@mysten/signers 0.6.1 → 1.0.0

package/src/utils/utils.ts

@@ -1,8 +1,8 @@
 // Copyright (c) Mysten Labs, Inc.
 // SPDX-License-Identifier: Apache-2.0
 
-import { secp256r1 } from '@noble/curves/p256';
-import { secp256k1 } from '@noble/curves/secp256k1';
+import { p256 as secp256r1 } from '@noble/curves/nist.js';
+import { secp256k1 } from '@noble/curves/secp256k1.js';
 import { ASN1Construction, ASN1TagClass, DERElement } from 'asn1-ts';
 
 /** The total number of bits in the DER bit string for the uncompressed public key. */
@@ -70,14 +70,22 @@ export function getConcatenatedSignature(signature: Uint8Array, keyScheme: strin
 	const [r, s] = derElement.toJSON() as [string, string];
 
 	switch (keyScheme) {
-		case 'Secp256k1':
-			return new secp256k1.Signature(BigInt(r), BigInt(s))
-				.normalizeS()
-				.toCompactRawBytes() as Uint8Array<ArrayBuffer>;
-		case 'Secp256r1':
-			return new secp256r1.Signature(BigInt(r), BigInt(s))
-				.normalizeS()
-				.toCompactRawBytes() as Uint8Array<ArrayBuffer>;
+		case 'Secp256k1': {
+			const sig = new secp256k1.Signature(BigInt(r), BigInt(s));
+			const normalized = sig.hasHighS()
+				? new secp256k1.Signature(sig.r, secp256k1.Point.Fn.neg(sig.s))
+				: sig;
+
+			return normalized.toBytes('compact') as Uint8Array<ArrayBuffer>;
+		}
+		case 'Secp256r1': {
+			const sig = new secp256r1.Signature(BigInt(r), BigInt(s));
+			const normalized = sig.hasHighS()
+				? new secp256r1.Signature(sig.r, secp256r1.Point.Fn.neg(sig.s))
+				: sig;
+
+			return normalized.toBytes('compact') as Uint8Array<ArrayBuffer>;
+		}
 		default:
 			throw new Error('Unsupported key scheme');
 	}

package/src/webcrypto/index.ts

@@ -4,7 +4,7 @@
 import type { SignatureScheme } from '@mysten/sui/cryptography';
 import { Signer } from '@mysten/sui/cryptography';
 import { Secp256r1PublicKey } from '@mysten/sui/keypairs/secp256r1';
-import { secp256r1 } from '@noble/curves/p256';
+import { p256 as secp256r1 } from '@noble/curves/nist.js';
 
 // Convert from uncompressed (65 bytes) to compressed (33 bytes) format
 function getCompressedPublicKey(publicKey: Uint8Array) {
@@ -101,8 +101,11 @@ export class WebCryptoSigner extends Signer {
 			bytes as BufferSource,
 		);
 
-		const signature = secp256r1.Signature.fromCompact(new Uint8Array(rawSignature));
+		const signature = secp256r1.Signature.fromBytes(new Uint8Array(rawSignature));
+		const normalizedSig = signature.hasHighS()
+			? new secp256r1.Signature(signature.r, secp256r1.Point.Fn.neg(signature.s))
+			: signature;
 
-		return signature.normalizeS().toCompactRawBytes() as Uint8Array<ArrayBuffer>;
+		return normalizedSig.toBytes('compact') as Uint8Array<ArrayBuffer>;
 	}
 }

package/aws/package.json

@@ -1,6 +0,0 @@
-{
-	"private": true,
-	"import": "../dist/esm/aws/index.js",
-	"main": "../dist/cjs/aws/index.js",
-	"sideEffects": false
-}

