@pagopa/io-react-native-wallet 0.28.1 → 0.29.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +43 -0
- package/lib/commonjs/credential/issuance/03-start-user-authorization.js +5 -0
- package/lib/commonjs/credential/issuance/03-start-user-authorization.js.map +1 -1
- package/lib/commonjs/credential/issuance/04-complete-user-authorization.js +17 -3
- package/lib/commonjs/credential/issuance/04-complete-user-authorization.js.map +1 -1
- package/lib/commonjs/credential/issuance/05-authorize-access.js +5 -0
- package/lib/commonjs/credential/issuance/05-authorize-access.js.map +1 -1
- package/lib/commonjs/credential/issuance/06-obtain-credential.js +13 -2
- package/lib/commonjs/credential/issuance/06-obtain-credential.js.map +1 -1
- package/lib/commonjs/credential/issuance/07-verify-and-parse-credential.js +10 -0
- package/lib/commonjs/credential/issuance/07-verify-and-parse-credential.js.map +1 -1
- package/lib/commonjs/credential/presentation/01-start-flow.js +14 -14
- package/lib/commonjs/credential/presentation/01-start-flow.js.map +1 -1
- package/lib/commonjs/credential/presentation/02-evaluate-rp-trust.js +4 -2
- package/lib/commonjs/credential/presentation/02-evaluate-rp-trust.js.map +1 -1
- package/lib/commonjs/credential/presentation/03-get-request-object.js +2 -2
- package/lib/commonjs/credential/presentation/03-get-request-object.js.map +1 -1
- package/lib/commonjs/credential/presentation/05-verify-request-object.js +11 -4
- package/lib/commonjs/credential/presentation/05-verify-request-object.js.map +1 -1
- package/lib/commonjs/credential/presentation/07-evaluate-dcql-query.js +54 -14
- package/lib/commonjs/credential/presentation/07-evaluate-dcql-query.js.map +1 -1
- package/lib/commonjs/credential/presentation/07-evaluate-input-descriptor.js +26 -7
- package/lib/commonjs/credential/presentation/07-evaluate-input-descriptor.js.map +1 -1
- package/lib/commonjs/credential/presentation/08-send-authorization-response.js +4 -4
- package/lib/commonjs/credential/presentation/08-send-authorization-response.js.map +1 -1
- package/lib/commonjs/credential/presentation/README.md +96 -2
- package/lib/commonjs/credential/presentation/errors.js +16 -19
- package/lib/commonjs/credential/presentation/errors.js.map +1 -1
- package/lib/commonjs/credential/presentation/index.js +27 -2
- package/lib/commonjs/credential/presentation/index.js.map +1 -1
- package/lib/commonjs/credential/presentation/types.js +1 -1
- package/lib/commonjs/credential/presentation/types.js.map +1 -1
- package/lib/commonjs/credential/status/02-status-attestation.js +2 -0
- package/lib/commonjs/credential/status/02-status-attestation.js.map +1 -1
- package/lib/commonjs/credential/status/03-verify-and-parse-status-attestation.js +3 -0
- package/lib/commonjs/credential/status/03-verify-and-parse-status-attestation.js.map +1 -1
- package/lib/commonjs/credential/trustmark/get-credential-trustmark.js +5 -0
- package/lib/commonjs/credential/trustmark/get-credential-trustmark.js.map +1 -1
- package/lib/commonjs/index.js +3 -1
- package/lib/commonjs/index.js.map +1 -1
- package/lib/commonjs/utils/decoder.js +2 -0
- package/lib/commonjs/utils/decoder.js.map +1 -1
- package/lib/commonjs/utils/logging.js +68 -0
- package/lib/commonjs/utils/logging.js.map +1 -0
- package/lib/commonjs/utils/misc.js +2 -0
- package/lib/commonjs/utils/misc.js.map +1 -1
- package/lib/commonjs/utils/par.js +2 -0
- package/lib/commonjs/utils/par.js.map +1 -1
- package/lib/commonjs/wallet-instance/index.js +4 -0
- package/lib/commonjs/wallet-instance/index.js.map +1 -1
- package/lib/commonjs/wallet-instance-attestation/issuing.js +5 -0
- package/lib/commonjs/wallet-instance-attestation/issuing.js.map +1 -1
- package/lib/module/credential/issuance/03-start-user-authorization.js +5 -0
- package/lib/module/credential/issuance/03-start-user-authorization.js.map +1 -1
- package/lib/module/credential/issuance/04-complete-user-authorization.js +17 -3
- package/lib/module/credential/issuance/04-complete-user-authorization.js.map +1 -1
- package/lib/module/credential/issuance/05-authorize-access.js +5 -0
- package/lib/module/credential/issuance/05-authorize-access.js.map +1 -1
- package/lib/module/credential/issuance/06-obtain-credential.js +13 -2
- package/lib/module/credential/issuance/06-obtain-credential.js.map +1 -1
- package/lib/module/credential/issuance/07-verify-and-parse-credential.js +10 -0
- package/lib/module/credential/issuance/07-verify-and-parse-credential.js.map +1 -1
- package/lib/module/credential/presentation/01-start-flow.js +14 -14
- package/lib/module/credential/presentation/01-start-flow.js.map +1 -1
- package/lib/module/credential/presentation/02-evaluate-rp-trust.js +4 -2
- package/lib/module/credential/presentation/02-evaluate-rp-trust.js.map +1 -1
- package/lib/module/credential/presentation/03-get-request-object.js +2 -2
- package/lib/module/credential/presentation/03-get-request-object.js.map +1 -1
- package/lib/module/credential/presentation/05-verify-request-object.js +11 -4
- package/lib/module/credential/presentation/05-verify-request-object.js.map +1 -1
- package/lib/module/credential/presentation/07-evaluate-dcql-query.js +55 -14
- package/lib/module/credential/presentation/07-evaluate-dcql-query.js.map +1 -1
- package/lib/module/credential/presentation/07-evaluate-input-descriptor.js +25 -6
- package/lib/module/credential/presentation/07-evaluate-input-descriptor.js.map +1 -1
- package/lib/module/credential/presentation/08-send-authorization-response.js +4 -4
- package/lib/module/credential/presentation/08-send-authorization-response.js.map +1 -1
- package/lib/module/credential/presentation/README.md +96 -2
- package/lib/module/credential/presentation/errors.js +13 -16
- package/lib/module/credential/presentation/errors.js.map +1 -1
- package/lib/module/credential/presentation/index.js +4 -3
- package/lib/module/credential/presentation/index.js.map +1 -1
- package/lib/module/credential/presentation/types.js +1 -1
- package/lib/module/credential/presentation/types.js.map +1 -1
- package/lib/module/credential/status/02-status-attestation.js +2 -0
- package/lib/module/credential/status/02-status-attestation.js.map +1 -1
- package/lib/module/credential/status/03-verify-and-parse-status-attestation.js +3 -0
- package/lib/module/credential/status/03-verify-and-parse-status-attestation.js.map +1 -1
- package/lib/module/credential/trustmark/get-credential-trustmark.js +5 -0
- package/lib/module/credential/trustmark/get-credential-trustmark.js.map +1 -1
- package/lib/module/index.js +2 -1
- package/lib/module/index.js.map +1 -1
- package/lib/module/utils/decoder.js +2 -0
- package/lib/module/utils/decoder.js.map +1 -1
- package/lib/module/utils/logging.js +62 -0
- package/lib/module/utils/logging.js.map +1 -0
- package/lib/module/utils/misc.js +2 -0
- package/lib/module/utils/misc.js.map +1 -1
- package/lib/module/utils/par.js +2 -0
- package/lib/module/utils/par.js.map +1 -1
- package/lib/module/wallet-instance/index.js +4 -0
- package/lib/module/wallet-instance/index.js.map +1 -1
- package/lib/module/wallet-instance-attestation/issuing.js +5 -0
- package/lib/module/wallet-instance-attestation/issuing.js.map +1 -1
- package/lib/typescript/credential/issuance/03-start-user-authorization.d.ts.map +1 -1
- package/lib/typescript/credential/issuance/04-complete-user-authorization.d.ts +2 -2
- package/lib/typescript/credential/issuance/04-complete-user-authorization.d.ts.map +1 -1
- package/lib/typescript/credential/issuance/05-authorize-access.d.ts.map +1 -1
- package/lib/typescript/credential/issuance/06-obtain-credential.d.ts +1 -1
- package/lib/typescript/credential/issuance/06-obtain-credential.d.ts.map +1 -1
- package/lib/typescript/credential/issuance/07-verify-and-parse-credential.d.ts.map +1 -1
- package/lib/typescript/credential/presentation/01-start-flow.d.ts +17 -19
- package/lib/typescript/credential/presentation/01-start-flow.d.ts.map +1 -1
- package/lib/typescript/credential/presentation/02-evaluate-rp-trust.d.ts +1 -0
- package/lib/typescript/credential/presentation/02-evaluate-rp-trust.d.ts.map +1 -1
- package/lib/typescript/credential/presentation/03-get-request-object.d.ts +1 -4
- package/lib/typescript/credential/presentation/03-get-request-object.d.ts.map +1 -1
- package/lib/typescript/credential/presentation/05-verify-request-object.d.ts +4 -2
- package/lib/typescript/credential/presentation/05-verify-request-object.d.ts.map +1 -1
- package/lib/typescript/credential/presentation/07-evaluate-dcql-query.d.ts +13 -5
- package/lib/typescript/credential/presentation/07-evaluate-dcql-query.d.ts.map +1 -1
- package/lib/typescript/credential/presentation/07-evaluate-input-descriptor.d.ts +7 -2
- package/lib/typescript/credential/presentation/07-evaluate-input-descriptor.d.ts.map +1 -1
- package/lib/typescript/credential/presentation/08-send-authorization-response.d.ts +3 -3
- package/lib/typescript/credential/presentation/08-send-authorization-response.d.ts.map +1 -1
- package/lib/typescript/credential/presentation/errors.d.ts +14 -9
- package/lib/typescript/credential/presentation/errors.d.ts.map +1 -1
- package/lib/typescript/credential/presentation/index.d.ts +5 -4
- package/lib/typescript/credential/presentation/index.d.ts.map +1 -1
- package/lib/typescript/credential/presentation/types.d.ts +3 -3
- package/lib/typescript/credential/status/02-status-attestation.d.ts.map +1 -1
- package/lib/typescript/credential/status/03-verify-and-parse-status-attestation.d.ts.map +1 -1
- package/lib/typescript/credential/trustmark/get-credential-trustmark.d.ts.map +1 -1
- package/lib/typescript/index.d.ts +2 -1
- package/lib/typescript/index.d.ts.map +1 -1
- package/lib/typescript/utils/decoder.d.ts.map +1 -1
- package/lib/typescript/utils/logging.d.ts +35 -0
- package/lib/typescript/utils/logging.d.ts.map +1 -0
- package/lib/typescript/utils/misc.d.ts.map +1 -1
- package/lib/typescript/utils/par.d.ts.map +1 -1
- package/lib/typescript/wallet-instance/index.d.ts.map +1 -1
- package/lib/typescript/wallet-instance-attestation/issuing.d.ts.map +1 -1
- package/package.json +3 -3
- package/src/credential/issuance/03-start-user-authorization.ts +18 -0
- package/src/credential/issuance/04-complete-user-authorization.ts +57 -3
- package/src/credential/issuance/05-authorize-access.ts +16 -0
- package/src/credential/issuance/06-obtain-credential.ts +31 -2
- package/src/credential/issuance/07-verify-and-parse-credential.ts +27 -1
- package/src/credential/presentation/01-start-flow.ts +18 -20
- package/src/credential/presentation/02-evaluate-rp-trust.ts +3 -2
- package/src/credential/presentation/03-get-request-object.ts +4 -6
- package/src/credential/presentation/05-verify-request-object.ts +17 -6
- package/src/credential/presentation/07-evaluate-dcql-query.ts +60 -17
- package/src/credential/presentation/07-evaluate-input-descriptor.ts +53 -39
- package/src/credential/presentation/08-send-authorization-response.ts +9 -7
- package/src/credential/presentation/README.md +96 -2
- package/src/credential/presentation/errors.ts +21 -14
- package/src/credential/presentation/index.ts +22 -4
- package/src/credential/presentation/types.ts +1 -1
- package/src/credential/status/02-status-attestation.ts +3 -0
- package/src/credential/status/03-verify-and-parse-status-attestation.ts +10 -0
- package/src/credential/trustmark/get-credential-trustmark.ts +19 -0
- package/src/index.ts +2 -0
- package/src/utils/decoder.ts +5 -0
- package/src/utils/logging.ts +68 -0
- package/src/utils/misc.ts +5 -0
- package/src/utils/par.ts +6 -0
- package/src/wallet-instance/index.ts +17 -1
- package/src/wallet-instance-attestation/issuing.ts +19 -0
|
@@ -6,19 +6,21 @@ import { getJwksFromConfig } from "./04-retrieve-rp-jwks";
|
|
|
6
6
|
* Function to verify the Request Object's signature and the client ID.
