@stellar/stellar-sdk 16.0.0-rc.1 → 16.0.0

package/lib/axios/esm/base/auth.js

@@ -77,7 +77,8 @@ function authorizeInvocation(params) {
     validUntilLedgerSeq,
     invocation,
     networkPassphrase,
-    publicKey = ""
+    publicKey = "",
+    authV2 = false
   } = params;
   const kp = Keypair.random().rawPublicKey();
   const nonce = new types.Int64(bytesToInt64(kp));
@@ -85,18 +86,17 @@ function authorizeInvocation(params) {
   if (!pk) {
     throw new Error(`authorizeInvocation requires publicKey parameter`);
   }
+  const addressCredentials = new types.SorobanAddressCredentials({
+    address: new Address(pk).toScAddress(),
+    nonce,
+    signatureExpirationLedger: 0,
+    // replaced
+    signature: types.ScVal.scvVec([])
+    // replaced
+  });
   const entry = new types.SorobanAuthorizationEntry({
     rootInvocation: invocation,
-    credentials: types.SorobanCredentials.sorobanCredentialsAddressV2(
-      new types.SorobanAddressCredentials({
-        address: new Address(pk).toScAddress(),
-        nonce,
-        signatureExpirationLedger: 0,
-        // replaced
-        signature: types.ScVal.scvVec([])
-        // replaced
-      })
-    )
+    credentials: authV2 ? types.SorobanCredentials.sorobanCredentialsAddressV2(addressCredentials) : types.SorobanCredentials.sorobanCredentialsAddress(addressCredentials)
   });
   return authorizeEntry(entry, signer, validUntilLedgerSeq, networkPassphrase);
 }

package/lib/axios/esm/base/auth.js.map

@@ -1 +1 @@
-{"version":3,"file":"auth.js","sources":["../../../../src/base/auth.ts"],"sourcesContent":["import xdr from \"./xdr.js\";\n\nimport { Keypair } from \"./keypair.js\";\nimport { StrKey } from \"./strkey.js\";\n\nimport type { Networks } from \"./network.js\";\nimport { hash } from \"./hashing.js\";\n\nimport { Address } from \"./address.js\";\nimport { nativeToScVal } from \"./scval.js\";\n\ntype BufferLike = ArrayBuffer | Buffer | Uint8Array;\n\nfunction toBuffer(value: BufferLike): Buffer {\n  if (value instanceof ArrayBuffer) {\n    return Buffer.from(new Uint8Array(value));\n  }\n  return Buffer.from(value);\n}\n\n/**\n * A callback for signing an XDR structure representing all of the details\n * necessary to authorize an invocation tree.\n *\n * @param preimage - the entire authorization envelope whose hash you should\n *    sign, so that you can inspect the entire structure if necessary (rather\n *    than blindly signing a hash)\n *\n * @returns the signature of the raw payload (which is the sha256 hash of the\n *    preimage bytes, so `hash(preimage.toXDR())`) either naked, implying it is\n *    signed by the key corresponding to the public key in the entry you pass to\n *    {@link authorizeEntry} (decipherable from its\n *    `credentials().address().address()`), or alongside an explicit `publicKey`.\n */\nexport type SigningCallback = (\n  preimage: xdr.HashIdPreimage,\n) => Promise<BufferLike | { signature: BufferLike; publicKey: string }>;\n\n/**\n * Actually authorizes an existing authorization entry using the given\n * credentials and expiration details, returning a signed copy.\n *\n * This \"fills out\" the authorization entry with a signature, indicating to the\n * {@link Operation.invokeHostFunction} its attached to that:\n *   - a particular identity (i.e. signing {@link Keypair} or other signer)\n *   - approving the execution of an invocation tree (i.e. a simulation-acquired\n *     {@link xdr.SorobanAuthorizedInvocation} or otherwise built)\n *   - on a particular network (uniquely identified by its passphrase, see\n *     {@link Networks})\n *   - until a particular ledger sequence is reached.\n *\n * This one lets you pass either a {@link Keypair} (or, more accurately,\n * anything with a `sign(Buffer): Buffer` method) or a callback function (see\n * {@link SigningCallback}) to handle signing the envelope hash.\n *\n * @param entry - an unsigned authorization entry\n * @param signer - either a {@link Keypair} instance or a function which takes a\n *    {@link xdr.HashIdPreimageSorobanAuthorization} input payload and returns\n *    EITHER\n *\n *      (a) an object containing a `signature` of the hash of the raw payload\n *          bytes as a Buffer-like and a `publicKey` string representing who just\n *          created this signature, or\n *      (b) just the naked signature of the hash of the raw payload bytes (where\n *          the signing key is implied to be the address in the `entry`).\n *\n *    The latter option (b) is JUST for backwards compatibility and will be\n *    removed in the future.\n * @param validUntilLedgerSeq - the (exclusive) future ledger sequence number\n *    until which this authorization entry should be valid (if\n *    `currentLedgerSeq==validUntil`, this is expired)\n * @param networkPassphrase - the network passphrase is incorporated into the\n *    signature (see {@link Networks} for options)\n *\n * If using the `SigningCallback` variation, the signer is assumed to be\n * the entry's credential address unless you use the variant that returns\n * the object.\n *\n * @param forAddress - which credential node the signature should be written\n *    to. Only relevant for `SOROBAN_CREDENTIALS_ADDRESS_WITH_DELEGATES`, where\n *    a single entry can be signed by the top-level account and/or any of its\n *    (possibly nested) delegates. Per CAP-71-01 every one of these signers\n *    signs the *same* payload (bound to the top-level address), so the\n *    signature produced here is written to whichever node(s) carry\n *    `forAddress`. When omitted, the signature is written to the top-level\n *    credentials, which preserves the behavior for `SOROBAN_CREDENTIALS_ADDRESS`\n *    / `SOROBAN_CREDENTIALS_ADDRESS_V2` and for accounts whose signing key\n *    differs from the credential address (e.g. multisig).\n *\n * @see authorizeInvocation\n * @example\n * ```ts\n * import {\n *   SorobanRpc,\n *   Transaction,\n *   Networks,\n *   authorizeEntry\n * } from '@stellar/stellar-sdk';\n *\n * // Assume signPayloadCallback is a well-formed signing callback.\n * //\n * // It might, for example, pop up a modal from a browser extension, send the\n * // transaction to a third-party service for signing, or just do simple\n * // signing via Keypair like it does here:\n * function signPayloadCallback(payload) {\n *    return signer.sign(hash(payload.toXDR()));\n * }\n *\n * function multiPartyAuth(\n *    server: SorobanRpc.Server,\n *    // assume this involves multi-party auth\n *    tx: Transaction,\n * ) {\n *    return server\n *      .simulateTransaction(tx)\n *      .then((simResult) => {\n *          tx.operations[0].auth.map(entry =>\n *            authorizeEntry(\n *              entry,\n *              signPayloadCallback,\n *              currentLedger + 1000,\n *              Networks.TESTNET)\n *          );\n *\n *          return server.prepareTransaction(tx, simResult);\n *      })\n *      .then((preppedTx) => {\n *        preppedTx.sign(source);\n *        return server.sendTransaction(preppedTx);\n *      });\n * }\n * ```\n */\nexport async function authorizeEntry(\n  entry: xdr.SorobanAuthorizationEntry,\n  signer: Keypair | SigningCallback,\n  validUntilLedgerSeq: number,\n  networkPassphrase: string,\n  forAddress?: string,\n): Promise<xdr.SorobanAuthorizationEntry> {\n  // no-op if it's source account auth\n  if (\n    entry.credentials().switch().value ===\n    xdr.SorobanCredentialsType.sorobanCredentialsSourceAccount().value\n  ) {\n    return entry;\n  }\n\n  const clone = xdr.SorobanAuthorizationEntry.fromXDR(entry.toXDR());\n  const credentials = clone.credentials();\n  const addrAuth = getAddressCredentials(credentials);\n  if (addrAuth === null) {\n    // We should have already returned if the credentials were source account credentials,\n    // so if we can't get address credentials out of this, it's an unsupported credential type.\n    throw new Error(`unsupported credential type ${credentials.switch().name}`);\n  }\n\n  // Set the expiration before building the preimage, so the hash that gets\n  // signed commits to the same expiration ledger stored in the credentials.\n  // Otherwise the network reconstructs the preimage from the (updated)\n  // credentials and the signature no longer matches.\n  addrAuth.signatureExpirationLedger(validUntilLedgerSeq);\n\n  const preimage = buildAuthorizationEntryPreimage(\n    clone,\n    validUntilLedgerSeq,\n    networkPassphrase,\n  );\n\n  const payload = hash(preimage.toXDR());\n\n  let signature: Buffer;\n  let publicKey: string;\n  if (typeof signer === \"function\") {\n    const sigResult = await signer(preimage);\n    if (\n      sigResult !== null &&\n      typeof sigResult === \"object\" &&\n      \"signature\" in sigResult\n    ) {\n      signature = toBuffer(sigResult.signature);\n      publicKey = sigResult.publicKey;\n    } else {\n      // if using the deprecated form, assume it's for the entry\n      signature = toBuffer(sigResult);\n      publicKey = Address.fromScAddress(addrAuth.address()).toString();\n    }\n  } else {\n    signature = toBuffer(signer.sign(payload));\n    publicKey = signer.publicKey();\n  }\n\n  if (!Keypair.fromPublicKey(publicKey).verify(payload, signature)) {\n    throw new Error(`signature doesn't match payload`);\n  }\n\n  // This structure is defined here:\n  // https://soroban.stellar.org/docs/fundamentals-and-concepts/invoking-contracts-with-transactions#stellar-account-signatures\n  //\n  // Encoding a contract structure as an ScVal means the map keys are supposed\n  // to be symbols, hence the forced typing here.\n  const sigScVal = nativeToScVal(\n    {\n      public_key: StrKey.decodeEd25519PublicKey(publicKey),\n      signature,\n    },\n    {\n      type: {\n        public_key: [\"symbol\", null],\n        signature: [\"symbol\", null],\n      },\n    },\n  );\n\n  const signatureScVal = xdr.ScVal.scvVec([sigScVal]);\n\n  // CAP-71-01: the signature payload is shared across the top-level address\n  // and every (possibly nested) delegate, so this signer's signature is\n  // written to whichever credential node(s) carry `forAddress`. When no\n  // `forAddress` is given we fall back to the top-level credentials, which\n  // preserves the behavior for ADDRESS / ADDRESS_V2 and for accounts whose\n  // signing key differs from the credential address (e.g. multisig).\n  const targets: SignableCredential[] =\n    forAddress === undefined\n      ? [addrAuth]\n      : collectSignatureNodes(credentials).filter(\n          (node) =>\n            Address.fromScAddress(node.address()).toString() === forAddress,\n        );\n\n  if (targets.length === 0) {\n    throw new Error(\n      `the authorization entry has no credential node for address ${forAddress}`,\n    );\n  }\n\n  targets.forEach((node) => node.signature(signatureScVal));\n  return clone;\n}\n\n/**\n * This builds an entry from scratch, allowing you to express authorization as a\n * function of:\n *   - a particular identity (i.e. signing {@link Keypair} or other signer)\n *   - approving the execution of an invocation tree (i.e. a simulation-acquired\n *     {@link xdr.SorobanAuthorizedInvocation} or otherwise built)\n *   - on a particular network (uniquely identified by its passphrase, see\n *     {@link Networks})\n *   - until a particular ledger sequence is reached.\n *\n * This is in contrast to {@link authorizeEntry}, which signs an existing entry.