appium-ios-remotexpc 0.11.0 → 0.13.0

package/build/src/lib/apple-tv/pairing-protocol/pairing-protocol.js

@@ -0,0 +1,494 @@
+import { logger } from '@appium/support';
+import { randomBytes } from 'node:crypto';
+import { hostname } from 'node:os';
+import { DEFAULT_PAIRING_CONFIG, PairingDataComponentType, } from '../constants.js';
+import { encodeAppleTVDeviceInfo } from '../deviceInfo/index.js';
+import { createEd25519Signature, decryptChaCha20Poly1305, encryptChaCha20Poly1305, generateEd25519KeyPair, hkdf, } from '../encryption/index.js';
+import { PairingError } from '../errors.js';
+import { NETWORK_CONSTANTS } from '../network/constants.js';
+import { SRPClient } from '../srp/index.js';
+import { PairingStorage } from '../storage/pairing-storage.js';
+import { createPairVerificationData, createSetupManualPairingData, decodeTLV8ToDict, encodeTLV8, } from '../tlv/index.js';
+import { generateHostId } from '../utils/uuid-generator.js';
+import { INFO_TYPE, PAIRING_MESSAGES, PAIRING_STATES } from './constants.js';
+/** Implements the Apple TV pairing protocol including SRP authentication and key exchange */
+export class PairingProtocol {
+    networkClient;
+    userInput;
+    static log = logger.getLogger('PairingProtocol');
+    _sequenceNumber = 0;
+    constructor(networkClient, userInput) {
+        this.networkClient = networkClient;
+        this.userInput = userInput;
+    }
+    async executePairingFlow(device) {
+        this._sequenceNumber = 1;
+        try {
+            // Step 1: Handshake
+            await this.performHandshake();
+            // Step 2: Pair verification attempt
+            await this.attemptPairVerification();
+            // Step 3: Setup manual pairing
+            const setupResponse = await this.setupManualPairing();
+            const srpData = this.extractAndValidatePairingData(setupResponse);
+            // Step 4: SRP Authentication
+            const srpClient = await this.performSRPAuthentication(srpData);
+            // Step 5: Generate keys and send M5
+            const encryptionKeys = this.deriveEncryptionKeys(srpClient.sessionKey);
+            const { publicKey: ltpk, privateKey: ltsk } = generateEd25519KeyPair();
+            const devicePairingID = generateHostId(hostname());
+            await this.sendM5Message(encryptionKeys.encryptKey, devicePairingID, ltpk, ltsk, srpClient.sessionKey);
+            // Step 6: Receive M6 completion
+            await this.receiveM6Completion(encryptionKeys.decryptKey);
+            return this.createPairingResult(device, ltpk, ltsk);
+        }
+        catch (error) {
+            PairingProtocol.log.error('Pairing flow failed:', error);
+            throw error;
+        }
+    }
+    createRequest(content, sequenceNumber) {
+        return {
+            message: {
+                plain: {
+                    _0: content,
+                },
+            },
+            originatedBy: 'host',
+            sequenceNumber: sequenceNumber ?? this._sequenceNumber++,
+        };
+    }
+    /**
+     * Fragments a buffer into TLV8 items of maximum fragment size
+     * @param buffer Buffer to fragment
+     * @param type TLV8 type identifier
+     * @returns Array of TLV8 items
+     */
+    fragmentBuffer(buffer, type) {
+        const fragments = [];
+        for (let i = 0; i < buffer.length; i += NETWORK_CONSTANTS.MAX_TLV_FRAGMENT_SIZE) {
+            fragments.push({
+                type,
+                data: buffer.subarray(i, i + NETWORK_CONSTANTS.MAX_TLV_FRAGMENT_SIZE),
+            });
+        }
+        return fragments;
+    }
+    /**
+     * Creates a nonce buffer with prefix padding
+     * @param nonceString The nonce string identifier
+     * @returns Padded nonce buffer
+     */
+    createNonce(nonceString) {
+        return Buffer.concat([Buffer.alloc(4), Buffer.from(nonceString)]);
+    }
+    /**
+     * Performs initial handshake with Apple TV to establish connection
+     * Sends handshake request with host options and wire protocol version
+     */
+    async performHandshake() {
+        const request = this.createHandshakeRequest();
+        await this.networkClient.sendPacket(request);
+        await this.networkClient.receiveResponse();
+        PairingProtocol.log.debug('Handshake completed');
+    }
+    /**
+     * Attempts to verify existing pairing credentials with Apple TV
+     * Creates pair verification request and handles expected failure for new pairing flow
+     */
+    async attemptPairVerification() {
+        const request = this.createPairVerificationRequest();
+        await this.networkClient.sendPacket(request);
+        await this.networkClient.receiveResponse();
+        const failedRequest = this.createPairVerifyFailedRequest();
+        await this.networkClient.sendPacket(failedRequest);
+        PairingProtocol.log.debug('Pair verification attempt completed');
+    }
+    /**
+     * Initiates manual pairing setup process with Apple TV
+     * Sends setup request and receives SRP challenge data
+     * @returns Response containing SRP salt and server public key
+     */
+    async setupManualPairing() {
+        const request = this.createSetupManualPairingRequest();
+        await this.networkClient.sendPacket(request);
+        const response = await this.networkClient.receiveResponse();
