@pagopa/io-react-native-wallet 0.7.3 → 0.9.0
Sign up to get free protection for your applications and to get access to all the features.
- package/README.md +49 -31
- package/lib/commonjs/credential/index.js +13 -0
- package/lib/commonjs/credential/index.js.map +1 -0
- package/lib/commonjs/credential/issuance/01-start-flow.js +2 -0
- package/lib/commonjs/credential/issuance/01-start-flow.js.map +1 -0
- package/lib/commonjs/credential/issuance/02-evaluate-issuer-trust.js +26 -0
- package/lib/commonjs/credential/issuance/02-evaluate-issuer-trust.js.map +1 -0
- package/lib/commonjs/credential/issuance/03-start-user-authorization.js +119 -0
- package/lib/commonjs/credential/issuance/03-start-user-authorization.js.map +1 -0
- package/lib/commonjs/credential/issuance/04-complete-user-authorization.js +6 -0
- package/lib/commonjs/credential/issuance/04-complete-user-authorization.js.map +1 -0
- package/lib/commonjs/credential/issuance/05-authorize-access.js +63 -0
- package/lib/commonjs/credential/issuance/05-authorize-access.js.map +1 -0
- package/lib/commonjs/credential/issuance/06-obtain-credential.js +128 -0
- package/lib/commonjs/credential/issuance/06-obtain-credential.js.map +1 -0
- package/lib/commonjs/credential/issuance/07-confirm-credential.js +6 -0
- package/lib/commonjs/credential/issuance/07-confirm-credential.js.map +1 -0
- package/lib/commonjs/credential/issuance/const.js +9 -0
- package/lib/commonjs/credential/issuance/const.js.map +1 -0
- package/lib/commonjs/credential/issuance/index.js +34 -0
- package/lib/commonjs/credential/issuance/index.js.map +1 -0
- package/lib/commonjs/credential/presentation/01-start-flow.js +55 -0
- package/lib/commonjs/credential/presentation/01-start-flow.js.map +1 -0
- package/lib/commonjs/credential/presentation/02-evaluate-rp-trust.js +32 -0
- package/lib/commonjs/credential/presentation/02-evaluate-rp-trust.js.map +1 -0
- package/lib/commonjs/credential/presentation/03-get-request-object.js +68 -0
- package/lib/commonjs/credential/presentation/03-get-request-object.js.map +1 -0
- package/lib/commonjs/credential/presentation/04-send-authorization-response.js +139 -0
- package/lib/commonjs/credential/presentation/04-send-authorization-response.js.map +1 -0
- package/lib/commonjs/credential/presentation/index.js +34 -0
- package/lib/commonjs/credential/presentation/index.js.map +1 -0
- package/lib/commonjs/{rp → credential/presentation}/types.js +17 -34
- package/lib/commonjs/credential/presentation/types.js.map +1 -0
- package/lib/commonjs/index.js +10 -61
- package/lib/commonjs/index.js.map +1 -1
- package/lib/commonjs/pid/index.js +1 -3
- package/lib/commonjs/pid/index.js.map +1 -1
- package/lib/commonjs/sd-jwt/index.js +1 -1
- package/lib/commonjs/sd-jwt/index.js.map +1 -1
- package/lib/commonjs/sd-jwt/types.js +1 -1
- package/lib/commonjs/sd-jwt/types.js.map +1 -1
- package/lib/commonjs/trust/chain.js +32 -4
- package/lib/commonjs/trust/chain.js.map +1 -1
- package/lib/commonjs/trust/index.js +105 -20
- package/lib/commonjs/trust/index.js.map +1 -1
- package/lib/commonjs/trust/types.js +54 -35
- package/lib/commonjs/trust/types.js.map +1 -1
- package/lib/commonjs/utils/crypto.js +4 -10
- package/lib/commonjs/utils/crypto.js.map +1 -1
- package/lib/commonjs/utils/misc.js +23 -0
- package/lib/commonjs/utils/misc.js.map +1 -0
- package/lib/commonjs/utils/par.js +86 -0
- package/lib/commonjs/utils/par.js.map +1 -0
- package/lib/module/credential/index.js +4 -0
- package/lib/module/credential/index.js.map +1 -0
- package/lib/module/credential/issuance/01-start-flow.js +2 -0
- package/lib/module/credential/issuance/01-start-flow.js.map +1 -0
- package/lib/module/credential/issuance/02-evaluate-issuer-trust.js +19 -0
- package/lib/module/credential/issuance/02-evaluate-issuer-trust.js.map +1 -0
- package/lib/module/credential/issuance/03-start-user-authorization.js +109 -0
- package/lib/module/credential/issuance/03-start-user-authorization.js.map +1 -0
- package/lib/module/credential/issuance/04-complete-user-authorization.js +2 -0
- package/lib/module/credential/issuance/04-complete-user-authorization.js.map +1 -0
- package/lib/module/credential/issuance/05-authorize-access.js +55 -0
- package/lib/module/credential/issuance/05-authorize-access.js.map +1 -0
- package/lib/module/credential/issuance/06-obtain-credential.js +117 -0
- package/lib/module/credential/issuance/06-obtain-credential.js.map +1 -0
- package/lib/module/credential/issuance/07-confirm-credential.js +2 -0
- package/lib/module/credential/issuance/07-confirm-credential.js.map +1 -0
- package/lib/module/credential/issuance/const.js +2 -0
- package/lib/module/credential/issuance/const.js.map +1 -0
- package/lib/module/credential/issuance/index.js +6 -0
- package/lib/module/credential/issuance/index.js.map +1 -0
- package/lib/module/credential/presentation/01-start-flow.js +46 -0
- package/lib/module/credential/presentation/01-start-flow.js.map +1 -0
- package/lib/module/credential/presentation/02-evaluate-rp-trust.js +25 -0
- package/lib/module/credential/presentation/02-evaluate-rp-trust.js.map +1 -0
- package/lib/module/credential/presentation/03-get-request-object.js +60 -0
- package/lib/module/credential/presentation/03-get-request-object.js.map +1 -0
- package/lib/module/credential/presentation/04-send-authorization-response.js +128 -0
- package/lib/module/credential/presentation/04-send-authorization-response.js.map +1 -0
- package/lib/module/credential/presentation/index.js +6 -0
- package/lib/module/credential/presentation/index.js.map +1 -0
- package/lib/module/credential/presentation/types.js +21 -0
- package/lib/module/credential/presentation/types.js.map +1 -0
- package/lib/module/index.js +4 -5
- package/lib/module/index.js.map +1 -1
- package/lib/module/pid/index.js +1 -2
- package/lib/module/pid/index.js.map +1 -1
- package/lib/module/sd-jwt/index.js +1 -1
- package/lib/module/sd-jwt/index.js.map +1 -1
- package/lib/module/sd-jwt/types.js +1 -1
- package/lib/module/sd-jwt/types.js.map +1 -1
- package/lib/module/trust/chain.js +30 -3
- package/lib/module/trust/chain.js.map +1 -1
- package/lib/module/trust/index.js +99 -16
- package/lib/module/trust/index.js.map +1 -1
- package/lib/module/trust/types.js +50 -31
- package/lib/module/trust/types.js.map +1 -1
- package/lib/module/utils/crypto.js +2 -8
- package/lib/module/utils/crypto.js.map +1 -1
- package/lib/module/utils/misc.js +17 -0
- package/lib/module/utils/misc.js.map +1 -0
- package/lib/module/utils/par.js +74 -0
- package/lib/module/utils/par.js.map +1 -0
- package/lib/typescript/credential/index.d.ts +4 -0
- package/lib/typescript/credential/index.d.ts.map +1 -0
- package/lib/typescript/credential/issuance/01-start-flow.d.ts +11 -0
- package/lib/typescript/credential/issuance/01-start-flow.d.ts.map +1 -0
- package/lib/typescript/credential/issuance/02-evaluate-issuer-trust.d.ts +18 -0
- package/lib/typescript/credential/issuance/02-evaluate-issuer-trust.d.ts.map +1 -0
- package/lib/typescript/credential/issuance/03-start-user-authorization.d.ts +31 -0
- package/lib/typescript/credential/issuance/03-start-user-authorization.d.ts.map +1 -0
- package/lib/typescript/credential/issuance/04-complete-user-authorization.d.ts +16 -0
- package/lib/typescript/credential/issuance/04-complete-user-authorization.d.ts.map +1 -0
- package/lib/typescript/credential/issuance/05-authorize-access.d.ts +26 -0
- package/lib/typescript/credential/issuance/05-authorize-access.d.ts.map +1 -0
- package/lib/typescript/credential/issuance/06-obtain-credential.d.ts +32 -0
- package/lib/typescript/credential/issuance/06-obtain-credential.d.ts.map +1 -0
- package/lib/typescript/credential/issuance/07-confirm-credential.d.ts +11 -0
- package/lib/typescript/credential/issuance/07-confirm-credential.d.ts.map +1 -0
- package/lib/typescript/credential/issuance/const.d.ts +2 -0
- package/lib/typescript/credential/issuance/const.d.ts.map +1 -0
- package/lib/typescript/credential/issuance/index.d.ts +10 -0
- package/lib/typescript/credential/issuance/index.d.ts.map +1 -0
- package/lib/typescript/credential/presentation/01-start-flow.d.ts +20 -0
- package/lib/typescript/credential/presentation/01-start-flow.d.ts.map +1 -0
- package/lib/typescript/credential/presentation/02-evaluate-rp-trust.d.ts +18 -0
- package/lib/typescript/credential/presentation/02-evaluate-rp-trust.d.ts.map +1 -0
- package/lib/typescript/credential/presentation/03-get-request-object.d.ts +25 -0
- package/lib/typescript/credential/presentation/03-get-request-object.d.ts.map +1 -0
- package/lib/typescript/credential/presentation/04-send-authorization-response.d.ts +34 -0
- package/lib/typescript/credential/presentation/04-send-authorization-response.d.ts.map +1 -0
- package/lib/typescript/credential/presentation/index.d.ts +7 -0
- package/lib/typescript/credential/presentation/index.d.ts.map +1 -0
- package/lib/typescript/credential/presentation/types.d.ts +49 -0
- package/lib/typescript/credential/presentation/types.d.ts.map +1 -0
- package/lib/typescript/index.d.ts +4 -5
- package/lib/typescript/index.d.ts.map +1 -1
- package/lib/typescript/pid/index.d.ts +1 -2
- package/lib/typescript/pid/index.d.ts.map +1 -1
- package/lib/typescript/sd-jwt/index.d.ts +2 -2
- package/lib/typescript/sd-jwt/index.d.ts.map +1 -1
