@ledgerhq/device-trusted-app-kit-ledger-keyring-protocol 0.3.1 → 0.4.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/lib/cjs/api/app-binder/AddToTrustchainDeviceActionTypes.js.map +1 -1
- package/lib/cjs/api/crypto/CryptoService.js.map +1 -1
- package/lib/cjs/api/model/Errors.js +1 -1
- package/lib/cjs/api/model/Errors.js.map +1 -1
- package/lib/cjs/internal/app-binder/LedgerKeyringProtocolBinder.js +1 -1
- package/lib/cjs/internal/app-binder/LedgerKeyringProtocolBinder.js.map +1 -1
- package/lib/cjs/internal/app-binder/device-action/AddToTrustchainDeviceAction.js +1 -1
- package/lib/cjs/internal/app-binder/device-action/AddToTrustchainDeviceAction.js.map +1 -1
- package/lib/cjs/internal/app-binder/device-action/AuthenticateWithDeviceDeviceAction.js +1 -1
- package/lib/cjs/internal/app-binder/device-action/AuthenticateWithDeviceDeviceAction.js.map +1 -1
- package/lib/cjs/internal/app-binder/device-action/AuthenticateWithKeypairDeviceAction.js +1 -1
- package/lib/cjs/internal/app-binder/device-action/AuthenticateWithKeypairDeviceAction.js.map +2 -2
- package/lib/cjs/internal/app-binder/device-action/models/AuthenticateWithDeviceDeviceActionTypes.js.map +1 -1
- package/lib/cjs/internal/app-binder/device-action/models/AuthenticateWithKeypairDeviceActionTypes.js +1 -1
- package/lib/cjs/internal/app-binder/device-action/models/AuthenticateWithKeypairDeviceActionTypes.js.map +1 -1
- package/lib/cjs/internal/app-binder/task/ExtractEncryptionKeyTask.js.map +2 -2
- package/lib/cjs/internal/app-binder/task/SignChallengeWithKeypairTask.js +1 -1
- package/lib/cjs/internal/app-binder/task/SignChallengeWithKeypairTask.js.map +2 -2
- package/lib/cjs/internal/app-binder/task/SignChallengeWithKeypairTask.test.js +1 -1
- package/lib/cjs/internal/app-binder/task/SignChallengeWithKeypairTask.test.js.map +2 -2
- package/lib/cjs/internal/use-cases/authentication/AuthenticateUseCase.js +1 -1
- package/lib/cjs/internal/use-cases/authentication/AuthenticateUseCase.js.map +1 -1
- package/lib/cjs/internal/use-cases/authentication/DecryptDataUseCase.js.map +1 -1
- package/lib/cjs/internal/use-cases/authentication/EncryptDataUseCase.js.map +1 -1
- package/lib/cjs/internal/utils/LKRPBlockStream.js +1 -1
- package/lib/cjs/internal/utils/LKRPBlockStream.js.map +2 -2
- package/lib/cjs/package.json +1 -1
- package/lib/esm/api/app-binder/AddToTrustchainDeviceActionTypes.js.map +1 -1
- package/lib/esm/api/crypto/CryptoService.js.map +1 -1
- package/lib/esm/api/model/Errors.js +1 -1
- package/lib/esm/api/model/Errors.js.map +1 -1
- package/lib/esm/internal/app-binder/LedgerKeyringProtocolBinder.js +1 -1
- package/lib/esm/internal/app-binder/LedgerKeyringProtocolBinder.js.map +1 -1
- package/lib/esm/internal/app-binder/device-action/AddToTrustchainDeviceAction.js +1 -1
- package/lib/esm/internal/app-binder/device-action/AddToTrustchainDeviceAction.js.map +1 -1
- package/lib/esm/internal/app-binder/device-action/AuthenticateWithDeviceDeviceAction.js +1 -1
- package/lib/esm/internal/app-binder/device-action/AuthenticateWithDeviceDeviceAction.js.map +1 -1
- package/lib/esm/internal/app-binder/device-action/AuthenticateWithKeypairDeviceAction.js +1 -1
- package/lib/esm/internal/app-binder/device-action/AuthenticateWithKeypairDeviceAction.js.map +2 -2
- package/lib/esm/internal/app-binder/task/ExtractEncryptionKeyTask.js.map +2 -2
- package/lib/esm/internal/app-binder/task/SignChallengeWithKeypairTask.js +1 -1
- package/lib/esm/internal/app-binder/task/SignChallengeWithKeypairTask.js.map +2 -2
- package/lib/esm/internal/app-binder/task/SignChallengeWithKeypairTask.test.js +1 -1
- package/lib/esm/internal/app-binder/task/SignChallengeWithKeypairTask.test.js.map +2 -2
- package/lib/esm/internal/use-cases/authentication/AuthenticateUseCase.js.map +1 -1
- package/lib/esm/internal/use-cases/authentication/DecryptDataUseCase.js.map +1 -1
- package/lib/esm/internal/use-cases/authentication/EncryptDataUseCase.js.map +1 -1
- package/lib/esm/internal/utils/LKRPBlockStream.js +2 -2
- package/lib/esm/internal/utils/LKRPBlockStream.js.map +2 -2
- package/lib/esm/package.json +1 -1
- package/lib/types/api/app-binder/AddToTrustchainDeviceActionTypes.d.ts +1 -1
- package/lib/types/internal/app-binder/LedgerKeyringProtocolBinder.d.ts +2 -2
- package/lib/types/internal/app-binder/device-action/AuthenticateWithDeviceDeviceAction.d.ts +1 -1
- package/lib/types/internal/app-binder/device-action/AuthenticateWithKeypairDeviceAction.d.ts +2 -2
- package/lib/types/internal/app-binder/device-action/models/AuthenticateWithDeviceDeviceActionTypes.d.ts +1 -1
- package/lib/types/internal/app-binder/device-action/models/AuthenticateWithKeypairDeviceActionTypes.d.ts +1 -1
- package/lib/types/internal/app-binder/task/ExtractEncryptionKeyTask.d.ts +1 -1
- package/lib/types/internal/app-binder/task/SignChallengeWithKeypairTask.d.ts +2 -2
- package/lib/types/internal/use-cases/authentication/AuthenticateUseCase.d.ts +1 -1
- package/lib/types/internal/utils/LKRPBlockStream.d.ts +1 -1
- package/lib/types/tsconfig.prod.tsbuildinfo +1 -1
- package/package.json +5 -5
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
{
|
|
2
2
|
"version": 3,
|
|
3
3
|
"sources": ["../../../../../src/internal/app-binder/device-action/AuthenticateWithDeviceDeviceAction.ts"],
|
|
4
|
-
"sourcesContent": ["import {\n type DeviceActionStateMachine,\n type InternalApi,\n OpenAppDeviceAction,\n type StateMachineTypes,\n UserInteractionRequired,\n XStateDeviceAction,\n} from \"@ledgerhq/device-management-kit\";\nimport { type Either, EitherAsync, Left, Right } from \"purify-ts\";\nimport { assign, fromPromise, setup } from \"xstate\";\n\nimport {\n type AuthenticateDAError,\n type AuthenticateDAIntermediateValue,\n type AuthenticateDAOutput,\n AuthenticateDAState,\n AuthenticateDAStep,\n} from \"@api/app-binder/AuthenticateDeviceActionTypes\";\nimport { type CryptoService } from \"@api/crypto/CryptoService\";\nimport { type KeyPair } from \"@api/crypto/KeyPair\";\nimport {\n LKRPMissingDataError,\n LKRPTrustchainNotReady,\n LKRPUnknownError,\n} from \"@api/model/Errors\";\nimport { type JWT } from \"@api/model/JWT\";\nimport { AuthenticateTask } from \"@internal/app-binder/task/AuthenticateTask\";\nimport { ExtractEncryptionKeyTask } from \"@internal/app-binder/task/ExtractEncryptionKeyTask\";\nimport { SignChallengeWithDeviceTask } from \"@internal/app-binder/task/SignChallengeWithDeviceTask\";\nimport { type LKRPDataSource } from \"@internal/lkrp-datasource/data/LKRPDataSource\";\nimport { eitherSeqRecord } from \"@internal/utils/eitherSeqRecord\";\nimport { type LKRPBlockStream } from \"@internal/utils/LKRPBlockStream\";\nimport { required } from \"@internal/utils/required\";\n\nimport {\n type AuthenticateWithDeviceDAInput,\n type AuthenticateWithDeviceDAInternalState,\n} from \"./models/AuthenticateWithDeviceDeviceActionTypes\";\nimport { raiseAndAssign } from \"./utils/raiseAndAssign\";\nimport { AddToTrustchainDeviceAction } from \"./AddToTrustchainDeviceAction\";\n\nconst APP_NAME = \"Ledger Sync\";\n\nexport class AuthenticateWithDeviceDeviceAction extends XStateDeviceAction<\n AuthenticateDAOutput,\n AuthenticateWithDeviceDAInput,\n AuthenticateDAError,\n AuthenticateDAIntermediateValue,\n AuthenticateWithDeviceDAInternalState\n> {\n makeStateMachine(\n internalApi: InternalApi,\n ): DeviceActionStateMachine<\n AuthenticateDAOutput,\n AuthenticateWithDeviceDAInput,\n AuthenticateDAError,\n AuthenticateDAIntermediateValue,\n AuthenticateWithDeviceDAInternalState\n > {\n type types = StateMachineTypes<\n AuthenticateDAOutput,\n AuthenticateWithDeviceDAInput,\n AuthenticateDAError,\n AuthenticateDAIntermediateValue,\n AuthenticateWithDeviceDAInternalState\n >;\n\n const { deviceAuth, getTrustchain, extractEncryptionKey } =\n this.extractDependencies(internalApi);\n\n return setup({\n types: {\n input: {} as types[\"input\"],\n context: {} as types[\"context\"],\n output: {} as types[\"output\"],\n },\n\n actors: {\n openAppStateMachine: new OpenAppDeviceAction({\n input: { appName: APP_NAME },\n }).makeStateMachine(internalApi),\n\n deviceAuth: fromPromise(deviceAuth),\n\n getTrustchain: fromPromise(getTrustchain),\n\n addToTrustchainStateMachine: new AddToTrustchainDeviceAction({\n input: Left(\n new LKRPMissingDataError(\"Missing input for GetEncryptionKey\"),\n ),\n }).makeStateMachine(internalApi),\n\n extractEncryptionKey: fromPromise(extractEncryptionKey),\n },\n\n actions: {\n assignErrorFromEvent: raiseAndAssign(\n ({ event }) =>\n Left(\n new LKRPUnknownError(\n String((event as { error?: unknown }).error),\n ),\n ), // NOTE: it should never happen, the error is not typed anymore here\n ),\n },\n\n guards: {\n isTrustchainMember: ({ context }) =>\n context._internalState\n .toMaybe()\n .map(\n (state) =>\n state.wasAddedToTrustchain ||\n state.trustchain\n ?.getAppStream(context.input.appId)\n .mapOrDefault(\n (stream) =>\n stream.hasMember(\n context.input.keypair.getPublicKeyToHex(),\n ),\n false,\n ),\n )\n .extract() ?? false,\n },\n }).createMachine({\n /** @xstate-layout N4IgpgJg5mDOIC5QEECuAXAFmAduglgMYCG6YA6vlgCJgBuRYtDhYyhBA9jgHQDyAB1zIBAgMQRuYHvhx1OAa2mchOEQIDaABgC6iUAM6wq+bvpAAPRAEYAzADYeATgAcAFltuntrdYBMAfYANCAAnogA7G6OttYREU5aWgERyQC+aSFoWLgEJGSUNPSMzIzsXLyCwqJiYABOdZx1PAIANqQAZk0Atjwq1Zq65obGFeZWCNbWAKw80-Z+Xvb2ni5OEdPWIeEI9tN+PC720RtuyU52GVkY2HhEpBRUmKWsL2wcppWq6mKwqISsWCwbR6JAgEYmMxgia2FwRHhaCIuaxaLz7ZbTLTBMKIFwuA7JLTePwJVxRCJXEDZW55B6FZ7FV6M94VfjfGr1Rp1EHDIyQnDjRAOA7WPGYiLHaxOab47Y2GVaHheOKiiVOAIBSnU3L3ApPN5vcqfHiGm4SKQyOSKaQQZnUnlgiFjaGIeZuQ62Py+PxSrQucVyhASxyuNzRRKI3wrLU3HX5R5FFhMO0fbgmu1mzlNFrtdBdOq9W1J+1DR1852gCbTTE8WyuWFReyIhJbHG7CK2OaxPx4tz+bzTGM5O7x+kGlOs01YX7-QHA0sGcufQVB7w8FYk6XS6YRaxuaaB9WKwlraJe+z4txDmm6hMMpOG1O8KeYWoNJoOxejZcuoMJBH2FEdbVlM+5uIGMyxOuixaJi0wOLY0xXpkVKxiOdL6syj6sgA4mA6AACp1KgsDoIQmDELI5o4NIsjyEoPAwIRxGkeRlE4J+4JLlClaIOsLg8I2sE+CqTYuIGLios47jRLCe7rL415xhhiYlBOxp4cxJFkRRVFZs0bSdD0jH4UR2lsbInFOj+vEIOs1jrru+IbBcWJrIGu4OfBdjKtKorWEp6F6qpTLFk+PCaWZrG6TgM4AnA86gl+-Irv4YbQWiGpNmSh4XnMCz7P5vhgYFtLBfealhbhpksTp7FvlyVncQKv5TPiCKwU2iKLIkfgQW4ErOOSThhiiixuC4pW3mOWHqWmADC2CEAoACSsAALJgN0ABG9SwGITXfjxljyhNzj7n48G2J6+J+oe8Q8AE6r7vYTgFR2U2jphD5zbwi1gMta2bTte0HdYSVcUdLW2TMSKCZ4N3TL1SHYjs-h4jwUqgXWCwUih2pBXe45VcayAQBABGcFFdVUZINGWvR0hkxTVO1RZHELpDKWtUcswokhiIyv5tgQV6IoXlEqL+j6TifSpFWhWU4XM5T1Psw12aGXmxkq6z5kxYd3Mw7zgkdnWEQ9k4VthhBUyKvYe62Kk5w+D2cvlcTSusrrasxXFc6GxWJ0ID6r3OH4iFhscZywf1UpKgs1gO2sF51u7ROzSTaY+2zfv6YHNnB6H8KIcS6oW69cIQddnaJ5JhLddG+NoWVGc-VnvAAKIWOgdTEBwnc4IQdShAIFQANJgKE1G0VaDHd73-foIPw+jxPU8F8dEyijW7gSqinhaA44Ftv6tdEk7l37DuH3N8Orcze3XvGgvfcD0PI9j58k-T-pOZGQWHgr8l4r0-uvUIm9obBx3l5GY8wUQOzrNKDyTZMbwIuNKdwb106P0qs-NMwD36ry-twH+-sEqQJXKHJw4dI7RDDEkfY913TrHVDKDwCwr44O+ng1gRoCE9zfsvD+a9v5Tw1tyTm1kt6IGLrWJGnpy5+Ern1NsKIzjriOHvJGfZ1QZBQjgTgtp4BggJg-Hhis+FPl5FDFcABaVsOx5izGPhbUayJYiDjvjeL6IVkwdzZAMGxRtg4DQkuleIRJUTHB6kSbhfjsLGhfMEoOVYUSYxVPMBYPhOoST2EqJ2MphQXlgn4eJCt-H4N4JFXO7EUmFwmBcRwgFRQDQWE2ECh4j4FI2EiDwA0kYBW8cpD2mcqk8H+oDDaW1dp1BMclVJNgHDwmWDHWEb0PDqlyjQrEV8BrrD8E08pnsrHe3JqrWpsh6kyMmPEBypdrpiVcHsauSRoJxDWHYREMxJrDMJrgyxLIX6CJASIkhOAf7XKgdvO58jvAOD9M8g8bZpQEgKt5aIex-THLGac40ABlWcCUoVUNiJ2RYGx5gBD7E2CI91OwW2eohAI1YJo4qfnigh746gkt-AESSj1E5JAri4bs1dPS1l3EifYcJYI7n0WkIAA */\n\n id: \"AuthenticateWithDeviceDeviceAction\",\n context: ({ input }): types[\"context\"] => ({\n input,\n intermediateValue: {\n requiredUserInteraction: UserInteractionRequired.None,\n },\n _internalState: Right({\n trustchainId: null,\n jwt: null,\n trustchain: null,\n encryptionKey: null,\n wasAddedToTrustchain: false,\n }),\n }),\n\n initial: \"OpenApp\",\n states: {\n OpenApp: {\n on: { success: \"DeviceAuth\", error: \"Error\" },\n invoke: {\n id: \"openApp\",\n src: \"openAppStateMachine\",\n onSnapshot: {\n actions: assign({\n intermediateValue: ({ event }) => ({\n step: AuthenticateDAStep.OpenApp,\n ...event.snapshot.context.intermediateValue,\n }),\n }),\n },\n input: { appName: APP_NAME },\n onError: { actions: \"assignErrorFromEvent\" },\n onDone: {\n actions: raiseAndAssign(({ event }) =>\n event.output.map(() => ({ raise: \"success\" })),\n ),\n },\n },\n },\n\n DeviceAuth: {\n entry: assign({\n intermediateValue: {\n step: AuthenticateDAStep.Authenticate,\n requiredUserInteraction: AuthenticateDAState.Authenticate,\n },\n }),\n on: { success: \"GetTrustchain\", error: \"Error\" },\n invoke: {\n id: \"deviceAuth\",\n src: \"deviceAuth\",\n input: ({ context }) => context.input,\n onError: { actions: \"assignErrorFromEvent\" },\n onDone: {\n actions: raiseAndAssign(({ event }) =>\n event.output.chain((payload) =>\n payload.trustchainId.caseOf({\n Nothing: () => Left(new LKRPTrustchainNotReady()),\n Just: (trustchainId) =>\n Right({\n raise: \"success\",\n assign: { jwt: payload.jwt, trustchainId },\n }),\n }),\n ),\n ),\n },\n },\n },\n\n GetTrustchain: {\n entry: assign({\n intermediateValue: {\n step: AuthenticateDAStep.GetTrustchain,\n requiredUserInteraction: UserInteractionRequired.None,\n },\n }),\n on: { success: \"CheckIsMembers\", error: \"Error\" },\n invoke: {\n id: \"getTrustchain\",\n src: \"getTrustchain\",\n input: ({ context }) =>\n context._internalState.chain((state) =>\n eitherSeqRecord({\n lkrpDataSource: context.input.lkrpDataSource,\n trustchainId: () =>\n required(\n state.trustchainId,\n \"Missing Trustchain ID for GetTrustchain\",\n ),\n jwt: () =>\n required(state.jwt, \"Missing JWT for GetTrustchain\"),\n }),\n ),\n onError: { actions: \"assignErrorFromEvent\" },\n onDone: {\n actions: raiseAndAssign(({ event }) =>\n event.output.map((trustchain) => ({\n raise: \"success\",\n assign: { trustchain },\n })),\n ),\n },\n },\n },\n\n CheckIsMembers: {\n always: [\n { target: \"ExtractEncryptionKey\", guard: \"isTrustchainMember\" },\n { target: \"AddToTrustchain\" },\n ],\n },\n\n AddToTrustchain: {\n on: {\n success: \"GetTrustchain\",\n error: \"Error\",\n },\n invoke: {\n id: \"AddToTrustchain\",\n src: \"addToTrustchainStateMachine\",\n onSnapshot: {\n actions: assign({\n intermediateValue: ({ event }) =>\n event.snapshot.context.intermediateValue,\n }),\n },\n input: ({ context }) =>\n context._internalState\n .mapLeft(\n () =>\n new LKRPMissingDataError(\n \"Missing data in the input for AddToTrustchain\",\n ),\n )\n .chain((state) =>\n eitherSeqRecord({\n lkrpDataSource: context.input.lkrpDataSource,\n cryptoService: context.input.cryptoService,\n keypair: context.input.keypair,\n clientName: context.input.clientName,\n permissions: context.input.permissions,\n jwt: () =>\n required(state.jwt, \"Missing JWT for AddToTrustchain\"),\n appId: context.input.appId,\n trustchain: () =>\n required(\n state.trustchain,\n \"Missing Trustchain for AddToTrustchain\",\n ),\n }),\n ),\n onError: { actions: \"assignErrorFromEvent\" },\n onDone: {\n actions: raiseAndAssign(({ event }) =>\n event.output.map(() => ({\n raise: \"success\",\n assign: { wasAddedToTrustchain: true },\n })),\n ),\n },\n },\n },\n\n ExtractEncryptionKey: {\n entry: assign({\n