@sentio/sdk-bundle 4.0.1-rc.2 → 4.0.1-rc.4

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (64) hide show
  1. package/assets/chainlink-oracles-sepolia.json +21 -0
  2. package/assets/chainlink-oracles.json +219 -0
  3. package/dist/{0x1-B_N1Dd6d.js → 0x1-CWhLCIJf.js} +30 -22
  4. package/dist/0x1-CWhLCIJf.js.map +1 -0
  5. package/dist/{AbstractKeylessAccount-dvYSW9Go.js → AbstractKeylessAccount-DE1e2Glg.js} +3 -2
  6. package/dist/{AbstractKeylessAccount-dvYSW9Go.js.map → AbstractKeylessAccount-DE1e2Glg.js.map} +1 -1
  7. package/dist/_md-CZAi2AzY.js +644 -0
  8. package/dist/_md-CZAi2AzY.js.map +1 -0
  9. package/dist/aptos/builtin/0x1.js +2 -2
  10. package/dist/aptos/builtin/0x3.js +3 -3
  11. package/dist/aptos/builtin/0x3.js.map +1 -1
  12. package/dist/aptos/builtin/0x4.js +3 -3
  13. package/dist/aptos/builtin/0x4.js.map +1 -1
  14. package/dist/aptos/builtin/index.js +1 -1
  15. package/dist/aptos/ext/index.js +2 -2
  16. package/dist/aptos/index.js +2 -2
  17. package/dist/{aptos-DPeebJ9j.js → aptos-Cgfa8IQj.js} +257 -47
  18. package/dist/{aptos-DPeebJ9j.js.map → aptos-Cgfa8IQj.js.map} +1 -1
  19. package/dist/{coin-DREiK-Br.js → coin-CBrx3CpG.js} +1514 -105
  20. package/dist/coin-CBrx3CpG.js.map +1 -0
  21. package/dist/{coin-CWRVUEBa.js → coin-Mht4Jgvj.js} +803 -4
  22. package/dist/coin-Mht4Jgvj.js.map +1 -0
  23. package/dist/eth/builtin/eacaggregatorproxy.js +1 -1
  24. package/dist/eth/builtin/erc1155.js +1 -1
  25. package/dist/eth/builtin/erc20.js +1 -1
  26. package/dist/eth/builtin/erc721.js +1 -1
  27. package/dist/eth/builtin/index.js +1 -1
  28. package/dist/eth/builtin/weth9.js +1 -1
  29. package/dist/eth/index.js +1 -1
  30. package/dist/iota/builtin/0x1.js +3 -3
  31. package/dist/iota/builtin/0x2.js +168 -5
  32. package/dist/iota/builtin/0x2.js.map +1 -1
  33. package/dist/iota/builtin/0x3.js +3 -3
  34. package/dist/iota/ext/index.js +1 -1
  35. package/dist/iota/index.js +3 -3
  36. package/dist/{keyless-B3QnUmtL.js → keyless-nGiRkJjM.js} +1278 -976
  37. package/dist/keyless-nGiRkJjM.js.map +1 -0
  38. package/dist/move/index.js +1 -1
  39. package/dist/{move-Dr-DL5zT.js → move-BVvdKH2Q.js} +7 -7
  40. package/dist/{move-Dr-DL5zT.js.map → move-BVvdKH2Q.js.map} +1 -1
  41. package/dist/sui/builtin/0x1.js +1 -1
  42. package/dist/sui/builtin/0x2.js +4 -4
  43. package/dist/sui/builtin/0x3.js +4 -4
  44. package/dist/sui/builtin/index.js +1 -1
  45. package/dist/sui/ext/index.js +1 -1
  46. package/dist/sui/index.js +3 -3
  47. package/dist/{sui-BbKeYXM3.js → sui-BcHp8IsJ.js} +17 -17
  48. package/dist/{sui-BbKeYXM3.js.map → sui-BcHp8IsJ.js.map} +1 -1
  49. package/dist/testing/index.js +6 -6
  50. package/dist/utils/index.js +1 -1
  51. package/dist/{utils-Jndk-n_F.js → utils-BQ0dnllb.js} +11 -903
  52. package/dist/utils-BQ0dnllb.js.map +1 -0
  53. package/package.json +2 -2
  54. package/assets/chainlink-oracles-sepolia.csv +0 -19
  55. package/assets/chainlink-oracles.csv +0 -217
  56. package/dist/0x1-B_N1Dd6d.js.map +0 -1
  57. package/dist/base-BvfRCgEy.js +0 -959
  58. package/dist/base-BvfRCgEy.js.map +0 -1
  59. package/dist/coin-CWRVUEBa.js.map +0 -1
  60. package/dist/coin-DREiK-Br.js.map +0 -1
  61. package/dist/dist-CA96PSzE.js +0 -824
  62. package/dist/dist-CA96PSzE.js.map +0 -1
  63. package/dist/keyless-B3QnUmtL.js.map +0 -1
  64. package/dist/utils-Jndk-n_F.js.map +0 -1
@@ -1,5 +1,6 @@
1
1
  import { a as __name, c as __toESM, i as __exportAll } from "./bignumber-DddanwOv.js";
2
- import { An as Hex, At as MultiKeySignature, Ct as Ed25519Signature, Dt as MultiEd25519Signature, Et as MultiEd25519PublicKey, Mn as randomBytes, Mt as AnySignature, On as Serializable, Qt as Deserializer, Sn as SigningScheme, St as Ed25519PublicKey, _ as jwtDecode, _n as EphemeralCertificateVariant, a as ZeroKnowledgeSig, b as generateSigningMessage, dn as warnIfDevelopment, en as base64UrlDecode, f as bytesToBigIntLE, g as EphemeralSignature, h as EphemeralPublicKey, hn as AccountAuthenticatorVariant, i as KeylessSignature, jt as AnyPublicKey, kt as MultiKey, l as getKeylessConfig, m as poseidonHash, mn as AccountAddress, on as isValidFunctionInfo, p as padAndPackBytesWithLen, rn as getFunctionParts, s as fetchJWK, sn as nowInSeconds, t as EphemeralCertificate, tn as floorToWholeHour, un as u64ToNumberSafe, vn as EphemeralPublicKeyVariant, vt as KeylessError, xt as Ed25519PrivateKey, y as deriveTransactionType, yt as KeylessErrorType } from "./keyless-B3QnUmtL.js";
2
+ import { An as Hex, At as MultiKeySignature, Ct as Ed25519Signature, Dt as MultiEd25519Signature, Et as MultiEd25519PublicKey, Mt as AnySignature, On as Serializable, Qt as Deserializer, Sn as SigningScheme, St as Ed25519PublicKey, _ as jwtDecode, _n as EphemeralCertificateVariant, a as ZeroKnowledgeSig, b as generateSigningMessage, dn as warnIfDevelopment, en as base64UrlDecode, f as bytesToBigIntLE, g as EphemeralSignature, h as EphemeralPublicKey, hn as AccountAuthenticatorVariant, i as KeylessSignature, jt as AnyPublicKey, kt as MultiKey, l as getKeylessConfig, m as poseidonHash, mn as AccountAddress, on as isValidFunctionInfo, p as padAndPackBytesWithLen, rn as getFunctionParts, s as fetchJWK, sn as nowInSeconds, t as EphemeralCertificate, tn as floorToWholeHour, un as u64ToNumberSafe, vn as EphemeralPublicKeyVariant, vt as KeylessError, xt as Ed25519PrivateKey, y as deriveTransactionType, yt as KeylessErrorType } from "./keyless-nGiRkJjM.js";
3
+ import { z as randomBytes } from "./_md-CZAi2AzY.js";
3
4
  import { t as require_eventemitter3 } from "./eventemitter3-kmMEesfv.js";
4
5
 
5
6
  //#region ../../node_modules/.pnpm/@aptos-labs+ts-sdk@7.1.0/node_modules/@aptos-labs/ts-sdk/dist/types/abstraction.js
@@ -938,4 +939,4 @@ var TransactionAndProof = class extends Serializable {
938
939
 
939
940
  //#endregion
940
941
  export { AccountAuthenticator as a, AccountAuthenticatorMultiKey as c, isKeylessSigner as i, AccountAuthenticatorNoAccountAuthenticator as l, AbstractKeylessAccount_exports as n, AccountAuthenticatorEd25519 as o, import_eventemitter3 as r, AccountAuthenticatorMultiEd25519 as s, AbstractKeylessAccount as t, AccountAuthenticatorSingleKey as u };
941
- //# sourceMappingURL=AbstractKeylessAccount-dvYSW9Go.js.map
942
+ //# sourceMappingURL=AbstractKeylessAccount-DE1e2Glg.js.map
@@ -1 +1 @@
1
- {"version":3,"file":"AbstractKeylessAccount-dvYSW9Go.js","names":["EventEmitter"],"sources":["../../../node_modules/.pnpm/@aptos-labs+ts-sdk@7.1.0/node_modules/@aptos-labs/ts-sdk/dist/types/abstraction.js","../../../node_modules/.pnpm/@aptos-labs+ts-sdk@7.1.0/node_modules/@aptos-labs/ts-sdk/dist/transactions/authenticator/account.js","../../../node_modules/.pnpm/@aptos-labs+ts-sdk@7.1.0/node_modules/@aptos-labs/ts-sdk/dist/account/keylessSigner.js","../../../node_modules/.pnpm/eventemitter3@5.0.4/node_modules/eventemitter3/index.mjs","../../../node_modules/.pnpm/@aptos-labs+ts-sdk@7.1.0/node_modules/@aptos-labs/ts-sdk/dist/account/EphemeralKeyPair.js","../../../node_modules/.pnpm/@aptos-labs+ts-sdk@7.1.0/node_modules/@aptos-labs/ts-sdk/dist/account/AbstractKeylessAccount.js"],"sourcesContent":["/**\n * The variant for the AbstractAuthenticationData enum.\n */\nexport var AbstractAuthenticationDataVariant;\n(function (AbstractAuthenticationDataVariant) {\n AbstractAuthenticationDataVariant[AbstractAuthenticationDataVariant[\"V1\"] = 0] = \"V1\";\n AbstractAuthenticationDataVariant[AbstractAuthenticationDataVariant[\"DerivableV1\"] = 1] = \"DerivableV1\";\n})(AbstractAuthenticationDataVariant || (AbstractAuthenticationDataVariant = {}));\n/**\n * The variant for the AASigningData enum.\n */\nexport var AASigningDataVariant;\n(function (AASigningDataVariant) {\n AASigningDataVariant[AASigningDataVariant[\"V1\"] = 0] = \"V1\";\n})(AASigningDataVariant || (AASigningDataVariant = {}));\n//# sourceMappingURL=abstraction.js.map","// Copyright © Aptos Foundation\n// SPDX-License-Identifier: Apache-2.0\nimport { Serializable } from \"../../bcs/index.js\";\nimport { AnyPublicKey, AnySignature } from \"../../core/crypto/index.js\";\nimport { Ed25519PublicKey, Ed25519Signature } from \"../../core/crypto/ed25519.js\";\nimport { MultiEd25519PublicKey, MultiEd25519Signature } from \"../../core/crypto/multiEd25519.js\";\nimport { MultiKey, MultiKeySignature } from \"../../core/crypto/multiKey.js\";\nimport { AccountAuthenticatorVariant } from \"../../types/index.js\";\nimport { AASigningDataVariant, AbstractAuthenticationDataVariant } from \"../../types/abstraction.js\";\nimport { AccountAddress, Hex } from \"../../core/index.js\";\nimport { getFunctionParts, isValidFunctionInfo } from \"../../utils/helpers.js\";\n/**\n * Represents an account authenticator that can handle multiple authentication variants.\n * This class serves as a base for different types of account authenticators, allowing for serialization\n * and deserialization of various authenticator types.\n *\n * @extends Serializable\n * @group Implementation\n * @category Transactions\n */\nexport class AccountAuthenticator extends Serializable {\n /**\n * Deserializes an AccountAuthenticator from the provided deserializer.\n * This function helps in reconstructing the AccountAuthenticator object based on the variant index.\n *\n * @param deserializer - The deserializer instance used to read the serialized data.\n * @group Implementation\n * @category Transactions\n */\n static deserialize(deserializer) {\n const index = deserializer.deserializeUleb128AsU32();\n switch (index) {\n case AccountAuthenticatorVariant.Ed25519:\n return AccountAuthenticatorEd25519.load(deserializer);\n case AccountAuthenticatorVariant.MultiEd25519:\n return AccountAuthenticatorMultiEd25519.load(deserializer);\n case AccountAuthenticatorVariant.SingleKey:\n return AccountAuthenticatorSingleKey.load(deserializer);\n case AccountAuthenticatorVariant.MultiKey:\n return AccountAuthenticatorMultiKey.load(deserializer);\n case AccountAuthenticatorVariant.NoAccountAuthenticator:\n return AccountAuthenticatorNoAccountAuthenticator.load(deserializer);\n case AccountAuthenticatorVariant.Abstraction:\n return AccountAuthenticatorAbstraction.load(deserializer);\n default:\n throw new Error(`Unknown variant index for AccountAuthenticator: ${index}`);\n }\n }\n /**\n * Determines if the current instance is an Ed25519 account authenticator.\n *\n * @returns {boolean} True if the instance is of type AccountAuthenticatorEd25519, otherwise false.\n * @group Implementation\n * @category Transactions\n */\n isEd25519() {\n return this instanceof AccountAuthenticatorEd25519;\n }\n /**\n * Determines if the current instance is of type AccountAuthenticatorMultiEd25519.\n *\n * @returns {boolean} True if the instance is a multi-signature Ed25519 account authenticator, otherwise false.\n * @group Implementation\n * @category Transactions\n */\n isMultiEd25519() {\n return this instanceof AccountAuthenticatorMultiEd25519;\n }\n /**\n * Determines if the current instance is of the type AccountAuthenticatorSingleKey.\n *\n * @returns {boolean} True if the instance is an AccountAuthenticatorSingleKey, otherwise false.\n * @group Implementation\n * @category Transactions\n */\n isSingleKey() {\n return this instanceof AccountAuthenticatorSingleKey;\n }\n /**\n * Determine if the current instance is of type AccountAuthenticatorMultiKey.\n *\n * @returns {boolean} Returns true if the instance is an AccountAuthenticatorMultiKey, otherwise false.\n * @group Implementation\n * @category Transactions\n */\n isMultiKey() {\n return this instanceof AccountAuthenticatorMultiKey;\n }\n}\n/**\n * Represents an Ed25519 transaction authenticator for multi-signer transactions.\n * This class encapsulates the account's Ed25519 public key and signature.\n *\n * @param public_key - The Ed25519 public key associated with the account.\n * @param signature - The Ed25519 signature for the account.\n * @group Implementation\n * @category Transactions\n */\nexport class AccountAuthenticatorEd25519 extends AccountAuthenticator {\n public_key;\n signature;\n /**\n * Creates an instance of the class with the specified public keys and signatures.\n *\n * @param public_key The public key used for verification.\n * @param signature The signatures corresponding to the public keys.\n * @group Implementation\n * @category Transactions\n */\n constructor(public_key, signature) {\n super();\n this.public_key = public_key;\n this.signature = signature;\n }\n /**\n * Serializes the account authenticator data into the provided serializer.\n * This function captures the multi-key variant, public keys, and signatures for serialization.\n *\n * @param serializer - The serializer instance used to perform the serialization.\n * @group Implementation\n * @category Transactions\n */\n serialize(serializer) {\n serializer.serializeU32AsUleb128(AccountAuthenticatorVariant.Ed25519);\n this.public_key.serialize(serializer);\n this.signature.serialize(serializer);\n }\n /**\n * Loads an instance of AccountAuthenticatorMultiKey from the provided deserializer.\n * This function helps in reconstructing the authenticator object using the deserialized public keys and signatures.\n *\n * @param deserializer - The deserializer used to extract the necessary data for loading the authenticator.\n * @group Implementation\n * @category Transactions\n */\n static load(deserializer) {\n const public_key = Ed25519PublicKey.deserialize(deserializer);\n const signature = Ed25519Signature.deserialize(deserializer);\n return new AccountAuthenticatorEd25519(public_key, signature);\n }\n}\n/**\n * Represents a transaction authenticator for Multi Ed25519, designed for multi-signer transactions.\n *\n * @param public_key - The MultiEd25519 public key of the account.\n * @param signature - The MultiEd25519 signature of the account.\n * @group Implementation\n * @category Transactions\n */\nexport class AccountAuthenticatorMultiEd25519 extends AccountAuthenticator {\n public_key;\n signature;\n constructor(public_key, signature) {\n super();\n this.public_key = public_key;\n this.signature = signature;\n }\n serialize(serializer) {\n serializer.serializeU32AsUleb128(AccountAuthenticatorVariant.MultiEd25519);\n this.public_key.serialize(serializer);\n this.signature.serialize(serializer);\n }\n static load(deserializer) {\n const public_key = MultiEd25519PublicKey.deserialize(deserializer);\n const signature = MultiEd25519Signature.deserialize(deserializer);\n return new AccountAuthenticatorMultiEd25519(public_key, signature);\n }\n}\n/**\n * Represents an account authenticator that utilizes a single key for signing.