PHP WebShell

Текущая директория: /opt/BitGoJS/node_modules/@aptos-labs/ts-sdk/dist/esm
Просмотр файла: chunk-EGV3HFE3.mjs.map

{"version":3,"sources":["../../src/internal/keyless.ts"],"sourcesContent":["// Copyright © Aptos Foundation\n// SPDX-License-Identifier: Apache-2.0\n\n/**\n * This file contains the underlying implementations for exposed API surface in\n * the {@link api/keyless}. By moving the methods out into a separate file,\n * other namespaces and processes can access these methods without depending on the entire\n * keyless namespace and without having a dependency cycle error.\n */\nimport { jwtDecode, JwtPayload } from \"jwt-decode\";\nimport { AptosConfig } from \"../api/aptosConfig\";\nimport { postAptosPepperService, postAptosProvingService } from \"../client\";\nimport {\n  AccountAddressInput,\n  EphemeralSignature,\n  Groth16Zkp,\n  Hex,\n  KeylessPublicKey,\n  MoveJWK,\n  ZeroKnowledgeSig,\n  ZkProof,\n  getKeylessConfig,\n} from \"../core\";\nimport { HexInput, ZkpVariant } from \"../types\";\nimport { Account, EphemeralKeyPair, KeylessAccount, ProofFetchCallback } from \"../account\";\nimport { PepperFetchRequest, PepperFetchResponse, ProverRequest, ProverResponse } from \"../types/keyless\";\nimport { lookupOriginalAccountAddress } from \"./account\";\nimport { FederatedKeylessPublicKey } from \"../core/crypto/federatedKeyless\";\nimport { FederatedKeylessAccount } from \"../account/FederatedKeylessAccount\";\nimport { MoveVector } from \"../bcs\";\nimport { generateTransaction } from \"./transactionSubmission\";\nimport { InputGenerateTransactionOptions, SimpleTransaction } from \"../transactions\";\nimport { KeylessError, KeylessErrorType } from \"../errors\";\nimport { FIREBASE_AUTH_ISS_PATTERN } from \"../utils/const\";\n\n/**\n * Retrieves a pepper value based on the provided configuration and authentication details.\n *\n * @param args - The arguments required to fetch the pepper.\n * @param args.aptosConfig - The configuration object for Aptos.\n * @param args.jwt - The JSON Web Token used for authentication.\n * @param args.ephemeralKeyPair - The ephemeral key pair used for the operation.\n * @param args.uidKey - An optional unique identifier key (defaults to \"sub\").\n * @param args.derivationPath - An optional derivation path for the key.\n * @returns A Uint8Array containing the fetched pepper value.\n */\nexport async function getPepper(args: {\n  aptosConfig: AptosConfig;\n  jwt: string;\n  ephemeralKeyPair: EphemeralKeyPair;\n  uidKey?: string;\n  derivationPath?: string;\n}): Promise<Uint8Array> {\n  const { aptosConfig, jwt, ephemeralKeyPair, uidKey = \"sub\", derivationPath } = args;\n\n  const body = {\n    jwt_b64: jwt,\n    epk: ephemeralKeyPair.getPublicKey().bcsToHex().toStringWithoutPrefix(),\n    exp_date_secs: ephemeralKeyPair.expiryDateSecs,\n    epk_blinder: Hex.fromHexInput(ephemeralKeyPair.blinder).toStringWithoutPrefix(),\n    uid_key: uidKey,\n    derivation_path: derivationPath,\n  };\n  const { data } = await postAptosPepperService<PepperFetchRequest, PepperFetchResponse>({\n    aptosConfig,\n    path: \"fetch\",\n    body,\n    originMethod: \"getPepper\",\n    overrides: { WITH_CREDENTIALS: false },\n  });\n  return Hex.fromHexInput(data.pepper).toUint8Array();\n}\n\n/**\n * Generates a zero-knowledge proof based on the provided parameters.