@mysten/sui 1.21.2 → 1.23.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/CHANGELOG.md +21 -0
- package/dist/cjs/cryptography/keypair.js +4 -4
- package/dist/cjs/cryptography/keypair.js.map +2 -2
- package/dist/cjs/version.d.ts +2 -2
- package/dist/cjs/version.js +2 -2
- package/dist/cjs/version.js.map +1 -1
- package/dist/cjs/zklogin/address.js +3 -12
- package/dist/cjs/zklogin/address.js.map +2 -2
- package/dist/cjs/zklogin/index.d.ts +1 -0
- package/dist/cjs/zklogin/index.js +2 -0
- package/dist/cjs/zklogin/index.js.map +2 -2
- package/dist/cjs/zklogin/jwt-decode.d.ts +47 -0
- package/dist/cjs/zklogin/jwt-decode.js +85 -0
- package/dist/cjs/zklogin/jwt-decode.js.map +7 -0
- package/dist/cjs/zklogin/jwt-utils.d.ts +7 -0
- package/dist/cjs/zklogin/jwt-utils.js +19 -0
- package/dist/cjs/zklogin/jwt-utils.js.map +2 -2
- package/dist/cjs/zklogin/nonce.js +2 -2
- package/dist/cjs/zklogin/nonce.js.map +2 -2
- package/dist/cjs/zklogin/publickey.d.ts +2 -0
- package/dist/cjs/zklogin/publickey.js +18 -1
- package/dist/cjs/zklogin/publickey.js.map +2 -2
- package/dist/cjs/zklogin/utils.d.ts +1 -0
- package/dist/cjs/zklogin/utils.js +7 -0
- package/dist/cjs/zklogin/utils.js.map +2 -2
- package/dist/esm/cryptography/keypair.js +1 -1
- package/dist/esm/cryptography/keypair.js.map +2 -2
- package/dist/esm/version.d.ts +2 -2
- package/dist/esm/version.js +2 -2
- package/dist/esm/version.js.map +1 -1
- package/dist/esm/zklogin/address.js +8 -12
- package/dist/esm/zklogin/address.js.map +2 -2
- package/dist/esm/zklogin/index.d.ts +1 -0
- package/dist/esm/zklogin/index.js +2 -0
- package/dist/esm/zklogin/index.js.map +2 -2
- package/dist/esm/zklogin/jwt-decode.d.ts +47 -0
- package/dist/esm/zklogin/jwt-decode.js +65 -0
- package/dist/esm/zklogin/jwt-decode.js.map +7 -0
- package/dist/esm/zklogin/jwt-utils.d.ts +7 -0
- package/dist/esm/zklogin/jwt-utils.js +19 -0
- package/dist/esm/zklogin/jwt-utils.js.map +2 -2
- package/dist/esm/zklogin/nonce.js +2 -2
- package/dist/esm/zklogin/nonce.js.map +2 -2
- package/dist/esm/zklogin/publickey.d.ts +2 -0
- package/dist/esm/zklogin/publickey.js +19 -2
- package/dist/esm/zklogin/publickey.js.map +2 -2
- package/dist/esm/zklogin/utils.d.ts +1 -0
- package/dist/esm/zklogin/utils.js +7 -0
- package/dist/esm/zklogin/utils.js.map +2 -2
- package/dist/tsconfig.esm.tsbuildinfo +1 -1
- package/dist/tsconfig.tsbuildinfo +1 -1
- package/package.json +3 -5
- package/src/cryptography/keypair.ts +2 -2
- package/src/version.ts +2 -2
- package/src/zklogin/address.ts +9 -13
- package/src/zklogin/index.ts +1 -0
- package/src/zklogin/jwt-decode.ts +126 -0
- package/src/zklogin/jwt-utils.ts +29 -0
- package/src/zklogin/nonce.ts +3 -2
- package/src/zklogin/publickey.ts +26 -2
- package/src/zklogin/utils.ts +7 -0
package/CHANGELOG.md
CHANGED
|
@@ -1,5 +1,26 @@
|
|
|
1
1
|
# @mysten/sui.js
|
|
2
2
|
|
|
3
|
+
## 1.23.0
|
|
4
|
+
|
|
5
|
+
### Minor Changes
|
|
6
|
+
|
|
7
|
+
- 8baac61: remove jose dependency
|
|
8
|
+
|
|
9
|
+
### Patch Changes
|
|
10
|
+
|
|
11
|
+
- 8baac61: Add check for malformed google iss in toZkLoginPublicIdentifier
|
|
12
|
+
|
|
13
|
+
## 1.22.0
|
|
14
|
+
|
|
15
|
+
### Minor Changes
|
|
16
|
+
|
|
17
|
+
- 03975f4: replace bs58 and bech32 packages with @scure/base
|
|
18
|
+
|
|
19
|
+
### Patch Changes
|
|
20
|
+
|
|
21
|
+
- Updated dependencies [03975f4]
|
|
22
|
+
- @mysten/bcs@1.5.0
|
|
23
|
+
|
|
3
24
|
## 1.21.2
|
|
4
25
|
|
|
5
26
|
### Patch Changes
|
|
@@ -29,7 +29,7 @@ __export(keypair_exports, {
|
|
|
29
29
|
module.exports = __toCommonJS(keypair_exports);
|
|
30
30
|
var import_bcs = require("@mysten/bcs");
|
|
31
31
|
var import_blake2b = require("@noble/hashes/blake2b");
|
|
32
|
-
var
|
|
32
|
+
var import_base = require("@scure/base");
|
|
33
33
|
var import_intent = require("./intent.js");
|
|
34
34
|
var import_signature_scheme = require("./signature-scheme.js");
|
|
35
35
|
var import_signature = require("./signature.js");
|
|
@@ -80,11 +80,11 @@ class Signer {
|
|
|
80
80
|
class Keypair extends Signer {
|
|
81
81
|
}
|
|
82
82
|
function decodeSuiPrivateKey(value) {
|
|
83
|
-
const { prefix, words } =
|
|
83
|
+
const { prefix, words } = import_base.bech32.decode(value);
|
|
84
84
|
if (prefix !== SUI_PRIVATE_KEY_PREFIX) {
|
|
85
85
|
throw new Error("invalid private key prefix");
|
|
86
86
|
}
|
|
87
|
-
const extendedSecretKey = new Uint8Array(
|
|
87
|
+
const extendedSecretKey = new Uint8Array(import_base.bech32.fromWords(words));
|
|
88
88
|
const secretKey = extendedSecretKey.slice(1);
|
|
89
89
|
const signatureScheme = import_signature_scheme.SIGNATURE_FLAG_TO_SCHEME[extendedSecretKey[0]];
|
|
90
90
|
return {
|
|
@@ -100,6 +100,6 @@ function encodeSuiPrivateKey(bytes, scheme) {
|
|
|
100
100
|
const privKeyBytes = new Uint8Array(bytes.length + 1);
|
|
101
101
|
privKeyBytes.set([flag]);
|
|
102
102
|
privKeyBytes.set(bytes, 1);
|
|
103
|
-
return
|
|
103
|
+
return import_base.bech32.encode(SUI_PRIVATE_KEY_PREFIX, import_base.bech32.toWords(privKeyBytes));
|
|
104
104
|
}
|
|
105
105
|
//# sourceMappingURL=keypair.js.map
|
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
{
|
|
2
2
|
"version": 3,
|
|
3
3
|
"sources": ["../../../src/cryptography/keypair.ts"],
|
|
4
|
-
"sourcesContent": ["// Copyright (c) Mysten Labs, Inc.\n// SPDX-License-Identifier: Apache-2.0\n\nimport { bcs, toBase64 } from '@mysten/bcs';\nimport { blake2b } from '@noble/hashes/blake2b';\nimport { bech32 } from '
|
|
5
|
-
"mappings": ";;;;;;;;;;;;;;;;;;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAGA,iBAA8B;AAC9B,qBAAwB;AACxB,
|
|
4
|
+
"sourcesContent": ["// Copyright (c) Mysten Labs, Inc.\n// SPDX-License-Identifier: Apache-2.0\n\nimport { bcs, toBase64 } from '@mysten/bcs';\nimport { blake2b } from '@noble/hashes/blake2b';\nimport { bech32 } from '@scure/base';\n\nimport type { IntentScope } from './intent.js';\nimport { messageWithIntent } from './intent.js';\nimport type { PublicKey } from './publickey.js';\nimport { SIGNATURE_FLAG_TO_SCHEME, SIGNATURE_SCHEME_TO_FLAG } from './signature-scheme.js';\nimport type { SignatureScheme } from './signature-scheme.js';\nimport { toSerializedSignature } from './signature.js';\n\nexport const PRIVATE_KEY_SIZE = 32;\nexport const LEGACY_PRIVATE_KEY_SIZE = 64;\nexport const SUI_PRIVATE_KEY_PREFIX = 'suiprivkey';\n\nexport type ParsedKeypair = {\n\tschema: SignatureScheme;\n\tsecretKey: Uint8Array;\n};\n\nexport interface SignatureWithBytes {\n\tbytes: string;\n\tsignature: string;\n}\n\n/**\n * TODO: Document\n */\nexport abstract class Signer {\n\tabstract sign(bytes: Uint8Array): Promise<Uint8Array>;\n\t/**\n\t * Sign messages with a specific intent. By combining the message bytes with the intent before hashing and signing,\n\t * it ensures that a signed message is tied to a specific purpose and domain separator is provided\n\t */\n\tasync signWithIntent(bytes: Uint8Array, intent: IntentScope): Promise<SignatureWithBytes> {\n\t\tconst intentMessage = messageWithIntent(intent, bytes);\n\t\tconst digest = blake2b(intentMessage, { dkLen: 32 });\n\n\t\tconst signature = toSerializedSignature({\n\t\t\tsignature: await this.sign(digest),\n\t\t\tsignatureScheme: this.getKeyScheme(),\n\t\t\tpublicKey: this.getPublicKey(),\n\t\t});\n\n\t\treturn {\n\t\t\tsignature,\n\t\t\tbytes: toBase64(bytes),\n\t\t};\n\t}\n\t/**\n\t * Signs provided transaction by calling `signWithIntent()` with a `TransactionData` provided as intent scope\n\t */\n\tasync signTransaction(bytes: Uint8Array) {\n\t\treturn this.signWithIntent(bytes, 'TransactionData');\n\t}\n\t/**\n\t * Signs provided personal message by calling `signWithIntent()` with a `PersonalMessage` provided as intent scope\n\t */\n\tasync signPersonalMessage(bytes: Uint8Array) {\n\t\tconst { signature } = await this.signWithIntent(\n\t\t\tbcs.vector(bcs.u8()).serialize(bytes).toBytes(),\n\t\t\t'PersonalMessage',\n\t\t);\n\n\t\treturn {\n\t\t\tbytes: toBase64(bytes),\n\t\t\tsignature,\n\t\t};\n\t}\n\n\ttoSuiAddress(): string {\n\t\treturn this.getPublicKey().toSuiAddress();\n\t}\n\n\t/**\n\t * Get the key scheme of the keypair: Secp256k1 or ED25519\n\t */\n\tabstract getKeyScheme(): SignatureScheme;\n\n\t/**\n\t * The public key for this keypair\n\t */\n\tabstract getPublicKey(): PublicKey;\n}\n\nexport abstract class Keypair extends Signer {\n\t/**\n\t * This returns the Bech32 secret key string for this keypair.\n\t */\n\tabstract getSecretKey(): string;\n}\n\n/**\n * This returns an ParsedKeypair object based by validating the\n * 33-byte Bech32 encoded string starting with `suiprivkey`, and\n * parse out the signature scheme and the private key in bytes.\n */\nexport function decodeSuiPrivateKey(value: string): ParsedKeypair {\n\tconst { prefix, words } = bech32.decode(value as `${string}1${string}`);\n\tif (prefix !== SUI_PRIVATE_KEY_PREFIX) {\n\t\tthrow new Error('invalid private key prefix');\n\t}\n\tconst extendedSecretKey = new Uint8Array(bech32.fromWords(words));\n\tconst secretKey = extendedSecretKey.slice(1);\n\tconst signatureScheme =\n\t\tSIGNATURE_FLAG_TO_SCHEME[extendedSecretKey[0] as keyof typeof SIGNATURE_FLAG_TO_SCHEME];\n\treturn {\n\t\tschema: signatureScheme,\n\t\tsecretKey: secretKey,\n\t};\n}\n\n/**\n * This returns a Bech32 encoded string starting with `suiprivkey`,\n * encoding 33-byte `flag || bytes` for the given the 32-byte private\n * key and its signature scheme.\n */\nexport function encodeSuiPrivateKey(bytes: Uint8Array, scheme: SignatureScheme): string {\n\tif (bytes.length !== PRIVATE_KEY_SIZE) {\n\t\tthrow new Error('Invalid bytes length');\n\t}\n\tconst flag = SIGNATURE_SCHEME_TO_FLAG[scheme];\n\tconst privKeyBytes = new Uint8Array(bytes.length + 1);\n\tprivKeyBytes.set([flag]);\n\tprivKeyBytes.set(bytes, 1);\n\treturn bech32.encode(SUI_PRIVATE_KEY_PREFIX, bech32.toWords(privKeyBytes));\n}\n"],
|
|
5
|
+
"mappings": ";;;;;;;;;;;;;;;;;;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAGA,iBAA8B;AAC9B,qBAAwB;AACxB,kBAAuB;AAGvB,oBAAkC;AAElC,8BAAmE;AAEnE,uBAAsC;AAE/B,MAAM,mBAAmB;AACzB,MAAM,0BAA0B;AAChC,MAAM,yBAAyB;AAe/B,MAAe,OAAO;AAAA;AAAA;AAAA;AAAA;AAAA,EAM5B,MAAM,eAAe,OAAmB,QAAkD;AACzF,UAAM,oBAAgB,iCAAkB,QAAQ,KAAK;AACrD,UAAM,aAAS,wBAAQ,eAAe,EAAE,OAAO,GAAG,CAAC;AAEnD,UAAM,gBAAY,wCAAsB;AAAA,MACvC,WAAW,MAAM,KAAK,KAAK,MAAM;AAAA,MACjC,iBAAiB,KAAK,aAAa;AAAA,MACnC,WAAW,KAAK,aAAa;AAAA,IAC9B,CAAC;AAED,WAAO;AAAA,MACN;AAAA,MACA,WAAO,qBAAS,KAAK;AAAA,IACtB;AAAA,EACD;AAAA;AAAA;AAAA;AAAA,EAIA,MAAM,gBAAgB,OAAmB;AACxC,WAAO,KAAK,eAAe,OAAO,iBAAiB;AAAA,EACpD;AAAA;AAAA;AAAA;AAAA,EAIA,MAAM,oBAAoB,OAAmB;AAC5C,UAAM,EAAE,UAAU,IAAI,MAAM,KAAK;AAAA,MAChC,eAAI,OAAO,eAAI,GAAG,CAAC,EAAE,UAAU,KAAK,EAAE,QAAQ;AAAA,MAC9C;AAAA,IACD;AAEA,WAAO;AAAA,MACN,WAAO,qBAAS,KAAK;AAAA,MACrB;AAAA,IACD;AAAA,EACD;AAAA,EAEA,eAAuB;AACtB,WAAO,KAAK,aAAa,EAAE,aAAa;AAAA,EACzC;AAWD;AAEO,MAAe,gBAAgB,OAAO;AAK7C;AAOO,SAAS,oBAAoB,OAA8B;AACjE,QAAM,EAAE,QAAQ,MAAM,IAAI,mBAAO,OAAO,KAA8B;AACtE,MAAI,WAAW,wBAAwB;AACtC,UAAM,IAAI,MAAM,4BAA4B;AAAA,EAC7C;AACA,QAAM,oBAAoB,IAAI,WAAW,mBAAO,UAAU,KAAK,CAAC;AAChE,QAAM,YAAY,kBAAkB,MAAM,CAAC;AAC3C,QAAM,kBACL,iDAAyB,kBAAkB,CAAC,CAA0C;AACvF,SAAO;AAAA,IACN,QAAQ;AAAA,IACR;AAAA,EACD;AACD;AAOO,SAAS,oBAAoB,OAAmB,QAAiC;AACvF,MAAI,MAAM,WAAW,kBAAkB;AACtC,UAAM,IAAI,MAAM,sBAAsB;AAAA,EACvC;AACA,QAAM,OAAO,iDAAyB,MAAM;AAC5C,QAAM,eAAe,IAAI,WAAW,MAAM,SAAS,CAAC;AACpD,eAAa,IAAI,CAAC,IAAI,CAAC;AACvB,eAAa,IAAI,OAAO,CAAC;AACzB,SAAO,mBAAO,OAAO,wBAAwB,mBAAO,QAAQ,YAAY,CAAC;AAC1E;",
|
|
6
6
|
"names": []
|
|
7
7
|
}
|
package/dist/cjs/version.d.ts
CHANGED
|
@@ -1,2 +1,2 @@
|
|
|
1
|
-
export declare const PACKAGE_VERSION = "1.
