@ledgerhq/device-trusted-app-kit-ledger-keyring-protocol 0.0.0-multisig-20250822145545 → 0.0.0-web-ble-29-08---20250829104351

package/lib/cjs/internal/app-binder/task/ExtractEncryptionKeyTask.js

@@ -1,2 +1,2 @@
-"use strict";var p=Object.defineProperty;var n=Object.getOwnPropertyDescriptor;var m=Object.getOwnPropertyNames;var y=Object.prototype.hasOwnProperty;var c=(e,r)=>{for(var o in r)p(e,o,{get:r[o],enumerable:!0})},K=(e,r,o,i)=>{if(r&&typeof r=="object"||typeof r=="function")for(let t of m(r))!y.call(e,t)&&t!==o&&p(e,t,{get:()=>r[t],enumerable:!(i=n(r,t))||i.enumerable});return e};var s=e=>K(p({},"__esModule",{value:!0}),e);var f={};c(f,{ExtractEncryptionKeyTask:()=>P});module.exports=s(f);var a=require("../../../api/model/Errors");class P{async run(r,o,i){return(await i.getPublishedKey(r,o)).map(t=>t.privateKey).toEither(new a.LKRPUnknownError("There is no encryption key for the current member in the application stream."))}}0&&(module.exports={ExtractEncryptionKeyTask});
+"use strict";var a=Object.defineProperty;var n=Object.getOwnPropertyDescriptor;var y=Object.getOwnPropertyNames;var m=Object.prototype.hasOwnProperty;var c=(e,r)=>{for(var t in r)a(e,t,{get:r[t],enumerable:!0})},K=(e,r,t,p)=>{if(r&&typeof r=="object"||typeof r=="function")for(let o of y(r))!m.call(e,o)&&o!==t&&a(e,o,{get:()=>r[o],enumerable:!(p=n(r,o))||p.enumerable});return e};var s=e=>K(a({},"__esModule",{value:!0}),e);var l={};c(l,{ExtractEncryptionKeyTask:()=>k});module.exports=s(l);var i=require("../../../api/app-binder/Errors");class k{async run(r,t){return Promise.resolve(t.getPublishedKey(r).map(p=>p.privateKey).toEither(new i.LKRPUnknownError("There is no encryption key for the current member in the application stream.")))}}0&&(module.exports={ExtractEncryptionKeyTask});
 //# sourceMappingURL=ExtractEncryptionKeyTask.js.map

package/lib/cjs/internal/app-binder/task/ExtractEncryptionKeyTask.js.map

@@ -1,7 +1,7 @@
 {
   "version": 3,
   "sources": ["../../../../../src/internal/app-binder/task/ExtractEncryptionKeyTask.ts"],
-  "sourcesContent": ["import { type CryptoService } from \"@api/crypto/CryptoService\";\nimport { type KeyPair } from \"@api/crypto/KeyPair\";\nimport { LKRPUnknownError } from \"@api/model/Errors\";\nimport { type LKRPBlockStream } from \"@internal/utils/LKRPBlockStream\";\n\nexport class ExtractEncryptionKeyTask {\n  async run(\n    cryptoService: CryptoService,\n    keypair: KeyPair,\n    stream: LKRPBlockStream,\n  ) {\n    // TODO additional derivations should be supported:\n    // https://github.com/LedgerHQ/ledger-live/blob/develop/libs/hw-ledger-key-ring-protocol/src/Device.ts#L216...L226\n    // Probably not needed for Ledger Sync\n    return (await stream.getPublishedKey(cryptoService, keypair))\n      .map((key) => key.privateKey)\n      .toEither(\n        new LKRPUnknownError(\n          \"There is no encryption key for the current member in the application stream.\",\n        ),\n      );\n  }\n}\n"],
-  "mappings": "yaAAA,IAAAA,EAAA,GAAAC,EAAAD,EAAA,8BAAAE,IAAA,eAAAC,EAAAH,GAEA,IAAAI,EAAiC,6BAG1B,MAAMF,CAAyB,CACpC,MAAM,IACJG,EACAC,EACAC,EACA,CAIA,OAAQ,MAAMA,EAAO,gBAAgBF,EAAeC,CAAO,GACxD,IAAKE,GAAQA,EAAI,UAAU,EAC3B,SACC,IAAI,mBACF,8EACF,CACF,CACJ,CACF",
-  "names": ["ExtractEncryptionKeyTask_exports", "__export", "ExtractEncryptionKeyTask", "__toCommonJS", "import_Errors", "cryptoService", "keypair", "stream", "key"]
+  "sourcesContent": ["import { LKRPUnknownError } from \"@api/app-binder/Errors\";\nimport { type Keypair } from \"@api/index\";\nimport { type LKRPBlockStream } from \"@internal/utils/LKRPBlockStream\";\n\nexport type ExtractEncryptionKeyTaskInput = {\n  applicationStream: LKRPBlockStream;\n  keypair: Keypair;\n};\n\nexport class ExtractEncryptionKeyTask {\n  async run(keypair: Keypair, stream: LKRPBlockStream) {\n    // TODO additional derivations should be supported:\n    // https://github.com/LedgerHQ/ledger-live/blob/develop/libs/hw-ledger-key-ring-protocol/src/Device.ts#L216...L226\n    // Probably not needed for Ledger Sync\n    return Promise.resolve(\n      stream\n        .getPublishedKey(keypair)\n        .map((key) => key.privateKey)\n        .toEither(\n          new LKRPUnknownError(\n            \"There is no encryption key for the current member in the application stream.\",\n          ),\n        ),\n    );\n  }\n}\n"],
+  "mappings": "yaAAA,IAAAA,EAAA,GAAAC,EAAAD,EAAA,8BAAAE,IAAA,eAAAC,EAAAH,GAAA,IAAAI,EAAiC,kCAS1B,MAAMF,CAAyB,CACpC,MAAM,IAAIG,EAAkBC,EAAyB,CAInD,OAAO,QAAQ,QACbA,EACG,gBAAgBD,CAAO,EACvB,IAAKE,GAAQA,EAAI,UAAU,EAC3B,SACC,IAAI,mBACF,8EACF,CACF,CACJ,CACF,CACF",
+  "names": ["ExtractEncryptionKeyTask_exports", "__export", "ExtractEncryptionKeyTask", "__toCommonJS", "import_Errors", "keypair", "stream", "key"]
 }

package/lib/cjs/internal/app-binder/task/InitTask.js

@@ -1,2 +1,2 @@
-"use strict";var a=Object.defineProperty;var c=Object.getOwnPropertyDescriptor;var y=Object.getOwnPropertyNames;var u=Object.prototype.hasOwnProperty;var v=(e,r)=>{for(var t in r)a(e,t,{get:r[t],enumerable:!0})},K=(e,r,t,p)=>{if(r&&typeof r=="object"||typeof r=="function")for(let i of y(r))!u.call(e,i)&&i!==t&&a(e,i,{get:()=>r[i],enumerable:!(p=c(r,i))||p.enumerable});return e};var d=e=>K(a({},"__esModule",{value:!0}),e);var C={};v(C,{InitTask:()=>l});module.exports=d(C);var m=require("@ledgerhq/device-management-kit"),o=require("purify-ts"),n=require("../../../api/crypto/CryptoService"),s=require("../../app-binder/command/InitCommand");class l{constructor(r,t){this.api=r;this.cryptoService=t}async run(){const r=await this.cryptoService.createKeyPair(n.Curve.K256),t=await this.api.sendCommand(new s.InitCommand({publicKey:r.getPublicKey()}));return t.status!==m.CommandResultStatus.Success?(0,o.Left)(t.error):(0,o.Right)(r)}}0&&(module.exports={InitTask});
+"use strict";var a=Object.defineProperty;var y=Object.getOwnPropertyDescriptor;var c=Object.getOwnPropertyNames;var u=Object.prototype.hasOwnProperty;var d=(t,r)=>{for(var e in r)a(t,e,{get:r[e],enumerable:!0})},K=(t,r,e,m)=>{if(r&&typeof r=="object"||typeof r=="function")for(let o of c(r))!u.call(t,o)&&o!==e&&a(t,o,{get:()=>r[o],enumerable:!(m=y(r,o))||m.enumerable});return t};var f=t=>K(a({},"__esModule",{value:!0}),t);var C={};d(C,{InitTask:()=>l});module.exports=f(C);var p=require("@ledgerhq/device-management-kit"),i=require("purify-ts"),n=require("../../app-binder/command/InitCommand"),s=require("../../utils/crypto");class l{constructor(r){this.api=r}async run(){const r=s.CryptoUtils.randomKeypair(),e=await this.api.sendCommand(new n.InitCommand({publicKey:r.pubKeyToU8a()}));return e.status!==p.CommandResultStatus.Success?(0,i.Left)(e.error):(0,i.Right)(r)}}0&&(module.exports={InitTask});
 //# sourceMappingURL=InitTask.js.map

package/lib/cjs/internal/app-binder/task/InitTask.js.map

@@ -1,7 +1,7 @@
 {
   "version": 3,
   "sources": ["../../../../../src/internal/app-binder/task/InitTask.ts"],
-  "sourcesContent": ["import {\n  CommandResultStatus,\n  type InternalApi,\n} from \"@ledgerhq/device-management-kit\";\nimport { type Either, Left, Right } from \"purify-ts\";\n\nimport { type CryptoService, Curve } from \"@api/crypto/CryptoService\";\nimport { type KeyPair } from \"@api/crypto/KeyPair\";\nimport { InitCommand } from \"@internal/app-binder/command/InitCommand\";\nimport { type LKRPDeviceCommandError } from \"@internal/app-binder/command/utils/ledgerKeyringProtocolErrors\";\n\nexport class InitTask {\n  constructor(\n    private readonly api: InternalApi,\n    private readonly cryptoService: CryptoService,\n  ) {}\n\n  async run(): Promise<Either<LKRPDeviceCommandError, KeyPair>> {\n    const sessionKeypair = await this.cryptoService.createKeyPair(Curve.K256);\n    const response = await this.api.sendCommand(\n      new InitCommand({ publicKey: sessionKeypair.getPublicKey() }),\n    );\n\n    return response.status !== CommandResultStatus.Success\n      ? Left(response.error)\n      : Right(sessionKeypair);\n  }\n}\n"],
-  "mappings": "yaAAA,IAAAA,EAAA,GAAAC,EAAAD,EAAA,cAAAE,IAAA,eAAAC,EAAAH,GAAA,IAAAI,EAGO,2CACPC,EAAyC,qBAEzCC,EAA0C,qCAE1CC,EAA4B,oDAGrB,MAAML,CAAS,CACpB,YACmBM,EACAC,EACjB,CAFiB,SAAAD,EACA,mBAAAC,CAChB,CAEH,MAAM,KAAwD,CAC5D,MAAMC,EAAiB,MAAM,KAAK,cAAc,cAAc,QAAM,IAAI,EAClEC,EAAW,MAAM,KAAK,IAAI,YAC9B,IAAI,cAAY,CAAE,UAAWD,EAAe,aAAa,CAAE,CAAC,CAC9D,EAEA,OAAOC,EAAS,SAAW,sBAAoB,WAC3C,QAAKA,EAAS,KAAK,KACnB,SAAMD,CAAc,CAC1B,CACF",
-  "names": ["InitTask_exports", "__export", "InitTask", "__toCommonJS", "import_device_management_kit", "import_purify_ts", "import_CryptoService", "import_InitCommand", "api", "cryptoService", "sessionKeypair", "response"]
+  "sourcesContent": ["import {\n  CommandResultStatus,\n  type InternalApi,\n} from \"@ledgerhq/device-management-kit\";\nimport { type Either, Left, Right } from \"purify-ts\";\n\nimport { type Keypair } from \"@api/index\";\nimport { InitCommand } from \"@internal/app-binder/command/InitCommand\";\nimport { type LKRPDeviceCommandError } from \"@internal/app-binder/command/utils/ledgerKeyringProtocolErrors\";\nimport { CryptoUtils } from \"@internal/utils/crypto\";\n\nexport class InitTask {\n  constructor(private readonly api: InternalApi) {}\n\n  async run(): Promise<Either<LKRPDeviceCommandError, Keypair>> {\n    const sessionKeypair = CryptoUtils.randomKeypair();\n    const response = await this.api.sendCommand(\n      new InitCommand({ publicKey: sessionKeypair.pubKeyToU8a() }),\n    );\n\n    return response.status !== CommandResultStatus.Success\n      ? Left(response.error)\n      : Right(sessionKeypair);\n  }\n}\n"],
+  "mappings": "yaAAA,IAAAA,EAAA,GAAAC,EAAAD,EAAA,cAAAE,IAAA,eAAAC,EAAAH,GAAA,IAAAI,EAGO,2CACPC,EAAyC,qBAGzCC,EAA4B,oDAE5BC,EAA4B,kCAErB,MAAML,CAAS,CACpB,YAA6BM,EAAkB,CAAlB,SAAAA,CAAmB,CAEhD,MAAM,KAAwD,CAC5D,MAAMC,EAAiB,cAAY,cAAc,EAC3CC,EAAW,MAAM,KAAK,IAAI,YAC9B,IAAI,cAAY,CAAE,UAAWD,EAAe,YAAY,CAAE,CAAC,CAC7D,EAEA,OAAOC,EAAS,SAAW,sBAAoB,WAC3C,QAAKA,EAAS,KAAK,KACnB,SAAMD,CAAc,CAC1B,CACF",
+  "names": ["InitTask_exports", "__export", "InitTask", "__toCommonJS", "import_device_management_kit", "import_purify_ts", "import_InitCommand", "import_crypto", "api", "sessionKeypair", "response"]
 }

package/lib/cjs/internal/app-binder/task/ParseStreamToDeviceTask.js

@@ -1,2 +1,2 @@
-"use strict";var m=Object.defineProperty;var h=Object.getOwnPropertyDescriptor;var l=Object.getOwnPropertyNames;var k=Object.prototype.hasOwnProperty;var S=(n,t)=>{for(var r in t)m(n,r,{get:t[r],enumerable:!0})},T=(n,t,r,e)=>{if(t&&typeof t=="object"||typeof t=="function")for(let a of l(t))!k.call(n,a)&&a!==r&&m(n,a,{get:()=>t[a],enumerable:!(e=h(t,a))||e.enumerable});return n};var g=n=>T(m({},"__esModule",{value:!0}),n);var E={};S(E,{ParseStreamToDeviceTask:()=>R});module.exports=g(E);var o=require("@ledgerhq/device-management-kit"),s=require("purify-ts"),i=require("../../../api/model/Errors"),u=require("../../app-binder/command/ParseBlockSignatureCommand"),c=require("../../app-binder/command/ParseStreamBlockCommand"),d=require("../../app-binder/command/ParseStreamBlockHeader"),p=require("../../app-binder/command/SetTrustedMemberCommand"),P=require("../../utils/eitherSeqRecord"),f=require("./utils/TrustedProperties");class R{constructor(t){this.api=t}lastTrustedMember=null;trustedMembers=new Map;run({seedBlock:t,applicationStream:r}){return this.parseBlock(t).chain(()=>r?this.parseStream(r):s.EitherAsync.liftEither((0,s.Right)(void 0)))}parseStream(t){return s.EitherAsync.liftEither(t.parse()).chain(r=>s.EitherAsync.sequence(r.map(e=>this.parseBlock(e))))}parseBlock(t){return s.EitherAsync.liftEither(t.parse()).chain(r=>this.setTrustedMember((0,o.bufferToHexaString)(r.issuer,!1)).map(()=>r)).chain(async r=>{try{const e=await this.api.sendCommand(new d.ParseBlockHeaderCommand(r));if(e.status!==o.CommandResultStatus.Success)return(0,s.Left)(e.error)}catch(e){return(0,s.Left)(new i.LKRPUnknownError(String(e)))}return(0,s.Right)(r)}).chain(r=>s.EitherAsync.sequence(r.commands.map(e=>this.parseCommand(e,(0,o.bufferToHexaString)(r.issuer,!1)))).map(()=>r)).chain(async r=>{try{const e=await this.api.sendCommand(new u.ParseBlockSignatureCommand(r));if(e.status!==o.CommandResultStatus.Success)return(0,s.Left)(e.error)}catch(e){return(0,s.Left)(new i.LKRPUnknownError(String(e)))}return(0,s.Right)(void 0)})}parseCommand(t,r){const e=t.getPublicKey().orDefault(r);return this.setTrustedMember(e).chain(async()=>{try{const a=await this.api.sendCommand(new c.ParseSingleCommand({command:t.toU8A()}));return a.status!==o.CommandResultStatus.Success?(0,s.Left)(a.error):this.recordTrustedMembers(e,a.data)}catch(a){return(0,s.Left)(new i.LKRPUnknownError(String(a)))}})}setTrustedMember(t){return s.EitherAsync.fromPromise(async()=>{if(t===this.lastTrustedMember)return(0,s.Right)(void 0);const r=this.trustedMembers.get(t);if(!r)return(0,s.Right)(void 0);try{const e=await this.api.sendCommand(new p.SetTrustedMemberCommand(r));if(e.status!==o.CommandResultStatus.Success)return(0,s.Left)(e.error)}catch(e){return(0,s.Left)(new i.LKRPUnknownError(String(e)))}return(0,s.Right)(void 0)})}recordTrustedMembers(t,r){if(this.lastTrustedMember=t,r.length===0||this.trustedMembers.has(t))return(0,s.Right)(void 0);const e=new f.TrustedProperties(r);return(0,P.eitherSeqRecord)({iv:()=>e.getIv(),memberTlv:()=>e.getNewMember()}).ifRight(a=>this.trustedMembers.set(t,a))}}0&&(module.exports={ParseStreamToDeviceTask});
+"use strict";var m=Object.defineProperty;var l=Object.getOwnPropertyDescriptor;var k=Object.getOwnPropertyNames;var S=Object.prototype.hasOwnProperty;var T=(n,t)=>{for(var r in t)m(n,r,{get:t[r],enumerable:!0})},g=(n,t,r,e)=>{if(t&&typeof t=="object"||typeof t=="function")for(let a of k(t))!S.call(n,a)&&a!==r&&m(n,a,{get:()=>t[a],enumerable:!(e=l(t,a))||e.enumerable});return n};var R=n=>g(m({},"__esModule",{value:!0}),n);var L={};T(L,{ParseStreamToDeviceTask:()=>E});module.exports=R(L);var o=require("@ledgerhq/device-management-kit"),s=require("purify-ts"),i=require("../../../api/app-binder/Errors"),c=require("../../app-binder/command/ParseBlockSignatureCommand"),d=require("../../app-binder/command/ParseStreamBlockCommand"),p=require("../../app-binder/command/ParseStreamBlockHeader"),P=require("../../app-binder/command/SetTrustedMemberCommand"),h=require("../../utils/eitherSeqRecord"),u=require("../../utils/hex"),f=require("./utils/TrustedProperties");class E{constructor(t){this.api=t}lastTrustedMember=null;trustedMembers=new Map;run({seedBlock:t,applicationStream:r}){return this.parseBlock(t).chain(()=>r?this.parseStream(r):s.EitherAsync.liftEither((0,s.Right)(void 0)))}parseStream(t){return s.EitherAsync.liftEither(t.parse()).chain(r=>s.EitherAsync.sequence(r.map(e=>this.parseBlock(e))))}parseBlock(t){return s.EitherAsync.liftEither(t.parse()).chain(r=>this.setTrustedMember((0,u.bytesToHex)(r.issuer)).map(()=>r)).chain(async r=>{try{const e=await this.api.sendCommand(new p.ParseBlockHeaderCommand(r));if(e.status!==o.CommandResultStatus.Success)return(0,s.Left)(e.error)}catch(e){return(0,s.Left)(new i.LKRPUnknownError(String(e)))}return(0,s.Right)(r)}).chain(r=>s.EitherAsync.sequence(r.commands.map(e=>this.parseCommand(e,(0,u.bytesToHex)(r.issuer)))).map(()=>r)).chain(async r=>{try{const e=await this.api.sendCommand(new c.ParseBlockSignatureCommand(r));if(e.status!==o.CommandResultStatus.Success)return(0,s.Left)(e.error)}catch(e){return(0,s.Left)(new i.LKRPUnknownError(String(e)))}return(0,s.Right)(void 0)})}parseCommand(t,r){const e=t.getPublicKey().orDefault(r);return this.setTrustedMember(e).chain(async()=>{try{const a=await this.api.sendCommand(new d.ParseSingleCommand({command:t.toU8A()}));return a.status!==o.CommandResultStatus.Success?(0,s.Left)(a.error):this.recordTrustedMembers(e,a.data)}catch(a){return(0,s.Left)(new i.LKRPUnknownError(String(a)))}})}setTrustedMember(t){return s.EitherAsync.fromPromise(async()=>{if(t===this.lastTrustedMember)return(0,s.Right)(void 0);const r=this.trustedMembers.get(t);if(!r)return(0,s.Right)(void 0);try{const e=await this.api.sendCommand(new P.SetTrustedMemberCommand(r));if(e.status!==o.CommandResultStatus.Success)return(0,s.Left)(e.error)}catch(e){return(0,s.Left)(new i.LKRPUnknownError(String(e)))}return(0,s.Right)(void 0)})}recordTrustedMembers(t,r){if(this.lastTrustedMember=t,r.length===0||this.trustedMembers.has(t))return(0,s.Right)(void 0);const e=new f.TrustedProperties(r);return(0,h.eitherSeqRecord)({iv:()=>e.getIv(),memberTlv:()=>e.getNewMember()}).ifRight(a=>this.trustedMembers.set(t,a))}}0&&(module.exports={ParseStreamToDeviceTask});
 //# sourceMappingURL=ParseStreamToDeviceTask.js.map

