diff --git a/client/package-lock.json b/client/package-lock.json index bfafa83c..2d7f8d7a 100644 --- a/client/package-lock.json +++ b/client/package-lock.json @@ -1,12 +1,12 @@ { "name": "@bsv/wallet-toolbox-client", - "version": "1.7.12", + "version": "1.7.13", "lockfileVersion": 3, "requires": true, "packages": { "": { "name": "@bsv/wallet-toolbox-client", - "version": "1.7.12", + "version": "1.7.13", "license": "SEE LICENSE IN license.md", "dependencies": { "@bsv/sdk": "^1.9.9", diff --git a/client/package.json b/client/package.json index e3194be3..6aea93d9 100644 --- a/client/package.json +++ b/client/package.json @@ -1,6 +1,6 @@ { "name": "@bsv/wallet-toolbox-client", - "version": "1.7.12", + "version": "1.7.13", "description": "Client only Wallet Storage", "main": "./out/src/index.client.js", "types": "./out/src/index.client.d.ts", diff --git a/docs/client.md b/docs/client.md index 71b56f05..8bd105ff 100644 --- a/docs/client.md +++ b/docs/client.md @@ -4004,17 +4004,16 @@ encryptWalletMetadata?: boolean ###### Property permissionModules -A map of P-basket permission scheme modules. +A map of P-basket/protocol permission scheme modules. Keys are scheme IDs (e.g., "btms"), values are PermissionsModule instances. -Each module handles basket IDs of the form: `p ` +Each module handles basket/protocol names of the form: `p ` -The WalletPermissionManager detects P-prefix baskets and delegates +The WalletPermissionManager detects P-prefix baskets/protocols and delegates request/response transformation to the corresponding module. -If no module exists for a given schemeID, the wallet MUST reject access -according to the P-Baskets specification. +If no module exists for a given schemeID, the wallet will reject access. ```ts permissionModules?: Record @@ -4179,19 +4178,17 @@ Links: [API](#api), [Interfaces](#interfaces), [Classes](#classes), [Functions]( --- ##### Interface: PermissionsModule -A permissions module handles request/response transformation for a specific P-basket scheme. +A permissions module handles request/response transformation for a specific P-protocol or P-basket scheme under BRC-98/99. Modules are registered in the config mapped by their scheme ID. ```ts export interface PermissionsModule { onRequest(req: { method: string; - args: any[]; + args: object; originator: string; }): Promise<{ - method: string; - args: any[]; - originator: string; + args: object; }>; onResponse(res: any, context: { method: string; @@ -4203,23 +4200,21 @@ export interface PermissionsModule { ###### Method onRequest Transforms the request before it's passed to the underlying wallet. -Can modify method name, args, or originator as needed. +Can check and enforce permissions, throw errors, or modify any arguments as needed prior to invocation. ```ts onRequest(req: { method: string; - args: any[]; + args: object; originator: string; }): Promise<{ - method: string; - args: any[]; - originator: string; + args: object; }> ``` Returns -Transformed request that will be passed to the underlying wallet +Transformed arguments that will be passed to the underlying wallet Argument Details @@ -9000,6 +8995,7 @@ export class CWIStyleWalletManager implements WalletInterface { async provideRecoveryKey(recoveryKey: number[]): Promise saveSnapshot(): number[] async loadSnapshot(snapshot: number[]): Promise + async syncUMPToken(): Promise destroy(): void listProfiles(): Array<{ id: number[]; diff --git a/docs/wallet.md b/docs/wallet.md index 7e3c541a..590787e8 100644 --- a/docs/wallet.md +++ b/docs/wallet.md @@ -4003,17 +4003,16 @@ encryptWalletMetadata?: boolean ###### Property permissionModules -A map of P-basket permission scheme modules. +A map of P-basket/protocol permission scheme modules. Keys are scheme IDs (e.g., "btms"), values are PermissionsModule instances. -Each module handles basket IDs of the form: `p ` +Each module handles basket/protocol names of the form: `p ` -The WalletPermissionManager detects P-prefix baskets and delegates +The WalletPermissionManager detects P-prefix baskets/protocols and delegates request/response transformation to the corresponding module. -If no module exists for a given schemeID, the wallet MUST reject access -according to the P-Baskets specification. +If no module exists for a given schemeID, the wallet will reject access. ```ts permissionModules?: Record @@ -4178,19 +4177,17 @@ Links: [API](#api), [Interfaces](#interfaces), [Classes](#classes), [Functions]( --- ##### Interface: PermissionsModule -A permissions module handles request/response transformation for a specific P-basket scheme. +A permissions module handles request/response transformation for a specific P-protocol or P-basket scheme under BRC-98/99. Modules are registered in the config mapped by their scheme ID. ```ts export interface PermissionsModule { onRequest(req: { method: string; - args: any[]; + args: object; originator: string; }): Promise<{ - method: string; - args: any[]; - originator: string; + args: object; }>; onResponse(res: any, context: { method: string; @@ -4202,23 +4199,21 @@ export interface PermissionsModule { ###### Method onRequest Transforms the request before it's passed to the underlying wallet. -Can modify method name, args, or originator as needed. +Can check and enforce permissions, throw errors, or modify any arguments as needed prior to invocation. ```ts onRequest(req: { method: string; - args: any[]; + args: object; originator: string; }): Promise<{ - method: string; - args: any[]; - originator: string; + args: object; }> ``` Returns -Transformed request that will be passed to the underlying wallet +Transformed arguments that will be passed to the underlying wallet Argument Details @@ -8999,6 +8994,7 @@ export class CWIStyleWalletManager implements WalletInterface { async provideRecoveryKey(recoveryKey: number[]): Promise saveSnapshot(): number[] async loadSnapshot(snapshot: number[]): Promise + async syncUMPToken(): Promise destroy(): void listProfiles(): Array<{ id: number[]; diff --git a/mobile/package-lock.json b/mobile/package-lock.json index ff536807..1dc337cc 100644 --- a/mobile/package-lock.json +++ b/mobile/package-lock.json @@ -1,12 +1,12 @@ { "name": "@bsv/wallet-toolbox-mobile", - "version": "1.7.12", + "version": "1.7.13", "lockfileVersion": 3, "requires": true, "packages": { "": { "name": "@bsv/wallet-toolbox-mobile", - "version": "1.7.12", + "version": "1.7.13", "license": "SEE LICENSE IN license.md", "dependencies": { "@bsv/sdk": "^1.9.9" diff --git a/mobile/package.json b/mobile/package.json index b1763baf..8a57083d 100644 --- a/mobile/package.json +++ b/mobile/package.json @@ -1,6 +1,6 @@ { "name": "@bsv/wallet-toolbox-mobile", - "version": "1.7.12", + "version": "1.7.13", "description": "Client only Wallet Storage", "main": "./out/src/index.mobile.js", "types": "./out/src/index.mobile.d.ts", diff --git a/package-lock.json b/package-lock.json index ddde93e7..9a341e53 100644 --- a/package-lock.json +++ b/package-lock.json @@ -1,12 +1,12 @@ { "name": "@bsv/wallet-toolbox", - "version": "1.7.12", + "version": "1.7.13", "lockfileVersion": 3, "requires": true, "packages": { "": { "name": "@bsv/wallet-toolbox", - "version": "1.7.12", + "version": "1.7.13", "license": "SEE LICENSE IN license.md", "dependencies": { "@bsv/auth-express-middleware": "^1.2.3", diff --git a/package.json b/package.json index 5cda7f58..33d9f49e 100644 --- a/package.json +++ b/package.json @@ -1,6 +1,6 @@ { "name": "@bsv/wallet-toolbox", - "version": "1.7.12", + "version": "1.7.13", "description": "BRC100 conforming wallet, wallet storage and wallet signer components", "main": "./out/src/index.js", "types": "./out/src/index.d.ts", diff --git a/src/CWIStyleWalletManager.ts b/src/CWIStyleWalletManager.ts index 9f382985..1b2fb4a2 100644 --- a/src/CWIStyleWalletManager.ts +++ b/src/CWIStyleWalletManager.ts @@ -1044,6 +1044,40 @@ export class CWIStyleWalletManager implements WalletInterface { } } + async syncUMPToken(): Promise { + if (!this.authenticated || !this.currentUMPToken || !this.rootPrimaryKey) { + throw new Error('Wallet not authenticated or missing UMP token.') + } + + const currentToken = this.currentUMPToken + let refreshed: UMPToken | undefined + + if (currentToken.presentationHash && currentToken.presentationHash.length) { + refreshed = await this.UMPTokenInteractor.findByPresentationKeyHash(currentToken.presentationHash) + } + + if (!refreshed && currentToken.recoveryHash && currentToken.recoveryHash.length) { + refreshed = await this.UMPTokenInteractor.findByRecoveryKeyHash(currentToken.recoveryHash) + } + + if (!refreshed) { + return false + } + + if ( + refreshed.currentOutpoint && + currentToken.currentOutpoint && + refreshed.currentOutpoint === currentToken.currentOutpoint + ) { + return false + } + + this.currentUMPToken = refreshed + await this.setupRootInfrastructure(this.rootPrimaryKey) + this.saveSnapshot() + return true + } + /** * Destroys the wallet state, clearing keys, tokens, and profiles. */ diff --git a/src/__tests/CWIStyleWalletManager.test.d.ts.map b/src/__tests/CWIStyleWalletManager.test.d.ts.map new file mode 100644 index 00000000..634133a7 --- /dev/null +++ b/src/__tests/CWIStyleWalletManager.test.d.ts.map @@ -0,0 +1 @@ +{"version":3,"file":"CWIStyleWalletManager.test.d.ts","sourceRoot":"","sources":["../../../src/__tests/CWIStyleWalletManager.test.ts"],"names":[],"mappings":""} \ No newline at end of file diff --git a/src/__tests/CWIStyleWalletManager.test.js b/src/__tests/CWIStyleWalletManager.test.js new file mode 100644 index 00000000..840e78b6 --- /dev/null +++ b/src/__tests/CWIStyleWalletManager.test.js @@ -0,0 +1,530 @@ +"use strict"; +Object.defineProperty(exports, "__esModule", { value: true }); +const sdk_1 = require("@bsv/sdk"); +const sdk_2 = require("../sdk"); +const CWIStyleWalletManager_1 = require("../CWIStyleWalletManager"); +const globals_1 = require("@jest/globals"); +globals_1.jest.useFakeTimers(); +// ------------------------------------------------------------------------------------------ +// Mocks and Utilities +// ------------------------------------------------------------------------------------------ +/** A utility to create an Outpoint string for test usage. */ +function makeOutpoint(txid, vout) { + return `${txid}:${vout}`; +} +/** + * A mock underlying WalletInterface to verify that proxy methods: + * 1. Are not callable if not authenticated + * 2. Are disallowed if originator is admin + * 3. Forward to the real method if conditions pass + */ +const mockUnderlyingWallet = { + getPublicKey: globals_1.jest.fn(), + revealCounterpartyKeyLinkage: globals_1.jest.fn(), + revealSpecificKeyLinkage: globals_1.jest.fn(), + encrypt: globals_1.jest.fn(), + decrypt: globals_1.jest.fn(), + createHmac: globals_1.jest.fn(), + verifyHmac: globals_1.jest.fn(), + createSignature: globals_1.jest.fn(), + verifySignature: globals_1.jest.fn(), + createAction: globals_1.jest.fn(), + signAction: globals_1.jest.fn(), + abortAction: globals_1.jest.fn(), + listActions: globals_1.jest.fn(), + internalizeAction: globals_1.jest.fn(), + listOutputs: globals_1.jest.fn(), + relinquishOutput: globals_1.jest.fn(), + acquireCertificate: globals_1.jest.fn(), + listCertificates: globals_1.jest.fn(), + proveCertificate: globals_1.jest.fn(), + relinquishCertificate: globals_1.jest.fn(), + discoverByIdentityKey: globals_1.jest.fn(), + discoverByAttributes: globals_1.jest.fn(), + isAuthenticated: globals_1.jest.fn(), + waitForAuthentication: globals_1.jest.fn(), + getHeight: globals_1.jest.fn(), + getHeaderForHeight: globals_1.jest.fn(), + getNetwork: globals_1.jest.fn(), + getVersion: globals_1.jest.fn() +}; +/** + * A mock function that simulates building an underlying wallet. + */ +const mockWalletBuilder = globals_1.jest.fn(async (primaryKey, privilegedKeyManager) => { + // Return our mock underlying wallet object. + return mockUnderlyingWallet; +}); +/** + * A mock UMPTokenInteractor implementation. + * We can track whether buildAndSend is called with the right arguments, etc. + */ +const mockUMPTokenInteractor = { + findByPresentationKeyHash: globals_1.jest.fn(async (hash) => undefined), + findByRecoveryKeyHash: globals_1.jest.fn(async (hash) => undefined), + buildAndSend: globals_1.jest.fn(async (wallet, admin, token, oldToken) => 'abcd.0') +}; +/** + * A mock "recoveryKeySaver" that claims it always saved the key successfully. + */ +const mockRecoveryKeySaver = globals_1.jest.fn(async (key) => true); +/** + * A mock "passwordRetriever" that we can customize to return a specific password + * or throw if needed. + */ +const mockPasswordRetriever = globals_1.jest.fn(async () => 'test-password'); +const XOR = (n1, n2) => { + if (n1.length !== n2.length) { + throw new Error('lengths mismatch'); + } + const r = new Array(n1.length); + for (let i = 0; i < n1.length; i++) { + r[i] = n1[i] ^ n2[i]; + } + return r; +}; +// Generate some globals +const presentationKey = (0, sdk_1.Random)(32); +const recoveryKey = (0, sdk_1.Random)(32); +const passwordSalt = (0, sdk_1.Random)(32); +const passwordKey = sdk_1.Hash.pbkdf2(sdk_1.Utils.toArray('test-password', 'utf8'), passwordSalt, CWIStyleWalletManager_1.PBKDF2_NUM_ROUNDS, 32, 'sha512'); +const primaryKey = (0, sdk_1.Random)(32); +const privilegedKey = (0, sdk_1.Random)(32); +/** + * A helper function to create a minimal valid UMP token. + * This can be used to mock a stored token for existing users. + */ +async function createMockUMPToken() { + const presentationPassword = new sdk_1.SymmetricKey(XOR(presentationKey, passwordKey)); + const presentationRecovery = new sdk_1.SymmetricKey(XOR(presentationKey, recoveryKey)); + const recoveryPassword = new sdk_1.SymmetricKey(XOR(recoveryKey, passwordKey)); + const primaryPassword = new sdk_1.SymmetricKey(XOR(primaryKey, passwordKey)); + const tempPrivilegedKeyManager = new sdk_2.PrivilegedKeyManager(async () => new sdk_1.PrivateKey(privilegedKey)); + return { + passwordSalt, + passwordPresentationPrimary: presentationPassword.encrypt(primaryKey), + passwordRecoveryPrimary: recoveryPassword.encrypt(primaryKey), + presentationRecoveryPrimary: presentationRecovery.encrypt(primaryKey), + passwordPrimaryPrivileged: primaryPassword.encrypt(privilegedKey), + presentationRecoveryPrivileged: presentationRecovery.encrypt(privilegedKey), + presentationHash: sdk_1.Hash.sha256(presentationKey), + recoveryHash: sdk_1.Hash.sha256(recoveryKey), + presentationKeyEncrypted: (await tempPrivilegedKeyManager.encrypt({ + plaintext: presentationKey, + protocolID: [2, 'admin key wrapping'], + keyID: '1' + })).ciphertext, + passwordKeyEncrypted: (await tempPrivilegedKeyManager.encrypt({ + plaintext: passwordKey, + protocolID: [2, 'admin key wrapping'], + keyID: '1' + })).ciphertext, + recoveryKeyEncrypted: (await tempPrivilegedKeyManager.encrypt({ + plaintext: recoveryKey, + protocolID: [2, 'admin key wrapping'], + keyID: '1' + })).ciphertext, + currentOutpoint: 'abcd:0' + }; +} +describe('CWIStyleWalletManager Tests', () => { + let manager; + beforeEach(() => { + // Reset all mock calls + globals_1.jest.clearAllMocks(); + // We create a new manager for each test, with no initial snapshot + manager = new CWIStyleWalletManager_1.CWIStyleWalletManager('admin.walletvendor.com', // admin originator + mockWalletBuilder, mockUMPTokenInteractor, mockRecoveryKeySaver, mockPasswordRetriever + // no state snapshot + ); + }); + // ---------------------------------------------------------------------------------------- + // Private method tests (just to ensure coverage). + // We'll call them via (manager as any).somePrivateMethod(...) if needed. + // ---------------------------------------------------------------------------------------- + test('XOR function: verifies correctness', () => { + const fnXOR = manager.XOR; + const a = [0x00, 0xff, 0xaa]; + const b = [0xff, 0xff, 0x55]; + const result = fnXOR(a, b); + // 0x00 ^ 0xFF = 0xFF + // 0xFF ^ 0xFF = 0x00 + // 0xAA ^ 0x55 = 0xFF + expect(result).toEqual([0xff, 0x00, 0xff]); + }); + // ---------------------------------------------------------------------------------------- + // Authentication flows + // ---------------------------------------------------------------------------------------- + describe('New user flow: presentation + password', () => { + test('Successfully creates a new token and calls buildAndSend', async () => { + // New wallet funder is a mock function + const newWalletFunder = globals_1.jest.fn(() => { }); + manager.newWalletFunder = newWalletFunder; + mockUMPTokenInteractor.findByPresentationKeyHash.mockResolvedValueOnce(undefined); + // Provide a presentation key + await manager.providePresentationKey(presentationKey); + expect(manager.authenticationFlow).toBe('new-user'); + // Provide a password + mockPasswordRetriever.mockResolvedValueOnce('dummy-password'); + await manager.providePassword('dummy-password'); + // The wallet should now be built, so manager is authenticated + expect(manager.authenticated).toBe(true); + // Recovery key saver should have been called + expect(mockRecoveryKeySaver).toHaveBeenCalledTimes(1); + // The underlying wallet builder should have been called exactly once + expect(mockWalletBuilder).toHaveBeenCalledTimes(1); + // The manager should have called buildAndSend on the interactor + expect(mockUMPTokenInteractor.buildAndSend).toHaveBeenCalledTimes(1); + const buildArgs = mockUMPTokenInteractor.buildAndSend.mock.calls[0]; + // [0] => the wallet, [1] => adminOriginator, [2] => newToken, [3] => oldToken + expect(buildArgs[1]).toBe('admin.walletvendor.com'); + expect(buildArgs[2]).toHaveProperty('presentationHash'); + expect(buildArgs[3]).toBeUndefined(); // Because it's a new user (no old token) + expect(newWalletFunder).toHaveBeenCalled(); // New wallet funder should have been called + }); + test('Throws if user tries to provide recovery key during new-user flow', async () => { + // Mark it as new user flow by no token found + ; + mockUMPTokenInteractor.findByPresentationKeyHash.mockResolvedValueOnce(undefined); + await manager.providePresentationKey(Array.from({ length: 32 }, () => 1)); + await expect(manager.provideRecoveryKey(Array.from({ length: 32 }, () => 2))).rejects.toThrow('Do not submit recovery key in new-user flow'); + }); + }); + describe('Existing user flow: presentation + password', () => { + test('Decryption of primary key and building the wallet', async () => { + // Provide a mock UMP token + const mockToken = await createMockUMPToken(); + mockUMPTokenInteractor.findByPresentationKeyHash.mockResolvedValueOnce(mockToken); + // Provide presentation + await manager.providePresentationKey(presentationKey); + expect(manager.authenticationFlow).toBe('existing-user'); + // Provide password + // The manager's internal code will do PBKDF2 with the password + token.passwordSalt + // Then XOR that with the presentation key for decryption. + await manager.providePassword('test-password'); + // Check that manager is authenticated + expect(manager.authenticated).toBe(true); + // Underlying wallet is built + expect(mockWalletBuilder).toHaveBeenCalledTimes(1); + }); + }); + describe('Existing user flow: presentation + recovery key', () => { + beforeEach(async () => { + manager.authenticationMode = 'presentation-key-and-recovery-key'; + manager.authenticationFlow = 'existing-user'; + }); + test('Successfully decrypts with presentation+recovery', async () => { + // Provide a mock UMP token + const mockToken = await createMockUMPToken(); + mockUMPTokenInteractor.findByPresentationKeyHash.mockResolvedValueOnce(mockToken); + await manager.providePresentationKey(presentationKey); + // Provide the recovery key. + // In "presentation-key-and-recovery-key" mode, the manager won't need the password at all. + await manager.provideRecoveryKey(recoveryKey); + expect(manager.authenticated).toBe(true); + expect(mockWalletBuilder).toHaveBeenCalledTimes(1); + }); + test('Throws if presentation key not provided first', async () => { + const recoveryKey = Array.from({ length: 32 }, () => 8); + await expect(manager.provideRecoveryKey(recoveryKey)).rejects.toThrow('Provide the presentation key first'); + }); + }); + describe('Existing user flow: recovery key + password', () => { + beforeEach(async () => { + manager.authenticationMode = 'recovery-key-and-password'; + manager.authenticationFlow = 'existing-user'; + }); + test('Works with correct keys, sets mode as existing-user', async () => { + const mockToken = await createMockUMPToken(); + mockUMPTokenInteractor.findByRecoveryKeyHash.mockResolvedValueOnce(mockToken); + // Provide recovery key + await manager.provideRecoveryKey(recoveryKey); + // Provide password + await manager.providePassword('test-password'); + expect(manager.authenticated).toBe(true); + expect(mockWalletBuilder).toHaveBeenCalledTimes(1); + }); + test('Throws if no token found by recovery key hash', async () => { + ; + mockUMPTokenInteractor.findByRecoveryKeyHash.mockResolvedValueOnce(undefined); + await expect(manager.provideRecoveryKey(recoveryKey)).rejects.toThrow('No user found with this recovery key'); + }); + }); + // ---------------------------------------------------------------------------------------- + // Snapshots + // ---------------------------------------------------------------------------------------- + describe('saveSnapshot / loadSnapshot', () => { + test('Saves a snapshot and can load it into a fresh manager instance', async () => { + // We'll do a new user flow so that manager is authenticated with a real token. + ; + mockUMPTokenInteractor.findByPresentationKeyHash.mockResolvedValueOnce(undefined); + const presKey = Array.from({ length: 32 }, () => 0xa1); + await manager.providePresentationKey(presKey); + await manager.providePassword('mypassword'); // triggers creation of new user + const snapshot = manager.saveSnapshot(); + expect(Array.isArray(snapshot)).toBe(true); + expect(snapshot.length).toBeGreaterThan(64); // 32 bytes + encrypted data + // Now create a fresh manager: + const freshManager = new CWIStyleWalletManager_1.CWIStyleWalletManager('admin.walletvendor.com', mockWalletBuilder, mockUMPTokenInteractor, mockRecoveryKeySaver, mockPasswordRetriever); + // Not authenticated yet + await expect(() => freshManager.getPublicKey({ identityKey: true })).rejects.toThrow('User is not authenticated'); + // Load the snapshot + await freshManager.loadSnapshot(snapshot); + // The fresh manager is now authenticated (underlying wallet will be built). + await expect(freshManager.getPublicKey({ identityKey: true })).resolves.not.toThrow(); + // It calls walletBuilder again + expect(mockWalletBuilder).toHaveBeenCalledTimes(2); // once for the old manager, once for the fresh + }); + test('Throws error if saving snapshot while no primary key or token set', async () => { + // Manager is not yet authenticated + expect(() => manager.saveSnapshot()).toThrow('No root primary key or current UMP token set'); + }); + test('Throws if snapshot is corrupt or cannot be decrypted', async () => { + // Attempt to load an