@pagopa/io-react-native-wallet 1.7.1 → 2.0.0-next.1

package/lib/commonjs/trust/errors.js

@@ -0,0 +1,133 @@
+"use strict";
+
+Object.defineProperty(exports, "__esModule", {
+  value: true
+});
+exports.X509ValidationError = exports.TrustChainTokenMissingError = exports.TrustChainRenewalError = exports.TrustChainEmptyError = exports.TrustAnchorKidMissingError = exports.RelyingPartyNotAuthorizedError = exports.MissingX509CertsError = exports.MissingFederationFetchEndpointError = exports.FederationListParseError = exports.FederationError = exports.BuildTrustChainError = void 0;
+var _errors = require("../utils/errors");
+// Ensure this path is correct
+
+/**
+ * Base class for all federation-specific errors.
+ */
+class FederationError extends _errors.IoWalletError {
+  constructor(message, details) {
+    super(details ? (0, _errors.serializeAttrs)({
+      message,
+      ...details
+    }) : message);
+    this.name = this.constructor.name;
+  }
+}
+
+/**
+ * Error thrown when a trust chain is unexpectedly empty.
+ */
+exports.FederationError = FederationError;
+class TrustChainEmptyError extends FederationError {
+  code = "ERR_FED_TRUST_CHAIN_EMPTY";
+  constructor() {
+    let message = arguments.length > 0 && arguments[0] !== undefined ? arguments[0] : "Trust chain cannot be empty.";
+    super(message, undefined);
+  }
+}
+
+/**
+ * Error thrown when a token is unexpectedly missing from a trust chain during processing.
+ */
+exports.TrustChainEmptyError = TrustChainEmptyError;
+class TrustChainTokenMissingError extends FederationError {
+  code = "ERR_FED_TRUST_CHAIN_TOKEN_MISSING";
+  constructor(message, details) {
+    super(message, details);
+  }
+}
+
+/**
+ * Error thrown when renewing a trust chain fails.
+ * This class itself might be used or could be considered a more general renewal error.
+ */
+exports.TrustChainTokenMissingError = TrustChainTokenMissingError;
+class TrustChainRenewalError extends FederationError {
+  code = "ERR_FED_TRUST_CHAIN_RENEWAL_FAILED";
+  constructor(message, details) {
+    super(message, details);
+  }
+}
+exports.TrustChainRenewalError = TrustChainRenewalError;
+class FederationListParseError extends FederationError {
+  code = "ERR_FED_FEDERATION_LIST_PARSE_FAILED";
+  constructor(message, details) {
+    super(message, details);
+  }
+}
+
+/**
+ * General error thrown during the trust chain building process.
+ */
+exports.FederationListParseError = FederationListParseError;
+class BuildTrustChainError extends FederationError {
+  code = "ERR_FED_BUILD_TRUST_CHAIN_FAILED";
+  constructor(message, details) {
+    super(message, details);
+  }
+}
+
+/**
+ * Error thrown when the Trust Anchor's key is missing a 'kid'.
+ */
+exports.BuildTrustChainError = BuildTrustChainError;
+class TrustAnchorKidMissingError extends FederationError {
+  code = "ERR_FED_TRUST_ANCHOR_KID_MISSING";
+  constructor() {
+    let message = arguments.length > 0 && arguments[0] !== undefined ? arguments[0] : "Missing 'kid' in provided Trust Anchor key.";
+    super(message, undefined);
+  }
+}
+
+/**
+ * Error thrown if the Relying Party is not found in the Trust Anchor's federation list.
+ */
+exports.TrustAnchorKidMissingError = TrustAnchorKidMissingError;
+class RelyingPartyNotAuthorizedError extends FederationError {
+  code = "ERR_FED_RELYING_PARTY_NOT_AUTHORIZED";
+  constructor(message, details) {
+    super(message, details);
+  }
+}
+
+/**
+ * Error thrown when a 'federation_fetch_endpoint' is missing in an entity's configuration.
+ */
+exports.RelyingPartyNotAuthorizedError = RelyingPartyNotAuthorizedError;
+class MissingFederationFetchEndpointError extends FederationError {
+  code = "ERR_FED_MISSING_FEDERATION_FETCH_ENDPOINT";
+  constructor(message, details) {
+    super(message, details);
+  }
+}
+
+/**
+ * Error thrown when the X.509 certificate chain is missing in an entity's configuration.
+ */
+exports.MissingFederationFetchEndpointError = MissingFederationFetchEndpointError;
+class MissingX509CertsError extends FederationError {
+  code = "ERR_FED_MISSING_X509_CERTS";
+  constructor(message) {
+    super(message, undefined);
+  }
+}
+
+/**
+ * Error thrown when an X.509 certificate validation fails.
+ * This is used to indicate issues with the certificate chain or signature verification.
+ */
+exports.MissingX509CertsError = MissingX509CertsError;
+class X509ValidationError extends FederationError {
+  code = "ERR_FED_X509_VALIDATION_FAILED";
+  constructor(message, details) {
+    super(message, details);
+  }
+}
+exports.X509ValidationError = X509ValidationError;
+//# sourceMappingURL=errors.js.map

package/lib/commonjs/trust/errors.js.map

@@ -0,0 +1 @@
+{"version":3,"names":["_errors","require","FederationError","IoWalletError","constructor","message","details","serializeAttrs","name","exports","TrustChainEmptyError","code","arguments","length","undefined","TrustChainTokenMissingError","TrustChainRenewalError","FederationListParseError","BuildTrustChainError","TrustAnchorKidMissingError","RelyingPartyNotAuthorizedError","MissingFederationFetchEndpointError","MissingX509CertsError","X509ValidationError"],"sourceRoot":"../../../src","sources":["trust/errors.ts"],"mappings":";;;;;;AAAA,IAAAA,OAAA,GAAAC,OAAA;AACmF;;AAEnF;AACA;AACA;AACO,MAAMC,eAAe,SAASC,qBAAa,CAAC;EACjDC,WAAWA,CAACC,OAAe,EAAEC,OAAiC,EAAE;IAC9D,KAAK,CAACA,OAAO,GAAG,IAAAC,sBAAc,EAAC;MAAEF,OAAO;MAAE,GAAGC;IAAQ,CAAC,CAAC,GAAGD,OAAO,CAAC;IAClE,IAAI,CAACG,IAAI,GAAG,IAAI,CAACJ,WAAW,CAACI,IAAI;EACnC;AACF;;AAEA;AACA;AACA;AAFAC,OAAA,CAAAP,eAAA,GAAAA,eAAA;AAGO,MAAMQ,oBAAoB,SAASR,eAAe,CAAC;EACxDS,IAAI,GAAG,2BAA2B;EAClCP,WAAWA,CAAA,EAA2C;IAAA,IAA1CC,OAAO,GAAAO,SAAA,CAAAC,MAAA,QAAAD,SAAA,QAAAE,SAAA,GAAAF,SAAA,MAAG,8BAA8B;IAClD,KAAK,CAACP,OAAO,EAAES,SAAS,CAAC;EAC3B;AACF;;AAEA;AACA;AACA;AAFAL,OAAA,CAAAC,oBAAA,GAAAA,oBAAA;AAGO,MAAMK,2BAA2B,SAASb,eAAe,CAAC;EAC/DS,IAAI,GAAG,mCAAmC;EAC1CP,WAAWA,CAACC,OAAe,EAAEC,OAA4B,EAAE;IACzD,KAAK,CAACD,OAAO,EAAEC,OAAO,CAAC;EACzB;AACF;;AAEA;AACA;AACA;AACA;AAHAG,OAAA,CAAAM,2BAAA,GAAAA,2BAAA;AAIO,MAAMC,sBAAsB,SAASd,eAAe,CAAC;EAC1DS,IAAI,GAAG,oCAAoC;EAC3CP,WAAWA,CACTC,OAAe,EACfC,OAA8D,EAC9D;IACA,KAAK,CAACD,OAAO,EAAEC,OAAO,CAAC;EACzB;AACF;AAACG,OAAA,CAAAO,sBAAA,GAAAA,sBAAA;AAEM,MAAMC,wBAAwB,SAASf,eAAe,CAAC;EAC5DS,IAAI,GAAG,sCAAsC;EAC7CP,WAAWA,CAACC,OAAe,EAAEC,OAA6C,EAAE;IAC1E,KAAK,CAACD,OAAO,EAAEC,OAAO,CAAC;EACzB;AACF;;AAEA;AACA;AACA;AAFAG,OAAA,CAAAQ,wBAAA,GAAAA,wBAAA;AAGO,MAAMC,oBAAoB,SAAShB,eAAe,CAAC;EACxDS,IAAI,GAAG,kCAAkC;EACzCP,WAAWA,CACTC,OAAe,EACfC,OAIC,EACD;IACA,KAAK,CAACD,OAAO,EAAEC,OAAO,CAAC;EACzB;AACF;;AAEA;AACA;AACA;AAFAG,OAAA,CAAAS,oBAAA,GAAAA,oBAAA;AAGO,MAAMC,0BAA0B,SAASjB,eAAe,CAAC;EAC9DS,IAAI,GAAG,kCAAkC;EACzCP,WAAWA,CAAA,EAA0D;IAAA,IAAzDC,OAAO,GAAAO,SAAA,CAAAC,MAAA,QAAAD,SAAA,QAAAE,SAAA,GAAAF,SAAA,MAAG,6CAA6C;IACjE,KAAK,CAACP,OAAO,EAAES,SAAS,CAAC;EAC3B;AACF;;AAEA;AACA;AACA;AAFAL,OAAA,CAAAU,0BAAA,GAAAA,0BAAA;AAGO,MAAMC,8BAA8B,SAASlB,eAAe,CAAC;EAClES,IAAI,GAAG,sCAAsC;EAC7CP,WAAWA,CACTC,OAAe,EACfC,OAAqE,EACrE;IACA,KAAK,CAACD,OAAO,EAAEC,OAAO,CAAC;EACzB;AACF;;AAEA;AACA;AACA;AAFAG,OAAA,CAAAW,8BAAA,GAAAA,8BAAA;AAGO,MAAMC,mCAAmC,SAASnB,eAAe,CAAC;EACvES,IAAI,GAAG,2CAA2C;EAClDP,WAAWA,CACTC,OAAe,EACfC,OAA8D,EAC9D;IACA,KAAK,CAACD,OAAO,EAAEC,OAAO,CAAC;EACzB;AACF;;AAEA;AACA;AACA;AAFAG,OAAA,CAAAY,mCAAA,GAAAA,mCAAA;AAGO,MAAMC,qBAAqB,SAASpB,eAAe,CAAC;EACzDS,IAAI,GAAG,4BAA4B;EACnCP,WAAWA,CAACC,OAAe,EAAE;IAC3B,KAAK,CAACA,OAAO,EAAES,SAAS,CAAC;EAC3B;AACF;;AAEA;AACA;AACA;AACA;AAHAL,OAAA,CAAAa,qBAAA,GAAAA,qBAAA;AAIO,MAAMC,mBAAmB,SAASrB,eAAe,CAAC;EACvDS,IAAI,GAAG,gCAAgC;EACvCP,WAAWA,CACTC,OAAe,EACfC,OAMC,EACD;IACA,KAAK,CAACD,OAAO,EAAEC,OAAO,CAAC;EACzB;AACF;AAACG,OAAA,CAAAc,mBAAA,GAAAA,mBAAA"}

