@credo-ts/openid4vc 0.6.0-pr-2195-20250322195244 → 0.6.0-pr-2324-20250625125220

package/build/shared/callbacks.js

@@ -7,101 +7,237 @@ exports.getOid4vcJwtSignCallback = getOid4vcJwtSignCallback;
 exports.getOid4vcCallbacks = getOid4vcCallbacks;
 exports.dynamicOid4vciClientAuthentication = dynamicOid4vciClientAuthentication;
 const core_1 = require("@credo-ts/core");
+const core_2 = require("@credo-ts/core");
 const oauth2_1 = require("@openid4vc/oauth2");
 const utils_1 = require("./utils");
 function getOid4vcJwtVerifyCallback(agentContext, options) {
-    const jwsService = agentContext.dependencyManager.resolve(core_1.JwsService);
+    const jwsService = agentContext.dependencyManager.resolve(core_2.JwsService);
     return async (signer, { compact, header, payload }) => {
         let trustedCertificates = options?.trustedCertificates;
         if (signer.method === 'x5c' &&
             (header.typ === 'oauth-authz-req+jwt' || options?.isAuthorizationRequestJwt) &&
             !trustedCertificates) {
-            const x509Config = agentContext.dependencyManager.resolve(core_1.X509ModuleConfig);
-            const certificateChain = signer.x5c?.map((cert) => core_1.X509Certificate.fromEncodedCertificate(cert));
+            const x509Config = agentContext.dependencyManager.resolve(core_2.X509ModuleConfig);
+            const certificateChain = signer.x5c?.map((cert) => core_2.X509Certificate.fromEncodedCertificate(cert));
             trustedCertificates = await x509Config.getTrustedCertificatesForVerification?.(agentContext, {
                 certificateChain,
                 verification: {
                     type: 'oauth2SecuredAuthorizationRequest',
                     authorizationRequest: {
                         jwt: compact,
-                        payload: core_1.JwtPayload.fromJson(payload),
+                        payload: core_2.JwtPayload.fromJson(payload),
                     },
                 },
             });
         }
-        const { isValid, signerKeys } = await jwsService.verifyJws(agentContext, {
+        if (signer.method === 'x5c' &&
+            (header.typ === 'keyattestation+jwt' || header.typ === 'key-attestation+jwt') &&
+            options?.issuanceSessionId &&
+            !trustedCertificates) {
+            const x509Config = agentContext.dependencyManager.resolve(core_2.X509ModuleConfig);
+            const certificateChain = signer.x5c?.map((cert) => core_2.X509Certificate.fromEncodedCertificate(cert));
+            trustedCertificates = await x509Config.getTrustedCertificatesForVerification?.(agentContext, {
+                certificateChain,
+                verification: {
+                    type: 'openId4VciKeyAttestation',
+                    openId4VcIssuanceSessionId: options.issuanceSessionId,
+                    keyAttestation: {
+                        jwt: compact,
+                        payload: core_2.JwtPayload.fromJson(payload),
+                    },
+                },
+            });
+        }
+        if (signer.method === 'x5c' &&
+            header.typ === 'oauth-client-attestation+jwt' &&
+            options?.issuanceSessionId &&
+            !trustedCertificates) {
+            const x509Config = agentContext.dependencyManager.resolve(core_2.X509ModuleConfig);
+            const certificateChain = signer.x5c?.map((cert) => core_2.X509Certificate.fromEncodedCertificate(cert));
+            trustedCertificates = await x509Config.getTrustedCertificatesForVerification?.(agentContext, {
+                certificateChain,
+                verification: {
+                    type: 'oauth2ClientAttestation',
+                    openId4VcIssuanceSessionId: options.issuanceSessionId,
+                    clientAttestation: {
+                        jwt: compact,
+                        payload: core_2.JwtPayload.fromJson(payload),
+                    },
+                },
+            });
+        }
+        const alg = signer.alg;
+        if (!Object.values(core_1.Kms.KnownJwaSignatureAlgorithms).includes(alg)) {
+            throw new core_2.CredoError(`Unsupported jwa signatre algorithm '${alg}'`);
+        }
+        const jwsSigner = signer.method === 'did'
+            ? {
+                method: 'did',
+                didUrl: signer.didUrl,
+                jwk: await (0, utils_1.getPublicJwkFromDid)(agentContext, signer.didUrl),
+            }
+            : signer.method === 'jwk'
+                ? {
+                    method: 'jwk',
+                    jwk: core_1.Kms.PublicJwk.fromUnknown(signer.publicJwk),
+                }
+                : signer.method === 'x5c'
+                    ? {
+                        method: 'x5c',
+                        x5c: signer.x5c,
+                        jwk: core_2.X509Certificate.fromEncodedCertificate(signer.x5c[0]).publicJwk,
+                    }
+                    : undefined;
+        if (!jwsSigner) {
+            throw new core_2.CredoError(`Unable to verify jws with unsupported jws signer method '${signer.method}'`);
+        }
+        const { isValid, jwsSigners } = await jwsService.verifyJws(agentContext, {
             jws: compact,
             trustedCertificates,
-            // Only handles kid as did resolution. JWK is handled by jws service
-            jwkResolver: async () => {
-                if (signer.method === 'jwk') {
-                    return (0, core_1.getJwkFromJson)(signer.publicJwk);
-                }
-                if (signer.method === 'did') {
-                    const key = await (0, utils_1.getKeyFromDid)(agentContext, signer.didUrl);
-                    return (0, core_1.getJwkFromKey)(key);
-                }
-                throw new core_1.CredoError(`Unexpected call to jwk resolver for signer method ${signer.method}`);
-            },
+            jwsSigner,
         });
         if (!isValid) {
             return { verified: false, signerJwk: undefined };
         }
-        const signerKey = signerKeys[0];
-        const signerJwk = (0, core_1.getJwkFromKey)(signerKey).toJson();
-        if (signer.method === 'did') {
-            signerJwk.kid = signer.didUrl;
-        }
+        const signerJwk = jwsSigners[0].jwk.toJson();
         return { verified: true, signerJwk };
     };
 }
 function getOid4vcEncryptJweCallback(agentContext) {
+    const kms = agentContext.dependencyManager.resolve(core_1.Kms.KeyManagementApi);
     return async (jweEncryptor, compact) => {
         if (jweEncryptor.method !== 'jwk') {
-            throw new core_1.CredoError(`Jwt encryption method '${jweEncryptor.method}' is not supported for jwt signer. Only 'jwk' is supported.`);
+            throw new core_2.CredoError(`Jwt encryption method '${jweEncryptor.method}' is not supported for jwt signer. Only 'jwk' is supported.`);
+        }
+        // TODO: we should probably add a key id or ference to the jweEncryptor/jwsSigner in
+        // oid4vc-ts so we can keep a reference to the key
+        const jwk = core_1.Kms.PublicJwk.fromUnknown(jweEncryptor.publicJwk);
+        if (!jwk.hasKeyId) {
+            throw new core_2.CredoError('Expected kid to be defined on the JWK');
         }
-        const jwk = (0, core_1.getJwkFromJson)(jweEncryptor.publicJwk);
-        const key = jwk.key;
         if (jweEncryptor.alg !== 'ECDH-ES') {
-            throw new core_1.CredoError("Only 'ECDH-ES' is supported as 'alg' value for JARM response encryption");
+            throw new core_2.CredoError("Only 'ECDH-ES' is supported as 'alg' value for JARM response encryption");
         }
         if (jweEncryptor.enc !== 'A256GCM' && jweEncryptor.enc !== 'A128GCM' && jweEncryptor.enc !== 'A128CBC-HS256') {
-            throw new core_1.CredoError("Only 'A256GCM', 'A128GCM', and 'A128CBC-HS256' is supported as 'enc' value for JARM response encryption");
+            throw new core_2.CredoError("Only 'A256GCM', 'A128GCM', and 'A128CBC-HS256' is supported as 'enc' value for JARM response encryption");
         }
-        if (key.keyType !== core_1.KeyType.P256) {
-            throw new core_1.CredoError(`Only '${core_1.KeyType.P256}' key type is supported for JARM response encryption`);
+        const jwkJson = jwk.toJson();
+        if (jwkJson.kty !== 'EC' && jwkJson.kty !== 'OKP') {
+            throw new core_2.CredoError(`Expected EC or OKP jwk for encryption, found ${core_1.Kms.getJwkHumanDescription(jwkJson)}`);
         }
-        if (!agentContext.wallet.directEncryptCompactJweEcdhEs) {
-            throw new core_1.CredoError('Cannot decrypt Jarm Response, wallet does not support directEncryptCompactJweEcdhEs. You need to upgrade your wallet implementation.');
+        if (jwkJson.crv === 'Ed25519') {
+            throw new core_2.CredoError(`Expected ${jwkJson.kty} with crv X25519, found ${core_1.Kms.getJwkHumanDescription(jwkJson)}`);
         }
-        const jwe = await agentContext.wallet.directEncryptCompactJweEcdhEs({
-            data: core_1.Buffer.from(compact),
-            recipientKey: key,
-            header: { kid: jweEncryptor.publicJwk.kid },
-            encryptionAlgorithm: jweEncryptor.enc,
-            apu: jweEncryptor.apu ? core_1.TypedArrayEncoder.toBase64URL(core_1.TypedArrayEncoder.fromString(jweEncryptor.apu)) : undefined,
-            apv: jweEncryptor.apv ? core_1.TypedArrayEncoder.toBase64URL(core_1.TypedArrayEncoder.fromString(jweEncryptor.apv)) : undefined,
+        // TODO: create a JWE service that handles this
+        const ephmeralKey = await kms.createKey({
+            type: jwkJson,
         });
-        return { encryptionJwk: jweEncryptor.publicJwk, jwe };
+        try {
+            const header = {
+                kid: jweEncryptor.publicJwk.kid,
+                apu: jweEncryptor.apu,
+                apv: jweEncryptor.apv,
+                enc: jweEncryptor.enc,
+                alg: 'ECDH-ES',
+                epk: ephmeralKey.publicJwk,
+            };
+            const encodedHeader = core_2.JsonEncoder.toBase64URL(header);
+            const encrypted = await kms.encrypt({
+                key: {
+                    keyAgreement: {
+                        // FIXME: We can make the keyId optional for ECDH-ES
+                        // That way we don't have to store the key
+                        keyId: ephmeralKey.keyId,
+                        algorithm: 'ECDH-ES',
+                        apu: jweEncryptor.apu ? core_2.TypedArrayEncoder.fromBase64(jweEncryptor.apu) : undefined,
+                        apv: jweEncryptor.apv ? core_2.TypedArrayEncoder.fromBase64(jweEncryptor.apv) : undefined,
+                        externalPublicJwk: jwkJson,
+                    },
+                },
+                data: core_2.Buffer.from(compact),
+                encryption: {
+                    algorithm: jweEncryptor.enc,
+                    aad: core_2.Buffer.from(encodedHeader),
+                },
+            });
+            if (!encrypted.iv || !encrypted.tag) {
+                throw new core_2.CredoError("Expected 'iv' and 'tag' to be defined");
+            }
+            const compactJwe = `${encodedHeader}..${core_2.TypedArrayEncoder.toBase64URL(encrypted.iv)}.${core_2.TypedArrayEncoder.toBase64URL(encrypted.encrypted)}.${core_2.TypedArrayEncoder.toBase64URL(encrypted.tag)}`;