invalid snapshot + await expect(() => manager.loadSnapshot([1, 2, 3])).rejects.toThrow('Failed to load snapshot'); + }); + }); + // ---------------------------------------------------------------------------------------- + // Changing Keys + // ---------------------------------------------------------------------------------------- + describe('Change Password', () => { + test('Requires authentication and updates the UMP token on-chain', async () => { + ; + mockUMPTokenInteractor.findByPresentationKeyHash.mockResolvedValueOnce(undefined); + manager = new CWIStyleWalletManager_1.CWIStyleWalletManager('admin.walletvendor.com', mockWalletBuilder, mockUMPTokenInteractor, mockRecoveryKeySaver, async () => 'test-password'); + await manager.providePresentationKey(presentationKey); + await manager.providePassword('test-password'); + expect(manager.authenticated).toBe(true); + await manager.changePassword('new-pass'); + expect(mockUMPTokenInteractor.buildAndSend).toHaveBeenCalledTimes(2); + }); + test('Throws if not authenticated', async () => { + await expect(manager.changePassword('test-password')).rejects.toThrow('Not authenticated or missing required data.'); + }); + }); + describe('Change Recovery Key', () => { + test('Prompts to save the new key, updates the token', async () => { + ; + mockUMPTokenInteractor.findByPresentationKeyHash.mockResolvedValueOnce(undefined); + manager = new CWIStyleWalletManager_1.CWIStyleWalletManager('admin.walletvendor.com', mockWalletBuilder, mockUMPTokenInteractor, mockRecoveryKeySaver, async () => 'test-password'); + await manager.providePresentationKey(presentationKey); + await manager.providePassword('test-password'); + expect(manager.authenticated).toBe(true); + mockUMPTokenInteractor.buildAndSend.mockResolvedValueOnce(makeOutpoint('rcv1', 0)); + await manager.changeRecoveryKey(); + // The user is prompted to store the new key + expect(mockRecoveryKeySaver).toHaveBeenCalledTimes(2); // once when user created, once after changed + // The UMP token is updated + expect(mockUMPTokenInteractor.buildAndSend).toHaveBeenCalledTimes(2); + }); + test('Throws if not authenticated', async () => { + await expect(manager.changeRecoveryKey()).rejects.toThrow('Not authenticated or missing required data.'); + }); + }); + describe('Change Presentation Key', () => { + test('Requires authentication, re-publishes the token, old token consumed', async () => { + ; + mockUMPTokenInteractor.findByPresentationKeyHash.mockResolvedValueOnce(undefined); + manager = new CWIStyleWalletManager_1.CWIStyleWalletManager('admin.walletvendor.com', mockWalletBuilder, mockUMPTokenInteractor, mockRecoveryKeySaver, async () => 'test-password'); + await manager.providePresentationKey(presentationKey); + await manager.providePassword('test-password'); + expect(manager.authenticated).toBe(true); + mockUMPTokenInteractor.buildAndSend.mockResolvedValueOnce(makeOutpoint('rcv1', 0)); + const newPresKey = Array.from({ length: 32 }, () => 0xee); + await manager.changePresentationKey(newPresKey); + expect(mockUMPTokenInteractor.buildAndSend).toHaveBeenCalledTimes(2); + }); + }); + describe('Profile management', () => { + test('addProfile adds a new profile and updates the UMP token', async () => { + ; + mockUMPTokenInteractor.findByPresentationKeyHash.mockResolvedValueOnce(undefined); + await manager.providePresentationKey(presentationKey); + await manager.providePassword('test-password'); + expect(manager.authenticated).toBe(true); + const initialProfiles = manager.listProfiles(); + expect(initialProfiles).toHaveLength(1); + expect(initialProfiles[0].name).toBe('default'); + const getFactorSpy = globals_1.jest + .spyOn(manager, 'getFactor') + .mockImplementation(async () => (0, sdk_1.Random)(32)); + mockUMPTokenInteractor.buildAndSend.mockClear(); + const newProfileId = await manager.addProfile('Work'); + expect(Array.isArray(newProfileId)).toBe(true); + expect(newProfileId.length).toBe(16); + const updatedProfiles = manager.listProfiles(); + expect(updatedProfiles).toHaveLength(2); + const workProfile = updatedProfiles.find(p => p.name === 'Work'); + expect(workProfile).toBeDefined(); + expect(workProfile.active).toBe(false); + // UMP token should have been updated on-chain + expect(mockUMPTokenInteractor.buildAndSend).toHaveBeenCalledTimes(1); + getFactorSpy.mockRestore(); + }); + test('syncUMPToken refreshes UMP token and profiles from overlay when newer token exists', async () => { + ; + mockUMPTokenInteractor.findByPresentationKeyHash.mockResolvedValueOnce(undefined); + await manager.providePresentationKey(presentationKey); + await manager.providePassword('test-password'); + expect(manager.authenticated).toBe(true); + const originalToken = manager.currentUMPToken; + const rootPrimaryKey = manager.rootPrimaryKey; + const extraProfile = { + name: 'overlay-profile', + id: (0, sdk_1.Random)(16), + primaryPad: (0, sdk_1.Random)(32), + privilegedPad: (0, sdk_1.Random)(32), + createdAt: Math.floor(Date.now() / 1000) + }; + const profilesJson = JSON.stringify([extraProfile]); + const profilesBytes = sdk_1.Utils.toArray(profilesJson, 'utf8'); + const profilesEncrypted = new sdk_1.SymmetricKey(rootPrimaryKey).encrypt(profilesBytes); + const updatedToken = { + ...originalToken, + currentOutpoint: makeOutpoint('overlay-tx', 0), + profilesEncrypted + }; + const saveSnapshotSpy = globals_1.jest.spyOn(manager, 'saveSnapshot'); + mockUMPTokenInteractor.findByPresentationKeyHash.mockResolvedValueOnce(updatedToken); + const result = await manager.syncUMPToken(); + expect(result).toBe(true); + expect(saveSnapshotSpy).toHaveBeenCalled(); + saveSnapshotSpy.mockRestore(); + const profiles = manager.listProfiles(); + expect(profiles.some(p => p.name === 'overlay-profile')).toBe(true); + }); + }); + test('Destroy callback clears sensitive data', async () => { + // authenticate as new user + ; + mockUMPTokenInteractor.findByPresentationKeyHash.mockResolvedValueOnce(undefined); + await manager.providePresentationKey(Array.from({ length: 32 }, () => 12)); + await manager.providePassword('some-pass'); + // manager is authenticated + expect(manager.authenticated).toBe(true); + // Destroy + manager.destroy(); + expect(manager.authenticated).toBe(false); + // And we can confirm that manager won't allow calls + await expect(() => manager.getPublicKey({ identityKey: true })).rejects.toThrow('User is not authenticated'); + }); + // ---------------------------------------------------------------------------------------- + // Proxies / originator checks + // ---------------------------------------------------------------------------------------- + describe('Proxy method calls', () => { + beforeEach(async () => { + // authenticate + ; + mockUMPTokenInteractor.findByPresentationKeyHash.mockResolvedValueOnce(undefined); + await manager.providePresentationKey(presentationKey); + await manager.providePassword('test-password'); + }); + test('Throws if user is not authenticated', async () => { + // force de-auth + ; + manager.authenticated = false; + await expect(() => manager.getPublicKey({ identityKey: true })).rejects.toThrow('User is not authenticated.'); + }); + test('Throws if originator is adminOriginator', async () => { + await expect(manager.getPublicKey({ identityKey: true }, 'admin.walletvendor.com')).rejects.toThrow('External applications are not allowed to use the admin originator.'); + }); + test('Passes if user is authenticated and originator is not admin', async () => { + await manager.getPublicKey({ identityKey: true }, 'example.com'); + expect(mockUnderlyingWallet.getPublicKey).toHaveBeenCalledTimes(1); + }); + test('All proxied methods call underlying with correct