\n * This class is designed to handle authentication using a public key and its corresponding signature.\n *\n * @param public_key - The public key used for authentication.\n * @param signature - The signature associated with the public key.\n * @group Implementation\n * @category Transactions\n */\nexport class AccountAuthenticatorSingleKey extends AccountAuthenticator {\n public_key;\n signature;\n constructor(public_key, signature) {\n super();\n this.public_key = public_key;\n this.signature = signature;\n }\n serialize(serializer) {\n serializer.serializeU32AsUleb128(AccountAuthenticatorVariant.SingleKey);\n this.public_key.serialize(serializer);\n this.signature.serialize(serializer);\n }\n static load(deserializer) {\n const public_key = AnyPublicKey.deserialize(deserializer);\n const signature = AnySignature.deserialize(deserializer);\n return new AccountAuthenticatorSingleKey(public_key, signature);\n }\n}\n/**\n * Represents an account authenticator that supports multiple keys and signatures for multi-signature scenarios.\n *\n * @param public_keys - The public keys used for authentication.\n * @param signatures - The signatures corresponding to the public keys.\n * @group Implementation\n * @category Transactions\n */\nexport class AccountAuthenticatorMultiKey extends AccountAuthenticator {\n public_keys;\n signatures;\n constructor(public_keys, signatures) {\n super();\n this.public_keys = public_keys;\n this.signatures = signatures;\n }\n serialize(serializer) {\n serializer.serializeU32AsUleb128(AccountAuthenticatorVariant.MultiKey);\n this.public_keys.serialize(serializer);\n this.signatures.serialize(serializer);\n }\n static load(deserializer) {\n const public_keys = MultiKey.deserialize(deserializer);\n const signatures = MultiKeySignature.deserialize(deserializer);\n return new AccountAuthenticatorMultiKey(public_keys, signatures);\n }\n}\n/**\n * AccountAuthenticatorNoAccountAuthenticator for no account authenticator\n * It represents the absence of a public key for transaction simulation.\n * It allows skipping the public/auth key check during the simulation.\n */\nexport class AccountAuthenticatorNoAccountAuthenticator extends AccountAuthenticator {\n serialize(serializer) {\n serializer.serializeU32AsUleb128(AccountAuthenticatorVariant.NoAccountAuthenticator);\n }\n static load(deserializer) {\n return new AccountAuthenticatorNoAccountAuthenticator();\n }\n}\n/**\n * Represents an account authenticator that supports abstract authentication.\n *\n * @param functionInfo - The function info of the authentication function.\n * @param signingMessageDigest - The digest of the signing message.\n * @param abstractionSignature - The signature of the authentication function.\n * @param accountIdentity - optional. The account identity for DAA.\n * @group Implementation\n * @category Transactions\n */\nexport class AccountAuthenticatorAbstraction extends AccountAuthenticator {\n functionInfo;\n signingMessageDigest;\n abstractionSignature;\n /**\n * DAA, which is extended of the AA module, requires an account identity\n */\n accountIdentity;\n constructor(functionInfo, signingMessageDigest, abstractionSignature, accountIdentity) {\n super();\n if (!isValidFunctionInfo(functionInfo)) {\n throw new Error(`Invalid function info ${functionInfo} passed into AccountAuthenticatorAbstraction`);\n }\n this.functionInfo = functionInfo;\n this.abstractionSignature = abstractionSignature;\n this.signingMessageDigest = Hex.fromHexInput(Hex.fromHexInput(signingMessageDigest).toUint8Array());\n this.accountIdentity = accountIdentity;\n }\n serialize(serializer) {\n serializer.serializeU32AsUleb128(AccountAuthenticatorVariant.Abstraction);\n const { moduleAddress, moduleName, functionName } = getFunctionParts(this.functionInfo);\n AccountAddress.fromString(moduleAddress).serialize(serializer);\n serializer.serializeStr(moduleName);\n serializer.serializeStr(functionName);\n if (this.accountIdentity) {\n serializer.serializeU32AsUleb128(AbstractAuthenticationDataVariant.DerivableV1);\n }\n else {\n serializer.serializeU32AsUleb128(AbstractAuthenticationDataVariant.V1);\n }\n serializer.serializeBytes(this.signingMessageDigest.toUint8Array());\n if (this.accountIdentity) {\n serializer.serializeBytes(this.abstractionSignature);\n }\n else {\n serializer.serializeFixedBytes(this.abstractionSignature);\n }\n if (this.accountIdentity) {\n serializer.serializeBytes(this.accountIdentity);\n }\n }\n static load(deserializer) {\n // deserialize the function info\n const moduleAddress = AccountAddress.deserialize(deserializer);\n const moduleName = deserializer.deserializeStr();\n const functionName = deserializer.deserializeStr();\n // deserialize the variant\n const variant = deserializer.deserializeUleb128AsU32();\n // deserialize the signing message digest\n const signingMessageDigest = deserializer.deserializeBytes();\n if (variant === AbstractAuthenticationDataVariant.V1) {\n const abstractionSignature = deserializer.deserializeFixedBytes(deserializer.remaining());\n return new AccountAuthenticatorAbstraction(`${moduleAddress}::${moduleName}::${functionName}`, signingMessageDigest, abstractionSignature);\n }\n if (variant === AbstractAuthenticationDataVariant.DerivableV1) {\n const abstractionSignature = deserializer.deserializeBytes();\n const abstractPublicKey = deserializer.deserializeBytes();\n return new AccountAuthenticatorAbstraction(`${moduleAddress}::${moduleName}::${functionName}`, signingMessageDigest, abstractionSignature, abstractPublicKey);\n }\n throw new Error(`Unknown variant index for AccountAuthenticatorAbstraction: ${variant}`);\n }\n}\n/**\n * Represents an account abstraction message that contains the original signing message and the function info.\n *\n * @param originalSigningMessage - The original signing message.\n * @param functionInfo - The function info of the authentication function.\n * @group Implementation\n * @category Transactions\n */\nexport class AccountAbstractionMessage extends Serializable {\n originalSigningMessage;\n functionInfo;\n constructor(originalSigningMessage, functionInfo) {\n super();\n this.originalSigningMessage = Hex.fromHexInput(Hex.fromHexInput(originalSigningMessage).toUint8Array());\n this.functionInfo = functionInfo;\n }\n serialize(serializer) {\n serializer.serializeU32AsUleb128(AASigningDataVariant.V1);\n serializer.serializeBytes(this.originalSigningMessage.toUint8Array());\n const { moduleAddress, moduleName, functionName } = getFunctionParts(this.functionInfo);\n AccountAddress.fromString(moduleAddress).serialize(serializer);\n serializer.serializeStr(moduleName);\n serializer.serializeStr(functionName);\n }\n static deserialize(deserializer) {\n const variant = deserializer.deserializeUleb128AsU32();\n if (variant !== AASigningDataVariant.V1) {\n throw new Error(`Unknown variant index for AccountAbstractionMessage: ${variant}`);\n }\n const originalSigningMessage = deserializer.deserializeBytes();\n const functionInfoModuleAddress = AccountAddress.deserialize(deserializer);\n const functionInfoModuleName = deserializer.deserializeStr();\n const functionInfoFunctionName = deserializer.deserializeStr();\n const functionInfo = `${functionInfoModuleAddress}::${functionInfoModuleName}::${functionInfoFunctionName}`;\n return new AccountAbstractionMessage(originalSigningMessage, functionInfo);\n }\n}\n//# sourceMappingURL=account.js.map","// Copyright © Aptos Foundation\n// SPDX-License-Identifier: Apache-2.0\nexport function isKeylessSigner(obj) {\n return (obj !== null &&\n obj !== undefined &&\n typeof obj.checkKeylessAccountValidity === \"function\" &&\n typeof obj.waitForProofFetch === \"function\");\n}\n//# sourceMappingURL=keylessSigner.js.map","import EventEmitter from './index.js'\n\nexport { EventEmitter }\nexport default EventEmitter\n","// Copyright © Aptos Foundation\n// SPDX-License-Identifier: Apache-2.0\nimport { randomBytes } from \"@noble/hashes/utils.js\";\nimport { bytesToBigIntLE, padAndPackBytesWithLen, poseidonHash } from \"../core/crypto/poseidon.js\";\nimport { EphemeralPublicKey, EphemeralSignature } from \"../core/crypto/ephemeral.js\";\nimport { Ed25519PrivateKey } from \"../core/crypto/ed25519.js\";\nimport { Hex } from \"../core/hex.js\";\nimport { EphemeralPublicKeyVariant } from \"../types/index.js\";\nimport { Deserializer, Serializable } from \"../bcs/index.js\";\nimport { floorToWholeHour, nowInSeconds, u64ToNumberSafe } from \"../utils/helpers.js\";\nconst TWO_WEEKS_IN_SECONDS = 1_209_600;\n/**\n * Represents an ephemeral key pair used for signing transactions via the Keyless authentication scheme.\n * This key pair is temporary and includes an expiration time.\n * For more details on how this class is used, refer to the documentation:\n * https://aptos.dev/guides/keyless-accounts/#1-present-the-user-with-a-sign-in-with-idp-button-on-the-ui\n * @group Implementation\n * @category Account (On-Chain Model)\n */\nexport class EphemeralKeyPair extends Serializable {\n static BLINDER_LENGTH = 31;\n /**\n * A byte array of length BLINDER_LENGTH used to obfuscate the public key from the IdP.\n * Used in calculating the nonce passed to the IdP and as a secret witness in proof generation.\n * @group Implementation\n * @category Account (On-Chain Model)\n */\n blinder;\n /**\n * A timestamp in seconds indicating when the ephemeral key pair is expired. After expiry, a new\n * EphemeralKeyPair must be generated and a new JWT needs to be created.\n * @group Implementation\n * @category Account (On-Chain Model)\n */\n expiryDateSecs;\n /**\n * The value passed to the IdP when the user authenticates. It consists of a\n * hash of the ephemeral public key, expiry date, and blinder.\n *\n * SECURITY: This value is NOT secret. It is sent to the IdP in the OIDC\n * redirect URL, embedded in the returned JWT, and packed into the proof\n * inputs sent to the prover service. The `clear()` lifecycle hook does\n * NOT zero this field — it is an immutable JS string and JavaScript\n * provides no API to overwrite string memory. A memory-read attacker who\n * dumps the process after `clear()` could correlate the surviving `nonce`\n * against IdP logs or on-chain activity. This is acceptable given that\n * the nonce was always public to begin with; it just means the privacy\n * benefit of `clear()` does not extend to unlinking the (already public)\n * nonce from any later forensic snapshot.\n *\n * @group Implementation\n * @category Account (On-Chain Model)\n */\n nonce;\n /**\n * A private key used to sign transactions. This private key is not tied to any account on the chain as it\n * is ephemeral (not permanent) in nature.\n * @group Implementation\n * @category Account (On-Chain Model)\n */\n privateKey;\n /**\n * A public key used to verify transactions. This public key is not tied to any account on the chain as it\n * is ephemeral (not permanent) in nature.\n * @group Implementation\n * @category Account (On-Chain Model)\n */\n publicKey;\n /**\n * Whether the ephemeral key pair has been cleared from memory.\n * @private\n */\n cleared = false;\n /**\n * Creates an instance of the class with a specified private key, optional expiry date, and optional blinder.\n * This constructor initializes the public key, sets the expiry date to a default value if not provided,\n * generates a blinder if not supplied, and calculates the nonce based on the public key, expiry date, and blinder.\n *\n * @param args - The parameters for constructing the instance.\n * @param args.privateKey - The private key used for creating the instance.\n * @param args.expiryDateSecs - Optional expiry date in seconds from the current time. Defaults to two weeks from now.\n * @param args.blinder - Optional blinder value. If not provided, a new blinder will be generated.\n * @group Implementation\n * @category Account (On-Chain Model)\n */\n constructor(args) {\n super();\n const { privateKey, expiryDateSecs, blinder } = args;\n this.privateKey = privateKey;\n this.publicKey = new EphemeralPublicKey(privateKey.publicKey());\n // By default, we set the expiry date to be two weeks in the future floored to the nearest hour\n this.expiryDateSecs = expiryDateSecs || floorToWholeHour(nowInSeconds() + TWO_WEEKS_IN_SECONDS);\n // Generate the blinder if not provided\n this.blinder = blinder !== undefined ? Hex.fromHexInput(blinder).toUint8Array() : generateBlinder();\n // Calculate the nonce\n const fields = padAndPackBytesWithLen(this.publicKey.bcsToBytes(), 93);\n fields.push(BigInt(this.expiryDateSecs));\n fields.push(bytesToBigIntLE(this.blinder));\n const nonceHash = poseidonHash(fields);\n this.nonce = nonceHash.toString();\n }\n /**\n * Returns the public key of the key pair.\n * @return EphemeralPublicKey\n * @group Implementation\n * @category Account (On-Chain Model)\n */\n getPublicKey() {\n return this.publicKey;\n }\n /**\n * Checks if the current time has surpassed the expiry date of the key pair.\n * @return boolean - Returns true if the key pair is expired, otherwise false.\n * @group Implementation\n * @category Account (On-Chain Model)\n */\n isExpired() {\n const currentTimeSecs = Math.floor(Date.now() / 1000);\n return currentTimeSecs > this.expiryDateSecs;\n }\n /**\n * Overwrites the ephemeral private key and blinder byte buffers with random\n * bytes and then zeros. After calling this method the key pair can no\n * longer sign transactions.\n *\n * SECURITY: This is a best-effort window-narrowing tool, NOT a true\n * zeroization guarantee. See `Ed25519PrivateKey.clear()` for the full\n * enumeration of JavaScript-level limits (immutable string copies, noble\n * `BigInt` intermediates, JIT register/stack residue, GC-relocated\n * copies).