+            return { encryptionJwk: jweEncryptor.publicJwk, jwe: compactJwe };
+        }
+        finally {
+            // Delete the key
+            await kms.deleteKey({
+                keyId: ephmeralKey.keyId,
+            });
+        }
     };
 }
 function getOid4vcDecryptJweCallback(agentContext) {
+    const kms = agentContext.resolve(core_1.Kms.KeyManagementApi);
     return async (jwe, options) => {
+        // TODO: use custom header zod schema to limit which algorithms can be used
         const { header } = (0, oauth2_1.decodeJwtHeader)({ jwt: jwe });
-        const kid = options?.jwk?.kid ?? header.kid;
+        let kid = options?.jwk?.kid ?? header.kid;
         if (!kid) {
-            throw new core_1.CredoError('Uanbel to decrypt jwe. No kid or jwk found');
+            throw new core_2.CredoError('Uanbel to decrypt jwe. No kid or jwk found');
         }
-        const key = core_1.Key.fromFingerprint(kid);
-        if (!agentContext.wallet.directDecryptCompactJweEcdhEs) {
-            throw new core_1.CredoError('Cannot decrypt Jarm Response, wallet does not support directDecryptCompactJweEcdhEs');
+        // Previously we used the fingerprint as the kid for JARM
+        // We try to parse it as fingerprint if it starts with z (base58 encoding)
+        // It's not 100%
+        if (kid.startsWith('z')) {
+            try {
+                const publicJwk = core_1.Kms.PublicJwk.fromFingerprint(kid);
+                if (publicJwk)
+                    kid = publicJwk.legacyKeyId;
+            }
+            catch {
+                // no-op
+            }
+        }
+        // TODO: decodeJwe method in oid4vc-ts
+        // encryption key is not used (we don't use key wrapping)
+        const [encodedHeader /* encryptionKey */, , encodedIv, encodedCiphertext, encodedTag] = jwe.split('.');
+        if (header.alg !== 'ECDH-ES') {
+            throw new core_2.CredoError("Only 'ECDH-ES' is supported as 'alg' value for JARM response decryption");
+        }
+        if (header.enc !== 'A256GCM' && header.enc !== 'A128GCM' && header.enc !== 'A128CBC-HS256') {
+            throw new core_2.CredoError("Only 'A256GCM', 'A128GCM', and 'A128CBC-HS256' is supported as 'enc' value for JARM response decryption");
         }
         let decryptedPayload;
+        let publicJwk;
+        const epk = core_1.Kms.PublicJwk.fromUnknown(header.epk);
         try {
-            const decrypted = await agentContext.wallet.directDecryptCompactJweEcdhEs({ compactJwe: jwe, recipientKey: key });
-            decryptedPayload = core_1.TypedArrayEncoder.toUtf8String(decrypted.data);
+            const decrypted = await kms.decrypt({
+                encrypted: core_2.TypedArrayEncoder.fromBase64(encodedCiphertext),
+                decryption: {
+                    algorithm: header.enc,
+                    // aad is the base64 encoded bytes (not just the bytes)
+                    aad: core_2.TypedArrayEncoder.fromString(encodedHeader),
+                    iv: core_2.TypedArrayEncoder.fromBase64(encodedIv),
+                    tag: core_2.TypedArrayEncoder.fromBase64(encodedTag),
+                },
+                key: {
+                    keyAgreement: {
+                        algorithm: header.alg,
+                        externalPublicJwk: epk.toJson(),
+                        keyId: kid,
+                        apu: typeof header.apu === 'string' ? core_2.TypedArrayEncoder.fromBase64(header.apu) : undefined,
+                        apv: typeof header.apv === 'string' ? core_2.TypedArrayEncoder.fromBase64(header.apv) : undefined,
+                    },
+                },
+            });
+            // TODO: decrypt should return the public jwk instance
+            publicJwk = core_1.Kms.PublicJwk.fromUnknown(await kms.getPublicKey({
+                keyId: kid,
+            }));
+            decryptedPayload = core_2.TypedArrayEncoder.toUtf8String(decrypted.data);
         }
-        catch (_error) {
+        catch (error) {
+            agentContext.config.logger.error('Error decrypting JWE', {
+                error,
+            });
             return {
                 decrypted: false,
                 encryptionJwk: options?.jwk,
@@ -111,58 +247,65 @@ function getOid4vcDecryptJweCallback(agentContext) {
         }
         return {
             decrypted: true,
-            decryptionJwk: (0, core_1.getJwkFromKey)(key).toJson(),
+            decryptionJwk: publicJwk.toJson(),
             payload: decryptedPayload,
             header,
         };
     };
 }
 function getOid4vcJwtSignCallback(agentContext) {
-    const jwsService = agentContext.dependencyManager.resolve(core_1.JwsService);
+    const jwsService = agentContext.dependencyManager.resolve(core_2.JwsService);
     return async (signer, { payload, header }) => {
-        if (signer.method === 'custom' || signer.method === 'trustChain') {
-            throw new core_1.CredoError(`Jwt signer method 'custom' and 'x5c' are not supported for jwt signer.`);
+        if (signer.method === 'custom' || signer.method === 'federation') {
+            throw new core_2.CredoError(`Jwt signer method 'custom' and 'federation' are not supported for jwt signer.`);
         }
         if (signer.method === 'x5c') {
-            const leafCertificate = core_1.X509Service.getLeafCertificate(agentContext, { certificateChain: signer.x5c });
+            const leafCertificate = core_2.X509Service.getLeafCertificate(agentContext, { certificateChain: signer.x5c });
             const jws = await jwsService.createJwsCompact(agentContext, {
                 protectedHeaderOptions: { ...header, alg: signer.alg, jwk: undefined },
-                payload: core_1.JwtPayload.fromJson(payload),
-                key: leafCertificate.publicKey,
+                payload: core_2.JwtPayload.fromJson(payload),
+                keyId: signer.kid ?? leafCertificate.publicJwk.keyId,
             });
-            return { jwt: jws, signerJwk: (0, core_1.getJwkFromKey)(leafCertificate.publicKey).toJson() };
+            return { jwt: jws, signerJwk: leafCertificate.publicJwk.toJson() };
         }
-        const key = signer.method === 'did' ? await (0, utils_1.getKeyFromDid)(agentContext, signer.didUrl) : (0, core_1.getJwkFromJson)(signer.publicJwk).key;
-        const jwk = (0, core_1.getJwkFromKey)(key);
-        if (!jwk.supportsSignatureAlgorithm(signer.alg)) {
-            throw new core_1.CredoError(`key type '${jwk.keyType}', does not support the JWS signature alg '${signer.alg}'`);
+        // TOOD: createJwsCompact should return the Jwk, so we don't have to reoslve it here
+        const publicJwk = signer.method === 'did'
+            ? await (0, utils_1.getPublicJwkFromDid)(agentContext, signer.didUrl)
+            : core_1.Kms.PublicJwk.fromUnknown(signer.publicJwk);
+        if (!publicJwk.supportedSignatureAlgorithms.includes(signer.alg)) {
+            throw new core_2.CredoError(`jwk ${publicJwk.jwkTypehumanDescription} does not support JWS signature alg '${signer.alg}'`);
         }
         const jwt = await jwsService.createJwsCompact(agentContext, {
             protectedHeaderOptions: {
                 ...header,
-                jwk: header.jwk ? (0, core_1.getJwkFromJson)(header.jwk) : undefined,
+                jwk: header.jwk ? publicJwk : undefined,
+                alg: signer.alg,
             },
-            payload: core_1.JsonEncoder.toBuffer(payload),
-            key,
+            payload: core_2.JsonEncoder.toBuffer(payload),
+            keyId: signer.kid ?? publicJwk.keyId,
         });
-        return { jwt, signerJwk: (0, core_1.getJwkFromKey)(key).toJson() };
+        return { jwt, signerJwk: publicJwk.toJson() };
     };
 }
 function getOid4vcCallbacks(agentContext, options) {
+    const kms = agentContext.resolve(core_1.Kms.KeyManagementApi);
     return {
-        hash: (data, alg) => core_1.Hasher.hash(data, alg.toLowerCase()),
-        generateRandom: (length) => agentContext.wallet.getRandomValues(length),
+        hash: (data, alg) => core_2.Hasher.hash(data, alg.toLowerCase()),
+        generateRandom: (length) => kms.randomBytes({ length }),
         signJwt: getOid4vcJwtSignCallback(agentContext),
-        clientAuthentication: (0, oauth2_1.clientAuthenticationNone)(),
+        clientAuthentication: () => {
+            throw new core_2.CredoError('Did not expect client authentication to be called.');
+        },
         verifyJwt: getOid4vcJwtVerifyCallback(agentContext, {
             trustedCertificates: options?.trustedCertificates,
             isAuthorizationRequestJwt: options?.isVerifyOpenId4VpAuthorizationRequest,
+            issuanceSessionId: options?.issuanceSessionId,
         }),
         fetch: agentContext.config.agentDependencies.fetch,
         encryptJwe: getOid4vcEncryptJweCallback(agentContext),
         decryptJwe: getOid4vcDecryptJweCallback(agentContext),
         getX509CertificateMetadata: (certificate) => {
-            const leafCertificate = core_1.X509Service.getLeafCertificate(agentContext, { certificateChain: [certificate] });
+            const leafCertificate = core_2.X509Service.getLeafCertificate(agentContext, { certificateChain: [certificate] });
             return {
                 sanDnsNames: leafCertificate.sanDnsNames,
                 sanUriNames: leafCertificate.sanUriNames,
@@ -176,14 +319,14 @@ function getOid4vcCallbacks(agentContext, options) {
  */
 function dynamicOid4vciClientAuthentication(agentContext, issuerRecord) {
     return (callbackOptions) => {
-        const authorizationServer = issuerRecord.authorizationServerConfigs?.find((a) => a.issuer === callbackOptions.authorizationServerMetata.issuer);
+        const authorizationServer = issuerRecord.authorizationServerConfigs?.find((a) => a.issuer === callbackOptions.authorizationServerMetadata.issuer);
         if (!authorizationServer) {
             // No client authentication if authorization server is not configured
-            agentContext.config.logger.debug(`Unknown authorization server '${callbackOptions.authorizationServerMetata.issuer}' for issuer '${issuerRecord.issuerId}' for request to '${callbackOptions.url}'`);
+            agentContext.config.logger.debug(`Unknown authorization server '${callbackOptions.authorizationServerMetadata.issuer}' for issuer '${issuerRecord.issuerId}' for request to '${callbackOptions.url}'`);
             return;
         }
         if (!authorizationServer.clientAuthentication) {
-            throw new core_1.CredoError(`Unable to authenticate to authorization server '${authorizationServer.issuer}' for issuer '${issuerRecord.issuerId}' for request to '${callbackOptions.url}'. Make sure to configure a 'clientId' and 'clientSecret' for the authorization server on the issuer record.`);
+            throw new core_2.CredoError(`Unable to authenticate to authorization server '${authorizationServer.issuer}' for issuer '${issuerRecord.issuerId}' for request to '${callbackOptions.url}'. Make sure to configure a 'clientId' and 'clientSecret' for the authorization server on the issuer record.`);
         }
         return (0, oauth2_1.clientAuthenticationDynamic)({
             clientId: authorizationServer.clientAuthentication.clientId,

