npm - @mysten/signers - Versions diffs - 1.0.1 → 1.0.4 - Mend

@mysten/signers 1.0.1 → 1.0.4

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (47) hide show

package/CHANGELOG.md +43 -0
package/README.md +1 -1
package/dist/aws/index.d.mts +1 -3
package/dist/aws/index.mjs +2 -2
package/dist/gcp/index.d.mts +1 -2
package/dist/gcp/index.mjs +2 -2
package/dist/ledger/index.d.mts +1 -74
package/dist/ledger/index.mjs +2 -109
package/dist/webcrypto/index.d.mts +1 -32
package/dist/webcrypto/index.mjs +2 -69
package/package.json +9 -19
package/src/aws/index.ts +1 -6
package/src/gcp/index.ts +1 -6
package/src/ledger/index.ts +1 -160
package/src/webcrypto/index.ts +1 -108
package/dist/aws/aws-client.d.mts +0 -48
package/dist/aws/aws-client.d.mts.map +0 -1
package/dist/aws/aws-client.mjs +0 -46
package/dist/aws/aws-client.mjs.map +0 -1
package/dist/aws/aws-kms-signer.d.mts +0 -63
package/dist/aws/aws-kms-signer.d.mts.map +0 -1
package/dist/aws/aws-kms-signer.mjs +0 -78
package/dist/aws/aws-kms-signer.mjs.map +0 -1
package/dist/aws/aws4fetch.d.mts +0 -62
package/dist/aws/aws4fetch.d.mts.map +0 -1
package/dist/aws/aws4fetch.mjs +0 -313
package/dist/aws/aws4fetch.mjs.map +0 -1
package/dist/gcp/gcp-kms-client.d.mts +0 -71
package/dist/gcp/gcp-kms-client.d.mts.map +0 -1
package/dist/gcp/gcp-kms-client.mjs +0 -104
package/dist/gcp/gcp-kms-client.mjs.map +0 -1
package/dist/ledger/index.d.mts.map +0 -1
package/dist/ledger/index.mjs.map +0 -1
package/dist/ledger/objects.d.mts +0 -10
package/dist/ledger/objects.d.mts.map +0 -1
package/dist/ledger/objects.mjs +0 -16
package/dist/ledger/objects.mjs.map +0 -1
package/dist/utils/utils.mjs +0 -71
package/dist/utils/utils.mjs.map +0 -1
package/dist/webcrypto/index.d.mts.map +0 -1
package/dist/webcrypto/index.mjs.map +0 -1
package/src/aws/aws-client.ts +0 -107
package/src/aws/aws-kms-signer.ts +0 -102
package/src/aws/aws4fetch.ts +0 -502
package/src/gcp/gcp-kms-client.ts +0 -156
package/src/ledger/objects.ts +0 -32
package/src/utils/utils.ts +0 -127

package/dist/aws/aws4fetch.mjs DELETED Viewed

@@ -1,313 +0,0 @@
-//#region src/aws/aws4fetch.ts
-/**
-* Original implementation https://github.com/mhart/aws4fetch, inlined to reduce external dependencies
-* @license MIT <https://opensource.org/licenses/MIT>
-* @copyright Michael Hart 2024
-*/
-const encoder = new TextEncoder();
-/** @type {Record<string, string>} */
-const HOST_SERVICES = {
-	appstream2: "appstream",
-	cloudhsmv2: "cloudhsm",
-	email: "ses",
-	marketplace: "aws-marketplace",
-	mobile: "AWSMobileHubService",
-	pinpoint: "mobiletargeting",
-	queue: "sqs",
-	"git-codecommit": "codecommit",
-	"mturk-requester-sandbox": "mturk-requester",
-	"personalize-runtime": "personalize"
-};
-const UNSIGNABLE_HEADERS = new Set([
-	"authorization",
-	"content-type",
-	"content-length",
-	"user-agent",
-	"presigned-expires",
-	"expect",
-	"x-amzn-trace-id",
-	"range",
-	"connection"
-]);
-var AwsClient = class {
-	/**
-	* @param {} options
-	*/
-	constructor({ accessKeyId, secretAccessKey, sessionToken, service, region, cache, retries, initRetryMs }) {
-		if (accessKeyId == null) throw new TypeError("accessKeyId is a required option");
-		if (secretAccessKey == null) throw new TypeError("secretAccessKey is a required option");
-		this.accessKeyId = accessKeyId;
-		this.secretAccessKey = secretAccessKey;
-		this.sessionToken = sessionToken;
-		this.service = service;
-		this.region = region;
-		/** @type {Map<string, ArrayBuffer>} */
-		this.cache = cache || /* @__PURE__ */ new Map();
-		this.retries = retries != null ? retries : 10;
-		this.initRetryMs = initRetryMs || 50;
-	}
-	async sign(input, init) {
-		if (input instanceof Request) {
-			const { method, url, headers, body } = input;
-			init = Object.assign({
-				method,
-				url,
-				headers
-			}, init);
-			if (init.body == null && headers.has("Content-Type")) init.body = body != null && headers.has("X-Amz-Content-Sha256") ? body : await input.clone().arrayBuffer();
-			input = url;
-		}
-		const signer = new AwsV4Signer(Object.assign({ url: input.toString() }, init, this, init && init.aws));
-		const signed = Object.assign({}, init, await signer.sign());
-		delete signed.aws;
-		try {
-			return new Request(signed.url.toString(), signed);
-		} catch (e) {
-			if (e instanceof TypeError) return new Request(signed.url.toString(), Object.assign({ duplex: "half" }, signed));
-			throw e;
-		}
-	}
-	/**
-	* @param {Request | { toString: () => string }} input
-	* @param {?AwsRequestInit} [init]
-	* @returns {Promise<Response>}
-	*/
-	async fetch(input, init) {
-		for (let i = 0; i <= this.retries; i++) {
-			const fetched = fetch(await this.sign(input, init));
-			if (i === this.retries) return fetched;
-			const res = await fetched;
-			if (res.status < 500 && res.status !== 429) return res;
-			await new Promise((resolve) => setTimeout(resolve, Math.random() * this.initRetryMs * Math.pow(2, i)));
-		}
-		throw new Error("An unknown error occurred, ensure retries is not negative");
-	}
-};
-var AwsV4Signer = class {
-	/**
-	* @param {} options
-	*/
-	constructor({ method, url, headers, body, accessKeyId, secretAccessKey, sessionToken, service, region, cache, datetime, signQuery, appendSessionToken, allHeaders, singleEncode }) {
-		if (url == null) throw new TypeError("url is a required option");
-		if (accessKeyId == null) throw new TypeError("accessKeyId is a required option");
-		if (secretAccessKey == null) throw new TypeError("secretAccessKey is a required option");
-		this.method = method || (body ? "POST" : "GET");
-		this.url = new URL(url);
-		this.headers = new Headers(headers || {});
-		this.body = body;
-		this.accessKeyId = accessKeyId;
-		this.secretAccessKey = secretAccessKey;
-		this.sessionToken = sessionToken;
-		let guessedService, guessedRegion;
-		if (!service || !region) [guessedService, guessedRegion] = guessServiceRegion(this.url, this.headers);
-		this.service = service || guessedService || "";
-		this.region = region || guessedRegion || "us-east-1";
-		/** @type {Map<string, ArrayBuffer>} */
-		this.cache = cache || /* @__PURE__ */ new Map();
-		this.datetime = datetime || (/* @__PURE__ */ new Date()).toISOString().replace(/[:-]|\.\d{3}/g, "");
-		this.signQuery = signQuery;
-		this.appendSessionToken = appendSessionToken || this.service === "iotdevicegateway";
-		this.headers.delete("Host");
-		if (this.service === "s3" && !this.signQuery && !this.headers.has("X-Amz-Content-Sha256")) this.headers.set("X-Amz-Content-Sha256", "UNSIGNED-PAYLOAD");
-		const params = this.signQuery ? this.url.searchParams : this.headers;
-		params.set("X-Amz-Date", this.datetime);
-		if (this.sessionToken && !this.appendSessionToken) params.set("X-Amz-Security-Token", this.sessionToken);
-		this.signableHeaders = ["host", ...this.headers.keys()].filter((header) => allHeaders || !UNSIGNABLE_HEADERS.has(header)).sort();
-		this.signedHeaders = this.signableHeaders.join(";");
