@pagopa/io-react-native-wallet 1.7.0 → 2.0.0-next.0

package/lib/module/credential/issuance/07-verify-and-parse-credential.js

@@ -1,16 +1,14 @@
 import { IoWalletError } from "../../utils/errors";
 import { SdJwt4VC } from "../../sd-jwt/types";
 import { verify as verifySdJwt } from "../../sd-jwt";
-import { verify as verifyMdoc } from "../../mdoc";
 import { getValueFromDisclosures } from "../../sd-jwt/converters";
-import { extractElementValueAsDate } from "../../mdoc/converters";
+import { LogLevel, Logger } from "../../utils/logging";
 
 // The credential as a collection of attributes in plain value
 
 // handy alias
 
-//Exported for testing purposes
-export const parseCredentialSdJwt = function (credentials_supported, _ref) {
+const parseCredentialSdJwt = function (credentials_supported, _ref) {
   let {
     sdJwt,
     disclosures
@@ -19,32 +17,35 @@ export const parseCredentialSdJwt = function (credentials_supported, _ref) {
   let includeUndefinedAttributes = arguments.length > 3 && arguments[3] !== undefined ? arguments[3] : false;
   const credentialSubject = credentials_supported[sdJwt.payload.vct];
   if (!credentialSubject) {
+    Logger.log(LogLevel.ERROR, `Credential type not supported by the issuer: ${sdJwt.payload.vct}`);
     throw new IoWalletError("Credential type not supported by the issuer");
   }
   if (credentialSubject.format !== sdJwt.header.typ) {
+    Logger.log(LogLevel.ERROR, `Received credential is of an unknwown type. Expected one of [${credentialSubject.format}], received '${sdJwt.header.typ}'`);
     throw new IoWalletError(`Received credential is of an unknwown type. Expected one of [${credentialSubject.format}], received '${sdJwt.header.typ}', `);
   }
 
   // transfrom a record { key: value } in an iterable of pairs [key, value]
   if (!credentialSubject.claims) {
+    Logger.log(LogLevel.ERROR, "Missing claims in the credential subject");
     throw new IoWalletError("Missing claims in the credential subject"); // TODO [SIW-1268]: should not be optional
   }
 
-  const claims = credentialSubject.claims;
-  const attrDefinitions = Object.entries(claims);
+  const attrDefinitions = Object.entries(credentialSubject.claims);
 
   // the key of the attribute defintion must match the disclosure's name
   const attrsNotInDisclosures = attrDefinitions.filter(_ref2 => {
-    let [attrKey, definition] = _ref2;
+    let [attrKey] = _ref2;
     return !disclosures.some(_ref3 => {
       let [, name] = _ref3;
       return name === attrKey;
-    }) && definition.mandatory;
+    });
   });
   if (attrsNotInDisclosures.length > 0) {
     const missing = attrsNotInDisclosures.map(_ => _[0 /* key */]).join(", ");
     const received = disclosures.map(_ => _[1 /* name */]).join(", ");
     if (!ignoreMissingAttributes) {
+      Logger.log(LogLevel.ERROR, `Some attributes are missing in the credential. Missing: [${missing}], received: [${received}]`);
       throw new IoWalletError(`Some attributes are missing in the credential. Missing: [${missing}], received: [${received}]`);
     }
   }
@@ -61,25 +62,20 @@ export const parseCredentialSdJwt = function (credentials_supported, _ref) {
       value: (_disclosures$find = disclosures.find(_ => _[1 /* name */] === attrKey)) === null || _disclosures$find === void 0 ? void 0 : _disclosures$find[2 /* value */]
     }];
   })
-  //filter the not found elements
-  .filter(_ref5 => {
-    let [_, definition] = _ref5;
-    return definition.value !== undefined;
-  })
   // add a human readable attribute name, with i18n, in the form { locale: name }
   // example: { "it-IT": "Nome", "en-EN": "Name", "es-ES": "Nombre" }
-  .map(_ref6 => {
+  .map(_ref5 => {
     let [attrKey, {
       display,
       ...definition
-    }] = _ref6;
+    }] = _ref5;
     return [attrKey, {
       ...definition,
-      name: display.reduce((names, _ref7) => {
+      name: display.reduce((names, _ref6) => {
         let {
           locale,
           name
-        } = _ref7;
+        } = _ref6;
         return {
           ...names,
           [locale]: name
@@ -90,119 +86,8 @@ export const parseCredentialSdJwt = function (credentials_supported, _ref) {
   if (includeUndefinedAttributes) {
     // attributes that are in the disclosure set
     // but are not defined in the issuer configuration
-    const undefinedValues = Object.fromEntries(disclosures.filter(_ => !Object.keys(definedValues).includes(_[1])).map(_ref8 => {
-      let [, key, value] = _ref8;
-      return [key, {
-        value,
-        name: key
-      }];
-    }));
-    return {
-      ...definedValues,
-      ...undefinedValues
-    };
-  }
-  return definedValues;
-};
-
-//Exported for testing purposes
-export const parseCredentialMDoc = function (credentials_supported, credential_type, _ref9) {
-  let {
-    issuerSigned
-  } = _ref9;
-  let ignoreMissingAttributes = arguments.length > 3 && arguments[3] !== undefined ? arguments[3] : false;
-  let includeUndefinedAttributes = arguments.length > 4 && arguments[4] !== undefined ? arguments[4] : false;
-  const credentialSubject = credentials_supported[credential_type];
-  if (!credentialSubject) {
-    throw new IoWalletError("Credential type not supported by the issuer");
-  }
-
-  // transfrom a record { key: value } in an iterable of pairs [key, value]
-  if (!credentialSubject.claims) {
-    throw new IoWalletError("Missing claims in the credential subject"); // TODO [SIW-1268]: should not be optional
-  }
-
-  const claims = credentialSubject.claims;
-  const attrDefinitions = Object.entries(claims).flatMap(_ref10 => {
-    let [namespace, claimName] = _ref10;
-    return Object.entries(claimName).map(_ref11 => {
-      let [claimNameKey, definition] = _ref11;
-      return [namespace, claimNameKey, definition];
-    });
-  });
-  if (!issuerSigned.nameSpaces) {
-    throw new IoWalletError("Missing claims in the credential");
-  }
-  const flatNamespaces = Object.entries(issuerSigned.nameSpaces).flatMap(_ref12 => {
-    let [namespace, values] = _ref12;
-    return values.map(v => [namespace, v.elementIdentifier, v.elementValue]);
-  });
-
-  // Check that all mandatory attributes defined in the issuer configuration are present in the disclosure set
-  // and filter the non present ones
-  const attrsNotInDisclosures = attrDefinitions.filter(_ref13 => {
-    let [attrDefNamespace, attrKey, definition] = _ref13;
-    const isClaimPresent = flatNamespaces.find(_ref14 => {
-      let [namespace, name] = _ref14;
-      return attrDefNamespace === namespace && name === attrKey;
-    });
-    return isClaimPresent === undefined && definition.mandatory;
-  });
-  if (attrsNotInDisclosures.length > 0) {
-    const missing = attrsNotInDisclosures.map(_ => _[1 /* claim key */]).join(", ");
-    const received = flatNamespaces.map(_ => _[1 /*name*/]);
-    if (!ignoreMissingAttributes) {
-      throw new IoWalletError(`Some attributes are missing in the credential. Missing: [${missing}], received: [${received}]`);
-    }
-  }
-
-  // Attributes defined in the issuer configuration and present in the disclosure set
-  const definedValues = Object.fromEntries(attrDefinitions
-  // Retrieve the value from the corresponding disclosure
-  .map(_ref15 => {
-    var _flatNamespaces$find;
-    let [attrDefNamespace, attrKey, definition] = _ref15;
-    return [attrKey, {
-      ...definition,
-      value: (_flatNamespaces$find = flatNamespaces.find(_ref16 => {
-        let [namespace, name] = _ref16;
-        return attrDefNamespace === namespace && name === attrKey;
-      })) === null || _flatNamespaces$find === void 0 ? void 0 : _flatNamespaces$find[2]
-    }];
-  })
-  //filter the not found elements
-  .filter(_ref17 => {
-    let [_, definition] = _ref17;
-    return definition.value !== undefined;
-  })
-  // Add a human-readable attribute name, with i18n, in the form { locale: name }
-  // Example: { "it-IT": "Nome", "en-EN": "Name", "es-ES": "Nombre" }
-  .map(_ref18 => {
-    let [attrKey, {
-      display,
-      ...definition
-    }] = _ref18;
-    return [attrKey, {
-      ...definition,
-      name: display.reduce((names, _ref19) => {
-        let {
-          locale,
-          name
-        } = _ref19;
-        return {
-          ...names,
-          [locale]: name
-        };
-      }, {})
-    }];
-  }));
-  if (includeUndefinedAttributes) {
-    // Attributes that are present in the disclosure set but not defined in the issuer configuration
-    const undefinedValues = Object.fromEntries(flatNamespaces.filter(_ref20 => {
-      let [, key] = _ref20;
-      return !Object.keys(definedValues).includes(key);
-    }).map(_ref21 => {
-      let [, key, value] = _ref21;
+    const undefinedValues = Object.fromEntries(disclosures.filter(_ => !Object.keys(definedValues).includes(_[1])).map(_ref7 => {
+      let [, key, value] = _ref7;
       return [key, {
         value,
         name: key
@@ -239,97 +124,35 @@ async function verifyCredentialSdJwt(rawCredential, issuerKeys, holderBindingCon
     cnf
   } = decodedCredential.sdJwt.payload;
   if (!cnf.jwk.kid || cnf.jwk.kid !== holderBindingKey.kid) {
+    Logger.log(LogLevel.ERROR, `Failed to verify holder binding, expected kid: ${holderBindingKey.kid}, got: ${decodedCredential.sdJwt.payload.cnf.jwk.kid}`);
     throw new IoWalletError(`Failed to verify holder binding, expected kid: ${holderBindingKey.kid}, got: ${decodedCredential.sdJwt.payload.cnf.jwk.kid}`);
   }
   return decodedCredential;
 }
 
