@bsv/sdk 1.3.10 → 1.3.12
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/cjs/package.json +1 -1
- package/dist/cjs/src/auth/certificates/Certificate.js +1 -1
- package/dist/cjs/src/auth/certificates/Certificate.js.map +1 -1
- package/dist/cjs/src/auth/certificates/MasterCertificate.js +95 -65
- package/dist/cjs/src/auth/certificates/MasterCertificate.js.map +1 -1
- package/dist/cjs/src/auth/certificates/VerifiableCertificate.js +3 -3
- package/dist/cjs/src/auth/certificates/VerifiableCertificate.js.map +1 -1
- package/dist/cjs/src/auth/utils/getVerifiableCertificates.js +1 -1
- package/dist/cjs/src/auth/utils/getVerifiableCertificates.js.map +1 -1
- package/dist/cjs/src/auth/utils/validateCertificates.js +1 -1
- package/dist/cjs/src/auth/utils/validateCertificates.js.map +1 -1
- package/dist/cjs/src/wallet/ProtoWallet.js +9 -9
- package/dist/cjs/src/wallet/ProtoWallet.js.map +1 -1
- package/dist/cjs/tsconfig.cjs.tsbuildinfo +1 -1
- package/dist/esm/src/auth/certificates/Certificate.js +2 -2
- package/dist/esm/src/auth/certificates/Certificate.js.map +1 -1
- package/dist/esm/src/auth/certificates/MasterCertificate.js +95 -65
- package/dist/esm/src/auth/certificates/MasterCertificate.js.map +1 -1
- package/dist/esm/src/auth/certificates/VerifiableCertificate.js +3 -3
- package/dist/esm/src/auth/certificates/VerifiableCertificate.js.map +1 -1
- package/dist/esm/src/auth/utils/getVerifiableCertificates.js +1 -1
- package/dist/esm/src/auth/utils/getVerifiableCertificates.js.map +1 -1
- package/dist/esm/src/auth/utils/validateCertificates.js +1 -1
- package/dist/esm/src/auth/utils/validateCertificates.js.map +1 -1
- package/dist/esm/src/wallet/ProtoWallet.js +9 -9
- package/dist/esm/src/wallet/ProtoWallet.js.map +1 -1
- package/dist/esm/tsconfig.esm.tsbuildinfo +1 -1
- package/dist/types/src/auth/certificates/Certificate.d.ts +5 -5
- package/dist/types/src/auth/certificates/Certificate.d.ts.map +1 -1
- package/dist/types/src/auth/certificates/MasterCertificate.d.ts +44 -14
- package/dist/types/src/auth/certificates/MasterCertificate.d.ts.map +1 -1
- package/dist/types/src/auth/certificates/VerifiableCertificate.d.ts +4 -4
- package/dist/types/src/auth/certificates/VerifiableCertificate.d.ts.map +1 -1
- package/dist/types/src/wallet/ProtoWallet.d.ts +12 -12
- package/dist/types/src/wallet/ProtoWallet.d.ts.map +1 -1
- package/dist/types/tsconfig.types.tsbuildinfo +1 -1
- package/dist/umd/bundle.js +1 -1
- package/docs/auth.md +75 -33
- package/docs/wallet.md +12 -12
- package/package.json +1 -1
- package/src/auth/__tests/Peer.test.ts +19 -47
- package/src/auth/certificates/Certificate.ts +4 -5
- package/src/auth/certificates/MasterCertificate.ts +138 -71
- package/src/auth/certificates/VerifiableCertificate.ts +5 -6
- package/src/auth/certificates/__tests/MasterCertificate.test.ts +142 -51
- package/src/auth/certificates/__tests/VerifiableCertificate.test.ts +54 -30
- package/src/auth/utils/getVerifiableCertificates.ts +2 -2
- package/src/auth/utils/validateCertificates.ts +2 -2
- package/src/wallet/ProtoWallet.ts +20 -11
package/dist/cjs/package.json
CHANGED
|
@@ -169,7 +169,7 @@ class Certificate {
|
|
|
169
169
|
* - `protocolID` (WalletProtocol): The protocol ID for certificate field encryption.
|
|
170
170
|
* - `keyID` (string): A unique key identifier derived from the serial number and field name.
|
|
171
171
|
*/
|
|
172
|
-
static getCertificateFieldEncryptionDetails(
|
|
172
|
+
static getCertificateFieldEncryptionDetails(fieldName, serialNumber) {
|
|
173
173
|
return { protocolID: [2, 'certificate field encryption'], keyID: `${serialNumber} ${fieldName}` };
|
|
174
174
|
}
|
|
175
175
|
}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"Certificate.js","sourceRoot":"","sources":["../../../../../src/auth/certificates/Certificate.ts"],"names":[],"mappings":";;AAAA,
|
|
1
|
+
{"version":3,"file":"Certificate.js","sourceRoot":"","sources":["../../../../../src/auth/certificates/Certificate.ts"],"names":[],"mappings":";;AAAA,4CAUwB;AAExB;;;;GAIG;AACH,MAAqB,WAAW;IAoC9B;;;;;;;;;;OAUG;IACH,YACE,IAAkB,EAClB,YAA0B,EAC1B,OAAkB,EAClB,SAAoB,EACpB,kBAAkC,EAClC,MAAwD,EACxD,SAAqB;QAErB,IAAI,CAAC,IAAI,GAAG,IAAI,CAAA;QAChB,IAAI,CAAC,YAAY,GAAG,YAAY,CAAA;QAChC,IAAI,CAAC,OAAO,GAAG,OAAO,CAAA;QACtB,IAAI,CAAC,SAAS,GAAG,SAAS,CAAA;QAC1B,IAAI,CAAC,kBAAkB,GAAG,kBAAkB,CAAA;QAC5C,IAAI,CAAC,MAAM,GAAG,MAAM,CAAA;QACpB,IAAI,CAAC,SAAS,GAAG,SAAS,CAAA;IAC5B,CAAC;IAED;;;;;OAKG;IACH,QAAQ,CAAC,mBAA4B,IAAI;QACvC,MAAM,MAAM,GAAG,IAAI,cAAK,CAAC,MAAM,EAAE,CAAA;QAEjC,sCAAsC;QACtC,MAAM,SAAS,GAAG,cAAK,CAAC,OAAO,CAAC,IAAI,CAAC,IAAI,EAAE,QAAQ,CAAC,CAAA;QACpD,MAAM,CAAC,KAAK,CAAC,SAAS,CAAC,CAAA;QAEvB,8CAA8C;QAC9C,MAAM,iBAAiB,GAAG,cAAK,CAAC,OAAO,CAAC,IAAI,CAAC,YAAY,EAAE,QAAQ,CAAC,CAAA;QACpE,MAAM,CAAC,KAAK,CAAC,iBAAiB,CAAC,CAAA;QAE/B,gDAAgD;QAChD,MAAM,YAAY,GAAG,cAAK,CAAC,OAAO,CAAC,IAAI,CAAC,OAAO,EAAE,KAAK,CAAC,CAAA;QACvD,MAAM,CAAC,KAAK,CAAC,YAAY,CAAC,CAAA;QAE1B,kDAAkD;QAClD,MAAM,cAAc,GAAG,cAAK,CAAC,OAAO,CAAC,IAAI,CAAC,SAAS,EAAE,KAAK,CAAC,CAAA;QAC3D,MAAM,CAAC,KAAK,CAAC,cAAc,CAAC,CAAA;QAE5B,gDAAgD;QAChD,MAAM,CAAC,IAAI,EAAE,WAAW,CAAC,GAAG,IAAI,CAAC,kBAAkB,CAAC,KAAK,CAAC,GAAG,CAAC,CAAA;QAC9D,MAAM,SAAS,GAAG,cAAK,CAAC,OAAO,CAAC,IAAI,EAAE,KAAK,CAAC,CAAA;QAC5C,MAAM,CAAC,KAAK,CAAC,SAAS,CAAC,CAAA;QACvB,MAAM,CAAC,cAAc,CAAC,MAAM,CAAC,WAAW,CAAC,CAAC,CAAA;QAE1C,eAAe;QACf,qCAAqC;QACrC,MAAM,UAAU,GAAG,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC,IAAI,EAAE,CAAA;QAClD,MAAM,CAAC,cAAc,CAAC,UAAU,CAAC,MAAM,CAAC,CAAA;QACxC,KAAK,MAAM,SAAS,IAAI,UAAU,EAAE,CAAC;YACnC,MAAM,UAAU,GAAG,IAAI,CAAC,MAAM,CAAC,SAAS,CAAC,CAAA;YAEzC,aAAa;YACb,MAAM,cAAc,GAAG,cAAK,CAAC,OAAO,CAAC,SAAS,EAAE,MAAM,CAAC,CAAA;YACvD,MAAM,CAAC,cAAc,CAAC,cAAc,CAAC,MAAM,CAAC,CAAA;YAC5C,MAAM,CAAC,KAAK,CAAC,cAAc,CAAC,CAAA;YAE5B,cAAc;YACd,MAAM,eAAe,GAAG,cAAK,CAAC,OAAO,CAAC,UAAU,EAAE,MAAM,CAAC,CAAA;YACzD,MAAM,CAAC,cAAc,CAAC,eAAe,CAAC,MAAM,CAAC,CAAA;YAC7C,MAAM,CAAC,KAAK,CAAC,eAAe,CAAC,CAAA;QAC/B,CAAC;QAED,8BAA8B;QAC9B,IAAI,gBAAgB,IAAI,IAAI,CAAC,SAAS,IAAI,IAAI,CAAC,SAAS,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YACpE,MAAM,cAAc,GAAG,cAAK,CAAC,OAAO,CAAC,IAAI,CAAC,SAAS,EAAE,KAAK,CAAC,CAAA;YAC3D,MAAM,CAAC,KAAK,CAAC,cAAc,CAAC,CAAA;QAC9B,CAAC;QAED,OAAO,MAAM,CAAC,OAAO,EAAE,CAAA;IACzB,CAAC;IAED;;;;;OAKG;IACH,MAAM,CAAC,UAAU,CAAC,GAAa;QAC