package/lib/commonjs/trust/index.js

@@ -0,0 +1,288 @@
+"use strict";
+
+Object.defineProperty(exports, "__esModule", {
+  value: true
+});
+exports.buildTrustChain = buildTrustChain;
+exports.getEntityConfiguration = exports.getCredentialIssuerEntityConfiguration = void 0;
+exports.getEntityStatement = getEntityStatement;
+exports.getFederationList = getFederationList;
+exports.getRelyingPartyEntityConfiguration = void 0;
+exports.getSignedEntityConfiguration = getSignedEntityConfiguration;
+exports.getSignedEntityStatement = getSignedEntityStatement;
+exports.getWalletProviderEntityConfiguration = exports.getTrustAnchorEntityConfiguration = void 0;
+exports.verifyTrustChain = verifyTrustChain;
+var _utils = require("./utils");
+var _ioReactNativeJwt = require("@pagopa/io-react-native-jwt");
+var _types = require("./types");
+var _chain = require("./chain");
+var _misc = require("../utils/misc");
+var _errors = require("./errors");
+/**
+ * Verify a given trust chain is actually valid.
+ * It can handle fast chain renewal, which means we try to fetch a fresh version of each statement.
+ *
+ * @param trustAnchorEntity The entity configuration of the known trust anchor
+ * @param chain The chain of statements to be validated
+ * @param x509Options Options for the verification process
+ * @param appFetch (optional) fetch api implementation
+ * @param renewOnFail Whether to attempt to renew the trust chain if the initial validation fails
+ * @returns The result of the chain validation
+ * @throws {FederationError} If the chain is not valid
+ */
+async function verifyTrustChain(trustAnchorEntity, chain) {
+  let x509Options = arguments.length > 2 && arguments[2] !== undefined ? arguments[2] : {
+    connectTimeout: 10000,
+    readTimeout: 10000,
+    requireCrl: true
+  };
+  let {
+    appFetch = fetch,
+    renewOnFail = true
+  } = arguments.length > 3 && arguments[3] !== undefined ? arguments[3] : {};
+  try {
+    return (0, _chain.validateTrustChain)(trustAnchorEntity, chain, x509Options);
+  } catch (error) {
+    if (renewOnFail) {
+      const renewedChain = await (0, _chain.renewTrustChain)(chain, appFetch);
+      return (0, _chain.validateTrustChain)(trustAnchorEntity, renewedChain, x509Options);
+    } else {
+      throw error;
+    }
+  }
+}
+
+/**
+ * Fetch the signed entity configuration token for an entity
+ *
+ * @param entityBaseUrl The url of the entity to fetch
+ * @param appFetch (optional) fetch api implementation
+ * @returns The signed Entity Configuration token
+ */
+async function getSignedEntityConfiguration(entityBaseUrl) {
+  let {
+    appFetch = fetch
+  } = arguments.length > 1 && arguments[1] !== undefined ? arguments[1] : {};
+  const wellKnownUrl = `${entityBaseUrl}/.well-known/openid-federation`;
+  return await appFetch(wellKnownUrl, {
+    method: "GET"
+  }).then((0, _misc.hasStatusOrThrow)(200)).then(res => res.text());
+}
+
+/**
+ * Fetch and parse the entity configuration document for a given federation entity.
+ * This is an inner method to serve public interfaces.
+ *
+ * To add another entity configuration type (example: Foo entity type):
+ *  - create its zod schema and type by inherit from the base type (example: FooEntityConfiguration = BaseEntityConfiguration.and(...))
+ *  - add such type to EntityConfiguration union
+ *  - add an overload to this function
+ *  - create a public function which use such type (example: getFooEntityConfiguration = (url, options) => Promise<FooEntityConfiguration>)
+ *
+ * @param entityBaseUrl The base url of the entity.
+ * @param schema The expected schema of the entity configuration, according to the kind of entity we are fetching from.
+ * @param options An optional object with additional options.
+ * @param options.appFetch An optional instance of the http client to be used.
+ * @returns The parsed entity configuration object
+ * @throws {IoWalletError} If the http request fails
+ * @throws Parse error if the document is not in the expected shape.
+ */
+
+async function fetchAndParseEntityConfiguration(entityBaseUrl, schema) {
+  let {
+    appFetch = fetch
+  } = arguments.length > 2 && arguments[2] !== undefined ? arguments[2] : {};
+  const responseText = await getSignedEntityConfiguration(entityBaseUrl, {
+    appFetch
+  });
+  const responseJwt = (0, _ioReactNativeJwt.decode)(responseText);
+  return schema.parse({
+    header: responseJwt.protectedHeader,
+    payload: responseJwt.payload
+  });
+}
+const getWalletProviderEntityConfiguration = (entityBaseUrl, options) => fetchAndParseEntityConfiguration(entityBaseUrl, _types.WalletProviderEntityConfiguration, options);
+exports.getWalletProviderEntityConfiguration = getWalletProviderEntityConfiguration;
+const getCredentialIssuerEntityConfiguration = (entityBaseUrl, options) => fetchAndParseEntityConfiguration(entityBaseUrl, _types.CredentialIssuerEntityConfiguration, options);
+exports.getCredentialIssuerEntityConfiguration = getCredentialIssuerEntityConfiguration;
+const getTrustAnchorEntityConfiguration = (entityBaseUrl, options) => fetchAndParseEntityConfiguration(entityBaseUrl, _types.TrustAnchorEntityConfiguration, options);
+exports.getTrustAnchorEntityConfiguration = getTrustAnchorEntityConfiguration;
+const getRelyingPartyEntityConfiguration = (entityBaseUrl, options) => fetchAndParseEntityConfiguration(entityBaseUrl, _types.RelyingPartyEntityConfiguration, options);
+exports.getRelyingPartyEntityConfiguration = getRelyingPartyEntityConfiguration;
+const getEntityConfiguration = (entityBaseUrl, options) => fetchAndParseEntityConfiguration(entityBaseUrl, _types.EntityConfiguration, options);
+
+/**
+ * Fetch and parse the entity statement document for a given federation entity.
+ *
+ * @param accreditationBodyBaseUrl The base url of the accreditation body which holds and signs the required entity statement
+ * @param subordinatedEntityBaseUrl The url that identifies the subordinate entity
+ * @param appFetch An optional instance of the http client to be used.
+ * @returns The parsed entity configuration object
+ * @throws {IoWalletError} If the http request fails
+ */
+exports.getEntityConfiguration = getEntityConfiguration;
+async function getEntityStatement(accreditationBodyBaseUrl, subordinatedEntityBaseUrl) {
+  let {
+    appFetch = fetch
+  } = arguments.length > 2 && arguments[2] !== undefined ? arguments[2] : {};
+  const responseText = await getSignedEntityStatement(accreditationBodyBaseUrl, subordinatedEntityBaseUrl, {
+    appFetch
+  });
+  const responseJwt = (0, _ioReactNativeJwt.decode)(responseText);
+  return _types.EntityStatement.parse({
+    header: responseJwt.protectedHeader,
+    payload: responseJwt.payload
+  });
+}
+
+/**
+ * Fetch the entity statement document for a given federation entity.
+ *
+ * @param federationFetchEndpoint The exact endpoint provided by the parent EC's metadata.
+ * @param subordinatedEntityBaseUrl The url that identifies the subordinate entity.
+ * @param appFetch An optional instance of the http client to be used.
+ * @returns The signed entity statement token.
+ * @throws {IoWalletError} If the http request fails.
+ */
+async function getSignedEntityStatement(federationFetchEndpoint, subordinatedEntityBaseUrl) {
+  let {
+    appFetch = fetch
+  } = arguments.length > 2 && arguments[2] !== undefined ? arguments[2] : {};
+  const url = new URL(federationFetchEndpoint);
+  url.searchParams.set("sub", subordinatedEntityBaseUrl);
+  return await appFetch(url.toString(), {
+    method: "GET"
+  }).then((0, _misc.hasStatusOrThrow)(200)).then(res => res.text());
+}
+
+/**
+ * Fetch the federation list document from a given endpoint.
+ *
+ * @param federationListEndpoint The URL of the federation list endpoint.
+ * @param appFetch An optional instance of the http client to be used.
+ * @returns The federation list as an array of strings.
+ * @throws {IoWalletError} If the HTTP request fails.
+ * @throws {FederationError} If the result is not in the expected format.
+ */
+async function getFederationList(federationListEndpoint) {
+  let {
+    appFetch = fetch
+  } = arguments.length > 1 && arguments[1] !== undefined ? arguments[1] : {};
+  return await appFetch(federationListEndpoint, {
+    method: "GET"
+  }).then((0, _misc.hasStatusOrThrow)(200)).then(res => res.json()).then(json => {
+    const result = _types.FederationListResponse.safeParse(json);
+    if (!result.success) {
+      throw new _errors.FederationListParseError(`Invalid federation list format received from ${federationListEndpoint}. Error: ${result.error.message}`, {
+        url: federationListEndpoint,
+        parseError: result.error.toString()
+      });
+    }
+    return result.data;
+  });
+}
+
+/**
+ * Build a not-verified trust chain for a given Relying Party (RP) entity.
+ *
+ * @param relyingPartyEntityBaseUrl The base URL of the RP entity
+ * @param trustAnchorKey The public key of the Trust Anchor (TA) entity
+ * @param appFetch An optional instance of the http client to be used.
+ * @returns A list of signed tokens that represent the trust chain, in the order of the chain (from the RP to the Trust Anchor)
+ * @throws {FederationError} When an element of the chain fails to parse or other build steps fail.
+ */
+async function buildTrustChain(relyingPartyEntityBaseUrl, trustAnchorKey) {
+  let appFetch = arguments.length > 2 && arguments[2] !== undefined ? arguments[2] : fetch;
+  // 1: Recursively gather the trust chain from the RP up to the Trust Anchor
+  const trustChain = await gatherTrustChain(relyingPartyEntityBaseUrl, appFetch);
+
+  // 2: Trust Anchor signature verification
+  const trustAnchorJwt = trustChain[trustChain.length - 1];
+  if (!trustAnchorJwt) {
+    throw new _errors.BuildTrustChainError("Cannot verify trust anchor: missing entity configuration in gathered chain.", {
+      relyingPartyUrl: relyingPartyEntityBaseUrl
+    });
+  }
+  if (!trustAnchorKey.kid) {
+    throw new _errors.TrustAnchorKidMissingError();
+  }
+  await (0, _utils.verify)(trustAnchorJwt, trustAnchorKey.kid, [trustAnchorKey]);
+
+  // 3: Check the federation list
+  const trustAnchorConfig = _types.EntityConfiguration.parse((0, _utils.decode)(trustAnchorJwt));
+  const federationListEndpoint = trustAnchorConfig.payload.metadata.federation_entity.federation_list_endpoint;
+  if (federationListEndpoint) {
+    const federationList = await getFederationList(federationListEndpoint, {
+      appFetch
+    });
+    if (!federationList.includes(relyingPartyEntityBaseUrl)) {
+      throw new _errors.RelyingPartyNotAuthorizedError("Relying Party entity base URL is not authorized by the Trust Anchor's federation list.", {
+        relyingPartyUrl: relyingPartyEntityBaseUrl,
+        federationListEndpoint
+      });
+    }
+  }
+  return trustChain;
+}
+
+/**
+ * Recursively gather the trust chain for an entity and all its superiors.
+ * @param entityBaseUrl The base URL of the entity for which to gather the chain.
+ * @param appFetch An optional instance of the http client to be used.
+ * @param isLeaf Whether the current entity is the leaf of the chain.
+ * @returns A full ordered list of JWTs (ECs and ESs) forming the trust chain.
+ * @throws {FederationError} If any of the fetched documents fail to parse or other errors occur during the gathering process.
+ */
+async function gatherTrustChain(entityBaseUrl, appFetch) {
+  let isLeaf = arguments.length > 2 && arguments[2] !== undefined ? arguments[2] : true;
+  const chain = [];
+
+  // Fetch self-signed EC (only needed for the leaf)
+  const entityECJwt = await getSignedEntityConfiguration(entityBaseUrl, {
+    appFetch
+  });
+  const entityEC = _types.EntityConfiguration.parse((0, _utils.decode)(entityECJwt));
+  if (isLeaf) {
+    // Only push EC for the leaf
+    chain.push(entityECJwt);
+  }
+
+  // Find authority_hints (parent, if any)
+  const authorityHints = entityEC.payload.authority_hints ?? [];
+  if (authorityHints.length === 0) {
+    // This is the Trust Anchor (no parent)
+    if (!isLeaf) {
+      chain.push(entityECJwt);
+    }
+    return chain;
+  }
+  const parentEntityBaseUrl = authorityHints[0];
+
+  // Fetch parent EC
+  const parentECJwt = await getSignedEntityConfiguration(parentEntityBaseUrl, {
+    appFetch
+  });
+  const parentEC = _types.EntityConfiguration.parse((0, _utils.decode)(parentECJwt));
+
+  // Fetch ES
+  const federationFetchEndpoint = parentEC.payload.metadata.federation_entity.federation_fetch_endpoint;
+  if (!federationFetchEndpoint) {
+    throw new _errors.MissingFederationFetchEndpointError(`Missing federation_fetch_endpoint in parent's (${parentEntityBaseUrl}) configuration when gathering chain for ${entityBaseUrl}.`, {
+      entityBaseUrl,
+      missingInEntityUrl: parentEntityBaseUrl
+    });
+  }
+  const entityStatementJwt = await getSignedEntityStatement(federationFetchEndpoint, entityBaseUrl, {
+    appFetch
+  });
+  // Validate the ES
+  _types.EntityStatement.parse((0, _utils.decode)(entityStatementJwt));
+
+  // Push this ES into the chain
+  chain.push(entityStatementJwt);
+
+  // Recurse into the parent
+  const parentChain = await gatherTrustChain(parentEntityBaseUrl, appFetch, false);
+  return chain.concat(parentChain);
+}
+//# sourceMappingURL=index.js.map