\n * This function is essential for creating a signed proof that can be used in various cryptographic operations.\n *\n * @param args - The parameters required to generate the proof.\n * @param args.aptosConfig - The configuration settings for Aptos.\n * @param args.jwt - The JSON Web Token used for authentication.\n * @param args.ephemeralKeyPair - The ephemeral key pair used for generating the proof.\n * @param args.pepper - An optional hex input used to enhance security (default is generated if not provided).\n * @param args.uidKey - An optional string that specifies the unique identifier key (defaults to \"sub\").\n * @throws Error if the pepper length is not valid or if the ephemeral key pair's lifespan exceeds the maximum allowed.\n */\nexport async function getProof(args: {\n  aptosConfig: AptosConfig;\n  jwt: string;\n  ephemeralKeyPair: EphemeralKeyPair;\n  pepper?: HexInput;\n  uidKey?: string;\n  maxExpHorizonSecs?: number;\n}): Promise<ZeroKnowledgeSig> {\n  const {\n    aptosConfig,\n    jwt,\n    ephemeralKeyPair,\n    pepper = await getPepper(args),\n    uidKey = \"sub\",\n    maxExpHorizonSecs = (await getKeylessConfig({ aptosConfig })).maxExpHorizonSecs,\n  } = args;\n  if (Hex.fromHexInput(pepper).toUint8Array().length !== KeylessAccount.PEPPER_LENGTH) {\n    throw new Error(`Pepper needs to be ${KeylessAccount.PEPPER_LENGTH} bytes`);\n  }\n  const decodedJwt = jwtDecode<JwtPayload>(jwt);\n  if (typeof decodedJwt.iat !== \"number\") {\n    throw new Error(\"iat was not found\");\n  }\n  if (maxExpHorizonSecs < ephemeralKeyPair.expiryDateSecs - decodedJwt.iat) {\n    throw Error(`The EphemeralKeyPair is too long lived.  It's lifespan must be less than ${maxExpHorizonSecs}`);\n  }\n  const json = {\n    jwt_b64: jwt,\n    epk: ephemeralKeyPair.getPublicKey().bcsToHex().toStringWithoutPrefix(),\n    epk_blinder: Hex.fromHexInput(ephemeralKeyPair.blinder).toStringWithoutPrefix(),\n    exp_date_secs: ephemeralKeyPair.expiryDateSecs,\n    exp_horizon_secs: maxExpHorizonSecs,\n    pepper: Hex.fromHexInput(pepper).toStringWithoutPrefix(),\n    uid_key: uidKey,\n  };\n\n  const { data } = await postAptosProvingService<ProverRequest, ProverResponse>({\n    aptosConfig,\n    path: \"prove\",\n    body: json,\n    originMethod: \"getProof\",\n    overrides: { WITH_CREDENTIALS: false },\n  });\n\n  const proofPoints = data.proof;\n  const groth16Zkp = new Groth16Zkp({\n    a: proofPoints.a,\n    b: proofPoints.b,\n    c: proofPoints.c,\n  });\n\n  const signedProof = new ZeroKnowledgeSig({\n    proof: new ZkProof(groth16Zkp, ZkpVariant.Groth16),\n    trainingWheelsSignature: EphemeralSignature.fromHex(data.training_wheels_signature),\n    expHorizonSecs: maxExpHorizonSecs,\n  });\n  return signedProof;\n}\n\n/**\n * Derives a keyless account by fetching the necessary proof and looking up the original account address.