@pagopa/io-react-native-wallet 0.7.4 → 0.9.0

package/lib/commonjs/rp/index.js

@@ -1,239 +0,0 @@
-"use strict";
-
-Object.defineProperty(exports, "__esModule", {
-  value: true
-});
-exports.sendAuthorizationResponse = exports.getRequestObject = exports.decodeAuthRequestQR = void 0;
-var _errors = require("../utils/errors");
-var _ioReactNativeJwt = require("@pagopa/io-react-native-jwt");
-var _types = require("./types");
-var _reactNativeUuid = _interopRequireDefault(require("react-native-uuid"));
-var _sdJwt = require("../sd-jwt");
-var _dpop = require("../utils/dpop");
-var WalletInstanceAttestation = _interopRequireWildcard(require("../wallet-instance-attestation"));
-function _getRequireWildcardCache(nodeInterop) { if (typeof WeakMap !== "function") return null; var cacheBabelInterop = new WeakMap(); var cacheNodeInterop = new WeakMap(); return (_getRequireWildcardCache = function (nodeInterop) { return nodeInterop ? cacheNodeInterop : cacheBabelInterop; })(nodeInterop); }
-function _interopRequireWildcard(obj, nodeInterop) { if (!nodeInterop && obj && obj.__esModule) { return obj; } if (obj === null || typeof obj !== "object" && typeof obj !== "function") { return { default: obj }; } var cache = _getRequireWildcardCache(nodeInterop); if (cache && cache.has(obj)) { return cache.get(obj); } var newObj = {}; var hasPropertyDescriptor = Object.defineProperty && Object.getOwnPropertyDescriptor; for (var key in obj) { if (key !== "default" && Object.prototype.hasOwnProperty.call(obj, key)) { var desc = hasPropertyDescriptor ? Object.getOwnPropertyDescriptor(obj, key) : null; if (desc && (desc.get || desc.set)) { Object.defineProperty(newObj, key, desc); } else { newObj[key] = obj[key]; } } } newObj.default = obj; if (cache) { cache.set(obj, newObj); } return newObj; }
-function _interopRequireDefault(obj) { return obj && obj.__esModule ? obj : { default: obj }; }
-/**
- * Select a RSA public key from those provided by the RP to encrypt.
- *
- * @param entity The RP entity configuration
- * @returns A suitable public key with its compatible encryption algorithm
- * @throws {NoSuitableKeysFoundInEntityConfiguration} If entity do not contain any public key suitable for encrypting
- */
-const chooseRSAPublicKeyToEncrypt = entity => {
-  const [usingRsa256] = entity.payload.metadata.wallet_relying_party.jwks.keys.filter(jwk => jwk.use === "enc" && jwk.kty === "RSA");
-  if (usingRsa256) {
-    return usingRsa256;
-  }
-
-  // No suitable key has been found
-  throw new _errors.NoSuitableKeysFoundInEntityConfiguration("Encrypt with RP public key");
-};
-
-/**
- * Decode a QR code content to an authentication request url.
- * @function
- * @param qrcode QR code content
- *
- * @returns The authentication request url
- *
- */
-const decodeAuthRequestQR = qrcode => {
-  const decoded = (0, _ioReactNativeJwt.decodeBase64)(qrcode);
-  const decodedUrl = new URL(decoded);
-  const protocol = decodedUrl.protocol;
-  const resource = decodedUrl.hostname;
-  const requestURI = decodedUrl.searchParams.get("request_uri");
-  const clientId = decodedUrl.searchParams.get("client_id");
-  const result = _types.QRCodePayload.safeParse({
-    protocol,
-    resource,
-    requestURI,
-    clientId
-  });
-  if (result.success) {
-    return result.data;
-  } else {
-    throw new _errors.AuthRequestDecodeError(result.error.message, `${decodedUrl}`);
-  }
-};
-exports.decodeAuthRequestQR = decodeAuthRequestQR;
-/**
- * Obtain the Request Object for RP authentication
- * @see https://italia.github.io/eudi-wallet-it-docs/versione-corrente/en/relying-party-solution.html
- */
-const getRequestObject = _ref => {
-  let {
-    wiaCryptoContext,
-    appFetch = fetch
-  } = _ref;
-  return async (walletInstanceAttestation, requestUri, rpEntityConfiguration) => {
-    const signedWalletInstanceDPoP = await (0, _dpop.createDPopToken)({
-      jti: `${_reactNativeUuid.default.v4()}`,
-      htm: "GET",
-      htu: requestUri,
-      ath: await (0, _ioReactNativeJwt.sha256ToBase64)(walletInstanceAttestation)
-    }, wiaCryptoContext);
-    const response = await appFetch(requestUri, {
-      method: "GET",
-      headers: {
-        Authorization: `DPoP ${walletInstanceAttestation}`,
-        DPoP: signedWalletInstanceDPoP
-      }
-    });
-    if (response.status === 200) {
-      const responseJson = await response.json();
-      const responseEncodedJwt = responseJson.response;
-      const responseJwt = (0, _ioReactNativeJwt.decode)(responseEncodedJwt);
-
-      // verify token signature according to RP's entity configuration
-      // to ensure the request object is authentic
-      {
-        const pubKey = rpEntityConfiguration.payload.metadata.wallet_relying_party.jwks.keys.find(_ref2 => {
-          let {
-            kid
-          } = _ref2;
-          return kid === responseJwt.protectedHeader.kid;
-        });
-        if (!pubKey) {
-          throw new _errors.NoSuitableKeysFoundInEntityConfiguration("Request Object signature verification");
-        }
-        await (0, _ioReactNativeJwt.verify)(responseEncodedJwt, pubKey);
-      }
-
-      // parse request object it has the expected shape by specification
-      const requestObject = _types.RequestObject.parse({
-        header: responseJwt.protectedHeader,
-        payload: responseJwt.payload
-      });
-      return {
-        requestObject,
-        rpEntityConfiguration,
-        walletInstanceAttestation
-      };
-    }
-    throw new _errors.IoWalletError(`Unable to obtain Request Object. Response code: ${response.status}
-      ${await response.text()}`);
-  };
-};
-
-/**
- * Prepare the Verified Presentation token for a received request object in the context of an authorization request flow.
- * The presentation is prepared by disclosing data from provided credentials, according to requested claims
- * Each Verified Credential come along with the claims the user accepts to disclose from it.
- *
- * @todo accept more than a Verified Credential
- */
-exports.getRequestObject = getRequestObject;
-const prepareVpToken = _ref3 => {
-  let {
-    pidCryptoContext
-  } = _ref3;
-  return async (_ref4, _ref5) => {
-    let {
-      requestObject,
-      walletInstanceAttestation
-    } = _ref4;
-    let [vc, claims] = _ref5;
-    // this throws if vc cannot satisfy all the requested claims
-    const {
-      token: vp,
-      paths
-    } = await (0, _sdJwt.disclose)(vc, claims);
-
-    // obtain issuer from Wallet Instance
-    const {
-      payload: {
-        iss
-      }
-    } = WalletInstanceAttestation.decode(walletInstanceAttestation);
-    const pidKid = await pidCryptoContext.getPublicKey().then(_ => _.kid);
-
-    // TODO: [SIW-359] check all requeste claims of the requestedObj are satisfied
-    const vp_token = await new _ioReactNativeJwt.SignJWT(pidCryptoContext).setProtectedHeader({
-      typ: "JWT",
-      kid: pidKid
-    }).setPayload({
-      vp: vp,
-      jti: `${_reactNativeUuid.default.v4()}`,
-      iss,
-      nonce: requestObject.payload.nonce
-    }).setAudience(requestObject.payload.response_uri).setIssuedAt().setExpirationTime("1h").sign();
-    const vc_scope = requestObject.payload.scope;
-    const presentation_submission = {
-      definition_id: `${_reactNativeUuid.default.v4()}`,
-      id: `${_reactNativeUuid.default.v4()}`,
-      descriptor_map: paths.map(p => ({
-        id: vc_scope,
-        path: `$.vp_token.${p.path}`,
-        format: "vc+sd-jwt"
-      }))
-    };
-    return {
-      vp_token,
-      presentation_submission
-    };
-  };
-};
-
-/**
- * Compose and send an Authorization Response in the context of an authorization request flow.
