@aptos-labs/siwa
Version:
Library of utilities for Sign in with Aptos
1 lines • 28.3 kB
Source Map (JSON)
{"version":3,"sources":["../../src/legacy/index.ts","../../src/legacy/core.ts","../../src/core.ts","../../src/internal.ts","../../src/signatures.ts","../../src/utils.ts","../../src/legacy/serializers.ts"],"sourcesContent":["export * from \"./core.js\";\nexport * from \"./serializers.js\";\n","import {\n AccountAddress,\n AccountPublicKey,\n type Aptos,\n Hex,\n type PublicKey,\n type Signature,\n} from \"@aptos-labs/ts-sdk\";\nimport type {\n AptosSignInBoundFields,\n AptosSignInInput,\n} from \"@aptos-labs/wallet-standard\";\nimport { sha3_256 } from \"@noble/hashes/sha3\";\nimport { createSignInMessage } from \"../core.js\";\nimport { mainnet } from \"../internal.js\";\nimport { verifySignature } from \"../signatures.js\";\nimport type { VerificationError } from \"../types.js\";\n\nexport type VerificationFullMessageError = \"invalid_full_message\";\n\ntype LegacyVerificationError = VerificationError | VerificationFullMessageError;\n\nexport type LegacyVerificationResult<T> =\n | { valid: true; data: T }\n | { valid: false; errors: LegacyVerificationError[] };\n\nexport const createLegacySignInMessage = (\n input: AptosSignInInput & AptosSignInBoundFields,\n) => {\n let message = createSignInMessage(input);\n message += `\\n\\nHash: ${Hex.fromHexInput(sha3_256(message)).toString()}`;\n return message;\n};\n\nexport const verifyLegacySignIn = async (\n input: AptosSignInInput & AptosSignInBoundFields,\n output: {\n publicKey: PublicKey;\n signature: Signature;\n message: string;\n },\n options: { aptos?: Aptos } = {},\n): Promise<\n LegacyVerificationResult<AptosSignInInput & AptosSignInBoundFields>\n> => {\n const embeddedMessage = createLegacySignInMessage(input);\n\n if (!output.message.includes(embeddedMessage)) {\n return { valid: false, errors: [\"invalid_full_message\"] };\n }\n\n if (!(output.publicKey instanceof AccountPublicKey)) {\n return { valid: false, errors: [\"invalid_public_key\"] };\n }\n\n const authKey = output.publicKey.authKey().derivedAddress();\n\n const originalAddress = await (\n options.aptos ?? mainnet\n ).lookupOriginalAccountAddress({ authenticationKey: authKey });\n\n if (\n !AccountAddress.from(input.address, {\n maxMissingChars: 63,\n }).equals(originalAddress)\n ) {\n return { valid: false, errors: [\"invalid_auth_key\"] };\n }\n\n const isSignatureValid = await verifySignature(\n {\n publicKey: output.publicKey,\n signature: output.signature,\n signingMessage: output.message,\n },\n { aptos: options.aptos },\n );\n\n if (!isSignatureValid) return { valid: false, errors: [\"invalid_signature\"] };\n\n return { valid: true, data: input };\n};\n","import {\n AccountAddress,\n AccountPublicKey,\n type Aptos,\n type PublicKey,\n type Signature,\n} from \"@aptos-labs/ts-sdk\";\nimport type {\n AptosSignInBoundFields,\n AptosSignInInput,\n} from \"@aptos-labs/wallet-standard\";\nimport { sha3_256 } from \"@noble/hashes/sha3\";\nimport { arraysEqual, asyncTryOrDefault, mainnet } from \"./internal.js\";\nimport { verifySignature } from \"./signatures.js\";\nimport type {\n VerificationError,\n VerificationMessageError,\n VerificationResult,\n VerificationResultWithData,\n} from \"./types.js\";\n\n/**\n * Create a SIWA message from the input following the ABNF format defined in the Sign in with Aptos specifications.