@pagopa/io-react-native-wallet 0.4.3 → 0.6.0

package/src/trust/types.ts

@@ -5,6 +5,29 @@ import * as z from "zod";
 export const TrustMark = z.object({ id: z.string(), trust_mark: z.string() });
 export type TrustMark = z.infer<typeof TrustMark>;
 
+// Display metadata for a credential, used by the issuer to
+// instruct the Wallet Solution on how to render the credential correctly
+type CredentialDisplayMetadata = z.infer<typeof CredentialDisplayMetadata>;
+const CredentialDisplayMetadata = z.object({
+  name: z.string(),
+  locale: z.string(),
+  logo: z.object({
+    url: z.string(),
+    alt_text: z.string(),
+  }),
+  background_color: z.string(),
+  text_color: z.string(),
+});
+
+// Metadata for a credentia which i supported by a Issuer
+type SupportedCredentialMetadata = z.infer<typeof SupportedCredentialMetadata>;
+const SupportedCredentialMetadata = z.object({
+  format: z.literal("vc+sd-jwt"),
+  cryptographic_binding_methods_supported: z.array(z.string()),
+  cryptographic_suites_supported: z.array(z.string()),
+  display: z.array(CredentialDisplayMetadata),
+});
+
 export type EntityStatement = z.infer<typeof EntityStatement>;
 export const EntityStatement = z.object({
   header: z.object({
@@ -22,43 +45,138 @@ export const EntityStatement = z.object({
   }),
 });
 
-export type EntityConfiguration = z.infer<typeof EntityConfiguration>;
-export const EntityConfiguration = z.object({
-  header: z.object({
-    typ: z.literal("entity-statement+jwt"),
-    alg: z.string(),
-    kid: z.string(),
-  }),
-  payload: z.object({
-    exp: UnixTime,
-    iat: UnixTime,
-    iss: z.string(),
-    sub: z.string(),
-    jwks: z.object({
-      keys: z.array(JWK),
+export type EntityConfigurationHeader = z.infer<
+  typeof EntityConfigurationHeader
+>;
+export const EntityConfigurationHeader = z.object({
+  typ: z.literal("entity-statement+jwt"),
+  alg: z.string(),
+  kid: z.string(),
+});
+
+// Structuire common to every Entity Configuration document
+const BaseEntityConfiguration = z.object({
+  header: EntityConfigurationHeader,
+  payload: z
+    .object({
+      exp: UnixTime,
+      iat: UnixTime,
+      iss: z.string(),
+      sub: z.string(),
+      jwks: z.object({
+        keys: z.array(JWK),
+      }),
+      metadata: z
+        .object({
+          federation_entity: z
+            .object({
+              federation_fetch_endpoint: z.string().optional(),
+              federation_list_endpoint: z.string().optional(),
+              federation_resolve_endpoint: z.string().optional(),
+              federation_trust_mark_status_endpoint: z.string().optional(),
+              federation_trust_mark_list_endpoint: z.string().optional(),
+              homepage_uri: z.string().optional(),
+              policy_uri: z.string().optional(),
+              logo_uri: z.string().optional(),
+              contacts: z.array(z.string()).optional(),
+            })
+            .passthrough(),
+        })
+        .passthrough(),
+      authority_hints: z.array(z.string()).optional(),
+    })
+    .passthrough(),
+});
+
+// Entity configuration for a Trust Anchor (it has no specific metadata section)
+export type TrustAnchorEntityConfiguration = z.infer<
+  typeof TrustAnchorEntityConfiguration
+>;
+export const TrustAnchorEntityConfiguration = BaseEntityConfiguration;
+
+// Entity configuration for a Credential Issuer
+export type CredentialIssuerEntityConfiguration = z.infer<
+  typeof CredentialIssuerEntityConfiguration
+>;
+export const CredentialIssuerEntityConfiguration = BaseEntityConfiguration.and(
+  z.object({
+    payload: z.object({
+      jwks: z.object({ keys: z.array(JWK) }),
+      metadata: z.object({
+        openid_credential_issuer: z.object({
+          credential_issuer: z.string(),
+          authorization_endpoint: z.string(),
+          token_endpoint: z.string(),
+          pushed_authorization_request_endpoint: z.string(),
+          dpop_signing_alg_values_supported: z.array(z.string()),
+          credential_endpoint: z.string(),
+          credentials_supported: z.array(SupportedCredentialMetadata),
+          jwks: z.object({ keys: z.array(JWK) }),
+        }),
+      }),
     }),
-    metadata: z
-      .object({
-        federation_entity: z
+  })
+);
+
+// Entity configuration for a Wallet Provider
+export type WalletProviderEntityConfiguration = z.infer<
+  typeof WalletProviderEntityConfiguration
+>;
+export const WalletProviderEntityConfiguration = BaseEntityConfiguration.and(
+  z.object({
+    payload: z.object({
+      metadata: z.object({
+        wallet_provider: z
           .object({
-            federation_fetch_endpoint: z.string().optional(),
-            federation_list_endpoint: z.string().optional(),
-            federation_resolve_endpoint: z.string().optional(),
-            federation_trust_mark_status_endpoint: z.string().optional(),
-            federation_trust_mark_list_endpoint: z.string().optional(),
-            homepage_uri: z.string().optional(),
-            policy_uri: z.string().optional(),
-            logo_uri: z.string().optional(),
-            contacts: z.array(z.string()).optional(),
+            token_endpoint: z.string(),
+            attested_security_context_values_supported: z
+              .array(z.string())
+              .optional(),
+            grant_types_supported: z.array(z.string()),
+            token_endpoint_auth_methods_supported: z.array(z.string()),
+            token_endpoint_auth_signing_alg_values_supported: z.array(
+              z.string()
+            ),
+            jwks: z.object({ keys: z.array(JWK) }),
           })
           .passthrough(),
-      })
-      .passthrough(),
-    authority_hints: z.array(z.string()).optional(),
-  }),
-});
+      }),
+    }),
+  })
+);
 
