@mysten/signers 0.6.2 → 1.0.1

package/CHANGELOG.md

@@ -1,5 +1,52 @@
 # @mysten/signers
 
+## 1.0.1
+
+### Patch Changes
+
+- 99d1e00: Add default export condition
+- Updated dependencies [99d1e00]
+  - @mysten/ledgerjs-hw-app-sui@0.7.1
+  - @mysten/sui@2.3.2
+
+## 1.0.0
+
+### Major Changes
+
+- e00788c: Remove manual BCS serialization from ledger signer
+
+  **Breaking Changes:**
+  - **Removed `SuiMoveObject` export**: The custom BCS schema for Move objects has been removed. The
+    ledger signer now uses server-provided BCS bytes directly.
+  - **Client type change**: `LedgerSigner` and `getInputObjects` now accepts `ClientWithCoreApi`
+    instead of `SuiJsonRpcClient` (this is still compatible with `SuiJsonRpcClient`)
+
+### Minor Changes
+
+- e00788c: Remove deprecated `signData()` method from `AwsKmsSigner`, `GcpKmsSigner`, and
+  `MultiSigSigner`. Use `sign()` method instead.
+- e00788c: Update to use SuiJsonRpcClient instead of SuiClient
+
+  Updated all type signatures, internal usages, examples, and documentation to use
+  `SuiJsonRpcClient` from `@mysten/sui/jsonRpc` instead of the deprecated `SuiClient` from
+  `@mysten/sui/client`.
+
+### Patch Changes
+
+- Updated dependencies [e00788c]
+- Updated dependencies [e00788c]
+- Updated dependencies [e00788c]
+- Updated dependencies [e00788c]
+- Updated dependencies [e00788c]
+- Updated dependencies [e00788c]
+- Updated dependencies [e00788c]
+- Updated dependencies [e00788c]
+- Updated dependencies [e00788c]
+- Updated dependencies [e00788c]
+- Updated dependencies [e00788c]
+- Updated dependencies [e00788c]
+  - @mysten/sui@2.0.0
+
 ## 0.6.2
 
 ### Patch Changes

package/README.md

@@ -174,12 +174,15 @@ cryptographic operations.
 import Transport from '@ledgerhq/hw-transport-node-hid';
 import SuiLedgerClient from '@mysten/ledgerjs-hw-app-sui';
 import { LedgerSigner } from '@mysten/signers/ledger';
-import { getFullnodeUrl, SuiClient } from '@mysten/sui/client';
+import { SuiGrpcClient } from '@mysten/sui/grpc';
 import { Transaction } from '@mysten/sui/transactions';
 
 const transport = await Transport.open(undefined);
 const ledgerClient = new SuiLedgerClient(transport);
-const suiClient = new SuiClient({ url: getFullnodeUrl('testnet') });
+const suiClient = new SuiGrpcClient({
+	network: 'testnet',
+	baseUrl: 'https://fullnode.testnet.sui.io:443',
+});
 
 const signer = await LedgerSigner.fromDerivationPath(
 	"m/44'/784'/0'/0'/0'",

package/dist/aws/aws-client.d.mts

@@ -0,0 +1,48 @@
+import { AwsClient } from "./aws4fetch.mjs";
+import { Secp256k1PublicKey } from "@mysten/sui/keypairs/secp256k1";
+import { Secp256r1PublicKey } from "@mysten/sui/keypairs/secp256r1";
+
+//#region src/aws/aws-client.d.ts
+interface KmsCommands {
+  Sign: {
+    request: {
+      KeyId: string;
+      Message: string;
+      MessageType: 'RAW' | 'DIGEST';
+      SigningAlgorithm: 'ECDSA_SHA_256';
+    };
+    response: {
+      KeyId: string;
+      KeyOrigin: string;
+      Signature: string;
+      SigningAlgorithm: string;
+    };
+  };
+  GetPublicKey: {
+    request: {
+      KeyId: string;
+    };
+    response: {
+      CustomerMasterKeySpec: string;
+      KeyId: string;
+      KeyOrigin: string;
+      KeySpec: string;
+      KeyUsage: string;
+      PublicKey: string;
+      SigningAlgorithms: string[];
+    };
+  };
+}
+interface AwsClientOptions extends Partial<ConstructorParameters<typeof AwsClient>[0]> {}
+declare class AwsKmsClient extends AwsClient {
+  constructor(options?: AwsClientOptions);
+  getPublicKey(keyId: string): Promise<Secp256r1PublicKey | Secp256k1PublicKey>;
+  runCommand<T extends keyof KmsCommands>(command: T, body: KmsCommands[T]['request'], {
+    region
+  }?: {
+    region?: string;
+  }): Promise<KmsCommands[T]['response']>;
+}
+//#endregion
+export { AwsClientOptions, AwsKmsClient };
+//# sourceMappingURL=aws-client.d.mts.map