-		this.canonicalHeaders = this.signableHeaders.map((header) => header + ":" + (header === "host" ? this.url.host : (this.headers.get(header) || "").replace(/\s+/g, " "))).join("\n");
-		this.credentialString = [
-			this.datetime.slice(0, 8),
-			this.region,
-			this.service,
-			"aws4_request"
-		].join("/");
-		if (this.signQuery) {
-			if (this.service === "s3" && !params.has("X-Amz-Expires")) params.set("X-Amz-Expires", "86400");
-			params.set("X-Amz-Algorithm", "AWS4-HMAC-SHA256");
-			params.set("X-Amz-Credential", this.accessKeyId + "/" + this.credentialString);
-			params.set("X-Amz-SignedHeaders", this.signedHeaders);
-		}
-		if (this.service === "s3") try {
-			this.encodedPath = decodeURIComponent(this.url.pathname.replace(/\+/g, " "));
-		} catch {
-			this.encodedPath = this.url.pathname;
-		}
-		else this.encodedPath = this.url.pathname.replace(/\/+/g, "/");
-		if (!singleEncode) this.encodedPath = encodeURIComponent(this.encodedPath).replace(/%2F/g, "/");
-		this.encodedPath = encodeRfc3986(this.encodedPath);
-		const seenKeys = /* @__PURE__ */ new Set();
-		this.encodedSearch = [...this.url.searchParams].filter(([k]) => {
-			if (!k) return false;
-			if (this.service === "s3") {
-				if (seenKeys.has(k)) return false;
-				seenKeys.add(k);
-			}
-			return true;
-		}).map((pair) => pair.map((p) => encodeRfc3986(encodeURIComponent(p)))).sort(([k1, v1], [k2, v2]) => k1 < k2 ? -1 : k1 > k2 ? 1 : v1 < v2 ? -1 : v1 > v2 ? 1 : 0).map((pair) => pair.join("=")).join("&");
-	}
-	/**
-	* @returns {Promise<{
-	*   method: string
-	*   url: URL
-	*   headers: Headers
-	*   body?: BodyInit | null
-	* }>}
-	*/
-	async sign() {
-		if (this.signQuery) {
-			this.url.searchParams.set("X-Amz-Signature", await this.signature());
-			if (this.sessionToken && this.appendSessionToken) this.url.searchParams.set("X-Amz-Security-Token", this.sessionToken);
-		} else this.headers.set("Authorization", await this.authHeader());
-		return {
-			method: this.method,
-			url: this.url,
-			headers: this.headers,
-			body: this.body
-		};
-	}
-	/**
-	* @returns {Promise<string>}
-	*/
-	async authHeader() {
-		return [
-			"AWS4-HMAC-SHA256 Credential=" + this.accessKeyId + "/" + this.credentialString,
-			"SignedHeaders=" + this.signedHeaders,
-			"Signature=" + await this.signature()
-		].join(", ");
-	}
-	/**
-	* @returns {Promise<string>}
-	*/
-	async signature() {
-		const date = this.datetime.slice(0, 8);
-		const cacheKey = [
-			this.secretAccessKey,
-			date,
-			this.region,
-			this.service
-		].join();
-		let kCredentials = this.cache.get(cacheKey);
-		if (!kCredentials) {
-			kCredentials = await hmac(await hmac(await hmac(await hmac("AWS4" + this.secretAccessKey, date), this.region), this.service), "aws4_request");
-			this.cache.set(cacheKey, kCredentials);
-		}
-		return buf2hex(await hmac(kCredentials, await this.stringToSign()));
-	}
-	/**
-	* @returns {Promise<string>}
-	*/
-	async stringToSign() {
-		return [
-			"AWS4-HMAC-SHA256",
-			this.datetime,
-			this.credentialString,
-			buf2hex(await hash(await this.canonicalString()))
-		].join("\n");
-	}
-	/**
-	* @returns {Promise<string>}
-	*/
-	async canonicalString() {
-		return [
-			this.method.toUpperCase(),
-			this.encodedPath,
-			this.encodedSearch,
-			this.canonicalHeaders + "\n",
-			this.signedHeaders,
-			await this.hexBodyHash()
-		].join("\n");
-	}
-	/**
-	* @returns {Promise<string>}
-	*/
-	async hexBodyHash() {
-		let hashHeader = this.headers.get("X-Amz-Content-Sha256") || (this.service === "s3" && this.signQuery ? "UNSIGNED-PAYLOAD" : null);
-		if (hashHeader == null) {
-			if (this.body && typeof this.body !== "string" && !("byteLength" in this.body)) throw new Error("body must be a string, ArrayBuffer or ArrayBufferView, unless you include the X-Amz-Content-Sha256 header");
-			hashHeader = buf2hex(await hash(this.body || ""));
-		}
-		return hashHeader;
-	}
-};
-/**
-* @param {string | BufferSource} key
-* @param {string} string
-* @returns {Promise<ArrayBuffer>}
-*/
-async function hmac(key, string) {
-	const cryptoKey = await crypto.subtle.importKey("raw", typeof key === "string" ? encoder.encode(key) : key, {
-		name: "HMAC",
-		hash: { name: "SHA-256" }
-	}, false, ["sign"]);
-	return crypto.subtle.sign("HMAC", cryptoKey, encoder.encode(string));
-}
-async function hash(content) {
-	return crypto.subtle.digest("SHA-256", typeof content === "string" ? encoder.encode(content) : content);
-}
-const HEX_CHARS = [
-	"0",
-	"1",
-	"2",
-	"3",
-	"4",
-	"5",
-	"6",
-	"7",
-	"8",
-	"9",
-	"a",
-	"b",
-	"c",
-	"d",
-	"e",
-	"f"
-];
-function buf2hex(arrayBuffer) {
-	const buffer = new Uint8Array(arrayBuffer);
-	let out = "";
-	for (let idx = 0; idx < buffer.length; idx++) {
-		const n = buffer[idx];
-		out += HEX_CHARS[n >>> 4 & 15];
-		out += HEX_CHARS[n & 15];
-	}
-	return out;
-}
-function encodeRfc3986(urlEncodedStr) {
-	return urlEncodedStr.replace(/[!'()*]/g, (c) => "%" + c.charCodeAt(0).toString(16).toUpperCase());
-}
-function guessServiceRegion(url, headers) {
-	const { hostname, pathname } = url;
-	if (hostname.endsWith(".on.aws")) {
-		const match$1 = hostname.match(/^[^.]{1,63}\.lambda-url\.([^.]{1,63})\.on\.aws$/);
-		return match$1 != null ? ["lambda", match$1[1] || ""] : ["", ""];
-	}
-	if (hostname.endsWith(".r2.cloudflarestorage.com")) return ["s3", "auto"];
-	if (hostname.endsWith(".backblazeb2.com")) {
-		const match$1 = hostname.match(/^(?:[^.]{1,63}\.)?s3\.([^.]{1,63})\.backblazeb2\.com$/);
-		return match$1 != null ? ["s3", match$1[1] || ""] : ["", ""];
-	}
-	const match = hostname.replace("dualstack.", "").match(/([^.]{1,63})\.(?:([^.]{0,63})\.)?amazonaws\.com(?:\.cn)?$/);
-	let service = match && match[1] || "";
-	let region = match && match[2];
-	if (region === "us-gov") region = "us-gov-west-1";
-	else if (region === "s3" || region === "s3-accelerate") {
-		region = "us-east-1";
-		service = "s3";
-	} else if (service === "iot") if (hostname.startsWith("iot.")) service = "execute-api";
-	else if (hostname.startsWith("data.jobs.iot.")) service = "iot-jobs-data";
-	else service = pathname === "/mqtt" ? "iotdevicegateway" : "iotdata";
-	else if (service === "autoscaling") {
-		const targetPrefix = (headers.get("X-Amz-Target") || "").split(".")[0];
-		if (targetPrefix === "AnyScaleFrontendService") service = "application-autoscaling";
-		else if (targetPrefix === "AnyScaleScalingPlannerFrontendService") service = "autoscaling-plans";
-	} else if (region == null && service.startsWith("s3-")) {
-		region = service.slice(3).replace(/^fips-|^external-1/, "");
-		service = "s3";
-	} else if (service.endsWith("-fips")) service = service.slice(0, -5);
-	else if (region && /-\d$/.test(service) && !/-\d$/.test(region)) [service, region] = [region, service];
-	return [HOST_SERVICES[service] || service, region || ""];
-}
-//#endregion
-export { AwsClient };
-//# sourceMappingURL=aws4fetch.mjs.map

