@mysten/signers 1.0.1 → 1.0.4

package/src/webcrypto/index.ts

@@ -1,111 +1,4 @@
 // Copyright (c) Mysten Labs, Inc.
 // SPDX-License-Identifier: Apache-2.0
 
-import type { SignatureScheme } from '@mysten/sui/cryptography';
-import { Signer } from '@mysten/sui/cryptography';
-import { Secp256r1PublicKey } from '@mysten/sui/keypairs/secp256r1';
-import { p256 as secp256r1 } from '@noble/curves/nist.js';
-
-// Convert from uncompressed (65 bytes) to compressed (33 bytes) format
-function getCompressedPublicKey(publicKey: Uint8Array) {
-	const rawBytes = new Uint8Array(publicKey);
-	const x = rawBytes.slice(1, 33);
-	const y = rawBytes.slice(33, 65);
-
-	const prefix = (y[31] & 1) === 0 ? 0x02 : 0x03;
-
-	const compressed = new Uint8Array(Secp256r1PublicKey.SIZE);
-	compressed[0] = prefix;
-	compressed.set(x, 1);
-
-	return compressed;
-}
-
-export interface ExportedWebCryptoKeypair {
-	privateKey: CryptoKey;
-	publicKey: Uint8Array<ArrayBuffer>;
-}
-
-export class WebCryptoSigner extends Signer {
-	privateKey: CryptoKey;
-
-	#publicKey: Secp256r1PublicKey;
-
-	static async generate({ extractable = false }: { extractable?: boolean } = {}) {
-		const keypair = await globalThis.crypto.subtle.generateKey(
-			{
-				name: 'ECDSA',
-				namedCurve: 'P-256',
-			},
-			extractable,
-			['sign', 'verify'],
-		);
-
-		const publicKey = await globalThis.crypto.subtle.exportKey('raw', keypair.publicKey);
-
-		return new WebCryptoSigner(
-			keypair.privateKey,
-			getCompressedPublicKey(new Uint8Array(publicKey)),
-		);
-	}
-
-	/**
-	 * Imports a keypair using the value returned by `export()`.
-	 */
-	static import(data: ExportedWebCryptoKeypair) {
-		return new WebCryptoSigner(data.privateKey, data.publicKey);
-	}
-
-	getKeyScheme(): SignatureScheme {
-		return 'Secp256r1';
-	}
-
-	constructor(privateKey: CryptoKey, publicKey: Uint8Array) {
-		super();
-		this.privateKey = privateKey;
-		this.#publicKey = new Secp256r1PublicKey(publicKey);
-	}
-
-	/**
-	 * Exports the keypair so that it can be stored in IndexedDB.
-	 */
-	export(): ExportedWebCryptoKeypair {
-		const exportedKeypair = {
-			privateKey: this.privateKey,
-			publicKey: this.#publicKey.toRawBytes(),
-		};
-
-		Object.defineProperty(exportedKeypair, 'toJSON', {
-			enumerable: false,
-			value: () => {
-				throw new Error(
-					'The exported keypair must not be serialized. It must be stored in IndexedDB directly.',
-				);
-			},
-		});
-
-		return exportedKeypair;
-	}
-
-	getPublicKey() {
-		return this.#publicKey;
-	}
-
-	async sign(bytes: Uint8Array): Promise<Uint8Array<ArrayBuffer>> {
-		const rawSignature = await globalThis.crypto.subtle.sign(
-			{
-				name: 'ECDSA',
-				hash: 'SHA-256',
-			},
-			this.privateKey,
-			bytes as BufferSource,
-		);
-
-		const signature = secp256r1.Signature.fromBytes(new Uint8Array(rawSignature));
-		const normalizedSig = signature.hasHighS()
-			? new secp256r1.Signature(signature.r, secp256r1.Point.Fn.neg(signature.s))
-			: signature;
-
-		return normalizedSig.toBytes('compact') as Uint8Array<ArrayBuffer>;
-	}
-}
+export * from '@mysten/webcrypto-signer';