package/lib/commonjs/trust/index.js.map

@@ -0,0 +1 @@
+{"version":3,"names":["_utils","require","_ioReactNativeJwt","_types","_chain","_misc","_errors","verifyTrustChain","trustAnchorEntity","chain","x509Options","arguments","length","undefined","connectTimeout","readTimeout","requireCrl","appFetch","fetch","renewOnFail","validateTrustChain","error","renewedChain","renewTrustChain","getSignedEntityConfiguration","entityBaseUrl","wellKnownUrl","method","then","hasStatusOrThrow","res","text","fetchAndParseEntityConfiguration","schema","responseText","responseJwt","decodeJwt","parse","header","protectedHeader","payload","getWalletProviderEntityConfiguration","options","WalletProviderEntityConfiguration","exports","getCredentialIssuerEntityConfiguration","CredentialIssuerEntityConfiguration","getTrustAnchorEntityConfiguration","TrustAnchorEntityConfiguration","getRelyingPartyEntityConfiguration","RelyingPartyEntityConfiguration","getEntityConfiguration","EntityConfiguration","getEntityStatement","accreditationBodyBaseUrl","subordinatedEntityBaseUrl","getSignedEntityStatement","EntityStatement","federationFetchEndpoint","url","URL","searchParams","set","toString","getFederationList","federationListEndpoint","json","result","FederationListResponse","safeParse","success","FederationListParseError","message","parseError","data","buildTrustChain","relyingPartyEntityBaseUrl","trustAnchorKey","trustChain","gatherTrustChain","trustAnchorJwt","BuildTrustChainError","relyingPartyUrl","kid","TrustAnchorKidMissingError","verify","trustAnchorConfig","decode","metadata","federation_entity","federation_list_endpoint","federationList","includes","RelyingPartyNotAuthorizedError","isLeaf","entityECJwt","entityEC","push","authorityHints","authority_hints","parentEntityBaseUrl","parentECJwt","parentEC","federation_fetch_endpoint","MissingFederationFetchEndpointError","missingInEntityUrl","entityStatementJwt","parentChain","concat"],"sourceRoot":"../../../src","sources":["trust/index.ts"],"mappings":";;;;;;;;;;;;;;AAAA,IAAAA,MAAA,GAAAC,OAAA;AACA,IAAAC,iBAAA,GAAAD,OAAA;AACA,IAAAE,MAAA,GAAAF,OAAA;AASA,IAAAG,MAAA,GAAAH,OAAA;AACA,IAAAI,KAAA,GAAAJ,OAAA;AAEA,IAAAK,OAAA,GAAAL,OAAA;AAkBA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACO,eAAeM,gBAAgBA,CACpCC,iBAAiD,EACjDC,KAAe,EAUiC;EAAA,IAThDC,WAAmC,GAAAC,SAAA,CAAAC,MAAA,QAAAD,SAAA,QAAAE,SAAA,GAAAF,SAAA,MAAG;IACpCG,cAAc,EAAE,KAAK;IACrBC,WAAW,EAAE,KAAK;IAClBC,UAAU,EAAE;EACd,CAAC;EAAA,IACD;IACEC,QAAQ,GAAGC,KAAK;IAChBC,WAAW,GAAG;EAC4C,CAAC,GAAAR,SAAA,CAAAC,MAAA,QAAAD,SAAA,QAAAE,SAAA,GAAAF,SAAA,MAAG,CAAC,CAAC;EAElE,IAAI;IACF,OAAO,IAAAS,yBAAkB,EAACZ,iBAAiB,EAAEC,KAAK,EAAEC,WAAW,CAAC;EAClE,CAAC,CAAC,OAAOW,KAAK,EAAE;IACd,IAAIF,WAAW,EAAE;MACf,MAAMG,YAAY,GAAG,MAAM,IAAAC,sBAAe,EAACd,KAAK,EAAEQ,QAAQ,CAAC;MAC3D,OAAO,IAAAG,yBAAkB,EAACZ,iBAAiB,EAAEc,YAAY,EAAEZ,WAAW,CAAC;IACzE,CAAC,MAAM;MACL,MAAMW,KAAK;IACb;EACF;AACF;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACO,eAAeG,4BAA4BA,CAChDC,aAAqB,EAMJ;EAAA,IALjB;IACER,QAAQ,GAAGC;EAGb,CAAC,GAAAP,SAAA,CAAAC,MAAA,QAAAD,SAAA,QAAAE,SAAA,GAAAF,SAAA,MAAG,CAAC,CAAC;EAEN,MAAMe,YAAY,GAAI,GAAED,aAAc,gCAA+B;EAErE,OAAO,MAAMR,QAAQ,CAACS,YAAY,EAAE;IAClCC,MAAM,EAAE;EACV,CAAC,CAAC,CACCC,IAAI,CAAC,IAAAC,sBAAgB,EAAC,GAAG,CAAC,CAAC,CAC3BD,IAAI,CAAEE,GAAG,IAAKA,GAAG,CAACC,IAAI,CAAC,CAAC,CAAC;AAC9B;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAoCA,eAAeC,gCAAgCA,CAC7CP,aAAqB,EACrBQ,MAK8B,EAM9B;EAAA,IALA;IACEhB,QAAQ,GAAGC;EAGb,CAAC,GAAAP,SAAA,CAAAC,MAAA,QAAAD,SAAA,QAAAE,SAAA,GAAAF,SAAA,MAAG,CAAC,CAAC;EAEN,MAAMuB,YAAY,GAAG,MAAMV,4BAA4B,CAACC,aAAa,EAAE;IACrER;EACF,CAAC,CAAC;EAEF,MAAMkB,WAAW,GAAG,IAAAC,wBAAS,EAACF,YAAY,CAAC;EAC3C,OAAOD,MAAM,CAACI,KAAK,CAAC;IAClBC,MAAM,EAAEH,WAAW,CAACI,eAAe;IACnCC,OAAO,EAAEL,WAAW,CAACK;EACvB,CAAC,CAAC;AACJ;AAEO,MAAMC,oCAAoC,GAAGA,CAClDhB,aAAqE,EACrEiB,OAAgE,KAEhEV,gCAAgC,CAC9BP,aAAa,EACbkB,wCAAiC,EACjCD,OACF,CAAC;AAACE,OAAA,CAAAH,oCAAA,GAAAA,oCAAA;AAEG,MAAMI,sCAAsC,GAAGA,CACpDpB,aAAqE,EACrEiB,OAAgE,KAEhEV,gCAAgC,CAC9BP,aAAa,EACbqB,0CAAmC,EACnCJ,OACF,CAAC;AAACE,OAAA,CAAAC,sCAAA,GAAAA,sCAAA;AAEG,MAAME,iCAAiC,GAAGA,CAC/CtB,aAAqE,EACrEiB,OAAgE,KAEhEV,gCAAgC,CAC9BP,aAAa,EACbuB,qCAA8B,EAC9BN,OACF,CAAC;AAACE,OAAA,CAAAG,iCAAA,GAAAA,iCAAA;AAEG,MAAME,kCAAkC,GAAGA,CAChDxB,aAAqE,EACrEiB,OAAgE,KAEhEV,gCAAgC,CAC9BP,aAAa,EACbyB,sCAA+B,EAC/BR,OACF,CAAC;AAACE,OAAA,CAAAK,kCAAA,GAAAA,kCAAA;AAEG,MAAME,sBAAsB,GAAGA,CACpC1B,aAAqE,EACrEiB,OAAgE,KAEhEV,gCAAgC,CAACP,aAAa,EAAE2B,0BAAmB,EAAEV,OAAO,CAAC;;AAE/E;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AARAE,OAAA,CAAAO,sBAAA,GAAAA,sBAAA;AASO,eAAeE,kBAAkBA,CACtCC,wBAAgC,EAChCC,yBAAiC,EAMjC;EAAA,IALA;IACEtC,QAAQ,GAAGC;EAGb,CAAC,GAAAP,SAAA,CAAAC,MAAA,QAAAD,SAAA,QAAAE,SAAA,GAAAF,SAAA,MAAG,CAAC,CAAC;EAEN,MAAMuB,YAAY,GAAG,MAAMsB,wBAAwB,CACjDF,wBAAwB,EACxBC,yBAAyB,EACzB;IACEtC;EACF,CACF,CAAC;EAED,MAAMkB,WAAW,GAAG,IAAAC,wBAAS,EAACF,YAAY,CAAC;EAC3C,OAAOuB,sBAAe,CAACpB,KAAK,CAAC;IAC3BC,MAAM,EAAEH,WAAW,CAACI,eAAe;IACnCC,OAAO,EAAEL,WAAW,CAACK;EACvB,CAAC,CAAC;AACJ;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACO,eAAegB,wBAAwBA,CAC5CE,uBAA+B,EAC/BH,yBAAiC,EAMjC;EAAA,IALA;IACEtC,QAAQ,GAAGC;EAGb,CAAC,GAAAP,SAAA,CAAAC,MAAA,QAAAD,SAAA,QAAAE,SAAA,GAAAF,SAAA,MAAG,CAAC,CAAC;EAEN,MAAMgD,GAAG,GAAG,IAAIC,GAAG,CAACF,uBAAuB,CAAC;EAC5CC,GAAG,CAACE,YAAY,CAACC,GAAG,CAAC,KAAK,EAAEP,yBAAyB,CAAC;EAEtD,OAAO,MAAMtC,QAAQ,CAAC0C,GAAG,CAACI,QAAQ,CAAC,CAAC,EAAE;IACpCpC,MAAM,EAAE;EACV,CAAC,CAAC,CACCC,IAAI,CAAC,IAAAC,sBAAgB,EAAC,GAAG,CAAC,CAAC,CAC3BD,IAAI,CAAEE,GAAG,IAAKA,GAAG,CAACC,IAAI,CAAC,CAAC,CAAC;AAC9B;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACO,eAAeiC,iBAAiBA,CACrCC,sBAA8B,EAMX;EAAA,IALnB;IACEhD,QAAQ,GAAGC;EAGb,CAAC,GAAAP,SAAA,CAAAC,MAAA,QAAAD,SAAA,QAAAE,SAAA,GAAAF,SAAA,MAAG,CAAC,CAAC;EAEN,OAAO,MAAMM,QAAQ,CAACgD,sBAAsB,EAAE;IAC5CtC,MAAM,EAAE;EACV,CAAC,CAAC,CACCC,IAAI,CAAC,IAAAC,sBAAgB,EAAC,GAAG,CAAC,CAAC,CAC3BD,IAAI,CAAEE,GAAG,IAAKA,GAAG,CAACoC,IAAI,CAAC,CAAC,CAAC,CACzBtC,IAAI,CAAEsC,IAAI,IAAK;IACd,MAAMC,MAAM,GAAGC,6BAAsB,CAACC,SAAS,CAACH,IAAI,CAAC;IACrD,IAAI,CAACC,MAAM,CAACG,OAAO,EAAE;MACnB,MAAM,IAAIC,gCAAwB,CAC/B,gDAA+CN,sBAAuB,YAAWE,MAAM,CAAC9C,KAAK,CAACmD,OAAQ,EAAC,EACxG;QAAEb,GAAG,EAAEM,sBAAsB;QAAEQ,UAAU,EAAEN,MAAM,CAAC9C,KAAK,CAAC0C,QAAQ,CAAC;MAAE,CACrE,CAAC;IACH;IACA,OAAOI,MAAM,CAACO,IAAI;EACpB,CAAC,CAAC;AACN;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACO,eAAeC,eAAeA,CACnCC,yBAAiC,EACjCC,cAAmB,EAEA;EAAA,IADnB5D,QAA8B,GAAAN,SAAA,CAAAC,MAAA,QAAAD,SAAA,QAAAE,SAAA,GAAAF,SAAA,MAAGO,KAAK;EAEtC;EACA,MAAM4D,UAAU,GAAG,MAAMC,gBAAgB,CACvCH,yBAAyB,EACzB3D,QACF,CAAC;;EAED;EACA,MAAM+D,cAAc,GAAGF,UAAU,CAACA,UAAU,CAAClE,MAAM,GAAG,CAAC,CAAC;EACxD,IAAI,CAACoE,cAAc,EAAE;IACnB,MAAM,IAAIC,4BAAoB,CAC5B,6EAA6E,EAC7E;MAAEC,eAAe,EAAEN;IAA0B,CAC/C,CAAC;EACH;EAEA,IAAI,CAACC,cAAc,CAACM,GAAG,EAAE;IACvB,MAAM,IAAIC,kCAA0B,CAAC,CAAC;EACxC;EAEA,MAAM,IAAAC,aAAM,EAACL,cAAc,EAAEH,cAAc,CAACM,GAAG,EAAE,CAACN,cAAc,CAAC,CAAC;;EAElE;EACA,MAAMS,iBAAiB,GAAGlC,0BAAmB,CAACf,KAAK,CAAC,IAAAkD,aAAM,EAACP,cAAc,CAAC,CAAC;EAC3E,MAAMf,sBAAsB,GAC1BqB,iBAAiB,CAAC9C,OAAO,CAACgD,QAAQ,CAACC,iBAAiB,CACjDC,wBAAwB;EAE7B,IAAIzB,sBAAsB,EAAE;IAC1B,MAAM0B,cAAc,GAAG,MAAM3B,iBAAiB,CAACC,sBAAsB,EAAE;MACrEhD;IACF,CAAC,CAAC;IAEF,IAAI,CAAC0E,cAAc,CAACC,QAAQ,CAAChB,yBAAyB,CAAC,EAAE;MACvD,MAAM,IAAIiB,sCAA8B,CACtC,wFAAwF,EACxF;QAAEX,eAAe,EAAEN,yBAAyB;QAAEX;MAAuB,CACvE,CAAC;IACH;EACF;EAEA,OAAOa,UAAU;AACnB;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,eAAeC,gBAAgBA,CAC7BtD,aAAqB,EACrBR,QAA8B,EAEX;EAAA,IADnB6E,MAAe,GAAAnF,SAAA,CAAAC,MAAA,QAAAD,SAAA,QAAAE,SAAA,GAAAF,SAAA,MAAG,IAAI;EAEtB,MAAMF,KAAe,GAAG,EAAE;;EAE1B;EACA,MAAMsF,WAAW,GAAG,MAAMvE,4BAA4B,CAACC,aAAa,EAAE;IACpER;EACF,CAAC,CAAC;EACF,MAAM+E,QAAQ,GAAG5C,0BAAmB,CAACf,KAAK,CAAC,IAAAkD,aAAM,EAACQ,WAAW,CAAC,CAAC;EAE/D,IAAID,MAAM,EAAE;IACV;IACArF,KAAK,CAACwF,IAAI,CAACF,WAAW,CAAC;EACzB;;EAEA;EACA,MAAMG,cAAc,GAAGF,QAAQ,CAACxD,OAAO,CAAC2D,eAAe,IAAI,EAAE;EAC7D,IAAID,cAAc,CAACtF,MAAM,KAAK,CAAC,EAAE;IAC/B;IACA,IAAI,CAACkF,MAAM,EAAE;MACXrF,KAAK,CAACwF,IAAI,CAACF,WAAW,CAAC;IACzB;IACA,OAAOtF,KAAK;EACd;EAEA,MAAM2F,mBAAmB,GAAGF,cAAc,CAAC,CAAC,CAAE;;EAE9C;EACA,MAAMG,WAAW,GAAG,MAAM7E,4BAA4B,CAAC4E,mBAAmB,EAAE;IAC1EnF;EACF,CAAC,CAAC;EACF,MAAMqF,QAAQ,GAAGlD,0BAAmB,CAACf,KAAK,CAAC,IAAAkD,aAAM,EAACc,WAAW,CAAC,CAAC;;EAE/D;EACA,MAAM3C,uBAAuB,GAC3B4C,QAAQ,CAAC9D,OAAO,CAACgD,QAAQ,CAACC,iBAAiB,CAACc,yBAAyB;EACvE,IAAI,CAAC7C,uBAAuB,EAAE;IAC5B,MAAM,IAAI8C,2CAAmC,CAC1C,kDAAiDJ,mBAAoB,4CAA2C3E,aAAc,GAAE,EACjI;MAAEA,aAAa;MAAEgF,kBAAkB,EAAEL;IAAoB,CAC3D,CAAC;EACH;EAEA,MAAMM,kBAAkB,GAAG,MAAMlD,wBAAwB,CACvDE,uBAAuB,EACvBjC,aAAa,EACb;IAAER;EAAS,CACb,CAAC;EACD;EACAwC,sBAAe,CAACpB,KAAK,CAAC,IAAAkD,aAAM,EAACmB,kBAAkB,CAAC,CAAC;;EAEjD;EACAjG,KAAK,CAACwF,IAAI,CAACS,kBAAkB,CAAC;;EAE9B;EACA,MAAMC,WAAW,GAAG,MAAM5B,gBAAgB,CACxCqB,mBAAmB,EACnBnF,QAAQ,EACR,KACF,CAAC;EAED,OAAOR,KAAK,CAACmG,MAAM,CAACD,WAAW,CAAC;AAClC"}

