@mysten/signers 0.5.2 → 0.5.4
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/CHANGELOG.md +15 -0
- package/dist/cjs/aws/aws-kms-signer.d.ts +1 -0
- package/dist/cjs/aws/aws-kms-signer.js +1 -0
- package/dist/cjs/aws/aws-kms-signer.js.map +2 -2
- package/dist/cjs/aws/aws4fetch.js +1 -1
- package/dist/cjs/aws/aws4fetch.js.map +2 -2
- package/dist/cjs/gcp/gcp-kms-client.d.ts +1 -0
- package/dist/cjs/gcp/gcp-kms-client.js +1 -0
- package/dist/cjs/gcp/gcp-kms-client.js.map +2 -2
- package/dist/esm/aws/aws-kms-signer.d.ts +1 -0
- package/dist/esm/aws/aws-kms-signer.js +1 -0
- package/dist/esm/aws/aws-kms-signer.js.map +2 -2
- package/dist/esm/aws/aws4fetch.js +1 -1
- package/dist/esm/aws/aws4fetch.js.map +2 -2
- package/dist/esm/gcp/gcp-kms-client.d.ts +1 -0
- package/dist/esm/gcp/gcp-kms-client.js +1 -0
- package/dist/esm/gcp/gcp-kms-client.js.map +2 -2
- package/dist/tsconfig.esm.tsbuildinfo +1 -1
- package/dist/tsconfig.tsbuildinfo +1 -1
- package/package.json +3 -3
- package/src/aws/aws-kms-signer.ts +1 -0
- package/src/aws/aws4fetch.ts +2 -2
- package/src/gcp/gcp-kms-client.ts +1 -0
package/CHANGELOG.md
CHANGED
|
@@ -1,5 +1,20 @@
|
|
|
1
1
|
# @mysten/signers
|
|
2
2
|
|
|
3
|
+
## 0.5.4
|
|
4
|
+
|
|
5
|
+
### Patch Changes
|
|
6
|
+
|
|
7
|
+
- Updated dependencies [d554cd2]
|
|
8
|
+
- Updated dependencies [04fcfbc]
|
|
9
|
+
- @mysten/sui@1.41.0
|
|
10
|
+
|
|
11
|
+
## 0.5.3
|
|
12
|
+
|
|
13
|
+
### Patch Changes
|
|
14
|
+
|
|
15
|
+
- Updated dependencies [f5fc0c0]
|
|
16
|
+
- @mysten/sui@1.40.0
|
|
17
|
+
|
|
3
18
|
## 0.5.2
|
|
4
19
|
|
|
5
20
|
### Patch Changes
|
|
@@ -49,6 +49,7 @@ export declare class AwsKmsSigner extends Signer {
|
|
|
49
49
|
/**
|
|
50
50
|
* Synchronous signing is not supported by AWS KMS.
|
|
51
51
|
* @throws Always throws an error indicating synchronous signing is unsupported.
|
|
52
|
+
* @deprecated use `sign` instead
|
|
52
53
|
*/
|
|
53
54
|
signData(): never;
|
|
54
55
|
/**
|
|
@@ -87,6 +87,7 @@ const _AwsKmsSigner = class _AwsKmsSigner extends import_cryptography.Signer {
|
|
|
87
87
|
/**
|
|
88
88
|
* Synchronous signing is not supported by AWS KMS.
|
|
89
89
|
* @throws Always throws an error indicating synchronous signing is unsupported.
|
|
90
|
+
* @deprecated use `sign` instead
|
|
90
91
|
*/
|
|
91
92
|
signData() {
|
|
92
93
|
throw new Error("KMS Signer does not support sync signing");
|
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
{
|
|
2
2
|
"version": 3,
|
|
3
3
|
"sources": ["../../../src/aws/aws-kms-signer.ts"],
|
|
4
|
-
"sourcesContent": ["// Copyright (c) Mysten Labs, Inc.\n// SPDX-License-Identifier: Apache-2.0\nimport type { PublicKey, SignatureFlag } from '@mysten/sui/cryptography';\nimport { SIGNATURE_FLAG_TO_SCHEME, Signer } from '@mysten/sui/cryptography';\nimport { fromBase64, toBase64 } from '@mysten/sui/utils';\n\nimport { getConcatenatedSignature } from '../utils/utils.js';\nimport type { AwsClientOptions } from './aws-client.js';\nimport { AwsKmsClient } from './aws-client.js';\n\n/**\n * Configuration options for initializing the AwsKmsSigner.\n */\nexport interface AwsKmsSignerOptions {\n\t/** AWS KMS Key ID used for signing */\n\tkmsKeyId: string;\n\t/** Options for setting up the AWS KMS client */\n\tclient: AwsKmsClient;\n\t/** Public key */\n\tpublicKey: PublicKey;\n}\n\n/**\n * Aws KMS Signer integrates AWS Key Management Service (KMS) with the Sui blockchain\n * to provide signing capabilities using AWS-managed cryptographic keys.\n */\nexport class AwsKmsSigner extends Signer {\n\t#publicKey: PublicKey;\n\t/** AWS KMS client instance */\n\t#client: AwsKmsClient;\n\t/** AWS KMS Key ID used for signing */\n\t#kmsKeyId: string;\n\n\t/**\n\t * Creates an instance of AwsKmsSigner. It's expected to call the static `fromKeyId` method to create an instance.\n\t * For example:\n\t * ```\n\t * const signer = await AwsKmsSigner.fromKeyId(keyId, options);\n\t * ```\n\t * @throws Will throw an error if required AWS credentials or region are not provided.\n\t */\n\tconstructor({ kmsKeyId, client, publicKey }: AwsKmsSignerOptions) {\n\t\tsuper();\n\t\tif (!kmsKeyId) throw new Error('KMS Key ID is required');\n\n\t\tthis.#client = client;\n\t\tthis.#kmsKeyId = kmsKeyId;\n\t\tthis.#publicKey = publicKey;\n\t}\n\n\t/**\n\t * Retrieves the key scheme used by this signer.\n\t * @returns AWS supports only Secp256k1 and Secp256r1 schemes.\n\t */\n\tgetKeyScheme() {\n\t\treturn SIGNATURE_FLAG_TO_SCHEME[this.#publicKey.flag() as SignatureFlag];\n\t}\n\n\t/**\n\t * Retrieves the public key associated with this signer.\n\t * @returns The Secp256k1PublicKey instance.\n\t * @throws Will throw an error if the public key has not been initialized.\n\t */\n\tgetPublicKey() {\n\t\treturn this.#publicKey;\n\t}\n\n\t/**\n\t * Signs the given data using AWS KMS.\n\t * @param bytes - The data to be signed as a Uint8Array.\n\t * @returns A promise that resolves to the signature as a Uint8Array.\n\t * @throws Will throw an error if the public key is not initialized or if signing fails.\n\t */\n\tasync sign(bytes: Uint8Array): Promise<Uint8Array<ArrayBuffer>> {\n\t\tconst signResponse = await this.#client.runCommand('Sign', {\n\t\t\tKeyId: this.#kmsKeyId,\n\t\t\tMessage: toBase64(bytes),\n\t\t\tMessageType: 'RAW',\n\t\t\tSigningAlgorithm: 'ECDSA_SHA_256',\n\t\t});\n\n\t\t// Concatenate the signature components into a compact form\n\t\treturn getConcatenatedSignature(fromBase64(signResponse.Signature), this.getKeyScheme());\n\t}\n\n\t/**\n\t * Synchronous signing is not supported by AWS KMS.\n\t * @throws Always throws an error indicating synchronous signing is unsupported.\n\t */\n\tsignData(): never {\n\t\tthrow new Error('KMS Signer does not support sync signing');\n\t}\n\n\t/**\n\t * Prepares the signer by fetching and setting the public key from AWS KMS.\n\t * It is recommended to initialize an `AwsKmsSigner` instance using this function.\n\t * @returns A promise that resolves once a `AwsKmsSigner` instance is prepared (public key is set).\n\t */\n\tstatic async fromKeyId(keyId: string, options: AwsClientOptions) {\n\t\tconst client = new AwsKmsClient(options);\n\n\t\tconst pubKey = await client.getPublicKey(keyId);\n\n\t\treturn new AwsKmsSigner({\n\t\t\tkmsKeyId: keyId,\n\t\t\tclient,\n\t\t\tpublicKey: pubKey,\n\t\t});\n\t}\n}\n"],
|
|
5
|
-
"mappings": ";;;;;;;;;;;;;;;;;;;;;;;;;AAAA;AAAA;AAAA;AAAA;AAAA;AAGA,0BAAiD;AACjD,mBAAqC;AAErC,IAAAA,gBAAyC;AAEzC,wBAA6B;AAR7B;AA0BO,MAAM,gBAAN,MAAM,sBAAqB,2BAAO;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAexC,YAAY,EAAE,UAAU,QAAQ,UAAU,GAAwB;AACjE,UAAM;AAfP;AAEA;AAAA;AAEA;AAAA;AAYC,QAAI,CAAC,SAAU,OAAM,IAAI,MAAM,wBAAwB;AAEvD,uBAAK,SAAU;AACf,uBAAK,WAAY;AACjB,uBAAK,YAAa;AAAA,EACnB;AAAA;AAAA;AAAA;AAAA;AAAA,EAMA,eAAe;AACd,WAAO,6CAAyB,mBAAK,YAAW,KAAK,CAAkB;AAAA,EACxE;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAOA,eAAe;AACd,WAAO,mBAAK;AAAA,EACb;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAQA,MAAM,KAAK,OAAqD;AAC/D,UAAM,eAAe,MAAM,mBAAK,SAAQ,WAAW,QAAQ;AAAA,MAC1D,OAAO,mBAAK;AAAA,MACZ,aAAS,uBAAS,KAAK;AAAA,MACvB,aAAa;AAAA,MACb,kBAAkB;AAAA,IACnB,CAAC;AAGD,eAAO,4CAAyB,yBAAW,aAAa,SAAS,GAAG,KAAK,aAAa,CAAC;AAAA,EACxF;AAAA;AAAA;AAAA;AAAA;AAAA,
|
|
4
|
+
"sourcesContent": ["// Copyright (c) Mysten Labs, Inc.\n// SPDX-License-Identifier: Apache-2.0\nimport type { PublicKey, SignatureFlag } from '@mysten/sui/cryptography';\nimport { SIGNATURE_FLAG_TO_SCHEME, Signer } from '@mysten/sui/cryptography';\nimport { fromBase64, toBase64 } from '@mysten/sui/utils';\n\nimport { getConcatenatedSignature } from '../utils/utils.js';\nimport type { AwsClientOptions } from './aws-client.js';\nimport { AwsKmsClient } from './aws-client.js';\n\n/**\n * Configuration options for initializing the AwsKmsSigner.\n */\nexport interface AwsKmsSignerOptions {\n\t/** AWS KMS Key ID used for signing */\n\tkmsKeyId: string;\n\t/** Options for setting up the AWS KMS client */\n\tclient: AwsKmsClient;\n\t/** Public key */\n\tpublicKey: PublicKey;\n}\n\n/**\n * Aws KMS Signer integrates AWS Key Management Service (KMS) with the Sui blockchain\n * to provide signing capabilities using AWS-managed cryptographic keys.\n */\nexport class AwsKmsSigner extends Signer {\n\t#publicKey: PublicKey;\n\t/** AWS KMS client instance */\n\t#client: AwsKmsClient;\n\t/** AWS KMS Key ID used for signing */\n\t#kmsKeyId: string;\n\n\t/**\n\t * Creates an instance of AwsKmsSigner. It's expected to call the static `fromKeyId` method to create an instance.\n\t * For example:\n\t * ```\n\t * const signer = await AwsKmsSigner.fromKeyId(keyId, options);\n\t * ```\n\t * @throws Will throw an error if required AWS credentials or region are not provided.\n\t */\n\tconstructor({ kmsKeyId, client, publicKey }: AwsKmsSignerOptions) {\n\t\tsuper();\n\t\tif (!kmsKeyId) throw new Error('KMS Key ID is required');\n\n\t\tthis.#client = client;\n\t\tthis.#kmsKeyId = kmsKeyId;\n\t\tthis.#publicKey = publicKey;\n\t}\n\n\t/**\n\t * Retrieves the key scheme used by this signer.\n\t * @returns AWS supports only Secp256k1 and Secp256r1 schemes.\n\t */\n\tgetKeyScheme() {\n\t\treturn SIGNATURE_FLAG_TO_SCHEME[this.#publicKey.flag() as SignatureFlag];\n\t}\n\n\t/**\n\t * Retrieves the public key associated with this signer.\n\t * @returns The Secp256k1PublicKey instance.\n\t * @throws Will throw an error if the public key has not been initialized.\n\t */\n\tgetPublicKey() {\n\t\treturn this.#publicKey;\n\t}\n\n\t/**\n\t * Signs the given data using AWS KMS.\n\t * @param bytes - The data to be signed as a Uint8Array.\n\t * @returns A promise that resolves to the signature as a Uint8Array.\n\t * @throws Will throw an error if the public key is not initialized or if signing fails.\n\t */\n\tasync sign(bytes: Uint8Array): Promise<Uint8Array<ArrayBuffer>> {\n\t\tconst signResponse = await this.#client.runCommand('Sign', {\n\t\t\tKeyId: this.#kmsKeyId,\n\t\t\tMessage: toBase64(bytes),\n\t\t\tMessageType: 'RAW',\n\t\t\tSigningAlgorithm: 'ECDSA_SHA_256',\n\t\t});\n\n\t\t// Concatenate the signature components into a compact form\n\t\treturn getConcatenatedSignature(fromBase64(signResponse.Signature), this.getKeyScheme());\n\t}\n\n\t/**\n\t * Synchronous signing is not supported by AWS KMS.\n\t * @throws Always throws an error indicating synchronous signing is unsupported.\n\t * @deprecated use `sign` instead\n\t */\n\tsignData(): never {\n\t\tthrow new Error('KMS Signer does not support sync signing');\n\t}\n\n\t/**\n\t * Prepares the signer by fetching and setting the public key from AWS KMS.\n\t * It is recommended to initialize an `AwsKmsSigner` instance using this function.\n\t * @returns A promise that resolves once a `AwsKmsSigner` instance is prepared (public key is set).\n\t */\n\tstatic async fromKeyId(keyId: string, options: AwsClientOptions) {\n\t\tconst client = new AwsKmsClient(options);\n\n\t\tconst pubKey = await client.getPublicKey(keyId);\n\n\t\treturn new AwsKmsSigner({\n\t\t\tkmsKeyId: keyId,\n\t\t\tclient,\n\t\t\tpublicKey: pubKey,\n\t\t});\n\t}\n}\n"],
|
|
5
|
+
"mappings": ";;;;;;;;;;;;;;;;;;;;;;;;;AAAA;AAAA;AAAA;AAAA;AAAA;AAGA,0BAAiD;AACjD,mBAAqC;AAErC,IAAAA,gBAAyC;AAEzC,wBAA6B;AAR7B;AA0BO,MAAM,gBAAN,MAAM,sBAAqB,2BAAO;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAexC,YAAY,EAAE,UAAU,QAAQ,UAAU,GAAwB;AACjE,UAAM;AAfP;AAEA;AAAA;AAEA;AAAA;AAYC,QAAI,CAAC,SAAU,OAAM,IAAI,MAAM,wBAAwB;AAEvD,uBAAK,SAAU;AACf,uBAAK,WAAY;AACjB,uBAAK,YAAa;AAAA,EACnB;AAAA;AAAA;AAAA;AAAA;AAAA,EAMA,eAAe;AACd,WAAO,6CAAyB,mBAAK,YAAW,KAAK,CAAkB;AAAA,EACxE;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAOA,eAAe;AACd,WAAO,mBAAK;AAAA,EACb;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAQA,MAAM,KAAK,OAAqD;AAC/D,UAAM,eAAe,MAAM,mBAAK,SAAQ,WAAW,QAAQ;AAAA,MAC1D,OAAO,mBAAK;AAAA,MACZ,aAAS,uBAAS,KAAK;AAAA,MACvB,aAAa;AAAA,MACb,kBAAkB;AAAA,IACnB,CAAC;AAGD,eAAO,4CAAyB,yBAAW,aAAa,SAAS,GAAG,KAAK,aAAa,CAAC;AAAA,EACxF;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAOA,WAAkB;AACjB,UAAM,IAAI,MAAM,0CAA0C;AAAA,EAC3D;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAOA,aAAa,UAAU,OAAe,SAA2B;AAChE,UAAM,SAAS,IAAI,+BAAa,OAAO;AAEvC,UAAM,SAAS,MAAM,OAAO,aAAa,KAAK;AAE9C,WAAO,IAAI,cAAa;AAAA,MACvB,UAAU;AAAA,MACV;AAAA,MACA,WAAW;AAAA,IACZ,CAAC;AAAA,EACF;AACD;AAnFC;AAEA;AAEA;AALM,IAAM,eAAN;",
|
|
6
6
|
"names": ["import_utils"]
|
|
7
7
|
}
|
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
{
|
|
2
2
|
"version": 3,
|
|
3
3
|
"sources": ["../../../src/aws/aws4fetch.ts"],
|
|
4
|
-
"sourcesContent": ["// Copyright (c) Mysten Labs, Inc.\n// SPDX-License-Identifier: Apache-2.0\n\n/**\n * Original implementation https://github.com/mhart/aws4fetch, inlined to reduce external dependencies\n * @license MIT <https://opensource.org/licenses/MIT>\n * @copyright Michael Hart 2024\n */\n\nconst encoder = new TextEncoder();\n\n/** @type {Record<string, string>} */\nconst HOST_SERVICES: Record<string, string> = {\n\tappstream2: 'appstream',\n\tcloudhsmv2: 'cloudhsm',\n\temail: 'ses',\n\tmarketplace: 'aws-marketplace',\n\tmobile: 'AWSMobileHubService',\n\tpinpoint: 'mobiletargeting',\n\tqueue: 'sqs',\n\t'git-codecommit': 'codecommit',\n\t'mturk-requester-sandbox': 'mturk-requester',\n\t'personalize-runtime': 'personalize',\n};\n\n// https://github.com/aws/aws-sdk-js/blob/cc29728c1c4178969ebabe3bbe6b6f3159436394/lib/signers/v4.js#L190-L198\nconst UNSIGNABLE_HEADERS = new Set([\n\t'authorization',\n\t'content-type',\n\t'content-length',\n\t'user-agent',\n\t'presigned-expires',\n\t'expect',\n\t'x-amzn-trace-id',\n\t'range',\n\t'connection',\n]);\n\ntype AwsRequestInit = RequestInit & {\n\taws?: {\n\t\taccessKeyId?: string;\n\t\tsecretAccessKey?: string;\n\t\tsessionToken?: string;\n\t\tservice?: string;\n\t\tregion?: string;\n\t\tcache?: Map<string, ArrayBuffer>;\n\t\tdatetime?: string;\n\t\tsignQuery?: boolean;\n\t\tappendSessionToken?: boolean;\n\t\tallHeaders?: boolean;\n\t\tsingleEncode?: boolean;\n\t};\n};\n\nexport class AwsClient {\n\taccessKeyId: string;\n\tsecretAccessKey: string;\n\tsessionToken: string | undefined;\n\tservice: string | undefined;\n\tregion: string | undefined;\n\tcache: Map<any, any>;\n\tretries: number;\n\tinitRetryMs: number;\n\t/**\n\t * @param {} options\n\t */\n\tconstructor({\n\t\taccessKeyId,\n\t\tsecretAccessKey,\n\t\tsessionToken,\n\t\tservice,\n\t\tregion,\n\t\tcache,\n\t\tretries,\n\t\tinitRetryMs,\n\t}: {\n\t\taccessKeyId: string;\n\t\tsecretAccessKey: string;\n\t\tsessionToken?: string;\n\t\tservice?: string;\n\t\tregion?: string;\n\t\tcache?: Map<string, ArrayBuffer>;\n\t\tretries?: number;\n\t\tinitRetryMs?: number;\n\t}) {\n\t\tif (accessKeyId == null) throw new TypeError('accessKeyId is a required option');\n\t\tif (secretAccessKey == null) throw new TypeError('secretAccessKey is a required option');\n\t\tthis.accessKeyId = accessKeyId;\n\t\tthis.secretAccessKey = secretAccessKey;\n\t\tthis.sessionToken = sessionToken;\n\t\tthis.service = service;\n\t\tthis.region = region;\n\t\t/** @type {Map<string, ArrayBuffer>} */\n\t\tthis.cache = cache || new Map();\n\t\tthis.retries = retries != null ? retries : 10; // Up to 25.6 secs\n\t\tthis.initRetryMs = initRetryMs || 50;\n\t}\n\n\tasync sign(input: Request | { toString: () => string }, init: AwsRequestInit): Promise<Request> {\n\t\tif (input instanceof Request) {\n\t\t\tconst { method, url, headers, body } = input;\n\t\t\tinit = Object.assign({ method, url, headers }, init);\n\t\t\tif (init.body == null && headers.has('Content-Type')) {\n\t\t\t\tinit.body =\n\t\t\t\t\tbody != null && headers.has('X-Amz-Content-Sha256')\n\t\t\t\t\t\t? body\n\t\t\t\t\t\t: await input.clone().arrayBuffer();\n\t\t\t}\n\t\t\tinput = url;\n\t\t}\n\t\tconst signer = new AwsV4Signer(\n\t\t\tObject.assign({ url: input.toString() }, init, this, init && init.aws),\n\t\t);\n\t\tconst signed = Object.assign({}, init, await signer.sign());\n\t\tdelete signed.aws;\n\t\ttry {\n\t\t\treturn new Request(signed.url.toString(), signed);\n\t\t} catch (e) {\n\t\t\tif (e instanceof TypeError) {\n\t\t\t\t// https://bugs.chromium.org/p/chromium/issues/detail?id=1360943\n\t\t\t\treturn new Request(signed.url.toString(), Object.assign({ duplex: 'half' }, signed));\n\t\t\t}\n\t\t\tthrow e;\n\t\t}\n\t}\n\n\t/**\n\t * @param {Request | { toString: () => string }} input\n\t * @param {?AwsRequestInit} [init]\n\t * @returns {Promise<Response>}\n\t */\n\tasync fetch(input: Request | { toString: () => string }, init: AwsRequestInit) {\n\t\tfor (let i = 0; i <= this.retries; i++) {\n\t\t\tconst fetched = fetch(await this.sign(input, init));\n\t\t\tif (i === this.retries) {\n\t\t\t\treturn fetched; // No need to await if we're returning anyway\n\t\t\t}\n\t\t\tconst res = await fetched;\n\t\t\tif (res.status < 500 && res.status !== 429) {\n\t\t\t\treturn res;\n\t\t\t}\n\t\t\tawait new Promise((resolve) =>\n\t\t\t\tsetTimeout(resolve, Math.random() * this.initRetryMs * Math.pow(2, i)),\n\t\t\t);\n\t\t}\n\t\tthrow new Error('An unknown error occurred, ensure retries is not negative');\n\t}\n}\n\nexport class AwsV4Signer {\n\tmethod: any;\n\turl: URL;\n\theaders: Headers;\n\tbody: any;\n\taccessKeyId: any;\n\tsecretAccessKey: any;\n\tsessionToken: any;\n\tservice: any;\n\tregion: any;\n\tcache: any;\n\tdatetime: any;\n\tsignQuery: any;\n\tappendSessionToken: any;\n\tsignableHeaders: any[];\n\tsignedHeaders: any;\n\tcanonicalHeaders: any;\n\tcredentialString: string;\n\tencodedPath: string;\n\tencodedSearch: string;\n\t/**\n\t * @param {} options\n\t */\n\tconstructor({\n\t\tmethod,\n\t\turl,\n\t\theaders,\n\t\tbody,\n\t\taccessKeyId,\n\t\tsecretAccessKey,\n\t\tsessionToken,\n\t\tservice,\n\t\tregion,\n\t\tcache,\n\t\tdatetime,\n\t\tsignQuery,\n\t\tappendSessionToken,\n\t\tallHeaders,\n\t\tsingleEncode,\n\t}: {\n\t\tmethod?: string;\n\t\turl: string;\n\t\theaders?: HeadersInit;\n\t\tbody?: BodyInit | null;\n\t\taccessKeyId: string;\n\t\tsecretAccessKey: string;\n\t\tsessionToken?: string;\n\t\tservice?: string;\n\t\tregion?: string;\n\t\tcache?: Map<string, ArrayBuffer>;\n\t\tdatetime?: string;\n\t\tsignQuery?: boolean;\n\t\tappendSessionToken?: boolean;\n\t\tallHeaders?: boolean;\n\t\tsingleEncode?: boolean;\n\t}) {\n\t\tif (url == null) throw new TypeError('url is a required option');\n\t\tif (accessKeyId == null) throw new TypeError('accessKeyId is a required option');\n\t\tif (secretAccessKey == null) throw new TypeError('secretAccessKey is a required option');\n\n\t\tthis.method = method || (body ? 