@pagopa/io-react-native-wallet 0.7.4 → 0.9.1

Sign up to get free protection for your applications and to get access to all the features.
Files changed (217) hide show
  1. package/README.md +49 -31
  2. package/lib/commonjs/credential/index.js +13 -0
  3. package/lib/commonjs/credential/index.js.map +1 -0
  4. package/lib/commonjs/credential/issuance/01-start-flow.js +2 -0
  5. package/lib/commonjs/credential/issuance/01-start-flow.js.map +1 -0
  6. package/lib/commonjs/credential/issuance/02-evaluate-issuer-trust.js +26 -0
  7. package/lib/commonjs/credential/issuance/02-evaluate-issuer-trust.js.map +1 -0
  8. package/lib/commonjs/credential/issuance/03-start-user-authorization.js +119 -0
  9. package/lib/commonjs/credential/issuance/03-start-user-authorization.js.map +1 -0
  10. package/lib/commonjs/credential/issuance/04-complete-user-authorization.js +6 -0
  11. package/lib/commonjs/credential/issuance/04-complete-user-authorization.js.map +1 -0
  12. package/lib/commonjs/credential/issuance/05-authorize-access.js +63 -0
  13. package/lib/commonjs/credential/issuance/05-authorize-access.js.map +1 -0
  14. package/lib/commonjs/credential/issuance/06-obtain-credential.js +128 -0
  15. package/lib/commonjs/credential/issuance/06-obtain-credential.js.map +1 -0
  16. package/lib/commonjs/credential/issuance/07-confirm-credential.js +6 -0
  17. package/lib/commonjs/credential/issuance/07-confirm-credential.js.map +1 -0
  18. package/lib/commonjs/credential/issuance/const.js +9 -0
  19. package/lib/commonjs/credential/issuance/const.js.map +1 -0
  20. package/lib/commonjs/credential/issuance/index.js +34 -0
  21. package/lib/commonjs/credential/issuance/index.js.map +1 -0
  22. package/lib/commonjs/credential/presentation/01-start-flow.js +55 -0
  23. package/lib/commonjs/credential/presentation/01-start-flow.js.map +1 -0
  24. package/lib/commonjs/credential/presentation/02-evaluate-rp-trust.js +32 -0
  25. package/lib/commonjs/credential/presentation/02-evaluate-rp-trust.js.map +1 -0
  26. package/lib/commonjs/credential/presentation/03-get-request-object.js +68 -0
  27. package/lib/commonjs/credential/presentation/03-get-request-object.js.map +1 -0
  28. package/lib/commonjs/credential/presentation/04-send-authorization-response.js +139 -0
  29. package/lib/commonjs/credential/presentation/04-send-authorization-response.js.map +1 -0
  30. package/lib/commonjs/credential/presentation/index.js +34 -0
  31. package/lib/commonjs/credential/presentation/index.js.map +1 -0
  32. package/lib/commonjs/{rp → credential/presentation}/types.js +17 -34
  33. package/lib/commonjs/credential/presentation/types.js.map +1 -0
  34. package/lib/commonjs/index.js +10 -61
  35. package/lib/commonjs/index.js.map +1 -1
  36. package/lib/commonjs/pid/index.js +1 -3
  37. package/lib/commonjs/pid/index.js.map +1 -1
  38. package/lib/commonjs/sd-jwt/index.js +1 -1
  39. package/lib/commonjs/sd-jwt/index.js.map +1 -1
  40. package/lib/commonjs/sd-jwt/types.js +1 -1
  41. package/lib/commonjs/sd-jwt/types.js.map +1 -1
  42. package/lib/commonjs/trust/chain.js +32 -4
  43. package/lib/commonjs/trust/chain.js.map +1 -1
  44. package/lib/commonjs/trust/index.js +105 -20
  45. package/lib/commonjs/trust/index.js.map +1 -1
  46. package/lib/commonjs/trust/types.js +54 -35
  47. package/lib/commonjs/trust/types.js.map +1 -1
  48. package/lib/commonjs/utils/crypto.js +5 -18
  49. package/lib/commonjs/utils/crypto.js.map +1 -1
  50. package/lib/commonjs/utils/errors.js +35 -4
  51. package/lib/commonjs/utils/errors.js.map +1 -1
  52. package/lib/commonjs/utils/misc.js +23 -0
  53. package/lib/commonjs/utils/misc.js.map +1 -0
  54. package/lib/commonjs/utils/par.js +86 -0
  55. package/lib/commonjs/utils/par.js.map +1 -0
  56. package/lib/module/credential/index.js +4 -0
  57. package/lib/module/credential/index.js.map +1 -0
  58. package/lib/module/credential/issuance/01-start-flow.js +2 -0
  59. package/lib/module/credential/issuance/01-start-flow.js.map +1 -0
  60. package/lib/module/credential/issuance/02-evaluate-issuer-trust.js +19 -0
  61. package/lib/module/credential/issuance/02-evaluate-issuer-trust.js.map +1 -0
  62. package/lib/module/credential/issuance/03-start-user-authorization.js +109 -0
  63. package/lib/module/credential/issuance/03-start-user-authorization.js.map +1 -0
  64. package/lib/module/credential/issuance/04-complete-user-authorization.js +2 -0
  65. package/lib/module/credential/issuance/04-complete-user-authorization.js.map +1 -0
  66. package/lib/module/credential/issuance/05-authorize-access.js +55 -0
  67. package/lib/module/credential/issuance/05-authorize-access.js.map +1 -0
  68. package/lib/module/credential/issuance/06-obtain-credential.js +117 -0
  69. package/lib/module/credential/issuance/06-obtain-credential.js.map +1 -0
  70. package/lib/module/credential/issuance/07-confirm-credential.js +2 -0
  71. package/lib/module/credential/issuance/07-confirm-credential.js.map +1 -0
  72. package/lib/module/credential/issuance/const.js +2 -0
  73. package/lib/module/credential/issuance/const.js.map +1 -0
  74. package/lib/module/credential/issuance/index.js +6 -0
  75. package/lib/module/credential/issuance/index.js.map +1 -0
  76. package/lib/module/credential/presentation/01-start-flow.js +46 -0
  77. package/lib/module/credential/presentation/01-start-flow.js.map +1 -0
  78. package/lib/module/credential/presentation/02-evaluate-rp-trust.js +25 -0
  79. package/lib/module/credential/presentation/02-evaluate-rp-trust.js.map +1 -0
  80. package/lib/module/credential/presentation/03-get-request-object.js +60 -0
  81. package/lib/module/credential/presentation/03-get-request-object.js.map +1 -0
  82. package/lib/module/credential/presentation/04-send-authorization-response.js +128 -0
  83. package/lib/module/credential/presentation/04-send-authorization-response.js.map +1 -0
  84. package/lib/module/credential/presentation/index.js +6 -0
  85. package/lib/module/credential/presentation/index.js.map +1 -0
  86. package/lib/module/credential/presentation/types.js +21 -0
  87. package/lib/module/credential/presentation/types.js.map +1 -0
  88. package/lib/module/index.js +4 -5
  89. package/lib/module/index.js.map +1 -1
  90. package/lib/module/pid/index.js +1 -2
  91. package/lib/module/pid/index.js.map +1 -1
  92. package/lib/module/sd-jwt/index.js +1 -1
  93. package/lib/module/sd-jwt/index.js.map +1 -1
  94. package/lib/module/sd-jwt/types.js +1 -1
  95. package/lib/module/sd-jwt/types.js.map +1 -1
  96. package/lib/module/trust/chain.js +30 -3
  97. package/lib/module/trust/chain.js.map +1 -1
  98. package/lib/module/trust/index.js +99 -16
  99. package/lib/module/trust/index.js.map +1 -1
  100. package/lib/module/trust/types.js +50 -31
  101. package/lib/module/trust/types.js.map +1 -1
  102. package/lib/module/utils/crypto.js +2 -15
  103. package/lib/module/utils/crypto.js.map +1 -1
  104. package/lib/module/utils/errors.js +35 -4
  105. package/lib/module/utils/errors.js.map +1 -1
  106. package/lib/module/utils/misc.js +17 -0
  107. package/lib/module/utils/misc.js.map +1 -0
  108. package/lib/module/utils/par.js +74 -0
  109. package/lib/module/utils/par.js.map +1 -0
  110. package/lib/typescript/credential/index.d.ts +4 -0
  111. package/lib/typescript/credential/index.d.ts.map +1 -0
  112. package/lib/typescript/credential/issuance/01-start-flow.d.ts +11 -0
  113. package/lib/typescript/credential/issuance/01-start-flow.d.ts.map +1 -0
  114. package/lib/typescript/credential/issuance/02-evaluate-issuer-trust.d.ts +18 -0
  115. package/lib/typescript/credential/issuance/02-evaluate-issuer-trust.d.ts.map +1 -0
  116. package/lib/typescript/credential/issuance/03-start-user-authorization.d.ts +31 -0
  117. package/lib/typescript/credential/issuance/03-start-user-authorization.d.ts.map +1 -0
  118. package/lib/typescript/credential/issuance/04-complete-user-authorization.d.ts +16 -0
  119. package/lib/typescript/credential/issuance/04-complete-user-authorization.d.ts.map +1 -0
  120. package/lib/typescript/credential/issuance/05-authorize-access.d.ts +26 -0
  121. package/lib/typescript/credential/issuance/05-authorize-access.d.ts.map +1 -0
  122. package/lib/typescript/credential/issuance/06-obtain-credential.d.ts +32 -0