|
|
7
7
|
* @param requestObjectEncodedJwt The Request Object in JWT format
|
|
8
8
|
* @param context.clientId The client ID to verify
|
|
9
|
-
* @param context.jwkKeys The set of keys to verify the signature
|
|
10
9
|
* @param context.rpConf The Entity Configuration of the Relying Party
|
|
10
|
+
* @param context.state Optional state
|
|
11
11
|
* @returns The verified Request Object
|
|
12
12
|
*/
|
|
13
13
|
export const verifyRequestObject = async (requestObjectEncodedJwt, _ref) => {
|
|
14
14
|
let {
|
|
15
15
|
clientId,
|
|
16
|
-
rpConf
|
|
16
|
+
rpConf,
|
|
17
|
+
rpSubject,
|
|
18
|
+
state
|
|
17
19
|
} = _ref;
|
|
18
20
|
const requestObjectJwt = decodeJwt(requestObjectEncodedJwt);
|
|
19
21
|
const {
|
|
20
22
|
keys
|
|
21
|
-
} = getJwksFromConfig(rpConf
|
|
23
|
+
} = getJwksFromConfig(rpConf);
|
|
22
24
|
|
|
23
25
|
// Verify token signature to ensure the request object is authentic
|
|
24
26
|
const pubKey = keys === null || keys === void 0 ? void 0 : keys.find(_ref2 => {
|
|
@@ -36,9 +38,14 @@ export const verifyRequestObject = async (requestObjectEncodedJwt, _ref) => {
|
|
|
36
38
|
issuer: clientId
|
|
37
39
|
});
|
|
38
40
|
const requestObject = RequestObject.parse(requestObjectJwt.payload);
|
|
39
|
-
|
|
41
|
+
const isClientIdMatch = clientId === requestObject.client_id && clientId === rpSubject;
|
|
42
|
+
if (!isClientIdMatch) {
|
|
40
43
|
throw new UnverifiedEntityError("Client ID does not match Request Object or Entity Configuration");
|
|
41
44
|
}
|
|
45
|
+
const isStateMatch = state && requestObject.state ? state === requestObject.state : true;
|
|
46
|
+
if (!isStateMatch) {
|
|
47
|
+
throw new UnverifiedEntityError("State does not match Request Object");
|
|
48
|
+
}
|
|
42
49
|
return {
|
|
43
50
|
requestObject
|
|
44
51
|
};
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"names":["decode","decodeJwt","verify","UnverifiedEntityError","RequestObject","getJwksFromConfig","verifyRequestObject","requestObjectEncodedJwt","_ref","clientId","rpConf","
|
|
1
|
+
{"version":3,"names":["decode","decodeJwt","verify","UnverifiedEntityError","RequestObject","getJwksFromConfig","verifyRequestObject","requestObjectEncodedJwt","_ref","clientId","rpConf","rpSubject","state","requestObjectJwt","keys","pubKey","find","_ref2","kid","protectedHeader","issuer","requestObject","parse","payload","isClientIdMatch","client_id","isStateMatch"],"sourceRoot":"../../../../src","sources":["credential/presentation/05-verify-request-object.ts"],"mappings":"AAAA,SAASA,MAAM,IAAIC,SAAS,EAAEC,MAAM,QAAQ,6BAA6B;AAEzE,SAASC,qBAAqB,QAAQ,UAAU;AAChD,SAASC,aAAa,QAAQ,SAAS;AACvC,SAASC,iBAAiB,QAAQ,uBAAuB;AAYzD;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,OAAO,MAAMC,mBAAwC,GAAG,MAAAA,CACtDC,uBAAuB,EAAAC,IAAA,KAEpB;EAAA,IADH;IAAEC,QAAQ;IAAEC,MAAM;IAAEC,SAAS;IAAEC;EAAM,CAAC,GAAAJ,IAAA;EAEtC,MAAMK,gBAAgB,GAAGZ,SAAS,CAACM,uBAAuB,CAAC;EAC3D,MAAM;IAAEO;EAAK,CAAC,GAAGT,iBAAiB,CAACK,MAAM,CAAC;;EAE1C;EACA,MAAMK,MAAM,GAAGD,IAAI,aAAJA,IAAI,uBAAJA,IAAI,CAAEE,IAAI,CACvBC,KAAA;IAAA,IAAC;MAAEC;IAAI,CAAC,GAAAD,KAAA;IAAA,OAAKC,GAAG,KAAKL,gBAAgB,CAACM,eAAe,CAACD,GAAG;EAAA,CAC3D,CAAC;EAED,IAAI,CAACH,MAAM,EAAE;IACX,MAAM,IAAIZ,qBAAqB,CAAC,wCAAwC,CAAC;EAC3E;;EAEA;EACA,MAAMD,MAAM,CAACK,uBAAuB,EAAEQ,MAAM,EAAE;IAAEK,MAAM,EAAEX;EAAS,CAAC,CAAC;EAEnE,MAAMY,aAAa,GAAGjB,aAAa,CAACkB,KAAK,CAACT,gBAAgB,CAACU,OAAO,CAAC;EAEnE,MAAMC,eAAe,GACnBf,QAAQ,KAAKY,aAAa,CAACI,SAAS,IAAIhB,QAAQ,KAAKE,SAAS;EAEhE,IAAI,CAACa,eAAe,EAAE;IACpB,MAAM,IAAIrB,qBAAqB,CAC7B,iEACF,CAAC;EACH;EAEA,MAAMuB,YAAY,GAChBd,KAAK,IAAIS,aAAa,CAACT,KAAK,GAAGA,KAAK,KAAKS,aAAa,CAACT,KAAK,GAAG,IAAI;EAErE,IAAI,CAACc,YAAY,EAAE;IACjB,MAAM,IAAIvB,qBAAqB,CAAC,qCAAqC,CAAC;EACxE;EAEA,OAAO;IAAEkB;EAAc,CAAC;AAC1B,CAAC"}
|
|
@@ -3,6 +3,12 @@ import { isValiError } from "valibot";
|
|
|
3
3
|
import { decode, prepareVpToken } from "../../sd-jwt";
|
|
4
4
|
import { ValidationFailed } from "../../utils/errors";
|
|
5
5
|
import { createCryptoContextFor } from "../../utils/crypto";
|
|
6
|
+
import { CredentialsNotFoundError } from "./errors";
|
|
7
|
+
|
|
8
|
+
/**
|
|
9
|
+
* The purpose for the credential request by the RP.
|
|
10
|
+
*/
|
|
11
|
+
|
|
6
12
|
/**
|
|
7
13
|
* Convert a credential in JWT format to an object with claims
|
|
8
14
|
* for correct parsing by the `dcql` library.
|
|
@@ -35,9 +41,38 @@ const getDcqlQueryMatches = result => Object.entries(result.credential_matches).
|
|
|
35
41
|
let [, match] = _ref;
|
|
36
42
|
return match.success === true;
|
|
37
43
|
});
|
|
44
|
+
|
|
45
|
+
/**
|
|
46
|
+
* Extract only failed matches from the DCQL query result.
|
|
47
|
+
*/
|
|
48
|
+
const getDcqlQueryFailedMatches = result => Object.entries(result.credential_matches).filter(_ref2 => {
|
|
49
|
+
let [, match] = _ref2;
|
|
50
|
+
return match.success === false;
|
|
51
|
+
});
|
|
52
|
+
|
|
53
|
+
/**
|
|
54
|
+
* Extract missing credentials from the DCQL query result.
|
|
55
|
+
* Note: here we are assuming a failed match is a missing credential,
|
|
56
|
+
* but there might be other reasons for its failure.
|
|
57
|
+
*/
|
|
58
|
+
const extractMissingCredentials = (queryResult, originalQuery) => {
|
|
59
|
+
return getDcqlQueryFailedMatches(queryResult).map(_ref3 => {
|
|
60
|
+
var _credential$meta;
|
|
61
|
+
let [id] = _ref3;
|
|
62
|
+
const credential = originalQuery.credentials.find(c => c.id === id);
|
|
63
|
+
if ((credential === null || credential === void 0 ? void 0 : credential.format) !== "vc+sd-jwt") {
|
|
64
|
+
throw new Error("Unsupported format"); // TODO [SIW-2082]: support MDOC credentials
|
|
65
|
+
}
|
|
66
|
+
|
|
67
|
+
return {
|
|
68
|
+
id,
|
|
69
|
+
vctValues: (_credential$meta = credential.meta) === null || _credential$meta === void 0 ? void 0 : _credential$meta.vct_values
|
|
70
|
+
};
|
|
71
|
+
});
|
|
72
|
+
};
|
|
38
73
|
export const evaluateDcqlQuery = (credentialsSdJwt, query) => {
|
|
39
|
-
const credentials = credentialsSdJwt.map(
|
|
40
|
-
let [, credential] =
|
|
74
|
+
const credentials = credentialsSdJwt.map(_ref4 => {
|
|
75
|
+
let [, credential] = _ref4;
|
|
41
76
|
return mapCredentialToObject(credential);
|
|
42
77
|
});
|
|
43
78
|
try {
|
|
@@ -46,7 +81,7 @@ export const evaluateDcqlQuery = (credentialsSdJwt, query) => {
|
|
|
46
81
|
DcqlQuery.validate(parsedQuery);
|
|
47
82
|
const queryResult = DcqlQuery.query(parsedQuery, credentials);
|
|
48
83
|
if (!queryResult.canBeSatisfied) {
|
|
49
|
-
throw new
|
|
84
|
+
throw new CredentialsNotFoundError(extractMissingCredentials(queryResult, parsedQuery));
|
|
50
85
|
}
|
|
51
86
|
|
|
52
87
|
// Build an object vct:credentialJwt to map matched credentials to their JWT
|
|
@@ -54,9 +89,9 @@ export const evaluateDcqlQuery = (credentialsSdJwt, query) => {
|
|
|
54
89
|
...acc,
|
|
55
90
|
[c.vct]: credentialsSdJwt[i]
|
|
56
91
|
}), {});
|
|
57
|
-
return getDcqlQueryMatches(queryResult).map(
|
|
92
|
+
return getDcqlQueryMatches(queryResult).map(_ref5 => {
|
|
58
93
|
var _queryResult$credenti;
|
|
59
|
-
let [id, match] =
|
|
94
|
+
let [id, match] = _ref5;
|
|
60
95
|
if (match.output.credential_format !== "vc+sd-jwt") {
|
|
61
96
|
throw new Error("Unsupported format"); // TODO [SIW-2082]: support MDOC credentials
|
|
62
97
|
}
|
|
@@ -65,23 +100,29 @@ export const evaluateDcqlQuery = (credentialsSdJwt, query) => {
|
|
|
65
100
|
vct,
|
|
66
101
|
claims
|
|
67
102
|
} = match.output;
|
|
68
|
-
|
|
69
|
-
// Find a matching credential set to see whether the credential is optional
|
|
70
|
-
// If no credential set is found, then the credential is required by default
|
|
71
|
-
// NOTE: This is an extra, it might not be necessary
|
|
72
|
-
const credentialSet = (_queryResult$credenti = queryResult.credential_sets) === null || _queryResult$credenti === void 0 ? void 0 : _queryResult$credenti.find(set => {
|
|
103
|
+
const purposes = (_queryResult$credenti = queryResult.credential_sets) === null || _queryResult$credenti === void 0 || (_queryResult$credenti = _queryResult$credenti.filter(set => {
|
|
73
104
|
var _set$matching_options;
|
|
74
|
-
return (_set$matching_options = set.matching_options) === null || _set$matching_options === void 0 ? void 0 : _set$matching_options.flat().includes(
|
|
105
|
+
return (_set$matching_options = set.matching_options) === null || _set$matching_options === void 0 ? void 0 : _set$matching_options.flat().includes(id);
