@mysten/seal 0.0.0-experimental-20250425213912 → 0.0.0-experimental-20250428114433

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (32) hide show
  1. package/CHANGELOG.md +2 -2
  2. package/dist/cjs/error.d.ts +8 -0
  3. package/dist/cjs/error.js +19 -0
  4. package/dist/cjs/error.js.map +2 -2
  5. package/dist/cjs/key-server.d.ts +8 -0
  6. package/dist/cjs/key-server.js +17 -1
  7. package/dist/cjs/key-server.js.map +2 -2
  8. package/dist/cjs/keys.js +2 -0
  9. package/dist/cjs/keys.js.map +2 -2
  10. package/dist/cjs/utils.d.ts +10 -0
  11. package/dist/cjs/utils.js +21 -0
  12. package/dist/cjs/utils.js.map +2 -2
  13. package/dist/cjs/version.d.ts +1 -1
  14. package/dist/cjs/version.js +1 -1
  15. package/dist/cjs/version.js.map +1 -1
  16. package/dist/esm/error.d.ts +8 -0
  17. package/dist/esm/error.js +19 -0
  18. package/dist/esm/error.js.map +2 -2
  19. package/dist/esm/key-server.d.ts +8 -0
  20. package/dist/esm/key-server.js +18 -1
  21. package/dist/esm/key-server.js.map +2 -2
  22. package/dist/esm/keys.js +2 -0
  23. package/dist/esm/keys.js.map +2 -2
  24. package/dist/esm/utils.d.ts +10 -0
  25. package/dist/esm/utils.js +21 -0
  26. package/dist/esm/utils.js.map +2 -2
  27. package/dist/esm/version.d.ts +1 -1
  28. package/dist/esm/version.js +1 -1
  29. package/dist/esm/version.js.map +1 -1
  30. package/dist/tsconfig.esm.tsbuildinfo +1 -1
  31. package/dist/tsconfig.tsbuildinfo +1 -1
  32. package/package.json +2 -2
package/CHANGELOG.md CHANGED
@@ -1,6 +1,6 @@
1
1
  # @mysten/seal
2
2
 
3
- ## 0.0.0-experimental-20250425213912
3
+ ## 0.0.0-experimental-20250428114433
4
4
 
5
5
  ### Patch Changes
6
6
 
@@ -9,7 +9,7 @@
9
9
  - Updated dependencies [7d66a32]
10
10
  - Updated dependencies [eb91fba]
11
11
  - Updated dependencies [19a8045]
12
- - @mysten/sui@0.0.0-experimental-20250425213912
12
+ - @mysten/sui@0.0.0-experimental-20250428114433
13
13
 
14
14
  ## 0.4.0
15
15
 
package/dist/cjs/error.d.ts CHANGED
@@ -24,6 +24,12 @@ export declare class InvalidUserSignatureError extends SealAPIError {
24
24
  export declare class InvalidSessionKeySignatureError extends SealAPIError {
25
25
  constructor(requestId?: string);
26
26
  }
27
+ export declare class InvalidSDKVersionError extends SealAPIError {
28
+ constructor(requestId?: string);
29
+ }
30
+ export declare class DeprecatedSDKVersionError extends SealAPIError {
31
+ constructor(requestId?: string);
32
+ }
27
33
  /** Server error indicating that the user does not have access to one or more of the requested keys */
28
34
  export declare class NoAccessError extends SealAPIError {
29
35
  constructor(requestId?: string);
@@ -49,6 +55,8 @@ export declare class UnsupportedNetworkError extends UserError {
49
55
  }
50
56
  export declare class InvalidKeyServerError extends UserError {
51
57
  }
58
+ export declare class InvalidKeyServerVersionError extends UserError {
59
+ }
52
60
  export declare class InvalidCiphertextError extends UserError {
53
61
  }
54
62
  export declare class InvalidThresholdError extends UserError {
package/dist/cjs/error.js CHANGED
@@ -24,6 +24,7 @@ var __privateAdd = (obj, member, value) => member.has(obj) ? __typeError("Cannot
24
24
  var __privateMethod = (obj, member, method) => (__accessCheck(obj, member, "access private method"), method);
25
25
  var error_exports = {};
26
26
  __export(error_exports, {
27
+ DeprecatedSDKVersionError: () => DeprecatedSDKVersionError,
27
28
  ExpiredSessionKeyError: () => ExpiredSessionKeyError,
28
29
  GeneralError: () => GeneralError,
29
30
  InconsistentKeyServersError: () => InconsistentKeyServersError,
@@ -31,9 +32,11 @@ __export(error_exports, {
31
32
  InvalidCiphertextError: () => InvalidCiphertextError,
32
33
  InvalidGetObjectError: () => InvalidGetObjectError,
33
34
  InvalidKeyServerError: () => InvalidKeyServerError,
35
+ InvalidKeyServerVersionError: () => InvalidKeyServerVersionError,
34
36
  InvalidPTBError: () => InvalidPTBError,
35
37
  InvalidPackageError: () => InvalidPackageError,
36
38
  InvalidPersonalMessageSignatureError: () => InvalidPersonalMessageSignatureError,
39
+ InvalidSDKVersionError: () => InvalidSDKVersionError,
37
40
  InvalidSessionKeySignatureError: () => InvalidSessionKeySignatureError,
38
41
  InvalidThresholdError: () => InvalidThresholdError,
39
42
  InvalidUserSignatureError: () => InvalidUserSignatureError,
@@ -92,6 +95,10 @@ generate_fn = function(error, message, requestId, status) {
92
95
  return new InvalidUserSignatureError(requestId);
93
96
  case "InvalidSessionSignature":
94
97
  return new InvalidSessionKeySignatureError(requestId);
98
+ case "InvalidSDKVersion":
99
+ return new InvalidSDKVersionError(requestId);
100
+ case "DeprecatedSDKVersion":
101
+ return new DeprecatedSDKVersionError(requestId);
95
102
  case "Failure":
96
103
  return new InternalError(requestId);
97
104
  default:
@@ -125,6 +132,16 @@ class InvalidSessionKeySignatureError extends SealAPIError {
125
132
  super("Session key signature is invalid", requestId);
126
133
  }
127
134
  }
135
+ class InvalidSDKVersionError extends SealAPIError {
136
+ constructor(requestId) {
137
+ super("SDK version is invalid", requestId);
138
+ }
139
+ }
140
+ class DeprecatedSDKVersionError extends SealAPIError {
141
+ constructor(requestId) {
142
+ super("SDK version is deprecated", requestId);
143
+ }
144
+ }
128
145
  class NoAccessError extends SealAPIError {
129
146
  constructor(requestId) {
130
147
  super("User does not have access to one or more of the requested keys", requestId);
@@ -152,6 +169,8 @@ class UnsupportedNetworkError extends UserError {
152
169
  }
153
170
  class InvalidKeyServerError extends UserError {
154
171
  }
172
+ class InvalidKeyServerVersionError extends UserError {
173
+ }
155
174
  class InvalidCiphertextError extends UserError {
156
175
  }
157
176
  class InvalidThresholdError extends UserError {
package/dist/cjs/error.js.map CHANGED
@@ -1,7 +1,7 @@
1
1
  {
2
2
  "version": 3,
3
3
  "sources": ["../../src/error.ts"],
4
- "sourcesContent": ["// Copyright (c) Mysten Labs, Inc.\n// SPDX-License-Identifier: Apache-2.0\n\nexport class SealError extends Error {}\n\nexport class UserError extends SealError {}\n\n// Errors returned by the Seal server\nexport class SealAPIError extends SealError {\n\tconstructor(\n\t\tmessage: string,\n\t\tpublic requestId?: string,\n\t\tpublic status?: number,\n\t) {\n\t\tsuper(message);\n\t}\n\n\tstatic #generate(error: string, message: string, requestId: string, status?: number) {\n\t\tswitch (error) {\n\t\t\tcase 'InvalidPTB':\n\t\t\t\treturn new InvalidPTBError(requestId, message);\n\t\t\tcase 'InvalidPackage':\n\t\t\t\treturn new InvalidPackageError(requestId);\n\t\t\tcase 'NoAccess':\n\t\t\t\treturn new NoAccessError(requestId);\n\t\t\tcase 'InvalidCertificate':\n\t\t\t\treturn new ExpiredSessionKeyError(requestId);\n\t\t\tcase 'OldPackageVersion':\n\t\t\t\treturn new OldPackageError(requestId);\n\t\t\tcase 'InvalidSignature':\n\t\t\t\treturn new InvalidUserSignatureError(requestId);\n\t\t\tcase 'InvalidSessionSignature':\n\t\t\t\treturn new InvalidSessionKeySignatureError(requestId);\n\t\t\tcase 'Failure':\n\t\t\t\treturn new InternalError(requestId);\n\t\t\tdefault:\n\t\t\t\treturn new GeneralError(message, requestId, status);\n\t\t}\n\t}\n\n\tstatic async assertResponse(response: Response, requestId: string) {\n\t\tif (response.ok) {\n\t\t\treturn;\n\t\t}\n\t\tlet errorInstance: SealAPIError;\n\t\ttry {\n\t\t\tconst text = await response.text();\n\t\t\tconst error = JSON.parse(text)['error'];\n\t\t\tconst message = JSON.parse(text)['message'];\n\t\t\terrorInstance = SealAPIError.#generate(error, message, requestId);\n\t\t} catch (e) {\n\t\t\t// If we can't parse the response as JSON or if it doesn't have the expected format,\n\t\t\t// fall back to using the status text\n\t\t\terrorInstance = new GeneralError(response.statusText, requestId, response.status);\n\t\t}\n\t\tthrow errorInstance;\n\t}\n}\n\n// Errors returned by the Seal server that indicate that the PTB is invalid\n\nexport class InvalidPTBError extends SealAPIError {\n\tconstructor(requestId?: string, message?: string) {\n\t\tsuper('PTB does not conform to the expected format ' + message, requestId);\n\t}\n}\n\nexport class InvalidPackageError extends SealAPIError {\n\tconstructor(requestId?: string) {\n\t\tsuper('Package ID used in PTB is invalid', requestId);\n\t}\n}\n\nexport class OldPackageError extends SealAPIError {\n\tconstructor(requestId?: string) {\n\t\tsuper('PTB must call the latest version of the package', requestId);\n\t}\n}\n\n// Errors returned by the Seal server that indicate that the user's signature is invalid\n\nexport class InvalidUserSignatureError extends SealAPIError {\n\tconstructor(requestId?: string) {\n\t\tsuper('User signature on the session key is invalid', requestId);\n\t}\n}\n\nexport class InvalidSessionKeySignatureError extends SealAPIError {\n\tconstructor(requestId?: string) {\n\t\tsuper('Session key signature is invalid', requestId);\n\t}\n}\n\n/** Server error indicating that the user does not have access to one or more of the requested keys */\nexport class NoAccessError extends SealAPIError {\n\tconstructor(requestId?: string) {\n\t\tsuper('User does not have access to one or more of the requested keys', requestId);\n\t}\n}\n\n/** Server error indicating that the session key has expired */\nexport class ExpiredSessionKeyError extends SealAPIError {\n\tconstructor(requestId?: string) {\n\t\tsuper('Session key has expired', requestId);\n\t}\n}\n\n/** Internal server error, caller should retry */\nexport class InternalError extends SealAPIError {\n\tconstructor(requestId?: string) {\n\t\tsuper('Internal server error, caller should retry', requestId);\n\t}\n}\n\n/** General server errors that are not specific to the Seal API (e.g., 404 \"Not Found\") */\nexport class GeneralError extends SealAPIError {}\n\n// Errors returned by the SDK\nexport class InvalidPersonalMessageSignatureError extends UserError {}\nexport class InvalidGetObjectError extends UserError {}\nexport class UnsupportedFeatureError extends UserError {}\nexport class UnsupportedNetworkError extends UserError {}\nexport class InvalidKeyServerError extends UserError {}\nexport class InvalidCiphertextError extends UserError {}\nexport class InvalidThresholdError extends UserError {}\nexport class InconsistentKeyServersError extends UserError {}\n\nexport function toMajorityError(errors: Error[]): Error {\n\tlet maxCount = 0;\n\tlet majorityError = errors[0];\n\tconst counts = new Map<string, number>();\n\tfor (const error of errors) {\n\t\tconst errorName = error.constructor.name;\n\t\tconst newCount = (counts.get(errorName) || 0) + 1;\n\t\tcounts.set(errorName, newCount);\n\n\t\tif (newCount > maxCount) {\n\t\t\tmaxCount = newCount;\n\t\t\tmajorityError = error;\n\t\t}\n\t}\n\n\treturn majorityError;\n}\n"],
5
