@pagopa/io-react-native-wallet 1.5.0 → 1.6.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/lib/commonjs/credential/issuance/06-obtain-credential.js +5 -1
- package/lib/commonjs/credential/issuance/06-obtain-credential.js.map +1 -1
- package/lib/commonjs/credential/issuance/07-verify-and-parse-credential.js +33 -21
- package/lib/commonjs/credential/issuance/07-verify-and-parse-credential.js.map +1 -1
- package/lib/commonjs/credential/presentation/07-evaluate-input-descriptor.js +192 -58
- package/lib/commonjs/credential/presentation/07-evaluate-input-descriptor.js.map +1 -1
- package/lib/commonjs/credential/presentation/08-send-authorization-response.js +45 -18
- package/lib/commonjs/credential/presentation/08-send-authorization-response.js.map +1 -1
- package/lib/commonjs/credential/presentation/types.js +1 -1
- package/lib/commonjs/credential/presentation/types.js.map +1 -1
- package/lib/commonjs/entity/trust/chain.js.map +1 -1
- package/lib/commonjs/mdoc/index.js +45 -13
- package/lib/commonjs/mdoc/index.js.map +1 -1
- package/lib/commonjs/utils/crypto.js +70 -4
- package/lib/commonjs/utils/crypto.js.map +1 -1
- package/lib/commonjs/utils/string.js +4 -4
- package/lib/commonjs/utils/string.js.map +1 -1
- package/lib/module/credential/issuance/06-obtain-credential.js +5 -1
- package/lib/module/credential/issuance/06-obtain-credential.js.map +1 -1
- package/lib/module/credential/issuance/07-verify-and-parse-credential.js +33 -21
- package/lib/module/credential/issuance/07-verify-and-parse-credential.js.map +1 -1
- package/lib/module/credential/presentation/07-evaluate-input-descriptor.js +186 -55
- package/lib/module/credential/presentation/07-evaluate-input-descriptor.js.map +1 -1
- package/lib/module/credential/presentation/08-send-authorization-response.js +45 -18
- package/lib/module/credential/presentation/08-send-authorization-response.js.map +1 -1
- package/lib/module/credential/presentation/types.js +1 -1
- package/lib/module/credential/presentation/types.js.map +1 -1
- package/lib/module/entity/trust/chain.js.map +1 -1
- package/lib/module/mdoc/index.js +43 -12
- package/lib/module/mdoc/index.js.map +1 -1
- package/lib/module/utils/crypto.js +67 -2
- package/lib/module/utils/crypto.js.map +1 -1
- package/lib/module/utils/string.js +4 -4
- package/lib/module/utils/string.js.map +1 -1
- package/lib/typescript/credential/issuance/06-obtain-credential.d.ts.map +1 -1
- package/lib/typescript/credential/issuance/07-verify-and-parse-credential.d.ts +1 -1
- package/lib/typescript/credential/issuance/07-verify-and-parse-credential.d.ts.map +1 -1
- package/lib/typescript/credential/presentation/07-evaluate-input-descriptor.d.ts +49 -13
- package/lib/typescript/credential/presentation/07-evaluate-input-descriptor.d.ts.map +1 -1
- package/lib/typescript/credential/presentation/08-send-authorization-response.d.ts +6 -2
- package/lib/typescript/credential/presentation/08-send-authorization-response.d.ts.map +1 -1
- package/lib/typescript/credential/presentation/types.d.ts +10 -7
- package/lib/typescript/credential/presentation/types.d.ts.map +1 -1
- package/lib/typescript/entity/trust/chain.d.ts.map +1 -1
- package/lib/typescript/mdoc/index.d.ts +6 -2
- package/lib/typescript/mdoc/index.d.ts.map +1 -1
- package/lib/typescript/utils/crypto.d.ts +8 -0
- package/lib/typescript/utils/crypto.d.ts.map +1 -1
- package/lib/typescript/utils/errors.d.ts.map +1 -1
- package/lib/typescript/utils/misc.d.ts.map +1 -1
- package/lib/typescript/utils/string.d.ts +3 -3
- package/lib/typescript/utils/string.d.ts.map +1 -1
- package/package.json +14 -12
- package/src/credential/issuance/06-obtain-credential.ts +3 -1
- package/src/credential/issuance/07-verify-and-parse-credential.ts +37 -16
- package/src/credential/presentation/07-evaluate-input-descriptor.ts +278 -97
- package/src/credential/presentation/08-send-authorization-response.ts +50 -27
- package/src/credential/presentation/types.ts +9 -6
- package/src/entity/trust/chain.ts +14 -10
- package/src/mdoc/index.ts +72 -15
- package/src/utils/crypto.ts +61 -2
- package/src/utils/errors.ts +2 -2
- package/src/utils/misc.ts +2 -2
- package/src/utils/string.ts +4 -4
|
@@ -3,6 +3,7 @@ import uuid from "react-native-uuid";
|
|
|
3
3
|
import { NoSuitableKeysFoundInEntityConfiguration } from "./errors";
|
|
4
4
|
import { hasStatusOrThrow } from "../../utils/misc";
|
|
5
5
|
import * as z from "zod";
|
|
6
|
+
import { Base64 } from "js-base64";
|
|
6
7
|
export const AuthorizationResponse = z.object({
|
|
7
8
|
status: z.string().optional(),
|
|
8
9
|
response_code: z.string() /**
|
|
@@ -17,12 +18,24 @@ export const AuthorizationResponse = z.object({
|
|
|
17
18
|
* Selects a public key (with `use = enc`) from the set of JWK keys
|
|
18
19
|
* offered by the Relying Party (RP) for encryption.
|
|
19
20
|
*
|
|
21
|
+
* Preference is given to EC keys (P-256 or P-384), followed by RSA keys,
|
|
22
|
+
* based on compatibility and common usage for encryption.
|
|
23
|
+
*
|
|
20
24
|
* @param rpJwkKeys - The array of JWKs retrieved from the RP entity configuration.
|
|
21
25
|
* @returns The first suitable public key found in the list.
|
|
22
26
|
* @throws {NoSuitableKeysFoundInEntityConfiguration} If no suitable encryption key is found.
|
|
23
27
|
*/
|
|
24
28
|
export const choosePublicKeyToEncrypt = rpJwkKeys => {
|
|
25
|
-
|
|
29
|
+
// First try to find RSA keys which are more commonly used for encryption
|
|
30
|
+
const encKeys = rpJwkKeys.filter(jwk => jwk.use === "enc");
|
|
31
|
+
|
|
32
|
+
// Prioritize EC keys first, then fall back to RSA keys if needed
|
|
33
|
+
// io-react-native-jwt support only EC keys with P-256 or P-384 curves
|
|
34
|
+
const ecEncKeys = encKeys.filter(jwk => jwk.kty === "EC" && (jwk.crv === "P-256" || jwk.crv === "P-384"));
|
|
35
|
+
const rsaEncKeys = encKeys.filter(jwk => jwk.kty === "RSA");
|
|
36
|
+
|
|
37
|
+
// Select the first available key based on priority
|
|
38
|
+
const encKey = ecEncKeys[0] || rsaEncKeys[0] || encKeys[0];
|
|
26
39
|
if (encKey) {
|
|
27
40
|
return encKey;
|
|
28
41
|
}
|
|
@@ -40,7 +53,9 @@ export const choosePublicKeyToEncrypt = rpJwkKeys => {
|
|
|
40
53
|
*/
|
|
41
54
|
export const buildDirectPostBody = async (requestObject, payload) => {
|
|
42
55
|
const formUrlEncodedBody = new URLSearchParams({
|
|
43
|
-
|
|
56
|
+
...(requestObject.state ? {
|
|
57
|
+
state: requestObject.state
|
|
58
|
+
} : {}),
|
|
44
59
|
...Object.fromEntries(Object.entries(payload).map(_ref => {
|
|
45
60
|
let [key, value] = _ref;
|
|
46
61
|
return [key, Array.isArray(value) || typeof value === "object" ? JSON.stringify(value) : value];
|
|
@@ -55,19 +70,17 @@ export const buildDirectPostBody = async (requestObject, payload) => {
|
|
|
55
70
|
* @param jwkKeys - Array of JWKs from the Relying Party for encryption.
|
|
56
71
|
* @param requestObject - Contains state, nonce, and other relevant info.
|
|
57
72
|
* @param payload - Object that contains either the VP token to encrypt and the mapping of the credential disclosures or the error code
|
|
73
|
+
* @param generatedNonce - Optional nonce for the `apu` claim in the JWE header, it is used during ISO 18013-7.
|
|
58
74
|
* @returns A URL-encoded string for an `application/x-www-form-urlencoded` POST body,
|
|
59
75
|
* where `response` contains the encrypted JWE.
|
|
60
76
|
*/
|
|
61
|
-
export const buildDirectPostJwtBody = async (jwkKeys, requestObject, payload) => {
|
|
77
|
+
export const buildDirectPostJwtBody = async (jwkKeys, requestObject, payload, generatedNonce) => {
|
|
62
78
|
// Prepare the authorization response payload to be encrypted
|
|
63
79
|
const authzResponsePayload = JSON.stringify({
|
|
64
80
|
state: requestObject.state,
|
|
65
81
|
...payload
|
|
66
82
|
});
|
|
67
|
-
|
|
68
|
-
// Choose a suitable RSA public key for encryption
|
|
69
83
|
const encPublicJwk = choosePublicKeyToEncrypt(jwkKeys);
|
|
70
|
-
|
|
71
84
|
// Encrypt the authorization payload
|
|
72
85
|
const {
|
|
73
86
|
client_metadata
|
|
@@ -75,13 +88,20 @@ export const buildDirectPostJwtBody = async (jwkKeys, requestObject, payload) =>
|
|
|
75
88
|
const encryptedResponse = await new EncryptJwe(authzResponsePayload, {
|
|
76
89
|
alg: (client_metadata === null || client_metadata === void 0 ? void 0 : client_metadata.authorization_encrypted_response_alg) || "RSA-OAEP-256",
|
|
77
90
|
enc: (client_metadata === null || client_metadata === void 0 ? void 0 : client_metadata.authorization_encrypted_response_enc) || "A256CBC-HS512",
|
|
78
|
-
kid: encPublicJwk.kid
|
|
91
|
+
kid: encPublicJwk.kid,
|
|
92
|
+
/* ISO 18013-7 */
|
|
93
|
+
apv: Base64.encodeURI(requestObject.nonce),
|
|
94
|
+
...(generatedNonce ? {
|
|
95
|
+
apu: Base64.encodeURI(generatedNonce)
|
|
96
|
+
} : {})
|
|
79
97
|
}).encrypt(encPublicJwk);
|
|
80
98
|
|
|
81
99
|
// Build the x-www-form-urlencoded form body
|
|
82
100
|
const formBody = new URLSearchParams({
|
|
83
101
|
response: encryptedResponse,
|
|
84
|
-
|
|
102
|
+
...(requestObject.state ? {
|
|
103
|
+
state: requestObject.state
|
|
104
|
+
} : {})
|
|
85
105
|
});
|
|
86
106
|
return formBody.toString();
|
|
87
107
|
};
|
|
@@ -102,21 +122,25 @@ export const buildDirectPostJwtBody = async (jwkKeys, requestObject, payload) =>
|
|
|
102
122
|
* @param context - Contains optional custom fetch implementation.
|
|
103
123
|
* @returns Parsed and validated authorization response from the Relying Party.
|
|
104
124
|
*/
|
|
105
|
-
export const sendAuthorizationResponse = async function (requestObject, presentationDefinitionId, jwkKeys,
|
|
106
|
-
var
|
|
125
|
+
export const sendAuthorizationResponse = async function (requestObject, presentationDefinitionId, jwkKeys, remotePresentation) {
|
|
126
|
+
var _presentations$;
|
|
107
127
|
let {
|
|
108
128
|
appFetch = fetch
|
|
109
129
|
} = arguments.length > 4 && arguments[4] !== undefined ? arguments[4] : {};
|
|
130
|
+
const {
|
|
131
|
+
generatedNonce,
|
|
132
|
+
presentations
|
|
133
|
+
} = remotePresentation;
|
|
110
134
|
/**
|
|
111
135
|
* 1. Prepare the VP token and presentation submission
|
|
112
136
|
* If there is only one credential, `vpToken` is a single string.
|
|
113
137
|
* If there are multiple credential, `vpToken` is an array of string.
