@pagopa/io-react-native-wallet 0.11.1 → 0.13.0

Sign up to get free protection for your applications and to get access to all the features.
Files changed (217) hide show
  1. package/lib/commonjs/client/generated/wallet-provider.js +126 -0
  2. package/lib/commonjs/client/generated/wallet-provider.js.map +1 -0
  3. package/lib/commonjs/client/index.js +40 -0
  4. package/lib/commonjs/client/index.js.map +1 -0
  5. package/lib/commonjs/credential/issuance/02-evaluate-issuer-trust.js +2 -1
  6. package/lib/commonjs/credential/issuance/02-evaluate-issuer-trust.js.map +1 -1
  7. package/lib/commonjs/credential/issuance/03-start-credential-issuance.js +287 -0
  8. package/lib/commonjs/credential/issuance/03-start-credential-issuance.js.map +1 -0
  9. package/lib/commonjs/credential/issuance/03-start-user-authorization.js +56 -83
  10. package/lib/commonjs/credential/issuance/03-start-user-authorization.js.map +1 -1
  11. package/lib/commonjs/credential/issuance/04-complete-user-authorization.js +88 -0
  12. package/lib/commonjs/credential/issuance/04-complete-user-authorization.js.map +1 -1
  13. package/lib/commonjs/credential/issuance/05-authorize-access.js +56 -33
  14. package/lib/commonjs/credential/issuance/05-authorize-access.js.map +1 -1
  15. package/lib/commonjs/credential/issuance/06-obtain-credential.js +51 -78
  16. package/lib/commonjs/credential/issuance/06-obtain-credential.js.map +1 -1
  17. package/lib/commonjs/credential/issuance/07-verify-and-parse-credential.js +21 -44
  18. package/lib/commonjs/credential/issuance/07-verify-and-parse-credential.js.map +1 -1
  19. package/lib/commonjs/credential/issuance/index.js +7 -0
  20. package/lib/commonjs/credential/issuance/index.js.map +1 -1
  21. package/lib/commonjs/credential/issuance/types.js +28 -0
  22. package/lib/commonjs/credential/issuance/types.js.map +1 -0
  23. package/lib/commonjs/index.js +10 -1
  24. package/lib/commonjs/index.js.map +1 -1
  25. package/lib/commonjs/pid/sd-jwt/converters.js +5 -9
  26. package/lib/commonjs/pid/sd-jwt/converters.js.map +1 -1
  27. package/lib/commonjs/pid/sd-jwt/types.js +3 -3
  28. package/lib/commonjs/pid/sd-jwt/types.js.map +1 -1
  29. package/lib/commonjs/sd-jwt/__test__/converters.test.js +1 -1
  30. package/lib/commonjs/sd-jwt/__test__/converters.test.js.map +1 -1
  31. package/lib/commonjs/sd-jwt/__test__/index.test.js +30 -43
  32. package/lib/commonjs/sd-jwt/__test__/index.test.js.map +1 -1
  33. package/lib/commonjs/sd-jwt/__test__/types.test.js +16 -24
  34. package/lib/commonjs/sd-jwt/__test__/types.test.js.map +1 -1
  35. package/lib/commonjs/sd-jwt/index.js +3 -9
  36. package/lib/commonjs/sd-jwt/index.js.map +1 -1
  37. package/lib/commonjs/sd-jwt/types.js +11 -16
  38. package/lib/commonjs/sd-jwt/types.js.map +1 -1
  39. package/lib/commonjs/trust/types.js +70 -29
  40. package/lib/commonjs/trust/types.js.map +1 -1
  41. package/lib/commonjs/utils/auth.js +44 -0
  42. package/lib/commonjs/utils/auth.js.map +1 -0
  43. package/lib/commonjs/utils/errors.js +104 -1
  44. package/lib/commonjs/utils/errors.js.map +1 -1
  45. package/lib/commonjs/utils/integrity.js +2 -0
  46. package/lib/commonjs/utils/integrity.js.map +1 -0
  47. package/lib/commonjs/utils/misc.js +34 -1
  48. package/lib/commonjs/utils/misc.js.map +1 -1
  49. package/lib/commonjs/utils/par.js +23 -15
  50. package/lib/commonjs/utils/par.js.map +1 -1
  51. package/lib/commonjs/utils/pop.js +33 -0
  52. package/lib/commonjs/utils/pop.js.map +1 -0
  53. package/lib/commonjs/wallet-instance/index.js +29 -0
  54. package/lib/commonjs/wallet-instance/index.js.map +1 -0
  55. package/lib/commonjs/wallet-instance-attestation/issuing.js +62 -65
  56. package/lib/commonjs/wallet-instance-attestation/issuing.js.map +1 -1
  57. package/lib/commonjs/wallet-instance-attestation/types.js +8 -8
  58. package/lib/commonjs/wallet-instance-attestation/types.js.map +1 -1
  59. package/lib/module/client/generated/wallet-provider.js +102 -0
  60. package/lib/module/client/generated/wallet-provider.js.map +1 -0
  61. package/lib/module/client/index.js +33 -0
  62. package/lib/module/client/index.js.map +1 -0
  63. package/lib/module/credential/issuance/02-evaluate-issuer-trust.js +2 -1
  64. package/lib/module/credential/issuance/02-evaluate-issuer-trust.js.map +1 -1
  65. package/lib/module/credential/issuance/03-start-credential-issuance.js +276 -0
  66. package/lib/module/credential/issuance/03-start-credential-issuance.js.map +1 -0
  67. package/lib/module/credential/issuance/03-start-user-authorization.js +56 -80
  68. package/lib/module/credential/issuance/03-start-user-authorization.js.map +1 -1
  69. package/lib/module/credential/issuance/04-complete-user-authorization.js +85 -1
  70. package/lib/module/credential/issuance/04-complete-user-authorization.js.map +1 -1
  71. package/lib/module/credential/issuance/05-authorize-access.js +54 -33
  72. package/lib/module/credential/issuance/05-authorize-access.js.map +1 -1
  73. package/lib/module/credential/issuance/06-obtain-credential.js +50 -75
  74. package/lib/module/credential/issuance/06-obtain-credential.js.map +1 -1
  75. package/lib/module/credential/issuance/07-verify-and-parse-credential.js +21 -44
  76. package/lib/module/credential/issuance/07-verify-and-parse-credential.js.map +1 -1
  77. package/lib/module/credential/issuance/index.js +2 -1
  78. package/lib/module/credential/issuance/index.js.map +1 -1
  79. package/lib/module/credential/issuance/types.js +18 -0
  80. package/lib/module/credential/issuance/types.js.map +1 -0
  81. package/lib/module/index.js +3 -1
  82. package/lib/module/index.js.map +1 -1
  83. package/lib/module/pid/sd-jwt/converters.js +5 -9
  84. package/lib/module/pid/sd-jwt/converters.js.map +1 -1
  85. package/lib/module/pid/sd-jwt/types.js +3 -3
  86. package/lib/module/pid/sd-jwt/types.js.map +1 -1
  87. package/lib/module/sd-jwt/__test__/converters.test.js +1 -1
  88. package/lib/module/sd-jwt/__test__/converters.test.js.map +1 -1
  89. package/lib/module/sd-jwt/__test__/index.test.js +30 -43
  90. package/lib/module/sd-jwt/__test__/index.test.js.map +1 -1
  91. package/lib/module/sd-jwt/__test__/types.test.js +16 -24
  92. package/lib/module/sd-jwt/__test__/types.test.js.map +1 -1
  93. package/lib/module/sd-jwt/index.js +3 -9
  94. package/lib/module/sd-jwt/index.js.map +1 -1
  95. package/lib/module/sd-jwt/types.js +11 -16
  96. package/lib/module/sd-jwt/types.js.map +1 -1
  97. package/lib/module/trust/types.js +70 -29
  98. package/lib/module/trust/types.js.map +1 -1
  99. package/lib/module/utils/auth.js +35 -0
  100. package/lib/module/utils/auth.js.map +1 -0
  101. package/lib/module/utils/errors.js +98 -0
  102. package/lib/module/utils/errors.js.map +1 -1
  103. package/lib/module/utils/integrity.js +2 -0
  104. package/lib/module/utils/integrity.js.map +1 -0
  105. package/lib/module/utils/misc.js +31 -0
  106. package/lib/module/utils/misc.js.map +1 -1
  107. package/lib/module/utils/par.js +24 -16
  108. package/lib/module/utils/par.js.map +1 -1
  109. package/lib/module/utils/pop.js +24 -0
  110. package/lib/module/utils/pop.js.map +1 -0
  111. package/lib/module/wallet-instance/index.js +23 -0
  112. package/lib/module/wallet-instance/index.js.map +1 -0
  113. package/lib/module/wallet-instance-attestation/issuing.js +63 -67
  114. package/lib/module/wallet-instance-attestation/issuing.js.map +1 -1
  115. package/lib/module/wallet-instance-attestation/types.js +8 -8
  116. package/lib/module/wallet-instance-attestation/types.js.map +1 -1
  117. package/lib/typescript/client/generated/wallet-provider.d.ts +264 -0