package/dist/aws/aws-client.d.mts

@@ -1,48 +0,0 @@
-import { AwsClient } from "./aws4fetch.mjs";
-import { Secp256k1PublicKey } from "@mysten/sui/keypairs/secp256k1";
-import { Secp256r1PublicKey } from "@mysten/sui/keypairs/secp256r1";
-
-//#region src/aws/aws-client.d.ts
-interface KmsCommands {
-  Sign: {
-    request: {
-      KeyId: string;
-      Message: string;
-      MessageType: 'RAW' | 'DIGEST';
-      SigningAlgorithm: 'ECDSA_SHA_256';
-    };
-    response: {
-      KeyId: string;
-      KeyOrigin: string;
-      Signature: string;
-      SigningAlgorithm: string;
-    };
-  };
-  GetPublicKey: {
-    request: {
-      KeyId: string;
-    };
-    response: {
-      CustomerMasterKeySpec: string;
-      KeyId: string;
-      KeyOrigin: string;
-      KeySpec: string;
-      KeyUsage: string;
-      PublicKey: string;
-      SigningAlgorithms: string[];
-    };
-  };
-}
-interface AwsClientOptions extends Partial<ConstructorParameters<typeof AwsClient>[0]> {}
-declare class AwsKmsClient extends AwsClient {
-  constructor(options?: AwsClientOptions);
-  getPublicKey(keyId: string): Promise<Secp256r1PublicKey | Secp256k1PublicKey>;
-  runCommand<T extends keyof KmsCommands>(command: T, body: KmsCommands[T]['request'], {
-    region
-  }?: {
-    region?: string;
-  }): Promise<KmsCommands[T]['response']>;
-}
-//#endregion
-export { AwsClientOptions, AwsKmsClient };
-//# sourceMappingURL=aws-client.d.mts.map

package/dist/aws/aws-client.d.mts.map

@@ -1 +0,0 @@
-{"version":3,"file":"aws-client.d.mts","names":[],"sources":["../../src/aws/aws-client.ts"],"sourcesContent":[],"mappings":";;;;;UAUU,WAAA;;IAAA,OAAA,EAAA;MA6BO,KAAA,EAAA,MAAiB;MAA6C,OAAA,EAAA,MAAA;MAA7B,WAAA,EAAA,KAAA,GAAA,QAAA;MAAR,gBAAA,EAAA,eAAA;IAAO,CAAA;IAEpC,QAAA,EAAA;MACS,KAAA,EAAA,MAAA;MAkBW,SAAA,EAAA,MAAA;MAAA,SAAA,EAAA,MAAA;MAAA,gBAAA,EAAA,MAAA;IAmBC,CAAA;EACvB,CAAA;EACH,YAAA,EAAA;IAAY,OAAA,EAAA;MAEjB,KAAA,EAAA,MAAA;IAIS,CAAA;IAAY,QAAA,EAAA;MAApB,qBAAA,EAAA,MAAA;MA9C8B,KAAA,EAAA,MAAA;MAAS,SAAA,EAAA,MAAA;;;;;;;;UAF1B,gBAAA,SAAyB,QAAQ,6BAA6B;cAElE,YAAA,SAAqB,SAAA;wBACZ;+BAkBW,QAAA,qBAAA;6BAmBC,sBACvB,SACH,YAAY;;;;MAMhB,QAAQ,YAAY"}