\n *\n * @param input The input to create the SIWA message from.\n *\n * @returns The SIWA message text.\n */\nexport function createSignInMessage(\n input: AptosSignInInput & AptosSignInBoundFields,\n): string {\n let message = `${input.domain} wants you to sign in with your Aptos account:\\n`;\n message += `${input.address}`;\n\n if (input.statement) {\n message += `\\n\\n${input.statement}`;\n }\n\n const fields: string[] = [];\n if (input.uri) {\n fields.push(`URI: ${input.uri}`);\n }\n if (input.version) {\n fields.push(`Version: ${input.version}`);\n }\n if (input.nonce) {\n fields.push(`Nonce: ${input.nonce}`);\n }\n if (input.issuedAt) {\n fields.push(`Issued At: ${input.issuedAt}`);\n }\n if (input.expirationTime) {\n fields.push(`Expiration Time: ${input.expirationTime}`);\n }\n if (input.notBefore) {\n fields.push(`Not Before: ${input.notBefore}`);\n }\n if (input.requestId) {\n fields.push(`Request ID: ${input.requestId}`);\n }\n if (input.chainId) {\n fields.push(`Chain ID: ${input.chainId}`);\n }\n if (input.resources) {\n fields.push(\"Resources:\");\n for (const resource of input.resources) {\n fields.push(`- ${resource}`);\n }\n }\n\n if (fields.length) {\n message += `\\n\\n${fields.join(\"\\n\")}`;\n }\n\n return message;\n}\n\n/**\n * Generate a signing message using the SIWA signing algorithm.\n * ( sha3_256(b\"SIGN_IN_WITH_APTOS::\" ) || <message> )\n *\n * @param message The SIWA message to sign.\n *\n * @returns The signing message.\n */\nexport function createSignInSigningMessage(message: string): Uint8Array {\n const domainSeparator = \"SIGN_IN_WITH_APTOS::\";\n const domainSeparatorHash = sha3_256(domainSeparator);\n return new Uint8Array([\n ...domainSeparatorHash,\n ...new TextEncoder().encode(message),\n ]);\n}\n\nconst DOMAIN =\n \"(?<domain>[^\\\\n]+?) wants you to sign in with your Aptos account:\\\\n\";\nconst ADDRESS = \"(?<address>[^\\\\n]+)(?:\\\\n|$)\";\nconst STATEMENT = \"(?:\\\\n(?<statement>[\\\\S\\\\s]*?)(?:\\\\n|$))??\";\nconst URI = \"(?:\\\\nURI: (?<uri>[^\\\\n]+))?\";\nconst VERSION = \"(?:\\\\nVersion: (?<version>[^\\\\n]+))?\";\nconst NONCE = \"(?:\\\\nNonce: (?<nonce>[^\\\\n]+))?\";\nconst ISSUED_AT = \"(?:\\\\nIssued At: (?<issuedAt>[^\\\\n]+))?\";\nconst EXPIRATION_TIME = \"(?:\\\\nExpiration Time: (?<expirationTime>[^\\\\n]+))?\";\nconst NOT_BEFORE = \"(?:\\\\nNot Before: (?<notBefore>[^\\\\n]+))?\";\nconst REQUEST_ID = \"(?:\\\\nRequest ID: (?<requestId>[^\\\\n]+))?\";\nconst CHAIN_ID = \"(?:\\\\nChain ID: (?<chainId>[^\\\\n]+))?\";\nconst RESOURCES = \"(?:\\\\nResources:(?<resources>(?:\\\\n- [^\\\\n]+)*))?\";\nconst FIELDS = `${URI}${VERSION}${NONCE}${ISSUED_AT}${EXPIRATION_TIME}${NOT_BEFORE}${REQUEST_ID}${CHAIN_ID}${RESOURCES}`;\nconst MESSAGE = new RegExp(`^${DOMAIN}${ADDRESS}${STATEMENT}${FIELDS}\\\\n*$`);\n\n/**\n * Parse a SIWA message into an `AptosSignInInput` object with the required fields.\n *\n * @param text The SIWA message to parse.\n *\n * @returns The parsed `AptosSignInInput` object with the required fields.