+        PairingProtocol.log.debug('Manual pairing setup completed');
+        return response;
+    }
+    /**
+     * Extracts and validates SRP pairing data from Apple TV response
+     * @param response Network response containing pairing data
+     * @returns Parsed TLV8 dictionary with SRP challenge components
+     * @throws PairingError if pairing data is missing or invalid
+     */
+    extractAndValidatePairingData(response) {
+        const srpData = response.message?.plain?._0?.event?._0?.pairingData?._0?.data;
+        if (!srpData) {
+            throw new PairingError('No pairing data received', 'NO_PAIRING_DATA');
+        }
+        const parsedSRP = this.parseTLV8Response(srpData);
+        this.validateSRPResponse(parsedSRP);
+        return parsedSRP;
+    }
+    /**
+     * Performs SRP authentication using user-provided PIN
+     * Prompts for PIN, creates SRP client, sends proof, and validates response
+     * @param parsedSRP SRP challenge data from Apple TV
+     * @returns Authenticated SRP client with session key
+     * @throws PairingError if PIN is incorrect or authentication fails
+     */
+    async performSRPAuthentication(parsedSRP) {
+        const pin = await this.userInput.promptForPIN();
+        const srpClient = this.createSRPClient(pin, parsedSRP);
+        await this.sendSRPProof(srpClient);
+        const response = await this.networkClient.receiveResponse();
+        this.validateSRPProofResponse(response);
+        PairingProtocol.log.debug('SRP authentication completed');
+        return srpClient;
+    }
+    /**
+     * Receives and processes M6 pairing completion message from Apple TV
+     * Attempts to decrypt and validate final pairing state
+     * @param decryptKey Decryption key for M6 encrypted data
+     */
+    async receiveM6Completion(decryptKey) {
+        const m6Response = await this.networkClient.receiveResponse();
+        PairingProtocol.log.info('M6 Response received');
+        try {
+            this.processM6Response(m6Response, decryptKey);
+        }
+        catch (error) {
+            PairingProtocol.log.warn('M6 decryption failed - but pairing may still be successful:', error.message);
+        }
+    }
+    /**
+     * Constructs initial handshake request packet
+     * Includes host options and wire protocol version for pairing session
+     * @returns Handshake request with sequence number 0
+     */
+    createHandshakeRequest() {
+        return {
+            message: {
+                plain: {
+                    _0: {
+                        request: {
+                            _0: {
+                                handshake: {
+                                    _0: {
+                                        hostOptions: { attemptPairVerify: true },
+                                        wireProtocolVersion: 19,
+                                    },
+                                },
+                            },
+                        },
+                    },
+                },
+            },
+            originatedBy: 'host',
+            sequenceNumber: 0,
+        };
+    }
+    /**
+     * Creates pair verification request with X25519 public key
+     * Used to attempt verification of existing pairing credentials
+     * @returns Pair verification request with random X25519 key
+     */
+    createPairVerificationRequest() {
+        const x25519PublicKey = randomBytes(32);
+        const pairingData = createPairVerificationData(x25519PublicKey);
+        return this.createRequest({
+            event: {
+                _0: {
+                    pairingData: {
+                        _0: {
+                            data: pairingData,
+                            kind: 'verifyManualPairing',
+                            startNewSession: true,
+                        },
+                    },
+                },
+            },
+        });
+    }
+    /**
+     * Creates pair verification failed event request
+     * Sent after verification attempt to proceed with manual pairing setup
+     * @returns Pair verify failed event packet
+     */
+    createPairVerifyFailedRequest() {
+        return this.createRequest({
+            event: {
+                _0: {
+                    pairVerifyFailed: {},
+                },
+            },
+        });
+    }
+    /**
+     * Constructs manual pairing setup request packet
+     * Initiates M1/M2 exchange with setup pairing data
+     * @returns Setup manual pairing request with host information
+     */
+    createSetupManualPairingRequest() {
+        const setupData = createSetupManualPairingData();
+        return this.createRequest({
+            event: {
+                _0: {
+                    pairingData: {
+                        _0: {
+                            data: setupData,
+                            kind: 'setupManualPairing',
+                            sendingHost: hostname(),
+                            startNewSession: true,
+                        },
+                    },
+                },
+            },
+        });
+    }
+    /**
+     * Parses base64-encoded TLV8 response into dictionary
+     * Decodes base64 string and converts TLV8 format to key-value pairs
+     * @param data Base64-encoded TLV8 data
+     * @returns Dictionary mapping TLV8 type numbers to buffer values