package/dist/aws/aws-client.d.mts.map

@@ -0,0 +1 @@
+{"version":3,"file":"aws-client.d.mts","names":[],"sources":["../../src/aws/aws-client.ts"],"sourcesContent":[],"mappings":";;;;;UAUU,WAAA;;IAAA,OAAA,EAAA;MA6BO,KAAA,EAAA,MAAiB;MAA6C,OAAA,EAAA,MAAA;MAA7B,WAAA,EAAA,KAAA,GAAA,QAAA;MAAR,gBAAA,EAAA,eAAA;IAAO,CAAA;IAEpC,QAAA,EAAA;MACS,KAAA,EAAA,MAAA;MAkBW,SAAA,EAAA,MAAA;MAAA,SAAA,EAAA,MAAA;MAAA,gBAAA,EAAA,MAAA;IAmBC,CAAA;EACvB,CAAA;EACH,YAAA,EAAA;IAAY,OAAA,EAAA;MAEjB,KAAA,EAAA,MAAA;IAIS,CAAA;IAAY,QAAA,EAAA;MAApB,qBAAA,EAAA,MAAA;MA9C8B,KAAA,EAAA,MAAA;MAAS,SAAA,EAAA,MAAA;;;;;;;;UAF1B,gBAAA,SAAyB,QAAQ,6BAA6B;cAElE,YAAA,SAAqB,SAAA;wBACZ;+BAkBW,QAAA,qBAAA;6BAmBC,sBACvB,SACH,YAAY;;;;MAMhB,QAAQ,YAAY"}

package/dist/aws/aws-client.mjs

@@ -0,0 +1,46 @@
+import { publicKeyFromDER } from "../utils/utils.mjs";
+import { AwsClient } from "./aws4fetch.mjs";
+import { fromBase64 } from "@mysten/sui/utils";
+import { Secp256k1PublicKey } from "@mysten/sui/keypairs/secp256k1";
+import { Secp256r1PublicKey } from "@mysten/sui/keypairs/secp256r1";
+
+//#region src/aws/aws-client.ts
+var AwsKmsClient = class extends AwsClient {
+	constructor(options = {}) {
+		if (!options.accessKeyId || !options.secretAccessKey) throw new Error("AWS Access Key ID and Secret Access Key are required");
+		if (!options.region) throw new Error("Region is required");
+		super({
+			region: options.region,
+			accessKeyId: options.accessKeyId,
+			secretAccessKey: options.secretAccessKey,
+			service: "kms",
+			...options
+		});
+	}
+	async getPublicKey(keyId) {
+		const publicKeyResponse = await this.runCommand("GetPublicKey", { KeyId: keyId });
+		if (!publicKeyResponse.PublicKey) throw new Error("Public Key not found for the supplied `keyId`");
+		const compressedKey = publicKeyFromDER(fromBase64(publicKeyResponse.PublicKey));
+		switch (publicKeyResponse.KeySpec) {
+			case "ECC_NIST_P256": return new Secp256r1PublicKey(compressedKey);
+			case "ECC_SECG_P256K1": return new Secp256k1PublicKey(compressedKey);
+			default: throw new Error("Unsupported key spec: " + publicKeyResponse.KeySpec);
+		}
+	}
+	async runCommand(command, body, { region = this.region } = {}) {
+		if (!region) throw new Error("Region is required");
+		const res = await this.fetch(`https://kms.${region}.amazonaws.com/`, {
+			headers: {
+				"Content-Type": "application/x-amz-json-1.1",
+				"X-Amz-Target": `TrentService.${command}`
+			},
+			body: JSON.stringify(body)
+		});
+		if (!res.ok) throw new Error(await res.text());
+		return res.json();
+	}
+};
+
+//#endregion
+export { AwsKmsClient };
+//# sourceMappingURL=aws-client.mjs.map

