UNPKG

digiid-ts

Version:

A modern TypeScript implementation of the DigiID authentication protocol.

pzelawski.com

pawelzelawski/digiid-ts

3 lines 41.3 kB
1
2
3
(function(e,t){typeof exports==`object`&&typeof module<`u`?t(exports,require("crypto")):typeof define==`function`&&define.amd?define([`exports`,`crypto`],t):(e=typeof globalThis<`u`?globalThis:e||self,t(e.DigiIDTs={},e.crypto))})(this,function(e,t){Object.defineProperty(e,Symbol.toStringTag,{value:`Module`});var n=class extends Error{constructor(e){super(e),this.name=`DigiIDError`}};function r(e){return e instanceof Uint8Array||ArrayBuffer.isView(e)&&e.constructor.name===`Uint8Array`&&`BYTES_PER_ELEMENT`in e&&e.BYTES_PER_ELEMENT===1}function i(e,t=``){if(typeof e!=`number`){let n=t&&`"${t}" `;throw TypeError(`${n}expected number, got ${typeof e}`)}if(!Number.isSafeInteger(e)||e<0){let n=t&&`"${t}" `;throw RangeError(`${n}expected integer >= 0, got ${e}`)}}function a(e,t,n=``){let i=r(e),a=e?.length,o=t!==void 0;if(!i||o&&a!==t){let r=n&&`"${n}" `,s=o?` of length ${t}`:``,c=i?`length=${a}`:`type=${typeof e}`,l=r+`expected Uint8Array`+s+`, got `+c;throw i?RangeError(l):TypeError(l)}return e}function o(e){if(typeof e!=`function`||typeof e.create!=`function`)throw TypeError(`Hash must wrapped by utils.createHasher`);if(i(e.outputLen),i(e.blockLen),e.outputLen<1)throw Error(`"outputLen" must be >= 1`);if(e.blockLen<1)throw Error(`"blockLen" must be >= 1`)}function s(e,t=!0){if(e.destroyed)throw Error(`Hash instance has been destroyed`);if(t&&e.finished)throw Error(`Hash#digest() has already been called`)}function c(e,t){a(e,void 0,`digestInto() output`);let n=t.outputLen;if(e.length<n)throw RangeError(`"digestInto() output" expected to be of length >=`+n)}function l(...e){for(let t=0;t<e.length;t++)e[t].fill(0)}function u(e){return new DataView(e.buffer,e.byteOffset,e.byteLength)}function d(e,t){return e<<32-t|e>>>t}function f(e,t){return e<<t|e>>>32-t>>>0}var p=typeof Uint8Array.from([]).toHex==`function`&&typeof Uint8Array.fromHex==`function`,m=Array.from({length:256},(e,t)=>t.toString(16).padStart(2,`0`));function h(e){if(a(e),p)return e.toHex();let t=``;for(let n=0;n<e.length;n++)t+=m[e[n]];return t}var g={_0:48,_9:57,A:65,F:70,a:97,f:102};function _(e){if(e>=g._0&&e<=g._9)return e-g._0;if(e>=g.A&&e<=g.F)return e-(g.A-10);if(e>=g.a&&e<=g.f)return e-(g.a-10)}function v(e){if(typeof e!=`string`)throw TypeError(`hex string expected, got `+typeof e);if(p)try{return Uint8Array.fromHex(e)}catch(e){throw e instanceof SyntaxError?RangeError(e.message):e}let t=e.length,n=t/2;if(t%2)throw RangeError(`hex string expected, got unpadded hex of length `+t);let r=new Uint8Array(n);for(let t=0,i=0;t<n;t++,i+=2){let n=_(e.charCodeAt(i)),a=_(e.charCodeAt(i+1));if(n===void 0||a===void 0){let t=e[i]+e[i+1];throw RangeError(`hex string expected, got non-hex character "`+t+`" at index `+i)}r[t]=n*16+a}return r}function y(...e){let t=0;for(let n=0;n<e.length;n++){let r=e[n];a(r),t+=r.length}let n=new Uint8Array(t);for(let t=0,r=0;t<e.length;t++){let i=e[t];n.set(i,r),r+=i.length}return n}function b(e,t={}){let n=(t,n)=>e(n).update(t).digest(),r=e(void 0);return n.outputLen=r.outputLen,n.blockLen=r.blockLen,n.canXOF=r.canXOF,n.create=t=>e(t),Object.assign(n,t),Object.freeze(n)}function x(e=32){i(e,`bytesLength`);let t=typeof globalThis==`object`?globalThis.crypto:null;if(typeof t?.getRandomValues!=`function`)throw Error(`crypto.getRandomValues must be defined`);if(e>65536)throw RangeError(`"bytesLength" expected <= 65536, got ${e}`);return t.getRandomValues(new Uint8Array(e))}var S=e=>({oid:Uint8Array.from([6,9,96,134,72,1,101,3,4,2,e])});function C(e,t,n){return e&t^~e&n}function w(e,t,n){return e&t^e&n^t&n}var T=class{blockLen;outputLen;canXOF=!1;padOffset;isLE;buffer;view;finished=!1;length=0;pos=0;destroyed=!1;constructor(e,t,n,r){this.blockLen=e,this.outputLen=t,this.padOffset=n,this.isLE=r,this.buffer=new Uint8Array(e),this.view=u(this.buffer)}update(e){s(this),a(e);let{view:t,buffer:n,blockLen:r}=this,i=e.length;for(let a=0;a<i;){let o=Math.min(r-this.pos,i-a);if(o===r){let t=u(e);for(;r<=i-a;a+=r)this.process(t,a);continue}n.set(e.subarray(a,a+o),this.pos),this.pos+=o,a+=o,this.pos===r&&(this.process(t,0),this.pos=0)}return this.length+=e.length,this.roundClean(),this}digestInto(e){s(this),c(e,this),this.finished=!0;let{buffer:t,view:n,blockLen:r,isLE:i}=this,{pos:a}=this;t[a++]=128,l(this.buffer.subarray(a)),this.padOffset>r-a&&(this.process(n,0),a=0);for(let e=a;e<r;e++)t[e]=0;n.setBigUint64(r-8,BigInt(this.length*8),i),this.process(n,0);let o=u(e),d=this.outputLen;if(d%4)throw Error(`_sha2: outputLen must be aligned to 32bit`);let f=d/4,p=this.get();if(f>p.length)throw Error(`_sha2: outputLen bigger than state`);for(let e=0;e<f;e++)o.setUint32(4*e,p[e],i)}digest(){let{buffer:e,outputLen:t}=this;this.digestInto(e);let n=e.slice(0,t);return this.destroy(),n}_cloneInto(e){e||=new this.constructor,e.set(...this.get());let{blockLen:t,buffer:n,length:r,finished:i,destroyed:a,pos:o}=this;return e.destroyed=a,e.finished=i,e.length=r,e.pos=o,r%t&&e.buffer.set(n),e}clone(){return