- *
- * @todo MUST add presentation_submission
- *
- */
-const sendAuthorizationResponse = _ref6 => {
-  let {
-    pidCryptoContext,
-    appFetch = fetch
-  } = _ref6;
-  return async (_ref7, presentation) => {
-    let {
-      requestObject,
-      rpEntityConfiguration,
-      walletInstanceAttestation
-    } = _ref7;
-    // the request is an unsigned jws without iss, aud, exp
-    // https://openid.net/specs/openid-4-verifiable-presentations-1_0.html#name-signed-and-encrypted-respon
-    const jwk = chooseRSAPublicKeyToEncrypt(rpEntityConfiguration);
-    const {
-      vp_token,
-      presentation_submission
-    } = await prepareVpToken({
-      pidCryptoContext
-    })({
-      requestObject,
-      rpEntityConfiguration,
-      walletInstanceAttestation
-    }, presentation);
-    const authzResponsePayload = JSON.stringify({
-      state: requestObject.payload.state,
-      presentation_submission,
-      nonce: requestObject.payload.nonce,
-      vp_token
-    });
-    const encrypted = await new _ioReactNativeJwt.EncryptJwe(authzResponsePayload, {
-      alg: "RSA-OAEP-256",
-      enc: "A256CBC-HS512",
-      kid: jwk.kid
-    }).encrypt(jwk);
-    const formBody = new URLSearchParams({
-      response: encrypted
-    });
-    const body = formBody.toString();
-    const response = await appFetch(requestObject.payload.response_uri, {
-      method: "POST",
-      headers: {
-        "Content-Type": "application/x-www-form-urlencoded"
-      },
-      body
-    });
-    if (response.status === 200) {
-      return await response.json();
-    }
-    throw new _errors.IoWalletError(`Unable to send Authorization Response. Response: ${await response.text()} with code: ${response.status}`);
-  };
-};
-exports.sendAuthorizationResponse = sendAuthorizationResponse;
-//# sourceMappingURL=index.js.map

package/lib/commonjs/rp/index.js.map

@@ -1 +0,0 @@
-{"version":3,"names":["_errors","require","_ioReactNativeJwt","_types","_reactNativeUuid","_interopRequireDefault","_sdJwt","_dpop","WalletInstanceAttestation","_interopRequireWildcard","_getRequireWildcardCache","nodeInterop","WeakMap","cacheBabelInterop","cacheNodeInterop","obj","__esModule","default","cache","has","get","newObj","hasPropertyDescriptor","Object","defineProperty","getOwnPropertyDescriptor","key","prototype","hasOwnProperty","call","desc","set","chooseRSAPublicKeyToEncrypt","entity","usingRsa256","payload","metadata","wallet_relying_party","jwks","keys","filter","jwk","use","kty","NoSuitableKeysFoundInEntityConfiguration","decodeAuthRequestQR","qrcode","decoded","decodeBase64","decodedUrl","URL","protocol","resource","hostname","requestURI","searchParams","clientId","result","QRCodePayload","safeParse","success","data","AuthRequestDecodeError","error","message","exports","getRequestObject","_ref","wiaCryptoContext","appFetch","fetch","walletInstanceAttestation","requestUri","rpEntityConfiguration","signedWalletInstanceDPoP","createDPopToken","jti","uuid","v4","htm","htu","ath","sha256ToBase64","response","method","headers","Authorization","DPoP","status","responseJson","json","responseEncodedJwt","responseJwt","decodeJwt","pubKey","find","_ref2","kid","protectedHeader","verify","requestObject","RequestObject","parse","header","IoWalletError","text","prepareVpToken","_ref3","pidCryptoContext","_ref4","_ref5","vc","claims","token","vp","paths","disclose","iss","decode","pidKid","getPublicKey","then","_","vp_token","SignJWT","setProtectedHeader","typ","setPayload","nonce","setAudience","response_uri","setIssuedAt","setExpirationTime","sign","vc_scope","scope","presentation_submission","definition_id","id","descriptor_map","map","p","path","format","sendAuthorizationResponse","_ref6","_ref7","presentation","authzResponsePayload","JSON","stringify","state","encrypted","EncryptJwe","alg","enc","encrypt","formBody","URLSearchParams","body","toString"],"sourceRoot":"../../../src","sources":["rp/index.ts"],"mappings":";;;;;;AAAA,IAAAA,OAAA,GAAAC,OAAA;AAKA,IAAAC,iBAAA,GAAAD,OAAA;AASA,IAAAE,MAAA,GAAAF,OAAA;AAEA,IAAAG,gBAAA,GAAAC,sBAAA,CAAAJ,OAAA;AAEA,IAAAK,MAAA,GAAAL,OAAA;AACA,IAAAM,KAAA,GAAAN,OAAA;AAEA,IAAAO,yBAAA,GAAAC,uBAAA,CAAAR,OAAA;AAA4E,SAAAS,yBAAAC,WAAA,eAAAC,OAAA,kCAAAC,iBAAA,OAAAD,OAAA,QAAAE,gBAAA,OAAAF,OAAA,YAAAF,wBAAA,YAAAA,CAAAC,WAAA,WAAAA,WAAA,GAAAG,gBAAA,GAAAD,iBAAA,KAAAF,WAAA;AAAA,SAAAF,wBAAAM,GAAA,EAAAJ,WAAA,SAAAA,WAAA,IAAAI,GAAA,IAAAA,GAAA,CAAAC,UAAA,WAAAD,GAAA,QAAAA,GAAA,oBAAAA,GAAA,wBAAAA,GAAA,4BAAAE,OAAA,EAAAF,GAAA,UAAAG,KAAA,GAAAR,wBAAA,CAAAC,WAAA,OAAAO,KAAA,IAAAA,KAAA,CAAAC,GAAA,CAAAJ,GAAA,YAAAG,KAAA,CAAAE,GAAA,CAAAL,GAAA,SAAAM,MAAA,WAAAC,qBAAA,GAAAC,MAAA,CAAAC,cAAA,IAAAD,MAAA,CAAAE,wBAAA,WAAAC,GAAA,IAAAX,GAAA,QAAAW,GAAA,kBAAAH,MAAA,CAAAI,SAAA,CAAAC,cAAA,CAAAC,IAAA,CAAAd,GAAA,EAAAW,GAAA,SAAAI,IAAA,GAAAR,qBAAA