@provablehq/sdk 0.9.18 → 0.10.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (39) hide show
  1. package/dist/mainnet/browser.d.ts +6 -4
  2. package/dist/mainnet/browser.js +394 -16
  3. package/dist/mainnet/browser.js.map +1 -1
  4. package/dist/mainnet/external-signing.d.ts +76 -0
  5. package/dist/mainnet/keys/keystore/error.d.ts +5 -4
  6. package/dist/mainnet/keys/keystore/file.d.ts +64 -104
  7. package/dist/mainnet/keys/keystore/interface.d.ts +106 -30
  8. package/dist/mainnet/models/external-signing.d.ts +123 -0
  9. package/dist/mainnet/models/input/inputJSON.d.ts +1 -0
  10. package/dist/mainnet/models/input/inputObject.d.ts +1 -0
  11. package/dist/mainnet/models/output/outputJSON.d.ts +1 -0
  12. package/dist/mainnet/models/output/outputObject.d.ts +1 -0
  13. package/dist/mainnet/network-client.d.ts +1 -0
  14. package/dist/mainnet/node.js +112 -138
  15. package/dist/mainnet/node.js.map +1 -1
  16. package/dist/mainnet/program-manager.d.ts +100 -4
  17. package/dist/mainnet/record-scanner.d.ts +1 -0
  18. package/dist/mainnet/wasm.d.ts +1 -1
  19. package/dist/testnet/browser.d.ts +6 -4
  20. package/dist/testnet/browser.js +394 -16
  21. package/dist/testnet/browser.js.map +1 -1
  22. package/dist/testnet/external-signing.d.ts +76 -0
  23. package/dist/testnet/keys/keystore/error.d.ts +5 -4
  24. package/dist/testnet/keys/keystore/file.d.ts +64 -104
  25. package/dist/testnet/keys/keystore/interface.d.ts +106 -30
  26. package/dist/testnet/models/external-signing.d.ts +123 -0
  27. package/dist/testnet/models/input/inputJSON.d.ts +1 -0
  28. package/dist/testnet/models/input/inputObject.d.ts +1 -0
  29. package/dist/testnet/models/output/outputJSON.d.ts +1 -0
  30. package/dist/testnet/models/output/outputObject.d.ts +1 -0
  31. package/dist/testnet/network-client.d.ts +1 -0
  32. package/dist/testnet/node.js +112 -138
  33. package/dist/testnet/node.js.map +1 -1
  34. package/dist/testnet/program-manager.d.ts +100 -4
  35. package/dist/testnet/record-scanner.d.ts +1 -0
  36. package/dist/testnet/wasm.d.ts +1 -1
  37. package/package.json +2 -2
  38. package/dist/mainnet/models/keyHolder.d.ts +0 -2
  39. package/dist/testnet/models/keyHolder.d.ts +0 -2
package/dist/mainnet/models/output/outputObject.d.ts CHANGED
@@ -14,4 +14,5 @@ export interface OutputObject {
14
14
  program?: string;
15
15
  function?: string;
16
16
  arguments?: Array<Plaintext> | Array<OutputObject>;
17
+ dynamic_id?: string | Field;
17
18
  }
package/dist/mainnet/network-client.d.ts CHANGED
@@ -58,6 +58,7 @@ interface DelegatedProvingParams {
58
58
  */
59
59
  declare class AleoNetworkClient {
60
60
  host: string;
61
+ private readonly baseUrl;
61
62
  headers: {
62
63
  [key: string]: string;
63
64
  };
package/dist/mainnet/node.js CHANGED
@@ -3,9 +3,9 @@ import * as fs from 'node:fs/promises';
3
3
  import * as $fs from 'node:fs';
4
4
  import * as path from 'path';
5
5
  import { MemKeyVerifier, InvalidLocatorError } from './browser.js';
6
- export { Account, AleoKeyProvider, AleoKeyProviderParams, AleoNetworkClient, BlockHeightSearch, CREDITS_PROGRAM_KEYS, KeyVerificationError as ChecksumMismatchError, DecryptionNotEnabledError, KEY_STORE, KeyVerificationError, NetworkRecordProvider, OfflineKeyProvider, OfflineSearchParams, PRIVATE_TO_PUBLIC_TRANSFER, PRIVATE_TRANSFER, PRIVATE_TRANSFER_TYPES, PUBLIC_TO_PRIVATE_TRANSFER, PUBLIC_TRANSFER, PUBLIC_TRANSFER_AS_SIGNER, ProgramManager, RECORD_DOMAIN, RecordNotFoundError, RecordScanner, RecordScannerRequestError, SealanceMerkleTree, UUIDError, VALID_TRANSFER_TYPES, ViewKeyNotStoredError, encryptAuthorization, encryptProvingRequest, encryptRegistrationRequest, encryptViewKey, initializeWasm, isProveApiErrorBody, isProvingResponse, logAndThrow, sha256Hex, zeroizeBytes } from './browser.js';
6
+ export { Account, AleoKeyProvider, AleoKeyProviderParams, AleoNetworkClient, BlockHeightSearch, CREDITS_PROGRAM_KEYS, ChecksumMismatchError, DecryptionNotEnabledError, KEY_STORE, ChecksumMismatchError as KeyVerificationError, NetworkRecordProvider, OfflineKeyProvider, OfflineSearchParams, PRIVATE_TO_PUBLIC_TRANSFER, PRIVATE_TRANSFER, PRIVATE_TRANSFER_TYPES, PUBLIC_TO_PRIVATE_TRANSFER, PUBLIC_TRANSFER, PUBLIC_TRANSFER_AS_SIGNER, ProgramManager, RECORD_DOMAIN, RecordNotFoundError, RecordScanner, RecordScannerRequestError, SealanceMerkleTree, UUIDError, VALID_TRANSFER_TYPES, ViewKeyNotStoredError, buildExecutionRequestFromExternallySignedData, computeExternalSigningInputs, encryptAuthorization, encryptProvingRequest, encryptRegistrationRequest, encryptViewKey, initializeWasm, inputsToFields, isInputIdStrategy, isProveApiErrorBody, isProvingResponse, isRecordViewKeyStrategy, isViewKeyStrategy, logAndThrow, provingKeyLocator, sha256Hex, toAddress, toField, toGroup, toSignature, toViewKey, translationKeyLocator, verifyBatchProof, verifyProof, verifyingKeyLocator, zeroizeBytes } from './browser.js';
7
7
  import { ProvingKey, VerifyingKey } from '@provablehq/wasm/mainnet.js';
8
- export { Address, Authorization, BHP1024, BHP256, BHP512, BHP768, Boolean, Ciphertext, ComputeKey, EncryptionToolkit, ExecutionRequest, ExecutionResponse, Field, Execution as FunctionExecution, GraphKey, Group, I128, I16, I32, I64, I8, OfflineQuery, Pedersen128, Pedersen64, Plaintext, Poseidon2, Poseidon4, Poseidon8, PrivateKey, PrivateKeyCiphertext, Program, ProgramManager as ProgramManagerBase, ProvingKey, ProvingRequest, RecordCiphertext, RecordPlaintext, Scalar, Signature, Transaction, Transition, U128, U16, U32, U64, U8, VerifyingKey, ViewKey, getOrInitConsensusVersionTestHeights, initThreadPool, verifyFunctionExecution } from '@provablehq/wasm/mainnet.js';
8
+ export { Address, Authorization, BHP1024, BHP256, BHP512, BHP768, Boolean, Ciphertext, ComputeKey, EncryptionToolkit, ExecutionRequest, ExecutionResponse, Field, Execution as FunctionExecution, GraphKey, Group, I128, I16, I32, I64, I8, OfflineQuery, Pedersen128, Pedersen64, Plaintext, Poseidon2, Poseidon4, Poseidon8, PrivateKey, PrivateKeyCiphertext, Program, ProgramManager as ProgramManagerBase, Proof, ProvingKey, ProvingRequest, RecordCiphertext, RecordPlaintext, Scalar, Signature, Transaction, Transition, U128, U16, U32, U64, U8, Value, VerifyingKey, ViewKey, getOrInitConsensusVersionTestHeights, initThreadPool, snarkVerify, snarkVerifyBatch, stringToField, verifyFunctionExecution } from '@provablehq/wasm/mainnet.js';
9
9
  import 'core-js/proposals/json-parse-with-source.js';
10
10
  import 'node:crypto';
11
11
  import 'mime/lite';
@@ -34,26 +34,76 @@ class LocalFileKeyStore {
34
34
  $fs.mkdirSync(this.directory, { recursive: true });
35
35
  }
36
36
  /**
37
- * Validates that a locator is a safe filesystem identifier.
37
+ * Validates a single locator component for unsafe filesystem characters.
38
38
  *
39
39
  * @private
40
- * @param {string} locator - Unique identifier used to derive a metadata file path.
41
- * @throws {InvalidLocatorError} If the locator could cause path traversal.
40
+ * @param {string} value - The component value to validate.
41
+ * @param {string} label - Label for error messages (e.g. "program", "functionName").
42
+ * @throws {InvalidLocatorError} If the value is empty, contains traversal sequences, path separators, or null bytes.
42
43
  */
43
- validateLocator(locator) {
44
- // Reject empty and reserved names that could resolve to the directory or parent
45
- if (locator === "" || locator === "." || locator === "..") {
46
- throw new InvalidLocatorError(`Invalid locator: reserved or empty name "${locator}"`, locator, "reserved_name");
44
+ validateComponent(value, label) {
45
+ if (value === "" || value === ".") {
46
+ throw new InvalidLocatorError(`KeyLocator ${label} must not be empty or "." (got "${value}")`, value, "reserved_name");
47
47
  }
48
- // Explicitly block traversal attempts
49
- if (locator.includes("..")) {
50
- throw new InvalidLocatorError("Invalid locator: path traversal detected", locator, "path_traversal");
48
+ if (value.includes("..")) {
49
+ throw new InvalidLocatorError(`KeyLocator ${label} must not contain ".." (got "${value}")`, value, "path_traversal");
51
50
  }
52
- // Block path separators and null byte
53
- if (locator.includes("/") || locator.includes("\\") || locator.includes("\0")) {
54
- throw new InvalidLocatorError("Invalid locator: path separator or null byte not allowed", locator, "path_separator");
51
+ if (value.includes("/") || value.includes("\\") || value.includes("\0")) {
52
+ throw new InvalidLocatorError(`KeyLocator ${label} must not contain path separators or null bytes (got "${value}")`, value, "path_separator");
55
53
  }
56
54
  }
55
+ /**
56
+ * Validates that a numeric locator field is not negative.
57
+ *
58
+ * @private
59
+ * @param {number} value - The numeric value to validate.
60
+ * @param {string} label - Label for error messages (e.g. "edition", "amendment").
61
+ * @throws {InvalidLocatorError} If the value is negative.
62
+ */
63
+ validateNonNegative(value, label) {
64
+ if (!Number.isInteger(value) || value < 0) {
65
+ throw new InvalidLocatorError(`KeyLocator ${label} must be a non-negative integer (got ${value})`, String(value), "negative_value");
66
+ }
67
+ }
68
+ /**
69
+ * Serializes a {@link KeyLocator} to a filesystem-safe flat string, validating components first.
70
+ *
71
+ * For prover/verifier keys: `{program}.{functionName}.e{edition}.a{amendment}.{network}.{keyType}`
72
+ * For translation keys: `{program}.{functionName}.e{edition}.a{amendment}.{network}.translation.{recordName}.{recordInputPosition}`
73
+ *
74
+ * Note: The optional `checksum` field is excluded — it is used for integrity verification only
75
+ * (via {@link checksumToFingerprint}) and is not part of the key identity.
76
+ *
77
+ * @private
78
+ * @param {KeyLocator} locator - The key locator.
79
+ * @returns {string} A dot-delimited string safe for use as a filename.