  123. package/lib/typescript/credential/issuance/06-obtain-credential.d.ts.map +1 -0
  124. package/lib/typescript/credential/issuance/07-confirm-credential.d.ts +11 -0
  125. package/lib/typescript/credential/issuance/07-confirm-credential.d.ts.map +1 -0
  126. package/lib/typescript/credential/issuance/const.d.ts +2 -0
  127. package/lib/typescript/credential/issuance/const.d.ts.map +1 -0
  128. package/lib/typescript/credential/issuance/index.d.ts +10 -0
  129. package/lib/typescript/credential/issuance/index.d.ts.map +1 -0
  130. package/lib/typescript/credential/presentation/01-start-flow.d.ts +20 -0
  131. package/lib/typescript/credential/presentation/01-start-flow.d.ts.map +1 -0
  132. package/lib/typescript/credential/presentation/02-evaluate-rp-trust.d.ts +18 -0
  133. package/lib/typescript/credential/presentation/02-evaluate-rp-trust.d.ts.map +1 -0
  134. package/lib/typescript/credential/presentation/03-get-request-object.d.ts +25 -0
  135. package/lib/typescript/credential/presentation/03-get-request-object.d.ts.map +1 -0
  136. package/lib/typescript/credential/presentation/04-send-authorization-response.d.ts +34 -0
  137. package/lib/typescript/credential/presentation/04-send-authorization-response.d.ts.map +1 -0
  138. package/lib/typescript/credential/presentation/index.d.ts +7 -0
  139. package/lib/typescript/credential/presentation/index.d.ts.map +1 -0
  140. package/lib/typescript/credential/presentation/types.d.ts +49 -0
  141. package/lib/typescript/credential/presentation/types.d.ts.map +1 -0
  142. package/lib/typescript/index.d.ts +4 -5
  143. package/lib/typescript/index.d.ts.map +1 -1
  144. package/lib/typescript/pid/index.d.ts +1 -2
  145. package/lib/typescript/pid/index.d.ts.map +1 -1
  146. package/lib/typescript/sd-jwt/index.d.ts +2 -2
  147. package/lib/typescript/sd-jwt/index.d.ts.map +1 -1
  148. package/lib/typescript/sd-jwt/types.d.ts +5 -5
  149. package/lib/typescript/trust/chain.d.ts +12 -3
  150. package/lib/typescript/trust/chain.d.ts.map +1 -1
  151. package/lib/typescript/trust/index.d.ts +198 -24
  152. package/lib/typescript/trust/index.d.ts.map +1 -1
  153. package/lib/typescript/trust/types.d.ts +1299 -623
  154. package/lib/typescript/trust/types.d.ts.map +1 -1
  155. package/lib/typescript/utils/crypto.d.ts +1 -1
  156. package/lib/typescript/utils/crypto.d.ts.map +1 -1
  157. package/lib/typescript/utils/dpop.d.ts +2 -2
  158. package/lib/typescript/utils/errors.d.ts.map +1 -1
  159. package/lib/typescript/utils/misc.d.ts +8 -0
  160. package/lib/typescript/utils/misc.d.ts.map +1 -0
  161. package/lib/typescript/utils/par.d.ts +68 -0
  162. package/lib/typescript/utils/par.d.ts.map +1 -0
  163. package/package.json +2 -2
  164. package/src/credential/index.ts +4 -0
  165. package/src/credential/issuance/01-start-flow.ts +10 -0
  166. package/src/credential/issuance/02-evaluate-issuer-trust.ts +31 -0
  167. package/src/credential/issuance/03-start-user-authorization.ts +138 -0
  168. package/src/credential/issuance/04-complete-user-authorization.ts +17 -0
  169. package/src/credential/issuance/05-authorize-access.ts +92 -0
  170. package/src/credential/issuance/06-obtain-credential.ts +179 -0
  171. package/src/credential/issuance/07-confirm-credential.ts +14 -0
  172. package/src/credential/issuance/const.ts +2 -0
  173. package/src/credential/issuance/index.ts +32 -0
  174. package/src/credential/presentation/01-start-flow.ts +51 -0
  175. package/src/credential/presentation/02-evaluate-rp-trust.ts +33 -0
  176. package/src/credential/presentation/03-get-request-object.ts +85 -0
  177. package/src/credential/presentation/04-send-authorization-response.ts +168 -0
  178. package/src/credential/presentation/index.ts +26 -0
  179. package/src/credential/presentation/types.ts +27 -0
  180. package/src/index.ts +7 -28
  181. package/src/pid/index.ts +1 -2
  182. package/src/sd-jwt/index.ts +2 -2
  183. package/src/sd-jwt/types.ts +1 -1
  184. package/src/trust/chain.ts +45 -3
  185. package/src/trust/index.ts +136 -19
  186. package/src/trust/types.ts +57 -35
  187. package/src/utils/crypto.ts +2 -20
  188. package/src/utils/errors.ts +40 -8
  189. package/src/utils/misc.ts +23 -0
  190. package/src/utils/par.ts +103 -0
  191. package/lib/commonjs/pid/issuing.js +0 -276
  192. package/lib/commonjs/pid/issuing.js.map +0 -1
  193. package/lib/commonjs/rp/__test__/index.test.js +0 -172
  194. package/lib/commonjs/rp/__test__/index.test.js.map +0 -1
  195. package/lib/commonjs/rp/index.js +0 -239
  196. package/lib/commonjs/rp/index.js.map +0 -1
  197. package/lib/commonjs/rp/types.js.map +0 -1
  198. package/lib/module/pid/issuing.js +0 -266
  199. package/lib/module/pid/issuing.js.map +0 -1
  200. package/lib/module/rp/__test__/index.test.js +0 -168
  201. package/lib/module/rp/__test__/index.test.js.map +0 -1
  202. package/lib/module/rp/index.js +0 -228
  203. package/lib/module/rp/index.js.map +0 -1
  204. package/lib/module/rp/types.js +0 -36
  205. package/lib/module/rp/types.js.map +0 -1
  206. package/lib/typescript/pid/issuing.d.ts +0 -57
  207. package/lib/typescript/pid/issuing.d.ts.map +0 -1
  208. package/lib/typescript/rp/__test__/index.test.d.ts +0 -2
  209. package/lib/typescript/rp/__test__/index.test.d.ts.map +0 -1
  210. package/lib/typescript/rp/index.d.ts +0 -43
  211. package/lib/typescript/rp/index.d.ts.map +0 -1
  212. package/lib/typescript/rp/types.d.ts +0 -122
  213. package/lib/typescript/rp/types.d.ts.map +0 -1
  214. package/src/pid/issuing.ts +0 -405
  215. package/src/rp/__test__/index.test.ts +0 -250
  216. package/src/rp/index.ts +0 -287
  217. package/src/rp/types.ts +0 -42
@@ -1,239 +0,0 @@
1
- "use strict";
2
-
3
- Object.defineProperty(exports, "__esModule", {
4
- value: true
5
- });
6
- exports.sendAuthorizationResponse = exports.getRequestObject = exports.decodeAuthRequestQR = void 0;
7
- var _errors = require("../utils/errors");
8
- var _ioReactNativeJwt = require("@pagopa/io-react-native-jwt");
9
- var _types = require("./types");
10
- var _reactNativeUuid = _interopRequireDefault(require("react-native-uuid"));
11
- var _sdJwt = require("../sd-jwt");
12
- var _dpop = require("../utils/dpop");
13
- var WalletInstanceAttestation = _interopRequireWildcard(require("../wallet-instance-attestation"));
14
- function _getRequireWildcardCache(nodeInterop) { if (typeof WeakMap !== "function") return null; var cacheBabelInterop = new WeakMap(); var cacheNodeInterop = new WeakMap(); return (_getRequireWildcardCache = function (nodeInterop) { return nodeInterop ? cacheNodeInterop : cacheBabelInterop; })(nodeInterop); }
15
- function _interopRequireWildcard(obj, nodeInterop) { if (!nodeInterop && obj && obj.__esModule) { return obj; } if (obj === null || typeof obj !== "object" && typeof obj !== "function") { return { default: obj }; } var cache = _getRequireWildcardCache(nodeInterop); if (cache && cache.has(obj)) { return cache.get(obj); } var newObj = {}; var hasPropertyDescriptor = Object.defineProperty && Object.getOwnPropertyDescriptor; for (var key in obj) { if (key !== "default" && Object.prototype.hasOwnProperty.call(obj, key)) { var desc = hasPropertyDescriptor ? Object.getOwnPropertyDescriptor(obj, key) : null; if (desc && (desc.get || desc.set)) { Object.defineProperty(newObj, key, desc); } else { newObj[key] = obj[key]; } } } newObj.default = obj; if (cache) { cache.set(obj, newObj); } return newObj; }
16
- function _interopRequireDefault(obj) { return obj && obj.__esModule ? obj : { default: obj }; }
17
- /**
18
- * Select a RSA public key from those provided by the RP to encrypt.
19
- *
20
- * @param entity The RP entity configuration
21
- * @returns A suitable public key with its compatible encryption algorithm
22
- * @throws {NoSuitableKeysFoundInEntityConfiguration} If entity do not contain any public key suitable for encrypting
23
- */
24
- const chooseRSAPublicKeyToEncrypt = entity => {
25
- const [usingRsa256] = entity.payload.metadata.wallet_relying_party.jwks.keys.filter(jwk => jwk.use === "enc" && jwk.kty === "RSA");
26
- if (usingRsa256) {
27
- return usingRsa256;
28
- }
29
-
30
- // No suitable key has been found
31
- throw new _errors.NoSuitableKeysFoundInEntityConfiguration("Encrypt with RP public key");
32
- };
33
-
34
- /**
35
- * Decode a QR code content to an authentication request url.