\n *\n * SPECIFIC TO `EphemeralKeyPair`: the `nonce` field is NOT cleared by\n * this method. It is the OIDC nonce — already public (it appears in the\n * IdP redirect URL, the returned JWT, and the proof inputs) — and is\n * stored as an immutable JS string that the language provides no API to\n * overwrite. See the `nonce` field JSDoc for the narrow\n * forensic-correlation consequence.\n *\n * @group Implementation\n * @category Account (On-Chain Model)\n */\n clear() {\n if (!this.cleared) {\n // Clear the underlying private key if it has a clear method\n if (\"clear\" in this.privateKey && typeof this.privateKey.clear === \"function\") {\n this.privateKey.clear();\n }\n else {\n // Fallback: multiple overwrite passes for better security\n const keyBytes = this.privateKey.toUint8Array();\n crypto.getRandomValues(keyBytes);\n keyBytes.fill(0xff);\n crypto.getRandomValues(keyBytes);\n keyBytes.fill(0);\n }\n // Also clear the blinder with multiple passes as it's used in nonce calculation\n crypto.getRandomValues(this.blinder);\n this.blinder.fill(0xff);\n crypto.getRandomValues(this.blinder);\n this.blinder.fill(0);\n this.cleared = true;\n }\n }\n /**\n * Returns whether the ephemeral key pair has been cleared from memory.\n *\n * @returns true if the key pair has been cleared, false otherwise\n * @group Implementation\n * @category Account (On-Chain Model)\n */\n isCleared() {\n return this.cleared;\n }\n /**\n * Serializes the object's properties into a format suitable for transmission or storage.\n * This function is essential for preparing the object data for serialization processes.\n *\n * @param serializer - The serializer instance used to serialize the object's properties.\n * @group Implementation\n * @category Account (On-Chain Model)\n */\n serialize(serializer) {\n serializer.serializeU32AsUleb128(this.publicKey.variant);\n serializer.serializeBytes(this.privateKey.toUint8Array());\n serializer.serializeU64(this.expiryDateSecs);\n serializer.serializeFixedBytes(this.blinder);\n }\n /**\n * Deserializes an ephemeral key pair from the provided deserializer.\n * This function helps in reconstructing an ephemeral key pair, which is essential for cryptographic operations.\n *\n * @param deserializer - The deserializer instance used to read the serialized data.\n * @group Implementation\n * @category Account (On-Chain Model)\n */\n static deserialize(deserializer) {\n const variantIndex = deserializer.deserializeUleb128AsU32();\n let privateKey;\n switch (variantIndex) {\n case EphemeralPublicKeyVariant.Ed25519:\n privateKey = Ed25519PrivateKey.deserialize(deserializer);\n break;\n default:\n throw new Error(`Unknown variant index for EphemeralPublicKey: ${variantIndex}`);\n }\n const expiryDateSecs = deserializer.deserializeU64();\n const blinder = deserializer.deserializeFixedBytes(31);\n return new EphemeralKeyPair({\n privateKey,\n expiryDateSecs: u64ToNumberSafe(expiryDateSecs, \"EphemeralKeyPair.expiryDateSecs\"),\n blinder,\n });\n }\n /**\n * Deserialize a byte array into an EphemeralKeyPair object.\n * This function allows you to reconstruct an EphemeralKeyPair from its serialized byte representation.\n *\n * @param bytes - The byte array representing the serialized EphemeralKeyPair.\n * @group Implementation\n * @category Account (On-Chain Model)\n */\n static fromBytes(bytes) {\n return EphemeralKeyPair.deserialize(new Deserializer(bytes));\n }\n /**\n * Generates a new ephemeral key pair with an optional expiry date.\n * This function allows you to create a temporary key pair for secure operations.\n *\n * @param args - Optional parameters for key pair generation.\n * @param args.scheme - The type of key pair to use for the EphemeralKeyPair. Only Ed25519 is supported for now.\n * @param args.expiryDateSecs - The date of expiry for the key pair in seconds.\n * @returns An instance of EphemeralKeyPair containing the generated private key and expiry date.\n * @group Implementation\n * @category Account (On-Chain Model)\n */\n static generate(args) {\n let privateKey;\n switch (args?.scheme) {\n default:\n privateKey = Ed25519PrivateKey.generate();\n }\n return new EphemeralKeyPair({ privateKey, expiryDateSecs: args?.expiryDateSecs });\n }\n /**\n * Sign the given data using the private key, returning an ephemeral signature.\n * This function is essential for creating a secure signature that can be used for authentication or verification purposes.\n *\n * @param data - The data to be signed, provided in HexInput format.\n * @returns EphemeralSignature - The resulting ephemeral signature.\n * @throws Error - Throws an error if the EphemeralKeyPair has expired or been cleared from memory.\n * @group Implementation\n * @category Account (On-Chain Model)\n */\n sign(data) {\n if (this.cleared) {\n throw new Error(\"EphemeralKeyPair has been cleared from memory and can no longer be used\");\n }\n if (this.isExpired()) {\n throw new Error(\"EphemeralKeyPair has expired\");\n }\n return new EphemeralSignature(this.privateKey.sign(data));\n }\n}\n/**\n * Generates a random byte array of length EphemeralKeyPair.BLINDER_LENGTH.\n * @returns Uint8Array A random byte array used for blinding.\n * @group Implementation\n * @category Account (On-Chain Model)\n */\nfunction generateBlinder() {\n return randomBytes(EphemeralKeyPair.BLINDER_LENGTH);\n}\n//# sourceMappingURL=EphemeralKeyPair.js.map","// Copyright © Aptos Foundation\n// SPDX-License-Identifier: Apache-2.0\nimport { EventEmitter } from \"eventemitter3\";\nimport { jwtDecode } from \"jwt-decode\";\n// Register keyless variants with AnyPublicKey/AnySignature registry\nimport \"../core/crypto/keylessRegistration.js\";\nimport { EphemeralCertificateVariant, SigningScheme } from \"../types/index.js\";\nimport { AccountAddress } from \"../core/accountAddress.js\";\nimport { AnyPublicKey, AnySignature } from \"../core/crypto/singleKey.js\";\nimport { KeylessSignature, EphemeralCertificate, ZeroKnowledgeSig, getKeylessConfig, fetchJWK, } from \"../core/crypto/keyless.js\";\nimport { EphemeralKeyPair } from \"./EphemeralKeyPair.js\";\nimport { Hex } from \"../core/hex.js\";\nimport { AccountAuthenticatorSingleKey } from \"../transactions/authenticator/account.js\";\nimport { Serializable } from \"../bcs/index.js\";\nimport { deriveTransactionType, generateSigningMessage } from \"../transactions/transactionBuilder/signingMessage.js\";\nimport { base64UrlDecode, warnIfDevelopment } from \"../utils/helpers.js\";\nimport { KeylessError, KeylessErrorType } from \"../errors/index.js\";\n// Import and re-export from lightweight module for backward compatibility\nimport { isKeylessSigner } from \"./keylessSigner.js\";\nexport { isKeylessSigner };\n/**\n * Account implementation for the Keyless authentication scheme. This abstract class is used for standard Keyless Accounts\n * and Federated Keyless Accounts.\n * @group Implementation\n * @category Account (On-Chain Model)\n */\nexport class AbstractKeylessAccount extends Serializable {\n static PEPPER_LENGTH = 31;\n /**\n * The KeylessPublicKey associated with the account\n * @group Implementation\n * @category Account (On-Chain Model)\n */\n publicKey;\n /**\n * The EphemeralKeyPair used to generate sign.\n * @group Implementation\n * @category Account (On-Chain Model)\n */\n ephemeralKeyPair;\n /**\n * The claim on the JWT to identify a user. This is typically 'sub' or 'email'.\n * @group Implementation\n * @category Account (On-Chain Model)\n */\n uidKey;\n /**\n * The value of the uidKey claim on the JWT. This intended to be a stable user identifier.\n * @group Implementation\n * @category Account (On-Chain Model)\n */\n uidVal;\n /**\n * The value of the 'aud' claim on the JWT, also known as client ID. This is the identifier for the dApp's\n * OIDC registration with the identity provider.\n * @group Implementation\n * @category Account (On-Chain Model)\n */\n aud;\n /**\n * A value contains 31 bytes of entropy that preserves privacy of the account. Typically fetched from a pepper provider.\n * @group Implementation\n * @category Account (On-Chain Model)\n */\n pepper;\n /**\n * Account address associated with the account\n * @group Implementation\n * @category Account (On-Chain Model)\n */\n accountAddress;\n /**\n * The zero knowledge signature (if ready) which contains the proof used to validate the EphemeralKeyPair.\n * @group Implementation\n * @category Account (On-Chain Model)\n */\n proof;\n /**\n * The proof of the EphemeralKeyPair or a promise that provides the proof. This is used to allow for awaiting on\n * fetching the proof.\n * @group Implementation\n * @category Account (On-Chain Model)\n */\n proofOrPromise;\n /**\n * Signing scheme used to sign transactions\n * @group Implementation\n * @category Account (On-Chain Model)\n */\n signingScheme = SigningScheme.SingleKey;\n /**\n * The JWT token used to derive the account\n * @group Implementation\n * @category Account (On-Chain Model)\n */\n jwt;\n /**\n * The hash of the verification key used to verify the proof. This is optional and can be used to check verifying key\n * rotations which may invalidate the proof.\n */\n verificationKeyHash;\n /**\n * An event emitter used to assist in handling asynchronous proof fetching.\n * @group Implementation\n * @category Account (On-Chain Model)\n */\n emitter;\n /**\n * Use the static generator `create(...)` instead.\n * Creates an instance of the KeylessAccount with an optional proof.\n *\n * @param args - The parameters for creating a KeylessAccount.\n * @param args.address - Optional account address associated with the KeylessAccount.\n * @param args.publicKey - A KeylessPublicKey or FederatedKeylessPublicKey.\n * @param args.ephemeralKeyPair - The ephemeral key pair used in the account creation.\n * @param args.iss - A JWT issuer.\n * @param args.uidKey - The claim on the JWT to identify a user. This is typically 'sub' or 'email'.\n * @param args.uidVal - The unique id for this user, intended to be a stable user identifier.\n * @param args.aud - The value of the 'aud' claim on the JWT, also known as client ID. This is the identifier for the dApp's\n * OIDC registration with the identity provider.\n * @param args.pepper - A hexadecimal input used for additional security.\n * @param args.proof - A Zero Knowledge Signature or a promise that resolves to one.\n * @param args.proofFetchCallback - Optional callback function for fetching proof.\n * @param args.jwt - A JSON Web Token used for authentication.\n * @param args.verificationKeyHash Optional 32-byte verification key hash as hex input used to check proof validity.\n */\n constructor(args) {\n super();\n const { address, ephemeralKeyPair, publicKey, uidKey, uidVal, aud, pepper, proof, proofFetchCallback, jwt, verificationKeyHash, } = args;\n this.ephemeralKeyPair = ephemeralKeyPair;\n this.publicKey = publicKey;\n this.accountAddress = address ? AccountAddress.from(address) : this.publicKey.authKey().derivedAddress();\n this.uidKey = uidKey;\n this.uidVal = uidVal;\n this.aud = aud;\n this.jwt = jwt;\n this.emitter = new EventEmitter();\n this.proofOrPromise = proof;\n if (proof instanceof ZeroKnowledgeSig) {\n this.proof = proof;\n }\n else {\n if (proofFetchCallback === undefined) {\n throw new Error(\"Must provide callback for async proof fetch\");\n }\n this.emitter.on(\"proofFetchFinish\", async (status) => {\n await proofFetchCallback(status);\n this.emitter.removeAllListeners();\n });\n // Note, this is purposely not awaited to be non-blocking. The caller should await on the proofFetchCallback.\n this.init(proof);\n }\n const pepperBytes = Hex.fromHexInput(pepper).toUint8Array();\n if (pepperBytes.length !== AbstractKeylessAccount.PEPPER_LENGTH) {\n throw new Error(`Pepper length in bytes should be ${AbstractKeylessAccount.PEPPER_LENGTH}`);\n }\n this.pepper = pepperBytes;\n if (verificationKeyHash !== undefined) {\n if (Hex.hexInputToUint8Array(verificationKeyHash).length !== 32) {\n throw new Error(\"verificationKeyHash must be 32 bytes\");\n }\n this.verificationKeyHash = Hex.hexInputToUint8Array(verificationKeyHash);\n }\n }\n getAnyPublicKey() {\n return new AnyPublicKey(this.publicKey);\n }\n /**\n * This initializes the asynchronous proof fetch\n * @return Emits whether the proof succeeds or fails, but has no return.\n * @group Implementation\n * @category Account (On-Chain Model)\n */\n async init(promise) {\n try {\n this.proof = await promise;\n this.emitter.emit(\"proofFetchFinish\", { status: \"Success\" });\n }\n catch (error) {\n if (error instanceof Error) {\n this.emitter.emit(\"proofFetchFinish\", { status: \"Failed\", error: error.toString() });\n }\n else {\n this.emitter.emit(\"proofFetchFinish\", { status: \"Failed\", error: \"Unknown\" });\n }\n }\n }\n /**\n * Serializes the jwt data into a format suitable for transmission or storage.\n * This function ensures that both the jwt data and the proof are properly serialized.\n *\n * @param serializer - The serializer instance used to convert the jwt data into bytes.\n */\n serialize(serializer) {\n this.accountAddress.serialize(serializer);\n serializer.serializeStr(this.jwt);\n serializer.serializeStr(this.uidKey);\n serializer.serializeFixedBytes(this.pepper);\n this.ephemeralKeyPair.serialize(serializer);\n if (this.proof === undefined) {\n throw new Error(\"Cannot serialize - proof undefined\");\n }\n this.proof.serialize(serializer);\n serializer.serializeOption(this.verificationKeyHash, 32);\n }\n static partialDeserialize(deserializer) {\n const address = AccountAddress.deserialize(deserializer);\n const jwt = deserializer.deserializeStr();\n const uidKey = deserializer.deserializeStr();\n const pepper = deserializer.deserializeFixedBytes(31);\n const ephemeralKeyPair = EphemeralKeyPair.deserialize(deserializer);\n const proof = ZeroKnowledgeSig.deserialize(deserializer);\n const verificationKeyHash = deserializer.deserializeOption(\"fixedBytes\", 32);\n return { address, jwt, uidKey, pepper, ephemeralKeyPair, proof, verificationKeyHash };\n }\n /**\n * Checks if the proof is expired. If so the account must be re-derived with a new EphemeralKeyPair\n * and JWT token.\n * @return boolean\n * @group Implementation\n * @category Account (On-Chain Model)\n */\n isExpired() {\n return this.ephemeralKeyPair.isExpired();\n }\n /**\n * Sign a message using Keyless.