\n */\nexport function parseSignInMessage(\n text: string,\n): VerificationResultWithData<AptosSignInInput & AptosSignInBoundFields> {\n const match = MESSAGE.exec(text);\n if (!match) return { valid: false, errors: [\"invalid_message\"] };\n\n const groups = match.groups;\n if (!groups) return { valid: false, errors: [\"invalid_message\"] };\n\n const errors: VerificationMessageError[] = [];\n\n if (!groups.domain || groups.domain === \"undefined\")\n errors.push(\"message_domain_missing\");\n if (!groups.address || groups.address === \"undefined\")\n errors.push(\"message_address_missing\");\n if (!groups.version || groups.version === \"undefined\")\n errors.push(\"message_version_missing\");\n if (!groups.chainId || groups.chainId === \"undefined\")\n errors.push(\"message_chain_id_missing\");\n\n if (errors.length) return { valid: false, errors };\n\n return {\n valid: true,\n data: {\n domain: groups.domain,\n address: groups.address,\n statement: groups.statement,\n uri: groups.uri,\n version: groups.version,\n nonce: groups.nonce,\n chainId: groups.chainId,\n issuedAt: groups.issuedAt,\n expirationTime: groups.expirationTime,\n notBefore: groups.notBefore,\n requestId: groups.requestId,\n resources: groups.resources?.split(\"\\n- \").slice(1),\n },\n };\n}\n\n/**\n * Verifies a SIWA plain text message against expected `AptosSignInInput` fields (including required fields).\n *\n * @param params.publicKey The public key of the user that is signing in.\n * @param params.expected The expected fields to verify against the input.\n * @param params.message The SIWA plain text message to verify.\n *\n * @param options.aptosConfig The Aptos configuration to use for the verification.\n * @param options.excludedResources The resources to exclude from the verification.\n *\n * @returns The verification result.\n */\nexport async function verifySignInMessage(\n params: {\n publicKey: PublicKey;\n // From the beginning of the flow\n expected: AptosSignInInput & { domain: string };\n // From wallet, AptosSignInOutput\n input: AptosSignInInput & AptosSignInBoundFields;\n },\n options: { aptos?: Aptos; excludedResources?: string[] } = {},\n): Promise<VerificationResult> {\n const { expected, input, publicKey } = params;\n\n if (!(publicKey instanceof AccountPublicKey)) {\n return { valid: false, errors: [\"invalid_public_key\"] };\n }\n\n // 1. Check that the authentication key of the account at `input.address` matches the `PublicKey`'s derived authentication key\n const accountAddress = input.address;\n const accountAuthenticationKey = await asyncTryOrDefault(\n async () =>\n (await (options.aptos ?? mainnet).getAccountInfo({ accountAddress }))\n .authentication_key,\n accountAddress,\n );\n const publicKeyAuthenticationKey = publicKey.authKey().derivedAddress();\n if (\n !AccountAddress.from(accountAuthenticationKey, {\n maxMissingChars: 63,\n }).equals(publicKeyAuthenticationKey)\n ) {\n return { valid: false, errors: [\"invalid_auth_key\"] };\n }\n\n // 2. Check if the `expected` fields match the `input` fields\n const errors: VerificationError[] = [];\n\n if (expected.domain && expected.domain !== input.domain)\n errors.push(\"message_domain_mismatch\");\n if (expected.address && expected.address !== input.address)\n errors.push(\"message_address_mismatch\");\n if (expected.statement !== input.statement)\n errors.push(\"message_statement_mismatch\");\n if (expected.uri && expected.uri !== input.uri)\n errors.push(\"message_uri_mismatch\");\n if (expected.version && expected.version !== input.version)\n errors.push(\"message_version_mismatch\");\n if (expected.chainId && expected.chainId !== input.chainId)\n errors.push(\"message_chain_id_mismatch\");\n if (expected.nonce !== input.nonce) errors.push(\"message_nonce_mismatch\");\n if (expected.issuedAt !