intermediateValue: {\n step: AuthenticateDAStep.ExtractEncryptionKey,\n requiredUserInteraction: UserInteractionRequired.None,\n },\n }),\n on: { success: \"Success\", error: \"Error\" },\n invoke: {\n id: \"ExtractEncryptionKey\",\n src: \"extractEncryptionKey\",\n input: ({ context }) => ({\n cryptoService: context.input.cryptoService,\n keypair: context.input.keypair,\n stream: context._internalState.chain(({ trustchain }) =>\n required(\n trustchain?.getAppStream(context.input.appId).extract(),\n \"Missing application stream for ExtractEncryptionKey\",\n ),\n ),\n }),\n onError: { actions: \"assignErrorFromEvent\" },\n onDone: {\n actions: raiseAndAssign(({ event }) =>\n event.output.map((encryptionKey) => ({\n raise: \"success\",\n assign: { encryptionKey },\n })),\n ),\n },\n },\n },\n\n Success: { type: \"final\" },\n\n Error: { type: \"final\" },\n },\n\n output: ({ context }) =>\n context._internalState.chain((state) =>\n eitherSeqRecord({\n trustchainId: () =>\n required(\n state.trustchainId,\n \"Missing Trustchain ID in the output\",\n ),\n jwt: () => required(state.jwt, \"Missing JWT in the output\"),\n applicationPath: () =>\n required(\n state.trustchain\n ?.getAppStream(context.input.appId)\n .chain((stream) => stream.getPath())\n .extract(),\n \"Missing application path in the output\",\n ),\n encryptionKey: () =>\n required(\n state.encryptionKey,\n \"Missing encryption key in the output\",\n ),\n }),\n ),\n });\n }\n\n extractDependencies(internalApi: InternalApi) {\n const authentication = new AuthenticateTask();\n const encryptionKeyExtraction = new ExtractEncryptionKeyTask();\n\n return {\n deviceAuth: ({ input }: { input: AuthenticateWithDeviceDAInput }) =>\n authentication.run(\n input.lkrpDataSource,\n new SignChallengeWithDeviceTask(internalApi),\n ),\n\n getTrustchain: (args: {\n input: Either<\n AuthenticateDAError,\n {\n lkrpDataSource: LKRPDataSource;\n trustchainId: string;\n jwt: JWT;\n }\n >;\n }) =>\n EitherAsync.liftEither(args.input)\n .chain(({ lkrpDataSource, trustchainId, jwt }) =>\n lkrpDataSource.getTrustchainById(trustchainId, jwt),\n )\n .run(),\n\n extractEncryptionKey: async ({\n input,\n }: {\n input: {\n cryptoService: CryptoService;\n keypair: KeyPair;\n stream: Either<AuthenticateDAError, LKRPBlockStream>;\n };\n }) =>\n EitherAsync.liftEither(input.stream).chain((stream) =>\n encryptionKeyExtraction.run(\n input.cryptoService,\n input.keypair,\n stream,\n ),\n ),\n };\n }\n}\n"],
|
|
4
|
+
"sourcesContent": ["import {\n type DeviceActionStateMachine,\n type InternalApi,\n OpenAppDeviceAction,\n type StateMachineTypes,\n UserInteractionRequired,\n XStateDeviceAction,\n} from \"@ledgerhq/device-management-kit\";\nimport { type Either, EitherAsync, Left, Right } from \"purify-ts\";\nimport { assign, fromPromise, setup } from \"xstate\";\n\nimport {\n type AuthenticateDAError,\n type AuthenticateDAIntermediateValue,\n type AuthenticateDAOutput,\n AuthenticateDAState,\n AuthenticateDAStep,\n} from \"@api/app-binder/AuthenticateDeviceActionTypes\";\nimport { type CryptoService } from \"@api/crypto/CryptoService\";\nimport { type KeyPair } from \"@api/crypto/KeyPair\";\nimport {\n LKRPMissingDataError,\n LKRPTrustchainNotReady,\n LKRPUnknownError,\n} from \"@api/model/Errors\";\nimport { type JWT } from \"@api/model/JWT\";\nimport { AuthenticateTask } from \"@internal/app-binder/task/AuthenticateTask\";\nimport { ExtractEncryptionKeyTask } from \"@internal/app-binder/task/ExtractEncryptionKeyTask\";\nimport { SignChallengeWithDeviceTask } from \"@internal/app-binder/task/SignChallengeWithDeviceTask\";\nimport { type LKRPDataSource } from \"@internal/lkrp-datasource/data/LKRPDataSource\";\nimport { eitherSeqRecord } from \"@internal/utils/eitherSeqRecord\";\nimport { type LKRPBlockStream } from \"@internal/utils/LKRPBlockStream\";\nimport { required } from \"@internal/utils/required\";\n\nimport {\n type AuthenticateWithDeviceDAInput,\n type AuthenticateWithDeviceDAInternalState,\n} from \"./models/AuthenticateWithDeviceDeviceActionTypes\";\nimport { raiseAndAssign } from \"./utils/raiseAndAssign\";\nimport { AddToTrustchainDeviceAction } from \"./AddToTrustchainDeviceAction\";\n\nconst APP_NAME = \"Ledger Sync\";\n\nexport class AuthenticateWithDeviceDeviceAction extends XStateDeviceAction<\n AuthenticateDAOutput,\n AuthenticateWithDeviceDAInput,\n AuthenticateDAError,\n AuthenticateDAIntermediateValue,\n AuthenticateWithDeviceDAInternalState\n> {\n makeStateMachine(\n internalApi: InternalApi,\n ): DeviceActionStateMachine<\n AuthenticateDAOutput,\n AuthenticateWithDeviceDAInput,\n AuthenticateDAError,\n AuthenticateDAIntermediateValue,\n AuthenticateWithDeviceDAInternalState\n > {\n type types = StateMachineTypes<\n AuthenticateDAOutput,\n AuthenticateWithDeviceDAInput,\n AuthenticateDAError,\n AuthenticateDAIntermediateValue,\n AuthenticateWithDeviceDAInternalState\n >;\n\n const { deviceAuth, getTrustchain, extractEncryptionKey } =\n this.extractDependencies(internalApi);\n\n return setup({\n types: {\n input: {} as types[\"input\"],\n context: {} as types[\"context\"],\n output: {} as types[\"output\"],\n },\n\n actors: {\n openAppStateMachine: new OpenAppDeviceAction({\n input: { appName: APP_NAME },\n }).makeStateMachine(internalApi),\n\n deviceAuth: fromPromise(deviceAuth),\n\n getTrustchain: fromPromise(getTrustchain),\n\n addToTrustchainStateMachine: new AddToTrustchainDeviceAction({\n input: Left(\n new LKRPMissingDataError(\"Missing input for GetEncryptionKey\"),\n ),\n }).makeStateMachine(internalApi),\n\n extractEncryptionKey: fromPromise(extractEncryptionKey),\n },\n\n actions: {\n assignErrorFromEvent: raiseAndAssign(\n ({ event }) =>\n Left(\n new LKRPUnknownError(\n String((event as { error?: unknown }).error),\n ),\n ), // NOTE: it should never happen, the error is not typed anymore here\n ),\n },\n\n guards: {\n isTrustchainMember: ({ context }) =>\n context._internalState\n .toMaybe()\n .map(\n (state) =>\n state.wasAddedToTrustchain ||\n state.trustchain\n ?.getAppStream(context.input.appId)\n .mapOrDefault(\n (stream) =>\n stream.hasMember(\n context.input.keyPair.getPublicKeyToHex(),\n ),\n false,\n ),\n )\n .extract() ?? false,\n },\n }).createMachine({\n /** @xstate-layout N4IgpgJg5mDOIC5QEECuAXAFmAduglgMYCG6YA6vlgCJgBuRYtDhYyhBA9jgHQDyAB1zIBAgMQRuYHvhx1OAa2mchOEQIDaABgC6iUAM6wq+bvpAAPRAEYAzADYeATgAcAFltuntrdYBMAfYANCAAnogA7G6OttYREU5aWgERyQC+aSFoWLgEJGSUNPSMzIzsXLyCwqJiYABOdZx1PAIANqQAZk0Atjwq1Zq65obGFeZWCNbWAKw80-Z+Xvb2ni5OEdPWIeEI9tN+PC720RtuyU52GVkY2HhEpBRUmKWsL2wcppWq6mKwqISsWCwbR6JAgEYmMxgia2FwRHhaCIuaxaLz7ZbTLTBMKIFwuA7JLTePwJVxRCJXEDZW55B6FZ7FV6M94VfjfGr1Rp1EHDIyQnDjRAOA7WPGYiLHaxOab47Y2GVaHheOKiiVOAIBSnU3L3ApPN5vcqfHiGm4SKQyOSKaQQZnUnlgiFjaGIeZuQ62Py+PxSrQucVyhASxyuNzRRKI3wrLU3HX5R5FFhMO0fbgmu1mzlNFrtdBdOq9W1J+1DR1852gCbTTE8WyuWFReyIhJbHG7CK2OaxPx4tz+bzTGM5O7x+kGlOs01YX7-QHA0sGcufQVB7w8FYk6XS6YRaxuaaB9WKwlraJe+z4txDmm6hMMpOG1O8KeYWoNJoOxejZcuoMJBH2FEdbVlM+5uIGMyxOuixaJi0wOLY0xXpkVKxiOdL6syj6sgA4mA6AACp1KgsDoIQmDELI5o4NIsjyEoPAwIRxGkeRlE4J+4JLlClaIOsLg8I2sE+CqTYuIGLios47jRLCe7rL415xhhiYlBOxp4cxJFkRRVFZs0bSdD0jH4UR2lsbInFOj+vEIOs1jrru+IbBcWJrIGu4OfBdjKtKorWEp6F6qpTLFk+PCaWZrG6TgM4AnA86gl+-Irv4YbQWiGpNmSh4XnMCz7P5vhgYFtLBfealhbhpksTp7FvlyVncQKv5TPiCKwU2iKLIkfgQW4ErOOSThhiiixuC4pW3mOWHqWmADC2CEAoACSsAALJgN0ABG9SwGITXfjxljyhNzj7n48G2J6+J+oe8Q8AE6r7vYTgFR2U2jphD5zbwi1gMta2bTte0HdYSVcUdLW2TMSKCZ4N3TL1SHYjs-h4jwUqgXWCwUih2pBXe45VcayAQBABGcFFdVUZINGWvR0hkxTVO1RZHELpDKWtUcswokhiIyv5tgQV6IoXlEqL+j6TifSpFWhWU4XM5T1Psw12aGXmxkq6z5kxYd3Mw7zgkdnWEQ9k4VthhBUyKvYe62Kk5w+D2cvlcTSusrrasxXFc6GxWJ0ID6r3OH4iFhscZywf1UpKgs1gO2sF51u7ROzSTaY+2zfv6YHNnB6H8KIcS6oW69cIQddnaJ5JhLddG+NoWVGc-VnvAAKIWOgdTEBwnc4IQdShAIFQANJgKE1G0VaDHd73-foIPw+jxPU8F8dEyijW7gSqinhaA44Ftv6tdEk7l37DuH3N8Orcze3XvGgvfcD0PI9j58k-T-pOZGQWHgr8l4r0-uvUIm9obBx3l5GY8wUQOzrNKDyTZMbwIuNKdwb106P0qs-NMwD36ry-twH+-sEqQJXKHJw4dI7RDDEkfY913TrHVDKDwCwr44O+ng1gRoCE9zfsvD+a9v5Tw1tyTm1kt6IGLrWJGnpy5+Ern1NsKIzjriOHvJGfZ1QZBQjgTgtp4BggJg-Hhis+FPl5FDFcABaVsOx5izGPhbUayJYiDjvjeL6IVkwdzZAMGxRtg4DQkuleIRJUTHB6kSbhfjsLGhfMEoOVYUSYxVPMBYPhOoST2EqJ2MphQXlgn4eJCt-H4N4JFXO7EUmFwmBcRwgFRQDQWE2ECh4j4FI2EiDwA0kYBW8cpD2mcqk8H+oDDaW1dp1BMclVJNgHDwmWDHWEb0PDqlyjQrEV8BrrD8E08pnsrHe3JqrWpsh6kyMmPEBypdrpiVcHsauSRoJxDWHYREMxJrDMJrgyxLIX6CJASIkhOAf7XKgdvO58jvAOD9M8g8bZpQEgKt5aIex-THLGac40ABlWcCUoVUNiJ2RYGx5gBD7E2CI91OwW2eohAI1YJo4qfnigh746gkt-AESSj1E5JAri4bs1dPS1l3EifYcJYI7n0WkIAA */\n\n id: \"AuthenticateWithDeviceDeviceAction\",\n context: ({ input }): types[\"context\"] => ({\n input,\n intermediateValue: {\n requiredUserInteraction: UserInteractionRequired.None,\n },\n _internalState: Right({\n trustchainId: null,\n jwt: null,\n trustchain: null,\n encryptionKey: null,\n wasAddedToTrustchain: false,\n }),\n }),\n\n initial: \"OpenApp\",\n states: {\n OpenApp: {\n on: { success: \"DeviceAuth\", error: \"Error\" },\n invoke: {\n id: \"openApp\",\n src: \"openAppStateMachine\",\n onSnapshot: {\n actions: assign({\n intermediateValue: ({ event }) => ({\n step: AuthenticateDAStep.OpenApp,\n ...event.snapshot.context.intermediateValue,\n }),\n }),\n },\n input: { appName: APP_NAME },\n onError: { actions: \"assignErrorFromEvent\" },\n onDone: {\n actions: raiseAndAssign(({ event }) =>\n event.output.map(() => ({ raise: \"success\" })),\n ),\n },\n },\n },\n\n DeviceAuth: {\n entry: assign({\n intermediateValue: {\n step: AuthenticateDAStep.Authenticate,\n requiredUserInteraction: AuthenticateDAState.Authenticate,\n },\n }),\n on: { success: \"GetTrustchain\", error: \"Error\" },\n invoke: {\n id: \"deviceAuth\",\n src: \"deviceAuth\",\n input: ({ context }) => context.input,\n onError: { actions: \"assignErrorFromEvent\" },\n onDone: {\n actions: raiseAndAssign(({ event }) =>\n event.output.chain((payload) =>\n payload.trustchainId.caseOf({\n Nothing: () => Left(new LKRPTrustchainNotReady()),\n Just: (trustchainId) =>\n Right({\n raise: \"success\",\n assign: { jwt: payload.jwt, trustchainId },\n }),\n }),\n ),\n ),\n },\n },\n },\n\n GetTrustchain: {\n entry: assign({\n intermediateValue: {\n step: AuthenticateDAStep.GetTrustchain,\n requiredUserInteraction: UserInteractionRequired.None,\n },\n }),\n on: { success: \"CheckIsMembers\", error: \"Error\" },\n invoke: {\n id: \"getTrustchain\",\n src: \"getTrustchain\",\n input: ({ context }) =>\n context._internalState.chain((state) =>\n eitherSeqRecord({\n lkrpDataSource: context.input.lkrpDataSource,\n trustchainId: () =>\n required(\n state.trustchainId,\n \"Missing Trustchain ID for GetTrustchain\",\n ),\n jwt: () =>\n required(state.jwt, \"Missing JWT for GetTrustchain\"),\n }),\n ),\n onError: { actions: \"assignErrorFromEvent\" },\n onDone: {\n actions: raiseAndAssign(({ event }) =>\n event.output.map((trustchain) => ({\n raise: \"success\",\n assign: { trustchain },\n })),\n ),\n },\n },\n },\n\n CheckIsMembers: {\n always: [\n { target: \"ExtractEncryptionKey\", guard: \"isTrustchainMember\" },\n { target: \"AddToTrustchain\" },\n ],\n },\n\n AddToTrustchain: {\n on: {\n success: \"GetTrustchain\",\n error: \"Error\",\n },\n invoke: {\n id: \"AddToTrustchain\",\n src: \"addToTrustchainStateMachine\",\n onSnapshot: {\n actions: assign({\n intermediateValue: ({ event }) =>\n event.snapshot.context.intermediateValue,\n }),\n },\n input: ({ context }) =>\n context._internalState\n .mapLeft(\n () =>\n new LKRPMissingDataError(\n \"Missing data in the input for AddToTrustchain\",\n ),\n )\n .chain((state) =>\n eitherSeqRecord({\n lkrpDataSource: context.input.lkrpDataSource,\n cryptoService: context.input.cryptoService,\n keyPair: context.input.keyPair,\n clientName: context.input.clientName,\n permissions: context.input.permissions,\n jwt: () =>\n required(state.jwt, \"Missing JWT for AddToTrustchain\"),\n appId: context.input.appId,\n trustchain: () =>\n required(\n state.trustchain,\n \"Missing Trustchain for AddToTrustchain\",\n ),\n }),\n ),\n onError: { actions: \"assignErrorFromEvent\" },\n onDone: {\n actions: raiseAndAssign(({ event }) =>\n event.output.map(() => ({\n raise: \"success\",\n assign: { wasAddedToTrustchain: true },\n })),\n ),\n },\n },\n },\n\n ExtractEncryptionKey: {\n entry: assign({\n intermediateValue: {\n step: AuthenticateDAStep.ExtractEncryptionKey,\n requiredUserInteraction: UserInteractionRequired.None,\n },\n }),\n on: { success: \"Success\", error: \"Error\" },\n invoke: {\n id: \"ExtractEncryptionKey\",\n src: \"extractEncryptionKey\",\n input: ({ context }) => ({\n cryptoService: context.input.cryptoService,\n keyPair: context.input.keyPair,\n stream: context._internalState.chain(({ trustchain }) =>\n required(\n trustchain?.getAppStream(context.input.appId).extract(),\n \"Missing application stream for ExtractEncryptionKey\",\n ),\n ),\n }),\n onError: { actions: \"assignErrorFromEvent\" },\n onDone: {\n actions: raiseAndAssign(({ event }) =>\n event.output.map((encryptionKey) => ({\n raise: \"success\",\n assign: { encryptionKey },\n })),\n ),\n },\n },\n },\n\n Success: { type: \"final\" },\n\n Error: { type: \"final\" },\n },\n\n output: ({ context }) =>\n context._internalState.chain((state) =>\n eitherSeqRecord({\n trustchainId: () =>\n required(\n state.trustchainId,\n \"Missing Trustchain ID in the output\",\n ),\n jwt: () => required(state.jwt, \"Missing JWT in the output\"),\n applicationPath: () =>\n required(\n state.trustchain\n ?.getAppStream(context.input.appId)\n .chain((stream) => stream.getPath())\n .extract(),\n \"Missing application path in the output\",\n ),\n encryptionKey: () =>\n required(\n state.encryptionKey,\n \"Missing encryption key in the output\",\n ),\n }),\n ),\n });\n }\n\n extractDependencies(internalApi: InternalApi) {\n const authentication = new AuthenticateTask();\n const encryptionKeyExtraction = new ExtractEncryptionKeyTask();\n\n return {\n deviceAuth: ({ input }: { input: AuthenticateWithDeviceDAInput }) =>\n authentication.run(\n input.lkrpDataSource,\n new SignChallengeWithDeviceTask(internalApi),\n ),\n\n getTrustchain: (args: {\n input: Either<\n AuthenticateDAError,\n {\n lkrpDataSource: LKRPDataSource;\n trustchainId: string;\n jwt: JWT;\n }\n >;\n }) =>\n EitherAsync.liftEither(args.input)\n .chain(({ lkrpDataSource, trustchainId, jwt }) =>\n lkrpDataSource.getTrustchainById(trustchainId, jwt),\n )\n .run(),\n\n extractEncryptionKey: async ({\n input,\n }: {\n input: {\n cryptoService: CryptoService;\n keyPair: KeyPair;\n stream: Either<AuthenticateDAError, LKRPBlockStream>;\n };\n }) =>\n EitherAsync.liftEither(input.stream).chain((stream) =>\n encryptionKeyExtraction.run(\n input.cryptoService,\n input.keyPair,\n stream,\n ),\n ),\n };\n }\n}\n"],
|
|
5
5
|