package/dist/aws/aws-client.mjs.map

@@ -0,0 +1 @@
+{"version":3,"file":"aws-client.mjs","names":[],"sources":["../../src/aws/aws-client.ts"],"sourcesContent":["// Copyright (c) Mysten Labs, Inc.\n// SPDX-License-Identifier: Apache-2.0\n\nimport { Secp256k1PublicKey } from '@mysten/sui/keypairs/secp256k1';\nimport { Secp256r1PublicKey } from '@mysten/sui/keypairs/secp256r1';\nimport { fromBase64 } from '@mysten/sui/utils';\n\nimport { publicKeyFromDER } from '../utils/utils.js';\nimport { AwsClient } from './aws4fetch.js';\n\ninterface KmsCommands {\n\tSign: {\n\t\trequest: {\n\t\t\tKeyId: string;\n\t\t\tMessage: string;\n\t\t\tMessageType: 'RAW' | 'DIGEST';\n\t\t\tSigningAlgorithm: 'ECDSA_SHA_256';\n\t\t};\n\t\tresponse: {\n\t\t\tKeyId: string;\n\t\t\tKeyOrigin: string;\n\t\t\tSignature: string;\n\t\t\tSigningAlgorithm: string;\n\t\t};\n\t};\n\tGetPublicKey: {\n\t\trequest: { KeyId: string };\n\t\tresponse: {\n\t\t\tCustomerMasterKeySpec: string;\n\t\t\tKeyId: string;\n\t\t\tKeyOrigin: string;\n\t\t\tKeySpec: string;\n\t\t\tKeyUsage: string;\n\t\t\tPublicKey: string;\n\t\t\tSigningAlgorithms: string[];\n\t\t};\n\t};\n}\n\nexport interface AwsClientOptions extends Partial<ConstructorParameters<typeof AwsClient>[0]> {}\n\nexport class AwsKmsClient extends AwsClient {\n\tconstructor(options: AwsClientOptions = {}) {\n\t\tif (!options.accessKeyId || !options.secretAccessKey) {\n\t\t\tthrow new Error('AWS Access Key ID and Secret Access Key are required');\n\t\t}\n\n\t\tif (!options.region) {\n\t\t\tthrow new Error('Region is required');\n\t\t}\n\n\t\tsuper({\n\t\t\tregion: options.region,\n\t\t\taccessKeyId: options.accessKeyId,\n\t\t\tsecretAccessKey: options.secretAccessKey,\n\t\t\tservice: 'kms',\n\t\t\t...options,\n\t\t});\n\t}\n\n\tasync getPublicKey(keyId: string) {\n\t\tconst publicKeyResponse = await this.runCommand('GetPublicKey', { KeyId: keyId });\n\n\t\tif (!publicKeyResponse.PublicKey) {\n\t\t\tthrow new Error('Public Key not found for the supplied `keyId`');\n\t\t}\n\n\t\tconst compressedKey = publicKeyFromDER(fromBase64(publicKeyResponse.PublicKey));\n\n\t\tswitch (publicKeyResponse.KeySpec) {\n\t\t\tcase 'ECC_NIST_P256':\n\t\t\t\treturn new Secp256r1PublicKey(compressedKey);\n\t\t\tcase 'ECC_SECG_P256K1':\n\t\t\t\treturn new Secp256k1PublicKey(compressedKey);\n\t\t\tdefault:\n\t\t\t\tthrow new Error('Unsupported key spec: ' + publicKeyResponse.KeySpec);\n\t\t}\n\t}\n\n\tasync runCommand<T extends keyof KmsCommands>(\n\t\tcommand: T,\n\t\tbody: KmsCommands[T]['request'],\n\t\t{\n\t\t\tregion = this.region!,\n\t\t}: {\n\t\t\tregion?: string;\n\t\t} = {},\n\t): Promise<KmsCommands[T]['response']> {\n\t\tif (!region) {\n\t\t\tthrow new Error('Region is required');\n\t\t}\n\n\t\tconst res = await this.fetch(`https://kms.${region}.amazonaws.com/`, {\n\t\t\theaders: {\n\t\t\t\t'Content-Type': 'application/x-amz-json-1.1',\n\t\t\t\t'X-Amz-Target': `TrentService.${command}`,\n\t\t\t},\n\t\t\tbody: JSON.stringify(body),\n\t\t});\n\n\t\tif (!res.ok) {\n\t\t\tthrow new Error(await res.text());\n\t\t}\n\n\t\treturn res.json();\n\t}\n}\n"],"mappings":";;;;;;;AAyCA,IAAa,eAAb,cAAkC,UAAU;CAC3C,YAAY,UAA4B,EAAE,EAAE;AAC3C,MAAI,CAAC,QAAQ,eAAe,CAAC,QAAQ,gBACpC,OAAM,IAAI,MAAM,uDAAuD;AAGxE,MAAI,CAAC,QAAQ,OACZ,OAAM,IAAI,MAAM,qBAAqB;AAGtC,QAAM;GACL,QAAQ,QAAQ;GAChB,aAAa,QAAQ;GACrB,iBAAiB,QAAQ;GACzB,SAAS;GACT,GAAG;GACH,CAAC;;CAGH,MAAM,aAAa,OAAe;EACjC,MAAM,oBAAoB,MAAM,KAAK,WAAW,gBAAgB,EAAE,OAAO,OAAO,CAAC;AAEjF,MAAI,CAAC,kBAAkB,UACtB,OAAM,IAAI,MAAM,gDAAgD;EAGjE,MAAM,gBAAgB,iBAAiB,WAAW,kBAAkB,UAAU,CAAC;AAE/E,UAAQ,kBAAkB,SAA1B;GACC,KAAK,gBACJ,QAAO,IAAI,mBAAmB,cAAc;GAC7C,KAAK,kBACJ,QAAO,IAAI,mBAAmB,cAAc;GAC7C,QACC,OAAM,IAAI,MAAM,2BAA2B,kBAAkB,QAAQ;;;CAIxE,MAAM,WACL,SACA,MACA,EACC,SAAS,KAAK,WAGX,EAAE,EACgC;AACtC,MAAI,CAAC,OACJ,OAAM,IAAI,MAAM,qBAAqB;EAGtC,MAAM,MAAM,MAAM,KAAK,MAAM,eAAe,OAAO,kBAAkB;GACpE,SAAS;IACR,gBAAgB;IAChB,gBAAgB,gBAAgB;IAChC;GACD,MAAM,KAAK,UAAU,KAAK;GAC1B,CAAC;AAEF,MAAI,CAAC,IAAI,GACR,OAAM,IAAI,MAAM,MAAM,IAAI,MAAM,CAAC;AAGlC,SAAO,IAAI,MAAM"}

