@animo-id/eudi-wallet-functionality 0.0.0-alpha-20260108162340 → 0.1.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (4) hide show
  1. package/dist/index.d.mts +339 -161
  2. package/dist/index.mjs +228 -77
  3. package/dist/index.mjs.map +1 -1
  4. package/package.json +6 -2
package/dist/index.mjs.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"index.mjs","names":["resolved: Partial<ResolvedTs12Metadata>","z"],"sources":["../src/error.ts","../src/validation/z-sca-attestation-ext.ts","../src/validation/z-transaction-data-common.ts","../src/validation/z-transaction-data-funke.ts","../src/validation/z-transaction-data-ts12.ts","../src/validation/z-transaction-data.ts","../src/validation/ts12.ts","../src/isDcqlQueryEqualOrSubset.ts","../src/verifyOpenid4VpAuthorizationRequest.ts"],"sourcesContent":["export class EudiWalletExtensionsError extends Error {\n constructor(message: string) {\n super(message)\n this.name = 'EudiWalletExtensionsError'\n if (Error.captureStackTrace) {\n Error.captureStackTrace(this, EudiWalletExtensionsError)\n }\n }\n}\n\nexport class Ts12IntegrityError extends EudiWalletExtensionsError {\n constructor(uri: string, integrity: string) {\n super(`Invalid integrity for ${uri}, expected ${integrity}`)\n this.name = 'Ts12IntegrityError'\n if (Error.captureStackTrace) {\n Error.captureStackTrace(this, Ts12IntegrityError)\n }\n }\n}\n","import { z } from 'zod'\n\nexport const zScaTransactionDataTypeClaims = z.array(\n z.object({\n /** The path to the claim within the transaction payload. */\n path: z.array(z.string()),\n /** * [TS12 3.3.2] Visual importance.\n * 1: Prominent (Top priority)\n * 2: Main (Standard visibility)\n * 3: Supplementary (Details view)\n * 4: Omitted (Not displayed)\n */\n visualisation: z.union([z.literal(1), z.literal(2), z.literal(3), z.literal(4)]).default(3),\n /** [ARF Annex 4] Localised display information for the claim. */\n display: z\n .array(\n z.object({\n /** Localised name of the claim (e.g., \"Amount\"). */\n name: z.string(),\n /** [ISO639-1] Language code (e.g., \"en\"). */\n locale: z.string().optional(),\n /** [RFC2397] Resolvable or Data URL of the claim icon. */\n logo: z.string().optional(),\n })\n )\n .min(1),\n })\n)\n\nexport const zScaTransactionDataTypeUiLabels = z\n .object({\n /**\n * [REQUIRED] Label for the confirmation (consent) button.\n * Max length: 30 characters.\n */\n affirmative_action_label: z\n .array(\n z.object({\n /** [RFC5646] Language identifier (e.g., \"en\", \"fr-CA\"). */\n lang: z.string(),\n /** Localised string value. Max length: 30 chars. */\n value: z.string().max(30),\n })\n )\n .min(1),\n\n /**\n * [OPTIONAL] Label for the denial (cancel) button.\n * Max length: 30 characters.\n */\n denial_action_label: z\n .array(\n z.object({\n /** [RFC5646] Language identifier. */\n lang: z.string(),\n /** Localised string value. Max length: 30 chars. */\n value: z.string().max(30),\n })\n )\n .min(1)\n .optional(),\n\n /**\n * [OPTIONAL] Title/headline for the transaction confirmation screen.\n * Max length: 50 characters.\n */\n transaction_title: z\n .array(\n z.object({\n /** [RFC5646] Language identifier. */\n lang: z.string(),\n /** Localised string value. Max length: 50 chars. */\n value: z.string().max(50),\n })\n )\n .min(1)\n .optional(),\n\n /**\n * [OPTIONAL] Security hint to be displayed to the User.\n * Max length: 250 characters.\n */\n security_hint: z\n .array(\n z.object({\n /** [RFC5646] Language identifier. */\n lang: z.string(),\n /** Localised string value. Max length: 250 chars. */\n value: z.string().max(250),\n })\n )\n .min(1)\n .optional(),\n })\n .catchall(\n // [TS12] \"Additional UI elements identifiers MAY be defined\"\n z.array(\n z.object({\n lang: z.string(),\n value: z.string(),\n })\n )\n )\n\n/**\n * @name zScaAttestationExt\n * @version EUDI TS12 v1.0 (05 December 2025)\n * @description Defines metadata for SCA Attestations, including transaction types and UI localization.\n * @see [EUDI TS12, Section 3] for VC Type Metadata requirements.\n * @see [EUDI TS12, Section 4.1] for Metadata structure.\n */\nexport const zScaAttestationExt = z.object({\n /**\n * [TS12 Section 3] Category the attestation belongs to.\n * MUST be 'urn:eu:europa:ec:eudi:sua:sca' for SCA Attestations.\n */\n category: z.string().optional(),\n transaction_data_types: z.record(\n z.string().describe('Transaction Type URI (e.g., urn:eudi:sca:payment:1). Must be collision resistant.'),\n z.intersection(\n z.union([\n z.object({\n /** [TS12 4.1] Embedded JSON Schema string defining the payload structure. MUST NOT be used if schema_uri is present. */\n schema: z.string(),\n }),\n z.object({\n /** [TS12 4.1] URI referencing an external JSON Schema document. MUST NOT be used if schema is present. */\n schema_uri: z.url(),\n 'schema_uri#integrity': z.string().optional(),\n }),\n ]),\n z.intersection(\n z.union([\n z.object({\n /** [TS12 3.3.2] Transaction Data Claim Metadata. MUST NOT be used if claims_uri is present. */\n claims: zScaTransactionDataTypeClaims,\n }),\n z.object({\n /** [TS12 3.3.2] URI referencing an external claims metadata document. MUST NOT be used if claims is present. */\n claims_uri: z.url(),\n 'claims_uri#integrity': z.string().optional(),\n }),\n ]),\n z.union([\n z.object({\n /** [TS12 3.3.3] Localised UI element values. MUST NOT be used if ui_labels_uri is present. */\n ui_labels: zScaTransactionDataTypeUiLabels,\n }),\n z.object({\n /** [TS12 3.3.3] URI referencing external UI labels. MUST NOT be used if ui_labels is present. */\n ui_labels_uri: z.string().url(),\n 'ui_labels_uri#integrity': z.string().optional(),\n }),\n ])\n )\n )\n ),\n})\n\nexport type ZScaAttestationExt = z.infer<typeof zScaAttestationExt>\n","import { z } from 'zod'\n\n/**\n * **OpenID4VP Common Fields**\n * Fields required by the transport protocol.\n */\nexport const zBaseTransaction = z.object({\n /**\n * **Type**\n * REQUIRED. String that identifies the type of transaction data.\n * @source OpenID4VP Section 5.1\n */\n type: z.string(),\n /**\n * **Credential IDs**\n * REQUIRED. Non-empty array of strings each referencing a Credential requested\n * by the Verifier (via DCQL `id` or PEX) that authorizes this transaction.\n * @source OpenID4VP Section 5.1 \"transaction_data\"\n */\n credential_ids: z.tuple([z.string()]).rest(z.string()),\n\n /**\n * **Transaction Data Hashes Algorithm**\n * OPTIONAL. Array of hash algorithms (e.g. `[\"sha-256\"]`).\n * @source OpenID4VP Appendix B.3.3.1\n */\n transaction_data_hashes_alg: z.tuple([z.string()]).rest(z.string()).optional(),\n})\n","import { z } from 'zod'\nimport { zBaseTransaction } from './z-transaction-data-common'\n\n/**\n * **Funke (German) QES Authorization Data**\n * * Profile used by the SPRIND/Bundesdruckerei EUDI Wallet.\n * * This type bridges OpenID4VP with ETSI TS 119 432 (Remote Signing).\n * * @see German National EUDI Wallet Architecture (Appendix 07)\n */\nexport const zFunkeQesTransaction = zBaseTransaction.extend({\n /**\n * **Signature Qualifier**\n * The level of signature required.\n * @source ETSI TS 119 432\n */\n signatureQualifier: z\n .enum(['eu_eidas_qes', 'eu_eidas_aes'])\n .describe('eu_eidas_qes (Qualified) or eu_eidas_aes (Advanced)'),\n\n /**\n * **Document Digests**\n * List of document hashes to be signed (DTBS - Data To Be Signed).\n * @source ETSI TS 119 432\n */\n documentDigests: z\n .array(\n z.object({\n /**\n * **Label**\n * Human-readable filename displayed to the user.\n */\n label: z.string().describe(\"Filename (e.g. 'Contract.pdf')\"),\n\n /**\n * **Hash**\n * Base64 encoded hash of the document.\n */\n hash: z.string().describe('Base64 encoded hash'),\n\n /**\n * **Hash Algorithm OID**\n * Object Identifier for the hash algorithm.\n */\n hashAlgorithmOID: z.string().optional().describe('OID of the hash algorithm'),\n })\n )\n .min(1),\n})\nexport type FunkeQesTransactionDataEntry = z.infer<typeof zFunkeQesTransaction>\n","import { z } from 'zod'\nimport { zBaseTransaction } from './z-transaction-data-common'\n\n// =============================================================================\n// 1. TS12 PAYLOAD SCHEMAS (Nested Objects)\n// Source: EUDI TS12 Section 4.3 \"Payload Object\"\n// =============================================================================\n\n/**\n * **TS12 Payment Payload**\n * * The business data strictly defined for Payments.\n * * @see EUDI TS12 Section 4.3.1 \"Payment Confirmation\"\n */\nexport const zPaymentPayload = z\n .object({\n /**\n * **Transaction ID**\n * Unique identifier of the Relying Party's interaction with the User.\n * @example \"8D8AC610-566D-4EF0-9C22-186B2A5ED793\"\n */\n transaction_id: z.string().min(1).max(36).describe(\"Unique identifier of the Relying Party's interaction\"),\n\n /**\n * **Date Time**\n * ISO 8601 date and time when the Relying Party started to interact with the User.\n * @example \"2025-11-13T20:20:39+00:00\"\n */\n date_time: z.iso.datetime().optional(),\n\n /**\n * **Payee**\n * Object holding the Payee (Merchant) details.\n */\n payee: z.object({\n /**\n * **Payee Name**\n * Name of the Payee to whom the payment is being made.\n */\n name: z.string(),\n\n /**\n * **Payee ID**\n * An identifier of the Payee understood by the payment system.\n */\n id: z.string(),\n\n /**\n * **Logo**\n * Resolvable URL or Data URI (RFC 2397) of the Payee logo.\n */\n logo: z.url().optional(),\n\n /**\n * **Website**\n * Resolvable URL of the Payee's website.\n */\n website: z.url().optional(),\n }),\n\n /**\n * **Currency**\n * 3-letter currency code (ISO 4217).\n */\n currency: z.string().regex(/^[A-Z]{3}$/),\n\n /**\n * **Amount**\n * The monetary value of the transaction.\n */\n amount: z.number(),\n\n /**\n * **Amount Estimated**\n */\n amount_estimated: z.boolean().optional(),\n\n /**\n * **Amount Earmarked**\n */\n amount_earmarked: z.boolean().optional(),\n\n /**\n * **SCT Inst**\n */\n sct_inst: z.boolean().optional(),\n\n /**\n * **PISP Details**\n * If present, indicates that the payment is being facilitated by a PISP.\n */\n pisp: z\n .object({\n /**\n * **Legal Name**\n * Legal name of the PISP.\n */\n legal_name: z.string(),\n\n /**\n * **Brand Name**\n * Brand name of the PISP.\n */\n brand_name: z.string(),\n\n /**\n * **Domain Name**\n * Domain name of the PISP as secured by the eIDAS QWAC certificate.\n */\n domain_name: z.string(),\n })\n .optional(),\n\n /**\n * **Execution Date**\n * ISO 8601 date of the payment's execution. MUST NOT be present when recurrence is present.\n * MUST NOT lie in the past.\n */\n execution_date: z.iso\n .datetime()\n .optional()\n .refine(\n (date) => {\n if (!date) return true\n return new Date(date) >= new Date()\n },\n { message: 'Execution date must not be in the past' }\n ),\n\n /**\n * **Recurrence**\n * Details for recurring payments.\n */\n recurrence: z\n .object({\n /**\n * **Start Date**\n * ISO 8601 date when the recurrence starts.\n */\n start_date: z.iso.datetime().optional(),\n\n /**\n * **End Date**\n * ISO 8601 date when the recurrence ends.\n */\n end_date: z.iso.datetime().optional(),\n\n /**\n * **Number**\n */\n number: z.number().int().optional(),\n\n /**\n * **Frequency**\n * ISO 20022 Frequency Code.\n */\n frequency: z.enum([\n 'INDA',\n 'DAIL',\n 'WEEK',\n 'TOWK',\n 'TWMN',\n 'MNTH',\n 'TOMN',\n 'QUTR',\n 'FOMN',\n 'SEMI',\n 'YEAR',\n 'TYEA',\n ]),\n\n /**\n * **MIT Options (Merchant Initiated Transaction)**\n */\n mit_options: z\n .object({\n /**\n * **Amount Variable**\n * If true, future amounts may vary.\n */\n amount_variable: z.boolean().optional(),\n\n /**\n * **Minimum Amount**\n * Minimum expected amount for future transactions.