|
|
114
138
|
**/
|
|
115
|
-
const vp_token = (
|
|
116
|
-
const descriptor_map =
|
|
117
|
-
id:
|
|
118
|
-
path:
|
|
119
|
-
format:
|
|
139
|
+
const vp_token = (presentations === null || presentations === void 0 ? void 0 : presentations.length) === 1 ? (_presentations$ = presentations[0]) === null || _presentations$ === void 0 ? void 0 : _presentations$.vpToken : presentations.map(presentation => presentation.vpToken);
|
|
140
|
+
const descriptor_map = presentations.map((presentation, index) => ({
|
|
141
|
+
id: presentation.inputDescriptor.id,
|
|
142
|
+
path: (presentations === null || presentations === void 0 ? void 0 : presentations.length) === 1 ? `$` : `$[${index}]`,
|
|
143
|
+
format: presentation.format
|
|
120
144
|
}));
|
|
121
145
|
const presentation_submission = {
|
|
122
146
|
id: uuid.v4(),
|
|
@@ -128,19 +152,22 @@ export const sendAuthorizationResponse = async function (requestObject, presenta
|
|
|
128
152
|
const requestBody = requestObject.response_mode === "direct_post.jwt" ? await buildDirectPostJwtBody(jwkKeys, requestObject, {
|
|
129
153
|
vp_token,
|
|
130
154
|
presentation_submission
|
|
131
|
-
}) : await buildDirectPostBody(requestObject, {
|
|
155
|
+
}, generatedNonce) : await buildDirectPostBody(requestObject, {
|
|
132
156
|
vp_token,
|
|
133
157
|
presentation_submission: presentation_submission
|
|
134
158
|
});
|
|
135
159
|
|
|
136
160
|
// 3. Send the authorization response via HTTP POST and validate the response
|
|
137
|
-
|
|
161
|
+
const authResponse = await appFetch(requestObject.response_uri, {
|
|
138
162
|
method: "POST",
|
|
139
163
|
headers: {
|
|
140
164
|
"Content-Type": "application/x-www-form-urlencoded"
|
|
141
165
|
},
|
|
142
166
|
body: requestBody
|
|
143
|
-
}).then(hasStatusOrThrow(200)).then(res => res.json()).then(AuthorizationResponse.
|
|
167
|
+
}).then(hasStatusOrThrow(200)).then(res => res.json()).then(AuthorizationResponse.safeParse);
|
|
168
|
+
|
|
169
|
+
// Some Relying Parties may return an empty body.
|
|
170
|
+
return authResponse.success ? authResponse.data : {};
|
|
144
171
|
};
|
|
145
172
|
|
|
146
173
|
/**
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"names":["EncryptJwe","uuid","NoSuitableKeysFoundInEntityConfiguration","hasStatusOrThrow","z","AuthorizationResponse","object","status","string","optional","response_code","redirect_uri","choosePublicKeyToEncrypt","rpJwkKeys","
|
|
1
|
+
{"version":3,"names":["EncryptJwe","uuid","NoSuitableKeysFoundInEntityConfiguration","hasStatusOrThrow","z","Base64","AuthorizationResponse","object","status","string","optional","response_code","redirect_uri","choosePublicKeyToEncrypt","rpJwkKeys","encKeys","filter","jwk","use","ecEncKeys","kty","crv","rsaEncKeys","encKey","buildDirectPostBody","requestObject","payload","formUrlEncodedBody","URLSearchParams","state","Object","fromEntries","entries","map","_ref","key","value","Array","isArray","JSON","stringify","toString","buildDirectPostJwtBody","jwkKeys","generatedNonce","authzResponsePayload","encPublicJwk","client_metadata","encryptedResponse","alg","authorization_encrypted_response_alg","enc","authorization_encrypted_response_enc","kid","apv","encodeURI","nonce","apu","encrypt","formBody","response","sendAuthorizationResponse","presentationDefinitionId","remotePresentation","_presentations$","appFetch","fetch","arguments","length","undefined","presentations","vp_token","vpToken","presentation","descriptor_map","index","id","inputDescriptor","path","format","presentation_submission","v4","definition_id","requestBody","response_mode","authResponse","response_uri","method","headers","body","then","res","json","safeParse","success","data","sendAuthorizationErrorResponse","error","parse"],"sourceRoot":"../../../../src","sources":["credential/presentation/08-send-authorization-response.ts"],"mappings":"AAAA,SAASA,UAAU,QAAQ,6BAA6B;AACxD,OAAOC,IAAI,MAAM,mBAAmB;AAGpC,SAASC,wCAAwC,QAAQ,UAAU;AACnE,SAASC,gBAAgB,QAAkB,kBAAkB;AAM7D,OAAO,KAAKC,CAAC,MAAM,KAAK;AAExB,SAASC,MAAM,QAAQ,WAAW;AAGlC,OAAO,MAAMC,qBAAqB,GAAGF,CAAC,CAACG,MAAM,CAAC;EAC5CC,MAAM,EAAEJ,CAAC,CAACK,MAAM,CAAC,CAAC,CAACC,QAAQ,CAAC,CAAC;EAC7BC,aAAa,EAAEP,CAAC,CACbK,MAAM,CAAC,CAAC,CAAC;AACd;AACA;AACA;AACA,8BAJc,CAKTC,QAAQ,CAAC,CAAC;EACbE,YAAY,EAAER,CAAC,CAACK,MAAM,CAAC,CAAC,CAACC,QAAQ,CAAC;AACpC,CAAC,CAAC;;AAEF;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,OAAO,MAAMG,wBAAwB,GACnCC,SAAiC,IACzB;EACR;EACA,MAAMC,OAAO,GAAGD,SAAS,CAACE,MAAM,CAAEC,GAAG,IAAKA,GAAG,CAACC,GAAG,KAAK,KAAK,CAAC;;EAE5D;EACA;EACA,MAAMC,SAAS,GAAGJ,OAAO,CAACC,MAAM,CAC7BC,GAAG,IAAKA,GAAG,CAACG,GAAG,KAAK,IAAI,KAAKH,GAAG,CAACI,GAAG,KAAK,OAAO,IAAIJ,GAAG,CAACI,GAAG,KAAK,OAAO,CAC1E,CAAC;EACD,MAAMC,UAAU,GAAGP,OAAO,CAACC,MAAM,CAAEC,GAAG,IAAKA,GAAG,CAACG,GAAG,KAAK,KAAK,CAAC;;EAE7D;EACA,MAAMG,MAAM,GAAGJ,SAAS,CAAC,CAAC,CAAC,IAAIG,UAAU,CAAC,CAAC,CAAC,IAAIP,OAAO,CAAC,CAAC,CAAC;EAE1D,IAAIQ,MAAM,EAAE;IACV,OAAOA,MAAM;EACf;;EAEA;EACA,MAAM,IAAIrB,wCAAwC,CAChD,8CACF,CAAC;AACH,CAAC;;AAED;AACA;AACA;AACA;AACA;AACA;AACA;AACA,OAAO,MAAMsB,mBAAmB,GAAG,MAAAA,CACjCC,aAAiE,EACjEC,OAAuC,KACnB;EACpB,MAAMC,kBAAkB,GAAG,IAAIC,eAAe,CAAC;IAC7C,IAAIH,aAAa,CAACI,KAAK,GAAG;MAAEA,KAAK,EAAEJ,aAAa,CAACI;IAAM,CAAC,GAAG,CAAC,CAAC,CAAC;IAC9D,GAAGC,MAAM,CAACC,WAAW,CACnBD,MAAM,CAACE,OAAO,CAACN,OAAO,CAAC,CAACO,GAAG,CAACC,IAAA,IAAkB;MAAA,IAAjB,CAACC,GAAG,EAAEC,KAAK,CAAC,GAAAF,IAAA;MACvC,OAAO,CACLC,GAAG,EACHE,KAAK,CAACC,OAAO,CAACF,KAAK,CAAC,IAAI,OAAOA,KAAK,KAAK,QAAQ,GAC7CG,IAAI,CAACC,SAAS,CAACJ,KAAK,CAAC,GACrBA,KAAK,CACV;IACH,CAAC,CACH;EACF,CAAC,CAAC;EAEF,OAAOT,kBAAkB,CAACc,QAAQ,CAAC,CAAC;AACtC,CAAC;;AAED;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,OAAO,MAAMC,sBAAsB,GAAG,MAAAA,CACpCC,OAA+B,EAC/BlB,aAAiE,EACjEC,OAAuC,EACvCkB,cAAuB,KACH;EACpB;EACA,MAAMC,oBAAoB,GAAGN,IAAI,CAACC,SAAS,CAAC;IAC1CX,KAAK,EAAEJ,aAAa,CAACI,KAAK;IAC1B,GAAGH;EACL,CAAC,CAAC;EAEF,MAAMoB,YAAY,GAAGjC,wBAAwB,CAAC8B,OAAO,CAAC;EACtD;EACA,MAAM;IAAEI;EAAgB,CAAC,GAAGtB,aAAa;EACzC,MAAMuB,iBAAiB,GAAG,MAAM,IAAIhD,UAAU,CAAC6C,oBAAoB,EAAE;IACnEI,GAAG,EACD,CAACF,eAAe,aAAfA,eAAe,uBAAfA,eAAe,CAAEG,oCAAoC,KAEnC,cAAc;IACnCC,GAAG,EACD,CAACJ,eAAe,aAAfA,eAAe,uBAAfA,eAAe,CAAEK,oCAAoC,KAE9B,eAAe;IACzCC,GAAG,EAAEP,YAAY,CAACO,GAAG;IACrB;IACAC,GAAG,EAAEjD,MAAM,CAACkD,SAAS,CAAC9B,aAAa,CAAC+B,KAAK,CAAC;IAC1C,IAAIZ,cAAc,GAAG;MAAEa,GAAG,EAAEpD,MAAM,CAACkD,SAAS,CAACX,cAAc;IAAE,CAAC,GAAG,CAAC,CAAC;EACrE,CAAC,CAAC,CAACc,OAAO,CAACZ,YAAY,CAAC;;EAExB;EACA,MAAMa,QAAQ,GAAG,IAAI/B,eAAe,CAAC;IACnCgC,QAAQ,EAAEZ,iBAAiB;IAC3B,IAAIvB,aAAa,CAACI,KAAK,GAAG;MAAEA,KAAK,EAAEJ,aAAa,CAACI;IAAM,CAAC,GAAG,CAAC,CAAC;EAC/D,CAAC,CAAC;EACF,OAAO8B,QAAQ,CAAClB,QAAQ,CAAC,CAAC;AAC5B,CAAC;;AAED;AACA;AACA;AACA;;AAWA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,OAAO,MAAMoB,yBAAoD,GAAG,eAAAA,CAClEpC,aAAa,EACbqC,wBAAwB,EACxBnB,OAAO,EACPoB,kBAAkB,EAEiB;EAAA,IAAAC,eAAA;EAAA,IADnC;IAAEC,QAAQ,GAAGC;EAAM,CAAC,GAAAC,SAAA,CAAAC,MAAA,QAAAD,SAAA,QAAAE,SAAA,GAAAF,SAAA,MAAG,CAAC,CAAC;EAEzB,MAAM;IAAEvB,cAAc;IAAE0B;EAAc,CAAC,GAAGP,kBAAkB;EAC5D;AACF;AACA;AACA;AACA;EACE,MAAMQ,QAAQ,GACZ,CAAAD,aAAa,aAAbA,aAAa,uBAAbA,aAAa,CAAEF,MAAM,MAAK,CAAC,IAAAJ,eAAA,GACvBM,aAAa,CAAC,CAAC,CAAC,cAAAN,eAAA,uBAAhBA,eAAA,CAAkBQ,OAAO,GACzBF,aAAa,CAACrC,GAAG,CAAEwC,YAAY,IAAKA,YAAY,CAACD,OAAO,CAAC;EAE/D,MAAME,cAAc,GAAGJ,aAAa,CAACrC,GAAG,CAAC,CAACwC,YAAY,EAAEE,KAAK,MAAM;IACjEC,EAAE,EAAEH,YAAY,CAACI,eAAe,CAACD,EAAE;IACnCE,IAAI,EAAE,CAAAR,aAAa,aAAbA,aAAa,uBAAbA,aAAa,CAAEF,MAAM,MAAK,CAAC,GAAI,GAAE,GAAI,