- "mappings": ";;;;;;;;;;;;;;;;;;;;;;;;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAGO,MAAM,kBAAkB,MAAM;AAAC;AAE/B,MAAM,kBAAkB,UAAU;AAAC;AAGnC,MAAM,gBAAN,MAAM,sBAAqB,UAAU;AAAA,EAC3C,YACC,SACO,WACA,QACN;AACD,UAAM,OAAO;AAHN;AACA;AAAA,EAGR;AAAA,EAyBA,aAAa,eAAe,UAAoB,WAAmB;AAxCpE;AAyCE,QAAI,SAAS,IAAI;AAChB;AAAA,IACD;AACA,QAAI;AACJ,QAAI;AACH,YAAM,OAAO,MAAM,SAAS,KAAK;AACjC,YAAM,QAAQ,KAAK,MAAM,IAAI,EAAE,OAAO;AACtC,YAAM,UAAU,KAAK,MAAM,IAAI,EAAE,SAAS;AAC1C,sBAAgB,oCAAa,mCAAb,SAAuB,OAAO,SAAS;AAAA,IACxD,SAAS,GAAG;AAGX,sBAAgB,IAAI,aAAa,SAAS,YAAY,WAAW,SAAS,MAAM;AAAA,IACjF;AACA,UAAM;AAAA,EACP;AACD;AAjDO;AASC,cAAS,SAAC,OAAe,SAAiB,WAAmB,QAAiB;AACpF,UAAQ,OAAO;AAAA,IACd,KAAK;AACJ,aAAO,IAAI,gBAAgB,WAAW,OAAO;AAAA,IAC9C,KAAK;AACJ,aAAO,IAAI,oBAAoB,SAAS;AAAA,IACzC,KAAK;AACJ,aAAO,IAAI,cAAc,SAAS;AAAA,IACnC,KAAK;AACJ,aAAO,IAAI,uBAAuB,SAAS;AAAA,IAC5C,KAAK;AACJ,aAAO,IAAI,gBAAgB,SAAS;AAAA,IACrC,KAAK;AACJ,aAAO,IAAI,0BAA0B,SAAS;AAAA,IAC/C,KAAK;AACJ,aAAO,IAAI,gCAAgC,SAAS;AAAA,IACrD,KAAK;AACJ,aAAO,IAAI,cAAc,SAAS;AAAA,IACnC;AACC,aAAO,IAAI,aAAa,SAAS,WAAW,MAAM;AAAA,EACpD;AACD;AA9BM,aAAM,eAAN;AAAA,IAAM,eAAN;AAqDA,MAAM,wBAAwB,aAAa;AAAA,EACjD,YAAY,WAAoB,SAAkB;AACjD,UAAM,iDAAiD,SAAS,SAAS;AAAA,EAC1E;AACD;AAEO,MAAM,4BAA4B,aAAa;AAAA,EACrD,YAAY,WAAoB;AAC/B,UAAM,qCAAqC,SAAS;AAAA,EACrD;AACD;AAEO,MAAM,wBAAwB,aAAa;AAAA,EACjD,YAAY,WAAoB;AAC/B,UAAM,mDAAmD,SAAS;AAAA,EACnE;AACD;AAIO,MAAM,kCAAkC,aAAa;AAAA,EAC3D,YAAY,WAAoB;AAC/B,UAAM,gDAAgD,SAAS;AAAA,EAChE;AACD;AAEO,MAAM,wCAAwC,aAAa;AAAA,EACjE,YAAY,WAAoB;AAC/B,UAAM,oCAAoC,SAAS;AAAA,EACpD;AACD;AAGO,MAAM,sBAAsB,aAAa;AAAA,EAC/C,YAAY,WAAoB;AAC/B,UAAM,kEAAkE,SAAS;AAAA,EAClF;AACD;AAGO,MAAM,+BAA+B,aAAa;AAAA,EACxD,YAAY,WAAoB;AAC/B,UAAM,2BAA2B,SAAS;AAAA,EAC3C;AACD;AAGO,MAAM,sBAAsB,aAAa;AAAA,EAC/C,YAAY,WAAoB;AAC/B,UAAM,8CAA8C,SAAS;AAAA,EAC9D;AACD;AAGO,MAAM,qBAAqB,aAAa;AAAC;AAGzC,MAAM,6CAA6C,UAAU;AAAC;AAC9D,MAAM,8BAA8B,UAAU;AAAC;AAC/C,MAAM,gCAAgC,UAAU;AAAC;AACjD,MAAM,gCAAgC,UAAU;AAAC;AACjD,MAAM,8BAA8B,UAAU;AAAC;AAC/C,MAAM,+BAA+B,UAAU;AAAC;AAChD,MAAM,8BAA8B,UAAU;AAAC;AAC/C,MAAM,oCAAoC,UAAU;AAAC;AAErD,SAAS,gBAAgB,QAAwB;AACvD,MAAI,WAAW;AACf,MAAI,gBAAgB,OAAO,CAAC;AAC5B,QAAM,SAAS,oBAAI,IAAoB;AACvC,aAAW,SAAS,QAAQ;AAC3B,UAAM,YAAY,MAAM,YAAY;AACpC,UAAM,YAAY,OAAO,IAAI,SAAS,KAAK,KAAK;AAChD,WAAO,IAAI,WAAW,QAAQ;AAE9B,QAAI,WAAW,UAAU;AACxB,iBAAW;AACX,sBAAgB;AAAA,IACjB;AAAA,EACD;AAEA,SAAO;AACR;",
4
+ "sourcesContent": ["// Copyright (c) Mysten Labs, Inc.\n// SPDX-License-Identifier: Apache-2.0\n\nexport class SealError extends Error {}\n\nexport class UserError extends SealError {}\n\n// Errors returned by the Seal server\nexport class SealAPIError extends SealError {\n\tconstructor(\n\t\tmessage: string,\n\t\tpublic requestId?: string,\n\t\tpublic status?: number,\n\t) {\n\t\tsuper(message);\n\t}\n\n\tstatic #generate(error: string, message: string, requestId: string, status?: number) {\n\t\tswitch (error) {\n\t\t\tcase 'InvalidPTB':\n\t\t\t\treturn new InvalidPTBError(requestId, message);\n\t\t\tcase 'InvalidPackage':\n\t\t\t\treturn new InvalidPackageError(requestId);\n\t\t\tcase 'NoAccess':\n\t\t\t\treturn new NoAccessError(requestId);\n\t\t\tcase 'InvalidCertificate':\n\t\t\t\treturn new ExpiredSessionKeyError(requestId);\n\t\t\tcase 'OldPackageVersion':\n\t\t\t\treturn new OldPackageError(requestId);\n\t\t\tcase 'InvalidSignature':\n\t\t\t\treturn new InvalidUserSignatureError(requestId);\n\t\t\tcase 'InvalidSessionSignature':\n\t\t\t\treturn new InvalidSessionKeySignatureError(requestId);\n\t\t\tcase 'InvalidSDKVersion':\n\t\t\t\treturn new InvalidSDKVersionError(requestId);\n\t\t\tcase 'DeprecatedSDKVersion':\n\t\t\t\treturn new DeprecatedSDKVersionError(requestId);\n\t\t\tcase 'Failure':\n\t\t\t\treturn new InternalError(requestId);\n\t\t\tdefault:\n\t\t\t\treturn new GeneralError(message, requestId, status);\n\t\t}\n\t}\n\n\tstatic async assertResponse(response: Response, requestId: string) {\n\t\tif (response.ok) {\n\t\t\treturn;\n\t\t}\n\t\tlet errorInstance: SealAPIError;\n\t\ttry {\n\t\t\tconst text = await response.text();\n\t\t\tconst error = JSON.parse(text)['error'];\n\t\t\tconst message = JSON.parse(text)['message'];\n\t\t\terrorInstance = SealAPIError.#generate(error, message, requestId);\n\t\t} catch (e) {\n\t\t\t// If we can't parse the response as JSON or if it doesn't have the expected format,\n\t\t\t// fall back to using the status text\n\t\t\terrorInstance = new GeneralError(response.statusText, requestId, response.status);\n\t\t}\n\t\tthrow errorInstance;\n\t}\n}\n\n// Errors returned by the Seal server that indicate that the PTB is invalid\n\nexport class InvalidPTBError extends SealAPIError {\n\tconstructor(requestId?: string, message?: string) {\n\t\tsuper('PTB does not conform to the expected format ' + message, requestId);\n\t}\n}\n\nexport class InvalidPackageError extends SealAPIError {\n\tconstructor(requestId?: string) {\n\t\tsuper('Package ID used in PTB is invalid', requestId);\n\t}\n}\n\nexport class OldPackageError extends SealAPIError {\n\tconstructor(requestId?: string) {\n\t\tsuper('PTB must call the latest version of the package', requestId);\n\t}\n}\n\n// Errors returned by the Seal server that indicate that the user's signature is invalid\n\nexport class InvalidUserSignatureError extends SealAPIError {\n\tconstructor(requestId?: string) {\n\t\tsuper('User signature on the session key is invalid', requestId);\n\t}\n}\n\nexport class InvalidSessionKeySignatureError extends SealAPIError {\n\tconstructor(requestId?: string) {\n\t\tsuper('Session key signature is invalid', requestId);\n\t}\n}\n\n// Errors returned by the Seal server that indicate that the SDK version is invalid (implying that HTTP headers used by the SDK are being removed) or deprecated (implying that the SDK should be upgraded).\n\nexport class InvalidSDKVersionError extends SealAPIError {\n\tconstructor(requestId?: string) {\n\t\tsuper('SDK version is invalid', requestId);\n\t}\n}\n\nexport class DeprecatedSDKVersionError extends SealAPIError {\n\tconstructor(requestId?: string) {\n\t\tsuper('SDK version is deprecated', requestId);\n\t}\n}\n\n/** Server error indicating that the user does not have access to one or more of the requested keys */\nexport class NoAccessError extends SealAPIError {\n\tconstructor(requestId?: string) {\n\t\tsuper('User does not have access to one or more of the requested keys', requestId);\n\t}\n}\n\n/** Server error indicating that the session key has expired */\nexport class ExpiredSessionKeyError extends SealAPIError {\n\tconstructor(requestId?: string) {\n\t\tsuper('Session key has expired', requestId);\n\t}\n}\n\n/** Internal server error, caller should retry */\nexport class InternalError extends SealAPIError {\n\tconstructor(requestId?: string) {\n\t\tsuper('Internal server error, caller should retry', requestId);\n\t}\n}\n\n/** General server errors that are not specific to the Seal API (e.g., 404 \"Not Found\") */\nexport class GeneralError extends SealAPIError {}\n\n// Errors returned by the SDK\nexport class InvalidPersonalMessageSignatureError extends UserError {}\nexport class InvalidGetObjectError extends UserError {}\nexport class UnsupportedFeatureError extends UserError {}\nexport class UnsupportedNetworkError extends UserError {}\nexport class InvalidKeyServerError extends UserError {}\nexport class InvalidKeyServerVersionError extends UserError {}\nexport class InvalidCiphertextError extends UserError {}\nexport class InvalidThresholdError extends UserError {}\nexport class InconsistentKeyServersError extends UserError {}\n\nexport function toMajorityError(errors: Error[]): Error {\n\tlet maxCount = 0;\n\tlet majorityError = errors[0];\n\tconst counts = new Map<string, number>();\n\tfor (const error of errors) {\n\t\tconst errorName = error.constructor.name;\n\t\tconst newCount = (counts.get(errorName) || 0) + 1;\n\t\tcounts.set(errorName, newCount);\n\n\t\tif (newCount > maxCount) {\n\t\t\tmaxCount = newCount;\n\t\t\tmajorityError = error;\n\t\t}\n\t}\n\n\treturn majorityError;\n}\n"],
5
+ "mappings": ";;;;;;;;;;;;;;;;;;;;;;;;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAGO,MAAM,kBAAkB,MAAM;AAAC;AAE/B,MAAM,kBAAkB,UAAU;AAAC;AAGnC,MAAM,gBAAN,MAAM,sBAAqB,UAAU;AAAA,EAC3C,YACC,SACO,WACA,QACN;AACD,UAAM,OAAO;AAHN;AACA;AAAA,EAGR;AAAA,EA6BA,aAAa,eAAe,UAAoB,WAAmB;AA5CpE;AA6CE,QAAI,SAAS,IAAI;AAChB;AAAA,IACD;AACA,QAAI;AACJ,QAAI;AACH,YAAM,OAAO,MAAM,SAAS,KAAK;AACjC,YAAM,QAAQ,KAAK,MAAM,IAAI,EAAE,OAAO;AACtC,YAAM,UAAU,KAAK,MAAM,IAAI,EAAE,SAAS;AAC1C,sBAAgB,oCAAa,mCAAb,SAAuB,OAAO,SAAS;AAAA,IACxD,SAAS,GAAG;AAGX,sBAAgB,IAAI,aAAa,SAAS,YAAY,WAAW,SAAS,MAAM;AAAA,IACjF;AACA,UAAM;AAAA,EACP;AACD;AArDO;AASC,cAAS,SAAC,OAAe,SAAiB,WAAmB,QAAiB;AACpF,UAAQ,OAAO;AAAA,IACd,KAAK;AACJ,aAAO,IAAI,gBAAgB,WAAW,OAAO;AAAA,IAC9C,KAAK;AACJ,aAAO,IAAI,oBAAoB,SAAS;AAAA,IACzC,KAAK;AACJ,aAAO,IAAI,cAAc,SAAS;AAAA,IACnC,KAAK;AACJ,aAAO,IAAI,uBAAuB,SAAS;AAAA,IAC5C,KAAK;AACJ,aAAO,IAAI,gBAAgB,SAAS;AAAA,IACrC,KAAK;AACJ,aAAO,IAAI,0BAA0B,SAAS;AAAA,IAC/C,KAAK;AACJ,aAAO,IAAI,gCAAgC,SAAS;AAAA,IACrD,KAAK;AACJ,aAAO,IAAI,uBAAuB,SAAS;AAAA,IAC5C,KAAK;AACJ,aAAO,IAAI,0BAA0B,SAAS;AAAA,IAC/C,KAAK;AACJ,aAAO,IAAI,cAAc,SAAS;AAAA,IACnC;AACC,aAAO,IAAI,aAAa,SAAS,WAAW,MAAM;AAAA,EACpD;AACD;AAlCM,aAAM,eAAN;AAAA,IAAM,eAAN;AAyDA,MAAM,wBAAwB,aAAa;AAAA,EACjD,YAAY,WAAoB,SAAkB;AACjD,UAAM,iDAAiD,SAAS,SAAS;AAAA,EAC1E;AACD;AAEO,MAAM,4BAA4B,aAAa;AAAA,EACrD,YAAY,WAAoB;AAC/B,UAAM,qCAAqC,SAAS;AAAA,EACrD;AACD;AAEO,MAAM,wBAAwB,aAAa;AAAA,EACjD,YAAY,WAAoB;AAC/B,UAAM,mDAAmD,SAAS;AAAA,EACnE;AACD;AAIO,MAAM,kCAAkC,aAAa;AAAA,EAC3D,YAAY,WAAoB;AAC/B,UAAM,gDAAgD,SAAS;AAAA,EAChE;AACD;AAEO,MAAM,wCAAwC,aAAa;AAAA,EACjE,YAAY,WAAoB;AAC/B,UAAM,oCAAoC,SAAS;AAAA,EACpD;AACD;AAIO,MAAM,+BAA+B,aAAa;AAAA,EACxD,YAAY,WAAoB;AAC/B,UAAM,0BAA0B,SAAS;AAAA,EAC1C;AACD;AAEO,MAAM,kCAAkC,aAAa;AAAA,EAC3D,YAAY,WAAoB;AAC/B,UAAM,6BAA6B,SAAS;AAAA,EAC7C;AACD;AAGO,MAAM,sBAAsB,aAAa;AAAA,EAC/C,YAAY,WAAoB;AAC/B,UAAM,kEAAkE,SAAS;AAAA,EAClF;AACD;AAGO,MAAM,+BAA+B,aAAa;AAAA,EACxD,YAAY,WAAoB;AAC/B,UAAM,2BAA2B,SAAS;AAAA,EAC3C;AACD;AAGO,MAAM,sBAAsB,aAAa;AAAA,EAC/C,YAAY,WAAoB;AAC/B,UAAM,8CAA8C,SAAS;AAAA,EAC9D;AACD;AAGO,MAAM,qBAAqB,aAAa;AAAC;AAGzC,MAAM,6CAA6C,UAAU;AAAC;AAC9D,MAAM,8BAA8B,UAAU;AAAC;AAC/C,MAAM,gCAAgC,UAAU;AAAC;AACjD,MAAM,gCAAgC,UAAU;AAAC;AACjD,MAAM,8BAA8B,UAAU;AAAC;AAC/C,MAAM,qCAAqC,UAAU;AAAC;AACtD,MAAM,+BAA+B,UAAU;AAAC;AAChD,MAAM,8BAA8B,UAAU;AAAC;AAC/C,MAAM,oCAAoC,UAAU;AAAC;AAErD,SAAS,gBAAgB,QAAwB;AACvD,MAAI,WAAW;AACf,MAAI,gBAAgB,OAAO,CAAC;AAC5B,QAAM,SAAS,oBAAI,IAAoB;AACvC,aAAW,SAAS,QAAQ;AAC3B,UAAM,YAAY,MAAM,YAAY;AACpC,UAAM,YAAY,OAAO,IAAI,SAAS,KAAK,KAAK;AAChD,WAAO,IAAI,WAAW,QAAQ;AAE9B,QAAI,WAAW,UAAU;AACxB,iBAAW;AACX,sBAAgB;AAAA,IACjB;AAAA,EACD;AAEA,SAAO;AACR;",
6
6
  "names": []
7
7
  }
package/dist/cjs/key-server.d.ts CHANGED
@@ -1,4 +1,5 @@
1
1
  import type { SealCompatibleClient } from './types.js';
2
+ import { Version } from './utils.js';
2
3
  export type KeyServer = {
3
4
  objectId: string;
4
5
  name: string;
@@ -9,6 +10,7 @@ export type KeyServer = {
9
10
  export declare enum KeyServerType {
10
11
  BonehFranklinBLS12381 = 0
11
12
  }
13
+ export declare const SERVER_VERSION_REQUIREMENT: Version;
12
14
  /**
13
15
  * Returns a static list of Seal key server object ids that the dapp can choose to use.
14
16
  * @param network - The network to use.
@@ -36,3 +38,9 @@ export declare function retrieveKeyServers({ objectIds, client, }: {
36
38
  * @returns - True if the key server is valid, false otherwise.
37
39
  */
38
40
  export declare function verifyKeyServer(server: KeyServer, timeout: number): Promise<boolean>;
41
+ /**
42
+ * Verify the key server version. Throws an `InvalidKeyServerError` if the version is not supported.
43
+ *
44
+ * @param response - The response from the key server.
