@pagopa/io-react-native-wallet 0.9.2 → 0.10.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/lib/commonjs/credential/issuance/06-obtain-credential.js +2 -34
- package/lib/commonjs/credential/issuance/06-obtain-credential.js.map +1 -1
- package/lib/commonjs/credential/issuance/07-verify-and-parse-credential.js +169 -0
- package/lib/commonjs/credential/issuance/07-verify-and-parse-credential.js.map +1 -0
- package/lib/commonjs/credential/issuance/08-confirm-credential.js +6 -0
- package/lib/commonjs/credential/issuance/08-confirm-credential.js.map +1 -0
- package/lib/commonjs/credential/issuance/const.js +6 -1
- package/lib/commonjs/credential/issuance/const.js.map +1 -1
- package/lib/commonjs/credential/issuance/index.js +7 -0
- package/lib/commonjs/credential/issuance/index.js.map +1 -1
- package/lib/commonjs/index.js +3 -1
- package/lib/commonjs/index.js.map +1 -1
- package/lib/commonjs/sd-jwt/__test__/index.test.js +33 -1
- package/lib/commonjs/sd-jwt/__test__/index.test.js.map +1 -1
- package/lib/commonjs/sd-jwt/index.js +15 -6
- package/lib/commonjs/sd-jwt/index.js.map +1 -1
- package/lib/commonjs/sd-jwt/types.js +1 -1
- package/lib/commonjs/trust/types.js +5 -0
- package/lib/commonjs/trust/types.js.map +1 -1
- package/lib/commonjs/utils/misc.js +2 -2
- package/lib/commonjs/utils/misc.js.map +1 -1
- package/lib/module/credential/issuance/06-obtain-credential.js +3 -34
- package/lib/module/credential/issuance/06-obtain-credential.js.map +1 -1
- package/lib/module/credential/issuance/07-verify-and-parse-credential.js +163 -0
- package/lib/module/credential/issuance/07-verify-and-parse-credential.js.map +1 -0
- package/lib/module/credential/issuance/08-confirm-credential.js +2 -0
- package/lib/module/credential/issuance/08-confirm-credential.js.map +1 -0
- package/lib/module/credential/issuance/const.js +2 -0
- package/lib/module/credential/issuance/const.js.map +1 -1
- package/lib/module/credential/issuance/index.js +2 -1
- package/lib/module/credential/issuance/index.js.map +1 -1
- package/lib/module/index.js +2 -1
- package/lib/module/index.js.map +1 -1
- package/lib/module/sd-jwt/__test__/index.test.js +33 -1
- package/lib/module/sd-jwt/__test__/index.test.js.map +1 -1
- package/lib/module/sd-jwt/index.js +10 -6
- package/lib/module/sd-jwt/index.js.map +1 -1
- package/lib/module/sd-jwt/types.js +1 -1
- package/lib/module/trust/types.js +5 -0
- package/lib/module/trust/types.js.map +1 -1
- package/lib/module/utils/misc.js +2 -2
- package/lib/module/utils/misc.js.map +1 -1
- package/lib/typescript/credential/issuance/06-obtain-credential.d.ts +2 -1
- package/lib/typescript/credential/issuance/06-obtain-credential.d.ts.map +1 -1
- package/lib/typescript/credential/issuance/07-verify-and-parse-credential.d.ts +36 -0
- package/lib/typescript/credential/issuance/07-verify-and-parse-credential.d.ts.map +1 -0
- package/lib/typescript/credential/issuance/08-confirm-credential.d.ts +11 -0
- package/lib/typescript/credential/issuance/08-confirm-credential.d.ts.map +1 -0
- package/lib/typescript/credential/issuance/const.d.ts +3 -0
- package/lib/typescript/credential/issuance/const.d.ts.map +1 -1
- package/lib/typescript/credential/issuance/index.d.ts +4 -3
- package/lib/typescript/credential/issuance/index.d.ts.map +1 -1
- package/lib/typescript/index.d.ts +2 -1
- package/lib/typescript/index.d.ts.map +1 -1
- package/lib/typescript/sd-jwt/index.d.ts +222 -5
- package/lib/typescript/sd-jwt/index.d.ts.map +1 -1
- package/lib/typescript/sd-jwt/types.d.ts +1 -1
- package/lib/typescript/trust/index.d.ts +8 -0
- package/lib/typescript/trust/index.d.ts.map +1 -1
- package/lib/typescript/trust/types.d.ts +232 -0
- package/lib/typescript/trust/types.d.ts.map +1 -1
- package/lib/typescript/utils/misc.d.ts +1 -1
- package/lib/typescript/utils/misc.d.ts.map +1 -1
- package/package.json +1 -1
- package/src/credential/issuance/06-obtain-credential.ts +3 -51
- package/src/credential/issuance/07-verify-and-parse-credential.ts +229 -0
- package/src/credential/issuance/08-confirm-credential.ts +14 -0
- package/src/credential/issuance/const.ts +6 -0
- package/src/credential/issuance/index.ts +7 -1
- package/src/index.ts +2 -0
- package/src/sd-jwt/__test__/index.test.ts +32 -1
- package/src/sd-jwt/index.ts +14 -8
- package/src/sd-jwt/types.ts +1 -1
- package/src/trust/types.ts +4 -0
- package/src/utils/misc.ts +4 -2
|
@@ -7,11 +7,9 @@ exports.obtainCredential = exports.createNonceProof = void 0;
|
|
|
7
7
|
var z = _interopRequireWildcard(require("zod"));
|
|
8
8
|
var _reactNativeUuid = _interopRequireDefault(require("react-native-uuid"));
|
|
9
9
|
var _ioReactNativeJwt = require("@pagopa/io-react-native-jwt");
|
|
10
|
-
var _sdJwt = require("../../sd-jwt");
|
|
11
10
|
var _dpop = require("../../utils/dpop");
|
|
12
11
|
var _misc = require("../../utils/misc");
|
|
13
|
-
var
|
|
14
|
-
var _errors = require("../../utils/errors");
|
|
12
|
+
var _const = require("./const");
|
|
15
13
|
function _interopRequireDefault(obj) { return obj && obj.__esModule ? obj : { default: obj }; }
|
|
16
14
|
function _getRequireWildcardCache(nodeInterop) { if (typeof WeakMap !== "function") return null; var cacheBabelInterop = new WeakMap(); var cacheNodeInterop = new WeakMap(); return (_getRequireWildcardCache = function (nodeInterop) { return nodeInterop ? cacheNodeInterop : cacheBabelInterop; })(nodeInterop); }
|
|
17
15
|
function _interopRequireWildcard(obj, nodeInterop) { if (!nodeInterop && obj && obj.__esModule) { return obj; } if (obj === null || typeof obj !== "object" && typeof obj !== "function") { return { default: obj }; } var cache = _getRequireWildcardCache(nodeInterop); if (cache && cache.has(obj)) { return cache.get(obj); } var newObj = {}; var hasPropertyDescriptor = Object.defineProperty && Object.getOwnPropertyDescriptor; for (var key in obj) { if (key !== "default" && Object.prototype.hasOwnProperty.call(obj, key)) { var desc = hasPropertyDescriptor ? Object.getOwnPropertyDescriptor(obj, key) : null; if (desc && (desc.get || desc.set)) { Object.defineProperty(newObj, key, desc); } else { newObj[key] = obj[key]; } } } newObj.default = obj; if (cache) { cache.set(obj, newObj); } return newObj; }
|
|
@@ -26,36 +24,10 @@ const createNonceProof = async (nonce, issuer, audience, ctx) => {
|
|
|
26
24
|
type: "openid4vci-proof+jwt"
|
|
27
25
|
}).setAudience(audience).setIssuer(issuer).setIssuedAt().setExpirationTime("1h").sign();
|
|
28
26
|
};
|
|
29
|
-
|
|
30
|
-
/**
|
|
31
|
-
* Given a credential, verify it's in the supported format
|
|
32
|
-
* and the credential is correctly signed
|
|
33
|
-
* and it's bound to the given key
|
|
34
|
-
*
|
|
35
|
-
* @param rawCredential The received credential
|
|
36
|
-
* @param issuerKeys The set of public keys of the issuer,
|
|
37
|
-
* which will be used to verify the signature
|
|
38
|
-
* @param holderBindingContext The access to the holder's key
|
|
39
|
-
*
|
|
40
|
-
* @throws If the signature verification fails
|
|
41
|
-
* @throws If the credential is not in the SdJwt4VC format
|
|
42
|
-
* @throws If the holder binding is not properly configured
|
|
43
|
-
*
|
|
44
|
-
*/
|
|
45
27
|
exports.createNonceProof = createNonceProof;
|
|
46
|
-
async function verifyCredential(rawCredential, issuerKeys, holderBindingContext) {
|
|
47
|
-
const [{
|
|
48
|
-
sdJwt
|
|
49
|
-
}, holderBindingKey] =
|
|
50
|
-
// parallel for optimization
|
|
51
|
-
await Promise.all([(0, _sdJwt.verify)(rawCredential, issuerKeys, _types.SdJwt4VC), holderBindingContext.getPublicKey()]);
|
|
52
|
-
if (!sdJwt.payload.cnf.jwk.kid || sdJwt.payload.cnf.jwk.kid !== holderBindingKey.kid) {
|
|
53
|
-
throw new _errors.IoWalletError(`Failed to verify holder binding, expected kid: ${holderBindingKey.kid}, got: ${sdJwt.payload.cnf.jwk.kid}`);
|
|
54
|
-
}
|
|
55
|
-
}
|
|
56
28
|
const CredentialEndpointResponse = z.object({
|
|
57
29
|
credential: z.string(),
|
|
58
|
-
format:
|
|
30
|
+
format: _const.SupportedCredentialFormat
|
|
59
31
|
});
|
|
60
32
|
/**
|
|
61
33
|
* Fetch a credential from the issuer
|
|
@@ -115,10 +87,6 @@ const obtainCredential = async (issuerConf, accessToken, nonce, clientId, creden
|
|
|
115
87
|
},
|
|
116
88
|
body: formBody.toString()
|
|
117
89
|
}).then((0, _misc.hasStatus)(200)).then(res => res.json()).then(CredentialEndpointResponse.parse);
|
|
118
|
-
|
|
119
|
-
/** validate the received credential signature
|
|
120
|
-
is correct and refers to the public keys of the issuer */
|
|
121
|
-
await verifyCredential(credential, issuerConf.openid_credential_issuer.jwks.keys, credentialCryptoContext);
|
|
122
90
|
return {
|
|
123
91
|
credential,
|
|
124
92
|
format
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"names":["z","_interopRequireWildcard","require","_reactNativeUuid","_interopRequireDefault","_ioReactNativeJwt","
|
|
1
|
+