\n *\n * @param params - the parameters for building and signing the authorization\n *   - `signer`: either a {@link Keypair} instance (or anything with a\n *    `.sign(buf): Buffer-like` method) or a function which takes a payload (a\n *    {@link xdr.HashIdPreimageSorobanAuthorization} instance) input and returns\n *    the signature of the hash of the raw payload bytes (where the signing key\n *    should correspond to the address in the `entry`)\n *   - `validUntilLedgerSeq`: the (exclusive) future ledger sequence\n *    number until which this authorization entry should be valid (if\n *    `currentLedgerSeq==validUntilLedgerSeq`, this is expired)\n *   - `invocation`: the invocation tree that we're authorizing\n *    (likely, this comes from transaction simulation)\n *   - `networkPassphrase`: the network passphrase is incorporated into\n *    the signature (see {@link Networks} for options)\n *   - `publicKey`: the public identity of the signer (when providing a\n *    {@link Keypair} to `signer`, this can be omitted, as it just uses\n *    {@link Keypair.publicKey})\n *\n * @see authorizeEntry\n */\nexport interface AuthorizeInvocationParams {\n  signer: Keypair | SigningCallback;\n  validUntilLedgerSeq: number;\n  invocation: xdr.SorobanAuthorizedInvocation;\n  networkPassphrase: string;\n  publicKey?: string;\n}\n\nexport function authorizeInvocation(\n  params: AuthorizeInvocationParams,\n): Promise<xdr.SorobanAuthorizationEntry> {\n  const {\n    signer,\n    validUntilLedgerSeq,\n    invocation,\n    networkPassphrase,\n    publicKey = \"\",\n  } = params;\n  // We use keypairs as a source of randomness for the nonce to avoid mucking\n  // with any crypto dependencies. Note that this just has to be random and\n  // unique, not cryptographically secure, so it's fine.\n  const kp = Keypair.random().rawPublicKey();\n  const nonce = new xdr.Int64(bytesToInt64(kp));\n\n  const pk =\n    publicKey || (signer instanceof Keypair ? signer.publicKey() : null);\n  if (!pk) {\n    throw new Error(`authorizeInvocation requires publicKey parameter`);\n  }\n\n  const entry = new xdr.SorobanAuthorizationEntry({\n    rootInvocation: invocation,\n    credentials: xdr.SorobanCredentials.sorobanCredentialsAddressV2(\n      new xdr.SorobanAddressCredentials({\n        address: new Address(pk).toScAddress(),\n        nonce,\n        signatureExpirationLedger: 0, // replaced\n        signature: xdr.ScVal.scvVec([]), // replaced\n      }),\n    ),\n  });\n\n  return authorizeEntry(entry, signer, validUntilLedgerSeq, networkPassphrase);\n}\n\n/**\n * Builds the {@link xdr.HashIdPreimage} whose hash a signer must sign to\n * authorize `entry`. This is the low-level signature payload used by\n * {@link authorizeEntry}, exposed for callers that drive signing themselves —\n * most notably for `SOROBAN_CREDENTIALS_ADDRESS_WITH_DELEGATES`, where the\n * client (not simulation) decides which delegates sign and how.\n *\n * For `SOROBAN_CREDENTIALS_ADDRESS` this is the legacy, non-address-bound\n * `ENVELOPE_TYPE_SOROBAN_AUTHORIZATION` preimage. For `SOROBAN_CREDENTIALS_ADDRESS_V2`\n * and `SOROBAN_CREDENTIALS_ADDRESS_WITH_DELEGATES` it is the address-bound\n * `ENVELOPE_TYPE_SOROBAN_AUTHORIZATION_WITH_ADDRESS` preimage (CAP-71). For the\n * delegates variant this single payload — bound to the *top-level* address — is\n * what the top-level account and every (nested) delegate each sign.\n *\n * To get the raw bytes to sign, hash the XDR: `hash(preimage.toXDR())`.\n *\n * @param entry - the authorization entry to build the payload for\n * @param validUntilLedgerSeq - the expiration ledger committed into the payload\n *    (must match the `signatureExpirationLedger` on the credentials you submit)\n * @param networkPassphrase - the network passphrase mixed into the payload\n * @throws `Error` if `entry` carries source-account or otherwise non-address\n *    credentials\n */\nexport function buildAuthorizationEntryPreimage(\n  entry: xdr.SorobanAuthorizationEntry,\n  validUntilLedgerSeq: number,\n  networkPassphrase: string,\n): xdr.HashIdPreimage {\n  const credentials = entry.credentials();\n  const addrAuth = getAddressCredentials(credentials);\n  if (addrAuth === null) {\n    throw new Error(\n      `cannot build a signature payload for credential type ${credentials.switch().name}`,\n    );\n  }\n\n  const networkId = hash(Buffer.from(networkPassphrase));\n\n  switch (credentials.switch().value) {\n    // legacy address credentials are not address-bound\n    case xdr.SorobanCredentialsType.sorobanCredentialsAddress().value:\n      return xdr.HashIdPreimage.envelopeTypeSorobanAuthorization(\n        new xdr.HashIdPreimageSorobanAuthorization({\n          networkId,\n          nonce: addrAuth.nonce(),\n          invocation: entry.rootInvocation(),\n          signatureExpirationLedger: validUntilLedgerSeq,\n        }),\n      );\n\n    // ADDRESS_V2 and ADDRESS_WITH_DELEGATES bind the address into the signed\n    // payload via the WithAddress preimage (CAP-71)\n    case xdr.SorobanCredentialsType.sorobanCredentialsAddressV2().value:\n    case xdr.SorobanCredentialsType.sorobanCredentialsAddressWithDelegates()\n      .value:\n      return xdr.HashIdPreimage.envelopeTypeSorobanAuthorizationWithAddress(\n        new xdr.HashIdPreimageSorobanAuthorizationWithAddress({\n          networkId,\n          nonce: addrAuth.nonce(),\n          invocation: entry.rootInvocation(),\n          address: addrAuth.address(),\n          signatureExpirationLedger: validUntilLedgerSeq,\n        }),\n      );\n\n    default:\n      throw new Error(\n        `unsupported credential type ${credentials.switch().name}`,\n      );\n  }\n}\n\n/**\n * A delegate signer to attach to a\n * `SOROBAN_CREDENTIALS_ADDRESS_WITH_DELEGATES` entry via\n * {@link buildWithDelegatesEntry}.\n */\nexport interface DelegateSignature {\n  /** the delegate's address (`G…` account or `C…` contract). */\n  address: string;\n  /**\n   * the delegate's signature value. Defaults to a `scvVoid` placeholder, which\n   * you can fill afterwards with {@link authorizeEntry} (passing this address\n   * as `forAddress`) or by editing the entry directly.\n   */\n  signature?: xdr.ScVal;\n  /** signers this delegate in turn delegates to (recursive). */\n  nestedDelegates?: DelegateSignature[];\n}\n\n/** Parameters for {@link buildWithDelegatesEntry}. */\nexport interface BuildWithDelegatesParams {\n  /**\n   * an existing `SOROBAN_CREDENTIALS_ADDRESS` or\n   * `SOROBAN_CREDENTIALS_ADDRESS_V2` entry — typically one returned by\n   * simulation — whose address credentials should be wrapped.\n   */\n  entry: xdr.SorobanAuthorizationEntry;\n  /** the expiration ledger sequence stored on the top-level credentials. */\n  validUntilLedgerSeq: number;\n  /** the delegate signers to attach. */\n  delegates: DelegateSignature[];\n  /**\n   * the top-level account's signature. Defaults to `scvVoid`, which is valid\n   * for accounts that authorize purely via delegated signers (CAP-71-01).\n   */\n  signature?: xdr.ScVal;\n}\n\n/**\n * Builds a `SOROBAN_CREDENTIALS_ADDRESS_WITH_DELEGATES` authorization entry by\n * wrapping the address credentials of an existing `ADDRESS`/`ADDRESS_V2` entry\n * (e.g. one returned by simulation) together with a caller-provided set of\n * delegate signers.\n *\n * Simulation never emits the delegates variant on its own — which accounts use\n * delegated authentication is account-specific policy known only to the client\n * (much like a multisig policy). This helper just assembles the wrapper XDR;\n * you supply the delegate tree (addresses and, optionally, signatures). To\n * produce the signatures, build the shared payload with\n * {@link buildAuthorizationEntryPreimage} on the returned entry and sign it,\n * or fill each node afterwards with {@link authorizeEntry} (passing the\n * signer's address as `forAddress`).\n *\n * Each delegates array (the top-level set and every `nestedDelegates`) is\n * sorted by address in ascending order, and duplicate addresses within an array\n * are rejected, as the protocol requires (CAP-71-01) — otherwise the host\n * rejects the entry.\n *\n * @param params - see {@link BuildWithDelegatesParams}\n * @throws `Error` if `entry` is not an `ADDRESS`/`ADDRESS_V2` entry, or if any\n *    delegates array contains a duplicate address.\n */\nexport function buildWithDelegatesEntry(\n  params: BuildWithDelegatesParams,\n): xdr.SorobanAuthorizationEntry {\n  const { entry, validUntilLedgerSeq, delegates, signature } = params;\n  const credentials = entry.credentials();\n  const addrAuth = getAddressCredentials(credentials);\n  if (\n    addrAuth === null ||\n    credentials.switch().value ===\n      xdr.SorobanCredentialsType.sorobanCredentialsAddressWithDelegates().value\n  ) {\n    throw new Error(\n      `buildWithDelegatesEntry expects ADDRESS or ADDRESS_V2 credentials, got ${\n        credentials.switch().name\n      }`,\n    );\n  }\n\n  return new xdr.SorobanAuthorizationEntry({\n    rootInvocation: entry.rootInvocation(),\n    credentials: xdr.SorobanCredentials.sorobanCredentialsAddressWithDelegates(\n      new xdr.SorobanAddressCredentialsWithDelegates({\n        addressCredentials: new xdr.SorobanAddressCredentials({\n          address: addrAuth.address(),\n          nonce: addrAuth.nonce(),\n          signatureExpirationLedger: validUntilLedgerSeq,\n          signature: signature ?? xdr.ScVal.scvVoid(),\n        }),\n        delegates: buildDelegateNodes(delegates),\n      }),\n    ),\n  });\n}\n\n/**\n * Recursively converts {@link DelegateSignature} descriptors into\n * {@link xdr.SorobanDelegateSignature} nodes, sorting each level by address and\n * rejecting duplicates (CAP-71-01).\n */\nfunction buildDelegateNodes(\n  delegates: DelegateSignature[],\n): xdr.SorobanDelegateSignature[] {\n  const nodes = delegates.map(\n    (delegate) =>\n      new xdr.SorobanDelegateSignature({\n        address: new Address(delegate.address).toScAddress(),\n        signature: delegate.signature ?? xdr.ScVal.scvVoid(),\n        nestedDelegates: buildDelegateNodes(delegate.nestedDelegates ?? []),\n      }),\n  );\n\n  nodes.sort((a, b) =>\n    Buffer.compare(a.address().toXDR(), b.address().toXDR()),\n  );\n\n  for (let i = 1; i < nodes.length; i++) {\n    if (\n      Buffer.compare(\n        nodes[i - 1].address().toXDR(),\n        nodes[i].address().toXDR(),\n      ) === 0\n    ) {\n      throw new Error(\n        `duplicate delegate address ${Address.fromScAddress(\n          nodes[i].address(),\n        ).toString()}`,\n      );\n    }\n  }\n\n  return nodes;\n}\n\n/**\n * Internal helper — intentionally NOT re-exported from `base/index.js`, so it\n * is not part of the public SDK API. Shared with the contract package, which\n * imports it directly from this module. If a public need arises, add it to the\n * explicit auth re-exports in `base/index.ts`.\n *\n * Extracts the {@link xdr.SorobanAddressCredentials} from any address-based\n * Soroban credential, regardless of which credential type variant is used.\n *\n * This unifies access across `SOROBAN_CREDENTIALS_ADDRESS`,\n * `SOROBAN_CREDENTIALS_ADDRESS_V2` (which carries identical fields but binds\n * the address into the signature payload), and\n * `SOROBAN_CREDENTIALS_ADDRESS_WITH_DELEGATES` (which wraps the same address\n * credentials alongside a set of delegate signatures).\n *\n * @param credentials - the credentials to inspect\n * @returns the inner address credentials, or `null` for source-account\n *    credentials (which carry no address payload)\n */\nexport function getAddressCredentials(\n  credentials: xdr.SorobanCredentials,\n): xdr.SorobanAddressCredentials | null {\n  switch (credentials.switch().value) {\n    case xdr.SorobanCredentialsType.sorobanCredentialsAddress().value:\n      return credentials.address();\n    case xdr.SorobanCredentialsType.sorobanCredentialsAddressV2().value:\n      return credentials.addressV2();\n    case xdr.SorobanCredentialsType.sorobanCredentialsAddressWithDelegates()\n      .value:\n      return credentials.addressWithDelegates().addressCredentials();\n    default:\n      return null;\n  }\n}\n\n/**\n * The common shape of every node in an authorization entry that can carry a\n * signature: the top-level {@link xdr.SorobanAddressCredentials} and, for the\n * delegates variant, each {@link xdr.SorobanDelegateSignature}. Both expose an\n * `address()` and a `signature()` accessor.\n */\ninterface SignableCredential {\n  address(value?: xdr.ScAddress): xdr.ScAddress;\n  signature(value?: xdr.ScVal): xdr.ScVal;\n}\n\n/**\n * Internal helper. Returns every node in an address-based credential that can\n * carry a signature, in a stable order: the top-level address credentials\n * first, then (only for `SOROBAN_CREDENTIALS_ADDRESS_WITH_DELEGATES`) the\n * delegates and their nested delegates, depth-first. Returns an empty array\n * for source-account credentials, which carry no signature.