45
+ */
46
+ export declare function verifyKeyServerVersion(response: Response): void;
package/dist/cjs/key-server.js CHANGED
@@ -19,9 +19,11 @@ var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: tru
19
19
  var key_server_exports = {};
20
20
  __export(key_server_exports, {
21
21
  KeyServerType: () => KeyServerType,
22
+ SERVER_VERSION_REQUIREMENT: () => SERVER_VERSION_REQUIREMENT,
22
23
  getAllowlistedKeyServers: () => getAllowlistedKeyServers,
23
24
  retrieveKeyServers: () => retrieveKeyServers,
24
- verifyKeyServer: () => verifyKeyServer
25
+ verifyKeyServer: () => verifyKeyServer,
26
+ verifyKeyServerVersion: () => verifyKeyServerVersion
25
27
  });
26
28
  module.exports = __toCommonJS(key_server_exports);
27
29
  var import_bcs = require("@mysten/bcs");
@@ -30,10 +32,12 @@ var import_bcs2 = require("./bcs.js");
30
32
  var import_error = require("./error.js");
31
33
  var import_ibe = require("./ibe.js");
32
34
  var import_version = require("./version.js");
35
+ var import_utils = require("./utils.js");
33
36
  var KeyServerType = /* @__PURE__ */ ((KeyServerType2) => {
34
37
  KeyServerType2[KeyServerType2["BonehFranklinBLS12381"] = 0] = "BonehFranklinBLS12381";
35
38
  return KeyServerType2;
36
39
  })(KeyServerType || {});
40
+ const SERVER_VERSION_REQUIREMENT = new import_utils.Version("0.2.0");
37
41
  function getAllowlistedKeyServers(network) {
38
42
  if (network === "testnet") {
39
43
  return [
@@ -85,6 +89,7 @@ async function verifyKeyServer(server, timeout) {
85
89
  signal: AbortSignal.timeout(timeout)
86
90
  });
87
91
  await import_error.SealAPIError.assertResponse(response, requestId);
92
+ verifyKeyServerVersion(response);
88
93
  const serviceResponse = await response.json();
89
94
  if (serviceResponse.service_id !== server.objectId) {
90
95
  return false;
@@ -92,4 +97,15 @@ async function verifyKeyServer(server, timeout) {
92
97
  const fullMsg = new Uint8Array([...import_ibe.DST_POP, ...server.pk, ...(0, import_bcs.fromHex)(server.objectId)]);
93
98
  return import_bls12_381.bls12_381.verifyShortSignature((0, import_bcs.fromBase64)(serviceResponse.pop), fullMsg, server.pk);
94
99
  }
100
+ function verifyKeyServerVersion(response) {
101
+ const keyServerVersion = response.headers.get("X-KeyServer-Version");
102
+ if (keyServerVersion == null) {
103
+ throw new import_error.InvalidKeyServerVersionError("Key server version not found");
104
+ }
105
+ if (new import_utils.Version(keyServerVersion).older_than(SERVER_VERSION_REQUIREMENT)) {
106
+ throw new import_error.InvalidKeyServerVersionError(
107
+ `Key server version ${keyServerVersion} is not supported`
108
+ );
109
+ }
110
+ }
95
111
  //# sourceMappingURL=key-server.js.map
package/dist/cjs/key-server.js.map CHANGED
@@ -1,7 +1,7 @@
1
1
  {
2
2
  "version": 3,
3
3
  "sources": ["../../src/key-server.ts"],
4
- "sourcesContent": ["// Copyright (c) Mysten Labs, Inc.\n// SPDX-License-Identifier: Apache-2.0\nimport { fromBase64, fromHex } from '@mysten/bcs';\nimport { bls12_381 } from '@noble/curves/bls12-381';\n\nimport { KeyServerMove } from './bcs.js';\nimport {\n\tInvalidGetObjectError,\n\tSealAPIError,\n\tUnsupportedFeatureError,\n\tUnsupportedNetworkError,\n} from './error.js';\nimport { DST_POP } from './ibe.js';\nimport { PACKAGE_VERSION } from './version.js';\nimport type { SealCompatibleClient } from './types.js';\n\nexport type KeyServer = {\n\tobjectId: string;\n\tname: string;\n\turl: string;\n\tkeyType: KeyServerType;\n\tpk: Uint8Array;\n};\n\nexport enum KeyServerType {\n\tBonehFranklinBLS12381 = 0,\n}\n\n/**\n * Returns a static list of Seal key server object ids that the dapp can choose to use.\n * @param network - The network to use.\n * @returns The object id's of the key servers.\n */\nexport function getAllowlistedKeyServers(network: 'testnet' | 'mainnet'): string[] {\n\tif (network === 'testnet') {\n\t\treturn [\n\t\t\t'0xb35a7228d8cf224ad1e828c0217c95a5153bafc2906d6f9c178197dce26fbcf8',\n\t\t\t'0x2d6cde8a9d9a65bde3b0a346566945a63b4bfb70e9a06c41bdb70807e2502b06',\n\t\t];\n\t} else {\n\t\tthrow new UnsupportedNetworkError(`Unsupported network ${network}`);\n\t}\n}\n\n/**\n * Given a list of key server object IDs, returns a list of SealKeyServer\n * from onchain state containing name, objectId, URL and pk.\n *\n * @param objectIds - The key server object IDs.\n * @param client - The SuiClient to use.\n * @returns - An array of SealKeyServer.\n */\nexport async function retrieveKeyServers({\n\tobjectIds,\n\tclient,\n}: {\n\tobjectIds: string[];\n\tclient: SealCompatibleClient;\n}): Promise<KeyServer[]> {\n\t// todo: do not fetch the same object ID if this is fetched before.\n\treturn await Promise.all(\n\t\tobjectIds.map(async (objectId) => {\n\t\t\tlet res;\n\t\t\ttry {\n\t\t\t\tres = await client.core.getObject({\n\t\t\t\t\tobjectId,\n\t\t\t\t});\n\t\t\t} catch (e) {\n\t\t\t\tthrow new InvalidGetObjectError(`KeyServer ${objectId} not found; ${(e as Error).message}`);\n\t\t\t}\n\n\t\t\tconst ks = KeyServerMove.parse(res.object.content);\n\t\t\tif (ks.keyType !== 0) {\n\t\t\t\tthrow new UnsupportedFeatureError(`Unsupported key type ${ks.keyType}`);\n\t\t\t}\n\n\t\t\treturn {\n\t\t\t\tobjectId,\n\t\t\t\tname: ks.name,\n\t\t\t\turl: ks.url,\n\t\t\t\tkeyType: KeyServerType.BonehFranklinBLS12381,\n\t\t\t\tpk: new Uint8Array(ks.pk),\n\t\t\t};\n\t\t}),\n\t);\n}\n\n/**\n * Given a KeyServer, fetch the proof of possession (PoP) from the URL and verify it\n * against the pubkey. This should be used only rarely when the dapp uses a dynamic\n * set of key servers.\n *\n * @param server - The KeyServer to verify.\n * @returns - True if the key server is valid, false otherwise.\n */\nexport async function verifyKeyServer(server: KeyServer, timeout: number): Promise<boolean> {\n\tconst requestId = crypto.randomUUID();\n\tconst response = await fetch(server.url! + '/v1/service', {\n\t\tmethod: 'GET',\n\t\theaders: {\n\t\t\t'Content-Type': 'application/json',\n\t\t\t'Request-Id': requestId,\n\t\t\t'Client-Sdk-Type': 'typescript',\n\t\t\t'Client-Sdk-Version': PACKAGE_VERSION,\n\t\t},\n\t\tsignal: AbortSignal.timeout(timeout),\n\t});\n\n\tawait SealAPIError.assertResponse(response, requestId);\n\tconst serviceResponse = await response.json();\n\n\tif (serviceResponse.service_id !== server.objectId) {\n\t\treturn false;\n\t}\n\tconst fullMsg = new Uint8Array([...DST_POP, ...server.pk, ...fromHex(server.objectId)]);\n\treturn bls12_381.verifyShortSignature(fromBase64(serviceResponse.pop), fullMsg, server.pk);\n}\n"],
5
- "mappings": ";;;;;;;;;;;;;;;;;;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAEA,iBAAoC;AACpC,uBAA0B;AAE1B,IAAAA,cAA8B;AAC9B,mBAKO;AACP,iBAAwB;AACxB,qBAAgC;AAWzB,IAAK,gBAAL,kBAAKC,mBAAL;AACN,EAAAA,8BAAA,2BAAwB,KAAxB;AADW,SAAAA;AAAA,GAAA;AASL,SAAS,yBAAyB,SAA0C;AAClF,MAAI,YAAY,WAAW;AAC1B,WAAO;AAAA,MACN;AAAA,MACA;AAAA,IACD;AAAA,EACD,OAAO;AACN,UAAM,IAAI,qCAAwB,uBAAuB,OAAO,EAAE;AAAA,EACnE;AACD;AAUA,eAAsB,mBAAmB;AAAA,EACxC;AAAA,EACA;AACD,GAGyB;AAExB,SAAO,MAAM,QAAQ;AAAA,IACpB,UAAU,IAAI,OAAO,aAAa;AACjC,UAAI;AACJ,UAAI;AACH,cAAM,MAAM,OAAO,KAAK,UAAU;AAAA,UACjC;AAAA,QACD,CAAC;AAAA,MACF,SAAS,GAAG;AACX,cAAM,IAAI,mCAAsB,aAAa,QAAQ,eAAgB,EAAY,OAAO,EAAE;AAAA,MAC3F;AAEA,YAAM,KAAK,0BAAc,MAAM,IAAI,OAAO,OAAO;AACjD,UAAI,GAAG,YAAY,GAAG;AACrB,cAAM,IAAI,qCAAwB,wBAAwB,GAAG,OAAO,EAAE;AAAA,MACvE;AAEA,aAAO;AAAA,QACN;AAAA,QACA,MAAM,GAAG;AAAA,QACT,KAAK,GAAG;AAAA,QACR,SAAS;AAAA,QACT,IAAI,IAAI,WAAW,GAAG,EAAE;AAAA,MACzB;AAAA,IACD,CAAC;AAAA,EACF;AACD;AAUA,eAAsB,gBAAgB,QAAmB,SAAmC;AAC3F,QAAM,YAAY,OAAO,WAAW;AACpC,QAAM,WAAW,MAAM,MAAM,OAAO,MAAO,eAAe;AAAA,IACzD,QAAQ;AAAA,IACR,SAAS;AAAA,MACR,gBAAgB;AAAA,MAChB,cAAc;AAAA,MACd,mBAAmB;AAAA,MACnB,sBAAsB;AAAA,IACvB;AAAA,IACA,QAAQ,YAAY,QAAQ,OAAO;AAAA,EACpC,CAAC;AAED,QAAM,0BAAa,eAAe,UAAU,SAAS;AACrD,QAAM,kBAAkB,MAAM,SAAS,KAAK;AAE5C,MAAI,gBAAgB,eAAe,OAAO,UAAU;AACnD,WAAO;AAAA,EACR;AACA,QAAM,UAAU,IAAI,WAAW,CAAC,GAAG,oBAAS,GAAG,OAAO,IAAI,OAAG,oBAAQ,OAAO,QAAQ,CAAC,CAAC;AACtF,SAAO,2BAAU,yBAAqB,uBAAW,gBAAgB,GAAG,GAAG,SAAS,OAAO,EAAE;AAC1F;",
4
+ "sourcesContent": ["// Copyright (c) Mysten Labs, Inc.\n// SPDX-License-Identifier: Apache-2.0\nimport { fromBase64, fromHex } from '@mysten/bcs';\nimport { bls12_381 } from '@noble/curves/bls12-381';\n\nimport { KeyServerMove } from './bcs.js';\nimport {\n\tInvalidGetObjectError,\n\tInvalidKeyServerVersionError,\n\tSealAPIError,\n\tUnsupportedFeatureError,\n\tUnsupportedNetworkError,\n} from './error.js';\nimport { DST_POP } from './ibe.js';\nimport { PACKAGE_VERSION } from './version.js';\nimport type { SealCompatibleClient } from './types.js';\nimport { Version } from './utils.js';\n\nexport type KeyServer = {\n\tobjectId: string;\n\tname: string;\n\turl: string;\n\tkeyType: KeyServerType;\n\tpk: Uint8Array;\n};\n\nexport enum KeyServerType {\n\tBonehFranklinBLS12381 = 0,\n}\n\nexport const SERVER_VERSION_REQUIREMENT = new Version('0.2.0');\n\n/**\n * Returns a static list of Seal key server object ids that the dapp can choose to use.\n * @param network - The network to use.\n * @returns The object id's of the key servers.\n */\nexport function getAllowlistedKeyServers(network: 'testnet' | 'mainnet'): string[] {\n\tif (network === 'testnet') {\n\t\treturn [\n\t\t\t'0xb35a7228d8cf224ad1e828c0217c95a5153bafc2906d6f9c178197dce26fbcf8',\n\t\t\t'0x2d6cde8a9d9a65bde3b0a346566945a63b4bfb70e9a06c41bdb70807e2502b06',\n\t\t];\n\t} else {\n\t\tthrow new UnsupportedNetworkError(`Unsupported network ${network}`);\n\t}\n}\n\n/**\n * Given a list of key server object IDs, returns a list of SealKeyServer\n * from onchain state containing name, objectId, URL and pk.\n *\n * @param objectIds - The key server object IDs.\n * @param client - The SuiClient to use.\n * @returns - An array of SealKeyServer.\n */\nexport async function retrieveKeyServers({\n\tobjectIds,\n\tclient,\n}: {\n\tobjectIds: string[];\n\tclient: SealCompatibleClient;\n}): Promise<KeyServer[]> {\n\t// todo: do not fetch the same object ID if this is fetched before.\n\treturn await Promise.all(\n\t\tobjectIds.map(async (objectId) => {\n\t\t\tlet res;\n\t\t\ttry {\n\t\t\t\tres = await client.core.getObject({\n\t\t\t\t\tobjectId,\n\t\t\t\t});\n\t\t\t} catch (e) {\n\t\t\t\tthrow new InvalidGetObjectError(`KeyServer ${objectId} not found; ${(e as Error).message}`);\n\t\t\t}\n\n\t\t\tconst ks = KeyServerMove.parse(res.object.content);\n\t\t\tif (ks.keyType !== 0) {\n\t\t\t\tthrow new UnsupportedFeatureError(`Unsupported key type ${ks.keyType}`);\n\t\t\t}\n\n\t\t\treturn {\n\t\t\t\tobjectId,\n\t\t\t\tname: ks.name,\n\t\t\t\turl: ks.url,\n\t\t\t\tkeyType: KeyServerType.BonehFranklinBLS12381,\n\t\t\t\tpk: new Uint8Array(ks.pk),\n\t\t\t};\n\t\t}),\n\t);\n}\n\n/**\n * Given a KeyServer, fetch the proof of possession (PoP) from the URL and verify it\n * against the pubkey. This should be used only rarely when the dapp uses a dynamic\n * set of key servers.\n *\n * @param server - The KeyServer to verify.\n * @returns - True if the key server is valid, false otherwise.\n */\nexport async function verifyKeyServer(server: KeyServer, timeout: number): Promise<boolean> {\n\tconst requestId = crypto.randomUUID();\n\tconst response = await fetch(server.url! + '/v1/service', {\n\t\tmethod: 'GET',\n\t\theaders: {\n\t\t\t'Content-Type': 'application/json',\n\t\t\t'Request-Id': requestId,\n\t\t\t'Client-Sdk-Type': 'typescript',\n\t\t\t'Client-Sdk-Version': PACKAGE_VERSION,\n\t\t},\n\t\tsignal: AbortSignal.timeout(timeout),\n\t});\n\n\tawait SealAPIError.assertResponse(response, requestId);\n\tverifyKeyServerVersion(response);\n\tconst serviceResponse = await response.json();\n\n\tif (serviceResponse.service_id !== server.objectId) {\n\t\treturn false;\n\t}\n\tconst fullMsg = new Uint8Array([...DST_POP, ...server.pk, ...fromHex(server.objectId)]);\n\treturn bls12_381.verifyShortSignature(fromBase64(serviceResponse.pop), fullMsg, server.pk);\n}\n\n/**\n * Verify the key server version. Throws an `InvalidKeyServerError` if the version is not supported.\n *\n * @param response - The response from the key server.\n */\nexport function verifyKeyServerVersion(response: Response) {\n\tconst keyServerVersion = response.headers.get('X-KeyServer-Version');\n\tif (keyServerVersion == null) {\n\t\tthrow new InvalidKeyServerVersionError('Key server version not found');\n\t}\n\tif (new Version(keyServerVersion).older_than(SERVER_VERSION_REQUIREMENT)) {\n\t\tthrow new InvalidKeyServerVersionError(\n\t\t\t`Key server version ${keyServerVersion} is not supported`,\n\t\t);\n\t}\n}\n"],