|
|
2
|
-
export declare const TARGETED_RPC_VERSION = "1.
|
|
1
|
+
export declare const PACKAGE_VERSION = "1.23.0";
|
|
2
|
+
export declare const TARGETED_RPC_VERSION = "1.45.0";
|
package/dist/cjs/version.js
CHANGED
|
@@ -22,6 +22,6 @@ __export(version_exports, {
|
|
|
22
22
|
TARGETED_RPC_VERSION: () => TARGETED_RPC_VERSION
|
|
23
23
|
});
|
|
24
24
|
module.exports = __toCommonJS(version_exports);
|
|
25
|
-
const PACKAGE_VERSION = "1.
|
|
26
|
-
const TARGETED_RPC_VERSION = "1.
|
|
25
|
+
const PACKAGE_VERSION = "1.23.0";
|
|
26
|
+
const TARGETED_RPC_VERSION = "1.45.0";
|
|
27
27
|
//# sourceMappingURL=version.js.map
|
package/dist/cjs/version.js.map
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
{
|
|
2
2
|
"version": 3,
|
|
3
3
|
"sources": ["../../src/version.ts"],
|
|
4
|
-
"sourcesContent": ["// Copyright (c) Mysten Labs, Inc.\n// SPDX-License-Identifier: Apache-2.0\n\n// This file is generated by genversion.mjs. Do not edit it directly.\n\nexport const PACKAGE_VERSION = '1.
|
|
4
|
+
"sourcesContent": ["// Copyright (c) Mysten Labs, Inc.\n// SPDX-License-Identifier: Apache-2.0\n\n// This file is generated by genversion.mjs. Do not edit it directly.\n\nexport const PACKAGE_VERSION = '1.23.0';\nexport const TARGETED_RPC_VERSION = '1.45.0';\n"],
|
|
5
5
|
"mappings": ";;;;;;;;;;;;;;;;;;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAKO,MAAM,kBAAkB;AACxB,MAAM,uBAAuB;",
|
|
6
6
|
"names": []
|
|
7
7
|
}
|
|
@@ -28,16 +28,13 @@ __export(address_exports, {
|
|
|
28
28
|
module.exports = __toCommonJS(address_exports);
|
|
29
29
|
var import_blake2b = require("@noble/hashes/blake2b");
|
|
30
30
|
var import_utils = require("@noble/hashes/utils");
|
|
31
|
-
var import_jose = require("jose");
|
|
32
31
|
var import_signature_scheme = require("../cryptography/signature-scheme.js");
|
|
33
32
|
var import_utils2 = require("../utils/index.js");
|
|
33
|
+
var import_jwt_utils = require("./jwt-utils.js");
|
|
34
34
|
var import_utils3 = require("./utils.js");
|
|
35
35
|
function computeZkLoginAddressFromSeed(addressSeed, iss, legacyAddress = true) {
|
|
36
36
|
const addressSeedBytesBigEndian = legacyAddress ? (0, import_utils3.toBigEndianBytes)(addressSeed, 32) : (0, import_utils3.toPaddedBigEndianBytes)(addressSeed, 32);
|
|
37
|
-
|
|
38
|
-
iss = "https://accounts.google.com";
|
|
39
|
-
}
|
|
40
|
-
const addressParamBytes = new TextEncoder().encode(iss);
|
|
37
|
+
const addressParamBytes = new TextEncoder().encode((0, import_utils3.normalizeZkLoginIssuer)(iss));
|
|
41
38
|
const tmp = new Uint8Array(2 + addressSeedBytesBigEndian.length + addressParamBytes.length);
|
|
42
39
|
tmp.set([import_signature_scheme.SIGNATURE_SCHEME_TO_FLAG.ZkLogin]);
|
|
43
40
|
tmp.set([addressParamBytes.length], 1);
|
|
@@ -63,13 +60,7 @@ function lengthChecks(jwt) {
|
|
|
63
60
|
}
|
|
64
61
|
function jwtToAddress(jwt, userSalt, legacyAddress = false) {
|
|
65
62
|
lengthChecks(jwt);
|
|
66
|
-
const decodedJWT = (0,
|
|
67
|
-
if (!decodedJWT.sub || !decodedJWT.iss || !decodedJWT.aud) {
|
|
68
|
-
throw new Error("Missing jwt data");
|
|
69
|
-
}
|
|
70
|
-
if (Array.isArray(decodedJWT.aud)) {
|
|
71
|
-
throw new Error("Not supported aud. Aud is an array, string was expected.");
|
|
72
|
-
}
|
|
63
|
+
const decodedJWT = (0, import_jwt_utils.decodeJwt)(jwt);
|
|
73
64
|
return computeZkLoginAddress({
|
|
74
65
|
userSalt,
|
|
75
66
|
claimName: "sub",
|
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
{
|
|
2
2
|
"version": 3,
|
|
3
3
|
"sources": ["../../../src/zklogin/address.ts"],
|
|
4
|
-
"sourcesContent": ["// Copyright (c) Mysten Labs, Inc.\n// SPDX-License-Identifier: Apache-2.0\n\nimport { blake2b } from '@noble/hashes/blake2b';\nimport { bytesToHex } from '@noble/hashes/utils';\
|
|
5
|
-
"mappings": ";;;;;;;;;;;;;;;;;;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAGA,qBAAwB;AACxB,mBAA2B;
|
|
4
|
+
"sourcesContent": ["// Copyright (c) Mysten Labs, Inc.\n// SPDX-License-Identifier: Apache-2.0\n\nimport { blake2b } from '@noble/hashes/blake2b';\nimport { bytesToHex } from '@noble/hashes/utils';\n\nimport { SIGNATURE_SCHEME_TO_FLAG } from '../cryptography/signature-scheme.js';\nimport { normalizeSuiAddress, SUI_ADDRESS_LENGTH } from '../utils/index.js';\nimport { decodeJwt } from './jwt-utils.js';\nimport {\n\tgenAddressSeed,\n\tnormalizeZkLoginIssuer,\n\ttoBigEndianBytes,\n\ttoPaddedBigEndianBytes,\n} from './utils.js';\n\nexport function computeZkLoginAddressFromSeed(\n\taddressSeed: bigint,\n\tiss: string,\n\t/** TODO: This default should be changed in the next major release */\n\tlegacyAddress = true,\n) {\n\tconst addressSeedBytesBigEndian = legacyAddress\n\t\t? toBigEndianBytes(addressSeed, 32)\n\t\t: toPaddedBigEndianBytes(addressSeed, 32);\n\n\tconst addressParamBytes = new TextEncoder().encode(normalizeZkLoginIssuer(iss));\n\tconst tmp = new Uint8Array(2 + addressSeedBytesBigEndian.length + addressParamBytes.length);\n\n\ttmp.set([SIGNATURE_SCHEME_TO_FLAG.ZkLogin]);\n\ttmp.set([addressParamBytes.length], 1);\n\ttmp.set(addressParamBytes, 2);\n\ttmp.set(addressSeedBytesBigEndian, 2 + addressParamBytes.length);\n\n\treturn normalizeSuiAddress(\n\t\tbytesToHex(blake2b(tmp, { dkLen: 32 })).slice(0, SUI_ADDRESS_LENGTH * 2),\n\t);\n}\n\nexport const MAX_HEADER_LEN_B64 = 248;\nexport const MAX_PADDED_UNSIGNED_JWT_LEN = 64 * 25;\n\nexport function lengthChecks(jwt: string) {\n\tconst [header, payload] = jwt.split('.');\n\t/// Is the header small enough\n\tif (header.length > MAX_HEADER_LEN_B64) {\n\t\tthrow new Error(`Header is too long`);\n\t}\n\n\t/// Is the combined length of (header, payload, SHA2 padding) small enough?\n\t// unsigned_jwt = header + '.' + payload;\n\tconst L = (header.length + 1 + payload.length) * 8;\n\tconst K = (512 + 448 - ((L % 512) + 1)) % 512;\n\n\t// The SHA2 padding is 1 followed by K zeros, followed by the length of the message\n\tconst padded_unsigned_jwt_len = (L + 1 + K + 64) / 8;\n\n\t// The padded unsigned JWT must be less than the max_padded_unsigned_jwt_len\n\tif (padded_unsigned_jwt_len > MAX_PADDED_UNSIGNED_JWT_LEN) {\n\t\tthrow new Error(`JWT is too long`);\n\t}\n}\n\nexport function jwtToAddress(jwt: string, userSalt: string | bigint, legacyAddress = false) {\n\tlengthChecks(jwt);\n\n\tconst decodedJWT = decodeJwt(jwt);\n\n\treturn computeZkLoginAddress({\n\t\tuserSalt,\n\t\tclaimName: 'sub',\n\t\tclaimValue: decodedJWT.sub,\n\t\taud: decodedJWT.aud,\n\t\tiss: decodedJWT.iss,\n\t\tlegacyAddress,\n\t});\n}\n\nexport interface ComputeZkLoginAddressOptions {\n\tclaimName: string;\n\tclaimValue: string;\n\tuserSalt: string | bigint;\n\tiss: string;\n\taud: string;\n\tlegacyAddress?: boolean;\n}\n\nexport function computeZkLoginAddress({\n\tclaimName,\n\tclaimValue,\n\tiss,\n\taud,\n\tuserSalt,\n\tlegacyAddress = false,\n}: ComputeZkLoginAddressOptions) {\n\treturn computeZkLoginAddressFromSeed(\n\t\tgenAddressSeed(userSalt, claimName, claimValue, aud),\n\t\tiss,\n\t\tlegacyAddress,\n\t);\n}\n"],
|
|
5
|
+
"mappings": ";;;;;;;;;;;;;;;;;;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAGA,qBAAwB;AACxB,mBAA2B;AAE3B,8BAAyC;AACzC,IAAAA,gBAAwD;AACxD,uBAA0B;AAC1B,IAAAA,gBAKO;AAEA,SAAS,8BACf,aACA,KAEA,gBAAgB,MACf;AACD,QAAM,4BAA4B,oBAC/B,gCAAiB,aAAa,EAAE,QAChC,sCAAuB,aAAa,EAAE;AAEzC,QAAM,oBAAoB,IAAI,YAAY,EAAE,WAAO,sCAAuB,GAAG,CAAC;AAC9E,QAAM,MAAM,IAAI,WAAW,IAAI,0BAA0B,SAAS,kBAAkB,MAAM;AAE1F,MAAI,IAAI,CAAC,iDAAyB,OAAO,CAAC;AAC1C,MAAI,IAAI,CAAC,kBAAkB,MAAM,GAAG,CAAC;AACrC,MAAI,IAAI,mBAAmB,CAAC;AAC5B,MAAI,IAAI,2BAA2B,IAAI,kBAAkB,MAAM;AAE/D,aAAO;AAAA,QACN,6BAAW,wBAAQ,KAAK,EAAE,OAAO,GAAG,CAAC,CAAC,EAAE,MAAM,GAAG,mCAAqB,CAAC;AAAA,EACxE;AACD;AAEO,MAAM,qBAAqB;AAC3B,MAAM,8BAA8B,KAAK;AAEzC,SAAS,aAAa,KAAa;AACzC,QAAM,CAAC,QAAQ,OAAO,IAAI,IAAI,MAAM,GAAG;AAEvC,MAAI,OAAO,SAAS,oBAAoB;AACvC,UAAM,IAAI,MAAM,oBAAoB;AAAA,EACrC;AAIA,QAAM,KAAK,OAAO,SAAS,IAAI,QAAQ,UAAU;AACjD,QAAM,KAAK,MAAM,OAAQ,IAAI,MAAO,MAAM;AAG1C,QAAM,2BAA2B,IAAI,IAAI,IAAI,MAAM;AAGnD,MAAI,0BAA0B,6BAA6B;AAC1D,UAAM,IAAI,MAAM,iBAAiB;AAAA,EAClC;AACD;AAEO,SAAS,aAAa,KAAa,UAA2B,gBAAgB,OAAO;AAC3F,eAAa,GAAG;AAEhB,QAAM,iBAAa,4BAAU,GAAG;AAEhC,SAAO,sBAAsB;AAAA,IAC5B;AAAA,IACA,WAAW;AAAA,IACX,YAAY,WAAW;AAAA,IACvB,KAAK,WAAW;AAAA,IAChB,KAAK,WAAW;AAAA,IAChB;AAAA,EACD,CAAC;AACF;AAWO,SAAS,sBAAsB;AAAA,EACrC;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA,gBAAgB;AACjB,GAAiC;AAChC,SAAO;AAAA,QACN,8BAAe,UAAU,WAAW,YAAY,GAAG;AAAA,IACnD;AAAA,IACA;AAAA,EACD;AACD;",
|
|
6
6
|
"names": ["import_utils"]
|
|
7
7
|
}
|
|
@@ -6,3 +6,4 @@ export { toZkLoginPublicIdentifier, ZkLoginPublicIdentifier } from './publickey.