\n */\n min_amount: z.number().optional(),\n\n /**\n * **Maximum Amount**\n */\n max_amount: z.number().optional(),\n\n /**\n * **Total Amount**\n */\n total_amount: z.number().optional(),\n\n /**\n * **Initial Amount**\n */\n initial_amount: z.number().optional(),\n\n /**\n * **Initial Amount Number**\n */\n initial_amount_number: z.number().int().optional(),\n\n /**\n * **APR**\n */\n apr: z.number().optional(),\n })\n .optional(),\n })\n .optional(),\n })\n .refine((data) => !(data.recurrence && data.execution_date), {\n message: 'Execution date must not be present when recurrence is present',\n path: ['execution_date'],\n })\n\n/**\n * **TS12 Login / Risk Payload**\n * * @see EUDI TS12 Section 4.3.2\n */\nexport const zLoginPayload = z.object({\n /**\n * **Transaction ID**\n * Unique identifier of the Relying Party's interaction.\n * @example \"8D8AC610-566D-4EF0-9C22-186B2A5ED793\"\n */\n transaction_id: z.string().min(1).max(36),\n\n /**\n * **Date Time**\n * @example \"2025-11-13T20:20:39+00:00\"\n */\n date_time: z.iso.datetime().optional(),\n\n /**\n * **Service**\n * Name of the service triggering the operation (e.g. \"Superbank Online\").\n * @example \"Superbank Onlinebanking\"\n */\n service: z.string().max(100).optional(),\n\n /**\n * **Action**\n * Description of the action (e.g. \"Log in\", \"Change limit\").\n * @example \"Login to your online account.\"\n */\n action: z.string().max(140).describe('Description of the action to be authorized'),\n})\n\n/**\n * **TS12 Account Access Payload**\n * * @see EUDI TS12 Section 4.3.3\n */\nexport const zAccountAccessPayload = z.object({\n /**\n * **Transaction ID**\n * @example \"8D8AC610-566D-4EF0-9C22-186B2A5ED793\"\n */\n transaction_id: z.string().min(1).max(36),\n\n /**\n * **Date Time**\n * @example \"2025-11-13T20:20:39+00:00\"\n */\n date_time: z.iso.datetime().optional(),\n\n /**\n * **AISP Details**\n * If present, indicates access facilitated by an AISP.\n */\n aisp: z\n .object({\n legal_name: z.string(),\n brand_name: z.string(),\n domain_name: z.string(),\n })\n .optional(),\n\n /**\n * **Description**\n * Description of the data access the user is agreeing to.\n * @example \"Grant access to the account's data.\"\n */\n description: z.string().max(140).optional(),\n})\n\n/**\n * **TS12 E-Mandate Payload**\n * * @see EUDI TS12 Section 4.3.4\n */\nexport const zEMandatePayload = z\n .object({\n /**\n * **Transaction ID**\n * @example \"8D8AC610-566D-4EF0-9C22-186B2A5ED793\"\n */\n transaction_id: z.string().min(1).max(36),\n\n /**\n * **Date Time**\n * @example \"2025-11-13T20:20:39+00:00\"\n */\n date_time: z.iso.datetime().optional(),\n\n /**\n * **Start Date**\n * When the mandate becomes valid.\n * @example \"2025-11-13T20:20:39+00:00\"\n */\n start_date: z.iso.datetime().optional(),\n\n /**\n * **End Date**\n * When the mandate expires.\n * @example \"2025-12-13T20:20:39+00:00\"\n */\n end_date: z.iso.datetime().optional(),\n\n /**\n * **Reference Number**\n * E.g. Mandate Reference Number.\n * @example \"A-98765\"\n */\n reference_number: z.string().min(1).max(50).optional(),\n\n /**\n * **Creditor ID**\n * SEPA Creditor Identifier.\n * @example \"FR14ZZZ001122334455\"\n */\n creditor_id: z.string().min(1).max(50).optional(),\n\n /**\n * **Purpose**\n * Mandate text. Required if payment_payload is missing.\n * @example \"Pay monthly bill\"\n */\n purpose: z.string().max(1000).optional(),\n\n /**\n * **Payment Payload**\n * Nested payment object to leverage data for MITs.\n */\n payment_payload: zPaymentPayload.optional(),\n })\n .refine((data) => data.payment_payload || data.purpose, {\n message: 'Purpose is required if payment_payload is missing',\n path: ['purpose'],\n })\n\nexport type Ts12AccountAccessPayload = z.infer<typeof zAccountAccessPayload>\nexport type Ts12EMandatePayload = z.infer<typeof zEMandatePayload>\nexport type Ts12LoginPayload = z.infer<typeof zLoginPayload>\nexport type Ts12PaymentPayload = z.infer<typeof zPaymentPayload>\n\nexport const URN_SCA_PAYMENT = 'urn:eudi:sca:payment:1'\nexport const URN_SCA_LOGIN_RISK = 'urn:eudi:sca:login_risk_transaction:1'\nexport const URN_SCA_ACCOUNT_ACCESS = 'urn:eudi:sca:account_access:1'\nexport const URN_SCA_EMANDATE = 'urn:eudi:sca:emandate:1'\n\n// =============================================================================\n// 2. ROOT TRANSACTION DATA OBJECT (OpenID4VP Envelope)\n// Source: OpenID4VP Section 5.1 & TS12 Section 4.3\n// =============================================================================\n\n/**\n * **TS12 Transaction**\n * @see TS12 Section 4.3\n */\nexport const zTs12Transaction = zBaseTransaction.extend({\n payload: z.union([zPaymentPayload, zLoginPayload, zAccountAccessPayload, zEMandatePayload, z.unknown()]),\n})\nexport type Ts12TransactionDataEntry = z.infer<typeof zTs12Transaction>\n","import { z } from 'zod'\nimport { zFunkeQesTransaction } from './z-transaction-data-funke'\nimport {\n URN_SCA_ACCOUNT_ACCESS,\n URN_SCA_EMANDATE,\n URN_SCA_LOGIN_RISK,\n URN_SCA_PAYMENT,\n zAccountAccessPayload,\n zEMandatePayload,\n zLoginPayload,\n zPaymentPayload,\n zTs12Transaction,\n} from './z-transaction-data-ts12'\n\nexport * from './z-transaction-data-funke'\nexport * from './z-transaction-data-ts12'\n\nexport const zTransactionDataEntry = zTs12Transaction.or(zFunkeQesTransaction)\nexport const zTransactionData = z.array(zTransactionDataEntry)\n\nexport type TransactionDataEntry = z.infer<typeof zTransactionDataEntry>\nexport type TransactionData = z.infer<typeof zTransactionDataEntry>\n\nexport const ts12BuiltinSchemaValidators = {\n [URN_SCA_PAYMENT]: zPaymentPayload,\n [URN_SCA_LOGIN_RISK]: zLoginPayload,\n [URN_SCA_ACCOUNT_ACCESS]: zAccountAccessPayload,\n [URN_SCA_EMANDATE]: zEMandatePayload,\n} as const\n","import { z } from 'zod'\nimport { Ts12IntegrityError } from '../error'\nimport {\n type ZScaAttestationExt,\n zScaTransactionDataTypeClaims,\n zScaTransactionDataTypeUiLabels,\n} from './z-sca-attestation-ext'\nimport { ts12BuiltinSchemaValidators } from './z-transaction-data'\n\nexport interface ResolvedTs12Metadata {\n schema: string | object\n claims: Array<{\n path: string[]\n visualisation: 1 | 2 | 3 | 4\n display: Array<{ name: string; locale?: string; logo?: string }>\n }>\n ui_labels: {\n affirmative_action_label: Array<{ lang: string; value: string }>\n denial_action_label?: Array<{ lang: string; value: string }>\n transaction_title?: Array<{ lang: string; value: string }>\n security_hint?: Array<{ lang: string; value: string }>\n }\n}\n\nasync function fetchVerified<T>(\n uri: string,\n schema: z.ZodType<T>,\n integrity?: string,\n validateIntegrity?: (buf: ArrayBuffer, integrity: string) => boolean\n): Promise<T> {\n const response = await fetch(uri)\n if (!response.ok) {\n throw new Error(`Failed to fetch URI: ${uri}`)\n }\n if (integrity && validateIntegrity && !validateIntegrity(await response.clone().arrayBuffer(), integrity)) {\n throw new Ts12IntegrityError(uri, integrity)\n }\n return schema.parse(await response.json())\n}\n\nexport async function resolveTs12TransactionDisplayMetadata(\n metadata: ZScaAttestationExt,\n type: string,\n validateIntegrity?: (buf: ArrayBuffer, integrity: string) => boolean\n): Promise<ResolvedTs12Metadata | undefined> {\n if (!metadata.transaction_data_types || !metadata.transaction_data_types[type]) {\n return undefined\n }\n\n const typeMetadata = metadata.transaction_data_types[type]\n const resolved: Partial<ResolvedTs12Metadata> = {}\n\n if ('schema' in typeMetadata && typeMetadata.schema) {\n if (!(typeMetadata.schema in ts12BuiltinSchemaValidators)) {\n throw new Error(`unknown builtin schema: ${typeMetadata.schema}`)\n }\n resolved.schema = typeMetadata.schema\n } else if ('schema_uri' in typeMetadata && typeMetadata.schema_uri) {\n resolved.schema = await fetchVerified(\n typeMetadata.schema_uri,\n z.object({}),\n typeMetadata['schema_uri#integrity'],\n validateIntegrity\n )\n } else {\n throw new Error(`Unknown schema type for ${typeMetadata}`)\n }\n\n if ('claims' in typeMetadata && typeMetadata.claims) {\n resolved.claims = typeMetadata.claims\n } else if ('claims_uri' in typeMetadata && typeMetadata.claims_uri) {\n resolved.claims = await fetchVerified(\n typeMetadata.claims_uri,\n zScaTransactionDataTypeClaims,\n typeMetadata['claims_uri#integrity'],\n validateIntegrity\n )\n } else {\n throw new Error(`Unknown claims for ${typeMetadata}`)\n }\n\n if ('ui_labels' in typeMetadata && typeMetadata.ui_labels) {\n resolved.ui_labels = typeMetadata.ui_labels\n } else if ('ui_labels_uri' in typeMetadata && typeMetadata.ui_labels_uri) {\n resolved.ui_labels = await fetchVerified(\n typeMetadata.ui_labels_uri,\n zScaTransactionDataTypeUiLabels,\n typeMetadata['ui_labels_uri#integrity'],\n validateIntegrity\n )\n } else {\n throw new Error(`Unknown ui_labels for ${typeMetadata}`)\n }\n\n return resolved as ResolvedTs12Metadata\n}\n","import { type DcqlQuery, equalsIgnoreOrder, equalsWithOrder } from '@credo-ts/core'\n\nexport function isDcqlQueryEqualOrSubset(arq: DcqlQuery, rcq: DcqlQuery): boolean {\n if (rcq.credential_sets) {\n return false\n }\n\n if (rcq.credentials.some((c) => c.id)) {\n return false\n }\n\n // only sd-jwt and mdoc are supported\n if (arq.credentials.some((c) => c.format !== 'mso_mdoc' && c.format !== 'vc+sd-jwt' && c.format !== 'dc+sd-jwt')) {\n return false\n }\n\n credentialQueryLoop: for (const credentialQuery of arq.credentials) {\n const matchingRcqCredentialQueriesBasedOnFormat = rcq.credentials.filter((c) => c.format === credentialQuery.format)\n\n if (matchingRcqCredentialQueriesBasedOnFormat.length === 0) return false\n\n switch (credentialQuery.format) {\n case 'mso_mdoc': {\n const doctypeValue = credentialQuery.meta?.doctype_value\n if (!doctypeValue) return false\n if (typeof credentialQuery.meta?.doctype_value !== 'string') return false\n\n const foundMatchingRequests = matchingRcqCredentialQueriesBasedOnFormat.filter(\n (c): c is typeof c & { format: 'mso_mdoc' } =>\n !!(c.format === 'mso_mdoc' && c.meta && c.meta.doctype_value === doctypeValue)\n )\n\n // We do not know which one we have to pick based on the meta+format\n if (foundMatchingRequests.length === 0) return false\n\n let foundFullyMatching = false\n for (const matchedRequest of foundMatchingRequests) {\n // credentialQuery.claims must match or be subset of matchedRequest\n\n // If the claims is empty, everything within the specific format+meta is allowed\n if (!matchedRequest.claims) continue credentialQueryLoop\n\n // If no specific claims are request, we allow it as the format+meta is allowed to be requested\n // but this requests no additional claims\n if (!credentialQuery.claims) continue credentialQueryLoop\n\n // Every claim request in the authorization request must be found in the registration certificate\n // for mdoc, this means matching the `path[0]` (namespace) and `path[1]` (value name)\n const isEveryClaimAllowedToBeRequested = credentialQuery.claims.every(\n (c) =>\n 'path' in c &&\n matchedRequest.claims?.some(\n (mrc) => 'path' in mrc && c.path[0] === mrc.path[0] && c.path[1] === mrc.path[1]\n )\n )\n if (isEveryClaimAllowedToBeRequested) {\n foundFullyMatching = true\n }\n }\n\n if (!foundFullyMatching) return false\n\n break\n }\n case 'dc+sd-jwt': {\n const vctValues = credentialQuery.meta?.vct_values\n if (!vctValues || vctValues.length === 0) return false\n\n const foundMatchingRequests = matchingRcqCredentialQueriesBasedOnFormat.filter(\n (c): c is typeof c & { format: 'dc+sd-jwt' } =>\n !!