this._cloneInto()}},E=Uint32Array.from([1779033703,3144134277,1013904242,2773480762,1359893119,2600822924,528734635,1541459225]),D=Uint32Array.from([1116352408,1899447441,3049323471,3921009573,961987163,1508970993,2453635748,2870763221,3624381080,310598401,607225278,1426881987,1925078388,2162078206,2614888103,3248222580,3835390401,4022224774,264347078,604807628,770255983,1249150122,1555081692,1996064986,2554220882,2821834349,2952996808,3210313671,3336571891,3584528711,113926993,338241895,666307205,773529912,1294757372,1396182291,1695183700,1986661051,2177026350,2456956037,2730485921,2820302411,3259730800,3345764771,3516065817,3600352804,4094571909,275423344,430227734,506948616,659060556,883997877,958139571,1322822218,1537002063,1747873779,1955562222,2024104815,2227730452,2361852424,2428436474,2756734187,3204031479,3329325298]),O=new Uint32Array(64),ee=class extends T{constructor(e){super(64,e,8,!1)}get(){let{A:e,B:t,C:n,D:r,E:i,F:a,G:o,H:s}=this;return[e,t,n,r,i,a,o,s]}set(e,t,n,r,i,a,o,s){this.A=e|0,this.B=t|0,this.C=n|0,this.D=r|0,this.E=i|0,this.F=a|0,this.G=o|0,this.H=s|0}process(e,t){for(let n=0;n<16;n++,t+=4)O[n]=e.getUint32(t,!1);for(let e=16;e<64;e++){let t=O[e-15],n=O[e-2],r=d(t,7)^d(t,18)^t>>>3;O[e]=(d(n,17)^d(n,19)^n>>>10)+O[e-7]+r+O[e-16]|0}let{A:n,B:r,C:i,D:a,E:o,F:s,G:c,H:l}=this;for(let e=0;e<64;e++){let t=d(o,6)^d(o,11)^d(o,25),u=l+t+C(o,s,c)+D[e]+O[e]|0,f=(d(n,2)^d(n,13)^d(n,22))+w(n,r,i)|0;l=c,c=s,s=o,o=a+u|0,a=i,i=r,r=n,n=u+f|0}n=n+this.A|0,r=r+this.B|0,i=i+this.C|0,a=a+this.D|0,o=o+this.E|0,s=s+this.F|0,c=c+this.G|0,l=l+this.H|0,this.set(n,r,i,a,o,s,c,l)}roundClean(){l(O)}destroy(){this.destroyed=!0,this.set(0,0,0,0,0,0,0,0),l(this.buffer)}},te=class extends ee{A=E[0]|0;B=E[1]|0;C=E[2]|0;D=E[3]|0;E=E[4]|0;F=E[5]|0;G=E[6]|0;H=E[7]|0;constructor(){super(32)}},k=b(()=>new te,S(1)),A=(e,t,n)=>a(e,t,n),ne=i,re=h,j=(...e)=>y(...e),M=e=>v(e),ie=r,ae=e=>x(e),N=BigInt(0),P=BigInt(1);function F(e,t=``){if(typeof e!=`boolean`){let n=t&&`"${t}" `;throw TypeError(n+`expected boolean, got type=`+typeof e)}return e}function oe(e){if(typeof e==`bigint`){if(!R(e))throw RangeError(`positive bigint expected, got `+e)}else ne(e);return e}function se(e,t=``){if(typeof e!=`number`){let n=t&&`"${t}" `;throw TypeError(n+`expected number, got type=`+typeof e)}if(!Number.isSafeInteger(e)){let n=t&&`"${t}" `;throw RangeError(n+`expected safe integer, got `+e)}}function I(e){let t=oe(e).toString(16);return t.length&1?`0`+t:t}function ce(e){if(typeof e!=`string`)throw TypeError(`hex string expected, got `+typeof e);return e===``?N:BigInt(`0x`+e)}function L(e){return ce(h(e))}function le(e){return ce(h(fe(a(e)).reverse()))}function ue(e,t){if(i(t),t===0)throw RangeError(`zero length`);e=oe(e);let n=e.toString(16);if(n.length>t*2)throw RangeError(`number too large`);return v(n.padStart(t*2,`0`))}function de(e,t){return ue(e,t).reverse()}function fe(e){return Uint8Array.from(A(e))}var R=e=>typeof e==`bigint`&&N<=e;function pe(e,t,n){return R(e)&&R(t)&&R(n)&&t<=e&&e<n}function me(e,t,n,r){if(!pe(t,n,r))throw RangeError(`expected valid `+e+`: `+n+` <= n < `+r+`, got `+t)}function he(e){if(e<N)throw Error(`expected non-negative bigint, got `+e);let t;for(t=0;e>N;e>>=P,t+=1);return t}var ge=e=>(P<<BigInt(e))-P;function _e(e,t,n){if(i(e,`hashLen`),i(t,`qByteLen`),typeof n!=`function`)throw TypeError(`hmacFn must be a function`);let r=e=>new Uint8Array(e),a=Uint8Array.of(),o=Uint8Array.of(0),s=Uint8Array.of(1),c=r(e),l=r(e),u=0,d=()=>{c.fill(1),l.fill(0),u=0},f=(...e)=>n(l,j(c,...e)),p=(e=a)=>{l=f(o,e),c=f(),e.length!==0&&(l=f(s,e),c=f())},m=()=>{if(u++>=1e3)throw Error(`drbg: tried max amount of iterations`);let e=0,n=[];for(;e<t;){c=f();let t=c.slice();n.push(t),e+=c.length}return j(...n)};return(e,t)=>{d(),p(e);let n;for(;(n=t(m()))===void 0;)p();return d(),n}}function z(e,t={},n={}){if(Object.prototype.toString.call(e)!==`[object Object]`)throw TypeError(`expected valid options object`);function r(t,n,r){if(!r&&n!==`function`&&!Object.hasOwn(e,t))throw TypeError(`param "${t}" is invalid: expected own property`);let i=e[t];if(r&&i===void 0)return;let a=typeof i;if(a!==n||i===null)throw TypeError(`param "${t}" is invalid: expected ${n}, got ${a}`)}let i=(e,t)=>Object.entries(e).forEach(([e,n])=>r(e,n,t));i(t,!1),i(n,!0)}var B=BigInt(0),V=BigInt(1),H=BigInt(2),ve=BigInt(3),ye=BigInt(4),be=BigInt(5),xe=BigInt(7),Se=BigInt(8),Ce=BigInt(9),we=BigInt(16);function U(e,t){if(t<=B)throw Error(`mod: expected positive modulus, got `+t);let n=e%t;return n>=B?n:t+n}function W(e,t,n){if(t<B)throw Error(`pow2: expected non-negative exponent, got `+t);let r=e;for(;t-- >B;)r*=r,r%=n;return r}function Te(e,t){if(e===B)throw Error(`invert: expected non-zero number`);if(t<=B)throw Error(`invert: expected positive modulus, got `+t);let n=U(e,t),r=t,i=B,a=V,o=V,s=B;for(;n!==B;){let e=r/n,t=r-n*e,c=i-o*e,l=a-s*e;r=n,n=t,i=o,a=s,o=c,s=l}if(r!