@pagopa/io-react-native-wallet 0.4.3 → 0.5.0

package/lib/module/pid/issuing.js

@@ -1,46 +1,46 @@
-import { decode as decodeJwt, verify as verifyJwt, sha256ToBase64 } from "@pagopa/io-react-native-jwt";
-import { SignJWT, thumbprint } from "@pagopa/io-react-native-jwt";
+import { sha256ToBase64, SignJWT, thumbprint } from "@pagopa/io-react-native-jwt";
 import { JWK } from "../utils/jwk";
 import uuid from "react-native-uuid";
-import { PidIssuingError, PidMetadataError } from "../utils/errors";
-import { getUnsignedDPop } from "../utils/dpop";
-import { sign, generate, deleteKey } from "@pagopa/io-react-native-crypto";
+import { PidIssuingError } from "../utils/errors";
+import { createDPopToken } from "../utils/dpop";
 import { PidIssuerEntityConfiguration } from "./metadata";
-import { fixBase64EncodingOnKey } from "./../utils/jwk";
-
+import { createCryptoContextFor, getEntityConfiguration as getGenericEntityConfiguration } from "..";
+import { generate, deleteKey } from "@pagopa/io-react-native-crypto";
+import { SdJwt } from ".";
 // This is a temporary type that will be used for demo purposes only
 
-export class Issuing {
-  constructor(pidProviderBaseUrl, walletProviderBaseUrl, walletInstanceAttestation, clientId) {
-    let appFetch = arguments.length > 4 && arguments[4] !== undefined ? arguments[4] : fetch;
-    this.pidProviderBaseUrl = pidProviderBaseUrl;
-    this.walletProviderBaseUrl = walletProviderBaseUrl;
-    this.state = `${uuid.v4()}`;
-    this.codeVerifier = `${uuid.v4()}`;
-    this.authorizationCode = `${uuid.v4()}`;
-    this.walletInstanceAttestation = walletInstanceAttestation;
-    this.clientId = clientId;
-    this.appFetch = appFetch;
-  }
+/**
+ * Obtain the PID provider entity configuration.
+ */
+export const getEntityConfiguration = function () {
+  let {
+    appFetch = fetch
+  } = arguments.length > 0 && arguments[0] !== undefined ? arguments[0] : {};
+  return async relyingPartyBaseUrl => {
+    return getGenericEntityConfiguration(relyingPartyBaseUrl, {
+      appFetch: appFetch
+    }).then(PidIssuerEntityConfiguration.parse);
+  };
+};
 
-  /**
-   * Return the unsigned jwt to call the PAR request.
-   *
-   * @function
-   * @param jwk The wallet instance attestation public JWK
-   *
-   * @returns Unsigned jwt
-   *
-   */
-  async getUnsignedJwtForPar(jwk) {
-    const parsedJwk = JWK.parse(jwk);
-    const keyThumbprint = await thumbprint(parsedJwk);
-    const publicKey = {
-      ...parsedJwk,
+/**
+ * Make a PAR request to the PID issuer and return the response url
+ */
+const getPar = _ref => {
+  let {
+    wiaCryptoContext,
+    appFetch = fetch
+  } = _ref;
+  return async (clientId, codeVerifier, walletProviderBaseUrl, pidProviderEntityConfiguration, walletInstanceAttestation) => {
+    // Calculate the thumbprint of the public key of the Wallet Instance Attestation.
+    // The PAR request token is signed used the Wallet Instance Attestation key.
+    // The signature can be verified by reading the public key from the key set shippet with the it will ship the Wallet Instance Attestation;
+    //  key is matched by its kid, which is supposed to be the thumbprint of its public key.
+    const keyThumbprint = await wiaCryptoContext.getPublicKey().then(JWK.parse).then(thumbprint);
+    const codeChallenge = await sha256ToBase64(codeVerifier);
+    const signedJwtForPar = await new SignJWT(wiaCryptoContext).setProtectedHeader({
       kid: keyThumbprint
-    };
-    const codeChallenge = await sha256ToBase64(this.codeVerifier);
-    const unsignedJwtForPar = new SignJWT({
+    }).setPayload({
       client_assertion_type: "urn:ietf:params:oauth:client-assertion-type:jwt-bearer",
       authorization_details: [{
         credentialDefinition: {
@@ -51,42 +51,23 @@ export class Issuing {
       }],
       response_type: "code",
       code_challenge_method: "s256",
-      redirect_uri: this.walletProviderBaseUrl,
-      state: this.state,
-      client_id: this.clientId,
+      redirect_uri: walletProviderBaseUrl,
+      state: `${uuid.v4()}`,
+      client_id: clientId,
       code_challenge: codeChallenge
-    }).setProtectedHeader({
-      alg: "ES256",
-      kid: publicKey.kid
-    }).setIssuedAt().setExpirationTime("1h").toSign();
-    return unsignedJwtForPar;
-  }
-
-  /**
-   * Make a PAR request to the PID issuer and return the response url
-   *
-   * @function
-   * @param unsignedJwtForPar The unsigned JWT for PAR
-   * @param signature The JWT for PAR signature
-   *
-   * @returns Unsigned PAR url
-   *
-   */
-  async getPar(unsignedJwtForPar, signature) {
-    const codeChallenge = await sha256ToBase64(this.codeVerifier);
-    const signedJwtForPar = await SignJWT.appendSignature(unsignedJwtForPar, signature);
-    const parUrl = new URL("/as/par", this.pidProviderBaseUrl).href;
+    }).setIssuedAt().setExpirationTime("1h").sign();
+    const parUrl = pidProviderEntityConfiguration.payload.metadata.openid_credential_issuer.pushed_authorization_request_endpoint;
     const requestBody = {
       response_type: "code",
-      client_id: this.clientId,
+      client_id: clientId,
       code_challenge: codeChallenge,
       code_challenge_method: "S256",
       client_assertion_type: "urn:ietf:params:oauth:client-assertion-type:jwt-bearer",
-      client_assertion: this.walletInstanceAttestation,
+      client_assertion: walletInstanceAttestation,
       request: signedJwtForPar
     };
     var formBody = new URLSearchParams(requestBody);
-    const response = await this.appFetch(parUrl, {
+    const response = await appFetch(parUrl, {
       method: "POST",
       headers: {
         "Content-Type": "application/x-www-form-urlencoded"
@@ -98,55 +79,56 @@ export class Issuing {
       return result.request_uri;
     }
     throw new PidIssuingError(`Unable to obtain PAR. Response code: ${await response.text()}`);
-  }
+  };
+};
+
+/**
+ * Start the issuing flow by generating an authorization request to the PID Provider. Obtain from the PID Provider an access token to be used to complete the issuing flow.
+ *
+ * @param params.wiaCryptoContext The key pair associated with the WIA. Will be use to prove the ownership of the attestation.
+ * @param params.appFetch (optional) Http client
+ * @param walletInstanceAttestation Wallet Instance Attestation token.
+ * @param walletProviderBaseUrl Base url for the Wallet Provider
+ * @param pidProviderEntityConfiguration The Entity Configuration of the PID Provider, from which discover public endooints.
+ * @returns The access token along with the values that identify the issuing session.
+ */
+export const authorizeIssuing = _ref2 => {
+  let {
+    wiaCryptoContext,
+    appFetch = fetch
+  } = _ref2;
+  return async (walletInstanceAttestation, walletProviderBaseUrl, pidProviderEntityConfiguration) => {
+    // FIXME: do better
+    const clientId = await wiaCryptoContext.getPublicKey().then(_ => _.kid);
+    const codeVerifier = `${uuid.v4()}`;
+    const authorizationCode = `${uuid.v4()}`;
+    const tokenUrl = pidProviderEntityConfiguration.payload.metadata.openid_credential_issuer.token_endpoint;
+    await getPar({
+      wiaCryptoContext,
+      appFetch
+    })(clientId, codeVerifier, walletProviderBaseUrl, pidProviderEntityConfiguration, walletInstanceAttestation);
 
-  /**
-   * Return the unsigned jwt for a generic DPoP
-   *
-   * @function
-   * @param jwk the public key for which the DPoP is to be created
-   *
-   * @returns Unsigned JWT for DPoP
-   *
-   */
-  async getUnsignedDPoP(jwk) {
-    const tokenUrl = new URL("/token", this.pidProviderBaseUrl).href;
-    const dPop = getUnsignedDPop(fixBase64EncodingOnKey(jwk), {
+    // Use an ephemeral key to be destroyed after use
+    const keytag = `ephemeral-${uuid.v4()}`;
+    await generate(keytag);
+    const ephemeralContext = createCryptoContextFor(keytag);
+    const signedDPop = await createDPopToken({
       htm: "POST",
       htu: tokenUrl,
       jti: `${uuid.v4()}`
-    });
-    return dPop;
-  }
-
-  /**
-   * Make an auth token request to the PID issuer
-   *
-   * @function
-   * @returns a token response
-   *
-   */
-  async getAuthToken() {
-    //Generate fresh keys for DPoP
-    const dPopKeyTag = `${uuid.v4()}`;
-    const dPopKey = await generate(dPopKeyTag);
-    const unsignedDPopForToken = await this.getUnsignedDPoP(dPopKey);
-    const dPopTokenSignature = await sign(unsignedDPopForToken, dPopKeyTag);
-    await deleteKey(dPopKeyTag);
-    const signedDPop = await SignJWT.appendSignature(unsignedDPopForToken, dPopTokenSignature);
-    const decodedJwtDPop = decodeJwt(signedDPop);
-    const tokenUrl = decodedJwtDPop.payload.htu;
+    }, ephemeralContext);
+    await deleteKey(keytag);
     const requestBody = {
       grant_type: "authorization code",
-      client_id: this.clientId,
-      code: this.authorizationCode,
-      code_verifier: this.codeVerifier,
+      client_id: clientId,
+      code: authorizationCode,
+      code_verifier: codeVerifier,
       client_assertion_type: "urn:ietf:params:oauth:client-assertion-type:jwt-bearer",
-      client_assertion: this.walletInstanceAttestation,
-      redirect_uri: this.walletProviderBaseUrl
+      client_assertion: walletInstanceAttestation,
+      redirect_uri: walletProviderBaseUrl
     };
     var formBody = new URLSearchParams(requestBody);
-    const response = await this.appFetch(tokenUrl, {
+    const response = await appFetch(tokenUrl, {
       method: "POST",
       headers: {
         "Content-Type": "application/x-www-form-urlencoded",
@@ -155,48 +137,62 @@ export class Issuing {
       body: formBody.toString()
     });
     if (response.status === 200) {
-      return await response.json();
+      const {
+        c_nonce,
+        access_token
+      } = await response.json();
+      return {
+        accessToken: access_token,
+        nonce: c_nonce,
+        clientId,
+        codeVerifier,
+        authorizationCode,
+        walletProviderBaseUrl
+      };
     }
     throw new PidIssuingError(`Unable to obtain token. Response code: ${await response.text()}`);
-  }
+  };
+};
 