5
+ "mappings": ";;;;;;;;;;;;;;;;;;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAEA,iBAAoC;AACpC,uBAA0B;AAE1B,IAAAA,cAA8B;AAC9B,mBAMO;AACP,iBAAwB;AACxB,qBAAgC;AAEhC,mBAAwB;AAUjB,IAAK,gBAAL,kBAAKC,mBAAL;AACN,EAAAA,8BAAA,2BAAwB,KAAxB;AADW,SAAAA;AAAA,GAAA;AAIL,MAAM,6BAA6B,IAAI,qBAAQ,OAAO;AAOtD,SAAS,yBAAyB,SAA0C;AAClF,MAAI,YAAY,WAAW;AAC1B,WAAO;AAAA,MACN;AAAA,MACA;AAAA,IACD;AAAA,EACD,OAAO;AACN,UAAM,IAAI,qCAAwB,uBAAuB,OAAO,EAAE;AAAA,EACnE;AACD;AAUA,eAAsB,mBAAmB;AAAA,EACxC;AAAA,EACA;AACD,GAGyB;AAExB,SAAO,MAAM,QAAQ;AAAA,IACpB,UAAU,IAAI,OAAO,aAAa;AACjC,UAAI;AACJ,UAAI;AACH,cAAM,MAAM,OAAO,KAAK,UAAU;AAAA,UACjC;AAAA,QACD,CAAC;AAAA,MACF,SAAS,GAAG;AACX,cAAM,IAAI,mCAAsB,aAAa,QAAQ,eAAgB,EAAY,OAAO,EAAE;AAAA,MAC3F;AAEA,YAAM,KAAK,0BAAc,MAAM,IAAI,OAAO,OAAO;AACjD,UAAI,GAAG,YAAY,GAAG;AACrB,cAAM,IAAI,qCAAwB,wBAAwB,GAAG,OAAO,EAAE;AAAA,MACvE;AAEA,aAAO;AAAA,QACN;AAAA,QACA,MAAM,GAAG;AAAA,QACT,KAAK,GAAG;AAAA,QACR,SAAS;AAAA,QACT,IAAI,IAAI,WAAW,GAAG,EAAE;AAAA,MACzB;AAAA,IACD,CAAC;AAAA,EACF;AACD;AAUA,eAAsB,gBAAgB,QAAmB,SAAmC;AAC3F,QAAM,YAAY,OAAO,WAAW;AACpC,QAAM,WAAW,MAAM,MAAM,OAAO,MAAO,eAAe;AAAA,IACzD,QAAQ;AAAA,IACR,SAAS;AAAA,MACR,gBAAgB;AAAA,MAChB,cAAc;AAAA,MACd,mBAAmB;AAAA,MACnB,sBAAsB;AAAA,IACvB;AAAA,IACA,QAAQ,YAAY,QAAQ,OAAO;AAAA,EACpC,CAAC;AAED,QAAM,0BAAa,eAAe,UAAU,SAAS;AACrD,yBAAuB,QAAQ;AAC/B,QAAM,kBAAkB,MAAM,SAAS,KAAK;AAE5C,MAAI,gBAAgB,eAAe,OAAO,UAAU;AACnD,WAAO;AAAA,EACR;AACA,QAAM,UAAU,IAAI,WAAW,CAAC,GAAG,oBAAS,GAAG,OAAO,IAAI,OAAG,oBAAQ,OAAO,QAAQ,CAAC,CAAC;AACtF,SAAO,2BAAU,yBAAqB,uBAAW,gBAAgB,GAAG,GAAG,SAAS,OAAO,EAAE;AAC1F;AAOO,SAAS,uBAAuB,UAAoB;AAC1D,QAAM,mBAAmB,SAAS,QAAQ,IAAI,qBAAqB;AACnE,MAAI,oBAAoB,MAAM;AAC7B,UAAM,IAAI,0CAA6B,8BAA8B;AAAA,EACtE;AACA,MAAI,IAAI,qBAAQ,gBAAgB,EAAE,WAAW,0BAA0B,GAAG;AACzE,UAAM,IAAI;AAAA,MACT,sBAAsB,gBAAgB;AAAA,IACvC;AAAA,EACD;AACD;",
6
6
  "names": ["import_bcs", "KeyServerType"]
7
7
  }
package/dist/cjs/keys.js CHANGED
@@ -25,6 +25,7 @@ var import_bcs = require("@mysten/bcs");
25
25
  var import_elgamal = require("./elgamal.js");
26
26
  var import_error = require("./error.js");
27
27
  var import_version = require("./version.js");
28
+ var import_key_server = require("./key-server.js");
28
29
  async function fetchKeysForAllIds(url, requestSig, txBytes, encKey, certificate, timeout, signal) {
29
30
  const encKeyPk = (0, import_elgamal.toPublicKey)(encKey);
30
31
  const encVerificationKey = (0, import_elgamal.toVerificationKey)(encKey);
@@ -53,6 +54,7 @@ async function fetchKeysForAllIds(url, requestSig, txBytes, encKey, certificate,
53
54
  });
54
55
  await import_error.SealAPIError.assertResponse(response, requestId);
55
56
  const resp = await response.json();
57
+ (0, import_key_server.verifyKeyServerVersion)(response);
56
58
  return resp.decryption_keys.map((dk) => ({
57
59
  fullId: (0, import_bcs.toHex)(new Uint8Array(dk.id)),
58
60
  key: (0, import_elgamal.elgamalDecrypt)(encKey, dk.encrypted_key.map(import_bcs.fromBase64))
package/dist/cjs/keys.js.map CHANGED
@@ -1,7 +1,7 @@
1
1
  {
2
2
  "version": 3,
3
3
  "sources": ["../../src/keys.ts"],
4
- "sourcesContent": ["// Copyright (c) Mysten Labs, Inc.\n// SPDX-License-Identifier: Apache-2.0\n\nimport { fromBase64, toBase64, toHex } from '@mysten/bcs';\n\nimport { elgamalDecrypt, toPublicKey, toVerificationKey } from './elgamal.js';\nimport { SealAPIError } from './error.js';\nimport type { Certificate } from './session-key.js';\nimport { PACKAGE_VERSION } from './version.js';\n\n/**\n * Helper function to request all keys from URL with requestSig, txBytes, ephemeral pubkey.\n * Then decrypt the Seal key with ephemeral secret key. Returns a list decryption keys with\n * their full IDs.\n *\n * @param url - The URL of the key server.\n * @param requestSig - The Base64 string of request signature.\n * @param txBytes - The transaction bytes.\n * @param encKey - The ephemeral secret key.\n * @param certificate - The certificate.\n * @returns - A list of full ID and the decrypted key.\n */\nexport async function fetchKeysForAllIds(\n\turl: string,\n\trequestSig: string,\n\ttxBytes: Uint8Array,\n\tencKey: Uint8Array,\n\tcertificate: Certificate,\n\ttimeout: number,\n\tsignal?: AbortSignal,\n): Promise<{ fullId: string; key: Uint8Array }[]> {\n\tconst encKeyPk = toPublicKey(encKey);\n\tconst encVerificationKey = toVerificationKey(encKey);\n\tconst body = {\n\t\tptb: toBase64(txBytes.slice(1)), // removes the byte of the transaction type version\n\t\tenc_key: toBase64(encKeyPk),\n\t\tenc_verification_key: toBase64(encVerificationKey),\n\t\trequest_signature: requestSig, // already b64\n\t\tcertificate,\n\t};\n\n\tconst timeoutSignal = AbortSignal.timeout(timeout);\n\tconst combinedSignal = signal ? AbortSignal.any([signal, timeoutSignal]) : timeoutSignal;\n\n\tconst requestId = crypto.randomUUID();\n\tconst response = await fetch(url + '/v1/fetch_key', {\n\t\tmethod: 'POST',\n\t\theaders: {\n\t\t\t'Content-Type': 'application/json',\n\t\t\t'Request-Id': requestId,\n\t\t\t'Client-Sdk-Type': 'typescript',\n\t\t\t'Client-Sdk-Version': PACKAGE_VERSION,\n\t\t},\n\t\tbody: JSON.stringify(body),\n\t\tsignal: combinedSignal,\n\t});\n\tawait SealAPIError.assertResponse(response, requestId);\n\n\tconst resp = await response.json();\n\treturn resp.decryption_keys.map((dk: { id: Uint8Array; encrypted_key: [string, string] }) => ({\n\t\tfullId: toHex(new Uint8Array(dk.id)),\n\t\tkey: elgamalDecrypt(encKey, dk.encrypted_key.map(fromBase64) as [Uint8Array, Uint8Array]),\n\t}));\n}\n"],
5
- "mappings": ";;;;;;;;;;;;;;;;;;AAAA;AAAA;AAAA;AAAA;AAAA;AAGA,iBAA4C;AAE5C,qBAA+D;AAC/D,mBAA6B;AAE7B,qBAAgC;AAchC,eAAsB,mBACrB,KACA,YACA,SACA,QACA,aACA,SACA,QACiD;AACjD,QAAM,eAAW,4BAAY,MAAM;AACnC,QAAM,yBAAqB,kCAAkB,MAAM;AACnD,QAAM,OAAO;AAAA,IACZ,SAAK,qBAAS,QAAQ,MAAM,CAAC,CAAC;AAAA;AAAA,IAC9B,aAAS,qBAAS,QAAQ;AAAA,IAC1B,0BAAsB,qBAAS,kBAAkB;AAAA,IACjD,mBAAmB;AAAA;AAAA,IACnB;AAAA,EACD;AAEA,QAAM,gBAAgB,YAAY,QAAQ,OAAO;AACjD,QAAM,iBAAiB,SAAS,YAAY,IAAI,CAAC,QAAQ,aAAa,CAAC,IAAI;AAE3E,QAAM,YAAY,OAAO,WAAW;AACpC,QAAM,WAAW,MAAM,MAAM,MAAM,iBAAiB;AAAA,IACnD,QAAQ;AAAA,IACR,SAAS;AAAA,MACR,gBAAgB;AAAA,MAChB,cAAc;AAAA,MACd,mBAAmB;AAAA,MACnB,sBAAsB;AAAA,IACvB;AAAA,IACA,MAAM,KAAK,UAAU,IAAI;AAAA,IACzB,QAAQ;AAAA,EACT,CAAC;AACD,QAAM,0BAAa,eAAe,UAAU,SAAS;AAErD,QAAM,OAAO,MAAM,SAAS,KAAK;AACjC,SAAO,KAAK,gBAAgB,IAAI,CAAC,QAA6D;AAAA,IAC7F,YAAQ,kBAAM,IAAI,WAAW,GAAG,EAAE,CAAC;AAAA,IACnC,SAAK,+BAAe,QAAQ,GAAG,cAAc,IAAI,qBAAU,CAA6B;AAAA,EACzF,EAAE;AACH;",
4
+ "sourcesContent": ["// Copyright (c) Mysten Labs, Inc.\n// SPDX-License-Identifier: Apache-2.0\n\nimport { fromBase64, toBase64, toHex } from '@mysten/bcs';\n\nimport { elgamalDecrypt, toPublicKey, toVerificationKey } from './elgamal.js';\nimport { SealAPIError } from './error.js';\nimport type { Certificate } from './session-key.js';\nimport { PACKAGE_VERSION } from './version.js';\nimport { verifyKeyServerVersion } from './key-server.js';\n\n/**\n * Helper function to request all keys from URL with requestSig, txBytes, ephemeral pubkey.\n * Then decrypt the Seal key with ephemeral secret key. Returns a list decryption keys with\n * their full IDs.\n *\n * @param url - The URL of the key server.\n * @param requestSig - The Base64 string of request signature.\n * @param txBytes - The transaction bytes.\n * @param encKey - The ephemeral secret key.\n * @param certificate - The certificate.\n * @returns - A list of full ID and the decrypted key.\n */\nexport async function fetchKeysForAllIds(\n\turl: string,\n\trequestSig: string,\n\ttxBytes: Uint8Array,\n\tencKey: Uint8Array,\n\tcertificate: Certificate,\n\ttimeout: number,\n\tsignal?: AbortSignal,\n): Promise<{ fullId: string; key: Uint8Array }[]> {\n\tconst encKeyPk = toPublicKey(encKey);\n\tconst encVerificationKey = toVerificationKey(encKey);\n\tconst body = {\n\t\tptb: toBase64(txBytes.slice(1)), // removes the byte of the transaction type version\n\t\tenc_key: toBase64(encKeyPk),\n\t\tenc_verification_key: toBase64(encVerificationKey),\n\t\trequest_signature: requestSig, // already b64\n\t\tcertificate,\n\t};\n\n\tconst timeoutSignal = AbortSignal.timeout(timeout);\n\tconst combinedSignal = signal ? AbortSignal.any([signal, timeoutSignal]) : timeoutSignal;\n\n\tconst requestId = crypto.randomUUID();\n\tconst response = await fetch(url + '/v1/fetch_key', {\n\t\tmethod: 'POST',\n\t\theaders: {\n\t\t\t'Content-Type': 'application/json',\n\t\t\t'Request-Id': requestId,\n\t\t\t'Client-Sdk-Type': 'typescript',\n\t\t\t'Client-Sdk-Version': PACKAGE_VERSION,\n\t\t},\n\t\tbody: JSON.stringify(body),\n\t\tsignal: combinedSignal,\n\t});\n\tawait SealAPIError.assertResponse(response, requestId);\n\tconst resp = await response.json();\n\tverifyKeyServerVersion(response);\n\n\treturn resp.decryption_keys.map((dk: { id: Uint8Array; encrypted_key: [string, string] }) => ({\n\t\tfullId: toHex(new Uint8Array(dk.id)),\n\t\tkey: elgamalDecrypt(encKey, dk.encrypted_key.map(fromBase64) as [Uint8Array, Uint8Array]),\n\t}));\n}\n"],
5
+ "mappings": ";;;;;;;;;;;;;;;;;;AAAA;AAAA;AAAA;AAAA;AAAA;AAGA,iBAA4C;AAE5C,qBAA+D;AAC/D,mBAA6B;AAE7B,qBAAgC;AAChC,wBAAuC;AAcvC,eAAsB,mBACrB,KACA,YACA,SACA,QACA,aACA,SACA,QACiD;AACjD,QAAM,eAAW,4BAAY,MAAM;AACnC,QAAM,yBAAqB,kCAAkB,MAAM;AACnD,QAAM,OAAO;AAAA,IACZ,SAAK,qBAAS,QAAQ,MAAM,CAAC,CAAC;AAAA;AAAA,IAC9B,aAAS,qBAAS,QAAQ;AAAA,IAC1B,0BAAsB,qBAAS,kBAAkB;AAAA,IACjD,mBAAmB;AAAA;AAAA,IACnB;AAAA,EACD;AAEA,QAAM,gBAAgB,YAAY,QAAQ,OAAO;AACjD,QAAM,iBAAiB,SAAS,YAAY,IAAI,CAAC,QAAQ,aAAa,CAAC,IAAI;AAE3E,QAAM,YAAY,OAAO,WAAW;AACpC,QAAM,WAAW,MAAM,MAAM,MAAM,iBAAiB;AAAA,IACnD,QAAQ;AAAA,IACR,SAAS;AAAA,MACR,gBAAgB;AAAA,MAChB,cAAc;AAAA,MACd,mBAAmB;AAAA,MACnB,sBAAsB;AAAA,IACvB;AAAA,IACA,MAAM,KAAK,UAAU,IAAI;AAAA,IACzB,QAAQ;AAAA,EACT,CAAC;AACD,QAAM,0BAAa,eAAe,UAAU,SAAS;AACrD,QAAM,OAAO,MAAM,SAAS,KAAK;AACjC,gDAAuB,QAAQ;AAE/B,SAAO,KAAK,gBAAgB,IAAI,CAAC,QAA6D;AAAA,IAC7F,YAAQ,kBAAM,IAAI,WAAW,GAAG,EAAE,CAAC;AAAA,IACnC,SAAK,+BAAe,QAAQ,GAAG,cAAc,IAAI,qBAAU,CAA6B;AAAA,EACzF,EAAE;AACH;",
6
6
  "names": []
7
7
  }
package/dist/cjs/utils.d.ts CHANGED
@@ -8,3 +8,13 @@ export declare function xorUnchecked(a: Uint8Array, b: Uint8Array): Uint8Array;
8
8
  * @returns The full ID.