\n *\n * Per CAP-71-01 all of these nodes commit to the same payload (the one bound to\n * the top-level address), so the caller can fill any of them with a signature\n * produced from that shared payload.\n */\nfunction collectSignatureNodes(\n  credentials: xdr.SorobanCredentials,\n): SignableCredential[] {\n  switch (credentials.switch().value) {\n    case xdr.SorobanCredentialsType.sorobanCredentialsAddress().value:\n      return [credentials.address()];\n    case xdr.SorobanCredentialsType.sorobanCredentialsAddressV2().value:\n      return [credentials.addressV2()];\n    case xdr.SorobanCredentialsType.sorobanCredentialsAddressWithDelegates()\n      .value: {\n      const withDelegates = credentials.addressWithDelegates();\n      const nodes: SignableCredential[] = [withDelegates.addressCredentials()];\n      const walk = (delegates: xdr.SorobanDelegateSignature[]) => {\n        delegates.forEach((delegate) => {\n          nodes.push(delegate);\n          walk(delegate.nestedDelegates());\n        });\n      };\n      walk(withDelegates.delegates());\n      return nodes;\n    }\n    default:\n      return [];\n  }\n}\n\nfunction bytesToInt64(bytes: Uint8Array): bigint {\n  const buf = bytes.subarray(0, 8);\n  if (buf.length < 8) {\n    throw new Error(\n      `need at least 8 bytes to convert to Int64, got ${bytes.length}`,\n    );\n  }\n  const view = new DataView(buf.buffer, buf.byteOffset, 8);\n  const value = view.getBigInt64(0, false);\n\n  return value;\n}\n"],"names":["xdr"],"mappings":";;;;;;;;AAaA,SAAS,SAAS,KAAA,EAA2B;AAC3C,EAAA,IAAI,iBAAiB,WAAA,EAAa;AAChC,IAAA,OAAO,MAAA,CAAO,IAAA,CAAK,IAAI,UAAA,CAAW,KAAK,CAAC,CAAA;AAAA,EAC1C;AACA,EAAA,OAAO,MAAA,CAAO,KAAK,KAAK,CAAA;AAC1B;AAmHA,eAAsB,cAAA,CACpB,KAAA,EACA,MAAA,EACA,mBAAA,EACA,mBACA,UAAA,EACwC;AAExC,EAAA,IACE,KAAA,CAAM,WAAA,EAAY,CAAE,MAAA,EAAO,CAAE,UAC7BA,KAAA,CAAI,sBAAA,CAAuB,+BAAA,EAAgC,CAAE,KAAA,EAC7D;AACA,IAAA,OAAO,KAAA;AAAA,EACT;AAEA,EAAA,MAAM,QAAQA,KAAA,CAAI,yBAAA,CAA0B,OAAA,CAAQ,KAAA,CAAM,OAAO,CAAA;AACjE,EAAA,MAAM,WAAA,GAAc,MAAM,WAAA,EAAY;AACtC,EAAA,MAAM,QAAA,GAAW,sBAAsB,WAAW,CAAA;AAClD,EAAA,IAAI,aAAa,IAAA,EAAM;AAGrB,IAAA,MAAM,IAAI,KAAA,CAAM,CAAA,4BAAA,EAA+B,YAAY,MAAA,EAAO,CAAE,IAAI,CAAA,CAAE,CAAA;AAAA,EAC5E;AAMA,EAAA,QAAA,CAAS,0BAA0B,mBAAmB,CAAA;AAEtD,EAAA,MAAM,QAAA,GAAW,+BAAA;AAAA,IACf,KAAA;AAAA,IACA,mBAAA;AAAA,IACA;AAAA,GACF;AAEA,EAAA,MAAM,OAAA,GAAU,IAAA,CAAK,QAAA,CAAS,KAAA,EAAO,CAAA;AAErC,EAAA,IAAI,SAAA;AACJ,EAAA,IAAI,SAAA;AACJ,EAAA,IAAI,OAAO,WAAW,UAAA,EAAY;AAChC,IAAA,MAAM,SAAA,GAAY,MAAM,MAAA,CAAO,QAAQ,CAAA;AACvC,IAAA,IACE,cAAc,IAAA,IACd,OAAO,SAAA,KAAc,QAAA,IACrB,eAAe,SAAA,EACf;AACA,MAAA,SAAA,GAAY,QAAA,CAAS,UAAU,SAAS,CAAA;AACxC,MAAA,SAAA,GAAY,SAAA,CAAU,SAAA;AAAA,IACxB,CAAA,MAAO;AAEL,MAAA,SAAA,GAAY,SAAS,SAAS,CAAA;AAC9B,MAAA,SAAA,GAAY,QAAQ,aAAA,CAAc,QAAA,CAAS,OAAA,EAAS,EAAE,QAAA,EAAS;AAAA,IACjE;AAAA,EACF,CAAA,MAAO;AACL,IAAA,SAAA,GAAY,QAAA,CAAS,MAAA,CAAO,IAAA,CAAK,OAAO,CAAC,CAAA;AACzC,IAAA,SAAA,GAAY,OAAO,SAAA,EAAU;AAAA,EAC/B;AAEA,EAAA,IAAI,CAAC,QAAQ,aAAA,CAAc,SAAS,EAAE,MAAA,CAAO,OAAA,EAAS,SAAS,CAAA,EAAG;AAChE,IAAA,MAAM,IAAI,MAAM,CAAA,+BAAA,CAAiC,CAAA;AAAA,EACnD;AAOA,EAAA,MAAM,QAAA,GAAW,aAAA;AAAA,IACf;AAAA,MACE,UAAA,EAAY,MAAA,CAAO,sBAAA,CAAuB,SAAS,CAAA;AAAA,MACnD;AAAA,KACF;AAAA,IACA;AAAA,MACE,IAAA,EAAM;AAAA,QACJ,UAAA,EAAY,CAAC,QAAA,EAAU,IAAI,CAAA;AAAA,QAC3B,SAAA,EAAW,CAAC,QAAA,EAAU,IAAI;AAAA;AAC5B;AACF,GACF;AAEA,EAAA,MAAM,iBAAiBA,KAAA,CAAI,KAAA,CAAM,MAAA,CAAO,CAAC,QAAQ,CAAC,CAAA;AAQlD,EAAA,MAAM,OAAA,GACJ,eAAe,MAAA,GACX,CAAC,QAAQ,CAAA,GACT,qBAAA,CAAsB,WAAW,CAAA,CAAE,MAAA;AAAA,IACjC,CAAC,SACC,OAAA,CAAQ,aAAA,CAAc,KAAK,OAAA,EAAS,CAAA,CAAE,QAAA,EAAS,KAAM;AAAA,GACzD;AAEN,EAAA,IAAI,OAAA,CAAQ,WAAW,CAAA,EAAG;AACxB,IAAA,MAAM,IAAI,KAAA;AAAA,MACR,8DAA8D,UAAU,CAAA;AAAA,KAC1E;AAAA,EACF;AAEA,EAAA,OAAA,CAAQ,QAAQ,CAAC,IAAA,KAAS,IAAA,CAAK,SAAA,CAAU,cAAc,CAAC,CAAA;AACxD,EAAA,OAAO,KAAA;AACT;AAyCO,SAAS,oBACd,MAAA,EACwC;AACxC,EAAA,MAAM;AAAA,IACJ,MAAA;AAAA,IACA,mBAAA;AAAA,IACA,UAAA;AAAA,IACA,iBAAA;AAAA,IACA,SAAA,GAAY;AAAA,GACd,GAAI,MAAA;AAIJ,EAAA,MAAM,EAAA,GAAK,OAAA,CAAQ,MAAA,EAAO,CAAE,YAAA,EAAa;AACzC,EAAA,MAAM,QAAQ,IAAIA,KAAA,CAAI,KAAA,CAAM,YAAA,CAAa,EAAE,CAAC,CAAA;AAE5C,EAAA,MAAM,KACJ,SAAA,KAAc,MAAA,YAAkB,OAAA,GAAU,MAAA,CAAO,WAAU,GAAI,IAAA,CAAA;AACjE,EAAA,IAAI,CAAC,EAAA,EAAI;AACP,IAAA,MAAM,IAAI,MAAM,CAAA,gDAAA,CAAkD,CAAA;AAAA,EACpE;AAEA,EAAA,MAAM,KAAA,GAAQ,IAAIA,KAAA,CAAI,yBAAA,CAA0B;AAAA,IAC9C,cAAA,EAAgB,UAAA;AAAA,IAChB,WAAA,EAAaA,MAAI,kBAAA,CAAmB,2BAAA;AAAA,MAClC,IAAIA,MAAI,yBAAA,CAA0B;AAAA,QAChC,OAAA,EAAS,IAAI,OAAA,CAAQ,EAAE,EAAE,WAAA,EAAY;AAAA,QACrC,KAAA;AAAA,QACA,yBAAA,EAA2B,CAAA;AAAA;AAAA,QAC3B,SAAA,EAAWA,KAAA,CAAI,KAAA,CAAM,MAAA,CAAO,EAAE;AAAA;AAAA,OAC/B;AAAA;AACH,GACD,CAAA;AAED,EAAA,OAAO,cAAA,CAAe,KAAA,EAAO,MAAA,EAAQ,mBAAA,EAAqB,iBAAiB,CAAA;AAC7E;AAyBO,SAAS,+BAAA,CACd,KAAA,EACA,mBAAA,EACA,iBAAA,EACoB;AACpB,EAAA,MAAM,WAAA,GAAc,MAAM,WAAA,EAAY;AACtC,EAAA,MAAM,QAAA,GAAW,sBAAsB,WAAW,CAAA;AAClD,EAAA,IAAI,aAAa,IAAA,EAAM;AACrB,IAAA,MAAM,IAAI,KAAA;AAAA,MACR,CAAA,qDAAA,EAAwD,WAAA,CAAY,MAAA,EAAO,CAAE,IAAI,CAAA;AAAA,KACnF;AAAA,EACF;AAEA,EAAA,MAAM,SAAA,GAAY,IAAA,CAAK,MAAA,CAAO,IAAA,CAAK,iBAAiB,CAAC,CAAA;AAErD,EAAA,QAAQ,WAAA,CAAY,MAAA,EAAO,CAAE,KAAA;AAAO;AAAA,IAElC,KAAKA,KAAA,CAAI,sBAAA,CAAuB,yBAAA,EAA0B,CAAE,KAAA;AAC1D,MAAA,OAAOA,MAAI,cAAA,CAAe,gCAAA;AAAA,QACxB,IAAIA,MAAI,kCAAA,CAAmC;AAAA,UACzC,SAAA;AAAA,UACA,KAAA,EAAO,SAAS,KAAA,EAAM;AAAA,UACtB,UAAA,EAAY,MAAM,cAAA,EAAe;AAAA,UACjC,yBAAA,EAA2B;AAAA,SAC5B;AAAA,OACH;AAAA;AAAA;AAAA,IAIF,KAAKA,KAAA,CAAI,sBAAA,CAAuB,2BAAA,EAA4B,CAAE,KAAA;AAAA,IAC9D,KAAKA,KAAA,CAAI,sBAAA,CAAuB,sCAAA,EAAuC,CACpE,KAAA;AACD,MAAA,OAAOA,MAAI,cAAA,CAAe,2CAAA;AAAA,QACxB,IAAIA,MAAI,6CAAA,CAA8C;AAAA,UACpD,SAAA;AAAA,UACA,KAAA,EAAO,SAAS,KAAA,EAAM;AAAA,UACtB,UAAA,EAAY,MAAM,cAAA,EAAe;AAAA,UACjC,OAAA,EAAS,SAAS,OAAA,EAAQ;AAAA,UAC1B,yBAAA,EAA2B;AAAA,SAC5B;AAAA,OACH;AAAA,IAEF;AACE,MAAA,MAAM,IAAI,KAAA;AAAA,QACR,CAAA,4BAAA,EAA+B,WAAA,CAAY,MAAA,EAAO,CAAE,IAAI,CAAA;AAAA,OAC1D;AAAA;AAEN;AA+DO,SAAS,wBACd,MAAA,EAC+B;AAC/B,EAAA,MAAM,EAAE,KAAA,EAAO,mBAAA,EAAqB,SAAA,EAAW,WAAU,GAAI,MAAA;AAC7D,EAAA,MAAM,WAAA,GAAc,MAAM,WAAA,EAAY;AACtC,EAAA,MAAM,QAAA,GAAW,sBAAsB,WAAW,CAAA;AAClD,EAAA,IACE,QAAA,KAAa,IAAA,IACb,WAAA,CAAY,MAAA,EAAO,CAAE,UACnBA,KAAA,CAAI,sBAAA,CAAuB,sCAAA,EAAuC,CAAE,KAAA,EACtE;AACA,IAAA,MAAM,IAAI,KAAA;AAAA,MACR,CAAA,uEAAA,EACE,WAAA,CAAY,MAAA,EAAO,CAAE,IACvB,CAAA;AAAA,KACF;AAAA,EACF;AAEA,EAAA,OAAO,IAAIA,MAAI,yBAAA,CAA0B;AAAA,IACvC,cAAA,EAAgB,MAAM,cAAA,EAAe;AAAA,IACrC,WAAA,EAAaA,MAAI,kBAAA,CAAmB,sCAAA;AAAA,MAClC,IAAIA,MAAI,sCAAA,CAAuC;AAAA,QAC7C,kBAAA,EAAoB,IAAIA,KAAA,CAAI,yBAAA,CAA0B;AAAA,UACpD,OAAA,EAAS,SAAS,OAAA,EAAQ;AAAA,UAC1B,KAAA,EAAO,SAAS,KAAA,EAAM;AAAA,UACtB,yBAAA,EAA2B,mBAAA;AAAA,UAC3B,SAAA,EAAW,SAAA,IAAaA,KAAA,CAAI,KAAA,CAAM,OAAA;AAAQ,SAC3C,CAAA;AAAA,QACD,SAAA,EAAW,mBAAmB,SAAS;AAAA,OACxC;AAAA;AACH,GACD,CAAA;AACH;AAOA,SAAS,mBACP,SAAA,EACgC;AAChC,EAAA,MAAM,QAAQ,SAAA,CAAU,GAAA;AAAA,IACtB,CAAC,QAAA,KACC,IAAIA,KAAA,CAAI,wBAAA,CAAyB;AAAA,MAC/B,SAAS,IAAI,OAAA,CAAQ,QAAA,CAAS,OAAO,EAAE,WAAA,EAAY;AAAA,MACnD,SAAA,EAAW,QAAA,CAAS,SAAA,IAAaA,KAAA,CAAI,MAAM,OAAA,EAAQ;AAAA,MACnD,eAAA,EAAiB,kBAAA,CAAmB,QAAA,CAAS,eAAA,IAAmB,EAAE;AAAA,KACnE;AAAA,GACL;AAEA,EAAA,KAAA,CAAM,IAAA;AAAA,IAAK,CAAC,CAAA,EAAG,CAAA,KACb,MAAA,CAAO,QAAQ,CAAA,CAAE,OAAA,EAAQ,CAAE,KAAA,EAAM,EAAG,CAAA,CAAE,OAAA,EAAQ,CAAE,OAAO;AAAA,GACzD;AAEA,EAAA,KAAA,IAAS,CAAA,GAAI,CAAA,EAAG,CAAA,GAAI,KAAA,CAAM,QAAQ,CAAA,EAAA,EAAK;AACrC,IAAA,IACE,MAAA,CAAO,OAAA;AAAA,MACL,MAAM,CAAA,GAAI,CAAC,CAAA,CAAE,OAAA,GAAU,KAAA,EAAM;AAAA,MAC7B,KAAA,CAAM,CAAC,CAAA,CAAE,OAAA,GAAU,KAAA;AAAM,UACrB,CAAA,EACN;AACA,MAAA,MAAM,IAAI,KAAA;AAAA,QACR,8BAA8B,OAAA,CAAQ,aAAA;AAAA,UACpC,KAAA,CAAM,CAAC,CAAA,CAAE,OAAA;AAAQ,SACnB,CAAE,UAAU,CAAA;AAAA,OACd;AAAA,IACF;AAAA,EACF;AAEA,EAAA,OAAO,KAAA;AACT;AAqBO,SAAS,sBACd,WAAA,EACsC;AACtC,EAAA,QAAQ,WAAA,CAAY,MAAA,EAAO,CAAE,KAAA;AAAO,IAClC,KAAKA,KAAA,CAAI,sBAAA,CAAuB,yBAAA,EAA0B,CAAE,KAAA;AAC1D,MAAA,OAAO,YAAY,OAAA,EAAQ;AAAA,IAC7B,KAAKA,KAAA,CAAI,sBAAA,CAAuB,2BAAA,EAA4B,CAAE,KAAA;AAC5D,MAAA,OAAO,YAAY,SAAA,EAAU;AAAA,IAC/B,KAAKA,KAAA,CAAI,sBAAA,CAAuB,sCAAA,EAAuC,CACpE,KAAA;AACD,MAAA,OAAO,WAAA,CAAY,oBAAA,EAAqB,CAAE,kBAAA,EAAmB;AAAA,IAC/D;AACE,MAAA,OAAO,IAAA;AAAA;AAEb;AAwBA,SAAS,sBACP,WAAA,EACsB;AACtB,EAAA,QAAQ,WAAA,CAAY,MAAA,EAAO,CAAE,KAAA;AAAO,IAClC,KAAKA,KAAA,CAAI,sBAAA,CAAuB,yBAAA,EAA0B,CAAE,KAAA;AAC1D,MAAA,OAAO,CAAC,WAAA,CAAY,OAAA,EAAS,CAAA;AAAA,IAC/B,KAAKA,KAAA,CAAI,sBAAA,CAAuB,2BAAA,EAA4B,CAAE,KAAA;AAC5D,MAAA,OAAO,CAAC,WAAA,CAAY,SAAA,EAAW,CAAA;AAAA,IACjC,KAAKA,KAAA,CAAI,sBAAA,CAAuB,sCAAA,GAC7B,KAAA,EAAO;AACR,MAAA,MAAM,aAAA,GAAgB,YAAY,oBAAA,EAAqB;AACvD,MAAA,MAAM,KAAA,GAA8B,CAAC,aAAA,CAAc,kBAAA,EAAoB,CAAA;AACvE,MAAA,MAAM,IAAA,GAAO,CAAC,SAAA,KAA8C;AAC1D,QAAA,SAAA,CAAU,OAAA,CAAQ,CAAC,QAAA,KAAa;AAC9B,UAAA,KAAA,CAAM,KAAK,QAAQ,CAAA;AACnB,UAAA,IAAA,CAAK,QAAA,CAAS,iBAAiB,CAAA;AAAA,QACjC,CAAC,CAAA;AAAA,MACH,CAAA;AACA,MAAA,IAAA,CAAK,aAAA,CAAc,WAAW,CAAA;AAC9B,MAAA,OAAO,KAAA;AAAA,IACT;AAAA,IACA;AACE,MAAA,OAAO,EAAC;AAAA;AAEd;AAEA,SAAS,aAAa,KAAA,EAA2B;AAC/C,EAAA,MAAM,GAAA,GAAM,KAAA,CAAM,QAAA,CAAS,CAAA,EAAG,CAAC,CAAA;AAC/B,EAAA,IAAI,GAAA,CAAI,SAAS,CAAA,EAAG;AAClB,IAAA,MAAM,IAAI,KAAA;AAAA,MACR,CAAA,+CAAA,EAAkD,MAAM,MAAM,CAAA;AAAA,KAChE;AAAA,EACF;AACA,EAAA,MAAM,OAAO,IAAI,QAAA,CAAS,IAAI,MAAA,EAAQ,GAAA,CAAI,YAAY,CAAC,CAAA;AACvD,EAAA,MAAM,KAAA,GAAQ,IAAA,CAAK,WAAA,CAAY,CAAA,EAAG,KAAK,CAAA;AAEvC,EAAA,OAAO,KAAA;AACT;;;;"}
+{"version":3,"file":"auth.js","sources":["../../../../src/base/auth.ts"],"sourcesContent":["import xdr from \"./xdr.js\";\n\nimport { Keypair } from \"./keypair.js\";\nimport { StrKey } from \"./strkey.js\";\n\nimport type { Networks } from \"./network.js\";\nimport { hash } from \"./hashing.js\";\n\nimport { Address } from \"./address.js\";\nimport { nativeToScVal } from \"./scval.js\";\n\ntype BufferLike = ArrayBuffer | Buffer | Uint8Array;\n\nfunction toBuffer(value: BufferLike): Buffer {\n  if (value instanceof ArrayBuffer) {\n    return Buffer.from(new Uint8Array(value));\n  }\n  return Buffer.from(value);\n}\n\n/**\n * A callback for signing an XDR structure representing all of the details\n * necessary to authorize an invocation tree.\n *\n * @param preimage - the entire authorization envelope whose hash you should\n *    sign, so that you can inspect the entire structure if necessary (rather\n *    than blindly signing a hash)\n *\n * @returns the signature of the raw payload (which is the sha256 hash of the\n *    preimage bytes, so `hash(preimage.toXDR())`) either naked, implying it is\n *    signed by the key corresponding to the public key in the entry you pass to\n *    {@link authorizeEntry} (decipherable from its\n *    `credentials().address().address()`), or alongside an explicit `publicKey`.\n */\nexport type SigningCallback = (\n  preimage: xdr.HashIdPreimage,\n) => Promise<BufferLike | { signature: BufferLike; publicKey: string }>;\n\n/**\n * Actually authorizes an existing authorization entry using the given\n * credentials and expiration details, returning a signed copy.\n *\n * This \"fills out\" the authorization entry with a signature, indicating to the\n * {@link Operation.invokeHostFunction} its attached to that:\n *   - a particular identity (i.e. signing {@link Keypair} or other signer)\n *   - approving the execution of an invocation tree (i.e. a simulation-acquired\n *     {@link xdr.SorobanAuthorizedInvocation} or otherwise built)\n *   - on a particular network (uniquely identified by its passphrase, see\n *     {@link Networks})\n *   - until a particular ledger sequence is reached.\n *\n * This one lets you pass either a {@link Keypair} (or, more accurately,\n * anything with a `sign(Buffer): Buffer` method) or a callback function (see\n * {@link SigningCallback}) to handle signing the envelope hash.\n *\n * @param entry - an unsigned authorization entry\n * @param signer - either a {@link Keypair} instance or a function which takes a\n *    {@link xdr.HashIdPreimageSorobanAuthorization} input payload and returns\n *    EITHER\n *\n *      (a) an object containing a `signature` of the hash of the raw payload\n *          bytes as a Buffer-like and a `publicKey` string representing who just\n *          created this signature, or\n *      (b) just the naked signature of the hash of the raw payload bytes (where\n *          the signing key is implied to be the address in the `entry`).