80
+ * @throws {InvalidLocatorError} If any component contains unsafe characters.
81
+ */
82
+ serializeLocator(locator) {
83
+ this.validateComponent(locator.program, "program");
84
+ this.validateComponent(locator.functionName, "functionName");
85
+ this.validateComponent(locator.network, "network");
86
+ this.validateNonNegative(locator.edition, "edition");
87
+ this.validateNonNegative(locator.amendment, "amendment");
88
+ const base = `${locator.program}.${locator.functionName}.e${locator.edition}.a${locator.amendment}.${locator.network}.${locator.keyType}`;
89
+ if (locator.keyType === "translation") {
90
+ this.validateComponent(locator.recordName, "recordName");
91
+ this.validateNonNegative(locator.recordInputPosition, "recordInputPosition");
92
+ return `${base}.${locator.recordName}.${locator.recordInputPosition}`;
93
+ }
94
+ return base;
95
+ }
96
+ /**
97
+ * Converts an optional checksum string from a locator into a KeyFingerprint
98
+ * suitable for the key verifier, using the actual key byte length for size.
99
+ *
100
+ * @private
101
+ */
102
+ checksumToFingerprint(checksum, keyBytes) {
103
+ if (!checksum)
104
+ return undefined;
105
+ return { checksum, size: keyBytes.length };
106
+ }
57
107
  /**
58
108
  * Generates the path for a key metadata file based on the locator.
59
109
  *
@@ -174,33 +224,25 @@ class LocalFileKeyStore {
174
224
  // KEYSTORE INTERFACE
175
225
  // -------------------------------------------------------
176
226
  /**
177
- * Retrieves the key bytes from storage and optionally verifies them against a fingerprint.
227
+ * Retrieves the key bytes from storage and optionally verifies them.
178
228
  *
179
- * @param {KeyLocator} locator - Object containing a locator string for the key + optional fingerprint for verification.
180
- * @returns {Promise<Uint8Array | null>} The key bytes if found and verified (if fingerprint provided), null if not found.
181
- * @throws {KeyVerificationError} If fingerprint verification fails.
182
- * @example
183
- * const keyBytes = await getKeyBytes({
184
- * locator: 'transfer_private.prover.421e5a5',
185
- * fingerprint: { checksum: '421e5a52f01a1eeb068bbf56d15e19477ff7290e4b988d1013e15563f2b77801', size: 116746954 }
186
- * });
187
- * if (keyBytes) {
188
- * // Use the verified key bytes
189
- * }
229
+ * @param {KeyLocator} locator - The key locator with optional checksum for verification.
230
+ * @returns {Promise<Uint8Array | null>} The key bytes if found and verified, null if not found.
231
+ * @throws {KeyVerificationError} If verification fails.
190
232
  */
191
233
  async getKeyBytes(locator) {
192
- this.validateLocator(locator.locator);
234
+ const fileKey = this.serializeLocator(locator);
193
235
  // Attempt to read key bytes from storage (under this.directory).
194
- const keyBytes = await this.readFileOptional(path.join(this.directory, locator.locator));
236
+ const keyBytes = await this.readFileOptional(path.join(this.directory, fileKey));
195
237
  // If no key bytes were found, return null.
196
238
  if (!keyBytes)
197
239
  return null;
198
- // Use caller-provided fingerprint or metadata stored on disk for verification.
199
- const fingerprint = locator.fingerprint ?? (await this.getKeyMetadata(locator.locator));
240
+ // Use caller-provided checksum or metadata stored on disk for verification.
241
+ const fingerprint = this.checksumToFingerprint(locator.checksum, keyBytes) ?? (await this.getKeyMetadata(locator));
200
242
  if (fingerprint) {
201
243
  await this.keyVerifier.verifyKeyBytes({
202
244
  keyBytes,
203
- locator: locator.locator,
245
+ locator: fileKey,
204
246
  fingerprint,
205
247
  });
206
248
  }
@@ -210,167 +252,105 @@ class LocalFileKeyStore {
210
252
  /**
211
253
  * Retrieves and verifies a proving key from storage.
212
254
  *
213
- * @param {KeyLocator} locator - Object containing the proving key location and optional fingerprint.
255
+ * @param {ProvingKeyLocator} locator - The proving key locator.
214
256
  * @returns {Promise<ProvingKey | null>} The proving key if found and verified, null if not found.
215
- * @throws {KeyVerificationError} If fingerprint verification fails.
257
+ * @throws {KeyVerificationError} If verification fails.
216
258
  * @throws {Error} If key bytes cannot be parsed into a valid ProvingKey.
217
- *
218
- * @example
219
- * try {
220
- * const key = await getProvingKey({
221
- * locator: 'transfer_private.prover.421e5a5'
222
- * });
223
- * if (key) {
224
- * // Use the verified proving key
225
- * }
226
- * } catch (err) {
227
- * if (err instanceof KeyVerificationError) {
228
- * // Handle verification failure.
229
- * } else {
230
- * // Handle key parsing error.
231
- * }
232
- * }
233
259
  */
234
260
  async getProvingKey(locator) {
235
- // Get the key bytes from storage.
236
261
  const proverBytes = await this.getKeyBytes(locator);
237
262
  if (!proverBytes)
238
263
  return null;
239
- // Attempt to parse the key bytes as a WASM ProvingKey (throws if invalid).
240
264
  return ProvingKey.fromBytes(proverBytes);
241
265
  }
242
266
  /**
243
267
  * Retrieves and verifies a verifying key from storage.
244
268
  *
245
- * @param {KeyLocator} locator - Object containing the verifying key location and optional fingerprint.
269
+ * @param {VerifyingKeyLocator} locator - The verifying key locator.
246
270
  * @returns {Promise<VerifyingKey | null>} The verifying key if found and verified, null if not found.
247
- * @throws {KeyVerificationError} If fingerprint verification fails.
271
+ * @throws {KeyVerificationError} If verification fails.
248
272
  * @throws {Error} If key bytes cannot be parsed into a valid VerifyingKey.
249
- *
250
- * @example
251
- * try {
252
- * const key = await getVerifyingKey({
253
- * locator: 'transfer_private.verifier.4ac2f71'
254
- * });
255
- * if (key) {
256
- * // Use the verified verifying key
257
- * }
258
- * } catch (err) {
259
- * if (err instanceof KeyVerificationError) {
260
- * // Handle verification failure.
261
- * } else {
262
- * // Handle key parsing error.
263
- * }
264
- * }
265
273
  */
266
274
  async getVerifyingKey(locator) {
267
- // Get the key bytes from storage.
268
275
  const verifierBytes = await this.getKeyBytes(locator);
269
276
  if (!verifierBytes)
270
277
  return null;
271
- // Attempt to parse the key bytes as a WASM VerifyingKey (throws if invalid).
272
278
  return VerifyingKey.fromBytes(verifierBytes);
273
279
  }
274
280
  /**
275
281
  * Stores proving and verifying keys in key storage.
276
282
  *
277
- * @param {KeyLocator} proverLocator The unique locator for the desired proving key.
278
- * @param {KeyLocator} verifierLocator The unique locator for the desired verifying key.
283
+ * @param {ProvingKeyLocator} proverLocator The locator for the proving key.
284
+ * @param {VerifyingKeyLocator} verifierLocator The locator for the verifying key.
279
285
  * @param {FunctionKeyPair} keys The proving and verifying keys.
280
- *
281
- * @example
282
- * const keys = await generateKeys();
283
- * await setKeys(
284
- * { locator: 'transfer_private.prover' },
285
- * { locator: 'transfer_private.verifier' },
286
- * keys
287
- * );
288
286
  */
289
287
  async setKeys(proverLocator, verifierLocator, keys) {
290
- this.validateLocator(proverLocator.locator);
291
- this.validateLocator(verifierLocator.locator);
288
+ const proverKey = this.serializeLocator(proverLocator);
289
+ const verifierKey = this.serializeLocator(verifierLocator);
292
290
  // Convert the WASM keys to raw bytes.
293
291
  const [provingKey, verifyingKey] = keys;
294
292
  const [provingKeyBytes, verifyingKeyBytes] = [
295
293
  provingKey.toBytes(),
296
294
  verifyingKey.toBytes(),
297
295
  ];
298
- // Compute the fingerprints for the proving and verifying keys, verify against expected fingerprints if provided.
296
+ // Compute the fingerprints for the proving and verifying keys, verify against expected checksums if provided.
299
297
  const [proverFingerPrint, verifierFingerPrint] = await Promise.all([
300
298
  this.keyVerifier.computeKeyMetadata({
301
299
  keyBytes: provingKeyBytes,
302
- locator: proverLocator.locator,
303
- fingerprint: proverLocator.fingerprint,
300
+ locator: proverKey,
301
+ fingerprint: this.checksumToFingerprint(proverLocator.checksum, provingKeyBytes),
304
302
  }),
305
303
  this.keyVerifier.computeKeyMetadata({
306
304
  keyBytes: verifyingKeyBytes,
307
- locator: verifierLocator.locator,
308
- fingerprint: verifierLocator.fingerprint,
305
+ locator: verifierKey,
306
+ fingerprint: this.checksumToFingerprint(verifierLocator.checksum, verifyingKeyBytes),
309
307
  }),
310
308
  ]);
311
309
  // Write the proving and verifying key bytes and their metadata to storage (under this.directory).
312
- await this.writeFileAtomic(path.join(this.directory, proverLocator.locator), provingKeyBytes);
313
- await this.writeFileAtomic(path.join(this.directory, verifierLocator.locator), verifyingKeyBytes);
314
- await this.writeKeyMetadata(proverLocator.locator, proverFingerPrint);
315
- await this.writeKeyMetadata(verifierLocator.locator, verifierFingerPrint);
310
+ await this.writeFileAtomic(path.join(this.directory, proverKey), provingKeyBytes);
311
+ await this.writeFileAtomic(path.join(this.directory, verifierKey), verifyingKeyBytes);
312
+ await this.writeKeyMetadata(proverKey, proverFingerPrint);
313
+ await this.writeKeyMetadata(verifierKey, verifierFingerPrint);
316
314
  }
317
315
  /**
318
- * Store a raw proving or verifying key in storage along with its fingerprint metadata for future verification.
316
+ * Store a raw key in storage along with its fingerprint metadata for future verification.
319
317
  *
320
- * @param {Uint8Array} keyBytes The raw proving and verifying key bytes.
321
- * @param {KeyLocator} locator The unique locator for the desired key pair.
318
+ * @param {Uint8Array} keyBytes The raw key bytes.
319
+ * @param {KeyLocator} locator The unique locator for the key.
322
320
  * @returns {Promise<void>}
323
321
  * @throws {Error} If computing key metadata or writing to storage fails
324
- *
325
- * @example
326
- * const keys = await generateKeys();
327
- * await setKeyBytes(keys.provingKey.toBytes(), { locator: 'transfer_private.prover' });
328
322
  */
329
323
  async setKeyBytes(keyBytes, locator) {
330
- this.validateLocator(locator.locator);
324
+ const fileKey = this.serializeLocator(locator);
331
325
  // Compute the key metadata including fingerprint
332
326
  const computedMetadata = await this.keyVerifier.computeKeyMetadata({
333
327
  keyBytes: keyBytes,
334
- locator: locator.locator,
335
- fingerprint: locator.fingerprint,
328
+ locator: fileKey,
329
+ fingerprint: this.checksumToFingerprint(locator.checksum, keyBytes),
336
330
  });
337
331
  // Write the key bytes and metadata atomically (key file under this.directory).
338
- await this.writeFileAtomic(path.join(this.directory, locator.locator), keyBytes);
339
- await this.writeKeyMetadata(locator.locator, computedMetadata);
332
+ await this.writeFileAtomic(path.join(this.directory, fileKey), keyBytes);
333
+ await this.writeKeyMetadata(fileKey, computedMetadata);
340
334
  }
341
335
  /**
342
336
  * Returns stored metadata for a key, if any.