\n * This function helps in creating a keyless account that can be used without managing private keys directly.\n *\n * @param args - The arguments required to derive the keyless account.\n * @param args.aptosConfig - The configuration settings for Aptos.\n * @param args.jwt - The JSON Web Token used for authentication.\n * @param args.ephemeralKeyPair - The ephemeral key pair used for cryptographic operations.\n * @param args.uidKey - An optional unique identifier key for the user.\n * @param args.pepper - An optional hexadecimal input used for additional security.\n * @param args.proofFetchCallback - An optional callback function to handle the proof fetch outcome.\n * @returns A keyless account object.\n */\nexport async function deriveKeylessAccount(args: {\n  aptosConfig: AptosConfig;\n  jwt: string;\n  ephemeralKeyPair: EphemeralKeyPair;\n  uidKey?: string;\n  pepper?: HexInput;\n  proofFetchCallback?: ProofFetchCallback;\n}): Promise<KeylessAccount>;\n\nexport async function deriveKeylessAccount(args: {\n  aptosConfig: AptosConfig;\n  jwt: string;\n  ephemeralKeyPair: EphemeralKeyPair;\n  jwkAddress: AccountAddressInput;\n  uidKey?: string;\n  pepper?: HexInput;\n  proofFetchCallback?: ProofFetchCallback;\n}): Promise<FederatedKeylessAccount>;\n\nexport async function deriveKeylessAccount(args: {\n  aptosConfig: AptosConfig;\n  jwt: string;\n  ephemeralKeyPair: EphemeralKeyPair;\n  jwkAddress?: AccountAddressInput;\n  uidKey?: string;\n  pepper?: HexInput;\n  proofFetchCallback?: ProofFetchCallback;\n}): Promise<KeylessAccount | FederatedKeylessAccount> {\n  const { aptosConfig, jwt, jwkAddress, uidKey, proofFetchCallback, pepper = await getPepper(args) } = args;\n  const { verificationKey, maxExpHorizonSecs } = await getKeylessConfig({ aptosConfig });\n\n  const proofPromise = getProof({ ...args, pepper, maxExpHorizonSecs });\n  // If a callback is provided, pass in the proof as a promise to KeylessAccount.create.  This will make the proof be fetched in the\n  // background and the callback will handle the outcome of the fetch.  This allows the developer to not have to block on the proof fetch\n  // allowing for faster rendering of UX.\n  //\n  // If no callback is provided, the just await the proof fetch and continue synchronously.\n  const proof = proofFetchCallback ? proofPromise : await proofPromise;\n\n  // Look up the original address to handle key rotations and then instantiate the account.\n  if (jwkAddress !== undefined) {\n    const publicKey = FederatedKeylessPublicKey.fromJwtAndPepper({ jwt, pepper, jwkAddress, uidKey });\n    const address = await lookupOriginalAccountAddress({\n      aptosConfig,\n      authenticationKey: publicKey.authKey().derivedAddress(),\n    });\n\n    return FederatedKeylessAccount.create({\n      ...args,\n      address,\n      proof,\n      pepper,\n      proofFetchCallback,\n      jwkAddress,\n      verificationKey,\n    });\n  }\n\n  const publicKey = KeylessPublicKey.fromJwtAndPepper({ jwt, pepper, uidKey });\n  const address = await