-/**
- * Given a credential, verify it's in the supported format
- * and the credential is correctly signed
- * and it's bound to the given key
- *
- * @param rawCredential The received credential
- * @param issuerKeys The set of public keys of the issuer,
- * which will be used to verify the signature
- * @param holderBindingContext The access to the holder's key
- *
- * @throws If the signature verification fails
- * @throws If the credential is not in the SdJwt4VC format
- * @throws If the holder binding is not properly configured
- *
- */
-async function verifyCredentialMDoc(rawCredential, issuerKeys, holderBindingContext) {
-  /**
-   * For the moment, being that issues in the crypto key generation
-   * have been found on Android, the check for the deviceKey inside
-   * of the mDoc is skipped, so we are not interested in the holderBindingKey
-   */
-  const [decodedCredential, _] =
-  // parallel for optimization
-  await Promise.all([verifyMdoc(rawCredential, issuerKeys), holderBindingContext.getPublicKey()]);
-  if (!decodedCredential) {
-    throw new IoWalletError("No MDOC credentials found!");
-  }
-
-  /**
-   * For the moment, being that issues in the crypto key generation
-   * have been found on Android, the check for the deviceKey inside
-   * of the mDoc is skipped.
-   */
-  //const key = decodedCredential.mDoc.issuerSigned.issuerAuth.payload.deviceKeyInfo.deviceKey;
-  //
-  //if (!compareKeysByThumbprint(key, holderBindingKey as PublicKey)) {
-  //  throw new IoWalletError(
-  //    `Failed to verify holder binding, holder binding key and mDoc deviceKey don't match`
-  //  );
-  //}
-
-  return decodedCredential;
-}
-
 // utility type that specialize VerifyAndParseCredential for given format
 
-const verifyAndParseCredentialSdJwt = async (issuerConf, credential, _, __, _ref22) => {
+const verifyAndParseCredentialSdJwt = async (issuerConf, credential, _, _ref8) => {
   let {
     credentialCryptoContext,
     ignoreMissingAttributes,
     includeUndefinedAttributes
-  } = _ref22;
-  const decoded = await verifyCredentialSdJwt(credential, issuerConf.keys, credentialCryptoContext);
-  const parsedCredential = parseCredentialSdJwt(issuerConf.credential_configurations_supported, decoded, ignoreMissingAttributes, includeUndefinedAttributes);
+  } = _ref8;
+  const decoded = await verifyCredentialSdJwt(credential, issuerConf.openid_credential_issuer.jwks.keys, credentialCryptoContext);
+  Logger.log(LogLevel.DEBUG, `Decoded credential: ${JSON.stringify(decoded)}`);
+  const parsedCredential = parseCredentialSdJwt(issuerConf.openid_credential_issuer.credential_configurations_supported, decoded, ignoreMissingAttributes, includeUndefinedAttributes);
   const maybeIssuedAt = getValueFromDisclosures(decoded.disclosures, "iat");
+  Logger.log(LogLevel.DEBUG, `Parsed credential: ${JSON.stringify(parsedCredential)}\nIssued at: ${maybeIssuedAt}`);
   return {
     parsedCredential,
     expiration: new Date(decoded.sdJwt.payload.exp * 1000),
     issuedAt: typeof maybeIssuedAt === "number" ? new Date(maybeIssuedAt * 1000) : undefined
   };
 };
-const verifyAndParseCredentialMDoc = async (issuerConf, credential, _, credentialType, _ref23) => {
-  var _parsedCredential$exp, _parsedCredential$iss;
-  let {
-    credentialCryptoContext,
-    ignoreMissingAttributes
-  } = _ref23;
-  const decoded = await verifyCredentialMDoc(credential, issuerConf.keys, credentialCryptoContext);
-  const parsedCredential = parseCredentialMDoc(issuerConf.credential_configurations_supported, credentialType, decoded, undefined, ignoreMissingAttributes);
-  const expirationDate = extractElementValueAsDate(parsedCredential === null || parsedCredential === void 0 || (_parsedCredential$exp = parsedCredential.expiry_date) === null || _parsedCredential$exp === void 0 ? void 0 : _parsedCredential$exp.value);
-  if (!expirationDate) {
-    throw new IoWalletError(`expirationDate must be present!!`);
-  }
-  expirationDate === null || expirationDate === void 0 ? void 0 : expirationDate.setDate(expirationDate.getDate() + 1);
-  const maybeIssuedAt = extractElementValueAsDate(parsedCredential === null || parsedCredential === void 0 || (_parsedCredential$iss = parsedCredential.issue_date) === null || _parsedCredential$iss === void 0 ? void 0 : _parsedCredential$iss.value);
-  maybeIssuedAt === null || maybeIssuedAt === void 0 ? void 0 : maybeIssuedAt.setDate(maybeIssuedAt.getDate() + 1);
-  return {
-    parsedCredential,
-    expiration: expirationDate ?? new Date(),
-    issuedAt: maybeIssuedAt ?? undefined
-  };
-};
 
 /**
  * Verify and parse an encoded credential.
- * @param issuerConf The Issuer configuration returned by {@link getIssuerConfig}
+ * @param issuerConf The Issuer configuration returned by {@link evaluateIssuerTrust}
  * @param credential The encoded credential returned by {@link obtainCredential}
  * @param format The format of the credentual returned by {@link obtainCredential}
  * @param context.credentialCryptoContext The crypto context used to obtain the credential in {@link obtainCredential}
@@ -340,13 +163,12 @@ const verifyAndParseCredentialMDoc = async (issuerConf, credential, _, credentia
  * @throws {IoWalletError} If the credential is not bound to the provided user key
  * @throws {IoWalletError} If the credential data fail to parse
  */
-export const verifyAndParseCredential = async (issuerConf, credential, format, credentialType, context) => {
+export const verifyAndParseCredential = async (issuerConf, credential, format, context) => {
   if (format === "vc+sd-jwt") {
-    return verifyAndParseCredentialSdJwt(issuerConf, credential, format, credentialType, context);
-  }
-  if (format === "mso_mdoc") {
-    return verifyAndParseCredentialMDoc(issuerConf, credential, format, credentialType, context);
+    Logger.log(LogLevel.DEBUG, "Parsing credential in vc+sd-jwt format");
+    return verifyAndParseCredentialSdJwt(issuerConf, credential, format, context);
   }
+  Logger.log(LogLevel.ERROR, `Unsupported credential format: ${format}`);
   throw new IoWalletError(`Unsupported credential format: ${format}`);
 };
 //# sourceMappingURL=07-verify-and-parse-credential.js.map