==V)throw Error(`invert: does not exist`);return U(i,t)}function Ee(e,t,n){let r=e;if(!r.eql(r.sqr(t),n))throw Error(`Cannot find square root`)}function De(e,t){let n=e,r=(n.ORDER+V)/ye,i=n.pow(t,r);return Ee(n,i,t),i}function Oe(e,t){let n=e,r=(n.ORDER-be)/Se,i=n.mul(t,H),a=n.pow(i,r),o=n.mul(t,a),s=n.mul(n.mul(o,H),a),c=n.mul(o,n.sub(s,n.ONE));return Ee(n,c,t),c}function ke(e){let t=G(e),n=Ae(e),r=n(t,t.neg(t.ONE)),i=n(t,r),a=n(t,t.neg(r)),o=(e+xe)/we;return((e,t)=>{let n=e,s=n.pow(t,o),c=n.mul(s,r),l=n.mul(s,i),u=n.mul(s,a),d=n.eql(n.sqr(c),t),f=n.eql(n.sqr(l),t);s=n.cmov(s,c,d),c=n.cmov(u,l,f);let p=n.eql(n.sqr(c),t),m=n.cmov(s,c,p);return Ee(n,m,t),m})}function Ae(e){if(e<ve)throw Error(`sqrt is not defined for small field`);let t=e-V,n=0;for(;t%H===B;)t/=H,n++;let r=H,i=G(e);for(;Ie(i,r)===1;)if(r++>1e3)throw Error(`Cannot find square root: probably non-prime P`);if(n===1)return De;let a=i.pow(r,t),o=(t+V)/H;return function(e,r){let i=e;if(i.is0(r))return r;if(Ie(i,r)!==1)throw Error(`Cannot find square root`);let s=n,c=i.mul(i.ONE,a),l=i.pow(r,t),u=i.pow(r,o);for(;!i.eql(l,i.ONE);){if(i.is0(l))return i.ZERO;let e=1,t=i.sqr(l);for(;!i.eql(t,i.ONE);)if(e++,t=i.sqr(t),e===s)throw Error(`Cannot find square root`);let n=V<<BigInt(s-e-1),r=i.pow(c,n);s=e,c=i.sqr(r),l=i.mul(l,c),u=i.mul(u,r)}return u}}function je(e){return e%ye===ve?De:e%Se===be?Oe:e%we===Ce?ke(e):Ae(e)}var Me=[`create`,`isValid`,`is0`,`neg`,`inv`,`sqrt`,`sqr`,`eql`,`add`,`sub`,`mul`,`pow`,`div`,`addN`,`subN`,`mulN`,`sqrN`];function Ne(e){if(z(e,Me.reduce((e,t)=>(e[t]=`function`,e),{ORDER:`bigint`,BYTES:`number`,BITS:`number`})),se(e.BYTES,`BYTES`),se(e.BITS,`BITS`),e.BYTES<1||e.BITS<1)throw Error(`invalid field: expected BYTES/BITS > 0`);if(e.ORDER<=V)throw Error(`invalid field: expected ORDER > 1, got `+e.ORDER);return e}function Pe(e,t,n){let r=e;if(n<B)throw Error(`invalid exponent, negatives unsupported`);if(n===B)return r.ONE;if(n===V)return t;let i=r.ONE,a=t;for(;n>B;)n&V&&(i=r.mul(i,a)),a=r.sqr(a),n>>=V;return i}function Fe(e,t,n=!1){let r=e,i=Array(t.length).fill(n?r.ZERO:void 0),a=t.reduce((e,t,n)=>r.is0(t)?e:(i[n]=e,r.mul(e,t)),r.ONE),o=r.inv(a);return t.reduceRight((e,t,n)=>r.is0(t)?e:(i[n]=r.mul(e,i[n]),r.mul(e,t)),o),i}function Ie(e,t){let n=e,r=(n.ORDER-V)/H,i=n.pow(t,r),a=n.eql(i,n.ONE),o=n.eql(i,n.ZERO),s=n.eql(i,n.neg(n.ONE));if(!a&&!o&&!s)throw Error(`invalid Legendre symbol result`);return a?1:o?0:-1}function Le(e,t){if(t!==void 0&&ne(t),e<=B)throw Error(`invalid n length: expected positive n, got `+e);if(t!==void 0&&t<1)throw Error(`invalid n length: expected positive bit length, got `+t);let n=he(e);if(t!==void 0&&t<n)throw Error(`invalid n length: expected bit length (${n}) >= n.length (${t})`);let r=t===void 0?n:t;return{nBitLength:r,nByteLength:Math.ceil(r/8)}}var Re=new WeakMap,ze=class{ORDER;BITS;BYTES;isLE;ZERO=B;ONE=V;_lengths;_mod;constructor(e,t={}){if(e<=V)throw Error(`invalid field: expected ORDER > 1, got `+e);let n;this.isLE=!1,typeof t==`object`&&t&&(typeof t.BITS==`number`&&(n=t.BITS),typeof t.sqrt==`function`&&Object.defineProperty(this,"sqrt",{value:t.sqrt,enumerable:!0}),typeof t.isLE==`boolean`&&(this.isLE=t.isLE),t.allowedLengths&&(this._lengths=Object.freeze(t.allowedLengths.slice())),typeof t.modFromBytes==`boolean`&&(this._mod=t.modFromBytes));let{nBitLength:r,nByteLength:i}=Le(e,n);if(i>2048)throw Error(`invalid field: expected ORDER of <= 2048 bytes`);this.ORDER=e,this.BITS=r,this.BYTES=i,Object.freeze(this)}create(e){return U(e,this.ORDER)}isValid(e){if(typeof e!=`bigint`)throw TypeError(`invalid field element: expected bigint, got `+typeof e);return B<=e&&e<this.ORDER}is0(e){return e===B}isValidNot0(e){return!this.is0(e)&&this.isValid(e)}isOdd(e){return(e&V)===V}neg(e){return U(-e,this.ORDER)}eql(e,t){return e===t}sqr(e){return U(e*e,this.ORDER)}add(e,t){return U(e+t,this.ORDER)}sub(e,t){return U(e-t,this.ORDER)}mul(e,t){return U(e*t,this.ORDER)}pow(e,t){return Pe(this,e,t)}div(e,t){return U(e*Te(t,this.ORDER),this.ORDER)}sqrN(e){return e*e}addN(e,t){return e+t}subN(e,t){return e-t}mulN(e,t){return e*t}inv(e){return Te(e,this.ORDER)}sqrt(e){let t=Re.get(this);return t||Re.set(this,t=je(this.ORDER)),t(this,e)}toBytes(e){return this.isLE?de(e,this.BYTES):ue(e,this.BYTES)}fromBytes(e,t=!1){A(e);let{_lengths:n,BYTES:r,isLE:i,ORDER:a,_mod:o}=this;if(n){if(e.length<1||!n.includes(e.length)||e.length>r)throw Error(`Field.fromBytes: expected `+n+` bytes, got `+e.length);let t=new Uint8Array(r);t.set(e,i?0:t.length-e.length),e=t}if(e.length!==r)throw Error(`Field.fromBytes: expected `+r+` bytes, got `+e.length);let s=i?le(e):L(e);if(o&&(s=U(s,a)),!t&&!this.isValid(s))throw Error(`invalid field element: outside of range 0..ORDER`);return s}invertBatch(e){return Fe(this,e)}cmov(e,t,n){return F(n,`condition`),n?t:e}};Object.freeze(ze.prototype);function G(e,t={}){return new ze(e,t)}function Be(e){if(typeof e!=`bigint`)throw Error(`field order must be bigint`);if(e<=V)throw Error(`field order must be greater than 1`);let t=he(e-V);return Math.ceil(t/8)}function Ve(e){let t=Be(e);return t+Math.ceil(t/2)}function He(e,t,n=!1){A(e);let r=e.length,i=Be(t),a=Math.max(Ve(t),16);if(r<a||r>1024)throw Error(`expected `+a+`-1024 bytes of input, got `+r);let o=U(n?le(e):L(e),t-V)+V;return n?de(o,i):ue(o,i)}var K=BigInt(0),q=BigInt(1);function J(e,t){let n=t.negate();return e?n:t}function Ue(e,t){let n=Fe(e.Fp,t.map(e=>e.Z));return t.map((t,r)=>e.fromAffine(t.toAffine(n[r])))}function We(e,t){if(!Number.isSafeInteger(e)||e<=0||e>t)throw Error(`invalid window size, expected [1..