package/dist/aws/aws4fetch.mjs.map DELETED Viewed

@@ -1 +0,0 @@

- {"version":3,"file":"aws4fetch.mjs","names":["match"],"sources":["../../src/aws/aws4fetch.ts"],"sourcesContent":["// Copyright (c) Mysten Labs, Inc.\n// SPDX-License-Identifier: Apache-2.0\n\n/**\n * Original implementation https://github.com/mhart/aws4fetch, inlined to reduce external dependencies\n * @license MIT <https://opensource.org/licenses/MIT>\n * @copyright Michael Hart 2024\n */\n\nconst encoder = new TextEncoder();\n\n/** @type {Record<string, string>} */\nconst HOST_SERVICES: Record<string, string> = {\n\tappstream2: 'appstream',\n\tcloudhsmv2: 'cloudhsm',\n\temail: 'ses',\n\tmarketplace: 'aws-marketplace',\n\tmobile: 'AWSMobileHubService',\n\tpinpoint: 'mobiletargeting',\n\tqueue: 'sqs',\n\t'git-codecommit': 'codecommit',\n\t'mturk-requester-sandbox': 'mturk-requester',\n\t'personalize-runtime': 'personalize',\n};\n\n// https://github.com/aws/aws-sdk-js/blob/cc29728c1c4178969ebabe3bbe6b6f3159436394/lib/signers/v4.js#L190-L198\nconst UNSIGNABLE_HEADERS = new Set([\n\t'authorization',\n\t'content-type',\n\t'content-length',\n\t'user-agent',\n\t'presigned-expires',\n\t'expect',\n\t'x-amzn-trace-id',\n\t'range',\n\t'connection',\n]);\n\ntype AwsRequestInit = RequestInit & {\n\taws?: {\n\t\taccessKeyId?: string;\n\t\tsecretAccessKey?: string;\n\t\tsessionToken?: string;\n\t\tservice?: string;\n\t\tregion?: string;\n\t\tcache?: Map<string, ArrayBuffer>;\n\t\tdatetime?: string;\n\t\tsignQuery?: boolean;\n\t\tappendSessionToken?: boolean;\n\t\tallHeaders?: boolean;\n\t\tsingleEncode?: boolean;\n\t};\n};\n\nexport class AwsClient {\n\taccessKeyId: string;\n\tsecretAccessKey: string;\n\tsessionToken: string | undefined;\n\tservice: string | undefined;\n\tregion: string | undefined;\n\tcache: Map<any, any>;\n\tretries: number;\n\tinitRetryMs: number;\n\t/**\n\t * @param {} options\n\t */\n\tconstructor({\n\t\taccessKeyId,\n\t\tsecretAccessKey,\n\t\tsessionToken,\n\t\tservice,\n\t\tregion,\n\t\tcache,\n\t\tretries,\n\t\tinitRetryMs,\n\t}: {\n\t\taccessKeyId: string;\n\t\tsecretAccessKey: string;\n\t\tsessionToken?: string;\n\t\tservice?: string;\n\t\tregion?: string;\n\t\tcache?: Map<string, ArrayBuffer>;\n\t\tretries?: number;\n\t\tinitRetryMs?: number;\n\t}) {\n\t\tif (accessKeyId == null) throw new TypeError('accessKeyId is a required option');\n\t\tif (secretAccessKey == null) throw new TypeError('secretAccessKey is a required option');\n\t\tthis.accessKeyId = accessKeyId;\n\t\tthis.secretAccessKey = secretAccessKey;\n\t\tthis.sessionToken = sessionToken;\n\t\tthis.service = service;\n\t\tthis.region = region;\n\t\t/** @type {Map<string, ArrayBuffer>} */\n\t\tthis.cache = cache || new Map();\n\t\tthis.retries = retries != null ? retries : 10; // Up to 25.6 secs\n\t\tthis.initRetryMs = initRetryMs || 50;\n\t}\n\n\tasync sign(input: Request | { toString: () => string }, init: AwsRequestInit): Promise<Request> {\n\t\tif (input instanceof Request) {\n\t\t\tconst { method, url, headers, body } = input;\n\t\t\tinit = Object.assign({ method, url, headers }, init);\n\t\t\tif (init.body == null && headers.has('Content-Type')) {\n\t\t\t\tinit.body =\n\t\t\t\t\tbody != null && headers.has('X-Amz-Content-Sha256')\n\t\t\t\t\t\t? body\n\t\t\t\t\t\t: await input.clone().arrayBuffer();\n\t\t\t}\n\t\t\tinput = url;\n\t\t}\n\t\tconst signer = new AwsV4Signer(\n\t\t\tObject.assign({ url: input.toString() }, init, this, init && init.aws),\n\t\t);\n\t\tconst signed = Object.assign({}, init, await signer.sign());\n\t\tdelete signed.aws;\n\t\ttry {\n\t\t\treturn new Request(signed.url.toString(), signed);\n\t\t} catch (e) {\n\t\t\tif (e instanceof TypeError) {\n\t\t\t\t// https://bugs.chromium.org/p/chromium/issues/detail?id=1360943\n\t\t\t\treturn new Request(signed.url.toString(), Object.assign({ duplex: 'half' }, signed));\n\t\t\t}\n\t\t\tthrow e;\n\t\t}\n\t}\n\n\t/**\n\t * @param {Request | { toString: () => string }} input\n\t * @param {?AwsRequestInit} [init]\n\t * @returns {Promise<Response>}\n\t */\n\tasync fetch(input: Request | { toString: () => string }, init: AwsRequestInit) {\n\t\tfor (let i = 0; i <= this.retries; i++) {\n\t\t\tconst fetched = fetch(await this.sign(input, init));\n\t\t\tif (i === this.retries) {\n\t\t\t\treturn fetched; // No need to await if we're returning anyway\n\t\t\t}\n\t\t\tconst res = await fetched;\n\t\t\tif (res.status < 500 && res.status !== 429) {\n\t\t\t\treturn res;\n\t\t\t}\n\t\t\tawait new Promise((resolve) =>\n\t\t\t\tsetTimeout(resolve, Math.random() * this.initRetryMs * Math.pow(2, i)),\n\t\t\t);\n\t\t}\n\t\tthrow new Error('An unknown error occurred, ensure retries is not negative');\n\t}\n}\n\nexport class AwsV4Signer {\n\tmethod: any;\n\turl: URL;\n\theaders: Headers;\n\tbody: any;\n\taccessKeyId: any;\n\tsecretAccessKey: any;\n\tsessionToken: any;\n\tservice: any;\n\tregion: any;\n\tcache: any;\n\tdatetime: any;\n\tsignQuery: any;\n\tappendSessionToken: any;\n\tsignableHeaders: any[];\n\tsignedHeaders: any;\n\tcanonicalHeaders: any;\n\tcredentialString: string;\n\tencodedPath: string;\n\tencodedSearch: string;\n\t/**\n\t * @param {} options\n\t */\n\tconstructor({\n\t\tmethod,\n\t\turl,\n\t\theaders,\n\t\tbody,\n\t\taccessKeyId,\n\t\tsecretAccessKey,\n\t\tsessionToken,\n\t\tservice,\n\t\tregion,\n\t\tcache,\n\t\tdatetime,\n\t\tsignQuery,\n\t\tappendSessionToken,\n\t\tallHeaders,\n\t\tsingleEncode,\n\t}: {\n\t\tmethod?: string;\n\t\turl: string;\n\t\theaders?: HeadersInit;\n\t\tbody?: BodyInit | null;\n\t\taccessKeyId: string;\n\t\tsecretAccessKey: string;\n\t\tsessionToken?: string;\n\t\tservice?: string;\n\t\tregion?: string;\n\t\tcache?: Map<string, ArrayBuffer>;\n\t\tdatetime?: string;\n\t\tsignQuery?: boolean;\n\t\tappendSessionToken?: boolean;\n\t\tallHeaders?: boolean;\n\t\tsingleEncode?: boolean;\n\t}) {\n\t\tif (url == null) throw new TypeError('url is a required option');\n\t\tif (accessKeyId == null) throw new TypeError('accessKeyId is a required option');\n\t\tif (secretAccessKey == null) throw new TypeError('secretAccessKey is a required option');\n\n\t\tthis.method = method || (body ? 'POST' : 'GET');\n\t\tthis.url = new URL(url);\n\t\tthis.headers = new Headers(headers || {});\n\t\tthis.body = body;\n\n\t\tthis.accessKeyId = accessKeyId;\n\t\tthis.secretAccessKey = secretAccessKey;\n\t\tthis.sessionToken = sessionToken;\n\n\t\tlet guessedService, guessedRegion;\n\t\tif (!service || !region) {\n\t\t\t[guessedService, guessedRegion] = guessServiceRegion(this.url, this.headers);\n\t\t}\n\t\tthis.service = service || guessedService || '';\n\t\tthis.region = region || guessedRegion || 'us-east-1';\n\n\t\t/** @type {Map<string, ArrayBuffer>} */\n\t\tthis.cache = cache || new Map();\n\t\tthis.datetime = datetime || new Date().toISOString().replace(/[:-]|\\.\\d{3}/g, '');\n\t\tthis.signQuery = signQuery;\n\t\tthis.appendSessionToken = appendSessionToken || this.service === 'iotdevicegateway';\n\n\t\tthis.headers.delete('Host'); // Can't be set in insecure env anyway\n\n\t\tif (this.service === 's3' && !this.signQuery && !this.headers.has('X-Amz-Content-Sha256')) {\n\t\t\tthis.headers.set('X-Amz-Content-Sha256', 'UNSIGNED-PAYLOAD');\n\t\t}\n\n\t\tconst params = this.signQuery ? this.url.searchParams : this.headers;\n\n\t\tparams.set('X-Amz-Date', this.datetime);\n\t\tif (this.sessionToken && !this.appendSessionToken) {\n\t\t\tparams.set('X-Amz-Security-Token', this.sessionToken);\n\t\t}\n\n\t\t// headers are always lowercase in keys()\n\n\t\tthis.signableHeaders = ['host', ...