{"version":3,"sources":["../src/encrDecr.ts","../src/errors.ts","../src/utils.ts","../src/securedEnvelope.ts","../src/serialization.ts","../src/walletAccounts.ts"],"sourcesContent":["// Copyright © Aptos\n// SPDX-License-Identifier: Apache-2.0\n\nimport { Ed25519Signature, PublicKey, Signature } from '@aptos-labs/ts-sdk';\nimport { sha3_256 } from '@noble/hashes/sha3';\nimport ed2curve from 'ed2curve';\nimport nacl from 'tweetnacl';\nimport { DecryptionError } from './errors';\nimport {\n  concatUint8array,\n  decodeBase64,\n  Ed25519PublicKey,\n  Ed25519SecretKey,\n  encodeBase64,\n  KeyTypes,\n  toKey,\n  X25519PublicKey,\n  X25519SecretKey,\n} from './utils';\n\n// This callback takes in a message bytes, and signs it.\n// THIS DOES NOT PERFORM DOMAIN SEPARATION: IT IS ASSUMED OUR LIBRARY ALREADY DID IT.\n// This is to support hardware wallets.\nexport type SignCallback = (message: Uint8Array) => Promise<Signature>;\n\nexport type SignaturePurpose =\n  | 'TRANSPORT_KEYPAIR'\n  | 'ACCOUNT_INFO'\n  | 'SECURED_ENVELOPE';\n\nexport const SIGNATURE_PREFIX = 'APTOS::IDENTITY_CONNECT';\n\nexport type EncryptionResult = {\n  nonce: Uint8Array;\n  secured: Uint8Array;\n};\n\nexport type SerializedEncryptionResult = {\n  nonceB64: string;\n  securedB64: string;\n};\n\n/**\n * Converts an Ed25519 public key to an X25519 public key\n * HERE THERE BE DRAGONS. ONLY USE THIS IF YOU KNOW WHAT YOU ARE DOING.\n * @param ed25519PublicKey The Ed25519 public key to convert\n * @param errorKeyName The name of the key to use in error messages\n */\nexport function convertEd25519PublicKeyToX25519PublicKey(\n  ed25519PublicKey: Ed25519PublicKey,\n  errorKeyName: string,\n): X25519PublicKey {\n  const x25519PublicKey = ed2curve.convertPublicKey(\n    ed25519PublicKey.key.slice(0, 32),\n  );\n  if (!x25519PublicKey) {\n    throw new Error(`${errorKeyName} is not a valid Ed25519 public key`);\n  }\n  return toKey(x25519PublicKey, KeyTypes.X25519PublicKey);\n}\n\n/**\n * Converts an Ed25519 secret key to an X25519 secret key\n * HERE THERE BE DRAGONS. ONLY USE THIS IF YOU KNOW WHAT YOU ARE DOING.\n * @param ed25519SecretKey The Ed25519 secret key to convert\n */\nexport function convertEd25519SecretKeyToX25519SecretKey(\n  ed25519SecretKey: Ed25519SecretKey,\n): X25519SecretKey {\n  const x25519SecretKey = ed2curve.convertSecretKey(\n    ed25519SecretKey.key.slice(0, 32),\n  );\n  return toKey(x25519SecretKey, KeyTypes.X25519SecretKey);\n}\nexport function serializeEncryptionResult(\n  enc: EncryptionResult,\n): SerializedEncryptionResult {\n  return {\n    nonceB64: encodeBase64(enc.nonce),\n    securedB64: encodeBase64(enc.secured),\n  };\n}\n\nexport function deserializeEncryptionResult(\n  enc: SerializedEncryptionResult,\n): EncryptionResult {\n  return {\n    nonce: decodeBase64(enc.nonceB64),\n    secured: decodeBase64(enc.securedB64),\n  };\n}\n\n/**\n * Decrypts a `SerializedEncryptionResult` to an object\n * Uses the sender's X25519 public key and receiver's Ed25519 secret key\n * The receivers Ed25519 secret key is converted to an X25519 secret key for the Diffie-Hellman key exchange\n * @param senderX25519PublicKey The sender's X25519 public key\n * @param receiverEd25519SecretKey The receiver's Ed25519 secret key\n * @param enc The serialized encryption result\n */\nexport function decryptSerializedEncryptionResult<T>(\n  senderX25519PublicKey: X25519PublicKey,\n  receiverEd25519SecretKey: Ed25519SecretKey,\n  enc: SerializedEncryptionResult,\n): T {\n  const des = deserializeEncryptionResult(enc);\n  return decryptObject<T>(\n    senderX25519PublicKey,\n    receiverEd25519SecretKey,\n    des.secured,\n    des.nonce,\n  );\n}\n\n/**\n * Decrypts a `SerializedEncryptionResult` to an object\n * Uses the sender's X25519 public key and receiver's X25519 secret key\n * @param senderX25519PublicKey The sender's X25519 public key\n * @param receiverX25519SecretKey The receiver's X25519 secret key\n * @param enc The serialized encryption result\n */\nexport function decryptSerializedEncryptionResultDirect<T>(\n  senderX25519PublicKey: X25519PublicKey,\n  receiverX25519SecretKey: X25519SecretKey,\n  enc: SerializedEncryptionResult,\n): T {\n  const des = deserializeEncryptionResult(enc);\n  return decryptObjectDirect<T>(\n    senderX25519PublicKey,\n    receiverX25519SecretKey,\n    des.secured,\n    des.nonce,\n  );\n}\n\n/**\n * Encrypts a string, by using the sender's X25519 secret key and receiver's Ed25519 public key\n * The receiver's Ed25519 public key is converted to an X25519 public key for the Diffie-Hellman key exchange\n * @param senderX25519SecretKey The sender's X25519 secret key\n * @param receiverEd25519PublicKey The receiver's Ed25519 public key\n * @param message The message to encrypt\n */\nexport function encryptMessage(\n  senderX25519SecretKey: X25519SecretKey,\n  receiverEd25519PublicKey: Ed25519PublicKey,\n  message: string,\n): EncryptionResult {\n  // Encrypt the message with the receiver's public key and sender's secret key\n  const receiverX25519PublicKey = convertEd25519PublicKeyToX25519PublicKey(\n    receiverEd25519PublicKey,\n    'receiver public key',\n  );\n  return encryptMessageDirect(\n    senderX25519SecretKey,\n    receiverX25519PublicKey,\n    message,\n  );\n}\n\n/**\n * Encrypts a string, by using the sender's X25519 secret key and receiver's X25519 public key\n * @param senderX25519SecretKey The sender's X25519 secret key\n * @param receiverX25519PublicKey The receiver's X25519 public key\n * @param message The message to encrypt\n */\nexport function encryptMessageDirect(\n  senderX25519SecretKey: X25519SecretKey,\n  receiverX25519PublicKey: X25519PublicKey,\n  message: string,\n): EncryptionResult {\n  // Generate a random nonce\n  const nonce = nacl.randomBytes(nacl.box.nonceLength);\n\n  // Convert the message to a Uint8Array\n  const messageUint8 = new TextEncoder().encode(message);\n\n  const secured = nacl.box(\n    messageUint8,\n    nonce,\n    receiverX25519PublicKey.key,\n    senderX25519SecretKey.key.slice(0, 32),\n  );\n\n  return { nonce, secured };\n}\n\n/**\n * Encrypts an object to a string, by using the sender's X25519 secret key and receiver's Ed25519 public key\n * The receiver's Ed25519 public key is converted to an X25519 public key for the Diffie-Hellman key exchange\n * @param senderX25519SecretKey The sender's X25519 secret key\n * @param receiverEd25519PublicKey The receiver's Ed25519 public key\n * @param message The message to encrypt\n */\nexport function encryptObject<T>(\n  senderX25519SecretKey: X25519SecretKey,\n  receiverEd25519PublicKey: Ed25519PublicKey,\n  message: T,\n): EncryptionResult {\n  const receiverX25519PublicKey = convertEd25519PublicKeyToX25519PublicKey(\n    receiverEd25519PublicKey,\n    'receiver public key',\n  );\n  return encryptObjectDirect(\n    senderX25519SecretKey,\n    receiverX25519PublicKey,\n    message,\n  );\n}\n\n/**\n * Encrypts an object to a string, by using the sender's X25519 secret key and receiver's X25519 public key\n * @param senderX25519SecretKey The sender's X25519 secret key\n * @param receiverX25519PublicKey The receiver's X25519 public key\n * @param message The message to encrypt\n */\nexport function encryptObjectDirect<T>(\n  senderX25519SecretKey: X25519SecretKey,\n  receiverX25519PublicKey: X25519PublicKey,\n  message: T,\n): EncryptionResult {\n  return encryptMessageDirect(\n    senderX25519SecretKey,\n    receiverX25519PublicKey,\n    JSON.stringify(message),\n  );\n}\n\n/**\n * Decrypts a string, by using the sender's X25519 public key and receiver's Ed25519 secret key\n * The receivers Ed25519 secret key is converted to an X25519 secret key for the Diffie-Hellman key exchange\n * @param senderX25519PublicKey The sender's X25519 public key\n * @param receiverEd25519SecretKey The receiver's Ed25519 secret key\n * @param securedMessage The message to decrypt\n * @param nonce The nonce used to encrypt the message\n */\nexport function decryptMessage(\n  senderX25519PublicKey: X25519PublicKey,\n  receiverEd25519SecretKey: Ed25519SecretKey,\n  securedMessage: Uint8Array,\n  nonce: Uint8Array,\n): string {\n  // Decrypt the message with the receiver's secret key and sender's public key\n  const receiverX25519SecretKey = convertEd25519SecretKeyToX25519SecretKey(\n    receiverEd25519SecretKey,\n  );\n  return decryptMessageDirect(\n    senderX25519PublicKey,\n    receiverX25519SecretKey,\n    securedMessage,\n    nonce,\n  );\n}\n\n/**\n * Decrypts a string, by using the sender's X25519 public key and receiver's X25519 secret key\n * @param senderX25519PublicKey The sender's X25519 public key\n * @param receiverX25519SecretKey The receiver's X25519 secret key\n * @param securedMessage The message to decrypt\n * @param nonce The nonce used to encrypt the message\n */\nexport function decryptMessageDirect(\n  senderX25519PublicKey: X25519PublicKey,\n  receiverX25519SecretKey: X25519SecretKey,\n  securedMessage: Uint8Array,\n  nonce: Uint8Array,\n): string {\n  let decryptedUint8;\n  try {\n    decryptedUint8 = nacl.box.open(\n      securedMessage,\n      nonce,\n      senderX25519PublicKey.key.slice(0, 32),\n      receiverX25519SecretKey.key.slice(0, 32),\n    );\n  } catch (e: any) {\n    throw new DecryptionError(`Could not decrypt message: ${e.message}`);\n  }\n  if (!decryptedUint8) {\n    throw new DecryptionError('Could not decrypt message');\n  }\n\n  // Convert the decrypted Uint8Array back to a string\n  return new TextDecoder().decode(decryptedUint8);\n}\n\n/**\n * Decrypts an object, by using the sender's X25519 public key and receiver's Ed25519 secret key\n * The receivers Ed25519 secret key is converted to an X25519 secret key for the Diffie-Hellman key exchange\n * @param senderX25519PublicKey The sender's X25519 public key\n * @param receiverEd25519SecretKey The receiver's Ed25519 secret key\n * @param securedMessage The message to decrypt\n * @param nonce The nonce used to encrypt the message\n */\nexport function decryptObject<T>(\n  senderX25519PublicKey: X25519PublicKey,\n  receiverEd25519SecretKey: Ed25519SecretKey,\n  securedMessage: Uint8Array,\n  nonce: Uint8Array,\n): T {\n  const receiverX25519SecretKey = convertEd25519SecretKeyToX25519SecretKey(\n    receiverEd25519SecretKey,\n  );\n  return decryptObjectDirect<T>(\n    senderX25519PublicKey,\n    receiverX25519SecretKey,\n    securedMessage,\n    nonce,\n  );\n}\n\n/**\n * Decrypts an object, by using the sender's X25519 public key and receiver's X25519 secret key\n * @param senderX25519PublicKey The sender's X25519 public key\n * @param receiverX25519SecretKey The receiver's X25519 secret key\n * @param securedMessage The message to decrypt\n * @param nonce The nonce used to encrypt the message\n */\nexport function decryptObjectDirect<T>(\n  senderX25519PublicKey: X25519PublicKey,\n  receiverX25519SecretKey: X25519SecretKey,\n  securedMessage: Uint8Array,\n  nonce: Uint8Array,\n): T {\n  const decryptedStr = decryptMessageDirect(\n    senderX25519PublicKey,\n    receiverX25519SecretKey,\n    securedMessage,\n    nonce,\n  );\n  return JSON.parse(decryptedStr) as T;\n}\n\n/**\n * Hashes a message with a purpose-specific prefix using SHA-3 256-bit algorithm.\n * The purpose prefix is constructed as `'APTOS::IDENTITY_CONNECT' + '::' + purpose + '::'`\n * This is to prevent hash collisions with other services, uses, and purposes\n * @param message The message to hash as a Uint8Array.\n * @param purpose The purpose of the signature.\n * @returns Uint8Array The hashed message as a Uint8Array\n */\nexport function messageHash(message: Uint8Array, purpose: SignaturePurpose) {\n  const signaturePrefixHash = new Uint8Array(\n    sha3_256(`${SIGNATURE_PREFIX}::${purpose}::`),\n  );\n  return new Uint8Array(\n    sha3_256(concatUint8array(signaturePrefixHash, message)),\n  );\n}\n\nexport function signWithEd25519SecretKey(\n  message: Uint8Array,\n  signingEd25519SecretKey: Ed25519SecretKey,\n  purpose: SignaturePurpose,\n) {\n  return nacl.sign.detached(\n    messageHash(message, purpose),\n    signingEd25519SecretKey.key,\n  );\n}\n\n// This assumes that domain separation has already happened: this emulates the behavior of a hardware device\nexport function makeEd25519SecretKeySignCallbackNoDomainSeparation(\n  signingEd25519SecretKey: Ed25519SecretKey,\n): SignCallback {\n  return async (message: Uint8Array) =>\n    new Ed25519Signature(\n      nacl.sign.detached(message, signingEd25519SecretKey.key),\n    );\n}\n\nexport function verifySignature(\n  message: Uint8Array,\n  signature: Signature,\n  signingPublicKey: PublicKey,\n  purpose: SignaturePurpose,\n): boolean {\n  return signingPublicKey.verifySignature({\n    message: messageHash(message, purpose),\n    signature,\n  });\n}\n\nexport function hashAndVerifySignature(\n  message: string | Uint8Array,\n  signature: Signature,\n  signingPublicKey: PublicKey,\n  purpose: SignaturePurpose,\n): boolean {\n  const messageUint8 =\n    message instanceof Uint8Array ? message : new TextEncoder().encode(message);\n  const messageUint8Hash = sha3_256(messageUint8);\n  return verifySignature(\n    messageUint8Hash,\n    signature,\n    signingPublicKey,\n    purpose,\n  );\n}\n","// Copyright © Aptos\n// SPDX-License-Identifier: Apache-2.0\n\nexport