npm - @ledgerhq/ledger-key-ring-protocol - Versions diffs - 0.5.1-nightly.0 - Mend

@ledgerhq/ledger-key-ring-protocol 0.5.1-nightly.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (180) hide show

package/.eslintrc.js +33 -0
package/.turbo/turbo-build.log +4 -0
package/.unimportedrc.json +16 -0
package/CHANGELOG.md +299 -0
package/LICENSE.txt +21 -0
package/README.md +3 -0
package/jest.config.js +13 -0
package/lib/HWDeviceProvider.d.ts +25 -0
package/lib/HWDeviceProvider.d.ts.map +1 -0
package/lib/HWDeviceProvider.js +88 -0
package/lib/HWDeviceProvider.js.map +1 -0
package/lib/api.d.ts +77 -0
package/lib/api.d.ts.map +1 -0
package/lib/api.js +150 -0
package/lib/api.js.map +1 -0
package/lib/auth.d.ts +3 -0
package/lib/auth.d.ts.map +1 -0
package/lib/auth.js +79 -0
package/lib/auth.js.map +1 -0
package/lib/errors.d.ts +40 -0
package/lib/errors.d.ts.map +1 -0
package/lib/errors.js +18 -0
package/lib/errors.js.map +1 -0
package/lib/index.d.ts +6 -0
package/lib/index.d.ts.map +1 -0
package/lib/index.js +17 -0
package/lib/index.js.map +1 -0
package/lib/mockSdk.d.ts +22 -0
package/lib/mockSdk.d.ts.map +1 -0
package/lib/mockSdk.js +208 -0
package/lib/mockSdk.js.map +1 -0
package/lib/qrcode/cipher.d.ts +12 -0
package/lib/qrcode/cipher.d.ts.map +1 -0
package/lib/qrcode/cipher.js +69 -0
package/lib/qrcode/cipher.js.map +1 -0
package/lib/qrcode/cipher.test.d.ts +2 -0
package/lib/qrcode/cipher.test.d.ts.map +1 -0
package/lib/qrcode/cipher.test.js +40 -0
package/lib/qrcode/cipher.test.js.map +1 -0
package/lib/qrcode/index.d.ts +70 -0
package/lib/qrcode/index.d.ts.map +1 -0
package/lib/qrcode/index.js +312 -0
package/lib/qrcode/index.js.map +1 -0
package/lib/qrcode/index.test.d.ts +2 -0
package/lib/qrcode/index.test.d.ts.map +1 -0
package/lib/qrcode/index.test.js +131 -0
package/lib/qrcode/index.test.js.map +1 -0
package/lib/qrcode/types.d.ts +69 -0
package/lib/qrcode/types.d.ts.map +1 -0
package/lib/qrcode/types.js +3 -0
package/lib/qrcode/types.js.map +1 -0
package/lib/sdk.d.ts +31 -0
package/lib/sdk.d.ts.map +1 -0
package/lib/sdk.js +380 -0
package/lib/sdk.js.map +1 -0
package/lib/store.d.ts +71 -0
package/lib/store.d.ts.map +1 -0
package/lib/store.js +62 -0
package/lib/store.js.map +1 -0
package/lib/types.d.ts +181 -0
package/lib/types.d.ts.map +1 -0
package/lib/types.js +10 -0
package/lib/types.js.map +1 -0
package/lib-es/HWDeviceProvider.d.ts +25 -0
package/lib-es/HWDeviceProvider.d.ts.map +1 -0
package/lib-es/HWDeviceProvider.js +81 -0
package/lib-es/HWDeviceProvider.js.map +1 -0
package/lib-es/api.d.ts +77 -0
package/lib-es/api.d.ts.map +1 -0
package/lib-es/api.js +145 -0
package/lib-es/api.js.map +1 -0
package/lib-es/auth.d.ts +3 -0
package/lib-es/auth.d.ts.map +1 -0
package/lib-es/auth.js +75 -0
package/lib-es/auth.js.map +1 -0
package/lib-es/errors.d.ts +40 -0
package/lib-es/errors.d.ts.map +1 -0
package/lib-es/errors.js +15 -0
package/lib-es/errors.js.map +1 -0
package/lib-es/index.d.ts +6 -0
package/lib-es/index.d.ts.map +1 -0
package/lib-es/index.js +13 -0
package/lib-es/index.js.map +1 -0
package/lib-es/mockSdk.d.ts +22 -0
package/lib-es/mockSdk.d.ts.map +1 -0
package/lib-es/mockSdk.js +201 -0
package/lib-es/mockSdk.js.map +1 -0
package/lib-es/qrcode/cipher.d.ts +12 -0
package/lib-es/qrcode/cipher.d.ts.map +1 -0
package/lib-es/qrcode/cipher.js +61 -0
package/lib-es/qrcode/cipher.js.map +1 -0
package/lib-es/qrcode/cipher.test.d.ts +2 -0
package/lib-es/qrcode/cipher.test.d.ts.map +1 -0
package/lib-es/qrcode/cipher.test.js +38 -0
package/lib-es/qrcode/cipher.test.js.map +1 -0
package/lib-es/qrcode/index.d.ts +70 -0
package/lib-es/qrcode/index.d.ts.map +1 -0
package/lib-es/qrcode/index.js +304 -0
package/lib-es/qrcode/index.js.map +1 -0
package/lib-es/qrcode/index.test.d.ts +2 -0
package/lib-es/qrcode/index.test.d.ts.map +1 -0
package/lib-es/qrcode/index.test.js +126 -0
package/lib-es/qrcode/index.test.js.map +1 -0
package/lib-es/qrcode/types.d.ts +69 -0
package/lib-es/qrcode/types.d.ts.map +1 -0
package/lib-es/qrcode/types.js +2 -0
package/lib-es/qrcode/types.js.map +1 -0
package/lib-es/sdk.d.ts +31 -0
package/lib-es/sdk.d.ts.map +1 -0
package/lib-es/sdk.js +371 -0
package/lib-es/sdk.js.map +1 -0
package/lib-es/store.d.ts +71 -0
package/lib-es/store.d.ts.map +1 -0
package/lib-es/store.js +51 -0
package/lib-es/store.js.map +1 -0
package/lib-es/types.d.ts +181 -0
package/lib-es/types.d.ts.map +1 -0
package/lib-es/types.js +7 -0
package/lib-es/types.js.map +1 -0
package/mocks/scenarios/addSameMemberMultipleTimes.json +426 -0
package/mocks/scenarios/create2trustchainInARow.json +616 -0
package/mocks/scenarios/getOrCreateTransactionCases.json +591 -0
package/mocks/scenarios/member3implicitlyAdded.json +648 -0
package/mocks/scenarios/membersManySelfAdd.json +1427 -0
package/mocks/scenarios/randomMemberTryToDestroy.json +371 -0
package/mocks/scenarios/removeMemberWithTheWrongSeed.json +510 -0
package/mocks/scenarios/removedMemberEjectedOnDeletedTrustchain.json +481 -0
package/mocks/scenarios/removedMemberEjectedOnGetMembers.json +648 -0
package/mocks/scenarios/removedMemberEjectedOnRestore.json +648 -0
package/mocks/scenarios/removingAMemberCreatesAnInteraction.json +593 -0
package/mocks/scenarios/removingYourselfIsForbidden.json +397 -0
package/mocks/scenarios/success.json +978 -0
package/mocks/scenarios/tokenExpires.json +371 -0
package/mocks/scenarios/twoAddMembersFollowedByDeviceAdd.json +705 -0
package/mocks/scenarios/userRefusesAuth.json +40 -0
package/mocks/scenarios/userRefusesRemoveMember.json +542 -0
package/package.json +91 -0
package/scripts/README.md +15 -0
package/scripts/e2e.ts +57 -0
package/src/HWDeviceProvider.ts +105 -0
package/src/__tests__/integration/mock.sdk.test.ts +47 -0
package/src/__tests__/integration/sdk.test.ts +20 -0
package/src/__tests__/tsconfig.json +8 -0
package/src/__tests__/unit/sdk.test.ts +236 -0
package/src/api.ts +202 -0
package/src/auth.ts +81 -0
package/src/errors.ts +18 -0
package/src/index.ts +20 -0
package/src/mockSdk.ts +253 -0
package/src/qrcode/cipher.test.ts +30 -0
package/src/qrcode/cipher.ts +63 -0
package/src/qrcode/index.test.ts +138 -0
package/src/qrcode/index.ts +395 -0
package/src/qrcode/types.ts +70 -0
package/src/sdk.ts +542 -0
package/src/store.ts +99 -0
package/src/types.ts +242 -0
package/tests/scenarios/_template.ts +18 -0
package/tests/scenarios/addSameMemberMultipleTimes.ts +20 -0
package/tests/scenarios/create2trustchainInARow.ts +14 -0
package/tests/scenarios/getOrCreateTransactionCases.ts +74 -0
package/tests/scenarios/member3implicitlyAdded.ts +51 -0
package/tests/scenarios/membersManySelfAdd.ts +18 -0
package/tests/scenarios/randomMemberTryToDestroy.ts +23 -0
package/tests/scenarios/removeMemberWithTheWrongSeed.ts +28 -0
package/tests/scenarios/removedMemberEjectedOnDeletedTrustchain.ts +31 -0
package/tests/scenarios/removedMemberEjectedOnGetMembers.ts +29 -0
package/tests/scenarios/removedMemberEjectedOnRestore.ts +31 -0
package/tests/scenarios/removingAMemberCreatesAnInteraction.ts +42 -0
package/tests/scenarios/removingYourselfIsForbidden.ts +11 -0
package/tests/scenarios/success.ts +94 -0
package/tests/scenarios/tokenExpires.ts +20 -0
package/tests/scenarios/twoAddMembersFollowedByDeviceAdd.ts +49 -0
package/tests/scenarios/userRefusesAuth.ts +28 -0
package/tests/scenarios/userRefusesRemoveMember.ts +66 -0
package/tests/test-helpers/recordTrustchainSdkTests.ts +178 -0
package/tests/test-helpers/replayTrustchainSdkTests.ts +141 -0
package/tests/test-helpers/types.ts +45 -0
package/tests/tsconfig.json +8 -0
package/tsconfig.json +15 -0