KAAIO,KAAM,GAAE;IACvDI,MAAM,EAAEN,YAAY,CAACM;EACvB,CAAC,CAAC,CAAC;EAEH,MAAMC,uBAAuB,GAAG;IAC9BJ,EAAE,EAAE3E,IAAI,CAACgF,EAAE,CAAC,CAAC;IACbC,aAAa,EAAEpB,wBAAwB;IACvCY;EACF,CAAC;;EAED;EACA,MAAMS,WAAW,GACf1D,aAAa,CAAC2D,aAAa,KAAK,iBAAiB,GAC7C,MAAM1C,sBAAsB,CAC1BC,OAAO,EACPlB,aAAa,EACb;IACE8C,QAAQ;IACRS;EACF,CAAC,EACDpC,cACF,CAAC,GACD,MAAMpB,mBAAmB,CAACC,aAAa,EAAE;IACvC8C,QAAQ;IACRS,uBAAuB,EAAEA;EAC3B,CAAC,CAAC;;EAER;EACA,MAAMK,YAAY,GAAG,MAAMpB,QAAQ,CAACxC,aAAa,CAAC6D,YAAY,EAAE;IAC9DC,MAAM,EAAE,MAAM;IACdC,OAAO,EAAE;MACP,cAAc,EAAE;IAClB,CAAC;IACDC,IAAI,EAAEN;EACR,CAAC,CAAC,CACCO,IAAI,CAACvF,gBAAgB,CAAC,GAAG,CAAC,CAAC,CAC3BuF,IAAI,CAAEC,GAAG,IAAKA,GAAG,CAACC,IAAI,CAAC,CAAC,CAAC,CACzBF,IAAI,CAACpF,qBAAqB,CAACuF,SAAS,CAAC;;EAExC;EACA,OAAOR,YAAY,CAACS,OAAO,GAAGT,YAAY,CAACU,IAAI,GAAG,CAAC,CAAC;AACtD,CAAC;;AAED;AACA;AACA;AACA;;AAUA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,OAAO,MAAMC,8BAA8D,GACzE,eAAAA,CACEvE,aAAa,EACbwE,KAAK,EACLtD,OAAO,EAE4B;EAAA,IADnC;IAAEsB,QAAQ,GAAGC;EAAM,CAAC,GAAAC,SAAA,CAAAC,MAAA,QAAAD,SAAA,QAAAE,SAAA,GAAAF,SAAA,MAAG,CAAC,CAAC;EAEzB;EACA,MAAMgB,WAAW,GACf1D,aAAa,CAAC2D,aAAa,KAAK,iBAAiB,GAC7C,MAAM1C,sBAAsB,CAACC,OAAO,EAAElB,aAAa,EAAE;IAAEwE;EAAM,CAAC,CAAC,GAC/D,MAAMzE,mBAAmB,CAACC,aAAa,EAAE;IAAEwE;EAAM,CAAC,CAAC;EACzD;EACA,OAAO,MAAMhC,QAAQ,CAACxC,aAAa,CAAC6D,YAAY,EAAE;IAChDC,MAAM,EAAE,MAAM;IACdC,OAAO,EAAE;MACP,cAAc,EAAE;IAClB,CAAC;IACDC,IAAI,EAAEN;EACR,CAAC,CAAC,CACCO,IAAI,CAACvF,gBAAgB,CAAC,GAAG,CAAC,CAAC,CAC3BuF,IAAI,CAAEC,GAAG,IAAKA,GAAG,CAACC,IAAI,CAAC,CAAC,CAAC,CACzBF,IAAI,CAACpF,qBAAqB,CAAC4F,KAAK,CAAC;AACtC,CAAC"}
|
|
@@ -78,7 +78,7 @@ export const RequestObject = z.object({
|
|
|
78
78
|
//optional by RFC 7519, mandatory for Potential
|
|
79
79
|
iat: UnixTime.optional(),
|
|
80
80
|
exp: UnixTime.optional(),
|
|
81
|
-
state: z.string(),
|
|
81
|
+
state: z.string().optional(),
|
|
82
82
|
nonce: z.string(),
|
|
83
83
|
response_uri: z.string(),
|
|
84
84
|
response_type: z.literal("vp_token"),
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"names":["UnixTime","z","JWKS","Fields","object","path","array","string","min","id","optional","purpose","name","filter","any","boolean","intent_to_retain","Constraints","fields","limit_disclosure","enum","InputDescriptor","format","record","constraints","group","SubmissionRequirement","rule","from","from_nested","count","number","PresentationDefinition","input_descriptors","submission_requirements","RequestObject","iss","iat","exp","state","nonce","response_uri","response_type","literal","response_mode","client_id","client_id_scheme","client_metadata","authorization_encrypted_response_alg","authorization_encrypted_response_enc","jwks_uri","jwks","scope","presentation_definition","ErrorResponse","DirectAuthorizationBodyPayload","union","vp_token","presentation_submission","unknown","error"],"sourceRoot":"../../../../src","sources":["credential/presentation/types.ts"],"mappings":"AACA,SAASA,QAAQ,QAAQ,oBAAoB;AAC7C,OAAO,KAAKC,CAAC,MAAM,KAAK;AACxB,SAASC,IAAI,QAAQ,iBAAiB;;AAEtC;AACA;AACA;;AAOA;AACA;AACA;;
|
|
1
|
+
{"version":3,"names":["UnixTime","z","JWKS","Fields","object","path","array","string","min","id","optional","purpose","name","filter","any","boolean","intent_to_retain","Constraints","fields","limit_disclosure","enum","InputDescriptor","format","record","constraints","group","SubmissionRequirement","rule","from","from_nested","count","number","PresentationDefinition","input_descriptors","submission_requirements","RequestObject","iss","iat","exp","state","nonce","response_uri","response_type","literal","response_mode","client_id","client_id_scheme","client_metadata","authorization_encrypted_response_alg","authorization_encrypted_response_enc","jwks_uri","jwks","scope","presentation_definition","ErrorResponse","DirectAuthorizationBodyPayload","union","vp_token","presentation_submission","unknown","error"],"sourceRoot":"../../../../src","sources":["credential/presentation/types.ts"],"mappings":"AACA,SAASA,QAAQ,QAAQ,oBAAoB;AAC7C,OAAO,KAAKC,CAAC,MAAM,KAAK;AACxB,SAASC,IAAI,QAAQ,iBAAiB;;AAEtC;AACA;AACA;;AAOA;AACA;AACA;;AAWA,MAAMC,MAAM,GAAGF,CAAC,CAACG,MAAM,CAAC;EACtBC,IAAI,EAAEJ,CAAC,CAACK,KAAK,CAACL,CAAC,CAACM,MAAM,CAAC,CAAC,CAACC,GAAG,CAAC,CAAC,CAAC,CAAC;EAAE;EAClCC,EAAE,EAAER,CAAC,CAACM,MAAM,CAAC,CAAC,CAACG,QAAQ,CAAC,CAAC;EAAE;EAC3BC,OAAO,EAAEV,CAAC,CAACM,MAAM,CAAC,CAAC,CAACG,QAAQ,CAAC,CAAC;EAAE;EAChCE,IAAI,EAAEX,CAAC,CAACM,MAAM,CAAC,CAAC,CAACG,QAAQ,CAAC,CAAC;EAAE;EAC7BG,MAAM,EAAEZ,CAAC,CAACa,GAAG,CAAC,CAAC,CAACJ,QAAQ,CAAC,CAAC;EAAE;EAC5BA,QAAQ,EAAET,CAAC,CAACc,OAAO,CAAC,CAAC,CAACL,QAAQ,CAAC,CAAC;EAAE;EAClCM,gBAAgB,EAAEf,CAAC,CAACc,OAAO,CAAC,CAAC,CAACL,QAAQ,CAAC,CAAC,CAAE;AAC5C,CAAC,CAAC;;AAEF;AACA,MAAMO,WAAW,GAAGhB,CAAC,CAACG,MAAM,CAAC;EAC3Bc,MAAM,EAAEjB,CAAC,CAACK,KAAK,CAACH,MAAM,CAAC,CAACO,QAAQ,CAAC,CAAC;EAAE;EACpCS,gBAAgB,EAAElB,CAAC,CAACmB,IAAI,CAAC,CAAC,UAAU,EAAE,WAAW,CAAC,CAAC,CAACV,QAAQ,CAAC,CAAC,CAAE;AAClE,CAAC,CAAC;;AAEF;;AAEA,OAAO,MAAMW,eAAe,GAAGpB,CAAC,CAACG,MAAM,CAAC;EACtCK,EAAE,EAAER,CAAC,CAACM,MAAM,CAAC,CAAC,CAACC,GAAG,CAAC,CAAC,CAAC;EAAE;EACvBI,IAAI,EAAEX,CAAC,CAACM,MAAM,CAAC,CAAC,CAACG,QAAQ,CAAC,CAAC;EAAE;EAC7BC,OAAO,EAAEV,CAAC,CAACM,MAAM,CAAC,CAAC,CAACG,QAAQ,CAAC,CAAC;EAAE;EAChCY,MAAM,EAAErB,CAAC,CAACsB,MAAM,CAACtB,CAAC,CAACM,MAAM,CAAC,CAAC,EAAEN,CAAC,CAACa,GAAG,CAAC,CAAC,CAAC,CAACJ,QAAQ,CAAC,CAAC;EAAE;EAClDc,WAAW,EAAEP,WAAW;EAAE;EAC1BQ,KAAK,EAAExB,CAAC,CAACM,MAAM,CAAC,CAAC,CAACG,QAAQ,CAAC,CAAC,CAAE;AAChC,CAAC,CAAC;;AAEF,MAAMgB,qBAAqB,GAAGzB,CAAC,CAACG,MAAM,CAAC;EACrCQ,IAAI,EAAEX,CAAC,CAACM,MAAM,CAAC,CAAC,CAACG,QAAQ,CAAC,CAAC;EAC3BC,OAAO,EAAEV,CAAC,CAACM,MAAM,CAAC,CAAC,CAACG,QAAQ,CAAC,CAAC;EAC9BiB,IAAI,EAAE1B,CAAC,CAACM,MAAM,CAAC,CAAC;EAAE;EAClBqB,IAAI,EAAE3B,CAAC,CAACM,MAAM,CAAC,CAAC,CAACG,QAAQ,CAAC,CAAC;EAAE;EAC7BmB,WAAW,EAAE5B,CAAC,CACXK,KAAK,CACJL,CAAC,CAACG,MAAM,CAAC;IACPQ,IAAI,EAAEX,CAAC,CAACM,MAAM,CAAC,CAAC,CAACG,QAAQ,CAAC,CAAC;IAC3BC,OAAO,EAAEV,CAAC,CAACM,MAAM,CAAC,CAAC,CAACG,QAAQ,CAAC,CAAC;IAC9BiB,IAAI,EAAE1B,CAAC,CAACM,MAAM,CAAC,CAAC;IAChBqB,IAAI,EAAE3B,CAAC,CAACM,MAAM,CAAC;EACjB,CAAC,CACH,CAAC,CACAG,QAAQ,CAAC,CAAC;EACboB,KAAK,EAAE7B,CAAC,CAAC8B,MAAM,CAAC,CAAC,CAACrB,QAAQ,CAAC;EAC3B;AACF,CAAC,CAAC;;AAGF,OAAO,MAAMsB,sBAAsB,GAAG/B,CAAC,CAACG,MAAM,CAAC;EAC7CK,EAAE,EAAER,CAAC,CAACM,MAAM,CAAC,CAAC;EACdK,IAAI,EAAEX,CAAC,CAACM,MAAM,CAAC,CAAC,CAACG,QAAQ,CAAC,CAAC;EAC3BC,OAAO,EAAEV,CAAC,CAACM,MAAM,CAAC,CAAC,CAACG,QAAQ,CAAC,CAAC;EAC9BuB,iBAAiB,EAAEhC,CAAC,CAACK,KAAK,CAACe,eAAe,CAAC;EAC3Ca,uBAAuB,EAAEjC,CAAC,CAACK,KAAK,CAACoB,qBAAqB,CAAC,CAAChB,QAAQ,CAAC;AACnE,CAAC,CAAC;AAGF,OAAO,MAAMyB,aAAa,GAAGlC,CAAC,CAACG,MAAM,CAAC;EACpCgC,GAAG,EAAEnC,CAAC,CAACM,MAAM,CAAC,CAAC,CAACG,QAAQ,CAAC,CAAC;EAAE;EAC5B2B,GAAG,EAAErC,QAAQ,CAACU,QAAQ,CAAC,CAAC;EACxB4B,GAAG,EAAEtC,QAAQ,CAACU,QAAQ,CAAC,CAAC;EACxB6B,KAAK,EAAEtC,CAAC,CAACM,MAAM,CAAC,CAAC,CAACG,QAAQ,CAAC,CAAC;EAC5B8B,KAAK,EAAEvC,CAAC,CAACM,MAAM,CAAC,CAAC;EACjBkC,YAAY,EAAExC,CAAC,CAACM,MAAM,CAAC,CAAC;EACxBmC,aAAa,EAAEzC,CAAC,CAAC0C,OAAO,CAAC,UAAU,CAAC;EACpCC,aAAa,EAAE3C,CAAC,CAACmB,IAAI,CAAC,CAAC,iBAAiB,EAAE,aAAa,CAAC,CAAC;EACzDyB,SAAS,EAAE5C,CAAC,CAACM,MAAM,CAAC,CAAC;EACrBuC,gBAAgB,EAAE7C,CAAC,CAACM,MAAM,CAAC,CAAC,CAACG,QAAQ,CAAC,CAAC;EAAE;EACzCqC,eAAe,EAAE9C,CAAC,CACfG,MAAM,CAAC;IACN4C,oCAAoC,EAAE/C,CAAC,CAACM,MAAM,CAAC,CAAC,CAACG,QAAQ,CAAC,CAAC;IAC3DuC,oCAAoC,EAAEhD,CAAC,CAACM,MAAM,CAAC,CAAC,CAACG,QAAQ,CAAC,CAAC;IAC3DwC,QAAQ,EAAEjD,CAAC,CAACM,MAAM,CAAC,CAAC,CAACG,QAAQ,CAAC,CAAC;IAC/ByC,IAAI,EAAEjD,IAAI,CAACQ,QAAQ,CAAC;EACtB,CAAC,CAAC,CACDA,QAAQ,CAAC,CAAC;EAAE;EACf0C,KAAK,EAAEnD,CAAC,CAACM,MAAM,CAAC,CAAC,CAACG,QAAQ,CAAC,CAAC;EAC5B2C,uBAAuB,EAAErB,sBAAsB,CAACtB,QAAQ,CAAC;AAC3D,CAAC,CAAC;;AAEF;AACA;AACA;AACA;;AAEA,OAAO,MAAM4C,aAAa,GAAGrD,CAAC,CAACmB,IAAI,CAAC,CAClC,eAAe,EACf,iBAAiB,EACjB,gBAAgB,EAChB,eAAe,CAChB,CAAC;;AAEF;AACA;AACA;;AAIA,OAAO,MAAMmC,8BAA8B,GAAGtD,CAAC,CAACuD,KAAK,CAAC,CACpDvD,CAAC,CAACG,MAAM,CAAC;EACPqD,QAAQ,EAAExD,CAAC,CAACuD,KAAK,CAAC,CAACvD,CAAC,CAACM,MAAM,CAAC,CAAC,EAAEN,CAAC,CAACK,KAAK,CAACL,CAAC,CAACM,MAAM,CAAC,CAAC,CAAC,CAAC,CAAC,CAACG,QAAQ,CAAC,CAAC;EAC/DgD,uBAAuB,EAAEzD,CAAC,CAACsB,MAAM,CAACtB,CAAC,CAACM,MAAM,CAAC,CAAC,EAAEN,CAAC,CAAC0D,OAAO,CAAC,CAAC;AAC3D,CAAC,CAAC,EACF1D,CAAC,CAACG,MAAM,CAAC;EAAEwD,KAAK,EAAEN;AAAc,CAAC,CAAC,CACnC,CAAC"}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"names":["decode","decodeJwt","verify","verifyJwt","EntityConfiguration","EntityStatement","TrustAnchorEntityConfiguration","IoWalletError","z","getSignedEntityConfiguration","getSignedEntityStatement","token","kid","jwks","jwk","find","k","Error","protectedHeader","header","payload","FirstElementShape","MiddleElementShape","LastElementShape","union","validateTrustChain","trustAnchorEntity","chain","length","selectTokenShape","elementIndex","selectKid","currentIndex","shape","parse","selectKeys","keys","nextIndex","nextToken","Promise","all","map","i","args","renewTrustChain","appFetch","arguments","undefined","fetch","e","safeParse","_ref","es","ec","success","data","iss","sub","reject"],"sourceRoot":"../../../../src","sources":["entity/trust/chain.ts"],"mappings":"AAAA,SACEA,MAAM,IAAIC,SAAS,EACnBC,MAAM,IAAIC,SAAS,QACd,6BAA6B;AACpC,SACEC,mBAAmB,EACnBC,eAAe,EACfC,8BAA8B,QACzB,SAAS;AAEhB,SAASC,aAAa,QAAQ,oBAAoB;AAClD,OAAO,KAAKC,CAAC,MAAM,KAAK;AACxB,SAASC,4BAA4B,EAAEC,wBAAwB,QAAQ,GAAG;AAO1E;AACA;AACA,MAAMR,MAAM,GAAG,MAAAA,CACbS,KAAa,EACbC,GAAW,EACXC,IAAW,KACc;EACzB,MAAMC,GAAG,GAAGD,IAAI,CAACE,IAAI,CAAEC,CAAC,IAAKA,CAAC,CAACJ,GAAG,KAAKA,GAAG,CAAC;EAC3C,IAAI,CAACE,GAAG,EAAE;IACR,MAAM,IAAIG,KAAK,CAAE,gBAAeL,GAAI,YAAWD,KAAM,EAAC,CAAC;EACzD;EACA,MAAM;IAAEO,eAAe,EAAEC,MAAM;IAAEC;EAAQ,CAAC,GAAG,MAAMjB,SAAS,CAACQ,KAAK,EAAEG,GAAG,CAAC;EACxE,OAAO;IAAEK,MAAM;IAAEC;EAAQ,CAAC;AAC5B,CAAC;AAED,MAAMpB,MAAM,GAAIW,KAAa,IAAK;EAChC,MAAM;IAAEO,eAAe,EAAEC,MAAM;IAAEC;EAAQ,CAAC,GAAGnB,SAAS,CAACU,KAAK,CAAC;EAC7D,OAAO;IAAEQ,MAAM;IAAEC;EAAQ,CAAC;AAC5B,CAAC;;AAED;AACA,MAAMC,iBAAiB,GAAGjB,mBAAmB;AAC7C;AACA,MAAMkB,kBAAkB,GAAGjB,eAAe;AAC1C;AACA;AACA,MAAMkB,gBAAgB,GAAGf,CAAC,CAACgB,KAAK,CAAC,CAC/BnB,eAAe,EACfC,8BAA8B,CAC/B,CAAC;;AAEF;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,OAAO,eAAemB,kBAAkBA,CACtCC,iBAAiD,EACjDC,KAAe,EACS;EACxB;EACA,IAAIA,KAAK,CAACC,MAAM,KAAK,CAAC,EAAE;IACtB,MAAM,IAAIrB,aAAa,CAAC,iCAAiC,CAAC;EAC5D;;EAEA;EACA,MAAMsB,gBAAgB,GAAIC,YAAoB,IAC5CA,YAAY,KAAK,CAAC,GACdT,iBAAiB,GACjBS,YAAY,KAAKH,KAAK,CAACC,MAAM,GAAG,CAAC,
|
|
1
|
+
{"version":3,"names":["decode","decodeJwt","verify","verifyJwt","EntityConfiguration","EntityStatement","TrustAnchorEntityConfiguration","IoWalletError","z","getSignedEntityConfiguration","getSignedEntityStatement","token","kid","jwks","jwk","find","k","Error","protectedHeader","header","payload","FirstElementShape","MiddleElementShape","LastElementShape","union","validateTrustChain","trustAnchorEntity","chain","length","selectTokenShape","elementIndex","selectKid","currentIndex","shape","parse","selectKeys","keys","nextIndex","nextToken","Promise","all","map","i","args","renewTrustChain","appFetch","arguments","undefined","fetch","e","safeParse","_ref","es","ec","success","data","iss","sub","reject"],"sourceRoot":"../../../../src","sources":["entity/trust/chain.ts"],"mappings":"AAAA,SACEA,MAAM,IAAIC,SAAS,EACnBC,MAAM,IAAIC,SAAS,QACd,6BAA6B;AACpC,SACEC,mBAAmB,EACnBC,eAAe,EACfC,8BAA8B,QACzB,SAAS;AAEhB,SAASC,aAAa,QAAQ,oBAAoB;AAClD,OAAO,KAAKC,CAAC,MAAM,KAAK;AACxB,SAASC,4BAA4B,EAAEC,wBAAwB,QAAQ,GAAG;AAO1E;AACA;AACA,MAAMR,MAAM,GAAG,MAAAA,CACbS,KAAa,EACbC,GAAW,EACXC,IAAW,KACc;EACzB,MAAMC,GAAG,GAAGD,IAAI,CAACE,IAAI,CAAEC,CAAC,IAAKA,CAAC,CAACJ,GAAG,KAAKA,GAAG,CAAC;EAC3C,IAAI,CAACE,GAAG,EAAE;IACR,MAAM,IAAIG,KAAK,CAAE,gBAAeL,GAAI,YAAWD,KAAM,EAAC,CAAC;EACzD;EACA,MAAM;IAAEO,eAAe,EAAEC,MAAM;IAAEC;EAAQ,CAAC,GAAG,MAAMjB,SAAS,CAACQ,KAAK,EAAEG,GAAG,CAAC;EACxE,OAAO;IAAEK,MAAM;IAAEC;EAAQ,CAAC;AAC5B,CAAC;AAED,MAAMpB,MAAM,GAAIW,KAAa,IAAK;EAChC,MAAM;IAAEO,eAAe,EAAEC,MAAM;IAAEC;EAAQ,CAAC,GAAGnB,SAAS,CAACU,KAAK,CAAC;EAC7D,OAAO;IAAEQ,MAAM;IAAEC;EAAQ,CAAC;AAC5B,CAAC;;AAED;AACA,MAAMC,iBAAiB,GAAGjB,mBAAmB;AAC7C;AACA,MAAMkB,kBAAkB,GAAGjB,eAAe;AAC1C;AACA;AACA,MAAMkB,gBAAgB,GAAGf,CAAC,CAACgB,KAAK,CAAC,CAC/BnB,eAAe,EACfC,8BAA8B,CAC/B,CAAC;;AAEF;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,OAAO,eAAemB,kBAAkBA,CACtCC,iBAAiD,EACjDC,KAAe,EACS;EACxB;EACA,IAAIA,KAAK,CAACC,MAAM,KAAK,CAAC,EAAE;IACtB,MAAM,IAAIrB,aAAa,CAAC,iCAAiC,CAAC;EAC5D;;EAEA;EACA,MAAMsB,gBAAgB,GAAIC,YAAoB,IAC5CA,YAAY,KAAK,CAAC,GACdT,iBAAiB,GACjBS,YAAY,KAAKH,KAAK,CAACC,MAAM,GAAG,CAAC,GAC/BL,gBAAgB,GAChBD,kBAAkB;;EAE1B;EACA,MAAMS,SAAS,GAAIC,YAAoB,IAAa;IAClD,MAAMrB,KAAK,GAAGgB,KAAK,CAACK,YAAY,CAAC;IACjC,IAAI,CAACrB,KAAK,EAAE;MACV,MAAM,IAAIJ,aAAa,CAAE,gCAA+B,CAAC;IAC3D;IACA,MAAM0B,KAAK,GAAGJ,gBAAgB,CAACG,YAAY,CAAC;IAC5C,OAAOC,KAAK,CAACC,KAAK,CAAClC,MAAM,CAACW,KAAK,CAAC,CAAC,CAACQ,MAAM,CAACP,GAAG;EAC9C,CAAC;;EAED;EACA;EACA,MAAMuB,UAAU,GAAIH,YAAoB,IAAY;IAClD,IAAIA,YAAY,KAAKL,KAAK,CAACC,MAAM,GAAG,CAAC,EAAE;MACrC,OAAOF,iBAAiB,CAACN,OAAO,CAACP,IAAI,CAACuB,IAAI;IAC5C;IAEA,MAAMC,SAAS,GAAGL,YAAY,GAAG,CAAC;IAClC,MAAMM,SAAS,GAAGX,KAAK,CAACU,SAAS,CAAC;IAClC,IAAI,CAACC,SAAS,EAAE;MACd,MAAM,IAAI/B,aAAa,CAAE,qCAAoC,CAAC;IAChE;IACA,MAAM0B,KAAK,GAAGJ,gBAAgB,CAACQ,SAAS,CAAC;IACzC,OAAOJ,KAAK,CAACC,KAAK,CAAClC,MAAM,CAACsC,SAAS,CAAC,CAAC,CAAClB,OAAO,CAACP,IAAI,CAACuB,IAAI;EACzD,CAAC;;EAED;EACA;EACA,OAAOG,OAAO,CAACC,GAAG,CAChBb,KAAK,CACFc,GAAG,CAAC,CAAC9B,KAAK,EAAE+B,CAAC,KAAK,CAAC/B,KAAK,EAAEoB,SAAS,CAACW,CAAC,CAAC,EAAEP,UAAU,CAACO,CAAC,CAAC,CAAU,CAAC,CAChED,GAAG,CAAEE,IAAI,IAAKzC,MAAM,CAAC,GAAGyC,IAAI,CAAC,CAClC,CAAC;AACH;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,OAAO,SAASC,eAAeA,CAC7BjB,KAAe,EAEf;EAAA,IADAkB,QAA8B,GAAAC,SAAA,CAAAlB,MAAA,QAAAkB,SAAA,QAAAC,SAAA,GAAAD,SAAA,MAAGE,KAAK;EAEtC,OAAOT,OAAO,CAACC,GAAG,CAChBb;EACE;EAAA,CACCc,GAAG,CAACzC,MAAM,CAAC,CACXyC,GAAG,CACDQ,CAAC,IACA,CACE5C,eAAe,CAAC6C,SAAS,CAACD,CAAC,CAAC,EAC5B7C,mBAAmB,CAAC8C,SAAS,CAACD,CAAC,CAAC,CAEtC;EACA;EAAA,CACCR,GAAG,CAAC,CAAAU,IAAA,EAAWT,CAAC;IAAA,IAAX,CAACU,EAAE,EAAEC,EAAE,CAAC,GAAAF,IAAA;IAAA,OACZE,EAAE,CAACC,OAAO,GACN7C,4BAA4B,CAAC4C,EAAE,CAACE,IAAI,CAACnC,OAAO,CAACoC,GAAG,EAAE;MAAEX;IAAS,CAAC,CAAC,GAC/DO,EAAE,CAACE,OAAO,GACR5C,wBAAwB,CACtB0C,EAAE,CAACG,IAAI,CAACnC,OAAO,CAACoC,GAAG,EACnBJ,EAAE,CAACG,IAAI,CAACnC,OAAO,CAACqC,GAAG,EACnB;MACEZ;IACF,CACF,CAAC;IACD;IACAN,OAAO,CAACmB,MAAM,CACZ,IAAInD,aAAa,CACd,iDAAgDmC,CAAE,uBACrD,CACF,CAAC;EAAA,CACT,CACJ,CAAC;AACH"}
|
package/lib/module/mdoc/index.js
CHANGED
|
@@ -1,21 +1,52 @@
|
|
|
1
|
-
import { CBOR } from "@pagopa/io-react-native-cbor";
|
|
2
|
-
|
|
1
|
+
import { CBOR, COSE, ISO18013 } from "@pagopa/io-react-native-cbor";
|
|
2
|
+
import { b64utob64 } from "jsrsasign";
|
|
3
|
+
import { convertCertToPem, getSigningJwk, parsePublicKey } from "../utils/crypto";
|
|
4
|
+
import { base64ToBase64Url } from "../utils/string";
|
|
5
|
+
export const verify = async (token, _) => {
|
|
6
|
+
var _issuerSigned$issuerA;
|
|
3
7
|
// get decoded data
|
|
4
|
-
const
|
|
5
|
-
if (!