|
|
|
6
6
|
export type { ZkLoginSignatureInputs } from './bcs.js';
|
|
7
7
|
export { poseidonHash } from './poseidon.js';
|
|
8
8
|
export { generateNonce, generateRandomness } from './nonce.js';
|
|
9
|
+
export { decodeJwt } from './jwt-utils.js';
|
|
@@ -21,6 +21,7 @@ __export(zklogin_exports, {
|
|
|
21
21
|
ZkLoginPublicIdentifier: () => import_publickey.ZkLoginPublicIdentifier,
|
|
22
22
|
computeZkLoginAddress: () => import_address.computeZkLoginAddress,
|
|
23
23
|
computeZkLoginAddressFromSeed: () => import_address.computeZkLoginAddressFromSeed,
|
|
24
|
+
decodeJwt: () => import_jwt_utils.decodeJwt,
|
|
24
25
|
genAddressSeed: () => import_utils.genAddressSeed,
|
|
25
26
|
generateNonce: () => import_nonce.generateNonce,
|
|
26
27
|
generateRandomness: () => import_nonce.generateRandomness,
|
|
@@ -41,4 +42,5 @@ var import_address = require("./address.js");
|
|
|
41
42
|
var import_publickey = require("./publickey.js");
|
|
42
43
|
var import_poseidon = require("./poseidon.js");
|
|
43
44
|
var import_nonce = require("./nonce.js");
|
|
45
|
+
var import_jwt_utils = require("./jwt-utils.js");
|
|
44
46
|
//# sourceMappingURL=index.js.map
|
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
{
|
|
2
2
|
"version": 3,
|
|
3
3
|
"sources": ["../../../src/zklogin/index.ts"],
|
|
4
|
-
"sourcesContent": ["// Copyright (c) Mysten Labs, Inc.\n// SPDX-License-Identifier: Apache-2.0\n\nexport { getZkLoginSignature, parseZkLoginSignature } from './signature.js';\nexport {\n\ttoBigEndianBytes,\n\ttoPaddedBigEndianBytes,\n\thashASCIIStrToField,\n\tgenAddressSeed,\n\tgetExtendedEphemeralPublicKey,\n} from './utils.js';\nexport { computeZkLoginAddressFromSeed, computeZkLoginAddress, jwtToAddress } from './address.js';\nexport type { ComputeZkLoginAddressOptions } from './address.js';\nexport { toZkLoginPublicIdentifier, ZkLoginPublicIdentifier } from './publickey.js';\nexport type { ZkLoginSignatureInputs } from './bcs.js';\nexport { poseidonHash } from './poseidon.js';\nexport { generateNonce, generateRandomness } from './nonce.js';\n"],
|
|
5
|
-
"mappings": ";;;;;;;;;;;;;;;;;;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAGA,uBAA2D;AAC3D,mBAMO;AACP,qBAAmF;AAEnF,uBAAmE;AAEnE,sBAA6B;AAC7B,mBAAkD;",
|
|
4
|
+
"sourcesContent": ["// Copyright (c) Mysten Labs, Inc.\n// SPDX-License-Identifier: Apache-2.0\n\nexport { getZkLoginSignature, parseZkLoginSignature } from './signature.js';\nexport {\n\ttoBigEndianBytes,\n\ttoPaddedBigEndianBytes,\n\thashASCIIStrToField,\n\tgenAddressSeed,\n\tgetExtendedEphemeralPublicKey,\n} from './utils.js';\nexport { computeZkLoginAddressFromSeed, computeZkLoginAddress, jwtToAddress } from './address.js';\nexport type { ComputeZkLoginAddressOptions } from './address.js';\nexport { toZkLoginPublicIdentifier, ZkLoginPublicIdentifier } from './publickey.js';\nexport type { ZkLoginSignatureInputs } from './bcs.js';\nexport { poseidonHash } from './poseidon.js';\nexport { generateNonce, generateRandomness } from './nonce.js';\nexport { decodeJwt } from './jwt-utils.js';\n"],
|
|
5
|
+
"mappings": ";;;;;;;;;;;;;;;;;;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAGA,uBAA2D;AAC3D,mBAMO;AACP,qBAAmF;AAEnF,uBAAmE;AAEnE,sBAA6B;AAC7B,mBAAkD;AAClD,uBAA0B;",
|
|
6
6
|
"names": []
|
|
7
7
|
}
|
|
@@ -0,0 +1,47 @@
|
|
|
1
|
+
/** Copied from https://github.com/auth0/jwt-decode/blob/3d372e9875ff673228a9f2d9df74e84690842a9c/lib/index.ts */
|
|
2
|
+
/**
|
|
3
|
+
The MIT License (MIT)
|
|
4
|
+
|
|
5
|
+
Copyright (c) 2015 Auth0, Inc. <support@auth0.com> (http://auth0.com)
|
|
6
|
+
|
|
7
|
+
Permission is hereby granted, free of charge, to any person obtaining a copy
|
|
8
|
+
of this software and associated documentation files (the "Software"), to deal
|
|
9
|
+
in the Software without restriction, including without limitation the rights
|
|
10
|
+
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
|
|
11
|
+
copies of the Software, and to permit persons to whom the Software is
|
|
12
|
+
furnished to do so, subject to the following conditions:
|
|
13
|
+
|
|
14
|
+
The above copyright notice and this permission notice shall be included in all
|
|
15
|
+
copies or substantial portions of the Software.
|
|
16
|
+
|
|
17
|
+
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
|
|
18
|
+
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
|
|
19
|
+
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
|
|
20
|
+
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
|
|
21
|
+
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
|
|
22
|
+
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
|
|
23
|
+
SOFTWARE.
|
|
24
|
+
*/
|
|
25
|
+
export interface JwtDecodeOptions {
|
|
26
|
+
header?: boolean;
|
|
27
|
+
}
|
|
28
|
+
export interface JwtHeader {
|
|
29
|
+
typ?: string;
|
|
30
|
+
alg?: string;
|
|
31
|
+
kid?: string;
|
|
32
|
+
}
|
|
33
|
+
export interface JwtPayload {
|
|
34
|
+
iss?: string;
|
|
35
|
+
sub?: string;
|
|
36
|
+
aud?: string[] | string;
|
|
37
|
+
exp?: number;
|
|
38
|
+
nbf?: number;
|
|
39
|
+
iat?: number;
|
|
40
|
+
jti?: string;
|
|
41
|
+
}
|
|
42
|
+
export declare class InvalidTokenError extends Error {
|
|
43
|
+
}
|
|
44
|
+
export declare function jwtDecode<T = JwtHeader>(token: string, options: JwtDecodeOptions & {
|
|
45
|
+
header: true;
|
|
46
|
+
}): T;
|
|
47
|
+
export declare function jwtDecode<T = JwtPayload>(token: string, options?: JwtDecodeOptions): T;
|
|
@@ -0,0 +1,85 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
var __defProp = Object.defineProperty;
|
|
3
|
+
var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
|
|
4
|
+
var __getOwnPropNames = Object.getOwnPropertyNames;
|
|
5
|
+
var __hasOwnProp = Object.prototype.hasOwnProperty;
|
|
6
|
+
var __export = (target, all) => {
|
|
7
|
+
for (var name in all)
|
|
8
|
+
__defProp(target, name, { get: all[name], enumerable: true });
|
|
9
|
+
};
|
|
10
|
+
var __copyProps = (to, from, except, desc) => {
|
|
11
|
+
if (from && typeof from === "object" || typeof from === "function") {
|
|
12
|
+
for (let key of __getOwnPropNames(from))
|
|
13
|
+
if (!__hasOwnProp.call(to, key) && key !== except)
|
|
14
|
+
__defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable });
|
|
15
|
+
}
|
|
16
|
+
return to;
|
|
17
|
+
};
|
|
18
|
+
var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
|
|
19
|
+
var jwt_decode_exports = {};
|
|
20
|
+
__export(jwt_decode_exports, {
|
|
21
|
+
InvalidTokenError: () => InvalidTokenError,
|
|
22
|
+
jwtDecode: () => jwtDecode
|
|
23
|
+
});
|
|
24
|
+
module.exports = __toCommonJS(jwt_decode_exports);
|
|
25
|
+
class InvalidTokenError extends Error {
|
|
26
|
+
}
|
|
27
|
+
InvalidTokenError.prototype.name = "InvalidTokenError";
|
|
28
|
+
function b64DecodeUnicode(str) {
|
|
29
|
+
return decodeURIComponent(
|
|
30
|
+
atob(str).replace(/(.)/g, (_m, p) => {
|
|
31
|
+
let code = p.charCodeAt(0).toString(16).toUpperCase();
|
|
32
|
+
if (code.length < 2) {
|
|
33
|
+
code = "0" + code;
|
|
34
|
+
}
|
|
35
|
+
return "%" + code;
|
|
36
|
+
})
|
|
37
|
+
);
|
|
38
|
+
}
|
|
39
|
+
function base64UrlDecode(str) {
|
|
40
|
+
let output = str.replace(/-/g, "+").replace(/_/g, "/");
|
|
41
|
+
switch (output.length % 4) {
|
|
42
|
+
case 0:
|
|
43
|
+
break;
|
|
44
|
+
case 2:
|
|
45
|
+
output += "==";
|
|
46
|
+
break;
|
|
47
|
+
case 3:
|
|
48
|
+
output += "=";
|
|
49
|
+
break;
|
|
50
|
+
default:
|
|
51
|
+
throw new Error("base64 string is not of the correct length");
|
|
52
|
+
}
|
|
53
|
+
try {
|
|
54
|
+
return b64DecodeUnicode(output);
|
|
55
|
+
} catch (err) {
|
|
56
|
+
return atob(output);
|
|
57
|
+
}
|
|
58
|
+
}
|
|
59
|
+
function jwtDecode(token, options) {
|
|
60
|
+
if (typeof token !== "string") {
|
|
61
|
+
throw new InvalidTokenError("Invalid token specified: must be a string");
|
|
62
|
+
}
|
|
63
|
+
options || (options = {});
|
|
64
|
+
const pos = options.header === true ? 0 : 1;
|
|
65
|
+
const part = token.split(".")[pos];
|
|
66
|
+
if (typeof part !== "string") {
|
|
67
|
+
throw new InvalidTokenError(`Invalid token specified: missing part #${pos + 1}`);
|
|
68
|
+
}
|
|
69
|
+
let decoded;
|
|
70
|
+
try {
|
|
71
|
+
decoded = base64UrlDecode(part);
|
|
72
|
+
} catch (e) {
|
|
73
|
+
throw new InvalidTokenError(
|
|
74
|
+
`Invalid token specified: invalid base64 for part #${pos + 1} (${e.message})`
|
|
75
|
+
);
|
|
76
|
+
}
|
|
77
|
+
try {
|
|
78
|
+
return JSON.parse(decoded);
|
|
79
|
+
} catch (e) {
|
|
80
|
+
throw new InvalidTokenError(
|
|
81
|
+
`Invalid token specified: invalid json for part #${pos + 1} (${e.message})`
|
|
82
|
+
);
|
|
83
|
+
}
|
|
84
|
+
}
|
|
85
|
+
//# sourceMappingURL=jwt-decode.js.map
|
|
@@ -0,0 +1,7 @@
|
|
|
1
|
+
{
|
|
2
|
+
"version": 3,
|
|
3
|
+
"sources": ["../../../src/zklogin/jwt-decode.ts"],
|
|
4
|
+