36
- * @function
37
- * @param qrcode QR code content
38
- *
39
- * @returns The authentication request url
40
- *
41
- */
42
- const decodeAuthRequestQR = qrcode => {
43
- const decoded = (0, _ioReactNativeJwt.decodeBase64)(qrcode);
44
- const decodedUrl = new URL(decoded);
45
- const protocol = decodedUrl.protocol;
46
- const resource = decodedUrl.hostname;
47
- const requestURI = decodedUrl.searchParams.get("request_uri");
48
- const clientId = decodedUrl.searchParams.get("client_id");
49
- const result = _types.QRCodePayload.safeParse({
50
- protocol,
51
- resource,
52
- requestURI,
53
- clientId
54
- });
55
- if (result.success) {
56
- return result.data;
57
- } else {
58
- throw new _errors.AuthRequestDecodeError(result.error.message, `${decodedUrl}`);
59
- }
60
- };
61
- exports.decodeAuthRequestQR = decodeAuthRequestQR;
62
- /**
63
- * Obtain the Request Object for RP authentication
64
- * @see https://italia.github.io/eudi-wallet-it-docs/versione-corrente/en/relying-party-solution.html
65
- */
66
- const getRequestObject = _ref => {
67
- let {
68
- wiaCryptoContext,
69
- appFetch = fetch
70
- } = _ref;
71
- return async (walletInstanceAttestation, requestUri, rpEntityConfiguration) => {
72
- const signedWalletInstanceDPoP = await (0, _dpop.createDPopToken)({
73
- jti: `${_reactNativeUuid.default.v4()}`,
74
- htm: "GET",
75
- htu: requestUri,
76
- ath: await (0, _ioReactNativeJwt.sha256ToBase64)(walletInstanceAttestation)
77
- }, wiaCryptoContext);
78
- const response = await appFetch(requestUri, {
79
- method: "GET",
80
- headers: {
81
- Authorization: `DPoP ${walletInstanceAttestation}`,
82
- DPoP: signedWalletInstanceDPoP
83
- }
84
- });
85
- if (response.status === 200) {
86
- const responseJson = await response.json();
87
- const responseEncodedJwt = responseJson.response;
88
- const responseJwt = (0, _ioReactNativeJwt.decode)(responseEncodedJwt);
89
-
90
- // verify token signature according to RP's entity configuration
91
- // to ensure the request object is authentic
92
- {
93
- const pubKey = rpEntityConfiguration.payload.metadata.wallet_relying_party.jwks.keys.find(_ref2 => {
94
- let {
95
- kid
96
- } = _ref2;
97
- return kid === responseJwt.protectedHeader.kid;
98
- });
99
- if (!pubKey) {
100
- throw new _errors.NoSuitableKeysFoundInEntityConfiguration("Request Object signature verification");
101
- }
102
- await (0, _ioReactNativeJwt.verify)(responseEncodedJwt, pubKey);
103
- }
104
-
105
- // parse request object it has the expected shape by specification
106
- const requestObject = _types.RequestObject.parse({
107
- header: responseJwt.protectedHeader,
108
- payload: responseJwt.payload
109
- });
110
- return {
111
- requestObject,
112
- rpEntityConfiguration,
113
- walletInstanceAttestation
114
- };
115
- }
116
- throw new _errors.IoWalletError(`Unable to obtain Request Object. Response code: ${response.status}
117
- ${await response.text()}`);
118
- };
119
- };
120
-
121
- /**
122
- * Prepare the Verified Presentation token for a received request object in the context of an authorization request flow.
123
- * The presentation is prepared by disclosing data from provided credentials, according to requested claims
124
- * Each Verified Credential come along with the claims the user accepts to disclose from it.
125
- *
126
- * @todo accept more than a Verified Credential
127
- */
128
- exports.getRequestObject = getRequestObject;
129
- const prepareVpToken = _ref3 => {
130
- let {
131
- pidCryptoContext
132
- } = _ref3;
133
- return async (_ref4, _ref5) => {
134
- let {
135
- requestObject,
136
- walletInstanceAttestation
137
- } = _ref4;
138
- let [vc, claims] = _ref5;
139
- // this throws if vc cannot satisfy all the requested claims
140
- const {
141
- token: vp,
142
- paths
143
- } = await (0, _sdJwt.disclose)(vc, claims);
144
-
145
- // obtain issuer from Wallet Instance
146
- const {
147
- payload: {
148
- iss
149
- }
150
- } = WalletInstanceAttestation.decode(walletInstanceAttestation);
151
- const pidKid = await pidCryptoContext.getPublicKey().then(_ => _.kid);
152
-
153
- // TODO: [SIW-359] check all requeste claims of the requestedObj are satisfied
154
- const vp_token = await new _ioReactNativeJwt.SignJWT(pidCryptoContext).setProtectedHeader({
155
- typ: "JWT",
156
- kid: pidKid
157
- }).setPayload({
158
- vp: vp,
159
- jti: `${_reactNativeUuid.default.v4()}`,
160
- iss,
161
- nonce: requestObject.payload.nonce
162
- }).setAudience(requestObject.payload.response_uri).setIssuedAt().setExpirationTime("1h").sign();
163
- const vc_scope = requestObject.payload.scope;
164
- const presentation_submission = {
165
- definition_id: `${_reactNativeUuid.default.v4()}`,
166
- id: `${_reactNativeUuid.default.v4()}`,
167
- descriptor_map: paths.map(p => ({
168
- id: vc_scope,
169
- path: `$.vp_token.${p.path}`,
170
- format: "vc+sd-jwt"
171
- }))
172
- };
173
- return {
174
- vp_token,
175
- presentation_submission
176
- };
177
- };
178
- };
179
-
180
- /**
181
- * Compose and send an Authorization Response in the context of an authorization request flow.
182
- *
183
- * @todo MUST add presentation_submission
184
- *
185
- */
186
- const sendAuthorizationResponse = _ref6 => {
187
- let {
188
- pidCryptoContext,
189
- appFetch = fetch
190
- } = _ref6;
191
- return async (_ref7, presentation) => {
192
- let {
193
- requestObject,
194
- rpEntityConfiguration,
195
- walletInstanceAttestation
196
- } = _ref7;
197
- // the request is an unsigned jws without iss, aud, exp
198
- // https://openid.net/specs/openid-4-verifiable-presentations-1_0.html#name-signed-and-encrypted-respon
199
- const jwk = chooseRSAPublicKeyToEncrypt(rpEntityConfiguration);
200
- const {
201
- vp_token,
202
- presentation_submission
203
- } = await prepareVpToken({
204
- pidCryptoContext
205
- })({
206
- requestObject,
207
- rpEntityConfiguration,
208
- walletInstanceAttestation
209
- }, presentation);
210
- const authzResponsePayload = JSON.stringify({
211
- state: requestObject.payload.state,
212
- presentation_submission,
213
- nonce: requestObject.payload.nonce,
214
- vp_token
215
- });
216
- const encrypted = await new _ioReactNativeJwt.EncryptJwe(authzResponsePayload, {
217
- alg: "RSA-OAEP-256",
218
- enc: "A256CBC-HS512",
219
- kid: jwk.kid
220
- }).encrypt(jwk);
221
- const formBody = new URLSearchParams({
222
- response: encrypted
223
- });
224
- const body = formBody.toString();
225
- const response = await appFetch(requestObject.payload.response_uri, {
226
- method: "POST",
227
- headers: {
228
- "Content-Type": "application/x-www-form-urlencoded"
229
- },
230