{"version":3,"names":["z","_interopRequireWildcard","require","_reactNativeUuid","_interopRequireDefault","_ioReactNativeJwt","_dpop","_misc","_const","obj","__esModule","default","_getRequireWildcardCache","nodeInterop","WeakMap","cacheBabelInterop","cacheNodeInterop","cache","has","get","newObj","hasPropertyDescriptor","Object","defineProperty","getOwnPropertyDescriptor","key","prototype","hasOwnProperty","call","desc","set","createNonceProof","nonce","issuer","audience","ctx","SignJWT","setPayload","jwk","getPublicKey","setProtectedHeader","type","setAudience","setIssuer","setIssuedAt","setExpirationTime","sign","exports","CredentialEndpointResponse","object","credential","string","format","SupportedCredentialFormat","obtainCredential","issuerConf","accessToken","clientId","credentialType","context","credentialCryptoContext","walletProviderBaseUrl","appFetch","fetch","credentialUrl","openid_credential_issuer","credential_endpoint","signedDPopForPid","createDPopToken","htm","htu","jti","uuid","v4","signedNonceProof","formBody","URLSearchParams","credential_definition","JSON","stringify","proof","jwt","proof_type","method","headers","DPoP","Authorization","body","toString","then","hasStatus","res","json","parse"],"sourceRoot":"../../../../src","sources":["credential/issuance/06-obtain-credential.ts"],"mappings":";;;;;;AAAA,IAAAA,CAAA,GAAAC,uBAAA,CAAAC,OAAA;AACA,IAAAC,gBAAA,GAAAC,sBAAA,CAAAF,OAAA;AACA,IAAAG,iBAAA,GAAAH,OAAA;AACA,IAAAI,KAAA,GAAAJ,OAAA;AAGA,IAAAK,KAAA,GAAAL,OAAA;AAGA,IAAAM,MAAA,GAAAN,OAAA;AAAoD,SAAAE,uBAAAK,GAAA,WAAAA,GAAA,IAAAA,GAAA,CAAAC,UAAA,GAAAD,GAAA,KAAAE,OAAA,EAAAF,GAAA;AAAA,SAAAG,yBAAAC,WAAA,eAAAC,OAAA,kCAAAC,iBAAA,OAAAD,OAAA,QAAAE,gBAAA,OAAAF,OAAA,YAAAF,wBAAA,YAAAA,CAAAC,WAAA,WAAAA,WAAA,GAAAG,gBAAA,GAAAD,iBAAA,KAAAF,WAAA;AAAA,SAAAZ,wBAAAQ,GAAA,EAAAI,WAAA,SAAAA,WAAA,IAAAJ,GAAA,IAAAA,GAAA,CAAAC,UAAA,WAAAD,GAAA,QAAAA,GAAA,oBAAAA,GAAA,wBAAAA,GAAA,4BAAAE,OAAA,EAAAF,GAAA,UAAAQ,KAAA,GAAAL,wBAAA,CAAAC,WAAA,OAAAI,KAAA,IAAAA,KAAA,CAAAC,GAAA,CAAAT,GAAA,YAAAQ,KAAA,CAAAE,GAAA,CAAAV,GAAA,SAAAW,MAAA,WAAAC,qBAAA,GAAAC,MAAA,CAAAC,cAAA,IAAAD,MAAA,CAAAE,wBAAA,WAAAC,GAAA,IAAAhB,GAAA,QAAAgB,GAAA,kBAAAH,MAAA,CAAAI,SAAA,CAAAC,cAAA,CAAAC,IAAA,CAAAnB,GAAA,EAAAgB,GAAA,SAAAI,IAAA,GAAAR,qBAAA,GAAAC,MAAA,CAAAE,wBAAA,CAAAf,GAAA,EAAAgB,GAAA,cAAAI,IAAA,KAAAA,IAAA,CAAAV,GAAA,IAAAU,IAAA,CAAAC,GAAA,KAAAR,MAAA,CAAAC,cAAA,CAAAH,MAAA,EAAAK,GAAA,EAAAI,IAAA,YAAAT,MAAA,CAAAK,GAAA,IAAAhB,GAAA,CAAAgB,GAAA,SAAAL,MAAA,CAAAT,OAAA,GAAAF,GAAA,MAAAQ,KAAA,IAAAA,KAAA,CAAAa,GAAA,CAAArB,GAAA,EAAAW,MAAA,YAAAA,MAAA;AAEpD;AACA;AACA;AACO,MAAMW,gBAAgB,GAAG,MAAAA,CAC9BC,KAAa,EACbC,MAAc,EACdC,QAAgB,EAChBC,GAAkB,KACE;EACpB,OAAO,IAAIC,yBAAO,CAACD,GAAG,CAAC,CACpBE,UAAU,CAAC;IACVL,KAAK;IACLM,GAAG,EAAE,MAAMH,GAAG,CAACI,YAAY,CAAC;EAC9B,CAAC,CAAC,CACDC,kBAAkB,CAAC;IAClBC,IAAI,EAAE;EACR,CAAC,CAAC,CACDC,WAAW,CAACR,QAAQ,CAAC,CACrBS,SAAS,CAACV,MAAM,CAAC,CACjBW,WAAW,CAAC,CAAC,CACbC,iBAAiB,CAAC,IAAI,CAAC,CACvBC,IAAI,CAAC,CAAC;AACX,CAAC;AAACC,OAAA,CAAAhB,gBAAA,GAAAA,gBAAA;AAEF,MAAMiB,0BAA0B,GAAGhD,CAAC,CAACiD,MAAM,CAAC;EAC1CC,UAAU,EAAElD,CAAC,CAACmD,MAAM,CAAC,CAAC;EACtBC,MAAM,EAAEC;AACV,CAAC,CAAC;AAeF;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACO,MAAMC,gBAAkC,GAAG,MAAAA,CAChDC,UAAU,EACVC,WAAW,EACXxB,KAAK,EACLyB,QAAQ,EACRC,cAAc,EACdC,OAAO,KACJ;EACH,MAAM;IACJC,uBAAuB;IACvBC,qBAAqB;IACrBC,QAAQ,GAAGC;EACb,CAAC,GAAGJ,OAAO;EAEX,MAAMK,aAAa,GAAGT,UAAU,CAACU,wBAAwB,CAACC,mBAAmB;;EAE7E;AACF;AACA;EACE,MAAMC,gBAAgB,GAAG,MAAM,IAAAC,qBAAe,EAC5C;IACEC,GAAG,EAAE,MAAM;IACXC,GAAG,EAAEN,aAAa;IAClBO,GAAG,EAAG,GAAEC,wBAAI,CAACC,EAAE,CAAC,CAAE;EACpB,CAAC,EACDb,uBACF,CAAC;;EAED;AACF;AACA;EACE,MAAMc,gBAAgB,GAAG,MAAM3C,gBAAgB,CAC7CC,KAAK,EACLyB,QAAQ,EACRI,qBAAqB,EACrBD,uBACF,CAAC;;EAED;EACA,MAAMe,QAAQ,GAAG,IAAIC,eAAe,CAAC;IACnCC,qBAAqB,EAAEC,IAAI,CAACC,SAAS,CAAC;MACpCtC,IAAI,EAAE,CAACiB,cAAc;IACvB,CAAC,CAAC;IACFN,MAAM,EAAE,WAAW;IACnB4B,KAAK,EAAEF,IAAI,CAACC,SAAS,CAAC;MACpBE,GAAG,EAAEP,gBAAgB;MACrBQ,UAAU,EAAE;IACd,CAAC;EACH,CAAC,CAAC;EAEF,MAAM;IAAEhC,UAAU;IAAEE;EAAO,CAAC,GAAG,MAAMU,QAAQ,CAACE,aAAa,EAAE;IAC3DmB,MAAM,EAAE,MAAM;IACdC,OAAO,EAAE;MACP,cAAc,EAAE,mCAAmC;MACnDC,IAAI,EAAElB,gBAAgB;MACtBmB,aAAa,EAAE9B;IACjB,CAAC;IACD+B,IAAI,EAAEZ,QAAQ,CAACa,QAAQ,CAAC;EAC1B,CAAC,CAAC,CACCC,IAAI,CAAC,IAAAC,eAAS,EAAC,GAAG,CAAC,CAAC,CACpBD,IAAI,CAAEE,GAAG,IAAKA,GAAG,CAACC,IAAI,CAAC,CAAC,CAAC,CACzBH,IAAI,CAACzC,0BAA0B,CAAC6C,KAAK,CAAC;EAEzC,OAAO;IAAE3C,UAAU;IAAEE;EAAO,CAAC;AAC/B,CAAC;AAACL,OAAA,CAAAO,gBAAA,GAAAA,gBAAA"}
|
|
@@ -0,0 +1,169 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
|
|
3
|
+
Object.defineProperty(exports, "__esModule", {
|
|
4
|
+
value: true
|
|
5
|
+
});
|
|
6
|
+
exports.verifyAndParseCredential = void 0;
|
|
7
|
+
var _errors = require("../../utils/errors");
|
|
8
|
+
var _types = require("../../sd-jwt/types");
|
|
9
|
+
var _sdJwt = require("../../sd-jwt");
|
|
10
|
+
// The credential as a collection of attributes in plain value
|
|
11
|
+
|
|
12
|
+
// handy alias
|
|
13
|
+
|
|
14
|
+
const parseCredentialSdJwt = function (credentials_supported, _ref) {
|
|
15
|
+
var _credentials_supporte;
|
|
16
|
+
let {
|
|
17
|
+
sdJwt,
|
|
18
|
+
disclosures
|
|
19
|
+
} = _ref;
|
|
20
|
+
let ignoreMissingAttributes = arguments.length > 2 && arguments[2] !== undefined ? arguments[2] : false;
|
|
21
|
+
// find the definition that matches the received credential's type
|
|
22
|
+
// warning: if more then a defintion is found, the first is retrieved
|
|
23
|
+
const credentialSubject = (_credentials_supporte = credentials_supported.find(c => c.credential_definition.type.includes(sdJwt.payload.type))) === null || _credentials_supporte === void 0 ? void 0 : _credentials_supporte.credential_definition.credentialSubject;
|
|
24
|
+
|
|
25
|
+
// the received credential matches no supported credential, throw an exception
|
|
26
|
+
if (!credentialSubject) {
|
|
27
|
+
const expected = credentials_supported.flatMap(_ => _.credential_definition.type).join(", ");
|
|
28
|
+
throw new _errors.IoWalletError(`Received credential is of an unknwown type. Expected one of [${expected}], received '${sdJwt.payload.type}', `);
|
|
29
|
+
}
|
|
30
|
+
|
|
31
|
+
// transfrom a record { key: value } in an iterable of pairs [key, value]
|
|
32
|
+
const attrDefinitions = Object.entries(credentialSubject);
|
|
33
|
+
|
|
34
|
+
// every mandatory attribute must be present in the credential's disclosures
|
|
35
|
+
// the key of the attribute defintion must match the disclosure's name
|
|
36
|
+
const attrsNotInDisclosures = attrDefinitions.filter(_ref2 => {
|
|
37
|
+
let [attrKey, {
|
|
38
|
+
mandatory
|
|
39
|
+
}] = _ref2;
|
|
40
|
+
return mandatory && !disclosures.some(_ref3 => {
|
|
41
|
+
let [, name] = _ref3;
|
|
42
|
+
return name === attrKey;
|
|
43
|
+
});
|
|
44
|
+
});
|
|
45
|
+
if (attrsNotInDisclosures.length > 0) {
|
|
46
|
+
const missing = attrsNotInDisclosures.map(_ => _[0 /* key */]).join(", ");
|
|
47
|
+
const received = disclosures.map(_ => _[1 /* name */]).join(", ");
|
|
48
|
+
// the rationale of this condition is that we may want to be permissive
|
|
49
|
+
// on incomplete credentials in the test phase of the project.
|
|
50
|
+
// we might want to be strict once in production, hence remove this condition
|
|
51
|
+
if (!ignoreMissingAttributes) {
|
|
52
|
+
throw new _errors.IoWalletError(`Some attributes are missing in the credential. Missing: [${missing}], received: [${received}]`);
|
|
53
|
+
}
|
|
54
|
+
}
|
|
55
|
+
|
|
56
|
+
// attributes that are defined in the issuer configuration
|
|
57
|
+
// and are present in the disclosure set
|
|
58
|
+
const definedValues = attrDefinitions
|
|
59
|
+
// retrieve the value from the disclosure set
|
|
60
|
+
.map(_ref4 => {
|
|
61
|
+
var _disclosures$find;
|
|
62
|
+
let [attrKey, definition] = _ref4;
|
|
63
|
+
return [attrKey, {
|
|
64
|
+
...definition,
|
|
65
|
+
value: (_disclosures$find = disclosures.find(_ => _[1 /* name */] === attrKey)) === null || _disclosures$find === void 0 ? void 0 : _disclosures$find[2 /* value */]
|
|
66
|
+
}];
|
|
67
|
+
})
|
|
68
|
+
// add a human readable attribute name, with i18n, in the form { locale: name }
|
|
69
|
+
// example: { "it-IT": "Nome", "en-EN": "Name", "es-ES": "Nombre" }
|
|
70
|
+
.map(_ref5 => {
|
|
71
|
+
let [attrKey, {
|
|
72
|
+
display,
|
|
73
|
+
...definition
|
|
74
|
+
}] = _ref5;
|
|
75
|
+
return [attrKey, {
|
|
76
|
+
...definition,
|
|
77
|
+
name: display.reduce((names, _ref6) => {
|
|
78
|
+
let {
|
|
79
|
+
locale,
|
|
80
|
+
name
|
|
81
|
+
} = _ref6;
|
|
82
|
+
return {
|
|
83
|
+
...names,
|
|
84
|
+
[locale]: name
|
|
85
|
+
};
|
|
86
|
+
}, {})
|
|
87
|
+
}];
|
|
88
|
+
});
|
|
89
|
+
|
|
90
|
+
// attributes that are in the disclosure set
|
|
91
|
+
// but are not defined in the issuer configuration
|
|
92
|
+
const undefinedValues = disclosures.filter(_ => !Object.keys(definedValues).includes(_[1])).map(_ref7 => {
|
|
93
|
+
let [, key, value] = _ref7;
|
|
94
|
+
return [key, {
|
|
95
|
+
value,
|
|
96
|
+
mandatory: false,
|
|
97
|
+
name: key
|
|
98
|
+
}];
|
|
99
|
+
});
|
|
100
|
+
return {
|
|
101
|
+
...Object.fromEntries(definedValues),
|
|
102
|
+
...Object.fromEntries(undefinedValues)
|
|
103
|
+
};
|
|
104
|
+
};
|
|
105
|
+
|
|
106
|
+
/**
|
|
107
|
+
* Given a credential, verify it's in the supported format
|
|
108
|
+
* and the credential is correctly signed
|
|
109
|
+
* and it's bound to the given key
|
|
110
|
+
*
|