'POST' : 'GET');\n\t\tthis.url = new URL(url);\n\t\tthis.headers = new Headers(headers || {});\n\t\tthis.body = body;\n\n\t\tthis.accessKeyId = accessKeyId;\n\t\tthis.secretAccessKey = secretAccessKey;\n\t\tthis.sessionToken = sessionToken;\n\n\t\tlet guessedService, guessedRegion;\n\t\tif (!service || !region) {\n\t\t\t[guessedService, guessedRegion] = guessServiceRegion(this.url, this.headers);\n\t\t}\n\t\tthis.service = service || guessedService || '';\n\t\tthis.region = region || guessedRegion || 'us-east-1';\n\n\t\t/** @type {Map<string, ArrayBuffer>} */\n\t\tthis.cache = cache || new Map();\n\t\tthis.datetime = datetime || new Date().toISOString().replace(/[:-]|\\.\\d{3}/g, '');\n\t\tthis.signQuery = signQuery;\n\t\tthis.appendSessionToken = appendSessionToken || this.service === 'iotdevicegateway';\n\n\t\tthis.headers.delete('Host'); // Can't be set in insecure env anyway\n\n\t\tif (this.service === 's3' && !this.signQuery && !this.headers.has('X-Amz-Content-Sha256')) {\n\t\t\tthis.headers.set('X-Amz-Content-Sha256', 'UNSIGNED-PAYLOAD');\n\t\t}\n\n\t\tconst params = this.signQuery ? this.url.searchParams : this.headers;\n\n\t\tparams.set('X-Amz-Date', this.datetime);\n\t\tif (this.sessionToken && !this.appendSessionToken) {\n\t\t\tparams.set('X-Amz-Security-Token', this.sessionToken);\n\t\t}\n\n\t\t// headers are always lowercase in keys()\n\n\t\tthis.signableHeaders = ['host', ...(this.headers as any).keys()]\n\t\t\t.filter((header) => allHeaders || !UNSIGNABLE_HEADERS.has(header))\n\t\t\t.sort();\n\n\t\tthis.signedHeaders = this.signableHeaders.join(';');\n\n\t\t// headers are always trimmed:\n\t\t// https://fetch.spec.whatwg.org/#concept-header-value-normalize\n\t\tthis.canonicalHeaders = this.signableHeaders\n\t\t\t.map(\n\t\t\t\t(header) =>\n\t\t\t\t\theader +\n\t\t\t\t\t':' +\n\t\t\t\t\t(header === 'host'\n\t\t\t\t\t\t? this.url.host\n\t\t\t\t\t\t: (this.headers.get(header) || '').replace(/\\s+/g, ' ')),\n\t\t\t)\n\t\t\t.join('\\n');\n\n\t\tthis.credentialString = [\n\t\t\tthis.datetime.slice(0, 8),\n\t\t\tthis.region,\n\t\t\tthis.service,\n\t\t\t'aws4_request',\n\t\t].join('/');\n\n\t\tif (this.signQuery) {\n\t\t\tif (this.service === 's3' && !params.has('X-Amz-Expires')) {\n\t\t\t\tparams.set('X-Amz-Expires', '86400'); // 24 hours\n\t\t\t}\n\t\t\tparams.set('X-Amz-Algorithm', 'AWS4-HMAC-SHA256');\n\t\t\tparams.set('X-Amz-Credential', this.accessKeyId + '/' + this.credentialString);\n\t\t\tparams.set('X-Amz-SignedHeaders', this.signedHeaders);\n\t\t}\n\n\t\tif (this.service === 's3') {\n\t\t\ttry {\n\t\t\t\tthis.encodedPath = decodeURIComponent(this.url.pathname.replace(/\\+/g, ' '));\n\t\t\t} catch (e) {\n\t\t\t\tthis.encodedPath = this.url.pathname;\n\t\t\t}\n\t\t} else {\n\t\t\tthis.encodedPath = this.url.pathname.replace(/\\/+/g, '/');\n\t\t}\n\t\tif (!singleEncode) {\n\t\t\tthis.encodedPath = encodeURIComponent(this.encodedPath).replace(/%2F/g, '/');\n\t\t}\n\t\tthis.encodedPath = encodeRfc3986(this.encodedPath);\n\n\t\tconst seenKeys = new Set();\n\t\tthis.encodedSearch = [...this.url.searchParams]\n\t\t\t.filter(([k]) => {\n\t\t\t\tif (!k) return false; // no empty keys\n\t\t\t\tif (this.service === 's3') {\n\t\t\t\t\tif (seenKeys.has(k)) return false; // first val only for S3\n\t\t\t\t\tseenKeys.add(k);\n\t\t\t\t}\n\t\t\t\treturn true;\n\t\t\t})\n\t\t\t.map((pair) => pair.map((p) => encodeRfc3986(encodeURIComponent(p))))\n\t\t\t.sort(([k1, v1], [k2, v2]) => (k1 < k2 ? -1 : k1 > k2 ? 1 : v1 < v2 ? -1 : v1 > v2 ? 1 : 0))\n\t\t\t.map((pair) => pair.join('='))\n\t\t\t.join('&');\n\t}\n\n\t/**\n\t * @returns {Promise<{\n\t * method: string\n\t * url: URL\n\t * headers: Headers\n\t * body?: BodyInit | null\n\t * }>}\n\t */\n\tasync sign() {\n\t\tif (this.signQuery) {\n\t\t\tthis.url.searchParams.set('X-Amz-Signature', await this.signature());\n\t\t\tif (this.sessionToken && this.appendSessionToken) {\n\t\t\t\tthis.url.searchParams.set('X-Amz-Security-Token', this.sessionToken);\n\t\t\t}\n\t\t} else {\n\t\t\tthis.headers.set('Authorization', await this.authHeader());\n\t\t}\n\n\t\treturn {\n\t\t\tmethod: this.method,\n\t\t\turl: this.url,\n\t\t\theaders: this.headers,\n\t\t\tbody: this.body,\n\t\t};\n\t}\n\n\t/**\n\t * @returns {Promise<string>}\n\t */\n\tasync authHeader() {\n\t\treturn [\n\t\t\t'AWS4-HMAC-SHA256 Credential=' + this.accessKeyId + '/' + this.credentialString,\n\t\t\t'SignedHeaders=' + this.signedHeaders,\n\t\t\t'Signature=' + (await this.signature()),\n\t\t].join(', ');\n\t}\n\n\t/**\n\t * @returns {Promise<string>}\n\t */\n\tasync signature() {\n\t\tconst date = this.datetime.slice(0, 8);\n\t\tconst cacheKey = [this.secretAccessKey, date, this.region, this.service].join();\n\t\tlet kCredentials = this.cache.get(cacheKey);\n\t\tif (!kCredentials) {\n\t\t\tconst kDate = await hmac('AWS4' + this.secretAccessKey, date);\n\t\t\tconst kRegion = await hmac(kDate, this.region);\n\t\t\tconst kService = await hmac(kRegion, this.service);\n\t\t\tkCredentials = await hmac(kService, 'aws4_request');\n\t\t\tthis.cache.set(cacheKey, kCredentials);\n\t\t}\n\t\treturn buf2hex(await hmac(kCredentials, await this.stringToSign()));\n\t}\n\n\t/**\n\t * @returns {Promise<string>}\n\t */\n\tasync stringToSign() {\n\t\treturn [\n\t\t\t'AWS4-HMAC-SHA256',\n\t\t\tthis.datetime,\n\t\t\tthis.credentialString,\n\t\t\tbuf2hex(await hash(await this.canonicalString())),\n\t\t].join('\\n');\n\t}\n\n\t/**\n\t * @returns {Promise<string>}\n\t */\n\tasync canonicalString() {\n\t\treturn [\n\t\t\tthis.method.toUpperCase(),\n\t\t\tthis.encodedPath,\n\t\t\tthis.encodedSearch,\n\t\t\tthis.canonicalHeaders + '\\n',\n\t\t\tthis.signedHeaders,\n\t\t\tawait this.hexBodyHash(),\n\t\t].join('\\n');\n\t}\n\n\t/**\n\t * @returns {Promise<string>}\n\t */\n\tasync hexBodyHash() {\n\t\tlet hashHeader =\n\t\t\tthis.headers.get('X-Amz-Content-Sha256') ||\n\t\t\t(this.service === 's3' && this.signQuery ? 'UNSIGNED-PAYLOAD' : null);\n\t\tif (hashHeader == null) {\n\t\t\tif (this.body && typeof this.body !== 'string' && !('byteLength' in this.body)) {\n\t\t\t\tthrow new Error(\n\t\t\t\t\t'body must be a string, ArrayBuffer or ArrayBufferView, unless you include the X-Amz-Content-Sha256 header',\n\t\t\t\t);\n\t\t\t}\n\t\t\thashHeader = buf2hex(await hash(this.body || ''));\n\t\t}\n\t\treturn hashHeader;\n\t}\n}\n\n/**\n * @param {string | BufferSource} key\n * @param {string} string\n * @returns {Promise<ArrayBuffer>}\n */\nasync function hmac(key: string | BufferSource, string: string): Promise<ArrayBuffer> {\n\tconst cryptoKey = await crypto.subtle.importKey(\n\t\t'raw',\n\t\ttypeof key === 'string' ? encoder.encode(key) : key,\n\t\t{ name: 'HMAC', hash: { name: 'SHA-256' } },\n\t\tfalse,\n\t\t['sign'],\n\t);\n\treturn crypto.subtle.sign('HMAC', cryptoKey, encoder.encode(string));\n}\n\nasync function hash(content: string | ArrayBufferLike): Promise<ArrayBuffer> {\n\treturn crypto.subtle.digest(\n\t\t'SHA-256',\n\t\t(typeof content === 'string' ? encoder.encode(content) : content) as ArrayBuffer,\n\t);\n}\n\nconst HEX_CHARS = ['0', '1', '2', '3', '4', '5', '6', '7', '8', '9', 'a', 'b', 'c', 'd', 'e', 'f'];\n\nfunction buf2hex(arrayBuffer: ArrayBufferLike): string {\n\tconst buffer = new Uint8Array(arrayBuffer);\n\tlet out = '';\n\tfor (let idx = 0; idx < buffer.length; idx++) {\n\t\tconst n = buffer[idx];\n\n\t\tout += HEX_CHARS[(n >>> 4) & 0xf];\n\t\tout += HEX_CHARS[n & 0xf];\n\t}\n\treturn out;\n}\n\nfunction encodeRfc3986(urlEncodedStr: string): string {\n\treturn urlEncodedStr.replace(/[!'()*]/g, (c) => '%' + c.charCodeAt(0).toString(16).toUpperCase());\n}\n\nfunction guessServiceRegion(url: URL, headers: Headers): [string, string] {\n\tconst { hostname, pathname } = url;\n\n\tif (hostname.endsWith('.on.aws')) {\n\t\tconst match = hostname.match(/^[^.]{1,63}\\.lambda-url\\.([^.]{1,63})\\.on\\.aws$/);\n\t\treturn match != null ? ['lambda', match[1] || ''] : ['', ''];\n\t}\n\tif (hostname.endsWith('.r2.cloudflarestorage.com')) {\n\t\treturn ['s3', 'auto'];\n\t}\n\tif (hostname.endsWith('.backblazeb2.com')) {\n\t\tconst match = hostname.match(/^(?:[^.]{1,63}\\.)?s3\\.([^.]{1,63})\\.backblazeb2\\.com$/);\n\t\treturn match != null ? ['s3', match[1] || ''] : ['', ''];\n\t}\n\tconst match = hostname\n\t\t.replace('dualstack.', '')\n\t\t.match(/([^.]{1,63})\\.(?:([^.]{0,63})\\.)?amazonaws\\.com(?:\\.cn)?$/);\n\tlet service = (match && match[1]) || '';\n\tlet region = match && match[2];\n\n\tif (region === 'us-gov') {\n\t\tregion = 'us-gov-west-1';\n\t} else if (region === 's3' || region === 's3-accelerate') {\n\t\tregion = 'us-east-1';\n\t\tservice = 's3';\n\t} else if (service === 'iot') {\n\t\tif (hostname.startsWith('iot.')) {\n\t\t\tservice = 'execute-api';\n\t\t} else if (hostname.startsWith('data.jobs.iot.')) {\n\t\t\tservice = 'iot-jobs-data';\n\t\t} else {\n\t\t\tservice = pathname === '/mqtt' ? 'iotdevicegateway' : 'iotdata';\n\t\t}\n\t} else if (service === 'autoscaling') {\n\t\tconst targetPrefix = (headers.get('X-Amz-Target') || '').split('.')[0];\n\t\tif (targetPrefix === 'AnyScaleFrontendService') {\n\t\t\tservice = 'application-autoscaling';\n\t\t} else if (targetPrefix === 'AnyScaleScalingPlannerFrontendService') {\n\t\t\tservice = 'autoscaling-plans';\n\t\t}\n\t} else if (region == null && service.startsWith('s3-')) {\n\t\tregion = service.slice(3).replace(/^fips-|^external-1/, '');\n\t\tservice = 's3';\n\t} else if (service.endsWith('-fips')) {\n\t\tservice = service.slice(0, -5);\n\t} else if (region && /-\\d$/.test(service) && !/-\\d$/.test(region)) {\n\t\t[service, region] = [region, service];\n\t}\n\n\treturn [HOST_SERVICES[service] || service, region || ''];\n}\n"],
|
|
5
|
-
"mappings": ";;;;;;;;;;;;;;;;;;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAGA;AAAA;AAAA;AAAA;AAAA;AAMA,MAAM,UAAU,IAAI,YAAY;AAGhC,MAAM,gBAAwC;AAAA,EAC7C,YAAY;AAAA,EACZ,YAAY;AAAA,EACZ,OAAO;AAAA,EACP,aAAa;AAAA,EACb,QAAQ;AAAA,EACR,UAAU;AAAA,EACV,OAAO;AAAA,EACP,kBAAkB;AAAA,EAClB,2BAA2B;AAAA,EAC3B,uBAAuB;AACxB;AAGA,MAAM,qBAAqB,oBAAI,IAAI;AAAA,EAClC;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AACD,CAAC;AAkBM,MAAM,UAAU;AAAA;AAAA;AAAA;AAAA,EAYtB,YAAY;AAAA,IACX;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,EACD,GASG;AACF,QAAI,eAAe,KAAM,OAAM,IAAI,UAAU,kCAAkC;AAC/E,QAAI,mBAAmB,KAAM,OAAM,IAAI,UAAU,sCAAsC;AACvF,SAAK,cAAc;AACnB,SAAK,kBAAkB;AACvB,SAAK,eAAe;AACpB,SAAK,UAAU;AACf,SAAK,SAAS;AAEd,SAAK,QAAQ,SAAS,oBAAI,IAAI;AAC9B,SAAK,UAAU,WAAW,OAAO,UAAU;AAC3C,SAAK,cAAc,eAAe;AAAA,EACnC;AAAA,EAEA,MAAM,KAAK,OAA6C,MAAwC;AAC/F,QAAI,iBAAiB,SAAS;AAC7B,YAAM,EAAE,QAAQ,KAAK,SAAS,KAAK,IAAI;AACvC,aAAO,OAAO,OAAO,EAAE,QAAQ,KAAK,QAAQ,GAAG,IAAI;AACnD,UAAI,KAAK,QAAQ,QAAQ,QAAQ,IAAI,cAAc,GAAG;AACrD,aAAK,OACJ,QAAQ,QAAQ,QAAQ,IAAI,sBAAsB,IAC/C,OACA,MAAM,MAAM,MAAM,EAAE,YAAY;AAAA,MACrC;AACA,cAAQ;AAAA,IACT;AACA,UAAM,SAAS,IAAI;AAAA,MAClB,OAAO,OAAO,EAAE,KAAK,MAAM,SAAS,EAAE,GAAG,MAAM,MAAM,QAAQ,KAAK,GAAG;AAAA,IACtE;AACA,UAAM,SAAS,OAAO,OAAO,CAAC,GAAG,MAAM,MAAM,OAAO,KAAK,CAAC;AAC1D,WAAO,OAAO;AACd,QAAI;AACH,aAAO,IAAI,QAAQ,OAAO,IAAI,SAAS,GAAG,MAAM;AAAA,IACjD,SAAS,GAAG;AACX,UAAI,aAAa,WAAW;AAE3B,eAAO,IAAI,QAAQ,OAAO,IAAI,SAAS,GAAG,OAAO,OAAO,EAAE,QAAQ,OAAO,GAAG,MAAM,CAAC;AAAA,MACpF;AACA,YAAM;AAAA,IACP;AAAA,EACD;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAOA,MAAM,MAAM,OAA6C,MAAsB;AAC9E,aAAS,IAAI,GAAG,KAAK,KAAK,SAAS,KAAK;AACvC,YAAM,UAAU,MAAM,MAAM,KAAK,KAAK,OAAO,IAAI,CAAC;AAClD,UAAI,MAAM,KAAK,SAAS;AACvB,eAAO;AAAA,MACR;AACA,YAAM,MAAM,MAAM;AAClB,UAAI,IAAI,SAAS,OAAO,IAAI,WAAW,KAAK;AAC3C,eAAO;AAAA,MACR;AACA,YAAM,IAAI;AAAA,QAAQ,CAAC,YAClB,WAAW,SAAS,KAAK,OAAO,IAAI,KAAK,cAAc,KAAK,IAAI,GAAG,CAAC,CAAC;AAAA,MACtE;AAAA,IACD;AACA,UAAM,IAAI,MAAM,2DAA2D;AAAA,EAC5E;AACD;AAEO,MAAM,YAAY;AAAA;AAAA;AAAA;AAAA,EAuBxB,YAAY;AAAA,IACX;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,EACD,GAgBG;AACF,QAAI,OAAO,KAAM,OAAM,IAAI,UAAU,0BAA0B;AAC/D,QAAI,eAAe,KAAM,OAAM,IAAI,UAAU,kCAAkC;AAC/E,QAAI,mBAAmB,KAAM,OAAM,IAAI,UAAU,sCAAsC;AAEvF,SAAK,SAAS,WAAW,OAAO,SAAS;AACzC,SAAK,MAAM,IAAI,IAAI,GAAG;AACtB,SAAK,UAAU,IAAI,QAAQ,WAAW,CAAC,CAAC;AACxC,SAAK,OAAO;AAEZ,SAAK,cAAc;AACnB,SAAK,kBAAkB;AACvB,SAAK,eAAe;AAEpB,QAAI,gBAAgB;AACpB,QAAI,CAAC,WAAW,CAAC,QAAQ;AACxB,OAAC,gBAAgB,aAAa,IAAI,mBAAmB,KAAK,KAAK,KAAK,OAAO;AAAA,IAC5E;AACA,SAAK,UAAU,WAAW,kBAAkB;AAC5C,SAAK,SAAS,UAAU,iBAAiB;AAGzC,SAAK,QAAQ,SAAS,oBAAI,IAAI;AAC9B,SAAK,WAAW,aAAY,oBAAI,KAAK,GAAE,YAAY,EAAE,QAAQ,iBAAiB,EAAE;AAChF,SAAK,YAAY;AACjB,SAAK,qBAAqB,sBAAsB,KAAK,YAAY;AAEjE,SAAK,QAAQ,OAAO,MAAM;AAE1B,QAAI,KAAK,YAAY,QAAQ,CAAC,KAAK,aAAa,CAAC,KAAK,QAAQ,IAAI,sBAAsB,GAAG;AAC1F,WAAK,QAAQ,IAAI,wBAAwB,kBAAkB;AAAA,IAC5D;AAEA,UAAM,SAAS,KAAK,YAAY,KAAK,IAAI,eAAe,KAAK;AAE7D,WAAO,IAAI,cAAc,KAAK,QAAQ;AACtC,QAAI,KAAK,gBAAgB,CAAC,KAAK,oBAAoB;AAClD,aAAO,IAAI,wBAAwB,KAAK,YAAY;AAAA,IACrD;AAIA,SAAK,kBAAkB,CAAC,QAAQ,
|
|
4
|
+
"sourcesContent": ["// Copyright (c) Mysten Labs, Inc.\n// SPDX-License-Identifier: Apache-2.0\n\n/**\n * Original implementation https://github.com/mhart/aws4fetch, inlined to reduce external dependencies\n * @license MIT <https://opensource.org/licenses/MIT>\n * @copyright Michael Hart 2024\n */\n\nconst encoder = new TextEncoder();\n\n/** @type {Record<string, string>} */\nconst HOST_SERVICES: Record<string, string> = {\n\tappstream2: 'appstream',\n\tcloudhsmv2: 'cloudhsm',\n\temail: 'ses',\n\tmarketplace: 'aws-marketplace',\n\tmobile: 'AWSMobileHubService',\n\tpinpoint: 'mobiletargeting',\n\tqueue: 'sqs',\n\t'git-codecommit': 'codecommit',\n\t'mturk-requester-sandbox': 'mturk-requester',\n\t'personalize-runtime': 'personalize',\n};\n\n// https://github.com/aws/aws-sdk-js/blob/cc29728c1c4178969ebabe3bbe6b6f3159436394/lib/signers/v4.js#L190-L198\nconst UNSIGNABLE_HEADERS = new Set([\n\t'authorization',\n\t'content-type',\n\t'content-length',\n\t'user-agent',\n\t'presigned-expires',\n\t'expect',\n\t'x-amzn-trace-id',\n\t'range',\n\t'connection',\n]);\n\ntype AwsRequestInit = RequestInit & {\n\taws?: {\n\t\taccessKeyId?: string;\n\t\tsecretAccessKey?: string;\n\t\tsessionToken?: string;\n\t\tservice?: string;\n\t\tregion?: string;\n\t\tcache?: Map<string, ArrayBuffer>;\n\t\tdatetime?: string;\n\t\tsignQuery?: boolean;\n\t\tappendSessionToken?: boolean;\n\t\tallHeaders?: boolean;\n\t\tsingleEncode?: boolean;\n\t};\n};\n\nexport class AwsClient {\n\taccessKeyId: string;\n\tsecretAccessKey: string;\n\tsessionToken: string | undefined;\n\tservice: string | undefined;\n\tregion: string | undefined;\n\tcache: Map<any, any>;\n\tretries: number;\n\tinitRetryMs: number;\n\t/**\n\t * @param {} options\n\t */\n\tconstructor({\n\t\taccessKeyId,\n\t\tsecretAccessKey,\n\t\tsessionToken,\n\t\tservice,\n\t\tregion,\n\t\tcache,\n\t\tretries,\n\t\tinitRetryMs,\n\t}: {\n\t\taccessKeyId: string;\n\t\tsecretAccessKey: string;\n\t\tsessionToken?: string;\n\t\tservice?: string;\n\t\tregion?: string;\n\t\tcache?: Map<string, ArrayBuffer>;\n\t\tretries?: number;\n\t\tinitRetryMs?: number;\n\t}) {\n\t\tif (accessKeyId == null) throw new TypeError('accessKeyId is a required option');\n\t\tif (secretAccessKey == null) throw new TypeError('secretAccessKey is a required option');\n\t\tthis.accessKeyId = accessKeyId;\n\t\tthis.secretAccessKey = secretAccessKey;\n\t\tthis.sessionToken = sessionToken;\n\t\tthis.service = service;\n\t\tthis.region = region;\n\t\t/** @type {Map<string, ArrayBuffer>} */\n\t\tthis.cache = cache || new Map();\n\t\tthis.retries = retries != null ? retries : 10; // Up to 25.6 secs\n\t\tthis.initRetryMs = initRetryMs || 50;\n\t}\n\n\tasync sign(input: Request | { toString: () => string }, init: AwsRequestInit): Promise<Request> {\n\t\tif (input instanceof Request) {\n\t\t\tconst { method, url, headers, body } = input;\n\t\t\tinit = Object.assign({ method, url, headers }, init);\n\t\t\tif (init.body == null && headers.has('Content-Type')) {\n\t\t\t\tinit.body =\n\t\t\t\t\tbody != null && headers.has('X-Amz-Content-Sha256')\n\t\t\t\t\t\t? body\n\t\t\t\t\t\t: await input.clone().arrayBuffer();\n\t\t\t}\n\t\t\tinput = url;\n\t\t}\n\t\tconst signer = new AwsV4Signer(\n\t\t\tObject.assign({ url: input.toString() }, init, this, init && init.aws),\n\t\t);\n\t\tconst signed = Object.assign({}, init, await signer.sign());\n\t\tdelete signed.aws;\n\t\ttry {\n\t\t\treturn new Request(signed.url.toString(), signed);\n\t\t} catch (e) {\n\t\t\tif (e instanceof TypeError) {\n\t\t\t\t// https://bugs.chromium.org/p/chromium/issues/detail?id=1360943\n\t\t\t\treturn new Request(signed.url.toString(), Object.assign({ duplex: 'half' }, signed));\n\t\t\t}\n\t\t\tthrow e;\n\t\t}\n\t}\n\n\t/**\n\t * @param {Request | { toString: () => string }} input\n\t * @param {?AwsRequestInit} [init]\n\t * @returns {Promise<Response>}\n\t */\n\tasync fetch(input: Request | { toString: () => string }, init: AwsRequestInit) {\n\t\tfor (let i = 0; i <= this.retries; i++) {\n\t\t\tconst fetched = fetch(await this.sign(input, init));\n\t\t\tif (i === this.retries) {\n\t\t\t\treturn fetched; // No need to await if we're returning anyway\n\t\t\t}\n\t\t\tconst res = await fetched;\n\t\t\tif (res.status < 500 && res.status !== 429) {\n\t\t\t\treturn res;\n\t\t\t}\n\t\t\tawait new Promise((resolve) =>\n\t\t\t\tsetTimeout(resolve, Math.random() * this.initRetryMs * Math.pow(2, i)),\n\t\t\t);\n\t\t}\n\t\tthrow new Error('An unknown error occurred, ensure retries is not negative');\n\t}\n}\n\nexport class AwsV4Signer {\n\tmethod: any;\n\turl: URL;\n\theaders: Headers;\n\tbody: any;\n\taccessKeyId: any;\n\tsecretAccessKey: any;\n\tsessionToken: any;\n\tservice: any;\n\tregion: any;\n\tcache: any;\n\tdatetime: any;\n\tsignQuery: any;\n\tappendSessionToken: any;\n\tsignableHeaders: any[];\n\tsignedHeaders: any;\n\tcanonicalHeaders: any;\n\tcredentialString: string;\n\tencodedPath: string;\n\tencodedSearch: string;\n\t/**\n\t * @param {} options\n\t */\n\tconstructor({\n\t\tmethod,\n\t\turl,\n\t\theaders,\n\t\tbody,\n\t\taccessKeyId,\n\t\tsecretAccessKey,\n\t\tsessionToken,\n\t\tservice,\n\t\tregion,\n\t\tcache,\n\t\tdatetime,\n\t\tsignQuery,\n\t\tappendSessionToken,\n\t\tallHeaders,\n\t\tsingleEncode,\n\t}: {\n\t\tmethod?: string;\n\t\turl: string;\n\t\theaders?: HeadersInit;\n\t\tbody?: BodyInit | null;\n\t\taccessKeyId: string;\n\t\tsecretAccessKey: string;\n\t\tsessionToken?: string;\n\t\tservice?: string;\n\t\tregion?: string;\n\t\tcache?: Map<string, ArrayBuffer>;\n\t\tdatetime?: string;\n\t\tsignQuery?: boolean;\n\t\tappendSessionToken?: boolean;\n\t\tallHeaders?: boolean;\n\t\tsingleEncode?: boolean;\n\t}) {\n\t\tif (url == null) throw new TypeError('url is a required option');\n\t\tif (accessKeyId == null) throw new TypeError('accessKeyId is a required option');\n\t\tif (secretAccessKey == null) throw new TypeError('secretAccessKey is a required option');\n\n\t\tthis.method = method || (body ? 