package/dist/cjs/aws/aws-client.d.ts

@@ -1,43 +0,0 @@
-import { Secp256k1PublicKey } from '@mysten/sui/keypairs/secp256k1';
-import { Secp256r1PublicKey } from '@mysten/sui/keypairs/secp256r1';
-import { AwsClient } from './aws4fetch.js';
-interface KmsCommands {
-    Sign: {
-        request: {
-            KeyId: string;
-            Message: string;
-            MessageType: 'RAW' | 'DIGEST';
-            SigningAlgorithm: 'ECDSA_SHA_256';
-        };
-        response: {
-            KeyId: string;
-            KeyOrigin: string;
-            Signature: string;
-            SigningAlgorithm: string;
-        };
-    };
-    GetPublicKey: {
-        request: {
-            KeyId: string;
-        };
-        response: {
-            CustomerMasterKeySpec: string;
-            KeyId: string;
-            KeyOrigin: string;
-            KeySpec: string;
-            KeyUsage: string;
-            PublicKey: string;
-            SigningAlgorithms: string[];
-        };
-    };
-}
-export interface AwsClientOptions extends Partial<ConstructorParameters<typeof AwsClient>[0]> {
-}
-export declare class AwsKmsClient extends AwsClient {
-    constructor(options?: AwsClientOptions);
-    getPublicKey(keyId: string): Promise<Secp256r1PublicKey | Secp256k1PublicKey>;
-    runCommand<T extends keyof KmsCommands>(command: T, body: KmsCommands[T]['request'], { region, }?: {
-        region?: string;
-    }): Promise<KmsCommands[T]['response']>;
-}
-export {};

package/dist/cjs/aws/aws-client.js

@@ -1,79 +0,0 @@
-"use strict";
-var __defProp = Object.defineProperty;
-var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
-var __getOwnPropNames = Object.getOwnPropertyNames;
-var __hasOwnProp = Object.prototype.hasOwnProperty;
-var __export = (target, all) => {
-  for (var name in all)
-    __defProp(target, name, { get: all[name], enumerable: true });
-};
-var __copyProps = (to, from, except, desc) => {
-  if (from && typeof from === "object" || typeof from === "function") {
-    for (let key of __getOwnPropNames(from))
-      if (!__hasOwnProp.call(to, key) && key !== except)
-        __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable });
-  }
-  return to;
-};
-var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
-var aws_client_exports = {};
-__export(aws_client_exports, {
-  AwsKmsClient: () => AwsKmsClient
-});
-module.exports = __toCommonJS(aws_client_exports);
-var import_secp256k1 = require("@mysten/sui/keypairs/secp256k1");
-var import_secp256r1 = require("@mysten/sui/keypairs/secp256r1");
-var import_utils = require("@mysten/sui/utils");
-var import_utils2 = require("../utils/utils.js");
-var import_aws4fetch = require("./aws4fetch.js");
-class AwsKmsClient extends import_aws4fetch.AwsClient {
-  constructor(options = {}) {
-    if (!options.accessKeyId || !options.secretAccessKey) {
-      throw new Error("AWS Access Key ID and Secret Access Key are required");
-    }
-    if (!options.region) {
-      throw new Error("Region is required");
-    }
-    super({
-      region: options.region,
-      accessKeyId: options.accessKeyId,
-      secretAccessKey: options.secretAccessKey,
-      service: "kms",
-      ...options
-    });
-  }
-  async getPublicKey(keyId) {
-    const publicKeyResponse = await this.runCommand("GetPublicKey", { KeyId: keyId });
-    if (!publicKeyResponse.PublicKey) {
-      throw new Error("Public Key not found for the supplied `keyId`");
-    }
-    const compressedKey = (0, import_utils2.publicKeyFromDER)((0, import_utils.fromBase64)(publicKeyResponse.PublicKey));
-    switch (publicKeyResponse.KeySpec) {
-      case "ECC_NIST_P256":
-        return new import_secp256r1.Secp256r1PublicKey(compressedKey);
-      case "ECC_SECG_P256K1":
-        return new import_secp256k1.Secp256k1PublicKey(compressedKey);
-      default:
-        throw new Error("Unsupported key spec: " + publicKeyResponse.KeySpec);
-    }
-  }
-  async runCommand(command, body, {
-    region = this.region
-  } = {}) {
-    if (!region) {
-      throw new Error("Region is required");
-    }
-    const res = await this.fetch(`https://kms.${region}.amazonaws.com/`, {
-      headers: {
-        "Content-Type": "application/x-amz-json-1.1",
-        "X-Amz-Target": `TrentService.${command}`
-      },
-      body: JSON.stringify(body)
-    });
-    if (!res.ok) {
-      throw new Error(await res.text());
-    }
-    return res.json();
-  }
-}
-//# sourceMappingURL=aws-client.js.map