package/lib/qrcode/index.test.js ADDED Viewed

@@ -0,0 +1,131 @@
+"use strict";
+var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) {
+    function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }
+    return new (P || (P = Promise))(function (resolve, reject) {
+        function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } }
+        function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } }
+        function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); }
+        step((generator = generator.apply(thisArg, _arguments || [])).next());
+    });
+};
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+const _1 = require(".");
+const ws_1 = __importDefault(require("ws"));
+const sdk_1 = require("../sdk");
+const hw_ledger_key_ring_protocol_1 = require("@ledgerhq/hw-ledger-key-ring-protocol");
+const errors_1 = require("../errors");
+describe("Trustchain QR Code", () => {
+    let server;
+    let a;
+    let b;
+    beforeAll(() => {
+        server = new ws_1.default.Server({ port: 1234 });
+        server.on("connection", ws => {
+            if (!a) {
+                a = ws;
+            }
+            else if (!b) {
+                b = ws;
+            }
+            ws.on("message", message => {
+                if (ws === a && b) {
+                    b.send(message);
+                }
+                else if (ws === b && a) {
+                    a.send(message);
+                }
+            });
+        });
+    });
+    afterAll(() => {
+        server.close();
+    });
+    test("digits matching scenario", () => __awaiter(void 0, void 0, void 0, function* () {
+        const onDisplayDigits = jest.fn();
+        const trustchain = {
+            rootId: "test-root-id",
+            walletSyncEncryptionKey: "test-wallet-sync-encryption-key",
+            applicationPath: "m/0'/16'/0'",
+        };
+        const addMember = jest.fn(() => Promise.resolve(trustchain));
+        const memberCredentials = (0, sdk_1.convertKeyPairToLiveCredentials)(yield hw_ledger_key_ring_protocol_1.crypto.randomKeypair());
+        const memberName = "foo";
+        let scannedUrlResolve;
+        const scannedUrlPromise = new Promise(resolve => {
+            scannedUrlResolve = resolve;
+        });
+        const onDisplayQRCode = (url) => {
+            scannedUrlResolve(url);
+        };
+        const onRequestQRCodeInput = jest.fn((config, callback) => callback(onDisplayDigits.mock.calls[0][0]));
+        const hostP = (0, _1.createQRCodeHostInstance)({
+            trustchainApiBaseUrl: "ws://localhost:1234",
+            onDisplayQRCode,
+            onDisplayDigits,
+            addMember,
+            memberCredentials,
+            memberName,
+            initialTrustchainId: trustchain.rootId,
+        });
+        const scannedUrl = yield scannedUrlPromise;
+        const candidateP = (0, _1.createQRCodeCandidateInstance)({
+            memberCredentials,
+            memberName,
+            initialTrustchainId: undefined,
+            addMember,
+            scannedUrl,
+            onRequestQRCodeInput,
+        });
+        const [_, res] = yield Promise.all([hostP, candidateP]);
+        expect(onDisplayDigits).toHaveBeenCalledWith(expect.any(String));
+        expect(addMember).toHaveBeenCalled();
+        expect(onRequestQRCodeInput).toHaveBeenCalledWith({ digits: 3, connected: false }, expect.any(Function));
+        expect(res).toEqual(trustchain);
+    }));
+    test("invalid qr code scanned", () => __awaiter(void 0, void 0, void 0, function* () {
+        const trustchain = {
+            rootId: "test-root-id",
+            walletSyncEncryptionKey: "test-wallet-sync-encryption-key",
+            applicationPath: "m/0'/16'/0'",
+        };
+        const addMember = jest.fn(() => Promise.resolve(trustchain));
+        const memberCredentials = (0, sdk_1.convertKeyPairToLiveCredentials)(yield hw_ledger_key_ring_protocol_1.crypto.randomKeypair());
+        const memberName = "foo";
+        const onRequestQRCodeInput = jest.fn();
+        const scannedUrl = "https://example.com";
+        const candidateP = (0, _1.createQRCodeCandidateInstance)({
+            memberCredentials,
+            memberName,
+            initialTrustchainId: undefined,
+            addMember,
+            scannedUrl,
+            onRequestQRCodeInput,
+        });
+        yield expect(candidateP).rejects.toThrow(new errors_1.ScannedInvalidQrCode());
+    }));
+    test("old accounts export qr code scanned", () => __awaiter(void 0, void 0, void 0, function* () {
+        const trustchain = {
+            rootId: "test-root-id",
+            walletSyncEncryptionKey: "test-wallet-sync-encryption-key",
+            applicationPath: "m/0'/16'/0'",
+        };
+        const addMember = jest.fn(() => Promise.resolve(trustchain));
+        const memberCredentials = (0, sdk_1.convertKeyPairToLiveCredentials)(yield hw_ledger_key_ring_protocol_1.crypto.randomKeypair());
+        const memberName = "foo";
+        const onRequestQRCodeInput = jest.fn();
+        const scannedUrl = "ZAADAAIAAAAEd2JXMpuoYdzvkNzFTlmQLPcGf2LSjDOgqaB3nQoZqlimcCX6HNkescWKyT1DCGuwO7IesD7oYg+fdZPkiIfFL3V9swfZRePkaNN09IjXsWLsim9hK/qi/RC1/ofX3hYNKUxUAgYVVG82WKXIk47siWfUlRZsCYSAARQ6ASpUgidPjMHaOMK6w53wTZplwo7Zjv1HrIyKwr3Ci8OmrFye5g==";
+        const candidateP = (0, _1.createQRCodeCandidateInstance)({
+            memberCredentials,
+            memberName,
+            initialTrustchainId: undefined,
+            addMember,
+            scannedUrl,
+            onRequestQRCodeInput,
+        });
+        yield expect(candidateP).rejects.toThrow(new errors_1.ScannedOldImportQrCode());
+    }));
+});
+//# sourceMappingURL=index.test.js.map