9
9
  */
10
10
  export declare function createFullId(dst: Uint8Array, packageId: string, innerId: string): string;
11
+ /**
12
+ * A simple class to represent a version number of the form x.y.z.
13
+ */
14
+ export declare class Version {
15
+ major: number;
16
+ minor: number;
17
+ patch: number;
18
+ constructor(version: string);
19
+ older_than(other: Version): boolean;
20
+ }
package/dist/cjs/utils.js CHANGED
@@ -18,6 +18,7 @@ var __copyProps = (to, from, except, desc) => {
18
18
  var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
19
19
  var utils_exports = {};
20
20
  __export(utils_exports, {
21
+ Version: () => Version,
21
22
  createFullId: () => createFullId,
22
23
  xor: () => xor,
23
24
  xorUnchecked: () => xorUnchecked
@@ -48,4 +49,24 @@ function createFullId(dst, packageId, innerId) {
48
49
  fullId.set(innerIdBytes, 1 + dst.length + packageIdBytes.length);
49
50
  return (0, import_bcs.toHex)(fullId);
50
51
  }
52
+ class Version {
53
+ constructor(version) {
54
+ const parts = version.split(".").map(Number);
55
+ if (parts.length !== 3 || parts.some((part) => isNaN(part) || part < 0)) {
56
+ throw new import_error.UserError(`Invalid version format: ${version}`);
57
+ }
58
+ this.major = parts[0];
59
+ this.minor = parts[1];
60
+ this.patch = parts[2];
61
+ }
62
+ // Compare this version with another version. True if this version is older than the other version.
63
+ older_than(other) {
64
+ if (this.major !== other.major) {
65
+ return this.major < other.major;
66
+ } else if (this.minor !== other.minor) {
67
+ return this.minor < other.minor;
68
+ }
69
+ return this.patch < other.patch;
70
+ }
71
+ }
51
72
  //# sourceMappingURL=utils.js.map
package/dist/cjs/utils.js.map CHANGED
@@ -1,7 +1,7 @@
1
1
  {
2
2
  "version": 3,
3
3
  "sources": ["../../src/utils.ts"],
4
- "sourcesContent": ["// Copyright (c) Mysten Labs, Inc.\n// SPDX-License-Identifier: Apache-2.0\n\nimport { fromHex, toHex } from '@mysten/bcs';\nimport { isValidSuiObjectId } from '@mysten/sui/utils';\n\nimport { UserError } from './error.js';\n\nexport function xor(a: Uint8Array, b: Uint8Array): Uint8Array {\n\tif (a.length !== b.length) {\n\t\tthrow new Error('Invalid input');\n\t}\n\treturn xorUnchecked(a, b);\n}\n\nexport function xorUnchecked(a: Uint8Array, b: Uint8Array): Uint8Array {\n\treturn a.map((ai, i) => ai ^ b[i]);\n}\n\n/**\n * Create a full ID concatenating DST || package ID || inner ID.\n * @param dst - The domain separation tag.\n * @param packageId - The package ID.\n * @param innerId - The inner ID.\n * @returns The full ID.\n */\nexport function createFullId(dst: Uint8Array, packageId: string, innerId: string): string {\n\tif (!isValidSuiObjectId(packageId)) {\n\t\tthrow new UserError(`Invalid package ID ${packageId}`);\n\t}\n\tconst packageIdBytes = fromHex(packageId);\n\tconst innerIdBytes = fromHex(innerId);\n\tconst fullId = new Uint8Array(1 + dst.length + packageIdBytes.length + innerIdBytes.length);\n\tfullId.set([dst.length], 0);\n\tfullId.set(dst, 1);\n\tfullId.set(packageIdBytes, 1 + dst.length);\n\tfullId.set(innerIdBytes, 1 + dst.length + packageIdBytes.length);\n\treturn toHex(fullId);\n}\n"],
5
- "mappings": ";;;;;;;;;;;;;;;;;;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAGA,iBAA+B;AAC/B,mBAAmC;AAEnC,mBAA0B;AAEnB,SAAS,IAAI,GAAe,GAA2B;AAC7D,MAAI,EAAE,WAAW,EAAE,QAAQ;AAC1B,UAAM,IAAI,MAAM,eAAe;AAAA,EAChC;AACA,SAAO,aAAa,GAAG,CAAC;AACzB;AAEO,SAAS,aAAa,GAAe,GAA2B;AACtE,SAAO,EAAE,IAAI,CAAC,IAAI,MAAM,KAAK,EAAE,CAAC,CAAC;AAClC;AASO,SAAS,aAAa,KAAiB,WAAmB,SAAyB;AACzF,MAAI,KAAC,iCAAmB,SAAS,GAAG;AACnC,UAAM,IAAI,uBAAU,sBAAsB,SAAS,EAAE;AAAA,EACtD;AACA,QAAM,qBAAiB,oBAAQ,SAAS;AACxC,QAAM,mBAAe,oBAAQ,OAAO;AACpC,QAAM,SAAS,IAAI,WAAW,IAAI,IAAI,SAAS,eAAe,SAAS,aAAa,MAAM;AAC1F,SAAO,IAAI,CAAC,IAAI,MAAM,GAAG,CAAC;AAC1B,SAAO,IAAI,KAAK,CAAC;AACjB,SAAO,IAAI,gBAAgB,IAAI,IAAI,MAAM;AACzC,SAAO,IAAI,cAAc,IAAI,IAAI,SAAS,eAAe,MAAM;AAC/D,aAAO,kBAAM,MAAM;AACpB;",
4
+ "sourcesContent": ["// Copyright (c) Mysten Labs, Inc.\n// SPDX-License-Identifier: Apache-2.0\n\nimport { fromHex, toHex } from '@mysten/bcs';\nimport { isValidSuiObjectId } from '@mysten/sui/utils';\n\nimport { UserError } from './error.js';\n\nexport function xor(a: Uint8Array, b: Uint8Array): Uint8Array {\n\tif (a.length !== b.length) {\n\t\tthrow new Error('Invalid input');\n\t}\n\treturn xorUnchecked(a, b);\n}\n\nexport function xorUnchecked(a: Uint8Array, b: Uint8Array): Uint8Array {\n\treturn a.map((ai, i) => ai ^ b[i]);\n}\n\n/**\n * Create a full ID concatenating DST || package ID || inner ID.\n * @param dst - The domain separation tag.\n * @param packageId - The package ID.\n * @param innerId - The inner ID.\n * @returns The full ID.\n */\nexport function createFullId(dst: Uint8Array, packageId: string, innerId: string): string {\n\tif (!isValidSuiObjectId(packageId)) {\n\t\tthrow new UserError(`Invalid package ID ${packageId}`);\n\t}\n\tconst packageIdBytes = fromHex(packageId);\n\tconst innerIdBytes = fromHex(innerId);\n\tconst fullId = new Uint8Array(1 + dst.length + packageIdBytes.length + innerIdBytes.length);\n\tfullId.set([dst.length], 0);\n\tfullId.set(dst, 1);\n\tfullId.set(packageIdBytes, 1 + dst.length);\n\tfullId.set(innerIdBytes, 1 + dst.length + packageIdBytes.length);\n\treturn toHex(fullId);\n}\n\n/**\n * A simple class to represent a version number of the form x.y.z.\n */\nexport class Version {\n\tmajor: number;\n\tminor: number;\n\tpatch: number;\n\n\tconstructor(version: string) {\n\t\t// Very basic version parsing. Assumes version is in the format x.y.z where x, y, and z are non-negative integers.\n\t\tconst parts = version.split('.').map(Number);\n\t\tif (parts.length !== 3 || parts.some((part) => isNaN(part) || part < 0)) {\n\t\t\tthrow new UserError(`Invalid version format: ${version}`);\n\t\t}\n\t\tthis.major = parts[0];\n\t\tthis.minor = parts[1];\n\t\tthis.patch = parts[2];\n\t}\n\n\t// Compare this version with another version. True if this version is older than the other version.\n\tolder_than(other: Version): boolean {\n\t\tif (this.major !== other.major) {\n\t\t\treturn this.major < other.major;\n\t\t} else if (this.minor !== other.minor) {\n\t\t\treturn this.minor < other.minor;\n\t\t}\n\t\treturn this.patch < other.patch;\n\t}\n}\n"],
5
+ "mappings": ";;;;;;;;;;;;;;;;;;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAGA,iBAA+B;AAC/B,mBAAmC;AAEnC,mBAA0B;AAEnB,SAAS,IAAI,GAAe,GAA2B;AAC7D,MAAI,EAAE,WAAW,EAAE,QAAQ;AAC1B,UAAM,IAAI,MAAM,eAAe;AAAA,EAChC;AACA,SAAO,aAAa,GAAG,CAAC;AACzB;AAEO,SAAS,aAAa,GAAe,GAA2B;AACtE,SAAO,EAAE,IAAI,CAAC,IAAI,MAAM,KAAK,EAAE,CAAC,CAAC;AAClC;AASO,SAAS,aAAa,KAAiB,WAAmB,SAAyB;AACzF,MAAI,KAAC,iCAAmB,SAAS,GAAG;AACnC,UAAM,IAAI,uBAAU,sBAAsB,SAAS,EAAE;AAAA,EACtD;AACA,QAAM,qBAAiB,oBAAQ,SAAS;AACxC,QAAM,mBAAe,oBAAQ,OAAO;AACpC,QAAM,SAAS,IAAI,WAAW,IAAI,IAAI,SAAS,eAAe,SAAS,aAAa,MAAM;AAC1F,SAAO,IAAI,CAAC,IAAI,MAAM,GAAG,CAAC;AAC1B,SAAO,IAAI,KAAK,CAAC;AACjB,SAAO,IAAI,gBAAgB,IAAI,IAAI,MAAM;AACzC,SAAO,IAAI,cAAc,IAAI,IAAI,SAAS,eAAe,MAAM;AAC/D,aAAO,kBAAM,MAAM;AACpB;AAKO,MAAM,QAAQ;AAAA,EAKpB,YAAY,SAAiB;AAE5B,UAAM,QAAQ,QAAQ,MAAM,GAAG,EAAE,IAAI,MAAM;AAC3C,QAAI,MAAM,WAAW,KAAK,MAAM,KAAK,CAAC,SAAS,MAAM,IAAI,KAAK,OAAO,CAAC,GAAG;AACxE,YAAM,IAAI,uBAAU,2BAA2B,OAAO,EAAE;AAAA,IACzD;AACA,SAAK,QAAQ,MAAM,CAAC;AACpB,SAAK,QAAQ,MAAM,CAAC;AACpB,SAAK,QAAQ,MAAM,CAAC;AAAA,EACrB;AAAA;AAAA,EAGA,WAAW,OAAyB;AACnC,QAAI,KAAK,UAAU,MAAM,OAAO;AAC/B,aAAO,KAAK,QAAQ,MAAM;AAAA,IAC3B,WAAW,KAAK,UAAU,MAAM,OAAO;AACtC,aAAO,KAAK,QAAQ,MAAM;AAAA,IAC3B;AACA,WAAO,KAAK,QAAQ,MAAM;AAAA,EAC3B;AACD;",
6
6
  "names": []
7
7
  }
package/dist/cjs/version.d.ts CHANGED
@@ -1 +1 @@
1
- export declare const PACKAGE_VERSION = "0.0.0-experimental-20250425213912";
1
+ export declare const PACKAGE_VERSION = "0.0.0-experimental-20250428114433";
package/dist/cjs/version.js CHANGED
@@ -21,5 +21,5 @@ __export(version_exports, {
21
21
  PACKAGE_VERSION: () => PACKAGE_VERSION
22
22
  });
23
23
  module.exports = __toCommonJS(version_exports);
24
- const PACKAGE_VERSION = "0.0.0-experimental-20250425213912";
24
+ const PACKAGE_VERSION = "0.0.0-experimental-20250428114433";
25
25
  //# sourceMappingURL=version.js.map
package/dist/cjs/version.js.map CHANGED
@@ -1,7 +1,7 @@
1
1
  {
2
2
  "version": 3,
3
3
  "sources": ["../../src/version.ts"],
4
- "sourcesContent": ["// Copyright (c) Mysten Labs, Inc.\n// SPDX-License-Identifier: Apache-2.0\n\n// This file is generated by genversion.mjs. Do not edit it directly.\n\nexport const PACKAGE_VERSION = '0.0.0-experimental-20250425213912';\n"],
4
+ "sourcesContent": ["// Copyright (c) Mysten Labs, Inc.\n// SPDX-License-Identifier: Apache-2.0\n\n// This file is generated by genversion.mjs. Do not edit it directly.\n\nexport const PACKAGE_VERSION = '0.0.0-experimental-20250428114433';\n"],
5
5
  "mappings": ";;;;;;;;;;;;;;;;;;AAAA;AAAA;AAAA;AAAA;AAAA;AAKO,MAAM,kBAAkB;",
6
6
  "names": []
7
7
  }
package/dist/esm/error.d.ts CHANGED
@@ -24,6 +24,12 @@ export declare class InvalidUserSignatureError extends SealAPIError {
24
24
  export declare class InvalidSessionKeySignatureError extends SealAPIError {
25
25
  constructor(requestId?: string);
26
26
  }
27
+ export declare class InvalidSDKVersionError extends SealAPIError {
28
+ constructor(requestId?: string);
29
+ }
30
+ export declare class DeprecatedSDKVersionError extends SealAPIError {
31
+ constructor(requestId?: string);
32
+ }
27
33
  /** Server error indicating that the user does not have access to one or more of the requested keys */
28
34
  export declare class NoAccessError extends SealAPIError {
29
35
  constructor(requestId?: string);
@@ -49,6 +55,8 @@ export declare class UnsupportedNetworkError extends UserError {
49
55
  }
50
56
  export declare class InvalidKeyServerError extends UserError {
51
57
  }
58
+ export declare class InvalidKeyServerVersionError extends UserError {
59
+ }
52
60
  export declare class InvalidCiphertextError extends UserError {
53
61
  }
54
62
  export declare class InvalidThresholdError extends UserError {
package/dist/esm/error.js CHANGED
@@ -49,6 +49,10 @@ generate_fn = function(error, message, requestId, status) {
49
49
  return new InvalidUserSignatureError(requestId);
50
50
  case "InvalidSessionSignature":
51
51
  return new InvalidSessionKeySignatureError(requestId);
52
+ case "InvalidSDKVersion":
53
+ return new InvalidSDKVersionError(requestId);
54
+ case "DeprecatedSDKVersion":
55
+ return new DeprecatedSDKVersionError(requestId);
52
56
  case "Failure":
53
57
  return new InternalError(requestId);
54
58
  default:
@@ -82,6 +86,16 @@ class InvalidSessionKeySignatureError extends SealAPIError {
82
86
  super("Session key signature is invalid", requestId);
83
87
  }
84
88