== input.issuedAt)\n errors.push(\"message_issued_at_mismatch\");\n if (expected.expirationTime !== input.expirationTime)\n errors.push(\"message_expiration_time_mismatch\");\n if (expected.notBefore !== input.notBefore)\n errors.push(\"message_not_before_mismatch\");\n if (expected.requestId !== input.requestId)\n errors.push(\"message_request_id_mismatch\");\n if (expected.resources) {\n if (!input.resources) {\n errors.push(\"message_resources_missing\");\n } else if (\n !arraysEqual(\n expected.resources,\n input.resources,\n // If there is resource injection, exclude the resource since the expected value is not known\n options?.excludedResources,\n )\n ) {\n errors.push(\"message_resources_mismatch\");\n }\n } else if (input.resources) {\n errors.push(\"message_resources_unexpected\");\n }\n\n // 3. Do timebased comparisons on `expirationTime` and `notBefore`\n const currentTime = new Date();\n\n if (\n expected.expirationTime &&\n currentTime.getTime() >= new Date(expected.expirationTime).getTime()\n ) {\n errors.push(\"message_expired\");\n }\n\n if (\n expected.notBefore &&\n currentTime.getTime() < new Date(expected.notBefore).getTime()\n ) {\n errors.push(\"message_not_yet_valid\");\n }\n\n if (errors.length) return { valid: false, errors };\n\n return { valid: true };\n}\n\n/**\n * Using the `publicKey` and `signature`, verify that the `signature` is valid for the `message`.\n *\n * @param output The `AptosSignInOutput` to verify against the input.\n *\n * @returns The `AptosSignInInput` fields that are parsed from the message.\n */\nexport async function verifySignInSignature(\n output: {\n publicKey: PublicKey;\n signature: Signature;\n input: AptosSignInInput & AptosSignInBoundFields;\n },\n options: { aptos?: Aptos } = {},\n): Promise<VerificationResult> {\n const siwaMessage = createSignInMessage(output.input);\n\n const signingMessage = createSignInSigningMessage(siwaMessage);\n\n const isSignatureValid = await verifySignature(\n {\n publicKey: output.publicKey,\n signature: output.signature,\n signingMessage,\n },\n options,\n );\n if (!isSignatureValid) return { valid: false, errors: [\"invalid_signature\"] };\n\n return { valid: true };\n}\n","import { Aptos, AptosConfig, Network } from \"@aptos-labs/ts-sdk\";\n\n/**\n * @internal\n *\n * Type with a numeric `length` and numerically indexed elements of a generic type `T`.\n *\n * For example, `Array<T>` and `Uint8Array`.\n *\n * @group Internal\n */\nexport interface Indexed<T> {\n length: number;\n [index: number]: T;\n}\n\n/**\n * @internal\n *\n * Efficiently compare {@link Indexed} arrays (e.g. `Array` and `Uint8Array`).\n *\n * @param a An array.\n * @param b Another array.\n * @param excludedValues Values to exclude from `a` the comparison.\n *\n * @return `true` if the arrays have the same length and elements, `false` otherwise.\n *\n * @group Internal\n */\nexport function arraysEqual<T>(\n a: Indexed<T>,\n b: Indexed<T>,\n excludedValues?: T[],\n): boolean {\n if (a === b) return true;\n\n const length = a.length;\n if (length !== b.length) return false;\n\n for (let i = 0; i < length; i++) {\n if (excludedValues?.includes(a[i])) continue;\n if (a[i] !== b[i]) return false;\n }\n\n return true;\n}\n\n/**\n * @internal\n *\n * Encode a `Uint8Array` to a base64 string.\n *\n * @param bytes A `Uint8Array` to encode.