7B,MAAM,MAAM,GAAG,IAAI,cAAK,CAAC,MAAM,CAAC,GAAG,CAAC,CAAA;QAEpC,YAAY;QACZ,MAAM,SAAS,GAAG,MAAM,CAAC,IAAI,CAAC,EAAE,CAAC,CAAA;QACjC,MAAM,IAAI,GAAG,cAAK,CAAC,QAAQ,CAAC,SAAS,CAAC,CAAA;QAEtC,oBAAoB;QACpB,MAAM,iBAAiB,GAAG,MAAM,CAAC,IAAI,CAAC,EAAE,CAAC,CAAA;QACzC,MAAM,YAAY,GAAG,cAAK,CAAC,QAAQ,CAAC,iBAAiB,CAAC,CAAA;QAEtD,0BAA0B;QAC1B,MAAM,YAAY,GAAG,MAAM,CAAC,IAAI,CAAC,EAAE,CAAC,CAAA;QACpC,MAAM,OAAO,GAAG,cAAK,CAAC,KAAK,CAAC,YAAY,CAAC,CAAA;QAEzC,4BAA4B;QAC5B,MAAM,cAAc,GAAG,MAAM,CAAC,IAAI,CAAC,EAAE,CAAC,CAAA;QACtC,MAAM,SAAS,GAAG,cAAK,CAAC,KAAK,CAAC,cAAc,CAAC,CAAA;QAE7C,0BAA0B;QAC1B,MAAM,SAAS,GAAG,MAAM,CAAC,IAAI,CAAC,EAAE,CAAC,CAAA;QACjC,MAAM,IAAI,GAAG,cAAK,CAAC,KAAK,CAAC,SAAS,CAAC,CAAA;QACnC,MAAM,WAAW,GAAG,MAAM,CAAC,aAAa,EAAE,CAAA;QAC1C,MAAM,kBAAkB,GAAG,GAAG,IAAI,IAAI,WAAW,EAAE,CAAA;QAEnD,cAAc;QACd,MAAM,SAAS,GAAG,MAAM,CAAC,aAAa,EAAE,CAAA;QACxC,MAAM,MAAM,GAAqD,EAAE,CAAA;QACnE,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,SAAS,EAAE,CAAC,EAAE,EAAE,CAAC;YACnC,aAAa;YACb,MAAM,eAAe,GAAG,MAAM,CAAC,aAAa,EAAE,CAAA;YAC9C,MAAM,cAAc,GAAG,MAAM,CAAC,IAAI,CAAC,eAAe,CAAC,CAAA;YACnD,MAAM,SAAS,GAAG,cAAK,CAAC,MAAM,CAAC,cAAc,CAAC,CAAA;YAE9C,cAAc;YACd,MAAM,gBAAgB,GAAG,MAAM,CAAC,aAAa,EAAE,CAAA;YAC/C,MAAM,eAAe,GAAG,MAAM,CAAC,IAAI,CAAC,gBAAgB,CAAC,CAAA;YACrD,MAAM,UAAU,GAAG,cAAK,CAAC,MAAM,CAAC,eAAe,CAAC,CAAA;YAEhD,MAAM,CAAC,SAAS,CAAC,GAAG,UAAU,CAAA;QAChC,CAAC;QAED,4BAA4B;QAC5B,IAAI,SAA6B,CAAA;QACjC,IAAI,CAAC,MAAM,CAAC,GAAG,EAAE,EAAE,CAAC;YAClB,MAAM,cAAc,GAAG,MAAM,CAAC,IAAI,EAAE,CAAA;YACpC,MAAM,GAAG,GAAG,kBAAS,CAAC,OAAO,CAAC,cAAc,CAAC,CAAA;YAC7C,SAAS,GAAG,GAAG,CAAC,QAAQ,CAAC,KAAK,CAAW,CAAA;QAC3C,CAAC;QAED,OAAO,IAAI,WAAW,CACpB,IAAI,EACJ,YAAY,EACZ,OAAO,EACP,SAAS,EACT,kBAAkB,EAClB,MAAM,EACN,SAAS,CACV,CAAA;IACH,CAAC;IAED;;;;OAIG;IACH,KAAK,CAAC,MAAM;QACV,+DAA+D;QAC/D,MAAM,QAAQ,GAAG,IAAI,oBAAW,CAAC,QAAQ,CAAC,CAAA;QAC1C,MAAM,gBAAgB,GAAG,IAAI,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAA,CAAC,mDAAmD;QAEjG,MAAM,EAAE,KAAK,EAAE,GAAG,MAAM,QAAQ,CAAC,eAAe,CAAC;YAC/C,SAAS,EAAE,cAAK,CAAC,OAAO,CAAC,IAAI,CAAC,SAAS,EAAE,KAAK,CAAC;YAC/C,IAAI,EAAE,gBAAgB;YACtB,UAAU,EAAE,CAAC,CAAC,EAAE,uBAAuB,CAAC;YACxC,KAAK,EAAE,GAAG,IAAI,CAAC,IAAI,IAAI,IAAI,CAAC,YAAY,EAAE;YAC1C,YAAY,EAAE,IAAI,CAAC,SAAS,CAAC,sDAAsD;SACpF,CAAC,CAAA;QACF,OAAO,KAAK,CAAA;IACd,CAAC;IAED;;;;;OAKG;IACH,KAAK,CAAC,IAAI,CAAC,eAA4B;QACrC,IAAI,IAAI,CAAC,SAAS,EAAE,CAAC;YACnB,MAAM,IAAI,KAAK,CAAC,2DAA2D,IAAI,CAAC,SAAS,EAAE,CAAC,CAAA;QAC9F,CAAC;QAED,4DAA4D;QAC5D,IAAI,CAAC,SAAS,GAAG,CAAC,MAAM,eAAe,CAAC,YAAY,CAAC,EAAE,WAAW,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC,SAAS,CAAA;QAEtF,MAAM,QAAQ,GAAG,IAAI,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAA,CAAC,qCAAqC;QAC3E,MAAM,EAAE,SAAS,EAAE,GAAG,MAAM,eAAe,CAAC,eAAe,CAAC;YAC1D,IAAI,EAAE,QAAQ;YACd,UAAU,EAAE,CAAC,CAAC,EAAE,uBAAuB,CAAC;YACxC,KAAK,EAAE,GAAG,IAAI,CAAC,IAAI,IAAI,IAAI,CAAC,YAAY,EAAE;SAC3C,CAAC,CAAA;QACF,IAAI,CAAC,SAAS,GAAG,cAAK,CAAC,KAAK,CAAC,SAAS,CAAC,CAAA;IACzC,CAAC;IAED;;;;;;;;OAQG;IACH,MAAM,CAAC,oCAAoC,CAAC,SAAiB,EAAE,YAAqB;QAClF,OAAO,EAAE,UAAU,EAAE,CAAC,CAAC,EAAE,8BAA8B,CAAC,EAAE,KAAK,EAAE,GAAG,YAAY,IAAI,SAAS,EAAE,EAAE,CAAA;IACnG,CAAC;CACF;AArPD,8BAqPC"}
|
|
@@ -26,38 +26,37 @@ class MasterCertificate extends Certificate_js_1.default {
|
|
|
26
26
|
this.masterKeyring = masterKeyring;
|
|
27
27
|
}
|
|
28
28
|
/**
|
|
29
|
-
*
|
|
29
|
+
* Encrypts certificate fields for a subject and generates a master keyring.
|
|
30
|
+
* This method returns a master keyring tied to a specific certifier or subject who will validate
|
|
31
|
+
* and sign off on the fields, along with the encrypted certificate fields.
|
|
30
32
|
*
|
|
31
|
-
*
|
|
32
|
-
*
|
|
33
|
-
*
|
|
34
|
-
* @
|
|
35
|
-
*
|
|
36
|
-
*
|
|
37
|
-
*
|
|
33
|
+
* @param {ProtoWallet} creatorWallet - The wallet of the creator responsible for encrypting the fields.
|
|
34
|
+
* @param {WalletCounterparty} certifierOrSubject - The certifier or subject who will validate the certificate fields.
|
|
35
|
+
* @param {Record<CertificateFieldNameUnder50Bytes, string>} fields - A record of certificate field names (under 50 bytes) mapped to their values.
|
|
36
|
+
* @returns {Promise<CreateCertificateFieldsResult>} A promise resolving to an object containing:
|
|
37
|
+
* - `certificateFields` {Record<CertificateFieldNameUnder50Bytes, Base64String>}:
|
|
38
|
+
* The encrypted certificate fields.
|
|
39
|
+
* - `masterKeyring` {Record<CertificateFieldNameUnder50Bytes, Base64String>}:
|
|
40
|
+
* The master keyring containing encrypted revelation keys for each field.
|
|
38
41
|
*/
|
|
39
|
-
async
|
|
40
|
-
|
|
41
|
-
const
|
|
42
|
-
|
|
43
|
-
|
|
44
|
-
|
|
45
|
-
|
|
46
|
-
|
|
47
|
-
|
|
48
|
-
|
|
49
|
-
|
|
50
|
-
|
|
51
|
-
|
|
52
|
-
});
|
|
53
|
-
const fieldValue = new mod_js_1.SymmetricKey(fieldRevelationKey).decrypt(mod_js_1.Utils.toArray(this.fields[fieldName], 'base64'));
|
|
54
|
-
decryptedFields[fieldName] = mod_js_1.Utils.toUTF8(fieldValue);
|
|
55
|
-
}
|
|
56
|
-
return decryptedFields;
|
|
57
|
-
}
|
|
58
|
-
catch (e) {
|
|
59
|
-
throw new Error('Failed to decrypt all master certificate fields.');
|
|
42
|
+
static async createCertificateFields(creatorWallet, certifierOrSubject, fields, originator) {
|
|
43
|
+
const certificateFields = {};
|
|
44
|
+
const masterKeyring = {};
|
|
45
|
+
for (const [fieldName, fieldValue] of Object.entries(fields)) {
|
|
46
|
+
const fieldSymmetricKey = mod_js_1.SymmetricKey.fromRandom();
|
|
47
|
+
const encryptedFieldValue = fieldSymmetricKey.encrypt(mod_js_1.Utils.toArray(fieldValue, 'utf8'));
|
|
48
|
+
certificateFields[fieldName] = mod_js_1.Utils.toBase64(encryptedFieldValue);
|
|
49
|
+
const { ciphertext: encryptedFieldRevelationKey } = await creatorWallet.encrypt({
|
|
50
|
+
plaintext: fieldSymmetricKey.toArray(),
|
|
51
|
+
...Certificate_js_1.default.getCertificateFieldEncryptionDetails(fieldName), // Only fieldName used on MasterCertificate
|
|
52
|
+
counterparty: certifierOrSubject
|
|
53
|
+
}, originator);
|
|
54
|
+
masterKeyring[fieldName] = mod_js_1.Utils.toBase64(encryptedFieldRevelationKey);
|
|
60
55
|
}
|
|
56
|
+
return {
|
|
57
|
+
certificateFields,
|
|
58
|
+
masterKeyring
|
|
59
|
+
};
|
|
61
60
|
}
|
|
62
61
|
/**
|
|
63
62
|
* Creates a keyring for a verifier, enabling them to decrypt specific certificate fields.