package/build/shared/callbacks.js.map

@@ -1 +1 @@
-{"version":3,"file":"callbacks.js","sourceRoot":"","sources":["../../src/shared/callbacks.ts"],"names":[],"mappings":";;AA+BA,gEAmEC;AAED,kEA0CC;AAED,kEAmCC;AAED,4DAuCC;AAED,gDA2BC;AAMD,gFA4BC;AAhRD,yCAeuB;AACvB,8CAA0G;AAE1G,mCAAuC;AAEvC,SAAgB,0BAA0B,CACxC,YAA0B,EAC1B,OAUC;IAED,MAAM,UAAU,GAAG,YAAY,CAAC,iBAAiB,CAAC,OAAO,CAAC,iBAAU,CAAC,CAAA;IAErE,OAAO,KAAK,EAAE,MAAM,EAAE,EAAE,OAAO,EAAE,MAAM,EAAE,OAAO,EAAE,EAAE,EAAE;QACpD,IAAI,mBAAmB,GAAG,OAAO,EAAE,mBAAmB,CAAA;QACtD,IACE,MAAM,CAAC,MAAM,KAAK,KAAK;YACvB,CAAC,MAAM,CAAC,GAAG,KAAK,qBAAqB,IAAI,OAAO,EAAE,yBAAyB,CAAC;YAC5E,CAAC,mBAAmB,EACpB,CAAC;YACD,MAAM,UAAU,GAAG,YAAY,CAAC,iBAAiB,CAAC,OAAO,CAAC,uBAAgB,CAAC,CAAA;YAC3E,MAAM,gBAAgB,GAAG,MAAM,CAAC,GAAG,EAAE,GAAG,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,sBAAe,CAAC,sBAAsB,CAAC,IAAI,CAAC,CAAC,CAAA;YAEhG,mBAAmB,GAAG,MAAM,UAAU,CAAC,qCAAqC,EAAE,CAAC,YAAY,EAAE;gBAC3F,gBAAgB;gBAChB,YAAY,EAAE;oBACZ,IAAI,EAAE,mCAAmC;oBACzC,oBAAoB,EAAE;wBACpB,GAAG,EAAE,OAAO;wBACZ,OAAO,EAAE,iBAAU,CAAC,QAAQ,CAAC,OAAO,CAAC;qBACtC;iBACF;aACF,CAAC,CAAA;QACJ,CAAC;QAED,MAAM,EAAE,OAAO,EAAE,UAAU,EAAE,GAAG,MAAM,UAAU,CAAC,SAAS,CAAC,YAAY,EAAE;YACvE,GAAG,EAAE,OAAO;YACZ,mBAAmB;YACnB,oEAAoE;YACpE,WAAW,EAAE,KAAK,IAAI,EAAE;gBACtB,IAAI,MAAM,CAAC,MAAM,KAAK,KAAK,EAAE,CAAC;oBAC5B,OAAO,IAAA,qBAAc,EAAC,MAAM,CAAC,SAAS,CAAC,CAAA;gBACzC,CAAC;gBACD,IAAI,MAAM,CAAC,MAAM,KAAK,KAAK,EAAE,CAAC;oBAC5B,MAAM,GAAG,GAAG,MAAM,IAAA,qBAAa,EAAC,YAAY,EAAE,MAAM,CAAC,MAAM,CAAC,CAAA;oBAC5D,OAAO,IAAA,oBAAa,EAAC,GAAG,CAAC,CAAA;gBAC3B,CAAC;gBAED,MAAM,IAAI,iBAAU,CAAC,qDAAqD,MAAM,CAAC,MAAM,EAAE,CAAC,CAAA;YAC5F,CAAC;SACF,CAAC,CAAA;QAEF,IAAI,CAAC,OAAO,EAAE,CAAC;YACb,OAAO,EAAE,QAAQ,EAAE,KAAK,EAAE,SAAS,EAAE,SAAS,EAAE,CAAA;QAClD,CAAC;QAED,MAAM,SAAS,GAAG,UAAU,CAAC,CAAC,CAAC,CAAA;QAC/B,MAAM,SAAS,GAAG,IAAA,oBAAa,EAAC,SAAS,CAAC,CAAC,MAAM,EAAE,CAAA;QACnD,IAAI,MAAM,CAAC,MAAM,KAAK,KAAK,EAAE,CAAC;YAC5B,SAAS,CAAC,GAAG,GAAG,MAAM,CAAC,MAAM,CAAA;QAC/B,CAAC;QAED,OAAO,EAAE,QAAQ,EAAE,IAAI,EAAE,SAAS,EAAE,CAAA;IACtC,CAAC,CAAA;AACH,CAAC;AAED,SAAgB,2BAA2B,CAAC,YAA0B;IACpE,OAAO,KAAK,EAAE,YAAY,EAAE,OAAO,EAAE,EAAE;QACrC,IAAI,YAAY,CAAC,MAAM,KAAK,KAAK,EAAE,CAAC;YAClC,MAAM,IAAI,iBAAU,CAClB,0BAA0B,YAAY,CAAC,MAAM,6DAA6D,CAC3G,CAAA;QACH,CAAC;QAED,MAAM,GAAG,GAAG,IAAA,qBAAc,EAAC,YAAY,CAAC,SAAS,CAAC,CAAA;QAClD,MAAM,GAAG,GAAG,GAAG,CAAC,GAAG,CAAA;QAEnB,IAAI,YAAY,CAAC,GAAG,KAAK,SAAS,EAAE,CAAC;YACnC,MAAM,IAAI,iBAAU,CAAC,yEAAyE,CAAC,CAAA;QACjG,CAAC;QAED,IAAI,YAAY,CAAC,GAAG,KAAK,SAAS,IAAI,YAAY,CAAC,GAAG,KAAK,SAAS,IAAI,YAAY,CAAC,GAAG,KAAK,eAAe,EAAE,CAAC;YAC7G,MAAM,IAAI,iBAAU,CAClB,yGAAyG,CAC1G,CAAA;QACH,CAAC;QAED,IAAI,GAAG,CAAC,OAAO,KAAK,cAAO,CAAC,IAAI,EAAE,CAAC;YACjC,MAAM,IAAI,iBAAU,CAAC,SAAS,cAAO,CAAC,IAAI,sDAAsD,CAAC,CAAA;QACnG,CAAC;QAED,IAAI,CAAC,YAAY,CAAC,MAAM,CAAC,6BAA6B,EAAE,CAAC;YACvD,MAAM,IAAI,iBAAU,CAClB,sIAAsI,CACvI,CAAA;QACH,CAAC;QAED,MAAM,GAAG,GAAG,MAAM,YAAY,CAAC,MAAM,CAAC,6BAA6B,CAAC;YAClE,IAAI,EAAE,aAAM,CAAC,IAAI,CAAC,OAAO,CAAC;YAC1B,YAAY,EAAE,GAAG;YACjB,MAAM,EAAE,EAAE,GAAG,EAAE,YAAY,CAAC,SAAS,CAAC,GAAG,EAAE;YAC3C,mBAAmB,EAAE,YAAY,CAAC,GAAG;YACrC,GAAG,EAAE,YAAY,CAAC,GAAG,CAAC,CAAC,CAAC,wBAAiB,CAAC,WAAW,CAAC,wBAAiB,CAAC,UAAU,CAAC,YAAY,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,SAAS;YACjH,GAAG,EAAE,YAAY,CAAC,GAAG,CAAC,CAAC,CAAC,wBAAiB,CAAC,WAAW,CAAC,wBAAiB,CAAC,UAAU,CAAC,YAAY,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,SAAS;SAClH,CAAC,CAAA;QAEF,OAAO,EAAE,aAAa,EAAE,YAAY,CAAC,SAAS,EAAE,GAAG,EAAE,CAAA;IACvD,CAAC,CAAA;AACH,CAAC;AAED,SAAgB,2BAA2B,CAAC,YAA0B;IACpE,OAAO,KAAK,EAAE,GAAG,EAAE,OAAO,EAAE,EAAE;QAC5B,MAAM,EAAE,MAAM,EAAE,GAAG,IAAA,wBAAe,EAAC,EAAE,GAAG,EAAE,GAAG,EAAE,CAAC,CAAA;QAEhD,MAAM,GAAG,GAAG,OAAO,EAAE,GAAG,EAAE,GAAG,IAAI,MAAM,CAAC,GAAG,CAAA;QAC3C,IAAI,CAAC,GAAG,EAAE,CAAC;YACT,MAAM,IAAI,iBAAU,CAAC,4CAA4C,CAAC,CAAA;QACpE,CAAC;QAED,MAAM,GAAG,GAAG,UAAG,CAAC,eAAe,CAAC,GAAG,CAAC,CAAA;QACpC,IAAI,CAAC,YAAY,CAAC,MAAM,CAAC,6BAA6B,EAAE,CAAC;YACvD,MAAM,IAAI,iBAAU,CAAC,qFAAqF,CAAC,CAAA;QAC7G,CAAC;QAED,IAAI,gBAAwB,CAAA;QAE5B,IAAI,CAAC;YACH,MAAM,SAAS,GAAG,MAAM,YAAY,CAAC,MAAM,CAAC,6BAA6B,CAAC,EAAE,UAAU,EAAE,GAAG,EAAE,YAAY,EAAE,GAAG,EAAE,CAAC,CAAA;YACjH,gBAAgB,GAAG,wBAAiB,CAAC,YAAY,CAAC,SAAS,CAAC,IAAI,CAAC,CAAA;QACnE,CAAC;QAAC,OAAO,MAAM,EAAE,CAAC;YAChB,OAAO;gBACL,SAAS,EAAE,KAAK;gBAChB,aAAa,EAAE,OAAO,EAAE,GAAG;gBAC3B,OAAO,EAAE,SAAS;gBAClB,MAAM;aACP,CAAA;QACH,CAAC;QAED,OAAO;YACL,SAAS,EAAE,IAAI;YACf,aAAa,EAAE,IAAA,oBAAa,EAAC,GAAG,CAAC,CAAC,MAAM,EAAE;YAC1C,OAAO,EAAE,gBAAgB;YACzB,MAAM;SACP,CAAA;IACH,CAAC,CAAA;AACH,CAAC;AAED,SAAgB,wBAAwB,CAAC,YAA0B;IACjE,MAAM,UAAU,GAAG,YAAY,CAAC,iBAAiB,CAAC,OAAO,CAAC,iBAAU,CAAC,CAAA;IAErE,OAAO,KAAK,EAAE,MAAM,EAAE,EAAE,OAAO,EAAE,MAAM,EAAE,EAAE,EAAE;QAC3C,IAAI,MAAM,CAAC,MAAM,KAAK,QAAQ,IAAI,MAAM,CAAC,MAAM,KAAK,YAAY,EAAE,CAAC;YACjE,MAAM,IAAI,iBAAU,CAAC,wEAAwE,CAAC,CAAA;QAChG,CAAC;QAED,IAAI,MAAM,CAAC,MAAM,KAAK,KAAK,EAAE,CAAC;YAC5B,MAAM,eAAe,GAAG,kBAAW,CAAC,kBAAkB,CAAC,YAAY,EAAE,EAAE,gBAAgB,EAAE,MAAM,CAAC,GAAG,EAAE,CAAC,CAAA;YAEtG,MAAM,GAAG,GAAG,MAAM,UAAU,CAAC,gBAAgB,CAAC,YAAY,EAAE;gBAC1D,sBAAsB,EAAE,EAAE,GAAG,MAAM,EAAE,GAAG,EAAE,MAAM,CAAC,GAAG,EAAE,GAAG,EAAE,SAAS,EAAE;gBACtE,OAAO,EAAE,iBAAU,CAAC,QAAQ,CAAC,OAAO,CAAC;gBACrC,GAAG,EAAE,eAAe,CAAC,SAAS;aAC/B,CAAC,CAAA;YAEF,OAAO,EAAE,GAAG,EAAE,GAAG,EAAE,SAAS,EAAE,IAAA,oBAAa,EAAC,eAAe,CAAC,SAAS,CAAC,CAAC,MAAM,EAAE,EAAE,CAAA;QACnF,CAAC;QAED,MAAM,GAAG,GACP,MAAM,CAAC,MAAM,KAAK,KAAK,CAAC,CAAC,CAAC,MAAM,IAAA,qBAAa,EAAC,YAAY,EAAE,MAAM,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,IAAA,qBAAc,EAAC,MAAM,CAAC,SAAS,CAAC,CAAC,GAAG,CAAA;QACnH,MAAM,GAAG,GAAG,IAAA,oBAAa,EAAC,GAAG,CAAC,CAAA;QAE9B,IAAI,CAAC,GAAG,CAAC,0BAA0B,CAAC,MAAM,CAAC,GAAG,CAAC,EAAE,CAAC;YAChD,MAAM,IAAI,iBAAU,CAAC,aAAa,GAAG,CAAC,OAAO,8CAA8C,MAAM,CAAC,GAAG,GAAG,CAAC,CAAA;QAC3G,CAAC;QAED,MAAM,GAAG,GAAG,MAAM,UAAU,CAAC,gBAAgB,CAAC,YAAY,EAAE;YAC1D,sBAAsB,EAAE;gBACtB,GAAG,MAAM;gBACT,GAAG,EAAE,MAAM,CAAC,GAAG,CAAC,CAAC,CAAC,IAAA,qBAAc,EAAC,MAAM,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,SAAS;aACzD;YACD,OAAO,EAAE,kBAAW,CAAC,QAAQ,CAAC,OAAO,CAAC;YACtC,GAAG;SACJ,CAAC,CAAA;QAEF,OAAO,EAAE,GAAG,EAAE,SAAS,EAAE,IAAA,oBAAa,EAAC,GAAG,CAAC,CAAC,MAAM,EAAE,EAAE,CAAA;IACxD,CAAC,CAAA;AACH,CAAC;AAED,SAAgB,kBAAkB,CAChC,YAA0B,EAC1B,OAGC;IAED,OAAO;QACL,IAAI,EAAE,CAAC,IAAI,EAAE,GAAG,EAAE,EAAE,CAAC,aAAM,CAAC,IAAI,CAAC,IAAI,EAAE,GAAG,CAAC,WAAW,EAAE,CAAC;QACzD,cAAc,EAAE,CAAC,MAAM,EAAE,EAAE,CAAC,YAAY,CAAC,MAAM,CAAC,eAAe,CAAC,MAAM,CAAC;QACvE,OAAO,EAAE,wBAAwB,CAAC,YAAY,CAAC;QAC/C,oBAAoB,EAAE,IAAA,iCAAwB,GAAE;QAChD,SAAS,EAAE,0BAA0B,CAAC,YAAY,EAAE;YAClD,mBAAmB,EAAE,OAAO,EAAE,mBAAmB;YACjD,yBAAyB,EAAE,OAAO,EAAE,qCAAqC;SAC1E,CAAC;QACF,KAAK,EAAE,YAAY,CAAC,MAAM,CAAC,iBAAiB,CAAC,KAAK;QAClD,UAAU,EAAE,2BAA2B,CAAC,YAAY,CAAC;QACrD,UAAU,EAAE,2BAA2B,CAAC,YAAY,CAAC;QACrD,0BAA0B,EAAE,CAAC,WAAmB,EAAE,EAAE;YAClD,MAAM,eAAe,GAAG,kBAAW,CAAC,kBAAkB,CAAC,YAAY,EAAE,EAAE,gBAAgB,EAAE,CAAC,WAAW,CAAC,EAAE,CAAC,CAAA;YACzG,OAAO;gBACL,WAAW,EAAE,eAAe,CAAC,WAAW;gBACxC,WAAW,EAAE,eAAe,CAAC,WAAW;aACzC,CAAA;QACH,CAAC;KACiC,CAAA;AACtC,CAAC;AAED;;;GAGG;AACH,SAAgB,kCAAkC,CAChD,YAA0B,EAC1B,YAAmC;IAEnC,OAAO,CAAC,eAAe,EAAE,EAAE;QACzB,MAAM,mBAAmB,GAAG,YAAY,CAAC,0BAA0B,EAAE,IAAI,CACvE,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,MAAM,KAAK,eAAe,CAAC,yBAAyB,CAAC,MAAM,CACrE,CAAA;QAED,IAAI,CAAC,mBAAmB,EAAE,CAAC;YACzB,qEAAqE;YACrE,YAAY,CAAC,MAAM,CAAC,MAAM,CAAC,KAAK,CAC9B,iCAAiC,eAAe,CAAC,yBAAyB,CAAC,MAAM,iBAAiB,YAAY,CAAC,QAAQ,qBAAqB,eAAe,CAAC,GAAG,GAAG,CACnK,CAAA;YACD,OAAM;QACR,CAAC;QAED,IAAI,CAAC,mBAAmB,CAAC,oBAAoB,EAAE,CAAC;YAC9C,MAAM,IAAI,iBAAU,CAClB,mDAAmD,mBAAmB,CAAC,MAAM,iBAAiB,YAAY,CAAC,QAAQ,qBAAqB,eAAe,CAAC,GAAG,8GAA8G,CAC1Q,CAAA;QACH,CAAC;QAED,OAAO,IAAA,oCAA2B,EAAC;YACjC,QAAQ,EAAE,mBAAmB,CAAC,oBAAoB,CAAC,QAAQ;YAC3D,YAAY,EAAE,mBAAmB,CAAC,oBAAoB,CAAC,YAAY;SACpE,CAAC,CAAC,eAAe,CAAC,CAAA;IACrB,CAAC,CAAA;AACH,CAAC"}
+{"version":3,"file":"callbacks.js","sourceRoot":"","sources":["../../src/shared/callbacks.ts"],"names":[],"mappings":";;AA4BA,gEA8HC;AAED,kEAuFC;AAED,kEA0FC;AAED,4DA4CC;AAED,gDAiCC;AAMD,gFA4BC;AAlcD,yCAAoE;AAYpE,yCAWuB;AACvB,8CAAgF;AAEhF,mCAA6C;AAE7C,SAAgB,0BAA0B,CACxC,YAA0B,EAC1B,OAYC;IAED,MAAM,UAAU,GAAG,YAAY,CAAC,iBAAiB,CAAC,OAAO,CAAC,iBAAU,CAAC,CAAA;IAErE,OAAO,KAAK,EAAE,MAAM,EAAE,EAAE,OAAO,EAAE,MAAM,EAAE,OAAO,EAAE,EAAE,EAAE;QACpD,IAAI,mBAAmB,GAAG,OAAO,EAAE,mBAAmB,CAAA;QACtD,IACE,MAAM,CAAC,MAAM,KAAK,KAAK;YACvB,CAAC,MAAM,CAAC,GAAG,KAAK,qBAAqB,IAAI,OAAO,EAAE,yBAAyB,CAAC;YAC5E,CAAC,mBAAmB,EACpB,CAAC;YACD,MAAM,UAAU,GAAG,YAAY,CAAC,iBAAiB,CAAC,OAAO,CAAC,uBAAgB,CAAC,CAAA;YAC3E,MAAM,gBAAgB,GAAG,MAAM,CAAC,GAAG,EAAE,GAAG,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,sBAAe,CAAC,sBAAsB,CAAC,IAAI,CAAC,CAAC,CAAA;YAEhG,mBAAmB,GAAG,MAAM,UAAU,CAAC,qCAAqC,EAAE,CAAC,YAAY,EAAE;gBAC3F,gBAAgB;gBAChB,YAAY,EAAE;oBACZ,IAAI,EAAE,mCAAmC;oBACzC,oBAAoB,EAAE;wBACpB,GAAG,EAAE,OAAO;wBACZ,OAAO,EAAE,iBAAU,CAAC,QAAQ,CAAC,OAAO,CAAC;qBACtC;iBACF;aACF,CAAC,CAAA;QACJ,CAAC;QAED,IACE,MAAM,CAAC,MAAM,KAAK,KAAK;YACvB,CAAC,MAAM,CAAC,GAAG,KAAK,oBAAoB,IAAI,MAAM,CAAC,GAAG,KAAK,qBAAqB,CAAC;YAC7E,OAAO,EAAE,iBAAiB;YAC1B,CAAC,mBAAmB,EACpB,CAAC;YACD,MAAM,UAAU,GAAG,YAAY,CAAC,iBAAiB,CAAC,OAAO,CAAC,uBAAgB,CAAC,CAAA;YAC3E,MAAM,gBAAgB,GAAG,MAAM,CAAC,GAAG,EAAE,GAAG,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,sBAAe,CAAC,sBAAsB,CAAC,IAAI,CAAC,CAAC,CAAA;YAEhG,mBAAmB,GAAG,MAAM,UAAU,CAAC,qCAAqC,EAAE,CAAC,YAAY,EAAE;gBAC3F,gBAAgB;gBAChB,YAAY,EAAE;oBACZ,IAAI,EAAE,0BAA0B;oBAChC,0BAA0B,EAAE,OAAO,CAAC,iBAAiB;oBACrD,cAAc,EAAE;wBACd,GAAG,EAAE,OAAO;wBACZ,OAAO,EAAE,iBAAU,CAAC,QAAQ,CAAC,OAAO,CAAC;qBACtC;iBACF;aACF,CAAC,CAAA;QACJ,CAAC;QAED,IACE,MAAM,CAAC,MAAM,KAAK,KAAK;YACvB,MAAM,CAAC,GAAG,KAAK,8BAA8B;YAC7C,OAAO,EAAE,iBAAiB;YAC1B,CAAC,mBAAmB,EACpB,CAAC;YACD,MAAM,UAAU,GAAG,YAAY,CAAC,iBAAiB,CAAC,OAAO,CAAC,uBAAgB,CAAC,CAAA;YAC3E,MAAM,gBAAgB,GAAG,MAAM,CAAC,GAAG,EAAE,GAAG,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,sBAAe,CAAC,sBAAsB,CAAC,IAAI,CAAC,CAAC,CAAA;YAEhG,mBAAmB,GAAG,MAAM,UAAU,CAAC,qCAAqC,EAAE,CAAC,YAAY,EAAE;gBAC3F,gBAAgB;gBAChB,YAAY,EAAE;oBACZ,IAAI,EAAE,yBAAyB;oBAC/B,0BAA0B,EAAE,OAAO,CAAC,iBAAiB;oBACrD,iBAAiB,EAAE;wBACjB,GAAG,EAAE,OAAO;