package/lib/module/credential/issuance/07-verify-and-parse-credential.js.map

@@ -1 +1 @@
-{"version":3,"names":["IoWalletError","SdJwt4VC","verify","verifySdJwt","verifyMdoc","getValueFromDisclosures","extractElementValueAsDate","parseCredentialSdJwt","credentials_supported","_ref","sdJwt","disclosures","ignoreMissingAttributes","arguments","length","undefined","includeUndefinedAttributes","credentialSubject","payload","vct","format","header","typ","claims","attrDefinitions","Object","entries","attrsNotInDisclosures","filter","_ref2","attrKey","definition","some","_ref3","name","mandatory","missing","map","_","join","received","definedValues","fromEntries","_ref4","_disclosures$find","value","find","_ref5","_ref6","display","reduce","names","_ref7","locale","undefinedValues","keys","includes","_ref8","key","parseCredentialMDoc","credential_type","_ref9","issuerSigned","flatMap","_ref10","namespace","claimName","_ref11","claimNameKey","nameSpaces","flatNamespaces","_ref12","values","v","elementIdentifier","elementValue","_ref13","attrDefNamespace","isClaimPresent","_ref14","_ref15","_flatNamespaces$find","_ref16","_ref17","_ref18","_ref19","_ref20","_ref21","verifyCredentialSdJwt","rawCredential","issuerKeys","holderBindingContext","decodedCredential","holderBindingKey","Promise","all","getPublicKey","cnf","jwk","kid","verifyCredentialMDoc","verifyAndParseCredentialSdJwt","issuerConf","credential","__","_ref22","credentialCryptoContext","decoded","parsedCredential","credential_configurations_supported","maybeIssuedAt","expiration","Date","exp","issuedAt","verifyAndParseCredentialMDoc","credentialType","_ref23","_parsedCredential$exp","_parsedCredential$iss","expirationDate","expiry_date","setDate","getDate","issue_date","verifyAndParseCredential","context"],"sourceRoot":"../../../../src","sources":["credential/issuance/07-verify-and-parse-credential.ts"],"mappings":"AAIA,SAASA,aAAa,QAAQ,oBAAoB;AAClD,SAASC,QAAQ,QAAQ,oBAAoB;AAC7C,SAASC,MAAM,IAAIC,WAAW,QAAQ,cAAc;AACpD,SAASD,MAAM,IAAIE,UAAU,QAAQ,YAAY;AACjD,SAASC,uBAAuB,QAAQ,yBAAyB;AAOjE,SAASC,yBAAyB,QAAQ,uBAAuB;;AAwBjE;;AAkBA;;AASA;AACA,OAAO,MAAMC,oBAAoB,GAAG,SAAAA,CAElCC,qBAAgG,EAAAC,IAAA,EAI3E;EAAA,IAHrB;IAAEC,KAAK;IAAEC;EAAoC,CAAC,GAAAF,IAAA;EAAA,IAC9CG,uBAAgC,GAAAC,SAAA,CAAAC,MAAA,QAAAD,SAAA,QAAAE,SAAA,GAAAF,SAAA,MAAG,KAAK;EAAA,IACxCG,0BAAmC,GAAAH,SAAA,CAAAC,MAAA,QAAAD,SAAA,QAAAE,SAAA,GAAAF,SAAA,MAAG,KAAK;EAE3C,MAAMI,iBAAiB,GAAGT,qBAAqB,CAACE,KAAK,CAACQ,OAAO,CAACC,GAAG,CAAC;EAElE,IAAI,CAACF,iBAAiB,EAAE;IACtB,MAAM,IAAIjB,aAAa,CAAC,6CAA6C,CAAC;EACxE;EAEA,IAAIiB,iBAAiB,CAACG,MAAM,KAAKV,KAAK,CAACW,MAAM,CAACC,GAAG,EAAE;IACjD,MAAM,IAAItB,aAAa,CACpB,gEAA+DiB,iBAAiB,CAACG,MAAO,gBAAeV,KAAK,CAACW,MAAM,CAACC,GAAI,KAC3H,CAAC;EACH;;EAEA;EACA,IAAI,CAACL,iBAAiB,CAACM,MAAM,EAAE;IAC7B,MAAM,IAAIvB,aAAa,CAAC,0CAA0C,CAAC,CAAC,CAAC;EACvE;;EACA,MAAMuB,MAAM,GAAGN,iBAAiB,CAACM,MAA+B;EAChE,MAAMC,eAAe,GAAGC,MAAM,CAACC,OAAO,CAACH,MAAM,CAAC;;EAE9C;EACA,MAAMI,qBAAqB,GAAGH,eAAe,CAACI,MAAM,CAClDC,KAAA;IAAA,IAAC,CAACC,OAAO,EAAEC,UAAU,CAAC,GAAAF,KAAA;IAAA,OACpB,CAAClB,WAAW,CAACqB,IAAI,CAACC,KAAA;MAAA,IAAC,GAAGC,IAAI,CAAC,GAAAD,KAAA;MAAA,OAAKC,IAAI,KAAKJ,OAAO;IAAA,EAAC,IAAIC,UAAU,CAACI,SAAS;EAAA,CAC7E,CAAC;EACD,IAAIR,qBAAqB,CAACb,MAAM,GAAG,CAAC,EAAE;IACpC,MAAMsB,OAAO,GAAGT,qBAAqB,CAACU,GAAG,CAAEC,CAAC,IAAKA,CAAC,CAAC,CAAC,CAAC,UAAU,CAAC,CAACC,IAAI,CAAC,IAAI,CAAC;IAC3E,MAAMC,QAAQ,GAAG7B,WAAW,CAAC0B,GAAG,CAAEC,CAAC,IAAKA,CAAC,CAAC,CAAC,CAAC,WAAW,CAAC,CAACC,IAAI,CAAC,IAAI,CAAC;IACnE,IAAI,CAAC3B,uBAAuB,EAAE;MAC5B,MAAM,IAAIZ,aAAa,CACpB,4DAA2DoC,OAAQ,iBAAgBI,QAAS,GAC/F,CAAC;IACH;EACF;;EAEA;EACA;EACA,MAAMC,aAAa,GAAGhB,MAAM,CAACiB,WAAW,CACtClB;EACE;EAAA,CACCa,GAAG,CACFM,KAAA;IAAA,IAAAC,iBAAA;IAAA,IAAC,CAACd,OAAO,EAAEC,UAAU,CAAC,GAAAY,KAAA;IAAA,OACpB,CACEb,OAAO,EACP;MACE,GAAGC,UAAU;MACbc,KAAK,GAAAD,iBAAA,GAAEjC,WAAW,CAACmC,IAAI,CACpBR,CAAC,IAAKA,CAAC,CAAC,CAAC,CAAC,WAAW,KAAKR,OAC7B,CAAC,cAAAc,iBAAA,uBAFMA,iBAAA,CAEH,CAAC,CAAC;IACR,CAAC,CACF;EAAA,CACL;EACA;EAAA,CACChB,MAAM,CAACmB,KAAA;IAAA,IAAC,CAACT,CAAC,EAAEP,UAAU,CAAC,GAAAgB,KAAA;IAAA,OAAKhB,UAAU,CAACc,KAAK,KAAK9B,SAAS;EAAA;EAC3D;EACA;EAAA,CACCsB,GAAG,CACFW,KAAA;IAAA,IAAC,CAAClB,OAAO,EAAE;MAAEmB,OAAO;MAAE,GAAGlB;IAAW,CAAC,CAAC,GAAAiB,KAAA;IAAA,OACpC,CACElB,OAAO,EACP;MACE,GAAGC,UAAU;MACbG,IAAI,EAAEe,OAAO,CAACC,MAAM,CAClB,CAACC,KAAK,EAAAC,KAAA;QAAA,IAAE;UAAEC,MAAM;UAAEnB;QAAK,CAAC,GAAAkB,KAAA;QAAA,OAAM;UAAE,GAAGD,KAAK;UAAE,CAACE,MAAM,GAAGnB;QAAK,CAAC;MAAA,CAAC,EAC3D,CAAC,CACH;IACF,CAAC,CACF;EAAA,CACL,CACJ,CAAC;EAED,IAAIlB,0BAA0B,EAAE;IAC9B;IACA;IACA,MAAMsC,eAAe,GAAG7B,MAAM,CAACiB,WAAW,CACxC/B,WAAW,CACRiB,MAAM