|
|
8
|
+
const issuerSigned = await CBOR.decodeIssuerSigned(token);
|
|
9
|
+
if (!issuerSigned) {
|
|
6
10
|
throw new Error("Invalid mDoc");
|
|
7
11
|
}
|
|
8
|
-
const
|
|
9
|
-
if (!
|
|
10
|
-
|
|
11
|
-
|
|
12
|
-
|
|
13
|
-
|
|
12
|
+
const cert = (_issuerSigned$issuerA = issuerSigned.issuerAuth.unprotectedHeader[0]) === null || _issuerSigned$issuerA === void 0 ? void 0 : _issuerSigned$issuerA.keyId;
|
|
13
|
+
if (!cert) throw new Error("Certificate not present in credential");
|
|
14
|
+
const pemcert = convertCertToPem(b64utob64(cert));
|
|
15
|
+
const publickey = parsePublicKey(pemcert);
|
|
16
|
+
if (!publickey) throw new Error("Certificate not present in credential");
|
|
17
|
+
const jwk = getSigningJwk(publickey);
|
|
18
|
+
jwk.x = b64utob64(jwk.x);
|
|
19
|
+
jwk.y = b64utob64(jwk.y);
|
|
20
|
+
const signatureCorrect = await COSE.verify(b64utob64(issuerSigned.issuerAuth.rawValue), jwk).catch(() => false);
|
|
21
|
+
if (!signatureCorrect) throw new Error("Invalid mDoc signature");
|
|
22
|
+
return {
|
|
23
|
+
issuerSigned
|
|
24
|
+
};
|
|
25
|
+
};
|
|
26
|
+
export const prepareVpTokenMdoc = async (requestNonce, generatedNonce, clientId, responseUri, docType, keyTag, _ref) => {
|
|
27
|
+
let [verifiableCredential, requestedClaims, _] = _ref;
|
|
28
|
+
/* verifiableCredential is a IssuerSigned structure */
|
|
29
|
+
const documents = [{
|
|
30
|
+
issuerSignedContent: verifiableCredential,
|
|
31
|
+
alias: keyTag,
|
|
32
|
+
docType
|
|
33
|
+
}];
|
|
14
34
|
|
|
15
|
-
|
|
35
|
+
/* we map each requested claim as for ex. { "org.iso.18013.5.1.mDL" { <claim-name>: true, ... }} for selective disclosure */
|
|
36
|
+
const fieldRequestedAndAccepted = JSON.stringify({
|
|
37
|
+
[docType]: requestedClaims.reduce((acc, item) => {
|
|
38
|
+
return {
|
|
39
|
+
...acc,
|
|
40
|
+
[item]: true
|
|
41
|
+
};
|
|
42
|
+
}, {})
|
|
43
|
+
});
|
|
16
44
|
|
|
45
|
+
/* clientId,responseUri,requestNonce are retrieved by Auth Request Object */
|
|
46
|
+
/* create DeviceResponse as { documents: { docType, issuerSigned, deviceSigned }, version, status } */
|
|
47
|
+
const vp_token = await ISO18013.generateOID4VPDeviceResponse(clientId, responseUri, requestNonce, generatedNonce, documents, fieldRequestedAndAccepted);
|
|
17
48
|
return {
|
|
18
|
-
|
|
49
|
+
vp_token: base64ToBase64Url(vp_token)
|
|
19
50
|
};
|
|
20
51
|
};
|
|
21
52
|
//# sourceMappingURL=index.js.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"names":["CBOR","verify","token","
|
|
1
|
+
{"version":3,"names":["CBOR","COSE","ISO18013","b64utob64","convertCertToPem","getSigningJwk","parsePublicKey","base64ToBase64Url","verify","token","_","_issuerSigned$issuerA","issuerSigned","decodeIssuerSigned","Error","cert","issuerAuth","unprotectedHeader","keyId","pemcert","publickey","jwk","x","y","signatureCorrect","rawValue","catch","prepareVpTokenMdoc","requestNonce","generatedNonce","clientId","responseUri","docType","keyTag","_ref","verifiableCredential","requestedClaims","documents","issuerSignedContent","alias","fieldRequestedAndAccepted","JSON","stringify","reduce","acc","item","vp_token","generateOID4VPDeviceResponse"],"sourceRoot":"../../../src","sources":["mdoc/index.ts"],"mappings":"AAAA,SAASA,IAAI,EAAEC,IAAI,EAAEC,QAAQ,QAAQ,8BAA8B;AAGnE,SAASC,SAAS,QAAQ,WAAW;AACrC,SACEC,gBAAgB,EAChBC,aAAa,EACbC,cAAc,QACT,iBAAiB;AAExB,SAASC,iBAAiB,QAAQ,iBAAiB;AAEnD,OAAO,MAAMC,MAAM,GAAG,MAAAA,CACpBC,KAAa,EACbC,CAAc,KACmC;EAAA,IAAAC,qBAAA;EACjD;EACA,MAAMC,YAAY,GAAG,MAAMZ,IAAI,CAACa,kBAAkB,CAACJ,KAAK,CAAC;EACzD,IAAI,CAACG,YAAY,EAAE;IACjB,MAAM,IAAIE,KAAK,CAAC,cAAc,CAAC;EACjC;EAEA,MAAMC,IAAI,IAAAJ,qBAAA,GAAGC,YAAY,CAACI,UAAU,CAACC,iBAAiB,CAAC,CAAC,CAAC,cAAAN,qBAAA,uBAA5CA,qBAAA,CAA8CO,KAAK;EAChE,IAAI,CAACH,IAAI,EAAE,MAAM,IAAID,KAAK,CAAC,uCAAuC,CAAC;EAEnE,MAAMK,OAAO,GAAGf,gBAAgB,CAACD,SAAS,CAACY,IAAI,CAAC,CAAC;EACjD,MAAMK,SAAS,GAAGd,cAAc,CAACa,OAAO,CAAC;EACzC,IAAI,CAACC,SAAS,EAAE,MAAM,IAAIN,KAAK,CAAC,uCAAuC,CAAC;EAExE,MAAMO,GAAG,GAAGhB,aAAa,CAACe,SAAS,CAAC;EAEpCC,GAAG,CAACC,CAAC,GAAGnB,SAAS,CAACkB,GAAG,CAACC,CAAE,CAAC;EACzBD,GAAG,CAACE,CAAC,GAAGpB,SAAS,CAACkB,GAAG,CAACE,CAAE,CAAC;EAEzB,MAAMC,gBAAgB,GAAG,MAAMvB,IAAI,CAACO,MAAM,CACxCL,SAAS,CAACS,YAAY,CAACI,UAAU,CAACS,QAAS,CAAC,EAC5CJ,GACF,CAAC,CAACK,KAAK,CAAC,MAAM,KAAK,CAAC;EACpB,IAAI,CAACF,gBAAgB,EAAE,MAAM,IAAIV,KAAK,CAAC,wBAAwB,CAAC;EAEhE,OAAO;IAAEF;EAAa,CAAC;AACzB,CAAC;AAED,OAAO,MAAMe,kBAAkB,GAAG,MAAAA,CAChCC,YAAoB,EACpBC,cAAsB,EACtBC,QAAgB,EAChBC,WAAmB,EACnBC,OAAe,EACfC,MAAc,EAAAC,IAAA,KAIV;EAAA,IAHJ,CAACC,oBAAoB,EAAEC,eAAe,EAAE1B,CAAC,CAAe,GAAAwB,IAAA;EAIxD;EACA,MAAMG,SAAS,GAAG,CAChB;IACEC,mBAAmB,EAAEH,oBAAoB;IACzCI,KAAK,EAAEN,MAAM;IACbD;EACF,CAAC,CACF;;EAED;EACA,MAAMQ,yBAAyB,GAAGC,IAAI,CAACC,SAAS,CAAC;IAC/C,CAACV,OAAO,GAAGI,eAAe,CAACO,MAAM,CAAC,CAACC,GAAG,EAAEC,IAAI,KAAK;MAC/C,OAAO;QAAE,GAAGD,GAAG;QAAE,CAACC,IAAI,GAAG;MAAK,CAAC;IACjC,CAAC,EAAE,CAAC,CAAC;EACP,CAAC,CAAC;;EAEF;EACA;EACA,MAAMC,QAAQ,GAAG,MAAM5C,QAAQ,CAAC6C,4BAA4B,CAC1DjB,QAAQ,EACRC,WAAW,EACXH,YAAY,EACZC,cAAc,EACdQ,SAAS,EACTG,yBACF,CAAC;EAED,OAAO;IACLM,QAAQ,EAAEvC,iBAAiB,CAACuC,QAAQ;EACtC,CAAC;AACH,CAAC"}
|
|
@@ -1,9 +1,10 @@
|
|
|
1
1
|
import { getPublicKey, sign, generate, deleteKey } from "@pagopa/io-react-native-crypto";
|
|
2
2
|
import uuid from "react-native-uuid";
|
|
3
3
|
import { thumbprint } from "@pagopa/io-react-native-jwt";
|
|
4
|
-
import { fixBase64EncodingOnKey } from "./jwk";
|
|
5
4
|
import { X509, KEYUTIL, RSAKey, KJUR } from "jsrsasign";
|
|
6
5
|
import { JWK } from "./jwk";
|
|
6
|
+
import { removePadding } from "@pagopa/io-react-native-jwt";
|
|
7
|
+
import { Buffer } from "buffer";
|
|
7
8
|
|
|
8
9
|
/**
|
|
9
10
|
* Create a CryptoContext bound to a key pair.
|
|
@@ -20,7 +21,7 @@ export const createCryptoContextFor = keytag => {
|
|
|
20
21
|
* @returns The public key.
|
|
21
22
|
*/
|
|
22
23
|
async getPublicKey() {
|
|
23
|
-
return getPublicKey(keytag).then(
|
|
24
|
+
return getPublicKey(keytag).then(fixBase64WithLeadingZero).then(async jwk => ({
|
|
24
25
|
...jwk,
|
|
25
26
|
// Keys in the TEE are not stored with their KID, which is supposed to be assigned when they are included in JWK sets.
|
|
26
27
|
// (that is, KID is not a propoerty of the key itself, but it's property used to identify a key in a set).
|
|
@@ -41,6 +42,58 @@ export const createCryptoContextFor = keytag => {
|
|
|
41
42
|
};
|
|
42
43
|
};
|
|
43
44
|
|
|
45
|
+
/**
|
|
46
|
+
* This function takes a JSON Web Key (JWK) and returns a new JWK with its base64-url properties (x, y, e, n) processed.