package/dist/aws/aws-client.mjs

@@ -1,46 +0,0 @@
-import { publicKeyFromDER } from "../utils/utils.mjs";
-import { AwsClient } from "./aws4fetch.mjs";
-import { fromBase64 } from "@mysten/sui/utils";
-import { Secp256k1PublicKey } from "@mysten/sui/keypairs/secp256k1";
-import { Secp256r1PublicKey } from "@mysten/sui/keypairs/secp256r1";
-
-//#region src/aws/aws-client.ts
-var AwsKmsClient = class extends AwsClient {
-	constructor(options = {}) {
-		if (!options.accessKeyId || !options.secretAccessKey) throw new Error("AWS Access Key ID and Secret Access Key are required");
-		if (!options.region) throw new Error("Region is required");
-		super({
-			region: options.region,
-			accessKeyId: options.accessKeyId,
-			secretAccessKey: options.secretAccessKey,
-			service: "kms",
-			...options
-		});
-	}
-	async getPublicKey(keyId) {
-		const publicKeyResponse = await this.runCommand("GetPublicKey", { KeyId: keyId });
-		if (!publicKeyResponse.PublicKey) throw new Error("Public Key not found for the supplied `keyId`");
-		const compressedKey = publicKeyFromDER(fromBase64(publicKeyResponse.PublicKey));
-		switch (publicKeyResponse.KeySpec) {
-			case "ECC_NIST_P256": return new Secp256r1PublicKey(compressedKey);
-			case "ECC_SECG_P256K1": return new Secp256k1PublicKey(compressedKey);
-			default: throw new Error("Unsupported key spec: " + publicKeyResponse.KeySpec);
-		}
-	}
-	async runCommand(command, body, { region = this.region } = {}) {
-		if (!region) throw new Error("Region is required");
-		const res = await this.fetch(`https://kms.${region}.amazonaws.com/`, {
-			headers: {
-				"Content-Type": "application/x-amz-json-1.1",
-				"X-Amz-Target": `TrentService.${command}`
-			},
-			body: JSON.stringify(body)
-		});
-		if (!res.ok) throw new Error(await res.text());
-		return res.json();
-	}
-};
-
-//#endregion
-export { AwsKmsClient };
-//# sourceMappingURL=aws-client.mjs.map