class EncryptionEnvelopeError extends Error {}\n\nexport class EnvelopeMessageMismatchError extends EncryptionEnvelopeError {\n  constructor(\n    message: string,\n    public field: string,\n  ) {\n    super(message);\n    this.name = 'EnvelopeMessageMismatchError';\n    Object.setPrototypeOf(this, EnvelopeMessageMismatchError.prototype);\n  }\n}\n\nexport class DecryptionError extends EncryptionEnvelopeError {\n  constructor(message: string) {\n    super(message);\n    this.name = 'DecryptionError';\n    Object.setPrototypeOf(this, DecryptionError.prototype);\n  }\n}\n","// Copyright © Aptos\n// SPDX-License-Identifier: Apache-2.0\n\nimport nacl from 'tweetnacl';\n\nexport enum KeyTypes {\n  Ed25519PublicKey = 'Ed25519PublicKey',\n  Ed25519SecretKey = 'Ed25519SecretKey',\n  X25519PublicKey = 'X25519PublicKey',\n  X25519SecretKey = 'X25519SecretKey',\n}\n\nexport interface IKey<Type extends KeyTypes> {\n  key: Uint8Array;\n  type: Type;\n}\n\nexport type X25519PublicKey = IKey<KeyTypes.X25519PublicKey>;\nexport type X25519SecretKey = IKey<KeyTypes.X25519SecretKey>;\nexport type X25519KeyPair = {\n  publicKey: X25519PublicKey;\n  secretKey: X25519SecretKey;\n};\n\nexport type Ed25519PublicKey = IKey<KeyTypes.Ed25519PublicKey>;\nexport type Ed25519SecretKey = IKey<KeyTypes.Ed25519SecretKey>;\nexport type Ed25519KeyPair = {\n  publicKey: Ed25519PublicKey;\n  secretKey: Ed25519SecretKey;\n};\n\nexport type RawKeyPair = {\n  publicKey: Uint8Array;\n  secretKey: Uint8Array;\n};\n\nexport function createX25519KeyPair(): X25519KeyPair {\n  return keypairToX25519(nacl.box.keyPair());\n}\n\nexport function createEd25519KeyPair(): Ed25519KeyPair {\n  return keypairToEd25519(nacl.sign.keyPair());\n}\n\nexport function toKey<Type extends KeyTypes = KeyTypes>(\n  rawKey: Uint8Array,\n  type: Type,\n): Type extends KeyTypes.Ed25519PublicKey\n  ? Ed25519PublicKey\n  : Type extends KeyTypes.Ed25519SecretKey\n    ? Ed25519SecretKey\n    : Type extends KeyTypes.X25519PublicKey\n      ? X25519PublicKey\n      : Type extends KeyTypes.X25519SecretKey\n        ? X25519SecretKey\n        : never {\n  return {\n    key: rawKey,\n    type,\n  } as any;\n}\n\nexport function keypairToEd25519(keyPair: RawKeyPair): Ed25519KeyPair {\n  return {\n    publicKey: toKey(keyPair.publicKey, KeyTypes.Ed25519PublicKey),\n    secretKey: toKey(keyPair.secretKey, KeyTypes.Ed25519SecretKey),\n  };\n}\n\nexport function keypairToX25519(keyPair: RawKeyPair): X25519KeyPair {\n  return {\n    publicKey: toKey(keyPair.publicKey, KeyTypes.X25519PublicKey),\n    secretKey: toKey(keyPair.secretKey, KeyTypes.X25519SecretKey),\n  };\n}\n\nexport function aptosAccountToEd25519Keypair(account: {\n  signingKey: nacl.SignKeyPair;\n}) {\n  return ed25519KeypairFromSecret(account.signingKey.secretKey);\n}\n\nexport function ed25519KeypairFromSecret(\n  ed25519SecretKeyBytes: Uint8Array,\n): Ed25519KeyPair {\n  return keypairToEd25519(\n    nacl.sign.keyPair.fromSeed(ed25519SecretKeyBytes.slice(0, 32)),\n  );\n}\n\nexport function decodeBase64(base64Str: string): Uint8Array {\n  if (globalThis.Buffer) {\n    return new Uint8Array(Buffer.from(base64Str, 'base64'));\n  }\n  return Uint8Array.from(atob(base64Str), (m) => m.codePointAt(0)!);\n}\n\nexport function encodeBase64(bytes: Uint8Array): string {\n  if (globalThis.Buffer) {\n    return Buffer.from(bytes).toString('base64');\n  }\n  return btoa(Array.from(bytes, (x) => String.fromCodePoint(x)).join(''));\n}\n\nexport function concatUint8array(\n  arrayOne: Uint8Array,\n  arrayTwo: Uint8Array,\n): Uint8Array {\n  const mergedArray = new Uint8Array(arrayOne.length + arrayTwo.length);\n  mergedArray.set(arrayOne);\n  mergedArray.set(arrayTwo, arrayOne.length);\n  return mergedArray;\n}\n","// Copyright © Aptos\n// SPDX-License-Identifier: Apache-2.0\n\nimport {\n  Ed25519PublicKey as AptosEd25519PublicKey,\n  Ed25519Signature,\n  Hex,\n} from '@aptos-labs/ts-sdk';\nimport { sha3_256 } from '@noble/hashes/sha3';\nimport {\n  decryptObject,\n  deserializeEncryptionResult,\n  encryptObject,\n  SerializedEncryptionResult,\n  SignCallback,\n  serializeEncryptionResult,\n  signWithEd25519SecretKey,\n  verifySignature,\n} from './encrDecr';\nimport { EnvelopeMessageMismatchError } from './errors';\nimport {\n  createX25519KeyPair,\n  decodeBase64,\n  Ed25519PublicKey,\n  Ed25519SecretKey,\n  encodeBase64,\n  KeyTypes,\n  toKey,\n  X25519KeyPair,\n  X25519PublicKey,\n} from './utils';\n\n/**\n * When sending messages back and forth, there are some things that Identity Connect must know to function and provide\n * security for users, and dApps and wallets need to know that any messages sent to one another were sent (and\n * received) by the expected parties.\n *\n * To allow for secure communication between parties, we are introducing the\n * *SecuredEnvelope*. This envelope provides a secure channel for parties to encrypt private messages, *and*\n * authenticate one another, while allowing IC to route requests and block invalid messages.\n *\n * The envelope can be thought of as a wrapper around the JSON payload of a POST/PUT request T, and has two parts:\n * `messagePrivate`: This contains some of the parameters of `T`, which will be signed by the sender and encrypted\n *                   with the recipient's public key.\n * `publicMessage`: This field is sent unencrypted, but signed so that the IC endpoint can do basic validation before\n *                  processing. The parameters in `publicMessage` are DISJOINT from `messagePrivate`, and are invalid\n *                  otherwise: there are no keys in `messagePrivate` that also appear in `publicMessage`. It must\n *                  contain a ``_metadata`` field with security features like the timestamp, public keys, sequence\n *                  number, etc.\n *\n * Both IC and dApps can verify, on chain, that the senders’ keys match their address and that they are speaking\n * with who they expect. Encryption is done with an X25519 key derived from the ED25519 PublicKey of the wallet\n * account that is connecting (this allows for seamless cross-device account access), and an ephemeral X25519 KeyPair,\n * of which the SecretKey is thrown away after encryption. Decryption uses the X25519 key derived from the receiver\n * ED25519 SecretKey.\n *\n * Account private keys Ska (and their counterpart X25519 keys) are only used to decrypt and sign:\n * THEY ARE NEVER USED TO ENCRYPT!