((this.headers as any).keys() as string[])]\n\t\t\t.filter((header) => allHeaders || !UNSIGNABLE_HEADERS.has(header))\n\t\t\t.sort();\n\n\t\tthis.signedHeaders = this.signableHeaders.join(';');\n\n\t\t// headers are always trimmed:\n\t\t// https://fetch.spec.whatwg.org/#concept-header-value-normalize\n\t\tthis.canonicalHeaders = this.signableHeaders\n\t\t\t.map(\n\t\t\t\t(header) =>\n\t\t\t\t\theader +\n\t\t\t\t\t':' +\n\t\t\t\t\t(header === 'host'\n\t\t\t\t\t\t? this.url.host\n\t\t\t\t\t\t: (this.headers.get(header) || '').replace(/\\s+/g, ' ')),\n\t\t\t)\n\t\t\t.join('\\n');\n\n\t\tthis.credentialString = [\n\t\t\tthis.datetime.slice(0, 8),\n\t\t\tthis.region,\n\t\t\tthis.service,\n\t\t\t'aws4_request',\n\t\t].join('/');\n\n\t\tif (this.signQuery) {\n\t\t\tif (this.service === 's3' && !params.has('X-Amz-Expires')) {\n\t\t\t\tparams.set('X-Amz-Expires', '86400'); // 24 hours\n\t\t\t}\n\t\t\tparams.set('X-Amz-Algorithm', 'AWS4-HMAC-SHA256');\n\t\t\tparams.set('X-Amz-Credential', this.accessKeyId + '/' + this.credentialString);\n\t\t\tparams.set('X-Amz-SignedHeaders', this.signedHeaders);\n\t\t}\n\n\t\tif (this.service === 's3') {\n\t\t\ttry {\n\t\t\t\tthis.encodedPath = decodeURIComponent(this.url.pathname.replace(/\\+/g, ' '));\n\t\t\t} catch {\n\t\t\t\tthis.encodedPath = this.url.pathname;\n\t\t\t}\n\t\t} else {\n\t\t\tthis.encodedPath = this.url.pathname.replace(/\\/+/g, '/');\n\t\t}\n\t\tif (!singleEncode) {\n\t\t\tthis.encodedPath = encodeURIComponent(this.encodedPath).replace(/%2F/g, '/');\n\t\t}\n\t\tthis.encodedPath = encodeRfc3986(this.encodedPath);\n\n\t\tconst seenKeys = new Set();\n\t\tthis.encodedSearch = [...this.url.searchParams]\n\t\t\t.filter(([k]) => {\n\t\t\t\tif (!k) return false; // no empty keys\n\t\t\t\tif (this.service === 's3') {\n\t\t\t\t\tif (seenKeys.has(k)) return false; // first val only for S3\n\t\t\t\t\tseenKeys.add(k);\n\t\t\t\t}\n\t\t\t\treturn true;\n\t\t\t})\n\t\t\t.map((pair) => pair.map((p) => encodeRfc3986(encodeURIComponent(p))))\n\t\t\t.sort(([k1, v1], [k2, v2]) => (k1 < k2 ? -1 : k1 > k2 ? 1 : v1 < v2 ? -1 : v1 > v2 ? 1 : 0))\n\t\t\t.map((pair) => pair.join('='))\n\t\t\t.join('&');\n\t}\n\n\t/**\n\t * @returns {Promise<{\n\t * method: string\n\t * url: URL\n\t * headers: Headers\n\t * body?: BodyInit | null\n\t * }>}\n\t */\n\tasync sign() {\n\t\tif (this.signQuery) {\n\t\t\tthis.url.searchParams.set('X-Amz-Signature', await this.signature());\n\t\t\tif (this.sessionToken && this.appendSessionToken) {\n\t\t\t\tthis.url.searchParams.set('X-Amz-Security-Token', this.sessionToken);\n\t\t\t}\n\t\t} else {\n\t\t\tthis.headers.set('Authorization', await this.authHeader());\n\t\t}\n\n\t\treturn {\n\t\t\tmethod: this.method,\n\t\t\turl: this.url,\n\t\t\theaders: this.headers,\n\t\t\tbody: this.body,\n\t\t};\n\t}\n\n\t/**\n\t * @returns {Promise<string>}\n\t */\n\tasync authHeader() {\n\t\treturn [\n\t\t\t'AWS4-HMAC-SHA256 Credential=' + this.accessKeyId + '/' + this.credentialString,\n\t\t\t'SignedHeaders=' + this.signedHeaders,\n\t\t\t'Signature=' + (await this.signature()),\n\t\t].join(', ');\n\t}\n\n\t/**\n\t * @returns {Promise<string>}\n\t */\n\tasync signature() {\n\t\tconst date = this.datetime.slice(0, 8);\n\t\tconst cacheKey = [this.secretAccessKey, date, this.region, this.service].join();\n\t\tlet kCredentials = this.cache.get(cacheKey);\n\t\tif (!kCredentials) {\n\t\t\tconst kDate = await hmac('AWS4' + this.secretAccessKey, date);\n\t\t\tconst kRegion = await hmac(kDate, this.region);\n\t\t\tconst kService = await hmac(kRegion, this.service);\n\t\t\tkCredentials = await hmac(kService, 'aws4_request');\n\t\t\tthis.cache.set(cacheKey, kCredentials);\n\t\t}\n\t\treturn buf2hex(await hmac(kCredentials, await this.stringToSign()));\n\t}\n\n\t/**\n\t * @returns {Promise<string>}\n\t */\n\tasync stringToSign() {\n\t\treturn [\n\t\t\t'AWS4-HMAC-SHA256',\n\t\t\tthis.datetime,\n\t\t\tthis.credentialString,\n\t\t\tbuf2hex(await hash(await this.canonicalString())),\n\t\t].join('\\n');\n\t}\n\n\t/**\n\t * @returns {Promise<string>}\n\t */\n\tasync canonicalString() {\n\t\treturn [\n\t\t\tthis.method.toUpperCase(),\n\t\t\tthis.encodedPath,\n\t\t\tthis.encodedSearch,\n\t\t\tthis.canonicalHeaders + '\\n',\n\t\t\tthis.signedHeaders,\n\t\t\tawait this.hexBodyHash(),\n\t\t].join('\\n');\n\t}\n\n\t/**\n\t * @returns {Promise<string>}\n\t */\n\tasync hexBodyHash() {\n\t\tlet hashHeader =\n\t\t\tthis.headers.get('X-Amz-Content-Sha256') ||\n\t\t\t(this.service === 's3' && this.signQuery ? 'UNSIGNED-PAYLOAD' : null);\n\t\tif (hashHeader == null) {\n\t\t\tif (this.body && typeof this.body !== 'string' && !('byteLength' in this.body)) {\n\t\t\t\tthrow new Error(\n\t\t\t\t\t'body must be a string, ArrayBuffer or ArrayBufferView, unless you include the X-Amz-Content-Sha256 header',\n\t\t\t\t);\n\t\t\t}\n\t\t\thashHeader = buf2hex(await hash(this.body || ''));\n\t\t}\n\t\treturn hashHeader;\n\t}\n}\n\n/**\n * @param {string | BufferSource} key\n * @param {string} string\n * @returns {Promise<ArrayBuffer>}\n */\nasync function hmac(key: string | BufferSource, string: string): Promise<ArrayBuffer> {\n\tconst cryptoKey = await crypto.subtle.importKey(\n\t\t'raw',\n\t\ttypeof key === 'string' ? encoder.encode(key) : key,\n\t\t{ name: 'HMAC', hash: { name: 'SHA-256' } },\n\t\tfalse,\n\t\t['sign'],\n\t);\n\treturn crypto.subtle.sign('HMAC', cryptoKey, encoder.encode(string));\n}\n\nasync function hash(content: string | ArrayBufferLike): Promise<ArrayBuffer> {\n\treturn crypto.subtle.digest(\n\t\t'SHA-256',\n\t\t(typeof content === 'string' ? encoder.encode(content) : content) as ArrayBuffer,\n\t);\n}\n\nconst HEX_CHARS = ['0', '1', '2', '3', '4', '5', '6', '7', '8', '9', 'a', 'b', 'c', 'd', 'e', 'f'];\n\nfunction buf2hex(arrayBuffer: ArrayBufferLike): string {\n\tconst buffer = new Uint8Array(arrayBuffer);\n\tlet out = '';\n\tfor (let idx = 0; idx < buffer.length; idx++) {\n\t\tconst n = buffer[idx];\n\n\t\tout += HEX_CHARS[(n >>> 4) & 0xf];\n\t\tout += HEX_CHARS[n & 0xf];\n\t}\n\treturn out;\n}\n\nfunction encodeRfc3986(urlEncodedStr: string): string {\n\treturn urlEncodedStr.replace(/[!'()*]/g, (c) => '%' + c.charCodeAt(0).toString(16).toUpperCase());\n}\n\nfunction guessServiceRegion(url: URL, headers: Headers): [string, string] {\n\tconst { hostname, pathname } = url;\n\n\tif (hostname.endsWith('.on.aws')) {\n\t\tconst match = hostname.match(/^[^.]{1,63}\\.lambda-url\\.([^.]{1,63})\\.on\\.aws$/);\n\t\treturn match != null ? ['lambda', match[1] || ''] : ['', ''];\n\t}\n\tif (hostname.endsWith('.r2.cloudflarestorage.com')) {\n\t\treturn ['s3', 'auto'];\n\t}\n\tif (hostname.endsWith('.backblazeb2.com')) {\n\t\tconst match = hostname.match(/^(?:[^.]{1,63}\\.)?s3\\.([^.]{1,63})\\.backblazeb2\\.com$/);\n\t\treturn match != null ? ['s3', match[1] || ''] : ['', ''];\n\t}\n\tconst match = hostname\n\t\t.replace('dualstack.', '')\n\t\t.match(/([^.]{1,63})\\.(?:([^.]{0,63})\\.)?amazonaws\\.com(?:\\.cn)?$/);\n\tlet service = (match && match[1]) || '';\n\tlet region = match && match[2];\n\n\tif (region === 'us-gov') {\n\t\tregion = 'us-gov-west-1';\n\t} else if (region === 's3' || region === 's3-accelerate') {\n\t\tregion = 'us-east-1';\n\t\tservice = 's3';\n\t} else if (service === 'iot') {\n\t\tif (hostname.startsWith('iot.')) {\n\t\t\tservice = 'execute-api';\n\t\t} else if (hostname.startsWith('data.jobs.iot.')) {\n\t\t\tservice = 'iot-jobs-data';\n\t\t} else {\n\t\t\tservice = pathname === '/mqtt' ? 'iotdevicegateway' : 'iotdata';\n\t\t}\n\t} else if (service === 'autoscaling') {\n\t\tconst targetPrefix = (headers.get('X-Amz-Target') || '').split('.')