-  /**
-   * Return the unsigned jwt for nonce proof of possession
-   *
-   * @function
-   * @param nonce the nonce
-   *
-   * @returns Unsigned JWT for nonce proof
-   *
-   */
-  async getUnsignedNonceProof(nonce) {
-    const unsignedProof = new SignJWT({
-      nonce
-    }).setProtectedHeader({
-      alg: "ES256",
-      type: "openid4vci-proof+jwt"
-    }).setAudience(this.walletProviderBaseUrl).setIssuer(this.clientId).setIssuedAt().setExpirationTime("1h").toSign();
-    return unsignedProof;
-  }
+/**
+ * Return the signed jwt for nonce proof of possession
+ */
+const createNonceProof = async (nonce, issuer, audience, ctx) => {
+  return new SignJWT(ctx).setPayload({
+    nonce
+  }).setProtectedHeader({
+    type: "openid4vci-proof+jwt"
+  }).setAudience(audience).setIssuer(issuer).setIssuedAt().setExpirationTime("1h").sign();
+};
 
-  /**
-   * Make the credential issuing request to the PID issuer
-   *
-   * @function
-   * @param unsignedDPopForPid The unsigned JWT for PID DPoP
-   * @param dPopPidSignature The JWT for PID DPoP signature
-   * @param unsignedNonceProof The unsigned JWT for nonce proof
-   * @param nonceProofSignature The JWT for nonce proof signature
-   * @param accessToken The access token obtained with getAuthToken
-   * @param cieData Personal data read by the CIE
-   *
-   * @returns a credential
-   *
-   */
-  async getCredential(unsignedDPopForPid, dPopPidSignature, unsignedNonceProof, nonceProofSignature, accessToken, cieData) {
-    const signedDPopForPid = await SignJWT.appendSignature(unsignedDPopForPid, dPopPidSignature);
-    const signedNonceProof = await SignJWT.appendSignature(unsignedNonceProof, nonceProofSignature);
-    const credentialUrl = new URL("/credential", this.pidProviderBaseUrl).href;
+/**
+ * Complete the issuing flow and get the PID credential.
+ *
+ * @param params.pidCryptoContext The key pair associated with the PID. Will be use to prove the ownership of the credential.
+ * @param params.appFetch (optional) Http client
+ * @param authConf The authorization configuration retrieved with the access token
+ * @param cieData Data red from the CIE login process
+ * @returns The PID credential token
+ */
+export const getCredential = _ref3 => {
+  let {
+    pidCryptoContext,
+    appFetch = fetch
+  } = _ref3;
+  return async (_ref4, pidProviderEntityConfiguration, cieData) => {
+    let {
+      nonce,
+      accessToken,
+      clientId,
+      walletProviderBaseUrl
+    } = _ref4;
+    const signedDPopForPid = await createDPopToken({
+      htm: "POST",
+      htu: pidProviderEntityConfiguration.payload.metadata.openid_credential_issuer.token_endpoint,
+      jti: `${uuid.v4()}`
+    }, pidCryptoContext);
+    const signedNonceProof = await createNonceProof(nonce, clientId, walletProviderBaseUrl, pidCryptoContext);
+    const credentialUrl = pidProviderEntityConfiguration.payload.metadata.openid_credential_issuer.credential_endpoint;
     const requestBody = {
       credential_definition: JSON.stringify({
         type: ["eu.eudiw.pid.it"]
@@ -209,7 +205,7 @@ export class Issuing {
       })
     };
     const formBody = new URLSearchParams(requestBody);
-    const response = await this.appFetch(credentialUrl, {
+    const response = await appFetch(credentialUrl, {
       method: "POST",
       headers: {
         "Content-Type": "application/x-www-form-urlencoded",
@@ -219,36 +215,19 @@ export class Issuing {
       body: formBody.toString()
     });
     if (response.status === 200) {
-      return await response.json();
-    }
-    throw new PidIssuingError(`Unable to obtain credential!`);
-  }
-
-  /**
-   * Obtain the PID issuer metadata
-   *
-   * @function
-   * @returns PID issuer metadata
-   *
-   */
-  async getEntityConfiguration() {
-    const metadataUrl = new URL("ci/.well-known/openid-federation", this.pidProviderBaseUrl).href;
-    const response = await this.appFetch(metadataUrl);
-    if (response.status === 200) {
-      const jwtMetadata = await response.text();
-      const {
-        payload
-      } = decodeJwt(jwtMetadata);
-      const result = PidIssuerEntityConfiguration.safeParse(payload);
-      if (result.success) {
-        const parsedMetadata = result.data;
-        await verifyJwt(jwtMetadata, parsedMetadata.jwks.keys);
-        return parsedMetadata;
-      } else {
-        throw new PidMetadataError(result.error.message);
-      }
+      const pidResponse = await response.json();
+      await validatePid(pidResponse.credential, pidCryptoContext);
+      return pidResponse;
     }
-    throw new PidMetadataError(`Unable to obtain PID metadata. Response: ${await response.text()} with status: ${response.status}`);
+    throw new PidIssuingError(`Unable to obtain credential! url=${credentialUrl} status=${response.status} body=${await response.text()}`);
+  };
+};
+const validatePid = async (pidJwt, pidCryptoContext) => {
+  const decoded = SdJwt.decode(pidJwt);
+  const pidKey = await pidCryptoContext.getPublicKey();
+  const holderBindedKey = decoded.sdJwt.payload.cnf.jwk;
+  if ((await thumbprint(pidKey)) !== (await thumbprint(holderBindedKey))) {
+    throw new PidIssuingError(`The obtained pid does not seem to be valid according to your configuration. Your PID public key is: ${JSON.stringify(pidKey)} but PID holder binded key is: ${JSON.stringify(holderBindedKey)}`);
   }
-}
+};
 //# sourceMappingURL=issuing.js.map