|
|
@@ -65,7 +64,7 @@ class MasterCertificate extends Certificate_js_1.default {
|
|
|
65
64
|
* for the verifier's identity key. The result is a keyring containing the keys necessary
|
|
66
65
|
* for the verifier to access the designated fields.
|
|
67
66
|
*
|
|
68
|
-
* @param {
|
|
67
|
+
* @param {ProtoWallet} subjectWallet - The wallet instance of the subject, used to decrypt and re-encrypt field keys.
|
|
69
68
|
* @param {WalletCounterparty} verifier - The verifier who will receive access to the selectively revealed fields. Can be an identity key as hex, 'anyone', or 'self'.
|
|
70
69
|
* @param {string[]} fieldsToReveal - An array of field names to be revealed to the verifier. Must be a subset of the certificate's fields.
|
|
71
70
|
* @param {string} [originator] - Optional originator identifier, used if additional context is needed for decryption and encryption operations.
|
|
@@ -75,34 +74,22 @@ class MasterCertificate extends Certificate_js_1.default {
|
|
|
75
74
|
* - A field in `fieldsToReveal` does not exist in the certificate.
|
|
76
75
|
* - The decrypted master field key fails to decrypt the corresponding field (indicating an invalid key).
|
|
77
76
|
*/
|
|
78
|
-
async createKeyringForVerifier(subjectWallet, verifier, fieldsToReveal, originator) {
|
|
77
|
+
static async createKeyringForVerifier(subjectWallet, certifier, verifier, fields, fieldsToReveal, masterKeyring, serialNumber, originator) {
|
|
79
78
|
if (!Array.isArray(fieldsToReveal)) {
|
|
80
79
|
throw new Error('fieldsToReveal must be an array of strings');
|
|
81
80
|
}
|
|
82
81
|
const fieldRevelationKeyring = {};
|
|
83
82
|
for (const fieldName of fieldsToReveal) {
|
|
84
83
|
// Make sure that fields to reveal is a subset of the certificate fields
|
|
85
|
-
if (!
|
|
84
|
+
if (!fields[fieldName]) {
|
|
86
85
|
throw new Error(`Fields to reveal must be a subset of the certificate fields. Missing the "${fieldName}" field.`);
|
|
87
86
|
}
|
|
88
|
-
|
|
89
|
-
|
|
90
|
-
const { plaintext: masterFieldKey } = await subjectWallet.decrypt({
|
|
91
|
-
ciphertext: mod_js_1.Utils.toArray(encryptedMasterFieldKey, 'base64'),
|
|
92
|
-
...Certificate_js_1.default.getCertificateFieldEncryptionDetails(this.serialNumber, fieldName),
|
|
93
|
-
counterparty: this.certifier
|
|
94
|
-
}, originator);
|
|
95
|
-
// Verify that derived key actually decrypts requested field
|
|
96
|
-
try {
|
|
97
|
-
new mod_js_1.SymmetricKey(masterFieldKey).decrypt(mod_js_1.Utils.toArray(this.fields[fieldName], 'base64'));
|
|
98
|
-
}
|
|
99
|
-
catch (_) {
|
|
100
|
-
throw new Error(`Decryption of the "${fieldName}" field with its revelation key failed.`);
|
|
101
|
-
}
|
|
87
|
+
// Decrypt the master field key and verify that derived key actually decrypts requested field
|
|
88
|
+
const masterFieldKey = (await this.decryptField(subjectWallet, masterKeyring, fieldName, fields[fieldName], certifier)).fieldRevelationKey;
|
|
102
89
|
// Encrypt derived fieldRevelationKey for verifier
|
|
103
90
|
const { ciphertext: encryptedFieldRevelationKey } = await subjectWallet.encrypt({
|
|
104
91
|
plaintext: masterFieldKey,
|
|
105
|
-
...Certificate_js_1.default.getCertificateFieldEncryptionDetails(
|
|
92
|
+
...Certificate_js_1.default.getCertificateFieldEncryptionDetails(fieldName, serialNumber),
|
|
106
93
|
counterparty: verifier
|
|
107
94
|
}, originator);
|
|
108
95
|
// Add encryptedFieldRevelationKey to fieldRevelationKeyring
|
|
@@ -119,7 +106,7 @@ class MasterCertificate extends Certificate_js_1.default {
|
|
|
119
106
|
* generated symmetric key, which is then encrypted for the subject. The certificate
|
|
120
107
|
* can also includes a revocation outpoint to manage potential revocation.
|
|
121
108
|
*
|
|
122
|
-
* @param {
|
|
109
|
+
* @param {ProtoWallet} certifierWallet - The wallet of the certifier, used to sign the certificate and encrypt field keys.
|
|
123
110
|
* @param {WalletCounterparty} subject - The subject for whom the certificate is issued.
|
|
124
111
|
* @param {Record<CertificateFieldNameUnder50Bytes, string>} fields - Unencrypted certificate fields to include, with their names and values.
|
|
125
112
|
* @param {string} certificateType - The type of certificate being issued.
|
|
@@ -130,32 +117,75 @@ class MasterCertificate extends Certificate_js_1.default {
|
|
|
130
117
|
*
|
|
131
118
|
* @throws {Error} Throws an error if any operation (e.g., encryption, signing) fails during certificate issuance.
|
|
132
119
|
*/
|
|
133
|
-
static async issueCertificateForSubject(certifierWallet, subject, fields, certificateType, getRevocationOutpoint = async (serialNumber) => { return 'Certificate revocation not tracked.'; }) {
|
|
134
|
-
// 1. Generate serialNumber
|
|
135
|
-
|
|
136
|
-
|
|
137
|
-
const masterKeyringForSubject = {};
|
|
138
|
-
// 2. For each field, generate a random key -> encrypt field -> encrypt key
|
|
139
|
-
for (const [fieldName, fieldValue] of Object.entries(fields)) {
|
|
140
|
-
const fieldSymmetricKey = mod_js_1.SymmetricKey.fromRandom();
|
|
141
|
-
const encryptedFieldValue = fieldSymmetricKey.encrypt(mod_js_1.Utils.toArray(fieldValue, 'utf8'));
|
|
142
|
-
encryptedCertificateFields[fieldName] = mod_js_1.Utils.toBase64(encryptedFieldValue);
|
|
143
|
-
const { ciphertext: encryptedFieldRevelationKey } = await certifierWallet.encrypt({
|
|
144
|
-
plaintext: fieldSymmetricKey.toArray(),
|
|
145
|
-
...Certificate_js_1.default.getCertificateFieldEncryptionDetails(serialNumber, fieldName),
|
|
146
|
-
counterparty: subject
|
|
147
|
-
});
|
|
148
|
-
masterKeyringForSubject[fieldName] = mod_js_1.Utils.toBase64(encryptedFieldRevelationKey);
|
|
120
|
+
static async issueCertificateForSubject(certifierWallet, subject, fields, certificateType, getRevocationOutpoint = async (serialNumber) => { return 'Certificate revocation not tracked.'; }, serialNumber) {
|
|
121
|
+
// 1. Generate a random serialNumber if not provided
|
|
122
|
+
if (!serialNumber) {
|
|
123
|
+
serialNumber = mod_js_1.Utils.toBase64((0, mod_js_1.Random)(32));
|
|
149
124
|
}
|
|
125
|
+
// 2. Create encrypted certificate fields and associated master keyring
|
|
126
|
+
const { certificateFields, masterKeyring } = await this.createCertificateFields(certifierWallet, subject, fields);
|
|
150
127
|
// 3. Obtain a revocation outpoint (ex. certifier can call wallet.createAction())
|
|
151
128
|
const revocationOutpoint = await getRevocationOutpoint(serialNumber);
|
|
152
129
|
// TODO: Validate revocation outpoint format
|
|
153
130
|
// 4. Create new MasterCertificate instance
|
|
154
|
-
const certificate = new MasterCertificate(certificateType, serialNumber, subject, (await certifierWallet.getPublicKey({ identityKey: true })).publicKey, revocationOutpoint,
|
|
131
|
+
const certificate = new MasterCertificate(certificateType, serialNumber, subject, (await certifierWallet.getPublicKey({ identityKey: true })).publicKey, revocationOutpoint, certificateFields, masterKeyring);
|
|
155
132
|
// 5. Sign and return the new MasterCertificate certifying the subject.
|
|
156
133
|
await certificate.sign(certifierWallet);
|
|
157
134
|
return certificate;
|
|
158
135
|
}
|
|
136
|
+
/**
|
|
137
|
+
* Decrypts all fields in the MasterCertificate using the subject's or certifier's wallet.
|
|
138
|
+
*
|
|
139
|
+
* This method allows the subject or certifier to decrypt the `masterKeyring` and retrieve
|
|
140
|
+
* the encryption keys for each field, which are then used to decrypt the corresponding field values.
|
|
141
|
+
* The counterparty used for decryption depends on how the certificate fields were created:
|
|
142
|
+
* - If the certificate is self-signed, the counterparty should be set to 'self'.