,CAAEU,CAAC,IAAK,CAACb,MAAM,CAAC8B,IAAI,CAACd,aAAa,CAAC,CAACe,QAAQ,CAAClB,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CACzDD,GAAG,CAACoB,KAAA;MAAA,IAAC,GAAGC,GAAG,EAAEb,KAAK,CAAC,GAAAY,KAAA;MAAA,OAAK,CAACC,GAAG,EAAE;QAAEb,KAAK;QAAEX,IAAI,EAAEwB;MAAI,CAAC,CAAC;IAAA,EACxD,CAAC;IACD,OAAO;MACL,GAAGjB,aAAa;MAChB,GAAGa;IACL,CAAC;EACH;EAEA,OAAOb,aAAa;AACtB,CAAC;;AAED;AACA,OAAO,MAAMkB,mBAAmB,GAAG,SAAAA,CAEjCnD,qBAAgG,EAChGoD,eAAuB,EAAAC,KAAA,EAIF;EAAA,IAHrB;IAAEC;EAAoC,CAAC,GAAAD,KAAA;EAAA,IACvCjD,uBAAgC,GAAAC,SAAA,CAAAC,MAAA,QAAAD,SAAA,QAAAE,SAAA,GAAAF,SAAA,MAAG,KAAK;EAAA,IACxCG,0BAAmC,GAAAH,SAAA,CAAAC,MAAA,QAAAD,SAAA,QAAAE,SAAA,GAAAF,SAAA,MAAG,KAAK;EAE3C,MAAMI,iBAAiB,GAAGT,qBAAqB,CAACoD,eAAe,CAAC;EAEhE,IAAI,CAAC3C,iBAAiB,EAAE;IACtB,MAAM,IAAIjB,aAAa,CAAC,6CAA6C,CAAC;EACxE;;EAEA;EACA,IAAI,CAACiB,iBAAiB,CAACM,MAAM,EAAE;IAC7B,MAAM,IAAIvB,aAAa,CAAC,0CAA0C,CAAC,CAAC,CAAC;EACvE;;EAEA,MAAMuB,MAAM,GAAGN,iBAAiB,CAACM,MAGhC;EAED,MAAMC,eAAoD,GAAGC,MAAM,CAACC,OAAO,CACzEH,MACF,CAAC,CAACwC,OAAO,CAACC,MAAA;IAAA,IAAC,CAACC,SAAS,EAAEC,SAAS,CAAC,GAAAF,MAAA;IAAA,OAC/BvC,MAAM,CAACC,OAAO,CAACwC,SAAS,CAAC,CAAC7B,GAAG,CAC3B8B,MAAA;MAAA,IAAC,CAACC,YAAY,EAAErC,UAAU,CAAC,GAAAoC,MAAA;MAAA,OACzB,CAACF,SAAS,EAAEG,YAAY,EAAErC,UAAU,CAAC;IAAA,CAKzC,CAAC;EAAA,CACH,CAAC;EAED,IAAI,CAAC+B,YAAY,CAACO,UAAU,EAAE;IAC5B,MAAM,IAAIrE,aAAa,CAAC,kCAAkC,CAAC;EAC7D;EAEA,MAAMsE,cAA0C,GAAG7C,MAAM,CAACC,OAAO,CAC/DoC,YAAY,CAACO,UACf,CAAC,CAACN,OAAO,CAACQ,MAAA;IAAA,IAAC,CAACN,SAAS,EAAEO,MAAM,CAAC,GAAAD,MAAA;IAAA,OAC5BC,MAAM,CAACnC,GAAG,CACPoC,CAAC,IACA,CAACR,SAAS,EAAEQ,CAAC,CAACC,iBAAiB,EAAED,CAAC,CAACE,YAAY,CAKnD,CAAC;EAAA,CACH,CAAC;;EAED;EACA;EACA,MAAMhD,qBAAqB,GAAGH,eAAe,CAACI,MAAM,CAClDgD,MAAA,IAA6C;IAAA,IAA5C,CAACC,gBAAgB,EAAE/C,OAAO,EAAEC,UAAU,CAAC,GAAA6C,MAAA;IACtC,MAAME,cAAc,GAAGR,cAAc,CAACxB,IAAI,CACxCiC,MAAA;MAAA,IAAC,CAACd,SAAS,EAAE/B,IAAI,CAAC,GAAA6C,MAAA;MAAA,OAChBF,gBAAgB,KAAKZ,SAAS,IAAI/B,IAAI,KAAKJ,OAAO;IAAA,CACtD,CAAC;IACD,OAAOgD,cAAc,KAAK/D,SAAS,IAAIgB,UAAU,CAACI,SAAS;EAC7D,CACF,CAAC;EACD,IAAIR,qBAAqB,CAACb,MAAM,GAAG,CAAC,EAAE;IACpC,MAAMsB,OAAO,GAAGT,qBAAqB,CAClCU,GAAG,CAAEC,CAAC,IAAKA,CAAC,CAAC,CAAC,CAAC,gBAAgB,CAAC,CAChCC,IAAI,CAAC,IAAI,CAAC;IACb,MAAMC,QAAQ,GAAG8B,cAAc,CAACjC,GAAG,CAAEC,CAAC,IAAKA,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC;IACzD,IAAI,CAAC1B,uBAAuB,EAAE;MAC5B,MAAM,IAAIZ,aAAa,CACpB,4DAA2DoC,OAAQ,iBAAgBI,QAAS,GAC/F,CAAC;IACH;EACF;;EAEA;EACA,MAAMC,aAAa,GAAGhB,MAAM,CAACiB,WAAW,CACtClB;EACE;EAAA,CACCa,GAAG,CACF2C,MAAA;IAAA,IAAAC,oBAAA;IAAA,IAAC,CAACJ,gBAAgB,EAAE/C,OAAO,EAAEC,UAAU,CAAC,GAAAiD,MAAA;IAAA,OACtC,CACElD,OAAO,EACP;MACE,GAAGC,UAAU;MACbc,KAAK,GAAAoC,oBAAA,GAAEX,cAAc,CAACxB,IAAI,CACxBoC,MAAA;QAAA,IAAC,CAACjB,SAAS,EAAE/B,IAAI,CAAC,GAAAgD,MAAA;QAAA,OAChBL,gBAAgB,KAAKZ,SAAS,IAAI/B,IAAI,KAAKJ,OAAO;MAAA,CACtD,CAAC,cAAAmD,oBAAA,uBAHMA,oBAAA,CAGH,CAAC;IACP,CAAC,CACF;EAAA,CACL;EACA;EAAA,CACCrD,MAAM,CAACuD,MAAA;IAAA,IAAC,CAAC7C,CAAC,EAAEP,UAAU,CAAC,GAAAoD,MAAA;IAAA,OAAKpD,UAAU,CAACc,KAAK,KAAK9B,SAAS;EAAA;EAC3D;EACA;EAAA,CACCsB,GAAG,CACF+C,MAAA;IAAA,IAAC,CAACtD,OAAO,EAAE;MAAEmB,OAAO;MAAE,GAAGlB;IAAW,CAAC,CAAC,GAAAqD,MAAA;IAAA,OACpC,CACEtD,OAAO,EACP;MACE,GAAGC,UAAU;MACbG,IAAI,EAAEe,OAAO,CAACC,MAAM,CAClB,CAACC,KAAK,EAAAkC,MAAA;QAAA,IAAE;UAAEhC,MAAM;UAAEnB;QAAK,CAAC,GAAAmD,MAAA;QAAA,OAAM;UAAE,GAAGlC,KAAK;UAAE,CAACE,MAAM,GAAGnB;QAAK,CAAC;MAAA,CAAC,EAC3D,CAAC,CACH;IACF,CAAC,CACF;EAAA,CACL,CACJ,CAAC;EAED,IAAIlB,0BAA0B,EAAE;IAC9B;IACA,MAAMsC,eAAe,GAAG7B,MAAM,CAACiB,WAAW,CACxC4B,cAAc,CACX1C,MAAM,CAAC0D,MAAA;MAAA,IAAC,GAAG5B,GAAG,CAAC,GAAA4B,MAAA;MAAA,OAAK,CAAC7D,MAAM,CAAC8B,IAAI,CAACd,aAAa,CAAC,CAACe,QAAQ,CAACE,GAAG,CAAC;IAAA,EAAC,CAC9DrB,GAAG,CAACkD,MAAA;MAAA,IAAC,GAAG7B,GAAG,EAAEb,KAAK,CAAC,GAAA0C,MAAA;MAAA,OAAK,CAAC7B,GAAG,EAAE;QAAEb,KAAK;QAAEX,IAAI,EAAEwB;MAAI,CAAC,CAAC;IAAA,EACxD,CAAC;IACD,OAAO;MACL,GAAGjB,aAAa;MAChB,GAAGa;IACL,CAAC;EACH;EAEA,OAAOb,aAAa;AACtB,CAAC;;AAED;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,eAAe+C,qBAAqBA,CAClCC,aAAqB,EACrBC,UAAiB,EACjBC,oBAAmC,EACF;EACjC,MAAM,CAACC,iBAAiB,EAAEC,gBAAgB,CAAC;EACzC;EACA,MAAMC,OAAO,CAACC,GAAG,CAAC,CAChB5F,WAAW,CAACsF,aAAa,EAAEC,UAAU,EAAEzF,QAAQ,CAAC,EAChD0F,oBAAoB,CAACK,YAAY,CAAC,CAAC,CACpC,CAAC;EAEJ,MAAM;IAAEC;EAAI,CAAC,GAAGL,iBAAiB,CAAClF,KAAK,CAACQ,OAAO;EAE/C,IAAI,CAAC+E,GAAG,CAACC,GAAG,CAACC,GAAG,IAAIF,GAAG,CAACC,GAAG,CAACC,GAAG,KAAKN,gBAAgB,CAACM,GAAG,EAAE;IACxD,MAAM,IAAInG,aAAa,CACpB,kDAAiD6F,gBAAgB,CAACM,GAAI,UAASP,iBAAiB,CAAClF,KAAK,CAACQ,OAAO,CAAC+E,GAAG,CAACC,GAAG,CAACC,GAAI,EAC9H,CAAC;EACH;EAEA,OAAOP,iBAAiB;AAC1B;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,eAAeQ,oBAAoBA,CACjCX,aAAqB,EACrBC,UAAiB,