  118. package/lib/typescript/client/generated/wallet-provider.d.ts.map +1 -0
  119. package/lib/typescript/client/index.d.ts +7 -0
  120. package/lib/typescript/client/index.d.ts.map +1 -0
  121. package/lib/typescript/credential/issuance/01-start-flow.d.ts +1 -0
  122. package/lib/typescript/credential/issuance/01-start-flow.d.ts.map +1 -1
  123. package/lib/typescript/credential/issuance/02-evaluate-issuer-trust.d.ts +2 -1
  124. package/lib/typescript/credential/issuance/02-evaluate-issuer-trust.d.ts.map +1 -1
  125. package/lib/typescript/credential/issuance/03-start-credential-issuance.d.ts +41 -0
  126. package/lib/typescript/credential/issuance/03-start-credential-issuance.d.ts.map +1 -0
  127. package/lib/typescript/credential/issuance/03-start-user-authorization.d.ts +23 -18
  128. package/lib/typescript/credential/issuance/03-start-user-authorization.d.ts.map +1 -1
  129. package/lib/typescript/credential/issuance/04-complete-user-authorization.d.ts +24 -12
  130. package/lib/typescript/credential/issuance/04-complete-user-authorization.d.ts.map +1 -1
  131. package/lib/typescript/credential/issuance/05-authorize-access.d.ts +22 -16
  132. package/lib/typescript/credential/issuance/05-authorize-access.d.ts.map +1 -1
  133. package/lib/typescript/credential/issuance/06-obtain-credential.d.ts +19 -26
  134. package/lib/typescript/credential/issuance/06-obtain-credential.d.ts.map +1 -1
  135. package/lib/typescript/credential/issuance/07-verify-and-parse-credential.d.ts +10 -15
  136. package/lib/typescript/credential/issuance/07-verify-and-parse-credential.d.ts.map +1 -1
  137. package/lib/typescript/credential/issuance/index.d.ts +3 -4
  138. package/lib/typescript/credential/issuance/index.d.ts.map +1 -1
  139. package/lib/typescript/credential/issuance/types.d.ts +63 -0
  140. package/lib/typescript/credential/issuance/types.d.ts.map +1 -0
  141. package/lib/typescript/credential/presentation/types.d.ts +6 -6
  142. package/lib/typescript/index.d.ts +6 -1
  143. package/lib/typescript/index.d.ts.map +1 -1
  144. package/lib/typescript/pid/sd-jwt/converters.d.ts.map +1 -1
  145. package/lib/typescript/pid/sd-jwt/types.d.ts +36 -36
  146. package/lib/typescript/pid/sd-jwt/types.d.ts.map +1 -1
  147. package/lib/typescript/sd-jwt/index.d.ts +40 -68
  148. package/lib/typescript/sd-jwt/index.d.ts.map +1 -1
  149. package/lib/typescript/sd-jwt/types.d.ts +64 -121
  150. package/lib/typescript/sd-jwt/types.d.ts.map +1 -1
  151. package/lib/typescript/trust/index.d.ts +150 -48
  152. package/lib/typescript/trust/index.d.ts.map +1 -1
  153. package/lib/typescript/trust/types.d.ts +2838 -1740
  154. package/lib/typescript/trust/types.d.ts.map +1 -1
  155. package/lib/typescript/utils/auth.d.ts +52 -0
  156. package/lib/typescript/utils/auth.d.ts.map +1 -0
  157. package/lib/typescript/utils/errors.d.ts +48 -0
  158. package/lib/typescript/utils/errors.d.ts.map +1 -1
  159. package/lib/typescript/utils/integrity.d.ts +21 -0
  160. package/lib/typescript/utils/integrity.d.ts.map +1 -0
  161. package/lib/typescript/utils/misc.d.ts +18 -0
  162. package/lib/typescript/utils/misc.d.ts.map +1 -1
  163. package/lib/typescript/utils/par.d.ts +8 -31
  164. package/lib/typescript/utils/par.d.ts.map +1 -1
  165. package/lib/typescript/utils/pop.d.ts +26 -0
  166. package/lib/typescript/utils/pop.d.ts.map +1 -0
  167. package/lib/typescript/wallet-instance/index.d.ts +7 -0
  168. package/lib/typescript/wallet-instance/index.d.ts.map +1 -0
  169. package/lib/typescript/wallet-instance-attestation/issuing.d.ts +17 -4
  170. package/lib/typescript/wallet-instance-attestation/issuing.d.ts.map +1 -1
  171. package/lib/typescript/wallet-instance-attestation/types.d.ts +64 -64
  172. package/lib/typescript/wallet-instance-attestation/types.d.ts.map +1 -1
  173. package/package.json +9 -5
  174. package/src/client/generated/wallet-provider.ts +173 -0
  175. package/src/client/index.ts +53 -0
  176. package/src/credential/issuance/01-start-flow.ts +1 -0
  177. package/src/credential/issuance/02-evaluate-issuer-trust.ts +2 -1
  178. package/src/credential/issuance/03-start-credential-issuance.ts +407 -0
  179. package/src/credential/issuance/03-start-user-authorization.ts +91 -92
  180. package/src/credential/issuance/04-complete-user-authorization.ts +114 -13
  181. package/src/credential/issuance/05-authorize-access.ts +74 -49
  182. package/src/credential/issuance/06-obtain-credential.ts +77 -111
  183. package/src/credential/issuance/07-verify-and-parse-credential.ts +30 -67
  184. package/src/credential/issuance/index.ts +6 -4
  185. package/src/credential/issuance/types.ts +25 -0
  186. package/src/index.ts +8 -0
  187. package/src/pid/sd-jwt/converters.ts +5 -11
  188. package/src/pid/sd-jwt/types.ts +8 -6
  189. package/src/sd-jwt/__test__/converters.test.ts +1 -1
  190. package/src/sd-jwt/__test__/index.test.ts +45 -74
  191. package/src/sd-jwt/__test__/types.test.ts +21 -33
  192. package/src/sd-jwt/index.ts +3 -12
  193. package/src/sd-jwt/types.ts +17 -22
  194. package/src/trust/types.ts +64 -32
  195. package/src/utils/auth.ts +37 -0
  196. package/src/utils/errors.ts +112 -0
  197. package/src/utils/integrity.ts +23 -0
  198. package/src/utils/misc.ts +43 -0
  199. package/src/utils/par.ts +29 -17
  200. package/src/utils/pop.ts +34 -0
  201. package/src/wallet-instance/index.ts +29 -0
  202. package/src/wallet-instance-attestation/issuing.ts +101 -97
  203. package/src/wallet-instance-attestation/types.ts +12 -8
  204. package/lib/commonjs/credential/issuance/07-confirm-credential.js +0 -6
  205. package/lib/commonjs/credential/issuance/07-confirm-credential.js.map +0 -1
  206. package/lib/commonjs/credential/issuance/08-confirm-credential.js +0 -6
  207. package/lib/commonjs/credential/issuance/08-confirm-credential.js.map +0 -1
  208. package/lib/module/credential/issuance/07-confirm-credential.js +0 -2
  209. package/lib/module/credential/issuance/07-confirm-credential.js.map +0 -1
  210. package/lib/module/credential/issuance/08-confirm-credential.js +0 -2
  211. package/lib/module/credential/issuance/08-confirm-credential.js.map +0 -1
  212. package/lib/typescript/credential/issuance/07-confirm-credential.d.ts +0 -11
  213. package/lib/typescript/credential/issuance/07-confirm-credential.d.ts.map +0 -1
  214. package/lib/typescript/credential/issuance/08-confirm-credential.d.ts +0 -11
  215. package/lib/typescript/credential/issuance/08-confirm-credential.d.ts.map +0 -1
  216. package/src/credential/issuance/07-confirm-credential.ts +0 -14
  217. package/src/credential/issuance/08-confirm-credential.ts +0 -14
@@ -0,0 +1,126 @@
1
+ "use strict";
2
+
3
+ Object.defineProperty(exports, "__esModule", {
4
+ value: true
5
+ });
6
+ exports.WalletAttestationView = exports.ProblemDetail = exports.NonceDetailView = exports.Id = exports.FiscalCode = exports.EndpointByMethod = exports.CreateWalletInstanceBody = exports.CreateWalletAttestationBody = exports.ApiClient = void 0;
7
+ exports.createApiClient = createApiClient;
8
+ exports.post_CreateWalletInstance = exports.post_CreateWalletAttestation = exports.get_GetNonce = void 0;
9
+ var _zod = _interopRequireDefault(require("zod"));
10
+ function _interopRequireDefault(obj) { return obj && obj.__esModule ? obj : { default: obj }; }
11
+ const NonceDetailView = _zod.default.object({
12
+ nonce: _zod.default.string()
13
+ });
14
+ exports.NonceDetailView = NonceDetailView;
15
+ const WalletAttestationView = _zod.default.string();
16
+ exports.WalletAttestationView = WalletAttestationView;
17
+ const CreateWalletInstanceBody = _zod.default.object({