package/lib/qrcode/index.test.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"index.test.js","sourceRoot":"","sources":["../../src/qrcode/index.test.ts"],"names":[],"mappings":";;;;;;;;;;;;;;AAAA,wBAA4E;AAC5E,4CAA2B;AAC3B,gCAAyD;AACzD,uFAA+D;AAC/D,sCAAyE;AAEzE,QAAQ,CAAC,oBAAoB,EAAE,GAAG,EAAE;IAClC,IAAI,MAAM,CAAC;IACX,IAAI,CAAC,CAAC;IACN,IAAI,CAAC,CAAC;IAEN,SAAS,CAAC,GAAG,EAAE;QACb,MAAM,GAAG,IAAI,YAAS,CAAC,MAAM,CAAC,EAAE,IAAI,EAAE,IAAI,EAAE,CAAC,CAAC;QAC9C,MAAM,CAAC,EAAE,CAAC,YAAY,EAAE,EAAE,CAAC,EAAE;YAC3B,IAAI,CAAC,CAAC,EAAE,CAAC;gBACP,CAAC,GAAG,EAAE,CAAC;YACT,CAAC;iBAAM,IAAI,CAAC,CAAC,EAAE,CAAC;gBACd,CAAC,GAAG,EAAE,CAAC;YACT,CAAC;YACD,EAAE,CAAC,EAAE,CAAC,SAAS,EAAE,OAAO,CAAC,EAAE;gBACzB,IAAI,EAAE,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC;oBAClB,CAAC,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;gBAClB,CAAC;qBAAM,IAAI,EAAE,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC;oBACzB,CAAC,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;gBAClB,CAAC;YACH,CAAC,CAAC,CAAC;QACL,CAAC,CAAC,CAAC;IACL,CAAC,CAAC,CAAC;IAEH,QAAQ,CAAC,GAAG,EAAE;QACZ,MAAM,CAAC,KAAK,EAAE,CAAC;IACjB,CAAC,CAAC,CAAC;IAEH,IAAI,CAAC,0BAA0B,EAAE,GAAS,EAAE;QAC1C,MAAM,eAAe,GAAG,IAAI,CAAC,EAAE,EAAE,CAAC;QAClC,MAAM,UAAU,GAAG;YACjB,MAAM,EAAE,cAAc;YACtB,uBAAuB,EAAE,iCAAiC;YAC1D,eAAe,EAAE,aAAa;SAC/B,CAAC;QACF,MAAM,SAAS,GAAG,IAAI,CAAC,EAAE,CAAC,GAAG,EAAE,CAAC,OAAO,CAAC,OAAO,CAAC,UAAU,CAAC,CAAC,CAAC;QAC7D,MAAM,iBAAiB,GAAG,IAAA,qCAA+B,EAAC,MAAM,oCAAM,CAAC,aAAa,EAAE,CAAC,CAAC;QACxF,MAAM,UAAU,GAAG,KAAK,CAAC;QAEzB,IAAI,iBAAwC,CAAC;QAC7C,MAAM,iBAAiB,GAAG,IAAI,OAAO,CAAS,OAAO,CAAC,EAAE;YACtD,iBAAiB,GAAG,OAAO,CAAC;QAC9B,CAAC,CAAC,CAAC;QACH,MAAM,eAAe,GAAG,CAAC,GAAW,EAAE,EAAE;YACtC,iBAAiB,CAAC,GAAG,CAAC,CAAC;QACzB,CAAC,CAAC;QACF,MAAM,oBAAoB,GAAG,IAAI,CAAC,EAAE,CAAC,CAAC,MAAM,EAAE,QAAQ,EAAE,EAAE,CACxD,QAAQ,CAAC,eAAe,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAC3C,CAAC;QAEF,MAAM,KAAK,GAAG,IAAA,2BAAwB,EAAC;YACrC,oBAAoB,EAAE,qBAAqB;YAC3C,eAAe;YACf,eAAe;YACf,SAAS;YACT,iBAAiB;YACjB,UAAU;YACV,mBAAmB,EAAE,UAAU,CAAC,MAAM;SACvC,CAAC,CAAC;QAEH,MAAM,UAAU,GAAG,MAAM,iBAAiB,CAAC;QAE3C,MAAM,UAAU,GAAG,IAAA,gCAA6B,EAAC;YAC/C,iBAAiB;YACjB,UAAU;YACV,mBAAmB,EAAE,SAAS;YAC9B,SAAS;YACT,UAAU;YACV,oBAAoB;SACrB,CAAC,CAAC;QAEH,MAAM,CAAC,CAAC,EAAE,GAAG,CAAC,GAAG,MAAM,OAAO,CAAC,GAAG,CAAC,CAAC,KAAK,EAAE,UAAU,CAAC,CAAC,CAAC;QAExD,MAAM,CAAC,eAAe,CAAC,CAAC,oBAAoB,CAAC,MAAM,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC,CAAC;QACjE,MAAM,CAAC,SAAS,CAAC,CAAC,gBAAgB,EAAE,CAAC;QACrC,MAAM,CAAC,oBAAoB,CAAC,CAAC,oBAAoB,CAC/C,EAAE,MAAM,EAAE,CAAC,EAAE,SAAS,EAAE,KAAK,EAAE,EAC/B,MAAM,CAAC,GAAG,CAAC,QAAQ,CAAC,CACrB,CAAC;QACF,MAAM,CAAC,GAAG,CAAC,CAAC,OAAO,CAAC,UAAU,CAAC,CAAC;IAClC,CAAC,CAAA,CAAC,CAAC;IACH,IAAI,CAAC,yBAAyB,EAAE,GAAS,EAAE;QACzC,MAAM,UAAU,GAAG;YACjB,MAAM,EAAE,cAAc;YACtB,uBAAuB,EAAE,iCAAiC;YAC1D,eAAe,EAAE,aAAa;SAC/B,CAAC;QACF,MAAM,SAAS,GAAG,IAAI,CAAC,EAAE,CAAC,GAAG,EAAE,CAAC,OAAO,CAAC,OAAO,CAAC,UAAU,CAAC,CAAC,CAAC;QAC7D,MAAM,iBAAiB,GAAG,IAAA,qCAA+B,EAAC,MAAM,oCAAM,CAAC,aAAa,EAAE,CAAC,CAAC;QACxF,MAAM,UAAU,GAAG,KAAK,CAAC;QAEzB,MAAM,oBAAoB,GAAG,IAAI,CAAC,EAAE,EAAE,CAAC;QAEvC,MAAM,UAAU,GAAG,qBAAqB,CAAC;QAEzC,MAAM,UAAU,GAAG,IAAA,gCAA6B,EAAC;YAC/C,iBAAiB;YACjB,UAAU;YACV,mBAAmB,EAAE,SAAS;YAC9B,SAAS;YACT,UAAU;YACV,oBAAoB;SACrB,CAAC,CAAC;QAEH,MAAM,MAAM,CAAC,UAAU,CAAC,CAAC,OAAO,CAAC,OAAO,CAAC,IAAI,6BAAoB,EAAE,CAAC,CAAC;IACvE,CAAC,CAAA,CAAC,CAAC;IACH,IAAI,CAAC,qCAAqC,EAAE,GAAS,EAAE;QACrD,MAAM,UAAU,GAAG;YACjB,MAAM,EAAE,cAAc;YACtB,uBAAuB,EAAE,iCAAiC;YAC1D,eAAe,EAAE,aAAa;SAC/B,CAAC;QACF,MAAM,SAAS,GAAG,IAAI,CAAC,EAAE,CAAC,GAAG,EAAE,CAAC,OAAO,CAAC,OAAO,CAAC,UAAU,CAAC,CAAC,CAAC;QAC7D,MAAM,iBAAiB,GAAG,IAAA,qCAA+B,EAAC,MAAM,oCAAM,CAAC,aAAa,EAAE,CAAC,CAAC;QACxF,MAAM,UAAU,GAAG,KAAK,CAAC;QAEzB,MAAM,oBAAoB,GAAG,IAAI,CAAC,EAAE,EAAE,CAAC;QAEvC,MAAM,UAAU,GACd,sOAAsO,CAAC;QAEzO,MAAM,UAAU,GAAG,IAAA,gCAA6B,EAAC;YAC/C,iBAAiB;YACjB,UAAU;YACV,mBAAmB,EAAE,SAAS;YAC9B,SAAS;YACT,UAAU;YACV,oBAAoB;SACrB,CAAC,CAAC;QAEH,MAAM,MAAM,CAAC,UAAU,CAAC,CAAC,OAAO,CAAC,OAAO,CAAC,IAAI,+BAAsB,EAAE,CAAC,CAAC;IACzE,CAAC,CAAA,CAAC,CAAC;AACL,CAAC,CAAC,CAAC"}