package/lib/commonjs/{entity/trust → trust}/types.js

@@ -3,11 +3,11 @@
 Object.defineProperty(exports, "__esModule", {
   value: true
 });
-exports.WalletProviderEntityConfiguration = exports.TrustMark = exports.TrustAnchorEntityConfiguration = exports.RelyingPartyEntityConfiguration = exports.EntityStatement = exports.EntityConfigurationHeader = exports.EntityConfiguration = exports.CredentialIssuerEntityConfiguration = void 0;
-var _types = require("../../sd-jwt/types");
-var _jwk = require("../../utils/jwk");
+exports.WalletProviderEntityConfiguration = exports.TrustMark = exports.TrustAnchorEntityConfiguration = exports.RelyingPartyEntityConfiguration = exports.FederationListResponse = exports.EntityStatement = exports.EntityConfigurationHeader = exports.EntityConfiguration = exports.CredentialIssuerEntityConfiguration = void 0;
+var _types = require("../sd-jwt/types");
+var _jwk = require("../utils/jwk");
 var z = _interopRequireWildcard(require("zod"));
-var _types2 = require("../../credential/presentation/types");
+var _types2 = require("../credential/presentation/types");
 function _getRequireWildcardCache(nodeInterop) { if (typeof WeakMap !== "function") return null; var cacheBabelInterop = new WeakMap(); var cacheNodeInterop = new WeakMap(); return (_getRequireWildcardCache = function (nodeInterop) { return nodeInterop ? cacheNodeInterop : cacheBabelInterop; })(nodeInterop); }
 function _interopRequireWildcard(obj, nodeInterop) { if (!nodeInterop && obj && obj.__esModule) { return obj; } if (obj === null || typeof obj !== "object" && typeof obj !== "function") { return { default: obj }; } var cache = _getRequireWildcardCache(nodeInterop); if (cache && cache.has(obj)) { return cache.get(obj); } var newObj = {}; var hasPropertyDescriptor = Object.defineProperty && Object.getOwnPropertyDescriptor; for (var key in obj) { if (key !== "default" && Object.prototype.hasOwnProperty.call(obj, key)) { var desc = hasPropertyDescriptor ? Object.getOwnPropertyDescriptor(obj, key) : null; if (desc && (desc.get || desc.set)) { Object.defineProperty(newObj, key, desc); } else { newObj[key] = obj[key]; } } } newObj.default = obj; if (cache) { cache.set(obj, newObj); } return newObj; }
 const TrustMark = z.object({
@@ -24,36 +24,25 @@ const RelyingPartyMetadata = z.object({
   }),
   contacts: z.array(z.string()).optional(),
   presentation_definition: _types2.PresentationDefinition.optional(),
-  presentation_definition_uri: z.string().optional()
+  request_uris: z.array(z.string()).optional(),
+  authorization_signed_response_alg: z.string().optional(),
+  authorization_encrypted_response_alg: z.string().optional(),
+  authorization_encrypted_response_enc: z.string().optional()
 });
-//.passthrough();
 
 // Display metadata for a credential, used by the issuer to
 // instruct the Wallet Solution on how to render the credential correctly
 const CredentialDisplayMetadata = z.object({
   name: z.string(),
-  locale: z.string(),
-  logo: z.object({
-    url: z.string(),
-    alt_text: z.string()
-  }).optional(),
-  // TODO [SIW-1268]: should not be optional
-  background_color: z.string().optional(),
-  // TODO [SIW-1268]: should not be optional
-  text_color: z.string().optional() // TODO [SIW-1268]: should not be optional
+  locale: z.string()
 });
 
 // Metadata for displaying issuer information
 
 const CredentialIssuerDisplayMetadata = z.object({
   name: z.string(),
-  locale: z.string(),
-  logo: z.object({
-    url: z.string(),
-    alt_text: z.string()
-  }).optional() // TODO [SIW-1268]: should not be optional
+  locale: z.string()
 });
-
 const ClaimsMetadata = z.record(z.object({
   value_type: z.string(),
   display: z.array(z.object({
@@ -69,14 +58,13 @@ const IssuanceErrorSupported = z.object({
   }))
 });
 