,GAAAC,MAAA,CAAAE,wBAAA,CAAAV,GAAA,EAAAW,GAAA,cAAAI,IAAA,KAAAA,IAAA,CAAAV,GAAA,IAAAU,IAAA,CAAAC,GAAA,KAAAR,MAAA,CAAAC,cAAA,CAAAH,MAAA,EAAAK,GAAA,EAAAI,IAAA,YAAAT,MAAA,CAAAK,GAAA,IAAAX,GAAA,CAAAW,GAAA,SAAAL,MAAA,CAAAJ,OAAA,GAAAF,GAAA,MAAAG,KAAA,IAAAA,KAAA,CAAAa,GAAA,CAAAhB,GAAA,EAAAM,MAAA,YAAAA,MAAA;AAAA,SAAAhB,uBAAAU,GAAA,WAAAA,GAAA,IAAAA,GAAA,CAAAC,UAAA,GAAAD,GAAA,KAAAE,OAAA,EAAAF,GAAA;AAE5E;AACA;AACA;AACA;AACA;AACA;AACA;AACA,MAAMiB,2BAA2B,GAC/BC,MAAuC,IAC/B;EACR,MAAM,CAACC,WAAW,CAAC,GACjBD,MAAM,CAACE,OAAO,CAACC,QAAQ,CAACC,oBAAoB,CAACC,IAAI,CAACC,IAAI,CAACC,MAAM,CAC1DC,GAAG,IAAKA,GAAG,CAACC,GAAG,KAAK,KAAK,IAAID,GAAG,CAACE,GAAG,KAAK,KAC5C,CAAC;EAEH,IAAIT,WAAW,EAAE;IACf,OAAOA,WAAW;EACpB;;EAEA;EACA,MAAM,IAAIU,gDAAwC,CAChD,4BACF,CAAC;AACH,CAAC;;AAED;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACO,MAAMC,mBAAmB,GAAIC,MAAc,IAAoB;EACpE,MAAMC,OAAO,GAAG,IAAAC,8BAAY,EAACF,MAAM,CAAC;EACpC,MAAMG,UAAU,GAAG,IAAIC,GAAG,CAACH,OAAO,CAAC;EACnC,MAAMI,QAAQ,GAAGF,UAAU,CAACE,QAAQ;EACpC,MAAMC,QAAQ,GAAGH,UAAU,CAACI,QAAQ;EACpC,MAAMC,UAAU,GAAGL,UAAU,CAACM,YAAY,CAACnC,GAAG,CAAC,aAAa,CAAC;EAC7D,MAAMoC,QAAQ,GAAGP,UAAU,CAACM,YAAY,CAACnC,GAAG,CAAC,WAAW,CAAC;EAEzD,MAAMqC,MAAM,GAAGC,oBAAa,CAACC,SAAS,CAAC;IACrCR,QAAQ;IACRC,QAAQ;IACRE,UAAU;IACVE;EACF,CAAC,CAAC;EAEF,IAAIC,MAAM,CAACG,OAAO,EAAE;IAClB,OAAOH,MAAM,CAACI,IAAI;EACpB,CAAC,MAAM;IACL,MAAM,IAAIC,8BAAsB,CAACL,MAAM,CAACM,KAAK,CAACC,OAAO,EAAG,GAAEf,UAAW,EAAC,CAAC;EACzE;AACF,CAAC;AAACgB,OAAA,CAAApB,mBAAA,GAAAA,mBAAA;AAQF;AACA;AACA;AACA;AACO,MAAMqB,gBAAgB,GAC3BC,IAAA;EAAA,IAAC;IACCC,gBAAgB;IAChBC,QAAQ,GAAGC;EAIb,CAAC,GAAAH,IAAA;EAAA,OACD,OACEI,yBAAiC,EACjCC,UAAkB,EAClBC,qBAAsD,KACvB;IAC/B,MAAMC,wBAAwB,GAAG,MAAM,IAAAC,qBAAe,EACpD;MACEC,GAAG,EAAG,GAAEC,wBAAI,CAACC,EAAE,CAAC,CAAE,EAAC;MACnBC,GAAG,EAAE,KAAK;MACVC,GAAG,EAAER,UAAU;MACfS,GAAG,EAAE,MAAM,IAAAC,gCAAc,EAACX,yBAAyB;IACrD,CAAC,EACDH,gBACF,CAAC;IAED,MAAMe,QAAQ,GAAG,MAAMd,QAAQ,CAACG,UAAU,EAAE;MAC1CY,MAAM,EAAE,KAAK;MACbC,OAAO,EAAE;QACPC,aAAa,EAAG,QAAOf,yBAA0B,EAAC;QAClDgB,IAAI,EAAEb;MACR;IACF,CAAC,CAAC;IAEF,IAAIS,QAAQ,CAACK,MAAM,KAAK,GAAG,EAAE;MAC3B,MAAMC,YAAY,GAAG,MAAMN,QAAQ,CAACO,IAAI,CAAC,CAAC;MAC1C,MAAMC,kBAAkB,GAAGF,YAAY,CAACN,QAAQ;MAEhD,MAAMS,WAAW,GAAG,IAAAC,wBAAS,EAACF,kBAAkB,CAAC;;MAEjD;MACA;MACA;QACE,MAAMG,MAAM,GACVrB,qBAAqB,CAACtC,OAAO,CAACC,QAAQ,CAACC,oBAAoB,CAACC,IAAI,CAACC,IAAI,CAACwD,IAAI,CACxEC,KAAA;UAAA,IAAC;YAAEC;UAAI,CAAC,GAAAD,KAAA;UAAA,OAAKC,GAAG,KAAKL,WAAW,CAACM,eAAe,CAACD,GAAG;QAAA,CACtD,CAAC;QACH,IAAI,CAACH,MAAM,EAAE;UACX,MAAM,IAAIlD,gDAAwC,CAChD,uCACF,CAAC;QACH;QACA,MAAM,IAAAuD,wBAAM,EAACR,kBAAkB,EAAEG,MAAM,CAAC;MAC1C;;MAEA;MACA,MAAMM,aAAa,GAAGC,oBAAa,CAACC,KAAK,CAAC;QACxCC,MAAM,EAAEX,WAAW,CAACM,eAAe;QACnC/D,OAAO,EAAEyD,WAAW,CAACzD;MACvB,CAAC,CAAC;MAEF,OAAO;QACLiE,aAAa;QACb3B,qBAAqB;QACrBF;MACF,CAAC;IACH;IAEA,MAAM,IAAIiC,qBAAa,CACpB,mDAAkDrB,QAAQ,CAACK,MAAO;AACzE,QAAQ,MAAML,QAAQ,CAACsB,IAAI,CAAC,CAAE,EAC1B,CAAC;EACH,CAAC;AAAA;;AAEH;AACA;AACA;AACA;AACA;AACA;AACA;AANAxC,OAAA,CAAAC,gBAAA,GAAAA,gBAAA;AAOA,MAAMwC,cAAc,GAClBC,KAAA;EAAA,IAAC;IAAEC;EAAsD,CAAC,GAAAD,KAAA;EAAA,OAC1D,OAAAE,KAAA,EAAAC,KAAA,KAMM;IAAA,IALJ;MAAEV,aAAa;MAAE7B;IAA6C,CAAC,GAAAsC,KAAA;IAAA,IAC/D,CAACE,EAAE,EAAEC,MAAM,CAAe,GAAAF,KAAA;IAK1B;IACA,MAAM;MAAEG,KAAK,EAAEC,EAAE;MAAEC;IAAM,CAAC,GAAG,MAAM,IAAAC,eAAQ,EAACL,EAAE,EAAEC,MAAM,CAAC;;IAEvD;IACA,MAAM;MACJ7E,OAAO,EAAE;QAAEkF;MAAI;IACjB,CAAC,GAAG7G,yBAAyB,CAAC8G,MAAM,CAAC/C,yBAAyB,CAAC;IAE/D,MAAMgD,MAAM,GAAG,MAAMX,gBAAgB,CAACY,YAAY,CAAC,CAAC,CAACC,IAAI,CAAEC,CAAC,IAAKA,CAAC,CAACzB,GAAG,CAAC;;IAEvE;IACA,MAAM0B,QAAQ,GAAG,MAAM,IAAIC,yBAAO,CAAChB,gBAAgB,CAAC,CACjDiB,kBAAkB,CAAC;MAClBC,GAAG,EAAE,KAAK;MACV7B,GAAG,EAAEsB;IACP,CAAC,CAAC,CACDQ,UAAU,CAAC;MACVb,EAAE,EAAEA,EAAE;MACNtC,GAAG,EAAG,GAAEC,wBAAI,CAACC,EAAE,CAAC,CAAE,EAAC;MACnBuC,GAAG;MACHW,KAAK,EAAE5B,aAAa,CAACjE,OAAO,CAAC6F;IAC/B,CAAC,CAAC,CACDC,WAAW,CAAC7B,aAAa,CAACjE,OAAO,CAAC+F,YAAY,CAAC,CAC/CC,WAAW,CAAC,CAAC,CACbC,iBAAiB,CAAC,IAAI,CAAC,CACvBC,IAAI,CAAC,CAAC;IAET,MAAMC,QAAQ,GAAGlC,aAAa,CAACjE,OAAO,CAACoG,KAAK;IAC5C,MAAMC,uBAAuB,GAAG;MAC9BC,aAAa,EAAG,GAAE5D,wBAAI,CAACC,EAAE,CAAC,CAAE,EAAC;MAC7B4D,EAAE,EAAG,GAAE7D,wBAAI,CAACC,EAAE,CAAC,CAAE,EAAC;MAClB6D,cAAc,EAAExB,KAAK,CAACyB,GAAG,CAAEC,CAAC,KAAM;QAChCH,EAAE,EAAEJ,QAAQ;QACZQ,IAAI,EAAG,cAAaD,CAAC,CAACC,IAAK,EAAC;QAC5BC,MAAM,EAAE;MACV,CAAC,CAAC;IACJ,CAAC;IAED,OAAO;MAAEpB,QAAQ;MAAEa;IAAwB,CAAC;EAC9C,CAAC;AAAA;;AAEH;AACA;AACA;AACA;AACA;AACA;AACO,MAAMQ,yBAAyB,GACpCC,KAAA;EAAA,IAAC;IACCrC,gBAAgB;IAChBvC,QAAQ,GAAGC;EAIb,CAAC,GAAA2E,KAAA;EAAA,OACD,OAAAC,KAAA,EAMEC,YAA0B,KACN;IAAA,IANpB;MACE/C,aAAa;MACb3B,qBAAqB;MACrBF;IACiB,CAAC,GAAA2E,KAAA;IAGpB;IACA;IACA,MAAMzG,GAAG,GAAGT,2BAA2B,CAACyC,qBAAqB,CAAC;IAE9D,MAAM;MAAEkD,QAAQ;MAAEa;IAAwB,CAAC,GAAG,MAAM9B,cAAc,CAAC;MACjEE;IACF,CAAC,CAAC,CACA;MACER,aAAa;MACb3B,qBAAqB;MACrBF;IACF,CAAC,EACD4E,YACF,CAAC;IAED,MAAMC,oBAAoB,GAAGC,IAAI,CAACC,SAAS,CAAC