18
+ challenge: _zod.default.string(),
19
+ key_attestation: _zod.default.string(),
20
+ hardware_key_tag: _zod.default.string()
21
+ });
22
+ exports.CreateWalletInstanceBody = CreateWalletInstanceBody;
23
+ const CreateWalletAttestationBody = _zod.default.object({
24
+ grant_type: _zod.default.literal("urn:ietf:params:oauth:grant-type:jwt-bearer"),
25
+ assertion: _zod.default.string()
26
+ });
27
+ exports.CreateWalletAttestationBody = CreateWalletAttestationBody;
28
+ const ProblemDetail = _zod.default.object({
29
+ type: _zod.default.string().optional(),
30
+ title: _zod.default.string().optional(),
31
+ status: _zod.default.number().optional(),
32
+ detail: _zod.default.string().optional(),
33
+ instance: _zod.default.string().optional()
34
+ });
35
+ exports.ProblemDetail = ProblemDetail;
36
+ const FiscalCode = _zod.default.string();
37
+ exports.FiscalCode = FiscalCode;
38
+ const Id = _zod.default.string();
39
+ exports.Id = Id;
40
+ const get_GetNonce = {
41
+ method: _zod.default.literal("GET"),
42
+ path: _zod.default.literal("/nonce"),
43
+ parameters: _zod.default.never(),
44
+ response: NonceDetailView
45
+ };
46
+ exports.get_GetNonce = get_GetNonce;
47
+ const post_CreateWalletInstance = {
48
+ method: _zod.default.literal("POST"),
49
+ path: _zod.default.literal("/wallet-instances"),
50
+ parameters: _zod.default.object({
51
+ body: CreateWalletInstanceBody
52
+ }),
53
+ response: _zod.default.unknown()
54
+ };
55
+ exports.post_CreateWalletInstance = post_CreateWalletInstance;
56
+ const post_CreateWalletAttestation = {
57
+ method: _zod.default.literal("POST"),
58
+ path: _zod.default.literal("/token"),
59
+ parameters: _zod.default.object({
60
+ body: CreateWalletAttestationBody
61
+ }),
62
+ response: _zod.default.unknown()
63
+ };
64
+
65
+ // <EndpointByMethod>
66
+ exports.post_CreateWalletAttestation = post_CreateWalletAttestation;
67
+ const EndpointByMethod = {
68
+ get: {
69
+ "/nonce": get_GetNonce
70
+ },
71
+ post: {
72
+ "/wallet-instances": post_CreateWalletInstance,
73
+ "/token": post_CreateWalletAttestation
74
+ }
75
+ };
76
+
77
+ // </EndpointByMethod>
78
+
79
+ // <EndpointByMethod.Shorthands>
80
+
81
+ // </EndpointByMethod.Shorthands>
82
+
83
+ // <ApiClientTypes>
84
+ exports.EndpointByMethod = EndpointByMethod;
85
+ // </ApiClientTypes>
86
+
87
+ // <ApiClient>
88
+ class ApiClient {
89
+ baseUrl = "";
90
+ constructor(fetcher) {
91
+ this.fetcher = fetcher;
92
+ }
93
+ setBaseUrl(baseUrl) {
94
+ this.baseUrl = baseUrl;
95
+ return this;
96
+ }
97
+
98
+ // <ApiClient.get>
99
+ get(path) {
100
+ return this.fetcher("get", this.baseUrl + path, arguments.length <= 1 ? undefined : arguments[1]);
101
+ }
102
+ // </ApiClient.get>
103
+
104
+ // <ApiClient.post>
105
+ post(path) {
106
+ return this.fetcher("post", this.baseUrl + path, arguments.length <= 1 ? undefined : arguments[1]);
107
+ }
108
+ // </ApiClient.post>
109
+ }
110
+ exports.ApiClient = ApiClient;
111
+ function createApiClient(fetcher, baseUrl) {
112
+ return new ApiClient(fetcher).setBaseUrl(baseUrl ?? "");
113
+ }
114
+
115
+ /**
116
+ Example usage:
117
+ const api = createApiClient((method, url, params) =>
118
+ fetch(url, { method, body: JSON.stringify(params) }).then((res) => res.json()),
119
+ );
120
+ api.get("/users").then((users) => console.log(users));
121
+ api.post("/users", { body: { name: "John" } }).then((user) => console.log(user));
122
+ api.put("/users/:id", { path: { id: 1 }, body: { name: "John" } }).then((user) => console.log(user));
123
+ */
124
+
125
+ // </ApiClient
126
+ //# sourceMappingURL=wallet-provider.js.map
@@ -0,0 +1 @@
1
+ {"version":3,"names":["_zod","_interopRequireDefault","require","obj","__esModule","default","NonceDetailView","z","object","nonce","string","exports","WalletAttestationView","CreateWalletInstanceBody","challenge","key_attestation","hardware_key_tag","CreateWalletAttestationBody","grant_type","literal","assertion","ProblemDetail","type","optional","title","status","number","detail","instance","FiscalCode","Id","get_GetNonce","method","path","parameters","never","response","post_CreateWalletInstance","body","unknown","post_CreateWalletAttestation","EndpointByMethod","get","post","ApiClient","baseUrl","constructor","fetcher","setBaseUrl","arguments","length","undefined","createApiClient"],"sourceRoot":"../../../../src","sources":["client/generated/wallet-provider.ts"],"mappings":";;;;;;;;AAAA,IAAAA,IAAA,GAAAC,sBAAA,CAAAC,OAAA;AAAoB,SAAAD,uBAAAE,GAAA,WAAAA,GAAA,IAAAA,GAAA,CAAAC,UAAA,GAAAD,GAAA,KAAAE,OAAA,EAAAF,GAAA;AAGb,MAAMG,eAAe,GAAGC,YAAC,CAACC,MAAM,CAAC;EACtCC,KAAK,EAAEF,YAAC,CAACG,MAAM,CAAC;AAClB,CAAC,CAAC;AAACC,OAAA,CAAAL,eAAA,GAAAA,eAAA;AAGI,MAAMM,qBAAqB,GAAGL,YAAC,CAACG,MAAM,CAAC,CAAC;AAACC,OAAA,CAAAC,qBAAA,GAAAA,qBAAA;AAGzC,MAAMC,wBAAwB,GAAGN,YAAC,CAACC,MAAM,CAAC;EAC/CM,SAAS,EAAEP,YAAC,CAACG,MAAM,CAAC,CAAC;EACrBK,eAAe,EAAER,YAAC,CAACG,MAAM,CAAC,CAAC;EAC3BM,gBAAgB,EAAET,YAAC,CAACG,MAAM,CAAC;AAC7B,CAAC,CAAC;AAACC,OAAA,CAAAE,wBAAA,GAAAA,wBAAA;AAGI,MAAMI,2BAA2B,GAAGV,YAAC,CAACC,MAAM,CAAC;EAClDU,UAAU,EAAEX,YAAC,CAACY,OAAO,CAAC,6CAA6C,CAAC;EACpEC,SAAS,EAAEb,YAAC,CAACG,MAAM,CAAC;AACtB,CAAC,CAAC;AAACC,OAAA,CAAAM,2BAAA,GAAAA,2BAAA;AAGI,MAAMI,aAAa,GAAGd,YAAC,CAACC,MAAM,CAAC;EACpCc,IAAI,EAAEf,YAAC,CAACG,MAAM,CAAC,CAAC,CAACa,QAAQ,CAAC,CAAC;EAC3BC,KAAK,EAAEjB,YAAC,CAACG,MAAM,CAAC,CAAC,CAACa,QAAQ,CAAC,CAAC;EAC5BE,MAAM,EAAElB,YAAC,CAACmB,MAAM,CAAC,CAAC,CAACH,QAAQ,CAAC,CAAC;EAC7BI,MAAM,EAAEpB,YAAC,CAACG,MAAM,CAAC,CAAC,CAACa,QAAQ,CAAC,CAAC;EAC7BK,QAAQ,EAAErB,YAAC,CAACG,MAAM,CAAC,CAAC,CAACa,QAAQ,CAAC;AAChC,CAAC,CAAC;AAACZ,OAAA,CAAAU,aAAA,GAAAA,aAAA;AAGI,MAAMQ,UAAU,GAAGtB,YAAC,CAACG,MAAM,CAAC,CAAC;AAACC,OAAA,CAAAkB,UAAA,GAAAA,UAAA;AAG9B,MAAMC,EAAE,GAAGvB,YAAC,CAACG,MAAM,CAAC,CAAC;AAACC,OAAA,CAAAmB,EAAA,GAAAA,EAAA;AAGtB,MAAMC,YAAY,GAAG;EAC1BC,MAAM,EAAEzB,YAAC,CAACY,OAAO,CAAC,KAAK,CAAC;EACxBc,IAAI,EAAE1B,YAAC,CAACY,OAAO,CAAC,QAAQ,CAAC;EACzBe,UAAU,EAAE3B,YAAC,CAAC4B,KAAK,CAAC,CAAC;EACrBC,QAAQ,EAAE9B;AACZ,CAAC;AAACK,OAAA,CAAAoB,YAAA,GAAAA,YAAA;AAGK,MAAMM,yBAAyB,GAAG;EACvCL,MAAM,EAAEzB,YAAC,CAACY,OAAO,CAAC,MAAM,CAAC;EACzBc,IAAI,EAAE1B,YAAC,CAACY,OAAO,CAAC,mBAAmB,CAAC;EACpCe,UAAU,EAAE3B,YAAC,CAACC,MAAM,CAAC;IACnB8B,IAAI,EAAEzB;EACR,CAAC,CAAC;EACFuB,QAAQ,EAAE7B,YAAC,CAACgC,OAAO,CAAC;AACtB,CAAC;AAAC5B,OAAA,CAAA0B,yBAAA,GAAAA,yBAAA;AAGK,MAAMG,4BAA4B,GAAG;EAC1CR,MAAM,EAAEzB,YAAC,CAACY,OAAO,CAAC,MAAM,CAAC;EACzBc,IAAI,EAAE1B,YAAC,CAACY,OAAO,CAAC,QAAQ,CAAC;EACzBe,UAAU,EAAE3B,YAAC,CAACC,MAAM,CAAC;IACnB8B,IAAI,EAAErB;EACR,CAAC,CAAC;EACFmB,QAAQ,EAAE7B,YAAC,CAACgC,OAAO,CAAC;AACtB,CAAC;;AAED;AAAA5B,OAAA,CAAA6B,4BAAA,GAAAA,4BAAA;AACO,MAAMC,gBAAgB,GAAG;EAC9BC,GAAG,EAAE;IACH,QAAQ,EAAEX;EACZ,CAAC;EACDY,IAAI,EAAE;IACJ,mBAAmB,EAAEN,yBAAyB;IAC9C,QAAQ,EAAEG;EACZ;AACF,CAAC;;AAED;;AAEA;;AAIA;;AAEA;AAAA7B,OAAA,CAAA8B,gBAAA,GAAAA,gBAAA;AAyCA;;AAEA;AACO,MAAMG,SAAS,CAAC;EACrBC,OAAO,GAAW,EAAE;EAEpBC,WAAWA,CAAQC,OAAgB,EAAE;IAAA,KAAlBA,OAAgB,GAAhBA,OAAgB;EAAG;EAEtCC,UAAUA,CAACH,OAAe,EAAE;IAC1B,IAAI,CAACA,OAAO,GAAGA,OAAO;IACtB,OAAO,IAAI;EACb;;EAEA;EACAH,GAAGA,CACDT,IAAU,EAE+B;IACzC,OAAO,IAAI,CAACc,OAAO,CAAC,KAAK,EAAE,IAAI,CAACF,OAAO,GAAGZ,IAAI,EAAAgB,SAAA,CAAAC,MAAA,QAAAC,SAAA,GAAAF,SAAA,GAAW,CAAC;EAC5D;EACA;;EAEA;EACAN,IAAIA,CACFV,IAAU,EAE+B;IACzC,OAAO,IAAI,CAACc,OAAO,CAAC,MAAM,EAAE,IAAI,CAACF,OAAO,GAAGZ,IAAI,EAAAgB,SAAA,CAAAC,MAAA,QAAAC,SAAA,GAAAF,SAAA,GAAW,CAAC;EAC7D;EACA;AACF;AAACtC,OAAA,CAAAiC,SAAA,GAAAA,SAAA;AAEM,SAASQ,eAAeA,CAACL,OAAgB,EAAEF,OAAgB,EAAE;EAClE,OAAO,IAAID,SAAS,CAACG,OAAO,CAAC,CAACC,UAAU,CAACH,OAAO,IAAI,EAAE,CAAC;AACzD;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA"}
@@ -0,0 +1,40 @@
1
+ "use strict";
2
+
3
+ Object.defineProperty(exports, "__esModule", {