+     * @throws PairingError if TLV8 parsing fails
+     */
+    parseTLV8Response(data) {
+        try {
+            const buffer = Buffer.from(data, 'base64');
+            const decoded = decodeTLV8ToDict(buffer);
+            const result = {};
+            for (const [key, value] of Object.entries(decoded)) {
+                if (value !== undefined) {
+                    result[Number(key)] = value;
+                }
+            }
+            return result;
+        }
+        catch (error) {
+            throw new PairingError('Failed to parse TLV8 response', 'TLV8_PARSE_ERROR', error);
+        }
+    }
+    /**
+     * Validates SRP response for errors and required challenge data
+     * Checks for error codes and verifies presence of salt and public key
+     * @param parsedSRP Parsed SRP response dictionary
+     * @throws PairingError if response contains errors or missing required data
+     */
+    validateSRPResponse(parsedSRP) {
+        const errorBuffer = parsedSRP[PairingDataComponentType.ERROR];
+        if (errorBuffer) {
+            if (errorBuffer.length === 0) {
+                throw new PairingError('Apple TV returned empty error buffer', 'INVALID_ERROR_RESPONSE');
+            }
+            const errorCode = errorBuffer[0];
+            throw new PairingError(`Apple TV rejected request with error ${errorCode}`, 'APPLE_TV_ERROR', { errorCode });
+        }
+        if (!parsedSRP[PairingDataComponentType.SALT] ||
+            !parsedSRP[PairingDataComponentType.PUBLIC_KEY]) {
+            throw new PairingError('Missing SRP challenge data', 'MISSING_SRP_DATA');
+        }
+    }
+    /**
+     * Initializes SRP client with PIN and server challenge data
+     * Sets up identity, salt, and server public key for proof computation
+     * @param pin User-provided pairing PIN
+     * @param parsedSRP SRP challenge data containing salt and server public key
+     * @returns Configured SRP client ready for proof generation
+     * @throws PairingError if required SRP data is missing
+     */
+    createSRPClient(pin, parsedSRP) {
+        try {
+            const salt = parsedSRP[PairingDataComponentType.SALT];
+            const serverPublicKey = parsedSRP[PairingDataComponentType.PUBLIC_KEY];
+            const srpClient = new SRPClient();
+            srpClient.setIdentity('Pair-Setup', pin);
+            srpClient.salt = salt;
+            srpClient.serverPublicKey = serverPublicKey;
+            return srpClient;
+        }
+        catch (error) {
+            throw new PairingError('Failed to create SRP client', 'SRP_CLIENT_ERROR', error);
+        }
+    }
+    /**
+     * Sends M3 message containing SRP proof to Apple TV
+     * Includes client public key and computed proof for authentication
+     * @param srpClient Configured SRP client with computed proof
+     */
+    async sendSRPProof(srpClient) {
+        const clientPublicKey = srpClient.publicKey;
+        const clientProof = srpClient.computeProof();
+        const tlvItems = [
+            {
+                type: PairingDataComponentType.STATE,
+                data: Buffer.from([PAIRING_STATES.M3]),
+            },
+            ...this.fragmentBuffer(clientPublicKey, PairingDataComponentType.PUBLIC_KEY),
+            { type: PairingDataComponentType.PROOF, data: clientProof },
+        ];
+        const tlv = encodeTLV8(tlvItems);
+        const request = this.createRequest({
+            event: {
+                _0: {
+                    pairingData: {
+                        _0: {
+                            data: tlv.toString('base64'),
+                            kind: 'setupManualPairing',
+                            sendingHost: hostname(),
+                            startNewSession: false,
+                        },
+                    },
+                },
+            },
+        });
+        await this.networkClient.sendPacket(request);
+    }
+    /**
+     * Validates M4 SRP proof response from Apple TV
+     * Checks for authentication errors indicating incorrect PIN
+     * @param response Network response containing SRP proof validation result
+     * @throws PairingError if PIN authentication failed
+     */
+    validateSRPProofResponse(response) {
+        if (response.message?.plain?._0?.event?._0?.pairingData?._0?.data) {
+            const proofData = Buffer.from(response.message.plain._0.event._0.pairingData._0.data, 'base64');
+            const parsedProof = decodeTLV8ToDict(proofData);
+            if (parsedProof[PairingDataComponentType.ERROR]) {
+                throw new PairingError('SRP authentication failed - wrong PIN', 'WRONG_PIN');
+            }
+        }
+    }
+    /**
+     * Sends M5 exchange message with encrypted pairing credentials
+     * Includes long-term public key, signature, and device information encrypted with session key
+     * @param encryptKey Encryption key derived from session key
+     * @param devicePairingID Host device pairing identifier
+     * @param ltpk Long-term public key (Ed25519)
+     * @param ltsk Long-term secret key (Ed25519)
+     * @param sessionKey SRP session key for signature derivation
+     * @throws PairingError if M5 message creation fails
+     */
+    async sendM5Message(encryptKey, devicePairingID, ltpk, ltsk, sessionKey) {
+        try {