(c.format === 'dc+sd-jwt' && c.meta?.vct_values && equalsIgnoreOrder(c.meta.vct_values, vctValues))\n )\n\n // We do not know which one we have to pick based on the meta+format\n if (foundMatchingRequests.length === 0) return false\n\n let foundFullyMatching = false\n for (const matchedRequest of foundMatchingRequests) {\n // credentialQuery.claims must match or be subset of matchedRequest\n\n // If the claims is empty, everything within the specific format+meta is allowed\n if (!matchedRequest.claims) continue credentialQueryLoop\n\n // If no specific claims are request, we allow it as the format+meta is allowed to be requested\n // but this requests no additional claims\n if (!credentialQuery.claims) continue credentialQueryLoop\n\n // Every claim request in the authorization request must be found in the registration certificate\n // for sd-jwt, this means making sure that every `path[n]` is in the registration certificate\n const isEveryClaimAllowedToBeRequested = credentialQuery.claims.every(\n (c) =>\n 'path' in c && matchedRequest.claims?.some((mrc) => 'path' in mrc && equalsWithOrder(c.path, mrc.path))\n )\n if (isEveryClaimAllowedToBeRequested) {\n foundFullyMatching = true\n }\n }\n\n if (!foundFullyMatching) return false\n\n break\n }\n default:\n return false\n }\n }\n\n return true\n}\n","import { type AgentContext, type DcqlQuery, JwsService, Jwt, X509Certificate } from '@credo-ts/core'\nimport type { OpenId4VpResolvedAuthorizationRequest } from '@credo-ts/openid4vc'\nimport z from 'zod'\nimport { isDcqlQueryEqualOrSubset } from './isDcqlQueryEqualOrSubset'\n\nexport type VerifyAuthorizationRequestOptions = {\n resolvedAuthorizationRequest: OpenId4VpResolvedAuthorizationRequest\n trustedCertificates?: Array<string>\n allowUntrustedSigned?: boolean\n}\n\nexport const verifyOpenid4VpAuthorizationRequest = async (\n agentContext: AgentContext,\n {\n resolvedAuthorizationRequest: { authorizationRequestPayload, signedAuthorizationRequest, dcql },\n trustedCertificates,\n allowUntrustedSigned,\n }: VerifyAuthorizationRequestOptions\n) => {\n const results = []\n if (!authorizationRequestPayload.verifier_attestations) return\n for (const va of authorizationRequestPayload.verifier_attestations) {\n // Here we verify it as a registration certificate according to\n // https://bmi.usercontent.opencode.de/eudi-wallet/eidas-2.0-architekturkonzept/flows/Wallet-Relying-Party-Authentication/#registration-certificate\n if (va.format === 'jwt') {\n if (typeof va.data !== 'string') {\n throw new Error('Only inline JWTs are supported')\n }\n\n const jwsService = agentContext.dependencyManager.resolve(JwsService)\n\n let isValidButUntrusted = false\n let isValidAndTrusted = false\n\n const jwt = Jwt.fromSerializedJwt(va.data)\n\n try {\n const { isValid } = await jwsService.verifyJws(agentContext, {\n jws: va.data,\n trustedCertificates,\n })\n isValidAndTrusted = isValid\n } catch {\n if (allowUntrustedSigned) {\n const { isValid } = await jwsService.verifyJws(agentContext, {\n jws: va.data,\n trustedCertificates: jwt.header.x5c ?? [],\n })\n isValidButUntrusted = isValid\n }\n }\n\n if (jwt.header.typ !== 'rc-rp+jwt') {\n throw new Error(`only 'rc-rp+jwt' is supported as header typ. Request included: ${jwt.header.typ}`)\n }\n\n if (!signedAuthorizationRequest) {\n throw new Error('Request must be signed for the registration certificate')\n }\n\n if (signedAuthorizationRequest.signer.method !== 'x5c') {\n throw new Error('x5c is only supported for registration certificate')\n }\n\n const registrationCertificateHeaderSchema = z\n .object({\n typ: z.literal('rc-rp+jwt'),\n alg: z.string(),\n // sprin-d did not define this\n x5u: z.string().url().optional(),\n // sprin-d did not define this\n 'x5t#s256': z.string().optional(),\n })\n .passthrough()\n\n // TODO: does not support intermediaries\n const registrationCertificatePayloadSchema = z\n .object({\n credentials: z.array(\n z.object({\n format: z.string(),\n multiple: z.boolean().default(false),\n meta: z\n .object({\n vct_values: z.array(z.string()).optional(),\n doctype_value: z.string().optional(),\n })\n .optional(),\n trusted_authorities: z\n .array(z.object({ type: z.string(), values: z.array(z.string()) }))\n .nonempty()\n .optional(),\n require_cryptographic_holder_binding: z.boolean().default(true),\n claims: z\n .array(\n z.object({\n id: z.string().optional(),\n path: z.array(z.string()).nonempty().nonempty(),\n values: z.array(z.number().or(z.boolean())).optional(),\n })\n )\n .nonempty()\n .optional(),\n claim_sets: z.array(z.array(z.string())).nonempty().optional(),\n })\n ),\n contact: z.object({\n website: z.string().url(),\n 'e-mail': z.string().email(),\n phone: z.string(),\n }),\n sub: z.string(),\n // Should be service\n services: z.array(z.object({ lang: z.string(), name: z.string() })),\n public_body: z.boolean().default(false),\n entitlements: z.array(z.any()),\n provided_attestations: z\n .array(\n z.object({\n format: z.string(),\n meta: z.any(),\n })\n )\n .optional(),\n privacy_policy: z.string().url(),\n iat: z.number().optional(),\n exp: z.number().optional(),\n purpose: z\n .array(\n z.object({\n locale: z.string().optional(),\n lang: z.string().optional(),\n name: z.string(),\n })\n )\n .optional(),\n status: z.any(),\n })\n .passthrough()\n\n registrationCertificateHeaderSchema.parse(jwt.header)\n const parsedPayload = registrationCertificatePayloadSchema.parse(jwt.payload.toJson())\n\n const [rpCertEncoded] = signedAuthorizationRequest.signer.x5c\n const rpCert = X509Certificate.fromEncodedCertificate(rpCertEncoded)\n\n if (rpCert.subject !== parsedPayload.sub) {\n throw new Error(\n `Subject in the certificate of the auth request: '${rpCert.subject}' is not equal to the subject of the registration certificate: '${parsedPayload.sub}'`\n )\n }\n\n if (parsedPayload.iat && Date.now() / 1000 <= parsedPayload.iat) {\n throw new Error('Issued at timestamp of the registration certificate is in the future')\n }\n\n // TODO: check the status of the registration certificate\n\n if (!dcql) {\n throw new Error('DCQL must be used when working registration certificates')\n }\n\n if (\n authorizationRequestPayload.presentation_definition ||\n authorizationRequestPayload.presentation_definition_uri\n ) {\n throw new Error('Presentation Exchange is not supported for the registration certificate')\n }\n\n const isValidDcqlQuery = isDcqlQueryEqualOrSubset(dcql.queryResult, parsedPayload as unknown as DcqlQuery)\n\n if (!isValidDcqlQuery) {\n throw new Error(\n 'DCQL query in the authorization request is not equal or a valid subset of the DCQl query provided in the registration certificate'\n )\n }\n\n results.push({ isValidButUntrusted, isValidAndTrusted, x509RegistrationCertificate: rpCert })\n } else {\n throw new Error(`only format of 'jwt' is supported`)\n }\n }\n return results\n}\n"],"mappings":";;;;AAAA,IAAa,4BAAb,MAAa,kCAAkC,MAAM;CACnD,YAAY,SAAiB;AAC3B,QAAM,QAAQ;AACd,OAAK,OAAO;AACZ,MAAI,MAAM,kBACR,OAAM,kBAAkB,MAAM,0BAA0B;;;AAK9D,IAAa,qBAAb,MAAa,2BAA2B,0BAA0B;CAChE,YAAY,KAAa,WAAmB;AAC1C,QAAM,yBAAyB,IAAI,aAAa,YAAY;AAC5D,OAAK,OAAO;AACZ,MAAI,MAAM,kBACR,OAAM,kBAAkB,MAAM,mBAAmB;;;;;;ACbvD,MAAa,gCAAgC,EAAE,MAC7C,EAAE,OAAO;CAEP,MAAM,EAAE,MAAM,EAAE,QAAQ,CAAC;CAOzB,eAAe,EAAE,MAAM;EAAC,EAAE,QAAQ,EAAE;EAAE,EAAE,QAAQ,EAAE;EAAE,EAAE,QAAQ,EAAE;EAAE,EAAE,QAAQ,EAAE;EAAC,CAAC,CAAC,QAAQ,EAAE;CAE3F,SAAS,EACN,MACC,EAAE,OAAO;EAEP,MAAM,EAAE,QAAQ;EAEhB,QAAQ,EAAE,QAAQ,CAAC,UAAU;EAE7B,MAAM,EAAE,QAAQ,CAAC,UAAU;EAC5B,CAAC,CACH,CACA,IAAI,EAAE;CACV,CAAC,CACH;AAED,MAAa,kCAAkC,EAC5C,OAAO;CAKN,0BAA0B,EACvB,MACC,EAAE,OAAO;EAEP,MAAM,EAAE,QAAQ;EAEhB,OAAO,EAAE,QAAQ,CAAC,IAAI,GAAG;EAC1B,CAAC,CACH,CACA,IAAI,EAAE;CAMT,qBAAqB,EAClB,MACC,EAAE,OAAO;EAEP,MAAM,EAAE,QAAQ;EAEhB,OAAO,EAAE,QAAQ,CAAC,IAAI,GAAG;EAC1B,CAAC,CACH,CACA,IAAI,EAAE,CACN,UAAU;CAMb,mBAAmB,EAChB,MACC,EAAE,OAAO;EAEP,MAAM,EAAE,QAAQ;EAEhB,OAAO,EAAE,QAAQ,CAAC,IAAI,GAAG;EAC1B,CAAC,CACH,CACA,IAAI,EAAE,CACN,UAAU;CAMb,eAAe,EACZ,MACC,EAAE,OAAO;EAEP,MAAM,EAAE,QAAQ;EAEhB,OAAO,EAAE,QAAQ,CAAC,IAAI,IAAI;EAC3B,CAAC,CACH,CACA,IAAI,EAAE,CACN,UAAU;CACd,CAAC,CACD,SAEC,EAAE,MACA,EAAE,OAAO;CACP,MAAM,EAAE,QAAQ;CAChB,OAAO,EAAE,QAAQ;CAClB,CAAC,CACH,CACF;;;;;;;;AASH,MAAa,qBAAqB,EAAE,OAAO;CAKzC,UAAU,EAAE,QAAQ,CAAC,UAAU;CAC/B,wBAAwB,EAAE,OACxB,EAAE,QAAQ,CAAC,SAAS,oFAAoF,EACxG,EAAE,aACA,EAAE,MAAM,CACN,EAAE,OAAO,EAEP,QAAQ,EAAE,QAAQ,EACnB,CAAC,EACF,EAAE,OAAO;EAEP,YAAY,EAAE,KAAK;EACnB,wBAAwB,EAAE,QAAQ,CAAC,UAAU;EAC9C,CAAC,CACH,CAAC,EACF,EAAE,aACA,EAAE,MAAM,CACN,EAAE,OAAO,EAEP,QAAQ,+BACT,CAAC,EACF,EAAE,OAAO;EAEP,YAAY,EAAE,KAAK;EACnB,wBAAwB,EAAE,QAAQ,CAAC,UAAU;EAC9C,CAAC,CACH,CAAC,EACF,EAAE,MAAM,CACN,EAAE,OAAO,EAEP,WAAW,iCACZ,CAAC,EACF,EAAE,OAAO;EAEP,eAAe,EAAE,QAAQ,CAAC,KAAK;EAC/B,2BAA2B,EAAE,QAAQ,CAAC,UAAU;EACjD,CAAC,CACH,CAAC,CACH,CACF,CACF;CACF,CAAC;;;;;;;;ACvJF,MAAa,mBAAmB,EAAE,OAAO;CAMvC,MAAM,EAAE,QAAQ;CAOhB,gBAAgB,EAAE,MAAM,CAAC,EAAE,QAAQ,CAAC,CAAC,CAAC,KAAK,EAAE,QAAQ,CAAC;CAOtD,6BAA6B,EAAE,MAAM,CAAC,EAAE,QAAQ,CAAC,CAAC,CAAC,KAAK,EAAE,QAAQ,CAAC,CAAC,UAAU;CAC/E,CAAC;;;;;;;;;;AClBF,MAAa,uBAAuB,iBAAiB,OAAO;CAM1D,oBAAoB,EACjB,KAAK,CAAC,gBAAgB,eAAe,CAAC,CACtC,SAAS,sDAAsD;CAOlE,iBAAiB,EACd,MACC,EAAE,OAAO;EAKP,OAAO,EAAE,QAAQ,CAAC,SAAS,iCAAiC;EAM5D,MAAM,EAAE,QAAQ,CAAC,SAAS,sBAAsB;EAMhD,kBAAkB,EAAE,QAAQ,CAAC,UAAU,CAAC,SAAS,4BAA4B;EAC9E,CAAC,CACH,CACA,IAAI,EAAE;CACV,CAAC;;;;;;;;;AClCF,MAAa,kBAAkB,EAC5B,OAAO;CAMN,gBAAgB,EAAE,QAAQ,CAAC,IAAI,EAAE,CAAC,IAAI,GAAG,CAAC,SAAS,uDAAuD;CAO1G,WAAW,EAAE,IAAI,UAAU,CAAC,UAAU;CAMtC,OAAO,EAAE,OAAO;EAKd,MAAM,EAAE,QAAQ;EAMhB,IAAI,EAAE,QAAQ;EAMd,MAAM,EAAE,KAAK,CAAC,UAAU;EAMxB,SAAS,EAAE,KAAK,CAAC,UAAU;EAC5B,CAAC;CAMF,UAAU,EAAE,QAAQ,CAAC,MAAM,aAAa;CAMxC,QAAQ,EAAE,QAAQ;CAKlB,kBAAkB,EAAE,SAAS,CAAC,UAAU;CAKxC,kBAAkB,EAAE,SAAS,CAAC,UAAU;CAKxC,UAAU,EAAE,SAAS,CAAC,UAAU;CAMhC,MAAM,EACH,OAAO;EAKN,YAAY,EAAE,QAAQ;EAMtB,YAAY,EAAE,QAAQ;EAMtB,aAAa,EAAE,QAAQ;EACxB,CAAC,CACD,UAAU;CAOb,gBAAgB,EAAE,IACf,UAAU,CACV,UAAU,CACV,QACE,SAAS;AACR,MAAI,CAAC,KAAM,QAAO;AAClB,SAAO,IAAI,KAAK,KAAK,oBAAI,IAAI,MAAM;IAErC,EAAE,SAAS,0CAA0C,CACtD;CAMH,YAAY,EACT,OAAO;EAKN,YAAY,EAAE,IAAI,UAAU,CAAC,UAAU;EAMvC,UAAU,EAAE,IAAI,UAAU,CAAC,UAAU;EAKrC,QAAQ,EAAE,QAAQ,CAAC,KAAK,CAAC,UAAU;EAMnC,WAAW,EAAE,KAAK;GAChB;GACA;GACA;GACA;GACA;GACA;GACA;GACA;GACA;GACA;GACA;GACA;GACD,CAAC;EAKF,aAAa,EACV,OAAO;GAKN,iBAAiB,EAAE,SAAS,CAAC,UAAU;GAMvC,YAAY,EAAE,QAAQ,CAAC,UAAU;GAKjC,YAAY,EAAE,QAAQ,CAAC,UAAU;GAKjC,cAAc,EAAE,QAAQ,CAAC,UAAU;GAKnC,gBAAgB,EAAE,QAAQ,CAAC,UAAU;GAKrC,uBAAuB,EAAE,QAAQ,CAAC,KAAK,CAAC,UAAU;GAKlD,KAAK,EAAE,QAAQ,CAAC,UAAU;GAC3B,CAAC,CACD,UAAU;EACd,CAAC,CACD,UAAU;CACd,CAAC,CACD,QAAQ,SAAS,EAAE,KAAK,cAAc,KAAK,iBAAiB;CAC3D,SAAS;CACT,MAAM,CAAC,iBAAiB;CACzB,CAAC;;;;;AAMJ,MAAa,gBAAgB,EAAE,OAAO;CAMpC,gBAAgB,EAAE,QAAQ,CAAC,IAAI,EAAE,CAAC,IAAI,GAAG;CAMzC,WAAW,EAAE,IAAI,UAAU,CAAC,UAAU;CAOtC,SAAS,EAAE,QAAQ,CAAC,IAAI,IAAI,CAAC,UAAU;CAOvC,QAAQ,EAAE,QAAQ,CAAC,IAAI,IAAI,CAAC,SAAS,6CAA6C;CACnF,CAAC;;;;;AAMF,MAAa,wBAAwB,EAAE,OAAO;CAK5C,gBAAgB,EAAE,QAAQ,CAAC,IAAI,EAAE,CAAC,IAAI,GAAG;CAMzC,WAAW,EAAE,IAAI,UAAU,CAAC,UAAU;CAMtC,MAAM,EACH,OAAO;EACN,YAAY,EAAE,QAAQ;EACtB,YAAY,EAAE,QAAQ;EACtB,aAAa,EAAE,QAAQ;EACxB,CAAC,CACD,UAAU;CAOb,aAAa,EAAE,QAAQ,CAAC,IAAI,IAAI,CAAC,UAAU;CAC5C,CAAC;;;;;AAMF,MAAa,mBAAmB,EAC7B,OAAO;CAKN,gBAAgB,EAAE,QAAQ,CAAC,IAAI,EAAE,CAAC,IAAI,GAAG;CAMzC,WAAW,EAAE,IAAI,UAAU,CAAC,UAAU;CAOtC,YAAY,EAAE,IAAI,UAAU,CAAC,UAAU;CAOvC,UAAU,EAAE,IAAI,UAAU,CAAC,UAAU;CAOrC,kBAAkB,EAAE,QAAQ,CAAC,IAAI,EAAE,CAAC,IAAI,GAAG,CAAC,UAAU;CAOtD,aAAa,EAAE,QAAQ,CAAC,IAAI,EAAE,CAAC,IAAI,GAAG,CAAC,UAAU;CAOjD,SAAS,EAAE,QAAQ,CAAC,IAAI,IAAK,CAAC,UAAU;CAMxC,iBAAiB,gBAAgB,UAAU;CAC5C,CAAC,CACD,QAAQ,SAAS,KAAK,mBAAmB,KAAK,SAAS;CACtD,SAAS;CACT,MAAM,CAAC,UAAU;CAClB,CAAC;AAOJ,MAAa,kBAAkB;AAC/B,MAAa,qBAAqB;AAClC,MAAa,yBAAyB;AACtC,MAAa,mBAAmB;;;;;AAWhC,MAAa,mBAAmB,iBAAiB,OAAO,EACtD,SAAS,EAAE,MAAM;CAAC;CAAiB;CAAe;CAAuB;CAAkB,EAAE,SAAS;CAAC,CAAC,EACzG,CAAC;;;;ACvWF,MAAa,wBAAwB,iBAAiB,GAAG,qBAAqB;AAC9E,MAAa,mBAAmB,EAAE,MAAM,sBAAsB;AAK9D,MAAa,8BAA8B;EACxC,kBAAkB;EAClB,qBAAqB;EACrB,yBAAyB;EACzB,mBAAmB;CACrB;;;;ACJD,eAAe,cACb,KACA,QACA,WACA,mBACY;CACZ,MAAM,WAAW,MAAM,MAAM,IAAI;AACjC,KAAI,CAAC,SAAS,GACZ,OAAM,IAAI,MAAM,wBAAwB,MAAM;AAEhD,KAAI,aAAa,qBAAqB,CAAC,kBAAkB,MAAM,SAAS,OAAO,CAAC,aAAa,EAAE,UAAU,CACvG,OAAM,IAAI,mBAAmB,KAAK,UAAU;AAE9C,QAAO,OAAO,MAAM,MAAM,SAAS,MAAM,CAAC;;AAG5C,eAAsB,sCACpB,UACA,MACA,mBAC2C;AAC3C,KAAI,CAAC,SAAS,0BAA0B,CAAC,SAAS,uBAAuB,MACvE;CAGF,MAAM,eAAe,SAAS,uBAAuB;CACrD,MAAMA,WAA0C,EAAE;AAElD,KAAI,YAAY,gBAAgB,aAAa,QAAQ;AACnD,MAAI,EAAE,aAAa,UAAU,6BAC3B,OAAM,IAAI,MAAM,2BAA2B,aAAa,SAAS;AAEnE,WAAS,SAAS,aAAa;YACtB,gBAAgB,gBAAgB,aAAa,WACtD,UAAS,SAAS,MAAM,cACtB,aAAa,YACb,EAAE,OAAO,EAAE,CAAC,EACZ,aAAa,yBACb,kBACD;KAED,OAAM,IAAI,MAAM,2BAA2B,eAAe;AAG5D,KAAI,YAAY,gBAAgB,aAAa,OAC3C,UAAS,SAAS,aAAa;UACtB,gBAAgB,gBAAgB,aAAa,WACtD,UAAS,SAAS,MAAM,cACtB,aAAa,YACb,+BACA,aAAa,yBACb,kBACD;KAED,OAAM,IAAI,MAAM,sBAAsB,eAAe;AAGvD,KAAI,eAAe,gBAAgB,aAAa,UAC9C,UAAS,YAAY,aAAa;UACzB,mBAAmB,gBAAgB,aAAa,cACzD,UAAS,YAAY,MAAM,cACzB,aAAa,eACb,iCACA,aAAa,4BACb,kBACD;KAED,OAAM,IAAI,MAAM,yBAAyB,eAAe;AAG1D,QAAO;;;;;AC5FT,SAAgB,yBAAyB,KAAgB,KAAyB;AAChF,KAAI,IAAI,gBACN,QAAO;AAGT,KAAI,IAAI,YAAY,MAAM,MAAM,EAAE,GAAG,CACnC,QAAO;AAIT,KAAI,IAAI,YAAY,MAAM,MAAM,EAAE,WAAW,cAAc,EAAE,WAAW,eAAe,EAAE,WAAW,YAAY,CAC9G,QAAO;AAGT,qBAAqB,MAAK,MAAM,mBAAmB,IAAI,aAAa;EAClE,MAAM,4CAA4C,IAAI,YAAY,QAAQ,MAAM,EAAE,WAAW,gBAAgB,OAAO;AAEpH,MAAI,0CAA0C,WAAW,EAAG,QAAO;AAEnE,UAAQ,gBAAgB,QAAxB;GACE,KAAK,YAAY;IACf,MAAM,eAAe,gBAAgB,MAAM;AAC3C,QAAI,CAAC,aAAc,QAAO;AAC1B,QAAI,OAAO,gBAAgB,MAAM,kBAAkB,SAAU,QAAO;IAEpE,MAAM,wBAAwB,0CAA0C,QACrE,MACC,CAAC,EAAE,EAAE,WAAW,cAAc,EAAE,QAAQ,EAAE,KAAK,kBAAkB,cACpE;AAGD,QAAI,sBAAsB,WAAW,EAAG,QAAO;IAE/C,IAAI,qBAAqB;AACzB,SAAK,MAAM,kBAAkB,uBAAuB;AAIlD,SAAI,CAAC,eAAe,OAAQ,UAAS;AAIrC,SAAI,CAAC,gBAAgB,OAAQ,UAAS;AAWtC,SAPyC,gBAAgB,OAAO,OAC7D,MACC,UAAU,KACV,eAAe,QAAQ,MACpB,QAAQ,UAAU,OAAO,EAAE,KAAK,OAAO,IAAI,KAAK,MAAM,EAAE,KAAK,OAAO,IAAI,KAAK,GAC/E,CACJ,CAEC,sBAAqB;;AAIzB,QAAI,CAAC,mBAAoB,QAAO;AAEhC;;GAEF,KAAK,aAAa;IAChB,MAAM,YAAY,gBAAgB,MAAM;AACxC,QAAI,CAAC,aAAa,UAAU,WAAW,EAAG,QAAO;IAEjD,MAAM,wBAAwB,0CAA0C,QACrE,MACC,CAAC,EAAE,EAAE,WAAW,eAAe,EAAE,MAAM,cAAc,kBAAkB,EAAE,KAAK,YAAY,UAAU,EACvG;AAGD,QAAI,sBAAsB,WAAW,EAAG,QAAO;IAE/C,IAAI,qBAAqB;AACzB,SAAK,MAAM,kBAAkB,uBAAuB;AAIlD,SAAI,CAAC,eAAe,OAAQ,UAAS;AAIrC,SAAI,CAAC,gBAAgB,OAAQ,UAAS;AAQtC,SAJyC,gBAAgB,OAAO,OAC7D,MACC,UAAU,KAAK,eAAe,QAAQ,MAAM,QAAQ,UAAU,OAAO,gBAAgB,EAAE,MAAM,IAAI,KAAK,CAAC,CAC1G,CAEC,sBAAqB;;AAIzB,QAAI,CAAC,mBAAoB,QAAO;AAEhC;;GAEF,QACE,QAAO;;;AAIb,QAAO;;;;;AChGT,MAAa,sCAAsC,OACjD,cACA,EACE,8BAA8B,EAAE,6BAA6B,4BAA4B,QACzF,qBACA,2BAEC;CACH,MAAM,UAAU,EAAE;AAClB,KAAI,CAAC,4BAA4B,sBAAuB;AACxD,MAAK,MAAM,MAAM,4BAA4B,sBAG3C,KAAI,GAAG,WAAW,OAAO;AACvB,MAAI,OAAO,GAAG,SAAS,SACrB,OAAM,IAAI,MAAM,iCAAiC;EAGnD,MAAM,aAAa,aAAa,kBAAkB,QAAQ,WAAW;EAErE,IAAI,sBAAsB;EAC1B,IAAI,oBAAoB;EAExB,MAAM,MAAM,IAAI,kBAAkB,GAAG,KAAK;AAE1C,MAAI;GACF,MAAM,EAAE,YAAY,MAAM,WAAW,UAAU,cAAc;IAC3D,KAAK,GAAG;IACR;IACD,CAAC;AACF,uBAAoB;UACd;AACN,OAAI,sBAAsB;IACxB,MAAM,EAAE,YAAY,MAAM,WAAW,UAAU,cAAc;KAC3D,KAAK,GAAG;KACR,qBAAqB,IAAI,OAAO,OAAO,EAAE;KAC1C,CAAC;AACF,0BAAsB;;;AAI1B,MAAI,IAAI,OAAO,QAAQ,YACrB,OAAM,IAAI,MAAM,kEAAkE,IAAI,OAAO,MAAM;AAGrG,MAAI,CAAC,2BACH,OAAM,IAAI,MAAM,0DAA0D;AAG5E,MAAI,2BAA2B,OAAO,WAAW,MAC/C,OAAM,IAAI,MAAM,qDAAqD;EAGvE,MAAM,sCAAsCC,IACzC,OAAO;GACN,KAAKA,IAAE,QAAQ,YAAY;GAC3B,KAAKA,IAAE,QAAQ;GAEf,KAAKA,IAAE,QAAQ,CAAC,KAAK,CAAC,UAAU;GAEhC,YAAYA,IAAE,QAAQ,CAAC,UAAU;GAClC,CAAC,CACD,aAAa;EAGhB,MAAM,uCAAuCA,IAC1C,OAAO;GACN,aAAaA,IAAE,MACbA,IAAE,OAAO;IACP,QAAQA,IAAE,QAAQ;IAClB,UAAUA,IAAE,SAAS,CAAC,QAAQ,MAAM;IACpC,MAAMA,IACH,OAAO;KACN,YAAYA,IAAE,MAAMA,IAAE,QAAQ,CAAC,CAAC,UAAU;KAC1C,eAAeA,IAAE,QAAQ,CAAC,UAAU;KACrC,CAAC,CACD,UAAU;IACb,qBAAqBA,IAClB,MAAMA,IAAE,OAAO;KAAE,MAAMA,IAAE,QAAQ;KAAE,QAAQA,IAAE,MAAMA,IAAE,QAAQ,CAAC;KAAE,CAAC,CAAC,CAClE,UAAU,CACV,UAAU;IACb,sCAAsCA,IAAE,SAAS,CAAC,QAAQ,KAAK;IAC/D,QAAQA,IACL,MACCA,IAAE,OAAO;KACP,IAAIA,IAAE,QAAQ,CAAC,UAAU;KACzB,MAAMA,IAAE,MAAMA,IAAE,QAAQ,CAAC,CAAC,UAAU,CAAC,UAAU;KAC/C,QAAQA,IAAE,MAAMA,IAAE,QAAQ,CAAC,GAAGA,IAAE,SAAS,CAAC,CAAC,CAAC,UAAU;KACvD,CAAC,CACH,CACA,UAAU,CACV,UAAU;IACb,YAAYA,IAAE,MAAMA,IAAE,MAAMA,IAAE,QAAQ,CAAC,CAAC,CAAC,UAAU,CAAC,UAAU;IAC/D,CAAC,CACH;GACD,SAASA,IAAE,OAAO;IAChB,SAASA,IAAE,QAAQ,CAAC,KAAK;IACzB,UAAUA,IAAE,QAAQ,CAAC,OAAO;IAC5B,OAAOA,IAAE,QAAQ;IAClB,CAAC;GACF,KAAKA,IAAE,QAAQ;GAEf,UAAUA,IAAE,MAAMA,IAAE,OAAO;IAAE,MAAMA,IAAE,QAAQ;IAAE,MAAMA,IAAE,QAAQ;IAAE,CAAC,CAAC;GACnE,aAAaA,IAAE,SAAS,CAAC,QAAQ,MAAM;GACvC,cAAcA,IAAE,MAAMA,IAAE,KAAK,CAAC;GAC9B,uBAAuBA,IACpB,MACCA,IAAE,OAAO;IACP,QAAQA,IAAE,QAAQ;IAClB,MAAMA,IAAE,KAAK;IACd,CAAC,CACH,CACA,UAAU;GACb,gBAAgBA,IAAE,QAAQ,CAAC,KAAK;GAChC,KAAKA,IAAE,QAAQ,CAAC,UAAU;GAC1B,KAAKA,IAAE,QAAQ,CAAC,UAAU;GAC1B,SAASA,IACN,MACCA,IAAE,OAAO;IACP,QAAQA,IAAE,QAAQ,CAAC,UAAU;IAC7B,MAAMA,IAAE,QAAQ,CAAC,UAAU;IAC3B,MAAMA,IAAE,QAAQ;IACjB,CAAC,CACH,CACA,UAAU;GACb,QAAQA,IAAE,KAAK;GAChB,CAAC,CACD,aAAa;AAEhB,sCAAoC,MAAM,IAAI,OAAO;EACrD,MAAM,gBAAgB,qCAAqC,MAAM,IAAI,QAAQ,QAAQ,CAAC;EAEtF,MAAM,CAAC,iBAAiB,2BAA2B,OAAO;EAC1D,MAAM,SAAS,gBAAgB,uBAAuB,cAAc;AAEpE,MAAI,OAAO,YAAY,cAAc,IACnC,OAAM,IAAI,MACR,oDAAoD,OAAO,QAAQ,kEAAkE,cAAc,IAAI,GACxJ;AAGH,MAAI,cAAc,OAAO,KAAK,KAAK,GAAG,OAAQ,cAAc,IAC1D,OAAM,IAAI,MAAM,uEAAuE;AAKzF,MAAI,CAAC,KACH,OAAM,IAAI,MAAM,2DAA2D;AAG7E,MACE,4BAA4B,2BAC5B,4BAA4B,4BAE5B,OAAM,IAAI,MAAM,0EAA0E;AAK5F,MAAI,CAFqB,yBAAyB,KAAK,aAAa,cAAsC,CAGxG,OAAM,IAAI,MACR,oIACD;AAGH,UAAQ,KAAK;GAAE;GAAqB;GAAmB,6BAA6B;GAAQ,CAAC;OAE7F,OAAM,IAAI,MAAM,oCAAoC;AAGxD,QAAO"}
1
+ {"version":3,"file":"index.mjs","names":["defaultValidator: GlobalValidator","currentDefaults: GlobalMergeConfig","result","resolved: Partial<ResolvedTs12Metadata>","z"],"sources":["../src/error.ts","../src/merge-json.ts","../src/validation/z-sca-attestation-ext.ts","../src/validation/z-transaction-data-common.ts","../src/validation/z-transaction-data-funke.ts","../src/validation/z-transaction-data-ts12.ts","../src/validation/z-transaction-data.ts","../src/validation/ts12.ts","../src/isDcqlQueryEqualOrSubset.ts","../src/verifyOpenid4VpAuthorizationRequest.ts"],"sourcesContent":["export class EudiWalletExtensionsError extends Error {\n constructor(message: string) {\n super(message)\n this.name = 'EudiWalletExtensionsError'\n if (Error.captureStackTrace) {\n Error.captureStackTrace(this, EudiWalletExtensionsError)\n }\n }\n}\n\nexport class Ts12IntegrityError extends EudiWalletExtensionsError {\n constructor(uri: string, integrity: string) {\n super(`Invalid integrity for ${uri}, expected ${integrity}`)\n this.name = 'Ts12IntegrityError'\n if (Error.captureStackTrace) {\n Error.captureStackTrace(this, Ts12IntegrityError)\n }\n }\n}\n","export type MergeStrategy = 'replace' | 'merge' | 'append'\n\nexport interface GlobalMergeConfig {\n /**\n * Default strategy for objects.\n * - 'merge': Recursively merge properties (default).\n * - 'replace': Replace the target object with the source object.\n */\n objectStrategy?: 'merge' | 'replace'\n\n /**\n * Default strategy for arrays.\n * - 'replace': Replace the target array with the source array (default).\n * - 'append': Append source elements to the target array.\n * - 'merge': Merge elements based on index or discriminant.\n */\n arrayStrategy?: 'replace' | 'append' | 'merge'\n\n /**\n * Global validator called for every field merge.\n * Defaults to `defaultValidator` which enforces strict type checking and prevents setting non-nullable values to null.\n */\n validator?: GlobalValidator\n}\n\nexport interface MergeConfig extends GlobalMergeConfig {\n /**\n * Strategy for this specific field.\n */\n strategy?: MergeStrategy\n\n /**\n * If the field is an array and strategy is 'merge', this defines how to match elements.\n * - If string: The property name to use as a key (e.g., 'id').\n * - If array of strings: Composite key (e.g., ['type', 'subtype']).\n * - If undefined: Merge by index.\n */\n arrayDiscriminant?: string | string[]\n\n /**\n * Validator to check if the transition from target to source is allowed.\n * If the transition is invalid, this function should throw an error.\n * @param target The current value in the target.\n * @param source The new value from the source.\n */\n validate?: (target: unknown, source: unknown) => void\n\n /**\n * Nested configuration for properties of this field (if it is an object).\n */\n fields?: Record<string, MergeConfig>\n\n /**\n * Configuration for items of this field (if it is an array).\n */\n items?: MergeConfig\n}\n\nexport type GlobalValidator = (path: string, target: unknown, source: unknown) => void\n\ntype Expand<T> = T extends infer O ? { [K in keyof O]: O[K] } : never\n\nexport type MergeResult<Target, Source, Config extends MergeConfig = Record<string, never>> = Source extends undefined // 1. Handle explicit undefined cases first\n ? Target\n : Target extends undefined\n ? Source\n : // 2. Unwrap types to check for Arrays\n NonNullable<Source> extends readonly unknown[]\n ? NonNullable<Target> extends readonly unknown[]\n ? Config['arrayStrategy'] extends 'append' | 'merge'\n ? Array<(Source extends readonly (infer S)[] ? S : never) | (Target extends readonly (infer T)[] ? T : never)>\n : Source\n : Source\n : // 3. Unwrap types to check for Objects\n NonNullable<Source> extends object\n ? NonNullable<Target> extends readonly unknown[]\n ? Source\n : // Target is array, Source is object -> Replace\n NonNullable<Target> extends object\n ? Config['objectStrategy'] extends 'replace'\n ? Source\n : Expand<\n // 4. Use NonNullable for keyof operations to ensure we can iterate keys\n {\n [K in keyof NonNullable<Target> as K extends keyof NonNullable<Source>\n ? never\n : K]: NonNullable<Target>[K]\n } & {\n [K in keyof NonNullable<Source>]: K extends keyof NonNullable<Target>\n ? MergeResult<NonNullable<Target>[K], NonNullable<Source>[K], Config>\n : NonNullable<Source>[K]\n }\n >\n : Source\n : Source\n\n/**\n * Default validator that enforces:\n * 1. Non-null/undefined values cannot be set to null/undefined.\n * 2. Non-null/undefined types must match (e.g. cannot change string to number, or object to array).\n */\nexport const defaultValidator: GlobalValidator = (path, target, source) => {\n if (source === undefined) return\n if (target === undefined) return\n\n // 1. Non-null/undefined value cannot be set to null\n if (source === null) {\n if (target !== null) {\n throw new Error(`Invalid value change at path \"${path}\": cannot set non-nullable value to null`)\n }\n return\n }\n\n // 2. Non-null/undefined types are overridden/merged by the same type\n if (target === null) {\n // Target is null, source is not null. We allow this (null -> value).\n return\n }\n\n const targetType = getType(target)\n const sourceType = getType(source)\n\n if (targetType !== sourceType) {\n throw new Error(`Type mismatch at path \"${path}\": expected ${targetType}, got ${sourceType}`)\n }\n\n if (targetType === 'primitive') {\n if (typeof target !== typeof source) {\n throw new Error(`Type mismatch at path \"${path}\": expected ${typeof target}, got ${typeof source}`)\n }\n }\n}\n\n/**\n * Merges two JSON values based on a configuration.\n *\n * @param target The original object (will not be mutated).\n * @param source The object to merge into the target.\n * @param config Configuration for the merge behavior.\n * @returns The merged object.\n */\nexport function mergeJson<Target, Source, Config extends MergeConfig = MergeConfig>(\n target: Target,\n source: Source,\n config: Config = {} as Config\n): MergeResult<Target, Source, Config> {\n const defaults: GlobalMergeConfig = {\n objectStrategy: config.objectStrategy,\n arrayStrategy: config.arrayStrategy,\n validator: config.validator ?? defaultValidator,\n }\n // Treat the root config as the node config for the root\n return mergeRecursive(target, source, config as MergeConfig, defaults, '') as MergeResult<Target, Source, Config>\n}\n\nfunction mergeRecursive(\n target: unknown,\n source: unknown,\n nodeConfig: MergeConfig | undefined,\n parentDefaults: GlobalMergeConfig,\n path: string\n): unknown {\n // If types are different or one is null/undefined, source wins (unless source is undefined, then target wins)\n if (source === undefined) return target\n\n // Resolve effective defaults for this level (override parent defaults if present in nodeConfig)\n const currentDefaults: GlobalMergeConfig = {\n objectStrategy: nodeConfig?.objectStrategy ?? parentDefaults.objectStrategy,\n arrayStrategy: nodeConfig?.arrayStrategy ?? parentDefaults.arrayStrategy,\n validator: nodeConfig?.validator ?? parentDefaults.validator,\n }\n\n // Field-specific validation\n if (nodeConfig?.validate) {\n nodeConfig.validate(target, source)\n }\n\n // Global validation\n if (currentDefaults.validator) {\n currentDefaults.validator(path, target, source)\n }\n\n if (target === undefined) return source\n if (source === null) return null\n if (target === null) return source\n\n const targetType = getType(target)\n const sourceType = getType(source)\n\n // If validator passed but types mismatch, we assume source wins\n if (targetType !