@pagopa/io-react-native-wallet 1.1.2 → 1.2.3

package/lib/commonjs/credential/presentation/01-start-flow.js

@@ -5,7 +5,6 @@ Object.defineProperty(exports, "__esModule", {
 });
 exports.startFlowFromQR = void 0;
 var z = _interopRequireWildcard(require("zod"));
-var _ioReactNativeJwt = require("@pagopa/io-react-native-jwt");
 var _errors = require("./errors");
 function _getRequireWildcardCache(nodeInterop) { if (typeof WeakMap !== "function") return null; var cacheBabelInterop = new WeakMap(); var cacheNodeInterop = new WeakMap(); return (_getRequireWildcardCache = function (nodeInterop) { return nodeInterop ? cacheNodeInterop : cacheBabelInterop; })(nodeInterop); }
 function _interopRequireWildcard(obj, nodeInterop) { if (!nodeInterop && obj && obj.__esModule) { return obj; } if (obj === null || typeof obj !== "object" && typeof obj !== "function") { return { default: obj }; } var cache = _getRequireWildcardCache(nodeInterop); if (cache && cache.has(obj)) { return cache.get(obj); } var newObj = {}; var hasPropertyDescriptor = Object.defineProperty && Object.getOwnPropertyDescriptor; for (var key in obj) { if (key !== "default" && Object.prototype.hasOwnProperty.call(obj, key)) { var desc = hasPropertyDescriptor ? Object.getOwnPropertyDescriptor(obj, key) : null; if (desc && (desc.get || desc.set)) { Object.defineProperty(newObj, key, desc); } else { newObj[key] = obj[key]; } } } newObj.default = obj; if (cache) { cache.set(obj, newObj); } return newObj; }
@@ -35,10 +34,13 @@ const QRCodePayload = z.object({
 const startFlowFromQR = qrcode => {
   let decodedUrl;
   try {
-    const decoded = (0, _ioReactNativeJwt.decodeBase64)(qrcode);
-    decodedUrl = new URL(decoded);
+    var _originalQrCode$;
+    // splitting qrcode to identify which is link format
+    const originalQrCode = qrcode.split("://");
+    const replacedQrcode = (_originalQrCode$ = originalQrCode[1]) !== null && _originalQrCode$ !== void 0 && _originalQrCode$.startsWith("?") ? qrcode.replace(`${originalQrCode[0]}://`, "https://wallet.example/") : qrcode;
+    decodedUrl = new URL(replacedQrcode);
   } catch (error) {
-    throw new _errors.AuthRequestDecodeError("Failed to decode QR code: ", qrcode);
+    throw new _errors.InvalidQRCodeError(`Failed to decode QR code:  ${qrcode}`);
   }
   const protocol = decodedUrl.protocol;
   const resource = decodedUrl.hostname;
@@ -53,7 +55,7 @@ const startFlowFromQR = qrcode => {
   if (result.success) {
     return result.data;
   } else {
-    throw new _errors.AuthRequestDecodeError(result.error.message, `${decodedUrl}`);
+    throw new _errors.InvalidQRCodeError(`${result.error.message}, ${decodedUrl}`);
   }
 };
 exports.startFlowFromQR = startFlowFromQR;