- body
231
- });
232
- if (response.status === 200) {
233
- return await response.json();
234
- }
235
- throw new _errors.IoWalletError(`Unable to send Authorization Response. Response: ${await response.text()} with code: ${response.status}`);
236
- };
237
- };
238
- exports.sendAuthorizationResponse = sendAuthorizationResponse;
239
- //# sourceMappingURL=index.js.map
@@ -1 +0,0 @@
1
- {"version":3,"names":["_errors","require","_ioReactNativeJwt","_types","_reactNativeUuid","_interopRequireDefault","_sdJwt","_dpop","WalletInstanceAttestation","_interopRequireWildcard","_getRequireWildcardCache","nodeInterop","WeakMap","cacheBabelInterop","cacheNodeInterop","obj","__esModule","default","cache","has","get","newObj","hasPropertyDescriptor","Object","defineProperty","getOwnPropertyDescriptor","key","prototype","hasOwnProperty","call","desc","set","chooseRSAPublicKeyToEncrypt","entity","usingRsa256","payload","metadata","wallet_relying_party","jwks","keys","filter","jwk","use","kty","NoSuitableKeysFoundInEntityConfiguration","decodeAuthRequestQR","qrcode","decoded","decodeBase64","decodedUrl","URL","protocol","resource","hostname","requestURI","searchParams","clientId","result","QRCodePayload","safeParse","success","data","AuthRequestDecodeError","error","message","exports","getRequestObject","_ref","wiaCryptoContext","appFetch","fetch","walletInstanceAttestation","requestUri","rpEntityConfiguration","signedWalletInstanceDPoP","createDPopToken","jti","uuid","v4","htm","htu","ath","sha256ToBase64","response","method","headers","Authorization","DPoP","status","responseJson","json","responseEncodedJwt","responseJwt","decodeJwt","pubKey","find","_ref2","kid","protectedHeader","verify","requestObject","RequestObject","parse","header","IoWalletError","text","prepareVpToken","_ref3","pidCryptoContext","_ref4","_ref5","vc","claims","token","vp","paths","disclose","iss","decode","pidKid","getPublicKey","then","_","vp_token","SignJWT","setProtectedHeader","typ","setPayload","nonce","setAudience","response_uri","setIssuedAt","setExpirationTime","sign","vc_scope","scope","presentation_submission","definition_id","id","descriptor_map","map","p","path","format","sendAuthorizationResponse","_ref6","_ref7","presentation","authzResponsePayload","JSON","stringify","state","encrypted","EncryptJwe","alg","enc","encrypt","formBody","URLSearchParams","body","toString"],"sourceRoot":"../../../src","sources":["rp/index.ts"],"mappings":";;;;;;AAAA,IAAAA,OAAA,GAAAC,OAAA;AAKA,IAAAC,iBAAA,GAAAD,OAAA;AASA,IAAAE,MAAA,GAAAF,OAAA;AAEA,IAAAG,gBAAA,GAAAC,sBAAA,CAAAJ,OAAA;AAEA,IAAAK,MAAA,GAAAL,OAAA;AACA,IAAAM,KAAA,GAAAN,OAAA;AAEA,IAAAO,yBAAA,GAAAC,uBAAA,CAAAR,OAAA;AAA4E,SAAAS,yBAAAC,WAAA,eAAAC,OAAA,kCAAAC,iBAAA,OAAAD,OAAA,QAAAE,gBAAA,OAAAF,OAAA,YAAAF,wBAAA,YAAAA,CAAAC,WAAA,WAAAA,WAAA,GAAAG,gBAAA,GAAAD,iBAAA,KAAAF,WAAA;AAAA,SAAAF,wBAAAM,GAAA,EAAAJ,WAAA,SAAAA,WAAA,IAAAI,GAAA,IAAAA,GAAA,CAAAC,UAAA,WAAAD,GAAA,QAAAA,GAAA,oBAAAA,GAAA,wBAAAA,GAAA,4BAAAE,OAAA,EAAAF,GAAA,UAAAG,KAAA,GAAAR,wBAAA,CAAAC,WAAA,OAAAO,KAAA,IAAAA,KAAA,CAAAC,GAAA,CAAAJ,GAAA,YAAAG,KAAA,CAAAE,GAAA,CAAAL,GAAA,SAAAM,MAAA,WAAAC,qBAAA,GAAAC,MAAA,CAAAC,cAAA,IAAAD,MAAA,CAAAE,wBAAA,WAAAC,GAAA,IAAAX,GAAA,QAAAW,GAAA,kBAAAH,MAAA,CAAAI,SAAA,CAAAC,cAAA,CAAAC,IAAA,CAAAd,GAAA,EAAAW,GAAA,SAAAI,IAAA,GAAAR,qBAAA,GAAAC,MAAA,CAAAE,wBAAA,CAAAV,GAAA,EAAAW,GAAA,cAAAI,IAAA,KAAAA,IAAA,CAAAV,GAAA,IAAAU,IAAA,CAAAC,GAAA,KAAAR,MAAA,CAAAC,cAAA,CAAAH,MAAA,EAAAK,GAAA,EAAAI,IAAA,YAAAT,MAAA,CAAAK,GAAA,IAAAX,GAAA,CAAAW,GAAA,SAAAL,MAAA,CAAAJ,OAAA,GAAAF,GAAA,MAAAG,KAAA,IAAAA,KAAA,CAAAa,GAAA,CAAAhB,GAAA,EAAAM,MAAA,YAAAA,MAAA;AAAA,SAAAhB,uBAAAU,GAAA,WAAAA,GAAA,IAAAA,GAAA,CAAAC,UAAA,GAAAD,GAAA,KAAAE,OAAA,EAAAF,GAAA;AAE5E;AACA;AACA;AACA;AACA;AACA;AACA;AACA,MAAMiB,2BAA2B,GAC/BC,MAAuC,IAC/B;EACR,MAAM,CAACC,WAAW,CAAC,GACjBD,MAAM,CAACE,OAAO,CAACC,QAAQ,CAACC,oBAAoB,CAACC,IAAI,CAACC,IAAI,CAACC,MAAM,CAC1DC,GAAG,IAAKA,GAAG,CAACC,GAAG,KAAK,KAAK,IAAID,GAAG,CAACE,GAAG,KAAK,KAC5C,CAAC;EAEH,IAAIT,WAAW,EAAE;IACf,OAAOA,WAAW;EACpB;;EAEA;EACA,MAAM,IAAIU,gDAAwC,CAChD,4BACF,CAAC;AACH,CAAC;;AAED;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACO,MAAMC,mBAAmB,GAAIC,MAAc,IAAoB;EACpE,MAAMC,OAAO,GAAG,IAAAC,8BAAY,EAACF,MAAM,CAAC;EACpC,MAAMG,UAAU,GAAG,IAAIC,GAAG,CAACH,OAAO,CAAC;EACnC,MAAMI,QAAQ,GAAGF,UAAU,CAACE,QAAQ;EACpC,MAAMC,QAAQ,GAAGH,UAAU,CAACI,QAAQ;EACpC,MAAMC,UAAU,GAAGL,UAAU,CAACM,YAAY,CAACnC,GAAG,CAAC,aAAa,CAAC;EAC7D,MAAMoC,QAAQ,GAAGP,UAAU,CAACM,YAAY,CAACnC,GAAG,CAAC,WAAW,CAAC;EAEzD,MAAMqC,MAAM,GAAGC,oBAAa,CAACC,SAAS,CAAC;IACrCR,QAAQ;IACRC,QAAQ;IACRE,UAAU;IACVE;EACF,CAAC,CAAC;EAEF,IAAIC,MAAM,CAACG,OAAO,EAAE;IAClB,OAAOH,MAAM,CAACI,IAAI;EACpB,CAAC,MAAM;IACL,MAAM,IAAIC,8BAAsB,CAACL,MAAM,CAACM,KAAK,CAACC,OAAO,EAAG,GAAEf,UAAW,EAAC,CAAC;EACzE;AACF,CAAC;AAACgB,OAAA,CAAApB,mBAAA,GAAAA,mBAAA;AAQF;AACA;AACA;AACA;AACO,MAAMqB,gBAAgB,GAC3BC,IAAA;EAAA,IAAC;IACCC,gBAAgB;IAChBC,QAAQ,GAAGC;EAIb,CAAC,GAAAH,IAAA;EAAA,OACD,OACEI,yBAAiC,EACjCC,UAAkB,EAClBC,qBAAsD,KACvB;IAC/B,MAAMC,wBAAwB,GAAG,MAAM,IAAAC,qBAAe,EACpD;MACEC,GAAG,EAAG,GAAEC,wBAAI,CAACC,EAAE,CAAC,CAAE,EAAC;MACnBC,GAAG,EAAE,KAAK;MACVC,GAAG,EAAER,UAAU;MACfS,GAAG,EAAE,MAAM,IAAAC,gCAAc,EAACX,yBAAyB;IACrD,CAAC,EACDH,gBACF,CAAC;IAED,MAAMe,QAAQ,GAAG,MAAMd,QAAQ,CAACG,UAAU,EAAE;MAC1CY,MAAM,EAAE,KAAK;MACbC,OAAO,EAAE;QACPC,aAAa,EAAG,QAAOf,yBAA0B,EAAC;QAClDgB,IAAI,EAAEb;MACR;IACF,CAAC,CAAC;IAEF,IAAIS,QAAQ,CAACK,MAAM,KAAK,GAAG,EAAE;MAC3B,MAAMC,YAAY,GAAG,MAAMN,QAAQ,CAACO,IAAI,CAAC,CAAC;MAC1C,MAAMC,kBAAkB,GAAGF,YAAY,CAACN,QAAQ;MAEhD,MAAMS,WAAW,GAAG,IAAAC,wBAAS,EAACF,kBAAkB,CAAC;;MAEjD;MACA;MACA;QACE,MAAMG,MAAM,GACVrB,qBAAqB,CAACtC,OAAO,CAACC,QAAQ,CAACC,oBAAoB,CAACC,IAAI,CAACC,IAAI,CAACwD,IAAI,CACxEC,KAAA;UAAA,IAAC;YAAEC;UAAI,CAAC,GAAAD,KAAA;UAAA,OAAKC,GAAG,KAAKL,WAAW,CAACM,eAAe,CAACD,GAAG;QAAA,CACtD,CAAC;QACH,IAAI,CAACH,MAAM,EAAE;UACX,MAAM,IAAIlD,gDAAwC,CAChD,uCACF,CAAC;QACH;QACA,MAAM,IAAAuD,wBAAM,EAACR,kBAAkB,EAAEG,MAAM,CAAC;MAC1C;;MAEA;MACA,MAAMM,aAAa,GAAGC,oBAAa,CAACC,KAAK,CAAC;QACxCC,MAAM,EAAEX,WAAW,CAACM,eAAe;QACnC/D,OAAO,EAAEyD,WAAW,CAACzD;MACvB,CAAC,CAAC;MAEF,OAAO;QACLiE,aAAa;QACb3B,qBAAqB;QACrBF;MACF,CAAC;IACH;IAEA,MAAM,IAAIiC,qBAAa,CACpB,mDAAkDrB,QAAQ,CAACK,MAAO;AACzE,QAAQ,MAAML,QAAQ,CAACsB,IAAI,CAAC,CAAE,EAC1B,CAAC;EACH,CAAC;AAAA;;AAEH;AACA;AACA;AACA;AACA;AACA;AACA;AANAxC,OAAA,CAAAC,gBAAA,GAAAA,gBAAA;AAOA,MAAMwC,cAAc,GAClBC,KAAA;EAAA,IAAC;IAAEC;EAAsD,CAAC,GAAAD,KAAA;EAAA,OAC1D,OAAAE,KAAA,EAAAC,KAAA,KAMM;IAAA,IALJ;MAAEV,aAAa;MAAE7B;IAA6C,CAAC,GAAAsC,KAAA;IAAA,IAC/D,CAACE,EAAE,EAAEC,MAAM,CAAe,GAAAF,KAAA;IAK1B;IACA,MAAM;MAAEG,KAAK,EAAEC,EAAE;MAAEC;IAAM,CAAC,GAAG,MAAM,IAAAC,eAAQ,EAACL,EAAE,EAAEC,MAAM,CAAC;;IAEvD;IACA,MAAM;MACJ7E,OAAO,EAAE;QAAEkF;MAAI;IACjB,CAAC,GAAG7G,yBAAyB,CAAC8G,MAAM,CAAC/C,yBAAyB,CAAC;IAE/D,MAAMgD,MAAM,GAAG,MAAMX,gBAAgB,CAACY,YAAY,CAAC,CAAC,CAACC,IAAI,CAAEC,CAAC,IAAKA,CAAC,CAACzB,GAAG,CAAC;;IAEvE;IACA,MAAM0B,QAAQ,GAAG,MAAM,IAAIC,yBAAO,CAAChB,gBAAgB,CAAC,CACjDiB,kBAAkB,CAAC;MAClBC,GAAG,EAAE,KAAK;MACV7B,GAAG,EAAEsB;IACP,CAAC,CAAC,CACDQ,UAAU,CAAC;MACVb,EAAE,EAAEA,EAAE;MACNtC,GAAG,EAAG,GAAEC,wBAAI,CAACC,EAAE,CAAC,CAAE,EAAC;MACnBuC,GAAG;MACHW,KAAK,EAAE5B,aAAa,CAACjE,OAAO,CAAC6F;IAC/B,CAAC,CAAC,CACDC,WAAW,CAAC7B,aAAa,CAACjE,OAAO,CAAC+F,YAAY,CAAC,CAC/CC,WAAW,CAAC,CAAC,CACbC,iBAAiB,CAAC,IAAI,CAAC,CACvBC,IAAI,CAAC,CAAC;IAET,MAAMC,QAAQ,GAAGlC,aAAa,CAACjE,OAAO,CAACoG,KAAK;IAC5C,MAAMC,uBAAuB,GAAG;MAC9BC,aAAa,EAAG,GAAE5D,wBAAI,CAACC,EAAE,CAAC,CAAE,EAAC;MAC7B4D,EAAE,EAAG,GAAE7D,wBAAI,CAACC,EAAE,CAAC,CAAE,EAAC;MAClB6D,cAAc,EAAExB,KAAK,CAACyB,GAAG,CAAEC,CAAC,KAAM;QAChCH,EAAE,EAAEJ,QAAQ;QACZQ,IAAI,EAAG,cAAaD,CAAC,CAACC,IAAK,EAAC;QAC5BC,MAAM,EAAE;MACV,CAAC,CAAC;IACJ,CAAC;IAED,OAAO;MAAEpB,QAAQ;MAAEa;IAAwB,CAAC;EAC9C,CAAC;AAAA;;AAEH;AACA;AACA;AACA;AACA;AACA;AACO,MAAMQ,yBAAyB,GACpCC,KAAA;EAAA,IAAC;IACCrC,gBAAgB;IAChBvC,QAAQ,GAAGC;EAIb,CAAC,GAAA2E,KAAA;EAAA,OACD,OAAAC,KAAA,EAMEC,YAA0B,KACN;IAAA,IANpB;MACE/C,aAAa;MACb3B,qBAAqB;MACrBF;IACiB,CAAC,GAAA2E,KAAA;IAGpB;IACA;IACA,MAAMzG,GAAG,GAAGT,2BAA2B,CAACyC,qBAAqB,CAAC;IAE9D,MAAM;MAAEkD,QAAQ;MAAEa;IAAwB,CAAC,GAAG,MAAM9B,cAAc,CAAC;MACjEE;IACF,CAAC,CAAC,CACA;MACER,aAAa;MACb3B,qBAAqB;MACrBF;IACF,CAAC,EACD4E,YACF,CAAC;IAED,MAAMC,oBAAoB,GAAGC,IAAI,CAACC,SAAS,CAAC;MAC1CC,KAAK,EAAEnD,aAAa,CAACjE,OAAO,CAACoH,KAAK;MAClCf,uBAAuB;MACvBR,KAAK,EAAE5B,aAAa,CAACjE,OAAO,CAAC6F,KAAK;MAClCL;IACF,CAAC,CAAC;IAEF,MAAM6B,SAAS,GAAG,MAAM,IAAIC,4BAAU,CAACL,oBAAoB,EAAE;MAC3DM,GAAG,EAAE,cAAc;MACnBC,GAAG,EAAE,eAAe;MACpB1D,GAAG,EAAExD,GAAG,CAACwD;IACX,CAAC,CAAC,CAAC2D,OAAO,CAACnH,GAAG,CAAC;IAEf,MAAMoH,QAAQ,GAAG,IAAIC,eAAe,CAAC;MAAE3E,QAAQ,EAAEqE;IAAU,CAAC,CAAC;IAC7D,MAAMO,IAAI,GAAGF,QAAQ,CAACG,QAAQ,CAAC,CAAC;IAEhC,MAAM7E,QAAQ,GAAG,MAAMd,QAAQ,CAAC+B,aAAa,CAACjE,OAAO,CAAC+F,YAAY,EAAE;MAClE9C,MAAM,EAAE,MAAM;MACdC,OAAO,EAAE;QACP,cAAc,EAAE;MAClB,CAAC;MACD0E;IACF,CAAC,CAAC;IAEF,IAAI5E,QAAQ,CAACK,MAAM,KAAK,GAAG,EAAE;MAC3B,OAAO,MAAML,QAAQ,CAACO,IAAI,CAAC,CAAC;IAC9B;IAEA,MAAM,IAAIc,qBAAa,CACpB,oDAAmD,MAAMrB,QAAQ,CAACsB,IAAI,CAAC,CAAE,eACxEtB,QAAQ,CAACK,MACV,EACH,CAAC;EACH,CAAC;AAAA;AAACvB,OAAA,CAAA+E,yBAAA,GAAAA,yBAAA"}
@@ -1 +0,0 @@
1
- {"version":3,"names":["_types","require","z","_interopRequireWildcard","_getRequireWildcardCache","nodeInterop","WeakMap","cacheBabelInterop","cacheNodeInterop","obj","__esModule","default","cache","has","get","newObj","hasPropertyDescriptor","Object","defineProperty","getOwnPropertyDescriptor","key","prototype","hasOwnProperty","call","desc","set","RequestObject","object","header","typ","literal","optional","alg","string","kid","trust_chain","array","payload","iss","iat","UnixTime","exp","state","nonce","response_uri","response_type","response_mode","client_id","client_id_scheme","scope","exports","QRCodePayload","protocol","resource","clientId","requestURI"],"sourceRoot":"../../../src","sources":["rp/types.ts"],"mappings":";;;;;;AAAA,IAAAA,MAAA,GAAAC,OAAA;AACA,IAAAC,CAAA,GAAAC,uBAAA,CAAAF,OAAA;AAAyB,SAAAG,yBAAAC,WAAA,eAAAC,OAAA,kCAAAC,iBAAA,OAAAD,OAAA,QAAAE,gBAAA,OAAAF,OAAA,YAAAF,wBAAA,YAAAA,CAAAC,WAAA,WAAAA,WAAA,GAAAG,gBAAA,GAAAD,iBAAA,KAAAF,WAAA;AAAA,SAAAF,wBAAAM,GAAA,EAAAJ,WAAA,SAAAA,WAAA,IAAAI,GAAA,IAAAA,GAAA,CAAAC,UAAA,WAAAD,GAAA,QAAAA,GAAA,oBAAAA,GAAA,wBAAAA,GAAA,4BAAAE,OAAA,EAAAF,GAAA,UAAAG,KAAA,GAAAR,wBAAA,CAAAC,WAAA,OAAAO,KAAA,IAAAA,KAAA,CAAAC,GAAA,CAAAJ,GAAA,YAAAG,KAAA,CAAAE,GAAA,CAAAL,GAAA,SAAAM,MAAA,WAAAC,qBAAA,GAAAC,MAAA,CAAAC,cAAA,IAAAD,MAAA,CAAAE,wBAAA,WAAAC,GAAA,IAAAX,GAAA,QAAAW,GAAA,kBAAAH,MAAA,CAAAI,SAAA,CAAAC,cAAA,CAAAC,IAAA,CAAAd,GAAA,EAAAW,GAAA,SAAAI,IAAA,GAAAR,qBAAA,GAAAC,MAAA,CAAAE,wBAAA,CAAAV,GAAA,EAAAW,GAAA,cAAAI,IAAA,KAAAA,IAAA,CAAAV,GAAA,IAAAU,IAAA,CAAAC,GAAA,KAAAR,MAAA,CAAAC,cAAA,CAAAH,MAAA,EAAAK,GAAA,EAAAI,IAAA,YAAAT,MAAA,CAAAK,GAAA,IAAAX,GAAA,CAAAW,GAAA,SAAAL,MAAA,CAAAJ,OAAA,GAAAF,GAAA,MAAAG,KAAA,IAAAA,KAAA,CAAAa,GAAA,CAAAhB,GAAA,EAAAM,MAAA,YAAAA,MAAA;AAGlB,MAAMW,aAAa,GAAGxB,CAAC,CAACyB,MAAM,CAAC;EACpCC,MAAM,EAAE1B,CAAC,CAACyB,MAAM,CAAC;IACf;IACAE,GAAG,EAAE3B,CAAC,CAAC4B,OAAO,CAAC,KAAK,CAAC,CAACC,QAAQ,CAAC,CAAC;IAChCC,GAAG,EAAE9B,CAAC,CAAC+B,MAAM,CAAC,CAAC;IACfC,GAAG,EAAEhC,CAAC,CAAC+B,MAAM,CAAC,CAAC;IACfE,WAAW,EAAEjC,CAAC,CAACkC,KAAK,CAAClC,CAAC,CAAC+B,MAAM,CAAC,CAAC;EACjC,CAAC,CAAC;EACFI,OAAO,EAAEnC,CAAC,CAACyB,MAAM,CAAC;IAChBW,GAAG,EAAEpC,CAAC,CAAC+B,MAAM,CAAC,CAAC;IACfM,GAAG,EAAEC,eAAQ;IACbC,GAAG,EAAED,eAAQ;IACbE,KAAK,EAAExC,CAAC,CAAC+B,MAAM,CAAC,CAAC;IACjBU,KAAK,EAAEzC,CAAC,CAAC+B,MAAM,CAAC,CAAC;IACjBW,YAAY,EAAE1C,CAAC,CAAC+B,MAAM,CAAC,CAAC;IACxBY,aAAa,EAAE3C,CAAC,CAAC4B,OAAO,CAAC,UAAU,CAAC;IACpCgB,aAAa,EAAE5C,CAAC,CAAC4B,OAAO,CAAC,iBAAiB,CAAC;IAC3CiB,SAAS,EAAE7C,CAAC,CAAC+B,MAAM,CAAC,CAAC;IACrBe,gBAAgB,EAAE9C,CAAC,CAAC4B,OAAO,CAAC,WAAW,CAAC;IACxCmB,KAAK,EAAE/C,CAAC,CAAC+B,MAAM,CAAC;EAClB,CAAC;AACH,CAAC,CAAC;AAACiB,OAAA,CAAAxB,aAAA,GAAAA,aAAA;AAGI,MAAMyB,aAAa,GAAGjD,CAAC,CAACyB,MAAM,CAAC;EACpCyB,QAAQ,EAAElD,CAAC,CAAC+B,MAAM,CAAC,CAAC;EACpBoB,QAAQ,EAAEnD,CAAC,CAAC+B,MAAM,CAAC,CAAC;EAAE;EACtBqB,QAAQ,EAAEpD,CAAC,CAAC+B,MAAM,CAAC,CAAC;EACpBsB,UAAU,EAAErD,CAAC,CAAC+B,MAAM,CAAC;AACvB,CAAC,CAAC;;AAEF;AACA;AACA;AAFAiB,OAAA,CAAAC,aAAA,GAAAA,aAAA"}
@@ -1,266 +0,0 @@
1
- import { sha256ToBase64, SignJWT, thumbprint } from "@pagopa/io-react-native-jwt";
2
- import { JWK } from "../utils/jwk";
3
- import uuid from "react-native-uuid";
4
- import { PidIssuingError } from "../utils/errors";
5
- import { createDPopToken } from "../utils/dpop";
6
- import * as WalletInstanceAttestation from "../wallet-instance-attestation";
7
- import { SdJwt } from ".";
8
- import { useEphemeralKey } from "../utils/crypto";
9
- import * as z from "zod";
10
- import { getJwtFromFormPost } from "../utils/decoder";
11
-
12
- // This is a temporary type that will be used for demo purposes only
13
-
14
- const AuthenticationRequestResponse = z.object({
15
- code: z.string(),
16
- state: z.string(),
17
- // TODO: refine to known paths using literals
18
- iss: z.string()
19
- });
20
- const assertionType = "urn:ietf:params:oauth:client-assertion-type:jwt-client-attestation";
21
-
22
- /**
23
- * Make a PAR request to the PID issuer and return the response url
24
- */
25
- const getPar = _ref => {
26
- let {
27
- wiaCryptoContext,
28
- appFetch = fetch
29
- } = _ref;
30
- return async (clientId, codeVerifier, walletProviderBaseUrl, pidProviderEntityConfiguration, walletInstanceAttestation) => {
31
- // Calculate the thumbprint of the public key of the Wallet Instance Attestation.