|
|
47
|
+
* Each property is passed through the `removeLeadingZeroAndParseb64u` function if it exists, which fixes any unwanted leading zeros.
|
|
48
|
+
*
|
|
49
|
+
* @param key - The input JSON Web Key that may contain properties with potential leading zero issues.
|
|
50
|
+
* @returns A new JSON Web Key with the processed properties.
|
|
51
|
+
*/
|
|
52
|
+
const fixBase64WithLeadingZero = key => {
|
|
53
|
+
const {
|
|
54
|
+
x,
|
|
55
|
+
y,
|
|
56
|
+
e,
|
|
57
|
+
n,
|
|
58
|
+
...pk
|
|
59
|
+
} = key;
|
|
60
|
+
return {
|
|
61
|
+
...pk,
|
|
62
|
+
...(x ? {
|
|
63
|
+
x: removeLeadingZeroAndParseb64u(x)
|
|
64
|
+
} : {}),
|
|
65
|
+
...(y ? {
|
|
66
|
+
y: removeLeadingZeroAndParseb64u(y)
|
|
67
|
+
} : {}),
|
|
68
|
+
...(e ? {
|
|
69
|
+
e: removeLeadingZeroAndParseb64u(e)
|
|
70
|
+
} : {}),
|
|
71
|
+
...(n ? {
|
|
72
|
+
n: removeLeadingZeroAndParseb64u(n)
|
|
73
|
+
} : {})
|
|
74
|
+
};
|
|
75
|
+
};
|
|
76
|
+
|
|
77
|
+
/**
|
|
78
|
+
* This function processes a base64-encoded string to remove any unwanted leading zeros.
|
|
79
|
+
* It converts the input base64 string into a buffer, then to a hex string, checks for a leading "00",
|
|
80
|
+
* and removes it if present. The result is then converted back to a base64-url.
|
|
81
|
+
*
|
|
82
|
+
* @param input - The base64 encoded string to process.
|
|
83
|
+
* @returns A new base64-url encoded string with any leading zero removed.
|
|
84
|
+
*/
|
|
85
|
+
const removeLeadingZeroAndParseb64u = input => {
|
|
86
|
+
// Decode base64 input into a Buffer
|
|
87
|
+
const buffer = Buffer.from(input, "base64");
|
|
88
|
+
const hex = buffer.toString("hex");
|
|
89
|
+
// If the hex string starts with "00", remove the first two characters
|
|
90
|
+
const fixedHex = hex.startsWith("00") ? hex.slice(2) : hex;
|
|
91
|
+
const newBuffer = Buffer.from(fixedHex, "hex");
|
|
92
|
+
|
|
93
|
+
// removePadding convert base64 string to base64-url
|
|
94
|
+
return removePadding(newBuffer.toString("base64"));
|
|
95
|
+
};
|
|
96
|
+
|
|
44
97
|
/**
|
|
45
98
|
* Executes the input function injecting an ephemeral crypto context.
|
|
46
99
|
* An ephemeral crypto context is a context which is bound to a key
|
|
@@ -92,4 +145,16 @@ export const getSigningJwk = publicKey => ({
|
|
|
92
145
|
...JWK.parse(KEYUTIL.getJWKFromKey(publicKey)),
|
|
93
146
|
use: "sig"
|
|
94
147
|
});
|
|
148
|
+
|
|
149
|
+
/**
|
|
150
|
+
* This function takes two {@link PublicKey} and evaluates and compares their thumbprints
|
|
151
|
+
* @param key1 The first key
|
|
152
|
+
* @param key2 The second key
|
|
153
|
+
* @returns true if the keys' thumbprints are equal, false otherwise
|
|
154
|
+
*/
|
|
155
|
+
export const compareKeysByThumbprint = async (key1, key2) => {
|
|
156
|
+
//Parallel for optimization
|
|
157
|
+
const [thumbprint1, thumbprint2] = await Promise.all([thumbprint(key1), thumbprint(key2)]);
|
|
158
|
+
return thumbprint1 === thumbprint2;
|
|
159
|
+
};
|
|
95
160
|
//# sourceMappingURL=crypto.js.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"names":["getPublicKey","sign","generate","deleteKey","uuid","thumbprint","
|
|
1
|
+
{"version":3,"names":["getPublicKey","sign","generate","deleteKey","uuid","thumbprint","X509","KEYUTIL","RSAKey","KJUR","JWK","removePadding","Buffer","createCryptoContextFor","keytag","then","fixBase64WithLeadingZero","jwk","kid","getSignature","value","key","x","y","e","n","pk","removeLeadingZeroAndParseb64u","input","buffer","from","hex","toString","fixedHex","startsWith","slice","newBuffer","withEphemeralKey","fn","v4","ephemeralContext","finally","convertCertToPem","certificate","parsePublicKey","pemCert","x509","readCertPEM","publicKey","crypto","ECDSA","undefined","getSigningJwk","parse","getJWKFromKey","use","compareKeysByThumbprint","key1","key2","thumbprint1","thumbprint2","Promise","all"],"sourceRoot":"../../../src","sources":["utils/crypto.ts"],"mappings":"AAAA,SACEA,YAAY,EACZC,IAAI,EACJC,QAAQ,EACRC,SAAS,QAEJ,gCAAgC;AACvC,OAAOC,IAAI,MAAM,mBAAmB;AACpC,SAASC,UAAU,QAA4B,6BAA6B;AAC5E,SAASC,IAAI,EAAEC,OAAO,EAAEC,MAAM,EAAEC,IAAI,QAAQ,WAAW;AACvD,SAASC,GAAG,QAAQ,OAAO;AAC3B,SAASC,aAAa,QAAQ,6BAA6B;AAC3D,SAASC,MAAM,QAAQ,QAAQ;;AAE/B;AACA;AACA;AACA;AACA;AACA;AACA;AACA,OAAO,MAAMC,sBAAsB,GAAIC,MAAc,IAAoB;EACvE,OAAO;IACL;AACJ;AACA;AACA;AACA;IACI,MAAMd,YAAYA,CAAA,EAAG;MACnB,OAAOA,YAAY,CAACc,MAAM,CAAC,CACxBC,IAAI,CAACC,wBAAwB,CAAC,CAC9BD,IAAI,CAAC,MAAOE,GAAG,KAAM;QACpB,GAAGA,GAAG;QACN;QACA;QACA;QACA;QACAC,GAAG,EAAE,MAAMb,UAAU,CAACY,GAAG;MAC3B,CAAC,CAAC,CAAC;IACP,CAAC;IACD;AACJ;AACA;AACA;AACA;AACA;IACI,MAAME,YAAYA,CAACC,KAAa,EAAE;MAChC,OAAOnB,IAAI,CAACmB,KAAK,EAAEN,MAAM,CAAC;IAC5B;EACF,CAAC;AACH,CAAC;;AAED;AACA;AACA;AACA;AACA;AACA;AACA;AACA,MAAME,wBAAwB,GAAIK,GAAQ,IAAU;EAClD,MAAM;IAAEC,CAAC;IAAEC,CAAC;IAAEC,CAAC;IAAEC,CAAC;IAAE,GAAGC;EAAG,CAAC,GAAGL,GAAG;EAEjC,OAAO;IACL,GAAGK,EAAE;IACL,IAAIJ,CAAC,GAAG;MAAEA,CAAC,EAAEK,6BAA6B,CAACL,CAAC;IAAE,CAAC,GAAG,CAAC,CAAC,CAAC;IACrD,IAAIC,CAAC,GAAG;MAAEA,CAAC,EAAEI,6BAA6B,CAACJ,CAAC;IAAE,CAAC,GAAG,CAAC,CAAC,CAAC;IACrD,IAAIC,CAAC,GAAG;MAAEA,CAAC,EAAEG,6BAA6B,CAACH,CAAC;IAAE,CAAC,GAAG,CAAC,CAAC,CAAC;IACrD,IAAIC,CAAC,GAAG;MAAEA,CAAC,EAAEE,6BAA6B,CAACF,CAAC;IAAE,CAAC,GAAG,CAAC,CAAC;EACtD,CAAC;AACH,CAAC;;AAED;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,MAAME,6BAA6B,GAAIC,KAAa,IAAa;EAC/D;EACA,MAAMC,MAAM,GAAGjB,MAAM,CAACkB,IAAI,CAACF,KAAK,EAAE,QAAQ,CAAC;EAC3C,MAAMG,GAAG,GAAGF,MAAM,CAACG,QAAQ,CAAC,KAAK,CAAC;EAClC;EACA,MAAMC,QAAQ,GAAGF,GAAG,CAACG,UAAU,CAAC,IAAI,CAAC,GAAGH,GAAG,CAACI,KAAK,CAAC,CAAC,CAAC,GAAGJ,GAAG;EAC1D,MAAMK,SAAS,GAAGxB,MAAM,CAACkB,IAAI,CAACG,QAAQ,EAAE,KAAK,CAAC;;EAE9C;EACA,OAAOtB,aAAa,CAACyB,SAAS,CAACJ,QAAQ,CAAC,QAAQ,CAAC,CAAC;AACpD,CAAC;;AAED;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,OAAO,MAAMK,gBAAgB,GAAG,MAC9BC,EAAmD,IACpC;EACf;EACA,MAAMxB,MAAM,GAAI,aAAYV,IAAI,CAACmC,EAAE,CAAC,CAAE,EAAC;EACvC,MAAMrC,QAAQ,CAACY,MAAM,CAAC;EACtB,MAAM0B,gBAAgB,GAAG3B,sBAAsB,CAACC,MAAM,CAAC;EACvD,OAAOwB,EAAE,CAACE,gBAAgB,CAAC,CAACC,OAAO,CAAC,MAAMtC,SAAS,CAACW,MAAM,CAAC,CAAC;AAC9D,CAAC;;AAED;AACA;AACA;AACA;AACA;AACA;AACA,OAAO,MAAM4B,gBAAgB,GAAIC,WAAmB,IACjD,gCAA+BA,WAAY,6BAA4B;;AAE1E;AACA;AACA;AACA;AACA;AACA;AACA;AACA,OAAO,MAAMC,cAAc,GACzBC,OAAe,IAC4B;EAC3C,MAAMC,IAAI,GAAG,IAAIxC,IAAI,CAAC,CAAC;EACvBwC,IAAI,CAACC,WAAW,CAACF,OAAO,CAAC;EACzB,MAAMG,SAAS,GAAGF,IAAI,CAAC9C,YAAY,CAAC,CAAC;EAErC,IAAIgD,SAAS,YAAYxC,MAAM,IAAIwC,SAAS,YAAYvC,IAAI,CAACwC,MAAM,CAACC,KAAK,EAAE;IACzE,OAAOF,SAAS;EAClB;EAEA,OAAOG,SAAS;AAClB,CAAC;;AAED;AACA;AACA;AACA;AACA;AACA;AACA,OAAO,MAAMC,aAAa,GAAIJ,SAAqC,KAAW;EAC5E,GAAGtC,GAAG,CAAC2C,KAAK,CAAC9C,OAAO,CAAC+C,aAAa,CAACN,SAAS,CAAC,CAAC;EAC9CO,GAAG,EAAE;AACP,CAAC,CAAC;;AAEF;AACA;AACA;AACA;AACA;AACA;AACA,OAAO,MAAMC,uBAAuB,GAAG,MAAAA,CACrCC,IAAe,EACfC,IAAe,KACZ;EACH;EACA,MAAM,CAACC,WAAW,EAAEC,WAAW,CAAC,GAAG,MAAMC,OAAO,CAACC,GAAG,CAAC,CACnDzD,UAAU,CAACoD,IAAI,CAAC,EAChBpD,UAAU,CAACqD,IAAI,CAAC,CACjB,CAAC;EACF,OAAOC,WAAW,KAAKC,WAAW;AACpC,CAAC"}
|
|
@@ -42,12 +42,12 @@ export const obfuscateString = function (value) {
|
|
|
42
42
|
};
|
|
43
43
|
|
|
44
44
|
/**
|
|
45
|
-
* Converts a
|
|
45
|
+
* Converts a base64 string to a Base64 URL-encoded string.
|
|
46
46
|
*
|
|
47
|
-
* @param byteString - The input string in
|
|
47
|
+
* @param byteString - The input string in base64 format.
|
|
48
48
|
* @returns The Base64 URL-encoded string.