'POST' : 'GET');\n\t\tthis.url = new URL(url);\n\t\tthis.headers = new Headers(headers || {});\n\t\tthis.body = body;\n\n\t\tthis.accessKeyId = accessKeyId;\n\t\tthis.secretAccessKey = secretAccessKey;\n\t\tthis.sessionToken = sessionToken;\n\n\t\tlet guessedService, guessedRegion;\n\t\tif (!service || !region) {\n\t\t\t[guessedService, guessedRegion] = guessServiceRegion(this.url, this.headers);\n\t\t}\n\t\tthis.service = service || guessedService || '';\n\t\tthis.region = region || guessedRegion || 'us-east-1';\n\n\t\t/** @type {Map<string, ArrayBuffer>} */\n\t\tthis.cache = cache || new Map();\n\t\tthis.datetime = datetime || new Date().toISOString().replace(/[:-]|\\.\\d{3}/g, '');\n\t\tthis.signQuery = signQuery;\n\t\tthis.appendSessionToken = appendSessionToken || this.service === 'iotdevicegateway';\n\n\t\tthis.headers.delete('Host'); // Can't be set in insecure env anyway\n\n\t\tif (this.service === 's3' && !this.signQuery && !this.headers.has('X-Amz-Content-Sha256')) {\n\t\t\tthis.headers.set('X-Amz-Content-Sha256', 'UNSIGNED-PAYLOAD');\n\t\t}\n\n\t\tconst params = this.signQuery ? this.url.searchParams : this.headers;\n\n\t\tparams.set('X-Amz-Date', this.datetime);\n\t\tif (this.sessionToken && !this.appendSessionToken) {\n\t\t\tparams.set('X-Amz-Security-Token', this.sessionToken);\n\t\t}\n\n\t\t// headers are always lowercase in keys()\n\n\t\tthis.signableHeaders = ['host', ...((this.headers as any).keys() as string[])]\n\t\t\t.filter((header) => allHeaders || !UNSIGNABLE_HEADERS.has(header))\n\t\t\t.sort();\n\n\t\tthis.signedHeaders = this.signableHeaders.join(';');\n\n\t\t// headers are always trimmed:\n\t\t// https://fetch.spec.whatwg.org/#concept-header-value-normalize\n\t\tthis.canonicalHeaders = this.signableHeaders\n\t\t\t.map(\n\t\t\t\t(header) =>\n\t\t\t\t\theader +\n\t\t\t\t\t':' +\n\t\t\t\t\t(header === 'host'\n\t\t\t\t\t\t? this.url.host\n\t\t\t\t\t\t: (this.headers.get(header) || '').replace(/\\s+/g, ' ')),\n\t\t\t)\n\t\t\t.join('\\n');\n\n\t\tthis.credentialString = [\n\t\t\tthis.datetime.slice(0, 8),\n\t\t\tthis.region,\n\t\t\tthis.service,\n\t\t\t'aws4_request',\n\t\t].join('/');\n\n\t\tif (this.signQuery) {\n\t\t\tif (this.service === 's3' && !params.has('X-Amz-Expires')) {\n\t\t\t\tparams.set('X-Amz-Expires', '86400'); // 24 hours\n\t\t\t}\n\t\t\tparams.set('X-Amz-Algorithm', 'AWS4-HMAC-SHA256');\n\t\t\tparams.set('X-Amz-Credential', this.accessKeyId + '/' + this.credentialString);\n\t\t\tparams.set('X-Amz-SignedHeaders', this.signedHeaders);\n\t\t}\n\n\t\tif (this.service === 's3') {\n\t\t\ttry {\n\t\t\t\tthis.encodedPath = decodeURIComponent(this.url.pathname.replace(/\\+/g, ' '));\n\t\t\t} catch {\n\t\t\t\tthis.encodedPath = this.url.pathname;\n\t\t\t}\n\t\t} else {\n\t\t\tthis.encodedPath = this.url.pathname.replace(/\\/+/g, '/');\n\t\t}\n\t\tif (!singleEncode) {\n\t\t\tthis.encodedPath = encodeURIComponent(this.encodedPath).replace(/%2F/g, '/');\n\t\t}\n\t\tthis.encodedPath = encodeRfc3986(this.encodedPath);\n\n\t\tconst seenKeys = new Set();\n\t\tthis.encodedSearch = [...this.url.searchParams]\n\t\t\t.filter(([k]) => {\n\t\t\t\tif (!k) return false; // no empty keys\n\t\t\t\tif (this.service === 's3') {\n\t\t\t\t\tif (seenKeys.has(k)) return false; // first val only for S3\n\t\t\t\t\tseenKeys.add(k);\n\t\t\t\t}\n\t\t\t\treturn true;\n\t\t\t})\n\t\t\t.map((pair) => pair.map((p) => encodeRfc3986(encodeURIComponent(p))))\n\t\t\t.sort(([k1, v1], [k2, v2]) => (k1 < k2 ? -1 : k1 > k2 ? 1 : v1 < v2 ? -1 : v1 > v2 ? 1 : 0))\n\t\t\t.map((pair) => pair.join('='))\n\t\t\t.join('&');\n\t}\n\n\t/**\n\t * @returns {Promise<{\n\t * method: string\n\t * url: URL\n\t * headers: Headers\n\t * body?: BodyInit | null\n\t * }>}\n\t */\n\tasync sign() {\n\t\tif (this.signQuery) {\n\t\t\tthis.url.searchParams.set('X-Amz-Signature', await this.signature());\n\t\t\tif (this.sessionToken && this.appendSessionToken) {\n\t\t\t\tthis.url.searchParams.set('X-Amz-Security-Token', this.sessionToken);\n\t\t\t}\n\t\t} else {\n\t\t\tthis.headers.set('Authorization', await this.authHeader());\n\t\t}\n\n\t\treturn {\n\t\t\tmethod: this.method,\n\t\t\turl: this.url,\n\t\t\theaders: this.headers,\n\t\t\tbody: this.body,\n\t\t};\n\t}\n\n\t/**\n\t * @returns {Promise<string>}\n\t */\n\tasync authHeader() {\n\t\treturn [\n\t\t\t'AWS4-HMAC-SHA256 Credential=' + this.accessKeyId + '/' + this.credentialString,\n\t\t\t'SignedHeaders=' + this.signedHeaders,\n\t\t\t'Signature=' + (await this.signature()),\n\t\t].join(', ');\n\t}\n\n\t/**\n\t * @returns {Promise<string>}\n\t */\n\tasync signature() {\n\t\tconst date = this.datetime.slice(0, 8);\n\t\tconst cacheKey = [this.secretAccessKey, date, this.region, this.service].join();\n\t\tlet kCredentials = this.cache.get(cacheKey);\n\t\tif (!kCredentials) {\n\t\t\tconst kDate = await hmac('AWS4' + this.secretAccessKey, date);\n\t\t\tconst kRegion = await hmac(kDate, this.region);\n\t\t\tconst kService = await hmac(kRegion, this.service);\n\t\t\tkCredentials = await hmac(kService, 'aws4_request');\n\t\t\tthis.cache.set(cacheKey, kCredentials);\n\t\t}\n\t\treturn buf2hex(await hmac(kCredentials, await this.stringToSign()));\n\t}\n\n\t/**\n\t * @returns {Promise<string>}\n\t */\n\tasync stringToSign() {\n\t\treturn [\n\t\t\t'AWS4-HMAC-SHA256',\n\t\t\tthis.datetime,\n\t\t\tthis.credentialString,\n\t\t\tbuf2hex(await hash(await this.canonicalString())),\n\t\t].join('\\n');\n\t}\n\n\t/**\n\t * @returns {Promise<string>}\n\t */\n\tasync canonicalString() {\n\t\treturn [\n\t\t\tthis.method.toUpperCase(),\n\t\t\tthis.encodedPath,\n\t\t\tthis.encodedSearch,\n\t\t\tthis.canonicalHeaders + '\\n',\n\t\t\tthis.signedHeaders,\n\t\t\tawait this.hexBodyHash(),\n\t\t].join('\\n');\n\t}\n\n\t/**\n\t * @returns {Promise<string>}\n\t */\n\tasync hexBodyHash() {\n\t\tlet hashHeader =\n\t\t\tthis.headers.get('X-Amz-Content-Sha256') ||\n\t\t\t(this.service === 's3' && this.signQuery ? 'UNSIGNED-PAYLOAD' : null);\n\t\tif (hashHeader == null) {\n\t\t\tif (this.body && typeof this.body !== 'string' && !('byteLength' in this.body)) {\n\t\t\t\tthrow new Error(\n\t\t\t\t\t'body must be a string, ArrayBuffer or ArrayBufferView, unless you include the X-Amz-Content-Sha256 header',\n\t\t\t\t);\n\t\t\t}\n\t\t\thashHeader = buf2hex(await hash(this.body || ''));\n\t\t}\n\t\treturn hashHeader;\n\t}\n}\n\n/**\n * @param {string | BufferSource} key\n * @param {string} string\n * @returns {Promise<ArrayBuffer>}\n */\nasync function hmac(key: string | BufferSource, string: string): Promise<ArrayBuffer> {\n\tconst cryptoKey = await crypto.subtle.importKey(\n\t\t'raw',\n\t\ttypeof key === 'string' ? encoder.encode(key) : key,\n\t\t{ name: 'HMAC', hash: { name: 'SHA-256' } },\n\t\tfalse,\n\t\t['sign'],\n\t);\n\treturn crypto.subtle.sign('HMAC', cryptoKey, encoder.encode(string));\n}\n\nasync function hash(content: string | ArrayBufferLike): Promise<ArrayBuffer> {\n\treturn crypto.subtle.digest(\n\t\t'SHA-256',\n\t\t(typeof content === 'string' ? encoder.encode(content) : content) as ArrayBuffer,\n\t);\n}\n\nconst HEX_CHARS = ['0', '1', '2', '3', '4', '5', '6', '7', '8', '9', 'a', 'b', 'c', 'd', 'e', 'f'];\n\nfunction buf2hex(arrayBuffer: ArrayBufferLike): string {\n\tconst buffer = new Uint8Array(arrayBuffer);\n\tlet out = '';\n\tfor (let idx = 0; idx < buffer.length; idx++) {\n\t\tconst n = buffer[idx];\n\n\t\tout += HEX_CHARS[(n >>> 4) & 0xf];\n\t\tout += HEX_CHARS[n & 0xf];\n\t}\n\treturn out;\n}\n\nfunction encodeRfc3986(urlEncodedStr: string): string {\n\treturn urlEncodedStr.replace(/[!'()*]/g, (c) => '%' + c.charCodeAt(0).toString(16).toUpperCase());\n}\n\nfunction guessServiceRegion(url: URL, headers: Headers): [string, string] {\n\tconst { hostname, pathname } = url;\n\n\tif (hostname.endsWith('.on.aws')) {\n\t\tconst match = hostname.match(/^[^.]{1,63}\\.lambda-url\\.([^.]{1,63})\\.on\\.aws$/);\n\t\treturn match != null ? ['lambda', match[1] || ''] : ['', ''];\n\t}\n\tif (hostname.endsWith('.r2.cloudflarestorage.com')) {\n\t\treturn ['s3', 'auto'];\n\t}\n\tif (hostname.endsWith('.backblazeb2.com')) {\n\t\tconst match = hostname.match(/^(?:[^.]{1,63}\\.)?s3\\.([^.]{1,63})\\.backblazeb2\\.com$/);\n\t\treturn match != null ? ['s3', match[1] || ''] : ['', ''];\n\t}\n\tconst match = hostname\n\t\t.replace('dualstack.', '')\n\t\t.match(/([^.]{1,63})\\.(?:([^.]{0,63})\\.)?amazonaws\\.com(?:\\.cn)?$/);\n\tlet service = (match && match[1]) || '';\n\tlet region = match && match[2];\n\n\tif (region === 'us-gov') {\n\t\tregion = 'us-gov-west-1';\n\t} else if (region === 's3' || region === 's3-accelerate') {\n\t\tregion = 'us-east-1';\n\t\tservice = 's3';\n\t} else if (service === 'iot') {\n\t\tif (hostname.startsWith('iot.')) {\n\t\t\tservice = 'execute-api';\n\t\t} else if (hostname.startsWith('data.jobs.iot.')) {\n\t\t\tservice = 'iot-jobs-data';\n\t\t} else {\n\t\t\tservice = pathname === '/mqtt' ? 'iotdevicegateway' : 'iotdata';\n\t\t}\n\t} else if (service === 'autoscaling') {\n\t\tconst targetPrefix = (headers.get('X-Amz-Target') || '').split('.')[0];\n\t\tif (targetPrefix === 'AnyScaleFrontendService') {\n\t\t\tservice = 'application-autoscaling';\n\t\t} else if (targetPrefix === 'AnyScaleScalingPlannerFrontendService') {\n\t\t\tservice = 'autoscaling-plans';\n\t\t}\n\t} else if (region == null && service.startsWith('s3-')) {\n\t\tregion = service.slice(3).replace(/^fips-|^external-1/, '');\n\t\tservice = 's3';\n\t} else if (service.endsWith('-fips')) {\n\t\tservice = service.slice(0, -5);\n\t} else if (region && /-\\d$/.test(service) && !/-\\d$/.test(region)) {\n\t\t[service, region] = [region, service];\n\t}\n\n\treturn [HOST_SERVICES[service] || service, region || ''];\n}\n"],
|
|
5
|
+
"mappings": ";;;;;;;;;;;;;;;;;;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAGA;AAAA;AAAA;AAAA;AAAA;AAMA,MAAM,UAAU,IAAI,YAAY;AAGhC,MAAM,gBAAwC;AAAA,EAC7C,YAAY;AAAA,EACZ,YAAY;AAAA,EACZ,OAAO;AAAA,EACP,aAAa;AAAA,EACb,QAAQ;AAAA,EACR,UAAU;AAAA,EACV,OAAO;AAAA,EACP,kBAAkB;AAAA,EAClB,2BAA2B;AAAA,EAC3B,uBAAuB;AACxB;AAGA,MAAM,qBAAqB,oBAAI,IAAI;AAAA,EAClC;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AACD,CAAC;AAkBM,MAAM,UAAU;AAAA;AAAA;AAAA;AAAA,EAYtB,YAAY;AAAA,IACX;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,EACD,GASG;AACF,QAAI,eAAe,KAAM,OAAM,IAAI,UAAU,kCAAkC;AAC/E,QAAI,mBAAmB,KAAM,OAAM,IAAI,UAAU,sCAAsC;AACvF,SAAK,cAAc;AACnB,SAAK,kBAAkB;AACvB,SAAK,eAAe;AACpB,SAAK,UAAU;AACf,SAAK,SAAS;AAEd,SAAK,QAAQ,SAAS,oBAAI,IAAI;AAC9B,SAAK,UAAU,WAAW,OAAO,UAAU;AAC3C,SAAK,cAAc,eAAe;AAAA,EACnC;AAAA,EAEA,MAAM,KAAK,OAA6C,MAAwC;AAC/F,QAAI,iBAAiB,SAAS;AAC7B,YAAM,EAAE,QAAQ,KAAK,SAAS,KAAK,IAAI;AACvC,aAAO,OAAO,OAAO,EAAE,QAAQ,KAAK,QAAQ,GAAG,IAAI;AACnD,UAAI,KAAK,QAAQ,QAAQ,QAAQ,IAAI,cAAc,GAAG;AACrD,aAAK,OACJ,QAAQ,QAAQ,QAAQ,IAAI,sBAAsB,IAC/C,OACA,MAAM,MAAM,MAAM,EAAE,YAAY;AAAA,MACrC;AACA,cAAQ;AAAA,IACT;AACA,UAAM,SAAS,IAAI;AAAA,MAClB,OAAO,OAAO,EAAE,KAAK,MAAM,SAAS,EAAE,GAAG,MAAM,MAAM,QAAQ,KAAK,GAAG;AAAA,IACtE;AACA,UAAM,SAAS,OAAO,OAAO,CAAC,GAAG,MAAM,MAAM,OAAO,KAAK,CAAC;AAC1D,WAAO,OAAO;AACd,QAAI;AACH,aAAO,IAAI,QAAQ,OAAO,IAAI,SAAS,GAAG,MAAM;AAAA,IACjD,SAAS,GAAG;AACX,UAAI,aAAa,WAAW;AAE3B,eAAO,IAAI,QAAQ,OAAO,IAAI,SAAS,GAAG,OAAO,OAAO,EAAE,QAAQ,OAAO,GAAG,MAAM,CAAC;AAAA,MACpF;AACA,YAAM;AAAA,IACP;AAAA,EACD;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAOA,MAAM,MAAM,OAA6C,MAAsB;AAC9E,aAAS,IAAI,GAAG,KAAK,KAAK,SAAS,KAAK;AACvC,YAAM,UAAU,MAAM,MAAM,KAAK,KAAK,OAAO,IAAI,CAAC;AAClD,UAAI,MAAM,KAAK,SAAS;AACvB,eAAO;AAAA,MACR;AACA,YAAM,MAAM,MAAM;AAClB,UAAI,IAAI,SAAS,OAAO,IAAI,WAAW,KAAK;AAC3C,eAAO;AAAA,MACR;AACA,YAAM,IAAI;AAAA,QAAQ,CAAC,YAClB,WAAW,SAAS,KAAK,OAAO,IAAI,KAAK,cAAc,KAAK,IAAI,GAAG,CAAC,CAAC;AAAA,MACtE;AAAA,IACD;AACA,UAAM,IAAI,MAAM,2DAA2D;AAAA,EAC5E;AACD;AAEO,MAAM,YAAY;AAAA;AAAA;AAAA;AAAA,EAuBxB,YAAY;AAAA,IACX;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,EACD,GAgBG;AACF,QAAI,OAAO,KAAM,OAAM,IAAI,UAAU,0BAA0B;AAC/D,QAAI,eAAe,KAAM,OAAM,IAAI,UAAU,kCAAkC;AAC/E,QAAI,mBAAmB,KAAM,OAAM,IAAI,UAAU,sCAAsC;AAEvF,SAAK,SAAS,WAAW,OAAO,SAAS;AACzC,SAAK,MAAM,IAAI,IAAI,GAAG;AACtB,SAAK,UAAU,IAAI,QAAQ,WAAW,CAAC,CAAC;AACxC,SAAK,OAAO;AAEZ,SAAK,cAAc;AACnB,SAAK,kBAAkB;AACvB,SAAK,eAAe;AAEpB,QAAI,gBAAgB;AACpB,QAAI,CAAC,WAAW,CAAC,QAAQ;AACxB,OAAC,gBAAgB,aAAa,IAAI,mBAAmB,KAAK,KAAK,KAAK,OAAO;AAAA,IAC5E;AACA,SAAK,UAAU,WAAW,kBAAkB;AAC5C,SAAK,SAAS,UAAU,iBAAiB;AAGzC,SAAK,QAAQ,SAAS,oBAAI,IAAI;AAC9B,SAAK,WAAW,aAAY,oBAAI,KAAK,GAAE,YAAY,EAAE,QAAQ,iBAAiB,EAAE;AAChF,SAAK,YAAY;AACjB,SAAK,qBAAqB,sBAAsB,KAAK,YAAY;AAEjE,SAAK,QAAQ,OAAO,MAAM;AAE1B,QAAI,KAAK,YAAY,QAAQ,CAAC,KAAK,aAAa,CAAC,KAAK,QAAQ,IAAI,sBAAsB,GAAG;AAC1F,WAAK,QAAQ,IAAI,wBAAwB,kBAAkB;AAAA,IAC5D;AAEA,UAAM,SAAS,KAAK,YAAY,KAAK,IAAI,eAAe,KAAK;AAE7D,WAAO,IAAI,cAAc,KAAK,QAAQ;AACtC,QAAI,KAAK,gBAAgB,CAAC,KAAK,oBAAoB;AAClD,aAAO,IAAI,wBAAwB,KAAK,YAAY;AAAA,IACrD;AAIA,SAAK,kBAAkB,CAAC,QAAQ,GAAK,KAAK,QAAgB,KAAK,CAAc,EAC3E,OAAO,CAAC,WAAW,cAAc,CAAC,mBAAmB,IAAI,MAAM,CAAC,EAChE,KAAK;AAEP,SAAK,gBAAgB,KAAK,gBAAgB,KAAK,GAAG;AAIlD,SAAK,mBAAmB,KAAK,gBAC3B;AAAA,MACA,CAAC,WACA,SACA,OACC,WAAW,SACT,KAAK,IAAI,QACR,KAAK,QAAQ,IAAI,MAAM,KAAK,IAAI,QAAQ,QAAQ,GAAG;AAAA,IACzD,EACC,KAAK,IAAI;AAEX,SAAK,mBAAmB;AAAA,MACvB,KAAK,SAAS,MAAM,GAAG,CAAC;AAAA,MACxB,KAAK;AAAA,MACL,KAAK;AAAA,MACL;AAAA,IACD,EAAE,KAAK,GAAG;AAEV,QAAI,KAAK,WAAW;AACnB,UAAI,KAAK,YAAY,QAAQ,CAAC,OAAO,IAAI,eAAe,GAAG;AAC1D,eAAO,IAAI,iBAAiB,OAAO;AAAA,MACpC;AACA,aAAO,IAAI,mBAAmB,kBAAkB;AAChD,aAAO,IAAI,oBAAoB,KAAK,cAAc,MAAM,KAAK,gBAAgB;AAC7E,aAAO,IAAI,uBAAuB,KAAK,aAAa;AAAA,IACrD;AAEA,QAAI,KAAK,YAAY,MAAM;AAC1B,UAAI;AACH,aAAK,cAAc,mBAAmB,KAAK,IAAI,SAAS,QAAQ,OAAO,GAAG,CAAC;AAAA,MAC5E,QAAQ;AACP,aAAK,cAAc,KAAK,IAAI;AAAA,MAC7B;AAAA,IACD,OAAO;AACN,WAAK,cAAc,KAAK,IAAI,SAAS,QAAQ,QAAQ,GAAG;AAAA,IACzD;AACA,QAAI,CAAC,cAAc;AAClB,WAAK,cAAc,mBAAmB,KAAK,WAAW,EAAE,QAAQ,QAAQ,GAAG;AAAA,IAC5E;AACA,SAAK,cAAc,cAAc,KAAK,WAAW;AAEjD,UAAM,WAAW,oBAAI,IAAI;AACzB,SAAK,gBAAgB,CAAC,GAAG,KAAK,IAAI,YAAY,EAC5C,OAAO,CAAC,CAAC,CAAC,MAAM;AAChB,UAAI,CAAC,EAAG,QAAO;AACf,UAAI,KAAK,YAAY,MAAM;AAC1B,YAAI,SAAS,IAAI,CAAC,EAAG,QAAO;AAC5B,iBAAS,IAAI,CAAC;AAAA,MACf;AACA,aAAO;AAAA,IACR,CAAC,EACA,IAAI,CAAC,SAAS,KAAK,IAAI,CAAC,MAAM,cAAc,mBAAmB,CAAC,CAAC,CAAC,CAAC,EACnE,KAAK,CAAC,CAAC,IAAI,EAAE,GAAG,CAAC,IAAI,EAAE,MAAO,KAAK,KAAK,KAAK,KAAK,KAAK,IAAI,KAAK,KAAK,KAAK,KAAK,KAAK,IAAI,CAAE,EAC1F,IAAI,CAAC,SAAS,KAAK,KAAK,GAAG,CAAC,EAC5B,KAAK,GAAG;AAAA,EACX;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAUA,MAAM,OAAO;AACZ,QAAI,KAAK,WAAW;AACnB,WAAK,IAAI,aAAa,IAAI,mBAAmB,MAAM,KAAK,UAAU,CAAC;AACnE,UAAI,KAAK,gBAAgB,KAAK,oBAAoB;AACjD,aAAK,IAAI,aAAa,IAAI,wBAAwB,KAAK,YAAY;AAAA,MACpE;AAAA,IACD,OAAO;AACN,WAAK,QAAQ,IAAI,iBAAiB,MAAM,KAAK,WAAW,CAAC;AAAA,IAC1D;AAEA,WAAO;AAAA,MACN,QAAQ,KAAK;AAAA,MACb,KAAK,KAAK;AAAA,MACV,SAAS,KAAK;AAAA,MACd,MAAM,KAAK;AAAA,IACZ;AAAA,EACD;AAAA;AAAA;AAAA;AAAA,EAKA,MAAM,aAAa;AAClB,WAAO;AAAA,MACN,iCAAiC,KAAK,cAAc,MAAM,KAAK;AAAA,MAC/D,mBAAmB,KAAK;AAAA,MACxB,eAAgB,MAAM,KAAK,UAAU;AAAA,IACtC,EAAE,KAAK,IAAI;AAAA,EACZ;AAAA;AAAA;AAAA;AAAA,EAKA,MAAM,YAAY;AACjB,UAAM,OAAO,KAAK,SAAS,MAAM,GAAG,CAAC;AACrC,UAAM,WAAW,CAAC,KAAK,iBAAiB,MAAM,KAAK,QAAQ,KAAK,OAAO,EAAE,KAAK;AAC9E,QAAI,eAAe,KAAK,MAAM,IAAI,QAAQ;AAC1C,QAAI,CAAC,cAAc;AAClB,YAAM,QAAQ,MAAM,KAAK,SAAS,KAAK,iBAAiB,IAAI;AAC5D,YAAM,UAAU,MAAM,KAAK,OAAO,KAAK,MAAM;AAC7C,YAAM,WAAW,MAAM,KAAK,SAAS,KAAK,OAAO;AACjD,qBAAe,MAAM,KAAK,UAAU,cAAc;AAClD,WAAK,MAAM,IAAI,UAAU,YAAY;AAAA,IACtC;AACA,WAAO,QAAQ,MAAM,KAAK,cAAc,MAAM,KAAK,aAAa,CAAC,CAAC;AAAA,EACnE;AAAA;AAAA;AAAA;AAAA,EAKA,MAAM,eAAe;AACpB,WAAO;AAAA,MACN;AAAA,MACA,KAAK;AAAA,MACL,KAAK;AAAA,MACL,QAAQ,MAAM,KAAK,MAAM,KAAK,gBAAgB,CAAC,CAAC;AAAA,IACjD,EAAE,KAAK,IAAI;AAAA,EACZ;AAAA;AAAA;AAAA;AAAA,EAKA,MAAM,kBAAkB;AACvB,WAAO;AAAA,MACN,KAAK,OAAO,YAAY;AAAA,MACxB,KAAK;AAAA,MACL,KAAK;AAAA,MACL,KAAK,mBAAmB;AAAA,MACxB,KAAK;AAAA,MACL,MAAM,KAAK,YAAY;AAAA,IACxB,EAAE,KAAK,IAAI;AAAA,EACZ;AAAA;AAAA;AAAA;AAAA,EAKA,MAAM,cAAc;AACnB,QAAI,aACH,KAAK,QAAQ,IAAI,sBAAsB,MACtC,KAAK,YAAY,QAAQ,KAAK,YAAY,qBAAqB;AACjE,QAAI,cAAc,MAAM;AACvB,UAAI,KAAK,QAAQ,OAAO,KAAK,SAAS,YAAY,EAAE,gBAAgB,KAAK,OAAO;AAC/E,cAAM,IAAI;AAAA,UACT;AAAA,QACD;AAAA,MACD;AACA,mBAAa,QAAQ,MAAM,KAAK,KAAK,QAAQ,EAAE,CAAC;AAAA,IACjD;AACA,WAAO;AAAA,EACR;AACD;AAOA,eAAe,KAAK,KAA4B,QAAsC;AACrF,QAAM,YAAY,MAAM,OAAO,OAAO;AAAA,IACrC;AAAA,IACA,OAAO,QAAQ,WAAW,QAAQ,OAAO,GAAG,IAAI;AAAA,IAChD,EAAE,MAAM,QAAQ,MAAM,EAAE,MAAM,UAAU,EAAE;AAAA,IAC1C;AAAA,IACA,CAAC,MAAM;AAAA,EACR;AACA,SAAO,OAAO,OAAO,KAAK,QAAQ,WAAW,QAAQ,OAAO,MAAM,CAAC;AACpE;AAEA,eAAe,KAAK,SAAyD;AAC5E,SAAO,OAAO,OAAO;AAAA,IACpB;AAAA,IACC,OAAO,YAAY,WAAW,QAAQ,OAAO,OAAO,IAAI;AAAA,EAC1D;AACD;AAEA,MAAM,YAAY,CAAC,KAAK,KAAK,KAAK,KAAK,KAAK,KAAK,KAAK,KAAK,KAAK,KAAK,KAAK,KAAK,KAAK,KAAK,KAAK,GAAG;AAEjG,SAAS,QAAQ,aAAsC;AACtD,QAAM,SAAS,IAAI,WAAW,WAAW;AACzC,MAAI,MAAM;AACV,WAAS,MAAM,GAAG,MAAM,OAAO,QAAQ,OAAO;AAC7C,UAAM,IAAI,OAAO,GAAG;AAEpB,WAAO,UAAW,MAAM,IAAK,EAAG;AAChC,WAAO,UAAU,IAAI,EAAG;AAAA,EACzB;AACA,SAAO;AACR;AAEA,SAAS,cAAc,eAA+B;AACrD,SAAO,cAAc,QAAQ,YAAY,CAAC,MAAM,MAAM,EAAE,WAAW,CAAC,EAAE,SAAS,EAAE,EAAE,YAAY,CAAC;AACjG;AAEA,SAAS,mBAAmB,KAAU,SAAoC;AACzE,QAAM,EAAE,UAAU,SAAS,IAAI;AAE/B,MAAI,SAAS,SAAS,SAAS,GAAG;AACjC,UAAMA,SAAQ,SAAS,MAAM,iDAAiD;AAC9E,WAAOA,UAAS,OAAO,CAAC,UAAUA,OAAM,CAAC,KAAK,EAAE,IAAI,CAAC,IAAI,EAAE;AAAA,EAC5D;AACA,MAAI,SAAS,SAAS,2BAA2B,GAAG;AACnD,WAAO,CAAC,MAAM,MAAM;AAAA,EACrB;AACA,MAAI,SAAS,SAAS,kBAAkB,GAAG;AAC1C,UAAMA,SAAQ,SAAS,MAAM,uDAAuD;AACpF,WAAOA,UAAS,OAAO,CAAC,MAAMA,OAAM,CAAC,KAAK,EAAE,IAAI,CAAC,IAAI,EAAE;AAAA,EACxD;AACA,QAAM,QAAQ,SACZ,QAAQ,cAAc,EAAE,EACxB,MAAM,2DAA2D;AACnE,MAAI,UAAW,SAAS,MAAM,CAAC,KAAM;AACrC,MAAI,SAAS,SAAS,MAAM,CAAC;AAE7B,MAAI,WAAW,UAAU;AACxB,aAAS;AAAA,EACV,WAAW,WAAW,QAAQ,WAAW,iBAAiB;AACzD,aAAS;AACT,cAAU;AAAA,EACX,WAAW,YAAY,OAAO;AAC7B,QAAI,SAAS,WAAW,MAAM,GAAG;AAChC,gBAAU;AAAA,IACX,WAAW,SAAS,WAAW,gBAAgB,GAAG;AACjD,gBAAU;AAAA,IACX,OAAO;AACN,gBAAU,aAAa,UAAU,qBAAqB;AAAA,IACvD;AAAA,EACD,WAAW,YAAY,eAAe;AACrC,UAAM,gBAAgB,QAAQ,IAAI,cAAc,KAAK,IAAI,MAAM,GAAG,EAAE,CAAC;AACrE,QAAI,iBAAiB,2BAA2B;AAC/C,gBAAU;AAAA,IACX,WAAW,iBAAiB,yCAAyC;AACpE,gBAAU;AAAA,IACX;AAAA,EACD,WAAW,UAAU,QAAQ,QAAQ,WAAW,KAAK,GAAG;AACvD,aAAS,QAAQ,MAAM,CAAC,EAAE,QAAQ,sBAAsB,EAAE;AAC1D,cAAU;AAAA,EACX,WAAW,QAAQ,SAAS,OAAO,GAAG;AACrC,cAAU,QAAQ,MAAM,GAAG,EAAE;AAAA,EAC9B,WAAW,UAAU,OAAO,KAAK,OAAO,KAAK,CAAC,OAAO,KAAK,MAAM,GAAG;AAClE,KAAC,SAAS,MAAM,IAAI,CAAC,QAAQ,OAAO;AAAA,EACrC;AAEA,SAAO,CAAC,cAAc,OAAO,KAAK,SAAS,UAAU,EAAE;AACxD;",
|
|
6
6
|
"names": ["match"]
|
|
7
7
|
}
|
|
@@ -49,6 +49,7 @@ export declare class GcpKmsSigner extends Signer {
|
|
|
49
49
|
/**
|
|
50
50
|
* Synchronous signing is not supported by GCP KMS.