343
337
  *
344
- * @param {string} locator The unique locator for the key.
345
- * @returns {Promise<KeyFingerprint | null>} The stored fingerprint metadata for that locator, or null if none exists.
346
- *
347
- * @example
348
- * const metadata = await getKeyMetadata('transfer_private.prover.421e5a5');
349
- * if (metadata) {
350
- * // Use the stored metadata.
351
- * }
338
+ * @param {KeyLocator} locator The unique locator for the key.
339
+ * @returns {Promise<KeyFingerprint | null>} The stored fingerprint metadata, or null if none exists.
352
340
  */
353
341
  async getKeyMetadata(locator) {
354
- this.validateLocator(locator);
355
- return this.readKeyMetadata(locator);
342
+ const fileKey = this.serializeLocator(locator);
343
+ return this.readKeyMetadata(fileKey);
356
344
  }
357
345
  /**
358
- * Checks if a key exists at the specified locator path.
346
+ * Checks if a key exists for the given locator.
359
347
  *
360
- * @param {string} locator - Unique identifier for the key location.
361
- * @returns {Promise<boolean>} True if key exists at location, false otherwise.
362
- *
363
- * @example
364
- * const exists = await has('transfer_private.prover.421e5a5');
365
- * if (exists) {
366
- * // Key exists at location.
367
- * } else {
368
- * // Key does not exist at location.
369
- * }
348
+ * @param {KeyLocator} locator - The unique key locator.
349
+ * @returns {Promise<boolean>} True if key exists, false otherwise.
370
350
  */
371
351
  async has(locator) {
372
- this.validateLocator(locator);
373
- const keyPath = path.join(this.directory, locator);
352
+ const fileKey = this.serializeLocator(locator);
353
+ const keyPath = path.join(this.directory, fileKey);
374
354
  return await fs
375
355
  .access(keyPath)
376
356
  .then(() => true)
@@ -379,16 +359,13 @@ class LocalFileKeyStore {
379
359
  /**
380
360
  * Deletes a key and its associated metadata from storage. Silently ignores errors if files don't exist.
381
361
  *
382
- * @param {string} locator - Unique identifier for the key to delete.
362
+ * @param {KeyLocator} locator - The unique key locator.
383
363
  * @returns {Promise<void>}
384
- *
385
- * @example
386
- * await delete('transfer_private.prover.421e5a5');
387
364
  */
388
365
  async delete(locator) {
389
- this.validateLocator(locator);
390
- const p = path.join(this.directory, locator);
391
- const m = this.metadataPath(locator);
366
+ const fileKey = this.serializeLocator(locator);
367
+ const p = path.join(this.directory, fileKey);
368
+ const m = this.metadataPath(fileKey);
392
369
  await fs.unlink(p).catch(() => { });
393
370
  await fs.unlink(m).catch(() => { });
394
371
  }
@@ -397,9 +374,6 @@ class LocalFileKeyStore {
397
374
  *
398
375
  * @returns {Promise<void>}
399
376
  * @throws {Error} If directory listing fails for reasons other than non-existence.
400
- *
401
- * @example
402
- * await clear(); // Removes all files under the keystore directory.
403
377
  */
404
378
  async clear() {
405
379
  await this.clearDirectory(this.directory);
package/dist/mainnet/node.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"node.js","sources":["../../src/keys/keystore/file.ts"],"sourcesContent":["import * as fs from \"node:fs/promises\";\nimport * as fsSync from \"node:fs\";\nimport * as path from \"path\";\n\nimport { FunctionKeyPair } from \"../../models/keyPair.js\";\nimport { KeyFingerprint } from \"../verifier/interface.js\";\nimport { InvalidLocatorError } from \"./error.js\";\nimport { KeyLocator, KeyStore } from \"./interface.js\";\nimport { MemKeyVerifier } from \"../verifier/memory.js\";\nimport { ProvingKey, VerifyingKey } from \"../../wasm.js\";\n\nexport class LocalFileKeyStore implements KeyStore {\n private directory: string;\n private readonly keyVerifier = new MemKeyVerifier();\n\n /**\n * Creates a new directory at the given path or CURRENTDIR/.aleo if none is provided to store keys.\n * If a custom directory is passed and its last path segment is not \".aleo\", \".aleo\" is appended\n * so keys are stored under that subdirectory (e.g. /home/project → /home/project/.aleo).\n *\n * @param {string} [directory] - Optional custom directory path for key storage. Defaults to \".aleo\" in current working directory.\n * @throws {Error} If directory creation fails.\n */\n constructor(directory?: string) {\n this.directory = directory ?? path.join(process.cwd(), \".aleo\");\n if (directory !== undefined && path.basename(this.directory) !== \".aleo\") {\n this.directory = path.join(this.directory, \".aleo\");\n }\n fsSync.mkdirSync(this.directory, { recursive: true });\n }\n\n /**\n * Validates that a locator is a safe filesystem identifier.\n *\n * @private\n * @param {string} locator - Unique identifier used to derive a metadata file path.\n * @throws {InvalidLocatorError} If the locator could cause path traversal.\n */\n private validateLocator(locator: string): void {\n // Reject empty and reserved names that could resolve to the directory or parent\n if (locator === \"\" || locator === \".\" || locator === \"..\") {\n throw new InvalidLocatorError(\n `Invalid locator: reserved or empty name \"${locator}\"`,\n locator,\n \"reserved_name\"\n );\n }\n\n // Explicitly block traversal attempts\n if (locator.includes(\"..\")) {\n throw new InvalidLocatorError(\n \"Invalid locator: path traversal detected\",\n locator,\n \"path_traversal\"\n );\n }\n\n // Block path separators and null byte\n if (locator.includes(\"/\") || locator.includes(\"\\\\\") || locator.includes(\"\\0\")) {\n throw new InvalidLocatorError(\n \"Invalid locator: path separator or null byte not allowed\",\n locator,\n \"path_separator\"\n );\n }\n }\n\n /**\n * Generates the path for a key metadata file based on the locator.\n *\n * @private\n * @param {string} locator - Unique identifier for the key.\n * @returns {string} Full filesystem path to the metadata file.\n */\n private metadataPath(locator: string): string {\n return path.join(this.directory, `${locator}.metadata`);\n }\n\n /**\n * Reads and parses the key fingerprint metadata from storage.\n *\n * @private\n * @param {string} locator - Unique identifier for the key.\n * @returns {Promise<KeyFingerprint | null>} The key fingerprint if found, null if file doesn't exist.\n * @throws {Error} If file read fails for any reason other than not found.\n */\n private async readKeyMetadata(\n locator: string,\n ): Promise<KeyFingerprint | null> {\n try {\n const data = await fs.readFile(this.metadataPath(locator), \"utf-8\");\n return JSON.parse(data) as KeyFingerprint;\n } catch (err: unknown) {\n if (\n err &&\n typeof err === \"object\" &&\n \"code\" in err &&\n err.code === \"ENOENT\"\n )\n return null;\n throw err;\n }\n }\n\n /**\n * Writes key fingerprint metadata to storage.\n *\n * @private\n * @param {string} locator - Unique identifier for the key.\n * @param {KeyFingerprint} metadata - Key fingerprint metadata to store.\n * @returns {Promise<void>}\n * @throws {Error} If directory creation or file write fails.\n */\n private async writeKeyMetadata(\n locator: string,\n metadata: KeyFingerprint,\n ): Promise<void> {\n await fs.mkdir(path.dirname(this.metadataPath(locator)), {\n recursive: true,\n });\n await fs.writeFile(\n this.metadataPath(locator),\n JSON.stringify(metadata, null, 0),\n \"utf-8\",\n );\n }\n\n private async readFileOptional(\n filepath: string,\n ): Promise<Uint8Array | null> {\n try {\n const data = await fs.readFile(filepath);\n return new Uint8Array(data);\n } catch (err: any) {\n if (err.code === \"ENOENT\") return null;\n throw err;\n }\n }\n \n /**\n * Atomically writes data to a file, ensuring the parent directories exist.\n *\n * @private\n * @param {string} filepath - Full path to the file to write\n * @param {Uint8Array} data - Binary data to write to the file\n * @returns {Promise<void>} Resolves when write is complete\n * @throws {Error} If directory creation or file write fails\n */\n private async writeFileAtomic(\n filepath: string,\n data: Uint8Array,\n ): Promise<void> {\n const dir = path.dirname(filepath);\n await fs.mkdir(dir, { recursive: true });\n const tempPath = path.join(\n dir,\n `.${path.basename(filepath)}.${process.pid}.${Date.now()}.${Math.random().toString(16).slice(2)}.tmp`\n );\n await fs.writeFile(tempPath, data);\n try {\n await fs.rename(tempPath, filepath);\n } catch (err: unknown) {\n const code = err && typeof err === \"object\" && \"code\" in err ? (err as NodeJS.ErrnoException).code : undefined;\n // Windows often throws EEXIST when target exists; EPERM/EACCES happen with locks/AV.