@pagopa/io-react-native-wallet 0.13.0 → 0.14.0

package/src/cie/manager.ts

@@ -0,0 +1,183 @@
+import cieManager, { type Event as CEvent } from "@pagopa/react-native-cie";
+import { Platform } from "react-native";
+import { CieEvent, type OnCieEvent, type OnError } from "./component";
+import { CieError, CieErrorType } from "./error";
+
+const BASE_UAT_URL = "https://collaudo.idserver.servizicie.interno.gov.it/idp/";
+
+export type ContinueWithUrl = (callbackUrl: string) => void;
+
+export const startCieAndroid = (
+  useCieUat: boolean,
+  ciePin: string,
+  onError: OnError,
+  onEvent: OnCieEvent,
+  cieAuthorizationUri: string,
+  continueWithUrl: ContinueWithUrl
+) => {
+  try {
+    cieManager.removeAllListeners();
+    cieManager
+      .start()
+      .then(async () => {
+        cieManager.onEvent(handleCieEvent(onError, onEvent));
+        cieManager.onError((e: Error) => {
+          console.error(e);
+          return onError(new CieError({ message: e.message }));
+        });
+        cieManager.onSuccess(handleCieSuccess(continueWithUrl));
+        await cieManager.setPin(ciePin);
+        cieManager.setAuthenticationUrl(cieAuthorizationUri);
+        cieManager.enableLog(useCieUat);
+        cieManager.setCustomIdpUrl(useCieUat ? getCieUatEndpoint() : null);
+        await cieManager.startListeningNFC();
+        onEvent(CieEvent.waiting_card);
+      })
+      .catch(onError);
+  } catch {
+    onError(
+      new CieError({
+        message: "Unable to start CIE NFC manager on iOS",
+        type: CieErrorType.NFC_ERROR,
+      })
+    );
+  }
+};
+
+export const startCieiOS = async (
+  useCieUat: boolean,
+  ciePin: string,
+  onError: OnError,
+  onEvent: OnCieEvent,
+  cieAuthorizationUri: string,
+  continueWithUrl: ContinueWithUrl
+) => {
+  try {
+    cieManager.removeAllListeners();
+    cieManager.onEvent(handleCieEvent(onError, onEvent));
+    cieManager.onError((e: Error) =>
+      onError(new CieError({ message: e.message }))
+    );
+    cieManager.onSuccess(handleCieSuccess(continueWithUrl));
+    cieManager.enableLog(useCieUat);
+    cieManager.setCustomIdpUrl(useCieUat ? getCieUatEndpoint() : null);
+    await cieManager.setPin(ciePin);
+    cieManager.setAuthenticationUrl(cieAuthorizationUri);
+    cieManager
+      .start()
+      .then(async () => {
+        await cieManager.startListeningNFC();
+        onEvent(CieEvent.waiting_card);
+      })
+      .catch(onError);
+  } catch {
+    onError(
+      new CieError({
+        message: "Unable to start CIE NFC manager on Android",
+        type: CieErrorType.NFC_ERROR,
+      })
+    );
+  }
+};
+
+const handleCieEvent =
+  (onError: OnError, onEvent: OnCieEvent) => (event: CEvent) => {
+    switch (event.event) {
+      // Reading starts
+      case "ON_TAG_DISCOVERED":
+        onEvent(CieEvent.reading);
+        break;
+      // "Function not supported" seems to be TAG_ERROR_NFC_NOT_SUPPORTED
+      // for the iOS SDK
+      case "Function not supported" as unknown:
+      case "TAG_ERROR_NFC_NOT_SUPPORTED":
+      case "ON_TAG_DISCOVERED_NOT_CIE":
+        onError(
+          new CieError({
+            message: `Invalid CIE card:  ${event.event}`,
+            type: CieErrorType.TAG_NOT_VALID,
+          })
+        );
+        break;
+      case "AUTHENTICATION_ERROR":
+      case "ON_NO_INTERNET_CONNECTION":
+        onError(
+          new CieError({
+            message: `Authentication error or no internet connection`,
+            type: CieErrorType.AUTHENTICATION_ERROR,
+          })
+        );
+        break;
+      case "EXTENDED_APDU_NOT_SUPPORTED":
+        onError(
+          new CieError({
+            message: `APDU not supported`,
+            type: CieErrorType.NFC_ERROR,
+          })
+        );
+        break;
+      case "Transmission Error":
+      case "ON_TAG_LOST":
+        onError(
+          new CieError({
+            message: `Trasmission error`,
+            type: CieErrorType.NFC_ERROR,
+          })
+        );
+        break;
+
+      // The card is temporarily locked. Unlock is available by CieID app
+      case "PIN Locked":
+      case "ON_CARD_PIN_LOCKED":
+        onError(
+          new CieError({
+            message: `PIN locked`,
+            type: CieErrorType.PIN_LOCKED,
+          })
+        );
+        break;
+      case "ON_PIN_ERROR":
+        onError(
+          new CieError({
+            message: `PIN locked`,
+            type: CieErrorType.PIN_ERROR,
+            attemptsLeft: event.attemptsLeft,
+          })
+        );
+        break;
+
+      // CIE is Expired or Revoked
+      case "CERTIFICATE_EXPIRED":
+        onError(
+          new CieError({
+            message: `Certificate expired`,
+            type: CieErrorType.CERTIFICATE_ERROR,
+          })
+        );
+        break;
+      case "CERTIFICATE_REVOKED":
+        onError(
+          new CieError({
+            message: `Certificate revoked`,
+            type: CieErrorType.CERTIFICATE_ERROR,
+          })
+        );
+
+        break;
+
+      default:
+        break;
+    }
+  };
+
+const handleCieSuccess =
+  (continueWithUrl: ContinueWithUrl) => (url: string) => {
+    continueWithUrl(decodeURIComponent(url));
+  };
+
+const getCieUatEndpoint = () =>
+  Platform.select({
+    ios: `${BASE_UAT_URL}Authn/SSL/Login2`,
+    android: BASE_UAT_URL,
+    default: null,
+  });

package/src/client/index.ts

@@ -39,11 +39,14 @@ export const getWalletProviderClient = (context: {
       appFetch(url, {
         method,
         body: params ? JSON.stringify(params.body) : undefined,
+        headers: {
+          "Content-Type": "application/json",
+        },
       })
         .then(validateResponse)
         .then((res) => {
           const contentType = res.headers.get("content-type");
-          if (contentType === "application/json") {
+          if (contentType?.includes("application/json")) {
             return res.json();
           }
           return res.text();