package/dist/aws/aws-client.mjs.map

@@ -1 +0,0 @@
-{"version":3,"file":"aws-client.mjs","names":[],"sources":["../../src/aws/aws-client.ts"],"sourcesContent":["// Copyright (c) Mysten Labs, Inc.\n// SPDX-License-Identifier: Apache-2.0\n\nimport { Secp256k1PublicKey } from '@mysten/sui/keypairs/secp256k1';\nimport { Secp256r1PublicKey } from '@mysten/sui/keypairs/secp256r1';\nimport { fromBase64 } from '@mysten/sui/utils';\n\nimport { publicKeyFromDER } from '../utils/utils.js';\nimport { AwsClient } from './aws4fetch.js';\n\ninterface KmsCommands {\n\tSign: {\n\t\trequest: {\n\t\t\tKeyId: string;\n\t\t\tMessage: string;\n\t\t\tMessageType: 'RAW' | 'DIGEST';\n\t\t\tSigningAlgorithm: 'ECDSA_SHA_256';\n\t\t};\n\t\tresponse: {\n\t\t\tKeyId: string;\n\t\t\tKeyOrigin: string;\n\t\t\tSignature: string;\n\t\t\tSigningAlgorithm: string;\n\t\t};\n\t};\n\tGetPublicKey: {\n\t\trequest: { KeyId: string };\n\t\tresponse: {\n\t\t\tCustomerMasterKeySpec: string;\n\t\t\tKeyId: string;\n\t\t\tKeyOrigin: string;\n\t\t\tKeySpec: string;\n\t\t\tKeyUsage: string;\n\t\t\tPublicKey: string;\n\t\t\tSigningAlgorithms: string[];\n\t\t};\n\t};\n}\n\nexport interface AwsClientOptions extends Partial<ConstructorParameters<typeof AwsClient>[0]> {}\n\nexport class AwsKmsClient extends AwsClient {\n\tconstructor(options: AwsClientOptions = {}) {\n\t\tif (!options.accessKeyId || !options.secretAccessKey) {\n\t\t\tthrow new Error('AWS Access Key ID and Secret Access Key are required');\n\t\t}\n\n\t\tif (!options.region) {\n\t\t\tthrow new Error('Region is required');\n\t\t}\n\n\t\tsuper({\n\t\t\tregion: options.region,\n\t\t\taccessKeyId: options.accessKeyId,\n\t\t\tsecretAccessKey: options.secretAccessKey,\n\t\t\tservice: 'kms',\n\t\t\t...options,\n\t\t});\n\t}\n\n\tasync getPublicKey(keyId: string) {\n\t\tconst publicKeyResponse = await this.runCommand('GetPublicKey', { KeyId: keyId });\n\n\t\tif (!publicKeyResponse.PublicKey) {\n\t\t\tthrow new Error('Public Key not found for the supplied `keyId`');\n\t\t}\n\n\t\tconst compressedKey = publicKeyFromDER(fromBase64(publicKeyResponse.PublicKey));\n\n\t\tswitch (publicKeyResponse.KeySpec) {\n\t\t\tcase 'ECC_NIST_P256':\n\t\t\t\treturn new Secp256r1PublicKey(compressedKey);\n\t\t\tcase 'ECC_SECG_P256K1':\n\t\t\t\treturn new Secp256k1PublicKey(compressedKey);\n\t\t\tdefault:\n\t\t\t\tthrow new Error('Unsupported key spec: ' + publicKeyResponse.KeySpec);\n\t\t}\n\t}\n\n\tasync runCommand<T extends keyof KmsCommands>(\n\t\tcommand: T,\n\t\tbody: KmsCommands[T]['request'],\n\t\t{\n\t\t\tregion = this.region!,\n\t\t}: {\n\t\t\tregion?: string;\n\t\t} = {},\n\t): Promise<KmsCommands[T]['response']> {\n\t\tif (!region) {\n\t\t\tthrow new Error('Region is required');\n\t\t}\n\n\t\tconst res = await this.fetch(`https://kms.${region}.amazonaws.com/`, {\n\t\t\theaders: {\n\t\t\t\t'Content-Type': 'application/x-amz-json-1.1',\n\t\t\t\t'X-Amz-Target': `TrentService.${command}`,\n\t\t\t},\n\t\t\tbody: JSON.stringify(body),\n\t\t});\n\n\t\tif (!res.ok) {\n\t\t\tthrow new Error(await res.text());\n\t\t}\n\n\t\treturn res.json();\n\t}\n}\n"],"mappings":";;;;;;;AAyCA,IAAa,eAAb,cAAkC,UAAU;CAC3C,YAAY,UAA4B,EAAE,EAAE;AAC3C,MAAI,CAAC,QAAQ,eAAe,CAAC,QAAQ,gBACpC,OAAM,IAAI,MAAM,uDAAuD;AAGxE,MAAI,CAAC,QAAQ,OACZ,OAAM,IAAI,MAAM,qBAAqB;AAGtC,QAAM;GACL,QAAQ,QAAQ;GAChB,aAAa,QAAQ;GACrB,iBAAiB,QAAQ;GACzB,SAAS;GACT,GAAG;GACH,CAAC;;CAGH,MAAM,aAAa,OAAe;EACjC,MAAM,oBAAoB,MAAM,KAAK,WAAW,gBAAgB,EAAE,OAAO,OAAO,CAAC;AAEjF,MAAI,CAAC,kBAAkB,UACtB,OAAM,IAAI,MAAM,gDAAgD;EAGjE,MAAM,gBAAgB,iBAAiB,WAAW,kBAAkB,UAAU,CAAC;AAE/E,UAAQ,kBAAkB,SAA1B;GACC,KAAK,gBACJ,QAAO,IAAI,mBAAmB,cAAc;GAC7C,KAAK,kBACJ,QAAO,IAAI,mBAAmB,cAAc;GAC7C,QACC,OAAM,IAAI,MAAM,2BAA2B,kBAAkB,QAAQ;;;CAIxE,MAAM,WACL,SACA,MACA,EACC,SAAS,KAAK,WAGX,EAAE,EACgC;AACtC,MAAI,CAAC,OACJ,OAAM,IAAI,MAAM,qBAAqB;EAGtC,MAAM,MAAM,MAAM,KAAK,MAAM,eAAe,OAAO,kBAAkB;GACpE,SAAS;IACR,gBAAgB;IAChB,gBAAgB,gBAAgB;IAChC;GACD,MAAM,KAAK,UAAU,KAAK;GAC1B,CAAC;AAEF,MAAI,CAAC,IAAI,GACR,OAAM,IAAI,MAAM,MAAM,IAAI,MAAM,CAAC;AAGlC,SAAO,IAAI,MAAM"}