package/dist/cjs/aws/aws-client.js.map

@@ -1,7 +0,0 @@
-{
-  "version": 3,
-  "sources": ["../../../src/aws/aws-client.ts"],
-  "sourcesContent": ["// Copyright (c) Mysten Labs, Inc.\n// SPDX-License-Identifier: Apache-2.0\n\nimport { Secp256k1PublicKey } from '@mysten/sui/keypairs/secp256k1';\nimport { Secp256r1PublicKey } from '@mysten/sui/keypairs/secp256r1';\nimport { fromBase64 } from '@mysten/sui/utils';\n\nimport { publicKeyFromDER } from '../utils/utils.js';\nimport { AwsClient } from './aws4fetch.js';\n\ninterface KmsCommands {\n\tSign: {\n\t\trequest: {\n\t\t\tKeyId: string;\n\t\t\tMessage: string;\n\t\t\tMessageType: 'RAW' | 'DIGEST';\n\t\t\tSigningAlgorithm: 'ECDSA_SHA_256';\n\t\t};\n\t\tresponse: {\n\t\t\tKeyId: string;\n\t\t\tKeyOrigin: string;\n\t\t\tSignature: string;\n\t\t\tSigningAlgorithm: string;\n\t\t};\n\t};\n\tGetPublicKey: {\n\t\trequest: { KeyId: string };\n\t\tresponse: {\n\t\t\tCustomerMasterKeySpec: string;\n\t\t\tKeyId: string;\n\t\t\tKeyOrigin: string;\n\t\t\tKeySpec: string;\n\t\t\tKeyUsage: string;\n\t\t\tPublicKey: string;\n\t\t\tSigningAlgorithms: string[];\n\t\t};\n\t};\n}\n\nexport interface AwsClientOptions extends Partial<ConstructorParameters<typeof AwsClient>[0]> {}\n\nexport class AwsKmsClient extends AwsClient {\n\tconstructor(options: AwsClientOptions = {}) {\n\t\tif (!options.accessKeyId || !options.secretAccessKey) {\n\t\t\tthrow new Error('AWS Access Key ID and Secret Access Key are required');\n\t\t}\n\n\t\tif (!options.region) {\n\t\t\tthrow new Error('Region is required');\n\t\t}\n\n\t\tsuper({\n\t\t\tregion: options.region,\n\t\t\taccessKeyId: options.accessKeyId,\n\t\t\tsecretAccessKey: options.secretAccessKey,\n\t\t\tservice: 'kms',\n\t\t\t...options,\n\t\t});\n\t}\n\n\tasync getPublicKey(keyId: string) {\n\t\tconst publicKeyResponse = await this.runCommand('GetPublicKey', { KeyId: keyId });\n\n\t\tif (!publicKeyResponse.PublicKey) {\n\t\t\tthrow new Error('Public Key not found for the supplied `keyId`');\n\t\t}\n\n\t\tconst compressedKey = publicKeyFromDER(fromBase64(publicKeyResponse.PublicKey));\n\n\t\tswitch (publicKeyResponse.KeySpec) {\n\t\t\tcase 'ECC_NIST_P256':\n\t\t\t\treturn new