package/lib/module/pid/issuing.js.map

@@ -1 +1 @@
-{"version":3,"names":["decode","decodeJwt","verify","verifyJwt","sha256ToBase64","SignJWT","thumbprint","JWK","uuid","PidIssuingError","PidMetadataError","getUnsignedDPop","sign","generate","deleteKey","PidIssuerEntityConfiguration","fixBase64EncodingOnKey","Issuing","constructor","pidProviderBaseUrl","walletProviderBaseUrl","walletInstanceAttestation","clientId","appFetch","arguments","length","undefined","fetch","state","v4","codeVerifier","authorizationCode","getUnsignedJwtForPar","jwk","parsedJwk","parse","keyThumbprint","publicKey","kid","codeChallenge","unsignedJwtForPar","client_assertion_type","authorization_details","credentialDefinition","type","format","response_type","code_challenge_method","redirect_uri","client_id","code_challenge","setProtectedHeader","alg","setIssuedAt","setExpirationTime","toSign","getPar","signature","signedJwtForPar","appendSignature","parUrl","URL","href","requestBody","client_assertion","request","formBody","URLSearchParams","response","method","headers","body","toString","status","result","json","request_uri","text","getUnsignedDPoP","tokenUrl","dPop","htm","htu","jti","getAuthToken","dPopKeyTag","dPopKey","unsignedDPopForToken","dPopTokenSignature","signedDPop","decodedJwtDPop","payload","grant_type","code","code_verifier","DPoP","getUnsignedNonceProof","nonce","unsignedProof","setAudience","setIssuer","getCredential","unsignedDPopForPid","dPopPidSignature","unsignedNonceProof","nonceProofSignature","accessToken","cieData","signedDPopForPid","signedNonceProof","credentialUrl","credential_definition","JSON","stringify","proof","jwt","proof_type","Authorization","getEntityConfiguration","metadataUrl","jwtMetadata","safeParse","success","parsedMetadata","data","jwks","keys","error","message"],"sourceRoot":"../../../src","sources":["pid/issuing.ts"],"mappings":"AAAA,SACEA,MAAM,IAAIC,SAAS,EACnBC,MAAM,IAAIC,SAAS,EACnBC,cAAc,QACT,6BAA6B;AAEpC,SAASC,OAAO,EAAEC,UAAU,QAAQ,6BAA6B;AACjE,SAASC,GAAG,QAAQ,cAAc;AAClC,OAAOC,IAAI,MAAM,mBAAmB;AACpC,SAASC,eAAe,EAAEC,gBAAgB,QAAQ,iBAAiB;AACnE,SAASC,eAAe,QAAQ,eAAe;AAC/C,SAASC,IAAI,EAAEC,QAAQ,EAAEC,SAAS,QAAQ,gCAAgC;AAC1E,SAASC,4BAA4B,QAAQ,YAAY;AACzD,SAASC,sBAAsB,QAAQ,gBAAgB;;AAEvD;;AAgBA,OAAO,MAAMC,OAAO,CAAC;EAUnBC,WAAWA,CACTC,kBAA0B,EAC1BC,qBAA6B,EAC7BC,yBAAiC,EACjCC,QAAgB,EAEhB;IAAA,IADAC,QAA8B,GAAAC,SAAA,CAAAC,MAAA,QAAAD,SAAA,QAAAE,SAAA,GAAAF,SAAA,MAAGG,KAAK;IAEtC,IAAI,CAACR,kBAAkB,GAAGA,kBAAkB;IAC5C,IAAI,CAACC,qBAAqB,GAAGA,qBAAqB;IAClD,IAAI,CAACQ,KAAK,GAAI,GAAEpB,IAAI,CAACqB,EAAE,CAAC,CAAE,EAAC;IAC3B,IAAI,CAACC,YAAY,GAAI,GAAEtB,IAAI,CAACqB,EAAE,CAAC,CAAE,EAAC;IAClC,IAAI,CAACE,iBAAiB,GAAI,GAAEvB,IAAI,CAACqB,EAAE,CAAC,CAAE,EAAC;IACvC,IAAI,CAACR,yBAAyB,GAAGA,yBAAyB;IAC1D,IAAI,CAACC,QAAQ,GAAGA,QAAQ;IACxB,IAAI,CAACC,QAAQ,GAAGA,QAAQ;EAC1B;;EAEA;AACF;AACA;AACA;AACA;AACA;AACA;AACA;AACA;EACE,MAAMS,oBAAoBA,CAACC,GAAQ,EAAmB;IACpD,MAAMC,SAAS,GAAG3B,GAAG,CAAC4B,KAAK,CAACF,GAAG,CAAC;IAChC,MAAMG,aAAa,GAAG,MAAM9B,UAAU,CAAC4B,SAAS,CAAC;IACjD,MAAMG,SAAS,GAAG;MAAE,GAAGH,SAAS;MAAEI,GAAG,EAAEF;IAAc,CAAC;IACtD,MAAMG,aAAa,GAAG,MAAMnC,cAAc,CAAC,IAAI,CAAC0B,YAAY,CAAC;IAE7D,MAAMU,iBAAiB,GAAG,IAAInC,OAAO,CAAC;MACpCoC,qBAAqB,EACnB,wDAAwD;MAC1DC,qBAAqB,EAAE,CACrB;QACEC,oBAAoB,EAAE;UACpBC,IAAI,EAAE,CAAC,iBAAiB;QAC1B,CAAC;QACDC,MAAM,EAAE,WAAW;QACnBD,IAAI,EAAE;MACR,CAAC,CACF;MACDE,aAAa,EAAE,MAAM;MACrBC,qBAAqB,EAAE,MAAM;MAC7BC,YAAY,EAAE,IAAI,CAAC5B,qBAAqB;MACxCQ,KAAK,EAAE,IAAI,CAACA,KAAK;MACjBqB,SAAS,EAAE,IAAI,CAAC3B,QAAQ;MACxB4B,cAAc,EAAEX;IAClB,CAAC,CAAC,CACCY,kBAAkB,CAAC;MAClBC,GAAG,EAAE,OAAO;MACZd,GAAG,EAAED,SAAS,CAACC;IACjB,CAAC,CAAC,CACDe,WAAW,CAAC,CAAC,CACbC,iBAAiB,CAAC,IAAI,CAAC,CACvBC,MAAM,CAAC,CAAC;IAEX,OAAOf,iBAAiB;EAC1B;;EAEA;AACF;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;EACE,MAAMgB,MAAMA,CAAChB,iBAAyB,EAAEiB,SAAiB,EAAmB;IAC1E,MAAMlB,aAAa,GAAG,MAAMnC,cAAc,CAAC,IAAI,CAAC0B,YAAY,CAAC;IAC7D,MAAM4B,eAAe,GAAG,MAAMrD,OAAO,CAACsD,eAAe,CACnDnB,iBAAiB,EACjBiB,SACF,CAAC;IAED,MAAMG,MAAM,GAAG,IAAIC,GAAG,CAAC,SAAS,EAAE,IAAI,CAAC1C,kBAAkB,CAAC,CAAC2C,IAAI;IAE/D,MAAMC,WAAW,GAAG;MAClBjB,aAAa,EAAE,MAAM;MACrBG,SAAS,EAAE,IAAI,CAAC3B,QAAQ;MACxB4B,cAAc,EAAEX,aAAa;MAC7BQ,qBAAqB,EAAE,MAAM;MAC7BN,qBAAqB,EACnB,wDAAwD;MAC1DuB,gBAAgB,EAAE,IAAI,CAAC3C,yBAAyB;MAChD4C,OAAO,EAAEP;IACX,CAAC;IAED,IAAIQ,QAAQ,GAAG,IAAIC,eAAe,CAACJ,WAAW,CAAC;IAE/C,MAAMK,QAAQ,GAAG,MAAM,IAAI,CAAC7C,QAAQ,CAACqC,MAAM,EAAE;MAC3CS,MAAM,EAAE,MAAM;MACdC,OAAO,EAAE;QACP,cAAc,EAAE;MAClB,CAAC;MACDC,IAAI,EAAEL,QAAQ,CAACM,QAAQ,CAAC;IAC1B,CAAC,CAAC;IAEF,IAAIJ,QAAQ,CAACK,MAAM,KAAK,GAAG,EAAE;MAC3B,MAAMC,MAAM,GAAG,MAAMN,QAAQ,CAACO,IAAI,CAAC,CAAC;MACpC,OAAOD,MAAM,CAACE,WAAW;IAC3B;IAEA,MAAM,IAAInE,eAAe,CACtB,wCAAuC,MAAM2D,QAAQ,CAACS,IAAI,CAAC,CAAE,EAChE,CAAC;EACH;;EAEA;AACF;AACA;AACA;AACA;AACA;AACA;AACA;AACA;EACE,MAAMC,eAAeA,CAAC7C,GAAQ,EAAmB;IAC/C,MAAM8C,QAAQ,GAAG,IAAIlB,GAAG,CAAC,QAAQ,EAAE,IAAI,CAAC1C,kBAAkB,CAAC,CAAC2C,IAAI;IAChE,MAAMkB,IAAI,GAAGrE,eAAe,CAACK,sBAAsB,CAACiB,GAAG,CAAC,EAAE;MACxDgD,GAAG,EAAE,MAAM;MACXC,GAAG,EAAEH,QAAQ;MACbI,GAAG,EAAG,GAAE3E,IAAI,CAACqB,EAAE,CAAC,CAAE;IACpB,CAAC,CAAC;IACF,OAAOmD,IAAI;EACb;;EAEA;AACF;AACA;AACA;AACA;AACA;AACA;EACE,MAAMI,YAAYA,CAAA,EAA2B;IAC3C;IACA,MAAMC,UAAU,GAAI,GAAE7E,IAAI,CAACqB,EAAE,CAAC,CAAE,EAAC;IACjC,MAAMyD,OAAO,GAAG,MAAMzE,QAAQ,CAACwE,UAAU,CAAC;IAC1C,MAAME,oBAAoB,GAAG,MAAM,IAAI,CAACT,eAAe,CAACQ,OAAO,CAAC;IAChE,MAAME,kBAAkB,GAAG,MAAM5E,IAAI,CAAC2E,oBAAoB,EAAEF,UAAU,CAAC;IACvE,MAAMvE,SAAS,CAACuE,UAAU,CAAC;IAE3B,MAAMI,UAAU,GAAG,MAAMpF,OAAO,CAACsD,eAAe,CAC9C4B,oBAAoB,EACpBC,kBACF,CAAC;IACD,MAAME,cAAc,GAAGzF,SAAS,CAACwF,UAAU,CAAC;IAC5C,MAAMV,QAAQ,GAAGW,cAAc,CAACC,OAAO,CAACT,GAAa;IACrD,MAAMnB,WAAW,GAAG;MAClB6B,UAAU,EAAE,oBAAoB;MAChC3C,SAAS,EAAE,IAAI,CAAC3B,QAAQ;MACxBuE,IAAI,EAAE,IAAI,CAAC9D,iBAAiB;MAC5B+D,aAAa,EAAE,IAAI,CAAChE,YAAY;MAChCW,qBAAqB,EACnB,wDAAwD;MAC1DuB,gBAAgB,EAAE,IAAI,CAAC3C,yBAAyB;MAChD2B,YAAY,EAAE,IAAI,CAAC5B;IACrB,CAAC;IACD,IAAI8C,QAAQ,GAAG,IAAIC,eAAe,CAACJ,WAAW,CAAC;IAE/C,MAAMK,QAAQ,GAAG,MAAM,IAAI,CAAC7C,QAAQ,CAACwD,QAAQ,EAAE;MAC7CV,MAAM,EAAE,MAAM;MACdC,OAAO,EAAE;QACP,cAAc,EAAE,mCAAmC;QACnDyB,IAAI,EAAEN;MACR,CAAC;MACDlB,IAAI,EAAEL,QAAQ,CAACM,QAAQ,CAAC;IAC1B,CAAC,CAAC;IAEF,IAAIJ,QAAQ,CAACK,MAAM,KAAK,GAAG,EAAE;MAC3B,OAAO,MAAML,QAAQ,CAACO,IAAI,CAAC,CAAC;IAC9B;IAEA,MAAM,IAAIlE,eAAe,CACtB,0CAAyC,MAAM2D,QAAQ,CAACS,IAAI,CAAC,CAAE,EAClE,CAAC;EACH;;EAEA;AACF;AACA;AACA;AACA;AACA;AACA;AACA;AACA;EACE,MAAMmB,qBAAqBA,CAACC,KAAa,EAAmB;IAC1D,MAAMC,aAAa,GAAG,IAAI7F,OAAO,CAAC;MAChC4F;IACF,CAAC,CAAC,CACC9C,kBAAkB,CAAC;MAClBC,GAAG,EAAE,OAAO;MACZR,IAAI,EAAE;IACR,CAAC,CAAC,CACDuD,WAAW,CAAC,IAAI,CAAC/E,qBAAqB,CAAC,CACvCgF,SAAS,CAAC,IAAI,CAAC9E,QAAQ,CAAC,CACxB+B,WAAW,CAAC,CAAC,CACbC,iBAAiB,CAAC,IAAI,CAAC,CACvBC,MAAM,CAAC,CAAC;IACX,OAAO2C,aAAa;EACtB;;EAEA;AACF;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;EACE,MAAMG,aAAaA,CACjBC,kBAA0B,EAC1BC,gBAAwB,EACxBC,kBAA0B,EAC1BC,mBAA2B,EAC3BC,WAAmB,EACnBC,OAAgB,EACM;IACtB,MAAMC,gBAAgB,GAAG,MAAMvG,OAAO,CAACsD,eAAe,CACpD2C,kBAAkB,EAClBC,gBACF,CAAC;IACD,MAAMM,gBAAgB,GAAG,MAAMxG,OAAO,CAACsD,eAAe,CACpD6C,kBAAkB,EAClBC,mBACF,CAAC;IACD,MAAMK,aAAa,GAAG,IAAIjD,GAAG,CAAC,aAAa,EAAE,IAAI,CAAC1C,kBAAkB,CAAC,CAAC2C,IAAI;IAE1E,MAAMC,WAAW,GAAG;MAClBgD,qBAAqB,EAAEC,IAAI,CAACC,SAAS,CAAC;QAAErE,IAAI,EAAE,CAAC,iBAAiB;MAAE,CAAC,CAAC;MACpEC,MAAM,EAAE,WAAW;MACnBqE,KAAK,EAAEF,IAAI,CAACC,SAAS,CAAC;QACpBE,GAAG,EAAEN,gBAAgB;QACrBF,OAAO;QACPS,UAAU,EAAE;MACd,CAAC;IACH,CAAC;IACD,MAAMlD,QAAQ,GAAG,IAAIC,eAAe,CAACJ,WAAW,CAAC;IAEjD,MAAMK,QAAQ,GAAG,MAAM,IAAI,CAAC7C,QAAQ,CAACuF,aAAa,EAAE;MAClDzC,MAAM,EAAE,MAAM;MACdC,OAAO,EAAE;QACP,cAAc,EAAE,mCAAmC;QACnDyB,IAAI,EAAEa,gBAAgB;QACtBS,aAAa,EAAEX;MACjB,CAAC;MACDnC,IAAI,EAAEL,QAAQ,CAACM,QAAQ,CAAC;IAC1B,CAAC,CAAC;IAEF,IAAIJ,QAAQ,CAACK,MAAM,KAAK,GAAG,EAAE;MAC3B,OAAO,MAAML,QAAQ,CAACO,IAAI,CAAC,CAAC;IAC9B;IAEA,MAAM,IAAIlE,eAAe,CAAE,8BAA6B,CAAC;EAC3D;;EAEA;AACF;AACA;AACA;AACA;AACA;AACA;EACE,MAAM6G,sBAAsBA,CAAA,EAA0C;IACpE,MAAMC,WAAW,GAAG,IAAI1D,GAAG,CACzB,kCAAkC,EAClC,IAAI,CAAC1C,kBACP,CAAC,CAAC2C,IAAI;IAEN,MAAMM,QAAQ,GAAG,MAAM,IAAI,CAAC7C,QAAQ,CAACgG,WAAW,CAAC;IAEjD,IAAInD,QAAQ,CAACK,MAAM,KAAK,GAAG,EAAE;MAC3B,MAAM+C,WAAW,GAAG,MAAMpD,QAAQ,CAACS,IAAI,CAAC,CAAC;MACzC,MAAM;QAAEc;MAAQ,CAAC,GAAG1F,SAAS,CAACuH,WAAW,CAAC;MAC1C,MAAM9C,MAAM,GAAG3D,4BAA4B,CAAC0G,SAAS,CAAC9B,OAAO,CAAC;MAC9D,IAAIjB,MAAM,CAACgD,OAAO,EAAE;QAClB,MAAMC,cAAc,GAAGjD,MAAM,CAACkD,IAAI;QAClC,MAAMzH,SAAS,CAACqH,WAAW,EAAEG,cAAc,CAACE,IAAI,CAACC,IAAI,CAAC;QACtD,OAAOH,cAAc;MACvB,CAAC,MAAM;QACL,MAAM,IAAIjH,gBAAgB,CAACgE,MAAM,CAACqD,KAAK,CAACC,OAAO,CAAC;MAClD;IACF;IAEA,MAAM,IAAItH,gBAAgB,CACvB,4CAA2C,MAAM0D,QAAQ,CAACS,IAAI,CAAC,CAAE,iBAChET,QAAQ,CAACK,MACV,EACH,CAAC;EACH;AACF"}
+{"version":3,"names":["sha256ToBase64","SignJWT","thumbprint","JWK","uuid","PidIssuingError","createDPopToken","PidIssuerEntityConfiguration","createCryptoContextFor","getEntityConfiguration","getGenericEntityConfiguration","generate","deleteKey","SdJwt","appFetch","fetch","arguments","length","undefined","relyingPartyBaseUrl","then","parse","getPar","_ref","wiaCryptoContext","clientId","codeVerifier","walletProviderBaseUrl","pidProviderEntityConfiguration","walletInstanceAttestation","keyThumbprint","getPublicKey","codeChallenge","signedJwtForPar","setProtectedHeader","kid","setPayload","client_assertion_type","authorization_details","credentialDefinition","type","format","response_type","code_challenge_method","redirect_uri","state","v4","client_id","code_challenge","setIssuedAt","setExpirationTime","sign","parUrl","payload","metadata","openid_credential_issuer","pushed_authorization_request_endpoint","requestBody","client_assertion","request","formBody","URLSearchParams","response","method","headers","body","toString","status","result","json","request_uri","text","authorizeIssuing","_ref2","_","authorizationCode","tokenUrl","token_endpoint","keytag","ephemeralContext","signedDPop","htm","htu","jti","grant_type","code","code_verifier","DPoP","c_nonce","access_token","accessToken","nonce","createNonceProof","issuer","audience","ctx","setAudience","setIssuer","getCredential","_ref3","pidCryptoContext","_ref4","cieData","signedDPopForPid","signedNonceProof","credentialUrl","credential_endpoint","credential_definition","JSON","stringify","proof","jwt","proof_type","Authorization","pidResponse","validatePid","credential","pidJwt","decoded","decode","pidKey","holderBindedKey","sdJwt","cnf","jwk"],"sourceRoot":"../../../src","sources":["pid/issuing.ts"],"mappings":"AAAA,SACEA,cAAc,EAEdC,OAAO,EACPC,UAAU,QACL,6BAA6B;AACpC,SAASC,GAAG,QAAQ,cAAc;AAClC,OAAOC,IAAI,MAAM,mBAAmB;AACpC,SAASC,eAAe,QAAQ,iBAAiB;AACjD,SAASC,eAAe,QAAQ,eAAe;AAC/C,SAASC,4BAA4B,QAAQ,YAAY;AACzD,SACEC,sBAAsB,EACtBC,sBAAsB,IAAIC,6BAA6B,QAClD,IAAI;AACX,SAASC,QAAQ,EAAEC,SAAS,QAAQ,gCAAgC;AACpE,SAASC,KAAK,QAAQ,GAAG;AACzB;;AAwBA;AACA;AACA;AACA,OAAO,MAAMJ,sBAAsB,GACjC,SAAAA,CAAA;EAAA,IAAC;IAAEK,QAAQ,GAAGC;EAA2C,CAAC,GAAAC,SAAA,CAAAC,MAAA,QAAAD,SAAA,QAAAE,SAAA,GAAAF,SAAA,MAAG,CAAC,CAAC;EAAA,OAC/D,MACEG,mBAA2B,IACe;IAC1C,OAAOT,6BAA6B,CAACS,mBAAmB,EAAE;MACxDL,QAAQ,EAAEA;IACZ,CAAC,CAAC,CAACM,IAAI,CAACb,4BAA4B,CAACc,KAAK,CAAC;EAC7C,CAAC;AAAA;;AAEH;AACA;AACA;AACA,MAAMC,MAAM,GACVC,IAAA;EAAA,IAAC;IACCC,gBAAgB;IAChBV,QAAQ,GAAGC;EAIb,CAAC,GAAAQ,IAAA;EAAA,OACD,OACEE,QAAgB,EAChBC,YAAoB,EACpBC,qBAA6B,EAC7BC,8BAA4D,EAC5DC,yBAAiC,KACb;IACpB;IACA;IACA;IACA;IACA,MAAMC,aAAa,GAAG,MAAMN,gBAAgB,CACzCO,YAAY,CAAC,CAAC,CACdX,IAAI,CAACjB,GAAG,CAACkB,KAAK,CAAC,CACfD,IAAI,CAAClB,UAAU,CAAC;IAEnB,MAAM8B,aAAa,GAAG,MAAMhC,cAAc,CAAC0B,YAAY,CAAC;IAExD,MAAMO,eAAe,GAAG,MAAM,IAAIhC,OAAO,CAACuB,gBAAgB,CAAC,CACxDU,kBAAkB,CAAC;MAClBC,GAAG,EAAEL;IACP,CAAC,CAAC,CACDM,UAAU,CAAC;MACVC,qBAAqB,EACnB,wDAAwD;MAC1DC,qBAAqB,EAAE,CACrB;QACEC,oBAAoB,EAAE;UACpBC,IAAI,EAAE,CAAC,iBAAiB;QAC1B,CAAC;QACDC,MAAM,EAAE,WAAW;QACnBD,IAAI,EAAE;MACR,CAAC,CACF;MACDE,aAAa,EAAE,MAAM;MACrBC,qBAAqB,EAAE,MAAM;MAC7BC,YAAY,EAAEjB,qBAAqB;MACnCkB,KAAK,EAAG,GAAEzC,IAAI,CAAC0C,EAAE,CAAC,CAAE,EAAC;MACrBC,SAAS,EAAEtB,QAAQ;MACnBuB,cAAc,EAAEhB;IAClB,CAAC,CAAC,CACDiB,WAAW,CAAC,CAAC,CACbC,iBAAiB,CAAC,IAAI,CAAC,CACvBC,IAAI,CAAC,CAAC;IAET,MAAMC,MAAM,GACVxB,8BAA8B,CAACyB,OAAO,CAACC,QAAQ,CAACC,wBAAwB,CACrEC,qCAAqC;IAE1C,MAAMC,WAAW,GAAG;MAClBf,aAAa,EAAE,MAAM;MACrBK,SAAS,EAAEtB,QAAQ;MACnBuB,cAAc,EAAEhB,aAAa;MAC7BW,qBAAqB,EAAE,MAAM;MAC7BN,qBAAqB,EACnB,wDAAwD;MAC1DqB,gBAAgB,EAAE7B,yBAAyB;MAC3C8B,OAAO,EAAE1B;IACX,CAAC;IAED,IAAI2B,QAAQ,GAAG,IAAIC,eAAe,CAACJ,WAAW,CAAC;IAE/C,MAAMK,QAAQ,GAAG,MAAMhD,QAAQ,CAACsC,MAAM,EAAE;MACtCW,MAAM,EAAE,MAAM;MACdC,OAAO,EAAE;QACP,cAAc,EAAE;MAClB,CAAC;MACDC,IAAI,EAAEL,QAAQ,CAACM,QAAQ,CAAC;IAC1B,CAAC,CAAC;IAEF,IAAIJ,QAAQ,CAACK,MAAM,KAAK,GAAG,EAAE;MAC3B,MAAMC,MAAM,GAAG,MAAMN,QAAQ,CAACO,IAAI,CAAC,CAAC;MACpC,OAAOD,MAAM,CAACE,WAAW;IAC3B;IAEA,MAAM,IAAIjE,eAAe,CACtB,wCAAuC,MAAMyD,QAAQ,CAACS,IAAI,CAAC,CAAE,EAChE,CAAC;EACH,CAAC;AAAA;;AAEH;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,OAAO,MAAMC,gBAAgB,GAC3BC,KAAA;EAAA,IAAC;IACCjD,gBAAgB;IAChBV,QAAQ,GAAGC;EAIb,CAAC,GAAA0D,KAAA;EAAA,OACD,OACE5C,yBAAiC,EACjCF,qBAA6B,EAC7BC,8BAA4D,KAC7B;IAC/B;IACA,MAAMH,QAAQ,GAAG,MAAMD,gBAAgB,CAACO,YAAY,CAAC,CAAC,CAACX,IAAI,CAAEsD,CAAC,IAAKA,CAAC,CAACvC,GAAG,CAAC;IACzE,MAAMT,YAAY,GAAI,GAAEtB,IAAI,CAAC0C,EAAE,CAAC,CAAE,EAAC;IACnC,MAAM6B,iBAAiB,GAAI,GAAEvE,IAAI,CAAC0C,EAAE,CAAC,CAAE,EAAC;IACxC,MAAM8B,QAAQ,GACZhD,8BAA8B,CAACyB,OAAO,CAACC,QAAQ,CAACC,wBAAwB,CACrEsB,cAAc;IAEnB,MAAMvD,MAAM,CAAC;MAAEE,gBAAgB;MAAEV;IAAS,CAAC,CAAC,CAC1CW,QAAQ,EACRC,YAAY,EACZC,qBAAqB,EACrBC,8BAA8B,EAC9BC,yBACF,CAAC;;IAED;IACA,MAAMiD,MAAM,GAAI,aAAY1E,IAAI,CAAC0C,EAAE,CAAC,CAAE,EAAC;IACvC,MAAMnC,QAAQ,CAACmE,MAAM,CAAC;IACtB,MAAMC,gBAAgB,GAAGvE,sBAAsB,CAACsE,MAAM,CAAC;IAEvD,MAAME,UAAU,GAAG,MAAM1E,eAAe,CACtC;MACE2E,GAAG,EAAE,MAAM;MACXC,GAAG,EAAEN,QAAQ;MACbO,GAAG,EAAG,GAAE/E,IAAI,CAAC0C,EAAE,CAAC,CAAE;IACpB,CAAC,EACDiC,gBACF,CAAC;IAED,MAAMnE,SAAS,CAACkE,MAAM,CAAC;IAEvB,MAAMrB,WAAW,GAAG;MAClB2B,UAAU,EAAE,oBAAoB;MAChCrC,SAAS,EAAEtB,QAAQ;MACnB4D,IAAI,EAAEV,iBAAiB;MACvBW,aAAa,EAAE5D,YAAY;MAC3BW,qBAAqB,EACnB,wDAAwD;MAC1DqB,gBAAgB,EAAE7B,yBAAyB;MAC3Ce,YAAY,EAAEjB;IAChB,CAAC;IACD,IAAIiC,QAAQ,GAAG,IAAIC,eAAe,CAACJ,WAAW,CAAC;IAE/C,MAAMK,QAAQ,GAAG,MAAMhD,QAAQ,CAAC8D,QAAQ,EAAE;MACxCb,MAAM,EAAE,MAAM;MACdC,OAAO,EAAE;QACP,cAAc,EAAE,mCAAmC;QACnDuB,IAAI,EAAEP;MACR,CAAC;MACDf,IAAI,EAAEL,QAAQ,CAACM,QAAQ,CAAC;IAC1B,CAAC,CAAC;IAEF,IAAIJ,QAAQ,CAACK,MAAM,KAAK,GAAG,EAAE;MAC3B,MAAM;QAAEqB,OAAO;QAAEC;MAAa,CAAC,GAAG,MAAM3B,QAAQ,CAACO,IAAI,CAAC,CAAC;MACvD,OAAO;QACLqB,WAAW,EAAED,YAAY;QACzBE,KAAK,EAAEH,OAAO;QACd/D,QAAQ;QACRC,YAAY;QACZiD,iBAAiB;QACjBhD;MACF,CAAC;IACH;IAEA,MAAM,IAAItB,eAAe,CACtB,0CAAyC,MAAMyD,QAAQ,CAACS,IAAI,CAAC,CAAE,EAClE,CAAC;EACH,CAAC;AAAA;;AAEH;AACA;AACA;AACA,MAAMqB,gBAAgB,GAAG,MAAAA,CACvBD,KAAa,EACbE,MAAc,EACdC,QAAgB,EAChBC,GAAkB,KACE;EACpB,OAAO,IAAI9F,OAAO,CAAC8F,GAAG,CAAC,CACpB3D,UAAU,CAAC;IACVuD;EACF,CAAC,CAAC,CACDzD,kBAAkB,CAAC;IAClBM,IAAI,EAAE;EACR,CAAC,CAAC,CACDwD,WAAW,CAACF,QAAQ,CAAC,CACrBG,SAAS,CAACJ,MAAM,CAAC,CACjB5C,WAAW,CAAC,CAAC,CACbC,iBAAiB,CAAC,IAAI,CAAC,CACvBC,IAAI,CAAC,CAAC;AACX,CAAC;;AAED;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,OAAO,MAAM+C,aAAa,GACxBC,KAAA;EAAA,IAAC;IACCC,gBAAgB;IAChBtF,QAAQ,GAAGC;EAIb,CAAC,GAAAoF,KAAA;EAAA,OACD,OAAAE,KAAA,EAEEzE,8BAA4D,EAC5D0E,OAAgB,KACS;IAAA,IAHzB;MAAEX,KAAK;MAAED,WAAW;MAAEjE,QAAQ;MAAEE;IAAyC,CAAC,GAAA0E,KAAA;IAI1E,MAAME,gBAAgB,GAAG,MAAMjG,eAAe,CAC5C;MACE2E,GAAG,EAAE,MAAM;MACXC,GAAG,EAAEtD,8BAA8B,CAACyB,OAAO,CAACC,QAAQ,CACjDC,wBAAwB,CAACsB,cAAc;MAC1CM,GAAG,EAAG,GAAE/E,IAAI,CAAC0C,EAAE,CAAC,CAAE;IACpB,CAAC,EACDsD,gBACF,CAAC;IACD,MAAMI,gBAAgB,GAAG,MAAMZ,gBAAgB,CAC7CD,KAAK,EACLlE,QAAQ,EACRE,qBAAqB,EACrByE,gBACF,CAAC;IAED,MAAMK,aAAa,GACjB7E,8BAA8B,CAACyB,OAAO,CAACC,QAAQ,CAACC,wBAAwB,CACrEmD,mBAAmB;IAExB,MAAMjD,WAAW,GAAG;MAClBkD,qBAAqB,EAAEC,IAAI,CAACC,SAAS,CAAC;QAAErE,IAAI,EAAE,CAAC,iBAAiB;MAAE,CAAC,CAAC;MACpEC,MAAM,EAAE,WAAW;MACnBqE,KAAK,EAAEF,IAAI,CAACC,SAAS,CAAC;QACpBE,GAAG,EAAEP,gBAAgB;QACrBF,OAAO;QACPU,UAAU,EAAE;MACd,CAAC;IACH,CAAC;IACD,MAAMpD,QAAQ,GAAG,IAAIC,eAAe,CAACJ,WAAW,CAAC;IAEjD,MAAMK,QAAQ,GAAG,MAAMhD,QAAQ,CAAC2F,aAAa,EAAE;MAC7C1C,MAAM,EAAE,MAAM;MACdC,OAAO,EAAE;QACP,cAAc,EAAE,mCAAmC;QACnDuB,IAAI,EAAEgB,gBAAgB;QACtBU,aAAa,EAAEvB;MACjB,CAAC;MACDzB,IAAI,EAAEL,QAAQ,CAACM,QAAQ,CAAC;IAC1B,CAAC,CAAC;IAEF,IAAIJ,QAAQ,CAACK,MAAM,KAAK,GAAG,EAAE;MAC3B,MAAM+C,WAAW,GAAI,MAAMpD,QAAQ,CAACO,IAAI,CAAC,CAAiB;MAC1D,MAAM8C,WAAW,CAACD,WAAW,CAACE,UAAU,EAAEhB,gBAAgB,CAAC;MAC3D,OAAOc,WAAW;IACpB;IAEA,MAAM,IAAI7G,eAAe,CACtB,oCAAmCoG,aAAc,WAChD3C,QAAQ,CAACK,MACV,SAAQ,MAAML,QAAQ,CAACS,IAAI,CAAC,CAAE,EACjC,CAAC;EACH,CAAC;AAAA;AAEH,MAAM4C,WAAW,GAAG,MAAAA,CAAOE,MAAc,EAAEjB,gBAA+B,KAAK;EAC7E,MAAMkB,OAAO,GAAGzG,KAAK,CAAC0G,MAAM,CAACF,MAAM,CAAC;EACpC,MAAMG,MAAM,GAAG,MAAMpB,gBAAgB,CAACrE,YAAY,CAAC,CAAC;EACpD,MAAM0F,eAAe,GAAGH,OAAO,CAACI,KAAK,CAACrE,OAAO,CAACsE,GAAG,CAACC,GAAG;EAErD,IAAI,CAAC,MAAM1H,UAAU,CAACsH,MAAM,CAAC,OAAO,MAAMtH,UAAU,CAACuH,eAAe,CAAC,CAAC,EAAE;IACtE,MAAM,IAAIpH,eAAe,CACtB,uGAAsGuG,IAAI,CAACC,SAAS,CACnHW,MACF,CAAE,kCAAiCZ,IAAI,CAACC,SAAS,CAACY,eAAe,CAAE,EACrE,CAAC;EACH;AACF,CAAC"}