"sourcesContent": ["// Copyright (c) Mysten Labs, Inc.\n// SPDX-License-Identifier: Apache-2.0\n\n/** Copied from https://github.com/auth0/jwt-decode/blob/3d372e9875ff673228a9f2d9df74e84690842a9c/lib/index.ts */\n\n/**\nThe MIT License (MIT)\n\nCopyright (c) 2015 Auth0, Inc. <support@auth0.com> (http://auth0.com)\n\nPermission is hereby granted, free of charge, to any person obtaining a copy\nof this software and associated documentation files (the \"Software\"), to deal\nin the Software without restriction, including without limitation the rights\nto use, copy, modify, merge, publish, distribute, sublicense, and/or sell\ncopies of the Software, and to permit persons to whom the Software is\nfurnished to do so, subject to the following conditions:\n\nThe above copyright notice and this permission notice shall be included in all\ncopies or substantial portions of the Software.\n\nTHE SOFTWARE IS PROVIDED \"AS IS\", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR\nIMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,\nFITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE\nAUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER\nLIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,\nOUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE\nSOFTWARE.\n */\n\nexport interface JwtDecodeOptions {\n\theader?: boolean;\n}\n\nexport interface JwtHeader {\n\ttyp?: string;\n\talg?: string;\n\tkid?: string;\n}\n\nexport interface JwtPayload {\n\tiss?: string;\n\tsub?: string;\n\taud?: string[] | string;\n\texp?: number;\n\tnbf?: number;\n\tiat?: number;\n\tjti?: string;\n}\n\nexport class InvalidTokenError extends Error {}\n\nInvalidTokenError.prototype.name = 'InvalidTokenError';\n\nfunction b64DecodeUnicode(str: string) {\n\treturn decodeURIComponent(\n\t\tatob(str).replace(/(.)/g, (_m, p) => {\n\t\t\tlet code = (p as string).charCodeAt(0).toString(16).toUpperCase();\n\t\t\tif (code.length < 2) {\n\t\t\t\tcode = '0' + code;\n\t\t\t}\n\t\t\treturn '%' + code;\n\t\t}),\n\t);\n}\n\nfunction base64UrlDecode(str: string) {\n\tlet output = str.replace(/-/g, '+').replace(/_/g, '/');\n\tswitch (output.length % 4) {\n\t\tcase 0:\n\t\t\tbreak;\n\t\tcase 2:\n\t\t\toutput += '==';\n\t\t\tbreak;\n\t\tcase 3:\n\t\t\toutput += '=';\n\t\t\tbreak;\n\t\tdefault:\n\t\t\tthrow new Error('base64 string is not of the correct length');\n\t}\n\n\ttry {\n\t\treturn b64DecodeUnicode(output);\n\t} catch (err) {\n\t\treturn atob(output);\n\t}\n}\n\nexport function jwtDecode<T = JwtHeader>(\n\ttoken: string,\n\toptions: JwtDecodeOptions & { header: true },\n): T;\nexport function jwtDecode<T = JwtPayload>(token: string, options?: JwtDecodeOptions): T;\nexport function jwtDecode<T = JwtHeader | JwtPayload>(\n\ttoken: string,\n\toptions?: JwtDecodeOptions,\n): T {\n\tif (typeof token !== 'string') {\n\t\tthrow new InvalidTokenError('Invalid token specified: must be a string');\n\t}\n\n\toptions ||= {};\n\n\tconst pos = options.header === true ? 0 : 1;\n\tconst part = token.split('.')[pos];\n\n\tif (typeof part !== 'string') {\n\t\tthrow new InvalidTokenError(`Invalid token specified: missing part #${pos + 1}`);\n\t}\n\n\tlet decoded: string;\n\ttry {\n\t\tdecoded = base64UrlDecode(part);\n\t} catch (e) {\n\t\tthrow new InvalidTokenError(\n\t\t\t`Invalid token specified: invalid base64 for part #${pos + 1} (${(e as Error).message})`,\n\t\t);\n\t}\n\n\ttry {\n\t\treturn JSON.parse(decoded) as T;\n\t} catch (e) {\n\t\tthrow new InvalidTokenError(\n\t\t\t`Invalid token specified: invalid json for part #${pos + 1} (${(e as Error).message})`,\n\t\t);\n\t}\n}\n"],
|
|
5
|
+
"mappings": ";;;;;;;;;;;;;;;;;;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAiDO,MAAM,0BAA0B,MAAM;AAAC;AAE9C,kBAAkB,UAAU,OAAO;AAEnC,SAAS,iBAAiB,KAAa;AACtC,SAAO;AAAA,IACN,KAAK,GAAG,EAAE,QAAQ,QAAQ,CAAC,IAAI,MAAM;AACpC,UAAI,OAAQ,EAAa,WAAW,CAAC,EAAE,SAAS,EAAE,EAAE,YAAY;AAChE,UAAI,KAAK,SAAS,GAAG;AACpB,eAAO,MAAM;AAAA,MACd;AACA,aAAO,MAAM;AAAA,IACd,CAAC;AAAA,EACF;AACD;AAEA,SAAS,gBAAgB,KAAa;AACrC,MAAI,SAAS,IAAI,QAAQ,MAAM,GAAG,EAAE,QAAQ,MAAM,GAAG;AACrD,UAAQ,OAAO,SAAS,GAAG;AAAA,IAC1B,KAAK;AACJ;AAAA,IACD,KAAK;AACJ,gBAAU;AACV;AAAA,IACD,KAAK;AACJ,gBAAU;AACV;AAAA,IACD;AACC,YAAM,IAAI,MAAM,4CAA4C;AAAA,EAC9D;AAEA,MAAI;AACH,WAAO,iBAAiB,MAAM;AAAA,EAC/B,SAAS,KAAK;AACb,WAAO,KAAK,MAAM;AAAA,EACnB;AACD;AAOO,SAAS,UACf,OACA,SACI;AACJ,MAAI,OAAO,UAAU,UAAU;AAC9B,UAAM,IAAI,kBAAkB,2CAA2C;AAAA,EACxE;AAEA,wBAAY,CAAC;AAEb,QAAM,MAAM,QAAQ,WAAW,OAAO,IAAI;AAC1C,QAAM,OAAO,MAAM,MAAM,GAAG,EAAE,GAAG;AAEjC,MAAI,OAAO,SAAS,UAAU;AAC7B,UAAM,IAAI,kBAAkB,0CAA0C,MAAM,CAAC,EAAE;AAAA,EAChF;AAEA,MAAI;AACJ,MAAI;AACH,cAAU,gBAAgB,IAAI;AAAA,EAC/B,SAAS,GAAG;AACX,UAAM,IAAI;AAAA,MACT,qDAAqD,MAAM,CAAC,KAAM,EAAY,OAAO;AAAA,IACtF;AAAA,EACD;AAEA,MAAI;AACH,WAAO,KAAK,MAAM,OAAO;AAAA,EAC1B,SAAS,GAAG;AACX,UAAM,IAAI;AAAA,MACT,mDAAmD,MAAM,CAAC,KAAM,EAAY,OAAO;AAAA,IACpF;AAAA,EACD;AACD;",
|
|
6
|
+
"names": []
|
|
7
|
+
}
|
|
@@ -1,5 +1,12 @@
|
|
|
1
|
+
import type { JwtPayload } from './jwt-decode.js';
|
|
1
2
|
export type Claim = {
|
|
2
3
|
value: string;
|
|
3
4
|
indexMod4: number;
|
|
4
5
|
};
|
|
5
6
|
export declare function extractClaimValue<R>(claim: Claim, claimName: string): R;
|
|
7
|
+
export declare function decodeJwt(jwt: string): Omit<JwtPayload, 'iss' | 'aud' | 'sub'> & {
|
|
8
|
+
iss: string;
|
|
9
|
+
aud: string;
|
|
10
|
+
sub: string;
|
|
11
|
+
rawIss: string;
|
|
12
|
+
};
|
|
@@ -18,9 +18,12 @@ var __copyProps = (to, from, except, desc) => {
|
|
|
18
18
|
var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
|
|
19
19
|
var jwt_utils_exports = {};
|
|
20
20
|
__export(jwt_utils_exports, {
|
|
21
|
+
decodeJwt: () => decodeJwt,
|
|
21
22
|
extractClaimValue: () => extractClaimValue
|
|
22
23
|
});
|
|
23
24
|
module.exports = __toCommonJS(jwt_utils_exports);
|
|
25
|
+
var import_jwt_decode = require("./jwt-decode.js");
|
|
26
|
+
var import_utils = require("./utils.js");
|
|
24
27
|
function base64UrlCharTo6Bits(base64UrlChar) {
|
|
25
28
|
if (base64UrlChar.length !== 1) {
|
|
26
29
|
throw new Error("Invalid base64Url character: " + base64UrlChar);
|
|
@@ -99,4 +102,20 @@ function extractClaimValue(claim, claimName) {
|
|
|
99
102
|
}
|
|
100
103
|
return value;
|
|
101
104
|
}
|
|
105
|
+
function decodeJwt(jwt) {
|
|
106
|
+
const { iss, aud, sub, ...decodedJWT } = (0, import_jwt_decode.jwtDecode)(jwt);
|
|
107
|
+
if (!sub || !iss || !aud) {
|
|
108
|
+
throw new Error("Missing jwt data");
|
|
109
|
+
}
|
|
110
|
+
if (Array.isArray(aud)) {
|
|
111
|
+
throw new Error("Not supported aud. Aud is an array, string was expected.");
|
|
112
|
+
}
|
|
113
|
+
return {
|
|
114
|
+
...decodedJWT,
|
|
115
|
+
iss: (0, import_utils.normalizeZkLoginIssuer)(iss),
|
|
116
|
+
rawIss: iss,
|
|
117
|
+
aud,
|
|
118
|
+
sub
|
|
119
|
+
};
|
|
120
|
+
}
|
|
102
121
|
//# sourceMappingURL=jwt-utils.js.map
|
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
{
|
|
2
2
|
"version": 3,
|
|
3
3
|
"sources": ["../../../src/zklogin/jwt-utils.ts"],
|
|
4
|
-
"sourcesContent": ["// Copyright (c) Mysten Labs, Inc.\n// SPDX-License-Identifier: Apache-2.0\n\nfunction base64UrlCharTo6Bits(base64UrlChar: string): number[] {\n\tif (base64UrlChar.length !== 1) {\n\t\tthrow new Error('Invalid base64Url character: ' + base64UrlChar);\n\t}\n\n\t// Define the base64URL character set\n\tconst base64UrlCharacterSet = 'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789-_';\n\n\t// Find the index of the input character in the base64URL character set\n\tconst index = base64UrlCharacterSet.indexOf(base64UrlChar);\n\n\tif (index === -1) {\n\t\tthrow new Error('Invalid base64Url character: ' + base64UrlChar);\n\t}\n\n\t// Convert the index to a 6-bit binary string\n\tconst binaryString = index.toString(2).padStart(6, '0');\n\n\t// Convert the binary string to an array of bits\n\tconst bits = Array.from(binaryString).map(Number);\n\n\treturn bits;\n}\n\nfunction base64UrlStringToBitVector(base64UrlString: string) {\n\tlet bitVector: number[] = [];\n\tfor (let i = 0; i < base64UrlString.length; i++) {\n\t\tconst base64UrlChar = base64UrlString.charAt(i);\n\t\tconst bits = base64UrlCharTo6Bits(base64UrlChar);\n\t\tbitVector = bitVector.concat(bits);\n\t}\n\treturn bitVector;\n}\n\nfunction decodeBase64URL(s: string, i: number): string {\n\tif (s.length < 2) {\n\t\tthrow new Error(`Input (s = ${s}) is not tightly packed because s.length < 2`);\n\t}\n\tlet bits = base64UrlStringToBitVector(s);\n\n\tconst firstCharOffset = i % 4;\n\tif (firstCharOffset === 0) {\n\t\t// skip\n\t} else if (firstCharOffset === 1) {\n\t\tbits = bits.slice(2);\n\t} else if (firstCharOffset === 2) {\n\t\tbits = bits.slice(4);\n\t} else {\n\t\t// (offset == 3)\n\t\tthrow new Error(`Input (s = ${s}) is not tightly packed because i%4 = 3 (i = ${i}))`);\n\t}\n\n\tconst lastCharOffset = (i + s.length - 1) % 4;\n\tif (lastCharOffset === 3) {\n\t\t// skip\n\t} else if (lastCharOffset === 2) {\n\t\tbits = bits.slice(0, bits.length - 2);\n\t} else if (lastCharOffset === 1) {\n\t\tbits = bits.slice(0, bits.length - 4);\n\t} else {\n\t\t// (offset == 0)\n\t\tthrow new Error(\n\t\t\t`Input (s = ${s}) is not tightly packed because (i + s.length - 1)%4 = 0 (i = ${i}))`,\n\t\t);\n\t}\n\n\tif (bits.length % 8 !