;MAC1CC,KAAK,EAAEnD,aAAa,CAACjE,OAAO,CAACoH,KAAK;MAClCf,uBAAuB;MACvBR,KAAK,EAAE5B,aAAa,CAACjE,OAAO,CAAC6F,KAAK;MAClCL;IACF,CAAC,CAAC;IAEF,MAAM6B,SAAS,GAAG,MAAM,IAAIC,4BAAU,CAACL,oBAAoB,EAAE;MAC3DM,GAAG,EAAE,cAAc;MACnBC,GAAG,EAAE,eAAe;MACpB1D,GAAG,EAAExD,GAAG,CAACwD;IACX,CAAC,CAAC,CAAC2D,OAAO,CAACnH,GAAG,CAAC;IAEf,MAAMoH,QAAQ,GAAG,IAAIC,eAAe,CAAC;MAAE3E,QAAQ,EAAEqE;IAAU,CAAC,CAAC;IAC7D,MAAMO,IAAI,GAAGF,QAAQ,CAACG,QAAQ,CAAC,CAAC;IAEhC,MAAM7E,QAAQ,GAAG,MAAMd,QAAQ,CAAC+B,aAAa,CAACjE,OAAO,CAAC+F,YAAY,EAAE;MAClE9C,MAAM,EAAE,MAAM;MACdC,OAAO,EAAE;QACP,cAAc,EAAE;MAClB,CAAC;MACD0E;IACF,CAAC,CAAC;IAEF,IAAI5E,QAAQ,CAACK,MAAM,KAAK,GAAG,EAAE;MAC3B,OAAO,MAAML,QAAQ,CAACO,IAAI,CAAC,CAAC;IAC9B;IAEA,MAAM,IAAIc,qBAAa,CACpB,oDAAmD,MAAMrB,QAAQ,CAACsB,IAAI,CAAC,CAAE,eACxEtB,QAAQ,CAACK,MACV,EACH,CAAC;EACH,CAAC;AAAA;AAACvB,OAAA,CAAA+E,yBAAA,GAAAA,yBAAA"}

package/lib/commonjs/rp/types.js.map

@@ -1 +0,0 @@
-{"version":3,"names":["_types","require","z","_interopRequireWildcard","_getRequireWildcardCache","nodeInterop","WeakMap","cacheBabelInterop","cacheNodeInterop","obj","__esModule","default","cache","has","get","newObj","hasPropertyDescriptor","Object","defineProperty","getOwnPropertyDescriptor","key","prototype","hasOwnProperty","call","desc","set","RequestObject","object","header","typ","literal","optional","alg","string","kid","trust_chain","array","payload","iss","iat","UnixTime","exp","state","nonce","response_uri","response_type","response_mode","client_id","client_id_scheme","scope","exports","QRCodePayload","protocol","resource","clientId","requestURI"],"sourceRoot":"../../../src","sources":["rp/types.ts"],"mappings":";;;;;;AAAA,IAAAA,MAAA,GAAAC,OAAA;AACA,IAAAC,CAAA,GAAAC,uBAAA,CAAAF,OAAA;AAAyB,SAAAG,yBAAAC,WAAA,eAAAC,OAAA,kCAAAC,iBAAA,OAAAD,OAAA,QAAAE,gBAAA,OAAAF,OAAA,YAAAF,wBAAA,YAAAA,CAAAC,WAAA,WAAAA,WAAA,GAAAG,gBAAA,GAAAD,iBAAA,KAAAF,WAAA;AAAA,SAAAF,wBAAAM,GAAA,EAAAJ,WAAA,SAAAA,WAAA,IAAAI,GAAA,IAAAA,GAAA,CAAAC,UAAA,WAAAD,GAAA,QAAAA,GAAA,oBAAAA,GAAA,wBAAAA,GAAA,4BAAAE,OAAA,EAAAF,GAAA,UAAAG,KAAA,GAAAR,wBAAA,CAAAC,WAAA,OAAAO,KAAA,IAAAA,KAAA,CAAAC,GAAA,CAAAJ,GAAA,YAAAG,KAAA,CAAAE,GAAA,CAAAL,GAAA,SAAAM,MAAA,WAAAC,qBAAA,GAAAC,MAAA,CAAAC,cAAA,IAAAD,MAAA,CAAAE,wBAAA,WAAAC,GAAA,IAAAX,GAAA,QAAAW,GAAA,kBAAAH,MAAA,CAAAI,SAAA,CAAAC,cAAA,CAAAC,IAAA,CAAAd,GAAA,EAAAW,GAAA,SAAAI,IAAA,GAAAR,qBAAA,GAAAC,MAAA,CAAAE,wBAAA,CAAAV,GAAA,EAAAW,GAAA,cAAAI,IAAA,KAAAA,IAAA,CAAAV,GAAA,IAAAU,IAAA,CAAAC,GAAA,KAAAR,MAAA,CAAAC,cAAA,CAAAH,MAAA,EAAAK,GAAA,EAAAI,IAAA,YAAAT,MAAA,CAAAK,GAAA,IAAAX,GAAA,CAAAW,GAAA,SAAAL,MAAA,CAAAJ,OAAA,GAAAF,GAAA,MAAAG,KAAA,IAAAA,KAAA,CAAAa,GAAA,CAAAhB,GAAA,EAAAM,MAAA,YAAAA,MAAA;AAGlB,MAAMW,aAAa,GAAGxB,CAAC,CAACyB,MAAM,CAAC;EACpCC,MAAM,EAAE1B,CAAC,CAACyB,MAAM,CAAC;IACf;IACAE,GAAG,EAAE3B,CAAC,CAAC4B,OAAO,CAAC,KAAK,CAAC,CAACC,QAAQ,CAAC,CAAC;IAChCC,GAAG,EAAE9B,CAAC,CAAC+B,MAAM,CAAC,CAAC;IACfC,GAAG,EAAEhC,CAAC,CAAC+B,MAAM,CAAC,CAAC;IACfE,WAAW,EAAEjC,CAAC,CAACkC,KAAK,CAAClC,CAAC,CAAC+B,MAAM,CAAC,CAAC;EACjC,CAAC,CAAC;EACFI,OAAO,EAAEnC,CAAC,CAACyB,MAAM,CAAC;IAChBW,GAAG,EAAEpC,CAAC,CAAC+B,MAAM,CAAC,CAAC;IACfM,GAAG,EAAEC,eAAQ;IACbC,GAAG,EAAED,eAAQ;IACbE,KAAK,EAAExC,CAAC,CAAC+B,MAAM,CAAC,CAAC;IACjBU,KAAK,EAAEzC,CAAC,CAAC+B,MAAM,CAAC,CAAC;IACjBW,YAAY,EAAE1C,CAAC,CAAC+B,MAAM,CAAC,CAAC;IACxBY,aAAa,EAAE3C,CAAC,CAAC4B,OAAO,CAAC,UAAU,CAAC;IACpCgB,aAAa,EAAE5C,CAAC,CAAC4B,OAAO,CAAC,iBAAiB,CAAC;IAC3CiB,SAAS,EAAE7C,CAAC,CAAC+B,MAAM,CAAC,CAAC;IACrBe,gBAAgB,EAAE9C,CAAC,CAAC4B,OAAO,CAAC,WAAW,CAAC;IACxCmB,KAAK,EAAE/C,CAAC,CAAC+B,MAAM,CAAC;EAClB,CAAC;AACH,CAAC,CAAC;AAACiB,OAAA,CAAAxB,aAAA,GAAAA,aAAA;AAGI,MAAMyB,aAAa,GAAGjD,CAAC,CAACyB,MAAM,CAAC;EACpCyB,QAAQ,EAAElD,CAAC,CAAC+B,MAAM,CAAC,CAAC;EACpBoB,QAAQ,EAAEnD,CAAC,CAAC+B,MAAM,CAAC,CAAC;EAAE;EACtBqB,QAAQ,EAAEpD,CAAC,CAAC+B,MAAM,CAAC,CAAC;EACpBsB,UAAU,EAAErD,CAAC,CAAC+B,MAAM,CAAC;AACvB,CAAC,CAAC;;AAEF;AACA;AACA;AAFAiB,OAAA,CAAAC,aAAA,GAAAA,aAAA"}

package/lib/module/pid/issuing.js

@@ -1,266 +0,0 @@
-import { sha256ToBase64, SignJWT, thumbprint } from "@pagopa/io-react-native-jwt";
-import { JWK } from "../utils/jwk";
-import uuid from "react-native-uuid";
-import { PidIssuingError } from "../utils/errors";
-import { createDPopToken } from "../utils/dpop";
-import * as WalletInstanceAttestation from "../wallet-instance-attestation";
-import { SdJwt } from ".";
-import { useEphemeralKey } from "../utils/crypto";
-import * as z from "zod";
-import { getJwtFromFormPost } from "../utils/decoder";
-
-// This is a temporary type that will be used for demo purposes only
-
-const AuthenticationRequestResponse = z.object({
-  code: z.string(),
-  state: z.string(),
-  // TODO: refine to known paths using literals
-  iss: z.string()
-});
-const assertionType = "urn:ietf:params:oauth:client-assertion-type:jwt-client-attestation";
-
-/**
- * Make a PAR request to the PID issuer and return the response url