package/lib/cjs/internal/app-binder/task/ParseStreamToDeviceTask.js.map

@@ -1,7 +1,7 @@
 {
   "version": 3,
   "sources": ["../../../../../src/internal/app-binder/task/ParseStreamToDeviceTask.ts"],
-  "sourcesContent": ["import {\n  bufferToHexaString,\n  CommandResultStatus,\n  type InternalApi,\n} from \"@ledgerhq/device-management-kit\";\nimport { type Either, EitherAsync, Left, Right } from \"purify-ts\";\n\nimport {\n  type LKRPMissingDataError,\n  type LKRPParsingError,\n  LKRPUnknownError,\n} from \"@api/model/Errors\";\nimport { ParseBlockSignatureCommand } from \"@internal/app-binder/command/ParseBlockSignatureCommand\";\nimport { ParseSingleCommand } from \"@internal/app-binder/command/ParseStreamBlockCommand\";\nimport { ParseBlockHeaderCommand } from \"@internal/app-binder/command/ParseStreamBlockHeader\";\nimport {\n  SetTrustedMemberCommand,\n  type SetTrustedMemberCommandArgs,\n} from \"@internal/app-binder/command/SetTrustedMemberCommand\";\nimport { type LKRPDeviceCommandError } from \"@internal/app-binder/command/utils/ledgerKeyringProtocolErrors\";\nimport { type LKRPBlockParsedData } from \"@internal/models/LKRPBlockTypes\";\nimport { eitherSeqRecord } from \"@internal/utils/eitherSeqRecord\";\nimport { type LKRPBlock } from \"@internal/utils/LKRPBlock\";\nimport { type LKRPBlockStream } from \"@internal/utils/LKRPBlockStream\";\nimport { type LKRPCommand } from \"@internal/utils/LKRPCommand\";\n\nimport { TrustedProperties } from \"./utils/TrustedProperties\";\n\nexport type ParseStreamToDeviceTaskInput = {\n  seedBlock: LKRPBlock; // The seed block is mandatory for now because the trustchain creation / parse empty stream are not yet implemented\n  applicationStream: LKRPBlockStream | null;\n};\n\ntype ParseStreamTaskError =\n  | LKRPDeviceCommandError\n  | LKRPParsingError\n  | LKRPMissingDataError\n  | LKRPUnknownError;\n\nexport class ParseStreamToDeviceTask {\n  private lastTrustedMember: string | null = null;\n  private trustedMembers = new Map<string, SetTrustedMemberCommandArgs>();\n\n  constructor(private readonly api: InternalApi) {}\n\n  run({ seedBlock, applicationStream }: ParseStreamToDeviceTaskInput) {\n    return this.parseBlock(seedBlock).chain<ParseStreamTaskError, unknown>(\n      () =>\n        applicationStream\n          ? this.parseStream(applicationStream)\n          : EitherAsync.liftEither(Right(undefined)),\n    );\n  }\n\n  parseStream(stream: LKRPBlockStream) {\n    return EitherAsync.liftEither(stream.parse()).chain<\n      ParseStreamTaskError,\n      unknown\n    >((blocks) =>\n      EitherAsync.sequence(blocks.map((block) => this.parseBlock(block))),\n    );\n  }\n\n  parseBlock(block: LKRPBlock) {\n    return (\n      EitherAsync.liftEither(block.parse())\n\n        .chain<ParseStreamTaskError, LKRPBlockParsedData>((data) =>\n          this.setTrustedMember(bufferToHexaString(data.issuer, false)).map(\n            () => data,\n          ),\n        )\n\n        // Parse the block header\n        .chain<ParseStreamTaskError, LKRPBlockParsedData>(async (data) => {\n          try {\n            const response = await this.api.sendCommand(\n              new ParseBlockHeaderCommand(data),\n            );\n            if (response.status !== CommandResultStatus.Success) {\n              return Left(response.error);\n            }\n          } catch (error) {\n            return Left(new LKRPUnknownError(String(error)));\n          }\n          return Right(data);\n        })\n\n        // Parse each command\n        .chain<ParseStreamTaskError, LKRPBlockParsedData>((data) =>\n          EitherAsync.sequence(\n            data.commands.map((command) =>\n              this.parseCommand(\n                command,\n                bufferToHexaString(data.issuer, false),\n              ),\n            ),\n          ).map(() => data),\n        )\n\n        // Parse the block signature\n        .chain<ParseStreamTaskError, void>(async (data) => {\n          try {\n            const response = await this.api.sendCommand(\n              new ParseBlockSignatureCommand(data),\n            );\n            if (response.status !== CommandResultStatus.Success) {\n              return Left(response.error);\n            }\n          } catch (error) {\n            return Left(new LKRPUnknownError(String(error)));\n          }\n          return Right(undefined);\n        })\n    );\n  }\n\n  parseCommand(command: LKRPCommand, blockIssuer: string) {\n    const publicKey = command.getPublicKey().orDefault(blockIssuer);\n\n    // Parse the command\n    return this.setTrustedMember(publicKey).chain<\n      ParseStreamTaskError,\n      unknown\n    >(async () => {\n      try {\n        const response = await this.api.sendCommand(\n          new ParseSingleCommand({ command: command.toU8A() }),\n        );\n        if (response.status !== CommandResultStatus.Success) {\n          return Left(response.error);\n        }\n        return this.recordTrustedMembers(publicKey, response.data);\n      } catch (error) {\n        return Left(new LKRPUnknownError(String(error)));\n      }\n    });\n  }\n\n  setTrustedMember(publicKey: string) {\n    // NOTE: Set Trusted Member only when needed\n    // i.e: when this command wasn't signed by the device (see recordTrustedMembers NOTE) nor the last trusted member\n    return EitherAsync.fromPromise<ParseStreamTaskError, void>(async () => {\n      if (publicKey === this.lastTrustedMember) {\n        return Right(undefined);\n      }\n      const trustedMember = this.trustedMembers.get(publicKey);\n      if (!trustedMember) {\n        return Right(undefined);\n      }\n      try {\n        const response = await this.api.sendCommand(\n          new SetTrustedMemberCommand(trustedMember),\n        );\n        if (response.status !== CommandResultStatus.Success) {\n          return Left(response.error);\n        }\n      } catch (error) {\n        return Left(new LKRPUnknownError(String(error)));\n      }\n      return Right(undefined);\n    });\n  }\n\n  recordTrustedMembers(\n    publicKey: string,\n    trustedPropsBytes: Uint8Array,\n  ): Either<LKRPParsingError | LKRPMissingDataError, unknown> {\n    this.lastTrustedMember = publicKey;\n\n    // NOTE: Whenever a command which was signed by the device is parsed on the same device\n    // the parse block apdu returns empty trusted properties.\n    // Therefore this function will never record the device as a trusted member.\n    // (which is fine because the device doesn't need to set itself as a trusted member).\n    if (trustedPropsBytes.length === 0 || this.trustedMembers.has(publicKey)) {\n      return Right(undefined);\n    }\n\n    const trustedProps = new TrustedProperties(trustedPropsBytes);\n    return eitherSeqRecord({\n      iv: () => trustedProps.getIv(),\n      memberTlv: () => trustedProps.getNewMember(),\n    }).ifRight((trustedMember) =>\n      this.trustedMembers.set(publicKey, trustedMember),\n    );\n  }\n}\n"],
-  "mappings": "yaAAA,IAAAA,EAAA,GAAAC,EAAAD,EAAA,6BAAAE,IAAA,eAAAC,EAAAH,GAAA,IAAAI,EAIO,2CACPC,EAAsD,qBAEtDC,EAIO,6BACPC,EAA2C,mEAC3CC,EAAmC,gEACnCC,EAAwC,+DACxCC,EAGO,gEAGPC,EAAgC,2CAKhCC,EAAkC,qCAa3B,MAAMV,CAAwB,CAInC,YAA6BW,EAAkB,CAAlB,SAAAA,CAAmB,CAHxC,kBAAmC,KACnC,eAAiB,IAAI,IAI7B,IAAI,CAAE,UAAAC,EAAW,kBAAAC,CAAkB,EAAiC,CAClE,OAAO,KAAK,WAAWD,CAAS,EAAE,MAChC,IACEC,EACI,KAAK,YAAYA,CAAiB,EAClC,cAAY,cAAW,SAAM,MAAS,CAAC,CAC/C,CACF,CAEA,YAAYC,EAAyB,CACnC,OAAO,cAAY,WAAWA,EAAO,MAAM,CAAC,EAAE,MAG3CC,GACD,cAAY,SAASA,EAAO,IAAKC,GAAU,KAAK,WAAWA,CAAK,CAAC,CAAC,CACpE,CACF,CAEA,WAAWA,EAAkB,CAC3B,OACE,cAAY,WAAWA,EAAM,MAAM,CAAC,EAEjC,MAAkDC,GACjD,KAAK,oBAAiB,sBAAmBA,EAAK,OAAQ,EAAK,CAAC,EAAE,IAC5D,IAAMA,CACR,CACF,EAGC,MAAiD,MAAOA,GAAS,CAChE,GAAI,CACF,MAAMC,EAAW,MAAM,KAAK,IAAI,YAC9B,IAAI,0BAAwBD,CAAI,CAClC,EACA,GAAIC,EAAS,SAAW,sBAAoB,QAC1C,SAAO,QAAKA,EAAS,KAAK,CAE9B,OAASC,EAAO,CACd,SAAO,QAAK,IAAI,mBAAiB,OAAOA,CAAK,CAAC,CAAC,CACjD,CACA,SAAO,SAAMF,CAAI,CACnB,CAAC,EAGA,MAAkDA,GACjD,cAAY,SACVA,EAAK,SAAS,IAAKG,GACjB,KAAK,aACHA,KACA,sBAAmBH,EAAK,OAAQ,EAAK,CACvC,CACF,CACF,EAAE,IAAI,IAAMA,CAAI,CAClB,EAGC,MAAkC,MAAOA,GAAS,CACjD,GAAI,CACF,MAAMC,EAAW,MAAM,KAAK,IAAI,YAC9B,IAAI,6BAA2BD,CAAI,CACrC,EACA,GAAIC,EAAS,SAAW,sBAAoB,QAC1C,SAAO,QAAKA,EAAS,KAAK,CAE9B,OAASC,EAAO,CACd,SAAO,QAAK,IAAI,mBAAiB,OAAOA,CAAK,CAAC,CAAC,CACjD,CACA,SAAO,SAAM,MAAS,CACxB,CAAC,CAEP,CAEA,aAAaC,EAAsBC,EAAqB,CACtD,MAAMC,EAAYF,EAAQ,aAAa,EAAE,UAAUC,CAAW,EAG9D,OAAO,KAAK,iBAAiBC,CAAS,EAAE,MAGtC,SAAY,CACZ,GAAI,CACF,MAAMJ,EAAW,MAAM,KAAK,IAAI,YAC9B,IAAI,qBAAmB,CAAE,QAASE,EAAQ,MAAM,CAAE,CAAC,CACrD,EACA,OAAIF,EAAS,SAAW,sBAAoB,WACnC,QAAKA,EAAS,KAAK,EAErB,KAAK,qBAAqBI,EAAWJ,EAAS,IAAI,CAC3D,OAASC,EAAO,CACd,SAAO,QAAK,IAAI,mBAAiB,OAAOA,CAAK,CAAC,CAAC,CACjD,CACF,CAAC,CACH,CAEA,iBAAiBG,EAAmB,CAGlC,OAAO,cAAY,YAAwC,SAAY,CACrE,GAAIA,IAAc,KAAK,kBACrB,SAAO,SAAM,MAAS,EAExB,MAAMC,EAAgB,KAAK,eAAe,IAAID,CAAS,EACvD,GAAI,CAACC,EACH,SAAO,SAAM,MAAS,EAExB,GAAI,CACF,MAAML,EAAW,MAAM,KAAK,IAAI,YAC9B,IAAI,0BAAwBK,CAAa,CAC3C,EACA,GAAIL,EAAS,SAAW,sBAAoB,QAC1C,SAAO,QAAKA,EAAS,KAAK,CAE9B,OAASC,EAAO,CACd,SAAO,QAAK,IAAI,mBAAiB,OAAOA,CAAK,CAAC,CAAC,CACjD,CACA,SAAO,SAAM,MAAS,CACxB,CAAC,CACH,CAEA,qBACEG,EACAE,EAC0D,CAO1D,GANA,KAAK,kBAAoBF,EAMrBE,EAAkB,SAAW,GAAK,KAAK,eAAe,IAAIF,CAAS,EACrE,SAAO,SAAM,MAAS,EAGxB,MAAMG,EAAe,IAAI,oBAAkBD,CAAiB,EAC5D,SAAO,mBAAgB,CACrB,GAAI,IAAMC,EAAa,MAAM,EAC7B,UAAW,IAAMA,EAAa,aAAa,CAC7C,CAAC,EAAE,QAASF,GACV,KAAK,eAAe,IAAID,EAAWC,CAAa,CAClD,CACF,CACF",
-  "names": ["ParseStreamToDeviceTask_exports", "__export", "ParseStreamToDeviceTask", "__toCommonJS", "import_device_management_kit", "import_purify_ts", "import_Errors", "import_ParseBlockSignatureCommand", "import_ParseStreamBlockCommand", "import_ParseStreamBlockHeader", "import_SetTrustedMemberCommand", "import_eitherSeqRecord", "import_TrustedProperties", "api", "seedBlock", "applicationStream", "stream", "blocks", "block", "data", "response", "error", "command", "blockIssuer", "publicKey", "trustedMember", "trustedPropsBytes", "trustedProps"]
+  "sourcesContent": ["import {\n  CommandResultStatus,\n  type InternalApi,\n} from \"@ledgerhq/device-management-kit\";\nimport { type Either, EitherAsync, Left, Right } from \"purify-ts\";\n\nimport {\n  type LKRPMissingDataError,\n  type LKRPParsingError,\n  LKRPUnknownError,\n} from \"@api/app-binder/Errors\";\nimport { type SetTrustedMemberCommandArgs } from \"@api/app-binder/SetTrustedMemberTypes\";\nimport { ParseBlockSignatureCommand } from \"@internal/app-binder/command/ParseBlockSignatureCommand\";\nimport { ParseSingleCommand } from \"@internal/app-binder/command/ParseStreamBlockCommand\";\nimport { ParseBlockHeaderCommand } from \"@internal/app-binder/command/ParseStreamBlockHeader\";\nimport { SetTrustedMemberCommand } from \"@internal/app-binder/command/SetTrustedMemberCommand\";\nimport { type LKRPDeviceCommandError } from \"@internal/app-binder/command/utils/ledgerKeyringProtocolErrors\";\nimport { type LKRPBlockParsedData } from \"@internal/models/LKRPBlockTypes\";\nimport { eitherSeqRecord } from \"@internal/utils/eitherSeqRecord\";\nimport { bytesToHex } from \"@internal/utils/hex\";\nimport { type LKRPBlock } from \"@internal/utils/LKRPBlock\";\nimport { type LKRPBlockStream } from \"@internal/utils/LKRPBlockStream\";\nimport { type LKRPCommand } from \"@internal/utils/LKRPCommand\";\n\nimport { TrustedProperties } from \"./utils/TrustedProperties\";\n\nexport type ParseStreamToDeviceTaskInput = {\n  seedBlock: LKRPBlock; // The seed block is mandatory for now because the trustchain creation / parse empty stream are not yet implemented\n  applicationStream: LKRPBlockStream | null;\n};\n\ntype ParseStreamTaskError =\n  | LKRPDeviceCommandError\n  | LKRPParsingError\n  | LKRPMissingDataError\n  | LKRPUnknownError;\n\nexport class ParseStreamToDeviceTask {\n  private lastTrustedMember: string | null = null;\n  private trustedMembers = new Map<string, SetTrustedMemberCommandArgs>();\n\n  constructor(private readonly api: InternalApi) {}\n\n  run({ seedBlock, applicationStream }: ParseStreamToDeviceTaskInput) {\n    return this.parseBlock(seedBlock).chain<ParseStreamTaskError, unknown>(\n      () =>\n        applicationStream\n          ? this.parseStream(applicationStream)\n          : EitherAsync.liftEither(Right(undefined)),\n    );\n  }\n\n  parseStream(stream: LKRPBlockStream) {\n    return EitherAsync.liftEither(stream.parse()).chain<\n      ParseStreamTaskError,\n      unknown\n    >((blocks) =>\n      EitherAsync.sequence(blocks.map((block) => this.parseBlock(block))),\n    );\n  }\n\n  parseBlock(block: LKRPBlock) {\n    return (\n      EitherAsync.liftEither(block.parse())\n\n        .chain<ParseStreamTaskError, LKRPBlockParsedData>((data) =>\n          this.setTrustedMember(bytesToHex(data.issuer)).map(() => data),\n        )\n\n        // Parse the block header\n        .chain<ParseStreamTaskError, LKRPBlockParsedData>(async (data) => {\n          try {\n            const response = await this.api.sendCommand(\n              new ParseBlockHeaderCommand(data),\n            );\n            if (response.status !== CommandResultStatus.Success) {\n              return Left(response.error);\n            }\n          } catch (error) {\n            return Left(new LKRPUnknownError(String(error)));\n          }\n          return Right(data);\n        })\n\n        // Parse each command\n        .chain<ParseStreamTaskError, LKRPBlockParsedData>((data) =>\n          EitherAsync.sequence(\n            data.commands.map((command) =>\n              this.parseCommand(command, bytesToHex(data.issuer)),\n            ),\n          ).map(() => data),\n        )\n\n        // Parse the block signature\n        .chain<ParseStreamTaskError, void>(async (data) => {\n          try {\n            const response = await this.api.sendCommand(\n              new ParseBlockSignatureCommand(data),\n            );\n            if (response.status !== CommandResultStatus.Success) {\n              return Left(response.error);\n            }\n          } catch (error) {\n            return Left(new LKRPUnknownError(String(error)));\n          }\n          return Right(undefined);\n        })\n    );\n  }\n\n  parseCommand(command: LKRPCommand, blockIssuer: string) {\n    const publicKey = command.getPublicKey().orDefault(blockIssuer);\n\n    // Parse the command\n    return this.setTrustedMember(publicKey).chain<\n      ParseStreamTaskError,\n      unknown\n    >(async () => {\n      try {\n        const response = await this.api.sendCommand(\n          new ParseSingleCommand({ command: command.toU8A() }),\n        );\n        if (response.status !== CommandResultStatus.Success) {\n          return Left(response.error);\n        }\n        return this.recordTrustedMembers(publicKey, response.data);\n      } catch (error) {\n        return Left(new LKRPUnknownError(String(error)));\n      }\n    });\n  }\n\n  setTrustedMember(publicKey: string) {\n    // NOTE: Set Trusted Member only when needed\n    // i.e: when this command wasn't signed by the device (see recordTrustedMembers NOTE) nor the last trusted member\n    return EitherAsync.fromPromise<ParseStreamTaskError, void>(async () => {\n      if (publicKey === this.lastTrustedMember) {\n        return Right(undefined);\n      }\n      const trustedMember = this.trustedMembers.get(publicKey);\n      if (!trustedMember) {\n        return Right(undefined);\n      }\n      try {\n        const response = await this.api.sendCommand(\n          new SetTrustedMemberCommand(trustedMember),\n        );\n        if (response.status !== CommandResultStatus.Success) {\n          return Left(response.error);\n        }\n      } catch (error) {\n        return Left(new LKRPUnknownError(String(error)));\n      }\n      return Right(undefined);\n    });\n  }\n\n  recordTrustedMembers(\n    publicKey: string,\n    trustedPropsBytes: Uint8Array,\n  ): Either<LKRPParsingError | LKRPMissingDataError, unknown> {\n    this.lastTrustedMember = publicKey;\n\n    // NOTE: Whenever a command which was signed by the device is parsed on the same device\n    // the parse block apdu returns empty trusted properties.\n    // Therefore this function will never record the device as a trusted member.\n    // (which is fine because the device doesn't need to set itself as a trusted member).\n    if (trustedPropsBytes.length === 0 || this.trustedMembers.has(publicKey)) {\n      return Right(undefined);\n    }\n\n    const trustedProps = new TrustedProperties(trustedPropsBytes);\n    return eitherSeqRecord({\n      iv: () => trustedProps.getIv(),\n      memberTlv: () => trustedProps.getNewMember(),\n    }).ifRight((trustedMember) =>\n      this.trustedMembers.set(publicKey, trustedMember),\n    );\n  }\n}\n"],
+  "mappings": "yaAAA,IAAAA,EAAA,GAAAC,EAAAD,EAAA,6BAAAE,IAAA,eAAAC,EAAAH,GAAA,IAAAI,EAGO,2CACPC,EAAsD,qBAEtDC,EAIO,kCAEPC,EAA2C,mEAC3CC,EAAmC,gEACnCC,EAAwC,+DACxCC,EAAwC,gEAGxCC,EAAgC,2CAChCC,EAA2B,+BAK3BC,EAAkC,qCAa3B,MAAMX,CAAwB,CAInC,YAA6BY,EAAkB,CAAlB,SAAAA,CAAmB,CAHxC,kBAAmC,KACnC,eAAiB,IAAI,IAI7B,IAAI,CAAE,UAAAC,EAAW,kBAAAC,CAAkB,EAAiC,CAClE,OAAO,KAAK,WAAWD,CAAS,EAAE,MAChC,IACEC,EACI,KAAK,YAAYA,CAAiB,EAClC,cAAY,cAAW,SAAM,MAAS,CAAC,CAC/C,CACF,CAEA,YAAYC,EAAyB,CACnC,OAAO,cAAY,WAAWA,EAAO,MAAM,CAAC,EAAE,MAG3CC,GACD,cAAY,SAASA,EAAO,IAAKC,GAAU,KAAK,WAAWA,CAAK,CAAC,CAAC,CACpE,CACF,CAEA,WAAWA,EAAkB,CAC3B,OACE,cAAY,WAAWA,EAAM,MAAM,CAAC,EAEjC,MAAkDC,GACjD,KAAK,oBAAiB,cAAWA,EAAK,MAAM,CAAC,EAAE,IAAI,IAAMA,CAAI,CAC/D,EAGC,MAAiD,MAAOA,GAAS,CAChE,GAAI,CACF,MAAMC,EAAW,MAAM,KAAK,IAAI,YAC9B,IAAI,0BAAwBD,CAAI,CAClC,EACA,GAAIC,EAAS,SAAW,sBAAoB,QAC1C,SAAO,QAAKA,EAAS,KAAK,CAE9B,OAASC,EAAO,CACd,SAAO,QAAK,IAAI,mBAAiB,OAAOA,CAAK,CAAC,CAAC,CACjD,CACA,SAAO,SAAMF,CAAI,CACnB,CAAC,EAGA,MAAkDA,GACjD,cAAY,SACVA,EAAK,SAAS,IAAKG,GACjB,KAAK,aAAaA,KAAS,cAAWH,EAAK,MAAM,CAAC,CACpD,CACF,EAAE,IAAI,IAAMA,CAAI,CAClB,EAGC,MAAkC,MAAOA,GAAS,CACjD,GAAI,CACF,MAAMC,EAAW,MAAM,KAAK,IAAI,YAC9B,IAAI,6BAA2BD,CAAI,CACrC,EACA,GAAIC,EAAS,SAAW,sBAAoB,QAC1C,SAAO,QAAKA,EAAS,KAAK,CAE9B,OAASC,EAAO,CACd,SAAO,QAAK,IAAI,mBAAiB,OAAOA,CAAK,CAAC,CAAC,CACjD,CACA,SAAO,SAAM,MAAS,CACxB,CAAC,CAEP,CAEA,aAAaC,EAAsBC,EAAqB,CACtD,MAAMC,EAAYF,EAAQ,aAAa,EAAE,UAAUC,CAAW,EAG9D,OAAO,KAAK,iBAAiBC,CAAS,EAAE,MAGtC,SAAY,CACZ,GAAI,CACF,MAAMJ,EAAW,MAAM,KAAK,IAAI,YAC9B,IAAI,qBAAmB,CAAE,QAASE,EAAQ,MAAM,CAAE,CAAC,CACrD,EACA,OAAIF,EAAS,SAAW,sBAAoB,WACnC,QAAKA,EAAS,KAAK,EAErB,KAAK,qBAAqBI,EAAWJ,EAAS,IAAI,CAC3D,OAASC,EAAO,CACd,SAAO,QAAK,IAAI,mBAAiB,OAAOA,CAAK,CAAC,CAAC,CACjD,CACF,CAAC,CACH,CAEA,iBAAiBG,EAAmB,CAGlC,OAAO,cAAY,YAAwC,SAAY,CACrE,GAAIA,IAAc,KAAK,kBACrB,SAAO,SAAM,MAAS,EAExB,MAAMC,EAAgB,KAAK,eAAe,IAAID,CAAS,EACvD,GAAI,CAACC,EACH,SAAO,SAAM,MAAS,EAExB,GAAI,CACF,MAAML,EAAW,MAAM,KAAK,IAAI,YAC9B,IAAI,0BAAwBK,CAAa,CAC3C,EACA,GAAIL,EAAS,SAAW,sBAAoB,QAC1C,SAAO,QAAKA,EAAS,KAAK,CAE9B,OAASC,EAAO,CACd,SAAO,QAAK,IAAI,mBAAiB,OAAOA,CAAK,CAAC,CAAC,CACjD,CACA,SAAO,SAAM,MAAS,CACxB,CAAC,CACH,CAEA,qBACEG,EACAE,EAC0D,CAO1D,GANA,KAAK,kBAAoBF,EAMrBE,EAAkB,SAAW,GAAK,KAAK,eAAe,IAAIF,CAAS,EACrE,SAAO,SAAM,MAAS,EAGxB,MAAMG,EAAe,IAAI,oBAAkBD,CAAiB,EAC5D,SAAO,mBAAgB,CACrB,GAAI,IAAMC,EAAa,MAAM,EAC7B,UAAW,IAAMA,EAAa,aAAa,CAC7C,CAAC,EAAE,QAASF,GACV,KAAK,eAAe,IAAID,EAAWC,CAAa,CAClD,CACF,CACF",
+  "names": ["ParseStreamToDeviceTask_exports", "__export", "ParseStreamToDeviceTask", "__toCommonJS", "import_device_management_kit", "import_purify_ts", "import_Errors", "import_ParseBlockSignatureCommand", "import_ParseStreamBlockCommand", "import_ParseStreamBlockHeader", "import_SetTrustedMemberCommand", "import_eitherSeqRecord", "import_hex", "import_TrustedProperties", "api", "seedBlock", "applicationStream", "stream", "blocks", "block", "data", "response", "error", "command", "blockIssuer", "publicKey", "trustedMember", "trustedPropsBytes", "trustedProps"]
 }