+            const signingKey = hkdf({
+                ikm: sessionKey,
+                salt: Buffer.from(PAIRING_MESSAGES.SIGN_SALT, 'utf8'),
+                info: Buffer.from(PAIRING_MESSAGES.SIGN_INFO, 'utf8'),
+                length: 32,
+            });
+            const devicePairingIDBuffer = Buffer.from(devicePairingID, 'utf8');
+            const dataToSign = Buffer.concat([
+                signingKey,
+                devicePairingIDBuffer,
+                ltpk,
+            ]);
+            const signature = createEd25519Signature(dataToSign, ltsk);
+            const deviceInfo = encodeAppleTVDeviceInfo(devicePairingID);
+            const tlvItems = [
+                {
+                    type: PairingDataComponentType.IDENTIFIER,
+                    data: devicePairingIDBuffer,
+                },
+                { type: PairingDataComponentType.PUBLIC_KEY, data: ltpk },
+                { type: PairingDataComponentType.SIGNATURE, data: signature },
+                { type: INFO_TYPE, data: deviceInfo },
+            ];
+            const tlvData = encodeTLV8(tlvItems);
+            const nonce = this.createNonce(PAIRING_MESSAGES.M5_NONCE);
+            const encrypted = encryptChaCha20Poly1305({
+                plaintext: tlvData,
+                key: encryptKey,
+                nonce,
+            });
+            const encryptedTLVItems = [
+                ...this.fragmentBuffer(encrypted, PairingDataComponentType.ENCRYPTED_DATA),
+                {
+                    type: PairingDataComponentType.STATE,
+                    data: Buffer.from([PAIRING_STATES.M5]),
+                },
+            ];
+            const encryptedTLV = encodeTLV8(encryptedTLVItems);
+            const request = this.createRequest({
+                event: {
+                    _0: {
+                        pairingData: {
+                            _0: {
+                                data: encryptedTLV.toString('base64'),
+                                kind: 'setupManualPairing',
+                                sendingHost: hostname(),
+                                startNewSession: false,
+                            },
+                        },
+                    },
+                },
+            });
+            await this.networkClient.sendPacket(request);
+        }
+        catch (error) {
+            throw new PairingError('Failed to create M5 message', 'M5_ERROR', error);
+        }
+    }
+    /**
+     * Processes and decrypts M6 completion response from Apple TV
+     * Validates pairing completion state and decrypts final exchange data
+     * @param m6Response Network response containing M6 completion message
+     * @param decryptKey Decryption key for M6 encrypted data
+     */
+    processM6Response(m6Response, decryptKey) {
+        if (!m6Response.message?.plain?._0?.event?._0?.pairingData?._0?.data) {
+            return;
+        }
+        const m6DataBase64 = m6Response.message.plain._0.event._0.pairingData._0.data;
+        const m6TLVBuffer = Buffer.from(m6DataBase64, 'base64');
+        const m6Parsed = decodeTLV8ToDict(m6TLVBuffer);
+        PairingProtocol.log.debug('M6 TLV types received:', Object.keys(m6Parsed).map((k) => `0x${Number(k).toString(16)}`));
+        const stateData = m6Parsed[PairingDataComponentType.STATE];
+        if (stateData && stateData[0] === PAIRING_STATES.M6) {
+            PairingProtocol.log.info('✅ Pairing completed successfully (STATE=0x06)');
+        }
+        const encryptedData = m6Parsed[PairingDataComponentType.ENCRYPTED_DATA];
+        if (encryptedData) {
+            const nonce = this.createNonce(PAIRING_MESSAGES.M6_NONCE);
+            const decrypted = decryptChaCha20Poly1305({
+                ciphertext: encryptedData,
+                key: decryptKey,
+                nonce,
+            });
+            const decryptedTLV = decodeTLV8ToDict(decrypted);
+            PairingProtocol.log.debug('M6 decrypted content types:', Object.keys(decryptedTLV));
+        }
+    }
+    /**
+     * Derives encryption and decryption keys from SRP session key
+     * Uses HKDF with pairing-specific salt and info strings
+     * @param sessionKey SRP session key from authentication
+     * @returns Encryption keys for M5/M6 message exchange
+     */
+    deriveEncryptionKeys(sessionKey) {
+        const sharedKey = hkdf({
+            ikm: sessionKey,
+            salt: Buffer.from(PAIRING_MESSAGES.ENCRYPT_SALT, 'utf8'),
+            info: Buffer.from(PAIRING_MESSAGES.ENCRYPT_INFO, 'utf8'),
+            length: 32,
+        });
+        PairingProtocol.log.debug('Derived encryption keys');
+        return {
+            encryptKey: sharedKey,
+            decryptKey: sharedKey,
+        };
+    }
+    /**
+     * Saves pairing credentials to storage and returns credential path
+     * Persists long-term public and private keys for future connections
+     * @param device Apple TV device information
+     * @param ltpk Long-term public key to save
+     * @param ltsk Long-term secret key to save
+     * @returns Path to saved pairing credentials file
+     */
+    async createPairingResult(device, ltpk, ltsk) {
+        const storage = new PairingStorage(DEFAULT_PAIRING_CONFIG);
+        return await storage.save(device.identifier || device.name, ltpk, ltsk);
+    }
+}

