@ledgerhq/vault-common 1.123.1 → 2.0.0

package/.turbo/turbo-build.log

@@ -1,16 +1,92 @@
 
-> @ledgerhq/vault-common@1.123.1 build /home/runner/work/vault-ts/vault-ts/packages/common
-> pnpm clean && pnpm build:cjs && pnpm build:esm
-
-
-> @ledgerhq/vault-common@1.123.1 clean /home/runner/work/vault-ts/vault-ts/packages/common
-> rm -rf lib
-
-
-> @ledgerhq/vault-common@1.123.1 build:cjs /home/runner/work/vault-ts/vault-ts/packages/common
-> tsc -P tsconfig.build.json --module commonjs --target es5 --outDir lib
-
-
-> @ledgerhq/vault-common@1.123.1 build:esm /home/runner/work/vault-ts/vault-ts/packages/common
-> tsc -P tsconfig.build.json --module es2015 --target es5 --outDir lib/esm
+> @ledgerhq/vault-common@2.0.0 build /home/runner/work/vault-ts/vault-ts/packages/common
+> tsup
 
+CLI Building entry: src/createHSMBridge.ts, src/index.ts, src/recipeManifest.ts, src/reviewAPIRequest.ts, src/utils.ts, src/crypto/utils.ts, src/types/index.ts
+CLI Using tsconfig: tsconfig.json
+CLI tsup v8.5.0
+CLI Using tsup config: /home/runner/work/vault-ts/vault-ts/packages/common/tsup.config.ts
+CLI Target: es2022
+CLI Cleaning output folder
+ESM Build start
+CJS Build start
+ESM lib/createHSMBridge.mjs      252.00 B
+ESM lib/crypto/utils.mjs         183.00 B
+ESM lib/types/index.mjs          201.00 B
+ESM lib/recipeManifest.mjs       238.00 B
+ESM lib/chunk-S6YY774N.mjs       16.35 KB
+ESM lib/reviewAPIRequest.mjs     286.00 B
+ESM lib/index.mjs                113.68 KB
+ESM lib/chunk-VQYIVPMU.mjs       35.51 KB
+ESM lib/chunk-PB4BEIPE.mjs       3.00 KB
+ESM lib/chunk-63T7EDKZ.mjs       3.16 KB
+ESM lib/utils.mjs                767.00 B
+ESM lib/chunk-OF5KFUYG.mjs       24.07 KB
+ESM lib/chunk-HU7O2ZFW.mjs       7.90 KB
+ESM lib/chunk-J5LGTIGS.mjs       234.00 B
+ESM lib/chunk-C5XQJPYC.mjs       280.00 B
+ESM lib/createHSMBridge.mjs.map  71.00 B
+ESM lib/crypto/utils.mjs.map     71.00 B
+ESM lib/types/index.mjs.map      71.00 B
+ESM lib/recipeManifest.mjs.map   71.00 B
+ESM lib/chunk-S6YY774N.mjs.map   35.81 KB
+ESM lib/reviewAPIRequest.mjs.map 71.00 B
+ESM lib/index.mjs.map            217.28 KB
+ESM lib/chunk-VQYIVPMU.mjs.map   82.06 KB
+ESM lib/chunk-63T7EDKZ.mjs.map   6.51 KB
+ESM lib/utils.mjs.map            71.00 B
+ESM lib/chunk-OF5KFUYG.mjs.map   41.70 KB
+ESM lib/chunk-HU7O2ZFW.mjs.map   16.67 KB
+ESM lib/chunk-J5LGTIGS.mjs.map   71.00 B
+ESM lib/chunk-C5XQJPYC.mjs.map   51.86 KB
+ESM lib/chunk-PB4BEIPE.mjs.map   5.96 KB
+ESM ⚡️ Build success in 982ms
+CJS lib/createHSMBridge.js      331.00 B
+CJS lib/index.js                120.10 KB
+CJS lib/chunk-ICZVM5JG.js       3.52 KB
+CJS lib/recipeManifest.js       349.00 B
+CJS lib/chunk-VJX754TS.js       17.66 KB
+CJS lib/reviewAPIRequest.js     365.00 B
+CJS lib/chunk-LTTHONLK.js       37.23 KB
+CJS lib/chunk-5E5DWDE6.js       3.39 KB
+CJS lib/utils.js                1.20 KB
+CJS lib/chunk-QTAB7ADK.js       24.78 KB
+CJS lib/crypto/utils.js         335.00 B
+CJS lib/chunk-3L2XDBZ2.js       8.65 KB
+CJS lib/types/index.js          329.00 B
+CJS lib/chunk-XLTLYFIA.js       396.00 B
+CJS lib/chunk-PZ5AY32C.js       314.00 B
+CJS lib/createHSMBridge.js.map  293.00 B
+CJS lib/index.js.map            178.12 KB
+CJS lib/chunk-ICZVM5JG.js.map   6.86 KB
+CJS lib/recipeManifest.js.map   288.00 B
+CJS lib/chunk-VJX754TS.js.map   36.38 KB
+CJS lib/reviewAPIRequest.js.map 308.00 B
+CJS lib/chunk-LTTHONLK.js.map   71.09 KB
+CJS lib/chunk-5E5DWDE6.js.map   5.19 KB
+CJS lib/utils.js.map            398.00 B
+CJS lib/chunk-QTAB7ADK.js.map   45.95 KB
+CJS lib/crypto/utils.js.map     281.00 B
+CJS lib/chunk-3L2XDBZ2.js.map   20.30 KB
+CJS lib/types/index.js.map      269.00 B
+CJS lib/chunk-XLTLYFIA.js.map   52.11 KB
+CJS lib/chunk-PZ5AY32C.js.map   479.00 B
+CJS ⚡️ Build success in 995ms
+DTS Build start
+DTS ⚡️ Build success in 12452ms
+DTS lib/createHSMBridge.d.mts  953.00 B
+DTS lib/index.d.mts            12.50 KB
+DTS lib/reviewAPIRequest.d.mts 837.00 B
+DTS lib/utils.d.mts            1.97 KB
+DTS lib/crypto/utils.d.mts     428.00 B
+DTS lib/recipeManifest.d.mts   705.00 B
+DTS lib/types/index.d.mts      5.79 KB
+DTS lib/index-VARl4h9O.d.mts   67.51 KB
+DTS lib/createHSMBridge.d.ts   952.00 B
+DTS lib/index.d.ts             12.49 KB
+DTS lib/reviewAPIRequest.d.ts  836.00 B
+DTS lib/utils.d.ts             1.96 KB
+DTS lib/crypto/utils.d.ts      428.00 B
+DTS lib/recipeManifest.d.ts    704.00 B
+DTS lib/types/index.d.ts       5.79 KB
+DTS lib/index-VARl4h9O.d.ts    67.51 KB

package/CHANGELOG.md

@@ -1,5 +1,55 @@
 # @ledgerhq/vault-common
 
+## 2.0.0
+
+### Major Changes
+
+- f2b80e2: feat(VG-24076): use new onboarding on vault-common & vault-cli
+
+  All the existing onboarding code, relying on Gate backend, has been removed and replaced
+  by revault-sdk onboarding.
+
+  This has two main benefits:
+
+  - ~40% faster onboarding time
+  - we can fully decomission the Gate onboarding code (a LOT of old and quirky code)
+
+  **Breaking changes**
+
+  - New parameters are now available for `bake` and `onboard` commands:
+    - `compartmentId` (🔴 required Number) : The compartment ID to use for the onboarding
+    - `hsmScriptsVersion` (🔴 required String): The version of the HSM scripts to use for the onboarding
+    - `revaultRootAuthToken` (String): The revault root auth token to use to init onboarding
+    - `revaultApiUrl` (String): The target revault API URL to use for the onboarding
+
+  Example command:
+
+  ```bash
+  ledger-vault bake manifest.json \
+    --compartmentId 123 \
+    --hsmScriptsVersion 17.0.3-dave+c3edd558 \
+    --revaultApiUrl https://tomato-swallow-751.minivault.ledger-sbx.com/api \
+    --revaultRootAuthToken root-auth-token
+  ```
+
+  If you are targeting minivault, you can use `--minivaultURL` so that revault-api URL & root token
+  are automatically set for you:
+
+  ```bash
+  ledger-vault bake manifest.json \
+    --minivaultURL https://tomato-swallow-751.minivault.ledger-sbx.com \
+    --compartmentId 123 \
+    --hsmScriptsVersion 17.0.3-dave+c3edd558
+  ```
+
+  If those options are not provided, user will get a clear deprecation notice, and very
+  likely a failure when continuing the baking process (unless workspace is already onboarded).
+
+### Minor Changes
+
+- b7b0c48: chore: migrate to tsup for build of common & cli
+- e1685ba: feat: use STAX as default PSD model
+
 ## 1.123.1
 