\n if (code === \"EEXIST\" || code === \"EPERM\" || code === \"EACCES\") {\n await fs.unlink(filepath).catch(() => {});\n try {\n await fs.rename(tempPath, filepath);\n } catch (err2) {\n await fs.unlink(tempPath).catch(() => {});\n throw err2;\n }\n } else {\n await fs.unlink(tempPath).catch(() => {});\n throw err;\n }\n }\n }\n\n /**\n * Recursively removes all files and subdirectories under the given directory, then removes the directory itself.\n * Uses fs.rm with recursive: true and force: true so that symbolic links are removed without following them,\n * avoiding deletion of content outside the keystore.\n *\n * @private\n * @param {string} dir - Directory path to clear\n * @returns {Promise<void>} Resolves when clearing is complete\n * @throws {Error} If directory removal fails for reasons other than non-existence\n */\n private async clearDirectory(dir: string): Promise<void> {\n try {\n await fs.rm(dir, { recursive: true, force: true });\n } catch (err: unknown) {\n const code = err && typeof err === \"object\" && \"code\" in err ? (err as NodeJS.ErrnoException).code : undefined;\n if (code === \"ENOENT\") {\n return;\n }\n throw err;\n }\n }\n\n // -------------------------------------------------------\n // KEYSTORE INTERFACE\n // -------------------------------------------------------\n\n /**\n * Retrieves the key bytes from storage and optionally verifies them against a fingerprint.\n *\n * @param {KeyLocator} locator - Object containing a locator string for the key + optional fingerprint for verification.\n * @returns {Promise<Uint8Array | null>} The key bytes if found and verified (if fingerprint provided), null if not found.\n * @throws {KeyVerificationError} If fingerprint verification fails.\n * @example\n * const keyBytes = await getKeyBytes({\n * locator: 'transfer_private.prover.421e5a5',\n * fingerprint: { checksum: '421e5a52f01a1eeb068bbf56d15e19477ff7290e4b988d1013e15563f2b77801', size: 116746954 }\n * });\n * if (keyBytes) {\n * // Use the verified key bytes\n * }\n */\n async getKeyBytes(locator: KeyLocator): Promise<Uint8Array | null> {\n this.validateLocator(locator.locator);\n // Attempt to read key bytes from storage (under this.directory).\n const keyBytes = await this.readFileOptional(path.join(this.directory, locator.locator));\n\n // If no key bytes were found, return null.\n if (!keyBytes) return null;\n\n // Use caller-provided fingerprint or metadata stored on disk for verification.\n const fingerprint =\n locator.fingerprint ?? (await this.getKeyMetadata(locator.locator));\n if (fingerprint) {\n await this.keyVerifier.verifyKeyBytes({\n keyBytes,\n locator: locator.locator,\n fingerprint,\n });\n }\n\n // Return the verified key bytes.\n return keyBytes;\n }\n\n /**\n * Retrieves and verifies a proving key from storage.\n *\n * @param {KeyLocator} locator - Object containing the proving key location and optional fingerprint.\n * @returns {Promise<ProvingKey | null>} The proving key if found and verified, null if not found.\n * @throws {KeyVerificationError} If fingerprint verification fails.\n * @throws {Error} If key bytes cannot be parsed into a valid ProvingKey.\n *\n * @example\n * try {\n * const key = await getProvingKey({\n * locator: 'transfer_private.prover.421e5a5'\n * });\n * if (key) {\n * // Use the verified proving key\n * }\n * } catch (err) {\n * if (err instanceof KeyVerificationError) {\n * // Handle verification failure.\n * } else {\n * // Handle key parsing error.\n * }\n * }\n */\n async getProvingKey(locator: KeyLocator): Promise<ProvingKey | null> {\n // Get the key bytes from storage.\n const proverBytes = await this.getKeyBytes(locator);\n if (!proverBytes) return null;\n\n // Attempt to parse the key bytes as a WASM ProvingKey (throws if invalid).\n return ProvingKey.fromBytes(proverBytes);\n }\n\n /**\n * Retrieves and verifies a verifying key from storage.\n *\n * @param {KeyLocator} locator - Object containing the verifying key location and optional fingerprint.\n * @returns {Promise<VerifyingKey | null>} The verifying key if found and verified, null if not found.\n * @throws {KeyVerificationError} If fingerprint verification fails.\n * @throws {Error} If key bytes cannot be parsed into a valid VerifyingKey.\n *\n * @example\n * try {\n * const key = await getVerifyingKey({\n * locator: 'transfer_private.verifier.4ac2f71'\n * });\n * if (key) {\n * // Use the verified verifying key\n * }\n * } catch (err) {\n * if (err instanceof KeyVerificationError) {\n * // Handle verification failure.\n * } else {\n * // Handle key parsing error.\n * }\n * }\n */\n async getVerifyingKey(locator: KeyLocator): Promise<VerifyingKey | null> {\n // Get the key bytes from storage.\n const verifierBytes = await this.getKeyBytes(locator);\n if (!verifierBytes) return null;\n\n // Attempt to parse the key bytes as a WASM VerifyingKey (throws if invalid).\n return VerifyingKey.fromBytes(verifierBytes);\n }\n\n /**\n * Stores proving and verifying keys in key storage.\n *\n * @param {KeyLocator} proverLocator The unique locator for the desired proving key.\n * @param {KeyLocator} verifierLocator The unique locator for the desired verifying key.\n * @param {FunctionKeyPair} keys The proving and verifying keys.\n *\n * @example\n * const keys = await generateKeys();\n * await setKeys(\n * { locator: 'transfer_private.prover' },\n * { locator: 'transfer_private.verifier' },\n * keys\n * );\n */\n async setKeys(\n proverLocator: KeyLocator,\n verifierLocator: KeyLocator,\n keys: FunctionKeyPair,\n ): Promise<void> {\n this.validateLocator(proverLocator.locator);\n this.validateLocator(verifierLocator.locator);\n // Convert the WASM keys to raw bytes.\n const [provingKey, verifyingKey] = keys;\n const [provingKeyBytes, verifyingKeyBytes] = [\n provingKey.toBytes(),\n verifyingKey.toBytes(),\n ];\n\n // Compute the fingerprints for the proving and verifying keys, verify against expected fingerprints if provided.\n const [proverFingerPrint, verifierFingerPrint] = await Promise.all([\n this.keyVerifier.computeKeyMetadata({\n keyBytes: provingKeyBytes,\n locator: proverLocator.locator,\n fingerprint: proverLocator.fingerprint,\n }),\n this.keyVerifier.computeKeyMetadata({\n keyBytes: verifyingKeyBytes,\n locator: verifierLocator.locator,\n fingerprint: verifierLocator.fingerprint,\n }),\n ]);\n\n // Write the proving and verifying key bytes and their metadata to storage (under this.directory).\n await this.writeFileAtomic(path.join(this.directory, proverLocator.locator), provingKeyBytes);\n await this.writeFileAtomic(path.join(this.directory, verifierLocator.locator), verifyingKeyBytes);\n await this.writeKeyMetadata(proverLocator.locator, proverFingerPrint);\n await this.writeKeyMetadata(\n verifierLocator.locator,\n verifierFingerPrint,\n );\n }\n\n /**\n * Store a raw proving or verifying key in storage along with its fingerprint metadata for future verification.\n *\n * @param {Uint8Array} keyBytes The raw proving and verifying key bytes.\n * @param {KeyLocator} locator The unique locator for the desired key pair.\n * @returns {Promise<void>}\n * @throws {Error} If computing key metadata or writing to storage fails\n *\n * @example\n * const keys = await generateKeys();\n * await setKeyBytes(keys.provingKey.toBytes(), { locator: 'transfer_private.prover' });\n */\n async setKeyBytes(keyBytes: Uint8Array, locator: KeyLocator): Promise<void> {\n this.validateLocator(locator.locator);\n // Compute the key metadata including fingerprint\n const computedMetadata = await this.keyVerifier.computeKeyMetadata({\n keyBytes: keyBytes,\n locator: locator.locator,\n fingerprint: locator.fingerprint,\n });\n\n // Write the key bytes and metadata atomically (key file under this.directory).\n await this.writeFileAtomic(path.join(this.directory, locator.locator), keyBytes);\n await this.writeKeyMetadata(locator.locator, computedMetadata);\n }\n\n /**\n * Returns stored metadata for a key, if any.\n *\n * @param {string} locator The unique locator for the key.\n * @returns {Promise<KeyFingerprint | null>} The stored fingerprint metadata for that locator, or null if none exists.\n *\n * @example\n * const metadata = await getKeyMetadata('transfer_private.prover.421e5a5');\n * if (metadata) {\n * // Use the stored metadata.\n * }\n */\n async getKeyMetadata(locator: string): Promise<KeyFingerprint | null> {\n this.validateLocator(locator);\n return this.readKeyMetadata(locator);\n }\n\n /**\n * Checks if a key exists at the specified locator path.