-// Metadata for a credentia which is supported by a Issuer
+// Metadata for a credential which is supported by an Issuer
 
 const SupportedCredentialMetadata = z.object({
-  format: z.union([z.literal("vc+sd-jwt"), z.literal("mso_mdoc")]),
+  format: z.union([z.literal("vc+sd-jwt"), z.literal("vc+mdoc-cbor")]),
   scope: z.string(),
   display: z.array(CredentialDisplayMetadata),
-  claims: ClaimsMetadata.optional(),
-  // TODO [SIW-1268]: should not be optional
+  claims: ClaimsMetadata,
   cryptographic_binding_methods_supported: z.array(z.string()),
   credential_signing_alg_values_supported: z.array(z.string()),
   authentic_source: z.string().optional(),
@@ -94,7 +82,7 @@ const EntityStatement = z.object({
     jwks: z.object({
       keys: z.array(_jwk.JWK)
     }),
-    trust_marks: z.array(TrustMark),
+    trust_marks: z.array(TrustMark).optional(),
     iat: z.number(),
     exp: z.number()
   })
@@ -107,7 +95,7 @@ const EntityConfigurationHeader = z.object({
 });
 
 /**
- * @see https://openid.net/specs/openid-connect-federation-1_0-29.html#name-federation-entity
+ * @see https://openid.net/specs/openid-federation-1_0-41.html
  */
 exports.EntityConfigurationHeader = EntityConfigurationHeader;
 const FederationEntityMetadata = z.object({
@@ -116,6 +104,9 @@ const FederationEntityMetadata = z.object({
   federation_resolve_endpoint: z.string().optional(),
   federation_trust_mark_status_endpoint: z.string().optional(),
   federation_trust_mark_list_endpoint: z.string().optional(),
+  federation_trust_mark_endpoint: z.string().optional(),
+  federation_historical_keys_endpoint: z.string().optional(),
+  endpoint_auth_signing_alg_values_supported: z.string().optional(),
   organization_name: z.string().optional(),
   homepage_uri: z.string().optional(),
   policy_uri: z.string().optional(),
@@ -123,7 +114,7 @@ const FederationEntityMetadata = z.object({
   contacts: z.array(z.string()).optional()
 }).passthrough();
 
-// Structuire common to every Entity Configuration document
+// Structure common to every Entity Configuration document
 const BaseEntityConfiguration = z.object({
   header: EntityConfigurationHeader,
   payload: z.object({
@@ -167,15 +158,9 @@ const CredentialIssuerEntityConfiguration = BaseEntityConfiguration.and(z.object
       oauth_authorization_server: z.object({
         authorization_endpoint: z.string(),
         pushed_authorization_request_endpoint: z.string(),
-        dpop_signing_alg_values_supported: z.array(z.string()).optional(),
-        // TODO [SIW-1268]: should not be optional
         token_endpoint: z.string(),
-        introspection_endpoint: z.string().optional(),
-        // TODO [SIW-1268]: should not be optional
         client_registration_types_supported: z.array(z.string()),
         code_challenge_methods_supported: z.array(z.string()),
-        authorization_details_types_supported: z.array(z.string()).optional(),
-        // TODO [SIW-1268]: should not be optional,
         acr_values_supported: z.array(z.string()),
         grant_types_supported: z.array(z.string()),
         issuer: z.string(),
@@ -183,23 +168,16 @@ const CredentialIssuerEntityConfiguration = BaseEntityConfiguration.and(z.object
           keys: z.array(_jwk.JWK)
         }),
         scopes_supported: z.array(z.string()),
-        request_parameter_supported: z.boolean().optional(),
-        // TODO [SIW-1268]: should not be optional
-        request_uri_parameter_supported: z.boolean().optional(),
-        // TODO [SIW-1268]: should not be optional
-        response_types_supported: z.array(z.string()).optional(),
-        // TODO [SIW-1268]: should not be optional
         response_modes_supported: z.array(z.string()),
-        subject_types_supported: z.array(z.string()).optional(),
-        // TODO [SIW-1268]: should not be optional
         token_endpoint_auth_methods_supported: z.array(z.string()),
         token_endpoint_auth_signing_alg_values_supported: z.array(z.string()),
         request_object_signing_alg_values_supported: z.array(z.string())
       }),
-      /** Credential Issuers act as Relying Party
-          when they require the presentation of other credentials.
-          This does not apply for PID issuance, which requires CIE authz. */
-      wallet_relying_party: RelyingPartyMetadata.optional()
+      /**
+       * Credential Issuers act as Relying Party when they require the presentation of other credentials.
+       * This does not apply for PID issuance, which requires CIE authz.
+       */
+      openid_credential_verifier: RelyingPartyMetadata.optional()
     })
   })
 }));
@@ -209,7 +187,7 @@ exports.CredentialIssuerEntityConfiguration = CredentialIssuerEntityConfiguratio
 const RelyingPartyEntityConfiguration = BaseEntityConfiguration.and(z.object({
   payload: z.object({
     metadata: z.object({
-      wallet_relying_party: RelyingPartyMetadata
+      openid_credential_verifier: RelyingPartyMetadata
     })
   })
 }));
@@ -239,4 +217,6 @@ const EntityConfiguration = z.union([WalletProviderEntityConfiguration, Credenti
   description: "Any kind of Entity Configuration allowed in the ecosystem"
 });
 exports.EntityConfiguration = EntityConfiguration;
+const FederationListResponse = z.array(z.string());
+exports.FederationListResponse = FederationListResponse;
 //# sourceMappingURL=types.js.map