\n *\n * @returns A base64 encoded string.\n *\n * @group Internal\n */\nexport function encodeBase64(bytes: Uint8Array): string {\n const base64Alphabet =\n \"ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/\";\n let result = \"\";\n for (let i = 0; i < bytes.byteLength; i += 3) {\n let buffer = 0;\n let bufferBitSize = 0;\n for (let j = 0; j < 3 && i + j < bytes.byteLength; j++) {\n buffer = (buffer << 8) | bytes[i + j];\n bufferBitSize += 8;\n }\n for (let j = 0; j < 4; j++) {\n if (bufferBitSize >= 6) {\n result += base64Alphabet[(buffer >> (bufferBitSize - 6)) & 0x3f];\n bufferBitSize -= 6;\n } else if (bufferBitSize > 0) {\n result += base64Alphabet[(buffer << (6 - bufferBitSize)) & 0x3f];\n bufferBitSize = 0;\n }\n }\n }\n return result;\n}\n\nexport async function asyncTryOrDefault<T>(\n fn: () => Promise<T>,\n defaultValue: T,\n): Promise<T> {\n try {\n return await fn();\n } catch (_) {\n return defaultValue;\n }\n}\n\nexport const mainnet = new Aptos(new AptosConfig({ network: Network.MAINNET }));\n","import type { Aptos, HexInput, PublicKey, Signature } from \"@aptos-labs/ts-sdk\";\nimport { mainnet } from \"./internal.js\";\n\n/**\n * Verifies a signature using the Sign in with Aptos signing algorithm.\n *\n * @param output The AptosSignInOutput to verify the signature against.\n * @param options The options to use for the verification.\n *\n * @returns The verification result.\n */\nexport async function verifySignature(\n params: {\n publicKey: PublicKey;\n signature: Signature;\n signingMessage: HexInput;\n },\n options: { aptos?: Aptos } = {},\n): Promise<boolean> {\n return params.publicKey.verifySignatureAsync({\n aptosConfig: options.aptos?.config ?? mainnet.config,\n message: params.signingMessage,\n signature: params.signature,\n });\n}\n","import {\n AnyPublicKey,\n AnySignature,\n Deserializer,\n Ed25519PublicKey,\n Ed25519Signature,\n Hex,\n type HexInput,\n MultiEd25519PublicKey,\n MultiEd25519Signature,\n MultiKey,\n MultiKeySignature,\n type PublicKey,\n type Signature,\n SigningScheme,\n} from \"@aptos-labs/ts-sdk\";\nimport { encodeBase64 } from \"./internal.js\";\n\n/**\n * Check if the scheme is a valid public key scheme\n *\n * @param scheme The scheme to check.\n *\n * @returns True if the scheme is a valid public key scheme, false otherwise.\n */\nexport const isValidPublicKeyScheme = (\n scheme: string,\n): scheme is \"ed25519\" | \"multi_ed25519\" | \"single_key\" | \"multi_key\" => {\n return (\n scheme === \"ed25519\" ||\n scheme === \"multi_ed25519\" ||\n scheme === \"single_key\" ||\n scheme === \"multi_key\"\n );\n};\n\n/**\n * Get the signing scheme of a public key.\n *\n * @param value The public key or signing scheme to get the scheme of.\n *\n * @returns The signing scheme of the public key.\n */\nexport function getSignInPublicKeyScheme(\n value: SigningScheme | PublicKey,\n): string {\n // If the value is a PublicKey\n if (typeof value === \"object\") {\n if (Ed25519PublicKey.isInstance(value)) {\n return \"ed25519\";\n }\n if (AnyPublicKey.isInstance(value)) {\n return \"single_key\";\n }\n if (MultiKey.isInstance(value)) {\n return \"multi_key\";\n }\n if (value instanceof MultiEd25519PublicKey) {\n return \"multi_ed25519\";\n }\n throw new Error(`Unknown public key type for instance: ${value}`);\n }\n\n // If the value is a SigningScheme\n switch (value) {\n case SigningScheme.Ed25519:\n return \"ed25519\";\n case SigningScheme.MultiEd25519:\n return \"multi_ed25519\";\n case SigningScheme.SingleKey:\n return \"single_key\";\n case SigningScheme.MultiKey:\n return \"multi_key\";\n default:\n throw new Error(`Unknown public key type for signing scheme: ${value}`);\n }\n}\n\n/**\n * Deserialize a public key from a hex string.