-export type TrustAnchorEntityConfiguration = z.infer<
-  typeof TrustAnchorEntityConfiguration
+// Entity configuration for a Relying Party
+export type RelyingPartyEntityConfiguration = z.infer<
+  typeof RelyingPartyEntityConfiguration
 >;
-export const TrustAnchorEntityConfiguration = EntityConfiguration;
+export const RelyingPartyEntityConfiguration = BaseEntityConfiguration.and(
+  z.object({
+    payload: z.object({
+      metadata: z.object({
+        wallet_relying_party: z
+          .object({
+            application_type: z.string().optional(),
+            client_id: z.string().optional(),
+            client_name: z.string().optional(),
+            jwks: z.array(JWK),
+            contacts: z.array(z.string()).optional(),
+          })
+          .passthrough(),
+      }),
+    }),
+  })
+);
+
+// Maps any entity configuration by the union of every possible shapes
+export type EntityConfiguration = z.infer<typeof EntityConfiguration>;
+export const EntityConfiguration = z.union(
+  [
+    WalletProviderEntityConfiguration,
+    CredentialIssuerEntityConfiguration,
+    TrustAnchorEntityConfiguration,
+    RelyingPartyEntityConfiguration,
+  ],
+  {
+    description: "Any kind of Entity Configuration allowed in the ecosystem",
+  }
+);

package/src/utils/crypto.ts

@@ -0,0 +1,41 @@
+import { getPublicKey, sign } from "@pagopa/io-react-native-crypto";
+import { thumbprint, type CryptoContext } from "@pagopa/io-react-native-jwt";
+import { fixBase64EncodingOnKey } from "./jwk";
+
+/**
+ * Create a CryptoContext bound to a key pair.
+ * Key pair is supposed to exist already in the device's keychain.
+ * It's identified by its unique keytag.
+ *
+ * @returns the crypto context
+ */
+export const createCryptoContextFor = (keytag: string): CryptoContext => {
+  return {
+    /**
+     * Retrieve the public key of the pair.
+     * If the key pair doesn't exist yet, an error is raised
+     * @returns The public key.
+     */
+    async getPublicKey() {
+      return getPublicKey(keytag)
+        .then(fixBase64EncodingOnKey)
+        .then(async (jwk) => ({
+          ...jwk,
+          // Keys in the TEE are not stored with their KID, which is supposed to be assigned when they are included in JWK sets.
+          // (that is, KID is not a propoerty of the key itself, but it's property used to identify a key in a set).
+          // We assume the convention we use the thumbprint of the public key as KID, thus for easy development we decided to evaluate KID here
+          // However the values is an arbitrary string that might be anything
+          kid: await thumbprint(jwk),
+        }));
+    },
+    /**
+     * Get a signature for a provided value.
+     * If the key pair doesn't exist yet, an error is raised.
+     * @param value
+     * @returns The signature for the value
+     */
+    async getSignature(value: string) {
+      return sign(value, keytag);
+    },
+  };
+};

package/src/utils/dpop.ts

@@ -1,19 +1,29 @@
 import * as z from "zod";
 