|
|
106
|
+
})) === null || _queryResult$credenti === void 0 ? void 0 : _queryResult$credenti.map(credentialSet => {
|
|
107
|
+
var _credentialSet$purpos;
|
|
108
|
+
return {
|
|
109
|
+
description: (_credentialSet$purpos = credentialSet.purpose) === null || _credentialSet$purpos === void 0 ? void 0 : _credentialSet$purpos.toString(),
|
|
110
|
+
required: Boolean(credentialSet.required)
|
|
111
|
+
};
|
|
75
112
|
});
|
|
76
|
-
const isOptional = credentialSet ? !credentialSet.required : false;
|
|
77
113
|
const [keyTag, credential] = credentialsSdJwtByVct[vct];
|
|
78
114
|
const requiredDisclosures = Object.values(claims);
|
|
79
115
|
return {
|
|
80
116
|
id,
|
|
117
|
+
vct,
|
|
81
118
|
keyTag,
|
|
82
119
|
credential,
|
|
83
|
-
|
|
84
|
-
|
|
120
|
+
requiredDisclosures,
|
|
121
|
+
// When it is a match but no credential_sets are found, the credential is required by default
|
|
122
|
+
// See https://openid.net/specs/openid-4-verifiable-presentations-1_0-24.html#section-6.3.1.2-2.1
|
|
123
|
+
purposes: purposes ?? [{
|
|
124
|
+
required: true
|
|
125
|
+
}]
|
|
85
126
|
};
|
|
86
127
|
});
|
|
87
128
|
} catch (error) {
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"names":["DcqlQuery","DcqlError","DcqlCredentialSetError","isValiError","decode","prepareVpToken","ValidationFailed","createCryptoContextFor","mapCredentialToObject","jwt","sdJwt","disclosures","credentialFormat","header","typ","Error","vct","payload","credential_format","claims","reduce","acc","disclosure","decoded","getDcqlQueryMatches","result","Object","entries","credential_matches","filter","_ref","match","success","
|
|
1
|
+
{"version":3,"names":["DcqlQuery","DcqlError","DcqlCredentialSetError","isValiError","decode","prepareVpToken","ValidationFailed","createCryptoContextFor","CredentialsNotFoundError","mapCredentialToObject","jwt","sdJwt","disclosures","credentialFormat","header","typ","Error","vct","payload","credential_format","claims","reduce","acc","disclosure","decoded","getDcqlQueryMatches","result","Object","entries","credential_matches","filter","_ref","match","success","getDcqlQueryFailedMatches","_ref2","extractMissingCredentials","queryResult","originalQuery","map","_ref3","_credential$meta","id","credential","credentials","find","c","format","vctValues","meta","vct_values","evaluateDcqlQuery","credentialsSdJwt","query","_ref4","parsedQuery","parse","validate","canBeSatisfied","credentialsSdJwtByVct","i","_ref5","_queryResult$credenti","output","purposes","credential_sets","set","_set$matching_options","matching_options","flat","includes","credentialSet","_credentialSet$purpos","description","purpose","toString","required","Boolean","keyTag","requiredDisclosures","values","error","message","reason","issues","issue","join","prepareRemotePresentations","nonce","clientId","Promise","all","item","vp_token","requestedClaims","credentialId","vpToken"],"sourceRoot":"../../../../src","sources":["credential/presentation/07-evaluate-dcql-query.ts"],"mappings":"AAAA,SACEA,SAAS,EACTC,SAAS,EACTC,sBAAsB,QAEjB,MAAM;AACb,SAASC,WAAW,QAAQ,SAAS;AACrC,SAASC,MAAM,EAAEC,cAAc,QAAQ,cAAc;AAErD,SAASC,gBAAgB,QAAQ,oBAAoB;AACrD,SAASC,sBAAsB,QAAQ,oBAAoB;AAE3D,SAASC,wBAAwB,QAA6B,UAAU;;AAExE;AACA;AACA;;AAuCA;AACA;AACA;AACA;AACA,MAAMC,qBAAqB,GAAIC,GAAW,IAAK;EAC7C,MAAM;IAAEC,KAAK;IAAEC;EAAY,CAAC,GAAGR,MAAM,CAACM,GAAG,CAAC;EAC1C,MAAMG,gBAAgB,GAAGF,KAAK,CAACG,MAAM,CAACC,GAAG;;EAEzC;EACA,IAAIF,gBAAgB,KAAK,WAAW,EAAE;IACpC,MAAM,IAAIG,KAAK,CAAE,kCAAiCH,gBAAiB,EAAC,CAAC;EACvE;EAEA,OAAO;IACLI,GAAG,EAAEN,KAAK,CAACO,OAAO,CAACD,GAAG;IACtBE,iBAAiB,EAAEN,gBAAgB;IACnCO,MAAM,EAAER,WAAW,CAACS,MAAM,CACxB,CAACC,GAAG,EAAEC,UAAU,MAAM;MACpB,GAAGD,GAAG;MACN,CAACC,UAAU,CAACC,OAAO,CAAC,CAAC,CAAC,GAAGD,UAAU,CAACC;IACtC,CAAC,CAAC,EACF,CAAC,CACH;EACF,CAAC;AACH,CAAC;;AAED;AACA;AACA;AACA,MAAMC,mBAAmB,GAAIC,MAAuB,IAClDC,MAAM,CAACC,OAAO,CAACF,MAAM,CAACG,kBAAkB,CAAC,CAACC,MAAM,CAC9CC,IAAA;EAAA,IAAC,GAAGC,KAAK,CAAC,GAAAD,IAAA;EAAA,OAAKC,KAAK,CAACC,OAAO,KAAK,IAAI;AAAA,CACvC,CAAiC;;AAEnC;AACA;AACA;AACA,MAAMC,yBAAyB,GAAIR,MAAuB,IACxDC,MAAM,CAACC,OAAO,CAACF,MAAM,CAACG,kBAAkB,CAAC,CAACC,MAAM,CAC9CK,KAAA;EAAA,IAAC,GAAGH,KAAK,CAAC,GAAAG,KAAA;EAAA,OAAKH,KAAK,CAACC,OAAO,KAAK,KAAK;AAAA,CACxC,CAAiC;;AAEnC;AACA;AACA;AACA;AACA;AACA,MAAMG,yBAAyB,GAAGA,CAChCC,WAA4B,EAC5BC,aAAwB,KACH;EACrB,OAAOJ,yBAAyB,CAACG,WAAW,CAAC,CAACE,GAAG,CAACC,KAAA,IAAU;IAAA,IAAAC,gBAAA;IAAA,IAAT,CAACC,EAAE,CAAC,GAAAF,KAAA;IACrD,MAAMG,UAAU,GAAGL,aAAa,CAACM,WAAW,CAACC,IAAI,CAAEC,CAAC,IAAKA,CAAC,CAACJ,EAAE,KAAKA,EAAE,CAAC;IACrE,IAAI,CAAAC,UAAU,aAAVA,UAAU,uBAAVA,UAAU,CAAEI,MAAM,MAAK,WAAW,EAAE;MACtC,MAAM,IAAI/B,KAAK,CAAC,oBAAoB,CAAC,CAAC,CAAC;IACzC;;IACA,OAAO;MAAE0B,EAAE;MAAEM,SAAS,GAAAP,gBAAA,GAAEE,UAAU,CAACM,IAAI,cAAAR,gBAAA,uBAAfA,gBAAA,CAAiBS;IAAW,CAAC;EACvD,CAAC,CAAC;AACJ,CAAC;AAED,OAAO,MAAMC,iBAAoC,GAAGA,CAClDC,gBAAgB,EAChBC,KAAK,KACF;EACH,MAAMT,WAAW,GAAGQ,gBAAgB,CAACb,GAAG,CAACe,KAAA;IAAA,IAAC,GAAGX,UAAU,CAAC,GAAAW,KAAA;IAAA,OACtD7C,qBAAqB,CAACkC,UAAU,CAAC;EAAA,CACnC,CAAC;EAED,IAAI;IACF;IACA,MAAMY,WAAW,GAAGvD,SAAS,CAACwD,KAAK,CAACH,KAAK,CAAC;IAC1CrD,SAAS,CAACyD,QAAQ,CAACF,WAAW,CAAC;IAE/B,MAAMlB,WAAW,GAAGrC,SAAS,CAACqD,KAAK,CAACE,WAAW,EAAEX,WAAW,CAAC;IAE7D,IAAI,CAACP,WAAW,CAACqB,cAAc,EAAE;MAC/B,MAAM,IAAIlD,wBAAwB,CAChC4B,yBAAyB,CAACC,WAAW,EAAEkB,WAAW,CACpD,CAAC;IACH;;IAEA;IACA,MAAMI,qBAAqB,GAAGf,WAAW,CAACvB,MAAM,CAC9C,CAACC,GAAG,EAAEwB,CAAC,EAAEc,CAAC,MAAM;MAAE,GAAGtC,GAAG;MAAE,CAACwB,CAAC,CAAC7B,GAAG,GAAGmC,gBAAgB,CAACQ,CAAC;IAAG,CAAC,CAAC,EAC1D,CAAC,CACH,CAAC;IAED,OAAOnC,mBAAmB,CAACY,WAAW,CAAC,CAACE,GAAG,CAACsB,KAAA,IAAiB;MAAA,IAAAC,qBAAA;MAAA,IAAhB,CAACpB,EAAE,EAAEV,KAAK,CAAC,GAAA6B,KAAA;MACtD,IAAI7B,KAAK,CAAC+B,MAAM,CAAC5C,iBAAiB,KAAK,WAAW,EAAE;QAClD,MAAM,IAAIH,KAAK,CAAC,oBAAoB,CAAC,CAAC,CAAC;MACzC;;MACA,MAAM;QAAEC,GAAG;QAAEG;MAAO,CAAC,GAAGY,KAAK,CAAC+B,MAAM;MAEpC,MAAMC,QAAQ,IAAAF,qBAAA,GAAGzB,WAAW,CAAC4B,eAAe,cAAAH,qBAAA,gBAAAA,qBAAA,GAA3BA,qBAAA,CACbhC,MAAM,CAAEoC,GAAG;QAAA,IAAAC,qBAAA;QAAA,QAAAA,qBAAA,GAAKD,GAAG,CAACE,gBAAgB,cAAAD,qBAAA,uBAApBA,qBAAA,CAAsBE,IAAI,CAAC,CAAC,CAACC,QAAQ,CAAC5B,EAAE,CAAC;MAAA,EAAC,cAAAoB,qBAAA,uBAD7CA,qBAAA,CAEbvB,GAAG,CAAqBgC,aAAa;QAAA,IAAAC,qBAAA;QAAA,OAAM;UAC3CC,WAAW,GAAAD,qBAAA,GAAED,aAAa,CAACG,OAAO,cAAAF,qBAAA,uBAArBA,qBAAA,CAAuBG,QAAQ,CAAC,CAAC;UAC9CC,QAAQ,EAAEC,OAAO,CAACN,aAAa,CAACK,QAAQ;QAC1C,CAAC;MAAA,CAAC,CAAC;MAEL,MAAM,CAACE,MAAM,EAAEnC,UAAU,CAAC,GAAGgB,qBAAqB,CAAC1C,GAAG,CAAE;MACxD,MAAM8D,mBAAmB,GAAGpD,MAAM,CAACqD,MAAM,CAAC5D,MAAM,CAAiB;MACjE,OAAO;QACLsB,EAAE;QACFzB,GAAG;QACH6D,MAAM;QACNnC,UAAU;QACVoC,mBAAmB;QACnB;QACA;QACAf,QAAQ,EAAEA,QAAQ,IAAI,CAAC;UAAEY,QAAQ,EAAE;QAAK,CAAC;MAC3C,CAAC;IACH,CAAC,CAAC;EACJ,CAAC,CAAC,OAAOK,KAAK,EAAE;IACd;IACA,IAAI9E,WAAW,CAAC8E,KAAK,CAAC,EAAE;MACtB,MAAM,IAAI3E,gBAAgB,CAAC;QACzB4E,OAAO,EAAE,oBAAoB;QAC7BC,MAAM,EAAEF,KAAK,CAACG,MAAM,CAAC7C,GAAG,CAAE8C,KAAK,IAAKA,KAAK,CAACH,OAAO,CAAC,CAACI,IAAI,CAAC,IAAI;MAC9D,CAAC,CAAC;IACJ;IAEA,IAAIL,KAAK,YAAYhF,SAAS,EAAE;MAC9B;IAAA;IAEF,IAAIgF,KAAK,YAAY/E,sBAAsB,EAAE;MAC3C;IAAA;IAEF,MAAM+E,KAAK;EACb;AACF,CAAC;AAED,OAAO,MAAMM,0BAAsD,GAAG,MAAAA,CACpE3C,WAAW,EACX4C,KAAK,EACLC,QAAQ,KACL;EACH,OAAOC,OAAO,CAACC,GAAG,CAChB/C,WAAW,CAACL,GAAG,CAAC,MAAOqD,IAAI,IAAK;IAC9B,MAAM;MAAEC;IAAS,CAAC,GAAG,MAAMxF,cAAc,CAACmF,KAAK,EAAEC,QAAQ,EAAE,CACzDG,IAAI,CAACjD,UAAU,EACfiD,IAAI,CAACE,eAAe,EACpBvF,sBAAsB,CAACqF,IAAI,CAACd,MAAM,CAAC,CACpC,CAAC;IAEF,OAAO;MACLiB,YAAY,EAAEH,IAAI,CAAClD,EAAE;MACrBoD,eAAe,EAAEF,IAAI,CAACE,eAAe;MACrCE,OAAO,EAAEH,QAAQ;MACjB9C,MAAM,EAAE;IACV,CAAC;EACH,CAAC,CACH,CAAC;AACH,CAAC"}
|
|
@@ -1,12 +1,17 @@
|
|
|
1
1
|
import { decode, prepareVpToken } from "../../sd-jwt";
|
|
2
2
|
import { createCryptoContextFor } from "../../utils/crypto";
|
|
3
3
|
import { JSONPath } from "jsonpath-plus";
|
|
4
|
-
import {
|
|
4
|
+
import { CredentialsNotFoundError, MissingDataError } from "./errors";
|
|
5
5
|
import Ajv from "ajv";
|
|
6
6
|
const ajv = new Ajv({
|
|
7
7
|
allErrors: true
|
|
8
8
|
});
|
|
9
9
|
const INDEX_CLAIM_NAME = 1;
|
|
10
|
+
|
|
11
|
+
/**
|
|
12
|
+
* @deprecated Use `prepareRemotePresentations` from DCQL
|
|
13
|
+
*/
|
|
14
|
+
|
|
10
15
|
/**
|
|
11
16
|
* Transforms an array of DisclosureWithEncoded objects into a key-value map.
|
|
12
17
|
* @param disclosures - An array of DisclosureWithEncoded, each containing a decoded property with [?, claimName, claimValue].