4
+ value: true
5
+ });
6
+ exports.getWalletProviderClient = void 0;
7
+ var _errors = require("../utils/errors");
8
+ var _walletProvider = require("./generated/wallet-provider");
9
+ const validateResponse = async response => {
10
+ if (!response.ok) {
11
+ let problemDetail = {};
12
+ try {
13
+ problemDetail = _walletProvider.ProblemDetail.parse(await response.json());
14
+ } catch {
15
+ problemDetail = {
16
+ title: "Invalid response from Wallet Provider"
17
+ };
18
+ }
19
+ throw new _errors.WalletProviderResponseError(problemDetail.title ?? "Invalid response from Wallet Provider", problemDetail.type, problemDetail.detail, response.status);
20
+ }
21
+ return response;
22
+ };
23
+ const getWalletProviderClient = context => {
24
+ const {
25
+ walletProviderBaseUrl,
26
+ appFetch = fetch
27
+ } = context;
28
+ return (0, _walletProvider.createApiClient)((method, url, params) => appFetch(url, {
29
+ method,
30
+ body: params ? JSON.stringify(params.body) : undefined
31
+ }).then(validateResponse).then(res => {
32
+ const contentType = res.headers.get("content-type");
33
+ if (contentType === "application/json") {
34
+ return res.json();
35
+ }
36
+ return res.text();
37
+ }), walletProviderBaseUrl);
38
+ };
39
+ exports.getWalletProviderClient = getWalletProviderClient;
40
+ //# sourceMappingURL=index.js.map
@@ -0,0 +1 @@
1
+ {"version":3,"names":["_errors","require","_walletProvider","validateResponse","response","ok","problemDetail","ProblemDetail","parse","json","title","WalletProviderResponseError","type","detail","status","getWalletProviderClient","context","walletProviderBaseUrl","appFetch","fetch","createWalletProviderApiClient","method","url","params","body","JSON","stringify","undefined","then","res","contentType","headers","get","text","exports"],"sourceRoot":"../../../src","sources":["client/index.ts"],"mappings":";;;;;;AAAA,IAAAA,OAAA,GAAAC,OAAA;AACA,IAAAC,eAAA,GAAAD,OAAA;AAQA,MAAME,gBAAgB,GAAG,MAAOC,QAAkB,IAAK;EACrD,IAAI,CAACA,QAAQ,CAACC,EAAE,EAAE;IAChB,IAAIC,aAA4B,GAAG,CAAC,CAAC;IACrC,IAAI;MACFA,aAAa,GAAGC,6BAAa,CAACC,KAAK,CAAC,MAAMJ,QAAQ,CAACK,IAAI,CAAC,CAAC,CAAC;IAC5D,CAAC,CAAC,MAAM;MACNH,aAAa,GAAG;QACdI,KAAK,EAAE;MACT,CAAC;IACH;IAEA,MAAM,IAAIC,mCAA2B,CACnCL,aAAa,CAACI,KAAK,IAAI,uCAAuC,EAC9DJ,aAAa,CAACM,IAAI,EAClBN,aAAa,CAACO,MAAM,EACpBT,QAAQ,CAACU,MACX,CAAC;EACH;EACA,OAAOV,QAAQ;AACjB,CAAC;AAEM,MAAMW,uBAAuB,GAAIC,OAGvC,IAAK;EACJ,MAAM;IAAEC,qBAAqB;IAAEC,QAAQ,GAAGC;EAAM,CAAC,GAAGH,OAAO;EAE3D,OAAO,IAAAI,+BAA6B,EAClC,CAACC,MAAM,EAAEC,GAAG,EAAEC,MAAM,KAClBL,QAAQ,CAACI,GAAG,EAAE;IACZD,MAAM;IACNG,IAAI,EAAED,MAAM,GAAGE,IAAI,CAACC,SAAS,CAACH,MAAM,CAACC,IAAI,CAAC,GAAGG;EAC/C,CAAC,CAAC,CACCC,IAAI,CAACzB,gBAAgB,CAAC,CACtByB,IAAI,CAAEC,GAAG,IAAK;IACb,MAAMC,WAAW,GAAGD,GAAG,CAACE,OAAO,CAACC,GAAG,CAAC,cAAc,CAAC;IACnD,IAAIF,WAAW,KAAK,kBAAkB,EAAE;MACtC,OAAOD,GAAG,CAACpB,IAAI,CAAC,CAAC;IACnB;IACA,OAAOoB,GAAG,CAACI,IAAI,CAAC,CAAC;EACnB,CAAC,CAAC,EACNhB,qBACF,CAAC;AACH,CAAC;AAACiB,OAAA,CAAAnB,uBAAA,GAAAA,uBAAA"}
@@ -6,10 +6,11 @@ Object.defineProperty(exports, "__esModule", {
6
6
  exports.evaluateIssuerTrust = void 0;
7
7
  var _trust = require("../../trust");
8
8
  /**
9
+ * WARNING: This function must be called after {@link startFlow}. The next function to be called is {@link startUserAuthorization}.
9
10
  * The Issuer trust evaluation phase.
10
11
  * Fetch the Issuer's configuration and verify trust.
11
12
  *
12
- * @param issuerUrl The base url of the Issuer
13
+ * @param issuerUrl The base url of the Issuer returned by {@link startFlow}
13
14
  * @param context.appFetch (optional) fetch api implementation. Default: built-in fetch
14
15
  * @returns The Issuer's configuration
15
16
  */
@@ -1 +1 @@
1
- {"version":3,"names":["_trust","require","evaluateIssuerTrust","issuerUrl","context","arguments","length","undefined","issuerConf","getCredentialIssuerEntityConfiguration","appFetch","then","_","payload","metadata","exports"],"sourceRoot":"../../../../src","sources":["credential/issuance/02-evaluate-issuer-trust.ts"],"mappings":";;;;;;AAAA,IAAAA,MAAA,GAAAC,OAAA;AAcA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACO,MAAMC,mBAAwC,GAAG,eAAAA,CACtDC,SAAS,EAEN;EAAA,IADHC,OAAO,GAAAC,SAAA,CAAAC,MAAA,QAAAD,SAAA,QAAAE,SAAA,GAAAF,SAAA,MAAG,CAAC,CAAC;EAEZ,MAAMG,UAAU,GAAG,MAAM,IAAAC,6CAAsC,EAACN,SAAS,EAAE;IACzEO,QAAQ,EAAEN,OAAO,CAACM;EACpB,CAAC,CAAC,CAACC,IAAI,CAAEC,CAAC,IAAKA,CAAC,CAACC,OAAO,CAACC,QAAQ,CAAC;EAClC,OAAO;IAAEN;EAAW,CAAC;AACvB,CAAC;AAACO,OAAA,CAAAb,mBAAA,GAAAA,mBAAA"}
1
+ {"version":3,"names":["_trust","require","evaluateIssuerTrust","issuerUrl","context","arguments","length","undefined","issuerConf","getCredentialIssuerEntityConfiguration","appFetch","then","_","payload","metadata","exports"],"sourceRoot":"../../../../src","sources":["credential/issuance/02-evaluate-issuer-trust.ts"],"mappings":";;;;;;AAAA,IAAAA,MAAA,GAAAC,OAAA;AAcA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACO,MAAMC,mBAAwC,GAAG,eAAAA,CACtDC,SAAS,EAEN;EAAA,IADHC,OAAO,GAAAC,SAAA,CAAAC,MAAA,QAAAD,SAAA,QAAAE,SAAA,GAAAF,SAAA,MAAG,CAAC,CAAC;EAEZ,MAAMG,UAAU,GAAG,MAAM,IAAAC,6CAAsC,EAACN,SAAS,EAAE;IACzEO,QAAQ,EAAEN,OAAO,CAACM;EACpB,CAAC,CAAC,CAACC,IAAI,CAAEC,CAAC,IAAKA,CAAC,CAACC,OAAO,CAACC,QAAQ,CAAC;EAClC,OAAO;IAAEN;EAAW,CAAC;AACvB,CAAC;AAACO,OAAA,CAAAb,mBAAA,GAAAA,mBAAA"}
@@ -0,0 +1,287 @@
1
+ "use strict";
2
+
3
+ Object.defineProperty(exports, "__esModule", {
4
+ value: true
5
+ });
6
+ exports.startCredentialIssuance = exports.createNonceProof = exports.authorizeUserWithQueryMode = void 0;
7
+ var _reactNativeUuid = _interopRequireDefault(require("react-native-uuid"));
8
+ var _par = require("../../utils/par");
9
+ var _ioReactNativeJwt = require("@pagopa/io-react-native-jwt");
10
+ var _misc = require("../../utils/misc");
11
+ var _const = require("./const");
12
+ var _parseUrl = _interopRequireDefault(require("parse-url"));
13
+ var _errors = require("../../utils/errors");
14
+ var _auth = require("../../utils/auth");
15
+ var _crypto = require("../../utils/crypto");
16
+ var _dpop = require("../../utils/dpop");
17
+ var _pop = require("../../utils/pop");
18
+ var _types = require("./types");
19
+ var WalletInstanceAttestation = _interopRequireWildcard(require("../../wallet-instance-attestation"));
20
+ var _reactNative = require("react-native");
21
+ function _getRequireWildcardCache(nodeInterop) { if (typeof WeakMap !== "function") return null; var cacheBabelInterop = new WeakMap(); var cacheNodeInterop = new WeakMap(); return (_getRequireWildcardCache = function (nodeInterop) { return nodeInterop ? cacheNodeInterop : cacheBabelInterop; })(nodeInterop); }
22
+ function _interopRequireWildcard(obj, nodeInterop) { if (!nodeInterop && obj && obj.__esModule) { return obj; } if (obj === null || typeof obj !== "object" && typeof obj !== "function") { return { default: obj }; } var cache = _getRequireWildcardCache(nodeInterop); if (cache && cache.has(obj)) { return cache.get(obj); } var newObj = {}; var hasPropertyDescriptor = Object.defineProperty && Object.getOwnPropertyDescriptor; for (var key in obj) { if (key !== "default" && Object.prototype.hasOwnProperty.call(obj, key)) { var desc = hasPropertyDescriptor ? Object.getOwnPropertyDescriptor(obj, key) : null; if (desc && (desc.get || desc.set)) { Object.defineProperty(newObj, key, desc); } else { newObj[key] = obj[key]; } } } newObj.default = obj; if (cache) { cache.set(obj, newObj); } return newObj; }
23
+ function _interopRequireDefault(obj) { return obj && obj.__esModule ? obj : { default: obj }; }
24
+ /**
25
+ * Ensures that the credential type requested is supported by the issuer and contained in the
26
+ * issuer configuration.