package/dist/aws/aws-kms-signer.d.mts

@@ -0,0 +1,63 @@
+import { AwsClientOptions, AwsKmsClient } from "./aws-client.mjs";
+import { PublicKey, Signer } from "@mysten/sui/cryptography";
+
+//#region src/aws/aws-kms-signer.d.ts
+
+/**
+ * Configuration options for initializing the AwsKmsSigner.
+ */
+interface AwsKmsSignerOptions {
+  /** AWS KMS Key ID used for signing */
+  kmsKeyId: string;
+  /** Options for setting up the AWS KMS client */
+  client: AwsKmsClient;
+  /** Public key */
+  publicKey: PublicKey;
+}
+/**
+ * Aws KMS Signer integrates AWS Key Management Service (KMS) with the Sui blockchain
+ * to provide signing capabilities using AWS-managed cryptographic keys.
+ */
+declare class AwsKmsSigner extends Signer {
+  #private;
+  /**
+   * Creates an instance of AwsKmsSigner. It's expected to call the static `fromKeyId` method to create an instance.
+   * For example:
+   * ```
+   * const signer = await AwsKmsSigner.fromKeyId(keyId, options);
+   * ```
+   * @throws Will throw an error if required AWS credentials or region are not provided.
+   */
+  constructor({
+    kmsKeyId,
+    client,
+    publicKey
+  }: AwsKmsSignerOptions);
+  /**
+   * Retrieves the key scheme used by this signer.
+   * @returns AWS supports only Secp256k1 and Secp256r1 schemes.
+   */
+  getKeyScheme(): "ED25519" | "Secp256r1" | "Secp256k1" | "MultiSig" | "ZkLogin" | "Passkey";
+  /**
+   * Retrieves the public key associated with this signer.
+   * @returns The Secp256k1PublicKey instance.
+   * @throws Will throw an error if the public key has not been initialized.
+   */
+  getPublicKey(): PublicKey;
+  /**
+   * Signs the given data using AWS KMS.
+   * @param bytes - The data to be signed as a Uint8Array.
+   * @returns A promise that resolves to the signature as a Uint8Array.
+   * @throws Will throw an error if the public key is not initialized or if signing fails.
+   */
+  sign(bytes: Uint8Array): Promise<Uint8Array<ArrayBuffer>>;
+  /**
+   * Prepares the signer by fetching and setting the public key from AWS KMS.
+   * It is recommended to initialize an `AwsKmsSigner` instance using this function.
+   * @returns A promise that resolves once a `AwsKmsSigner` instance is prepared (public key is set).
+   */
+  static fromKeyId(keyId: string, options: AwsClientOptions): Promise<AwsKmsSigner>;
+}
+//#endregion
+export { AwsKmsSigner, AwsKmsSignerOptions };
+//# sourceMappingURL=aws-kms-signer.d.mts.map

package/dist/aws/aws-kms-signer.d.mts.map

@@ -0,0 +1 @@
+{"version":3,"file":"aws-kms-signer.d.mts","names":[],"sources":["../../src/aws/aws-kms-signer.ts"],"sourcesContent":[],"mappings":";;;;;AAaA;AAaA;;AAeyB,UA5BR,mBAAA,CA4BQ;EAAQ;EAAa,QAAA,EAAA,MAAA;EAsBjC;EAUM,MAAA,EAxDV,YAwDU;EAAgC;EAAX,SAAA,EAtD5B,SAsD4B;;;;;;AA/CA,cAA3B,YAAA,SAAqB,MAAA,CAAM;;;;;;;;;;;;;;KAeM;;;;;;;;;;;kBAsBjC;;;;;;;cAUM,aAAa,QAAQ,WAAW;;;;;;2CAiBH,mBAAgB,QAAA"}