package/dist/aws/aws-kms-signer.d.mts

@@ -1,63 +0,0 @@
-import { AwsClientOptions, AwsKmsClient } from "./aws-client.mjs";
-import { PublicKey, Signer } from "@mysten/sui/cryptography";
-
-//#region src/aws/aws-kms-signer.d.ts
-
-/**
- * Configuration options for initializing the AwsKmsSigner.
- */
-interface AwsKmsSignerOptions {
-  /** AWS KMS Key ID used for signing */
-  kmsKeyId: string;
-  /** Options for setting up the AWS KMS client */
-  client: AwsKmsClient;
-  /** Public key */
-  publicKey: PublicKey;
-}
-/**
- * Aws KMS Signer integrates AWS Key Management Service (KMS) with the Sui blockchain
- * to provide signing capabilities using AWS-managed cryptographic keys.
- */
-declare class AwsKmsSigner extends Signer {
-  #private;
-  /**
-   * Creates an instance of AwsKmsSigner. It's expected to call the static `fromKeyId` method to create an instance.
-   * For example:
-   * ```
-   * const signer = await AwsKmsSigner.fromKeyId(keyId, options);
-   * ```
-   * @throws Will throw an error if required AWS credentials or region are not provided.
-   */
-  constructor({
-    kmsKeyId,
-    client,
-    publicKey
-  }: AwsKmsSignerOptions);
-  /**
-   * Retrieves the key scheme used by this signer.
-   * @returns AWS supports only Secp256k1 and Secp256r1 schemes.
-   */
-  getKeyScheme(): "ED25519" | "Secp256r1" | "Secp256k1" | "MultiSig" | "ZkLogin" | "Passkey";
-  /**
-   * Retrieves the public key associated with this signer.
-   * @returns The Secp256k1PublicKey instance.
-   * @throws Will throw an error if the public key has not been initialized.
-   */
-  getPublicKey(): PublicKey;
-  /**
-   * Signs the given data using AWS KMS.
-   * @param bytes - The data to be signed as a Uint8Array.
-   * @returns A promise that resolves to the signature as a Uint8Array.
-   * @throws Will throw an error if the public key is not initialized or if signing fails.
-   */
-  sign(bytes: Uint8Array): Promise<Uint8Array<ArrayBuffer>>;
-  /**
-   * Prepares the signer by fetching and setting the public key from AWS KMS.
-   * It is recommended to initialize an `AwsKmsSigner` instance using this function.
-   * @returns A promise that resolves once a `AwsKmsSigner` instance is prepared (public key is set).
-   */
-  static fromKeyId(keyId: string, options: AwsClientOptions): Promise<AwsKmsSigner>;
-}
-//#endregion
-export { AwsKmsSigner, AwsKmsSignerOptions };
-//# sourceMappingURL=aws-kms-signer.d.mts.map

package/dist/aws/aws-kms-signer.d.mts.map

@@ -1 +0,0 @@
-{"version":3,"file":"aws-kms-signer.d.mts","names":[],"sources":["../../src/aws/aws-kms-signer.ts"],"sourcesContent":[],"mappings":";;;;;AAaA;AAaA;;AAeyB,UA5BR,mBAAA,CA4BQ;EAAQ;EAAa,QAAA,EAAA,MAAA;EAsBjC;EAUM,MAAA,EAxDV,YAwDU;EAAgC;EAAX,SAAA,EAtD5B,SAsD4B;;;;;;AA/CA,cAA3B,YAAA,SAAqB,MAAA,CAAM;;;;;;;;;;;;;;KAeM;;;;;;;;;;;kBAsBjC;;;;;;;cAUM,aAAa,QAAQ,WAAW;;;;;;2CAiBH,mBAAgB,QAAA"}