\n *\n * Operations follow the Cryptographic Doom Principle:\n *   Always verify the signature of the message before any other cryptographic operations\n * https://moxie.org/2011/12/13/the-cryptographic-doom-principle.html\n *\n *\n * To send a `SecuredEnvelope` over the wire, it must first be turned into a `SecuredEnvelopeTransport` - this\n * involves:\n * 1. Encrypting and serializing the `privateMessage` field to an `encryptedPrivateMessage`field.\n *     a. Generate ephemeral X25519 sender keypair `xPkse/xSkse`. The `xPkse` becomes the `senderX25519PublicKeyB64` in\n *      the `EnvelopeMetadata`.\n *     b. Convert the `receiverEd25519PublicKey` to a `receiverX25519PublicKey` - `xPkr`\n *     c. Generate a random `nonce` for the `[nacl.box](http://nacl.box)` encryption\n *     d. Encrypt the `privateMessage` using `[nacl.box](http://nacl.box)` with the `xSkse` and `xPkr`\n *     e. Package this encrypted data, and the `nonce`, into a `SerializedEncryptionResult`\n * 2. JSON serializing the `publicMessage` field into a `serializedPublicMessage`. We don’t care about canonical\n *    serialization/ordering as the sender signs over this serialized string.\n * 3.  Now that we have the private `encryptedPrivateMessage` and public `serializedPublicMessage` we can generate the\n *    `messageSignature`:\n *     a. Hash the `SHA3-256(encryptedPublicMessage)` to get `publicMessageHash`\n *     b. Hash the `SHA3-256(encryptedPrivateMessage)` to get `privateMessageHash`\n *     c. Hash `SHA3-256(publicMessageHash | privateMessageHash)` to get `combinedMessageHash`\n *     d. Get the `domainSeparatedMessageHash` by hashing the `combinedMessageHash` with a domain separator:\n *        `SHA3-256(SHA3-256('APTOS::IDENTITY_CONNECT::') | combinedMessageHash)`\n *     e. To obtain the final `messageSignature`, we sign the `domainSeparatedMessageHash` with the Ed25519 private\n *        key of the sender, and hex encode it.\n * 4. This creates the final `SecuredEnvelopeTransport` object, ready to be JSON serialized and sent in an HTTP\n *    request\n */\n\nexport const REQUIRED_FIELDS: (keyof EnvelopeMetadata)[] = [\n  'receiverEd25519PublicKeyB64',\n  'senderEd25519PublicKeyB64',\n  'senderX25519PublicKeyB64',\n  'sequence',\n  'timestampMillis',\n].sort() as (keyof EnvelopeMetadata)[];\n\n// The publicMessage._metadata field looks like this:\nexport type EnvelopeMetadata = {\n  // The receiver's public key, base64\n  receiverEd25519PublicKeyB64: string;\n  // The sender public key, base64\n  senderEd25519PublicKeyB64: string;\n  // The senders X25519 public key, base64\n  senderX25519PublicKeyB64: string;\n  // The sequence of the sender.\n  // This number only goes up, to prevent relay attacks\n  // This exists per pairing\n  // dApps, wallets, accounts, etc are expected to keep track of them\n  // IC will reject out-of-order sequence numbers\n  sequence: number;\n  // The timestamp this message was sent at\n  // IC will reject if it's in the future or older than 5 minutes\n  timestampMillis: number;\n};\n\nexport interface IEnvelopeMetadata extends Message {\n  _metadata: EnvelopeMetadata;\n}\n\n// A message- whether the `Public` or `Private` component- is a JSON object.\n// As such, we know that the keys are strings, and the values are any JSON-serializable type ('unknown')\nexport type Message = Record<string, unknown>;\n\nexport type SecuredEnvelope<Public extends Message> = {\n  encryptedPrivateMessage: SerializedEncryptionResult;\n  messageSignature: string;\n  publicMessage: Public & IEnvelopeMetadata;\n};\n\nexport type SecuredEnvelopeTransport = {\n  encryptedPrivateMessage: SerializedEncryptionResult;\n  messageSignature: string;\n  serializedPublicMessage: string;\n};\n\nexport type DecryptedEnvelope<\n  Public extends Message & { [K in keyof Private]?: never },\n  Private extends Message & { [K in keyof Public]?: never },\n> = {\n  messageSignature: string;\n  privateMessage: Private;\n  publicMessage: Public & IEnvelopeMetadata;\n};\n\nexport type DeserializedTransportEnvelope<Public extends Message> =\n  SecuredEnvelopeTransport & SecuredEnvelope<Public>;\n\nexport type SignCallbackOrEd25519SecretKey = SignCallback | Ed25519SecretKey;\n\nexport function ensurePrivatePublicFieldsDisjoint<\n  Public extends Message & { [K in keyof Private]?: never },\n  Private extends Message & { [K in keyof Public]?: never },\n>(privateMessage: Private, publicMessage: Public) {\n  // gets all fields in privateMessage that are also in publicMessage\n  const intersection = Object.keys(privateMessage).filter((x) =>\n    Object.keys(publicMessage).includes(x),\n  );\n  if (intersection.length > 0) {\n    const field = intersection[0];\n    throw new EnvelopeMessageMismatchError(\n      `Field ${field} appears in both private and public message fields`,\n      field,\n    );\n  }\n}\n\nexport function ensureMetadataFields(message: EnvelopeMetadata) {\n  // ensure ONLY the fields in REQUIRED_FIELDS are present in message. Sort asc.\n  const messageKeys = Object.keys(message).sort();\n  const extraFields = messageKeys.filter(\n    (key) => !REQUIRED_FIELDS.includes(key as any),\n  );\n  const missingFields = REQUIRED_FIELDS.filter(\n    (key) => !messageKeys.includes(key as any),\n  );\n  if (extraFields.length > 0 || missingFields.length > 0) {\n    let extraFieldsStr =\n      extraFields.length > 0 ? `extra(${extraFields.join(', ')})` : '';\n    const missingFieldsStr =\n      missingFields.length > 0 ? `missing(${missingFields.join(', ')})` : '';\n    extraFieldsStr =\n      extraFieldsStr.length > 0 && missingFieldsStr.length > 0\n        ? `${extraFieldsStr}, `\n        : extraFieldsStr;\n    throw new EnvelopeMessageMismatchError(\n      `PublicMessage metadata fields do not conform to spec: ${extraFieldsStr}${missingFieldsStr}`,\n      '_metadata',\n    );\n  }\n}\n\nexport function deserializeTransportEnvelope<Public extends Message>(\n  transportEnvelope: SecuredEnvelopeTransport,\n): DeserializedTransportEnvelope<Public> {\n  const publicMessage = JSON.parse(\n    transportEnvelope.serializedPublicMessage,\n  ) as Public & IEnvelopeMetadata;\n  return {\n    ...transportEnvelope,\n    publicMessage,\n  };\n}\n\n// This signs with the senders ed25519 private key,\n// but encrypts with an ephemeral X25519 keyPair + the receivers x25519 public key (converted from their ed25519 key)\n// This is so that the private key IS ONLY EVER USED FOR DECRYPTION, NEVER FOR ENCRYPTION\nexport function encryptAndSignEnvelope<\n  Public extends Message & { [K in keyof Private]?: never },\n  Private extends Message & { [K in keyof Public]?: never },\n>(\n  senderEd25519SecretKey: Ed25519SecretKey,\n  senderEd25519PublicKey: Ed25519PublicKey,\n  receiverEd25519PublicKey: Ed25519PublicKey,\n  sequence: number,\n  publicMessage: Public,\n  privateMessage: Private,\n): SecuredEnvelopeTransport {\n  const senderEphemeralX25519KeyPair = createX25519KeyPair();\n  const metadata = constructMetadata(\n    senderEd25519PublicKey,\n    receiverEd25519PublicKey,\n    sequence,\n    senderEphemeralX25519KeyPair.publicKey,\n  );\n\n  ensureMetadataFields(metadata);\n  ensurePrivatePublicFieldsDisjoint<Public, Private>(\n    privateMessage,\n    publicMessage,\n  );\n\n  return dangerouslyEncryptAndSignEnvelopeUnvalidated(\n    senderEd25519SecretKey,\n    receiverEd25519PublicKey,\n    metadata,\n    privateMessage,\n    publicMessage,\n    senderEphemeralX25519KeyPair,\n  );\n}\n\nexport function constructMetadata(\n  senderEd25519PublicKey: Ed25519PublicKey,\n  receiverEd25519PublicKey: Ed25519PublicKey,\n  sequence: number,\n  senderEphemeralX25519PublicKey: X25519PublicKey,\n): EnvelopeMetadata {\n  // This is used for SIGNING ONLY!