Secp256r1PublicKey(compressedKey);\n\t\t\tcase 'ECC_SECG_P256K1':\n\t\t\t\treturn new Secp256k1PublicKey(compressedKey);\n\t\t\tdefault:\n\t\t\t\tthrow new Error('Unsupported key spec: ' + publicKeyResponse.KeySpec);\n\t\t}\n\t}\n\n\tasync runCommand<T extends keyof KmsCommands>(\n\t\tcommand: T,\n\t\tbody: KmsCommands[T]['request'],\n\t\t{\n\t\t\tregion = this.region!,\n\t\t}: {\n\t\t\tregion?: string;\n\t\t} = {},\n\t): Promise<KmsCommands[T]['response']> {\n\t\tif (!region) {\n\t\t\tthrow new Error('Region is required');\n\t\t}\n\n\t\tconst res = await this.fetch(`https://kms.${region}.amazonaws.com/`, {\n\t\t\theaders: {\n\t\t\t\t'Content-Type': 'application/x-amz-json-1.1',\n\t\t\t\t'X-Amz-Target': `TrentService.${command}`,\n\t\t\t},\n\t\t\tbody: JSON.stringify(body),\n\t\t});\n\n\t\tif (!res.ok) {\n\t\t\tthrow new Error(await res.text());\n\t\t}\n\n\t\treturn res.json();\n\t}\n}\n"],
-  "mappings": ";;;;;;;;;;;;;;;;;;AAAA;AAAA;AAAA;AAAA;AAAA;AAGA,uBAAmC;AACnC,uBAAmC;AACnC,mBAA2B;AAE3B,IAAAA,gBAAiC;AACjC,uBAA0B;AAiCnB,MAAM,qBAAqB,2BAAU;AAAA,EAC3C,YAAY,UAA4B,CAAC,GAAG;AAC3C,QAAI,CAAC,QAAQ,eAAe,CAAC,QAAQ,iBAAiB;AACrD,YAAM,IAAI,MAAM,sDAAsD;AAAA,IACvE;AAEA,QAAI,CAAC,QAAQ,QAAQ;AACpB,YAAM,IAAI,MAAM,oBAAoB;AAAA,IACrC;AAEA,UAAM;AAAA,MACL,QAAQ,QAAQ;AAAA,MAChB,aAAa,QAAQ;AAAA,MACrB,iBAAiB,QAAQ;AAAA,MACzB,SAAS;AAAA,MACT,GAAG;AAAA,IACJ,CAAC;AAAA,EACF;AAAA,EAEA,MAAM,aAAa,OAAe;AACjC,UAAM,oBAAoB,MAAM,KAAK,WAAW,gBAAgB,EAAE,OAAO,MAAM,CAAC;AAEhF,QAAI,CAAC,kBAAkB,WAAW;AACjC,YAAM,IAAI,MAAM,+CAA+C;AAAA,IAChE;AAEA,UAAM,oBAAgB,oCAAiB,yBAAW,kBAAkB,SAAS,CAAC;AAE9E,YAAQ,kBAAkB,SAAS;AAAA,MAClC,KAAK;AACJ,eAAO,IAAI,oCAAmB,aAAa;AAAA,MAC5C,KAAK;AACJ,eAAO,IAAI,oCAAmB,aAAa;AAAA,MAC5C;AACC,cAAM,IAAI,MAAM,2BAA2B,kBAAkB,OAAO;AAAA,IACtE;AAAA,EACD;AAAA,EAEA,MAAM,WACL,SACA,MACA;AAAA,IACC,SAAS,KAAK;AAAA,EACf,IAEI,CAAC,GACiC;AACtC,QAAI,CAAC,QAAQ;AACZ,YAAM,IAAI,MAAM,oBAAoB;AAAA,IACrC;AAEA,UAAM,MAAM,MAAM,KAAK,MAAM,eAAe,MAAM,mBAAmB;AAAA,MACpE,SAAS;AAAA,QACR,gBAAgB;AAAA,QAChB,gBAAgB,gBAAgB,OAAO;AAAA,MACxC;AAAA,MACA,MAAM,KAAK,UAAU,IAAI;AAAA,IAC1B,CAAC;AAED,QAAI,CAAC,IAAI,IAAI;AACZ,YAAM,IAAI,MAAM,MAAM,IAAI,KAAK,CAAC;AAAA,IACjC;AAEA,WAAO,IAAI,KAAK;AAAA,EACjB;AACD;",
-  "names": ["import_utils"]
-}