== 0) {\n\t\tthrow new Error(`We should never reach here...`);\n\t}\n\n\tconst bytes = new Uint8Array(Math.floor(bits.length / 8));\n\tlet currentByteIndex = 0;\n\tfor (let i = 0; i < bits.length; i += 8) {\n\t\tconst bitChunk = bits.slice(i, i + 8);\n\n\t\t// Convert the 8-bit chunk to a byte and add it to the bytes array\n\t\tconst byte = parseInt(bitChunk.join(''), 2);\n\t\tbytes[currentByteIndex++] = byte;\n\t}\n\treturn new TextDecoder().decode(bytes);\n}\n\nfunction verifyExtendedClaim(claim: string) {\n\t// Last character of each extracted_claim must be '}' or ','\n\tif (!(claim.slice(-1) === '}' || claim.slice(-1) === ',')) {\n\t\tthrow new Error('Invalid claim');\n\t}\n\n\t// A hack to parse the JSON key-value pair.. but it should work\n\tconst json = JSON.parse('{' + claim.slice(0, -1) + '}');\n\tif (Object.keys(json).length !== 1) {\n\t\tthrow new Error('Invalid claim');\n\t}\n\tconst key = Object.keys(json)[0];\n\treturn [key, json[key]];\n}\n\nexport type Claim = {\n\tvalue: string;\n\tindexMod4: number;\n};\n\nexport function extractClaimValue<R>(claim: Claim, claimName: string): R {\n\tconst extendedClaim = decodeBase64URL(claim.value, claim.indexMod4);\n\tconst [name, value] = verifyExtendedClaim(extendedClaim);\n\tif (name !== claimName) {\n\t\tthrow new Error(`Invalid field name: found ${name} expected ${claimName}`);\n\t}\n\treturn value;\n}\n"],
|
|
5
|
-
"mappings": ";;;;;;;;;;;;;;;;;;AAAA;AAAA;AAAA;AAAA;AAAA;
|
|
4
|
+
"sourcesContent": ["// Copyright (c) Mysten Labs, Inc.\n// SPDX-License-Identifier: Apache-2.0\n\nimport type { JwtPayload } from './jwt-decode.js';\nimport { jwtDecode } from './jwt-decode.js';\nimport { normalizeZkLoginIssuer } from './utils.js';\n\nfunction base64UrlCharTo6Bits(base64UrlChar: string): number[] {\n\tif (base64UrlChar.length !== 1) {\n\t\tthrow new Error('Invalid base64Url character: ' + base64UrlChar);\n\t}\n\n\t// Define the base64URL character set\n\tconst base64UrlCharacterSet = 'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789-_';\n\n\t// Find the index of the input character in the base64URL character set\n\tconst index = base64UrlCharacterSet.indexOf(base64UrlChar);\n\n\tif (index === -1) {\n\t\tthrow new Error('Invalid base64Url character: ' + base64UrlChar);\n\t}\n\n\t// Convert the index to a 6-bit binary string\n\tconst binaryString = index.toString(2).padStart(6, '0');\n\n\t// Convert the binary string to an array of bits\n\tconst bits = Array.from(binaryString).map(Number);\n\n\treturn bits;\n}\n\nfunction base64UrlStringToBitVector(base64UrlString: string) {\n\tlet bitVector: number[] = [];\n\tfor (let i = 0; i < base64UrlString.length; i++) {\n\t\tconst base64UrlChar = base64UrlString.charAt(i);\n\t\tconst bits = base64UrlCharTo6Bits(base64UrlChar);\n\t\tbitVector = bitVector.concat(bits);\n\t}\n\treturn bitVector;\n}\n\nfunction decodeBase64URL(s: string, i: number): string {\n\tif (s.length < 2) {\n\t\tthrow new Error(`Input (s = ${s}) is not tightly packed because s.length < 2`);\n\t}\n\tlet bits = base64UrlStringToBitVector(s);\n\n\tconst firstCharOffset = i % 4;\n\tif (firstCharOffset === 0) {\n\t\t// skip\n\t} else if (firstCharOffset === 1) {\n\t\tbits = bits.slice(2);\n\t} else if (firstCharOffset === 2) {\n\t\tbits = bits.slice(4);\n\t} else {\n\t\t// (offset == 3)\n\t\tthrow new Error(`Input (s = ${s}) is not tightly packed because i%4 = 3 (i = ${i}))`);\n\t}\n\n\tconst lastCharOffset = (i + s.length - 1) % 4;\n\tif (lastCharOffset === 3) {\n\t\t// skip\n\t} else if (lastCharOffset === 2) {\n\t\tbits = bits.slice(0, bits.length - 2);\n\t} else if (lastCharOffset === 1) {\n\t\tbits = bits.slice(0, bits.length - 4);\n\t} else {\n\t\t// (offset == 0)\n\t\tthrow new Error(\n\t\t\t`Input (s = ${s}) is not tightly packed because (i + s.length - 1)%4 = 0 (i = ${i}))`,\n\t\t);\n\t}\n\n\tif (bits.length % 8 !== 0) {\n\t\tthrow new Error(`We should never reach here...`);\n\t}\n\n\tconst bytes = new Uint8Array(Math.floor(bits.length / 8));\n\tlet currentByteIndex = 0;\n\tfor (let i = 0; i < bits.length; i += 8) {\n\t\tconst bitChunk = bits.slice(i, i + 8);\n\n\t\t// Convert the 8-bit chunk to a byte and add it to the bytes array\n\t\tconst byte = parseInt(bitChunk.join(''), 2);\n\t\tbytes[currentByteIndex++] = byte;\n\t}\n\treturn new TextDecoder().decode(bytes);\n}\n\nfunction verifyExtendedClaim(claim: string) {\n\t// Last character of each extracted_claim must be '}' or ','\n\tif (!(claim.slice(-1) === '}' || claim.slice(-1) === ',')) {\n\t\tthrow new Error('Invalid claim');\n\t}\n\n\t// A hack to parse the JSON key-value pair.. but it should work\n\tconst json = JSON.parse('{' + claim.slice(0, -1) + '}');\n\tif (Object.keys(json).length !== 1) {\n\t\tthrow new Error('Invalid claim');\n\t}\n\tconst key = Object.keys(json)[0];\n\treturn [key, json[key]];\n}\n\nexport type Claim = {\n\tvalue: string;\n\tindexMod4: number;\n};\n\nexport function extractClaimValue<R>(claim: Claim, claimName: string): R {\n\tconst extendedClaim = decodeBase64URL(claim.value, claim.indexMod4);\n\tconst [name, value] = verifyExtendedClaim(extendedClaim);\n\tif (name !== claimName) {\n\t\tthrow new Error(`Invalid field name: found ${name} expected ${claimName}`);\n\t}\n\treturn value;\n}\n\nexport function decodeJwt(jwt: string): Omit<JwtPayload, 'iss' | 'aud' | 'sub'> & {\n\tiss: string;\n\taud: string;\n\tsub: string;\n\trawIss: string;\n} {\n\tconst { iss, aud, sub, ...decodedJWT } = jwtDecode(jwt);\n\n\tif (!sub || !iss || !aud) {\n\t\tthrow new Error('Missing jwt data');\n\t}\n\n\tif (Array.isArray(aud)) {\n\t\tthrow new Error('Not supported aud. Aud is an array, string was expected.');\n\t}\n\n\treturn {\n\t\t...decodedJWT,\n\t\tiss: normalizeZkLoginIssuer(iss),\n\t\trawIss: iss,\n\t\taud,\n\t\tsub,\n\t};\n}\n"],
|
|
5
|
+
"mappings": ";;;;;;;;;;;;;;;;;;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAIA,wBAA0B;AAC1B,mBAAuC;AAEvC,SAAS,qBAAqB,eAAiC;AAC9D,MAAI,cAAc,WAAW,GAAG;AAC/B,UAAM,IAAI,MAAM,kCAAkC,aAAa;AAAA,EAChE;AAGA,QAAM,wBAAwB;AAG9B,QAAM,QAAQ,sBAAsB,QAAQ,aAAa;AAEzD,MAAI,UAAU,IAAI;AACjB,UAAM,IAAI,MAAM,kCAAkC,aAAa;AAAA,EAChE;AAGA,QAAM,eAAe,MAAM,SAAS,CAAC,EAAE,SAAS,GAAG,GAAG;AAGtD,QAAM,OAAO,MAAM,KAAK,YAAY,EAAE,IAAI,MAAM;AAEhD,SAAO;AACR;AAEA,SAAS,2BAA2B,iBAAyB;AAC5D,MAAI,YAAsB,CAAC;AAC3B,WAAS,IAAI,GAAG,IAAI,gBAAgB,QAAQ,KAAK;AAChD,UAAM,gBAAgB,gBAAgB,OAAO,CAAC;AAC9C,UAAM,OAAO,qBAAqB,aAAa;AAC/C,gBAAY,UAAU,OAAO,IAAI;AAAA,EAClC;AACA,SAAO;AACR;AAEA,SAAS,gBAAgB,GAAW,GAAmB;AACtD,MAAI,EAAE,SAAS,GAAG;AACjB,UAAM,IAAI,MAAM,cAAc,CAAC,8CAA8C;AAAA,EAC9E;AACA,MAAI,OAAO,2BAA2B,CAAC;AAEvC,QAAM,kBAAkB,IAAI;AAC5B,MAAI,oBAAoB,GAAG;AAAA,EAE3B,WAAW,oBAAoB,GAAG;AACjC,WAAO,KAAK,MAAM,CAAC;AAAA,EACpB,WAAW,oBAAoB,GAAG;AACjC,WAAO,KAAK,MAAM,CAAC;AAAA,EACpB,OAAO;AAEN,UAAM,IAAI,MAAM,cAAc,CAAC,gDAAgD,CAAC,IAAI;AAAA,EACrF;AAEA,QAAM,kBAAkB,IAAI,EAAE,SAAS,KAAK;AAC5C,MAAI,mBAAmB,GAAG;AAAA,EAE1B,WAAW,mBAAmB,GAAG;AAChC,WAAO,KAAK,MAAM,GAAG,KAAK,SAAS,CAAC;AAAA,EACrC,WAAW,mBAAmB,GAAG;AAChC,WAAO,KAAK,MAAM,GAAG,KAAK,SAAS,CAAC;AAAA,EACrC,OAAO;AAEN,UAAM,IAAI;AAAA,MACT,cAAc,CAAC,iEAAiE,CAAC;AAAA,IAClF;AAAA,EACD;AAEA,MAAI,KAAK,SAAS,MAAM,GAAG;AAC1B,UAAM,IAAI,MAAM,+BAA+B;AAAA,EAChD;AAEA,QAAM,QAAQ,IAAI,WAAW,KAAK,MAAM,KAAK,SAAS,CAAC,CAAC;AACxD,MAAI,mBAAmB;AACvB,WAASA,KAAI,GAAGA,KAAI,KAAK,QAAQA,MAAK,GAAG;AACxC,UAAM,WAAW,KAAK,MAAMA,IAAGA,KAAI,CAAC;AAGpC,UAAM,OAAO,SAAS,SAAS,KAAK,EAAE,GAAG,CAAC;AAC1C,UAAM,kBAAkB,IAAI;AAAA,EAC7B;AACA,SAAO,IAAI,YAAY,EAAE,OAAO,KAAK;AACtC;AAEA,SAAS,oBAAoB,OAAe;AAE3C,MAAI,EAAE,MAAM,MAAM,EAAE,MAAM,OAAO,MAAM,MAAM,EAAE,MAAM,MAAM;AAC1D,UAAM,IAAI,MAAM,eAAe;AAAA,EAChC;AAGA,QAAM,OAAO,KAAK,MAAM,MAAM,MAAM,MAAM,GAAG,EAAE,IAAI,GAAG;AACtD,MAAI,OAAO,KAAK,IAAI,EAAE,WAAW,GAAG;AACnC,UAAM,IAAI,MAAM,eAAe;AAAA,EAChC;AACA,QAAM,MAAM,OAAO,KAAK,IAAI,EAAE,CAAC;AAC/B,SAAO,CAAC,KAAK,KAAK,GAAG,CAAC;AACvB;AAOO,SAAS,kBAAqB,OAAc,WAAsB;AACxE,QAAM,gBAAgB,gBAAgB,MAAM,OAAO,MAAM,SAAS;AAClE,QAAM,CAAC,MAAM,KAAK,IAAI,oBAAoB,aAAa;AACvD,MAAI,SAAS,WAAW;AACvB,UAAM,IAAI,MAAM,6BAA6B,IAAI,aAAa,SAAS,EAAE;AAAA,EAC1E;AACA,SAAO;AACR;AAEO,SAAS,UAAU,KAKxB;AACD,QAAM,EAAE,KAAK,KAAK,KAAK,GAAG,WAAW,QAAI,6BAAU,GAAG;AAEtD,MAAI,CAAC,OAAO,CAAC,OAAO,CAAC,KAAK;AACzB,UAAM,IAAI,MAAM,kBAAkB;AAAA,EACnC;AAEA,MAAI,MAAM,QAAQ,GAAG,GAAG;AACvB,UAAM,IAAI,MAAM,0DAA0D;AAAA,EAC3E;AAEA,SAAO;AAAA,IACN,GAAG;AAAA,IACH,SAAK,qCAAuB,GAAG;AAAA,IAC/B,QAAQ;AAAA,IACR;AAAA,IACA;AAAA,EACD;AACD;",
|
|
6
6
|
"names": ["i"]
|
|
7
7
|
}
|
|
@@ -25,7 +25,7 @@ __export(nonce_exports, {
|
|
|
25
25
|
module.exports = __toCommonJS(nonce_exports);
|
|
26
26
|
var import_bcs = require("@mysten/bcs");
|
|
27
27
|
var import_utils = require("@noble/hashes/utils");
|
|
28
|
-
var
|
|
28
|
+
var import_base = require("@scure/base");
|
|
29
29
|
var import_poseidon = require("./poseidon.js");
|
|
30
30
|
var import_utils2 = require("./utils.js");
|
|
31
31
|
const NONCE_LENGTH = 27;
|
|
@@ -45,7 +45,7 @@ function generateNonce(publicKey, maxEpoch, randomness) {
|
|
|
45
45
|
const eph_public_key_1 = publicKeyBytes % 2n ** 128n;
|
|
46
46
|