package/lib/commonjs/credential/presentation/01-start-flow.js.map

@@ -1 +1 @@
-{"version":3,"names":["z","_interopRequireWildcard","require","_ioReactNativeJwt","_errors","_getRequireWildcardCache","nodeInterop","WeakMap","cacheBabelInterop","cacheNodeInterop","obj","__esModule","default","cache","has","get","newObj","hasPropertyDescriptor","Object","defineProperty","getOwnPropertyDescriptor","key","prototype","hasOwnProperty","call","desc","set","QRCodePayload","object","protocol","string","resource","clientId","requestURI","startFlowFromQR","qrcode","decodedUrl","decoded","decodeBase64","URL","error","AuthRequestDecodeError","hostname","searchParams","result","safeParse","success","data","message","exports"],"sourceRoot":"../../../../src","sources":["credential/presentation/01-start-flow.ts"],"mappings":";;;;;;AAAA,IAAAA,CAAA,GAAAC,uBAAA,CAAAC,OAAA;AACA,IAAAC,iBAAA,GAAAD,OAAA;AACA,IAAAE,OAAA,GAAAF,OAAA;AAAkD,SAAAG,yBAAAC,WAAA,eAAAC,OAAA,kCAAAC,iBAAA,OAAAD,OAAA,QAAAE,gBAAA,OAAAF,OAAA,YAAAF,wBAAA,YAAAA,CAAAC,WAAA,WAAAA,WAAA,GAAAG,gBAAA,GAAAD,iBAAA,KAAAF,WAAA;AAAA,SAAAL,wBAAAS,GAAA,EAAAJ,WAAA,SAAAA,WAAA,IAAAI,GAAA,IAAAA,GAAA,CAAAC,UAAA,WAAAD,GAAA,QAAAA,GAAA,oBAAAA,GAAA,wBAAAA,GAAA,4BAAAE,OAAA,EAAAF,GAAA,UAAAG,KAAA,GAAAR,wBAAA,CAAAC,WAAA,OAAAO,KAAA,IAAAA,KAAA,CAAAC,GAAA,CAAAJ,GAAA,YAAAG,KAAA,CAAAE,GAAA,CAAAL,GAAA,SAAAM,MAAA,WAAAC,qBAAA,GAAAC,MAAA,CAAAC,cAAA,IAAAD,MAAA,CAAAE,wBAAA,WAAAC,GAAA,IAAAX,GAAA,QAAAW,GAAA,kBAAAH,MAAA,CAAAI,SAAA,CAAAC,cAAA,CAAAC,IAAA,CAAAd,GAAA,EAAAW,GAAA,SAAAI,IAAA,GAAAR,qBAAA,GAAAC,MAAA,CAAAE,wBAAA,CAAAV,GAAA,EAAAW,GAAA,cAAAI,IAAA,KAAAA,IAAA,CAAAV,GAAA,IAAAU,IAAA,CAAAC,GAAA,KAAAR,MAAA,CAAAC,cAAA,CAAAH,MAAA,EAAAK,GAAA,EAAAI,IAAA,YAAAT,MAAA,CAAAK,GAAA,IAAAX,GAAA,CAAAW,GAAA,SAAAL,MAAA,CAAAJ,OAAA,GAAAF,GAAA,MAAAG,KAAA,IAAAA,KAAA,CAAAa,GAAA,CAAAhB,GAAA,EAAAM,MAAA,YAAAA,MAAA;AAElD,MAAMW,aAAa,GAAG3B,CAAC,CAAC4B,MAAM,CAAC;EAC7BC,QAAQ,EAAE7B,CAAC,CAAC8B,MAAM,CAAC,CAAC;EACpBC,QAAQ,EAAE/B,CAAC,CAAC8B,MAAM,CAAC,CAAC;EAAE;EACtBE,QAAQ,EAAEhC,CAAC,CAAC8B,MAAM,CAAC,CAAC;EACpBG,UAAU,EAAEjC,CAAC,CAAC8B,MAAM,CAAC;AACvB,CAAC,CAAC;;AAEF;AACA;AACA;AACA;AACA;AACA;AACA;;AAMA;AACA;AACA;AACA;AACA;AACA;AACA;AACO,MAAMI,eAAoC,GAAIC,MAAM,IAAK;EAC9D,IAAIC,UAAe;EACnB,IAAI;IACF,MAAMC,OAAO,GAAG,IAAAC,8BAAY,EAACH,MAAM,CAAC;IACpCC,UAAU,GAAG,IAAIG,GAAG,CAACF,OAAO,CAAC;EAC/B,CAAC,CAAC,OAAOG,KAAK,EAAE;IACd,MAAM,IAAIC,8BAAsB,CAAC,4BAA4B,EAAEN,MAAM,CAAC;EACxE;EAEA,MAAMN,QAAQ,GAAGO,UAAU,CAACP,QAAQ;EACpC,MAAME,QAAQ,GAAGK,UAAU,CAACM,QAAQ;EACpC,MAAMT,UAAU,GAAGG,UAAU,CAACO,YAAY,CAAC5B,GAAG,CAAC,aAAa,CAAC;EAC7D,MAAMiB,QAAQ,GAAGI,UAAU,CAACO,YAAY,CAAC5B,GAAG,CAAC,WAAW,CAAC;EAEzD,MAAM6B,MAAM,GAAGjB,aAAa,CAACkB,SAAS,CAAC;IACrChB,QAAQ;IACRE,QAAQ;IACRE,UAAU;IACVD;EACF,CAAC,CAAC;EAEF,IAAIY,MAAM,CAACE,OAAO,EAAE;IAClB,OAAOF,MAAM,CAACG,IAAI;EACpB,CAAC,MAAM;IACL,MAAM,IAAIN,8BAAsB,CAACG,MAAM,CAACJ,KAAK,CAACQ,OAAO,EAAG,GAAEZ,UAAW,EAAC,CAAC;EACzE;AACF,CAAC;AAACa,OAAA,CAAAf,eAAA,GAAAA,eAAA"}
+{"version":3,"names":["z","_interopRequireWildcard","require","_errors","_getRequireWildcardCache","nodeInterop","WeakMap","cacheBabelInterop","cacheNodeInterop","obj","__esModule","default","cache","has","get","newObj","hasPropertyDescriptor","Object","defineProperty","getOwnPropertyDescriptor","key","prototype","hasOwnProperty","call","desc","set","QRCodePayload","object","protocol","string","resource","clientId","requestURI","startFlowFromQR","qrcode","decodedUrl","_originalQrCode$","originalQrCode","split","replacedQrcode","startsWith","replace","URL","error","InvalidQRCodeError","hostname","searchParams","result","safeParse","success","data","message","exports"],"sourceRoot":"../../../../src","sources":["credential/presentation/01-start-flow.ts"],"mappings":";;;;;;AAAA,IAAAA,CAAA,GAAAC,uBAAA,CAAAC,OAAA;AACA,IAAAC,OAAA,GAAAD,OAAA;AAA8C,SAAAE,yBAAAC,WAAA,eAAAC,OAAA,kCAAAC,iBAAA,OAAAD,OAAA,QAAAE,gBAAA,OAAAF,OAAA,YAAAF,wBAAA,YAAAA,CAAAC,WAAA,WAAAA,WAAA,GAAAG,gBAAA,GAAAD,iBAAA,KAAAF,WAAA;AAAA,SAAAJ,wBAAAQ,GAAA,EAAAJ,WAAA,SAAAA,WAAA,IAAAI,GAAA,IAAAA,GAAA,CAAAC,UAAA,WAAAD,GAAA,QAAAA,GAAA,oBAAAA,GAAA,wBAAAA,GAAA,4BAAAE,OAAA,EAAAF,GAAA,UAAAG,KAAA,GAAAR,wBAAA,CAAAC,WAAA,OAAAO,KAAA,IAAAA,KAAA,CAAAC,GAAA,CAAAJ,GAAA,YAAAG,KAAA,CAAAE,GAAA,CAAAL,GAAA,SAAAM,MAAA,WAAAC,qBAAA,GAAAC,MAAA,CAAAC,cAAA,IAAAD,MAAA,CAAAE,wBAAA,WAAAC,GAAA,IAAAX,GAAA,QAAAW,GAAA,kBAAAH,MAAA,CAAAI,SAAA,CAAAC,cAAA,CAAAC,IAAA,CAAAd,GAAA,EAAAW,GAAA,SAAAI,IAAA,GAAAR,qBAAA,GAAAC,MAAA,CAAAE,wBAAA,CAAAV,GAAA,EAAAW,GAAA,cAAAI,IAAA,KAAAA,IAAA,CAAAV,GAAA,IAAAU,IAAA,CAAAC,GAAA,KAAAR,MAAA,CAAAC,cAAA,CAAAH,MAAA,EAAAK,GAAA,EAAAI,IAAA,YAAAT,MAAA,CAAAK,GAAA,IAAAX,GAAA,CAAAW,GAAA,SAAAL,MAAA,CAAAJ,OAAA,GAAAF,GAAA,MAAAG,KAAA,IAAAA,KAAA,CAAAa,GAAA,CAAAhB,GAAA,EAAAM,MAAA,YAAAA,MAAA;AAE9C,MAAMW,aAAa,GAAG1B,CAAC,CAAC2B,MAAM,CAAC;EAC7BC,QAAQ,EAAE5B,CAAC,CAAC6B,MAAM,CAAC,CAAC;EACpBC,QAAQ,EAAE9B,CAAC,CAAC6B,MAAM,CAAC,CAAC;EAAE;EACtBE,QAAQ,EAAE/B,CAAC,CAAC6B,MAAM,CAAC,CAAC;EACpBG,UAAU,EAAEhC,CAAC,CAAC6B,MAAM,CAAC;AACvB,CAAC,CAAC;;AAEF;AACA;AACA;AACA;AACA;AACA;AACA;;AAMA;AACA;AACA;AACA;AACA;AACA;AACA;AACO,MAAMI,eAAoC,GAAIC,MAAM,IAAK;EAC9D,IAAIC,UAAe;EACnB,IAAI;IAAA,IAAAC,gBAAA;IACF;IACA,MAAMC,cAAc,GAAGH,MAAM,CAACI,KAAK,CAAC,KAAK,CAAC;IAC1C,MAAMC,cAAc,GAAG,CAAAH,gBAAA,GAAAC,cAAc,CAAC,CAAC,CAAC,cAAAD,gBAAA,eAAjBA,gBAAA,CAAmBI,UAAU,CAAC,GAAG,CAAC,GACrDN,MAAM,CAACO,OAAO,CAAE,GAAEJ,cAAc,CAAC,CAAC,CAAE,KAAI,EAAE,yBAAyB,CAAC,GACpEH,MAAM;IAEVC,UAAU,GAAG,IAAIO,GAAG,CAACH,cAAc,CAAC;EACtC,CAAC,CAAC,OAAOI,KAAK,EAAE;IACd,MAAM,IAAIC,0BAAkB,CAAE,8BAA6BV,MAAO,EAAC,CAAC;EACtE;EAEA,MAAMN,QAAQ,GAAGO,UAAU,CAACP,QAAQ;EACpC,MAAME,QAAQ,GAAGK,UAAU,CAACU,QAAQ;EACpC,MAAMb,UAAU,GAAGG,UAAU,CAACW,YAAY,CAAChC,GAAG,CAAC,aAAa,CAAC;EAC7D,MAAMiB,QAAQ,GAAGI,UAAU,CAACW,YAAY,CAAChC,GAAG,CAAC,WAAW,CAAC;EAEzD,MAAMiC,MAAM,GAAGrB,aAAa,CAACsB,SAAS,CAAC;IACrCpB,QAAQ;IACRE,QAAQ;IACRE,UAAU;IACVD;EACF,CAAC,CAAC;EAEF,IAAIgB,MAAM,CAACE,OAAO,EAAE;IAClB,OAAOF,MAAM,CAACG,IAAI;EACpB,CAAC,MAAM;IACL,MAAM,IAAIN,0BAAkB,CAAE,GAAEG,MAAM,CAACJ,KAAK,CAACQ,OAAQ,KAAIhB,UAAW,EAAC,CAAC;EACxE;AACF,CAAC;AAACiB,OAAA,CAAAnB,eAAA,GAAAA,eAAA"}