"mappings": "AAAA,OAGE,uBAAAA,EAEA,2BAAAC,EACA,sBAAAC,MACK,kCACP,OAAsB,eAAAC,EAAa,QAAAC,EAAM,SAAAC,MAAa,YACtD,OAAS,UAAAC,EAAQ,eAAAC,EAAa,SAAAC,MAAa,SAE3C,OAIE,uBAAAC,EACA,sBAAAC,MACK,gDAGP,OACE,wBAAAC,EACA,0BAAAC,EACA,oBAAAC,MACK,oBAEP,OAAS,oBAAAC,MAAwB,6CACjC,OAAS,4BAAAC,MAAgC,qDACzC,OAAS,+BAAAC,MAAmC,wDAE5C,OAAS,mBAAAC,MAAuB,kCAEhC,OAAS,YAAAC,MAAgB,2BAMzB,OAAS,kBAAAC,MAAsB,yBAC/B,OAAS,+BAAAC,MAAmC,gCAE5C,MAAMC,EAAW,cAEV,MAAMC,UAA2CpB,CAMtD,CACA,iBACEqB,EAOA,CASA,KAAM,CAAE,WAAAC,EAAY,cAAAC,EAAe,qBAAAC,CAAqB,EACtD,KAAK,oBAAoBH,CAAW,EAEtC,OAAOf,EAAM,CACX,MAAO,CACL,MAAO,CAAC,EACR,QAAS,CAAC,EACV,OAAQ,CAAC,CACX,EAEA,OAAQ,CACN,oBAAqB,IAAIR,EAAoB,CAC3C,MAAO,CAAE,QAASqB,CAAS,CAC7B,CAAC,EAAE,iBAAiBE,CAAW,EAE/B,WAAYhB,EAAYiB,CAAU,EAElC,cAAejB,EAAYkB,CAAa,EAExC,4BAA6B,IAAIL,EAA4B,CAC3D,MAAOhB,EACL,IAAIO,EAAqB,oCAAoC,CAC/D,CACF,CAAC,EAAE,iBAAiBY,CAAW,EAE/B,qBAAsBhB,EAAYmB,CAAoB,CACxD,EAEA,QAAS,CACP,qBAAsBP,EACpB,CAAC,CAAE,MAAAQ,CAAM,IACPvB,EACE,IAAIS,EACF,OAAQc,EAA8B,KAAK,CAC7C,CACF,CACJ,CACF,EAEA,OAAQ,CACN,mBAAoB,CAAC,CAAE,QAAAC,CAAQ,IAC7BA,EAAQ,eACL,QAAQ,EACR,IACEC,GACCA,EAAM,sBACNA,EAAM,YACF,aAAaD,EAAQ,MAAM,KAAK,EACjC,aACEE,GACCA,EAAO,UACLF,EAAQ,MAAM,QAAQ,kBAAkB,CAC1C,EACF,EACF,CACN,EACC,QAAQ,GAAK,EACpB,CACF,CAAC,EAAE,cAAc,CAGf,GAAI,qCACJ,QAAS,CAAC,CAAE,MAAAG,CAAM,KAAyB,CACzC,MAAAA,EACA,kBAAmB,CACjB,wBAAyB9B,EAAwB,IACnD,EACA,eAAgBI,EAAM,CACpB,aAAc,KACd,IAAK,KACL,WAAY,KACZ,cAAe,KACf,qBAAsB,EACxB,CAAC,CACH,GAEA,QAAS,UACT,OAAQ,CACN,QAAS,CACP,GAAI,CAAE,QAAS,aAAc,MAAO,OAAQ,EAC5C,OAAQ,CACN,GAAI,UACJ,IAAK,sBACL,WAAY,CACV,QAASC,EAAO,CACd,kBAAmB,CAAC,CAAE,MAAAqB,CAAM,KAAO,CACjC,KAAMjB,EAAmB,QACzB,GAAGiB,EAAM,SAAS,QAAQ,iBAC5B,EACF,CAAC,CACH,EACA,MAAO,CAAE,QAASN,CAAS,EAC3B,QAAS,CAAE,QAAS,sBAAuB,EAC3C,OAAQ,CACN,QAASF,EAAe,CAAC,CAAE,MAAAQ,CAAM,IAC/BA,EAAM,OAAO,IAAI,KAAO,CAAE,MAAO,SAAU,EAAE,CAC/C,CACF,CACF,CACF,EAEA,WAAY,CACV,MAAOrB,EAAO,CACZ,kBAAmB,CACjB,KAAMI,EAAmB,aACzB,wBAAyBD,EAAoB,YAC/C,CACF,CAAC,EACD,GAAI,CAAE,QAAS,gBAAiB,MAAO,OAAQ,EAC/C,OAAQ,CACN,GAAI,aACJ,IAAK,aACL,MAAO,CAAC,CAAE,QAAAmB,CAAQ,IAAMA,EAAQ,MAChC,QAAS,CAAE,QAAS,sBAAuB,EAC3C,OAAQ,CACN,QAAST,EAAe,CAAC,CAAE,MAAAQ,CAAM,IAC/BA,EAAM,OAAO,MAAOK,GAClBA,EAAQ,aAAa,OAAO,CAC1B,QAAS,IAAM5B,EAAK,IAAIQ,CAAwB,EAChD,KAAOqB,GACL5B,EAAM,CACJ,MAAO,UACP,OAAQ,CAAE,IAAK2B,EAAQ,IAAK,aAAAC,CAAa,CAC3C,CAAC,CACL,CAAC,CACH,CACF,CACF,CACF,CACF,EAEA,cAAe,CACb,MAAO3B,EAAO,CACZ,kBAAmB,CACjB,KAAMI,EAAmB,cACzB,wBAAyBT,EAAwB,IACnD,CACF,CAAC,EACD,GAAI,CAAE,QAAS,iBAAkB,MAAO,OAAQ,EAChD,OAAQ,CACN,GAAI,gBACJ,IAAK,gBACL,MAAO,CAAC,CAAE,QAAA2B,CAAQ,IAChBA,EAAQ,eAAe,MAAOC,GAC5BZ,EAAgB,CACd,eAAgBW,EAAQ,MAAM,eAC9B,aAAc,IACZV,EACEW,EAAM,aACN,yCACF,EACF,IAAK,IACHX,EAASW,EAAM,IAAK,+BAA+B,CACvD,CAAC,CACH,EACF,QAAS,CAAE,QAAS,sBAAuB,EAC3C,OAAQ,CACN,QAASV,EAAe,CAAC,CAAE,MAAAQ,CAAM,IAC/BA,EAAM,OAAO,IAAKO,IAAgB,CAChC,MAAO,UACP,OAAQ,CAAE,WAAAA,CAAW,CACvB,EAAE,CACJ,CACF,CACF,CACF,EAEA,eAAgB,CACd,OAAQ,CACN,CAAE,OAAQ,uBAAwB,MAAO,oBAAqB,EAC9D,CAAE,OAAQ,iBAAkB,CAC9B,CACF,EAEA,gBAAiB,CACf,GAAI,CACF,QAAS,gBACT,MAAO,OACT,EACA,OAAQ,CACN,GAAI,kBACJ,IAAK,8BACL,WAAY,CACV,QAAS5B,EAAO,CACd,kBAAmB,CAAC,CAAE,MAAAqB,CAAM,IAC1BA,EAAM,SAAS,QAAQ,iBAC3B,CAAC,CACH,EACA,MAAO,CAAC,CAAE,QAAAC,CAAQ,IAChBA,EAAQ,eACL,QACC,IACE,IAAIjB,EACF,+CACF,CACJ,EACC,MAAOkB,GACNZ,EAAgB,CACd,eAAgBW,EAAQ,MAAM,eAC9B,cAAeA,EAAQ,MAAM,cAC7B,QAASA,EAAQ,MAAM,QACvB,WAAYA,EAAQ,MAAM,WAC1B,YAAaA,EAAQ,MAAM,YAC3B,IAAK,IACHV,EAASW,EAAM,IAAK,iCAAiC,EACvD,MAAOD,EAAQ,MAAM,MACrB,WAAY,IACVV,EACEW,EAAM,WACN,wCACF,CACJ,CAAC,CACH,EACJ,QAAS,CAAE,QAAS,sBAAuB,EAC3C,OAAQ,CACN,QAASV,EAAe,CAAC,CAAE,MAAAQ,CAAM,IAC/BA,EAAM,OAAO,IAAI,KAAO,CACtB,MAAO,UACP,OAAQ,CAAE,qBAAsB,EAAK,CACvC,EAAE,CACJ,CACF,CACF,CACF,EAEA,qBAAsB,CACpB,MAAOrB,EAAO,CACZ,kBAAmB,CACjB,KAAMI,EAAmB,qBACzB,wBAAyBT,EAAwB,IACnD,CACF,CAAC,EACD,GAAI,CAAE,QAAS,UAAW,MAAO,OAAQ,EACzC,OAAQ,CACN,GAAI,uBACJ,IAAK,uBACL,MAAO,CAAC,CAAE,QAAA2B,CAAQ,KAAO,CACvB,cAAeA,EAAQ,MAAM,cAC7B,QAASA,EAAQ,MAAM,QACvB,OAAQA,EAAQ,eAAe,MAAM,CAAC,CAAE,WAAAM,CAAW,IACjDhB,EACEgB,GAAY,aAAaN,EAAQ,MAAM,KAAK,EAAE,QAAQ,EACtD,qDACF,CACF,CACF,GACA,QAAS,CAAE,QAAS,sBAAuB,EAC3C,OAAQ,CACN,QAAST,EAAe,CAAC,CAAE,MAAAQ,CAAM,IAC/BA,EAAM,OAAO,IAAKQ,IAAmB,CACnC,MAAO,UACP,OAAQ,CAAE,cAAAA,CAAc,CAC1B,EAAE,CACJ,CACF,CACF,CACF,EAEA,QAAS,CAAE,KAAM,OAAQ,EAEzB,MAAO,CAAE,KAAM,OAAQ,CACzB,EAEA,OAAQ,CAAC,CAAE,QAAAP,CAAQ,IACjBA,EAAQ,eAAe,MAAOC,GAC5BZ,EAAgB,CACd,aAAc,IACZC,EACEW,EAAM,aACN,qCACF,EACF,IAAK,IAAMX,EAASW,EAAM,IAAK,2BAA2B,EAC1D,gBAAiB,IACfX,EACEW,EAAM,YACF,aAAaD,EAAQ,MAAM,KAAK,EACjC,MAAOE,GAAWA,EAAO,QAAQ,CAAC,EAClC,QAAQ,EACX,wCACF,EACF,cAAe,IACbZ,EACEW,EAAM,cACN,sCACF,CACJ,CAAC,CACH,CACJ,CAAC,CACH,CAEA,oBAAoBN,EAA0B,CAC5C,MAAMa,EAAiB,IAAItB,EACrBuB,EAA0B,IAAItB,EAEpC,MAAO,CACL,WAAY,CAAC,CAAE,MAAAgB,CAAM,IACnBK,EAAe,IACbL,EAAM,eACN,IAAIf,EAA4BO,CAAW,CAC7C,EAEF,cAAgBe,GAUdnC,EAAY,WAAWmC,EAAK,KAAK,EAC9B,MAAM,CAAC,CAAE,eAAAC,EAAgB,aAAAN,EAAc,IAAAO,CAAI,IAC1CD,EAAe,kBAAkBN,EAAcO,CAAG,CACpD,EACC,IAAI,EAET,qBAAsB,MAAO,CAC3B,MAAAT,CACF,IAOE5B,EAAY,WAAW4B,EAAM,MAAM,EAAE,MAAOD,GAC1CO,EAAwB,IACtBN,EAAM,cACNA,EAAM,QACND,CACF,CACF,CACJ,CACF,CACF",
|
|
6
6
|
"names": ["OpenAppDeviceAction", "UserInteractionRequired", "XStateDeviceAction", "EitherAsync", "Left", "Right", "assign", "fromPromise", "setup", "AuthenticateDAState", "AuthenticateDAStep", "LKRPMissingDataError", "LKRPTrustchainNotReady", "LKRPUnknownError", "AuthenticateTask", "ExtractEncryptionKeyTask", "SignChallengeWithDeviceTask", "eitherSeqRecord", "required", "raiseAndAssign", "AddToTrustchainDeviceAction", "APP_NAME", "AuthenticateWithDeviceDeviceAction", "internalApi", "deviceAuth", "getTrustchain", "extractEncryptionKey", "event", "context", "state", "stream", "input", "payload", "trustchainId", "trustchain", "encryptionKey", "authentication", "encryptionKeyExtraction", "args", "lkrpDataSource", "jwt"]
|
|
7
7
|
}
|
|
@@ -1,2 +1,2 @@
|
|
|
1
|
-
import{UserInteractionRequired as c,XStateDeviceAction as A}from"@ledgerhq/device-management-kit";import{EitherAsync as y,Left as m,Right as E}from"purify-ts";import{assign as p,fromPromise as s,setup as D}from"xstate";import{AuthenticateDAStep as h}from"../../../api/app-binder/AuthenticateDeviceActionTypes";import{LKRPDataSourceError as l,LKRPUnauthorizedError as S,LKRPUnknownError as K}from"../../../api/model/Errors";import{AuthenticateTask as d}from"../../app-binder/task/AuthenticateTask";import{ExtractEncryptionKeyTask as I}from"../../app-binder/task/ExtractEncryptionKeyTask";import{SignChallengeWithKeypairTask as g}from"../../app-binder/task/SignChallengeWithKeypairTask";import{eitherSeqRecord as k}from"../../utils/eitherSeqRecord";import{required as a}from"../../utils/required";import{raiseAndAssign as o}from"./utils/raiseAndAssign";class q extends A{execute(){const n=this.makeStateMachine();return this._subscribeToStateMachine(n)}makeStateMachine(){const{
|
|
1
|
+
import{UserInteractionRequired as c,XStateDeviceAction as A}from"@ledgerhq/device-management-kit";import{EitherAsync as y,Left as m,Right as E}from"purify-ts";import{assign as p,fromPromise as s,setup as D}from"xstate";import{AuthenticateDAStep as h}from"../../../api/app-binder/AuthenticateDeviceActionTypes";import{LKRPDataSourceError as l,LKRPUnauthorizedError as S,LKRPUnknownError as K}from"../../../api/model/Errors";import{AuthenticateTask as d}from"../../app-binder/task/AuthenticateTask";import{ExtractEncryptionKeyTask as I}from"../../app-binder/task/ExtractEncryptionKeyTask";import{SignChallengeWithKeypairTask as g}from"../../app-binder/task/SignChallengeWithKeypairTask";import{eitherSeqRecord as k}from"../../utils/eitherSeqRecord";import{required as a}from"../../utils/required";import{raiseAndAssign as o}from"./utils/raiseAndAssign";class q extends A{execute(){const n=this.makeStateMachine();return this._subscribeToStateMachine(n)}makeStateMachine(){const{keyPairAuth:n,getTrustchain:u,extractEncryptionKey:e}=this.extractDependencies();return D({types:{input:{},context:{},output:{}},actors:{keyPairAuth:s(n),getTrustchain:s(u),extractEncryptionKey:s(e)},actions:{assignErrorFromEvent:o(({event:t})=>m(new K(String(t.error))))}}).createMachine({id:"AuthenticateWithKeypairDeviceAction",context:({input:t})=>({input:t,intermediateValue:{requiredUserInteraction:c.None},_internalState:E({jwt:null,trustchain:null,encryptionKey:null})}),initial:"KeypairAuth",states:{KeypairAuth:{entry:p({intermediateValue:{requiredUserInteraction:c.None,step:h.Authenticate}}),on:{success:"GetTrustchain",error:"Error"},invoke:{id:"keyPairAuth",src:"keyPairAuth",input:({context:t})=>t.input,onError:{actions:"assignErrorFromEvent"},onDone:{actions:o(({context:t,event:r})=>r.output.map(({jwt:i})=>({raise:"success",assign:{jwt:i}})).mapLeft(i=>i instanceof l&&i.status==="UNAUTHORIZED"?new S(t.input.trustchainId):i))}}},GetTrustchain:{entry:p({intermediateValue:{requiredUserInteraction:c.None,step:h.GetTrustchain}}),on:{success:"ExtractEncryptionKey",error:"Error"},invoke:{id:"getTrustchain",src:"getTrustchain",input:({context:t})=>({lkrpDataSource:t.input.lkrpDataSource,trustchainId:t.input.trustchainId,jwt:t._internalState.chain(({jwt:r})=>a(r,"Missing JWT for GetTrustchain"))}),onError:{actions:"assignErrorFromEvent"},onDone:{actions:o(({event:t})=>t.output.map(r=>({raise:"success",assign:{trustchain:r}})))}}},ExtractEncryptionKey:{entry:p({intermediateValue:{requiredUserInteraction:c.None,step:h.ExtractEncryptionKey}}),on:{success:"Success",error:"Error"},invoke:{id:"ExtractEncryptionKey",src:"extractEncryptionKey",input:({context:t})=>({cryptoService:t.input.cryptoService,keyPair:t.input.keyPair,stream:t._internalState.chain(({trustchain:r})=>a(r?.getAppStream(t.input.appId).extract(),"Missing application stream for ExtractEncryptionKey"))}),onError:{actions:"assignErrorFromEvent"},onDone:{actions:o(({event:t})=>t.output.map(r=>({raise:"success",assign:{encryptionKey:r}})))}}},Success:{type:"final"},Error:{type:"final"}},output:({context:t})=>t._internalState.chain(r=>k({trustchainId:t.input.trustchainId,jwt:()=>a(r.jwt,"Missing JWT in the output"),applicationPath:()=>a(r.trustchain?.getAppStream(t.input.appId).chain(i=>i.getPath()).extract(),"Missing application path in the output"),encryptionKey:()=>a(r.encryptionKey,"Missing encryption key in the output")}))})}extractDependencies(){const n=new d,u=new I;return{keyPairAuth:({input:e})=>n.run(e.lkrpDataSource,new g(e.cryptoService,e.keyPair,e.trustchainId)),getTrustchain:({input:e})=>y.liftEither(e.jwt).chain(t=>e.lkrpDataSource.getTrustchainById(e.trustchainId,t)).run(),extractEncryptionKey:async({input:e})=>y.liftEither(e.stream).chain(t=>u.run(e.cryptoService,e.keyPair,t))}}}export{q as AuthenticateWithKeypairDeviceAction};
|
|
2
2
|
//# sourceMappingURL=AuthenticateWithKeypairDeviceAction.js.map
|
package/lib/esm/internal/app-binder/device-action/AuthenticateWithKeypairDeviceAction.js.map
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
{
|
|
2
2
|
"version": 3,
|
|
3
3
|
"sources": ["../../../../../src/internal/app-binder/device-action/AuthenticateWithKeypairDeviceAction.ts"],
|
|
4
|
-
"sourcesContent": ["import {\n type DeviceActionStateMachine,\n type ExecuteDeviceActionReturnType,\n type StateMachineTypes,\n UserInteractionRequired,\n XStateDeviceAction,\n} from \"@ledgerhq/device-management-kit\";\nimport { type Either, EitherAsync, Left, Right } from \"purify-ts\";\nimport { assign, fromPromise, setup } from \"xstate\";\n\nimport {\n type AuthenticateDAError,\n type AuthenticateDAIntermediateValue,\n type AuthenticateDAOutput,\n AuthenticateDAStep,\n} from \"@api/app-binder/AuthenticateDeviceActionTypes\";\nimport { type CryptoService } from \"@api/crypto/CryptoService\";\nimport { type KeyPair } from \"@api/crypto/KeyPair\";\nimport {\n LKRPDataSourceError,\n LKRPUnauthorizedError,\n LKRPUnknownError,\n} from \"@api/model/Errors\";\nimport { type JWT } from \"@api/model/JWT\";\nimport { AuthenticateTask } from \"@internal/app-binder/task/AuthenticateTask\";\nimport { ExtractEncryptionKeyTask } from \"@internal/app-binder/task/ExtractEncryptionKeyTask\";\nimport { SignChallengeWithKeypairTask } from \"@internal/app-binder/task/SignChallengeWithKeypairTask\";\nimport { type LKRPDataSource } from \"@internal/lkrp-datasource/data/LKRPDataSource\";\nimport { eitherSeqRecord } from \"@internal/utils/eitherSeqRecord\";\nimport { type LKRPBlockStream } from \"@internal/utils/LKRPBlockStream\";\nimport { required } from \"@internal/utils/required\";\n\nimport {\n type AuthenticateWithKeypairDAInput,\n type AuthenticateWithKeypairDAInternalState,\n} from \"./models/AuthenticateWithKeypairDeviceActionTypes\";\nimport { raiseAndAssign } from \"./utils/raiseAndAssign\";\n\nexport class AuthenticateWithKeypairDeviceAction extends XStateDeviceAction<\n AuthenticateDAOutput,\n AuthenticateWithKeypairDAInput,\n AuthenticateDAError,\n AuthenticateDAIntermediateValue,\n AuthenticateWithKeypairDAInternalState\n> {\n execute(): ExecuteDeviceActionReturnType<\n AuthenticateDAOutput,\n AuthenticateDAError,\n AuthenticateDAIntermediateValue\n > {\n const stateMachine = this.makeStateMachine();\n return this._subscribeToStateMachine(stateMachine);\n }\n\n makeStateMachine(): DeviceActionStateMachine<\n AuthenticateDAOutput,\n AuthenticateWithKeypairDAInput,\n AuthenticateDAError,\n AuthenticateDAIntermediateValue,\n AuthenticateWithKeypairDAInternalState\n > {\n type types = StateMachineTypes<\n AuthenticateDAOutput,\n AuthenticateWithKeypairDAInput,\n AuthenticateDAError,\n AuthenticateDAIntermediateValue,\n AuthenticateWithKeypairDAInternalState\n >;\n\n const { keypairAuth, getTrustchain, extractEncryptionKey } =\n this.extractDependencies();\n\n return setup({\n types: {\n input: {} as types[\"input\"],\n context: {} as types[\"context\"],\n output: {} as types[\"output\"],\n },\n\n actors: {\n keypairAuth: fromPromise(keypairAuth),\n getTrustchain: fromPromise(getTrustchain),\n extractEncryptionKey: fromPromise(extractEncryptionKey),\n },\n\n actions: {\n assignErrorFromEvent: raiseAndAssign(\n ({ event }) =>\n Left(\n new LKRPUnknownError(\n String((event as { error?: unknown }).error),\n ),\n ), // NOTE: it should never happen, the error is not typed anymore here\n ),\n },\n }).createMachine({\n /** @xstate-layout N4IgpgJg5mDOIC5QEECuAXAFmAduglgMYCG6YA6vlgNJgCeADsfgE4AiYAbkWMoQQHscAOlqNmLNFgDEEIWGH4cnAQGsF68aymYA2gAYAuolAMBsKviEmQAD0QBGfQFZhADgDMAdgBMXh24AbG7Ozl4ePgA0IHSOnsI+PoEuzg4ALACcGT4BAL650Tq4BCRklDT0TKwc3IS8-FYiYlWSGJjSYCwsAizCDAA2pABmPQC2wpotOgbGSCBmFoI4NvYI2cLJbj4eAZnpgWlRMYhBwofByV6BHmke2V75hW3FRKQUVJjNEjU8fEuilQkOmksFQhDqsFgMxsC0s1jmqxubg2IT8XmcGQxaQcDkC0ViCA8+g8wgcXi89y8+jcGWCPjSjxARTwrzKHy+1S4vwaQgBWlaMk63RY0LmsKWK0QSJRzjRGKxOLxxwQgVxwkxGSJaWcHhuHmcDIKTOeLNK7wq-J+dT+jWEAHEwOgACosVCwdCETDMHCyeSKZRqBQwZ2u92e72i0zmOHLBGIA36YTeDG0hx+BzOQJHAm7YQuTVZfTorxpTJuRnMkpvcqfQGc2r1f4OkNuj1epQdLo9PqDdAjFjjYMu1vhpSR+bRiVxhA6kn6HEZ0vOfQXfEnLwJZI+fRpYLZLPaismqtsi0tK2N23N4dh9s+0HguBQowwyeNSUINz6RPhTXakJpG4JZroSO55jiSROIcRIZkeWAvGaNYcuwXLWjyIjXqGbbep2wrjuK77Tl+P53DczgAUBaQgZkrjYiEZLXJikFwdgprVuydYoQ2Nq8gAorY6AsMQ-C8TghAsIwSxiL6OAKEoKjqMI-GCcJ6CieJkmNGI+FvvCoCrE4TjCKEGSZNutKeJ4IFksiPhZIksqpIqO4sQh7Fnt8qGXnxAlCSJYkSQwUn0Lh3YDMMYxKb5qnqYFwV0DpiyEfpjjzg4CQGjStypG4pZeCBbjpcu35EkEu66rKrlsaetaWl5PEiMpflqQFmlCNJD4Qs+sxRklel2I4uoZBlATeHZma6iBWruEupnJtcgEPEalasuatXnvV6FRSp-kaUFWkhUKPSJTGH4OENI2eL4mLXB4U2ZuqkHBLiZH6s4+RGjgAgQHANgrYhHF1dx6Gvn1sYpQgAC0DggZDrhZAjiNIx4VUnmtyEXg1fJTG0oOndOaT5cqPghHmPiyjRHgHDuKPLceq1IZxmNbZhI53njU4Q4TrjomSVymdi5UgSTrghCEf5Zok6K0088HVejTObf8TUxa1+3tfQHPJQNax+O4Li5bKxJFtkwtfnmGS5Q4tLJpbYSowzgMbcD-wAMpgl1Wv9QZu6BEmo1UwcHiWdmUpgTTOS0vompkjLxpy2jjNA9yytdiwXvgzr+x+zsniB7cIfUaZGxkmSu7LoEXhfkt+RAA */\n\n id: \"AuthenticateWithKeypairDeviceAction\",\n context: ({ input }): types[\"context\"] => ({\n input,\n intermediateValue: {\n requiredUserInteraction: UserInteractionRequired.None,\n },\n _internalState: Right({\n jwt: null,\n trustchain: null,\n encryptionKey: null,\n }),\n }),\n\n initial: \"KeypairAuth\",\n states: {\n KeypairAuth: {\n entry: assign({\n intermediateValue: {\n requiredUserInteraction: UserInteractionRequired.None,\n step: AuthenticateDAStep.Authenticate,\n },\n }),\n on: { success: \"GetTrustchain\", error: \"Error\" },\n invoke: {\n id: \"keypairAuth\",\n src: \"keypairAuth\",\n input: ({ context }) => context.input,\n onError: { actions: \"assignErrorFromEvent\" },\n onDone: {\n actions: raiseAndAssign(({ context, event }) =>\n event.output\n .map(({ jwt }) => ({ raise: \"success\", assign: { jwt } }))\n .mapLeft((error) =>\n error instanceof LKRPDataSourceError &&\n error.status === \"UNAUTHORIZED\"\n ? new LKRPUnauthorizedError(context.input.trustchainId)\n : error,\n ),\n ),\n },\n },\n },\n\n GetTrustchain: {\n entry: assign({\n intermediateValue: {\n requiredUserInteraction: UserInteractionRequired.None,\n step: AuthenticateDAStep.GetTrustchain,\n },\n }),\n on: { success: \"ExtractEncryptionKey\", error: \"Error\" },\n invoke: {\n id: \"getTrustchain\",\n src: \"getTrustchain\",\n input: ({ context }) => ({\n lkrpDataSource: context.input.lkrpDataSource,\n trustchainId: context.input.trustchainId,\n jwt: context._internalState.chain(({ jwt }) =>\n required(jwt, \"Missing JWT for GetTrustchain\"),\n ),\n }),\n onError: { actions: \"assignErrorFromEvent\" },\n onDone: {\n actions: raiseAndAssign(({ event }) =>\n event.output.map((trustchain) => ({\n raise: \"success\",\n assign: { trustchain },\n })),\n ),\n },\n },\n },\n\n ExtractEncryptionKey: {\n entry: assign({\n intermediateValue: {\n requiredUserInteraction: UserInteractionRequired.None,\n step: AuthenticateDAStep.ExtractEncryptionKey,\n },\n }),\n on: { success: \"Success\", error: \"Error\" },\n invoke: {\n id: \"ExtractEncryptionKey\",\n src: \"extractEncryptionKey\",\n input: ({ context }) => ({\n cryptoService: context.input.cryptoService,\n keypair: context.input.keypair,\n stream: context._internalState.chain(({ trustchain }) =>\n required(\n trustchain?.getAppStream(context.input.appId).extract(),\n \"Missing application stream for ExtractEncryptionKey\",\n ),\n ),\n }),\n onError: { actions: \"assignErrorFromEvent\" },\n onDone: {\n actions: raiseAndAssign(({ event }) =>\n event.output.map((encryptionKey) => ({\n raise: \"success\",\n assign: { encryptionKey },\n })),\n ),\n },\n },\n },\n\n Success: { type: \"final\" },\n\n Error: { type: \"final\" },\n },\n\n output: ({ context }) =>\n context._internalState.chain((state) =>\n eitherSeqRecord({\n trustchainId: context.input.trustchainId,\n jwt: () => required(state.jwt, \"Missing JWT in the output\"),\n applicationPath: () =>\n required(\n state.trustchain\n ?.getAppStream(context.input.appId)\n .chain((stream) => stream.getPath())\n .extract(),\n \"Missing application path in the output\",\n ),\n encryptionKey: () =>\n required(\n state.encryptionKey,\n \"Missing encryption key in the output\",\n ),\n }),\n ),\n });\n }\n\n extractDependencies() {\n const authentication = new AuthenticateTask();\n const encryptionKeyExtraction = new ExtractEncryptionKeyTask();\n\n return {\n keypairAuth: ({ input }: { input: AuthenticateWithKeypairDAInput }) =>\n authentication.run(\n input.lkrpDataSource,\n new SignChallengeWithKeypairTask(\n input.cryptoService,\n input.keypair,\n input.trustchainId,\n ),\n ),\n\n getTrustchain: ({\n input,\n }: {\n input: {\n lkrpDataSource: LKRPDataSource;\n trustchainId: string;\n jwt: Either<AuthenticateDAError, JWT>;\n };\n }) =>\n EitherAsync.liftEither(input.jwt)\n .chain((jwt) =>\n input.lkrpDataSource.getTrustchainById(input.trustchainId, jwt),\n )\n .run(),\n\n extractEncryptionKey: async ({\n input,\n }: {\n input: {\n cryptoService: CryptoService;\n keypair: KeyPair;\n stream: Either<AuthenticateDAError, LKRPBlockStream>;\n };\n }) =>\n EitherAsync.liftEither(input.stream).chain((stream) =>\n encryptionKeyExtraction.run(\n input.cryptoService,\n input.keypair,\n stream,\n ),\n ),\n };\n }\n}\n"],
|
|
4
|
+
"sourcesContent": ["import {\n type DeviceActionStateMachine,\n type ExecuteDeviceActionReturnType,\n type StateMachineTypes,\n UserInteractionRequired,\n XStateDeviceAction,\n} from \"@ledgerhq/device-management-kit\";\nimport { type Either, EitherAsync, Left, Right } from \"purify-ts\";\nimport { assign, fromPromise, setup } from \"xstate\";\n\nimport {\n type AuthenticateDAError,\n type AuthenticateDAIntermediateValue,\n type AuthenticateDAOutput,\n AuthenticateDAStep,\n} from \"@api/app-binder/AuthenticateDeviceActionTypes\";\nimport { type CryptoService } from \"@api/crypto/CryptoService\";\nimport { type KeyPair } from \"@api/crypto/KeyPair\";\nimport {\n LKRPDataSourceError,\n LKRPUnauthorizedError,\n LKRPUnknownError,\n} from \"@api/model/Errors\";\nimport { type JWT } from \"@api/model/JWT\";\nimport { AuthenticateTask } from \"@internal/app-binder/task/AuthenticateTask\";\nimport { ExtractEncryptionKeyTask } from \"@internal/app-binder/task/ExtractEncryptionKeyTask\";\nimport { SignChallengeWithKeypairTask } from \"@internal/app-binder/task/SignChallengeWithKeypairTask\";\nimport { type LKRPDataSource } from \"@internal/lkrp-datasource/data/LKRPDataSource\";\nimport { eitherSeqRecord } from \"@internal/utils/eitherSeqRecord\";\nimport { type LKRPBlockStream } from \"@internal/utils/LKRPBlockStream\";\nimport { required } from \"@internal/utils/required\";\n\nimport {\n type AuthenticateWithKeypairDAInput,\n type AuthenticateWithKeypairDAInternalState,\n} from \"./models/AuthenticateWithKeypairDeviceActionTypes\";\nimport { raiseAndAssign } from \"./utils/raiseAndAssign\";\n\nexport class AuthenticateWithKeypairDeviceAction extends XStateDeviceAction<\n AuthenticateDAOutput,\n AuthenticateWithKeypairDAInput,\n AuthenticateDAError,\n AuthenticateDAIntermediateValue,\n AuthenticateWithKeypairDAInternalState\n> {\n execute(): ExecuteDeviceActionReturnType<\n AuthenticateDAOutput,\n AuthenticateDAError,\n AuthenticateDAIntermediateValue\n > {\n const stateMachine = this.makeStateMachine();\n return this._subscribeToStateMachine(stateMachine);\n }\n\n makeStateMachine(): DeviceActionStateMachine<\n AuthenticateDAOutput,\n AuthenticateWithKeypairDAInput,\n AuthenticateDAError,\n AuthenticateDAIntermediateValue,\n AuthenticateWithKeypairDAInternalState\n > {\n type types = StateMachineTypes<\n AuthenticateDAOutput,\n AuthenticateWithKeypairDAInput,\n AuthenticateDAError,\n AuthenticateDAIntermediateValue,\n AuthenticateWithKeypairDAInternalState\n >;\n\n const { keyPairAuth, getTrustchain, extractEncryptionKey } =\n this.extractDependencies();\n\n return setup({\n types: {\n input: {} as types[\"input\"],\n context: {} as types[\"context\"],\n output: {} as types[\"output\"],\n },\n\n actors: {\n keyPairAuth: fromPromise(keyPairAuth),\n getTrustchain: fromPromise(getTrustchain),\n extractEncryptionKey: fromPromise(extractEncryptionKey),\n },\n\n actions: {\n assignErrorFromEvent: raiseAndAssign(\n ({ event }) =>\n Left(\n new LKRPUnknownError(\n String((event as { error?: unknown }).error),\n ),\n ), // NOTE: it should never happen, the error is not typed anymore here\n ),\n },\n }).createMachine({\n /** @xstate-layout N4IgpgJg5mDOIC5QEECuAXAFmAduglgMYCG6YA6vlgNJgCeADsfgE4AiYAbkWMoQQHscAOlqNmLNFgDEEIWGH4cnAQGsF68aymYA2gAYAuolAMBsKviEmQAD0QBGfQFZhADgDMAdgBMXh24AbG7Ozl4ePgA0IHSOnsI+PoEuzg4ALACcGT4BAL650Tq4BCRklDT0TKwc3IS8-FYiYlWSGJjSYCwsAizCDAA2pABmPQC2wpotOgbGSCBmFoI4NvYI2cLJbj4eAZnpgWlRMYhBwofByV6BHmke2V75hW3FRKQUVJjNEjU8fEuilQkOmksFQhDqsFgMxsC0s1jmqxubg2IT8XmcGQxaQcDkC0ViCA8+g8wgcXi89y8+jcGWCPjSjxARTwrzKHy+1S4vwaQgBWlaMk63RY0LmsKWK0QSJRzjRGKxOLxxwQgVxwkxGSJaWcHhuHmcDIKTOeLNK7wq-J+dT+jWEAHEwOgACosVCwdCETDMHCyeSKZRqBQwZ2u92e72i0zmOHLBGIA36YTeDG0hx+BzOQJHAm7YQuTVZfTorxpTJuRnMkpvcqfQGc2r1f4OkNuj1epQdLo9PqDdAjFjjYMu1vhpSR+bRiVxhA6kn6HEZ0vOfQXfEnLwJZI+fRpYLZLPaismqtsi0tK2N23N4dh9s+0HguBQowwyeNSUINz6RPhTXakJpG4JZroSO55jiSROIcRIZkeWAvGaNYcuwXLWjyIjXqGbbep2wrjuK77Tl+P53DczgAUBaQgZkrjYiEZLXJikFwdgprVuydYoQ2Nq8gAorY6AsMQ-C8TghAsIwSxiL6OAKEoKjqMI-GCcJ6CieJkmNGI+FvvCoCrE4TjCKEGSZNutKeJ4IFksiPhZIksqpIqO4sQh7Fnt8qGXnxAlCSJYkSQwUn0Lh3YDMMYxKb5qnqYFwV0DpiyEfpjjzg4CQGjStypG4pZeCBbjpcu35EkEu66rKrlsaetaWl5PEiMpflqQFmlCNJD4Qs+sxRklel2I4uoZBlATeHZma6iBWruEupnJtcgEPEalasuatXnvV6FRSp-kaUFWkhUKPSJTGH4OENI2eL4mLXB4U2ZuqkHBLiZH6s4+RGjgAgQHANgrYhHF1dx6Gvn1sYpQgAC0DggZDrhZAjiNIx4VUnmtyEXg1fJTG0oOndOaT5cqPghHmPiyjRHgHDuKPLceq1IZxmNbZhI53njU4Q4TrjomSVymdi5UgSTrghCEf5Zok6K0088HVejTObf8TUxa1+3tfQHPJQNax+O4Li5bKxJFtkwtfnmGS5Q4tLJpbYSowzgMbcD-wAMpgl1Wv9QZu6BEmo1UwcHiWdmUpgTTOS0vompkjLxpy2jjNA9yytdiwXvgzr+x+zsniB7cIfUaZGxkmSu7LoEXhfkt+RAA */\n\n id: \"AuthenticateWithKeypairDeviceAction\",\n context: ({ input }): types[\"context\"] => ({\n input,\n intermediateValue: {\n requiredUserInteraction: UserInteractionRequired.None,\n },\n _internalState: Right({\n jwt: null,\n trustchain: null,\n encryptionKey: null,\n }),\n }),\n\n initial: \"KeypairAuth\",\n states: {\n KeypairAuth: {\n entry: assign({\n intermediateValue: {\n requiredUserInteraction: UserInteractionRequired.None,\n step: AuthenticateDAStep.Authenticate,\n },\n }),\n on: { success: \"GetTrustchain\", error: \"Error\" },\n invoke: {\n id: \"keyPairAuth\",\n src: \"keyPairAuth\",\n input: ({ context }) => context.input,\n onError: { actions: \"assignErrorFromEvent\" },\n onDone: {\n actions: raiseAndAssign(({ context, event }) =>\n event.output\n .map(({ jwt }) => ({ raise: \"success\", assign: { jwt } }))\n .mapLeft((error) =>\n error instanceof LKRPDataSourceError &&\n error.status === \"UNAUTHORIZED\"\n ? new LKRPUnauthorizedError(context.input.trustchainId)\n : error,\n ),\n ),\n },\n },\n },\n\n GetTrustchain: {\n entry: assign({\n intermediateValue: {\n requiredUserInteraction: UserInteractionRequired.None,\n step: AuthenticateDAStep.GetTrustchain,\n },\n }),\n on: { success: \"ExtractEncryptionKey\", error: \"Error\" },\n invoke: {\n id: \"getTrustchain\",\n src: \"getTrustchain\",\n input: ({ context }) => ({\n lkrpDataSource: context.input.lkrpDataSource,\n trustchainId: context.input.trustchainId,\n jwt: context._internalState.chain(({ jwt }) =>\n required(jwt, \"Missing JWT for GetTrustchain\"),\n ),\n }),\n onError: { actions: \"assignErrorFromEvent\" },\n onDone: {\n actions: raiseAndAssign(({ event }) =>\n event.output.map((trustchain) => ({\n raise: \"success\",\n assign: { trustchain },\n })),\n ),\n },\n },\n },\n\n ExtractEncryptionKey: {\n entry: assign({\n intermediateValue: {\n requiredUserInteraction: UserInteractionRequired.None,\n step: AuthenticateDAStep.ExtractEncryptionKey,\n },\n }),\n on: { success: \"Success\", error: \"Error\" },\n invoke: {\n id: \"ExtractEncryptionKey\",\n src: \"extractEncryptionKey\",\n input: ({ context }) => ({\n cryptoService: context.input.cryptoService,\n keyPair: context.input.keyPair,\n stream: context._internalState.chain(({ trustchain }) =>\n required(\n trustchain?.getAppStream(context.input.appId).extract(),\n \"Missing application stream for ExtractEncryptionKey\",\n ),\n ),\n }),\n onError: { actions: \"assignErrorFromEvent\" },\n onDone: {\n actions: raiseAndAssign(({ event }) =>\n event.output.map((encryptionKey) => ({\n raise: \"success\",\n assign: { encryptionKey },\n })),\n ),\n },\n },\n },\n\n Success: { type: \"final\" },\n\n Error: { type: \"final\" },\n },\n\n output: ({ context }) =>\n context._internalState.chain((state) =>\n eitherSeqRecord({\n trustchainId: context.input.trustchainId,\n jwt: () => required(state.jwt, \"Missing JWT in the output\"),\n applicationPath: () =>\n required(\n state.trustchain\n ?.getAppStream(context.input.appId)\n .chain((stream) => stream.getPath())\n .extract(),\n \"Missing application path in the output\",\n ),\n encryptionKey: () =>\n required(\n state.encryptionKey,\n \"Missing encryption key in the output\",\n ),\n }),\n ),\n });\n }\n\n extractDependencies() {\n const authentication = new AuthenticateTask();\n const encryptionKeyExtraction = new ExtractEncryptionKeyTask();\n\n return {\n keyPairAuth: ({ input }: { input: AuthenticateWithKeypairDAInput }) =>\n authentication.run(\n input.lkrpDataSource,\n new SignChallengeWithKeypairTask(\n input.cryptoService,\n input.keyPair,\n input.trustchainId,\n ),\n ),\n\n getTrustchain: ({\n input,\n }: {\n input: {\n lkrpDataSource: LKRPDataSource;\n trustchainId: string;\n jwt: Either<AuthenticateDAError, JWT>;\n };\n }) =>\n EitherAsync.liftEither(input.jwt)\n .chain((jwt) =>\n input.lkrpDataSource.getTrustchainById(input.trustchainId, jwt),\n )\n .run(),\n\n extractEncryptionKey: async ({\n input,\n }: {\n input: {\n cryptoService: CryptoService;\n keyPair: KeyPair;\n stream: Either<AuthenticateDAError, LKRPBlockStream>;\n };\n }) =>\n EitherAsync.liftEither(input.stream).chain((stream) =>\n encryptionKeyExtraction.run(\n input.cryptoService,\n input.keyPair,\n stream,\n ),\n ),\n };\n }\n}\n"],
|
|
5
5
|
"mappings": "AAAA,OAIE,2BAAAA,EACA,sBAAAC,MACK,kCACP,OAAsB,eAAAC,EAAa,QAAAC,EAAM,SAAAC,MAAa,YACtD,OAAS,UAAAC,EAAQ,eAAAC,EAAa,SAAAC,MAAa,SAE3C,OAIE,sBAAAC,MACK,gDAGP,OACE,uBAAAC,EACA,yBAAAC,EACA,oBAAAC,MACK,oBAEP,OAAS,oBAAAC,MAAwB,6CACjC,OAAS,4BAAAC,MAAgC,qDACzC,OAAS,gCAAAC,MAAoC,yDAE7C,OAAS,mBAAAC,MAAuB,kCAEhC,OAAS,YAAAC,MAAgB,2BAMzB,OAAS,kBAAAC,MAAsB,yBAExB,MAAMC,UAA4CjB,CAMvD,CACA,SAIE,CACA,MAAMkB,EAAe,KAAK,iBAAiB,EAC3C,OAAO,KAAK,yBAAyBA,CAAY,CACnD,CAEA,kBAME,CASA,KAAM,CAAE,YAAAC,EAAa,cAAAC,EAAe,qBAAAC,CAAqB,EACvD,KAAK,oBAAoB,EAE3B,OAAOf,EAAM,CACX,MAAO,CACL,MAAO,CAAC,EACR,QAAS,CAAC,EACV,OAAQ,CAAC,CACX,EAEA,OAAQ,CACN,YAAaD,EAAYc,CAAW,EACpC,cAAed,EAAYe,CAAa,EACxC,qBAAsBf,EAAYgB,CAAoB,CACxD,EAEA,QAAS,CACP,qBAAsBL,EACpB,CAAC,CAAE,MAAAM,CAAM,IACPpB,EACE,IAAIQ,EACF,OAAQY,EAA8B,KAAK,CAC7C,CACF,CACJ,CACF,CACF,CAAC,EAAE,cAAc,CAGf,GAAI,sCACJ,QAAS,CAAC,CAAE,MAAAC,CAAM,KAAyB,CACzC,MAAAA,EACA,kBAAmB,CACjB,wBAAyBxB,EAAwB,IACnD,EACA,eAAgBI,EAAM,CACpB,IAAK,KACL,WAAY,KACZ,cAAe,IACjB,CAAC,CACH,GAEA,QAAS,cACT,OAAQ,CACN,YAAa,CACX,MAAOC,EAAO,CACZ,kBAAmB,CACjB,wBAAyBL,EAAwB,KACjD,KAAMQ,EAAmB,YAC3B,CACF,CAAC,EACD,GAAI,CAAE,QAAS,gBAAiB,MAAO,OAAQ,EAC/C,OAAQ,CACN,GAAI,cACJ,IAAK,cACL,MAAO,CAAC,CAAE,QAAAiB,CAAQ,IAAMA,EAAQ,MAChC,QAAS,CAAE,QAAS,sBAAuB,EAC3C,OAAQ,CACN,QAASR,EAAe,CAAC,CAAE,QAAAQ,EAAS,MAAAF,CAAM,IACxCA,EAAM,OACH,IAAI,CAAC,CAAE,IAAAG,CAAI,KAAO,CAAE,MAAO,UAAW,OAAQ,CAAE,IAAAA,CAAI,CAAE,EAAE,EACxD,QAASC,GACRA,aAAiBlB,GACjBkB,EAAM,SAAW,eACb,IAAIjB,EAAsBe,EAAQ,MAAM,YAAY,EACpDE,CACN,CACJ,CACF,CACF,CACF,EAEA,cAAe,CACb,MAAOtB,EAAO,CACZ,kBAAmB,CACjB,wBAAyBL,EAAwB,KACjD,KAAMQ,EAAmB,aAC3B,CACF,CAAC,EACD,GAAI,CAAE,QAAS,uBAAwB,MAAO,OAAQ,EACtD,OAAQ,CACN,GAAI,gBACJ,IAAK,gBACL,MAAO,CAAC,CAAE,QAAAiB,CAAQ,KAAO,CACvB,eAAgBA,EAAQ,MAAM,eAC9B,aAAcA,EAAQ,MAAM,aAC5B,IAAKA,EAAQ,eAAe,MAAM,CAAC,CAAE,IAAAC,CAAI,IACvCV,EAASU,EAAK,+BAA+B,CAC/C,CACF,GACA,QAAS,CAAE,QAAS,sBAAuB,EAC3C,OAAQ,CACN,QAAST,EAAe,CAAC,CAAE,MAAAM,CAAM,IAC/BA,EAAM,OAAO,IAAKK,IAAgB,CAChC,MAAO,UACP,OAAQ,CAAE,WAAAA,CAAW,CACvB,EAAE,CACJ,CACF,CACF,CACF,EAEA,qBAAsB,CACpB,MAAOvB,EAAO,CACZ,kBAAmB,CACjB,wBAAyBL,EAAwB,KACjD,KAAMQ,EAAmB,oBAC3B,CACF,CAAC,EACD,GAAI,CAAE,QAAS,UAAW,MAAO,OAAQ,EACzC,OAAQ,CACN,GAAI,uBACJ,IAAK,uBACL,MAAO,CAAC,CAAE,QAAAiB,CAAQ,KAAO,CACvB,cAAeA,EAAQ,MAAM,cAC7B,QAASA,EAAQ,MAAM,QACvB,OAAQA,EAAQ,eAAe,MAAM,CAAC,CAAE,WAAAG,CAAW,IACjDZ,EACEY,GAAY,aAAaH,EAAQ,MAAM,KAAK,EAAE,QAAQ,EACtD,qDACF,CACF,CACF,GACA,QAAS,CAAE,QAAS,sBAAuB,EAC3C,OAAQ,CACN,QAASR,EAAe,CAAC,CAAE,MAAAM,CAAM,IAC/BA,EAAM,OAAO,IAAKM,IAAmB,CACnC,MAAO,UACP,OAAQ,CAAE,cAAAA,CAAc,CAC1B,EAAE,CACJ,CACF,CACF,CACF,EAEA,QAAS,CAAE,KAAM,OAAQ,EAEzB,MAAO,CAAE,KAAM,OAAQ,CACzB,EAEA,OAAQ,CAAC,CAAE,QAAAJ,CAAQ,IACjBA,EAAQ,eAAe,MAAOK,GAC5Bf,EAAgB,CACd,aAAcU,EAAQ,MAAM,aAC5B,IAAK,IAAMT,EAASc,EAAM,IAAK,2BAA2B,EAC1D,gBAAiB,IACfd,EACEc,EAAM,YACF,aAAaL,EAAQ,MAAM,KAAK,EACjC,MAAOM,GAAWA,EAAO,QAAQ,CAAC,EAClC,QAAQ,EACX,wCACF,EACF,cAAe,IACbf,EACEc,EAAM,cACN,sCACF,CACJ,CAAC,CACH,CACJ,CAAC,CACH,CAEA,qBAAsB,CACpB,MAAME,EAAiB,IAAIpB,EACrBqB,EAA0B,IAAIpB,EAEpC,MAAO,CACL,YAAa,CAAC,CAAE,MAAAW,CAAM,IACpBQ,EAAe,IACbR,EAAM,eACN,IAAIV,EACFU,EAAM,cACNA,EAAM,QACNA,EAAM,YACR,CACF,EAEF,cAAe,CAAC,CACd,MAAAA,CACF,IAOEtB,EAAY,WAAWsB,EAAM,GAAG,EAC7B,MAAOE,GACNF,EAAM,eAAe,kBAAkBA,EAAM,aAAcE,CAAG,CAChE,EACC,IAAI,EAET,qBAAsB,MAAO,CAC3B,MAAAF,CACF,IAOEtB,EAAY,WAAWsB,EAAM,MAAM,EAAE,MAAOO,GAC1CE,EAAwB,IACtBT,EAAM,cACNA,EAAM,QACNO,CACF,CACF,CACJ,CACF,CACF",