const bigNum = (0, import_poseidon.poseidonHash)([eph_public_key_0, eph_public_key_1, maxEpoch, BigInt(randomness)]);
|
|
47
47
|
const Z = (0, import_utils2.toPaddedBigEndianBytes)(bigNum, 20);
|
|
48
|
-
const nonce =
|
|
48
|
+
const nonce = import_base.base64urlnopad.encode(Z);
|
|
49
49
|
if (nonce.length !== NONCE_LENGTH) {
|
|
50
50
|
throw new Error(`Length of nonce ${nonce} (${nonce.length}) is not equal to ${NONCE_LENGTH}`);
|
|
51
51
|
}
|
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
{
|
|
2
2
|
"version": 3,
|
|
3
3
|
"sources": ["../../../src/zklogin/nonce.ts"],
|
|
4
|
-
"sourcesContent": ["// Copyright (c) Mysten Labs, Inc.\n// SPDX-License-Identifier: Apache-2.0\n\nimport { toHex } from '@mysten/bcs';\nimport { randomBytes } from '@noble/hashes/utils';\nimport {
|
|
5
|
-
"mappings": ";;;;;;;;;;;;;;;;;;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAGA,iBAAsB;AACtB,mBAA4B;AAC5B,
|
|
4
|
+
"sourcesContent": ["// Copyright (c) Mysten Labs, Inc.\n// SPDX-License-Identifier: Apache-2.0\n\nimport { toHex } from '@mysten/bcs';\nimport { randomBytes } from '@noble/hashes/utils';\nimport { base64urlnopad } from '@scure/base';\n\nimport type { PublicKey } from '../cryptography/publickey.js';\nimport { poseidonHash } from './poseidon.js';\nimport { toPaddedBigEndianBytes } from './utils.js';\n\nexport const NONCE_LENGTH = 27;\n\nfunction toBigIntBE(bytes: Uint8Array) {\n\tconst hex = toHex(bytes);\n\tif (hex.length === 0) {\n\t\treturn BigInt(0);\n\t}\n\treturn BigInt(`0x${hex}`);\n}\n\nexport function generateRandomness() {\n\t// Once Node 20 enters LTS, we can just use crypto.getRandomValues(new Uint8Array(16)), but until then we use `randomBytes` to improve compatibility:\n\treturn String(toBigIntBE(randomBytes(16)));\n}\n\nexport function generateNonce(publicKey: PublicKey, maxEpoch: number, randomness: bigint | string) {\n\tconst publicKeyBytes = toBigIntBE(publicKey.toSuiBytes());\n\tconst eph_public_key_0 = publicKeyBytes / 2n ** 128n;\n\tconst eph_public_key_1 = publicKeyBytes % 2n ** 128n;\n\tconst bigNum = poseidonHash([eph_public_key_0, eph_public_key_1, maxEpoch, BigInt(randomness)]);\n\tconst Z = toPaddedBigEndianBytes(bigNum, 20);\n\tconst nonce = base64urlnopad.encode(Z);\n\n\tif (nonce.length !== NONCE_LENGTH) {\n\t\tthrow new Error(`Length of nonce ${nonce} (${nonce.length}) is not equal to ${NONCE_LENGTH}`);\n\t}\n\treturn nonce;\n}\n"],
|
|
5
|
+
"mappings": ";;;;;;;;;;;;;;;;;;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAGA,iBAAsB;AACtB,mBAA4B;AAC5B,kBAA+B;AAG/B,sBAA6B;AAC7B,IAAAA,gBAAuC;AAEhC,MAAM,eAAe;AAE5B,SAAS,WAAW,OAAmB;AACtC,QAAM,UAAM,kBAAM,KAAK;AACvB,MAAI,IAAI,WAAW,GAAG;AACrB,WAAO,OAAO,CAAC;AAAA,EAChB;AACA,SAAO,OAAO,KAAK,GAAG,EAAE;AACzB;AAEO,SAAS,qBAAqB;AAEpC,SAAO,OAAO,eAAW,0BAAY,EAAE,CAAC,CAAC;AAC1C;AAEO,SAAS,cAAc,WAAsB,UAAkB,YAA6B;AAClG,QAAM,iBAAiB,WAAW,UAAU,WAAW,CAAC;AACxD,QAAM,mBAAmB,iBAAiB,MAAM;AAChD,QAAM,mBAAmB,iBAAiB,MAAM;AAChD,QAAM,aAAS,8BAAa,CAAC,kBAAkB,kBAAkB,UAAU,OAAO,UAAU,CAAC,CAAC;AAC9F,QAAM,QAAI,sCAAuB,QAAQ,EAAE;AAC3C,QAAM,QAAQ,2BAAe,OAAO,CAAC;AAErC,MAAI,MAAM,WAAW,cAAc;AAClC,UAAM,IAAI,MAAM,mBAAmB,KAAK,KAAK,MAAM,MAAM,qBAAqB,YAAY,EAAE;AAAA,EAC7F;AACA,SAAO;AACR;",
|
|
6
6
|
"names": ["import_utils"]
|
|
7
7
|
}
|
|
@@ -1,6 +1,7 @@
|
|
|
1
1
|
import { PublicKey } from '../cryptography/publickey.js';
|
|
2
2
|
import type { PublicKeyInitData } from '../cryptography/publickey.js';
|
|
3
3
|
import { SuiGraphQLClient } from '../graphql/client.js';
|
|
4
|
+
import type { ZkLoginSignatureInputs } from './bcs.js';
|
|
4
5
|
/**
|
|
5
6
|
* A zkLogin public identifier
|
|
6
7
|
*/
|
|
@@ -13,6 +14,7 @@ export declare class ZkLoginPublicIdentifier extends PublicKey {
|
|
|
13
14
|
constructor(value: PublicKeyInitData, { client }?: {
|
|
14
15
|
client?: SuiGraphQLClient;
|
|
15
16
|
});
|
|
17
|
+
static fromProof(address: string, proof: ZkLoginSignatureInputs): ZkLoginPublicIdentifier;
|
|
16
18
|
/**
|
|
17
19
|
* Checks if two zkLogin public identifiers are equal
|
|
18
20
|
*/
|
|
@@ -67,6 +67,23 @@ const _ZkLoginPublicIdentifier = class _ZkLoginPublicIdentifier extends import_p
|
|
|
67
67
|
__privateSet(this, _data, normalizeZkLoginPublicKeyBytes(__privateGet(this, _data)));
|
|
68
68
|
}
|
|
69
69
|
}
|
|
70
|
+
static fromProof(address, proof) {
|
|
71
|
+
const { issBase64Details, addressSeed } = proof;
|
|
72
|
+
const iss = (0, import_jwt_utils.extractClaimValue)(issBase64Details, "iss");
|
|
73
|
+
const legacyPublicKey = toZkLoginPublicIdentifier(BigInt(addressSeed), iss, {
|
|
74
|
+
legacyAddress: true
|
|
75
|
+
});
|
|
76
|
+
if (legacyPublicKey.toSuiAddress() === address) {
|
|
77
|
+
return legacyPublicKey;
|
|
78
|
+
}
|
|
79
|
+
const publicKey = toZkLoginPublicIdentifier(BigInt(addressSeed), iss, {
|
|
80
|
+
legacyAddress: false
|
|
81
|
+
});
|
|
82
|
+
if (publicKey.toSuiAddress() !== address) {
|
|
83
|
+
throw new Error("Proof does not match address");
|
|
84
|
+
}
|
|
85
|
+
return publicKey;
|
|
86
|
+
}
|
|
70
87
|
/**
|
|
71
88
|
* Checks if two zkLogin public identifiers are equal
|
|
72
89
|
*/
|
|
@@ -148,7 +165,7 @@ toLegacyAddress_fn = function() {
|
|
|
148
165
|
let ZkLoginPublicIdentifier = _ZkLoginPublicIdentifier;
|
|
149
166
|
function toZkLoginPublicIdentifier(addressSeed, iss, options) {
|
|
150
167
|
const addressSeedBytesBigEndian = options?.legacyAddress ? (0, import_utils2.toBigEndianBytes)(addressSeed, 32) : (0, import_utils2.toPaddedBigEndianBytes)(addressSeed, 32);
|
|
151
|
-
const issBytes = new TextEncoder().encode(iss);
|
|
168
|
+
const issBytes = new TextEncoder().encode((0, import_utils2.normalizeZkLoginIssuer)(iss));
|
|
152
169
|
const tmp = new Uint8Array(1 + issBytes.length + addressSeedBytesBigEndian.length);
|
|
153
170
|
tmp.set([issBytes.length], 0);
|
|
154
171
|
tmp.set(issBytes, 1);
|
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
{
|
|
2
2
|
"version": 3,
|
|
3
3
|
"sources": ["../../../src/zklogin/publickey.ts"],
|
|
4
|
-
"sourcesContent": ["// Copyright (c) Mysten Labs, Inc.\n// SPDX-License-Identifier: Apache-2.0\n\nimport { fromBase64, toBase64, toHex } from '@mysten/bcs';\nimport { blake2b } from '@noble/hashes/blake2b';\nimport { bytesToHex } from '@noble/hashes/utils';\n\nimport { PublicKey } from '../cryptography/publickey.js';\nimport type { PublicKeyInitData } from '../cryptography/publickey.js';\nimport { SIGNATURE_SCHEME_TO_FLAG } from '../cryptography/signature-scheme.js';\nimport { SuiGraphQLClient } from '../graphql/client.js';\nimport { graphql } from '../graphql/schemas/latest/index.js';\nimport { normalizeSuiAddress, SUI_ADDRESS_LENGTH } from '../utils/sui-types.js';\nimport { extractClaimValue } from './jwt-utils.js';\nimport { parseZkLoginSignature } from './signature.js';\nimport { toBigEndianBytes, toPaddedBigEndianBytes } from './utils.js';\n\n/**\n * A zkLogin public identifier\n */\nexport class ZkLoginPublicIdentifier extends PublicKey {\n\t#data: Uint8Array;\n\t#client?: SuiGraphQLClient;\n\t#legacyAddress: boolean;\n\n\t/**\n\t * Create a new ZkLoginPublicIdentifier object\n\t * @param value zkLogin public identifier as buffer or base-64 encoded string\n\t */\n\tconstructor(value: PublicKeyInitData, { client }: { client?: SuiGraphQLClient } = {}) {\n\t\tsuper();\n\n\t\tthis.#client = client;\n\n\t\tif (typeof value === 'string') {\n\t\t\tthis.#data = fromBase64(value);\n\t\t} else if (value instanceof Uint8Array) {\n\t\t\tthis.#data = value;\n\t\t} else {\n\t\t\tthis.#data = Uint8Array.from(value);\n\t\t}\n\t\tthis.#legacyAddress = this.#data.length !== this.#data[0] + 1 + 32;\n\n\t\tif (this.#legacyAddress) {\n\t\t\tthis.#data = normalizeZkLoginPublicKeyBytes(this.#data);\n\t\t}\n\t}\n\n\t/**\n\t * Checks if two zkLogin public identifiers are equal\n\t */\n\toverride equals(publicKey: ZkLoginPublicIdentifier): boolean {\n\t\treturn super.equals(publicKey);\n\t}\n\n\toverride toSuiAddress(): string {\n\t\tif (this.#legacyAddress) {\n\t\t\treturn this.#toLegacyAddress();\n\t\t}\n\n\t\treturn super.toSuiAddress();\n\t}\n\n\t#toLegacyAddress() {\n\t\tconst legacyBytes = normalizeZkLoginPublicKeyBytes(this.#data, true);\n\t\tconst addressBytes = new Uint8Array(legacyBytes.length + 1);\n\t\taddressBytes[0] = this.flag();\n\t\taddressBytes.set(legacyBytes, 1);\n\t\treturn normalizeSuiAddress(\n\t\t\tbytesToHex(blake2b(addressBytes, { dkLen: 32 })).slice(0, SUI_ADDRESS_LENGTH * 2),\n\t\t);\n\t}\n\n\t/**\n\t * Return the byte array representation of the zkLogin public identifier\n\t */\n\ttoRawBytes(): Uint8Array {\n\t\treturn this.#data;\n\t}\n\n\t/**\n\t * Return the Sui address associated with this ZkLogin public identifier\n\t */\n\tflag(): number {\n\t\treturn SIGNATURE_SCHEME_TO_FLAG['ZkLogin'];\n\t}\n\n\t/**\n\t * Verifies that the signature is valid for for the provided message\n\t */\n\tasync verify(_message: Uint8Array, _signature: Uint8Array | string): Promise<boolean> {\n\t\tthrow Error('does not support');\n\t}\n\n\t/**\n\t * Verifies that the signature is valid for for the provided PersonalMessage\n\t */\n\tverifyPersonalMessage(message: Uint8Array, signature: Uint8Array | string): Promise<boolean> {\n\t\tconst parsedSignature = parseSerializedZkLoginSignature(signature);\n\t\tconst address = new ZkLoginPublicIdentifier(parsedSignature.publicKey).toSuiAddress();\n\n\t\treturn graphqlVerifyZkLoginSignature({\n\t\t\taddress: address,\n\t\t\tbytes: toBase64(message),\n\t\t\tsignature: parsedSignature.serializedSignature,\n\t\t\tintentScope: 'PERSONAL_MESSAGE',\n\t\t\tclient: this.