 ### Patch Changes

package/lib/chunk-3L2XDBZ2.js

@@ -0,0 +1,249 @@
+"use strict";Object.defineProperty(exports, "__esModule", {value: true}); function _interopRequireWildcard(obj) { if (obj && obj.__esModule) { return obj; } else { var newObj = {}; if (obj != null) { for (var key in obj) { if (Object.prototype.hasOwnProperty.call(obj, key)) { newObj[key] = obj[key]; } } } newObj.default = obj; return newObj; } } function _interopRequireDefault(obj) { return obj && obj.__esModule ? obj : { default: obj }; }// src/crypto/utils.ts
+var _crypto = require('crypto'); var _crypto2 = _interopRequireDefault(_crypto);
+var _elliptic = require('elliptic'); var elliptic = _interopRequireWildcard(_elliptic);
+var _jsonwebtoken = require('jsonwebtoken'); var jwt = _interopRequireWildcard(_jsonwebtoken);
+
+// src/crypto/keyEncoder.ts
+var _asn1js = require('asn1.js'); var asn1 = _interopRequireWildcard(_asn1js);
+var _bnjs = require('bn.js'); var _bnjs2 = _interopRequireDefault(_bnjs);
+
+var ECPrivateKeyASN = asn1.define("ECPrivateKey", function() {
+  const self = this;
+  self.seq().obj(
+    self.key("version").int(),
+    self.key("privateKey").octstr(),
+    self.key("parameters").explicit(0).objid().optional(),
+    self.key("publicKey").explicit(1).bitstr().optional()
+  );
+});
+var ECPrivateKey8ASN = asn1.define(
+  "ECPrivateKey",
+  /* istanbul ignore next */
+  function() {
+    const self = this;
+    self.seq().obj(
+      self.key("version").int(),
+      self.key("privateKeyAlgorithm").seq().obj(self.key("ecPublicKey").objid(), self.key("curve").objid()),
+      self.key("privateKey").octstr().contains(ECPrivateKeyASN),
+      self.key("attributes").explicit(0).bitstr().optional()
+    );
+  }
+);
+var SubjectPublicKeyInfoASN = asn1.define("SubjectPublicKeyInfo", function() {
+  const self = this;
+  self.seq().obj(
+    self.key("algorithm").seq().obj(self.key("id").objid(), self.key("curve").objid()),
+    self.key("pub").bitstr()
+  );
+});
+var curves = {
+  secp256k1: {
+    curveParameters: [1, 3, 132, 0, 10],
+    privatePEMOptions: { label: "EC PRIVATE KEY" },
+    publicPEMOptions: { label: "PUBLIC KEY" },
+    curve: new (0, _elliptic.ec)("secp256k1")
+  },
+  p256: {
+    curveParameters: [1, 2, 840, 10045, 3, 1, 7],
+    // OID for p256 curve
+    privatePEMOptions: { label: "EC PRIVATE KEY" },
+    publicPEMOptions: { label: "PUBLIC KEY" },
+    curve: new (0, _elliptic.ec)("p256")
+  }
+};
+var KeyEncoder = class {
+  
+  
+  constructor(options) {
+    if (typeof options === "string") {
+      if (options !== "secp256k1" && options !== "p256") {
+        throw new Error("Unknown curve " + options);
+      }
+      options = curves[options];
+    }
+    this.options = options;
+    this.algorithmID = [1, 2, 840, 10045, 2, 1];
+  }
+  /* istanbul ignore next */
+  PKCS1toPKCS8(privateKey) {
+    return {
+      version: new (0, _bnjs2.default)(0),
+      privateKey,
+      privateKeyAlgorithm: {
+        ecPublicKey: this.algorithmID,
+        curve: privateKey.parameters
+      }
+    };
+  }
+  privateKeyObject(rawPrivateKey, rawPublicKey) {
+    const privateKeyObject = {
+      version: new (0, _bnjs2.default)(1),
+      privateKey: Buffer.from(rawPrivateKey, "hex"),
+      parameters: this.options.curveParameters
+    };
+    if (rawPublicKey) {
+      privateKeyObject.publicKey = {
+        unused: 0,
+        data: Buffer.from(rawPublicKey, "hex")
+      };
+    }
+    return privateKeyObject;
+  }
+  publicKeyObject(rawPublicKey) {
+    return {
+      algorithm: {
+        id: this.algorithmID,
+        curve: this.options.curveParameters
+      },
+      pub: {
+        unused: 0,
+        data: Buffer.from(rawPublicKey, "hex")
+      }
+    };
+  }
+  /* istanbul ignore next */
+  encodePrivate(privateKey, originalFormat, destinationFormat, destinationFormatType = "pkcs1") {
+    let privateKeyObject;
+    if (originalFormat === "raw") {
+      if (typeof privateKey !== "string") {
+        throw "private key must be a string";
+      }
+      const keyPair = this.options.curve.keyFromPrivate(privateKey, "hex");
+      const rawPublicKey = keyPair.getPublic("hex");
+      privateKeyObject = this.privateKeyObject(privateKey, rawPublicKey);
+    } else if (originalFormat === "der") {
+      if (typeof privateKey !== "string") {
+      } else if (typeof privateKey === "string") {
+        privateKey = Buffer.from(privateKey, "hex");
+      } else {
+        throw "private key must be a buffer or a string";
+      }
+      privateKeyObject = ECPrivateKeyASN.decode(privateKey, "der");
+    } else if (originalFormat === "pem") {
+      if (typeof privateKey !== "string") {
+        throw "private key must be a string";
+      }
+      privateKeyObject = ECPrivateKeyASN.decode(privateKey, "pem", this.options.privatePEMOptions);
+    } else {
+      throw "invalid private key format";
+    }
+    if (destinationFormat === "raw") {
+      return privateKeyObject.privateKey.toString("hex");
+    } else if (destinationFormat === "der") {
+      return ECPrivateKeyASN.encode(privateKeyObject, "der").toString("hex");
+    } else if (destinationFormat === "pem") {
+      return destinationFormatType === "pkcs1" ? ECPrivateKeyASN.encode(privateKeyObject, "pem", this.options.privatePEMOptions) : ECPrivateKey8ASN.encode(this.PKCS1toPKCS8(privateKeyObject), "pem", {
+        ...this.options.privatePEMOptions,
+        label: "PRIVATE KEY"
+      });
+    } else {
+      throw "invalid destination format for private key";
+    }
+  }
+  /* istanbul ignore next */
+  encodePublic(publicKey, originalFormat, destinationFormat) {
+    let publicKeyObject;
+    if (originalFormat === "raw") {
+      if (typeof publicKey !== "string") {
+        throw "public key must be a string";
+      }
+      publicKeyObject = this.publicKeyObject(publicKey);
+    } else if (originalFormat === "der") {
+      if (typeof publicKey !== "string") {
+      } else if (typeof publicKey === "string") {
+        publicKey = Buffer.from(publicKey, "hex");
+      } else {
+        throw "public key must be a buffer or a string";
+      }
+      publicKeyObject = SubjectPublicKeyInfoASN.decode(publicKey, "der");
+    } else if (originalFormat === "pem") {
+      if (typeof publicKey !== "string") {
+        throw "public key must be a string";
+      }
+      publicKeyObject = SubjectPublicKeyInfoASN.decode(
+        publicKey,
+        "pem",
+        this.options.publicPEMOptions
+      );
+    } else {
+      throw "invalid public key format";
+    }
+    if (destinationFormat === "raw") {
+      return publicKeyObject.pub.data.toString("hex");
+    } else if (destinationFormat === "der") {
+      return SubjectPublicKeyInfoASN.encode(publicKeyObject, "der").toString("hex");
+    } else if (destinationFormat === "pem") {
+      return SubjectPublicKeyInfoASN.encode(publicKeyObject, "pem", this.options.publicPEMOptions);
+    } else {
+      throw "invalid destination format for public key";
+    }
+  }
+};
+
+// src/crypto/utils.ts
+function extractPublicKey(pemKey) {
+  const pem = pemKey.split("\n");
+  pem.shift();
+  pem.pop();
+  const keyBuffer = Buffer.from(pem.join(""), "base64");
+  const actualKeyBuffer = keyBuffer.slice(26);
+  return actualKeyBuffer.toString("hex");
+}
+function decodeData(challenge) {
+  const decodedString = atob(challenge);
+  return JSON.parse(decodedString);
+}
+function sign2(privateKey, challenge) {
+  const pKey = _crypto2.default.createPrivateKey({
+    key: String(privateKey),
+    format: "pem"
+  });
+  const privateKeyPem = pKey.export({ format: "pem", type: "sec1" });
+  const dataToSign = Buffer.from(challenge, "base64").toString("hex");
+  return jwt.sign(Buffer.from(dataToSign, "hex"), privateKeyPem, {
+    algorithm: "ES256",
+    header: {
+      alg: "ES256",
+      typ: "JWT"
+    }
+  });
+}
+function genKeys(entropy) {
+  if (entropy) {
+    const ec2 = new elliptic.ec("p256");
+    const hashedEntropy = _crypto2.default.createHash("sha256").update(entropy).digest("hex");
+    const keyPair = ec2.genKeyPair({
+      entropy: Buffer.from(hashedEntropy, "hex")
+    });
+    return {
+      privateKey: String(hexToPem(keyPair.getPrivate("hex"))),
+      publicKey: String(hexToPem(keyPair.getPublic("hex"), { isPrivate: false })),
+      hexPubKey: extractPublicKey(String(hexToPem(keyPair.getPublic("hex"), { isPrivate: false })))
+    };
+  }
+  const { publicKey, privateKey } = _crypto2.default.generateKeyPairSync("ec", {
+    namedCurve: "P-256",
+    publicKeyEncoding: { type: "spki", format: "pem" },
+    privateKeyEncoding: { type: "sec1", format: "pem" }
+  });
+  const hexPubKey = extractPublicKey(publicKey);
+  return {
+    privateKey,
+    publicKey,
+    hexPubKey
+  };
+}
+function hexToPem(hexString, { isPrivate = true } = {}) {
+  const keyEncoder = new KeyEncoder("p256");
+  if (isPrivate) {
+    return keyEncoder.encodePrivate(hexString, "raw", "pem");
+  }
+  return keyEncoder.encodePublic(hexString, "raw", "pem");
+}
+
+
+
+
+
+exports.decodeData = decodeData; exports.sign = sign2; exports.genKeys = genKeys;
+//# sourceMappingURL=chunk-3L2XDBZ2.js.map