package/lib/module/pid/metadata.js

@@ -1,3 +1,4 @@
+import { EntityConfiguration } from "../trust/types";
 import { JWK } from "../utils/jwk";
 import { z } from "zod";
 export const PidDisplayMetadata = z.object({
@@ -10,32 +11,34 @@ export const PidDisplayMetadata = z.object({
   background_color: z.string(),
   text_color: z.string()
 });
-export const PidIssuerEntityConfiguration = z.object({
-  jwks: z.object({
-    keys: z.array(JWK)
-  }),
-  metadata: z.object({
-    openid_credential_issuer: z.object({
-      credential_issuer: z.string(),
-      authorization_endpoint: z.string(),
-      token_endpoint: z.string(),
-      pushed_authorization_request_endpoint: z.string(),
-      dpop_signing_alg_values_supported: z.array(z.string()),
-      credential_endpoint: z.string(),
-      credentials_supported: z.array(z.object({
-        format: z.literal("vc+sd-jwt"),
-        cryptographic_binding_methods_supported: z.array(z.string()),
-        cryptographic_suites_supported: z.array(z.string()),
-        display: z.array(PidDisplayMetadata)
-      }))
+export const PidIssuerEntityConfiguration = EntityConfiguration.and(z.object({
+  payload: z.object({
+    jwks: z.object({
+      keys: z.array(JWK)
     }),
-    federation_entity: z.object({
-      organization_name: z.string(),
-      homepage_uri: z.string(),
-      policy_uri: z.string(),
-      tos_uri: z.string(),
-      logo_uri: z.string()
+    metadata: z.object({
+      openid_credential_issuer: z.object({
+        credential_issuer: z.string(),
+        authorization_endpoint: z.string(),
+        token_endpoint: z.string(),
+        pushed_authorization_request_endpoint: z.string(),
+        dpop_signing_alg_values_supported: z.array(z.string()),
+        credential_endpoint: z.string(),
+        credentials_supported: z.array(z.object({
+          format: z.literal("vc+sd-jwt"),
+          cryptographic_binding_methods_supported: z.array(z.string()),
+          cryptographic_suites_supported: z.array(z.string()),
+          display: z.array(PidDisplayMetadata)
+        }))
+      }),
+      federation_entity: z.object({
+        organization_name: z.string(),
+        homepage_uri: z.string(),
+        policy_uri: z.string(),
+        tos_uri: z.string(),
+        logo_uri: z.string()
+      })
     })
   })
-});
+}));
 //# sourceMappingURL=metadata.js.map