wBACZ,OAAO,EAAE,iBAAU,CAAC,QAAQ,CAAC,OAAO,CAAC;qBACtC;iBACF;aACF,CAAC,CAAA;QACJ,CAAC;QAED,MAAM,GAAG,GAAG,MAAM,CAAC,GAAqC,CAAA;QACxD,IAAI,CAAC,MAAM,CAAC,MAAM,CAAC,UAAG,CAAC,2BAA2B,CAAC,CAAC,QAAQ,CAAC,GAAG,CAAC,EAAE,CAAC;YAClE,MAAM,IAAI,iBAAU,CAAC,uCAAuC,GAAG,GAAG,CAAC,CAAA;QACrE,CAAC;QAED,MAAM,SAAS,GACb,MAAM,CAAC,MAAM,KAAK,KAAK;YACrB,CAAC,CAAC;gBACE,MAAM,EAAE,KAAK;gBACb,MAAM,EAAE,MAAM,CAAC,MAAM;gBACrB,GAAG,EAAE,MAAM,IAAA,2BAAmB,EAAC,YAAY,EAAE,MAAM,CAAC,MAAM,CAAC;aAC5D;YACH,CAAC,CAAC,MAAM,CAAC,MAAM,KAAK,KAAK;gBACvB,CAAC,CAAC;oBACE,MAAM,EAAE,KAAK;oBACb,GAAG,EAAE,UAAG,CAAC,SAAS,CAAC,WAAW,CAAC,MAAM,CAAC,SAAS,CAAC;iBACjD;gBACH,CAAC,CAAC,MAAM,CAAC,MAAM,KAAK,KAAK;oBACvB,CAAC,CAAC;wBACE,MAAM,EAAE,KAAK;wBACb,GAAG,EAAE,MAAM,CAAC,GAAG;wBACf,GAAG,EAAE,sBAAe,CAAC,sBAAsB,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,SAAS;qBACrE;oBACH,CAAC,CAAC,SAAS,CAAA;QAEnB,IAAI,CAAC,SAAS,EAAE,CAAC;YACf,MAAM,IAAI,iBAAU,CAAC,4DAA4D,MAAM,CAAC,MAAM,GAAG,CAAC,CAAA;QACpG,CAAC;QAED,MAAM,EAAE,OAAO,EAAE,UAAU,EAAE,GAAG,MAAM,UAAU,CAAC,SAAS,CAAC,YAAY,EAAE;YACvE,GAAG,EAAE,OAAO;YACZ,mBAAmB;YACnB,SAAS;SACV,CAAC,CAAA;QAEF,IAAI,CAAC,OAAO,EAAE,CAAC;YACb,OAAO,EAAE,QAAQ,EAAE,KAAK,EAAE,SAAS,EAAE,SAAS,EAAE,CAAA;QAClD,CAAC;QAED,MAAM,SAAS,GAAG,UAAU,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,MAAM,EAAS,CAAA;QACnD,OAAO,EAAE,QAAQ,EAAE,IAAI,EAAE,SAAS,EAAE,CAAA;IACtC,CAAC,CAAA;AACH,CAAC;AAED,SAAgB,2BAA2B,CAAC,YAA0B;IACpE,MAAM,GAAG,GAAG,YAAY,CAAC,iBAAiB,CAAC,OAAO,CAAC,UAAG,CAAC,gBAAgB,CAAC,CAAA;IAExE,OAAO,KAAK,EAAE,YAAY,EAAE,OAAO,EAAE,EAAE;QACrC,IAAI,YAAY,CAAC,MAAM,KAAK,KAAK,EAAE,CAAC;YAClC,MAAM,IAAI,iBAAU,CAClB,0BAA0B,YAAY,CAAC,MAAM,6DAA6D,CAC3G,CAAA;QACH,CAAC;QAED,oFAAoF;QACpF,kDAAkD;QAClD,MAAM,GAAG,GAAG,UAAG,CAAC,SAAS,CAAC,WAAW,CAAC,YAAY,CAAC,SAAS,CAAC,CAAA;QAC7D,IAAI,CAAC,GAAG,CAAC,QAAQ,EAAE,CAAC;YAClB,MAAM,IAAI,iBAAU,CAAC,uCAAuC,CAAC,CAAA;QAC/D,CAAC;QAED,IAAI,YAAY,CAAC,GAAG,KAAK,SAAS,EAAE,CAAC;YACnC,MAAM,IAAI,iBAAU,CAAC,yEAAyE,CAAC,CAAA;QACjG,CAAC;QAED,IAAI,YAAY,CAAC,GAAG,KAAK,SAAS,IAAI,YAAY,CAAC,GAAG,KAAK,SAAS,IAAI,YAAY,CAAC,GAAG,KAAK,eAAe,EAAE,CAAC;YAC7G,MAAM,IAAI,iBAAU,CAClB,yGAAyG,CAC1G,CAAA;QACH,CAAC;QAED,MAAM,OAAO,GAAG,GAAG,CAAC,MAAM,EAAE,CAAA;QAC5B,IAAI,OAAO,CAAC,GAAG,KAAK,IAAI,IAAI,OAAO,CAAC,GAAG,KAAK,KAAK,EAAE,CAAC;YAClD,MAAM,IAAI,iBAAU,CAAC,gDAAgD,UAAG,CAAC,sBAAsB,CAAC,OAAO,CAAC,EAAE,CAAC,CAAA;QAC7G,CAAC;QAED,IAAI,OAAO,CAAC,GAAG,KAAK,SAAS,EAAE,CAAC;YAC9B,MAAM,IAAI,iBAAU,CAAC,YAAY,OAAO,CAAC,GAAG,2BAA2B,UAAG,CAAC,sBAAsB,CAAC,OAAO,CAAC,EAAE,CAAC,CAAA;QAC/G,CAAC;QAED,+CAA+C;QAC/C,MAAM,WAAW,GAAG,MAAM,GAAG,CAAC,SAAS,CAAC;YACtC,IAAI,EAAE,OAAO;SACd,CAAC,CAAA;QAEF,IAAI,CAAC;YACH,MAAM,MAAM,GAAG;gBACb,GAAG,EAAE,YAAY,CAAC,SAAS,CAAC,GAAG;gBAC/B,GAAG,EAAE,YAAY,CAAC,GAAG;gBACrB,GAAG,EAAE,YAAY,CAAC,GAAG;gBACrB,GAAG,EAAE,YAAY,CAAC,GAAG;gBACrB,GAAG,EAAE,SAAS;gBACd,GAAG,EAAE,WAAW,CAAC,SAAS;aAC3B,CAAA;YACD,MAAM,aAAa,GAAG,kBAAW,CAAC,WAAW,CAAC,MAAM,CAAC,CAAA;YAErD,MAAM,SAAS,GAAG,MAAM,GAAG,CAAC,OAAO,CAAC;gBAClC,GAAG,EAAE;oBACH,YAAY,EAAE;wBACZ,oDAAoD;wBACpD,0CAA0C;wBAC1C,KAAK,EAAE,WAAW,CAAC,KAAK;wBACxB,SAAS,EAAE,SAAS;wBACpB,GAAG,EAAE,YAAY,CAAC,GAAG,CAAC,CAAC,CAAC,wBAAiB,CAAC,UAAU,CAAC,YAAY,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,SAAS;wBAClF,GAAG,EAAE,YAAY,CAAC,GAAG,CAAC,CAAC,CAAC,wBAAiB,CAAC,UAAU,CAAC,YAAY,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,SAAS;wBAClF,iBAAiB,EAAE,OAAO;qBAC3B;iBACF;gBACD,IAAI,EAAE,aAAM,CAAC,IAAI,CAAC,OAAO,CAAC;gBAC1B,UAAU,EAAE;oBACV,SAAS,EAAE,YAAY,CAAC,GAAG;oBAC3B,GAAG,EAAE,aAAM,CAAC,IAAI,CAAC,aAAa,CAAC;iBAChC;aACF,CAAC,CAAA;YAEF,IAAI,CAAC,SAAS,CAAC,EAAE,IAAI,CAAC,SAAS,CAAC,GAAG,EAAE,CAAC;gBACpC,MAAM,IAAI,iBAAU,CAAC,uCAAuC,CAAC,CAAA;YAC/D,CAAC;YAED,MAAM,UAAU,GAAG,GAAG,aAAa,KAAK,wBAAiB,CAAC,WAAW,CAAC,SAAS,CAAC,EAAE,CAAC,IAAI,wBAAiB,CAAC,WAAW,CAClH,SAAS,CAAC,SAAS,CACpB,IAAI,wBAAiB,CAAC,WAAW,CAAC,SAAS,CAAC,GAAG,CAAC,EAAE,CAAA;YAEnD,OAAO,EAAE,aAAa,EAAE,YAAY,CAAC,SAAS,EAAE,GAAG,EAAE,UAAU,EAAE,CAAA;QACnE,CAAC;gBAAS,CAAC;YACT,iBAAiB;YACjB,MAAM,GAAG,CAAC,SAAS,CAAC;gBAClB,KAAK,EAAE,WAAW,CAAC,KAAK;aACzB,CAAC,CAAA;QACJ,CAAC;IACH,CAAC,CAAA;AACH,CAAC;AAED,SAAgB,2BAA2B,CAAC,YAA0B;IACpE,MAAM,GAAG,GAAG,YAAY,CAAC,OAAO,CAAC,UAAG,CAAC,gBAAgB,CAAC,CAAA;IACtD,OAAO,KAAK,EAAE,GAAG,EAAE,OAAO,EAAE,EAAE;QAC5B,2EAA2E;QAC3E,MAAM,EAAE,MAAM,EAAE,GAAG,IAAA,wBAAe,EAAC,EAAE,GAAG,EAAE,GAAG,EAAE,CAAC,CAAA;QAEhD,IAAI,GAAG,GAAG,OAAO,EAAE,GAAG,EAAE,GAAG,IAAI,MAAM,CAAC,GAAG,CAAA;QACzC,IAAI,CAAC,GAAG,EAAE,CAAC;YACT,MAAM,IAAI,iBAAU,CAAC,4CAA4C,CAAC,CAAA;QACpE,CAAC;QAED,yDAAyD;QACzD,0EAA0E;QAC1E,gBAAgB;QAChB,IAAI,GAAG,CAAC,UAAU,CAAC,GAAG,CAAC,EAAE,CAAC;YACxB,IAAI,CAAC;gBACH,MAAM,SAAS,GAAG,UAAG,CAAC,SAAS,CAAC,eAAe,CAAC,GAAG,CAAC,CAAA;gBACpD,IAAI,SAAS;oBAAE,GAAG,GAAG,SAAS,CAAC,WAAW,CAAA;YAC5C,CAAC;YAAC,MAAM,CAAC;gBACP,QAAQ;YACV,CAAC;QACH,CAAC;QAED,sCAAsC;QACtC,yDAAyD;QACzD,MAAM,CAAC,aAAa,CAAC,mBAAmB,EAAE,AAAD,EAAG,SAAS,EAAE,iBAAiB,EAAE,UAAU,CAAC,GAAG,GAAG,CAAC,KAAK,CAAC,GAAG,CAAC,CAAA;QAEtG,IAAI,MAAM,CAAC,GAAG,KAAK,SAAS,EAAE,CAAC;YAC7B,MAAM,IAAI,iBAAU,CAAC,yEAAyE,CAAC,CAAA;QACjG,CAAC;QAED,IAAI,MAAM,CAAC,GAAG,KAAK,SAAS,IAAI,MAAM,CAAC,GAAG,KAAK,SAAS,IAAI,MAAM,CAAC,GAAG,KAAK,eAAe,EAAE,CAAC;YAC3F,MAAM,IAAI,iBAAU,CAClB,yGAAyG,CAC1G,CAAA;QACH,CAAC;QAED,IAAI,gBAAwB,CAAA;QAC5B,IAAI,SAAwB,CAAA;QAE5B,MAAM,GAAG,GAAG,UAAG,CAAC,SAAS,CAAC,WAAW,CAAC,MAAM,CAAC,GAAG,CAAC,CAAA;QAEjD,IAAI,CAAC;YACH,MAAM,SAAS,GAAG,MAAM,GAAG,CAAC,OAAO,CAAC;gBAClC,SAAS,EAAE,wBAAiB,CAAC,UAAU,CAAC,iBAAiB,CAAC;gBAC1D,UAAU,EAAE;oBACV,SAAS,EAAE,MAAM,CAAC,GAAG;oBACrB,uDAAuD;oBACvD,GAAG,EAAE,wBAAiB,CAAC,UAAU,CAAC,aAAa,CAAC;oBAChD,EAAE,EAAE,wBAAiB,CAAC,UAAU,CAAC,SAAS,CAAC;oBAC3C,GAAG,EAAE,wBAAiB,CAAC,UAAU,CAAC,UAAU,CAAC;iBAC9C;gBACD,GAAG,EAAE;oBACH,YAAY,EAAE;wBACZ,SAAS,EAAE,MAAM,CAAC,GAAG;wBACrB,iBAAiB,EAAE,GAAG,CAAC,MAAM,EAA0B;wBACvD,KAAK,EAAE,GAAG;wBACV,GAAG,EAAE,OAAO,MAAM,CAAC,GAAG,KAAK,QAAQ,CAAC,CAAC,CAAC,wBAAiB,CAAC,UAAU,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,SAAS;wBAC1F,GAAG,EAAE,OAAO,MAAM,CAAC,GAAG,KAAK,QAAQ,CAAC,CAAC,CAAC,wBAAiB,CAAC,UAAU,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,SAAS;qBAC3F;iBACF;aACF,CAAC,CAAA;YAEF,sDAAsD;YACtD,SAAS,GAAG,UAAG,CAAC,SAAS,CAAC,WAAW,CACnC,MAAM,GAAG,CAAC,YAAY,CAAC;gBACrB,KAAK,EAAE,GAAG;aACX,CAAC,CACH,CAAA;YAED,gBAAgB,GAAG,wBAAiB,CAAC,YAAY,CAAC,SAAS,CAAC,IAAI,CAAC,CAAA;QACnE,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,YAAY,CAAC,MAAM,CAAC,MAAM,CAAC,KAAK,CAAC,sBAAsB,EAAE;gBACvD,KAAK;aACN,CAAC,CAAA;YACF,OAAO;gBACL,SAAS,EAAE,KAAK;gBAChB,aAAa,EAAE,OAAO,EAAE,GAAG;gBAC3B,OAAO,EAAE,SAAS;gBAClB,MAAM;aACP,CAAA;QACH,CAAC;QAED,OAAO;YACL,SAAS,EAAE,IAAI;YACf,aAAa,EAAE,SAAS,CAAC,MAAM,EAAS;YACxC,OAAO,EAAE,gBAAgB;YACzB,MAAM;SACP,CAAA;IACH,CAAC,CAAA;AACH,CAAC;AAED,SAAgB,wBAAwB,CAAC,YAA0B;IACjE,MAAM,UAAU,GAAG,YAAY,CAAC,iBAAiB,CAAC,OAAO,CAAC,iBAAU,CAAC,CAAA;IAErE,OAAO,KAAK,EAAE,MAAM,EAAE,EAAE,OAAO,EAAE,MAAM,EAAE,EAAE,EAAE;QAC3C,IAAI,MAAM,CAAC,MAAM,KAAK,QAAQ,IAAI,MAAM,CAAC,MAAM,KAAK,YAAY,EAAE,CAAC;YACjE,MAAM,IAAI,iBAAU,CAAC,+EAA+E,CAAC,CAAA;QACvG,CAAC;QAED,IAAI,MAAM,CAAC,MAAM,KAAK,KAAK,EAAE,CAAC;YAC5B,MAAM,eAAe,GAAG,kBAAW,CAAC,kBAAkB,CAAC,YAAY,EAAE,EAAE,gBAAgB,EAAE,MAAM,CAAC,GAAG,EAAE,CAAC,CAAA;YAEtG,MAAM,GAAG,GAAG,MAAM,UAAU,CAAC,gBAAgB,CAAC,YAAY,EAAE;gBAC1D,sBAAsB,EAAE,EAAE,GAAG,MAAM,EAAE,GAAG,EAAE,MAAM,CAAC,GAAqC,EAAE,GAAG,EAAE,SAAS,EAAE;gBACxG,OAAO,EAAE,iBAAU,CAAC,QAAQ,CAAC,OAAO,CAAC;gBACrC,KAAK,EAAE,MAAM,CAAC,GAAG,IAAI,eAAe,CAAC,SAAS,CAAC,KAAK;aACrD,CAAC,CAAA;YAEF,OAAO,EAAE,GAAG,EAAE,GAAG,EAAE,SAAS,EAAE,eAAe,CAAC,SAAS,CAAC,MAAM,EAAS,EAAE,CAAA;QAC3E,CAAC;QAED,oFAAoF;QACpF,MAAM,SAAS,GACb,MAAM,CAAC,MAAM,KAAK,KAAK;YACrB,CAAC,CAAC,MAAM,IAAA,2BAAmB,EAAC,YAAY,EAAE,MAAM,CAAC,MAAM,CAAC;YACxD,CAAC,CAAC,UAAG,CAAC,SAAS,CAAC,WAAW,CAAC,MAAM,CAAC,SAAS,CAAC,CAAA;QAEjD,IAAI,CAAC,SAAS,CAAC,4BAA4B,CAAC,QAAQ,CAAC,MAAM,CAAC,GAAqC,CAAC,EAAE,CAAC;YACnG,MAAM,IAAI,iBAAU,CAClB,OAAO,SAAS,CAAC,uBAAuB,wCAAwC,MAAM,CAAC,GAAG,GAAG,CAC9F,CAAA;QACH,CAAC;QAED,MAAM,GAAG,GAAG,MAAM,UAAU,CAAC,gBAAgB,CAAC,YAAY,EAAE;YAC1D,sBAAsB,EAAE;gBACtB,GAAG,MAAM;gBACT,GAAG,EAAE,MAAM,CAAC,GAAG,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC,SAAS;gBACvC,GAAG,EAAE,MAAM,CAAC,GAAqC;aAClD;YACD,OAAO,EAAE,kBAAW,CAAC,QAAQ,CAAC,OAAO,CAAC;YACtC,KAAK,EAAE,MAAM,CAAC,GAAG,IAAI,SAAS,CAAC,KAAK;SACrC,CAAC,CAAA;QAEF,OAAO,EAAE,GAAG,EAAE,SAAS,EAAE,SAAS,CAAC,MAAM,EAAS,EAAE,CAAA;IACtD,CAAC,CAAA;AACH,CAAC;AAED,SAAgB,kBAAkB,CAChC,YAA0B,EAC1B,OAIC;IAED,MAAM,GAAG,GAAG,YAAY,CAAC,OAAO,CAAC,UAAG,CAAC,gBAAgB,CAAC,CAAA;IAEtD,OAAO;QACL,IAAI,EAAE,CAAC,IAAI,EAAE,GAAG,EAAE,EAAE,CAAC,aAAM,CAAC,IAAI,CAAC,IAAI,EAAE,GAAG,CAAC,WAAW,EAAE,CAAC;QACzD,cAAc,EAAE,CAAC,MAAM,EAAE,EAAE,CAAC,GAAG,CAAC,WAAW,CAAC,EAAE,MAAM,EAAE,CAAC;QACvD,OAAO,EAAE,wBAAwB,CAAC,YAAY,CAAC;QAC/C,oBAAoB,EAAE,GAAG,EAAE;YACzB,MAAM,IAAI,iBAAU,CAAC,oDAAoD,CAAC,CAAA;QAC5E,CAAC;QACD,SAAS,EAAE,0BAA0B,CAAC,YAAY,EAAE;YAClD,mBAAmB,EAAE,OAAO,EAAE,mBAAmB;YACjD,yBAAyB,EAAE,OAAO,EAAE,qCAAqC;YACzE,iBAAiB,EAAE,OAAO,EAAE,iBAAiB;SAC9C,CAAC;QACF,KAAK,EAAE,YAAY,CAAC,MAAM,CAAC,iBAAiB,CAAC,KAAK;QAClD,UAAU,EAAE,2BAA2B,CAAC,YAAY,CAAC;QACrD,UAAU,EAAE,2BAA2B,CAAC,YAAY,CAAC;QACrD,0BAA0B,EAAE,CAAC,WAAmB,EAAE,EAAE;YAClD,MAAM,eAAe,GAAG,kBAAW,CAAC,kBAAkB,CAAC,YAAY,EAAE,EAAE,gBAAgB,EAAE,CAAC,WAAW,CAAC,EAAE,CAAC,CAAA;YACzG,OAAO;gBACL,WAAW,EAAE,eAAe,CAAC,WAAW;gBACxC,WAAW,EAAE,eAAe,CAAC,WAAW;aACzC,CAAA;QACH,CAAC;KACiC,CAAA;AACtC,CAAC;AAED;;;GAGG;AACH,SAAgB,kCAAkC,CAChD,YAA0B,EAC1B,YAAmC;IAEnC,OAAO,CAAC,eAAe,EAAE,EAAE;QACzB,MAAM,mBAAmB,GAAG,YAAY,CAAC,0BAA0B,EAAE,IAAI,CACvE,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,MAAM,KAAK,eAAe,CAAC,2BAA2B,CAAC,MAAM,CACvE,CAAA;QAED,IAAI,CAAC,mBAAmB,EAAE,CAAC;YACzB,qEAAqE;YACrE,YAAY,CAAC,MAAM,CAAC,MAAM,CAAC,KAAK,CAC9B,iCAAiC,eAAe,CAAC,2BAA2B,CAAC,MAAM,iBAAiB,YAAY,CAAC,QAAQ,qBAAqB,eAAe,CAAC,GAAG,GAAG,CACrK,CAAA;YACD,OAAM;QACR,CAAC;QAED,IAAI,CAAC,mBAAmB,CAAC,oBAAoB,EAAE,CAAC;YAC9C,MAAM,IAAI,iBAAU,CAClB,mDAAmD,mBAAmB,CAAC,MAAM,iBAAiB,YAAY,CAAC,QAAQ,qBAAqB,eAAe,CAAC,GAAG,8GAA8G,CAC1Q,CAAA;QACH,CAAC;QAED,OAAO,IAAA,oCAA2B,EAAC;YACjC,QAAQ,EAAE,mBAAmB,CAAC,oBAAoB,CAAC,QAAQ;YAC3D,YAAY,EAAE,mBAAmB,CAAC,oBAAoB,CAAC,YAAY;SACpE,CAAC,CAAC,eAAe,CAAC,CAAA;IACrB,CAAC,CAAA;AACH,CAAC"}