|
111
|
+
* @param rawCredential The received credential
|
|
112
|
+
* @param issuerKeys The set of public keys of the issuer,
|
|
113
|
+
* which will be used to verify the signature
|
|
114
|
+
* @param holderBindingContext The access to the holder's key
|
|
115
|
+
*
|
|
116
|
+
* @throws If the signature verification fails
|
|
117
|
+
* @throws If the credential is not in the SdJwt4VC format
|
|
118
|
+
* @throws If the holder binding is not properly configured
|
|
119
|
+
*
|
|
120
|
+
*/
|
|
121
|
+
async function verifyCredentialSdJwt(rawCredential, issuerKeys, holderBindingContext) {
|
|
122
|
+
const [decodedCredential, holderBindingKey] =
|
|
123
|
+
// parallel for optimization
|
|
124
|
+
await Promise.all([(0, _sdJwt.verify)(rawCredential, issuerKeys, _types.SdJwt4VC), holderBindingContext.getPublicKey()]);
|
|
125
|
+
const {
|
|
126
|
+
cnf
|
|
127
|
+
} = decodedCredential.sdJwt.payload;
|
|
128
|
+
if (!cnf.jwk.kid || cnf.jwk.kid !== holderBindingKey.kid) {
|
|
129
|
+
throw new _errors.IoWalletError(`Failed to verify holder binding, expected kid: ${holderBindingKey.kid}, got: ${decodedCredential.sdJwt.payload.cnf.jwk.kid}`);
|
|
130
|
+
}
|
|
131
|
+
return decodedCredential;
|
|
132
|
+
}
|
|
133
|
+
|
|
134
|
+
// utility type that specialize VerifyAndParseCredential for given format
|
|
135
|
+
|
|
136
|
+
const verifyAndParseCredentialSdJwt = async (issuerConf, credential, _, _ref8) => {
|
|
137
|
+
let {
|
|
138
|
+
credentialCryptoContext,
|
|
139
|
+
ignoreMissingAttributes
|
|
140
|
+
} = _ref8;
|
|
141
|
+
const decoded = await verifyCredentialSdJwt(credential, issuerConf.openid_credential_issuer.jwks.keys, credentialCryptoContext);
|
|
142
|
+
const parsedCredential = parseCredentialSdJwt(issuerConf.openid_credential_issuer.credentials_supported, decoded, ignoreMissingAttributes);
|
|
143
|
+
return {
|
|
144
|
+
parsedCredential
|
|
145
|
+
};
|
|
146
|
+
};
|
|
147
|
+
|
|
148
|
+
/**
|
|
149
|
+
* Verify and parse an encoded credential
|
|
150
|
+
*
|
|
151
|
+
* @param issuerConf The Issuer configuration
|
|
152
|
+
* @param credential The encoded credential
|
|
153
|
+
* @param format The format of the credentual
|
|
154
|
+
* @param context.credentialCryptoContext The context to access the key the Credential will be bound to
|
|
155
|
+
* @param context.ignoreMissingAttributes (optional) Whether to fail if a defined attribute is note present in the credentual. Default: false
|
|
156
|
+
* @returns A parsed credential with attributes in plain value
|
|
157
|
+
* @throws If the credential signature is not verified with the Issuer key set
|
|
158
|
+
* @throws If the credential is not bound to the provided user key
|
|
159
|
+
* @throws If the credential data fail to parse
|
|
160
|
+
*/
|
|
161
|
+
const verifyAndParseCredential = async (issuerConf, credential, format, context) => {
|
|
162
|
+
if (format === "vc+sd-jwt") {
|
|
163
|
+
return verifyAndParseCredentialSdJwt(issuerConf, credential, format, context);
|
|
164
|
+
}
|
|
165
|
+
const _ = format;
|
|
166
|
+
throw new _errors.IoWalletError(`Unsupported credential format: ${_}`);
|
|
167
|
+
};
|
|
168
|
+
exports.verifyAndParseCredential = verifyAndParseCredential;
|
|
169
|
+
//# sourceMappingURL=07-verify-and-parse-credential.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"names":["_errors","require","_types","_sdJwt","parseCredentialSdJwt","credentials_supported","_ref","_credentials_supporte","sdJwt","disclosures","ignoreMissingAttributes","arguments","length","undefined","credentialSubject","find","c","credential_definition","type","includes","payload","expected","flatMap","_","join","IoWalletError","attrDefinitions","Object","entries","attrsNotInDisclosures","filter","_ref2","attrKey","mandatory","some","_ref3","name","missing","map","received","definedValues","_ref4","_disclosures$find","definition","value","_ref5","display","reduce","names","_ref6","locale","undefinedValues","keys","_ref7","key","fromEntries","verifyCredentialSdJwt","rawCredential","issuerKeys","holderBindingContext","decodedCredential","holderBindingKey","Promise","all","verifySdJwt","SdJwt4VC","getPublicKey","cnf","jwk","kid","verifyAndParseCredentialSdJwt","issuerConf","credential","_ref8","credentialCryptoContext","decoded","openid_credential_issuer","jwks","parsedCredential","verifyAndParseCredential","format","context","exports"],"sourceRoot":"../../../../src","sources":["credential/issuance/07-verify-and-parse-credential.ts"],"mappings":";;;;;;AAGA,IAAAA,OAAA,GAAAC,OAAA;AACA,IAAAC,MAAA,GAAAD,OAAA;AACA,IAAAE,MAAA,GAAAF,OAAA;AAcA;;AAmBA;;AAKA,MAAMG,oBAAoB,GAAG,SAAAA,CAE3BC,qBAAkH,EAAAC,IAAA,EAG7F;EAAA,IAAAC,qBAAA;EAAA,IAFrB;IAAEC,KAAK;IAAEC;EAAoC,CAAC,GAAAH,IAAA;EAAA,IAC9CI,uBAAgC,GAAAC,SAAA,CAAAC,MAAA,QAAAD,SAAA,QAAAE,SAAA,GAAAF,SAAA,MAAG,KAAK;EAExC;EACA;EACA,MAAMG,iBAAiB,IAAAP,qBAAA,GAAGF,qBAAqB,CAACU,IAAI,CAAEC,CAAC,IACrDA,CAAC,CAACC,qBAAqB,CAACC,IAAI,CAACC,QAAQ,CAACX,KAAK,CAACY,OAAO,CAACF,IAAI,CAC1D,CAAC,cAAAX,qBAAA,uBAFyBA,qBAAA,CAEvBU,qBAAqB,CAACH,iBAAiB;;EAE1C;EACA,IAAI,CAACA,iBAAiB,EAAE;IACtB,MAAMO,QAAQ,GAAGhB,qBAAqB,CACnCiB,OAAO,CAAEC,CAAC,IAAKA,CAAC,CAACN,qBAAqB,CAACC,IAAI,CAAC,CAC5CM,IAAI,CAAC,IAAI,CAAC;IACb,MAAM,IAAIC,qBAAa,CACpB,gEAA+DJ,QAAS,gBAAeb,KAAK,CAACY,OAAO,CAACF,IAAK,KAC7G,CAAC;EACH;;EAEA;EACA,MAAMQ,eAAe,GAAGC,MAAM,CAACC,OAAO,CAACd,iBAAiB,CAAC;;EAEzD;EACA;EACA,MAAMe,qBAAqB,GAAGH,eAAe,CAACI,MAAM,CAClDC,KAAA;IAAA,IAAC,CAACC,OAAO,EAAE;MAAEC;IAAU,CAAC,CAAC,GAAAF,KAAA;IAAA,OACvBE,SAAS,IAAI,CAACxB,WAAW,CAACyB,IAAI,CAACC,KAAA;MAAA,IAAC,GAAGC,IAAI,CAAC,GAAAD,KAAA;MAAA,OAAKC,IAAI,KAAKJ,OAAO;IAAA,EAAC;EAAA,CAClE,CAAC;EACD,IAAIH,qBAAqB,CAACjB,MAAM,GAAG,CAAC,EAAE;IACpC,MAAMyB,OAAO,GAAGR,qBAAqB,CAACS,GAAG,CAAEf,CAAC,IAAKA,CAAC,CAAC,CAAC,CAAC,UAAU,CAAC,CAACC,IAAI,CAAC,IAAI,CAAC;IAC3E,MAAMe,QAAQ,GAAG9B,WAAW,CAAC6B,GAAG,CAAEf,CAAC,IAAKA,CAAC,CAAC,CAAC,CAAC,WAAW,CAAC,CAACC,IAAI,CAAC,IAAI,CAAC;IACnE;IACA;IACA;IACA,IAAI,CAACd,uBAAuB,EAAE;MAC5B,MAAM,IAAIe,qBAAa,CACpB,4DAA2DY,OAAQ,iBAAgBE,QAAS,GAC/F,CAAC;IACH;EACF;;EAEA;EACA;EACA,MAAMC,aAAa,GAAGd;EACpB;EAAA,CACCY,GAAG,CACFG,KAAA;IAAA,IAAAC,iBAAA;IAAA,IAAC,CAACV,OAAO,EAAEW,UAAU,CAAC,GAAAF,KAAA;IAAA,OACpB,CACET,OAAO,EACP;MACE,GAAGW,UAAU;MACbC,KAAK,GAAAF,iBAAA,GAAEjC,WAAW,CAACM,IAAI,CACpBQ,CAAC,IAAKA,CAAC,CAAC,CAAC,CAAC,WAAW,KAAKS,OAC7B,CAAC,cAAAU,iBAAA,uBAFMA,iBAAA,CAEH,CAAC,CAAC;IACR,CAAC,CACF;EAAA,CACL;EACA;EACA;EAAA,CACCJ,GAAG,CACFO,KAAA;IAAA,IAAC,CAACb,OAAO,EAAE;MAAEc,OAAO;MAAE,GAAGH;IAAW,CAAC,CAAC,GAAAE,KAAA;IAAA,OACpC,CACEb,OAAO,EACP;MACE,GAAGW,UAAU;MACbP,IAAI,EAAEU,OAAO,CAACC,MAAM,CAClB,CAACC,KAAK,EAAAC,KAAA;QAAA,IAAE;UAAEC,MAAM;UAAEd;QAAK,CAAC,GAAAa,KAAA;QAAA,OAAM;UAAE,GAAGD,KAAK;UAAE,CAACE,MAAM,GAAGd;QAAK,CAAC;MAAA,CAAC,EAC3D,CAAC,CACH;IACF,CAAC,CACF;EAAA,CACL,CAAC;;EAEH;EACA;EACA,MAAMe,eAAe,GAAG1C,WAAW,CAChCqB,MAAM,CAAEP,CAAC,IAAK,CAACI,MAAM,CAACyB,IAAI,CAACZ,aAAa,CAAC,CAACrB,QAAQ,CAACI,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CACzDe,GAAG,CAACe,KAAA;IAAA,IAAC,GAAGC,GAAG,EAAEV,KAAK,CAAC,GAAAS,KAAA;IAAA,OAAK,CAACC,GAAG,EAAE;MAAEV,KAAK;MAAEX,SAAS,EAAE,KAAK;MAAEG,IAAI,EAAEkB;IAAI,CAAC,CAAC;EAAA,EAAC;EAEzE,OAAO;IACL,GAAG3B,MAAM,CAAC4B,WAAW,CAACf,aAAa,CAAC;IACpC,GAAGb,MAAM,CAAC4B,WAAW,CAACJ,eAAe;EACvC,CAAC;AACH,CAAC;;AAED;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,eAAeK,qBAAqBA,CAClCC,aAAqB,EACrBC,UAAiB,EACjBC,oBAAmC,EACF;EACjC,MAAM,CAACC,iBAAiB,EAAEC,gBAAgB,CAAC;EACzC;EACA,MAAMC,OAAO,CAACC,GAAG,CAAC,CAChB,IAAAC,aAAW,EAACP,aAAa,EAAEC,UAAU,EAAEO,eAAQ,CAAC,EAChDN,oBAAoB,CAACO,YAAY,CAAC,CAAC,CACpC,CAAC;EAEJ,MAAM;IAAEC;EAAI,CAAC,GAAGP,iBAAiB,CAACpD,KAAK,CAACY,OAAO;EAE/C,IAAI,CAAC+C,GAAG,CAACC,GAAG,CAACC,GAAG,IAAIF,GAAG,CAACC,GAAG,CAACC,GAAG,KAAKR,gBAAgB,CAACQ,GAAG,EAAE;IACxD,MAAM,IAAI5C,qBAAa,CACpB,kDAAiDoC,gBAAgB,CAACQ,GAAI,UAAST,iBAAiB,CAACpD,KAAK,CAACY,OAAO,CAAC+C,GAAG,CAACC,GAAG,CAACC,GAAI,EAC9H,CAAC;EACH;EAEA,OAAOT,iBAAiB;AAC1B;;AAEA;;AAQA,MAAMU,6BAAsD,GAAG,MAAAA,CAC7DC,UAAU,EACVC,UAAU,EACVjD,CAAC,EAAAkD,KAAA,KAEE;EAAA,IADH;IAAEC,uBAAuB;IAAEhE;EAAwB,CAAC,GAAA+D,KAAA;EAEpD,MAAME,OAAO,GAAG,MAAMnB,qBAAqB,CACzCgB,UAAU,EACVD,UAAU,CAACK,wBAAwB,CAACC,IAAI,CAACzB,IAAI,EAC7CsB,uBACF,CAAC;EAED,MAAMI,gBAAgB,GAAG1E,oBAAoB,CAC3CmE,UAAU,CAACK,wBAAwB,CAACvE,qBAAqB,EACzDsE,OAAO,EACPjE,uBACF,CAAC;EAED,OAAO;IAAEoE;EAAiB,CAAC;AAC7B,CAAC;;AAED;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACO,MAAMC,wBAAkD,GAAG,MAAAA,CAChER,UAAU,EACVC,UAAU,EACVQ,MAAM,EACNC,OAAO,KACJ;EACH,IAAID,MAAM,KAAK,WAAW,EAAE;IAC1B,OAAOV,6BAA6B,CAClCC,UAAU,EACVC,UAAU,EACVQ,MAAM,EACNC,OACF,CAAC;EACH;EAEA,MAAM1D,CAAQ,GAAGyD,MAAM;EACvB,MAAM,IAAIvD,qBAAa,CAAE,kCAAiCF,CAAE,EAAC,CAAC;AAChE,CAAC;AAAC2D,OAAA,CAAAH,wBAAA,GAAAA,wBAAA"}
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"names":[],"sourceRoot":"../../../../src","sources":["credential/issuance/08-confirm-credential.ts"],"mappings":""}
|
|
@@ -3,7 +3,12 @@
|
|
|
3
3
|
Object.defineProperty(exports, "__esModule", {
|
|
4
4
|
value: true
|
|
5
5
|
});
|
|
6
|
-
exports.ASSERTION_TYPE = void 0;
|
|
6
|
+
exports.SupportedCredentialFormat = exports.ASSERTION_TYPE = void 0;
|
|
7
|
+
var z = _interopRequireWildcard(require("zod"));
|
|
8
|
+