27
+ * @param issuerConf The issuer configuration
28
+ * @param credentialType The type of the credential to be requested
29
+ * @returns The credential definition to be used in the request which includes the format and the type and its type
30
+ */
31
+ const selectCredentialDefinition = (issuerConf, credentialType) => {
32
+ const credential_configurations_supported = issuerConf.openid_credential_issuer.credential_configurations_supported;
33
+ const [result] = Object.keys(credential_configurations_supported).filter(e => e.includes(credentialType)).map(e => ({
34
+ credential_configuration_id: credentialType,
35
+ format: credential_configurations_supported[e].format,
36
+ type: "openid_credential"
37
+ }));
38
+ if (!result) {
39
+ throw new Error(`No credential support the type '${credentialType}'`);
40
+ }
41
+ return result;
42
+ };
43
+
44
+ /**
45
+ * Ensures that the response mode requested is supported by the issuer and contained in the issuer configuration.
46
+ * @param issuerConf The issuer configuration
47
+ * @param credentialType The type of the credential to be requested
48
+ * @returns The response mode to be used in the request, "query" for PersonIdentificationData and "form_post.jwt" for all other types.
49
+ */
50
+ const selectResponseMode = (issuerConf, credentialType) => {
51
+ const responseModeSupported = issuerConf.oauth_authorization_server.response_modes_supported;
52
+ const responseMode = credentialType === "PersonIdentificationData" ? "query" : "form_post.jwt";
53
+ if (!responseModeSupported.includes(responseMode)) {
54
+ throw new Error(`No response mode support the type '${credentialType}'`);
55
+ }
56
+ return responseMode;
57
+ };
58
+ /**
59
+ * Starts the credential issuance flow to obtain a credential from the issuer.
60
+ * @param issuerConf The Issuer configuration
61
+ * @param credentialType The type of the credential to be requested
62
+ * @param context.wiaCryptoContext The context to access the key associated with the Wallet Instance Attestation
63
+ * @param context.credentialCryptoContext The context to access the key to associat with credential
64
+ * @param context.walletInstanceAttestation The Wallet Instance Attestation token
65
+ * @param context.authorizationContext The context to identify the user which will be used to start the authorization. It's needed only when requesting a PersonalIdentificationData credential. The implementantion should open an in-app browser capable of catching the redirectSchema. If not specified, the default browser is used.
66
+ * @param context.redirectUri The internal URL to which to redirect has passed the in-app browser login phase. If you don't use authorizationContext remember to register this URL as customUrl or deepLink. See https://reactnative.dev/docs/linking
67
+ * @param context.idphint Unique identifier of the SPID IDP
68
+ * @param context.appFetch (optional) fetch api implementation. Default: built-in fetch
69
+ * @throws {AuthorizationError} When the response from the authorization response is not parsable
70
+ * @returns The credential obtained
71
+ */
72
+
73
+ const startCredentialIssuance = async (issuerConf, credentialType, ctx) => {
74
+ const {
75
+ wiaCryptoContext,
76
+ credentialCryptoContext,
77
+ walletInstanceAttestation,
78
+ authorizationContext,
79
+ redirectUri,
80
+ idphint,
81
+ appFetch = fetch
82
+ } = ctx;
83
+
84
+ /**
85
+ * Creates and sends a PAR request to the /as/par endpoint of the authroization server.
86
+ * This starts the authentication flow to obtain an access token.
87
+ * This token enables the Wallet Instance to request a digital credential from the Credential Endpoint of the Credential Issuer.
88
+ * This is an HTTP POST request containing the Wallet Instance identifier (client id), the code challenge and challenge method as specified by PKCE according to RFC 9126
89
+ * along with the WTE and its proof of possession (WTE-PoP).
90
+ * Additionally, it includes a request object, which is a signed JWT encapsulating the type of digital credential requested (authorization_details),
91
+ * the application session identifier on the Wallet Instance side (state),
92
+ * the method (query or form_post.jwt) by which the Authorization Server
93
+ * should transmit the Authorization Response containing the authorization code issued upon the end user's authentication (response_mode)
94
+ * to the Wallet Instance's Token Endpoint to obtain the Access Token, and the redirect_uri of the Wallet Instance where the Authorization Response
95
+ * should be delivered. The redirect is achived by using a custom URL scheme that the Wallet Instance is registered to handle.
96
+ */
97
+ const clientId = await wiaCryptoContext.getPublicKey().then(_ => _.kid);
98
+ const codeVerifier = (0, _misc.generateRandomAlphaNumericString)(64);
99
+ const parEndpoint = issuerConf.oauth_authorization_server.pushed_authorization_request_endpoint;
100
+ const parUrl = new URL(parEndpoint);
101
+ const aud = `${parUrl.protocol}//${parUrl.hostname}`;
102
+ const iss = WalletInstanceAttestation.decode(walletInstanceAttestation).payload.cnf.jwk.kid;
103
+ const credentialDefinition = selectCredentialDefinition(issuerConf, credentialType);
104
+ const responseMode = selectResponseMode(issuerConf, credentialType);
105
+ const getPar = (0, _par.makeParRequest)({
106
+ wiaCryptoContext,
107
+ appFetch
108
+ });
109
+ const issuerRequestUri = await getPar(clientId, codeVerifier, redirectUri, responseMode, parEndpoint, walletInstanceAttestation, [credentialDefinition], _const.ASSERTION_TYPE);
110
+
111
+ /**
112
+ * Starts the authorization flow which dependes on the response mode and the request credential.
113
+ * If the response mode is "query" the authorization flow is handled differently via the authorization context which opens an in-app browser capable of catching the redirectSchema.
114
+ * The form_post.jwt mode is not currently supported.
115
+ */
116
+ const authorizeFlowResult = await (async () => {
117
+ const authzRequestEndpoint = issuerConf.oauth_authorization_server.authorization_endpoint;
118
+ if (responseMode === "query") {
119
+ const params = new URLSearchParams({
120
+ client_id: clientId,
121
+ request_uri: issuerRequestUri,
122
+ idphint
123
+ });
124
+
125
+ /**
126
+ * Starts the authorization flow to obtain an authorization code by performing a GET request to the /authorize endpoint of the authorization server.
127
+ */
128
+ return await authorizeUserWithQueryMode(authzRequestEndpoint, params, redirectUri, authorizationContext);
129
+ } else {
130
+ throw new _errors.AuthorizationError("Response mode not supported for this type of credential");
131
+ }
132
+ })();
133
+
134
+ /**
135
+ * Creates and sends the DPoP Proof JWT to be presented with the authorization code to the /token endpoint of the authorization server
136
+ * for requesting the issuance of an access token bound to the public key of the Wallet Instance contained within the DPoP.
137
+ * This enables the Wallet Instance to request a digital credential.
138
+ * The DPoP Proof JWT is generated according to the section 4.3 of the DPoP RFC 9449 specification.
139
+ */
140
+
141
+ const {
142
+ code
143
+ } = authorizeFlowResult;
144
+ const tokenUrl = issuerConf.oauth_authorization_server.token_endpoint;
145
+ // Use an ephemeral key to be destroyed after use
146
+ const tokenRequestSignedDPop = await (0, _crypto.withEphemeralKey)(async ephimeralContext => {
147
+ return await (0, _dpop.createDPopToken)({
148
+ htm: "POST",
149
+ htu: tokenUrl,
150
+ jti: `${_reactNativeUuid.default.v4()}`
151
+ }, ephimeralContext);
152
+ });
153
+ const signedWiaPoP = await (0, _pop.createPopToken)({
154
+ jti: `${_reactNativeUuid.default.v4()}`,
155
+ aud,
156
+ iss
157
+ }, wiaCryptoContext);
158
+ const requestBody = {
159
+ grant_type: "authorization_code",
160
+ client_id: clientId,
161
+ code,
162
+ redirect_uri: redirectUri,
163
+ code_verifier: codeVerifier,
164
+ client_assertion_type: _const.ASSERTION_TYPE,
165
+ client_assertion: walletInstanceAttestation + "~" + signedWiaPoP
166
+ };
167
+ const authorizationRequestFormBody = new URLSearchParams(requestBody);
168
+ const tokenRes = await appFetch(tokenUrl, {
169
+ method: "POST",
170
+ headers: {
171
+ "Content-Type": "application/x-www-form-urlencoded",
172
+ DPoP: tokenRequestSignedDPop
173
+ },
174
+ body: authorizationRequestFormBody.toString()
175
+ }).then((0, _misc.hasStatus)(200)).then(res => res.json()).then(body => _types.TokenResponse.safeParse(body));
176
+ if (!tokenRes.success) {
177
+ throw new _errors.ValidationFailed(tokenRes.error.message);
178
+ }
179
+
180
+ /**
181
+ * Validates the token response and extracts the access token, c_nonce and c_nonce_expires_in.