package/dist/aws/aws-kms-signer.mjs

@@ -0,0 +1,78 @@
+import { getConcatenatedSignature } from "../utils/utils.mjs";
+import { AwsKmsClient } from "./aws-client.mjs";
+import { SIGNATURE_FLAG_TO_SCHEME, Signer } from "@mysten/sui/cryptography";
+import { fromBase64, toBase64 } from "@mysten/sui/utils";
+
+//#region src/aws/aws-kms-signer.ts
+/**
+* Aws KMS Signer integrates AWS Key Management Service (KMS) with the Sui blockchain
+* to provide signing capabilities using AWS-managed cryptographic keys.
+*/
+var AwsKmsSigner = class AwsKmsSigner extends Signer {
+	#publicKey;
+	/** AWS KMS client instance */
+	#client;
+	/** AWS KMS Key ID used for signing */
+	#kmsKeyId;
+	/**
+	* Creates an instance of AwsKmsSigner. It's expected to call the static `fromKeyId` method to create an instance.
+	* For example:
+	* ```
+	* const signer = await AwsKmsSigner.fromKeyId(keyId, options);
+	* ```
+	* @throws Will throw an error if required AWS credentials or region are not provided.
+	*/
+	constructor({ kmsKeyId, client, publicKey }) {
+		super();
+		if (!kmsKeyId) throw new Error("KMS Key ID is required");
+		this.#client = client;
+		this.#kmsKeyId = kmsKeyId;
+		this.#publicKey = publicKey;
+	}
+	/**
+	* Retrieves the key scheme used by this signer.
+	* @returns AWS supports only Secp256k1 and Secp256r1 schemes.
+	*/
+	getKeyScheme() {
+		return SIGNATURE_FLAG_TO_SCHEME[this.#publicKey.flag()];
+	}
+	/**
+	* Retrieves the public key associated with this signer.
+	* @returns The Secp256k1PublicKey instance.
+	* @throws Will throw an error if the public key has not been initialized.
+	*/
+	getPublicKey() {
+		return this.#publicKey;
+	}
+	/**
+	* Signs the given data using AWS KMS.
+	* @param bytes - The data to be signed as a Uint8Array.
+	* @returns A promise that resolves to the signature as a Uint8Array.
+	* @throws Will throw an error if the public key is not initialized or if signing fails.
+	*/
+	async sign(bytes) {
+		return getConcatenatedSignature(fromBase64((await this.#client.runCommand("Sign", {
+			KeyId: this.#kmsKeyId,
+			Message: toBase64(bytes),
+			MessageType: "RAW",
+			SigningAlgorithm: "ECDSA_SHA_256"
+		})).Signature), this.getKeyScheme());
+	}
+	/**
+	* Prepares the signer by fetching and setting the public key from AWS KMS.
+	* It is recommended to initialize an `AwsKmsSigner` instance using this function.
+	* @returns A promise that resolves once a `AwsKmsSigner` instance is prepared (public key is set).
+	*/
+	static async fromKeyId(keyId, options) {
+		const client = new AwsKmsClient(options);
+		return new AwsKmsSigner({
+			kmsKeyId: keyId,
+			client,
+			publicKey: await client.getPublicKey(keyId)
+		});
+	}
+};
+
+//#endregion
+export { AwsKmsSigner };
+//# sourceMappingURL=aws-kms-signer.mjs.map