\n *\n *    The latter option (b) is JUST for backwards compatibility and will be\n *    removed in the future.\n * @param validUntilLedgerSeq - the (exclusive) future ledger sequence number\n *    until which this authorization entry should be valid (if\n *    `currentLedgerSeq==validUntil`, this is expired)\n * @param networkPassphrase - the network passphrase is incorporated into the\n *    signature (see {@link Networks} for options)\n *\n * If using the `SigningCallback` variation, the signer is assumed to be\n * the entry's credential address unless you use the variant that returns\n * the object.\n *\n * @param forAddress - which credential node the signature should be written\n *    to. Only relevant for `SOROBAN_CREDENTIALS_ADDRESS_WITH_DELEGATES`, where\n *    a single entry can be signed by the top-level account and/or any of its\n *    (possibly nested) delegates. Per CAP-71-01 every one of these signers\n *    signs the *same* payload (bound to the top-level address), so the\n *    signature produced here is written to whichever node(s) carry\n *    `forAddress`. When omitted, the signature is written to the top-level\n *    credentials, which preserves the behavior for `SOROBAN_CREDENTIALS_ADDRESS`\n *    / `SOROBAN_CREDENTIALS_ADDRESS_V2` and for accounts whose signing key\n *    differs from the credential address (e.g. multisig).\n *\n * @see authorizeInvocation\n * @example\n * ```ts\n * import {\n *   SorobanRpc,\n *   Transaction,\n *   Networks,\n *   authorizeEntry\n * } from '@stellar/stellar-sdk';\n *\n * // Assume signPayloadCallback is a well-formed signing callback.\n * //\n * // It might, for example, pop up a modal from a browser extension, send the\n * // transaction to a third-party service for signing, or just do simple\n * // signing via Keypair like it does here:\n * function signPayloadCallback(payload) {\n *    return signer.sign(hash(payload.toXDR()));\n * }\n *\n * function multiPartyAuth(\n *    server: SorobanRpc.Server,\n *    // assume this involves multi-party auth\n *    tx: Transaction,\n * ) {\n *    return server\n *      .simulateTransaction(tx)\n *      .then((simResult) => {\n *          tx.operations[0].auth.map(entry =>\n *            authorizeEntry(\n *              entry,\n *              signPayloadCallback,\n *              currentLedger + 1000,\n *              Networks.TESTNET)\n *          );\n *\n *          return server.prepareTransaction(tx, simResult);\n *      })\n *      .then((preppedTx) => {\n *        preppedTx.sign(source);\n *        return server.sendTransaction(preppedTx);\n *      });\n * }\n * ```\n */\nexport async function authorizeEntry(\n  entry: xdr.SorobanAuthorizationEntry,\n  signer: Keypair | SigningCallback,\n  validUntilLedgerSeq: number,\n  networkPassphrase: string,\n  forAddress?: string,\n): Promise<xdr.SorobanAuthorizationEntry> {\n  // no-op if it's source account auth\n  if (\n    entry.credentials().switch().value ===\n    xdr.SorobanCredentialsType.sorobanCredentialsSourceAccount().value\n  ) {\n    return entry;\n  }\n\n  const clone = xdr.SorobanAuthorizationEntry.fromXDR(entry.toXDR());\n  const credentials = clone.credentials();\n  const addrAuth = getAddressCredentials(credentials);\n  if (addrAuth === null) {\n    // We should have already returned if the credentials were source account credentials,\n    // so if we can't get address credentials out of this, it's an unsupported credential type.\n    throw new Error(`unsupported credential type ${credentials.switch().name}`);\n  }\n\n  // Set the expiration before building the preimage, so the hash that gets\n  // signed commits to the same expiration ledger stored in the credentials.\n  // Otherwise the network reconstructs the preimage from the (updated)\n  // credentials and the signature no longer matches.\n  addrAuth.signatureExpirationLedger(validUntilLedgerSeq);\n\n  const preimage = buildAuthorizationEntryPreimage(\n    clone,\n    validUntilLedgerSeq,\n    networkPassphrase,\n  );\n\n  const payload = hash(preimage.toXDR());\n\n  let signature: Buffer;\n  let publicKey: string;\n  if (typeof signer === \"function\") {\n    const sigResult = await signer(preimage);\n    if (\n      sigResult !== null &&\n      typeof sigResult === \"object\" &&\n      \"signature\" in sigResult\n    ) {\n      signature = toBuffer(sigResult.signature);\n      publicKey = sigResult.publicKey;\n    } else {\n      // if using the deprecated form, assume it's for the entry\n      signature = toBuffer(sigResult);\n      publicKey = Address.fromScAddress(addrAuth.address()).toString();\n    }\n  } else {\n    signature = toBuffer(signer.sign(payload));\n    publicKey = signer.publicKey();\n  }\n\n  if (!Keypair.fromPublicKey(publicKey).verify(payload, signature)) {\n    throw new Error(`signature doesn't match payload`);\n  }\n\n  // This structure is defined here:\n  // https://soroban.stellar.org/docs/fundamentals-and-concepts/invoking-contracts-with-transactions#stellar-account-signatures\n  //\n  // Encoding a contract structure as an ScVal means the map keys are supposed\n  // to be symbols, hence the forced typing here.\n  const sigScVal = nativeToScVal(\n    {\n      public_key: StrKey.decodeEd25519PublicKey(publicKey),\n      signature,\n    },\n    {\n      type: {\n        public_key: [\"symbol\", null],\n        signature: [\"symbol\", null],\n      },\n    },\n  );\n\n  const signatureScVal = xdr.ScVal.scvVec([sigScVal]);\n\n  // CAP-71-01: the signature payload is shared across the top-level address\n  // and every (possibly nested) delegate, so this signer's signature is\n  // written to whichever credential node(s) carry `forAddress`. When no\n  // `forAddress` is given we fall back to the top-level credentials, which\n  // preserves the behavior for ADDRESS / ADDRESS_V2 and for accounts whose\n  // signing key differs from the credential address (e.g. multisig).\n  const targets: SignableCredential[] =\n    forAddress === undefined\n      ? [addrAuth]\n      : collectSignatureNodes(credentials).filter(\n          (node) =>\n            Address.fromScAddress(node.address()).toString() === forAddress,\n        );\n\n  if (targets.length === 0) {\n    throw new Error(\n      `the authorization entry has no credential node for address ${forAddress}`,\n    );\n  }\n\n  targets.forEach((node) => node.signature(signatureScVal));\n  return clone;\n}\n\nexport interface AuthorizeInvocationParams {\n  signer: Keypair | SigningCallback;\n  validUntilLedgerSeq: number;\n  invocation: xdr.SorobanAuthorizedInvocation;\n  networkPassphrase: string;\n  publicKey?: string;\n  /**\n   * Build `SOROBAN_CREDENTIALS_ADDRESS_V2` (CAP-71) credentials instead of the\n   * legacy `SOROBAN_CREDENTIALS_ADDRESS`. V2 credentials bind the address into\n   * the signed payload but are only valid on networks that have activated\n   * CAP-71, so leave this off until the activation vote passes for your target\n   * network. The default flips to `true` once V2 becomes mandatory.\n   * @defaultValue false\n   */\n  authV2?: boolean;\n}\n/**\n * This builds an entry from scratch, allowing you to express authorization as a\n * function of:\n *   - a particular identity (i.e. signing {@link Keypair} or other signer)\n *   - approving the execution of an invocation tree (i.e. a simulation-acquired\n *     {@link xdr.SorobanAuthorizedInvocation} or otherwise built)\n *   - on a particular network (uniquely identified by its passphrase, see\n *     {@link Networks})\n *   - until a particular ledger sequence is reached.\n *\n * This is in contrast to {@link authorizeEntry}, which signs an existing entry.\n *\n * @param params - the parameters for building and signing the authorization\n *   - `signer`: either a {@link Keypair} instance (or anything with a\n *    `.sign(buf): Buffer-like` method) or a function which takes a payload (a\n *    {@link xdr.HashIdPreimageSorobanAuthorization} instance) input and returns\n *    the signature of the hash of the raw payload bytes (where the signing key\n *    should correspond to the address in the `entry`)\n *   - `validUntilLedgerSeq`: the (exclusive) future ledger sequence\n *    number until which this authorization entry should be valid (if\n *    `currentLedgerSeq==validUntilLedgerSeq`, this is expired)\n *   - `invocation`: the invocation tree that we're authorizing\n *    (likely, this comes from transaction simulation)\n *   - `networkPassphrase`: the network passphrase is incorporated into\n *    the signature (see {@link Networks} for options)\n *   - `publicKey`: the public identity of the signer (when providing a\n *    {@link Keypair} to `signer`, this can be omitted, as it just uses\n *    {@link Keypair.publicKey})\n *   - `authV2`: build `SOROBAN_CREDENTIALS_ADDRESS_V2` (CAP-71) credentials\n *    rather than the legacy `SOROBAN_CREDENTIALS_ADDRESS`. Defaults to `false`;\n *    only enable it for networks that have activated CAP-71.\n *\n * @see authorizeEntry\n */\nexport function authorizeInvocation(\n  params: AuthorizeInvocationParams,\n): Promise<xdr.SorobanAuthorizationEntry> {\n  const {\n    signer,\n    validUntilLedgerSeq,\n    invocation,\n    networkPassphrase,\n    publicKey = \"\",\n    authV2 = false,\n  } = params;\n  // We use keypairs as a source of randomness for the nonce to avoid mucking\n  // with any crypto dependencies. Note that this just has to be random and\n  // unique, not cryptographically secure, so it's fine.\n  const kp = Keypair.random().rawPublicKey();\n  const nonce = new xdr.Int64(bytesToInt64(kp));\n\n  const pk =\n    publicKey || (signer instanceof Keypair ? signer.publicKey() : null);\n  if (!pk) {\n    throw new Error(`authorizeInvocation requires publicKey parameter`);\n  }\n\n  // V1 and V2 carry the identical SorobanAddressCredentials payload; only the\n  // credential union arm differs. authorizeEntry picks the matching signature\n  // preimage (legacy vs. address-bound) off whichever arm we build here.\n  const addressCredentials = new xdr.SorobanAddressCredentials({\n    address: new Address(pk).toScAddress(),\n    nonce,\n    signatureExpirationLedger: 0, // replaced\n    signature: xdr.ScVal.scvVec([]), // replaced\n  });\n\n  const entry = new xdr.SorobanAuthorizationEntry({\n    rootInvocation: invocation,\n    credentials: authV2\n      ? xdr.SorobanCredentials.sorobanCredentialsAddressV2(addressCredentials)\n      : xdr.SorobanCredentials.sorobanCredentialsAddress(addressCredentials),\n  });\n\n  return authorizeEntry(entry, signer, validUntilLedgerSeq, networkPassphrase);\n}\n\n/**\n * Builds the {@link xdr.HashIdPreimage} whose hash a signer must sign to\n * authorize `entry`. This is the low-level signature payload used by\n * {@link authorizeEntry}, exposed for callers that drive signing themselves —\n * most notably for `SOROBAN_CREDENTIALS_ADDRESS_WITH_DELEGATES`, where the\n * client (not simulation) decides which delegates sign and how.\n *\n * For `SOROBAN_CREDENTIALS_ADDRESS` this is the legacy, non-address-bound\n * `ENVELOPE_TYPE_SOROBAN_AUTHORIZATION` preimage. For `SOROBAN_CREDENTIALS_ADDRESS_V2`\n * and `SOROBAN_CREDENTIALS_ADDRESS_WITH_DELEGATES` it is the address-bound\n * `ENVELOPE_TYPE_SOROBAN_AUTHORIZATION_WITH_ADDRESS` preimage (CAP-71). For the\n * delegates variant this single payload — bound to the *top-level* address — is\n * what the top-level account and every (nested) delegate each sign.\n *\n * To get the raw bytes to sign, hash the XDR: `hash(preimage.toXDR())`.