\n  return {\n    receiverEd25519PublicKeyB64: encodeBase64(receiverEd25519PublicKey.key),\n    senderEd25519PublicKeyB64: encodeBase64(senderEd25519PublicKey.key),\n    senderX25519PublicKeyB64: encodeBase64(senderEphemeralX25519PublicKey.key),\n    sequence,\n    timestampMillis: Date.now(),\n  };\n}\n\nexport function dangerouslyEncryptAndSignEnvelopeUnvalidated<\n  Public extends Message & { [K in keyof Private]?: never },\n  Private extends Message & { [K in keyof Public]?: never },\n>(\n  senderEd25519SecretKey: Ed25519SecretKey,\n  receiverEd25519PublicKey: Ed25519PublicKey,\n  metadata: EnvelopeMetadata,\n  privateMessage: Private,\n  publicMessage: Public,\n  senderEphemeralX25519KeyPair: X25519KeyPair,\n): SecuredEnvelopeTransport {\n  const encryptionResult = encryptObject(\n    senderEphemeralX25519KeyPair.secretKey,\n    receiverEd25519PublicKey,\n    privateMessage,\n  );\n  const encryptedPrivateMessage = serializeEncryptionResult(encryptionResult);\n  const encryptedPrivateMessageBytes = decodeBase64(\n    encryptedPrivateMessage.securedB64,\n  );\n  const serializedPublicMessage = JSON.stringify({\n    ...publicMessage,\n    _metadata: metadata,\n  });\n  const publicMessageBytes = new TextEncoder().encode(serializedPublicMessage);\n  const messageSignature = signEnvelope(\n    publicMessageBytes,\n    encryptedPrivateMessageBytes,\n    senderEd25519SecretKey,\n  );\n  return {\n    encryptedPrivateMessage,\n    messageSignature,\n    serializedPublicMessage,\n  };\n}\n\nfunction combineHashedEnvelopeMessageBytes(\n  publicMessageBytes: Uint8Array,\n  privateMessageBytes: Uint8Array,\n): Uint8Array {\n  const publicMessageBytesHash = sha3_256(publicMessageBytes);\n  const privateMessageBytesHash = sha3_256(privateMessageBytes);\n  // Concatenate the two hashes\n  const combinedHash = new Uint8Array(\n    publicMessageBytesHash.length + privateMessageBytesHash.length,\n  );\n  combinedHash.set(publicMessageBytesHash);\n  combinedHash.set(privateMessageBytesHash, publicMessageBytesHash.length);\n  // Hash and return\n  return sha3_256(combinedHash);\n}\n\nfunction signEnvelope(\n  publicMessageBytes: Uint8Array,\n  privateMessageBytes: Uint8Array,\n  senderEd25519SecretKey: Ed25519SecretKey,\n) {\n  const messageHashBytes = combineHashedEnvelopeMessageBytes(\n    publicMessageBytes,\n    privateMessageBytes,\n  );\n  const signatureBytes = signWithEd25519SecretKey(\n    messageHashBytes,\n    senderEd25519SecretKey,\n    'SECURED_ENVELOPE',\n  );\n  return Hex.fromHexInput(signatureBytes).toString();\n}\n\nexport function verifyEnvelopeSignature(\n  publicMessageBytes: Uint8Array,\n  privateMessageBytes: Uint8Array,\n  messageSignatureInput: string,\n  senderEd25519PublicKey: Ed25519PublicKey,\n) {\n  const messageSignature = new Ed25519Signature(\n    Hex.fromHexInput(messageSignatureInput).toUint8Array(),\n  );\n  const senderPublicKey = new AptosEd25519PublicKey(senderEd25519PublicKey.key);\n  const messageHashBytes = combineHashedEnvelopeMessageBytes(\n    publicMessageBytes,\n    privateMessageBytes,\n  );\n  const messageVerified = verifySignature(\n    messageHashBytes,\n    messageSignature,\n    senderPublicKey,\n    'SECURED_ENVELOPE',\n  );\n  if (!messageVerified) {\n    throw new EnvelopeMessageMismatchError(\n      'Could not verify SecuredEnvelope signature',\n      'messageSignature',\n    );\n  }\n}\n\nexport function decryptEnvelope<\n  Public extends Message & { [K in keyof Private]?: never },\n  Private extends Message & { [K in keyof Public]?: never },\n>(\n  senderEd25519PublicKey: Ed25519PublicKey,\n  receiverEd25519SecretKey: Ed25519SecretKey,\n  message: SecuredEnvelopeTransport,\n): DecryptedEnvelope<Public, Private> {\n  const { encryptedPrivateMessage, messageSignature, serializedPublicMessage } =\n    message;\n  const publicMessage = JSON.parse(serializedPublicMessage) as Public &\n    IEnvelopeMetadata;\n\n  // Ensure the private/public message signature matches the expected signature\n  const rawPrivateMessage = decodeBase64(encryptedPrivateMessage.securedB64);\n  const rawPublicMessage = new TextEncoder().encode(serializedPublicMessage);\n  verifyEnvelopeSignature(\n    rawPublicMessage,\n    rawPrivateMessage,\n    messageSignature,\n    senderEd25519PublicKey,\n  );\n\n  // Ensure the public key matches the expected public key\n  const senderEd25519PublicKeyB64 = encodeBase64(senderEd25519PublicKey.key);\n  const expectedPublicKeyB64 =\n    publicMessage._metadata.senderEd25519PublicKeyB64;\n  if (senderEd25519PublicKeyB64 !== expectedPublicKeyB64) {\n    throw new EnvelopeMessageMismatchError(\n      'senderEd25519PublicKey in envelope does not match provided receiverEd25519SecretKey',\n      'senderPublicKey',\n    );\n  }\n\n  const senderX25519PublicKeyBytes = decodeBase64(\n    publicMessage._metadata.senderX25519PublicKeyB64,\n  );\n  const senderX25519PublicKey = toKey(\n    senderX25519PublicKeyBytes,\n    KeyTypes.X25519PublicKey,\n  );\n  const encryptionResult = deserializeEncryptionResult(encryptedPrivateMessage);\n  const privateMessage = decryptObject<Private>(\n    senderX25519PublicKey,\n    receiverEd25519SecretKey,\n    encryptionResult.secured,\n    encryptionResult.nonce,\n  );\n\n  ensureMetadataFields(publicMessage._metadata);\n  ensurePrivatePublicFieldsDisjoint(privateMessage, publicMessage);\n\n  return {\n    messageSignature,\n    privateMessage,\n    publicMessage,\n  };\n}\n","// Copyright © Aptos\n// SPDX-License-Identifier: Apache-2.0\n\nimport {\n  base64ToBytes,\n  bytesToBase64,\n  deserializePublicKey,\n  deserializeSignature,\n  serializePublicKey,\n  serializeSignature,\n} from '@aptos-connect/wallet-api';\nimport {\n  AccountPublicKey,\n  Ed25519PublicKey as AptosEd25519PublicKey,\n  Deserializer,\n  