package/dist/cjs/aws/aws-kms-signer.d.ts

@@ -1,61 +0,0 @@
-import type { PublicKey } from '@mysten/sui/cryptography';
-import { Signer } from '@mysten/sui/cryptography';
-import type { AwsClientOptions } from './aws-client.js';
-import { AwsKmsClient } from './aws-client.js';
-/**
- * Configuration options for initializing the AwsKmsSigner.
- */
-export interface AwsKmsSignerOptions {
-    /** AWS KMS Key ID used for signing */
-    kmsKeyId: string;
-    /** Options for setting up the AWS KMS client */
-    client: AwsKmsClient;
-    /** Public key */
-    publicKey: PublicKey;
-}
-/**
- * Aws KMS Signer integrates AWS Key Management Service (KMS) with the Sui blockchain
- * to provide signing capabilities using AWS-managed cryptographic keys.
- */
-export declare class AwsKmsSigner extends Signer {
-    #private;
-    /**
-     * Creates an instance of AwsKmsSigner. It's expected to call the static `fromKeyId` method to create an instance.
-     * For example:
-     * ```
-     * const signer = await AwsKmsSigner.fromKeyId(keyId, options);
-     * ```
-     * @throws Will throw an error if required AWS credentials or region are not provided.
-     */
-    constructor({ kmsKeyId, client, publicKey }: AwsKmsSignerOptions);
-    /**
-     * Retrieves the key scheme used by this signer.
-     * @returns AWS supports only Secp256k1 and Secp256r1 schemes.
-     */
-    getKeyScheme(): "Secp256k1" | "Secp256r1" | "ED25519" | "MultiSig" | "ZkLogin" | "Passkey";
-    /**
-     * Retrieves the public key associated with this signer.
-     * @returns The Secp256k1PublicKey instance.
-     * @throws Will throw an error if the public key has not been initialized.
-     */
-    getPublicKey(): PublicKey;
-    /**
-     * Signs the given data using AWS KMS.
-     * @param bytes - The data to be signed as a Uint8Array.
-     * @returns A promise that resolves to the signature as a Uint8Array.
-     * @throws Will throw an error if the public key is not initialized or if signing fails.
-     */
-    sign(bytes: Uint8Array): Promise<Uint8Array<ArrayBuffer>>;
-    /**
-     * Synchronous signing is not supported by AWS KMS.
-     * @throws Always throws an error indicating synchronous signing is unsupported.
-     * @deprecated use `sign` instead
-     */
-    signData(): never;
-    /**
-     * Prepares the signer by fetching and setting the public key from AWS KMS.
-     * It is recommended to initialize an `AwsKmsSigner` instance using this function.
-     * @returns A promise that resolves once a `AwsKmsSigner` instance is prepared (public key is set).
-     */
-    static fromKeyId(keyId: string, options: AwsClientOptions): Promise<AwsKmsSigner>;
-}