  }
89
+ class InvalidSDKVersionError extends SealAPIError {
90
+ constructor(requestId) {
91
+ super("SDK version is invalid", requestId);
92
+ }
93
+ }
94
+ class DeprecatedSDKVersionError extends SealAPIError {
95
+ constructor(requestId) {
96
+ super("SDK version is deprecated", requestId);
97
+ }
98
+ }
85
99
  class NoAccessError extends SealAPIError {
86
100
  constructor(requestId) {
87
101
  super("User does not have access to one or more of the requested keys", requestId);
@@ -109,6 +123,8 @@ class UnsupportedNetworkError extends UserError {
109
123
  }
110
124
  class InvalidKeyServerError extends UserError {
111
125
  }
126
+ class InvalidKeyServerVersionError extends UserError {
127
+ }
112
128
  class InvalidCiphertextError extends UserError {
113
129
  }
114
130
  class InvalidThresholdError extends UserError {
@@ -131,6 +147,7 @@ function toMajorityError(errors) {
131
147
  return majorityError;
132
148
  }
133
149
  export {
150
+ DeprecatedSDKVersionError,
134
151
  ExpiredSessionKeyError,
135
152
  GeneralError,
136
153
  InconsistentKeyServersError,
@@ -138,9 +155,11 @@ export {
138
155
  InvalidCiphertextError,
139
156
  InvalidGetObjectError,
140
157
  InvalidKeyServerError,
158
+ InvalidKeyServerVersionError,
141
159
  InvalidPTBError,
142
160
  InvalidPackageError,
143
161
  InvalidPersonalMessageSignatureError,
162
+ InvalidSDKVersionError,
144
163
  InvalidSessionKeySignatureError,
145
164
  InvalidThresholdError,
146
165
  InvalidUserSignatureError,
package/dist/esm/error.js.map CHANGED
@@ -1,7 +1,7 @@
1
1
  {
2
2
  "version": 3,
3
3
  "sources": ["../../src/error.ts"],
4
- "sourcesContent": ["// Copyright (c) Mysten Labs, Inc.\n// SPDX-License-Identifier: Apache-2.0\n\nexport class SealError extends Error {}\n\nexport class UserError extends SealError {}\n\n// Errors returned by the Seal server\nexport class SealAPIError extends SealError {\n\tconstructor(\n\t\tmessage: string,\n\t\tpublic requestId?: string,\n\t\tpublic status?: number,\n\t) {\n\t\tsuper(message);\n\t}\n\n\tstatic #generate(error: string, message: string, requestId: string, status?: number) {\n\t\tswitch (error) {\n\t\t\tcase 'InvalidPTB':\n\t\t\t\treturn new InvalidPTBError(requestId, message);\n\t\t\tcase 'InvalidPackage':\n\t\t\t\treturn new InvalidPackageError(requestId);\n\t\t\tcase 'NoAccess':\n\t\t\t\treturn new NoAccessError(requestId);\n\t\t\tcase 'InvalidCertificate':\n\t\t\t\treturn new ExpiredSessionKeyError(requestId);\n\t\t\tcase 'OldPackageVersion':\n\t\t\t\treturn new OldPackageError(requestId);\n\t\t\tcase 'InvalidSignature':\n\t\t\t\treturn new InvalidUserSignatureError(requestId);\n\t\t\tcase 'InvalidSessionSignature':\n\t\t\t\treturn new InvalidSessionKeySignatureError(requestId);\n\t\t\tcase 'Failure':\n\t\t\t\treturn new InternalError(requestId);\n\t\t\tdefault:\n\t\t\t\treturn new GeneralError(message, requestId, status);\n\t\t}\n\t}\n\n\tstatic async assertResponse(response: Response, requestId: string) {\n\t\tif (response.ok) {\n\t\t\treturn;\n\t\t}\n\t\tlet errorInstance: SealAPIError;\n\t\ttry {\n\t\t\tconst text = await response.text();\n\t\t\tconst error = JSON.parse(text)['error'];\n\t\t\tconst message = JSON.parse(text)['message'];\n\t\t\terrorInstance = SealAPIError.#generate(error, message, requestId);\n\t\t} catch (e) {\n\t\t\t// If we can't parse the response as JSON or if it doesn't have the expected format,\n\t\t\t// fall back to using the status text\n\t\t\terrorInstance = new GeneralError(response.statusText, requestId, response.status);\n\t\t}\n\t\tthrow errorInstance;\n\t}\n}\n\n// Errors returned by the Seal server that indicate that the PTB is invalid\n\nexport class InvalidPTBError extends SealAPIError {\n\tconstructor(requestId?: string, message?: string) {\n\t\tsuper('PTB does not conform to the expected format ' + message, requestId);\n\t}\n}\n\nexport class InvalidPackageError extends SealAPIError {\n\tconstructor(requestId?: string) {\n\t\tsuper('Package ID used in PTB is invalid', requestId);\n\t}\n}\n\nexport class OldPackageError extends SealAPIError {\n\tconstructor(requestId?: string) {\n\t\tsuper('PTB must call the latest version of the package', requestId);\n\t}\n}\n\n// Errors returned by the Seal server that indicate that the user's signature is invalid\n\nexport class InvalidUserSignatureError extends SealAPIError {\n\tconstructor(requestId?: string) {\n\t\tsuper('User signature on the session key is invalid', requestId);\n\t}\n}\n\nexport class InvalidSessionKeySignatureError extends SealAPIError {\n\tconstructor(requestId?: string) {\n\t\tsuper('Session key signature is invalid', requestId);\n\t}\n}\n\n/** Server error indicating that the user does not have access to one or more of the requested keys */\nexport class NoAccessError extends SealAPIError {\n\tconstructor(requestId?: string) {\n\t\tsuper('User does not have access to one or more of the requested keys', requestId);\n\t}\n}\n\n/** Server error indicating that the session key has expired */\nexport class ExpiredSessionKeyError extends SealAPIError {\n\tconstructor(requestId?: string) {\n\t\tsuper('Session key has expired', requestId);\n\t}\n}\n\n/** Internal server error, caller should retry */\nexport class InternalError extends SealAPIError {\n\tconstructor(requestId?: string) {\n\t\tsuper('Internal server error, caller should retry', requestId);\n\t}\n}\n\n/** General server errors that are not specific to the Seal API (e.g., 404 \"Not Found\") */\nexport class GeneralError extends SealAPIError {}\n\n// Errors returned by the SDK\nexport class InvalidPersonalMessageSignatureError extends UserError {}\nexport class InvalidGetObjectError extends UserError {}\nexport class UnsupportedFeatureError extends UserError {}\nexport class UnsupportedNetworkError extends UserError {}\nexport class InvalidKeyServerError extends UserError {}\nexport class InvalidCiphertextError extends UserError {}\nexport class InvalidThresholdError extends UserError {}\nexport class InconsistentKeyServersError extends UserError {}\n\nexport function toMajorityError(errors: Error[]): Error {\n\tlet maxCount = 0;\n\tlet majorityError = errors[0];\n\tconst counts = new Map<string, number>();\n\tfor (const error of errors) {\n\t\tconst errorName = error.constructor.name;\n\t\tconst newCount = (counts.get(errorName) || 0) + 1;\n\t\tcounts.set(errorName, newCount);\n\n\t\tif (newCount > maxCount) {\n\t\t\tmaxCount = newCount;\n\t\t\tmajorityError = error;\n\t\t}\n\t}\n\n\treturn majorityError;\n}\n"],
5
- "mappings": ";;;;;;AAAA;AAGO,MAAM,kBAAkB,MAAM;AAAC;AAE/B,MAAM,kBAAkB,UAAU;AAAC;AAGnC,MAAM,gBAAN,MAAM,sBAAqB,UAAU;AAAA,EAC3C,YACC,SACO,WACA,QACN;AACD,UAAM,OAAO;AAHN;AACA;AAAA,EAGR;AAAA,EAyBA,aAAa,eAAe,UAAoB,WAAmB;AAxCpE;AAyCE,QAAI,SAAS,IAAI;AAChB;AAAA,IACD;AACA,QAAI;AACJ,QAAI;AACH,YAAM,OAAO,MAAM,SAAS,KAAK;AACjC,YAAM,QAAQ,KAAK,MAAM,IAAI,EAAE,OAAO;AACtC,YAAM,UAAU,KAAK,MAAM,IAAI,EAAE,SAAS;AAC1C,sBAAgB,oCAAa,mCAAb,SAAuB,OAAO,SAAS;AAAA,IACxD,SAAS,GAAG;AAGX,sBAAgB,IAAI,aAAa,SAAS,YAAY,WAAW,SAAS,MAAM;AAAA,IACjF;AACA,UAAM;AAAA,EACP;AACD;AAjDO;AASC,cAAS,SAAC,OAAe,SAAiB,WAAmB,QAAiB;AACpF,UAAQ,OAAO;AAAA,IACd,KAAK;AACJ,aAAO,IAAI,gBAAgB,WAAW,OAAO;AAAA,IAC9C,KAAK;AACJ,aAAO,IAAI,oBAAoB,SAAS;AAAA,IACzC,KAAK;AACJ,aAAO,IAAI,cAAc,SAAS;AAAA,IACnC,KAAK;AACJ,aAAO,IAAI,uBAAuB,SAAS;AAAA,IAC5C,KAAK;AACJ,aAAO,IAAI,gBAAgB,SAAS;AAAA,IACrC,KAAK;AACJ,aAAO,IAAI,0BAA0B,SAAS;AAAA,IAC/C,KAAK;AACJ,aAAO,IAAI,gCAAgC,SAAS;AAAA,IACrD,KAAK;AACJ,aAAO,IAAI,cAAc,SAAS;AAAA,IACnC;AACC,aAAO,IAAI,aAAa,SAAS,WAAW,MAAM;AAAA,EACpD;AACD;AA9BM,aAAM,eAAN;AAAA,IAAM,eAAN;AAqDA,MAAM,wBAAwB,aAAa;AAAA,EACjD,YAAY,WAAoB,SAAkB;AACjD,UAAM,iDAAiD,SAAS,SAAS;AAAA,EAC1E;AACD;AAEO,MAAM,4BAA4B,aAAa;AAAA,EACrD,YAAY,WAAoB;AAC/B,UAAM,qCAAqC,SAAS;AAAA,EACrD;AACD;AAEO,MAAM,wBAAwB,aAAa;AAAA,EACjD,YAAY,WAAoB;AAC/B,UAAM,mDAAmD,SAAS;AAAA,EACnE;AACD;AAIO,MAAM,kCAAkC,aAAa;AAAA,EAC3D,YAAY,WAAoB;AAC/B,UAAM,gDAAgD,SAAS;AAAA,EAChE;AACD;AAEO,MAAM,wCAAwC,aAAa;AAAA,EACjE,YAAY,WAAoB;AAC/B,UAAM,oCAAoC,SAAS;AAAA,EACpD;AACD;AAGO,MAAM,sBAAsB,aAAa;AAAA,EAC/C,YAAY,WAAoB;AAC/B,UAAM,kEAAkE,SAAS;AAAA,EAClF;AACD;AAGO,MAAM,+BAA+B,aAAa;AAAA,EACxD,YAAY,WAAoB;AAC/B,UAAM,2BAA2B,SAAS;AAAA,EAC3C;AACD;AAGO,MAAM,sBAAsB,aAAa;AAAA,EAC/C,YAAY,WAAoB;AAC/B,UAAM,8CAA8C,SAAS;AAAA,EAC9D;AACD;AAGO,MAAM,qBAAqB,aAAa;AAAC;AAGzC,MAAM,6CAA6C,UAAU;AAAC;AAC9D,MAAM,8BAA8B,UAAU;AAAC;AAC/C,MAAM,gCAAgC,UAAU;AAAC;AACjD,MAAM,gCAAgC,UAAU;AAAC;AACjD,MAAM,8BAA8B,UAAU;AAAC;AAC/C,MAAM,+BAA+B,UAAU;AAAC;AAChD,MAAM,8BAA8B,UAAU;AAAC;AAC/C,MAAM,oCAAoC,UAAU;AAAC;AAErD,SAAS,gBAAgB,QAAwB;AACvD,MAAI,WAAW;AACf,MAAI,gBAAgB,OAAO,CAAC;AAC5B,QAAM,SAAS,oBAAI,IAAoB;AACvC,aAAW,SAAS,QAAQ;AAC3B,UAAM,YAAY,MAAM,YAAY;AACpC,UAAM,YAAY,OAAO,IAAI,SAAS,KAAK,KAAK;AAChD,WAAO,IAAI,WAAW,QAAQ;AAE9B,QAAI,WAAW,UAAU;AACxB,iBAAW;AACX,sBAAgB;AAAA,IACjB;AAAA,EACD;AAEA,SAAO;AACR;",
4
+ "sourcesContent": ["// Copyright (c) Mysten Labs, Inc.\n// SPDX-License-Identifier: Apache-2.0\n\nexport class SealError extends Error {}\n\nexport class UserError extends SealError {}\n\n// Errors returned by the Seal server\nexport class SealAPIError extends SealError {\n\tconstructor(\n\t\tmessage: string,\n\t\tpublic requestId?: string,\n\t\tpublic status?: number,\n\t) {\n\t\tsuper(message);\n\t}\n\n\tstatic #generate(error: string, message: string, requestId: string, status?: number) {\n\t\tswitch (error) {\n\t\t\tcase 'InvalidPTB':\n\t\t\t\treturn new InvalidPTBError(requestId, message);\n\t\t\tcase 'InvalidPackage':\n\t\t\t\treturn new InvalidPackageError(requestId);\n\t\t\tcase 'NoAccess':\n\t\t\t\treturn new NoAccessError(requestId);\n\t\t\tcase 'InvalidCertificate':\n\t\t\t\treturn new ExpiredSessionKeyError(requestId);\n\t\t\tcase 'OldPackageVersion':\n\t\t\t\treturn new OldPackageError(requestId);\n\t\t\tcase 'InvalidSignature':\n\t\t\t\treturn new InvalidUserSignatureError(requestId);\n\t\t\tcase 'InvalidSessionSignature':\n\t\t\t\treturn new InvalidSessionKeySignatureError(requestId);\n\t\t\tcase 'InvalidSDKVersion':\n\t\t\t\treturn new InvalidSDKVersionError(requestId);\n\t\t\tcase 'DeprecatedSDKVersion':\n\t\t\t\treturn new DeprecatedSDKVersionError(requestId);\n\t\t\tcase 'Failure':\n\t\t\t\treturn new InternalError(requestId);\n\t\t\tdefault:\n\t\t\t\treturn new GeneralError(message, requestId, status);\n\t\t}\n\t}\n\n\tstatic async assertResponse(response: Response, requestId: string) {\n\t\tif (response.ok) {\n\t\t\treturn;\n\t\t}\n\t\tlet errorInstance: SealAPIError;\n\t\ttry {\n\t\t\tconst text = await response.text();\n\t\t\tconst error = JSON.parse(text)['error'];\n\t\t\tconst message = JSON.parse(text)['message'];\n\t\t\terrorInstance = SealAPIError.