\n *\n * @param {string} locator - Unique identifier for the key location.\n * @returns {Promise<boolean>} True if key exists at location, false otherwise.\n *\n * @example\n * const exists = await has('transfer_private.prover.421e5a5');\n * if (exists) {\n * // Key exists at location.\n * } else {\n * // Key does not exist at location.\n * }\n */\n async has(locator: string): Promise<boolean> {\n this.validateLocator(locator);\n const keyPath = path.join(this.directory, locator);\n return await fs\n .access(keyPath)\n .then(() => true)\n .catch(() => false);\n }\n\n /**\n * Deletes a key and its associated metadata from storage. Silently ignores errors if files don't exist.\n *\n * @param {string} locator - Unique identifier for the key to delete.\n * @returns {Promise<void>}\n *\n * @example\n * await delete('transfer_private.prover.421e5a5');\n */\n async delete(locator: string): Promise<void> {\n this.validateLocator(locator);\n const p = path.join(this.directory, locator);\n const m = this.metadataPath(locator);\n\n await fs.unlink(p).catch(() => {});\n await fs.unlink(m).catch(() => {});\n }\n\n /**\n * Clears the key storage directory by recursively removing all files and subdirectories under it, then removes the keystore directory itself.\n *\n * @returns {Promise<void>}\n * @throws {Error} If directory listing fails for reasons other than non-existence.\n *\n * @example\n * await clear(); // Removes all files under the keystore directory.\n */\n async clear(): Promise<void> {\n await this.clearDirectory(this.directory);\n }\n}"],"names":["fsSync"],"mappings":";;;;;;;;;;;;;;;;;MAWa,iBAAiB,CAAA;AAClB,IAAA,SAAS;AACA,IAAA,WAAW,GAAG,IAAI,cAAc,EAAE;AAEnD;;;;;;;AAOG;AACH,IAAA,WAAA,CAAY,SAAkB,EAAA;AAC1B,QAAA,IAAI,CAAC,SAAS,GAAG,SAAS,IAAI,IAAI,CAAC,IAAI,CAAC,OAAO,CAAC,GAAG,EAAE,EAAE,OAAO,CAAC;AAC/D,QAAA,IAAI,SAAS,KAAK,SAAS,IAAI,IAAI,CAAC,QAAQ,CAAC,IAAI,CAAC,SAAS,CAAC,KAAK,OAAO,EAAE;AACtE,YAAA,IAAI,CAAC,SAAS,GAAG,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,SAAS,EAAE,OAAO,CAAC;QACvD;AACA,QAAAA,GAAM,CAAC,SAAS,CAAC,IAAI,CAAC,SAAS,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC;IACzD;AAEA;;;;;;AAMG;AACK,IAAA,eAAe,CAAC,OAAe,EAAA;;AAEnC,QAAA,IAAI,OAAO,KAAK,EAAE,IAAI,OAAO,KAAK,GAAG,IAAI,OAAO,KAAK,IAAI,EAAE;YACvD,MAAM,IAAI,mBAAmB,CACzB,CAAA,yCAAA,EAA4C,OAAO,CAAA,CAAA,CAAG,EACtD,OAAO,EACP,eAAe,CAClB;QACL;;AAGA,QAAA,IAAI,OAAO,CAAC,QAAQ,CAAC,IAAI,CAAC,EAAE;YACxB,MAAM,IAAI,mBAAmB,CACzB,0CAA0C,EAC1C,OAAO,EACP,gBAAgB,CACnB;QACL;;QAGA,IAAI,OAAO,CAAC,QAAQ,CAAC,GAAG,CAAC,IAAI,OAAO,CAAC,QAAQ,CAAC,IAAI,CAAC,IAAI,OAAO,CAAC,QAAQ,CAAC,IAAI,CAAC,EAAE;YAC3E,MAAM,IAAI,mBAAmB,CACzB,0DAA0D,EAC1D,OAAO,EACP,gBAAgB,CACnB;QACL;IACJ;AAEA;;;;;;AAMG;AACK,IAAA,YAAY,CAAC,OAAe,EAAA;AAChC,QAAA,OAAO,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,SAAS,EAAE,CAAA,EAAG,OAAO,CAAA,SAAA,CAAW,CAAC;IAC3D;AAEA;;;;;;;AAOG;IACK,MAAM,eAAe,CACzB,OAAe,EAAA;AAEf,QAAA,IAAI;AACA,YAAA,MAAM,IAAI,GAAG,MAAM,EAAE,CAAC,QAAQ,CAAC,IAAI,CAAC,YAAY,CAAC,OAAO,CAAC,EAAE,OAAO,CAAC;AACnE,YAAA,OAAO,IAAI,CAAC,KAAK,CAAC,IAAI,CAAmB;QAC7C;QAAE,OAAO,GAAY,EAAE;AACnB,YAAA,IACI,GAAG;gBACH,OAAO,GAAG,KAAK,QAAQ;AACvB,gBAAA,MAAM,IAAI,GAAG;gBACb,GAAG,CAAC,IAAI,KAAK,QAAQ;AAErB,gBAAA,OAAO,IAAI;AACf,YAAA,MAAM,GAAG;QACb;IACJ;AAEA;;;;;;;;AAQG;AACK,IAAA,MAAM,gBAAgB,CAC1B,OAAe,EACf,QAAwB,EAAA;AAExB,QAAA,MAAM,EAAE,CAAC,KAAK,CAAC,IAAI,CAAC,OAAO,CAAC,IAAI,CAAC,YAAY,CAAC,OAAO,CAAC,CAAC,EAAE;AACrD,YAAA,SAAS,EAAE,IAAI;AAClB,SAAA,CAAC;QACF,MAAM,EAAE,CAAC,SAAS,CACd,IAAI,CAAC,YAAY,CAAC,OAAO,CAAC,EAC1B,IAAI,CAAC,SAAS,CAAC,QAAQ,EAAE,IAAI,EAAE,CAAC,CAAC,EACjC,OAAO,CACV;IACL;IAEQ,MAAM,gBAAgB,CAC1B,QAAgB,EAAA;AAEhB,QAAA,IAAI;YACA,MAAM,IAAI,GAAG,MAAM,EAAE,CAAC,QAAQ,CAAC,QAAQ,CAAC;AACxC,YAAA,OAAO,IAAI,UAAU,CAAC,IAAI,CAAC;QAC/B;QAAE,OAAO,GAAQ,EAAE;AACf,YAAA,IAAI,GAAG,CAAC,IAAI,KAAK,QAAQ;AAAE,gBAAA,OAAO,IAAI;AACtC,YAAA,MAAM,GAAG;QACb;IACJ;AAEA;;;;;;;;AAQG;AACK,IAAA,MAAM,eAAe,CACzB,QAAgB,EAChB,IAAgB,EAAA;QAEhB,MAAM,GAAG,GAAG,IAAI,CAAC,OAAO,CAAC,QAAQ,CAAC;AAClC,QAAA,MAAM,EAAE,CAAC,KAAK,CAAC,GAAG,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC;AACxC,QAAA,MAAM,QAAQ,GAAG,IAAI,CAAC,IAAI,CACtB,GAAG,EACH,CAAA,CAAA,EAAI,IAAI,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAA,CAAA,EAAI,OAAO,CAAC,GAAG,CAAA,CAAA,EAAI,IAAI,CAAC,GAAG,EAAE,CAAA,CAAA,EAAI,IAAI,CAAC,MAAM,EAAE,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,CAAA,IAAA,CAAM,CACxG;QACD,MAAM,EAAE,CAAC,SAAS,CAAC,QAAQ,EAAE,IAAI,CAAC;AAClC,QAAA,IAAI;YACA,MAAM,EAAE,CAAC,MAAM,CAAC,QAAQ,EAAE,QAAQ,CAAC;QACvC;QAAE,OAAO,GAAY,EAAE;YACnB,MAAM,IAAI,GAAG,GAAG,IAAI,OAAO,GAAG,KAAK,QAAQ,IAAI,MAAM,IAAI,GAAG,GAAI,GAA6B,CAAC,IAAI,GAAG,SAAS;;AAE9G,YAAA,IAAI,IAAI,KAAK,QAAQ,IAAI,IAAI,KAAK,OAAO,IAAI,IAAI,KAAK,QAAQ,EAAE;AAC5D,gBAAA,MAAM,EAAE,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC,KAAK,CAAC,MAAK,EAAE,CAAC,CAAC;AACzC,gBAAA,IAAI;oBACA,MAAM,EAAE,CAAC,MAAM,CAAC,QAAQ,EAAE,QAAQ,CAAC;gBACvC;gBAAE,OAAO,IAAI,EAAE;AACX,oBAAA,MAAM,EAAE,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC,KAAK,CAAC,MAAK,EAAE,CAAC,CAAC;AACzC,oBAAA,MAAM,IAAI;gBACd;YACJ;iBAAO;AACH,gBAAA,MAAM,EAAE,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC,KAAK,CAAC,MAAK,EAAE,CAAC,CAAC;AACzC,gBAAA,MAAM,GAAG;YACb;QACJ;IACJ;AAEA;;;;;;;;;AASG;IACK,MAAM,cAAc,CAAC,GAAW,EAAA;AACpC,QAAA,IAAI;AACA,YAAA,MAAM,EAAE,CAAC,EAAE,CAAC,GAAG,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,KAAK,EAAE,IAAI,EAAE,CAAC;QACtD;QAAE,OAAO,GAAY,EAAE;YACnB,MAAM,IAAI,GAAG,GAAG,IAAI,OAAO,GAAG,KAAK,QAAQ,IAAI,MAAM,IAAI,GAAG,GAAI,GAA6B,CAAC,IAAI,GAAG,SAAS;AAC9G,YAAA,IAAI,IAAI,KAAK,QAAQ,EAAE;gBACnB;YACJ;AACA,YAAA,MAAM,GAAG;QACb;IACJ;;;;AAMA;;;;;;;;;;;;;;AAcG;IACH,MAAM,WAAW,CAAC,OAAmB,EAAA;AACjC,QAAA,IAAI,CAAC,eAAe,CAAC,OAAO,CAAC,OAAO,CAAC;;QAErC,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,gBAAgB,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,SAAS,EAAE,OAAO,CAAC,OAAO,CAAC,CAAC;;AAGxF,QAAA,IAAI,CAAC,QAAQ;AAAE,YAAA,OAAO,IAAI;;AAG1B,QAAA,MAAM,WAAW,GACb,OAAO,CAAC,WAAW,KAAK,MAAM,IAAI,CAAC,cAAc,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC;QACvE,IAAI,WAAW,EAAE;AACb,YAAA,MAAM,IAAI,CAAC,WAAW,CAAC,cAAc,CAAC;gBAClC,QAAQ;gBACR,OAAO,EAAE,OAAO,CAAC,OAAO;gBACxB,WAAW;AACd,aAAA,CAAC;QACN;;AAGA,QAAA,OAAO,QAAQ;IACnB;AAEA;;;;;;;;;;;;;;;;;;;;;;;AAuBG;IACH,MAAM,aAAa,CAAC,OAAmB,EAAA;;QAEnC,MAAM,WAAW,GAAG,MAAM,IAAI,CAAC,WAAW,CAAC,OAAO,CAAC;AACnD,QAAA,IAAI,CAAC,WAAW;AAAE,YAAA,OAAO,IAAI;;AAG7B,QAAA,OAAO,UAAU,CAAC,SAAS,CAAC,WAAW,CAAC;IAC5C;AAEA;;;;;;;;;;;;;;;;;;;;;;;AAuBG;IACH,MAAM,eAAe,CAAC,OAAmB,EAAA;;QAErC,MAAM,aAAa,GAAG,MAAM,IAAI,CAAC,WAAW,CAAC,OAAO,CAAC;AACrD,QAAA,IAAI,CAAC,aAAa;AAAE,YAAA,OAAO,IAAI;;AAG/B,QAAA,OAAO,YAAY,CAAC,SAAS,CAAC,aAAa,CAAC;IAChD;AAEA;;;;;;;;;;;;;;AAcG;AACH,IAAA,MAAM,OAAO,CACT,aAAyB,EACzB,eAA2B,EAC3B,IAAqB,EAAA;AAErB,QAAA,IAAI,CAAC,eAAe,CAAC,aAAa,CAAC,OAAO,CAAC;AAC3C,QAAA,IAAI,CAAC,eAAe,CAAC,eAAe,CAAC,OAAO,CAAC;;AAE7C,QAAA,MAAM,CAAC,UAAU,EAAE,YAAY,CAAC,GAAG,IAAI;AACvC,QAAA,MAAM,CAAC,eAAe,EAAE,iBAAiB,CAAC,GAAG;YACzC,UAAU,CAAC,OAAO,EAAE;YACpB,YAAY,CAAC,OAAO,EAAE;SACzB;;QAGD,MAAM,CAAC,iBAAiB,EAAE,mBAAmB,CAAC,GAAG,MAAM,OAAO,CAAC,GAAG,CAAC;AAC/D,YAAA,IAAI,CAAC,WAAW,CAAC,kBAAkB,CAAC;AAChC,gBAAA,QAAQ,EAAE,eAAe;gBACzB,OAAO,EAAE,aAAa,CAAC,OAAO;gBAC9B,WAAW,EAAE,aAAa,CAAC,WAAW;aACzC,CAAC;AACF,YAAA,IAAI,CAAC,WAAW,CAAC,kBAAkB,CAAC;AAChC,gBAAA,QAAQ,EAAE,iBAAiB;gBAC3B,OAAO,EAAE,eAAe,CAAC,OAAO;gBAChC,WAAW,EAAE,eAAe,CAAC,WAAW;aAC3C,CAAC;AACL,SAAA,CAAC;;AAGF,QAAA,MAAM,IAAI,CAAC,eAAe,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,SAAS,EAAE,aAAa,CAAC,OAAO,CAAC,EAAE,eAAe,CAAC;AAC7F,QAAA,MAAM,IAAI,CAAC,eAAe,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,SAAS,EAAE,eAAe,CAAC,OAAO,CAAC,EAAE,iBAAiB,CAAC;QACjG,MAAM,IAAI,CAAC,gBAAgB,CAAC,aAAa,CAAC,OAAO,EAAE,iBAAiB,CAAC;QACrE,MAAM,IAAI,CAAC,gBAAgB,CACvB,eAAe,CAAC,OAAO,EACvB,mBAAmB,CACtB;IACL;AAEA;;;;;;;;;;;AAWG;AACH,IAAA,MAAM,WAAW,CAAC,QAAoB,EAAE,OAAmB,EAAA;AACvD,QAAA,IAAI,CAAC,eAAe,CAAC,OAAO,CAAC,OAAO,CAAC;;QAErC,MAAM,gBAAgB,GAAG,MAAM,IAAI,CAAC,WAAW,CAAC,kBAAkB,CAAC;AAC/D,YAAA,QAAQ,EAAE,QAAQ;YAClB,OAAO,EAAE,OAAO,CAAC,OAAO;YACxB,WAAW,EAAE,OAAO,CAAC,WAAW;AACnC,SAAA,CAAC;;AAGF,QAAA,MAAM,IAAI,CAAC,eAAe,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,SAAS,EAAE,OAAO,CAAC,OAAO,CAAC,EAAE,QAAQ,CAAC;QAChF,MAAM,IAAI,CAAC,gBAAgB,CAAC,OAAO,CAAC,OAAO,EAAE,gBAAgB,CAAC;IAClE;AAEA;;;;;;;;;;;AAWG;IACH,MAAM,cAAc,CAAC,OAAe,EAAA;AAChC,QAAA,IAAI,CAAC,eAAe,CAAC,OAAO,CAAC;AAC7B,QAAA,OAAO,IAAI,CAAC,eAAe,CAAC,OAAO,CAAC;IACxC;AAEA;;;;;;;;;;;;;AAaG;IACH,MAAM,GAAG,CAAC,OAAe,EAAA;AACrB,QAAA,IAAI,CAAC,eAAe,CAAC,OAAO,CAAC;AAC7B,QAAA,MAAM,OAAO,GAAG,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,SAAS,EAAE,OAAO,CAAC;AAClD,QAAA,OAAO,MAAM;aACR,MAAM,CAAC,OAAO;AACd,aAAA,IAAI,CAAC,MAAM,IAAI;AACf,aAAA,KAAK,CAAC,MAAM,KAAK,CAAC;IAC3B;AAEA;;;;;;;;AAQG;IACH,MAAM,MAAM,CAAC,OAAe,EAAA;AACxB,QAAA,IAAI,CAAC,eAAe,CAAC,OAAO,CAAC;AAC7B,QAAA,MAAM,CAAC,GAAG,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,SAAS,EAAE,OAAO,CAAC;QAC5C,MAAM,CAAC,GAAG,IAAI,CAAC,YAAY,CAAC,OAAO,CAAC;AAEpC,QAAA,MAAM,EAAE,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,MAAK,EAAE,CAAC,CAAC;AAClC,QAAA,MAAM,EAAE,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,MAAK,EAAE,CAAC,CAAC;IACtC;AAEA;;;;;;;;AAQG;AACH,IAAA,MAAM,KAAK,GAAA;QACP,MAAM,IAAI,CAAC,cAAc,CAAC,IAAI,CAAC,SAAS,CAAC;IAC7C;AACH;;;;"}