package/dist/aws/aws-kms-signer.mjs

@@ -1,78 +0,0 @@
-import { getConcatenatedSignature } from "../utils/utils.mjs";
-import { AwsKmsClient } from "./aws-client.mjs";
-import { SIGNATURE_FLAG_TO_SCHEME, Signer } from "@mysten/sui/cryptography";
-import { fromBase64, toBase64 } from "@mysten/sui/utils";
-
-//#region src/aws/aws-kms-signer.ts
-/**
-* Aws KMS Signer integrates AWS Key Management Service (KMS) with the Sui blockchain
-* to provide signing capabilities using AWS-managed cryptographic keys.
-*/
-var AwsKmsSigner = class AwsKmsSigner extends Signer {
-	#publicKey;
-	/** AWS KMS client instance */
-	#client;
-	/** AWS KMS Key ID used for signing */
-	#kmsKeyId;
-	/**
-	* Creates an instance of AwsKmsSigner. It's expected to call the static `fromKeyId` method to create an instance.
-	* For example:
-	* ```
-	* const signer = await AwsKmsSigner.fromKeyId(keyId, options);
-	* ```
-	* @throws Will throw an error if required AWS credentials or region are not provided.
-	*/
-	constructor({ kmsKeyId, client, publicKey }) {
-		super();
-		if (!kmsKeyId) throw new Error("KMS Key ID is required");
-		this.#client = client;
-		this.#kmsKeyId = kmsKeyId;
-		this.#publicKey = publicKey;
-	}
-	/**
-	* Retrieves the key scheme used by this signer.
-	* @returns AWS supports only Secp256k1 and Secp256r1 schemes.
-	*/
-	getKeyScheme() {
-		return SIGNATURE_FLAG_TO_SCHEME[this.#publicKey.flag()];
-	}
-	/**
-	* Retrieves the public key associated with this signer.
-	* @returns The Secp256k1PublicKey instance.
-	* @throws Will throw an error if the public key has not been initialized.
-	*/
-	getPublicKey() {
-		return this.#publicKey;
-	}
-	/**
-	* Signs the given data using AWS KMS.
-	* @param bytes - The data to be signed as a Uint8Array.
-	* @returns A promise that resolves to the signature as a Uint8Array.
-	* @throws Will throw an error if the public key is not initialized or if signing fails.
-	*/
-	async sign(bytes) {
-		return getConcatenatedSignature(fromBase64((await this.#client.runCommand("Sign", {
-			KeyId: this.#kmsKeyId,
-			Message: toBase64(bytes),
-			MessageType: "RAW",
-			SigningAlgorithm: "ECDSA_SHA_256"
-		})).Signature), this.getKeyScheme());
-	}
-	/**
-	* Prepares the signer by fetching and setting the public key from AWS KMS.
-	* It is recommended to initialize an `AwsKmsSigner` instance using this function.
-	* @returns A promise that resolves once a `AwsKmsSigner` instance is prepared (public key is set).
-	*/
-	static async fromKeyId(keyId, options) {
-		const client = new AwsKmsClient(options);
-		return new AwsKmsSigner({
-			kmsKeyId: keyId,
-			client,
-			publicKey: await client.getPublicKey(keyId)
-		});
-	}
-};
-
-//#endregion
-export { AwsKmsSigner };
-//# sourceMappingURL=aws-kms-signer.mjs.map