|
|
@@ -189,7 +194,10 @@ export const findCredentialSdJwt = (inputDescriptor, decodedSdJwtCredentials) =>
|
|
|
189
194
|
continue;
|
|
190
195
|
}
|
|
191
196
|
}
|
|
192
|
-
throw new
|
|
197
|
+
throw new CredentialsNotFoundError([{
|
|
198
|
+
id: "",
|
|
199
|
+
reason: "None of the vc+sd-jwt credentials satisfy the requirements."
|
|
200
|
+
}]);
|
|
193
201
|
};
|
|
194
202
|
|
|
195
203
|
/**
|
|
@@ -225,7 +233,10 @@ export const evaluateInputDescriptors = async (inputDescriptors, credentialsSdJw
|
|
|
225
233
|
var _descriptor$format;
|
|
226
234
|
if ((_descriptor$format = descriptor.format) !== null && _descriptor$format !== void 0 && _descriptor$format["vc+sd-jwt"]) {
|
|
227
235
|
if (!decodedSdJwtCredentials.length) {
|
|
228
|
-
throw new
|
|
236
|
+
throw new CredentialsNotFoundError([{
|
|
237
|
+
id: descriptor.id,
|
|
238
|
+
reason: "vc+sd-jwt credential is not supported."
|
|
239
|
+
}]);
|
|
229
240
|
}
|
|
230
241
|
const {
|
|
231
242
|
matchedEvaluation,
|
|
@@ -239,7 +250,10 @@ export const evaluateInputDescriptors = async (inputDescriptors, credentialsSdJw
|
|
|
239
250
|
keyTag: matchedKeyTag
|
|
240
251
|
};
|
|
241
252
|
}
|
|
242
|
-
throw new
|
|
253
|
+
throw new CredentialsNotFoundError([{
|
|
254
|
+
id: descriptor.id,
|
|
255
|
+
reason: `${descriptor.format} format is not supported.`
|
|
256
|
+
}]);
|
|
243
257
|
}));
|
|
244
258
|
};
|
|
245
259
|
|
|
@@ -250,6 +264,8 @@ export const evaluateInputDescriptors = async (inputDescriptors, credentialsSdJw
|
|
|
250
264
|
* - Validates the credential format.
|
|
251
265
|
* - Generates a verifiable presentation token (vpToken) using the provided nonce and client identifier.
|
|
252
266
|
*
|
|
267
|
+
* @deprecated Use `prepareRemotePresentations` from DCQL
|
|
268
|
+
*
|
|
253
269
|
* @param credentialAndDescriptors - An array containing objects with requested claims,
|
|
254
270
|
* input descriptor, credential, and keyTag.
|
|
255
271
|
* @param nonce - A unique nonce for the verifiable presentation token.
|
|
@@ -257,7 +273,7 @@ export const evaluateInputDescriptors = async (inputDescriptors, credentialsSdJw
|
|
|
257
273
|
* @returns A promise that resolves to an array of RemotePresentation objects.
|
|
258
274
|
* @throws {CredentialNotFoundError} When the credential format is unsupported.
|
|
259
275
|
*/
|
|
260
|
-
export const
|
|
276
|
+
export const prepareLegacyRemotePresentations = async (credentialAndDescriptors, nonce, client_id) => {
|
|
261
277
|
return Promise.all(credentialAndDescriptors.map(async item => {
|
|
262
278
|
var _descriptor$format2;
|
|
263
279
|
const descriptor = item.inputDescriptor;
|
|
@@ -272,7 +288,10 @@ export const prepareRemotePresentations = async (credentialAndDescriptors, nonce
|
|
|
272
288
|
format: "vc+sd-jwt"
|
|
273
289
|
};
|
|
274
290
|
}
|
|
275
|
-
throw new
|
|
291
|
+
throw new CredentialsNotFoundError([{
|
|
292
|
+
id: descriptor.id,
|
|
293
|
+
reason: `${descriptor.format} format is not supported.`
|
|
294
|
+
}]);
|
|
276
295
|
}));
|
|
277
296
|
};
|
|
278
297
|
//# sourceMappingURL=07-evaluate-input-descriptor.js.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"names":["decode","prepareVpToken","createCryptoContextFor","JSONPath","
|
|
1
|
+
{"version":3,"names":["decode","prepareVpToken","createCryptoContextFor","JSONPath","CredentialsNotFoundError","MissingDataError","Ajv","ajv","allErrors","INDEX_CLAIM_NAME","mapDisclosuresToObject","disclosures","reduce","obj","_ref","decoded","claimName","claimValue","findMatchedClaim","paths","payload","matchedPath","matchedValue","some","singlePath","result","path","json","length","error","extractClaimName","regex","match","Error","evaluateInputDescriptorForSdJwt4VC","inputDescriptor","payloadCredential","_inputDescriptor$cons","constraints","fields","requiredDisclosures","optionalDisclosures","unrequestedDisclosures","requiredClaimNames","optionalClaimNames","disclosuresAsPayload","allFieldsValid","every","field","optional","push","filter","validateSchema","compile","disclosure","includes","isNotLimitDisclosure","limit_disclosure","findCredentialSdJwt","decodedSdJwtCredentials","keyTag","credential","sdJwt","evaluatedDisclosure","matchedEvaluation","matchedKeyTag","matchedCredential","id","reason","evaluateInputDescriptors","inputDescriptors","credentialsSdJwt","map","_ref2","Promise","all","descriptor","_descriptor$format","format","prepareLegacyRemotePresentations","credentialAndDescriptors","nonce","client_id","item","_descriptor$format2","vp_token","requestedClaims","vpToken"],"sourceRoot":"../../../../src","sources":["credential/presentation/07-evaluate-input-descriptor.ts"],"mappings":"AAEA,SAASA,MAAM,EAAEC,cAAc,QAAQ,cAAc;AACrD,SAASC,sBAAsB,QAAQ,oBAAoB;AAC3D,SAASC,QAAQ,QAAQ,eAAe;AACxC,SAASC,wBAAwB,EAAEC,gBAAgB,QAAQ,UAAU;AACrE,OAAOC,GAAG,MAAM,KAAK;AAErB,MAAMC,GAAG,GAAG,IAAID,GAAG,CAAC;EAAEE,SAAS,EAAE;AAAK,CAAC,CAAC;AACxC,MAAMC,gBAAgB,GAAG,CAAC;;AA0B1B;AACA;AACA;;AAYA;AACA;AACA;AACA;AACA;AACA,MAAMC,sBAAsB,GAC1BC,WAAoC,IACR;EAC5B,OAAOA,WAAW,CAACC,MAAM,CACvB,CAACC,GAAG,EAAAC,IAAA,KAAkB;IAAA,IAAhB;MAAEC;IAAQ,CAAC,GAAAD,IAAA;IACf,MAAM,GAAGE,SAAS,EAAEC,UAAU,CAAC,GAAGF,OAAO;IACzCF,GAAG,CAACG,SAAS,CAAC,GAAGC,UAAU;IAC3B,OAAOJ,GAAG;EACZ,CAAC,EACD,CAAC,CACH,CAAC;AACH,CAAC;;AAED;AACA;AACA;AACA;AACA;AACA;AACA,MAAMK,gBAAgB,GAAGA,CACvBC,KAAe,EACfC,OAAY,KACW;EACvB,IAAIC,WAAW;EACf,IAAIC,YAAY;EAChBH,KAAK,CAACI,IAAI,CAAEC,UAAU,IAAK;IACzB,IAAI;MACF,MAAMC,MAAM,GAAGtB,QAAQ,CAAC;QAAEuB,IAAI,EAAEF,UAAU;QAAEG,IAAI,EAAEP;MAAQ,CAAC,CAAC;MAC5D,IAAIK,MAAM,CAACG,MAAM,GAAG,CAAC,EAAE;QACrBP,WAAW,GAAGG,UAAU;QACxBF,YAAY,GAAGG,MAAM,CAAC,CAAC,CAAC;QACxB,OAAO,IAAI;MACb;IACF,CAAC,CAAC,OAAOI,KAAK,EAAE;MACd,MAAM,IAAIxB,gBAAgB,CACvB,iBAAgBmB,UAAW,wCAC9B,CAAC;IACH;IACA,OAAO,KAAK;EACd,CAAC,CAAC;EAEF,OAAO,CAACH,WAAW,EAAEC,YAAY,CAAC;AACpC,CAAC;;AAED;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,MAAMQ,gBAAgB,GAAIJ,IAAY,IAAyB;EAC7D;EACA;EACA;EACA,MAAMK,KAAK,GAAG,yCAAyC;EAEvD,MAAMC,KAAK,GAAGN,IAAI,CAACM,KAAK,CAACD,KAAK,CAAC;EAC/B,IAAIC,KAAK,EAAE;IACT;IACA;IACA,OAAOA,KAAK,CAAC,CAAC,CAAC,IAAIA,KAAK,CAAC,CAAC,CAAC;EAC7B;;EAEA;;EAEA,MAAM,IAAIC,KAAK,CACZ,0BAAyBP,IAAK,wFACjC,CAAC;AACH,CAAC;;AAED;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,OAAO,MAAMQ,kCAAmE,GAC9EA,CAACC,eAAe,EAAEC,iBAAiB,EAAEzB,WAAW,KAAK;EAAA,IAAA0B,qBAAA;EACnD,IAAI,EAACF,eAAe,aAAfA,eAAe,gBAAAE,qBAAA,GAAfF,eAAe,CAAEG,WAAW,cAAAD,qBAAA,eAA5BA,qBAAA,CAA8BE,MAAM,GAAE;IACzC;IACA,OAAO;MACLC,mBAAmB,EAAE,EAAE;MACvBC,mBAAmB,EAAE,EAAE;MACvBC,sBAAsB,EAAE/B;IAC1B,CAAC;EACH;EACA,MAAMgC,kBAA4B,GAAG,EAAE;EACvC,MAAMC,kBAA4B,GAAG,EAAE;;EAEvC;EACA,MAAMC,oBAAoB,GAAGnC,sBAAsB,CAACC,WAAW,CAAC;;EAEhE;EACA;EACA,MAAMmC,cAAc,GAAGX,eAAe,CAACG,WAAW,CAACC,MAAM,CAACQ,KAAK,CAAEC,KAAK,IAAK;IACzE;IACA;IACA;IACA,IAAI,CAAC3B,WAAW,EAAEC,YAAY,CAAC,GAAGJ,gBAAgB,CAChD8B,KAAK,CAACtB,IAAI,EACVmB,oBACF,CAAC;IAED,IAAI,CAACxB,WAAW,EAAE;MAChB,CAACA,WAAW,EAAEC,YAAY,CAAC,GAAGJ,gBAAgB,CAC5C8B,KAAK,CAACtB,IAAI,EACVU,iBACF,CAAC;MAED,IAAI,CAACf,WAAW,EAAE;QAChB;QACA,OAAO2B,KAAK,aAALA,KAAK,uBAALA,KAAK,CAAEC,QAAQ;MACxB;IACF,CAAC,MAAM;MACL;MACA,MAAMjC,SAAS,GAAGc,gBAAgB,CAACT,WAAW,CAAC;MAC/C,IAAIL,SAAS,EAAE;QACb,CAACgC,KAAK,aAALA,KAAK,eAALA,KAAK,CAAEC,QAAQ,GAAGL,kBAAkB,GAAGD,kBAAkB,EAAEO,IAAI,CAC9DlC,SACF,CAAC;MACH;IACF;;IAEA;IACA;IACA,IAAIgC,KAAK,CAACG,MAAM,EAAE;MAChB,IAAI;QACF,MAAMC,cAAc,GAAG7C,GAAG,CAAC8C,OAAO,CAACL,KAAK,CAACG,MAAM,CAAC;QAChD,IAAI,CAACC,cAAc,CAAC9B,YAAY,CAAC,EAAE;UACjC,MAAM,IAAIjB,gBAAgB,CACvB,gBAAeiB,YAAa,eAAcD,WAAY,4CACzD,CAAC;QACH;MACF,CAAC,CAAC,OAAOQ,KAAK,EAAE;QACd,OAAO,KAAK;MACd;IACF;IACA;IACA;;IAEA,OAAO,IAAI;EACb,CAAC,CAAC;EAEF,IAAI,CAACiB,cAAc,EAAE;IACnB,MAAM,IAAIzC,gBAAgB,CACxB,iGACF,CAAC;EACH;;EAEA;;EAEA,MAAMmC,mBAAmB,GAAG7B,WAAW,CAACwC,MAAM,CAAEG,UAAU,IACxDX,kBAAkB,CAACY,QAAQ,CAACD,UAAU,CAACvC,OAAO,CAACN,gBAAgB,CAAC,CAClE,CAAC;EAED,MAAMgC,mBAAmB,GAAG9B,WAAW,CAACwC,MAAM,CAAEG,UAAU,IACxDV,kBAAkB,CAACW,QAAQ,CAACD,UAAU,CAACvC,OAAO,CAACN,gBAAgB,CAAC,CAClE,CAAC;EAED,MAAM+C,oBAAoB,GAAG,EAC3BrB,eAAe,CAACG,WAAW,CAACmB,gBAAgB,KAAK,UAAU,CAC5D;EAED,MAAMf,sBAAsB,GAAGc,oBAAoB,GAC/C7C,WAAW,CAACwC,MAAM,CACfG,UAAU,IACT,CAACV,kBAAkB,CAACW,QAAQ,CAC1BD,UAAU,CAACvC,OAAO,CAACN,gBAAgB,CACrC,CAAC,IACD,CAACkC,kBAAkB,CAACY,QAAQ,CAACD,UAAU,CAACvC,OAAO,CAACN,gBAAgB,CAAC,CACrE,CAAC,GACD,EAAE;EAEN,OAAO;IACL+B,mBAAmB;IACnBC,mBAAmB;IACnBC;EACF,CAAC;AACH,CAAC;AASH;AACA;AACA;AACA;AACA;AACA;AACA,OAAO,MAAMgB,mBAAmB,GAAGA,CACjCvB,eAAgC,EAChCwB,uBAAiD,KAK9C;EACH,KAAK,MAAM;IACTC,MAAM;IACNC,UAAU;IACVC,KAAK;IACLnD;EACF,CAAC,IAAIgD,uBAAuB,EAAE;IAC5B,IAAI;MACF,MAAMI,mBAAmB,GAAG7B,kCAAkC,CAC5DC,eAAe,EACf2B,KAAK,CAAC1C,OAAO,EACbT,WACF,CAAC;MAED,OAAO;QACLqD,iBAAiB,EAAED,mBAAmB;QACtCE,aAAa,EAAEL,MAAM;QACrBM,iBAAiB,EAAEL;MACrB,CAAC;IACH,CAAC,CAAC,MAAM;MACN;MACA;IACF;EACF;EAEA,MAAM,IAAIzD,wBAAwB,CAAC,CACjC;IACE+D,EAAE,EAAE,EAAE;IACNC,MAAM,EAAE;EACV,CAAC,CACF,CAAC;AACJ,CAAC;;AAED;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,OAAO,MAAMC,wBAAkD,GAAG,MAAAA,CAChEC,gBAAgB,EAChBC,gBAAgB,KACb;EACH;EACA,MAAMZ,uBAAuB,GAC3B,CAAAY,gBAAgB,aAAhBA,gBAAgB,uBAAhBA,gBAAgB,CAAEC,GAAG,CAACC,KAAA,IAA0B;IAAA,IAAzB,CAACb,MAAM,EAAEC,UAAU,CAAC,GAAAY,KAAA;IACzC,MAAM;MAAEX,KAAK;MAAEnD;IAAY,CAAC,GAAGX,MAAM,CAAC6D,UAAU,CAAC;IACjD,OAAO;MAAED,MAAM;MAAEC,UAAU;MAAEC,KAAK;MAAEnD;IAAY,CAAC;EACnD,CAAC,CAAC,KAAI,EAAE;EAEV,OAAO+D,OAAO,CAACC,GAAG,CAChBL,gBAAgB,CAACE,GAAG,CAAC,MAAOI,UAAU,IAAK;IAAA,IAAAC,kBAAA;IACzC,KAAAA,kBAAA,GAAID,UAAU,CAACE,MAAM,cAAAD,kBAAA,eAAjBA,kBAAA,CAAoB,WAAW,CAAC,EAAE;MACpC,IAAI,CAAClB,uBAAuB,CAAC/B,MAAM,EAAE;QACnC,MAAM,IAAIxB,wBAAwB,CAAC,CACjC;UACE+D,EAAE,EAAES,UAAU,CAACT,EAAE;UACjBC,MAAM,EAAE;QACV,CAAC,CACF,CAAC;MACJ;MAEA,MAAM;QAAEJ,iBAAiB;QAAEC,aAAa;QAAEC;MAAkB,CAAC,GAC3DR,mBAAmB,CAACkB,UAAU,EAAEjB,uBAAuB,CAAC;MAE1D,OAAO;QACLI,mBAAmB,EAAEC,iBAAiB;QACtC7B,eAAe,EAAEyC,UAAU;QAC3Bf,UAAU,EAAEK,iBAAiB;QAC7BN,MAAM,EAAEK;MACV,CAAC;IACH;IAEA,MAAM,IAAI7D,wBAAwB,CAAC,CACjC;MACE+D,EAAE,EAAES,UAAU,CAACT,EAAE;MACjBC,MAAM,EAAG,GAAEQ,UAAU,CAACE,MAAO;IAC/B,CAAC,CACF,CAAC;EACJ,CAAC,CACH,CAAC;AACH,CAAC;;AAED;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,OAAO,MAAMC,gCAAkE,GAC7E,MAAAA,CAAOC,wBAAwB,EAAEC,KAAK,EAAEC,SAAS,KAAK;EACpD,OAAOR,OAAO,CAACC,GAAG,CAChBK,wBAAwB,CAACR,GAAG,CAAC,MAAOW,IAAI,IAAK;IAAA,IAAAC,mBAAA;IAC3C,MAAMR,UAAU,GAAGO,IAAI,CAAChD,eAAe;IAEvC,KAAAiD,mBAAA,GAAIR,UAAU,CAACE,MAAM,cAAAM,mBAAA,eAAjBA,mBAAA,CAAoB,WAAW,CAAC,EAAE;MACpC,MAAM;QAAEC;MAAS,CAAC,GAAG,MAAMpF,cAAc,CAACgF,KAAK,EAAEC,SAAS,EAAE,CAC1DC,IAAI,CAACtB,UAAU,EACfsB,IAAI,CAACG,eAAe,EACpBpF,sBAAsB,CAACiF,IAAI,CAACvB,MAAM,CAAC,CACpC,CAAC;MAEF,OAAO;QACL0B,eAAe,EAAEH,IAAI,CAACG,eAAe;QACrCnD,eAAe,EAAEyC,UAAU;QAC3BW,OAAO,EAAEF,QAAQ;QACjBP,MAAM,EAAE;MACV,CAAC;IACH;IAEA,MAAM,IAAI1E,wBAAwB,CAAC,CACjC;MACE+D,EAAE,EAAES,UAAU,CAACT,EAAE;MACjBC,MAAM,EAAG,GAAEQ,UAAU,CAACE,MAAO;IAC/B,CAAC,CACF,CAAC;EACJ,CAAC,CACH,CAAC;AACH,CAAC"}
|
|
@@ -46,20 +46,20 @@ export const buildDirectPostJwtBody = async (requestObject, rpConf, payload) =>
|
|
|
46
46
|
state: requestObject.state,
|
|
47
47
|
...payload
|
|
48
48
|
});
|
|
49
|
-
|
|
50
49
|
// Choose a suitable public key for encryption
|
|
51
50
|
const {
|
|
52
51
|
keys
|
|
53
|
-
} = getJwksFromConfig(rpConf
|
|
52
|
+
} = getJwksFromConfig(rpConf);
|
|
54
53
|
const encPublicJwk = choosePublicKeyToEncrypt(keys);
|
|
55
54
|
|
|
56
55
|
// Encrypt the authorization payload
|
|
57
56
|
const {
|
|
58
57
|
authorization_encrypted_response_alg,
|
|
59
58
|
authorization_encrypted_response_enc
|
|
60
|
-
} = rpConf.
|
|
59
|
+
} = rpConf.openid_credential_verifier;
|
|
60
|
+
const defaultAlg = encPublicJwk.kty === "EC" ? "ECDH-ES" : "RSA-OAEP-256";
|
|
61
61
|
const encryptedResponse = await new EncryptJwe(authzResponsePayload, {
|
|
62
|
-
alg: authorization_encrypted_response_alg ||
|
|
62
|
+
alg: authorization_encrypted_response_alg || defaultAlg,
|
|
63
63
|
enc: authorization_encrypted_response_enc || "A256CBC-HS512",
|
|
64
64
|
kid: encPublicJwk.kid
|
|
65
65
|
}).encrypt(encPublicJwk);
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"names":["EncryptJwe","uuid","getJwksFromConfig","NoSuitableKeysFoundInEntityConfiguration","hasStatusOrThrow","z","AuthorizationResponse","object","status","string","optional","response_code","redirect_uri","choosePublicKeyToEncrypt","rpJwkKeys","encKey","find","jwk","use","buildDirectPostJwtBody","requestObject","rpConf","payload","authzResponsePayload","JSON","stringify","state","keys","
|
|
1
|
+
{"version":3,"names":["EncryptJwe","uuid","getJwksFromConfig","NoSuitableKeysFoundInEntityConfiguration","hasStatusOrThrow","z","AuthorizationResponse","object","status","string","optional","response_code","redirect_uri","choosePublicKeyToEncrypt","rpJwkKeys","encKey","find","jwk","use","buildDirectPostJwtBody","requestObject","rpConf","payload","authzResponsePayload","JSON","stringify","state","keys","encPublicJwk","authorization_encrypted_response_alg","authorization_encrypted_response_enc","openid_credential_verifier","defaultAlg","kty","encryptedResponse","alg","enc","kid","encrypt","formBody","URLSearchParams","response","toString","sendLegacyAuthorizationResponse","presentationDefinitionId","remotePresentations","_remotePresentations$","appFetch","fetch","arguments","length","undefined","vp_token","vpToken","map","remotePresentation","descriptor_map","index","id","inputDescriptor","path","format","presentation_submission","v4","definition_id","requestBody","response_uri","method","headers","body","then","res","json","parse","sendAuthorizationResponse","reduce","acc","presentation","credentialId"],"sourceRoot":"../../../../src","sources":["credential/presentation/08-send-authorization-response.ts"],"mappings":"AAAA,SAASA,UAAU,QAAQ,6BAA6B;AACxD,OAAOC,IAAI,MAAM,mBAAmB;AACpC,SAASC,iBAAiB,QAAwB,uBAAuB;AAEzE,SAASC,wCAAwC,QAAQ,UAAU;AACnE,SAASC,gBAAgB,QAAkB,kBAAkB;AAO7D,OAAO,KAAKC,CAAC,MAAM,KAAK;AAKxB,OAAO,MAAMC,qBAAqB,GAAGD,CAAC,CAACE,MAAM,CAAC;EAC5CC,MAAM,EAAEH,CAAC,CAACI,MAAM,CAAC,CAAC,CAACC,QAAQ,CAAC,CAAC;EAC7BC,aAAa,EAAEN,CAAC,CACbI,MAAM,CAAC,CAAC,CAAC;AACd;AACA;AACA;AACA,8BAJc,CAKTC,QAAQ,CAAC,CAAC;EACbE,YAAY,EAAEP,CAAC,CAACI,MAAM,CAAC,CAAC,CAACC,QAAQ,CAAC;AACpC,CAAC,CAAC;;AAEF;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,OAAO,MAAMG,wBAAwB,GACnCC,SAAiC,IACzB;EACR,MAAMC,MAAM,GAAGD,SAAS,CAACE,IAAI,CAAEC,GAAG,IAAKA,GAAG,CAACC,GAAG,KAAK,KAAK,CAAC;EAEzD,IAAIH,MAAM,EAAE;IACV,OAAOA,MAAM;EACf;;EAEA;EACA,MAAM,IAAIZ,wCAAwC,CAChD,8CACF,CAAC;AACH,CAAC;;AAED;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,OAAO,MAAMgB,sBAAsB,GAAG,MAAAA,CACpCC,aAAwD,EACxDC,MAA8D,EAC9DC,OAA8E,KAC1D;EAGpB;EACA,MAAMC,oBAAoB,GAAGC,IAAI,CAACC,SAAS,CAAC;IAC1CC,KAAK,EAAEN,aAAa,CAACM,KAAK;IAC1B,GAAGJ;EACL,CAAC,CAAC;EACF;EACA,MAAM;IAAEK;EAAK,CAAC,GAAGzB,iBAAiB,CAACmB,MAAM,CAAC;EAC1C,MAAMO,YAAY,GAAGf,wBAAwB,CAACc,IAAI,CAAC;;EAEnD;EACA,MAAM;IACJE,oCAAoC;IACpCC;EACF,CAAC,GAAGT,MAAM,CAACU,0BAA0B;EAErC,MAAMC,UAAsB,GAC1BJ,YAAY,CAACK,GAAG,KAAK,IAAI,GAAG,SAAS,GAAG,cAAc;EAExD,MAAMC,iBAAiB,GAAG,MAAM,IAAIlC,UAAU,CAACuB,oBAAoB,EAAE;IACnEY,GAAG,EAAGN,oCAAoC,IAAmBG,UAAU;IACvEI,GAAG,EACAN,oCAAoC,IAAmB,eAAe;IACzEO,GAAG,EAAET,YAAY,CAACS;EACpB,CAAC,CAAC,CAACC,OAAO,CAACV,YAAY,CAAC;;EAExB;EACA,MAAMW,QAAQ,GAAG,IAAIC,eAAe,CAAC;IACnCC,QAAQ,EAAEP,iBAAiB;IAC3B,IAAId,aAAa,CAACM,KAAK,GAAG;MAAEA,KAAK,EAAEN,aAAa,CAACM;IAAM,CAAC,GAAG,CAAC,CAAC;EAC/D,CAAC,CAAC;EACF,OAAOa,QAAQ,CAACG,QAAQ,CAAC,CAAC;AAC5B,CAAC;;AAED;AACA;AACA;AACA;AACA;AACA;;AAWA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,OAAO,MAAMC,+BAAgE,GAC3E,eAAAA,CACEvB,aAAa,EACbwB,wBAAwB,EACxBC,mBAAmB,EACnBxB,MAAM,EAE6B;EAAA,IAAAyB,qBAAA;EAAA,IADnC;IAAEC,QAAQ,GAAGC;EAAM,CAAC,GAAAC,SAAA,CAAAC,MAAA,QAAAD,SAAA,QAAAE,SAAA,GAAAF,SAAA,MAAG,CAAC,CAAC;EAEzB;AACJ;AACA;AACA;AACA;EACI,MAAMG,QAAQ,GACZ,CAAAP,mBAAmB,aAAnBA,mBAAmB,uBAAnBA,mBAAmB,CAAEK,MAAM,MAAK,CAAC,IAAAJ,qBAAA,GAC7BD,mBAAmB,CAAC,CAAC,CAAC,cAAAC,qBAAA,uBAAtBA,qBAAA,CAAwBO,OAAO,GAC/BR,mBAAmB,CAACS,GAAG,CACpBC,kBAAkB,IAAKA,kBAAkB,CAACF,OAC7C,CAAC;EAEP,MAAMG,cAAc,GAAGX,mBAAmB,CAACS,GAAG,CAC5C,CAACC,kBAAkB,EAAEE,KAAK,MAAM;IAC9BC,EAAE,EAAEH,kBAAkB,CAACI,eAAe,CAACD,EAAE;IACzCE,IAAI,EAAEf,mBAAmB,CAACK,MAAM,KAAK,CAAC,GAAI,GAAE,GAAI,KAAIO,KAAM,GAAE;IAC5DI,MAAM,EAAEN,kBAAkB,CAACM;EAC7B,CAAC,CACH,CAAC;EAED,MAAMC,uBAAuB,GAAG;IAC9BJ,EAAE,EAAEzD,IAAI,CAAC8D,EAAE,CAAC,CAAC;IACbC,aAAa,EAAEpB,wBAAwB;IACvCY;EACF,CAAC;EAED,MAAMS,WAAW,GAAG,MAAM9C,sBAAsB,CAACC,aAAa,EAAEC,MAAM,EAAE;IACtE+B,QAAQ;IACRU;EACF,CAAC,CAAC;;EAEF;EACA,OAAO,MAAMf,QAAQ,CAAC3B,aAAa,CAAC8C,YAAY,EAAE;IAChDC,MAAM,EAAE,MAAM;IACdC,OAAO,EAAE;MACP,cAAc,EAAE;IAClB,CAAC;IACDC,IAAI,EAAEJ;EACR,CAAC,CAAC,CACCK,IAAI,CAAClE,gBAAgB,CAAC,GAAG,CAAC,CAAC,CAC3BkE,IAAI,CAAEC,GAAG,IAAKA,GAAG,CAACC,IAAI,CAAC,CAAC,CAAC,CACzBF,IAAI,CAAChE,qBAAqB,CAACmE,KAAK,CAAC;AACtC,CAAC;;AAEH;AACA;AACA;AACA;AACA;;AAUA,OAAO,MAAMC,yBAAoD,GAAG,eAAAA,CAClEtD,aAAa,EACbyB,mBAAmB,EACnBxB,MAAM,EAE6B;EAAA,IADnC;IAAE0B,QAAQ,GAAGC;EAAM,CAAC,GAAAC,SAAA,CAAAC,MAAA,QAAAD,SAAA,QAAAE,SAAA,GAAAF,SAAA,MAAG,CAAC,CAAC;EAEzB;EACA,MAAMgB,WAAW,GAAG,MAAM9C,sBAAsB,CAACC,aAAa,EAAEC,MAAM,EAAE;IACtE+B,QAAQ,EAAEP,mBAAmB,CAAC8B,MAAM,CAClC,CAACC,GAAG,EAAEC,YAAY,MAAM;MACtB,GAAGD,GAAG;MACN,CAACC,YAAY,CAACC,YAAY,GAAGD,YAAY,CAACxB;IAC5C,CAAC,CAAC,EACF,CAAC,CACH;EACF,CAAC,CAAC;;EAEF;EACA,OAAO,MAAMN,QAAQ,CAAC3B,aAAa,CAAC8C,YAAY,EAAE;IAChDC,MAAM,EAAE,MAAM;IACdC,OAAO,EAAE;MACP,cAAc,EAAE;IAClB,CAAC;IACDC,IAAI,EAAEJ;EACR,CAAC,CAAC,CACCK,IAAI,CAAClE,gBAAgB,CAAC,GAAG,CAAC,CAAC,CAC3BkE,IAAI,CAAEC,GAAG,IAAKA,GAAG,CAACC,IAAI,CAAC,CAAC,CAAC,CACzBF,IAAI,CAAChE,qBAAqB,CAACmE,KAAK,CAAC;AACtC,CAAC"}
|
|
@@ -1,3 +1,97 @@
|
|
|
1
|
-
# Credential
|
|
1
|
+
# Credential Presentation
|
|
2
2
|
|
|
3
|
-
|
|
3
|
+
This flow is used for remote presentation, allowing a user with a valid Wallet Instance to remotely present credentials to a Relying Party (Verifier). The presentation flow adheres to the [IT Wallet 0.9.x specification](https://italia.github.io/eid-wallet-it-docs/v0.9.3/en/relying-party-solution.html).
|
|
4
|
+
|
|
5
|
+
The Relying Party provides the Wallet with a Request Object that contains the requested credentials and claims. The Wallet validates the Request Object and asks the user for consent. Then the Wallet creates an encrypted Authorization Response that contains the Verifiable Presentation with the requested data (`vp_token`) and sends it to the Relying Party.
|
|
6
|
+
|
|
7
|
+
## Sequence Diagram
|
|
8
|
+
|
|
9
|
+
```mermaid
|
|
10
|
+
sequenceDiagram
|
|
11
|
+
autonumber
|
|
12
|
+
participant I as User (Wallet Instance)
|
|
13
|
+
participant O as Relying Party (Verifier)
|
|
14
|
+
|
|
15
|
+
O->>+I: QR-CODE: Authorization Request (`request_uri`)
|
|
16
|
+
I->>+O: GET: Verifier's Entity Configuration
|
|
17
|
+
O->>+I: Respond with metadata (including public keys)
|
|
18
|
+
I->>+O: GET: Request Object, resolved from `request_uri`
|
|
19
|
+
O->>+I: Respond with the Request Object
|
|
20
|
+
I->>+I: Validate Request Object and give consent
|
|
21
|
+
I->>+O: POST: Authorization Response with encrypted VP token
|
|
22
|
+
O->>+I: Respond with optional `redirect_uri`
|
|
23
|
+
```
|
|
24
|
+
|
|
25
|
+
## Mapped results
|
|
26
|
+
|
|
27
|
+
|Error|Description|
|
|
28
|
+
|-----|-----------|
|
|
29
|
+
|`ValidationFailed`|The presentation request is not valid, for instance the DCQL query is invalid.|
|
|
30
|
+
|`CredentialsNotFoundError`|The presentation cannot be completed because the Wallet does not contain all requested credentials. The missing credentials can be found in `details`.|
|
|
31
|
+
|
|
32
|
+
|
|
33
|
+
## Examples
|
|
34
|
+
|
|
35
|
+
<details>
|
|
36
|
+
<summary>Remote Presentation flow</summary>
|
|
37
|
+
|
|
38
|
+
**Note:** To successfully complete a remote presentation, the Wallet Instance must be in a valid state with a valid Wallet Instance Attestation.
|
|
39
|
+
|
|
40
|
+
```ts
|
|
41
|
+
// Retrieve and scan the qr-code, decode it and get its parameters
|
|
42
|
+
const qrCodeParams = decodeQrCode(qrCode)
|
|
43
|
+
|
|
44
|
+
// Start the issuance flow
|
|
45
|
+
const {
|
|
46
|
+
request_uri,
|
|
47
|
+
client_id,
|
|
48
|
+
request_uri_method,
|
|
49
|
+
state
|
|
50
|
+
} = Credential.Presentation.startFlowFromQR(qrCodeParams);
|
|
51
|
+
|
|
52
|
+
// Get the Relying Party's Entity Configuration and evaluate trust
|
|
53
|
+
const { rpConf } = await Credential.Presentation.evaluateRelyingPartyTrust(client_id);
|
|
54
|
+
|
|
55
|
+
// Get the Request Object from the RP
|
|
56
|
+
const { requestObjectEncodedJwt } =
|
|
57
|
+
await Credential.Presentation.getRequestObject(request_uri);
|
|
58
|
+
|
|
59
|
+
// Validate the Request Object
|
|
60
|
+
const { requestObject } = await Credential.Presentation.verifyRequestObject(
|
|
61
|
+
requestObjectEncodedJwt,
|
|
62
|
+
{ clientId: client_id, rpConf }
|
|
63
|
+
);
|
|
64
|
+
|
|
65
|
+
// All the credentials that might be requested by the Relying Party
|
|
66
|
+
const credentialsSdJwt = [
|
|
67
|
+
["credential1_keytag", "eyJraWQiOiItRl82VWdhOG4zVmVnalkyVTdZVUhLMXpMb2FELU5QVGM2M1JNSVNuTGF3IiwidHlwIjoidmMrc2Qtand0IiwiYWxnIjoiRVMyNTYifQ.eyJfc2"],
|
|
68
|
+
["credential2_keytag", "eyJ0eXAiOiJ2YytzZC1qd3QiLCJhbGciOiJFUzI1NiIsImtpZCI6Ii1GXzZVZ2E4bjNWZWdqWTJVN1lVSEsxekxvYUQtTlBUYzYzUk1JU25MYXcifQ.ew0KIC"]
|
|
69
|
+
];
|
|
70
|
+
|
|
71
|
+
const result = Credential.Presentation.evaluateDcqlQuery(
|
|
72
|
+
credentialsSdJwt,
|
|
73
|
+
requestObject.dcql_query as DcqlQuery
|
|
74
|
+
);
|
|
75
|
+
|
|
76
|
+
const credentialsToPresent = result.map(
|
|
77
|
+
({ requiredDisclosures, ...rest }) => ({
|
|
78
|
+
...rest,
|
|
79
|
+
requestedClaims: requiredDisclosures.map(([, claimName]) => claimName),
|
|
80
|
+
})
|
|
81
|
+
);
|
|
82
|
+
|
|
83
|
+
const remotePresentations =
|
|
84
|
+
await Credential.Presentation.prepareRemotePresentations(
|
|
85
|
+
credentialsToPresent,
|
|
86
|
+
requestObject.nonce,
|
|
87
|
+
requestObject.client_id
|
|
88
|
+
);
|
|
89
|
+
|
|
90
|
+
const authResponse = await Credential.Presentation.sendAuthorizationResponse(
|
|
91
|
+
requestObject,
|
|
92
|
+
remotePresentations,
|
|
93
|
+
rpConf
|
|
94
|
+
);
|
|
95
|
+
```
|
|
96
|
+
|
|
97
|
+
</details>
|
|
@@ -47,12 +47,11 @@ export class NoSuitableKeysFoundInEntityConfiguration extends IoWalletError {
|
|
|
47
47
|
export class InvalidQRCodeError extends IoWalletError {
|
|
48
48
|
code = "ERR_INVALID_QR_CODE";
|
|
49
49
|
|
|
50
|
-
/**
|
|
51
|
-
|
|
52
|
-
|
|
53
|
-
|
|
54
|
-
|
|
55
|
-
super(message);
|
|
50
|
+
/** Detailed reason for the QR code validation failure. */
|
|
51
|
+
|
|
52
|
+
constructor(reason) {
|
|
53
|
+
super("Invalid QR code");
|
|
54
|
+
this.reason = reason;
|
|
56
55
|
}
|
|
57
56
|
}
|
|
58
57
|
|
|
@@ -87,20 +86,18 @@ export class MissingDataError extends IoWalletError {
|
|
|
87
86
|
super(message);
|
|
88
87
|
}
|
|
89
88
|
}
|
|
90
|
-
|
|
91
89
|
/**
|
|
92
|
-
*
|
|
93
|
-
*
|
|
90
|
+
* Error thrown when one or more credentials cannot be found in the wallet
|
|
91
|
+
* and the presentation request cannot be satisfied.
|
|
94
92
|
*/
|
|
95
|
-
export class
|
|
96
|
-
code = "
|
|
97
|
-
|
|
93
|
+
export class CredentialsNotFoundError extends IoWalletError {
|
|
94
|
+
code = "ERR_CREDENTIALS_NOT_FOUND";
|
|
98
95
|
/**
|
|
99
|
-
* @param
|
|
96
|
+
* @param details The details of the credentials that could not be found.