#client,\n\t\t});\n\t}\n\n\t/**\n\t * Verifies that the signature is valid for for the provided Transaction\n\t */\n\tverifyTransaction(transaction: Uint8Array, signature: Uint8Array | string): Promise<boolean> {\n\t\tconst parsedSignature = parseSerializedZkLoginSignature(signature);\n\t\tconst address = new ZkLoginPublicIdentifier(parsedSignature.publicKey).toSuiAddress();\n\t\treturn graphqlVerifyZkLoginSignature({\n\t\t\taddress: address,\n\t\t\tbytes: toBase64(transaction),\n\t\t\tsignature: parsedSignature.serializedSignature,\n\t\t\tintentScope: 'TRANSACTION_DATA',\n\t\t\tclient: this.#client,\n\t\t});\n\t}\n\n\t/**\n\t * Verifies that the public key is associated with the provided address\n\t */\n\toverride verifyAddress(address: string): boolean {\n\t\treturn address === super.toSuiAddress() || address === this.#toLegacyAddress();\n\t}\n}\n\n// Derive the public identifier for zklogin based on address seed and iss.\nexport function toZkLoginPublicIdentifier(\n\taddressSeed: bigint,\n\tiss: string,\n\toptions?: { client?: SuiGraphQLClient; legacyAddress?: boolean },\n): ZkLoginPublicIdentifier {\n\t// Consists of iss_bytes_len || iss_bytes || padded_32_byte_address_seed.\n\tconst addressSeedBytesBigEndian = options?.legacyAddress\n\t\t? toBigEndianBytes(addressSeed, 32)\n\t\t: toPaddedBigEndianBytes(addressSeed, 32);\n\n\tconst issBytes = new TextEncoder().encode(iss);\n\tconst tmp = new Uint8Array(1 + issBytes.length + addressSeedBytesBigEndian.length);\n\ttmp.set([issBytes.length], 0);\n\ttmp.set(issBytes, 1);\n\ttmp.set(addressSeedBytesBigEndian, 1 + issBytes.length);\n\treturn new ZkLoginPublicIdentifier(tmp, options);\n}\n\nconst VerifyZkLoginSignatureQuery = graphql(`\n\tquery Zklogin(\n\t\t$bytes: Base64!\n\t\t$signature: Base64!\n\t\t$intentScope: ZkLoginIntentScope!\n\t\t$author: SuiAddress!\n\t) {\n\t\tverifyZkloginSignature(\n\t\t\tbytes: $bytes\n\t\t\tsignature: $signature\n\t\t\tintentScope: $intentScope\n\t\t\tauthor: $author\n\t\t) {\n\t\t\tsuccess\n\t\t\terrors\n\t\t}\n\t}\n`);\n\nfunction normalizeZkLoginPublicKeyBytes(bytes: Uint8Array, legacyAddress = false) {\n\tconst issByteLength = bytes[0] + 1;\n\tconst addressSeed = BigInt(`0x${toHex(bytes.slice(issByteLength))}`);\n\tconst seedBytes = legacyAddress\n\t\t? toBigEndianBytes(addressSeed, 32)\n\t\t: toPaddedBigEndianBytes(addressSeed, 32);\n\tconst data = new Uint8Array(issByteLength + seedBytes.length);\n\tdata.set(bytes.slice(0, issByteLength), 0);\n\tdata.set(seedBytes, issByteLength);\n\treturn data;\n}\n\nasync function graphqlVerifyZkLoginSignature({\n\taddress,\n\tbytes,\n\tsignature,\n\tintentScope,\n\tclient = new SuiGraphQLClient({\n\t\turl: 'https://sui-mainnet.mystenlabs.com/graphql',\n\t}),\n}: {\n\taddress: string;\n\tbytes: string;\n\tsignature: string;\n\tintentScope: 'PERSONAL_MESSAGE' | 'TRANSACTION_DATA';\n\tclient?: SuiGraphQLClient;\n}) {\n\tconst resp = await client.query({\n\t\tquery: VerifyZkLoginSignatureQuery,\n\t\tvariables: {\n\t\t\tbytes,\n\t\t\tsignature,\n\t\t\tintentScope,\n\t\t\tauthor: address,\n\t\t},\n\t});\n\n\treturn (\n\t\tresp.data?.verifyZkloginSignature.success === true &&\n\t\tresp.data?.verifyZkloginSignature.errors.length === 0\n\t);\n}\n\nexport function parseSerializedZkLoginSignature(signature: Uint8Array | string) {\n\tconst bytes = typeof signature === 'string' ? fromBase64(signature) : signature;\n\n\tif (bytes[0] !== SIGNATURE_SCHEME_TO_FLAG.ZkLogin) {\n\t\tthrow new Error('Invalid signature scheme');\n\t}\n\n\tconst signatureBytes = bytes.slice(1);\n\tconst { inputs, maxEpoch, userSignature } = parseZkLoginSignature(signatureBytes);\n\tconst { issBase64Details, addressSeed } = inputs;\n\tconst iss = extractClaimValue<string>(issBase64Details, 'iss');\n\tconst publicIdentifer = toZkLoginPublicIdentifier(BigInt(addressSeed), iss);\n\treturn {\n\t\tserializedSignature: toBase64(bytes),\n\t\tsignatureScheme: 'ZkLogin' as const,\n\t\tzkLogin: {\n\t\t\tinputs,\n\t\t\tmaxEpoch,\n\t\t\tuserSignature,\n\t\t\tiss,\n\t\t\taddressSeed: BigInt(addressSeed),\n\t\t},\n\t\tsignature: bytes,\n\t\tpublicKey: publicIdentifer.toRawBytes(),\n\t};\n}\n"],
|
|
5
|
-
"mappings": ";;;;;;;;;;;;;;;;;;;;;;;;;;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAGA,iBAA4C;AAC5C,qBAAwB;AACxB,mBAA2B;AAE3B,uBAA0B;AAE1B,8BAAyC;AACzC,oBAAiC;AACjC,oBAAwB;AACxB,uBAAwD;
|
|
4
|
+
"sourcesContent": ["// Copyright (c) Mysten Labs, Inc.\n// SPDX-License-Identifier: Apache-2.0\n\nimport { fromBase64, toBase64, toHex } from '@mysten/bcs';\nimport { blake2b } from '@noble/hashes/blake2b';\nimport { bytesToHex } from '@noble/hashes/utils';\n\nimport { PublicKey } from '../cryptography/publickey.js';\nimport type { PublicKeyInitData } from '../cryptography/publickey.js';\nimport { SIGNATURE_SCHEME_TO_FLAG } from '../cryptography/signature-scheme.js';\nimport { SuiGraphQLClient } from '../graphql/client.js';\nimport { graphql } from '../graphql/schemas/latest/index.js';\nimport { normalizeSuiAddress, SUI_ADDRESS_LENGTH } from '../utils/sui-types.js';\nimport type { ZkLoginSignatureInputs } from './bcs.js';\nimport { extractClaimValue } from './jwt-utils.js';\nimport { parseZkLoginSignature } from './signature.js';\nimport { normalizeZkLoginIssuer, toBigEndianBytes, toPaddedBigEndianBytes } from './utils.js';\n\n/**\n * A zkLogin public identifier\n */\nexport class ZkLoginPublicIdentifier extends PublicKey {\n\t#data: Uint8Array;\n\t#client?: SuiGraphQLClient;\n\t#legacyAddress: boolean;\n\n\t/**\n\t * Create a new ZkLoginPublicIdentifier object\n\t * @param value zkLogin public identifier as buffer or base-64 encoded string\n\t */\n\tconstructor(value: PublicKeyInitData, { client }: { client?: SuiGraphQLClient } = {}) {\n\t\tsuper();\n\n\t\tthis.#client = client;\n\n\t\tif (typeof value === 'string') {\n\t\t\tthis.#data = fromBase64(value);\n\t\t} else if (value instanceof Uint8Array) {\n\t\t\tthis.#data = value;\n\t\t} else {\n\t\t\tthis.#data = Uint8Array.from(value);\n\t\t}\n\t\tthis.#legacyAddress = this.#data.length !== this.#data[0] + 1 + 32;\n\n\t\tif (this.#legacyAddress) {\n\t\t\tthis.#data = normalizeZkLoginPublicKeyBytes(this.#data);\n\t\t}\n\t}\n\n\tstatic fromProof(address: string, proof: ZkLoginSignatureInputs) {\n\t\tconst { issBase64Details, addressSeed } = proof;\n\t\tconst iss = extractClaimValue<string>(issBase64Details, 'iss');\n\n\t\tconst legacyPublicKey = toZkLoginPublicIdentifier(BigInt(addressSeed), iss, {\n\t\t\tlegacyAddress: true,\n\t\t});\n\n\t\tif (legacyPublicKey.toSuiAddress() === address) {\n\t\t\treturn legacyPublicKey;\n\t\t}\n\n\t\tconst publicKey = toZkLoginPublicIdentifier(BigInt(addressSeed), iss, {\n\t\t\tlegacyAddress: false,\n\t\t});\n\n\t\tif (publicKey.toSuiAddress() !== address) {\n\t\t\tthrow new Error('Proof does not match address');\n\t\t}\n\n\t\treturn publicKey;\n\t}\n\n\t/**\n\t * Checks if two zkLogin public identifiers are equal\n\t */\n\toverride equals(publicKey: ZkLoginPublicIdentifier): boolean {\n\t\treturn super.equals(publicKey);\n\t}\n\n\toverride toSuiAddress(): string {\n\t\tif (this.#legacyAddress) {\n\t\t\treturn this.#toLegacyAddress();\n\t\t}\n\n\t\treturn super.toSuiAddress();\n\t}\n\n\t#toLegacyAddress() {\n\t\tconst legacyBytes = normalizeZkLoginPublicKeyBytes(this.#data, true);\n\t\tconst addressBytes = new Uint8Array(legacyBytes.length + 1);\n\t\taddressBytes[0] = this.flag();\n\t\taddressBytes.set(legacyBytes, 1);\n\t\treturn normalizeSuiAddress(\n\t\t\tbytesToHex(blake2b(addressBytes, { dkLen: 32 })).slice(0, SUI_ADDRESS_LENGTH * 2),\n\t\t);\n\t}\n\n\t/**\n\t * Return the byte array representation of the zkLogin public identifier\n\t */\n\ttoRawBytes(): Uint8Array {\n\t\treturn this.#data;\n\t}\n\n\t/**\n\t * Return the Sui address associated with this ZkLogin public identifier\n\t */\n\tflag(): number {\n\t\treturn SIGNATURE_SCHEME_TO_FLAG['ZkLogin'];\n\t}\n\n\t/**\n\t * Verifies that the signature is valid for for the provided message\n\t */\n\tasync verify(_message: Uint8Array, _signature: Uint8Array | string): Promise<boolean> {\n\t\tthrow Error('does not support');\n\t}\n\n\t/**\n\t * Verifies that the signature is valid for for the provided PersonalMessage\n\t */\n\tverifyPersonalMessage(message: Uint8Array, signature: Uint8Array | string): Promise<boolean> {\n\t\tconst parsedSignature = parseSerializedZkLoginSignature(signature);\n\t\tconst address = new ZkLoginPublicIdentifier(parsedSignature.publicKey).toSuiAddress();\n\n\t\treturn graphqlVerifyZkLoginSignature({\n\t\t\taddress: address,\n\t\t\tbytes: toBase64(message),\n\t\t\tsignature: parsedSignature.serializedSignature,\n\t\t\tintentScope: 'PERSONAL_MESSAGE',\n\t\t\tclient: this.