\n * @param message the message to sign, as binary input\n * @return the AccountAuthenticator containing the signature, together with the account's public key\n * @group Implementation\n * @category Account (On-Chain Model)\n */\n signWithAuthenticator(message) {\n const signature = new AnySignature(this.sign(message));\n const publicKey = new AnyPublicKey(this.publicKey);\n return new AccountAuthenticatorSingleKey(publicKey, signature);\n }\n /**\n * Sign a transaction using Keyless.\n * @param transaction the raw transaction\n * @return the AccountAuthenticator containing the signature of the transaction, together with the account's public key\n * @group Implementation\n * @category Account (On-Chain Model)\n */\n signTransactionWithAuthenticator(transaction) {\n const signature = new AnySignature(this.signTransaction(transaction));\n const publicKey = new AnyPublicKey(this.publicKey);\n return new AccountAuthenticatorSingleKey(publicKey, signature);\n }\n /**\n * Waits for asynchronous proof fetching to finish.\n * @return\n * @group Implementation\n * @category Account (On-Chain Model)\n */\n async waitForProofFetch() {\n if (this.proofOrPromise instanceof Promise) {\n await this.proofOrPromise;\n }\n }\n /**\n * Validates that the Keyless Account can be used to sign transactions.\n * @return\n */\n async checkKeylessAccountValidity(aptosConfig) {\n if (this.isExpired()) {\n throw KeylessError.fromErrorType({\n type: KeylessErrorType.EPHEMERAL_KEY_PAIR_EXPIRED,\n });\n }\n await this.waitForProofFetch();\n if (this.proof === undefined) {\n throw KeylessError.fromErrorType({\n type: KeylessErrorType.ASYNC_PROOF_FETCH_FAILED,\n });\n }\n // SECURITY: jwtDecode does NOT verify the JWT signature; we only read the\n // `kid` header to compare against the verification key hash. JWT signature\n // verification is performed on-chain by the keyless verifier.\n const header = jwtDecode(this.jwt, { header: true });\n if (header.kid === undefined) {\n throw KeylessError.fromErrorType({\n type: KeylessErrorType.JWT_PARSING_ERROR,\n details: \"checkKeylessAccountValidity failed. JWT is missing 'kid' in header. This should never happen.\",\n });\n }\n if (this.verificationKeyHash !== undefined) {\n const { verificationKey } = await getKeylessConfig({ aptosConfig });\n if (Hex.hexInputToString(verificationKey.hash()) !== Hex.hexInputToString(this.verificationKeyHash)) {\n throw KeylessError.fromErrorType({\n type: KeylessErrorType.INVALID_PROOF_VERIFICATION_KEY_NOT_FOUND,\n });\n }\n }\n else {\n warnIfDevelopment(\"[Aptos SDK] The verification key hash was not set. Proof may be invalid if the verification key has rotated.\");\n }\n await AbstractKeylessAccount.fetchJWK({ aptosConfig, publicKey: this.publicKey, kid: header.kid });\n }\n /**\n * Sign the given message using Keyless.\n * @param message in HexInput format\n * @returns Signature\n * @group Implementation\n * @category Account (On-Chain Model)\n */\n sign(message) {\n const { expiryDateSecs } = this.ephemeralKeyPair;\n if (this.isExpired()) {\n throw KeylessError.fromErrorType({\n type: KeylessErrorType.EPHEMERAL_KEY_PAIR_EXPIRED,\n });\n }\n if (this.proof === undefined) {\n throw KeylessError.fromErrorType({\n type: KeylessErrorType.PROOF_NOT_FOUND,\n details: \"Proof not found - make sure to call `await account.checkKeylessAccountValidity()` before signing.\",\n });\n }\n const ephemeralPublicKey = this.ephemeralKeyPair.getPublicKey();\n const ephemeralSignature = this.ephemeralKeyPair.sign(message);\n return new KeylessSignature({\n jwtHeader: base64UrlDecode(this.jwt.split(\".\")[0]),\n ephemeralCertificate: new EphemeralCertificate(this.proof, EphemeralCertificateVariant.ZkProof),\n expiryDateSecs,\n ephemeralPublicKey,\n ephemeralSignature,\n });\n }\n /**\n * Sign the given transaction with Keyless.\n * Signs the transaction and proof to guard against proof malleability.\n * @param transaction the transaction to be signed\n * @returns KeylessSignature\n * @group Implementation\n * @category Account (On-Chain Model)\n */\n signTransaction(transaction) {\n if (this.proof === undefined) {\n throw KeylessError.fromErrorType({\n type: KeylessErrorType.PROOF_NOT_FOUND,\n details: \"Proof not found - make sure to call `await account.checkKeylessAccountValidity()` before signing.\",\n });\n }\n const raw = deriveTransactionType(transaction);\n const txnAndProof = new TransactionAndProof(raw, this.proof.proof);\n const signMess = txnAndProof.hash();\n return this.sign(signMess);\n }\n getSigningMessage(transaction) {\n if (this.proof === undefined) {\n throw KeylessError.fromErrorType({\n type: KeylessErrorType.PROOF_NOT_FOUND,\n details: \"Proof not found - make sure to call `await account.checkKeylessAccountValidity()` before signing.\",\n });\n }\n const raw = deriveTransactionType(transaction);\n const txnAndProof = new TransactionAndProof(raw, this.proof.proof);\n return txnAndProof.hash();\n }\n /**\n * Note - This function is currently incomplete and should only be used to verify ownership of the KeylessAccount\n *\n * Verifies a signature given the message.\n *\n * @param args.message the message that was signed.\n * @param args.signature the KeylessSignature to verify\n * @returns boolean\n * @group Implementation\n * @category Account (On-Chain Model)\n */\n verifySignature(args) {\n return this.publicKey.verifySignature(args);\n }\n async verifySignatureAsync(args) {\n return this.publicKey.verifySignatureAsync({\n ...args,\n });\n }\n /**\n * Fetches the JWK from the issuer's well-known JWKS endpoint.\n *\n * @param args.publicKey The keyless public key to query\n * @param args.kid The kid of the JWK to fetch\n * @returns A JWK matching the `kid` in the JWT header.\n * @throws {KeylessError} If the JWK cannot be fetched\n */\n static async fetchJWK(args) {\n return fetchJWK(args);\n }\n}\n/**\n * A container class to hold a transaction and a proof. It implements CryptoHashable which is used to create\n * the signing message for Keyless transactions. We sign over the proof to ensure non-malleability.\n * @group Implementation\n * @category Account (On-Chain Model)\n */\nexport class TransactionAndProof extends Serializable {\n /**\n * The transaction to sign.\n * @group Implementation\n * @category Account (On-Chain Model)\n */\n transaction;\n /**\n * The zero knowledge proof used in signing the transaction.\n * @group Implementation\n * @category Account (On-Chain Model)\n */\n proof;\n /**\n * The domain separator prefix used when hashing.\n * @group Implementation\n * @category Account (On-Chain Model)\n */\n domainSeparator = \"APTOS::TransactionAndProof\";\n constructor(transaction, proof) {\n super();\n this.transaction = transaction;\n this.proof = proof;\n }\n /**\n * Serializes the transaction data into a format suitable for transmission or storage.\n * This function ensures that both the transaction bytes and the proof are properly serialized.\n *\n * @param serializer - The serializer instance used to convert the transaction data into bytes.\n */\n serialize(serializer) {\n serializer.serializeFixedBytes(this.transaction.bcsToBytes());\n serializer.serializeOption(this.proof);\n }\n /**\n * Hashes the bcs serialized from of the class. This is the typescript corollary to the BCSCryptoHash macro in aptos-core.\n *\n * @returns Uint8Array\n * @group Implementation\n * @category Account (On-Chain Model)\n */\n hash() {\n return generateSigningMessage(this.bcsToBytes(), this.domainSeparator);\n }\n}\n//# sourceMappingURL=AbstractKeylessAccount.js.map"],"x_google_ignoreList":[0,1,2,3,4,5],"mappings":";;;;;;;;AAGA,IAAW;CACV,SAAU,mCAAmC;CAC1C,kCAAkC,kCAAkC,QAAQ,KAAK;CACjF,kCAAkC,kCAAkC,iBAAiB,KAAK;AAC9F,EAAC,CAAE,sCAAsC,oCAAoC,CAAC,EAAE;;;;AAIhF,IAAW;CACV,SAAU,sBAAsB;CAC7B,qBAAqB,qBAAqB,QAAQ,KAAK;AAC3D,EAAC,CAAE,yBAAyB,uBAAuB,CAAC,EAAE;;;;;;;;;;;;;ACMtD,IAAa,uBAAb,cAA0C,aAAa;;;;;;;;;CASnD,OAAO,YAAY,cAAc;EAC7B,MAAM,QAAQ,aAAa,wBAAwB;EACnD,QAAQ,OAAR;GACI,KAAK,4BAA4B,SAC7B,OAAO,4BAA4B,KAAK,YAAY;GACxD,KAAK,4BAA4B,cAC7B,OAAO,iCAAiC,KAAK,YAAY;GAC7D,KAAK,4BAA4B,WAC7B,OAAO,8BAA8B,KAAK,YAAY;GAC1D,KAAK,4BAA4B,UAC7B,OAAO,6BAA6B,KAAK,YAAY;GACzD,KAAK,4BAA4B,wBAC7B,OAAO,2CAA2C,KAAK,YAAY;GACvE,KAAK,4BAA4B,aAC7B,OAAO,gCAAgC,KAAK,YAAY;GAC5D,SACI,MAAM,IAAI,MAAM,mDAAmD,OAAO;EAClF;CACJ;;;;;;;;CAQA,YAAY;EACR,OAAO,gBAAgB;CAC3B;;;;;;;;CAQA,iBAAiB;EACb,OAAO,gBAAgB;CAC3B;;;;;;;;CAQA,cAAc;EACV,OAAO,gBAAgB;CAC3B;;;;;;;;CAQA,aAAa;EACT,OAAO,gBAAgB;CAC3B;AACJ;;;;;;;;;;AAUA,IAAa,8BAAb,MAAa,oCAAoC,qBAAqB;CAClE;CACA;;;;;;;;;CASA,YAAY,YAAY,WAAW;EAC/B,MAAM;EACN,KAAK,aAAa;EAClB,KAAK,YAAY;CACrB;;;;;;;;;CASA,UAAU,YAAY;EAClB,WAAW,sBAAsB,4BAA4B,OAAO;EACpE,KAAK,WAAW,UAAU,UAAU;EACpC,KAAK,UAAU,UAAU,UAAU;CACvC;;;;;;;;;CASA,OAAO,KAAK,cAAc;EAGtB,OAAO,IAAI,4BAFQ,iBAAiB,YAAY,YAEA,GAD9B,iBAAiB,YAAY,YACY,CAAC;CAChE;AACJ;;;;;;;;;AASA,IAAa,mCAAb,MAAa,yCAAyC,qBAAqB;CACvE;CACA;CACA,YAAY,YAAY,WAAW;EAC/B,MAAM;EACN,KAAK,aAAa;EAClB,KAAK,YAAY;CACrB;CACA,UAAU,YAAY;EAClB,WAAW,sBAAsB,4BAA4B,YAAY;EACzE,KAAK,WAAW,UAAU,UAAU;EACpC,KAAK,UAAU,UAAU,UAAU;CACvC;CACA,OAAO,KAAK,cAAc;EAGtB,OAAO,IAAI,iCAFQ,sBAAsB,YAAY,YAEA,GADnC,sBAAsB,YAAY,YACY,CAAC;CACrE;AACJ;;;;;;;;;;AAUA,IAAa,gCAAb,MAAa,sCAAsC,qBAAqB;CACpE;CACA;CACA,YAAY,YAAY,WAAW;EAC/B,MAAM;EACN,KAAK,aAAa;EAClB,KAAK,YAAY;CACrB;CACA,UAAU,YAAY;EAClB,WAAW,sBAAsB,4BAA4B,SAAS;EACtE,KAAK,WAAW,UAAU,UAAU;EACpC,KAAK,UAAU,UAAU,UAAU;CACvC;CACA,OAAO,KAAK,cAAc;EAGtB,OAAO,IAAI,8BAFQ,aAAa,YAAY,YAEM,GADhC,aAAa,YAAY,YACkB,CAAC;CAClE;AACJ;;;;;;;;;AASA,IAAa,+BAAb,MAAa,qCAAqC,qBAAqB;CACnE;CACA;CACA,YAAY,aAAa,YAAY;EACjC,MAAM;EACN,KAAK,cAAc;EACnB,KAAK,aAAa;CACtB;CACA,UAAU,YAAY;EAClB,WAAW,sBAAsB,4BAA4B,QAAQ;EACrE,KAAK,YAAY,UAAU,UAAU;EACrC,KAAK,WAAW,UAAU,UAAU;CACxC;CACA,OAAO,KAAK,cAAc;EAGtB,OAAO,IAAI,6BAFS,SAAS,YAAY,YAES,GAD/B,kBAAkB,YAAY,YACa,CAAC;CACnE;AACJ;;;;;;AAMA,IAAa,6CAAb,MAAa,mDAAmD,qBAAqB;CACjF,UAAU,YAAY;EAClB,WAAW,sBAAsB,4BAA4B,sBAAsB;CACvF;CACA,OAAO,KAAK,cAAc;EACtB,OAAO,IAAI,2CAA2C;CAC1D;AACJ;;;;;;;;;;;AAWA,IAAa,kCAAb,MAAa,wCAAwC,qBAAqB;CACtE;CACA;CACA;;;;CAIA;CACA,YAAY,cAAc,sBAAsB,sBAAsB,iBAAiB;EACnF,MAAM;EACN,IAAI,CAAC,oBAAoB,YAAY,GACjC,MAAM,IAAI,MAAM,yBAAyB,aAAa,6CAA6C;EAEvG,KAAK,eAAe;EACpB,KAAK,uBAAuB;EAC5B,KAAK,uBAAuB,IAAI,aAAa,IAAI,aAAa,oBAAoB,CAAC,CAAC,aAAa,CAAC;EAClG,KAAK,kBAAkB;CAC3B;CACA,UAAU,YAAY;EAClB,WAAW,sBAAsB,4BAA4B,WAAW;EACxE,MAAM,EAAE,eAAe,YAAY,iBAAiB,iBAAiB,KAAK,YAAY;EACtF,eAAe,WAAW,aAAa,CAAC,CAAC,UAAU,UAAU;EAC7D,WAAW,aAAa,UAAU;EAClC,WAAW,aAAa,YAAY;EACpC,IAAI,KAAK,iBACL,WAAW,sBAAsB,kCAAkC,WAAW;OAG9E,WAAW,sBAAsB,kCAAkC,EAAE;EAEzE,WAAW,eAAe,KAAK,qBAAqB,aAAa,CAAC;EAClE,IAAI,KAAK,iBACL,WAAW,eAAe,KAAK,oBAAoB;OAGnD,WAAW,oBAAoB,KAAK,oBAAoB;EAE5D,IAAI,KAAK,iBACL,WAAW,eAAe,KAAK,eAAe;CAEtD;CACA,OAAO,KAAK,cAAc;EAEtB,MAAM,gBAAgB,eAAe,YAAY,YAAY;EAC7D,MAAM,aAAa,aAAa,eAAe;EAC/C,MAAM,eAAe,aAAa,eAAe;EAEjD,MAAM,UAAU,aAAa,wBAAwB;EAErD,MAAM,uBAAuB,aAAa,iBAAiB;EAC3D,IAAI,YAAY,kCAAkC,IAAI;GAClD,MAAM,uBAAuB,aAAa,sBAAsB,aAAa,UAAU,CAAC;GACxF,OAAO,IAAI,gCAAgC,GAAG,cAAc,IAAI,WAAW,IAAI,gBAAgB,sBAAsB,oBAAoB;EAC7I;EACA,IAAI,YAAY,kCAAkC,aAAa;GAC3D,MAAM,uBAAuB,aAAa,iBAAiB;GAC3D,MAAM,oBAAoB,aAAa,iBAAiB;GACxD,OAAO,IAAI,gCAAgC,GAAG,cAAc,IAAI,WAAW,IAAI,gBAAgB,sBAAsB,sBAAsB,iBAAiB;EAChK;EACA,MAAM,IAAI,MAAM,8DAA8D,SAAS;CAC3F;AACJ;;;;ACjTA,SAAgB,gBAAgB,KAAK;CACjC,OAAQ,QAAQ,QACZ,QAAQ,UACR,OAAO,IAAI,gCAAgC,cAC3C,OAAO,IAAI,sBAAsB;AACzC;;;;;;;;AEGA,MAAM,uBAAuB;;;;;;;;;AAS7B,IAAa,mBAAb,MAAa,yBAAyB,aAAa;CAC/C,OAAO,iBAAiB;;;;;;;CAOxB;;;;;;;CAOA;;;;;;;;;;;;;;;;;;;CAmBA;;;;;;;CAOA;;;;;;;CAOA;;;;;CAKA,UAAU;;;;;;;;;;;;;CAaV,YAAY,MAAM;EACd,MAAM;EACN,MAAM,EAAE,YAAY,gBAAgB,YAAY;EAChD,KAAK,aAAa;EAClB,KAAK,YAAY,IAAI,mBAAmB,WAAW,UAAU,CAAC;EAE9D,KAAK,iBAAiB,kBAAkB,iBAAiB,aAAa,IAAI,oBAAoB;EAE9F,KAAK,UAAU,YAAY,SAAY,IAAI,aAAa,OAAO,CAAC,CAAC,aAAa,IAAI,gBAAgB;EAElG,MAAM,SAAS,uBAAuB,KAAK,UAAU,WAAW,GAAG,EAAE;EACrE,OAAO,KAAK,OAAO,KAAK,cAAc,CAAC;EACvC,OAAO,KAAK,gBAAgB,KAAK,OAAO,CAAC;EACzC,MAAM,YAAY,aAAa,MAAM;EACrC,KAAK,QAAQ,UAAU,SAAS;CACpC;;;;;;;CAOA,eAAe;EACX,OAAO,KAAK;CAChB;;;;;;;CAOA,YAAY;EAER,OADwB,KAAK,MAAM,KAAK,IAAI,IAAI,GAC3B,IAAI,KAAK;CAClC;;;;;;;;;;;;;;;;;;;;;;CAsBA,QAAQ;EACJ,IAAI,CAAC,KAAK,SAAS;GAEf,IAAI,WAAW,KAAK,cAAc,OAAO,KAAK,WAAW,UAAU,YAC/D,KAAK,WAAW,MAAM;QAErB;IAED,MAAM,WAAW,KAAK,WAAW,aAAa;IAC9C,OAAO,gBAAgB,QAAQ;IAC/B,SAAS,KAAK,GAAI;IAClB,OAAO,gBAAgB,QAAQ;IAC/B,SAAS,KAAK,CAAC;GACnB;GAEA,OAAO,gBAAgB,KAAK,OAAO;GACnC,KAAK,QAAQ,KAAK,GAAI;GACtB,OAAO,gBAAgB,KAAK,OAAO;GACnC,KAAK,QAAQ,KAAK,CAAC;GACnB,KAAK,UAAU;EACnB;CACJ;;;;;;;;CAQA,YAAY;EACR,OAAO,KAAK;CAChB;;;;;;;;;CASA,UAAU,YAAY;EAClB,WAAW,sBAAsB,KAAK,UAAU,OAAO;EACvD,WAAW,eAAe,KAAK,WAAW,aAAa,CAAC;EACxD,WAAW,aAAa,KAAK,cAAc;EAC3C,WAAW,oBAAoB,KAAK,OAAO;CAC/C;;;;;;;;;CASA,OAAO,YAAY,cAAc;EAC7B,MAAM,eAAe,aAAa,wBAAwB;EAC1D,IAAI;EACJ,QAAQ,cAAR;GACI,KAAK,0BAA0B;IAC3B,aAAa,kBAAkB,YAAY,YAAY;IACvD;GACJ,SACI,MAAM,IAAI,MAAM,iDAAiD,cAAc;EACvF;EACA,MAAM,iBAAiB,aAAa,eAAe;EACnD,MAAM,UAAU,aAAa,sBAAsB,EAAE;EACrD,OAAO,IAAI,iBAAiB;GACxB;GACA,gBAAgB,gBAAgB,gBAAgB,iCAAiC;GACjF;EACJ,CAAC;CACL;;;;;;;;;CASA,OAAO,UAAU,OAAO;EACpB,OAAO,iBAAiB,YAAY,IAAI,aAAa,KAAK,CAAC;CAC/D;;;;;;;;;;;;CAYA,OAAO,SAAS,MAAM;EAClB,IAAI;EACJ,QAAQ,MAAM,QAAd;GACI,SACI,aAAa,kBAAkB,SAAS;EAChD;EACA,OAAO,IAAI,iBAAiB;GAAE;GAAY,gBAAgB,MAAM;EAAe,CAAC;CACpF;;;;;;;;;;;CAWA,KAAK,MAAM;EACP,IAAI,KAAK,SACL,MAAM,IAAI,MAAM,yEAAyE;EAE7F,IAAI,KAAK,UAAU,GACf,MAAM,IAAI,MAAM,8BAA8B;EAElD,OAAO,IAAI,mBAAmB,KAAK,WAAW,KAAK,IAAI,CAAC;CAC5D;AACJ;;;;;;;AAOA,SAAS,kBAAkB;CACvB,OAAO,YAAY,iBAAiB,cAAc;AACtD;;;;;;;;;;;;;;ACrPA,IAAa,yBAAb,MAAa,+BAA+B,aAAa;CACrD,OAAO,gBAAgB;;;;;;CAMvB;;;;;;CAMA;;;;;;CAMA;;;;;;CAMA;;;;;;;CAOA;;;;;;CAMA;;;;;;CAMA;;;;;;CAMA;;;;;;;CAOA;;;;;;CAMA,gBAAgB,cAAc;;;;;;CAM9B;;;;;CAKA;;;;;;CAMA;;;;;;;;;;;;;;;;;;;;CAoBA,YAAY,MAAM;EACd,MAAM;EACN,MAAM,EAAE,SAAS,kBAAkB,WAAW,QAAQ,QAAQ,KAAK,QAAQ,OAAO,oBAAoB,KAAK,wBAAyB;EACpI,KAAK,mBAAmB;EACxB,KAAK,YAAY;EACjB,KAAK,iBAAiB,UAAU,eAAe,KAAK,OAAO,IAAI,KAAK,UAAU,QAAQ,CAAC,CAAC,eAAe;EACvG,KAAK,SAAS;EACd,KAAK,SAAS;EACd,KAAK,MAAM;EACX,KAAK,MAAM;EACX,KAAK,UAAU,IAAIA,6BAAa;EAChC,KAAK,iBAAiB;EACtB,IAAI,iBAAiB,kBACjB,KAAK,QAAQ;OAEZ;GACD,IAAI,uBAAuB,QACvB,MAAM,IAAI,MAAM,6CAA6C;GAEjE,KAAK,QAAQ,GAAG,oBAAoB,OAAO,WAAW;IAClD,MAAM,mBAAmB,MAAM;IAC/B,KAAK,QAAQ,mBAAmB;GACpC,CAAC;GAED,KAAK,KAAK,KAAK;EACnB;EACA,MAAM,cAAc,IAAI,aAAa,MAAM,CAAC,CAAC,aAAa;EAC1D,IAAI,YAAY,WAAW,uBAAuB,eAC9C,MAAM,IAAI,MAAM,oCAAoC,uBAAuB,eAAe;EAE9F,KAAK,SAAS;EACd,IAAI,wBAAwB,QAAW;GACnC,IAAI,IAAI,qBAAqB,mBAAmB,CAAC,CAAC,WAAW,IACzD,MAAM,IAAI,MAAM,sCAAsC;GAE1D,KAAK,sBAAsB,IAAI,qBAAqB,mBAAmB;EAC3E;CACJ;CACA,kBAAkB;EACd,OAAO,IAAI,aAAa,KAAK,SAAS;CAC1C;;;;;;;CAOA,MAAM,KAAK,SAAS;EAChB,IAAI;GACA,KAAK,QAAQ,MAAM;GACnB,KAAK,QAAQ,KAAK,oBAAoB,EAAE,QAAQ,UAAU,CAAC;EAC/D,SACO,OAAO;GACV,IAAI,iBAAiB,OACjB,KAAK,QAAQ,KAAK,oBAAoB;IAAE,QAAQ;IAAU,OAAO,MAAM,SAAS;GAAE,CAAC;QAGnF,KAAK,QAAQ,KAAK,oBAAoB;IAAE,QAAQ;IAAU,OAAO;GAAU,CAAC;EAEpF;CACJ;;;;;;;CAOA,UAAU,YAAY;EAClB,KAAK,eAAe,UAAU,UAAU;EACxC,WAAW,aAAa,KAAK,GAAG;EAChC,WAAW,aAAa,KAAK,MAAM;EACnC,WAAW,oBAAoB,KAAK,MAAM;EAC1C,KAAK,iBAAiB,UAAU,UAAU;EAC1C,IAAI,KAAK,UAAU,QACf,MAAM,IAAI,MAAM,oCAAoC;EAExD,KAAK,MAAM,UAAU,UAAU;EAC/B,WAAW,gBAAgB,KAAK,qBAAqB,EAAE;CAC3D;CACA,OAAO,mBAAmB,cAAc;EAQpC,OAAO;GAAE,SAPO,eAAe,YAAY,YAO5B;GAAG,KANN,aAAa,eAML;GAAG,QALR,aAAa,eAKA;GAAG,QAJhB,aAAa,sBAAsB,EAId;GAAG,kBAHd,iBAAiB,YAAY,YAGA;GAAG,OAF3C,iBAAiB,YAAY,YAEkB;GAAG,qBADpC,aAAa,kBAAkB,cAAc,EACS;EAAE;CACxF;;;;;;;;CAQA,YAAY;EACR,OAAO,KAAK,iBAAiB,UAAU;CAC3C;;;;;;;;CAQA,sBAAsB,SAAS;EAC3B,MAAM,YAAY,IAAI,aAAa,KAAK,KAAK,OAAO,CAAC;EAErD,OAAO,IAAI,8BAA8B,IADnB,aAAa,KAAK,SACS,GAAG,SAAS;CACjE;;;;;;;;CAQA,iCAAiC,aAAa;EAC1C,MAAM,YAAY,IAAI,aAAa,KAAK,gBAAgB,WAAW,CAAC;EAEpE,OAAO,IAAI,8BAA8B,IADnB,aAAa,KAAK,SACS,GAAG,SAAS;CACjE;;;;;;;CAOA,MAAM,oBAAoB;EACtB,IAAI,KAAK,0BAA0B,SAC/B,MAAM,KAAK;CAEnB;;;;;CAKA,MAAM,4BAA4B,aAAa;EAC3C,IAAI,KAAK,UAAU,GACf,MAAM,aAAa,cAAc,EAC7B,MAAM,iBAAiB,2BAC3B,CAAC;EAEL,MAAM,KAAK,kBAAkB;EAC7B,IAAI,KAAK,UAAU,QACf,MAAM,aAAa,cAAc,EAC7B,MAAM,iBAAiB,yBAC3B,CAAC;EAKL,MAAM,SAAS,UAAU,KAAK,KAAK,EAAE,QAAQ,KAAK,CAAC;EACnD,IAAI,OAAO,QAAQ,QACf,MAAM,aAAa,cAAc;GAC7B,MAAM,iBAAiB;GACvB,SAAS;EACb,CAAC;EAEL,IAAI,KAAK,wBAAwB,QAAW;GACxC,MAAM,EAAE,oBAAoB,MAAM,iBAAiB,EAAE,YAAY,CAAC;GAClE,IAAI,IAAI,iBAAiB,gBAAgB,KAAK,CAAC,MAAM,IAAI,iBAAiB,KAAK,mBAAmB,GAC9F,MAAM,aAAa,cAAc,EAC7B,MAAM,iBAAiB,yCAC3B,CAAC;EAET,OAEI,kBAAkB,8GAA8G;EAEpI,MAAM,uBAAuB,SAAS;GAAE;GAAa,WAAW,KAAK;GAAW,KAAK,OAAO;EAAI,CAAC;CACrG;;;;;;;;CAQA,KAAK,SAAS;EACV,MAAM,EAAE,mBAAmB,KAAK;EAChC,IAAI,KAAK,UAAU,GACf,MAAM,aAAa,cAAc,EAC7B,MAAM,iBAAiB,2BAC3B,CAAC;EAEL,IAAI,KAAK,UAAU,QACf,MAAM,aAAa,cAAc;GAC7B,MAAM,iBAAiB;GACvB,SAAS;EACb,CAAC;EAEL,MAAM,qBAAqB,KAAK,iBAAiB,aAAa;EAC9D,MAAM,qBAAqB,KAAK,iBAAiB,KAAK,OAAO;EAC7D,OAAO,IAAI,iBAAiB;GACxB,WAAW,gBAAgB,KAAK,IAAI,MAAM,GAAG,CAAC,CAAC,EAAE;GACjD,sBAAsB,IAAI,qBAAqB,KAAK,OAAO,4BAA4B,OAAO;GAC9F;GACA;GACA;EACJ,CAAC;CACL;;;;;;;;;CASA,gBAAgB,aAAa;EACzB,IAAI,KAAK,UAAU,QACf,MAAM,aAAa,cAAc;GAC7B,MAAM,iBAAiB;GACvB,SAAS;EACb,CAAC;EAIL,MAAM,WAAW,IADO,oBADZ,sBAAsB,WACY,GAAG,KAAK,MAAM,KACjC,CAAC,CAAC,KAAK;EAClC,OAAO,KAAK,KAAK,QAAQ;CAC7B;CACA,kBAAkB,aAAa;EAC3B,IAAI,KAAK,UAAU,QACf,MAAM,aAAa,cAAc;GAC7B,MAAM,iBAAiB;GACvB,SAAS;EACb,CAAC;EAIL,OAAO,IADiB,oBADZ,sBAAsB,WACY,GAAG,KAAK,MAAM,KAC3C,CAAC,CAAC,KAAK;CAC5B;;;;;;;;;;;;CAYA,gBAAgB,MAAM;EAClB,OAAO,KAAK,UAAU,gBAAgB,IAAI;CAC9C;CACA,MAAM,qBAAqB,MAAM;EAC7B,OAAO,KAAK,UAAU,qBAAqB,EACvC,GAAG,KACP,CAAC;CACL;;;;;;;;;CASA,aAAa,SAAS,MAAM;EACxB,OAAO,SAAS,IAAI;CACxB;AACJ;;;;;;;AAOA,IAAa,sBAAb,cAAyC,aAAa;;;;;;CAMlD;;;;;;CAMA;;;;;;CAMA,kBAAkB;CAClB,YAAY,aAAa,OAAO;EAC5B,MAAM;EACN,KAAK,cAAc;EACnB,KAAK,QAAQ;CACjB;;;;;;;CAOA,UAAU,YAAY;EAClB,WAAW,oBAAoB,KAAK,YAAY,WAAW,CAAC;EAC5D,WAAW,gBAAgB,KAAK,KAAK;CACzC;;;;;;;;CAQA,OAAO;EACH,OAAO,uBAAuB,KAAK,WAAW,GAAG,KAAK,eAAe;CACzE;AACJ"}
1
+ {"version":3,"file":"AbstractKeylessAccount-DE1e2Glg.js","names":["EventEmitter"],"sources":["../../../node_modules/.pnpm/@aptos-labs+ts-sdk@7.1.0/node_modules/@aptos-labs/ts-sdk/dist/types/abstraction.js","../../../node_modules/.pnpm/@aptos-labs+ts-sdk@7.1.0/node_modules/@aptos-labs/ts-sdk/dist/transactions/authenticator/account.js","../../../node_modules/.pnpm/@aptos-labs+ts-sdk@7.1.0/node_modules/@aptos-labs/ts-sdk/dist/account/keylessSigner.js","../../../node_modules/.pnpm/eventemitter3@5.0.4/node_modules/eventemitter3/index.mjs","../../../node_modules/.pnpm/@aptos-labs+ts-sdk@7.1.0/node_modules/@aptos-labs/ts-sdk/dist/account/EphemeralKeyPair.js","../../../node_modules/.pnpm/@aptos-labs+ts-sdk@7.1.0/node_modules/@aptos-labs/ts-sdk/dist/account/AbstractKeylessAccount.js"],"sourcesContent":["/**\n * The variant for the AbstractAuthenticationData enum.\n */\nexport var AbstractAuthenticationDataVariant;\n(function (AbstractAuthenticationDataVariant) {\n AbstractAuthenticationDataVariant[AbstractAuthenticationDataVariant[\"V1\"] = 0] = \"V1\";\n AbstractAuthenticationDataVariant[AbstractAuthenticationDataVariant[\"DerivableV1\"] = 1] = \"DerivableV1\";\n})(AbstractAuthenticationDataVariant || (AbstractAuthenticationDataVariant = {}));\n/**\n * The variant for the AASigningData enum.\n */\nexport var AASigningDataVariant;\n(function (AASigningDataVariant) {\n AASigningDataVariant[AASigningDataVariant[\"V1\"] = 0] = \"V1\";\n})(AASigningDataVariant || (AASigningDataVariant = {}));\n//# sourceMappingURL=abstraction.js.map","// Copyright © Aptos Foundation\n// SPDX-License-Identifier: Apache-2.0\nimport { Serializable } from \"../../bcs/index.js\";\nimport { AnyPublicKey, AnySignature } from \"../../core/crypto/index.js\";\nimport { Ed25519PublicKey, Ed25519Signature } from \"../../core/crypto/ed25519.js\";\nimport { MultiEd25519PublicKey, MultiEd25519Signature } from \"../../core/crypto/multiEd25519.js\";\nimport { MultiKey, MultiKeySignature } from \"../../core/crypto/multiKey.js\";\nimport { AccountAuthenticatorVariant } from \"../../types/index.js\";\nimport { AASigningDataVariant, AbstractAuthenticationDataVariant } from \"../../types/abstraction.js\";\nimport { AccountAddress, Hex } from \"../../core/index.js\";\nimport { getFunctionParts, isValidFunctionInfo } from \"../../utils/helpers.js\";\n/**\n * Represents an account authenticator that can handle multiple authentication variants.\n * This class serves as a base for different types of account authenticators, allowing for serialization\n * and deserialization of various authenticator types.\n *\n * @extends Serializable\n * @group Implementation\n * @category Transactions\n */\nexport class AccountAuthenticator extends Serializable {\n /**\n * Deserializes an AccountAuthenticator from the provided deserializer.\n * This function helps in reconstructing the AccountAuthenticator object based on the variant index.\n *\n * @param deserializer - The deserializer instance used to read the serialized data.\n * @group Implementation\n * @category Transactions\n */\n static deserialize(deserializer) {\n const index = deserializer.deserializeUleb128AsU32();\n switch (index) {\n case AccountAuthenticatorVariant.Ed25519:\n return AccountAuthenticatorEd25519.load(deserializer);\n case AccountAuthenticatorVariant.MultiEd25519:\n return AccountAuthenticatorMultiEd25519.load(deserializer);\n case AccountAuthenticatorVariant.SingleKey:\n return AccountAuthenticatorSingleKey.load(deserializer);\n case AccountAuthenticatorVariant.MultiKey:\n return AccountAuthenticatorMultiKey.load(deserializer);\n case AccountAuthenticatorVariant.NoAccountAuthenticator:\n return AccountAuthenticatorNoAccountAuthenticator.load(deserializer);\n case AccountAuthenticatorVariant.Abstraction:\n return AccountAuthenticatorAbstraction.load(deserializer);\n default:\n throw new Error(`Unknown variant index for AccountAuthenticator: ${index}`);\n }\n }\n /**\n * Determines if the current instance is an Ed25519 account authenticator.\n *\n * @returns {boolean} True if the instance is of type AccountAuthenticatorEd25519, otherwise false.\n * @group Implementation\n * @category Transactions\n */\n isEd25519() {\n return this instanceof AccountAuthenticatorEd25519;\n }\n /**\n * Determines if the current instance is of type AccountAuthenticatorMultiEd25519.\n *\n * @returns {boolean} True if the instance is a multi-signature Ed25519 account authenticator, otherwise false.\n * @group Implementation\n * @category Transactions\n */\n isMultiEd25519() {\n return this instanceof AccountAuthenticatorMultiEd25519;\n }\n /**\n * Determines if the current instance is of the type AccountAuthenticatorSingleKey.\n *\n * @returns {boolean} True if the instance is an AccountAuthenticatorSingleKey, otherwise false.\n * @group Implementation\n * @category Transactions\n */\n isSingleKey() {\n return this instanceof AccountAuthenticatorSingleKey;\n }\n /**\n * Determine if the current instance is of type AccountAuthenticatorMultiKey.\n *\n * @returns {boolean} Returns true if the instance is an AccountAuthenticatorMultiKey, otherwise false.\n * @group Implementation\n * @category Transactions\n */\n isMultiKey() {\n return this instanceof AccountAuthenticatorMultiKey;\n }\n}\n/**\n * Represents an Ed25519 transaction authenticator for multi-signer transactions.\n * This class encapsulates the account's Ed25519 public key and signature.\n *\n * @param public_key - The Ed25519 public key associated with the account.\n * @param signature - The Ed25519 signature for the account.\n * @group Implementation\n * @category Transactions\n */\nexport class AccountAuthenticatorEd25519 extends AccountAuthenticator {\n public_key;\n signature;\n /**\n * Creates an instance of the class with the specified public keys and signatures.\n *\n * @param public_key The public key used for verification.\n * @param signature The signatures corresponding to the public keys.\n * @group Implementation\n * @category Transactions\n */\n constructor(public_key, signature) {\n super();\n this.public_key = public_key;\n this.signature = signature;\n }\n /**\n * Serializes the account authenticator data into the provided serializer.\n * This function captures the multi-key variant, public keys, and signatures for serialization.\n *\n * @param serializer - The serializer instance used to perform the serialization.\n * @group Implementation\n * @category Transactions\n */\n serialize(serializer) {\n serializer.serializeU32AsUleb128(AccountAuthenticatorVariant.Ed25519);\n this.public_key.serialize(serializer);\n this.signature.serialize(serializer);\n }\n /**\n * Loads an instance of AccountAuthenticatorMultiKey from the provided deserializer.\n * This function helps in reconstructing the authenticator object using the deserialized public keys and signatures.\n *\n * @param deserializer - The deserializer used to extract the necessary data for loading the authenticator.\n * @group Implementation\n * @category Transactions\n */\n static load(deserializer) {\n const public_key = Ed25519PublicKey.deserialize(deserializer);\n const signature = Ed25519Signature.deserialize(deserializer);\n return new AccountAuthenticatorEd25519(public_key, signature);\n }\n}\n/**\n * Represents a transaction authenticator for Multi Ed25519, designed for multi-signer transactions.\n *\n * @param public_key - The MultiEd25519 public key of the account.\n * @param signature - The MultiEd25519 signature of the account.\n * @group Implementation\n * @category Transactions\n */\nexport class AccountAuthenticatorMultiEd25519 extends AccountAuthenticator {\n public_key;\n signature;\n constructor(public_key, signature) {\n super();\n this.public_key = public_key;\n this.signature = signature;\n }\n serialize(serializer) {\n serializer.serializeU32AsUleb128(AccountAuthenticatorVariant.MultiEd25519);\n this.public_key.serialize(serializer);\n this.signature.serialize(serializer);\n }\n static load(deserializer) {\n const public_key = MultiEd25519PublicKey.deserialize(deserializer);\n const signature = MultiEd25519Signature.deserialize(deserializer);\n return new AccountAuthenticatorMultiEd25519(public_key, signature);\n }\n}\n/**\n * Represents an account authenticator that utilizes a single key for signing.\n * This class is designed to handle authentication using a public key and its corresponding signature.\n *\n * @param public_key - The public key used for authentication.\n * @param signature - The signature associated with the public key.\n * @group Implementation\n * @category Transactions\n */\nexport class AccountAuthenticatorSingleKey extends AccountAuthenticator {\n public_key;\n signature;\n constructor(public_key, signature) {\n super();\n this.public_key = public_key;\n this.signature = signature;\n }\n serialize(serializer) {\n serializer.serializeU32AsUleb128(AccountAuthenticatorVariant.SingleKey);\n this.public_key.serialize(serializer);\n this.signature.serialize(serializer);\n }\n static load(deserializer) {\n const public_key = AnyPublicKey.deserialize(deserializer);\n const signature = AnySignature.deserialize(deserializer);\n return new AccountAuthenticatorSingleKey(public_key, signature);\n }\n}\n/**\n * Represents an account authenticator that supports multiple keys and signatures for multi-signature scenarios.\n *\n * @param public_keys - The public keys used for authentication.\n * @param signatures - The signatures corresponding to the public keys.\n * @group Implementation\n * @category Transactions\n */\nexport class AccountAuthenticatorMultiKey extends AccountAuthenticator {\n public_keys;\n signatures;\n constructor(public_keys, signatures) {\n super();\n this.public_keys = public_keys;\n this.signatures = signatures;\n }\n serialize(serializer) {\n serializer.serializeU32AsUleb128(AccountAuthenticatorVariant.MultiKey);\n this.public_keys.serialize(serializer);\n this.signatures.serialize(serializer);\n }\n static load(deserializer) {\n const public_keys = MultiKey.deserialize(deserializer);\n const signatures = MultiKeySignature.deserialize(deserializer);\n return new AccountAuthenticatorMultiKey(public_keys, signatures);\n }\n}\n/**\n * AccountAuthenticatorNoAccountAuthenticator for no account authenticator\n * It represents the absence of a public key for transaction simulation.\n * It allows skipping the public/auth key check during the simulation.\n */\nexport class AccountAuthenticatorNoAccountAuthenticator extends AccountAuthenticator {\n serialize(serializer) {\n serializer.serializeU32AsUleb128(AccountAuthenticatorVariant.NoAccountAuthenticator);\n }\n static load(deserializer) {\n return new AccountAuthenticatorNoAccountAuthenticator();\n }\n}\n/**\n * Represents an account authenticator that supports abstract authentication.\n *\n * @param functionInfo - The function info of the authentication function.\n * @param signingMessageDigest - The digest of the signing message.\n * @param abstractionSignature - The signature of the authentication function.\n * @param accountIdentity - optional. The account identity for DAA.