package/dist/aws/aws-kms-signer.mjs.map

@@ -1 +0,0 @@
-{"version":3,"file":"aws-kms-signer.mjs","names":["#client","#kmsKeyId","#publicKey"],"sources":["../../src/aws/aws-kms-signer.ts"],"sourcesContent":["// Copyright (c) Mysten Labs, Inc.\n// SPDX-License-Identifier: Apache-2.0\nimport type { PublicKey, SignatureFlag } from '@mysten/sui/cryptography';\nimport { SIGNATURE_FLAG_TO_SCHEME, Signer } from '@mysten/sui/cryptography';\nimport { fromBase64, toBase64 } from '@mysten/sui/utils';\n\nimport { getConcatenatedSignature } from '../utils/utils.js';\nimport type { AwsClientOptions } from './aws-client.js';\nimport { AwsKmsClient } from './aws-client.js';\n\n/**\n * Configuration options for initializing the AwsKmsSigner.\n */\nexport interface AwsKmsSignerOptions {\n\t/** AWS KMS Key ID used for signing */\n\tkmsKeyId: string;\n\t/** Options for setting up the AWS KMS client */\n\tclient: AwsKmsClient;\n\t/** Public key */\n\tpublicKey: PublicKey;\n}\n\n/**\n * Aws KMS Signer integrates AWS Key Management Service (KMS) with the Sui blockchain\n * to provide signing capabilities using AWS-managed cryptographic keys.\n */\nexport class AwsKmsSigner extends Signer {\n\t#publicKey: PublicKey;\n\t/** AWS KMS client instance */\n\t#client: AwsKmsClient;\n\t/** AWS KMS Key ID used for signing */\n\t#kmsKeyId: string;\n\n\t/**\n\t * Creates an instance of AwsKmsSigner. It's expected to call the static `fromKeyId` method to create an instance.\n\t * For example:\n\t * ```\n\t * const signer = await AwsKmsSigner.fromKeyId(keyId, options);\n\t * ```\n\t * @throws Will throw an error if required AWS credentials or region are not provided.\n\t */\n\tconstructor({ kmsKeyId, client, publicKey }: AwsKmsSignerOptions) {\n\t\tsuper();\n\t\tif (!kmsKeyId) throw new Error('KMS Key ID is required');\n\n\t\tthis.#client = client;\n\t\tthis.#kmsKeyId = kmsKeyId;\n\t\tthis.#publicKey = publicKey;\n\t}\n\n\t/**\n\t * Retrieves the key scheme used by this signer.\n\t * @returns AWS supports only Secp256k1 and Secp256r1 schemes.\n\t */\n\tgetKeyScheme() {\n\t\treturn SIGNATURE_FLAG_TO_SCHEME[this.#publicKey.flag() as SignatureFlag];\n\t}\n\n\t/**\n\t * Retrieves the public key associated with this signer.\n\t * @returns The Secp256k1PublicKey instance.\n\t * @throws Will throw an error if the public key has not been initialized.\n\t */\n\tgetPublicKey() {\n\t\treturn this.#publicKey;\n\t}\n\n\t/**\n\t * Signs the given data using AWS KMS.\n\t * @param bytes - The data to be signed as a Uint8Array.\n\t * @returns A promise that resolves to the signature as a Uint8Array.\n\t * @throws Will throw an error if the public key is not initialized or if signing fails.\n\t */\n\tasync sign(bytes: Uint8Array): Promise<Uint8Array<ArrayBuffer>> {\n\t\tconst signResponse = await this.#client.runCommand('Sign', {\n\t\t\tKeyId: this.#kmsKeyId,\n\t\t\tMessage: toBase64(bytes),\n\t\t\tMessageType: 'RAW',\n\t\t\tSigningAlgorithm: 'ECDSA_SHA_256',\n\t\t});\n\n\t\t// Concatenate the signature components into a compact form\n\t\treturn getConcatenatedSignature(fromBase64(signResponse.Signature), this.getKeyScheme());\n\t}\n\n\t/**\n\t * Prepares the signer by fetching and setting the public key from AWS KMS.\n\t * It is recommended to initialize an `AwsKmsSigner` instance using this function.\n\t * @returns A promise that resolves once a `AwsKmsSigner` instance is prepared (public key is set).\n\t */\n\tstatic async fromKeyId(keyId: string, options: AwsClientOptions) {\n\t\tconst client = new AwsKmsClient(options);\n\n\t\tconst pubKey = await client.getPublicKey(keyId);\n\n\t\treturn new AwsKmsSigner({\n\t\t\tkmsKeyId: keyId,\n\t\t\tclient,\n\t\t\tpublicKey: pubKey,\n\t\t});\n\t}\n}\n"],"mappings":";;;;;;;;;;AA0BA,IAAa,eAAb,MAAa,qBAAqB,OAAO;CACxC;;CAEA;;CAEA;;;;;;;;;CAUA,YAAY,EAAE,UAAU,QAAQ,aAAkC;AACjE,SAAO;AACP,MAAI,CAAC,SAAU,OAAM,IAAI,MAAM,yBAAyB;AAExD,QAAKA,SAAU;AACf,QAAKC,WAAY;AACjB,QAAKC,YAAa;;;;;;CAOnB,eAAe;AACd,SAAO,yBAAyB,MAAKA,UAAW,MAAM;;;;;;;CAQvD,eAAe;AACd,SAAO,MAAKA;;;;;;;;CASb,MAAM,KAAK,OAAqD;AAS/D,SAAO,yBAAyB,YARX,MAAM,MAAKF,OAAQ,WAAW,QAAQ;GAC1D,OAAO,MAAKC;GACZ,SAAS,SAAS,MAAM;GACxB,aAAa;GACb,kBAAkB;GAClB,CAAC,EAGsD,UAAU,EAAE,KAAK,cAAc,CAAC;;;;;;;CAQzF,aAAa,UAAU,OAAe,SAA2B;EAChE,MAAM,SAAS,IAAI,aAAa,QAAQ;AAIxC,SAAO,IAAI,aAAa;GACvB,UAAU;GACV;GACA,WALc,MAAM,OAAO,aAAa,MAAM;GAM9C,CAAC"}