package/lib/commonjs/credential/presentation/03-get-request-object.js

@@ -0,0 +1,47 @@
+"use strict";
+
+Object.defineProperty(exports, "__esModule", {
+  value: true
+});
+exports.getRequestObject = void 0;
+var _reactNativeUuid = _interopRequireDefault(require("react-native-uuid"));
+var _ioReactNativeJwt = require("@pagopa/io-react-native-jwt");
+var _dpop = require("../../utils/dpop");
+var _misc = require("../../utils/misc");
+function _interopRequireDefault(obj) { return obj && obj.__esModule ? obj : { default: obj }; }
+/**
+ * Obtain the Request Object for RP authentication
+ * @see https://italia.github.io/eudi-wallet-it-docs/versione-corrente/en/relying-party-solution.html
+ *
+ * @param requestUri The url for the Relying Party to connect with
+ * @param rpConf The Relying Party's configuration
+ * @param context.wiaCryptoContext The context to access the key associated with the Wallet Instance Attestation
+ * @param context.walletInstanceAttestation The Wallet Instance Attestation token
+ * @param context.appFetch (optional) fetch api implementation. Default: built-in fetch
+ * @returns The Request Object that describes the presentation
+ */
+const getRequestObject = async (requestUri, _ref) => {
+  let {
+    wiaCryptoContext,
+    appFetch = fetch,
+    walletInstanceAttestation
+  } = _ref;
+  const signedWalletInstanceDPoP = await (0, _dpop.createDPopToken)({
+    jti: `${_reactNativeUuid.default.v4()}`,
+    htm: "GET",
+    htu: requestUri,
+    ath: await (0, _ioReactNativeJwt.sha256ToBase64)(walletInstanceAttestation)
+  }, wiaCryptoContext);
+  const requestObjectEncodedJwt = await appFetch(requestUri, {
+    method: "GET",
+    headers: {
+      Authorization: `DPoP ${walletInstanceAttestation}`,
+      DPoP: signedWalletInstanceDPoP
+    }
+  }).then((0, _misc.hasStatusOrThrow)(200)).then(res => res.text());
+  return {
+    requestObjectEncodedJwt
+  };
+};
+exports.getRequestObject = getRequestObject;
+//# sourceMappingURL=03-get-request-object.js.map

package/lib/commonjs/credential/presentation/03-get-request-object.js.map

@@ -0,0 +1 @@
+{"version":3,"names":["_reactNativeUuid","_interopRequireDefault","require","_ioReactNativeJwt","_dpop","_misc","obj","__esModule","default","getRequestObject","requestUri","_ref","wiaCryptoContext","appFetch","fetch","walletInstanceAttestation","signedWalletInstanceDPoP","createDPopToken","jti","uuid","v4","htm","htu","ath","sha256ToBase64","requestObjectEncodedJwt","method","headers","Authorization","DPoP","then","hasStatusOrThrow","res","text","exports"],"sourceRoot":"../../../../src","sources":["credential/presentation/03-get-request-object.ts"],"mappings":";;;;;;AAAA,IAAAA,gBAAA,GAAAC,sBAAA,CAAAC,OAAA;AACA,IAAAC,iBAAA,GAAAD,OAAA;AAKA,IAAAE,KAAA,GAAAF,OAAA;AACA,IAAAG,KAAA,GAAAH,OAAA;AAA8D,SAAAD,uBAAAK,GAAA,WAAAA,GAAA,IAAAA,GAAA,CAAAC,UAAA,GAAAD,GAAA,KAAAE,OAAA,EAAAF,GAAA;AAY9D;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACO,MAAMG,gBAAkC,GAAG,MAAAA,CAChDC,UAAU,EAAAC,IAAA,KAEP;EAAA,IADH;IAAEC,gBAAgB;IAAEC,QAAQ,GAAGC,KAAK;IAAEC;EAA0B,CAAC,GAAAJ,IAAA;EAEjE,MAAMK,wBAAwB,GAAG,MAAM,IAAAC,qBAAe,EACpD;IACEC,GAAG,EAAG,GAAEC,wBAAI,CAACC,EAAE,CAAC,CAAE,EAAC;IACnBC,GAAG,EAAE,KAAK;IACVC,GAAG,EAAEZ,UAAU;IACfa,GAAG,EAAE,MAAM,IAAAC,gCAAc,EAACT,yBAAyB;EACrD,CAAC,EACDH,gBACF,CAAC;EAED,MAAMa,uBAAuB,GAAG,MAAMZ,QAAQ,CAACH,UAAU,EAAE;IACzDgB,MAAM,EAAE,KAAK;IACbC,OAAO,EAAE;MACPC,aAAa,EAAG,QAAOb,yBAA0B,EAAC;MAClDc,IAAI,EAAEb;IACR;EACF,CAAC,CAAC,CACCc,IAAI,CAAC,IAAAC,sBAAgB,EAAC,GAAG,CAAC,CAAC,CAC3BD,IAAI,CAAEE,GAAG,IAAKA,GAAG,CAACC,IAAI,CAAC,CAAC,CAAC;EAE5B,OAAO;IACLR;EACF,CAAC;AACH,CAAC;AAACS,OAAA,CAAAzB,gBAAA,GAAAA,gBAAA"}