package/dist/aws/aws-kms-signer.mjs.map

@@ -0,0 +1 @@
+{"version":3,"file":"aws-kms-signer.mjs","names":["#client","#kmsKeyId","#publicKey"],"sources":["../../src/aws/aws-kms-signer.ts"],"sourcesContent":["// Copyright (c) Mysten Labs, Inc.\n// SPDX-License-Identifier: Apache-2.0\nimport type { PublicKey, SignatureFlag } from '@mysten/sui/cryptography';\nimport { SIGNATURE_FLAG_TO_SCHEME, Signer } from '@mysten/sui/cryptography';\nimport { fromBase64, toBase64 } from '@mysten/sui/utils';\n\nimport { getConcatenatedSignature } from '../utils/utils.js';\nimport type { AwsClientOptions } from './aws-client.js';\nimport { AwsKmsClient } from './aws-client.js';\n\n/**\n * Configuration options for initializing the AwsKmsSigner.\n */\nexport interface AwsKmsSignerOptions {\n\t/** AWS KMS Key ID used for signing */\n\tkmsKeyId: string;\n\t/** Options for setting up the AWS KMS client */\n\tclient: AwsKmsClient;\n\t/** Public key */\n\tpublicKey: PublicKey;\n}\n\n/**\n * Aws KMS Signer integrates AWS Key Management Service (KMS) with the Sui blockchain\n * to provide signing capabilities using AWS-managed cryptographic keys.\n */\nexport class AwsKmsSigner extends Signer {\n\t#publicKey: PublicKey;\n\t/** AWS KMS client instance */\n\t#client: AwsKmsClient;\n\t/** AWS KMS Key ID used for signing */\n\t#kmsKeyId: string;\n\n\t/**\n\t * Creates an instance of AwsKmsSigner. It's expected to call the static `fromKeyId` method to create an instance.\n\t * For example:\n\t * ```\n\t * const signer = await AwsKmsSigner.fromKeyId(keyId, options);\n\t * ```\n\t * @throws Will throw an error if required AWS credentials or region are not provided.\n\t */\n\tconstructor({ kmsKeyId, client, publicKey }: AwsKmsSignerOptions) {\n\t\tsuper();\n\t\tif (!kmsKeyId) throw new Error('KMS Key ID is required');\n\n\t\tthis.#client = client;\n\t\tthis.#kmsKeyId = kmsKeyId;\n\t\tthis.#publicKey = publicKey;\n\t}\n\n\t/**\n\t * Retrieves the key scheme used by this signer.\n\t * @returns AWS supports only Secp256k1 and Secp256r1 schemes.\n\t */\n\tgetKeyScheme() {\n\t\treturn SIGNATURE_FLAG_TO_SCHEME[this.#publicKey.flag() as SignatureFlag];\n\t}\n\n\t/**\n\t * Retrieves the public key associated with this signer.\n\t * @returns The Secp256k1PublicKey instance.\n\t * @throws Will throw an error if the public key has not been initialized.\n\t */\n\tgetPublicKey() {\n\t\treturn this.#publicKey;\n\t}\n\n\t/**\n\t * Signs the given data using AWS KMS.\n\t * @param bytes - The data to be signed as a Uint8Array.\n\t * @returns A promise that resolves to the signature as a Uint8Array.\n\t * @throws Will throw an error if the public key is not initialized or if signing fails.\n\t */\n\tasync sign(bytes: Uint8Array): Promise<Uint8Array<ArrayBuffer>> {\n\t\tconst signResponse = await this.#client.runCommand('Sign', {\n\t\t\tKeyId: this.#kmsKeyId,\n\t\t\tMessage: toBase64(bytes),\n\t\t\tMessageType: 'RAW',\n\t\t\tSigningAlgorithm: 'ECDSA_SHA_256',\n\t\t});\n\n\t\t// Concatenate the signature components into a compact form\n\t\treturn getConcatenatedSignature(fromBase64(signResponse.Signature), this.getKeyScheme());\n\t}\n\n\t/**\n\t * Prepares the signer by fetching and setting the public key from AWS KMS.\n\t * It is recommended to initialize an `AwsKmsSigner` instance using this function.\n\t * @returns A promise that resolves once a `AwsKmsSigner` instance is prepared (public key is set).\n\t */\n\tstatic async fromKeyId(keyId: string, options: AwsClientOptions) {\n\t\tconst client = new AwsKmsClient(options);\n\n\t\tconst pubKey = await client.getPublicKey(keyId);\n\n\t\treturn new AwsKmsSigner({\n\t\t\tkmsKeyId: keyId,\n\t\t\tclient,\n\t\t\tpublicKey: pubKey,\n\t\t});\n\t}\n}\n"],"mappings":";;;;;;;;;;AA0BA,IAAa,eAAb,MAAa,qBAAqB,OAAO;CACxC;;CAEA;;CAEA;;;;;;;;;CAUA,YAAY,EAAE,UAAU,QAAQ,aAAkC;AACjE,SAAO;AACP,MAAI,CAAC,SAAU,OAAM,IAAI,MAAM,yBAAyB;AAExD,QAAKA,SAAU;AACf,QAAKC,WAAY;AACjB,QAAKC,YAAa;;;;;;CAOnB,eAAe;AACd,SAAO,yBAAyB,MAAKA,UAAW,MAAM;;;;;;;CAQvD,eAAe;AACd,SAAO,MAAKA;;;;;;;;CASb,MAAM,KAAK,OAAqD;AAS/D,SAAO,yBAAyB,YARX,MAAM,MAAKF,OAAQ,WAAW,QAAQ;GAC1D,OAAO,MAAKC;GACZ,SAAS,SAAS,MAAM;GACxB,aAAa;GACb,kBAAkB;GAClB,CAAC,EAGsD,UAAU,EAAE,KAAK,cAAc,CAAC;;;;;;;CAQzF,aAAa,UAAU,OAAe,SAA2B;EAChE,MAAM,SAAS,IAAI,aAAa,QAAQ;AAIxC,SAAO,IAAI,aAAa;GACvB,UAAU;GACV;GACA,WALc,MAAM,OAAO,aAAa,MAAM;GAM9C,CAAC"}