|
|
51
51
|
* @throws Always throws an error indicating synchronous signing is unsupported.
|
|
52
|
+
* @deprecated use `sign` instead
|
|
52
53
|
*/
|
|
53
54
|
signData(): never;
|
|
54
55
|
/**
|
|
@@ -91,6 +91,7 @@ const _GcpKmsSigner = class _GcpKmsSigner extends import_cryptography.Signer {
|
|
|
91
91
|
/**
|
|
92
92
|
* Synchronous signing is not supported by GCP KMS.
|
|
93
93
|
* @throws Always throws an error indicating synchronous signing is unsupported.
|
|
94
|
+
* @deprecated use `sign` instead
|
|
94
95
|
*/
|
|
95
96
|
signData() {
|
|
96
97
|
throw new Error("GCP Signer does not support sync signing");
|
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
{
|
|
2
2
|
"version": 3,
|
|
3
3
|
"sources": ["../../../src/gcp/gcp-kms-client.ts"],
|
|
4
|
-
"sourcesContent": ["// Copyright (c) Mysten Labs, Inc.\n// SPDX-License-Identifier: Apache-2.0\nimport { KeyManagementServiceClient } from '@google-cloud/kms';\nimport type { PublicKey, SignatureFlag } from '@mysten/sui/cryptography';\nimport { SIGNATURE_FLAG_TO_SCHEME, Signer } from '@mysten/sui/cryptography';\nimport { Secp256k1PublicKey } from '@mysten/sui/keypairs/secp256k1';\nimport { Secp256r1PublicKey } from '@mysten/sui/keypairs/secp256r1';\nimport { fromBase64 } from '@mysten/sui/utils';\n\nimport { getConcatenatedSignature, publicKeyFromDER } from '../utils/utils.js';\n\n/**\n * Configuration options for initializing the GcpKmsSigner.\n */\nexport interface GcpKmsSignerOptions {\n\t/** The version name generated from `client.cryptoKeyVersionPath()` */\n\tversionName: string;\n\t/** Options for setting up the GCP KMS client */\n\tclient: KeyManagementServiceClient;\n\t/** Public key */\n\tpublicKey: PublicKey;\n}\n\n/**\n * GCP KMS Signer integrates GCP Key Management Service (KMS) with the Sui blockchain\n * to provide signing capabilities using GCP-managed cryptographic keys.\n */\nexport class GcpKmsSigner extends Signer {\n\t#publicKey: PublicKey;\n\t/** GCP KMS client instance */\n\t#client: KeyManagementServiceClient;\n\t/** GCP KMS version name (generated from `client.cryptoKeyVersionPath()`) */\n\t#versionName: string;\n\n\t/**\n\t * Creates an instance of GcpKmsSigner. It's expected to call the static `fromOptions`\n\t * or `fromVersionName` method to create an instance.\n\t * For example:\n\t * ```\n\t * const signer = await GcpKmsSigner.fromVersionName(versionName);\n\t * ```\n\t * @throws Will throw an error if required GCP credentials are not provided.\n\t */\n\tconstructor({ versionName, client, publicKey }: GcpKmsSignerOptions) {\n\t\tsuper();\n\t\tif (!versionName) throw new Error('Version name is required');\n\n\t\tthis.#client = client;\n\t\tthis.#versionName = versionName;\n\t\tthis.#publicKey = publicKey;\n\t}\n\n\t/**\n\t * Retrieves the key scheme used by this signer.\n\t * @returns GCP supports only `Secp256k1` and `Secp256r1` schemes.\n\t */\n\tgetKeyScheme() {\n\t\treturn SIGNATURE_FLAG_TO_SCHEME[this.#publicKey.flag() as SignatureFlag];\n\t}\n\n\t/**\n\t * Retrieves the public key associated with this signer.\n\t * @returns The Secp256k1PublicKey instance.\n\t * @throws Will throw an error if the public key has not been initialized.\n\t */\n\tgetPublicKey() {\n\t\treturn this.#publicKey;\n\t}\n\n\t/**\n\t * Signs the given data using GCP KMS.\n\t * @param bytes - The data to be signed as a Uint8Array.\n\t * @returns A promise that resolves to the signature as a Uint8Array.\n\t * @throws Will throw an error if the public key is not initialized or if signing fails.\n\t */\n\tasync sign(bytes: Uint8Array): Promise<Uint8Array<ArrayBuffer>> {\n\t\tconst [signResponse] = await this.#client.asymmetricSign({\n\t\t\tname: this.#versionName,\n\t\t\tdata: bytes,\n\t\t});\n\n\t\tif (!signResponse.signature) {\n\t\t\tthrow new Error('No signature returned from GCP KMS');\n\t\t}\n\n\t\treturn getConcatenatedSignature(signResponse.signature as Uint8Array, this.getKeyScheme());\n\t}\n\n\t/**\n\t * Synchronous signing is not supported by GCP KMS.\n\t * @throws Always throws an error indicating synchronous signing is unsupported.\n\t */\n\tsignData(): never {\n\t\tthrow new Error('GCP Signer does not support sync signing');\n\t}\n\n\t/**\n\t * Creates a GCP KMS signer from the provided options.\n\t * Expects the credentials file to be set as an env variable\n\t * (GOOGLE_APPLICATION_CREDENTIALS).\n\t */\n\tstatic async fromOptions(options: {\n\t\tprojectId: string;\n\t\tlocation: string;\n\t\tkeyRing: string;\n\t\tcryptoKey: string;\n\t\tcryptoKeyVersion: string;\n\t}) {\n\t\tconst client = new KeyManagementServiceClient();\n\n\t\tconst versionName = client.cryptoKeyVersionPath(\n\t\t\toptions.projectId,\n\t\t\toptions.location,\n\t\t\toptions.keyRing,\n\t\t\toptions.cryptoKey,\n\t\t\toptions.cryptoKeyVersion,\n\t\t);\n\n\t\treturn new GcpKmsSigner({\n\t\t\tversionName,\n\t\t\tclient,\n\t\t\tpublicKey: await getPublicKey(client, versionName),\n\t\t});\n\t}\n\n\tstatic async fromVersionName(versionName: string) {\n\t\tconst client = new KeyManagementServiceClient();\n\t\treturn new GcpKmsSigner({\n\t\t\tversionName,\n\t\t\tclient,\n\t\t\tpublicKey: await getPublicKey(client, versionName),\n\t\t});\n\t}\n}\n\n/**\n * Retrieves the public key associated with the given version name.\n */\nasync function getPublicKey(\n\tclient: KeyManagementServiceClient,\n\tversionName: string,\n): Promise<PublicKey> {\n\tconst [publicKey] = await client.getPublicKey({ name: versionName });\n\n\tconst { algorithm, pem } = publicKey;\n\n\tif (!pem) throw new Error('No PEM key returned from GCP KMS');\n\n\tconst base64 = pem\n\t\t.replace('-----BEGIN PUBLIC KEY-----', '')\n\t\t.replace('-----END PUBLIC KEY-----', '')\n\t\t.replace(/\\s/g, '');\n\n\tconst compressedKey = publicKeyFromDER(fromBase64(base64));\n\n\tswitch (algorithm) {\n\t\tcase 'EC_SIGN_SECP256K1_SHA256':\n\t\t\treturn new Secp256k1PublicKey(compressedKey);\n\t\tcase 'EC_SIGN_P256_SHA256':\n\t\t\treturn new Secp256r1PublicKey(compressedKey);\n\t\tdefault:\n\t\t\tthrow new Error(`Unsupported algorithm: ${algorithm}`);\n\t}\n}\n"],
|
|
5
|
-
"mappings": ";;;;;;;;;;;;;;;;;;;;;;;;;AAAA;AAAA;AAAA;AAAA;AAAA;AAEA,iBAA2C;AAE3C,0BAAiD;AACjD,uBAAmC;AACnC,uBAAmC;AACnC,mBAA2B;AAE3B,IAAAA,gBAA2D;AAT3D;AA2BO,MAAM,gBAAN,MAAM,sBAAqB,2BAAO;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAgBxC,YAAY,EAAE,aAAa,QAAQ,UAAU,GAAwB;AACpE,UAAM;AAhBP;AAEA;AAAA;AAEA;AAAA;AAaC,QAAI,CAAC,YAAa,OAAM,IAAI,MAAM,0BAA0B;AAE5D,uBAAK,SAAU;AACf,uBAAK,cAAe;AACpB,uBAAK,YAAa;AAAA,EACnB;AAAA;AAAA;AAAA;AAAA;AAAA,EAMA,eAAe;AACd,WAAO,6CAAyB,mBAAK,YAAW,KAAK,CAAkB;AAAA,EACxE;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAOA,eAAe;AACd,WAAO,mBAAK;AAAA,EACb;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAQA,MAAM,KAAK,OAAqD;AAC/D,UAAM,CAAC,YAAY,IAAI,MAAM,mBAAK,SAAQ,eAAe;AAAA,MACxD,MAAM,mBAAK;AAAA,MACX,MAAM;AAAA,IACP,CAAC;AAED,QAAI,CAAC,aAAa,WAAW;AAC5B,YAAM,IAAI,MAAM,oCAAoC;AAAA,IACrD;AAEA,eAAO,wCAAyB,aAAa,WAAyB,KAAK,aAAa,CAAC;AAAA,EAC1F;AAAA;AAAA;AAAA;AAAA;AAAA,
|
|
4
|
+
"sourcesContent": ["// Copyright (c) Mysten Labs, Inc.\n// SPDX-License-Identifier: Apache-2.0\nimport { KeyManagementServiceClient } from '@google-cloud/kms';\nimport type { PublicKey, SignatureFlag } from '@mysten/sui/cryptography';\nimport { SIGNATURE_FLAG_TO_SCHEME, Signer } from '@mysten/sui/cryptography';\nimport { Secp256k1PublicKey } from '@mysten/sui/keypairs/secp256k1';\nimport { Secp256r1PublicKey } from '@mysten/sui/keypairs/secp256r1';\nimport { fromBase64 } from '@mysten/sui/utils';\n\nimport { getConcatenatedSignature, publicKeyFromDER } from '../utils/utils.js';\n\n/**\n * Configuration options for initializing the GcpKmsSigner.\n */\nexport interface GcpKmsSignerOptions {\n\t/** The version name generated from `client.cryptoKeyVersionPath()` */\n\tversionName: string;\n\t/** Options for setting up the GCP KMS client */\n\tclient: KeyManagementServiceClient;\n\t/** Public key */\n\tpublicKey: PublicKey;\n}\n\n/**\n * GCP KMS Signer integrates GCP Key Management Service (KMS) with the Sui blockchain\n * to provide signing capabilities using GCP-managed cryptographic keys.\n */\nexport class GcpKmsSigner extends Signer {\n\t#publicKey: PublicKey;\n\t/** GCP KMS client instance */\n\t#client: KeyManagementServiceClient;\n\t/** GCP KMS version name (generated from `client.cryptoKeyVersionPath()`) */\n\t#versionName: string;\n\n\t/**\n\t * Creates an instance of GcpKmsSigner. It's expected to call the static `fromOptions`\n\t * or `fromVersionName` method to create an instance.\n\t * For example:\n\t * ```\n\t * const signer = await GcpKmsSigner.fromVersionName(versionName);\n\t * ```\n\t * @throws Will throw an error if required GCP credentials are not provided.\n\t */\n\tconstructor({ versionName, client, publicKey }: GcpKmsSignerOptions) {\n\t\tsuper();\n\t\tif (!versionName) throw new Error('Version name is required');\n\n\t\tthis.#client = client;\n\t\tthis.#versionName = versionName;\n\t\tthis.#publicKey = publicKey;\n\t}\n\n\t/**\n\t * Retrieves the key scheme used by this signer.\n\t * @returns GCP supports only `Secp256k1` and `Secp256r1` schemes.\n\t */\n\tgetKeyScheme() {\n\t\treturn SIGNATURE_FLAG_TO_SCHEME[this.#publicKey.flag() as SignatureFlag];\n\t}\n\n\t/**\n\t * Retrieves the public key associated with this signer.\n\t * @returns The Secp256k1PublicKey instance.\n\t * @throws Will throw an error if the public key has not been initialized.\n\t */\n\tgetPublicKey() {\n\t\treturn this.#publicKey;\n\t}\n\n\t/**\n\t * Signs the given data using GCP KMS.\n\t * @param bytes - The data to be signed as a Uint8Array.\n\t * @returns A promise that resolves to the signature as a Uint8Array.\n\t * @throws Will throw an error if the public key is not initialized or if signing fails.\n\t */\n\tasync sign(bytes: Uint8Array): Promise<Uint8Array<ArrayBuffer>> {\n\t\tconst [signResponse] = await this.#client.asymmetricSign({\n\t\t\tname: this.#versionName,\n\t\t\tdata: bytes,\n\t\t});\n\n\t\tif (!signResponse.signature) {\n\t\t\tthrow new Error('No signature returned from GCP KMS');\n\t\t}\n\n\t\treturn getConcatenatedSignature(signResponse.signature as Uint8Array, this.getKeyScheme());\n\t}\n\n\t/**\n\t * Synchronous signing is not supported by GCP KMS.\n\t * @throws Always throws an error indicating synchronous signing is unsupported.\n\t * @deprecated use `sign` instead\n\t */\n\tsignData(): never {\n\t\tthrow new Error('GCP Signer does not support sync signing');\n\t}\n\n\t/**\n\t * Creates a GCP KMS signer from the provided options.\n\t * Expects the credentials file to be set as an env variable\n\t * (GOOGLE_APPLICATION_CREDENTIALS).\n\t */\n\tstatic async fromOptions(options: {\n\t\tprojectId: string;\n\t\tlocation: string;\n\t\tkeyRing: string;\n\t\tcryptoKey: string;\n\t\tcryptoKeyVersion: string;\n\t}) {\n\t\tconst client = new KeyManagementServiceClient();\n\n\t\tconst versionName = client.cryptoKeyVersionPath(\n\t\t\toptions.projectId,\n\t\t\toptions.location,\n\t\t\toptions.keyRing,\n\t\t\toptions.cryptoKey,\n\t\t\toptions.cryptoKeyVersion,\n\t\t);\n\n\t\treturn new GcpKmsSigner({\n\t\t\tversionName,\n\t\t\tclient,\n\t\t\tpublicKey: await getPublicKey(client, versionName),\n\t\t});\n\t}\n\n\tstatic async fromVersionName(versionName: string) {\n\t\tconst client = new KeyManagementServiceClient();\n\t\treturn new GcpKmsSigner({\n\t\t\tversionName,\n\t\t\tclient,\n\t\t\tpublicKey: await getPublicKey(client, versionName),\n\t\t});\n\t}\n}\n\n/**\n * Retrieves the public key associated with the given version name.\n */\nasync function getPublicKey(\n\tclient: KeyManagementServiceClient,\n\tversionName: string,\n): Promise<PublicKey> {\n\tconst [publicKey] = await client.getPublicKey({ name: versionName });\n\n\tconst { algorithm, pem } = publicKey;\n\n\tif (!pem) throw new Error('No PEM key returned from GCP KMS');\n\n\tconst base64 = pem\n\t\t.replace('-----BEGIN PUBLIC KEY-----', '')\n\t\t.replace('-----END PUBLIC KEY-----', '')\n\t\t.replace(/\\s/g, '');\n\n\tconst compressedKey = publicKeyFromDER(fromBase64(base64));\n\n\tswitch (algorithm) {\n\t\tcase 'EC_SIGN_SECP256K1_SHA256':\n\t\t\treturn new Secp256k1PublicKey(compressedKey);\n\t\tcase 'EC_SIGN_P256_SHA256':\n\t\t\treturn new Secp256r1PublicKey(compressedKey);\n\t\tdefault:\n\t\t\tthrow new Error(`Unsupported algorithm: ${algorithm}`);\n\t}\n}\n"],
|
|
5
|
+
"mappings": ";;;;;;;;;;;;;;;;;;;;;;;;;AAAA;AAAA;AAAA;AAAA;AAAA;AAEA,iBAA2C;AAE3C,0BAAiD;AACjD,uBAAmC;AACnC,uBAAmC;AACnC,mBAA2B;AAE3B,IAAAA,gBAA2D;AAT3D;AA2BO,MAAM,gBAAN,MAAM,sBAAqB,2BAAO;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAgBxC,YAAY,EAAE,aAAa,QAAQ,UAAU,GAAwB;AACpE,UAAM;AAhBP;AAEA;AAAA;AAEA;AAAA;AAaC,QAAI,CAAC,YAAa,OAAM,IAAI,MAAM,0BAA0B;AAE5D,uBAAK,SAAU;AACf,uBAAK,cAAe;AACpB,uBAAK,YAAa;AAAA,EACnB;AAAA;AAAA;AAAA;AAAA;AAAA,EAMA,eAAe;AACd,WAAO,6CAAyB,mBAAK,YAAW,KAAK,CAAkB;AAAA,EACxE;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAOA,eAAe;AACd,WAAO,mBAAK;AAAA,EACb;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAQA,MAAM,KAAK,OAAqD;AAC/D,UAAM,CAAC,YAAY,IAAI,MAAM,mBAAK,SAAQ,eAAe;AAAA,MACxD,MAAM,mBAAK;AAAA,MACX,MAAM;AAAA,IACP,CAAC;AAED,QAAI,CAAC,aAAa,WAAW;AAC5B,YAAM,IAAI,MAAM,oCAAoC;AAAA,IACrD;AAEA,eAAO,wCAAyB,aAAa,WAAyB,KAAK,aAAa,CAAC;AAAA,EAC1F;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAOA,WAAkB;AACjB,UAAM,IAAI,MAAM,0CAA0C;AAAA,EAC3D;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAOA,aAAa,YAAY,SAMtB;AACF,UAAM,SAAS,IAAI,sCAA2B;AAE9C,UAAM,cAAc,OAAO;AAAA,MAC1B,QAAQ;AAAA,MACR,QAAQ;AAAA,MACR,QAAQ;AAAA,MACR,QAAQ;AAAA,MACR,QAAQ;AAAA,IACT;AAEA,WAAO,IAAI,cAAa;AAAA,MACvB;AAAA,MACA;AAAA,MACA,WAAW,MAAM,aAAa,QAAQ,WAAW;AAAA,IAClD,CAAC;AAAA,EACF;AAAA,EAEA,aAAa,gBAAgB,aAAqB;AACjD,UAAM,SAAS,IAAI,sCAA2B;AAC9C,WAAO,IAAI,cAAa;AAAA,MACvB;AAAA,MACA;AAAA,MACA,WAAW,MAAM,aAAa,QAAQ,WAAW;AAAA,IAClD,CAAC;AAAA,EACF;AACD;AA1GC;AAEA;AAEA;AALM,IAAM,eAAN;AAgHP,eAAe,aACd,QACA,aACqB;AACrB,QAAM,CAAC,SAAS,IAAI,MAAM,OAAO,aAAa,EAAE,MAAM,YAAY,CAAC;AAEnE,QAAM,EAAE,WAAW,IAAI,IAAI;AAE3B,MAAI,CAAC,IAAK,OAAM,IAAI,MAAM,kCAAkC;AAE5D,QAAM,SAAS,IACb,QAAQ,8BAA8B,EAAE,EACxC,QAAQ,4BAA4B,EAAE,EACtC,QAAQ,OAAO,EAAE;AAEnB,QAAM,oBAAgB,oCAAiB,yBAAW,MAAM,CAAC;AAEzD,UAAQ,WAAW;AAAA,IAClB,KAAK;AACJ,aAAO,IAAI,oCAAmB,aAAa;AAAA,IAC5C,KAAK;AACJ,aAAO,IAAI,oCAAmB,aAAa;AAAA,IAC5C;AACC,YAAM,IAAI,MAAM,0BAA0B,SAAS,EAAE;AAAA,EACvD;AACD;",
|
|
6
6
|
"names": ["import_utils"]
|
|
7
7
|
}
|
|
@@ -49,6 +49,7 @@ export declare class AwsKmsSigner extends Signer {
|
|
|
49
49
|
/**
|
|
50
50
|
* Synchronous signing is not supported by AWS KMS.