- package/lib/typescript/sd-jwt/types.d.ts +5 -5
- package/lib/typescript/trust/chain.d.ts +12 -3
- package/lib/typescript/trust/chain.d.ts.map +1 -1
- package/lib/typescript/trust/index.d.ts +198 -24
- package/lib/typescript/trust/index.d.ts.map +1 -1
- package/lib/typescript/trust/types.d.ts +1299 -623
- package/lib/typescript/trust/types.d.ts.map +1 -1
- package/lib/typescript/utils/crypto.d.ts +1 -1
- package/lib/typescript/utils/crypto.d.ts.map +1 -1
- package/lib/typescript/utils/dpop.d.ts +2 -2
- package/lib/typescript/utils/misc.d.ts +8 -0
- package/lib/typescript/utils/misc.d.ts.map +1 -0
- package/lib/typescript/utils/par.d.ts +68 -0
- package/lib/typescript/utils/par.d.ts.map +1 -0
- package/package.json +2 -2
- package/src/credential/index.ts +4 -0
- package/src/credential/issuance/01-start-flow.ts +10 -0
- package/src/credential/issuance/02-evaluate-issuer-trust.ts +31 -0
- package/src/credential/issuance/03-start-user-authorization.ts +138 -0
- package/src/credential/issuance/04-complete-user-authorization.ts +17 -0
- package/src/credential/issuance/05-authorize-access.ts +92 -0
- package/src/credential/issuance/06-obtain-credential.ts +179 -0
- package/src/credential/issuance/07-confirm-credential.ts +14 -0
- package/src/credential/issuance/const.ts +2 -0
- package/src/credential/issuance/index.ts +32 -0
- package/src/credential/presentation/01-start-flow.ts +51 -0
- package/src/credential/presentation/02-evaluate-rp-trust.ts +33 -0
- package/src/credential/presentation/03-get-request-object.ts +85 -0
- package/src/credential/presentation/04-send-authorization-response.ts +168 -0
- package/src/credential/presentation/index.ts +26 -0
- package/src/credential/presentation/types.ts +27 -0
- package/src/index.ts +7 -28
- package/src/pid/index.ts +1 -2
- package/src/sd-jwt/index.ts +2 -2
- package/src/sd-jwt/types.ts +1 -1
- package/src/trust/chain.ts +45 -3
- package/src/trust/index.ts +136 -19
- package/src/trust/types.ts +57 -35
- package/src/utils/crypto.ts +2 -8
- package/src/utils/misc.ts +23 -0
- package/src/utils/par.ts +103 -0
- package/lib/commonjs/pid/issuing.js +0 -276
- package/lib/commonjs/pid/issuing.js.map +0 -1
- package/lib/commonjs/rp/__test__/index.test.js +0 -172
- package/lib/commonjs/rp/__test__/index.test.js.map +0 -1
- package/lib/commonjs/rp/index.js +0 -239
- package/lib/commonjs/rp/index.js.map +0 -1
- package/lib/commonjs/rp/types.js.map +0 -1
- package/lib/module/pid/issuing.js +0 -266
- package/lib/module/pid/issuing.js.map +0 -1
- package/lib/module/rp/__test__/index.test.js +0 -168
- package/lib/module/rp/__test__/index.test.js.map +0 -1
- package/lib/module/rp/index.js +0 -228
- package/lib/module/rp/index.js.map +0 -1
- package/lib/module/rp/types.js +0 -36
- package/lib/module/rp/types.js.map +0 -1
- package/lib/typescript/pid/issuing.d.ts +0 -57
- package/lib/typescript/pid/issuing.d.ts.map +0 -1
- package/lib/typescript/rp/__test__/index.test.d.ts +0 -2
- package/lib/typescript/rp/__test__/index.test.d.ts.map +0 -1
- package/lib/typescript/rp/index.d.ts +0 -43
- package/lib/typescript/rp/index.d.ts.map +0 -1
- package/lib/typescript/rp/types.d.ts +0 -122
- package/lib/typescript/rp/types.d.ts.map +0 -1
- package/src/pid/issuing.ts +0 -405
- package/src/rp/__test__/index.test.ts +0 -250
- package/src/rp/index.ts +0 -287
- package/src/rp/types.ts +0 -42
@@ -1,276 +0,0 @@
|
|
1
|
-
"use strict";
|
2
|
-
|
3
|
-
Object.defineProperty(exports, "__esModule", {
|
4
|
-
value: true
|
5
|
-
});
|
6
|
-
exports.getCredential = exports.authorizeIssuing = void 0;
|
7
|
-
var _ioReactNativeJwt = require("@pagopa/io-react-native-jwt");
|
8
|
-
var _jwk = require("../utils/jwk");
|
9
|
-
var _reactNativeUuid = _interopRequireDefault(require("react-native-uuid"));
|
10
|
-
var _errors = require("../utils/errors");
|
11
|
-
var _dpop = require("../utils/dpop");
|
12
|
-
var WalletInstanceAttestation = _interopRequireWildcard(require("../wallet-instance-attestation"));
|
13
|
-
var _2 = require(".");
|
14
|
-
var _crypto = require("../utils/crypto");
|
15
|
-
var z = _interopRequireWildcard(require("zod"));
|
16
|
-
var _decoder = require("../utils/decoder");
|
17
|
-
function _getRequireWildcardCache(nodeInterop) { if (typeof WeakMap !== "function") return null; var cacheBabelInterop = new WeakMap(); var cacheNodeInterop = new WeakMap(); return (_getRequireWildcardCache = function (nodeInterop) { return nodeInterop ? cacheNodeInterop : cacheBabelInterop; })(nodeInterop); }
|
18
|
-
function _interopRequireWildcard(obj, nodeInterop) { if (!nodeInterop && obj && obj.__esModule) { return obj; } if (obj === null || typeof obj !== "object" && typeof obj !== "function") { return { default: obj }; } var cache = _getRequireWildcardCache(nodeInterop); if (cache && cache.has(obj)) { return cache.get(obj); } var newObj = {}; var hasPropertyDescriptor = Object.defineProperty && Object.getOwnPropertyDescriptor; for (var key in obj) { if (key !== "default" && Object.prototype.hasOwnProperty.call(obj, key)) { var desc = hasPropertyDescriptor ? Object.getOwnPropertyDescriptor(obj, key) : null; if (desc && (desc.get || desc.set)) { Object.defineProperty(newObj, key, desc); } else { newObj[key] = obj[key]; } } } newObj.default = obj; if (cache) { cache.set(obj, newObj); } return newObj; }
|
19
|
-
function _interopRequireDefault(obj) { return obj && obj.__esModule ? obj : { default: obj }; }
|
20
|
-
// This is a temporary type that will be used for demo purposes only
|
21
|
-
|
22
|
-
const AuthenticationRequestResponse = z.object({
|
23
|
-
code: z.string(),
|
24
|
-
state: z.string(),
|
25
|
-
// TODO: refine to known paths using literals
|
26
|
-
iss: z.string()
|
27
|
-
});
|
28
|
-
const assertionType = "urn:ietf:params:oauth:client-assertion-type:jwt-client-attestation";
|
29
|
-
|
30
|
-
/**
|
31
|
-
* Make a PAR request to the PID issuer and return the response url
|
32
|
-
*/
|
33
|
-
const getPar = _ref => {
|
34
|
-
let {
|
35
|
-
wiaCryptoContext,
|
36
|
-
appFetch = fetch
|
37
|
-
} = _ref;
|
38
|
-
return async (clientId, codeVerifier, walletProviderBaseUrl, pidProviderEntityConfiguration, walletInstanceAttestation) => {
|
39
|
-
// Calculate the thumbprint of the public key of the Wallet Instance Attestation.
|
40
|
-
// The PAR request token is signed used the Wallet Instance Attestation key.
|
41
|
-
// The signature can be verified by reading the public key from the key set shippet with the it will ship the Wallet Instance Attestation;
|
42
|
-
// key is matched by its kid, which is supposed to be the thumbprint of its public key.
|
43
|
-
const keyThumbprint = await wiaCryptoContext.getPublicKey().then(_jwk.JWK.parse).then(_ioReactNativeJwt.thumbprint);
|
44
|
-
const iss = WalletInstanceAttestation.decode(walletInstanceAttestation).payload.cnf.jwk.kid;
|
45
|
-
const codeChallenge = await (0, _ioReactNativeJwt.sha256ToBase64)(codeVerifier);
|
46
|
-
const signedJwtForPar = await new _ioReactNativeJwt.SignJWT(wiaCryptoContext).setProtectedHeader({
|
47
|
-
kid: keyThumbprint
|
48
|
-
}).setPayload({
|
49
|
-
iss,
|
50
|
-
aud: pidProviderEntityConfiguration.payload.iss,
|
51
|
-
jti: `${_reactNativeUuid.default.v4()}`,
|
52
|
-
client_assertion_type: assertionType,
|
53
|
-
authorization_details: [{
|
54
|
-
credential_definition: {
|
55
|
-
type: "PersonIdentificationData"
|
56
|
-
},
|
57
|
-
format: "vc+sd-jwt",
|
58
|
-
type: "openid_credential"
|
59
|
-
}],
|
60
|
-
response_type: "code",
|
61
|
-
code_challenge_method: "s256",
|
62
|
-
redirect_uri: walletProviderBaseUrl,
|
63
|
-
state: `${_reactNativeUuid.default.v4()}`,
|
64
|
-
client_id: clientId,
|
65
|
-
code_challenge: codeChallenge
|
66
|
-
}).setIssuedAt().setExpirationTime("1h").sign();
|
67
|
-
const parUrl = pidProviderEntityConfiguration.payload.metadata.openid_credential_issuer.pushed_authorization_request_endpoint;
|
68
|
-
const requestBody = {
|
69
|
-
response_type: "code",
|
70
|
-
client_id: clientId,
|
71
|
-
code_challenge: codeChallenge,
|
72
|
-
code_challenge_method: "S256",
|
73
|
-
client_assertion_type: assertionType,
|
74
|
-
client_assertion: walletInstanceAttestation,
|
75
|
-
request: signedJwtForPar
|
76
|
-
};
|
77
|
-
var formBody = new URLSearchParams(requestBody);
|
78
|
-
const response = await appFetch(parUrl, {
|
79
|
-
method: "POST",
|
80
|
-
headers: {
|
81
|
-
"Content-Type": "application/x-www-form-urlencoded"
|
82
|
-
},
|
83
|
-
body: formBody.toString()
|
84
|
-
});
|
85
|
-
if (response.status === 201) {
|
86
|
-
const result = await response.json();
|
87
|
-
return result.request_uri;
|
88
|
-
}
|
89
|
-
throw new _errors.PidIssuingError(`Unable to obtain PAR. Response code: ${await response.text()}`);
|
90
|
-
};
|
91
|
-
};
|
92
|
-
|
93
|
-
/**
|
94
|
-
* Make an authorization request
|
95
|
-
*/
|
96
|
-
const getAuthenticationRequest = _ref2 => {
|
97
|
-
let {
|
98
|
-
appFetch = fetch
|
99
|
-
} = _ref2;
|
100
|
-
return async (clientId, requestUri, pidProviderEntityConfiguration, cieData) => {
|
101
|
-
const authzRequestEndpoint = pidProviderEntityConfiguration.payload.metadata.openid_credential_issuer.authorization_endpoint;
|
102
|
-
|
103
|
-
/* User's personal data is not supposed to transit in this flow,
|
104
|
-
* but to be provided to the PID issuer directly by its chosen authentication method (CIE).