- */
-const getPar = _ref => {
-  let {
-    wiaCryptoContext,
-    appFetch = fetch
-  } = _ref;
-  return async (clientId, codeVerifier, walletProviderBaseUrl, pidProviderEntityConfiguration, walletInstanceAttestation) => {
-    // Calculate the thumbprint of the public key of the Wallet Instance Attestation.
-    // The PAR request token is signed used the Wallet Instance Attestation key.
-    // The signature can be verified by reading the public key from the key set shippet with the it will ship the Wallet Instance Attestation;
-    //  key is matched by its kid, which is supposed to be the thumbprint of its public key.
-    const keyThumbprint = await wiaCryptoContext.getPublicKey().then(JWK.parse).then(thumbprint);
-    const iss = WalletInstanceAttestation.decode(walletInstanceAttestation).payload.cnf.jwk.kid;
-    const codeChallenge = await sha256ToBase64(codeVerifier);
-    const signedJwtForPar = await new SignJWT(wiaCryptoContext).setProtectedHeader({
-      kid: keyThumbprint
-    }).setPayload({
-      iss,
-      aud: pidProviderEntityConfiguration.payload.iss,
-      jti: `${uuid.v4()}`,
-      client_assertion_type: assertionType,
-      authorization_details: [{
-        credential_definition: {
-          type: "PersonIdentificationData"
-        },
-        format: "vc+sd-jwt",
-        type: "openid_credential"
-      }],
-      response_type: "code",
-      code_challenge_method: "s256",
-      redirect_uri: walletProviderBaseUrl,
-      state: `${uuid.v4()}`,
-      client_id: clientId,
-      code_challenge: codeChallenge
-    }).setIssuedAt().setExpirationTime("1h").sign();
-    const parUrl = pidProviderEntityConfiguration.payload.metadata.openid_credential_issuer.pushed_authorization_request_endpoint;
-    const requestBody = {
-      response_type: "code",
-      client_id: clientId,
-      code_challenge: codeChallenge,
-      code_challenge_method: "S256",
-      client_assertion_type: assertionType,
-      client_assertion: walletInstanceAttestation,
-      request: signedJwtForPar
-    };
-    var formBody = new URLSearchParams(requestBody);
-    const response = await appFetch(parUrl, {
-      method: "POST",
-      headers: {
-        "Content-Type": "application/x-www-form-urlencoded"
-      },
-      body: formBody.toString()
-    });
-    if (response.status === 201) {
-      const result = await response.json();
-      return result.request_uri;
-    }
-    throw new PidIssuingError(`Unable to obtain PAR. Response code: ${await response.text()}`);
-  };
-};
-
-/**
- * Make an authorization request
- */
-const getAuthenticationRequest = _ref2 => {
-  let {
-    appFetch = fetch
-  } = _ref2;
-  return async (clientId, requestUri, pidProviderEntityConfiguration, cieData) => {
-    const authzRequestEndpoint = pidProviderEntityConfiguration.payload.metadata.openid_credential_issuer.authorization_endpoint;
-
-    /* User's personal data is not supposed to transit in this flow,
-     * but to be provided to the PID issuer directly by its chosen authentication method (CIE).
-     * Being the project in an initial phase, and being we were still unable to fully comply with authentication,
-     * we temporarily provide data from the App's logged user.
-     * */
-    const params = new URLSearchParams({
-      client_id: clientId,
-      request_uri: requestUri,
-      name: cieData.name,
-      surname: cieData.surname,
-      birth_date: cieData.birthDate,
-      fiscal_code: cieData.fiscalCode
-    });
-    const response = await appFetch(authzRequestEndpoint + "?" + params, {
-      method: "GET"
-    });
-    if (response.status === 200) {
-      const formData = await response.text();
-      const {
-        decodedJwt
-      } = await getJwtFromFormPost(formData);
-      const parsed = AuthenticationRequestResponse.parse(decodedJwt.payload);
-      return parsed;
-    }
-    throw new PidIssuingError(`Unable to obtain Authorization Request. Response code: ${await response.text()}`);
-  };
-};
-
-/**
- * Start the issuing flow by generating an authorization request to the PID Provider. Obtain from the PID Provider an access token to be used to complete the issuing flow.
- *
- * @param params.wiaCryptoContext The key pair associated with the WIA. Will be use to prove the ownership of the attestation.
- * @param params.appFetch (optional) Http client
- * @param walletInstanceAttestation Wallet Instance Attestation token.
- * @param walletProviderBaseUrl Base url for the Wallet Provider.
- * @param pidProviderEntityConfiguration The Entity Configuration of the PID Provider, from which discover public endooints.
- * @param cieData Data red from the CIE login process
- * @returns The access token along with the values that identify the issuing session.