\n *\n * @param entry - the authorization entry to build the payload for\n * @param validUntilLedgerSeq - the expiration ledger committed into the payload\n *    (must match the `signatureExpirationLedger` on the credentials you submit)\n * @param networkPassphrase - the network passphrase mixed into the payload\n * @throws `Error` if `entry` carries source-account or otherwise non-address\n *    credentials\n */\nexport function buildAuthorizationEntryPreimage(\n  entry: xdr.SorobanAuthorizationEntry,\n  validUntilLedgerSeq: number,\n  networkPassphrase: string,\n): xdr.HashIdPreimage {\n  const credentials = entry.credentials();\n  const addrAuth = getAddressCredentials(credentials);\n  if (addrAuth === null) {\n    throw new Error(\n      `cannot build a signature payload for credential type ${credentials.switch().name}`,\n    );\n  }\n\n  const networkId = hash(Buffer.from(networkPassphrase));\n\n  switch (credentials.switch().value) {\n    // legacy address credentials are not address-bound\n    case xdr.SorobanCredentialsType.sorobanCredentialsAddress().value:\n      return xdr.HashIdPreimage.envelopeTypeSorobanAuthorization(\n        new xdr.HashIdPreimageSorobanAuthorization({\n          networkId,\n          nonce: addrAuth.nonce(),\n          invocation: entry.rootInvocation(),\n          signatureExpirationLedger: validUntilLedgerSeq,\n        }),\n      );\n\n    // ADDRESS_V2 and ADDRESS_WITH_DELEGATES bind the address into the signed\n    // payload via the WithAddress preimage (CAP-71)\n    case xdr.SorobanCredentialsType.sorobanCredentialsAddressV2().value:\n    case xdr.SorobanCredentialsType.sorobanCredentialsAddressWithDelegates()\n      .value:\n      return xdr.HashIdPreimage.envelopeTypeSorobanAuthorizationWithAddress(\n        new xdr.HashIdPreimageSorobanAuthorizationWithAddress({\n          networkId,\n          nonce: addrAuth.nonce(),\n          invocation: entry.rootInvocation(),\n          address: addrAuth.address(),\n          signatureExpirationLedger: validUntilLedgerSeq,\n        }),\n      );\n\n    default:\n      throw new Error(\n        `unsupported credential type ${credentials.switch().name}`,\n      );\n  }\n}\n\n/**\n * A delegate signer to attach to a\n * `SOROBAN_CREDENTIALS_ADDRESS_WITH_DELEGATES` entry via\n * {@link buildWithDelegatesEntry}.\n */\nexport interface DelegateSignature {\n  /** the delegate's address (`G…` account or `C…` contract). */\n  address: string;\n  /**\n   * the delegate's signature value. Defaults to a `scvVoid` placeholder, which\n   * you can fill afterwards with {@link authorizeEntry} (passing this address\n   * as `forAddress`) or by editing the entry directly.\n   */\n  signature?: xdr.ScVal;\n  /** signers this delegate in turn delegates to (recursive). */\n  nestedDelegates?: DelegateSignature[];\n}\n\n/** Parameters for {@link buildWithDelegatesEntry}. */\nexport interface BuildWithDelegatesParams {\n  /**\n   * an existing `SOROBAN_CREDENTIALS_ADDRESS` or\n   * `SOROBAN_CREDENTIALS_ADDRESS_V2` entry — typically one returned by\n   * simulation — whose address credentials should be wrapped.\n   */\n  entry: xdr.SorobanAuthorizationEntry;\n  /** the expiration ledger sequence stored on the top-level credentials. */\n  validUntilLedgerSeq: number;\n  /** the delegate signers to attach. */\n  delegates: DelegateSignature[];\n  /**\n   * the top-level account's signature. Defaults to `scvVoid`, which is valid\n   * for accounts that authorize purely via delegated signers (CAP-71-01).\n   */\n  signature?: xdr.ScVal;\n}\n\n/**\n * Builds a `SOROBAN_CREDENTIALS_ADDRESS_WITH_DELEGATES` authorization entry by\n * wrapping the address credentials of an existing `ADDRESS`/`ADDRESS_V2` entry\n * (e.g. one returned by simulation) together with a caller-provided set of\n * delegate signers.\n *\n * Simulation never emits the delegates variant on its own — which accounts use\n * delegated authentication is account-specific policy known only to the client\n * (much like a multisig policy). This helper just assembles the wrapper XDR;\n * you supply the delegate tree (addresses and, optionally, signatures). To\n * produce the signatures, build the shared payload with\n * {@link buildAuthorizationEntryPreimage} on the returned entry and sign it,\n * or fill each node afterwards with {@link authorizeEntry} (passing the\n * signer's address as `forAddress`).\n *\n * Each delegates array (the top-level set and every `nestedDelegates`) is\n * sorted by address in ascending order, and duplicate addresses within an array\n * are rejected, as the protocol requires (CAP-71-01) — otherwise the host\n * rejects the entry.\n *\n * @param params - see {@link BuildWithDelegatesParams}\n * @throws `Error` if `entry` is not an `ADDRESS`/`ADDRESS_V2` entry, or if any\n *    delegates array contains a duplicate address.\n */\nexport function buildWithDelegatesEntry(\n  params: BuildWithDelegatesParams,\n): xdr.SorobanAuthorizationEntry {\n  const { entry, validUntilLedgerSeq, delegates, signature } = params;\n  const credentials = entry.credentials();\n  const addrAuth = getAddressCredentials(credentials);\n  if (\n    addrAuth === null ||\n    credentials.switch().value ===\n      xdr.SorobanCredentialsType.sorobanCredentialsAddressWithDelegates().value\n  ) {\n    throw new Error(\n      `buildWithDelegatesEntry expects ADDRESS or ADDRESS_V2 credentials, got ${\n        credentials.switch().name\n      }`,\n    );\n  }\n\n  return new xdr.SorobanAuthorizationEntry({\n    rootInvocation: entry.rootInvocation(),\n    credentials: xdr.SorobanCredentials.sorobanCredentialsAddressWithDelegates(\n      new xdr.SorobanAddressCredentialsWithDelegates({\n        addressCredentials: new xdr.SorobanAddressCredentials({\n          address: addrAuth.address(),\n          nonce: addrAuth.nonce(),\n          signatureExpirationLedger: validUntilLedgerSeq,\n          signature: signature ?? xdr.ScVal.scvVoid(),\n        }),\n        delegates: buildDelegateNodes(delegates),\n      }),\n    ),\n  });\n}\n\n/**\n * Recursively converts {@link DelegateSignature} descriptors into\n * {@link xdr.SorobanDelegateSignature} nodes, sorting each level by address and\n * rejecting duplicates (CAP-71-01).\n */\nfunction buildDelegateNodes(\n  delegates: DelegateSignature[],\n): xdr.SorobanDelegateSignature[] {\n  const nodes = delegates.map(\n    (delegate) =>\n      new xdr.SorobanDelegateSignature({\n        address: new Address(delegate.address).toScAddress(),\n        signature: delegate.signature ?? xdr.ScVal.scvVoid(),\n        nestedDelegates: buildDelegateNodes(delegate.nestedDelegates ?? []),\n      }),\n  );\n\n  nodes.sort((a, b) =>\n    Buffer.compare(a.address().toXDR(), b.address().toXDR()),\n  );\n\n  for (let i = 1; i < nodes.length; i++) {\n    if (\n      Buffer.compare(\n        nodes[i - 1].address().toXDR(),\n        nodes[i].address().toXDR(),\n      ) === 0\n    ) {\n      throw new Error(\n        `duplicate delegate address ${Address.fromScAddress(\n          nodes[i].address(),\n        ).toString()}`,\n      );\n    }\n  }\n\n  return nodes;\n}\n\n/**\n * Internal helper — intentionally NOT re-exported from `base/index.js`, so it\n * is not part of the public SDK API. Shared with the contract package, which\n * imports it directly from this module. If a public need arises, add it to the\n * explicit auth re-exports in `base/index.ts`.\n *\n * Extracts the {@link xdr.SorobanAddressCredentials} from any address-based\n * Soroban credential, regardless of which credential type variant is used.\n *\n * This unifies access across `SOROBAN_CREDENTIALS_ADDRESS`,\n * `SOROBAN_CREDENTIALS_ADDRESS_V2` (which carries identical fields but binds\n * the address into the signature payload), and\n * `SOROBAN_CREDENTIALS_ADDRESS_WITH_DELEGATES` (which wraps the same address\n * credentials alongside a set of delegate signatures).\n *\n * @param credentials - the credentials to inspect\n * @returns the inner address credentials, or `null` for source-account\n *    credentials (which carry no address payload)\n */\nexport function getAddressCredentials(\n  credentials: xdr.SorobanCredentials,\n): xdr.SorobanAddressCredentials | null {\n  switch (credentials.switch().value) {\n    case xdr.SorobanCredentialsType.sorobanCredentialsAddress().value:\n      return credentials.address();\n    case xdr.SorobanCredentialsType.sorobanCredentialsAddressV2().value:\n      return credentials.addressV2();\n    case xdr.SorobanCredentialsType.sorobanCredentialsAddressWithDelegates()\n      .value:\n      return credentials.addressWithDelegates().addressCredentials();\n    default:\n      return null;\n  }\n}\n\n/**\n * The common shape of every node in an authorization entry that can carry a\n * signature: the top-level {@link xdr.SorobanAddressCredentials} and, for the\n * delegates variant, each {@link xdr.SorobanDelegateSignature}. Both expose an\n * `address()` and a `signature()` accessor.\n */\ninterface SignableCredential {\n  address(value?: xdr.ScAddress): xdr.ScAddress;\n  signature(value?: xdr.ScVal): xdr.ScVal;\n}\n\n/**\n * Internal helper. Returns every node in an address-based credential that can\n * carry a signature, in a stable order: the top-level address credentials\n * first, then (only for `SOROBAN_CREDENTIALS_ADDRESS_WITH_DELEGATES`) the\n * delegates and their nested delegates, depth-first. Returns an empty array\n * for source-account credentials, which carry no signature.\n *\n * Per CAP-71-01 all of these nodes commit to the same payload (the one bound to\n * the top-level address), so the caller can fill any of them with a signature\n * produced from that shared payload.\n */\nfunction collectSignatureNodes(\n  credentials: xdr.SorobanCredentials,\n): SignableCredential[] {\n  switch (credentials.switch().value) {\n    case xdr.SorobanCredentialsType.sorobanCredentialsAddress().value:\n      return [credentials.address()];\n    case xdr.SorobanCredentialsType.sorobanCredentialsAddressV2().value:\n      return [credentials.addressV2()];\n    case xdr.SorobanCredentialsType.sorobanCredentialsAddressWithDelegates()\n      .value: {\n      const withDelegates = credentials.addressWithDelegates();\n      const nodes: SignableCredential[] = [withDelegates.addressCredentials()];\n      const walk = (delegates: xdr.SorobanDelegateSignature[]) => {\n        delegates.forEach((delegate) => {\n          nodes.push(delegate);\n          walk(delegate.nestedDelegates());\n        });\n      };\n      walk(withDelegates.delegates());\n      return nodes;\n    }\n    default:\n      return [];\n  }\n}\n\nfunction bytesToInt64(bytes: Uint8Array): bigint {\n  const buf = bytes.subarray(0, 8);\n  if (buf.length < 8) {\n    throw new Error(\n      `need at least 8 bytes to convert to Int64, got ${bytes.length}`,\n    );\n  }\n  const view = new DataView(buf.buffer, buf.byteOffset, 8);\n  const value = view.getBigInt64(0, false);\n\n  return