function _getRequireWildcardCache(nodeInterop) { if (typeof WeakMap !== "function") return null; var cacheBabelInterop = new WeakMap(); var cacheNodeInterop = new WeakMap(); return (_getRequireWildcardCache = function (nodeInterop) { return nodeInterop ? cacheNodeInterop : cacheBabelInterop; })(nodeInterop); }
|
|
9
|
+
function _interopRequireWildcard(obj, nodeInterop) { if (!nodeInterop && obj && obj.__esModule) { return obj; } if (obj === null || typeof obj !== "object" && typeof obj !== "function") { return { default: obj }; } var cache = _getRequireWildcardCache(nodeInterop); if (cache && cache.has(obj)) { return cache.get(obj); } var newObj = {}; var hasPropertyDescriptor = Object.defineProperty && Object.getOwnPropertyDescriptor; for (var key in obj) { if (key !== "default" && Object.prototype.hasOwnProperty.call(obj, key)) { var desc = hasPropertyDescriptor ? Object.getOwnPropertyDescriptor(obj, key) : null; if (desc && (desc.get || desc.set)) { Object.defineProperty(newObj, key, desc); } else { newObj[key] = obj[key]; } } } newObj.default = obj; if (cache) { cache.set(obj, newObj); } return newObj; }
|
|
7
10
|
const ASSERTION_TYPE = "urn:ietf:params:oauth:client-assertion-type:jwt-client-attestation";
|
|
8
11
|
exports.ASSERTION_TYPE = ASSERTION_TYPE;
|
|
12
|
+
const SupportedCredentialFormat = z.literal("vc+sd-jwt");
|
|
13
|
+
exports.SupportedCredentialFormat = SupportedCredentialFormat;
|
|
9
14
|
//# sourceMappingURL=const.js.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"names":["ASSERTION_TYPE","exports"],"sourceRoot":"../../../../src","sources":["credential/issuance/const.ts"],"mappings":";;;;;;
|
|
1
|
+
{"version":3,"names":["z","_interopRequireWildcard","require","_getRequireWildcardCache","nodeInterop","WeakMap","cacheBabelInterop","cacheNodeInterop","obj","__esModule","default","cache","has","get","newObj","hasPropertyDescriptor","Object","defineProperty","getOwnPropertyDescriptor","key","prototype","hasOwnProperty","call","desc","set","ASSERTION_TYPE","exports","SupportedCredentialFormat","literal"],"sourceRoot":"../../../../src","sources":["credential/issuance/const.ts"],"mappings":";;;;;;AAAA,IAAAA,CAAA,GAAAC,uBAAA,CAAAC,OAAA;AAAyB,SAAAC,yBAAAC,WAAA,eAAAC,OAAA,kCAAAC,iBAAA,OAAAD,OAAA,QAAAE,gBAAA,OAAAF,OAAA,YAAAF,wBAAA,YAAAA,CAAAC,WAAA,WAAAA,WAAA,GAAAG,gBAAA,GAAAD,iBAAA,KAAAF,WAAA;AAAA,SAAAH,wBAAAO,GAAA,EAAAJ,WAAA,SAAAA,WAAA,IAAAI,GAAA,IAAAA,GAAA,CAAAC,UAAA,WAAAD,GAAA,QAAAA,GAAA,oBAAAA,GAAA,wBAAAA,GAAA,4BAAAE,OAAA,EAAAF,GAAA,UAAAG,KAAA,GAAAR,wBAAA,CAAAC,WAAA,OAAAO,KAAA,IAAAA,KAAA,CAAAC,GAAA,CAAAJ,GAAA,YAAAG,KAAA,CAAAE,GAAA,CAAAL,GAAA,SAAAM,MAAA,WAAAC,qBAAA,GAAAC,MAAA,CAAAC,cAAA,IAAAD,MAAA,CAAAE,wBAAA,WAAAC,GAAA,IAAAX,GAAA,QAAAW,GAAA,kBAAAH,MAAA,CAAAI,SAAA,CAAAC,cAAA,CAAAC,IAAA,CAAAd,GAAA,EAAAW,GAAA,SAAAI,IAAA,GAAAR,qBAAA,GAAAC,MAAA,CAAAE,wBAAA,CAAAV,GAAA,EAAAW,GAAA,cAAAI,IAAA,KAAAA,IAAA,CAAAV,GAAA,IAAAU,IAAA,CAAAC,GAAA,KAAAR,MAAA,CAAAC,cAAA,CAAAH,MAAA,EAAAK,GAAA,EAAAI,IAAA,YAAAT,MAAA,CAAAK,GAAA,IAAAX,GAAA,CAAAW,GAAA,SAAAL,MAAA,CAAAJ,OAAA,GAAAF,GAAA,MAAAG,KAAA,IAAAA,KAAA,CAAAa,GAAA,CAAAhB,GAAA,EAAAM,MAAA,YAAAA,MAAA;AAClB,MAAMW,cAAc,GACzB,oEAAoE;AAACC,OAAA,CAAAD,cAAA,GAAAA,cAAA;AAKhE,MAAME,yBAAyB,GAAG3B,CAAC,CAAC4B,OAAO,CAAC,WAAW,CAAC;AAACF,OAAA,CAAAC,yBAAA,GAAAA,yBAAA"}
|
|
@@ -27,8 +27,15 @@ Object.defineProperty(exports, "startUserAuthorization", {
|
|
|
27
27
|
return _startUserAuthorization.startUserAuthorization;
|
|
28
28
|
}
|
|
29
29
|
});
|
|
30
|
+
Object.defineProperty(exports, "verifyAndParseCredential", {
|
|
31
|
+
enumerable: true,
|
|
32
|
+
get: function () {
|
|
33
|
+
return _verifyAndParseCredential.verifyAndParseCredential;
|
|
34
|
+
}
|
|
35
|
+
});
|
|
30
36
|
var _evaluateIssuerTrust = require("./02-evaluate-issuer-trust");
|
|
31
37
|
var _startUserAuthorization = require("./03-start-user-authorization");
|
|
32
38
|
var _authorizeAccess = require("./05-authorize-access");
|
|
33
39
|
var _obtainCredential = require("./06-obtain-credential");
|
|
40
|
+
var _verifyAndParseCredential = require("./07-verify-and-parse-credential");
|
|
34
41
|
//# sourceMappingURL=index.js.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"names":["_evaluateIssuerTrust","require","_startUserAuthorization","_authorizeAccess","_obtainCredential"],"sourceRoot":"../../../../src","sources":["credential/issuance/index.ts"],"mappings":"
|
|
1
|
+
{"version":3,"names":["_evaluateIssuerTrust","require","_startUserAuthorization","_authorizeAccess","_obtainCredential","_verifyAndParseCredential"],"sourceRoot":"../../../../src","sources":["credential/issuance/index.ts"],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AACA,IAAAA,oBAAA,GAAAC,OAAA;AAIA,IAAAC,uBAAA,GAAAD,OAAA;AAKA,IAAAE,gBAAA,GAAAF,OAAA;AACA,IAAAG,iBAAA,GAAAH,OAAA;AAIA,IAAAI,yBAAA,GAAAJ,OAAA"}
|
package/lib/commonjs/index.js
CHANGED
|
@@ -15,7 +15,7 @@ Object.defineProperty(exports, "AuthorizationDetails", {
|
|
|
15
15
|
return _par.AuthorizationDetails;
|
|
16
16
|
}
|
|
17
17
|
});
|
|
18
|
-
exports.WalletInstanceAttestation = exports.Trust = exports.PID = exports.Errors = exports.Credential = void 0;
|
|
18
|
+
exports.WalletInstanceAttestation = exports.Trust = exports.SdJwt = exports.PID = exports.Errors = exports.Credential = void 0;
|
|
19
19
|
Object.defineProperty(exports, "createCryptoContextFor", {
|
|
20
20
|
enumerable: true,
|
|
21
21
|
get: function () {
|
|
@@ -27,6 +27,8 @@ var Credential = _interopRequireWildcard(require("./credential"));
|
|
|
27
27
|
exports.Credential = Credential;
|
|
28
28
|
var PID = _interopRequireWildcard(require("./pid"));
|
|
29
29
|
exports.PID = PID;
|
|
30
|
+
var SdJwt = _interopRequireWildcard(require("./sd-jwt"));
|
|
31
|
+
exports.SdJwt = SdJwt;
|
|
30
32
|
var Errors = _interopRequireWildcard(require("./utils/errors"));
|
|
31
33
|
exports.Errors = Errors;
|
|
32
34
|
var WalletInstanceAttestation = _interopRequireWildcard(require("./wallet-instance-attestation"));
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"names":["require","Credential","_interopRequireWildcard","exports","PID","Errors","WalletInstanceAttestation","Trust","_par","_crypto","_getRequireWildcardCache","nodeInterop","WeakMap","cacheBabelInterop","cacheNodeInterop","obj","__esModule","default","cache","has","get","newObj","hasPropertyDescriptor","Object","defineProperty","getOwnPropertyDescriptor","key","prototype","hasOwnProperty","call","desc","set"],"sourceRoot":"../../src","sources":["index.ts"],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;AAEAA,OAAA;AAEA,IAAAC,UAAA,GAAAC,uBAAA,CAAAF,OAAA;AAA2CG,OAAA,CAAAF,UAAA,GAAAA,UAAA;AAC3C,IAAAG,GAAA,GAAAF,uBAAA,CAAAF,OAAA;AAA6BG,OAAA,CAAAC,GAAA,GAAAA,GAAA;AAC7B,IAAAC,
|
|
1
|
+
{"version":3,"names":["require","Credential","_interopRequireWildcard","exports","PID","SdJwt","Errors","WalletInstanceAttestation","Trust","_par","_crypto","_getRequireWildcardCache","nodeInterop","WeakMap","cacheBabelInterop","cacheNodeInterop","obj","__esModule","default","cache","has","get","newObj","hasPropertyDescriptor","Object","defineProperty","getOwnPropertyDescriptor","key","prototype","hasOwnProperty","call","desc","set"],"sourceRoot":"../../src","sources":["index.ts"],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;AAEAA,OAAA;AAEA,IAAAC,UAAA,GAAAC,uBAAA,CAAAF,OAAA;AAA2CG,OAAA,CAAAF,UAAA,GAAAA,UAAA;AAC3C,IAAAG,GAAA,GAAAF,uBAAA,CAAAF,OAAA;AAA6BG,OAAA,CAAAC,GAAA,GAAAA,GAAA;AAC7B,IAAAC,KAAA,GAAAH,uBAAA,CAAAF,OAAA;AAAkCG,OAAA,CAAAE,KAAA,GAAAA,KAAA;AAClC,IAAAC,MAAA,GAAAJ,uBAAA,CAAAF,OAAA;AAAyCG,OAAA,CAAAG,MAAA,GAAAA,MAAA;AACzC,IAAAC,yBAAA,GAAAL,uBAAA,CAAAF,OAAA;AAA2EG,OAAA,CAAAI,yBAAA,GAAAA,yBAAA;AAC3E,IAAAC,KAAA,GAAAN,uBAAA,CAAAF,OAAA;AAAiCG,OAAA,CAAAK,KAAA,GAAAA,KAAA;AACjC,IAAAC,IAAA,GAAAT,OAAA;AACA,IAAAU,OAAA,GAAAV,OAAA;AAAwD,SAAAW,yBAAAC,WAAA,eAAAC,OAAA,kCAAAC,iBAAA,OAAAD,OAAA,QAAAE,gBAAA,OAAAF,OAAA,YAAAF,wBAAA,YAAAA,CAAAC,WAAA,WAAAA,WAAA,GAAAG,gBAAA,GAAAD,iBAAA,KAAAF,WAAA;AAAA,SAAAV,wBAAAc,GAAA,EAAAJ,WAAA,SAAAA,WAAA,IAAAI,GAAA,IAAAA,GAAA,CAAAC,UAAA,WAAAD,GAAA,QAAAA,GAAA,oBAAAA,GAAA,wBAAAA,GAAA,4BAAAE,OAAA,EAAAF,GAAA,UAAAG,KAAA,GAAAR,wBAAA,CAAAC,WAAA,OAAAO,KAAA,IAAAA,KAAA,CAAAC,GAAA,CAAAJ,GAAA,YAAAG,KAAA,CAAAE,GAAA,CAAAL,GAAA,SAAAM,MAAA,WAAAC,qBAAA,GAAAC,MAAA,CAAAC,cAAA,IAAAD,MAAA,CAAAE,wBAAA,WAAAC,GAAA,IAAAX,GAAA,QAAAW,GAAA,kBAAAH,MAAA,CAAAI,SAAA,CAAAC,cAAA,CAAAC,IAAA,CAAAd,GAAA,EAAAW,GAAA,SAAAI,IAAA,GAAAR,qBAAA,GAAAC,MAAA,CAAAE,wBAAA,CAAAV,GAAA,EAAAW,GAAA,cAAAI,IAAA,KAAAA,IAAA,CAAAV,GAAA,IAAAU,IAAA,CAAAC,GAAA,KAAAR,MAAA,CAAAC,cAAA,CAAAH,MAAA,EAAAK,GAAA,EAAAI,IAAA,YAAAT,MAAA,CAAAK,GAAA,IAAAX,GAAA,CAAAW,GAAA,SAAAL,MAAA,CAAAJ,OAAA,GAAAF,GAAA,MAAAG,KAAA,IAAAA,KAAA,CAAAa,GAAA,CAAAhB,GAAA,EAAAM,MAAA,YAAAA,MAAA"}
|
|
@@ -1,9 +1,10 @@
|
|
|
1
1
|
"use strict";
|
|
2
2
|
|
|
3
|
+
var _zod = require("zod");
|
|
3
4
|
var _index = require("../index");
|
|
4
5
|
var _ioReactNativeJwt = require("@pagopa/io-react-native-jwt");
|
|
5
6
|
var _types = require("../types");
|
|
6
|
-
// Examples from https://www.ietf.org/id/draft-terbu-sd-jwt-vc-02.html#name-example-4
|
|
7
|
+
// Examples from https://www.ietf.org/archive/id/draft-terbu-sd-jwt-vc-02.html#name-example-4
|
|
7
8
|