EACjBC,oBAAmC,EACH;EAChC;AACF;AACA;AACA;AACA;EACE,MAAM,CAACC,iBAAiB,EAAEtD,CAAC,CAAC;EAC1B;EACA,MAAMwD,OAAO,CAACC,GAAG,CAAC,CAChB3F,UAAU,CAACqF,aAAa,EAAEC,UAAU,CAAC,EACrCC,oBAAoB,CAACK,YAAY,CAAC,CAAC,CACpC,CAAC;EAEJ,IAAI,CAACJ,iBAAiB,EAAE;IACtB,MAAM,IAAI5F,aAAa,CAAC,4BAA4B,CAAC;EACvD;;EAEA;AACF;AACA;AACA;AACA;EACE;EACA;EACA;EACA;EACA;EACA;EACA;;EAEA,OAAO4F,iBAAiB;AAC1B;;AAEA;;AASA,MAAMS,6BAAsD,GAAG,MAAAA,CAC7DC,UAAU,EACVC,UAAU,EACVjE,CAAC,EACDkE,EAAE,EAAAC,MAAA,KAMC;EAAA,IALH;IACEC,uBAAuB;IACvB9F,uBAAuB;IACvBI;EACF,CAAC,GAAAyF,MAAA;EAED,MAAME,OAAO,GAAG,MAAMnB,qBAAqB,CACzCe,UAAU,EACVD,UAAU,CAAC/C,IAAI,EACfmD,uBACF,CAAC;EAED,MAAME,gBAAgB,GAAGrG,oBAAoB,CAC3C+F,UAAU,CAACO,mCAAmC,EAC9CF,OAAO,EACP/F,uBAAuB,EACvBI,0BACF,CAAC;EAED,MAAM8F,aAAa,GAAGzG,uBAAuB,CAACsG,OAAO,CAAChG,WAAW,EAAE,KAAK,CAAC;EAEzE,OAAO;IACLiG,gBAAgB;IAChBG,UAAU,EAAE,IAAIC,IAAI,CAACL,OAAO,CAACjG,KAAK,CAACQ,OAAO,CAAC+F,GAAG,GAAG,IAAI,CAAC;IACtDC,QAAQ,EACN,OAAOJ,aAAa,KAAK,QAAQ,GAC7B,IAAIE,IAAI,CAACF,aAAa,GAAG,IAAI,CAAC,GAC9B/F;EACR,CAAC;AACH,CAAC;AAED,MAAMoG,4BAAoD,GAAG,MAAAA,CAC3Db,UAAU,EACVC,UAAU,EACVjE,CAAC,EACD8E,cAAc,EAAAC,MAAA,KAEX;EAAA,IAAAC,qBAAA,EAAAC,qBAAA;EAAA,IADH;IAAEb,uBAAuB;IAAE9F;EAAwB,CAAC,GAAAyG,MAAA;EAEpD,MAAMV,OAAO,GAAG,MAAMP,oBAAoB,CACxCG,UAAU,EACVD,UAAU,CAAC/C,IAAI,EACfmD,uBACF,CAAC;EAED,MAAME,gBAAgB,GAAGjD,mBAAmB,CAC1C2C,UAAU,CAACO,mCAAmC,EAC9CO,cAAc,EACdT,OAAO,EACP5F,SAAS,EACTH,uBACF,CAAC;EAED,MAAM4G,cAAc,GAAGlH,yBAAyB,CAC9CsG,gBAAgB,aAAhBA,gBAAgB,gBAAAU,qBAAA,GAAhBV,gBAAgB,CAAEa,WAAW,cAAAH,qBAAA,uBAA7BA,qBAAA,CAA+BzE,KACjC,CAAC;EACD,IAAI,CAAC2E,cAAc,EAAE;IACnB,MAAM,IAAIxH,aAAa,CAAE,kCAAiC,CAAC;EAC7D;EACAwH,cAAc,aAAdA,cAAc,uBAAdA,cAAc,CAAEE,OAAO,CAACF,cAAc,CAACG,OAAO,CAAC,CAAC,GAAG,CAAC,CAAC;EAErD,MAAMb,aAAa,GAAGxG,yBAAyB,CAC7CsG,gBAAgB,aAAhBA,gBAAgB,gBAAAW,qBAAA,GAAhBX,gBAAgB,CAAEgB,UAAU,cAAAL,qBAAA,uBAA5BA,qBAAA,CAA8B1E,KAChC,CAAC;EACDiE,aAAa,aAAbA,aAAa,uBAAbA,aAAa,CAAEY,OAAO,CAACZ,aAAa,CAACa,OAAO,CAAC,CAAC,GAAG,CAAC,CAAC;EAEnD,OAAO;IACLf,gBAAgB;IAChBG,UAAU,EAAES,cAAc,IAAI,IAAIR,IAAI,CAAC,CAAC;IACxCE,QAAQ,EAAEJ,aAAa,IAAI/F;EAC7B,CAAC;AACH,CAAC;;AAED;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,OAAO,MAAM8G,wBAAkD,GAAG,MAAAA,CAChEvB,UAAU,EACVC,UAAU,EACVnF,MAAM,EACNgG,cAAc,EACdU,OAAO,KACJ;EACH,IAAI1G,MAAM,KAAK,WAAW,EAAE;IAC1B,OAAOiF,6BAA6B,CAClCC,UAAU,EACVC,UAAU,EACVnF,MAAM,EACNgG,cAAc,EACdU,OACF,CAAC;EACH;EACA,IAAI1G,MAAM,KAAK,UAAU,EAAE;IACzB,OAAO+F,4BAA4B,CACjCb,UAAU,EACVC,UAAU,EACVnF,MAAM,EACNgG,cAAc,EACdU,OACF,CAAC;EACH;EAEA,MAAM,IAAI9H,aAAa,CAAE,kCAAiCoB,MAAO,EAAC,CAAC;AACrE,CAAC"}
+{"version":3,"names":["IoWalletError","SdJwt4VC","verify","verifySdJwt","getValueFromDisclosures","LogLevel","Logger","parseCredentialSdJwt","credentials_supported","_ref","sdJwt","disclosures","ignoreMissingAttributes","arguments","length","undefined","includeUndefinedAttributes","credentialSubject","payload","vct","log","ERROR","format","header","typ","claims","attrDefinitions","Object","entries","attrsNotInDisclosures","filter","_ref2","attrKey","some","_ref3","name","missing","map","_","join","received","definedValues","fromEntries","_ref4","_disclosures$find","definition","value","find","_ref5","display","reduce","names","_ref6","locale","undefinedValues","keys","includes","_ref7","key","verifyCredentialSdJwt","rawCredential","issuerKeys","holderBindingContext","decodedCredential","holderBindingKey","Promise","all","getPublicKey","cnf","jwk","kid","verifyAndParseCredentialSdJwt","issuerConf","credential","_ref8","credentialCryptoContext","decoded","openid_credential_issuer","jwks","DEBUG","JSON","stringify","parsedCredential","credential_configurations_supported","maybeIssuedAt","expiration","Date","exp","issuedAt","verifyAndParseCredential","context"],"sourceRoot":"../../../../src","sources":["credential/issuance/07-verify-and-parse-credential.ts"],"mappings":"AAGA,SAASA,aAAa,QAAQ,oBAAoB;AAClD,SAASC,QAAQ,QAAQ,oBAAoB;AAC7C,SAASC,MAAM,IAAIC,WAAW,QAAQ,cAAc;AACpD,SAASC,uBAAuB,QAAQ,yBAAyB;AAGjE,SAASC,QAAQ,EAAEC,MAAM,QAAQ,qBAAqB;;AAuBtD;;AAkBA;;AAKA,MAAMC,oBAAoB,GAAG,SAAAA,CAE3BC,qBAAgI,EAAAC,IAAA,EAI3G;EAAA,IAHrB;IAAEC,KAAK;IAAEC;EAAoC,CAAC,GAAAF,IAAA;EAAA,IAC9CG,uBAAgC,GAAAC,SAAA,CAAAC,MAAA,QAAAD,SAAA,QAAAE,SAAA,GAAAF,SAAA,MAAG,KAAK;EAAA,IACxCG,0BAAmC,GAAAH,SAAA,CAAAC,MAAA,QAAAD,SAAA,QAAAE,SAAA,GAAAF,SAAA,MAAG,KAAK;EAE3C,MAAMI,iBAAiB,GAAGT,qBAAqB,CAACE,KAAK,CAACQ,OAAO,CAACC,GAAG,CAAC;EAElE,IAAI,CAACF,iBAAiB,EAAE;IACtBX,MAAM,CAACc,GAAG,CACRf,QAAQ,CAACgB,KAAK,EACb,gDAA+CX,KAAK,CAACQ,OAAO,CAACC,GAAI,EACpE,CAAC;IACD,MAAM,IAAInB,aAAa,CAAC,6CAA6C,CAAC;EACxE;EAEA,IAAIiB,iBAAiB,CAACK,MAAM,KAAKZ,KAAK