package/src/credential/issuance/03-start-user-authorization.ts

@@ -1,13 +1,9 @@
 import type { CryptoContext } from "@pagopa/io-react-native-jwt";
 import type { ResponseMode } from "./types";
-import {
-  generateRandomAlphaNumericString,
-  type Out,
-} from "../../../src/utils/misc";
-
+import { generateRandomAlphaNumericString, type Out } from "../../utils/misc";
 import type { EvaluateIssuerTrust } from "./02-evaluate-issuer-trust";
 import type { StartFlow } from "./01-start-flow";
-import { AuthorizationDetail, makeParRequest } from "../../../src/utils/par";
+import { AuthorizationDetail, makeParRequest } from "../../utils/par";
 import { ASSERTION_TYPE } from "./const";
 
 export type StartUserAuthorization = (

package/src/credential/issuance/04-complete-user-authorization.ts

@@ -3,7 +3,7 @@ import {
   AuthorizationResultShape,
   type AuthorizationContext,
   type AuthorizationResult,
-} from "../../../src/utils/auth";
+} from "../../utils/auth";
 import { until, type Out } from "../../utils/misc";
 import type { StartUserAuthorization } from "./03-start-user-authorization";
 import parseUrl from "parse-url";
@@ -96,21 +96,24 @@ export const completeUserAuthorizationWithQueryMode: CompleteUserAuthorizationWi
         throw new AuthorizationError("Invalid authentication redirect url");
       }
     }
+    return parseAuthRedirectUrl(authRedirectUrl);
+  };
 
-    const urlParse = parseUrl(authRedirectUrl);
-    const authRes = AuthorizationResultShape.safeParse(urlParse.query);
-    if (!authRes.success) {
-      const authErr = AuthorizationErrorShape.safeParse(urlParse.query);
-      if (!authErr.success) {
-        throw new AuthorizationError(authRes.error.message); // an error occured while parsing the result and the error
-      }
-      throw new AuthorizationIdpError(
-        authErr.data.error,
-        authErr.data.error_description
-      );
+export const parseAuthRedirectUrl = (authRedirectUrl: string) => {
+  const urlParse = parseUrl(authRedirectUrl);
+  const authRes = AuthorizationResultShape.safeParse(urlParse.query);
+  if (!authRes.success) {
+    const authErr = AuthorizationErrorShape.safeParse(urlParse.query);
+    if (!authErr.success) {
+      throw new AuthorizationError(authRes.error.message); // an error occured while parsing the result and the error
     }
-    return authRes.data;
-  };
+    throw new AuthorizationIdpError(
+      authErr.data.error,
+      authErr.data.error_description
+    );
+  }
+  return authRes.data;
+};
 
 // TODO: SIW-1120 implement generic credential issuance flow
 export const completeUserAuthorizationWithFormPostJwtMode = () => {

package/src/credential/issuance/05-authorize-access.ts

@@ -1,15 +1,15 @@
-import { hasStatus, type Out } from "../../../src/utils/misc";
+import { hasStatus, type Out } from "../../utils/misc";
 import type { EvaluateIssuerTrust } from "./02-evaluate-issuer-trust";
 import type { StartUserAuthorization } from "./03-start-user-authorization";
-import { withEphemeralKey } from "../../../src/utils/crypto";
-import { createDPopToken } from "../../../src/utils/dpop";
+import { withEphemeralKey } from "../../utils/crypto";
+import { createDPopToken } from "../../utils/dpop";
 import uuid from "react-native-uuid";
-import { createPopToken } from "../../../src/utils/pop";
+import { createPopToken } from "../../utils/pop";
 import * as WalletInstanceAttestation from "../../wallet-instance-attestation";
 import type { CryptoContext } from "@pagopa/io-react-native-jwt";
 import { ASSERTION_TYPE } from "./const";
 import { TokenResponse } from "./types";
-import { ValidationFailed } from "../../../src/utils/errors";
+import { ValidationFailed } from "../../utils/errors";
 import type { CompleteUserAuthorizationWithQueryMode } from "./04-complete-user-authorization";
 
 export type AuthorizeAccess = (

package/src/credential/issuance/06-obtain-credential.ts

@@ -1,9 +1,9 @@
 import { SignJWT, type CryptoContext } from "@pagopa/io-react-native-jwt";
 import type { AuthorizeAccess } from "./05-authorize-access";
 import type { EvaluateIssuerTrust } from "./02-evaluate-issuer-trust";
-import { hasStatus, type Out } from "../../../src/utils/misc";
+import { hasStatus, type Out } from "../../utils/misc";
 import type { StartUserAuthorization } from "./03-start-user-authorization";
-import { ValidationFailed } from "../../../src/utils/errors";
+import { ValidationFailed } from "../../utils/errors";
 import { CredentialResponse } from "./types";
 
 export type ObtainCredential = (

package/src/credential/issuance/index.ts

@@ -9,6 +9,7 @@ import {
 } from "./03-start-user-authorization";
 import {
   completeUserAuthorizationWithQueryMode,
+  parseAuthRedirectUrl,
   type CompleteUserAuthorizationWithQueryMode,
 } from "./04-complete-user-authorization";
 import { authorizeAccess, type AuthorizeAccess } from "./05-authorize-access";
@@ -28,6 +29,7 @@ export {
   authorizeAccess,
   obtainCredential,
   verifyAndParseCredential,
+  parseAuthRedirectUrl,
 };
 export type {
   StartFlow,

package/src/index.ts

@@ -11,6 +11,7 @@ import * as Errors from "./utils/errors";
 import * as WalletInstanceAttestation from "./wallet-instance-attestation";
 import * as Trust from "./trust";
 import * as WalletInstance from "./wallet-instance";
+import * as Cie from "./cie";
 import { AuthorizationDetail, AuthorizationDetails } from "./utils/par";
 import { createCryptoContextFor } from "./utils/crypto";
 import type { IntegrityContext } from "./utils/integrity";
@@ -27,6 +28,7 @@ export {
   AuthorizationDetail,
   AuthorizationDetails,
   fixBase64EncodingOnKey,
+  Cie,
 };
 
 export type { IntegrityContext, AuthorizationContext };