|
|
143
|
+
* - Otherwise, the counterparty should always be the other party involved in the certificate issuance process (the subject or certifier).
|
|
144
|
+
*
|
|
145
|
+
* @param {ProtoWallet} subjectOrCertifierWallet - The wallet of the subject or certifier, used to decrypt the master keyring and field values.
|
|
146
|
+
* @param {Record<CertificateFieldNameUnder50Bytes, Base64String>} masterKeyring - A record containing encrypted keys for each field.
|
|
147
|
+
* @param {Record<CertificateFieldNameUnder50Bytes, Base64String>} fields - A record of encrypted field names and their values.
|
|
148
|
+
* @param {WalletCounterparty} counterparty - The counterparty responsible for creating or signing the certificate. For self-signed certificates, use 'self'.
|
|
149
|
+
* @returns {Promise<Record<CertificateFieldNameUnder50Bytes, string>>} A promise resolving to a record of field names and their decrypted values in plaintext.
|
|
150
|
+
*
|
|
151
|
+
* @throws {Error} Throws an error if the `masterKeyring` is invalid or if decryption fails for any field.
|
|
152
|
+
*/
|
|
153
|
+
static async decryptFields(subjectOrCertifierWallet, masterKeyring, fields, counterparty) {
|
|
154
|
+
if (!masterKeyring || Object.keys(masterKeyring).length === 0) {
|
|
155
|
+
throw new Error('A MasterCertificate must have a valid masterKeyring!');
|
|
156
|
+
}
|
|
157
|
+
try {
|
|
158
|
+
const decryptedFields = {};
|
|
159
|
+
// Note: we want to iterate through all fields, not just masterKeyring keys/value pairs.
|
|
160
|
+
for (const fieldName of Object.keys(fields)) {
|
|
161
|
+
decryptedFields[fieldName] = (await this.decryptField(subjectOrCertifierWallet, masterKeyring, fieldName, fields[fieldName], counterparty)).decryptedFieldValue;
|
|
162
|
+
}
|
|
163
|
+
return decryptedFields;
|
|
164
|
+
}
|
|
165
|
+
catch (e) {
|
|
166
|
+
throw new Error('Failed to decrypt all master certificate fields.');
|
|
167
|
+
}
|
|
168
|
+
}
|
|
169
|
+
static async decryptField(subjectOrCertifierWallet, masterKeyring, fieldName, fieldValue, counterparty, originator) {
|
|
170
|
+
if (!masterKeyring || Object.keys(masterKeyring).length === 0) {
|
|
171
|
+
throw new Error('A MasterCertificate must have a valid masterKeyring!');
|
|
172
|
+
}
|
|
173
|
+
try {
|
|
174
|
+
const { plaintext: fieldRevelationKey } = await subjectOrCertifierWallet.decrypt({
|
|
175
|
+
ciphertext: mod_js_1.Utils.toArray(masterKeyring[fieldName], 'base64'),
|
|
176
|
+
...Certificate_js_1.default.getCertificateFieldEncryptionDetails(fieldName), // Only fieldName used on MasterCertificate
|
|
177
|
+
counterparty
|
|
178
|
+
}, originator);
|
|
179
|
+
const decryptedFieldValue = new mod_js_1.SymmetricKey(fieldRevelationKey).decrypt(mod_js_1.Utils.toArray(fieldValue, 'base64'));
|
|
180
|
+
return {
|
|
181
|
+
fieldRevelationKey,
|
|
182
|
+
decryptedFieldValue: mod_js_1.Utils.toUTF8(decryptedFieldValue)
|
|
183
|
+
};
|
|
184
|
+
}
|
|
185
|
+
catch (e) {
|
|
186
|
+
throw new Error('Failed to decrypt certificate field!');
|
|
187
|
+
}
|
|
188
|
+
}
|
|
159
189
|
}
|
|
160
190
|
exports.MasterCertificate = MasterCertificate;
|
|
161
191
|
//# sourceMappingURL=MasterCertificate.js.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"MasterCertificate.js","sourceRoot":"","sources":["../../../../../src/auth/certificates/MasterCertificate.ts"],"names":[],"mappings":";;;;;;AAAA,
|
|
1
|
+
{"version":3,"file":"MasterCertificate.js","sourceRoot":"","sources":["../../../../../src/auth/certificates/MasterCertificate.ts"],"names":[],"mappings":";;;;;;AAAA,4CAYwB;AACxB,sEAA0C;AAO1C;;;;;;;GAOG;AACH,MAAa,iBAAkB,SAAQ,wBAAW;IAWhD,YACE,IAAkB,EAClB,YAA0B,EAC1B,OAAkB,EAClB,SAAoB,EACpB,kBAAkC,EAClC,MAA8D,EAC9D,aAAqE,EACrE,SAAqB;QAErB,KAAK,CAAC,IAAI,EAAE,YAAY,EAAE,OAAO,EAAE,SAAS,EAAE,kBAAkB,EAAE,MAAM,EAAE,SAAS,CAAC,CAAA;QAEpF,4FAA4F;QAC5F,KAAK,MAAM,SAAS,IAAI,MAAM,CAAC,IAAI,CAAC,MAAM,CAAC,EAAE,CAAC;YAC5C,IAAI,CAAC,aAAa,CAAC,SAAS,CAAC,EAAE,CAAC;gBAC9B,MAAM,IAAI,KAAK,CACb,gFAAgF,SAAS,IAAI,CAC9F,CAAA;YACH,CAAC;QACH,CAAC;QAED,IAAI,CAAC,aAAa,GAAG,aAAa,CAAA;IACpC,CAAC;IAED;;;;;;;;;;;;;OAaG;IACH,MAAM,CAAC,KAAK,CAAC,uBAAuB,CAClC,aAA0B,EAC1B,kBAAsC,EACtC,MAAwD,EACxD,UAAoD;QAEpD,MAAM,iBAAiB,GAA2D,EAAE,CAAA;QACpF,MAAM,aAAa,GAA2D,EAAE,CAAA;QAChF,KAAK,MAAM,CAAC,SAAS,EAAE,UAAU,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,MAAM,CAAC,EAAE,CAAC;YAC7D,MAAM,iBAAiB,GAAG,qBAAY,CAAC,UAAU,EAAE,CAAA;YACnD,MAAM,mBAAmB,GAAG,iBAAiB,CAAC,OAAO,CAAC,cAAK,CAAC,OAAO,CAAC,UAAU,EAAE,MAAM,CAAC,CAAC,CAAA;YACxF,iBAAiB,CAAC,SAAS,CAAC,GAAG,cAAK,CAAC,QAAQ,CAAC,mBAA+B,CAAC,CAAA;YAE9E,MAAM,EAAE,UAAU,EAAE,2BAA2B,EAAE,GAAG,MAAM,aAAa,CAAC,OAAO,CAAC;gBAC9E,SAAS,EAAE,iBAAiB,CAAC,OAAO,EAAE;gBACtC,GAAG,wBAAW,CAAC,oCAAoC,CAAC,SAAS,CAAC,EAAE,2CAA2C;gBAC3G,YAAY,EAAE,kBAAkB;aACjC,EAAE,UAAU,CAAC,CAAA;YACd,aAAa,CAAC,SAAS,CAAC,GAAG,cAAK,CAAC,QAAQ,CAAC,2BAA2B,CAAC,CAAA;QACxE,CAAC;QAED,OAAO;YACL,iBAAiB;YACjB,aAAa;SACd,CAAA;IACH,CAAC;IAED;;;;;;;;;;;;;;;OAeG;IACH,MAAM,CAAC,KAAK,CAAC,wBAAwB,CACnC,aAA0B,EAC1B,SAA6B,EAC7B,QAA4B,EAC5B,MAA8D,EAC9D,cAAwB,EACxB,aAAqE,EACrE,YAA0B,EAC1B,UAAoD;QACpD,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,cAAc,CAAC,EAAE,CAAC;YACnC,MAAM,IAAI,KAAK,CAAC,4CAA4C,CAAC,CAAA;QAC/D,CAAC;QACD,MAAM,sBAAsB,GAAG,EAAE,CAAA;QACjC,KAAK,MAAM,SAAS,IAAI,cAAc,EAAE,CAAC;YACvC,wEAAwE;YACxE,IAAI,CAAC,MAAM,CAAC,SAAS,CAAC,EAAE,CAAC;gBACvB,MAAM,IAAI,KAAK,CAAC,6EAA6E,SAAS,UAAU,CAAC,CAAA;YACnH,CAAC;YAED,6FAA6F;YAC7F,MAAM,cAAc,GAAG,CAAC,MAAM,IAAI,CAAC,YAAY,CAAC,aAAa,EAAE,aAAa,EAAE,SAAS,EAAE,MAAM,CAAC,SAAS,CAAC,EAAE,SAAS,CAAC,CAAC,CAAC,kBAAkB,CAAA;YAE1I,kDAAkD;YAClD,MAAM,EAAE,UAAU,EAAE,2BAA2B,EAAE,GAAG,MAAM,aAAa,CAAC,OAAO,CAAC;gBAC9E,SAAS,EAAE,cAAc;gBACzB,GAAG,wBAAW,CAAC,oCAAoC,CAAC,SAAS,EAAE,YAAY,CAAC;gBAC5E,YAAY,EAAE,QAAQ;aACvB,EAAE,UAAU,CAAC,CAAA;YAEd,4DAA4D;YAC5D,sBAAsB,CAAC,SAAS,CAAC,GAAG,cAAK,CAAC,QAAQ,CAAC,2BAA2B,CAAC,CAAA;QACjF,CAAC;QAED,2GAA2G;QAC3G,OAAO,sBAAsB,CAAA;IAC/B,CAAC;IAED;;;;;;;;;;;;;;;;;;OAkBG;IACH,MAAM,CAAC,KAAK,CAAC,0BAA0B,CACrC,eAA4B,EAC5B,OAA2B,EAC3B,MAAwD,EACxD,eAAuB,EACvB,wBAAwB,KAAK,EAC3B,YAAoB,EACH,EAAE,GAAG,OAAO,qCAAqC,CAAA,CAAC,CAAC,EACtE,YAAqB;QAErB,oDAAoD;QACpD,IAAI,CAAC,YAAY,EAAE,CAAC;YAClB,YAAY,GAAG,cAAK,CAAC,QAAQ,CAAC,IAAA,eAAM,EAAC,EAAE,CAAC,CAAC,CAAA;QAC3C,CAAC;QAED,uEAAuE;QACvE,MAAM,EAAE,iBAAiB,EAAE,aAAa,EAAE,GAAG,MAAM,IAAI,CAAC,uBAAuB,CAC7E,eAAe,EACf,OAAO,EACP,MAAM,CACP,CAAA;QAED,iFAAiF;QACjF,MAAM,kBAAkB,GAAG,MAAM,qBAAqB,CAAC,YAAY,CAAC,CAAA;QACpE,4CAA4C;QAE5C,2CAA2C;QAC3C,MAAM,WAAW,GAAG,IAAI,iBAAiB,CACvC,eAAe,EACf,YAAY,EACZ,OAAO,EACP,CAAC,MAAM,eAAe,CAAC,YAAY,CAAC,EAAE,WAAW,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC,SAAS,EACrE,kBAAkB,EAClB,iBAAiB,EACjB,aAAa,CACd,CAAA;QAED,uEAAuE;QACvE,MAAM,WAAW,CAAC,IAAI,CAAC,eAAe,CAAC,CAAA;QACvC,OAAO,WAAW,CAAA;IACpB,CAAC;IAGD;;;;;;;;;;;;;;;;OAgBG;IACH,MAAM,CAAC,KAAK,CAAC,aAAa,CACxB,wBAAqC,EACrC,aAAqE,EACrE,MAA8D,EAC9D,YAAgC;QAEhC,IAAI,CAAC,aAAa,IAAI,MAAM,CAAC,IAAI,CAAC,aAAa,CAAC,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YAC9D,MAAM,IAAI,KAAK,CAAC,sDAAsD,CAAC,CAAA;QACzE,CAAC;QACD,IAAI,CAAC;YACH,MAAM,eAAe,GAAqD,EAAE,CAAA;YAC5E,wFAAwF;YACxF,KAAK,MAAM,SAAS,IAAI,MAAM,CAAC,IAAI,CAAC,MAAM,CAAC,EAAE,CAAC;gBAC5C,eAAe,CAAC,SAAS,CAAC,GAAG,CAAC,MAAM,IAAI,CAAC,YAAY,CAAC,wBAAwB,EAAE,aAAa,EAAE,SAAS,EAAE,MAAM,CAAC,SAAS,CAAC,EAAE,YAAY,CAAC,CAAC,CAAC,mBAAmB,CAAA;YACjK,CAAC;YACD,OAAO,eAAe,CAAA;QACxB,CAAC;QAAC,OAAO,CAAC,EAAE,CAAC;YACX,MAAM,IAAI,KAAK,CAAC,kDAAkD,CAAC,CAAA;QACrE,CAAC;IACH,CAAC;IAED,MAAM,CAAC,KAAK,CAAC,YAAY,CACvB,wBAAqC,EACrC,aAAqE,EACrE,SAAuB,EACvB,UAAwB,EACxB,YAAgC,EAChC,UAAoD;QAEpD,IAAI,CAAC,aAAa,IAAI,MAAM,CAAC,IAAI,CAAC,aAAa,CAAC,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YAC9D,MAAM,IAAI,KAAK,CAAC,sDAAsD,CAAC,CAAA;QACzE,CAAC;QACD,IAAI,CAAC;YACH,MAAM,EAAE,SAAS,EAAE,kBAAkB,EAAE,GAAG,MAAM,wBAAwB,CAAC,OAAO,CAAC;gBAC/E,UAAU,EAAE,cAAK,CAAC,OAAO,CAAC,aAAa,CAAC,SAAS,CAAC,EAAE,QAAQ,CAAC;gBAC7D,GAAG,wBAAW,CAAC,oCAAoC,CAAC,SAAS,CAAC,EAAE,2CAA2C;gBAC3G,YAAY;aACb,EAAE,UAAU,CAAC,CAAA;YAEd,MAAM,mBAAmB,GAAG,IAAI,qBAAY,CAAC,kBAAkB,CAAC,CAAC,OAAO,CAAC,cAAK,CAAC,OAAO,CAAC,UAAU,EAAE,QAAQ,CAAC,CAAC,CAAA;YAC7G,OAAO;gBACL,kBAAkB;gBAClB,mBAAmB,EAAE,cAAK,CAAC,MAAM,CAAC,mBAA+B,CAAC;aACnE,CAAA;QACH,CAAC;QAAC,OAAO,CAAC,EAAE,CAAC;YACX,MAAM,IAAI,KAAK,CAAC,sCAAsC,CAAC,CAAA;QACzD,CAAC;IACH,CAAC;CACF;AAhQD,8CAgQC"}
|
|
@@ -11,14 +11,14 @@ const Certificate_js_1 = __importDefault(require("./Certificate.js"));
|
|
|
11
11
|
* This keyring allows selective decryption of certificate fields for authorized verifiers.
|
|
12
12
|
*/
|
|
13
13
|
class VerifiableCertificate extends Certificate_js_1.default {
|
|
14
|
-
constructor(type, serialNumber, subject, certifier, revocationOutpoint, fields,
|
|
14
|
+
constructor(type, serialNumber, subject, certifier, revocationOutpoint, fields, keyring, signature, decryptedFields) {
|
|
15
15
|
super(type, serialNumber, subject, certifier, revocationOutpoint, fields, signature);
|
|
16
16
|
this.keyring = keyring;
|
|
17
17
|
this.decryptedFields = decryptedFields;
|
|
18
18
|
}
|
|
19
19
|
/**
|
|
20
20
|
* Decrypts selectively revealed certificate fields using the provided keyring and verifier wallet
|
|
21
|
-
* @param {
|
|
21
|
+
* @param {ProtoWallet} verifierWallet - The wallet instance of the certificate's verifier, used to decrypt field keys.
|
|
22
22
|
* @returns {Promise<Record<CertificateFieldNameUnder50Bytes, string>>} - A promise that resolves to an object where each key is a field name and each value is the decrypted field value as a string.
|
|
23
23
|
* @throws {Error} Throws an error if any of the decryption operations fail, with a message indicating the failure context.
|
|
24
24
|
*/
|
|
@@ -31,7 +31,7 @@ class VerifiableCertificate extends Certificate_js_1.default {
|
|
|
31
31
|
for (const fieldName in this.keyring) {
|
|
32
32
|
const { plaintext: fieldRevelationKey } = await verifierWallet.decrypt({
|
|
33
33
|
ciphertext: mod_js_1.Utils.toArray(this.keyring[fieldName], 'base64'),
|
|
34
|
-
...Certificate_js_1.default.getCertificateFieldEncryptionDetails(this.serialNumber
|
|
34
|
+
...Certificate_js_1.default.getCertificateFieldEncryptionDetails(fieldName, this.serialNumber),
|
|
35
35
|
counterparty: this.subject
|
|
36
36
|
});
|
|
37
37
|
const fieldValue = new mod_js_1.SymmetricKey(fieldRevelationKey).decrypt(mod_js_1.Utils.toArray(this.fields[fieldName], 'base64'));
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"VerifiableCertificate.js","sourceRoot":"","sources":["../../../../../src/auth/certificates/VerifiableCertificate.ts"],"names":[],"mappings":";;;;;;AAAA,
|
|
1
|
+