,CAACa,MAAM,CAACC,GAAG,EAAE;IACjDlB,MAAM,CAACc,GAAG,CACRf,QAAQ,CAACgB,KAAK,EACb,gEAA+DJ,iBAAiB,CAACK,MAAO,gBAAeZ,KAAK,CAACa,MAAM,CAACC,GAAI,GAC3H,CAAC;IACD,MAAM,IAAIxB,aAAa,CACpB,gEAA+DiB,iBAAiB,CAACK,MAAO,gBAAeZ,KAAK,CAACa,MAAM,CAACC,GAAI,KAC3H,CAAC;EACH;;EAEA;EACA,IAAI,CAACP,iBAAiB,CAACQ,MAAM,EAAE;IAC7BnB,MAAM,CAACc,GAAG,CAACf,QAAQ,CAACgB,KAAK,EAAE,0CAA0C,CAAC;IACtE,MAAM,IAAIrB,aAAa,CAAC,0CAA0C,CAAC,CAAC,CAAC;EACvE;;EACA,MAAM0B,eAAe,GAAGC,MAAM,CAACC,OAAO,CAACX,iBAAiB,CAACQ,MAAM,CAAC;;EAEhE;EACA,MAAMI,qBAAqB,GAAGH,eAAe,CAACI,MAAM,CAClDC,KAAA;IAAA,IAAC,CAACC,OAAO,CAAC,GAAAD,KAAA;IAAA,OAAK,CAACpB,WAAW,CAACsB,IAAI,CAACC,KAAA;MAAA,IAAC,GAAGC,IAAI,CAAC,GAAAD,KAAA;MAAA,OAAKC,IAAI,KAAKH,OAAO;IAAA,EAAC;EAAA,CAClE,CAAC;EACD,IAAIH,qBAAqB,CAACf,MAAM,GAAG,CAAC,EAAE;IACpC,MAAMsB,OAAO,GAAGP,qBAAqB,CAACQ,GAAG,CAAEC,CAAC,IAAKA,CAAC,CAAC,CAAC,CAAC,UAAU,CAAC,CAACC,IAAI,CAAC,IAAI,CAAC;IAC3E,MAAMC,QAAQ,GAAG7B,WAAW,CAAC0B,GAAG,CAAEC,CAAC,IAAKA,CAAC,CAAC,CAAC,CAAC,WAAW,CAAC,CAACC,IAAI,CAAC,IAAI,CAAC;IACnE,IAAI,CAAC3B,uBAAuB,EAAE;MAC5BN,MAAM,CAACc,GAAG,CACRf,QAAQ,CAACgB,KAAK,EACb,4DAA2De,OAAQ,iBAAgBI,QAAS,GAC/F,CAAC;MACD,MAAM,IAAIxC,aAAa,CACpB,4DAA2DoC,OAAQ,iBAAgBI,QAAS,GAC/F,CAAC;IACH;EACF;;EAEA;EACA;EACA,MAAMC,aAAa,GAAGd,MAAM,CAACe,WAAW,CACtChB;EACE;EAAA,CACCW,GAAG,CACFM,KAAA;IAAA,IAAAC,iBAAA;IAAA,IAAC,CAACZ,OAAO,EAAEa,UAAU,CAAC,GAAAF,KAAA;IAAA,OACpB,CACEX,OAAO,EACP;MACE,GAAGa,UAAU;MACbC,KAAK,GAAAF,iBAAA,GAAEjC,WAAW,CAACoC,IAAI,CACpBT,CAAC,IAAKA,CAAC,CAAC,CAAC,CAAC,WAAW,KAAKN,OAC7B,CAAC,cAAAY,iBAAA,uBAFMA,iBAAA,CAEH,CAAC,CAAC;IACR,CAAC,CACF;EAAA,CACL;EACA;EACA;EAAA,CACCP,GAAG,CACFW,KAAA;IAAA,IAAC,CAAChB,OAAO,EAAE;MAAEiB,OAAO;MAAE,GAAGJ;IAAW,CAAC,CAAC,GAAAG,KAAA;IAAA,OACpC,CACEhB,OAAO,EACP;MACE,GAAGa,UAAU;MACbV,IAAI,EAAEc,OAAO,CAACC,MAAM,CAClB,CAACC,KAAK,EAAAC,KAAA;QAAA,IAAE;UAAEC,MAAM;UAAElB;QAAK,CAAC,GAAAiB,KAAA;QAAA,OAAM;UAAE,GAAGD,KAAK;UAAE,CAACE,MAAM,GAAGlB;QAAK,CAAC;MAAA,CAAC,EAC3D,CAAC,CACH;IACF,CAAC,CACF;EAAA,CACL,CACJ,CAAC;EAED,IAAInB,0BAA0B,EAAE;IAC9B;IACA;IACA,MAAMsC,eAAe,GAAG3B,MAAM,CAACe,WAAW,CACxC/B,WAAW,CACRmB,MAAM,CAAEQ,CAAC,IAAK,CAACX,MAAM,CAAC4B,IAAI,CAACd,aAAa,CAAC,CAACe,QAAQ,CAAClB,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CACzDD,GAAG,CAACoB,KAAA;MAAA,IAAC,GAAGC,GAAG,EAAEZ,KAAK,CAAC,GAAAW,KAAA;MAAA,OAAK,CAACC,GAAG,EAAE;QAAEZ,KAAK;QAAEX,IAAI,EAAEuB;MAAI,CAAC,CAAC;IAAA,EACxD,CAAC;IACD,OAAO;MACL,GAAGjB,aAAa;MAChB,GAAGa;IACL,CAAC;EACH;EAEA,OAAOb,aAAa;AACtB,CAAC;;AAED;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,eAAekB,qBAAqBA,CAClCC,aAAqB,EACrBC,UAAiB,EACjBC,oBAAmC,EACF;EACjC,MAAM,CAACC,iBAAiB,EAAEC,gBAAgB,CAAC;EACzC;EACA,MAAMC,OAAO,CAACC,GAAG,CAAC,CAChB/D,WAAW,CAACyD,aAAa,EAAEC,UAAU,EAAE5D,QAAQ,CAAC,EAChD6D,oBAAoB,CAACK,YAAY,CAAC,CAAC,CACpC,CAAC;EAEJ,MAAM;IAAEC;EAAI,CAAC,GAAGL,iBAAiB,CAACrD,KAAK,CAACQ,OAAO;EAE/C,IAAI,CAACkD,GAAG,CAACC,GAAG,CAACC,GAAG,IAAIF,GAAG,CAACC,GAAG,CAACC,GAAG,KAAKN,gBAAgB,CAACM,GAAG,EAAE;IACxDhE,MAAM,CAACc,GAAG,CACRf,QAAQ,CAACgB,KAAK,EACb,kDAAiD2C,gBAAgB,CAACM,GAAI,UAASP,iBAAiB,CAACrD,KAAK,CAACQ,OAAO,CAACkD,GAAG,CAACC,GAAG,CAACC,GAAI,EAC9H,CAAC;IACD,MAAM,IAAItE,aAAa,CACpB,kDAAiDgE,gBAAgB,CAACM,GAAI,UAASP,iBAAiB,CAACrD,KAAK,CAACQ,OAAO,CAACkD,GAAG,CAACC,GAAG,CAACC,GAAI,EAC9H,CAAC;EACH;EAEA,OAAOP,iBAAiB;AAC1B;;AAEA;;AAQA,MAAMQ,6BAAsD,GAAG,MAAAA,CAC7DC,UAAU,EACVC,UAAU,EACVnC,CAAC,EAAAoC,KAAA,KAME;EAAA,IALH;IACEC,uBAAuB;IACvB/D,uBAAuB;IACvBI;EACF,CAAC,GAAA0D,KAAA;EAED,MAAME,OAAO,GAAG,MAAMjB,qBAAqB,CACzCc,UAAU,EACVD,UAAU,CAACK,wBAAwB,CAACC,IAAI,CAACvB,IAAI,EAC7CoB,uBACF,CAAC;EAEDrE,MAAM,CAACc,GAAG,CAACf,QAAQ,CAAC0E,KAAK,EAAG,uBAAsBC,IAAI,CAACC,SAAS,CAACL,OAAO,CAAE,EAAC,CAAC;EAE5E,MAAMM,gBAAgB,GAAG3E,oBAAoB,CAC3CiE,UAAU,CAACK,wBAAwB,CAACM,mCAAmC,EACvEP,OAAO,EACPhE,uBAAuB,EACvBI,0BACF,CAAC;EACD,MAAMoE,aAAa,GAAGhF,uBAAuB,CAACwE,OAAO,CAACjE,WAAW,EAAE,KAAK,CAAC;EAEzEL,MAAM,CAACc,GAAG,CACRf,QAAQ,CAAC0E,KAAK,EACb,sBAAqBC,IAAI,CAACC,SAAS,CAACC,gBAAgB,CAAE,gBAAeE,aAAc,EACtF,CAAC;EAED,OAAO;IACLF,gBAAgB;IAChBG,UAAU,EAAE,IAAIC,IAAI,CAACV,OAAO,CAAClE,KAAK,CAACQ,OAAO,CAACqE,GAAG,GAAG,IAAI,CAAC;IACtDC,QAAQ,EACN,OAAOJ,aAAa,KAAK,QAAQ,GAC7B,IAAIE,IAAI,CAACF,aAAa,GAAG,IAAI,CAAC,GAC9BrE;EACR,CAAC;AACH,CAAC;;AAED;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,OAAO,MAAM0E,wBAAkD,GAAG,MAAAA,CAChEjB,UAAU,EACVC,UAAU,EACVnD,MAAM,EACNoE,OAAO,KACJ;EACH,IAAIpE,MAAM,KAAK,WAAW,EAAE;IAC1BhB,MAAM,CAACc,GAAG,CAACf,QAAQ,CAAC0E,KAAK,EAAE,wCAAwC,CAAC;IACpE,OAAOR,6BAA6B,CAClCC,UAAU,EACVC,UAAU,EACVnD,MAAM,EACNoE,OACF,CAAC;EACH;EAEApF,MAAM,CAACc,GAAG,CAACf,QAAQ,CAACgB,KAAK,EAAG,kCAAiCC,MAAO,EAAC,CAAC;EACtE,MAAM,IAAItB,aAAa,CAAE,kCAAiCsB,MAAO,EAAC,CAAC;AACrE,CAAC"}