value;\n}\n"],"names":["xdr"],"mappings":";;;;;;;;AAaA,SAAS,SAAS,KAAA,EAA2B;AAC3C,EAAA,IAAI,iBAAiB,WAAA,EAAa;AAChC,IAAA,OAAO,MAAA,CAAO,IAAA,CAAK,IAAI,UAAA,CAAW,KAAK,CAAC,CAAA;AAAA,EAC1C;AACA,EAAA,OAAO,MAAA,CAAO,KAAK,KAAK,CAAA;AAC1B;AAmHA,eAAsB,cAAA,CACpB,KAAA,EACA,MAAA,EACA,mBAAA,EACA,mBACA,UAAA,EACwC;AAExC,EAAA,IACE,KAAA,CAAM,WAAA,EAAY,CAAE,MAAA,EAAO,CAAE,UAC7BA,KAAA,CAAI,sBAAA,CAAuB,+BAAA,EAAgC,CAAE,KAAA,EAC7D;AACA,IAAA,OAAO,KAAA;AAAA,EACT;AAEA,EAAA,MAAM,QAAQA,KAAA,CAAI,yBAAA,CAA0B,OAAA,CAAQ,KAAA,CAAM,OAAO,CAAA;AACjE,EAAA,MAAM,WAAA,GAAc,MAAM,WAAA,EAAY;AACtC,EAAA,MAAM,QAAA,GAAW,sBAAsB,WAAW,CAAA;AAClD,EAAA,IAAI,aAAa,IAAA,EAAM;AAGrB,IAAA,MAAM,IAAI,KAAA,CAAM,CAAA,4BAAA,EAA+B,YAAY,MAAA,EAAO,CAAE,IAAI,CAAA,CAAE,CAAA;AAAA,EAC5E;AAMA,EAAA,QAAA,CAAS,0BAA0B,mBAAmB,CAAA;AAEtD,EAAA,MAAM,QAAA,GAAW,+BAAA;AAAA,IACf,KAAA;AAAA,IACA,mBAAA;AAAA,IACA;AAAA,GACF;AAEA,EAAA,MAAM,OAAA,GAAU,IAAA,CAAK,QAAA,CAAS,KAAA,EAAO,CAAA;AAErC,EAAA,IAAI,SAAA;AACJ,EAAA,IAAI,SAAA;AACJ,EAAA,IAAI,OAAO,WAAW,UAAA,EAAY;AAChC,IAAA,MAAM,SAAA,GAAY,MAAM,MAAA,CAAO,QAAQ,CAAA;AACvC,IAAA,IACE,cAAc,IAAA,IACd,OAAO,SAAA,KAAc,QAAA,IACrB,eAAe,SAAA,EACf;AACA,MAAA,SAAA,GAAY,QAAA,CAAS,UAAU,SAAS,CAAA;AACxC,MAAA,SAAA,GAAY,SAAA,CAAU,SAAA;AAAA,IACxB,CAAA,MAAO;AAEL,MAAA,SAAA,GAAY,SAAS,SAAS,CAAA;AAC9B,MAAA,SAAA,GAAY,QAAQ,aAAA,CAAc,QAAA,CAAS,OAAA,EAAS,EAAE,QAAA,EAAS;AAAA,IACjE;AAAA,EACF,CAAA,MAAO;AACL,IAAA,SAAA,GAAY,QAAA,CAAS,MAAA,CAAO,IAAA,CAAK,OAAO,CAAC,CAAA;AACzC,IAAA,SAAA,GAAY,OAAO,SAAA,EAAU;AAAA,EAC/B;AAEA,EAAA,IAAI,CAAC,QAAQ,aAAA,CAAc,SAAS,EAAE,MAAA,CAAO,OAAA,EAAS,SAAS,CAAA,EAAG;AAChE,IAAA,MAAM,IAAI,MAAM,CAAA,+BAAA,CAAiC,CAAA;AAAA,EACnD;AAOA,EAAA,MAAM,QAAA,GAAW,aAAA;AAAA,IACf;AAAA,MACE,UAAA,EAAY,MAAA,CAAO,sBAAA,CAAuB,SAAS,CAAA;AAAA,MACnD;AAAA,KACF;AAAA,IACA;AAAA,MACE,IAAA,EAAM;AAAA,QACJ,UAAA,EAAY,CAAC,QAAA,EAAU,IAAI,CAAA;AAAA,QAC3B,SAAA,EAAW,CAAC,QAAA,EAAU,IAAI;AAAA;AAC5B;AACF,GACF;AAEA,EAAA,MAAM,iBAAiBA,KAAA,CAAI,KAAA,CAAM,MAAA,CAAO,CAAC,QAAQ,CAAC,CAAA;AAQlD,EAAA,MAAM,OAAA,GACJ,eAAe,MAAA,GACX,CAAC,QAAQ,CAAA,GACT,qBAAA,CAAsB,WAAW,CAAA,CAAE,MAAA;AAAA,IACjC,CAAC,SACC,OAAA,CAAQ,aAAA,CAAc,KAAK,OAAA,EAAS,CAAA,CAAE,QAAA,EAAS,KAAM;AAAA,GACzD;AAEN,EAAA,IAAI,OAAA,CAAQ,WAAW,CAAA,EAAG;AACxB,IAAA,MAAM,IAAI,KAAA;AAAA,MACR,8DAA8D,UAAU,CAAA;AAAA,KAC1E;AAAA,EACF;AAEA,EAAA,OAAA,CAAQ,QAAQ,CAAC,IAAA,KAAS,IAAA,CAAK,SAAA,CAAU,cAAc,CAAC,CAAA;AACxD,EAAA,OAAO,KAAA;AACT;AAoDO,SAAS,oBACd,MAAA,EACwC;AACxC,EAAA,MAAM;AAAA,IACJ,MAAA;AAAA,IACA,mBAAA;AAAA,IACA,UAAA;AAAA,IACA,iBAAA;AAAA,IACA,SAAA,GAAY,EAAA;AAAA,IACZ,MAAA,GAAS;AAAA,GACX,GAAI,MAAA;AAIJ,EAAA,MAAM,EAAA,GAAK,OAAA,CAAQ,MAAA,EAAO,CAAE,YAAA,EAAa;AACzC,EAAA,MAAM,QAAQ,IAAIA,KAAA,CAAI,KAAA,CAAM,YAAA,CAAa,EAAE,CAAC,CAAA;AAE5C,EAAA,MAAM,KACJ,SAAA,KAAc,MAAA,YAAkB,OAAA,GAAU,MAAA,CAAO,WAAU,GAAI,IAAA,CAAA;AACjE,EAAA,IAAI,CAAC,EAAA,EAAI;AACP,IAAA,MAAM,IAAI,MAAM,CAAA,gDAAA,CAAkD,CAAA;AAAA,EACpE;AAKA,EAAA,MAAM,kBAAA,GAAqB,IAAIA,KAAA,CAAI,yBAAA,CAA0B;AAAA,IAC3D,OAAA,EAAS,IAAI,OAAA,CAAQ,EAAE,EAAE,WAAA,EAAY;AAAA,IACrC,KAAA;AAAA,IACA,yBAAA,EAA2B,CAAA;AAAA;AAAA,IAC3B,SAAA,EAAWA,KAAA,CAAI,KAAA,CAAM,MAAA,CAAO,EAAE;AAAA;AAAA,GAC/B,CAAA;AAED,EAAA,MAAM,KAAA,GAAQ,IAAIA,KAAA,CAAI,yBAAA,CAA0B;AAAA,IAC9C,cAAA,EAAgB,UAAA;AAAA,IAChB,WAAA,EAAa,MAAA,GACTA,KAAA,CAAI,kBAAA,CAAmB,2BAAA,CAA4B,kBAAkB,CAAA,GACrEA,KAAA,CAAI,kBAAA,CAAmB,yBAAA,CAA0B,kBAAkB;AAAA,GACxE,CAAA;AAED,EAAA,OAAO,cAAA,CAAe,KAAA,EAAO,MAAA,EAAQ,mBAAA,EAAqB,iBAAiB,CAAA;AAC7E;AAyBO,SAAS,+BAAA,CACd,KAAA,EACA,mBAAA,EACA,iBAAA,EACoB;AACpB,EAAA,MAAM,WAAA,GAAc,MAAM,WAAA,EAAY;AACtC,EAAA,MAAM,QAAA,GAAW,sBAAsB,WAAW,CAAA;AAClD,EAAA,IAAI,aAAa,IAAA,EAAM;AACrB,IAAA,MAAM,IAAI,KAAA;AAAA,MACR,CAAA,qDAAA,EAAwD,WAAA,CAAY,MAAA,EAAO,CAAE,IAAI,CAAA;AAAA,KACnF;AAAA,EACF;AAEA,EAAA,MAAM,SAAA,GAAY,IAAA,CAAK,MAAA,CAAO,IAAA,CAAK,iBAAiB,CAAC,CAAA;AAErD,EAAA,QAAQ,WAAA,CAAY,MAAA,EAAO,CAAE,KAAA;AAAO;AAAA,IAElC,KAAKA,KAAA,CAAI,sBAAA,CAAuB,yBAAA,EAA0B,CAAE,KAAA;AAC1D,MAAA,OAAOA,MAAI,cAAA,CAAe,gCAAA;AAAA,QACxB,IAAIA,MAAI,kCAAA,CAAmC;AAAA,UACzC,SAAA;AAAA,UACA,KAAA,EAAO,SAAS,KAAA,EAAM;AAAA,UACtB,UAAA,EAAY,MAAM,cAAA,EAAe;AAAA,UACjC,yBAAA,EAA2B;AAAA,SAC5B;AAAA,OACH;AAAA;AAAA;AAAA,IAIF,KAAKA,KAAA,CAAI,sBAAA,CAAuB,2BAAA,EAA4B,CAAE,KAAA;AAAA,IAC9D,KAAKA,KAAA,CAAI,sBAAA,CAAuB,sCAAA,EAAuC,CACpE,KAAA;AACD,MAAA,OAAOA,MAAI,cAAA,CAAe,2CAAA;AAAA,QACxB,IAAIA,MAAI,6CAAA,CAA8C;AAAA,UACpD,SAAA;AAAA,UACA,KAAA,EAAO,SAAS,KAAA,EAAM;AAAA,UACtB,UAAA,EAAY,MAAM,cAAA,EAAe;AAAA,UACjC,OAAA,EAAS,SAAS,OAAA,EAAQ;AAAA,UAC1B,yBAAA,EAA2B;AAAA,SAC5B;AAAA,OACH;AAAA,IAEF;AACE,MAAA,MAAM,IAAI,KAAA;AAAA,QACR,CAAA,4BAAA,EAA+B,WAAA,CAAY,MAAA,EAAO,CAAE,IAAI,CAAA;AAAA,OAC1D;AAAA;AAEN;AA+DO,SAAS,wBACd,MAAA,EAC+B;AAC/B,EAAA,MAAM,EAAE,KAAA,EAAO,mBAAA,EAAqB,SAAA,EAAW,WAAU,GAAI,MAAA;AAC7D,EAAA,MAAM,WAAA,GAAc,MAAM,WAAA,EAAY;AACtC,EAAA,MAAM,QAAA,GAAW,sBAAsB,WAAW,CAAA;AAClD,EAAA,IACE,QAAA,KAAa,IAAA,IACb,WAAA,CAAY,MAAA,EAAO,CAAE,UACnBA,KAAA,CAAI,sBAAA,CAAuB,sCAAA,EAAuC,CAAE,KAAA,EACtE;AACA,IAAA,MAAM,IAAI,KAAA;AAAA,MACR,CAAA,uEAAA,EACE,WAAA,CAAY,MAAA,EAAO,CAAE,IACvB,CAAA;AAAA,KACF;AAAA,EACF;AAEA,EAAA,OAAO,IAAIA,MAAI,yBAAA,CAA0B;AAAA,IACvC,cAAA,EAAgB,MAAM,cAAA,EAAe;AAAA,IACrC,WAAA,EAAaA,MAAI,kBAAA,CAAmB,sCAAA;AAAA,MAClC,IAAIA,MAAI,sCAAA,CAAuC;AAAA,QAC7C,kBAAA,EAAoB,IAAIA,KAAA,CAAI,yBAAA,CAA0B;AAAA,UACpD,OAAA,EAAS,SAAS,OAAA,EAAQ;AAAA,UAC1B,KAAA,EAAO,SAAS,KAAA,EAAM;AAAA,UACtB,yBAAA,EAA2B,mBAAA;AAAA,UAC3B,SAAA,EAAW,SAAA,IAAaA,KAAA,CAAI,KAAA,CAAM,OAAA;AAAQ,SAC3C,CAAA;AAAA,QACD,SAAA,EAAW,mBAAmB,SAAS;AAAA,OACxC;AAAA;AACH,GACD,CAAA;AACH;AAOA,SAAS,mBACP,SAAA,EACgC;AAChC,EAAA,MAAM,QAAQ,SAAA,CAAU,GAAA;AAAA,IACtB,CAAC,QAAA,KACC,IAAIA,KAAA,CAAI,wBAAA,CAAyB;AAAA,MAC/B,SAAS,IAAI,OAAA,CAAQ,QAAA,CAAS,OAAO,EAAE,WAAA,EAAY;AAAA,MACnD,SAAA,EAAW,QAAA,CAAS,SAAA,IAAaA,KAAA,CAAI,MAAM,OAAA,EAAQ;AAAA,MACnD,eAAA,EAAiB,kBAAA,CAAmB,QAAA,CAAS,eAAA,IAAmB,EAAE;AAAA,KACnE;AAAA,GACL;AAEA,EAAA,KAAA,CAAM,IAAA;AAAA,IAAK,CAAC,CAAA,EAAG,CAAA,KACb,MAAA,CAAO,QAAQ,CAAA,CAAE,OAAA,EAAQ,CAAE,KAAA,EAAM,EAAG,CAAA,CAAE,OAAA,EAAQ,CAAE,OAAO;AAAA,GACzD;AAEA,EAAA,KAAA,IAAS,CAAA,GAAI,CAAA,EAAG,CAAA,GAAI,KAAA,CAAM,QAAQ,CAAA,EAAA,EAAK;AACrC,IAAA,IACE,MAAA,CAAO,OAAA;AAAA,MACL,MAAM,CAAA,GAAI,CAAC,CAAA,CAAE,OAAA,GAAU,KAAA,EAAM;AAAA,MAC7B,KAAA,CAAM,CAAC,CAAA,CAAE,OAAA,GAAU,KAAA;AAAM,UACrB,CAAA,EACN;AACA,MAAA,MAAM,IAAI,KAAA;AAAA,QACR,8BAA8B,OAAA,CAAQ,aAAA;AAAA,UACpC,KAAA,CAAM,CAAC,CAAA,CAAE,OAAA;AAAQ,SACnB,CAAE,UAAU,CAAA;AAAA,OACd;AAAA,IACF;AAAA,EACF;AAEA,EAAA,OAAO,KAAA;AACT;AAqBO,SAAS,sBACd,WAAA,EACsC;AACtC,EAAA,QAAQ,WAAA,CAAY,MAAA,EAAO,CAAE,KAAA;AAAO,IAClC,KAAKA,KAAA,CAAI,sBAAA,CAAuB,yBAAA,EAA0B,CAAE,KAAA;AAC1D,MAAA,OAAO,YAAY,OAAA,EAAQ;AAAA,IAC7B,KAAKA,KAAA,CAAI,sBAAA,CAAuB,2BAAA,EAA4B,CAAE,KAAA;AAC5D,MAAA,OAAO,YAAY,SAAA,EAAU;AAAA,IAC/B,KAAKA,KAAA,CAAI,sBAAA,CAAuB,sCAAA,EAAuC,CACpE,KAAA;AACD,MAAA,OAAO,WAAA,CAAY,oBAAA,EAAqB,CAAE,kBAAA,EAAmB;AAAA,IAC/D;AACE,MAAA,OAAO,IAAA;AAAA;AAEb;AAwBA,SAAS,sBACP,WAAA,EACsB;AACtB,EAAA,QAAQ,WAAA,CAAY,MAAA,EAAO,CAAE,KAAA;AAAO,IAClC,KAAKA,KAAA,CAAI,sBAAA,CAAuB,yBAAA,EAA0B,CAAE,KAAA;AAC1D,MAAA,OAAO,CAAC,WAAA,CAAY,OAAA,EAAS,CAAA;AAAA,IAC/B,KAAKA,KAAA,CAAI,sBAAA,CAAuB,2BAAA,EAA4B,CAAE,KAAA;AAC5D,MAAA,OAAO,CAAC,WAAA,CAAY,SAAA,EAAW,CAAA;AAAA,IACjC,KAAKA,KAAA,CAAI,sBAAA,CAAuB,sCAAA,GAC7B,KAAA,EAAO;AACR,MAAA,MAAM,aAAA,GAAgB,YAAY,oBAAA,EAAqB;AACvD,MAAA,MAAM,KAAA,GAA8B,CAAC,aAAA,CAAc,kBAAA,EAAoB,CAAA;AACvE,MAAA,MAAM,IAAA,GAAO,CAAC,SAAA,KAA8C;AAC1D,QAAA,SAAA,CAAU,OAAA,CAAQ,CAAC,QAAA,KAAa;AAC9B,UAAA,KAAA,CAAM,KAAK,QAAQ,CAAA;AACnB,UAAA,IAAA,CAAK,QAAA,CAAS,iBAAiB,CAAA;AAAA,QACjC,CAAC,CAAA;AAAA,MACH,CAAA;AACA,MAAA,IAAA,CAAK,aAAA,CAAc,WAAW,CAAA;AAC9B,MAAA,OAAO,KAAA;AAAA,IACT;AAAA,IACA;AACE,MAAA,OAAO,EAAC;AAAA;AAEd;AAEA,SAAS,aAAa,KAAA,EAA2B;AAC/C,EAAA,MAAM,GAAA,GAAM,KAAA,CAAM,QAAA,CAAS,CAAA,EAAG,CAAC,CAAA;AAC/B,EAAA,IAAI,GAAA,CAAI,SAAS,CAAA,EAAG;AAClB,IAAA,MAAM,IAAI,KAAA;AAAA,MACR,CAAA,+CAAA,EAAkD,MAAM,MAAM,CAAA;AAAA,KAChE;AAAA,EACF;AACA,EAAA,MAAM,OAAO,IAAI,QAAA,CAAS,IAAI,MAAA,EAAQ,GAAA,CAAI,YAAY,CAAC,CAAA;AACvD,EAAA,MAAM,KAAA,GAAQ,IAAA,CAAK,WAAA,CAAY,CAAA,EAAG,KAAK,CAAA;AAEvC,EAAA,OAAO,KAAA;AACT;;;;"}

package/lib/axios/esm/base/keypair.js

@@ -89,7 +89,7 @@ class Keypair {
    * Create a random `Keypair` object.
    */
   static random() {
-    const { secretKey } = ed.keygen();
+    const secretKey = ed.utils.randomSecretKey();
     return this.fromRawEd25519Seed(Buffer.from(secretKey));
   }
   /** Returns this public key as an xdr.AccountId. */

package/lib/axios/esm/base/keypair.js.map

@@ -1 +1 @@
-{"version":3,"file":"keypair.js","sources":["../../../../src/base/keypair.ts"],"sourcesContent":["import * as ed from \"@noble/ed25519\";\nimport { sha512 } from \"@noble/hashes/sha2.js\";\nimport { sign, verify, generate } from \"./signing.js\";\nimport { StrKey } from \"./strkey.js\";\nimport { hash } from \"./hashing.js\";\n\nimport xdr from \"./xdr.js\";\n\ned.hashes.sha512 = sha512;\n/**\n * `Keypair` represents public (and secret) keys of the account.\n *\n * Currently `Keypair` only supports ed25519 but in a future this class can be abstraction layer for other\n * public-key signature systems.\n *\n * Use more convenient methods to create `Keypair` object:\n * * `{@link Keypair.fromPublicKey}`\n * * `{@link Keypair.fromSecret}`\n * * `{@link Keypair.random}`\n */\nexport class Keypair {\n  readonly type: \"ed25519\";\n  private _publicKey: Buffer;\n  private _secretSeed?: Buffer;\n  private _secretKey?: Buffer;\n\n  /**\n   * @param keys - at least one of keys must be provided.\n   *   - `type`: public-key signature system name (currently only `ed25519` keys are supported)\n   *   - `publicKey`: raw public key\n   *   - `secretKey`: raw secret key (32-byte secret seed in ed25519)\n   */\n  constructor(\n    keys:\n      | {\n          type: \"ed25519\";\n          secretKey: Buffer | string;\n          publicKey?: Buffer | string;\n        }\n      | { type: \"ed25519\"; publicKey: Buffer | string },\n  ) {\n    if (keys.type !== \"ed25519\") {\n      throw new Error(\"Invalid keys type\");\n    }\n\n    this.type = keys.type;\n\n    if (\"secretKey\" in keys) {\n      keys.secretKey = Buffer.from(keys.secretKey);\n\n      if (keys.secretKey.length !== 32) {\n        throw new Error(\"secretKey length is invalid\");\n      }\n\n      this._secretSeed = keys.secretKey;\n      this._publicKey = generate(keys.secretKey);\n      this._secretKey = keys.secretKey;\n\n      if (\n        keys.publicKey &&\n        !this._publicKey.equals(Buffer.from(keys.publicKey))\n      ) {\n        throw new Error(\"secretKey does not match publicKey\");\n      }\n    } else if (\"publicKey\" in keys) {\n      this._publicKey = Buffer.from(keys.publicKey);\n\n      if (this._publicKey.length !== 32) {\n        throw new Error(\"publicKey length is invalid\");\n      }\n    } else {\n      throw new Error(\n        \"At least one of publicKey or secretKey must be provided\",\n      );\n    }\n  }\n\n  /**\n   * Creates a new `Keypair` instance from secret. This can either be secret key or secret seed depending\n   * on underlying public-key signature system. Currently `Keypair` only supports ed25519.\n   * @param secret - secret key (ex. `SDAK....`)\n   */\n  static fromSecret(secret: string): Keypair {\n    const rawSecret = StrKey.decodeEd25519SecretSeed(secret);\n    return this.fromRawEd25519Seed(rawSecret);\n  }\n\n  /**\n   * Creates a new `Keypair` object from ed25519 secret key seed raw bytes.\n   *\n   * @param rawSeed - raw 32-byte ed25519 secret key seed\n   */\n  static fromRawEd25519Seed(rawSeed: Buffer): Keypair {\n    return new this({ type: \"ed25519\", secretKey: rawSeed });\n  }\n\n  /**\n   * Returns `Keypair` object representing network master key.\n   * @param networkPassphrase - passphrase of the target stellar network (e.g. \"Public Global Stellar Network ; September 2015\")\n   */\n  static master(networkPassphrase: string): Keypair {\n    if (!networkPassphrase) {\n      throw new Error(\n        \"No network selected. Please pass a network argument, e.g. `Keypair.master(Networks.PUBLIC)`.\",\n      );\n    }\n\n    return this.fromRawEd25519Seed(hash(networkPassphrase));\n  }\n\n  /**\n   * Creates a new `Keypair` object from public key.\n   * @param publicKey - public key (ex. `GB3KJPLFUYN5VL6R3GU3EGCGVCKFDSD7BEDX42HWG5BWFKB3KQGJJRMA`)\n   */\n  static fromPublicKey(publicKey: string): Keypair {\n    const publicKeyBuffer = StrKey.decodeEd25519PublicKey(publicKey);\n    if (publicKeyBuffer.length !== 32) {\n      throw new Error(\"Invalid Stellar public key\");\n    }\n\n    return new this({ type: \"ed25519\", publicKey: publicKeyBuffer });\n  }\n\n  /**\n   * Create a random `Keypair` object.\n   */\n  static random(): Keypair {\n    const { secretKey } = ed.keygen();\n    return this.fromRawEd25519Seed(Buffer.from(secretKey));\n  }\n\n  /** Returns this public key as an xdr.AccountId. */\n  xdrAccountId(): xdr.AccountId {\n    return xdr.PublicKey.publicKeyTypeEd25519(this._publicKey);\n  }\n\n  /** Returns this public key as an xdr.PublicKey. */\n  xdrPublicKey(): xdr.PublicKey {\n    return xdr.PublicKey.publicKeyTypeEd25519(this._publicKey);\n  }\n\n  /**\n   * Creates a {@link xdr.MuxedAccount} object from the public key.\n   *\n   * You will get a different type of muxed account depending on whether or not\n   * you pass an ID.\n   *\n   * @param id - (optional) stringified integer indicating the underlying muxed\n   *     ID of the new account object\n   */\n  xdrMuxedAccount(id?: string): xdr.MuxedAccount {\n    if (typeof id !== \"undefined\") {\n      if (typeof id !== \"string\") {\n        throw new TypeError(`expected string for ID, got ${typeof id}`);\n      }\n\n      return xdr.MuxedAccount.keyTypeMuxedEd25519(\n        new xdr.MuxedAccountMed25519({\n          id: xdr.Uint64.fromString(id),\n          ed25519: this._publicKey,\n        }),\n      );\n    }\n\n    return xdr.MuxedAccount.keyTypeEd25519(this._publicKey);\n  }\n\n  /**\n   * Returns raw public key bytes\n   */\n  rawPublicKey(): Buffer {\n    return this._publicKey;\n  }\n\n  /**\n   * Returns the signature hint for this keypair.\n   * The hint is the last 4 bytes of the account ID XDR representation.