package/lib/qrcode/types.d.ts ADDED Viewed

@@ -0,0 +1,69 @@
+import { Trustchain } from "../types";
+export type Encrypted<T> = {
+    encrypted: string;
+};
+export type Message = {
+    version: number;
+    publisher: string;
+    message: "InitiateHandshake";
+    payload: {
+        ephemeral_public_key: string;
+    };
+} | {
+    version: number;
+    publisher: string;
+    message: "Failure";
+    payload: {
+        message: string;
+        type: string;
+    };
+} | {
+    version: number;
+    publisher: string;
+    message: "HandshakeChallenge";
+    payload: Encrypted<{
+        digits: number;
+        connected: boolean;
+    }>;
+} | {
+    version: number;
+    publisher: string;
+    message: "CompleteHandshakeChallenge";
+    payload: Encrypted<{
+        digits: string;
+    }>;
+} | {
+    version: number;
+    publisher: string;
+    message: "HandshakeCompletionSucceeded";
+    payload: Encrypted<Record<string, never>>;
+} | {
+    version: number;
+    publisher: string;
+    message: "TrustchainRequestCredential";
+    payload: Encrypted<Record<string, never>>;
+} | {
+    version: number;
+    publisher: string;
+    message: "TrustchainShareCredential";
+    payload: Encrypted<{
+        id: string;
+        name: string;
+    }>;
+} | {
+    version: number;
+    publisher: string;
+    message: "TrustchainAddedMember";
+    payload: Encrypted<{
+        trustchain: Trustchain;
+    }>;
+};
+export type DecryptedPayload<M> = M extends {
+    payload: Encrypted<infer T>;
+} ? T : M extends {
+    payload: infer T;
+} ? T : never;
+export type ExtractEncryptedPayloads<T> = T extends {
+    payload: Encrypted<infer P>;
+} ? P : never;
+//# sourceMappingURL=types.d.ts.map

package/lib/qrcode/types.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../../src/qrcode/types.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,UAAU,EAAE,MAAM,UAAU,CAAC;AAGtC,MAAM,MAAM,SAAS,CAAC,CAAC,IAAI;IACzB,SAAS,EAAE,MAAM,CAAC;CACnB,CAAC;AACF,MAAM,MAAM,OAAO,GACf;IACE,OAAO,EAAE,MAAM,CAAC;IAChB,SAAS,EAAE,MAAM,CAAC;IAClB,OAAO,EAAE,mBAAmB,CAAC;IAC7B,OAAO,EAAE;QAAE,oBAAoB,EAAE,MAAM,CAAA;KAAE,CAAC;CAC3C,GACD;IACE,OAAO,EAAE,MAAM,CAAC;IAChB,SAAS,EAAE,MAAM,CAAC;IAClB,OAAO,EAAE,SAAS,CAAC;IACnB,OAAO,EAAE;QAAE,OAAO,EAAE,MAAM,CAAC;QAAC,IAAI,EAAE,MAAM,CAAA;KAAE,CAAC;CAC5C,GACD;IACE,OAAO,EAAE,MAAM,CAAC;IAChB,SAAS,EAAE,MAAM,CAAC;IAClB,OAAO,EAAE,oBAAoB,CAAC;IAC9B,OAAO,EAAE,SAAS,CAAC;QAAE,MAAM,EAAE,MAAM,CAAC;QAAC,SAAS,EAAE,OAAO,CAAA;KAAE,CAAC,CAAC;CAC5D,GACD;IACE,OAAO,EAAE,MAAM,CAAC;IAChB,SAAS,EAAE,MAAM,CAAC;IAClB,OAAO,EAAE,4BAA4B,CAAC;IACtC,OAAO,EAAE,SAAS,CAAC;QAAE,MAAM,EAAE,MAAM,CAAA;KAAE,CAAC,CAAC;CACxC,GACD;IACE,OAAO,EAAE,MAAM,CAAC;IAChB,SAAS,EAAE,MAAM,CAAC;IAClB,OAAO,EAAE,8BAA8B,CAAC;IACxC,OAAO,EAAE,SAAS,CAAC,MAAM,CAAC,MAAM,EAAE,KAAK,CAAC,CAAC,CAAC;CAC3C,GACD;IACE,OAAO,EAAE,MAAM,CAAC;IAChB,SAAS,EAAE,MAAM,CAAC;IAClB,OAAO,EAAE,6BAA6B,CAAC;IACvC,OAAO,EAAE,SAAS,CAAC,MAAM,CAAC,MAAM,EAAE,KAAK,CAAC,CAAC,CAAC;CAC3C,GACD;IACE,OAAO,EAAE,MAAM,CAAC;IAChB,SAAS,EAAE,MAAM,CAAC;IAClB,OAAO,EAAE,2BAA2B,CAAC;IACrC,OAAO,EAAE,SAAS,CAAC;QAEjB,EAAE,EAAE,MAAM,CAAC;QAEX,IAAI,EAAE,MAAM,CAAC;KACd,CAAC,CAAC;CACJ,GACD;IACE,OAAO,EAAE,MAAM,CAAC;IAChB,SAAS,EAAE,MAAM,CAAC;IAClB,OAAO,EAAE,uBAAuB,CAAC;IACjC,OAAO,EAAE,SAAS,CAAC;QACjB,UAAU,EAAE,UAAU,CAAC;KACxB,CAAC,CAAC;CACJ,CAAC;AAEN,MAAM,MAAM,gBAAgB,CAAC,CAAC,IAAI,CAAC,SAAS;IAAE,OAAO,EAAE,SAAS,CAAC,MAAM,CAAC,CAAC,CAAA;CAAE,GACvE,CAAC,GACD,CAAC,SAAS;IAAE,OAAO,EAAE,MAAM,CAAC,CAAA;CAAE,GAC5B,CAAC,GACD,KAAK,CAAC;AAEZ,MAAM,MAAM,wBAAwB,CAAC,CAAC,IAAI,CAAC,SAAS;IAAE,OAAO,EAAE,SAAS,CAAC,MAAM,CAAC,CAAC,CAAA;CAAE,GAAG,CAAC,GAAG,KAAK,CAAC"}