package/lib/module/credential/issuance/README.md

@@ -6,7 +6,7 @@ There's a fork in the flow which is based on the type of the credential that is
 This is due to the fact that eID credentials require a different authorization flow than other credentials, which is accomplished by a strong authentication method like SPID or CIE.
 Credentials instead require a simpler authorization flow and they require other credentials to be presented in order to be issued.
 
-The supported credentials are defined in the entity configuration of the issuer which is evaluted and parsed in the `getIssuerConfig` step.
+The supported credentials are defined in the entity configuration of the issuer which is evaluted and parsed in the `evaluateIssuerTrust` step.
 
 ## Sequence Diagram
 
@@ -14,7 +14,7 @@ The supported credentials are defined in the entity configuration of the issuer
 graph TD;
     0[WalletInstanceAttestation.getAttestation]
     1[startFlow]
-    2[getIssuerConfig]
+    2[evaluateIssuerTrust]
     3[startUserAuthorization]
     C4[getRequestedCredentialToBePresented]
     C4.1[completeUserAuthorizationWithFormPostJwtMode]
@@ -41,9 +41,12 @@ graph TD;
 
 The following errors are mapped to a `IssuerResponseError` with specific codes.
 
-| HTTP Status | Error Code                 | Description                                                                                           |
-| ----------- | -------------------------- | ----------------------------------------------------------------------------------------------------- |
-| `*`         | `ERR_ISSUER_GENERIC_ERROR` | This is a generic error code to map unexpected errors that occurred when interacting with the Issuer. |
+|HTTP Status|Error Code|Description|
+|-----------|----------|-----------|
+|`201 Created`|`ERR_CREDENTIAL_ISSUING_NOT_SYNCHRONOUS`| This response is returned by the credential issuer when the request has been queued because the credential cannot be issued synchronously. The consumer should try to obtain the credential at a later time. Although `201 Created` is not considered an error, it is mapped as an error in this context in order to handle the case where the credential issuance is not synchronous. This allows keeping the flow consistent and handle the case where the credential is not immediately available.|
+|`403 Forbidden`|`ERR_CREDENTIAL_INVALID_STATUS`|This response is returned by the credential issuer when the requested credential has an invalid status. It might contain more details in the `reason` property.|
+|`404 Not Found`|`ERR_CREDENTIAL_INVALID_STATUS`| This response is returned by the credential issuer when the authenticated user is not entitled to receive the requested credential. It might contain more details in the `reason` property.|
+|`*`|`ERR_ISSUER_GENERIC_ERROR`|This is a generic error code to map unexpected errors that occurred when interacting with the Issuer.|
 
 ## Strong authentication for eID issuance (Query Mode)
 
@@ -105,7 +108,7 @@ const eid = {
 const eidCryptoContext = createCryptoContextFor(eid.keyTag);
 
 // Create credential crypto context
-const credentialKeyTag = uuid.v4().toString();
+const credentialKeyTag = uuidv4().toString();
 await generate(credentialKeyTag); // Let's assume this function generates a new hardware-backed key pair
 const credentialCryptoContext = createCryptoContextFor(credentialKeyTag);
 
@@ -118,7 +121,7 @@ const startFlow: Credential.Issuance.StartFlow = () => ({
 const { issuerUrl } = startFlow();
 
 // Evaluate issuer trust
-const { issuerConf } = await Credential.Issuance.getIssuerConfig(issuerUrl);
+const { issuerConf } = await Credential.Issuance.evaluateIssuerTrust(issuerUrl);
 
 // Start user authorization
 const { issuerRequestUri, clientId, codeVerifier, credentialDefinition } =
@@ -241,23 +244,24 @@ const authorizationContext = idpHint.includes("servizicie")
  * Create credential crypto context for the PID
  * WARNING: The eID keytag must be persisted and later used when requesting a credential which requires a eID presentation
  */
-const credentialKeyTag = uuid.v4().toString();
+const credentialKeyTag = uuidv4().toString();
 await generate(credentialKeyTag);
 const credentialCryptoContext = createCryptoContextFor(credentialKeyTag);
 
 // Start the issuance flow
 const startFlow: Credential.Issuance.StartFlow = () => ({
   issuerUrl: WALLET_EID_PROVIDER_BASE_URL,
-  credentialType: "urn:eu.europa.ec.eudi:pid:1",
+  credentialType: "PersonIdentificationData",
   appFetch,
 });
 
 const { issuerUrl } = startFlow();
 
 // Evaluate issuer trust
-const { issuerConf } = await Credential.Issuance.getIssuerConfig(issuerUrl, {
-  appFetch,
-});
+const { issuerConf } = await Credential.Issuance.evaluateIssuerTrust(
+  issuerUrl,
+  { appFetch }
+);
 
 // Start user authorization
 const { issuerRequestUri, clientId, codeVerifier, credentialDefinition } =
@@ -311,13 +315,12 @@ const { credential, format } = await Credential.Issuance.obtainCredential(
 );
 
 // Parse and verify the eID credential
-const { parsedCredential, issuedAt, expiration } =
-  await Credential.Issuance.verifyAndParseCredential(
-    issuerConf,
-    credential,
-    format,
-    { credentialCryptoContext }
-  );
+const { parsedCredential, issuedAt, expiration } = await Credential.Issuance.verifyAndParseCredential(
+  issuerConf,
+  credential,
+  format,
+  { credentialCryptoContext }
+);
 