== sourceType) {\n return source\n }\n\n // Strict primitive check\n if (targetType === 'primitive') {\n if (typeof target !== typeof source) {\n return source\n }\n return source\n }\n\n const strategy = nodeConfig?.strategy\n\n // Handle Arrays\n if (sourceType === 'array') {\n const targetArray = target as unknown[]\n const sourceArray = source as unknown[]\n const arrayStrategy = strategy || currentDefaults.arrayStrategy || 'replace'\n\n if (arrayStrategy === 'replace') {\n return [...sourceArray]\n }\n\n if (arrayStrategy === 'append') {\n return [...targetArray, ...sourceArray]\n }\n\n if (arrayStrategy === 'merge') {\n return mergeArrays(\n targetArray,\n sourceArray,\n nodeConfig, // Pass current array config to mergeArrays\n currentDefaults,\n path,\n nodeConfig?.arrayDiscriminant\n )\n }\n }\n\n // Handle Objects\n if (sourceType === 'object') {\n const targetObj = target as Record<string, unknown>\n const sourceObj = source as Record<string, unknown>\n const objectStrategy = strategy || currentDefaults.objectStrategy || 'merge'\n\n if (objectStrategy === 'replace') {\n return { ...sourceObj }\n }\n\n if (objectStrategy === 'merge') {\n const result = { ...targetObj }\n const keys = new Set([...Object.keys(targetObj), ...Object.keys(sourceObj)])\n\n for (const key of keys) {\n // Use bracket notation if key contains invalid identifier characters\n const keyPart = /^[a-zA-Z_$][a-zA-Z0-9_$]*$/.test(key) ? `.${key}` : `[\"${key}\"]`\n const newPath = path ? `${path}${keyPart}` : key\n\n // Resolve child config from nested fields\n const specificConfig = nodeConfig?.fields?.[key]\n const wildcardConfig = nodeConfig?.items\n\n // Merge specific config with wildcard config (specific takes precedence)\n const childNodeConfig =\n specificConfig && wildcardConfig\n ? { ...wildcardConfig, ...specificConfig }\n : (specificConfig ?? wildcardConfig)\n\n result[key] = mergeRecursive(targetObj[key], sourceObj[key], childNodeConfig, currentDefaults, newPath)\n }\n return result\n }\n }\n\n return source\n}\n\nfunction mergeArrays(\n target: unknown[],\n source: unknown[],\n arrayNodeConfig: MergeConfig | undefined,\n defaults: GlobalMergeConfig,\n path: string,\n discriminant?: string | string[]\n): unknown[] {\n // The config for items comes from the 'items' property of the array's config\n const itemNodeConfig = arrayNodeConfig?.items\n\n if (!discriminant) {\n // Merge by index\n const result = [...target]\n for (let i = 0; i < source.length; i++) {\n if (i < result.length) {\n result[i] = mergeRecursive(result[i], source[i], itemNodeConfig, defaults, `${path}[${i}]`)\n } else {\n result.push(source[i])\n }\n }\n return result\n }\n\n // Merge by discriminant\n const result = [...target]\n const discriminants = Array.isArray(discriminant) ? discriminant : [discriminant]\n\n for (const sourceItem of source) {\n const matchIndex = result.findIndex((targetItem) => {\n if (getType(targetItem) !== 'object' || getType(sourceItem) !== 'object') return false\n const t = targetItem as Record<string, unknown>\n const s = sourceItem as Record<string, unknown>\n return discriminants.every((d) => deepEqual(t[d], s[d]))\n })\n\n if (matchIndex !== -1) {\n // Found a match, merge it\n result[matchIndex] = mergeRecursive(\n result[matchIndex],\n sourceItem,\n itemNodeConfig,\n defaults,\n `${path}[${matchIndex}]`\n )\n } else {\n // No match, append it\n result.push(sourceItem)\n }\n }\n\n return result\n}\n\nfunction getType(value: unknown): 'object' | 'array' | 'primitive' {\n if (Array.isArray(value)) return 'array'\n if (value !== null && typeof value === 'object') return 'object'\n return 'primitive'\n}\n\nfunction deepEqual(a: unknown, b: unknown): boolean {\n if (a === b) return true\n\n const typeA = getType(a)\n const typeB = getType(b)\n\n if (typeA !== typeB) return false\n\n if (typeA === 'array') {\n const arrA = a as unknown[]\n const arrB = b as unknown[]\n if (arrA.length !== arrB.length) return false\n for (let i = 0; i < arrA.length; i++) {\n if (!deepEqual(arrA[i], arrB[i])) return false\n }\n return true\n }\n\n if (typeA === 'object') {\n const objA = a as Record<string, unknown>\n const objB = b as Record<string, unknown>\n const keysA = Object.keys(objA)\n const keysB = Object.keys(objB)\n\n if (keysA.length !== keysB.length) return false\n\n for (const key of keysA) {\n if (!Object.hasOwn(objB, key)) return false\n if (!deepEqual(objA[key], objB[key])) return false\n }\n return true\n }\n\n return false\n}\n","import { z } from 'zod'\n\nexport const zScaTransactionDataTypeClaims = z.array(\n z.object({\n /** The path to the claim within the transaction payload. */\n path: z.array(z.string()),\n /** [ARF Annex 4] Localised display information for the claim. */\n display: z\n .array(\n z.object({\n /** Localised name of the claim (e.g., \"Amount\"). */\n name: z.string(),\n /** [ISO639-1] Language code (e.g., \"en\"). */\n locale: z.string().optional(),\n /** [RFC2397] Resolvable or Data URL of the claim icon. */\n logo: z.string().optional(),\n })\n )\n .min(1),\n })\n)\n\nexport const zScaTransactionDataTypeUiLabels = z\n .object({\n /**\n * [REQUIRED] Label for the confirmation (consent) button.\n * Max length: 30 characters.\n */\n affirmative_action_label: z\n .array(\n z.object({\n /** [RFC5646] Language identifier (e.g., \"en\", \"fr-CA\"). */\n locale: z.string(),\n /** Localised string value. Max length: 30 chars. */\n value: z.string().max(30),\n })\n )\n .min(1),\n\n /**\n * [OPTIONAL] Label for the denial (cancel) button.\n * Max length: 30 characters.\n */\n denial_action_label: z\n .array(\n z.object({\n /** [RFC5646] Language identifier. */\n locale: z.string(),\n /** Localised string value. Max length: 30 chars. */\n value: z.string().max(30),\n })\n )\n .min(1)\n .optional(),\n\n /**\n * [OPTIONAL] Title/headline for the transaction confirmation screen.\n * Max length: 50 characters.\n */\n transaction_title: z\n .array(\n z.object({\n /** [RFC5646] Language identifier. */\n locale: z.string(),\n /** Localised string value. Max length: 50 chars. */\n value: z.string().max(50),\n })\n )\n .min(1)\n .optional(),\n\n /**\n * [OPTIONAL] Security hint to be displayed to the User.\n * Max length: 250 characters.\n */\n security_hint: z\n .array(\n z.object({\n /** [RFC5646] Language identifier. */\n locale: z.string(),\n /** Localised string value. Max length: 250 chars. */\n value: z.string().max(250),\n })\n )\n .min(1)\n .optional(),\n })\n .catchall(\n // [TS12] \"Additional UI elements identifiers MAY be defined\"\n z.array(\n z.object({\n locale: z.string(),\n value: z.string(),\n })\n )\n )\n\n/**\n * @name zScaAttestationExt\n * @version EUDI TS12 v1.0 (05 December 2025)\n * @description Defines metadata for SCA Attestations, including transaction types and UI localization.\n * @see [EUDI TS12, Section 3] for VC Type Metadata requirements.\n * @see [EUDI TS12, Section 4.1] for Metadata structure.\n */\nexport const zScaAttestationExt = z.object({\n /**\n * [TS12 Section 3] Category the attestation belongs to.\n * MUST be 'urn:eu:europa:ec:eudi:sua:sca' for SCA Attestations.\n */\n category: z.string().optional(),\n transaction_data_types: z.array(\n z.intersection(\n z.object({\n /** [TS12 4.1] URI (URL or URN) that references a [JSON Schema] defining the structure of the `payload` object within the `transaction_data` object. */\n type: z.string(),\n /** [TS12 4.1] Hash of the document referenced by `type`. MUST be present if `type` is a URL and integrity protection is desired. */\n 'type#integrity': z.string().optional(),\n /** [TS12 4.1] A string that can be used to further categorize the transaction type. */\n subtype: z.string().optional(),\n }),\n z.intersection(\n z.union([\n z.object({\n /** [TS12 3.3.2] Transaction Data Claim Metadata. MUST NOT be used if claims_uri is present. */\n claims: zScaTransactionDataTypeClaims,\n }),\n z.object({\n /** [TS12 3.3.2] URI referencing an external claims metadata document. MUST NOT be used if claims is present. */\n claims_uri: z.url(),\n 'claims_uri#integrity': z.string().optional(),\n }),\n ]),\n z.union([\n z.object({\n /** [TS12 3.3.3] Localised UI element values. MUST NOT be used if ui_labels_uri is present. */\n ui_labels: zScaTransactionDataTypeUiLabels,\n }),\n z.object({\n /** [TS12 3.3.3] URI referencing external UI labels. MUST NOT be used if ui_labels is present. */\n ui_labels_uri: z.string().url(),\n 'ui_labels_uri#integrity': z.string().optional(),\n }),\n ])\n )\n )\n ),\n})\n\nexport type ZScaAttestationExt = z.infer<typeof zScaAttestationExt>\n","import { z } from 'zod'\n\n/**\n * **OpenID4VP Common Fields**\n * Fields required by the transport protocol.\n */\nexport const zBaseTransaction = z.object({\n /**\n * **Type**\n * REQUIRED. String that identifies the type of transaction data.\n * @source OpenID4VP Section 5.1\n */\n type: z.string(),\n /**\n * **Credential IDs**\n * REQUIRED. Non-empty array of strings each referencing a Credential requested\n * by the Verifier (via DCQL `id` or PEX) that authorizes this transaction.\n * @source OpenID4VP Section 5.1 \"transaction_data\"\n */\n credential_ids: z.tuple([z.string()]).rest(z.string()),\n\n /**\n * **Transaction Data Hashes Algorithm**\n * OPTIONAL. Array of hash algorithms (e.g. `[\"sha-256\"]`).\n * @source OpenID4VP Appendix B.3.3.1\n */\n transaction_data_hashes_alg: z.tuple([z.string()]).rest(z.string()).optional(),\n})\n","import { z } from 'zod'\nimport { zBaseTransaction } from './z-transaction-data-common'\n\n/**\n * **Funke (German) QES Authorization Data**\n * * Profile used by the SPRIND/Bundesdruckerei EUDI Wallet.\n * * This type bridges OpenID4VP with ETSI TS 119 432 (Remote Signing).\n * * @see German National EUDI Wallet Architecture (Appendix 07)\n */\nexport const zFunkeQesTransaction = zBaseTransaction.extend({\n /**\n * **Signature Qualifier**\n * The level of signature required.\n * @source ETSI TS 119 432\n */\n signatureQualifier: z\n .enum(['eu_eidas_qes', 'eu_eidas_aes'])\n .describe('eu_eidas_qes (Qualified) or eu_eidas_aes (Advanced)'),\n\n /**\n * **Document Digests**\n * List of document hashes to be signed (DTBS - Data To Be Signed).\n * @source ETSI TS 119 432\n */\n documentDigests: z\n .array(\n z.object({\n /**\n * **Label**\n * Human-readable filename displayed to the user.\n */\n label: z.string().describe(\"Filename (e.g. 'Contract.pdf')\"),\n\n /**\n * **Hash**\n * Base64 encoded hash of the document.\n */\n hash: z.string().describe('Base64 encoded hash'),\n\n /**\n * **Hash Algorithm OID**\n * Object Identifier for the hash algorithm.\n */\n hashAlgorithmOID: z.string().optional().describe('OID of the hash algorithm'),\n })\n )\n .min(1),\n})\nexport type FunkeQesTransactionDataEntry = z.infer<typeof zFunkeQesTransaction>\n","import { z } from 'zod'\nimport { zBaseTransaction } from './z-transaction-data-common'\n\n// =============================================================================\n// 1. TS12 PAYLOAD SCHEMAS (Nested Objects)\n// Source: EUDI TS12 Section 4.3 \"Payload Object\"\n// =============================================================================\n\n/**\n * **TS12 Payment Payload**\n * * The business data strictly defined for Payments.