package/lib/commonjs/credential/presentation/04-retrieve-rp-jwks.js

@@ -0,0 +1,82 @@
+"use strict";
+
+Object.defineProperty(exports, "__esModule", {
+  value: true
+});
+exports.fetchJwksFromRequestObject = exports.fetchJwksFromConfig = void 0;
+var _jwk = require("../../utils/jwk");
+var _misc = require("../../utils/misc");
+var _ioReactNativeJwt = require("@pagopa/io-react-native-jwt");
+var _errors = require("./errors");
+/**
+ * Defines the signature for a function that retrieves JSON Web Key Sets (JWKS) from a client.
+ *
+ * @template T - The tuple type representing the function arguments.
+ * @param args - The arguments passed to the function.
+ * @returns A promise resolving to an object containing an array of JWKs.
+ */
+
+/**
+ * Retrieves the JSON Web Key Set (JWKS) from the specified client's well-known endpoint.
+ * It is formed using `{issUrl.base}/.well-known/jar-issuer${issUrl.pah}` as explained in SD-JWT VC issuer metadata section
+ *
+ * @param requestObjectEncodedJwt - Request Object in JWT format.
+ * @param options - Optional context containing a custom fetch implementation.
+ * @param options.context - Optional context object.
+ * @param options.context.appFetch - Optional custom fetch function to use instead of the global `fetch`.
+ * @returns A promise resolving to an object containing an array of JWKs.
+ * @throws Will throw an error if the JWKS retrieval fails.
+ */
+const fetchJwksFromRequestObject = async function (requestObjectEncodedJwt) {
+  var _requestObjectJwt$pro, _requestObjectJwt$pay;
+  let {
+    context = {}
+  } = arguments.length > 1 && arguments[1] !== undefined ? arguments[1] : {};
+  const {
+    appFetch = fetch
+  } = context;
+  const requestObjectJwt = (0, _ioReactNativeJwt.decode)(requestObjectEncodedJwt);
+
+  // 1. check if request object jwt contains the 'jwk' attribute
+  if ((_requestObjectJwt$pro = requestObjectJwt.protectedHeader) !== null && _requestObjectJwt$pro !== void 0 && _requestObjectJwt$pro.jwk) {
+    return {
+      keys: [_jwk.JWK.parse(requestObjectJwt.protectedHeader.jwk)]
+    };
+  }
+
+  // 2. According to Potential profile, retrieve from RP endpoint using iss claim
+  const issClaimValue = (_requestObjectJwt$pay = requestObjectJwt.payload) === null || _requestObjectJwt$pay === void 0 ? void 0 : _requestObjectJwt$pay.iss;
+  if (issClaimValue) {
+    const issUrl = new URL(issClaimValue);
+    const wellKnownUrl = new URL(`/.well-known/jar-issuer${issUrl.pathname}`, `${issUrl.protocol}//${issUrl.host}`).toString();
+
+    // Fetches the JWKS from a specific endpoint of the entity's well-known configuration
+    const jwks = await appFetch(wellKnownUrl, {
+      method: "GET"
+    }).then((0, _misc.hasStatusOrThrow)(200)).then(raw => raw.json()).then(json => _jwk.JWKS.parse(json.jwks));
+    return {
+      keys: jwks.keys
+    };
+  }
+  throw new _errors.NoSuitableKeysFoundInEntityConfiguration("Request Object signature verification");
+};
+
+/**
+ * Retrieves the JSON Web Key Set (JWKS) from a Relying Party's entity configuration.
+ *
+ * @param rpConfig - The configuration object of the Relying Party entity.
+ * @returns An object containing an array of JWKs.
+ * @throws Will throw an error if the configuration is invalid or if JWKS is not found.
+ */
+exports.fetchJwksFromRequestObject = fetchJwksFromRequestObject;
+const fetchJwksFromConfig = async rpConfig => {
+  const jwks = rpConfig.wallet_relying_party.jwks;
+  if (!jwks || !Array.isArray(jwks.keys)) {
+    throw new Error("JWKS not found in Relying Party configuration.");
+  }
+  return {
+    keys: jwks.keys
+  };
+};
+exports.fetchJwksFromConfig = fetchJwksFromConfig;
+//# sourceMappingURL=04-retrieve-rp-jwks.js.map

package/lib/commonjs/credential/presentation/04-retrieve-rp-jwks.js.map

@@ -0,0 +1 @@
+{"version":3,"names":["_jwk","require","_misc","_ioReactNativeJwt","_errors","fetchJwksFromRequestObject","requestObjectEncodedJwt","_requestObjectJwt$pro","_requestObjectJwt$pay","context","arguments","length","undefined","appFetch","fetch","requestObjectJwt","decodeJwt","protectedHeader","jwk","keys","JWK","parse","issClaimValue","payload","iss","issUrl","URL","wellKnownUrl","pathname","protocol","host","toString","jwks","method","then","hasStatusOrThrow","raw","json","JWKS","NoSuitableKeysFoundInEntityConfiguration","exports","fetchJwksFromConfig","rpConfig","wallet_relying_party","Array","isArray","Error"],"sourceRoot":"../../../../src","sources":["credential/presentation/04-retrieve-rp-jwks.ts"],"mappings":";;;;;;AAAA,IAAAA,IAAA,GAAAC,OAAA;AACA,IAAAC,KAAA,GAAAD,OAAA;AAEA,IAAAE,iBAAA,GAAAF,OAAA;AACA,IAAAG,OAAA,GAAAH,OAAA;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;;AAKA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACO,MAAMI,0BAEZ,GAAG,eAAAA,CAAOC,uBAAuB,EAA4B;EAAA,IAAAC,qBAAA,EAAAC,qBAAA;EAAA,IAA1B;IAAEC,OAAO,GAAG,CAAC;EAAE,CAAC,GAAAC,SAAA,CAAAC,MAAA,QAAAD,SAAA,QAAAE,SAAA,GAAAF,SAAA,MAAG,CAAC,CAAC;EACvD,MAAM;IAAEG,QAAQ,GAAGC;EAAM,CAAC,GAAGL,OAAO;EACpC,MAAMM,gBAAgB,GAAG,IAAAC,wBAAS,EAACV,uBAAuB,CAAC;;EAE3D;EACA,KAAAC,qBAAA,GAAIQ,gBAAgB,CAACE,eAAe,cAAAV,qBAAA,eAAhCA,qBAAA,CAAkCW,GAAG,EAAE;IACzC,OAAO;MACLC,IAAI,EAAE,CAACC,QAAG,CAACC,KAAK,CAACN,gBAAgB,CAACE,eAAe,CAACC,GAAG,CAAC;IACxD,CAAC;EACH;;EAEA;EACA,MAAMI,aAAa,IAAAd,qBAAA,GAAGO,gBAAgB,CAACQ,OAAO,cAAAf,qBAAA,uBAAxBA,qBAAA,CAA0BgB,GAAa;EAC7D,IAAIF,aAAa,EAAE;IACjB,MAAMG,MAAM,GAAG,IAAIC,GAAG,CAACJ,aAAa,CAAC;IACrC,MAAMK,YAAY,GAAG,IAAID,GAAG,CACzB,0BAAyBD,MAAM,CAACG,QAAS,EAAC,EAC1C,GAAEH,MAAM,CAACI,QAAS,KAAIJ,MAAM,CAACK,IAAK,EACrC,CAAC,CAACC,QAAQ,CAAC,CAAC;;IAEZ;IACA,MAAMC,IAAI,GAAG,MAAMnB,QAAQ,CAACc,YAAY,EAAE;MACxCM,MAAM,EAAE;IACV,CAAC,CAAC,CACCC,IAAI,CAAC,IAAAC,sBAAgB,EAAC,GAAG,CAAC,CAAC,CAC3BD,IAAI,CAAEE,GAAG,IAAKA,GAAG,CAACC,IAAI,CAAC,CAAC,CAAC,CACzBH,IAAI,CAAEG,IAAI,IAAKC,SAAI,CAACjB,KAAK,CAACgB,IAAI,CAACL,IAAI,CAAC,CAAC;IAExC,OAAO;MACLb,IAAI,EAAEa,IAAI,CAACb;IACb,CAAC;EACH;EAEA,MAAM,IAAIoB,gDAAwC,CAChD,uCACF,CAAC;AACH,CAAC;;AAED;AACA;AACA;AACA;AACA;AACA;AACA;AANAC,OAAA,CAAAnC,0BAAA,GAAAA,0BAAA;AAOO,MAAMoC,mBAEZ,GAAG,MAAOC,QAAQ,IAAK;EACtB,MAAMV,IAAI,GAAGU,QAAQ,CAACC,oBAAoB,CAACX,IAAI;EAE/C,IAAI,CAACA,IAAI,IAAI,CAACY,KAAK,CAACC,OAAO,CAACb,IAAI,CAACb,IAAI,CAAC,EAAE;IACtC,MAAM,IAAI2B,KAAK,CAAC,gDAAgD,CAAC;EACnE;EAEA,OAAO;IACL3B,IAAI,EAAEa,IAAI,CAACb;EACb,CAAC;AACH,CAAC;AAACqB,OAAA,CAAAC,mBAAA,GAAAA,mBAAA"}