package/build/src/lib/apple-tv/pairing-protocol/types.d.ts

@@ -0,0 +1,57 @@
+import type { AppleTVDevice } from '../../bonjour/bonjour-discovery.js';
+/** Encryption keys derived from SRP session key for secure communication */
+export interface EncryptionKeys {
+    encryptKey: Buffer;
+    decryptKey: Buffer;
+}
+/** Handshake message payload structure */
+export interface HandshakePayload {
+    request: {
+        _0: {
+            handshake: {
+                _0: {
+                    hostOptions: {
+                        attemptPairVerify: boolean;
+                    };
+                    wireProtocolVersion: number;
+                };
+            };
+        };
+    };
+}
+/** Pairing event message payload structure */
+export interface PairingDataPayload {
+    event: {
+        _0: {
+            pairingData?: {
+                _0: {
+                    data: string;
+                    kind: 'verifyManualPairing' | 'setupManualPairing';
+                    startNewSession?: boolean;
+                    sendingHost?: string;
+                };
+            };
+            pairVerifyFailed?: Record<string, never>;
+        };
+    };
+}
+/** Structure of a pairing request message sent to Apple TV */
+export interface PairingRequest {
+    message: {
+        plain: {
+            _0: HandshakePayload | PairingDataPayload;
+        };
+    };
+    originatedBy: 'host' | 'accessory';
+    sequenceNumber: number;
+}
+/** Interface for handling user input during pairing process */
+export interface UserInputInterface {
+    promptForPIN(): Promise<string>;
+    promptForInput(prompt: string): Promise<string>;
+}
+/** Interface for executing the Apple TV pairing protocol flow */
+export interface PairingProtocolInterface {
+    executePairingFlow(device: AppleTVDevice): Promise<string>;
+}
+//# sourceMappingURL=types.d.ts.map