`+t+`], got W=`+e)}function Ge(e,t){We(e,t);let n=Math.ceil(t/e)+1,r=2**(e-1),i=2**e;return{windows:n,windowSize:r,mask:ge(e),maxNumber:i,shiftBy:BigInt(e)}}function Ke(e,t,n){let{windowSize:r,mask:i,maxNumber:a,shiftBy:o}=n,s=Number(e&i),c=e>>o;s>r&&(s-=a,c+=q);let l=t*r,u=l+Math.abs(s)-1,d=s===0,f=s<0,p=t%2!=0;return{nextN:c,offset:u,isZero:d,isNeg:f,isNegF:p,offsetF:l}}var qe=new WeakMap,Je=new WeakMap;function Ye(e){return Je.get(e)||1}function Xe(e){if(e!==K)throw Error(`invalid wNAF`)}var Ze=class{BASE;ZERO;Fn;bits;constructor(e,t){this.BASE=e.BASE,this.ZERO=e.ZERO,this.Fn=e.Fn,this.bits=t}_unsafeLadder(e,t,n=this.ZERO){let r=e;for(;t>K;)t&q&&(n=n.add(r)),r=r.double(),t>>=q;return n}precomputeWindow(e,t){let{windows:n,windowSize:r}=Ge(t,this.bits),i=[],a=e,o=a;for(let e=0;e<n;e++){o=a,i.push(o);for(let e=1;e<r;e++)o=o.add(a),i.push(o);a=o.double()}return i}wNAF(e,t,n){if(!this.Fn.isValid(n))throw Error(`invalid scalar`);let r=this.ZERO,i=this.BASE,a=Ge(e,this.bits);for(let e=0;e<a.windows;e++){let{nextN:o,offset:s,isZero:c,isNeg:l,isNegF:u,offsetF:d}=Ke(n,e,a);n=o,c?i=i.add(J(u,t[d])):r=r.add(J(l,t[s]))}return Xe(n),{p:r,f:i}}wNAFUnsafe(e,t,n,r=this.ZERO){let i=Ge(e,this.bits);for(let e=0;e<i.windows&&n!==K;e++){let{nextN:a,offset:o,isZero:s,isNeg:c}=Ke(n,e,i);if(n=a,!s){let e=t[o];r=r.add(c?e.negate():e)}}return Xe(n),r}getPrecomputes(e,t,n){let r=qe.get(t);return r||(r=this.precomputeWindow(t,e),e!==1&&(typeof n==`function`&&(r=n(r)),qe.set(t,r))),r}cached(e,t,n){let r=Ye(e);return this.wNAF(r,this.getPrecomputes(r,e,n),t)}unsafe(e,t,n,r){let i=Ye(e);return i===1?this._unsafeLadder(e,t,r):this.wNAFUnsafe(i,this.getPrecomputes(i,e,n),t,r)}createCache(e,t){We(t,this.bits),Je.set(e,t),qe.delete(e)}hasCache(e){return Ye(e)!==1}};function Qe(e,t,n,r){let i=t,a=e.ZERO,o=e.ZERO;for(;n>K||r>K;)n&q&&(a=a.add(i)),r&q&&(o=o.add(i)),i=i.double(),n>>=q,r>>=q;return{p1:a,p2:o}}function $e(e,t,n){if(t){if(t.ORDER!==e)throw Error(`Field.ORDER must match order: Fp == p, Fn == n`);return Ne(t),t}else return G(e,{isLE:n})}function et(e,t,n={},r){if(r===void 0&&(r=e===`edwards`),!t||typeof t!=`object`)throw Error(`expected valid ${e} CURVE object`);for(let e of[`p`,`n`,`h`]){let n=t[e];if(!(typeof n==`bigint`&&n>K))throw Error(`CURVE.${e} must be positive bigint`)}let i=$e(t.p,n.Fp,r),a=$e(t.n,n.Fn,r),o=[`Gx`,`Gy`,`a`,e===`weierstrass`?`b`:`d`];for(let e of o)if(!i.isValid(t[e]))throw Error(`CURVE.${e} must be valid field element of CURVE.Fp`);return t=Object.freeze(Object.assign({},t)),{CURVE:t,Fp:i,Fn:a}}function tt(e,t){return function(n){let r=e(n);return{secretKey:r,publicKey:t(r)}}}var nt=class{oHash;iHash;blockLen;outputLen;canXOF=!1;finished=!1;destroyed=!1;constructor(e,t){if(o(e),a(t,void 0,`key`),this.iHash=e.create(),typeof this.iHash.update!=`function`)throw Error(`Expected instance of class which extends utils.Hash`);this.blockLen=this.iHash.blockLen,this.outputLen=this.iHash.outputLen;let n=this.blockLen,r=new Uint8Array(n);r.set(t.length>n?e.create().update(t).digest():t);for(let e=0;e<r.length;e++)r[e]^=54;this.iHash.update(r),this.oHash=e.create();for(let e=0;e<r.length;e++)r[e]^=106;this.oHash.update(r),l(r)}update(e){return s(this),this.iHash.update(e),this}digestInto(e){s(this),c(e,this),this.finished=!0;let t=e.subarray(0,this.outputLen);this.iHash.digestInto(t),this.oHash.update(t),this.oHash.digestInto(t),this.destroy()}digest(){let e=new Uint8Array(this.oHash.outputLen);return this.digestInto(e),e}_cloneInto(e){e||=Object.create(Object.getPrototypeOf(this),{});let{oHash:t,iHash:n,finished:r,destroyed:i,blockLen:a,outputLen:o}=this;return e=e,e.finished=r,e.destroyed=i,e.blockLen=a,e.outputLen=o,e.oHash=t._cloneInto(e.oHash),e.iHash=n._cloneInto(e.iHash),e}clone(){return this._cloneInto()}destroy(){this.destroyed=!0,this.oHash.destroy(),this.iHash.destroy()}},rt=(()=>{let e=((e,t,n)=>new nt(e,t).update(n).digest());return e.create=(e,t)=>new nt(e,t),e})(),it=(e,t)=>(e+(e>=0?t:-t)/ct)/t;function at(e,t,n){me(`scalar`,e,X,n);let[[r,i],[a,o]]=t,s=it(o*e,n),c=it(-i*e,n),l=e-s*r-c*a,u=-s*i-c*o,d=l<X,f=u<X;d&&(l=-l),f&&(u=-u);let p=ge(Math.ceil(he(n)/2))+Z;if(l<X||l>=p||u<X||u>=p)throw Error(`splitScalar (endomorphism): failed for k`);return{k1neg:d,k1:l,k2neg:f,k2:u}}function ot(e){if(![`compact`,`recovered`,`der`].includes(e))throw Error(`Signature format must be "compact", "recovered", or "der"`);return e}function st(e,t){z(e);let n={};for(let r of Object.keys(t))n[r]=e[r]===void 0?t[r]:e[r];return F(n.lowS,`lowS`),F(n.prehash,`prehash`),n.format!==void 0&&ot(n.format),n}var Y={Err:class extends Error{constructor(e=``){super(e)}},_tlv:{encode:(e,t)=>{let{Err:n}=Y;if(se(e,`tag`),e<0||e>255)throw new n(`tlv.encode: wrong tag`);if(typeof t!=`string`)throw TypeError(`"data" expected string, got type=`+typeof t);if(t.length&1)throw new n(`tlv.encode: unpadded data`);let r=t.length/2,i=I(r);if(i.length/2&128)throw new n(`tlv.encode: long form length too big`);let a=r>127?I(i.length/2|128):``;return I(e)+a+i+t},decode(e,t){let{Err:n}=Y;t=A(t,void 0,`DER data`);let r=0;if(e<0||e>255)throw new n(`tlv.encode: wrong tag`);if(t.length<2||t[r++]!