package/lib/commonjs/credential/issuance/03-start-credential-issuance.js

@@ -1,287 +0,0 @@
-"use strict";
-
-Object.defineProperty(exports, "__esModule", {
-  value: true
-});
-exports.startCredentialIssuance = exports.createNonceProof = exports.authorizeUserWithQueryMode = void 0;
-var _reactNativeUuid = _interopRequireDefault(require("react-native-uuid"));
-var _par = require("../../utils/par");
-var _ioReactNativeJwt = require("@pagopa/io-react-native-jwt");
-var _misc = require("../../utils/misc");
-var _const = require("./const");
-var _parseUrl = _interopRequireDefault(require("parse-url"));
-var _errors = require("../../utils/errors");
-var _auth = require("../../utils/auth");
-var _crypto = require("../../utils/crypto");
-var _dpop = require("../../utils/dpop");
-var _pop = require("../../utils/pop");
-var _types = require("./types");
-var WalletInstanceAttestation = _interopRequireWildcard(require("../../wallet-instance-attestation"));
-var _reactNative = require("react-native");
-function _getRequireWildcardCache(nodeInterop) { if (typeof WeakMap !== "function") return null; var cacheBabelInterop = new WeakMap(); var cacheNodeInterop = new WeakMap(); return (_getRequireWildcardCache = function (nodeInterop) { return nodeInterop ? cacheNodeInterop : cacheBabelInterop; })(nodeInterop); }
-function _interopRequireWildcard(obj, nodeInterop) { if (!nodeInterop && obj && obj.__esModule) { return obj; } if (obj === null || typeof obj !== "object" && typeof obj !== "function") { return { default: obj }; } var cache = _getRequireWildcardCache(nodeInterop); if (cache && cache.has(obj)) { return cache.get(obj); } var newObj = {}; var hasPropertyDescriptor = Object.defineProperty && Object.getOwnPropertyDescriptor; for (var key in obj) { if (key !== "default" && Object.prototype.hasOwnProperty.call(obj, key)) { var desc = hasPropertyDescriptor ? Object.getOwnPropertyDescriptor(obj, key) : null; if (desc && (desc.get || desc.set)) { Object.defineProperty(newObj, key, desc); } else { newObj[key] = obj[key]; } } } newObj.default = obj; if (cache) { cache.set(obj, newObj); } return newObj; }
-function _interopRequireDefault(obj) { return obj && obj.__esModule ? obj : { default: obj }; }
-/**
- * Ensures that the credential type requested is supported by the issuer and contained in the
- * issuer configuration.
- * @param issuerConf The issuer configuration
- * @param credentialType The type of the credential to be requested
- * @returns The credential definition to be used in the request which includes the format and the type and its type
- */
-const selectCredentialDefinition = (issuerConf, credentialType) => {
-  const credential_configurations_supported = issuerConf.openid_credential_issuer.credential_configurations_supported;
-  const [result] = Object.keys(credential_configurations_supported).filter(e => e.includes(credentialType)).map(e => ({
-    credential_configuration_id: credentialType,
-    format: credential_configurations_supported[e].format,
-    type: "openid_credential"
-  }));
-  if (!result) {
-    throw new Error(`No credential support the type '${credentialType}'`);
-  }
-  return result;
-};
-
-/**
- * Ensures that the response mode requested is supported by the issuer and contained in the issuer configuration.
- * @param issuerConf The issuer configuration
- * @param credentialType The type of the credential to be requested
- * @returns The response mode to be used in the request, "query" for PersonIdentificationData and "form_post.jwt" for all other types.
- */
-const selectResponseMode = (issuerConf, credentialType) => {
-  const responseModeSupported = issuerConf.oauth_authorization_server.response_modes_supported;
-  const responseMode = credentialType === "PersonIdentificationData" ? "query" : "form_post.jwt";
-  if (!responseModeSupported.includes(responseMode)) {
-    throw new Error(`No response mode support the type '${credentialType}'`);
-  }
-  return responseMode;
-};
-/**
- * Starts the credential issuance flow to obtain a credential from the issuer.
- * @param issuerConf The Issuer configuration
- * @param credentialType The type of the credential to be requested
- * @param context.wiaCryptoContext The context to access the key associated with the Wallet Instance Attestation
- * @param context.credentialCryptoContext The context to access the key to associat with credential
- * @param context.walletInstanceAttestation The Wallet Instance Attestation token
- * @param context.authorizationContext The context to identify the user which will be used to start the authorization. It's needed only when requesting a PersonalIdentificationData credential. The implementantion should open an in-app browser capable of catching the redirectSchema. If not specified, the default browser is used.
- * @param context.redirectUri The internal URL to which to redirect has passed the in-app browser login phase. If you don't use authorizationContext remember to register this URL as customUrl or deepLink. See https://reactnative.dev/docs/linking
- * @param context.idphint Unique identifier of the SPID IDP
- * @param context.appFetch (optional) fetch api implementation. Default: built-in fetch
- * @throws {AuthorizationError} When the response from the authorization response is not parsable
- * @returns The credential obtained
- */
-
-const startCredentialIssuance = async (issuerConf, credentialType, ctx) => {
-  const {
-    wiaCryptoContext,
-    credentialCryptoContext,
-    walletInstanceAttestation,
-    authorizationContext,
-    redirectUri,
-    idphint,
-    appFetch = fetch
-  } = ctx;
-
-  /**
-   * Creates and sends a PAR request to the /as/par endpoint of the authroization server.
-   * This starts the authentication flow to obtain an access token.
-   * This token enables the Wallet Instance to request a digital credential from the Credential Endpoint of the Credential Issuer.
-   * This is an HTTP POST request containing the Wallet Instance identifier (client id), the code challenge and challenge method as specified by PKCE according to RFC 9126
-   * along with the WTE and its proof of possession (WTE-PoP).
-   * Additionally, it includes a request object, which is a signed JWT encapsulating the type of digital credential requested (authorization_details),
-   * the application session identifier on the Wallet Instance side (state),
-   * the method (query or form_post.jwt) by which the Authorization Server
-   * should transmit the Authorization Response containing the authorization code issued upon the end user's authentication (response_mode)
-   * to the Wallet Instance's Token Endpoint to obtain the Access Token, and the redirect_uri of the Wallet Instance where the Authorization Response
-   * should be delivered. The redirect is achived by using a custom URL scheme that the Wallet Instance is registered to handle.
-   */
-  const clientId = await wiaCryptoContext.getPublicKey().then(_ => _.kid);
-  const codeVerifier = (0, _misc.generateRandomAlphaNumericString)(64);
-  const parEndpoint = issuerConf.oauth_authorization_server.pushed_authorization_request_endpoint;
-  const parUrl = new URL(parEndpoint);
-  const aud = `${parUrl.protocol}//${parUrl.hostname}`;
-  const iss = WalletInstanceAttestation.decode(walletInstanceAttestation).payload.cnf.jwk.kid;
-  const credentialDefinition = selectCredentialDefinition(issuerConf, credentialType);
-  const responseMode = selectResponseMode(issuerConf, credentialType);
-  const getPar = (0, _par.makeParRequest)({
-    wiaCryptoContext,
-    appFetch
-  });
-  const issuerRequestUri = await getPar(clientId, codeVerifier, redirectUri, responseMode, parEndpoint, walletInstanceAttestation, [credentialDefinition], _const.ASSERTION_TYPE);
-
-  /**
-   * Starts the authorization flow which dependes on the response mode and the request credential.