package/lib/qrcode/types.js ADDED Viewed

@@ -0,0 +1,3 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+//# sourceMappingURL=types.js.map

package/lib/qrcode/types.js.map ADDED Viewed

	@@ -0,0 +1 @@
1	+ {"version":3,"file":"types.js","sourceRoot":"","sources":["../../src/qrcode/types.ts"],"names":[],"mappings":""}

package/lib/sdk.d.ts ADDED Viewed

@@ -0,0 +1,31 @@
+import { JWT, MemberCredentials, TrustchainSDKContext, Trustchain, TrustchainMember, TrustchainSDK, TrustchainDeviceCallbacks, AuthCachePolicy, TrustchainResult, TrustchainLifecycle, GetOrCreateTrustchainCallbacks } from "./types";
+import { KeyPair as CryptoKeyPair } from "@ledgerhq/hw-ledger-key-ring-protocol/Crypto";
+import { HWDeviceProvider } from "./HWDeviceProvider";
+export declare class SDK implements TrustchainSDK {
+    private context;
+    private hwDeviceProvider;
+    private lifecycle?;
+    private api;
+    constructor(context: TrustchainSDKContext, hwDeviceProvider: HWDeviceProvider, lifecyle?: TrustchainLifecycle);
+    private jwt;
+    private jwtHash;
+    withAuth<T>(trustchain: Trustchain, memberCredentials: MemberCredentials, job: (jwt: JWT) => Promise<T>, policy?: AuthCachePolicy, ignorePermissionsChecks?: boolean): Promise<T>;
+    initMemberCredentials(): Promise<MemberCredentials>;
+    getOrCreateTrustchain(deviceId: string, memberCredentials: MemberCredentials, callbacks?: GetOrCreateTrustchainCallbacks, topic?: Uint8Array, currentTrustchain?: Trustchain): Promise<TrustchainResult>;
+    restoreTrustchain(trustchain: Trustchain, memberCredentials: MemberCredentials): Promise<Trustchain>;
+    getMembers(trustchain: Trustchain, memberCredentials: MemberCredentials): Promise<TrustchainMember[]>;
+    removeMember(deviceId: string, trustchain: Trustchain, memberCredentials: MemberCredentials, member: TrustchainMember, callbacks?: TrustchainDeviceCallbacks): Promise<Trustchain>;
+    addMember(trustchain: Trustchain, memberCredentials: MemberCredentials, member: TrustchainMember): Promise<void>;
+    invalidateJwt(): void;
+    destroyTrustchain(trustchain: Trustchain, memberCredentials: MemberCredentials): Promise<void>;
+    encryptUserData(trustchain: Trustchain, input: Uint8Array): Promise<Uint8Array>;
+    decryptUserData(trustchain: Trustchain, data: Uint8Array): Promise<Uint8Array>;
+    private fetchTrustchain;
+    private fetchTrustchainAndResolve;
+    private auth;
+    private pushMember;
+    private closeStream;
+}
+export declare function convertKeyPairToLiveCredentials(keyPair: CryptoKeyPair): MemberCredentials;
+export declare function convertLiveCredentialsToKeyPair(memberCredentials: MemberCredentials): CryptoKeyPair;
+//# sourceMappingURL=sdk.d.ts.map

package/lib/sdk.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"sdk.d.ts","sourceRoot":"","sources":["../src/sdk.ts"],"names":[],"mappings":"AAAA,OAAO,EACL,GAAG,EACH,iBAAiB,EACjB,oBAAoB,EACpB,UAAU,EACV,gBAAgB,EAChB,aAAa,EACb,yBAAyB,EACzB,eAAe,EACf,gBAAgB,EAEhB,mBAAmB,EACnB,8BAA8B,EAC/B,MAAM,SAAS,CAAC;AAYjB,OAAO,EAAE,OAAO,IAAI,aAAa,EAAE,MAAM,8CAA8C,CAAC;AAUxF,OAAO,EAAE,gBAAgB,EAAE,MAAM,oBAAoB,CAAC;AAMtD,qBAAa,GAAI,YAAW,aAAa;IACvC,OAAO,CAAC,OAAO,CAAuB;IACtC,OAAO,CAAC,gBAAgB,CAAmB;IAC3C,OAAO,CAAC,SAAS,CAAC,CAAsB;IACxC,OAAO,CAAC,GAAG,CAA4B;gBAGrC,OAAO,EAAE,oBAAoB,EAC7B,gBAAgB,EAAE,gBAAgB,EAClC,QAAQ,CAAC,EAAE,mBAAmB;IAQhC,OAAO,CAAC,GAAG,CAA8B;IACzC,OAAO,CAAC,OAAO,CAAM;IACrB,QAAQ,CAAC,CAAC,EACR,UAAU,EAAE,UAAU,EACtB,iBAAiB,EAAE,iBAAiB,EACpC,GAAG,EAAE,CAAC,GAAG,EAAE,GAAG,KAAK,OAAO,CAAC,CAAC,CAAC,EAC7B,MAAM,CAAC,EAAE,eAAe,EACxB,uBAAuB,CAAC,EAAE,OAAO,GAChC,OAAO,CAAC,CAAC,CAAC;IA8BP,qBAAqB,IAAI,OAAO,CAAC,iBAAiB,CAAC;IAKnD,qBAAqB,CACzB,QAAQ,EAAE,MAAM,EAChB,iBAAiB,EAAE,iBAAiB,EACpC,SAAS,CAAC,EAAE,8BAA8B,EAC1C,KAAK,CAAC,EAAE,UAAU,EAClB,iBAAiB,CAAC,EAAE,UAAU,GAC7B,OAAO,CAAC,gBAAgB,CAAC;IAsFtB,iBAAiB,CACrB,UAAU,EAAE,UAAU,EACtB,iBAAiB,EAAE,iBAAiB,GACnC,OAAO,CAAC,UAAU,CAAC;IAqBhB,UAAU,CACd,UAAU,EAAE,UAAU,EACtB,iBAAiB,EAAE,iBAAiB,GACnC,OAAO,CAAC,gBAAgB,EAAE,CAAC;IAWxB,YAAY,CAChB,QAAQ,EAAE,MAAM,EAChB,UAAU,EAAE,UAAU,EACtB,iBAAiB,EAAE,iBAAiB,EACpC,MAAM,EAAE,gBAAgB,EACxB,SAAS,CAAC,EAAE,yBAAyB,GACpC,OAAO,CAAC,UAAU,CAAC;IAqFhB,SAAS,CACb,UAAU,EAAE,UAAU,EACtB,iBAAiB,EAAE,iBAAiB,EACpC,MAAM,EAAE,gBAAgB,GACvB,OAAO,CAAC,IAAI,CAAC;IAiBhB,aAAa;IAKP,iBAAiB,CACrB,UAAU,EAAE,UAAU,EACtB,iBAAiB,EAAE,iBAAiB,GACnC,OAAO,CAAC,IAAI,CAAC;IAOV,eAAe,CAAC,UAAU,EAAE,UAAU,EAAE,KAAK,EAAE,UAAU,GAAG,OAAO,CAAC,UAAU,CAAC;IAM/E,eAAe,CAAC,UAAU,EAAE,UAAU,EAAE,IAAI,EAAE,UAAU,GAAG,OAAO,CAAC,UAAU,CAAC;YAMtE,eAAe;YAMf,yBAAyB;YASzB,IAAI;YA4BJ,UAAU;YAoCV,WAAW;CAkB1B;AAED,wBAAgB,+BAA+B,CAAC,OAAO,EAAE,aAAa,GAAG,iBAAiB,CAKzF;AAED,wBAAgB,+BAA+B,CAC7C,iBAAiB,EAAE,iBAAiB,GACnC,aAAa,CAKf"}