package/lib/cjs/internal/app-binder/task/SignBlockTask.js

@@ -1,2 +1,2 @@
-"use strict";var h=Object.defineProperty;var k=Object.getOwnPropertyDescriptor;var f=Object.getOwnPropertyNames;var A=Object.prototype.hasOwnProperty;var w=(s,r)=>{for(var e in r)h(s,e,{get:r[e],enumerable:!0})},B=(s,r,e,i)=>{if(r&&typeof r=="object"||typeof r=="function")for(let n of f(r))!A.call(s,n)&&n!==e&&h(s,n,{get:()=>r[n],enumerable:!(i=k(r,n))||i.enumerable});return s};var b=s=>B(h({},"__esModule",{value:!0}),s);var R={};w(R,{SignBlockTask:()=>D});module.exports=b(R);var g=require("@ledgerhq/device-management-kit"),t=require("purify-ts"),E=require("../../../api/crypto/CryptoService"),a=require("../../../api/model/Errors"),P=require("../../app-binder/command/SignBlockHeader"),v=require("../../app-binder/command/SignBlockSignatureCommand"),C=require("../../app-binder/command/SignBlockSingleCommand"),o=require("../../models/Tags"),y=require("../../utils/eitherSeqRecord"),K=require("../../utils/LKRPBlock"),p=require("../../utils/LKRPCommand"),S=require("./utils/TrustedProperties");class D{constructor(r,e){this.api=r;this.cryptoService=e}run({lkrpDataSource:r,trustchainId:e,path:i,jwt:n,parent:c,blockFlow:u,sessionKeypair:l}){const m=this.signCommands(i,u);return(0,y.eitherAsyncSeqRecord)({header:this.signBlockHeader(c,m.length),commands:t.EitherAsync.sequence(m),signature:this.signBlockSignature(l)}).chain(async d=>this.decryptBlock(c,d)).chain(d=>{switch(u.type){case"derive":return r.postDerivation(e,d,n);case"addMember":return r.putCommands(e,i,d,n)}}).mapLeft(d=>d instanceof a.LKRPDataSourceError&&d.status==="BAD_REQUEST"?new a.LKRPOutdatedTrustchainError:d)}signBlockHeader(r,e){return t.EitherAsync.fromPromise(async()=>{try{const i=await this.api.sendCommand(new P.SignBlockHeaderCommand({parent:r,commandCount:e}));if(i.status!==g.CommandResultStatus.Success)return(0,t.Left)(i.error);const n=new S.TrustedProperties(i.data);return(0,y.eitherSeqRecord)({iv:()=>n.getIv(),issuer:()=>n.getIssuer()})}catch(i){return(0,t.Left)(new a.LKRPUnknownError(String(i)))}})}signBlockSignature(r){return t.EitherAsync.fromPromise(async()=>{try{const e=await this.api.sendCommand(new v.SignBlockSignatureCommand);if(e.status!==g.CommandResultStatus.Success)return(0,t.Left)(e.error);const{signature:i,deviceSessionKey:n}=e.data,c=(await r.deriveSharedSecret(n)).slice(1);return(0,t.Right)({signature:i,secret:c})}catch(e){return(0,t.Left)(new a.LKRPUnknownError(String(e)))}})}signCommands(r,e){switch(e.type){case"derive":return[this.signDeriveCommand(r),this.signAddMemberCommand(e.data),this.signPublishKeyCommand(e.data)];case"addMember":return[this.signAddMemberCommand(e.data),this.signPublishKeyCommand(e.data)]}}signSingleCommand(r){return t.EitherAsync.fromPromise(async()=>{try{const e=await this.api.sendCommand(new C.SignBlockSingleCommand({command:r}));return e.status!==g.CommandResultStatus.Success?(0,t.Left)(e.error):(0,t.Right)(new S.TrustedProperties(e.data))}catch(e){return(0,t.Left)(new a.LKRPUnknownError(String(e)))}})}signDeriveCommand(r){return this.signSingleCommand(p.LKRPCommand.bytesFromUnsignedData({type:o.CommandTags.Derive,path:r})).chain(e=>t.EitherAsync.liftEither((0,y.eitherSeqRecord)({type:o.CommandTags.Derive,path:r,iv:()=>e.getIv(),xpriv:()=>e.getXPriv(),ephemeralPublicKey:()=>e.getEphemeralPublicKey(),commandIv:()=>e.getCommandIv(),groupKey:()=>e.getGroupKey(),newMember:()=>e.getNewMember()})))}signAddMemberCommand({name:r,publicKey:e,permissions:i}){return this.signSingleCommand(p.LKRPCommand.bytesFromUnsignedData({type:o.CommandTags.AddMember,name:r,publicKey:e,permissions:i})).chain(n=>t.EitherAsync.liftEither((0,y.eitherSeqRecord)({type:o.CommandTags.AddMember,name:r,publicKey:e,permissions:i,iv:()=>n.getIv(),newMember:()=>n.getNewMember()})))}signPublishKeyCommand({publicKey:r}){return this.signSingleCommand(p.LKRPCommand.bytesFromUnsignedData({type:o.CommandTags.PublishKey,recipient:r})).chain(e=>t.EitherAsync.liftEither((0,y.eitherSeqRecord)({type:o.CommandTags.PublishKey,recipient:r,iv:()=>e.getIv(),xpriv:()=>e.getXPriv(),ephemeralPublicKey:()=>e.getEphemeralPublicKey(),commandIv:()=>e.getCommandIv(),newMember:()=>e.getNewMember()})))}decryptBlock(r,{header:e,commands:i,signature:n}){return(0,t.EitherAsync)(async({throwE:c})=>{const l=await this.cryptoService.importSymmetricKey(n.secret,E.EncryptionAlgo.AES256_GCM).decrypt(e.iv,e.issuer);return t.Either.sequence(await Promise.all(i.map(m=>this.decryptCommand(n.secret,m).run()))).caseOf({Left:m=>{throw c(m),m},Right:m=>K.LKRPBlock.fromData({parent:(0,g.bufferToHexaString)(r),issuer:l,commands:m,signature:n.signature})})})}decryptCommand(r,e){return(0,t.EitherAsync)(async({throwE:i})=>{switch(e.type){case o.CommandTags.Derive:case o.CommandTags.PublishKey:{const c=await this.cryptoService.importSymmetricKey(r,E.EncryptionAlgo.AES256_GCM).decrypt(e.iv,e.xpriv);return p.LKRPCommand.fromData({...e,initializationVector:e.commandIv,encryptedXpriv:c})}case o.CommandTags.AddMember:return p.LKRPCommand.fromData({...e});default:throw i(new a.LKRPUnsupportedCommandError(e)),new a.LKRPUnsupportedCommandError(e)}})}}0&&(module.exports={SignBlockTask});
+"use strict";var u=Object.defineProperty;var k=Object.getOwnPropertyDescriptor;var B=Object.getOwnPropertyNames;var b=Object.prototype.hasOwnProperty;var f=(m,r)=>{for(var e in r)u(m,e,{get:r[e],enumerable:!0})},A=(m,r,e,n)=>{if(r&&typeof r=="object"||typeof r=="function")for(let i of B(r))!b.call(m,i)&&i!==e&&u(m,i,{get:()=>r[i],enumerable:!(n=k(r,i))||n.enumerable});return m};var D=m=>A(u({},"__esModule",{value:!0}),m);var R={};f(R,{SignBlockTask:()=>w});module.exports=D(R);var g=require("@ledgerhq/device-management-kit"),t=require("purify-ts"),o=require("../../../api/app-binder/Errors"),S=require("../../app-binder/command/SignBlockHeader"),C=require("../../app-binder/command/SignBlockSignatureCommand"),P=require("../../app-binder/command/SignBlockSingleCommand"),a=require("../../models/Tags"),l=require("../../utils/crypto"),d=require("../../utils/eitherSeqRecord"),K=require("../../utils/LKRPBlock"),p=require("../../utils/LKRPCommand"),h=require("./utils/TrustedProperties");class w{constructor(r){this.api=r}run({lkrpDataSource:r,trustchainId:e,path:n,jwt:i,parent:c,blockFlow:y,sessionKeypair:v}){const E=this.signCommands(n,y);return(0,d.eitherAsyncSeqRecord)({header:this.signBlockHeader(c,E.length),commands:t.EitherAsync.sequence(E),signature:this.signBlockSignature(v)}).chain(s=>t.EitherAsync.liftEither(this.decryptBlock(c,s))).chain(s=>{switch(y.type){case"derive":return r.postDerivation(e,s,i);case"addMember":return r.putCommands(e,n,s,i)}}).mapLeft(s=>s instanceof o.LKRPDataSourceError&&s.status==="BAD_REQUEST"?new o.LKRPOutdatedTrustchainError:s)}signBlockHeader(r,e){return t.EitherAsync.fromPromise(async()=>{try{const n=await this.api.sendCommand(new S.SignBlockHeaderCommand({parent:r,commandCount:e}));if(n.status!==g.CommandResultStatus.Success)return(0,t.Left)(n.error);const i=new h.TrustedProperties(n.data);return(0,d.eitherSeqRecord)({iv:()=>i.getIv(),issuer:()=>i.getIssuer()})}catch(n){return(0,t.Left)(new o.LKRPUnknownError(String(n)))}})}signBlockSignature(r){return t.EitherAsync.fromPromise(async()=>{try{const e=await this.api.sendCommand(new C.SignBlockSignatureCommand);if(e.status!==g.CommandResultStatus.Success)return(0,t.Left)(e.error);const{signature:n,deviceSessionKey:i}=e.data,c=r.ecdh(i).slice(1);return(0,t.Right)({signature:n,secret:c})}catch(e){return(0,t.Left)(new o.LKRPUnknownError(String(e)))}})}signCommands(r,e){switch(e.type){case"derive":return[this.signDeriveCommand(r),this.signAddMemberCommand(e.data),this.signPublishKeyCommand(e.data)];case"addMember":return[this.signAddMemberCommand(e.data),this.signPublishKeyCommand(e.data)]}}signSingleCommand(r){return t.EitherAsync.fromPromise(async()=>{try{const e=await this.api.sendCommand(new P.SignBlockSingleCommand({command:r}));return e.status!==g.CommandResultStatus.Success?(0,t.Left)(e.error):(0,t.Right)(new h.TrustedProperties(e.data))}catch(e){return(0,t.Left)(new o.LKRPUnknownError(String(e)))}})}signDeriveCommand(r){return this.signSingleCommand(p.LKRPCommand.bytesFromUnsignedData({type:a.CommandTags.Derive,path:r})).chain(e=>t.EitherAsync.liftEither((0,d.eitherSeqRecord)({type:a.CommandTags.Derive,path:r,iv:()=>e.getIv(),xpriv:()=>e.getXPriv(),ephemeralPublicKey:()=>e.getEphemeralPublicKey(),commandIv:()=>e.getCommandIv(),groupKey:()=>e.getGroupKey(),newMember:()=>e.getNewMember()})))}signAddMemberCommand({name:r,publicKey:e,permissions:n}){return this.signSingleCommand(p.LKRPCommand.bytesFromUnsignedData({type:a.CommandTags.AddMember,name:r,publicKey:e,permissions:n})).chain(i=>t.EitherAsync.liftEither((0,d.eitherSeqRecord)({type:a.CommandTags.AddMember,name:r,publicKey:e,permissions:n,iv:()=>i.getIv(),newMember:()=>i.getNewMember()})))}signPublishKeyCommand({publicKey:r}){return this.signSingleCommand(p.LKRPCommand.bytesFromUnsignedData({type:a.CommandTags.PublishKey,recipient:r})).chain(e=>t.EitherAsync.liftEither((0,d.eitherSeqRecord)({type:a.CommandTags.PublishKey,recipient:r,iv:()=>e.getIv(),xpriv:()=>e.getXPriv(),ephemeralPublicKey:()=>e.getEphemeralPublicKey(),commandIv:()=>e.getCommandIv(),newMember:()=>e.getNewMember()})))}decryptBlock(r,{header:e,commands:n,signature:i}){const c=l.CryptoUtils.decrypt(i.secret,e.iv,e.issuer);return t.Either.sequence(n.map(y=>this.decryptCommand(i.secret,y))).map(y=>K.LKRPBlock.fromData({parent:(0,g.bufferToHexaString)(r),issuer:c,commands:y,signature:i.signature}))}decryptCommand(r,e){switch(e.type){case a.CommandTags.Derive:case a.CommandTags.PublishKey:{const n=l.CryptoUtils.decrypt(r,e.iv,e.xpriv);return(0,t.Right)(p.LKRPCommand.fromData({...e,initializationVector:e.commandIv,encryptedXpriv:n}))}case a.CommandTags.AddMember:return(0,t.Right)(p.LKRPCommand.fromData({...e}));default:return(0,t.Left)(new o.LKRPUnsupportedCommandError(e))}}}0&&(module.exports={SignBlockTask});
 //# sourceMappingURL=SignBlockTask.js.map