\n   */\n  signatureHint(): Buffer {\n    const a = this.xdrAccountId().toXDR();\n\n    return a.subarray(a.length - 4);\n  }\n\n  /**\n   * Returns public key associated with this `Keypair` object.\n   */\n  publicKey(): string {\n    return StrKey.encodeEd25519PublicKey(this._publicKey);\n  }\n\n  /**\n   * Returns secret key associated with this `Keypair` object.\n   *\n   * The secret key is encoded in Stellar format (e.g., `SDAK....`).\n   *\n   * @throws if no secret key is available\n   */\n  secret(): string {\n    if (!this._secretSeed) {\n      throw new Error(\"no secret key available\");\n    }\n\n    if (this.type === \"ed25519\") {\n      return StrKey.encodeEd25519SecretSeed(this._secretSeed);\n    }\n\n    throw new Error(\"Invalid Keypair type\");\n  }\n\n  /**\n   * Returns raw secret key bytes.\n   *\n   * @throws if no secret seed is available\n   */\n  rawSecretKey(): Buffer {\n    if (!this._secretSeed) {\n      throw new Error(\"no secret seed available\");\n    }\n    return this._secretSeed;\n  }\n\n  /**\n   * Returns `true` if this `Keypair` object contains secret key and can sign.\n   */\n  canSign(): boolean {\n    return !!this._secretKey;\n  }\n\n  /**\n   * Signs data.\n   *\n   * @param data - data to sign\n   * @throws if no secret key is available\n   */\n  sign(data: Buffer): Buffer {\n    if (!this._secretKey) {\n      throw new Error(\"cannot sign: no secret key available\");\n    }\n\n    return sign(data, this._secretKey);\n  }\n\n  /**\n   * Verifies if `signature` for `data` is valid.\n   *\n   * @param data - signed data\n   * @param signature - signature to verify\n   */\n  verify(data: Buffer, signature: Buffer): boolean {\n    try {\n      return verify(data, signature, this._publicKey);\n    } catch {\n      return false;\n    }\n  }\n\n  /**\n   * Returns the decorated signature (hint+sig) for arbitrary data.\n   *\n   * The returned structure can be added directly to a transaction envelope.\n   *\n   * @param data - arbitrary data to sign\n   *\n   * @see TransactionBase.addDecoratedSignature\n   */\n  signDecorated(data: Buffer): xdr.DecoratedSignature {\n    const signature = this.sign(data);\n    const hint = this.signatureHint();\n\n    return new xdr.DecoratedSignature({ hint, signature });\n  }\n\n  /**\n   * Returns the raw decorated signature (hint+sig) for a signed payload signer.\n   *\n   *  The hint is defined as the last 4 bytes of the signer key XORed with last\n   *  4 bytes of the payload (zero-left-padded if necessary).\n   *\n   * @param data - data to both sign and treat as the payload\n   *\n   * @see https://github.com/stellar/stellar-protocol/blob/master/core/cap-0040.md#signature-hint\n   * @see TransactionBase.addDecoratedSignature\n   */\n  signPayloadDecorated(data: Buffer): xdr.DecoratedSignature {\n    // Ensure data is a Buffer to support array-like inputs\n    const dataBuffer = Buffer.isBuffer(data) ? data : Buffer.from(data);\n\n    const signature = this.sign(dataBuffer);\n    const keyHint = this.signatureHint();\n\n    let hint = Buffer.from(dataBuffer.subarray(-4));\n    if (hint.length < 4) {\n      // append zeroes as needed\n      hint = Buffer.concat([hint, Buffer.alloc(4 - hint.length, 0)]);\n    }\n\n    // XOR each byte of hint with corresponding byte of keyHint\n    for (let i = 0; i < hint.length; i++) {\n      hint[i] = (hint[i] as number) ^ (keyHint[i] as number);\n    }\n\n    return new xdr.DecoratedSignature({\n      hint,\n      signature,\n    });\n  }\n}\n"],"names":["xdr"],"mappings":";;;;;;;;AAQA,EAAA,CAAG,OAAO,MAAA,GAAS,MAAA;AAYZ,MAAM,OAAA,CAAQ;AAAA,EACV,IAAA;AAAA,EACD,UAAA;AAAA,EACA,WAAA;AAAA,EACA,UAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAQR,YACE,IAAA,EAOA;AACA,IAAA,IAAI,IAAA,CAAK,SAAS,SAAA,EAAW;AAC3B,MAAA,MAAM,IAAI,MAAM,mBAAmB,CAAA;AAAA,IACrC;AAEA,IAAA,IAAA,CAAK,OAAO,IAAA,CAAK,IAAA;AAEjB,IAAA,IAAI,eAAe,IAAA,EAAM;AACvB,MAAA,IAAA,CAAK,SAAA,GAAY,MAAA,CAAO,IAAA,CAAK,IAAA,CAAK,SAAS,CAAA;AAE3C,MAAA,IAAI,IAAA,CAAK,SAAA,CAAU,MAAA,KAAW,EAAA,EAAI;AAChC,QAAA,MAAM,IAAI,MAAM,6BAA6B,CAAA;AAAA,MAC/C;AAEA,MAAA,IAAA,CAAK,cAAc,IAAA,CAAK,SAAA;AACxB,MAAA,IAAA,CAAK,UAAA,GAAa,QAAA,CAAS,IAAA,CAAK,SAAS,CAAA;AACzC,MAAA,IAAA,CAAK,aAAa,IAAA,CAAK,SAAA;AAEvB,MAAA,IACE,IAAA,CAAK,SAAA,IACL,CAAC,IAAA,CAAK,UAAA,CAAW,MAAA,CAAO,MAAA,CAAO,IAAA,CAAK,IAAA,CAAK,SAAS,CAAC,CAAA,EACnD;AACA,QAAA,MAAM,IAAI,MAAM,oCAAoC,CAAA;AAAA,MACtD;AAAA,IACF,CAAA,MAAA,IAAW,eAAe,IAAA,EAAM;AAC9B,MAAA,IAAA,CAAK,UAAA,GAAa,MAAA,CAAO,IAAA,CAAK,IAAA,CAAK,SAAS,CAAA;AAE5C,MAAA,IAAI,IAAA,CAAK,UAAA,CAAW,MAAA,KAAW,EAAA,EAAI;AACjC,QAAA,MAAM,IAAI,MAAM,6BAA6B,CAAA;AAAA,MAC/C;AAAA,IACF,CAAA,MAAO;AACL,MAAA,MAAM,IAAI,KAAA;AAAA,QACR;AAAA,OACF;AAAA,IACF;AAAA,EACF;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAOA,OAAO,WAAW,MAAA,EAAyB;AACzC,IAAA,MAAM,SAAA,GAAY,MAAA,CAAO,uBAAA,CAAwB,MAAM,CAAA;AACvD,IAAA,OAAO,IAAA,CAAK,mBAAmB,SAAS,CAAA;AAAA,EAC1C;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAOA,OAAO,mBAAmB,OAAA,EAA0B;AAClD,IAAA,OAAO,IAAI,IAAA,CAAK,EAAE,MAAM,SAAA,EAAW,SAAA,EAAW,SAAS,CAAA;AAAA,EACzD;AAAA;AAAA;AAAA;AAAA;AAAA,EAMA,OAAO,OAAO,iBAAA,EAAoC;AAChD,IAAA,IAAI,CAAC,iBAAA,EAAmB;AACtB,MAAA,MAAM,IAAI,KAAA;AAAA,QACR;AAAA,OACF;AAAA,IACF;AAEA,IAAA,OAAO,IAAA,CAAK,kBAAA,CAAmB,IAAA,CAAK,iBAAiB,CAAC,CAAA;AAAA,EACxD;AAAA;AAAA;AAAA;AAAA;AAAA,EAMA,OAAO,cAAc,SAAA,EAA4B;AAC/C,IAAA,MAAM,eAAA,GAAkB,MAAA,CAAO,sBAAA,CAAuB,SAAS,CAAA;AAC/D,IAAA,IAAI,eAAA,CAAgB,WAAW,EAAA,EAAI;AACjC,MAAA,MAAM,IAAI,MAAM,4BAA4B,CAAA;AAAA,IAC9C;AAEA,IAAA,OAAO,IAAI,IAAA,CAAK,EAAE,MAAM,SAAA,EAAW,SAAA,EAAW,iBAAiB,CAAA;AAAA,EACjE;AAAA;AAAA;AAAA;AAAA,EAKA,OAAO,MAAA,GAAkB;AACvB,IAAA,MAAM,EAAE,SAAA,EAAU,GAAI,EAAA,CAAG,MAAA,EAAO;AAChC,IAAA,OAAO,IAAA,CAAK,kBAAA,CAAmB,MAAA,CAAO,IAAA,CAAK,SAAS,CAAC,CAAA;AAAA,EACvD;AAAA;AAAA,EAGA,YAAA,GAA8B;AAC5B,IAAA,OAAOA,KAAA,CAAI,SAAA,CAAU,oBAAA,CAAqB,IAAA,CAAK,UAAU,CAAA;AAAA,EAC3D;AAAA;AAAA,EAGA,YAAA,GAA8B;AAC5B,IAAA,OAAOA,KAAA,CAAI,SAAA,CAAU,oBAAA,CAAqB,IAAA,CAAK,UAAU,CAAA;AAAA,EAC3D;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAWA,gBAAgB,EAAA,EAA+B;AAC7C,IAAA,IAAI,OAAO,OAAO,WAAA,EAAa;AAC7B,MAAA,IAAI,OAAO,OAAO,QAAA,EAAU;AAC1B,QAAA,MAAM,IAAI,SAAA,CAAU,CAAA,4BAAA,EAA+B,OAAO,EAAE,CAAA,CAAE,CAAA;AAAA,MAChE;AAEA,MAAA,OAAOA,MAAI,YAAA,CAAa,mBAAA;AAAA,QACtB,IAAIA,MAAI,oBAAA,CAAqB;AAAA,UAC3B,EAAA,EAAIA,KAAA,CAAI,MAAA,CAAO,UAAA,CAAW,EAAE,CAAA;AAAA,UAC5B,SAAS,IAAA,CAAK;AAAA,SACf;AAAA,OACH;AAAA,IACF;AAEA,IAAA,OAAOA,KAAA,CAAI,YAAA,CAAa,cAAA,CAAe,IAAA,CAAK,UAAU,CAAA;AAAA,EACxD;AAAA;AAAA;AAAA;AAAA,EAKA,YAAA,GAAuB;AACrB,IAAA,OAAO,IAAA,CAAK,UAAA;AAAA,EACd;AAAA;AAAA;AAAA;AAAA;AAAA,EAMA,aAAA,GAAwB;AACtB,IAAA,MAAM,CAAA,GAAI,IAAA,CAAK,YAAA,EAAa,CAAE,KAAA,EAAM;AAEpC,IAAA,OAAO,CAAA,CAAE,QAAA,CAAS,CAAA,CAAE,MAAA,GAAS,CAAC,CAAA;AAAA,EAChC;AAAA;AAAA;AAAA;AAAA,EAKA,SAAA,GAAoB;AAClB,IAAA,OAAO,MAAA,CAAO,sBAAA,CAAuB,IAAA,CAAK,UAAU,CAAA;AAAA,EACtD;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EASA,MAAA,GAAiB;AACf,IAAA,IAAI,CAAC,KAAK,WAAA,EAAa;AACrB,MAAA,MAAM,IAAI,MAAM,yBAAyB,CAAA;AAAA,IAC3C;AAEA,IAAA,IAAI,IAAA,CAAK,SAAS,SAAA,EAAW;AAC3B,MAAA,OAAO,MAAA,CAAO,uBAAA,CAAwB,IAAA,CAAK,WAAW,CAAA;AAAA,IACxD;AAEA,IAAA,MAAM,IAAI,MAAM,sBAAsB,CAAA;AAAA,EACxC;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAOA,YAAA,GAAuB;AACrB,IAAA,IAAI,CAAC,KAAK,WAAA,EAAa;AACrB,MAAA,MAAM,IAAI,MAAM,0BAA0B,CAAA;AAAA,IAC5C;AACA,IAAA,OAAO,IAAA,CAAK,WAAA;AAAA,EACd;AAAA;AAAA;AAAA;AAAA,EAKA,OAAA,GAAmB;AACjB,IAAA,OAAO,CAAC,CAAC,IAAA,CAAK,UAAA;AAAA,EAChB;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAQA,KAAK,IAAA,EAAsB;AACzB,IAAA,IAAI,CAAC,KAAK,UAAA,EAAY;AACpB,MAAA,MAAM,IAAI,MAAM,sCAAsC,CAAA;AAAA,IACxD;AAEA,IAAA,OAAO,IAAA,CAAK,IAAA,EAAM,IAAA,CAAK,UAAU,CAAA;AAAA,EACnC;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAQA,MAAA,CAAO,MAAc,SAAA,EAA4B;AAC/C,IAAA,IAAI;AACF,MAAA,OAAO,MAAA,CAAO,IAAA,EAAM,SAAA,EAAW,IAAA,CAAK,UAAU,CAAA;AAAA,IAChD,CAAA,CAAA,MAAQ;AACN,MAAA,OAAO,KAAA;AAAA,IACT;AAAA,EACF;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAWA,cAAc,IAAA,EAAsC;AAClD,IAAA,MAAM,SAAA,GAAY,IAAA,CAAK,IAAA,CAAK,IAAI,CAAA;AAChC,IAAA,MAAM,IAAA,GAAO,KAAK,aAAA,EAAc;AAEhC,IAAA,OAAO,IAAIA,KAAA,CAAI,kBAAA,CAAmB,EAAE,IAAA,EAAM,WAAW,CAAA;AAAA,EACvD;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAaA,qBAAqB,IAAA,EAAsC;AAEzD,IAAA,MAAM,UAAA,GAAa,OAAO,QAAA,CAAS,IAAI,IAAI,IAAA,GAAO,MAAA,CAAO,KAAK,IAAI,CAAA;AAElE,IAAA,MAAM,SAAA,GAAY,IAAA,CAAK,IAAA,CAAK,UAAU,CAAA;AACtC,IAAA,MAAM,OAAA,GAAU,KAAK,aAAA,EAAc;AAEnC,IAAA,IAAI,OAAO,MAAA,CAAO,IAAA,CAAK,UAAA,CAAW,QAAA,CAAS,EAAE,CAAC,CAAA;AAC9C,IAAA,IAAI,IAAA,CAAK,SAAS,CAAA,EAAG;AAEnB,MAAA,IAAA,GAAO,MAAA,CAAO,MAAA,CAAO,CAAC,IAAA,EAAM,MAAA,CAAO,KAAA,CAAM,CAAA,GAAI,IAAA,CAAK,MAAA,EAAQ,CAAC,CAAC,CAAC,CAAA;AAAA,IAC/D;AAGA,IAAA,KAAA,IAAS,CAAA,GAAI,CAAA,EAAG,CAAA,GAAI,IAAA,CAAK,QAAQ,CAAA,EAAA,EAAK;AACpC,MAAA,IAAA,CAAK,CAAC,CAAA,GAAK,IAAA,CAAK,CAAC,CAAA,GAAgB,QAAQ,CAAC,CAAA;AAAA,IAC5C;AAEA,IAAA,OAAO,IAAIA,MAAI,kBAAA,CAAmB;AAAA,MAChC,IAAA;AAAA,MACA;AAAA,KACD,CAAA;AAAA,EACH;AACF;;;;"}
+{"version":3,"file":"keypair.js","sources":["../../../../src/base/keypair.ts"],"sourcesContent":["import * as ed from \"@noble/ed25519\";\nimport { sha512 } from \"@noble/hashes/sha2.js\";\nimport { sign, verify, generate } from \"./signing.js\";\nimport { StrKey } from \"./strkey.js\";\nimport { hash } from \"./hashing.js\";\n\nimport xdr from \"./xdr.js\";\n\ned.hashes.sha512 = sha512;\n/**\n * `Keypair` represents public (and secret) keys of the account.\n *\n * Currently `Keypair` only supports ed25519 but in a future this class can be abstraction layer for other\n * public-key signature systems.\n *\n * Use more convenient methods to create `Keypair` object:\n * * `{@link Keypair.fromPublicKey}`\n * * `{@link Keypair.fromSecret}`\n * * `{@link Keypair.random}`\n */\nexport class Keypair {\n  readonly type: \"ed25519\";\n  private _publicKey: Buffer;\n  private _secretSeed?: Buffer;\n  private _secretKey?: Buffer;\n\n  /**\n   * @param keys - at least one of keys must be provided.\n   *   - `type`: public-key signature system name (currently only `ed25519` keys are supported)\n   *   - `publicKey`: raw public key\n   *   - `secretKey`: raw secret key (32-byte secret seed in ed25519)\n   */\n  constructor(\n    keys:\n      | {\n          type: \"ed25519\";\n          secretKey: Buffer | string;\n          publicKey?: Buffer | string;\n        }\n      | { type: \"ed25519\"; publicKey: Buffer | string },\n  ) {\n    if (keys.type !== \"ed25519\") {\n      throw new Error(\"Invalid keys type\");\n    }\n\n    this.type = keys.type;\n\n    if (\"secretKey\" in keys) {\n      keys.secretKey = Buffer.from(keys.secretKey);\n\n      if (keys.secretKey.length !== 32) {\n        throw new Error(\"secretKey length is invalid\");\n      }\n\n      this._secretSeed = keys.secretKey;\n      this._publicKey = generate(keys.secretKey);\n      this._secretKey = keys.secretKey;\n\n      if (\n        keys.publicKey &&\n        !this._publicKey.equals(Buffer.from(keys.publicKey))\n      ) {\n        throw new Error(\"secretKey does not match publicKey\");\n      }\n    } else if (\"publicKey\" in keys) {\n      this._publicKey = Buffer.from(keys.publicKey);\n\n      if (this._publicKey.length !== 32) {\n        throw new Error(\"publicKey length is invalid\");\n      }\n    } else {\n      throw new Error(\n        \"At least one of publicKey or secretKey must be provided\",\n      );\n    }\n  }\n\n  /**\n   * Creates a new `Keypair` instance from secret. This can either be secret key or secret seed depending\n   * on underlying public-key signature system. Currently `Keypair` only supports ed25519.\n   * @param secret - secret key (ex. `SDAK....`)\n   */\n  static fromSecret(secret: string): Keypair {\n    const rawSecret = StrKey.decodeEd25519SecretSeed(secret);\n    return this.fromRawEd25519Seed(rawSecret);\n  }\n\n  /**\n   * Creates a new `Keypair` object from ed25519 secret key seed raw bytes.\n   *\n   * @param rawSeed - raw 32-byte ed25519 secret key seed\n   */\n  static fromRawEd25519Seed(rawSeed: Buffer): Keypair {\n    return new this({ type: \"ed25519\", secretKey: rawSeed });\n  }\n\n  /**\n   * Returns `Keypair` object representing network master key.