|
105
|
-
* Being the project in an initial phase, and being we were still unable to fully comply with authentication,
|
106
|
-
* we temporarily provide data from the App's logged user.
|
107
|
-
* */
|
108
|
-
const params = new URLSearchParams({
|
109
|
-
client_id: clientId,
|
110
|
-
request_uri: requestUri,
|
111
|
-
name: cieData.name,
|
112
|
-
surname: cieData.surname,
|
113
|
-
birth_date: cieData.birthDate,
|
114
|
-
fiscal_code: cieData.fiscalCode
|
115
|
-
});
|
116
|
-
const response = await appFetch(authzRequestEndpoint + "?" + params, {
|
117
|
-
method: "GET"
|
118
|
-
});
|
119
|
-
if (response.status === 200) {
|
120
|
-
const formData = await response.text();
|
121
|
-
const {
|
122
|
-
decodedJwt
|
123
|
-
} = await (0, _decoder.getJwtFromFormPost)(formData);
|
124
|
-
const parsed = AuthenticationRequestResponse.parse(decodedJwt.payload);
|
125
|
-
return parsed;
|
126
|
-
}
|
127
|
-
throw new _errors.PidIssuingError(`Unable to obtain Authorization Request. Response code: ${await response.text()}`);
|
128
|
-
};
|
129
|
-
};
|
130
|
-
|
131
|
-
/**
|
132
|
-
* Start the issuing flow by generating an authorization request to the PID Provider. Obtain from the PID Provider an access token to be used to complete the issuing flow.
|
133
|
-
*
|
134
|
-
* @param params.wiaCryptoContext The key pair associated with the WIA. Will be use to prove the ownership of the attestation.
|
135
|
-
* @param params.appFetch (optional) Http client
|
136
|
-
* @param walletInstanceAttestation Wallet Instance Attestation token.
|
137
|
-
* @param walletProviderBaseUrl Base url for the Wallet Provider.
|
138
|
-
* @param pidProviderEntityConfiguration The Entity Configuration of the PID Provider, from which discover public endooints.
|
139
|
-
* @param cieData Data red from the CIE login process
|
140
|
-
* @returns The access token along with the values that identify the issuing session.
|
141
|
-
*/
|
142
|
-
const authorizeIssuing = _ref3 => {
|
143
|
-
let {
|
144
|
-
wiaCryptoContext,
|
145
|
-
appFetch = fetch
|
146
|
-
} = _ref3;
|
147
|
-
return async (walletInstanceAttestation, walletProviderBaseUrl, pidProviderEntityConfiguration, cieData) => {
|
148
|
-
// FIXME: do better
|
149
|
-
const clientId = await wiaCryptoContext.getPublicKey().then(_ => _.kid);
|
150
|
-
const codeVerifier = `${_reactNativeUuid.default.v4()}`;
|
151
|
-
const tokenUrl = pidProviderEntityConfiguration.payload.metadata.openid_credential_issuer.token_endpoint;
|
152
|
-
const requestUri = await getPar({
|
153
|
-
wiaCryptoContext,
|
154
|
-
appFetch
|
155
|
-
})(clientId, codeVerifier, walletProviderBaseUrl, pidProviderEntityConfiguration, walletInstanceAttestation);
|
156
|
-
const authenticationRequest = await getAuthenticationRequest({})(clientId, requestUri, pidProviderEntityConfiguration, cieData);
|
157
|
-
const authorizationCode = authenticationRequest.code;
|
158
|
-
const signedDPop = await (0, _crypto.useEphemeralKey)(ctx => (0, _dpop.createDPopToken)({
|
159
|
-
htm: "POST",
|
160
|
-
htu: tokenUrl,
|
161
|
-
jti: `${_reactNativeUuid.default.v4()}`
|
162
|
-
}, ctx));
|
163
|
-
const requestBody = {
|
164
|
-
grant_type: "authorization code",
|
165
|
-
client_id: clientId,
|
166
|
-
code: authorizationCode,
|
167
|
-
code_verifier: codeVerifier,
|
168
|
-
client_assertion_type: assertionType,
|
169
|
-
client_assertion: walletInstanceAttestation,
|
170
|
-
redirect_uri: walletProviderBaseUrl
|
171
|
-
};
|
172
|
-
var formBody = new URLSearchParams(requestBody);
|
173
|
-
const response = await appFetch(tokenUrl, {
|
174
|
-
method: "POST",
|
175
|
-
headers: {
|
176
|
-
"Content-Type": "application/x-www-form-urlencoded",
|
177
|
-
DPoP: signedDPop
|
178
|
-
},
|
179
|
-
body: formBody.toString()
|
180
|
-
});
|
181
|
-
if (response.status === 200) {
|
182
|
-
const {
|
183
|
-
c_nonce,
|
184
|
-
access_token
|
185
|
-
} = await response.json();
|
186
|
-
return {
|
187
|
-
accessToken: access_token,
|
188
|
-
nonce: c_nonce,
|
189
|
-
clientId,
|
190
|
-
codeVerifier,
|
191
|
-
authorizationCode,
|
192
|
-
walletProviderBaseUrl
|
193
|
-
};
|
194
|
-
}
|
195
|
-
throw new _errors.PidIssuingError(`Unable to obtain token. Response code: ${await response.text()}`);
|
196
|
-
};
|
197
|
-
};
|
198
|
-
|
199
|
-
/**
|
200
|
-
* Return the signed jwt for nonce proof of possession
|
201
|
-
*/
|
202
|
-
exports.authorizeIssuing = authorizeIssuing;
|
203
|
-
const createNonceProof = async (nonce, issuer, audience, ctx) => {
|
204
|
-
return new _ioReactNativeJwt.SignJWT(ctx).setPayload({
|
205
|
-
nonce,
|
206
|
-
jwk: await ctx.getPublicKey()
|
207
|
-
}).setProtectedHeader({
|
208
|
-
type: "openid4vci-proof+jwt"
|
209
|
-
}).setAudience(audience).setIssuer(issuer).setIssuedAt().setExpirationTime("1h").sign();
|
210
|
-
};
|
211
|
-
|
212
|
-
/**
|
213
|
-
* Complete the issuing flow and get the PID credential.
|
214
|
-
*
|
215
|
-
* @param params.pidCryptoContext The key pair associated with the PID. Will be use to prove the ownership of the credential.