package/lib/commonjs/credential/presentation/05-verify-request-object.js

@@ -0,0 +1,35 @@
+"use strict";
+
+Object.defineProperty(exports, "__esModule", {
+  value: true
+});
+exports.verifyRequestObjectSignature = void 0;
+var _errors = require("./errors");
+var _ioReactNativeJwt = require("@pagopa/io-react-native-jwt");
+var _types = require("./types");
+const verifyRequestObjectSignature = async (requestObjectEncodedJwt, jwkKeys) => {
+  const requestObjectJwt = (0, _ioReactNativeJwt.decode)(requestObjectEncodedJwt);
+
+  // verify token signature to ensure the request object is authentic
+  const pubKey = jwkKeys === null || jwkKeys === void 0 ? void 0 : jwkKeys.find(_ref => {
+    let {
+      kid
+    } = _ref;
+    return kid === requestObjectJwt.protectedHeader.kid;
+  });
+  if (!pubKey) {
+    throw new _errors.UnverifiedEntityError("Request Object signature verification!");
+  }
+  await (0, _ioReactNativeJwt.verify)(requestObjectEncodedJwt, pubKey);
+  const requestObject = _types.RequestObject.parse(requestObjectJwt.payload);
+  // Check if exp exists and is expired
+  // exp is typically in seconds since epoch, Get current time in seconds
+  if (requestObject.exp && requestObject.exp <= Date.now() / 1000) {
+    throw new _errors.UnverifiedEntityError("Request Object is expired!");
+  }
+  return {
+    requestObject
+  };
+};
+exports.verifyRequestObjectSignature = verifyRequestObjectSignature;
+//# sourceMappingURL=05-verify-request-object.js.map

package/lib/commonjs/credential/presentation/05-verify-request-object.js.map

@@ -0,0 +1 @@
+{"version":3,"names":["_errors","require","_ioReactNativeJwt","_types","verifyRequestObjectSignature","requestObjectEncodedJwt","jwkKeys","requestObjectJwt","decodeJwt","pubKey","find","_ref","kid","protectedHeader","UnverifiedEntityError","verify","requestObject","RequestObject","parse","payload","exp","Date","now","exports"],"sourceRoot":"../../../../src","sources":["credential/presentation/05-verify-request-object.ts"],"mappings":";;;;;;AAAA,IAAAA,OAAA,GAAAC,OAAA;AAEA,IAAAC,iBAAA,GAAAD,OAAA;AACA,IAAAE,MAAA,GAAAF,OAAA;AASO,MAAMG,4BAA0D,GACrE,MAAAA,CAAOC,uBAAuB,EAAEC,OAAO,KAAK;EAC1C,MAAMC,gBAAgB,GAAG,IAAAC,wBAAS,EAACH,uBAAuB,CAAC;;EAE3D;EACA,MAAMI,MAAM,GAAGH,OAAO,aAAPA,OAAO,uBAAPA,OAAO,CAAEI,IAAI,CAC1BC,IAAA;IAAA,IAAC;MAAEC;IAAI,CAAC,GAAAD,IAAA;IAAA,OAAKC,GAAG,KAAKL,gBAAgB,CAACM,eAAe,CAACD,GAAG;EAAA,CAC3D,CAAC;EAED,IAAI,CAACH,MAAM,EAAE;IACX,MAAM,IAAIK,6BAAqB,CAAC,wCAAwC,CAAC;EAC3E;EACA,MAAM,IAAAC,wBAAM,EAACV,uBAAuB,EAAEI,MAAM,CAAC;EAE7C,MAAMO,aAAa,GAAGC,oBAAa,CAACC,KAAK,CAACX,gBAAgB,CAACY,OAAO,CAAC;EACnE;EACA;EACA,IAAIH,aAAa,CAACI,GAAG,IAAIJ,aAAa,CAACI,GAAG,IAAIC,IAAI,CAACC,GAAG,CAAC,CAAC,GAAG,IAAI,EAAE;IAC/D,MAAM,IAAIR,6BAAqB,CAAC,4BAA4B,CAAC;EAC/D;EAEA,OAAO;IAAEE;EAAc,CAAC;AAC1B,CAAC;AAACO,OAAA,CAAAnB,4BAAA,GAAAA,4BAAA"}

package/lib/commonjs/credential/presentation/06-fetch-presentation-definition.js

@@ -0,0 +1,63 @@
+"use strict";
+
+Object.defineProperty(exports, "__esModule", {
+  value: true
+});
+exports.fetchPresentDefinition = void 0;
+var _types = require("./types");
+var _misc = require("../../utils/misc");
+/**
+ * Retrieves a PresentationDefinition based on the given parameters.
+ *
+ * The method attempts the following strategies in order:
+ * 1. Checks if `presentation_definition` is directly available in the request object.
+ * 2. Fetches the `presentation_definition` from the URI provided in the relying party configuration.
+ * 3. Uses a pre-configured `presentation_definition` from the relying party configuration if the `scope` is present in the request object.
+ *
+ * If none of the above conditions are met, the function throws an error indicating the definition could not be found.
+ *
+ * @param {RequestObject} requestObject - The request object containing the presentation definition or references to it.
+ * @param {RelyingPartyEntityConfiguration["payload"]["metadata"]} [rpConf] - Optional relying party configuration.
+ * @param {Object} [context] - Optional context for providing a custom fetch implementation.
+ * @param {GlobalFetch["fetch"]} [context.appFetch] - Custom fetch function, defaults to global `fetch`.
+ * @returns {Promise<{ presentationDefinition: PresentationDefinition }>} - Resolves with the presentation definition.
+ * @throws {Error} - Throws if the presentation definition cannot be found or fetched.
+ */
+const fetchPresentDefinition = async function (requestObject) {
+  var _rpConf$wallet_relyin, _rpConf$wallet_relyin2;
+  let {
+    appFetch = fetch
+  } = arguments.length > 1 && arguments[1] !== undefined ? arguments[1] : {};
+  let rpConf = arguments.length > 2 ? arguments[2] : undefined;
+  // Check if `presentation_definition` is directly available in the request object
+  if (requestObject.presentation_definition) {
+    return {
+      presentationDefinition: requestObject.presentation_definition
+    };
+  }
+
+  // Check if `presentation_definition_uri` is provided in the relying party configuration
+  if (rpConf !== null && rpConf !== void 0 && (_rpConf$wallet_relyin = rpConf.wallet_relying_party) !== null && _rpConf$wallet_relyin !== void 0 && _rpConf$wallet_relyin.presentation_definition_uri) {
+    try {
+      // Fetch the presentation definition from the provided URI
+      const presentationDefinition = await appFetch(rpConf === null || rpConf === void 0 ? void 0 : rpConf.wallet_relying_party.presentation_definition_uri, {
+        method: "GET"
+      }).then((0, _misc.hasStatusOrThrow)(200)).then(raw => raw.json()).then(json => _types.PresentationDefinition.parse(json));
+      return {
+        presentationDefinition
+      };
+    } catch (error) {
+      throw new Error(`Failed to fetch presentation definition: ${error}`);
+    }
+  }
+
+  // Check if `scope` is present in the request object and a pre-configured presentation definition exists
+  if (requestObject.scope && rpConf !== null && rpConf !== void 0 && (_rpConf$wallet_relyin2 = rpConf.wallet_relying_party) !== null && _rpConf$wallet_relyin2 !== void 0 && _rpConf$wallet_relyin2.presentation_definition) {
+    return {
+      presentationDefinition: rpConf.wallet_relying_party.presentation_definition
+    };
+  }
+  throw new Error("Presentation definition not found");
+};
+exports.fetchPresentDefinition = fetchPresentDefinition;
+//# sourceMappingURL=06-fetch-presentation-definition.js.map