|
|
6
|
-
"names": ["UserInteractionRequired", "XStateDeviceAction", "EitherAsync", "Left", "Right", "assign", "fromPromise", "setup", "AuthenticateDAStep", "LKRPDataSourceError", "LKRPUnauthorizedError", "LKRPUnknownError", "AuthenticateTask", "ExtractEncryptionKeyTask", "SignChallengeWithKeypairTask", "eitherSeqRecord", "required", "raiseAndAssign", "AuthenticateWithKeypairDeviceAction", "stateMachine", "
|
|
6
|
+
"names": ["UserInteractionRequired", "XStateDeviceAction", "EitherAsync", "Left", "Right", "assign", "fromPromise", "setup", "AuthenticateDAStep", "LKRPDataSourceError", "LKRPUnauthorizedError", "LKRPUnknownError", "AuthenticateTask", "ExtractEncryptionKeyTask", "SignChallengeWithKeypairTask", "eitherSeqRecord", "required", "raiseAndAssign", "AuthenticateWithKeypairDeviceAction", "stateMachine", "keyPairAuth", "getTrustchain", "extractEncryptionKey", "event", "input", "context", "jwt", "error", "trustchain", "encryptionKey", "state", "stream", "authentication", "encryptionKeyExtraction"]
|
|
7
7
|
}
|
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
{
|
|
2
2
|
"version": 3,
|
|
3
3
|
"sources": ["../../../../../src/internal/app-binder/task/ExtractEncryptionKeyTask.ts"],
|
|
4
|
-
"sourcesContent": ["import { type CryptoService } from \"@api/crypto/CryptoService\";\nimport { type KeyPair } from \"@api/crypto/KeyPair\";\nimport { LKRPUnknownError } from \"@api/model/Errors\";\nimport { type LKRPBlockStream } from \"@internal/utils/LKRPBlockStream\";\n\nexport class ExtractEncryptionKeyTask {\n async run(\n cryptoService: CryptoService,\n
|
|
4
|
+
"sourcesContent": ["import { type CryptoService } from \"@api/crypto/CryptoService\";\nimport { type KeyPair } from \"@api/crypto/KeyPair\";\nimport { LKRPUnknownError } from \"@api/model/Errors\";\nimport { type LKRPBlockStream } from \"@internal/utils/LKRPBlockStream\";\n\nexport class ExtractEncryptionKeyTask {\n async run(\n cryptoService: CryptoService,\n keyPair: KeyPair,\n stream: LKRPBlockStream,\n ) {\n // TODO additional derivations should be supported:\n // https://github.com/LedgerHQ/ledger-live/blob/develop/libs/hw-ledger-key-ring-protocol/src/Device.ts#L216...L226\n // Probably not needed for Ledger Sync\n return (await stream.getPublishedKey(cryptoService, keyPair))\n .map((key) => key.privateKey)\n .toEither(\n new LKRPUnknownError(\n \"There is no encryption key for the current member in the application stream.\",\n ),\n );\n }\n}\n"],
|
|
5
5
|
"mappings": "AAEA,OAAS,oBAAAA,MAAwB,oBAG1B,MAAMC,CAAyB,CACpC,MAAM,IACJC,EACAC,EACAC,EACA,CAIA,OAAQ,MAAMA,EAAO,gBAAgBF,EAAeC,CAAO,GACxD,IAAKE,GAAQA,EAAI,UAAU,EAC3B,SACC,IAAIL,EACF,8EACF,CACF,CACJ,CACF",
|
|
6
|
-
"names": ["LKRPUnknownError", "ExtractEncryptionKeyTask", "cryptoService", "
|
|
6
|
+
"names": ["LKRPUnknownError", "ExtractEncryptionKeyTask", "cryptoService", "keyPair", "stream", "key"]
|
|
7
7
|
}
|
|
@@ -1,2 +1,2 @@
|
|
|
1
|
-
import{bufferToHexaString as o,ByteArrayParser as s,hexaStringToBuffer as g}from"@ledgerhq/device-management-kit";import{EitherAsync as
|
|
1
|
+
import{bufferToHexaString as o,ByteArrayParser as s,hexaStringToBuffer as g}from"@ledgerhq/device-management-kit";import{EitherAsync as h,Left as p,Maybe as c}from"purify-ts";import{HashAlgo as y}from"../../../api/crypto/CryptoService";import{SigFormat as m}from"../../../api/crypto/KeyPair";import{LKRPMissingDataError as i,LKRPUnknownError as u}from"../../../api/model/Errors";import{eitherSeqRecord as x}from"../../utils/eitherSeqRecord";class S{constructor(r,n,a){this.cryptoService=r;this.keyPair=n;this.trustchainId=a}run(r){const n=this.getAttestation(),a=this.getCredential(this.keyPair.getPublicKeyToHex());return h.liftEither(this.getUnsignedChallengeTLV(r.tlv)).map(e=>this.cryptoService.hash(e,y.SHA256)).map(e=>this.keyPair.sign(e,m.DER)).map(e=>o(e,!1)).map(e=>({challenge:r.json,signature:{attestation:n,credential:a,signature:e}})).mapLeft(e=>e instanceof i?e:new u(String(e)))}getAttestation(){const r=new TextEncoder().encode(this.trustchainId),n=Uint8Array.from([2,r.length,...r]);return o(n,!1)}getCredential(r){return{version:0,curveId:33,signAlgorithm:1,publicKey:r}}getUnsignedChallengeTLV(r){const n=new s(g(r)??new Uint8Array),a=new Map(function*(){for(;;){const t=n.extractFieldTLVEncoded();if(!t)break;yield[t.tag,t.value]}}());if(a.size>10)return p(new i("Challenge TLV contains unexpected data"));const e=(t,l)=>c.fromNullable(a.get(t)).toEither(new i(`Missing ${l} field`));return x({payloadType:()=>e(1,"Payload type"),version:()=>e(2,"Version"),challengeExpiry:()=>e(22,"Challenge expiry"),host:()=>e(32,"Host"),protocolVersion:()=>e(96,"Protocol version"),curveId:()=>e(50,"Curve ID"),publicKey:()=>e(51,"Public key"),challengeData:()=>e(18,"Challenge data"),signAlgorithm:()=>e(20,"Sign algorithm"),rpSignatureField:()=>e(21,"RP signature field")}).map(t=>Uint8Array.from([[1,t.payloadType.length,...t.payloadType],[2,t.version.length,...t.version],[18,t.challengeData.length,...t.challengeData],[22,t.challengeExpiry.length,...t.challengeExpiry],[32,t.host.length,...t.host],[96,t.protocolVersion.length,...t.protocolVersion]].flat()))}}export{S as SignChallengeWithKeypairTask};
|
|
2
2
|
//# sourceMappingURL=SignChallengeWithKeypairTask.js.map
|
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
{
|
|
2
2
|
"version": 3,
|
|
3
3
|
"sources": ["../../../../../src/internal/app-binder/task/SignChallengeWithKeypairTask.ts"],
|
|
4
|
-
"sourcesContent": ["import {\n bufferToHexaString,\n ByteArrayParser,\n hexaStringToBuffer,\n} from \"@ledgerhq/device-management-kit\";\nimport { type Either, EitherAsync, Left, Maybe } from \"purify-ts\";\n\nimport { type CryptoService, HashAlgo } from \"@api/crypto/CryptoService\";\nimport { type KeyPair, SigFormat } from \"@api/crypto/KeyPair\";\nimport { LKRPMissingDataError, LKRPUnknownError } from \"@api/model/Errors\";\nimport {\n type AuthenticationPayload,\n type Challenge,\n} from \"@internal/lkrp-datasource/data/LKRPDataSource\";\nimport { eitherSeqRecord } from \"@internal/utils/eitherSeqRecord\";\n\nexport class SignChallengeWithKeypairTask {\n constructor(\n private readonly cryptoService: CryptoService,\n private readonly
|
|
4
|
+
"sourcesContent": ["import {\n bufferToHexaString,\n ByteArrayParser,\n hexaStringToBuffer,\n} from \"@ledgerhq/device-management-kit\";\nimport { type Either, EitherAsync, Left, Maybe } from \"purify-ts\";\n\nimport { type CryptoService, HashAlgo } from \"@api/crypto/CryptoService\";\nimport { type KeyPair, SigFormat } from \"@api/crypto/KeyPair\";\nimport { LKRPMissingDataError, LKRPUnknownError } from \"@api/model/Errors\";\nimport {\n type AuthenticationPayload,\n type Challenge,\n} from \"@internal/lkrp-datasource/data/LKRPDataSource\";\nimport { eitherSeqRecord } from \"@internal/utils/eitherSeqRecord\";\n\nexport class SignChallengeWithKeypairTask {\n constructor(\n private readonly cryptoService: CryptoService,\n private readonly keyPair: KeyPair,\n private readonly trustchainId: string,\n ) {}\n\n run(\n challenge: Challenge,\n ): EitherAsync<\n LKRPMissingDataError | LKRPUnknownError,\n AuthenticationPayload\n > {\n const attestation = this.getAttestation();\n const credential = this.getCredential(this.keyPair.getPublicKeyToHex());\n\n return EitherAsync.liftEither(this.getUnsignedChallengeTLV(challenge.tlv))\n .map((buf) => this.cryptoService.hash(buf, HashAlgo.SHA256))\n .map((hash) => this.keyPair.sign(hash, SigFormat.DER))\n .map((str) => bufferToHexaString(str, false))\n .map((signature) => ({\n challenge: challenge.json,\n signature: { attestation, credential, signature },\n }))\n .mapLeft((error) =>\n error instanceof LKRPMissingDataError\n ? error\n : new LKRPUnknownError(String(error)),\n );\n }\n\n // Spec https://ledgerhq.atlassian.net/wiki/spaces/TA/pages/4335960138/ARCH+LedgerLive+Auth+specifications\n private getAttestation() {\n const bytes = new TextEncoder().encode(this.trustchainId);\n const attestation = Uint8Array.from([0x02, bytes.length, ...bytes]);\n return bufferToHexaString(attestation, false);\n }\n\n private getCredential(publicKey: string) {\n return { version: 0, curveId: 33, signAlgorithm: 1, publicKey };\n }\n\n private getUnsignedChallengeTLV(\n tlv: string,\n ): Either<LKRPMissingDataError, Uint8Array> {\n const parser = new ByteArrayParser(\n hexaStringToBuffer(tlv) ?? new Uint8Array(),\n );\n const parsed = new Map(\n (function* () {\n while (true) {\n const field = parser.extractFieldTLVEncoded();\n if (!field) break; // No more fields to extract\n yield [field.tag, field.value];\n }\n })(),\n );\n\n // We expect 10 fields in the TLV\n if (parsed.size > 10) {\n return Left(\n new LKRPMissingDataError(\"Challenge TLV contains unexpected data\"),\n );\n }\n\n const getField = (tag: number, fieldName: string) =>\n Maybe.fromNullable(parsed.get(tag)).toEither(\n new LKRPMissingDataError(`Missing ${fieldName} field`),\n );\n\n return eitherSeqRecord({\n // Unsigned fields\n payloadType: () => getField(0x01, \"Payload type\"),\n version: () => getField(0x02, \"Version\"),\n challengeExpiry: () => getField(0x16, \"Challenge expiry\"),\n host: () => getField(0x20, \"Host\"),\n protocolVersion: () => getField(0x60, \"Protocol version\"),\n\n // Signed fields\n curveId: () => getField(0x32, \"Curve ID\"),\n publicKey: () => getField(0x33, \"Public key\"),\n challengeData: () => getField(0x12, \"Challenge data\"),\n signAlgorithm: () => getField(0x14, \"Sign algorithm\"),\n rpSignatureField: () => getField(0x15, \"RP signature field\"),\n }).map((fields) =>\n Uint8Array.from(\n [\n [0x01, fields.payloadType.length, ...fields.payloadType],\n [0x02, fields.version.length, ...fields.version],\n [0x12, fields.challengeData.length, ...fields.challengeData],\n [0x16, fields.challengeExpiry.length, ...fields.challengeExpiry],\n [0x20, fields.host.length, ...fields.host],\n [0x60, fields.protocolVersion.length, ...fields.protocolVersion],\n ].flat(),\n ),\n );\n }\n}\n"],
|
|
5
5
|
"mappings": "AAAA,OACE,sBAAAA,EACA,mBAAAC,EACA,sBAAAC,MACK,kCACP,OAAsB,eAAAC,EAAa,QAAAC,EAAM,SAAAC,MAAa,YAEtD,OAA6B,YAAAC,MAAgB,4BAC7C,OAAuB,aAAAC,MAAiB,sBACxC,OAAS,wBAAAC,EAAsB,oBAAAC,MAAwB,oBAKvD,OAAS,mBAAAC,MAAuB,kCAEzB,MAAMC,CAA6B,CACxC,YACmBC,EACAC,EACAC,EACjB,CAHiB,mBAAAF,EACA,aAAAC,EACA,kBAAAC,CAChB,CAEH,IACEC,EAIA,CACA,MAAMC,EAAc,KAAK,eAAe,EAClCC,EAAa,KAAK,cAAc,KAAK,QAAQ,kBAAkB,CAAC,EAEtE,OAAOd,EAAY,WAAW,KAAK,wBAAwBY,EAAU,GAAG,CAAC,EACtE,IAAKG,GAAQ,KAAK,cAAc,KAAKA,EAAKZ,EAAS,MAAM,CAAC,EAC1D,IAAKa,GAAS,KAAK,QAAQ,KAAKA,EAAMZ,EAAU,GAAG,CAAC,EACpD,IAAKa,GAAQpB,EAAmBoB,EAAK,EAAK,CAAC,EAC3C,IAAKC,IAAe,CACnB,UAAWN,EAAU,KACrB,UAAW,CAAE,YAAAC,EAAa,WAAAC,EAAY,UAAAI,CAAU,CAClD,EAAE,EACD,QAASC,GACRA,aAAiBd,EACbc,EACA,IAAIb,EAAiB,OAAOa,CAAK,CAAC,CACxC,CACJ,CAGQ,gBAAiB,CACvB,MAAMC,EAAQ,IAAI,YAAY,EAAE,OAAO,KAAK,YAAY,EAClDP,EAAc,WAAW,KAAK,CAAC,EAAMO,EAAM,OAAQ,GAAGA,CAAK,CAAC,EAClE,OAAOvB,EAAmBgB,EAAa,EAAK,CAC9C,CAEQ,cAAcQ,EAAmB,CACvC,MAAO,CAAE,QAAS,EAAG,QAAS,GAAI,cAAe,EAAG,UAAAA,CAAU,CAChE,CAEQ,wBACNC,EAC0C,CAC1C,MAAMC,EAAS,IAAIzB,EACjBC,EAAmBuB,CAAG,GAAK,IAAI,UACjC,EACME,EAAS,IAAI,IAChB,WAAa,CACZ,OAAa,CACX,MAAMC,EAAQF,EAAO,uBAAuB,EAC5C,GAAI,CAACE,EAAO,MACZ,KAAM,CAACA,EAAM,IAAKA,EAAM,KAAK,CAC/B,CACF,EAAG,CACL,EAGA,GAAID,EAAO,KAAO,GAChB,OAAOvB,EACL,IAAII,EAAqB,wCAAwC,CACnE,EAGF,MAAMqB,EAAW,CAACC,EAAaC,IAC7B1B,EAAM,aAAasB,EAAO,IAAIG,CAAG,CAAC,EAAE,SAClC,IAAItB,EAAqB,WAAWuB,CAAS,QAAQ,CACvD,EAEF,OAAOrB,EAAgB,CAErB,YAAa,IAAMmB,EAAS,EAAM,cAAc,EAChD,QAAS,IAAMA,EAAS,EAAM,SAAS,EACvC,gBAAiB,IAAMA,EAAS,GAAM,kBAAkB,EACxD,KAAM,IAAMA,EAAS,GAAM,MAAM,EACjC,gBAAiB,IAAMA,EAAS,GAAM,kBAAkB,EAGxD,QAAS,IAAMA,EAAS,GAAM,UAAU,EACxC,UAAW,IAAMA,EAAS,GAAM,YAAY,EAC5C,cAAe,IAAMA,EAAS,GAAM,gBAAgB,EACpD,cAAe,IAAMA,EAAS,GAAM,gBAAgB,EACpD,iBAAkB,IAAMA,EAAS,GAAM,oBAAoB,CAC7D,CAAC,EAAE,IAAKG,GACN,WAAW,KACT,CACE,CAAC,EAAMA,EAAO,YAAY,OAAQ,GAAGA,EAAO,WAAW,EACvD,CAAC,EAAMA,EAAO,QAAQ,OAAQ,GAAGA,EAAO,OAAO,EAC/C,CAAC,GAAMA,EAAO,cAAc,OAAQ,GAAGA,EAAO,aAAa,EAC3D,CAAC,GAAMA,EAAO,gBAAgB,OAAQ,GAAGA,EAAO,eAAe,EAC/D,CAAC,GAAMA,EAAO,KAAK,OAAQ,GAAGA,EAAO,IAAI,EACzC,CAAC,GAAMA,EAAO,gBAAgB,OAAQ,GAAGA,EAAO,eAAe,CACjE,EAAE,KAAK,CACT,CACF,CACF,CACF",
|
|
6
|
-
"names": ["bufferToHexaString", "ByteArrayParser", "hexaStringToBuffer", "EitherAsync", "Left", "Maybe", "HashAlgo", "SigFormat", "LKRPMissingDataError", "LKRPUnknownError", "eitherSeqRecord", "SignChallengeWithKeypairTask", "cryptoService", "
|
|
6
|
+
"names": ["bufferToHexaString", "ByteArrayParser", "hexaStringToBuffer", "EitherAsync", "Left", "Maybe", "HashAlgo", "SigFormat", "LKRPMissingDataError", "LKRPUnknownError", "eitherSeqRecord", "SignChallengeWithKeypairTask", "cryptoService", "keyPair", "trustchainId", "challenge", "attestation", "credential", "buf", "hash", "str", "signature", "error", "bytes", "publicKey", "tlv", "parser", "parsed", "field", "getField", "tag", "fieldName", "fields"]
|
|
7
7
|
}
|
|
@@ -1,2 +1,2 @@
|
|
|
1
|
-
import{hexaStringToBuffer as f}from"@ledgerhq/device-management-kit";import{Curve as o}from"../../../api/crypto/CryptoService";import{NobleCryptoService as b}from"../../../api/crypto/noble/NobleCryptoService";import{LKRPMissingDataError as l}from"../../../api/model/Errors";import{SignChallengeWithKeypairTask as n}from"./SignChallengeWithKeypairTask";const r=new b;describe("SignChallengeWithKeypairTask",()=>{it("should sign a challenge with a
|
|
1
|
+