[0];\n\t\tif (targetPrefix === 'AnyScaleFrontendService') {\n\t\t\tservice = 'application-autoscaling';\n\t\t} else if (targetPrefix === 'AnyScaleScalingPlannerFrontendService') {\n\t\t\tservice = 'autoscaling-plans';\n\t\t}\n\t} else if (region == null && service.startsWith('s3-')) {\n\t\tregion = service.slice(3).replace(/^fips-|^external-1/, '');\n\t\tservice = 's3';\n\t} else if (service.endsWith('-fips')) {\n\t\tservice = service.slice(0, -5);\n\t} else if (region && /-\\d$/.test(service) && !/-\\d$/.test(region)) {\n\t\t[service, region] = [region, service];\n\t}\n\n\treturn [HOST_SERVICES[service] || service, region || ''];\n}\n"],"mappings":";;;;;;AASA,MAAM,UAAU,IAAI,aAAa;;AAGjC,MAAM,gBAAwC;CAC7C,YAAY;CACZ,YAAY;CACZ,OAAO;CACP,aAAa;CACb,QAAQ;CACR,UAAU;CACV,OAAO;CACP,kBAAkB;CAClB,2BAA2B;CAC3B,uBAAuB;CACvB;AAGD,MAAM,qBAAqB,IAAI,IAAI;CAClC;CACA;CACA;CACA;CACA;CACA;CACA;CACA;CACA;CACA,CAAC;AAkBF,IAAa,YAAb,MAAuB;;;;CAYtB,YAAY,EACX,aACA,iBACA,cACA,SACA,QACA,OACA,SACA,eAUE;AACF,MAAI,eAAe,KAAM,OAAM,IAAI,UAAU,mCAAmC;AAChF,MAAI,mBAAmB,KAAM,OAAM,IAAI,UAAU,uCAAuC;AACxF,OAAK,cAAc;AACnB,OAAK,kBAAkB;AACvB,OAAK,eAAe;AACpB,OAAK,UAAU;AACf,OAAK,SAAS;;AAEd,OAAK,QAAQ,yBAAS,IAAI,KAAK;AAC/B,OAAK,UAAU,WAAW,OAAO,UAAU;AAC3C,OAAK,cAAc,eAAe;;CAGnC,MAAM,KAAK,OAA6C,MAAwC;AAC/F,MAAI,iBAAiB,SAAS;GAC7B,MAAM,EAAE,QAAQ,KAAK,SAAS,SAAS;AACvC,UAAO,OAAO,OAAO;IAAE;IAAQ;IAAK;IAAS,EAAE,KAAK;AACpD,OAAI,KAAK,QAAQ,QAAQ,QAAQ,IAAI,eAAe,CACnD,MAAK,OACJ,QAAQ,QAAQ,QAAQ,IAAI,uBAAuB,GAChD,OACA,MAAM,MAAM,OAAO,CAAC,aAAa;AAEtC,WAAQ;;EAET,MAAM,SAAS,IAAI,YAClB,OAAO,OAAO,EAAE,KAAK,MAAM,UAAU,EAAE,EAAE,MAAM,MAAM,QAAQ,KAAK,IAAI,CACtE;EACD,MAAM,SAAS,OAAO,OAAO,EAAE,EAAE,MAAM,MAAM,OAAO,MAAM,CAAC;AAC3D,SAAO,OAAO;AACd,MAAI;AACH,UAAO,IAAI,QAAQ,OAAO,IAAI,UAAU,EAAE,OAAO;WACzC,GAAG;AACX,OAAI,aAAa,UAEhB,QAAO,IAAI,QAAQ,OAAO,IAAI,UAAU,EAAE,OAAO,OAAO,EAAE,QAAQ,QAAQ,EAAE,OAAO,CAAC;AAErF,SAAM;;;;;;;;CASR,MAAM,MAAM,OAA6C,MAAsB;AAC9E,OAAK,IAAI,IAAI,GAAG,KAAK,KAAK,SAAS,KAAK;GACvC,MAAM,UAAU,MAAM,MAAM,KAAK,KAAK,OAAO,KAAK,CAAC;AACnD,OAAI,MAAM,KAAK,QACd,QAAO;GAER,MAAM,MAAM,MAAM;AAClB,OAAI,IAAI,SAAS,OAAO,IAAI,WAAW,IACtC,QAAO;AAER,SAAM,IAAI,SAAS,YAClB,WAAW,SAAS,KAAK,QAAQ,GAAG,KAAK,cAAc,KAAK,IAAI,GAAG,EAAE,CAAC,CACtE;;AAEF,QAAM,IAAI,MAAM,4DAA4D;;;AAI9E,IAAa,cAAb,MAAyB;;;;CAuBxB,YAAY,EACX,QACA,KACA,SACA,MACA,aACA,iBACA,cACA,SACA,QACA,OACA,UACA,WACA,oBACA,YACA,gBAiBE;AACF,MAAI,OAAO,KAAM,OAAM,IAAI,UAAU,2BAA2B;AAChE,MAAI,eAAe,KAAM,OAAM,IAAI,UAAU,mCAAmC;AAChF,MAAI,mBAAmB,KAAM,OAAM,IAAI,UAAU,uCAAuC;AAExF,OAAK,SAAS,WAAW,OAAO,SAAS;AACzC,OAAK,MAAM,IAAI,IAAI,IAAI;AACvB,OAAK,UAAU,IAAI,QAAQ,WAAW,EAAE,CAAC;AACzC,OAAK,OAAO;AAEZ,OAAK,cAAc;AACnB,OAAK,kBAAkB;AACvB,OAAK,eAAe;EAEpB,IAAI,gBAAgB;AACpB,MAAI,CAAC,WAAW,CAAC,OAChB,EAAC,gBAAgB,iBAAiB,mBAAmB,KAAK,KAAK,KAAK,QAAQ;AAE7E,OAAK,UAAU,WAAW,kBAAkB;AAC5C,OAAK,SAAS,UAAU,iBAAiB;;AAGzC,OAAK,QAAQ,yBAAS,IAAI,KAAK;AAC/B,OAAK,WAAW,6BAAY,IAAI,MAAM,EAAC,aAAa,CAAC,QAAQ,iBAAiB,GAAG;AACjF,OAAK,YAAY;AACjB,OAAK,qBAAqB,sBAAsB,KAAK,YAAY;AAEjE,OAAK,QAAQ,OAAO,OAAO;AAE3B,MAAI,KAAK,YAAY,QAAQ,CAAC,KAAK,aAAa,CAAC,KAAK,QAAQ,IAAI,uBAAuB,CACxF,MAAK,QAAQ,IAAI,wBAAwB,mBAAmB;EAG7D,MAAM,SAAS,KAAK,YAAY,KAAK,IAAI,eAAe,KAAK;AAE7D,SAAO,IAAI,cAAc,KAAK,SAAS;AACvC,MAAI,KAAK,gBAAgB,CAAC,KAAK,mBAC9B,QAAO,IAAI,wBAAwB,KAAK,aAAa;AAKtD,OAAK,kBAAkB,CAAC,QAAQ,GAAK,KAAK,QAAgB,MAAM,CAAc,CAC5E,QAAQ,WAAW,cAAc,CAAC,mBAAmB,IAAI,OAAO,CAAC,CACjE,MAAM;AAER,OAAK,gBAAgB,KAAK,gBAAgB,KAAK,IAAI;AAInD,OAAK,mBAAmB,KAAK,gBAC3B,KACC,WACA,SACA,OACC,WAAW,SACT,KAAK,IAAI,QACR,KAAK,QAAQ,IAAI,OAAO,IAAI,IAAI,QAAQ,QAAQ,IAAI,EACzD,CACA,KAAK,KAAK;AAEZ,OAAK,mBAAmB;GACvB,KAAK,SAAS,MAAM,GAAG,EAAE;GACzB,KAAK;GACL,KAAK;GACL;GACA,CAAC,KAAK,IAAI;AAEX,MAAI,KAAK,WAAW;AACnB,OAAI,KAAK,YAAY,QAAQ,CAAC,OAAO,IAAI,gBAAgB,CACxD,QAAO,IAAI,iBAAiB,QAAQ;AAErC,UAAO,IAAI,mBAAmB,mBAAmB;AACjD,UAAO,IAAI,oBAAoB,KAAK,cAAc,MAAM,KAAK,iBAAiB;AAC9E,UAAO,IAAI,uBAAuB,KAAK,cAAc;;AAGtD,MAAI,KAAK,YAAY,KACpB,KAAI;AACH,QAAK,cAAc,mBAAmB,KAAK,IAAI,SAAS,QAAQ,OAAO,IAAI,CAAC;UACrE;AACP,QAAK,cAAc,KAAK,IAAI;;MAG7B,MAAK,cAAc,KAAK,IAAI,SAAS,QAAQ,QAAQ,IAAI;AAE1D,MAAI,CAAC,aACJ,MAAK,cAAc,mBAAmB,KAAK,YAAY,CAAC,QAAQ,QAAQ,IAAI;AAE7E,OAAK,cAAc,cAAc,KAAK,YAAY;EAElD,MAAM,2BAAW,IAAI,KAAK;AAC1B,OAAK,gBAAgB,CAAC,GAAG,KAAK,IAAI,aAAa,CAC7C,QAAQ,CAAC,OAAO;AAChB,OAAI,CAAC,EAAG,QAAO;AACf,OAAI,KAAK,YAAY,MAAM;AAC1B,QAAI,SAAS,IAAI,EAAE,CAAE,QAAO;AAC5B,aAAS,IAAI,EAAE;;AAEhB,UAAO;IACN,CACD,KAAK,SAAS,KAAK,KAAK,MAAM,cAAc,mBAAmB,EAAE,CAAC,CAAC,CAAC,CACpE,MAAM,CAAC,IAAI,KAAK,CAAC,IAAI,QAAS,KAAK,KAAK,KAAK,KAAK,KAAK,IAAI,KAAK,KAAK,KAAK,KAAK,KAAK,IAAI,EAAG,CAC3F,KAAK,SAAS,KAAK,KAAK,IAAI,CAAC,CAC7B,KAAK,IAAI;;;;;;;;;;CAWZ,MAAM,OAAO;AACZ,MAAI,KAAK,WAAW;AACnB,QAAK,IAAI,aAAa,IAAI,mBAAmB,MAAM,KAAK,WAAW,CAAC;AACpE,OAAI,KAAK,gBAAgB,KAAK,mBAC7B,MAAK,IAAI,aAAa,IAAI,wBAAwB,KAAK,aAAa;QAGrE,MAAK,QAAQ,IAAI,iBAAiB,MAAM,KAAK,YAAY,CAAC;AAG3D,SAAO;GACN,QAAQ,KAAK;GACb,KAAK,KAAK;GACV,SAAS,KAAK;GACd,MAAM,KAAK;GACX;;;;;CAMF,MAAM,aAAa;AAClB,SAAO;GACN,iCAAiC,KAAK,cAAc,MAAM,KAAK;GAC/D,mBAAmB,KAAK;GACxB,eAAgB,MAAM,KAAK,WAAW;GACtC,CAAC,KAAK,KAAK;;;;;CAMb,MAAM,YAAY;EACjB,MAAM,OAAO,KAAK,SAAS,MAAM,GAAG,EAAE;EACtC,MAAM,WAAW;GAAC,KAAK;GAAiB;GAAM,KAAK;GAAQ,KAAK;GAAQ,CAAC,MAAM;EAC/E,IAAI,eAAe,KAAK,MAAM,IAAI,SAAS;AAC3C,MAAI,CAAC,cAAc;AAIlB,kBAAe,MAAM,KADJ,MAAM,KADP,MAAM,KADR,MAAM,KAAK,SAAS,KAAK,iBAAiB,KAAK,EAC3B,KAAK,OAAO,EACT,KAAK,QAAQ,EACd,eAAe;AACnD,QAAK,MAAM,IAAI,UAAU,aAAa;;AAEvC,SAAO,QAAQ,MAAM,KAAK,cAAc,MAAM,KAAK,cAAc,CAAC,CAAC;;;;;CAMpE,MAAM,eAAe;AACpB,SAAO;GACN;GACA,KAAK;GACL,KAAK;GACL,QAAQ,MAAM,KAAK,MAAM,KAAK,iBAAiB,CAAC,CAAC;GACjD,CAAC,KAAK,KAAK;;;;;CAMb,MAAM,kBAAkB;AACvB,SAAO;GACN,KAAK,OAAO,aAAa;GACzB,KAAK;GACL,KAAK;GACL,KAAK,mBAAmB;GACxB,KAAK;GACL,MAAM,KAAK,aAAa;GACxB,CAAC,KAAK,KAAK;;;;;CAMb,MAAM,cAAc;EACnB,IAAI,aACH,KAAK,QAAQ,IAAI,uBAAuB,KACvC,KAAK,YAAY,QAAQ,KAAK,YAAY,qBAAqB;AACjE,MAAI,cAAc,MAAM;AACvB,OAAI,KAAK,QAAQ,OAAO,KAAK,SAAS,YAAY,EAAE,gBAAgB,KAAK,MACxE,OAAM,IAAI,MACT,4GACA;AAEF,gBAAa,QAAQ,MAAM,KAAK,KAAK,QAAQ,GAAG,CAAC;;AAElD,SAAO;;;;;;;;AAST,eAAe,KAAK,KAA4B,QAAsC;CACrF,MAAM,YAAY,MAAM,OAAO,OAAO,UACrC,OACA,OAAO,QAAQ,WAAW,QAAQ,OAAO,IAAI,GAAG,KAChD;EAAE,MAAM;EAAQ,MAAM,EAAE,MAAM,WAAW;EAAE,EAC3C,OACA,CAAC,OAAO,CACR;AACD,QAAO,OAAO,OAAO,KAAK,QAAQ,WAAW,QAAQ,OAAO,OAAO,CAAC;;AAGrE,eAAe,KAAK,SAAyD;AAC5E,QAAO,OAAO,OAAO,OACpB,WACC,OAAO,YAAY,WAAW,QAAQ,OAAO,QAAQ,GAAG,QACzD;;AAGF,MAAM,YAAY;CAAC;CAAK;CAAK;CAAK;CAAK;CAAK;CAAK;CAAK;CAAK;CAAK;CAAK;CAAK;CAAK;CAAK;CAAK;CAAK;CAAI;AAElG,SAAS,QAAQ,aAAsC;CACtD,MAAM,SAAS,IAAI,WAAW,YAAY;CAC1C,IAAI,MAAM;AACV,MAAK,IAAI,MAAM,GAAG,MAAM,OAAO,QAAQ,OAAO;EAC7C,MAAM,IAAI,OAAO;AAEjB,SAAO,UAAW,MAAM,IAAK;AAC7B,SAAO,UAAU,IAAI;;AAEtB,QAAO;;AAGR,SAAS,cAAc,eAA+B;AACrD,QAAO,cAAc,QAAQ,aAAa,MAAM,MAAM,EAAE,WAAW,EAAE,CAAC,SAAS,GAAG,CAAC,aAAa,CAAC;;AAGlG,SAAS,mBAAmB,KAAU,SAAoC;CACzE,MAAM,EAAE,UAAU,aAAa;AAE/B,KAAI,SAAS,SAAS,UAAU,EAAE;EACjC,MAAMA,UAAQ,SAAS,MAAM,kDAAkD;AAC/E,SAAOA,WAAS,OAAO,CAAC,UAAUA,QAAM,MAAM,GAAG,GAAG,CAAC,IAAI,GAAG;;AAE7D,KAAI,SAAS,SAAS,4BAA4B,CACjD,QAAO,CAAC,MAAM,OAAO;AAEtB,KAAI,SAAS,SAAS,mBAAmB,EAAE;EAC1C,MAAMA,UAAQ,SAAS,MAAM,wDAAwD;AACrF,SAAOA,WAAS,OAAO,CAAC,MAAMA,QAAM,MAAM,GAAG,GAAG,CAAC,IAAI,GAAG;;CAEzD,MAAM,QAAQ,SACZ,QAAQ,cAAc,GAAG,CACzB,MAAM,4DAA4D;CACpE,IAAI,UAAW,SAAS,MAAM,MAAO;CACrC,IAAI,SAAS,SAAS,MAAM;AAE5B,KAAI,WAAW,SACd,UAAS;UACC,WAAW,QAAQ,WAAW,iBAAiB;AACzD,WAAS;AACT,YAAU;YACA,YAAY,MACtB,KAAI,SAAS,WAAW,OAAO,CAC9B,WAAU;UACA,SAAS,WAAW,iBAAiB,CAC/C,WAAU;KAEV,WAAU,aAAa,UAAU,qBAAqB;UAE7C,YAAY,eAAe;EACrC,MAAM,gBAAgB,QAAQ,IAAI,eAAe,IAAI,IAAI,MAAM,IAAI,CAAC;AACpE,MAAI,iBAAiB,0BACpB,WAAU;WACA,iBAAiB,wCAC3B,WAAU;YAED,UAAU,QAAQ,QAAQ,WAAW,MAAM,EAAE;AACvD,WAAS,QAAQ,MAAM,EAAE,CAAC,QAAQ,sBAAsB,GAAG;AAC3D,YAAU;YACA,QAAQ,SAAS,QAAQ,CACnC,WAAU,QAAQ,MAAM,GAAG,GAAG;UACpB,UAAU,OAAO,KAAK,QAAQ,IAAI,CAAC,OAAO,KAAK,OAAO,CAChE,EAAC,SAAS,UAAU,CAAC,QAAQ,QAAQ;AAGtC,QAAO,CAAC,cAAc,YAAY,SAAS,UAAU,GAAG"}