32
- // The PAR request token is signed used the Wallet Instance Attestation key.
33
- // The signature can be verified by reading the public key from the key set shippet with the it will ship the Wallet Instance Attestation;
34
- // key is matched by its kid, which is supposed to be the thumbprint of its public key.
35
- const keyThumbprint = await wiaCryptoContext.getPublicKey().then(JWK.parse).then(thumbprint);
36
- const iss = WalletInstanceAttestation.decode(walletInstanceAttestation).payload.cnf.jwk.kid;
37
- const codeChallenge = await sha256ToBase64(codeVerifier);
38
- const signedJwtForPar = await new SignJWT(wiaCryptoContext).setProtectedHeader({
39
- kid: keyThumbprint
40
- }).setPayload({
41
- iss,
42
- aud: pidProviderEntityConfiguration.payload.iss,
43
- jti: `${uuid.v4()}`,
44
- client_assertion_type: assertionType,
45
- authorization_details: [{
46
- credential_definition: {
47
- type: "PersonIdentificationData"
48
- },
49
- format: "vc+sd-jwt",
50
- type: "openid_credential"
51
- }],
52
- response_type: "code",
53
- code_challenge_method: "s256",
54
- redirect_uri: walletProviderBaseUrl,
55
- state: `${uuid.v4()}`,
56
- client_id: clientId,
57
- code_challenge: codeChallenge
58
- }).setIssuedAt().setExpirationTime("1h").sign();
59
- const parUrl = pidProviderEntityConfiguration.payload.metadata.openid_credential_issuer.pushed_authorization_request_endpoint;
60
- const requestBody = {
61
- response_type: "code",
62
- client_id: clientId,
63
- code_challenge: codeChallenge,
64
- code_challenge_method: "S256",
65
- client_assertion_type: assertionType,
66
- client_assertion: walletInstanceAttestation,
67
- request: signedJwtForPar
68
- };
69
- var formBody = new URLSearchParams(requestBody);
70
- const response = await appFetch(parUrl, {
71
- method: "POST",
72
- headers: {
73
- "Content-Type": "application/x-www-form-urlencoded"
74
- },
75
- body: formBody.toString()
76
- });
77
- if (response.status === 201) {
78
- const result = await response.json();
79
- return result.request_uri;
80
- }
81
- throw new PidIssuingError(`Unable to obtain PAR. Response code: ${await response.text()}`);
82
- };
83
- };
84
-
85
- /**
86
- * Make an authorization request
87
- */
88
- const getAuthenticationRequest = _ref2 => {
89
- let {
90
- appFetch = fetch
91
- } = _ref2;
92
- return async (clientId, requestUri, pidProviderEntityConfiguration, cieData) => {
93
- const authzRequestEndpoint = pidProviderEntityConfiguration.payload.metadata.openid_credential_issuer.authorization_endpoint;
94
-
95
- /* User's personal data is not supposed to transit in this flow,
96
- * but to be provided to the PID issuer directly by its chosen authentication method (CIE).
97
- * Being the project in an initial phase, and being we were still unable to fully comply with authentication,
98
- * we temporarily provide data from the App's logged user.
99
- * */
100
- const params = new URLSearchParams({
101
- client_id: clientId,
102
- request_uri: requestUri,
103
- name: cieData.name,
104
- surname: cieData.surname,
105
- birth_date: cieData.birthDate,
106
- fiscal_code: cieData.fiscalCode
107
- });
108
- const response = await appFetch(authzRequestEndpoint + "?" + params, {
109
- method: "GET"
110
- });
111
- if (response.status === 200) {
112
- const formData = await response.text();
113
- const {
114
- decodedJwt
115
- } = await getJwtFromFormPost(formData);
116
- const parsed = AuthenticationRequestResponse.parse(decodedJwt.payload);
117
- return parsed;
118
- }
119
- throw new PidIssuingError(`Unable to obtain Authorization Request. Response code: ${await response.text()}`);
120
- };
121
- };
122
-
123
- /**
124
- * Start the issuing flow by generating an authorization request to the PID Provider. Obtain from the PID Provider an access token to be used to complete the issuing flow.
125
- *
126
- * @param params.wiaCryptoContext The key pair associated with the WIA. Will be use to prove the ownership of the attestation.
127
- * @param params.appFetch (optional) Http client
128
- * @param walletInstanceAttestation Wallet Instance Attestation token.
129
- * @param walletProviderBaseUrl Base url for the Wallet Provider.
130
- * @param pidProviderEntityConfiguration The Entity Configuration of the PID Provider, from which discover public endooints.
131
- * @param cieData Data red from the CIE login process
132
- * @returns The access token along with the values that identify the issuing session.
133
- */
134
- export const authorizeIssuing = _ref3 => {
135
- let {
136
- wiaCryptoContext,
137
- appFetch = fetch
138
- } = _ref3;
139
- return async (walletInstanceAttestation, walletProviderBaseUrl, pidProviderEntityConfiguration, cieData) => {
140
- // FIXME: do better
141
- const clientId = await wiaCryptoContext.getPublicKey().then(_ => _.kid);
142
- const codeVerifier = `${uuid.v4()}`;
143
- const tokenUrl = pidProviderEntityConfiguration.payload.metadata.openid_credential_issuer.token_endpoint;
144
- const requestUri = await getPar({
145
- wiaCryptoContext,
146
- appFetch
147
- })(clientId, codeVerifier, walletProviderBaseUrl, pidProviderEntityConfiguration, walletInstanceAttestation);
148
- const authenticationRequest = await getAuthenticationRequest({})(clientId, requestUri, pidProviderEntityConfiguration, cieData);
149
- const authorizationCode = authenticationRequest.code;
150
- const signedDPop = await useEphemeralKey(ctx => createDPopToken({
151
- htm: "POST",
152
- htu: tokenUrl,
153
- jti: `${uuid.v4()}`
154
- }, ctx));
155
- const requestBody = {
156
- grant_type: "authorization code",
157
- client_id: clientId,
158
- code: authorizationCode,
159
- code_verifier: codeVerifier,
160
- client_assertion_type: assertionType,
161
- client_assertion: walletInstanceAttestation,
162
- redirect_uri: walletProviderBaseUrl
163
- };
164
- var formBody = new URLSearchParams(requestBody);
165
- const response = await appFetch(tokenUrl, {
166
- method: "POST",
167
- headers: {
168
- "Content-Type": "application/x-www-form-urlencoded",
169
- DPoP: signedDPop
170
- },
171
- body: formBody.toString()
172
- });
173
- if (response.status === 200) {
174
- const {
175
- c_nonce,
176
- access_token
177
- } = await response.json();
178
- return {
179
- accessToken: access_token,
180
- nonce: c_nonce,
181
- clientId,
182
- codeVerifier,
183
- authorizationCode,
184
- walletProviderBaseUrl
185
- };
186
- }
187
- throw new PidIssuingError(`Unable to obtain token. Response code: ${await response.text()}`);
188
- };
189
- };
190
-
191
- /**
192
- * Return the signed jwt for nonce proof of possession
193
- */
194
- const createNonceProof = async (nonce, issuer, audience, ctx) => {
195
- return new SignJWT(ctx).setPayload({
196
- nonce,
197
- jwk: await ctx.getPublicKey()
198
- }).setProtectedHeader({
199
- type: "openid4vci-proof+jwt"
200
- }).setAudience(audience).setIssuer(issuer).setIssuedAt().setExpirationTime("1h").sign();
201
- };
202
-
203
- /**
204
- * Complete the issuing flow and get the PID credential.
205
- *
206
- * @param params.pidCryptoContext The key pair associated with the PID. Will be use to prove the ownership of the credential.
