@pagopa/io-react-native-wallet 0.4.3 → 0.6.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +128 -19
- package/lib/commonjs/index.js +16 -23
- package/lib/commonjs/index.js.map +1 -1
- package/lib/commonjs/pid/index.js +3 -8
- package/lib/commonjs/pid/index.js.map +1 -1
- package/lib/commonjs/pid/issuing.js +153 -176
- package/lib/commonjs/pid/issuing.js.map +1 -1
- package/lib/commonjs/rp/__test__/index.test.js +7 -5
- package/lib/commonjs/rp/__test__/index.test.js.map +1 -1
- package/lib/commonjs/rp/index.js +145 -155
- package/lib/commonjs/rp/index.js.map +1 -1
- package/lib/commonjs/rp/types.js +1 -21
- package/lib/commonjs/rp/types.js.map +1 -1
- package/lib/commonjs/trust/index.js +24 -5
- package/lib/commonjs/trust/index.js.map +1 -1
- package/lib/commonjs/trust/types.js +102 -9
- package/lib/commonjs/trust/types.js.map +1 -1
- package/lib/commonjs/utils/crypto.js +46 -0
- package/lib/commonjs/utils/crypto.js.map +1 -0
- package/lib/commonjs/utils/dpop.js +14 -7
- package/lib/commonjs/utils/dpop.js.map +1 -1
- package/lib/commonjs/wallet-instance-attestation/index.js +3 -3
- package/lib/commonjs/wallet-instance-attestation/issuing.js +42 -60
- package/lib/commonjs/wallet-instance-attestation/issuing.js.map +1 -1
- package/lib/module/index.js +4 -6
- package/lib/module/index.js.map +1 -1
- package/lib/module/pid/index.js +1 -1
- package/lib/module/pid/index.js.map +1 -1
- package/lib/module/pid/issuing.js +152 -180
- package/lib/module/pid/issuing.js.map +1 -1
- package/lib/module/rp/__test__/index.test.js +3 -3
- package/lib/module/rp/__test__/index.test.js.map +1 -1
- package/lib/module/rp/index.js +141 -154
- package/lib/module/rp/index.js.map +1 -1
- package/lib/module/rp/types.js +0 -20
- package/lib/module/rp/types.js.map +1 -1
- package/lib/module/trust/index.js +19 -5
- package/lib/module/trust/index.js.map +1 -1
- package/lib/module/trust/types.js +100 -7
- package/lib/module/trust/types.js.map +1 -1
- package/lib/module/utils/crypto.js +40 -0
- package/lib/module/utils/crypto.js.map +1 -0
- package/lib/module/utils/dpop.js +13 -5
- package/lib/module/utils/dpop.js.map +1 -1
- package/lib/module/wallet-instance-attestation/index.js +2 -2
- package/lib/module/wallet-instance-attestation/index.js.map +1 -1
- package/lib/module/wallet-instance-attestation/issuing.js +40 -58
- package/lib/module/wallet-instance-attestation/issuing.js.map +1 -1
- package/lib/typescript/index.d.ts +4 -6
- package/lib/typescript/index.d.ts.map +1 -1
- package/lib/typescript/pid/index.d.ts +1 -1
- package/lib/typescript/pid/index.d.ts.map +1 -1
- package/lib/typescript/pid/issuing.d.ts +43 -88
- package/lib/typescript/pid/issuing.d.ts.map +1 -1
- package/lib/typescript/rp/index.d.ts +41 -87
- package/lib/typescript/rp/index.d.ts.map +1 -1
- package/lib/typescript/rp/types.d.ts +10 -906
- package/lib/typescript/rp/types.d.ts.map +1 -1
- package/lib/typescript/sd-jwt/index.d.ts +1 -1
- package/lib/typescript/sd-jwt/index.d.ts.map +1 -1
- package/lib/typescript/trust/index.d.ts +806 -3
- package/lib/typescript/trust/index.d.ts.map +1 -1
- package/lib/typescript/trust/types.d.ts +9655 -297
- package/lib/typescript/trust/types.d.ts.map +1 -1
- package/lib/typescript/utils/crypto.d.ts +10 -0
- package/lib/typescript/utils/crypto.d.ts.map +1 -0
- package/lib/typescript/utils/dpop.d.ts +10 -2
- package/lib/typescript/utils/dpop.d.ts.map +1 -1
- package/lib/typescript/wallet-instance-attestation/index.d.ts +2 -2
- package/lib/typescript/wallet-instance-attestation/index.d.ts.map +1 -1
- package/lib/typescript/wallet-instance-attestation/issuing.d.ts +18 -31
- package/lib/typescript/wallet-instance-attestation/issuing.d.ts.map +1 -1
- package/lib/typescript/wallet-instance-attestation/types.d.ts +4 -4
- package/package.json +2 -2
- package/src/index.ts +14 -13
- package/src/pid/index.ts +1 -1
- package/src/pid/issuing.ts +233 -232
- package/src/rp/__test__/index.test.ts +3 -3
- package/src/rp/index.ts +172 -194
- package/src/rp/types.ts +0 -24
- package/src/sd-jwt/index.ts +1 -1
- package/src/trust/index.ts +106 -5
- package/src/trust/types.ts +152 -34
- package/src/utils/crypto.ts +41 -0
- package/src/utils/dpop.ts +17 -7
- package/src/wallet-instance-attestation/index.ts +2 -2
- package/src/wallet-instance-attestation/issuing.ts +51 -63
- package/lib/commonjs/pid/metadata.js +0 -49
- package/lib/commonjs/pid/metadata.js.map +0 -1
- package/lib/module/pid/metadata.js +0 -41
- package/lib/module/pid/metadata.js.map +0 -1
- package/lib/typescript/pid/metadata.d.ts +0 -482
- package/lib/typescript/pid/metadata.d.ts.map +0 -1
- package/src/pid/metadata.ts +0 -46
|
@@ -1,92 +1,65 @@
|
|
|
1
|
-
import {
|
|
2
|
-
import { SignJWT, thumbprint } from "@pagopa/io-react-native-jwt";
|
|
1
|
+
import { sha256ToBase64, SignJWT, thumbprint } from "@pagopa/io-react-native-jwt";
|
|
3
2
|
import { JWK } from "../utils/jwk";
|
|
4
3
|
import uuid from "react-native-uuid";
|
|
5
|
-
import { PidIssuingError
|
|
6
|
-
import {
|
|
7
|
-
import
|
|
8
|
-
import {
|
|
9
|
-
import {
|
|
10
|
-
|
|
4
|
+
import { PidIssuingError } from "../utils/errors";
|
|
5
|
+
import { createDPopToken } from "../utils/dpop";
|
|
6
|
+
import * as WalletInstanceAttestation from "../wallet-instance-attestation";
|
|
7
|
+
import { generate, deleteKey } from "@pagopa/io-react-native-crypto";
|
|
8
|
+
import { SdJwt } from ".";
|
|
9
|
+
import { createCryptoContextFor } from "../utils/crypto";
|
|
11
10
|
// This is a temporary type that will be used for demo purposes only
|
|
12
11
|
|
|
13
|
-
|
|
14
|
-
constructor(pidProviderBaseUrl, walletProviderBaseUrl, walletInstanceAttestation, clientId) {
|
|
15
|
-
let appFetch = arguments.length > 4 && arguments[4] !== undefined ? arguments[4] : fetch;
|
|
16
|
-
this.pidProviderBaseUrl = pidProviderBaseUrl;
|
|
17
|
-
this.walletProviderBaseUrl = walletProviderBaseUrl;
|
|
18
|
-
this.state = `${uuid.v4()}`;
|
|
19
|
-
this.codeVerifier = `${uuid.v4()}`;
|
|
20
|
-
this.authorizationCode = `${uuid.v4()}`;
|
|
21
|
-
this.walletInstanceAttestation = walletInstanceAttestation;
|
|
22
|
-
this.clientId = clientId;
|
|
23
|
-
this.appFetch = appFetch;
|
|
24
|
-
}
|
|
12
|
+
const assertionType = "urn:ietf:params:oauth:client-assertion-type:jwt-client-attestation";
|
|
25
13
|
|
|
26
|
-
|
|
27
|
-
|
|
28
|
-
|
|
29
|
-
|
|
30
|
-
|
|
31
|
-
|
|
32
|
-
|
|
33
|
-
|
|
34
|
-
|
|
35
|
-
|
|
36
|
-
|
|
37
|
-
|
|
38
|
-
|
|
39
|
-
|
|
14
|
+
/**
|
|
15
|
+
* Make a PAR request to the PID issuer and return the response url
|
|
16
|
+
*/
|
|
17
|
+
const getPar = _ref => {
|
|
18
|
+
let {
|
|
19
|
+
wiaCryptoContext,
|
|
20
|
+
appFetch = fetch
|
|
21
|
+
} = _ref;
|
|
22
|
+
return async (clientId, codeVerifier, walletProviderBaseUrl, pidProviderEntityConfiguration, walletInstanceAttestation) => {
|
|
23
|
+
// Calculate the thumbprint of the public key of the Wallet Instance Attestation.