-import { SignJWT } from "@pagopa/io-react-native-jwt";
-import type { JWK } from "./jwk";
+import { SignJWT, type CryptoContext } from "@pagopa/io-react-native-jwt";
 
-export const getUnsignedDPop = (jwk: JWK, payload: DPoPPayload): string => {
-  const dPop = new SignJWT(payload)
+/**
+ * Create a signed DPoP token
+ *
+ * @param payload The payload to be included in the token.
+ * @param crypto The crypto context that handles the key bound to the DPoP.
+ *
+ * @returns The signed crypto token.
+ */
+export const createDPopToken = async (
+  payload: DPoPPayload,
+  crypto: CryptoContext
+): Promise<string> => {
+  const jwk = await crypto.getPublicKey();
+  return new SignJWT(crypto)
+    .setPayload(payload)
     .setProtectedHeader({
-      alg: "ES256",
       typ: "dpop+jwt",
       jwk,
     })
     .setIssuedAt()
     .setExpirationTime("1h")
-    .toSign();
-  return dPop;
+    .sign();
 };
 
 export type DPoPPayload = z.infer<typeof DPoPPayload>;

package/src/wallet-instance-attestation/index.ts

@@ -2,8 +2,8 @@ import { WalletInstanceAttestationJwt } from "./types";
 import { decode as decodeJwt } from "@pagopa/io-react-native-jwt";
 import { verify as verifyJwt } from "@pagopa/io-react-native-jwt";
 
-import { Issuing } from "./issuing";
-export { Issuing };
+import { getAttestation } from "./issuing";
+export { getAttestation };
 /**
  * Decode a given JWT to get the parsed Wallet Instance Attestation object they define.
  * It ensures provided data is in a valid shape.

package/src/wallet-instance-attestation/issuing.ts

@@ -1,78 +1,65 @@
-import { decode as decodeJwt } from "@pagopa/io-react-native-jwt";
+import {
+  type CryptoContext,
+  decode as decodeJwt,
+} from "@pagopa/io-react-native-jwt";
 import { verify as verifyJwt } from "@pagopa/io-react-native-jwt";
 import { SignJWT, thumbprint } from "@pagopa/io-react-native-jwt";
 import { JWK, fixBase64EncodingOnKey } from "../utils/jwk";
 import { WalletInstanceAttestationRequestJwt } from "./types";
 import uuid from "react-native-uuid";
 import { WalletInstanceAttestationIssuingError } from "../utils/errors";
+import type { WalletProviderEntityConfiguration } from "../trust/types";
 
-export class Issuing {
-  walletProviderBaseUrl: string;
-  appFetch: GlobalFetch["fetch"];
-  constructor(
-    walletProviderBaseUrl: string,
-    appFetch: GlobalFetch["fetch"] = fetch
-  ) {
-    this.walletProviderBaseUrl = walletProviderBaseUrl;
-    this.appFetch = appFetch;
-  }
+async function getAttestationRequest(
+  wiaCryptoContext: CryptoContext,
+  walletProviderEntityConfiguration: WalletProviderEntityConfiguration
+): Promise<string> {
+  const jwk = await wiaCryptoContext.getPublicKey();
+  const parsedJwk = JWK.parse(jwk);
+  const keyThumbprint = await thumbprint(parsedJwk);
+  const publicKey = { ...parsedJwk, kid: keyThumbprint };
 