package/dist/gcp/gcp-kms-client.d.mts DELETED Viewed

@@ -1,71 +0,0 @@
-import { PublicKey, Signer } from "@mysten/sui/cryptography";
-import { KeyManagementServiceClient } from "@google-cloud/kms";
-//#region src/gcp/gcp-kms-client.d.ts
-/**
- * Configuration options for initializing the GcpKmsSigner.
- */
-interface GcpKmsSignerOptions {
-  /** The version name generated from `client.cryptoKeyVersionPath()` */
-  versionName: string;
-  /** Options for setting up the GCP KMS client */
-  client: KeyManagementServiceClient;
-  /** Public key */
-  publicKey: PublicKey;
-}
-/**
- * GCP KMS Signer integrates GCP Key Management Service (KMS) with the Sui blockchain
- * to provide signing capabilities using GCP-managed cryptographic keys.
- */
-declare class GcpKmsSigner extends Signer {
-  #private;
-  /**
-   * Creates an instance of GcpKmsSigner. It's expected to call the static `fromOptions`
-   * or `fromVersionName` method to create an instance.
-   * For example:
-   * ```
-   * const signer = await GcpKmsSigner.fromVersionName(versionName);
-   * ```
-   * @throws Will throw an error if required GCP credentials are not provided.
-   */
-  constructor({
-    versionName,
-    client,
-    publicKey
-  }: GcpKmsSignerOptions);
-  /**
-   * Retrieves the key scheme used by this signer.
-   * @returns GCP supports only `Secp256k1` and `Secp256r1` schemes.
-   */
-  getKeyScheme(): "ED25519" | "Secp256r1" | "Secp256k1" | "MultiSig" | "ZkLogin" | "Passkey";
-  /**
-   * Retrieves the public key associated with this signer.
-   * @returns The Secp256k1PublicKey instance.
-   * @throws Will throw an error if the public key has not been initialized.
-   */
-  getPublicKey(): PublicKey;
-  /**
-   * Signs the given data using GCP KMS.
-   * @param bytes - The data to be signed as a Uint8Array.
-   * @returns A promise that resolves to the signature as a Uint8Array.
-   * @throws Will throw an error if the public key is not initialized or if signing fails.
-   */
-  sign(bytes: Uint8Array): Promise<Uint8Array<ArrayBuffer>>;
-  /**
-   * Creates a GCP KMS signer from the provided options.
-   * Expects the credentials file to be set as an env variable
-   * (GOOGLE_APPLICATION_CREDENTIALS).
-   */
-  static fromOptions(options: {
-    projectId: string;
-    location: string;
-    keyRing: string;
-    cryptoKey: string;
-    cryptoKeyVersion: string;
-  }): Promise<GcpKmsSigner>;
-  static fromVersionName(versionName: string): Promise<GcpKmsSigner>;
-}
-//#endregion
-export { GcpKmsSigner, GcpKmsSignerOptions };
-//# sourceMappingURL=gcp-kms-client.d.mts.map

package/dist/gcp/gcp-kms-client.d.mts.map DELETED Viewed

@@ -1 +0,0 @@

- {"version":3,"file":"gcp-kms-client.d.mts","names":[],"sources":["../../src/gcp/gcp-kms-client.ts"],"sourcesContent":[],"mappings":";;;;;;AAcA;AAaA;AAgBe,UA7BE,mBAAA,CA6BF;EAAa;EAAQ,WAAA,EAAA,MAAA;EAAa;EAsBpC,MAAA,EA/CJ,0BA+CI;EAUM;EAAgC,SAAA,EAvDvC,SAuDuC;;;;;;AA0CF,cA1FpC,YAAA,SAAqB,MAAA,CA0Fe;EA1Ff,CAAA,OAAA;EAAM;;;;;;;;;;;;;KAgBS;;;;;;;;;;;kBAsBpC;;;;;;;cAUM,aAAa,QAAQ,WAAW;;;;;;;;;;;;MAwBjD,QAAA;+CAkB+C,QAAA"}

package/dist/gcp/gcp-kms-client.mjs DELETED Viewed

@@ -1,104 +0,0 @@
-import { getConcatenatedSignature, publicKeyFromDER } from "../utils/utils.mjs";
-import { SIGNATURE_FLAG_TO_SCHEME, Signer } from "@mysten/sui/cryptography";
-import { fromBase64 } from "@mysten/sui/utils";
-import { Secp256k1PublicKey } from "@mysten/sui/keypairs/secp256k1";
-import { Secp256r1PublicKey } from "@mysten/sui/keypairs/secp256r1";
-import { KeyManagementServiceClient } from "@google-cloud/kms";
-//#region src/gcp/gcp-kms-client.ts
-/**
-* GCP KMS Signer integrates GCP Key Management Service (KMS) with the Sui blockchain
-* to provide signing capabilities using GCP-managed cryptographic keys.
-*/
-var GcpKmsSigner = class GcpKmsSigner extends Signer {
-	#publicKey;
-	/** GCP KMS client instance */
-	#client;
-	/** GCP KMS version name (generated from `client.cryptoKeyVersionPath()`) */
-	#versionName;
-	/**
-	* Creates an instance of GcpKmsSigner. It's expected to call the static `fromOptions`
-	* or `fromVersionName` method to create an instance.
-	* For example:
-	* ```
-	* const signer = await GcpKmsSigner.fromVersionName(versionName);
-	* ```
-	* @throws Will throw an error if required GCP credentials are not provided.
-	*/
-	constructor({ versionName, client, publicKey }) {
-		super();
-		if (!versionName) throw new Error("Version name is required");
-		this.#client = client;
-		this.#versionName = versionName;
-		this.#publicKey = publicKey;
-	}
-	/**
-	* Retrieves the key scheme used by this signer.
-	* @returns GCP supports only `Secp256k1` and `Secp256r1` schemes.
-	*/
-	getKeyScheme() {
-		return SIGNATURE_FLAG_TO_SCHEME[this.#publicKey.flag()];
-	}
-	/**
-	* Retrieves the public key associated with this signer.
-	* @returns The Secp256k1PublicKey instance.
-	* @throws Will throw an error if the public key has not been initialized.
-	*/
-	getPublicKey() {
-		return this.#publicKey;
-	}
-	/**
-	* Signs the given data using GCP KMS.
-	* @param bytes - The data to be signed as a Uint8Array.
-	* @returns A promise that resolves to the signature as a Uint8Array.
-	* @throws Will throw an error if the public key is not initialized or if signing fails.
-	*/
-	async sign(bytes) {
-		const [signResponse] = await this.#client.asymmetricSign({
-			name: this.#versionName,
-			data: bytes
-		});
-		if (!signResponse.signature) throw new Error("No signature returned from GCP KMS");
-		return getConcatenatedSignature(signResponse.signature, this.getKeyScheme());
-	}
-	/**
-	* Creates a GCP KMS signer from the provided options.
-	* Expects the credentials file to be set as an env variable
-	* (GOOGLE_APPLICATION_CREDENTIALS).
-	*/
-	static async fromOptions(options) {
-		const client = new KeyManagementServiceClient();
-		const versionName = client.cryptoKeyVersionPath(options.projectId, options.location, options.keyRing, options.cryptoKey, options.cryptoKeyVersion);
-		return new GcpKmsSigner({
-			versionName,
-			client,
-			publicKey: await getPublicKey(client, versionName)
-		});
-	}
-	static async fromVersionName(versionName) {
-		const client = new KeyManagementServiceClient();
-		return new GcpKmsSigner({
-			versionName,
-			client,
-			publicKey: await getPublicKey(client, versionName)
-		});
-	}
-};
-/**
-* Retrieves the public key associated with the given version name.
-*/
-async function getPublicKey(client, versionName) {
-	const [publicKey] = await client.getPublicKey({ name: versionName });
-	const { algorithm, pem } = publicKey;
-	if (!pem) throw new Error("No PEM key returned from GCP KMS");
-	const compressedKey = publicKeyFromDER(fromBase64(pem.replace("-----BEGIN PUBLIC KEY-----", "").replace("-----END PUBLIC KEY-----", "").replace(/\s/g, "")));
-	switch (algorithm) {
-		case "EC_SIGN_SECP256K1_SHA256": return new Secp256k1PublicKey(compressedKey);
-		case "EC_SIGN_P256_SHA256": return new Secp256r1PublicKey(compressedKey);
-		default: throw new Error(`Unsupported algorithm: ${algorithm}`);
-	}
-}
-//#endregion
-export { GcpKmsSigner };
-//# sourceMappingURL=gcp-kms-client.mjs.map