package/lib/commonjs/trust/types.js.map

@@ -0,0 +1 @@
+{"version":3,"names":["_types","require","_jwk","z","_interopRequireWildcard","_types2","_getRequireWildcardCache","nodeInterop","WeakMap","cacheBabelInterop","cacheNodeInterop","obj","__esModule","default","cache","has","get","newObj","hasPropertyDescriptor","Object","defineProperty","getOwnPropertyDescriptor","key","prototype","hasOwnProperty","call","desc","set","TrustMark","object","id","string","trust_mark","exports","RelyingPartyMetadata","application_type","optional","client_id","client_name","jwks","keys","array","JWK","contacts","presentation_definition","PresentationDefinition","request_uris","authorization_signed_response_alg","authorization_encrypted_response_alg","authorization_encrypted_response_enc","CredentialDisplayMetadata","name","locale","CredentialIssuerDisplayMetadata","ClaimsMetadata","record","value_type","display","IssuanceErrorSupported","title","description","SupportedCredentialMetadata","format","union","literal","scope","claims","cryptographic_binding_methods_supported","credential_signing_alg_values_supported","authentic_source","issuance_errors_supported","EntityStatement","header","typ","alg","kid","payload","iss","sub","trust_marks","iat","number","exp","EntityConfigurationHeader","FederationEntityMetadata","federation_fetch_endpoint","federation_list_endpoint","federation_resolve_endpoint","federation_trust_mark_status_endpoint","federation_trust_mark_list_endpoint","federation_trust_mark_endpoint","federation_historical_keys_endpoint","endpoint_auth_signing_alg_values_supported","organization_name","homepage_uri","policy_uri","logo_uri","passthrough","BaseEntityConfiguration","UnixTime","authority_hints","metadata","federation_entity","TrustAnchorEntityConfiguration","CredentialIssuerEntityConfiguration","and","openid_credential_issuer","credential_issuer","credential_endpoint","revocation_endpoint","status_attestation_endpoint","credential_configurations_supported","oauth_authorization_server","authorization_endpoint","pushed_authorization_request_endpoint","token_endpoint","client_registration_types_supported","code_challenge_methods_supported","acr_values_supported","grant_types_supported","issuer","scopes_supported","response_modes_supported","token_endpoint_auth_methods_supported","token_endpoint_auth_signing_alg_values_supported","request_object_signing_alg_values_supported","openid_credential_verifier","RelyingPartyEntityConfiguration","WalletProviderEntityConfiguration","wallet_provider","aal_values_supported","EntityConfiguration","FederationListResponse"],"sourceRoot":"../../../src","sources":["trust/types.ts"],"mappings":";;;;;;AAAA,IAAAA,MAAA,GAAAC,OAAA;AACA,IAAAC,IAAA,GAAAD,OAAA;AACA,IAAAE,CAAA,GAAAC,uBAAA,CAAAH,OAAA;AACA,IAAAI,OAAA,GAAAJ,OAAA;AAA0E,SAAAK,yBAAAC,WAAA,eAAAC,OAAA,kCAAAC,iBAAA,OAAAD,OAAA,QAAAE,gBAAA,OAAAF,OAAA,YAAAF,wBAAA,YAAAA,CAAAC,WAAA,WAAAA,WAAA,GAAAG,gBAAA,GAAAD,iBAAA,KAAAF,WAAA;AAAA,SAAAH,wBAAAO,GAAA,EAAAJ,WAAA,SAAAA,WAAA,IAAAI,GAAA,IAAAA,GAAA,CAAAC,UAAA,WAAAD,GAAA,QAAAA,GAAA,oBAAAA,GAAA,wBAAAA,GAAA,4BAAAE,OAAA,EAAAF,GAAA,UAAAG,KAAA,GAAAR,wBAAA,CAAAC,WAAA,OAAAO,KAAA,IAAAA,KAAA,CAAAC,GAAA,CAAAJ,GAAA,YAAAG,KAAA,CAAAE,GAAA,CAAAL,GAAA,SAAAM,MAAA,WAAAC,qBAAA,GAAAC,MAAA,CAAAC,cAAA,IAAAD,MAAA,CAAAE,wBAAA,WAAAC,GAAA,IAAAX,GAAA,QAAAW,GAAA,kBAAAH,MAAA,CAAAI,SAAA,CAAAC,cAAA,CAAAC,IAAA,CAAAd,GAAA,EAAAW,GAAA,SAAAI,IAAA,GAAAR,qBAAA,GAAAC,MAAA,CAAAE,wBAAA,CAAAV,GAAA,EAAAW,GAAA,cAAAI,IAAA,KAAAA,IAAA,CAAAV,GAAA,IAAAU,IAAA,CAAAC,GAAA,KAAAR,MAAA,CAAAC,cAAA,CAAAH,MAAA,EAAAK,GAAA,EAAAI,IAAA,YAAAT,MAAA,CAAAK,GAAA,IAAAX,GAAA,CAAAW,GAAA,SAAAL,MAAA,CAAAJ,OAAA,GAAAF,GAAA,MAAAG,KAAA,IAAAA,KAAA,CAAAa,GAAA,CAAAhB,GAAA,EAAAM,MAAA,YAAAA,MAAA;AAEnE,MAAMW,SAAS,GAAGzB,CAAC,CAAC0B,MAAM,CAAC;EAAEC,EAAE,EAAE3B,CAAC,CAAC4B,MAAM,CAAC,CAAC;EAAEC,UAAU,EAAE7B,CAAC,CAAC4B,MAAM,CAAC;AAAE,CAAC,CAAC;AAACE,OAAA,CAAAL,SAAA,GAAAA,SAAA;AAG9E,MAAMM,oBAAoB,GAAG/B,CAAC,CAAC0B,MAAM,CAAC;EACpCM,gBAAgB,EAAEhC,CAAC,CAAC4B,MAAM,CAAC,CAAC,CAACK,QAAQ,CAAC,CAAC;EACvCC,SAAS,EAAElC,CAAC,CAAC4B,MAAM,CAAC,CAAC,CAACK,QAAQ,CAAC,CAAC;EAChCE,WAAW,EAAEnC,CAAC,CAAC4B,MAAM,CAAC,CAAC,CAACK,QAAQ,CAAC,CAAC;EAClCG,IAAI,EAAEpC,CAAC,CAAC0B,MAAM,CAAC;IAAEW,IAAI,EAAErC,CAAC,CAACsC,KAAK,CAACC,QAAG;EAAE,CAAC,CAAC;EACtCC,QAAQ,EAAExC,CAAC,CAACsC,KAAK,CAACtC,CAAC,CAAC4B,MAAM,CAAC,CAAC,CAAC,CAACK,QAAQ,CAAC,CAAC;EACxCQ,uBAAuB,EAAEC,8BAAsB,CAACT,QAAQ,CAAC,CAAC;EAC1DU,YAAY,EAAE3C,CAAC,CAACsC,KAAK,CAACtC,CAAC,CAAC4B,MAAM,CAAC,CAAC,CAAC,CAACK,QAAQ,CAAC,CAAC;EAC5CW,iCAAiC,EAAE5C,CAAC,CAAC4B,MAAM,CAAC,CAAC,CAACK,QAAQ,CAAC,CAAC;EACxDY,oCAAoC,EAAE7C,CAAC,CAAC4B,MAAM,CAAC,CAAC,CAACK,QAAQ,CAAC,CAAC;EAC3Da,oCAAoC,EAAE9C,CAAC,CAAC4B,MAAM,CAAC,CAAC,CAACK,QAAQ,CAAC;AAC5D,CAAC,CAAC;;AAEF;AACA;AAEA,MAAMc,yBAAyB,GAAG/C,CAAC,CAAC0B,MAAM,CAAC;EACzCsB,IAAI,EAAEhD,CAAC,CAAC4B,MAAM,CAAC,CAAC;EAChBqB,MAAM,EAAEjD,CAAC,CAAC4B,MAAM,CAAC;AACnB,CAAC,CAAC;;AAEF;;AAIA,MAAMsB,+BAA+B,GAAGlD,CAAC,CAAC0B,MAAM,CAAC;EAC/CsB,IAAI,EAAEhD,CAAC,CAAC4B,MAAM,CAAC,CAAC;EAChBqB,MAAM,EAAEjD,CAAC,CAAC4B,MAAM,CAAC;AACnB,CAAC,CAAC;AAGF,MAAMuB,cAAc,GAAGnD,CAAC,CAACoD,MAAM,CAC7BpD,CAAC,CAAC0B,MAAM,CAAC;EACP2B,UAAU,EAAErD,CAAC,CAAC4B,MAAM,CAAC,CAAC;EACtB0B,OAAO,EAAEtD,CAAC,CAACsC,KAAK,CAACtC,CAAC,CAAC0B,MAAM,CAAC;IAAEsB,IAAI,EAAEhD,CAAC,CAAC4B,MAAM,CAAC,CAAC;IAAEqB,MAAM,EAAEjD,CAAC,CAAC4B,MAAM,CAAC;EAAE,CAAC,CAAC;AACrE,CAAC,CACH,CAAC;AAGD,MAAM2B,sBAAsB,GAAGvD,CAAC,CAAC0B,MAAM,CAAC;EACtC4B,OAAO,EAAEtD,CAAC,CAACsC,KAAK,CACdtC,