// but adapted to adhere to format declared in https://italia.github.io/eudi-wallet-it-docs/versione-corrente/en/pid-eaa-data-model.html#id2
|
|
8
9
|
// In short, the token is a Frankenstein composed as follows:
|
|
9
10
|
// - the header is taken from the italian specification, with kid and alg valued according to the signing keys
|
|
@@ -76,6 +77,37 @@ describe("decode", () => {
|
|
|
76
77
|
}))
|
|
77
78
|
});
|
|
78
79
|
});
|
|
80
|
+
it("should decode with default decoder", () => {
|
|
81
|
+
const result = (0, _index.decode)(token);
|
|
82
|
+
expect(result).toEqual({
|
|
83
|
+
sdJwt,
|
|
84
|
+
disclosures: disclosures.map((decoded, i) => ({
|
|
85
|
+
decoded,
|
|
86
|
+
encoded: tokenizedDisclosures[i]
|
|
87
|
+
}))
|
|
88
|
+
});
|
|
89
|
+
});
|
|
90
|
+
it("should accept only decoders that extend SdJwt4VC", () => {
|
|
91
|
+
const validDecoder = _types.SdJwt4VC.and(_zod.z.object({
|
|
92
|
+
payload: _zod.z.object({
|
|
93
|
+
customField: _zod.z.string()
|
|
94
|
+
})
|
|
95
|
+
}));
|
|
96
|
+
const invalidDecoder = _zod.z.object({
|
|
97
|
+
payload: _zod.z.object({
|
|
98
|
+
customField: _zod.z.string()
|
|
99
|
+
})
|
|
100
|
+
});
|
|
101
|
+
try {
|
|
102
|
+
// ts is fine
|
|
103
|
+
(0, _index.decode)(token, validDecoder);
|
|
104
|
+
// @ts-expect-error break types
|
|
105
|
+
(0, _index.decode)(token, invalidDecoder);
|
|
106
|
+
} catch (error) {
|
|
107
|
+
// ignore actual result, just focus on types
|
|
108
|
+
// spot the error during type checking phase
|
|
109
|
+
}
|
|
110
|
+
});
|
|
79
111
|
});
|
|
80
112
|
describe("disclose", () => {
|
|
81
113
|
it("should encode a valid sdjwt (one claim)", async () => {
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"names":["
|
|
1
|
+
{"version":3,"names":["_zod","require","_index","_ioReactNativeJwt","_types","token","unsigned","signature","signed","tokenizedDisclosures","sdJwt","header","typ","alg","kid","trust_chain","payload","iss","sub","jti","iat","exp","status","cnf","jwk","kty","use","n","e","type","verified_claims","verification","_sd","trust_framework","assurance_level","claims","_sd_alg","disclosures","street_address","locality","region","country","it","expect","JSON","parse","decodeBase64","encodeBase64","stringify","toEqual","join","toBe","describe","result","decode","SdJwt4VC","map","decoded","i","encoded","validDecoder","and","z","object","customField","string","invalidDecoder","error","disclose","expected","paths","claim","path","fn","rejects","any","Error"],"sourceRoot":"../../../../src","sources":["sd-jwt/__test__/index.test.ts"],"mappings":";;AAAA,IAAAA,IAAA,GAAAC,OAAA;AACA,IAAAC,MAAA,GAAAD,OAAA;AAEA,IAAAE,iBAAA,GAAAF,OAAA;AACA,IAAAG,MAAA,GAAAH,OAAA;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,MAAMI,KAAK,GACT,kvEAAkvE;AAEpvE,MAAMC,QAAQ,GACZ,87CAA87C;AAEh8C,MAAMC,SAAS,GACb,wFAAwF;AAE1F,MAAMC,MAAM,GAAI,GAAEF,QAAS,IAAGC,SAAU,EAAC;AAEzC,MAAME,oBAAoB,GAAG,CAC3B,kEAAkE,EAClE,kEAAkE,EAClE,gFAAgF,EAChF,oFAAoF,EACpF,yEAAyE,EACzE,gEAAgE,EAChE,gEAAgE,EAChE,gEAAgE,EAChE,qLAAqL,CACtL;AAED,MAAMC,KAAK,GAAG;EACZC,MAAM,EAAE;IACNC,GAAG,EAAE,WAAW;IAChBC,GAAG,EAAE,OAAO;IACZC,GAAG,EAAE,kCAAkC;IACvCC,WAAW,EAAE,CACX,kCAAkC,EAClC,kCAAkC,EAClC,kCAAkC;EAEtC,CAAC;EACDC,OAAO,EAAE;IACPC,GAAG,EAAE,4BAA4B;IACjCC,GAAG,EAAE,sCAAsC;IAC3CC,GAAG,EAAE,+CAA+C;IACpDC,GAAG,EAAE,UAAU;IACfC,GAAG,EAAE,UAAU;IACfC,MAAM,EAAE,4BAA4B;IACpCC,GAAG,EAAE;MACHC,GAAG,EAAE;QACHC,GAAG,EAAE,KAAK;QACVC,GAAG,EAAE,KAAK;QACVC,CAAC,EAAE,QAAQ;QACXC,CAAC,EAAE,MAAM;QACTd,GAAG,EAAE;MACP;IACF,CAAC;IACDe,IAAI,EAAE,0BAA0B;IAChCC,eAAe,EAAE;MACfC,YAAY,EAAE;QACZC,GAAG,EAAE,CAAC,6CAA6C,CAAC;QACpDC,eAAe,EAAE,OAAO;QACxBC,eAAe,EAAE;MACnB,CAAC;MACDC,MAAM,EAAE;QACNH,GAAG,EAAE,CACH,6CAA6C,EAC7C,6CAA6C,EAC7C,6CAA6C,EAC7C,6CAA6C,EAC7C,6CAA6C,EAC7C,6CAA6C,EAC7C,6CAA6C,EAC7C,6CAA6C;MAEjD;IACF,CAAC;IACDI,OAAO,EAAE;EACX;AACF,CAAC;;AAED;AACA,MAAMC,WAAW,GAAG,CAClB,CAAC,wBAAwB,EAAE,YAAY,EAAE,MAAM,CAAC,EAChD,CAAC,wBAAwB,EAAE,aAAa,EAAE,KAAK,CAAC,EAChD,CAAC,wBAAwB,EAAE,OAAO,EAAE,qBAAqB,CAAC,EAC1D,CAAC,wBAAwB,EAAE,cAAc,EAAE,iBAAiB,CAAC,EAC7D,CAAC,wBAAwB,EAAE,WAAW,EAAE,YAAY,CAAC,EACrD,CAAC,wBAAwB,EAAE,YAAY,EAAE,IAAI,CAAC,EAC9C,CAAC,wBAAwB,EAAE,YAAY,EAAE,IAAI,CAAC,EAC9C,CAAC,wBAAwB,EAAE,YAAY,EAAE,IAAI,CAAC,EAC9C,CACE,wBAAwB,EACxB,SAAS,EACT;EACEC,cAAc,EAAE,aAAa;EAC7BC,QAAQ,EAAE,SAAS;EACnBC,MAAM,EAAE,UAAU;EAClBC,OAAO,EAAE;AACX,CAAC,CACF,CACF;AACDC,EAAE,CAAC,kCAAkC,EAAE,MAAM;EAC3CC,MAAM,CACJC,IAAI,CAACC,KAAK,CAAC,IAAAC,8BAAY,EAAC,IAAAC,8BAAY,EAACH,IAAI,CAACI,SAAS,CAACtC,KAAK,CAACC,MAAM,CAAC,CAAC,CAAC,CACrE,CAAC,CAACsC,OAAO,CAACvC,KAAK,CAACC,MAAM,CAAC;EACvBgC,MAAM,CAAC,CAACnC,MAAM,EAAE,GAAGC,oBAAoB,CAAC,CAACyC,IAAI,CAAC,GAAG,CAAC,CAAC,CAACC,IAAI,CAAC9C,KAAK,CAAC;AACjE,CAAC,CAAC;AAEF+C,QAAQ,CAAC,QAAQ,EAAE,MAAM;EACvBV,EAAE,CAAC,6BAA6B,EAAE,MAAM;IACtC,MAAMW,MAAM,GAAG,IAAAC,aAAM,EAACjD,KAAK,EAAEkD,eAAQ,CAAC;IACtCZ,MAAM,CAACU,MAAM,CAAC,CAACJ,OAAO,CAAC;MACrBvC,KAAK;MACL2B,WAAW,EAAEA,WAAW,CAACmB,GAAG,CAAC,CAACC,OAAO,EAAEC,CAAC,MAAM;QAC5CD,OAAO;QACPE,OAAO,EAAElD,oBAAoB,CAACiD,CAAC;MACjC,CAAC,CAAC;IACJ,CAAC,CAAC;EACJ,CAAC,CAAC;EAEFhB,EAAE,CAAC,oCAAoC,EAAE,MAAM;IAC7C,MAAMW,MAAM,GAAG,IAAAC,aAAM,EAACjD,KAAK,CAAC;IAC5BsC,MAAM,CAACU,MAAM,CAAC,CAACJ,OAAO,CAAC;MACrBvC,KAAK;MACL2B,WAAW,EAAEA,WAAW,CAACmB,GAAG,CAAC,CAACC,OAAO,EAAEC,CAAC,MAAM;QAC5CD,OAAO;QACPE,OAAO,EAAElD,oBAAoB,CAACiD,CAAC;MACjC,CAAC,CAAC;IACJ,CAAC,CAAC;EACJ,CAAC,CAAC;EAEFhB,EAAE,CAAC,kDAAkD,EAAE,MAAM;IAC3D,MAAMkB,YAAY,GAAGL,eAAQ,CAACM,GAAG,CAC/BC,MAAC,CAACC,MAAM,CAAC;MAAE/C,OAAO,EAAE8C,MAAC,CAACC,MAAM,CAAC;QAAEC,WAAW,EAAEF,MAAC,CAACG,MAAM,CAAC;MAAE,CAAC;IAAE,CAAC,CAC7D,CAAC;IACD,MAAMC,cAAc,GAAGJ,MAAC,CAACC,MAAM,CAAC;MAC9B/C,OAAO,EAAE8C,MAAC,CAACC,MAAM,CAAC;QAAEC,WAAW,EAAEF,MAAC,CAACG,MAAM,CAAC;MAAE,CAAC;IAC/C,CAAC,CAAC;IAEF,IAAI;MACF;MACA,IAAAX,aAAM,EAACjD,KAAK,EAAEuD,YAAY,CAAC;MAC3B;MACA,IAAAN,aAAM,EAACjD,KAAK,EAAE6D,cAAc,CAAC;IAC/B,CAAC,CAAC,OAAOC,KAAK,EAAE;MACd;MACA;IAAA;EAEJ,CAAC,CAAC;AACJ,CAAC,CAAC;AAEFf,QAAQ,CAAC,UAAU,EAAE,MAAM;EACzBV,EAAE,CAAC,yCAAyC,EAAE,YAAY;IACxD,MAAMW,MAAM,GAAG,MAAM,IAAAe,eAAQ,EAAC/D,KAAK,EAAE,CAAC,YAAY,CAAC,CAAC;IACpD,MAAMgE,QAAQ,GAAG;MACfhE,KAAK,EAAG,GAAEG,MAAO,mEAAkE;MACnF8D,KAAK,EAAE,CAAC;QAAEC,KAAK,EAAE,YAAY;QAAEC,IAAI,EAAE;MAAgC,CAAC;IACxE,CAAC;IAED7B,MAAM,CAACU,MAAM,CAAC,CAACJ,OAAO,CAACoB,QAAQ,CAAC;EAClC,CAAC,CAAC;EAEF3B,EAAE,CAAC,yCAAyC,EAAE,YAAY;IACxD,MAAMW,MAAM,GAAG,MAAM,IAAAe,eAAQ,EAAC/D,KAAK,EAAE,EAAE,CAAC;IACxC,MAAMgE,QAAQ,GAAG;MAAEhE,KAAK,EAAG,GAAEG,MAAO,EAAC;MAAE8D,KAAK,EAAE;IAAG,CAAC;IAElD3B,MAAM,CAACU,MAAM,CAAC,CAACJ,OAAO,CAACoB,QAAQ,CAAC;EAClC,CAAC,CAAC;EAEF3B,EAAE,CAAC,+CAA+C,EAAE,YAAY;IAC9D,MAAMW,MAAM,GAAG,MAAM,IAAAe,eAAQ,EAAC/D,KAAK,EAAE,CAAC,YAAY,EAAE,OAAO,CAAC,CAAC;IAC7D,MAAMgE,QAAQ,GAAG;MACfhE,KAAK,EAAG,GAAEG,MAAO,kJAAiJ;MAClK8D,KAAK,EAAE,CACL;QACEC,KAAK,EAAE,YAAY;QACnBC,IAAI,EAAE;MACR,CAAC,EACD;QACED,KAAK,EAAE,OAAO;QACdC,IAAI,EAAE;MACR,CAAC;IAEL,CAAC;IAED7B,MAAM,CAACU,MAAM,CAAC,CAACJ,OAAO,CAACoB,QAAQ,CAAC;EAClC,CAAC,CAAC;EAEF3B,EAAE,CAAC,8BAA8B,EAAE,YAAY;IAC7C,MAAM+B,EAAE,GAAG,MAAAA,CAAA,KAAY,IAAAL,eAAQ,EAAC/D,KAAK,EAAE,CAAC,SAAS,CAAC,CAAC;IAEnD,MAAMsC,MAAM,CAAC8B,EAAE,CAAC,CAAC,CAAC,CAACC,OAAO,CAACzB,OAAO,CAACN,MAAM,CAACgC,GAAG,CAACC,KAAK,CAAC,CAAC;EACvD,CAAC,CAAC;AACJ,CAAC,CAAC"}
|
|
@@ -3,6 +3,12 @@
|
|
|
3
3
|
Object.defineProperty(exports, "__esModule", {
|
|
4
4
|
value: true
|
|
5
5
|
});
|
|
6
|
+
Object.defineProperty(exports, "SdJwt4VC", {
|
|
7
|
+
enumerable: true,
|
|
8
|
+
get: function () {
|
|
9
|
+
return _types.SdJwt4VC;
|
|
10
|
+
}
|
|
11
|
+
});
|
|
6
12
|
exports.verify = exports.disclose = exports.decode = void 0;
|
|
7
13
|
var _ioReactNativeJwt = require("@pagopa/io-react-native-jwt");
|
|
8
14
|
var _types = require("./types");
|
|
@@ -25,12 +31,12 @@ const decodeDisclosure = encoded => {
|
|
|
25
31
|
*
|
|
26
32
|
* @function
|
|
27
33
|
* @param token The encoded token that represents a valid sd-jwt for verifiable credentials
|
|
28
|
-
* @param
|
|
34
|
+
* @param customSchema (optional) Schema to use to parse the SD-JWT. Default: SdJwt4VC
|
|
29
35
|
*
|
|
30
36
|
* @returns The parsed SD-JWT token and the parsed disclosures
|
|
31
37
|
*
|
|
32
38
|
*/
|
|
33
|
-
const decode = (token,
|
|
39
|
+
const decode = (token, customSchema) => {
|
|
34
40
|
// token are expected in the form "sd-jwt~disclosure0~disclosure1~...~disclosureN~"
|
|
35
41
|
if (token.slice(-1) === "~") {
|
|
36
42
|
token = token.slice(0, -1);
|
|
@@ -40,7 +46,10 @@ const decode = (token, schema) => {
|
|
|
40
46
|
// get the sd-jwt as object
|
|
41
47
|
// validate it's a valid SD-JWT for Verifiable Credentials
|
|
42
48
|
const decodedJwt = (0, _ioReactNativeJwt.decode)(rawSdJwt);
|
|
43
|
-
|
|
49
|
+
|
|
50
|
+
// use a custom parsed if provided, otherwise use base SdJwt4VC
|
|
51
|
+
const parser = customSchema || _types.SdJwt4VC;
|
|
52
|
+
const sdJwt = parser.parse({
|
|
44
53
|
header: decodedJwt.protectedHeader,
|
|
45
54
|
payload: decodedJwt.payload
|
|
46
55
|
});
|
|
@@ -134,16 +143,16 @@ const disclose = async (token, claims) => {
|
|
|
134
143
|
*
|
|
135
144
|
* @param token The encoded token that represents a valid sd-jwt for verifiable credentials
|
|
136
145
|
* @param publicKey The single public key or an array of public keys to validate the signature.