\n * * @see EUDI TS12 Section 4.3.1 \"Payment Confirmation\"\n */\nexport const zPaymentPayload = z\n .object({\n /**\n * **Transaction ID**\n * Unique identifier of the Relying Party's interaction with the User.\n * @example \"8D8AC610-566D-4EF0-9C22-186B2A5ED793\"\n */\n transaction_id: z.string().min(1).max(36).describe(\"Unique identifier of the Relying Party's interaction\"),\n\n /**\n * **Date Time**\n * ISO 8601 date and time when the Relying Party started to interact with the User.\n * @example \"2025-11-13T20:20:39+00:00\"\n */\n date_time: z.iso.datetime().optional(),\n\n /**\n * **Payee**\n * Object holding the Payee (Merchant) details.\n */\n payee: z.object({\n /**\n * **Payee Name**\n * Name of the Payee to whom the payment is being made.\n */\n name: z.string(),\n\n /**\n * **Payee ID**\n * An identifier of the Payee understood by the payment system.\n */\n id: z.string(),\n\n /**\n * **Logo**\n * Resolvable URL or Data URI (RFC 2397) of the Payee logo.\n */\n logo: z.url().optional(),\n\n /**\n * **Website**\n * Resolvable URL of the Payee's website.\n */\n website: z.url().optional(),\n }),\n\n /**\n * **Currency**\n * 3-letter currency code (ISO 4217).\n */\n currency: z.string().regex(/^[A-Z]{3}$/),\n\n /**\n * **Amount**\n * The monetary value of the transaction.\n */\n amount: z.number(),\n\n /**\n * **Amount Estimated**\n */\n amount_estimated: z.boolean().optional(),\n\n /**\n * **Amount Earmarked**\n */\n amount_earmarked: z.boolean().optional(),\n\n /**\n * **SCT Inst**\n */\n sct_inst: z.boolean().optional(),\n\n /**\n * **PISP Details**\n * If present, indicates that the payment is being facilitated by a PISP.\n */\n pisp: z\n .object({\n /**\n * **Legal Name**\n * Legal name of the PISP.\n */\n legal_name: z.string(),\n\n /**\n * **Brand Name**\n * Brand name of the PISP.\n */\n brand_name: z.string(),\n\n /**\n * **Domain Name**\n * Domain name of the PISP as secured by the eIDAS QWAC certificate.\n */\n domain_name: z.string(),\n })\n .optional(),\n\n /**\n * **Execution Date**\n * ISO 8601 date of the payment's execution. MUST NOT be present when recurrence is present.\n * MUST NOT lie in the past.\n */\n execution_date: z.iso\n .datetime()\n .optional()\n .refine(\n (date) => {\n if (!date) return true\n return new Date(date) >= new Date()\n },\n { message: 'Execution date must not be in the past' }\n ),\n\n /**\n * **Recurrence**\n * Details for recurring payments.\n */\n recurrence: z\n .object({\n /**\n * **Start Date**\n * ISO 8601 date when the recurrence starts.\n */\n start_date: z.iso.datetime().optional(),\n\n /**\n * **End Date**\n * ISO 8601 date when the recurrence ends.\n */\n end_date: z.iso.datetime().optional(),\n\n /**\n * **Number**\n */\n number: z.number().int().optional(),\n\n /**\n * **Frequency**\n * ISO 20022 Frequency Code.\n */\n frequency: z.enum([\n 'INDA',\n 'DAIL',\n 'WEEK',\n 'TOWK',\n 'TWMN',\n 'MNTH',\n 'TOMN',\n 'QUTR',\n 'FOMN',\n 'SEMI',\n 'YEAR',\n 'TYEA',\n ]),\n\n /**\n * **MIT Options (Merchant Initiated Transaction)**\n */\n mit_options: z\n .object({\n /**\n * **Amount Variable**\n * If true, future amounts may vary.\n */\n amount_variable: z.boolean().optional(),\n\n /**\n * **Minimum Amount**\n * Minimum expected amount for future transactions.\n */\n min_amount: z.number().optional(),\n\n /**\n * **Maximum Amount**\n */\n max_amount: z.number().optional(),\n\n /**\n * **Total Amount**\n */\n total_amount: z.number().optional(),\n\n /**\n * **Initial Amount**\n */\n initial_amount: z.number().optional(),\n\n /**\n * **Initial Amount Number**\n */\n initial_amount_number: z.number().int().optional(),\n\n /**\n * **APR**\n */\n apr: z.number().optional(),\n })\n .optional(),\n })\n .optional(),\n })\n .refine((data) => !(data.recurrence && data.execution_date), {\n message: 'Execution date must not be present when recurrence is present',\n path: ['execution_date'],\n })\n\n/**\n * **TS12 Generic Payload**\n * * @see EUDI TS12 Section 4.3.2\n */\nexport const zGenericPayload = z\n .object({\n /**\n * **Transaction ID**\n * Unique identifier of the Relying Party's interaction.\n * @example \"8D8AC610-566D-4EF0-9C22-186B2A5ED793\"\n */\n transaction_id: z.string().min(1).max(36),\n\n /**\n * **Payment Payload**\n * Nested payment object to leverage data for MITs.\n */\n payment_payload: zPaymentPayload.optional(),\n })\n .catchall(z.string().max(40).nullable())\n .refine(\n (data) => {\n return Object.keys(data).length <= 11\n },\n { message: 'Total number of properties is limited to 11' }\n )\n\nexport type Ts12PaymentPayload = z.infer<typeof zPaymentPayload>\nexport type Ts12GenericPayload = z.infer<typeof zGenericPayload>\n\nexport const URN_SCA_PAYMENT = 'urn:eudi:sca:payment:1'\nexport const URN_SCA_GENERIC = 'urn:eudi:sca:generic:1'\n\n// =============================================================================\n// 2. ROOT TRANSACTION DATA OBJECT (OpenID4VP Envelope)\n// Source: OpenID4VP Section 5.1 & TS12 Section 4.3\n// =============================================================================\n\nexport const zTs12PaymentTransaction = zBaseTransaction.extend({\n type: z.literal(URN_SCA_PAYMENT),\n subtype: z.undefined(),\n payload: zPaymentPayload,\n})\n\nexport const zTs12GenericTransaction = zBaseTransaction.extend({\n type: z.literal(URN_SCA_GENERIC),\n subtype: z.string(),\n payload: zGenericPayload,\n})\n\nexport const zTs12FallbackTransaction = zBaseTransaction.extend({\n subtype: z.string().optional(),\n payload: z.unknown(),\n})\n\n/**\n * **TS12 Transaction**\n * @see TS12 Section 4.3\n */\nexport const zTs12Transaction = z.union([zTs12PaymentTransaction, zTs12GenericTransaction, zTs12FallbackTransaction])\n\nexport type Ts12TransactionDataEntry = z.infer<typeof zTs12Transaction>\n","import { z } from 'zod'\nimport { zFunkeQesTransaction } from './z-transaction-data-funke'\nimport {\n URN_SCA_GENERIC,\n URN_SCA_PAYMENT,\n zGenericPayload,\n zPaymentPayload,\n zTs12Transaction,\n} from './z-transaction-data-ts12'\n\nexport * from './z-transaction-data-funke'\nexport * from './z-transaction-data-ts12'\n\nexport const zTransactionDataEntry = zTs12Transaction.or(zFunkeQesTransaction)\nexport const zTransactionData = z.array(zTransactionDataEntry)\n\nexport type TransactionDataEntry = z.infer<typeof zTransactionDataEntry>\nexport type TransactionData = z.infer<typeof zTransactionDataEntry>\n\nexport const ts12BuiltinSchemaValidators = {\n [URN_SCA_PAYMENT]: zPaymentPayload,\n [URN_SCA_GENERIC]: zGenericPayload,\n} as const\n","import { z } from 'zod'\nimport { Ts12IntegrityError } from '../error'\nimport { type MergeConfig, mergeJson } from '../merge-json'\nimport {\n type ZScaAttestationExt,\n zScaTransactionDataTypeClaims,\n zScaTransactionDataTypeUiLabels,\n} from './z-sca-attestation-ext'\nimport { ts12BuiltinSchemaValidators } from './z-transaction-data'\n\nexport interface ResolvedTs12Metadata {\n schema: string | object\n claims: Array<{\n path: string[]\n display: Array<{ name: string; locale?: string; logo?: string }>\n }>\n ui_labels: {\n affirmative_action_label: Array<{ locale: string; value: string }>\n denial_action_label?: Array<{ locale: string; value: string }>\n transaction_title?: Array<{ locale: string; value: string }>\n security_hint?: Array<{ locale: string; value: string }>\n }\n}\n\nasync function fetchVerified<T>(\n uri: string,\n schema: z.ZodType<T>,\n integrity?: string,\n validateIntegrity?: (buf: ArrayBuffer, integrity: string) => boolean\n): Promise<T> {\n const response = await fetch(uri)\n if (!response.ok) {\n throw new Error(`Failed to fetch URI: ${uri}`)\n }\n if (integrity && validateIntegrity && !validateIntegrity(await response.clone().arrayBuffer(), integrity)) {\n throw new Ts12IntegrityError(uri, integrity)\n }\n return schema.parse(await response.json())\n}\n\nexport async function resolveTs12TransactionDisplayMetadata(\n metadata: ZScaAttestationExt,\n type: string,\n subtype?: string,\n validateIntegrity?: (buf: ArrayBuffer, integrity: string) => boolean\n): Promise<ResolvedTs12Metadata | undefined> {\n if (!metadata.transaction_data_types) {\n return undefined\n }\n\n const typeMetadata = metadata.transaction_data_types.find((t) => t.type === type && t.subtype === subtype)\n\n if (!typeMetadata) {\n return undefined\n }\n\n const resolved: Partial<ResolvedTs12Metadata> = {}\n\n if (typeMetadata.type in ts12BuiltinSchemaValidators) {\n resolved.schema = typeMetadata.type\n } else if (typeMetadata.type.startsWith('http')) {\n resolved.schema = await fetchVerified(\n typeMetadata.type,\n z.object({}),\n typeMetadata['type#integrity'],\n validateIntegrity\n )\n } else {\n throw new Error(`Unknown schema type for ${typeMetadata}`)\n }\n\n if ('claims' in typeMetadata && typeMetadata.claims) {\n resolved.claims = typeMetadata.claims\n } else if ('claims_uri' in typeMetadata && typeMetadata.claims_uri) {\n resolved.claims = await fetchVerified(\n typeMetadata.claims_uri,\n zScaTransactionDataTypeClaims,\n typeMetadata['claims_uri#integrity'],\n validateIntegrity\n )\n } else {\n throw new Error(`Unknown claims for ${typeMetadata}`)\n }\n\n if ('ui_labels' in typeMetadata && typeMetadata.ui_labels) {\n resolved.ui_labels = typeMetadata.ui_labels\n } else if ('ui_labels_uri' in typeMetadata && typeMetadata.ui_labels_uri) {\n resolved.ui_labels = await fetchVerified(\n typeMetadata.ui_labels_uri,\n zScaTransactionDataTypeUiLabels,\n typeMetadata['ui_labels_uri#integrity'],\n validateIntegrity\n )\n } else {\n throw new Error(`Unknown ui_labels for ${typeMetadata}`)\n }\n\n return resolved as ResolvedTs12Metadata\n}\n\nexport const baseMergeConfig = {\n fields: {\n // [Display Metadata]\n // RULE: COMPLETE REPLACEMENT\n display: {\n strategy: 'replace',\n },\n\n // [Claim Metadata]\n // RULE: MERGE BY PATH\n claims: {\n strategy: 'merge',\n arrayDiscriminant: 'path',\n items: {\n fields: {\n // Constraint Rule: 'sd' (Selective Disclosure)\n sd: {\n validate: (target: unknown, source: unknown) => {\n // Parent: \"always\" -> Child: MUST remain \"always\"\n if (target === 'always' && source !== 'always') {\n throw new Error(\"Constraint violation: 'sd' cannot change from 'always'\")\n }\n // Parent: \"never\" -> Child: MUST remain \"never\"\n if (target === 'never' && source !== 'never') {\n throw new Error(\"Constraint violation: 'sd' cannot change from 'never'\")\n }\n },\n },\n // Constraint Rule: 'mandatory'\n mandatory: {\n validate: (target: unknown, source: unknown) => {\n // Parent: true -> Child: MUST remain true\n if (target === true && source !== true) {\n throw new Error(\"Constraint violation: 'mandatory' cannot change from true to false\")\n }\n },\n },\n },\n },\n },\n },\n} as const satisfies MergeConfig\n\nexport const ts12MergeConfig = mergeJson(baseMergeConfig, {\n fields: {\n transaction_data_types: {\n arrayStrategy: 'append', // Default for unknown arrays\n strategy: 'merge',\n arrayDiscriminant: ['type', 'subtype'],\n items: {\n fields: {\n claims: {\n strategy: 'merge',\n arrayDiscriminant: 'path',\n items: {\n fields: {\n // Display: Merge by locale\n display: {\n strategy: 'merge',\n arrayDiscriminant: 'locale',\n },\n },\n },\n },\n ui_labels: {\n strategy: 'merge',\n // Use 'items' to apply configuration to all properties of the ui_labels object\n items: {\n strategy: 'merge',\n arrayDiscriminant: 'locale',\n },\n },\n },\n },\n },\n },\n} as const satisfies MergeConfig) satisfies MergeConfig\n","import { type DcqlQuery, equalsIgnoreOrder, equalsWithOrder } from '@credo-ts/core'\n\nexport function isDcqlQueryEqualOrSubset(arq: DcqlQuery, rcq: DcqlQuery): boolean {\n if (rcq.credential_sets) {\n return false\n }\n\n if (rcq.credentials.some((c) => c.id)) {\n return false\n }\n\n // only sd-jwt and mdoc are supported\n if (arq.credentials.some((c) => c.format !