1
+ {"version":3,"file":"node.js","sources":["../../src/keys/keystore/file.ts"],"sourcesContent":["import * as fs from \"node:fs/promises\";\nimport * as fsSync from \"node:fs\";\nimport * as path from \"path\";\n\nimport { FunctionKeyPair } from \"../../models/keyPair.js\";\nimport { KeyFingerprint } from \"../verifier/interface.js\";\nimport { InvalidLocatorError } from \"./error.js\";\nimport { KeyLocator, KeyStore, ProvingKeyLocator, VerifyingKeyLocator } from \"./interface.js\";\nimport { MemKeyVerifier } from \"../verifier/memory.js\";\nimport { ProvingKey, VerifyingKey } from \"../../wasm.js\";\n\nexport class LocalFileKeyStore implements KeyStore {\n private directory: string;\n private readonly keyVerifier = new MemKeyVerifier();\n\n /**\n * Creates a new directory at the given path or CURRENTDIR/.aleo if none is provided to store keys.\n * If a custom directory is passed and its last path segment is not \".aleo\", \".aleo\" is appended\n * so keys are stored under that subdirectory (e.g. /home/project → /home/project/.aleo).\n *\n * @param {string} [directory] - Optional custom directory path for key storage. Defaults to \".aleo\" in current working directory.\n * @throws {Error} If directory creation fails.\n */\n constructor(directory?: string) {\n this.directory = directory ?? path.join(process.cwd(), \".aleo\");\n if (directory !== undefined && path.basename(this.directory) !== \".aleo\") {\n this.directory = path.join(this.directory, \".aleo\");\n }\n fsSync.mkdirSync(this.directory, { recursive: true });\n }\n\n /**\n * Validates a single locator component for unsafe filesystem characters.\n *\n * @private\n * @param {string} value - The component value to validate.\n * @param {string} label - Label for error messages (e.g. \"program\", \"functionName\").\n * @throws {InvalidLocatorError} If the value is empty, contains traversal sequences, path separators, or null bytes.\n */\n private validateComponent(value: string, label: string): void {\n if (value === \"\" || value === \".\") {\n throw new InvalidLocatorError(\n `KeyLocator ${label} must not be empty or \".\" (got \"${value}\")`,\n value,\n \"reserved_name\"\n );\n }\n if (value.includes(\"..\")) {\n throw new InvalidLocatorError(\n `KeyLocator ${label} must not contain \"..\" (got \"${value}\")`,\n value,\n \"path_traversal\"\n );\n }\n if (value.includes(\"/\") || value.includes(\"\\\\\") || value.includes(\"\\0\")) {\n throw new InvalidLocatorError(\n `KeyLocator ${label} must not contain path separators or null bytes (got \"${value}\")`,\n value,\n \"path_separator\"\n );\n }\n }\n\n /**\n * Validates that a numeric locator field is not negative.\n *\n * @private\n * @param {number} value - The numeric value to validate.\n * @param {string} label - Label for error messages (e.g. \"edition\", \"amendment\").\n * @throws {InvalidLocatorError} If the value is negative.\n */\n private validateNonNegative(value: number, label: string): void {\n if (!Number.isInteger(value) || value < 0) {\n throw new InvalidLocatorError(\n `KeyLocator ${label} must be a non-negative integer (got ${value})`,\n String(value),\n \"negative_value\"\n );\n }\n }\n\n /**\n * Serializes a {@link KeyLocator} to a filesystem-safe flat string, validating components first.\n *\n * For prover/verifier keys: `{program}.{functionName}.e{edition}.a{amendment}.{network}.{keyType}`\n * For translation keys: `{program}.{functionName}.e{edition}.a{amendment}.{network}.translation.{recordName}.{recordInputPosition}`\n *\n * Note: The optional `checksum` field is excluded — it is used for integrity verification only\n * (via {@link checksumToFingerprint}) and is not part of the key identity.\n *\n * @private\n * @param {KeyLocator} locator - The key locator.\n * @returns {string} A dot-delimited string safe for use as a filename.\n * @throws {InvalidLocatorError} If any component contains unsafe characters.\n */\n private serializeLocator(locator: KeyLocator): string {\n this.validateComponent(locator.program, \"program\");\n this.validateComponent(locator.functionName, \"functionName\");\n this.validateComponent(locator.network, \"network\");\n this.validateNonNegative(locator.edition, \"edition\");\n this.validateNonNegative(locator.amendment, \"amendment\");\n const base = `${locator.program}.${locator.functionName}.e${locator.edition}.a${locator.amendment}.${locator.network}.${locator.keyType}`;\n if (locator.keyType === \"translation\") {\n this.validateComponent(locator.recordName, \"recordName\");\n this.validateNonNegative(locator.recordInputPosition, \"recordInputPosition\");\n return `${base}.${locator.recordName}.${locator.recordInputPosition}`;\n }\n return base;\n }\n\n /**\n * Converts an optional checksum string from a locator into a KeyFingerprint\n * suitable for the key verifier, using the actual key byte length for size.\n *\n * @private\n */\n private checksumToFingerprint(checksum: string | undefined, keyBytes: Uint8Array): KeyFingerprint | undefined {\n if (!checksum) return undefined;\n return { checksum, size: keyBytes.length };\n }\n\n /**\n * Generates the path for a key metadata file based on the locator.\n *\n * @private\n * @param {string} locator - Unique identifier for the key.\n * @returns {string} Full filesystem path to the metadata file.\n */\n private metadataPath(locator: string): string {\n return path.join(this.directory, `${locator}.metadata`);\n }\n\n /**\n * Reads and parses the key fingerprint metadata from storage.\n *\n * @private\n * @param {string} locator - Unique identifier for the key.\n * @returns {Promise<KeyFingerprint | null>} The key fingerprint if found, null if file doesn't exist.\n * @throws {Error} If file read fails for any reason other than not found.\n */\n private async readKeyMetadata(\n locator: string,\n ): Promise<KeyFingerprint | null> {\n try {\n const data = await fs.readFile(this.metadataPath(locator), \"utf-8\");\n return JSON.parse(data) as KeyFingerprint;\n } catch (err: unknown) {\n if (\n err &&\n typeof err === \"object\" &&\n \"code\" in err &&\n err.code === \"ENOENT\"\n )\n return null;\n throw err;\n }\n }\n\n /**\n * Writes key fingerprint metadata to storage.\n *\n * @private\n * @param {string} locator - Unique identifier for the key.\n * @param {KeyFingerprint} metadata - Key fingerprint metadata to store.\n * @returns {Promise<void>}\n * @throws {Error} If directory creation or file write fails.\n */\n private async writeKeyMetadata(\n locator: string,\n metadata: KeyFingerprint,\n ): Promise<void> {\n await fs.mkdir(path.dirname(this.metadataPath(locator)), {\n recursive: true,\n });\n await fs.writeFile(\n this.metadataPath(locator),\n JSON.stringify(metadata, null, 0),\n \"utf-8\",\n );\n }\n\n private async readFileOptional(\n filepath: string,\n ): Promise<Uint8Array | null> {\n try {\n const data = await fs.readFile(filepath);\n return new Uint8Array(data);\n } catch (err: any) {\n if (err.code === \"ENOENT\") return null;\n throw err;\n }\n }\n\n /**\n * Atomically writes data to a file, ensuring the parent directories exist.\n *\n * @private\n * @param {string} filepath - Full path to the file to write\n * @param {Uint8Array} data - Binary data to write to the file\n * @returns {Promise<void>} Resolves when write is complete\n * @throws {Error} If directory creation or file write fails\n */\n private async writeFileAtomic(\n filepath: string,\n data: Uint8Array,\n ): Promise<void> {\n const dir = path.dirname(filepath);\n await fs.mkdir(dir, { recursive: true });\n const tempPath = path.join(\n dir,\n `.${path.basename(filepath)}.${process.pid}.${Date.now()}.${Math.random().toString(16).slice(2)}.tmp`\n );\n await fs.writeFile(tempPath, data);\n try {\n await fs.rename(tempPath, filepath);\n } catch (err: unknown) {\n const code = err && typeof err === \"object\" && \"code\" in err ? (err as NodeJS.ErrnoException).code : undefined;\n // Windows often throws EEXIST when target exists; EPERM/EACCES happen with locks/AV.