==e)throw new n(`tlv.decode: wrong tlv`);let i=t[r++],a=!!(i&128),o=0;if(!a)o=i;else{let e=i&127;if(!e)throw new n(`tlv.decode(long): indefinite length not supported`);if(e>4)throw new n(`tlv.decode(long): byte length is too big`);let a=t.subarray(r,r+e);if(a.length!==e)throw new n(`tlv.decode: length bytes not complete`);if(a[0]===0)throw new n(`tlv.decode(long): zero leftmost byte`);for(let e of a)o=o<<8|e;if(r+=e,o<128)throw new n(`tlv.decode(long): not minimal encoding`)}let s=t.subarray(r,r+o);if(s.length!==o)throw new n(`tlv.decode: wrong value length`);return{v:s,l:t.subarray(r+o)}}},_int:{encode(e){let{Err:t}=Y;if(oe(e),e<X)throw new t(`integer: negative integers are not allowed`);let n=I(e);if(Number.parseInt(n[0],16)&8&&(n=`00`+n),n.length&1)throw new t(`unexpected DER parsing assertion: unpadded hex`);return n},decode(e){let{Err:t}=Y;if(e.length<1)throw new t(`invalid signature integer: empty`);if(e[0]&128)throw new t(`invalid signature integer: negative`);if(e.length>1&&e[0]===0&&!(e[1]&128))throw new t(`invalid signature integer: unnecessary leading zero`);return L(e)}},toSig(e){let{Err:t,_int:n,_tlv:r}=Y,i=A(e,void 0,`signature`),{v:a,l:o}=r.decode(48,i);if(o.length)throw new t(`invalid signature: left bytes after parsing`);let{v:s,l:c}=r.decode(2,a),{v:l,l:u}=r.decode(2,c);if(u.length)throw new t(`invalid signature: left bytes after parsing`);return{r:n.decode(s),s:n.decode(l)}},hexFromSig(e){let{_tlv:t,_int:n}=Y,r=t.encode(2,n.encode(e.r))+t.encode(2,n.encode(e.s));return t.encode(48,r)}};Object.freeze(Y._tlv),Object.freeze(Y._int),Object.freeze(Y);var X=BigInt(0),Z=BigInt(1),ct=BigInt(2),Q=BigInt(3),lt=BigInt(4);function ut(e,t={}){let n=et(`weierstrass`,e,t),r=n.Fp,i=n.Fn,a=n.CURVE,{h:o,n:s}=a;z(t,{},{allowInfinityPoint:`boolean`,clearCofactor:`function`,isTorsionFree:`function`,fromBytes:`function`,toBytes:`function`,endo:`object`});let{endo:c,allowInfinityPoint:l}=t;if(c&&(!r.is0(a.a)||typeof c.beta!=`bigint`||!Array.isArray(c.basises)))throw Error(`invalid endo: expected "beta": bigint and "basises": array`);let u=ft(r,i);function d(){if(!r.isOdd)throw Error(`compression is not supported: Field does not have .isOdd()`)}function f(e,t,n){if(l&&t.is0())return Uint8Array.of(0);let{x:i,y:a}=t.toAffine(),o=r.toBytes(i);return F(n,`isCompressed`),n?(d(),j(dt(!r.isOdd(a)),o)):j(Uint8Array.of(4),o,r.toBytes(a))}function p(e){A(e,void 0,`Point`);let{publicKey:t,publicKeyUncompressed:n}=u,i=e.length,a=e[0],o=e.subarray(1);if(l&&i===1&&a===0)return{x:r.ZERO,y:r.ZERO};if(i===t&&(a===2||a===3)){let e=r.fromBytes(o);if(!r.isValid(e))throw Error(`bad point: is not on curve, wrong x`);let t=g(e),n;try{n=r.sqrt(t)}catch(e){let t=e instanceof Error?`: `+e.message:``;throw Error(`bad point: is not on curve, sqrt error`+t)}d();let i=r.isOdd(n);return(a&1)==1!==i&&(n=r.neg(n)),{x:e,y:n}}else if(i===n&&a===4){let e=r.BYTES,t=r.fromBytes(o.subarray(0,e)),n=r.fromBytes(o.subarray(e,e*2));if(!_(t,n))throw Error(`bad point: is not on curve`);return{x:t,y:n}}else throw Error(`bad point: got length ${i}, expected compressed=${t} or uncompressed=${n}`)}let m=t.toBytes===void 0?f:t.toBytes,h=t.fromBytes===void 0?p:t.fromBytes;function g(e){let t=r.sqr(e),n=r.mul(t,e);return r.add(r.add(n,r.mul(e,a.a)),a.b)}function _(e,t){let n=r.sqr(t),i=g(e);return r.eql(n,i)}if(!_(a.Gx,a.Gy))throw Error(`bad curve params: generator point`);let v=r.mul(r.pow(a.a,Q),lt),y=r.mul(r.sqr(a.b),BigInt(27));if(r.is0(r.add(v,y)))throw Error(`bad curve params: a or b`);function b(e,t,n=!1){if(!r.isValid(t)||n&&r.is0(t))throw Error(`bad point coordinate ${e}`);return t}function x(e){if(!(e instanceof w))throw Error(`Weierstrass Point expected`)}function S(e){if(!c||!c.basises)throw Error(`no endo`);return at(e,c.basises,i.ORDER)}function C(e,t,n,i,a){return n=new w(r.mul(n.X,e),n.Y,n.Z),t=J(i,t),n=J(a,n),t.add(n)}class w{static BASE=new w(a.Gx,a.Gy,r.ONE);static ZERO=new w(r.ZERO,r.ONE,r.ZERO);static Fp=r;static Fn=i;X;Y;Z;constructor(e,t,n){this.X=b(`x`,e),this.Y=b(`y`,t,!0),this.Z=b(`z`,n),Object.freeze(this)}static CURVE(){return a}static fromAffine(e){let{x:t,y:n}=e||{};if(!e||!r.isValid(t)||!r.isValid(n))throw Error(`invalid affine point`);if(e instanceof w)throw Error(`projective point not allowed`);return r.is0(t)&&r.is0(n)?w.ZERO:new w(t,n,r.ONE)}static fromBytes(e){let t=w.fromAffine(h(A(e,void 0,`point`)));return t.assertValidity(),t}static fromHex(e){return w.fromBytes(M(e))}get x(){return this.toAffine().x}get y(){return this.toAffine().y}precompute(e=8,t=!0){return E.createCache(this,e),t||this.multiply(Q),this}assertValidity(){let e=this;if(e.is0()){if(t.allowInfinityPoint&&r.is0(e.X)&&r.eql(e.Y,r.ONE)&&r.is0(e.Z))return;throw Error(`bad point: ZERO`)}let{x:n,y:i}=e.toAffine();if(!r.isValid(n)||!r.isValid(i))throw Error(`bad point: x or y not field elements`);if(!