package/lib/chunk-3L2XDBZ2.js.map

@@ -0,0 +1 @@
+{"version":3,"sources":["/home/runner/work/vault-ts/vault-ts/packages/common/lib/chunk-3L2XDBZ2.js","../src/crypto/utils.ts","../src/crypto/keyEncoder.ts"],"names":["sign","ec"],"mappings":"AAAA;ACAA,gFAAmB;AACnB,uFAA0B;AAC1B,8FAAqB;ADErB;AACA;AEKA,8EAAsB;AACtB,yEAAe;AACf;AAEA,IAAM,gBAAA,EAAuB,IAAA,CAAA,MAAA,CAAO,cAAA,EAAgB,QAAA,CAAA,EAAY;AAE9D,EAAA,MAAM,KAAA,EAAO,IAAA;AACb,EAAA,IAAA,CACG,GAAA,CAAI,CAAA,CACJ,GAAA;AAAA,IACC,IAAA,CAAK,GAAA,CAAI,SAAS,CAAA,CAAE,GAAA,CAAI,CAAA;AAAA,IACxB,IAAA,CAAK,GAAA,CAAI,YAAY,CAAA,CAAE,MAAA,CAAO,CAAA;AAAA,IAC9B,IAAA,CAAK,GAAA,CAAI,YAAY,CAAA,CAAE,QAAA,CAAS,CAAC,CAAA,CAAE,KAAA,CAAM,CAAA,CAAE,QAAA,CAAS,CAAA;AAAA,IACpD,IAAA,CAAK,GAAA,CAAI,WAAW,CAAA,CAAE,QAAA,CAAS,CAAC,CAAA,CAAE,MAAA,CAAO,CAAA,CAAE,QAAA,CAAS;AAAA,EACtD,CAAA;AACJ,CAAC,CAAA;AAED,IAAM,iBAAA,EAAwB,IAAA,CAAA,MAAA;AAAA,EAC5B,cAAA;AAAA;AAAA,EAC2B,QAAA,CAAA,EAAY;AAErC,IAAA,MAAM,KAAA,EAAO,IAAA;AACb,IAAA,IAAA,CACG,GAAA,CAAI,CAAA,CACJ,GAAA;AAAA,MACC,IAAA,CAAK,GAAA,CAAI,SAAS,CAAA,CAAE,GAAA,CAAI,CAAA;AAAA,MACxB,IAAA,CACG,GAAA,CAAI,qBAAqB,CAAA,CACzB,GAAA,CAAI,CAAA,CACJ,GAAA,CAAI,IAAA,CAAK,GAAA,CAAI,aAAa,CAAA,CAAE,KAAA,CAAM,CAAA,EAAG,IAAA,CAAK,GAAA,CAAI,OAAO,CAAA,CAAE,KAAA,CAAM,CAAC,CAAA;AAAA,MACjE,IAAA,CAAK,GAAA,CAAI,YAAY,CAAA,CAAE,MAAA,CAAO,CAAA,CAAE,QAAA,CAAS,eAAe,CAAA;AAAA,MACxD,IAAA,CAAK,GAAA,CAAI,YAAY,CAAA,CAAE,QAAA,CAAS,CAAC,CAAA,CAAE,MAAA,CAAO,CAAA,CAAE,QAAA,CAAS;AAAA,IACvD,CAAA;AAAA,EACJ;AACF,CAAA;AAEA,IAAM,wBAAA,EAA+B,IAAA,CAAA,MAAA,CAAO,sBAAA,EAAwB,QAAA,CAAA,EAAY;AAE9E,EAAA,MAAM,KAAA,EAAO,IAAA;AACb,EAAA,IAAA,CACG,GAAA,CAAI,CAAA,CACJ,GAAA;AAAA,IACC,IAAA,CAAK,GAAA,CAAI,WAAW,CAAA,CAAE,GAAA,CAAI,CAAA,CAAE,GAAA,CAAI,IAAA,CAAK,GAAA,CAAI,IAAI,CAAA,CAAE,KAAA,CAAM,CAAA,EAAG,IAAA,CAAK,GAAA,CAAI,OAAO,CAAA,CAAE,KAAA,CAAM,CAAC,CAAA;AAAA,IACjF,IAAA,CAAK,GAAA,CAAI,KAAK,CAAA,CAAE,MAAA,CAAO;AAAA,EACzB,CAAA;AACJ,CAAC,CAAA;AASD,IAAM,OAAA,EAA4C;AAAA,EAChD,SAAA,EAAW;AAAA,IACT,eAAA,EAAiB,CAAC,CAAA,EAAG,CAAA,EAAG,GAAA,EAAK,CAAA,EAAG,EAAE,CAAA;AAAA,IAClC,iBAAA,EAAmB,EAAE,KAAA,EAAO,iBAAiB,CAAA;AAAA,IAC7C,gBAAA,EAAkB,EAAE,KAAA,EAAO,aAAa,CAAA;AAAA,IACxC,KAAA,EAAO,IAAI,iBAAA,CAAG,WAAW;AAAA,EAC3B,CAAA;AAAA,EACA,IAAA,EAAM;AAAA,IACJ,eAAA,EAAiB,CAAC,CAAA,EAAG,CAAA,EAAG,GAAA,EAAK,KAAA,EAAO,CAAA,EAAG,CAAA,EAAG,CAAC,CAAA;AAAA;AAAA,IAC3C,iBAAA,EAAmB,EAAE,KAAA,EAAO,iBAAiB,CAAA;AAAA,IAC7C,gBAAA,EAAkB,EAAE,KAAA,EAAO,aAAa,CAAA;AAAA,IACxC,KAAA,EAAO,IAAI,iBAAA,CAAG,MAAM;AAAA,EACtB;AACF,CAAA;AAoBA,IAAqB,WAAA,EAArB,MAAgC;AAAA,EAC9B;AAAA,EACA;AAAA,EAEA,WAAA,CAAY,OAAA,EAAgC;AAC1C,IAAA,GAAA,CAAI,OAAO,QAAA,IAAY,QAAA,EAAU;AAE/B,MAAA,GAAA,CAAI,QAAA,IAAY,YAAA,GAAe,QAAA,IAAY,MAAA,EAAQ;AACjD,QAAA,MAAM,IAAI,KAAA,CAAM,iBAAA,EAAmB,OAAO,CAAA;AAAA,MAC5C;AACA,MAAA,QAAA,EAAU,MAAA,CAAO,OAAO,CAAA;AAAA,IAC1B;AACA,IAAA,IAAA,CAAK,QAAA,EAAU,OAAA;AACf,IAAA,IAAA,CAAK,YAAA,EAAc,CAAC,CAAA,EAAG,CAAA,EAAG,GAAA,EAAK,KAAA,EAAO,CAAA,EAAG,CAAC,CAAA;AAAA,EAC5C;AAAA;AAAA,EAGQ,YAAA,CAAa,UAAA,EAA8C;AACjE,IAAA,OAAO;AAAA,MACL,OAAA,EAAS,IAAI,mBAAA,CAAG,CAAC,CAAA;AAAA,MACjB,UAAA;AAAA,MACA,mBAAA,EAAqB;AAAA,QACnB,WAAA,EAAa,IAAA,CAAK,WAAA;AAAA,QAClB,KAAA,EAAO,UAAA,CAAW;AAAA,MACpB;AAAA,IACF,CAAA;AAAA,EACF;AAAA,EAEA,gBAAA,CAAiB,aAAA,EAAuB,YAAA,EAAsB;AAC5D,IAAA,MAAM,iBAAA,EAAoC;AAAA,MACxC,OAAA,EAAS,IAAI,mBAAA,CAAG,CAAC,CAAA;AAAA,MACjB,UAAA,EAAY,MAAA,CAAO,IAAA,CAAK,aAAA,EAAe,KAAK,CAAA;AAAA,MAC5C,UAAA,EAAY,IAAA,CAAK,OAAA,CAAQ;AAAA,IAC3B,CAAA;AAEA,IAAA,GAAA,CAAI,YAAA,EAAc;AAChB,MAAA,gBAAA,CAAiB,UAAA,EAAY;AAAA,QAC3B,MAAA,EAAQ,CAAA;AAAA,QACR,IAAA,EAAM,MAAA,CAAO,IAAA,CAAK,YAAA,EAAc,KAAK;AAAA,MACvC,CAAA;AAAA,IACF;AAEA,IAAA,OAAO,gBAAA;AAAA,EACT;AAAA,EAEA,eAAA,CAAgB,YAAA,EAAsB;AACpC,IAAA,OAAO;AAAA,MACL,SAAA,EAAW;AAAA,QACT,EAAA,EAAI,IAAA,CAAK,WAAA;AAAA,QACT,KAAA,EAAO,IAAA,CAAK,OAAA,CAAQ;AAAA,MACtB,CAAA;AAAA,MACA,GAAA,EAAK;AAAA,QACH,MAAA,EAAQ,CAAA;AAAA,QACR,IAAA,EAAM,MAAA,CAAO,IAAA,CAAK,YAAA,EAAc,KAAK;AAAA,MACvC;AAAA,IACF,CAAA;AAAA,EACF;AAAA;AAAA,EAGA,aAAA,CACE,UAAA,EACA,cAAA,EACA,iBAAA,EACA,sBAAA,EAA2C,OAAA,EACnC;AACR,IAAA,IAAI,gBAAA;AAGJ,IAAA,GAAA,CAAI,eAAA,IAAmB,KAAA,EAAO;AAC5B,MAAA,GAAA,CAAI,OAAO,WAAA,IAAe,QAAA,EAAU;AAClC,QAAA,MAAM,8BAAA;AAAA,MACR;AACA,MAAA,MAAM,QAAA,EAAU,IAAA,CAAK,OAAA,CAAQ,KAAA,CAAM,cAAA,CAAe,UAAA,EAAY,KAAK,CAAA;AACnE,MAAA,MAAM,aAAA,EAAe,OAAA,CAAQ,SAAA,CAAU,KAAK,CAAA;AAC5C,MAAA,iBAAA,EAAmB,IAAA,CAAK,gBAAA,CAAiB,UAAA,EAAY,YAAY,CAAA;AAAA,IACnE,EAAA,KAAA,GAAA,CAAW,eAAA,IAAmB,KAAA,EAAO;AACnC,MAAA,GAAA,CAAI,OAAO,WAAA,IAAe,QAAA,EAAU;AAAA,MAEpC,EAAA,KAAA,GAAA,CAAW,OAAO,WAAA,IAAe,QAAA,EAAU;AACzC,QAAA,WAAA,EAAa,MAAA,CAAO,IAAA,CAAK,UAAA,EAAY,KAAK,CAAA;AAAA,MAC5C,EAAA,KAAO;AACL,QAAA,MAAM,0CAAA;AAAA,MACR;AACA,MAAA,iBAAA,EAAmB,eAAA,CAAgB,MAAA,CAAO,UAAA,EAAY,KAAK,CAAA;AAAA,IAC7D,EAAA,KAAA,GAAA,CAAW,eAAA,IAAmB,KAAA,EAAO;AACnC,MAAA,GAAA,CAAI,OAAO,WAAA,IAAe,QAAA,EAAU;AAClC,QAAA,MAAM,8BAAA;AAAA,MACR;AACA,MAAA,iBAAA,EAAmB,eAAA,CAAgB,MAAA,CAAO,UAAA,EAAY,KAAA,EAAO,IAAA,CAAK,OAAA,CAAQ,iBAAiB,CAAA;AAAA,IAC7F,EAAA,KAAO;AACL,MAAA,MAAM,4BAAA;AAAA,IACR;AAGA,IAAA,GAAA,CAAI,kBAAA,IAAsB,KAAA,EAAO;AAC/B,MAAA,OAAO,gBAAA,CAAiB,UAAA,CAAW,QAAA,CAAS,KAAK,CAAA;AAAA,IACnD,EAAA,KAAA,GAAA,CAAW,kBAAA,IAAsB,KAAA,EAAO;AACtC,MAAA,OAAO,eAAA,CAAgB,MAAA,CAAO,gBAAA,EAAkB,KAAK,CAAA,CAAE,QAAA,CAAS,KAAK,CAAA;AAAA,IACvE,EAAA,KAAA,GAAA,CAAW,kBAAA,IAAsB,KAAA,EAAO;AACtC,MAAA,OAAO,sBAAA,IAA0B,QAAA,EAC7B,eAAA,CAAgB,MAAA,CAAO,gBAAA,EAAkB,KAAA,EAAO,IAAA,CAAK,OAAA,CAAQ,iBAAiB,EAAA,EAC9E,gBAAA,CAAiB,MAAA,CAAO,IAAA,CAAK,YAAA,CAAa,gBAAgB,CAAA,EAAG,KAAA,EAAO;AAAA,QAClE,GAAG,IAAA,CAAK,OAAA,CAAQ,iBAAA;AAAA,QAChB,KAAA,EAAO;AAAA,MACT,CAAC,CAAA;AAAA,IACP,EAAA,KAAO;AACL,MAAA,MAAM,4CAAA;AAAA,IACR;AAAA,EACF;AAAA;AAAA,EAGA,YAAA,CACE,SAAA,EACA,cAAA,EACA,iBAAA,EACQ;AACR,IAAA,IAAI,eAAA;AAGJ,IAAA,GAAA,CAAI,eAAA,IAAmB,KAAA,EAAO;AAC5B,MAAA,GAAA,CAAI,OAAO,UAAA,IAAc,QAAA,EAAU;AACjC,QAAA,MAAM,6BAAA;AAAA,MACR;AACA,MAAA,gBAAA,EAAkB,IAAA,CAAK,eAAA,CAAgB,SAAS,CAAA;AAAA,IAClD,EAAA,KAAA,GAAA,CAAW,eAAA,IAAmB,KAAA,EAAO;AACnC,MAAA,GAAA,CAAI,OAAO,UAAA,IAAc,QAAA,EAAU;AAAA,MAEnC,EAAA,KAAA,GAAA,CAAW,OAAO,UAAA,IAAc,QAAA,EAAU;AACxC,QAAA,UAAA,EAAY,MAAA,CAAO,IAAA,CAAK,SAAA,EAAW,KAAK,CAAA;AAAA,MAC1C,EAAA,KAAO;AACL,QAAA,MAAM,yCAAA;AAAA,MACR;AACA,MAAA,gBAAA,EAAkB,uBAAA,CAAwB,MAAA,CAAO,SAAA,EAAW,KAAK,CAAA;AAAA,IACnE,EAAA,KAAA,GAAA,CAAW,eAAA,IAAmB,KAAA,EAAO;AACnC,MAAA,GAAA,CAAI,OAAO,UAAA,IAAc,QAAA,EAAU;AACjC,QAAA,MAAM,6BAAA;AAAA,MACR;AACA,MAAA,gBAAA,EAAkB,uBAAA,CAAwB,MAAA;AAAA,QACxC,SAAA;AAAA,QACA,KAAA;AAAA,QACA,IAAA,CAAK,OAAA,CAAQ;AAAA,MACf,CAAA;AAAA,IACF,EAAA,KAAO;AACL,MAAA,MAAM,2BAAA;AAAA,IACR;AAGA,IAAA,GAAA,CAAI,kBAAA,IAAsB,KAAA,EAAO;AAC/B,MAAA,OAAO,eAAA,CAAgB,GAAA,CAAI,IAAA,CAAK,QAAA,CAAS,KAAK,CAAA;AAAA,IAChD,EAAA,KAAA,GAAA,CAAW,kBAAA,IAAsB,KAAA,EAAO;AACtC,MAAA,OAAO,uBAAA,CAAwB,MAAA,CAAO,eAAA,EAAiB,KAAK,CAAA,CAAE,QAAA,CAAS,KAAK,CAAA;AAAA,IAC9E,EAAA,KAAA,GAAA,CAAW,kBAAA,IAAsB,KAAA,EAAO;AACtC,MAAA,OAAO,uBAAA,CAAwB,MAAA,CAAO,eAAA,EAAiB,KAAA,EAAO,IAAA,CAAK,OAAA,CAAQ,gBAAgB,CAAA;AAAA,IAC7F,EAAA,KAAO;AACL,MAAA,MAAM,2CAAA;AAAA,IACR;AAAA,EACF;AACF,CAAA;AFzEA;AACA;AChLA,SAAS,gBAAA,CAAiB,MAAA,EAAwB;AAGhD,EAAA,MAAM,IAAA,EAAM,MAAA,CAAO,KAAA,CAAM,IAAI,CAAA;AAC7B,EAAA,GAAA,CAAI,KAAA,CAAM,CAAA;AACV,EAAA,GAAA,CAAI,GAAA,CAAI,CAAA;AAER,EAAA,MAAM,UAAA,EAAY,MAAA,CAAO,IAAA,CAAK,GAAA,CAAI,IAAA,CAAK,EAAE,CAAA,EAAG,QAAQ,CAAA;AAGpD,EAAA,MAAM,gBAAA,EAAkB,SAAA,CAAU,KAAA,CAAM,EAAE,CAAA;AAC1C,EAAA,OAAO,eAAA,CAAgB,QAAA,CAAS,KAAK,CAAA;AACvC;AAQO,SAAS,UAAA,CAAW,SAAA,EAAyB;AAClD,EAAA,MAAM,cAAA,EAAgB,IAAA,CAAK,SAAS,CAAA;AACpC,EAAA,OAAO,IAAA,CAAK,KAAA,CAAM,aAAa,CAAA;AACjC;AAEO,SAASA,KAAAA,CAAK,UAAA,EAAoB,SAAA,EAAmB;AAC1D,EAAA,MAAM,KAAA,EAAO,gBAAA,CAAO,gBAAA,CAAiB;AAAA,IACnC,GAAA,EAAK,MAAA,CAAO,UAAU,CAAA;AAAA,IACtB,MAAA,EAAQ;AAAA,EACV,CAAC,CAAA;AACD,EAAA,MAAM,cAAA,EAAgB,IAAA,CAAK,MAAA,CAAO,EAAE,MAAA,EAAQ,KAAA,EAAO,IAAA,EAAM,OAAO,CAAC,CAAA;AACjE,EAAA,MAAM,WAAA,EAAa,MAAA,CAAO,IAAA,CAAK,SAAA,EAAW,QAAQ,CAAA,CAAE,QAAA,CAAS,KAAK,CAAA;AAClE,EAAA,OAAW,GAAA,CAAA,IAAA,CAAK,MAAA,CAAO,IAAA,CAAK,UAAA,EAAY,KAAK,CAAA,EAAG,aAAA,EAAe;AAAA,IAC7D,SAAA,EAAW,OAAA;AAAA,IACX,MAAA,EAAQ;AAAA,MACN,GAAA,EAAK,OAAA;AAAA,MACL,GAAA,EAAK;AAAA,IACP;AAAA,EACF,CAAC,CAAA;AACH;AAMO,SAAS,OAAA,CAAQ,OAAA,EAAiC;AACvD,EAAA,GAAA,CAAI,OAAA,EAAS;AACX,IAAA,MAAMC,IAAAA,EAAK,IAAa,QAAA,CAAA,EAAA,CAAG,MAAM,CAAA;AACjC,IAAA,MAAM,cAAA,EAAgB,gBAAA,CAAO,UAAA,CAAW,QAAQ,CAAA,CAAE,MAAA,CAAO,OAAO,CAAA,CAAE,MAAA,CAAO,KAAK,CAAA;AAC9E,IAAA,MAAM,QAAA,EAAUA,GAAAA,CAAG,UAAA,CAAW;AAAA,MAC5B,OAAA,EAAS,MAAA,CAAO,IAAA,CAAK,aAAA,EAAe,KAAK;AAAA,IAC3C,CAAC,CAAA;AACD,IAAA,OAAO;AAAA,MACL,UAAA,EAAY,MAAA,CAAO,QAAA,CAAS,OAAA,CAAQ,UAAA,CAAW,KAAK,CAAC,CAAC,CAAA;AAAA,MACtD,SAAA,EAAW,MAAA,CAAO,QAAA,CAAS,OAAA,CAAQ,SAAA,CAAU,KAAK,CAAA,EAAG,EAAE,SAAA,EAAW,MAAM,CAAC,CAAC,CAAA;AAAA,MAC1E,SAAA,EAAW,gBAAA,CAAiB,MAAA,CAAO,QAAA,CAAS,OAAA,CAAQ,SAAA,CAAU,KAAK,CAAA,EAAG,EAAE,SAAA,EAAW,MAAM,CAAC,CAAC,CAAC;AAAA,IAC9F,CAAA;AAAA,EACF;AACA,EAAA,MAAM,EAAE,SAAA,EAAW,WAAW,EAAA,EAAI,gBAAA,CAAO,mBAAA,CAAoB,IAAA,EAAM;AAAA,IACjE,UAAA,EAAY,OAAA;AAAA,IACZ,iBAAA,EAAmB,EAAE,IAAA,EAAM,MAAA,EAAQ,MAAA,EAAQ,MAAM,CAAA;AAAA,IACjD,kBAAA,EAAoB,EAAE,IAAA,EAAM,MAAA,EAAQ,MAAA,EAAQ,MAAM;AAAA,EACpD,CAAC,CAAA;AACD,EAAA,MAAM,UAAA,EAAY,gBAAA,CAAiB,SAAS,CAAA;AAC5C,EAAA,OAAO;AAAA,IACL,UAAA;AAAA,IACA,SAAA;AAAA,IACA;AAAA,EACF,CAAA;AACF;AAEA,SAAS,QAAA,CAAS,SAAA,EAAmB,EAAE,UAAA,EAAY,KAAK,EAAA,EAAI,CAAC,CAAA,EAAG;AAC9D,EAAA,MAAM,WAAA,EAAa,IAAI,UAAA,CAAW,MAAM,CAAA;AACxC,EAAA,GAAA,CAAI,SAAA,EAAW;AACb,IAAA,OAAO,UAAA,CAAW,aAAA,CAAc,SAAA,EAAW,KAAA,EAAO,KAAK,CAAA;AAAA,EACzD;AACA,EAAA,OAAO,UAAA,CAAW,YAAA,CAAa,SAAA,EAAW,KAAA,EAAO,KAAK,CAAA;AACxD;AD+JA;AACA;AACE;AACA;AACA;AACF,iFAAC","file":"/home/runner/work/vault-ts/vault-ts/packages/common/lib/chunk-3L2XDBZ2.js","sourcesContent":[null,"import crypto from \"crypto\";\nimport * as elliptic from \"elliptic\";\nimport * as jwt from \"jsonwebtoken\";\n\nimport KeyEncoder from \"./keyEncoder\";\n\nfunction extractPublicKey(pemKey: string): string {\n  // convert the PEM formatted public key to raw public key in X9.62 uncompressed format\n  // this is an oversimplified method and may not work with different curves or PEM formats\n  const pem = pemKey.split(\"\\n\");\n  pem.shift(); // remove the first line (BEGIN PUBLIC KEY)\n  pem.pop(); // remove the last line (END PUBLIC KEY)\n  // convert base64 to buffer\n  const keyBuffer = Buffer.from(pem.join(\"\"), \"base64\");\n  // assuming the first 26 bytes are the header for the SPKI formatted key.\n  // the actual key should begin after this header.