package/dist/gcp/gcp-kms-client.mjs.map DELETED Viewed

@@ -1 +0,0 @@

- {"version":3,"file":"gcp-kms-client.mjs","names":["#client","#versionName","#publicKey"],"sources":["../../src/gcp/gcp-kms-client.ts"],"sourcesContent":["// Copyright (c) Mysten Labs, Inc.\n// SPDX-License-Identifier: Apache-2.0\nimport { KeyManagementServiceClient } from '@google-cloud/kms';\nimport type { PublicKey, SignatureFlag } from '@mysten/sui/cryptography';\nimport { SIGNATURE_FLAG_TO_SCHEME, Signer } from '@mysten/sui/cryptography';\nimport { Secp256k1PublicKey } from '@mysten/sui/keypairs/secp256k1';\nimport { Secp256r1PublicKey } from '@mysten/sui/keypairs/secp256r1';\nimport { fromBase64 } from '@mysten/sui/utils';\n\nimport { getConcatenatedSignature, publicKeyFromDER } from '../utils/utils.js';\n\n/**\n * Configuration options for initializing the GcpKmsSigner.\n */\nexport interface GcpKmsSignerOptions {\n\t/** The version name generated from `client.cryptoKeyVersionPath()` */\n\tversionName: string;\n\t/** Options for setting up the GCP KMS client */\n\tclient: KeyManagementServiceClient;\n\t/** Public key */\n\tpublicKey: PublicKey;\n}\n\n/**\n * GCP KMS Signer integrates GCP Key Management Service (KMS) with the Sui blockchain\n * to provide signing capabilities using GCP-managed cryptographic keys.\n */\nexport class GcpKmsSigner extends Signer {\n\t#publicKey: PublicKey;\n\t/** GCP KMS client instance */\n\t#client: KeyManagementServiceClient;\n\t/** GCP KMS version name (generated from `client.cryptoKeyVersionPath()`) */\n\t#versionName: string;\n\n\t/**\n\t * Creates an instance of GcpKmsSigner. It's expected to call the static `fromOptions`\n\t * or `fromVersionName` method to create an instance.\n\t * For example:\n\t * ```\n\t * const signer = await GcpKmsSigner.fromVersionName(versionName);\n\t * ```\n\t * @throws Will throw an error if required GCP credentials are not provided.\n\t */\n\tconstructor({ versionName, client, publicKey }: GcpKmsSignerOptions) {\n\t\tsuper();\n\t\tif (!versionName) throw new Error('Version name is required');\n\n\t\tthis.#client = client;\n\t\tthis.#versionName = versionName;\n\t\tthis.#publicKey = publicKey;\n\t}\n\n\t/**\n\t * Retrieves the key scheme used by this signer.\n\t * @returns GCP supports only `Secp256k1` and `Secp256r1` schemes.\n\t */\n\tgetKeyScheme() {\n\t\treturn SIGNATURE_FLAG_TO_SCHEME[this.#publicKey.flag() as SignatureFlag];\n\t}\n\n\t/**\n\t * Retrieves the public key associated with this signer.\n\t * @returns The Secp256k1PublicKey instance.\n\t * @throws Will throw an error if the public key has not been initialized.\n\t */\n\tgetPublicKey() {\n\t\treturn this.#publicKey;\n\t}\n\n\t/**\n\t * Signs the given data using GCP KMS.\n\t * @param bytes - The data to be signed as a Uint8Array.\n\t * @returns A promise that resolves to the signature as a Uint8Array.\n\t * @throws Will throw an error if the public key is not initialized or if signing fails.\n\t */\n\tasync sign(bytes: Uint8Array): Promise<Uint8Array<ArrayBuffer>> {\n\t\tconst [signResponse] = await this.#client.asymmetricSign({\n\t\t\tname: this.#versionName,\n\t\t\tdata: bytes,\n\t\t});\n\n\t\tif (!signResponse.signature) {\n\t\t\tthrow new Error('No signature returned from GCP KMS');\n\t\t}\n\n\t\treturn getConcatenatedSignature(signResponse.signature as Uint8Array, this.getKeyScheme());\n\t}\n\n\t/**\n\t * Creates a GCP KMS signer from the provided options.\n\t * Expects the credentials file to be set as an env variable\n\t * (GOOGLE_APPLICATION_CREDENTIALS).\n\t */\n\tstatic async fromOptions(options: {\n\t\tprojectId: string;\n\t\tlocation: string;\n\t\tkeyRing: string;\n\t\tcryptoKey: string;\n\t\tcryptoKeyVersion: string;\n\t}) {\n\t\tconst client = new KeyManagementServiceClient();\n\n\t\tconst versionName = client.cryptoKeyVersionPath(\n\t\t\toptions.projectId,\n\t\t\toptions.location,\n\t\t\toptions.keyRing,\n\t\t\toptions.cryptoKey,\n\t\t\toptions.cryptoKeyVersion,\n\t\t);\n\n\t\treturn new GcpKmsSigner({\n\t\t\tversionName,\n\t\t\tclient,\n\t\t\tpublicKey: await getPublicKey(client, versionName),\n\t\t});\n\t}\n\n\tstatic async fromVersionName(versionName: string) {\n\t\tconst client = new KeyManagementServiceClient();\n\t\treturn new GcpKmsSigner({\n\t\t\tversionName,\n\t\t\tclient,\n\t\t\tpublicKey: await getPublicKey(client, versionName),\n\t\t});\n\t}\n}\n\n/**\n * Retrieves the public key associated with the given version name.\n */\nasync function getPublicKey(\n\tclient: KeyManagementServiceClient,\n\tversionName: string,\n): Promise<PublicKey> {\n\tconst [publicKey] = await client.getPublicKey({ name: versionName });\n\n\tconst { algorithm, pem } = publicKey;\n\n\tif (!pem) throw new Error('No PEM key returned from GCP KMS');\n\n\tconst base64 = pem\n\t\t.replace('-----BEGIN PUBLIC KEY-----', '')\n\t\t.replace('-----END PUBLIC KEY-----', '')\n\t\t.replace(/\\s/g, '');\n\n\tconst compressedKey = publicKeyFromDER(fromBase64(base64));\n\n\tswitch (algorithm) {\n\t\tcase 'EC_SIGN_SECP256K1_SHA256':\n\t\t\treturn new Secp256k1PublicKey(compressedKey);\n\t\tcase 'EC_SIGN_P256_SHA256':\n\t\t\treturn new Secp256r1PublicKey(compressedKey);\n\t\tdefault:\n\t\t\tthrow new Error(`Unsupported algorithm: ${algorithm}`);\n\t}\n}\n"],"mappings":";;;;;;;;;;;;AA2BA,IAAa,eAAb,MAAa,qBAAqB,OAAO;CACxC;;CAEA;;CAEA;;;;;;;;;;CAWA,YAAY,EAAE,aAAa,QAAQ,aAAkC;AACpE,SAAO;AACP,MAAI,CAAC,YAAa,OAAM,IAAI,MAAM,2BAA2B;AAE7D,QAAKA,SAAU;AACf,QAAKC,cAAe;AACpB,QAAKC,YAAa;;;;;;CAOnB,eAAe;AACd,SAAO,yBAAyB,MAAKA,UAAW,MAAM;;;;;;;CAQvD,eAAe;AACd,SAAO,MAAKA;;;;;;;;CASb,MAAM,KAAK,OAAqD;EAC/D,MAAM,CAAC,gBAAgB,MAAM,MAAKF,OAAQ,eAAe;GACxD,MAAM,MAAKC;GACX,MAAM;GACN,CAAC;AAEF,MAAI,CAAC,aAAa,UACjB,OAAM,IAAI,MAAM,qCAAqC;AAGtD,SAAO,yBAAyB,aAAa,WAAyB,KAAK,cAAc,CAAC;;;;;;;CAQ3F,aAAa,YAAY,SAMtB;EACF,MAAM,SAAS,IAAI,4BAA4B;EAE/C,MAAM,cAAc,OAAO,qBAC1B,QAAQ,WACR,QAAQ,UACR,QAAQ,SACR,QAAQ,WACR,QAAQ,iBACR;AAED,SAAO,IAAI,aAAa;GACvB;GACA;GACA,WAAW,MAAM,aAAa,QAAQ,YAAY;GAClD,CAAC;;CAGH,aAAa,gBAAgB,aAAqB;EACjD,MAAM,SAAS,IAAI,4BAA4B;AAC/C,SAAO,IAAI,aAAa;GACvB;GACA;GACA,WAAW,MAAM,aAAa,QAAQ,YAAY;GAClD,CAAC;;;;;;AAOJ,eAAe,aACd,QACA,aACqB;CACrB,MAAM,CAAC,aAAa,MAAM,OAAO,aAAa,EAAE,MAAM,aAAa,CAAC;CAEpE,MAAM,EAAE,WAAW,QAAQ;AAE3B,KAAI,CAAC,IAAK,OAAM,IAAI,MAAM,mCAAmC;CAO7D,MAAM,gBAAgB,iBAAiB,WALxB,IACb,QAAQ,8BAA8B,GAAG,CACzC,QAAQ,4BAA4B,GAAG,CACvC,QAAQ,OAAO,GAAG,CAEqC,CAAC;AAE1D,SAAQ,WAAR;EACC,KAAK,2BACJ,QAAO,IAAI,mBAAmB,cAAc;EAC7C,KAAK,sBACJ,QAAO,IAAI,mBAAmB,cAAc;EAC7C,QACC,OAAM,IAAI,MAAM,0BAA0B,YAAY"}

package/dist/ledger/index.d.mts.map DELETED Viewed

@@ -1 +0,0 @@

- {"version":3,"file":"index.d.mts","names":[],"sources":["../../src/ledger/index.ts"],"sourcesContent":[],"mappings":";;;;;;;;AAoBA;;;AAIY,UAJK,mBAAA,CAIL;EAAiB,SAAA,EAHjB,gBAGiB;EAMhB,cAAA,EAAa,MAAA;EAaX,YAAA,EApBA,eAoBA;EAAW,SAAA,EAnBd,iBAmBc;;;;;AA4BjB,cAzCI,YAAA,SAAqB,MAAA,CAyCzB;EACM,CAAA,OAAA;EACA;;;;;;;EA2DF,WAAA,CAAA;IAAA,SAAA;IAAA,cAAA;IAAA,YAAA;IAAA;EAAA,CAAA,EAzFwD,mBAyFxD;EAAiB;;;EAtGU,YAAA,CAAA,CAAA,EAAA,SAAA;;;;;kBAgClB;;;;;yBASb,yBACM,2BACA,aACX,QAAQ;;;;;6BA8B+B,aAAa,QAAQ;;;;;;kEA2BhD,4BACH,oBAAiB,QAAA"}