\n   * @param networkPassphrase - passphrase of the target stellar network (e.g. \"Public Global Stellar Network ; September 2015\")\n   */\n  static master(networkPassphrase: string): Keypair {\n    if (!networkPassphrase) {\n      throw new Error(\n        \"No network selected. Please pass a network argument, e.g. `Keypair.master(Networks.PUBLIC)`.\",\n      );\n    }\n\n    return this.fromRawEd25519Seed(hash(networkPassphrase));\n  }\n\n  /**\n   * Creates a new `Keypair` object from public key.\n   * @param publicKey - public key (ex. `GB3KJPLFUYN5VL6R3GU3EGCGVCKFDSD7BEDX42HWG5BWFKB3KQGJJRMA`)\n   */\n  static fromPublicKey(publicKey: string): Keypair {\n    const publicKeyBuffer = StrKey.decodeEd25519PublicKey(publicKey);\n    if (publicKeyBuffer.length !== 32) {\n      throw new Error(\"Invalid Stellar public key\");\n    }\n\n    return new this({ type: \"ed25519\", publicKey: publicKeyBuffer });\n  }\n\n  /**\n   * Create a random `Keypair` object.\n   */\n  static random(): Keypair {\n    const secretKey = ed.utils.randomSecretKey();\n    return this.fromRawEd25519Seed(Buffer.from(secretKey));\n  }\n\n  /** Returns this public key as an xdr.AccountId. */\n  xdrAccountId(): xdr.AccountId {\n    return xdr.PublicKey.publicKeyTypeEd25519(this._publicKey);\n  }\n\n  /** Returns this public key as an xdr.PublicKey. */\n  xdrPublicKey(): xdr.PublicKey {\n    return xdr.PublicKey.publicKeyTypeEd25519(this._publicKey);\n  }\n\n  /**\n   * Creates a {@link xdr.MuxedAccount} object from the public key.\n   *\n   * You will get a different type of muxed account depending on whether or not\n   * you pass an ID.\n   *\n   * @param id - (optional) stringified integer indicating the underlying muxed\n   *     ID of the new account object\n   */\n  xdrMuxedAccount(id?: string): xdr.MuxedAccount {\n    if (typeof id !== \"undefined\") {\n      if (typeof id !== \"string\") {\n        throw new TypeError(`expected string for ID, got ${typeof id}`);\n      }\n\n      return xdr.MuxedAccount.keyTypeMuxedEd25519(\n        new xdr.MuxedAccountMed25519({\n          id: xdr.Uint64.fromString(id),\n          ed25519: this._publicKey,\n        }),\n      );\n    }\n\n    return xdr.MuxedAccount.keyTypeEd25519(this._publicKey);\n  }\n\n  /**\n   * Returns raw public key bytes\n   */\n  rawPublicKey(): Buffer {\n    return this._publicKey;\n  }\n\n  /**\n   * Returns the signature hint for this keypair.\n   * The hint is the last 4 bytes of the account ID XDR representation.\n   */\n  signatureHint(): Buffer {\n    const a = this.xdrAccountId().toXDR();\n\n    return a.subarray(a.length - 4);\n  }\n\n  /**\n   * Returns public key associated with this `Keypair` object.\n   */\n  publicKey(): string {\n    return StrKey.encodeEd25519PublicKey(this._publicKey);\n  }\n\n  /**\n   * Returns secret key associated with this `Keypair` object.\n   *\n   * The secret key is encoded in Stellar format (e.g., `SDAK....`).\n   *\n   * @throws if no secret key is available\n   */\n  secret(): string {\n    if (!this._secretSeed) {\n      throw new Error(\"no secret key available\");\n    }\n\n    if (this.type === \"ed25519\") {\n      return StrKey.encodeEd25519SecretSeed(this._secretSeed);\n    }\n\n    throw new Error(\"Invalid Keypair type\");\n  }\n\n  /**\n   * Returns raw secret key bytes.\n   *\n   * @throws if no secret seed is available\n   */\n  rawSecretKey(): Buffer {\n    if (!this._secretSeed) {\n      throw new Error(\"no secret seed available\");\n    }\n    return this._secretSeed;\n  }\n\n  /**\n   * Returns `true` if this `Keypair` object contains secret key and can sign.\n   */\n  canSign(): boolean {\n    return !!this._secretKey;\n  }\n\n  /**\n   * Signs data.\n   *\n   * @param data - data to sign\n   * @throws if no secret key is available\n   */\n  sign(data: Buffer): Buffer {\n    if (!this._secretKey) {\n      throw new Error(\"cannot sign: no secret key available\");\n    }\n\n    return sign(data, this._secretKey);\n  }\n\n  /**\n   * Verifies if `signature` for `data` is valid.\n   *\n   * @param data - signed data\n   * @param signature - signature to verify\n   */\n  verify(data: Buffer, signature: Buffer): boolean {\n    try {\n      return verify(data, signature, this._publicKey);\n    } catch {\n      return false;\n    }\n  }\n\n  /**\n   * Returns the decorated signature (hint+sig) for arbitrary data.\n   *\n   * The returned structure can be added directly to a transaction envelope.\n   *\n   * @param data - arbitrary data to sign\n   *\n   * @see TransactionBase.addDecoratedSignature\n   */\n  signDecorated(data: Buffer): xdr.DecoratedSignature {\n    const signature = this.sign(data);\n    const hint = this.signatureHint();\n\n    return new xdr.DecoratedSignature({ hint, signature });\n  }\n\n  /**\n   * Returns the raw decorated signature (hint+sig) for a signed payload signer.\n   *\n   *  The hint is defined as the last 4 bytes of the signer key XORed with last\n   *  4 bytes of the payload (zero-left-padded if necessary).\n   *\n   * @param data - data to both sign and treat as the payload\n   *\n   * @see https://github.com/stellar/stellar-protocol/blob/master/core/cap-0040.md#signature-hint\n   * @see TransactionBase.addDecoratedSignature\n   */\n  signPayloadDecorated(data: Buffer): xdr.DecoratedSignature {\n    // Ensure data is a Buffer to support array-like inputs\n    const dataBuffer = Buffer.isBuffer(data) ? data : Buffer.from(data);\n\n    const signature = this.sign(dataBuffer);\n    const keyHint = this.signatureHint();\n\n    let hint = Buffer.from(dataBuffer.subarray(-4));\n    if (hint.length < 4) {\n      // append zeroes as needed\n      hint = Buffer.concat([hint, Buffer.alloc(4 - hint.length, 0)]);\n    }\n\n    // XOR each byte of hint with corresponding byte of keyHint\n    for (let i = 0; i < hint.length; i++) {\n      hint[i] = (hint[i] as number) ^ (keyHint[i] as number);\n    }\n\n    return new xdr.DecoratedSignature({\n      hint,\n      signature,\n    });\n  }\n}\n"],"names":["xdr"],"mappings":";;;;;;;;AAQA,EAAA,CAAG,OAAO,MAAA,GAAS,MAAA;AAYZ,MAAM,OAAA,CAAQ;AAAA,EACV,IAAA;AAAA,EACD,UAAA;AAAA,EACA,WAAA;AAAA,EACA,UAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAQR,YACE,IAAA,EAOA;AACA,IAAA,IAAI,IAAA,CAAK,SAAS,SAAA,EAAW;AAC3B,MAAA,MAAM,IAAI,MAAM,mBAAmB,CAAA;AAAA,IACrC;AAEA,IAAA,IAAA,CAAK,OAAO,IAAA,CAAK,IAAA;AAEjB,IAAA,IAAI,eAAe,IAAA,EAAM;AACvB,MAAA,IAAA,CAAK,SAAA,GAAY,MAAA,CAAO,IAAA,CAAK,IAAA,CAAK,SAAS,CAAA;AAE3C,MAAA,IAAI,IAAA,CAAK,SAAA,CAAU,MAAA,KAAW,EAAA,EAAI;AAChC,QAAA,MAAM,IAAI,MAAM,6BAA6B,CAAA;AAAA,MAC/C;AAEA,MAAA,IAAA,CAAK,cAAc,IAAA,CAAK,SAAA;AACxB,MAAA,IAAA,CAAK,UAAA,GAAa,QAAA,CAAS,IAAA,CAAK,SAAS,CAAA;AACzC,MAAA,IAAA,CAAK,aAAa,IAAA,CAAK,SAAA;AAEvB,MAAA,IACE,IAAA,CAAK,SAAA,IACL,CAAC,IAAA,CAAK,UAAA,CAAW,MAAA,CAAO,MAAA,CAAO,IAAA,CAAK,IAAA,CAAK,SAAS,CAAC,CAAA,EACnD;AACA,QAAA,MAAM,IAAI,MAAM,oCAAoC,CAAA;AAAA,MACtD;AAAA,IACF,CAAA,MAAA,IAAW,eAAe,IAAA,EAAM;AAC9B,MAAA,IAAA,CAAK,UAAA,GAAa,MAAA,CAAO,IAAA,CAAK,IAAA,CAAK,SAAS,CAAA;AAE5C,MAAA,IAAI,IAAA,CAAK,UAAA,CAAW,MAAA,KAAW,EAAA,EAAI;AACjC,QAAA,MAAM,IAAI,MAAM,6BAA6B,CAAA;AAAA,MAC/C;AAAA,IACF,CAAA,MAAO;AACL,MAAA,MAAM,IAAI,KAAA;AAAA,QACR;AAAA,OACF;AAAA,IACF;AAAA,EACF;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAOA,OAAO,WAAW,MAAA,EAAyB;AACzC,IAAA,MAAM,SAAA,GAAY,MAAA,CAAO,uBAAA,CAAwB,MAAM,CAAA;AACvD,IAAA,OAAO,IAAA,CAAK,mBAAmB,SAAS,CAAA;AAAA,EAC1C;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAOA,OAAO,mBAAmB,OAAA,EAA0B;AAClD,IAAA,OAAO,IAAI,IAAA,CAAK,EAAE,MAAM,SAAA,EAAW,SAAA,EAAW,SAAS,CAAA;AAAA,EACzD;AAAA;AAAA;AAAA;AAAA;AAAA,EAMA,OAAO,OAAO,iBAAA,EAAoC;AAChD,IAAA,IAAI,CAAC,iBAAA,EAAmB;AACtB,MAAA,MAAM,IAAI,KAAA;AAAA,QACR;AAAA,OACF;AAAA,IACF;AAEA,IAAA,OAAO,IAAA,CAAK,kBAAA,CAAmB,IAAA,CAAK,iBAAiB,CAAC,CAAA;AAAA,EACxD;AAAA;AAAA;AAAA;AAAA;AAAA,EAMA,OAAO,cAAc,SAAA,EAA4B;AAC/C,IAAA,MAAM,eAAA,GAAkB,MAAA,CAAO,sBAAA,CAAuB,SAAS,CAAA;AAC/D,IAAA,IAAI,eAAA,CAAgB,WAAW,EAAA,EAAI;AACjC,MAAA,MAAM,IAAI,MAAM,4BAA4B,CAAA;AAAA,IAC9C;AAEA,IAAA,OAAO,IAAI,IAAA,CAAK,EAAE,MAAM,SAAA,EAAW,SAAA,EAAW,iBAAiB,CAAA;AAAA,EACjE;AAAA;AAAA;AAAA;AAAA,EAKA,OAAO,MAAA,GAAkB;AACvB,IAAA,MAAM,SAAA,GAAY,EAAA,CAAG,KAAA,CAAM,eAAA,EAAgB;AAC3C,IAAA,OAAO,IAAA,CAAK,kBAAA,CAAmB,MAAA,CAAO,IAAA,CAAK,SAAS,CAAC,CAAA;AAAA,EACvD;AAAA;AAAA,EAGA,YAAA,GAA8B;AAC5B,IAAA,OAAOA,KAAA,CAAI,SAAA,CAAU,oBAAA,CAAqB,IAAA,CAAK,UAAU,CAAA;AAAA,EAC3D;AAAA;AAAA,EAGA,YAAA,GAA8B;AAC5B,IAAA,OAAOA,KAAA,CAAI,SAAA,CAAU,oBAAA,CAAqB,IAAA,CAAK,UAAU,CAAA;AAAA,EAC3D;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAWA,gBAAgB,EAAA,EAA+B;AAC7C,IAAA,IAAI,OAAO,OAAO,WAAA,EAAa;AAC7B,MAAA,IAAI,OAAO,OAAO,QAAA,EAAU;AAC1B,QAAA,MAAM,IAAI,SAAA,CAAU,CAAA,4BAAA,EAA+B,OAAO,EAAE,CAAA,CAAE,CAAA;AAAA,MAChE;AAEA,MAAA,OAAOA,MAAI,YAAA,CAAa,mBAAA;AAAA,QACtB,IAAIA,MAAI,oBAAA,CAAqB;AAAA,UAC3B,EAAA,EAAIA,KAAA,CAAI,MAAA,CAAO,UAAA,CAAW,EAAE,CAAA;AAAA,UAC5B,SAAS,IAAA,CAAK;AAAA,SACf;AAAA,OACH;AAAA,IACF;AAEA,IAAA,OAAOA,KAAA,CAAI,YAAA,CAAa,cAAA,CAAe,IAAA,CAAK,UAAU,CAAA;AAAA,EACxD;AAAA;AAAA;AAAA;AAAA,EAKA,YAAA,GAAuB;AACrB,IAAA,OAAO,IAAA,CAAK,UAAA;AAAA,EACd;AAAA;AAAA;AAAA;AAAA;AAAA,EAMA,aAAA,GAAwB;AACtB,IAAA,MAAM,CAAA,GAAI,IAAA,CAAK,YAAA,EAAa,CAAE,KAAA,EAAM;AAEpC,IAAA,OAAO,CAAA,CAAE,QAAA,CAAS,CAAA,CAAE,MAAA,GAAS,CAAC,CAAA;AAAA,EAChC;AAAA;AAAA;AAAA;AAAA,EAKA,SAAA,GAAoB;AAClB,IAAA,OAAO,MAAA,CAAO,sBAAA,CAAuB,IAAA,CAAK,UAAU,CAAA;AAAA,EACtD;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EASA,MAAA,GAAiB;AACf,IAAA,IAAI,CAAC,KAAK,WAAA,EAAa;AACrB,MAAA,MAAM,IAAI,MAAM,yBAAyB,CAAA;AAAA,IAC3C;AAEA,IAAA,IAAI,IAAA,CAAK,SAAS,SAAA,EAAW;AAC3B,MAAA,OAAO,MAAA,CAAO,uBAAA,CAAwB,IAAA,CAAK,WAAW,CAAA;AAAA,IACxD;AAEA,IAAA,MAAM,IAAI,MAAM,sBAAsB,CAAA;AAAA,EACxC;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAOA,YAAA,GAAuB;AACrB,IAAA,IAAI,CAAC,KAAK,WAAA,EAAa;AACrB,MAAA,MAAM,IAAI,MAAM,0BAA0B,CAAA;AAAA,IAC5C;AACA,IAAA,OAAO,IAAA,CAAK,WAAA;AAAA,EACd;AAAA;AAAA;AAAA;AAAA,EAKA,OAAA,GAAmB;AACjB,IAAA,OAAO,CAAC,CAAC,IAAA,CAAK,UAAA;AAAA,EAChB;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAQA,KAAK,IAAA,EAAsB;AACzB,IAAA,IAAI,CAAC,KAAK,UAAA,EAAY;AACpB,MAAA,MAAM,IAAI,MAAM,sCAAsC,CAAA;AAAA,IACxD;AAEA,IAAA,OAAO,IAAA,CAAK,IAAA,EAAM,IAAA,CAAK,UAAU,CAAA;AAAA,EACnC;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAQA,MAAA,CAAO,MAAc,SAAA,EAA4B;AAC/C,IAAA,IAAI;AACF,MAAA,OAAO,MAAA,CAAO,IAAA,EAAM,SAAA,EAAW,IAAA,CAAK,UAAU,CAAA;AAAA,IAChD,CAAA,CAAA,MAAQ;AACN,MAAA,OAAO,KAAA;AAAA,IACT;AAAA,EACF;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAWA,cAAc,IAAA,EAAsC;AAClD,IAAA,MAAM,SAAA,GAAY,IAAA,CAAK,IAAA,CAAK,IAAI,CAAA;AAChC,IAAA,MAAM,IAAA,GAAO,KAAK,aAAA,EAAc;AAEhC,IAAA,OAAO,IAAIA,KAAA,CAAI,kBAAA,CAAmB,EAAE,IAAA,EAAM,WAAW,CAAA;AAAA,EACvD;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAaA,qBAAqB,IAAA,EAAsC;AAEzD,IAAA,MAAM,UAAA,GAAa,OAAO,QAAA,CAAS,IAAI,IAAI,IAAA,GAAO,MAAA,CAAO,KAAK,IAAI,CAAA;AAElE,IAAA,MAAM,SAAA,GAAY,IAAA,CAAK,IAAA,CAAK,UAAU,CAAA;AACtC,IAAA,MAAM,OAAA,GAAU,KAAK,aAAA,EAAc;AAEnC,IAAA,IAAI,OAAO,MAAA,CAAO,IAAA,CAAK,UAAA,CAAW,QAAA,CAAS,EAAE,CAAC,CAAA;AAC9C,IAAA,IAAI,IAAA,CAAK,SAAS,CAAA,EAAG;AAEnB,MAAA,IAAA,GAAO,MAAA,CAAO,MAAA,CAAO,CAAC,IAAA,EAAM,MAAA,CAAO,KAAA,CAAM,CAAA,GAAI,IAAA,CAAK,MAAA,EAAQ,CAAC,CAAC,CAAC,CAAA;AAAA,IAC/D;AAGA,IAAA,KAAA,IAAS,CAAA,GAAI,CAAA,EAAG,CAAA,GAAI,IAAA,CAAK,QAAQ,CAAA,EAAA,EAAK;AACpC,MAAA,IAAA,CAAK,CAAC,CAAA,GAAK,IAAA,CAAK,CAAC,CAAA,GAAgB,QAAQ,CAAC,CAAA;AAAA,IAC5C;AAEA,IAAA,OAAO,IAAIA,MAAI,kBAAA,CAAmB;AAAA,MAChC,IAAA;AAAA,MACA;AAAA,KACD,CAAA;AAAA,EACH;AACF;;;;"}

package/lib/axios/esm/base/transaction_builder.js

@@ -131,7 +131,19 @@ class TransactionBuilder {
         "cannot clone a transaction with no operations: per-operation base fee cannot be determined"
       );
     }
-    const unscaledFee = Math.floor(parseInt(tx.fee, 10) / tx.operations.length);
+    let sorobanData;
+    const envelope = tx.toEnvelope();
+    if (envelope.switch() === types.EnvelopeType.envelopeTypeTx()) {
+      sorobanData = envelope.v1().tx().ext().value() ?? void 0;
+    }
+    let totalFee = parseInt(tx.fee, 10);
+    if (sorobanData) {
+      const resourceFee = Number(sorobanData.resourceFee().toBigInt());
+      if (totalFee - resourceFee > 0) {
+        totalFee -= resourceFee;
+      }
+    }
+    const unscaledFee = Math.floor(totalFee / tx.operations.length);
     const builderOpts = {
       fee: (unscaledFee || BASE_FEE).toString(),
       memo: tx.memo,