#generate(error, message, requestId);\n\t\t} catch (e) {\n\t\t\t// If we can't parse the response as JSON or if it doesn't have the expected format,\n\t\t\t// fall back to using the status text\n\t\t\terrorInstance = new GeneralError(response.statusText, requestId, response.status);\n\t\t}\n\t\tthrow errorInstance;\n\t}\n}\n\n// Errors returned by the Seal server that indicate that the PTB is invalid\n\nexport class InvalidPTBError extends SealAPIError {\n\tconstructor(requestId?: string, message?: string) {\n\t\tsuper('PTB does not conform to the expected format ' + message, requestId);\n\t}\n}\n\nexport class InvalidPackageError extends SealAPIError {\n\tconstructor(requestId?: string) {\n\t\tsuper('Package ID used in PTB is invalid', requestId);\n\t}\n}\n\nexport class OldPackageError extends SealAPIError {\n\tconstructor(requestId?: string) {\n\t\tsuper('PTB must call the latest version of the package', requestId);\n\t}\n}\n\n// Errors returned by the Seal server that indicate that the user's signature is invalid\n\nexport class InvalidUserSignatureError extends SealAPIError {\n\tconstructor(requestId?: string) {\n\t\tsuper('User signature on the session key is invalid', requestId);\n\t}\n}\n\nexport class InvalidSessionKeySignatureError extends SealAPIError {\n\tconstructor(requestId?: string) {\n\t\tsuper('Session key signature is invalid', requestId);\n\t}\n}\n\n// Errors returned by the Seal server that indicate that the SDK version is invalid (implying that HTTP headers used by the SDK are being removed) or deprecated (implying that the SDK should be upgraded).\n\nexport class InvalidSDKVersionError extends SealAPIError {\n\tconstructor(requestId?: string) {\n\t\tsuper('SDK version is invalid', requestId);\n\t}\n}\n\nexport class DeprecatedSDKVersionError extends SealAPIError {\n\tconstructor(requestId?: string) {\n\t\tsuper('SDK version is deprecated', requestId);\n\t}\n}\n\n/** Server error indicating that the user does not have access to one or more of the requested keys */\nexport class NoAccessError extends SealAPIError {\n\tconstructor(requestId?: string) {\n\t\tsuper('User does not have access to one or more of the requested keys', requestId);\n\t}\n}\n\n/** Server error indicating that the session key has expired */\nexport class ExpiredSessionKeyError extends SealAPIError {\n\tconstructor(requestId?: string) {\n\t\tsuper('Session key has expired', requestId);\n\t}\n}\n\n/** Internal server error, caller should retry */\nexport class InternalError extends SealAPIError {\n\tconstructor(requestId?: string) {\n\t\tsuper('Internal server error, caller should retry', requestId);\n\t}\n}\n\n/** General server errors that are not specific to the Seal API (e.g., 404 \"Not Found\") */\nexport class GeneralError extends SealAPIError {}\n\n// Errors returned by the SDK\nexport class InvalidPersonalMessageSignatureError extends UserError {}\nexport class InvalidGetObjectError extends UserError {}\nexport class UnsupportedFeatureError extends UserError {}\nexport class UnsupportedNetworkError extends UserError {}\nexport class InvalidKeyServerError extends UserError {}\nexport class InvalidKeyServerVersionError extends UserError {}\nexport class InvalidCiphertextError extends UserError {}\nexport class InvalidThresholdError extends UserError {}\nexport class InconsistentKeyServersError extends UserError {}\n\nexport function toMajorityError(errors: Error[]): Error {\n\tlet maxCount = 0;\n\tlet majorityError = errors[0];\n\tconst counts = new Map<string, number>();\n\tfor (const error of errors) {\n\t\tconst errorName = error.constructor.name;\n\t\tconst newCount = (counts.get(errorName) || 0) + 1;\n\t\tcounts.set(errorName, newCount);\n\n\t\tif (newCount > maxCount) {\n\t\t\tmaxCount = newCount;\n\t\t\tmajorityError = error;\n\t\t}\n\t}\n\n\treturn majorityError;\n}\n"],
5
+ "mappings": ";;;;;;AAAA;AAGO,MAAM,kBAAkB,MAAM;AAAC;AAE/B,MAAM,kBAAkB,UAAU;AAAC;AAGnC,MAAM,gBAAN,MAAM,sBAAqB,UAAU;AAAA,EAC3C,YACC,SACO,WACA,QACN;AACD,UAAM,OAAO;AAHN;AACA;AAAA,EAGR;AAAA,EA6BA,aAAa,eAAe,UAAoB,WAAmB;AA5CpE;AA6CE,QAAI,SAAS,IAAI;AAChB;AAAA,IACD;AACA,QAAI;AACJ,QAAI;AACH,YAAM,OAAO,MAAM,SAAS,KAAK;AACjC,YAAM,QAAQ,KAAK,MAAM,IAAI,EAAE,OAAO;AACtC,YAAM,UAAU,KAAK,MAAM,IAAI,EAAE,SAAS;AAC1C,sBAAgB,oCAAa,mCAAb,SAAuB,OAAO,SAAS;AAAA,IACxD,SAAS,GAAG;AAGX,sBAAgB,IAAI,aAAa,SAAS,YAAY,WAAW,SAAS,MAAM;AAAA,IACjF;AACA,UAAM;AAAA,EACP;AACD;AArDO;AASC,cAAS,SAAC,OAAe,SAAiB,WAAmB,QAAiB;AACpF,UAAQ,OAAO;AAAA,IACd,KAAK;AACJ,aAAO,IAAI,gBAAgB,WAAW,OAAO;AAAA,IAC9C,KAAK;AACJ,aAAO,IAAI,oBAAoB,SAAS;AAAA,IACzC,KAAK;AACJ,aAAO,IAAI,cAAc,SAAS;AAAA,IACnC,KAAK;AACJ,aAAO,IAAI,uBAAuB,SAAS;AAAA,IAC5C,KAAK;AACJ,aAAO,IAAI,gBAAgB,SAAS;AAAA,IACrC,KAAK;AACJ,aAAO,IAAI,0BAA0B,SAAS;AAAA,IAC/C,KAAK;AACJ,aAAO,IAAI,gCAAgC,SAAS;AAAA,IACrD,KAAK;AACJ,aAAO,IAAI,uBAAuB,SAAS;AAAA,IAC5C,KAAK;AACJ,aAAO,IAAI,0BAA0B,SAAS;AAAA,IAC/C,KAAK;AACJ,aAAO,IAAI,cAAc,SAAS;AAAA,IACnC;AACC,aAAO,IAAI,aAAa,SAAS,WAAW,MAAM;AAAA,EACpD;AACD;AAlCM,aAAM,eAAN;AAAA,IAAM,eAAN;AAyDA,MAAM,wBAAwB,aAAa;AAAA,EACjD,YAAY,WAAoB,SAAkB;AACjD,UAAM,iDAAiD,SAAS,SAAS;AAAA,EAC1E;AACD;AAEO,MAAM,4BAA4B,aAAa;AAAA,EACrD,YAAY,WAAoB;AAC/B,UAAM,qCAAqC,SAAS;AAAA,EACrD;AACD;AAEO,MAAM,wBAAwB,aAAa;AAAA,EACjD,YAAY,WAAoB;AAC/B,UAAM,mDAAmD,SAAS;AAAA,EACnE;AACD;AAIO,MAAM,kCAAkC,aAAa;AAAA,EAC3D,YAAY,WAAoB;AAC/B,UAAM,gDAAgD,SAAS;AAAA,EAChE;AACD;AAEO,MAAM,wCAAwC,aAAa;AAAA,EACjE,YAAY,WAAoB;AAC/B,UAAM,oCAAoC,SAAS;AAAA,EACpD;AACD;AAIO,MAAM,+BAA+B,aAAa;AAAA,EACxD,YAAY,WAAoB;AAC/B,UAAM,0BAA0B,SAAS;AAAA,EAC1C;AACD;AAEO,MAAM,kCAAkC,aAAa;AAAA,EAC3D,YAAY,WAAoB;AAC/B,UAAM,6BAA6B,SAAS;AAAA,EAC7C;AACD;AAGO,MAAM,sBAAsB,aAAa;AAAA,EAC/C,YAAY,WAAoB;AAC/B,UAAM,kEAAkE,SAAS;AAAA,EAClF;AACD;AAGO,MAAM,+BAA+B,aAAa;AAAA,EACxD,YAAY,WAAoB;AAC/B,UAAM,2BAA2B,SAAS;AAAA,EAC3C;AACD;AAGO,MAAM,sBAAsB,aAAa;AAAA,EAC/C,YAAY,WAAoB;AAC/B,UAAM,8CAA8C,SAAS;AAAA,EAC9D;AACD;AAGO,MAAM,qBAAqB,aAAa;AAAC;AAGzC,MAAM,6CAA6C,UAAU;AAAC;AAC9D,MAAM,8BAA8B,UAAU;AAAC;AAC/C,MAAM,gCAAgC,UAAU;AAAC;AACjD,MAAM,gCAAgC,UAAU;AAAC;AACjD,MAAM,8BAA8B,UAAU;AAAC;AAC/C,MAAM,qCAAqC,UAAU;AAAC;AACtD,MAAM,+BAA+B,UAAU;AAAC;AAChD,MAAM,8BAA8B,UAAU;AAAC;AAC/C,MAAM,oCAAoC,UAAU;AAAC;AAErD,SAAS,gBAAgB,QAAwB;AACvD,MAAI,WAAW;AACf,MAAI,gBAAgB,OAAO,CAAC;AAC5B,QAAM,SAAS,oBAAI,IAAoB;AACvC,aAAW,SAAS,QAAQ;AAC3B,UAAM,YAAY,MAAM,YAAY;AACpC,UAAM,YAAY,OAAO,IAAI,SAAS,KAAK,KAAK;AAChD,WAAO,IAAI,WAAW,QAAQ;AAE9B,QAAI,WAAW,UAAU;AACxB,iBAAW;AACX,sBAAgB;AAAA,IACjB;AAAA,EACD;AAEA,SAAO;AACR;",
6
6
  "names": []
7
7
  }
package/dist/esm/key-server.d.ts CHANGED
@@ -1,4 +1,5 @@
1
1
  import type { SealCompatibleClient } from './types.js';
2
+ import { Version } from './utils.js';
2
3
  export type KeyServer = {
3
4
  objectId: string;
4
5
  name: string;
@@ -9,6 +10,7 @@ export type KeyServer = {
9
10
  export declare enum KeyServerType {
10
11
  BonehFranklinBLS12381 = 0
11
12
  }
13
+ export declare const SERVER_VERSION_REQUIREMENT: Version;
12
14
  /**
13
15
  * Returns a static list of Seal key server object ids that the dapp can choose to use.
14
16
  * @param network - The network to use.
@@ -36,3 +38,9 @@ export declare function retrieveKeyServers({ objectIds, client, }: {
36
38
  * @returns - True if the key server is valid, false otherwise.
37
39
  */
38
40
  export declare function verifyKeyServer(server: KeyServer, timeout: number): Promise<boolean>;
41
+ /**
42
+ * Verify the key server version. Throws an `InvalidKeyServerError` if the version is not supported.
43
+ *
44
+ * @param response - The response from the key server.
45
+ */
46
+ export declare function verifyKeyServerVersion(response: Response): void;
package/dist/esm/key-server.js CHANGED
@@ -3,16 +3,19 @@ import { bls12_381 } from "@noble/curves/bls12-381";
3
3
  import { KeyServerMove } from "./bcs.js";
4
4
  import {
5
5
  InvalidGetObjectError,
6
+ InvalidKeyServerVersionError,
6
7
  SealAPIError,
7
8
  UnsupportedFeatureError,
8
9
  UnsupportedNetworkError
9
10
  } from "./error.js";
10
11
  import { DST_POP } from "./ibe.js";
11
12
  import { PACKAGE_VERSION } from "./version.js";
13
+ import { Version } from "./utils.js";
12
14
  var KeyServerType = /* @__PURE__ */ ((KeyServerType2) => {
13
15
  KeyServerType2[KeyServerType2["BonehFranklinBLS12381"] = 0] = "BonehFranklinBLS12381";
14
16
  return KeyServerType2;
15
17
  })(KeyServerType || {});
18
+ const SERVER_VERSION_REQUIREMENT = new Version("0.2.0");
16
19
  function getAllowlistedKeyServers(network) {
17
20
  if (network === "testnet") {
18
21
  return [
@@ -64,6 +67,7 @@ async function verifyKeyServer(server, timeout) {
64
67
  signal: AbortSignal.timeout(timeout)
65
68
  });
66
69
  await SealAPIError.assertResponse(response, requestId);
70
+ verifyKeyServerVersion(response);
67
71
  const serviceResponse = await response.json();
68
72
  if (serviceResponse.service_id !== server.objectId) {
69
73
  return false;
@@ -71,10 +75,23 @@ async function verifyKeyServer(server, timeout) {
71
75
  const fullMsg = new Uint8Array([...DST_POP, ...server.pk, ...fromHex(server.objectId)]);
72
76
  return bls12_381.verifyShortSignature(fromBase64(serviceResponse.pop), fullMsg, server.pk);
73
77
  }
78
+ function verifyKeyServerVersion(response) {
79
+ const keyServerVersion = response.headers.get("X-KeyServer-Version");
80
+ if (keyServerVersion == null) {
81
+ throw new InvalidKeyServerVersionError("Key server version not found");
82
+ }
83
+ if (new Version(keyServerVersion).older_than(SERVER_VERSION_REQUIREMENT)) {
84
+ throw new InvalidKeyServerVersionError(
85
+ `Key server version ${keyServerVersion} is not supported`
86
+ );
87
+ }
88
+ }
74
89
  export {
75
90
  KeyServerType,
91
+ SERVER_VERSION_REQUIREMENT,
76
92
  getAllowlistedKeyServers,
77
93
  retrieveKeyServers,
78
- verifyKeyServer
94
+ verifyKeyServer,
95
+ verifyKeyServerVersion
79
96
  };
80
97
  //# sourceMappingURL=key-server.js.map
package/dist/esm/key-server.js.map CHANGED
@@ -1,7 +1,7 @@
1
1
  {
2
2
  "version": 3,
3
3
  "sources": ["../../src/key-server.ts"],
4