-   * If the response mode is "query" the authorization flow is handled differently via the authorization context which opens an in-app browser capable of catching the redirectSchema.
-   * The form_post.jwt mode is not currently supported.
-   */
-  const authorizeFlowResult = await (async () => {
-    const authzRequestEndpoint = issuerConf.oauth_authorization_server.authorization_endpoint;
-    if (responseMode === "query") {
-      const params = new URLSearchParams({
-        client_id: clientId,
-        request_uri: issuerRequestUri,
-        idphint
-      });
-
-      /**
-       * Starts the authorization flow to obtain an authorization code by performing a GET request to the /authorize endpoint of the authorization server.
-       */
-      return await authorizeUserWithQueryMode(authzRequestEndpoint, params, redirectUri, authorizationContext);
-    } else {
-      throw new _errors.AuthorizationError("Response mode not supported for this type of credential");
-    }
-  })();
-
-  /**
-   * Creates and sends the DPoP Proof JWT to be presented with the authorization code to the /token endpoint of the authorization server
-   * for requesting the issuance of an access token bound to the public key of the Wallet Instance contained within the DPoP.
-   * This enables the Wallet Instance to request a digital credential.
-   * The DPoP Proof JWT is generated according to the section 4.3 of the DPoP RFC 9449 specification.
-   */
-
-  const {
-    code
-  } = authorizeFlowResult;
-  const tokenUrl = issuerConf.oauth_authorization_server.token_endpoint;
-  // Use an ephemeral key to be destroyed after use
-  const tokenRequestSignedDPop = await (0, _crypto.withEphemeralKey)(async ephimeralContext => {
-    return await (0, _dpop.createDPopToken)({
-      htm: "POST",
-      htu: tokenUrl,
-      jti: `${_reactNativeUuid.default.v4()}`
-    }, ephimeralContext);
-  });
-  const signedWiaPoP = await (0, _pop.createPopToken)({
-    jti: `${_reactNativeUuid.default.v4()}`,
-    aud,
-    iss
-  }, wiaCryptoContext);
-  const requestBody = {
-    grant_type: "authorization_code",
-    client_id: clientId,
-    code,
-    redirect_uri: redirectUri,
-    code_verifier: codeVerifier,
-    client_assertion_type: _const.ASSERTION_TYPE,
-    client_assertion: walletInstanceAttestation + "~" + signedWiaPoP
-  };
-  const authorizationRequestFormBody = new URLSearchParams(requestBody);
-  const tokenRes = await appFetch(tokenUrl, {
-    method: "POST",
-    headers: {
-      "Content-Type": "application/x-www-form-urlencoded",
-      DPoP: tokenRequestSignedDPop
-    },
-    body: authorizationRequestFormBody.toString()
-  }).then((0, _misc.hasStatus)(200)).then(res => res.json()).then(body => _types.TokenResponse.safeParse(body));
-  if (!tokenRes.success) {
-    throw new _errors.ValidationFailed(tokenRes.error.message);
-  }
-
-  /**
-   * Validates the token response and extracts the access token, c_nonce and c_nonce_expires_in.
-   */
-  const accessTokenResponse = tokenRes.data;
-  const credentialUrl = issuerConf.openid_credential_issuer.credential_endpoint;
-
-  /**
-   * JWT proof token to bind the request nonce to the key that will bind the holder User with the Credential
-   * This is presented along with the access token to the Credential Endpoint as proof of possession of the private key used to sign the Access Token.
-   * @see https://openid.net/specs/openid-4-verifiable-credential-issuance-1_0.html#name-proof-types
-   */
-  const signedNonceProof = await createNonceProof(accessTokenResponse.c_nonce, clientId, credentialUrl, credentialCryptoContext);
-
-  // Validation of accessTokenResponse.authorization_details if contain credentialDefinition
-  const constainsCredentialDefinition = accessTokenResponse.authorization_details.some(c => c.credential_configuration_id === credentialDefinition.credential_configuration_id && c.format === credentialDefinition.format && c.type === credentialDefinition.type);
-  if (!constainsCredentialDefinition) {
-    throw new _errors.ValidationFailed("The access token response does not contain the requested credential");
-  }
-
-  /** The credential request body */
-  const credentialRequestFormBody = {
-    credential_definition: {
-      type: [credentialDefinition.credential_configuration_id]
-    },
-    format: credentialDefinition.format,
-    proof: {
-      jwt: signedNonceProof,
-      proof_type: "jwt"
-    }
-  };
-  const credentialRes = await appFetch(credentialUrl, {
-    method: "POST",
-    headers: {
-      "Content-Type": "application/json",
-      DPoP: tokenRequestSignedDPop,
-      Authorization: `${accessTokenResponse.token_type} ${accessTokenResponse.access_token}`
-    },
-    body: JSON.stringify(credentialRequestFormBody)
-  }).then((0, _misc.hasStatus)(200)).then(res => res.json()).then(body => _types.CredentialResponse.safeParse(body));
-  if (!credentialRes.success) {
-    throw new _errors.ValidationFailed(credentialRes.error.message);
-  }
-  return credentialRes.data;
-};
-
-/**
- * Authorizes the user using the query mode and the authorization context.
- * @param authzRequestEndpoint The authorization endpoint of the authorization server
- * @param params The query parameters to be used in the request
- * @param redirectUri The URL to which the redirect is made is usually a custom URL or deeplink
- * @param authorizationContext The AuthorizationContext to manage the internal webview. If not specified, the default browser is used
- * @returns The authrozation result containing the authorization code, state and issuer
- */
-exports.startCredentialIssuance = startCredentialIssuance;
-const authorizeUserWithQueryMode = async (authzRequestEndpoint, params, redirectUri, authorizationContext) => {
-  const authUrl = `${authzRequestEndpoint}?${params}`;
-  var authRedirectUrl;
-  if (authorizationContext) {
-    const redirectSchema = new URL(redirectUri).protocol.replace(":", "");
-    authRedirectUrl = await authorizationContext.authorize(authUrl, redirectSchema).catch(e => {
-      throw new _errors.AuthorizationError(e.message);
-    });
-  } else {
-    // handler for redirectUri
-    _reactNative.Linking.addEventListener("url", _ref => {
-      let {
-        url
-      } = _ref;
-      if (url.includes(redirectUri)) {
-        authRedirectUrl = url;
-      }
-    });
-    const openAuthUrlInBrowser = _reactNative.Linking.openURL(authUrl);
-
-    /*
-     * Waits for 120 seconds for the identificationRedirectUrl variable to be set
-     * by the custom url handler. If the timeout is exceeded, throw an exception
-     */
-    const unitAuthRedirectIsNotUndefined = (0, _misc.until)(() => authRedirectUrl !== undefined, 120);
-    await Promise.all([openAuthUrlInBrowser, unitAuthRedirectIsNotUndefined]);
-    if (authRedirectUrl === undefined) {
-      throw new _errors.AuthorizationError("Invalid authentication redirect url");
-    }
-  }
-  const urlParse = (0, _parseUrl.default)(authRedirectUrl);
-  const authRes = _auth.AuthorizationResultShape.safeParse(urlParse.query);
-  if (!authRes.success) {
-    const authErr = _auth.AuthorizationErrorShape.safeParse(urlParse.query);
-    if (!authErr.success) {
-      throw new _errors.AuthorizationError(authRes.error.message); // an error occured while parsing the result and the error
-    }
-
-    throw new _errors.AuthorizationIdpError(authErr.data.error, authErr.data.error_description);
-  }
-  return authRes.data;
-};
-exports.authorizeUserWithQueryMode = authorizeUserWithQueryMode;
-const createNonceProof = async (nonce, issuer, audience, ctx) => {
-  const jwk = await ctx.getPublicKey();
-  return new _ioReactNativeJwt.SignJWT(ctx).setPayload({
-    nonce
-  }).setProtectedHeader({
-    typ: "openid4vci-proof+jwt",
-    jwk
-  }).setAudience(audience).setIssuer(issuer).setIssuedAt().setExpirationTime("5min").sign();
-};
-exports.createNonceProof = createNonceProof;
-//# sourceMappingURL=03-start-credential-issuance.js.map