|
|
100
97
|
*/
|
|
101
|
-
constructor(
|
|
102
|
-
|
|
103
|
-
|
|
98
|
+
constructor(details) {
|
|
99
|
+
super("One or more credentials cannot be found in the wallet");
|
|
100
|
+
this.details = details;
|
|
104
101
|
}
|
|
105
102
|
}
|
|
106
103
|
//# sourceMappingURL=errors.js.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"names":["IoWalletError","serializeAttrs","AuthRequestDecodeError","code","constructor","message","claim","arguments","length","undefined","reason","NoSuitableKeysFoundInEntityConfiguration","scenario","InvalidQRCodeError","
|
|
1
|
+
{"version":3,"names":["IoWalletError","serializeAttrs","AuthRequestDecodeError","code","constructor","message","claim","arguments","length","undefined","reason","NoSuitableKeysFoundInEntityConfiguration","scenario","InvalidQRCodeError","UnverifiedEntityError","MissingDataError","missingAttributes","CredentialsNotFoundError","details"],"sourceRoot":"../../../../src","sources":["credential/presentation/errors.ts"],"mappings":"AAAA,SAASA,aAAa,EAAEC,cAAc,QAAQ,oBAAoB;;AAElE;AACA;AACA;AACA;AACA,OAAO,MAAMC,sBAAsB,SAASF,aAAa,CAAC;EACxDG,IAAI,GAAG,oDAAoD;;EAE3D;;EAGA;;EAGAC,WAAWA,CACTC,OAAe,EAGf;IAAA,IAFAC,KAAa,GAAAC,SAAA,CAAAC,MAAA,QAAAD,SAAA,QAAAE,SAAA,GAAAF,SAAA,MAAG,aAAa;IAAA,IAC7BG,MAAc,GAAAH,SAAA,CAAAC,MAAA,QAAAD,SAAA,QAAAE,SAAA,GAAAF,SAAA,MAAG,aAAa;IAE9B,KAAK,CAACN,cAAc,CAAC;MAAEI,OAAO;MAAEC,KAAK;MAAEI;IAAO,CAAC,CAAC,CAAC;IACjD,IAAI,CAACJ,KAAK,GAAGA,KAAK;IAClB,IAAI,CAACI,MAAM,GAAGA,MAAM;EACtB;AACF;;AAEA;AACA;AACA;AACA;AACA,OAAO,MAAMC,wCAAwC,SAASX,aAAa,CAAC;EAC1EG,IAAI,GAAG,gCAAgC;;EAEvC;AACF;AACA;EACEC,WAAWA,CAACQ,QAAgB,EAAE;IAC5B,MAAMP,OAAO,GAAI,0DAAyDO,QAAS,IAAG;IACtF,KAAK,CAACP,OAAO,CAAC;EAChB;AACF;;AAEA;AACA;AACA;AACA;AACA,OAAO,MAAMQ,kBAAkB,SAASb,aAAa,CAAC;EACpDG,IAAI,GAAG,qBAAqB;;EAE5B;;EAGAC,WAAWA,CAACM,MAAc,EAAE;IAC1B,KAAK,CAAC,iBAAiB,CAAC;IACxB,IAAI,CAACA,MAAM,GAAGA,MAAM;EACtB;AACF;;AAEA;AACA;AACA;AACA;AACA,OAAO,MAAMI,qBAAqB,SAASd,aAAa,CAAC;EACvDG,IAAI,GAAG,0BAA0B;;EAEjC;AACF;AACA;EACEC,WAAWA,CAACM,MAAc,EAAE;IAC1B,MAAML,OAAO,GAAI,sBAAqBK,MAAO,GAAE;IAC/C,KAAK,CAACL,OAAO,CAAC;EAChB;AACF;;AAEA;AACA;AACA;AACA;AACA,OAAO,MAAMU,gBAAgB,SAASf,aAAa,CAAC;EAClDG,IAAI,GAAG,kBAAkB;;EAEzB;AACF;AACA;EACEC,WAAWA,CAACY,iBAAyB,EAAE;IACrC,MAAMX,OAAO,GAAI,kCAAiCW,iBAAkB,GAAE;IACtE,KAAK,CAACX,OAAO,CAAC;EAChB;AACF;AAQA;AACA;AACA;AACA;AACA,OAAO,MAAMY,wBAAwB,SAASjB,aAAa,CAAC;EAC1DG,IAAI,GAAG,2BAA2B;EAGlC;AACF;AACA;EACEC,WAAWA,CAACc,OAAyB,EAAE;IACrC,KAAK,CAAC,uDAAuD,CAAC;IAC9D,IAAI,CAACA,OAAO,GAAGA,OAAO;EACxB;AACF"}
|
|
@@ -4,8 +4,9 @@ import { getRequestObject } from "./03-get-request-object";
|
|
|
4
4
|
import { getJwksFromConfig } from "./04-retrieve-rp-jwks";
|
|
5
5
|
import { verifyRequestObject } from "./05-verify-request-object";
|
|
6
6
|
import { fetchPresentDefinition } from "./06-fetch-presentation-definition";
|
|
7
|
-
import {
|
|
8
|
-
import {
|
|
7
|
+
import { evaluateInputDescriptors, prepareLegacyRemotePresentations } from "./07-evaluate-input-descriptor";
|
|
8
|
+
import { evaluateDcqlQuery, prepareRemotePresentations } from "./07-evaluate-dcql-query";
|
|
9
|
+
import { sendAuthorizationResponse, sendLegacyAuthorizationResponse } from "./08-send-authorization-response";
|
|
9
10
|
import * as Errors from "./errors";
|
|
10
|
-
export { startFlowFromQR, evaluateRelyingPartyTrust, getRequestObject, getJwksFromConfig, verifyRequestObject, fetchPresentDefinition,
|
|
11
|
+
export { startFlowFromQR, evaluateRelyingPartyTrust, getRequestObject, getJwksFromConfig, verifyRequestObject, fetchPresentDefinition, evaluateInputDescriptors, evaluateDcqlQuery, prepareLegacyRemotePresentations, prepareRemotePresentations, sendAuthorizationResponse, sendLegacyAuthorizationResponse, Errors };
|
|
11
12
|
//# sourceMappingURL=index.js.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"names":["startFlowFromQR","evaluateRelyingPartyTrust","getRequestObject","getJwksFromConfig","verifyRequestObject","fetchPresentDefinition","
|
|
1
|
+
{"version":3,"names":["startFlowFromQR","evaluateRelyingPartyTrust","getRequestObject","getJwksFromConfig","verifyRequestObject","fetchPresentDefinition","evaluateInputDescriptors","prepareLegacyRemotePresentations","evaluateDcqlQuery","prepareRemotePresentations","sendAuthorizationResponse","sendLegacyAuthorizationResponse","Errors"],"sourceRoot":"../../../../src","sources":["credential/presentation/index.ts"],"mappings":"AAAA,SAASA,eAAe,QAAwB,iBAAiB;AACjE,SACEC,yBAAyB,QAEpB,wBAAwB;AAC/B,SACEC,gBAAgB,QAEX,yBAAyB;AAChC,SAASC,iBAAiB,QAAwB,uBAAuB;AACzE,SACEC,mBAAmB,QAEd,4BAA4B;AACnC,SACEC,sBAAsB,QAEjB,oCAAoC;AAC3C,SACEC,wBAAwB,EACxBC,gCAAgC,QAG3B,gCAAgC;AACvC,SACEC,iBAAiB,EACjBC,0BAA0B,QAGrB,0BAA0B;AACjC,SACEC,yBAAyB,EAEzBC,+BAA+B,QAE1B,kCAAkC;AACzC,OAAO,KAAKC,MAAM,MAAM,UAAU;AAElC,SACEZ,eAAe,EACfC,yBAAyB,EACzBC,gBAAgB,EAChBC,iBAAiB,EACjBC,mBAAmB,EACnBC,sBAAsB,EACtBC,wBAAwB,EACxBE,iBAAiB,EACjBD,gCAAgC,EAChCE,0BAA0B,EAC1BC,yBAAyB,EACzBC,+BAA+B,EAC/BC,MAAM"}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"names":["UnixTime","z","Fields","object","path","array","string","min","id","optional","purpose","name","filter","any","boolean","intent_to_retain","Constraints","fields","limit_disclosure","enum","InputDescriptor","format","record","constraints","group","SubmissionRequirement","rule","from","from_nested","count","number","PresentationDefinition","input_descriptors","submission_requirements","RequestObject","iss","iat","exp","state","nonce","response_uri","response_uri_method","response_type","literal","response_mode","client_id","dcql_query","scope","presentation_definition","WalletMetadata","presentation_definition_uri_supported","client_id_schemes_supported","request_object_signing_alg_values_supported","vp_formats_supported","RequestObjectWalletCapabilities","wallet_metadata","wallet_nonce","LegacyDirectAuthorizationBodyPayload","vp_token","union","presentation_submission","unknown","DirectAuthorizationBodyPayload"],"sourceRoot":"../../../../src","sources":["credential/presentation/types.ts"],"mappings":"AACA,SAASA,QAAQ,QAAQ,oBAAoB;AAC7C,OAAO,KAAKC,CAAC,MAAM,KAAK;;AAExB;AACA;AACA;;AAOA;AACA;AACA;AACA;AACA;;AAQA;AACA;AACA;AACA;;AAQA,MAAMC,MAAM,GAAGD,CAAC,CAACE,MAAM,CAAC;EACtBC,IAAI,EAAEH,CAAC,CAACI,KAAK,CAACJ,CAAC,CAACK,MAAM,CAAC,CAAC,CAACC,GAAG,CAAC,CAAC,CAAC,CAAC;EAAE;EAClCC,EAAE,EAAEP,CAAC,CAACK,MAAM,CAAC,CAAC,CAACG,QAAQ,CAAC,CAAC;EAAE;EAC3BC,OAAO,EAAET,CAAC,CAACK,MAAM,CAAC,CAAC,CAACG,QAAQ,CAAC,CAAC;EAAE;EAChCE,IAAI,EAAEV,CAAC,CAACK,MAAM,CAAC,CAAC,CAACG,QAAQ,CAAC,CAAC;EAAE;EAC7BG,MAAM,EAAEX,CAAC,CAACY,GAAG,CAAC,CAAC,CAACJ,QAAQ,CAAC,CAAC;EAAE;EAC5BA,QAAQ,EAAER,CAAC,CAACa,OAAO,CAAC,CAAC,CAACL,QAAQ,CAAC,CAAC;EAAE;EAClCM,gBAAgB,EAAEd,CAAC,CAACa,OAAO,CAAC,CAAC,CAACL,QAAQ,CAAC,CAAC,CAAE;AAC5C,CAAC,CAAC;;AAEF;AACA,MAAMO,WAAW,GAAGf,CAAC,CAACE,MAAM,CAAC;EAC3Bc,MAAM,EAAEhB,CAAC,CAACI,KAAK,CAACH,MAAM,CAAC,CAACO,QAAQ,CAAC,CAAC;EAAE;EACpCS,gBAAgB,EAAEjB,CAAC,CAACkB,IAAI,CAAC,CAAC,UAAU,EAAE,WAAW,CAAC,CAAC,CAACV,QAAQ,CAAC,CAAC,CAAE;AAClE,CAAC,CAAC;;AAEF;;AAEA,OAAO,MAAMW,eAAe,GAAGnB,CAAC,CAACE,MAAM,CAAC;EACtCK,EAAE,EAAEP,CAAC,CAACK,MAAM,CAAC,CAAC,CAACC,GAAG,CAAC,CAAC,CAAC;EAAE;EACvBI,IAAI,EAAEV,CAAC,CAACK,MAAM,CAAC,CAAC,CAACG,QAAQ,CAAC,CAAC;EAAE;EAC7BC,OAAO,EAAET,CAAC,CAACK,MAAM,CAAC,CAAC,