import{hexaStringToBuffer as f}from"@ledgerhq/device-management-kit";import{Curve as o}from"../../../api/crypto/CryptoService";import{NobleCryptoService as b}from"../../../api/crypto/noble/NobleCryptoService";import{LKRPMissingDataError as l}from"../../../api/model/Errors";import{SignChallengeWithKeypairTask as n}from"./SignChallengeWithKeypairTask";const r=new b;describe("SignChallengeWithKeypairTask",()=>{it("should sign a challenge with a keyPair",async()=>{const{challenge:e,keyPair:a,trustchainId:c}=d(),i=await new n(r,a,c).run(e).run();expect(i.isRight()).toBe(!0),i.ifRight(t=>{expect(t.challenge).toBe(e.json),expect(t.signature.credential).toEqual({version:0,curveId:33,signAlgorithm:1,publicKey:a.getPublicKeyToHex()}),expect(t.signature.attestation).toBe("0242303062373538386231393136633036373635343632656266343530363734346665323565643164623831393635326532646562613732313338393738396364633337"),expect(t.signature.signature).toBe("3045022100e9fead4e341f4e145f8888d7897184ff585e23c832a4c7acd15b5a2e53c58d2902204c58596d039960ab9b56ba4f9d27dbc5e647dbe779089e5e7e608501c5270049")})}),it("should handle invalid challenge",async()=>{const{challenge:e,keyPair:a,trustchainId:c}=d({tlv:"invalid-tlv"});(await new n(r,a,c).run(e).run()).ifLeft(t=>expect(t).toBeInstanceOf(l))})});function d({privateKey:e="b21ef366414b1aaba29b9576b7c1a661d663cfd8b4f998257dddbf7dc60d315d",trustchainId:a="00b7588b1916c06765462ebf4506744fe25ed1db819652e2deba721389789cdc37",tlv:c="0101070201001210bb1ea0c98526e1ea2deb7c7537f2989514010115473045022038632e8fa245483f0ecdbaa4ca0d455a03e7510da269d2089fed0d5cfa69d3d6022100c2f938d60bf1c34e96a2d332822a86059d90ec26ea222189cd9731834a5c151216046878ab74202b7472757374636861696e2d6261636b656e642e6170692e6177732e7374672e6c64672d746563682e636f6d320121332103cb7628e7248ddf9c07da54b979f16bf081fb3d173aac0992ad2a44ef6a388ae2600401000000"}={}){return{challenge:{tlv:c,json:{}},keyPair:r.importKeyPair(f(e),o.K256),trustchainId:a}}
|
|
2
2
|
//# sourceMappingURL=SignChallengeWithKeypairTask.test.js.map
|
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
{
|
|
2
2
|
"version": 3,
|
|
3
3
|
"sources": ["../../../../../src/internal/app-binder/task/SignChallengeWithKeypairTask.test.ts"],
|
|
4
|
-
"sourcesContent": ["import { hexaStringToBuffer } from \"@ledgerhq/device-management-kit\";\n\nimport { Curve } from \"@api/crypto/CryptoService\";\nimport { NobleCryptoService } from \"@api/crypto/noble/NobleCryptoService\";\nimport { LKRPMissingDataError } from \"@api/model/Errors\";\nimport { type Challenge } from \"@internal/lkrp-datasource/data/LKRPDataSource\";\n\nimport { SignChallengeWithKeypairTask } from \"./SignChallengeWithKeypairTask\";\n\nconst cryptoService = new NobleCryptoService();\n\ndescribe(\"SignChallengeWithKeypairTask\", () => {\n it(\"should sign a challenge with a
|
|
4
|
+
"sourcesContent": ["import { hexaStringToBuffer } from \"@ledgerhq/device-management-kit\";\n\nimport { Curve } from \"@api/crypto/CryptoService\";\nimport { NobleCryptoService } from \"@api/crypto/noble/NobleCryptoService\";\nimport { LKRPMissingDataError } from \"@api/model/Errors\";\nimport { type Challenge } from \"@internal/lkrp-datasource/data/LKRPDataSource\";\n\nimport { SignChallengeWithKeypairTask } from \"./SignChallengeWithKeypairTask\";\n\nconst cryptoService = new NobleCryptoService();\n\ndescribe(\"SignChallengeWithKeypairTask\", () => {\n it(\"should sign a challenge with a keyPair\", async () => {\n // GIVEN\n const { challenge, keyPair, trustchainId } = getParameters();\n\n // WHEN\n const task = new SignChallengeWithKeypairTask(\n cryptoService,\n keyPair,\n trustchainId,\n );\n const result = await task.run(challenge).run();\n\n // THEN\n expect(result.isRight()).toBe(true);\n result.ifRight((payload) => {\n expect(payload.challenge).toBe(challenge.json);\n expect(payload.signature.credential).toEqual({\n version: 0,\n curveId: 33,\n signAlgorithm: 1,\n publicKey: keyPair.getPublicKeyToHex(),\n });\n expect(payload.signature.attestation).toBe(\n \"0242303062373538386231393136633036373635343632656266343530363734346665323565643164623831393635326532646562613732313338393738396364633337\",\n );\n expect(payload.signature.signature).toBe(\n \"3045022100e9fead4e341f4e145f8888d7897184ff585e23c832a4c7acd15b5a2e53c58d2902204c58596d039960ab9b56ba4f9d27dbc5e647dbe779089e5e7e608501c5270049\",\n );\n });\n });\n\n it(\"should handle invalid challenge\", async () => {\n // GIVEN\n const { challenge, keyPair, trustchainId } = getParameters({\n tlv: \"invalid-tlv\", // Invalid TLV\n });\n\n // WHEN\n const task = new SignChallengeWithKeypairTask(\n cryptoService,\n keyPair,\n trustchainId,\n );\n const result = await task.run(challenge).run();\n\n // THEN\n result.ifLeft((error) =>\n expect(error).toBeInstanceOf(LKRPMissingDataError),\n );\n });\n});\n\nfunction getParameters({\n privateKey = \"b21ef366414b1aaba29b9576b7c1a661d663cfd8b4f998257dddbf7dc60d315d\",\n trustchainId = \"00b7588b1916c06765462ebf4506744fe25ed1db819652e2deba721389789cdc37\",\n tlv = \"0101070201001210bb1ea0c98526e1ea2deb7c7537f2989514010115473045022038632e8fa245483f0ecdbaa4ca0d455a03e7510da269d2089fed0d5cfa69d3d6022100c2f938d60bf1c34e96a2d332822a86059d90ec26ea222189cd9731834a5c151216046878ab74202b7472757374636861696e2d6261636b656e642e6170692e6177732e7374672e6c64672d746563682e636f6d320121332103cb7628e7248ddf9c07da54b979f16bf081fb3d173aac0992ad2a44ef6a388ae2600401000000\",\n} = {}) {\n return {\n challenge: { tlv, json: {} as Challenge[\"json\"] },\n keyPair: cryptoService.importKeyPair(\n hexaStringToBuffer(privateKey)!,\n Curve.K256,\n ),\n trustchainId,\n };\n}\n"],
|
|
5
5
|
"mappings": "AAAA,OAAS,sBAAAA,MAA0B,kCAEnC,OAAS,SAAAC,MAAa,4BACtB,OAAS,sBAAAC,MAA0B,uCACnC,OAAS,wBAAAC,MAA4B,oBAGrC,OAAS,gCAAAC,MAAoC,iCAE7C,MAAMC,EAAgB,IAAIH,EAE1B,SAAS,+BAAgC,IAAM,CAC7C,GAAG,yCAA0C,SAAY,CAEvD,KAAM,CAAE,UAAAI,EAAW,QAAAC,EAAS,aAAAC,CAAa,EAAIC,EAAc,EAQrDC,EAAS,MALF,IAAIN,EACfC,EACAE,EACAC,CACF,EAC0B,IAAIF,CAAS,EAAE,IAAI,EAG7C,OAAOI,EAAO,QAAQ,CAAC,EAAE,KAAK,EAAI,EAClCA,EAAO,QAASC,GAAY,CAC1B,OAAOA,EAAQ,SAAS,EAAE,KAAKL,EAAU,IAAI,EAC7C,OAAOK,EAAQ,UAAU,UAAU,EAAE,QAAQ,CAC3C,QAAS,EACT,QAAS,GACT,cAAe,EACf,UAAWJ,EAAQ,kBAAkB,CACvC,CAAC,EACD,OAAOI,EAAQ,UAAU,WAAW,EAAE,KACpC,0IACF,EACA,OAAOA,EAAQ,UAAU,SAAS,EAAE,KAClC,gJACF,CACF,CAAC,CACH,CAAC,EAED,GAAG,kCAAmC,SAAY,CAEhD,KAAM,CAAE,UAAAL,EAAW,QAAAC,EAAS,aAAAC,CAAa,EAAIC,EAAc,CACzD,IAAK,aACP,CAAC,GAQc,MALF,IAAIL,EACfC,EACAE,EACAC,CACF,EAC0B,IAAIF,CAAS,EAAE,IAAI,GAGtC,OAAQM,GACb,OAAOA,CAAK,EAAE,eAAeT,CAAoB,CACnD,CACF,CAAC,CACH,CAAC,EAED,SAASM,EAAc,CACrB,WAAAI,EAAa,mEACb,aAAAL,EAAe,qEACf,IAAAM,EAAM,wYACR,EAAI,CAAC,EAAG,CACN,MAAO,CACL,UAAW,CAAE,IAAAA,EAAK,KAAM,CAAC,CAAuB,EAChD,QAAST,EAAc,cACrBL,EAAmBa,CAAU,EAC7BZ,EAAM,IACR,EACA,aAAAO,CACF,CACF",
|
|
6
|
-
"names": ["hexaStringToBuffer", "Curve", "NobleCryptoService", "LKRPMissingDataError", "SignChallengeWithKeypairTask", "cryptoService", "challenge", "
|
|
6
|
+
"names": ["hexaStringToBuffer", "Curve", "NobleCryptoService", "LKRPMissingDataError", "SignChallengeWithKeypairTask", "cryptoService", "challenge", "keyPair", "trustchainId", "getParameters", "result", "payload", "error", "privateKey", "tlv"]
|
|
7
7
|
}
|
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
{
|
|
2
2
|
"version": 3,
|
|
3
3
|
"sources": ["../../../../../src/internal/use-cases/authentication/AuthenticateUseCase.ts"],
|
|
4
|
-
"sourcesContent": ["import {\n DeviceActionStatus,\n DeviceSessionId,\n} from \"@ledgerhq/device-management-kit\";\nimport { inject, injectable } from \"inversify\";\nimport { of } from \"rxjs\";\n\nimport { AuthenticateDAReturnType } from \"@api/app-binder/AuthenticateDeviceActionTypes\";\nimport { KeyPair } from \"@api/crypto/KeyPair\";\nimport { LKRPMissingDataError } from \"@api/model/Errors\";\nimport { Permissions } from \"@api/model/Permissions\";\nimport { appBinderTypes } from \"@internal/app-binder/di/appBinderTypes\";\nimport { LedgerKeyringProtocolBinder } from \"@internal/app-binder/LedgerKeyringProtocolBinder\";\n\nexport type AuthenticateUsecaseInput = {\n
|
|
4
|
+
"sourcesContent": ["import {\n DeviceActionStatus,\n DeviceSessionId,\n} from \"@ledgerhq/device-management-kit\";\nimport { inject, injectable } from \"inversify\";\nimport { of } from \"rxjs\";\n\nimport { AuthenticateDAReturnType } from \"@api/app-binder/AuthenticateDeviceActionTypes\";\nimport { KeyPair } from \"@api/crypto/KeyPair\";\nimport { LKRPMissingDataError } from \"@api/model/Errors\";\nimport { Permissions } from \"@api/model/Permissions\";\nimport { appBinderTypes } from \"@internal/app-binder/di/appBinderTypes\";\nimport { LedgerKeyringProtocolBinder } from \"@internal/app-binder/LedgerKeyringProtocolBinder\";\n\nexport type AuthenticateUsecaseInput = {\n keyPair: KeyPair;\n clientName: string;\n permissions: Permissions;\n} & (\n | { trustchainId: string; sessionId?: DeviceSessionId }\n | { trustchainId?: undefined; sessionId: DeviceSessionId }\n);\n\n@injectable()\nexport class AuthenticateUseCase {\n constructor(\n @inject(appBinderTypes.AppBinding)\n private appBinder: LedgerKeyringProtocolBinder,\n ) {}\n\n execute(input: AuthenticateUsecaseInput): AuthenticateDAReturnType {\n if (input.trustchainId) {\n return this.appBinder.authenticateWithKeypair(input);\n }\n\n const sessionId = input.sessionId;\n if (sessionId) {\n return this.appBinder.authenticateWithDevice({ ...input, sessionId });\n }\n\n // The AuthenticateUsecaseInput type should prevent this case\n return {\n observable: of({\n status: DeviceActionStatus.Error,\n error: new LKRPMissingDataError(\n \"Either a trustchainId or a device is required for authentication.\",\n ),\n }),\n cancel: () => undefined,\n };\n }\n}\n"],
|
|
5
5
|
"mappings": "iOAAA,OACE,sBAAAA,MAEK,kCACP,OAAS,UAAAC,EAAQ,cAAAC,MAAkB,YACnC,OAAS,MAAAC,MAAU,OAInB,OAAS,wBAAAC,MAA4B,oBAErC,OAAS,kBAAAC,MAAsB,yCAaxB,IAAMC,EAAN,KAA0B,CAC/B,YAEUC,EACR,CADQ,eAAAA,CACP,CAEH,QAAQC,EAA2D,CACjE,GAAIA,EAAM,aACR,OAAO,KAAK,UAAU,wBAAwBA,CAAK,EAGrD,MAAMC,EAAYD,EAAM,UACxB,OAAIC,EACK,KAAK,UAAU,uBAAuB,CAAE,GAAGD,EAAO,UAAAC,CAAU,CAAC,EAI/D,CACL,WAAYC,EAAG,CACb,OAAQC,EAAmB,MAC3B,MAAO,IAAIC,EACT,mEACF,CACF,CAAC,EACD,OAAQ,IAAG,EACb,CACF,CACF,EA3BaN,EAANO,EAAA,CADNC,EAAW,EAGPC,EAAA,EAAAC,EAAOC,EAAe,UAAU,IAFxBX",
|
|
6
6
|
"names": ["DeviceActionStatus", "inject", "injectable", "of", "LKRPMissingDataError", "appBinderTypes", "AuthenticateUseCase", "appBinder", "input", "sessionId", "of", "DeviceActionStatus", "LKRPMissingDataError", "__decorateClass", "injectable", "__decorateParam", "inject", "appBinderTypes"]
|
|
7
7
|
}
|
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
{
|
|
2
2
|
"version": 3,
|
|
3
3
|
"sources": ["../../../../../src/internal/use-cases/authentication/DecryptDataUseCase.ts"],
|
|
4
|
-
"sourcesContent": ["import { ByteArrayParser } from \"@ledgerhq/device-management-kit\";\nimport { inject, injectable } from \"inversify\";\nimport { Maybe } from \"purify-ts\";\n\nimport {\n type CryptoService,\n Curve,\n EncryptionAlgo,\n HashAlgo,\n} from \"@api/crypto/CryptoService\";\nimport { LKRPParsingError } from \"@api/model/Errors\";\nimport { externalTypes } from \"@internal/externalTypes\";\nimport { eitherSeqRecord } from \"@internal/utils/eitherSeqRecord\";\n\n@injectable()\nexport class DecryptDataUseCase {\n constructor(\n @inject(externalTypes.CryptoService)\n private cryptoService: CryptoService,\n ) {}\n\n // TODO better return type instead of throw on errors\n async execute(\n encryptionKey: Uint8Array,\n data: Uint8Array,\n ): Promise<Uint8Array> {\n const parser = new ByteArrayParser(data);\n if (parser.extract8BitUInt() !== 0) {\n throw new LKRPParsingError(\"Unsupported serialization version\");\n }\n const required = (value: Uint8Array | undefined, field: string) =>\n Maybe.fromNullable(value).toEither(\n new LKRPParsingError(`Missing ${field} field`),\n );\n\n return eitherSeqRecord({\n ephemeralPublicKey: () =>\n required(parser.extractFieldByLength(33), \"ephemeral public key\"),\n iv: () => required(parser.extractFieldByLength(16), \"IV\"),\n tag: () => required(parser.extractFieldByLength(16), \"tag\"),\n encryptedData: () =>\n required(\n parser.extractFieldByLength(parser.getUnparsedRemainingLength()),\n \"encrypted data\",\n ),\n })\n .map(async ({ ephemeralPublicKey, iv, tag, encryptedData }) => {\n // Derive the shared secret using ECDH with an ephemeral
|
|
4
|
+
"sourcesContent": ["import { ByteArrayParser } from \"@ledgerhq/device-management-kit\";\nimport { inject, injectable } from \"inversify\";\nimport { Maybe } from \"purify-ts\";\n\nimport {\n type CryptoService,\n Curve,\n EncryptionAlgo,\n HashAlgo,\n} from \"@api/crypto/CryptoService\";\nimport { LKRPParsingError } from \"@api/model/Errors\";\nimport { externalTypes } from \"@internal/externalTypes\";\nimport { eitherSeqRecord } from \"@internal/utils/eitherSeqRecord\";\n\n@injectable()\nexport class DecryptDataUseCase {\n constructor(\n @inject(externalTypes.CryptoService)\n private cryptoService: CryptoService,\n ) {}\n\n // TODO better return type instead of throw on errors\n async execute(\n encryptionKey: Uint8Array,\n data: Uint8Array,\n ): Promise<Uint8Array> {\n const parser = new ByteArrayParser(data);\n if (parser.extract8BitUInt() !== 0) {\n throw new LKRPParsingError(\"Unsupported serialization version\");\n }\n const required = (value: Uint8Array | undefined, field: string) =>\n Maybe.fromNullable(value).toEither(\n new LKRPParsingError(`Missing ${field} field`),\n );\n\n return eitherSeqRecord({\n ephemeralPublicKey: () =>\n required(parser.extractFieldByLength(33), \"ephemeral public key\"),\n iv: () => required(parser.extractFieldByLength(16), \"IV\"),\n tag: () => required(parser.extractFieldByLength(16), \"tag\"),\n encryptedData: () =>\n required(\n parser.extractFieldByLength(parser.getUnparsedRemainingLength()),\n \"encrypted data\",\n ),\n })\n .map(async ({ ephemeralPublicKey, iv, tag, encryptedData }) => {\n // Derive the shared secret using ECDH with an ephemeral keyPair\n const privateKey = this.cryptoService.importKeyPair(\n encryptionKey,\n Curve.K256,\n );\n const sharedSecret =\n await privateKey.deriveSharedSecret(ephemeralPublicKey);\n\n // Key derivation using HMAC-SHA256\n const key = this.cryptoService.hmac(\n new Uint8Array(),\n sharedSecret.slice(1),\n HashAlgo.SHA256,\n );\n\n // Decrypt the data\n const symmetricKey = this.cryptoService.importSymmetricKey(\n key,\n EncryptionAlgo.AES256_GCM,\n );\n const ciphertext = new Uint8Array([...encryptedData, ...tag]);\n const cleartext = await symmetricKey.decrypt(iv, ciphertext);\n return cleartext;\n })\n .caseOf({\n Left: (error) => {\n throw error;\n },\n Right: (cleartext) => cleartext,\n });\n }\n}\n"],
|
|
5
5
|