package/dist/cjs/aws/aws-kms-signer.js

@@ -1,114 +0,0 @@
-"use strict";
-var __defProp = Object.defineProperty;
-var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
-var __getOwnPropNames = Object.getOwnPropertyNames;
-var __hasOwnProp = Object.prototype.hasOwnProperty;
-var __typeError = (msg) => {
-  throw TypeError(msg);
-};
-var __export = (target, all) => {
-  for (var name in all)
-    __defProp(target, name, { get: all[name], enumerable: true });
-};
-var __copyProps = (to, from, except, desc) => {
-  if (from && typeof from === "object" || typeof from === "function") {
-    for (let key of __getOwnPropNames(from))
-      if (!__hasOwnProp.call(to, key) && key !== except)
-        __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable });
-  }
-  return to;
-};
-var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
-var __accessCheck = (obj, member, msg) => member.has(obj) || __typeError("Cannot " + msg);
-var __privateGet = (obj, member, getter) => (__accessCheck(obj, member, "read from private field"), getter ? getter.call(obj) : member.get(obj));
-var __privateAdd = (obj, member, value) => member.has(obj) ? __typeError("Cannot add the same private member more than once") : member instanceof WeakSet ? member.add(obj) : member.set(obj, value);
-var __privateSet = (obj, member, value, setter) => (__accessCheck(obj, member, "write to private field"), setter ? setter.call(obj, value) : member.set(obj, value), value);
-var aws_kms_signer_exports = {};
-__export(aws_kms_signer_exports, {
-  AwsKmsSigner: () => AwsKmsSigner
-});
-module.exports = __toCommonJS(aws_kms_signer_exports);
-var import_cryptography = require("@mysten/sui/cryptography");
-var import_utils = require("@mysten/sui/utils");
-var import_utils2 = require("../utils/utils.js");
-var import_aws_client = require("./aws-client.js");
-var _publicKey, _client, _kmsKeyId;
-const _AwsKmsSigner = class _AwsKmsSigner extends import_cryptography.Signer {
-  /**
-   * Creates an instance of AwsKmsSigner. It's expected to call the static `fromKeyId` method to create an instance.
-   * For example:
-   * ```
-   * const signer = await AwsKmsSigner.fromKeyId(keyId, options);
-   * ```
-   * @throws Will throw an error if required AWS credentials or region are not provided.
-   */
-  constructor({ kmsKeyId, client, publicKey }) {
-    super();
-    __privateAdd(this, _publicKey);
-    /** AWS KMS client instance */
-    __privateAdd(this, _client);
-    /** AWS KMS Key ID used for signing */
-    __privateAdd(this, _kmsKeyId);
-    if (!kmsKeyId) throw new Error("KMS Key ID is required");
-    __privateSet(this, _client, client);
-    __privateSet(this, _kmsKeyId, kmsKeyId);
-    __privateSet(this, _publicKey, publicKey);
-  }
-  /**
-   * Retrieves the key scheme used by this signer.
-   * @returns AWS supports only Secp256k1 and Secp256r1 schemes.
-   */
-  getKeyScheme() {
-    return import_cryptography.SIGNATURE_FLAG_TO_SCHEME[__privateGet(this, _publicKey).flag()];
-  }
-  /**
-   * Retrieves the public key associated with this signer.
-   * @returns The Secp256k1PublicKey instance.
-   * @throws Will throw an error if the public key has not been initialized.
-   */
-  getPublicKey() {
-    return __privateGet(this, _publicKey);
-  }
-  /**
-   * Signs the given data using AWS KMS.
-   * @param bytes - The data to be signed as a Uint8Array.
-   * @returns A promise that resolves to the signature as a Uint8Array.
-   * @throws Will throw an error if the public key is not initialized or if signing fails.
-   */
-  async sign(bytes) {
-    const signResponse = await __privateGet(this, _client).runCommand("Sign", {
-      KeyId: __privateGet(this, _kmsKeyId),
-      Message: (0, import_utils.toBase64)(bytes),
-      MessageType: "RAW",
-      SigningAlgorithm: "ECDSA_SHA_256"
-    });
-    return (0, import_utils2.getConcatenatedSignature)((0, import_utils.fromBase64)(signResponse.Signature), this.getKeyScheme());
-  }
-  /**
-   * Synchronous signing is not supported by AWS KMS.
-   * @throws Always throws an error indicating synchronous signing is unsupported.
-   * @deprecated use `sign` instead
-   */
-  signData() {
-    throw new Error("KMS Signer does not support sync signing");
-  }
-  /**
-   * Prepares the signer by fetching and setting the public key from AWS KMS.
-   * It is recommended to initialize an `AwsKmsSigner` instance using this function.
-   * @returns A promise that resolves once a `AwsKmsSigner` instance is prepared (public key is set).
-   */
-  static async fromKeyId(keyId, options) {
-    const client = new import_aws_client.AwsKmsClient(options);
-    const pubKey = await client.getPublicKey(keyId);
-    return new _AwsKmsSigner({
-      kmsKeyId: keyId,
-      client,
-      publicKey: pubKey
-    });
-  }
-};
-_publicKey = new WeakMap();
-_client = new WeakMap();
-_kmsKeyId = new WeakMap();
-let AwsKmsSigner = _AwsKmsSigner;
-//# sourceMappingURL=aws-kms-signer.js.map