|
216
|
-
* @param params.appFetch (optional) Http client
|
217
|
-
* @param authConf The authorization configuration retrieved with the access token
|
218
|
-
* @returns The PID credential token
|
219
|
-
*/
|
220
|
-
const getCredential = _ref4 => {
|
221
|
-
let {
|
222
|
-
pidCryptoContext,
|
223
|
-
appFetch = fetch
|
224
|
-
} = _ref4;
|
225
|
-
return async (_ref5, pidProviderEntityConfiguration) => {
|
226
|
-
let {
|
227
|
-
nonce,
|
228
|
-
accessToken,
|
229
|
-
clientId,
|
230
|
-
walletProviderBaseUrl
|
231
|
-
} = _ref5;
|
232
|
-
const credentialUrl = pidProviderEntityConfiguration.payload.metadata.openid_credential_issuer.credential_endpoint;
|
233
|
-
const signedDPopForPid = await (0, _dpop.createDPopToken)({
|
234
|
-
htm: "POST",
|
235
|
-
htu: credentialUrl,
|
236
|
-
jti: `${_reactNativeUuid.default.v4()}`
|
237
|
-
}, pidCryptoContext);
|
238
|
-
const signedNonceProof = await createNonceProof(nonce, clientId, walletProviderBaseUrl, pidCryptoContext);
|
239
|
-
const requestBody = {
|
240
|
-
credential_definition: JSON.stringify({
|
241
|
-
type: ["PersonIdentificationData"]
|
242
|
-
}),
|
243
|
-
format: "vc+sd-jwt",
|
244
|
-
proof: JSON.stringify({
|
245
|
-
jwt: signedNonceProof,
|
246
|
-
proof_type: "jwt"
|
247
|
-
})
|
248
|
-
};
|
249
|
-
const formBody = new URLSearchParams(requestBody);
|
250
|
-
const response = await appFetch(credentialUrl, {
|
251
|
-
method: "POST",
|
252
|
-
headers: {
|
253
|
-
"Content-Type": "application/x-www-form-urlencoded",
|
254
|
-
DPoP: signedDPopForPid,
|
255
|
-
Authorization: accessToken
|
256
|
-
},
|
257
|
-
body: formBody.toString()
|
258
|
-
});
|
259
|
-
if (response.status === 200) {
|
260
|
-
const pidResponse = await response.json();
|
261
|
-
await validatePid(pidResponse.credential, pidCryptoContext);
|
262
|
-
return pidResponse;
|
263
|
-
}
|
264
|
-
throw new _errors.PidIssuingError(`Unable to obtain credential! url=${credentialUrl} status=${response.status} body=${await response.text()}`);
|
265
|
-
};
|
266
|
-
};
|
267
|
-
exports.getCredential = getCredential;
|
268
|
-
const validatePid = async (pidJwt, pidCryptoContext) => {
|
269
|
-
const decoded = _2.SdJwt.decode(pidJwt);
|
270
|
-
const pidKey = await pidCryptoContext.getPublicKey();
|
271
|
-
const holderBindedKey = decoded.sdJwt.payload.cnf.jwk;
|
272
|
-
if ((await (0, _ioReactNativeJwt.thumbprint)(pidKey)) !== (await (0, _ioReactNativeJwt.thumbprint)(holderBindedKey))) {
|
273
|
-
throw new _errors.PidIssuingError(`The obtained pid does not seem to be valid according to your configuration. Your PID public key is: ${JSON.stringify(pidKey)} but PID holder binded key is: ${JSON.stringify(holderBindedKey)}`);
|
274
|
-
}
|
275
|
-
};
|
276
|
-
//# sourceMappingURL=issuing.js.map
|
@@ -1 +0,0 @@
|
|
1
|
-
{"version":3,"names":["_ioReactNativeJwt","require","_jwk","_reactNativeUuid","_interopRequireDefault","_errors","_dpop","WalletInstanceAttestation","_interopRequireWildcard","_2","_crypto","z","_decoder","_getRequireWildcardCache","nodeInterop","WeakMap","cacheBabelInterop","cacheNodeInterop","obj","__esModule","default","cache","has","get","newObj","hasPropertyDescriptor","Object","defineProperty","getOwnPropertyDescriptor","key","prototype","hasOwnProperty","call","desc","set","AuthenticationRequestResponse","object","code","string","state","iss","assertionType","getPar","_ref","wiaCryptoContext","appFetch","fetch","clientId","codeVerifier","walletProviderBaseUrl","pidProviderEntityConfiguration","walletInstanceAttestation","keyThumbprint","getPublicKey","then","JWK","parse","thumbprint","decode","payload","cnf","jwk","kid","codeChallenge","sha256ToBase64","signedJwtForPar","SignJWT","setProtectedHeader","setPayload","aud","jti","uuid","v4","client_assertion_type","authorization_details","credential_definition","type","format","response_type","code_challenge_method","redirect_uri","client_id","code_challenge","setIssuedAt","setExpirationTime","sign","parUrl","metadata","openid_credential_issuer","pushed_authorization_request_endpoint","requestBody","client_assertion","request","formBody","URLSearchParams","response","method","headers","body","toString","status","result","json","request_uri","PidIssuingError","text","getAuthenticationRequest","_ref2","requestUri","cieData","authzRequestEndpoint","authorization_endpoint","params","name","surname","birth_date","birthDate","fiscal_code","fiscalCode","formData","decodedJwt","getJwtFromFormPost","parsed","authorizeIssuing","_ref3","_","tokenUrl","token_endpoint","authenticationRequest","authorizationCode","signedDPop","useEphemeralKey","ctx","createDPopToken","htm","htu","grant_type","code_verifier","DPoP","c_nonce","access_token","accessToken","nonce","exports","createNonceProof","issuer","audience","setAudience","setIssuer","getCredential","_ref4","pidCryptoContext","_ref5","credentialUrl","credential_endpoint","signedDPopForPid","signedNonceProof","JSON","stringify","proof","jwt","proof_type","Authorization","pidResponse","validatePid","credential","pidJwt","decoded","SdJwt","pidKey","holderBindedKey","sdJwt"],"sourceRoot":"../../../src","sources":["pid/issuing.ts"],"mappings":";;;;;;AAAA,IAAAA,iBAAA,GAAAC,OAAA;AAOA,IAAAC,IAAA,GAAAD,OAAA;AACA,IAAAE,gBAAA,GAAAC,sBAAA,CAAAH,OAAA;AACA,IAAAI,OAAA,GAAAJ,OAAA;AACA,IAAAK,KAAA,GAAAL,OAAA;AAEA,IAAAM,yBAAA,GAAAC,uBAAA,CAAAP,OAAA;AACA,IAAAQ,EAAA,GAAAR,OAAA;AACA,IAAAS,OAAA,GAAAT,OAAA;AAEA,IAAAU,CAAA,GAAAH,uBAAA,CAAAP,OAAA;AACA,IAAAW,QAAA,GAAAX,OAAA;AAAsD,SAAAY,yBAAAC,WAAA,eAAAC,OAAA,kCAAAC,iBAAA,OAAAD,OAAA,QAAAE,gBAAA,OAAAF,OAAA,YAAAF,wBAAA,YAAAA,CAAAC,WAAA,WAAAA,WAAA,GAAAG,gBAAA,GAAAD,iBAAA,KAAAF,WAAA;AAAA,SAAAN,wBAAAU,GAAA,EAAAJ,WAAA,SAAAA,WAAA,IAAAI,GAAA,IAAAA,GAAA,CAAAC,UAAA,WAAAD,GAAA,QAAAA,GAAA,oBAAAA,GAAA,wBAAAA,GAAA,4BAAAE,OAAA,EAAAF,GAAA,UAAAG,KAAA,GAAAR,wBAAA,CAAAC,WAAA,OAAAO,KAAA,IAAAA,KAAA,CAAAC,GAAA,CAAAJ,GAAA,YAAAG,KAAA,CAAAE,GAAA,CAAAL,GAAA,SAAAM,MAAA,WAAAC,qBAAA,GAAAC,MAAA,CAAAC,cAAA,IAAAD,MAAA,CAAAE,wBAAA,WAAAC,GAAA,IAAAX,GAAA,QAAAW,GAAA,kBAAAH,MAAA,CAAAI,SAAA,CAAAC,cAAA,CAAAC,IAAA,CAAAd,GAAA,EAAAW,GAAA,SAAAI,IAAA,GAAAR,qBAAA,GAAAC,MAAA,CAAAE,wBAAA,CAAAV,GAAA,EAAAW,GAAA,cAAAI,IAAA,KAAAA,IAAA,CAAAV,GAAA,IAAAU,IAAA,CAAAC,GAAA,KAAAR,MAAA,CAAAC,cAAA,CAAAH,MAAA,EAAAK,GAAA,EAAAI,IAAA,YAAAT,MAAA,CAAAK,GAAA,IAAAX,GAAA,CAAAW,GAAA,SAAAL,MAAA,CAAAJ,OAAA,GAAAF,GAAA,MAAAG,KAAA,IAAAA,KAAA,CAAAa,GAAA,CAAAhB,GAAA,EAAAM,MAAA,YAAAA,MAAA;AAAA,SAAApB,uBAAAc,GAAA,WAAAA,GAAA,IAAAA,GAAA,CAAAC,UAAA,GAAAD,GAAA,KAAAE,OAAA,EAAAF,GAAA;AAEtD;;AA2BA,MAAMiB,6BAA6B,GAAGxB,CAAC,CAACyB,MAAM,CAAC;EAC7CC,IAAI,EAAE1B,CAAC,CAAC2B,MAAM,CAAC,CAAC;EAChBC,KAAK,EAAE5B,CAAC,CAAC2B,MAAM,CAAC,CAAC;EAAE;EACnBE,GAAG,EAAE7B,CAAC,CAAC2B,MAAM,CAAC;AAChB,CAAC,CAAC;AAEF,MAAMG,aAAa,GACjB,oEAAoE;;AAEtE;AACA;AACA;AACA,MAAMC,MAAM,GACVC,IAAA;EAAA,IAAC;IACCC,gBAAgB;IAChBC,QAAQ,GAAGC;EAIb,CAAC,GAAAH,IAAA;EAAA,OACD,OACEI,QAAgB,EAChBC,YAAoB,EACpBC,qBAA6B,EAC7BC,8BAAmE,EACnEC,yBAAiC,KACb;IACpB;IACA;IACA;IACA;IACA,MAAMC,aAAa,GAAG,MAAMR,gBAAgB,CACzCS,YAAY,CAAC,CAAC,CACdC,IAAI,CAACC,QAAG,CAACC,KAAK,CAAC,CACfF,IAAI,CAACG,4BAAU,CAAC;IAEnB,MAAMjB,GAAG,GAAGjC,yBAAyB,CAACmD,MAAM,CAACP,yBAAyB,CAAC,CACpEQ,OAAO,CAACC,GAAG,CAACC,GAAG,CAACC,GAAG;IAEtB,MAAMC,aAAa,GAAG,MAAM,IAAAC,gCAAc,EAAChB,YAAY,CAAC;IAExD,MAAMiB,eAAe,GAAG,MAAM,IAAIC,yBAAO,CAACtB,gBAAgB,CAAC,CACxDuB,kBAAkB,CAAC;MAClBL,GAAG,EAAEV;IACP,CAAC,CAAC,CACDgB,UAAU,CAAC;MACV5B,GAAG;MACH6B,GAAG,EAAEnB,8BAA8B,CAACS,OAAO,CAACnB,GAAG;MAC/C8B,GAAG,EAAG,GAAEC,wBAAI,CAACC,EAAE,CAAC,CAAE,EAAC;MACnBC,qBAAqB,EAAEhC,aAAa;MACpCiC,qBAAqB,EAAE,CACrB;QACEC,qBAAqB,EAAE;UACrBC,IAAI,EAAE;QACR,CAAC;QACDC,MAAM,EAAE,WAAW;QACnBD,IAAI,EAAE;MACR,CAAC,CACF;MACDE,aAAa,EAAE,MAAM;MACrBC,qBAAqB,EAAE,MAAM;MAC7BC,YAAY,EAAE/B,qBAAqB;MACnCV,KAAK,EAAG,GAAEgC,wBAAI,CAACC,EAAE,CAAC,CAAE,EAAC;MACrBS,SAAS,EAAElC,QAAQ;MACnBmC,cAAc,EAAEnB;IAClB,CAAC,CAAC,CACDoB,WAAW,CAAC,CAAC,CACbC,iBAAiB,CAAC,IAAI,CAAC,CACvBC,IAAI,CAAC,CAAC;IAET,MAAMC,MAAM,GACVpC,8BAA8B,CAACS,OAAO,CAAC4B,QAAQ,CAACC,wBAAwB,CACrEC,qCAAqC;IAE1C,MAAMC,WAAW,GAAG;MAClBZ,aAAa,EAAE,MAAM;MACrBG,SAAS,EAAElC,QAAQ;MACnBmC,cAAc,EAAEnB,aAAa;MAC7BgB,qBAAqB,EAAE,MAAM;MAC7BN,qBAAqB,EAAEhC,aAAa;MACpCkD,gBAAgB,EAAExC,yBAAyB;MAC3CyC,OAAO,EAAE3B;IACX,CAAC;IAED,IAAI4B,QAAQ,GAAG,IAAIC,eAAe,CAACJ,WAAW,CAAC;IAE/C,MAAMK,QAAQ,GAAG,MAAMlD,QAAQ,CAACyC,MAAM,EAAE;MACtCU,MAAM,EAAE,MAAM;MACdC,OAAO,EAAE;QACP,cAAc,EAAE;MAClB,CAAC;MACDC,IAAI,EAAEL,QAAQ,CAACM,QAAQ,CAAC;IAC1B,CAAC,CAAC;IAEF,IAAIJ,QAAQ,CAACK,MAAM,KAAK,GAAG,EAAE;MAC3B,MAAMC,MAAM,GAAG,MAAMN,QAAQ,CAACO,IAAI,CAAC,CAAC;MACpC,OAAOD,MAAM,CAACE,WAAW;IAC3B;IAEA,MAAM,IAAIC,uBAAe,CACtB,wCAAuC,MAAMT,QAAQ,CAACU,IAAI,CAAC,CAAE,EAChE,CAAC;EACH,CAAC;AAAA;;AAEH;AACA;AACA;AACA,MAAMC,wBAAwB,GAC5BC,KAAA;EAAA,IAAC;IAAE9D,QAAQ,GAAGC;EAA2C,CAAC,GAAA6D,KAAA;EAAA,OAC1D,OACE5D,QAAgB,EAChB6D,UAAkB,EAClB1D,8BAAmE,EACnE2D,OAAgB,KAC2B;IAC3C,MAAMC,oBAAoB,GACxB5D,8BAA8B,CAACS,OAAO,CAAC4B,QAAQ,CAACC,wBAAwB,CACrEuB,sBAAsB;;IAE3B;AACJ;AACA;AACA;AACA;IACI,MAAMC,MAAM,GAAG,IAAIlB,eAAe,CAAC;MACjCb,SAAS,EAAElC,QAAQ;MACnBwD,WAAW,EAAEK,UAAU;MACvBK,IAAI,EAAEJ,OAAO,CAACI,IAAI;MAClBC,OAAO,EAAEL,OAAO,CAACK,OAAO;MACxBC,UAAU,EAAEN,OAAO,CAACO,SAAS;MAC7BC,WAAW,EAAER,OAAO,CAACS;IACvB,CAAC,CAAC;IAEF,MAAMvB,QAAQ,GAAG,MAAMlD,QAAQ,CAACiE,oBAAoB,GAAG,GAAG,GAAGE,MAAM,EAAE;MACnEhB,MAAM,EAAE;IACV,CAAC,CAAC;IAEF,IAAID,QAAQ,CAACK,MAAM,KAAK,GAAG,EAAE;MAC3B,MAAMmB,QAAQ,GAAG,MAAMxB,QAAQ,CAACU,IAAI,CAAC,CAAC;MACtC,MAAM;QAAEe;MAAW,CAAC,GAAG,MAAM,IAAAC,2BAAkB,EAACF,QAAQ,CAAC;MACzD,MAAMG,MAAM,GAAGvF,6BAA6B,CAACqB,KAAK,CAACgE,UAAU,CAAC7D,OAAO,CAAC;MACtE,OAAO+D,MAAM;IACf;IAEA,MAAM,IAAIlB,uBAAe,CACtB,0DAAyD,MAAMT,QAAQ,CAACU,IAAI,CAAC,CAAE,EAClF,CAAC;EACH,CAAC;AAAA;;AAEH;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACO,MAAMkB,gBAAgB,GAC3BC,KAAA;EAAA,IAAC;IACChF,gBAAgB;IAChBC,QAAQ,GAAGC;EAIb,CAAC,GAAA8E,KAAA;EAAA,OACD,OACEzE,yBAAiC,EACjCF,qBAA6B,EAC7BC,8BAAmE,EACnE2D,OAAgB,KACe;IAC/B;IACA,MAAM9D,QAAQ,GAAG,MAAMH,gBAAgB,CAACS,YAAY,CAAC,CAAC,CAACC,IAAI,CAAEuE,CAAC,IAAKA,CAAC,CAAC/D,GAAG,CAAC;IACzE,MAAMd,YAAY,GAAI,GAAEuB,wBAAI,CAACC,EAAE,CAAC,CAAE,EAAC;IAEnC,MAAMsD,QAAQ,GACZ5E,8BAA8B,CAACS,OAAO,CAAC4B,QAAQ,CAACC,wBAAwB,CACrEuC,cAAc;IAEnB,MAAMnB,UAAU,GAAG,MAAMlE,MAAM,CAAC;MAAEE,gBAAgB;MAAEC;IAAS,CAAC,CAAC,CAC7DE,QAAQ,EACRC,YAAY,EACZC,qBAAqB,EACrBC,8BAA8B,EAC9BC,yBACF,CAAC;IAED,MAAM6E,qBAAqB,GAAG,MAAMtB,wBAAwB,CAAC,CAAC,CAAC,CAAC,CAC9D3D,QAAQ,EACR6D,UAAU,EACV1D,8BAA8B,EAC9B2D,OACF,CAAC;IAED,MAAMoB,iBAAiB,GAAGD,qBAAqB,CAAC3F,IAAI;IAEpD,MAAM6F,UAAU,GAAG,MAAM,IAAAC,uBAAe,EAAEC,GAAG,IAC3C,IAAAC,qBAAe,EACb;MACEC,GAAG,EAAE,MAAM;MACXC,GAAG,EAAET,QAAQ;MACbxD,GAAG,EAAG,GAAEC,wBAAI,CAACC,EAAE,CAAC,CAAE;IACpB,CAAC,EACD4D,GACF,CACF,CAAC;IAED,MAAM1C,WAAW,GAAG;MAClB8C,UAAU,EAAE,oBAAoB;MAChCvD,SAAS,EAAElC,QAAQ;MACnBV,IAAI,EAAE4F,iBAAiB;MACvBQ,aAAa,EAAEzF,YAAY;MAC3ByB,qBAAqB,EAAEhC,aAAa;MACpCkD,gBAAgB,EAAExC,yBAAyB;MAC3C6B,YAAY,EAAE/B;IAChB,CAAC;IACD,IAAI4C,QAAQ,GAAG,IAAIC,eAAe,CAACJ,WAAW,CAAC;IAE/C,MAAMK,QAAQ,GAAG,MAAMlD,QAAQ,CAACiF,QAAQ,EAAE;MACxC9B,MAAM,EAAE,MAAM;MACdC,OAAO,EAAE;QACP,cAAc,EAAE,mCAAmC;QACnDyC,IAAI,EAAER;MACR,CAAC;MACDhC,IAAI,EAAEL,QAAQ,CAACM,QAAQ,CAAC;IAC1B,CAAC,CAAC;IAEF,IAAIJ,QAAQ,CAACK,MAAM,KAAK,GAAG,EAAE;MAC3B,MAAM;QAAEuC,OAAO;QAAEC;MAAa,CAAC,GAAG,MAAM7C,QAAQ,CAACO,IAAI,CAAC,CAAC;MACvD,OAAO;QACLuC,WAAW,EAAED,YAAY;QACzBE,KAAK,EAAEH,OAAO;QACd5F,QAAQ;QACRC,YAAY;QACZiF,iBAAiB;QACjBhF;MACF,CAAC;IACH;IAEA,MAAM,IAAIuD,uBAAe,CACtB,0CAAyC,MAAMT,QAAQ,CAACU,IAAI,CAAC,CAAE,EAClE,CAAC;EACH,CAAC;AAAA;;AAEH;AACA;AACA;AAFAsC,OAAA,CAAApB,gBAAA,GAAAA,gBAAA;AAGA,MAAMqB,gBAAgB,GAAG,MAAAA,CACvBF,KAAa,EACbG,MAAc,EACdC,QAAgB,EAChBd,GAAkB,KACE;EACpB,OAAO,IAAIlE,yBAAO,CAACkE,GAAG,CAAC,CACpBhE,UAAU,CAAC;IACV0E,KAAK;IACLjF,GAAG,EAAE,MAAMuE,GAAG,CAAC/E,YAAY,CAAC;EAC9B,CAAC,CAAC,CACDc,kBAAkB,CAAC;IAClBS,IAAI,EAAE;EACR,CAAC,CAAC,CACDuE,WAAW,CAACD,QAAQ,CAAC,CACrBE,SAAS,CAACH,MAAM,CAAC,CACjB9D,WAAW,CAAC,CAAC,CACbC,iBAAiB,CAAC,IAAI,CAAC,CACvBC,IAAI,CAAC,CAAC;AACX,CAAC;;AAED;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACO,MAAMgE,aAAa,GACxBC,KAAA;EAAA,IAAC;IACCC,gBAAgB;IAChB1G,QAAQ,GAAGC;EAIb,CAAC,GAAAwG,KAAA;EAAA,OACD,OAAAE,KAAA,EAEEtG,8BAAmE,KAC1C;IAAA,IAFzB;MAAE4F,KAAK;MAAED,WAAW;MAAE9F,QAAQ;MAAEE;IAAyC,CAAC,GAAAuG,KAAA;IAG1E,MAAMC,aAAa,GACjBvG,8BAA8B,CAACS,OAAO,CAAC4B,QAAQ,CAACC,wBAAwB,CACrEkE,mBAAmB;IAExB,MAAMC,gBAAgB,GAAG,MAAM,IAAAtB,qBAAe,EAC5C;MACEC,GAAG,EAAE,MAAM;MACXC,GAAG,EAAEkB,aAAa;MAClBnF,GAAG,EAAG,GAAEC,wBAAI,CAACC,EAAE,CAAC,CAAE;IACpB,CAAC,EACD+E,gBACF,CAAC;IAED,MAAMK,gBAAgB,GAAG,MAAMZ,gBAAgB,CAC7CF,KAAK,EACL/F,QAAQ,EACRE,qBAAqB,EACrBsG,gBACF,CAAC;IAED,MAAM7D,WAAW,GAAG;MAClBf,qBAAqB,EAAEkF,IAAI,CAACC,SAAS,CAAC;QACpClF,IAAI,EAAE,CAAC,0BAA0B;MACnC,CAAC,CAAC;MACFC,MAAM,EAAE,WAAW;MACnBkF,KAAK,EAAEF,IAAI,CAACC,SAAS,CAAC;QACpBE,GAAG,EAAEJ,gBAAgB;QACrBK,UAAU,EAAE;MACd,CAAC;IACH,CAAC;IACD,MAAMpE,QAAQ,GAAG,IAAIC,eAAe,CAACJ,WAAW,CAAC;IAEjD,MAAMK,QAAQ,GAAG,MAAMlD,QAAQ,CAAC4G,aAAa,EAAE;MAC7CzD,MAAM,EAAE,MAAM;MACdC,OAAO,EAAE;QACP,cAAc,EAAE,mCAAmC;QACnDyC,IAAI,EAAEiB,gBAAgB;QACtBO,aAAa,EAAErB;MACjB,CAAC;MACD3C,IAAI,EAAEL,QAAQ,CAACM,QAAQ,CAAC;IAC1B,CAAC,CAAC;IAEF,IAAIJ,QAAQ,CAACK,MAAM,KAAK,GAAG,EAAE;MAC3B,MAAM+D,WAAW,GAAI,MAAMpE,QAAQ,CAACO,IAAI,CAAC,CAAiB;MAC1D,MAAM8D,WAAW,CAACD,WAAW,CAACE,UAAU,EAAEd,gBAAgB,CAAC;MAC3D,OAAOY,WAAW;IACpB;IAEA,MAAM,IAAI3D,uBAAe,CACtB,oCAAmCiD,aAAc,WAChD1D,QAAQ,CAACK,MACV,SAAQ,MAAML,QAAQ,CAACU,IAAI,CAAC,CAAE,EACjC,CAAC;EACH,CAAC;AAAA;AAACsC,OAAA,CAAAM,aAAA,GAAAA,aAAA;AAEJ,MAAMe,WAAW,GAAG,MAAAA,CAAOE,MAAc,EAAEf,gBAA+B,KAAK;EAC7E,MAAMgB,OAAO,GAAGC,QAAK,CAAC9G,MAAM,CAAC4G,MAAM,CAAC;EACpC,MAAMG,MAAM,GAAG,MAAMlB,gBAAgB,CAAClG,YAAY,CAAC,CAAC;EACpD,MAAMqH,eAAe,GAAGH,OAAO,CAACI,KAAK,CAAChH,OAAO,CAACC,GAAG,CAACC,GAAG;EAErD,IAAI,CAAC,MAAM,IAAAJ,4BAAU,EAACgH,MAAM,CAAC,OAAO,MAAM,IAAAhH,4BAAU,EAACiH,eAAe,CAAC,CAAC,EAAE;IACtE,MAAM,IAAIlE,uBAAe,CACtB,uGAAsGqD,IAAI,CAACC,SAAS,CACnHW,MACF,CAAE,kCAAiCZ,IAAI,CAACC,SAAS,CAACY,eAAe,CAAE,EACrE,CAAC;EACH;AACF,CAAC"}
|
@@ -1,172 +0,0 @@
|
|
1
|
-
"use strict";
|
2
|
-
|
3
|
-
var _types = require("../../trust/types");
|
4
|
-
var RelyingPartySolution = _interopRequireWildcard(require(".."));
|
5
|
-
var _errors = require("../../utils/errors");
|
6
|
-
function _getRequireWildcardCache(nodeInterop) { if (typeof WeakMap !== "function") return null; var cacheBabelInterop = new WeakMap(); var cacheNodeInterop = new WeakMap(); return (_getRequireWildcardCache = function (nodeInterop) { return nodeInterop ? cacheNodeInterop : cacheBabelInterop; })(nodeInterop); }
|
7
|
-
function _interopRequireWildcard(obj, nodeInterop) { if (!nodeInterop && obj && obj.__esModule) { return obj; } if (obj === null || typeof obj !== "object" && typeof obj !== "function") { return { default: obj }; } var cache = _getRequireWildcardCache(nodeInterop); if (cache && cache.has(obj)) { return cache.get(obj); } var newObj = {}; var hasPropertyDescriptor = Object.defineProperty && Object.getOwnPropertyDescriptor; for (var key in obj) { if (key !== "default" && Object.prototype.hasOwnProperty.call(obj, key)) { var desc = hasPropertyDescriptor ? Object.getOwnPropertyDescriptor(obj, key) : null; if (desc && (desc.get || desc.set)) { Object.defineProperty(newObj, key, desc); } else { newObj[key] = obj[key]; } } } newObj.default = obj; if (cache) { cache.set(obj, newObj); } return newObj; }
|
8
|
-
describe("decodeAuthRequestQR", () => {
|
9
|
-
it("should return authentication request URL", async () => {
|
10
|
-
const qrcode = "ZXVkaXc6Ly9hdXRob3JpemU/Y2xpZW50X2lkPWh0dHBzOi8vdmVyaWZpZXIuZXhhbXBsZS5vcmcmcmVxdWVzdF91cmk9aHR0cHM6Ly92ZXJpZmllci5leGFtcGxlLm9yZy9yZXF1ZXN0X3VyaQ==";
|
11
|
-
const result = RelyingPartySolution.decodeAuthRequestQR(qrcode);
|
12
|
-
expect(result.requestURI).toEqual("https://verifier.example.org/request_uri");
|
13
|
-
});
|
14
|
-
it("should throw exception with invalid QR", async () => {
|
15
|
-
const qrcode = "aHR0cDovL2dvb2dsZS5pdA==";
|
16
|
-
expect(() => RelyingPartySolution.decodeAuthRequestQR(qrcode)).toThrowError(_errors.AuthRequestDecodeError);
|
17
|
-
});
|
18
|
-
});
|
19
|
-
describe("RpEntityConfiguration", () => {
|
20
|
-
it("should parse a valid conf", async () => {
|
21
|
-
const pp = {
|
22
|
-
header: {
|
23
|
-
alg: "RS256",
|
24
|
-
kid: "9Cquk0X-fNPSdePQIgQcQZtD6J0IjIRrFigW2PPK_-w",
|
25
|
-
typ: "entity-statement+jwt"
|
26
|
-
},
|
27
|
-
payload: {
|
28
|
-
exp: 1692625747,
|
29
|
-
iat: 1692625387,
|
30
|
-
iss: "https://demo.proxy.eudi.wallet.developers.italia.it/OpenID4VP",
|
31
|
-
sub: "https://demo.proxy.eudi.wallet.developers.italia.it/OpenID4VP",
|
32
|
-
jwks: {
|
33
|
-
keys: [{
|
34
|
-
kty: "RSA",
|
35
|
-
kid: "9Cquk0X-fNPSdePQIgQcQZtD6J0IjIRrFigW2PPK_-w",
|
36
|
-
e: "AQAB",
|
37
|
-
n: "utqtxbs-jnK0cPsV7aRkkZKA9t4S-WSZa3nCZtYIKDpgLnR_qcpeF0diJZvKOqXmj2cXaKFUE-8uHKAHo7BL7T-Rj2x3vGESh7SG1pE0thDGlXj4yNsg0qNvCXtk703L2H3i1UXwx6nq1uFxD2EcOE4a6qDYBI16Zl71TUZktJwmOejoHl16CPWqDLGo9GUSk_MmHOV20m4wXWkB4qbvpWVY8H6b2a0rB1B1YPOs5ZLYarSYZgjDEg6DMtZ4NgiwZ-4N1aaLwyO-GLwt9Vf-NBKwoxeRyD3zWE2FXRFBbhKGksMrCGnFDsNl5JTlPjaM3kYyImE941ggcuc495m-Fw"
|
38
|
-
}]
|
39
|
-
},
|
40
|
-
metadata: {
|
41
|
-
federation_entity: {
|
42
|
-
organization_name: "wallet-provider",
|
43
|
-
homepage_uri: "https://wallet-provider.example",
|
44
|
-
policy_uri: "https://wallet-provider.example",
|
45
|
-
logo_uri: "https://wallet-provider.example",
|
46
|
-
contacts: ["https://wallet-provider.example"]
|
47
|
-
},
|
48
|
-
wallet_relying_party: {
|
49
|
-
application_type: "web",
|
50
|
-
authorization_encrypted_response_alg: ["RSA-OAEP", "RSA-OAEP-256", "ECDH-ES", "ECDH-ES+A128KW", "ECDH-ES+A192KW", "ECDH-ES+A256KW"],
|
51
|
-