_(n,i))throw Error(`bad point: equation left != right`);if(!e.isTorsionFree())throw Error(`bad point: not in prime-order subgroup`)}hasEvenY(){let{y:e}=this.toAffine();if(!r.isOdd)throw Error(`Field doesn't support isOdd`);return!r.isOdd(e)}equals(e){x(e);let{X:t,Y:n,Z:i}=this,{X:a,Y:o,Z:s}=e,c=r.eql(r.mul(t,s),r.mul(a,i)),l=r.eql(r.mul(n,s),r.mul(o,i));return c&&l}negate(){return new w(this.X,r.neg(this.Y),this.Z)}double(){let{a:e,b:t}=a,n=r.mul(t,Q),{X:i,Y:o,Z:s}=this,c=r.ZERO,l=r.ZERO,u=r.ZERO,d=r.mul(i,i),f=r.mul(o,o),p=r.mul(s,s),m=r.mul(i,o);return m=r.add(m,m),u=r.mul(i,s),u=r.add(u,u),c=r.mul(e,u),l=r.mul(n,p),l=r.add(c,l),c=r.sub(f,l),l=r.add(f,l),l=r.mul(c,l),c=r.mul(m,c),u=r.mul(n,u),p=r.mul(e,p),m=r.sub(d,p),m=r.mul(e,m),m=r.add(m,u),u=r.add(d,d),d=r.add(u,d),d=r.add(d,p),d=r.mul(d,m),l=r.add(l,d),p=r.mul(o,s),p=r.add(p,p),d=r.mul(p,m),c=r.sub(c,d),u=r.mul(p,f),u=r.add(u,u),u=r.add(u,u),new w(c,l,u)}add(e){x(e);let{X:t,Y:n,Z:i}=this,{X:o,Y:s,Z:c}=e,l=r.ZERO,u=r.ZERO,d=r.ZERO,f=a.a,p=r.mul(a.b,Q),m=r.mul(t,o),h=r.mul(n,s),g=r.mul(i,c),_=r.add(t,n),v=r.add(o,s);_=r.mul(_,v),v=r.add(m,h),_=r.sub(_,v),v=r.add(t,i);let y=r.add(o,c);return v=r.mul(v,y),y=r.add(m,g),v=r.sub(v,y),y=r.add(n,i),l=r.add(s,c),y=r.mul(y,l),l=r.add(h,g),y=r.sub(y,l),d=r.mul(f,v),l=r.mul(p,g),d=r.add(l,d),l=r.sub(h,d),d=r.add(h,d),u=r.mul(l,d),h=r.add(m,m),h=r.add(h,m),g=r.mul(f,g),v=r.mul(p,v),h=r.add(h,g),g=r.sub(m,g),g=r.mul(f,g),v=r.add(v,g),m=r.mul(h,v),u=r.add(u,m),m=r.mul(y,v),l=r.mul(_,l),l=r.sub(l,m),m=r.mul(_,h),d=r.mul(y,d),d=r.add(d,m),new w(l,u,d)}subtract(e){return x(e),this.add(e.negate())}is0(){return this.equals(w.ZERO)}multiply(e){let{endo:n}=t;if(!i.isValidNot0(e))throw RangeError(`invalid scalar: out of range`);let r,a,o=e=>E.cached(this,e,e=>Ue(w,e));if(n){let{k1neg:t,k1:i,k2neg:s,k2:c}=S(e),{p:l,f:u}=o(i),{p:d,f}=o(c);a=u.add(f),r=C(n.beta,l,d,t,s)}else{let{p:t,f:n}=o(e);r=t,a=n}return Ue(w,[r,a])[0]}multiplyUnsafe(e){let{endo:n}=t,r=this,a=e;if(!i.isValid(a))throw RangeError(`invalid scalar: out of range`);if(a===X||r.is0())return w.ZERO;if(a===Z)return r;if(E.hasCache(this))return this.multiply(a);if(n){let{k1neg:e,k1:t,k2neg:i,k2:o}=S(a),{p1:s,p2:c}=Qe(w,r,t,o);return C(n.beta,s,c,e,i)}else return E.unsafe(r,a)}toAffine(e){let t=this,n=e,{X:i,Y:a,Z:o}=t;if(r.eql(o,r.ONE))return{x:i,y:a};let s=t.is0();n??=s?r.ONE:r.inv(o);let c=r.mul(i,n),l=r.mul(a,n),u=r.mul(o,n);if(s)return{x:r.ZERO,y:r.ZERO};if(!r.eql(u,r.ONE))throw Error(`invZ was invalid`);return{x:c,y:l}}isTorsionFree(){let{isTorsionFree:e}=t;return o===Z?!0:e?e(w,this):E.unsafe(this,s).is0()}clearCofactor(){let{clearCofactor:e}=t;return o===Z?this:e?e(w,this):this.multiplyUnsafe(o)}isSmallOrder(){return o===Z?this.is0():this.clearCofactor().is0()}toBytes(e=!0){return F(e,`isCompressed`),this.assertValidity(),m(w,this,e)}toHex(e=!0){return re(this.toBytes(e))}toString(){return`<Point ${this.is0()?`ZERO`:this.toHex()}>`}}let T=i.BITS,E=new Ze(w,t.endo?Math.ceil(T/2):T);return T>=8&&w.BASE.precompute(8),Object.freeze(w.prototype),Object.freeze(w),w}function dt(e){return Uint8Array.of(e?2:3)}function ft(e,t){return{secretKey:t.BYTES,publicKey:1+e.BYTES,publicKeyUncompressed:1+2*e.BYTES,publicKeyHasPrefix:!0,signature:2*t.BYTES}}function pt(e,t={}){let{Fn:n}=e,r=t.randomBytes===void 0?ae:t.randomBytes,i=Object.assign(ft(e.Fp,n),{seed:Math.max(Ve(n.ORDER),16)});function a(e){try{let t=n.fromBytes(e);return n.isValidNot0(t)}catch{return!1}}function o(t,n){let{publicKey:r,publicKeyUncompressed:a}=i;try{let i=t.length;return n===!0&&i!==r||n===!1&&i!==a?!1:!!e.fromBytes(t)}catch{return!1}}function s(e){return e=e===void 0?r(i.seed):e,He(A(e,i.seed,`seed`),n.ORDER)}function c(t,r=!0){return e.BASE.multiply(n.fromBytes(t)).toBytes(r)}function l(e){let{secretKey:t,publicKey:r,publicKeyUncompressed:a}=i,o=n._lengths;if(!ie(e))return;let s=A(e,void 0,`key`).length,c=s===r||s===a,l=s===t||!!o?.includes(s);if(!(c&&l))return c}function u(t,r,i=!0){if(l(t)===!0)throw Error(`first arg must be private key`);if(l(r)===!1)throw Error(`second arg must be public key`);let a=n.fromBytes(t);return e.fromBytes(r).multiply(a).toBytes(i)}let d={isValidSecretKey:a,isValidPublicKey:o,randomSecretKey:s},f=tt(s,c);return Object.freeze(d),Object.freeze(i),Object.freeze({getPublicKey:c,getSharedSecret:u,keygen:f,Point:e,utils:d,lengths:i})}function mt(e,t,n={}){let r=t;o(r),z(n,{},{hmac:`function`,lowS:`boolean`,randomBytes:`function`,bits2int:`function`,bits2int_modN:`function`}),n=Object.assign({},n);let i=n.randomBytes===void 0?ae:n.randomBytes,a=n.hmac===void 0?(e,t)=>rt(r,e,t):n.hmac,{Fp:s,Fn:c}=e,{ORDER:l,BITS:u}=c,{keygen:d,getPublicKey:f,getSharedSecret:p,utils:m,lengths:h}=pt(e,n),g={prehash:!0,lowS:typeof n.lowS==`boolean`?n.lowS:!0,format:`compact`,extraEntropy:!1},_=l*ct+Z<s.ORDER;function v(e){return e>l>>Z}function y(e,t){if(!c.isValidNot0(t))throw Error(`invalid signature ${e}: out of range 1..Point.Fn.ORDER`);return t}function b(){if(_)throw Error(`"recovered" sig type is not supported for cofactor >2 curves`)}function x(e,t){ot(t);let n=h.signature;return A(e,t===`compact`?n:t===`recovered`?n+1:void 0)}class S{r;s;recovery;constructor(e,t,n){if(this.r=y(`r`,e),this.s=y(`s`,t),n!