package/lib/cjs/internal/app-binder/task/SignBlockTask.js.map

@@ -1,7 +1,7 @@
 {
   "version": 3,
   "sources": ["../../../../../src/internal/app-binder/task/SignBlockTask.ts"],
-  "sourcesContent": ["import {\n  bufferToHexaString,\n  CommandResultStatus,\n  type InternalApi,\n} from \"@ledgerhq/device-management-kit\";\nimport { Either, EitherAsync, Left, Right } from \"purify-ts\";\n\nimport { type CryptoService, EncryptionAlgo } from \"@api/crypto/CryptoService\";\nimport { type KeyPair } from \"@api/crypto/KeyPair\";\nimport {\n  LKRPDataSourceError,\n  type LKRPMissingDataError,\n  LKRPOutdatedTrustchainError,\n  type LKRPParsingError,\n  LKRPUnknownError,\n  LKRPUnsupportedCommandError,\n} from \"@api/model/Errors\";\nimport { type JWT } from \"@api/model/JWT\";\nimport { SignBlockHeaderCommand } from \"@internal/app-binder/command/SignBlockHeader\";\nimport { SignBlockSignatureCommand } from \"@internal/app-binder/command/SignBlockSignatureCommand\";\nimport { SignBlockSingleCommand } from \"@internal/app-binder/command/SignBlockSingleCommand\";\nimport { type LKRPDeviceCommandError } from \"@internal/app-binder/command/utils/ledgerKeyringProtocolErrors\";\nimport { type LKRPDataSource } from \"@internal/lkrp-datasource/data/LKRPDataSource\";\nimport {\n  type AddMemberUnsignedData,\n  type EncryptedCommand,\n  type EncryptedDeriveCommand,\n  type EncryptedPublishKeyCommand,\n} from \"@internal/models/LKRPCommandTypes\";\nimport { CommandTags } from \"@internal/models/Tags\";\nimport {\n  eitherAsyncSeqRecord,\n  eitherSeqRecord,\n} from \"@internal/utils/eitherSeqRecord\";\nimport { LKRPBlock } from \"@internal/utils/LKRPBlock\";\nimport { LKRPCommand } from \"@internal/utils/LKRPCommand\";\n\nimport { TrustedProperties } from \"./utils/TrustedProperties\";\n\ntype BlockFlow =\n  | { type: \"derive\"; data: AddMemberBlockData }\n  | { type: \"addMember\"; data: AddMemberBlockData };\n\ntype AddMemberBlockData = {\n  name: string;\n  publicKey: Uint8Array;\n  permissions: number;\n};\n\ntype HeaderPayload = {\n  iv: Uint8Array;\n  issuer: Uint8Array;\n};\ntype SignaturePayload = {\n  secret: Uint8Array;\n  signature: Uint8Array;\n};\n\ntype EncryptedBlock = {\n  header: HeaderPayload;\n  commands: EncryptedCommand[];\n  signature: SignaturePayload;\n};\n\ntype SignBlockError =\n  | LKRPDeviceCommandError\n  | LKRPParsingError\n  | LKRPMissingDataError\n  | LKRPDataSourceError\n  | LKRPOutdatedTrustchainError\n  | LKRPUnknownError;\n\nexport type SignBlockTaskInput = {\n  lkrpDataSource: LKRPDataSource;\n  trustchainId: string;\n  path: string;\n  jwt: JWT;\n  parent: Uint8Array;\n  blockFlow: BlockFlow;\n  sessionKeypair: KeyPair;\n};\n\nexport class SignBlockTask {\n  constructor(\n    private readonly api: InternalApi,\n    private readonly cryptoService: CryptoService,\n  ) {}\n\n  run({\n    lkrpDataSource,\n    trustchainId,\n    path,\n    jwt,\n    parent,\n    blockFlow,\n    sessionKeypair,\n  }: SignBlockTaskInput): EitherAsync<SignBlockError, void> {\n    const commands = this.signCommands(path, blockFlow);\n    return eitherAsyncSeqRecord({\n      header: this.signBlockHeader(parent, commands.length),\n      commands: EitherAsync.sequence(commands),\n      signature: this.signBlockSignature(sessionKeypair),\n    })\n      .chain(async (encryptedBlock) =>\n        this.decryptBlock(parent, encryptedBlock),\n      )\n      .chain((block) => {\n        switch (blockFlow.type) {\n          case \"derive\":\n            return lkrpDataSource.postDerivation(trustchainId, block, jwt);\n          case \"addMember\":\n            return lkrpDataSource.putCommands(trustchainId, path, block, jwt);\n        }\n      })\n      .mapLeft((error) =>\n        error instanceof LKRPDataSourceError && error.status === \"BAD_REQUEST\"\n          ? new LKRPOutdatedTrustchainError()\n          : error,\n      );\n  }\n\n  signBlockHeader(\n    parent: Uint8Array,\n    commandCount: number,\n  ): EitherAsync<SignBlockError, HeaderPayload> {\n    return EitherAsync.fromPromise(async () => {\n      try {\n        const response = await this.api.sendCommand(\n          new SignBlockHeaderCommand({ parent, commandCount }),\n        );\n        if (response.status !== CommandResultStatus.Success) {\n          return Left(response.error);\n        }\n        const trustedProps = new TrustedProperties(response.data);\n        return eitherSeqRecord({\n          iv: () => trustedProps.getIv(),\n          issuer: () => trustedProps.getIssuer(),\n        }) as Either<SignBlockError, HeaderPayload>;\n      } catch (error) {\n        return Left(new LKRPUnknownError(String(error)));\n      }\n    });\n  }\n\n  signBlockSignature(\n    sessionKeypair: KeyPair,\n  ): EitherAsync<SignBlockError, SignaturePayload> {\n    return EitherAsync.fromPromise(async () => {\n      try {\n        const response = await this.api.sendCommand(\n          new SignBlockSignatureCommand(),\n        );\n        if (response.status !== CommandResultStatus.Success) {\n          return Left(response.error);\n        }\n        const { signature, deviceSessionKey } = response.data;\n        // At this step, the shared secret is used directly as an encryption key after removing the first byte\n        const secret = (\n          await sessionKeypair.deriveSharedSecret(deviceSessionKey)\n        ).slice(1);\n        return Right({ signature, secret });\n      } catch (error) {\n        return Left(new LKRPUnknownError(String(error)));\n      }\n    });\n  }\n\n  signCommands(\n    applicationPath: string,\n    block: BlockFlow,\n  ): EitherAsync<SignBlockError, EncryptedCommand>[] {\n    switch (block.type) {\n      case \"derive\":\n        return [\n          this.signDeriveCommand(applicationPath),\n          this.signAddMemberCommand(block.data),\n          this.signPublishKeyCommand(block.data),\n        ];\n      case \"addMember\":\n        return [\n          this.signAddMemberCommand(block.data),\n          this.signPublishKeyCommand(block.data),\n        ];\n    }\n  }\n\n  signSingleCommand(command: Uint8Array) {\n    return EitherAsync.fromPromise(\n      async (): Promise<Either<SignBlockError, TrustedProperties>> => {\n        try {\n          const response = await this.api.sendCommand(\n            new SignBlockSingleCommand({ command }),\n          );\n          if (response.status !== CommandResultStatus.Success) {\n            return Left(response.error);\n          }\n          return Right(new TrustedProperties(response.data));\n        } catch (error) {\n          return Left(new LKRPUnknownError(String(error)));\n        }\n      },\n    );\n  }\n\n  signDeriveCommand(applicationPath: string) {\n    return this.signSingleCommand(\n      LKRPCommand.bytesFromUnsignedData({\n        type: CommandTags.Derive,\n        path: applicationPath,\n      }),\n    ).chain((trustedProps) =>\n      EitherAsync.liftEither<SignBlockError, EncryptedDeriveCommand>(\n        eitherSeqRecord({\n          type: CommandTags.Derive,\n          path: applicationPath,\n          iv: () => trustedProps.getIv(),\n          xpriv: () => trustedProps.getXPriv(),\n          ephemeralPublicKey: () => trustedProps.getEphemeralPublicKey(),\n          commandIv: () => trustedProps.getCommandIv(),\n          groupKey: () => trustedProps.getGroupKey(),\n          newMember: () => trustedProps.getNewMember(), // Just validate it's there\n        }),\n      ),\n    );\n  }\n\n  signAddMemberCommand({ name, publicKey, permissions }: AddMemberBlockData) {\n    return this.signSingleCommand(\n      LKRPCommand.bytesFromUnsignedData({\n        type: CommandTags.AddMember,\n        name,\n        publicKey,\n        permissions,\n      }),\n    ).chain((trustedProps) =>\n      EitherAsync.liftEither<SignBlockError, AddMemberUnsignedData>(\n        eitherSeqRecord({\n          type: CommandTags.AddMember,\n          name,\n          publicKey,\n          permissions,\n          iv: () => trustedProps.getIv(), // Just validate it's there\n          newMember: () => trustedProps.getNewMember(), // Just validate it's there\n        }),\n      ),\n    );\n  }\n\n  signPublishKeyCommand({ publicKey }: Pick<AddMemberBlockData, \"publicKey\">) {\n    return this.signSingleCommand(\n      LKRPCommand.bytesFromUnsignedData({\n        type: CommandTags.PublishKey,\n        recipient: publicKey,\n      }),\n    ).chain((trustedProps) =>\n      EitherAsync.liftEither<SignBlockError, EncryptedPublishKeyCommand>(\n        eitherSeqRecord({\n          type: CommandTags.PublishKey,\n          recipient: publicKey,\n          iv: () => trustedProps.getIv(),\n          xpriv: () => trustedProps.getXPriv(),\n          ephemeralPublicKey: () => trustedProps.getEphemeralPublicKey(),\n          commandIv: () => trustedProps.getCommandIv(),\n          newMember: () => trustedProps.getNewMember(), // Just validate it's there,\n        }),\n      ),\n    );\n  }\n\n  decryptBlock(\n    parent: Uint8Array,\n    { header, commands, signature }: EncryptedBlock,\n  ): EitherAsync<SignBlockError, LKRPBlock> {\n    return EitherAsync(async ({ throwE }) => {\n      const key = this.cryptoService.importSymmetricKey(\n        signature.secret,\n        EncryptionAlgo.AES256_GCM,\n      );\n      const decryptedIssuer = await key.decrypt(header.iv, header.issuer);\n      return Either.sequence(\n        await Promise.all(\n          commands.map((command) =>\n            this.decryptCommand(signature.secret, command).run(),\n          ),\n        ),\n      ).caseOf({\n        Left: (error) => {\n          throwE(error);\n          throw error;\n        },\n        Right: (decryptedCommands) =>\n          LKRPBlock.fromData({\n            parent: bufferToHexaString(parent),\n            issuer: decryptedIssuer,\n            commands: decryptedCommands,\n            signature: signature.signature,\n          }),\n      });\n    });\n  }\n\n  decryptCommand(\n    secret: Uint8Array,\n    command: EncryptedCommand,\n  ): EitherAsync<LKRPUnknownError, LKRPCommand> {\n    return EitherAsync<LKRPUnknownError, LKRPCommand>(async ({ throwE }) => {\n      switch (command.type) {\n        case CommandTags.Derive:\n        case CommandTags.PublishKey: {\n          const key = this.cryptoService.importSymmetricKey(\n            secret,\n            EncryptionAlgo.AES256_GCM,\n          );\n          const encryptedXpriv = await key.decrypt(command.iv, command.xpriv);\n          return LKRPCommand.fromData({\n            ...command,\n            initializationVector: command.commandIv,\n            encryptedXpriv,\n          });\n        }\n        case CommandTags.AddMember:\n          return LKRPCommand.fromData({ ...command });\n        default:\n          throwE(new LKRPUnsupportedCommandError(command));\n          throw new LKRPUnsupportedCommandError(command);\n      }\n    });\n  }\n}\n"],
-  "mappings": "yaAAA,IAAAA,EAAA,GAAAC,EAAAD,EAAA,mBAAAE,IAAA,eAAAC,EAAAH,GAAA,IAAAI,EAIO,2CACPC,EAAiD,qBAEjDC,EAAmD,qCAEnDC,EAOO,6BAEPC,EAAuC,wDACvCC,EAA0C,kEAC1CC,EAAuC,+DASvCC,EAA4B,iCAC5BC,EAGO,2CACPC,EAA0B,qCAC1BC,EAA4B,uCAE5BC,EAAkC,qCA6C3B,MAAMb,CAAc,CACzB,YACmBc,EACAC,EACjB,CAFiB,SAAAD,EACA,mBAAAC,CAChB,CAEH,IAAI,CACF,eAAAC,EACA,aAAAC,EACA,KAAAC,EACA,IAAAC,EACA,OAAAC,EACA,UAAAC,EACA,eAAAC,CACF,EAA0D,CACxD,MAAMC,EAAW,KAAK,aAAaL,EAAMG,CAAS,EAClD,SAAO,wBAAqB,CAC1B,OAAQ,KAAK,gBAAgBD,EAAQG,EAAS,MAAM,EACpD,SAAU,cAAY,SAASA,CAAQ,EACvC,UAAW,KAAK,mBAAmBD,CAAc,CACnD,CAAC,EACE,MAAM,MAAOE,GACZ,KAAK,aAAaJ,EAAQI,CAAc,CAC1C,EACC,MAAOC,GAAU,CAChB,OAAQJ,EAAU,KAAM,CACtB,IAAK,SACH,OAAOL,EAAe,eAAeC,EAAcQ,EAAON,CAAG,EAC/D,IAAK,YACH,OAAOH,EAAe,YAAYC,EAAcC,EAAMO,EAAON,CAAG,CACpE,CACF,CAAC,EACA,QAASO,GACRA,aAAiB,uBAAuBA,EAAM,SAAW,cACrD,IAAI,8BACJA,CACN,CACJ,CAEA,gBACEN,EACAO,EAC4C,CAC5C,OAAO,cAAY,YAAY,SAAY,CACzC,GAAI,CACF,MAAMC,EAAW,MAAM,KAAK,IAAI,YAC9B,IAAI,yBAAuB,CAAE,OAAAR,EAAQ,aAAAO,CAAa,CAAC,CACrD,EACA,GAAIC,EAAS,SAAW,sBAAoB,QAC1C,SAAO,QAAKA,EAAS,KAAK,EAE5B,MAAMC,EAAe,IAAI,oBAAkBD,EAAS,IAAI,EACxD,SAAO,mBAAgB,CACrB,GAAI,IAAMC,EAAa,MAAM,EAC7B,OAAQ,IAAMA,EAAa,UAAU,CACvC,CAAC,CACH,OAASH,EAAO,CACd,SAAO,QAAK,IAAI,mBAAiB,OAAOA,CAAK,CAAC,CAAC,CACjD,CACF,CAAC,CACH,CAEA,mBACEJ,EAC+C,CAC/C,OAAO,cAAY,YAAY,SAAY,CACzC,GAAI,CACF,MAAMM,EAAW,MAAM,KAAK,IAAI,YAC9B,IAAI,2BACN,EACA,GAAIA,EAAS,SAAW,sBAAoB,QAC1C,SAAO,QAAKA,EAAS,KAAK,EAE5B,KAAM,CAAE,UAAAE,EAAW,iBAAAC,CAAiB,EAAIH,EAAS,KAE3CI,GACJ,MAAMV,EAAe,mBAAmBS,CAAgB,GACxD,MAAM,CAAC,EACT,SAAO,SAAM,CAAE,UAAAD,EAAW,OAAAE,CAAO,CAAC,CACpC,OAASN,EAAO,CACd,SAAO,QAAK,IAAI,mBAAiB,OAAOA,CAAK,CAAC,CAAC,CACjD,CACF,CAAC,CACH,CAEA,aACEO,EACAR,EACiD,CACjD,OAAQA,EAAM,KAAM,CAClB,IAAK,SACH,MAAO,CACL,KAAK,kBAAkBQ,CAAe,EACtC,KAAK,qBAAqBR,EAAM,IAAI,EACpC,KAAK,sBAAsBA,EAAM,IAAI,CACvC,EACF,IAAK,YACH,MAAO,CACL,KAAK,qBAAqBA,EAAM,IAAI,EACpC,KAAK,sBAAsBA,EAAM,IAAI,CACvC,CACJ,CACF,CAEA,kBAAkBS,EAAqB,CACrC,OAAO,cAAY,YACjB,SAAgE,CAC9D,GAAI,CACF,MAAMN,EAAW,MAAM,KAAK,IAAI,YAC9B,IAAI,yBAAuB,CAAE,QAAAM,CAAQ,CAAC,CACxC,EACA,OAAIN,EAAS,SAAW,sBAAoB,WACnC,QAAKA,EAAS,KAAK,KAErB,SAAM,IAAI,oBAAkBA,EAAS,IAAI,CAAC,CACnD,OAASF,EAAO,CACd,SAAO,QAAK,IAAI,mBAAiB,OAAOA,CAAK,CAAC,CAAC,CACjD,CACF,CACF,CACF,CAEA,kBAAkBO,EAAyB,CACzC,OAAO,KAAK,kBACV,cAAY,sBAAsB,CAChC,KAAM,cAAY,OAClB,KAAMA,CACR,CAAC,CACH,EAAE,MAAOJ,GACP,cAAY,cACV,mBAAgB,CACd,KAAM,cAAY,OAClB,KAAMI,EACN,GAAI,IAAMJ,EAAa,MAAM,EAC7B,MAAO,IAAMA,EAAa,SAAS,EACnC,mBAAoB,IAAMA,EAAa,sBAAsB,EAC7D,UAAW,IAAMA,EAAa,aAAa,EAC3C,SAAU,IAAMA,EAAa,YAAY,EACzC,UAAW,IAAMA,EAAa,aAAa,CAC7C,CAAC,CACH,CACF,CACF,CAEA,qBAAqB,CAAE,KAAAM,EAAM,UAAAC,EAAW,YAAAC,CAAY,EAAuB,CACzE,OAAO,KAAK,kBACV,cAAY,sBAAsB,CAChC,KAAM,cAAY,UAClB,KAAAF,EACA,UAAAC,EACA,YAAAC,CACF,CAAC,CACH,EAAE,MAAOR,GACP,cAAY,cACV,mBAAgB,CACd,KAAM,cAAY,UAClB,KAAAM,EACA,UAAAC,EACA,YAAAC,EACA,GAAI,IAAMR,EAAa,MAAM,EAC7B,UAAW,IAAMA,EAAa,aAAa,CAC7C,CAAC,CACH,CACF,CACF,CAEA,sBAAsB,CAAE,UAAAO,CAAU,EAA0C,CAC1E,OAAO,KAAK,kBACV,cAAY,sBAAsB,CAChC,KAAM,cAAY,WAClB,UAAWA,CACb,CAAC,CACH,EAAE,MAAOP,GACP,cAAY,cACV,mBAAgB,CACd,KAAM,cAAY,WAClB,UAAWO,EACX,GAAI,IAAMP,EAAa,MAAM,EAC7B,MAAO,IAAMA,EAAa,SAAS,EACnC,mBAAoB,IAAMA,EAAa,sBAAsB,EAC7D,UAAW,IAAMA,EAAa,aAAa,EAC3C,UAAW,IAAMA,EAAa,aAAa,CAC7C,CAAC,CACH,CACF,CACF,CAEA,aACET,EACA,CAAE,OAAAkB,EAAQ,SAAAf,EAAU,UAAAO,CAAU,EACU,CACxC,SAAO,eAAY,MAAO,CAAE,OAAAS,CAAO,IAAM,CAKvC,MAAMC,EAAkB,MAJZ,KAAK,cAAc,mBAC7BV,EAAU,OACV,iBAAe,UACjB,EACkC,QAAQQ,EAAO,GAAIA,EAAO,MAAM,EAClE,OAAO,SAAO,SACZ,MAAM,QAAQ,IACZf,EAAS,IAAKW,GACZ,KAAK,eAAeJ,EAAU,OAAQI,CAAO,EAAE,IAAI,CACrD,CACF,CACF,EAAE,OAAO,CACP,KAAOR,GAAU,CACf,MAAAa,EAAOb,CAAK,EACNA,CACR,EACA,MAAQe,GACN,YAAU,SAAS,CACjB,UAAQ,sBAAmBrB,CAAM,EACjC,OAAQoB,EACR,SAAUC,EACV,UAAWX,EAAU,SACvB,CAAC,CACL,CAAC,CACH,CAAC,CACH,CAEA,eACEE,EACAE,EAC4C,CAC5C,SAAO,eAA2C,MAAO,CAAE,OAAAK,CAAO,IAAM,CACtE,OAAQL,EAAQ,KAAM,CACpB,KAAK,cAAY,OACjB,KAAK,cAAY,WAAY,CAK3B,MAAMQ,EAAiB,MAJX,KAAK,cAAc,mBAC7BV,EACA,iBAAe,UACjB,EACiC,QAAQE,EAAQ,GAAIA,EAAQ,KAAK,EAClE,OAAO,cAAY,SAAS,CAC1B,GAAGA,EACH,qBAAsBA,EAAQ,UAC9B,eAAAQ,CACF,CAAC,CACH,CACA,KAAK,cAAY,UACf,OAAO,cAAY,SAAS,CAAE,GAAGR,CAAQ,CAAC,EAC5C,QACE,MAAAK,EAAO,IAAI,8BAA4BL,CAAO,CAAC,EACzC,IAAI,8BAA4BA,CAAO,CACjD,CACF,CAAC,CACH,CACF",
-  "names": ["SignBlockTask_exports", "__export", "SignBlockTask", "__toCommonJS", "import_device_management_kit", "import_purify_ts", "import_CryptoService", "import_Errors", "import_SignBlockHeader", "import_SignBlockSignatureCommand", "import_SignBlockSingleCommand", "import_Tags", "import_eitherSeqRecord", "import_LKRPBlock", "import_LKRPCommand", "import_TrustedProperties", "api", "cryptoService", "lkrpDataSource", "trustchainId", "path", "jwt", "parent", "blockFlow", "sessionKeypair", "commands", "encryptedBlock", "block", "error", "commandCount", "response", "trustedProps", "signature", "deviceSessionKey", "secret", "applicationPath", "command", "name", "publicKey", "permissions", "header", "throwE", "decryptedIssuer", "decryptedCommands", "encryptedXpriv"]
+  "sourcesContent": ["import {\n  bufferToHexaString,\n  CommandResultStatus,\n  type InternalApi,\n} from \"@ledgerhq/device-management-kit\";\nimport { Either, EitherAsync, Left, Right } from \"purify-ts\";\n\nimport {\n  LKRPDataSourceError,\n  type LKRPMissingDataError,\n  LKRPOutdatedTrustchainError,\n  type LKRPParsingError,\n  LKRPUnknownError,\n  LKRPUnsupportedCommandError,\n} from \"@api/app-binder/Errors\";\nimport { type JWT, type Keypair } from \"@api/index\";\nimport { SignBlockHeaderCommand } from \"@internal/app-binder/command/SignBlockHeader\";\nimport { SignBlockSignatureCommand } from \"@internal/app-binder/command/SignBlockSignatureCommand\";\nimport { SignBlockSingleCommand } from \"@internal/app-binder/command/SignBlockSingleCommand\";\nimport { type LKRPDeviceCommandError } from \"@internal/app-binder/command/utils/ledgerKeyringProtocolErrors\";\nimport { type LKRPDataSource } from \"@internal/lkrp-datasource/data/LKRPDataSource\";\nimport {\n  type AddMemberUnsignedData,\n  type EncryptedCommand,\n  type EncryptedDeriveCommand,\n  type EncryptedPublishKeyCommand,\n} from \"@internal/models/LKRPCommandTypes\";\nimport { CommandTags } from \"@internal/models/Tags\";\nimport { CryptoUtils } from \"@internal/utils/crypto\";\nimport {\n  eitherAsyncSeqRecord,\n  eitherSeqRecord,\n} from \"@internal/utils/eitherSeqRecord\";\nimport { LKRPBlock } from \"@internal/utils/LKRPBlock\";\nimport { LKRPCommand } from \"@internal/utils/LKRPCommand\";\n\nimport { TrustedProperties } from \"./utils/TrustedProperties\";\n\ntype BlockFlow =\n  | { type: \"derive\"; data: AddMemberBlockData }\n  | { type: \"addMember\"; data: AddMemberBlockData };\n\ntype AddMemberBlockData = {\n  name: string;\n  publicKey: Uint8Array;\n  permissions: number;\n};\n\ntype HeaderPayload = {\n  iv: Uint8Array;\n  issuer: Uint8Array;\n};\ntype SignaturePayload = {\n  secret: Uint8Array;\n  signature: Uint8Array;\n};\n\ntype EncryptedBlock = {\n  header: HeaderPayload;\n  commands: EncryptedCommand[];\n  signature: SignaturePayload;\n};\n\ntype SignBlockError =\n  | LKRPDeviceCommandError\n  | LKRPParsingError\n  | LKRPMissingDataError\n  | LKRPDataSourceError\n  | LKRPOutdatedTrustchainError\n  | LKRPUnknownError;\n\nexport type SignBlockTaskInput = {\n  lkrpDataSource: LKRPDataSource;\n  trustchainId: string;\n  path: string;\n  jwt: JWT;\n  parent: Uint8Array;\n  blockFlow: BlockFlow;\n  sessionKeypair: Keypair;\n};\n\nexport class SignBlockTask {\n  constructor(private readonly api: InternalApi) {}\n\n  run({\n    lkrpDataSource,\n    trustchainId,\n    path,\n    jwt,\n    parent,\n    blockFlow,\n    sessionKeypair,\n  }: SignBlockTaskInput): EitherAsync<SignBlockError, void> {\n    const commands = this.signCommands(path, blockFlow);\n    return eitherAsyncSeqRecord({\n      header: this.signBlockHeader(parent, commands.length),\n      commands: EitherAsync.sequence(commands),\n      signature: this.signBlockSignature(sessionKeypair),\n    })\n      .chain((encryptedBlock) =>\n        EitherAsync.liftEither(this.decryptBlock(parent, encryptedBlock)),\n      )\n      .chain((block) => {\n        switch (blockFlow.type) {\n          case \"derive\":\n            return lkrpDataSource.postDerivation(trustchainId, block, jwt);\n          case \"addMember\":\n            return lkrpDataSource.putCommands(trustchainId, path, block, jwt);\n        }\n      })\n      .mapLeft((error) =>\n        error instanceof LKRPDataSourceError && error.status === \"BAD_REQUEST\"\n          ? new LKRPOutdatedTrustchainError()\n          : error,\n      );\n  }\n\n  signBlockHeader(\n    parent: Uint8Array,\n    commandCount: number,\n  ): EitherAsync<SignBlockError, HeaderPayload> {\n    return EitherAsync.fromPromise(async () => {\n      try {\n        const response = await this.api.sendCommand(\n          new SignBlockHeaderCommand({ parent, commandCount }),\n        );\n        if (response.status !== CommandResultStatus.Success) {\n          return Left(response.error);\n        }\n        const trustedProps = new TrustedProperties(response.data);\n        return eitherSeqRecord({\n          iv: () => trustedProps.getIv(),\n          issuer: () => trustedProps.getIssuer(),\n        }) as Either<SignBlockError, HeaderPayload>;\n      } catch (error) {\n        return Left(new LKRPUnknownError(String(error)));\n      }\n    });\n  }\n\n  signBlockSignature(\n    sessionKeypair: Keypair,\n  ): EitherAsync<SignBlockError, SignaturePayload> {\n    return EitherAsync.fromPromise(async () => {\n      try {\n        const response = await this.api.sendCommand(\n          new SignBlockSignatureCommand(),\n        );\n        if (response.status !== CommandResultStatus.Success) {\n          return Left(response.error);\n        }\n        const { signature, deviceSessionKey } = response.data;\n        // At this step, the shared secret is used directly as an encryption key after removing the first byte\n        const secret = sessionKeypair.ecdh(deviceSessionKey).slice(1);\n        return Right({ signature, secret });\n      } catch (error) {\n        return Left(new LKRPUnknownError(String(error)));\n      }\n    });\n  }\n\n  signCommands(\n    applicationPath: string,\n    block: BlockFlow,\n  ): EitherAsync<SignBlockError, EncryptedCommand>[] {\n    switch (block.type) {\n      case \"derive\":\n        return [\n          this.signDeriveCommand(applicationPath),\n          this.signAddMemberCommand(block.data),\n          this.signPublishKeyCommand(block.data),\n        ];\n      case \"addMember\":\n        return [\n          this.signAddMemberCommand(block.data),\n          this.signPublishKeyCommand(block.data),\n        ];\n    }\n  }\n\n  signSingleCommand(command: Uint8Array) {\n    return EitherAsync.fromPromise(\n      async (): Promise<Either<SignBlockError, TrustedProperties>> => {\n        try {\n          const response = await this.api.sendCommand(\n            new SignBlockSingleCommand({ command }),\n          );\n          if (response.status !== CommandResultStatus.Success) {\n            return Left(response.error);\n          }\n          return Right(new TrustedProperties(response.data));\n        } catch (error) {\n          return Left(new LKRPUnknownError(String(error)));\n        }\n      },\n    );\n  }\n\n  signDeriveCommand(applicationPath: string) {\n    return this.signSingleCommand(\n      LKRPCommand.bytesFromUnsignedData({\n        type: CommandTags.Derive,\n        path: applicationPath,\n      }),\n    ).chain((trustedProps) =>\n      EitherAsync.liftEither<SignBlockError, EncryptedDeriveCommand>(\n        eitherSeqRecord({\n          type: CommandTags.Derive,\n          path: applicationPath,\n          iv: () => trustedProps.getIv(),\n          xpriv: () => trustedProps.getXPriv(),\n          ephemeralPublicKey: () => trustedProps.getEphemeralPublicKey(),\n          commandIv: () => trustedProps.getCommandIv(),\n          groupKey: () => trustedProps.getGroupKey(),\n          newMember: () => trustedProps.getNewMember(), // Just validate it's there\n        }),\n      ),\n    );\n  }\n\n  signAddMemberCommand({ name, publicKey, permissions }: AddMemberBlockData) {\n    return this.signSingleCommand(\n      LKRPCommand.bytesFromUnsignedData({\n        type: CommandTags.AddMember,\n        name,\n        publicKey,\n        permissions,\n      }),\n    ).chain((trustedProps) =>\n      EitherAsync.liftEither<SignBlockError, AddMemberUnsignedData>(\n        eitherSeqRecord({\n          type: CommandTags.AddMember,\n          name,\n          publicKey,\n          permissions,\n          iv: () => trustedProps.getIv(), // Just validate it's there\n          newMember: () => trustedProps.getNewMember(), // Just validate it's there\n        }),\n      ),\n    );\n  }\n\n  signPublishKeyCommand({ publicKey }: Pick<AddMemberBlockData, \"publicKey\">) {\n    return this.signSingleCommand(\n      LKRPCommand.bytesFromUnsignedData({\n        type: CommandTags.PublishKey,\n        recipient: publicKey,\n      }),\n    ).chain((trustedProps) =>\n      EitherAsync.liftEither<SignBlockError, EncryptedPublishKeyCommand>(\n        eitherSeqRecord({\n          type: CommandTags.PublishKey,\n          recipient: publicKey,\n          iv: () => trustedProps.getIv(),\n          xpriv: () => trustedProps.getXPriv(),\n          ephemeralPublicKey: () => trustedProps.getEphemeralPublicKey(),\n          commandIv: () => trustedProps.getCommandIv(),\n          newMember: () => trustedProps.getNewMember(), // Just validate it's there,\n        }),\n      ),\n    );\n  }\n\n  decryptBlock(\n    parent: Uint8Array,\n    { header, commands, signature }: EncryptedBlock,\n  ): Either<SignBlockError, LKRPBlock> {\n    const decryptedIssuer = CryptoUtils.decrypt(\n      signature.secret,\n      header.iv,\n      header.issuer,\n    );\n    return Either.sequence(\n      commands.map((command) => this.decryptCommand(signature.secret, command)),\n    ).map((decryptedCommands) =>\n      LKRPBlock.fromData({\n        parent: bufferToHexaString(parent),\n        issuer: decryptedIssuer,\n        commands: decryptedCommands,\n        signature: signature.signature,\n      }),\n    );\n  }\n\n  decryptCommand(\n    secret: Uint8Array,\n    command: EncryptedCommand,\n  ): Either<LKRPUnknownError, LKRPCommand> {\n    switch (command.type) {\n      case CommandTags.Derive:\n      case CommandTags.PublishKey: {\n        const encryptedXpriv = CryptoUtils.decrypt(\n          secret,\n          command.iv,\n          command.xpriv,\n        );\n        return Right(\n          LKRPCommand.fromData({\n            ...command,\n            initializationVector: command.commandIv,\n            encryptedXpriv,\n          }),\n        );\n      }\n      case CommandTags.AddMember:\n        return Right(LKRPCommand.fromData({ ...command }));\n      default:\n        return Left(new LKRPUnsupportedCommandError(command));\n    }\n  }\n}\n"],
+  "mappings": "yaAAA,IAAAA,EAAA,GAAAC,EAAAD,EAAA,mBAAAE,IAAA,eAAAC,EAAAH,GAAA,IAAAI,EAIO,2CACPC,EAAiD,qBAEjDC,EAOO,kCAEPC,EAAuC,wDACvCC,EAA0C,kEAC1CC,EAAuC,+DASvCC,EAA4B,iCAC5BC,EAA4B,kCAC5BC,EAGO,2CACPC,EAA0B,qCAC1BC,EAA4B,uCAE5BC,EAAkC,qCA6C3B,MAAMb,CAAc,CACzB,YAA6Bc,EAAkB,CAAlB,SAAAA,CAAmB,CAEhD,IAAI,CACF,eAAAC,EACA,aAAAC,EACA,KAAAC,EACA,IAAAC,EACA,OAAAC,EACA,UAAAC,EACA,eAAAC,CACF,EAA0D,CACxD,MAAMC,EAAW,KAAK,aAAaL,EAAMG,CAAS,EAClD,SAAO,wBAAqB,CAC1B,OAAQ,KAAK,gBAAgBD,EAAQG,EAAS,MAAM,EACpD,SAAU,cAAY,SAASA,CAAQ,EACvC,UAAW,KAAK,mBAAmBD,CAAc,CACnD,CAAC,EACE,MAAOE,GACN,cAAY,WAAW,KAAK,aAAaJ,EAAQI,CAAc,CAAC,CAClE,EACC,MAAOC,GAAU,CAChB,OAAQJ,EAAU,KAAM,CACtB,IAAK,SACH,OAAOL,EAAe,eAAeC,EAAcQ,EAAON,CAAG,EAC/D,IAAK,YACH,OAAOH,EAAe,YAAYC,EAAcC,EAAMO,EAAON,CAAG,CACpE,CACF,CAAC,EACA,QAASO,GACRA,aAAiB,uBAAuBA,EAAM,SAAW,cACrD,IAAI,8BACJA,CACN,CACJ,CAEA,gBACEN,EACAO,EAC4C,CAC5C,OAAO,cAAY,YAAY,SAAY,CACzC,GAAI,CACF,MAAMC,EAAW,MAAM,KAAK,IAAI,YAC9B,IAAI,yBAAuB,CAAE,OAAAR,EAAQ,aAAAO,CAAa,CAAC,CACrD,EACA,GAAIC,EAAS,SAAW,sBAAoB,QAC1C,SAAO,QAAKA,EAAS,KAAK,EAE5B,MAAMC,EAAe,IAAI,oBAAkBD,EAAS,IAAI,EACxD,SAAO,mBAAgB,CACrB,GAAI,IAAMC,EAAa,MAAM,EAC7B,OAAQ,IAAMA,EAAa,UAAU,CACvC,CAAC,CACH,OAASH,EAAO,CACd,SAAO,QAAK,IAAI,mBAAiB,OAAOA,CAAK,CAAC,CAAC,CACjD,CACF,CAAC,CACH,CAEA,mBACEJ,EAC+C,CAC/C,OAAO,cAAY,YAAY,SAAY,CACzC,GAAI,CACF,MAAMM,EAAW,MAAM,KAAK,IAAI,YAC9B,IAAI,2BACN,EACA,GAAIA,EAAS,SAAW,sBAAoB,QAC1C,SAAO,QAAKA,EAAS,KAAK,EAE5B,KAAM,CAAE,UAAAE,EAAW,iBAAAC,CAAiB,EAAIH,EAAS,KAE3CI,EAASV,EAAe,KAAKS,CAAgB,EAAE,MAAM,CAAC,EAC5D,SAAO,SAAM,CAAE,UAAAD,EAAW,OAAAE,CAAO,CAAC,CACpC,OAASN,EAAO,CACd,SAAO,QAAK,IAAI,mBAAiB,OAAOA,CAAK,CAAC,CAAC,CACjD,CACF,CAAC,CACH,CAEA,aACEO,EACAR,EACiD,CACjD,OAAQA,EAAM,KAAM,CAClB,IAAK,SACH,MAAO,CACL,KAAK,kBAAkBQ,CAAe,EACtC,KAAK,qBAAqBR,EAAM,IAAI,EACpC,KAAK,sBAAsBA,EAAM,IAAI,CACvC,EACF,IAAK,YACH,MAAO,CACL,KAAK,qBAAqBA,EAAM,IAAI,EACpC,KAAK,sBAAsBA,EAAM,IAAI,CACvC,CACJ,CACF,CAEA,kBAAkBS,EAAqB,CACrC,OAAO,cAAY,YACjB,SAAgE,CAC9D,GAAI,CACF,MAAMN,EAAW,MAAM,KAAK,IAAI,YAC9B,IAAI,yBAAuB,CAAE,QAAAM,CAAQ,CAAC,CACxC,EACA,OAAIN,EAAS,SAAW,sBAAoB,WACnC,QAAKA,EAAS,KAAK,KAErB,SAAM,IAAI,oBAAkBA,EAAS,IAAI,CAAC,CACnD,OAASF,EAAO,CACd,SAAO,QAAK,IAAI,mBAAiB,OAAOA,CAAK,CAAC,CAAC,CACjD,CACF,CACF,CACF,CAEA,kBAAkBO,EAAyB,CACzC,OAAO,KAAK,kBACV,cAAY,sBAAsB,CAChC,KAAM,cAAY,OAClB,KAAMA,CACR,CAAC,CACH,EAAE,MAAOJ,GACP,cAAY,cACV,mBAAgB,CACd,KAAM,cAAY,OAClB,KAAMI,EACN,GAAI,IAAMJ,EAAa,MAAM,EAC7B,MAAO,IAAMA,EAAa,SAAS,EACnC,mBAAoB,IAAMA,EAAa,sBAAsB,EAC7D,UAAW,IAAMA,EAAa,aAAa,EAC3C,SAAU,IAAMA,EAAa,YAAY,EACzC,UAAW,IAAMA,EAAa,aAAa,CAC7C,CAAC,CACH,CACF,CACF,CAEA,qBAAqB,CAAE,KAAAM,EAAM,UAAAC,EAAW,YAAAC,CAAY,EAAuB,CACzE,OAAO,KAAK,kBACV,cAAY,sBAAsB,CAChC,KAAM,cAAY,UAClB,KAAAF,EACA,UAAAC,EACA,YAAAC,CACF,CAAC,CACH,EAAE,MAAOR,GACP,cAAY,cACV,mBAAgB,CACd,KAAM,cAAY,UAClB,KAAAM,EACA,UAAAC,EACA,YAAAC,EACA,GAAI,IAAMR,EAAa,MAAM,EAC7B,UAAW,IAAMA,EAAa,aAAa,CAC7C,CAAC,CACH,CACF,CACF,CAEA,sBAAsB,CAAE,UAAAO,CAAU,EAA0C,CAC1E,OAAO,KAAK,kBACV,cAAY,sBAAsB,CAChC,KAAM,cAAY,WAClB,UAAWA,CACb,CAAC,CACH,EAAE,MAAOP,GACP,cAAY,cACV,mBAAgB,CACd,KAAM,cAAY,WAClB,UAAWO,EACX,GAAI,IAAMP,EAAa,MAAM,EAC7B,MAAO,IAAMA,EAAa,SAAS,EACnC,mBAAoB,IAAMA,EAAa,sBAAsB,EAC7D,UAAW,IAAMA,EAAa,aAAa,EAC3C,UAAW,IAAMA,EAAa,aAAa,CAC7C,CAAC,CACH,CACF,CACF,CAEA,aACET,EACA,CAAE,OAAAkB,EAAQ,SAAAf,EAAU,UAAAO,CAAU,EACK,CACnC,MAAMS,EAAkB,cAAY,QAClCT,EAAU,OACVQ,EAAO,GACPA,EAAO,MACT,EACA,OAAO,SAAO,SACZf,EAAS,IAAKW,GAAY,KAAK,eAAeJ,EAAU,OAAQI,CAAO,CAAC,CAC1E,EAAE,IAAKM,GACL,YAAU,SAAS,CACjB,UAAQ,sBAAmBpB,CAAM,EACjC,OAAQmB,EACR,SAAUC,EACV,UAAWV,EAAU,SACvB,CAAC,CACH,CACF,CAEA,eACEE,EACAE,EACuC,CACvC,OAAQA,EAAQ,KAAM,CACpB,KAAK,cAAY,OACjB,KAAK,cAAY,WAAY,CAC3B,MAAMO,EAAiB,cAAY,QACjCT,EACAE,EAAQ,GACRA,EAAQ,KACV,EACA,SAAO,SACL,cAAY,SAAS,CACnB,GAAGA,EACH,qBAAsBA,EAAQ,UAC9B,eAAAO,CACF,CAAC,CACH,CACF,CACA,KAAK,cAAY,UACf,SAAO,SAAM,cAAY,SAAS,CAAE,GAAGP,CAAQ,CAAC,CAAC,EACnD,QACE,SAAO,QAAK,IAAI,8BAA4BA,CAAO,CAAC,CACxD,CACF,CACF",
+  "names": ["SignBlockTask_exports", "__export", "SignBlockTask", "__toCommonJS", "import_device_management_kit", "import_purify_ts", "import_Errors", "import_SignBlockHeader", "import_SignBlockSignatureCommand", "import_SignBlockSingleCommand", "import_Tags", "import_crypto", "import_eitherSeqRecord", "import_LKRPBlock", "import_LKRPCommand", "import_TrustedProperties", "api", "lkrpDataSource", "trustchainId", "path", "jwt", "parent", "blockFlow", "sessionKeypair", "commands", "encryptedBlock", "block", "error", "commandCount", "response", "trustedProps", "signature", "deviceSessionKey", "secret", "applicationPath", "command", "name", "publicKey", "permissions", "header", "decryptedIssuer", "decryptedCommands", "encryptedXpriv"]
 }