|
|
49
49
|
*/
|
|
50
|
-
export const base64ToBase64Url =
|
|
51
|
-
return
|
|
50
|
+
export const base64ToBase64Url = base64 => {
|
|
51
|
+
return base64.replace(/\+/g, "-").replace(/\//g, "_").replace(/[=]+$/, "");
|
|
52
52
|
};
|
|
53
53
|
//# sourceMappingURL=string.js.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"names":["obfuscateString","value","percentage","arguments","length","undefined","obfuscatedChar","safePercentage","Math","max","min","charsToObfuscate","floor","chars","split","positions","Array","from","_","i","sort","random","slice","forEach","pos","join","base64ToBase64Url","
|
|
1
|
+
{"version":3,"names":["obfuscateString","value","percentage","arguments","length","undefined","obfuscatedChar","safePercentage","Math","max","min","charsToObfuscate","floor","chars","split","positions","Array","from","_","i","sort","random","slice","forEach","pos","join","base64ToBase64Url","base64","replace"],"sourceRoot":"../../../src","sources":["utils/string.ts"],"mappings":"AAAA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,OAAO,MAAMA,eAAe,GAAG,SAAAA,CAC7BC,KAAa,EAGF;EAAA,IAFXC,UAAkB,GAAAC,SAAA,CAAAC,MAAA,QAAAD,SAAA,QAAAE,SAAA,GAAAF,SAAA,MAAG,EAAE;EAAA,IACvBG,cAAsB,GAAAH,SAAA,CAAAC,MAAA,QAAAD,SAAA,QAAAE,SAAA,GAAAF,SAAA,MAAG,GAAG;EAE5B,IAAI,CAACF,KAAK,EAAE;IACV,OAAO,EAAE;EACX;;EAEA;EACA,MAAMM,cAAc,GAAGC,IAAI,CAACC,GAAG,CAAC,CAAC,EAAED,IAAI,CAACE,GAAG,CAAC,GAAG,EAAER,UAAU,CAAC,CAAC;;EAE7D;EACA,MAAMS,gBAAgB,GAAGH,IAAI,CAACI,KAAK,CAAEX,KAAK,CAACG,MAAM,GAAGG,cAAc,GAAI,GAAG,CAAC;;EAE1E;EACA,MAAMM,KAAK,GAAGZ,KAAK,CAACa,KAAK,CAAC,EAAE,CAAC;;EAE7B;EACA,MAAMC,SAAS,GAAGC,KAAK,CAACC,IAAI,CAAC;IAAEb,MAAM,EAAEH,KAAK,CAACG;EAAO,CAAC,EAAE,CAACc,CAAC,EAAEC,CAAC,KAAKA,CAAC,CAAC,CAChEC,IAAI,CAAC,MAAMZ,IAAI,CAACa,MAAM,CAAC,CAAC,GAAG,GAAG,CAAC,CAC/BC,KAAK,CAAC,CAAC,EAAEX,gBAAgB,CAAC;;EAE7B;EACAI,SAAS,CAACQ,OAAO,CAAEC,GAAG,IAAK;IACzBX,KAAK,CAACW,GAAG,CAAC,GAAGlB,cAAc;EAC7B,CAAC,CAAC;EAEF,OAAOO,KAAK,CAACY,IAAI,CAAC,EAAE,CAAC;AACvB,CAAC;;AAED;AACA;AACA;AACA;AACA;AACA;AACA,OAAO,MAAMC,iBAAiB,GAAIC,MAAc,IAAa;EAC3D,OAAOA,MAAM,CAACC,OAAO,CAAC,KAAK,EAAE,GAAG,CAAC,CAACA,OAAO,CAAC,KAAK,EAAE,GAAG,CAAC,CAACA,OAAO,CAAC,OAAO,EAAE,EAAE,CAAC;AAC5E,CAAC"}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"06-obtain-credential.d.ts","sourceRoot":"","sources":["../../../../src/credential/issuance/06-obtain-credential.ts"],"names":[],"mappings":"AAAA,OAAO,EACL,KAAK,aAAa,EAGnB,MAAM,6BAA6B,CAAC;AACrC,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,uBAAuB,CAAC;AAC7D,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,wBAAwB,CAAC;AAC9D,OAAO,EAAoB,KAAK,GAAG,EAAE,MAAM,kBAAkB,CAAC;AAC9D,OAAO,KAAK,EAAE,sBAAsB,EAAE,MAAM,+BAA+B,CAAC;AAQ5E,OAAO,EAAE,kBAAkB,EAAE,MAAM,SAAS,CAAC;AAI7C,MAAM,MAAM,gBAAgB,GAAG,CAC7B,UAAU,EAAE,GAAG,CAAC,eAAe,CAAC,CAAC,YAAY,CAAC,EAC9C,WAAW,EAAE,GAAG,CAAC,eAAe,CAAC,CAAC,aAAa,CAAC,EAChD,QAAQ,EAAE,GAAG,CAAC,sBAAsB,CAAC,CAAC,UAAU,CAAC,EACjD,oBAAoB,EAAE,GAAG,CAAC,sBAAsB,CAAC,CAAC,sBAAsB,CAAC,EACzE,OAAO,EAAE;IACP,iBAAiB,EAAE,aAAa,CAAC;IACjC,uBAAuB,EAAE,aAAa,CAAC;IACvC,QAAQ,CAAC,EAAE,WAAW,CAAC,OAAO,CAAC,CAAC;CACjC,KACE,OAAO,CAAC,kBAAkB,CAAC,CAAC;AAEjC,eAAO,MAAM,gBAAgB,UACpB,MAAM,UACL,MAAM,YACJ,MAAM,OACX,aAAa,KACjB,QAAQ,MAAM,CAehB,CAAC;AAEF;;;;;;;;;;;;;;;GAeG;AACH,eAAO,MAAM,gBAAgB,EAAE,
|
|
1
|
+
{"version":3,"file":"06-obtain-credential.d.ts","sourceRoot":"","sources":["../../../../src/credential/issuance/06-obtain-credential.ts"],"names":[],"mappings":"AAAA,OAAO,EACL,KAAK,aAAa,EAGnB,MAAM,6BAA6B,CAAC;AACrC,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,uBAAuB,CAAC;AAC7D,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,wBAAwB,CAAC;AAC9D,OAAO,EAAoB,KAAK,GAAG,EAAE,MAAM,kBAAkB,CAAC;AAC9D,OAAO,KAAK,EAAE,sBAAsB,EAAE,MAAM,+BAA+B,CAAC;AAQ5E,OAAO,EAAE,kBAAkB,EAAE,MAAM,SAAS,CAAC;AAI7C,MAAM,MAAM,gBAAgB,GAAG,CAC7B,UAAU,EAAE,GAAG,CAAC,eAAe,CAAC,CAAC,YAAY,CAAC,EAC9C,WAAW,EAAE,GAAG,CAAC,eAAe,CAAC,CAAC,aAAa,CAAC,EAChD,QAAQ,EAAE,GAAG,CAAC,sBAAsB,CAAC,CAAC,UAAU,CAAC,EACjD,oBAAoB,EAAE,GAAG,CAAC,sBAAsB,CAAC,CAAC,sBAAsB,CAAC,EACzE,OAAO,EAAE;IACP,iBAAiB,EAAE,aAAa,CAAC;IACjC,uBAAuB,EAAE,aAAa,CAAC;IACvC,QAAQ,CAAC,EAAE,WAAW,CAAC,OAAO,CAAC,CAAC;CACjC,KACE,OAAO,CAAC,kBAAkB,CAAC,CAAC;AAEjC,eAAO,MAAM,gBAAgB,UACpB,MAAM,UACL,MAAM,YACJ,MAAM,OACX,aAAa,KACjB,QAAQ,MAAM,CAehB,CAAC;AAEF;;;;;;;;;;;;;;;GAeG;AACH,eAAO,MAAM,gBAAgB,EAAE,gBAyG9B,CAAC"}
|
|
@@ -2,7 +2,7 @@ import type { CryptoContext } from "@pagopa/io-react-native-jwt";
|
|
|
2
2
|
import type { Out } from "../../utils/misc";
|
|
3
3
|
import type { GetIssuerConfig } from "./02-get-issuer-config";
|
|
4
4
|
import type { ObtainCredential } from "./06-obtain-credential";
|
|
5
|
-
export type VerifyAndParseCredential = (issuerConf: Out<GetIssuerConfig>["issuerConf"], credential: Out<ObtainCredential>["credential"], format: Out<ObtainCredential>["format"], context: {
|
|
5
|
+
export type VerifyAndParseCredential = (issuerConf: Out<GetIssuerConfig>["issuerConf"], credential: Out<ObtainCredential>["credential"], format: Out<ObtainCredential>["format"], credentialType: string, context: {
|
|
6
6
|
credentialCryptoContext: CryptoContext;
|
|
7
7
|
/**
|
|
8
8
|
* Do not throw an error when an attribute is not found within disclosures.
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"07-verify-and-parse-credential.d.ts","sourceRoot":"","sources":["../../../../src/credential/issuance/07-verify-and-parse-credential.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,aAAa,EAAE,MAAM,6BAA6B,CAAC;AAEjE,OAAO,KAAK,EAAE,GAAG,EAAE,MAAM,kBAAkB,CAAC;AAC5C,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,wBAAwB,CAAC;AAO9D,OAAO,KAAK,EAAE,gBAAgB,EAAE,MAAM,wBAAwB,CAAC;AAO/D,MAAM,MAAM,wBAAwB,GAAG,CACrC,UAAU,EAAE,GAAG,CAAC,eAAe,CAAC,CAAC,YAAY,CAAC,EAC9C,UAAU,EAAE,GAAG,CAAC,gBAAgB,CAAC,CAAC,YAAY,CAAC,EAC/C,MAAM,EAAE,GAAG,CAAC,gBAAgB,CAAC,CAAC,QAAQ,CAAC,EACvC,OAAO,EAAE;IACP,uBAAuB,EAAE,aAAa,CAAC;IACvC;;OAEG;IACH,uBAAuB,CAAC,EAAE,OAAO,CAAC;IAClC;;OAEG;IACH,0BAA0B,CAAC,EAAE,OAAO,CAAC;CACtC,KACE,OAAO,CAAC;IACX,gBAAgB,EAAE,gBAAgB,CAAC;IACnC,UAAU,EAAE,IAAI,CAAC;IACjB,QAAQ,EAAE,IAAI,GAAG,SAAS,CAAC;CAC5B,CAAC,CAAC;AAGH,KAAK,gBAAgB,GAAG,MAAM;AAC5B,oBAAoB;AACpB,MAAM,EACN;IACE,2CAA2C;IAC3C,IAAI,EACA,yBAAyB,CAAC,MAAM,CAC9B,MAAM,EACN,MAAM,CACP,GACD,4BAA4B,CAAC,MAAM,GACnC,SAAS,CAAC;IACd,wCAAwC;IACxC,KAAK,EAAE,OAAO,CAAC;CAChB,CACF,CAAC;
|
|
1
|
+
{"version":3,"file":"07-verify-and-parse-credential.d.ts","sourceRoot":"","sources":["../../../../src/credential/issuance/07-verify-and-parse-credential.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,aAAa,EAAE,MAAM,6BAA6B,CAAC;AAEjE,OAAO,KAAK,EAAE,GAAG,EAAE,MAAM,kBAAkB,CAAC;AAC5C,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,wBAAwB,CAAC;AAO9D,OAAO,KAAK,EAAE,gBAAgB,EAAE,MAAM,wBAAwB,CAAC;AAO/D,MAAM,MAAM,wBAAwB,GAAG,CACrC,UAAU,EAAE,GAAG,CAAC,eAAe,CAAC,CAAC,YAAY,CAAC,EAC9C,UAAU,EAAE,GAAG,CAAC,gBAAgB,CAAC,CAAC,YAAY,CAAC,EAC/C,MAAM,EAAE,GAAG,CAAC,gBAAgB,CAAC,CAAC,QAAQ,CAAC,EACvC,cAAc,EAAE,MAAM,EACtB,OAAO,EAAE;IACP,uBAAuB,EAAE,aAAa,CAAC;IACvC;;OAEG;IACH,uBAAuB,CAAC,EAAE,OAAO,CAAC;IAClC;;OAEG;IACH,0BAA0B,CAAC,EAAE,OAAO,CAAC;CACtC,KACE,OAAO,CAAC;IACX,gBAAgB,EAAE,gBAAgB,CAAC;IACnC,UAAU,EAAE,IAAI,CAAC;IACjB,QAAQ,EAAE,IAAI,GAAG,SAAS,CAAC;CAC5B,CAAC,CAAC;AAGH,KAAK,gBAAgB,GAAG,MAAM;AAC5B,oBAAoB;AACpB,MAAM,EACN;IACE,2CAA2C;IAC3C,IAAI,EACA,yBAAyB,CAAC,MAAM,CAC9B,MAAM,EACN,MAAM,CACP,GACD,4BAA4B,CAAC,MAAM,GACnC,SAAS,CAAC;IACd,wCAAwC;IACxC,KAAK,EAAE,OAAO,CAAC;CAChB,CACF,CAAC;AA4XF;;;;;;;;;;;;GAYG;AACH,eAAO,MAAM,wBAAwB,EAAE,wBA2BtC,CAAC"}
|
|
@@ -1,11 +1,17 @@
|
|
|
1
1
|
import { InputDescriptor, type RemotePresentation } from "./types";
|
|
2
2
|
import { SdJwt4VC, type DisclosureWithEncoded } from "../../sd-jwt/types";
|
|
3
|
+
import { CBOR } from "@pagopa/io-react-native-cbor";
|
|
3
4
|
type EvaluatedDisclosures = {
|
|
4
|
-
requiredDisclosures:
|
|
5
|
-
optionalDisclosures:
|
|
6
|
-
|
|
5
|
+
requiredDisclosures: EvaluatedDisclosure[];
|
|
6
|
+
optionalDisclosures: EvaluatedDisclosure[];
|
|
7
|
+
};
|
|
8
|
+
export type EvaluatedDisclosure = {
|
|
9
|
+
namespace?: string;
|
|
10
|
+
name: string;
|
|
11
|
+
value: unknown;
|
|
7
12
|
};
|
|
8
13
|
type EvaluateInputDescriptorSdJwt4VC = (inputDescriptor: InputDescriptor, payloadCredential: SdJwt4VC["payload"], disclosures: DisclosureWithEncoded[]) => EvaluatedDisclosures;
|
|
14
|
+
type EvaluateInputDescriptorMdoc = (inputDescriptor: InputDescriptor, issuerSigned: CBOR.IssuerSigned) => EvaluatedDisclosures;
|
|
9
15
|
export type EvaluateInputDescriptors = (descriptors: InputDescriptor[], credentialsSdJwt: [string, string][], credentialsMdoc: [string, string][]) => Promise<{
|
|
10
16
|
evaluatedDisclosure: EvaluatedDisclosures;
|
|
11
17
|
inputDescriptor: InputDescriptor;
|
|
@@ -17,7 +23,34 @@ export type PrepareRemotePresentations = (credentialAndDescriptors: {
|
|
|
17
23
|
inputDescriptor: InputDescriptor;
|
|
18
24
|
credential: string;
|
|
19
25
|
keyTag: string;
|
|
20
|
-
}[],
|
|
26
|
+
}[], authRequestObject: {
|
|
27
|
+
nonce: string;
|
|
28
|
+
clientId: string;
|
|
29
|
+
responseUri: string;
|
|
30
|
+
}) => Promise<RemotePresentation>;
|
|
31
|
+
export declare const disclosureWithEncodedToEvaluatedDisclosure: (disclosure: DisclosureWithEncoded) => EvaluatedDisclosure;
|
|
32
|
+
type DecodedCredentialMdoc = {
|
|
33
|
+
keyTag: string;
|
|
34
|
+
credential: string;
|
|
35
|
+
issuerSigned: CBOR.IssuerSigned;
|
|
36
|
+
};
|
|
37
|
+
type DecodedCredentialSdJwt = {
|
|
38
|
+
keyTag: string;
|
|
39
|
+
credential: string;
|
|
40
|
+
sdJwt: SdJwt4VC;
|
|
41
|
+
disclosures: DisclosureWithEncoded[];
|
|
42
|
+
};
|
|
43
|
+
/**
|
|
44
|
+
* Evaluates the input descriptor for an mDoc by verifying that the issuerSigned claims meet
|
|
45
|
+
* the constraints defined in the input descriptor. It categorizes disclosures as either required
|
|
46
|
+
* or optional based on the field definitions.