Ed25519Signature,\n  Hex,\n  PublicKey,\n  Serializer,\n  Signature,\n} from '@aptos-labs/ts-sdk';\nimport { decodeBase64 } from './utils';\n\nexport function serializePublicKeyB64(publicKey: PublicKey) {\n  const serializer = new Serializer();\n  serializePublicKey(serializer, publicKey);\n  return bytesToBase64(serializer.toUint8Array());\n}\n\nexport function deserializePublicKeyB64(publicKeyB64: string) {\n  const serializedPublicKey = base64ToBytes(publicKeyB64);\n  const deserializer = new Deserializer(serializedPublicKey);\n  return deserializePublicKey(deserializer) as AccountPublicKey;\n}\n\nexport function deserializeEd25519PublicKeyB64(ed25519PublicKeyB64: string) {\n  return new AptosEd25519PublicKey(decodeBase64(ed25519PublicKeyB64));\n}\n\nexport function serializeSignatureB64(signature: Signature) {\n  const serializer = new Serializer();\n  serializeSignature(serializer, signature);\n  return bytesToBase64(serializer.toUint8Array());\n}\n\nexport function deserializeSignatureB64(signatureB64: string) {\n  const serializedSignature = base64ToBytes(signatureB64);\n  const deserializer = new Deserializer(serializedSignature);\n  return deserializeSignature(deserializer);\n}\n\nexport function deserializeEd25519SignatureB64(ed25519SignatureB64: string) {\n  const signatureBytes = Hex.fromHexInput(ed25519SignatureB64).toUint8Array();\n  return new Ed25519Signature(signatureBytes);\n}\n\nexport function publicKeyB64FromEd25519PublicKeyB64(\n  ed25519PublicKeyB64: string,\n) {\n  const publicKey = deserializeEd25519PublicKeyB64(ed25519PublicKeyB64);\n  return serializePublicKeyB64(publicKey);\n}\n","// Copyright © Aptos\n// SPDX-License-Identifier: Apache-2.0\n\n// Adding or removing an account? This will be idempotent, but racy\nimport {\n  Account,\n  AccountPublicKey,\n  PublicKey as AptosPublicKey,\n  Signature,\n} from '@aptos-labs/ts-sdk';\nimport { sha3_256 } from '@noble/hashes/sha3';\nimport { messageHash, signWithEd25519SecretKey } from './encrDecr';\nimport { serializePublicKeyB64, serializeSignatureB64 } from './serialization';\nimport {\n  Ed25519KeyPair,\n  Ed25519PublicKey,\n  Ed25519SecretKey,\n  ed25519KeypairFromSecret,\n  encodeBase64,\n} from './utils';\n\n// ADD/REMOVE is used for account connections\nexport enum AccountConnectionAction {\n  ADD = 'add',\n  REMOVE = 'remove',\n}\n\n/**\n * When a wallet wants to create a pairing, or add/remove an account from a wallet connection, it must prove that it\n * has the secret key for a given account. To do so it uses an `AccountConnectInfo` object.\n *  1. Once the `AccountConnectInfo` is assembled, it’s JSON serialized to get a `accountInfoSerialized` string.\n *  2. We then domain separate and hash the `accountInfoSerialized` to get the `accountInfoHash`:\n *    `SHA3-256(SHA3-256('APTOS::IDENTITY_CONNECT::') | SHA3-256(accountInfoSerialized))`\n *  3. To obtain the `signature`, we sign the `accountInfoHash` with the Ed25519 private key of the sender, and hex\n *     encode it.\n *  4. These are assembled into an `AccountConnectInfoSerialized`, ready to be sent in an HTTP request.\n */\n\nexport type BaseAccountConnectInfo = {\n  // The account address\n  accountAddress: string;\n  // either 'add' or 'remove'\n  action: AccountConnectionAction;\n  // A unique identifier for this connection: it is either the walletId or the pairingId\n  // Prevents replay attacks across wallets\n  intentId: string;\n  // Prevents replay attacks across time- these are only valid for 5 minutes\n  timestampMillis: number;\n  // The public key for the encrypted e2e channel, base64\n  transportEd25519PublicKeyB64: string;\n};\n\nexport type Ed25519AccountConnectInfo = BaseAccountConnectInfo & {\n  // The account ed25519 public key, base64\n  ed25519PublicKeyB64: string;\n  publicKeyB64?: undefined;\n};\n\nexport type AnyAccountConnectInfo = BaseAccountConnectInfo & {\n  ed25519PublicKeyB64?: undefined;\n  // The account public key, bcs-serialized and base64-encoded\n  publicKeyB64: string;\n};\n\n// Ensuring compatibility with previous wallet-sdk versions\nexport type AccountConnectInfo =\n  | Ed25519AccountConnectInfo\n  | AnyAccountConnectInfo;\n\nexport type Ed25519AccountConnectInfoSerialized = {\n  accountInfoSerialized: string;\n  signature: string;\n  signatureB64?: undefined;\n};\n\nexport type AnyAccountConnectInfoSerialized = {\n  accountInfoSerialized: string;\n  signature?: undefined;\n  signatureB64: string;\n};\n\nexport type AccountConnectInfoSerialized =\n  | Ed25519AccountConnectInfoSerialized\n  | AnyAccountConnectInfoSerialized;\n\nexport type SyncSignCallback = (message: Uint8Array) => Signature;\nexport type AsyncSignCallback = (message: Uint8Array) => Promise<Signature>;\nexport type AnySignCallback = SyncSignCallback | AsyncSignCallback;\n\nexport function deriveAccountTransportEd25519Keypair(\n  ed25519SecretKey: Ed25519SecretKey,\n  publicKey: Ed25519PublicKey | AptosPublicKey,\n): Ed25519KeyPair;\n\nexport function deriveAccountTransportEd25519Keypair(\n  signCallback: SyncSignCallback,\n  publicKey: Ed25519PublicKey | AptosPublicKey,\n): Ed25519KeyPair;\n\nexport async function deriveAccountTransportEd25519Keypair(\n  signCallback: AsyncSignCallback,\n  publicKey: Ed25519PublicKey | AptosPublicKey,\n): Promise<Ed25519KeyPair>;\n\nexport function deriveAccountTransportEd25519Keypair(\n  signCallback: AnySignCallback,\n  publicKey: Ed25519PublicKey | AptosPublicKey,\n): Ed25519KeyPair | Promise<Ed25519KeyPair>;\n\nexport function deriveAccountTransportEd25519Keypair(\n  ed25519SecretKeyOrSignCallback: Ed25519SecretKey | AnySignCallback,\n  publicKey: Ed25519PublicKey | AptosPublicKey,\n) {\n  const publicKeyBytes =\n    publicKey instanceof AptosPublicKey\n      ? publicKey.toUint8Array()\n      : publicKey.key;\n  if (ed25519SecretKeyOrSignCallback instanceof Function) {\n    const seedGeneratorBytes = messageHash(publicKeyBytes, 'TRANSPORT_KEYPAIR');\n    const signature = ed25519SecretKeyOrSignCallback(seedGeneratorBytes);\n    if (signature instanceof Promise) {\n      return signature.then((value) =>\n        ed25519KeypairFromSecret(value.toUint8Array()),\n      );\n    }\n    return ed25519KeypairFromSecret(signature.toUint8Array());\n  }\n\n  const seedBytes = signWithEd25519SecretKey(\n    publicKeyBytes,\n    ed25519SecretKeyOrSignCallback,\n    'TRANSPORT_KEYPAIR',\n  );\n  return ed25519KeypairFromSecret(seedBytes);\n}\n\nexport type CreateSerializedAccountInfoArgs<\n  TSignCallback extends AnySignCallback,\n> = [\n  signCallback: TSignCallback,\n  publicKey: AccountPublicKey,\n  transportEd25519PublicKey: Ed25519PublicKey,\n  action: AccountConnectionAction,\n  intentId: string,\n  accountAddress?: string,\n];\n\nexport function createSerializedAccountInfo(\n  ...args: CreateSerializedAccountInfoArgs<SyncSignCallback>\n): AccountConnectInfoSerialized;\nexport function createSerializedAccountInfo(\n  ...args: CreateSerializedAccountInfoArgs<AsyncSignCallback>\n): Promise<AccountConnectInfoSerialized>;\nexport function createSerializedAccountInfo(\n  ...args: CreateSerializedAccountInfoArgs<AnySignCallback>\n): AccountConnectInfoSerialized | Promise<AccountConnectInfoSerialized>;\n\nexport function createSerializedAccountInfo(\n  ...