|
|
24
|
+
// The PAR request token is signed used the Wallet Instance Attestation key.
|
|
25
|
+
// The signature can be verified by reading the public key from the key set shippet with the it will ship the Wallet Instance Attestation;
|
|
26
|
+
// key is matched by its kid, which is supposed to be the thumbprint of its public key.
|
|
27
|
+
const keyThumbprint = await wiaCryptoContext.getPublicKey().then(JWK.parse).then(thumbprint);
|
|
28
|
+
const iss = WalletInstanceAttestation.decode(walletInstanceAttestation).payload.cnf.jwk.kid;
|
|
29
|
+
const codeChallenge = await sha256ToBase64(codeVerifier);
|
|
30
|
+
const signedJwtForPar = await new SignJWT(wiaCryptoContext).setProtectedHeader({
|
|
40
31
|
kid: keyThumbprint
|
|
41
|
-
}
|
|
42
|
-
|
|
43
|
-
|
|
44
|
-
|
|
32
|
+
}).setPayload({
|
|
33
|
+
iss,
|
|
34
|
+
aud: pidProviderEntityConfiguration.payload.iss,
|
|
35
|
+
jti: `${uuid.v4()}`,
|
|
36
|
+
client_assertion_type: assertionType,
|
|
45
37
|
authorization_details: [{
|
|
46
|
-
|
|
47
|
-
type:
|
|
38
|
+
credential_definition: {
|
|
39
|
+
type: "PersonIdentificationData"
|
|
48
40
|
},
|
|
49
41
|
format: "vc+sd-jwt",
|
|
50
|
-
type: "
|
|
42
|
+
type: "openid_credential"
|
|
51
43
|
}],
|
|
52
44
|
response_type: "code",
|
|
53
45
|
code_challenge_method: "s256",
|
|
54
|
-
redirect_uri:
|
|
55
|
-
state:
|
|
56
|
-
client_id:
|
|
46
|
+
redirect_uri: walletProviderBaseUrl,
|
|
47
|
+
state: `${uuid.v4()}`,
|
|
48
|
+
client_id: clientId,
|
|
57
49
|
code_challenge: codeChallenge
|
|
58
|
-
}).
|
|
59
|
-
|
|
60
|
-
kid: publicKey.kid
|
|
61
|
-
}).setIssuedAt().setExpirationTime("1h").toSign();
|
|
62
|
-
return unsignedJwtForPar;
|
|
63
|
-
}
|
|
64
|
-
|
|
65
|
-
/**
|
|
66
|
-
* Make a PAR request to the PID issuer and return the response url
|
|
67
|
-
*
|
|
68
|
-
* @function
|
|
69
|
-
* @param unsignedJwtForPar The unsigned JWT for PAR
|
|
70
|
-
* @param signature The JWT for PAR signature
|
|
71
|
-
*
|
|
72
|
-
* @returns Unsigned PAR url
|
|
73
|
-
*
|
|
74
|
-
*/
|
|
75
|
-
async getPar(unsignedJwtForPar, signature) {
|
|
76
|
-
const codeChallenge = await sha256ToBase64(this.codeVerifier);
|
|
77
|
-
const signedJwtForPar = await SignJWT.appendSignature(unsignedJwtForPar, signature);
|
|
78
|
-
const parUrl = new URL("/as/par", this.pidProviderBaseUrl).href;
|
|
50
|
+
}).setIssuedAt().setExpirationTime("1h").sign();
|
|
51
|
+
const parUrl = pidProviderEntityConfiguration.payload.metadata.openid_credential_issuer.pushed_authorization_request_endpoint;
|
|
79
52
|
const requestBody = {
|
|
80
53
|
response_type: "code",
|
|
81
|
-
client_id:
|
|
54
|
+
client_id: clientId,
|
|
82
55
|
code_challenge: codeChallenge,
|
|
83
56
|
code_challenge_method: "S256",
|
|
84
|
-
client_assertion_type:
|
|
85
|
-
client_assertion:
|
|
57
|
+
client_assertion_type: assertionType,
|
|
58
|
+
client_assertion: walletInstanceAttestation,
|
|
86
59
|
request: signedJwtForPar
|
|
87
60
|
};
|
|
88
61
|
var formBody = new URLSearchParams(requestBody);
|
|
89
|
-
const response = await
|
|
62
|
+
const response = await appFetch(parUrl, {
|
|
90
63
|
method: "POST",
|
|
91
64
|
headers: {
|
|
92
65
|
"Content-Type": "application/x-www-form-urlencoded"
|
|
@@ -98,55 +71,56 @@ export class Issuing {
|
|
|
98
71
|
return result.request_uri;
|
|
99
72
|
}
|
|
100
73
|
throw new PidIssuingError(`Unable to obtain PAR. Response code: ${await response.text()}`);
|
|
101
|
-
}
|
|
74
|
+
};
|
|
75
|
+
};
|
|
76
|
+
|
|
77
|
+
/**
|
|
78
|
+
* Start the issuing flow by generating an authorization request to the PID Provider. Obtain from the PID Provider an access token to be used to complete the issuing flow.
|
|
79
|
+
*
|
|
80
|
+
* @param params.wiaCryptoContext The key pair associated with the WIA. Will be use to prove the ownership of the attestation.