package/dist/cjs/aws/aws-kms-signer.js.map

@@ -1,7 +0,0 @@
-{
-  "version": 3,
-  "sources": ["../../../src/aws/aws-kms-signer.ts"],
-  "sourcesContent": ["// Copyright (c) Mysten Labs, Inc.\n// SPDX-License-Identifier: Apache-2.0\nimport type { PublicKey, SignatureFlag } from '@mysten/sui/cryptography';\nimport { SIGNATURE_FLAG_TO_SCHEME, Signer } from '@mysten/sui/cryptography';\nimport { fromBase64, toBase64 } from '@mysten/sui/utils';\n\nimport { getConcatenatedSignature } from '../utils/utils.js';\nimport type { AwsClientOptions } from './aws-client.js';\nimport { AwsKmsClient } from './aws-client.js';\n\n/**\n * Configuration options for initializing the AwsKmsSigner.\n */\nexport interface AwsKmsSignerOptions {\n\t/** AWS KMS Key ID used for signing */\n\tkmsKeyId: string;\n\t/** Options for setting up the AWS KMS client */\n\tclient: AwsKmsClient;\n\t/** Public key */\n\tpublicKey: PublicKey;\n}\n\n/**\n * Aws KMS Signer integrates AWS Key Management Service (KMS) with the Sui blockchain\n * to provide signing capabilities using AWS-managed cryptographic keys.\n */\nexport class AwsKmsSigner extends Signer {\n\t#publicKey: PublicKey;\n\t/** AWS KMS client instance */\n\t#client: AwsKmsClient;\n\t/** AWS KMS Key ID used for signing */\n\t#kmsKeyId: string;\n\n\t/**\n\t * Creates an instance of AwsKmsSigner. It's expected to call the static `fromKeyId` method to create an instance.\n\t * For example:\n\t * ```\n\t * const signer = await AwsKmsSigner.fromKeyId(keyId, options);\n\t * ```\n\t * @throws Will throw an error if required AWS credentials or region are not provided.\n\t */\n\tconstructor({ kmsKeyId, client, publicKey }: AwsKmsSignerOptions) {\n\t\tsuper();\n\t\tif (!kmsKeyId) throw new Error('KMS Key ID is required');\n\n\t\tthis.#client = client;\n\t\tthis.#kmsKeyId = kmsKeyId;\n\t\tthis.#publicKey = publicKey;\n\t}\n\n\t/**\n\t * Retrieves the key scheme used by this signer.\n\t * @returns AWS supports only Secp256k1 and Secp256r1 schemes.\n\t */\n\tgetKeyScheme() {\n\t\treturn SIGNATURE_FLAG_TO_SCHEME[this.#publicKey.flag() as SignatureFlag];\n\t}\n\n\t/**\n\t * Retrieves the public key associated with this signer.\n\t * @returns The Secp256k1PublicKey instance.\n\t * @throws Will throw an error if the public key has not been initialized.\n\t */\n\tgetPublicKey() {\n\t\treturn this.#publicKey;\n\t}\n\n\t/**\n\t * Signs the given data using AWS KMS.\n\t * @param bytes - The data to be signed as a Uint8Array.\n\t * @returns A promise that resolves to the signature as a Uint8Array.\n\t * @throws Will throw an error if the public key is not initialized or if signing fails.\n\t */\n\tasync sign(bytes: Uint8Array): Promise<Uint8Array<ArrayBuffer>> {\n\t\tconst signResponse = await this.#client.runCommand('Sign', {\n\t\t\tKeyId: this.#kmsKeyId,\n\t\t\tMessage: toBase64(bytes),\n\t\t\tMessageType: 'RAW',\n\t\t\tSigningAlgorithm: 'ECDSA_SHA_256',\n\t\t});\n\n\t\t// Concatenate the signature components into a compact form\n\t\treturn getConcatenatedSignature(fromBase64(signResponse.Signature), this.getKeyScheme());\n\t}\n\n\t/**\n\t * Synchronous signing is not supported by AWS KMS.\n\t * @throws Always throws an error indicating synchronous signing is unsupported.\n\t * @deprecated use `sign` instead\n\t */\n\tsignData(): never {\n\t\tthrow new Error('KMS Signer does not support sync signing');\n\t}\n\n\t/**\n\t * Prepares the signer by fetching and setting the public key from AWS KMS.\n\t * It is recommended to initialize an `AwsKmsSigner` instance using this function.\n\t * @returns A promise that resolves once a `AwsKmsSigner` instance is prepared (public key is set).\n\t */\n\tstatic async fromKeyId(keyId: string, options: AwsClientOptions) {\n\t\tconst client = new AwsKmsClient(options);\n\n\t\tconst pubKey = await client.getPublicKey(keyId);\n\n\t\treturn new AwsKmsSigner({\n\t\t\tkmsKeyId: keyId,\n\t\t\tclient,\n\t\t\tpublicKey: pubKey,\n\t\t});\n\t}\n}\n"],
-  "mappings": ";;;;;;;;;;;;;;;;;;;;;;;;;AAAA;AAAA;AAAA;AAAA;AAAA;AAGA,0BAAiD;AACjD,mBAAqC;AAErC,IAAAA,gBAAyC;AAEzC,wBAA6B;AAR7B;AA0BO,MAAM,gBAAN,MAAM,sBAAqB,2BAAO;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAexC,YAAY,EAAE,UAAU,QAAQ,UAAU,GAAwB;AACjE,UAAM;AAfP;AAEA;AAAA;AAEA;AAAA;AAYC,QAAI,CAAC,SAAU,OAAM,IAAI,MAAM,wBAAwB;AAEvD,uBAAK,SAAU;AACf,uBAAK,WAAY;AACjB,uBAAK,YAAa;AAAA,EACnB;AAAA;AAAA;AAAA;AAAA;AAAA,EAMA,eAAe;AACd,WAAO,6CAAyB,mBAAK,YAAW,KAAK,CAAkB;AAAA,EACxE;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAOA,eAAe;AACd,WAAO,mBAAK;AAAA,EACb;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAQA,MAAM,KAAK,OAAqD;AAC/D,UAAM,eAAe,MAAM,mBAAK,SAAQ,WAAW,QAAQ;AAAA,MAC1D,OAAO,mBAAK;AAAA,MACZ,aAAS,uBAAS,KAAK;AAAA,MACvB,aAAa;AAAA,MACb,kBAAkB;AAAA,IACnB,CAAC;AAGD,eAAO,4CAAyB,yBAAW,aAAa,SAAS,GAAG,KAAK,aAAa,CAAC;AAAA,EACxF;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAOA,WAAkB;AACjB,UAAM,IAAI,MAAM,0CAA0C;AAAA,EAC3D;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAOA,aAAa,UAAU,OAAe,SAA2B;AAChE,UAAM,SAAS,IAAI,+BAAa,OAAO;AAEvC,UAAM,SAAS,MAAM,OAAO,aAAa,KAAK;AAE9C,WAAO,IAAI,cAAa;AAAA,MACvB,UAAU;AAAA,MACV;AAAA,MACA,WAAW;AAAA,IACZ,CAAC;AAAA,EACF;AACD;AAnFC;AAEA;AAEA;AALM,IAAM,eAAN;",
-  "names": ["import_utils"]
-}