package/build/shared/models/CredentialHolderBinding.d.ts

@@ -1,13 +1,67 @@
-import type { Jwk, Key } from '@credo-ts/core';
-export type OpenId4VcCredentialHolderDidBinding = {
-    method: 'did';
-    didUrl: string;
+import type { Kms } from '@credo-ts/core';
+import { Openid4vciIssuer } from '@openid4vc/openid4vci';
+type VerifiedCredentialRequestAttestationProof = Awaited<ReturnType<InstanceType<typeof Openid4vciIssuer>['verifyCredentialRequestAttestationProof']>>;
+type VerifiedCredentialRequestJwtProof = Awaited<ReturnType<InstanceType<typeof Openid4vciIssuer>['verifyCredentialRequestJwtProof']>>['keyAttestation'];
+export type OpenId4VcCredentialHolderAttestationBinding = {
+    method: 'attestation';
+    /**
+     * The key attestation JWT to use to request issuance of the credentials based
+     * on the attested_keys.
+     *
+     * When the `keyAttestationJwt` contains a `nonce` payload value it will be sent
+     * as an `attestation` proof (without signing using a key in the attested key).
+     * NOTE that the `nonce` value must match with the `c_nonce` value from the issuer.
+     *
+     * If no nonce is provided, the `jwt` proof type will be used and the proof will be
+     * signed using the first key from the `attested_keys` array.
+     */
+    keyAttestationJwt: string;
 };
-export type OpenId4VcCredentialHolderJwkBinding = {
+export interface OpenId4VcCredentialHolderDidBinding {
+    method: 'did';
+    didUrls: string[];
+}
+export interface OpenId4VcCredentialHolderJwkBinding {
     method: 'jwk';
-    jwk: Jwk;
-};
-export type OpenId4VcCredentialHolderBinding = OpenId4VcCredentialHolderDidBinding | OpenId4VcCredentialHolderJwkBinding;
-export type OpenId4VcCredentialHolderBindingWithKey = OpenId4VcCredentialHolderBinding & {
-    key: Key;
-};
+    keys: Kms.PublicJwk[];
+}
+export type VerifiedOpenId4VcCredentialHolderBinding = {
+    proofType: 'jwt' | 'attestation';
+    /**
+     * The key attestation that was provided to attest the keys.
+     * Always defined if `proofType` is `attestation`, as well
+     * as when `key_attestations_required` is defined in the
+     * credential issuer metadata
+     */
+    keyAttestation?: VerifiedCredentialRequestAttestationProof | VerifiedCredentialRequestJwtProof;
+    /**
+     * The binding method of the keys.
+     *
+     * Binding method `did` is only supported for proof type `jwt`.
+     */
+    bindingMethod: 'did' | 'jwk';
+} & ({
+    bindingMethod: 'did';
+    /**
+     * The DIDs that were provided as part of the `jwt` proofs in the credential request
+     */
+    keys: Array<{
+        method: 'did';
+        jwk: Kms.PublicJwk;
+        didUrl: string;
+    }>;
+} | {
+    bindingMethod: 'jwk';
+    /**
+     * The keys that were provided as part of the credential request proof.
+     * - If `proofType` is `attestation` these keys were extracted from the signed key attestation, but no proof was signed using one of the attested keys
+     * - If `proofType` is `jwt` and `attestation` is defined, the keys were extracted from the attestation, and proof was signed using one of the attested keys
+     * - Otherwise if `proofType` is `jwt` and no `attestation` is defined, the keys were not attested, and for each individual key a proof was signed using that key.
+     */
+    keys: Array<{
+        method: 'jwk';
+        jwk: Kms.PublicJwk;
+    }>;
+});
+export type OpenId4VcCredentialHolderBinding = OpenId4VcCredentialHolderDidBinding | OpenId4VcCredentialHolderJwkBinding | OpenId4VcCredentialHolderAttestationBinding;
+export {};

package/build/shared/models/OpenId4VcJwtIssuer.d.ts

@@ -1,17 +1,22 @@
-import type { Jwk } from '@credo-ts/core';
+import { Kms, X509Certificate } from '@credo-ts/core';
 export interface OpenId4VcJwtIssuerDid {
     method: 'did';
+    /**
+     * The did url pointing to a specific verification method.
+     *
+     * Note a created DID record MUST exist for the did url, enabling extraction of the KMS key id from the did record.
+     */
     didUrl: string;
 }
 export interface OpenId4VcIssuerX5c {
     method: 'x5c';
     /**
-     *
-     * Array of base64-encoded certificate strings in the DER-format.
+     * Array of X.509 certificates
      *
      * The certificate containing the public key corresponding to the key used to digitally sign the JWS MUST be the first certificate.
+     * The first certificate MUST also have a key id configured on the public key to enable signing with the KMS.
      */
-    x5c: string[];
+    x5c: X509Certificate[];
     /**
      * The issuer of the JWT. Should be a HTTPS URI.
      *
@@ -22,6 +27,6 @@ export interface OpenId4VcIssuerX5c {
 }
 export interface OpenId4VcJwtIssuerJwk {
     method: 'jwk';
-    jwk: Jwk;
+    jwk: Kms.PublicJwk;
 }
 export type OpenId4VcJwtIssuer = OpenId4VcJwtIssuerDid | OpenId4VcIssuerX5c | OpenId4VcJwtIssuerJwk;

package/build/shared/models/OpenId4VciCredentialFormatProfile.d.ts

@@ -3,5 +3,6 @@ export declare enum OpenId4VciCredentialFormatProfile {
     JwtVcJsonLd = "jwt_vc_json-ld",
     LdpVc = "ldp_vc",
     SdJwtVc = "vc+sd-jwt",
+    SdJwtDc = "dc+sd-jwt",
     MsoMdoc = "mso_mdoc"
 }

package/build/shared/models/OpenId4VciCredentialFormatProfile.js

@@ -7,6 +7,7 @@ var OpenId4VciCredentialFormatProfile;
     OpenId4VciCredentialFormatProfile["JwtVcJsonLd"] = "jwt_vc_json-ld";
     OpenId4VciCredentialFormatProfile["LdpVc"] = "ldp_vc";
     OpenId4VciCredentialFormatProfile["SdJwtVc"] = "vc+sd-jwt";
+    OpenId4VciCredentialFormatProfile["SdJwtDc"] = "dc+sd-jwt";
     OpenId4VciCredentialFormatProfile["MsoMdoc"] = "mso_mdoc";
 })(OpenId4VciCredentialFormatProfile || (exports.OpenId4VciCredentialFormatProfile = OpenId4VciCredentialFormatProfile = {}));
 //# sourceMappingURL=OpenId4VciCredentialFormatProfile.js.map

package/build/shared/models/OpenId4VciCredentialFormatProfile.js.map

@@ -1 +1 @@
-{"version":3,"file":"OpenId4VciCredentialFormatProfile.js","sourceRoot":"","sources":["../../../src/shared/models/OpenId4VciCredentialFormatProfile.ts"],"names":[],"mappings":";;;AAAA,IAAY,iCAMX;AAND,WAAY,iCAAiC;IAC3C,8DAAyB,CAAA;IACzB,mEAA8B,CAAA;IAC9B,qDAAgB,CAAA;IAChB,0DAAqB,CAAA;IACrB,yDAAoB,CAAA;AACtB,CAAC,EANW,iCAAiC,iDAAjC,iCAAiC,QAM5C"}
+{"version":3,"file":"OpenId4VciCredentialFormatProfile.js","sourceRoot":"","sources":["../../../src/shared/models/OpenId4VciCredentialFormatProfile.ts"],"names":[],"mappings":";;;AAAA,IAAY,iCAOX;AAPD,WAAY,iCAAiC;IAC3C,8DAAyB,CAAA;IACzB,mEAA8B,CAAA;IAC9B,qDAAgB,CAAA;IAChB,0DAAqB,CAAA;IACrB,0DAAqB,CAAA;IACrB,yDAAoB,CAAA;AACtB,CAAC,EAPW,iCAAiC,iDAAjC,iCAAiC,QAO5C"}