package/lib/module/pid/metadata.js.map

@@ -1 +1 @@
-{"version":3,"names":["JWK","z","PidDisplayMetadata","object","name","string","locale","logo","url","alt_text","background_color","text_color","PidIssuerEntityConfiguration","jwks","keys","array","metadata","openid_credential_issuer","credential_issuer","authorization_endpoint","token_endpoint","pushed_authorization_request_endpoint","dpop_signing_alg_values_supported","credential_endpoint","credentials_supported","format","literal","cryptographic_binding_methods_supported","cryptographic_suites_supported","display","federation_entity","organization_name","homepage_uri","policy_uri","tos_uri","logo_uri"],"sourceRoot":"../../../src","sources":["pid/metadata.ts"],"mappings":"AAAA,SAASA,GAAG,QAAQ,cAAc;AAClC,SAASC,CAAC,QAAQ,KAAK;AAGvB,OAAO,MAAMC,kBAAkB,GAAGD,CAAC,CAACE,MAAM,CAAC;EACzCC,IAAI,EAAEH,CAAC,CAACI,MAAM,CAAC,CAAC;EAChBC,MAAM,EAAEL,CAAC,CAACI,MAAM,CAAC,CAAC;EAClBE,IAAI,EAAEN,CAAC,CAACE,MAAM,CAAC;IACbK,GAAG,EAAEP,CAAC,CAACI,MAAM,CAAC,CAAC;IACfI,QAAQ,EAAER,CAAC,CAACI,MAAM,CAAC;EACrB,CAAC,CAAC;EACFK,gBAAgB,EAAET,CAAC,CAACI,MAAM,CAAC,CAAC;EAC5BM,UAAU,EAAEV,CAAC,CAACI,MAAM,CAAC;AACvB,CAAC,CAAC;AAKF,OAAO,MAAMO,4BAA4B,GAAGX,CAAC,CAACE,MAAM,CAAC;EACnDU,IAAI,EAAEZ,CAAC,CAACE,MAAM,CAAC;IAAEW,IAAI,EAAEb,CAAC,CAACc,KAAK,CAACf,GAAG;EAAE,CAAC,CAAC;EACtCgB,QAAQ,EAAEf,CAAC,CAACE,MAAM,CAAC;IACjBc,wBAAwB,EAAEhB,CAAC,CAACE,MAAM,CAAC;MACjCe,iBAAiB,EAAEjB,CAAC,CAACI,MAAM,CAAC,CAAC;MAC7Bc,sBAAsB,EAAElB,CAAC,CAACI,MAAM,CAAC,CAAC;MAClCe,cAAc,EAAEnB,CAAC,CAACI,MAAM,CAAC,CAAC;MAC1BgB,qCAAqC,EAAEpB,CAAC,CAACI,MAAM,CAAC,CAAC;MACjDiB,iCAAiC,EAAErB,CAAC,CAACc,KAAK,CAACd,CAAC,CAACI,MAAM,CAAC,CAAC,CAAC;MACtDkB,mBAAmB,EAAEtB,CAAC,CAACI,MAAM,CAAC,CAAC;MAC/BmB,qBAAqB,EAAEvB,CAAC,CAACc,KAAK,CAC5Bd,CAAC,CAACE,MAAM,CAAC;QACPsB,MAAM,EAAExB,CAAC,CAACyB,OAAO,CAAC,WAAW,CAAC;QAC9BC,uCAAuC,EAAE1B,CAAC,CAACc,KAAK,CAACd,CAAC,CAACI,MAAM,CAAC,CAAC,CAAC;QAC5DuB,8BAA8B,EAAE3B,CAAC,CAACc,KAAK,CAACd,CAAC,CAACI,MAAM,CAAC,CAAC,CAAC;QACnDwB,OAAO,EAAE5B,CAAC,CAACc,KAAK,CAACb,kBAAkB;MACrC,CAAC,CACH;IACF,CAAC,CAAC;IACF4B,iBAAiB,EAAE7B,CAAC,CAACE,MAAM,CAAC;MAC1B4B,iBAAiB,EAAE9B,CAAC,CAACI,MAAM,CAAC,CAAC;MAC7B2B,YAAY,EAAE/B,CAAC,CAACI,MAAM,CAAC,CAAC;MACxB4B,UAAU,EAAEhC,CAAC,CAACI,MAAM,CAAC,CAAC;MACtB6B,OAAO,EAAEjC,CAAC,CAACI,MAAM,CAAC,CAAC;MACnB8B,QAAQ,EAAElC,CAAC,CAACI,MAAM,CAAC;IACrB,CAAC;EACH,CAAC;AACH,CAAC,CAAC"}
+{"version":3,"names":["EntityConfiguration","JWK","z","PidDisplayMetadata","object","name","string","locale","logo","url","alt_text","background_color","text_color","PidIssuerEntityConfiguration","and","payload","jwks","keys","array","metadata","openid_credential_issuer","credential_issuer","authorization_endpoint","token_endpoint","pushed_authorization_request_endpoint","dpop_signing_alg_values_supported","credential_endpoint","credentials_supported","format","literal","cryptographic_binding_methods_supported","cryptographic_suites_supported","display","federation_entity","organization_name","homepage_uri","policy_uri","tos_uri","logo_uri"],"sourceRoot":"../../../src","sources":["pid/metadata.ts"],"mappings":"AAAA,SAASA,mBAAmB,QAAQ,gBAAgB;AACpD,SAASC,GAAG,QAAQ,cAAc;AAClC,SAASC,CAAC,QAAQ,KAAK;AAGvB,OAAO,MAAMC,kBAAkB,GAAGD,CAAC,CAACE,MAAM,CAAC;EACzCC,IAAI,EAAEH,CAAC,CAACI,MAAM,CAAC,CAAC;EAChBC,MAAM,EAAEL,CAAC,CAACI,MAAM,CAAC,CAAC;EAClBE,IAAI,EAAEN,CAAC,CAACE,MAAM,CAAC;IACbK,GAAG,EAAEP,CAAC,CAACI,MAAM,CAAC,CAAC;IACfI,QAAQ,EAAER,CAAC,CAACI,MAAM,CAAC;EACrB,CAAC,CAAC;EACFK,gBAAgB,EAAET,CAAC,CAACI,MAAM,CAAC,CAAC;EAC5BM,UAAU,EAAEV,CAAC,CAACI,MAAM,CAAC;AACvB,CAAC,CAAC;AAKF,OAAO,MAAMO,4BAA4B,GAAGb,mBAAmB,CAACc,GAAG,CACjEZ,CAAC,CAACE,MAAM,CAAC;EACPW,OAAO,EAAEb,CAAC,CAACE,MAAM,CAAC;IAChBY,IAAI,EAAEd,CAAC,CAACE,MAAM,CAAC;MAAEa,IAAI,EAAEf,CAAC,CAACgB,KAAK,CAACjB,GAAG;IAAE,CAAC,CAAC;IACtCkB,QAAQ,EAAEjB,CAAC,CAACE,MAAM,CAAC;MACjBgB,wBAAwB,EAAElB,CAAC,CAACE,MAAM,CAAC;QACjCiB,iBAAiB,EAAEnB,CAAC,CAACI,MAAM,CAAC,CAAC;QAC7BgB,sBAAsB,EAAEpB,CAAC,CAACI,MAAM,CAAC,CAAC;QAClCiB,cAAc,EAAErB,CAAC,CAACI,MAAM,CAAC,CAAC;QAC1BkB,qCAAqC,EAAEtB,CAAC,CAACI,MAAM,CAAC,CAAC;QACjDmB,iCAAiC,EAAEvB,CAAC,CAACgB,KAAK,CAAChB,CAAC,CAACI,MAAM,CAAC,CAAC,CAAC;QACtDoB,mBAAmB,EAAExB,CAAC,CAACI,MAAM,CAAC,CAAC;QAC/BqB,qBAAqB,EAAEzB,CAAC,CAACgB,KAAK,CAC5BhB,CAAC,CAACE,MAAM,CAAC;UACPwB,MAAM,EAAE1B,CAAC,CAAC2B,OAAO,CAAC,WAAW,CAAC;UAC9BC,uCAAuC,EAAE5B,CAAC,CAACgB,KAAK,CAAChB,CAAC,CAACI,MAAM,CAAC,CAAC,CAAC;UAC5DyB,8BAA8B,EAAE7B,CAAC,CAACgB,KAAK,CAAChB,CAAC,CAACI,MAAM,CAAC,CAAC,CAAC;UACnD0B,OAAO,EAAE9B,CAAC,CAACgB,KAAK,CAACf,kBAAkB;QACrC,CAAC,CACH;MACF,CAAC,CAAC;MACF8B,iBAAiB,EAAE/B,CAAC,CAACE,MAAM,CAAC;QAC1B8B,iBAAiB,EAAEhC,CAAC,CAACI,MAAM,CAAC,CAAC;QAC7B6B,YAAY,EAAEjC,CAAC,CAACI,MAAM,CAAC,CAAC;QACxB8B,UAAU,EAAElC,CAAC,CAACI,MAAM,CAAC,CAAC;QACtB+B,OAAO,EAAEnC,CAAC,CAACI,MAAM,CAAC,CAAC;QACnBgC,QAAQ,EAAEpC,CAAC,CAACI,MAAM,CAAC;MACrB,CAAC;IACH,CAAC;EACH,CAAC;AACH,CAAC,CACH,CAAC"}

package/lib/module/rp/__test__/index.test.js

@@ -1,4 +1,4 @@
-import { RelyingPartySolution } from "..";
+import * as RelyingPartySolution from "..";
 import { AuthRequestDecodeError } from "../../utils/errors";
 import { RpEntityConfiguration } from "../types";
 describe("decodeAuthRequestQR", () => {