|
|
51
51
|
* @throws Always throws an error indicating synchronous signing is unsupported.
|
|
52
|
+
* @deprecated use `sign` instead
|
|
52
53
|
*/
|
|
53
54
|
signData(): never;
|
|
54
55
|
/**
|
|
@@ -64,6 +64,7 @@ const _AwsKmsSigner = class _AwsKmsSigner extends Signer {
|
|
|
64
64
|
/**
|
|
65
65
|
* Synchronous signing is not supported by AWS KMS.
|
|
66
66
|
* @throws Always throws an error indicating synchronous signing is unsupported.
|
|
67
|
+
* @deprecated use `sign` instead
|
|
67
68
|
*/
|
|
68
69
|
signData() {
|
|
69
70
|
throw new Error("KMS Signer does not support sync signing");
|
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
{
|
|
2
2
|
"version": 3,
|
|
3
3
|
"sources": ["../../../src/aws/aws-kms-signer.ts"],
|
|
4
|
-
"sourcesContent": ["// Copyright (c) Mysten Labs, Inc.\n// SPDX-License-Identifier: Apache-2.0\nimport type { PublicKey, SignatureFlag } from '@mysten/sui/cryptography';\nimport { SIGNATURE_FLAG_TO_SCHEME, Signer } from '@mysten/sui/cryptography';\nimport { fromBase64, toBase64 } from '@mysten/sui/utils';\n\nimport { getConcatenatedSignature } from '../utils/utils.js';\nimport type { AwsClientOptions } from './aws-client.js';\nimport { AwsKmsClient } from './aws-client.js';\n\n/**\n * Configuration options for initializing the AwsKmsSigner.\n */\nexport interface AwsKmsSignerOptions {\n\t/** AWS KMS Key ID used for signing */\n\tkmsKeyId: string;\n\t/** Options for setting up the AWS KMS client */\n\tclient: AwsKmsClient;\n\t/** Public key */\n\tpublicKey: PublicKey;\n}\n\n/**\n * Aws KMS Signer integrates AWS Key Management Service (KMS) with the Sui blockchain\n * to provide signing capabilities using AWS-managed cryptographic keys.\n */\nexport class AwsKmsSigner extends Signer {\n\t#publicKey: PublicKey;\n\t/** AWS KMS client instance */\n\t#client: AwsKmsClient;\n\t/** AWS KMS Key ID used for signing */\n\t#kmsKeyId: string;\n\n\t/**\n\t * Creates an instance of AwsKmsSigner. It's expected to call the static `fromKeyId` method to create an instance.\n\t * For example:\n\t * ```\n\t * const signer = await AwsKmsSigner.fromKeyId(keyId, options);\n\t * ```\n\t * @throws Will throw an error if required AWS credentials or region are not provided.\n\t */\n\tconstructor({ kmsKeyId, client, publicKey }: AwsKmsSignerOptions) {\n\t\tsuper();\n\t\tif (!kmsKeyId) throw new Error('KMS Key ID is required');\n\n\t\tthis.#client = client;\n\t\tthis.#kmsKeyId = kmsKeyId;\n\t\tthis.#publicKey = publicKey;\n\t}\n\n\t/**\n\t * Retrieves the key scheme used by this signer.\n\t * @returns AWS supports only Secp256k1 and Secp256r1 schemes.\n\t */\n\tgetKeyScheme() {\n\t\treturn SIGNATURE_FLAG_TO_SCHEME[this.#publicKey.flag() as SignatureFlag];\n\t}\n\n\t/**\n\t * Retrieves the public key associated with this signer.\n\t * @returns The Secp256k1PublicKey instance.\n\t * @throws Will throw an error if the public key has not been initialized.\n\t */\n\tgetPublicKey() {\n\t\treturn this.#publicKey;\n\t}\n\n\t/**\n\t * Signs the given data using AWS KMS.\n\t * @param bytes - The data to be signed as a Uint8Array.\n\t * @returns A promise that resolves to the signature as a Uint8Array.\n\t * @throws Will throw an error if the public key is not initialized or if signing fails.\n\t */\n\tasync sign(bytes: Uint8Array): Promise<Uint8Array<ArrayBuffer>> {\n\t\tconst signResponse = await this.#client.runCommand('Sign', {\n\t\t\tKeyId: this.#kmsKeyId,\n\t\t\tMessage: toBase64(bytes),\n\t\t\tMessageType: 'RAW',\n\t\t\tSigningAlgorithm: 'ECDSA_SHA_256',\n\t\t});\n\n\t\t// Concatenate the signature components into a compact form\n\t\treturn getConcatenatedSignature(fromBase64(signResponse.Signature), this.getKeyScheme());\n\t}\n\n\t/**\n\t * Synchronous signing is not supported by AWS KMS.\n\t * @throws Always throws an error indicating synchronous signing is unsupported.\n\t */\n\tsignData(): never {\n\t\tthrow new Error('KMS Signer does not support sync signing');\n\t}\n\n\t/**\n\t * Prepares the signer by fetching and setting the public key from AWS KMS.\n\t * It is recommended to initialize an `AwsKmsSigner` instance using this function.\n\t * @returns A promise that resolves once a `AwsKmsSigner` instance is prepared (public key is set).\n\t */\n\tstatic async fromKeyId(keyId: string, options: AwsClientOptions) {\n\t\tconst client = new AwsKmsClient(options);\n\n\t\tconst pubKey = await client.getPublicKey(keyId);\n\n\t\treturn new AwsKmsSigner({\n\t\t\tkmsKeyId: keyId,\n\t\t\tclient,\n\t\t\tpublicKey: pubKey,\n\t\t});\n\t}\n}\n"],
|
|
5
|
-
"mappings": ";;;;;;;AAAA;AAGA,SAAS,0BAA0B,cAAc;AACjD,SAAS,YAAY,gBAAgB;AAErC,SAAS,gCAAgC;AAEzC,SAAS,oBAAoB;AAkBtB,MAAM,gBAAN,MAAM,sBAAqB,OAAO;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAexC,YAAY,EAAE,UAAU,QAAQ,UAAU,GAAwB;AACjE,UAAM;AAfP;AAEA;AAAA;AAEA;AAAA;AAYC,QAAI,CAAC,SAAU,OAAM,IAAI,MAAM,wBAAwB;AAEvD,uBAAK,SAAU;AACf,uBAAK,WAAY;AACjB,uBAAK,YAAa;AAAA,EACnB;AAAA;AAAA;AAAA;AAAA;AAAA,EAMA,eAAe;AACd,WAAO,yBAAyB,mBAAK,YAAW,KAAK,CAAkB;AAAA,EACxE;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAOA,eAAe;AACd,WAAO,mBAAK;AAAA,EACb;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAQA,MAAM,KAAK,OAAqD;AAC/D,UAAM,eAAe,MAAM,mBAAK,SAAQ,WAAW,QAAQ;AAAA,MAC1D,OAAO,mBAAK;AAAA,MACZ,SAAS,SAAS,KAAK;AAAA,MACvB,aAAa;AAAA,MACb,kBAAkB;AAAA,IACnB,CAAC;AAGD,WAAO,yBAAyB,WAAW,aAAa,SAAS,GAAG,KAAK,aAAa,CAAC;AAAA,EACxF;AAAA;AAAA;AAAA;AAAA;AAAA,
|
|
4
|
+
"sourcesContent": ["// Copyright (c) Mysten Labs, Inc.\n// SPDX-License-Identifier: Apache-2.0\nimport type { PublicKey, SignatureFlag } from '@mysten/sui/cryptography';\nimport { SIGNATURE_FLAG_TO_SCHEME, Signer } from '@mysten/sui/cryptography';\nimport { fromBase64, toBase64 } from '@mysten/sui/utils';\n\nimport { getConcatenatedSignature } from '../utils/utils.js';\nimport type { AwsClientOptions } from './aws-client.js';\nimport { AwsKmsClient } from './aws-client.js';\n\n/**\n * Configuration options for initializing the AwsKmsSigner.\n */\nexport interface AwsKmsSignerOptions {\n\t/** AWS KMS Key ID used for signing */\n\tkmsKeyId: string;\n\t/** Options for setting up the AWS KMS client */\n\tclient: AwsKmsClient;\n\t/** Public key */\n\tpublicKey: PublicKey;\n}\n\n/**\n * Aws KMS Signer integrates AWS Key Management Service (KMS) with the Sui blockchain\n * to provide signing capabilities using AWS-managed cryptographic keys.\n */\nexport class AwsKmsSigner extends Signer {\n\t#publicKey: PublicKey;\n\t/** AWS KMS client instance */\n\t#client: AwsKmsClient;\n\t/** AWS KMS Key ID used for signing */\n\t#kmsKeyId: string;\n\n\t/**\n\t * Creates an instance of AwsKmsSigner. It's expected to call the static `fromKeyId` method to create an instance.\n\t * For example:\n\t * ```\n\t * const signer = await AwsKmsSigner.fromKeyId(keyId, options);\n\t * ```\n\t * @throws Will throw an error if required AWS credentials or region are not provided.\n\t */\n\tconstructor({ kmsKeyId, client, publicKey }: AwsKmsSignerOptions) {\n\t\tsuper();\n\t\tif (!kmsKeyId) throw new Error('KMS Key ID is required');\n\n\t\tthis.#client = client;\n\t\tthis.#kmsKeyId = kmsKeyId;\n\t\tthis.#publicKey = publicKey;\n\t}\n\n\t/**\n\t * Retrieves the key scheme used by this signer.\n\t * @returns AWS supports only Secp256k1 and Secp256r1 schemes.\n\t */\n\tgetKeyScheme() {\n\t\treturn SIGNATURE_FLAG_TO_SCHEME[this.#publicKey.flag() as SignatureFlag];\n\t}\n\n\t/**\n\t * Retrieves the public key associated with this signer.\n\t * @returns The Secp256k1PublicKey instance.\n\t * @throws Will throw an error if the public key has not been initialized.\n\t */\n\tgetPublicKey() {\n\t\treturn this.#publicKey;\n\t}\n\n\t/**\n\t * Signs the given data using AWS KMS.\n\t * @param bytes - The data to be signed as a Uint8Array.\n\t * @returns A promise that resolves to the signature as a Uint8Array.\n\t * @throws Will throw an error if the public key is not initialized or if signing fails.\n\t */\n\tasync sign(bytes: Uint8Array): Promise<Uint8Array<ArrayBuffer>> {\n\t\tconst signResponse = await this.#client.runCommand('Sign', {\n\t\t\tKeyId: this.#kmsKeyId,\n\t\t\tMessage: toBase64(bytes),\n\t\t\tMessageType: 'RAW',\n\t\t\tSigningAlgorithm: 'ECDSA_SHA_256',\n\t\t});\n\n\t\t// Concatenate the signature components into a compact form\n\t\treturn getConcatenatedSignature(fromBase64(signResponse.Signature), this.getKeyScheme());\n\t}\n\n\t/**\n\t * Synchronous signing is not supported by AWS KMS.\n\t * @throws Always throws an error indicating synchronous signing is unsupported.\n\t * @deprecated use `sign` instead\n\t */\n\tsignData(): never {\n\t\tthrow new Error('KMS Signer does not support sync signing');\n\t}\n\n\t/**\n\t * Prepares the signer by fetching and setting the public key from AWS KMS.\n\t * It is recommended to initialize an `AwsKmsSigner` instance using this function.\n\t * @returns A promise that resolves once a `AwsKmsSigner` instance is prepared (public key is set).\n\t */\n\tstatic async fromKeyId(keyId: string, options: AwsClientOptions) {\n\t\tconst client = new AwsKmsClient(options);\n\n\t\tconst pubKey = await client.getPublicKey(keyId);\n\n\t\treturn new AwsKmsSigner({\n\t\t\tkmsKeyId: keyId,\n\t\t\tclient,\n\t\t\tpublicKey: pubKey,\n\t\t});\n\t}\n}\n"],
|
|
5
|
+
"mappings": ";;;;;;;AAAA;AAGA,SAAS,0BAA0B,cAAc;AACjD,SAAS,YAAY,gBAAgB;AAErC,SAAS,gCAAgC;AAEzC,SAAS,oBAAoB;AAkBtB,MAAM,gBAAN,MAAM,sBAAqB,OAAO;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAexC,YAAY,EAAE,UAAU,QAAQ,UAAU,GAAwB;AACjE,UAAM;AAfP;AAEA;AAAA;AAEA;AAAA;AAYC,QAAI,CAAC,SAAU,OAAM,IAAI,MAAM,wBAAwB;AAEvD,uBAAK,SAAU;AACf,uBAAK,WAAY;AACjB,uBAAK,YAAa;AAAA,EACnB;AAAA;AAAA;AAAA;AAAA;AAAA,EAMA,eAAe;AACd,WAAO,yBAAyB,mBAAK,YAAW,KAAK,CAAkB;AAAA,EACxE;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAOA,eAAe;AACd,WAAO,mBAAK;AAAA,EACb;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAQA,MAAM,KAAK,OAAqD;AAC/D,UAAM,eAAe,MAAM,mBAAK,SAAQ,WAAW,QAAQ;AAAA,MAC1D,OAAO,mBAAK;AAAA,MACZ,SAAS,SAAS,KAAK;AAAA,MACvB,aAAa;AAAA,MACb,kBAAkB;AAAA,IACnB,CAAC;AAGD,WAAO,yBAAyB,WAAW,aAAa,SAAS,GAAG,KAAK,aAAa,CAAC;AAAA,EACxF;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAOA,WAAkB;AACjB,UAAM,IAAI,MAAM,0CAA0C;AAAA,EAC3D;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAOA,aAAa,UAAU,OAAe,SAA2B;AAChE,UAAM,SAAS,IAAI,aAAa,OAAO;AAEvC,UAAM,SAAS,MAAM,OAAO,aAAa,KAAK;AAE9C,WAAO,IAAI,cAAa;AAAA,MACvB,UAAU;AAAA,MACV;AAAA,MACA,WAAW;AAAA,IACZ,CAAC;AAAA,EACF;AACD;AAnFC;AAEA;AAEA;AALM,IAAM,eAAN;",
|
|
6
6
|
"names": []
|
|
7
7
|
}
|
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
{
|
|
2
2
|
"version": 3,
|
|
3
3
|
"sources": ["../../../src/aws/aws4fetch.ts"],
|
|
4
|
-
"sourcesContent": ["// Copyright (c) Mysten Labs, Inc.\n// SPDX-License-Identifier: Apache-2.0\n\n/**\n * Original implementation https://github.com/mhart/aws4fetch, inlined to reduce external dependencies\n * @license MIT <https://opensource.org/licenses/MIT>\n * @copyright Michael Hart 2024\n */\n\nconst encoder = new TextEncoder();\n\n/** @type {Record<string, string>} */\nconst HOST_SERVICES: Record<string, string> = {\n\tappstream2: 'appstream',\n\tcloudhsmv2: 'cloudhsm',\n\temail: 'ses',\n\tmarketplace: 'aws-marketplace',\n\tmobile: 'AWSMobileHubService',\n\tpinpoint: 'mobiletargeting',\n\tqueue: 'sqs',\n\t'git-codecommit': 'codecommit',\n\t'mturk-requester-sandbox': 'mturk-requester',\n\t'personalize-runtime': 'personalize',\n};\n\n// https://github.com/aws/aws-sdk-js/blob/cc29728c1c4178969ebabe3bbe6b6f3159436394/lib/signers/v4.js#L190-L198\nconst UNSIGNABLE_HEADERS = new Set([\n\t'authorization',\n\t'content-type',\n\t'content-length',\n\t'user-agent',\n\t'presigned-expires',\n\t'expect',\n\t'x-amzn-trace-id',\n\t'range',\n\t'connection',\n]);\n\ntype AwsRequestInit = RequestInit & {\n\taws?: {\n\t\taccessKeyId?: string;\n\t\tsecretAccessKey?: string;\n\t\tsessionToken?: string;\n\t\tservice?: string;\n\t\tregion?: string;\n\t\tcache?: Map<string, ArrayBuffer>;\n\t\tdatetime?: string;\n\t\tsignQuery?: boolean;\n\t\tappendSessionToken?: boolean;\n\t\tallHeaders?: boolean;\n\t\tsingleEncode?: boolean;\n\t};\n};\n\nexport class AwsClient {\n\taccessKeyId: string;\n\tsecretAccessKey: string;\n\tsessionToken: string | undefined;\n\tservice: string | undefined;\n\tregion: string | undefined;\n\tcache: Map<any, any>;\n\tretries: number;\n\tinitRetryMs: number;\n\t/**\n\t * @param {} options\n\t */\n\tconstructor({\n\t\taccessKeyId,\n\t\tsecretAccessKey,\n\t\tsessionToken,\n\t\tservice,\n\t\tregion,\n\t\tcache,\n\t\tretries,\n\t\tinitRetryMs,\n\t}: {\n\t\taccessKeyId: string;\n\t\tsecretAccessKey: string;\n\t\tsessionToken?: string;\n\t\tservice?: string;\n\t\tregion?: string;\n\t\tcache?: Map<string, ArrayBuffer>;\n\t\tretries?: number;\n\t\tinitRetryMs?: number;\n\t}) {\n\t\tif (accessKeyId == null) throw new TypeError('accessKeyId is a required option');\n\t\tif (secretAccessKey == null) throw new TypeError('secretAccessKey is a required option');\n\t\tthis.accessKeyId = accessKeyId;\n\t\tthis.secretAccessKey = secretAccessKey;\n\t\tthis.sessionToken = sessionToken;\n\t\tthis.service = service;\n\t\tthis.region = region;\n\t\t/** @type {Map<string, ArrayBuffer>} */\n\t\tthis.cache = cache || new Map();\n\t\tthis.retries = retries != null ? retries : 10; // Up to 25.6 secs\n\t\tthis.initRetryMs = initRetryMs || 50;\n\t}\n\n\tasync sign(input: Request | { toString: () => string }, init: AwsRequestInit): Promise<Request> {\n\t\tif (input instanceof Request) {\n\t\t\tconst { method, url, headers, body } = input;\n\t\t\tinit = Object.assign({ method, url, headers }, init);\n\t\t\tif (init.body == null && headers.has('Content-Type')) {\n\t\t\t\tinit.body =\n\t\t\t\t\tbody != null && headers.has('X-Amz-Content-Sha256')\n\t\t\t\t\t\t? body\n\t\t\t\t\t\t: await input.clone().arrayBuffer();\n\t\t\t}\n\t\t\tinput = url;\n\t\t}\n\t\tconst signer = new AwsV4Signer(\n\t\t\tObject.assign({ url: input.toString() }, init, this, init && init.aws),\n\t\t);\n\t\tconst signed = Object.assign({}, init, await signer.sign());\n\t\tdelete signed.aws;\n\t\ttry {\n\t\t\treturn new Request(signed.url.toString(), signed);\n\t\t} catch (e) {\n\t\t\tif (e instanceof TypeError) {\n\t\t\t\t// https://bugs.chromium.org/p/chromium/issues/detail?id=1360943\n\t\t\t\treturn new Request(signed.url.toString(), Object.assign({ duplex: 'half' }, signed));\n\t\t\t}\n\t\t\tthrow e;\n\t\t}\n\t}\n\n\t/**\n\t * @param {Request | { toString: () => string }} input\n\t * @param {?AwsRequestInit} [init]\n\t * @returns {Promise<Response>}\n\t */\n\tasync fetch(input: Request | { toString: () => string }, init: AwsRequestInit) {\n\t\tfor (let i = 0; i <= this.retries; i++) {\n\t\t\tconst fetched = fetch(await this.sign(input, init));\n\t\t\tif (i === this.retries) {\n\t\t\t\treturn fetched; // No need to await if we're returning anyway\n\t\t\t}\n\t\t\tconst res = await fetched;\n\t\t\tif (res.status < 500 && res.status !== 429) {\n\t\t\t\treturn res;\n\t\t\t}\n\t\t\tawait new Promise((resolve) =>\n\t\t\t\tsetTimeout(resolve, Math.random() * this.initRetryMs * Math.pow(2, i)),\n\t\t\t);\n\t\t}\n\t\tthrow new Error('An unknown error occurred, ensure retries is not negative');\n\t}\n}\n\nexport class AwsV4Signer {\n\tmethod: any;\n\turl: URL;\n\theaders: Headers;\n\tbody: any;\n\taccessKeyId: any;\n\tsecretAccessKey: any;\n\tsessionToken: any;\n\tservice: any;\n\tregion: any;\n\tcache: any;\n\tdatetime: any;\n\tsignQuery: any;\n\tappendSessionToken: any;\n\tsignableHeaders: any[];\n\tsignedHeaders: any;\n\tcanonicalHeaders: any;\n\tcredentialString: string;\n\tencodedPath: string;\n\tencodedSearch: string;\n\t/**\n\t * @param {} options\n\t */\n\tconstructor({\n\t\tmethod,\n\t\turl,\n\t\theaders,\n\t\tbody,\n\t\taccessKeyId,\n\t\tsecretAccessKey,\n\t\tsessionToken,\n\t\tservice,\n\t\tregion,\n\t\tcache,\n\t\tdatetime,\n\t\tsignQuery,\n\t\tappendSessionToken,\n\t\tallHeaders,\n\t\tsingleEncode,\n\t}: {\n\t\tmethod?: string;\n\t\turl: string;\n\t\theaders?: HeadersInit;\n\t\tbody?: BodyInit | null;\n\t\taccessKeyId: string;\n\t\tsecretAccessKey: string;\n\t\tsessionToken?: string;\n\t\tservice?: string;\n\t\tregion?: string;\n\t\tcache?: Map<string, ArrayBuffer>;\n\t\tdatetime?: string;\n\t\tsignQuery?: boolean;\n\t\tappendSessionToken?: boolean;\n\t\tallHeaders?: boolean;\n\t\tsingleEncode?: boolean;\n\t}) {\n\t\tif (url == null) throw new TypeError('url is a required option');\n\t\tif (accessKeyId == null) throw new TypeError('accessKeyId is a required option');\n\t\tif (secretAccessKey == null) throw new TypeError('secretAccessKey is a required option');\n\n\t\tthis.method = method || (body ? 'POST' : 'GET');\n\t\tthis.url = new URL(url);\n\t\tthis.headers = new Headers(headers || {});\n\t\tthis.body = body;\n\n\t\tthis.accessKeyId = accessKeyId;\n\t\tthis.secretAccessKey = secretAccessKey;\n\t\tthis.sessionToken = sessionToken;\n\n\t\tlet guessedService, guessedRegion;\n\t\tif (!service || !region) {\n\t\t\t[guessedService, guessedRegion] = guessServiceRegion(this.url, this.headers);\n\t\t}\n\t\tthis.service = service || guessedService || '';\n\t\tthis.region = region || guessedRegion || 'us-east-1';\n\n\t\t/** @type {Map<string, ArrayBuffer>} */\n\t\tthis.cache = cache || new Map();\n\t\tthis.datetime = datetime || new Date().toISOString().replace(/[:-]|\\.\\d{3}/g, '');\n\t\tthis.signQuery = signQuery;\n\t\tthis.appendSessionToken = appendSessionToken || this.service === 'iotdevicegateway';\n\n\t\tthis.headers.delete('Host'); // Can't be set in insecure env anyway\n\n\t\tif (this.service === 's3' && !this.signQuery && !this.headers.has('X-Amz-Content-Sha256')) {\n\t\t\tthis.headers.set('X-Amz-Content-Sha256', 'UNSIGNED-PAYLOAD');\n\t\t}\n\n\t\tconst params = this.signQuery ? this.url.searchParams : this.headers;\n\n\t\tparams.set('X-Amz-Date', this.datetime);\n\t\tif (this.sessionToken && !this.appendSessionToken) {\n\t\t\tparams.set('X-Amz-Security-Token', this.sessionToken);\n\t\t}\n\n\t\t// headers are always lowercase in keys()\n\n\t\tthis.signableHeaders = ['host', ...