package/build/src/lib/apple-tv/pairing-protocol/types.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../../../../../src/lib/apple-tv/pairing-protocol/types.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,aAAa,EAAE,MAAM,oCAAoC,CAAC;AAExE,4EAA4E;AAC5E,MAAM,WAAW,cAAc;IAC7B,UAAU,EAAE,MAAM,CAAC;IACnB,UAAU,EAAE,MAAM,CAAC;CACpB;AAED,0CAA0C;AAC1C,MAAM,WAAW,gBAAgB;IAC/B,OAAO,EAAE;QACP,EAAE,EAAE;YACF,SAAS,EAAE;gBACT,EAAE,EAAE;oBACF,WAAW,EAAE;wBAAE,iBAAiB,EAAE,OAAO,CAAA;qBAAE,CAAC;oBAC5C,mBAAmB,EAAE,MAAM,CAAC;iBAC7B,CAAC;aACH,CAAC;SACH,CAAC;KACH,CAAC;CACH;AAED,8CAA8C;AAC9C,MAAM,WAAW,kBAAkB;IACjC,KAAK,EAAE;QACL,EAAE,EAAE;YACF,WAAW,CAAC,EAAE;gBACZ,EAAE,EAAE;oBACF,IAAI,EAAE,MAAM,CAAC;oBACb,IAAI,EAAE,qBAAqB,GAAG,oBAAoB,CAAC;oBACnD,eAAe,CAAC,EAAE,OAAO,CAAC;oBAC1B,WAAW,CAAC,EAAE,MAAM,CAAC;iBACtB,CAAC;aACH,CAAC;YACF,gBAAgB,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,KAAK,CAAC,CAAC;SAC1C,CAAC;KACH,CAAC;CACH;AAED,8DAA8D;AAC9D,MAAM,WAAW,cAAc;IAC7B,OAAO,EAAE;QACP,KAAK,EAAE;YACL,EAAE,EAAE,gBAAgB,GAAG,kBAAkB,CAAC;SAC3C,CAAC;KACH,CAAC;IACF,YAAY,EAAE,MAAM,GAAG,WAAW,CAAC;IACnC,cAAc,EAAE,MAAM,CAAC;CACxB;AAED,+DAA+D;AAC/D,MAAM,WAAW,kBAAkB;IACjC,YAAY,IAAI,OAAO,CAAC,MAAM,CAAC,CAAC;IAChC,cAAc,CAAC,MAAM,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC,CAAC;CACjD;AAED,iEAAiE;AACjE,MAAM,WAAW,wBAAwB;IACvC,kBAAkB,CAAC,MAAM,EAAE,aAAa,GAAG,OAAO,CAAC,MAAM,CAAC,CAAC;CAC5D"}

package/build/src/lib/apple-tv/pairing-protocol/types.js

@@ -0,0 +1 @@
+export {};

package/build/src/lib/apple-tv/srp/srp-client.js

@@ -1,10 +1,10 @@
-import { logger } from '@appium/support';
 import { randomBytes } from 'node:crypto';
+import { getLogger } from '../../logger.js';
 import { SRP_GENERATOR, SRP_KEY_LENGTH_BYTES, SRP_PRIME_3072, SRP_PRIVATE_KEY_BITS, SRP_USERNAME, } from '../constants.js';
 import { SRPError } from '../errors.js';
 import { bigIntToBuffer, bufferToBigInt, modPow, } from '../utils/buffer-utils.js';
 import { calculateK, calculateM1, calculateU, calculateX, hash, } from './crypto-utils.js';
-const log = logger.getLogger('SRPClient');
+const log = getLogger('SRPClient');
 /**
  * SRP (Secure Remote Password) client implementation following RFC 5054.
  *

package/build/src/lib/apple-tv/storage/index.d.ts

@@ -0,0 +1,3 @@
+export { PairingStorage } from './pairing-storage.js';
+export type { PairingStorageInterface } from './types.js';
+//# sourceMappingURL=index.d.ts.map

package/build/src/lib/apple-tv/storage/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../../../src/lib/apple-tv/storage/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,cAAc,EAAE,MAAM,sBAAsB,CAAC;AACtD,YAAY,EAAE,uBAAuB,EAAE,MAAM,YAAY,CAAC"}

package/build/src/lib/apple-tv/storage/index.js

@@ -0,0 +1 @@
+export { PairingStorage } from './pairing-storage.js';

package/build/src/lib/apple-tv/storage/pairing-storage.d.ts

@@ -0,0 +1,12 @@
+import type { PairingConfig } from '../types.js';
+import type { PairingStorageInterface } from './types.js';
+/** Manages persistent storage of pairing credentials as plist files */
+export declare class PairingStorage implements PairingStorageInterface {
+    private readonly config;
+    private readonly log;
+    private readonly box;
+    constructor(config: PairingConfig);
+    save(deviceId: string, ltpk: Buffer, ltsk: Buffer, remoteUnlockHostKey?: string): Promise<string>;
+    private createPlistContent;
+}
+//# sourceMappingURL=pairing-storage.d.ts.map

