@mysten/sui/dist/esm/zklogin/publickey.js

Sui TypeScript API(Work in Progress)

var __typeError = (msg) => {
  throw TypeError(msg);
};
var __accessCheck = (obj, member, msg) => member.has(obj) || __typeError("Cannot " + msg);
var __privateGet = (obj, member, getter) => (__accessCheck(obj, member, "read from private field"), getter ? getter.call(obj) : member.get(obj));
var __privateAdd = (obj, member, value) => member.has(obj) ? __typeError("Cannot add the same private member more than once") : member instanceof WeakSet ? member.add(obj) : member.set(obj, value);
var __privateSet = (obj, member, value, setter) => (__accessCheck(obj, member, "write to private field"), setter ? setter.call(obj, value) : member.set(obj, value), value);
var _data, _client;
import { fromB64, toB64 } from "@mysten/bcs";
import { PublicKey } from "../cryptography/publickey.js";
import { SIGNATURE_SCHEME_TO_FLAG } from "../cryptography/signature-scheme.js";
import { SuiGraphQLClient } from "../graphql/client.js";
import { graphql } from "../graphql/schemas/2024.4/index.js";
import { extractClaimValue } from "./jwt-utils.js";
import { parseZkLoginSignature } from "./signature.js";
import { toPaddedBigEndianBytes } from "./utils.js";
const _ZkLoginPublicIdentifier = class _ZkLoginPublicIdentifier extends PublicKey {
  /**
   * Create a new ZkLoginPublicIdentifier object
   * @param value zkLogin public identifier as buffer or base-64 encoded string
   */
  constructor(value, { client } = {}) {
    super();
    __privateAdd(this, _data);
    __privateAdd(this, _client);
    __privateSet(this, _client, client);
    if (typeof value === "string") {
      __privateSet(this, _data, fromB64(value));
    } else if (value instanceof Uint8Array) {
      __privateSet(this, _data, value);
    } else {
      __privateSet(this, _data, Uint8Array.from(value));
    }
  }
  /**
   * Checks if two zkLogin public identifiers are equal
   */
  equals(publicKey) {
    return super.equals(publicKey);
  }
  /**
   * Return the byte array representation of the zkLogin public identifier
   */
  toRawBytes() {
    return __privateGet(this, _data);
  }
  /**
   * Return the Sui address associated with this ZkLogin public identifier
   */
  flag() {
    return SIGNATURE_SCHEME_TO_FLAG["ZkLogin"];
  }
  /**
   * Verifies that the signature is valid for for the provided message
   */
  async verify(_message, _signature) {
    throw Error("does not support");
  }
  /**
   * Verifies that the signature is valid for for the provided PersonalMessage
   */
  verifyPersonalMessage(message, signature) {
    const parsedSignature = parseSerializedZkLoginSignature(signature);
    const address = new _ZkLoginPublicIdentifier(parsedSignature.publicKey).toSuiAddress();
    return graphqlVerifyZkLoginSignature({
      address,
      bytes: toB64(message),
      signature: parsedSignature.serializedSignature,
      intentScope: "PERSONAL_MESSAGE",
      client: __privateGet(this, _client)
    });
  }
  /**
   * Verifies that the signature is valid for for the provided Transaction
   */
  verifyTransaction(transaction, signature) {
    const parsedSignature = parseSerializedZkLoginSignature(signature);
    const address = new _ZkLoginPublicIdentifier(parsedSignature.publicKey).toSuiAddress();
    return graphqlVerifyZkLoginSignature({
      address,
      bytes: toB64(transaction),
      signature: parsedSignature.serializedSignature,
      intentScope: "TRANSACTION_DATA",
      client: __privateGet(this, _client)
    });
  }
};
_data = new WeakMap();
_client = new WeakMap();
let ZkLoginPublicIdentifier = _ZkLoginPublicIdentifier;
function toZkLoginPublicIdentifier(addressSeed, iss, options) {
  const addressSeedBytesBigEndian = toPaddedBigEndianBytes(addressSeed, 32);
  const issBytes = new TextEncoder().encode(iss);
  const tmp = new Uint8Array(1 + issBytes.length + addressSeedBytesBigEndian.length);
  tmp.set([issBytes.length], 0);
  tmp.set(issBytes, 1);
  tmp.set(addressSeedBytesBigEndian, 1 + issBytes.length);
  return new ZkLoginPublicIdentifier(tmp, options);
}
const VerifyZkLoginSignatureQuery = graphql(`
	query Zklogin(
		$bytes: Base64!
		$signature: Base64!
		$intentScope: ZkLoginIntentScope!
		$author: SuiAddress!
	) {
		verifyZkloginSignature(
			bytes: $bytes
			signature: $signature
			intentScope: $intentScope
			author: $author
		) {
			success
			errors
		}
	}
`);
async function graphqlVerifyZkLoginSignature({
  address,
  bytes,
  signature,
  intentScope,
  client = new SuiGraphQLClient({
    url: "https://sui-mainnet.mystenlabs.com/graphql"
  })
}) {
  const resp = await client.query({
    query: VerifyZkLoginSignatureQuery,
    variables: {
      bytes,
      signature,
      intentScope,
      author: address
    }
  });
  return resp.data?.verifyZkloginSignature.success === true && resp.data?.verifyZkloginSignature.errors.length === 0;
}
function parseSerializedZkLoginSignature(signature) {
  const bytes = typeof signature === "string" ? fromB64(signature) : signature;
  if (bytes[0] !== SIGNATURE_SCHEME_TO_FLAG.ZkLogin) {
    throw new Error("Invalid signature scheme");
  }
  const signatureBytes = bytes.slice(1);
  const { inputs, maxEpoch, userSignature } = parseZkLoginSignature(signatureBytes);
  const { issBase64Details, addressSeed } = inputs;
  const iss = extractClaimValue(issBase64Details, "iss");
  const publicIdentifer = toZkLoginPublicIdentifier(BigInt(addressSeed), iss);
  return {
    serializedSignature: toB64(bytes),
    signatureScheme: "ZkLogin",
    zkLogin: {
      inputs,
      maxEpoch,
      userSignature,
      iss,
      addressSeed: BigInt(addressSeed)
    },
    signature: bytes,
    publicKey: publicIdentifer.toRawBytes()
  };
}
export {
  ZkLoginPublicIdentifier,
  parseSerializedZkLoginSignature,
  toZkLoginPublicIdentifier
};
//# sourceMappingURL=publickey.js.map