\n if (code === \"EEXIST\" || code === \"EPERM\" || code === \"EACCES\") {\n await fs.unlink(filepath).catch(() => {});\n try {\n await fs.rename(tempPath, filepath);\n } catch (err2) {\n await fs.unlink(tempPath).catch(() => {});\n throw err2;\n }\n } else {\n await fs.unlink(tempPath).catch(() => {});\n throw err;\n }\n }\n }\n\n /**\n * Recursively removes all files and subdirectories under the given directory, then removes the directory itself.\n * Uses fs.rm with recursive: true and force: true so that symbolic links are removed without following them,\n * avoiding deletion of content outside the keystore.\n *\n * @private\n * @param {string} dir - Directory path to clear\n * @returns {Promise<void>} Resolves when clearing is complete\n * @throws {Error} If directory removal fails for reasons other than non-existence\n */\n private async clearDirectory(dir: string): Promise<void> {\n try {\n await fs.rm(dir, { recursive: true, force: true });\n } catch (err: unknown) {\n const code = err && typeof err === \"object\" && \"code\" in err ? (err as NodeJS.ErrnoException).code : undefined;\n if (code === \"ENOENT\") {\n return;\n }\n throw err;\n }\n }\n\n // -------------------------------------------------------\n // KEYSTORE INTERFACE\n // -------------------------------------------------------\n\n /**\n * Retrieves the key bytes from storage and optionally verifies them.\n *\n * @param {KeyLocator} locator - The key locator with optional checksum for verification.\n * @returns {Promise<Uint8Array | null>} The key bytes if found and verified, null if not found.\n * @throws {KeyVerificationError} If verification fails.\n */\n async getKeyBytes(locator: KeyLocator): Promise<Uint8Array | null> {\n const fileKey = this.serializeLocator(locator);\n\n // Attempt to read key bytes from storage (under this.directory).\n const keyBytes = await this.readFileOptional(path.join(this.directory, fileKey));\n\n // If no key bytes were found, return null.\n if (!keyBytes) return null;\n\n // Use caller-provided checksum or metadata stored on disk for verification.\n const fingerprint =\n this.checksumToFingerprint(locator.checksum, keyBytes) ?? (await this.getKeyMetadata(locator));\n if (fingerprint) {\n await this.keyVerifier.verifyKeyBytes({\n keyBytes,\n locator: fileKey,\n fingerprint,\n });\n }\n\n // Return the verified key bytes.\n return keyBytes;\n }\n\n /**\n * Retrieves and verifies a proving key from storage.\n *\n * @param {ProvingKeyLocator} locator - The proving key locator.\n * @returns {Promise<ProvingKey | null>} The proving key if found and verified, null if not found.\n * @throws {KeyVerificationError} If verification fails.\n * @throws {Error} If key bytes cannot be parsed into a valid ProvingKey.\n */\n async getProvingKey(locator: ProvingKeyLocator): Promise<ProvingKey | null> {\n const proverBytes = await this.getKeyBytes(locator);\n if (!proverBytes) return null;\n return ProvingKey.fromBytes(proverBytes);\n }\n\n /**\n * Retrieves and verifies a verifying key from storage.\n *\n * @param {VerifyingKeyLocator} locator - The verifying key locator.\n * @returns {Promise<VerifyingKey | null>} The verifying key if found and verified, null if not found.\n * @throws {KeyVerificationError} If verification fails.\n * @throws {Error} If key bytes cannot be parsed into a valid VerifyingKey.\n */\n async getVerifyingKey(locator: VerifyingKeyLocator): Promise<VerifyingKey | null> {\n const verifierBytes = await this.getKeyBytes(locator);\n if (!verifierBytes) return null;\n return VerifyingKey.fromBytes(verifierBytes);\n }\n\n /**\n * Stores proving and verifying keys in key storage.\n *\n * @param {ProvingKeyLocator} proverLocator The locator for the proving key.\n * @param {VerifyingKeyLocator} verifierLocator The locator for the verifying key.\n * @param {FunctionKeyPair} keys The proving and verifying keys.\n */\n async setKeys(\n proverLocator: ProvingKeyLocator,\n verifierLocator: VerifyingKeyLocator,\n keys: FunctionKeyPair,\n ): Promise<void> {\n const proverKey = this.serializeLocator(proverLocator);\n const verifierKey = this.serializeLocator(verifierLocator);\n\n // Convert the WASM keys to raw bytes.\n const [provingKey, verifyingKey] = keys;\n const [provingKeyBytes, verifyingKeyBytes] = [\n provingKey.toBytes(),\n verifyingKey.toBytes(),\n ];\n\n // Compute the fingerprints for the proving and verifying keys, verify against expected checksums if provided.\n const [proverFingerPrint, verifierFingerPrint] = await Promise.all([\n this.keyVerifier.computeKeyMetadata({\n keyBytes: provingKeyBytes,\n locator: proverKey,\n fingerprint: this.checksumToFingerprint(proverLocator.checksum, provingKeyBytes),\n }),\n this.keyVerifier.computeKeyMetadata({\n keyBytes: verifyingKeyBytes,\n locator: verifierKey,\n fingerprint: this.checksumToFingerprint(verifierLocator.checksum, verifyingKeyBytes),\n }),\n ]);\n\n // Write the proving and verifying key bytes and their metadata to storage (under this.directory).\n await this.writeFileAtomic(path.join(this.directory, proverKey), provingKeyBytes);\n await this.writeFileAtomic(path.join(this.directory, verifierKey), verifyingKeyBytes);\n await this.writeKeyMetadata(proverKey, proverFingerPrint);\n await this.writeKeyMetadata(verifierKey, verifierFingerPrint);\n }\n\n /**\n * Store a raw key in storage along with its fingerprint metadata for future verification.\n *\n * @param {Uint8Array} keyBytes The raw key bytes.\n * @param {KeyLocator} locator The unique locator for the key.\n * @returns {Promise<void>}\n * @throws {Error} If computing key metadata or writing to storage fails\n */\n async setKeyBytes(keyBytes: Uint8Array, locator: KeyLocator): Promise<void> {\n const fileKey = this.serializeLocator(locator);\n\n // Compute the key metadata including fingerprint\n const computedMetadata = await this.keyVerifier.computeKeyMetadata({\n keyBytes: keyBytes,\n locator: fileKey,\n fingerprint: this.checksumToFingerprint(locator.checksum, keyBytes),\n });\n\n // Write the key bytes and metadata atomically (key file under this.directory).\n await this.writeFileAtomic(path.join(this.directory, fileKey), keyBytes);\n await this.writeKeyMetadata(fileKey, computedMetadata);\n }\n\n /**\n * Returns stored metadata for a key, if any.\n *\n * @param {KeyLocator} locator The unique locator for the key.\n * @returns {Promise<KeyFingerprint | null>} The stored fingerprint metadata, or null if none exists.\n */\n async getKeyMetadata(locator: KeyLocator): Promise<KeyFingerprint | null> {\n const fileKey = this.serializeLocator(locator);\n return this.readKeyMetadata(fileKey);\n }\n\n /**\n * Checks if a key exists for the given locator.\n *\n * @param {KeyLocator} locator - The unique key locator.\n * @returns {Promise<boolean>} True if key exists, false otherwise.\n */\n async has(locator: KeyLocator): Promise<boolean> {\n const fileKey = this.serializeLocator(locator);\n const keyPath = path.join(this.directory, fileKey);\n return await fs\n .access(keyPath)\n .then(() => true)\n .catch(() => false);\n }\n\n /**\n * Deletes a key and its associated metadata from storage. Silently ignores errors if files don't exist.\n *\n * @param {KeyLocator} locator - The unique key locator.\n * @returns {Promise<void>}\n */\n async delete(locator: KeyLocator): Promise<void> {\n const fileKey = this.serializeLocator(locator);\n const p = path.join(this.directory, fileKey);\n const m = this.metadataPath(fileKey);\n\n await fs.unlink(p).catch(() => {});\n await fs.unlink(m).catch(() => {});\n }\n\n /**\n * Clears the key storage directory by recursively removing all files and subdirectories under it, then removes the keystore directory itself.\n *\n * @returns {Promise<void>}\n * @throws {Error} If directory listing fails for reasons other than non-existence.