=null){if(b(),![0,1,2,3].includes(n))throw Error(`invalid recovery id`);this.recovery=n}Object.freeze(this)}static fromBytes(e,t=g.format){x(e,t);let n;if(t===`der`){let{r:t,s:n}=Y.toSig(A(e));return new S(t,n)}t===`recovered`&&(n=e[0],t=`compact`,e=e.subarray(1));let r=h.signature/2,i=e.subarray(0,r),a=e.subarray(r,r*2);return new S(c.fromBytes(i),c.fromBytes(a),n)}static fromHex(e,t){return this.fromBytes(M(e),t)}assertRecovery(){let{recovery:e}=this;if(e==null)throw Error(`invalid recovery id: must be present`);return e}addRecoveryBit(e){return new S(this.r,this.s,e)}recoverPublicKey(t){let{r:n,s:r}=this,i=this.assertRecovery(),a=i===2||i===3?n+l:n;if(!s.isValid(a))throw Error(`invalid recovery id: sig.r+curve.n != R.x`);let o=s.toBytes(a),u=e.fromBytes(j(dt((i&1)==0),o)),d=c.inv(a),f=w(A(t,void 0,`msgHash`)),p=c.create(-f*d),m=c.create(r*d),h=e.BASE.multiplyUnsafe(p).add(u.multiplyUnsafe(m));if(h.is0())throw Error(`invalid recovery: point at infinify`);return h.assertValidity(),h}hasHighS(){return v(this.s)}toBytes(e=g.format){if(ot(e),e===`der`)return M(Y.hexFromSig(this));let{r:t,s:n}=this,r=c.toBytes(t),i=c.toBytes(n);return e===`recovered`?(b(),j(Uint8Array.of(this.assertRecovery()),r,i)):j(r,i)}toHex(e){return re(this.toBytes(e))}}Object.freeze(S.prototype),Object.freeze(S);let C=n.bits2int===void 0?function(e){if(e.length>8192)throw Error(`input is too large`);let t=L(e),n=e.length*8-u;return n>0?t>>BigInt(n):t}:n.bits2int,w=n.bits2int_modN===void 0?function(e){return c.create(C(e))}:n.bits2int_modN,T=ge(u);function E(e){return me(`num < 2^`+u,e,X,T),c.toBytes(e)}function D(e,t){return A(e,void 0,`message`),t?A(r(e),void 0,`prehashed message`):e}function O(t,n,r){let{lowS:a,prehash:o,extraEntropy:s}=st(r,g);t=D(t,o);let l=w(t),u=c.fromBytes(n);if(!c.isValidNot0(u))throw Error(`invalid private key`);let d=[E(u),E(l)];if(s!=null&&s!==!1){let e=s===!0?i(h.secretKey):s;d.push(A(e,void 0,`extraEntropy`))}let f=j(...d),p=l;function m(t){let n=C(t);if(!c.isValidNot0(n))return;let r=c.inv(n),i=e.BASE.multiply(n).toAffine(),o=c.create(i.x);if(o===X)return;let s=c.create(r*c.create(p+o*u));if(s===X)return;let l=(i.x===o?0:2)|Number(i.y&Z),d=s;return a&&v(s)&&(d=c.neg(s),l^=1),new S(o,d,_?void 0:l)}return{seed:f,k2sig:m}}function ee(e,t,n={}){let{seed:i,k2sig:o}=O(e,t,n);return _e(r.outputLen,c.BYTES,a)(i,o).toBytes(n.format)}function te(t,n,r,i={}){let{lowS:a,prehash:o,format:s}=st(i,g);if(r=A(r,void 0,`publicKey`),n=D(n,o),!ie(t)){let e=t instanceof S?`, use sig.toBytes()`:``;throw Error(`verify expects Uint8Array signature`+e)}x(t,s);try{let i=S.fromBytes(t,s),o=e.fromBytes(r);if(a&&i.hasHighS())return!1;let{r:l,s:u}=i,d=w(n),f=c.inv(u),p=c.create(d*f),m=c.create(l*f),h=e.BASE.multiplyUnsafe(p).add(o.multiplyUnsafe(m));return h.is0()?!1:c.create(h.x)===l}catch{return!1}}function k(e,t,n={}){let{prehash:r}=st(n,g);return t=D(t,r),S.fromBytes(e,`recovered`).recoverPublicKey(t).toBytes()}return Object.freeze({keygen:d,getPublicKey:f,getSharedSecret:p,utils:m,lengths:h,Point:e,sign:ee,verify:te,recoverPublicKey:k,Signature:S,hash:r})}var ht={p:BigInt(`0xfffffffffffffffffffffffffffffffffffffffffffffffffffffffefffffc2f`),n:BigInt(`0xfffffffffffffffffffffffffffffffebaaedce6af48a03bbfd25e8cd0364141`),h:BigInt(1),a:BigInt(0),b:BigInt(7),Gx:BigInt(`0x79be667ef9dcbbac55a06295ce870b07029bfcdb2dce28d959f2815b16f81798`),Gy:BigInt(`0x483ada7726a3c4655da4fbfc0e1108a8fd17b448a68554199c47d08ffb10d4b8`)},gt={beta:BigInt(`0x7ae96a2b657c07106e64479eac3434e99cf0497512f58995c1396c28719501ee`),basises:[[BigInt(`0x3086d221a7d46bcde86c90e49284eb15`),-BigInt(`0xe4437ed6010e88286f547fa90abfe4c3`)],[BigInt(`0x114ca50f7a8e2f3f657c1108d9d44cfd8`),BigInt(`0x3086d221a7d46bcde86c90e49284eb15`)]]},_t=BigInt(2);function vt(e){let t=ht.p,n=BigInt(3),r=BigInt(6),i=BigInt(11),a=BigInt(22),o=BigInt(23),s=BigInt(44),c=BigInt(88),l=e*e*e%t,u=l*l*e%t,d=W(W(W(u,n,t)*u%t,n,t)*u%t,_t,t)*l%t,f=W(d,i,t)*d%t,p=W(f,a,t)*f%t,m=W(p,s,t)*p%t,h=W(W(W(W(W(W(m,c,t)*m%t,s,t)*p%t,n,t)*u%t,o,t)*f%t,r,t)*l%t,_t,t);if(!yt.eql(yt.sqr(h),e))throw Error(`Cannot find square root`);return h}var yt=G(ht.p,{sqrt:vt}),bt=mt(ut(ht,{Fp:yt,endo:gt}),k),xt=Uint8Array.from([7,4,13,1,10,6,15,3,12,0,9,5,2,14,11,8]),St=Uint8Array.from(Array(16).fill(0).map((e,t)=>t)),Ct=St.map(e=>(9*e+5)%16),wt=(()=>{let e=[[St],[Ct]];for(let t=0;t<4;t++)for(let n of e)n.push(n[t].map(e=>xt[e]));return e})(),Tt=wt[0],Et=wt[1],Dt=[[11,14,15,12,5,8,7,9,11,13,14,15,6,7,9,8],[12,13,11,15,6,9,9,7,12,15,11,13,7,8,7,7],[13,15,14,11,7,7,6,8,13,14,13,12,5,5,6,9],[14,11,12,14,8,6,5,5,15,12,15,14,9,9,8,6],[15,12,13,13,9,5,8,6,14,11,12,11,8,6,5,5]].map(e=>Uint8Array.from(e)),Ot=Tt.map((e,t)=>e.map(e=>Dt[t][e])),kt=Et.map((e,t)=>e.map(e=>Dt[t][e])),At=Uint32Array.from([0,1518500249,1859775393,2400959708,2840853838]),jt=Uint32Array.from([1352829926,1548603684,1836072691,2053994217,0]);function Mt(e,t,n,r){return e===0?t^n^r:e===1?t&n|~t&r:e===2?