package/lib/sdk.js ADDED Viewed

@@ -0,0 +1,380 @@
+"use strict";
+var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) {
+    function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }
+    return new (P || (P = Promise))(function (resolve, reject) {
+        function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } }
+        function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } }
+        function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); }
+        step((generator = generator.apply(thisArg, _arguments || [])).next());
+    });
+};
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.convertLiveCredentialsToKeyPair = exports.convertKeyPairToLiveCredentials = exports.SDK = void 0;
+const types_1 = require("./types");
+const hw_ledger_key_ring_protocol_1 = require("@ledgerhq/hw-ledger-key-ring-protocol");
+const api_1 = __importDefault(require("./api"));
+const logs_1 = require("@ledgerhq/logs");
+const errors_1 = require("@ledgerhq/errors");
+const errors_2 = require("./errors");
+const auth_1 = require("./auth");
+class SDK {
+    constructor(context, hwDeviceProvider, lifecyle) {
+        this.jwt = undefined;
+        this.jwtHash = "";
+        this.context = context;
+        this.hwDeviceProvider = hwDeviceProvider;
+        this.lifecycle = lifecyle;
+        this.api = (0, api_1.default)(context.apiBaseUrl);
+    }
+    withAuth(trustchain, memberCredentials, job, policy, ignorePermissionsChecks) {
+        const hash = trustchain.rootId + " " + memberCredentials.pubkey;
+        if (this.jwtHash !== hash) {
+            this.jwt = undefined;
+            this.jwtHash = hash;
+        }
+        return (0, auth_1.genericWithJWT)(jwt => {
+            this.jwt = jwt;
+            if (!ignorePermissionsChecks) {
+                const permissions = jwt.permissions[trustchain.rootId];
+                if (!permissions) {
+                    throw new errors_2.TrustchainNotAllowed("permissions not available for current trustchain");
+                }
+                // check if the application path is allowed
+                if (!permissions[trustchain.applicationPath]) {
+                    throw new errors_2.TrustchainOutdated(`expected ${trustchain.applicationPath}, got: ${Object.keys(permissions)[0]}`);
+                }
+            }
+            return job(jwt);
+        }, this.jwt, () => this.auth(trustchain, memberCredentials), jwt => this.api.refreshAuth(jwt), policy);
+    }
+    initMemberCredentials() {
+        return __awaiter(this, void 0, void 0, function* () {
+            const kp = yield hw_ledger_key_ring_protocol_1.crypto.randomKeypair();
+            return convertKeyPairToLiveCredentials(kp);
+        });
+    }
+    getOrCreateTrustchain(deviceId, memberCredentials, callbacks, topic, currentTrustchain) {
+        return __awaiter(this, void 0, void 0, function* () {
+            var _a;
+            this.invalidateJwt();
+            let type = types_1.TrustchainResultType.restored;
+            const withJwt = job => this.hwDeviceProvider.withJwt(deviceId, job, "cache", callbacks);
+            const withHw = job => this.hwDeviceProvider.withHw(deviceId, job, callbacks);
+            let trustchains = yield withJwt(this.api.getTrustchains);
+            (_a = callbacks === null || callbacks === void 0 ? void 0 : callbacks.onInitialResponse) === null || _a === void 0 ? void 0 : _a.call(callbacks, trustchains);
+            if (currentTrustchain) {
+                yield this.restoreTrustchain(currentTrustchain, memberCredentials).then(() => {
+                    throw Object.keys(trustchains).includes(currentTrustchain.rootId)
+                        ? new errors_2.TrustchainAlreadyInitialized()
+                        : new errors_2.TrustchainAlreadyInitializedWithOtherSeed();
+                }, () => {
+                    // The user was ejected from the trustchain therefore we can continue
+                });
+            }
+            if (Object.keys(trustchains).length === 0) {
+                (0, logs_1.log)("trustchain", "getOrCreateTrustchain: no trustchain yet, let's create one");
+                type = types_1.TrustchainResultType.created;
+                const streamTree = yield this.hwDeviceProvider.withHw(deviceId, hw => hw_ledger_key_ring_protocol_1.StreamTree.createNewTree(hw, { topic }));
+                yield streamTree.getRoot().resolve(); // double checks the signatures are correct before sending to the backend
+                const commandStream = hw_ledger_key_ring_protocol_1.CommandStreamEncoder.encode(streamTree.getRoot().blocks);
+                yield withJwt(jwt => this.api.postSeed(jwt, hw_ledger_key_ring_protocol_1.crypto.to_hex(commandStream)));
+                // deviceJwt have changed, proactively refresh it
+                yield this.hwDeviceProvider.refreshJwt(deviceId, callbacks);
+                trustchains = yield withJwt(this.api.getTrustchains);
+            }
+            // we find our trustchain root id
+            let trustchainRootId;
+            const trustchainRootPath = "m/";
+            for (const [trustchainId, info] of Object.entries(trustchains)) {
+                for (const path in info) {
+                    if (path === trustchainRootPath) {
+                        trustchainRootId = trustchainId;
+                    }
+                }
+            }
+            invariant(trustchainRootId, "trustchainRootId should be defined");
+            (0, logs_1.log)("trustchain", "getOrCreateTrustchain rootId=" + trustchainRootId);
+            // make a stream tree from all the trustchains associated to this root id
+            let { streamTree } = yield withJwt(jwt => this.fetchTrustchain(jwt, trustchainRootId));
+            const path = streamTree.getApplicationRootPath(this.context.applicationId);
+            const child = streamTree.getChild(path);
+            let shouldShare = true;
+            if (child) {
+                const resolved = yield child.resolve();
+                const members = resolved.getMembers();
+                shouldShare = !members.some(m => hw_ledger_key_ring_protocol_1.crypto.to_hex(m) === memberCredentials.pubkey); // not already a member
+            }
+            if (shouldShare) {
+                if (type === types_1.TrustchainResultType.restored)
+                    type = types_1.TrustchainResultType.updated;
+                streamTree = yield this.pushMember(streamTree, path, trustchainRootId, withJwt, withHw, {
+                    id: memberCredentials.pubkey,
+                    name: this.context.name,
+                    permissions: hw_ledger_key_ring_protocol_1.Permissions.OWNER,
+                });
+            }
+            const walletSyncEncryptionKey = yield extractEncryptionKey(streamTree, path, memberCredentials);
+            const trustchain = {
+                rootId: trustchainRootId,
+                walletSyncEncryptionKey,
+                applicationPath: path,
+            };
+            return { type, trustchain };