-  /**
-   * Get the Wallet Instance Attestation Request to sign
-   *
-   * @async @function
-   *
-   * @param jwk Public key of the wallet instance
-   *
-   * @returns {string} Wallet Instance Attestation Request to sign
-   *
-   */
-  async getAttestationRequestToSign(jwk: JWK): Promise<string> {
-    const parsedJwk = JWK.parse(jwk);
-    const keyThumbprint = await thumbprint(parsedJwk);
-    const publicKey = { ...parsedJwk, kid: keyThumbprint };
-
-    const walletInstanceAttestationRequest = new SignJWT({
+  return new SignJWT(wiaCryptoContext)
+    .setPayload({
       iss: keyThumbprint,
-      aud: this.walletProviderBaseUrl,
+      aud: walletProviderEntityConfiguration.payload.iss,
       jti: `${uuid.v4()}`,
       nonce: `${uuid.v4()}`,
       cnf: {
         jwk: fixBase64EncodingOnKey(publicKey),
       },
     })
-      .setProtectedHeader({
-        alg: "ES256",
-        kid: publicKey.kid,
-        typ: "wiar+jwt",
-      })
-      .setIssuedAt()
-      .setExpirationTime("1h")
-      .toSign();
-
-    return walletInstanceAttestationRequest;
-  }
+    .setProtectedHeader({
+      kid: publicKey.kid,
+      typ: "wiar+jwt",
+    })
+    .setIssuedAt()
+    .setExpirationTime("1h")
+    .sign();
+}
 
-  /**
-   * Get the Wallet Instance Attestation given a
-   * Wallet Instance Attestation Request and signature
-   *
-   * @async @function
-   *
-   * @param attestationRequest Wallet Instance Attestaion Request
-   * obtained with {@link getAttestationRequestToSign}
-   * @param signature Signature of the Wallet Instance Attestaion Request
-   *
-   * @returns {string} Wallet Instance Attestation
-   *
-   */
-  async getAttestation(
-    attestationRequest: string,
-    signature: string
-  ): Promise<string> {
-    const signedAttestationRequest = await SignJWT.appendSignature(
-      attestationRequest,
-      signature
+/**
+ * Request a Wallet Instance Attestation (WIA) to the Wallet provider
+ *
+ * @param params.wiaCryptoContext The key pair associated with the WIA. Will be use to prove the ownership of the attestation.
+ * @param params.appFetch (optional) Http client
+ * @param walletProviderBaseUrl Base url for the Wallet Provider
+ * @returns The retrieved Wallet Instance Attestation token
+ */
+export const getAttestation =
+  ({
+    wiaCryptoContext,
+    appFetch = fetch,
+  }: {
+    wiaCryptoContext: CryptoContext;
+    appFetch?: GlobalFetch["fetch"];
+  }) =>
+  async (
+    walletProviderEntityConfiguration: WalletProviderEntityConfiguration
+  ): Promise<string> => {
+    const signedAttestationRequest = await getAttestationRequest(
+      wiaCryptoContext,
+      walletProviderEntityConfiguration
     );
 
     const decodedRequest = decodeJwt(signedAttestationRequest);
@@ -84,13 +71,15 @@ export class Issuing {
 
     await verifyJwt(signedAttestationRequest, publicKey);
 
-    const tokenUrl = new URL("token", this.walletProviderBaseUrl).href;
+    const tokenUrl =
+      walletProviderEntityConfiguration.payload.metadata.wallet_provider
+        .token_endpoint;
     const requestBody = {
       grant_type:
         "urn:ietf:params:oauth:client-assertion-type:jwt-client-attestation",
       assertion: signedAttestationRequest,
     };
-    const response = await this.appFetch(tokenUrl, {
+    const response = await appFetch(tokenUrl, {
       method: "POST",
       headers: {
         "Content-Type": "application/json",
@@ -106,5 +95,4 @@ export class Issuing {
       "Unable to obtain wallet instance attestation from wallet provider",
       `Response code: ${response.status}`
     );
-  }
-}
+  };