package/dist/aws/aws4fetch.d.mts

@@ -0,0 +1,62 @@
+//#region src/aws/aws4fetch.d.ts
+type AwsRequestInit = RequestInit & {
+  aws?: {
+    accessKeyId?: string;
+    secretAccessKey?: string;
+    sessionToken?: string;
+    service?: string;
+    region?: string;
+    cache?: Map<string, ArrayBuffer>;
+    datetime?: string;
+    signQuery?: boolean;
+    appendSessionToken?: boolean;
+    allHeaders?: boolean;
+    singleEncode?: boolean;
+  };
+};
+declare class AwsClient {
+  accessKeyId: string;
+  secretAccessKey: string;
+  sessionToken: string | undefined;
+  service: string | undefined;
+  region: string | undefined;
+  cache: Map<any, any>;
+  retries: number;
+  initRetryMs: number;
+  /**
+   * @param {} options
+   */
+  constructor({
+    accessKeyId,
+    secretAccessKey,
+    sessionToken,
+    service,
+    region,
+    cache,
+    retries,
+    initRetryMs
+  }: {
+    accessKeyId: string;
+    secretAccessKey: string;
+    sessionToken?: string;
+    service?: string;
+    region?: string;
+    cache?: Map<string, ArrayBuffer>;
+    retries?: number;
+    initRetryMs?: number;
+  });
+  sign(input: Request | {
+    toString: () => string;
+  }, init: AwsRequestInit): Promise<Request>;
+  /**
+   * @param {Request | { toString: () => string }} input
+   * @param {?AwsRequestInit} [init]
+   * @returns {Promise<Response>}
+   */
+  fetch(input: Request | {
+    toString: () => string;
+  }, init: AwsRequestInit): Promise<Response>;
+}
+//#endregion
+export { AwsClient };
+//# sourceMappingURL=aws4fetch.d.mts.map

package/dist/aws/aws4fetch.d.mts.map

@@ -0,0 +1 @@
+{"version":3,"file":"aws4fetch.d.mts","names":[],"sources":["../../src/aws/aws4fetch.ts"],"sourcesContent":[],"mappings":";KAsCK,cAAA,GAAiB;EAAjB,GAAA,CAAA,EAAA;IAAiB,WAAA,CAAA,EAAA,MAAA;IAOA,eAAA,CAAA,EAAA,MAAA;IAAZ,YAAA,CAAA,EAAA,MAAA;IAAG,OAAA,CAAA,EAAA,MAAA;IASA,MAAA,CAAA,EAAS,MAAA;IAMd,KAAA,CAAA,EAfE,GAeF,CAAA,MAAA,EAfc,WAed,CAAA;IAON,QAAA,CAAA,EAAA,MAAA;IACA,SAAA,CAAA,EAAA,OAAA;IACA,kBAAA,CAAA,EAAA,OAAA;IACA,UAAA,CAAA,EAAA,OAAA;IACA,YAAA,CAAA,EAAA,OAAA;EACA,CAAA;CACA;AACA,cApBW,SAAA,CAoBX;EAOoB,WAAA,EAAA,MAAA;EAAZ,eAAA,EAAA,MAAA;EAiBS,YAAA,EAAA,MAAA,GAAA,SAAA;EAA4C,OAAA,EAAA,MAAA,GAAA,SAAA;EAAyB,MAAA,EAAA,MAAA,GAAA,SAAA;EAAR,KAAA,EAtCxE,GAsCwE,CAAA,GAAA,EAAA,GAAA,CAAA;EAiC5D,OAAA,EAAA,MAAA;EAA4C,WAAA,EAAA,MAAA;EAAc;;;;;;;;;;;;;;;;;;YAlDpE,YAAY;;;;cAiBH;;WAA4C,iBAAiB,QAAQ;;;;;;eAiCpE;;WAA4C,iBAAc,QAAA"}