\n */\n async clear(): Promise<void> {\n await this.clearDirectory(this.directory);\n }\n}\n"],"names":["fsSync"],"mappings":";;;;;;;;;;;;;;;;;MAWa,iBAAiB,CAAA;AAClB,IAAA,SAAS;AACA,IAAA,WAAW,GAAG,IAAI,cAAc,EAAE;AAEnD;;;;;;;AAOG;AACH,IAAA,WAAA,CAAY,SAAkB,EAAA;AAC1B,QAAA,IAAI,CAAC,SAAS,GAAG,SAAS,IAAI,IAAI,CAAC,IAAI,CAAC,OAAO,CAAC,GAAG,EAAE,EAAE,OAAO,CAAC;AAC/D,QAAA,IAAI,SAAS,KAAK,SAAS,IAAI,IAAI,CAAC,QAAQ,CAAC,IAAI,CAAC,SAAS,CAAC,KAAK,OAAO,EAAE;AACtE,YAAA,IAAI,CAAC,SAAS,GAAG,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,SAAS,EAAE,OAAO,CAAC;QACvD;AACA,QAAAA,GAAM,CAAC,SAAS,CAAC,IAAI,CAAC,SAAS,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC;IACzD;AAEA;;;;;;;AAOG;IACK,iBAAiB,CAAC,KAAa,EAAE,KAAa,EAAA;QAClD,IAAI,KAAK,KAAK,EAAE,IAAI,KAAK,KAAK,GAAG,EAAE;AAC/B,YAAA,MAAM,IAAI,mBAAmB,CACzB,CAAA,WAAA,EAAc,KAAK,CAAA,gCAAA,EAAmC,KAAK,CAAA,EAAA,CAAI,EAC/D,KAAK,EACL,eAAe,CAClB;QACL;AACA,QAAA,IAAI,KAAK,CAAC,QAAQ,CAAC,IAAI,CAAC,EAAE;AACtB,YAAA,MAAM,IAAI,mBAAmB,CACzB,CAAA,WAAA,EAAc,KAAK,CAAA,6BAAA,EAAgC,KAAK,CAAA,EAAA,CAAI,EAC5D,KAAK,EACL,gBAAgB,CACnB;QACL;QACA,IAAI,KAAK,CAAC,QAAQ,CAAC,GAAG,CAAC,IAAI,KAAK,CAAC,QAAQ,CAAC,IAAI,CAAC,IAAI,KAAK,CAAC,QAAQ,CAAC,IAAI,CAAC,EAAE;AACrE,YAAA,MAAM,IAAI,mBAAmB,CACzB,CAAA,WAAA,EAAc,KAAK,CAAA,sDAAA,EAAyD,KAAK,CAAA,EAAA,CAAI,EACrF,KAAK,EACL,gBAAgB,CACnB;QACL;IACJ;AAEA;;;;;;;AAOG;IACK,mBAAmB,CAAC,KAAa,EAAE,KAAa,EAAA;AACpD,QAAA,IAAI,CAAC,MAAM,CAAC,SAAS,CAAC,KAAK,CAAC,IAAI,KAAK,GAAG,CAAC,EAAE;AACvC,YAAA,MAAM,IAAI,mBAAmB,CACzB,CAAA,WAAA,EAAc,KAAK,wCAAwC,KAAK,CAAA,CAAA,CAAG,EACnE,MAAM,CAAC,KAAK,CAAC,EACb,gBAAgB,CACnB;QACL;IACJ;AAEA;;;;;;;;;;;;;AAaG;AACK,IAAA,gBAAgB,CAAC,OAAmB,EAAA;QACxC,IAAI,CAAC,iBAAiB,CAAC,OAAO,CAAC,OAAO,EAAE,SAAS,CAAC;QAClD,IAAI,CAAC,iBAAiB,CAAC,OAAO,CAAC,YAAY,EAAE,cAAc,CAAC;QAC5D,IAAI,CAAC,iBAAiB,CAAC,OAAO,CAAC,OAAO,EAAE,SAAS,CAAC;QAClD,IAAI,CAAC,mBAAmB,CAAC,OAAO,CAAC,OAAO,EAAE,SAAS,CAAC;QACpD,IAAI,CAAC,mBAAmB,CAAC,OAAO,CAAC,SAAS,EAAE,WAAW,CAAC;QACxD,MAAM,IAAI,GAAG,CAAA,EAAG,OAAO,CAAC,OAAO,CAAA,CAAA,EAAI,OAAO,CAAC,YAAY,CAAA,EAAA,EAAK,OAAO,CAAC,OAAO,CAAA,EAAA,EAAK,OAAO,CAAC,SAAS,CAAA,CAAA,EAAI,OAAO,CAAC,OAAO,CAAA,CAAA,EAAI,OAAO,CAAC,OAAO,CAAA,CAAE;AACzI,QAAA,IAAI,OAAO,CAAC,OAAO,KAAK,aAAa,EAAE;YACnC,IAAI,CAAC,iBAAiB,CAAC,OAAO,CAAC,UAAU,EAAE,YAAY,CAAC;YACxD,IAAI,CAAC,mBAAmB,CAAC,OAAO,CAAC,mBAAmB,EAAE,qBAAqB,CAAC;YAC5E,OAAO,CAAA,EAAG,IAAI,CAAA,CAAA,EAAI,OAAO,CAAC,UAAU,CAAA,CAAA,EAAI,OAAO,CAAC,mBAAmB,CAAA,CAAE;QACzE;AACA,QAAA,OAAO,IAAI;IACf;AAEA;;;;;AAKG;IACK,qBAAqB,CAAC,QAA4B,EAAE,QAAoB,EAAA;AAC5E,QAAA,IAAI,CAAC,QAAQ;AAAE,YAAA,OAAO,SAAS;QAC/B,OAAO,EAAE,QAAQ,EAAE,IAAI,EAAE,QAAQ,CAAC,MAAM,EAAE;IAC9C;AAEA;;;;;;AAMG;AACK,IAAA,YAAY,CAAC,OAAe,EAAA;AAChC,QAAA,OAAO,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,SAAS,EAAE,CAAA,EAAG,OAAO,CAAA,SAAA,CAAW,CAAC;IAC3D;AAEA;;;;;;;AAOG;IACK,MAAM,eAAe,CACzB,OAAe,EAAA;AAEf,QAAA,IAAI;AACA,YAAA,MAAM,IAAI,GAAG,MAAM,EAAE,CAAC,QAAQ,CAAC,IAAI,CAAC,YAAY,CAAC,OAAO,CAAC,EAAE,OAAO,CAAC;AACnE,YAAA,OAAO,IAAI,CAAC,KAAK,CAAC,IAAI,CAAmB;QAC7C;QAAE,OAAO,GAAY,EAAE;AACnB,YAAA,IACI,GAAG;gBACH,OAAO,GAAG,KAAK,QAAQ;AACvB,gBAAA,MAAM,IAAI,GAAG;gBACb,GAAG,CAAC,IAAI,KAAK,QAAQ;AAErB,gBAAA,OAAO,IAAI;AACf,YAAA,MAAM,GAAG;QACb;IACJ;AAEA;;;;;;;;AAQG;AACK,IAAA,MAAM,gBAAgB,CAC1B,OAAe,EACf,QAAwB,EAAA;AAExB,QAAA,MAAM,EAAE,CAAC,KAAK,CAAC,IAAI,CAAC,OAAO,CAAC,IAAI,CAAC,YAAY,CAAC,OAAO,CAAC,CAAC,EAAE;AACrD,YAAA,SAAS,EAAE,IAAI;AAClB,SAAA,CAAC;QACF,MAAM,EAAE,CAAC,SAAS,CACd,IAAI,CAAC,YAAY,CAAC,OAAO,CAAC,EAC1B,IAAI,CAAC,SAAS,CAAC,QAAQ,EAAE,IAAI,EAAE,CAAC,CAAC,EACjC,OAAO,CACV;IACL;IAEQ,MAAM,gBAAgB,CAC1B,QAAgB,EAAA;AAEhB,QAAA,IAAI;YACA,MAAM,IAAI,GAAG,MAAM,EAAE,CAAC,QAAQ,CAAC,QAAQ,CAAC;AACxC,YAAA,OAAO,IAAI,UAAU,CAAC,IAAI,CAAC;QAC/B;QAAE,OAAO,GAAQ,EAAE;AACf,YAAA,IAAI,GAAG,CAAC,IAAI,KAAK,QAAQ;AAAE,gBAAA,OAAO,IAAI;AACtC,YAAA,MAAM,GAAG;QACb;IACJ;AAEA;;;;;;;;AAQG;AACK,IAAA,MAAM,eAAe,CACzB,QAAgB,EAChB,IAAgB,EAAA;QAEhB,MAAM,GAAG,GAAG,IAAI,CAAC,OAAO,CAAC,QAAQ,CAAC;AAClC,QAAA,MAAM,EAAE,CAAC,KAAK,CAAC,GAAG,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC;AACxC,QAAA,MAAM,QAAQ,GAAG,IAAI,CAAC,IAAI,CACtB,GAAG,EACH,CAAA,CAAA,EAAI,IAAI,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAA,CAAA,EAAI,OAAO,CAAC,GAAG,CAAA,CAAA,EAAI,IAAI,CAAC,GAAG,EAAE,CAAA,CAAA,EAAI,IAAI,CAAC,MAAM,EAAE,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,CAAA,IAAA,CAAM,CACxG;QACD,MAAM,EAAE,CAAC,SAAS,CAAC,QAAQ,EAAE,IAAI,CAAC;AAClC,QAAA,IAAI;YACA,MAAM,EAAE,CAAC,MAAM,CAAC,QAAQ,EAAE,QAAQ,CAAC;QACvC;QAAE,OAAO,GAAY,EAAE;YACnB,MAAM,IAAI,GAAG,GAAG,IAAI,OAAO,GAAG,KAAK,QAAQ,IAAI,MAAM,IAAI,GAAG,GAAI,GAA6B,CAAC,IAAI,GAAG,SAAS;;AAE9G,YAAA,IAAI,IAAI,KAAK,QAAQ,IAAI,IAAI,KAAK,OAAO,IAAI,IAAI,KAAK,QAAQ,EAAE;AAC5D,gBAAA,MAAM,EAAE,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC,KAAK,CAAC,MAAK,EAAE,CAAC,CAAC;AACzC,gBAAA,IAAI;oBACA,MAAM,EAAE,CAAC,MAAM,CAAC,QAAQ,EAAE,QAAQ,CAAC;gBACvC;gBAAE,OAAO,IAAI,EAAE;AACX,oBAAA,MAAM,EAAE,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC,KAAK,CAAC,MAAK,EAAE,CAAC,CAAC;AACzC,oBAAA,MAAM,IAAI;gBACd;YACJ;iBAAO;AACH,gBAAA,MAAM,EAAE,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC,KAAK,CAAC,MAAK,EAAE,CAAC,CAAC;AACzC,gBAAA,MAAM,GAAG;YACb;QACJ;IACJ;AAEA;;;;;;;;;AASG;IACK,MAAM,cAAc,CAAC,GAAW,EAAA;AACpC,QAAA,IAAI;AACA,YAAA,MAAM,EAAE,CAAC,EAAE,CAAC,GAAG,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,KAAK,EAAE,IAAI,EAAE,CAAC;QACtD;QAAE,OAAO,GAAY,EAAE;YACnB,MAAM,IAAI,GAAG,GAAG,IAAI,OAAO,GAAG,KAAK,QAAQ,IAAI,MAAM,IAAI,GAAG,GAAI,GAA6B,CAAC,IAAI,GAAG,SAAS;AAC9G,YAAA,IAAI,IAAI,KAAK,QAAQ,EAAE;gBACnB;YACJ;AACA,YAAA,MAAM,GAAG;QACb;IACJ;;;;AAMA;;;;;;AAMG;IACH,MAAM,WAAW,CAAC,OAAmB,EAAA;QACjC,MAAM,OAAO,GAAG,IAAI,CAAC,gBAAgB,CAAC,OAAO,CAAC;;AAG9C,QAAA,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,gBAAgB,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,SAAS,EAAE,OAAO,CAAC,CAAC;;AAGhF,QAAA,IAAI,CAAC,QAAQ;AAAE,YAAA,OAAO,IAAI;;QAG1B,MAAM,WAAW,GACb,IAAI,CAAC,qBAAqB,CAAC,OAAO,CAAC,QAAQ,EAAE,QAAQ,CAAC,KAAK,MAAM,IAAI,CAAC,cAAc,CAAC,OAAO,CAAC,CAAC;QAClG,IAAI,WAAW,EAAE;AACb,YAAA,MAAM,IAAI,CAAC,WAAW,CAAC,cAAc,CAAC;gBAClC,QAAQ;AACR,gBAAA,OAAO,EAAE,OAAO;gBAChB,WAAW;AACd,aAAA,CAAC;QACN;;AAGA,QAAA,OAAO,QAAQ;IACnB;AAEA;;;;;;;AAOG;IACH,MAAM,aAAa,CAAC,OAA0B,EAAA;QAC1C,MAAM,WAAW,GAAG,MAAM,IAAI,CAAC,WAAW,CAAC,OAAO,CAAC;AACnD,QAAA,IAAI,CAAC,WAAW;AAAE,YAAA,OAAO,IAAI;AAC7B,QAAA,OAAO,UAAU,CAAC,SAAS,CAAC,WAAW,CAAC;IAC5C;AAEA;;;;;;;AAOG;IACH,MAAM,eAAe,CAAC,OAA4B,EAAA;QAC9C,MAAM,aAAa,GAAG,MAAM,IAAI,CAAC,WAAW,CAAC,OAAO,CAAC;AACrD,QAAA,IAAI,CAAC,aAAa;AAAE,YAAA,OAAO,IAAI;AAC/B,QAAA,OAAO,YAAY,CAAC,SAAS,CAAC,aAAa,CAAC;IAChD;AAEA;;;;;;AAMG;AACH,IAAA,MAAM,OAAO,CACT,aAAgC,EAChC,eAAoC,EACpC,IAAqB,EAAA;QAErB,MAAM,SAAS,GAAG,IAAI,CAAC,gBAAgB,CAAC,aAAa,CAAC;QACtD,MAAM,WAAW,GAAG,IAAI,CAAC,gBAAgB,CAAC,eAAe,CAAC;;AAG1D,QAAA,MAAM,CAAC,UAAU,EAAE,YAAY,CAAC,GAAG,IAAI;AACvC,QAAA,MAAM,CAAC,eAAe,EAAE,iBAAiB,CAAC,GAAG;YACzC,UAAU,CAAC,OAAO,EAAE;YACpB,YAAY,CAAC,OAAO,EAAE;SACzB;;QAGD,MAAM,CAAC,iBAAiB,EAAE,mBAAmB,CAAC,GAAG,MAAM,OAAO,CAAC,GAAG,CAAC;AAC/D,YAAA,IAAI,CAAC,WAAW,CAAC,kBAAkB,CAAC;AAChC,gBAAA,QAAQ,EAAE,eAAe;AACzB,gBAAA,OAAO,EAAE,SAAS;gBAClB,WAAW,EAAE,IAAI,CAAC,qBAAqB,CAAC,aAAa,CAAC,QAAQ,EAAE,eAAe,CAAC;aACnF,CAAC;AACF,YAAA,IAAI,CAAC,WAAW,CAAC,kBAAkB,CAAC;AAChC,gBAAA,QAAQ,EAAE,iBAAiB;AAC3B,gBAAA,OAAO,EAAE,WAAW;gBACpB,WAAW,EAAE,IAAI,CAAC,qBAAqB,CAAC,eAAe,CAAC,QAAQ,EAAE,iBAAiB,CAAC;aACvF,CAAC;AACL,SAAA,CAAC;;AAGF,QAAA,MAAM,IAAI,CAAC,eAAe,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,SAAS,EAAE,SAAS,CAAC,EAAE,eAAe,CAAC;AACjF,QAAA,MAAM,IAAI,CAAC,eAAe,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,SAAS,EAAE,WAAW,CAAC,EAAE,iBAAiB,CAAC;QACrF,MAAM,IAAI,CAAC,gBAAgB,CAAC,SAAS,EAAE,iBAAiB,CAAC;QACzD,MAAM,IAAI,CAAC,gBAAgB,CAAC,WAAW,EAAE,mBAAmB,CAAC;IACjE;AAEA;;;;;;;AAOG;AACH,IAAA,MAAM,WAAW,CAAC,QAAoB,EAAE,OAAmB,EAAA;QACvD,MAAM,OAAO,GAAG,IAAI,CAAC,gBAAgB,CAAC,OAAO,CAAC;;QAG9C,MAAM,gBAAgB,GAAG,MAAM,IAAI,CAAC,WAAW,CAAC,kBAAkB,CAAC;AAC/D,YAAA,QAAQ,EAAE,QAAQ;AAClB,YAAA,OAAO,EAAE,OAAO;YAChB,WAAW,EAAE,IAAI,CAAC,qBAAqB,CAAC,OAAO,CAAC,QAAQ,EAAE,QAAQ,CAAC;AACtE,SAAA,CAAC;;AAGF,QAAA,MAAM,IAAI,CAAC,eAAe,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,SAAS,EAAE,OAAO,CAAC,EAAE,QAAQ,CAAC;QACxE,MAAM,IAAI,CAAC,gBAAgB,CAAC,OAAO,EAAE,gBAAgB,CAAC;IAC1D;AAEA;;;;;AAKG;IACH,MAAM,cAAc,CAAC,OAAmB,EAAA;QACpC,MAAM,OAAO,GAAG,IAAI,CAAC,gBAAgB,CAAC,OAAO,CAAC;AAC9C,QAAA,OAAO,IAAI,CAAC,eAAe,CAAC,OAAO,CAAC;IACxC;AAEA;;;;;AAKG;IACH,MAAM,GAAG,CAAC,OAAmB,EAAA;QACzB,MAAM,OAAO,GAAG,IAAI,CAAC,gBAAgB,CAAC,OAAO,CAAC;AAC9C,QAAA,MAAM,OAAO,GAAG,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,SAAS,EAAE,OAAO,CAAC;AAClD,QAAA,OAAO,MAAM;aACR,MAAM,CAAC,OAAO;AACd,aAAA,IAAI,CAAC,MAAM,IAAI;AACf,aAAA,KAAK,CAAC,MAAM,KAAK,CAAC;IAC3B;AAEA;;;;;AAKG;IACH,MAAM,MAAM,CAAC,OAAmB,EAAA;QAC5B,MAAM,OAAO,GAAG,IAAI,CAAC,gBAAgB,CAAC,OAAO,CAAC;AAC9C,QAAA,MAAM,CAAC,GAAG,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,SAAS,EAAE,OAAO,CAAC;QAC5C,MAAM,CAAC,GAAG,IAAI,CAAC,YAAY,CAAC,OAAO,CAAC;AAEpC,QAAA,MAAM,EAAE,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,MAAK,EAAE,CAAC,CAAC;AAClC,QAAA,MAAM,EAAE,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,MAAK,EAAE,CAAC,CAAC;IACtC;AAEA;;;;;AAKG;AACH,IAAA,MAAM,KAAK,GAAA;QACP,MAAM,IAAI,CAAC,cAAc,CAAC,IAAI,CAAC,SAAS,CAAC;IAC7C;AACH;;;;"}