package/lib/commonjs/pid/metadata.js

@@ -1,49 +0,0 @@
-"use strict";
-
-Object.defineProperty(exports, "__esModule", {
-  value: true
-});
-exports.PidIssuerEntityConfiguration = exports.PidDisplayMetadata = void 0;
-var _jwk = require("../utils/jwk");
-var _zod = require("zod");
-const PidDisplayMetadata = _zod.z.object({
-  name: _zod.z.string(),
-  locale: _zod.z.string(),
-  logo: _zod.z.object({
-    url: _zod.z.string(),
-    alt_text: _zod.z.string()
-  }),
-  background_color: _zod.z.string(),
-  text_color: _zod.z.string()
-});
-exports.PidDisplayMetadata = PidDisplayMetadata;
-const PidIssuerEntityConfiguration = _zod.z.object({
-  jwks: _zod.z.object({
-    keys: _zod.z.array(_jwk.JWK)
-  }),
-  metadata: _zod.z.object({
-    openid_credential_issuer: _zod.z.object({
-      credential_issuer: _zod.z.string(),
-      authorization_endpoint: _zod.z.string(),
-      token_endpoint: _zod.z.string(),
-      pushed_authorization_request_endpoint: _zod.z.string(),
-      dpop_signing_alg_values_supported: _zod.z.array(_zod.z.string()),
-      credential_endpoint: _zod.z.string(),
-      credentials_supported: _zod.z.array(_zod.z.object({
-        format: _zod.z.literal("vc+sd-jwt"),
-        cryptographic_binding_methods_supported: _zod.z.array(_zod.z.string()),
-        cryptographic_suites_supported: _zod.z.array(_zod.z.string()),
-        display: _zod.z.array(PidDisplayMetadata)
-      }))
-    }),
-    federation_entity: _zod.z.object({
-      organization_name: _zod.z.string(),
-      homepage_uri: _zod.z.string(),
-      policy_uri: _zod.z.string(),
-      tos_uri: _zod.z.string(),
-      logo_uri: _zod.z.string()
-    })
-  })
-});
-exports.PidIssuerEntityConfiguration = PidIssuerEntityConfiguration;
-//# sourceMappingURL=metadata.js.map

package/lib/commonjs/pid/metadata.js.map

@@ -1 +0,0 @@
-{"version":3,"names":["_jwk","require","_zod","PidDisplayMetadata","z","object","name","string","locale","logo","url","alt_text","background_color","text_color","exports","PidIssuerEntityConfiguration","jwks","keys","array","JWK","metadata","openid_credential_issuer","credential_issuer","authorization_endpoint","token_endpoint","pushed_authorization_request_endpoint","dpop_signing_alg_values_supported","credential_endpoint","credentials_supported","format","literal","cryptographic_binding_methods_supported","cryptographic_suites_supported","display","federation_entity","organization_name","homepage_uri","policy_uri","tos_uri","logo_uri"],"sourceRoot":"../../../src","sources":["pid/metadata.ts"],"mappings":";;;;;;AAAA,IAAAA,IAAA,GAAAC,OAAA;AACA,IAAAC,IAAA,GAAAD,OAAA;AAGO,MAAME,kBAAkB,GAAGC,MAAC,CAACC,MAAM,CAAC;EACzCC,IAAI,EAAEF,MAAC,CAACG,MAAM,CAAC,CAAC;EAChBC,MAAM,EAAEJ,MAAC,CAACG,MAAM,CAAC,CAAC;EAClBE,IAAI,EAAEL,MAAC,CAACC,MAAM,CAAC;IACbK,GAAG,EAAEN,MAAC,CAACG,MAAM,CAAC,CAAC;IACfI,QAAQ,EAAEP,MAAC,CAACG,MAAM,CAAC;EACrB,CAAC,CAAC;EACFK,gBAAgB,EAAER,MAAC,CAACG,MAAM,CAAC,CAAC;EAC5BM,UAAU,EAAET,MAAC,CAACG,MAAM,CAAC;AACvB,CAAC,CAAC;AAACO,OAAA,CAAAX,kBAAA,GAAAA,kBAAA;AAKI,MAAMY,4BAA4B,GAAGX,MAAC,CAACC,MAAM,CAAC;EACnDW,IAAI,EAAEZ,MAAC,CAACC,MAAM,CAAC;IAAEY,IAAI,EAAEb,MAAC,CAACc,KAAK,CAACC,QAAG;EAAE,CAAC,CAAC;EACtCC,QAAQ,EAAEhB,MAAC,CAACC,MAAM,CAAC;IACjBgB,wBAAwB,EAAEjB,MAAC,CAACC,MAAM,CAAC;MACjCiB,iBAAiB,EAAElB,MAAC,CAACG,MAAM,CAAC,CAAC;MAC7BgB,sBAAsB,EAAEnB,MAAC,CAACG,MAAM,CAAC,CAAC;MAClCiB,cAAc,EAAEpB,MAAC,CAACG,MAAM,CAAC,CAAC;MAC1BkB,qCAAqC,EAAErB,MAAC,CAACG,MAAM,CAAC,CAAC;MACjDmB,iCAAiC,EAAEtB,MAAC,CAACc,KAAK,CAACd,MAAC,CAACG,MAAM,CAAC,CAAC,CAAC;MACtDoB,mBAAmB,EAAEvB,MAAC,CAACG,MAAM,CAAC,CAAC;MAC/BqB,qBAAqB,EAAExB,MAAC,CAACc,KAAK,CAC5Bd,MAAC,CAACC,MAAM,CAAC;QACPwB,MAAM,EAAEzB,MAAC,CAAC0B,OAAO,CAAC,WAAW,CAAC;QAC9BC,uCAAuC,EAAE3B,MAAC,CAACc,KAAK,CAACd,MAAC,CAACG,MAAM,CAAC,CAAC,CAAC;QAC5DyB,8BAA8B,EAAE5B,MAAC,CAACc,KAAK,CAACd,MAAC,CAACG,MAAM,CAAC,CAAC,CAAC;QACnD0B,OAAO,EAAE7B,MAAC,CAACc,KAAK,CAACf,kBAAkB;MACrC,CAAC,CACH;IACF,CAAC,CAAC;IACF+B,iBAAiB,EAAE9B,MAAC,CAACC,MAAM,CAAC;MAC1B8B,iBAAiB,EAAE/B,MAAC,CAACG,MAAM,CAAC,CAAC;MAC7B6B,YAAY,EAAEhC,MAAC,CAACG,MAAM,CAAC,CAAC;MACxB8B,UAAU,EAAEjC,MAAC,CAACG,MAAM,CAAC,CAAC;MACtB+B,OAAO,EAAElC,MAAC,CAACG,MAAM,CAAC,CAAC;MACnBgC,QAAQ,EAAEnC,MAAC,CAACG,MAAM,CAAC;IACrB,CAAC;EACH,CAAC;AACH,CAAC,CAAC;AAACO,OAAA,CAAAC,4BAAA,GAAAA,4BAAA"}