(t|~n)^r:e===3?t&r|n&~r:t^(n|~r)}var $=new Uint32Array(16),Nt=class extends T{h0=1732584193;h1=-271733879;h2=-1732584194;h3=271733878;h4=-1009589776;constructor(){super(64,20,8,!0)}get(){let{h0:e,h1:t,h2:n,h3:r,h4:i}=this;return[e,t,n,r,i]}set(e,t,n,r,i){this.h0=e|0,this.h1=t|0,this.h2=n|0,this.h3=r|0,this.h4=i|0}process(e,t){for(let n=0;n<16;n++,t+=4)$[n]=e.getUint32(t,!0);let n=this.h0|0,r=n,i=this.h1|0,a=i,o=this.h2|0,s=o,c=this.h3|0,l=c,u=this.h4|0,d=u;for(let e=0;e<5;e++){let t=4-e,p=At[e],m=jt[e],h=Tt[e],g=Et[e],_=Ot[e],v=kt[e];for(let t=0;t<16;t++){let r=f(n+Mt(e,i,o,c)+$[h[t]]+p,_[t])+u|0;n=u,u=c,c=f(o,10)|0,o=i,i=r}for(let e=0;e<16;e++){let n=f(r+Mt(t,a,s,l)+$[g[e]]+m,v[e])+d|0;r=d,d=l,l=f(s,10)|0,s=a,a=n}}this.set(this.h1+o+l|0,this.h2+c+d|0,this.h3+u+r|0,this.h4+n+a|0,this.h0+i+s|0)}roundClean(){l($)}destroy(){this.destroyed=!0,l(this.buffer),this.set(0,0,0,0,0)}},Pt=b(()=>new Nt),Ft=`123456789ABCDEFGHJKLMNPQRSTUVWXYZabcdefghijkmnopqrstuvwxyz`;function It(e){let t=[0];for(let n=0;n<e.length;n++){let r=e[n];if(!r)continue;let i=Ft.indexOf(r);if(i===-1)throw Error(`Invalid base58 character`);for(let e=0;e<t.length;e++)t[e]*=58;t[0]+=i;let a=0;for(let e=0;e<t.length;e++)t[e]=t[e]+a,a=t[e]>>8,t[e]&=255;for(;a>0;)t.push(a&255),a>>=8}for(let n=0;n<e.length&&e[n]===`1`;n++)t.push(0);return new Uint8Array(t.reverse())}function Lt(e){let t=e.toLowerCase().split(`1`);if(t.length!==2)return null;let n=t[0],r=t[1];if(!n||!r||n!==`dgb`)return null;let i=[];for(let e of r){let t=`qpzry9x8gf2tvdw0s3jn54khce6mua7l`.indexOf(e);if(t===-1)return null;i.push(t)}let a=i.slice(0,-6);if(a.length<1)return null;let o=a[0];if(o===void 0)return null;let s=Rt(a.slice(1),5,8,!1);return s?{version:o,program:new Uint8Array(s)}:null}function Rt(e,t,n,r){let i=0,a=0,o=[],s=(1<<n)-1;for(let r of e){if(r<0||r>>t!==0)return null;for(i=i<<t|r,a+=t;a>=n;)a-=n,o.push(i>>a&s)}if(r)a>0&&o.push(i<<n-a&s);else if(a>=t||i<<n-a&s)return null;return o}function zt(e,t){let n=new TextEncoder().encode(t),r=new TextEncoder().encode(e),i=[],a=r.length;if(a<253)i.push(a);else if(a<=65535)i.push(253,a&255,a>>8&255);else if(a<=4294967295)i.push(254,a&255,a>>8&255,a>>16&255,a>>24&255);else throw Error(`Message too long`);let o=new Uint8Array(i),s=n.length+o.length+r.length,c=new Uint8Array(s),l=0;return c.set(n,l),l+=n.length,c.set(o,l),l+=o.length,c.set(r,l),k(k(c))}function Bt(e,t){if(t.length!==65)throw Error(`Invalid signature length`);if(t[0]===void 0)throw Error(`Invalid signature`);let n=t.slice(1,33),r=t.slice(33,65),i=[];for(let t=0;t<4;t++)try{let a=new bt.Signature(BigInt(`0x`+Array.from(n).map(e=>e.toString(16).padStart(2,`0`)).join(``)),BigInt(`0x`+Array.from(r).map(e=>e.toString(16).padStart(2,`0`)).join(``))).addRecoveryBit(t).recoverPublicKey(e),o=a.toBytes(!0),s=a.toBytes(!1);i.push(o),i.push(s)}catch{continue}if(i.length===0)throw Error(`Failed to recover any public keys`);return i}function Vt(e){return Pt(k(e))}function Ht(e,t){if(e.startsWith(`D`)||e.startsWith(`S`))try{let n=It(e);if(n.length<25)return!1;let r=n.slice(0,-4),i=n.slice(-4),a=k(k(r)).slice(0,4);if(!i.every((e,t)=>e===a[t]))return!1;let o=r.slice(1),s=Vt(t);return o.every((e,t)=>e===s[t])}catch{return!1}if(e.toLowerCase().startsWith(`dgb1`))try{let n=Lt(e);if(!n)return!1;let{version:r,program:i}=n;if(r===0){let e=t;if(t.length===65){let n=t[64]%2==0;e=new Uint8Array(33),e[0]=n?2:3,e.set(t.slice(1,33),1)}let n=Vt(e);return i.every((e,t)=>e===n[t])}return!1}catch{return!1}return!1}async function Ut(e,t,r){try{let n=Uint8Array.from(globalThis.atob(r),e=>e.charCodeAt(0));if(n.length!==65)throw Error(`Invalid signature length`);let i=Bt(zt(e,`DigiByte Signed Message: `),n);for(let e of i)if(Ht(t,e))return!0;return!1}catch(e){throw new n(`Signature verification failed: ${e instanceof Error?e.message:String(e)}`)}}function Wt(e=16){return(0,t.randomBytes)(e).toString(`hex`)}function Gt(e){if(!e.callbackUrl)throw new n(`Callback URL is required.`);let t;try{t=new URL(e.callbackUrl)}catch(e){throw new n(`Invalid callback URL: ${e.message}`)}let r=t.host+t.pathname,i=e.nonce||Wt(),a=e.unsecure?`1`:`0`;if(e.unsecure&&t.protocol!==`http:`)throw new n(`Unsecure flag is true, but callback URL does not use http protocol.`);if(!e.unsecure&&t.protocol!==`https:`)throw new n(`Callback URL must use https protocol unless unsecure flag is set to true.`);return`digiid://${r}?x=${i}&u=${a}`}async function Kt(e,t){let{address:r,uri:i,signature:a}=e,{expectedCallbackUrl:o,expectedNonce:s}=t;if(!r||!i||!a)throw new n(`Missing required callback data: address, uri, or signature.`);let c;try{let e=i.replace(/^digiid:/,`http:`);c=new URL(e)}catch(e){throw new n(`Invalid URI received in callback: ${e.message}`)}let l=c.searchParams.get(`x`),u=c.searchParams.get(`u`),d=c.host+c.pathname;if(l===null||u===null)throw new n(`URI missing nonce (x) or unsecure (u) parameter.`);let f;try{f=typeof o==`string`?new URL(o):o}catch(e){throw new n(`Invalid expectedCallbackUrl provided: ${e.message}`)}let p=f.host+f.pathname;if(d!==p)throw new n(`Callback URL mismatch: URI contained "${d}", expected "${p}"`);let m=f.protocol;if(u===`1`&&m!==`http:`)throw new n(`URI indicates unsecure (u=1), but expectedCallbackUrl is not http.`);if(u===`0`&&m!==`https:`)throw new n(`URI indicates secure (u=0), but expectedCallbackUrl is not https.`);if(s&&l!==s)throw new n(`Nonce mismatch: URI contained "${l}", expected "${s}". Possible replay attack.`);try{if(!await Ut(i,r,a))throw new n(`Invalid signature.`)}catch(e){throw e instanceof n?e:new n(`Unexpected error during signature verification: ${e.message}`)}return{isValid:!0,address:r,nonce:l}}e.DigiIDError=n,e._internalVerifySignature=Ut,e.generateDigiIDUri=Gt,e.verifyDigiIDCallback=Kt}); //# sourceMappingURL=digiid-ts.umd.js.map