package/build/src/lib/apple-tv/storage/pairing-storage.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"pairing-storage.d.ts","sourceRoot":"","sources":["../../../../../src/lib/apple-tv/storage/pairing-storage.ts"],"names":[],"mappings":"AAMA,OAAO,KAAK,EAAE,aAAa,EAAE,MAAM,aAAa,CAAC;AACjD,OAAO,KAAK,EAAE,uBAAuB,EAAE,MAAM,YAAY,CAAC;AAE1D,uEAAuE;AACvE,qBAAa,cAAe,YAAW,uBAAuB;IAIhD,OAAO,CAAC,QAAQ,CAAC,MAAM;IAHnC,OAAO,CAAC,QAAQ,CAAC,GAAG,CAAsC;IAC1D,OAAO,CAAC,QAAQ,CAAC,GAAG,CAAC;gBAEQ,MAAM,EAAE,aAAa;IAI5C,IAAI,CACR,QAAQ,EAAE,MAAM,EAChB,IAAI,EAAE,MAAM,EACZ,IAAI,EAAE,MAAM,EACZ,mBAAmB,SAAK,GACvB,OAAO,CAAC,MAAM,CAAC;IAyBlB,OAAO,CAAC,kBAAkB;CAW3B"}

package/build/src/lib/apple-tv/storage/pairing-storage.js

@@ -0,0 +1,36 @@
+import { strongbox } from '@appium/strongbox';
+import { logger } from '@appium/support';
+import { STRONGBOX_CONTAINER_NAME } from '../../../constants.js';
+import { createXmlPlist } from '../../plist/index.js';
+import { PairingError } from '../errors.js';
+/** Manages persistent storage of pairing credentials as plist files */
+export class PairingStorage {
+    config;
+    log = logger.getLogger('PairingStorage');
+    box;
+    constructor(config) {
+        this.config = config;
+        this.box = strongbox(STRONGBOX_CONTAINER_NAME);
+    }
+    async save(deviceId, ltpk, ltsk, remoteUnlockHostKey = '') {
+        try {
+            const itemName = `appletv_pairing_${deviceId}`;
+            const plistContent = this.createPlistContent(ltpk, ltsk, remoteUnlockHostKey);
+            const item = await this.box.createItemWithValue(itemName, plistContent);
+            const itemPath = item.id;
+            this.log.info(`Pairing record saved to: ${itemPath}`);
+            return itemPath;
+        }
+        catch (error) {
+            this.log.error('Save pairing record error:', error);
+            throw new PairingError('Failed to save pairing record', 'SAVE_ERROR', error);
+        }
+    }
+    createPlistContent(publicKey, privateKey, remoteUnlockHostKey) {
+        return createXmlPlist({
+            private_key: privateKey,
+            public_key: publicKey,
+            remote_unlock_host_key: remoteUnlockHostKey,
+        });
+    }
+}

package/build/src/lib/apple-tv/storage/types.d.ts

@@ -0,0 +1,5 @@
+/** Interface for storing pairing credentials to disk */
+export interface PairingStorageInterface {
+    save(deviceId: string, ltpk: Buffer, ltsk: Buffer, remoteUnlockHostKey?: string): Promise<string>;
+}
+//# sourceMappingURL=types.d.ts.map

package/build/src/lib/apple-tv/storage/types.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../../../../../src/lib/apple-tv/storage/types.ts"],"names":[],"mappings":"AAAA,wDAAwD;AACxD,MAAM,WAAW,uBAAuB;IACtC,IAAI,CACF,QAAQ,EAAE,MAAM,EAChB,IAAI,EAAE,MAAM,EACZ,IAAI,EAAE,MAAM,EACZ,mBAAmB,CAAC,EAAE,MAAM,GAC3B,OAAO,CAAC,MAAM,CAAC,CAAC;CACpB"}

package/build/src/lib/apple-tv/storage/types.js

@@ -0,0 +1 @@
+export {};

package/build/src/lib/apple-tv/types.d.ts

@@ -21,7 +21,6 @@ export interface PairingConfig {
     timeout: number;
     discoveryTimeout: number;
     maxRetries: number;
-    pairingDirectory: string;
 }
 export interface TLV8Item {
     type: PairingDataComponentTypeValue;