package/lib/commonjs/credential/presentation/06-fetch-presentation-definition.js.map

@@ -0,0 +1 @@
+{"version":3,"names":["_types","require","_misc","fetchPresentDefinition","requestObject","_rpConf$wallet_relyin","_rpConf$wallet_relyin2","appFetch","fetch","arguments","length","undefined","rpConf","presentation_definition","presentationDefinition","wallet_relying_party","presentation_definition_uri","method","then","hasStatusOrThrow","raw","json","PresentationDefinition","parse","error","Error","scope","exports"],"sourceRoot":"../../../../src","sources":["credential/presentation/06-fetch-presentation-definition.ts"],"mappings":";;;;;;AAAA,IAAAA,MAAA,GAAAC,OAAA;AAEA,IAAAC,KAAA,GAAAD,OAAA;AAYA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACO,MAAME,sBAAmD,GAAG,eAAAA,CACjEC,aAAa,EAGV;EAAA,IAAAC,qBAAA,EAAAC,sBAAA;EAAA,IAFH;IAAEC,QAAQ,GAAGC;EAAM,CAAC,GAAAC,SAAA,CAAAC,MAAA,QAAAD,SAAA,QAAAE,SAAA,GAAAF,SAAA,MAAG,CAAC,CAAC;EAAA,IACzBG,MAAM,GAAAH,SAAA,CAAAC,MAAA,OAAAD,SAAA,MAAAE,SAAA;EAEN;EACA,IAAIP,aAAa,CAACS,uBAAuB,EAAE;IACzC,OAAO;MACLC,sBAAsB,EAAEV,aAAa,CAACS;IACxC,CAAC;EACH;;EAEA;EACA,IAAID,MAAM,aAANA,MAAM,gBAAAP,qBAAA,GAANO,MAAM,CAAEG,oBAAoB,cAAAV,qBAAA,eAA5BA,qBAAA,CAA8BW,2BAA2B,EAAE;IAC7D,IAAI;MACF;MACA,MAAMF,sBAAsB,GAAG,MAAMP,QAAQ,CAC3CK,MAAM,aAANA,MAAM,uBAANA,MAAM,CAAEG,oBAAoB,CAACC,2BAA2B,EACxD;QACEC,MAAM,EAAE;MACV,CACF,CAAC,CACEC,IAAI,CAAC,IAAAC,sBAAgB,EAAC,GAAG,CAAC,CAAC,CAC3BD,IAAI,CAAEE,GAAG,IAAKA,GAAG,CAACC,IAAI,CAAC,CAAC,CAAC,CACzBH,IAAI,CAAEG,IAAI,IAAKC,6BAAsB,CAACC,KAAK,CAACF,IAAI,CAAC,CAAC;MAErD,OAAO;QACLP;MACF,CAAC;IACH,CAAC,CAAC,OAAOU,KAAK,EAAE;MACd,MAAM,IAAIC,KAAK,CAAE,4CAA2CD,KAAM,EAAC,CAAC;IACtE;EACF;;EAEA;EACA,IACEpB,aAAa,CAACsB,KAAK,IACnBd,MAAM,aAANA,MAAM,gBAAAN,sBAAA,GAANM,MAAM,CAAEG,oBAAoB,cAAAT,sBAAA,eAA5BA,sBAAA,CAA8BO,uBAAuB,EACrD;IACA,OAAO;MACLC,sBAAsB,EACpBF,MAAM,CAACG,oBAAoB,CAACF;IAChC,CAAC;EACH;EAEA,MAAM,IAAIY,KAAK,CAAC,mCAAmC,CAAC;AACtD,CAAC;AAACE,OAAA,CAAAxB,sBAAA,GAAAA,sBAAA"}