(this.headers as any).keys()]\n\t\t\t.filter((header) => allHeaders || !UNSIGNABLE_HEADERS.has(header))\n\t\t\t.sort();\n\n\t\tthis.signedHeaders = this.signableHeaders.join(';');\n\n\t\t// headers are always trimmed:\n\t\t// https://fetch.spec.whatwg.org/#concept-header-value-normalize\n\t\tthis.canonicalHeaders = this.signableHeaders\n\t\t\t.map(\n\t\t\t\t(header) =>\n\t\t\t\t\theader +\n\t\t\t\t\t':' +\n\t\t\t\t\t(header === 'host'\n\t\t\t\t\t\t? this.url.host\n\t\t\t\t\t\t: (this.headers.get(header) || '').replace(/\\s+/g, ' ')),\n\t\t\t)\n\t\t\t.join('\\n');\n\n\t\tthis.credentialString = [\n\t\t\tthis.datetime.slice(0, 8),\n\t\t\tthis.region,\n\t\t\tthis.service,\n\t\t\t'aws4_request',\n\t\t].join('/');\n\n\t\tif (this.signQuery) {\n\t\t\tif (this.service === 's3' && !params.has('X-Amz-Expires')) {\n\t\t\t\tparams.set('X-Amz-Expires', '86400'); // 24 hours\n\t\t\t}\n\t\t\tparams.set('X-Amz-Algorithm', 'AWS4-HMAC-SHA256');\n\t\t\tparams.set('X-Amz-Credential', this.accessKeyId + '/' + this.credentialString);\n\t\t\tparams.set('X-Amz-SignedHeaders', this.signedHeaders);\n\t\t}\n\n\t\tif (this.service === 's3') {\n\t\t\ttry {\n\t\t\t\tthis.encodedPath = decodeURIComponent(this.url.pathname.replace(/\\+/g, ' '));\n\t\t\t} catch (e) {\n\t\t\t\tthis.encodedPath = this.url.pathname;\n\t\t\t}\n\t\t} else {\n\t\t\tthis.encodedPath = this.url.pathname.replace(/\\/+/g, '/');\n\t\t}\n\t\tif (!singleEncode) {\n\t\t\tthis.encodedPath = encodeURIComponent(this.encodedPath).replace(/%2F/g, '/');\n\t\t}\n\t\tthis.encodedPath = encodeRfc3986(this.encodedPath);\n\n\t\tconst seenKeys = new Set();\n\t\tthis.encodedSearch = [...this.url.searchParams]\n\t\t\t.filter(([k]) => {\n\t\t\t\tif (!k) return false; // no empty keys\n\t\t\t\tif (this.service === 's3') {\n\t\t\t\t\tif (seenKeys.has(k)) return false; // first val only for S3\n\t\t\t\t\tseenKeys.add(k);\n\t\t\t\t}\n\t\t\t\treturn true;\n\t\t\t})\n\t\t\t.map((pair) => pair.map((p) => encodeRfc3986(encodeURIComponent(p))))\n\t\t\t.sort(([k1, v1], [k2, v2]) => (k1 < k2 ? -1 : k1 > k2 ? 1 : v1 < v2 ? -1 : v1 > v2 ? 1 : 0))\n\t\t\t.map((pair) => pair.join('='))\n\t\t\t.join('&');\n\t}\n\n\t/**\n\t * @returns {Promise<{\n\t * method: string\n\t * url: URL\n\t * headers: Headers\n\t * body?: BodyInit | null\n\t * }>}\n\t */\n\tasync sign() {\n\t\tif (this.signQuery) {\n\t\t\tthis.url.searchParams.set('X-Amz-Signature', await this.signature());\n\t\t\tif (this.sessionToken && this.appendSessionToken) {\n\t\t\t\tthis.url.searchParams.set('X-Amz-Security-Token', this.sessionToken);\n\t\t\t}\n\t\t} else {\n\t\t\tthis.headers.set('Authorization', await this.authHeader());\n\t\t}\n\n\t\treturn {\n\t\t\tmethod: this.method,\n\t\t\turl: this.url,\n\t\t\theaders: this.headers,\n\t\t\tbody: this.body,\n\t\t};\n\t}\n\n\t/**\n\t * @returns {Promise<string>}\n\t */\n\tasync authHeader() {\n\t\treturn [\n\t\t\t'AWS4-HMAC-SHA256 Credential=' + this.accessKeyId + '/' + this.credentialString,\n\t\t\t'SignedHeaders=' + this.signedHeaders,\n\t\t\t'Signature=' + (await this.signature()),\n\t\t].join(', ');\n\t}\n\n\t/**\n\t * @returns {Promise<string>}\n\t */\n\tasync signature() {\n\t\tconst date = this.datetime.slice(0, 8);\n\t\tconst cacheKey = [this.secretAccessKey, date, this.region, this.service].join();\n\t\tlet kCredentials = this.cache.get(cacheKey);\n\t\tif (!kCredentials) {\n\t\t\tconst kDate = await hmac('AWS4' + this.secretAccessKey, date);\n\t\t\tconst kRegion = await hmac(kDate, this.region);\n\t\t\tconst kService = await hmac(kRegion, this.service);\n\t\t\tkCredentials = await hmac(kService, 'aws4_request');\n\t\t\tthis.cache.set(cacheKey, kCredentials);\n\t\t}\n\t\treturn buf2hex(await hmac(kCredentials, await this.stringToSign()));\n\t}\n\n\t/**\n\t * @returns {Promise<string>}\n\t */\n\tasync stringToSign() {\n\t\treturn [\n\t\t\t'AWS4-HMAC-SHA256',\n\t\t\tthis.datetime,\n\t\t\tthis.credentialString,\n\t\t\tbuf2hex(await hash(await this.canonicalString())),\n\t\t].join('\\n');\n\t}\n\n\t/**\n\t * @returns {Promise<string>}\n\t */\n\tasync canonicalString() {\n\t\treturn [\n\t\t\tthis.method.toUpperCase(),\n\t\t\tthis.encodedPath,\n\t\t\tthis.encodedSearch,\n\t\t\tthis.canonicalHeaders + '\\n',\n\t\t\tthis.signedHeaders,\n\t\t\tawait this.hexBodyHash(),\n\t\t].join('\\n');\n\t}\n\n\t/**\n\t * @returns {Promise<string>}\n\t */\n\tasync hexBodyHash() {\n\t\tlet hashHeader =\n\t\t\tthis.headers.get('X-Amz-Content-Sha256') ||\n\t\t\t(this.service === 's3' && this.signQuery ? 'UNSIGNED-PAYLOAD' : null);\n\t\tif (hashHeader == null) {\n\t\t\tif (this.body && typeof this.body !== 'string' && !('byteLength' in this.body)) {\n\t\t\t\tthrow new Error(\n\t\t\t\t\t'body must be a string, ArrayBuffer or ArrayBufferView, unless you include the X-Amz-Content-Sha256 header',\n\t\t\t\t);\n\t\t\t}\n\t\t\thashHeader = buf2hex(await hash(this.body || ''));\n\t\t}\n\t\treturn hashHeader;\n\t}\n}\n\n/**\n * @param {string | BufferSource} key\n * @param {string} string\n * @returns {Promise<ArrayBuffer>}\n */\nasync function hmac(key: string | BufferSource, string: string): Promise<ArrayBuffer> {\n\tconst cryptoKey = await crypto.subtle.importKey(\n\t\t'raw',\n\t\ttypeof key === 'string' ? encoder.encode(key) : key,\n\t\t{ name: 'HMAC', hash: { name: 'SHA-256' } },\n\t\tfalse,\n\t\t['sign'],\n\t);\n\treturn crypto.subtle.sign('HMAC', cryptoKey, encoder.encode(string));\n}\n\nasync function hash(content: string | ArrayBufferLike): Promise<ArrayBuffer> {\n\treturn crypto.subtle.digest(\n\t\t'SHA-256',\n\t\t(typeof content === 'string' ? encoder.encode(content) : content) as ArrayBuffer,\n\t);\n}\n\nconst HEX_CHARS = ['0', '1', '2', '3', '4', '5', '6', '7', '8', '9', 'a', 'b', 'c', 'd', 'e', 'f'];\n\nfunction buf2hex(arrayBuffer: ArrayBufferLike): string {\n\tconst buffer = new Uint8Array(arrayBuffer);\n\tlet out = '';\n\tfor (let idx = 0; idx < buffer.length; idx++) {\n\t\tconst n = buffer[idx];\n\n\t\tout += HEX_CHARS[(n >>> 4) & 0xf];\n\t\tout += HEX_CHARS[n & 0xf];\n\t}\n\treturn out;\n}\n\nfunction encodeRfc3986(urlEncodedStr: string): string {\n\treturn urlEncodedStr.replace(/[!'()*]/g, (c) => '%' + c.charCodeAt(0).toString(16).toUpperCase());\n}\n\nfunction guessServiceRegion(url: URL, headers: Headers): [string, string] {\n\tconst { hostname, pathname } = url;\n\n\tif (hostname.endsWith('.on.aws')) {\n\t\tconst match = hostname.match(/^[^.]{1,63}\\.lambda-url\\.([^.]{1,63})\\.on\\.aws$/);\n\t\treturn match != null ? ['lambda', match[1] || ''] : ['', ''];\n\t}\n\tif (hostname.endsWith('.r2.cloudflarestorage.com')) {\n\t\treturn ['s3', 'auto'];\n\t}\n\tif (hostname.endsWith('.backblazeb2.com')) {\n\t\tconst match = hostname.match(/^(?:[^.]{1,63}\\.)?s3\\.([^.]{1,63})\\.backblazeb2\\.com$/);\n\t\treturn match != null ? ['s3', match[1] || ''] : ['', ''];\n\t}\n\tconst match = hostname\n\t\t.replace('dualstack.', '')\n\t\t.match(/([^.]{1,63})\\.(?:([^.]{0,63})\\.)?amazonaws\\.com(?:\\.cn)?$/);\n\tlet service = (match && match[1]) || '';\n\tlet region = match && match[2];\n\n\tif (region === 'us-gov') {\n\t\tregion = 'us-gov-west-1';\n\t} else if (region === 's3' || region === 's3-accelerate') {\n\t\tregion = 'us-east-1';\n\t\tservice = 's3';\n\t} else if (service === 'iot') {\n\t\tif (hostname.startsWith('iot.')) {\n\t\t\tservice = 'execute-api';\n\t\t} else if (hostname.startsWith('data.jobs.iot.')) {\n\t\t\tservice = 'iot-jobs-data';\n\t\t} else {\n\t\t\tservice = pathname === '/mqtt' ? 'iotdevicegateway' : 'iotdata';\n\t\t}\n\t} else if (service === 'autoscaling') {\n\t\tconst targetPrefix = (headers.get('X-Amz-Target') || '').split('.')[0];\n\t\tif (targetPrefix === 'AnyScaleFrontendService') {\n\t\t\tservice = 'application-autoscaling';\n\t\t} else if (targetPrefix === 'AnyScaleScalingPlannerFrontendService') {\n\t\t\tservice = 'autoscaling-plans';\n\t\t}\n\t} else if (region == null && service.startsWith('s3-')) {\n\t\tregion = service.slice(3).replace(/^fips-|^external-1/, '');\n\t\tservice = 's3';\n\t} else if (service.endsWith('-fips')) {\n\t\tservice = service.slice(0, -5);\n\t} else if (region && /-\\d$/.test(service) && !/-\\d$/.test(region)) {\n\t\t[service, region] = [region, service];\n\t}\n\n\treturn [HOST_SERVICES[service] || service, region || ''];\n}\n"],
|
|
5
|
-
"mappings": "AAGA;AAAA;AAAA;AAAA;AAAA;AAMA,MAAM,UAAU,IAAI,YAAY;AAGhC,MAAM,gBAAwC;AAAA,EAC7C,YAAY;AAAA,EACZ,YAAY;AAAA,EACZ,OAAO;AAAA,EACP,aAAa;AAAA,EACb,QAAQ;AAAA,EACR,UAAU;AAAA,EACV,OAAO;AAAA,EACP,kBAAkB;AAAA,EAClB,2BAA2B;AAAA,EAC3B,uBAAuB;AACxB;AAGA,MAAM,qBAAqB,oBAAI,IAAI;AAAA,EAClC;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AACD,CAAC;AAkBM,MAAM,UAAU;AAAA;AAAA;AAAA;AAAA,EAYtB,YAAY;AAAA,IACX;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,EACD,GASG;AACF,QAAI,eAAe,KAAM,OAAM,IAAI,UAAU,kCAAkC;AAC/E,QAAI,mBAAmB,KAAM,OAAM,IAAI,UAAU,sCAAsC;AACvF,SAAK,cAAc;AACnB,SAAK,kBAAkB;AACvB,SAAK,eAAe;AACpB,SAAK,UAAU;AACf,SAAK,SAAS;AAEd,SAAK,QAAQ,SAAS,oBAAI,IAAI;AAC9B,SAAK,UAAU,WAAW,OAAO,UAAU;AAC3C,SAAK,cAAc,eAAe;AAAA,EACnC;AAAA,EAEA,MAAM,KAAK,OAA6C,MAAwC;AAC/F,QAAI,iBAAiB,SAAS;AAC7B,YAAM,EAAE,QAAQ,KAAK,SAAS,KAAK,IAAI;AACvC,aAAO,OAAO,OAAO,EAAE,QAAQ,KAAK,QAAQ,GAAG,IAAI;AACnD,UAAI,KAAK,QAAQ,QAAQ,QAAQ,IAAI,cAAc,GAAG;AACrD,aAAK,OACJ,QAAQ,QAAQ,QAAQ,IAAI,sBAAsB,IAC/C,OACA,MAAM,MAAM,MAAM,EAAE,YAAY;AAAA,MACrC;AACA,cAAQ;AAAA,IACT;AACA,UAAM,SAAS,IAAI;AAAA,MAClB,OAAO,OAAO,EAAE,KAAK,MAAM,SAAS,EAAE,GAAG,MAAM,MAAM,QAAQ,KAAK,GAAG;AAAA,IACtE;AACA,UAAM,SAAS,OAAO,OAAO,CAAC,GAAG,MAAM,MAAM,OAAO,KAAK,CAAC;AAC1D,WAAO,OAAO;AACd,QAAI;AACH,aAAO,IAAI,QAAQ,OAAO,IAAI,SAAS,GAAG,MAAM;AAAA,IACjD,SAAS,GAAG;AACX,UAAI,aAAa,WAAW;AAE3B,eAAO,IAAI,QAAQ,OAAO,IAAI,SAAS,GAAG,OAAO,OAAO,EAAE,QAAQ,OAAO,GAAG,MAAM,CAAC;AAAA,MACpF;AACA,YAAM;AAAA,IACP;AAAA,EACD;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAOA,MAAM,MAAM,OAA6C,MAAsB;AAC9E,aAAS,IAAI,GAAG,KAAK,KAAK,SAAS,KAAK;AACvC,YAAM,UAAU,MAAM,MAAM,KAAK,KAAK,OAAO,IAAI,CAAC;AAClD,UAAI,MAAM,KAAK,SAAS;AACvB,eAAO;AAAA,MACR;AACA,YAAM,MAAM,MAAM;AAClB,UAAI,IAAI,SAAS,OAAO,IAAI,WAAW,KAAK;AAC3C,eAAO;AAAA,MACR;AACA,YAAM,IAAI;AAAA,QAAQ,CAAC,YAClB,WAAW,SAAS,KAAK,OAAO,IAAI,KAAK,cAAc,KAAK,IAAI,GAAG,CAAC,CAAC;AAAA,MACtE;AAAA,IACD;AACA,UAAM,IAAI,MAAM,2DAA2D;AAAA,EAC5E;AACD;AAEO,MAAM,YAAY;AAAA;AAAA;AAAA;AAAA,EAuBxB,YAAY;AAAA,IACX;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,EACD,GAgBG;AACF,QAAI,OAAO,KAAM,OAAM,IAAI,UAAU,0BAA0B;AAC/D,QAAI,eAAe,KAAM,OAAM,IAAI,UAAU,kCAAkC;AAC/E,QAAI,mBAAmB,KAAM,OAAM,IAAI,UAAU,sCAAsC;AAEvF,SAAK,SAAS,WAAW,OAAO,SAAS;AACzC,SAAK,MAAM,IAAI,IAAI,GAAG;AACtB,SAAK,UAAU,IAAI,QAAQ,WAAW,CAAC,CAAC;AACxC,SAAK,OAAO;AAEZ,SAAK,cAAc;AACnB,SAAK,kBAAkB;AACvB,SAAK,eAAe;AAEpB,QAAI,gBAAgB;AACpB,QAAI,CAAC,WAAW,CAAC,QAAQ;AACxB,OAAC,gBAAgB,aAAa,IAAI,mBAAmB,KAAK,KAAK,KAAK,OAAO;AAAA,IAC5E;AACA,SAAK,UAAU,WAAW,kBAAkB;AAC5C,SAAK,SAAS,UAAU,iBAAiB;AAGzC,SAAK,QAAQ,SAAS,oBAAI,IAAI;AAC9B,SAAK,WAAW,aAAY,oBAAI,KAAK,GAAE,YAAY,EAAE,QAAQ,iBAAiB,EAAE;AAChF,SAAK,YAAY;AACjB,SAAK,qBAAqB,sBAAsB,KAAK,YAAY;AAEjE,SAAK,QAAQ,OAAO,MAAM;AAE1B,QAAI,KAAK,YAAY,QAAQ,CAAC,KAAK,aAAa,CAAC,KAAK,QAAQ,IAAI,sBAAsB,GAAG;AAC1F,WAAK,QAAQ,IAAI,wBAAwB,kBAAkB;AAAA,IAC5D;AAEA,UAAM,SAAS,KAAK,YAAY,KAAK,IAAI,eAAe,KAAK;AAE7D,WAAO,IAAI,cAAc,KAAK,QAAQ;AACtC,QAAI,KAAK,gBAAgB,CAAC,KAAK,oBAAoB;AAClD,aAAO,IAAI,wBAAwB,KAAK,YAAY;AAAA,IACrD;AAIA,SAAK,kBAAkB,CAAC,QAAQ,
|
|
4
|
+
"sourcesContent": ["// Copyright (c) Mysten Labs, Inc.\n// SPDX-License-Identifier: Apache-2.0\n\n/**\n * Original implementation https://github.com/mhart/aws4fetch, inlined to reduce external dependencies\n * @license MIT <https://opensource.org/licenses/MIT>\n * @copyright Michael Hart 2024\n */\n\nconst encoder = new TextEncoder();\n\n/** @type {Record<string, string>} */\nconst HOST_SERVICES: Record<string, string> = {\n\tappstream2: 'appstream',\n\tcloudhsmv2: 'cloudhsm',\n\temail: 'ses',\n\tmarketplace: 'aws-marketplace',\n\tmobile: 'AWSMobileHubService',\n\tpinpoint: 'mobiletargeting',\n\tqueue: 'sqs',\n\t'git-codecommit': 'codecommit',\n\t'mturk-requester-sandbox': 'mturk-requester',\n\t'personalize-runtime': 'personalize',\n};\n\n// https://github.com/aws/aws-sdk-js/blob/cc29728c1c4178969ebabe3bbe6b6f3159436394/lib/signers/v4.js#L190-L198\nconst UNSIGNABLE_HEADERS = new Set([\n\t'authorization',\n\t'content-type',\n\t'content-length',\n\t'user-agent',\n\t'presigned-expires',\n\t'expect',\n\t'x-amzn-trace-id',\n\t'range',\n\t'connection',\n]);\n\ntype AwsRequestInit = RequestInit & {\n\taws?: {\n\t\taccessKeyId?: string;\n\t\tsecretAccessKey?: string;\n\t\tsessionToken?: string;\n\t\tservice?: string;\n\t\tregion?: string;\n\t\tcache?: Map<string, ArrayBuffer>;\n\t\tdatetime?: string;\n\t\tsignQuery?: boolean;\n\t\tappendSessionToken?: boolean;\n\t\tallHeaders?: boolean;\n\t\tsingleEncode?: boolean;\n\t};\n};\n\nexport class AwsClient {\n\taccessKeyId: string;\n\tsecretAccessKey: string;\n\tsessionToken: string | undefined;\n\tservice: string | undefined;\n\tregion: string | undefined;\n\tcache: Map<any, any>;\n\tretries: number;\n\tinitRetryMs: number;\n\t/**\n\t * @param {} options\n\t */\n\tconstructor({\n\t\taccessKeyId,\n\t\tsecretAccessKey,\n\t\tsessionToken,\n\t\tservice,\n\t\tregion,\n\t\tcache,\n\t\tretries,\n\t\tinitRetryMs,\n\t}: {\n\t\taccessKeyId: string;\n\t\tsecretAccessKey: string;\n\t\tsessionToken?: string;\n\t\tservice?: string;\n\t\tregion?: string;\n\t\tcache?: Map<string, ArrayBuffer>;\n\t\tretries?: number;\n\t\tinitRetryMs?: number;\n\t}) {\n\t\tif (accessKeyId == null) throw new TypeError('accessKeyId is a required option');\n\t\tif (secretAccessKey == null) throw new TypeError('secretAccessKey is a required option');\n\t\tthis.accessKeyId = accessKeyId;\n\t\tthis.secretAccessKey = secretAccessKey;\n\t\tthis.sessionToken = sessionToken;\n\t\tthis.service = service;\n\t\tthis.region = region;\n\t\t/** @type {Map<string, ArrayBuffer>} */\n\t\tthis.cache = cache || new Map();\n\t\tthis.retries = retries != null ? retries : 10; // Up to 25.6 secs\n\t\tthis.initRetryMs = initRetryMs || 50;\n\t}\n\n\tasync sign(input: Request | { toString: () => string }, init: AwsRequestInit): Promise<Request> {\n\t\tif (input instanceof Request) {\n\t\t\tconst { method, url, headers, body } = input;\n\t\t\tinit = Object.assign({ method, url, headers }, init);\n\t\t\tif (init.body == null && headers.has('Content-Type')) {\n\t\t\t\tinit.body =\n\t\t\t\t\tbody != null && headers.has('X-Amz-Content-Sha256')\n\t\t\t\t\t\t? body\n\t\t\t\t\t\t: await input.clone().arrayBuffer();\n\t\t\t}\n\t\t\tinput = url;\n\t\t}\n\t\tconst signer = new AwsV4Signer(\n\t\t\tObject.assign({ url: input.toString() }, init, this, init && init.aws),\n\t\t);\n\t\tconst signed = Object.assign({}, init, await signer.sign());\n\t\tdelete signed.aws;\n\t\ttry {\n\t\t\treturn new Request(signed.url.toString(), signed);\n\t\t} catch (e) {\n\t\t\tif (e instanceof TypeError) {\n\t\t\t\t// https://bugs.chromium.org/p/chromium/issues/detail?id=1360943\n\t\t\t\treturn new Request(signed.url.toString(), Object.assign({ duplex: 'half' }, signed));\n\t\t\t}\n\t\t\tthrow e;\n\t\t}\n\t}\n\n\t/**\n\t * @param {Request | { toString: () => string }} input\n\t * @param {?AwsRequestInit} [init]\n\t * @returns {Promise<Response>}\n\t */\n\tasync fetch(input: Request | { toString: () => string }, init: AwsRequestInit) {\n\t\tfor (let i = 0; i <= this.retries; i++) {\n\t\t\tconst fetched = fetch(await this.sign(input, init));\n\t\t\tif (i === this.retries) {\n\t\t\t\treturn fetched; // No need to await if we're returning anyway\n\t\t\t}\n\t\t\tconst res = await fetched;\n\t\t\tif (res.status < 500 && res.status !== 429) {\n\t\t\t\treturn res;\n\t\t\t}\n\t\t\tawait new Promise((resolve) =>\n\t\t\t\tsetTimeout(resolve, Math.random() * this.initRetryMs * Math.pow(2, i)),\n\t\t\t);\n\t\t}\n\t\tthrow new Error('An unknown error occurred, ensure retries is not negative');\n\t}\n}\n\nexport class AwsV4Signer {\n\tmethod: any;\n\turl: URL;\n\theaders: Headers;\n\tbody: any;\n\taccessKeyId: any;\n\tsecretAccessKey: any;\n\tsessionToken: any;\n\tservice: any;\n\tregion: any;\n\tcache: any;\n\tdatetime: any;\n\tsignQuery: any;\n\tappendSessionToken: any;\n\tsignableHeaders: any[];\n\tsignedHeaders: any;\n\tcanonicalHeaders: any;\n\tcredentialString: string;\n\tencodedPath: string;\n\tencodedSearch: string;\n\t/**\n\t * @param {} options\n\t */\n\tconstructor({\n\t\tmethod,\n\t\turl,\n\t\theaders,\n\t\tbody,\n\t\taccessKeyId,\n\t\tsecretAccessKey,\n\t\tsessionToken,\n\t\tservice,\n\t\tregion,\n\t\tcache,\n\t\tdatetime,\n\t\tsignQuery,\n\t\tappendSessionToken,\n\t\tallHeaders,\n\t\tsingleEncode,\n\t}: {\n\t\tmethod?: string;\n\t\turl: string;\n\t\theaders?: HeadersInit;\n\t\tbody?: BodyInit | null;\n\t\taccessKeyId: string;\n\t\tsecretAccessKey: string;\n\t\tsessionToken?: string;\n\t\tservice?: string;\n\t\tregion?: string;\n\t\tcache?: Map<string, ArrayBuffer>;\n\t\tdatetime?: string;\n\t\tsignQuery?: boolean;\n\t\tappendSessionToken?: boolean;\n\t\tallHeaders?: boolean;\n\t\tsingleEncode?: boolean;\n\t}) {\n\t\tif (url == null) throw new TypeError('url is a required option');\n\t\tif (accessKeyId == null) throw new TypeError('accessKeyId is a required option');\n\t\tif (secretAccessKey == null) throw new TypeError('secretAccessKey is a required option');\n\n\t\tthis.method = method || (body ? 'POST' : 'GET');\n\t\tthis.url = new URL(url);\n\t\tthis.headers = new Headers(headers || {});\n\t\tthis.body = body;\n\n\t\tthis.accessKeyId = accessKeyId;\n\t\tthis.secretAccessKey = secretAccessKey;\n\t\tthis.sessionToken = sessionToken;\n\n\t\tlet guessedService, guessedRegion;\n\t\tif (!service || !region) {\n\t\t\t[guessedService, guessedRegion] = guessServiceRegion(this.url, this.headers);\n\t\t}\n\t\tthis.service = service || guessedService || '';\n\t\tthis.region = region || guessedRegion || 'us-east-1';\n\n\t\t/** @type {Map<string, ArrayBuffer>} */\n\t\tthis.cache = cache || new Map();\n\t\tthis.datetime = datetime || new Date().toISOString().replace(/[:-]|\\.