\n  const actualKeyBuffer = keyBuffer.slice(26);\n  return actualKeyBuffer.toString(\"hex\");\n}\n\ntype GeneratedKeys = {\n  privateKey: string;\n  publicKey: string;\n  hexPubKey: string;\n};\n\nexport function decodeData(challenge: string): void {\n  const decodedString = atob(challenge);\n  return JSON.parse(decodedString);\n}\n\nexport function sign(privateKey: string, challenge: string) {\n  const pKey = crypto.createPrivateKey({\n    key: String(privateKey),\n    format: \"pem\",\n  });\n  const privateKeyPem = pKey.export({ format: \"pem\", type: \"sec1\" });\n  const dataToSign = Buffer.from(challenge, \"base64\").toString(\"hex\");\n  return jwt.sign(Buffer.from(dataToSign, \"hex\"), privateKeyPem, {\n    algorithm: \"ES256\",\n    header: {\n      alg: \"ES256\",\n      typ: \"JWT\",\n    },\n  });\n}\n\n/**\n * If `seed` is passed, will generate keys pair deterministically\n * else, random keys pair generated\n */\nexport function genKeys(entropy?: string): GeneratedKeys {\n  if (entropy) {\n    const ec = new elliptic.ec(\"p256\");\n    const hashedEntropy = crypto.createHash(\"sha256\").update(entropy).digest(\"hex\");\n    const keyPair = ec.genKeyPair({\n      entropy: Buffer.from(hashedEntropy, \"hex\"),\n    });\n    return {\n      privateKey: String(hexToPem(keyPair.getPrivate(\"hex\"))),\n      publicKey: String(hexToPem(keyPair.getPublic(\"hex\"), { isPrivate: false })),\n      hexPubKey: extractPublicKey(String(hexToPem(keyPair.getPublic(\"hex\"), { isPrivate: false }))),\n    };\n  }\n  const { publicKey, privateKey } = crypto.generateKeyPairSync(\"ec\", {\n    namedCurve: \"P-256\",\n    publicKeyEncoding: { type: \"spki\", format: \"pem\" },\n    privateKeyEncoding: { type: \"sec1\", format: \"pem\" },\n  });\n  const hexPubKey = extractPublicKey(publicKey);\n  return {\n    privateKey,\n    publicKey,\n    hexPubKey,\n  };\n}\n\nfunction hexToPem(hexString: string, { isPrivate = true } = {}) {\n  const keyEncoder = new KeyEncoder(\"p256\");\n  if (isPrivate) {\n    return keyEncoder.encodePrivate(hexString, \"raw\", \"pem\");\n  }\n  return keyEncoder.encodePublic(hexString, \"raw\", \"pem\");\n}\n","// ========================================================================== //\n//                                                                            //\n//                                 DISCLAIMER                                 //\n//                                                                            //\n//                This code has been blindly copy-pasted from:                //\n//                    https://github.com/LedgerHQ/pkey-ts                     //\n//                                                                            //\n// ========================================================================== //\n//\n// @ts-expect-error\nimport * as asn1 from \"asn1.js\";\nimport BN from \"bn.js\";\nimport { ec as EC } from \"elliptic\";\n\nconst ECPrivateKeyASN = asn1.define(\"ECPrivateKey\", function () {\n  // @ts-ignore\n  const self = this as any;\n  self\n    .seq()\n    .obj(\n      self.key(\"version\").int(),\n      self.key(\"privateKey\").octstr(),\n      self.key(\"parameters\").explicit(0).objid().optional(),\n      self.key(\"publicKey\").explicit(1).bitstr().optional(),\n    );\n});\n\nconst ECPrivateKey8ASN = asn1.define(\n  \"ECPrivateKey\",\n  /* istanbul ignore next */ function () {\n    // @ts-ignore\n    const self = this as any;\n    self\n      .seq()\n      .obj(\n        self.key(\"version\").int(),\n        self\n          .key(\"privateKeyAlgorithm\")\n          .seq()\n          .obj(self.key(\"ecPublicKey\").objid(), self.key(\"curve\").objid()),\n        self.key(\"privateKey\").octstr().contains(ECPrivateKeyASN),\n        self.key(\"attributes\").explicit(0).bitstr().optional(),\n      );\n  },\n);\n\nconst SubjectPublicKeyInfoASN = asn1.define(\"SubjectPublicKeyInfo\", function () {\n  // @ts-ignore\n  const self = this as any;\n  self\n    .seq()\n    .obj(\n      self.key(\"algorithm\").seq().obj(self.key(\"id\").objid(), self.key(\"curve\").objid()),\n      self.key(\"pub\").bitstr(),\n    );\n});\n\ninterface CurveOptions {\n  curveParameters: number[];\n  privatePEMOptions: { label: string };\n  publicPEMOptions: { label: string };\n  curve: EC;\n}\n\nconst curves: { [index: string]: CurveOptions } = {\n  secp256k1: {\n    curveParameters: [1, 3, 132, 0, 10],\n    privatePEMOptions: { label: \"EC PRIVATE KEY\" },\n    publicPEMOptions: { label: \"PUBLIC KEY\" },\n    curve: new EC(\"secp256k1\"),\n  },\n  p256: {\n    curveParameters: [1, 2, 840, 10045, 3, 1, 7], // OID for p256 curve\n    privatePEMOptions: { label: \"EC PRIVATE KEY\" },\n    publicPEMOptions: { label: \"PUBLIC KEY\" },\n    curve: new EC(\"p256\"),\n  },\n};\n\ninterface PrivateKeyPKCS1 {\n  version: BN;\n  privateKey: Buffer;\n  parameters: number[];\n  publicKey?: {\n    unused: number;\n    data: Buffer;\n  };\n}\n\ninterface PrivateKeyPKCS8 {\n  version: BN;\n  privateKey: PrivateKeyPKCS1;\n  privateKeyAlgorithm: { ecPublicKey: number[]; curve: number[] };\n}\n\ntype KeyFormat = \"raw\" | \"pem\" | \"der\";\n\nexport default class KeyEncoder {\n  algorithmID: number[];\n  options: CurveOptions;\n\n  constructor(options: string | CurveOptions) {\n    if (typeof options === \"string\") {\n      /* istanbul ignore next */\n      if (options !