package/lib/commonjs/credential/issuance/03-start-credential-issuance.js.map

@@ -1 +0,0 @@
-{"version":3,"names":["_reactNativeUuid","_interopRequireDefault","require","_par","_ioReactNativeJwt","_misc","_const","_parseUrl","_errors","_auth","_crypto","_dpop","_pop","_types","WalletInstanceAttestation","_interopRequireWildcard","_reactNative","_getRequireWildcardCache","nodeInterop","WeakMap","cacheBabelInterop","cacheNodeInterop","obj","__esModule","default","cache","has","get","newObj","hasPropertyDescriptor","Object","defineProperty","getOwnPropertyDescriptor","key","prototype","hasOwnProperty","call","desc","set","selectCredentialDefinition","issuerConf","credentialType","credential_configurations_supported","openid_credential_issuer","result","keys","filter","e","includes","map","credential_configuration_id","format","type","Error","selectResponseMode","responseModeSupported","oauth_authorization_server","response_modes_supported","responseMode","startCredentialIssuance","ctx","wiaCryptoContext","credentialCryptoContext","walletInstanceAttestation","authorizationContext","redirectUri","idphint","appFetch","fetch","clientId","getPublicKey","then","_","kid","codeVerifier","generateRandomAlphaNumericString","parEndpoint","pushed_authorization_request_endpoint","parUrl","URL","aud","protocol","hostname","iss","decode","payload","cnf","jwk","credentialDefinition","getPar","makeParRequest","issuerRequestUri","ASSERTION_TYPE","authorizeFlowResult","authzRequestEndpoint","authorization_endpoint","params","URLSearchParams","client_id","request_uri","authorizeUserWithQueryMode","AuthorizationError","code","tokenUrl","token_endpoint","tokenRequestSignedDPop","withEphemeralKey","ephimeralContext","createDPopToken","htm","htu","jti","uuid","v4","signedWiaPoP","createPopToken","requestBody","grant_type","redirect_uri","code_verifier","client_assertion_type","client_assertion","authorizationRequestFormBody","tokenRes","method","headers","DPoP","body","toString","hasStatus","res","json","TokenResponse","safeParse","success","ValidationFailed","error","message","accessTokenResponse","data","credentialUrl","credential_endpoint","signedNonceProof","createNonceProof","c_nonce","constainsCredentialDefinition","authorization_details","some","c","credentialRequestFormBody","credential_definition","proof","jwt","proof_type","credentialRes","Authorization","token_type","access_token","JSON","stringify","CredentialResponse","exports","authUrl","authRedirectUrl","redirectSchema","replace","authorize","catch","Linking","addEventListener","_ref","url","openAuthUrlInBrowser","openURL","unitAuthRedirectIsNotUndefined","until","undefined","Promise","all","urlParse","parseUrl","authRes","AuthorizationResultShape","query","authErr","AuthorizationErrorShape","AuthorizationIdpError","error_description","nonce","issuer","audience","SignJWT","setPayload","setProtectedHeader","typ","setAudience