"mappings": "iOAAA,OAAS,mBAAAA,MAAuB,kCAChC,OAAS,UAAAC,EAAQ,cAAAC,MAAkB,YACnC,OAAS,SAAAC,MAAa,YAEtB,OAEE,SAAAC,EACA,kBAAAC,EACA,YAAAC,MACK,4BACP,OAAS,oBAAAC,MAAwB,oBACjC,OAAS,iBAAAC,MAAqB,0BAC9B,OAAS,mBAAAC,MAAuB,kCAGzB,IAAMC,EAAN,KAAyB,CAC9B,YAEUC,EACR,CADQ,mBAAAA,CACP,CAGH,MAAM,QACJC,EACAC,EACqB,CACrB,MAAMC,EAAS,IAAIC,EAAgBF,CAAI,EACvC,GAAIC,EAAO,gBAAgB,IAAM,EAC/B,MAAM,IAAIE,EAAiB,mCAAmC,EAEhE,MAAMC,EAAW,CAACC,EAA+BC,IAC/CC,EAAM,aAAaF,CAAK,EAAE,SACxB,IAAIF,EAAiB,WAAWG,CAAK,QAAQ,CAC/C,EAEF,OAAOE,EAAgB,CACrB,mBAAoB,IAClBJ,EAASH,EAAO,qBAAqB,EAAE,EAAG,sBAAsB,EAClE,GAAI,IAAMG,EAASH,EAAO,qBAAqB,EAAE,EAAG,IAAI,EACxD,IAAK,IAAMG,EAASH,EAAO,qBAAqB,EAAE,EAAG,KAAK,EAC1D,cAAe,IACbG,EACEH,EAAO,qBAAqBA,EAAO,2BAA2B,CAAC,EAC/D,gBACF,CACJ,CAAC,EACE,IAAI,MAAO,CAAE,mBAAAQ,EAAoB,GAAAC,EAAI,IAAAC,EAAK,cAAAC,CAAc,IAAM,CAM7D,MAAMC,EACJ,MALiB,KAAK,cAAc,cACpCd,EACAe,EAAM,IACR,EAEmB,mBAAmBL,CAAkB,EAGlDM,EAAM,KAAK,cAAc,KAC7B,IAAI,WACJF,EAAa,MAAM,CAAC,EACpBG,EAAS,MACX,EAGMC,EAAe,KAAK,cAAc,mBACtCF,EACAG,EAAe,UACjB,EACMC,EAAa,IAAI,WAAW,CAAC,GAAGP,EAAe,GAAGD,CAAG,CAAC,EAE5D,OADkB,MAAMM,EAAa,QAAQP,EAAIS,CAAU,CAE7D,CAAC,EACA,OAAO,CACN,KAAOC,GAAU,CACf,MAAMA,CACR,EACA,MAAQC,GAAcA,CACxB,CAAC,CACL,CACF,EA/DaxB,EAANyB,EAAA,CADNC,EAAW,EAGPC,EAAA,EAAAC,EAAOC,EAAc,aAAa,IAF1B7B",
|
|
6
6
|
"names": ["ByteArrayParser", "inject", "injectable", "Maybe", "Curve", "EncryptionAlgo", "HashAlgo", "LKRPParsingError", "externalTypes", "eitherSeqRecord", "DecryptDataUseCase", "cryptoService", "encryptionKey", "data", "parser", "ByteArrayParser", "LKRPParsingError", "required", "value", "field", "Maybe", "eitherSeqRecord", "ephemeralPublicKey", "iv", "tag", "encryptedData", "sharedSecret", "Curve", "key", "HashAlgo", "symmetricKey", "EncryptionAlgo", "ciphertext", "error", "cleartext", "__decorateClass", "injectable", "__decorateParam", "inject", "externalTypes"]
|
|
7
7
|
}
|
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
{
|
|
2
2
|
"version": 3,
|
|
3
3
|
"sources": ["../../../../../src/internal/use-cases/authentication/EncryptDataUseCase.ts"],
|
|
4
|
-
"sourcesContent": ["import { ByteArrayBuilder } from \"@ledgerhq/device-management-kit\";\nimport { inject, injectable } from \"inversify\";\n\nimport {\n type CryptoService,\n Curve,\n EncryptionAlgo,\n HashAlgo,\n} from \"@api/crypto/CryptoService\";\nimport { AES256_BLOCK_SIZE } from \"@api/crypto/Key\";\nimport { externalTypes } from \"@internal/externalTypes\";\n\n@injectable()\nexport class EncryptDataUseCase {\n constructor(\n @inject(externalTypes.CryptoService)\n private cryptoService: CryptoService,\n ) {}\n\n async execute(\n encryptionKey: Uint8Array,\n data: Uint8Array,\n ): Promise<Uint8Array> {\n // Derive the shared secret using ECDH with an ephemeral
|
|
4
|
+
"sourcesContent": ["import { ByteArrayBuilder } from \"@ledgerhq/device-management-kit\";\nimport { inject, injectable } from \"inversify\";\n\nimport {\n type CryptoService,\n Curve,\n EncryptionAlgo,\n HashAlgo,\n} from \"@api/crypto/CryptoService\";\nimport { AES256_BLOCK_SIZE } from \"@api/crypto/Key\";\nimport { externalTypes } from \"@internal/externalTypes\";\n\n@injectable()\nexport class EncryptDataUseCase {\n constructor(\n @inject(externalTypes.CryptoService)\n private cryptoService: CryptoService,\n ) {}\n\n async execute(\n encryptionKey: Uint8Array,\n data: Uint8Array,\n ): Promise<Uint8Array> {\n // Derive the shared secret using ECDH with an ephemeral keyPair\n const privateKey = this.cryptoService.importKeyPair(\n encryptionKey,\n Curve.K256,\n );\n const ephemeralKeypair = await this.cryptoService.createKeyPair(Curve.K256);\n const sharedSecret = await privateKey.deriveSharedSecret(\n ephemeralKeypair.getPublicKey(),\n );\n\n // Key derivation using HMAC-SHA256\n const key = this.cryptoService.hmac(\n new Uint8Array(),\n sharedSecret.slice(1),\n HashAlgo.SHA256,\n );\n\n // Generate a random IV (nonce)\n const iv = this.cryptoService.randomBytes(16);\n\n // Encrypt data\n const symmetricKey = this.cryptoService.importSymmetricKey(\n key,\n EncryptionAlgo.AES256_GCM,\n );\n const ciphertext = await symmetricKey.encrypt(iv, data);\n const encryptedData = ciphertext.subarray(0, -AES256_BLOCK_SIZE);\n const tag = ciphertext.subarray(-AES256_BLOCK_SIZE);\n\n // Serialize the result\n return new ByteArrayBuilder()\n .add8BitUIntToData(0) // Version of the format\n .addBufferToData(ephemeralKeypair.getPublicKey())\n .addBufferToData(iv)\n .addBufferToData(tag)\n .addBufferToData(encryptedData)\n .build();\n }\n}\n"],
|
|
5
5
|
"mappings": "iOAAA,OAAS,oBAAAA,MAAwB,kCACjC,OAAS,UAAAC,EAAQ,cAAAC,MAAkB,YAEnC,OAEE,SAAAC,EACA,kBAAAC,EACA,YAAAC,MACK,4BACP,OAAS,qBAAAC,MAAyB,kBAClC,OAAS,iBAAAC,MAAqB,0BAGvB,IAAMC,EAAN,KAAyB,CAC9B,YAEUC,EACR,CADQ,mBAAAA,CACP,CAEH,MAAM,QACJC,EACAC,EACqB,CAErB,MAAMC,EAAa,KAAK,cAAc,cACpCF,EACAG,EAAM,IACR,EACMC,EAAmB,MAAM,KAAK,cAAc,cAAcD,EAAM,IAAI,EACpEE,EAAe,MAAMH,EAAW,mBACpCE,EAAiB,aAAa,CAChC,EAGME,EAAM,KAAK,cAAc,KAC7B,IAAI,WACJD,EAAa,MAAM,CAAC,EACpBE,EAAS,MACX,EAGMC,EAAK,KAAK,cAAc,YAAY,EAAE,EAOtCC,EAAa,MAJE,KAAK,cAAc,mBACtCH,EACAI,EAAe,UACjB,EACsC,QAAQF,EAAIP,CAAI,EAChDU,EAAgBF,EAAW,SAAS,EAAG,CAACG,CAAiB,EACzDC,EAAMJ,EAAW,SAAS,CAACG,CAAiB,EAGlD,OAAO,IAAIE,EAAiB,EACzB,kBAAkB,CAAC,EACnB,gBAAgBV,EAAiB,aAAa,CAAC,EAC/C,gBAAgBI,CAAE,EAClB,gBAAgBK,CAAG,EACnB,gBAAgBF,CAAa,EAC7B,MAAM,CACX,CACF,EAhDab,EAANiB,EAAA,CADNC,EAAW,EAGPC,EAAA,EAAAC,EAAOC,EAAc,aAAa,IAF1BrB",
|
|
6
6
|
"names": ["ByteArrayBuilder", "inject", "injectable", "Curve", "EncryptionAlgo", "HashAlgo", "AES256_BLOCK_SIZE", "externalTypes", "EncryptDataUseCase", "cryptoService", "encryptionKey", "data", "privateKey", "Curve", "ephemeralKeypair", "sharedSecret", "key", "HashAlgo", "iv", "ciphertext", "EncryptionAlgo", "encryptedData", "AES256_BLOCK_SIZE", "tag", "ByteArrayBuilder", "__decorateClass", "injectable", "__decorateParam", "inject", "externalTypes"]
|
|
7
7
|
}
|
|
@@ -1,4 +1,4 @@
|
|
|
1
|
-
import{bufferToHexaString as
|
|
1
|
+
import{bufferToHexaString as l,hexaStringToBuffer as u}from"@ledgerhq/device-management-kit";import{Either as y,Just as c,Maybe as f,MaybeAsync as b,Nothing as n,Right as P}from"purify-ts";import{EncryptionAlgo as g}from"../../api/crypto/CryptoService";import{CommandTags as h}from"../models/Tags";import{LKRPBlock as m}from"./LKRPBlock";import{TLVParser as d}from"./TLVParser";class p{constructor(e,a){this.bytes=e;this.blocks=a?c(P(a)):n}validation=n;blocks=n;path=n;static fromHex(e){return new p(u(e)??new Uint8Array)}static fromData(e,a){const t=[];let r=a??l(crypto.getRandomValues(new Uint8Array(32)),!1);for(const s of e){const i=m.fromData({...s,parent:r});r=i.hash(),t.push(i)}const o=t.reduce((s,i)=>new Uint8Array([...s,...i.toU8A()]),new Uint8Array);return new p(o,t)}toU8A(){return this.bytes}toString(){return l(this.bytes,!1)}parse(){return this.blocks.orDefaultLazy(()=>{const e=new d(this.bytes),a=[];for(;!e.state.isDone;){const r=e.state.offset,o=e.parseBlockData().map(s=>{const i=e.state.offset;return new m(this.bytes.slice(r,i),s)});if(a.push(o),o.isLeft())break}const t=y.sequence(a);return this.blocks=c(t),t})}toHuman(){return this.parse().map(e=>e.map(a=>a.toHuman())).chain(y.sequence).map(e=>e.join(`
|
|
2
2
|
|
|
3
|
-
`))}async validate(e){return this.validation.orDefaultLazy(async()=>this.parse().map(t=>t.map(r=>r.parse().map(({parent:o})=>({parent:o,hash:()=>r.hash()})))).chain(y.sequence).toMaybe().map(async t=>{if(e&&t[0]&&e!==t[0].parent)return!1;for await(const[r,o]of t.entries()){const s=t[r+1];if(s&&o.hash()!==s.parent)return!1}return!0}).orDefault(Promise.resolve(!1)))}getPath(){return this.path.ifNothing(()=>{this.path=this.parse().toMaybe().chainNullable(e=>e[0]).chain(e=>e.parse().toMaybe()).chainNullable(({commands:e})=>e[0]).chain(e=>e.parse().toMaybe()).chain(e=>{switch(e.type){case h.Derive:return c(e.path);case h.Seed:return c("m/0'");default:return n}})}),this.path}getMemberBlock(e){return this.parse().toMaybe().chain(a=>{for(const t of a){const r=t.parse();if(r.isRight()){const o=r.extract();for(const s of o.commands){const i=s.getPublicKey();if(i.isJust()&&i.extract()===e)return f.of(o)}}}return n})}hasMember(e){return this.getMemberBlock(e).isJust()}async getPublishedKey(e,a){return b.liftMaybe(this.getMemberBlock(a.getPublicKeyToHex()).chain(t=>{for(const r of t.commands){const o=r.getEncryptedPublishedKey();if(o.isJust())return o}return n})).map(async t=>{const r=(await a.deriveSharedSecret(t.ephemeralPublicKey)).slice(1),s=await e.importSymmetricKey(r,g.AES256_GCM).decrypt(t.initializationVector,t.encryptedXpriv);return{privateKey:s.slice(0,32),chainCode:s.slice(32)}})}}export{
|
|
3
|
+
`))}async validate(e){return this.validation.orDefaultLazy(async()=>this.parse().map(t=>t.map(r=>r.parse().map(({parent:o})=>({parent:o,hash:()=>r.hash()})))).chain(y.sequence).toMaybe().map(async t=>{if(e&&t[0]&&e!==t[0].parent)return!1;for await(const[r,o]of t.entries()){const s=t[r+1];if(s&&o.hash()!==s.parent)return!1}return!0}).orDefault(Promise.resolve(!1)))}getPath(){return this.path.ifNothing(()=>{this.path=this.parse().toMaybe().chainNullable(e=>e[0]).chain(e=>e.parse().toMaybe()).chainNullable(({commands:e})=>e[0]).chain(e=>e.parse().toMaybe()).chain(e=>{switch(e.type){case h.Derive:return c(e.path);case h.Seed:return c("m/0'");default:return n}})}),this.path}getMemberBlock(e){return this.parse().toMaybe().chain(a=>{for(const t of a){const r=t.parse();if(r.isRight()){const o=r.extract();for(const s of o.commands){const i=s.getPublicKey();if(i.isJust()&&i.extract()===e)return f.of(o)}}}return n})}hasMember(e){return this.getMemberBlock(e).isJust()}async getPublishedKey(e,a){return b.liftMaybe(this.getMemberBlock(a.getPublicKeyToHex()).chain(t=>{for(const r of t.commands){const o=r.getEncryptedPublishedKey();if(o.isJust())return o}return n})).map(async t=>{const r=(await a.deriveSharedSecret(t.ephemeralPublicKey)).slice(1),s=await e.importSymmetricKey(r,g.AES256_GCM).decrypt(t.initializationVector,t.encryptedXpriv);return{privateKey:s.slice(0,32),chainCode:s.slice(32)}})}}export{p as LKRPBlockStream};
|
|
4
4
|
//# sourceMappingURL=LKRPBlockStream.js.map
|
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
{
|
|
2
2
|
"version": 3,
|
|
3
3
|
"sources": ["../../../../src/internal/utils/LKRPBlockStream.ts"],
|
|
4
|
-
"sourcesContent": ["import {\n bufferToHexaString,\n hexaStringToBuffer,\n} from \"@ledgerhq/device-management-kit\";\nimport { Either, Just, Maybe, MaybeAsync, Nothing, Right } from \"purify-ts\";\n\nimport { type CryptoService, EncryptionAlgo } from \"@api/crypto/CryptoService\";\nimport { type KeyPair } from \"@api/crypto/KeyPair\";\nimport { type LKRPParsingError } from \"@api/model/Errors\";\nimport { type LKRPBlockData } from \"@internal/models/LKRPBlockTypes\";\nimport { CommandTags } from \"@internal/models/Tags\";\nimport {\n type EncryptedPublishedKey,\n type PublishedKey,\n} from \"@internal/models/Types\";\n\nimport { LKRPBlock } from \"./LKRPBlock\";\nimport { TLVParser } from \"./TLVParser\";\n\nexport class LKRPBlockStream {\n private validation: Maybe<Promise<boolean>> = Nothing;\n private blocks: Maybe<Either<LKRPParsingError, LKRPBlock[]>> = Nothing;\n private path: Maybe<string> = Nothing;\n\n constructor(\n private readonly bytes: Uint8Array,\n blocks?: LKRPBlock[],\n ) {\n this.blocks = blocks ? Just(Right(blocks)) : Nothing;\n }\n\n static fromHex(hex: string): LKRPBlockStream {\n return new LKRPBlockStream(hexaStringToBuffer(hex) ?? new Uint8Array());\n }\n\n static fromData(\n blocksData: Omit<LKRPBlockData, \"parent\">[],\n parentHash?: string,\n ): LKRPBlockStream {\n const blocks: LKRPBlock[] = [];\n let hash =\n parentHash ??\n bufferToHexaString(crypto.getRandomValues(new Uint8Array(32)), false);\n\n for (const blockData of blocksData) {\n const block = LKRPBlock.fromData({\n ...blockData,\n parent: hash,\n });\n hash = block.hash();\n blocks.push(block);\n }\n const bytes = blocks.reduce(\n (acc, block) => new Uint8Array([...acc, ...block.toU8A()]),\n new Uint8Array(),\n );\n return new LKRPBlockStream(bytes, blocks);\n }\n\n toU8A(): Uint8Array {\n return this.bytes;\n }\n\n toString(): string {\n return bufferToHexaString(this.bytes, false);\n }\n\n parse(): Either<LKRPParsingError, LKRPBlock[]> {\n return this.blocks.orDefaultLazy(() => {\n const parser = new TLVParser(this.bytes);\n const parsed: Either<LKRPParsingError, LKRPBlock>[] = [];\n while (!parser.state.isDone) {\n const start = parser.state.offset;\n const block = parser.parseBlockData().map((data) => {\n const end = parser.state.offset;\n return new LKRPBlock(this.bytes.slice(start, end), data);\n });\n parsed.push(block);\n if (block.isLeft()) break;\n }\n const blocks = Either.sequence(parsed);\n this.blocks = Just(blocks);\n return blocks;\n });\n }\n\n toHuman(): Either<LKRPParsingError, string> {\n return this.parse()\n .map((blocks) => blocks.map((block) => block.toHuman()))\n .chain(Either.sequence)\n .map((blocks) => blocks.join(\"\\n\\n\"));\n }\n\n async validate(streamParentHash?: string): Promise<boolean> {\n return this.validation.orDefaultLazy(async () => {\n const validation = this.parse()\n .map((blocks) =>\n blocks.map((block) =>\n block\n .parse()\n .map(({ parent }) => ({ parent, hash: () => block.hash() })),\n ),\n )\n .chain(Either.sequence)\n .toMaybe()\n .map(async (blocks) => {\n if (\n streamParentHash &&\n blocks[0] &&\n streamParentHash !== blocks[0].parent\n ) {\n return false;\n }\n\n for await (const [index, block] of blocks.entries()) {\n const nextBlock = blocks[index + 1];\n if (nextBlock && block.hash() !== nextBlock.parent) {\n return false;\n }\n }\n return true;\n })\n .orDefault(Promise.resolve(false));\n\n return validation;\n });\n }\n\n getPath(): Maybe<string> {\n this.path.ifNothing(() => {\n this.path = this.parse()\n .toMaybe()\n .chainNullable((blocks) => blocks[0])\n .chain((block) => block.parse().toMaybe())\n .chainNullable(({ commands }) => commands[0])\n .chain((command) => command.parse().toMaybe())\n .chain((data) => {\n switch (data.type) {\n case CommandTags.Derive:\n return Just(data.path);\n case CommandTags.Seed:\n return Just(\"m/0'\");\n default:\n return Nothing;\n }\n });\n });\n return this.path;\n }\n\n getMemberBlock(member: string): Maybe<LKRPBlockData> {\n return this.parse()\n .toMaybe()\n .chain((blocks) => {\n for (const block of blocks) {\n const parsedBlock = block.parse();\n if (parsedBlock.isRight()) {\n const blockData = parsedBlock.extract();\n for (const command of blockData.commands) {\n const pubkey = command.getPublicKey();\n if (pubkey.isJust() && pubkey.extract() === member) {\n return Maybe.of(blockData);\n }\n }\n }\n }\n return Nothing;\n });\n }\n\n hasMember(member: string): boolean {\n return this.getMemberBlock(member).isJust();\n }\n\n async getPublishedKey(\n cryptoService: CryptoService,\n
|
|
4
|
+