== \"secp256k1\" && options !== \"p256\") {\n        throw new Error(\"Unknown curve \" + options);\n      }\n      options = curves[options] as CurveOptions;\n    }\n    this.options = options;\n    this.algorithmID = [1, 2, 840, 10045, 2, 1];\n  }\n\n  /* istanbul ignore next */\n  private PKCS1toPKCS8(privateKey: PrivateKeyPKCS1): PrivateKeyPKCS8 {\n    return {\n      version: new BN(0),\n      privateKey,\n      privateKeyAlgorithm: {\n        ecPublicKey: this.algorithmID,\n        curve: privateKey.parameters,\n      },\n    };\n  }\n\n  privateKeyObject(rawPrivateKey: string, rawPublicKey: string) {\n    const privateKeyObject: PrivateKeyPKCS1 = {\n      version: new BN(1),\n      privateKey: Buffer.from(rawPrivateKey, \"hex\"),\n      parameters: this.options.curveParameters,\n    };\n\n    if (rawPublicKey) {\n      privateKeyObject.publicKey = {\n        unused: 0,\n        data: Buffer.from(rawPublicKey, \"hex\"),\n      };\n    }\n\n    return privateKeyObject;\n  }\n\n  publicKeyObject(rawPublicKey: string) {\n    return {\n      algorithm: {\n        id: this.algorithmID,\n        curve: this.options.curveParameters,\n      },\n      pub: {\n        unused: 0,\n        data: Buffer.from(rawPublicKey, \"hex\"),\n      },\n    };\n  }\n\n  /* istanbul ignore next */\n  encodePrivate(\n    privateKey: string | Buffer,\n    originalFormat: KeyFormat,\n    destinationFormat: KeyFormat,\n    destinationFormatType: \"pkcs8\" | \"pkcs1\" = \"pkcs1\",\n  ): string {\n    let privateKeyObject: PrivateKeyPKCS1;\n\n    /* Parse the incoming private key and convert it to a private key object */\n    if (originalFormat === \"raw\") {\n      if (typeof privateKey !== \"string\") {\n        throw \"private key must be a string\";\n      }\n      const keyPair = this.options.curve.keyFromPrivate(privateKey, \"hex\");\n      const rawPublicKey = keyPair.getPublic(\"hex\");\n      privateKeyObject = this.privateKeyObject(privateKey, rawPublicKey);\n    } else if (originalFormat === \"der\") {\n      if (typeof privateKey !== \"string\") {\n        // do nothing\n      } else if (typeof privateKey === \"string\") {\n        privateKey = Buffer.from(privateKey, \"hex\");\n      } else {\n        throw \"private key must be a buffer or a string\";\n      }\n      privateKeyObject = ECPrivateKeyASN.decode(privateKey, \"der\");\n    } else if (originalFormat === \"pem\") {\n      if (typeof privateKey !== \"string\") {\n        throw \"private key must be a string\";\n      }\n      privateKeyObject = ECPrivateKeyASN.decode(privateKey, \"pem\", this.options.privatePEMOptions);\n    } else {\n      throw \"invalid private key format\";\n    }\n\n    /* Export the private key object to the desired format */\n    if (destinationFormat === \"raw\") {\n      return privateKeyObject.privateKey.toString(\"hex\");\n    } else if (destinationFormat === \"der\") {\n      return ECPrivateKeyASN.encode(privateKeyObject, \"der\").toString(\"hex\");\n    } else if (destinationFormat === \"pem\") {\n      return destinationFormatType === \"pkcs1\"\n        ? ECPrivateKeyASN.encode(privateKeyObject, \"pem\", this.options.privatePEMOptions)\n        : ECPrivateKey8ASN.encode(this.PKCS1toPKCS8(privateKeyObject), \"pem\", {\n            ...this.options.privatePEMOptions,\n            label: \"PRIVATE KEY\",\n          });\n    } else {\n      throw \"invalid destination format for private key\";\n    }\n  }\n\n  /* istanbul ignore next */\n  encodePublic(\n    publicKey: string | Buffer,\n    originalFormat: KeyFormat,\n    destinationFormat: KeyFormat,\n  ): string {\n    let publicKeyObject;\n\n    /* Parse the incoming public key and convert it to a public key object */\n    if (originalFormat === \"raw\") {\n      if (typeof publicKey !== \"string\") {\n        throw \"public key must be a string\";\n      }\n      publicKeyObject = this.publicKeyObject(publicKey);\n    } else if (originalFormat === \"der\") {\n      if (typeof publicKey !== \"string\") {\n        // do nothing\n      } else if (typeof publicKey === \"string\") {\n        publicKey = Buffer.from(publicKey, \"hex\");\n      } else {\n        throw \"public key must be a buffer or a string\";\n      }\n      publicKeyObject = SubjectPublicKeyInfoASN.decode(publicKey, \"der\");\n    } else if (originalFormat === \"pem\") {\n      if (typeof publicKey !== \"string\") {\n        throw \"public key must be a string\";\n      }\n      publicKeyObject = SubjectPublicKeyInfoASN.decode(\n        publicKey,\n        \"pem\",\n        this.options.publicPEMOptions,\n      );\n    } else {\n      throw \"invalid public key format\";\n    }\n\n    /* Export the private key object to the desired format */\n    if (destinationFormat === \"raw\") {\n      return publicKeyObject.pub.data.toString(\"hex\");\n    } else if (destinationFormat === \"der\") {\n      return SubjectPublicKeyInfoASN.encode(publicKeyObject, \"der\").toString(\"hex\");\n    } else if (destinationFormat === \"pem\") {\n      return SubjectPublicKeyInfoASN.encode(publicKeyObject, \"pem\", this.options.publicPEMOptions);\n    } else {\n      throw \"invalid destination format for public key\";\n    }\n  }\n}\n"]}