package/dist/ledger/index.mjs.map DELETED Viewed

@@ -1 +0,0 @@

- {"version":3,"file":"index.mjs","names":["#publicKey","#derivationPath","#ledgerClient","#suiClient"],"sources":["../../src/ledger/index.ts"],"sourcesContent":["// Copyright (c) Mysten Labs, Inc.\n// SPDX-License-Identifier: Apache-2.0\n\nimport type SuiLedgerClient from '@mysten/ledgerjs-hw-app-sui';\nimport type { ClientWithCoreApi } from '@mysten/sui/client';\nimport type { SignatureWithBytes } from '@mysten/sui/cryptography';\nimport { messageWithIntent, Signer, toSerializedSignature } from '@mysten/sui/cryptography';\nimport { Ed25519PublicKey } from '@mysten/sui/keypairs/ed25519';\nimport { Transaction } from '@mysten/sui/transactions';\nimport { toBase64 } from '@mysten/sui/utils';\n\nimport { bcs } from '@mysten/sui/bcs';\nimport { getInputObjects } from './objects.js';\nimport type { Resolution } from '@mysten/ledgerjs-hw-app-sui';\n\nexport { getInputObjects } from './objects.js';\n\n/**\n * Configuration options for initializing the LedgerSigner.\n */\nexport interface LedgerSignerOptions {\n\tpublicKey: Ed25519PublicKey;\n\tderivationPath: string;\n\tledgerClient: SuiLedgerClient;\n\tsuiClient: ClientWithCoreApi;\n}\n\n/**\n * Ledger integrates with the Sui blockchain to provide signing capabilities using Ledger devices.\n */\nexport class LedgerSigner extends Signer {\n\t#derivationPath: string;\n\t#publicKey: Ed25519PublicKey;\n\t#ledgerClient: SuiLedgerClient;\n\t#suiClient: ClientWithCoreApi;\n\n\t/**\n\t * Creates an instance of LedgerSigner. It's expected to call the static `fromDerivationPath` method to create an instance.\n\t * @example\n\t * ```\n\t * const signer = await LedgerSigner.fromDerivationPath(derivationPath, options);\n\t * ```\n\t */\n\tconstructor({ publicKey, derivationPath, ledgerClient, suiClient }: LedgerSignerOptions) {\n\t\tsuper();\n\t\tthis.#publicKey = publicKey;\n\t\tthis.#derivationPath = derivationPath;\n\t\tthis.#ledgerClient = ledgerClient;\n\t\tthis.#suiClient = suiClient;\n\t}\n\n\t/**\n\t * Retrieves the key scheme used by this signer.\n\t */\n\toverride getKeyScheme() {\n\t\treturn 'ED25519' as const;\n\t}\n\n\t/**\n\t * Retrieves the public key associated with this signer.\n\t * @returns The Ed25519PublicKey instance.\n\t */\n\toverride getPublicKey() {\n\t\treturn this.#publicKey;\n\t}\n\n\t/**\n\t * Signs the provided transaction bytes.\n\t * @returns The signed transaction bytes and signature.\n\t */\n\toverride async signTransaction(\n\t\tbytes: Uint8Array,\n\t\tbcsObjects?: Uint8Array[],\n\t\tresolution?: Resolution,\n\t): Promise<SignatureWithBytes> {\n\t\tconst transactionOptions = bcsObjects\n\t\t\t? { bcsObjects }\n\t\t\t: await getInputObjects(Transaction.from(bytes), this.#suiClient).catch(() => ({\n\t\t\t\t\t// Fail gracefully so network errors or serialization issues don't break transaction signing:\n\t\t\t\t\tbcsObjects: [],\n\t\t\t\t}));\n\n\t\tconst intentMessage = messageWithIntent('TransactionData', bytes);\n\t\tconst { signature } = await this.#ledgerClient.signTransaction(\n\t\t\tthis.#derivationPath,\n\t\t\tintentMessage,\n\t\t\ttransactionOptions,\n\t\t\tresolution,\n\t\t);\n\n\t\treturn {\n\t\t\tbytes: toBase64(bytes),\n\t\t\tsignature: toSerializedSignature({\n\t\t\t\tsignature,\n\t\t\t\tsignatureScheme: this.getKeyScheme(),\n\t\t\t\tpublicKey: this.#publicKey,\n\t\t\t}),\n\t\t};\n\t}\n\n\t/**\n\t * Signs the provided personal message.\n\t * @returns The signed message bytes and signature.\n\t */\n\toverride async signPersonalMessage(bytes: Uint8Array): Promise<SignatureWithBytes> {\n\t\tconst intentMessage = messageWithIntent(\n\t\t\t'PersonalMessage',\n\t\t\tbcs.byteVector().serialize(bytes).toBytes(),\n\t\t);\n\t\tconst { signature } = await this.#ledgerClient.signTransaction(\n\t\t\tthis.#derivationPath,\n\t\t\tintentMessage,\n\t\t);\n\n\t\treturn {\n\t\t\tbytes: toBase64(bytes),\n\t\t\tsignature: toSerializedSignature({\n\t\t\t\tsignature,\n\t\t\t\tsignatureScheme: this.getKeyScheme(),\n\t\t\t\tpublicKey: this.#publicKey,\n\t\t\t}),\n\t\t};\n\t}\n\n\t/**\n\t * Prepares the signer by fetching and setting the public key from a Ledger device.\n\t * It is recommended to initialize an `LedgerSigner` instance using this function.\n\t * @returns A promise that resolves once a `LedgerSigner` instance is prepared (public key is set).\n\t */\n\tstatic async fromDerivationPath(\n\t\tderivationPath: string,\n\t\tledgerClient: SuiLedgerClient,\n\t\tsuiClient: ClientWithCoreApi,\n\t) {\n\t\tconst { publicKey } = await ledgerClient.getPublicKey(derivationPath);\n\t\tif (!publicKey) {\n\t\t\tthrow new Error('Failed to get public key from Ledger.');\n\t\t}\n\n\t\treturn new LedgerSigner({\n\t\t\tderivationPath,\n\t\t\tpublicKey: new Ed25519PublicKey(publicKey),\n\t\t\tledgerClient,\n\t\t\tsuiClient,\n\t\t});\n\t}\n\n\t/**\n\t * Generic signing is not supported by Ledger.\n\t * @throws Always throws an error indicating generic signing is unsupported.\n\t */\n\toverride sign(): never {\n\t\tthrow new Error('Ledger Signer does not support generic signing.');\n\t}\n\n\t/**\n\t * Generic signing is not supported by Ledger.\n\t * @throws Always throws an error indicating generic signing is unsupported.\n\t */\n\toverride signWithIntent(): never {\n\t\tthrow new Error('Ledger Signer does not support generic signing.');\n\t}\n}\n"],"mappings":";;;;;;;;;;;AA8BA,IAAa,eAAb,MAAa,qBAAqB,OAAO;CACxC;CACA;CACA;CACA;;;;;;;;CASA,YAAY,EAAE,WAAW,gBAAgB,cAAc,aAAkC;AACxF,SAAO;AACP,QAAKA,YAAa;AAClB,QAAKC,iBAAkB;AACvB,QAAKC,eAAgB;AACrB,QAAKC,YAAa;;;;;CAMnB,AAAS,eAAe;AACvB,SAAO;;;;;;CAOR,AAAS,eAAe;AACvB,SAAO,MAAKH;;;;;;CAOb,MAAe,gBACd,OACA,YACA,YAC8B;EAC9B,MAAM,qBAAqB,aACxB,EAAE,YAAY,GACd,MAAM,gBAAgB,YAAY,KAAK,MAAM,EAAE,MAAKG,UAAW,CAAC,aAAa,EAE7E,YAAY,EAAE,EACd,EAAE;EAEL,MAAM,gBAAgB,kBAAkB,mBAAmB,MAAM;EACjE,MAAM,EAAE,cAAc,MAAM,MAAKD,aAAc,gBAC9C,MAAKD,gBACL,eACA,oBACA,WACA;AAED,SAAO;GACN,OAAO,SAAS,MAAM;GACtB,WAAW,sBAAsB;IAChC;IACA,iBAAiB,KAAK,cAAc;IACpC,WAAW,MAAKD;IAChB,CAAC;GACF;;;;;;CAOF,MAAe,oBAAoB,OAAgD;EAClF,MAAM,gBAAgB,kBACrB,mBACA,IAAI,YAAY,CAAC,UAAU,MAAM,CAAC,SAAS,CAC3C;EACD,MAAM,EAAE,cAAc,MAAM,MAAKE,aAAc,gBAC9C,MAAKD,gBACL,cACA;AAED,SAAO;GACN,OAAO,SAAS,MAAM;GACtB,WAAW,sBAAsB;IAChC;IACA,iBAAiB,KAAK,cAAc;IACpC,WAAW,MAAKD;IAChB,CAAC;GACF;;;;;;;CAQF,aAAa,mBACZ,gBACA,cACA,WACC;EACD,MAAM,EAAE,cAAc,MAAM,aAAa,aAAa,eAAe;AACrE,MAAI,CAAC,UACJ,OAAM,IAAI,MAAM,wCAAwC;AAGzD,SAAO,IAAI,aAAa;GACvB;GACA,WAAW,IAAI,iBAAiB,UAAU;GAC1C;GACA;GACA,CAAC;;;;;;CAOH,AAAS,OAAc;AACtB,QAAM,IAAI,MAAM,kDAAkD;;;;;;CAOnE,AAAS,iBAAwB;AAChC,QAAM,IAAI,MAAM,kDAAkD"}

package/dist/ledger/objects.d.mts DELETED Viewed

@@ -1,10 +0,0 @@
-import { Transaction } from "@mysten/sui/transactions";
-import { ClientWithCoreApi } from "@mysten/sui/client";
-//#region src/ledger/objects.d.ts
-declare const getInputObjects: (transaction: Transaction, client: ClientWithCoreApi) => Promise<{
-  bcsObjects: Uint8Array<ArrayBuffer>[];
-}>;
-//#endregion
-export { getInputObjects };
-//# sourceMappingURL=objects.d.mts.map

package/dist/ledger/objects.d.mts.map DELETED Viewed

	@@ -1 +0,0 @@
1	- {"version":3,"file":"objects.d.mts","names":[],"sources":["../../src/ledger/objects.ts"],"sourcesContent":[],"mappings":";;;;cAMa,+BAAsC,qBAAqB,sBAAiB;;AAAzF,CAAA,CAAA"}

package/dist/ledger/objects.mjs DELETED Viewed

@@ -1,16 +0,0 @@
-//#region src/ledger/objects.ts
-const getInputObjects = async (transaction, client) => {
-	const data = transaction.getData();
-	const gasObjectIds = data.gasData.payment?.map((object) => object.objectId) ?? [];
-	const inputObjectIds = data.inputs.map((input) => {
-		return input.$kind === "Object" && input.Object.$kind === "ImmOrOwnedObject" ? input.Object.ImmOrOwnedObject.objectId : null;
-	}).filter((objectId) => !!objectId);
-	return { bcsObjects: (await client.core.getObjects({
-		objectIds: [...gasObjectIds, ...inputObjectIds],
-		include: { objectBcs: true }
-	})).objects.filter((obj) => !(obj instanceof Error)).map((object) => object.objectBcs).filter((bytes) => !!bytes) };
-};
-//#endregion
-export { getInputObjects };
-//# sourceMappingURL=objects.mjs.map

package/dist/ledger/objects.mjs.map DELETED Viewed

@@ -1 +0,0 @@

- {"version":3,"file":"objects.mjs","names":[],"sources":["../../src/ledger/objects.ts"],"sourcesContent":["// Copyright (c) Mysten Labs, Inc.\n// SPDX-License-Identifier: Apache-2.0\n\nimport type { Transaction } from '@mysten/sui/transactions';\nimport type { ClientWithCoreApi } from '@mysten/sui/client';\n\nexport const getInputObjects = async (transaction: Transaction, client: ClientWithCoreApi) => {\n\tconst data = transaction.getData();\n\n\tconst gasObjectIds = data.gasData.payment?.map((object) => object.objectId) ?? [];\n\tconst inputObjectIds = data.inputs\n\t\t.map((input) => {\n\t\t\treturn input.$kind === 'Object' && input.Object.$kind === 'ImmOrOwnedObject'\n\t\t\t\t? input.Object.ImmOrOwnedObject.objectId\n\t\t\t\t: null;\n\t\t})\n\t\t.filter((objectId): objectId is string => !!objectId);\n\n\tconst response = await client.core.getObjects({\n\t\tobjectIds: [...gasObjectIds, ...inputObjectIds],\n\t\tinclude: {\n\t\t\tobjectBcs: true,\n\t\t},\n\t});\n\n\tconst bcsObjects = response.objects\n\t\t.filter((obj): obj is Exclude<typeof obj, Error> => !(obj instanceof Error))\n\t\t.map((object) => object.objectBcs)\n\t\t.filter((bytes): bytes is Uint8Array<ArrayBuffer> => !!bytes);\n\n\treturn { bcsObjects };\n};\n"],"mappings":";AAMA,MAAa,kBAAkB,OAAO,aAA0B,WAA8B;CAC7F,MAAM,OAAO,YAAY,SAAS;CAElC,MAAM,eAAe,KAAK,QAAQ,SAAS,KAAK,WAAW,OAAO,SAAS,IAAI,EAAE;CACjF,MAAM,iBAAiB,KAAK,OAC1B,KAAK,UAAU;AACf,SAAO,MAAM,UAAU,YAAY,MAAM,OAAO,UAAU,qBACvD,MAAM,OAAO,iBAAiB,WAC9B;GACF,CACD,QAAQ,aAAiC,CAAC,CAAC,SAAS;AActD,QAAO,EAAE,aAZQ,MAAM,OAAO,KAAK,WAAW;EAC7C,WAAW,CAAC,GAAG,cAAc,GAAG,eAAe;EAC/C,SAAS,EACR,WAAW,MACX;EACD,CAAC,EAE0B,QAC1B,QAAQ,QAA2C,EAAE,eAAe,OAAO,CAC3E,KAAK,WAAW,OAAO,UAAU,CACjC,QAAQ,UAA4C,CAAC,CAAC,MAAM,EAEzC"}