\n * @group Implementation\n * @category Transactions\n */\nexport class AccountAuthenticatorAbstraction extends AccountAuthenticator {\n functionInfo;\n signingMessageDigest;\n abstractionSignature;\n /**\n * DAA, which is extended of the AA module, requires an account identity\n */\n accountIdentity;\n constructor(functionInfo, signingMessageDigest, abstractionSignature, accountIdentity) {\n super();\n if (!isValidFunctionInfo(functionInfo)) {\n throw new Error(`Invalid function info ${functionInfo} passed into AccountAuthenticatorAbstraction`);\n }\n this.functionInfo = functionInfo;\n this.abstractionSignature = abstractionSignature;\n this.signingMessageDigest = Hex.fromHexInput(Hex.fromHexInput(signingMessageDigest).toUint8Array());\n this.accountIdentity = accountIdentity;\n }\n serialize(serializer) {\n serializer.serializeU32AsUleb128(AccountAuthenticatorVariant.Abstraction);\n const { moduleAddress, moduleName, functionName } = getFunctionParts(this.functionInfo);\n AccountAddress.fromString(moduleAddress).serialize(serializer);\n serializer.serializeStr(moduleName);\n serializer.serializeStr(functionName);\n if (this.accountIdentity) {\n serializer.serializeU32AsUleb128(AbstractAuthenticationDataVariant.DerivableV1);\n }\n else {\n serializer.serializeU32AsUleb128(AbstractAuthenticationDataVariant.V1);\n }\n serializer.serializeBytes(this.signingMessageDigest.toUint8Array());\n if (this.accountIdentity) {\n serializer.serializeBytes(this.abstractionSignature);\n }\n else {\n serializer.serializeFixedBytes(this.abstractionSignature);\n }\n if (this.accountIdentity) {\n serializer.serializeBytes(this.accountIdentity);\n }\n }\n static load(deserializer) {\n // deserialize the function info\n const moduleAddress = AccountAddress.deserialize(deserializer);\n const moduleName = deserializer.deserializeStr();\n const functionName = deserializer.deserializeStr();\n // deserialize the variant\n const variant = deserializer.deserializeUleb128AsU32();\n // deserialize the signing message digest\n const signingMessageDigest = deserializer.deserializeBytes();\n if (variant === AbstractAuthenticationDataVariant.V1) {\n const abstractionSignature = deserializer.deserializeFixedBytes(deserializer.remaining());\n return new AccountAuthenticatorAbstraction(`${moduleAddress}::${moduleName}::${functionName}`, signingMessageDigest, abstractionSignature);\n }\n if (variant === AbstractAuthenticationDataVariant.DerivableV1) {\n const abstractionSignature = deserializer.deserializeBytes();\n const abstractPublicKey = deserializer.deserializeBytes();\n return new AccountAuthenticatorAbstraction(`${moduleAddress}::${moduleName}::${functionName}`, signingMessageDigest, abstractionSignature, abstractPublicKey);\n }\n throw new Error(`Unknown variant index for AccountAuthenticatorAbstraction: ${variant}`);\n }\n}\n/**\n * Represents an account abstraction message that contains the original signing message and the function info.\n *\n * @param originalSigningMessage - The original signing message.\n * @param functionInfo - The function info of the authentication function.\n * @group Implementation\n * @category Transactions\n */\nexport class AccountAbstractionMessage extends Serializable {\n originalSigningMessage;\n functionInfo;\n constructor(originalSigningMessage, functionInfo) {\n super();\n this.originalSigningMessage = Hex.fromHexInput(Hex.fromHexInput(originalSigningMessage).toUint8Array());\n this.functionInfo = functionInfo;\n }\n serialize(serializer) {\n serializer.serializeU32AsUleb128(AASigningDataVariant.V1);\n serializer.serializeBytes(this.originalSigningMessage.toUint8Array());\n const { moduleAddress, moduleName, functionName } = getFunctionParts(this.functionInfo);\n AccountAddress.fromString(moduleAddress).serialize(serializer);\n serializer.serializeStr(moduleName);\n serializer.serializeStr(functionName);\n }\n static deserialize(deserializer) {\n const variant = deserializer.deserializeUleb128AsU32();\n if (variant !== AASigningDataVariant.V1) {\n throw new Error(`Unknown variant index for AccountAbstractionMessage: ${variant}`);\n }\n const originalSigningMessage = deserializer.deserializeBytes();\n const functionInfoModuleAddress = AccountAddress.deserialize(deserializer);\n const functionInfoModuleName = deserializer.deserializeStr();\n const functionInfoFunctionName = deserializer.deserializeStr();\n const functionInfo = `${functionInfoModuleAddress}::${functionInfoModuleName}::${functionInfoFunctionName}`;\n return new AccountAbstractionMessage(originalSigningMessage, functionInfo);\n }\n}\n//# sourceMappingURL=account.js.map","// Copyright © Aptos Foundation\n// SPDX-License-Identifier: Apache-2.0\nexport function isKeylessSigner(obj) {\n return (obj !== null &&\n obj !== undefined &&\n typeof obj.checkKeylessAccountValidity === \"function\" &&\n typeof obj.waitForProofFetch === \"function\");\n}\n//# sourceMappingURL=keylessSigner.js.map","import EventEmitter from './index.js'\n\nexport { EventEmitter }\nexport default EventEmitter\n","// Copyright © Aptos Foundation\n// SPDX-License-Identifier: Apache-2.0\nimport { randomBytes } from \"@noble/hashes/utils.js\";\nimport { bytesToBigIntLE, padAndPackBytesWithLen, poseidonHash } from \"../core/crypto/poseidon.js\";\nimport { EphemeralPublicKey, EphemeralSignature } from \"../core/crypto/ephemeral.js\";\nimport { Ed25519PrivateKey } from \"../core/crypto/ed25519.js\";\nimport { Hex } from \"../core/hex.js\";\nimport { EphemeralPublicKeyVariant } from \"../types/index.js\";\nimport { Deserializer, Serializable } from \"../bcs/index.js\";\nimport { floorToWholeHour, nowInSeconds, u64ToNumberSafe } from \"../utils/helpers.js\";\nconst TWO_WEEKS_IN_SECONDS = 1_209_600;\n/**\n * Represents an ephemeral key pair used for signing transactions via the Keyless authentication scheme.\n * This key pair is temporary and includes an expiration time.\n * For more details on how this class is used, refer to the documentation:\n * https://aptos.dev/guides/keyless-accounts/#1-present-the-user-with-a-sign-in-with-idp-button-on-the-ui\n * @group Implementation\n * @category Account (On-Chain Model)\n */\nexport class EphemeralKeyPair extends Serializable {\n static BLINDER_LENGTH = 31;\n /**\n * A byte array of length BLINDER_LENGTH used to obfuscate the public key from the IdP.\n * Used in calculating the nonce passed to the IdP and as a secret witness in proof generation.\n * @group Implementation\n * @category Account (On-Chain Model)\n */\n blinder;\n /**\n * A timestamp in seconds indicating when the ephemeral key pair is expired. After expiry, a new\n * EphemeralKeyPair must be generated and a new JWT needs to be created.\n * @group Implementation\n * @category Account (On-Chain Model)\n */\n expiryDateSecs;\n /**\n * The value passed to the IdP when the user authenticates. It consists of a\n * hash of the ephemeral public key, expiry date, and blinder.\n *\n * SECURITY: This value is NOT secret. It is sent to the IdP in the OIDC\n * redirect URL, embedded in the returned JWT, and packed into the proof\n * inputs sent to the prover service. The `clear()` lifecycle hook does\n * NOT zero this field — it is an immutable JS string and JavaScript\n * provides no API to overwrite string memory. A memory-read attacker who\n * dumps the process after `clear()` could correlate the surviving `nonce`\n * against IdP logs or on-chain activity. This is acceptable given that\n * the nonce was always public to begin with; it just means the privacy\n * benefit of `clear()` does not extend to unlinking the (already public)\n * nonce from any later forensic snapshot.\n *\n * @group Implementation\n * @category Account (On-Chain Model)\n */\n nonce;\n /**\n * A private key used to sign transactions. This private key is not tied to any account on the chain as it\n * is ephemeral (not permanent) in nature.\n * @group Implementation\n * @category Account (On-Chain Model)\n */\n privateKey;\n /**\n * A public key used to verify transactions. This public key is not tied to any account on the chain as it\n * is ephemeral (not permanent) in nature.\n * @group Implementation\n * @category Account (On-Chain Model)\n */\n publicKey;\n /**\n * Whether the ephemeral key pair has been cleared from memory.\n * @private\n */\n cleared = false;\n /**\n * Creates an instance of the class with a specified private key, optional expiry date, and optional blinder.\n * This constructor initializes the public key, sets the expiry date to a default value if not provided,\n * generates a blinder if not supplied, and calculates the nonce based on the public key, expiry date, and blinder.\n *\n * @param args - The parameters for constructing the instance.\n * @param args.privateKey - The private key used for creating the instance.\n * @param args.expiryDateSecs - Optional expiry date in seconds from the current time. Defaults to two weeks from now.\n * @param args.blinder - Optional blinder value. If not provided, a new blinder will be generated.\n * @group Implementation\n * @category Account (On-Chain Model)\n */\n constructor(args) {\n super();\n const { privateKey, expiryDateSecs, blinder } = args;\n this.privateKey = privateKey;\n this.publicKey = new EphemeralPublicKey(privateKey.publicKey());\n // By default, we set the expiry date to be two weeks in the future floored to the nearest hour\n this.expiryDateSecs = expiryDateSecs || floorToWholeHour(nowInSeconds() + TWO_WEEKS_IN_SECONDS);\n // Generate the blinder if not provided\n this.blinder = blinder !== undefined ? Hex.fromHexInput(blinder).toUint8Array() : generateBlinder();\n // Calculate the nonce\n const fields = padAndPackBytesWithLen(this.publicKey.bcsToBytes(), 93);\n fields.push(BigInt(this.expiryDateSecs));\n fields.push(bytesToBigIntLE(this.blinder));\n const nonceHash = poseidonHash(fields);\n this.nonce = nonceHash.toString();\n }\n /**\n * Returns the public key of the key pair.\n * @return EphemeralPublicKey\n * @group Implementation\n * @category Account (On-Chain Model)\n */\n getPublicKey() {\n return this.publicKey;\n }\n /**\n * Checks if the current time has surpassed the expiry date of the key pair.\n * @return boolean - Returns true if the key pair is expired, otherwise false.\n * @group Implementation\n * @category Account (On-Chain Model)\n */\n isExpired() {\n const currentTimeSecs = Math.floor(Date.now() / 1000);\n return currentTimeSecs > this.expiryDateSecs;\n }\n /**\n * Overwrites the ephemeral private key and blinder byte buffers with random\n * bytes and then zeros. After calling this method the key pair can no\n * longer sign transactions.\n *\n * SECURITY: This is a best-effort window-narrowing tool, NOT a true\n * zeroization guarantee. See `Ed25519PrivateKey.clear()` for the full\n * enumeration of JavaScript-level limits (immutable string copies, noble\n * `BigInt` intermediates, JIT register/stack residue, GC-relocated\n * copies).\n *\n * SPECIFIC TO `EphemeralKeyPair`: the `nonce` field is NOT cleared by\n * this method. It is the OIDC nonce — already public (it appears in the\n * IdP redirect URL, the returned JWT, and the proof inputs) — and is\n * stored as an immutable JS string that the language provides no API to\n * overwrite. See the `nonce` field JSDoc for the narrow\n * forensic-correlation consequence.\n *\n * @group Implementation\n * @category Account (On-Chain Model)\n */\n clear() {\n if (!this.cleared) {\n // Clear the underlying private key if it has a clear method\n if (\"clear\" in this.privateKey && typeof this.privateKey.clear === \"function\") {\n this.privateKey.clear();\n }\n else {\n // Fallback: multiple overwrite passes for better security\n const keyBytes = this.privateKey.toUint8Array();\n crypto.getRandomValues(keyBytes);\n keyBytes.fill(0xff);\n crypto.getRandomValues(keyBytes);\n keyBytes.fill(0);\n }\n // Also clear the blinder with multiple passes as it's used in nonce calculation\n crypto.getRandomValues(this.blinder);\n this.blinder.fill(0xff);\n crypto.getRandomValues(this.blinder);\n this.blinder.fill(0);\n this.cleared = true;\n }\n }\n /**\n * Returns whether the ephemeral key pair has been cleared from memory.\n *\n * @returns true if the key pair has been cleared, false otherwise\n * @group Implementation\n * @category Account (On-Chain Model)\n */\n isCleared() {\n return this.cleared;\n }\n /**\n * Serializes the object's properties into a format suitable for transmission or storage.\n * This function is essential for preparing the object data for serialization processes.\n *\n * @param serializer - The serializer instance used to serialize the object's properties.\n * @group Implementation\n * @category Account (On-Chain Model)\n */\n serialize(serializer) {\n serializer.serializeU32AsUleb128(this.publicKey.variant);\n serializer.serializeBytes(this.privateKey.toUint8Array());\n serializer.serializeU64(this.expiryDateSecs);\n serializer.serializeFixedBytes(this.blinder);\n }\n /**\n * Deserializes an ephemeral key pair from the provided deserializer.\n * This function helps in reconstructing an ephemeral key pair, which is essential for cryptographic operations.\n *\n * @param deserializer - The deserializer instance used to read the serialized data.\n * @group Implementation\n * @category Account (On-Chain Model)\n */\n static deserialize(deserializer) {\n const variantIndex = deserializer.deserializeUleb128AsU32();\n let privateKey;\n switch (variantIndex) {\n case EphemeralPublicKeyVariant.Ed25519:\n privateKey = Ed25519PrivateKey.deserialize(deserializer);\n break;\n default:\n throw new Error(`Unknown variant index for EphemeralPublicKey: ${variantIndex}`);\n }\n const expiryDateSecs = deserializer.deserializeU64();\n const blinder = deserializer.deserializeFixedBytes(31);\n return new EphemeralKeyPair({\n privateKey,\n expiryDateSecs: u64ToNumberSafe(expiryDateSecs, \"EphemeralKeyPair.expiryDateSecs\"),\n blinder,\n });\n }\n /**\n * Deserialize a byte array into an EphemeralKeyPair object.\n * This function allows you to reconstruct an EphemeralKeyPair from its serialized byte representation.\n *\n * @param bytes - The byte array representing the serialized EphemeralKeyPair.