#client,\n\t\t});\n\t}\n\n\t/**\n\t * Verifies that the signature is valid for for the provided Transaction\n\t */\n\tverifyTransaction(transaction: Uint8Array, signature: Uint8Array | string): Promise<boolean> {\n\t\tconst parsedSignature = parseSerializedZkLoginSignature(signature);\n\t\tconst address = new ZkLoginPublicIdentifier(parsedSignature.publicKey).toSuiAddress();\n\t\treturn graphqlVerifyZkLoginSignature({\n\t\t\taddress: address,\n\t\t\tbytes: toBase64(transaction),\n\t\t\tsignature: parsedSignature.serializedSignature,\n\t\t\tintentScope: 'TRANSACTION_DATA',\n\t\t\tclient: this.#client,\n\t\t});\n\t}\n\n\t/**\n\t * Verifies that the public key is associated with the provided address\n\t */\n\toverride verifyAddress(address: string): boolean {\n\t\treturn address === super.toSuiAddress() || address === this.#toLegacyAddress();\n\t}\n}\n\n// Derive the public identifier for zklogin based on address seed and iss.\nexport function toZkLoginPublicIdentifier(\n\taddressSeed: bigint,\n\tiss: string,\n\toptions?: { client?: SuiGraphQLClient; legacyAddress?: boolean },\n): ZkLoginPublicIdentifier {\n\t// Consists of iss_bytes_len || iss_bytes || padded_32_byte_address_seed.\n\tconst addressSeedBytesBigEndian = options?.legacyAddress\n\t\t? toBigEndianBytes(addressSeed, 32)\n\t\t: toPaddedBigEndianBytes(addressSeed, 32);\n\n\tconst issBytes = new TextEncoder().encode(normalizeZkLoginIssuer(iss));\n\tconst tmp = new Uint8Array(1 + issBytes.length + addressSeedBytesBigEndian.length);\n\ttmp.set([issBytes.length], 0);\n\ttmp.set(issBytes, 1);\n\ttmp.set(addressSeedBytesBigEndian, 1 + issBytes.length);\n\treturn new ZkLoginPublicIdentifier(tmp, options);\n}\n\nconst VerifyZkLoginSignatureQuery = graphql(`\n\tquery Zklogin(\n\t\t$bytes: Base64!\n\t\t$signature: Base64!\n\t\t$intentScope: ZkLoginIntentScope!\n\t\t$author: SuiAddress!\n\t) {\n\t\tverifyZkloginSignature(\n\t\t\tbytes: $bytes\n\t\t\tsignature: $signature\n\t\t\tintentScope: $intentScope\n\t\t\tauthor: $author\n\t\t) {\n\t\t\tsuccess\n\t\t\terrors\n\t\t}\n\t}\n`);\n\nfunction normalizeZkLoginPublicKeyBytes(bytes: Uint8Array, legacyAddress = false) {\n\tconst issByteLength = bytes[0] + 1;\n\tconst addressSeed = BigInt(`0x${toHex(bytes.slice(issByteLength))}`);\n\tconst seedBytes = legacyAddress\n\t\t? toBigEndianBytes(addressSeed, 32)\n\t\t: toPaddedBigEndianBytes(addressSeed, 32);\n\tconst data = new Uint8Array(issByteLength + seedBytes.length);\n\tdata.set(bytes.slice(0, issByteLength), 0);\n\tdata.set(seedBytes, issByteLength);\n\treturn data;\n}\n\nasync function graphqlVerifyZkLoginSignature({\n\taddress,\n\tbytes,\n\tsignature,\n\tintentScope,\n\tclient = new SuiGraphQLClient({\n\t\turl: 'https://sui-mainnet.mystenlabs.com/graphql',\n\t}),\n}: {\n\taddress: string;\n\tbytes: string;\n\tsignature: string;\n\tintentScope: 'PERSONAL_MESSAGE' | 'TRANSACTION_DATA';\n\tclient?: SuiGraphQLClient;\n}) {\n\tconst resp = await client.query({\n\t\tquery: VerifyZkLoginSignatureQuery,\n\t\tvariables: {\n\t\t\tbytes,\n\t\t\tsignature,\n\t\t\tintentScope,\n\t\t\tauthor: address,\n\t\t},\n\t});\n\n\treturn (\n\t\tresp.data?.verifyZkloginSignature.success === true &&\n\t\tresp.data?.verifyZkloginSignature.errors.length === 0\n\t);\n}\n\nexport function parseSerializedZkLoginSignature(signature: Uint8Array | string) {\n\tconst bytes = typeof signature === 'string' ? fromBase64(signature) : signature;\n\n\tif (bytes[0] !== SIGNATURE_SCHEME_TO_FLAG.ZkLogin) {\n\t\tthrow new Error('Invalid signature scheme');\n\t}\n\n\tconst signatureBytes = bytes.slice(1);\n\tconst { inputs, maxEpoch, userSignature } = parseZkLoginSignature(signatureBytes);\n\tconst { issBase64Details, addressSeed } = inputs;\n\tconst iss = extractClaimValue<string>(issBase64Details, 'iss');\n\tconst publicIdentifer = toZkLoginPublicIdentifier(BigInt(addressSeed), iss);\n\treturn {\n\t\tserializedSignature: toBase64(bytes),\n\t\tsignatureScheme: 'ZkLogin' as const,\n\t\tzkLogin: {\n\t\t\tinputs,\n\t\t\tmaxEpoch,\n\t\t\tuserSignature,\n\t\t\tiss,\n\t\t\taddressSeed: BigInt(addressSeed),\n\t\t},\n\t\tsignature: bytes,\n\t\tpublicKey: publicIdentifer.toRawBytes(),\n\t};\n}\n"],
|
|
5
|
+
"mappings": ";;;;;;;;;;;;;;;;;;;;;;;;;;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAGA,iBAA4C;AAC5C,qBAAwB;AACxB,mBAA2B;AAE3B,uBAA0B;AAE1B,8BAAyC;AACzC,oBAAiC;AACjC,oBAAwB;AACxB,uBAAwD;AAExD,uBAAkC;AAClC,uBAAsC;AACtC,IAAAA,gBAAiF;AAhBjF;AAqBO,MAAM,2BAAN,MAAM,iCAAgC,2BAAU;AAAA;AAAA;AAAA;AAAA;AAAA,EAStD,YAAY,OAA0B,EAAE,OAAO,IAAmC,CAAC,GAAG;AACrF,UAAM;AAVD;AACN;AACA;AACA;AASC,uBAAK,SAAU;AAEf,QAAI,OAAO,UAAU,UAAU;AAC9B,yBAAK,WAAQ,uBAAW,KAAK;AAAA,IAC9B,WAAW,iBAAiB,YAAY;AACvC,yBAAK,OAAQ;AAAA,IACd,OAAO;AACN,yBAAK,OAAQ,WAAW,KAAK,KAAK;AAAA,IACnC;AACA,uBAAK,gBAAiB,mBAAK,OAAM,WAAW,mBAAK,OAAM,CAAC,IAAI,IAAI;AAEhE,QAAI,mBAAK,iBAAgB;AACxB,yBAAK,OAAQ,+BAA+B,mBAAK,MAAK;AAAA,IACvD;AAAA,EACD;AAAA,EAEA,OAAO,UAAU,SAAiB,OAA+B;AAChE,UAAM,EAAE,kBAAkB,YAAY,IAAI;AAC1C,UAAM,UAAM,oCAA0B,kBAAkB,KAAK;AAE7D,UAAM,kBAAkB,0BAA0B,OAAO,WAAW,GAAG,KAAK;AAAA,MAC3E,eAAe;AAAA,IAChB,CAAC;AAED,QAAI,gBAAgB,aAAa,MAAM,SAAS;AAC/C,aAAO;AAAA,IACR;AAEA,UAAM,YAAY,0BAA0B,OAAO,WAAW,GAAG,KAAK;AAAA,MACrE,eAAe;AAAA,IAChB,CAAC;AAED,QAAI,UAAU,aAAa,MAAM,SAAS;AACzC,YAAM,IAAI,MAAM,8BAA8B;AAAA,IAC/C;AAEA,WAAO;AAAA,EACR;AAAA;AAAA;AAAA;AAAA,EAKS,OAAO,WAA6C;AAC5D,WAAO,MAAM,OAAO,SAAS;AAAA,EAC9B;AAAA,EAES,eAAuB;AAC/B,QAAI,mBAAK,iBAAgB;AACxB,aAAO,sBAAK,wDAAL;AAAA,IACR;AAEA,WAAO,MAAM,aAAa;AAAA,EAC3B;AAAA;AAAA;AAAA;AAAA,EAeA,aAAyB;AACxB,WAAO,mBAAK;AAAA,EACb;AAAA;AAAA;AAAA;AAAA,EAKA,OAAe;AACd,WAAO,iDAAyB,SAAS;AAAA,EAC1C;AAAA;AAAA;AAAA;AAAA,EAKA,MAAM,OAAO,UAAsB,YAAmD;AACrF,UAAM,MAAM,kBAAkB;AAAA,EAC/B;AAAA;AAAA;AAAA;AAAA,EAKA,sBAAsB,SAAqB,WAAkD;AAC5F,UAAM,kBAAkB,gCAAgC,SAAS;AACjE,UAAM,UAAU,IAAI,yBAAwB,gBAAgB,SAAS,EAAE,aAAa;AAEpF,WAAO,8BAA8B;AAAA,MACpC;AAAA,MACA,WAAO,qBAAS,OAAO;AAAA,MACvB,WAAW,gBAAgB;AAAA,MAC3B,aAAa;AAAA,MACb,QAAQ,mBAAK;AAAA,IACd,CAAC;AAAA,EACF;AAAA;AAAA;AAAA;AAAA,EAKA,kBAAkB,aAAyB,WAAkD;AAC5F,UAAM,kBAAkB,gCAAgC,SAAS;AACjE,UAAM,UAAU,IAAI,yBAAwB,gBAAgB,SAAS,EAAE,aAAa;AACpF,WAAO,8BAA8B;AAAA,MACpC;AAAA,MACA,WAAO,qBAAS,WAAW;AAAA,MAC3B,WAAW,gBAAgB;AAAA,MAC3B,aAAa;AAAA,MACb,QAAQ,mBAAK;AAAA,IACd,CAAC;AAAA,EACF;AAAA;AAAA;AAAA;AAAA,EAKS,cAAc,SAA0B;AAChD,WAAO,YAAY,MAAM,aAAa,KAAK,YAAY,sBAAK,wDAAL;AAAA,EACxD;AACD;AArIC;AACA;AACA;AAHM;AAkEN,qBAAgB,WAAG;AAClB,QAAM,cAAc,+BAA+B,mBAAK,QAAO,IAAI;AACnE,QAAM,eAAe,IAAI,WAAW,YAAY,SAAS,CAAC;AAC1D,eAAa,CAAC,IAAI,KAAK,KAAK;AAC5B,eAAa,IAAI,aAAa,CAAC;AAC/B,aAAO;AAAA,QACN,6BAAW,wBAAQ,cAAc,EAAE,OAAO,GAAG,CAAC,CAAC,EAAE,MAAM,GAAG,sCAAqB,CAAC;AAAA,EACjF;AACD;AA1EM,IAAM,0BAAN;AAyIA,SAAS,0BACf,aACA,KACA,SAC0B;AAE1B,QAAM,4BAA4B,SAAS,oBACxC,gCAAiB,aAAa,EAAE,QAChC,sCAAuB,aAAa,EAAE;AAEzC,QAAM,WAAW,IAAI,YAAY,EAAE,WAAO,sCAAuB,GAAG,CAAC;AACrE,QAAM,MAAM,IAAI,WAAW,IAAI,SAAS,SAAS,0BAA0B,MAAM;AACjF,MAAI,IAAI,CAAC,SAAS,MAAM,GAAG,CAAC;AAC5B,MAAI,IAAI,UAAU,CAAC;AACnB,MAAI,IAAI,2BAA2B,IAAI,SAAS,MAAM;AACtD,SAAO,IAAI,wBAAwB,KAAK,OAAO;AAChD;AAEA,MAAM,kCAA8B,uBAAQ;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,CAiB3C;AAED,SAAS,+BAA+B,OAAmB,gBAAgB,OAAO;AACjF,QAAM,gBAAgB,MAAM,CAAC,IAAI;AACjC,QAAM,cAAc,OAAO,SAAK,kBAAM,MAAM,MAAM,aAAa,CAAC,CAAC,EAAE;AACnE,QAAM,YAAY,oBACf,gCAAiB,aAAa,EAAE,QAChC,sCAAuB,aAAa,EAAE;AACzC,QAAM,OAAO,IAAI,WAAW,gBAAgB,UAAU,MAAM;AAC5D,OAAK,IAAI,MAAM,MAAM,GAAG,aAAa,GAAG,CAAC;AACzC,OAAK,IAAI,WAAW,aAAa;AACjC,SAAO;AACR;AAEA,eAAe,8BAA8B;AAAA,EAC5C;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA,SAAS,IAAI,+BAAiB;AAAA,IAC7B,KAAK;AAAA,EACN,CAAC;AACF,GAMG;AACF,QAAM,OAAO,MAAM,OAAO,MAAM;AAAA,IAC/B,OAAO;AAAA,IACP,WAAW;AAAA,MACV;AAAA,MACA;AAAA,MACA;AAAA,MACA,QAAQ;AAAA,IACT;AAAA,EACD,CAAC;AAED,SACC,KAAK,MAAM,uBAAuB,YAAY,QAC9C,KAAK,MAAM,uBAAuB,OAAO,WAAW;AAEtD;AAEO,SAAS,gCAAgC,WAAgC;AAC/E,QAAM,QAAQ,OAAO,cAAc,eAAW,uBAAW,SAAS,IAAI;AAEtE,MAAI,MAAM,CAAC,MAAM,iDAAyB,SAAS;AAClD,UAAM,IAAI,MAAM,0BAA0B;AAAA,EAC3C;AAEA,QAAM,iBAAiB,MAAM,MAAM,CAAC;AACpC,QAAM,EAAE,QAAQ,UAAU,cAAc,QAAI,wCAAsB,cAAc;AAChF,QAAM,EAAE,kBAAkB,YAAY,IAAI;AAC1C,QAAM,UAAM,oCAA0B,kBAAkB,KAAK;AAC7D,QAAM,kBAAkB,0BAA0B,OAAO,WAAW,GAAG,GAAG;AAC1E,SAAO;AAAA,IACN,yBAAqB,qBAAS,KAAK;AAAA,IACnC,iBAAiB;AAAA,IACjB,SAAS;AAAA,MACR;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,MACA,aAAa,OAAO,WAAW;AAAA,IAChC;AAAA,IACA,WAAW;AAAA,IACX,WAAW,gBAAgB,WAAW;AAAA,EACvC;AACD;",
|
|
6
6
|
"names": ["import_utils"]
|
|
7
7
|
}
|
|
@@ -13,3 +13,4 @@ export declare function getExtendedEphemeralPublicKey(publicKey: PublicKey): str
|
|
|
13
13
|
export declare function chunkArray<T>(array: T[], chunk_size: number): T[][];
|
|
14
14
|
export declare function hashASCIIStrToField(str: string, maxSize: number): bigint;
|
|
15
15
|
export declare function genAddressSeed(salt: string | bigint, name: string, value: string, aud: string, max_name_length?: number, max_value_length?: number, max_aud_length?: number): bigint;
|
|
16
|
+
export declare function normalizeZkLoginIssuer(iss: string): string;
|