182
+ */
183
+ const accessTokenResponse = tokenRes.data;
184
+ const credentialUrl = issuerConf.openid_credential_issuer.credential_endpoint;
185
+
186
+ /**
187
+ * JWT proof token to bind the request nonce to the key that will bind the holder User with the Credential
188
+ * This is presented along with the access token to the Credential Endpoint as proof of possession of the private key used to sign the Access Token.
189
+ * @see https://openid.net/specs/openid-4-verifiable-credential-issuance-1_0.html#name-proof-types
190
+ */
191
+ const signedNonceProof = await createNonceProof(accessTokenResponse.c_nonce, clientId, credentialUrl, credentialCryptoContext);
192
+
193
+ // Validation of accessTokenResponse.authorization_details if contain credentialDefinition
194
+ const constainsCredentialDefinition = accessTokenResponse.authorization_details.some(c => c.credential_configuration_id === credentialDefinition.credential_configuration_id && c.format === credentialDefinition.format && c.type === credentialDefinition.type);
195
+ if (!constainsCredentialDefinition) {
196
+ throw new _errors.ValidationFailed("The access token response does not contain the requested credential");
197
+ }
198
+
199
+ /** The credential request body */
200
+ const credentialRequestFormBody = {
201
+ credential_definition: {
202
+ type: [credentialDefinition.credential_configuration_id]
203
+ },
204
+ format: credentialDefinition.format,
205
+ proof: {
206
+ jwt: signedNonceProof,
207
+ proof_type: "jwt"
208
+ }
209
+ };
210
+ const credentialRes = await appFetch(credentialUrl, {
211
+ method: "POST",
212
+ headers: {
213
+ "Content-Type": "application/json",
214
+ DPoP: tokenRequestSignedDPop,
215
+ Authorization: `${accessTokenResponse.token_type} ${accessTokenResponse.access_token}`
216
+ },
217
+ body: JSON.stringify(credentialRequestFormBody)
218
+ }).then((0, _misc.hasStatus)(200)).then(res => res.json()).then(body => _types.CredentialResponse.safeParse(body));
219
+ if (!credentialRes.success) {
220
+ throw new _errors.ValidationFailed(credentialRes.error.message);
221
+ }
222
+ return credentialRes.data;
223
+ };
224
+
225
+ /**
226
+ * Authorizes the user using the query mode and the authorization context.
227
+ * @param authzRequestEndpoint The authorization endpoint of the authorization server
228
+ * @param params The query parameters to be used in the request
229
+ * @param redirectUri The URL to which the redirect is made is usually a custom URL or deeplink
230
+ * @param authorizationContext The AuthorizationContext to manage the internal webview. If not specified, the default browser is used
231
+ * @returns The authrozation result containing the authorization code, state and issuer
232
+ */
233
+ exports.startCredentialIssuance = startCredentialIssuance;
234
+ const authorizeUserWithQueryMode = async (authzRequestEndpoint, params, redirectUri, authorizationContext) => {
235
+ const authUrl = `${authzRequestEndpoint}?${params}`;
236
+ var authRedirectUrl;
237
+ if (authorizationContext) {
238
+ const redirectSchema = new URL(redirectUri).protocol.replace(":", "");
239
+ authRedirectUrl = await authorizationContext.authorize(authUrl, redirectSchema).catch(e => {
240
+ throw new _errors.AuthorizationError(e.message);
241
+ });
242
+ } else {
243
+ // handler for redirectUri
244
+ _reactNative.Linking.addEventListener("url", _ref => {
245
+ let {
246
+ url
247
+ } = _ref;
248
+ if (url.includes(redirectUri)) {
249
+ authRedirectUrl = url;
250
+ }
251
+ });
252
+ const openAuthUrlInBrowser = _reactNative.Linking.openURL(authUrl);
253
+
254
+ /*
255
+ * Waits for 120 seconds for the identificationRedirectUrl variable to be set
256
+ * by the custom url handler. If the timeout is exceeded, throw an exception
257
+ */
258
+ const unitAuthRedirectIsNotUndefined = (0, _misc.until)(() => authRedirectUrl !== undefined, 120);
259
+ await Promise.all([openAuthUrlInBrowser, unitAuthRedirectIsNotUndefined]);
260
+ if (authRedirectUrl === undefined) {
261
+ throw new _errors.AuthorizationError("Invalid authentication redirect url");
262
+ }
263
+ }
264
+ const urlParse = (0, _parseUrl.default)(authRedirectUrl);
265
+ const authRes = _auth.AuthorizationResultShape.safeParse(urlParse.query);
266
+ if (!authRes.success) {
267
+ const authErr = _auth.AuthorizationErrorShape.safeParse(urlParse.query);
268
+ if (!authErr.success) {
269
+ throw new _errors.AuthorizationError(authRes.error.message); // an error occured while parsing the result and the error
270
+ }
271
+
272
+ throw new _errors.AuthorizationIdpError(authErr.data.error, authErr.data.error_description);
273
+ }
274
+ return authRes.data;
275
+ };
276
+ exports.authorizeUserWithQueryMode = authorizeUserWithQueryMode;
277
+ const createNonceProof = async (nonce, issuer, audience, ctx) => {
278
+ const jwk = await ctx.getPublicKey();
279
+ return new _ioReactNativeJwt.SignJWT(ctx).setPayload({
280
+ nonce
281
+ }).setProtectedHeader({
282
+ typ: "openid4vci-proof+jwt",
283
+ jwk
284
+ }).setAudience(audience).setIssuer(issuer).setIssuedAt().setExpirationTime("5min").sign();
285
+ };
286
+ exports.createNonceProof = createNonceProof;
287
+ //# sourceMappingURL=03-start-credential-issuance.js.map
@@ -0,0 +1 @@
1