|
|
81
|
+
* @param params.appFetch (optional) Http client
|
|
82
|
+
* @param walletInstanceAttestation Wallet Instance Attestation token.
|
|
83
|
+
* @param walletProviderBaseUrl Base url for the Wallet Provider
|
|
84
|
+
* @param pidProviderEntityConfiguration The Entity Configuration of the PID Provider, from which discover public endooints.
|
|
85
|
+
* @returns The access token along with the values that identify the issuing session.
|
|
86
|
+
*/
|
|
87
|
+
export const authorizeIssuing = _ref2 => {
|
|
88
|
+
let {
|
|
89
|
+
wiaCryptoContext,
|
|
90
|
+
appFetch = fetch
|
|
91
|
+
} = _ref2;
|
|
92
|
+
return async (walletInstanceAttestation, walletProviderBaseUrl, pidProviderEntityConfiguration) => {
|
|
93
|
+
// FIXME: do better
|
|
94
|
+
const clientId = await wiaCryptoContext.getPublicKey().then(_ => _.kid);
|
|
95
|
+
const codeVerifier = `${uuid.v4()}`;
|
|
96
|
+
const authorizationCode = `${uuid.v4()}`;
|
|
97
|
+
const tokenUrl = pidProviderEntityConfiguration.payload.metadata.openid_credential_issuer.token_endpoint;
|
|
98
|
+
await getPar({
|
|
99
|
+
wiaCryptoContext,
|
|
100
|
+
appFetch
|
|
101
|
+
})(clientId, codeVerifier, walletProviderBaseUrl, pidProviderEntityConfiguration, walletInstanceAttestation);
|
|
102
102
|
|
|
103
|
-
|
|
104
|
-
|
|
105
|
-
|
|
106
|
-
|
|
107
|
-
|
|
108
|
-
*
|
|
109
|
-
* @returns Unsigned JWT for DPoP
|
|
110
|
-
*
|
|
111
|
-
*/
|
|
112
|
-
async getUnsignedDPoP(jwk) {
|
|
113
|
-
const tokenUrl = new URL("/token", this.pidProviderBaseUrl).href;
|
|
114
|
-
const dPop = getUnsignedDPop(fixBase64EncodingOnKey(jwk), {
|
|
103
|
+
// Use an ephemeral key to be destroyed after use
|
|
104
|
+
const keytag = `ephemeral-${uuid.v4()}`;
|
|
105
|
+
await generate(keytag);
|
|
106
|
+
const ephemeralContext = createCryptoContextFor(keytag);
|
|
107
|
+
const signedDPop = await createDPopToken({
|
|
115
108
|
htm: "POST",
|
|
116
109
|
htu: tokenUrl,
|
|
117
110
|
jti: `${uuid.v4()}`
|
|
118
|
-
});
|
|
119
|
-
|
|
120
|
-
}
|
|
121
|
-
|
|
122
|
-
/**
|
|
123
|
-
* Make an auth token request to the PID issuer
|
|
124
|
-
*
|
|
125
|
-
* @function
|
|
126
|
-
* @returns a token response
|
|
127
|
-
*
|
|
128
|
-
*/
|
|
129
|
-
async getAuthToken() {
|
|
130
|
-
//Generate fresh keys for DPoP
|
|
131
|
-
const dPopKeyTag = `${uuid.v4()}`;
|
|
132
|
-
const dPopKey = await generate(dPopKeyTag);
|
|
133
|
-
const unsignedDPopForToken = await this.getUnsignedDPoP(dPopKey);
|
|
134
|
-
const dPopTokenSignature = await sign(unsignedDPopForToken, dPopKeyTag);
|
|
135
|
-
await deleteKey(dPopKeyTag);
|
|
136
|
-
const signedDPop = await SignJWT.appendSignature(unsignedDPopForToken, dPopTokenSignature);
|
|
137
|
-
const decodedJwtDPop = decodeJwt(signedDPop);
|
|
138
|
-
const tokenUrl = decodedJwtDPop.payload.htu;
|
|
111
|
+
}, ephemeralContext);
|
|
112
|
+
await deleteKey(keytag);
|
|
139
113
|
const requestBody = {
|
|
140
114
|
grant_type: "authorization code",
|
|
141
|
-
client_id:
|
|
142
|
-
code:
|
|
143
|
-
code_verifier:
|
|
144
|
-
client_assertion_type:
|
|
145
|
-
client_assertion:
|
|
146
|
-
redirect_uri:
|
|
115
|
+
client_id: clientId,
|
|
116
|
+
code: authorizationCode,
|
|
117
|
+
code_verifier: codeVerifier,
|
|
118
|
+
client_assertion_type: assertionType,
|
|
119
|
+
client_assertion: walletInstanceAttestation,
|
|
120
|
+
redirect_uri: walletProviderBaseUrl
|
|
147
121
|
};
|
|
148
122
|
var formBody = new URLSearchParams(requestBody);
|
|
149
|
-
const response = await
|
|
123
|
+
const response = await appFetch(tokenUrl, {
|
|
150
124
|
method: "POST",
|
|
151
125
|
headers: {
|
|
152
126
|
"Content-Type": "application/x-www-form-urlencoded",
|
|
@@ -155,51 +129,66 @@ export class Issuing {
|
|
|
155
129
|
body: formBody.toString()
|
|
156
130
|
});
|
|
157
131
|
if (response.status === 200) {
|
|
158
|
-
|
|
132
|
+
const {
|
|
133
|
+
c_nonce,
|
|
134
|
+
access_token
|
|
135
|
+
} = await response.json();
|
|
136
|
+
return {
|
|
137
|
+
accessToken: access_token,
|
|
138
|
+
nonce: c_nonce,
|
|
139
|
+
clientId,
|
|
140
|
+
codeVerifier,
|
|
141
|
+
authorizationCode,
|
|
142
|
+
walletProviderBaseUrl
|
|
143
|
+
};
|
|
159
144
|
}
|
|
160
145
|
throw new PidIssuingError(`Unable to obtain token. Response code: ${await response.text()}`);
|
|
161
|
-
}
|
|
146
|
+
};
|
|
147
|
+
};
|
|
162
148
|
|
|
163
|
-
|
|
164
|
-
|
|
165
|
-
|
|
166
|
-
|
|
167
|
-
|
|
168
|
-
|
|
169
|
-
|
|
170
|
-
|
|
171
|
-
|
|
172
|
-
|
|
173
|
-
|
|
174
|
-
nonce
|
|
175
|
-
}).setProtectedHeader({
|
|
176
|
-
alg: "ES256",
|
|
177
|
-
type: "openid4vci-proof+jwt"
|
|
178
|
-
}).setAudience(this.walletProviderBaseUrl).setIssuer(this.clientId).setIssuedAt().setExpirationTime("1h").toSign();
|
|
179
|
-
return unsignedProof;
|
|
180
|
-
}
|
|
149
|
+
/**
|
|
150
|
+
* Return the signed jwt for nonce proof of possession
|
|
151
|
+
*/
|
|
152
|
+
const createNonceProof = async (nonce, issuer, audience, ctx) => {
|
|
153
|
+
return new SignJWT(ctx).setPayload({
|
|
154
|
+
nonce,
|
|
155
|
+
jwk: await ctx.getPublicKey()
|
|
156
|
+
}).setProtectedHeader({
|
|
157
|
+
type: "openid4vci-proof+jwt"
|
|
158
|
+
}).setAudience(audience).setIssuer(issuer).setIssuedAt().setExpirationTime("1h").sign();
|
|
159
|
+
};
|
|
181
160
|
|
|
182
|
-
|
|
183
|
-
|
|
184
|
-
|
|
185
|
-
|
|
186
|
-
|
|
187
|
-
|
|
188
|
-
|
|
189
|
-
|
|
190
|
-
|
|
191
|
-
|
|
192
|
-
|
|
193
|
-
|
|
194
|
-
|
|
195
|
-
|
|
196
|
-
async
|
|
197
|
-
|
|
198
|
-
|
|
199
|
-
|
|
161
|
+
/**
|
|
162
|
+
* Complete the issuing flow and get the PID credential.