package/lib/cjs/internal/app-binder/task/SignChallengeWithKeypairTask.js

@@ -1,2 +1,2 @@
-"use strict";var g=Object.defineProperty;var m=Object.getOwnPropertyDescriptor;var u=Object.getOwnPropertyNames;var x=Object.prototype.hasOwnProperty;var d=(a,t)=>{for(var n in t)g(a,n,{get:t[n],enumerable:!0})},v=(a,t,n,i)=>{if(t&&typeof t=="object"||typeof t=="function")for(let e of u(t))!x.call(a,e)&&e!==n&&g(a,e,{get:()=>t[e],enumerable:!(i=m(t,e))||i.enumerable});return a};var E=a=>v(g({},"__esModule",{value:!0}),a);var A={};d(A,{SignChallengeWithKeypairTask:()=>f});module.exports=E(A);var o=require("@ledgerhq/device-management-kit"),s=require("purify-ts"),p=require("../../../api/crypto/CryptoService"),h=require("../../../api/crypto/KeyPair"),l=require("../../../api/model/Errors"),c=require("../../utils/eitherSeqRecord");class f{constructor(t,n,i){this.cryptoService=t;this.keypair=n;this.trustchainId=i}run(t){const n=this.getAttestation(),i=this.getCredential(this.keypair.getPublicKeyToHex());return s.EitherAsync.liftEither(this.getUnsignedChallengeTLV(t.tlv)).map(e=>this.cryptoService.hash(e,p.HashAlgo.SHA256)).map(e=>this.keypair.sign(e,h.SigFormat.DER)).map(e=>(0,o.bufferToHexaString)(e,!1)).map(e=>({challenge:t.json,signature:{attestation:n,credential:i,signature:e}})).mapLeft(e=>e instanceof l.LKRPMissingDataError?e:new l.LKRPUnknownError(String(e)))}getAttestation(){const t=new TextEncoder().encode(this.trustchainId),n=Uint8Array.from([2,t.length,...t]);return(0,o.bufferToHexaString)(n,!1)}getCredential(t){return{version:0,curveId:33,signAlgorithm:1,publicKey:t}}getUnsignedChallengeTLV(t){const n=new o.ByteArrayParser((0,o.hexaStringToBuffer)(t)??new Uint8Array),i=new Map(function*(){for(;;){const r=n.extractFieldTLVEncoded();if(!r)break;yield[r.tag,r.value]}}());if(i.size>10)return(0,s.Left)(new l.LKRPMissingDataError("Challenge TLV contains unexpected data"));const e=(r,y)=>s.Maybe.fromNullable(i.get(r)).toEither(new l.LKRPMissingDataError(`Missing ${y} field`));return(0,c.eitherSeqRecord)({payloadType:()=>e(1,"Payload type"),version:()=>e(2,"Version"),challengeExpiry:()=>e(22,"Challenge expiry"),host:()=>e(32,"Host"),protocolVersion:()=>e(96,"Protocol version"),curveId:()=>e(50,"Curve ID"),publicKey:()=>e(51,"Public key"),challengeData:()=>e(18,"Challenge data"),signAlgorithm:()=>e(20,"Sign algorithm"),rpSignatureField:()=>e(21,"RP signature field")}).map(r=>Uint8Array.from([[1,r.payloadType.length,...r.payloadType],[2,r.version.length,...r.version],[18,r.challengeData.length,...r.challengeData],[22,r.challengeExpiry.length,...r.challengeExpiry],[32,r.host.length,...r.host],[96,r.protocolVersion.length,...r.protocolVersion]].flat()))}}0&&(module.exports={SignChallengeWithKeypairTask});
+"use strict";var g=Object.defineProperty;var m=Object.getOwnPropertyDescriptor;var x=Object.getOwnPropertyNames;var u=Object.prototype.hasOwnProperty;var d=(a,t)=>{for(var n in t)g(a,n,{get:t[n],enumerable:!0})},E=(a,t,n,i)=>{if(t&&typeof t=="object"||typeof t=="function")for(let e of x(t))!u.call(a,e)&&e!==n&&g(a,e,{get:()=>t[e],enumerable:!(i=m(t,e))||i.enumerable});return a};var v=a=>E(g({},"__esModule",{value:!0}),a);var C={};d(C,{SignChallengeWithKeypairTask:()=>A});module.exports=v(C);var p=require("@ledgerhq/device-management-kit"),l=require("purify-ts"),o=require("../../../api/app-binder/Errors"),h=require("../../utils/crypto"),y=require("../../utils/eitherSeqRecord"),s=require("../../utils/hex");class A{constructor(t,n){this.keypair=t;this.trustchainId=n}run(t){const n=this.getAttestation(),i=this.getCredential(this.keypair.pubKeyToHex());return l.EitherAsync.liftEither(this.getUnsignedChallengeTLV(t.tlv)).map(h.CryptoUtils.hash).map(e=>this.keypair.sign(e)).map(s.bytesToHex).map(e=>({challenge:t.json,signature:{attestation:n,credential:i,signature:e}})).mapLeft(e=>e instanceof o.LKRPMissingDataError?e:new o.LKRPUnknownError(String(e)))}getAttestation(){const t=new TextEncoder().encode(this.trustchainId),n=Uint8Array.from([2,t.length,...t]);return(0,s.bytesToHex)(n)}getCredential(t){return{version:0,curveId:33,signAlgorithm:1,publicKey:t}}getUnsignedChallengeTLV(t){const n=new p.ByteArrayParser((0,s.hexToBytes)(t)),i=new Map(function*(){for(;;){const r=n.extractFieldTLVEncoded();if(!r)break;yield[r.tag,r.value]}}());if(i.size>10)return(0,l.Left)(new o.LKRPMissingDataError("Challenge TLV contains unexpected data"));const e=(r,c)=>l.Maybe.fromNullable(i.get(r)).toEither(new o.LKRPMissingDataError(`Missing ${c} field`));return(0,y.eitherSeqRecord)({payloadType:()=>e(1,"Payload type"),version:()=>e(2,"Version"),challengeExpiry:()=>e(22,"Challenge expiry"),host:()=>e(32,"Host"),protocolVersion:()=>e(96,"Protocol version"),curveId:()=>e(50,"Curve ID"),publicKey:()=>e(51,"Public key"),challengeData:()=>e(18,"Challenge data"),signAlgorithm:()=>e(20,"Sign algorithm"),rpSignatureField:()=>e(21,"RP signature field")}).map(r=>Uint8Array.from([[1,r.payloadType.length,...r.payloadType],[2,r.version.length,...r.version],[18,r.challengeData.length,...r.challengeData],[22,r.challengeExpiry.length,...r.challengeExpiry],[32,r.host.length,...r.host],[96,r.protocolVersion.length,...r.protocolVersion]].flat()))}}0&&(module.exports={SignChallengeWithKeypairTask});
 //# sourceMappingURL=SignChallengeWithKeypairTask.js.map

package/lib/cjs/internal/app-binder/task/SignChallengeWithKeypairTask.js.map

@@ -1,7 +1,7 @@
 {
   "version": 3,
   "sources": ["../../../../../src/internal/app-binder/task/SignChallengeWithKeypairTask.ts"],
-  "sourcesContent": ["import {\n  bufferToHexaString,\n  ByteArrayParser,\n  hexaStringToBuffer,\n} from \"@ledgerhq/device-management-kit\";\nimport { type Either, EitherAsync, Left, Maybe } from \"purify-ts\";\n\nimport { type CryptoService, HashAlgo } from \"@api/crypto/CryptoService\";\nimport { type KeyPair, SigFormat } from \"@api/crypto/KeyPair\";\nimport { LKRPMissingDataError, LKRPUnknownError } from \"@api/model/Errors\";\nimport {\n  type AuthenticationPayload,\n  type Challenge,\n} from \"@internal/lkrp-datasource/data/LKRPDataSource\";\nimport { eitherSeqRecord } from \"@internal/utils/eitherSeqRecord\";\n\nexport class SignChallengeWithKeypairTask {\n  constructor(\n    private readonly cryptoService: CryptoService,\n    private readonly keypair: KeyPair,\n    private readonly trustchainId: string,\n  ) {}\n\n  run(\n    challenge: Challenge,\n  ): EitherAsync<\n    LKRPMissingDataError | LKRPUnknownError,\n    AuthenticationPayload\n  > {\n    const attestation = this.getAttestation();\n    const credential = this.getCredential(this.keypair.getPublicKeyToHex());\n\n    return EitherAsync.liftEither(this.getUnsignedChallengeTLV(challenge.tlv))\n      .map((buf) => this.cryptoService.hash(buf, HashAlgo.SHA256))\n      .map((hash) => this.keypair.sign(hash, SigFormat.DER))\n      .map((str) => bufferToHexaString(str, false))\n      .map((signature) => ({\n        challenge: challenge.json,\n        signature: { attestation, credential, signature },\n      }))\n      .mapLeft((error) =>\n        error instanceof LKRPMissingDataError\n          ? error\n          : new LKRPUnknownError(String(error)),\n      );\n  }\n\n  // Spec https://ledgerhq.atlassian.net/wiki/spaces/TA/pages/4335960138/ARCH+LedgerLive+Auth+specifications\n  private getAttestation() {\n    const bytes = new TextEncoder().encode(this.trustchainId);\n    const attestation = Uint8Array.from([0x02, bytes.length, ...bytes]);\n    return bufferToHexaString(attestation, false);\n  }\n\n  private getCredential(publicKey: string) {\n    return { version: 0, curveId: 33, signAlgorithm: 1, publicKey };\n  }\n\n  private getUnsignedChallengeTLV(\n    tlv: string,\n  ): Either<LKRPMissingDataError, Uint8Array> {\n    const parser = new ByteArrayParser(\n      hexaStringToBuffer(tlv) ?? new Uint8Array(),\n    );\n    const parsed = new Map(\n      (function* () {\n        while (true) {\n          const field = parser.extractFieldTLVEncoded();\n          if (!field) break; // No more fields to extract\n          yield [field.tag, field.value];\n        }\n      })(),\n    );\n\n    // We expect 10 fields in the TLV\n    if (parsed.size > 10) {\n      return Left(\n        new LKRPMissingDataError(\"Challenge TLV contains unexpected data\"),\n      );\n    }\n\n    const getField = (tag: number, fieldName: string) =>\n      Maybe.fromNullable(parsed.get(tag)).toEither(\n        new LKRPMissingDataError(`Missing ${fieldName} field`),\n      );\n\n    return eitherSeqRecord({\n      // Unsigned fields\n      payloadType: () => getField(0x01, \"Payload type\"),\n      version: () => getField(0x02, \"Version\"),\n      challengeExpiry: () => getField(0x16, \"Challenge expiry\"),\n      host: () => getField(0x20, \"Host\"),\n      protocolVersion: () => getField(0x60, \"Protocol version\"),\n\n      // Signed fields\n      curveId: () => getField(0x32, \"Curve ID\"),\n      publicKey: () => getField(0x33, \"Public key\"),\n      challengeData: () => getField(0x12, \"Challenge data\"),\n      signAlgorithm: () => getField(0x14, \"Sign algorithm\"),\n      rpSignatureField: () => getField(0x15, \"RP signature field\"),\n    }).map((fields) =>\n      Uint8Array.from(\n        [\n          [0x01, fields.payloadType.length, ...fields.payloadType],\n          [0x02, fields.version.length, ...fields.version],\n          [0x12, fields.challengeData.length, ...fields.challengeData],\n          [0x16, fields.challengeExpiry.length, ...fields.challengeExpiry],\n          [0x20, fields.host.length, ...fields.host],\n          [0x60, fields.protocolVersion.length, ...fields.protocolVersion],\n        ].flat(),\n      ),\n    );\n  }\n}\n"],
-  "mappings": "yaAAA,IAAAA,EAAA,GAAAC,EAAAD,EAAA,kCAAAE,IAAA,eAAAC,EAAAH,GAAA,IAAAI,EAIO,2CACPC,EAAsD,qBAEtDC,EAA6C,qCAC7CC,EAAwC,+BACxCC,EAAuD,6BAKvDC,EAAgC,2CAEzB,MAAMP,CAA6B,CACxC,YACmBQ,EACAC,EACAC,EACjB,CAHiB,mBAAAF,EACA,aAAAC,EACA,kBAAAC,CAChB,CAEH,IACEC,EAIA,CACA,MAAMC,EAAc,KAAK,eAAe,EAClCC,EAAa,KAAK,cAAc,KAAK,QAAQ,kBAAkB,CAAC,EAEtE,OAAO,cAAY,WAAW,KAAK,wBAAwBF,EAAU,GAAG,CAAC,EACtE,IAAKG,GAAQ,KAAK,cAAc,KAAKA,EAAK,WAAS,MAAM,CAAC,EAC1D,IAAKC,GAAS,KAAK,QAAQ,KAAKA,EAAM,YAAU,GAAG,CAAC,EACpD,IAAKC,MAAQ,sBAAmBA,EAAK,EAAK,CAAC,EAC3C,IAAKC,IAAe,CACnB,UAAWN,EAAU,KACrB,UAAW,CAAE,YAAAC,EAAa,WAAAC,EAAY,UAAAI,CAAU,CAClD,EAAE,EACD,QAASC,GACRA,aAAiB,uBACbA,EACA,IAAI,mBAAiB,OAAOA,CAAK,CAAC,CACxC,CACJ,CAGQ,gBAAiB,CACvB,MAAMC,EAAQ,IAAI,YAAY,EAAE,OAAO,KAAK,YAAY,EAClDP,EAAc,WAAW,KAAK,CAAC,EAAMO,EAAM,OAAQ,GAAGA,CAAK,CAAC,EAClE,SAAO,sBAAmBP,EAAa,EAAK,CAC9C,CAEQ,cAAcQ,EAAmB,CACvC,MAAO,CAAE,QAAS,EAAG,QAAS,GAAI,cAAe,EAAG,UAAAA,CAAU,CAChE,CAEQ,wBACNC,EAC0C,CAC1C,MAAMC,EAAS,IAAI,qBACjB,sBAAmBD,CAAG,GAAK,IAAI,UACjC,EACME,EAAS,IAAI,IAChB,WAAa,CACZ,OAAa,CACX,MAAMC,EAAQF,EAAO,uBAAuB,EAC5C,GAAI,CAACE,EAAO,MACZ,KAAM,CAACA,EAAM,IAAKA,EAAM,KAAK,CAC/B,CACF,EAAG,CACL,EAGA,GAAID,EAAO,KAAO,GAChB,SAAO,QACL,IAAI,uBAAqB,wCAAwC,CACnE,EAGF,MAAME,EAAW,CAACC,EAAaC,IAC7B,QAAM,aAAaJ,EAAO,IAAIG,CAAG,CAAC,EAAE,SAClC,IAAI,uBAAqB,WAAWC,CAAS,QAAQ,CACvD,EAEF,SAAO,mBAAgB,CAErB,YAAa,IAAMF,EAAS,EAAM,cAAc,EAChD,QAAS,IAAMA,EAAS,EAAM,SAAS,EACvC,gBAAiB,IAAMA,EAAS,GAAM,kBAAkB,EACxD,KAAM,IAAMA,EAAS,GAAM,MAAM,EACjC,gBAAiB,IAAMA,EAAS,GAAM,kBAAkB,EAGxD,QAAS,IAAMA,EAAS,GAAM,UAAU,EACxC,UAAW,IAAMA,EAAS,GAAM,YAAY,EAC5C,cAAe,IAAMA,EAAS,GAAM,gBAAgB,EACpD,cAAe,IAAMA,EAAS,GAAM,gBAAgB,EACpD,iBAAkB,IAAMA,EAAS,GAAM,oBAAoB,CAC7D,CAAC,EAAE,IAAKG,GACN,WAAW,KACT,CACE,CAAC,EAAMA,EAAO,YAAY,OAAQ,GAAGA,EAAO,WAAW,EACvD,CAAC,EAAMA,EAAO,QAAQ,OAAQ,GAAGA,EAAO,OAAO,EAC/C,CAAC,GAAMA,EAAO,cAAc,OAAQ,GAAGA,EAAO,aAAa,EAC3D,CAAC,GAAMA,EAAO,gBAAgB,OAAQ,GAAGA,EAAO,eAAe,EAC/D,CAAC,GAAMA,EAAO,KAAK,OAAQ,GAAGA,EAAO,IAAI,EACzC,CAAC,GAAMA,EAAO,gBAAgB,OAAQ,GAAGA,EAAO,eAAe,CACjE,EAAE,KAAK,CACT,CACF,CACF,CACF",
-  "names": ["SignChallengeWithKeypairTask_exports", "__export", "SignChallengeWithKeypairTask", "__toCommonJS", "import_device_management_kit", "import_purify_ts", "import_CryptoService", "import_KeyPair", "import_Errors", "import_eitherSeqRecord", "cryptoService", "keypair", "trustchainId", "challenge", "attestation", "credential", "buf", "hash", "str", "signature", "error", "bytes", "publicKey", "tlv", "parser", "parsed", "field", "getField", "tag", "fieldName", "fields"]
+  "sourcesContent": ["import { ByteArrayParser } from \"@ledgerhq/device-management-kit\";\nimport { type Either, EitherAsync, Left, Maybe } from \"purify-ts\";\n\nimport { LKRPMissingDataError, LKRPUnknownError } from \"@api/app-binder/Errors\";\nimport { type Keypair } from \"@api/app-binder/LKRPTypes\";\nimport {\n  type AuthenticationPayload,\n  type Challenge,\n} from \"@internal/lkrp-datasource/data/LKRPDataSource\";\nimport { CryptoUtils } from \"@internal/utils/crypto\";\nimport { eitherSeqRecord } from \"@internal/utils/eitherSeqRecord\";\nimport { bytesToHex, hexToBytes } from \"@internal/utils/hex\";\n\nexport class SignChallengeWithKeypairTask {\n  constructor(\n    private readonly keypair: Keypair,\n    private readonly trustchainId: string,\n  ) {}\n\n  run(\n    challenge: Challenge,\n  ): EitherAsync<\n    LKRPMissingDataError | LKRPUnknownError,\n    AuthenticationPayload\n  > {\n    const attestation = this.getAttestation();\n    const credential = this.getCredential(this.keypair.pubKeyToHex());\n\n    return EitherAsync.liftEither(this.getUnsignedChallengeTLV(challenge.tlv))\n      .map(CryptoUtils.hash)\n      .map((hash) => this.keypair.sign(hash))\n      .map(bytesToHex)\n      .map((signature) => ({\n        challenge: challenge.json,\n        signature: { attestation, credential, signature },\n      }))\n      .mapLeft((error) =>\n        error instanceof LKRPMissingDataError\n          ? error\n          : new LKRPUnknownError(String(error)),\n      );\n  }\n\n  // Spec https://ledgerhq.atlassian.net/wiki/spaces/TA/pages/4335960138/ARCH+LedgerLive+Auth+specifications\n  private getAttestation() {\n    const bytes = new TextEncoder().encode(this.trustchainId);\n    const attestation = Uint8Array.from([0x02, bytes.length, ...bytes]);\n    return bytesToHex(attestation);\n  }\n\n  private getCredential(publicKey: string) {\n    return { version: 0, curveId: 33, signAlgorithm: 1, publicKey };\n  }\n\n  private getUnsignedChallengeTLV(\n    tlv: string,\n  ): Either<LKRPMissingDataError, Uint8Array> {\n    const parser = new ByteArrayParser(hexToBytes(tlv));\n    const parsed = new Map(\n      (function* () {\n        while (true) {\n          const field = parser.extractFieldTLVEncoded();\n          if (!field) break; // No more fields to extract\n          yield [field.tag, field.value];\n        }\n      })(),\n    );\n\n    // We expect 10 fields in the TLV\n    if (parsed.size > 10) {\n      return Left(\n        new LKRPMissingDataError(\"Challenge TLV contains unexpected data\"),\n      );\n    }\n\n    const getField = (tag: number, fieldName: string) =>\n      Maybe.fromNullable(parsed.get(tag)).toEither(\n        new LKRPMissingDataError(`Missing ${fieldName} field`),\n      );\n\n    return eitherSeqRecord({\n      // Unsigned fields\n      payloadType: () => getField(0x01, \"Payload type\"),\n      version: () => getField(0x02, \"Version\"),\n      challengeExpiry: () => getField(0x16, \"Challenge expiry\"),\n      host: () => getField(0x20, \"Host\"),\n      protocolVersion: () => getField(0x60, \"Protocol version\"),\n\n      // Signed fields\n      curveId: () => getField(0x32, \"Curve ID\"),\n      publicKey: () => getField(0x33, \"Public key\"),\n      challengeData: () => getField(0x12, \"Challenge data\"),\n      signAlgorithm: () => getField(0x14, \"Sign algorithm\"),\n      rpSignatureField: () => getField(0x15, \"RP signature field\"),\n    }).map((fields) =>\n      Uint8Array.from(\n        [\n          [0x01, fields.payloadType.length, ...fields.payloadType],\n          [0x02, fields.version.length, ...fields.version],\n          [0x12, fields.challengeData.length, ...fields.challengeData],\n          [0x16, fields.challengeExpiry.length, ...fields.challengeExpiry],\n          [0x20, fields.host.length, ...fields.host],\n          [0x60, fields.protocolVersion.length, ...fields.protocolVersion],\n        ].flat(),\n      ),\n    );\n  }\n}\n"],
+  "mappings": "yaAAA,IAAAA,EAAA,GAAAC,EAAAD,EAAA,kCAAAE,IAAA,eAAAC,EAAAH,GAAA,IAAAI,EAAgC,2CAChCC,EAAsD,qBAEtDC,EAAuD,kCAMvDC,EAA4B,kCAC5BC,EAAgC,2CAChCC,EAAuC,+BAEhC,MAAMP,CAA6B,CACxC,YACmBQ,EACAC,EACjB,CAFiB,aAAAD,EACA,kBAAAC,CAChB,CAEH,IACEC,EAIA,CACA,MAAMC,EAAc,KAAK,eAAe,EAClCC,EAAa,KAAK,cAAc,KAAK,QAAQ,YAAY,CAAC,EAEhE,OAAO,cAAY,WAAW,KAAK,wBAAwBF,EAAU,GAAG,CAAC,EACtE,IAAI,cAAY,IAAI,EACpB,IAAKG,GAAS,KAAK,QAAQ,KAAKA,CAAI,CAAC,EACrC,IAAI,YAAU,EACd,IAAKC,IAAe,CACnB,UAAWJ,EAAU,KACrB,UAAW,CAAE,YAAAC,EAAa,WAAAC,EAAY,UAAAE,CAAU,CAClD,EAAE,EACD,QAASC,GACRA,aAAiB,uBACbA,EACA,IAAI,mBAAiB,OAAOA,CAAK,CAAC,CACxC,CACJ,CAGQ,gBAAiB,CACvB,MAAMC,EAAQ,IAAI,YAAY,EAAE,OAAO,KAAK,YAAY,EAClDL,EAAc,WAAW,KAAK,CAAC,EAAMK,EAAM,OAAQ,GAAGA,CAAK,CAAC,EAClE,SAAO,cAAWL,CAAW,CAC/B,CAEQ,cAAcM,EAAmB,CACvC,MAAO,CAAE,QAAS,EAAG,QAAS,GAAI,cAAe,EAAG,UAAAA,CAAU,CAChE,CAEQ,wBACNC,EAC0C,CAC1C,MAAMC,EAAS,IAAI,qBAAgB,cAAWD,CAAG,CAAC,EAC5CE,EAAS,IAAI,IAChB,WAAa,CACZ,OAAa,CACX,MAAMC,EAAQF,EAAO,uBAAuB,EAC5C,GAAI,CAACE,EAAO,MACZ,KAAM,CAACA,EAAM,IAAKA,EAAM,KAAK,CAC/B,CACF,EAAG,CACL,EAGA,GAAID,EAAO,KAAO,GAChB,SAAO,QACL,IAAI,uBAAqB,wCAAwC,CACnE,EAGF,MAAME,EAAW,CAACC,EAAaC,IAC7B,QAAM,aAAaJ,EAAO,IAAIG,CAAG,CAAC,EAAE,SAClC,IAAI,uBAAqB,WAAWC,CAAS,QAAQ,CACvD,EAEF,SAAO,mBAAgB,CAErB,YAAa,IAAMF,EAAS,EAAM,cAAc,EAChD,QAAS,IAAMA,EAAS,EAAM,SAAS,EACvC,gBAAiB,IAAMA,EAAS,GAAM,kBAAkB,EACxD,KAAM,IAAMA,EAAS,GAAM,MAAM,EACjC,gBAAiB,IAAMA,EAAS,GAAM,kBAAkB,EAGxD,QAAS,IAAMA,EAAS,GAAM,UAAU,EACxC,UAAW,IAAMA,EAAS,GAAM,YAAY,EAC5C,cAAe,IAAMA,EAAS,GAAM,gBAAgB,EACpD,cAAe,IAAMA,EAAS,GAAM,gBAAgB,EACpD,iBAAkB,IAAMA,EAAS,GAAM,oBAAoB,CAC7D,CAAC,EAAE,IAAKG,GACN,WAAW,KACT,CACE,CAAC,EAAMA,EAAO,YAAY,OAAQ,GAAGA,EAAO,WAAW,EACvD,CAAC,EAAMA,EAAO,QAAQ,OAAQ,GAAGA,EAAO,OAAO,EAC/C,CAAC,GAAMA,EAAO,cAAc,OAAQ,GAAGA,EAAO,aAAa,EAC3D,CAAC,GAAMA,EAAO,gBAAgB,OAAQ,GAAGA,EAAO,eAAe,EAC/D,CAAC,GAAMA,EAAO,KAAK,OAAQ,GAAGA,EAAO,IAAI,EACzC,CAAC,GAAMA,EAAO,gBAAgB,OAAQ,GAAGA,EAAO,eAAe,CACjE,EAAE,KAAK,CACT,CACF,CACF,CACF",
+  "names": ["SignChallengeWithKeypairTask_exports", "__export", "SignChallengeWithKeypairTask", "__toCommonJS", "import_device_management_kit", "import_purify_ts", "import_Errors", "import_crypto", "import_eitherSeqRecord", "import_hex", "keypair", "trustchainId", "challenge", "attestation", "credential", "hash", "signature", "error", "bytes", "publicKey", "tlv", "parser", "parsed", "field", "getField", "tag", "fieldName", "fields"]
 }