 return {
   parsedCredential,
@@ -325,7 +328,7 @@ return {
   keyTag: credentialKeyTag,
   credentialType,
   issuedAt,
-  expiration,
+  expiration
 };
 ```
 

package/lib/module/credential/issuance/const.js

@@ -1,4 +1,4 @@
 import * as z from "zod";
 export const ASSERTION_TYPE = "urn:ietf:params:oauth:client-assertion-type:jwt-client-attestation";
-export const SupportedCredentialFormat = z.union([z.literal("vc+sd-jwt"), z.literal("mso_mdoc")]);
+export const SupportedCredentialFormat = z.union([z.literal("vc+sd-jwt"), z.literal("vc+mdoc-cbor")]);
 //# sourceMappingURL=const.js.map

package/lib/module/credential/issuance/const.js.map

@@ -1 +1 @@
-{"version":3,"names":["z","ASSERTION_TYPE","SupportedCredentialFormat","union","literal"],"sourceRoot":"../../../../src","sources":["credential/issuance/const.ts"],"mappings":"AAAA,OAAO,KAAKA,CAAC,MAAM,KAAK;AACxB,OAAO,MAAMC,cAAc,GACzB,oEAAoE;AAKtE,OAAO,MAAMC,yBAAyB,GAAGF,CAAC,CAACG,KAAK,CAAC,CAC/CH,CAAC,CAACI,OAAO,CAAC,WAAW,CAAC,EACtBJ,CAAC,CAACI,OAAO,CAAC,UAAU,CAAC,CACtB,CAAC"}
+{"version":3,"names":["z","ASSERTION_TYPE","SupportedCredentialFormat","union","literal"],"sourceRoot":"../../../../src","sources":["credential/issuance/const.ts"],"mappings":"AAAA,OAAO,KAAKA,CAAC,MAAM,KAAK;AACxB,OAAO,MAAMC,cAAc,GACzB,oEAAoE;AAKtE,OAAO,MAAMC,yBAAyB,GAAGF,CAAC,CAACG,KAAK,CAAC,CAC/CH,CAAC,CAACI,OAAO,CAAC,WAAW,CAAC,EACtBJ,CAAC,CAACI,OAAO,CAAC,cAAc,CAAC,CAC1B,CAAC"}

package/lib/module/credential/issuance/index.js

@@ -1,9 +1,9 @@
-import { getIssuerConfig } from "./02-get-issuer-config";
+import { evaluateIssuerTrust } from "./02-evaluate-issuer-trust";
 import { startUserAuthorization } from "./03-start-user-authorization";
 import { completeUserAuthorizationWithQueryMode, completeUserAuthorizationWithFormPostJwtMode, parseAuthorizationResponse, buildAuthorizationUrl, getRequestedCredentialToBePresented } from "./04-complete-user-authorization";
 import { authorizeAccess } from "./05-authorize-access";
 import { obtainCredential } from "./06-obtain-credential";
 import { verifyAndParseCredential } from "./07-verify-and-parse-credential";
 import * as Errors from "./errors";
-export { getIssuerConfig, startUserAuthorization, buildAuthorizationUrl, completeUserAuthorizationWithQueryMode, getRequestedCredentialToBePresented, completeUserAuthorizationWithFormPostJwtMode, authorizeAccess, obtainCredential, verifyAndParseCredential, parseAuthorizationResponse, Errors };
+export { evaluateIssuerTrust, startUserAuthorization, buildAuthorizationUrl, completeUserAuthorizationWithQueryMode, getRequestedCredentialToBePresented, completeUserAuthorizationWithFormPostJwtMode, authorizeAccess, obtainCredential, verifyAndParseCredential, parseAuthorizationResponse, Errors };
 //# sourceMappingURL=index.js.map

package/lib/module/credential/issuance/index.js.map

@@ -1 +1 @@
-{"version":3,"names":["getIssuerConfig","startUserAuthorization","completeUserAuthorizationWithQueryMode","completeUserAuthorizationWithFormPostJwtMode","parseAuthorizationResponse","buildAuthorizationUrl","getRequestedCredentialToBePresented","authorizeAccess","obtainCredential","verifyAndParseCredential","Errors"],"sourceRoot":"../../../../src","sources":["credential/issuance/index.ts"],"mappings":"AACA,SAASA,eAAe,QAA8B,wBAAwB;AAC9E,SACEC,sBAAsB,QAEjB,+BAA+B;AACtC,SACEC,sCAAsC,EACtCC,4CAA4C,EAC5CC,0BAA0B,EAC1BC,qBAAqB,EAKrBC,mCAAmC,QAC9B,kCAAkC;AACzC,SAASC,eAAe,QAA8B,uBAAuB;AAC7E,SACEC,gBAAgB,QAEX,wBAAwB;AAC/B,SACEC,wBAAwB,QAEnB,kCAAkC;AACzC,OAAO,KAAKC,MAAM,MAAM,UAAU;AAElC,SACEV,eAAe,EACfC,sBAAsB,EACtBI,qBAAqB,EACrBH,sCAAsC,EACtCI,mCAAmC,EACnCH,4CAA4C,EAC5CI,eAAe,EACfC,gBAAgB,EAChBC,wBAAwB,EACxBL,0BAA0B,EAC1BM,MAAM"}
+{"version":3,"names":["evaluateIssuerTrust","startUserAuthorization","completeUserAuthorizationWithQueryMode","completeUserAuthorizationWithFormPostJwtMode","parseAuthorizationResponse","buildAuthorizationUrl","getRequestedCredentialToBePresented","authorizeAccess","obtainCredential","verifyAndParseCredential","Errors"],"sourceRoot":"../../../../src","sources":["credential/issuance/index.ts"],"mappings":"AACA,SACEA,mBAAmB,QAEd,4BAA4B;AACnC,SACEC,sBAAsB,QAEjB,+BAA+B;AACtC,SACEC,sCAAsC,EACtCC,4CAA4C,EAC5CC,0BAA0B,EAC1BC,qBAAqB,EAKrBC,mCAAmC,QAC9B,kCAAkC;AACzC,SAASC,eAAe,QAA8B,uBAAuB;AAC7E,SACEC,gBAAgB,QAEX,wBAAwB;AAC/B,SACEC,wBAAwB,QAEnB,kCAAkC;AACzC,OAAO,KAAKC,MAAM,MAAM,UAAU;AAElC,SACEV,mBAAmB,EACnBC,sBAAsB,EACtBI,qBAAqB,EACrBH,sCAAsC,EACtCI,mCAAmC,EACnCH,4CAA4C,EAC5CI,eAAe,EACfC,gBAAgB,EAChBC,wBAAwB,EACxBL,0BAA0B,EAC1BM,MAAM"}

package/lib/module/credential/presentation/01-start-flow.js

@@ -1,37 +1,36 @@
 import * as z from "zod";
-import { ValidationFailed } from "../../utils/errors";
+import { InvalidQRCodeError } from "./errors";
 const PresentationParams = z.object({
-  clientId: z.string().nonempty(),
-  requestUri: z.string().url()
+  client_id: z.string().nonempty(),
+  request_uri: z.string().url(),
+  request_uri_method: z.enum(["get", "post"]),
+  state: z.string().optional()
 });
 
 /**
  * The beginning of the presentation flow.
  * To be implemented accordind to the user touchpoint
  *
- * @param Optional parameters, depending on the starting touchoint
+ * @param params Presentation parameters, depending on the starting touchpoint
  * @returns The url for the Relying Party to connect with
  */
 
 /**
- * Start a presentation flow by decoding the parameters needed to start the presentation flow.
+ * Start a presentation flow by validating the required parameters.
+ * Parameters are extracted from a url encoded in a QR code or in a deep link.
  *
- * @param qrcode The encoded QR-code content
+ * @param params The parameters to be validated
  * @returns The url for the Relying Party to connect with
- * @throws If the provided qr code fails to be decoded
+ * @throws If the provided parameters are not valid
  */
-export const startFlowFromQR = (requestUri, clientId) => {
+export const startFlowFromQR = params => {
   const result = PresentationParams.safeParse({
-    requestUri,
-    clientId
+    ...params,
+    request_uri_method: params.request_uri_method ?? "get"
   });
   if (result.success) {
     return result.data;
-  } else {
-    throw new ValidationFailed({
-      message: "Invalid parameters provided",
-      reason: result.error.message
-    });
   }
+  throw new InvalidQRCodeError(result.error.message);
 };
 //# sourceMappingURL=01-start-flow.js.map

package/lib/module/credential/presentation/01-start-flow.js.map

@@ -1 +1 @@
-{"version":3,"names":["z","ValidationFailed","PresentationParams","object","clientId","string","nonempty","requestUri","url","startFlowFromQR","result","safeParse","success","data","message","reason","error"],"sourceRoot":"../../../../src","sources":["credential/presentation/01-start-flow.ts"],"mappings":"AAAA,OAAO,KAAKA,CAAC,MAAM,KAAK;AACxB,SAASC,gBAAgB,QAAQ,oBAAoB;AAErD,MAAMC,kBAAkB,GAAGF,CAAC,CAACG,MAAM,CAAC;EAClCC,QAAQ,EAAEJ,CAAC,CAACK,MAAM,CAAC,CAAC,CAACC,QAAQ,CAAC,CAAC;EAC/BC,UAAU,EAAEP,CAAC,CAACK,MAAM,CAAC,CAAC,CAACG,GAAG,CAAC;AAC7B,CAAC,CAAC;;AAEF;AACA;AACA;AACA;AACA;AACA;AACA;;AAMA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,OAAO,MAAMC,eAA4C,GAAGA,CAC1DF,UAAkB,EAClBH,QAAgB,KACb;EACH,MAAMM,MAAM,GAAGR,kBAAkB,CAACS,SAAS,CAAC;IAC1CJ,UAAU;IACVH;EACF,CAAC,CAAC;EAEF,IAAIM,MAAM,CAACE,OAAO,EAAE;IAClB,OAAOF,MAAM,CAACG,IAAI;EACpB,CAAC,MAAM;IACL,MAAM,IAAIZ,gBAAgB,CAAC;MACzBa,OAAO,EAAE,6BAA6B;MACtCC,MAAM,EAAEL,MAAM,CAACM,KAAK,CAACF;IACvB,CAAC,CAAC;EACJ;AACF,CAAC"}
+{"version":3,"names":["z","InvalidQRCodeError","PresentationParams","object","client_id","string","nonempty","request_uri","url","request_uri_method","enum","state","optional","startFlowFromQR","params","result","safeParse","success","data","error","message"],"sourceRoot":"../../../../src","sources":["credential/presentation/01-start-flow.ts"],"mappings":"AAAA,OAAO,KAAKA,CAAC,MAAM,KAAK;AACxB,SAASC,kBAAkB,QAAQ,UAAU;AAE7C,MAAMC,kBAAkB,GAAGF,CAAC,CAACG,MAAM,CAAC;EAClCC,SAAS,EAAEJ,CAAC,CAACK,MAAM,CAAC,CAAC,CAACC,QAAQ,CAAC,CAAC;EAChCC,WAAW,EAAEP,CAAC,CAACK,MAAM,CAAC,CAAC,CAACG,GAAG,CAAC,CAAC;EAC7BC,kBAAkB,EAAET,CAAC,CAACU,IAAI,CAAC,CAAC,KAAK,EAAE,MAAM,CAAC,CAAC;EAC3CC,KAAK,EAAEX,CAAC,CAACK,MAAM,CAAC,CAAC,CAACO,QAAQ,CAAC;AAC7B,CAAC,CAAC;;AAGF;AACA;AACA;AACA;AACA;AACA;AACA;;AAKA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,OAAO,MAAMC,eAA0B,GAAIC,MAAM,IAAK;EACpD,MAAMC,MAAM,GAAGb,kBAAkB,CAACc,SAAS,CAAC;IAC1C,GAAGF,MAAM;IACTL,kBAAkB,EAAEK,MAAM,CAACL,kBAAkB,IAAI;EACnD,CAAC,CAAC;EAEF,IAAIM,MAAM,CAACE,OAAO,EAAE;IAClB,OAAOF,MAAM,CAACG,IAAI;EACpB;EAEA,MAAM,IAAIjB,kBAAkB,CAACc,MAAM,CAACI,KAAK,CAACC,OAAO,CAAC;AACpD,CAAC"}

package/lib/module/credential/presentation/02-evaluate-rp-trust.js

@@ -1,4 +1,4 @@
-import { getRelyingPartyEntityConfiguration } from "../../entity/trust/index";
+import { getRelyingPartyEntityConfiguration } from "../../trust";
 /**
  * The Relying Party trust evaluation phase.
  * Fetch the  Relying Party's configuration and verify trust.
@@ -13,13 +13,15 @@ export const evaluateRelyingPartyTrust = async function (rpUrl) {
   } = arguments.length > 1 && arguments[1] !== undefined ? arguments[1] : {};
   const {
     payload: {
-      metadata: rpConf
+      metadata: rpConf,
+      sub
     }
   } = await getRelyingPartyEntityConfiguration(rpUrl, {
     appFetch
   });
   return {
-    rpConf
+    rpConf,
+    subject: sub
   };
 };
 //# sourceMappingURL=02-evaluate-rp-trust.js.map

package/lib/module/credential/presentation/02-evaluate-rp-trust.js.map

@@ -1 +1 @@
-{"version":3,"names":["getRelyingPartyEntityConfiguration","evaluateRelyingPartyTrust","rpUrl","appFetch","fetch","arguments","length","undefined","payload","metadata","rpConf"],"sourceRoot":"../../../../src","sources":["credential/presentation/02-evaluate-rp-trust.ts"],"mappings":"AAAA,SAASA,kCAAkC,QAAQ,0BAA0B;AAc7E;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,OAAO,MAAMC,yBAAoD,GAAG,eAAAA,CAClEC,KAAK,EAEF;EAAA,IADH;IAAEC,QAAQ,GAAGC;EAAM,CAAC,GAAAC,SAAA,CAAAC,MAAA,QAAAD,SAAA,QAAAE,SAAA,GAAAF,SAAA,MAAG,CAAC,CAAC;EAEzB,MAAM;IACJG,OAAO,EAAE;MAAEC,QAAQ,EAAEC;IAAO;EAC9B,CAAC,GAAG,MAAMV,kCAAkC,CAACE,KAAK,EAAE;IAClDC;EACF,CAAC,CAAC;EACF,OAAO;IAAEO;EAAO,CAAC;AACnB,CAAC"}
+{"version":3,"names":["getRelyingPartyEntityConfiguration","evaluateRelyingPartyTrust","rpUrl","appFetch","fetch","arguments","length","undefined","payload","metadata","rpConf","sub","subject"],"sourceRoot":"../../../../src","sources":["credential/presentation/02-evaluate-rp-trust.ts"],"mappings":"AAAA,SAASA,kCAAkC,QAAQ,aAAa;AAehE;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,OAAO,MAAMC,yBAAoD,GAAG,eAAAA,CAClEC,KAAK,EAEF;EAAA,IADH;IAAEC,QAAQ,GAAGC;EAAM,CAAC,GAAAC,SAAA,CAAAC,MAAA,QAAAD,SAAA,QAAAE,SAAA,GAAAF,SAAA,MAAG,CAAC,CAAC;EAEzB,MAAM;IACJG,OAAO,EAAE;MAAEC,QAAQ,EAAEC,MAAM;MAAEC;IAAI;EACnC,CAAC,GAAG,MAAMX,kCAAkC,CAACE,KAAK,EAAE;IAClDC;EACF,CAAC,CAAC;EACF,OAAO;IAAEO,MAAM;IAAEE,OAAO,EAAED;EAAI,CAAC;AACjC,CAAC"}