|
|
163
|
+
*
|
|
164
|
+
* @param params.pidCryptoContext The key pair associated with the PID. Will be use to prove the ownership of the credential.
|
|
165
|
+
* @param params.appFetch (optional) Http client
|
|
166
|
+
* @param authConf The authorization configuration retrieved with the access token
|
|
167
|
+
* @param cieData Data red from the CIE login process
|
|
168
|
+
* @returns The PID credential token
|
|
169
|
+
*/
|
|
170
|
+
export const getCredential = _ref3 => {
|
|
171
|
+
let {
|
|
172
|
+
pidCryptoContext,
|
|
173
|
+
appFetch = fetch
|
|
174
|
+
} = _ref3;
|
|
175
|
+
return async (_ref4, pidProviderEntityConfiguration, cieData) => {
|
|
176
|
+
let {
|
|
177
|
+
nonce,
|
|
178
|
+
accessToken,
|
|
179
|
+
clientId,
|
|
180
|
+
walletProviderBaseUrl
|
|
181
|
+
} = _ref4;
|
|
182
|
+
const signedDPopForPid = await createDPopToken({
|
|
183
|
+
htm: "POST",
|
|
184
|
+
htu: pidProviderEntityConfiguration.payload.metadata.openid_credential_issuer.token_endpoint,
|
|
185
|
+
jti: `${uuid.v4()}`
|
|
186
|
+
}, pidCryptoContext);
|
|
187
|
+
const signedNonceProof = await createNonceProof(nonce, clientId, walletProviderBaseUrl, pidCryptoContext);
|
|
188
|
+
const credentialUrl = pidProviderEntityConfiguration.payload.metadata.openid_credential_issuer.credential_endpoint;
|
|
200
189
|
const requestBody = {
|
|
201
190
|
credential_definition: JSON.stringify({
|
|
202
|
-
type: ["
|
|
191
|
+
type: ["PersonIdentificationData"]
|
|
203
192
|
}),
|
|
204
193
|
format: "vc+sd-jwt",
|
|
205
194
|
proof: JSON.stringify({
|
|
@@ -209,7 +198,7 @@ export class Issuing {
|
|
|
209
198
|
})
|
|
210
199
|
};
|
|
211
200
|
const formBody = new URLSearchParams(requestBody);
|
|
212
|
-
const response = await
|
|
201
|
+
const response = await appFetch(credentialUrl, {
|
|
213
202
|
method: "POST",
|
|
214
203
|
headers: {
|
|
215
204
|
"Content-Type": "application/x-www-form-urlencoded",
|
|
@@ -219,36 +208,19 @@ export class Issuing {
|
|
|
219
208
|
body: formBody.toString()
|
|
220
209
|
});
|
|
221
210
|
if (response.status === 200) {
|
|
222
|
-
|
|
223
|
-
|
|
224
|
-
|
|
225
|
-
}
|
|
226
|
-
|
|
227
|
-
/**
|
|
228
|
-
* Obtain the PID issuer metadata
|
|
229
|
-
*
|
|
230
|
-
* @function
|
|
231
|
-
* @returns PID issuer metadata
|
|
232
|
-
*
|
|
233
|
-
*/
|
|
234
|
-
async getEntityConfiguration() {
|
|
235
|
-
const metadataUrl = new URL("ci/.well-known/openid-federation", this.pidProviderBaseUrl).href;
|
|
236
|
-
const response = await this.appFetch(metadataUrl);
|
|
237
|
-
if (response.status === 200) {
|
|
238
|
-
const jwtMetadata = await response.text();
|
|
239
|
-
const {
|
|
240
|
-
payload
|
|
241
|
-
} = decodeJwt(jwtMetadata);
|
|
242
|
-
const result = PidIssuerEntityConfiguration.safeParse(payload);
|
|
243
|
-
if (result.success) {
|
|
244
|
-
const parsedMetadata = result.data;
|
|
245
|
-
await verifyJwt(jwtMetadata, parsedMetadata.jwks.keys);
|
|
246
|
-
return parsedMetadata;
|
|
247
|
-
} else {
|
|
248
|
-
throw new PidMetadataError(result.error.message);
|
|
249
|
-
}
|
|
211
|
+
const pidResponse = await response.json();
|
|
212
|
+
await validatePid(pidResponse.credential, pidCryptoContext);
|
|
213
|
+
return pidResponse;
|
|
250
214
|
}
|
|
251
|
-
throw new
|
|
215
|
+
throw new PidIssuingError(`Unable to obtain credential! url=${credentialUrl} status=${response.status} body=${await response.text()}`);
|
|
216
|
+
};
|
|
217
|
+
};
|
|
218
|
+
const validatePid = async (pidJwt, pidCryptoContext) => {
|
|
219
|
+
const decoded = SdJwt.decode(pidJwt);
|
|
220
|
+
const pidKey = await pidCryptoContext.getPublicKey();
|
|
221
|
+
const holderBindedKey = decoded.sdJwt.payload.cnf.jwk;
|
|
222
|
+