+ {"version":3,"names":["_reactNativeUuid","_interopRequireDefault","require","_par","_ioReactNativeJwt","_misc","_const","_parseUrl","_errors","_auth","_crypto","_dpop","_pop","_types","WalletInstanceAttestation","_interopRequireWildcard","_reactNative","_getRequireWildcardCache","nodeInterop","WeakMap","cacheBabelInterop","cacheNodeInterop","obj","__esModule","default","cache","has","get","newObj","hasPropertyDescriptor","Object","defineProperty","getOwnPropertyDescriptor","key","prototype","hasOwnProperty","call","desc","set","selectCredentialDefinition","issuerConf","credentialType","credential_configurations_supported","openid_credential_issuer","result","keys","filter","e","includes","map","credential_configuration_id","format","type","Error","selectResponseMode","responseModeSupported","oauth_authorization_server","response_modes_supported","responseMode","startCredentialIssuance","ctx","wiaCryptoContext","credentialCryptoContext","walletInstanceAttestation","authorizationContext","redirectUri","idphint","appFetch","fetch","clientId","getPublicKey","then","_","kid","codeVerifier","generateRandomAlphaNumericString","parEndpoint","pushed_authorization_request_endpoint","parUrl","URL","aud","protocol","hostname","iss","decode","payload","cnf","jwk","credentialDefinition","getPar","makeParRequest","issuerRequestUri","ASSERTION_TYPE","authorizeFlowResult","authzRequestEndpoint","authorization_endpoint","params","URLSearchParams","client_id","request_uri","authorizeUserWithQueryMode","AuthorizationError","code","tokenUrl","token_endpoint","tokenRequestSignedDPop","withEphemeralKey","ephimeralContext","createDPopToken","htm","htu","jti","uuid","v4","signedWiaPoP","createPopToken","requestBody","grant_type","redirect_uri","code_verifier","client_assertion_type","client_assertion","authorizationRequestFormBody","tokenRes","method","headers","DPoP","body","toString","hasStatus","res","json","TokenResponse","safeParse","success","ValidationFailed","error","message","accessTokenResponse","data","credentialUrl","credential_endpoint","signedNonceProof","createNonceProof","c_nonce","constainsCredentialDefinition","authorization_details","some","c","credentialRequestFormBody","credential_definition","proof","jwt","proof_type","credentialRes","Authorization","token_type","access_token","JSON","stringify","CredentialResponse","exports","authUrl","authRedirectUrl","redirectSchema","replace","authorize","catch","Linking","addEventListener","_ref","url","openAuthUrlInBrowser","openURL","unitAuthRedirectIsNotUndefined","until","undefined","Promise","all","urlParse","parseUrl","authRes","AuthorizationResultShape","query","authErr","AuthorizationErrorShape","AuthorizationIdpError","error_description","nonce","issuer","audience","SignJWT","setPayload","setProtectedHeader","typ","setAudience","setIssuer","setIssuedAt","setExpirationTime","sign"],"sourceRoot":"../../../../src","sources":["credential/issuance/03-start-credential-issuance.ts"],"mappings":";;;;;;AAAA,IAAAA,gBAAA,GAAAC,sBAAA,CAAAC,OAAA;AACA,IAAAC,IAAA,GAAAD,OAAA;AACA,IAAAE,iBAAA,GAAAF,OAAA;AACA,IAAAG,KAAA,GAAAH,OAAA;AAQA,IAAAI,MAAA,GAAAJ,OAAA;AACA,IAAAK,SAAA,GAAAN,sBAAA,CAAAC,OAAA;AACA,IAAAM,OAAA,GAAAN,OAAA;AAKA,IAAAO,KAAA,GAAAP,OAAA;AAMA,IAAAQ,OAAA,GAAAR,OAAA;AACA,IAAAS,KAAA,GAAAT,OAAA;AACA,IAAAU,IAAA,GAAAV,OAAA;AACA,IAAAW,MAAA,GAAAX,OAAA;AACA,IAAAY,yBAAA,GAAAC,uBAAA,CAAAb,OAAA;AACA,IAAAc,YAAA,GAAAd,OAAA;AAAuC,SAAAe,yBAAAC,WAAA,eAAAC,OAAA,kCAAAC,iBAAA,OAAAD,OAAA,QAAAE,gBAAA,OAAAF,OAAA,YAAAF,wBAAA,YAAAA,CAAAC,WAAA,WAAAA,WAAA,GAAAG,gBAAA,GAAAD,iBAAA,KAAAF,WAAA;AAAA,SAAAH,wBAAAO,GAAA,EAAAJ,WAAA,SAAAA,WAAA,IAAAI,GAAA,IAAAA,GAAA,CAAAC,UAAA,WAAAD,GAAA,QAAAA,GAAA,oBAAAA,GAAA,wBAAAA,GAAA,4BAAAE,OAAA,EAAAF,GAAA,UAAAG,KAAA,GAAAR,wBAAA,CAAAC,WAAA,OAAAO,KAAA,IAAAA,KAAA,CAAAC,GAAA,CAAAJ,GAAA,YAAAG,KAAA,CAAAE,GAAA,CAAAL,GAAA,SAAAM,MAAA,WAAAC,qBAAA,GAAAC,MAAA,CAAAC,cAAA,IAAAD,MAAA,CAAAE,wBAAA,WAAAC,GAAA,IAAAX,GAAA,QAAAW,GAAA,kBAAAH,MAAA,CAAAI,SAAA,CAAAC,cAAA,CAAAC,IAAA,CAAAd,GAAA,EAAAW,GAAA,SAAAI,IAAA,GAAAR,qBAAA,GAAAC,MAAA,CAAAE,wBAAA,CAAAV,GAAA,EAAAW,GAAA,cAAAI,IAAA,KAAAA,IAAA,CAAAV,GAAA,IAAAU,IAAA,CAAAC,GAAA,KAAAR,MAAA,CAAAC,cAAA,CAAAH,MAAA,EAAAK,GAAA,EAAAI,IAAA,YAAAT,MAAA,CAAAK,GAAA,IAAAX,GAAA,CAAAW,GAAA,SAAAL,MAAA,CAAAJ,OAAA,GAAAF,GAAA,MAAAG,KAAA,IAAAA,KAAA,CAAAa,GAAA,CAAAhB,GAAA,EAAAM,MAAA,YAAAA,MAAA;AAAA,SAAA3B,uBAAAqB,GAAA,WAAAA,GAAA,IAAAA,GAAA,CAAAC,UAAA,GAAAD,GAAA,KAAAE,OAAA,EAAAF,GAAA;AAEvC;AACA;AACA;AACA;AACA;AACA;AACA;AACA,MAAMiB,0BAA0B,GAAGA,CACjCC,UAAkD,EAClDC,cAAgD,KACxB;EACxB,MAAMC,mCAAmC,GACvCF,UAAU,CAACG,wBAAwB,CAACD,mCAAmC;EAEzE,MAAM,CAACE,MAAM,CAAC,GAAGd,MAAM,CAACe,IAAI,CAACH,mCAAmC,CAAC,CAC9DI,MAAM,CAAEC,CAAC,IAAKA,CAAC,CAACC,QAAQ,CAACP,cAAc,CAAC,CAAC,CACzCQ,GAAG,CAAEF,CAAC,KAAM;IACXG,2BAA2B,EAAET,cAAc;IAC3CU,MAAM,EAAET,mCAAmC,CAACK,CAAC,CAAC,CAAEI,MAAM;IACtDC,IAAI,EAAE;EACR,CAAC,CAAC,CAAC;EAEL,IAAI,CAACR,MAAM,EAAE;IACX,MAAM,IAAIS,KAAK,CAAE,mCAAkCZ,cAAe,GAAE,CAAC;EACvE;EACA,OAAOG,MAAM;AACf,CAAC;;AAED;AACA;AACA;AACA;AACA;AACA;AACA,MAAMU,kBAAkB,GAAGA,CACzBd,UAAkD,EAClDC,cAAgD,KAC/B;EACjB,MAAMc,qBAAqB,GACzBf,UAAU,CAACgB,0BAA0B,CAACC,wBAAwB;EAEhE,MAAMC,YAAY,GAChBjB,cAAc,KAAK,0BAA0B,GAAG,OAAO,GAAG,eAAe;EAE3E,IAAI,CAACc,qBAAqB,CAACP,QAAQ,CAACU,YAAY,CAAC,EAAE;IACjD,MAAM,IAAIL,KAAK,CAAE,sCAAqCZ,cAAe,GAAE,CAAC;EAC1E;EAEA,OAAOiB,YAAY;AACrB,CAAC;AAgBD;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEO,MAAMC,uBAAgD,GAAG,MAAAA,CAC9DnB,UAAU,EACVC,cAAc,EACdmB,GAAG,KACA;EACH,MAAM;IACJC,gBAAgB;IAChBC,uBAAuB;IACvBC,yBAAyB;IACzBC,oBAAoB;IACpBC,WAAW;IACXC,OAAO;IACPC,QAAQ,GAAGC;EACb,CAAC,GAAGR,GAAG;;EAEP;AACF;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;EACE,MAAMS,QAAQ,GAAG,MAAMR,gBAAgB,CAACS,YAAY,CAAC,CAAC,CAACC,IAAI,CAAEC,CAAC,IAAKA,CAAC,CAACC,GAAG,CAAC;EACzE,MAAMC,YAAY,GAAG,IAAAC,sCAAgC,EAAC,EAAE,CAAC;EACzD,MAAMC,WAAW,GACfpC,UAAU,CAACgB,0BAA0B,CAACqB,qCAAqC;EAC7E,MAAMC,MAAM,GAAG,IAAIC,GAAG,CAACH,WAAW,CAAC;EACnC,MAAMI,GAAG,GAAI,GAAEF,MAAM,CAACG,QAAS,KAAIH,MAAM,CAACI,QAAS,EAAC;EACpD,MAAMC,GAAG,