- */
-export const authorizeIssuing = _ref3 => {
-  let {
-    wiaCryptoContext,
-    appFetch = fetch
-  } = _ref3;
-  return async (walletInstanceAttestation, walletProviderBaseUrl, pidProviderEntityConfiguration, cieData) => {
-    // FIXME: do better
-    const clientId = await wiaCryptoContext.getPublicKey().then(_ => _.kid);
-    const codeVerifier = `${uuid.v4()}`;
-    const tokenUrl = pidProviderEntityConfiguration.payload.metadata.openid_credential_issuer.token_endpoint;
-    const requestUri = await getPar({
-      wiaCryptoContext,
-      appFetch
-    })(clientId, codeVerifier, walletProviderBaseUrl, pidProviderEntityConfiguration, walletInstanceAttestation);
-    const authenticationRequest = await getAuthenticationRequest({})(clientId, requestUri, pidProviderEntityConfiguration, cieData);
-    const authorizationCode = authenticationRequest.code;
-    const signedDPop = await useEphemeralKey(ctx => createDPopToken({
-      htm: "POST",
-      htu: tokenUrl,
-      jti: `${uuid.v4()}`
-    }, ctx));
-    const requestBody = {
-      grant_type: "authorization code",
-      client_id: clientId,
-      code: authorizationCode,
-      code_verifier: codeVerifier,
-      client_assertion_type: assertionType,
-      client_assertion: walletInstanceAttestation,
-      redirect_uri: walletProviderBaseUrl
-    };
-    var formBody = new URLSearchParams(requestBody);
-    const response = await appFetch(tokenUrl, {
-      method: "POST",
-      headers: {
-        "Content-Type": "application/x-www-form-urlencoded",
-        DPoP: signedDPop
-      },
-      body: formBody.toString()
-    });
-    if (response.status === 200) {
-      const {
-        c_nonce,
-        access_token
-      } = await response.json();
-      return {
-        accessToken: access_token,
-        nonce: c_nonce,
-        clientId,
-        codeVerifier,
-        authorizationCode,
-        walletProviderBaseUrl
-      };
-    }
-    throw new PidIssuingError(`Unable to obtain token. Response code: ${await response.text()}`);
-  };
-};
-
-/**
- * Return the signed jwt for nonce proof of possession
- */
-const createNonceProof = async (nonce, issuer, audience, ctx) => {
-  return new SignJWT(ctx).setPayload({
-    nonce,
-    jwk: await ctx.getPublicKey()
-  }).setProtectedHeader({
-    type: "openid4vci-proof+jwt"
-  }).setAudience(audience).setIssuer(issuer).setIssuedAt().setExpirationTime("1h").sign();
-};
-
-/**
- * Complete the issuing flow and get the PID credential.
- *
- * @param params.pidCryptoContext The key pair associated with the PID. Will be use to prove the ownership of the credential.
- * @param params.appFetch (optional) Http client
- * @param authConf The authorization configuration retrieved with the access token
- * @returns The PID credential token
- */
-export const getCredential = _ref4 => {
-  let {
-    pidCryptoContext,
-    appFetch = fetch
-  } = _ref4;
-  return async (_ref5, pidProviderEntityConfiguration) => {
-    let {
-      nonce,
-      accessToken,
-      clientId,
-      walletProviderBaseUrl
-    } = _ref5;
-    const credentialUrl = pidProviderEntityConfiguration.payload.metadata.openid_credential_issuer.credential_endpoint;
-    const signedDPopForPid = await createDPopToken({
-      htm: "POST",
-      htu: credentialUrl,
-      jti: `${uuid.v4()}`
-    }, pidCryptoContext);
-    const signedNonceProof = await createNonceProof(nonce, clientId, walletProviderBaseUrl, pidCryptoContext);
-    const requestBody = {
-      credential_definition: JSON.stringify({
-        type: ["PersonIdentificationData"]
-      }),
-      format: "vc+sd-jwt",
-      proof: JSON.stringify({
-        jwt: signedNonceProof,
-        proof_type: "jwt"
-      })
-    };
-    const formBody = new URLSearchParams(requestBody);
-    const response = await appFetch(credentialUrl, {
-      method: "POST",
-      headers: {
-        "Content-Type": "application/x-www-form-urlencoded",
-        DPoP: signedDPopForPid,
-        Authorization: accessToken
-      },
-      body: formBody.toString()
-    });
-    if (response.status === 200) {
-      const pidResponse = await response.json();
-      await validatePid(pidResponse.credential, pidCryptoContext);
-      return pidResponse;
-    }
-    throw new PidIssuingError(`Unable to obtain credential! url=${credentialUrl} status=${response.status} body=${await response.text()}`);
-  };
-};
-const validatePid = async (pidJwt, pidCryptoContext) => {
-  const decoded = SdJwt.decode(pidJwt);
-  const pidKey = await pidCryptoContext.getPublicKey();
-  const holderBindedKey = decoded.sdJwt.payload.cnf.jwk;
-  if ((await thumbprint(pidKey)) !== (await thumbprint(holderBindedKey))) {