authorization_encrypted_response_enc: ["A128CBC-HS256", "A192CBC-HS384", "A256CBC-HS512", "A128GCM", "A192GCM", "A256GCM"],
|
52
|
-
authorization_signed_response_alg: ["RS256", "RS384", "RS512", "ES256", "ES384", "ES512"],
|
53
|
-
client_id: "https://demo.proxy.eudi.wallet.developers.italia.it/OpenID4VP",
|
54
|
-
client_name: "Name of an example organization",
|
55
|
-
contacts: ["ops@verifier.example.org"],
|
56
|
-
default_acr_values: ["https://www.spid.gov.it/SpidL2", "https://www.spid.gov.it/SpidL3"],
|
57
|
-
default_max_age: 1111,
|
58
|
-
id_token_encrypted_response_alg: ["RSA-OAEP", "RSA-OAEP-256", "ECDH-ES", "ECDH-ES+A128KW", "ECDH-ES+A192KW", "ECDH-ES+A256KW"],
|
59
|
-
id_token_encrypted_response_enc: ["A128CBC-HS256", "A192CBC-HS384", "A256CBC-HS512", "A128GCM", "A192GCM", "A256GCM"],
|
60
|
-
id_token_signed_response_alg: ["RS256", "RS384", "RS512", "ES256", "ES384", "ES512"],
|
61
|
-
presentation_definitions: [{
|
62
|
-
id: "pid-sd-jwt:unique_id+given_name+family_name",
|
63
|
-
input_descriptors: [{
|
64
|
-
id: "pid-sd-jwt:unique_id+given_name+family_name",
|
65
|
-
format: {
|
66
|
-
constraints: {
|
67
|
-
fields: [{
|
68
|
-
filter: {
|
69
|
-
const: "PersonIdentificationData",
|
70
|
-
type: "string"
|
71
|
-
},
|
72
|
-
path: ["$.sd-jwt.type"]
|
73
|
-
}, {
|
74
|
-
filter: {
|
75
|
-
type: "object"
|
76
|
-
},
|
77
|
-
path: ["$.sd-jwt.cnf"]
|
78
|
-
}, {
|
79
|
-
intent_to_retain: "true",
|
80
|
-
path: ["$.sd-jwt.family_name"]
|
81
|
-
}, {
|
82
|
-
intent_to_retain: "true",
|
83
|
-
path: ["$.sd-jwt.given_name"]
|
84
|
-
}, {
|
85
|
-
intent_to_retain: "true",
|
86
|
-
path: ["$.sd-jwt.unique_id"]
|
87
|
-
}],
|
88
|
-
limit_disclosure: "required"
|
89
|
-
},
|
90
|
-
jwt: {
|
91
|
-
alg: ["EdDSA", "ES256"]
|
92
|
-
}
|
93
|
-
}
|
94
|
-
}]
|
95
|
-
}, {
|
96
|
-
id: "mDL-sample-req",
|
97
|
-
input_descriptors: [{
|
98
|
-
format: {
|
99
|
-
constraints: {
|
100
|
-
fields: [{
|
101
|
-
filter: {
|
102
|
-
const: "org.iso.18013.5.1.mDL",
|
103
|
-
type: "string"
|
104
|
-
},
|
105
|
-
path: ["$.mdoc.doctype"]
|
106
|
-
}, {
|
107
|
-
filter: {
|
108
|
-
const: "org.iso.18013.5.1",
|
109
|
-
type: "string"
|
110
|
-
},
|
111
|
-
path: ["$.mdoc.namespace"]
|
112
|
-
}, {
|
113
|
-
intent_to_retain: "false",
|
114
|
-
path: ["$.mdoc.family_name"]
|
115
|
-
}, {
|
116
|
-
intent_to_retain: "false",
|
117
|
-
path: ["$.mdoc.portrait"]
|
118
|
-
}, {
|
119
|
-
intent_to_retain: "false",
|
120
|
-
path: ["$.mdoc.driving_privileges"]
|
121
|
-
}],
|
122
|
-
limit_disclosure: "required"
|
123
|
-
},
|
124
|
-
mso_mdoc: {
|
125
|
-
alg: ["EdDSA", "ES256"]
|
126
|
-
}
|
127
|
-
},
|
128
|
-
id: "mDL"
|
129
|
-
}]
|
130
|
-
}],
|
131
|
-
redirect_uris: ["https://demo.proxy.eudi.wallet.developers.italia.it/OpenID4VP/redirect-uri"],
|
132
|
-
request_uris: ["https://demo.proxy.eudi.wallet.developers.italia.it/OpenID4VP/request-uri"],
|
133
|
-
require_auth_time: true,
|
134
|
-
subject_type: "pairwise",
|
135
|
-
vp_formats: {
|
136
|
-
jwt_vp_json: {
|
137
|
-
alg: ["EdDSA", "ES256K"]
|
138
|
-
}
|
139
|
-
},
|
140
|
-
jwks: {
|
141
|
-
keys: [{
|
142
|
-
crv: "P-256",
|
143
|
-
d: "KzQBowMMoPmSZe7G8QsdEWc1IvR2nsgE8qTOYmMcLtc",
|
144
|
-
kid: "dDwPWXz5sCtczj7CJbqgPGJ2qQ83gZ9Sfs-tJyULi6s",
|
145
|
-
use: "sig",
|
146
|
-
kty: "EC",
|
147
|
-
x: "TSO-KOqdnUj5SUuasdlRB2VVFSqtJOxuR5GftUTuBdk",
|
148
|
-
y: "ByWgQt1wGBSnF56jQqLdoO1xKUynMY-BHIDB3eXlR7"
|
149
|
-
}, {
|
150
|
-
kty: "RSA",
|
151
|
-
d: "QUZsh1NqvpueootsdSjFQz-BUvxwd3Qnzm5qNb-WeOsvt3rWMEv0Q8CZrla2tndHTJhwioo1U4NuQey7znijhZ177bUwPPxSW1r68dEnL2U74nKwwoYeeMdEXnUfZSPxzs7nY6b7vtyCoA-AjiVYFOlgKNAItspv1HxeyGCLhLYhKvS_YoTdAeLuegETU5D6K1xGQIuw0nS13Icjz79Y8jC10TX4FdZwdX-NmuIEDP5-s95V9DMENtVqJAVE3L-wO-NdDilyjyOmAbntgsCzYVGH9U3W_djh4t3qVFCv3r0S-DA2FD3THvlrFi655L0QHR3gu_Fbj3b9Ybtajpue_Q",
|
152
|
-
e: "AQAB",
|
153
|
-
use: "enc",
|
154
|
-
kid: "9Cquk0X-fNPSdePQIgQcQZtD6J0IjIRrFigW2PPK_-w",
|
155
|
-
n: "utqtxbs-jnK0cPsV7aRkkZKA9t4S-WSZa3nCZtYIKDpgLnR_qcpeF0diJZvKOqXmj2cXaKFUE-8uHKAHo7BL7T-Rj2x3vGESh7SG1pE0thDGlXj4yNsg0qNvCXtk703L2H3i1UXwx6nq1uFxD2EcOE4a6qDYBI16Zl71TUZktJwmOejoHl16CPWqDLGo9GUSk_MmHOV20m4wXWkB4qbvpWVY8H6b2a0rB1B1YPOs5ZLYarSYZgjDEg6DMtZ4NgiwZ-4N1aaLwyO-GLwt9Vf-NBKwoxeRyD3zWE2FXRFBbhKGksMrCGnFDsNl5JTlPjaM3kYyImE941ggcuc495m-Fw",
|
156
|
-
p: "2zmGXIMCEHPphw778YjVTar1eycih6fFSJ4I4bl1iq167GqO0PjlOx6CZ1-OdBTVU7HfrYRiUK_BnGRdPDn-DQghwwkB79ZdHWL14wXnpB5y-boHz_LxvjsEqXtuQYcIkidOGaMG68XNT1nM4F9a8UKFr5hHYT5_UIQSwsxlRQ0",
|
157
|
-
q: "2jMFt2iFrdaYabdXuB4QMboVjPvbLA-IVb6_0hSG_-EueGBvgcBxdFGIZaG6kqHqlB7qMsSzdptU0vn6IgmCZnX-Hlt6c5X7JB_q91PZMLTO01pbZ2Bk58GloalCHnw_mjPh0YPviH5jGoWM5RHyl_HDDMI-UeLkzP7ImxGizrM"
|
158
|
-
}]
|
159
|
-
}
|
160
|
-
}
|
161
|
-
},
|
162
|
-
authority_hints: ["https://demo.federation.eudi.wallet.developers.italia.it"]
|
163
|
-
}
|
164
|
-
};
|
165
|
-
const result = _types.RelyingPartyEntityConfiguration.safeParse(pp);
|
166
|
-
if (result.success === false) {
|
167
|
-
throw result.error;
|
168
|
-
}
|
169
|
-
expect(result.success).toBe(true);
|
170
|
-
});
|
171
|
-
});
|
172
|
-
//# sourceMappingURL=index.test.js.map
|
@@ -1 +0,0 @@
|
|
1
|
-