{"version":3,"file":"VerifiableCertificate.js","sourceRoot":"","sources":["../../../../../src/auth/certificates/VerifiableCertificate.ts"],"names":[],"mappings":";;;;;;AAAA,4CASwB;AACxB,sEAA0C;AAE1C;;;GAGG;AACH,MAAa,qBAAsB,SAAQ,wBAAW;IAYpD,YACE,IAAkB,EAClB,YAA0B,EAC1B,OAAkB,EAClB,SAAoB,EACpB,kBAAkC,EAClC,MAAwD,EACxD,OAAyD,EACzD,SAAqB,EACrB,eAAwE;QAExE,KAAK,CAAC,IAAI,EAAE,YAAY,EAAE,OAAO,EAAE,SAAS,EAAE,kBAAkB,EAAE,MAAM,EAAE,SAAS,CAAC,CAAA;QACpF,IAAI,CAAC,OAAO,GAAG,OAAO,CAAA;QACtB,IAAI,CAAC,eAAe,GAAG,eAAe,CAAA;IACxC,CAAC;IAED;;;;;OAKG;IACH,KAAK,CAAC,aAAa,CAAC,cAA2B;QAC7C,IAAI,CAAC,IAAI,CAAC,OAAO,IAAI,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YAC5D,MAAM,IAAI,KAAK,CAAC,uEAAuE,CAAC,CAAA;QAC1F,CAAC;QACD,IAAI,CAAC;YACH,MAAM,eAAe,GAAqD,EAAE,CAAA;YAC5E,KAAK,MAAM,SAAS,IAAI,IAAI,CAAC,OAAO,EAAE,CAAC;gBACrC,MAAM,EAAE,SAAS,EAAE,kBAAkB,EAAE,GAAG,MAAM,cAAc,CAAC,OAAO,CAAC;oBACrE,UAAU,EAAE,cAAK,CAAC,OAAO,CAAC,IAAI,CAAC,OAAO,CAAC,SAAS,CAAC,EAAE,QAAQ,CAAC;oBAC5D,GAAG,wBAAW,CAAC,oCAAoC,CAAC,SAAS,EAAE,IAAI,CAAC,YAAY,CAAC;oBACjF,YAAY,EAAE,IAAI,CAAC,OAAO;iBAC3B,CAAC,CAAA;gBAEF,MAAM,UAAU,GAAG,IAAI,qBAAY,CAAC,kBAAkB,CAAC,CAAC,OAAO,CAAC,cAAK,CAAC,OAAO,CAAC,IAAI,CAAC,MAAM,CAAC,SAAS,CAAC,EAAE,QAAQ,CAAC,CAAC,CAAA;gBAChH,eAAe,CAAC,SAAS,CAAC,GAAG,cAAK,CAAC,MAAM,CAAC,UAAsB,CAAC,CAAA;YACnE,CAAC;YACD,OAAO,eAAe,CAAA;QACxB,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,MAAM,IAAI,KAAK,CAAC,4EAA4E,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,KAAK,EAAE,CAAC,CAAA;QAC/I,CAAC;IACH,CAAC;CACF;AAvDD,sDAuDC"}
|
|
@@ -24,7 +24,7 @@ const getVerifiableCertificates = async (wallet, requestedCertificates, verifier
|
|
|
24
24
|
fieldsToReveal: requestedCertificates.types[certificate.type],
|
|
25
25
|
verifier: verifierIdentityKey
|
|
26
26
|
});
|
|
27
|
-
return new VerifiableCertificate_js_1.VerifiableCertificate(certificate.type, certificate.serialNumber, certificate.subject, certificate.certifier, certificate.revocationOutpoint, certificate.fields, certificate.signature
|
|
27
|
+
return new VerifiableCertificate_js_1.VerifiableCertificate(certificate.type, certificate.serialNumber, certificate.subject, certificate.certifier, certificate.revocationOutpoint, certificate.fields, keyringForVerifier, certificate.signature);
|
|
28
28
|
}));
|
|
29
29
|
};
|
|
30
30
|
exports.getVerifiableCertificates = getVerifiableCertificates;
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"getVerifiableCertificates.js","sourceRoot":"","sources":["../../../../../src/auth/utils/getVerifiableCertificates.ts"],"names":[],"mappings":";;;AAAA,uFAAgF;AAIhF;;;;;;;GAOG;AACI,MAAM,yBAAyB,GAAG,KAAK,EAAE,MAAuB,EAAE,qBAA8C,EAAE,mBAA2B,EAAoC,EAAE;IACxL,qCAAqC;IACrC,2EAA2E;IAC3E,MAAM,oBAAoB,GAAG,MAAM,MAAM,CAAC,gBAAgB,CAAC;QACzD,UAAU,EAAE,qBAAqB,CAAC,UAAU;QAC5C,KAAK,EAAE,MAAM,CAAC,IAAI,CAAC,qBAAqB,CAAC,KAAK,CAAC;KAChD,CAAC,CAAA;IAEF,4FAA4F;IAC5F,OAAO,MAAM,OAAO,CAAC,GAAG,CACtB,oBAAoB,CAAC,YAAY,CAAC,GAAG,CAAC,KAAK,EAAC,WAAW,EAAC,EAAE;QACxD,MAAM,EAAE,kBAAkB,EAAE,GAAG,MAAM,MAAM,CAAC,gBAAgB,CAAC;YAC3D,WAAW;YACX,cAAc,EAAE,qBAAqB,CAAC,KAAK,CAAC,WAAW,CAAC,IAAI,CAAC;YAC7D,QAAQ,EAAE,mBAAmB;SAC9B,CAAC,CAAA;QACF,OAAO,IAAI,gDAAqB,CAC9B,WAAW,CAAC,IAAI,EAChB,WAAW,CAAC,YAAY,EACxB,WAAW,CAAC,OAAO,EACnB,WAAW,CAAC,SAAS,EACrB,WAAW,CAAC,kBAAkB,EAC9B,WAAW,CAAC,MAAM,EAClB,WAAW,CAAC,SAAS,
|
|
1
|
+
{"version":3,"file":"getVerifiableCertificates.js","sourceRoot":"","sources":["../../../../../src/auth/utils/getVerifiableCertificates.ts"],"names":[],"mappings":";;;AAAA,uFAAgF;AAIhF;;;;;;;GAOG;AACI,MAAM,yBAAyB,GAAG,KAAK,EAAE,MAAuB,EAAE,qBAA8C,EAAE,mBAA2B,EAAoC,EAAE;IACxL,qCAAqC;IACrC,2EAA2E;IAC3E,MAAM,oBAAoB,GAAG,MAAM,MAAM,CAAC,gBAAgB,CAAC;QACzD,UAAU,EAAE,qBAAqB,CAAC,UAAU;QAC5C,KAAK,EAAE,MAAM,CAAC,IAAI,CAAC,qBAAqB,CAAC,KAAK,CAAC;KAChD,CAAC,CAAA;IAEF,4FAA4F;IAC5F,OAAO,MAAM,OAAO,CAAC,GAAG,CACtB,oBAAoB,CAAC,YAAY,CAAC,GAAG,CAAC,KAAK,EAAC,WAAW,EAAC,EAAE;QACxD,MAAM,EAAE,kBAAkB,EAAE,GAAG,MAAM,MAAM,CAAC,gBAAgB,CAAC;YAC3D,WAAW;YACX,cAAc,EAAE,qBAAqB,CAAC,KAAK,CAAC,WAAW,CAAC,IAAI,CAAC;YAC7D,QAAQ,EAAE,mBAAmB;SAC9B,CAAC,CAAA;QACF,OAAO,IAAI,gDAAqB,CAC9B,WAAW,CAAC,IAAI,EAChB,WAAW,CAAC,YAAY,EACxB,WAAW,CAAC,OAAO,EACnB,WAAW,CAAC,SAAS,EACrB,WAAW,CAAC,kBAAkB,EAC9B,WAAW,CAAC,MAAM,EAClB,kBAAkB,EAClB,WAAW,CAAC,SAAS,CACtB,CAAA;IACH,CAAC,CAAC,CAAC,CAAA;AACP,CAAC,CAAA;AA3BY,QAAA,yBAAyB,6BA2BrC"}
|
|
@@ -16,7 +16,7 @@ const validateCertificates = async (verifierWallet, message, certificatesRequest
|
|
|
16
16
|
throw new Error(`The subject of one of your certificates ("${incomingCert.subject}") is not the same as the request sender ("${message.identityKey}").`);
|
|
17
17
|
}
|
|
18
18
|
// Verify Certificate structure and signature
|
|
19
|
-
const certToVerify = new VerifiableCertificate_js_1.VerifiableCertificate(incomingCert.type, incomingCert.serialNumber, incomingCert.subject, incomingCert.certifier, incomingCert.revocationOutpoint, incomingCert.fields, incomingCert.
|
|
19
|
+
const certToVerify = new VerifiableCertificate_js_1.VerifiableCertificate(incomingCert.type, incomingCert.serialNumber, incomingCert.subject, incomingCert.certifier, incomingCert.revocationOutpoint, incomingCert.fields, incomingCert.keyring, incomingCert.signature);
|
|
20
20
|
const isValidCert = await certToVerify.verify();
|
|
21
21
|
if (!isValidCert) {
|
|
22
22
|
throw new Error(`The signature for the certificate with serial number ${certToVerify.serialNumber} is invalid!`);
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"validateCertificates.js","sourceRoot":"","sources":["../../../../../src/auth/utils/validateCertificates.ts"],"names":[],"mappings":";;;AAEA,uFAAgF;AAEhF;;;;;;;GAOG;AACI,MAAM,oBAAoB,GAAG,KAAK,EAAE,cAA+B,EAAE,OAAoB,EAAE,qBAA+C,EAAiB,EAAE;IAClK,MAAM,OAAO,CAAC,GAAG,CAAC,OAAO,CAAC,YAAY,CAAC,GAAG,CAAC,KAAK,EAAE,YAAmC,EAAE,EAAE;QACvF,IAAI,YAAY,CAAC,OAAO,KAAK,OAAO,CAAC,WAAW,EAAE,CAAC;YACjD,MAAM,IAAI,KAAK,CAAC,6CAA6C,YAAY,CAAC,OAAO,8CAA8C,OAAO,CAAC,WAAW,KAAK,CAAC,CAAA;QAC1J,CAAC;QAED,6CAA6C;QAC7C,MAAM,YAAY,GAAG,IAAI,gDAAqB,CAC5C,YAAY,CAAC,IAAI,EACjB,YAAY,CAAC,YAAY,EACzB,YAAY,CAAC,OAAO,EACpB,YAAY,CAAC,SAAS,EACtB,YAAY,CAAC,kBAAkB,EAC/B,YAAY,CAAC,MAAM,EACnB,YAAY,CAAC,
|
|
1
|
+