package/lib/module/rp/__test__/index.test.js.map

@@ -1 +1 @@
-{"version":3,"names":["RelyingPartySolution","AuthRequestDecodeError","RpEntityConfiguration","describe","it","qrcode","result","decodeAuthRequestQR","expect","requestURI","toEqual","toThrowError","pp","header","alg","kid","typ","payload","exp","iat","iss","sub","jwks","keys","kty","e","n","metadata","federation_entity","organization_name","homepage_uri","policy_uri","logo_uri","contacts","wallet_relying_party","application_type","authorization_encrypted_response_alg","authorization_encrypted_response_enc","authorization_signed_response_alg","client_id","client_name","default_acr_values","default_max_age","id_token_encrypted_response_alg","id_token_encrypted_response_enc","id_token_signed_response_alg","presentation_definitions","id","input_descriptors","format","constraints","fields","filter","const","type","path","intent_to_retain","limit_disclosure","jwt","mso_mdoc","redirect_uris","request_uris","require_auth_time","subject_type","vp_formats","jwt_vp_json","crv","d","use","x","y","p","q","authority_hints","safeParse","success","error","toBe"],"sourceRoot":"../../../../src","sources":["rp/__test__/index.test.ts"],"mappings":"AAAA,SAASA,oBAAoB,QAAQ,IAAI;AACzC,SAASC,sBAAsB,QAAQ,oBAAoB;AAC3D,SAASC,qBAAqB,QAAQ,UAAU;AAEhDC,QAAQ,CAAC,qBAAqB,EAAE,MAAM;EACpCC,EAAE,CAAC,0CAA0C,EAAE,YAAY;IACzD,MAAMC,MAAM,GACV,sJAAsJ;IACxJ,MAAMC,MAAM,GAAGN,oBAAoB,CAACO,mBAAmB,CAACF,MAAM,CAAC;IAC/DG,MAAM,CAACF,MAAM,CAACG,UAAU,CAAC,CAACC,OAAO,CAC/B,0CACF,CAAC;EACH,CAAC,CAAC;EACFN,EAAE,CAAC,wCAAwC,EAAE,YAAY;IACvD,MAAMC,MAAM,GAAG,0BAA0B;IACzCG,MAAM,CAAC,MAAMR,oBAAoB,CAACO,mBAAmB,CAACF,MAAM,CAAC,CAAC,CAACM,YAAY,CACzEV,sBACF,CAAC;EACH,CAAC,CAAC;AACJ,CAAC,CAAC;AAEFE,QAAQ,CAAC,uBAAuB,EAAE,MAAM;EACtCC,EAAE,CAAC,2BAA2B,EAAE,YAAY;IAC1C,MAAMQ,EAAE,GAAG;MACTC,MAAM,EAAE;QACNC,GAAG,EAAE,OAAO;QACZC,GAAG,EAAE,6CAA6C;QAClDC,GAAG,EAAE;MACP,CAAC;MACDC,OAAO,EAAE;QACPC,GAAG,EAAE,UAAU;QACfC,GAAG,EAAE,UAAU;QACfC,GAAG,EAAE,+DAA+D;QACpEC,GAAG,EAAE,+DAA+D;QACpEC,IAAI,EAAE;UACJC,IAAI,EAAE,CACJ;YACEC,GAAG,EAAE,KAAK;YACVT,GAAG,EAAE,6CAA6C;YAClDU,CAAC,EAAE,MAAM;YACTC,CAAC,EAAE;UACL,CAAC;QAEL,CAAC;QACDC,QAAQ,EAAE;UACRC,iBAAiB,EAAE;YACjBC,iBAAiB,EAAE,iBAAiB;YACpCC,YAAY,EAAE,iCAAiC;YAC/CC,UAAU,EAAE,iCAAiC;YAC7CC,QAAQ,EAAE,iCAAiC;YAC3CC,QAAQ,EAAE,CAAC,iCAAiC;UAC9C,CAAC;UACDC,oBAAoB,EAAE;YACpBC,gBAAgB,EAAE,KAAK;YACvBC,oCAAoC,EAAE,CACpC,UAAU,EACV,cAAc,EACd,SAAS,EACT,gBAAgB,EAChB,gBAAgB,EAChB,gBAAgB,CACjB;YACDC,oCAAoC,EAAE,CACpC,eAAe,EACf,eAAe,EACf,eAAe,EACf,SAAS,EACT,SAAS,EACT,SAAS,CACV;YACDC,iCAAiC,EAAE,CACjC,OAAO,EACP,OAAO,EACP,OAAO,EACP,OAAO,EACP,OAAO,EACP,OAAO,CACR;YACDC,SAAS,EACP,+DAA+D;YACjEC,WAAW,EAAE,iCAAiC;YAC9CP,QAAQ,EAAE,CAAC,0BAA0B,CAAC;YACtCQ,kBAAkB,EAAE,CAClB,gCAAgC,EAChC,gCAAgC,CACjC;YACDC,eAAe,EAAE,IAAI;YACrBC,+BAA+B,EAAE,CAC/B,UAAU,EACV,cAAc,EACd,SAAS,EACT,gBAAgB,EAChB,gBAAgB,EAChB,gBAAgB,CACjB;YACDC,+BAA+B,EAAE,CAC/B,eAAe,EACf,eAAe,EACf,eAAe,EACf,SAAS,EACT,SAAS,EACT,SAAS,CACV;YACDC,4BAA4B,EAAE,CAC5B,OAAO,EACP,OAAO,EACP,OAAO,EACP,OAAO,EACP,OAAO,EACP,OAAO,CACR;YACDC,wBAAwB,EAAE,CACxB;cACEC,EAAE,EAAE,6CAA6C;cACjDC,iBAAiB,EAAE,CACjB;gBACED,EAAE,EAAE,6CAA6C;gBACjDE,MAAM,EAAE;kBACNC,WAAW,EAAE;oBACXC,MAAM,EAAE,CACN;sBACEC,MAAM,EAAE;wBACNC,KAAK,EAAE,0BAA0B;wBACjCC,IAAI,EAAE;sBACR,CAAC;sBACDC,IAAI,EAAE,CAAC,eAAe;oBACxB,CAAC,EACD;sBACEH,MAAM,EAAE;wBACNE,IAAI,EAAE;sBACR,CAAC;sBACDC,IAAI,EAAE,CAAC,cAAc;oBACvB,CAAC,EACD;sBACEC,gBAAgB,EAAE,MAAM;sBACxBD,IAAI,EAAE,CAAC,sBAAsB;oBAC/B,CAAC,EACD;sBACEC,gBAAgB,EAAE,MAAM;sBACxBD,IAAI,EAAE,CAAC,qBAAqB;oBAC9B,CAAC,EACD;sBACEC,gBAAgB,EAAE,MAAM;sBACxBD,IAAI,EAAE,CAAC,oBAAoB;oBAC7B,CAAC,CACF;oBACDE,gBAAgB,EAAE;kBACpB,CAAC;kBACDC,GAAG,EAAE;oBACH5C,GAAG,EAAE,CAAC,OAAO,EAAE,OAAO;kBACxB;gBACF;cACF,CAAC;YAEL,CAAC,EACD;cACEiC,EAAE,EAAE,gBAAgB;cACpBC,iBAAiB,EAAE,CACjB;gBACEC,MAAM,EAAE;kBACNC,WAAW,EAAE;oBACXC,MAAM,EAAE,CACN;sBACEC,MAAM,EAAE;wBACNC,KAAK,EAAE,uBAAuB;wBAC9BC,IAAI,EAAE;sBACR,CAAC;sBACDC,IAAI,EAAE,CAAC,gBAAgB;oBACzB,CAAC,EACD;sBACEH,MAAM,EAAE;wBACNC,KAAK,EAAE,mBAAmB;wBAC1BC,IAAI,EAAE;sBACR,CAAC;sBACDC,IAAI,EAAE,CAAC,kBAAkB;oBAC3B,CAAC,EACD;sBACEC,gBAAgB,EAAE,OAAO;sBACzBD,IAAI,EAAE,CAAC,oBAAoB;oBAC7B,CAAC,EACD;sBACEC,gBAAgB,EAAE,OAAO;sBACzBD,IAAI,EAAE,CAAC,iBAAiB;oBAC1B,CAAC,EACD;sBACEC,gBAAgB,EAAE,OAAO;sBACzBD,IAAI,EAAE,CAAC,2BAA2B;oBACpC,CAAC,CACF;oBACDE,gBAAgB,EAAE;kBACpB,CAAC;kBACDE,QAAQ,EAAE;oBACR7C,GAAG,EAAE,CAAC,OAAO,EAAE,OAAO;kBACxB;gBACF,CAAC;gBACDiC,EAAE,EAAE;cACN,CAAC;YAEL,CAAC,CACF;YACDa,aAAa,EAAE,CACb,4EAA4E,CAC7E;YACDC,YAAY,EAAE,CACZ,2EAA2E,CAC5E;YACDC,iBAAiB,EAAE,IAAI;YACvBC,YAAY,EAAE,UAAU;YACxBC,UAAU,EAAE;cACVC,WAAW,EAAE;gBACXnD,GAAG,EAAE,CAAC,OAAO,EAAE,QAAQ;cACzB;YACF,CAAC;YACDQ,IAAI,EAAE,CACJ;cACE4C,GAAG,EAAE,OAAO;cACZC,CAAC,EAAE,6CAA6C;cAChDpD,GAAG,EAAE,6CAA6C;cAClDqD,GAAG,EAAE,KAAK;cACV5C,GAAG,EAAE,IAAI;cACT6C,CAAC,EAAE,6CAA6C;cAChDC,CAAC,EAAE;YACL,CAAC,EACD;cACE9C,GAAG,EAAE,KAAK;cACV2C,CAAC,EAAE,wVAAwV;cAC3V1C,CAAC,EAAE,MAAM;cACT2C,GAAG,EAAE,KAAK;cACVrD,GAAG,EAAE,6CAA6C;cAClDW,CAAC,EAAE,wVAAwV;cAC3V6C,CAAC,EAAE,6KAA6K;cAChLC,CAAC,EAAE;YACL,CAAC;UAEL;QACF,CAAC;QACDC,eAAe,EAAE,CACf,0DAA0D;MAE9D;IACF,CAAC;IACD,MAAMnE,MAAM,GAAGJ,qBAAqB,CAACwE,SAAS,CAAC9D,EAAE,CAAC;IAClD,IAAIN,MAAM,CAACqE,OAAO,KAAK,KAAK,EAAE;MAC5B,MAAMrE,MAAM,CAACsE,KAAK;IACpB;IACApE,MAAM,CAACF,MAAM,CAACqE,OAAO,CAAC,CAACE,IAAI,CAAC,IAAI,CAAC;EACnC,CAAC,CAAC;AACJ,CAAC,CAAC"}
+{"version":3,"names":["RelyingPartySolution","AuthRequestDecodeError","RpEntityConfiguration","describe","it","qrcode","result","decodeAuthRequestQR","expect","requestURI","toEqual","toThrowError","pp","header","alg","kid","typ","payload","exp","iat","iss","sub","jwks","keys","kty","e","n","metadata","federation_entity","organization_name","homepage_uri","policy_uri","logo_uri","contacts","wallet_relying_party","application_type","authorization_encrypted_response_alg","authorization_encrypted_response_enc","authorization_signed_response_alg","client_id","client_name","default_acr_values","default_max_age","id_token_encrypted_response_alg","id_token_encrypted_response_enc","id_token_signed_response_alg","presentation_definitions","id","input_descriptors","format","constraints","fields","filter","const","type","path","intent_to_retain","limit_disclosure","jwt","mso_mdoc","redirect_uris","request_uris","require_auth_time","subject_type","vp_formats","jwt_vp_json","crv","d","use","x","y","p","q","authority_hints","safeParse","success","error","toBe"],"sourceRoot":"../../../../src","sources":["rp/__test__/index.test.ts"],"mappings":"AAAA,OAAO,KAAKA,oBAAoB,MAAM,IAAI;AAC1C,SAASC,sBAAsB,QAAQ,oBAAoB;AAC3D,SAASC,qBAAqB,QAAQ,UAAU;AAEhDC,QAAQ,CAAC,qBAAqB,EAAE,MAAM;EACpCC,EAAE,CAAC,0CAA0C,EAAE,YAAY;IACzD,MAAMC,MAAM,GACV,sJAAsJ;IACxJ,MAAMC,MAAM,GAAGN,oBAAoB,CAACO,mBAAmB,CAACF,MAAM,CAAC;IAC/DG,MAAM,CAACF,MAAM,CAACG,UAAU,CAAC,CAACC,OAAO,CAC/B,0CACF,CAAC;EACH,CAAC,CAAC;EACFN,EAAE,CAAC,wCAAwC,EAAE,YAAY;IACvD,MAAMC,MAAM,GAAG,0BAA0B;IACzCG,MAAM,CAAC,MAAMR,oBAAoB,CAACO,mBAAmB,CAACF,MAAM,CAAC,CAAC,CAACM,YAAY,CACzEV,sBACF,CAAC;EACH,CAAC,CAAC;AACJ,CAAC,CAAC;AAEFE,QAAQ,CAAC,uBAAuB,EAAE,MAAM;EACtCC,EAAE,CAAC,2BAA2B,EAAE,YAAY;IAC1C,MAAMQ,EAAE,GAAG;MACTC,MAAM,EAAE;QACNC,GAAG,EAAE,OAAO;QACZC,GAAG,EAAE,6CAA6C;QAClDC,GAAG,EAAE;MACP,CAAC;MACDC,OAAO,EAAE;QACPC,GAAG,EAAE,UAAU;QACfC,GAAG,EAAE,UAAU;QACfC,GAAG,EAAE,+DAA+D;QACpEC,GAAG,EAAE,+DAA+D;QACpEC,IAAI,EAAE;UACJC,IAAI,EAAE,CACJ;YACEC,GAAG,EAAE,KAAK;YACVT,GAAG,EAAE,6CAA6C;YAClDU,CAAC,EAAE,MAAM;YACTC,CAAC,EAAE;UACL,CAAC;QAEL,CAAC;QACDC,QAAQ,EAAE;UACRC,iBAAiB,EAAE;YACjBC,iBAAiB,EAAE,iBAAiB;YACpCC,YAAY,EAAE,iCAAiC;YAC/CC,UAAU,EAAE,iCAAiC;YAC7CC,QAAQ,EAAE,iCAAiC;YAC3CC,QAAQ,EAAE,CAAC,iCAAiC;UAC9C,CAAC;UACDC,oBAAoB,EAAE;YACpBC,gBAAgB,EAAE,KAAK;YACvBC,oCAAoC,EAAE,CACpC,UAAU,EACV,cAAc,EACd,SAAS,EACT,gBAAgB,EAChB,gBAAgB,EAChB,gBAAgB,CACjB;YACDC,oCAAoC,EAAE,CACpC,eAAe,EACf,eAAe,EACf,eAAe,EACf,SAAS,EACT,SAAS,EACT,SAAS,CACV;YACDC,iCAAiC,EAAE,CACjC,OAAO,EACP,OAAO,EACP,OAAO,EACP,OAAO,EACP,OAAO,EACP,OAAO,CACR;YACDC,SAAS,EACP,+DAA+D;YACjEC,WAAW,EAAE,iCAAiC;YAC9CP,QAAQ,EAAE,CAAC,0BAA0B,CAAC;YACtCQ,kBAAkB,EAAE,CAClB,gCAAgC,EAChC,gCAAgC,CACjC;YACDC,eAAe,EAAE,IAAI;YACrBC,+BAA+B,EAAE,CAC/B,UAAU,EACV,cAAc,EACd,SAAS,EACT,gBAAgB,EAChB,gBAAgB,EAChB,gBAAgB,CACjB;YACDC,+BAA+B,EAAE,CAC/B,eAAe,EACf,eAAe,EACf,eAAe,EACf,SAAS,EACT,SAAS,EACT,SAAS,CACV;YACDC,4BAA4B,EAAE,CAC5B,OAAO,EACP,OAAO,EACP,OAAO,EACP,OAAO,EACP,OAAO,EACP,OAAO,CACR;YACDC,wBAAwB,EAAE,CACxB;cACEC,EAAE,EAAE,6CAA6C;cACjDC,iBAAiB,EAAE,CACjB;gBACED,EAAE,EAAE,6CAA6C;gBACjDE,MAAM,EAAE;kBACNC,WAAW,EAAE;oBACXC,MAAM,EAAE,CACN;sBACEC,MAAM,EAAE;wBACNC,KAAK,EAAE,0BAA0B;wBACjCC,IAAI,EAAE;sBACR,CAAC;sBACDC,IAAI,EAAE,CAAC,eAAe;oBACxB,CAAC,EACD;sBACEH,MAAM,EAAE;wBACNE,IAAI,EAAE;sBACR,CAAC;sBACDC,IAAI,EAAE,CAAC,cAAc;oBACvB,CAAC,EACD;sBACEC,gBAAgB,EAAE,MAAM;sBACxBD,IAAI,EAAE,CAAC,sBAAsB;oBAC/B,CAAC,EACD;sBACEC,gBAAgB,EAAE,MAAM;sBACxBD,IAAI,EAAE,CAAC,qBAAqB;oBAC9B,CAAC,EACD;sBACEC,gBAAgB,EAAE,MAAM;sBACxBD,IAAI,EAAE,CAAC,oBAAoB;oBAC7B,CAAC,CACF;oBACDE,gBAAgB,EAAE;kBACpB,CAAC;kBACDC,GAAG,EAAE;oBACH5C,GAAG,EAAE,CAAC,OAAO,EAAE,OAAO;kBACxB;gBACF;cACF,CAAC;YAEL,CAAC,EACD;cACEiC,EAAE,EAAE,gBAAgB;cACpBC,iBAAiB,EAAE,CACjB;gBACEC,MAAM,EAAE;kBACNC,WAAW,EAAE;oBACXC,MAAM,EAAE,CACN;sBACEC,MAAM,EAAE;wBACNC,KAAK,EAAE,uBAAuB;wBAC9BC,IAAI,EAAE;sBACR,CAAC;sBACDC,IAAI,EAAE,CAAC,gBAAgB;oBACzB,CAAC,EACD;sBACEH,MAAM,EAAE;wBACNC,KAAK,EAAE,mBAAmB;wBAC1BC,IAAI,EAAE;sBACR,CAAC;sBACDC,IAAI,EAAE,CAAC,kBAAkB;oBAC3B,CAAC,EACD;sBACEC,gBAAgB,EAAE,OAAO;sBACzBD,IAAI,EAAE,CAAC,oBAAoB;oBAC7B,CAAC,EACD;sBACEC,gBAAgB,EAAE,OAAO;sBACzBD,IAAI,EAAE,CAAC,iBAAiB;oBAC1B,CAAC,EACD;sBACEC,gBAAgB,EAAE,OAAO;sBACzBD,IAAI,EAAE,CAAC,2BAA2B;oBACpC,CAAC,CACF;oBACDE,gBAAgB,EAAE;kBACpB,CAAC;kBACDE,QAAQ,EAAE;oBACR7C,GAAG,EAAE,CAAC,OAAO,EAAE,OAAO;kBACxB;gBACF,CAAC;gBACDiC,EAAE,EAAE;cACN,CAAC;YAEL,CAAC,CACF;YACDa,aAAa,EAAE,CACb,4EAA4E,CAC7E;YACDC,YAAY,EAAE,CACZ,2EAA2E,CAC5E;YACDC,iBAAiB,EAAE,IAAI;YACvBC,YAAY,EAAE,UAAU;YACxBC,UAAU,EAAE;cACVC,WAAW,EAAE;gBACXnD,GAAG,EAAE,CAAC,OAAO,EAAE,QAAQ;cACzB;YACF,CAAC;YACDQ,IAAI,EAAE,CACJ;cACE4C,GAAG,EAAE,OAAO;cACZC,CAAC,EAAE,6CAA6C;cAChDpD,GAAG,EAAE,6CAA6C;cAClDqD,GAAG,EAAE,KAAK;cACV5C,GAAG,EAAE,IAAI;cACT6C,CAAC,EAAE,6CAA6C;cAChDC,CAAC,EAAE;YACL,CAAC,EACD;cACE9C,GAAG,EAAE,KAAK;cACV2C,CAAC,EAAE,wVAAwV;cAC3V1C,CAAC,EAAE,MAAM;cACT2C,GAAG,EAAE,KAAK;cACVrD,GAAG,EAAE,6CAA6C;cAClDW,CAAC,EAAE,wVAAwV;cAC3V6C,CAAC,EAAE,6KAA6K;cAChLC,CAAC,EAAE;YACL,CAAC;UAEL;QACF,CAAC;QACDC,eAAe,EAAE,CACf,0DAA0D;MAE9D;IACF,CAAC;IACD,MAAMnE,MAAM,GAAGJ,qBAAqB,CAACwE,SAAS,CAAC9D,EAAE,CAAC;IAClD,IAAIN,MAAM,CAACqE,OAAO,KAAK,KAAK,EAAE;MAC5B,MAAMrE,MAAM,CAACsE,KAAK;IACpB;IACApE,MAAM,CAACF,MAAM,CAACqE,OAAO,CAAC,CAACE,IAAI,CAAC,IAAI,CAAC;EACnC,CAAC,CAAC;AACJ,CAAC,CAAC"}