"sourcesContent": ["import {\n bufferToHexaString,\n hexaStringToBuffer,\n} from \"@ledgerhq/device-management-kit\";\nimport { Either, Just, Maybe, MaybeAsync, Nothing, Right } from \"purify-ts\";\n\nimport { type CryptoService, EncryptionAlgo } from \"@api/crypto/CryptoService\";\nimport { type KeyPair } from \"@api/crypto/KeyPair\";\nimport { type LKRPParsingError } from \"@api/model/Errors\";\nimport { type LKRPBlockData } from \"@internal/models/LKRPBlockTypes\";\nimport { CommandTags } from \"@internal/models/Tags\";\nimport {\n type EncryptedPublishedKey,\n type PublishedKey,\n} from \"@internal/models/Types\";\n\nimport { LKRPBlock } from \"./LKRPBlock\";\nimport { TLVParser } from \"./TLVParser\";\n\nexport class LKRPBlockStream {\n private validation: Maybe<Promise<boolean>> = Nothing;\n private blocks: Maybe<Either<LKRPParsingError, LKRPBlock[]>> = Nothing;\n private path: Maybe<string> = Nothing;\n\n constructor(\n private readonly bytes: Uint8Array,\n blocks?: LKRPBlock[],\n ) {\n this.blocks = blocks ? Just(Right(blocks)) : Nothing;\n }\n\n static fromHex(hex: string): LKRPBlockStream {\n return new LKRPBlockStream(hexaStringToBuffer(hex) ?? new Uint8Array());\n }\n\n static fromData(\n blocksData: Omit<LKRPBlockData, \"parent\">[],\n parentHash?: string,\n ): LKRPBlockStream {\n const blocks: LKRPBlock[] = [];\n let hash =\n parentHash ??\n bufferToHexaString(crypto.getRandomValues(new Uint8Array(32)), false);\n\n for (const blockData of blocksData) {\n const block = LKRPBlock.fromData({\n ...blockData,\n parent: hash,\n });\n hash = block.hash();\n blocks.push(block);\n }\n const bytes = blocks.reduce(\n (acc, block) => new Uint8Array([...acc, ...block.toU8A()]),\n new Uint8Array(),\n );\n return new LKRPBlockStream(bytes, blocks);\n }\n\n toU8A(): Uint8Array {\n return this.bytes;\n }\n\n toString(): string {\n return bufferToHexaString(this.bytes, false);\n }\n\n parse(): Either<LKRPParsingError, LKRPBlock[]> {\n return this.blocks.orDefaultLazy(() => {\n const parser = new TLVParser(this.bytes);\n const parsed: Either<LKRPParsingError, LKRPBlock>[] = [];\n while (!parser.state.isDone) {\n const start = parser.state.offset;\n const block = parser.parseBlockData().map((data) => {\n const end = parser.state.offset;\n return new LKRPBlock(this.bytes.slice(start, end), data);\n });\n parsed.push(block);\n if (block.isLeft()) break;\n }\n const blocks = Either.sequence(parsed);\n this.blocks = Just(blocks);\n return blocks;\n });\n }\n\n toHuman(): Either<LKRPParsingError, string> {\n return this.parse()\n .map((blocks) => blocks.map((block) => block.toHuman()))\n .chain(Either.sequence)\n .map((blocks) => blocks.join(\"\\n\\n\"));\n }\n\n async validate(streamParentHash?: string): Promise<boolean> {\n return this.validation.orDefaultLazy(async () => {\n const validation = this.parse()\n .map((blocks) =>\n blocks.map((block) =>\n block\n .parse()\n .map(({ parent }) => ({ parent, hash: () => block.hash() })),\n ),\n )\n .chain(Either.sequence)\n .toMaybe()\n .map(async (blocks) => {\n if (\n streamParentHash &&\n blocks[0] &&\n streamParentHash !== blocks[0].parent\n ) {\n return false;\n }\n\n for await (const [index, block] of blocks.entries()) {\n const nextBlock = blocks[index + 1];\n if (nextBlock && block.hash() !== nextBlock.parent) {\n return false;\n }\n }\n return true;\n })\n .orDefault(Promise.resolve(false));\n\n return validation;\n });\n }\n\n getPath(): Maybe<string> {\n this.path.ifNothing(() => {\n this.path = this.parse()\n .toMaybe()\n .chainNullable((blocks) => blocks[0])\n .chain((block) => block.parse().toMaybe())\n .chainNullable(({ commands }) => commands[0])\n .chain((command) => command.parse().toMaybe())\n .chain((data) => {\n switch (data.type) {\n case CommandTags.Derive:\n return Just(data.path);\n case CommandTags.Seed:\n return Just(\"m/0'\");\n default:\n return Nothing;\n }\n });\n });\n return this.path;\n }\n\n getMemberBlock(member: string): Maybe<LKRPBlockData> {\n return this.parse()\n .toMaybe()\n .chain((blocks) => {\n for (const block of blocks) {\n const parsedBlock = block.parse();\n if (parsedBlock.isRight()) {\n const blockData = parsedBlock.extract();\n for (const command of blockData.commands) {\n const pubkey = command.getPublicKey();\n if (pubkey.isJust() && pubkey.extract() === member) {\n return Maybe.of(blockData);\n }\n }\n }\n }\n return Nothing;\n });\n }\n\n hasMember(member: string): boolean {\n return this.getMemberBlock(member).isJust();\n }\n\n async getPublishedKey(\n cryptoService: CryptoService,\n keyPair: KeyPair,\n ): Promise<Maybe<PublishedKey>> {\n return MaybeAsync.liftMaybe(\n this.getMemberBlock(keyPair.getPublicKeyToHex()).chain(\n (block): Maybe<EncryptedPublishedKey> => {\n for (const command of block.commands) {\n const key = command.getEncryptedPublishedKey();\n if (key.isJust()) {\n return key;\n }\n }\n return Nothing;\n },\n ),\n ).map(async (published) => {\n const secret = (\n await keyPair.deriveSharedSecret(published.ephemeralPublicKey)\n ).slice(1);\n const key = cryptoService.importSymmetricKey(\n secret,\n EncryptionAlgo.AES256_GCM,\n );\n const xpriv = await key.decrypt(\n published.initializationVector,\n published.encryptedXpriv,\n );\n return { privateKey: xpriv.slice(0, 32), chainCode: xpriv.slice(32) };\n });\n }\n}\n"],
|
|
5
5
|
"mappings": "AAAA,OACE,sBAAAA,EACA,sBAAAC,MACK,kCACP,OAAS,UAAAC,EAAQ,QAAAC,EAAM,SAAAC,EAAO,cAAAC,EAAY,WAAAC,EAAS,SAAAC,MAAa,YAEhE,OAA6B,kBAAAC,MAAsB,4BAInD,OAAS,eAAAC,MAAmB,wBAM5B,OAAS,aAAAC,MAAiB,cAC1B,OAAS,aAAAC,MAAiB,cAEnB,MAAMC,CAAgB,CAK3B,YACmBC,EACjBC,EACA,CAFiB,WAAAD,EAGjB,KAAK,OAASC,EAASX,EAAKI,EAAMO,CAAM,CAAC,EAAIR,CAC/C,CATQ,WAAsCA,EACtC,OAAuDA,EACvD,KAAsBA,EAS9B,OAAO,QAAQS,EAA8B,CAC3C,OAAO,IAAIH,EAAgBX,EAAmBc,CAAG,GAAK,IAAI,UAAY,CACxE,CAEA,OAAO,SACLC,EACAC,EACiB,CACjB,MAAMH,EAAsB,CAAC,EAC7B,IAAII,EACFD,GACAjB,EAAmB,OAAO,gBAAgB,IAAI,WAAW,EAAE,CAAC,EAAG,EAAK,EAEtE,UAAWmB,KAAaH,EAAY,CAClC,MAAMI,EAAQV,EAAU,SAAS,CAC/B,GAAGS,EACH,OAAQD,CACV,CAAC,EACDA,EAAOE,EAAM,KAAK,EAClBN,EAAO,KAAKM,CAAK,CACnB,CACA,MAAMP,EAAQC,EAAO,OACnB,CAACO,EAAKD,IAAU,IAAI,WAAW,CAAC,GAAGC,EAAK,GAAGD,EAAM,MAAM,CAAC,CAAC,EACzD,IAAI,UACN,EACA,OAAO,IAAIR,EAAgBC,EAAOC,CAAM,CAC1C,CAEA,OAAoB,CAClB,OAAO,KAAK,KACd,CAEA,UAAmB,CACjB,OAAOd,EAAmB,KAAK,MAAO,EAAK,CAC7C,CAEA,OAA+C,CAC7C,OAAO,KAAK,OAAO,cAAc,IAAM,CACrC,MAAMsB,EAAS,IAAIX,EAAU,KAAK,KAAK,EACjCY,EAAgD,CAAC,EACvD,KAAO,CAACD,EAAO,MAAM,QAAQ,CAC3B,MAAME,EAAQF,EAAO,MAAM,OACrBF,EAAQE,EAAO,eAAe,EAAE,IAAKG,GAAS,CAClD,MAAMC,EAAMJ,EAAO,MAAM,OACzB,OAAO,IAAIZ,EAAU,KAAK,MAAM,MAAMc,EAAOE,CAAG,EAAGD,CAAI,CACzD,CAAC,EAED,GADAF,EAAO,KAAKH,CAAK,EACbA,EAAM,OAAO,EAAG,KACtB,CACA,MAAMN,EAASZ,EAAO,SAASqB,CAAM,EACrC,YAAK,OAASpB,EAAKW,CAAM,EAClBA,CACT,CAAC,CACH,CAEA,SAA4C,CAC1C,OAAO,KAAK,MAAM,EACf,IAAKA,GAAWA,EAAO,IAAKM,GAAUA,EAAM,QAAQ,CAAC,CAAC,EACtD,MAAMlB,EAAO,QAAQ,EACrB,IAAKY,GAAWA,EAAO,KAAK;AAAA;AAAA,CAAM,CAAC,CACxC,CAEA,MAAM,SAASa,EAA6C,CAC1D,OAAO,KAAK,WAAW,cAAc,SAChB,KAAK,MAAM,EAC3B,IAAKb,GACJA,EAAO,IAAKM,GACVA,EACG,MAAM,EACN,IAAI,CAAC,CAAE,OAAAQ,CAAO,KAAO,CAAE,OAAAA,EAAQ,KAAM,IAAMR,EAAM,KAAK,CAAE,EAAE,CAC/D,CACF,EACC,MAAMlB,EAAO,QAAQ,EACrB,QAAQ,EACR,IAAI,MAAOY,GAAW,CACrB,GACEa,GACAb,EAAO,CAAC,GACRa,IAAqBb,EAAO,CAAC,EAAE,OAE/B,MAAO,GAGT,eAAiB,CAACe,EAAOT,CAAK,IAAKN,EAAO,QAAQ,EAAG,CACnD,MAAMgB,EAAYhB,EAAOe,EAAQ,CAAC,EAClC,GAAIC,GAAaV,EAAM,KAAK,IAAMU,EAAU,OAC1C,MAAO,EAEX,CACA,MAAO,EACT,CAAC,EACA,UAAU,QAAQ,QAAQ,EAAK,CAAC,CAGpC,CACH,CAEA,SAAyB,CACvB,YAAK,KAAK,UAAU,IAAM,CACxB,KAAK,KAAO,KAAK,MAAM,EACpB,QAAQ,EACR,cAAehB,GAAWA,EAAO,CAAC,CAAC,EACnC,MAAOM,GAAUA,EAAM,MAAM,EAAE,QAAQ,CAAC,EACxC,cAAc,CAAC,CAAE,SAAAW,CAAS,IAAMA,EAAS,CAAC,CAAC,EAC3C,MAAOC,GAAYA,EAAQ,MAAM,EAAE,QAAQ,CAAC,EAC5C,MAAOP,GAAS,CACf,OAAQA,EAAK,KAAM,CACjB,KAAKhB,EAAY,OACf,OAAON,EAAKsB,EAAK,IAAI,EACvB,KAAKhB,EAAY,KACf,OAAON,EAAK,MAAM,EACpB,QACE,OAAOG,CACX,CACF,CAAC,CACL,CAAC,EACM,KAAK,IACd,CAEA,eAAe2B,EAAsC,CACnD,OAAO,KAAK,MAAM,EACf,QAAQ,EACR,MAAOnB,GAAW,CACjB,UAAWM,KAASN,EAAQ,CAC1B,MAAMoB,EAAcd,EAAM,MAAM,EAChC,GAAIc,EAAY,QAAQ,EAAG,CACzB,MAAMf,EAAYe,EAAY,QAAQ,EACtC,UAAWF,KAAWb,EAAU,SAAU,CACxC,MAAMgB,EAASH,EAAQ,aAAa,EACpC,GAAIG,EAAO,OAAO,GAAKA,EAAO,QAAQ,IAAMF,EAC1C,OAAO7B,EAAM,GAAGe,CAAS,CAE7B,CACF,CACF,CACA,OAAOb,CACT,CAAC,CACL,CAEA,UAAU2B,EAAyB,CACjC,OAAO,KAAK,eAAeA,CAAM,EAAE,OAAO,CAC5C,CAEA,MAAM,gBACJG,EACAC,EAC8B,CAC9B,OAAOhC,EAAW,UAChB,KAAK,eAAegC,EAAQ,kBAAkB,CAAC,EAAE,MAC9CjB,GAAwC,CACvC,UAAWY,KAAWZ,EAAM,SAAU,CACpC,MAAMkB,EAAMN,EAAQ,yBAAyB,EAC7C,GAAIM,EAAI,OAAO,EACb,OAAOA,CAEX,CACA,OAAOhC,CACT,CACF,CACF,EAAE,IAAI,MAAOiC,GAAc,CACzB,MAAMC,GACJ,MAAMH,EAAQ,mBAAmBE,EAAU,kBAAkB,GAC7D,MAAM,CAAC,EAKHE,EAAQ,MAJFL,EAAc,mBACxBI,EACAhC,EAAe,UACjB,EACwB,QACtB+B,EAAU,qBACVA,EAAU,cACZ,EACA,MAAO,CAAE,WAAYE,EAAM,MAAM,EAAG,EAAE,EAAG,UAAWA,EAAM,MAAM,EAAE,CAAE,CACtE,CAAC,CACH,CACF",
|
|
6
|
-
"names": ["bufferToHexaString", "hexaStringToBuffer", "Either", "Just", "Maybe", "MaybeAsync", "Nothing", "Right", "EncryptionAlgo", "CommandTags", "LKRPBlock", "TLVParser", "LKRPBlockStream", "bytes", "blocks", "hex", "blocksData", "parentHash", "hash", "blockData", "block", "acc", "parser", "parsed", "start", "data", "end", "streamParentHash", "parent", "index", "nextBlock", "commands", "command", "member", "parsedBlock", "pubkey", "cryptoService", "
|
|
6
|
+
"names": ["bufferToHexaString", "hexaStringToBuffer", "Either", "Just", "Maybe", "MaybeAsync", "Nothing", "Right", "EncryptionAlgo", "CommandTags", "LKRPBlock", "TLVParser", "LKRPBlockStream", "bytes", "blocks", "hex", "blocksData", "parentHash", "hash", "blockData", "block", "acc", "parser", "parsed", "start", "data", "end", "streamParentHash", "parent", "index", "nextBlock", "commands", "command", "member", "parsedBlock", "pubkey", "cryptoService", "keyPair", "key", "published", "secret", "xpriv"]
|
|
7
7
|
}
|
package/lib/esm/package.json
CHANGED
|
@@ -12,7 +12,7 @@ export type AddToTrustchainDAOutput = undefined;
|
|
|
12
12
|
export type AddToTrustchainDAInput = Either<LKRPMissingDataError, {
|
|
13
13
|
readonly lkrpDataSource: LKRPDataSource;
|
|
14
14
|
readonly cryptoService: CryptoService;
|
|
15
|
-
readonly
|
|
15
|
+
readonly keyPair: KeyPair;
|
|
16
16
|
readonly jwt: JWT;
|
|
17
17
|
readonly appId: number;
|
|
18
18
|
readonly trustchain: Trustchain;
|
|
@@ -12,11 +12,11 @@ export declare class LedgerKeyringProtocolBinder {
|
|
|
12
12
|
private readonly lkrpDataSource;
|
|
13
13
|
constructor(dmk: DeviceManagementKit, applicationId: number, cryptoService: CryptoService, lkrpDataSource: LKRPDataSource);
|
|
14
14
|
authenticateWithKeypair(args: {
|
|
15
|
-
|
|
15
|
+
keyPair: KeyPair;
|
|
16
16
|
trustchainId: string;
|
|
17
17
|
}): AuthenticateDAReturnType;
|
|
18
18
|
authenticateWithDevice(args: {
|
|
19
|
-
|
|
19
|
+
keyPair: KeyPair;
|
|
20
20
|
clientName: string;
|
|
21
21
|
permissions: Permissions;
|
|
22
22
|
sessionId: DeviceSessionId;
|
|
@@ -23,7 +23,7 @@ export declare class AuthenticateWithDeviceDeviceAction extends XStateDeviceActi
|
|
|
23
23
|
extractEncryptionKey: ({ input, }: {
|
|
24
24
|
input: {
|
|
25
25
|
cryptoService: CryptoService;
|
|
26
|
-
|
|
26
|
+
keyPair: KeyPair;
|
|
27
27
|
stream: Either<AuthenticateDAError, LKRPBlockStream>;
|
|
28
28
|
};
|
|
29
29
|
}) => Promise<Either<AuthenticateDAError, Uint8Array<ArrayBufferLike>>>;
|
package/lib/types/internal/app-binder/device-action/AuthenticateWithKeypairDeviceAction.d.ts
CHANGED
|
@@ -11,7 +11,7 @@ export declare class AuthenticateWithKeypairDeviceAction extends XStateDeviceAct
|
|
|
11
11
|
execute(): ExecuteDeviceActionReturnType<AuthenticateDAOutput, AuthenticateDAError, AuthenticateDAIntermediateValue>;
|
|
12
12
|
makeStateMachine(): DeviceActionStateMachine<AuthenticateDAOutput, AuthenticateWithKeypairDAInput, AuthenticateDAError, AuthenticateDAIntermediateValue, AuthenticateWithKeypairDAInternalState>;
|
|
13
13
|
extractDependencies(): {
|
|
14
|
-
|
|
14
|
+
keyPairAuth: ({ input }: {
|
|
15
15
|
input: AuthenticateWithKeypairDAInput;
|
|
16
16
|
}) => Promise<Either<AuthenticateDAError, import("../../lkrp-datasource/data/LKRPDataSource").AuthenticationResponse>>;
|
|
17
17
|
getTrustchain: ({ input, }: {
|
|
@@ -24,7 +24,7 @@ export declare class AuthenticateWithKeypairDeviceAction extends XStateDeviceAct
|
|
|
24
24
|
extractEncryptionKey: ({ input, }: {
|
|
25
25
|
input: {
|
|
26
26
|
cryptoService: CryptoService;
|
|
27
|
-
|
|
27
|
+
keyPair: KeyPair;
|
|
28
28
|
stream: Either<AuthenticateDAError, LKRPBlockStream>;
|
|
29
29
|
};
|
|
30
30
|
}) => Promise<Either<AuthenticateDAError, Uint8Array<ArrayBufferLike>>>;
|
|
@@ -8,7 +8,7 @@ export type AuthenticateWithDeviceDAInput = {
|
|
|
8
8
|
readonly lkrpDataSource: LKRPDataSource;
|
|
9
9
|
readonly appId: number;
|
|
10
10
|
readonly cryptoService: CryptoService;
|
|
11
|
-
readonly
|
|
11
|
+
readonly keyPair: KeyPair;
|
|
12
12
|
readonly clientName: string;
|
|
13
13
|
readonly permissions: Permissions;
|
|
14
14
|
};
|
|
@@ -8,7 +8,7 @@ export type AuthenticateWithKeypairDAInput = {
|
|
|
8
8
|
readonly lkrpDataSource: LKRPDataSource;
|
|
9
9
|
readonly appId: number;
|
|
10
10
|
readonly cryptoService: CryptoService;
|
|
11
|
-
readonly
|
|
11
|
+
readonly keyPair: KeyPair;
|
|
12
12
|
readonly trustchainId: string;
|
|
13
13
|
};
|
|
14
14
|
export type AuthenticateWithKeypairDAInternalState = Either<AuthenticateDAError, {
|
|
@@ -3,6 +3,6 @@ import { type KeyPair } from "../../../api/crypto/KeyPair";
|
|
|
3
3
|
import { LKRPUnknownError } from "../../../api/model/Errors";
|
|
4
4
|
import { type LKRPBlockStream } from "../../utils/LKRPBlockStream";
|
|
5
5
|
export declare class ExtractEncryptionKeyTask {
|
|
6
|
-
run(cryptoService: CryptoService,
|
|
6
|
+
run(cryptoService: CryptoService, keyPair: KeyPair, stream: LKRPBlockStream): Promise<import("purify-ts").Either<LKRPUnknownError, Uint8Array<ArrayBufferLike>>>;
|
|
7
7
|
}
|
|
8
8
|
//# sourceMappingURL=ExtractEncryptionKeyTask.d.ts.map
|
|
@@ -5,9 +5,9 @@ import { LKRPMissingDataError, LKRPUnknownError } from "../../../api/model/Error
|
|
|
5
5
|
import { type AuthenticationPayload, type Challenge } from "../../lkrp-datasource/data/LKRPDataSource";
|
|
6
6
|
export declare class SignChallengeWithKeypairTask {
|
|
7
7
|
private readonly cryptoService;
|
|
8
|
-
private readonly
|
|
8
|
+
private readonly keyPair;
|
|
9
9
|
private readonly trustchainId;
|
|
10
|
-
constructor(cryptoService: CryptoService,
|
|
10
|
+
constructor(cryptoService: CryptoService, keyPair: KeyPair, trustchainId: string);
|
|
11
11
|
run(challenge: Challenge): EitherAsync<LKRPMissingDataError | LKRPUnknownError, AuthenticationPayload>;
|
|
12
12
|
private getAttestation;
|
|
13
13
|
private getCredential;
|
|
@@ -4,7 +4,7 @@ import { KeyPair } from "../../../api/crypto/KeyPair";
|
|
|
4
4
|
import { Permissions } from "../../../api/model/Permissions";
|
|
5
5
|
import { LedgerKeyringProtocolBinder } from "../../app-binder/LedgerKeyringProtocolBinder";
|
|
6
6
|
export type AuthenticateUsecaseInput = {
|
|
7
|
-
|
|
7
|
+
keyPair: KeyPair;
|
|
8
8
|
clientName: string;
|
|
9
9
|
permissions: Permissions;
|
|
10
10
|
} & ({
|
|
@@ -21,6 +21,6 @@ export declare class LKRPBlockStream {
|
|
|
21
21
|
getPath(): Maybe<string>;
|
|
22
22
|
getMemberBlock(member: string): Maybe<LKRPBlockData>;
|
|
23
23
|
hasMember(member: string): boolean;
|
|
24
|
-
getPublishedKey(cryptoService: CryptoService,
|
|
24
|
+
getPublishedKey(cryptoService: CryptoService, keyPair: KeyPair): Promise<Maybe<PublishedKey>>;
|
|
25
25
|
}
|
|
26
26
|
//# sourceMappingURL=LKRPBlockStream.d.ts.map
|