|
|
137
|
-
* @param
|
|
146
|
+
* @param customSchema Schema to use to parse the SD-JWT
|
|
138
147
|
*
|
|
139
148
|
* @returns The parsed SD-JWT token and the parsed disclosures
|
|
140
149
|
*
|
|
141
150
|
*/
|
|
142
151
|
exports.disclose = disclose;
|
|
143
|
-
const verify = async (token, publicKey,
|
|
152
|
+
const verify = async (token, publicKey, customSchema) => {
|
|
144
153
|
// get decoded data
|
|
145
154
|
const [rawSdJwt = ""] = token.split("~");
|
|
146
|
-
const decoded = decode(token,
|
|
155
|
+
const decoded = decode(token, customSchema);
|
|
147
156
|
|
|
148
157
|
//Check signature
|
|
149
158
|
await (0, _ioReactNativeJwt.verify)(rawSdJwt, publicKey);
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"names":["_ioReactNativeJwt","require","_types","_verifier","_errors","decodeDisclosure","encoded","decoded","Disclosure","parse","JSON","decodeBase64","decode","token","
|
|
1
|
+
{"version":3,"names":["_ioReactNativeJwt","require","_types","_verifier","_errors","decodeDisclosure","encoded","decoded","Disclosure","parse","JSON","decodeBase64","decode","token","customSchema","slice","rawSdJwt","rawDisclosures","split","decodedJwt","decodeJwt","parser","SdJwt4VC","sdJwt","header","protectedHeader","payload","disclosures","map","exports","disclose","claims","paths","Promise","all","claim","disclosure","find","_ref","name","ClaimsNotFoundBetweenDislosures","hash","sha256ToBase64","verified_claims","_sd","includes","index","indexOf","path","verification","ClaimsNotFoundInToken","filteredDisclosures","filter","d","disclosedToken","join","verify","publicKey","verifyJwt","verifyDisclosure"],"sourceRoot":"../../../src","sources":["sd-jwt/index.ts"],"mappings":";;;;;;;;;;;;AAEA,IAAAA,iBAAA,GAAAC,OAAA;AAKA,IAAAC,MAAA,GAAAD,OAAA;AACA,IAAAE,SAAA,GAAAF,OAAA;AAEA,IAAAG,OAAA,GAAAH,OAAA;AAKA,MAAMI,gBAAgB,GAAIC,OAAe,IAA4B;EACnE,MAAMC,OAAO,GAAGC,iBAAU,CAACC,KAAK,CAACC,IAAI,CAACD,KAAK,CAAC,IAAAE,8BAAY,EAACL,OAAO,CAAC,CAAC,CAAC;EACnE,OAAO;IAAEC,OAAO;IAAED;EAAQ,CAAC;AAC7B,CAAC;;AAED;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACO,MAAMM,MAAM,GAAGA,CACpBC,KAAa,EACbC,YAAgB,KAIb;EACH;EACA,IAAID,KAAK,CAACE,KAAK,CAAC,CAAC,CAAC,CAAC,KAAK,GAAG,EAAE;IAC3BF,KAAK,GAAGA,KAAK,CAACE,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC;EAC5B;EACA,MAAM,CAACC,QAAQ,GAAG,EAAE,EAAE,GAAGC,cAAc,CAAC,GAAGJ,KAAK,CAACK,KAAK,CAAC,GAAG,CAAC;;EAE3D;EACA;EACA,MAAMC,UAAU,GAAG,IAAAC,wBAAS,EAACJ,QAAQ,CAAC;;EAEtC;EACA,MAAMK,MAAM,GAAGP,YAAY,IAAIQ,eAAQ;EAEvC,MAAMC,KAAK,GAAGF,MAAM,CAACZ,KAAK,CAAC;IACzBe,MAAM,EAAEL,UAAU,CAACM,eAAe;IAClCC,OAAO,EAAEP,UAAU,CAACO;EACtB,CAAC,CAAC;;EAEF;EACA;EACA;EACA,MAAMC,WAAW,GAAGV,cAAc,CAACW,GAAG,CAACvB,gBAAgB,CAAC;EAExD,OAAO;IAAEkB,KAAK;IAAEI;EAAY,CAAC;AAC/B,CAAC;;AAED;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AAZAE,OAAA,CAAAjB,MAAA,GAAAA,MAAA;AAaO,MAAMkB,QAAQ,GAAG,MAAAA,CACtBjB,KAAa,EACbkB,MAAgB,KACyD;EACzE,MAAM,CAACf,QAAQ,EAAE,GAAGC,cAAc,CAAC,GAAGJ,KAAK,CAACK,KAAK,CAAC,GAAG,CAAC;EACtD,MAAM;IAAEK,KAAK;IAAEI;EAAY,CAAC,GAAGf,MAAM,CAACC,KAAK,EAAES,eAAQ,CAAC;;EAEtD;EACA,MAAMU,KAAK,GAAG,MAAMC,OAAO,CAACC,GAAG,CAC7BH,MAAM,CAACH,GAAG,CAAC,MAAOO,KAAK,IAAK;IAC1B,MAAMC,UAAU,GAAGT,WAAW,CAACU,IAAI,CACjCC,IAAA;MAAA,IAAC;QAAE/B,OAAO,EAAE,GAAGgC,IAAI;MAAE,CAAC,GAAAD,IAAA;MAAA,OAAKC,IAAI,KAAKJ,KAAK;IAAA,CAC3C,CAAC;;IAED;IACA,IAAI,CAACC,UAAU,EAAE;MACf,MAAM,IAAII,uCAA+B,CAACL,KAAK,CAAC;IAClD;IAEA,MAAMM,IAAI,GAAG,MAAM,IAAAC,gCAAc,EAACN,UAAU,CAAC9B,OAAO,CAAC;;IAErD;IACA;IACA,IAAIiB,KAAK,CAACG,OAAO,CAACiB,eAAe,CAACZ,MAAM,CAACa,GAAG,CAACC,QAAQ,CAACJ,IAAI,CAAC,EAAE;MAC3D,MAAMK,KAAK,GAAGvB,KAAK,CAACG,OAAO,CAACiB,eAAe,CAACZ,MAAM,CAACa,GAAG,CAACG,OAAO,CAACN,IAAI,CAAC;MACpE,OAAO;QAAEN,KAAK;QAAEa,IAAI,EAAG,8BAA6BF,KAAM;MAAG,CAAC;IAChE,CAAC,MAAM,IACLvB,KAAK,CAACG,OAAO,CAACiB,eAAe,CAACM,YAAY,CAACL,GAAG,CAACC,QAAQ,CAACJ,IAAI,CAAC,EAC7D;MACA,MAAMK,KAAK,GACTvB,KAAK,CAACG,OAAO,CAACiB,eAAe,CAACM,YAAY,CAACL,GAAG,CAACG,OAAO,CAACN,IAAI,CAAC;MAC9D,OAAO;QAAEN,KAAK;QAAEa,IAAI,EAAG,oCAAmCF,KAAM;MAAG,CAAC;IACtE;IAEA,MAAM,IAAII,6BAAqB,CAACf,KAAK,CAAC;EACxC,CAAC,CACH,CAAC;EAED,MAAMgB,mBAAmB,GAAGlC,cAAc,CAACmC,MAAM,CAAEC,CAAC,IAAK;IACvD,MAAM;MACJ9C,OAAO,EAAE,GAAGgC,IAAI;IAClB,CAAC,GAAGlC,gBAAgB,CAACgD,CAAC,CAAC;IACvB,OAAOtB,MAAM,CAACc,QAAQ,CAACN,IAAI,CAAC;EAC9B,CAAC,CAAC;;EAEF;EACA,MAAMe,cAAc,GAAG,CAACtC,QAAQ,EAAE,GAAGmC,mBAAmB,CAAC,CAACI,IAAI,CAAC,GAAG,CAAC;EAEnE,OAAO;IAAE1C,KAAK,EAAEyC,cAAc;IAAEtB;EAAM,CAAC;AACzC,CAAC;;AAED;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AAfAH,OAAA,CAAAC,QAAA,GAAAA,QAAA;AAgBO,MAAM0B,MAAM,GAAG,MAAAA,CACpB3C,KAAa,EACb4C,SAAsB,EACtB3C,YAAgB,KAC8C;EAC9D;EACA,MAAM,CAACE,QAAQ,GAAG,EAAE,CAAC,GAAGH,KAAK,CAACK,KAAK,CAAC,GAAG,CAAC;EACxC,MAAMX,OAAO,GAAGK,MAAM,CAACC,KAAK,EAAEC,YAAY,CAAC;;EAE3C;EACA,MAAM,IAAA4C,wBAAS,EAAC1C,QAAQ,EAAEyC,SAAS,CAAC;;EAEpC;EACA,MAAM1B,MAAM,GAAG,CACb,GAAGxB,OAAO,CAACgB,KAAK,CAACG,OAAO,CAACiB,eAAe,CAACM,YAAY,CAACL,GAAG,EACzD,GAAGrC,OAAO,CAACgB,KAAK,CAACG,OAAO,CAACiB,eAAe,CAACZ,MAAM,CAACa,GAAG,CACpD;EAED,MAAMX,OAAO,CAACC,GAAG,CACf3B,OAAO,CAACoB,WAAW,CAACC,GAAG,CACrB,MAAOQ,UAAU,IAAK,MAAM,IAAAuB,0BAAgB,EAACvB,UAAU,EAAEL,MAAM,CACjE,CACF,CAAC;EAED,OAAO;IACLR,KAAK,EAAEhB,OAAO,CAACgB,KAAK;IACpBI,WAAW,EAAEpB,OAAO,CAACoB,WAAW,CAACC,GAAG,CAAEyB,CAAC,IAAKA,CAAC,CAAC9C,OAAO;EACvD,CAAC;AACH,CAAC;AAACsB,OAAA,CAAA2B,MAAA,GAAAA,MAAA"}
|
|
@@ -27,7 +27,7 @@ const Disclosure = _zod.z.tuple([/* salt */_zod.z.string(), /* claim name */_zod
|
|
|
27
27
|
* For such reason, we may find conveninent to have encoded and decode values stored explicitly in the same structure.