\\d{3}/g, '');\n\t\tthis.signQuery = signQuery;\n\t\tthis.appendSessionToken = appendSessionToken || this.service === 'iotdevicegateway';\n\n\t\tthis.headers.delete('Host'); // Can't be set in insecure env anyway\n\n\t\tif (this.service === 's3' && !this.signQuery && !this.headers.has('X-Amz-Content-Sha256')) {\n\t\t\tthis.headers.set('X-Amz-Content-Sha256', 'UNSIGNED-PAYLOAD');\n\t\t}\n\n\t\tconst params = this.signQuery ? this.url.searchParams : this.headers;\n\n\t\tparams.set('X-Amz-Date', this.datetime);\n\t\tif (this.sessionToken && !this.appendSessionToken) {\n\t\t\tparams.set('X-Amz-Security-Token', this.sessionToken);\n\t\t}\n\n\t\t// headers are always lowercase in keys()\n\n\t\tthis.signableHeaders = ['host', ...((this.headers as any).keys() as string[])]\n\t\t\t.filter((header) => allHeaders || !UNSIGNABLE_HEADERS.has(header))\n\t\t\t.sort();\n\n\t\tthis.signedHeaders = this.signableHeaders.join(';');\n\n\t\t// headers are always trimmed:\n\t\t// https://fetch.spec.whatwg.org/#concept-header-value-normalize\n\t\tthis.canonicalHeaders = this.signableHeaders\n\t\t\t.map(\n\t\t\t\t(header) =>\n\t\t\t\t\theader +\n\t\t\t\t\t':' +\n\t\t\t\t\t(header === 'host'\n\t\t\t\t\t\t? this.url.host\n\t\t\t\t\t\t: (this.headers.get(header) || '').replace(/\\s+/g, ' ')),\n\t\t\t)\n\t\t\t.join('\\n');\n\n\t\tthis.credentialString = [\n\t\t\tthis.datetime.slice(0, 8),\n\t\t\tthis.region,\n\t\t\tthis.service,\n\t\t\t'aws4_request',\n\t\t].join('/');\n\n\t\tif (this.signQuery) {\n\t\t\tif (this.service === 's3' && !params.has('X-Amz-Expires')) {\n\t\t\t\tparams.set('X-Amz-Expires', '86400'); // 24 hours\n\t\t\t}\n\t\t\tparams.set('X-Amz-Algorithm', 'AWS4-HMAC-SHA256');\n\t\t\tparams.set('X-Amz-Credential', this.accessKeyId + '/' + this.credentialString);\n\t\t\tparams.set('X-Amz-SignedHeaders', this.signedHeaders);\n\t\t}\n\n\t\tif (this.service === 's3') {\n\t\t\ttry {\n\t\t\t\tthis.encodedPath = decodeURIComponent(this.url.pathname.replace(/\\+/g, ' '));\n\t\t\t} catch {\n\t\t\t\tthis.encodedPath = this.url.pathname;\n\t\t\t}\n\t\t} else {\n\t\t\tthis.encodedPath = this.url.pathname.replace(/\\/+/g, '/');\n\t\t}\n\t\tif (!singleEncode) {\n\t\t\tthis.encodedPath = encodeURIComponent(this.encodedPath).replace(/%2F/g, '/');\n\t\t}\n\t\tthis.encodedPath = encodeRfc3986(this.encodedPath);\n\n\t\tconst seenKeys = new Set();\n\t\tthis.encodedSearch = [...this.url.searchParams]\n\t\t\t.filter(([k]) => {\n\t\t\t\tif (!k) return false; // no empty keys\n\t\t\t\tif (this.service === 's3') {\n\t\t\t\t\tif (seenKeys.has(k)) return false; // first val only for S3\n\t\t\t\t\tseenKeys.add(k);\n\t\t\t\t}\n\t\t\t\treturn true;\n\t\t\t})\n\t\t\t.map((pair) => pair.map((p) => encodeRfc3986(encodeURIComponent(p))))\n\t\t\t.sort(([k1, v1], [k2, v2]) => (k1 < k2 ? -1 : k1 > k2 ? 1 : v1 < v2 ? -1 : v1 > v2 ? 1 : 0))\n\t\t\t.map((pair) => pair.join('='))\n\t\t\t.join('&');\n\t}\n\n\t/**\n\t * @returns {Promise<{\n\t * method: string\n\t * url: URL\n\t * headers: Headers\n\t * body?: BodyInit | null\n\t * }>}\n\t */\n\tasync sign() {\n\t\tif (this.signQuery) {\n\t\t\tthis.url.searchParams.set('X-Amz-Signature', await this.signature());\n\t\t\tif (this.sessionToken && this.appendSessionToken) {\n\t\t\t\tthis.url.searchParams.set('X-Amz-Security-Token', this.sessionToken);\n\t\t\t}\n\t\t} else {\n\t\t\tthis.headers.set('Authorization', await this.authHeader());\n\t\t}\n\n\t\treturn {\n\t\t\tmethod: this.method,\n\t\t\turl: this.url,\n\t\t\theaders: this.headers,\n\t\t\tbody: this.body,\n\t\t};\n\t}\n\n\t/**\n\t * @returns {Promise<string>}\n\t */\n\tasync authHeader() {\n\t\treturn [\n\t\t\t'AWS4-HMAC-SHA256 Credential=' + this.accessKeyId + '/' + this.credentialString,\n\t\t\t'SignedHeaders=' + this.signedHeaders,\n\t\t\t'Signature=' + (await this.signature()),\n\t\t].join(', ');\n\t}\n\n\t/**\n\t * @returns {Promise<string>}\n\t */\n\tasync signature() {\n\t\tconst date = this.datetime.slice(0, 8);\n\t\tconst cacheKey = [this.secretAccessKey, date, this.region, this.service].join();\n\t\tlet kCredentials = this.cache.get(cacheKey);\n\t\tif (!kCredentials) {\n\t\t\tconst kDate = await hmac('AWS4' + this.secretAccessKey, date);\n\t\t\tconst kRegion = await hmac(kDate, this.region);\n\t\t\tconst kService = await hmac(kRegion, this.service);\n\t\t\tkCredentials = await hmac(kService, 'aws4_request');\n\t\t\tthis.cache.set(cacheKey, kCredentials);\n\t\t}\n\t\treturn buf2hex(await hmac(kCredentials, await this.stringToSign()));\n\t}\n\n\t/**\n\t * @returns {Promise<string>}\n\t */\n\tasync stringToSign() {\n\t\treturn [\n\t\t\t'AWS4-HMAC-SHA256',\n\t\t\tthis.datetime,\n\t\t\tthis.credentialString,\n\t\t\tbuf2hex(await hash(await this.canonicalString())),\n\t\t].join('\\n');\n\t}\n\n\t/**\n\t * @returns {Promise<string>}\n\t */\n\tasync canonicalString() {\n\t\treturn [\n\t\t\tthis.method.toUpperCase(),\n\t\t\tthis.encodedPath,\n\t\t\tthis.encodedSearch,\n\t\t\tthis.canonicalHeaders + '\\n',\n\t\t\tthis.signedHeaders,\n\t\t\tawait this.hexBodyHash(),\n\t\t].join('\\n');\n\t}\n\n\t/**\n\t * @returns {Promise<string>}\n\t */\n\tasync hexBodyHash() {\n\t\tlet hashHeader =\n\t\t\tthis.headers.get('X-Amz-Content-Sha256') ||\n\t\t\t(this.service === 's3' && this.signQuery ? 'UNSIGNED-PAYLOAD' : null);\n\t\tif (hashHeader == null) {\n\t\t\tif (this.body && typeof this.body !== 'string' && !('byteLength' in this.body)) {\n\t\t\t\tthrow new Error(\n\t\t\t\t\t'body must be a string, ArrayBuffer or ArrayBufferView, unless you include the X-Amz-Content-Sha256 header',\n\t\t\t\t);\n\t\t\t}\n\t\t\thashHeader = buf2hex(await hash(this.body || ''));\n\t\t}\n\t\treturn hashHeader;\n\t}\n}\n\n/**\n * @param {string | BufferSource} key\n * @param {string} string\n * @returns {Promise<ArrayBuffer>}\n */\nasync function hmac(key: string | BufferSource, string: string): Promise<ArrayBuffer> {\n\tconst cryptoKey = await crypto.subtle.importKey(\n\t\t'raw',\n\t\ttypeof key === 'string' ? encoder.encode(key) : key,\n\t\t{ name: 'HMAC', hash: { name: 'SHA-256' } },\n\t\tfalse,\n\t\t['sign'],\n\t);\n\treturn crypto.subtle.sign('HMAC', cryptoKey, encoder.encode(string));\n}\n\nasync function hash(content: string | ArrayBufferLike): Promise<ArrayBuffer> {\n\treturn crypto.subtle.digest(\n\t\t'SHA-256',\n\t\t(typeof content === 'string' ? encoder.encode(content) : content) as ArrayBuffer,\n\t);\n}\n\nconst HEX_CHARS = ['0', '1', '2', '3', '4', '5', '6', '7', '8', '9', 'a', 'b', 'c', 'd', 'e', 'f'];\n\nfunction buf2hex(arrayBuffer: ArrayBufferLike): string {\n\tconst buffer = new Uint8Array(arrayBuffer);\n\tlet out = '';\n\tfor (let idx = 0; idx < buffer.length; idx++) {\n\t\tconst n = buffer[idx];\n\n\t\tout += HEX_CHARS[(n >>> 4) & 0xf];\n\t\tout += HEX_CHARS[n & 0xf];\n\t}\n\treturn out;\n}\n\nfunction encodeRfc3986(urlEncodedStr: string): string {\n\treturn urlEncodedStr.replace(/[!'()*]/g, (c) => '%' + c.charCodeAt(0).toString(16).toUpperCase());\n}\n\nfunction guessServiceRegion(url: URL, headers: Headers): [string, string] {\n\tconst { hostname, pathname } = url;\n\n\tif (hostname.endsWith('.on.aws')) {\n\t\tconst match = hostname.match(/^[^.]{1,63}\\.lambda-url\\.([^.]{1,63})\\.on\\.aws$/);\n\t\treturn match != null ? ['lambda', match[1] || ''] : ['', ''];\n\t}\n\tif (hostname.endsWith('.r2.cloudflarestorage.com')) {\n\t\treturn ['s3', 'auto'];\n\t}\n\tif (hostname.endsWith('.backblazeb2.com')) {\n\t\tconst match = hostname.match(/^(?:[^.]{1,63}\\.)?s3\\.([^.]{1,63})\\.backblazeb2\\.com$/);\n\t\treturn match != null ? ['s3', match[1] || ''] : ['', ''];\n\t}\n\tconst match = hostname\n\t\t.replace('dualstack.', '')\n\t\t.match(/([^.]{1,63})\\.(?:([^.]{0,63})\\.)?amazonaws\\.com(?:\\.cn)?$/);\n\tlet service = (match && match[1]) || '';\n\tlet region = match && match[2];\n\n\tif (region === 'us-gov') {\n\t\tregion = 'us-gov-west-1';\n\t} else if (region === 's3' || region === 's3-accelerate') {\n\t\tregion = 'us-east-1';\n\t\tservice = 's3';\n\t} else if (service === 'iot') {\n\t\tif (hostname.startsWith('iot.')) {\n\t\t\tservice = 'execute-api';\n\t\t} else if (hostname.startsWith('data.jobs.iot.')) {\n\t\t\tservice = 'iot-jobs-data';\n\t\t} else {\n\t\t\tservice = pathname === '/mqtt' ? 'iotdevicegateway' : 'iotdata';\n\t\t}\n\t} else if (service === 'autoscaling') {\n\t\tconst targetPrefix = (headers.get('X-Amz-Target') || '').split('.')[0];\n\t\tif (targetPrefix === 'AnyScaleFrontendService') {\n\t\t\tservice = 'application-autoscaling';\n\t\t} else if (targetPrefix === 'AnyScaleScalingPlannerFrontendService') {\n\t\t\tservice = 'autoscaling-plans';\n\t\t}\n\t} else if (region == null && service.startsWith('s3-')) {\n\t\tregion = service.slice(3).replace(/^fips-|^external-1/, '');\n\t\tservice = 's3';\n\t} else if (service.endsWith('-fips')) {\n\t\tservice = service.slice(0, -5);\n\t} else if (region && /-\\d$/.test(service) && !/-\\d$/.test(region)) {\n\t\t[service, region] = [region, service];\n\t}\n\n\treturn [HOST_SERVICES[service] || service, region || ''];\n}\n"],
|
|
5
|
+
"mappings": "AAGA;AAAA;AAAA;AAAA;AAAA;AAMA,MAAM,UAAU,IAAI,YAAY;AAGhC,MAAM,gBAAwC;AAAA,EAC7C,YAAY;AAAA,EACZ,YAAY;AAAA,EACZ,OAAO;AAAA,EACP,aAAa;AAAA,EACb,QAAQ;AAAA,EACR,UAAU;AAAA,EACV,OAAO;AAAA,EACP,kBAAkB;AAAA,EAClB,2BAA2B;AAAA,EAC3B,uBAAuB;AACxB;AAGA,MAAM,qBAAqB,oBAAI,IAAI;AAAA,EAClC;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AACD,CAAC;AAkBM,MAAM,UAAU;AAAA;AAAA;AAAA;AAAA,EAYtB,YAAY;AAAA,IACX;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,EACD,GASG;AACF,QAAI,eAAe,KAAM,OAAM,IAAI,UAAU,kCAAkC;AAC/E,QAAI,mBAAmB,KAAM,OAAM,IAAI,UAAU,sCAAsC;AACvF,SAAK,cAAc;AACnB,SAAK,kBAAkB;AACvB,SAAK,eAAe;AACpB,SAAK,UAAU;AACf,SAAK,SAAS;AAEd,SAAK,QAAQ,SAAS,oBAAI,IAAI;AAC9B,SAAK,UAAU,WAAW,OAAO,UAAU;AAC3C,SAAK,cAAc,eAAe;AAAA,EACnC;AAAA,EAEA,MAAM,KAAK,OAA6C,MAAwC;AAC/F,QAAI,iBAAiB,SAAS;AAC7B,YAAM,EAAE,QAAQ,KAAK,SAAS,KAAK,IAAI;AACvC,aAAO,OAAO,OAAO,EAAE,QAAQ,KAAK,QAAQ,GAAG,IAAI;AACnD,UAAI,KAAK,QAAQ,QAAQ,QAAQ,IAAI,cAAc,GAAG;AACrD,aAAK,OACJ,QAAQ,QAAQ,QAAQ,IAAI,sBAAsB,IAC/C,OACA,MAAM,MAAM,MAAM,EAAE,YAAY;AAAA,MACrC;AACA,cAAQ;AAAA,IACT;AACA,UAAM,SAAS,IAAI;AAAA,MAClB,OAAO,OAAO,EAAE,KAAK,MAAM,SAAS,EAAE,GAAG,MAAM,MAAM,QAAQ,KAAK,GAAG;AAAA,IACtE;AACA,UAAM,SAAS,OAAO,OAAO,CAAC,GAAG,MAAM,MAAM,OAAO,KAAK,CAAC;AAC1D,WAAO,OAAO;AACd,QAAI;AACH,aAAO,IAAI,QAAQ,OAAO,IAAI,SAAS,GAAG,MAAM;AAAA,IACjD,SAAS,GAAG;AACX,UAAI,aAAa,WAAW;AAE3B,eAAO,IAAI,QAAQ,OAAO,IAAI,SAAS,GAAG,OAAO,OAAO,EAAE,QAAQ,OAAO,GAAG,MAAM,CAAC;AAAA,MACpF;AACA,YAAM;AAAA,IACP;AAAA,EACD;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAOA,MAAM,MAAM,OAA6C,MAAsB;AAC9E,aAAS,IAAI,GAAG,KAAK,KAAK,SAAS,KAAK;AACvC,YAAM,UAAU,MAAM,MAAM,KAAK,KAAK,OAAO,IAAI,CAAC;AAClD,UAAI,MAAM,KAAK,SAAS;AACvB,eAAO;AAAA,MACR;AACA,YAAM,MAAM,MAAM;AAClB,UAAI,IAAI,SAAS,OAAO,IAAI,WAAW,KAAK;AAC3C,eAAO;AAAA,MACR;AACA,YAAM,IAAI;AAAA,QAAQ,CAAC,YAClB,WAAW,SAAS,KAAK,OAAO,IAAI,KAAK,cAAc,KAAK,IAAI,GAAG,CAAC,CAAC;AAAA,MACtE;AAAA,IACD;AACA,UAAM,IAAI,MAAM,2DAA2D;AAAA,EAC5E;AACD;AAEO,MAAM,YAAY;AAAA;AAAA;AAAA;AAAA,EAuBxB,YAAY;AAAA,IACX;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,EACD,GAgBG;AACF,QAAI,OAAO,KAAM,OAAM,IAAI,UAAU,0BAA0B;AAC/D,QAAI,eAAe,KAAM,OAAM,IAAI,UAAU,kCAAkC;AAC/E,QAAI,mBAAmB,KAAM,OAAM,IAAI,UAAU,sCAAsC;AAEvF,SAAK,SAAS,WAAW,OAAO,SAAS;AACzC,SAAK,MAAM,IAAI,IAAI,GAAG;AACtB,SAAK,UAAU,IAAI,QAAQ,WAAW,CAAC,CAAC;AACxC,SAAK,OAAO;AAEZ,SAAK,cAAc;AACnB,SAAK,kBAAkB;AACvB,SAAK,eAAe;AAEpB,QAAI,gBAAgB;AACpB,QAAI,CAAC,WAAW,CAAC,QAAQ;AACxB,OAAC,gBAAgB,aAAa,IAAI,mBAAmB,KAAK,KAAK,KAAK,OAAO;AAAA,IAC5E;AACA,SAAK,UAAU,WAAW,kBAAkB;AAC5C,SAAK,SAAS,UAAU,iBAAiB;AAGzC,SAAK,QAAQ,SAAS,oBAAI,IAAI;AAC9B,SAAK,WAAW,aAAY,oBAAI,KAAK,GAAE,YAAY,EAAE,QAAQ,iBAAiB,EAAE;AAChF,SAAK,YAAY;AACjB,SAAK,qBAAqB,sBAAsB,KAAK,YAAY;AAEjE,SAAK,QAAQ,OAAO,MAAM;AAE1B,QAAI,KAAK,YAAY,QAAQ,CAAC,KAAK,aAAa,CAAC,KAAK,QAAQ,IAAI,sBAAsB,GAAG;AAC1F,WAAK,QAAQ,IAAI,wBAAwB,kBAAkB;AAAA,IAC5D;AAEA,UAAM,SAAS,KAAK,YAAY,KAAK,IAAI,eAAe,KAAK;AAE7D,WAAO,IAAI,cAAc,KAAK,QAAQ;AACtC,QAAI,KAAK,gBAAgB,CAAC,KAAK,oBAAoB;AAClD,aAAO,IAAI,wBAAwB,KAAK,YAAY;AAAA,IACrD;AAIA,SAAK,kBAAkB,CAAC,QAAQ,GAAK,KAAK,QAAgB,KAAK,CAAc,EAC3E,OAAO,CAAC,WAAW,cAAc,CAAC,mBAAmB,IAAI,MAAM,CAAC,EAChE,KAAK;AAEP,SAAK,gBAAgB,KAAK,gBAAgB,KAAK,GAAG;AAIlD,SAAK,mBAAmB,KAAK,gBAC3B;AAAA,MACA,CAAC,WACA,SACA,OACC,WAAW,SACT,KAAK,IAAI,QACR,KAAK,QAAQ,IAAI,MAAM,KAAK,IAAI,QAAQ,QAAQ,GAAG;AAAA,IACzD,EACC,KAAK,IAAI;AAEX,SAAK,mBAAmB;AAAA,MACvB,KAAK,SAAS,MAAM,GAAG,CAAC;AAAA,MACxB,KAAK;AAAA,MACL,KAAK;AAAA,MACL;AAAA,IACD,EAAE,KAAK,GAAG;AAEV,QAAI,KAAK,WAAW;AACnB,UAAI,KAAK,YAAY,QAAQ,CAAC,OAAO,IAAI,eAAe,GAAG;AAC1D,eAAO,IAAI,iBAAiB,OAAO;AAAA,MACpC;AACA,aAAO,IAAI,mBAAmB,kBAAkB;AAChD,aAAO,IAAI,oBAAoB,KAAK,cAAc,MAAM,KAAK,gBAAgB;AAC7E,aAAO,IAAI,uBAAuB,KAAK,aAAa;AAAA,IACrD;AAEA,QAAI,KAAK,YAAY,MAAM;AAC1B,UAAI;AACH,aAAK,cAAc,mBAAmB,KAAK,IAAI,SAAS,QAAQ,OAAO,GAAG,CAAC;AAAA,MAC5E,QAAQ;AACP,aAAK,cAAc,KAAK,IAAI;AAAA,MAC7B;AAAA,IACD,OAAO;AACN,WAAK,cAAc,KAAK,IAAI,SAAS,QAAQ,QAAQ,GAAG;AAAA,IACzD;AACA,QAAI,CAAC,cAAc;AAClB,WAAK,cAAc,mBAAmB,KAAK,WAAW,EAAE,QAAQ,QAAQ,GAAG;AAAA,IAC5E;AACA,SAAK,cAAc,cAAc,KAAK,WAAW;AAEjD,UAAM,WAAW,oBAAI,IAAI;AACzB,SAAK,gBAAgB,CAAC,GAAG,KAAK,IAAI,YAAY,EAC5C,OAAO,CAAC,CAAC,CAAC,MAAM;AAChB,UAAI,CAAC,EAAG,QAAO;AACf,UAAI,KAAK,YAAY,MAAM;AAC1B,YAAI,SAAS,IAAI,CAAC,EAAG,QAAO;AAC5B,iBAAS,IAAI,CAAC;AAAA,MACf;AACA,aAAO;AAAA,IACR,CAAC,EACA,IAAI,CAAC,SAAS,KAAK,IAAI,CAAC,MAAM,cAAc,mBAAmB,CAAC,CAAC,CAAC,CAAC,EACnE,KAAK,CAAC,CAAC,IAAI,EAAE,GAAG,CAAC,IAAI,EAAE,MAAO,KAAK,KAAK,KAAK,KAAK,KAAK,IAAI,KAAK,KAAK,KAAK,KAAK,KAAK,IAAI,CAAE,EAC1F,IAAI,CAAC,SAAS,KAAK,KAAK,GAAG,CAAC,EAC5B,KAAK,GAAG;AAAA,EACX;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAUA,MAAM,OAAO;AACZ,QAAI,KAAK,WAAW;AACnB,WAAK,IAAI,aAAa,IAAI,mBAAmB,MAAM,KAAK,UAAU,CAAC;AACnE,UAAI,KAAK,gBAAgB,KAAK,oBAAoB;AACjD,aAAK,IAAI,aAAa,IAAI,wBAAwB,KAAK,YAAY;AAAA,MACpE;AAAA,IACD,OAAO;AACN,WAAK,QAAQ,IAAI,iBAAiB,MAAM,KAAK,WAAW,CAAC;AAAA,IAC1D;AAEA,WAAO;AAAA,MACN,QAAQ,KAAK;AAAA,MACb,KAAK,KAAK;AAAA,MACV,SAAS,KAAK;AAAA,MACd,MAAM,KAAK;AAAA,IACZ;AAAA,EACD;AAAA;AAAA;AAAA;AAAA,EAKA,MAAM,aAAa;AAClB,WAAO;AAAA,MACN,iCAAiC,KAAK,cAAc,MAAM,KAAK;AAAA,MAC/D,mBAAmB,KAAK;AAAA,MACxB,eAAgB,MAAM,KAAK,UAAU;AAAA,IACtC,EAAE,KAAK,IAAI;AAAA,EACZ;AAAA;AAAA;AAAA;AAAA,EAKA,MAAM,YAAY;AACjB,UAAM,OAAO,KAAK,SAAS,MAAM,GAAG,CAAC;AACrC,UAAM,WAAW,CAAC,KAAK,iBAAiB,MAAM,KAAK,QAAQ,KAAK,OAAO,EAAE,KAAK;AAC9E,QAAI,eAAe,KAAK,MAAM,IAAI,QAAQ;AAC1C,QAAI,CAAC,cAAc;AAClB,YAAM,QAAQ,MAAM,KAAK,SAAS,KAAK,iBAAiB,IAAI;AAC5D,YAAM,UAAU,MAAM,KAAK,OAAO,KAAK,MAAM;AAC7C,YAAM,WAAW,MAAM,KAAK,SAAS,KAAK,OAAO;AACjD,qBAAe,MAAM,KAAK,UAAU,cAAc;AAClD,WAAK,MAAM,IAAI,UAAU,YAAY;AAAA,IACtC;AACA,WAAO,QAAQ,MAAM,KAAK,cAAc,MAAM,KAAK,aAAa,CAAC,CAAC;AAAA,EACnE;AAAA;AAAA;AAAA;AAAA,EAKA,MAAM,eAAe;AACpB,WAAO;AAAA,MACN;AAAA,MACA,KAAK;AAAA,MACL,KAAK;AAAA,MACL,QAAQ,MAAM,KAAK,MAAM,KAAK,gBAAgB,CAAC,CAAC;AAAA,IACjD,EAAE,KAAK,IAAI;AAAA,EACZ;AAAA;AAAA;AAAA;AAAA,EAKA,MAAM,kBAAkB;AACvB,WAAO;AAAA,MACN,KAAK,OAAO,YAAY;AAAA,MACxB,KAAK;AAAA,MACL,KAAK;AAAA,MACL,KAAK,mBAAmB;AAAA,MACxB,KAAK;AAAA,MACL,MAAM,KAAK,YAAY;AAAA,IACxB,EAAE,KAAK,IAAI;AAAA,EACZ;AAAA;AAAA;AAAA;AAAA,EAKA,MAAM,cAAc;AACnB,QAAI,aACH,KAAK,QAAQ,IAAI,sBAAsB,MACtC,KAAK,YAAY,QAAQ,KAAK,YAAY,qBAAqB;AACjE,QAAI,cAAc,MAAM;AACvB,UAAI,KAAK,QAAQ,OAAO,KAAK,SAAS,YAAY,EAAE,gBAAgB,KAAK,OAAO;AAC/E,cAAM,IAAI;AAAA,UACT;AAAA,QACD;AAAA,MACD;AACA,mBAAa,QAAQ,MAAM,KAAK,KAAK,QAAQ,EAAE,CAAC;AAAA,IACjD;AACA,WAAO;AAAA,EACR;AACD;AAOA,eAAe,KAAK,KAA4B,QAAsC;AACrF,QAAM,YAAY,MAAM,OAAO,OAAO;AAAA,IACrC;AAAA,IACA,OAAO,QAAQ,WAAW,QAAQ,OAAO,GAAG,IAAI;AAAA,IAChD,EAAE,MAAM,QAAQ,MAAM,EAAE,MAAM,UAAU,EAAE;AAAA,IAC1C;AAAA,IACA,CAAC,MAAM;AAAA,EACR;AACA,SAAO,OAAO,OAAO,KAAK,QAAQ,WAAW,QAAQ,OAAO,MAAM,CAAC;AACpE;AAEA,eAAe,KAAK,SAAyD;AAC5E,SAAO,OAAO,OAAO;AAAA,IACpB;AAAA,IACC,OAAO,YAAY,WAAW,QAAQ,OAAO,OAAO,IAAI;AAAA,EAC1D;AACD;AAEA,MAAM,YAAY,CAAC,KAAK,KAAK,KAAK,KAAK,KAAK,KAAK,KAAK,KAAK,KAAK,KAAK,KAAK,KAAK,KAAK,KAAK,KAAK,GAAG;AAEjG,SAAS,QAAQ,aAAsC;AACtD,QAAM,SAAS,IAAI,WAAW,WAAW;AACzC,MAAI,MAAM;AACV,WAAS,MAAM,GAAG,MAAM,OAAO,QAAQ,OAAO;AAC7C,UAAM,IAAI,OAAO,GAAG;AAEpB,WAAO,UAAW,MAAM,IAAK,EAAG;AAChC,WAAO,UAAU,IAAI,EAAG;AAAA,EACzB;AACA,SAAO;AACR;AAEA,SAAS,cAAc,eAA+B;AACrD,SAAO,cAAc,QAAQ,YAAY,CAAC,MAAM,MAAM,EAAE,WAAW,CAAC,EAAE,SAAS,EAAE,EAAE,YAAY,CAAC;AACjG;AAEA,SAAS,mBAAmB,KAAU,SAAoC;AACzE,QAAM,EAAE,UAAU,SAAS,IAAI;AAE/B,MAAI,SAAS,SAAS,SAAS,GAAG;AACjC,UAAMA,SAAQ,SAAS,MAAM,iDAAiD;AAC9E,WAAOA,UAAS,OAAO,CAAC,UAAUA,OAAM,CAAC,KAAK,EAAE,IAAI,CAAC,IAAI,EAAE;AAAA,EAC5D;AACA,MAAI,SAAS,SAAS,2BAA2B,GAAG;AACnD,WAAO,CAAC,MAAM,MAAM;AAAA,EACrB;AACA,MAAI,SAAS,SAAS,kBAAkB,GAAG;AAC1C,UAAMA,SAAQ,SAAS,MAAM,uDAAuD;AACpF,WAAOA,UAAS,OAAO,CAAC,MAAMA,OAAM,CAAC,KAAK,EAAE,IAAI,CAAC,IAAI,EAAE;AAAA,EACxD;AACA,QAAM,QAAQ,SACZ,QAAQ,cAAc,EAAE,EACxB,MAAM,2DAA2D;AACnE,MAAI,UAAW,SAAS,MAAM,CAAC,KAAM;AACrC,MAAI,SAAS,SAAS,MAAM,CAAC;AAE7B,MAAI,WAAW,UAAU;AACxB,aAAS;AAAA,EACV,WAAW,WAAW,QAAQ,WAAW,iBAAiB;AACzD,aAAS;AACT,cAAU;AAAA,EACX,WAAW,YAAY,OAAO;AAC7B,QAAI,SAAS,WAAW,MAAM,GAAG;AAChC,gBAAU;AAAA,IACX,WAAW,SAAS,WAAW,gBAAgB,GAAG;AACjD,gBAAU;AAAA,IACX,OAAO;AACN,gBAAU,aAAa,UAAU,qBAAqB;AAAA,IACvD;AAAA,EACD,WAAW,YAAY,eAAe;AACrC,UAAM,gBAAgB,QAAQ,IAAI,cAAc,KAAK,IAAI,MAAM,GAAG,EAAE,CAAC;AACrE,QAAI,iBAAiB,2BAA2B;AAC/C,gBAAU;AAAA,IACX,WAAW,iBAAiB,yCAAyC;AACpE,gBAAU;AAAA,IACX;AAAA,EACD,WAAW,UAAU,QAAQ,QAAQ,WAAW,KAAK,GAAG;AACvD,aAAS,QAAQ,MAAM,CAAC,EAAE,QAAQ,sBAAsB,EAAE;AAC1D,cAAU;AAAA,EACX,WAAW,QAAQ,SAAS,OAAO,GAAG;AACrC,cAAU,QAAQ,MAAM,GAAG,EAAE;AAAA,EAC9B,WAAW,UAAU,OAAO,KAAK,OAAO,KAAK,CAAC,OAAO,KAAK,MAAM,GAAG;AAClE,KAAC,SAAS,MAAM,IAAI,CAAC,QAAQ,OAAO;AAAA,EACrC;AAEA,SAAO,CAAC,cAAc,OAAO,KAAK,SAAS,UAAU,EAAE;AACxD;",
|
|
6
6
|
"names": ["match"]
|
|
7
7
|
}
|
|
@@ -49,6 +49,7 @@ export declare class GcpKmsSigner extends Signer {
|
|
|
49
49
|
/**
|
|
50
50
|
* Synchronous signing is not supported by GCP KMS.