package/dist/aws/aws4fetch.d.mts

@@ -1,62 +0,0 @@
-//#region src/aws/aws4fetch.d.ts
-type AwsRequestInit = RequestInit & {
-  aws?: {
-    accessKeyId?: string;
-    secretAccessKey?: string;
-    sessionToken?: string;
-    service?: string;
-    region?: string;
-    cache?: Map<string, ArrayBuffer>;
-    datetime?: string;
-    signQuery?: boolean;
-    appendSessionToken?: boolean;
-    allHeaders?: boolean;
-    singleEncode?: boolean;
-  };
-};
-declare class AwsClient {
-  accessKeyId: string;
-  secretAccessKey: string;
-  sessionToken: string | undefined;
-  service: string | undefined;
-  region: string | undefined;
-  cache: Map<any, any>;
-  retries: number;
-  initRetryMs: number;
-  /**
-   * @param {} options
-   */
-  constructor({
-    accessKeyId,
-    secretAccessKey,
-    sessionToken,
-    service,
-    region,
-    cache,
-    retries,
-    initRetryMs
-  }: {
-    accessKeyId: string;
-    secretAccessKey: string;
-    sessionToken?: string;
-    service?: string;
-    region?: string;
-    cache?: Map<string, ArrayBuffer>;
-    retries?: number;
-    initRetryMs?: number;
-  });
-  sign(input: Request | {
-    toString: () => string;
-  }, init: AwsRequestInit): Promise<Request>;
-  /**
-   * @param {Request | { toString: () => string }} input
-   * @param {?AwsRequestInit} [init]
-   * @returns {Promise<Response>}
-   */
-  fetch(input: Request | {
-    toString: () => string;
-  }, init: AwsRequestInit): Promise<Response>;
-}
-//#endregion
-export { AwsClient };
-//# sourceMappingURL=aws4fetch.d.mts.map

package/dist/aws/aws4fetch.d.mts.map

@@ -1 +0,0 @@
-{"version":3,"file":"aws4fetch.d.mts","names":[],"sources":["../../src/aws/aws4fetch.ts"],"sourcesContent":[],"mappings":";KAsCK,cAAA,GAAiB;EAAjB,GAAA,CAAA,EAAA;IAAiB,WAAA,CAAA,EAAA,MAAA;IAOA,eAAA,CAAA,EAAA,MAAA;IAAZ,YAAA,CAAA,EAAA,MAAA;IAAG,OAAA,CAAA,EAAA,MAAA;IASA,MAAA,CAAA,EAAS,MAAA;IAMd,KAAA,CAAA,EAfE,GAeF,CAAA,MAAA,EAfc,WAed,CAAA;IAON,QAAA,CAAA,EAAA,MAAA;IACA,SAAA,CAAA,EAAA,OAAA;IACA,kBAAA,CAAA,EAAA,OAAA;IACA,UAAA,CAAA,EAAA,OAAA;IACA,YAAA,CAAA,EAAA,OAAA;EACA,CAAA;CACA;AACA,cApBW,SAAA,CAoBX;EAOoB,WAAA,EAAA,MAAA;EAAZ,eAAA,EAAA,MAAA;EAiBS,YAAA,EAAA,MAAA,GAAA,SAAA;EAA4C,OAAA,EAAA,MAAA,GAAA,SAAA;EAAyB,MAAA,EAAA,MAAA,GAAA,SAAA;EAAR,KAAA,EAtCxE,GAsCwE,CAAA,GAAA,EAAA,GAAA,CAAA;EAiC5D,OAAA,EAAA,MAAA;EAA4C,WAAA,EAAA,MAAA;EAAc;;;;;;;;;;;;;;;;;;YAlDpE,YAAY;;;;cAiBH;;WAA4C,iBAAiB,QAAQ;;;;;;eAiCpE;;WAA4C,iBAAc,QAAA"}