|
|
28
28
|
* Please note that `encoded` can always decode into `decode`, but `decode` may or may not be encoded with the same value of `encoded`
|
|
29
29
|
*
|
|
30
|
-
* @see https://www.ietf.org/id/draft-ietf-oauth-selective-disclosure-jwt-05.html#name-disclosures-for-object-prop
|
|
30
|
+
* @see https://www.ietf.org/archive/id/draft-ietf-oauth-selective-disclosure-jwt-05.html#name-disclosures-for-object-prop
|
|
31
31
|
*/
|
|
32
32
|
exports.Disclosure = Disclosure;
|
|
33
33
|
const SdJwt4VC = _zod.z.object({
|
|
@@ -81,6 +81,10 @@ const EntityConfigurationHeader = z.object({
|
|
|
81
81
|
alg: z.string(),
|
|
82
82
|
kid: z.string()
|
|
83
83
|
});
|
|
84
|
+
|
|
85
|
+
/**
|
|
86
|
+
* @see https://openid.net/specs/openid-connect-federation-1_0-29.html#name-federation-entity
|
|
87
|
+
*/
|
|
84
88
|
exports.EntityConfigurationHeader = EntityConfigurationHeader;
|
|
85
89
|
const FederationEntityMetadata = z.object({
|
|
86
90
|
federation_fetch_endpoint: z.string().optional(),
|
|
@@ -88,6 +92,7 @@ const FederationEntityMetadata = z.object({
|
|
|
88
92
|
federation_resolve_endpoint: z.string().optional(),
|
|
89
93
|
federation_trust_mark_status_endpoint: z.string().optional(),
|
|
90
94
|
federation_trust_mark_list_endpoint: z.string().optional(),
|
|
95
|
+
organization_name: z.string().optional(),
|
|
91
96
|
homepage_uri: z.string().optional(),
|
|
92
97
|
policy_uri: z.string().optional(),
|
|
93
98
|
logo_uri: z.string().optional(),
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"names":["_types","require","_jwk","z","_interopRequireWildcard","_getRequireWildcardCache","nodeInterop","WeakMap","cacheBabelInterop","cacheNodeInterop","obj","__esModule","default","cache","has","get","newObj","hasPropertyDescriptor","Object","defineProperty","getOwnPropertyDescriptor","key","prototype","hasOwnProperty","call","desc","set","TrustMark","object","id","string","trust_mark","exports","RelyingPartyMetadata","application_type","optional","client_id","client_name","jwks","keys","array","JWK","contacts","CredentialDisplayMetadata","name","locale","logo","url","alt_text","background_color","text_color","CredentialDefinitionMetadata","type","credentialSubject","record","mandatory","boolean","display","SupportedCredentialMetadata","format","literal","cryptographic_binding_methods_supported","cryptographic_suites_supported","credential_definition","EntityStatement","header","typ","alg","kid","payload","iss","sub","trust_marks","iat","number","exp","EntityConfigurationHeader","FederationEntityMetadata","federation_fetch_endpoint","federation_list_endpoint","federation_resolve_endpoint","federation_trust_mark_status_endpoint","federation_trust_mark_list_endpoint","homepage_uri","policy_uri","logo_uri","passthrough","BaseEntityConfiguration","UnixTime","metadata","federation_entity","authority_hints","TrustAnchorEntityConfiguration","CredentialIssuerEntityConfiguration","and","openid_credential_issuer","credential_issuer","authorization_endpoint","token_endpoint","pushed_authorization_request_endpoint","dpop_signing_alg_values_supported","credential_endpoint","credentials_supported","wallet_relying_party","RelyingPartyEntityConfiguration","WalletProviderEntityConfiguration","wallet_provider","attested_security_context_values_supported","grant_types_supported","token_endpoint_auth_methods_supported","token_endpoint_auth_signing_alg_values_supported","EntityConfiguration","union","description"],"sourceRoot":"../../../src","sources":["trust/types.ts"],"mappings":";;;;;;AAAA,IAAAA,MAAA,GAAAC,OAAA;AACA,IAAAC,IAAA,GAAAD,OAAA;AACA,IAAAE,CAAA,GAAAC,uBAAA,CAAAH,OAAA;AAAyB,SAAAI,yBAAAC,WAAA,eAAAC,OAAA,kCAAAC,iBAAA,OAAAD,OAAA,QAAAE,gBAAA,OAAAF,OAAA,YAAAF,wBAAA,YAAAA,CAAAC,WAAA,WAAAA,WAAA,GAAAG,gBAAA,GAAAD,iBAAA,KAAAF,WAAA;AAAA,SAAAF,wBAAAM,GAAA,EAAAJ,WAAA,SAAAA,WAAA,IAAAI,GAAA,IAAAA,GAAA,CAAAC,UAAA,WAAAD,GAAA,QAAAA,GAAA,oBAAAA,GAAA,wBAAAA,GAAA,4BAAAE,OAAA,EAAAF,GAAA,UAAAG,KAAA,GAAAR,wBAAA,CAAAC,WAAA,OAAAO,KAAA,IAAAA,KAAA,CAAAC,GAAA,CAAAJ,GAAA,YAAAG,KAAA,CAAAE,GAAA,CAAAL,GAAA,SAAAM,MAAA,WAAAC,qBAAA,GAAAC,MAAA,CAAAC,cAAA,IAAAD,MAAA,CAAAE,wBAAA,WAAAC,GAAA,IAAAX,GAAA,QAAAW,GAAA,kBAAAH,MAAA,CAAAI,SAAA,CAAAC,cAAA,CAAAC,IAAA,CAAAd,GAAA,EAAAW,GAAA,SAAAI,IAAA,GAAAR,qBAAA,GAAAC,MAAA,CAAAE,wBAAA,CAAAV,GAAA,EAAAW,GAAA,cAAAI,IAAA,KAAAA,IAAA,CAAAV,GAAA,IAAAU,IAAA,CAAAC,GAAA,KAAAR,MAAA,CAAAC,cAAA,CAAAH,MAAA,EAAAK,GAAA,EAAAI,IAAA,YAAAT,MAAA,CAAAK,GAAA,IAAAX,GAAA,CAAAW,GAAA,SAAAL,MAAA,CAAAJ,OAAA,GAAAF,GAAA,MAAAG,KAAA,IAAAA,KAAA,CAAAa,GAAA,CAAAhB,GAAA,EAAAM,MAAA,YAAAA,MAAA;AAElB,MAAMW,SAAS,GAAGxB,CAAC,CAACyB,MAAM,CAAC;EAAEC,EAAE,EAAE1B,CAAC,CAAC2B,MAAM,CAAC,CAAC;EAAEC,UAAU,EAAE5B,CAAC,CAAC2B,MAAM,CAAC;AAAE,CAAC,CAAC;AAACE,OAAA,CAAAL,SAAA,GAAAA,SAAA;AAG9E,MAAMM,oBAAoB,GAAG9B,CAAC,CAACyB,MAAM,CAAC;EACpCM,gBAAgB,EAAE/B,CAAC,CAAC2B,MAAM,CAAC,CAAC,CAACK,QAAQ,CAAC,CAAC;EACvCC,SAAS,EAAEjC,CAAC,CAAC2B,MAAM,CAAC,CAAC,CAACK,QAAQ,CAAC,CAAC;EAChCE,WAAW,EAAElC,CAAC,CAAC2B,MAAM,CAAC,CAAC,CAACK,QAAQ,CAAC,CAAC;EAClCG,IAAI,EAAEnC,CAAC,CAACyB,MAAM,CAAC;IAAEW,IAAI,EAAEpC,CAAC,CAACqC,KAAK,CAACC,QAAG;EAAE,CAAC,CAAC;EACtCC,QAAQ,EAAEvC,CAAC,CAACqC,KAAK,CAACrC,CAAC,CAAC2B,MAAM,CAAC,CAAC,CAAC,CAACK,QAAQ,CAAC;AACzC,CAAC,CAAC;AACF;;AAEA;AACA;AAEA,MAAMQ,yBAAyB,GAAGxC,CAAC,CAACyB,MAAM,CAAC;EACzCgB,IAAI,EAAEzC,CAAC,CAAC2B,MAAM,CAAC,CAAC;EAChBe,MAAM,EAAE1C,CAAC,CAAC2B,MAAM,CAAC,CAAC;EAClBgB,IAAI,EAAE3C,CAAC,CAACyB,MAAM,CAAC;IACbmB,GAAG,EAAE5C,CAAC,CAAC2B,MAAM,CAAC,CAAC;IACfkB,QAAQ,EAAE7C,CAAC,CAAC2B,MAAM,CAAC;EACrB,CAAC,CAAC;EACFmB,gBAAgB,EAAE9C,CAAC,CAAC2B,MAAM,CAAC,CAAC;EAC5BoB,UAAU,EAAE/C,CAAC,CAAC2B,MAAM,CAAC;AACvB,CAAC,CAAC;AAKF,MAAMqB,4BAA4B,GAAGhD,CAAC,CAACyB,MAAM,CAAC;EAC5CwB,IAAI,EAAEjD,CAAC,CAACqC,KAAK,CAACrC,CAAC,CAAC2B,MAAM,CAAC,CAAC,CAAC;EACzBuB,iBAAiB,EAAElD,CAAC,CAACmD,MAAM,CACzBnD,CAAC,CAACyB,MAAM,CAAC;IACP2B,SAAS,EAAEpD,CAAC,CAACqD,OAAO,CAAC,CAAC;IACtBC,OAAO,EAAEtD,CAAC,CAACqC,KAAK,CAACrC,CAAC,CAACyB,MAAM,CAAC;MAAEgB,IAAI,EAAEzC,CAAC,CAAC2B,MAAM,CAAC,CAAC;MAAEe,MAAM,EAAE1C,CAAC,CAAC2B,MAAM,CAAC;IAAE,CAAC,CAAC;EACrE,CAAC,CACH;AACF,CAAC,CAAC;;AAEF;;AAEA,MAAM4B,2BAA2B,GAAGvD,CAAC,CAACyB,MAAM,CAAC;EAC3CC,EAAE,EAAE1B,CAAC,CAAC2B,MAAM,CAAC,CAAC;EACd6B,MAAM,EAAExD,CAAC,CAACyD,OAAO,CAAC,WAAW,CAAC;EAC9BC,uCAAuC,EAAE1D,CAAC,CAACqC,KAAK,CAACrC,CAAC,CAAC2B,MAAM,CAAC,CAAC,CAAC;EAC5DgC,8BAA8B,EAAE3D,CAAC,CAACqC,KAAK,CAACrC,CAAC,CAAC2B,MAAM,CAAC,CAAC,CAAC;EACnD2B,OAAO,EAAEtD,CAAC,CAACqC,KAAK,CAACG,yBAAyB,CAAC;EAC3CoB,qBAAqB,EAAEZ;AACzB,CAAC,CAAC;AAGK,MAAMa,eAAe,GAAG7D,CAAC,CAACyB,MAAM,CAAC;EACtCqC,MAAM,EAAE9D,CAAC,CAACyB,MAAM,CAAC;IACfsC,GAAG,EAAE/D,CAAC,CAACyD,OAAO,CAAC,sBAAsB,CAAC;IACtCO,GAAG,EAAEhE,CAAC,CAAC2B,MAAM,CAAC,CAAC;IACfsC,GAAG,EAAEjE,CAAC,CAAC2B,MAAM,CAAC;EAChB,CAAC,CAAC;EACFuC,OAAO,EAAElE,CAAC,CAACyB,MAAM,CAAC;IAChB0C,GAAG,EAAEnE,CAAC,CAAC2B,MAAM,CAAC,CAAC;IACfyC,GAAG,EAAEpE,CAAC,CAAC2B,MAAM,CAAC,CAAC;IACfQ,IAAI,EAAEnC,CAAC,CAACyB,MAAM,CAAC;MAAEW,IAAI,EAAEpC,CAAC,CAACqC,KAAK,CAACC,QAAG;IAAE,CAAC,CAAC;IACtC+B,WAAW,EAAErE,CAAC,CAACqC,KAAK,CAACb,SAAS,CAAC;IAC/B8C,GAAG,EAAEtE,CAAC,CAACuE,MAAM,CAAC,CAAC;IACfC,GAAG,EAAExE,CAAC,CAACuE,MAAM,CAAC;EAChB,CAAC;AACH,CAAC,CAAC;AAAC1C,OAAA,CAAAgC,eAAA,GAAAA,eAAA;AAKI,MAAMY,yBAAyB,GAAGzE,CAAC,CAACyB,MAAM,CAAC;EAChDsC,GAAG,EAAE/D,CAAC,CAACyD,OAAO,CAAC,sBAAsB,CAAC;EACtCO,GAAG,EAAEhE,CAAC,CAAC2B,MAAM,CAAC,CAAC;EACfsC,GAAG,EAAEjE,CAAC,CAAC2B,MAAM,CAAC;AAChB,CAAC,CAAC;
|
|
1
|
+