\n * @group Implementation\n * @category Account (On-Chain Model)\n */\n static fromBytes(bytes) {\n return EphemeralKeyPair.deserialize(new Deserializer(bytes));\n }\n /**\n * Generates a new ephemeral key pair with an optional expiry date.\n * This function allows you to create a temporary key pair for secure operations.\n *\n * @param args - Optional parameters for key pair generation.\n * @param args.scheme - The type of key pair to use for the EphemeralKeyPair. Only Ed25519 is supported for now.\n * @param args.expiryDateSecs - The date of expiry for the key pair in seconds.\n * @returns An instance of EphemeralKeyPair containing the generated private key and expiry date.\n * @group Implementation\n * @category Account (On-Chain Model)\n */\n static generate(args) {\n let privateKey;\n switch (args?.scheme) {\n default:\n privateKey = Ed25519PrivateKey.generate();\n }\n return new EphemeralKeyPair({ privateKey, expiryDateSecs: args?.expiryDateSecs });\n }\n /**\n * Sign the given data using the private key, returning an ephemeral signature.\n * This function is essential for creating a secure signature that can be used for authentication or verification purposes.\n *\n * @param data - The data to be signed, provided in HexInput format.\n * @returns EphemeralSignature - The resulting ephemeral signature.\n * @throws Error - Throws an error if the EphemeralKeyPair has expired or been cleared from memory.\n * @group Implementation\n * @category Account (On-Chain Model)\n */\n sign(data) {\n if (this.cleared) {\n throw new Error(\"EphemeralKeyPair has been cleared from memory and can no longer be used\");\n }\n if (this.isExpired()) {\n throw new Error(\"EphemeralKeyPair has expired\");\n }\n return new EphemeralSignature(this.privateKey.sign(data));\n }\n}\n/**\n * Generates a random byte array of length EphemeralKeyPair.BLINDER_LENGTH.\n * @returns Uint8Array A random byte array used for blinding.\n * @group Implementation\n * @category Account (On-Chain Model)\n */\nfunction generateBlinder() {\n return randomBytes(EphemeralKeyPair.BLINDER_LENGTH);\n}\n//# sourceMappingURL=EphemeralKeyPair.js.map","// Copyright © Aptos Foundation\n// SPDX-License-Identifier: Apache-2.0\nimport { EventEmitter } from \"eventemitter3\";\nimport { jwtDecode } from \"jwt-decode\";\n// Register keyless variants with AnyPublicKey/AnySignature registry\nimport \"../core/crypto/keylessRegistration.js\";\nimport { EphemeralCertificateVariant, SigningScheme } from \"../types/index.js\";\nimport { AccountAddress } from \"../core/accountAddress.js\";\nimport { AnyPublicKey, AnySignature } from \"../core/crypto/singleKey.js\";\nimport { KeylessSignature, EphemeralCertificate, ZeroKnowledgeSig, getKeylessConfig, fetchJWK, } from \"../core/crypto/keyless.js\";\nimport { EphemeralKeyPair } from \"./EphemeralKeyPair.js\";\nimport { Hex } from \"../core/hex.js\";\nimport { AccountAuthenticatorSingleKey } from \"../transactions/authenticator/account.js\";\nimport { Serializable } from \"../bcs/index.js\";\nimport { deriveTransactionType, generateSigningMessage } from \"../transactions/transactionBuilder/signingMessage.js\";\nimport { base64UrlDecode, warnIfDevelopment } from \"../utils/helpers.js\";\nimport { KeylessError, KeylessErrorType } from \"../errors/index.js\";\n// Import and re-export from lightweight module for backward compatibility\nimport { isKeylessSigner } from \"./keylessSigner.js\";\nexport { isKeylessSigner };\n/**\n * Account implementation for the Keyless authentication scheme. This abstract class is used for standard Keyless Accounts\n * and Federated Keyless Accounts.\n * @group Implementation\n * @category Account (On-Chain Model)\n */\nexport class AbstractKeylessAccount extends Serializable {\n static PEPPER_LENGTH = 31;\n /**\n * The KeylessPublicKey associated with the account\n * @group Implementation\n * @category Account (On-Chain Model)\n */\n publicKey;\n /**\n * The EphemeralKeyPair used to generate sign.\n * @group Implementation\n * @category Account (On-Chain Model)\n */\n ephemeralKeyPair;\n /**\n * The claim on the JWT to identify a user. This is typically 'sub' or 'email'.\n * @group Implementation\n * @category Account (On-Chain Model)\n */\n uidKey;\n /**\n * The value of the uidKey claim on the JWT. This intended to be a stable user identifier.\n * @group Implementation\n * @category Account (On-Chain Model)\n */\n uidVal;\n /**\n * The value of the 'aud' claim on the JWT, also known as client ID. This is the identifier for the dApp's\n * OIDC registration with the identity provider.\n * @group Implementation\n * @category Account (On-Chain Model)\n */\n aud;\n /**\n * A value contains 31 bytes of entropy that preserves privacy of the account. Typically fetched from a pepper provider.\n * @group Implementation\n * @category Account (On-Chain Model)\n */\n pepper;\n /**\n * Account address associated with the account\n * @group Implementation\n * @category Account (On-Chain Model)\n */\n accountAddress;\n /**\n * The zero knowledge signature (if ready) which contains the proof used to validate the EphemeralKeyPair.\n * @group Implementation\n * @category Account (On-Chain Model)\n */\n proof;\n /**\n * The proof of the EphemeralKeyPair or a promise that provides the proof. This is used to allow for awaiting on\n * fetching the proof.\n * @group Implementation\n * @category Account (On-Chain Model)\n */\n proofOrPromise;\n /**\n * Signing scheme used to sign transactions\n * @group Implementation\n * @category Account (On-Chain Model)\n */\n signingScheme = SigningScheme.SingleKey;\n /**\n * The JWT token used to derive the account\n * @group Implementation\n * @category Account (On-Chain Model)\n */\n jwt;\n /**\n * The hash of the verification key used to verify the proof. This is optional and can be used to check verifying key\n * rotations which may invalidate the proof.\n */\n verificationKeyHash;\n /**\n * An event emitter used to assist in handling asynchronous proof fetching.\n * @group Implementation\n * @category Account (On-Chain Model)\n */\n emitter;\n /**\n * Use the static generator `create(...)` instead.\n * Creates an instance of the KeylessAccount with an optional proof.\n *\n * @param args - The parameters for creating a KeylessAccount.\n * @param args.address - Optional account address associated with the KeylessAccount.\n * @param args.publicKey - A KeylessPublicKey or FederatedKeylessPublicKey.\n * @param args.ephemeralKeyPair - The ephemeral key pair used in the account creation.\n * @param args.iss - A JWT issuer.\n * @param args.uidKey - The claim on the JWT to identify a user. This is typically 'sub' or 'email'.\n * @param args.uidVal - The unique id for this user, intended to be a stable user identifier.\n * @param args.aud - The value of the 'aud' claim on the JWT, also known as client ID. This is the identifier for the dApp's\n * OIDC registration with the identity provider.\n * @param args.pepper - A hexadecimal input used for additional security.\n * @param args.proof - A Zero Knowledge Signature or a promise that resolves to one.\n * @param args.proofFetchCallback - Optional callback function for fetching proof.\n * @param args.jwt - A JSON Web Token used for authentication.\n * @param args.verificationKeyHash Optional 32-byte verification key hash as hex input used to check proof validity.\n */\n constructor(args) {\n super();\n const { address, ephemeralKeyPair, publicKey, uidKey, uidVal, aud, pepper, proof, proofFetchCallback, jwt, verificationKeyHash, } = args;\n this.ephemeralKeyPair = ephemeralKeyPair;\n this.publicKey = publicKey;\n this.accountAddress = address ? AccountAddress.from(address) : this.publicKey.authKey().derivedAddress();\n this.uidKey = uidKey;\n this.uidVal = uidVal;\n this.aud = aud;\n this.jwt = jwt;\n this.emitter = new EventEmitter();\n this.proofOrPromise = proof;\n if (proof instanceof ZeroKnowledgeSig) {\n this.proof = proof;\n }\n else {\n if (proofFetchCallback === undefined) {\n throw new Error(\"Must provide callback for async proof fetch\");\n }\n this.emitter.on(\"proofFetchFinish\", async (status) => {\n await proofFetchCallback(status);\n this.emitter.removeAllListeners();\n });\n // Note, this is purposely not awaited to be non-blocking. The caller should await on the proofFetchCallback.\n this.init(proof);\n }\n const pepperBytes = Hex.fromHexInput(pepper).toUint8Array();\n if (pepperBytes.length !== AbstractKeylessAccount.PEPPER_LENGTH) {\n throw new Error(`Pepper length in bytes should be ${AbstractKeylessAccount.PEPPER_LENGTH}`);\n }\n this.pepper = pepperBytes;\n if (verificationKeyHash !== undefined) {\n if (Hex.hexInputToUint8Array(verificationKeyHash).length !== 32) {\n throw new Error(\"verificationKeyHash must be 32 bytes\");\n }\n this.verificationKeyHash = Hex.hexInputToUint8Array(verificationKeyHash);\n }\n }\n getAnyPublicKey() {\n return new AnyPublicKey(this.publicKey);\n }\n /**\n * This initializes the asynchronous proof fetch\n * @return Emits whether the proof succeeds or fails, but has no return.\n * @group Implementation\n * @category Account (On-Chain Model)\n */\n async init(promise) {\n try {\n this.proof = await promise;\n this.emitter.emit(\"proofFetchFinish\", { status: \"Success\" });\n }\n catch (error) {\n if (error instanceof Error) {\n this.emitter.emit(\"proofFetchFinish\", { status: \"Failed\", error: error.toString() });\n }\n else {\n this.emitter.emit(\"proofFetchFinish\", { status: \"Failed\", error: \"Unknown\" });\n }\n }\n }\n /**\n * Serializes the jwt data into a format suitable for transmission or storage.\n * This function ensures that both the jwt data and the proof are properly serialized.\n *\n * @param serializer - The serializer instance used to convert the jwt data into bytes.\n */\n serialize(serializer) {\n this.accountAddress.serialize(serializer);\n serializer.serializeStr(this.jwt);\n serializer.serializeStr(this.uidKey);\n serializer.serializeFixedBytes(this.pepper);\n this.ephemeralKeyPair.serialize(serializer);\n if (this.proof === undefined) {\n throw new Error(\"Cannot serialize - proof undefined\");\n }\n this.proof.serialize(serializer);\n serializer.serializeOption(this.verificationKeyHash, 32);\n }\n static partialDeserialize(deserializer) {\n const address = AccountAddress.deserialize(deserializer);\n const jwt = deserializer.deserializeStr();\n const uidKey = deserializer.deserializeStr();\n const pepper = deserializer.deserializeFixedBytes(31);\n const ephemeralKeyPair = EphemeralKeyPair.deserialize(deserializer);\n const proof = ZeroKnowledgeSig.deserialize(deserializer);\n const verificationKeyHash = deserializer.deserializeOption(\"fixedBytes\", 32);\n return { address, jwt, uidKey, pepper, ephemeralKeyPair, proof, verificationKeyHash };\n }\n /**\n * Checks if the proof is expired. If so the account must be re-derived with a new EphemeralKeyPair\n * and JWT token.\n * @return boolean\n * @group Implementation\n * @category Account (On-Chain Model)\n */\n isExpired() {\n return this.ephemeralKeyPair.isExpired();\n }\n /**\n * Sign a message using Keyless.\n * @param message the message to sign, as binary input\n * @return the AccountAuthenticator containing the signature, together with the account's public key\n * @group Implementation\n * @category Account (On-Chain Model)\n */\n signWithAuthenticator(message) {\n const signature = new AnySignature(this.sign(message));\n const publicKey = new AnyPublicKey(this.publicKey);\n return new AccountAuthenticatorSingleKey(publicKey, signature);\n }\n /**\n * Sign a transaction using Keyless.\n * @param transaction the raw transaction\n * @return the AccountAuthenticator containing the signature of the transaction, together with the account's public key\n * @group Implementation\n * @category Account (On-Chain Model)\n */\n signTransactionWithAuthenticator(transaction) {\n const signature = new AnySignature(this.signTransaction(transaction));\n const publicKey = new AnyPublicKey(this.publicKey);\n return new AccountAuthenticatorSingleKey(publicKey, signature);\n }\n /**\n * Waits for asynchronous proof fetching to finish.\n * @return\n * @group Implementation\n * @category Account (On-Chain Model)\n */\n async waitForProofFetch() {\n if (this.proofOrPromise instanceof Promise) {\n await this.proofOrPromise;\n }\n }\n /**\n * Validates that the Keyless Account can be used to sign transactions.\n * @return\n */\n async checkKeylessAccountValidity(aptosConfig) {\n if (this.isExpired()) {\n throw KeylessError.fromErrorType({\n type: KeylessErrorType.EPHEMERAL_KEY_PAIR_EXPIRED,\n });\n }\n await this.waitForProofFetch();\n if (this.proof === undefined) {\n throw KeylessError.fromErrorType({\n type: KeylessErrorType.ASYNC_PROOF_FETCH_FAILED,\n });\n }\n // SECURITY: jwtDecode does NOT verify the JWT signature; we only read the\n // `kid` header to compare against the verification key hash. JWT signature\n // verification is performed on-chain by the keyless verifier.\n const header = jwtDecode(this.jwt, { header: true });\n if (header.kid === undefined) {\n throw KeylessError.fromErrorType({\n type: KeylessErrorType.JWT_PARSING_ERROR,\n details: \"checkKeylessAccountValidity failed. JWT is missing 'kid' in header. This should never happen.\",\n });\n }\n if (this.verificationKeyHash !== undefined) {\n const { verificationKey } = await getKeylessConfig({ aptosConfig });\n if (Hex.hexInputToString(verificationKey.hash()) !== Hex.hexInputToString(this.verificationKeyHash)) {\n throw KeylessError.fromErrorType({\n type: KeylessErrorType.INVALID_PROOF_VERIFICATION_KEY_NOT_FOUND,\n });\n }\n }\n else {\n warnIfDevelopment(\"[Aptos SDK] The verification key hash was not set. Proof may be invalid if the verification key has rotated.\");\n }\n await AbstractKeylessAccount.fetchJWK({ aptosConfig, publicKey: this.publicKey, kid: header.kid });\n }\n /**\n * Sign the given message using Keyless.\n * @param message in HexInput format\n * @returns Signature\n * @group Implementation\n * @category Account (On-Chain Model)\n */\n sign(message) {\n const { expiryDateSecs } = this.ephemeralKeyPair;\n if (this.isExpired()) {\n throw KeylessError.fromErrorType({\n type: KeylessErrorType.EPHEMERAL_KEY_PAIR_EXPIRED,\n });\n }\n if (this.proof === undefined) {\n throw KeylessError.fromErrorType({\n type: KeylessErrorType.PROOF_NOT_FOUND,\n details: \"Proof not found - make sure to call `await account.checkKeylessAccountValidity()` before signing.