207
- * @param params.appFetch (optional) Http client
208
- * @param authConf The authorization configuration retrieved with the access token
209
- * @returns The PID credential token
210
- */
211
- export const getCredential = _ref4 => {
212
- let {
213
- pidCryptoContext,
214
- appFetch = fetch
215
- } = _ref4;
216
- return async (_ref5, pidProviderEntityConfiguration) => {
217
- let {
218
- nonce,
219
- accessToken,
220
- clientId,
221
- walletProviderBaseUrl
222
- } = _ref5;
223
- const credentialUrl = pidProviderEntityConfiguration.payload.metadata.openid_credential_issuer.credential_endpoint;
224
- const signedDPopForPid = await createDPopToken({
225
- htm: "POST",
226
- htu: credentialUrl,
227
- jti: `${uuid.v4()}`
228
- }, pidCryptoContext);
229
- const signedNonceProof = await createNonceProof(nonce, clientId, walletProviderBaseUrl, pidCryptoContext);
230
- const requestBody = {
231
- credential_definition: JSON.stringify({
232
- type: ["PersonIdentificationData"]
233
- }),
234
- format: "vc+sd-jwt",
235
- proof: JSON.stringify({
236
- jwt: signedNonceProof,
237
- proof_type: "jwt"
238
- })
239
- };
240
- const formBody = new URLSearchParams(requestBody);
241
- const response = await appFetch(credentialUrl, {
242
- method: "POST",
243
- headers: {
244
- "Content-Type": "application/x-www-form-urlencoded",
245
- DPoP: signedDPopForPid,
246
- Authorization: accessToken
247
- },
248
- body: formBody.toString()
249
- });
250
- if (response.status === 200) {
251
- const pidResponse = await response.json();
252
- await validatePid(pidResponse.credential, pidCryptoContext);
253
- return pidResponse;
254
- }
255
- throw new PidIssuingError(`Unable to obtain credential! url=${credentialUrl} status=${response.status} body=${await response.text()}`);
256
- };
257
- };
258
- const validatePid = async (pidJwt, pidCryptoContext) => {
259
- const decoded = SdJwt.decode(pidJwt);
260
- const pidKey = await pidCryptoContext.getPublicKey();
261
- const holderBindedKey = decoded.sdJwt.payload.cnf.jwk;
262
- if ((await thumbprint(pidKey)) !== (await thumbprint(holderBindedKey))) {
263
- throw new PidIssuingError(`The obtained pid does not seem to be valid according to your configuration. Your PID public key is: ${JSON.stringify(pidKey)} but PID holder binded key is: ${JSON.stringify(holderBindedKey)}`);
264
- }
265
- };
266
- //# sourceMappingURL=issuing.js.map
@@ -1 +0,0 @@
1
- {"version":3,"names":["sha256ToBase64","SignJWT","thumbprint","JWK","uuid","PidIssuingError","createDPopToken","WalletInstanceAttestation","SdJwt","useEphemeralKey","z","getJwtFromFormPost","AuthenticationRequestResponse","object","code","string","state","iss","assertionType","getPar","_ref","wiaCryptoContext","appFetch","fetch","clientId","codeVerifier","walletProviderBaseUrl","pidProviderEntityConfiguration","walletInstanceAttestation","keyThumbprint","getPublicKey","then","parse","decode","payload","cnf","jwk","kid","codeChallenge","signedJwtForPar","setProtectedHeader","setPayload","aud","jti","v4","client_assertion_type","authorization_details","credential_definition","type","format","response_type","code_challenge_method","redirect_uri","client_id","code_challenge","setIssuedAt","setExpirationTime","sign","parUrl","metadata","openid_credential_issuer","pushed_authorization_request_endpoint","requestBody","client_assertion","request","formBody","URLSearchParams","response","method","headers","body","toString","status","result","json","request_uri","text","getAuthenticationRequest","_ref2","requestUri","cieData","authzRequestEndpoint","authorization_endpoint","params","name","surname","birth_date","birthDate","fiscal_code","fiscalCode","formData","decodedJwt","parsed","authorizeIssuing","_ref3","_","tokenUrl","token_endpoint","authenticationRequest","authorizationCode","signedDPop","ctx","htm","htu","grant_type","code_verifier","DPoP","c_nonce","access_token","accessToken","nonce","createNonceProof","issuer","audience","setAudience","setIssuer","getCredential","_ref4","pidCryptoContext","_ref5","credentialUrl","credential_endpoint","signedDPopForPid","signedNonceProof","JSON","stringify","proof","jwt","proof_type","Authorization","pidResponse","validatePid","credential","pidJwt","decoded","pidKey","holderBindedKey","sdJwt"],"sourceRoot":"../../../src","sources":["pid/issuing.ts"],"mappings":"AAAA,SACEA,cAAc,EAEdC,OAAO,EACPC,UAAU,QACL,6BAA6B;AAEpC,SAASC,GAAG,QAAQ,cAAc;AAClC,OAAOC,IAAI,MAAM,mBAAmB;AACpC,SAASC,eAAe,QAAQ,iBAAiB;AACjD,SAASC,eAAe,QAAQ,eAAe;AAE/C,OAAO,KAAKC,yBAAyB,MAAM,gCAAgC;AAC3E,SAASC,KAAK,QAAQ,GAAG;AACzB,SAASC,eAAe,QAAQ,iBAAiB;AAEjD,OAAO,KAAKC,CAAC,MAAM,KAAK;AACxB,SAASC,kBAAkB,QAAQ,kBAAkB;;AAErD;;AA2BA,MAAMC,6BAA6B,GAAGF,CAAC,CAACG,MAAM,CAAC;EAC7CC,IAAI,EAAEJ,CAAC,CAACK,MAAM,CAAC,CAAC;EAChBC,KAAK,EAAEN,CAAC,CAACK,MAAM,CAAC,CAAC;EAAE;EACnBE,GAAG,EAAEP,CAAC,CAACK,MAAM,CAAC;AAChB,CAAC,CAAC;AAEF,MAAMG,aAAa,GACjB,oEAAoE;;AAEtE;AACA;AACA;AACA,MAAMC,MAAM,GACVC,IAAA;EAAA,IAAC;IACCC,gBAAgB;IAChBC,QAAQ,GAAGC;EAIb,CAAC,GAAAH,IAAA;EAAA,OACD,OACEI,QAAgB,EAChBC,YAAoB,EACpBC,qBAA6B,EAC7BC,8BAAmE,EACnEC,yBAAiC,KACb;IACpB;IACA;IACA;IACA;IACA,MAAMC,aAAa,GAAG,MAAMR,gBAAgB,CACzCS,YAAY,CAAC,CAAC,CACdC,IAAI,CAAC5B,GAAG,CAAC6B,KAAK,CAAC,CACfD,IAAI,CAAC7B,UAAU,CAAC;IAEnB,MAAMe,GAAG,GAAGV,yBAAyB,CAAC0B,MAAM,CAACL,yBAAyB,CAAC,CACpEM,OAAO,CAACC,GAAG,CAACC,GAAG,CAACC,GAAG;IAEtB,MAAMC,aAAa,GAAG,MAAMtC,cAAc,CAACyB,YAAY,CAAC;IAExD,MAAMc,eAAe,GAAG,MAAM,IAAItC,OAAO,CAACoB,gBAAgB,CAAC,CACxDmB,kBAAkB,CAAC;MAClBH,GAAG,EAAER;IACP,CAAC,CAAC,CACDY,UAAU,CAAC;MACVxB,GAAG;MACHyB,GAAG,EAAEf,8BAA8B,CAACO,OAAO,CAACjB,GAAG;MAC/C0B,GAAG,EAAG,GAAEvC,IAAI,CAACwC,EAAE,CAAC,CAAE,EAAC;MACnBC,qBAAqB,EAAE3B,aAAa;MACpC4B,qBAAqB,EAAE,CACrB;QACEC,qBAAqB,EAAE;UACrBC,IAAI,EAAE;QACR,CAAC;QACDC,MAAM,EAAE,WAAW;QACnBD,IAAI,EAAE;MACR,CAAC,CACF;MACDE,aAAa,EAAE,MAAM;MACrBC,qBAAqB,EAAE,MAAM;MAC7BC,YAAY,EAAE1B,qBAAqB;MACnCV,KAAK,EAAG,GAAEZ,IAAI,CAACwC,EAAE,CAAC,CAAE,EAAC;MACrBS