package/build/shared/router/tenants.js

@@ -15,7 +15,7 @@ async function getAgentContextForActorId(rootAgentContext, actorId) {
         });
         if (tenant) {
             const agentContextProvider = rootAgentContext.dependencyManager.resolve(core_1.InjectionSymbols.AgentContextProvider);
-            return agentContextProvider.getAgentContextForContextCorrelationId(tenant.id);
+            return agentContextProvider.getAgentContextForContextCorrelationId(`tenant-${tenant.id}`);
         }
     }
     return rootAgentContext;
@@ -37,7 +37,7 @@ async function storeActorIdForContextCorrelationId(agentContext, actorId) {
     const tenantsApi = (0, core_1.getApiForModuleByName)(agentContext, 'TenantsModule');
     // We don't want to query the tenant record if the current context is the root context
     if (tenantsApi && tenantsApi.rootAgentContext.contextCorrelationId !== agentContext.contextCorrelationId) {
-        const tenantRecord = await tenantsApi.getTenantById(agentContext.contextCorrelationId);
+        const tenantRecord = await tenantsApi.getTenantById(agentContext.contextCorrelationId.replace('tenant-', ''));
         const currentOpenId4VcActorIds = tenantRecord.metadata.get(OPENID4VC_ACTOR_IDS_METADATA_KEY) ?? [];
         const openId4VcActorIds = [...currentOpenId4VcActorIds, actorId];
         tenantRecord.metadata.set(OPENID4VC_ACTOR_IDS_METADATA_KEY, openId4VcActorIds);

package/build/shared/router/tenants.js.map

@@ -1 +1 @@
-{"version":3,"file":"tenants.js","sourceRoot":"","sources":["../../../src/shared/router/tenants.ts"],"names":[],"mappings":";;AAOA,8DAmBC;AAYD,kFAiBC;AApDD,yCAAwE;AAExE,MAAM,gCAAgC,GAAG,8BAA8B,CAAA;AAEhE,KAAK,UAAU,yBAAyB,CAAC,gBAA8B,EAAE,OAAe;IAC7F,uFAAuF;IACvF,oFAAoF;IACpF,uFAAuF;IACvF,MAAM,UAAU,GAAG,IAAA,4BAAqB,EAAgB,gBAAgB,EAAE,eAAe,CAAC,CAAA;IAC1F,IAAI,UAAU,EAAE,CAAC;QACf,MAAM,CAAC,MAAM,CAAC,GAAG,MAAM,UAAU,CAAC,kBAAkB,CAAC;YACnD,CAAC,gCAAgC,CAAC,EAAE,CAAC,OAAO,CAAC;SAC9C,CAAC,CAAA;QAEF,IAAI,MAAM,EAAE,CAAC;YACX,MAAM,oBAAoB,GAAG,gBAAgB,CAAC,iBAAiB,CAAC,OAAO,CACrE,uBAAgB,CAAC,oBAAoB,CACtC,CAAA;YACD,OAAO,oBAAoB,CAAC,sCAAsC,CAAC,MAAM,CAAC,EAAE,CAAC,CAAA;QAC/E,CAAC;IACH,CAAC;IAED,OAAO,gBAAgB,CAAA;AACzB,CAAC;AAED;;;;;;;;;GASG;AACI,KAAK,UAAU,mCAAmC,CAAC,YAA0B,EAAE,OAAe;IACnG,uGAAuG;IACvG,wGAAwG;IACxG,kCAAkC;IAClC,MAAM,UAAU,GAAG,IAAA,4BAAqB,EAAgB,YAAY,EAAE,eAAe,CAAC,CAAA;IAEtF,sFAAsF;IACtF,IAAI,UAAU,IAAI,UAAU,CAAC,gBAAgB,CAAC,oBAAoB,KAAK,YAAY,CAAC,oBAAoB,EAAE,CAAC;QACzG,MAAM,YAAY,GAAG,MAAM,UAAU,CAAC,aAAa,CAAC,YAAY,CAAC,oBAAoB,CAAC,CAAA;QAEtF,MAAM,wBAAwB,GAAG,YAAY,CAAC,QAAQ,CAAC,GAAG,CAAW,gCAAgC,CAAC,IAAI,EAAE,CAAA;QAC5G,MAAM,iBAAiB,GAAG,CAAC,GAAG,wBAAwB,EAAE,OAAO,CAAC,CAAA;QAEhE,YAAY,CAAC,QAAQ,CAAC,GAAG,CAAC,gCAAgC,EAAE,iBAAiB,CAAC,CAAA;QAC9E,YAAY,CAAC,MAAM,CAAC,gCAAgC,EAAE,iBAAiB,CAAC,CAAA;QACxE,MAAM,UAAU,CAAC,YAAY,CAAC,YAAY,CAAC,CAAA;IAC7C,CAAC;AACH,CAAC"}
+{"version":3,"file":"tenants.js","sourceRoot":"","sources":["../../../src/shared/router/tenants.ts"],"names":[],"mappings":";;AAOA,8DAmBC;AAYD,kFAiBC;AApDD,yCAAwE;AAExE,MAAM,gCAAgC,GAAG,8BAA8B,CAAA;AAEhE,KAAK,UAAU,yBAAyB,CAAC,gBAA8B,EAAE,OAAe;IAC7F,uFAAuF;IACvF,oFAAoF;IACpF,uFAAuF;IACvF,MAAM,UAAU,GAAG,IAAA,4BAAqB,EAAgB,gBAAgB,EAAE,eAAe,CAAC,CAAA;IAC1F,IAAI,UAAU,EAAE,CAAC;QACf,MAAM,CAAC,MAAM,CAAC,GAAG,MAAM,UAAU,CAAC,kBAAkB,CAAC;YACnD,CAAC,gCAAgC,CAAC,EAAE,CAAC,OAAO,CAAC;SAC9C,CAAC,CAAA;QAEF,IAAI,MAAM,EAAE,CAAC;YACX,MAAM,oBAAoB,GAAG,gBAAgB,CAAC,iBAAiB,CAAC,OAAO,CACrE,uBAAgB,CAAC,oBAAoB,CACtC,CAAA;YACD,OAAO,oBAAoB,CAAC,sCAAsC,CAAC,UAAU,MAAM,CAAC,EAAE,EAAE,CAAC,CAAA;QAC3F,CAAC;IACH,CAAC;IAED,OAAO,gBAAgB,CAAA;AACzB,CAAC;AAED;;;;;;;;;GASG;AACI,KAAK,UAAU,mCAAmC,CAAC,YAA0B,EAAE,OAAe;IACnG,uGAAuG;IACvG,wGAAwG;IACxG,kCAAkC;IAClC,MAAM,UAAU,GAAG,IAAA,4BAAqB,EAAgB,YAAY,EAAE,eAAe,CAAC,CAAA;IAEtF,sFAAsF;IACtF,IAAI,UAAU,IAAI,UAAU,CAAC,gBAAgB,CAAC,oBAAoB,KAAK,YAAY,CAAC,oBAAoB,EAAE,CAAC;QACzG,MAAM,YAAY,GAAG,MAAM,UAAU,CAAC,aAAa,CAAC,YAAY,CAAC,oBAAoB,CAAC,OAAO,CAAC,SAAS,EAAE,EAAE,CAAC,CAAC,CAAA;QAE7G,MAAM,wBAAwB,GAAG,YAAY,CAAC,QAAQ,CAAC,GAAG,CAAW,gCAAgC,CAAC,IAAI,EAAE,CAAA;QAC5G,MAAM,iBAAiB,GAAG,CAAC,GAAG,wBAAwB,EAAE,OAAO,CAAC,CAAA;QAEhE,YAAY,CAAC,QAAQ,CAAC,GAAG,CAAC,gCAAgC,EAAE,iBAAiB,CAAC,CAAA;QAC9E,YAAY,CAAC,MAAM,CAAC,gCAAgC,EAAE,iBAAiB,CAAC,CAAA;QACxE,MAAM,UAAU,CAAC,YAAY,CAAC,YAAY,CAAC,CAAA;IAC7C,CAAC;AACH,CAAC"}

package/build/shared/utils.d.ts

@@ -1,20 +1,15 @@
-import type { AgentContext, DidPurpose, JwaSignatureAlgorithm, Key } from '@credo-ts/core';
+import { AgentContext, DidPurpose, Kms } from '@credo-ts/core';
 import type { JwtSigner, JwtSignerX5c } from '@openid4vc/oauth2';
 import type { OpenId4VcJwtIssuer } from './models';
 /**
  * Returns the JWA Signature Algorithms that are supported by the wallet.
- *
- * This is an approximation based on the supported key types of the wallet.
- * This is not 100% correct as a supporting a key type does not mean you support
- * all the algorithms for that key type. However, this needs refactoring of the wallet
- * that is planned for the 0.5.0 release.
  */
-export declare function getSupportedJwaSignatureAlgorithms(agentContext: AgentContext): JwaSignatureAlgorithm[];
-export declare function getKeyFromDid(agentContext: AgentContext, didUrl: string, allowedPurposes?: DidPurpose[]): Promise<Key>;
+export declare function getSupportedJwaSignatureAlgorithms(agentContext: AgentContext): Kms.KnownJwaSignatureAlgorithm[];
+export declare function getPublicJwkFromDid(agentContext: AgentContext, didUrl: string, allowedPurposes?: DidPurpose[]): Promise<Kms.PublicJwk<import("@credo-ts/core/src/modules/kms/jwk/PublicJwk").SupportedPublicJwk>>;
 export declare function requestSignerToJwtIssuer(agentContext: AgentContext, requestSigner: OpenId4VcJwtIssuer): Promise<Exclude<JwtSigner, JwtSignerX5c> | (JwtSignerX5c & {
     issuer: string;
 })>;
-export declare function getProofTypeFromKey(agentContext: AgentContext, key: Key): string;
+export declare function getProofTypeFromPublicJwk(agentContext: AgentContext, key: Kms.PublicJwk): string;
 export declare function addSecondsToDate(date: Date, seconds: number): Date;
 export declare function dateToSeconds(date: Date): number;
 export declare function parseIfJson<T>(input: T): T | Record<string, unknown>;