arguments', async () => { + // We'll do a quick spot-check of a few methods: + await manager.encrypt({ plaintext: [1, 2, 3], protocolID: [1, 'tests'], keyID: '1' }, 'mydomain.com'); + expect(mockUnderlyingWallet.encrypt).toHaveBeenCalledWith({ plaintext: [1, 2, 3], protocolID: [1, 'tests'], keyID: '1' }, 'mydomain.com'); + // TODO: Test all other proxied methods + }); + test('isAuthenticated() rejects if originator is admin, resolves otherwise', async () => { + // If admin tries: + await expect(manager.isAuthenticated({}, 'admin.walletvendor.com')).rejects.toThrow('External applications are not allowed to use the admin originator.'); + // If normal domain: + const result = await manager.isAuthenticated({}, 'normal.com'); + expect(result).toEqual({ authenticated: true }); + }); + test('waitForAuthentication() eventually resolves', async () => { + // Already authenticated from beforeEach. So it should immediately return. + await manager.waitForAuthentication({}, 'normal.com'); + expect(mockUnderlyingWallet.waitForAuthentication).toHaveBeenCalledTimes(1); + }); + }); + describe('Additional Tests for Password Retriever Callback, Privileged Key Expiry, and UMP Token Serialization', () => { + let manager; + beforeEach(() => { + globals_1.jest.clearAllMocks(); + manager = new CWIStyleWalletManager_1.CWIStyleWalletManager('admin.walletvendor.com', mockWalletBuilder, mockUMPTokenInteractor, mockRecoveryKeySaver, mockPasswordRetriever); + }); + test('serializeUMPToken and deserializeUMPToken correctly round-trip a UMP token', async () => { + const token = await createMockUMPToken(); + // We need a token with a currentOutpoint for serialization. + expect(token.currentOutpoint).toBeDefined(); + const serializeFn = manager.serializeUMPToken; + const deserializeFn = manager.deserializeUMPToken; + const serialized = serializeFn(token); + expect(Array.isArray(serialized)).toBe(true); + expect(serialized.length).toBeGreaterThan(0); + const deserialized = deserializeFn(serialized); + expect(deserialized).toEqual(token); + }); + test('Password retriever callback: the test function is passed and returns a boolean', async () => { + let capturedTestFn = null; + const customPasswordRetriever = globals_1.jest.fn(async (reason, testFn) => { + capturedTestFn = testFn; + // In a real scenario the test function would validate a candidate. + // For our test we simply return the correct password. + return 'test-password'; + }); + manager.passwordRetriever = customPasswordRetriever; + mockUMPTokenInteractor.findByPresentationKeyHash.mockResolvedValueOnce(undefined); + await manager.providePresentationKey(presentationKey); + await manager.providePassword('test-password'); + expect(manager.authenticated).toBe(true); + // Clear the privileged key so the callback gets ran + globals_1.jest.advanceTimersByTime(121000); + // Let's trigger a privileged operation + await manager.changePassword('test-password'); // trigger some privileged operation... + expect(customPasswordRetriever).toHaveBeenCalled(); + expect(capturedTestFn).not.toBeNull(); + // Since the internal test function is defined inline, we simply check that its output is a boolean. + // (Its logic uses the outer scope and may not use its argument correctly, but we verify that it at least returns a boolean.) + const testResult = capturedTestFn('any-input'); + expect(typeof testResult).toBe('boolean'); + expect(capturedTestFn('any-input')).toBe(false); + expect(capturedTestFn('test-password')).toBe(true); + }); + test('Privileged key expiry: each call to decrypt via the privileged manager invokes passwordRetriever', async () => { + // In a new-user flow, buildUnderlying is called without a privilegedKey, + // so any later use of the privileged manager will trigger a password prompt. + const customPasswordRetriever = globals_1.jest.fn(async (reason, testFn) => { + return 'test-password'; + }); + manager.passwordRetriever = customPasswordRetriever; + mockUMPTokenInteractor.findByPresentationKeyHash.mockResolvedValueOnce(undefined); + await manager.providePresentationKey(presentationKey); + await manager.providePassword('test-password'); + // Clear any calls recorded during authentication. + customPasswordRetriever.mockClear(); + // Call the underlying privileged key manager’s decrypt twice. + // (For example, we use the ciphertext from one of the token’s encrypted fields.) + await manager.rootPrivilegedKeyManager.decrypt({ + ciphertext: manager.currentUMPToken.passwordKeyEncrypted, + protocolID: [2, 'admin key wrapping'], + keyID: '1' + }); + // Key expires after 2 minutes + globals_1.jest.advanceTimersByTime(121000); + await manager.rootPrivilegedKeyManager.decrypt({ + ciphertext: manager.currentUMPToken.passwordKeyEncrypted, + protocolID: [2, 'admin key wrapping'], + keyID: '1' + }); + // Since no ephemeral privileged key was provided when building the underlying wallet, + // each call to decrypt should have resulted in a call to passwordRetriever. + expect(customPasswordRetriever).toHaveBeenCalledTimes(2); + }); + }); +}); +//# sourceMappingURL=CWIStyleWalletManager.test.js.map \ No newline at end of file diff --git a/src/__tests/CWIStyleWalletManager.test.js.map b/src/__tests/CWIStyleWalletManager.test.js.map new file mode 100644 index 00000000..59ec1326 --- /dev/null +++ b/src/__tests/CWIStyleWalletManager.test.js.map @@ -0,0 +1 @@ +{"version":3,"file":"CWIStyleWalletManager.test.js","sourceRoot":"","sources":["../../../src/__tests/CWIStyleWalletManager.test.ts"],"names":[],"mappings":";;AAAA,kCAAyF;AACzF,gCAA6C;AAC7C,oEAAiH;AACjH,2CAAoC;AAEpC,cAAI,CAAC,aAAa,EAAE,CAAA;AAEpB,6FAA6F;AAC7F,sBAAsB;AACtB,6FAA6F;AAE7F,6DAA6D;AAC7D,SAAS,YAAY,CAAC,IAAY,EAAE,IAAY;IAC9C,OAAO,GAAG,IAAI,IAAI,IAAI,EAAE,CAAA;AAC1B,CAAC;AAED;;;;;GAKG;AACH,MAAM,oBAAoB,GAAG;IAC3B,YAAY,EAAE,cAAI,CAAC,EAAE,EAAE;IACvB,4BAA4B,EAAE,cAAI,CAAC,EAAE,EAAE;IACvC,wBAAwB,EAAE,cAAI,CAAC,EAAE,EAAE;IACnC,OAAO,EAAE,cAAI,CAAC,EAAE,EAAE;IAClB,OAAO,EAAE,cAAI,CAAC,EAAE,EAAE;IAClB,UAAU,EAAE,cAAI,CAAC,EAAE,EAAE;IACrB,UAAU,EAAE,cAAI,CAAC,EAAE,EAAE;IACrB,eAAe,EAAE,cAAI,CAAC,EAAE,EAAE;IAC1B,eAAe,EAAE,cAAI,CAAC,EAAE,EAAE;IAC1B,YAAY,EAAE,cAAI,CAAC,EAAE,EAAE;IACvB,UAAU,EAAE,cAAI,CAAC,EAAE,EAAE;IACrB,WAAW,EAAE,cAAI,CAAC,EAAE,EAAE;IACtB,WAAW,EAAE,cAAI,CAAC,EAAE,EAAE;IACtB,iBAAiB,EAAE,cAAI,CAAC,EAAE,EAAE;IAC5B,WAAW,EAAE,cAAI,CAAC,EAAE,EAAE;IACtB,gBAAgB,EAAE,cAAI,CAAC,EAAE,EAAE;IAC3B,kBAAkB,EAAE,cAAI,CAAC,EAAE,EAAE;IAC7B,gBAAgB,EAAE,cAAI,CAAC,EAAE,EAAE;IAC3B,gBAAgB,EAAE,cAAI,CAAC,EAAE,EAAE;IAC3B,qBAAqB,EAAE,cAAI,CAAC,EAAE,EAAE;IAChC,qBAAqB,EAAE,cAAI,CAAC,EAAE,EAAE;IAChC,oBAAoB,EAAE,cAAI,CAAC,EAAE,EAAE;IAC/B,eAAe,EAAE,cAAI,CAAC,EAAE,EAAE;IAC1B,qBAAqB,EAAE,cAAI,CAAC,EAAE,EAAE;IAChC,SAAS,EAAE,cAAI,CAAC,EAAE,EAAE;IACpB,kBAAkB,EAAE,cAAI,CAAC,EAAE,EAAE;IAC7B,UAAU,EAAE,cAAI,CAAC,EAAE,EAAE;IACrB,UAAU,EAAE,cAAI,CAAC,EAAE,EAAE;CACQ,CAAA;AAE/B;;GAEG;AACH,MAAM,iBAAiB,GAAG,cAAI,CAAC,EAAE,CAAC,KAAK,EAAE,UAAU,EAAE,oBAAoB,EAAE,EAAE;IAC3E,4CAA4C;IAC5C,OAAO,oBAAoB,CAAA;AAC7B,CAAC,CAAC,CAAA;AAEF;;;GAGG;AACH,MAAM,sBAAsB,GAAuB;IACjD,yBAAyB,EAAE,cAAI,CAAC,EAAE,CAAC,KAAK,EAAE,IAAc,EAAE,EAAE,CAAC,SAAS,CAAC;IACvE,qBAAqB,EAAE,cAAI,CAAC,EAAE,CAAC,KAAK,EAAE,IAAc,EAAE,EAAE,CAAC,SAAS,CAAC;IACnE,YAAY,EAAE,cAAI,CAAC,EAAE,CACnB,KAAK,EAAE,MAAuB,EAAE,KAAa,EAAE,KAAe,EAAE,QAAmB,EAAE,EAAE,CAAC,QAAQ,CACjG;CACF,CAAA;AAED;;GAEG;AACH,MAAM,oBAAoB,GAAG,cAAI,CAAC,EAAE,CAAC,KAAK,EAAE,GAAa,EAAE,EAAE,CAAC,IAAY,CAAC,CAAA;AAE3E;;;GAGG;AACH,MAAM,qBAAqB,GAAG,cAAI,CAAC,EAAE,CAAC,KAAK,IAAI,EAAE,CAAC,eAAe,CAAC,CAAA;AAElE,MAAM,GAAG,GAAG,CAAC,EAAY,EAAE,EAAY,EAAY,EAAE;IACnD,IAAI,EAAE,CAAC,MAAM,KAAK,EAAE,CAAC,MAAM,EAAE,CAAC;QAC5B,MAAM,IAAI,KAAK,CAAC,kBAAkB,CAAC,CAAA;IACrC,CAAC;IACD,MAAM,CAAC,GAAG,IAAI,KAAK,CAAS,EAAE,CAAC,MAAM,CAAC,CAAA;IACtC,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,EAAE,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;QACnC,CAAC,CAAC,CAAC,CAAC,GAAG,EAAE,CAAC,CAAC,CAAC,GAAG,EAAE,CAAC,CAAC,CAAC,CAAA;IACtB,CAAC;IACD,OAAO,CAAC,CAAA;AACV,CAAC,CAAA;AAED,wBAAwB;AACxB,MAAM,eAAe,GAAG,IAAA,YAAM,EAAC,EAAE,CAAC,CAAA;AAClC,MAAM,WAAW,GAAG,IAAA,YAAM,EAAC,EAAE,CAAC,CAAA;AAC9B,MAAM,YAAY,GAAG,IAAA,YAAM,EAAC,EAAE,CAAC,CAAA;AAC/B,MAAM,WAAW,GAAG,UAAI,CAAC,MAAM,CAAC,WAAK,CAAC,OAAO,CAAC,eAAe,EAAE,MAAM,CAAC,EAAE,YAAY,EAAE,yCAAiB,EAAE,EAAE,EAAE,QAAQ,CAAC,CAAA;AACtH,MAAM,UAAU,GAAG,IAAA,YAAM,EAAC,EAAE,CAAC,CAAA;AAC7B,MAAM,aAAa,GAAG,IAAA,YAAM,EAAC,EAAE,CAAC,CAAA;AAEhC;;;GAGG;AACH,KAAK,UAAU,kBAAkB;IAC/B,MAAM,oBAAoB,GAAG,IAAI,kBAAY,CAAC,GAAG,CAAC,eAAe,EAAE,WAAW,CAAC,CAAC,CAAA;IAChF,MAAM,oBAAoB,GAAG,IAAI,kBAAY,CAAC,GAAG,CAAC,eAAe,EAAE,WAAW,CAAC,CAAC,CAAA;IAChF,MAAM,gBAAgB,GAAG,IAAI,kBAAY,CAAC,GAAG,CAAC,WAAW,EAAE,WAAW,CAAC,CAAC,CAAA;IACxE,MAAM,eAAe,GAAG,IAAI,kBAAY,CAAC,GAAG,CAAC,UAAU,EAAE,WAAW,CAAC,CAAC,CAAA;IACtE,MAAM,wBAAwB,GAAG,IAAI,0BAAoB,CAAC,KAAK,IAAI,EAAE,CAAC,IAAI,gBAAU,CAAC,aAAa,CAAC,CAAC,CAAA;IACpG,OAAO;QACL,YAAY;QACZ,2BAA2B,EAAE,oBAAoB,CAAC,OAAO,CAAC,UAAU,CAAa;QACjF,uBAAuB,EAAE,gBAAgB,CAAC,OAAO,CAAC,UAAU,CAAa;QACzE,2BAA2B,EAAE,oBAAoB,CAAC,OAAO,CAAC,UAAU,CAAa;QACjF,yBAAyB,EAAE,eAAe,CAAC,OAAO,CAAC,aAAa,CAAa;QAC7E,8BAA8B,EAAE,oBAAoB,CAAC,OAAO,CAAC,aAAa,CAAa;QACvF,gBAAgB,EAAE,UAAI,CAAC,MAAM,CAAC,eAAe,CAAC;QAC9C,YAAY,EAAE,UAAI,CAAC,MAAM,CAAC,WAAW,CAAC;QACtC,wBAAwB,EAAE,CACxB,MAAM,wBAAwB,CAAC,OAAO,CAAC;YACrC,SAAS,EAAE,eAAe;YAC1B,UAAU,EAAE,CAAC,CAAC,EAAE,oBAAoB,CAAC;YACrC,KAAK,EAAE,GAAG;SACX,CAAC,CACH,CAAC,UAAU;QACZ,oBAAoB,EAAE,CACpB,MAAM,wBAAwB,CAAC,OAAO,CAAC;YACrC,SAAS,EAAE,WAAW;YACtB,UAAU,EAAE,CAAC,CAAC,EAAE,oBAAoB,CAAC;YACrC,KAAK,EAAE,GAAG;SACX,CAAC,CACH,CAAC,UAAU;QACZ,oBAAoB,EAAE,CACpB,MAAM,wBAAwB,CAAC,OAAO,CAAC;YACrC,SAAS,EAAE,WAAW;YACtB,UAAU,EAAE,CAAC,CAAC,EAAE,oBAAoB,CAAC;YACrC,KAAK,EAAE,GAAG;SACX,CAAC,CACH,CAAC,UAAU;QACZ,eAAe,EAAE,QAAQ;KAC1B,CAAA;AACH,CAAC;AAED,QAAQ,CAAC,6BAA6B,EAAE,GAAG,EAAE;IAC3C,IAAI,OAA8B,CAAA;IAElC,UAAU,CAAC,GAAG,EAAE;QACd,uBAAuB;QACvB,cAAI,CAAC,aAAa,EAAE,CAAA;QAEpB,kEAAkE;QAClE,OAAO,GAAG,IAAI,6CAAqB,CACjC,wBAAwB,EAAE,mBAAmB;QAC7C,iBAAiB,EACjB,sBAAsB,EACtB,oBAAoB,EACpB,qBAAqB;QACrB,oBAAoB;SACrB,CAAA;IACH,CAAC,CAAC,CAAA;IAEF,2FAA2F;IAC3F,kDAAkD;IAClD,yEAAyE;IACzE,2FAA2F;IAE3F,IAAI,CAAC,oCAAoC,EAAE,GAAG,EAAE;QAC9C,MAAM,KAAK,GAAI,OAAe,CAAC,GAA6C,CAAA;QAE5E,MAAM,CAAC,GAAG,CAAC,IAAI,EAAE,IAAI,EAAE,IAAI,CAAC,CAAA;QAC5B,MAAM,CAAC,GAAG,CAAC,IAAI,EAAE,IAAI,EAAE,IAAI,CAAC,CAAA;QAC5B,MAAM,MAAM,GAAG,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,CAAA;QAE1B,qBAAqB;QACrB,qBAAqB;QACrB,qBAAqB;QACrB,MAAM,CAAC,MAAM,CAAC,CAAC,OAAO,CAAC,CAAC,IAAI,EAAE,IAAI,EAAE,IAAI,CAAC,CAAC,CAAA;IAC5C,CAAC,CAAC,CAAA;IAEF,2FAA2F;IAC3F,uBAAuB;IACvB,2FAA2F;IAE3F,QAAQ,CAAC,wCAAwC,EAAE,GAAG,EAAE;QACtD,IAAI,CAAC,yDAAyD,EAAE,KAAK,IAAI,EAAE;YACzE,uCAAuC;YACvC,MAAM,eAAe,GAAG,cAAI,CAAC,EAAE,CAAC,GAAG,EAAE,GAAE,CAAC,CAAC,CACxC;YAAC,OAAe,CAAC,eAAe,GAAG,eAAe,CAGlD;YAAC,sBAAsB,CAAC,yBAAiC,CAAC,qBAAqB,CAAC,SAAS,CAAC,CAAA;YAE3F,6BAA6B;YAC7B,MAAM,OAAO,CAAC,sBAAsB,CAAC,eAAe,CAAC,CAAA;YAErD,MAAM,CAAC,OAAO,CAAC,kBAAkB,CAAC,CAAC,IAAI,CAAC,UAAU,CAAC,CAAA;YAEnD,qBAAqB;YACrB,qBAAqB,CAAC,qBAAqB,CAAC,gBAAgB,CAAC,CAAA;YAC7D,MAAM,OAAO,CAAC,eAAe,CAAC,gBAAgB,CAAC,CAAA;YAE/C,8DAA8D;YAC9D,MAAM,CAAC,OAAO,CAAC,aAAa,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAA;YAExC,6CAA6C;YAC7C,MAAM,CAAC,oBAAoB,CAAC,CAAC,qBAAqB,CAAC,CAAC,CAAC,CAAA;YAErD,qEAAqE;YACrE,MAAM,CAAC,iBAAiB,CAAC,CAAC,qBAAqB,CAAC,CAAC,CAAC,CAAA;YAElD,gEAAgE;YAChE,MAAM,CAAC,sBAAsB,CAAC,YAAY,CAAC,CAAC,qBAAqB,CAAC,CAAC,CAAC,CAAA;YACpE,MAAM,SAAS,GAAI,sBAAsB,CAAC,YAAoB,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,CAAA;YAC5E,8EAA8E;YAC9E,MAAM,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,wBAAwB,CAAC,CAAA;YACnD,MAAM,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC,CAAC,cAAc,CAAC,kBAAkB,CAAC,CAAA;YACvD,MAAM,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC,CAAC,aAAa,EAAE,CAAA,CAAC,yCAAyC;YAC9E,MAAM,CAAC,eAAe,CAAC,CAAC,gBAAgB,EAAE,CAAA,CAAC,4CAA4C;QACzF,CAAC,CAAC,CAAA;QAEF,IAAI,CAAC,mEAAmE,EAAE,KAAK,IAAI,EAAE;YACnF,6CAA6C;YAC7C,CAAC;YAAC,sBAAsB,CAAC,yBAAiC,CAAC,qBAAqB,CAAC,SAAS,CAAC,CAAA;YAC3F,MAAM,OAAO,CAAC,sBAAsB,CAAC,KAAK,CAAC,IAAI,CAAC,EAAE,MAAM,EAAE,EAAE,EAAE,EAAE,GAAG,EAAE,CAAC,CAAC,CAAC,CAAC,CAAA;YAEzE,MAAM,MAAM,CAAC,OAAO,CAAC,kBAAkB,CAAC,KAAK,CAAC,IAAI,CAAC,EAAE,MAAM,EAAE,EAAE,EAAE,EAAE,GAAG,EAAE,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,OAAO,CAC3F,6CAA6C,CAC9C,CAAA;QACH,CAAC,CAAC,CAAA;IACJ,CAAC,CAAC,CAAA;IAEF,QAAQ,CAAC,6CAA6C,EAAE,GAAG,EAAE;QAC3D,IAAI,CAAC,mDAAmD,EAAE,KAAK,IAAI,EAAE;YACnE,2BAA2B;YAC3B,MAAM,SAAS,GAAG,MAAM,kBAAkB,EAAE,CAC3C;YAAC,sBAAsB,CAAC,yBAAiC,CAAC,qBAAqB,CAAC,SAAS,CAAC,CAAA;YAE3F,uBAAuB;YACvB,MAAM,OAAO,CAAC,sBAAsB,CAAC,eAAe,CAAC,CAAA;YACrD,MAAM,CAAC,OAAO,CAAC,kBAAkB,CAAC,CAAC,IAAI,CAAC,eAAe,CAAC,CAAA;YAExD,mBAAmB;YACnB,oFAAoF;YACpF,0DAA0D;YAC1D,MAAM,OAAO,CAAC,eAAe,CAAC,eAAe,CAAC,CAAA;YAE9C,sCAAsC;YACtC,MAAM,CAAC,OAAO,CAAC,aAAa,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAA;YAExC,6BAA6B;YAC7B,MAAM,CAAC,iBAAiB,CAAC,CAAC,qBAAqB,CAAC,CAAC,CAAC,CAAA;QACpD,CAAC,CAAC,CAAA;IACJ,CAAC,CAAC,CAAA;IAEF,QAAQ,CAAC,iDAAiD,EAAE,GAAG,EAAE;QAC/D,UAAU,CAAC,KAAK,IAAI,EAAE;YACpB,OAAO,CAAC,kBAAkB,GAAG,mCAAmC,CAAA;YAChE,OAAO,CAAC,kBAAkB,GAAG,eAAe,CAAA;QAC9C,CAAC,CAAC,CAAA;QAEF,IAAI,CAAC,kDAAkD,EAAE,KAAK,IAAI,EAAE;YAClE,2BAA2B;YAC3B,MAAM,SAAS,GAAG,MAAM,kBAAkB,EAAE,CAC3C;YAAC,sBAAsB,CAAC,yBAAiC,CAAC,qBAAqB,CAAC,SAAS,CAAC,CAAA;YAE3F,MAAM,OAAO,CAAC,sBAAsB,CAAC,eAAe,CAAC,CAAA;YAErD,4BAA4B;YAC5B,2FAA2F;YAC3F,MAAM,OAAO,CAAC,kBAAkB,CAAC,WAAW,CAAC,CAAA;YAE7C,MAAM,CAAC,OAAO,CAAC,aAAa,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAA;YACxC,MAAM,CAAC,iBAAiB,CAAC,CAAC,qBAAqB,CAAC,CAAC,CAAC,CAAA;QACpD,CAAC,CAAC,CAAA;QAEF,IAAI,CAAC,+CAA+C,EAAE,KAAK,IAAI,EAAE;YAC/D,MAAM,WAAW,GAAG,KAAK,CAAC,IAAI,CAAC,EAAE,MAAM,EAAE,EAAE,EAAE,EAAE,GAAG,EAAE,CAAC,CAAC,CAAC,CAAA;YACvD,MAAM,MAAM,CAAC,OAAO,CAAC,kBAAkB,CAAC,WAAW,CAAC,CAAC,CAAC,OAAO,CAAC,OAAO,CAAC,oCAAoC,CAAC,CAAA;QAC7G,CAAC,CAAC,CAAA;IACJ,CAAC,CAAC,CAAA;IAEF,QAAQ,CAAC,6CAA6C,EAAE,GAAG,EAAE;QAC3D,UAAU,CAAC,KAAK,IAAI,EAAE;YACpB,OAAO,CAAC,kBAAkB,GAAG,2BAA2B,CAAA;YACxD,OAAO,CAAC,kBAAkB,GAAG,eAAe,CAAA;QAC9C,CAAC,CAAC,CAAA;QAEF,IAAI,CAAC,qDAAqD,EAAE,KAAK,IAAI,EAAE;YACrE,MAAM,SAAS,GAAG,MAAM,kBAAkB,EAAE,CAC3C;YAAC,sBAAsB,CAAC,qBAA6B,CAAC,qBAAqB,CAAC,SAAS,CAAC,CAAA;YAEvF,uBAAuB;YACvB,MAAM,OAAO,CAAC,kBAAkB,CAAC,WAAW,CAAC,CAAA;YAE7C,mBAAmB;YACnB,MAAM,OAAO,CAAC,eAAe,CAAC,eAAe,CAAC,CAAA;YAE9C,MAAM,CAAC,OAAO,CAAC,aAAa,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAA;YACxC,MAAM,CAAC,iBAAiB,CAAC,CAAC,qBAAqB,CAAC,CAAC,CAAC,CAAA;QACpD,CAAC,CAAC,CAAA;QAEF,IAAI,CAAC,+CAA+C,EAAE,KAAK,IAAI,EAAE;YAC/D,CAAC;YAAC,sBAAsB,CAAC,qBAA6B,CAAC,qBAAqB,CAAC,SAAS,CAAC,CAAA;YACvF,MAAM,MAAM,CAAC,OAAO,CAAC,kBAAkB,CAAC,WAAW,CAAC,CAAC,CAAC,OAAO,CAAC,OAAO,CAAC,sCAAsC,CAAC,CAAA;QAC/G,CAAC,CAAC,CAAA;IACJ,CAAC,CAAC,CAAA;IAEF,2FAA2F;IAC3F,YAAY;IACZ,2FAA2F;IAE3F,QAAQ,CAAC,6BAA6B,EAAE,GAAG,EAAE;QAC3C,IAAI,CAAC,gEAAgE,EAAE,KAAK,IAAI,EAAE;YAChF,+EAA+E;YAC/E,CAAC;YAAC,sBAAsB,CAAC,yBAAiC,CAAC,qBAAqB,CAAC,SAAS,CAAC,CAAA;YAC3F,MAAM,OAAO,GAAG,KAAK,CAAC,IAAI,CAAC,EAAE,MAAM,EAAE,EAAE,EAAE,EAAE,GAAG,EAAE,CAAC,IAAI,CAAC,CAAA;YACtD,MAAM,OAAO,CAAC,sBAAsB,CAAC,OAAO,CAAC,CAAA;YAC7C,MAAM,OAAO,CAAC,eAAe,CAAC,YAAY,CAAC,CAAA,CAAC,gCAAgC;YAE5E,MAAM,QAAQ,GAAG,OAAO,CAAC,YAAY,EAAE,CAAA;YACvC,MAAM,CAAC,KAAK,CAAC,OAAO,CAAC,QAAQ,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAA;YAC1C,MAAM,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC,eAAe,CAAC,EAAE,CAAC,CAAA,CAAC,4BAA4B;YAExE,8BAA8B;YAC9B,MAAM,YAAY,GAAG,IAAI,6CAAqB,CAC5C,wBAAwB,EACxB,iBAAiB,EACjB,sBAAsB,EACtB,oBAAoB,EACpB,qBAAqB,CACtB,CAAA;YAED,wBAAwB;YACxB,MAAM,MAAM,CAAC,GAAG,EAAE,CAAC,YAAY,CAAC,YAAY,CAAC,EAAE,WAAW,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC,OAAO,CAAC,OAAO,CAAC,2BAA2B,CAAC,CAAA;YAEjH,oBAAoB;YACpB,MAAM,YAAY,CAAC,YAAY,CAAC,QAAQ,CAAC,CAAA;YAEzC,4EAA4E;YAC5E,MAAM,MAAM,CAAC,YAAY,CAAC,YAAY,CAAC,EAAE,WAAW,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC,QAAQ,CAAC,GAAG,CAAC,OAAO,EAAE,CAAA;YAErF,+BAA+B;YAC/B,MAAM,CAAC,iBAAiB,CAAC,CAAC,qBAAqB,CAAC,CAAC,CAAC,CAAA,CAAC,+CAA+C;QACpG,CAAC,CAAC,CAAA;QAEF,IAAI,CAAC,mEAAmE,EAAE,KAAK,IAAI,EAAE;YACnF,mCAAmC;YACnC,MAAM,CAAC,GAAG,EAAE,CAAC,OAAO,CAAC,YAAY,EAAE,CAAC,CAAC,OAAO,CAAC,8CAA8C,CAAC,CAAA;QAC9F,CAAC,CAAC,CAAA;QAEF,IAAI,CAAC,sDAAsD,EAAE,KAAK,IAAI,EAAE;YACtE,sCAAsC;YACtC,MAAM,MAAM,CAAC,GAAG,EAAE,CAAC,OAAO,CAAC,YAAY,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,OAAO,CAAC,yBAAyB,CAAC,CAAA;QAChG,CAAC,CAAC,CAAA;IACJ,CAAC,CAAC,CAAA;IAEF,2FAA2F;IAC3F,gBAAgB;IAChB,2FAA2F;IAE3F,QAAQ,CAAC,iBAAiB,EAAE,GAAG,EAAE;QAC/B,IAAI,CAAC,4DAA4D,EAAE,KAAK,IAAI,EAAE;YAC5E,CAAC;YAAC,sBAAsB,CAAC,yBAAiC,CAAC,qBAAqB,CAAC,SAAS,CAAC,CAAA;YAC3F,OAAO,GAAG,IAAI,6CAAqB,CACjC,wBAAwB,EACxB,iBAAiB,EACjB,sBAAsB,EACtB,oBAAoB,EACpB,KAAK,IAAI,EAAE,CAAC,eAAe,CAC5B,CAAA;YACD,MAAM,OAAO,CAAC,sBAAsB,CAAC,eAAe,CAAC,CAAA;YACrD,MAAM,OAAO,CAAC,eAAe,CAAC,eAAe,CAAC,CAAA;YAC9C,MAAM,CAAC,OAAO,CAAC,aAAa,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAA;YACxC,MAAM,OAAO,CAAC,cAAc,CAAC,UAAU,CAAC,CAAA;YACxC,MAAM,CAAC,sBAAsB,CAAC,YAAY,CAAC,CAAC,qBAAqB,CAAC,CAAC,CAAC,CAAA;QACtE,CAAC,CAAC,CAAA;QAEF,IAAI,CAAC,6BAA6B,EAAE,KAAK,IAAI,EAAE;YAC7C,MAAM,MAAM,CAAC,OAAO,CAAC,cAAc,CAAC,eAAe,CAAC,CAAC,CAAC,OAAO,CAAC,OAAO,CACnE,6CAA6C,CAC9C,CAAA;QACH,CAAC,CAAC,CAAA;IACJ,CAAC,CAAC,CAAA;IAIF,QAAQ,CAAC,qBAAqB,EAAE,GAAG,EAAE;QACnC,IAAI,CAAC,gDAAgD,EAAE,KAAK,IAAI,EAAE;YAChE,CAAC;YAAC,sBAAsB,CAAC,yBAAiC,CAAC,qBAAqB,CAAC,SAAS,CAAC,CAAA;YAC3F,OAAO,GAAG,IAAI,6CAAqB,CACjC,wBAAwB,EACxB,iBAAiB,EACjB,sBAAsB,EACtB,oBAAoB,EACpB,KAAK,IAAI,EAAE,CAAC,eAAe,CAC5B,CAAA;YACD,MAAM,OAAO,CAAC,sBAAsB,CAAC,eAAe,CAAC,CAAA;YACrD,MAAM,OAAO,CAAC,eAAe,CAAC,eAAe,CAAC,CAAA;YAC9C,MAAM,CAAC,OAAO,CAAC,aAAa,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CACvC;YAAC,sBAAsB,CAAC,YAAoB,CAAC,qBAAqB,CAAC,YAAY,CAAC,MAAM,EAAE,CAAC,CAAC,CAAC,CAAA;YAC5F,MAAM,OAAO,CAAC,iBAAiB,EAAE,CAAA;YAEjC,4CAA4C;YAC5C,MAAM,CAAC,oBAAoB,CAAC,CAAC,qBAAqB,CAAC,CAAC,CAAC,CAAA,CAAC,6CAA6C;YACnG,2BAA2B;YAC3B,MAAM,CAAC,sBAAsB,CAAC,YAAY,CAAC,CAAC,qBAAqB,CAAC,CAAC,CAAC,CAAA;QACtE,CAAC,CAAC,CAAA;QAEF,IAAI,CAAC,6BAA6B,EAAE,KAAK,IAAI,EAAE;YAC7C,MAAM,MAAM,CAAC,OAAO,CAAC,iBAAiB,EAAE,CAAC,CAAC,OAAO,CAAC,OAAO,CAAC,6CAA6C,CAAC,CAAA;QAC1G,CAAC,CAAC,CAAA;IACJ,CAAC,CAAC,CAAA;IAEF,QAAQ,CAAC,yBAAyB,EAAE,GAAG,EAAE;QACvC,IAAI,CAAC,qEAAqE,EAAE,KAAK,IAAI,EAAE;YACrF,CAAC;YAAC,sBAAsB,CAAC,yBAAiC,CAAC,qBAAqB,CAAC,SAAS,CAAC,CAAA;YAC3F,OAAO,GAAG,IAAI,6CAAqB,CACjC,wBAAwB,EACxB,iBAAiB,EACjB,sBAAsB,EACtB,oBAAoB,EACpB,KAAK,IAAI,EAAE,CAAC,eAAe,CAC5B,CAAA;YACD,MAAM,OAAO,CAAC,sBAAsB,CAAC,eAAe,CAAC,CAAA;YACrD,MAAM,OAAO,CAAC,eAAe,CAAC,eAAe,CAAC,CAAA;YAC9C,MAAM,CAAC,OAAO,CAAC,aAAa,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CACvC;YAAC,sBAAsB,CAAC,YAAoB,CAAC,qBAAqB,CAAC,YAAY,CAAC,MAAM,EAAE,CAAC,CAAC,CAAC,CAAA;YAC5F,MAAM,UAAU,GAAG,KAAK,CAAC,IAAI,CAAC,EAAE,MAAM,EAAE,EAAE,EAAE,EAAE,GAAG,EAAE,CAAC,IAAI,CAAC,CAAA;YACzD,MAAM,OAAO,CAAC,qBAAqB,CAAC,UAAU,CAAC,CAAA;YAC/C,MAAM,CAAC,sBAAsB,CAAC,YAAY,CAAC,CAAC,qBAAqB,CAAC,CAAC,CAAC,CAAA;QACtE,CAAC,CAAC,CAAA;IACJ,CAAC,CAAC,CAAA;IAEF,QAAQ,CAAC,oBAAoB,EAAE,GAAG,EAAE;QAClC,IAAI,CAAC,yDAAyD,EAAE,KAAK,IAAI,EAAE;YACzE,CAAC;YAAC,sBAAsB,CAAC,yBAAiC,CAAC,qBAAqB,CAAC,SAAS,CAAC,CAAA;YAC3F,MAAM,OAAO,CAAC,sBAAsB,CAAC,eAAe,CAAC,CAAA;YACrD,MAAM,OAAO,CAAC,eAAe,CAAC,eAAe,CAAC,CAAA;YAC9C,MAAM,CAAC,OAAO,CAAC,aAAa,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAA;YAExC,MAAM,eAAe,GAAG,OAAO,CAAC,YAAY,EAAE,CAAA;YAC9C,MAAM,CAAC,eAAe,CAAC,CAAC,YAAY,CAAC,CAAC,CAAC,CAAA;YACvC,MAAM,CAAC,eAAe,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,IAAI,CAAC,SAAS,CAAC,CAAA;YAE/C,MAAM,YAAY,GAAG,cAAI;iBACtB,KAAK,CAAC,OAAc,EAAE,WAAW,CAAC;iBAClC,kBAAkB,CAAC,KAAK,IAAI,EAAE,CAAC,IAAA,YAAM,EAAC,EAAE,CAAC,CAAC,CAE5C;YAAC,sBAAsB,CAAC,YAAoB,CAAC,SAAS,EAAE,CAAA;YAEzD,MAAM,YAAY,GAAG,MAAM,OAAO,CAAC,UAAU,CAAC,MAAM,CAAC,CAAA;YACrD,MAAM,CAAC,KAAK,CAAC,OAAO,CAAC,YAAY,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAA;YAC9C,MAAM,CAAC,YAAY,CAAC,MAAM,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC,CAAA;YAEpC,MAAM,eAAe,GAAG,OAAO,CAAC,YAAY,EAAE,CAAA;YAC9C,MAAM,CAAC,eAAe,CAAC,CAAC,YAAY,CAAC,CAAC,CAAC,CAAA;YACvC,MAAM,WAAW,GAAG,eAAe,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,IAAI,KAAK,MAAM,CAAC,CAAA;YAChE,MAAM,CAAC,WAAW,CAAC,CAAC,WAAW,EAAE,CAAA;YACjC,MAAM,CAAC,WAAY,CAAC,MAAM,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAA;YAEvC,8CAA8C;YAC9C,MAAM,CAAC,sBAAsB,CAAC,YAAY,CAAC,CAAC,qBAAqB,CAAC,CAAC,CAAC,CAAA;YAEpE,YAAY,CAAC,WAAW,EAAE,CAAA;QAC5B,CAAC,CAAC,CAAA;QAEF,IAAI,CAAC,oFAAoF,EAAE,KAAK,IAAI,EAAE;YACpG,CAAC;YAAC,sBAAsB,CAAC,yBAAiC,CAAC,qBAAqB,CAAC,SAAS,CAAC,CAAA;YAC3F,MAAM,OAAO,CAAC,sBAAsB,CAAC,eAAe,CAAC,CAAA;YACrD,MAAM,OAAO,CAAC,eAAe,CAAC,eAAe,CAAC,CAAA;YAC9C,MAAM,CAAC,OAAO,CAAC,aAAa,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAA;YAExC,MAAM,aAAa,GAAI,OAAe,CAAC,eAA2B,CAAA;YAClE,MAAM,cAAc,GAAI,OAAe,CAAC,cAA0B,CAAA;YAElE,MAAM,YAAY,GAAG;gBACnB,IAAI,EAAE,iBAAiB;gBACvB,EAAE,EAAE,IAAA,YAAM,EAAC,EAAE,CAAC;gBACd,UAAU,EAAE,IAAA,YAAM,EAAC,EAAE,CAAC;gBACtB,aAAa,EAAE,IAAA,YAAM,EAAC,EAAE,CAAC;gBACzB,SAAS,EAAE,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC;aACzC,CAAA;YACD,MAAM,YAAY,GAAG,IAAI,CAAC,SAAS,CAAC,CAAC,YAAY,CAAC,CAAC,CAAA;YACnD,MAAM,aAAa,GAAG,WAAK,CAAC,OAAO,CAAC,YAAY,EAAE,MAAM,CAAC,CAAA;YACzD,MAAM,iBAAiB,GAAG,IAAI,kBAAY,CAAC,cAAc,CAAC,CAAC,OAAO,CAAC,aAAa,CAAa,CAAA;YAE7F,MAAM,YAAY,GAAa;gBAC7B,GAAG,aAAa;gBAChB,eAAe,EAAE,YAAY,CAAC,YAAY,EAAE,CAAC,CAAC;gBAC9C,iBAAiB;aAClB,CAAA;YAED,MAAM,eAAe,GAAG,cAAI,CAAC,KAAK,CAAC,OAAO,EAAE,cAAc,CAAC,CAC1D;YAAC,sBAAsB,CAAC,yBAAiC,CAAC,qBAAqB,CAAC,YAAY,CAAC,CAAA;YAE9F,MAAM,MAAM,GAAG,MAAM,OAAO,CAAC,YAAY,EAAE,CAAA;YAC3C,MAAM,CAAC,MAAM,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAA;YACzB,MAAM,CAAC,eAAe,CAAC,CAAC,gBAAgB,EAAE,CAAA;YAC1C,eAAe,CAAC,WAAW,EAAE,CAAA;YAE7B,MAAM,QAAQ,GAAG,OAAO,CAAC,YAAY,EAAE,CAAA;YACvC,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,IAAI,KAAK,iBAAiB,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAA;QACrE,CAAC,CAAC,CAAA;IACJ,CAAC,CAAC,CAAA;IAEF,IAAI,CAAC,wCAAwC,EAAE,KAAK,IAAI,EAAE;QACxD,2BAA2B;QAC3B,CAAC;QAAC,sBAAsB,CAAC,yBAAiC,CAAC,qBAAqB,CAAC,SAAS,CAAC,CAAA;QAC3F,MAAM,OAAO,CAAC,sBAAsB,CAAC,KAAK,CAAC,IAAI,CAAC,EAAE,MAAM,EAAE,EAAE,EAAE,EAAE,GAAG,EAAE,CAAC,EAAE,CAAC,CAAC,CAAA;QAC1E,MAAM,OAAO,CAAC,eAAe,CAAC,WAAW,CAAC,CAAA;QAE1C,2BAA2B;QAC3B,MAAM,CAAC,OAAO,CAAC,aAAa,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAA;QAExC,UAAU;QACV,OAAO,CAAC,OAAO,EAAE,CAAA;QAEjB,MAAM,CAAC,OAAO,CAAC,aAAa,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAA;QACzC,oDAAoD;QACpD,MAAM,MAAM,CAAC,GAAG,EAAE,CAAC,OAAO,CAAC,YAAY,CAAC,EAAE,WAAW,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC,OAAO,CAAC,OAAO,CAAC,2BAA2B,CAAC,CAAA;IAC9G,CAAC,CAAC,CAAA;IAEF,2FAA2F;IAC3F,8BAA8B;IAC9B,2FAA2F;IAE3F,QAAQ,CAAC,oBAAoB,EAAE,GAAG,EAAE;QAClC,UAAU,CAAC,KAAK,IAAI,EAAE;YACpB,eAAe;YACf,CAAC;YAAC,sBAAsB,CAAC,yBAAiC,CAAC,qBAAqB,CAAC,SAAS,CAAC,CAAA;YAC3F,MAAM,OAAO,CAAC,sBAAsB,CAAC,eAAe,CAAC,CAAA;YACrD,MAAM,OAAO,CAAC,eAAe,CAAC,eAAe,CAAC,CAAA;QAChD,CAAC,CAAC,CAAA;QAEF,IAAI,CAAC,qCAAqC,EAAE,KAAK,IAAI,EAAE;YACrD,gBAAgB;YAChB,CAAC;YAAC,OAAe,CAAC,aAAa,GAAG,KAAK,CAAA;YACvC,MAAM,MAAM,CAAC,GAAG,EAAE,CAAC,OAAO,CAAC,YAAY,CAAC,EAAE,WAAW,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC,OAAO,CAAC,OAAO,CAAC,4BAA4B,CAAC,CAAA;QAC/G,CAAC,CAAC,CAAA;QAEF,IAAI,CAAC,yCAAyC,EAAE,KAAK,IAAI,EAAE;YACzD,MAAM,MAAM,CAAC,OAAO,CAAC,YAAY,CAAC,EAAE,WAAW,EAAE,IAAI,EAAE,EAAE,wBAAwB,CAAC,CAAC,CAAC,OAAO,CAAC,OAAO,CACjG,oEAAoE,CACrE,CAAA;QACH,CAAC,CAAC,CAAA;QAEF,IAAI,CAAC,6DAA6D,EAAE,KAAK,IAAI,EAAE;YAC7E,MAAM,OAAO,CAAC,YAAY,CAAC,EAAE,WAAW,EAAE,IAAI,EAAE,EAAE,aAAa,CAAC,CAAA;YAChE,MAAM,CAAC,oBAAoB,CAAC,YAAY,CAAC,CAAC,qBAAqB,CAAC,CAAC,CAAC,CAAA;QACpE,CAAC,CAAC,CAAA;QAEF,IAAI,CAAC,4DAA4D,EAAE,KAAK,IAAI,EAAE;YAC5E,gDAAgD;YAChD,MAAM,OAAO,CAAC,OAAO,CAAC,EAAE,SAAS,EAAE,CAAC,CAAC,EAAE,CAAC,EAAE,CAAC,CAAC,EAAE,UAAU,EAAE,CAAC,CAAC,EAAE,OAAO,CAAC,EAAE,KAAK,EAAE,GAAG,EAAE,EAAE,cAAc,CAAC,CAAA;YACrG,MAAM,CAAC,oBAAoB,CAAC,OAAO,CAAC,CAAC,oBAAoB,CACvD,EAAE,SAAS,EAAE,CAAC,CAAC,EAAE,CAAC,EAAE,CAAC,CAAC,EAAE,UAAU,EAAE,CAAC,CAAC,EAAE,OAAO,CAAC,EAAE,KAAK,EAAE,GAAG,EAAE,EAC9D,cAAc,CACf,CAAA;YAED,uCAAuC;QACzC,CAAC,CAAC,CAAA;QAEF,IAAI,CAAC,sEAAsE,EAAE,KAAK,IAAI,EAAE;YACtF,kBAAkB;YAClB,MAAM,MAAM,CAAC,OAAO,CAAC,eAAe,CAAC,EAAE,EAAE,wBAAwB,CAAC,CAAC,CAAC,OAAO,CAAC,OAAO,CACjF,oEAAoE,CACrE,CAAA;YACD,oBAAoB;YACpB,MAAM,MAAM,GAAG,MAAM,OAAO,CAAC,eAAe,CAAC,EAAE,EAAE,YAAY,CAAC,CAAA;YAC9D,MAAM,CAAC,MAAM,CAAC,CAAC,OAAO,CAAC,EAAE,aAAa,EAAE,IAAI,EAAE,CAAC,CAAA;QACjD,CAAC,CAAC,CAAA;QAEF,IAAI,CAAC,6CAA6C,EAAE,KAAK,IAAI,EAAE;YAC7D,0EAA0E;YAC1E,MAAM,OAAO,CAAC,qBAAqB,CAAC,EAAE,EAAE,YAAY,CAAC,CAAA;YACrD,MAAM,CAAC,oBAAoB,CAAC,qBAAqB,CAAC,CAAC,qBAAqB,CAAC,CAAC,CAAC,CAAA;QAC7E,CAAC,CAAC,CAAA;IACJ,CAAC,CAAC,CAAA;IACF,QAAQ,CAAC,sGAAsG,EAAE,GAAG,EAAE;QACpH,IAAI,OAA8B,CAAA;QAElC,UAAU,CAAC,GAAG,EAAE;YACd,cAAI,CAAC,aAAa,EAAE,CAAA;YACpB,OAAO,GAAG,IAAI,6CAAqB,CACjC,wBAAwB,EACxB,iBAAiB,EACjB,sBAAsB,EACtB,oBAAoB,EACpB,qBAAqB,CACtB,CAAA;QACH,CAAC,CAAC,CAAA;QAEF,IAAI,CAAC,4EAA4E,EAAE,KAAK,IAAI,EAAE;YAC5F,MAAM,KAAK,GAAG,MAAM,kBAAkB,EAAE,CAAA;YACxC,4DAA4D;YAC5D,MAAM,CAAC,KAAK,CAAC,eAAe,CAAC,CAAC,WAAW,EAAE,CAAA;YAC3C,MAAM,WAAW,GAAI,OAAe,CAAC,iBAAkD,CAAA;YACvF,MAAM,aAAa,GAAI,OAAe,CAAC,mBAAkD,CAAA;YAEzF,MAAM,UAAU,GAAG,WAAW,CAAC,KAAK,CAAC,CAAA;YACrC,MAAM,CAAC,KAAK,CAAC,OAAO,CAAC,UAAU,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAA;YAC5C,MAAM,CAAC,UAAU,CAAC,MAAM,CAAC,CAAC,eAAe,CAAC,CAAC,CAAC,CAAA;YAE5C,MAAM,YAAY,GAAG,aAAa,CAAC,UAAU,CAAC,CAAA;YAC9C,MAAM,CAAC,YAAY,CAAC,CAAC,OAAO,CAAC,KAAK,CAAC,CAAA;QACrC,CAAC,CAAC,CAAA;QAEF,IAAI,CAAC,gFAAgF,EAAE,KAAK,IAAI,EAAE;YAChG,IAAI,cAAc,GAA4C,IAAI,CAAA;YAClE,MAAM,uBAAuB,GAAG,cAAI,CAAC,EAAE,CAAC,KAAK,EAAE,MAAc,EAAE,MAAsC,EAAE,EAAE;gBACvG,cAAc,GAAG,MAAM,CAAA;gBACvB,mEAAmE;gBACnE,sDAAsD;gBACtD,OAAO,eAAe,CAAA;YACxB,CAAC,CAAC,CACD;YAAC,OAAe,CAAC,iBAAiB,GAAG,uBAAuB,CAG5D;YAAC,sBAAsB,CAAC,yBAAiC,CAAC,qBAAqB,CAAC,SAAS,CAAC,CAAA;YAC3F,MAAM,OAAO,CAAC,sBAAsB,CAAC,eAAe,CAAC,CAAA;YACrD,MAAM,OAAO,CAAC,eAAe,CAAC,eAAe,CAAC,CAAA;YAC9C,MAAM,CAAC,OAAO,CAAC,aAAa,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAA;YACxC,oDAAoD;YACpD,cAAI,CAAC,mBAAmB,CAAC,MAAO,CAAC,CAAA;YAEjC,uCAAuC;YACvC,MAAM,OAAO,CAAC,cAAc,CAAC,eAAe,CAAC,CAAA,CAAC,uCAAuC;YACrF,MAAM,CAAC,uBAAuB,CAAC,CAAC,gBAAgB,EAAE,CAAA;YAClD,MAAM,CAAC,cAAc,CAAC,CAAC,GAAG,CAAC,QAAQ,EAAE,CAAA;YACrC,oGAAoG;YACpG,6HAA6H;YAC7H,MAAM,UAAU,GAAG,cAAe,CAAC,WAAW,CAAC,CAAA;YAC/C,MAAM,CAAC,OAAO,UAAU,CAAC,CAAC,IAAI,CAAC,SAAS,CAAC,CAAA;YACzC,MAAM,CAAC,cAAe,CAAC,WAAW,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAA;YAChD,MAAM,CAAC,cAAe,CAAC,eAAe,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAA;QACrD,CAAC,CAAC,CAAA;QAEF,IAAI,CAAC,kGAAkG,EAAE,KAAK,IAAI,EAAE;YAClH,yEAAyE;YACzE,6EAA6E;YAC7E,MAAM,uBAAuB,GAAG,cAAI,CAAC,EAAE,CAAC,KAAK,EAAE,MAAc,EAAE,MAAsC,EAAE,EAAE;gBACvG,OAAO,eAAe,CAAA;YACxB,CAAC,CAAC,CACD;YAAC,OAAe,CAAC,iBAAiB,GAAG,uBAAuB,CAG5D;YAAC,sBAAsB,CAAC,yBAAiC,CAAC,qBAAqB,CAAC,SAAS,CAAC,CAAA;YAC3F,MAAM,OAAO,CAAC,sBAAsB,CAAC,eAAe,CAAC,CAAA;YACrD,MAAM,OAAO,CAAC,eAAe,CAAC,eAAe,CAAC,CAAA;YAE9C,kDAAkD;YAClD,uBAAuB,CAAC,SAAS,EAAE,CAAA;YAEnC,8DAA8D;YAC9D,iFAAiF;YACjF,MAAO,OAAe,CAAC,wBAAwB,CAAC,OAAO,CAAC;gBACtD,UAAU,EAAG,OAAe,CAAC,eAAe,CAAC,oBAAoB;gBACjE,UAAU,EAAE,CAAC,CAAC,EAAE,oBAAoB,CAAC;gBACrC,KAAK,EAAE,GAAG;aACX,CAAC,CAAA;YAEF,8BAA8B;YAC9B,cAAI,CAAC,mBAAmB,CAAC,MAAO,CAAC,CAAA;YAEjC,MAAO,OAAe,CAAC,wBAAwB,CAAC,OAAO,CAAC;gBACtD,UAAU,EAAG,OAAe,CAAC,eAAe,CAAC,oBAAoB;gBACjE,UAAU,EAAE,CAAC,CAAC,EAAE,oBAAoB,CAAC;gBACrC,KAAK,EAAE,GAAG;aACX,CAAC,CAAA;YAEF,sFAAsF;YACtF,4EAA4E;YAC5E,MAAM,CAAC,uBAAuB,CAAC,CAAC,qBAAqB,CAAC,CAAC,CAAC,CAAA;QAC1D,CAAC,CAAC,CAAA;IACJ,CAAC,CAAC,CAAA;AACJ,CAAC,CAAC,CAAA"} \ No newline at end of file diff --git a/src/__tests/CWIStyleWalletManager.test.ts b/src/__tests/CWIStyleWalletManager.test.ts index e5c5e44d..f470ee8d 100644 --- a/src/__tests/CWIStyleWalletManager.test.ts +++ b/src/__tests/CWIStyleWalletManager.test.ts @@ -386,6 +386,8 @@ describe('CWIStyleWalletManager Tests', () => { }) }) + + describe('Change Recovery Key', () => { test('Prompts to save the new key, updates the token', async () => { ;(mockUMPTokenInteractor.findByPresentationKeyHash as any).mockResolvedValueOnce(undefined) @@ -433,6 +435,77 @@ describe('CWIStyleWalletManager Tests', () => { }) }) + describe('Profile management', () => { + test('addProfile adds a new profile and updates the UMP token', async () => { + ;(mockUMPTokenInteractor.findByPresentationKeyHash as any).mockResolvedValueOnce(undefined) + await manager.providePresentationKey(presentationKey) + await manager.providePassword('test-password') + expect(manager.authenticated).toBe(true) + + const initialProfiles = manager.listProfiles() + expect(initialProfiles).toHaveLength(1) + expect(initialProfiles[0].name).toBe('default') + + const getFactorSpy = jest + .spyOn(manager as any, 'getFactor') + .mockImplementation(async () => Random(32)) + + ;(mockUMPTokenInteractor.buildAndSend as any).mockClear() + + const newProfileId = await manager.addProfile('Work') + expect(Array.isArray(newProfileId)).toBe(true) + expect(newProfileId.length).toBe(16) + + const updatedProfiles = manager.listProfiles() + expect(updatedProfiles).toHaveLength(2) + const workProfile = updatedProfiles.find(p => p.name === 'Work') + expect(workProfile).toBeDefined() + expect(workProfile!.active).toBe(false) + + expect(mockUMPTokenInteractor.buildAndSend).toHaveBeenCalledTimes(1) + + getFactorSpy.mockRestore() + }) + + test('syncUMPToken refreshes UMP token and profiles from overlay when newer token exists', async () => { + ;(mockUMPTokenInteractor.findByPresentationKeyHash as any).mockResolvedValueOnce(undefined) + await manager.providePresentationKey(presentationKey) + await manager.providePassword('test-password') + expect(manager.authenticated).toBe(true) + + const originalToken = (manager as any).currentUMPToken as UMPToken + const rootPrimaryKey = (manager as any).rootPrimaryKey as number[] + + const extraProfile = { + name: 'overlay-profile', + id: Random(16), + primaryPad: Random(32), + privilegedPad: Random(32), + createdAt: Math.floor(Date.now() / 1000) + } + const profilesJson = JSON.stringify([extraProfile]) + const profilesBytes = Utils.toArray(profilesJson, 'utf8') + const profilesEncrypted = new SymmetricKey(rootPrimaryKey).encrypt(profilesBytes) as number[] + + const updatedToken: UMPToken = { + ...originalToken, + currentOutpoint: makeOutpoint('overlay-tx', 0), + profilesEncrypted + } + + const saveSnapshotSpy = jest.spyOn(manager, 'saveSnapshot') + ;(mockUMPTokenInteractor.findByPresentationKeyHash as any).mockResolvedValueOnce(updatedToken) + + const result = await manager.syncUMPToken() + expect(result).toBe(true) + expect(saveSnapshotSpy).toHaveBeenCalled() + saveSnapshotSpy.mockRestore() + + const profiles = manager.listProfiles() + expect(profiles.some(p => p.name === 'overlay-profile')).toBe(true) + }) + }) + test('Destroy callback clears sensitive data', async () => { // authenticate as new user ;(mockUMPTokenInteractor.findByPresentationKeyHash as any).mockResolvedValueOnce(undefined)