package/lib/chunk-5E5DWDE6.js

@@ -0,0 +1,97 @@
+"use strict";Object.defineProperty(exports, "__esModule", {value: true}); function _interopRequireDefault(obj) { return obj && obj.__esModule ? obj : { default: obj }; }
+
+var _chunkQTAB7ADKjs = require('./chunk-QTAB7ADK.js');
+
+// src/createNetwork.ts
+var _axios = require('axios'); var _axios2 = _interopRequireDefault(_axios);
+var _chalk = require('chalk'); var _chalk2 = _interopRequireDefault(_chalk);
+var _https = require('https'); var _https2 = _interopRequireDefault(_https);
+var GateError = class _GateError extends Error {
+  constructor({ code, message, name }) {
+    super(message);
+    this.message = `(${code}) ${message}`;
+    this.name = name;
+    Error.captureStackTrace(this, _GateError);
+  }
+};
+var NetworkError = class _NetworkError extends Error {
+  constructor(payload, prefix) {
+    const { status, statusText } = payload;
+    let message = statusText || "Unknown error";
+    if (payload.data && payload.data.message) {
+      message = payload.data.message;
+    }
+    super(message);
+    this.message = "";
+    this.name = `Network error (${prefix}) ${status}: ${message}`;
+    Error.captureStackTrace(this, _NetworkError);
+  }
+};
+function createNetwork(networkOptions) {
+  return async function request(method, url, data = {}, requestOptions = {}) {
+    let debugPrefix = "";
+    try {
+      let token = networkOptions.token || null;
+      const { networkDelay, httpsAgent } = networkOptions;
+      if (networkOptions.injectToken) {
+        token = networkOptions.injectToken();
+      }
+      const headers = {
+        "Content-Type": "application/json",
+        ...requestOptions.headers ? requestOptions.headers : {},
+        ...token ? { "X-Ledger-Auth": token } : {}
+      };
+      const axiosParams = {
+        method,
+        url: `${networkOptions.baseURL}${url}`,
+        data,
+        headers,
+        httpsAgent: httpsAgent || new _https2.default.Agent({
+          rejectUnauthorized: false
+        })
+      };
+      if (requestOptions.raw) {
+        Object.assign(axiosParams.headers, { "Content-Type": "application/octet-stream" });
+        Object.assign(axiosParams, { responseType: "arraybuffer" });
+      }
+      debugPrefix = `${axiosParams.method} ${axiosParams.url}`;
+      if (process.env.DEBUG) {
+        let msg = "";
+        msg += `${axiosParams.method} ${axiosParams.url} `;
+        if (data && Object.keys(data).length > 0) {
+          msg += JSON.stringify(data);
+        }
+        console.log(_chalk2.default`{grey ${msg}}`);
+      }
+      if (typeof networkDelay === "number") {
+        await _chunkQTAB7ADKjs.wait.call(void 0, networkDelay);
+      }
+      const res = await _axios2.default.request(axiosParams);
+      if (networkOptions.interceptToken && res.headers && res.headers["set-cookie"]) {
+        const tokenRow = res.headers["set-cookie"].find(
+          (h) => h.startsWith("ledger_token")
+        );
+        if (tokenRow) {
+          const [leftPart] = tokenRow.split(";");
+          const token2 = leftPart.substr("ledger_token=".length);
+          networkOptions.interceptToken(token2);
+        }
+      }
+      return res.data;
+    } catch (err) {
+      if (!err.response) {
+        throw err;
+      }
+      const { data: data2 } = err.response;
+      if (data2 && data2.code && data2.message && data2.name) {
+        throw new GateError(data2);
+      }
+      throw new NetworkError(err.response, debugPrefix);
+    }
+  };
+}
+
+
+
+exports.createNetwork = createNetwork;
+//# sourceMappingURL=chunk-5E5DWDE6.js.map