package/lib/module/pid/metadata.js

@@ -1,41 +0,0 @@
-import { JWK } from "../utils/jwk";
-import { z } from "zod";
-export const PidDisplayMetadata = z.object({
-  name: z.string(),
-  locale: z.string(),
-  logo: z.object({
-    url: z.string(),
-    alt_text: z.string()
-  }),
-  background_color: z.string(),
-  text_color: z.string()
-});
-export const PidIssuerEntityConfiguration = z.object({
-  jwks: z.object({
-    keys: z.array(JWK)
-  }),
-  metadata: z.object({
-    openid_credential_issuer: z.object({
-      credential_issuer: z.string(),
-      authorization_endpoint: z.string(),
-      token_endpoint: z.string(),
-      pushed_authorization_request_endpoint: z.string(),
-      dpop_signing_alg_values_supported: z.array(z.string()),
-      credential_endpoint: z.string(),
-      credentials_supported: z.array(z.object({
-        format: z.literal("vc+sd-jwt"),
-        cryptographic_binding_methods_supported: z.array(z.string()),
-        cryptographic_suites_supported: z.array(z.string()),
-        display: z.array(PidDisplayMetadata)
-      }))
-    }),
-    federation_entity: z.object({
-      organization_name: z.string(),
-      homepage_uri: z.string(),
-      policy_uri: z.string(),
-      tos_uri: z.string(),
-      logo_uri: z.string()
-    })
-  })
-});
-//# sourceMappingURL=metadata.js.map