+        });
+    }
+    restoreTrustchain(trustchain, memberCredentials) {
+        return __awaiter(this, void 0, void 0, function* () {
+            const { streamTree, applicationRootPath } = yield this.withAuth(trustchain, memberCredentials, jwt => this.fetchTrustchainAndResolve(jwt, trustchain.rootId, this.context.applicationId), "refresh", true);
+            const walletSyncEncryptionKey = yield extractEncryptionKey(streamTree, applicationRootPath, memberCredentials);
+            return {
+                rootId: trustchain.rootId,
+                walletSyncEncryptionKey,
+                applicationPath: applicationRootPath,
+            };
+        });
+    }
+    getMembers(trustchain, memberCredentials) {
+        return __awaiter(this, void 0, void 0, function* () {
+            const { resolved } = yield this.withAuth(trustchain, memberCredentials, jwt => this.fetchTrustchainAndResolve(jwt, trustchain.rootId, this.context.applicationId));
+            const members = resolved.getMembersData();
+            if (!members.some(m => m.id === memberCredentials.pubkey)) {
+                throw new errors_2.TrustchainEjected("Not a member of trustchain");
+            }
+            return members;
+        });
+    }
+    removeMember(deviceId, trustchain, memberCredentials, member, callbacks) {
+        return __awaiter(this, void 0, void 0, function* () {
+            var _a;
+            this.invalidateJwt();
+            const withJwt = job => this.hwDeviceProvider.withJwt(deviceId, job, "cache", callbacks);
+            const withHw = job => this.hwDeviceProvider.withHw(deviceId, job, callbacks);
+            // invariant because the sdk does not support this case, and the UI should not allows it.
+            invariant(memberCredentials.pubkey !== member.id, "removeMember must not be used to remove the current member.");
+            const afterRotation = yield ((_a = this.lifecycle) === null || _a === void 0 ? void 0 : _a.onTrustchainRotation(this, trustchain, memberCredentials));
+            const applicationId = this.context.applicationId;
+            const trustchainId = trustchain.rootId;
+            // eslint-disable-next-line prefer-const
+            let { resolved, streamTree, applicationRootPath } = yield withJwt(jwt => this.fetchTrustchainAndResolve(jwt, trustchainId, applicationId));
+            const members = resolved.getMembersData();
+            const withoutMember = members.filter(m => m.id !== member.id);
+            invariant(withoutMember.length < members.length, "member not found"); // invariant because the UI should not allow this case.
+            const withoutMemberOrMe = withoutMember.filter(m => m.id !== memberCredentials.pubkey);
+            const softwareDevice = getSoftwareDevice(memberCredentials);
+            const newPath = streamTree.getApplicationRootPath(applicationId, 1);
+            // We close the current trustchain with the hardware wallet in order to get a user confirmation of the action
+            const sendCloseStreamToAPI = yield this.closeStream(streamTree, applicationRootPath, trustchainId, withJwt, withHw);
+            // derive a new branch of the tree on the new path
+            streamTree = yield this.pushMember(streamTree, newPath, trustchainId, withJwt, withHw, {
+                id: memberCredentials.pubkey,
+                name: this.context.name,
+                permissions: hw_ledger_key_ring_protocol_1.Permissions.OWNER,
+            });
+            // add the remaining members
+            const withSw = (job) => job(softwareDevice);
+            for (const m of withoutMemberOrMe) {
+                streamTree = yield this.pushMember(streamTree, newPath, trustchainId, withJwt, withSw, m);
+            }
+            const walletSyncEncryptionKey = yield extractEncryptionKey(streamTree, newPath, memberCredentials);
+            // we send the close stream to the API only after the new stream is created in case user cancelled the process in the middle.
+            yield sendCloseStreamToAPI();
+            // deviceJwt have changed, proactively refresh it
+            yield this.hwDeviceProvider.refreshJwt(deviceId, callbacks);
+            const newTrustchain = {
+                rootId: trustchainId,
+                walletSyncEncryptionKey,
+                applicationPath: newPath,
+            };
+            if (afterRotation)
+                yield afterRotation(newTrustchain);
+            // refresh the jwt with the new trustchain
+            this.jwt = yield this.withAuth(newTrustchain, memberCredentials, jwt => Promise.resolve(jwt), "refresh");
+            return newTrustchain;
+        });
+    }
+    addMember(trustchain, memberCredentials, member) {
+        return __awaiter(this, void 0, void 0, function* () {
+            const withJwt = f => this.withAuth(trustchain, memberCredentials, f);
+            const { streamTree, applicationRootPath } = yield withJwt(jwt => this.fetchTrustchainAndResolve(jwt, trustchain.rootId, this.context.applicationId));
+            const softwareDevice = getSoftwareDevice(memberCredentials);
+            const withSw = (job) => job(softwareDevice);
+            yield this.pushMember(streamTree, applicationRootPath, trustchain.rootId, withJwt, withSw, member);
+        });
+    }
+    invalidateJwt() {
+        this.jwt = undefined;
+        this.hwDeviceProvider.clearJwt();
+    }
+    destroyTrustchain(trustchain, memberCredentials) {
+        return __awaiter(this, void 0, void 0, function* () {
+            yield this.withAuth(trustchain, memberCredentials, jwt => this.api.deleteTrustchain(jwt, trustchain.rootId));
+            this.invalidateJwt();
+        });
+    }
+    encryptUserData(trustchain, input) {
+        return __awaiter(this, void 0, void 0, function* () {
+            const key = hw_ledger_key_ring_protocol_1.crypto.from_hex(trustchain.walletSyncEncryptionKey);
+            const encrypted = yield hw_ledger_key_ring_protocol_1.crypto.encryptUserData(key, input);
+            return encrypted;
+        });
+    }
+    decryptUserData(trustchain, data) {
+        return __awaiter(this, void 0, void 0, function* () {
+            const key = hw_ledger_key_ring_protocol_1.crypto.from_hex(trustchain.walletSyncEncryptionKey);
+            const decrypted = yield hw_ledger_key_ring_protocol_1.crypto.decryptUserData(key, data);
+            return decrypted;
+        });
+    }
+    fetchTrustchain(jwt, trustchainId) {
+        return __awaiter(this, void 0, void 0, function* () {
+            const trustchainData = yield this.api.getTrustchain(jwt, trustchainId);
+            const streamTree = hw_ledger_key_ring_protocol_1.StreamTree.deserialize(trustchainData);
+            return { streamTree };
+        });
+    }
+    fetchTrustchainAndResolve(jwt, trustchainId, applicationId) {
+        return __awaiter(this, void 0, void 0, function* () {
+            const { streamTree } = yield this.fetchTrustchain(jwt, trustchainId);