[\n    signCallback,\n    publicKey,\n    transportEd25519PublicKey,\n    action,\n    intentId,\n    accountAddress,\n  ]: CreateSerializedAccountInfoArgs<AnySignCallback>\n): AccountConnectInfoSerialized | Promise<AccountConnectInfoSerialized> {\n  // TODO: WRITE TESTS FOR THIS!\n\n  // Either the passed in Pk, or the Pk derived from the Sk\n  const authKey = publicKey.authKey();\n\n  // Either the passed in account address, or the one derived from the authKey: (either Pk, or derived from Sk)\n  const finalAccountAddress =\n    accountAddress || authKey.derivedAddress().toString();\n  const publicKeyB64 = serializePublicKeyB64(publicKey);\n\n  const accountInfo: AccountConnectInfo = {\n    accountAddress: finalAccountAddress,\n    action,\n    intentId,\n    publicKeyB64,\n    timestampMillis: Date.now(),\n    transportEd25519PublicKeyB64: encodeBase64(transportEd25519PublicKey.key),\n  };\n  const accountInfoSerialized = JSON.stringify(accountInfo);\n  const accountInfoBytes = new TextEncoder().encode(accountInfoSerialized);\n  const accountInfoHash = sha3_256(accountInfoBytes);\n\n  const signature = signCallback(messageHash(accountInfoHash, 'ACCOUNT_INFO'));\n  if (signature instanceof Promise) {\n    return signature.then((value) => ({\n      accountInfoSerialized,\n      signatureB64: serializeSignatureB64(value),\n    }));\n  }\n  return {\n    accountInfoSerialized,\n    signatureB64: serializeSignatureB64(signature),\n  };\n}\n\nexport async function aptosAccountToSerializedInfo(\n  account: Account,\n  intentId: string,\n): Promise<AccountConnectInfoSerialized> {\n  const signCallback = async (data: Uint8Array) => account.sign(data);\n  const transportKey = await deriveAccountTransportEd25519Keypair(\n    signCallback,\n    account.publicKey,\n  );\n  return createSerializedAccountInfo(\n    signCallback,\n    account.publicKey,\n    transportKey.publicKey,\n    AccountConnectionAction.ADD,\n    intentId,\n  );\n}\n"],"mappings":";AAGA,SAAS,wBAA8C;AACvD,SAAS,gBAAgB;AACzB,OAAO,cAAc;AACrB,OAAOA,WAAU;;;ACHV,IAAM,0BAAN,cAAsC,MAAM;AAAC;AAE7C,IAAM,+BAAN,MAAM,sCAAqC,wBAAwB;AAAA,EACxE,YACE,SACO,OACP;AACA,UAAM,OAAO;AAFN;AAGP,SAAK,OAAO;AACZ,WAAO,eAAe,MAAM,8BAA6B,SAAS;AAAA,EACpE;AACF;AAEO,IAAM,kBAAN,MAAM,yBAAwB,wBAAwB;AAAA,EAC3D,YAAY,SAAiB;AAC3B,UAAM,OAAO;AACb,SAAK,OAAO;AACZ,WAAO,eAAe,MAAM,iBAAgB,SAAS;AAAA,EACvD;AACF;;;ACnBA,OAAO,UAAU;AAEV,IAAK,WAAL,kBAAKC,cAAL;AACL,EAAAA,UAAA,sBAAmB;AACnB,EAAAA,UAAA,sBAAmB;AACnB,EAAAA,UAAA,qBAAkB;AAClB,EAAAA,UAAA,qBAAkB;AAJR,SAAAA;AAAA,GAAA;AA+BL,SAAS,sBAAqC;AACnD,SAAO,gBAAgB,KAAK,IAAI,QAAQ,CAAC;AAC3C;AAEO,SAAS,uBAAuC;AACrD,SAAO,iBAAiB,KAAK,KAAK,QAAQ,CAAC;AAC7C;AAEO,SAAS,MACd,QACA,MASc;AACd,SAAO;AAAA,IACL,KAAK;AAAA,IACL;AAAA,EACF;AACF;AAEO,SAAS,iBAAiB,SAAqC;AACpE,SAAO;AAAA,IACL,WAAW,MAAM,QAAQ,WAAW,yCAAyB;AAAA,IAC7D,WAAW,MAAM,QAAQ,WAAW,yCAAyB;AAAA,EAC/D;AACF;AAEO,SAAS,gBAAgB,SAAoC;AAClE,SAAO;AAAA,IACL,WAAW,MAAM,QAAQ,WAAW,uCAAwB;AAAA,IAC5D,WAAW,MAAM,QAAQ,WAAW,uCAAwB;AAAA,EAC9D;AACF;AAEO,SAAS,6BAA6B,SAE1C;AACD,SAAO,yBAAyB,QAAQ,WAAW,SAAS;AAC9D;AAEO,SAAS,yBACd,uBACgB;AAChB,SAAO;AAAA,IACL,KAAK,KAAK,QAAQ,SAAS,sBAAsB,MAAM,GAAG,EAAE,CAAC;AAAA,EAC/D;AACF;AAEO,SAAS,aAAa,WAA+B;AAC1D,MAAI,WAAW,QAAQ;AACrB,WAAO,IAAI,WAAW,OAAO,KAAK,WAAW,QAAQ,CAAC;AAAA,EACxD;AACA,SAAO,WAAW,KAAK,KAAK,SAAS,GAAG,CAAC,MAAM,EAAE,YAAY,CAAC,CAAE;AAClE;AAEO,SAAS,aAAa,OAA2B;AACtD,MAAI,WAAW,QAAQ;AACrB,WAAO,OAAO,KAAK,KAAK,EAAE,SAAS,QAAQ;AAAA,EAC7C;AACA,SAAO,KAAK,MAAM,KAAK,OAAO,CAAC,MAAM,OAAO,cAAc,CAAC,CAAC,EAAE,KAAK,EAAE,CAAC;AACxE;AAEO,SAAS,iBACd,UACA,UACY;AACZ,QAAM,cAAc,IAAI,WAAW,SAAS,SAAS,SAAS,MAAM;AACpE,cAAY,IAAI,QAAQ;AACxB,cAAY,IAAI,UAAU,SAAS,MAAM;AACzC,SAAO;AACT;;;AFlFO,IAAM,mBAAmB;AAkBzB,SAAS,yCACd,kBACA,cACiB;AACjB,QAAM,kBAAkB,SAAS;AAAA,IAC/B,iBAAiB,IAAI,MAAM,GAAG,EAAE;AAAA,EAClC;AACA,MAAI,CAAC,iBAAiB;AACpB,UAAM,IAAI,MAAM,GAAG,YAAY,oCAAoC;AAAA,EACrE;AACA,SAAO,MAAM,wDAAyC;AACxD;AAOO,SAAS,yCACd,kBACiB;AACjB,QAAM,kBAAkB,SAAS;AAAA,IAC/B,iBAAiB,IAAI,MAAM,GAAG,EAAE;AAAA,EAClC;AACA,SAAO,MAAM,wDAAyC;AACxD;AACO,SAAS,0BACd,KAC4B;AAC5B,SAAO;AAAA,IACL,UAAU,aAAa,IAAI,KAAK;AAAA,IAChC,YAAY,aAAa,IAAI,OAAO;AAAA,EACtC;AACF;AAEO,SAAS,4BACd,KACkB;AAClB,SAAO;AAAA,IACL,OAAO,aAAa,IAAI,QAAQ;AAAA,IAChC,SAAS,aAAa,IAAI,UAAU;AAAA,EACtC;AACF;AAUO,SAAS,kCACd,uBACA,0BACA,KACG;AACH,QAAM,MAAM,4BAA4B,GAAG;AAC3C,SAAO;AAAA,IACL;AAAA,IACA;AAAA,IACA,IAAI;AAAA,IACJ,IAAI;AAAA,EACN;AACF;AASO,SAAS,wCACd,uBACA,yBACA,KACG;AACH,QAAM,MAAM,4BAA4B,GAAG;AAC3C,SAAO;AAAA,IACL;AAAA,IACA;AAAA,IACA,IAAI;AAAA,IACJ,IAAI;AAAA,EACN;AACF;AASO,SAAS,eACd,uBACA,0BACA,SACkB;AAElB,QAAM,0BAA0B;AAAA,IAC9B;AAAA,IACA;AAAA,EACF;AACA,SAAO;AAAA,IACL;AAAA,IACA;AAAA,IACA;AAAA,EACF;AACF;AAQO,SAAS,qBACd,uBACA,yBACA,SACkB;AAElB,QAAM,QAAQC,MAAK,YAAYA,MAAK,IAAI,WAAW;AAGnD,QAAM,eAAe,IAAI,YAAY,EAAE,OAAO,OAAO;AAErD,QAAM,UAAUA,MAAK;AAAA,IACnB;AAAA,IACA;AAAA,IACA,wBAAwB;AAAA,IACxB,sBAAsB,IAAI,MAAM,GAAG,EAAE;AAAA,EACvC;AAEA,SAAO,EAAE,OAAO,QAAQ;AAC1B;AASO,SAAS,cACd,uBACA,0BACA,SACkB;AAClB,QAAM,0BAA0B;AAAA,IAC9B;AAAA,IACA;AAAA,EACF;AACA,SAAO;AAAA,IACL;AAAA,IACA;AAAA,IACA;AAAA,EACF;AACF;AAQO,SAAS,oBACd,uBACA,yBACA,SACkB;AAClB,SAAO;AAAA,IACL;AAAA,IACA;AAAA,IACA,KAAK,UAAU,OAAO;AAAA,EACxB;AACF;AAUO,SAAS,eACd,uBACA,0BACA,gBACA,OACQ;AAER,QAAM,0BAA0B;AAAA,IAC9B;AAAA,EACF;AACA,SAAO;AAAA,IACL;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,EACF;AACF;AASO,SAAS,qBACd,uBACA,yBACA,gBACA,OACQ;AACR,MAAI;AACJ,MAAI;AACF,qBAAiBA,MAAK,IAAI;AAAA,MACxB;AAAA,MACA;AAAA,MACA,sBAAsB,IAAI,MAAM,GAAG,EAAE;AAAA,MACrC,wBAAwB,IAAI,MAAM,GAAG,EAAE;AAAA,IACzC;AAAA,EACF,SAAS,GAAQ;AACf,UAAM,IAAI,gBAAgB,8BAA8B,EAAE,OAAO,EAAE;AAAA,EACrE;AACA,MAAI,CAAC,gBAAgB;AACnB,UAAM,IAAI,gBAAgB,2BAA2B;AAAA,EACvD;AAGA,SAAO,IAAI,YAAY,EAAE,OAAO,cAAc;AAChD;AAUO,SAAS,cACd,uBACA,0BACA,gBACA,OACG;AACH,QAAM,0BAA0B;AAAA,IAC9B;AAAA,EACF;AACA,SAAO;AAAA,IACL;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,EACF;AACF;AASO,SAAS,oBACd,uBACA,yBACA,gBACA,OACG;AACH,QAAM,eAAe;AAAA,IACnB;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,EACF;AACA,SAAO,KAAK,MAAM,YAAY;AAChC;AAUO,SAAS,YAAY,SAAqB,SAA2B;AAC1E,QAAM,sBAAsB,IAAI;AAAA,IAC9B,SAAS,GAAG,gBAAgB,KAAK,OAAO,IAAI;AAAA,EAC9C;AACA