package/build/src/lib/apple-tv/types.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../../../../src/lib/apple-tv/types.ts"],"names":[],"mappings":"AACA,MAAM,WAAW,iBAAiB;IAChC,MAAM,EAAE,MAAM,CAAC;IACf,MAAM,EAAE,MAAM,CAAC;IACf,GAAG,EAAE,MAAM,CAAC;IACZ,yBAAyB,EAAE,MAAM,CAAC;IAClC,SAAS,EAAE,MAAM,CAAC;IAClB,KAAK,EAAE,MAAM,CAAC;IACd,IAAI,EAAE,MAAM,CAAC;CACd;AAGD,MAAM,WAAW,WAAW;IAC1B,SAAS,EAAE,MAAM,CAAC;IAClB,UAAU,EAAE,MAAM,CAAC;CACpB;AAGD,MAAM,WAAW,aAAa;IAC5B,OAAO,EAAE,OAAO,CAAC;IACjB,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,QAAQ,EAAE,MAAM,CAAC;IACjB,KAAK,CAAC,EAAE,KAAK,CAAC;CACf;AAGD,MAAM,WAAW,aAAa;IAC5B,OAAO,EAAE,MAAM,CAAC;IAChB,gBAAgB,EAAE,MAAM,CAAC;IACzB,UAAU,EAAE,MAAM,CAAC;IACnB,gBAAgB,EAAE,MAAM,CAAC;CAC1B;AAGD,MAAM,WAAW,QAAQ;IACvB,IAAI,EAAE,6BAA6B,CAAC;IACpC,IAAI,EAAE,MAAM,CAAC;CACd;AAGD,MAAM,MAAM,6BAA6B,GAAG,MAAM,CAAC;AAGnD,MAAM,MAAM,WAAW,GACnB,IAAI,GACJ,SAAS,GACT,OAAO,GACP,MAAM,GACN,MAAM,GACN,MAAM,GACN,WAAW,GACX,gBAAgB,CAAC;AAGrB,MAAM,WAAW,WAAY,SAAQ,KAAK,CAAC,WAAW,CAAC;CAAG;AAG1D,MAAM,WAAW,gBAAiB,SAAQ,MAAM,CAAC,MAAM,EAAE,WAAW,CAAC;CAAG"}
+{"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../../../../src/lib/apple-tv/types.ts"],"names":[],"mappings":"AACA,MAAM,WAAW,iBAAiB;IAChC,MAAM,EAAE,MAAM,CAAC;IACf,MAAM,EAAE,MAAM,CAAC;IACf,GAAG,EAAE,MAAM,CAAC;IACZ,yBAAyB,EAAE,MAAM,CAAC;IAClC,SAAS,EAAE,MAAM,CAAC;IAClB,KAAK,EAAE,MAAM,CAAC;IACd,IAAI,EAAE,MAAM,CAAC;CACd;AAGD,MAAM,WAAW,WAAW;IAC1B,SAAS,EAAE,MAAM,CAAC;IAClB,UAAU,EAAE,MAAM,CAAC;CACpB;AAGD,MAAM,WAAW,aAAa;IAC5B,OAAO,EAAE,OAAO,CAAC;IACjB,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,QAAQ,EAAE,MAAM,CAAC;IACjB,KAAK,CAAC,EAAE,KAAK,CAAC;CACf;AAGD,MAAM,WAAW,aAAa;IAC5B,OAAO,EAAE,MAAM,CAAC;IAChB,gBAAgB,EAAE,MAAM,CAAC;IACzB,UAAU,EAAE,MAAM,CAAC;CACpB;AAGD,MAAM,WAAW,QAAQ;IACvB,IAAI,EAAE,6BAA6B,CAAC;IACpC,IAAI,EAAE,MAAM,CAAC;CACd;AAGD,MAAM,MAAM,6BAA6B,GAAG,MAAM,CAAC;AAGnD,MAAM,MAAM,WAAW,GACnB,IAAI,GACJ,SAAS,GACT,OAAO,GACP,MAAM,GACN,MAAM,GACN,MAAM,GACN,WAAW,GACX,gBAAgB,CAAC;AAGrB,MAAM,WAAW,WAAY,SAAQ,KAAK,CAAC,WAAW,CAAC;CAAG;AAG1D,MAAM,WAAW,gBAAiB,SAAQ,MAAM,CAAC,MAAM,EAAE,WAAW,CAAC;CAAG"}