|
|
51
51
|
* @throws Always throws an error indicating synchronous signing is unsupported.
|
|
52
|
+
* @deprecated use `sign` instead
|
|
52
53
|
*/
|
|
53
54
|
signData(): never;
|
|
54
55
|
/**
|
|
@@ -68,6 +68,7 @@ const _GcpKmsSigner = class _GcpKmsSigner extends Signer {
|
|
|
68
68
|
/**
|
|
69
69
|
* Synchronous signing is not supported by GCP KMS.
|
|
70
70
|
* @throws Always throws an error indicating synchronous signing is unsupported.
|
|
71
|
+
* @deprecated use `sign` instead
|
|
71
72
|
*/
|
|
72
73
|
signData() {
|
|
73
74
|
throw new Error("GCP Signer does not support sync signing");
|
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
{
|
|
2
2
|
"version": 3,
|
|
3
3
|
"sources": ["../../../src/gcp/gcp-kms-client.ts"],
|
|
4
|
-
"sourcesContent": ["// Copyright (c) Mysten Labs, Inc.\n// SPDX-License-Identifier: Apache-2.0\nimport { KeyManagementServiceClient } from '@google-cloud/kms';\nimport type { PublicKey, SignatureFlag } from '@mysten/sui/cryptography';\nimport { SIGNATURE_FLAG_TO_SCHEME, Signer } from '@mysten/sui/cryptography';\nimport { Secp256k1PublicKey } from '@mysten/sui/keypairs/secp256k1';\nimport { Secp256r1PublicKey } from '@mysten/sui/keypairs/secp256r1';\nimport { fromBase64 } from '@mysten/sui/utils';\n\nimport { getConcatenatedSignature, publicKeyFromDER } from '../utils/utils.js';\n\n/**\n * Configuration options for initializing the GcpKmsSigner.\n */\nexport interface GcpKmsSignerOptions {\n\t/** The version name generated from `client.cryptoKeyVersionPath()` */\n\tversionName: string;\n\t/** Options for setting up the GCP KMS client */\n\tclient: KeyManagementServiceClient;\n\t/** Public key */\n\tpublicKey: PublicKey;\n}\n\n/**\n * GCP KMS Signer integrates GCP Key Management Service (KMS) with the Sui blockchain\n * to provide signing capabilities using GCP-managed cryptographic keys.\n */\nexport class GcpKmsSigner extends Signer {\n\t#publicKey: PublicKey;\n\t/** GCP KMS client instance */\n\t#client: KeyManagementServiceClient;\n\t/** GCP KMS version name (generated from `client.cryptoKeyVersionPath()`) */\n\t#versionName: string;\n\n\t/**\n\t * Creates an instance of GcpKmsSigner. It's expected to call the static `fromOptions`\n\t * or `fromVersionName` method to create an instance.\n\t * For example:\n\t * ```\n\t * const signer = await GcpKmsSigner.fromVersionName(versionName);\n\t * ```\n\t * @throws Will throw an error if required GCP credentials are not provided.\n\t */\n\tconstructor({ versionName, client, publicKey }: GcpKmsSignerOptions) {\n\t\tsuper();\n\t\tif (!versionName) throw new Error('Version name is required');\n\n\t\tthis.#client = client;\n\t\tthis.#versionName = versionName;\n\t\tthis.#publicKey = publicKey;\n\t}\n\n\t/**\n\t * Retrieves the key scheme used by this signer.\n\t * @returns GCP supports only `Secp256k1` and `Secp256r1` schemes.\n\t */\n\tgetKeyScheme() {\n\t\treturn SIGNATURE_FLAG_TO_SCHEME[this.#publicKey.flag() as SignatureFlag];\n\t}\n\n\t/**\n\t * Retrieves the public key associated with this signer.\n\t * @returns The Secp256k1PublicKey instance.\n\t * @throws Will throw an error if the public key has not been initialized.\n\t */\n\tgetPublicKey() {\n\t\treturn this.#publicKey;\n\t}\n\n\t/**\n\t * Signs the given data using GCP KMS.\n\t * @param bytes - The data to be signed as a Uint8Array.\n\t * @returns A promise that resolves to the signature as a Uint8Array.\n\t * @throws Will throw an error if the public key is not initialized or if signing fails.\n\t */\n\tasync sign(bytes: Uint8Array): Promise<Uint8Array<ArrayBuffer>> {\n\t\tconst [signResponse] = await this.#client.asymmetricSign({\n\t\t\tname: this.#versionName,\n\t\t\tdata: bytes,\n\t\t});\n\n\t\tif (!signResponse.signature) {\n\t\t\tthrow new Error('No signature returned from GCP KMS');\n\t\t}\n\n\t\treturn getConcatenatedSignature(signResponse.signature as Uint8Array, this.getKeyScheme());\n\t}\n\n\t/**\n\t * Synchronous signing is not supported by GCP KMS.\n\t * @throws Always throws an error indicating synchronous signing is unsupported.\n\t */\n\tsignData(): never {\n\t\tthrow new Error('GCP Signer does not support sync signing');\n\t}\n\n\t/**\n\t * Creates a GCP KMS signer from the provided options.\n\t * Expects the credentials file to be set as an env variable\n\t * (GOOGLE_APPLICATION_CREDENTIALS).\n\t */\n\tstatic async fromOptions(options: {\n\t\tprojectId: string;\n\t\tlocation: string;\n\t\tkeyRing: string;\n\t\tcryptoKey: string;\n\t\tcryptoKeyVersion: string;\n\t}) {\n\t\tconst client = new KeyManagementServiceClient();\n\n\t\tconst versionName = client.cryptoKeyVersionPath(\n\t\t\toptions.projectId,\n\t\t\toptions.location,\n\t\t\toptions.keyRing,\n\t\t\toptions.cryptoKey,\n\t\t\toptions.cryptoKeyVersion,\n\t\t);\n\n\t\treturn new GcpKmsSigner({\n\t\t\tversionName,\n\t\t\tclient,\n\t\t\tpublicKey: await getPublicKey(client, versionName),\n\t\t});\n\t}\n\n\tstatic async fromVersionName(versionName: string) {\n\t\tconst client = new KeyManagementServiceClient();\n\t\treturn new GcpKmsSigner({\n\t\t\tversionName,\n\t\t\tclient,\n\t\t\tpublicKey: await getPublicKey(client, versionName),\n\t\t});\n\t}\n}\n\n/**\n * Retrieves the public key associated with the given version name.\n */\nasync function getPublicKey(\n\tclient: KeyManagementServiceClient,\n\tversionName: string,\n): Promise<PublicKey> {\n\tconst [publicKey] = await client.getPublicKey({ name: versionName });\n\n\tconst { algorithm, pem } = publicKey;\n\n\tif (!pem) throw new Error('No PEM key returned from GCP KMS');\n\n\tconst base64 = pem\n\t\t.replace('-----BEGIN PUBLIC KEY-----', '')\n\t\t.replace('-----END PUBLIC KEY-----', '')\n\t\t.replace(/\\s/g, '');\n\n\tconst compressedKey = publicKeyFromDER(fromBase64(base64));\n\n\tswitch (algorithm) {\n\t\tcase 'EC_SIGN_SECP256K1_SHA256':\n\t\t\treturn new Secp256k1PublicKey(compressedKey);\n\t\tcase 'EC_SIGN_P256_SHA256':\n\t\t\treturn new Secp256r1PublicKey(compressedKey);\n\t\tdefault:\n\t\t\tthrow new Error(`Unsupported algorithm: ${algorithm}`);\n\t}\n}\n"],
|
|
5
|
-
"mappings": ";;;;;;;AAAA;AAEA,SAAS,kCAAkC;AAE3C,SAAS,0BAA0B,cAAc;AACjD,SAAS,0BAA0B;AACnC,SAAS,0BAA0B;AACnC,SAAS,kBAAkB;AAE3B,SAAS,0BAA0B,wBAAwB;AAkBpD,MAAM,gBAAN,MAAM,sBAAqB,OAAO;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAgBxC,YAAY,EAAE,aAAa,QAAQ,UAAU,GAAwB;AACpE,UAAM;AAhBP;AAEA;AAAA;AAEA;AAAA;AAaC,QAAI,CAAC,YAAa,OAAM,IAAI,MAAM,0BAA0B;AAE5D,uBAAK,SAAU;AACf,uBAAK,cAAe;AACpB,uBAAK,YAAa;AAAA,EACnB;AAAA;AAAA;AAAA;AAAA;AAAA,EAMA,eAAe;AACd,WAAO,yBAAyB,mBAAK,YAAW,KAAK,CAAkB;AAAA,EACxE;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAOA,eAAe;AACd,WAAO,mBAAK;AAAA,EACb;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAQA,MAAM,KAAK,OAAqD;AAC/D,UAAM,CAAC,YAAY,IAAI,MAAM,mBAAK,SAAQ,eAAe;AAAA,MACxD,MAAM,mBAAK;AAAA,MACX,MAAM;AAAA,IACP,CAAC;AAED,QAAI,CAAC,aAAa,WAAW;AAC5B,YAAM,IAAI,MAAM,oCAAoC;AAAA,IACrD;AAEA,WAAO,yBAAyB,aAAa,WAAyB,KAAK,aAAa,CAAC;AAAA,EAC1F;AAAA;AAAA;AAAA;AAAA;AAAA,
|
|
4
|
+
"sourcesContent": ["// Copyright (c) Mysten Labs, Inc.\n// SPDX-License-Identifier: Apache-2.0\nimport { KeyManagementServiceClient } from '@google-cloud/kms';\nimport type { PublicKey, SignatureFlag } from '@mysten/sui/cryptography';\nimport { SIGNATURE_FLAG_TO_SCHEME, Signer } from '@mysten/sui/cryptography';\nimport { Secp256k1PublicKey } from '@mysten/sui/keypairs/secp256k1';\nimport { Secp256r1PublicKey } from '@mysten/sui/keypairs/secp256r1';\nimport { fromBase64 } from '@mysten/sui/utils';\n\nimport { getConcatenatedSignature, publicKeyFromDER } from '../utils/utils.js';\n\n/**\n * Configuration options for initializing the GcpKmsSigner.\n */\nexport interface GcpKmsSignerOptions {\n\t/** The version name generated from `client.cryptoKeyVersionPath()` */\n\tversionName: string;\n\t/** Options for setting up the GCP KMS client */\n\tclient: KeyManagementServiceClient;\n\t/** Public key */\n\tpublicKey: PublicKey;\n}\n\n/**\n * GCP KMS Signer integrates GCP Key Management Service (KMS) with the Sui blockchain\n * to provide signing capabilities using GCP-managed cryptographic keys.\n */\nexport class GcpKmsSigner extends Signer {\n\t#publicKey: PublicKey;\n\t/** GCP KMS client instance */\n\t#client: KeyManagementServiceClient;\n\t/** GCP KMS version name (generated from `client.cryptoKeyVersionPath()`) */\n\t#versionName: string;\n\n\t/**\n\t * Creates an instance of GcpKmsSigner. It's expected to call the static `fromOptions`\n\t * or `fromVersionName` method to create an instance.\n\t * For example:\n\t * ```\n\t * const signer = await GcpKmsSigner.fromVersionName(versionName);\n\t * ```\n\t * @throws Will throw an error if required GCP credentials are not provided.\n\t */\n\tconstructor({ versionName, client, publicKey }: GcpKmsSignerOptions) {\n\t\tsuper();\n\t\tif (!versionName) throw new Error('Version name is required');\n\n\t\tthis.#client = client;\n\t\tthis.#versionName = versionName;\n\t\tthis.#publicKey = publicKey;\n\t}\n\n\t/**\n\t * Retrieves the key scheme used by this signer.\n\t * @returns GCP supports only `Secp256k1` and `Secp256r1` schemes.\n\t */\n\tgetKeyScheme() {\n\t\treturn SIGNATURE_FLAG_TO_SCHEME[this.#publicKey.flag() as SignatureFlag];\n\t}\n\n\t/**\n\t * Retrieves the public key associated with this signer.\n\t * @returns The Secp256k1PublicKey instance.\n\t * @throws Will throw an error if the public key has not been initialized.\n\t */\n\tgetPublicKey() {\n\t\treturn this.#publicKey;\n\t}\n\n\t/**\n\t * Signs the given data using GCP KMS.\n\t * @param bytes - The data to be signed as a Uint8Array.\n\t * @returns A promise that resolves to the signature as a Uint8Array.\n\t * @throws Will throw an error if the public key is not initialized or if signing fails.\n\t */\n\tasync sign(bytes: Uint8Array): Promise<Uint8Array<ArrayBuffer>> {\n\t\tconst [signResponse] = await this.#client.asymmetricSign({\n\t\t\tname: this.#versionName,\n\t\t\tdata: bytes,\n\t\t});\n\n\t\tif (!signResponse.signature) {\n\t\t\tthrow new Error('No signature returned from GCP KMS');\n\t\t}\n\n\t\treturn getConcatenatedSignature(signResponse.signature as Uint8Array, this.getKeyScheme());\n\t}\n\n\t/**\n\t * Synchronous signing is not supported by GCP KMS.\n\t * @throws Always throws an error indicating synchronous signing is unsupported.\n\t * @deprecated use `sign` instead\n\t */\n\tsignData(): never {\n\t\tthrow new Error('GCP Signer does not support sync signing');\n\t}\n\n\t/**\n\t * Creates a GCP KMS signer from the provided options.\n\t * Expects the credentials file to be set as an env variable\n\t * (GOOGLE_APPLICATION_CREDENTIALS).\n\t */\n\tstatic async fromOptions(options: {\n\t\tprojectId: string;\n\t\tlocation: string;\n\t\tkeyRing: string;\n\t\tcryptoKey: string;\n\t\tcryptoKeyVersion: string;\n\t}) {\n\t\tconst client = new KeyManagementServiceClient();\n\n\t\tconst versionName = client.cryptoKeyVersionPath(\n\t\t\toptions.projectId,\n\t\t\toptions.location,\n\t\t\toptions.keyRing,\n\t\t\toptions.cryptoKey,\n\t\t\toptions.cryptoKeyVersion,\n\t\t);\n\n\t\treturn new GcpKmsSigner({\n\t\t\tversionName,\n\t\t\tclient,\n\t\t\tpublicKey: await getPublicKey(client, versionName),\n\t\t});\n\t}\n\n\tstatic async fromVersionName(versionName: string) {\n\t\tconst client = new KeyManagementServiceClient();\n\t\treturn new GcpKmsSigner({\n\t\t\tversionName,\n\t\t\tclient,\n\t\t\tpublicKey: await getPublicKey(client, versionName),\n\t\t});\n\t}\n}\n\n/**\n * Retrieves the public key associated with the given version name.\n */\nasync function getPublicKey(\n\tclient: KeyManagementServiceClient,\n\tversionName: string,\n): Promise<PublicKey> {\n\tconst [publicKey] = await client.getPublicKey({ name: versionName });\n\n\tconst { algorithm, pem } = publicKey;\n\n\tif (!pem) throw new Error('No PEM key returned from GCP KMS');\n\n\tconst base64 = pem\n\t\t.replace('-----BEGIN PUBLIC KEY-----', '')\n\t\t.replace('-----END PUBLIC KEY-----', '')\n\t\t.replace(/\\s/g, '');\n\n\tconst compressedKey = publicKeyFromDER(fromBase64(base64));\n\n\tswitch (algorithm) {\n\t\tcase 'EC_SIGN_SECP256K1_SHA256':\n\t\t\treturn new Secp256k1PublicKey(compressedKey);\n\t\tcase 'EC_SIGN_P256_SHA256':\n\t\t\treturn new Secp256r1PublicKey(compressedKey);\n\t\tdefault:\n\t\t\tthrow new Error(`Unsupported algorithm: ${algorithm}`);\n\t}\n}\n"],
|
|
5
|
+
"mappings": ";;;;;;;AAAA;AAEA,SAAS,kCAAkC;AAE3C,SAAS,0BAA0B,cAAc;AACjD,SAAS,0BAA0B;AACnC,SAAS,0BAA0B;AACnC,SAAS,kBAAkB;AAE3B,SAAS,0BAA0B,wBAAwB;AAkBpD,MAAM,gBAAN,MAAM,sBAAqB,OAAO;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAgBxC,YAAY,EAAE,aAAa,QAAQ,UAAU,GAAwB;AACpE,UAAM;AAhBP;AAEA;AAAA;AAEA;AAAA;AAaC,QAAI,CAAC,YAAa,OAAM,IAAI,MAAM,0BAA0B;AAE5D,uBAAK,SAAU;AACf,uBAAK,cAAe;AACpB,uBAAK,YAAa;AAAA,EACnB;AAAA;AAAA;AAAA;AAAA;AAAA,EAMA,eAAe;AACd,WAAO,yBAAyB,mBAAK,YAAW,KAAK,CAAkB;AAAA,EACxE;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAOA,eAAe;AACd,WAAO,mBAAK;AAAA,EACb;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAQA,MAAM,KAAK,OAAqD;AAC/D,UAAM,CAAC,YAAY,IAAI,MAAM,mBAAK,SAAQ,eAAe;AAAA,MACxD,MAAM,mBAAK;AAAA,MACX,MAAM;AAAA,IACP,CAAC;AAED,QAAI,CAAC,aAAa,WAAW;AAC5B,YAAM,IAAI,MAAM,oCAAoC;AAAA,IACrD;AAEA,WAAO,yBAAyB,aAAa,WAAyB,KAAK,aAAa,CAAC;AAAA,EAC1F;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAOA,WAAkB;AACjB,UAAM,IAAI,MAAM,0CAA0C;AAAA,EAC3D;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAOA,aAAa,YAAY,SAMtB;AACF,UAAM,SAAS,IAAI,2BAA2B;AAE9C,UAAM,cAAc,OAAO;AAAA,MAC1B,QAAQ;AAAA,MACR,QAAQ;AAAA,MACR,QAAQ;AAAA,MACR,QAAQ;AAAA,MACR,QAAQ;AAAA,IACT;AAEA,WAAO,IAAI,cAAa;AAAA,MACvB;AAAA,MACA;AAAA,MACA,WAAW,MAAM,aAAa,QAAQ,WAAW;AAAA,IAClD,CAAC;AAAA,EACF;AAAA,EAEA,aAAa,gBAAgB,aAAqB;AACjD,UAAM,SAAS,IAAI,2BAA2B;AAC9C,WAAO,IAAI,cAAa;AAAA,MACvB;AAAA,MACA;AAAA,MACA,WAAW,MAAM,aAAa,QAAQ,WAAW;AAAA,IAClD,CAAC;AAAA,EACF;AACD;AA1GC;AAEA;AAEA;AALM,IAAM,eAAN;AAgHP,eAAe,aACd,QACA,aACqB;AACrB,QAAM,CAAC,SAAS,IAAI,MAAM,OAAO,aAAa,EAAE,MAAM,YAAY,CAAC;AAEnE,QAAM,EAAE,WAAW,IAAI,IAAI;AAE3B,MAAI,CAAC,IAAK,OAAM,IAAI,MAAM,kCAAkC;AAE5D,QAAM,SAAS,IACb,QAAQ,8BAA8B,EAAE,EACxC,QAAQ,4BAA4B,EAAE,EACtC,QAAQ,OAAO,EAAE;AAEnB,QAAM,gBAAgB,iBAAiB,WAAW,MAAM,CAAC;AAEzD,UAAQ,WAAW;AAAA,IAClB,KAAK;AACJ,aAAO,IAAI,mBAAmB,aAAa;AAAA,IAC5C,KAAK;AACJ,aAAO,IAAI,mBAAmB,aAAa;AAAA,IAC5C;AACC,YAAM,IAAI,MAAM,0BAA0B,SAAS,EAAE;AAAA,EACvD;AACD;",
|
|
6
6
|
"names": []
|
|
7
7
|
}
|