== 'mso_mdoc' && c.format !== 'vc+sd-jwt' && c.format !== 'dc+sd-jwt')) {\n return false\n }\n\n credentialQueryLoop: for (const credentialQuery of arq.credentials) {\n const matchingRcqCredentialQueriesBasedOnFormat = rcq.credentials.filter((c) => c.format === credentialQuery.format)\n\n if (matchingRcqCredentialQueriesBasedOnFormat.length === 0) return false\n\n switch (credentialQuery.format) {\n case 'mso_mdoc': {\n const doctypeValue = credentialQuery.meta?.doctype_value\n if (!doctypeValue) return false\n if (typeof credentialQuery.meta?.doctype_value !== 'string') return false\n\n const foundMatchingRequests = matchingRcqCredentialQueriesBasedOnFormat.filter(\n (c): c is typeof c & { format: 'mso_mdoc' } =>\n !!(c.format === 'mso_mdoc' && c.meta && c.meta.doctype_value === doctypeValue)\n )\n\n // We do not know which one we have to pick based on the meta+format\n if (foundMatchingRequests.length === 0) return false\n\n let foundFullyMatching = false\n for (const matchedRequest of foundMatchingRequests) {\n // credentialQuery.claims must match or be subset of matchedRequest\n\n // If the claims is empty, everything within the specific format+meta is allowed\n if (!matchedRequest.claims) continue credentialQueryLoop\n\n // If no specific claims are request, we allow it as the format+meta is allowed to be requested\n // but this requests no additional claims\n if (!credentialQuery.claims) continue credentialQueryLoop\n\n // Every claim request in the authorization request must be found in the registration certificate\n // for mdoc, this means matching the `path[0]` (namespace) and `path[1]` (value name)\n const isEveryClaimAllowedToBeRequested = credentialQuery.claims.every(\n (c) =>\n 'path' in c &&\n matchedRequest.claims?.some(\n (mrc) => 'path' in mrc && c.path[0] === mrc.path[0] && c.path[1] === mrc.path[1]\n )\n )\n if (isEveryClaimAllowedToBeRequested) {\n foundFullyMatching = true\n }\n }\n\n if (!foundFullyMatching) return false\n\n break\n }\n case 'dc+sd-jwt': {\n const vctValues = credentialQuery.meta?.vct_values\n if (!vctValues || vctValues.length === 0) return false\n\n const foundMatchingRequests = matchingRcqCredentialQueriesBasedOnFormat.filter(\n (c): c is typeof c & { format: 'dc+sd-jwt' } =>\n !!(c.format === 'dc+sd-jwt' && c.meta?.vct_values && equalsIgnoreOrder(c.meta.vct_values, vctValues))\n )\n\n // We do not know which one we have to pick based on the meta+format\n if (foundMatchingRequests.length === 0) return false\n\n let foundFullyMatching = false\n for (const matchedRequest of foundMatchingRequests) {\n // credentialQuery.claims must match or be subset of matchedRequest\n\n // If the claims is empty, everything within the specific format+meta is allowed\n if (!matchedRequest.claims) continue credentialQueryLoop\n\n // If no specific claims are request, we allow it as the format+meta is allowed to be requested\n // but this requests no additional claims\n if (!credentialQuery.claims) continue credentialQueryLoop\n\n // Every claim request in the authorization request must be found in the registration certificate\n // for sd-jwt, this means making sure that every `path[n]` is in the registration certificate\n const isEveryClaimAllowedToBeRequested = credentialQuery.claims.every(\n (c) =>\n 'path' in c && matchedRequest.claims?.some((mrc) => 'path' in mrc && equalsWithOrder(c.path, mrc.path))\n )\n if (isEveryClaimAllowedToBeRequested) {\n foundFullyMatching = true\n }\n }\n\n if (!foundFullyMatching) return false\n\n break\n }\n default:\n return false\n }\n }\n\n return true\n}\n","import { type AgentContext, type DcqlQuery, JwsService, Jwt, X509Certificate } from '@credo-ts/core'\nimport type { OpenId4VpResolvedAuthorizationRequest } from '@credo-ts/openid4vc'\nimport z from 'zod'\nimport { isDcqlQueryEqualOrSubset } from './isDcqlQueryEqualOrSubset'\n\nexport type VerifyAuthorizationRequestOptions = {\n resolvedAuthorizationRequest: OpenId4VpResolvedAuthorizationRequest\n trustedCertificates?: Array<string>\n allowUntrustedSigned?: boolean\n}\n\nexport const verifyOpenid4VpAuthorizationRequest = async (\n agentContext: AgentContext,\n {\n resolvedAuthorizationRequest: { authorizationRequestPayload, signedAuthorizationRequest, dcql },\n trustedCertificates,\n allowUntrustedSigned,\n }: VerifyAuthorizationRequestOptions\n) => {\n const results = []\n if (!authorizationRequestPayload.verifier_attestations) return\n for (const va of authorizationRequestPayload.verifier_attestations) {\n // Here we verify it as a registration certificate according to\n // https://bmi.usercontent.opencode.de/eudi-wallet/eidas-2.0-architekturkonzept/flows/Wallet-Relying-Party-Authentication/#registration-certificate\n if (va.format === 'jwt') {\n if (typeof va.data !== 'string') {\n throw new Error('Only inline JWTs are supported')\n }\n\n const jwsService = agentContext.dependencyManager.resolve(JwsService)\n\n let isValidButUntrusted = false\n let isValidAndTrusted = false\n\n const jwt = Jwt.fromSerializedJwt(va.data)\n\n try {\n const { isValid } = await jwsService.verifyJws(agentContext, {\n jws: va.data,\n trustedCertificates,\n })\n isValidAndTrusted = isValid\n } catch {\n if (allowUntrustedSigned) {\n const { isValid } = await jwsService.verifyJws(agentContext, {\n jws: va.data,\n trustedCertificates: jwt.header.x5c ?? [],\n })\n isValidButUntrusted = isValid\n }\n }\n\n if (jwt.header.typ !== 'rc-rp+jwt') {\n throw new Error(`only 'rc-rp+jwt' is supported as header typ. Request included: ${jwt.header.typ}`)\n }\n\n if (!signedAuthorizationRequest) {\n throw new Error('Request must be signed for the registration certificate')\n }\n\n if (signedAuthorizationRequest.signer.method !== 'x5c') {\n throw new Error('x5c is only supported for registration certificate')\n }\n\n const registrationCertificateHeaderSchema = z\n .object({\n typ: z.literal('rc-rp+jwt'),\n alg: z.string(),\n // sprin-d did not define this\n x5u: z.url().optional(),\n // sprin-d did not define this\n 'x5t#s256': z.string().optional(),\n })\n .loose()\n\n // TODO: does not support intermediaries\n const registrationCertificatePayloadSchema = z\n .object({\n credentials: z.array(\n z.object({\n format: z.string(),\n multiple: z.boolean().default(false),\n meta: z\n .object({\n vct_values: z.array(z.string()).optional(),\n doctype_value: z.string().optional(),\n })\n .optional(),\n trusted_authorities: z\n .array(z.object({ type: z.string(), values: z.array(z.string()) }))\n .nonempty()\n .optional(),\n require_cryptographic_holder_binding: z.boolean().default(true),\n claims: z\n .array(\n z.object({\n id: z.string().optional(),\n path: z.array(z.string()).nonempty().nonempty(),\n values: z.array(z.number().or(z.boolean())).optional(),\n })\n )\n .nonempty()\n .optional(),\n claim_sets: z.array(z.array(z.string())).nonempty().optional(),\n })\n ),\n contact: z.object({\n website: z.url(),\n 'e-mail': z.email(),\n phone: z.string(),\n }),\n sub: z.string(),\n // Should be service\n services: z.array(z.object({ lang: z.string(), name: z.string() })),\n public_body: z.boolean().default(false),\n entitlements: z.array(z.any()),\n provided_attestations: z\n .array(\n z.object({\n format: z.string(),\n meta: z.any(),\n })\n )\n .optional(),\n privacy_policy: z.url(),\n iat: z.number().optional(),\n exp: z.number().optional(),\n purpose: z\n .array(\n z.object({\n locale: z.string().optional(),\n lang: z.string().optional(),\n name: z.string(),\n })\n )\n .optional(),\n status: z.any(),\n })\n .loose()\n\n registrationCertificateHeaderSchema.parse(jwt.header)\n const parsedPayload = registrationCertificatePayloadSchema.parse(jwt.payload.toJson())\n\n const [rpCertEncoded] = signedAuthorizationRequest.signer.x5c\n const rpCert = X509Certificate.fromEncodedCertificate(rpCertEncoded)\n\n if (rpCert.subject !== parsedPayload.sub) {\n throw new Error(\n `Subject in the certificate of the auth request: '${rpCert.subject}' is not equal to the subject of the registration certificate: '${parsedPayload.sub}'`\n )\n }\n\n if (parsedPayload.iat && Date.now() / 1000 <= parsedPayload.iat) {\n throw new Error('Issued at timestamp of the registration certificate is in the future')\n }\n\n // TODO: check the status of the registration certificate\n\n if (!dcql) {\n throw new Error('DCQL must be used when working registration certificates')\n }\n\n if (\n authorizationRequestPayload.presentation_definition ||\n authorizationRequestPayload.presentation_definition_uri\n ) {\n throw new Error('Presentation Exchange is not supported for the registration certificate')\n }\n\n const isValidDcqlQuery = isDcqlQueryEqualOrSubset(dcql.queryResult, parsedPayload as unknown as DcqlQuery)\n\n if (!isValidDcqlQuery) {\n throw new Error(\n 'DCQL query in the authorization request is not equal or a valid subset of the DCQl query provided in the registration certificate'\n )\n }\n\n results.push({ isValidButUntrusted, isValidAndTrusted, x509RegistrationCertificate: rpCert })\n } else {\n throw new Error(`only format of 'jwt' is supported`)\n }\n }\n return results\n}\n"],"mappings":";;;;AAAA,IAAa,4BAAb,MAAa,kCAAkC,MAAM;CACnD,YAAY,SAAiB;AAC3B,QAAM,QAAQ;AACd,OAAK,OAAO;AACZ,MAAI,MAAM,kBACR,OAAM,kBAAkB,MAAM,0BAA0B;;;AAK9D,IAAa,qBAAb,MAAa,2BAA2B,0BAA0B;CAChE,YAAY,KAAa,WAAmB;AAC1C,QAAM,yBAAyB,IAAI,aAAa,YAAY;AAC5D,OAAK,OAAO;AACZ,MAAI,MAAM,kBACR,OAAM,kBAAkB,MAAM,mBAAmB;;;;;;;;;;;ACsFvD,MAAaA,oBAAqC,MAAM,QAAQ,WAAW;AACzE,KAAI,WAAW,OAAW;AAC1B,KAAI,WAAW,OAAW;AAG1B,KAAI,WAAW,MAAM;AACnB,MAAI,WAAW,KACb,OAAM,IAAI,MAAM,iCAAiC,KAAK,0CAA0C;AAElG;;AAIF,KAAI,WAAW,KAEb;CAGF,MAAM,aAAa,QAAQ,OAAO;CAClC,MAAM,aAAa,QAAQ,OAAO;AAElC,KAAI,eAAe,WACjB,OAAM,IAAI,MAAM,0BAA0B,KAAK,cAAc,WAAW,QAAQ,aAAa;AAG/F,KAAI,eAAe,aACjB;MAAI,OAAO,WAAW,OAAO,OAC3B,OAAM,IAAI,MAAM,0BAA0B,KAAK,cAAc,OAAO,OAAO,QAAQ,OAAO,SAAS;;;;;;;;;;;AAazG,SAAgB,UACd,QACA,QACA,SAAiB,EAAE,EACkB;AAOrC,QAAO,eAAe,QAAQ,QAAQ,QANF;EAClC,gBAAgB,OAAO;EACvB,eAAe,OAAO;EACtB,WAAW,OAAO,aAAa;EAChC,EAEsE,GAAG;;AAG5E,SAAS,eACP,QACA,QACA,YACA,gBACA,MACS;AAET,KAAI,WAAW,OAAW,QAAO;CAGjC,MAAMC,kBAAqC;EACzC,gBAAgB,YAAY,kBAAkB,eAAe;EAC7D,eAAe,YAAY,iBAAiB,eAAe;EAC3D,WAAW,YAAY,aAAa,eAAe;EACpD;AAGD,KAAI,YAAY,SACd,YAAW,SAAS,QAAQ,OAAO;AAIrC,KAAI,gBAAgB,UAClB,iBAAgB,UAAU,MAAM,QAAQ,OAAO;AAGjD,KAAI,WAAW,OAAW,QAAO;AACjC,KAAI,WAAW,KAAM,QAAO;AAC5B,KAAI,WAAW,KAAM,QAAO;CAE5B,MAAM,aAAa,QAAQ,OAAO;CAClC,MAAM,aAAa,QAAQ,OAAO;AAGlC,KAAI,eAAe,WACjB,QAAO;AAIT,KAAI,eAAe,aAAa;AAC9B,MAAI,OAAO,WAAW,OAAO,OAC3B,QAAO;AAET,SAAO;;CAGT,MAAM,WAAW,YAAY;AAG7B,KAAI,eAAe,SAAS;EAC1B,MAAM,cAAc;EACpB,MAAM,cAAc;EACpB,MAAM,gBAAgB,YAAY,gBAAgB,iBAAiB;AAEnE,MAAI,kBAAkB,UACpB,QAAO,CAAC,GAAG,YAAY;AAGzB,MAAI,kBAAkB,SACpB,QAAO,CAAC,GAAG,aAAa,GAAG,YAAY;AAGzC,MAAI,kBAAkB,QACpB,QAAO,YACL,aACA,aACA,YACA,iBACA,MACA,YAAY,kBACb;;AAKL,KAAI,eAAe,UAAU;EAC3B,MAAM,YAAY;EAClB,MAAM,YAAY;EAClB,MAAM,iBAAiB,YAAY,gBAAgB,kBAAkB;AAErE,MAAI,mBAAmB,UACrB,QAAO,EAAE,GAAG,WAAW;AAGzB,MAAI,mBAAmB,SAAS;GAC9B,MAAM,SAAS,EAAE,GAAG,WAAW;GAC/B,MAAM,OAAO,IAAI,IAAI,CAAC,GAAG,OAAO,KAAK,UAAU,EAAE,GAAG,OAAO,KAAK,UAAU,CAAC,CAAC;AAE5E,QAAK,MAAM,OAAO,MAAM;IAEtB,MAAM,UAAU,6BAA6B,KAAK,IAAI,GAAG,IAAI,QAAQ,KAAK,IAAI;IAC9E,MAAM,UAAU,OAAO,GAAG,OAAO,YAAY;IAG7C,MAAM,iBAAiB,YAAY,SAAS;IAC5C,MAAM,iBAAiB,YAAY;IAGnC,MAAM,kBACJ,kBAAkB,iBACd;KAAE,GAAG;KAAgB,GAAG;KAAgB,GACvC,kBAAkB;AAEzB,WAAO,OAAO,eAAe,UAAU,MAAM,UAAU,MAAM,iBAAiB,iBAAiB,QAAQ;;AAEzG,UAAO;;;AAIX,QAAO;;AAGT,SAAS,YACP,QACA,QACA,iBACA,UACA,MACA,cACW;CAEX,MAAM,iBAAiB,iBAAiB;AAExC,KAAI,CAAC,cAAc;EAEjB,MAAMC,WAAS,CAAC,GAAG,OAAO;AAC1B,OAAK,IAAI,IAAI,GAAG,IAAI,OAAO,QAAQ,IACjC,KAAI,IAAIA,SAAO,OACb,UAAO,KAAK,eAAeA,SAAO,IAAI,OAAO,IAAI,gBAAgB,UAAU,GAAG,KAAK,GAAG,EAAE,GAAG;MAE3F,UAAO,KAAK,OAAO,GAAG;AAG1B,SAAOA;;CAIT,MAAM,SAAS,CAAC,GAAG,OAAO;CAC1B,MAAM,gBAAgB,MAAM,QAAQ,aAAa,GAAG,eAAe,CAAC,aAAa