package/lib/cjs/internal/app-binder/task/SignChallengeWithKeypairTask.test.js

@@ -1,2 +1,2 @@
-"use strict";var s=require("@ledgerhq/device-management-kit"),f=require("../../../api/crypto/CryptoService"),o=require("../../../api/crypto/noble/NobleCryptoService"),b=require("../../../api/model/Errors"),r=require("./SignChallengeWithKeypairTask");const n=new o.NobleCryptoService;describe("SignChallengeWithKeypairTask",()=>{it("should sign a challenge with a keypair",async()=>{const{challenge:e,keypair:a,trustchainId:c}=d(),i=await new r.SignChallengeWithKeypairTask(n,a,c).run(e).run();expect(i.isRight()).toBe(!0),i.ifRight(t=>{expect(t.challenge).toBe(e.json),expect(t.signature.credential).toEqual({version:0,curveId:33,signAlgorithm:1,publicKey:a.getPublicKeyToHex()}),expect(t.signature.attestation).toBe("0242303062373538386231393136633036373635343632656266343530363734346665323565643164623831393635326532646562613732313338393738396364633337"),expect(t.signature.signature).toBe("3045022100e9fead4e341f4e145f8888d7897184ff585e23c832a4c7acd15b5a2e53c58d2902204c58596d039960ab9b56ba4f9d27dbc5e647dbe779089e5e7e608501c5270049")})}),it("should handle invalid challenge",async()=>{const{challenge:e,keypair:a,trustchainId:c}=d({tlv:"invalid-tlv"});(await new r.SignChallengeWithKeypairTask(n,a,c).run(e).run()).ifLeft(t=>expect(t).toBeInstanceOf(b.LKRPMissingDataError))})});function d({privateKey:e="b21ef366414b1aaba29b9576b7c1a661d663cfd8b4f998257dddbf7dc60d315d",trustchainId:a="00b7588b1916c06765462ebf4506744fe25ed1db819652e2deba721389789cdc37",tlv:c="0101070201001210bb1ea0c98526e1ea2deb7c7537f2989514010115473045022038632e8fa245483f0ecdbaa4ca0d455a03e7510da269d2089fed0d5cfa69d3d6022100c2f938d60bf1c34e96a2d332822a86059d90ec26ea222189cd9731834a5c151216046878ab74202b7472757374636861696e2d6261636b656e642e6170692e6177732e7374672e6c64672d746563682e636f6d320121332103cb7628e7248ddf9c07da54b979f16bf081fb3d173aac0992ad2a44ef6a388ae2600401000000"}={}){return{challenge:{tlv:c,json:{}},keypair:n.importKeyPair((0,s.hexaStringToBuffer)(e),f.Curve.K256),trustchainId:a}}
+"use strict";var r=require("../../../api/app-binder/Errors"),s=require("../../../api/app-binder/KeypairFromBytes"),f=require("../../utils/hex"),d=require("./SignChallengeWithKeypairTask");describe("SignChallengeWithKeypairTask",()=>{it("should sign a challenge with a keypair",async()=>{const{challenge:e,keypair:a,trustchainId:c}=i(),n=await new d.SignChallengeWithKeypairTask(a,c).run(e).run();expect(n.isRight()).toBe(!0),n.ifRight(t=>{expect(t.challenge).toBe(e.json),expect(t.signature.credential).toEqual({version:0,curveId:33,signAlgorithm:1,publicKey:a.pubKeyToHex()}),expect(t.signature.attestation).toBe("0242303062373538386231393136633036373635343632656266343530363734346665323565643164623831393635326532646562613732313338393738396364633337"),expect(t.signature.signature).toBe("3045022100e9fead4e341f4e145f8888d7897184ff585e23c832a4c7acd15b5a2e53c58d2902204c58596d039960ab9b56ba4f9d27dbc5e647dbe779089e5e7e608501c5270049")})}),it("should handle invalid challenge",async()=>{const{challenge:e,keypair:a,trustchainId:c}=i({tlv:"invalid-tlv"});(await new d.SignChallengeWithKeypairTask(a,c).run(e).run()).ifLeft(t=>expect(t).toBeInstanceOf(r.LKRPMissingDataError))})});function i({privateKey:e="b21ef366414b1aaba29b9576b7c1a661d663cfd8b4f998257dddbf7dc60d315d",trustchainId:a="00b7588b1916c06765462ebf4506744fe25ed1db819652e2deba721389789cdc37",tlv:c="0101070201001210bb1ea0c98526e1ea2deb7c7537f2989514010115473045022038632e8fa245483f0ecdbaa4ca0d455a03e7510da269d2089fed0d5cfa69d3d6022100c2f938d60bf1c34e96a2d332822a86059d90ec26ea222189cd9731834a5c151216046878ab74202b7472757374636861696e2d6261636b656e642e6170692e6177732e7374672e6c64672d746563682e636f6d320121332103cb7628e7248ddf9c07da54b979f16bf081fb3d173aac0992ad2a44ef6a388ae2600401000000"}={}){return{challenge:{tlv:c,json:{}},keypair:new s.KeypairFromBytes((0,f.hexToBytes)(e)),trustchainId:a}}
 //# sourceMappingURL=SignChallengeWithKeypairTask.test.js.map

package/lib/cjs/internal/app-binder/task/SignChallengeWithKeypairTask.test.js.map

@@ -1,7 +1,7 @@
 {
   "version": 3,
   "sources": ["../../../../../src/internal/app-binder/task/SignChallengeWithKeypairTask.test.ts"],
-  "sourcesContent": ["import { hexaStringToBuffer } from \"@ledgerhq/device-management-kit\";\n\nimport { Curve } from \"@api/crypto/CryptoService\";\nimport { NobleCryptoService } from \"@api/crypto/noble/NobleCryptoService\";\nimport { LKRPMissingDataError } from \"@api/model/Errors\";\nimport { type Challenge } from \"@internal/lkrp-datasource/data/LKRPDataSource\";\n\nimport { SignChallengeWithKeypairTask } from \"./SignChallengeWithKeypairTask\";\n\nconst cryptoService = new NobleCryptoService();\n\ndescribe(\"SignChallengeWithKeypairTask\", () => {\n  it(\"should sign a challenge with a keypair\", async () => {\n    // GIVEN\n    const { challenge, keypair, trustchainId } = getParameters();\n\n    // WHEN\n    const task = new SignChallengeWithKeypairTask(\n      cryptoService,\n      keypair,\n      trustchainId,\n    );\n    const result = await task.run(challenge).run();\n\n    // THEN\n    expect(result.isRight()).toBe(true);\n    result.ifRight((payload) => {\n      expect(payload.challenge).toBe(challenge.json);\n      expect(payload.signature.credential).toEqual({\n        version: 0,\n        curveId: 33,\n        signAlgorithm: 1,\n        publicKey: keypair.getPublicKeyToHex(),\n      });\n      expect(payload.signature.attestation).toBe(\n        \"0242303062373538386231393136633036373635343632656266343530363734346665323565643164623831393635326532646562613732313338393738396364633337\",\n      );\n      expect(payload.signature.signature).toBe(\n        \"3045022100e9fead4e341f4e145f8888d7897184ff585e23c832a4c7acd15b5a2e53c58d2902204c58596d039960ab9b56ba4f9d27dbc5e647dbe779089e5e7e608501c5270049\",\n      );\n    });\n  });\n\n  it(\"should handle invalid challenge\", async () => {\n    // GIVEN\n    const { challenge, keypair, trustchainId } = getParameters({\n      tlv: \"invalid-tlv\", // Invalid TLV\n    });\n\n    // WHEN\n    const task = new SignChallengeWithKeypairTask(\n      cryptoService,\n      keypair,\n      trustchainId,\n    );\n    const result = await task.run(challenge).run();\n\n    // THEN\n    result.ifLeft((error) =>\n      expect(error).toBeInstanceOf(LKRPMissingDataError),\n    );\n  });\n});\n\nfunction getParameters({\n  privateKey = \"b21ef366414b1aaba29b9576b7c1a661d663cfd8b4f998257dddbf7dc60d315d\",\n  trustchainId = \"00b7588b1916c06765462ebf4506744fe25ed1db819652e2deba721389789cdc37\",\n  tlv = \"0101070201001210bb1ea0c98526e1ea2deb7c7537f2989514010115473045022038632e8fa245483f0ecdbaa4ca0d455a03e7510da269d2089fed0d5cfa69d3d6022100c2f938d60bf1c34e96a2d332822a86059d90ec26ea222189cd9731834a5c151216046878ab74202b7472757374636861696e2d6261636b656e642e6170692e6177732e7374672e6c64672d746563682e636f6d320121332103cb7628e7248ddf9c07da54b979f16bf081fb3d173aac0992ad2a44ef6a388ae2600401000000\",\n} = {}) {\n  return {\n    challenge: { tlv, json: {} as Challenge[\"json\"] },\n    keypair: cryptoService.importKeyPair(\n      hexaStringToBuffer(privateKey)!,\n      Curve.K256,\n    ),\n    trustchainId,\n  };\n}\n"],
-  "mappings": "aAAA,IAAAA,EAAmC,2CAEnCC,EAAsB,qCACtBC,EAAmC,gDACnCC,EAAqC,6BAGrCC,EAA6C,0CAE7C,MAAMC,EAAgB,IAAI,qBAE1B,SAAS,+BAAgC,IAAM,CAC7C,GAAG,yCAA0C,SAAY,CAEvD,KAAM,CAAE,UAAAC,EAAW,QAAAC,EAAS,aAAAC,CAAa,EAAIC,EAAc,EAQrDC,EAAS,MALF,IAAI,+BACfL,EACAE,EACAC,CACF,EAC0B,IAAIF,CAAS,EAAE,IAAI,EAG7C,OAAOI,EAAO,QAAQ,CAAC,EAAE,KAAK,EAAI,EAClCA,EAAO,QAASC,GAAY,CAC1B,OAAOA,EAAQ,SAAS,EAAE,KAAKL,EAAU,IAAI,EAC7C,OAAOK,EAAQ,UAAU,UAAU,EAAE,QAAQ,CAC3C,QAAS,EACT,QAAS,GACT,cAAe,EACf,UAAWJ,EAAQ,kBAAkB,CACvC,CAAC,EACD,OAAOI,EAAQ,UAAU,WAAW,EAAE,KACpC,0IACF,EACA,OAAOA,EAAQ,UAAU,SAAS,EAAE,KAClC,gJACF,CACF,CAAC,CACH,CAAC,EAED,GAAG,kCAAmC,SAAY,CAEhD,KAAM,CAAE,UAAAL,EAAW,QAAAC,EAAS,aAAAC,CAAa,EAAIC,EAAc,CACzD,IAAK,aACP,CAAC,GAQc,MALF,IAAI,+BACfJ,EACAE,EACAC,CACF,EAC0B,IAAIF,CAAS,EAAE,IAAI,GAGtC,OAAQM,GACb,OAAOA,CAAK,EAAE,eAAe,sBAAoB,CACnD,CACF,CAAC,CACH,CAAC,EAED,SAASH,EAAc,CACrB,WAAAI,EAAa,mEACb,aAAAL,EAAe,qEACf,IAAAM,EAAM,wYACR,EAAI,CAAC,EAAG,CACN,MAAO,CACL,UAAW,CAAE,IAAAA,EAAK,KAAM,CAAC,CAAuB,EAChD,QAAST,EAAc,iBACrB,sBAAmBQ,CAAU,EAC7B,QAAM,IACR,EACA,aAAAL,CACF,CACF",
-  "names": ["import_device_management_kit", "import_CryptoService", "import_NobleCryptoService", "import_Errors", "import_SignChallengeWithKeypairTask", "cryptoService", "challenge", "keypair", "trustchainId", "getParameters", "result", "payload", "error", "privateKey", "tlv"]
+  "sourcesContent": ["import { LKRPMissingDataError } from \"@api/app-binder/Errors\";\nimport { KeypairFromBytes } from \"@api/app-binder/KeypairFromBytes\";\nimport { type Challenge } from \"@internal/lkrp-datasource/data/LKRPDataSource\";\nimport { hexToBytes } from \"@internal/utils/hex\";\n\nimport { SignChallengeWithKeypairTask } from \"./SignChallengeWithKeypairTask\";\n\ndescribe(\"SignChallengeWithKeypairTask\", () => {\n  it(\"should sign a challenge with a keypair\", async () => {\n    // GIVEN\n    const { challenge, keypair, trustchainId } = getParameters();\n\n    // WHEN\n    const task = new SignChallengeWithKeypairTask(keypair, trustchainId);\n    const result = await task.run(challenge).run();\n\n    // THEN\n    expect(result.isRight()).toBe(true);\n    result.ifRight((payload) => {\n      expect(payload.challenge).toBe(challenge.json);\n      expect(payload.signature.credential).toEqual({\n        version: 0,\n        curveId: 33,\n        signAlgorithm: 1,\n        publicKey: keypair.pubKeyToHex(),\n      });\n      expect(payload.signature.attestation).toBe(\n        \"0242303062373538386231393136633036373635343632656266343530363734346665323565643164623831393635326532646562613732313338393738396364633337\",\n      );\n      expect(payload.signature.signature).toBe(\n        \"3045022100e9fead4e341f4e145f8888d7897184ff585e23c832a4c7acd15b5a2e53c58d2902204c58596d039960ab9b56ba4f9d27dbc5e647dbe779089e5e7e608501c5270049\",\n      );\n    });\n  });\n\n  it(\"should handle invalid challenge\", async () => {\n    // GIVEN\n    const { challenge, keypair, trustchainId } = getParameters({\n      tlv: \"invalid-tlv\", // Invalid TLV\n    });\n\n    // WHEN\n    const task = new SignChallengeWithKeypairTask(keypair, trustchainId);\n    const result = await task.run(challenge).run();\n\n    // THEN\n    result.ifLeft((error) =>\n      expect(error).toBeInstanceOf(LKRPMissingDataError),\n    );\n  });\n});\n\nfunction getParameters({\n  privateKey = \"b21ef366414b1aaba29b9576b7c1a661d663cfd8b4f998257dddbf7dc60d315d\",\n  trustchainId = \"00b7588b1916c06765462ebf4506744fe25ed1db819652e2deba721389789cdc37\",\n  tlv = \"0101070201001210bb1ea0c98526e1ea2deb7c7537f2989514010115473045022038632e8fa245483f0ecdbaa4ca0d455a03e7510da269d2089fed0d5cfa69d3d6022100c2f938d60bf1c34e96a2d332822a86059d90ec26ea222189cd9731834a5c151216046878ab74202b7472757374636861696e2d6261636b656e642e6170692e6177732e7374672e6c64672d746563682e636f6d320121332103cb7628e7248ddf9c07da54b979f16bf081fb3d173aac0992ad2a44ef6a388ae2600401000000\",\n} = {}) {\n  return {\n    challenge: { tlv, json: {} as Challenge[\"json\"] },\n    keypair: new KeypairFromBytes(hexToBytes(privateKey)),\n    trustchainId,\n  };\n}\n"],
+  "mappings": "aAAA,IAAAA,EAAqC,kCACrCC,EAAiC,4CAEjCC,EAA2B,+BAE3BC,EAA6C,0CAE7C,SAAS,+BAAgC,IAAM,CAC7C,GAAG,yCAA0C,SAAY,CAEvD,KAAM,CAAE,UAAAC,EAAW,QAAAC,EAAS,aAAAC,CAAa,EAAIC,EAAc,EAIrDC,EAAS,MADF,IAAI,+BAA6BH,EAASC,CAAY,EACzC,IAAIF,CAAS,EAAE,IAAI,EAG7C,OAAOI,EAAO,QAAQ,CAAC,EAAE,KAAK,EAAI,EAClCA,EAAO,QAASC,GAAY,CAC1B,OAAOA,EAAQ,SAAS,EAAE,KAAKL,EAAU,IAAI,EAC7C,OAAOK,EAAQ,UAAU,UAAU,EAAE,QAAQ,CAC3C,QAAS,EACT,QAAS,GACT,cAAe,EACf,UAAWJ,EAAQ,YAAY,CACjC,CAAC,EACD,OAAOI,EAAQ,UAAU,WAAW,EAAE,KACpC,0IACF,EACA,OAAOA,EAAQ,UAAU,SAAS,EAAE,KAClC,gJACF,CACF,CAAC,CACH,CAAC,EAED,GAAG,kCAAmC,SAAY,CAEhD,KAAM,CAAE,UAAAL,EAAW,QAAAC,EAAS,aAAAC,CAAa,EAAIC,EAAc,CACzD,IAAK,aACP,CAAC,GAIc,MADF,IAAI,+BAA6BF,EAASC,CAAY,EACzC,IAAIF,CAAS,EAAE,IAAI,GAGtC,OAAQM,GACb,OAAOA,CAAK,EAAE,eAAe,sBAAoB,CACnD,CACF,CAAC,CACH,CAAC,EAED,SAASH,EAAc,CACrB,WAAAI,EAAa,mEACb,aAAAL,EAAe,qEACf,IAAAM,EAAM,wYACR,EAAI,CAAC,EAAG,CACN,MAAO,CACL,UAAW,CAAE,IAAAA,EAAK,KAAM,CAAC,CAAuB,EAChD,QAAS,IAAI,sBAAiB,cAAWD,CAAU,CAAC,EACpD,aAAAL,CACF,CACF",
+  "names": ["import_Errors", "import_KeypairFromBytes", "import_hex", "import_SignChallengeWithKeypairTask", "challenge", "keypair", "trustchainId", "getParameters", "result", "payload", "error", "privateKey", "tlv"]
 }

package/lib/cjs/internal/app-binder/task/utils/TrustedProperties.js

@@ -1,2 +1,2 @@
-"use strict";var p=Object.defineProperty;var g=Object.getOwnPropertyDescriptor;var y=Object.getOwnPropertyNames;var c=Object.prototype.hasOwnProperty;var d=(e,r)=>{for(var i in r)p(e,i,{get:r[i],enumerable:!0})},u=(e,r,i,o)=>{if(r&&typeof r=="object"||typeof r=="function")for(let a of y(r))!c.call(e,a)&&a!==i&&p(e,a,{get:()=>r[a],enumerable:!(o=g(r,a))||o.enumerable});return e};var h=e=>u(p({},"__esModule",{value:!0}),e);var m={};d(m,{TrustedProperties:()=>l});module.exports=h(m);var P=require("@ledgerhq/device-management-kit"),t=require("purify-ts"),E=require("../../../../api/model/Errors"),s=require("../../../models/Tags"),n=require("../../../utils/required");class l{constructor(r){this.bytes=r;this.parser=new P.ByteArrayParser(r)}parser;iv=null;encryptedProps=null;getIv(){if(!this.iv){const r=this.parser.extractFieldTLVEncoded();if(!r||r.tag!==0)return(0,t.Left)(new E.LKRPParsingError("Invalid trusted property: missing IV"));this.iv=r.value}return(0,t.Right)(this.iv)}getIssuer(){return this.parseEncryptedProps().chain(r=>(0,n.required)(r.get(s.TPTags.ISSUER)?.value,"Missing issuer in trusted properties"))}getXPriv(){return this.parseEncryptedProps().chain(r=>(0,n.required)(r.get(s.TPTags.XPRIV)?.value,"Missing xpriv in trusted properties"))}getEphemeralPublicKey(){return this.parseEncryptedProps().chain(r=>(0,n.required)(r.get(s.TPTags.EPHEMERAL_PUBLIC_KEY)?.value,"Missing ephemeral public key in trusted properties"))}getCommandIv(){return this.parseEncryptedProps().chain(r=>(0,n.required)(r.get(s.TPTags.COMMAND_IV)?.value,"Missing command IV in trusted properties"))}getGroupKey(){return this.parseEncryptedProps().chain(r=>(0,n.required)(r.get(s.TPTags.GROUPKEY)?.value,"Missing group key in trusted properties"))}getNewMember(){return this.parseEncryptedProps().chain(r=>(0,n.required)(r.get(s.TPTags.NEW_MEMBER)?.tlv,"Missing new member in trusted properties"))}parseEncryptedProps(){return this.encryptedProps?(0,t.Right)(this.encryptedProps):this.getIv().chain(()=>t.Either.sequence(Array.from(R(this.parser)))).map(r=>new Map(r.map(i=>[i.tag,i]))).ifRight(r=>{this.encryptedProps=r})}}function*R(e){for(;;){const r=e.extractFieldTLVEncoded();if(!r)return;yield(0,t.Right)(r)}}0&&(module.exports={TrustedProperties});
+"use strict";var p=Object.defineProperty;var g=Object.getOwnPropertyDescriptor;var y=Object.getOwnPropertyNames;var c=Object.prototype.hasOwnProperty;var d=(e,r)=>{for(var i in r)p(e,i,{get:r[i],enumerable:!0})},u=(e,r,i,o)=>{if(r&&typeof r=="object"||typeof r=="function")for(let a of y(r))!c.call(e,a)&&a!==i&&p(e,a,{get:()=>r[a],enumerable:!(o=g(r,a))||o.enumerable});return e};var h=e=>u(p({},"__esModule",{value:!0}),e);var m={};d(m,{TrustedProperties:()=>l});module.exports=h(m);var P=require("@ledgerhq/device-management-kit"),t=require("purify-ts"),E=require("../../../../api/app-binder/Errors"),s=require("../../../models/Tags"),n=require("../../../utils/required");class l{constructor(r){this.bytes=r;this.parser=new P.ByteArrayParser(r)}parser;iv=null;encryptedProps=null;getIv(){if(!this.iv){const r=this.parser.extractFieldTLVEncoded();if(!r||r.tag!==0)return(0,t.Left)(new E.LKRPParsingError("Invalid trusted property: missing IV"));this.iv=r.value}return(0,t.Right)(this.iv)}getIssuer(){return this.parseEncryptedProps().chain(r=>(0,n.required)(r.get(s.TPTags.ISSUER)?.value,"Missing issuer in trusted properties"))}getXPriv(){return this.parseEncryptedProps().chain(r=>(0,n.required)(r.get(s.TPTags.XPRIV)?.value,"Missing xpriv in trusted properties"))}getEphemeralPublicKey(){return this.parseEncryptedProps().chain(r=>(0,n.required)(r.get(s.TPTags.EPHEMERAL_PUBLIC_KEY)?.value,"Missing ephemeral public key in trusted properties"))}getCommandIv(){return this.parseEncryptedProps().chain(r=>(0,n.required)(r.get(s.TPTags.COMMAND_IV)?.value,"Missing command IV in trusted properties"))}getGroupKey(){return this.parseEncryptedProps().chain(r=>(0,n.required)(r.get(s.TPTags.GROUPKEY)?.value,"Missing group key in trusted properties"))}getNewMember(){return this.parseEncryptedProps().chain(r=>(0,n.required)(r.get(s.TPTags.NEW_MEMBER)?.tlv,"Missing new member in trusted properties"))}parseEncryptedProps(){return this.encryptedProps?(0,t.Right)(this.encryptedProps):this.getIv().chain(()=>t.Either.sequence(Array.from(R(this.parser)))).map(r=>new Map(r.map(i=>[i.tag,i]))).ifRight(r=>{this.encryptedProps=r})}}function*R(e){for(;;){const r=e.extractFieldTLVEncoded();if(!r)return;yield(0,t.Right)(r)}}0&&(module.exports={TrustedProperties});
 //# sourceMappingURL=TrustedProperties.js.map