{"version":3,"names":["_types","require","RelyingPartySolution","_interopRequireWildcard","_errors","_getRequireWildcardCache","nodeInterop","WeakMap","cacheBabelInterop","cacheNodeInterop","obj","__esModule","default","cache","has","get","newObj","hasPropertyDescriptor","Object","defineProperty","getOwnPropertyDescriptor","key","prototype","hasOwnProperty","call","desc","set","describe","it","qrcode","result","decodeAuthRequestQR","expect","requestURI","toEqual","toThrowError","AuthRequestDecodeError","pp","header","alg","kid","typ","payload","exp","iat","iss","sub","jwks","keys","kty","e","n","metadata","federation_entity","organization_name","homepage_uri","policy_uri","logo_uri","contacts","wallet_relying_party","application_type","authorization_encrypted_response_alg","authorization_encrypted_response_enc","authorization_signed_response_alg","client_id","client_name","default_acr_values","default_max_age","id_token_encrypted_response_alg","id_token_encrypted_response_enc","id_token_signed_response_alg","presentation_definitions","id","input_descriptors","format","constraints","fields","filter","const","type","path","intent_to_retain","limit_disclosure","jwt","mso_mdoc","redirect_uris","request_uris","require_auth_time","subject_type","vp_formats","jwt_vp_json","crv","d","use","x","y","p","q","authority_hints","RelyingPartyEntityConfiguration","safeParse","success","error","toBe"],"sourceRoot":"../../../../src","sources":["rp/__test__/index.test.ts"],"mappings":";;AAAA,IAAAA,MAAA,GAAAC,OAAA;AACA,IAAAC,oBAAA,GAAAC,uBAAA,CAAAF,OAAA;AACA,IAAAG,OAAA,GAAAH,OAAA;AAA4D,SAAAI,yBAAAC,WAAA,eAAAC,OAAA,kCAAAC,iBAAA,OAAAD,OAAA,QAAAE,gBAAA,OAAAF,OAAA,YAAAF,wBAAA,YAAAA,CAAAC,WAAA,WAAAA,WAAA,GAAAG,gBAAA,GAAAD,iBAAA,KAAAF,WAAA;AAAA,SAAAH,wBAAAO,GAAA,EAAAJ,WAAA,SAAAA,WAAA,IAAAI,GAAA,IAAAA,GAAA,CAAAC,UAAA,WAAAD,GAAA,QAAAA,GAAA,oBAAAA,GAAA,wBAAAA,GAAA,4BAAAE,OAAA,EAAAF,GAAA,UAAAG,KAAA,GAAAR,wBAAA,CAAAC,WAAA,OAAAO,KAAA,IAAAA,KAAA,CAAAC,GAAA,CAAAJ,GAAA,YAAAG,KAAA,CAAAE,GAAA,CAAAL,GAAA,SAAAM,MAAA,WAAAC,qBAAA,GAAAC,MAAA,CAAAC,cAAA,IAAAD,MAAA,CAAAE,wBAAA,WAAAC,GAAA,IAAAX,GAAA,QAAAW,GAAA,kBAAAH,MAAA,CAAAI,SAAA,CAAAC,cAAA,CAAAC,IAAA,CAAAd,GAAA,EAAAW,GAAA,SAAAI,IAAA,GAAAR,qBAAA,GAAAC,MAAA,CAAAE,wBAAA,CAAAV,GAAA,EAAAW,GAAA,cAAAI,IAAA,KAAAA,IAAA,CAAAV,GAAA,IAAAU,IAAA,CAAAC,GAAA,KAAAR,MAAA,CAAAC,cAAA,CAAAH,MAAA,EAAAK,GAAA,EAAAI,IAAA,YAAAT,MAAA,CAAAK,GAAA,IAAAX,GAAA,CAAAW,GAAA,SAAAL,MAAA,CAAAJ,OAAA,GAAAF,GAAA,MAAAG,KAAA,IAAAA,KAAA,CAAAa,GAAA,CAAAhB,GAAA,EAAAM,MAAA,YAAAA,MAAA;AAE5DW,QAAQ,CAAC,qBAAqB,EAAE,MAAM;EACpCC,EAAE,CAAC,0CAA0C,EAAE,YAAY;IACzD,MAAMC,MAAM,GACV,sJAAsJ;IACxJ,MAAMC,MAAM,GAAG5B,oBAAoB,CAAC6B,mBAAmB,CAACF,MAAM,CAAC;IAC/DG,MAAM,CAACF,MAAM,CAACG,UAAU,CAAC,CAACC,OAAO,CAC/B,0CACF,CAAC;EACH,CAAC,CAAC;EACFN,EAAE,CAAC,wCAAwC,EAAE,YAAY;IACvD,MAAMC,MAAM,GAAG,0BAA0B;IACzCG,MAAM,CAAC,MAAM9B,oBAAoB,CAAC6B,mBAAmB,CAACF,MAAM,CAAC,CAAC,CAACM,YAAY,CACzEC,8BACF,CAAC;EACH,CAAC,CAAC;AACJ,CAAC,CAAC;AAEFT,QAAQ,CAAC,uBAAuB,EAAE,MAAM;EACtCC,EAAE,CAAC,2BAA2B,EAAE,YAAY;IAC1C,MAAMS,EAAE,GAAG;MACTC,MAAM,EAAE;QACNC,GAAG,EAAE,OAAO;QACZC,GAAG,EAAE,6CAA6C;QAClDC,GAAG,EAAE;MACP,CAAC;MACDC,OAAO,EAAE;QACPC,GAAG,EAAE,UAAU;QACfC,GAAG,EAAE,UAAU;QACfC,GAAG,EAAE,+DAA+D;QACpEC,GAAG,EAAE,+DAA+D;QACpEC,IAAI,EAAE;UACJC,IAAI,EAAE,CACJ;YACEC,GAAG,EAAE,KAAK;YACVT,GAAG,EAAE,6CAA6C;YAClDU,CAAC,EAAE,MAAM;YACTC,CAAC,EAAE;UACL,CAAC;QAEL,CAAC;QACDC,QAAQ,EAAE;UACRC,iBAAiB,EAAE;YACjBC,iBAAiB,EAAE,iBAAiB;YACpCC,YAAY,EAAE,iCAAiC;YAC/CC,UAAU,EAAE,iCAAiC;YAC7CC,QAAQ,EAAE,iCAAiC;YAC3CC,QAAQ,EAAE,CAAC,iCAAiC;UAC9C,CAAC;UACDC,oBAAoB,EAAE;YACpBC,gBAAgB,EAAE,KAAK;YACvBC,oCAAoC,EAAE,CACpC,UAAU,EACV,cAAc,EACd,SAAS,EACT,gBAAgB,EAChB,gBAAgB,EAChB,gBAAgB,CACjB;YACDC,oCAAoC,EAAE,CACpC,eAAe,EACf,eAAe,EACf,eAAe,EACf,SAAS,EACT,SAAS,EACT,SAAS,CACV;YACDC,iCAAiC,EAAE,CACjC,OAAO,EACP,OAAO,EACP,OAAO,EACP,OAAO,EACP,OAAO,EACP,OAAO,CACR;YACDC,SAAS,EACP,+DAA+D;YACjEC,WAAW,EAAE,iCAAiC;YAC9CP,QAAQ,EAAE,CAAC,0BAA0B,CAAC;YACtCQ,kBAAkB,EAAE,CAClB,gCAAgC,EAChC,gCAAgC,CACjC;YACDC,eAAe,EAAE,IAAI;YACrBC,+BAA+B,EAAE,CAC/B,UAAU,EACV,cAAc,EACd,SAAS,EACT,gBAAgB,EAChB,gBAAgB,EAChB,gBAAgB,CACjB;YACDC,+BAA+B,EAAE,CAC/B,eAAe,EACf,eAAe,EACf,eAAe,EACf,SAAS,EACT,SAAS,EACT,SAAS,CACV;YACDC,4BAA4B,EAAE,CAC5B,OAAO,EACP,OAAO,EACP,OAAO,EACP,OAAO,EACP,OAAO,EACP,OAAO,CACR;YACDC,wBAAwB,EAAE,CACxB;cACEC,EAAE,EAAE,6CAA6C;cACjDC,iBAAiB,EAAE,CACjB;gBACED,EAAE,EAAE,6CAA6C;gBACjDE,MAAM,EAAE;kBACNC,WAAW,EAAE;oBACXC,MAAM,EAAE,CACN;sBACEC,MAAM,EAAE;wBACNC,KAAK,EAAE,0BAA0B;wBACjCC,IAAI,EAAE;sBACR,CAAC;sBACDC,IAAI,EAAE,CAAC,eAAe;oBACxB,CAAC,EACD;sBACEH,MAAM,EAAE;wBACNE,IAAI,EAAE;sBACR,CAAC;sBACDC,IAAI,EAAE,CAAC,cAAc;oBACvB,CAAC,EACD;sBACEC,gBAAgB,EAAE,MAAM;sBACxBD,IAAI,EAAE,CAAC,sBAAsB;oBAC/B,CAAC,EACD;sBACEC,gBAAgB,EAAE,MAAM;sBACxBD,IAAI,EAAE,CAAC,qBAAqB;oBAC9B,CAAC,EACD;sBACEC,gBAAgB,EAAE,MAAM;sBACxBD,IAAI,EAAE,CAAC,oBAAoB;oBAC7B,CAAC,CACF;oBACDE,gBAAgB,EAAE;kBACpB,CAAC;kBACDC,GAAG,EAAE;oBACH5C,GAAG,EAAE,CAAC,OAAO,EAAE,OAAO;kBACxB;gBACF;cACF,CAAC;YAEL,CAAC,EACD;cACEiC,EAAE,EAAE,gBAAgB;cACpBC,iBAAiB,EAAE,CACjB;gBACEC,MAAM,EAAE;kBACNC,WAAW,EAAE;oBACXC,MAAM,EAAE,CACN;sBACEC,MAAM,EAAE;wBACNC,KAAK,EAAE,uBAAuB;wBAC9BC,IAAI,EAAE;sBACR,CAAC;sBACDC,IAAI,EAAE,CAAC,gBAAgB;oBACzB,CAAC,EACD;sBACEH,MAAM,EAAE;wBACNC,KAAK,EAAE,mBAAmB;wBAC1BC,IAAI,EAAE;sBACR,CAAC;sBACDC,IAAI,EAAE,CAAC,kBAAkB;oBAC3B,CAAC,EACD;sBACEC,gBAAgB,EAAE,OAAO;sBACzBD,IAAI,EAAE,CAAC,oBAAoB;oBAC7B,CAAC,EACD;sBACEC,gBAAgB,EAAE,OAAO;sBACzBD,IAAI,EAAE,CAAC,iBAAiB;oBAC1B,CAAC,EACD;sBACEC,gBAAgB,EAAE,OAAO;sBACzBD,IAAI,EAAE,CAAC,2BAA2B;oBACpC,CAAC,CACF;oBACDE,gBAAgB,EAAE;kBACpB,CAAC;kBACDE,QAAQ,EAAE;oBACR7C,GAAG,EAAE,CAAC,OAAO,EAAE,OAAO;kBACxB;gBACF,CAAC;gBACDiC,EAAE,EAAE;cACN,CAAC;YAEL,CAAC,CACF;YACDa,aAAa,EAAE,CACb,4EAA4E,CAC7E;YACDC,YAAY,EAAE,CACZ,2EAA2E,CAC5E;YACDC,iBAAiB,EAAE,IAAI;YACvBC,YAAY,EAAE,UAAU;YACxBC,UAAU,EAAE;cACVC,WAAW,EAAE;gBACXnD,GAAG,EAAE,CAAC,OAAO,EAAE,QAAQ;cACzB;YACF,CAAC;YACDQ,IAAI,EAAE;cACJC,IAAI,EAAE,CACJ;gBACE2C,GAAG,EAAE,OAAO;gBACZC,CAAC,EAAE,6CAA6C;gBAChDpD,GAAG,EAAE,6CAA6C;gBAClDqD,GAAG,EAAE,KAAK;gBACV5C,GAAG,EAAE,IAAI;gBACT6C,CAAC,EAAE,6CAA6C;gBAChDC,CAAC,EAAE;cACL,CAAC,EACD;gBACE9C,GAAG,EAAE,KAAK;gBACV2C,CAAC,EAAE,wVAAwV;gBAC3V1C,CAAC,EAAE,MAAM;gBACT2C,GAAG,EAAE,KAAK;gBACVrD,GAAG,EAAE,6CAA6C;gBAClDW,CAAC,EAAE,wVAAwV;gBAC3V6C,CAAC,EAAE,6KAA6K;gBAChLC,CAAC,EAAE;cACL,CAAC;YAEL;UACF;QACF,CAAC;QACDC,eAAe,EAAE,CACf,0DAA0D;MAE9D;IACF,CAAC;IACD,MAAMpE,MAAM,GAAGqE,sCAA+B,CAACC,SAAS,CAAC/D,EAAE,CAAC;IAC5D,IAAIP,MAAM,CAACuE,OAAO,KAAK,KAAK,EAAE;MAC5B,MAAMvE,MAAM,CAACwE,KAAK;IACpB;IACAtE,MAAM,CAACF,MAAM,CAACuE,OAAO,CAAC,CAACE,IAAI,CAAC,IAAI,CAAC;EACnC,CAAC,CAAC;AACJ,CAAC,CAAC"}
|