-    throw new PidIssuingError(`The obtained pid does not seem to be valid according to your configuration. Your PID public key is: ${JSON.stringify(pidKey)} but PID holder binded key is: ${JSON.stringify(holderBindedKey)}`);
-  }
-};
-//# sourceMappingURL=issuing.js.map

package/lib/module/pid/issuing.js.map

@@ -1 +0,0 @@
-{"version":3,"names":["sha256ToBase64","SignJWT","thumbprint","JWK","uuid","PidIssuingError","createDPopToken","WalletInstanceAttestation","SdJwt","useEphemeralKey","z","getJwtFromFormPost","AuthenticationRequestResponse","object","code","string","state","iss","assertionType","getPar","_ref","wiaCryptoContext","appFetch","fetch","clientId","codeVerifier","walletProviderBaseUrl","pidProviderEntityConfiguration","walletInstanceAttestation","keyThumbprint","getPublicKey","then","parse","decode","payload","cnf","jwk","kid","codeChallenge","signedJwtForPar","setProtectedHeader","setPayload","aud","jti","v4","client_assertion_type","authorization_details","credential_definition","type","format","response_type","code_challenge_method","redirect_uri","client_id","code_challenge","setIssuedAt","setExpirationTime","sign","parUrl","metadata","openid_credential_issuer","pushed_authorization_request_endpoint","requestBody","client_assertion","request","formBody","URLSearchParams","response","method","headers","body","toString","status","result","json","request_uri","text","getAuthenticationRequest","_ref2","requestUri","cieData","authzRequestEndpoint","authorization_endpoint","params","name","surname","birth_date","birthDate","fiscal_code","fiscalCode","formData","decodedJwt","parsed","authorizeIssuing","_ref3","_","tokenUrl","token_endpoint","authenticationRequest","authorizationCode","signedDPop","ctx","htm","htu","grant_type","code_verifier","DPoP","c_nonce","access_token","accessToken","nonce","createNonceProof","issuer","audience","setAudience","setIssuer","getCredential","_ref4","pidCryptoContext","_ref5","credentialUrl","credential_endpoint","signedDPopForPid","signedNonceProof","JSON","stringify","proof","jwt","proof_type","Authorization","pidResponse","validatePid","credential","pidJwt","decoded","pidKey","holderBindedKey","sdJwt"],"sourceRoot":"../../../src","sources":["pid/issuing.ts"],"mappings":"AAAA,SACEA,cAAc,EAEdC,OAAO,EACPC,UAAU,QACL,6BAA6B;AAEpC,SAASC,GAAG,QAAQ,cAAc;AAClC,OAAOC,IAAI,MAAM,mBAAmB;AACpC,SAASC,eAAe,QAAQ,iBAAiB;AACjD,SAASC,eAAe,QAAQ,eAAe;AAE/C,OAAO,KAAKC,yBAAyB,MAAM,gCAAgC;AAC3E,SAASC,KAAK,QAAQ,GAAG;AACzB,SAASC,eAAe,QAAQ,iBAAiB;AAEjD,OAAO,KAAKC,CAAC,MAAM,KAAK;AACxB,SAASC,kBAAkB,QAAQ,kBAAkB;;AAErD;;AA2BA,MAAMC,6BAA6B,GAAGF,CAAC,CAACG,MAAM,CAAC;EAC7CC,IAAI,EAAEJ,CAAC,CAACK,MAAM,CAAC,CAAC;EAChBC,KAAK,EAAEN,CAAC,CAACK,MAAM,CAAC,CAAC;EAAE;EACnBE,GAAG,EAAEP,CAAC,CAACK,MAAM,CAAC;AAChB,CAAC,CAAC;AAEF,MAAMG,aAAa,GACjB,oEAAoE;;AAEtE;AACA;AACA;AACA,MAAMC,MAAM,GACVC,IAAA;EAAA,IAAC;IACCC,gBAAgB;IAChBC,QAAQ,GAAGC;EAIb,CAAC,GAAAH,IAAA;EAAA,OACD,OACEI,QAAgB,EAChBC,YAAoB,EACpBC,qBAA6B,EAC7BC,8BAAmE,EACnEC,yBAAiC,KACb;IACpB;IACA;IACA;IACA;IACA,MAAMC,aAAa,GAAG,MAAMR,gBAAgB,CACzCS,YAAY,CAAC,CAAC,CACdC,IAAI,CAAC5B,GAAG,CAAC6B,KAAK,CAAC,CACfD,IAAI,CAAC7B,UAAU,CAAC;IAEnB,MAAMe,GAAG,GAAGV,yBAAyB,CAAC0B,MAAM,CAACL,yBAAyB,CAAC,CACpEM,OAAO,CAACC,GAAG,CAACC,GAAG,CAACC,GAAG;IAEtB,MAAMC,aAAa,GAAG,MAAMtC,cAAc,CAACyB,YAAY,CAAC;IAExD,MAAMc,eAAe,GAAG,MAAM,IAAItC,OAAO,CAACoB,gBAAgB,CAAC,CACxDmB,kBAAkB,CAAC;MAClBH,GAAG,EAAER;IACP,CAAC,CAAC,CACDY,UAAU,CAAC;MACVxB,GAAG;MACHyB,GAAG,EAAEf,8BAA8B,CAACO,OAAO,CAACjB,GAAG;MAC/C0B,GAAG,EAAG,GAAEvC,IAAI,CAACwC,EAAE,CAAC,CAAE,EAAC;MACnBC,qBAAqB,EAAE3B,aAAa;MACpC4B,qBAAqB,EAAE,CACrB;QACEC,qBAAqB,EAAE;UACrBC,IAAI,EAAE;QACR,CAAC;QACDC,MAAM,EAAE,WAAW;QACnBD,IAAI,EAAE;MACR,CAAC,CACF;MACDE,aAAa,EAAE,MAAM;MACrBC,qBAAqB,EAAE,MAAM;MAC7BC,YAAY,EAAE1B,qBAAqB;MACnCV,KAAK,EAAG,GAAEZ,IAAI,CAACwC,EAAE,CAAC,CAAE,EAAC;MACrBS,SAAS,EAAE7B,QAAQ;MACnB8B,cAAc,EAAEhB;IAClB,CAAC,CAAC,CACDiB,WAAW,CAAC,CAAC,CACbC,iBAAiB,CAAC,IAAI,CAAC,CACvBC,IAAI,CAAC,CAAC;IAET,MAAMC,MAAM,GACV/B,8BAA8B,CAACO,OAAO,CAACyB,QAAQ,CAACC,wBAAwB,CACrEC,qCAAqC;IAE1C,MAAMC,WAAW,GAAG;MAClBZ,aAAa,EAAE,MAAM;MACrBG,SAAS,EAAE7B,QAAQ;MACnB8B,cAAc,EAAEhB,aAAa;MAC7Ba,qBAAqB,EAAE,MAAM;MAC7BN,qBAAqB,EAAE3B,aAAa;MACpC6C,gBAAgB,EAAEnC,yBAAyB;MAC3CoC,OAAO,EAAEzB;IACX,CAAC;IAED,IAAI0B,QAAQ,GAAG,IAAIC,eAAe,CAACJ,WAAW,CAAC;IAE/C,MAAMK,QAAQ,GAAG,MAAM7C,QAAQ,CAACoC,MAAM,EAAE;MACtCU,MAAM,EAAE,MAAM;MACdC,OAAO,EAAE;QACP,cAAc,EAAE;MAClB,CAAC;MACDC,IAAI,EAAEL,QAAQ,CAACM,QAAQ,CAAC;IAC1B,CAAC,CAAC;IAEF,IAAIJ,QAAQ,CAACK,MAAM,KAAK,GAAG,EAAE;MAC3B,MAAMC,MAAM,GAAG,MAAMN,QAAQ,CAACO,IAAI,CAAC,CAAC;MACpC,OAAOD,MAAM,CAACE,WAAW;IAC3B;IAEA,MAAM,IAAItE,eAAe,CACtB,wCAAuC,MAAM8D,QAAQ,CAACS,IAAI,CAAC,CAAE,EAChE,CAAC;EACH,CAAC;AAAA;;AAEH;AACA;AACA;AACA,MAAMC,wBAAwB,GAC5BC,KAAA;EAAA,IAAC;IAAExD,QAAQ,GAAGC;EAA2C,CAAC,GAAAuD,KAAA;EAAA,OAC1D,OACEtD,QAAgB,EAChBuD,UAAkB,EAClBpD,8BAAmE,EACnEqD,OAAgB,KAC2B;IAC3C,MAAMC,oBAAoB,GACxBtD,8BAA8B,CAACO,OAAO,CAACyB,QAAQ,CAACC,wBAAwB,CACrEsB,sBAAsB;;IAE3B;AACJ;AACA;AACA;AACA;IACI,MAAMC,MAAM,GAAG,IAAIjB,eAAe,CAAC;MACjCb,SAAS,EAAE7B,QAAQ;MACnBmD,WAAW,EAAEI,UAAU;MACvBK,IAAI,EAAEJ,OAAO,CAACI,IAAI;MAClBC,OAAO,EAAEL,OAAO,CAACK,OAAO;MACxBC,UAAU,EAAEN,OAAO,CAACO,SAAS;MAC7BC,WAAW,EAAER,OAAO,CAACS;IACvB,CAAC,CAAC;IAEF,MAAMtB,QAAQ,GAAG,MAAM7C,QAAQ,CAAC2D,oBAAoB,GAAG,GAAG,GAAGE,MAAM,EAAE;MACnEf,MAAM,EAAE;IACV,CAAC,CAAC;IAEF,IAAID,QAAQ,CAACK,MAAM,KAAK,GAAG,EAAE;MAC3B,MAAMkB,QAAQ,GAAG,MAAMvB,QAAQ,CAACS,IAAI,CAAC,CAAC;MACtC,MAAM;QAAEe;MAAW,CAAC,GAAG,MAAMhF,kBAAkB,CAAC+E,QAAQ,CAAC;MACzD,MAAME,MAAM,GAAGhF,6BAA6B,CAACoB,KAAK,CAAC2D,UAAU,CAACzD,OAAO,CAAC;MACtE,OAAO0D,MAAM;IACf;IAEA,MAAM,IAAIvF,eAAe,CACtB,0DAAyD,MAAM8D,QAAQ,CAACS,IAAI,CAAC,CAAE,EAClF,CAAC;EACH,CAAC;AAAA;;AAEH;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,OAAO,MAAMiB,gBAAgB,GAC3BC,KAAA;EAAA,IAAC;IACCzE,gBAAgB;IAChBC,QAAQ,GAAGC;EAIb,CAAC,GAAAuE,KAAA;EAAA,OACD,OACElE,yBAAiC,EACjCF,qBAA6B,EAC7BC,8BAAmE,EACnEqD,OAAgB,KACe;IAC/B;IACA,MAAMxD,QAAQ,GAAG,MAAMH,gBAAgB,CAACS,YAAY,CAAC,CAAC,CAACC,IAAI,CAAEgE,CAAC,IAAKA,CAAC,CAAC1D,GAAG,CAAC;IACzE,MAAMZ,YAAY,GAAI,GAAErB,IAAI,CAACwC,EAAE,CAAC,CAAE,EAAC;IAEnC,MAAMoD,QAAQ,GACZrE,8BAA8B,CAACO,OAAO,CAACyB,QAAQ,CAACC,wBAAwB,CACrEqC,cAAc;IAEnB,MAAMlB,UAAU,GAAG,MAAM5D,MAAM,CAAC;MAAEE,gBAAgB;MAAEC;IAAS,CAAC,CAAC,CAC7DE,QAAQ,EACRC,YAAY,EACZC,qBAAqB,EACrBC,8BAA8B,EAC9BC,yBACF,CAAC;IAED,MAAMsE,qBAAqB,GAAG,MAAMrB,wBAAwB,CAAC,CAAC,CAAC,CAAC,CAC9DrD,QAAQ,EACRuD,UAAU,EACVpD,8BAA8B,EAC9BqD,OACF,CAAC;IAED,MAAMmB,iBAAiB,GAAGD,qBAAqB,CAACpF,IAAI;IAEpD,MAAMsF,UAAU,GAAG,MAAM3F,eAAe,CAAE4F,GAAG,IAC3C/F,eAAe,CACb;MACEgG,GAAG,EAAE,MAAM;MACXC,GAAG,EAAEP,QAAQ;MACbrD,GAAG,EAAG,GAAEvC,IAAI,CAACwC,EAAE,CAAC,CAAE;IACpB,CAAC,EACDyD,GACF,CACF,CAAC;IAED,MAAMvC,WAAW,GAAG;MAClB0C,UAAU,EAAE,oBAAoB;MAChCnD,SAAS,EAAE7B,QAAQ;MACnBV,IAAI,EAAEqF,iBAAiB;MACvBM,aAAa,EAAEhF,YAAY;MAC3BoB,qBAAqB,EAAE3B,aAAa;MACpC6C,gBAAgB,EAAEnC,yBAAyB;MAC3CwB,YAAY,EAAE1B;IAChB,CAAC;IACD,IAAIuC,QAAQ,GAAG,IAAIC,eAAe,CAACJ,WAAW,CAAC;IAE/C,MAAMK,QAAQ,GAAG,MAAM7C,QAAQ,CAAC0E,QAAQ,EAAE;MACxC5B,MAAM,EAAE,MAAM;MACdC,OAAO,EAAE;QACP,cAAc,EAAE,mCAAmC;QACnDqC,IAAI,EAAEN;MACR,CAAC;MACD9B,IAAI,EAAEL,QAAQ,CAACM,QAAQ,CAAC;IAC1B,CAAC,CAAC;IAEF,IAAIJ,QAAQ,CAACK,MAAM,KAAK,GAAG,EAAE;MAC3B,MAAM;QAAEmC,OAAO;QAAEC;MAAa,CAAC,GAAG,MAAMzC,QAAQ,CAACO,IAAI,CAAC,CAAC;MACvD,OAAO;QACLmC,WAAW,EAAED,YAAY;QACzBE,KAAK,EAAEH,OAAO;QACdnF,QAAQ;QACRC,YAAY;QACZ0E,iBAAiB;QACjBzE;MACF,CAAC;IACH;IAEA,MAAM,IAAIrB,eAAe,CACtB,0CAAyC,MAAM8D,QAAQ,CAACS,IAAI,CAAC,CAAE,EAClE,CAAC;EACH,CAAC;AAAA;;AAEH;AACA;AACA;AACA,MAAMmC,gBAAgB,GAAG,MAAAA,CACvBD,KAAa,EACbE,MAAc,EACdC,QAAgB,EAChBZ,GAAkB,KACE;EACpB,OAAO,IAAIpG,OAAO,CAACoG,GAAG,CAAC,CACpB5D,UAAU,CAAC;IACVqE,KAAK;IACL1E,GAAG,EAAE,MAAMiE,GAAG,CAACvE,YAAY,CAAC;EAC9B,CAAC,CAAC,CACDU,kBAAkB,CAAC;IAClBQ,IAAI,EAAE;EACR,CAAC,CAAC,CACDkE,WAAW,CAACD,QAAQ,CAAC,CACrBE,SAAS,CAACH,MAAM,CAAC,CACjBzD,WAAW,CAAC,CAAC,CACbC,iBAAiB,CAAC,IAAI,CAAC,CACvBC,IAAI,CAAC,CAAC;AACX,CAAC;;AAED;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,OAAO,MAAM2D,aAAa,GACxBC,KAAA;EAAA,IAAC;IACCC,gBAAgB;IAChBhG,QAAQ,GAAGC;EAIb,CAAC,GAAA8F,KAAA;EAAA,OACD,OAAAE,KAAA,EAEE5F,8BAAmE,KAC1C;IAAA,IAFzB;MAAEmF,KAAK;MAAED,WAAW;MAAErF,QAAQ;MAAEE;IAAyC,CAAC,GAAA6F,KAAA;IAG1E,MAAMC,aAAa,GACjB7F,8BAA8B,CAACO,OAAO,CAACyB,QAAQ,CAACC,wBAAwB,CACrE6D,mBAAmB;IAExB,MAAMC,gBAAgB,GAAG,MAAMpH,eAAe,CAC5C;MACEgG,GAAG,EAAE,MAAM;MACXC,GAAG,EAAEiB,aAAa;MAClB7E,GAAG,EAAG,GAAEvC,IAAI,CAACwC,EAAE,CAAC,CAAE;IACpB,CAAC,EACD0E,gBACF,CAAC;IAED,MAAMK,gBAAgB,GAAG,MAAMZ,gBAAgB,CAC7CD,KAAK,EACLtF,QAAQ,EACRE,qBAAqB,EACrB4F,gBACF,CAAC;IAED,MAAMxD,WAAW,GAAG;MAClBf,qBAAqB,EAAE6E,IAAI,CAACC,SAAS,CAAC;QACpC7E,IAAI,EAAE,CAAC,0BAA0B;MACnC,CAAC,CAAC;MACFC,MAAM,EAAE,WAAW;MACnB6E,KAAK,EAAEF,IAAI,CAACC,SAAS,CAAC;QACpBE,GAAG,EAAEJ,gBAAgB;QACrBK,UAAU,EAAE;MACd,CAAC;IACH,CAAC;IACD,MAAM/D,QAAQ,GAAG,IAAIC,eAAe,CAACJ,WAAW,CAAC;IAEjD,MAAMK,QAAQ,GAAG,MAAM7C,QAAQ,CAACkG,aAAa,EAAE;MAC7CpD,MAAM,EAAE,MAAM;MACdC,OAAO,EAAE;QACP,cAAc,EAAE,mCAAmC;QACnDqC,IAAI,EAAEgB,gBAAgB;QACtBO,aAAa,EAAEpB;MACjB,CAAC;MACDvC,IAAI,EAAEL,QAAQ,CAACM,QAAQ,CAAC;IAC1B,CAAC,CAAC;IAEF,IAAIJ,QAAQ,CAACK,MAAM,KAAK,GAAG,EAAE;MAC3B,MAAM0D,WAAW,GAAI,MAAM/D,QAAQ,CAACO,IAAI,CAAC,CAAiB;MAC1D,MAAMyD,WAAW,CAACD,WAAW,CAACE,UAAU,EAAEd,gBAAgB,CAAC;MAC3D,OAAOY,WAAW;IACpB;IAEA,MAAM,IAAI7H,eAAe,CACtB,oCAAmCmH,aAAc,WAChDrD,QAAQ,CAACK,MACV,SAAQ,MAAML,QAAQ,CAACS,IAAI,CAAC,CAAE,EACjC,CAAC;EACH,CAAC;AAAA;AAEH,MAAMuD,WAAW,GAAG,MAAAA,CAAOE,MAAc,EAAEf,gBAA+B,KAAK;EAC7E,MAAMgB,OAAO,GAAG9H,KAAK,CAACyB,MAAM,CAACoG,MAAM,CAAC;EACpC,MAAME,MAAM,GAAG,MAAMjB,gBAAgB,CAACxF,YAAY,CAAC,CAAC;EACpD,MAAM0G,eAAe,GAAGF,OAAO,CAACG,KAAK,CAACvG,OAAO,CAACC,GAAG,CAACC,GAAG;EAErD,IAAI,CAAC,MAAMlC,UAAU,CAACqI,MAAM,CAAC,OAAO,MAAMrI,UAAU,CAACsI,eAAe,CAAC,CAAC,EAAE;IACtE,MAAM,IAAInI,eAAe,CACtB,uGAAsGuH,IAAI,CAACC,SAAS,CACnHU,MACF,CAAE,kCAAiCX,IAAI,CAACC,SAAS,CAACW,eAAe,CAAE,EACrE,CAAC;EACH;AACF,CAAC"}