","setIssuer","setIssuedAt","setExpirationTime","sign"],"sourceRoot":"../../../../src","sources":["credential/issuance/03-start-credential-issuance.ts"],"mappings":";;;;;;AAAA,IAAAA,gBAAA,GAAAC,sBAAA,CAAAC,OAAA;AACA,IAAAC,IAAA,GAAAD,OAAA;AACA,IAAAE,iBAAA,GAAAF,OAAA;AACA,IAAAG,KAAA,GAAAH,OAAA;AAQA,IAAAI,MAAA,GAAAJ,OAAA;AACA,IAAAK,SAAA,GAAAN,sBAAA,CAAAC,OAAA;AACA,IAAAM,OAAA,GAAAN,OAAA;AAKA,IAAAO,KAAA,GAAAP,OAAA;AAMA,IAAAQ,OAAA,GAAAR,OAAA;AACA,IAAAS,KAAA,GAAAT,OAAA;AACA,IAAAU,IAAA,GAAAV,OAAA;AACA,IAAAW,MAAA,GAAAX,OAAA;AACA,IAAAY,yBAAA,GAAAC,uBAAA,CAAAb,OAAA;AACA,IAAAc,YAAA,GAAAd,OAAA;AAAuC,SAAAe,yBAAAC,WAAA,eAAAC,OAAA,kCAAAC,iBAAA,OAAAD,OAAA,QAAAE,gBAAA,OAAAF,OAAA,YAAAF,wBAAA,YAAAA,CAAAC,WAAA,WAAAA,WAAA,GAAAG,gBAAA,GAAAD,iBAAA,KAAAF,WAAA;AAAA,SAAAH,wBAAAO,GAAA,EAAAJ,WAAA,SAAAA,WAAA,IAAAI,GAAA,IAAAA,GAAA,CAAAC,UAAA,WAAAD,GAAA,QAAAA,GAAA,oBAAAA,GAAA,wBAAAA,GAAA,4BAAAE,OAAA,EAAAF,GAAA,UAAAG,KAAA,GAAAR,wBAAA,CAAAC,WAAA,OAAAO,KAAA,IAAAA,KAAA,CAAAC,GAAA,CAAAJ,GAAA,YAAAG,KAAA,CAAAE,GAAA,CAAAL,GAAA,SAAAM,MAAA,WAAAC,qBAAA,GAAAC,MAAA,CAAAC,cAAA,IAAAD,MAAA,CAAAE,wBAAA,WAAAC,GAAA,IAAAX,GAAA,QAAAW,GAAA,kBAAAH,MAAA,CAAAI,SAAA,CAAAC,cAAA,CAAAC,IAAA,CAAAd,GAAA,EAAAW,GAAA,SAAAI,IAAA,GAAAR,qBAAA,GAAAC,MAAA,CAAAE,wBAAA,CAAAV,GAAA,EAAAW,GAAA,cAAAI,IAAA,KAAAA,IAAA,CAAAV,GAAA,IAAAU,IAAA,CAAAC,GAAA,KAAAR,MAAA,CAAAC,cAAA,CAAAH,MAAA,EAAAK,GAAA,EAAAI,IAAA,YAAAT,MAAA,CAAAK,GAAA,IAAAX,GAAA,CAAAW,GAAA,SAAAL,MAAA,CAAAJ,OAAA,GAAAF,GAAA,MAAAG,KAAA,IAAAA,KAAA,CAAAa,GAAA,CAAAhB,GAAA,EAAAM,MAAA,YAAAA,MAAA;AAAA,SAAA3B,uBAAAqB,GAAA,WAAAA,GAAA,IAAAA,GAAA,CAAAC,UAAA,GAAAD,GAAA,KAAAE,OAAA,EAAAF,GAAA;AAEvC;AACA;AACA;AACA;AACA;AACA;AACA;AACA,MAAMiB,0BAA0B,GAAGA,CACjCC,UAAkD,EAClDC,cAAgD,KACxB;EACxB,MAAMC,mCAAmC,GACvCF,UAAU,CAACG,wBAAwB,CAACD,mCAAmC;EAEzE,MAAM,CAACE,MAAM,CAAC,GAAGd,MAAM,CAACe,IAAI,CAACH,mCAAmC,CAAC,CAC9DI,MAAM,CAAEC,CAAC,IAAKA,CAAC,CAACC,QAAQ,CAACP,cAAc,CAAC,CAAC,CACzCQ,GAAG,CAAEF,CAAC,KAAM;IACXG,2BAA2B,EAAET,cAAc;IAC3CU,MAAM,EAAET,mCAAmC,CAACK,CAAC,CAAC,CAAEI,MAAM;IACtDC,IAAI,EAAE;EACR,CAAC,CAAC,CAAC;EAEL,IAAI,CAACR,MAAM,EAAE;IACX,MAAM,IAAIS,KAAK,CAAE,mCAAkCZ,cAAe,GAAE,CAAC;EACvE;EACA,OAAOG,MAAM;AACf,CAAC;;AAED;AACA;AACA;AACA;AACA;AACA;AACA,MAAMU,kBAAkB,GAAGA,CACzBd,UAAkD,EAClDC,cAAgD,KAC/B;EACjB,MAAMc,qBAAqB,GACzBf,UAAU,CAACgB,0BAA0B,CAACC,wBAAwB;EAEhE,MAAMC,YAAY,GAChBjB,cAAc,KAAK,0BAA0B,GAAG,OAAO,GAAG,eAAe;EAE3E,IAAI,CAACc,qBAAqB,CAACP,QAAQ,CAACU,YAAY,CAAC,EAAE;IACjD,MAAM,IAAIL,KAAK,CAAE,sCAAqCZ,cAAe,GAAE,CAAC;EAC1E;EAEA,OAAOiB,YAAY;AACrB,CAAC;AAgBD;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEO,MAAMC,uBAAgD,GAAG,MAAAA,CAC9DnB,UAAU,EACVC,cAAc,EACdmB,GAAG,KACA;EACH,MAAM;IACJC,gBAAgB;IAChBC,uBAAuB;IACvBC,yBAAyB;IACzBC,oBAAoB;IACpBC,WAAW;IACXC,OAAO;IACPC,QAAQ,GAAGC;EACb,CAAC,GAAGR,GAAG;;EAEP;AACF;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;EACE,MAAMS,QAAQ,GAAG,MAAMR,gBAAgB,CAACS,YAAY,CAAC,CAAC,CAACC,IAAI,CAAEC,CAAC,IAAKA,CAAC,CAACC,GAAG,CAAC;EACzE,MAAMC,YAAY,GAAG