package/lib/chunk-5E5DWDE6.js.map

@@ -0,0 +1 @@
+{"version":3,"sources":["/home/runner/work/vault-ts/vault-ts/packages/common/lib/chunk-5E5DWDE6.js","../src/createNetwork.ts"],"names":["token"],"mappings":"AAAA;AACE;AACF,sDAA4B;AAC5B;AACA;ACJA,4EAAkB;AAClB,4EAAkB;AAClB,4EAA6B;AAmBtB,IAAM,UAAA,EAAN,MAAM,WAAA,QAAkB,MAAM;AAAA,EACnC,WAAA,CAAY,EAAE,IAAA,EAAM,OAAA,EAAS,KAAK,CAAA,EAAqB;AACrD,IAAA,KAAA,CAAM,OAAO,CAAA;AACb,IAAA,IAAA,CAAK,QAAA,EAAU,CAAA,CAAA,EAAI,IAAI,CAAA,EAAA,EAAK,OAAO,CAAA,CAAA;AACvB,IAAA;AACkB,IAAA;AAChC,EAAA;AACF;AAOa;AAC+C,EAAA;AACzB,IAAA;AACH,IAAA;AAEK,IAAA;AAER,MAAA;AACzB,IAAA;AACa,IAAA;AACE,IAAA;AACqB,IAAA;AACN,IAAA;AAChC,EAAA;AACF;AAEsE;AAGlE,EAAA;AAIkB,IAAA;AACd,IAAA;AACyB,MAAA;AACM,MAAA;AACD,MAAA;AACP,QAAA;AACzB,MAAA;AACgB,MAAA;AACE,QAAA;AACa,QAAA;AACE,QAAA;AACjC,MAAA;AACoB,MAAA;AAClB,QAAA;AAC8B,QAAA;AAC9B,QAAA;AACA,QAAA;AAGM,QAAA;AACkB,UAAA;AACrB,QAAA;AACL,MAAA;AAGwB,MAAA;AACI,QAAA;AACG,QAAA;AAC/B,MAAA;AAE6B,MAAA;AAGN,MAAA;AACX,QAAA;AACsB,QAAA;AACF,QAAA;AACF,UAAA;AAC5B,QAAA;AAEgC,QAAA;AAClC,MAAA;AAC4B,MAAA;AACH,QAAA;AACzB,MAAA;AAEgC,MAAA;AAEb,MAAA;AACY,QAAA;AACd,UAAA;AACf,QAAA;AACc,QAAA;AACgB,UAAA;AACL,UAAA;AACOA,UAAAA;AAChC,QAAA;AACF,MAAA;AACW,MAAA;AACC,IAAA;AAEO,MAAA;AACX,QAAA;AACR,MAAA;AAEqB,MAAA;AACS,MAAA;AACJ,QAAA;AAC1B,MAAA;AAE2B,MAAA;AAC7B,IAAA;AACF,EAAA;AACF;ADvCwC;AACA;AACA;AACA","file":"/home/runner/work/vault-ts/vault-ts/packages/common/lib/chunk-5E5DWDE6.js","sourcesContent":[null,"import axios from \"axios\";\nimport chalk from \"chalk\";\nimport https, { Agent } from \"https\";\n\nimport { wait } from \"./utils\";\n\ninterface NetworkOptions {\n  baseURL: string;\n  token?: string;\n  interceptToken?: (token: string) => void;\n  injectToken?: () => string | null;\n  httpsAgent?: Agent;\n  networkDelay?: number;\n}\n\ninterface GateErrorPayload {\n  code: number;\n  message: string;\n  name: string;\n}\n\nexport class GateError extends Error {\n  constructor({ code, message, name }: GateErrorPayload) {\n    super(message);\n    this.message = `(${code}) ${message}`;\n    this.name = name;\n    Error.captureStackTrace(this, GateError);\n  }\n}\n\ntype NetworkErrorPayload = {\n  status: number;\n  statusText: string;\n};\n\nexport class NetworkError extends Error {\n  constructor(payload: NetworkErrorPayload, prefix: string) {\n    const { status, statusText } = payload;\n    let message = statusText || \"Unknown error\";\n    // @ts-ignore\n    if (payload.data && payload.data.message) {\n      // @ts-ignore\n      message = payload.data.message;\n    }\n    super(message);\n    this.message = \"\";\n    this.name = `Network error (${prefix}) ${status}: ${message}`;\n    Error.captureStackTrace(this, NetworkError);\n  }\n}\n\nexport default function createNetwork(networkOptions: NetworkOptions) {\n  return async function request<T = any>(\n    method: \"POST\" | \"GET\" | \"DELETE\" | \"PUT\",\n    url: string,\n    data: any = {},\n    requestOptions: any = {},\n  ): Promise<T> {\n    let debugPrefix = \"\";\n    try {\n      let token = networkOptions.token || null;\n      const { networkDelay, httpsAgent } = networkOptions;\n      if (networkOptions.injectToken) {\n        token = networkOptions.injectToken();\n      }\n      const headers = {\n        \"Content-Type\": \"application/json\",\n        ...(requestOptions.headers ? requestOptions.headers : {}),\n        ...(token ? { \"X-Ledger-Auth\": token } : {}),\n      };\n      const axiosParams = {\n        method,\n        url: `${networkOptions.baseURL}${url}`,\n        data,\n        headers,\n        httpsAgent:\n          httpsAgent ||\n          new https.Agent({\n            rejectUnauthorized: false,\n          }),\n      };\n\n      // ability to request raw data (as Buffer)\n      if (requestOptions.raw) {\n        Object.assign(axiosParams.headers, { \"Content-Type\": \"application/octet-stream\" });\n        Object.assign(axiosParams, { responseType: \"arraybuffer\" });\n      }\n\n      debugPrefix = `${axiosParams.method} ${axiosParams.url}`;\n\n      /* istanbul ignore next */\n      if (process.env.DEBUG) {\n        let msg = \"\";\n        msg += `${axiosParams.method} ${axiosParams.url} `;\n        if (data && Object.keys(data).length > 0) {\n          msg += JSON.stringify(data);\n        }\n        // eslint-disable-next-line no-console\n        console.log(chalk`{grey ${msg}}`);\n      }\n      if (typeof networkDelay === \"number\") {\n        await wait(networkDelay);\n      }\n\n      const res = await axios.request(axiosParams);\n\n      if (networkOptions.interceptToken && res.headers && res.headers[\"set-cookie\"]) {\n        const tokenRow = res.headers[\"set-cookie\"].find((h: string) =>\n          h.startsWith(\"ledger_token\"),\n        );\n        if (tokenRow) {\n          const [leftPart] = tokenRow.split(\";\");\n          const token = leftPart.substr(\"ledger_token=\".length);\n          networkOptions.interceptToken(token);\n        }\n      }\n      return res.data;\n    } catch (err) {\n      // @ts-expect-error\n      if (!err.response) {\n        throw err;\n      }\n      // @ts-expect-error\n      const { data } = err.response;\n      if (data && data.code && data.message && data.name) {\n        throw new GateError(data);\n      }\n      // @ts-expect-error\n      throw new NetworkError(err.response, debugPrefix);\n    }\n  };\n}\n"]}

package/lib/chunk-63T7EDKZ.mjs

@@ -0,0 +1,83 @@
+import {
+  createNetwork
+} from "./chunk-PB4BEIPE.mjs";
+
+// src/createHSMBridge.ts
+import { SILENT_LOGGER } from "@ledgerhq/vault-utils";
+import axios from "axios";
+import https from "https";
+function createHSMBridge(options) {
+  const { monotonicCountersSize, fileSystemSize } = options;
+  const httpsAgent = new https.Agent({
+    cert: options.hsmCert,
+    key: options.hsmCertKey
+  });
+  const hsmEndpoint = options.hsmEndpoint.replace("/process", "");
+  const hsmNetworkOptions = {
+    baseURL: hsmEndpoint,
+    httpsAgent
+  };
+  const hsmNetwork = createNetwork(hsmNetworkOptions);
+  const raw = axios.create({ baseURL: hsmEndpoint, httpsAgent });
+  return {
+    backupCompartment: async (cid) => {
+      const [internalfs, counters] = await Promise.all([
+        raw.get(`/compartments/${cid}/internalfs`, { responseType: "arraybuffer" }),
+        raw.get(`/compartments/${cid}/counters`, { responseType: "arraybuffer" })
+      ]);
+      return {
+        internalfs: internalfs.data.toString("hex"),
+        counters: counters.data.toString("hex")
+      };
+    },
+    restoreCompartment: async (cid, data, { logger = SILENT_LOGGER } = {}) => {
+      logger.info("Restoring internalfs...");
+      await raw.put(`/compartments/${cid}/internalfs`, Buffer.from(data.internalfs, "hex"));
+      logger.info("Restoring counters...");
+      await raw.put(`/compartments/${cid}/counters`, Buffer.from(data.counters, "hex"));
+      logger.success("Successfully restored compartment");
+    },
+    initCompartment: async ({ logger = SILENT_LOGGER } = {}) => {
+      const res = await hsmNetwork("POST", "/compartments", {});
+      logger.info(`Created compartment ${res.id}`);
+      return res.id;
+    },
+    resetCompartment: async (compartmentID, { logger = SILENT_LOGGER }) => {
+      try {
+        await hsmNetwork("DELETE", `/compartments/${compartmentID}`);
+        logger.info(`Removed compartment ${compartmentID}`);
+      } catch (err) {
+        logger.info(`Arf! Problem deleting compartment apparently: ${err.toString()}`);
+        logger.info("But let's pretend we don't care and let's continue");
+      }
+      try {
+        const slots = await hsmNetwork("GET", "/slots");
+        const compartmentSlots = slots.filter((slot) => slot.userId === compartmentID);
+        for (let i = 0; i < compartmentSlots.length; i++) {
+          const slot = compartmentSlots[i];
+          if (!slot) throw new Error("Invalid slot");
+          await hsmNetwork("DELETE", `/slots/${slot.id}`);
+          logger.info(`Removed slot ${slot.id}`);
+        }
+      } catch (err) {
+        logger.info(`Ouch! Little error there: ${err.toString()}`);
+        logger.info("There was a problem getting slots, but let's continue anyway, i mean.");
+      }
+      const payload = { id: compartmentID };
+      if (monotonicCountersSize) {
+        Object.assign(payload, { monotonicCountersSize });
+      }
+      if (fileSystemSize) {
+        Object.assign(payload, { fileSystemSize });
+      }
+      await hsmNetwork("POST", "/compartments", payload);
+      logger.info(`Created compartment ${compartmentID}`);
+    }
+  };
+}
+var createHSMBridge_default = createHSMBridge;
+
+export {
+  createHSMBridge_default
+};
+//# sourceMappingURL=chunk-63T7EDKZ.mjs.map