\n *\n * @param scheme The signing scheme of the public key.\n * @param value The hex string to deserialize.\n *\n * @returns The deserialized public key.\n */\nexport function deserializeSignInPublicKey(\n scheme:\n | SigningScheme\n | \"ed25519\"\n | \"multi_ed25519\"\n | \"single_key\"\n | \"multi_key\",\n value: HexInput,\n): PublicKey {\n const deserializer = new Deserializer(Hex.fromHexInput(value).toUint8Array());\n\n if (typeof scheme !== \"string\") {\n switch (scheme) {\n case SigningScheme.Ed25519:\n return Ed25519PublicKey.deserialize(deserializer);\n case SigningScheme.MultiEd25519:\n return MultiEd25519PublicKey.deserialize(deserializer);\n case SigningScheme.SingleKey:\n return AnyPublicKey.deserialize(deserializer);\n case SigningScheme.MultiKey:\n return MultiKey.deserialize(deserializer);\n default:\n throw new Error(\n `Unknown public key type for signing scheme: ${scheme}`,\n );\n }\n }\n\n // If the type is a string\n switch (scheme) {\n case \"ed25519\":\n return Ed25519PublicKey.deserialize(deserializer);\n case \"multi_ed25519\":\n return MultiEd25519PublicKey.deserialize(deserializer);\n case \"single_key\":\n return AnyPublicKey.deserialize(deserializer);\n case \"multi_key\":\n return MultiKey.deserialize(deserializer);\n default:\n throw new Error(`Unknown public key type: ${scheme}`);\n }\n}\n\n/**\n * Deserialize a signature from a hex string.\n *\n * @param scheme The signing scheme of the signature.\n * @param value The hex string to deserialize.\n *\n * @returns The deserialized signature.\n */\nexport function deserializeSignInSignature(\n scheme:\n | SigningScheme\n | \"ed25519\"\n | \"multi_ed25519\"\n | \"single_key\"\n | \"multi_key\",\n value: HexInput,\n): Signature {\n const deserializer = new Deserializer(Hex.fromHexInput(value).toUint8Array());\n\n if (typeof scheme !== \"string\") {\n switch (scheme) {\n case SigningScheme.Ed25519:\n return Ed25519Signature.deserialize(deserializer);\n case SigningScheme.MultiEd25519:\n return MultiEd25519Signature.deserialize(deserializer);\n case SigningScheme.SingleKey:\n return AnySignature.deserialize(deserializer);\n case SigningScheme.MultiKey:\n return MultiKeySignature.deserialize(deserializer);\n default:\n throw new Error(`Unknown signature type for signing scheme: ${scheme}`);\n }\n }\n // If the type is a string\n switch (scheme) {\n case \"ed25519\":\n return Ed25519Signature.deserialize(deserializer);\n case \"multi_ed25519\":\n return MultiEd25519Signature.deserialize(deserializer);\n case \"single_key\":\n return AnySignature.deserialize(deserializer);\n case \"multi_key\":\n return MultiKeySignature.deserialize(deserializer);\n default:\n throw new Error(`Unknown signature type: ${scheme}`);\n }\n}\n\n/**\n * Generates a random nonce using the `crypto.getRandomValues` API.\n *\n * @returns A random nonce.