if ((await thumbprint(pidKey)) !== (await thumbprint(holderBindedKey))) {
|
|
223
|
+
throw new PidIssuingError(`The obtained pid does not seem to be valid according to your configuration. Your PID public key is: ${JSON.stringify(pidKey)} but PID holder binded key is: ${JSON.stringify(holderBindedKey)}`);
|
|
252
224
|
}
|
|
253
|
-
}
|
|
225
|
+
};
|
|
254
226
|
//# sourceMappingURL=issuing.js.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"names":["
|
|
1
|
+
{"version":3,"names":["sha256ToBase64","SignJWT","thumbprint","JWK","uuid","PidIssuingError","createDPopToken","WalletInstanceAttestation","generate","deleteKey","SdJwt","createCryptoContextFor","assertionType","getPar","_ref","wiaCryptoContext","appFetch","fetch","clientId","codeVerifier","walletProviderBaseUrl","pidProviderEntityConfiguration","walletInstanceAttestation","keyThumbprint","getPublicKey","then","parse","iss","decode","payload","cnf","jwk","kid","codeChallenge","signedJwtForPar","setProtectedHeader","setPayload","aud","jti","v4","client_assertion_type","authorization_details","credential_definition","type","format","response_type","code_challenge_method","redirect_uri","state","client_id","code_challenge","setIssuedAt","setExpirationTime","sign","parUrl","metadata","openid_credential_issuer","pushed_authorization_request_endpoint","requestBody","client_assertion","request","formBody","URLSearchParams","response","method","headers","body","toString","status","result","json","request_uri","text","authorizeIssuing","_ref2","_","authorizationCode","tokenUrl","token_endpoint","keytag","ephemeralContext","signedDPop","htm","htu","grant_type","code","code_verifier","DPoP","c_nonce","access_token","accessToken","nonce","createNonceProof","issuer","audience","ctx","setAudience","setIssuer","getCredential","_ref3","pidCryptoContext","_ref4","cieData","signedDPopForPid","signedNonceProof","credentialUrl","credential_endpoint","JSON","stringify","proof","jwt","proof_type","Authorization","pidResponse","validatePid","credential","pidJwt","decoded","pidKey","holderBindedKey","sdJwt"],"sourceRoot":"../../../src","sources":["pid/issuing.ts"],"mappings":"AAAA,SACEA,cAAc,EAEdC,OAAO,EACPC,UAAU,QACL,6BAA6B;AACpC,SAASC,GAAG,QAAQ,cAAc;AAClC,OAAOC,IAAI,MAAM,mBAAmB;AACpC,SAASC,eAAe,QAAQ,iBAAiB;AACjD,SAASC,eAAe,QAAQ,eAAe;AAE/C,OAAO,KAAKC,yBAAyB,MAAM,gCAAgC;AAC3E,SAASC,QAAQ,EAAEC,SAAS,QAAQ,gCAAgC;AACpE,SAASC,KAAK,QAAQ,GAAG;AACzB,SAASC,sBAAsB,QAAQ,iBAAiB;AACxD;;AAwBA,MAAMC,aAAa,GACjB,oEAAoE;;AAEtE;AACA;AACA;AACA,MAAMC,MAAM,GACVC,IAAA;EAAA,IAAC;IACCC,gBAAgB;IAChBC,QAAQ,GAAGC;EAIb,CAAC,GAAAH,IAAA;EAAA,OACD,OACEI,QAAgB,EAChBC,YAAoB,EACpBC,qBAA6B,EAC7BC,8BAAmE,EACnEC,yBAAiC,KACb;IACpB;IACA;IACA;IACA;IACA,MAAMC,aAAa,GAAG,MAAMR,gBAAgB,CACzCS,YAAY,CAAC,CAAC,CACdC,IAAI,CAACtB,GAAG,CAACuB,KAAK,CAAC,CACfD,IAAI,CAACvB,UAAU,CAAC;IAEnB,MAAMyB,GAAG,GAAGpB,yBAAyB,CAACqB,MAAM,CAACN,yBAAyB,CAAC,CACpEO,OAAO,CAACC,GAAG,CAACC,GAAG,CAACC,GAAG;IAEtB,MAAMC,aAAa,GAAG,MAAMjC,cAAc,CAACmB,YAAY,CAAC;IAExD,MAAMe,eAAe,GAAG,MAAM,IAAIjC,OAAO,CAACc,gBAAgB,CAAC,CACxDoB,kBAAkB,CAAC;MAClBH,GAAG,EAAET;IACP,CAAC,CAAC,CACDa,UAAU,CAAC;MACVT,GAAG;MACHU,GAAG,EAAEhB,8BAA8B,CAACQ,OAAO,CAACF,GAAG;MAC/CW,GAAG,EAAG,GAAElC,IAAI,CAACmC,EAAE,CAAC,CAAE,EAAC;MACnBC,qBAAqB,EAAE5B,aAAa;MACpC6B,qBAAqB,EAAE,CACrB;QACEC,qBAAqB,EAAE;UACrBC,IAAI,EAAE;QACR,CAAC;QACDC,MAAM,EAAE,WAAW;QACnBD,IAAI,EAAE;MACR,CAAC,CACF;MACDE,aAAa,EAAE,MAAM;MACrBC,qBAAqB,EAAE,MAAM;MAC7BC,YAAY,EAAE3B,qBAAqB;MACnC4B,KAAK,EAAG,GAAE5C,IAAI,CAACmC,EAAE,CAAC,CAAE,EAAC;MACrBU,SAAS,EAAE/B,QAAQ;MACnBgC,cAAc,EAAEjB;IAClB,CAAC,CAAC,CACDkB,WAAW,CAAC,CAAC,CACbC,iBAAiB,CAAC,IAAI,CAAC,CACvBC,IAAI,CAAC,CAAC;IAET,MAAMC,MAAM,GACVjC,8BAA8B,CAACQ,OAAO,CAAC0B,QAAQ,CAACC,wBAAwB,CACrEC,qCAAqC;IAE1C,MAAMC,WAAW,GAAG;MAClBb,aAAa,EAAE,MAAM;MACrBI,SAAS,EAAE/B,QAAQ;MACnBgC,cAAc,EAAEjB,aAAa;MAC7Ba,qBAAqB,EAAE,MAAM;MAC7BN,qBAAqB,EAAE5B,aAAa;MACpC+C,gBAAgB,EAAErC,yBAAyB;MAC3CsC,OAAO,EAAE1B;IACX,CAAC;IAED,IAAI2B,QAAQ,GAAG,IAAIC,eAAe,CAACJ,WAAW,CAAC;IAE/C,MAAMK,QAAQ,GAAG,MAAM/C,QAAQ,CAACsC,MAAM,EAAE;MACtCU,MAAM,EAAE,MAAM;MACdC,OAAO,EAAE;QACP,cAAc,EAAE;MAClB,CAAC;MACDC,IAAI,EAAEL,QAAQ,CAACM,QAAQ,CAAC;IAC1B,CAAC,CAAC;IAEF,IAAIJ,QAAQ,CAACK,MAAM,KAAK,GAAG,EAAE;MAC3B,MAAMC,MAAM,GAAG,MAAMN,QAAQ,CAACO,IAAI,CAAC,CAAC;MACpC,OAAOD,MAAM,CAACE,WAAW;IAC3B;IAEA,MAAM,IAAIlE,eAAe,CACtB,wCAAuC,MAAM0D,QAAQ,CAACS,IAAI,CAAC,CAAE,EAChE,CAAC;EACH,CAAC;AAAA;;AAEH;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,OAAO,MAAMC,gBAAgB,GAC3BC,KAAA;EAAA,IAAC;IACC3D,gBAAgB;IAChBC,QAAQ,GAAGC;EAIb,CAAC,GAAAyD,KAAA;EAAA,OACD,OACEpD,yBAAiC,EACjCF,qBAA6B,EAC7BC,8BAAmE,KACpC;IAC/B;IACA,MAAMH,QAAQ,GAAG,MAAMH,gBAAgB,CAACS,YAAY,CAAC,CAAC,CAACC,IAAI,CAAEkD,CAAC,IAAKA,CAAC,CAAC3C,GAAG,CAAC;IACzE,MAAMb,YAAY,GAAI,GAAEf,IAAI,CAACmC,EAAE,CAAC,CAAE,EAAC;IACnC,MAAMqC,iBAAiB,GAAI,GAAExE,IAAI,CAACmC,EAAE,CAAC,CAAE,EAAC;IACxC,MAAMsC,QAAQ,GACZxD,8BAA8B,CAACQ,OAAO,CAAC0B,QAAQ,CAACC,wBAAwB,CACrEsB,cAAc;IAEnB,MAAMjE,MAAM,CAAC;MAAEE,gBAAgB;MAAEC;IAAS,CAAC,CAAC,CAC1CE,QAAQ,EACRC,YAAY,EACZC,qBAAqB,EACrBC,8BAA8B,EAC9BC,yBACF,CAAC;;IAED;IACA,MAAMyD,MAAM,GAAI,aAAY3E,IAAI,CAACmC,EAAE,CAAC,CAAE,EAAC;IACvC,MAAM/B,QAAQ,CAACuE,MAAM,CAAC;IACtB,MAAMC,gBAAgB,GAAGrE,sBAAsB,CAACoE,MAAM,CAAC;IAEvD,MAAME,UAAU,GAAG,MAAM3E,eAAe,CACtC;MACE4E,GAAG,EAAE,MAAM;MACXC,GAAG,EAAEN,QAAQ;MACbvC,GAAG,EAAG,GAAElC,IAAI,CAACmC,EAAE,CAAC,CAAE;IACpB,CAAC,EACDyC,gBACF,CAAC;IAED,MAAMvE,SAAS,CAACsE,MAAM,CAAC;IAEvB,MAAMrB,WAAW,GAAG;MAClB0B,UAAU,EAAE,oBAAoB;MAChCnC,SAAS,EAAE/B,QAAQ;MACnBmE,IAAI,EAAET,iBAAiB;MACvBU,aAAa,EAAEnE,YAAY;MAC3BqB,qBAAqB,EAAE5B,aAAa;MACpC+C,gBAAgB,EAAErC,yBAAyB;MAC3CyB,YAAY,EAAE3B;IAChB,CAAC;IACD,IAAIyC,QAAQ,GAAG,IAAIC,eAAe,CAACJ,WAAW,CAAC;IAE/C,MAAMK,QAAQ,GAAG,MAAM/C,QAAQ,CAAC6D,QAAQ,EAAE;MACxCb,MAAM,EAAE,MAAM;MACdC,OAAO,EAAE;QACP,cAAc,EAAE,mCAAmC;QACnDsB,IAAI,EAAEN;MACR,CAAC;MACDf,IAAI,EAAEL,QAAQ,CAACM,QAAQ,CAAC;IAC1B,CAAC,CAAC;IAEF,IAAIJ,QAAQ,CAACK,MAAM,KAAK,GAAG,EAAE;MAC3B,MAAM;QAAEoB,OAAO;QAAEC;MAAa,CAAC,GAAG,MAAM1B,QAAQ,CAACO,IAAI,CAAC,CAAC;MACvD,OAAO;QACLoB,WAAW,EAAED,YAAY;QACzBE,KAAK,EAAEH,OAAO;QACdtE,QAAQ;QACRC,YAAY;QACZyD,iBAAiB;QACjBxD;MACF,CAAC;IACH;IAEA,MAAM,IAAIf,eAAe,CACtB,0CAAyC,MAAM0D,QAAQ,CAACS,IAAI,CAAC,CAAE,EAClE,CAAC;EACH,CAAC;AAAA;;AAEH;AACA;AACA;AACA,MAAMoB,gBAAgB,GAAG,MAAAA,CACvBD,KAAa,EACbE,MAAc,EACdC,QAAgB,EAChBC,GAAkB,KACE;EACpB,OAAO,IAAI9F,OAAO,CAAC8F,GAAG,CAAC,CACpB3D,UAAU,CAAC;IACVuD,KAAK;IACL5D,GAAG,EAAE,MAAMgE,GAAG,CAACvE,YAAY,CAAC;EAC9B,CAAC,CAAC,CACDW,kBAAkB,CAAC;IAClBQ,IAAI,EAAE;EACR,CAAC,CAAC,CACDqD,WAAW,CAACF,QAAQ,CAAC,CACrBG,SAAS,CAACJ,MAAM,CAAC,CACjB1C,WAAW,CAAC,CAAC,CACbC,iBAAiB,CAAC,IAAI,CAAC,CACvBC,IAAI,CAAC,CAAC;AACX,CAAC;;AAED;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,OAAO,MAAM6C,aAAa,GACxBC,KAAA;EAAA,IAAC;IACCC,gBAAgB;IAChBpF,QAAQ,GAAGC;EAIb,CAAC,GAAAkF,KAAA;EAAA,OACD,OAAAE,KAAA,EAEEhF,8BAAmE,EACnEiF,OAAgB,KACS;IAAA,IAHzB;MAAEX,KAAK;MAAED,WAAW;MAAExE,QAAQ;MAAEE;IAAyC,CAAC,GAAAiF,KAAA;IAI1E,MAAME,gBAAgB,GAAG,MAAMjG,eAAe,CAC5C;MACE4E,GAAG,EAAE,MAAM;MACXC,GAAG,EAAE9D,8BAA8B,CAACQ,OAAO,CAAC0B,QAAQ,CACjDC,wBAAwB,CAACsB,cAAc;MAC1CxC,GAAG,EAAG,GAAElC,IAAI,CAACmC,EAAE,CAAC,CAAE;IACpB,CAAC,EACD6D,gBACF,CAAC;IACD,MAAMI,gBAAgB,GAAG,MAAMZ,gBAAgB,CAC7CD,KAAK,EACLzE,QAAQ,EACRE,qBAAqB,EACrBgF,gBACF,CAAC;IAED,MAAMK,aAAa,GACjBpF,8BAA8B,CAACQ,OAAO,CAAC0B,QAAQ,CAACC,wBAAwB,CACrEkD,mBAAmB;IAExB,MAAMhD,WAAW,GAAG;MAClBhB,qBAAqB,EAAEiE,IAAI,CAACC,SAAS,CAAC;QACpCjE,IAAI,EAAE,CAAC,0BAA0B;MACnC,CAAC,CAAC;MACFC,MAAM,EAAE,WAAW;MACnBiE,KAAK,EAAEF,IAAI,CAACC,SAAS,CAAC;QACpBE,GAAG,EAAEN,gBAAgB;QACrBF,OAAO;QACPS,UAAU,EAAE;MACd,CAAC;IACH,CAAC;IACD,MAAMlD,QAAQ,GAAG,IAAIC,eAAe,CAACJ,WAAW,CAAC;IAEjD,MAAMK,QAAQ,GAAG,MAAM/C,QAAQ,CAACyF,aAAa,EAAE;MAC7CzC,MAAM,EAAE,MAAM;MACdC,OAAO,EAAE;QACP,cAAc,EAAE,mCAAmC;QACnDsB,IAAI,EAAEgB,gBAAgB;QACtBS,aAAa,EAAEtB;MACjB,CAAC;MACDxB,IAAI,EAAEL,QAAQ,CAACM,QAAQ,CAAC;IAC1B,CAAC,CAAC;IAEF,IAAIJ,QAAQ,CAACK,MAAM,KAAK,GAAG,EAAE;MAC3B,MAAM6C,WAAW,GAAI,MAAMlD,QAAQ,CAACO,IAAI,CAAC,CAAiB;MAC1D,MAAM4C,WAAW,CAACD,WAAW,CAACE,UAAU,EAAEf,gBAAgB,CAAC;MAC3D,OAAOa,WAAW;IACpB;IAEA,MAAM,IAAI5G,eAAe,CACtB,oCAAmCoG,aAAc,WAChD1C,QAAQ,CAACK,MACV,SAAQ,MAAML,QAAQ,CAACS,IAAI,CAAC,CAAE,EACjC,CAAC;EACH,CAAC;AAAA;AAEH,MAAM0C,WAAW,GAAG,MAAAA,CAAOE,MAAc,EAAEhB,gBAA+B,KAAK;EAC7E,MAAMiB,OAAO,GAAG3G,KAAK,CAACkB,MAAM,CAACwF,MAAM,CAAC;EACpC,MAAME,MAAM,GAAG,MAAMlB,gBAAgB,CAAC5E,YAAY,CAAC,CAAC;EACpD,MAAM+F,eAAe,GAAGF,OAAO,CAACG,KAAK,CAAC3F,OAAO,CAACC,GAAG,CAACC,GAAG;EAErD,IAAI,CAAC,MAAM7B,UAAU,CAACoH,MAAM,CAAC,OAAO,MAAMpH,UAAU,CAACqH,eAAe,CAAC,CAAC,EAAE;IACtE,MAAM,IAAIlH,eAAe,CACtB,uGAAsGsG,IAAI,CAACC,SAAS,CACnHU,MACF,CAAE,kCAAiCX,IAAI,CAACC,SAAS,CAACW,eAAe,CAAE,EACrE,CAAC;EACH;AACF,CAAC"}
|
|
@@ -1,6 +1,6 @@
|
|
|
1
|
-
import {
|
|
1
|
+
import { RelyingPartyEntityConfiguration } from "../../trust/types";
|
|
2
|
+
import * as RelyingPartySolution from "..";
|
|
2
3
|
import { AuthRequestDecodeError } from "../../utils/errors";
|
|
3
|
-
import { RpEntityConfiguration } from "../types";
|
|
4
4
|
describe("decodeAuthRequestQR", () => {
|
|
5
5
|
it("should return authentication request URL", async () => {
|
|
6
6
|
const qrcode = "ZXVkaXc6Ly9hdXRob3JpemU/Y2xpZW50X2lkPWh0dHBzOi8vdmVyaWZpZXIuZXhhbXBsZS5vcmcmcmVxdWVzdF91cmk9aHR0cHM6Ly92ZXJpZmllci5leGFtcGxlLm9yZy9yZXF1ZXN0X3VyaQ==";
|
|
@@ -156,7 +156,7 @@ describe("RpEntityConfiguration", () => {
|
|
|
156
156
|
authority_hints: ["https://demo.federation.eudi.wallet.developers.italia.it"]
|
|
157
157
|
}
|
|
158
158
|
};
|
|
159
|
-
const result =
|
|
159
|
+
const result = RelyingPartyEntityConfiguration.safeParse(pp);
|
|
160
160
|
if (result.success === false) {
|
|
161
161
|
throw result.error;
|
|
162
162
|
}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"names":["
|
|
1
|
+
{"version":3,"names":["RelyingPartyEntityConfiguration","RelyingPartySolution","AuthRequestDecodeError","describe","it","qrcode","result","decodeAuthRequestQR","expect","requestURI","toEqual","toThrowError","pp","header","alg","kid","typ","payload","exp","iat","iss","sub","jwks","keys","kty","e","n","metadata","federation_entity","organization_name","homepage_uri","policy_uri","logo_uri","contacts","wallet_relying_party","application_type","authorization_encrypted_response_alg","authorization_encrypted_response_enc","authorization_signed_response_alg","client_id","client_name","default_acr_values","default_max_age","id_token_encrypted_response_alg","id_token_encrypted_response_enc","id_token_signed_response_alg","presentation_definitions","id","input_descriptors","format","constraints","fields","filter","const","type","path","intent_to_retain","limit_disclosure","jwt","mso_mdoc","redirect_uris","request_uris","require_auth_time","subject_type","vp_formats","jwt_vp_json","crv","d","use","x","y","p","q","authority_hints","safeParse","success","error","toBe"],"sourceRoot":"../../../../src","sources":["rp/__test__/index.test.ts"],"mappings":"AAAA,SAASA,+BAA+B,QAAQ,mBAAmB;AACnE,OAAO,KAAKC,oBAAoB,MAAM,IAAI;AAC1C,SAASC,sBAAsB,QAAQ,oBAAoB;AAE3DC,QAAQ,CAAC,qBAAqB,EAAE,MAAM;EACpCC,EAAE,CAAC,0CAA0C,EAAE,YAAY;IACzD,MAAMC,MAAM,GACV,sJAAsJ;IACxJ,MAAMC,MAAM,GAAGL,oBAAoB,CAACM,mBAAmB,CAACF,MAAM,CAAC;IAC/DG,MAAM,CAACF,MAAM,CAACG,UAAU,CAAC,CAACC,OAAO,CAC/B,0CACF,CAAC;EACH,CAAC,CAAC;EACFN,EAAE,CAAC,wCAAwC,EAAE,YAAY;IACvD,MAAMC,MAAM,GAAG,