{"version":3,"file":"validateCertificates.js","sourceRoot":"","sources":["../../../../../src/auth/utils/validateCertificates.ts"],"names":[],"mappings":";;;AAEA,uFAAgF;AAEhF;;;;;;;GAOG;AACI,MAAM,oBAAoB,GAAG,KAAK,EAAE,cAA+B,EAAE,OAAoB,EAAE,qBAA+C,EAAiB,EAAE;IAClK,MAAM,OAAO,CAAC,GAAG,CAAC,OAAO,CAAC,YAAY,CAAC,GAAG,CAAC,KAAK,EAAE,YAAmC,EAAE,EAAE;QACvF,IAAI,YAAY,CAAC,OAAO,KAAK,OAAO,CAAC,WAAW,EAAE,CAAC;YACjD,MAAM,IAAI,KAAK,CAAC,6CAA6C,YAAY,CAAC,OAAO,8CAA8C,OAAO,CAAC,WAAW,KAAK,CAAC,CAAA;QAC1J,CAAC;QAED,6CAA6C;QAC7C,MAAM,YAAY,GAAG,IAAI,gDAAqB,CAC5C,YAAY,CAAC,IAAI,EACjB,YAAY,CAAC,YAAY,EACzB,YAAY,CAAC,OAAO,EACpB,YAAY,CAAC,SAAS,EACtB,YAAY,CAAC,kBAAkB,EAC/B,YAAY,CAAC,MAAM,EACnB,YAAY,CAAC,OAAO,EACpB,YAAY,CAAC,SAAS,CACvB,CAAA;QACD,MAAM,WAAW,GAAG,MAAM,YAAY,CAAC,MAAM,EAAE,CAAA;QAC/C,IAAI,CAAC,WAAW,EAAE,CAAC;YACjB,MAAM,IAAI,KAAK,CAAC,wDAAwD,YAAY,CAAC,YAAY,cAAc,CAAC,CAAA;QAClH,CAAC;QAED,2EAA2E;QAC3E,IAAI,qBAAqB,EAAE,CAAC;YAC1B,MAAM,EAAE,UAAU,EAAE,KAAK,EAAE,GAAG,qBAAqB,CAAA;YAEnD,0BAA0B;YAC1B,IAAI,CAAC,UAAU,CAAC,QAAQ,CAAC,YAAY,CAAC,SAAS,CAAC,EAAE,CAAC;gBACjD,MAAM,IAAI,KAAK,CAAC,kCAAkC,YAAY,CAAC,YAAY,kCAAkC,YAAY,CAAC,SAAS,EAAE,CAAC,CAAA;YACxI,CAAC;YAED,wCAAwC;YACxC,MAAM,eAAe,GAAG,KAAK,CAAC,YAAY,CAAC,IAAI,CAAC,CAAA;YAChD,IAAI,CAAC,eAAe,EAAE,CAAC;gBACrB,MAAM,IAAI,KAAK,CAAC,yBAAyB,YAAY,CAAC,IAAI,oBAAoB,CAAC,CAAA;YACjF,CAAC;QACH,CAAC;QAED,4BAA4B;QAC5B,MAAM,YAAY,CAAC,aAAa,CAAC,cAAc,CAAC,CAAA;IAClD,CAAC,CAAC,CAAC,CAAA;AACL,CAAC,CAAA;AAzCY,QAAA,oBAAoB,wBAyChC"}
|
|
@@ -17,7 +17,7 @@ class ProtoWallet {
|
|
|
17
17
|
}
|
|
18
18
|
this.keyDeriver = rootKeyOrKeyDeriver;
|
|
19
19
|
}
|
|
20
|
-
async getPublicKey(args) {
|
|
20
|
+
async getPublicKey(args, originator) {
|
|
21
21
|
if (args.identityKey) {
|
|
22
22
|
return { publicKey: this.keyDeriver.rootKey.toPublicKey().toString() };
|
|
23
23
|
}
|
|
@@ -32,7 +32,7 @@ class ProtoWallet {
|
|
|
32
32
|
};
|
|
33
33
|
}
|
|
34
34
|
}
|
|
35
|
-
async revealCounterpartyKeyLinkage(args) {
|
|
35
|
+
async revealCounterpartyKeyLinkage(args, originator) {
|
|
36
36
|
const { publicKey: identityKey } = await this.getPublicKey({ identityKey: true });
|
|
37
37
|
const linkage = this.keyDeriver.revealCounterpartySecret(args.counterparty);
|
|
38
38
|
const linkageProof = new index_js_1.Schnorr().generateProof(this.keyDeriver.rootKey, this.keyDeriver.rootKey.toPublicKey(), index_js_1.PublicKey.fromString(args.counterparty), index_js_1.Point.fromDER(linkage));
|
|
@@ -63,7 +63,7 @@ class ProtoWallet {
|
|
|
63
63
|
encryptedLinkageProof
|
|
64
64
|
};
|
|
65
65
|
}
|
|
66
|
-
async revealSpecificKeyLinkage(args) {
|
|
66
|
+
async revealSpecificKeyLinkage(args, originator) {
|
|
67
67
|
const { publicKey: identityKey } = await this.getPublicKey({ identityKey: true });
|
|
68
68
|
const linkage = this.keyDeriver.revealSpecificSecret(args.counterparty, args.protocolID, args.keyID);
|
|
69
69
|
const { ciphertext: encryptedLinkage } = await this.encrypt({
|
|
@@ -89,19 +89,19 @@ class ProtoWallet {
|
|
|
89
89
|
proofType: 0
|
|
90
90
|
};
|
|
91
91
|
}
|
|
92
|
-
async encrypt(args) {
|
|
92
|
+
async encrypt(args, originator) {
|
|
93
93
|
const key = this.keyDeriver.deriveSymmetricKey(args.protocolID, args.keyID, args.counterparty || 'self');
|
|
94
94
|
return { ciphertext: key.encrypt(args.plaintext) };
|
|
95
95
|
}
|
|
96
|
-
async decrypt(args) {
|
|
96
|
+
async decrypt(args, originator) {
|
|
97
97
|
const key = this.keyDeriver.deriveSymmetricKey(args.protocolID, args.keyID, args.counterparty || 'self');
|
|
98
98
|
return { plaintext: key.decrypt(args.ciphertext) };
|
|
99
99
|
}
|
|
100
|
-
async createHmac(args) {
|
|
100
|
+
async createHmac(args, originator) {
|
|
101
101
|
const key = this.keyDeriver.deriveSymmetricKey(args.protocolID, args.keyID, args.counterparty || 'self');
|
|
102
102
|
return { hmac: index_js_1.Hash.sha256hmac(key.toArray(), args.data) };
|
|
103
103
|
}
|
|
104
|
-
async verifyHmac(args) {
|
|
104
|
+
async verifyHmac(args, originator) {
|
|
105
105
|
const key = this.keyDeriver.deriveSymmetricKey(args.protocolID, args.keyID, args.counterparty || 'self');
|
|
106
106
|
const valid = index_js_1.Hash.sha256hmac(key.toArray(), args.data).toString() === args.hmac.toString();
|
|
107
107
|
if (!valid) {
|
|
@@ -111,7 +111,7 @@ class ProtoWallet {
|
|
|
111
111
|
}
|
|
112
112
|
return { valid };
|
|
113
113
|
}
|
|
114
|
-
async createSignature(args) {
|
|
114
|
+
async createSignature(args, originator) {
|
|
115
115
|
if (!args.hashToDirectlySign && !args.data) {
|
|
116
116
|
throw new Error('args.data or args.hashToDirectlySign must be valid');
|
|
117
117
|
}
|
|
@@ -119,7 +119,7 @@ class ProtoWallet {
|
|
|
119
119
|
const key = this.keyDeriver.derivePrivateKey(args.protocolID, args.keyID, args.counterparty || 'anyone');
|
|
120
120
|
return { signature: index_js_1.ECDSA.sign(new index_js_1.BigNumber(hash), key, true).toDER() };
|
|
121
121
|
}
|
|
122
|
-
async verifySignature(args) {
|
|
122
|
+
async verifySignature(args, originator) {
|
|
123
123
|
if (!args.hashToDirectlyVerify && !args.data) {
|
|
124
124
|
throw new Error('args.data or args.hashToDirectlyVerify must be valid');
|
|
125
125
|
}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"ProtoWallet.js","sourceRoot":"","sources":["../../../../src/wallet/ProtoWallet.ts"],"names":[],"mappings":";;;AAAA,mDAA2D;AAC3D,qDAAiH;AA0BjH;;;;;;GAMG;AACH,MAAa,WAAW;IAGtB,YAAa,
|
|
1
|
+
