t,e):t,o=s.length-1,n;o>=0;o--)(n=s[o])&&(i=(r?n(t,e,i):n(i))||i);return r&&i&&d(t,e,i),i},f=(s,t)=>(e,r)=>t(e,r,s);import{inject as S,injectable as T}from"inversify";import{EitherAsync as c,Just as m,Left as R,Maybe as b,Nothing as l,Right as p}from"purify-ts";import{LKRPDataSourceError as N}from"../../../api/app-binder/Errors";import{lkrpDatasourceTypes as k}from"../../lkrp-datasource/di/lkrpDatasourceTypes";import{Trustchain as L}from"../../utils/Trustchain";let u=class{constructor(t){this.baseUrl=t}getChallenge(){return this.request("/challenge",l)}authenticate(t){return this.request("/authenticate",l,{method:"POST",body:JSON.stringify(t)}).map(e=>({jwt:e,trustchainId:b.fromNullable(Object.keys(e.permissions).find(r=>!!e.permissions[r]?.["m/"]))}))}getTrustchainById(t,e){return this.request(`/trustchain/${t}`,m(e)).map(r=>new L(t,r))}postDerivation(t,e,r){return this.request(`/trustchain/${t}/derivation`,m(r),{method:"POST",body:JSON.stringify(e.toString())})}putCommands(t,e,r,i){return this.request(`/trustchain/${t}/commands`,m(i),{method:"PUT",body:JSON.stringify({path:e,blocks:[r.toString()]})})}request(t,e,r){const i=this.baseUrl+t,o={...r?.headers,"Content-Type":"application/json",...e.mapOrDefault(({access_token:n})=>({Authorization:`Bearer ${n}`}),{})};return c(()=>fetch(i,{...r,headers:o})).mapLeft(n=>({status:"UNKNOWN",message:h(n)})).chain(async n=>{switch(n.status){case 204:return p(void 0);default:return c(()=>n.json()).mapLeft(h).map(a=>n.ok?p(a):R(h(a))).chain(c.liftEither).mapLeft(a=>({status:P.get(n.status)??"UNKNOWN",message:`[${n.status}] ${a||n.statusText}`}))}}).mapLeft(({status:n,message:a})=>new N({status:n,message:`${a||"Unknown error"} (from: ${i})`}))}};u=g([T(),f(0,S(k.BaseUrl))],u);const P=new Map([[400,"BAD_REQUEST"],[401,"UNAUTHORIZED"]]);function h(s){if(s){if(typeof s!="object"||s.toString!=={}.toString)return String(s);if("message"in s)return String(s.message)}}export{u as HttpLKRPDataSource};
 //# sourceMappingURL=HttpLKRPDataSource.js.map