\",\n });\n }\n const ephemeralPublicKey = this.ephemeralKeyPair.getPublicKey();\n const ephemeralSignature = this.ephemeralKeyPair.sign(message);\n return new KeylessSignature({\n jwtHeader: base64UrlDecode(this.jwt.split(\".\")[0]),\n ephemeralCertificate: new EphemeralCertificate(this.proof, EphemeralCertificateVariant.ZkProof),\n expiryDateSecs,\n ephemeralPublicKey,\n ephemeralSignature,\n });\n }\n /**\n * Sign the given transaction with Keyless.\n * Signs the transaction and proof to guard against proof malleability.\n * @param transaction the transaction to be signed\n * @returns KeylessSignature\n * @group Implementation\n * @category Account (On-Chain Model)\n */\n signTransaction(transaction) {\n if (this.proof === undefined) {\n throw KeylessError.fromErrorType({\n type: KeylessErrorType.PROOF_NOT_FOUND,\n details: \"Proof not found - make sure to call `await account.checkKeylessAccountValidity()` before signing.\",\n });\n }\n const raw = deriveTransactionType(transaction);\n const txnAndProof = new TransactionAndProof(raw, this.proof.proof);\n const signMess = txnAndProof.hash();\n return this.sign(signMess);\n }\n getSigningMessage(transaction) {\n if (this.proof === undefined) {\n throw KeylessError.fromErrorType({\n type: KeylessErrorType.PROOF_NOT_FOUND,\n details: \"Proof not found - make sure to call `await account.checkKeylessAccountValidity()` before signing.\",\n });\n }\n const raw = deriveTransactionType(transaction);\n const txnAndProof = new TransactionAndProof(raw, this.proof.proof);\n return txnAndProof.hash();\n }\n /**\n * Note - This function is currently incomplete and should only be used to verify ownership of the KeylessAccount\n *\n * Verifies a signature given the message.\n *\n * @param args.message the message that was signed.\n * @param args.signature the KeylessSignature to verify\n * @returns boolean\n * @group Implementation\n * @category Account (On-Chain Model)\n */\n verifySignature(args) {\n return this.publicKey.verifySignature(args);\n }\n async verifySignatureAsync(args) {\n return this.publicKey.verifySignatureAsync({\n ...args,\n });\n }\n /**\n * Fetches the JWK from the issuer's well-known JWKS endpoint.\n *\n * @param args.publicKey The keyless public key to query\n * @param args.kid The kid of the JWK to fetch\n * @returns A JWK matching the `kid` in the JWT header.\n * @throws {KeylessError} If the JWK cannot be fetched\n */\n static async fetchJWK(args) {\n return fetchJWK(args);\n }\n}\n/**\n * A container class to hold a transaction and a proof. It implements CryptoHashable which is used to create\n * the signing message for Keyless transactions. We sign over the proof to ensure non-malleability.\n * @group Implementation\n * @category Account (On-Chain Model)\n */\nexport class TransactionAndProof extends Serializable {\n /**\n * The transaction to sign.\n * @group Implementation\n * @category Account (On-Chain Model)\n */\n transaction;\n /**\n * The zero knowledge proof used in signing the transaction.\n * @group Implementation\n * @category Account (On-Chain Model)\n */\n proof;\n /**\n * The domain separator prefix used when hashing.\n * @group Implementation\n * @category Account (On-Chain Model)\n */\n domainSeparator = \"APTOS::TransactionAndProof\";\n constructor(transaction, proof) {\n super();\n this.transaction = transaction;\n this.proof = proof;\n }\n /**\n * Serializes the transaction data into a format suitable for transmission or storage.\n * This function ensures that both the transaction bytes and the proof are properly serialized.\n *\n * @param serializer - The serializer instance used to convert the transaction data into bytes.\n */\n serialize(serializer) {\n serializer.serializeFixedBytes(this.transaction.bcsToBytes());\n serializer.serializeOption(this.proof);\n }\n /**\n * Hashes the bcs serialized from of the class. This is the typescript corollary to the BCSCryptoHash macro in aptos-core.\n *\n * @returns Uint8Array\n * @group Implementation\n * @category Account (On-Chain Model)\n */\n hash() {\n return generateSigningMessage(this.bcsToBytes(), this.domainSeparator);\n }\n}\n//# sourceMappingURL=AbstractKeylessAccount.js.map"],"x_google_ignoreList":[0,1,2,3,4,5],"mappings":";;;;;;;;;AAGA,IAAW;CACV,SAAU,mCAAmC;CAC1C,kCAAkC,kCAAkC,QAAQ,KAAK;CACjF,kCAAkC,kCAAkC,iBAAiB,KAAK;AAC9F,EAAC,CAAE,sCAAsC,oCAAoC,CAAC,EAAE;;;;AAIhF,IAAW;CACV,SAAU,sBAAsB;CAC7B,qBAAqB,qBAAqB,QAAQ,KAAK;AAC3D,EAAC,CAAE,yBAAyB,uBAAuB,CAAC,EAAE;;;;;;;;;;;;;ACMtD,IAAa,uBAAb,cAA0C,aAAa;;;;;;;;;CASnD,OAAO,YAAY,cAAc;EAC7B,MAAM,QAAQ,aAAa,wBAAwB;EACnD,QAAQ,OAAR;GACI,KAAK,4BAA4B,SAC7B,OAAO,4BAA4B,KAAK,YAAY;GACxD,KAAK,4BAA4B,cAC7B,OAAO,iCAAiC,KAAK,YAAY;GAC7D,KAAK,4BAA4B,WAC7B,OAAO,8BAA8B,KAAK,YAAY;GAC1D,KAAK,4BAA4B,UAC7B,OAAO,6BAA6B,KAAK,YAAY;GACzD,KAAK,4BAA4B,wBAC7B,OAAO,2CAA2C,KAAK,YAAY;GACvE,KAAK,4BAA4B,aAC7B,OAAO,gCAAgC,KAAK,YAAY;GAC5D,SACI,MAAM,IAAI,MAAM,mDAAmD,OAAO;EAClF;CACJ;;;;;;;;CAQA,YAAY;EACR,OAAO,gBAAgB;CAC3B;;;;;;;;CAQA,iBAAiB;EACb,OAAO,gBAAgB;CAC3B;;;;;;;;CAQA,cAAc;EACV,OAAO,gBAAgB;CAC3B;;;;;;;;CAQA,aAAa;EACT,OAAO,gBAAgB;CAC3B;AACJ;;;;;;;;;;AAUA,IAAa,8BAAb,MAAa,oCAAoC,qBAAqB;CAClE;CACA;;;;;;;;;CASA,YAAY,YAAY,WAAW;EAC/B,MAAM;EACN,KAAK,aAAa;EAClB,KAAK,YAAY;CACrB;;;;;;;;;CASA,UAAU,YAAY;EAClB,WAAW,sBAAsB,4BAA4B,OAAO;EACpE,KAAK,WAAW,UAAU,UAAU;EACpC,KAAK,UAAU,UAAU,UAAU;CACvC;;;;;;;;;CASA,OAAO,KAAK,cAAc;EAGtB,OAAO,IAAI,4BAFQ,iBAAiB,YAAY,YAEA,GAD9B,iBAAiB,YAAY,YACY,CAAC;CAChE;AACJ;;;;;;;;;AASA,IAAa,mCAAb,MAAa,yCAAyC,qBAAqB;CACvE;CACA;CACA,YAAY,YAAY,WAAW;EAC/B,MAAM;EACN,KAAK,aAAa;EAClB,KAAK,YAAY;CACrB;CACA,UAAU,YAAY;EAClB,WAAW,sBAAsB,4BAA4B,YAAY;EACzE,KAAK,WAAW,UAAU,UAAU;EACpC,KAAK,UAAU,UAAU,UAAU;CACvC;CACA,OAAO,KAAK,cAAc;EAGtB,OAAO,IAAI,iCAFQ,sBAAsB,YAAY,YAEA,GADnC,sBAAsB,YAAY,YACY,CAAC;CACrE;AACJ;;;;;;;;;;AAUA,IAAa,gCAAb,MAAa,sCAAsC,qBAAqB;CACpE;CACA;CACA,YAAY,YAAY,WAAW;EAC/B,MAAM;EACN,KAAK,aAAa;EAClB,KAAK,YAAY;CACrB;CACA,UAAU,YAAY;EAClB,WAAW,sBAAsB,4BAA4B,SAAS;EACtE,KAAK,WAAW,UAAU,UAAU;EACpC,KAAK,UAAU,UAAU,UAAU;CACvC;CACA,OAAO,KAAK,cAAc;EAGtB,OAAO,IAAI,8BAFQ,aAAa,YAAY,YAEM,GADhC,aAAa,YAAY,YACkB,CAAC;CAClE;AACJ;;;;;;;;;AASA,IAAa,+BAAb,MAAa,qCAAqC,qBAAqB;CACnE;CACA;CACA,YAAY,aAAa,YAAY;EACjC,MAAM;EACN,KAAK,cAAc;EACnB,KAAK,aAAa;CACtB;CACA,UAAU,YAAY;EAClB,WAAW,sBAAsB,4BAA4B,QAAQ;EACrE,KAAK,YAAY,UAAU,UAAU;EACrC,KAAK,WAAW,UAAU,UAAU;CACxC;CACA,OAAO,KAAK,cAAc;EAGtB,OAAO,IAAI,6BAFS,SAAS,YAAY,YAES,GAD/B,kBAAkB,YAAY,YACa,CAAC;CACnE;AACJ;;;;;;AAMA,IAAa,6CAAb,MAAa,mDAAmD,qBAAqB;CACjF,UAAU,YAAY;EAClB,WAAW,sBAAsB,4BAA4B,sBAAsB;CACvF;CACA,OAAO,KAAK,cAAc;EACtB,OAAO,IAAI,2CAA2C;CAC1D;AACJ;;;;;;;;;;;AAWA,IAAa,kCAAb,MAAa,wCAAwC,qBAAqB;CACtE;CACA;CACA;;;;CAIA;CACA,YAAY,cAAc,sBAAsB,sBAAsB,iBAAiB;EACnF,MAAM;EACN,IAAI,CAAC,oBAAoB,YAAY,GACjC,MAAM,IAAI,MAAM,yBAAyB,aAAa,6CAA6C;EAEvG,KAAK,eAAe;EACpB,KAAK,uBAAuB;EAC5B,KAAK,uBAAuB,IAAI,aAAa,IAAI,aAAa,oBAAoB,CAAC,CAAC,aAAa,CAAC;EAClG,KAAK,kBAAkB;CAC3B;CACA,UAAU,YAAY;EAClB,WAAW,sBAAsB,4BAA4B,WAAW;EACxE,MAAM,EAAE,eAAe,YAAY,iBAAiB,iBAAiB,KAAK,YAAY;EACtF,eAAe,WAAW,aAAa,CAAC,CAAC,UAAU,UAAU;EAC7D,WAAW,aAAa,UAAU;EAClC,WAAW,aAAa,YAAY;EACpC,IAAI,KAAK,iBACL,WAAW,sBAAsB,kCAAkC,WAAW;OAG9E,WAAW,sBAAsB,kCAAkC,EAAE;EAEzE,WAAW,eAAe,KAAK,qBAAqB,aAAa,CAAC;EAClE,IAAI,KAAK,iBACL,WAAW,eAAe,KAAK,oBAAoB;OAGnD,WAAW,oBAAoB,KAAK,oBAAoB;EAE5D,IAAI,KAAK,iBACL,WAAW,eAAe,KAAK,eAAe;CAEtD;CACA,OAAO,KAAK,cAAc;EAEtB,MAAM,gBAAgB,eAAe,YAAY,YAAY;EAC7D,MAAM,aAAa,aAAa,eAAe;EAC/C,MAAM,eAAe,aAAa,eAAe;EAEjD,MAAM,UAAU,aAAa,wBAAwB;EAErD,MAAM,uBAAuB,aAAa,iBAAiB;EAC3D,IAAI,YAAY,kCAAkC,IAAI;GAClD,MAAM,uBAAuB,aAAa,sBAAsB,aAAa,UAAU,CAAC;GACxF,OAAO,IAAI,gCAAgC,GAAG,cAAc,IAAI,WAAW,IAAI,gBAAgB,sBAAsB,oBAAoB;EAC7I;EACA,IAAI,YAAY,kCAAkC,aAAa;GAC3D,MAAM,uBAAuB,aAAa,iBAAiB;GAC3D,MAAM,oBAAoB,aAAa,iBAAiB;GACxD,OAAO,IAAI,gCAAgC,GAAG,cAAc,IAAI,WAAW,IAAI,gBAAgB,sBAAsB,sBAAsB,iBAAiB;EAChK;EACA,MAAM,IAAI,MAAM,8DAA8D,SAAS;CAC3F;AACJ;;;;ACjTA,SAAgB,gBAAgB,KAAK;CACjC,OAAQ,QAAQ,QACZ,QAAQ,UACR,OAAO,IAAI,gCAAgC,cAC3C,OAAO,IAAI,sBAAsB;AACzC;;;;;;;;AEGA,MAAM,uBAAuB;;;;;;;;;AAS7B,IAAa,mBAAb,MAAa,yBAAyB,aAAa;CAC/C,OAAO,iBAAiB;;;;;;;CAOxB;;;;;;;CAOA;;;;;;;;;;;;;;;;;;;CAmBA;;;;;;;CAOA;;;;;;;CAOA;;;;;CAKA,UAAU;;;;;;;;;;;;;CAaV,YAAY,MAAM;EACd,MAAM;EACN,MAAM,EAAE,YAAY,gBAAgB,YAAY;EAChD,KAAK,aAAa;EAClB,KAAK,YAAY,IAAI,mBAAmB,WAAW,UAAU,CAAC;EAE9D,KAAK,iBAAiB,kBAAkB,iBAAiB,aAAa,IAAI,oBAAoB;EAE9F,KAAK,UAAU,YAAY,SAAY,IAAI,aAAa,OAAO,CAAC,CAAC,aAAa,IAAI,gBAAgB;EAElG,MAAM,SAAS,uBAAuB,KAAK,UAAU,WAAW,GAAG,EAAE;EACrE,OAAO,KAAK,OAAO,KAAK,cAAc,CAAC;EACvC,OAAO,KAAK,gBAAgB,KAAK,OAAO,CAAC;EACzC,MAAM,YAAY,aAAa,MAAM;EACrC,KAAK,QAAQ,UAAU,SAAS;CACpC;;;;;;;CAOA,eAAe;EACX,OAAO,KAAK;CAChB;;;;;;;CAOA,YAAY;EAER,OADwB,KAAK,MAAM,KAAK,IAAI,IAAI,GAC3B,IAAI,KAAK;CAClC;;;;;;;;;;;;;;;;;;;;;;CAsBA,QAAQ;EACJ,IAAI,CAAC,KAAK,SAAS;GAEf,IAAI,WAAW,KAAK,cAAc,OAAO,KAAK,WAAW,UAAU,YAC/D,KAAK,WAAW,MAAM;QAErB;IAED,MAAM,WAAW,KAAK,WAAW,aAAa;IAC9C,OAAO,gBAAgB,QAAQ;IAC/B,SAAS,KAAK,GAAI;IAClB,OAAO,gBAAgB,QAAQ;IAC/B,SAAS,KAAK,CAAC;GACnB;GAEA,OAAO,gBAAgB,KAAK,OAAO;GACnC,KAAK,QAAQ,KAAK,GAAI;GACtB,OAAO,gBAAgB,KAAK,OAAO;GACnC,KAAK,QAAQ,KAAK,CAAC;GACnB,KAAK,UAAU;EACnB;CACJ;;;;;;;;CAQA,YAAY;EACR,OAAO,KAAK;CAChB;;;;;;;;;CASA,UAAU,YAAY;EAClB,WAAW,sBAAsB,KAAK,UAAU,OAAO;EACvD,WAAW,eAAe,KAAK,WAAW,aAAa,CAAC;EACxD,WAAW,aAAa,KAAK,cAAc;EAC3C,WAAW,oBAAoB,KAAK,OAAO;CAC/C;;;;;;;;;CASA,OAAO,YAAY,cAAc;EAC7B,MAAM,eAAe,aAAa,wBAAwB;EAC1D,IAAI;EACJ,QAAQ,cAAR;GACI,KAAK,0BAA0B;IAC3B,aAAa,kBAAkB,YAAY,YAAY;IACvD;GACJ,SACI,MAAM,IAAI,MAAM,iDAAiD,cAAc;EACvF;EACA,MAAM,iBAAiB,aAAa,eAAe;EACnD,MAAM,UAAU,aAAa,sBAAsB,EAAE;EACrD,OAAO,IAAI,iBAAiB;GACxB;GACA,gBAAgB,gBAAgB,gBAAgB,iCAAiC;GACjF;EACJ,CAAC;CACL;;;;;;;;;CASA,OAAO,UAAU,OAAO;EACpB,OAAO,iBAAiB,YAAY,IAAI,aAAa,KAAK,CAAC;CAC/D;;;;;;;;;;;;CAYA,OAAO,SAAS,MAAM;EAClB,IAAI;EACJ,QAAQ,MAAM,QAAd;GACI,SACI,aAAa,kBAAkB,SAAS;EAChD;EACA,OAAO,IAAI,iBAAiB;GAAE;GAAY,gBAAgB,MAAM;EAAe,CAAC;CACpF;;;;;;;;;;;CAWA,KAAK,MAAM;EACP,IAAI,KAAK,SACL,MAAM,IAAI,MAAM,yEAAyE;EAE7F,IAAI,KAAK,UAAU,GACf,MAAM,IAAI,MAAM,8BAA8B;EAElD,OAAO,IAAI,mBAAmB,KAAK,WAAW,KAAK,IAAI,CAAC;CAC5D;AACJ;;;;;;;AAOA,SAAS,kBAAkB;CACvB,OAAO,YAAY,iBAAiB,cAAc;AACtD;;;;;;;;;;;;;;ACrPA,IAAa,yBAAb,MAAa,+BAA+B,aAAa;CACrD,OAAO,gBAAgB;;;;;;CAMvB;;;;;;CAMA;;;;;;CAMA;;;;;;CAMA;;;;;;;CAOA;;;;;;CAMA;;;;;;CAMA;;;;;;CAMA;;;;;;;CAOA;;;;;;CAMA,gBAAgB,cAAc;;;;;;CAM9B;;;;;CAKA;;;;;;CAMA;;;;;;;;;;;;;;;;;;;;CAoBA,YAAY,MAAM;EACd,MAAM;EACN,MAAM,EAAE,SAAS,kBAAkB,WAAW,QAAQ,QAAQ,KAAK,QAAQ,OAAO,oBAAoB,KAAK,wBAAyB;EACpI,KAAK,mBAAmB;EACxB,KAAK,YAAY;EACjB,KAAK,iBAAiB,UAAU,eAAe,KAAK,OAAO,IAAI,KAAK,UAAU,QAAQ,CAAC,CAAC,eAAe;EACvG,KAAK,SAAS;EACd,KAAK,SAAS;EACd,KAAK,MAAM;EACX,KAAK,MAAM;EACX,KAAK,UAAU,IAAIA,6BAAa;EAChC,KAAK,iBAAiB;EACtB,IAAI,iBAAiB,kBACjB,KAAK,QAAQ;OAEZ;GACD,IAAI,uBAAuB,QACvB,MAAM,IAAI,MAAM,6CAA6C;GAEjE,KAAK,QAAQ,GAAG,oBAAoB,OAAO,WAAW;IAClD,MAAM,mBAAmB,MAAM;IAC/B,KAAK,QAAQ,mBAAmB;GACpC,CAAC;GAED,KAAK,KAAK,KAAK;EACnB;EACA,MAAM,cAAc,IAAI,aAAa,MAAM,CAAC,CAAC,aAAa;EAC1D,IAAI,YAAY,WAAW,uBAAuB,eAC9C,MAAM,IAAI,MAAM,oCAAoC,uBAAuB,eAAe;EAE9F,KAAK,SAAS;EACd,IAAI,wBAAwB,QAAW;GACnC,IAAI,IAAI,qBAAqB,mBAAmB,CAAC,CAAC,WAAW,IACzD,MAAM,IAAI,MAAM,sCAAsC;GAE1D,KAAK,sBAAsB,IAAI,qBAAqB,mBAAmB;EAC3E;CACJ;CACA,kBAAkB;EACd,OAAO,IAAI,aAAa,KAAK,SAAS;CAC1C;;;;;;;CAOA,MAAM,KAAK,SAAS;EAChB,IAAI;GACA,KAAK,QAAQ,MAAM;GACnB,KAAK,QAAQ,KAAK,oBAAoB,EAAE,QAAQ,UAAU,CAAC;EAC/D,SACO,OAAO;GACV,IAAI,iBAAiB,OACjB,KAAK,QAAQ,KAAK,oBAAoB;IAAE,QAAQ;IAAU,OAAO,MAAM,SAAS;GAAE,CAAC;QAGnF,KAAK,QAAQ,KAAK,oBAAoB;IAAE,QAAQ;IAAU,OAAO;GAAU,CAAC;EAEpF;CACJ;;;;;;;CAOA,UAAU,YAAY;EAClB,KAAK,eAAe,UAAU,UAAU;EACxC,WAAW,aAAa,KAAK,GAAG;EAChC,WAAW,aAAa,KAAK,MAAM;EACnC,WAAW,oBAAoB,KAAK,MAAM;EAC1C,KAAK,iBAAiB,UAAU,UAAU;EAC1C,IAAI,KAAK,UAAU,QACf,MAAM,IAAI,MAAM,oCAAoC;EAExD,KAAK,MAAM,UAAU,UAAU;EAC/B,WAAW,gBAAgB,KAAK,qBAAqB,EAAE;CAC3D;CACA,OAAO,mBAAmB,cAAc;EAQpC,OAAO;GAAE,SAPO,eAAe,YAAY,YAO5B;GAAG,KANN,aAAa,eAML;GAAG,QALR,aAAa,eAKA;GAAG,QAJhB,aAAa,sBAAsB,EAId;GAAG,kBAHd,iBAAiB,YAAY,YAGA;GAAG,OAF3C,iBAAiB,YAAY,YAEkB;GAAG,qBADpC,aAAa,kBAAkB,cAAc,EACS;EAAE;CACxF;;;;;;;;CAQA,YAAY;EACR,OAAO,KAAK,iBAAiB,UAAU;CAC3C;;;;;;;;CAQA,sBAAsB,SAAS;EAC3B,MAAM,YAAY,IAAI,aAAa,KAAK,KAAK,OAAO,CAAC;EAErD,OAAO,IAAI,8BAA8B,IADnB,aAAa,KAAK,SACS,GAAG,SAAS;CACjE;;;;;;;;CAQA,iCAAiC,aAAa;EAC1C,MAAM,YAAY,IAAI,aAAa,KAAK,gBAAgB,WAAW,CAAC;EAEpE,OAAO,IAAI,8BAA8B,IADnB,aAAa,KAAK,SACS,GAAG,SAAS;CACjE;;;;;;;CAOA,MAAM,oBAAoB;EACtB,IAAI,KAAK,0BAA0B,SAC/B,MAAM,KAAK;CAEnB;;;;;CAKA,MAAM,4BAA4B,aAAa;EAC3C,IAAI,KAAK,UAAU,GACf,MAAM,aAAa,cAAc,EAC7B,MAAM,iBAAiB,2BAC3B,CAAC;EAEL,MAAM,KAAK,kBAAkB;EAC7B,IAAI,KAAK,UAAU,QACf,MAAM,aAAa,cAAc,EAC7B,MAAM,iBAAiB,yBAC3B,CAAC;EAKL,MAAM,SAAS,UAAU,KAAK,KAAK,EAAE,QAAQ,KAAK,CAAC;EACnD,IAAI,OAAO,QAAQ,QACf,MAAM,aAAa,cAAc;GAC7B,MAAM,iBAAiB;GACvB,SAAS;EACb,CAAC;EAEL,IAAI,KAAK,wBAAwB,QAAW;GACxC,MAAM,EAAE,oBAAoB,MAAM,iBAAiB,EAAE,YAAY,CAAC;GAClE,IAAI,IAAI,iBAAiB,gBAAgB,KAAK,CAAC,MAAM,IAAI,iBAAiB,KAAK,mBAAmB,GAC9F,MAAM,aAAa,cAAc,EAC7B,MAAM,iBAAiB,yCAC3B,CAAC;EAET,OAEI,kBAAkB,8GAA8G;EAEpI,MAAM,uBAAuB,SAAS;GAAE;GAAa,WAAW,KAAK;GAAW,KAAK,OAAO;EAAI,CAAC;CACrG;;;;;;;;CAQA,KAAK,SAAS;EACV,MAAM,EAAE,mBAAmB,KAAK;EAChC,IAAI,KAAK,UAAU,GACf,MAAM,aAAa,cAAc,EAC7B,MAAM,iBAAiB,2BAC3B,CAAC;EAEL,IAAI,KAAK,UAAU,QACf,MAAM,aAAa,cAAc;GAC7B,MAAM,iBAAiB;GACvB,SAAS;EACb,CAAC;EAEL,MAAM,qBAAqB,KAAK,iBAAiB,aAAa;EAC9D,MAAM,qBAAqB,KAAK,iBAAiB,KAAK,OAAO;EAC7D,OAAO,IAAI,iBAAiB;GACxB,WAAW,gBAAgB,KAAK,IAAI,MAAM,GAAG,CAAC,CAAC,EAAE;GACjD,sBAAsB,IAAI,qBAAqB,KAAK,OAAO,4BAA4B,OAAO;GAC9F;GACA;GACA;EACJ,CAAC;CACL;;;;;;;;;CASA,gBAAgB,aAAa;EACzB,IAAI,KAAK,UAAU,QACf,MAAM,aAAa,cAAc;GAC7B,MAAM,iBAAiB;GACvB,SAAS;EACb,CAAC;EAIL,MAAM,WAAW,IADO,oBADZ,sBAAsB,WACY,GAAG,KAAK,MAAM,KACjC,CAAC,CAAC,KAAK;EAClC,OAAO,KAAK,KAAK,QAAQ;CAC7B;CACA,kBAAkB,aAAa;EAC3B,IAAI,KAAK,UAAU,QACf,MAAM,aAAa,cAAc;GAC7B,MAAM,iBAAiB;GACvB,SAAS;EACb,CAAC;EAIL,OAAO,IADiB,oBADZ,sBAAsB,WACY,GAAG,KAAK,MAAM,KAC3C,CAAC,CAAC,KAAK;CAC5B;;;;;;;;;;;;CAYA,gBAAgB,MAAM;EAClB,OAAO,KAAK,UAAU,gBAAgB,IAAI;CAC9C;CACA,MAAM,qBAAqB,MAAM;EAC7B,OAAO,KAAK,UAAU,qBAAqB,EACvC,GAAG,KACP,CAAC;CACL;;;;;;;;;CASA,aAAa,SAAS,MAAM;EACxB,OAAO,SAAS,IAAI;CACxB;AACJ;;;;;;;AAOA,IAAa,sBAAb,cAAyC,aAAa;;;;;;CAMlD;;;;;;CAMA;;;;;;CAMA,kBAAkB;CAClB,YAAY,aAAa,OAAO;EAC5B,MAAM;EACN,KAAK,cAAc;EACnB,KAAK,QAAQ;CACjB;;;;;;;CAOA,UAAU,YAAY;EAClB,WAAW,oBAAoB,KAAK,YAAY,WAAW,CAAC;EAC5D,WAAW,gBAAgB,KAAK,KAAK;CACzC;;;;;;;;CAQA,OAAO;EACH,OAAO,uBAAuB,KAAK,WAAW,GAAG,KAAK,eAAe;CACzE;AACJ"}