package/dist/cjs/aws/aws4fetch.d.ts

@@ -1,125 +0,0 @@
-type AwsRequestInit = RequestInit & {
-    aws?: {
-        accessKeyId?: string;
-        secretAccessKey?: string;
-        sessionToken?: string;
-        service?: string;
-        region?: string;
-        cache?: Map<string, ArrayBuffer>;
-        datetime?: string;
-        signQuery?: boolean;
-        appendSessionToken?: boolean;
-        allHeaders?: boolean;
-        singleEncode?: boolean;
-    };
-};
-export declare class AwsClient {
-    accessKeyId: string;
-    secretAccessKey: string;
-    sessionToken: string | undefined;
-    service: string | undefined;
-    region: string | undefined;
-    cache: Map<any, any>;
-    retries: number;
-    initRetryMs: number;
-    /**
-     * @param {} options
-     */
-    constructor({ accessKeyId, secretAccessKey, sessionToken, service, region, cache, retries, initRetryMs, }: {
-        accessKeyId: string;
-        secretAccessKey: string;
-        sessionToken?: string;
-        service?: string;
-        region?: string;
-        cache?: Map<string, ArrayBuffer>;
-        retries?: number;
-        initRetryMs?: number;
-    });
-    sign(input: Request | {
-        toString: () => string;
-    }, init: AwsRequestInit): Promise<Request>;
-    /**
-     * @param {Request | { toString: () => string }} input
-     * @param {?AwsRequestInit} [init]
-     * @returns {Promise<Response>}
-     */
-    fetch(input: Request | {
-        toString: () => string;
-    }, init: AwsRequestInit): Promise<Response>;
-}
-export declare class AwsV4Signer {
-    method: any;
-    url: URL;
-    headers: Headers;
-    body: any;
-    accessKeyId: any;
-    secretAccessKey: any;
-    sessionToken: any;
-    service: any;
-    region: any;
-    cache: any;
-    datetime: any;
-    signQuery: any;
-    appendSessionToken: any;
-    signableHeaders: any[];
-    signedHeaders: any;
-    canonicalHeaders: any;
-    credentialString: string;
-    encodedPath: string;
-    encodedSearch: string;
-    /**
-     * @param {} options
-     */
-    constructor({ method, url, headers, body, accessKeyId, secretAccessKey, sessionToken, service, region, cache, datetime, signQuery, appendSessionToken, allHeaders, singleEncode, }: {
-        method?: string;
-        url: string;
-        headers?: HeadersInit;
-        body?: BodyInit | null;
-        accessKeyId: string;
-        secretAccessKey: string;
-        sessionToken?: string;
-        service?: string;
-        region?: string;
-        cache?: Map<string, ArrayBuffer>;
-        datetime?: string;
-        signQuery?: boolean;
-        appendSessionToken?: boolean;
-        allHeaders?: boolean;
-        singleEncode?: boolean;
-    });
-    /**
-     * @returns {Promise<{
-     *   method: string
-     *   url: URL
-     *   headers: Headers
-     *   body?: BodyInit | null
-     * }>}
-     */
-    sign(): Promise<{
-        method: any;
-        url: URL;
-        headers: Headers;
-        body: any;
-    }>;
-    /**
-     * @returns {Promise<string>}
-     */
-    authHeader(): Promise<string>;
-    /**
-     * @returns {Promise<string>}
-     */
-    signature(): Promise<string>;
-    /**
-     * @returns {Promise<string>}
-     */
-    stringToSign(): Promise<string>;
-    /**
-     * @returns {Promise<string>}
-     */
-    canonicalString(): Promise<string>;
-    /**
-     * @returns {Promise<string>}
-     */
-    hexBodyHash(): Promise<string>;
-}
-export {};