package/lib/commonjs/credential/presentation/07-evaluate-input-descriptor.js

@@ -0,0 +1,169 @@
+"use strict";
+
+Object.defineProperty(exports, "__esModule", {
+  value: true
+});
+exports.evaluateInputDescriptorForSdJwt4VC = void 0;
+var _jsonpathPlus = require("jsonpath-plus");
+var _errors = require("./errors");
+var _ajv = _interopRequireDefault(require("ajv"));
+function _interopRequireDefault(obj) { return obj && obj.__esModule ? obj : { default: obj }; }
+const ajv = new _ajv.default({
+  allErrors: true
+});
+const INDEX_CLAIM_NAME = 1;
+/**
+ * Transforms an array of DisclosureWithEncoded objects into a key-value map.
+ * @param disclosures - An array of DisclosureWithEncoded, each containing a decoded property with [?, claimName, claimValue].
+ * @returns An object mapping claim names to their corresponding values.
+ */
+const mapDisclosuresToObject = disclosures => {
+  return disclosures.reduce((obj, _ref) => {
+    let {
+      decoded
+    } = _ref;
+    const [, claimName, claimValue] = decoded;
+    obj[claimName] = claimValue;
+    return obj;
+  }, {});
+};
+
+/**
+ * Finds a claim within the payload based on provided JSONPath expressions.
+ * @param paths - An array of JSONPath expressions to search for in the payload.
+ * @param payload - The object to search within using JSONPath.
+ * @returns A tuple with the first matched JSONPath and its corresponding value, or [undefined, undefined] if not found.
+ */
+const findMatchedClaim = (paths, payload) => {
+  let matchedPath;
+  let matchedValue;
+  paths.some(singlePath => {
+    try {
+      const result = (0, _jsonpathPlus.JSONPath)({
+        path: singlePath,
+        json: payload
+      });
+      if (result.length > 0) {
+        matchedPath = singlePath;
+        matchedValue = result[0];
+        return true;
+      }
+    } catch (error) {
+      throw new _errors.MissingDataError(`JSONPath for "${singlePath}" does not match the provided payload.`);
+    }
+    return false;
+  });
+  return [matchedPath, matchedValue];
+};
+
+/**
+ * Extracts the claim name from a path that can be in one of the following formats:
+ * 1. $.propertyName
+ * 2. $["propertyName"] or $['propertyName']
+ *
+ * @param path - The path string containing the claim reference.
+ * @returns The extracted claim name if matched; otherwise, throws an exception.
+ */
+const extractClaimName = path => {
+  // Define a regular expression that matches both formats:
+  // 1. $.propertyName
+  // 2. $["propertyName"] or $['propertyName']
+  const regex = /^\$\.(\w+)$|^\$\[(?:'|")(\w+)(?:'|")\]$/;
+  const match = path.match(regex);
+  if (match) {
+    // match[1] corresponds to the first capture group (\w+) after $.
+    // match[2] corresponds to the second capture group (\w+) inside [""] or ['']
+    return match[1] || match[2];
+  }
+
+  // If the input doesn't match any of the expected formats, return null
+
+  throw new Error(`Invalid input format: "${path}". Expected formats are "$.propertyName", "$['propertyName']", or '$["propertyName"]'.`);
+};
+
+/**
+ * Evaluates an InputDescriptor for an SD-JWT-based verifiable credential.
+ *
+ * - Checks each field in the InputDescriptor against the provided `payloadCredential`
+ *   and `disclosures` (selectively disclosed claims).
+ * - Validates whether required fields are present (unless marked optional)
+ *   and match any specified JSONPath.
+ * - If a field includes a JSON Schema filter, validates the claim value against that schema.
+ * - Enforces `limit_disclosure` rules by returning only disclosures matching the specified fields
+ *   if set to "required". Otherwise return the array of all disclosures.
+ * - Throws an error if a required field is invalid or missing.
+ *
+ * @param inputDescriptor - Describes constraints (fields, filters, etc.) that must be satisfied.
+ * @param payloadCredential - The credential payload to check against.
+ * @param disclosures - An array of DisclosureWithEncoded objects representing selective disclosures.
+ * @returns A filtered list of disclosures satisfying the descriptor constraints, or throws an error if not.
+ * @throws Will throw an error if any required constraint fails or if JSONPath lookups are invalid.
+ */
+const evaluateInputDescriptorForSdJwt4VC = (inputDescriptor, payloadCredential, disclosures) => {
+  var _inputDescriptor$cons;
+  if (!(inputDescriptor !== null && inputDescriptor !== void 0 && (_inputDescriptor$cons = inputDescriptor.constraints) !== null && _inputDescriptor$cons !== void 0 && _inputDescriptor$cons.fields)) {
+    // No validation, all field are optional
+    return {
+      requiredDisclosures: [],
+      optionalDisclosures: disclosures
+    };
+  }
+  const requiredClaimNames = [];
+  const optionalClaimNames = [];
+
+  // Transform disclosures to find claim using JSONPath
+  const disclosuresAsPayload = mapDisclosuresToObject(disclosures);
+
+  // For each field, we need at least one matching path
+  // If we succeed, we push the matched disclosure in matchedDisclosures and stop checking further paths
+  const allFieldsValid = inputDescriptor.constraints.fields.every(field => {
+    // For Potential profile, selectively disclosed claims will always be built as an individual object property, by using a name-value pair.
+    // Hence that selective claim for array element and recursive disclosures are not supported by Potential for the first iteration of Piloting.
+    // We need to check inside disclosures or inside credential payload. Example path: "$.given_name"
+    let [matchedPath, matchedValue] = findMatchedClaim(field.path, disclosuresAsPayload);
+    if (!matchedPath) {
+      [matchedPath, matchedValue] = findMatchedClaim(field.path, payloadCredential);
+      if (!matchedPath) {
+        // Path could be optional, in this case no need to validate! continue to next field
+        return field === null || field === void 0 ? void 0 : field.optional;
+      }
+    } else {
+      // if match a disclouse we save which is required or optional
+      const claimName = extractClaimName(matchedPath);
+      if (claimName) {
+        (field !== null && field !== void 0 && field.optional ? optionalClaimNames : requiredClaimNames).push(claimName);
+      }
+    }
+
+    // FILTER validation
+    // If this field has a "filter" (JSON Schema), validate the claimValue
+    if (field.filter) {
+      try {
+        const validateSchema = ajv.compile(field.filter);
+        if (!validateSchema(matchedValue)) {
+          throw new _errors.MissingDataError(`Claim value "${matchedValue}" for path "${matchedPath}" does not match the provided JSON Schema.`);
+        }
+      } catch (error) {
+        return false;
+      }
+    }
+    // Submission Requirements validation
+    // TODO: [EUDIW-216] Read rule value if “all” o “pick” and validate
+
+    return true;
+  });
+  if (!allFieldsValid) {
+    throw new _errors.MissingDataError("Credential validation failed: Required fields are missing or do not match the input descriptor.");
+  }
+
+  // Categorizes disclosures into required and optional based on claim names and disclosure constraints.
+  const isNotLimitDisclosure = !(inputDescriptor.constraints.limit_disclosure === "required");
+  const requiredDisclosures = disclosures.filter(disclosure => requiredClaimNames.includes(disclosure.decoded[INDEX_CLAIM_NAME]));
+  const optionalDisclosures = disclosures.filter(disclosure => optionalClaimNames.includes(disclosure.decoded[INDEX_CLAIM_NAME]) || isNotLimitDisclosure && !requiredClaimNames.includes(disclosure.decoded[INDEX_CLAIM_NAME]));
+  return {
+    requiredDisclosures,
+    optionalDisclosures
+  };
+};
+exports.evaluateInputDescriptorForSdJwt4VC = evaluateInputDescriptorForSdJwt4VC;
+//# sourceMappingURL=07-evaluate-input-descriptor.js.map