- "sourcesContent": ["// Copyright (c) Mysten Labs, Inc.\n// SPDX-License-Identifier: Apache-2.0\nimport { fromBase64, fromHex } from '@mysten/bcs';\nimport { bls12_381 } from '@noble/curves/bls12-381';\n\nimport { KeyServerMove } from './bcs.js';\nimport {\n\tInvalidGetObjectError,\n\tSealAPIError,\n\tUnsupportedFeatureError,\n\tUnsupportedNetworkError,\n} from './error.js';\nimport { DST_POP } from './ibe.js';\nimport { PACKAGE_VERSION } from './version.js';\nimport type { SealCompatibleClient } from './types.js';\n\nexport type KeyServer = {\n\tobjectId: string;\n\tname: string;\n\turl: string;\n\tkeyType: KeyServerType;\n\tpk: Uint8Array;\n};\n\nexport enum KeyServerType {\n\tBonehFranklinBLS12381 = 0,\n}\n\n/**\n * Returns a static list of Seal key server object ids that the dapp can choose to use.\n * @param network - The network to use.\n * @returns The object id's of the key servers.\n */\nexport function getAllowlistedKeyServers(network: 'testnet' | 'mainnet'): string[] {\n\tif (network === 'testnet') {\n\t\treturn [\n\t\t\t'0xb35a7228d8cf224ad1e828c0217c95a5153bafc2906d6f9c178197dce26fbcf8',\n\t\t\t'0x2d6cde8a9d9a65bde3b0a346566945a63b4bfb70e9a06c41bdb70807e2502b06',\n\t\t];\n\t} else {\n\t\tthrow new UnsupportedNetworkError(`Unsupported network ${network}`);\n\t}\n}\n\n/**\n * Given a list of key server object IDs, returns a list of SealKeyServer\n * from onchain state containing name, objectId, URL and pk.\n *\n * @param objectIds - The key server object IDs.\n * @param client - The SuiClient to use.\n * @returns - An array of SealKeyServer.\n */\nexport async function retrieveKeyServers({\n\tobjectIds,\n\tclient,\n}: {\n\tobjectIds: string[];\n\tclient: SealCompatibleClient;\n}): Promise<KeyServer[]> {\n\t// todo: do not fetch the same object ID if this is fetched before.\n\treturn await Promise.all(\n\t\tobjectIds.map(async (objectId) => {\n\t\t\tlet res;\n\t\t\ttry {\n\t\t\t\tres = await client.core.getObject({\n\t\t\t\t\tobjectId,\n\t\t\t\t});\n\t\t\t} catch (e) {\n\t\t\t\tthrow new InvalidGetObjectError(`KeyServer ${objectId} not found; ${(e as Error).message}`);\n\t\t\t}\n\n\t\t\tconst ks = KeyServerMove.parse(res.object.content);\n\t\t\tif (ks.keyType !== 0) {\n\t\t\t\tthrow new UnsupportedFeatureError(`Unsupported key type ${ks.keyType}`);\n\t\t\t}\n\n\t\t\treturn {\n\t\t\t\tobjectId,\n\t\t\t\tname: ks.name,\n\t\t\t\turl: ks.url,\n\t\t\t\tkeyType: KeyServerType.BonehFranklinBLS12381,\n\t\t\t\tpk: new Uint8Array(ks.pk),\n\t\t\t};\n\t\t}),\n\t);\n}\n\n/**\n * Given a KeyServer, fetch the proof of possession (PoP) from the URL and verify it\n * against the pubkey. This should be used only rarely when the dapp uses a dynamic\n * set of key servers.\n *\n * @param server - The KeyServer to verify.\n * @returns - True if the key server is valid, false otherwise.\n */\nexport async function verifyKeyServer(server: KeyServer, timeout: number): Promise<boolean> {\n\tconst requestId = crypto.randomUUID();\n\tconst response = await fetch(server.url! + '/v1/service', {\n\t\tmethod: 'GET',\n\t\theaders: {\n\t\t\t'Content-Type': 'application/json',\n\t\t\t'Request-Id': requestId,\n\t\t\t'Client-Sdk-Type': 'typescript',\n\t\t\t'Client-Sdk-Version': PACKAGE_VERSION,\n\t\t},\n\t\tsignal: AbortSignal.timeout(timeout),\n\t});\n\n\tawait SealAPIError.assertResponse(response, requestId);\n\tconst serviceResponse = await response.json();\n\n\tif (serviceResponse.service_id !== server.objectId) {\n\t\treturn false;\n\t}\n\tconst fullMsg = new Uint8Array([...DST_POP, ...server.pk, ...fromHex(server.objectId)]);\n\treturn bls12_381.verifyShortSignature(fromBase64(serviceResponse.pop), fullMsg, server.pk);\n}\n"],
5
- "mappings": "AAEA,SAAS,YAAY,eAAe;AACpC,SAAS,iBAAiB;AAE1B,SAAS,qBAAqB;AAC9B;AAAA,EACC;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,OACM;AACP,SAAS,eAAe;AACxB,SAAS,uBAAuB;AAWzB,IAAK,gBAAL,kBAAKA,mBAAL;AACN,EAAAA,8BAAA,2BAAwB,KAAxB;AADW,SAAAA;AAAA,GAAA;AASL,SAAS,yBAAyB,SAA0C;AAClF,MAAI,YAAY,WAAW;AAC1B,WAAO;AAAA,MACN;AAAA,MACA;AAAA,IACD;AAAA,EACD,OAAO;AACN,UAAM,IAAI,wBAAwB,uBAAuB,OAAO,EAAE;AAAA,EACnE;AACD;AAUA,eAAsB,mBAAmB;AAAA,EACxC;AAAA,EACA;AACD,GAGyB;AAExB,SAAO,MAAM,QAAQ;AAAA,IACpB,UAAU,IAAI,OAAO,aAAa;AACjC,UAAI;AACJ,UAAI;AACH,cAAM,MAAM,OAAO,KAAK,UAAU;AAAA,UACjC;AAAA,QACD,CAAC;AAAA,MACF,SAAS,GAAG;AACX,cAAM,IAAI,sBAAsB,aAAa,QAAQ,eAAgB,EAAY,OAAO,EAAE;AAAA,MAC3F;AAEA,YAAM,KAAK,cAAc,MAAM,IAAI,OAAO,OAAO;AACjD,UAAI,GAAG,YAAY,GAAG;AACrB,cAAM,IAAI,wBAAwB,wBAAwB,GAAG,OAAO,EAAE;AAAA,MACvE;AAEA,aAAO;AAAA,QACN;AAAA,QACA,MAAM,GAAG;AAAA,QACT,KAAK,GAAG;AAAA,QACR,SAAS;AAAA,QACT,IAAI,IAAI,WAAW,GAAG,EAAE;AAAA,MACzB;AAAA,IACD,CAAC;AAAA,EACF;AACD;AAUA,eAAsB,gBAAgB,QAAmB,SAAmC;AAC3F,QAAM,YAAY,OAAO,WAAW;AACpC,QAAM,WAAW,MAAM,MAAM,OAAO,MAAO,eAAe;AAAA,IACzD,QAAQ;AAAA,IACR,SAAS;AAAA,MACR,gBAAgB;AAAA,MAChB,cAAc;AAAA,MACd,mBAAmB;AAAA,MACnB,sBAAsB;AAAA,IACvB;AAAA,IACA,QAAQ,YAAY,QAAQ,OAAO;AAAA,EACpC,CAAC;AAED,QAAM,aAAa,eAAe,UAAU,SAAS;AACrD,QAAM,kBAAkB,MAAM,SAAS,KAAK;AAE5C,MAAI,gBAAgB,eAAe,OAAO,UAAU;AACnD,WAAO;AAAA,EACR;AACA,QAAM,UAAU,IAAI,WAAW,CAAC,GAAG,SAAS,GAAG,OAAO,IAAI,GAAG,QAAQ,OAAO,QAAQ,CAAC,CAAC;AACtF,SAAO,UAAU,qBAAqB,WAAW,gBAAgB,GAAG,GAAG,SAAS,OAAO,EAAE;AAC1F;",
4
+ "sourcesContent": ["// Copyright (c) Mysten Labs, Inc.\n// SPDX-License-Identifier: Apache-2.0\nimport { fromBase64, fromHex } from '@mysten/bcs';\nimport { bls12_381 } from '@noble/curves/bls12-381';\n\nimport { KeyServerMove } from './bcs.js';\nimport {\n\tInvalidGetObjectError,\n\tInvalidKeyServerVersionError,\n\tSealAPIError,\n\tUnsupportedFeatureError,\n\tUnsupportedNetworkError,\n} from './error.js';\nimport { DST_POP } from './ibe.js';\nimport { PACKAGE_VERSION } from './version.js';\nimport type { SealCompatibleClient } from './types.js';\nimport { Version } from './utils.js';\n\nexport type KeyServer = {\n\tobjectId: string;\n\tname: string;\n\turl: string;\n\tkeyType: KeyServerType;\n\tpk: Uint8Array;\n};\n\nexport enum KeyServerType {\n\tBonehFranklinBLS12381 = 0,\n}\n\nexport const SERVER_VERSION_REQUIREMENT = new Version('0.2.0');\n\n/**\n * Returns a static list of Seal key server object ids that the dapp can choose to use.\n * @param network - The network to use.\n * @returns The object id's of the key servers.\n */\nexport function getAllowlistedKeyServers(network: 'testnet' | 'mainnet'): string[] {\n\tif (network === 'testnet') {\n\t\treturn [\n\t\t\t'0xb35a7228d8cf224ad1e828c0217c95a5153bafc2906d6f9c178197dce26fbcf8',\n\t\t\t'0x2d6cde8a9d9a65bde3b0a346566945a63b4bfb70e9a06c41bdb70807e2502b06',\n\t\t];\n\t} else {\n\t\tthrow new UnsupportedNetworkError(`Unsupported network ${network}`);\n\t}\n}\n\n/**\n * Given a list of key server object IDs, returns a list of SealKeyServer\n * from onchain state containing name, objectId, URL and pk.\n *\n * @param objectIds - The key server object IDs.\n * @param client - The SuiClient to use.\n * @returns - An array of SealKeyServer.\n */\nexport async function retrieveKeyServers({\n\tobjectIds,\n\tclient,\n}: {\n\tobjectIds: string[];\n\tclient: SealCompatibleClient;\n}): Promise<KeyServer[]> {\n\t// todo: do not fetch the same object ID if this is fetched before.\n\treturn await Promise.all(\n\t\tobjectIds.map(async (objectId) => {\n\t\t\tlet res;\n\t\t\ttry {\n\t\t\t\tres = await client.core.getObject({\n\t\t\t\t\tobjectId,\n\t\t\t\t});\n\t\t\t} catch (e) {\n\t\t\t\tthrow new InvalidGetObjectError(`KeyServer ${objectId} not found; ${(e as Error).message}`);\n\t\t\t}\n\n\t\t\tconst ks = KeyServerMove.parse(res.object.content);\n\t\t\tif (ks.keyType !== 0) {\n\t\t\t\tthrow new UnsupportedFeatureError(`Unsupported key type ${ks.keyType}`);\n\t\t\t}\n\n\t\t\treturn {\n\t\t\t\tobjectId,\n\t\t\t\tname: ks.name,\n\t\t\t\turl: ks.url,\n\t\t\t\tkeyType: KeyServerType.BonehFranklinBLS12381,\n\t\t\t\tpk: new Uint8Array(ks.pk),\n\t\t\t};\n\t\t}),\n\t);\n}\n\n/**\n * Given a KeyServer, fetch the proof of possession (PoP) from the URL and verify it\n * against the pubkey. This should be used only rarely when the dapp uses a dynamic\n * set of key servers.\n *\n * @param server - The KeyServer to verify.\n * @returns - True if the key server is valid, false otherwise.\n */\nexport async function verifyKeyServer(server: KeyServer, timeout: number): Promise<boolean> {\n\tconst requestId = crypto.randomUUID();\n\tconst response = await fetch(server.url! + '/v1/service', {\n\t\tmethod: 'GET',\n\t\theaders: {\n\t\t\t'Content-Type': 'application/json',\n\t\t\t'Request-Id': requestId,\n\t\t\t'Client-Sdk-Type': 'typescript',\n\t\t\t'Client-Sdk-Version': PACKAGE_VERSION,\n\t\t},\n\t\tsignal: AbortSignal.timeout(timeout),\n\t});\n\n\tawait SealAPIError.assertResponse(response, requestId);\n\tverifyKeyServerVersion(response);\n\tconst serviceResponse = await response.json();\n\n\tif (serviceResponse.service_id !== server.objectId) {\n\t\treturn false;\n\t}\n\tconst fullMsg = new Uint8Array([...DST_POP, ...server.pk, ...fromHex(server.objectId)]);\n\treturn bls12_381.verifyShortSignature(fromBase64(serviceResponse.pop), fullMsg, server.pk);\n}\n\n/**\n * Verify the key server version. Throws an `InvalidKeyServerError` if the version is not supported.\n *\n * @param response - The response from the key server.\n */\nexport function verifyKeyServerVersion(response: Response) {\n\tconst keyServerVersion = response.headers.get('X-KeyServer-Version');\n\tif (keyServerVersion == null) {\n\t\tthrow new InvalidKeyServerVersionError('Key server version not found');\n\t}\n\tif (new Version(keyServerVersion).older_than(SERVER_VERSION_REQUIREMENT)) {\n\t\tthrow new InvalidKeyServerVersionError(\n\t\t\t`Key server version ${keyServerVersion} is not supported`,\n\t\t);\n\t}\n}\n"],
5
+ "mappings": "AAEA,SAAS,YAAY,eAAe;AACpC,SAAS,iBAAiB;AAE1B,SAAS,qBAAqB;AAC9B;AAAA,EACC;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,OACM;AACP,SAAS,eAAe;AACxB,SAAS,uBAAuB;AAEhC,SAAS,eAAe;AAUjB,IAAK,gBAAL,kBAAKA,mBAAL;AACN,EAAAA,8BAAA,2BAAwB,KAAxB;AADW,SAAAA;AAAA,GAAA;AAIL,MAAM,6BAA6B,IAAI,QAAQ,OAAO;AAOtD,SAAS,yBAAyB,SAA0C;AAClF,MAAI,YAAY,WAAW;AAC1B,WAAO;AAAA,MACN;AAAA,MACA;AAAA,IACD;AAAA,EACD,OAAO;AACN,UAAM,IAAI,wBAAwB,uBAAuB,OAAO,EAAE;AAAA,EACnE;AACD;AAUA,eAAsB,mBAAmB;AAAA,EACxC;AAAA,EACA;AACD,GAGyB;AAExB,SAAO,MAAM,QAAQ;AAAA,IACpB,UAAU,IAAI,OAAO,aAAa;AACjC,UAAI;AACJ,UAAI;AACH,cAAM,MAAM,OAAO,KAAK,UAAU;AAAA,UACjC;AAAA,QACD,CAAC;AAAA,MACF,SAAS,GAAG;AACX,cAAM,IAAI,sBAAsB,aAAa,QAAQ,eAAgB,EAAY,OAAO,EAAE;AAAA,MAC3F;AAEA,YAAM,KAAK,cAAc,MAAM,IAAI,OAAO,OAAO;AACjD,UAAI,GAAG,YAAY,GAAG;AACrB,cAAM,IAAI,wBAAwB,wBAAwB,GAAG,OAAO,EAAE;AAAA,MACvE;AAEA,aAAO;AAAA,QACN;AAAA,QACA,MAAM,GAAG;AAAA,QACT,KAAK,GAAG;AAAA,QACR,SAAS;AAAA,QACT,IAAI,IAAI,WAAW,GAAG,EAAE;AAAA,MACzB;AAAA,IACD,CAAC;AAAA,EACF;AACD;AAUA,eAAsB,gBAAgB,QAAmB,SAAmC;AAC3F,QAAM,YAAY,OAAO,WAAW;AACpC,QAAM,WAAW,MAAM,MAAM,OAAO,MAAO,eAAe;AAAA,IACzD,QAAQ;AAAA,IACR,SAAS;AAAA,MACR,gBAAgB;AAAA,MAChB,cAAc;AAAA,MACd,mBAAmB;AAAA,MACnB,sBAAsB;AAAA,IACvB;AAAA,IACA,QAAQ,YAAY,QAAQ,OAAO;AAAA,EACpC,CAAC;AAED,QAAM,aAAa,eAAe,UAAU,SAAS;AACrD,yBAAuB,QAAQ;AAC/B,QAAM,kBAAkB,MAAM,SAAS,KAAK;AAE5C,MAAI,gBAAgB,eAAe,OAAO,UAAU;AACnD,WAAO;AAAA,EACR;AACA,QAAM,UAAU,IAAI,WAAW,CAAC,GAAG,SAAS,GAAG,OAAO,IAAI,GAAG,QAAQ,OAAO,QAAQ,CAAC,CAAC;AACtF,SAAO,UAAU,qBAAqB,WAAW,gBAAgB,GAAG,GAAG,SAAS,OAAO,EAAE;AAC1F;AAOO,SAAS,uBAAuB,UAAoB;AAC1D,QAAM,mBAAmB,SAAS,QAAQ,IAAI,qBAAqB;AACnE,MAAI,oBAAoB,MAAM;AAC7B,UAAM,IAAI,6BAA6B,8BAA8B;AAAA,EACtE;AACA,MAAI,IAAI,QAAQ,gBAAgB,EAAE,WAAW,0BAA0B,GAAG;AACzE,UAAM,IAAI;AAAA,MACT,sBAAsB,gBAAgB;AAAA,IACvC;AAAA,EACD;AACD;",
6
6
  "names": ["KeyServerType"]
7
7
  }