GAAGrE,yBAAyB,CAACsE,MAAM,CAACrB,yBAAyB,CAAC,CACpEsB,OAAO,CAACC,GAAG,CAACC,GAAG,CAACd,GAAG;EACtB,MAAMe,oBAAoB,GAAGjD,0BAA0B,CACrDC,UAAU,EACVC,cACF,CAAC;EACD,MAAMiB,YAAY,GAAGJ,kBAAkB,CAACd,UAAU,EAAEC,cAAc,CAAC;EAEnE,MAAMgD,MAAM,GAAG,IAAAC,mBAAc,EAAC;IAAE7B,gBAAgB;IAAEM;EAAS,CAAC,CAAC;EAC7D,MAAMwB,gBAAgB,GAAG,MAAMF,MAAM,CACnCpB,QAAQ,EACRK,YAAY,EACZT,WAAW,EACXP,YAAY,EACZkB,WAAW,EACXb,yBAAyB,EACzB,CAACyB,oBAAoB,CAAC,EACtBI,qBACF,CAAC;;EAED;AACF;AACA;AACA;AACA;EACE,MAAMC,mBAAmB,GAAG,MAAM,CAAC,YAAY;IAC7C,MAAMC,oBAAoB,GACxBtD,UAAU,CAACgB,0BAA0B,CAACuC,sBAAsB;IAC9D,IAAIrC,YAAY,KAAK,OAAO,EAAE;MAC5B,MAAMsC,MAAM,GAAG,IAAIC,eAAe,CAAC;QACjCC,SAAS,EAAE7B,QAAQ;QACnB8B,WAAW,EAAER,gBAAgB;QAC7BzB;MACF,CAAC,CAAC;;MAEF;AACN;AACA;MACM,OAAO,MAAMkC,0BAA0B,CACrCN,oBAAoB,EACpBE,MAAM,EACN/B,WAAW,EACXD,oBACF,CAAC;IACH,CAAC,MAAM;MACL,MAAM,IAAIqC,0BAAkB,CAC1B,yDACF,CAAC;IACH;EACF,CAAC,EAAE,CAAC;;EAEJ;AACF;AACA;AACA;AACA;AACA;;EAEE,MAAM;IAAEC;EAAK,CAAC,GAAGT,mBAAmB;EACpC,MAAMU,QAAQ,GAAG/D,UAAU,CAACgB,0BAA0B,CAACgD,cAAc;EACrE;EACA,MAAMC,sBAAsB,GAAG,MAAM,IAAAC,wBAAgB,EACnD,MAAOC,gBAAgB,IAAK;IAC1B,OAAO,MAAM,IAAAC,qBAAe,EAC1B;MACEC,GAAG,EAAE,MAAM;MACXC,GAAG,EAAEP,QAAQ;MACbQ,GAAG,EAAG,GAAEC,wBAAI,CAACC,EAAE,CAAC,CAAE;IACpB,CAAC,EACDN,gBACF,CAAC;EACH,CACF,CAAC;EAED,MAAMO,YAAY,GAAG,MAAM,IAAAC,mBAAc,EACvC;IACEJ,GAAG,EAAG,GAAEC,wBAAI,CAACC,EAAE,CAAC,CAAE,EAAC;IACnBjC,GAAG;IACHG;EACF,CAAC,EACDtB,gBACF,CAAC;EAED,MAAMuD,WAAW,GAAG;IAClBC,UAAU,EAAE,oBAAoB;IAChCnB,SAAS,EAAE7B,QAAQ;IACnBiC,IAAI;IACJgB,YAAY,EAAErD,WAAW;IACzBsD,aAAa,EAAE7C,YAAY;IAC3B8C,qBAAqB,EAAE5B,qBAAc;IACrC6B,gBAAgB,EAAE1D,yBAAyB,GAAG,GAAG,GAAGmD;EACtD,CAAC;EAED,MAAMQ,4BAA4B,GAAG,IAAIzB,eAAe,CAACmB,WAAW,CAAC;EACrE,MAAMO,QAAQ,GAAG,MAAMxD,QAAQ,CAACoC,QAAQ,EAAE;IACxCqB,MAAM,EAAE,MAAM;IACdC,OAAO,EAAE;MACP,cAAc,EAAE,mCAAmC;MACnDC,IAAI,EAAErB;IACR,CAAC;IACDsB,IAAI,EAAEL,4BAA4B,CAACM,QAAQ,CAAC;EAC9C,CAAC,CAAC,CACCzD,IAAI,CAAC,IAAA0D,eAAS,EAAC,GAAG,CAAC,CAAC,CACpB1D,IAAI,CAAE2D,GAAG,IAAKA,GAAG,CAACC,IAAI,CAAC,CAAC,CAAC,CACzB5D,IAAI,CAAEwD,IAAI,IAAKK,oBAAa,CAACC,SAAS,CAACN,IAAI,CAAC,CAAC;EAEhD,IAAI,CAACJ,QAAQ,CAACW,OAAO,EAAE;IACrB,MAAM,IAAIC,wBAAgB,CAACZ,QAAQ,CAACa,KAAK,CAACC,OAAO,CAAC;EACpD;;EAEA;AACF;AACA;EACE,MAAMC,mBAAmB,GAAGf,QAAQ,CAACgB,IAAI;EACzC,MAAMC,aAAa,GAAGpG,UAAU,CAACG,wBAAwB,CAACkG,mBAAmB;;EAE7E;AACF;AACA;AACA;AACA;EACE,MAAMC,gBAAgB,GAAG,MAAMC,gBAAgB,CAC7CL,mBAAmB,CAACM,OAAO,EAC3B3E,QAAQ,EACRuE,aAAa,EACb9E,uBACF,CAAC;;EAED;EACA,MAAMmF,6BAA6B,GACjCP,mBAAmB,CAACQ,qBAAqB,CAACC,IAAI,CAC3CC,CAAC,IACAA,CAAC,CAAClG,2BAA2B,KAC3BsC,oBAAoB,CAACtC,2BAA2B,IAClDkG,CAAC,CAACjG,MAAM,KAAKqC,oBAAoB,CAACrC,MAAM,IACxCiG,CAAC,CAAChG,IAAI,KAAKoC,oBAAoB,CAACpC,IACpC,CAAC;EAEH,IAAI,CAAC6F,6BAA6B,EAAE;IAClC,MAAM,IAAIV,wBAAgB,CACxB,qEACF,CAAC;EACH;;EAEA;EACA,MAAMc,yBAAyB,GAAG;IAChCC,qBAAqB,EAAE;MACrBlG,IAAI,EAAE,CAACoC,oBAAoB,CAACtC,2BAA2B;IACzD,CAAC;IACDC,MAAM,EAAEqC,oBAAoB,CAACrC,MAAM;IACnCoG,KAAK,EAAE;MACLC,GAAG,EAAEV,gBAAgB;MACrBW,UAAU,EAAE;IACd;EACF,CAAC;EAED,MAAMC,aAAa,GAAG,MAAMvF,QAAQ,CAACyE,aAAa,EAAE;IAClDhB,MAAM,EAAE,MAAM;IACdC,OAAO,EAAE;MACP,cAAc,EAAE,kBAAkB;MAClCC,IAAI,EAAErB,sBAAsB;MAC5BkD,aAAa,EAAG,GAAEjB,mBAAmB,CAACkB,UAAW,IAAGlB,mBAAmB,CAACmB,YAAa;IACvF,CAAC;IACD9B,IAAI,EAAE+B,IAAI,CAACC,SAAS,CAACV,yBAAyB;EAChD,CAAC,CAAC,CACC9E,IAAI,CAAC,IAAA0D,eAAS,EAAC,GAAG,CAAC,CAAC,CACpB1D,IAAI,CAAE2D,GAAG,IAAKA,GAAG,CAACC,IAAI,CAAC,CAAC,CAAC,CACzB5D,IAAI,CAAEwD,IAAI,IAAKiC,yBAAkB,CAAC3B,SAAS,CAACN,IAAI,CAAC,CAAC;EAErD,IAAI,CAAC2B,aAAa,CAACpB,OAAO,EAAE;IAC1B,MAAM,IAAIC,wBAAgB,CAACmB,aAAa,CAAClB,KAAK,CAACC,OAAO,CAAC;EACzD;EAEA,OAAOiB,aAAa,CAACf,IAAI;AAC3B,CAAC;;AAED;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AAPAsB,OAAA,CAAAtG,uBAAA,GAAAA,uBAAA;AAQO,MAAMyC,0BAA0B,GAAG,MAAAA,CACxCN,oBAA4B,EAC5BE,MAAuB,EACvB/B,WAAmB,EACnBD,oBAA2C,KACV;EACjC,MAAMkG,OAAO,GAAI,GAAEpE,oBAAqB,IAAGE,MAAO,EAAC;EACnD,IAAImE,eAAmC;EAEvC,IAAInG,oBAAoB,EAAE;IACxB,MAAMoG,cAAc,GAAG,IAAIrF,GAAG,CAACd,WAAW,CAAC,CAACgB,QAAQ,CAACoF,OAAO,CAAC,GAAG,EAAE,EAAE,CAAC;IACrEF,eAAe,GAAG,MAAMnG,oBAAoB,CACzCsG,SAAS,CAACJ,OAAO,EAAEE,cAAc,CAAC,CAClCG,KAAK,CAAExH,CAAC,IAAK;MACZ,MAAM,IAAIsD,0BAAkB,CAACtD,CAAC,CAAC0F,OAAO,CAAC;IACzC,CAAC,CAAC;EACN,CAAC,MAAM;IACL;IACA+B,oBAAO,CAACC,gBAAgB,CAAC,KAAK,EAAEC,IAAA,IAAa;MAAA,IAAZ;QAAEC;MAAI,CAAC,GAAAD,IAAA;MACtC,IAAIC,GAAG,CAAC3H,QAAQ,CAACiB,WAAW,CAAC,EAAE;QAC7BkG,eAAe,GAAGQ,GAAG;MACvB;IACF,CAAC,CAAC;IAEF,MAAMC,oBAAoB,GAAGJ,oBAAO,CAACK,OAAO,CAACX,OAAO,CAAC;;IAErD;AACJ;AACA;AACA;IACI,MAAMY,8BAA8B,GAAG,IAAAC,WAAK,EAC1C,MAAMZ,eAAe,KAAKa,SAAS,EACnC,GACF,CAAC;IAED,MAAMC,OAAO,CAACC,GAAG,CAAC,CAACN,oBAAoB,EAAEE,8BAA8B,CAAC,CAAC;IAEzE,IAAIX,eAAe,KAAKa,SAAS,EAAE;MACjC,MAAM,IAAI3E,0BAAkB,CAAC,qCAAqC,CAAC;IACrE;EACF;EAEA,MAAM8E,QAAQ,GAAG,IAAAC,iBAAQ,EAACjB,eAAe,CAAC;EAC1C,MAAMkB,OAAO,GAAGC,8BAAwB,CAACjD,SAAS,CAAC8C,QAAQ,CAACI,KAAK,CAAC;EAClE,IAAI,CAACF,OAAO,CAAC/C,OAAO,EAAE;IACpB,MAAMkD,OAAO,GAAGC,6BAAuB,CAACpD,SAAS,CAAC8C,QAAQ,CAACI,KAAK,CAAC;IACjE,IAAI,CAACC,OAAO,CAAClD,OAAO,EAAE;MACpB,MAAM,IAAIjC,0BAAkB,CAACgF,OAAO,CAAC7C,KAAK,CAACC,OAAO,CAAC,CAAC,CAAC;IACvD;;IACA,MAAM,IAAIiD,6BAAqB,CAC7BF,OAAO,CAAC7C,IAAI,CAACH,KAAK,EAClBgD,OAAO,CAAC7C,IAAI,CAACgD,iBACf,CAAC;EACH;EACA,OAAON,OAAO,CAAC1C,IAAI;AACrB,CAAC;AAACsB,OAAA,CAAA7D,0BAAA,GAAAA,0BAAA;AAEK,MAAM2C,gBAAgB,GAAG,MAAAA,CAC9B6C,KAAa,EACbC,MAAc,EACdC,QAAgB,EAChBlI,GAAkB,KACE;EACpB,MAAM2B,GAAG,GAAG,MAAM3B,GAAG,CAACU,YAAY,CAAC,CAAC;EACpC,OAAO,IAAIyH,yBAAO,CAACnI,GAAG,CAAC,CACpBoI,UAAU,CAAC;IACVJ;EACF,CAAC,CAAC,CACDK,kBAAkB,CAAC;IAClBC,GAAG,EAAE,sBAAsB;IAC3B3G;EACF,CAAC,CAAC,CACD4G,WAAW,CAACL,QAAQ,CAAC,CACrBM,SAAS,CAACP,MAAM,CAAC,CACjBQ,WAAW,CAAC,CAAC,CACbC,iBAAiB,CAAC,MAAM,CAAC,CACzBC,IAAI,CAAC,CAAC;AACX,CAAC;AAACtC,OAAA,CAAAlB,gBAAA,GAAAA,gBAAA"}