CAACG,QAAQ,CAAC,CAAC;EAAE;EAChCY,MAAM,EAAEpB,CAAC,CAACqB,MAAM,CAACrB,CAAC,CAACK,MAAM,CAAC,CAAC,EAAEL,CAAC,CAACY,GAAG,CAAC,CAAC,CAAC,CAACJ,QAAQ,CAAC,CAAC;EAAE;EAClDc,WAAW,EAAEP,WAAW;EAAE;EAC1BQ,KAAK,EAAEvB,CAAC,CAACK,MAAM,CAAC,CAAC,CAACG,QAAQ,CAAC,CAAC,CAAE;AAChC,CAAC,CAAC;;AAEF,MAAMgB,qBAAqB,GAAGxB,CAAC,CAACE,MAAM,CAAC;EACrCQ,IAAI,EAAEV,CAAC,CAACK,MAAM,CAAC,CAAC,CAACG,QAAQ,CAAC,CAAC;EAC3BC,OAAO,EAAET,CAAC,CAACK,MAAM,CAAC,CAAC,CAACG,QAAQ,CAAC,CAAC;EAC9BiB,IAAI,EAAEzB,CAAC,CAACK,MAAM,CAAC,CAAC;EAAE;EAClBqB,IAAI,EAAE1B,CAAC,CAACK,MAAM,CAAC,CAAC,CAACG,QAAQ,CAAC,CAAC;EAAE;EAC7BmB,WAAW,EAAE3B,CAAC,CACXI,KAAK,CACJJ,CAAC,CAACE,MAAM,CAAC;IACPQ,IAAI,EAAEV,CAAC,CAACK,MAAM,CAAC,CAAC,CAACG,QAAQ,CAAC,CAAC;IAC3BC,OAAO,EAAET,CAAC,CAACK,MAAM,CAAC,CAAC,CAACG,QAAQ,CAAC,CAAC;IAC9BiB,IAAI,EAAEzB,CAAC,CAACK,MAAM,CAAC,CAAC;IAChBqB,IAAI,EAAE1B,CAAC,CAACK,MAAM,CAAC;EACjB,CAAC,CACH,CAAC,CACAG,QAAQ,CAAC,CAAC;EACboB,KAAK,EAAE5B,CAAC,CAAC6B,MAAM,CAAC,CAAC,CAACrB,QAAQ,CAAC;EAC3B;AACF,CAAC,CAAC;;AAGF,OAAO,MAAMsB,sBAAsB,GAAG9B,CAAC,CAACE,MAAM,CAAC;EAC7CK,EAAE,EAAEP,CAAC,CAACK,MAAM,CAAC,CAAC;EACdK,IAAI,EAAEV,CAAC,CAACK,MAAM,CAAC,CAAC,CAACG,QAAQ,CAAC,CAAC;EAC3BC,OAAO,EAAET,CAAC,CAACK,MAAM,CAAC,CAAC,CAACG,QAAQ,CAAC,CAAC;EAC9BuB,iBAAiB,EAAE/B,CAAC,CAACI,KAAK,CAACe,eAAe,CAAC;EAC3Ca,uBAAuB,EAAEhC,CAAC,CAACI,KAAK,CAACoB,qBAAqB,CAAC,CAAChB,QAAQ,CAAC;AACnE,CAAC,CAAC;AAGF,OAAO,MAAMyB,aAAa,GAAGjC,CAAC,CAACE,MAAM,CAAC;EACpCgC,GAAG,EAAElC,CAAC,CAACK,MAAM,CAAC,CAAC;EACf8B,GAAG,EAAEpC,QAAQ;EACbqC,GAAG,EAAErC,QAAQ;EACbsC,KAAK,EAAErC,CAAC,CAACK,MAAM,CAAC,CAAC;
|
|
1
|
+
{"version":3,"names":["UnixTime","z","Fields","object","path","array","string","min","id","optional","purpose","name","filter","any","boolean","intent_to_retain","Constraints","fields","limit_disclosure","enum","InputDescriptor","format","record","constraints","group","SubmissionRequirement","rule","from","from_nested","count","number","PresentationDefinition","input_descriptors","submission_requirements","RequestObject","iss","iat","exp","state","nonce","response_uri","response_uri_method","response_type","literal","response_mode","client_id","dcql_query","scope","presentation_definition","WalletMetadata","presentation_definition_uri_supported","client_id_schemes_supported","request_object_signing_alg_values_supported","vp_formats_supported","RequestObjectWalletCapabilities","wallet_metadata","wallet_nonce","LegacyDirectAuthorizationBodyPayload","vp_token","union","presentation_submission","unknown","DirectAuthorizationBodyPayload"],"sourceRoot":"../../../../src","sources":["credential/presentation/types.ts"],"mappings":"AACA,SAASA,QAAQ,QAAQ,oBAAoB;AAC7C,OAAO,KAAKC,CAAC,MAAM,KAAK;;AAExB;AACA;AACA;;AAOA;AACA;AACA;AACA;AACA;;AAQA;AACA;AACA;AACA;;AAQA,MAAMC,MAAM,GAAGD,CAAC,CAACE,MAAM,CAAC;EACtBC,IAAI,EAAEH,CAAC,CAACI,KAAK,CAACJ,CAAC,CAACK,MAAM,CAAC,CAAC,CAACC,GAAG,CAAC,CAAC,CAAC,CAAC;EAAE;EAClCC,EAAE,EAAEP,CAAC,CAACK,MAAM,CAAC,CAAC,CAACG,QAAQ,CAAC,CAAC;EAAE;EAC3BC,OAAO,EAAET,CAAC,CAACK,MAAM,CAAC,CAAC,CAACG,QAAQ,CAAC,CAAC;EAAE;EAChCE,IAAI,EAAEV,CAAC,CAACK,MAAM,CAAC,CAAC,CAACG,QAAQ,CAAC,CAAC;EAAE;EAC7BG,MAAM,EAAEX,CAAC,CAACY,GAAG,CAAC,CAAC,CAACJ,QAAQ,CAAC,CAAC;EAAE;EAC5BA,QAAQ,EAAER,CAAC,CAACa,OAAO,CAAC,CAAC,CAACL,QAAQ,CAAC,CAAC;EAAE;EAClCM,gBAAgB,EAAEd,CAAC,CAACa,OAAO,CAAC,CAAC,CAACL,QAAQ,CAAC,CAAC,CAAE;AAC5C,CAAC,CAAC;;AAEF;AACA,MAAMO,WAAW,GAAGf,CAAC,CAACE,MAAM,CAAC;EAC3Bc,MAAM,EAAEhB,CAAC,CAACI,KAAK,CAACH,MAAM,CAAC,CAACO,QAAQ,CAAC,CAAC;EAAE;EACpCS,gBAAgB,EAAEjB,CAAC,CAACkB,IAAI,CAAC,CAAC,UAAU,EAAE,WAAW,CAAC,CAAC,CAACV,QAAQ,CAAC,CAAC,CAAE;AAClE,CAAC,CAAC;;AAEF;;AAEA,OAAO,MAAMW,eAAe,GAAGnB,CAAC,CAACE,MAAM,CAAC;EACtCK,EAAE,EAAEP,CAAC,CAACK,MAAM,CAAC,CAAC,CAACC,GAAG,CAAC,CAAC,CAAC;EAAE;EACvBI,IAAI,EAAEV,CAAC,CAACK,MAAM,CAAC,CAAC,CAACG,QAAQ,CAAC,CAAC;EAAE;EAC7BC,OAAO,EAAET,CAAC,CAACK,MAAM,CAAC,CAAC,CAACG,QAAQ,CAAC,CAAC;EAAE;EAChCY,MAAM,EAAEpB,CAAC,CAACqB,MAAM,CAACrB,CAAC,CAACK,MAAM,CAAC,CAAC,EAAEL,CAAC,CAACY,GAAG,CAAC,CAAC,CAAC,CAACJ,QAAQ,CAAC,CAAC;EAAE;EAClDc,WAAW,EAAEP,WAAW;EAAE;EAC1BQ,KAAK,EAAEvB,CAAC,CAACK,MAAM,CAAC,CAAC,CAACG,QAAQ,CAAC,CAAC,CAAE;AAChC,CAAC,CAAC;;AAEF,MAAMgB,qBAAqB,GAAGxB,CAAC,CAACE,MAAM,CAAC;EACrCQ,IAAI,EAAEV,CAAC,CAACK,MAAM,CAAC,CAAC,CAACG,QAAQ,CAAC,CAAC;EAC3BC,OAAO,EAAET,CAAC,CAACK,MAAM,CAAC,CAAC,CAACG,QAAQ,CAAC,CAAC;EAC9BiB,IAAI,EAAEzB,CAAC,CAACK,MAAM,CAAC,CAAC;EAAE;EAClBqB,IAAI,EAAE1B,CAAC,CAACK,MAAM,CAAC,CAAC,CAACG,QAAQ,CAAC,CAAC;EAAE;EAC7BmB,WAAW,EAAE3B,CAAC,CACXI,KAAK,CACJJ,CAAC,CAACE,MAAM,CAAC;IACPQ,IAAI,EAAEV,CAAC,CAACK,MAAM,CAAC,CAAC,CAACG,QAAQ,CAAC,CAAC;IAC3BC,OAAO,EAAET,CAAC,CAACK,MAAM,CAAC,CAAC,CAACG,QAAQ,CAAC,CAAC;IAC9BiB,IAAI,EAAEzB,CAAC,CAACK,MAAM,CAAC,CAAC;IAChBqB,IAAI,EAAE1B,CAAC,CAACK,MAAM,CAAC;EACjB,CAAC,CACH,CAAC,CACAG,QAAQ,CAAC,CAAC;EACboB,KAAK,EAAE5B,CAAC,CAAC6B,MAAM,CAAC,CAAC,CAACrB,QAAQ,CAAC;EAC3B;AACF,CAAC,CAAC;;AAGF,OAAO,MAAMsB,sBAAsB,GAAG9B,CAAC,CAACE,MAAM,CAAC;EAC7CK,EAAE,EAAEP,CAAC,CAACK,MAAM,CAAC,CAAC;EACdK,IAAI,EAAEV,CAAC,CAACK,MAAM,CAAC,CAAC,CAACG,QAAQ,CAAC,CAAC;EAC3BC,OAAO,EAAET,CAAC,CAACK,MAAM,CAAC,CAAC,CAACG,QAAQ,CAAC,CAAC;EAC9BuB,iBAAiB,EAAE/B,CAAC,CAACI,KAAK,CAACe,eAAe,CAAC;EAC3Ca,uBAAuB,EAAEhC,CAAC,CAACI,KAAK,CAACoB,qBAAqB,CAAC,CAAChB,QAAQ,CAAC;AACnE,CAAC,CAAC;AAGF,OAAO,MAAMyB,aAAa,GAAGjC,CAAC,CAACE,MAAM,CAAC;EACpCgC,GAAG,EAAElC,CAAC,CAACK,MAAM,CAAC,CAAC;EACf8B,GAAG,EAAEpC,QAAQ;EACbqC,GAAG,EAAErC,QAAQ;EACbsC,KAAK,EAAErC,CAAC,CAACK,MAAM,CAAC,CAAC,CAACG,QAAQ,CAAC,CAAC;EAC5B8B,KAAK,EAAEtC,CAAC,CAACK,MAAM,CAAC,CAAC;EACjBkC,YAAY,EAAEvC,CAAC,CAACK,MAAM,CAAC,CAAC;EACxBmC,mBAAmB,EAAExC,CAAC,CAACK,MAAM,CAAC,CAAC,CAACG,QAAQ,CAAC,CAAC;EAC1CiC,aAAa,EAAEzC,CAAC,CAAC0C,OAAO,CAAC,UAAU,CAAC;EACpCC,aAAa,EAAE3C,CAAC,CAAC0C,OAAO,CAAC,iBAAiB,CAAC;EAC3CE,SAAS,EAAE5C,CAAC,CAACK,MAAM,CAAC,CAAC;EACrBwC,UAAU,EAAE7C,CAAC,CAACqB,MAAM,CAACrB,CAAC,CAACK,MAAM,CAAC,CAAC,EAAEL,CAAC,CAACY,GAAG,CAAC,CAAC,CAAC,CAACJ,QAAQ,CAAC,CAAC;EAAE;EACtDsC,KAAK,EAAE9C,CAAC,CAACK,MAAM,CAAC,CAAC,CAACG,QAAQ,CAAC,CAAC;EAC5BuC,uBAAuB,EAAEjB,sBAAsB,CAACtB,QAAQ,CAAC;AAC3D,CAAC,CAAC;AAGF,OAAO,MAAMwC,cAAc,GAAGhD,CAAC,CAACE,MAAM,CAAC;EACrC+C,qCAAqC,EAAEjD,CAAC,CAACa,OAAO,CAAC,CAAC,CAACL,QAAQ,CAAC,CAAC;EAC7D0C,2BAA2B,EAAElD,CAAC,CAACI,KAAK,CAACJ,CAAC,CAACK,MAAM,CAAC,CAAC,CAAC,CAACG,QAAQ,CAAC,CAAC;EAC3D2C,2CAA2C,EAAEnD,CAAC,CAACI,KAAK,CAACJ,CAAC,CAACK,MAAM,CAAC,CAAC,CAAC,CAACG,QAAQ,CAAC,CAAC;EAC3E4C,oBAAoB,EAAEpD,CAAC,CAACqB,MAAM,CAC5BrB,CAAC,CAACK,MAAM,CAAC,CAAC;EAAE;EACZL,CAAC,CAACE,MAAM,CAAC;IACP,mBAAmB,EAAEF,CAAC,CAACI,KAAK,CAACJ,CAAC,CAACK,MAAM,CAAC,CAAC,CAAC,CAACG,QAAQ,CAAC,CAAC,CAAE;EACvD,CAAC,CACH;EACA;AACF,CAAC,CAAC;;AAEF;AACA;AACA;AACA;;AAIA,OAAO,MAAM6C,+BAA+B,GAAGrD,CAAC,CAACE,MAAM,CAAC;EACtDoD,eAAe,EAAEN,cAAc;EAC/BO,YAAY,EAAEvD,CAAC,CAACK,MAAM,CAAC,CAAC,CAACG,QAAQ,CAAC;AACpC,CAAC,CAAC;;AAEF;AACA;AACA;AACA;;AAIA;AACA;AACA;AACA,OAAO,MAAMgD,oCAAoC,GAAGxD,CAAC,CAACE,MAAM,CAAC;EAC3DuD,QAAQ,EAAEzD,CAAC,CAAC0D,KAAK,CAAC,CAAC1D,CAAC,CAACK,MAAM,CAAC,CAAC,EAAEL,CAAC,CAACI,KAAK,CAACJ,CAAC,CAACK,MAAM,CAAC,CAAC,CAAC,CAAC,CAAC,CAACG,QAAQ,CAAC,CAAC;EAC/DmD,uBAAuB,EAAE3D,CAAC,CAACqB,MAAM,CAACrB,CAAC,CAACK,MAAM,CAAC,CAAC,EAAEL,CAAC,CAAC4D,OAAO,CAAC,CAAC;AAC3D,CAAC,CAAC;;AAEF;AACA;AACA;;AAIA,OAAO,MAAMC,8BAA8B,GAAG7D,CAAC,CAACE,MAAM,CAAC;EACrDuD,QAAQ,EAAEzD,CAAC,CAACqB,MAAM,CAACrB,CAAC,CAACK,MAAM,CAAC,CAAC,EAAEL,CAAC,CAACK,MAAM,CAAC,CAAC;AAC3C,CAAC,CAAC"}
|