{"version":3,"file":"ProtoWallet.js","sourceRoot":"","sources":["../../../../src/wallet/ProtoWallet.ts"],"names":[],"mappings":";;;AAAA,mDAA2D;AAC3D,qDAAiH;AA0BjH;;;;;;GAMG;AACH,MAAa,WAAW;IAGtB,YAAa,mBAA2D;QACtE,IAAI,OAAQ,mBAAkC,CAAC,WAAW,KAAK,QAAQ,EAAE,CAAC;YACxE,mBAAmB,GAAG,IAAI,0BAAU,CAAC,mBAA4C,CAAC,CAAA;QACpF,CAAC;QACD,IAAI,CAAC,UAAU,GAAG,mBAAiC,CAAA;IACrD,CAAC;IAED,KAAK,CAAC,YAAY,CAChB,IAAsB,EACtB,UAAoD;QAEpD,IAAI,IAAI,CAAC,WAAW,EAAE,CAAC;YACrB,OAAO,EAAE,SAAS,EAAE,IAAI,CAAC,UAAU,CAAC,OAAO,CAAC,WAAW,EAAE,CAAC,QAAQ,EAAE,EAAE,CAAA;QACxE,CAAC;aAAM,CAAC;YACN,IAAI,CAAC,IAAI,CAAC,UAAU,IAAI,CAAC,IAAI,CAAC,KAAK,EAAE,CAAC;gBACpC,MAAM,IAAI,KAAK,CAAC,yEAAyE,CAAC,CAAA;YAC5F,CAAC;YACD,OAAO;gBACL,SAAS,EAAE,IAAI,CAAC,UAAU;qBACvB,eAAe,CACd,IAAI,CAAC,UAAU,EACf,IAAI,CAAC,KAAK,EACV,IAAI,CAAC,YAAY,IAAI,MAAM,EAC3B,IAAI,CAAC,OAAO,CACb;qBACA,QAAQ,EAAE;aACd,CAAA;QACH,CAAC;IACH,CAAC;IAED,KAAK,CAAC,4BAA4B,CAChC,IAAsC,EACtC,UAAoD;QAEpD,MAAM,EAAE,SAAS,EAAE,WAAW,EAAE,GAAG,MAAM,IAAI,CAAC,YAAY,CAAC,EAAE,WAAW,EAAE,IAAI,EAAE,CAAC,CAAA;QACjF,MAAM,OAAO,GAAG,IAAI,CAAC,UAAU,CAAC,wBAAwB,CAAC,IAAI,CAAC,YAAY,CAAC,CAAA;QAC3E,MAAM,YAAY,GAAG,IAAI,kBAAO,EAAE,CAAC,aAAa,CAAC,IAAI,CAAC,UAAU,CAAC,OAAO,EAAE,IAAI,CAAC,UAAU,CAAC,OAAO,CAAC,WAAW,EAAE,EAAE,oBAAS,CAAC,UAAU,CAAC,IAAI,CAAC,YAAY,CAAC,EAAE,gBAAK,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC,CAAA;QACjL,MAAM,eAAe,GAAG;YACtB,GAAG,YAAY,CAAC,CAAC,CAAC,MAAM,CAAC,IAAI,CAAC;YAC9B,GAAG,YAAY,CAAC,MAAM,CAAC,MAAM,CAAC,IAAI,CAAC;YACnC,GAAG,YAAY,CAAC,CAAC,CAAC,OAAO,EAAE;SAChB,CAAA;QACb,MAAM,cAAc,GAAG,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE,CAAA;QAC/C,MAAM,EAAE,UAAU,EAAE,gBAAgB,EAAE,GAAG,MAAM,IAAI,CAAC,OAAO,CAAC;YAC1D,SAAS,EAAE,OAAO;YAClB,UAAU,EAAE,CAAC,CAAC,EAAE,iCAAiC,CAAC;YAClD,KAAK,EAAE,cAAc;YACrB,YAAY,EAAE,IAAI,CAAC,QAAQ;SAC5B,CAAC,CAAA;QACF,MAAM,EAAE,UAAU,EAAE,qBAAqB,EAAE,GAAG,MAAM,IAAI,CAAC,OAAO,CAAC;YAC/D,SAAS,EAAE,eAAe;YAC1B,UAAU,EAAE,CAAC,CAAC,EAAE,iCAAiC,CAAC;YAClD,KAAK,EAAE,cAAc;YACrB,YAAY,EAAE,IAAI,CAAC,QAAQ;SAC5B,CAAC,CAAA;QACF,OAAO;YACL,MAAM,EAAE,WAAW;YACnB,QAAQ,EAAE,IAAI,CAAC,QAAQ;YACvB,YAAY,EAAE,IAAI,CAAC,YAAY;YAC/B,cAAc;YACd,gBAAgB;YAChB,qBAAqB;SACtB,CAAA;IACH,CAAC;IAED,KAAK,CAAC,wBAAwB,CAC5B,IAAkC,EAClC,UAAoD;QAEpD,MAAM,EAAE,SAAS,EAAE,WAAW,EAAE,GAAG,MAAM,IAAI,CAAC,YAAY,CAAC,EAAE,WAAW,EAAE,IAAI,EAAE,CAAC,CAAA;QACjF,MAAM,OAAO,GAAG,IAAI,CAAC,UAAU,CAAC,oBAAoB,CAClD,IAAI,CAAC,YAAY,EACjB,IAAI,CAAC,UAAU,EACf,IAAI,CAAC,KAAK,CACX,CAAA;QACD,MAAM,EAAE,UAAU,EAAE,gBAAgB,EAAE,GAAG,MAAM,IAAI,CAAC,OAAO,CAAC;YAC1D,SAAS,EAAE,OAAO;YAClB,UAAU,EAAE,CAAC,CAAC,EAAE,+BAA+B,IAAI,CAAC,UAAU,CAAC,CAAC,CAAC,IAAI,IAAI,CAAC,UAAU,CAAC,CAAC,CAAC,EAAE,CAAC;YAC1F,KAAK,EAAE,IAAI,CAAC,KAAK;YACjB,YAAY,EAAE,IAAI,CAAC,QAAQ;SAC5B,CAAC,CAAA;QACF,MAAM,EAAE,UAAU,EAAE,qBAAqB,EAAE,GAAG,MAAM,IAAI,CAAC,OAAO,CAAC;YAC/D,SAAS,EAAE,CAAC,CAAC,CAAC,EAAE,kCAAkC;YAClD,UAAU,EAAE,CAAC,CAAC,EAAE,+BAA+B,IAAI,CAAC,UAAU,CAAC,CAAC,CAAC,IAAI,IAAI,CAAC,UAAU,CAAC,CAAC,CAAC,EAAE,CAAC;YAC1F,KAAK,EAAE,IAAI,CAAC,KAAK;YACjB,YAAY,EAAE,IAAI,CAAC,QAAQ;SAC5B,CAAC,CAAA;QACF,OAAO;YACL,MAAM,EAAE,WAAW;YACnB,QAAQ,EAAE,IAAI,CAAC,QAAQ;YACvB,YAAY,EAAE,IAAI,CAAC,YAAY;YAC/B,UAAU,EAAE,IAAI,CAAC,UAAU;YAC3B,KAAK,EAAE,IAAI,CAAC,KAAK;YACjB,gBAAgB;YAChB,qBAAqB;YACrB,SAAS,EAAE,CAAC;SACb,CAAA;IACH,CAAC;IAED,KAAK,CAAC,OAAO,CACX,IAAuB,EACvB,UAAoD;QAEpD,MAAM,GAAG,GAAG,IAAI,CAAC,UAAU,CAAC,kBAAkB,CAC5C,IAAI,CAAC,UAAU,EACf,IAAI,CAAC,KAAK,EACV,IAAI,CAAC,YAAY,IAAI,MAAM,CAC5B,CAAA;QACD,OAAO,EAAE,UAAU,EAAE,GAAG,CAAC,OAAO,CAAC,IAAI,CAAC,SAAS,CAAa,EAAE,CAAA;IAChE,CAAC;IAED,KAAK,CAAC,OAAO,CACX,IAAuB,EACvB,UAAoD;QAEpD,MAAM,GAAG,GAAG,IAAI,CAAC,UAAU,CAAC,kBAAkB,CAC5C,IAAI,CAAC,UAAU,EACf,IAAI,CAAC,KAAK,EACV,IAAI,CAAC,YAAY,IAAI,MAAM,CAC5B,CAAA;QACD,OAAO,EAAE,SAAS,EAAE,GAAG,CAAC,OAAO,CAAC,IAAI,CAAC,UAAU,CAAa,EAAE,CAAA;IAChE,CAAC;IAED,KAAK,CAAC,UAAU,CACd,IAAoB,EACpB,UAAoD;QAEpD,MAAM,GAAG,GAAG,IAAI,CAAC,UAAU,CAAC,kBAAkB,CAC5C,IAAI,CAAC,UAAU,EACf,IAAI,CAAC,KAAK,EACV,IAAI,CAAC,YAAY,IAAI,MAAM,CAC5B,CAAA;QACD,OAAO,EAAE,IAAI,EAAE,eAAI,CAAC,UAAU,CAAC,GAAG,CAAC,OAAO,EAAE,EAAE,IAAI,CAAC,IAAI,CAAC,EAAE,CAAA;IAC5D,CAAC;IAED,KAAK,CAAC,UAAU,CACd,IAAoB,EACpB,UAAoD;QAEpD,MAAM,GAAG,GAAG,IAAI,CAAC,UAAU,CAAC,kBAAkB,CAC5C,IAAI,CAAC,UAAU,EACf,IAAI,CAAC,KAAK,EACV,IAAI,CAAC,YAAY,IAAI,MAAM,CAC5B,CAAA;QACD,MAAM,KAAK,GAAG,eAAI,CAAC,UAAU,CAAC,GAAG,CAAC,OAAO,EAAE,EAAE,IAAI,CAAC,IAAI,CAAC,CAAC,QAAQ,EAAE,KAAK,IAAI,CAAC,IAAI,CAAC,QAAQ,EAAE,CAAA;QAC3F,IAAI,CAAC,KAAK,EAAE,CAAC;YACX,MAAM,CAAC,GAAG,IAAI,KAAK,CAAC,mBAAmB,CAAC,CAAC;YACxC,CAAS,CAAC,IAAI,GAAG,kBAAkB,CAAA;YACpC,MAAM,CAAC,CAAA;QACT,CAAC;QACD,OAAO,EAAE,KAAK,EAAE,CAAA;IAClB,CAAC;IAED,KAAK,CAAC,eAAe,CACnB,IAAyB,EACzB,UAAoD;QAEpD,IAAI,CAAC,IAAI,CAAC,kBAAkB,IAAI,CAAC,IAAI,CAAC,IAAI,EAAE,CAAC;YAC3C,MAAM,IAAI,KAAK,CAAC,oDAAoD,CAAC,CAAA;QACvE,CAAC;QACD,MAAM,IAAI,GAAa,IAAI,CAAC,kBAAkB,IAAI,eAAI,CAAC,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,CAAA;QACxE,MAAM,GAAG,GAAG,IAAI,CAAC,UAAU,CAAC,gBAAgB,CAC1C,IAAI,CAAC,UAAU,EACf,IAAI,CAAC,KAAK,EACV,IAAI,CAAC,YAAY,IAAI,QAAQ,CAC9B,CAAA;QACD,OAAO,EAAE,SAAS,EAAE,gBAAK,CAAC,IAAI,CAAC,IAAI,oBAAS,CAAC,IAAI,CAAC,EAAE,GAAG,EAAE,IAAI,CAAC,CAAC,KAAK,EAAc,EAAE,CAAA;IACtF,CAAC;IAED,KAAK,CAAC,eAAe,CACnB,IAAyB,EACzB,UAAoD;QAEpD,IAAI,CAAC,IAAI,CAAC,oBAAoB,IAAI,CAAC,IAAI,CAAC,IAAI,EAAE,CAAC;YAC7C,MAAM,IAAI,KAAK,CAAC,sDAAsD,CAAC,CAAA;QACzE,CAAC;QACD,MAAM,IAAI,GAAa,IAAI,CAAC,oBAAoB,IAAI,eAAI,CAAC,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,CAAA;QAC1E,MAAM,GAAG,GAAG,IAAI,CAAC,UAAU,CAAC,eAAe,CACzC,IAAI,CAAC,UAAU,EACf,IAAI,CAAC,KAAK,EACV,IAAI,CAAC,YAAY,IAAI,MAAM,EAC3B,IAAI,CAAC,OAAO,CACb,CAAA;QACD,MAAM,KAAK,GAAG,gBAAK,CAAC,MAAM,CAAC,IAAI,oBAAS,CAAC,IAAI,CAAC,EAAE,oBAAS,CAAC,OAAO,CAAC,IAAI,CAAC,SAAS,CAAC,EAAE,GAAG,CAAC,CAAA;QACvF,IAAI,CAAC,KAAK,EAAE,CAAC;YACX,MAAM,CAAC,GAAG,IAAI,KAAK,CAAC,wBAAwB,CAAC,CAAC;YAC7C,CAAS,CAAC,IAAI,GAAG,uBAAuB,CAAA;YACzC,MAAM,CAAC,CAAA;QACT,CAAC;QACD,OAAO,EAAE,KAAK,EAAE,CAAA;IAClB,CAAC;CACF;AAlMD,kCAkMC;AAED,kBAAe,WAAW,CAAA"}
|