,SAAO,IAAI;AAAA,IACT,SAAS,iBAAiB,qBAAqB,OAAO,CAAC;AAAA,EACzD;AACF;AAEO,SAAS,yBACd,SACA,yBACA,SACA;AACA,SAAOA,MAAK,KAAK;AAAA,IACf,YAAY,SAAS,OAAO;AAAA,IAC5B,wBAAwB;AAAA,EAC1B;AACF;AAGO,SAAS,mDACd,yBACc;AACd,SAAO,OAAO,YACZ,IAAI;AAAA,IACFA,MAAK,KAAK,SAAS,SAAS,wBAAwB,GAAG;AAAA,EACzD;AACJ;AAEO,SAAS,gBACd,SACA,WACA,kBACA,SACS;AACT,SAAO,iBAAiB,gBAAgB;AAAA,IACtC,SAAS,YAAY,SAAS,OAAO;AAAA,IACrC;AAAA,EACF,CAAC;AACH;AAEO,SAAS,uBACd,SACA,WACA,kBACA,SACS;AACT,QAAM,eACJ,mBAAmB,aAAa,UAAU,IAAI,YAAY,EAAE,OAAO,OAAO;AAC5E,QAAM,mBAAmB,SAAS,YAAY;AAC9C,SAAO;AAAA,IACL;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,EACF;AACF;;;AG1YA;AAAA,EACE,oBAAoB;AAAA,EACpB,oBAAAC;AAAA,EACA;AAAA,OACK;AACP,SAAS,YAAAC,iBAAgB;AAgFlB,IAAM,kBAA8C;AAAA,EACzD;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AACF,EAAE,KAAK;AAuDA,SAAS,kCAGd,gBAAyB,eAAuB;AAEhD,QAAM,eAAe,OAAO,KAAK,cAAc,EAAE;AAAA,IAAO,CAAC,MACvD,OAAO,KAAK,aAAa,EAAE,SAAS,CAAC;AAAA,EACvC;AACA,MAAI,aAAa,SAAS,GAAG;AAC3B,UAAM,QAAQ,aAAa,CAAC;AAC5B,UAAM,IAAI;AAAA,MACR,SAAS,KAAK;AAAA,MACd;AAAA,IACF;AAAA,EACF;AACF;AAEO,SAAS,qBAAqB,SAA2B;AAE9D,QAAM,cAAc,OAAO,KAAK,OAAO,EAAE,KAAK;AAC9C,QAAM,cAAc,YAAY;AAAA,IAC9B,CAAC,QAAQ,CAAC,gBAAgB,SAAS,GAAU;AAAA,EAC/C;AACA,QAAM,gBAAgB,gBAAgB;AAAA,IACpC,CAAC,QAAQ,CAAC,YAAY,SAAS,GAAU;AAAA,EAC3C;AACA,MAAI,YAAY,SAAS,KAAK,cAAc,SAAS,GAAG;AACtD,QAAI,iBACF,YAAY,SAAS,IAAI,SAAS,YAAY,KAAK,IAAI,CAAC,MAAM;AAChE,UAAM,mBACJ,cAAc,SAAS,IAAI,WAAW,cAAc,KAAK,IAAI,CAAC,MAAM;AACtE,qBACE,eAAe,SAAS,KAAK,iBAAiB,SAAS,IACnD,GAAG,cAAc,OACjB;AACN,UAAM,IAAI;AAAA,MACR,yDAAyD,cAAc,GAAG,gBAAgB;AAAA,MAC1F;AAAA,IACF;AAAA,EACF;AACF;AAEO,SAAS,6BACd,mBACuC;AACvC,QAAM,gBAAgB,KAAK;AAAA,IACzB,kBAAkB;AAAA,EACpB;AACA,SAAO;AAAA,IACL,GAAG;AAAA,IACH;AAAA,EACF;AACF;AAKO,SAAS,uBAId,wBACA,wBACA,0BACA,UACA,eACA,gBAC0B;AAC1B,QAAM,+BAA+B,oBAAoB;AACzD,QAAM,WAAW;AAAA,IACf;AAAA,IACA;AAAA,IACA;AAAA,IACA,6BAA6B;AAAA,EAC/B;AAEA,uBAAqB,QAAQ;AAC7B;AAAA,IACE;AAAA,IACA;AAAA,EACF;AAEA,SAAO;AAAA,IACL;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,EACF;AACF;AAEO,SAAS,kBACd,wBACA,0BACA,UACA,gCACkB;AAElB,SAAO;AAAA,IACL,6BAA6B,aAAa,yBAAyB,GAAG;AAAA,IACtE,2BAA2B,aAAa,uBAAuB,GAAG;AAAA,IAClE,0BAA0B,aAAa,+BAA+B,GAAG;AAAA,IACzE;AAAA,IACA,iBAAiB,KAAK,IAAI;AAAA,EAC5B;AACF;AAEO,SAAS,6CAId,wBACA,0BACA,UACA,gBACA,eACA,8BAC0B;AAC1B,QAAM,mBAAmB;AAAA,IACvB,6BAA6B;AAAA,IAC7B;AAAA,IACA;AAAA,EACF;AACA,QAAM,0BAA0B,0BAA0B,gBAAgB;AAC1E,QAAM,+BAA+B;AAAA,IACnC,wBAAwB;AAAA,EAC1B;AACA,QAAM,0BAA0B,KAAK,UAAU;AAAA,IAC7C,GAAG;AAAA,IACH,WAAW;AAAA,EACb,CAAC;AACD,QAAM,qBAAqB,IAAI,YAAY,EAAE,OAAO,uBAAuB;AAC3E,QAAM,mBAAmB;AAAA,IACvB;AAAA,IACA;AAAA,IACA;AAAA,EACF;AACA,SAAO;AAAA,IACL;AAAA,IACA;AAAA,IACA;AAAA,EACF;AACF;AAEA,SAAS,kCACP,oBACA,qBACY;AACZ,QAAM,yBAAyBC,UAAS,kBAAkB;AAC1D,QAAM,0BAA0BA,UAAS,mBAAmB;AAE5D,QAAM,eAAe,IAAI;AAAA,IACvB,uBAAuB,SAAS,wBAAwB;AAAA,EAC1D;AACA,eAAa,IAAI,sBAAsB;AACvC,eAAa,IAAI,yBAAyB,uBAAuB,MAAM;AAEvE,SAAOA,UAAS,YAAY;AAC9B;AAEA,SAAS,aACP,oBACA,qBACA,wBACA;AACA,QAAM,mBAAmB;AAAA,IACvB;AAAA,IACA;AAAA,EACF;AACA,QAAM,iBAAiB;AAAA,IACrB;AAAA,IACA;AAAA,IACA;AAAA,EACF;AACA,SAAO,IAAI,aAAa,cAAc,EAAE,SAAS;AACnD;AAEO,SAAS,wBACd,oBACA,qBACA,uBACA,wBACA;AACA,QAAM,mBAAmB,IAAIC;AAAA,IAC3B,IAAI,aAAa,qBAAqB,EAAE,aAAa;AAAA,EACvD;AACA,QAAM,kBAAkB,IAAI,sBAAsB,uBAAuB,GAAG;AAC5E,QAAM,mBAAmB;AAAA,IACvB;AAAA,IACA;AAAA,EACF;AACA,QAAM,kBAAkB;AAAA,IACtB;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,EACF;AACA,MAAI,CAAC,iBAAiB;AACpB,UAAM,IAAI;AAAA,MACR;AAAA,MACA;AAAA,IACF;AAAA,EACF;AACF;AAEO,SAAS,gBAId,wBACA,0BACA,SACoC;AACpC,QAAM,EAAE,yBAAyB,kBAAkB,wBAAwB,IACzE;AACF,QAAM,gBAAgB,KAAK,MAAM,uBAAuB;AAIxD,QAAM,oBAAoB,aAAa,wBAAwB,UAAU;AACzE,QAAM,mBAAmB,IAAI,YAAY,EAAE,OAAO,uBAAuB;AACzE;AAAA,IACE;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,EACF;AAGA,QAAM,4BAA4B,aAAa,uBAAuB,GAAG;AACzE,QAAM,uBACJ,cAAc,UAAU;AAC1B,MAAI,8BAA8B,sBAAsB;AACtD,UAAM,IAAI;AAAA,MACR;AAAA,MACA;AAAA,IACF;AAAA,EACF;AAEA,QAAM,6BAA6B;AAAA,IACjC,cAAc,UAAU;AAAA,EAC1B;AACA,QAAM,wBAAwB;AAAA,IAC5B;AAAA;AAAA,EAEF;AACA,QAAM,mBAAmB,4BAA4B,uBAAuB;AAC5E,QAAM,iBAAiB;AAAA,IACrB;AAAA,IACA;AAAA,IACA,iBAAiB;AAAA,IACjB,iBAAiB;AAAA,EACnB;AAEA,uBAAqB,cAAc,SAAS;AAC5C,oCAAkC,gBAAgB,aAAa;AAE/D,SAAO;AAAA,IACL;AAAA,IACA;AAAA,IACA;AAAA,EACF;AACF;;;ACzZA;AAAA,EACE;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,OACK;AACP;AAAA,EAEE,oBAAoBC;AAAA,EACpB;AAAA,EACA,oBAAAC;AAAA,EACA,OAAAC;AAAA,EAEA;AAAA,OAEK;AAGA,SAAS,sBAAsB,WAAsB;AAC1D,QAAM,aAAa,IAAI,WAAW;AAClC,qBAAmB,YAAY,SAAS;AACxC,SAAO,cAAc,WAAW,aAAa,CAAC;AAChD;AAEO,SAAS,wBAAwB,cAAsB;AAC5D,QAAM,sBAAsB,cAAc,YAAY;AACtD,QAAM,eAAe,IAAI,aAAa,mBAAmB;AACzD,SAAO,qBAAqB,YAAY;AAC1C;AAEO,SAAS,+BAA+B,qBAA6B;AAC1E,SAAO,IAAIC,uBAAsB,aAAa,mBAAmB,CAAC;AACpE;AAEO,SAAS,sBAAsB,WAAsB;AAC1D,QAAM,aAAa,IAAI,WAAW;AAClC,qBAAmB,YAAY,SAAS;AACxC,SAAO,cAAc,WAAW,aAAa,CAAC;AAChD;AAEO,SAAS,wBAAwB,cAAsB;AAC5D,QAAM,sBAAsB,cAAc,YAAY;AACtD,QAAM,eAAe,IAAI,aAAa,mBAAmB;AACzD,SAAO,qBAAqB,YAAY;AAC1C;AAEO,SAAS,+BAA+B,qBAA6B;AAC1E,QAAM,iBAAiBC,KAAI,aAAa,mBAAmB,EAAE,aAAa;AAC1E,SAAO,IAAIC,kBAAiB,cAAc;AAC5C;AAEO,SAAS,oCACd,qBACA;AACA,QAAM,YAAY,+BAA+B,mBAAmB;AACpE,SAAO,sBAAsB,SAAS;AACxC;;;ACzDA;AAAA,EAGE,aAAa;AAAA,OAER;AACP,SAAS,YAAAC,iBAAgB;AAYlB,IAAK,0BAAL,kBAAKC,6BAAL;AACL,EAAAA,yBAAA,SAAM;AACN,EAAAA,yBAAA,YAAS;AAFC,SAAAA;AAAA,GAAA;AAuFL,SAAS,qCACd,gCACA,WACA;AACA,QAAM,iBACJ,qBAAqB,iBACjB,UAAU,aAAa,IACvB,UAAU;AAChB,MAAI,0CAA0C,UAAU;AACtD,UAAM,qBAAqB,YAAY,gBAAgB,mBAAmB;AAC1E,UAAM,YAAY,+BAA+B,kBAAkB;AACnE,QAAI,qBAAqB,SAAS;AAChC,aAAO,UAAU;AAAA,QAAK,CAAC,UACrB,yBAAyB,MAAM,aAAa,CAAC;AAAA,MAC/C;AAAA,IACF;AACA,WAAO,yBAAyB,UAAU,aAAa,CAAC;AAAA,EAC1D;AAEA,QAAM,YAAY;AAAA,IAChB;AAAA,IACA;AAAA,IACA;AAAA,EACF;AACA,SAAO,yBAAyB,SAAS;AAC3C;AAuBO,SAAS,+BACX;AAAA,EACD;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AACF,GACsE;AAItE,QAAM,UAAU,UAAU,QAAQ;AAGlC,QAAM,sBACJ,kBAAkB,QAAQ,eAAe,EAAE,SAAS;AACtD,QAAM,eAAe,sBAAsB,SAAS;AAEpD,QAAM,cAAkC;AAAA,IACtC,gBAAgB;AAAA,IAChB;AAAA,IACA;AAAA,IACA;AAAA,IACA,iBAAiB,KAAK,IAAI;AAAA,IAC1B,8BAA8B,aAAa,0BAA0B,GAAG;AAAA,EAC1E;AACA,QAAM,wBAAwB,KAAK,UAAU,WAAW;AACxD,QAAM,mBAAmB,IAAI,YAAY,EAAE,OAAO,qBAAqB;AACvE,QAAM,kBAAkBC,UAAS,gBAAgB;AAEjD,QAAM,YAAY,aAAa,YAAY,iBAAiB,cAAc,CAAC;AAC3E,MAAI,qBAAqB,SAAS;AAChC,WAAO,UAAU,KAAK,CAAC,WAAW;AAAA,MAChC;AAAA,MACA,cAAc,sBAAsB,KAAK;AAAA,IAC3C,EAAE;AAAA,EACJ;AACA,SAAO;AAAA,IACL;AAAA,IACA,cAAc,sBAAsB,SAAS;AAAA,EAC/C;AACF;AAEA,eAAsB,6BACpB,SACA,UACuC;AACvC,QAAM,eAAe,OAAO,SAAqB,QAAQ,KAAK,IAAI;AAClE,QAAM,eAAe,MAAM;AAAA,IACzB;AAAA,IACA,QAAQ;AAAA,EACV;AACA,SAAO;AAAA,IACL;AAAA,IACA,QAAQ;AAAA,IACR,aAAa;AAAA,IACb;AAAA,IACA;AAAA,EACF;AACF;","names":["nacl","KeyTypes","nacl","Ed25519Signature","sha3_256","sha3_256","Ed25519Signature","AptosEd25519PublicKey","Ed25519Signature","Hex","AptosEd25519PublicKey","Hex","Ed25519Signature","sha3_256","AccountConnectionAction","sha3_256"]}