package/lib/cjs/internal/app-binder/task/utils/TrustedProperties.js.map

@@ -1,7 +1,7 @@
 {
   "version": 3,
   "sources": ["../../../../../../src/internal/app-binder/task/utils/TrustedProperties.ts"],
-  "sourcesContent": ["import { ByteArrayParser } from \"@ledgerhq/device-management-kit\";\nimport { Either, Left, Right } from \"purify-ts\";\n\nimport { type LKRPMissingDataError, LKRPParsingError } from \"@api/model/Errors\";\nimport { TPTags } from \"@internal/models/Tags\";\nimport { required } from \"@internal/utils/required\";\n\ntype EncryptedTPTag = Exclude<TPTags, TPTags.IV>;\ntype EncryptedTP = { tag: EncryptedTPTag; value: Uint8Array; tlv: Uint8Array };\n\nexport class TrustedProperties {\n  private readonly parser: ByteArrayParser;\n  private iv: Uint8Array | null = null;\n  private encryptedProps: Map<EncryptedTPTag, EncryptedTP> | null = null;\n\n  constructor(public readonly bytes: Uint8Array) {\n    this.parser = new ByteArrayParser(bytes);\n  }\n\n  getIv(): Either<LKRPParsingError, Uint8Array> {\n    if (!this.iv) {\n      const field = this.parser.extractFieldTLVEncoded();\n      if (!field || field.tag !== 0x00) {\n        return Left(\n          new LKRPParsingError(\"Invalid trusted property: missing IV\"),\n        );\n      }\n\n      this.iv = field.value;\n    }\n    return Right(this.iv);\n  }\n\n  getIssuer(): Either<LKRPParsingError | LKRPMissingDataError, Uint8Array> {\n    return this.parseEncryptedProps().chain((props) =>\n      required(\n        props.get(TPTags.ISSUER)?.value,\n        \"Missing issuer in trusted properties\",\n      ),\n    );\n  }\n\n  getXPriv(): Either<LKRPParsingError | LKRPMissingDataError, Uint8Array> {\n    return this.parseEncryptedProps().chain((props) =>\n      required(\n        props.get(TPTags.XPRIV)?.value,\n        \"Missing xpriv in trusted properties\",\n      ),\n    );\n  }\n\n  getEphemeralPublicKey(): Either<\n    LKRPParsingError | LKRPMissingDataError,\n    Uint8Array\n  > {\n    return this.parseEncryptedProps().chain((props) =>\n      required(\n        props.get(TPTags.EPHEMERAL_PUBLIC_KEY)?.value,\n        \"Missing ephemeral public key in trusted properties\",\n      ),\n    );\n  }\n\n  getCommandIv(): Either<LKRPParsingError | LKRPMissingDataError, Uint8Array> {\n    return this.parseEncryptedProps().chain((props) =>\n      required(\n        props.get(TPTags.COMMAND_IV)?.value,\n        \"Missing command IV in trusted properties\",\n      ),\n    );\n  }\n\n  getGroupKey(): Either<LKRPParsingError | LKRPMissingDataError, Uint8Array> {\n    return this.parseEncryptedProps().chain((props) =>\n      required(\n        props.get(TPTags.GROUPKEY)?.value,\n        \"Missing group key in trusted properties\",\n      ),\n    );\n  }\n\n  getNewMember(): Either<LKRPParsingError | LKRPMissingDataError, Uint8Array> {\n    return this.parseEncryptedProps().chain((props) =>\n      required(\n        props.get(TPTags.NEW_MEMBER)?.tlv,\n        \"Missing new member in trusted properties\",\n      ),\n    );\n  }\n\n  parseEncryptedProps(): Either<\n    LKRPParsingError,\n    Map<EncryptedTPTag, EncryptedTP>\n  > {\n    return this.encryptedProps\n      ? Right(this.encryptedProps)\n      : this.getIv()\n          .chain(() => Either.sequence(Array.from(parseTPs(this.parser))))\n          .map((fields) => new Map(fields.map((field) => [field.tag, field])))\n          .ifRight((props) => {\n            this.encryptedProps = props;\n          });\n  }\n}\n\nfunction* parseTPs(\n  parser: ByteArrayParser,\n): Generator<Either<LKRPParsingError, EncryptedTP>> {\n  while (true) {\n    const field = parser.extractFieldTLVEncoded();\n    if (!field) return;\n    yield Right(field);\n  }\n}\n"],
-  "mappings": "yaAAA,IAAAA,EAAA,GAAAC,EAAAD,EAAA,uBAAAE,IAAA,eAAAC,EAAAH,GAAA,IAAAI,EAAgC,2CAChCC,EAAoC,qBAEpCC,EAA4D,6BAC5DC,EAAuB,iCACvBC,EAAyB,oCAKlB,MAAMN,CAAkB,CAK7B,YAA4BO,EAAmB,CAAnB,WAAAA,EAC1B,KAAK,OAAS,IAAI,kBAAgBA,CAAK,CACzC,CANiB,OACT,GAAwB,KACxB,eAA0D,KAMlE,OAA8C,CAC5C,GAAI,CAAC,KAAK,GAAI,CACZ,MAAMC,EAAQ,KAAK,OAAO,uBAAuB,EACjD,GAAI,CAACA,GAASA,EAAM,MAAQ,EAC1B,SAAO,QACL,IAAI,mBAAiB,sCAAsC,CAC7D,EAGF,KAAK,GAAKA,EAAM,KAClB,CACA,SAAO,SAAM,KAAK,EAAE,CACtB,CAEA,WAAyE,CACvE,OAAO,KAAK,oBAAoB,EAAE,MAAOC,MACvC,YACEA,EAAM,IAAI,SAAO,MAAM,GAAG,MAC1B,sCACF,CACF,CACF,CAEA,UAAwE,CACtE,OAAO,KAAK,oBAAoB,EAAE,MAAOA,MACvC,YACEA,EAAM,IAAI,SAAO,KAAK,GAAG,MACzB,qCACF,CACF,CACF,CAEA,uBAGE,CACA,OAAO,KAAK,oBAAoB,EAAE,MAAOA,MACvC,YACEA,EAAM,IAAI,SAAO,oBAAoB,GAAG,MACxC,oDACF,CACF,CACF,CAEA,cAA4E,CAC1E,OAAO,KAAK,oBAAoB,EAAE,MAAOA,MACvC,YACEA,EAAM,IAAI,SAAO,UAAU,GAAG,MAC9B,0CACF,CACF,CACF,CAEA,aAA2E,CACzE,OAAO,KAAK,oBAAoB,EAAE,MAAOA,MACvC,YACEA,EAAM,IAAI,SAAO,QAAQ,GAAG,MAC5B,yCACF,CACF,CACF,CAEA,cAA4E,CAC1E,OAAO,KAAK,oBAAoB,EAAE,MAAOA,MACvC,YACEA,EAAM,IAAI,SAAO,UAAU,GAAG,IAC9B,0CACF,CACF,CACF,CAEA,qBAGE,CACA,OAAO,KAAK,kBACR,SAAM,KAAK,cAAc,EACzB,KAAK,MAAM,EACR,MAAM,IAAM,SAAO,SAAS,MAAM,KAAKC,EAAS,KAAK,MAAM,CAAC,CAAC,CAAC,EAC9D,IAAKC,GAAW,IAAI,IAAIA,EAAO,IAAKH,GAAU,CAACA,EAAM,IAAKA,CAAK,CAAC,CAAC,CAAC,EAClE,QAASC,GAAU,CAClB,KAAK,eAAiBA,CACxB,CAAC,CACT,CACF,CAEA,SAAUC,EACRE,EACkD,CAClD,OAAa,CACX,MAAMJ,EAAQI,EAAO,uBAAuB,EAC5C,GAAI,CAACJ,EAAO,OACZ,QAAM,SAAMA,CAAK,CACnB,CACF",
+  "sourcesContent": ["import { ByteArrayParser } from \"@ledgerhq/device-management-kit\";\nimport { Either, Left, Right } from \"purify-ts\";\n\nimport {\n  type LKRPMissingDataError,\n  LKRPParsingError,\n} from \"@api/app-binder/Errors\";\nimport { TPTags } from \"@internal/models/Tags\";\nimport { required } from \"@internal/utils/required\";\n\ntype EncryptedTPTag = Exclude<TPTags, TPTags.IV>;\ntype EncryptedTP = { tag: EncryptedTPTag; value: Uint8Array; tlv: Uint8Array };\n\nexport class TrustedProperties {\n  private readonly parser: ByteArrayParser;\n  private iv: Uint8Array | null = null;\n  private encryptedProps: Map<EncryptedTPTag, EncryptedTP> | null = null;\n\n  constructor(public readonly bytes: Uint8Array) {\n    this.parser = new ByteArrayParser(bytes);\n  }\n\n  getIv(): Either<LKRPParsingError, Uint8Array> {\n    if (!this.iv) {\n      const field = this.parser.extractFieldTLVEncoded();\n      if (!field || field.tag !== 0x00) {\n        return Left(\n          new LKRPParsingError(\"Invalid trusted property: missing IV\"),\n        );\n      }\n\n      this.iv = field.value;\n    }\n    return Right(this.iv);\n  }\n\n  getIssuer(): Either<LKRPParsingError | LKRPMissingDataError, Uint8Array> {\n    return this.parseEncryptedProps().chain((props) =>\n      required(\n        props.get(TPTags.ISSUER)?.value,\n        \"Missing issuer in trusted properties\",\n      ),\n    );\n  }\n\n  getXPriv(): Either<LKRPParsingError | LKRPMissingDataError, Uint8Array> {\n    return this.parseEncryptedProps().chain((props) =>\n      required(\n        props.get(TPTags.XPRIV)?.value,\n        \"Missing xpriv in trusted properties\",\n      ),\n    );\n  }\n\n  getEphemeralPublicKey(): Either<\n    LKRPParsingError | LKRPMissingDataError,\n    Uint8Array\n  > {\n    return this.parseEncryptedProps().chain((props) =>\n      required(\n        props.get(TPTags.EPHEMERAL_PUBLIC_KEY)?.value,\n        \"Missing ephemeral public key in trusted properties\",\n      ),\n    );\n  }\n\n  getCommandIv(): Either<LKRPParsingError | LKRPMissingDataError, Uint8Array> {\n    return this.parseEncryptedProps().chain((props) =>\n      required(\n        props.get(TPTags.COMMAND_IV)?.value,\n        \"Missing command IV in trusted properties\",\n      ),\n    );\n  }\n\n  getGroupKey(): Either<LKRPParsingError | LKRPMissingDataError, Uint8Array> {\n    return this.parseEncryptedProps().chain((props) =>\n      required(\n        props.get(TPTags.GROUPKEY)?.value,\n        \"Missing group key in trusted properties\",\n      ),\n    );\n  }\n\n  getNewMember(): Either<LKRPParsingError | LKRPMissingDataError, Uint8Array> {\n    return this.parseEncryptedProps().chain((props) =>\n      required(\n        props.get(TPTags.NEW_MEMBER)?.tlv,\n        \"Missing new member in trusted properties\",\n      ),\n    );\n  }\n\n  parseEncryptedProps(): Either<\n    LKRPParsingError,\n    Map<EncryptedTPTag, EncryptedTP>\n  > {\n    return this.encryptedProps\n      ? Right(this.encryptedProps)\n      : this.getIv()\n          .chain(() => Either.sequence(Array.from(parseTPs(this.parser))))\n          .map((fields) => new Map(fields.map((field) => [field.tag, field])))\n          .ifRight((props) => {\n            this.encryptedProps = props;\n          });\n  }\n}\n\nfunction* parseTPs(\n  parser: ByteArrayParser,\n): Generator<Either<LKRPParsingError, EncryptedTP>> {\n  while (true) {\n    const field = parser.extractFieldTLVEncoded();\n    if (!field) return;\n    yield Right(field);\n  }\n}\n"],
+  "mappings": "yaAAA,IAAAA,EAAA,GAAAC,EAAAD,EAAA,uBAAAE,IAAA,eAAAC,EAAAH,GAAA,IAAAI,EAAgC,2CAChCC,EAAoC,qBAEpCC,EAGO,kCACPC,EAAuB,iCACvBC,EAAyB,oCAKlB,MAAMN,CAAkB,CAK7B,YAA4BO,EAAmB,CAAnB,WAAAA,EAC1B,KAAK,OAAS,IAAI,kBAAgBA,CAAK,CACzC,CANiB,OACT,GAAwB,KACxB,eAA0D,KAMlE,OAA8C,CAC5C,GAAI,CAAC,KAAK,GAAI,CACZ,MAAMC,EAAQ,KAAK,OAAO,uBAAuB,EACjD,GAAI,CAACA,GAASA,EAAM,MAAQ,EAC1B,SAAO,QACL,IAAI,mBAAiB,sCAAsC,CAC7D,EAGF,KAAK,GAAKA,EAAM,KAClB,CACA,SAAO,SAAM,KAAK,EAAE,CACtB,CAEA,WAAyE,CACvE,OAAO,KAAK,oBAAoB,EAAE,MAAOC,MACvC,YACEA,EAAM,IAAI,SAAO,MAAM,GAAG,MAC1B,sCACF,CACF,CACF,CAEA,UAAwE,CACtE,OAAO,KAAK,oBAAoB,EAAE,MAAOA,MACvC,YACEA,EAAM,IAAI,SAAO,KAAK,GAAG,MACzB,qCACF,CACF,CACF,CAEA,uBAGE,CACA,OAAO,KAAK,oBAAoB,EAAE,MAAOA,MACvC,YACEA,EAAM,IAAI,SAAO,oBAAoB,GAAG,MACxC,oDACF,CACF,CACF,CAEA,cAA4E,CAC1E,OAAO,KAAK,oBAAoB,EAAE,MAAOA,MACvC,YACEA,EAAM,IAAI,SAAO,UAAU,GAAG,MAC9B,0CACF,CACF,CACF,CAEA,aAA2E,CACzE,OAAO,KAAK,oBAAoB,EAAE,MAAOA,MACvC,YACEA,EAAM,IAAI,SAAO,QAAQ,GAAG,MAC5B,yCACF,CACF,CACF,CAEA,cAA4E,CAC1E,OAAO,KAAK,oBAAoB,EAAE,MAAOA,MACvC,YACEA,EAAM,IAAI,SAAO,UAAU,GAAG,IAC9B,0CACF,CACF,CACF,CAEA,qBAGE,CACA,OAAO,KAAK,kBACR,SAAM,KAAK,cAAc,EACzB,KAAK,MAAM,EACR,MAAM,IAAM,SAAO,SAAS,MAAM,KAAKC,EAAS,KAAK,MAAM,CAAC,CAAC,CAAC,EAC9D,IAAKC,GAAW,IAAI,IAAIA,EAAO,IAAKH,GAAU,CAACA,EAAM,IAAKA,CAAK,CAAC,CAAC,CAAC,EAClE,QAASC,GAAU,CAClB,KAAK,eAAiBA,CACxB,CAAC,CACT,CACF,CAEA,SAAUC,EACRE,EACkD,CAClD,OAAa,CACX,MAAMJ,EAAQI,EAAO,uBAAuB,EAC5C,GAAI,CAACJ,EAAO,OACZ,QAAM,SAAMA,CAAK,CACnB,CACF",
   "names": ["TrustedProperties_exports", "__export", "TrustedProperties", "__toCommonJS", "import_device_management_kit", "import_purify_ts", "import_Errors", "import_Tags", "import_required", "bytes", "field", "props", "parseTPs", "fields", "parser"]
 }

package/lib/cjs/internal/di.js

@@ -1,2 +1,2 @@
-"use strict";var c=Object.defineProperty;var u=Object.getOwnPropertyDescriptor;var y=Object.getOwnPropertyNames;var C=Object.prototype.hasOwnProperty;var g=(e,t)=>{for(var r in t)c(e,r,{get:t[r],enumerable:!0})},M=(e,t,r,a)=>{if(t&&typeof t=="object"||typeof t=="function")for(let o of y(t))!C.call(e,o)&&o!==r&&c(e,o,{get:()=>t[o],enumerable:!(a=u(t,o))||a.enumerable});return e};var b=e=>M(c({},"__esModule",{value:!0}),e);var D={};g(D,{makeContainer:()=>f});module.exports=b(D);var m=require("inversify"),p=require("../api/index"),s=require("./app-binder/di/appBinderModule"),l=require("./lkrp-datasource/di/lkrpDatasourceModuleFactory"),v=require("./use-cases/di/useCasesModule"),i=require("./externalTypes");const f=({dmk:e,applicationId:t,cryptoService:r,env:a=p.LKRPEnv.PROD,baseUrl:o,stub:d})=>{const n=new m.Container;return n.bind(i.externalTypes.Dmk).toConstantValue(e),n.bind(i.externalTypes.ApplicationId).toConstantValue(t),n.bind(i.externalTypes.CryptoService).toConstantValue(r),n.loadSync((0,s.appBindingModuleFactory)(),(0,l.lkrpDatasourceModuleFactory)({baseUrl:o??k.get(a),stub:d}),(0,v.useCasesModuleFactory)()),n},k=new Map([[p.LKRPEnv.PROD,"https://trustchain.api.live.ledger.com/v1"],[p.LKRPEnv.STAGING,"https://trustchain-backend.api.aws.stg.ldg-tech.com/v1"]]);0&&(module.exports={makeContainer});
+"use strict";var p=Object.defineProperty;var u=Object.getOwnPropertyDescriptor;var g=Object.getOwnPropertyNames;var v=Object.prototype.hasOwnProperty;var M=(e,t)=>{for(var o in t)p(e,o,{get:t[o],enumerable:!0})},b=(e,t,o,a)=>{if(t&&typeof t=="object"||typeof t=="function")for(let n of g(t))!v.call(e,n)&&n!==o&&p(e,n,{get:()=>t[n],enumerable:!(a=u(t,n))||a.enumerable});return e};var k=e=>b(p({},"__esModule",{value:!0}),e);var C={};M(C,{makeContainer:()=>f});module.exports=k(C);var m=require("inversify"),i=require("../api/index"),c=require("./app-binder/di/appBinderModule"),l=require("./lkrp-datasource/di/lkrpDatasourceModuleFactory"),d=require("./use-cases/di/useCasesModule"),s=require("./externalTypes");const f=({dmk:e,applicationId:t,env:o=i.LKRPEnv.PROD,baseUrl:a,stub:n})=>{const r=new m.Container;return r.bind(s.externalTypes.Dmk).toConstantValue(e),r.bind(s.externalTypes.ApplicationId).toConstantValue(t),r.loadSync((0,c.appBindingModuleFactory)(),(0,l.lkrpDatasourceModuleFactory)({baseUrl:a??y.get(o),stub:n}),(0,d.useCasesModuleFactory)()),r},y=new Map([[i.LKRPEnv.PROD,"https://trustchain.api.live.ledger.com/v1"],[i.LKRPEnv.STAGING,"https://trustchain-backend.api.aws.stg.ldg-tech.com/v1"]]);0&&(module.exports={makeContainer});
 //# sourceMappingURL=di.js.map

package/lib/cjs/internal/di.js.map

@@ -1,7 +1,7 @@
 {
   "version": 3,
   "sources": ["../../../src/internal/di.ts"],
-  "sourcesContent": ["import { type DeviceManagementKit } from \"@ledgerhq/device-management-kit\";\nimport { Container } from \"inversify\";\n\nimport { type CryptoService } from \"@api/crypto/CryptoService\";\nimport { LKRPEnv } from \"@api/index\";\nimport { appBindingModuleFactory } from \"@internal/app-binder/di/appBinderModule\";\n\nimport { lkrpDatasourceModuleFactory } from \"./lkrp-datasource/di/lkrpDatasourceModuleFactory\";\nimport { useCasesModuleFactory } from \"./use-cases/di/useCasesModule\";\nimport { externalTypes } from \"./externalTypes\";\n\nexport type MakeContainerProps = {\n  dmk: DeviceManagementKit;\n  applicationId: number;\n  cryptoService: CryptoService;\n  env?: LKRPEnv;\n  baseUrl?: string; // Optional base URL for the LKRP network requests\n  stub?: boolean;\n};\n\nexport const makeContainer = ({\n  dmk,\n  applicationId,\n  cryptoService,\n  env = LKRPEnv.PROD,\n  baseUrl,\n  stub,\n}: MakeContainerProps) => {\n  const container = new Container();\n\n  container.bind<DeviceManagementKit>(externalTypes.Dmk).toConstantValue(dmk);\n  container.bind(externalTypes.ApplicationId).toConstantValue(applicationId);\n  container\n    .bind<CryptoService>(externalTypes.CryptoService)\n    .toConstantValue(cryptoService);\n\n  container.loadSync(\n    appBindingModuleFactory(),\n    lkrpDatasourceModuleFactory({\n      baseUrl: baseUrl ?? lkrpBaseUrlMap.get(env),\n      stub,\n    }),\n    useCasesModuleFactory(),\n  );\n\n  return container;\n};\n\nconst lkrpBaseUrlMap = new Map<LKRPEnv, string>([\n  [LKRPEnv.PROD, \"https://trustchain.api.live.ledger.com/v1\"],\n  [LKRPEnv.STAGING, \"https://trustchain-backend.api.aws.stg.ldg-tech.com/v1\"],\n]);\n"],
-  "mappings": "yaAAA,IAAAA,EAAA,GAAAC,EAAAD,EAAA,mBAAAE,IAAA,eAAAC,EAAAH,GACA,IAAAI,EAA0B,qBAG1BC,EAAwB,sBACxBC,EAAwC,mDAExCC,EAA4C,4DAC5CC,EAAsC,yCACtCC,EAA8B,2BAWvB,MAAMP,EAAgB,CAAC,CAC5B,IAAAQ,EACA,cAAAC,EACA,cAAAC,EACA,IAAAC,EAAM,UAAQ,KACd,QAAAC,EACA,KAAAC,CACF,IAA0B,CACxB,MAAMC,EAAY,IAAI,YAEtB,OAAAA,EAAU,KAA0B,gBAAc,GAAG,EAAE,gBAAgBN,CAAG,EAC1EM,EAAU,KAAK,gBAAc,aAAa,EAAE,gBAAgBL,CAAa,EACzEK,EACG,KAAoB,gBAAc,aAAa,EAC/C,gBAAgBJ,CAAa,EAEhCI,EAAU,YACR,2BAAwB,KACxB,+BAA4B,CAC1B,QAASF,GAAWG,EAAe,IAAIJ,CAAG,EAC1C,KAAAE,CACF,CAAC,KACD,yBAAsB,CACxB,EAEOC,CACT,EAEMC,EAAiB,IAAI,IAAqB,CAC9C,CAAC,UAAQ,KAAM,2CAA2C,EAC1D,CAAC,UAAQ,QAAS,wDAAwD,CAC5E,CAAC",
-  "names": ["di_exports", "__export", "makeContainer", "__toCommonJS", "import_inversify", "import_api", "import_appBinderModule", "import_lkrpDatasourceModuleFactory", "import_useCasesModule", "import_externalTypes", "dmk", "applicationId", "cryptoService", "env", "baseUrl", "stub", "container", "lkrpBaseUrlMap"]
+  "sourcesContent": ["import { type DeviceManagementKit } from \"@ledgerhq/device-management-kit\";\nimport { Container } from \"inversify\";\n\nimport { LKRPEnv } from \"@api/index\";\nimport { appBindingModuleFactory } from \"@internal/app-binder/di/appBinderModule\";\n\nimport { lkrpDatasourceModuleFactory } from \"./lkrp-datasource/di/lkrpDatasourceModuleFactory\";\nimport { useCasesModuleFactory } from \"./use-cases/di/useCasesModule\";\nimport { externalTypes } from \"./externalTypes\";\n\nexport type MakeContainerProps = {\n  dmk: DeviceManagementKit;\n  applicationId: number;\n  env?: LKRPEnv;\n  baseUrl?: string; // Optional base URL for the LKRP network requests\n  stub?: boolean;\n};\n\nexport const makeContainer = ({\n  dmk,\n  applicationId,\n  env = LKRPEnv.PROD,\n  baseUrl,\n  stub,\n}: MakeContainerProps) => {\n  const container = new Container();\n\n  container.bind<DeviceManagementKit>(externalTypes.Dmk).toConstantValue(dmk);\n  container.bind(externalTypes.ApplicationId).toConstantValue(applicationId);\n\n  container.loadSync(\n    appBindingModuleFactory(),\n    lkrpDatasourceModuleFactory({\n      baseUrl: baseUrl ?? lkrpBaseUrlMap.get(env),\n      stub,\n    }),\n    useCasesModuleFactory(),\n  );\n\n  return container;\n};\n\nconst lkrpBaseUrlMap = new Map<LKRPEnv, string>([\n  [LKRPEnv.PROD, \"https://trustchain.api.live.ledger.com/v1\"],\n  [LKRPEnv.STAGING, \"https://trustchain-backend.api.aws.stg.ldg-tech.com/v1\"],\n]);\n"],
+  "mappings": "yaAAA,IAAAA,EAAA,GAAAC,EAAAD,EAAA,mBAAAE,IAAA,eAAAC,EAAAH,GACA,IAAAI,EAA0B,qBAE1BC,EAAwB,sBACxBC,EAAwC,mDAExCC,EAA4C,4DAC5CC,EAAsC,yCACtCC,EAA8B,2BAUvB,MAAMP,EAAgB,CAAC,CAC5B,IAAAQ,EACA,cAAAC,EACA,IAAAC,EAAM,UAAQ,KACd,QAAAC,EACA,KAAAC,CACF,IAA0B,CACxB,MAAMC,EAAY,IAAI,YAEtB,OAAAA,EAAU,KAA0B,gBAAc,GAAG,EAAE,gBAAgBL,CAAG,EAC1EK,EAAU,KAAK,gBAAc,aAAa,EAAE,gBAAgBJ,CAAa,EAEzEI,EAAU,YACR,2BAAwB,KACxB,+BAA4B,CAC1B,QAASF,GAAWG,EAAe,IAAIJ,CAAG,EAC1C,KAAAE,CACF,CAAC,KACD,yBAAsB,CACxB,EAEOC,CACT,EAEMC,EAAiB,IAAI,IAAqB,CAC9C,CAAC,UAAQ,KAAM,2CAA2C,EAC1D,CAAC,UAAQ,QAAS,wDAAwD,CAC5E,CAAC",
+  "names": ["di_exports", "__export", "makeContainer", "__toCommonJS", "import_inversify", "import_api", "import_appBinderModule", "import_lkrpDatasourceModuleFactory", "import_useCasesModule", "import_externalTypes", "dmk", "applicationId", "env", "baseUrl", "stub", "container", "lkrpBaseUrlMap"]
 }

package/lib/cjs/internal/externalTypes.js

@@ -1,2 +1,2 @@
-"use strict";var i=Object.defineProperty;var p=Object.getOwnPropertyDescriptor;var n=Object.getOwnPropertyNames;var a=Object.prototype.hasOwnProperty;var m=(e,r)=>{for(var y in r)i(e,y,{get:r[y],enumerable:!0})},A=(e,r,y,o)=>{if(r&&typeof r=="object"||typeof r=="function")for(let t of n(r))!a.call(e,t)&&t!==y&&i(e,t,{get:()=>r[t],enumerable:!(o=p(r,t))||o.enumerable});return e};var l=e=>A(i({},"__esModule",{value:!0}),e);var c={};m(c,{externalTypes:()=>U});module.exports=l(c);const U={Dmk:Symbol.for("Dmk"),ApplicationId:Symbol.for("ApplicationId"),CryptoService:Symbol.for("CryptoService")};0&&(module.exports={externalTypes});
+"use strict";var y=Object.defineProperty;var a=Object.getOwnPropertyDescriptor;var o=Object.getOwnPropertyNames;var p=Object.prototype.hasOwnProperty;var A=(e,r)=>{for(var i in r)y(e,i,{get:r[i],enumerable:!0})},m=(e,r,i,n)=>{if(r&&typeof r=="object"||typeof r=="function")for(let t of o(r))!p.call(e,t)&&t!==i&&y(e,t,{get:()=>r[t],enumerable:!(n=a(r,t))||n.enumerable});return e};var U=e=>m(y({},"__esModule",{value:!0}),e);var s={};A(s,{externalTypes:()=>l});module.exports=U(s);const l={Dmk:Symbol.for("Dmk"),ApplicationId:Symbol.for("ApplicationId")};0&&(module.exports={externalTypes});
 //# sourceMappingURL=externalTypes.js.map

package/lib/cjs/internal/externalTypes.js.map

@@ -1,7 +1,7 @@
 {
   "version": 3,
   "sources": ["../../../src/internal/externalTypes.ts"],
-  "sourcesContent": ["export const externalTypes = {\n  Dmk: Symbol.for(\"Dmk\"),\n  ApplicationId: Symbol.for(\"ApplicationId\"),\n  CryptoService: Symbol.for(\"CryptoService\"),\n};\n\nexport type TrustedProperty = {\n  iv: Uint8Array;\n  issuer: Uint8Array;\n  xpriv: Uint8Array;\n  ephemeralPubKey: Uint8Array;\n  commandIV: Uint8Array;\n  groupKey: Uint8Array;\n  newMember: Uint8Array;\n};\n"],
-  "mappings": "yaAAA,IAAAA,EAAA,GAAAC,EAAAD,EAAA,mBAAAE,IAAA,eAAAC,EAAAH,GAAO,MAAME,EAAgB,CAC3B,IAAK,OAAO,IAAI,KAAK,EACrB,cAAe,OAAO,IAAI,eAAe,EACzC,cAAe,OAAO,IAAI,eAAe,CAC3C",
+  "sourcesContent": ["export const externalTypes = {\n  Dmk: Symbol.for(\"Dmk\"),\n  ApplicationId: Symbol.for(\"ApplicationId\"),\n};\n\nexport type TrustedProperty = {\n  iv: Uint8Array;\n  issuer: Uint8Array;\n  xpriv: Uint8Array;\n  ephemeralPubKey: Uint8Array;\n  commandIV: Uint8Array;\n  groupKey: Uint8Array;\n  newMember: Uint8Array;\n};\n"],
+  "mappings": "yaAAA,IAAAA,EAAA,GAAAC,EAAAD,EAAA,mBAAAE,IAAA,eAAAC,EAAAH,GAAO,MAAME,EAAgB,CAC3B,IAAK,OAAO,IAAI,KAAK,EACrB,cAAe,OAAO,IAAI,eAAe,CAC3C",
   "names": ["externalTypes_exports", "__export", "externalTypes", "__toCommonJS"]
 }