{"version":3,"names":["_types","require","_jwk","z","_interopRequireWildcard","_getRequireWildcardCache","nodeInterop","WeakMap","cacheBabelInterop","cacheNodeInterop","obj","__esModule","default","cache","has","get","newObj","hasPropertyDescriptor","Object","defineProperty","getOwnPropertyDescriptor","key","prototype","hasOwnProperty","call","desc","set","TrustMark","object","id","string","trust_mark","exports","RelyingPartyMetadata","application_type","optional","client_id","client_name","jwks","keys","array","JWK","contacts","CredentialDisplayMetadata","name","locale","logo","url","alt_text","background_color","text_color","CredentialDefinitionMetadata","type","credentialSubject","record","mandatory","boolean","display","SupportedCredentialMetadata","format","literal","cryptographic_binding_methods_supported","cryptographic_suites_supported","credential_definition","EntityStatement","header","typ","alg","kid","payload","iss","sub","trust_marks","iat","number","exp","EntityConfigurationHeader","FederationEntityMetadata","federation_fetch_endpoint","federation_list_endpoint","federation_resolve_endpoint","federation_trust_mark_status_endpoint","federation_trust_mark_list_endpoint","organization_name","homepage_uri","policy_uri","logo_uri","passthrough","BaseEntityConfiguration","UnixTime","metadata","federation_entity","authority_hints","TrustAnchorEntityConfiguration","CredentialIssuerEntityConfiguration","and","openid_credential_issuer","credential_issuer","authorization_endpoint","token_endpoint","pushed_authorization_request_endpoint","dpop_signing_alg_values_supported","credential_endpoint","credentials_supported","wallet_relying_party","RelyingPartyEntityConfiguration","WalletProviderEntityConfiguration","wallet_provider","attested_security_context_values_supported","grant_types_supported","token_endpoint_auth_methods_supported","token_endpoint_auth_signing_alg_values_supported","EntityConfiguration","union","description"],"sourceRoot":"../../../src","sources":["trust/types.ts"],"mappings":";;;;;;AAAA,IAAAA,MAAA,GAAAC,OAAA;AACA,IAAAC,IAAA,GAAAD,OAAA;AACA,IAAAE,CAAA,GAAAC,uBAAA,CAAAH,OAAA;AAAyB,SAAAI,yBAAAC,WAAA,eAAAC,OAAA,kCAAAC,iBAAA,OAAAD,OAAA,QAAAE,gBAAA,OAAAF,OAAA,YAAAF,wBAAA,YAAAA,CAAAC,WAAA,WAAAA,WAAA,GAAAG,gBAAA,GAAAD,iBAAA,KAAAF,WAAA;AAAA,SAAAF,wBAAAM,GAAA,EAAAJ,WAAA,SAAAA,WAAA,IAAAI,GAAA,IAAAA,GAAA,CAAAC,UAAA,WAAAD,GAAA,QAAAA,GAAA,oBAAAA,GAAA,wBAAAA,GAAA,4BAAAE,OAAA,EAAAF,GAAA,UAAAG,KAAA,GAAAR,wBAAA,CAAAC,WAAA,OAAAO,KAAA,IAAAA,KAAA,CAAAC,GAAA,CAAAJ,GAAA,YAAAG,KAAA,CAAAE,GAAA,CAAAL,GAAA,SAAAM,MAAA,WAAAC,qBAAA,GAAAC,MAAA,CAAAC,cAAA,IAAAD,MAAA,CAAAE,wBAAA,WAAAC,GAAA,IAAAX,GAAA,QAAAW,GAAA,kBAAAH,MAAA,CAAAI,SAAA,CAAAC,cAAA,CAAAC,IAAA,CAAAd,GAAA,EAAAW,GAAA,SAAAI,IAAA,GAAAR,qBAAA,GAAAC,MAAA,CAAAE,wBAAA,CAAAV,GAAA,EAAAW,GAAA,cAAAI,IAAA,KAAAA,IAAA,CAAAV,GAAA,IAAAU,IAAA,CAAAC,GAAA,KAAAR,MAAA,CAAAC,cAAA,CAAAH,MAAA,EAAAK,GAAA,EAAAI,IAAA,YAAAT,MAAA,CAAAK,GAAA,IAAAX,GAAA,CAAAW,GAAA,SAAAL,MAAA,CAAAJ,OAAA,GAAAF,GAAA,MAAAG,KAAA,IAAAA,KAAA,CAAAa,GAAA,CAAAhB,GAAA,EAAAM,MAAA,YAAAA,MAAA;AAElB,MAAMW,SAAS,GAAGxB,CAAC,CAACyB,MAAM,CAAC;EAAEC,EAAE,EAAE1B,CAAC,CAAC2B,MAAM,CAAC,CAAC;EAAEC,UAAU,EAAE5B,CAAC,CAAC2B,MAAM,CAAC;AAAE,CAAC,CAAC;AAACE,OAAA,CAAAL,SAAA,GAAAA,SAAA;AAG9E,MAAMM,oBAAoB,GAAG9B,CAAC,CAACyB,MAAM,CAAC;EACpCM,gBAAgB,EAAE/B,CAAC,CAAC2B,MAAM,CAAC,CAAC,CAACK,QAAQ,CAAC,CAAC;EACvCC,SAAS,EAAEjC,CAAC,CAAC2B,MAAM,CAAC,CAAC,CAACK,QAAQ,CAAC,CAAC;EAChCE,WAAW,EAAElC,CAAC,CAAC2B,MAAM,CAAC,CAAC,CAACK,QAAQ,CAAC,CAAC;EAClCG,IAAI,EAAEnC,CAAC,CAACyB,MAAM,CAAC;IAAEW,IAAI,EAAEpC,CAAC,CAACqC,KAAK,CAACC,QAAG;EAAE,CAAC,CAAC;EACtCC,QAAQ,EAAEvC,CAAC,CAACqC,KAAK,CAACrC,CAAC,CAAC2B,MAAM,CAAC,CAAC,CAAC,CAACK,QAAQ,CAAC;AACzC,CAAC,CAAC;AACF;;AAEA;AACA;AAEA,MAAMQ,yBAAyB,GAAGxC,CAAC,CAACyB,MAAM,CAAC;EACzCgB,IAAI,EAAEzC,CAAC,CAAC2B,MAAM,CAAC,CAAC;EAChBe,MAAM,EAAE1C,CAAC,CAAC2B,MAAM,CAAC,CAAC;EAClBgB,IAAI,EAAE3C,CAAC,CAACyB,MAAM,CAAC;IACbmB,GAAG,EAAE5C,CAAC,CAAC2B,MAAM,CAAC,CAAC;IACfkB,QAAQ,EAAE7C,CAAC,CAAC2B,MAAM,CAAC;EACrB,CAAC,CAAC;EACFmB,gBAAgB,EAAE9C,CAAC,CAAC2B,MAAM,CAAC,CAAC;EAC5BoB,UAAU,EAAE/C,CAAC,CAAC2B,MAAM,CAAC;AACvB,CAAC,CAAC;AAKF,MAAMqB,4BAA4B,GAAGhD,CAAC,CAACyB,MAAM,CAAC;EAC5CwB,IAAI,EAAEjD,CAAC,CAACqC,KAAK,CAACrC,CAAC,CAAC2B,MAAM,CAAC,CAAC,CAAC;EACzBuB,iBAAiB,EAAElD,CAAC,CAACmD,MAAM,CACzBnD,CAAC,CAACyB,MAAM,CAAC;IACP2B,SAAS,EAAEpD,CAAC,CAACqD,OAAO,CAAC,CAAC;IACtBC,OAAO,EAAEtD,CAAC,CAACqC,KAAK,CAACrC,CAAC,CAACyB,MAAM,CAAC;MAAEgB,IAAI,EAAEzC,CAAC,CAAC2B,MAAM,CAAC,CAAC;MAAEe,MAAM,EAAE1C,CAAC,CAAC2B,MAAM,CAAC;IAAE,CAAC,CAAC;EACrE,CAAC,CACH;AACF,CAAC,CAAC;;AAEF;;AAEA,MAAM4B,2BAA2B,GAAGvD,CAAC,CAACyB,MAAM,CAAC;EAC3CC,EAAE,EAAE1B,CAAC,CAAC2B,MAAM,CAAC,CAAC;EACd6B,MAAM,EAAExD,CAAC,CAACyD,OAAO,CAAC,WAAW,CAAC;EAC9BC,uCAAuC,EAAE1D,CAAC,CAACqC,KAAK,CAACrC,CAAC,CAAC2B,MAAM,CAAC,CAAC,CAAC;EAC5DgC,8BAA8B,EAAE3D,CAAC,CAACqC,KAAK,CAACrC,CAAC,CAAC2B,MAAM,CAAC,CAAC,CAAC;EACnD2B,OAAO,EAAEtD,CAAC,CAACqC,KAAK,CAACG,yBAAyB,CAAC;EAC3CoB,qBAAqB,EAAEZ;AACzB,CAAC,CAAC;AAGK,MAAMa,eAAe,GAAG7D,CAAC,CAACyB,MAAM,CAAC;EACtCqC,MAAM,EAAE9D,CAAC,CAACyB,MAAM,CAAC;IACfsC,GAAG,EAAE/D,CAAC,CAACyD,OAAO,CAAC,sBAAsB,CAAC;IACtCO,GAAG,EAAEhE,CAAC,CAAC2B,MAAM,CAAC,CAAC;IACfsC,GAAG,EAAEjE,CAAC,CAAC2B,MAAM,CAAC;EAChB,CAAC,CAAC;EACFuC,OAAO,EAAElE,CAAC,CAACyB,MAAM,CAAC;IAChB0C,GAAG,EAAEnE,CAAC,CAAC2B,MAAM,CAAC,CAAC;IACfyC,GAAG,EAAEpE,CAAC,CAAC2B,MAAM,CAAC,CAAC;IACfQ,IAAI,EAAEnC,CAAC,CAACyB,MAAM,CAAC;MAAEW,IAAI,EAAEpC,CAAC,CAACqC,KAAK,CAACC,QAAG;IAAE,CAAC,CAAC;IACtC+B,WAAW,EAAErE,CAAC,CAACqC,KAAK,CAACb,SAAS,CAAC;IAC/B8C,GAAG,EAAEtE,CAAC,CAACuE,MAAM,CAAC,CAAC;IACfC,GAAG,EAAExE,CAAC,CAACuE,MAAM,CAAC;EAChB,CAAC;AACH,CAAC,CAAC;AAAC1C,OAAA,CAAAgC,eAAA,GAAAA,eAAA;AAKI,MAAMY,yBAAyB,GAAGzE,CAAC,CAACyB,MAAM,CAAC;EAChDsC,GAAG,EAAE/D,CAAC,CAACyD,OAAO,CAAC,sBAAsB,CAAC;EACtCO,GAAG,EAAEhE,CAAC,CAAC2B,MAAM,CAAC,CAAC;EACfsC,GAAG,EAAEjE,CAAC,CAAC2B,MAAM,CAAC;AAChB,CAAC,CAAC;;AAEF;AACA;AACA;AAFAE,OAAA,CAAA4C,yBAAA,GAAAA,yBAAA;AAGA,MAAMC,wBAAwB,GAAG1E,CAAC,CAC/ByB,MAAM,CAAC;EACNkD,yBAAyB,EAAE3E,CAAC,CAAC2B,MAAM,CAAC,CAAC,CAACK,QAAQ,CAAC,CAAC;EAChD4C,wBAAwB,EAAE5E,CAAC,CAAC2B,MAAM,CAAC,CAAC,CAACK,QAAQ,CAAC,CAAC;EAC/C6C,2BAA2B,EAAE7E,CAAC,CAAC2B,MAAM,CAAC,CAAC,CAACK,QAAQ,CAAC,CAAC;EAClD8C,qCAAqC,EAAE9E,CAAC,CAAC2B,MAAM,CAAC,CAAC,CAACK,QAAQ,CAAC,CAAC;EAC5D+C,mCAAmC,EAAE/E,CAAC,CAAC2B,MAAM,CAAC,CAAC,CAACK,QAAQ,CAAC,CAAC;EAC1DgD,iBAAiB,EAAEhF,CAAC,CAAC2B,MAAM,CAAC,CAAC,CAACK,QAAQ,CAAC,CAAC;EACxCiD,YAAY,EAAEjF,CAAC,CAAC2B,MAAM,CAAC,CAAC,CAACK,QAAQ,CAAC,CAAC;EACnCkD,UAAU,EAAElF,CAAC,CAAC2B,MAAM,CAAC,CAAC,CAACK,QAAQ,CAAC,CAAC;EACjCmD,QAAQ,EAAEnF,CAAC,CAAC2B,MAAM,CAAC,CAAC,CAACK,QAAQ,CAAC,CAAC;EAC/BO,QAAQ,EAAEvC,CAAC,CAACqC,KAAK,CAACrC,CAAC,CAAC2B,MAAM,CAAC,CAAC,CAAC,CAACK,QAAQ,CAAC;AACzC,CAAC,CAAC,CACDoD,WAAW,CAAC,CAAC;;AAEhB;AACA,MAAMC,uBAAuB,GAAGrF,CAAC,CAACyB,MAAM,CAAC;EACvCqC,MAAM,EAAEW,yBAAyB;EACjCP,OAAO,EAAElE,CAAC,CACPyB,MAAM,CAAC;IACN+C,GAAG,EAAEc,eAAQ;IACbhB,GAAG,EAAEgB,eAAQ;IACbnB,GAAG,EAAEnE,CAAC,CAAC2B,MAAM,CAAC,CAAC;IACfyC,GAAG,EAAEpE,CAAC,CAAC2B,MAAM,CAAC,CAAC;IACfQ,IAAI,EAAEnC,CAAC,CAACyB,MAAM,CAAC;MACbW,IAAI,EAAEpC,CAAC,CAACqC,KAAK,CAACC,QAAG;IACnB,CAAC,CAAC;IACFiD,QAAQ,EAAEvF,CAAC,CACRyB,MAAM,CAAC;MACN+D,iBAAiB,EAAEd;IACrB,CAAC,CAAC,CACDU,WAAW,CAAC,CAAC;IAChBK,eAAe,EAAEzF,CAAC,CAACqC,KAAK,CAACrC,CAAC,CAAC2B,MAAM,CAAC,CAAC,CAAC,CAACK,QAAQ,CAAC;EAChD,CAAC,CAAC,CACDoD,WAAW,CAAC;AACjB,CAAC,CAAC;;AAEF;;AAIO,MAAMM,8BAA8B,GAAGL,uBAAuB;;AAErE;AAAAxD,OAAA,CAAA6D,8BAAA,GAAAA,8BAAA;AAIO,MAAMC,mCAAmC,GAAGN,uBAAuB,CAACO,GAAG,CAC5E5F,CAAC,CAACyB,MAAM,CAAC;EACPyC,OAAO,EAAElE,CAAC,CAACyB,MAAM,CAAC;IAChBU,IAAI,EAAEnC,CAAC,CAACyB,MAAM,CAAC;MAAEW,IAAI,EAAEpC,CAAC,CAACqC,KAAK,CAACC,QAAG;IAAE,CAAC,CAAC;IACtCiD,QAAQ,EAAEvF,CAAC,CAACyB,MAAM,CAAC;MACjBoE,wBAAwB,EAAE7F,CAAC,CAACyB,MAAM,CAAC;QACjCqE,iBAAiB,EAAE9F,CAAC,CAAC2B,MAAM,CAAC,CAAC;QAC7BoE,sBAAsB,EAAE/F,CAAC,CAAC2B,MAAM,CAAC,CAAC;QAClCqE,cAAc,EAAEhG,CAAC,CAAC2B,MAAM,CAAC,CAAC;QAC1BsE,qCAAqC,EAAEjG,CAAC,CAAC2B,MAAM,CAAC,CAAC;QACjDuE,iCAAiC,EAAElG,CAAC,CAACqC,KAAK,CAACrC,CAAC,CAAC2B,MAAM,CAAC,CAAC,CAAC;QACtDwE,mBAAmB,EAAEnG,CAAC,CAAC2B,MAAM,CAAC,CAAC;QAC/ByE,qBAAqB,EAAEpG,CAAC,CAACqC,KAAK,CAACkB,2BAA2B,CAAC;QAC3DpB,IAAI,EAAEnC,CAAC,CAACyB,MAAM,CAAC;UAAEW,IAAI,EAAEpC,CAAC,CAACqC,KAAK,CAACC,QAAG;QAAE,CAAC;MACvC,CAAC,CAAC;MACF;AACR;AACA;MACQ+D,oBAAoB,EAAEvE,oBAAoB,CAACE,QAAQ,CAAC;IACtD,CAAC;EACH,CAAC;AACH,CAAC,CACH,CAAC;;AAED;AAAAH,OAAA,CAAA8D,mCAAA,GAAAA,mCAAA;AAIO,MAAMW,+BAA+B,GAAGjB,uBAAuB,CAACO,GAAG,CACxE5F,CAAC,CAACyB,MAAM,CAAC;EACPyC,OAAO,EAAElE,CAAC,CAACyB,MAAM,CAAC;IAChB8D,QAAQ,EAAEvF,CAAC,CAACyB,MAAM,CAAC;MACjB4E,oBAAoB,EAAEvE;IACxB,CAAC;EACH,CAAC;AACH,CAAC,CACH,CAAC;;AAED;AAAAD,OAAA,CAAAyE,+BAAA,GAAAA,+BAAA;AAIO,MAAMC,iCAAiC,GAAGlB,uBAAuB,CAACO,GAAG,CAC1E5F,CAAC,CAACyB,MAAM,CAAC;EACPyC,OAAO,EAAElE,CAAC,CAACyB,MAAM,CAAC;IAChB8D,QAAQ,EAAEvF,CAAC,CAACyB,MAAM,CAAC;MACjB+E,eAAe,EAAExG,CAAC,CACfyB,MAAM,CAAC;QACNuE,cAAc,EAAEhG,CAAC,CAAC2B,MAAM,CAAC,CAAC;QAC1B8E,0CAA0C,EAAEzG,CAAC,CAC1CqC,KAAK,CAACrC,CAAC,CAAC2B,MAAM,CAAC,CAAC,CAAC,CACjBK,QAAQ,CAAC,CAAC;QACb0E,qBAAqB,EAAE1G,CAAC,CAACqC,KAAK,CAACrC,CAAC,CAAC2B,MAAM,CAAC,CAAC,CAAC;QAC1CgF,qCAAqC,EAAE3G,CAAC,CAACqC,KAAK,CAACrC,CAAC,CAAC2B,MAAM,CAAC,CAAC,CAAC;QAC1DiF,gDAAgD,EAAE5G,CAAC,CAACqC,KAAK,CACvDrC,CAAC,CAAC2B,MAAM,CAAC,CACX,CAAC;QACDQ,IAAI,EAAEnC,CAAC,CAACyB,MAAM,CAAC;UAAEW,IAAI,EAAEpC,CAAC,CAACqC,KAAK,CAACC,QAAG;QAAE,CAAC;MACvC,CAAC,CAAC,CACD8C,WAAW,CAAC;IACjB,CAAC;EACH,CAAC;AACH,CAAC,CACH,CAAC;;AAED;AAAAvD,OAAA,CAAA0E,iCAAA,GAAAA,iCAAA;AAEO,MAAMM,mBAAmB,GAAG7G,CAAC,CAAC8G,KAAK,CACxC,CACEP,iCAAiC,EACjCZ,mCAAmC,EACnCD,8BAA8B,EAC9BY,+BAA+B,CAChC,EACD;EACES,WAAW,EAAE;AACf,CACF,CAAC;AAAClF,OAAA,CAAAgF,mBAAA,GAAAA,mBAAA"}
|