package/lib/module/pid/metadata.js.map

@@ -1 +0,0 @@
-{"version":3,"names":["JWK","z","PidDisplayMetadata","object","name","string","locale","logo","url","alt_text","background_color","text_color","PidIssuerEntityConfiguration","jwks","keys","array","metadata","openid_credential_issuer","credential_issuer","authorization_endpoint","token_endpoint","pushed_authorization_request_endpoint","dpop_signing_alg_values_supported","credential_endpoint","credentials_supported","format","literal","cryptographic_binding_methods_supported","cryptographic_suites_supported","display","federation_entity","organization_name","homepage_uri","policy_uri","tos_uri","logo_uri"],"sourceRoot":"../../../src","sources":["pid/metadata.ts"],"mappings":"AAAA,SAASA,GAAG,QAAQ,cAAc;AAClC,SAASC,CAAC,QAAQ,KAAK;AAGvB,OAAO,MAAMC,kBAAkB,GAAGD,CAAC,CAACE,MAAM,CAAC;EACzCC,IAAI,EAAEH,CAAC,CAACI,MAAM,CAAC,CAAC;EAChBC,MAAM,EAAEL,CAAC,CAACI,MAAM,CAAC,CAAC;EAClBE,IAAI,EAAEN,CAAC,CAACE,MAAM,CAAC;IACbK,GAAG,EAAEP,CAAC,CAACI,MAAM,CAAC,CAAC;IACfI,QAAQ,EAAER,CAAC,CAACI,MAAM,CAAC;EACrB,CAAC,CAAC;EACFK,gBAAgB,EAAET,CAAC,CAACI,MAAM,CAAC,CAAC;EAC5BM,UAAU,EAAEV,CAAC,CAACI,MAAM,CAAC;AACvB,CAAC,CAAC;AAKF,OAAO,MAAMO,4BAA4B,GAAGX,CAAC,CAACE,MAAM,CAAC;EACnDU,IAAI,EAAEZ,CAAC,CAACE,MAAM,CAAC;IAAEW,IAAI,EAAEb,CAAC,CAACc,KAAK,CAACf,GAAG;EAAE,CAAC,CAAC;EACtCgB,QAAQ,EAAEf,CAAC,CAACE,MAAM,CAAC;IACjBc,wBAAwB,EAAEhB,CAAC,CAACE,MAAM,CAAC;MACjCe,iBAAiB,EAAEjB,CAAC,CAACI,MAAM,CAAC,CAAC;MAC7Bc,sBAAsB,EAAElB,CAAC,CAACI,MAAM,CAAC,CAAC;MAClCe,cAAc,EAAEnB,CAAC,CAACI,MAAM,CAAC,CAAC;MAC1BgB,qCAAqC,EAAEpB,CAAC,CAACI,MAAM,CAAC,CAAC;MACjDiB,iCAAiC,EAAErB,CAAC,CAACc,KAAK,CAACd,CAAC,CAACI,MAAM,CAAC,CAAC,CAAC;MACtDkB,mBAAmB,EAAEtB,CAAC,CAACI,MAAM,CAAC,CAAC;MAC/BmB,qBAAqB,EAAEvB,CAAC,CAACc,KAAK,CAC5Bd,CAAC,CAACE,MAAM,CAAC;QACPsB,MAAM,EAAExB,CAAC,CAACyB,OAAO,CAAC,WAAW,CAAC;QAC9BC,uCAAuC,EAAE1B,CAAC,CAACc,KAAK,CAACd,CAAC,CAACI,MAAM,CAAC,CAAC,CAAC;QAC5DuB,8BAA8B,EAAE3B,CAAC,CAACc,KAAK,CAACd,CAAC,CAACI,MAAM,CAAC,CAAC,CAAC;QACnDwB,OAAO,EAAE5B,CAAC,CAACc,KAAK,CAACb,kBAAkB;MACrC,CAAC,CACH;IACF,CAAC,CAAC;IACF4B,iBAAiB,EAAE7B,CAAC,CAACE,MAAM,CAAC;MAC1B4B,iBAAiB,EAAE9B,CAAC,CAACI,MAAM,CAAC,CAAC;MAC7B2B,YAAY,EAAE/B,CAAC,CAACI,MAAM,CAAC,CAAC;MACxB4B,UAAU,EAAEhC,CAAC,CAACI,MAAM,CAAC,CAAC;MACtB6B,OAAO,EAAEjC,CAAC,CAACI,MAAM,CAAC,CAAC;MACnB8B,QAAQ,EAAElC,CAAC,CAACI,MAAM,CAAC;IACrB,CAAC;EACH,CAAC;AACH,CAAC,CAAC"}