package/lib/cjs/internal/lkrp-datasource/data/HttpLKRPDataSource.js

@@ -1,2 +1,2 @@
-"use strict";var m=Object.defineProperty;var f=Object.getOwnPropertyDescriptor;var T=Object.getOwnPropertyNames;var R=Object.prototype.hasOwnProperty;var b=(r,t)=>{for(var e in t)m(r,e,{get:t[e],enumerable:!0})},N=(r,t,e,n)=>{if(t&&typeof t=="object"||typeof t=="function")for(let s of T(t))!R.call(r,s)&&s!==e&&m(r,s,{get:()=>t[s],enumerable:!(n=f(t,s))||n.enumerable});return r};var k=r=>N(m({},"__esModule",{value:!0}),r),l=(r,t,e,n)=>{for(var s=n>1?void 0:n?f(t,e):t,u=r.length-1,a;u>=0;u--)(a=r[u])&&(s=(n?a(t,e,s):a(s))||s);return n&&s&&m(t,e,s),s},p=(r,t)=>(e,n)=>t(e,n,r);var P={};b(P,{HttpLKRPDataSource:()=>c});module.exports=k(P);var h=require("inversify"),i=require("purify-ts"),d=require("../../../api/model/Errors"),y=require("../../lkrp-datasource/di/lkrpDatasourceTypes"),S=require("../../utils/Trustchain");let c=class{constructor(t){this.baseUrl=t}getChallenge(){return this.request("/challenge",i.Nothing)}authenticate(t){return this.request("/authenticate",i.Nothing,{method:"POST",body:JSON.stringify(t)}).map(e=>({jwt:e,trustchainId:i.Maybe.fromNullable(Object.keys(e.permissions).find(n=>!!e.permissions[n]?.["m/"]))}))}getTrustchainById(t,e){return this.request(`/trustchain/${t}`,(0,i.Just)(e)).map(n=>new S.Trustchain(t,n))}postDerivation(t,e,n){return this.request(`/trustchain/${t}/derivation`,(0,i.Just)(n),{method:"POST",body:JSON.stringify(e.toString())})}putCommands(t,e,n,s){return this.request(`/trustchain/${t}/commands`,(0,i.Just)(s),{method:"PUT",body:JSON.stringify({path:e,blocks:[n.toString()]})})}request(t,e,n){const s=this.baseUrl+t,u={...n?.headers,"Content-Type":"application/json",...e.mapOrDefault(({access_token:a})=>({Authorization:`Bearer ${a}`}),{})};return(0,i.EitherAsync)(()=>fetch(s,{...n,headers:u})).mapLeft(a=>({status:"UNKNOWN",message:g(a)})).chain(async a=>{switch(a.status){case 204:return(0,i.Right)(void 0);default:return(0,i.EitherAsync)(()=>a.json()).mapLeft(g).map(o=>a.ok?(0,i.Right)(o):(0,i.Left)(g(o))).chain(i.EitherAsync.liftEither).mapLeft(o=>({status:L.get(a.status)??"UNKNOWN",message:`[${a.status}] ${o||a.statusText}`}))}}).mapLeft(({status:a,message:o})=>new d.LKRPDataSourceError({status:a,message:`${o||"Unknown error"} (from: ${s})`}))}};c=l([(0,h.injectable)(),p(0,(0,h.inject)(y.lkrpDatasourceTypes.BaseUrl))],c);const L=new Map([[400,"BAD_REQUEST"],[401,"UNAUTHORIZED"]]);function g(r){if(r){if(typeof r!="object"||r.toString!=={}.toString)return String(r);if("message"in r)return String(r.message)}}0&&(module.exports={HttpLKRPDataSource});
+"use strict";var m=Object.defineProperty;var f=Object.getOwnPropertyDescriptor;var T=Object.getOwnPropertyNames;var R=Object.prototype.hasOwnProperty;var b=(r,t)=>{for(var e in t)m(r,e,{get:t[e],enumerable:!0})},N=(r,t,e,n)=>{if(t&&typeof t=="object"||typeof t=="function")for(let s of T(t))!R.call(r,s)&&s!==e&&m(r,s,{get:()=>t[s],enumerable:!(n=f(t,s))||n.enumerable});return r};var k=r=>N(m({},"__esModule",{value:!0}),r),l=(r,t,e,n)=>{for(var s=n>1?void 0:n?f(t,e):t,u=r.length-1,a;u>=0;u--)(a=r[u])&&(s=(n?a(t,e,s):a(s))||s);return n&&s&&m(t,e,s),s},p=(r,t)=>(e,n)=>t(e,n,r);var P={};b(P,{HttpLKRPDataSource:()=>c});module.exports=k(P);var h=require("inversify"),i=require("purify-ts"),d=require("../../../api/app-binder/Errors"),y=require("../../lkrp-datasource/di/lkrpDatasourceTypes"),S=require("../../utils/Trustchain");let c=class{constructor(t){this.baseUrl=t}getChallenge(){return this.request("/challenge",i.Nothing)}authenticate(t){return this.request("/authenticate",i.Nothing,{method:"POST",body:JSON.stringify(t)}).map(e=>({jwt:e,trustchainId:i.Maybe.fromNullable(Object.keys(e.permissions).find(n=>!!e.permissions[n]?.["m/"]))}))}getTrustchainById(t,e){return this.request(`/trustchain/${t}`,(0,i.Just)(e)).map(n=>new S.Trustchain(t,n))}postDerivation(t,e,n){return this.request(`/trustchain/${t}/derivation`,(0,i.Just)(n),{method:"POST",body:JSON.stringify(e.toString())})}putCommands(t,e,n,s){return this.request(`/trustchain/${t}/commands`,(0,i.Just)(s),{method:"PUT",body:JSON.stringify({path:e,blocks:[n.toString()]})})}request(t,e,n){const s=this.baseUrl+t,u={...n?.headers,"Content-Type":"application/json",...e.mapOrDefault(({access_token:a})=>({Authorization:`Bearer ${a}`}),{})};return(0,i.EitherAsync)(()=>fetch(s,{...n,headers:u})).mapLeft(a=>({status:"UNKNOWN",message:g(a)})).chain(async a=>{switch(a.status){case 204:return(0,i.Right)(void 0);default:return(0,i.EitherAsync)(()=>a.json()).mapLeft(g).map(o=>a.ok?(0,i.Right)(o):(0,i.Left)(g(o))).chain(i.EitherAsync.liftEither).mapLeft(o=>({status:L.get(a.status)??"UNKNOWN",message:`[${a.status}] ${o||a.statusText}`}))}}).mapLeft(({status:a,message:o})=>new d.LKRPDataSourceError({status:a,message:`${o||"Unknown error"} (from: ${s})`}))}};c=l([(0,h.injectable)(),p(0,(0,h.inject)(y.lkrpDatasourceTypes.BaseUrl))],c);const L=new Map([[400,"BAD_REQUEST"],[401,"UNAUTHORIZED"]]);function g(r){if(r){if(typeof r!="object"||r.toString!=={}.toString)return String(r);if("message"in r)return String(r.message)}}0&&(module.exports={HttpLKRPDataSource});
 //# sourceMappingURL=HttpLKRPDataSource.js.map

package/lib/cjs/internal/lkrp-datasource/data/HttpLKRPDataSource.js.map

@@ -1,7 +1,7 @@
 {
   "version": 3,
   "sources": ["../../../../../src/internal/lkrp-datasource/data/HttpLKRPDataSource.ts"],
-  "sourcesContent": ["import { inject, injectable } from \"inversify\";\nimport { EitherAsync, Just, Left, Maybe, Nothing, Right } from \"purify-ts\";\n\nimport {\n  LKRPDataSourceError,\n  LKRPDataSourceErrorStatus,\n} from \"@api/model/Errors\";\nimport { JWT } from \"@api/model/JWT\";\nimport { lkrpDatasourceTypes } from \"@internal/lkrp-datasource/di/lkrpDatasourceTypes\";\nimport { LKRPBlock } from \"@internal/utils/LKRPBlock\";\nimport { Trustchain } from \"@internal/utils/Trustchain\";\n\nimport {\n  AuthenticationPayload,\n  Challenge,\n  LKRPDataSource,\n} from \"./LKRPDataSource\";\n\n@injectable()\nexport class HttpLKRPDataSource implements LKRPDataSource {\n  constructor(\n    @inject(lkrpDatasourceTypes.BaseUrl) private readonly baseUrl: string,\n  ) {}\n\n  getChallenge() {\n    return this.request<Challenge>(\"/challenge\", Nothing);\n  }\n\n  authenticate(payload: AuthenticationPayload) {\n    return this.request<JWT>(\"/authenticate\", Nothing, {\n      method: \"POST\",\n      body: JSON.stringify(payload),\n    }).map((jwt) => ({\n      jwt,\n      trustchainId: Maybe.fromNullable(\n        Object.keys(jwt.permissions).find((id) =>\n          Boolean(jwt.permissions[id]?.[\"m/\"]),\n        ),\n      ),\n    }));\n  }\n\n  getTrustchainById(id: string, jwt: JWT) {\n    return this.request<{ [path: string]: string }>(\n      `/trustchain/${id}`,\n      Just(jwt),\n    ).map((serialized) => new Trustchain(id, serialized));\n  }\n\n  postDerivation(id: string, block: LKRPBlock, jwt: JWT) {\n    return this.request<void>(`/trustchain/${id}/derivation`, Just(jwt), {\n      method: \"POST\",\n      body: JSON.stringify(block.toString()),\n    });\n  }\n\n  putCommands(id: string, path: string, block: LKRPBlock, jwt: JWT) {\n    return this.request<void>(`/trustchain/${id}/commands`, Just(jwt), {\n      method: \"PUT\",\n      body: JSON.stringify({ path, blocks: [block.toString()] }),\n    });\n  }\n\n  private request<Res>(\n    endpoint: `/${string}`,\n    jwt: Maybe<{ access_token: string }>,\n    init?: RequestInit,\n  ): EitherAsync<LKRPDataSourceError, Res> {\n    const href = this.baseUrl + endpoint;\n    const headers = {\n      ...init?.headers,\n      \"Content-Type\": \"application/json\",\n      ...jwt.mapOrDefault<{ Authorization?: string }>(\n        ({ access_token }) => ({ Authorization: `Bearer ${access_token}` }),\n        {},\n      ),\n    };\n\n    return EitherAsync(() => fetch(href, { ...init, headers }))\n      .mapLeft((err) => ({\n        status: \"UNKNOWN\" as const,\n        message: errToString(err),\n      }))\n      .chain(async (response) => {\n        switch (response.status) {\n          case 204:\n            return Right(undefined as Res);\n\n          default:\n            return EitherAsync(() => response.json())\n              .mapLeft(errToString)\n              .map((data) =>\n                response.ok ? Right(data as Res) : Left(errToString(data)),\n              )\n              .chain(EitherAsync.liftEither)\n              .mapLeft((message) => ({\n                status: statusMap.get(response.status) ?? \"UNKNOWN\",\n                message: `[${response.status}] ${message || response.statusText}`,\n              }));\n        }\n      })\n      .mapLeft(\n        ({ status, message }) =>\n          new LKRPDataSourceError({\n            status,\n            message: `${message || \"Unknown error\"} (from: ${href})`,\n          }),\n      );\n  }\n}\n\nconst statusMap = new Map<unknown, LKRPDataSourceErrorStatus>([\n  [400, \"BAD_REQUEST\"],\n  [401, \"UNAUTHORIZED\"],\n]);\n\nfunction errToString(error: unknown): string | void {\n  if (!error) return undefined;\n  if (typeof error !== \"object\") return String(error);\n  if (error.toString !== {}.toString) return String(error);\n  if (\"message\" in error) return String(error.message);\n}\n"],
-  "mappings": "okBAAA,IAAAA,EAAA,GAAAC,EAAAD,EAAA,wBAAAE,IAAA,eAAAC,EAAAH,GAAA,IAAAI,EAAmC,qBACnCC,EAA+D,qBAE/DC,EAGO,6BAEPC,EAAoC,4DAEpCC,EAA2B,sCASpB,IAAMC,EAAN,KAAmD,CACxD,YACwDC,EACtD,CADsD,aAAAA,CACrD,CAEH,cAAe,CACb,OAAO,KAAK,QAAmB,aAAc,SAAO,CACtD,CAEA,aAAaC,EAAgC,CAC3C,OAAO,KAAK,QAAa,gBAAiB,UAAS,CACjD,OAAQ,OACR,KAAM,KAAK,UAAUA,CAAO,CAC9B,CAAC,EAAE,IAAKC,IAAS,CACf,IAAAA,EACA,aAAc,QAAM,aAClB,OAAO,KAAKA,EAAI,WAAW,EAAE,KAAMC,GACjC,EAAQD,EAAI,YAAYC,CAAE,IAAI,IAAI,CACpC,CACF,CACF,EAAE,CACJ,CAEA,kBAAkBA,EAAYD,EAAU,CACtC,OAAO,KAAK,QACV,eAAeC,CAAE,MACjB,QAAKD,CAAG,CACV,EAAE,IAAKE,GAAe,IAAI,aAAWD,EAAIC,CAAU,CAAC,CACtD,CAEA,eAAeD,EAAYE,EAAkBH,EAAU,CACrD,OAAO,KAAK,QAAc,eAAeC,CAAE,iBAAe,QAAKD,CAAG,EAAG,CACnE,OAAQ,OACR,KAAM,KAAK,UAAUG,EAAM,SAAS,CAAC,CACvC,CAAC,CACH,CAEA,YAAYF,EAAYG,EAAcD,EAAkBH,EAAU,CAChE,OAAO,KAAK,QAAc,eAAeC,CAAE,eAAa,QAAKD,CAAG,EAAG,CACjE,OAAQ,MACR,KAAM,KAAK,UAAU,CAAE,KAAAI,EAAM,OAAQ,CAACD,EAAM,SAAS,CAAC,CAAE,CAAC,CAC3D,CAAC,CACH,CAEQ,QACNE,EACAL,EACAM,EACuC,CACvC,MAAMC,EAAO,KAAK,QAAUF,EACtBG,EAAU,CACd,GAAGF,GAAM,QACT,eAAgB,mBAChB,GAAGN,EAAI,aACL,CAAC,CAAE,aAAAS,CAAa,KAAO,CAAE,cAAe,UAAUA,CAAY,EAAG,GACjE,CAAC,CACH,CACF,EAEA,SAAO,eAAY,IAAM,MAAMF,EAAM,CAAE,GAAGD,EAAM,QAAAE,CAAQ,CAAC,CAAC,EACvD,QAASE,IAAS,CACjB,OAAQ,UACR,QAASC,EAAYD,CAAG,CAC1B,EAAE,EACD,MAAM,MAAOE,GAAa,CACzB,OAAQA,EAAS,OAAQ,CACvB,IAAK,KACH,SAAO,SAAM,MAAgB,EAE/B,QACE,SAAO,eAAY,IAAMA,EAAS,KAAK,CAAC,EACrC,QAAQD,CAAW,EACnB,IAAKE,GACJD,EAAS,MAAK,SAAMC,CAAW,KAAI,QAAKF,EAAYE,CAAI,CAAC,CAC3D,EACC,MAAM,cAAY,UAAU,EAC5B,QAASC,IAAa,CACrB,OAAQC,EAAU,IAAIH,EAAS,MAAM,GAAK,UAC1C,QAAS,IAAIA,EAAS,MAAM,KAAKE,GAAWF,EAAS,UAAU,EACjE,EAAE,CACR,CACF,CAAC,EACA,QACC,CAAC,CAAE,OAAAI,EAAQ,QAAAF,CAAQ,IACjB,IAAI,sBAAoB,CACtB,OAAAE,EACA,QAAS,GAAGF,GAAW,eAAe,WAAWP,CAAI,GACvD,CAAC,CACL,CACJ,CACF,EA1FaV,EAANoB,EAAA,IADN,cAAW,EAGPC,EAAA,eAAO,sBAAoB,OAAO,IAF1BrB,GA4Fb,MAAMkB,EAAY,IAAI,IAAwC,CAC5D,CAAC,IAAK,aAAa,EACnB,CAAC,IAAK,cAAc,CACtB,CAAC,EAED,SAASJ,EAAYQ,EAA+B,CAClD,GAAKA,EAEL,IADI,OAAOA,GAAU,UACjBA,EAAM,WAAa,CAAC,EAAE,SAAU,OAAO,OAAOA,CAAK,EACvD,GAAI,YAAaA,EAAO,OAAO,OAAOA,EAAM,OAAO,EACrD",
+  "sourcesContent": ["import { inject, injectable } from \"inversify\";\nimport { EitherAsync, Just, Left, Maybe, Nothing, Right } from \"purify-ts\";\n\nimport {\n  LKRPDataSourceError,\n  LKRPDataSourceErrorStatus,\n} from \"@api/app-binder/Errors\";\nimport { JWT } from \"@api/app-binder/LKRPTypes\";\nimport { lkrpDatasourceTypes } from \"@internal/lkrp-datasource/di/lkrpDatasourceTypes\";\nimport { LKRPBlock } from \"@internal/utils/LKRPBlock\";\nimport { Trustchain } from \"@internal/utils/Trustchain\";\n\nimport {\n  AuthenticationPayload,\n  Challenge,\n  LKRPDataSource,\n} from \"./LKRPDataSource\";\n\n@injectable()\nexport class HttpLKRPDataSource implements LKRPDataSource {\n  constructor(\n    @inject(lkrpDatasourceTypes.BaseUrl) private readonly baseUrl: string,\n  ) {}\n\n  getChallenge() {\n    return this.request<Challenge>(\"/challenge\", Nothing);\n  }\n\n  authenticate(payload: AuthenticationPayload) {\n    return this.request<JWT>(\"/authenticate\", Nothing, {\n      method: \"POST\",\n      body: JSON.stringify(payload),\n    }).map((jwt) => ({\n      jwt,\n      trustchainId: Maybe.fromNullable(\n        Object.keys(jwt.permissions).find((id) =>\n          Boolean(jwt.permissions[id]?.[\"m/\"]),\n        ),\n      ),\n    }));\n  }\n\n  getTrustchainById(id: string, jwt: JWT) {\n    return this.request<{ [path: string]: string }>(\n      `/trustchain/${id}`,\n      Just(jwt),\n    ).map((serialized) => new Trustchain(id, serialized));\n  }\n\n  postDerivation(id: string, block: LKRPBlock, jwt: JWT) {\n    return this.request<void>(`/trustchain/${id}/derivation`, Just(jwt), {\n      method: \"POST\",\n      body: JSON.stringify(block.toString()),\n    });\n  }\n\n  putCommands(id: string, path: string, block: LKRPBlock, jwt: JWT) {\n    return this.request<void>(`/trustchain/${id}/commands`, Just(jwt), {\n      method: \"PUT\",\n      body: JSON.stringify({ path, blocks: [block.toString()] }),\n    });\n  }\n\n  private request<Res>(\n    endpoint: `/${string}`,\n    jwt: Maybe<{ access_token: string }>,\n    init?: RequestInit,\n  ): EitherAsync<LKRPDataSourceError, Res> {\n    const href = this.baseUrl + endpoint;\n    const headers = {\n      ...init?.headers,\n      \"Content-Type\": \"application/json\",\n      ...jwt.mapOrDefault<{ Authorization?: string }>(\n        ({ access_token }) => ({ Authorization: `Bearer ${access_token}` }),\n        {},\n      ),\n    };\n\n    return EitherAsync(() => fetch(href, { ...init, headers }))\n      .mapLeft((err) => ({\n        status: \"UNKNOWN\" as const,\n        message: errToString(err),\n      }))\n      .chain(async (response) => {\n        switch (response.status) {\n          case 204:\n            return Right(undefined as Res);\n\n          default:\n            return EitherAsync(() => response.json())\n              .mapLeft(errToString)\n              .map((data) =>\n                response.ok ? Right(data as Res) : Left(errToString(data)),\n              )\n              .chain(EitherAsync.liftEither)\n              .mapLeft((message) => ({\n                status: statusMap.get(response.status) ?? \"UNKNOWN\",\n                message: `[${response.status}] ${message || response.statusText}`,\n              }));\n        }\n      })\n      .mapLeft(\n        ({ status, message }) =>\n          new LKRPDataSourceError({\n            status,\n            message: `${message || \"Unknown error\"} (from: ${href})`,\n          }),\n      );\n  }\n}\n\nconst statusMap = new Map<unknown, LKRPDataSourceErrorStatus>([\n  [400, \"BAD_REQUEST\"],\n  [401, \"UNAUTHORIZED\"],\n]);\n\nfunction errToString(error: unknown): string | void {\n  if (!error) return undefined;\n  if (typeof error !== \"object\") return String(error);\n  if (error.toString !== {}.toString) return String(error);\n  if (\"message\" in error) return String(error.message);\n}\n"],
+  "mappings": "okBAAA,IAAAA,EAAA,GAAAC,EAAAD,EAAA,wBAAAE,IAAA,eAAAC,EAAAH,GAAA,IAAAI,EAAmC,qBACnCC,EAA+D,qBAE/DC,EAGO,kCAEPC,EAAoC,4DAEpCC,EAA2B,sCASpB,IAAMC,EAAN,KAAmD,CACxD,YACwDC,EACtD,CADsD,aAAAA,CACrD,CAEH,cAAe,CACb,OAAO,KAAK,QAAmB,aAAc,SAAO,CACtD,CAEA,aAAaC,EAAgC,CAC3C,OAAO,KAAK,QAAa,gBAAiB,UAAS,CACjD,OAAQ,OACR,KAAM,KAAK,UAAUA,CAAO,CAC9B,CAAC,EAAE,IAAKC,IAAS,CACf,IAAAA,EACA,aAAc,QAAM,aAClB,OAAO,KAAKA,EAAI,WAAW,EAAE,KAAMC,GACjC,EAAQD,EAAI,YAAYC,CAAE,IAAI,IAAI,CACpC,CACF,CACF,EAAE,CACJ,CAEA,kBAAkBA,EAAYD,EAAU,CACtC,OAAO,KAAK,QACV,eAAeC,CAAE,MACjB,QAAKD,CAAG,CACV,EAAE,IAAKE,GAAe,IAAI,aAAWD,EAAIC,CAAU,CAAC,CACtD,CAEA,eAAeD,EAAYE,EAAkBH,EAAU,CACrD,OAAO,KAAK,QAAc,eAAeC,CAAE,iBAAe,QAAKD,CAAG,EAAG,CACnE,OAAQ,OACR,KAAM,KAAK,UAAUG,EAAM,SAAS,CAAC,CACvC,CAAC,CACH,CAEA,YAAYF,EAAYG,EAAcD,EAAkBH,EAAU,CAChE,OAAO,KAAK,QAAc,eAAeC,CAAE,eAAa,QAAKD,CAAG,EAAG,CACjE,OAAQ,MACR,KAAM,KAAK,UAAU,CAAE,KAAAI,EAAM,OAAQ,CAACD,EAAM,SAAS,CAAC,CAAE,CAAC,CAC3D,CAAC,CACH,CAEQ,QACNE,EACAL,EACAM,EACuC,CACvC,MAAMC,EAAO,KAAK,QAAUF,EACtBG,EAAU,CACd,GAAGF,GAAM,QACT,eAAgB,mBAChB,GAAGN,EAAI,aACL,CAAC,CAAE,aAAAS,CAAa,KAAO,CAAE,cAAe,UAAUA,CAAY,EAAG,GACjE,CAAC,CACH,CACF,EAEA,SAAO,eAAY,IAAM,MAAMF,EAAM,CAAE,GAAGD,EAAM,QAAAE,CAAQ,CAAC,CAAC,EACvD,QAASE,IAAS,CACjB,OAAQ,UACR,QAASC,EAAYD,CAAG,CAC1B,EAAE,EACD,MAAM,MAAOE,GAAa,CACzB,OAAQA,EAAS,OAAQ,CACvB,IAAK,KACH,SAAO,SAAM,MAAgB,EAE/B,QACE,SAAO,eAAY,IAAMA,EAAS,KAAK,CAAC,EACrC,QAAQD,CAAW,EACnB,IAAKE,GACJD,EAAS,MAAK,SAAMC,CAAW,KAAI,QAAKF,EAAYE,CAAI,CAAC,CAC3D,EACC,MAAM,cAAY,UAAU,EAC5B,QAASC,IAAa,CACrB,OAAQC,EAAU,IAAIH,EAAS,MAAM,GAAK,UAC1C,QAAS,IAAIA,EAAS,MAAM,KAAKE,GAAWF,EAAS,UAAU,EACjE,EAAE,CACR,CACF,CAAC,EACA,QACC,CAAC,CAAE,OAAAI,EAAQ,QAAAF,CAAQ,IACjB,IAAI,sBAAoB,CACtB,OAAAE,EACA,QAAS,GAAGF,GAAW,eAAe,WAAWP,CAAI,GACvD,CAAC,CACL,CACJ,CACF,EA1FaV,EAANoB,EAAA,IADN,cAAW,EAGPC,EAAA,eAAO,sBAAoB,OAAO,IAF1BrB,GA4Fb,MAAMkB,EAAY,IAAI,IAAwC,CAC5D,CAAC,IAAK,aAAa,EACnB,CAAC,IAAK,cAAc,CACtB,CAAC,EAED,SAASJ,EAAYQ,EAA+B,CAClD,GAAKA,EAEL,IADI,OAAOA,GAAU,UACjBA,EAAM,WAAa,CAAC,EAAE,SAAU,OAAO,OAAOA,CAAK,EACvD,GAAI,YAAaA,EAAO,OAAO,OAAOA,EAAM,OAAO,EACrD",
   "names": ["HttpLKRPDataSource_exports", "__export", "HttpLKRPDataSource", "__toCommonJS", "import_inversify", "import_purify_ts", "import_Errors", "import_lkrpDatasourceTypes", "import_Trustchain", "HttpLKRPDataSource", "baseUrl", "payload", "jwt", "id", "serialized", "block", "path", "endpoint", "init", "href", "headers", "access_token", "err", "errToString", "response", "data", "message", "statusMap", "status", "__decorateClass", "__decorateParam", "error"]
 }