0BAA0B;IACzCG,MAAM,CAAC,MAAMP,oBAAoB,CAACM,mBAAmB,CAACF,MAAM,CAAC,CAAC,CAACM,YAAY,CACzET,sBACF,CAAC;EACH,CAAC,CAAC;AACJ,CAAC,CAAC;AAEFC,QAAQ,CAAC,uBAAuB,EAAE,MAAM;EACtCC,EAAE,CAAC,2BAA2B,EAAE,YAAY;IAC1C,MAAMQ,EAAE,GAAG;MACTC,MAAM,EAAE;QACNC,GAAG,EAAE,OAAO;QACZC,GAAG,EAAE,6CAA6C;QAClDC,GAAG,EAAE;MACP,CAAC;MACDC,OAAO,EAAE;QACPC,GAAG,EAAE,UAAU;QACfC,GAAG,EAAE,UAAU;QACfC,GAAG,EAAE,+DAA+D;QACpEC,GAAG,EAAE,+DAA+D;QACpEC,IAAI,EAAE;UACJC,IAAI,EAAE,CACJ;YACEC,GAAG,EAAE,KAAK;YACVT,GAAG,EAAE,6CAA6C;YAClDU,CAAC,EAAE,MAAM;YACTC,CAAC,EAAE;UACL,CAAC;QAEL,CAAC;QACDC,QAAQ,EAAE;UACRC,iBAAiB,EAAE;YACjBC,iBAAiB,EAAE,iBAAiB;YACpCC,YAAY,EAAE,iCAAiC;YAC/CC,UAAU,EAAE,iCAAiC;YAC7CC,QAAQ,EAAE,iCAAiC;YAC3CC,QAAQ,EAAE,CAAC,iCAAiC;UAC9C,CAAC;UACDC,oBAAoB,EAAE;YACpBC,gBAAgB,EAAE,KAAK;YACvBC,oCAAoC,EAAE,CACpC,UAAU,EACV,cAAc,EACd,SAAS,EACT,gBAAgB,EAChB,gBAAgB,EAChB,gBAAgB,CACjB;YACDC,oCAAoC,EAAE,CACpC,eAAe,EACf,eAAe,EACf,eAAe,EACf,SAAS,EACT,SAAS,EACT,SAAS,CACV;YACDC,iCAAiC,EAAE,CACjC,OAAO,EACP,OAAO,EACP,OAAO,EACP,OAAO,EACP,OAAO,EACP,OAAO,CACR;YACDC,SAAS,EACP,+DAA+D;YACjEC,WAAW,EAAE,iCAAiC;YAC9CP,QAAQ,EAAE,CAAC,0BAA0B,CAAC;YACtCQ,kBAAkB,EAAE,CAClB,gCAAgC,EAChC,gCAAgC,CACjC;YACDC,eAAe,EAAE,IAAI;YACrBC,+BAA+B,EAAE,CAC/B,UAAU,EACV,cAAc,EACd,SAAS,EACT,gBAAgB,EAChB,gBAAgB,EAChB,gBAAgB,CACjB;YACDC,+BAA+B,EAAE,CAC/B,eAAe,EACf,eAAe,EACf,eAAe,EACf,SAAS,EACT,SAAS,EACT,SAAS,CACV;YACDC,4BAA4B,EAAE,CAC5B,OAAO,EACP,OAAO,EACP,OAAO,EACP,OAAO,EACP,OAAO,EACP,OAAO,CACR;YACDC,wBAAwB,EAAE,CACxB;cACEC,EAAE,EAAE,6CAA6C;cACjDC,iBAAiB,EAAE,CACjB;gBACED,EAAE,EAAE,6CAA6C;gBACjDE,MAAM,EAAE;kBACNC,WAAW,EAAE;oBACXC,MAAM,EAAE,CACN;sBACEC,MAAM,EAAE;wBACNC,KAAK,EAAE,0BAA0B;wBACjCC,IAAI,EAAE;sBACR,CAAC;sBACDC,IAAI,EAAE,CAAC,eAAe;oBACxB,CAAC,EACD;sBACEH,MAAM,EAAE;wBACNE,IAAI,EAAE;sBACR,CAAC;sBACDC,IAAI,EAAE,CAAC,cAAc;oBACvB,CAAC,EACD;sBACEC,gBAAgB,EAAE,MAAM;sBACxBD,IAAI,EAAE,CAAC,sBAAsB;oBAC/B,CAAC,EACD;sBACEC,gBAAgB,EAAE,MAAM;sBACxBD,IAAI,EAAE,CAAC,qBAAqB;oBAC9B,CAAC,EACD;sBACEC,gBAAgB,EAAE,MAAM;sBACxBD,IAAI,EAAE,CAAC,oBAAoB;oBAC7B,CAAC,CACF;oBACDE,gBAAgB,EAAE;kBACpB,CAAC;kBACDC,GAAG,EAAE;oBACH5C,GAAG,EAAE,CAAC,OAAO,EAAE,OAAO;kBACxB;gBACF;cACF,CAAC;YAEL,CAAC,EACD;cACEiC,EAAE,EAAE,gBAAgB;cACpBC,iBAAiB,EAAE,CACjB;gBACEC,MAAM,EAAE;kBACNC,WAAW,EAAE;oBACXC,MAAM,EAAE,CACN;sBACEC,MAAM,EAAE;wBACNC,KAAK,EAAE,uBAAuB;wBAC9BC,IAAI,EAAE;sBACR,CAAC;sBACDC,IAAI,EAAE,CAAC,gBAAgB;oBACzB,CAAC,EACD;sBACEH,MAAM,EAAE;wBACNC,KAAK,EAAE,mBAAmB;wBAC1BC,IAAI,EAAE;sBACR,CAAC;sBACDC,IAAI,EAAE,CAAC,kBAAkB;oBAC3B,CAAC,EACD;sBACEC,gBAAgB,EAAE,OAAO;sBACzBD,IAAI,EAAE,CAAC,oBAAoB;oBAC7B,CAAC,EACD;sBACEC,gBAAgB,EAAE,OAAO;sBACzBD,IAAI,EAAE,CAAC,iBAAiB;oBAC1B,CAAC,EACD;sBACEC,gBAAgB,EAAE,OAAO;sBACzBD,IAAI,EAAE,CAAC,2BAA2B;oBACpC,CAAC,CACF;oBACDE,gBAAgB,EAAE;kBACpB,CAAC;kBACDE,QAAQ,EAAE;oBACR7C,GAAG,EAAE,CAAC,OAAO,EAAE,OAAO;kBACxB;gBACF,CAAC;gBACDiC,EAAE,EAAE;cACN,CAAC;YAEL,CAAC,CACF;YACDa,aAAa,EAAE,CACb,4EAA4E,CAC7E;YACDC,YAAY,EAAE,CACZ,2EAA2E,CAC5E;YACDC,iBAAiB,EAAE,IAAI;YACvBC,YAAY,EAAE,UAAU;YACxBC,UAAU,EAAE;cACVC,WAAW,EAAE;gBACXnD,GAAG,EAAE,CAAC,OAAO,EAAE,QAAQ;cACzB;YACF,CAAC;YACDQ,IAAI,EAAE,CACJ;cACE4C,GAAG,EAAE,OAAO;cACZC,CAAC,EAAE,6CAA6C;cAChDpD,GAAG,EAAE,6CAA6C;cAClDqD,GAAG,EAAE,KAAK;cACV5C,GAAG,EAAE,IAAI;cACT6C,CAAC,EAAE,6CAA6C;cAChDC,CAAC,EAAE;YACL,CAAC,EACD;cACE9C,GAAG,EAAE,KAAK;cACV2C,CAAC,EAAE,wVAAwV;cAC3V1C,CAAC,EAAE,MAAM;cACT2C,GAAG,EAAE,KAAK;cACVrD,GAAG,EAAE,6CAA6C;cAClDW,CAAC,EAAE,wVAAwV;cAC3V6C,CAAC,EAAE,6KAA6K;cAChLC,CAAC,EAAE;YACL,CAAC;UAEL;QACF,CAAC;QACDC,eAAe,EAAE,CACf,0DAA0D;MAE9D;IACF,CAAC;IACD,MAAMnE,MAAM,GAAGN,+BAA+B,CAAC0E,SAAS,CAAC9D,EAAE,CAAC;IAC5D,IAAIN,MAAM,CAACqE,OAAO,KAAK,KAAK,EAAE;MAC5B,MAAMrE,MAAM,CAACsE,KAAK;IACpB;IACApE,MAAM,CAACF,MAAM,CAACqE,OAAO,CAAC,CAACE,IAAI,CAAC,IAAI,CAAC;EACnC,CAAC,CAAC;AACJ,CAAC,CAAC"}
|