lookupOriginalAccountAddress({\n    aptosConfig,\n    authenticationKey: publicKey.authKey().derivedAddress(),\n  });\n  return KeylessAccount.create({ ...args, address, proof, pepper, proofFetchCallback, verificationKey });\n}\n\nexport interface JWKS {\n  keys: MoveJWK[];\n}\n\nexport async function updateFederatedKeylessJwkSetTransaction(args: {\n  aptosConfig: AptosConfig;\n  sender: Account;\n  iss: string;\n  jwksUrl?: string;\n  options?: InputGenerateTransactionOptions;\n}): Promise<SimpleTransaction> {\n  const { aptosConfig, sender, iss, options } = args;\n\n  let { jwksUrl } = args;\n\n  if (jwksUrl === undefined) {\n    if (FIREBASE_AUTH_ISS_PATTERN.test(iss)) {\n      jwksUrl = \"https://www.googleapis.com/service_accounts/v1/jwk/securetoken@system.gserviceaccount.com\";\n    } else {\n      jwksUrl = iss.endsWith(\"/\") ? `${iss}.well-known/jwks.json` : `${iss}/.well-known/jwks.json`;\n    }\n  }\n\n  let response: Response;\n\n  try {\n    response = await fetch(jwksUrl);\n    if (!response.ok) {\n      throw new Error(`${response.status} ${response.statusText}`);\n    }\n  } catch (error) {\n    let errorMessage: string;\n    if (error instanceof Error) {\n      errorMessage = `${error.message}`;\n    } else {\n      errorMessage = `error unknown - ${error}`;\n    }\n    throw KeylessError.fromErrorType({\n      type: KeylessErrorType.JWK_FETCH_FAILED_FEDERATED,\n      details: `Failed to fetch JWKS at ${jwksUrl}: ${errorMessage}`,\n    });\n  }\n\n  const jwks: JWKS = await response.json();\n  return generateTransaction({\n    aptosConfig,\n    sender: sender.accountAddress,\n    data: {\n      function: \"0x1::jwks::update_federated_jwk_set\",\n      functionArguments: [\n        iss,\n        MoveVector.MoveString(jwks.keys.map((key) => key.kid)),\n        MoveVector.MoveString(jwks.keys.map((key) => key.alg)),\n        MoveVector.MoveString(jwks.keys.map((key) => key.e)),\n        MoveVector.MoveString(jwks.keys.map((key) => key.n)),\n      ],\n    },\n    options,\n  });\n}\n"],"mappings":"0gBASA,OAAS,aAAAA,MAA6B,aAqCtC,eAAsBC,EAAUC,EAMR,CACtB,GAAM,CAAE,YAAAC,EAAa,IAAAC,EAAK,iBAAAC,EAAkB,OAAAC,EAAS,MAAO,eAAAC,CAAe,EAAIL,EAEzEM,EAAO,CACX,QAASJ,EACT,IAAKC,EAAiB,aAAa,EAAE,SAAS,EAAE,sBAAsB,EACtE,cAAeA,EAAiB,eAChC,YAAaI,EAAI,aAAaJ,EAAiB,OAAO,EAAE,sBAAsB,EAC9E,QAASC,EACT,gBAAiBC,CACnB,EACM,CAAE,KAAAG,CAAK,EAAI,MAAMC,EAAgE,CACrF,YAAAR,EACA,KAAM,QACN,KAAAK,EACA,aAAc,YACd,UAAW,CAAE,iBAAkB,EAAM,CACvC,CAAC,EACD,OAAOC,EAAI,aAAaC,EAAK,MAAM,EAAE,aAAa,CACpD,CAcA,eAAsBE,EAASV,EAOD,CAC5B,GAAM,CACJ,YAAAC,EACA,IAAAC,EACA,iBAAAC,EACA,OAAAQ,EAAS,MAAMZ,EAAUC,CAAI,EAC7B,OAAAI,EAAS,MACT,kBAAAQ,GAAqB,MAAMC,EAAiB,CAAE,YAAAZ,CAAY,CAAC,GAAG,iBAChE,EAAID,EACJ,GAAIO,EAAI,aAAaI,CAAM,EAAE,aAAa,EAAE,SAAWG,EAAe,cACpE,MAAM,IAAI,MAAM,sBAAsBA,EAAe,aAAa,QAAQ,EAE5E,IAAMC,EAAaC,EAAsBd,CAAG,EAC5C,GAAI,OAAOa,EAAW,KAAQ,SAC5B,MAAM,IAAI,MAAM,mBAAmB,EAErC,GAAIH,EAAoBT,EAAiB,eAAiBY,EAAW,IACnE,MAAM,MAAM,4EAA4EH,CAAiB,EAAE,EAE7G,IAAMK,EAAO,CACX,QAASf,EACT,IAAKC,EAAiB,aAAa,EAAE,SAAS,EAAE,sBAAsB,EACtE,YAAaI,EAAI,aAAaJ,EAAiB,OAAO,EAAE,sBAAsB,EAC9E,cAAeA,EAAiB,eAChC,iBAAkBS,EAClB,OAAQL,EAAI,aAAaI,CAAM,EAAE,sBAAsB,EACvD,QAASP,CACX,EAEM,CAAE,KAAAI,CAAK,EAAI,MAAMU,EAAuD,CAC5E,YAAAjB,EACA,KAAM,QACN,KAAMgB,EACN,aAAc,WACd,UAAW,CAAE,iBAAkB,EAAM,CACvC,CAAC,EAEKE,EAAcX,EAAK,MACnBY,EAAa,IAAIC,EAAW,CAChC,EAAGF,EAAY,EACf,EAAGA,EAAY,EACf,EAAGA,EAAY,CACjB,CAAC,EAOD,OALoB,IAAIG,EAAiB,CACvC,MAAO,IAAIC,EAAQH,GAA8B,EACjD,wBAAyBI,EAAmB,QAAQhB,EAAK,yBAAyB,EAClF,eAAgBI,CAClB,CAAC,CAEH,CAkCA,eAAsBa,GAAqBzB,EAQW,CACpD,GAAM,CAAE,YAAAC,EAAa,IAAAC,EAAK,WAAAwB,EAAY,OAAAtB,EAAQ,mBAAAuB,EAAoB,OAAAhB,EAAS,MAAMZ,EAAUC,CAAI,CAAE,EAAIA,EAC/F,CAAE,gBAAA4B,EAAiB,kBAAAhB,CAAkB,EAAI,MAAMC,EAAiB,CAAE,YAAAZ,CAAY,CAAC,EAE/E4B,EAAenB,EAAS,CAAE,GAAGV,EAAM,OAAAW,EAAQ,kBAAAC,CAAkB,CAAC,EAM9DkB,EAAQH,EAAqBE,EAAe,MAAMA,EAGxD,GAAIH,IAAe,OAAW,CAC5B,IAAMK,EAAYC,EAA0B,iBAAiB,CAAE,IAAA9B,EAAK,OAAAS,EAAQ,WAAAe,EAAY,OAAAtB,CAAO,CAAC,EAC1F6B,EAAU,MAAMC,EAA6B,CACjD,YAAAjC,EACA,kBAAmB8B,EAAU,QAAQ,EAAE,eAAe,CACxD,CAAC,EAED,OAAOI,EAAwB,OAAO,CACpC,GAAGnC,EACH,QAAAiC,EACA,MAAAH,EACA,OAAAnB,EACA,mBAAAgB,EACA,WAAAD,EACA,gBAAAE,CACF,CAAC,CACH,CAEA,IAAMG,EAAYK,EAAiB,iBAAiB,CAAE,IAAAlC,EAAK,OAAAS,EAAQ,OAAAP,CAAO,CAAC,EACrE6B,EAAU,MAAMC,EAA6B,CACjD,YAAAjC,EACA,kBAAmB8B,EAAU,QAAQ,EAAE,eAAe,CACxD,CAAC,EACD,OAAOjB,EAAe,OAAO,CAAE,GAAGd,EAAM,QAAAiC,EAAS,MAAAH,EAAO,OAAAnB,EAAQ,mBAAAgB,EAAoB,gBAAAC,CAAgB,CAAC,CACvG,CAMA,eAAsBS,GAAwCrC,EAM/B,CAC7B,GAAM,CAAE,YAAAC,EAAa,OAAAqC,EAAQ,IAAAC,EAAK,QAAAC,CAAQ,EAAIxC,EAE1C,CAAE,QAAAyC,CAAQ,EAAIzC,EAEdyC,IAAY,SACVC,EAA0B,KAAKH,CAAG,EACpCE,EAAU,4FAEVA,EAAUF,EAAI,SAAS,GAAG,EAAI,GAAGA,CAAG,wBAA0B,GAAGA,CAAG,0BAIxE,IAAII,EAEJ,GAAI,CAEF,GADAA,EAAW,MAAM,MAAMF,CAAO,EAC1B,CAACE,EAAS,GACZ,MAAM,IAAI,MAAM,GAAGA,EAAS,MAAM,IAAIA,EAAS,UAAU,EAAE,CAE/D,OAASC,EAAO,CACd,IAAIC,EACJ,MAAID,aAAiB,MACnBC,EAAe,GAAGD,EAAM,OAAO,GAE/BC,EAAe,mBAAmBD,CAAK,GAEnCE,EAAa,cAAc,CAC/B,QACA,QAAS,2BAA2BL,CAAO,KAAKI,CAAY,EAC9D,CAAC,CACH,CAEA,IAAME,EAAa,MAAMJ,EAAS,KAAK,EACvC,OAAOK,EAAoB,CACzB,YAAA/C,EACA,OAAQqC,EAAO,eACf,KAAM,CACJ,SAAU,sCACV,kBAAmB,CACjBC,EACAU,EAAW,WAAWF,EAAK,KAAK,IAAKG,GAAQA,EAAI,GAAG,CAAC,EACrDD,EAAW,WAAWF,EAAK,KAAK,IAAKG,GAAQA,EAAI,GAAG,CAAC,EACrDD,EAAW,WAAWF,EAAK,KAAK,IAAKG,GAAQA,EAAI,CAAC,CAAC,EACnDD,EAAW,WAAWF,EAAK,KAAK,IAAKG,GAAQA,EAAI,CAAC,CAAC,CACrD,CACF,EACA,QAAAV,CACF,CAAC,CACH","names":["jwtDecode","getPepper","args","aptosConfig","jwt","ephemeralKeyPair","uidKey","derivationPath","body","Hex","data","postAptosPepperService","getProof","pepper","maxExpHorizonSecs","getKeylessConfig","KeylessAccount","decodedJwt","jwtDecode","json","postAptosProvingService","proofPoints","groth16Zkp","Groth16Zkp","ZeroKnowledgeSig","ZkProof","EphemeralSignature","deriveKeylessAccount","jwkAddress","proofFetchCallback","verificationKey","proofPromise","proof","publicKey","FederatedKeylessPublicKey","address","lookupOriginalAccountAddress","FederatedKeylessAccount","KeylessPublicKey","updateFederatedKeylessJwkSetTransaction","sender","iss","options","jwksUrl","FIREBASE_AUTH_ISS_PATTERN","response","error","errorMessage","KeylessError","jwks","generateTransaction","MoveVector","key"]}
Выполнить команду

Для локальной разработки. Не используйте в интернете!