,IAAAC,sCAAgC,EAAC,EAAE,CAAC;EACzD,MAAMC,WAAW,GACfpC,UAAU,CAACgB,0BAA0B,CAACqB,qCAAqC;EAC7E,MAAMC,MAAM,GAAG,IAAIC,GAAG,CAACH,WAAW,CAAC;EACnC,MAAMI,GAAG,GAAI,GAAEF,MAAM,CAACG,QAAS,KAAIH,MAAM,CAACI,QAAS,EAAC;EACpD,MAAMC,GAAG,GAAGrE,yBAAyB,CAACsE,MAAM,CAACrB,yBAAyB,CAAC,CACpEsB,OAAO,CAACC,GAAG,CAACC,GAAG,CAACd,GAAG;EACtB,MAAMe,oBAAoB,GAAGjD,0BAA0B,CACrDC,UAAU,EACVC,cACF,CAAC;EACD,MAAMiB,YAAY,GAAGJ,kBAAkB,CAACd,UAAU,EAAEC,cAAc,CAAC;EAEnE,MAAMgD,MAAM,GAAG,IAAAC,mBAAc,EAAC;IAAE7B,gBAAgB;IAAEM;EAAS,CAAC,CAAC;EAC7D,MAAMwB,gBAAgB,GAAG,MAAMF,MAAM,CACnCpB,QAAQ,EACRK,YAAY,EACZT,WAAW,EACXP,YAAY,EACZkB,WAAW,EACXb,yBAAyB,EACzB,CAACyB,oBAAoB,CAAC,EACtBI,qBACF,CAAC;;EAED;AACF;AACA;AACA;AACA;EACE,MAAMC,mBAAmB,GAAG,MAAM,CAAC,YAAY;IAC7C,MAAMC,oBAAoB,GACxBtD,UAAU,CAACgB,0BAA0B,CAACuC,sBAAsB;IAC9D,IAAIrC,YAAY,KAAK,OAAO,EAAE;MAC5B,MAAMsC,MAAM,GAAG,IAAIC,eAAe,CAAC;QACjCC,SAAS,EAAE7B,QAAQ;QACnB8B,WAAW,EAAER,gBAAgB;QAC7BzB;MACF,CAAC,CAAC;;MAEF;AACN;AACA;MACM,OAAO,MAAMkC,0BAA0B,CACrCN,oBAAoB,EACpBE,MAAM,EACN/B,WAAW,EACXD,oBACF,CAAC;IACH,CAAC,MAAM;MACL,MAAM,IAAIqC,0BAAkB,CAC1B,yDACF,CAAC;IACH;EACF,CAAC,EAAE,CAAC;;EAEJ;AACF;AACA;AACA;AACA;AACA;;EAEE,MAAM;IAAEC;EAAK,CAAC,GAAGT,mBAAmB;EACpC,MAAMU,QAAQ,GAAG/D,UAAU,CAACgB,0BAA0B,CAACgD,cAAc;EACrE;EACA,MAAMC,sBAAsB,GAAG,MAAM,IAAAC,wBAAgB,EACnD,MAAOC,gBAAgB,IAAK;IAC1B,OAAO,MAAM,IAAAC,qBAAe,EAC1B;MACEC,GAAG,EAAE,MAAM;MACXC,GAAG,EAAEP,QAAQ;MACbQ,GAAG,EAAG,GAAEC,wBAAI,CAACC,EAAE,CAAC,CAAE;IACpB,CAAC,EACDN,gBACF,CAAC;EACH,CACF,CAAC;EAED,MAAMO,YAAY,GAAG,MAAM,IAAAC,mBAAc,EACvC;IACEJ,GAAG,EAAG,GAAEC,wBAAI,CAACC,EAAE,CAAC,CAAE,EAAC;IACnBjC,GAAG;IACHG;EACF,CAAC,EACDtB,gBACF,CAAC;EAED,MAAMuD,WAAW,GAAG;IAClBC,UAAU,EAAE,oBAAoB;IAChCnB,SAAS,EAAE7B,QAAQ;IACnBiC,IAAI;IACJgB,YAAY,EAAErD,WAAW;IACzBsD,aAAa,EAAE7C,YAAY;IAC3B8C,qBAAqB,EAAE5B,qBAAc;IACrC6B,gBAAgB,EAAE1D,yBAAyB,GAAG,GAAG,GAAGmD;EACtD,CAAC;EAED,MAAMQ,4BAA4B,GAAG,IAAIzB,eAAe,CAACmB,WAAW,CAAC;EACrE,MAAMO,QAAQ,GAAG,MAAMxD,QAAQ,CAACoC,QAAQ,EAAE;IACxCqB,MAAM,EAAE,MAAM;IACdC,OAAO,EAAE;MACP,cAAc,EAAE,mCAAmC;MACnDC,IAAI,EAAErB;IACR,CAAC;IACDsB,IAAI,EAAEL,4BAA4B,CAACM,QAAQ,CAAC;EAC9C,CAAC,CAAC,CACCzD,IAAI,CAAC,IAAA0D,eAAS,EAAC,GAAG,CAAC,CAAC,CACpB1D,IAAI,CAAE2D,GAAG,IAAKA,GAAG,CAACC,IAAI,CAAC,CAAC,CAAC,CACzB5D,IAAI,CAAEwD,IAAI,IAAKK,oBAAa,CAACC,SAAS,CAACN,IAAI,CAAC,CAAC;EAEhD,IAAI,CAACJ,QAAQ,CAACW,OAAO,EAAE;IACrB,MAAM,IAAIC,wBAAgB,CAACZ,QAAQ,CAACa,KAAK,CAACC,OAAO,CAAC;EACpD;;EAEA;AACF;AACA;EACE,MAAMC,mBAAmB,GAAGf,QAAQ,CAACgB,IAAI;EACzC,MAAMC,aAAa,GAAGpG,UAAU,CAACG,wBAAwB,CAACkG,mBAAmB;;EAE7E;AACF;AACA;AACA;AACA;EACE,MAAMC,gBAAgB,GAAG,MAAMC,gBAAgB,CAC7CL,mBAAmB,CAACM,OAAO,EAC3B3E,QAAQ,EACRuE,aAAa,EACb9E,uBACF,CAAC;;EAED;EACA,MAAMmF,6BAA6B,GACjCP,mBAAmB,CAACQ,qBAAqB,CAACC,IAAI,CAC3CC,CAAC,IACAA,CAAC,CAAClG,2BAA2B,KAC3BsC,oBAAoB,CAACtC,2BAA2B,IAClDkG,CAAC,CAACjG,MAAM,KAAKqC,oBAAoB,CAACrC,MAAM,IACxCiG,CAAC,CAAChG,IAAI,KAAKoC,oBAAoB,CAACpC,IACpC,CAAC;EAEH,IAAI,CAAC6F,6BAA6B,EAAE;IAClC,MAAM,IAAIV,wBAAgB,CACxB,qEACF,CAAC;EACH;;EAEA;EACA,MAAMc,yBAAyB,GAAG;IAChCC,qBAAqB,EAAE;MACrBlG,IAAI,EAAE,CAACoC,oBAAoB,CAACtC,2BAA2B;IACzD,CAAC;IACDC,MAAM,EAAEqC,oBAAoB,CAACrC,MAAM;IACnCoG,KAAK,EAAE;MACLC,GAAG,EAAEV,gBAAgB;MACrBW,UAAU,EAAE;IACd;EACF,CAAC;EAED,MAAMC,aAAa,GAAG,MAAMvF,QAAQ,CAACyE,aAAa,EAAE;IAClDhB,MAAM,EAAE,MAAM;IACdC,OAAO,EAAE;MACP,cAAc,EAAE,kBAAkB;MAClCC,IAAI,EAAErB,sBAAsB;MAC5BkD,aAAa,EAAG,GAAEjB,mBAAmB,CAACkB,UAAW,IAAGlB,mBAAmB,CAACmB,YAAa;IACvF,CAAC;IACD9B,IAAI,EAAE+B,IAAI,CAACC,SAAS,CAACV,yBAAyB;EAChD,CAAC,CAAC,CACC9E,IAAI,CAAC,IAAA0D,eAAS,EAAC,GAAG,CAAC,CAAC,CACpB1D,IAAI,CAAE2D,GAAG,IAAKA,GAAG,CAACC,IAAI,CAAC,CAAC,CAAC,CACzB5D,IAAI,CAAEwD,IAAI,IAAKiC,yBAAkB,CAAC3B,SAAS,CAACN,IAAI,CAAC,CAAC;EAErD,IAAI,CAAC2B,aAAa,CAACpB,OAAO,EAAE;IAC1B,MAAM,IAAIC,wBAAgB,CAACmB,aAAa,CAAClB,KAAK,CAACC,OAAO,CAAC;EACzD;EAEA,OAAOiB,aAAa,CAACf,IAAI;AAC3B,CAAC;;AAED;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AAPAsB,OAAA,CAAAtG,uBAAA,GAAAA,uBAAA;AAQO,MAAMyC,0BAA0B,GAAG,MAAAA,CACxCN,oBAA4B,EAC5BE,MAAuB,EACvB/B,WAAmB,EACnBD,oBAA2C,KACV;EACjC,MAAMkG,OAAO,GAAI,GAAEpE,oBAAqB,IAAGE,MAAO,EAAC;EACnD,IAAImE,eAAmC;EAEvC,IAAInG,oBAAoB,EAAE;IACxB,MAAMoG,cAAc,GAAG,IAAIrF,GAAG,CAACd,WAAW,CAAC,CAACgB,QAAQ,CAACoF,OAAO,CAAC,GAAG,EAAE,EAAE,CAAC;IACrEF,eAAe,GAAG,MAAMnG,oBAAoB,CACzCsG,SAAS,CAACJ,OAAO,EAAEE,cAAc,CAAC,CAClCG,KAAK,CAAExH,CAAC,IAAK;MACZ,MAAM,IAAIsD,0BAAkB,CAACtD,CAAC,CAAC0F,OAAO,CAAC;IACzC,CAAC,CAAC;EACN,CAAC,MAAM;IACL;IACA+B,oBAAO,CAACC,gBAAgB,CAAC,KAAK,EAAEC,IAAA,IAAa;MAAA,IAAZ;QAAEC;MAAI,CAAC,GAAAD,IAAA;MACtC,IAAIC,GAAG,CAAC3H,QAAQ,CAACiB,WAAW,CAAC,EAAE;QAC7BkG,eAAe,GAAGQ,GAAG;MACvB;IACF,CAAC,CAAC;IAEF,MAAMC,oBAAoB,GAAGJ,oBAAO,CAACK,OAAO,CAACX,OAAO,CAAC;;IAErD;AACJ;AACA;AACA;IACI,MAAMY,8BAA8B,GAAG,IAAAC,WAAK,EAC1C,MAAMZ,eAAe,KAAKa,SAAS,EACnC,GACF,CAAC;IAED,MAAMC,OAAO,CAACC,GAAG,CAAC,CAACN,oBAAoB,EAAEE,8BAA8B,CAAC,CAAC;IAEzE,IAAIX,eAAe,KAAKa,SAAS,EAAE;MACjC,MAAM,IAAI3E,0BAAkB,CAAC,qCAAqC,CAAC;IACrE;EACF;EAEA,MAAM8E,QAAQ,GAAG,IAAAC,iBAAQ,EAACjB,eAAe,CAAC;EAC1C,MAAMkB,OAAO,GAAGC,8BAAwB,CAACjD,SAAS,CAAC8C,QAAQ,CAACI,KAAK,CAAC;EAClE,IAAI,CAACF,OAAO,CAAC/C,OAAO,EAAE;IACpB,MAAMkD,OAAO,GAAGC,6BAAuB,CAACpD,SAAS,CAAC8C,QAAQ,CAACI,KAAK,CAAC;IACjE,IAAI,CAACC,OAAO,CAAClD,OAAO,EAAE;MACpB,MAAM,IAAIjC,0BAAkB,CAACgF,OAAO,CAAC7C,KAAK,CAACC,OAAO,CAAC,CAAC,CAAC;IACvD;;IACA,MAAM,IAAIiD,6BAAqB,CAC7BF,OAAO,CAAC7C,IAAI,CAACH,KAAK,EAClBgD,OAAO,CAAC7C,IAAI,CAACgD,iBACf,CAAC;EACH;EACA,OAAON,OAAO,CAAC1C,IAAI;AACrB,CAAC;AAACsB,OAAA,CAAA7D,0BAAA,GAAAA,0BAAA;AAEK,MAAM2C,gBAAgB,GAAG,MAAAA,CAC9B6C,KAAa,EACbC,MAAc,EACdC,QAAgB,EAChBlI,GAAkB,KACE;EACpB,MAAM2B,GAAG,GAAG,MAAM3B,GAAG,CAACU,YAAY,CAAC,CAAC;EACpC,OAAO,IAAIyH,yBAAO,CAACnI,GAAG,CAAC,CACpBoI,UAAU,CAAC;IACVJ;EACF,CAAC,CAAC,CACDK,kBAAkB,CAAC;IAClBC,GAAG,EAAE,sBAAsB;IAC3B3G;EACF,CAAC,CAAC,CACD4G,WAAW,CAACL,QAAQ,CAAC,CACrBM,SAAS,CAACP,MAAM,CAAC,CACjBQ,WAAW,CAAC,CAAC,CACbC,iBAAiB,CAAC,MAAM,CAAC,CACzBC,IAAI,CAAC,CAAC;AACX,CAAC;AAACtC,OAAA,CAAAlB,gBAAA,GAAAA,gBAAA"}