+            const applicationRootPath = streamTree.getApplicationRootPath(applicationId);
+            const applicationNode = streamTree.getChild(applicationRootPath);
+            invariant(applicationNode, "could not find the application stream.");
+            const resolved = yield applicationNode.resolve();
+            return { resolved, streamTree, applicationRootPath, applicationNode };
+        });
+    }
+    auth(trustchain, memberCredentials) {
+        return __awaiter(this, void 0, void 0, function* () {
+            const challenge = yield this.api.getAuthenticationChallenge();
+            const data = hw_ledger_key_ring_protocol_1.crypto.from_hex(challenge.tlv);
+            const [parsed, _] = hw_ledger_key_ring_protocol_1.Challenge.fromBytes(data);
+            const hash = yield hw_ledger_key_ring_protocol_1.crypto.hash(parsed.getUnsignedTLV());
+            const keypair = convertLiveCredentialsToKeyPair(memberCredentials);
+            const response = yield this.api
+                .postChallengeResponse({
+                challenge: challenge.json,
+                signature: {
+                    credential: credentialForPubKey(memberCredentials.pubkey),
+                    signature: hw_ledger_key_ring_protocol_1.crypto.to_hex(yield hw_ledger_key_ring_protocol_1.crypto.sign(hash, keypair)),
+                    attestation: hw_ledger_key_ring_protocol_1.crypto.to_hex(liveAuthentication(trustchain.rootId)),
+                },
+            })
+                .catch(e => {
+                if (e instanceof errors_1.LedgerAPI4xx &&
+                    (e.message.includes("Not a member of trustchain") ||
+                        e.message.includes("You are not member"))) {
+                    throw new errors_2.TrustchainEjected(e.message);
+                }
+                throw e;
+            });
+            return response;
+        });
+    }
+    pushMember(streamTree, path, trustchainId, withJwt, withDevice, member) {
+        return __awaiter(this, void 0, void 0, function* () {
+            const isMemberAlreadyInStreamTree = yield isMemberInStreamTree(streamTree, path, member);
+            if (isMemberAlreadyInStreamTree) {
+                return streamTree;
+            }
+            const isNewDerivation = !streamTree.getChild(path);
+            streamTree = yield withDevice(device => streamTree.share(path, device, hw_ledger_key_ring_protocol_1.crypto.from_hex(member.id), member.name, member.permissions));
+            const child = streamTree.getChild(path);
+            invariant(child, "StreamTree.share failed to create the child stream.");
+            yield child.resolve(); // double checks the signatures are correct before sending to the backend
+            if (isNewDerivation) {
+                const commandStream = hw_ledger_key_ring_protocol_1.CommandStreamEncoder.encode(child.blocks);
+                yield withJwt(jwt => this.api.postDerivation(jwt, trustchainId, hw_ledger_key_ring_protocol_1.crypto.to_hex(commandStream)));
+            }
+            else {
+                const commandStream = hw_ledger_key_ring_protocol_1.CommandStreamEncoder.encode([child.blocks[child.blocks.length - 1]]);
+                const request = {
+                    path,
+                    blocks: [hw_ledger_key_ring_protocol_1.crypto.to_hex(commandStream)],
+                };
+                yield withJwt(jwt => this.api.putCommands(jwt, trustchainId, request));
+            }
+            return streamTree;
+        });
+    }
+    closeStream(streamTree, path, trustchainId, withJwt, withDevice) {
+        return __awaiter(this, void 0, void 0, function* () {
+            streamTree = yield withDevice(device => streamTree.close(path, device));
+            const child = streamTree.getChild(path);
+            invariant(child, "StreamTree.close failed to create the child stream.");
+            yield child.resolve(); // double checks the signatures are correct before sending to the backend
+            const commandStream = hw_ledger_key_ring_protocol_1.CommandStreamEncoder.encode([child.blocks[child.blocks.length - 1]]);
+            const request = {
+                path,
+                blocks: [hw_ledger_key_ring_protocol_1.crypto.to_hex(commandStream)],
+            };
+            return () => withJwt(jwt => this.api.putCommands(jwt, trustchainId, request));
+        });
+    }
+}
+exports.SDK = SDK;
+function convertKeyPairToLiveCredentials(keyPair) {
+    return {
+        pubkey: hw_ledger_key_ring_protocol_1.crypto.to_hex(keyPair.publicKey),
+        privatekey: hw_ledger_key_ring_protocol_1.crypto.to_hex(keyPair.privateKey),
+    };
+}
+exports.convertKeyPairToLiveCredentials = convertKeyPairToLiveCredentials;
+function convertLiveCredentialsToKeyPair(memberCredentials) {
+    return {
+        publicKey: hw_ledger_key_ring_protocol_1.crypto.from_hex(memberCredentials.pubkey),
+        privateKey: hw_ledger_key_ring_protocol_1.crypto.from_hex(memberCredentials.privatekey),
+    };
+}
+exports.convertLiveCredentialsToKeyPair = convertLiveCredentialsToKeyPair;
+function getSoftwareDevice(memberCredentials) {
+    const kp = convertLiveCredentialsToKeyPair(memberCredentials);
+    return new hw_ledger_key_ring_protocol_1.SoftwareDevice(kp);
+}
+function extractEncryptionKey(streamTree, path, memberCredentials) {
+    return __awaiter(this, void 0, void 0, function* () {
+        const softwareDevice = getSoftwareDevice(memberCredentials);
+        const pathNumbers = hw_ledger_key_ring_protocol_1.DerivationPath.toIndexArray(path);
+        try {
+            const key = yield softwareDevice.readKey(streamTree, pathNumbers);
+            // private key is in the first 32 bytes
+            return hw_ledger_key_ring_protocol_1.crypto.to_hex(key.slice(0, 32));
+        }
+        catch (e) {
+            if (e instanceof Error) {
+                throw new errors_2.TrustchainEjected(e.message);
+            }
+            throw e;
+        }
+    });
+}
+// spec https://ledgerhq.atlassian.net/wiki/spaces/TA/pages/4335960138/ARCH+LedgerLive+Auth+specifications
+function liveAuthentication(rootId) {
+    const trustchainId = new TextEncoder().encode(rootId);
+    const att = new Uint8Array(2 + trustchainId.length);
+    att[0] = 0x02; // Prefix tag
+    att[1] = trustchainId.length;
+    att.set(trustchainId, 2);
+    return att;
+}
+function credentialForPubKey(publicKey) {
+    return { version: 0, curveId: 33, signAlgorithm: 1, publicKey };
+}
+function invariant(condition, message) {
+    if (!condition) {
+        throw new Error(message);
+    }
+}
+function isMemberInStreamTree(streamTree, path, member) {
+    return __awaiter(this, void 0, void 0, function* () {
+        const child = streamTree.getChild(path);
+        if (!child) {
+            return false;
+        }
+        const resolved = yield child.resolve();
+        const members = resolved.getMembersData();
+        return members.some(m => m.id === member.id);
+    });
+}
+//# sourceMappingURL=sdk.js.map