,SAAS,EAAE7B,QAAQ;MACnB8B,cAAc,EAAEhB;IAClB,CAAC,CAAC,CACDiB,WAAW,CAAC,CAAC,CACbC,iBAAiB,CAAC,IAAI,CAAC,CACvBC,IAAI,CAAC,CAAC;IAET,MAAMC,MAAM,GACV/B,8BAA8B,CAACO,OAAO,CAACyB,QAAQ,CAACC,wBAAwB,CACrEC,qCAAqC;IAE1C,MAAMC,WAAW,GAAG;MAClBZ,aAAa,EAAE,MAAM;MACrBG,SAAS,EAAE7B,QAAQ;MACnB8B,cAAc,EAAEhB,aAAa;MAC7Ba,qBAAqB,EAAE,MAAM;MAC7BN,qBAAqB,EAAE3B,aAAa;MACpC6C,gBAAgB,EAAEnC,yBAAyB;MAC3CoC,OAAO,EAAEzB;IACX,CAAC;IAED,IAAI0B,QAAQ,GAAG,IAAIC,eAAe,CAACJ,WAAW,CAAC;IAE/C,MAAMK,QAAQ,GAAG,MAAM7C,QAAQ,CAACoC,MAAM,EAAE;MACtCU,MAAM,EAAE,MAAM;MACdC,OAAO,EAAE;QACP,cAAc,EAAE;MAClB,CAAC;MACDC,IAAI,EAAEL,QAAQ,CAACM,QAAQ,CAAC;IAC1B,CAAC,CAAC;IAEF,IAAIJ,QAAQ,CAACK,MAAM,KAAK,GAAG,EAAE;MAC3B,MAAMC,MAAM,GAAG,MAAMN,QAAQ,CAACO,IAAI,CAAC,CAAC;MACpC,OAAOD,MAAM,CAACE,WAAW;IAC3B;IAEA,MAAM,IAAItE,eAAe,CACtB,wCAAuC,MAAM8D,QAAQ,CAACS,IAAI,CAAC,CAAE,EAChE,CAAC;EACH,CAAC;AAAA;;AAEH;AACA;AACA;AACA,MAAMC,wBAAwB,GAC5BC,KAAA;EAAA,IAAC;IAAExD,QAAQ,GAAGC;EAA2C,CAAC,GAAAuD,KAAA;EAAA,OAC1D,OACEtD,QAAgB,EAChBuD,UAAkB,EAClBpD,8BAAmE,EACnEqD,OAAgB,KAC2B;IAC3C,MAAMC,oBAAoB,GACxBtD,8BAA8B,CAACO,OAAO,CAACyB,QAAQ,CAACC,wBAAwB,CACrEsB,sBAAsB;;IAE3B;AACJ;AACA;AACA;AACA;IACI,MAAMC,MAAM,GAAG,IAAIjB,eAAe,CAAC;MACjCb,SAAS,EAAE7B,QAAQ;MACnBmD,WAAW,EAAEI,UAAU;MACvBK,IAAI,EAAEJ,OAAO,CAACI,IAAI;MAClBC,OAAO,EAAEL,OAAO,CAACK,OAAO;MACxBC,UAAU,EAAEN,OAAO,CAACO,SAAS;MAC7BC,WAAW,EAAER,OAAO,CAACS;IACvB,CAAC,CAAC;IAEF,MAAMtB,QAAQ,GAAG,MAAM7C,QAAQ,CAAC2D,oBAAoB,GAAG,GAAG,GAAGE,MAAM,EAAE;MACnEf,MAAM,EAAE;IACV,CAAC,CAAC;IAEF,IAAID,QAAQ,CAACK,MAAM,KAAK,GAAG,EAAE;MAC3B,MAAMkB,QAAQ,GAAG,MAAMvB,QAAQ,CAACS,IAAI,CAAC,CAAC;MACtC,MAAM;QAAEe;MAAW,CAAC,GAAG,MAAMhF,kBAAkB,CAAC+E,QAAQ,CAAC;MACzD,MAAME,MAAM,GAAGhF,6BAA6B,CAACoB,KAAK,CAAC2D,UAAU,CAACzD,OAAO,CAAC;MACtE,OAAO0D,MAAM;IACf;IAEA,MAAM,IAAIvF,eAAe,CACtB,0DAAyD,MAAM8D,QAAQ,CAACS,IAAI,CAAC,CAAE,EAClF,CAAC;EACH,CAAC;AAAA;;AAEH;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,OAAO,MAAMiB,gBAAgB,GAC3BC,KAAA;EAAA,IAAC;IACCzE,gBAAgB;IAChBC,QAAQ,GAAGC;EAIb,CAAC,GAAAuE,KAAA;EAAA,OACD,OACElE,yBAAiC,EACjCF,qBAA6B,EAC7BC,8BAAmE,EACnEqD,OAAgB,KACe;IAC/B;IACA,MAAMxD,QAAQ,GAAG,MAAMH,gBAAgB,CAACS,YAAY,CAAC,CAAC,CAACC,IAAI,CAAEgE,CAAC,IAAKA,CAAC,CAAC1D,GAAG,CAAC;IACzE,MAAMZ,YAAY,GAAI,GAAErB,IAAI,CAACwC,EAAE,CAAC,CAAE,EAAC;IAEnC,MAAMoD,QAAQ,GACZrE,8BAA8B,CAACO,OAAO,CAACyB,QAAQ,CAACC,wBAAwB,CACrEqC,cAAc;IAEnB,MAAMlB,UAAU,GAAG,MAAM5D,MAAM,CAAC;MAAEE,gBAAgB;MAAEC;IAAS,CAAC,CAAC,CAC7DE,QAAQ,EACRC,YAAY,EACZC,qBAAqB,EACrBC,8BAA8B,EAC9BC,yBACF,CAAC;IAED,MAAMsE,qBAAqB,GAAG,MAAMrB,wBAAwB,CAAC,CAAC,CAAC,CAAC,CAC9DrD,QAAQ,EACRuD,UAAU,EACVpD,8BAA8B,EAC9BqD,OACF,CAAC;IAED,MAAMmB,iBAAiB,GAAGD,qBAAqB,CAACpF,IAAI;IAEpD,MAAMsF,UAAU,GAAG,MAAM3F,eAAe,CAAE4F,GAAG,IAC3C/F,eAAe,CACb;MACEgG,GAAG,EAAE,MAAM;MACXC,GAAG,EAAEP,QAAQ;MACbrD,GAAG,EAAG,GAAEvC,IAAI,CAACwC,EAAE,CAAC,CAAE;IACpB,CAAC,EACDyD,GACF,CACF,CAAC;IAED,MAAMvC,WAAW,GAAG;MAClB0C,UAAU,EAAE,oBAAoB;MAChCnD,SAAS,EAAE7B,QAAQ;MACnBV,IAAI,EAAEqF,iBAAiB;MACvBM,aAAa,EAAEhF,YAAY;MAC3BoB,qBAAqB,EAAE3B,aAAa;MACpC6C,gBAAgB,EAAEnC,yBAAyB;MAC3CwB,YAAY,EAAE1B;IAChB,CAAC;IACD,IAAIuC,QAAQ,GAAG,IAAIC,eAAe,CAACJ,WAAW,CAAC;IAE/C,MAAMK,QAAQ,GAAG,MAAM7C,QAAQ,CAAC0E,QAAQ,EAAE;MACxC5B,MAAM,EAAE,MAAM;MACdC,OAAO,EAAE;QACP,cAAc,EAAE,mCAAmC;QACnDqC,IAAI,EAAEN;MACR,CAAC;MACD9B,IAAI,EAAEL,QAAQ,CAACM,QAAQ,CAAC;IAC1B,CAAC,CAAC;IAEF,IAAIJ,QAAQ,CAACK,MAAM,KAAK,GAAG,EAAE;MAC3B,MAAM;QAAEmC,OAAO;QAAEC;MAAa,CAAC,GAAG,MAAMzC,QAAQ,CAACO,IAAI,CAAC,CAAC;MACvD,OAAO;QACLmC,WAAW,EAAED,YAAY;QACzBE,KAAK,EAAEH,OAAO;QACdnF,QAAQ;QACRC,YAAY;QACZ0E,iBAAiB;QACjBzE;MACF,CAAC;IACH;IAEA,MAAM,IAAIrB,eAAe,CACtB,0CAAyC,MAAM8D,QAAQ,CAACS,IAAI,CAAC,CAAE,EAClE,CAAC;EACH,CAAC;AAAA;;AAEH;AACA;AACA;AACA,MAAMmC,gBAAgB,GAAG,MAAAA,CACvBD,KAAa,EACbE,MAAc,EACdC,QAAgB,EAChBZ,GAAkB,KACE;EACpB,OAAO,IAAIpG,OAAO,CAACoG,GAAG,CAAC,CACpB5D,UAAU,CAAC;IACVqE,KAAK;IACL1E,GAAG,EAAE,MAAMiE,GAAG,CAACvE,YAAY,CAAC;EAC9B,CAAC,CAAC,CACDU,kBAAkB,CAAC;IAClBQ,IAAI,EAAE;EACR,CAAC,CAAC,CACDkE,WAAW,CAACD,QAAQ,CAAC,CACrBE,SAAS,CAACH,MAAM,CAAC,CACjBzD,WAAW,CAAC,CAAC,CACbC,iBAAiB,CAAC,IAAI,CAAC,CACvBC,IAAI,CAAC,CAAC;AACX,CAAC;;AAED;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,OAAO,MAAM2D,aAAa,GACxBC,KAAA;EAAA,IAAC;IACCC,gBAAgB;IAChBhG,QAAQ,GAAGC;EAIb,CAAC,GAAA8F,KAAA;EAAA,OACD,OAAAE,KAAA,EAEE5F,8BAAmE,KAC1C;IAAA,IAFzB;MAAEmF,KAAK;MAAED,WAAW;MAAErF,QAAQ;MAAEE;IAAyC,CAAC,GAAA6F,KAAA;IAG1E,MAAMC,aAAa,GACjB7F,8BAA8B,CAACO,OAAO,CAACyB,QAAQ,CAACC,wBAAwB,CACrE6D,mBAAmB;IAExB,MAAMC,gBAAgB,GAAG,MAAMpH,eAAe,CAC5C;MACEgG,GAAG,EAAE,MAAM;MACXC,GAAG,EAAEiB,aAAa;MAClB7E,GAAG,EAAG,GAAEvC,IAAI,CAACwC,EAAE,CAAC,CAAE;IACpB,CAAC,EACD0E,gBACF,CAAC;IAED,MAAMK,gBAAgB,GAAG,MAAMZ,gBAAgB,CAC7CD,KAAK,EACLtF,QAAQ,EACRE,qBAAqB,EACrB4F,gBACF,CAAC;IAED,MAAMxD,WAAW,GAAG;MAClBf,qBAAqB,EAAE6E,IAAI,CAACC,SAAS,CAAC;QACpC7E,IAAI,EAAE,CAAC,0BAA0B;MACnC,CAAC,CAAC;MACFC,MAAM,EAAE,WAAW;MACnB6E,KAAK,EAAEF,IAAI,CAACC,SAAS,CAAC;QACpBE,GAAG,EAAEJ,gBAAgB;QACrBK,UAAU,EAAE;MACd,CAAC;IACH,CAAC;IACD,MAAM/D,QAAQ,GAAG,IAAIC,eAAe,CAACJ,WAAW,CAAC;IAEjD,MAAMK,QAAQ,GAAG,MAAM7C,QAAQ,CAACkG,aAAa,EAAE;MAC7CpD,MAAM,EAAE,MAAM;MACdC,OAAO,EAAE;QACP,cAAc,EAAE,mCAAmC;QACnDqC,IAAI,EAAEgB,gBAAgB;QACtBO,aAAa,EAAEpB;MACjB,CAAC;MACDvC,IAAI,EAAEL,QAAQ,CAACM,QAAQ,CAAC;IAC1B,CAAC,CAAC;IAEF,IAAIJ,QAAQ,CAACK,MAAM,KAAK,GAAG,EAAE;MAC3B,MAAM0D,WAAW,GAAI,MAAM/D,QAAQ,CAACO,IAAI,CAAC,CAAiB;MAC1D,MAAMyD,WAAW,CAACD,WAAW,CAACE,UAAU,EAAEd,gBAAgB,CAAC;MAC3D,OAAOY,WAAW;IACpB;IAEA,MAAM,IAAI7H,eAAe,CACtB,oCAAmCmH,aAAc,WAChDrD,QAAQ,CAACK,MACV,SAAQ,MAAML,QAAQ,CAACS,IAAI,CAAC,CAAE,EACjC,CAAC;EACH,CAAC;AAAA;AAEH,MAAMuD,WAAW,GAAG,MAAAA,CAAOE,MAAc,EAAEf,gBAA+B,KAAK;EAC7E,MAAMgB,OAAO,GAAG9H,KAAK,CAACyB,MAAM,CAACoG,MAAM,CAAC;EACpC,MAAME,MAAM,GAAG,MAAMjB,gBAAgB,CAACxF,YAAY,CAAC,CAAC;EACpD,MAAM0G,eAAe,GAAGF,OAAO,CAACG,KAAK,CAACvG,OAAO,CAACC,GAAG,CAACC,GAAG;EAErD,IAAI,CAAC,MAAMlC,UAAU,CAACqI,MAAM,CAAC,OAAO,MAAMrI,UAAU,CAACsI,eAAe,CAAC,CAAC,EAAE;IACtE,MAAM,IAAInI,eAAe,CACtB,uGAAsGuH,IAAI,CAACC,SAAS,CACnHU,MACF,CAAE,kCAAiCX,IAAI,CAACC,SAAS,CAACW,eAAe,CAAE,EACrE,CAAC;EACH;AACF,CAAC"}