|
|
47
|
+
*
|
|
48
|
+
* @param inputDescriptor - Contains constraints and field definitions specifying required/optional claims.
|
|
49
|
+
* @param issuerSigned - Contains the issuerSigned with namespaces and their associated claims.
|
|
50
|
+
* @returns An object with two arrays: one for required disclosures and one for optional disclosures.
|
|
51
|
+
* @throws MissingDataError - If a required field is missing or if a claim fails JSON Schema validation.
|
|
52
|
+
*/
|
|
53
|
+
export declare const evaluateInputDescriptorForMdoc: EvaluateInputDescriptorMdoc;
|
|
21
54
|
/**
|
|
22
55
|
* Evaluates an InputDescriptor for an SD-JWT-based verifiable credential.
|
|
23
56
|
*
|
|
@@ -26,23 +59,15 @@ export type PrepareRemotePresentations = (credentialAndDescriptors: {
|
|
|
26
59
|
* - Validates whether required fields are present (unless marked optional)
|
|
27
60
|
* and match any specified JSONPath.
|
|
28
61
|
* - If a field includes a JSON Schema filter, validates the claim value against that schema.
|
|
29
|
-
* - Enforces `limit_disclosure` rules by returning only disclosures, required and optional, matching the specified fields
|
|
30
|
-
* if set to "required". Otherwise also return the array unrequestedDisclosures with disclosures which can be passed for a particular use case.
|
|
31
62
|
* - Throws an error if a required field is invalid or missing.
|
|
32
63
|
*
|
|
33
64
|
* @param inputDescriptor - Describes constraints (fields, filters, etc.) that must be satisfied.
|
|
34
65
|
* @param payloadCredential - The credential payload to check against.
|
|
35
66
|
* @param disclosures - An array of DisclosureWithEncoded objects representing selective disclosures.
|
|
36
|
-
* @returns
|
|
67
|
+
* @returns An object with two arrays: one for required disclosures and one for optional disclosures.
|
|
37
68
|
* @throws Will throw an error if any required constraint fails or if JSONPath lookups are invalid.
|
|
38
69
|
*/
|
|
39
70
|
export declare const evaluateInputDescriptorForSdJwt4VC: EvaluateInputDescriptorSdJwt4VC;
|
|
40
|
-
type DecodedCredentialSdJwt = {
|
|
41
|
-
keyTag: string;
|
|
42
|
-
credential: string;
|
|
43
|
-
sdJwt: SdJwt4VC;
|
|
44
|
-
disclosures: DisclosureWithEncoded[];
|
|
45
|
-
};
|
|
46
71
|
/**
|
|
47
72
|
* Finds the first credential that satisfies the input descriptor constraints.
|
|
48
73
|
* @param inputDescriptor The input descriptor to evaluate.
|
|
@@ -54,6 +79,17 @@ export declare const findCredentialSdJwt: (inputDescriptor: InputDescriptor, dec
|
|
|
54
79
|
matchedKeyTag: string;
|
|
55
80
|
matchedCredential: string;
|
|
56
81
|
};
|
|
82
|
+
/**
|
|
83
|
+
* Finds the first credential that satisfies the input descriptor constraints.
|
|
84
|
+
* @param inputDescriptor The input descriptor to evaluate.
|
|
85
|
+
* @param decodedMdocCredentials An array of decoded MDOC credentials.
|
|
86
|
+
* @returns An object containing the matched evaluation, keyTag, and credential.
|
|
87
|
+
*/
|
|
88
|
+
export declare const findCredentialMDoc: (inputDescriptor: InputDescriptor, decodedMDocCredentials: DecodedCredentialMdoc[]) => {
|
|
89
|
+
matchedEvaluation: EvaluatedDisclosures;
|
|
90
|
+
matchedKeyTag: string;
|
|
91
|
+
matchedCredential: string;
|
|
92
|
+
};
|
|
57
93
|
/**
|
|
58
94
|
* Evaluates multiple input descriptors against provided SD-JWT and MDOC credentials.
|
|
59
95
|
*
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"07-evaluate-input-descriptor.d.ts","sourceRoot":"","sources":["../../../../src/credential/presentation/07-evaluate-input-descriptor.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,eAAe,EAAE,KAAK,kBAAkB,EAAE,MAAM,SAAS,CAAC;AAEnE,OAAO,EAAE,QAAQ,EAAE,KAAK,qBAAqB,EAAE,MAAM,oBAAoB,CAAC;
|
|
1
|
+
{"version":3,"file":"07-evaluate-input-descriptor.d.ts","sourceRoot":"","sources":["../../../../src/credential/presentation/07-evaluate-input-descriptor.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,eAAe,EAAE,KAAK,kBAAkB,EAAE,MAAM,SAAS,CAAC;AAEnE,OAAO,EAAE,QAAQ,EAAE,KAAK,qBAAqB,EAAE,MAAM,oBAAoB,CAAC;AAK1E,OAAO,EAAE,IAAI,EAAE,MAAM,8BAA8B,CAAC;AAMpD,KAAK,oBAAoB,GAAG;IAC1B,mBAAmB,EAAE,mBAAmB,EAAE,CAAC;IAC3C,mBAAmB,EAAE,mBAAmB,EAAE,CAAC;CAC5C,CAAC;AAEF,MAAM,MAAM,mBAAmB,GAAG;IAChC,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,IAAI,EAAE,MAAM,CAAC;IACb,KAAK,EAAE,OAAO,CAAC;CAChB,CAAC;AAEF,KAAK,+BAA+B,GAAG,CACrC,eAAe,EAAE,eAAe,EAChC,iBAAiB,EAAE,QAAQ,CAAC,SAAS,CAAC,EACtC,WAAW,EAAE,qBAAqB,EAAE,KACjC,oBAAoB,CAAC;AAE1B,KAAK,2BAA2B,GAAG,CACjC,eAAe,EAAE,eAAe,EAChC,YAAY,EAAE,IAAI,CAAC,YAAY,KAC5B,oBAAoB,CAAC;AAE1B,MAAM,MAAM,wBAAwB,GAAG,CACrC,WAAW,EAAE,eAAe,EAAE,EAC9B,gBAAgB,EAAE,CAAC,MAAM,EAAe,MAAM,CAAkB,EAAE,EAClE,eAAe,EAAE,CAAC,MAAM,EAAe,MAAM,CAAkB,EAAE,KAC9D,OAAO,CACV;IACE,mBAAmB,EAAE,oBAAoB,CAAC;IAC1C,eAAe,EAAE,eAAe,CAAC;IACjC,UAAU,EAAE,MAAM,CAAC;IACnB,MAAM,EAAE,MAAM,CAAC;CAChB,EAAE,CACJ,CAAC;AAEF,MAAM,MAAM,0BAA0B,GAAG,CACvC,wBAAwB,EAAE;IACxB,eAAe,EAAE,MAAM,EAAE,CAAC;IAC1B,eAAe,EAAE,eAAe,CAAC;IACjC,UAAU,EAAE,MAAM,CAAC;IACnB,MAAM,EAAE,MAAM,CAAC;CAChB,EAAE,EACH,iBAAiB,EAAE;IACjB,KAAK,EAAE,MAAM,CAAC;IACd,QAAQ,EAAE,MAAM,CAAC;IACjB,WAAW,EAAE,MAAM,CAAC;CACrB,KACE,OAAO,CAAC,kBAAkB,CAAC,CAAC;AAEjC,eAAO,MAAM,0CAA0C,eACzC,qBAAqB,KAChC,mBAMF,CAAC;AAEF,KAAK,qBAAqB,GAAG;IAC3B,MAAM,EAAE,MAAM,CAAC;IACf,UAAU,EAAE,MAAM,CAAC;IACnB,YAAY,EAAE,IAAI,CAAC,YAAY,CAAC;CACjC,CAAC;AAEF,KAAK,sBAAsB,GAAG;IAC5B,MAAM,EAAE,MAAM,CAAC;IACf,UAAU,EAAE,MAAM,CAAC;IACnB,KAAK,EAAE,QAAQ,CAAC;IAChB,WAAW,EAAE,qBAAqB,EAAE,CAAC;CACtC,CAAC;AA2HF;;;;;;;;;GASG;AACH,eAAO,MAAM,8BAA8B,EAAE,2BAkE5C,CAAC;AAEF;;;;;;;;;;;;;;;GAeG;AACH,eAAO,MAAM,kCAAkC,EAAE,+BA6E9C,CAAC;AAEJ;;;;;GAKG;AACH,eAAO,MAAM,mBAAmB,oBACb,eAAe,2BACP,sBAAsB,EAAE,KAChD;IACD,iBAAiB,EAAE,oBAAoB,CAAC;IACxC,aAAa,EAAE,MAAM,CAAC;IACtB,iBAAiB,EAAE,MAAM,CAAC;CA6B3B,CAAC;AAEF;;;;;GAKG;AACH,eAAO,MAAM,kBAAkB,oBACZ,eAAe,0BACR,qBAAqB,EAAE,KAC9C;IACD,iBAAiB,EAAE,oBAAoB,CAAC;IACxC,aAAa,EAAE,MAAM,CAAC;IACtB,iBAAiB,EAAE,MAAM,CAAC;CAuB3B,CAAC;AAEF;;;;;;;;;;;;;;GAcG;AACH,eAAO,MAAM,wBAAwB,EAAE,wBAuEtC,CAAC;AAEF;;;;;;;;;;;;;GAaG;AACH,eAAO,MAAM,0BAA0B,EAAE,0BA+DxC,CAAC"}
|