package/lib/commonjs/credential/presentation/07-evaluate-input-descriptor.js.map

@@ -0,0 +1 @@
+{"version":3,"names":["_jsonpathPlus","require","_errors","_ajv","_interopRequireDefault","obj","__esModule","default","ajv","Ajv","allErrors","INDEX_CLAIM_NAME","mapDisclosuresToObject","disclosures","reduce","_ref","decoded","claimName","claimValue","findMatchedClaim","paths","payload","matchedPath","matchedValue","some","singlePath","result","JSONPath","path","json","length","error","MissingDataError","extractClaimName","regex","match","Error","evaluateInputDescriptorForSdJwt4VC","inputDescriptor","payloadCredential","_inputDescriptor$cons","constraints","fields","requiredDisclosures","optionalDisclosures","requiredClaimNames","optionalClaimNames","disclosuresAsPayload","allFieldsValid","every","field","optional","push","filter","validateSchema","compile","isNotLimitDisclosure","limit_disclosure","disclosure","includes","exports"],"sourceRoot":"../../../../src","sources":["credential/presentation/07-evaluate-input-descriptor.ts"],"mappings":";;;;;;AAEA,IAAAA,aAAA,GAAAC,OAAA;AACA,IAAAC,OAAA,GAAAD,OAAA;AACA,IAAAE,IAAA,GAAAC,sBAAA,CAAAH,OAAA;AAAsB,SAAAG,uBAAAC,GAAA,WAAAA,GAAA,IAAAA,GAAA,CAAAC,UAAA,GAAAD,GAAA,KAAAE,OAAA,EAAAF,GAAA;AACtB,MAAMG,GAAG,GAAG,IAAIC,YAAG,CAAC;EAAEC,SAAS,EAAE;AAAK,CAAC,CAAC;AACxC,MAAMC,gBAAgB,GAAG,CAAC;AAa1B;AACA;AACA;AACA;AACA;AACA,MAAMC,sBAAsB,GAC1BC,WAAoC,IACR;EAC5B,OAAOA,WAAW,CAACC,MAAM,CAAC,CAACT,GAAG,EAAAU,IAAA,KAAkB;IAAA,IAAhB;MAAEC;IAAQ,CAAC,GAAAD,IAAA;IACzC,MAAM,GAAGE,SAAS,EAAEC,UAAU,CAAC,GAAGF,OAAO;IACzCX,GAAG,CAACY,SAAS,CAAC,GAAGC,UAAU;IAC3B,OAAOb,GAAG;EACZ,CAAC,EAAE,CAAC,CAA4B,CAAC;AACnC,CAAC;;AAED;AACA;AACA;AACA;AACA;AACA;AACA,MAAMc,gBAAgB,GAAGA,CACvBC,KAAe,EACfC,OAAY,KACW;EACvB,IAAIC,WAAW;EACf,IAAIC,YAAY;EAChBH,KAAK,CAACI,IAAI,CAAEC,UAAU,IAAK;IACzB,IAAI;MACF,MAAMC,MAAM,GAAG,IAAAC,sBAAQ,EAAC;QAAEC,IAAI,EAAEH,UAAU;QAAEI,IAAI,EAAER;MAAQ,CAAC,CAAC;MAC5D,IAAIK,MAAM,CAACI,MAAM,GAAG,CAAC,EAAE;QACrBR,WAAW,GAAGG,UAAU;QACxBF,YAAY,GAAGG,MAAM,CAAC,CAAC,CAAC;QACxB,OAAO,IAAI;MACb;IACF,CAAC,CAAC,OAAOK,KAAK,EAAE;MACd,MAAM,IAAIC,wBAAgB,CACvB,iBAAgBP,UAAW,wCAC9B,CAAC;IACH;IACA,OAAO,KAAK;EACd,CAAC,CAAC;EAEF,OAAO,CAACH,WAAW,EAAEC,YAAY,CAAC;AACpC,CAAC;;AAED;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,MAAMU,gBAAgB,GAAIL,IAAY,IAAyB;EAC7D;EACA;EACA;EACA,MAAMM,KAAK,GAAG,yCAAyC;EAEvD,MAAMC,KAAK,GAAGP,IAAI,CAACO,KAAK,CAACD,KAAK,CAAC;EAC/B,IAAIC,KAAK,EAAE;IACT;IACA;IACA,OAAOA,KAAK,CAAC,CAAC,CAAC,IAAIA,KAAK,CAAC,CAAC,CAAC;EAC7B;;EAEA;;EAEA,MAAM,IAAIC,KAAK,CACZ,0BAAyBR,IAAK,wFACjC,CAAC;AACH,CAAC;;AAED;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACO,MAAMS,kCAAmE,GAC9EA,CAACC,eAAe,EAAEC,iBAAiB,EAAE1B,WAAW,KAAK;EAAA,IAAA2B,qBAAA;EACnD,IAAI,EAACF,eAAe,aAAfA,eAAe,gBAAAE,qBAAA,GAAfF,eAAe,CAAEG,WAAW,cAAAD,qBAAA,eAA5BA,qBAAA,CAA8BE,MAAM,GAAE;IACzC;IACA,OAAO;MACLC,mBAAmB,EAAE,EAAE;MACvBC,mBAAmB,EAAE/B;IACvB,CAAC;EACH;EACA,MAAMgC,kBAA4B,GAAG,EAAE;EACvC,MAAMC,kBAA4B,GAAG,EAAE;;EAEvC;EACA,MAAMC,oBAAoB,GAAGnC,sBAAsB,CAACC,WAAW,CAAC;;EAEhE;EACA;EACA,MAAMmC,cAAc,GAAGV,eAAe,CAACG,WAAW,CAACC,MAAM,CAACO,KAAK,CAAEC,KAAK,IAAK;IACzE;IACA;IACA;IACA,IAAI,CAAC5B,WAAW,EAAEC,YAAY,CAAC,GAAGJ,gBAAgB,CAChD+B,KAAK,CAACtB,IAAI,EACVmB,oBACF,CAAC;IAED,IAAI,CAACzB,WAAW,EAAE;MAChB,CAACA,WAAW,EAAEC,YAAY,CAAC,GAAGJ,gBAAgB,CAC5C+B,KAAK,CAACtB,IAAI,EACVW,iBACF,CAAC;MAED,IAAI,CAACjB,WAAW,EAAE;QAChB;QACA,OAAO4B,KAAK,aAALA,KAAK,uBAALA,KAAK,CAAEC,QAAQ;MACxB;IACF,CAAC,MAAM;MACL;MACA,MAAMlC,SAAS,GAAGgB,gBAAgB,CAACX,WAAW,CAAC;MAC/C,IAAIL,SAAS,EAAE;QACb,CAACiC,KAAK,aAALA,KAAK,eAALA,KAAK,CAAEC,QAAQ,GAAGL,kBAAkB,GAAGD,kBAAkB,EAAEO,IAAI,CAC9DnC,SACF,CAAC;MACH;IACF;;IAEA;IACA;IACA,IAAIiC,KAAK,CAACG,MAAM,EAAE;MAChB,IAAI;QACF,MAAMC,cAAc,GAAG9C,GAAG,CAAC+C,OAAO,CAACL,KAAK,CAACG,MAAM,CAAC;QAChD,IAAI,CAACC,cAAc,CAAC/B,YAAY,CAAC,EAAE;UACjC,MAAM,IAAIS,wBAAgB,CACvB,gBAAeT,YAAa,eAAcD,WAAY,4CACzD,CAAC;QACH;MACF,CAAC,CAAC,OAAOS,KAAK,EAAE;QACd,OAAO,KAAK;MACd;IACF;IACA;IACA;;IAEA,OAAO,IAAI;EACb,CAAC,CAAC;EAEF,IAAI,CAACiB,cAAc,EAAE;IACnB,MAAM,IAAIhB,wBAAgB,CACxB,iGACF,CAAC;EACH;;EAEA;EACA,MAAMwB,oBAAoB,GAAG,EAC3BlB,eAAe,CAACG,WAAW,CAACgB,gBAAgB,KAAK,UAAU,CAC5D;EAED,MAAMd,mBAAmB,GAAG9B,WAAW,CAACwC,MAAM,CAAEK,UAAU,IACxDb,kBAAkB,CAACc,QAAQ,CAACD,UAAU,CAAC1C,OAAO,CAACL,gBAAgB,CAAC,CAClE,CAAC;EAED,MAAMiC,mBAAmB,GAAG/B,WAAW,CAACwC,MAAM,CAC3CK,UAAU,IACTZ,kBAAkB,CAACa,QAAQ,CAACD,UAAU,CAAC1C,OAAO,CAACL,gBAAgB,CAAC,CAAC,IAChE6C,oBAAoB,IACnB,CAACX,kBAAkB,CAACc,QAAQ,CAACD,UAAU,CAAC1C,OAAO,CAACL,gBAAgB,CAAC,CACvE,CAAC;EAED,OAAO;IACLgC,mBAAmB;IACnBC;EACF,CAAC;AACH,CAAC;AAACgB,OAAA,CAAAvB,kCAAA,GAAAA,kCAAA"}