;AAEjF,MAAK,MAAM,cAAc,QAAQ;EAC/B,MAAM,aAAa,OAAO,WAAW,eAAe;AAClD,OAAI,QAAQ,WAAW,KAAK,YAAY,QAAQ,WAAW,KAAK,SAAU,QAAO;GACjF,MAAM,IAAI;GACV,MAAM,IAAI;AACV,UAAO,cAAc,OAAO,MAAM,UAAU,EAAE,IAAI,EAAE,GAAG,CAAC;IACxD;AAEF,MAAI,eAAe,GAEjB,QAAO,cAAc,eACnB,OAAO,aACP,YACA,gBACA,UACA,GAAG,KAAK,GAAG,WAAW,GACvB;MAGD,QAAO,KAAK,WAAW;;AAI3B,QAAO;;AAGT,SAAS,QAAQ,OAAkD;AACjE,KAAI,MAAM,QAAQ,MAAM,CAAE,QAAO;AACjC,KAAI,UAAU,QAAQ,OAAO,UAAU,SAAU,QAAO;AACxD,QAAO;;AAGT,SAAS,UAAU,GAAY,GAAqB;AAClD,KAAI,MAAM,EAAG,QAAO;CAEpB,MAAM,QAAQ,QAAQ,EAAE;AAGxB,KAAI,UAFU,QAAQ,EAAE,CAEH,QAAO;AAE5B,KAAI,UAAU,SAAS;EACrB,MAAM,OAAO;EACb,MAAM,OAAO;AACb,MAAI,KAAK,WAAW,KAAK,OAAQ,QAAO;AACxC,OAAK,IAAI,IAAI,GAAG,IAAI,KAAK,QAAQ,IAC/B,KAAI,CAAC,UAAU,KAAK,IAAI,KAAK,GAAG,CAAE,QAAO;AAE3C,SAAO;;AAGT,KAAI,UAAU,UAAU;EACtB,MAAM,OAAO;EACb,MAAM,OAAO;EACb,MAAM,QAAQ,OAAO,KAAK,KAAK;EAC/B,MAAM,QAAQ,OAAO,KAAK,KAAK;AAE/B,MAAI,MAAM,WAAW,MAAM,OAAQ,QAAO;AAE1C,OAAK,MAAM,OAAO,OAAO;AACvB,OAAI,CAAC,OAAO,OAAO,MAAM,IAAI,CAAE,QAAO;AACtC,OAAI,CAAC,UAAU,KAAK,MAAM,KAAK,KAAK,CAAE,QAAO;;AAE/C,SAAO;;AAGT,QAAO;;;;;ACvWT,MAAa,gCAAgC,EAAE,MAC7C,EAAE,OAAO;CAEP,MAAM,EAAE,MAAM,EAAE,QAAQ,CAAC;CAEzB,SAAS,EACN,MACC,EAAE,OAAO;EAEP,MAAM,EAAE,QAAQ;EAEhB,QAAQ,EAAE,QAAQ,CAAC,UAAU;EAE7B,MAAM,EAAE,QAAQ,CAAC,UAAU;EAC5B,CAAC,CACH,CACA,IAAI,EAAE;CACV,CAAC,CACH;AAED,MAAa,kCAAkC,EAC5C,OAAO;CAKN,0BAA0B,EACvB,MACC,EAAE,OAAO;EAEP,QAAQ,EAAE,QAAQ;EAElB,OAAO,EAAE,QAAQ,CAAC,IAAI,GAAG;EAC1B,CAAC,CACH,CACA,IAAI,EAAE;CAMT,qBAAqB,EAClB,MACC,EAAE,OAAO;EAEP,QAAQ,EAAE,QAAQ;EAElB,OAAO,EAAE,QAAQ,CAAC,IAAI,GAAG;EAC1B,CAAC,CACH,CACA,IAAI,EAAE,CACN,UAAU;CAMb,mBAAmB,EAChB,MACC,EAAE,OAAO;EAEP,QAAQ,EAAE,QAAQ;EAElB,OAAO,EAAE,QAAQ,CAAC,IAAI,GAAG;EAC1B,CAAC,CACH,CACA,IAAI,EAAE,CACN,UAAU;CAMb,eAAe,EACZ,MACC,EAAE,OAAO;EAEP,QAAQ,EAAE,QAAQ;EAElB,OAAO,EAAE,QAAQ,CAAC,IAAI,IAAI;EAC3B,CAAC,CACH,CACA,IAAI,EAAE,CACN,UAAU;CACd,CAAC,CACD,SAEC,EAAE,MACA,EAAE,OAAO;CACP,QAAQ,EAAE,QAAQ;CAClB,OAAO,EAAE,QAAQ;CAClB,CAAC,CACH,CACF;;;;;;;;AASH,MAAa,qBAAqB,EAAE,OAAO;CAKzC,UAAU,EAAE,QAAQ,CAAC,UAAU;CAC/B,wBAAwB,EAAE,MACxB,EAAE,aACA,EAAE,OAAO;EAEP,MAAM,EAAE,QAAQ;EAEhB,kBAAkB,EAAE,QAAQ,CAAC,UAAU;EAEvC,SAAS,EAAE,QAAQ,CAAC,UAAU;EAC/B,CAAC,EACF,EAAE,aACA,EAAE,MAAM,CACN,EAAE,OAAO,EAEP,QAAQ,+BACT,CAAC,EACF,EAAE,OAAO;EAEP,YAAY,EAAE,KAAK;EACnB,wBAAwB,EAAE,QAAQ,CAAC,UAAU;EAC9C,CAAC,CACH,CAAC,EACF,EAAE,MAAM,CACN,EAAE,OAAO,EAEP,WAAW,iCACZ,CAAC,EACF,EAAE,OAAO;EAEP,eAAe,EAAE,QAAQ,CAAC,KAAK;EAC/B,2BAA2B,EAAE,QAAQ,CAAC,UAAU;EACjD,CAAC,CACH,CAAC,CACH,CACF,CACF;CACF,CAAC;;;;;;;;AC5IF,MAAa,mBAAmB,EAAE,OAAO;CAMvC,MAAM,EAAE,QAAQ;CAOhB,gBAAgB,EAAE,MAAM,CAAC,EAAE,QAAQ,CAAC,CAAC,CAAC,KAAK,EAAE,QAAQ,CAAC;CAOtD,6BAA6B,EAAE,MAAM,CAAC,EAAE,QAAQ,CAAC,CAAC,CAAC,KAAK,EAAE,QAAQ,CAAC,CAAC,UAAU;CAC/E,CAAC;;;;;;;;;;AClBF,MAAa,uBAAuB,iBAAiB,OAAO;CAM1D,oBAAoB,EACjB,KAAK,CAAC,gBAAgB,eAAe,CAAC,CACtC,SAAS,sDAAsD;CAOlE,iBAAiB,EACd,MACC,EAAE,OAAO;EAKP,OAAO,EAAE,QAAQ,CAAC,SAAS,iCAAiC;EAM5D,MAAM,EAAE,QAAQ,CAAC,SAAS,sBAAsB;EAMhD,kBAAkB,EAAE,QAAQ,CAAC,UAAU,CAAC,SAAS,4BAA4B;EAC9E,CAAC,CACH,CACA,IAAI,EAAE;CACV,CAAC;;;;;;;;;AClCF,MAAa,kBAAkB,EAC5B,OAAO;CAMN,gBAAgB,EAAE,QAAQ,CAAC,IAAI,EAAE,CAAC,IAAI,GAAG,CAAC,SAAS,uDAAuD;CAO1G,WAAW,EAAE,IAAI,UAAU,CAAC,UAAU;CAMtC,OAAO,EAAE,OAAO;EAKd,MAAM,EAAE,QAAQ;EAMhB,IAAI,EAAE,QAAQ;EAMd,MAAM,EAAE,KAAK,CAAC,UAAU;EAMxB,SAAS,EAAE,KAAK,CAAC,UAAU;EAC5B,CAAC;CAMF,UAAU,EAAE,QAAQ,CAAC,MAAM,aAAa;CAMxC,QAAQ,EAAE,QAAQ;CAKlB,kBAAkB,EAAE,SAAS,CAAC,UAAU;CAKxC,kBAAkB,EAAE,SAAS,CAAC,UAAU;CAKxC,UAAU,EAAE,SAAS,CAAC,UAAU;CAMhC,MAAM,EACH,OAAO;EAKN,YAAY,EAAE,QAAQ;EAMtB,YAAY,EAAE,QAAQ;EAMtB,aAAa,EAAE,QAAQ;EACxB,CAAC,CACD,UAAU;CAOb,gBAAgB,EAAE,IACf,UAAU,CACV,UAAU,CACV,QACE,SAAS;AACR,MAAI,CAAC,KAAM,QAAO;AAClB,SAAO,IAAI,KAAK,KAAK,oBAAI,IAAI,MAAM;IAErC,EAAE,SAAS,0CAA0C,CACtD;CAMH,YAAY,EACT,OAAO;EAKN,YAAY,EAAE,IAAI,UAAU,CAAC,UAAU;EAMvC,UAAU,EAAE,IAAI,UAAU,CAAC,UAAU;EAKrC,QAAQ,EAAE,QAAQ,CAAC,KAAK,CAAC,UAAU;EAMnC,WAAW,EAAE,KAAK;GAChB;GACA;GACA;GACA;GACA;GACA;GACA;GACA;GACA;GACA;GACA;GACA;GACD,CAAC;EAKF,aAAa,EACV,OAAO;GAKN,iBAAiB,EAAE,SAAS,CAAC,UAAU;GAMvC,YAAY,EAAE,QAAQ,CAAC,UAAU;GAKjC,YAAY,EAAE,QAAQ,CAAC,UAAU;GAKjC,cAAc,EAAE,QAAQ,CAAC,UAAU;GAKnC,gBAAgB,EAAE,QAAQ,CAAC,UAAU;GAKrC,uBAAuB,EAAE,QAAQ,CAAC,KAAK,CAAC,UAAU;GAKlD,KAAK,EAAE,QAAQ,CAAC,UAAU;GAC3B,CAAC,CACD,UAAU;EACd,CAAC,CACD,UAAU;CACd,CAAC,CACD,QAAQ,SAAS,EAAE,KAAK,cAAc,KAAK,iBAAiB;CAC3D,SAAS;CACT,MAAM,CAAC,iBAAiB;CACzB,CAAC;;;;;AAMJ,MAAa,kBAAkB,EAC5B,OAAO;CAMN,gBAAgB,EAAE,QAAQ,CAAC,IAAI,EAAE,CAAC,IAAI,GAAG;CAMzC,iBAAiB,gBAAgB,UAAU;CAC5C,CAAC,CACD,SAAS,EAAE,QAAQ,CAAC,IAAI,GAAG,CAAC,UAAU,CAAC,CACvC,QACE,SAAS;AACR,QAAO,OAAO,KAAK,KAAK,CAAC,UAAU;GAErC,EAAE,SAAS,+CAA+C,CAC3D;AAKH,MAAa,kBAAkB;AAC/B,MAAa,kBAAkB;AAO/B,MAAa,0BAA0B,iBAAiB,OAAO;CAC7D,MAAM,EAAE,QAAQ,gBAAgB;CAChC,SAAS,EAAE,WAAW;CACtB,SAAS;CACV,CAAC;AAEF,MAAa,0BAA0B,iBAAiB,OAAO;CAC7D,MAAM,EAAE,QAAQ,gBAAgB;CAChC,SAAS,EAAE,QAAQ;CACnB,SAAS;CACV,CAAC;AAEF,MAAa,2BAA2B,iBAAiB,OAAO;CAC9D,SAAS,EAAE,QAAQ,CAAC,UAAU;CAC9B,SAAS,EAAE,SAAS;CACrB,CAAC;;;;;AAMF,MAAa,mBAAmB,EAAE,MAAM;CAAC;CAAyB;CAAyB;CAAyB,CAAC;;;;AC3QrH,MAAa,wBAAwB,iBAAiB,GAAG,qBAAqB;AAC9E,MAAa,mBAAmB,EAAE,MAAM,sBAAsB;AAK9D,MAAa,8BAA8B;EACxC,kBAAkB;EAClB,kBAAkB;CACpB;;;;ACED,eAAe,cACb,KACA,QACA,WACA,mBACY;CACZ,MAAM,WAAW,MAAM,MAAM,IAAI;AACjC,KAAI,CAAC,SAAS,GACZ,OAAM,IAAI,MAAM,wBAAwB,MAAM;AAEhD,KAAI,aAAa,qBAAqB,CAAC,kBAAkB,MAAM,SAAS,OAAO,CAAC,aAAa,EAAE,UAAU,CACvG,OAAM,IAAI,mBAAmB,KAAK,UAAU;AAE9C,QAAO,OAAO,MAAM,MAAM,SAAS,MAAM,CAAC;;AAG5C,eAAsB,sCACpB,UACA,MACA,SACA,mBAC2C;AAC3C,KAAI,CAAC,SAAS,uBACZ;CAGF,MAAM,eAAe,SAAS,uBAAuB,MAAM,MAAM,EAAE,SAAS,QAAQ,EAAE,YAAY,QAAQ;AAE1G,KAAI,CAAC,aACH;CAGF,MAAMC,WAA0C,EAAE;AAElD,KAAI,aAAa,QAAQ,4BACvB,UAAS,SAAS,aAAa;UACtB,aAAa,KAAK,WAAW,OAAO,CAC7C,UAAS,SAAS,MAAM,cACtB,aAAa,MACb,EAAE,OAAO,EAAE,CAAC,EACZ,aAAa,mBACb,kBACD;KAED,OAAM,IAAI,MAAM,2BAA2B,eAAe;AAG5D,KAAI,YAAY,gBAAgB,aAAa,OAC3C,UAAS,SAAS,aAAa;UACtB,gBAAgB,gBAAgB,aAAa,WACtD,UAAS,SAAS,MAAM,cACtB,aAAa,YACb,+BACA,aAAa,yBACb,kBACD;KAED,OAAM,IAAI,MAAM,sBAAsB,eAAe;AAGvD,KAAI,eAAe,gBAAgB,aAAa,UAC9C,UAAS,YAAY,aAAa;UACzB,mBAAmB,gBAAgB,aAAa,cACzD,UAAS,YAAY,MAAM,cACzB,aAAa,eACb,iCACA,aAAa,4BACb,kBACD;KAED,OAAM,IAAI,MAAM,yBAAyB,eAAe;AAG1D,QAAO;;AAGT,MAAa,kBAAkB,EAC7B,QAAQ;CAGN,SAAS,EACP,UAAU,WACX;CAID,QAAQ;EACN,UAAU;EACV,mBAAmB;EACnB,OAAO,EACL,QAAQ;GAEN,IAAI,EACF,WAAW,QAAiB,WAAoB;AAE9C,QAAI,WAAW,YAAY,WAAW,SACpC,OAAM,IAAI,MAAM,yDAAyD;AAG3E,QAAI,WAAW,WAAW,WAAW,QACnC,OAAM,IAAI,MAAM,wDAAwD;MAG7E;GAED,WAAW,EACT,WAAW,QAAiB,WAAoB;AAE9C,QAAI,WAAW,QAAQ,WAAW,KAChC,OAAM,IAAI,MAAM,qEAAqE;MAG1F;GACF,EACF;EACF;CACF,EACF;AAED,MAAa,kBAAkB,UAAU,iBAAiB,EACxD,QAAQ,EACN,wBAAwB;CACtB,eAAe;CACf,UAAU;CACV,mBAAmB,CAAC,QAAQ,UAAU;CACtC,OAAO,EACL,QAAQ;EACN,QAAQ;GACN,UAAU;GACV,mBAAmB;GACnB,OAAO,EACL,QAAQ,EAEN,SAAS;IACP,UAAU;IACV,mBAAmB;IACpB,EACF,EACF;GACF;EACD,WAAW;GACT,UAAU;GAEV,OAAO;IACL,UAAU;IACV,mBAAmB;IACpB;GACF;EACF,EACF;CACF,EACF,EACF,CAAgC;;;;AC9KjC,SAAgB,yBAAyB,KAAgB,KAAyB;AAChF,KAAI,IAAI,gBACN,QAAO;AAGT,KAAI,IAAI,YAAY,MAAM,MAAM,EAAE,GAAG,CACnC,QAAO;AAIT,KAAI,IAAI,YAAY,MAAM,MAAM,EAAE,WAAW,cAAc,EAAE,WAAW,eAAe,EAAE,WAAW,YAAY,CAC9G,QAAO;AAGT,qBAAqB,MAAK,MAAM,mBAAmB,IAAI,aAAa;EAClE,MAAM,4CAA4C,IAAI,YAAY,QAAQ,MAAM,EAAE,WAAW,gBAAgB,OAAO;AAEpH,MAAI,0CAA0C,WAAW,EAAG,QAAO;AAEnE,UAAQ,gBAAgB,QAAxB;GACE,KAAK,YAAY;IACf,MAAM,eAAe,gBAAgB,MAAM;AAC3C,QAAI,CAAC,aAAc,QAAO;AAC1B,QAAI,OAAO,gBAAgB,MAAM,kBAAkB,SAAU,QAAO;IAEpE,MAAM,wBAAwB,0CAA0C,QACrE,MACC,CAAC,EAAE,EAAE,WAAW,cAAc,EAAE,QAAQ,EAAE,KAAK,kBAAkB,cACpE;AAGD,QAAI,sBAAsB,WAAW,EAAG,QAAO;IAE/C,IAAI,qBAAqB;AACzB,SAAK,MAAM,kBAAkB,uBAAuB;AAIlD,SAAI,CAAC,eAAe,OAAQ,UAAS;AAIrC,SAAI,CAAC,gBAAgB,OAAQ,UAAS;AAWtC,SAPyC,gBAAgB,OAAO,OAC7D,MACC,UAAU,KACV,eAAe,QAAQ,MACpB,QAAQ,UAAU,OAAO,EAAE,KAAK,OAAO,IAAI,KAAK,MAAM,EAAE,KAAK,OAAO,IAAI,KAAK,GAC/E,CACJ,CAEC,sBAAqB;;AAIzB,QAAI,CAAC,mBAAoB,QAAO;AAEhC;;GAEF,KAAK,aAAa;IAChB,MAAM,YAAY,gBAAgB,MAAM;AACxC,QAAI,CAAC,aAAa,UAAU,WAAW,EAAG,QAAO;IAEjD,MAAM,wBAAwB,0CAA0C,QACrE,MACC,CAAC,EAAE,EAAE,WAAW,eAAe,EAAE,MAAM,cAAc,kBAAkB,EAAE,KAAK,YAAY,UAAU,EACvG;AAGD,QAAI,sBAAsB,WAAW,EAAG,QAAO;IAE/C,IAAI,qBAAqB;AACzB,SAAK,MAAM,kBAAkB,uBAAuB;AAIlD,SAAI,CAAC,eAAe,OAAQ,UAAS;AAIrC,SAAI,CAAC,gBAAgB,OAAQ,UAAS;AAQtC,SAJyC,gBAAgB,OAAO,OAC7D,MACC,UAAU,KAAK,eAAe,QAAQ,MAAM,QAAQ,UAAU,OAAO,gBAAgB,EAAE,MAAM,IAAI,KAAK,CAAC,CAC1G,CAEC,sBAAqB;;AAIzB,QAAI,CAAC,mBAAoB,QAAO;AAEhC;;GAEF,QACE,QAAO;;;AAIb,QAAO;;;;;AChGT,MAAa,sCAAsC,OACjD,cACA,EACE,8BAA8B,EAAE,6BAA6B,4BAA4B,QACzF,qBACA,2BAEC;CACH,MAAM,UAAU,EAAE;AAClB,KAAI,CAAC,4BAA4B,sBAAuB;AACxD,MAAK,MAAM,MAAM,4BAA4B,sBAG3C,KAAI,GAAG,WAAW,OAAO;AACvB,MAAI,OAAO,GAAG,SAAS,SACrB,OAAM,IAAI,MAAM,iCAAiC;EAGnD,MAAM,aAAa,aAAa,kBAAkB,QAAQ,WAAW;EAErE,IAAI,sBAAsB;EAC1B,IAAI,oBAAoB;EAExB,MAAM,MAAM,IAAI,kBAAkB,GAAG,KAAK;AAE1C,MAAI;GACF,MAAM,EAAE,YAAY,MAAM,WAAW,UAAU,cAAc;IAC3D,KAAK,GAAG;IACR;IACD,CAAC;AACF,uBAAoB;UACd;AACN,OAAI,sBAAsB;IACxB,MAAM,EAAE,YAAY,MAAM,WAAW,UAAU,cAAc;KAC3D,KAAK,GAAG;KACR,qBAAqB,IAAI,OAAO,OAAO,EAAE;KAC1C,CAAC;AACF,0BAAsB;;;AAI1B,MAAI,IAAI,OAAO,QAAQ,YACrB,OAAM,IAAI,MAAM,kEAAkE,IAAI,OAAO,MAAM;AAGrG,MAAI,CAAC,2BACH,OAAM,IAAI,MAAM,0DAA0D;AAG5E,MAAI,2BAA2B,OAAO,WAAW,MAC/C,OAAM,IAAI,MAAM,qDAAqD;EAGvE,MAAM,sCAAsCC,IACzC,OAAO;GACN,KAAKA,IAAE,QAAQ,YAAY;GAC3B,KAAKA,IAAE,QAAQ;GAEf,KAAKA,IAAE,KAAK,CAAC,UAAU;GAEvB,YAAYA,IAAE,QAAQ,CAAC,UAAU;GAClC,CAAC,CACD,OAAO;EAGV,MAAM,uCAAuCA,IAC1C,OAAO;GACN,aAAaA,IAAE,MACbA,IAAE,OAAO;IACP,QAAQA,IAAE,QAAQ;IAClB,UAAUA,IAAE,SAAS,CAAC,QAAQ,MAAM;IACpC,MAAMA,IACH,OAAO;KACN,YAAYA,IAAE,MAAMA,IAAE,QAAQ,CAAC,CAAC,UAAU;KAC1C,eAAeA,IAAE,QAAQ,CAAC,UAAU;KACrC,CAAC,CACD,UAAU;IACb,qBAAqBA,IAClB,MAAMA,IAAE,OAAO;KAAE,MAAMA,IAAE,QAAQ;KAAE,QAAQA,IAAE,MAAMA,IAAE,QAAQ,CAAC;KAAE,CAAC,CAAC,CAClE,UAAU,CACV,UAAU;IACb,sCAAsCA,IAAE,SAAS,CAAC,QAAQ,KAAK;IAC/D,QAAQA,IACL,MACCA,IAAE,OAAO;KACP,IAAIA,IAAE,QAAQ,CAAC,UAAU;KACzB,MAAMA,IAAE,MAAMA,IAAE,QAAQ,CAAC,CAAC,UAAU,CAAC,UAAU;KAC/C,QAAQA,IAAE,MAAMA,IAAE,QAAQ,CAAC,GAAGA,IAAE,SAAS,CAAC,CAAC,CAAC,UAAU;KACvD,CAAC,CACH,CACA,UAAU,CACV,UAAU;IACb,YAAYA,IAAE,MAAMA,IAAE,MAAMA,IAAE,QAAQ,CAAC,CAAC,CAAC,UAAU,CAAC,UAAU;IAC/D,CAAC,CACH;GACD,SAASA,IAAE,OAAO;IAChB,SAASA,IAAE,KAAK;IAChB,UAAUA,IAAE,OAAO;IACnB,OAAOA,IAAE,QAAQ;IAClB,CAAC;GACF,KAAKA,IAAE,QAAQ;GAEf,UAAUA,IAAE,MAAMA,IAAE,OAAO;IAAE,MAAMA,IAAE,QAAQ;IAAE,MAAMA,IAAE,QAAQ;IAAE,CAAC,CAAC;GACnE,aAAaA,IAAE,SAAS,CAAC,QAAQ,MAAM;GACvC,cAAcA,IAAE,MAAMA,IAAE,KAAK,CAAC;GAC9B,uBAAuBA,IACpB,MACCA,IAAE,OAAO;IACP,QAAQA,IAAE,QAAQ;IAClB,MAAMA,IAAE,KAAK;IACd,CAAC,CACH,CACA,UAAU;GACb,gBAAgBA,IAAE,KAAK;GACvB,KAAKA,IAAE,QAAQ,CAAC,UAAU;GAC1B,KAAKA,IAAE,QAAQ,CAAC,UAAU;GAC1B,SAASA,IACN,MACCA,IAAE,OAAO;IACP,QAAQA,IAAE,QAAQ,CAAC,UAAU;IAC7B,MAAMA,IAAE,QAAQ,CAAC,UAAU;IAC3B,MAAMA,IAAE,QAAQ;IACjB,CAAC,CACH,CACA,UAAU;GACb,QAAQA,IAAE,KAAK;GAChB,CAAC,CACD,OAAO;AAEV,sCAAoC,MAAM,IAAI,OAAO;EACrD,MAAM,gBAAgB,qCAAqC,MAAM,IAAI,QAAQ,QAAQ,CAAC;EAEtF,MAAM,CAAC,iBAAiB,2BAA2B,OAAO;EAC1D,MAAM,SAAS,gBAAgB,uBAAuB,cAAc;AAEpE,MAAI,OAAO,YAAY,cAAc,IACnC,OAAM,IAAI,MACR,oDAAoD,OAAO,QAAQ,kEAAkE,cAAc,IAAI,GACxJ;AAGH,MAAI,cAAc,OAAO,KAAK,KAAK,GAAG,OAAQ,cAAc,IAC1D,OAAM,IAAI,MAAM,uEAAuE;AAKzF,MAAI,CAAC,KACH,OAAM,IAAI,MAAM,2DAA2D;AAG7E,MACE,4BAA4B,2BAC5B,4BAA4B,4BAE5B,OAAM,IAAI,MAAM,0EAA0E;AAK5F,MAAI,CAFqB,yBAAyB,KAAK,aAAa,cAAsC,CAGxG,OAAM,IAAI,MACR,oIACD;AAGH,UAAQ,KAAK;GAAE;GAAqB;GAAmB,6BAA6B;GAAQ,CAAC;OAE7F,OAAM,IAAI,MAAM,oCAAoC;AAGxD,QAAO"}
package/package.json CHANGED
@@ -1,16 +1,19 @@
1
1
  {
2
2
  "name": "@animo-id/eudi-wallet-functionality",
3
3
  "description": "EUDI Wallet Functionality",
4
- "version": "0.0.0-alpha-20260108162340",
4
+ "version": "0.1.0",
5
5
  "license": "Apache-2.0",
6
6
  "author": "Animo Solutions",
7
7
  "exports": {
8
- ".": "./build/index.mjs",
8
+ ".": "./dist/index.mjs",
9
9
  "./package.json": "./package.json"
10
10
  },
11
11
  "files": [
12
12
  "dist"
13
13
  ],
14
+ "engines": {
15
+ "node": ">=22"
16
+ },
14
17
  "publishConfig": {
15
18
  "access": "public"
16
19
  },
@@ -47,6 +50,7 @@
47
50
  "release": "pnpm build && pnpm changeset publish --no-git-tag",
48
51
  "changeset-version": "pnpm changeset version && pnpm style:fix"
49
52
  },
53
+ "main": "./dist/index.mjs",
50
54
  "module": "./dist/index.mjs",
51
55
  "types": "./dist/index.d.mts"
52
56
  }