\n */\nexport function generateNonce(): string {\n const bytes = new Uint8Array(12);\n crypto.getRandomValues(bytes);\n return encodeBase64(bytes);\n}\n","import type { PublicKey, Signature } from \"@aptos-labs/ts-sdk\";\nimport type { AptosSignInOutput } from \"@aptos-labs/wallet-standard\";\nimport {\n deserializeSignInPublicKey,\n deserializeSignInSignature,\n isValidPublicKeyScheme,\n} from \"../utils.js\";\n\nexport const CURRENT_LEGACY_SERIALIZATION_VERSION = \"1\";\n\nexport type LegacySerializationVersion = \"1\";\n\nexport type SerializedLegacyAptosSignInOutput = {\n version: \"1\";\n type: string;\n signature: string;\n message: string;\n publicKey: string;\n};\n\nexport type DeserializedLegacyAptosSignInOutput = {\n version: \"1\";\n type: string;\n signature: Signature;\n message: string;\n publicKey: PublicKey;\n};\n\nexport const serializeLegacySignInOutput = (\n output: Pick<AptosSignInOutput, \"type\" | \"signature\" | \"account\"> & {\n message: string;\n },\n): SerializedLegacyAptosSignInOutput => ({\n version: CURRENT_LEGACY_SERIALIZATION_VERSION,\n type: output.type,\n signature: output.signature.bcsToHex().toString(),\n message: output.message,\n publicKey: output.account.publicKey.bcsToHex().toString(),\n});\n\nexport const deserializeLegacySignInOutput = (\n serialized: SerializedLegacyAptosSignInOutput,\n): DeserializedLegacyAptosSignInOutput => {\n const { version } = serialized;\n\n if (version === \"1\") {\n if (!isValidPublicKeyScheme(serialized.type)) {\n throw new Error(`Unexpected public key scheme: ${serialized.type}`);\n }\n\n return {\n version: \"1\",\n type: serialized.type,\n signature: deserializeSignInSignature(\n serialized.type,\n serialized.signature,\n ),\n publicKey: deserializeSignInPublicKey(\n serialized.type,\n serialized.publicKey,\n ),\n message: serialized.message,\n };\n }\n\n throw new Error(`Unexpected serialization version: ${version}`);\n};\n"],"mappings":"yaAAA,IAAAA,EAAA,GAAAC,EAAAD,EAAA,0CAAAE,EAAA,8BAAAC,EAAA,kCAAAC,EAAA,gCAAAC,EAAA,uBAAAC,IAAA,eAAAC,EAAAP,GCAA,IAAAQ,EAOO,8BAKPC,EAAyB,8BCZzB,IAAAC,EAMO,8BAKPC,EAAyB,8BCXzB,IAAAC,EAA4C,8BA6FrC,IAAMC,EAAU,IAAI,QAAM,IAAI,cAAY,CAAE,QAAS,UAAQ,OAAQ,CAAC,CAAC,EClF9E,eAAsBC,EACpBC,EAKAC,EAA6B,CAAC,EACZ,CAClB,OAAOD,EAAO,UAAU,qBAAqB,CAC3C,YAAaC,EAAQ,OAAO,QAAUC,EAAQ,OAC9C,QAASF,EAAO,eAChB,UAAWA,EAAO,SACpB,CAAC,CACH,CFIO,SAASG,EACdC,EACQ,CACR,IAAIC,EAAU,GAAGD,EAAM,MAAM;AAAA,EAC7BC,GAAW,GAAGD,EAAM,OAAO,GAEvBA,EAAM,YACRC,GAAW;AAAA;AAAA,EAAOD,EAAM,SAAS,IAGnC,IAAME,EAAmB,CAAC,EAyB1B,GAxBIF,EAAM,KACRE,EAAO,KAAK,QAAQF,EAAM,GAAG,EAAE,EAE7BA,EAAM,SACRE,EAAO,KAAK,YAAYF,EAAM,OAAO,EAAE,EAErCA,EAAM,OACRE,EAAO,KAAK,UAAUF,EAAM,KAAK,EAAE,EAEjCA,EAAM,UACRE,EAAO,KAAK,cAAcF,EAAM,QAAQ,EAAE,EAExCA,EAAM,gBACRE,EAAO,KAAK,oBAAoBF,EAAM,cAAc,EAAE,EAEpDA,EAAM,WACRE,EAAO,KAAK,eAAeF,EAAM,SAAS,EAAE,EAE1CA,EAAM,WACRE,EAAO,KAAK,eAAeF,EAAM,SAAS,EAAE,EAE1CA,EAAM,SACRE,EAAO,KAAK,aAAaF,EAAM,OAAO,EAAE,EAEtCA,EAAM,UAAW,CACnBE,EAAO,KAAK,YAAY,EACxB,QAAWC,KAAYH,EAAM,UAC3BE,EAAO,KAAK,KAAKC,CAAQ,EAAE,CAE/B,CAEA,OAAID,EAAO,SACTD,GAAW;AAAA;AAAA,EAAOC,EAAO,KAAK;AAAA,CAAI,CAAC,IAG9BD,CACT,CAmBA,IAAMG,EACJ,uEACIC,EAAU,+BACVC,EAAY,6CACZC,EAAM,+BACNC,EAAU,uCACVC,EAAQ,mCACRC,EAAY,0CACZC,EAAkB,sDAClBC,EAAa,4CACbC,EAAa,4CACbC,EAAW,wCACXC,EAAY,oDACZC,EAAS,GAAGT,CAAG,GAAGC,CAAO,GAAGC,CAAK,GAAGC,CAAS,GAAGC,CAAe,GAAGC,CAAU,GAAGC,CAAU,GAAGC,CAAQ,GAAGC,CAAS,GAChHE,EAAU,IAAI,OAAO,IAAIb,CAAM,GAAGC,CAAO,GAAGC,CAAS,GAAGU,CAAM,OAAO,EDlFpE,IAAME,EACXC,GACG,CACH,IAAIC,EAAUC,EAAoBF,CAAK,EACvC,OAAAC,GAAW;AAAA;AAAA,QAAa,MAAI,gBAAa,YAASA,CAAO,CAAC,EAAE,SAAS,CAAC,GAC/DA,CACT,EAEaE,EAAqB,MAChCH,EACAI,EAKAC,EAA6B,CAAC,IAG3B,CACH,IAAMC,EAAkBP,EAA0BC,CAAK,EAEvD,GAAI,CAACI,EAAO,QAAQ,SAASE,CAAe,EAC1C,MAAO,CAAE,MAAO,GAAO,OAAQ,CAAC,sBAAsB,CAAE,EAG1D,GAAI,EAAEF,EAAO,qBAAqB,oBAChC,MAAO,CAAE,MAAO,GAAO,OAAQ,CAAC,oBAAoB,CAAE,EAGxD,IAAMG,EAAUH,EAAO,UAAU,QAAQ,EAAE,eAAe,EAEpDI,EAAkB,MACtBH,EAAQ,OAASI,GACjB,6BAA6B,CAAE,kBAAmBF,CAAQ,CAAC,EAE7D,OACG,iBAAe,KAAKP,EAAM,QAAS,CAClC,gBAAiB,EACnB,CAAC,EAAE,OAAOQ,CAAe,EAKF,MAAME,EAC7B,CACE,UAAWN,EAAO,UAClB,UAAWA,EAAO,UAClB,eAAgBA,EAAO,OACzB,EACA,CAAE,MAAOC,EAAQ,KAAM,CACzB,EAIO,CAAE,MAAO,GAAM,KAAML,CAAM,EAFJ,CAAE,MAAO,GAAO,OAAQ,CAAC,mBAAmB,CAAE,EAZnE,CAAE,MAAO,GAAO,OAAQ,CAAC,kBAAkB,CAAE,CAexD,EIjFA,IAAAW,EAeO,8BAUA,IAAMC,EACXC,GAGEA,IAAW,WACXA,IAAW,iBACXA,IAAW,cACXA,IAAW,YAsDR,SAASC,EACdC,EAMAC,EACW,CACX,IAAMC,EAAe,IAAI,eAAa,MAAI,aAAaD,CAAK,EAAE,aAAa,CAAC,EAE5E,GAAI,OAAOD,GAAW,SACpB,OAAQA,EAAQ,CACd,KAAK,gBAAc,QACjB,OAAO,mBAAiB,YAAYE,CAAY,EAClD,KAAK,gBAAc,aACjB,OAAO,wBAAsB,YAAYA,CAAY,EACvD,KAAK,gBAAc,UACjB,OAAO,eAAa,YAAYA,CAAY,EAC9C,KAAK,gBAAc,SACjB,OAAO,WAAS,YAAYA,CAAY,EAC1C,QACE,MAAM,IAAI,MACR,+CAA+CF,CAAM,EACvD,CACJ,CAIF,OAAQA,EAAQ,CACd,IAAK,UACH,OAAO,mBAAiB,YAAYE,CAAY,EAClD,IAAK,gBACH,OAAO,wBAAsB,YAAYA,CAAY,EACvD,IAAK,aACH,OAAO,eAAa,YAAYA,CAAY,EAC9C,IAAK,YACH,OAAO,WAAS,YAAYA,CAAY,EAC1C,QACE,MAAM,IAAI,MAAM,4BAA4BF,CAAM,EAAE,CACxD,CACF,CAUO,SAASG,EACdH,EAMAC,EACW,CACX,IAAMC,EAAe,IAAI,eAAa,MAAI,aAAaD,CAAK,EAAE,aAAa,CAAC,EAE5E,GAAI,OAAOD,GAAW,SACpB,OAAQA,EAAQ,CACd,KAAK,gBAAc,QACjB,OAAO,mBAAiB,YAAYE,CAAY,EAClD,KAAK,gBAAc,aACjB,OAAO,wBAAsB,YAAYA,CAAY,EACvD,KAAK,gBAAc,UACjB,OAAO,eAAa,YAAYA,CAAY,EAC9C,KAAK,gBAAc,SACjB,OAAO,oBAAkB,YAAYA,CAAY,EACnD,QACE,MAAM,IAAI,MAAM,8CAA8CF,CAAM,EAAE,CAC1E,CAGF,OAAQA,EAAQ,CACd,IAAK,UACH,OAAO,mBAAiB,YAAYE,CAAY,EAClD,IAAK,gBACH,OAAO,wBAAsB,YAAYA,CAAY,EACvD,IAAK,aACH,OAAO,eAAa,YAAYA,CAAY,EAC9C,IAAK,YACH,OAAO,oBAAkB,YAAYA,CAAY,EACnD,QACE,MAAM,IAAI,MAAM,2BAA2BF,CAAM,EAAE,CACvD,CACF,CCvKO,IAAMI,EAAuC,IAoBvCC,EACXC,IAGuC,CACvC,QAASF,EACT,KAAME,EAAO,KACb,UAAWA,EAAO,UAAU,SAAS,EAAE,SAAS,EAChD,QAASA,EAAO,QAChB,UAAWA,EAAO,QAAQ,UAAU,SAAS,EAAE,SAAS,CAC1D,GAEaC,EACXC,GACwC,CACxC,GAAM,CAAE,QAAAC,CAAQ,EAAID,EAEpB,GAAIC,IAAY,IAAK,CACnB,GAAI,CAACC,EAAuBF,EAAW,IAAI,EACzC,MAAM,IAAI,MAAM,iCAAiCA,EAAW,IAAI,EAAE,EAGpE,MAAO,CACL,QAAS,IACT,KAAMA,EAAW,KACjB,UAAWG,EACTH,EAAW,KACXA,EAAW,SACb,EACA,UAAWI,EACTJ,EAAW,KACXA,EAAW,SACb,EACA,QAASA,EAAW,OACtB,CACF,CAEA,MAAM,IAAI,MAAM,qCAAqCC,CAAO,EAAE,CAChE","names":["legacy_exports","__export","CURRENT_LEGACY_SERIALIZATION_VERSION","createLegacySignInMessage","deserializeLegacySignInOutput","serializeLegacySignInOutput","verifyLegacySignIn","__toCommonJS","import_ts_sdk","import_sha3","import_ts_sdk","import_sha3","import_ts_sdk","mainnet","verifySignature","params","options","mainnet","createSignInMessage","input","message","fields","resource","DOMAIN","ADDRESS","STATEMENT","URI","VERSION","NONCE","ISSUED_AT","EXPIRATION_TIME","NOT_BEFORE","REQUEST_ID","CHAIN_ID","RESOURCES","FIELDS","MESSAGE","createLegacySignInMessage","input","message","createSignInMessage","verifyLegacySignIn","output","options","embeddedMessage","authKey","originalAddress","mainnet","verifySignature","import_ts_sdk","isValidPublicKeyScheme","scheme","deserializeSignInPublicKey","scheme","value","deserializer","deserializeSignInSignature","CURRENT_LEGACY_SERIALIZATION_VERSION","serializeLegacySignInOutput","output","deserializeLegacySignInOutput","serialized","version","isValidPublicKeyScheme","deserializeSignInSignature","deserializeSignInPublicKey"]}