CAAC,CAAC0B,MAAM,CAAC;IACP8B,KAAK,EAAExD,CAAC,CAAC4B,MAAM,CAAC,CAAC;IACjB6B,WAAW,EAAEzD,CAAC,CAAC4B,MAAM,CAAC,CAAC;IACvBqB,MAAM,EAAEjD,CAAC,CAAC4B,MAAM,CAAC;EACnB,CAAC,CACH;AACF,CAAC,CAAC;;AAEF;;AAEA,MAAM8B,2BAA2B,GAAG1D,CAAC,CAAC0B,MAAM,CAAC;EAC3CiC,MAAM,EAAE3D,CAAC,CAAC4D,KAAK,CAAC,CAAC5D,CAAC,CAAC6D,OAAO,CAAC,WAAW,CAAC,EAAE7D,CAAC,CAAC6D,OAAO,CAAC,cAAc,CAAC,CAAC,CAAC;EACpEC,KAAK,EAAE9D,CAAC,CAAC4B,MAAM,CAAC,CAAC;EACjB0B,OAAO,EAAEtD,CAAC,CAACsC,KAAK,CAACS,yBAAyB,CAAC;EAC3CgB,MAAM,EAAEZ,cAAc;EACtBa,uCAAuC,EAAEhE,CAAC,CAACsC,KAAK,CAACtC,CAAC,CAAC4B,MAAM,CAAC,CAAC,CAAC;EAC5DqC,uCAAuC,EAAEjE,CAAC,CAACsC,KAAK,CAACtC,CAAC,CAAC4B,MAAM,CAAC,CAAC,CAAC;EAC5DsC,gBAAgB,EAAElE,CAAC,CAAC4B,MAAM,CAAC,CAAC,CAACK,QAAQ,CAAC,CAAC;EACvCkC,yBAAyB,EAAEnE,CAAC,CAACoD,MAAM,CAACG,sBAAsB,CAAC,CAACtB,QAAQ,CAAC;AACvE,CAAC,CAAC;AAGK,MAAMmC,eAAe,GAAGpE,CAAC,CAAC0B,MAAM,CAAC;EACtC2C,MAAM,EAAErE,CAAC,CAAC0B,MAAM,CAAC;IACf4C,GAAG,EAAEtE,CAAC,CAAC6D,OAAO,CAAC,sBAAsB,CAAC;IACtCU,GAAG,EAAEvE,CAAC,CAAC4B,MAAM,CAAC,CAAC;IACf4C,GAAG,EAAExE,CAAC,CAAC4B,MAAM,CAAC;EAChB,CAAC,CAAC;EACF6C,OAAO,EAAEzE,CAAC,CAAC0B,MAAM,CAAC;IAChBgD,GAAG,EAAE1E,CAAC,CAAC4B,MAAM,CAAC,CAAC;IACf+C,GAAG,EAAE3E,CAAC,CAAC4B,MAAM,CAAC,CAAC;IACfQ,IAAI,EAAEpC,CAAC,CAAC0B,MAAM,CAAC;MAAEW,IAAI,EAAErC,CAAC,CAACsC,KAAK,CAACC,QAAG;IAAE,CAAC,CAAC;IACtCqC,WAAW,EAAE5E,CAAC,CAACsC,KAAK,CAACb,SAAS,CAAC,CAACQ,QAAQ,CAAC,CAAC;IAC1C4C,GAAG,EAAE7E,CAAC,CAAC8E,MAAM,CAAC,CAAC;IACfC,GAAG,EAAE/E,CAAC,CAAC8E,MAAM,CAAC;EAChB,CAAC;AACH,CAAC,CAAC;AAAChD,OAAA,CAAAsC,eAAA,GAAAA,eAAA;AAKI,MAAMY,yBAAyB,GAAGhF,CAAC,CAAC0B,MAAM,CAAC;EAChD4C,GAAG,EAAEtE,CAAC,CAAC6D,OAAO,CAAC,sBAAsB,CAAC;EACtCU,GAAG,EAAEvE,CAAC,CAAC4B,MAAM,CAAC,CAAC;EACf4C,GAAG,EAAExE,CAAC,CAAC4B,MAAM,CAAC;AAChB,CAAC,CAAC;;AAEF;AACA;AACA;AAFAE,OAAA,CAAAkD,yBAAA,GAAAA,yBAAA;AAGA,MAAMC,wBAAwB,GAAGjF,CAAC,CAC/B0B,MAAM,CAAC;EACNwD,yBAAyB,EAAElF,CAAC,CAAC4B,MAAM,CAAC,CAAC,CAACK,QAAQ,CAAC,CAAC;EAChDkD,wBAAwB,EAAEnF,CAAC,CAAC4B,MAAM,CAAC,CAAC,CAACK,QAAQ,CAAC,CAAC;EAC/CmD,2BAA2B,EAAEpF,CAAC,CAAC4B,MAAM,CAAC,CAAC,CAACK,QAAQ,CAAC,CAAC;EAClDoD,qCAAqC,EAAErF,CAAC,CAAC4B,MAAM,CAAC,CAAC,CAACK,QAAQ,CAAC,CAAC;EAC5DqD,mCAAmC,EAAEtF,CAAC,CAAC4B,MAAM,CAAC,CAAC,CAACK,QAAQ,CAAC,CAAC;EAC1DsD,8BAA8B,EAAEvF,CAAC,CAAC4B,MAAM,CAAC,CAAC,CAACK,QAAQ,CAAC,CAAC;EACrDuD,mCAAmC,EAAExF,CAAC,CAAC4B,MAAM,CAAC,CAAC,CAACK,QAAQ,CAAC,CAAC;EAC1DwD,0CAA0C,EAAEzF,CAAC,CAAC4B,MAAM,CAAC,CAAC,CAACK,QAAQ,CAAC,CAAC;EACjEyD,iBAAiB,EAAE1F,CAAC,CAAC4B,MAAM,CAAC,CAAC,CAACK,QAAQ,CAAC,CAAC;EACxC0D,YAAY,EAAE3F,CAAC,CAAC4B,MAAM,CAAC,CAAC,CAACK,QAAQ,CAAC,CAAC;EACnC2D,UAAU,EAAE5F,CAAC,CAAC4B,MAAM,CAAC,CAAC,CAACK,QAAQ,CAAC,CAAC;EACjC4D,QAAQ,EAAE7F,CAAC,CAAC4B,MAAM,CAAC,CAAC,CAACK,QAAQ,CAAC,CAAC;EAC/BO,QAAQ,EAAExC,CAAC,CAACsC,KAAK,CAACtC,CAAC,CAAC4B,MAAM,CAAC,CAAC,CAAC,CAACK,QAAQ,CAAC;AACzC,CAAC,CAAC,CACD6D,WAAW,CAAC,CAAC;;AAEhB;AACA,MAAMC,uBAAuB,GAAG/F,CAAC,CAAC0B,MAAM,CAAC;EACvC2C,MAAM,EAAEW,yBAAyB;EACjCP,OAAO,EAAEzE,CAAC,CACP0B,MAAM,CAAC;IACNgD,GAAG,EAAE1E,CAAC,CAAC4B,MAAM,CAAC,CAAC;IACf+C,GAAG,EAAE3E,CAAC,CAAC4B,MAAM,CAAC,CAAC;IACfiD,GAAG,EAAEmB,eAAQ;IACbjB,GAAG,EAAEiB,eAAQ;IACbC,eAAe,EAAEjG,CAAC,CAACsC,KAAK,CAACtC,CAAC,CAAC4B,MAAM,CAAC,CAAC,CAAC,CAACK,QAAQ,CAAC,CAAC;IAC/CiE,QAAQ,EAAElG,CAAC,CACR0B,MAAM,CAAC;MACNyE,iBAAiB,EAAElB;IACrB,CAAC,CAAC,CACDa,WAAW,CAAC,CAAC;IAChB1D,IAAI,EAAEpC,CAAC,CAAC0B,MAAM,CAAC;MACbW,IAAI,EAAErC,CAAC,CAACsC,KAAK,CAACC,QAAG;IACnB,CAAC;EACH,CAAC,CAAC,CACDuD,WAAW,CAAC;AACjB,CAAC,CAAC;;AAEF;;AAIO,MAAMM,8BAA8B,GAAGL,uBAAuB;;AAErE;AAAAjE,OAAA,CAAAsE,8BAAA,GAAAA,8BAAA;AAIO,MAAMC,mCAAmC,GAAGN,uBAAuB,CAACO,GAAG,CAC5EtG,CAAC,CAAC0B,MAAM,CAAC;EACP+C,OAAO,EAAEzE,CAAC,CAAC0B,MAAM,CAAC;IAChBU,IAAI,EAAEpC,CAAC,CAAC0B,MAAM,CAAC;MAAEW,IAAI,EAAErC,CAAC,CAACsC,KAAK,CAACC,QAAG;IAAE,CAAC,CAAC;IACtC2D,QAAQ,EAAElG,CAAC,CAAC0B,MAAM,CAAC;MACjB6E,wBAAwB,EAAEvG,CAAC,CAAC0B,MAAM,CAAC;QACjC8E,iBAAiB,EAAExG,CAAC,CAAC4B,MAAM,CAAC,CAAC;QAC7B6E,mBAAmB,EAAEzG,CAAC,CAAC4B,MAAM,CAAC,CAAC;QAC/B8E,mBAAmB,EAAE1G,CAAC,CAAC4B,MAAM,CAAC,CAAC;QAC/B+E,2BAA2B,EAAE3G,CAAC,CAAC4B,MAAM,CAAC,CAAC;QACvC0B,OAAO,EAAEtD,CAAC,CAACsC,KAAK,CAACY,+BAA+B,CAAC;QACjD0D,mCAAmC,EAAE5G,CAAC,CAACoD,MAAM,CAC3CM,2BACF,CAAC;QACDtB,IAAI,EAAEpC,CAAC,CAAC0B,MAAM,CAAC;UAAEW,IAAI,EAAErC,CAAC,CAACsC,KAAK,CAACC,QAAG;QAAE,CAAC;MACvC,CAAC,CAAC;MACFsE,0BAA0B,EAAE7G,CAAC,CAAC0B,MAAM,CAAC;QACnCoF,sBAAsB,EAAE9G,CAAC,CAAC4B,MAAM,CAAC,CAAC;QAClCmF,qCAAqC,EAAE/G,CAAC,CAAC4B,MAAM,CAAC,CAAC;QACjDoF,cAAc,EAAEhH,CAAC,CAAC4B,MAAM,CAAC,CAAC;QAC1BqF,mCAAmC,EAAEjH,CAAC,CAACsC,KAAK,CAACtC,CAAC,CAAC4B,MAAM,CAAC,CAAC,CAAC;QACxDsF,gCAAgC,EAAElH,CAAC,CAACsC,KAAK,CAACtC,CAAC,CAAC4B,MAAM,CAAC,CAAC,CAAC;QACrDuF,oBAAoB,EAAEnH,CAAC,CAACsC,KAAK,CAACtC,CAAC,CAAC4B,MAAM,CAAC,CAAC,CAAC;QACzCwF,qBAAqB,EAAEpH,CAAC,CAACsC,KAAK,CAACtC,CAAC,CAAC4B,MAAM,CAAC,CAAC,CAAC;QAC1CyF,MAAM,EAAErH,CAAC,CAAC4B,MAAM,CAAC,CAAC;QAClBQ,IAAI,EAAEpC,CAAC,CAAC0B,MAAM,CAAC;UAAEW,IAAI,EAAErC,CAAC,CAACsC,KAAK,CAACC,QAAG;QAAE,CAAC,CAAC;QACtC+E,gBAAgB,EAAEtH,CAAC,CAACsC,KAAK,CAACtC,CAAC,CAAC4B,MAAM,CAAC,CAAC,CAAC;QACrC2F,wBAAwB,EAAEvH,CAAC,CAACsC,KAAK,CAACtC,CAAC,CAAC4B,MAAM,CAAC,CAAC,CAAC;QAC7C4F,qCAAqC,EAAExH,CAAC,CAACsC,KAAK,CAACtC,CAAC,CAAC4B,MAAM,CAAC,CAAC,CAAC;QAC1D6F,gDAAgD,EAAEzH,CAAC,CAACsC,KAAK,CAACtC,CAAC,CAAC4B,MAAM,CAAC,CAAC,CAAC;QACrE8F,2CAA2C,EAAE1H,CAAC,CAACsC,KAAK,CAACtC,CAAC,CAAC4B,MAAM,CAAC,CAAC;MACjE,CAAC,CAAC;MACF;AACR;AACA;AACA;MACQ+F,0BAA0B,EAAE5F,oBAAoB,CAACE,QAAQ,CAAC;IAC5D,CAAC;EACH,CAAC;AACH,CAAC,CACH,CAAC;;AAED;AAAAH,OAAA,CAAAuE,mCAAA,GAAAA,mCAAA;AAIO,MAAMuB,+BAA+B,GAAG7B,uBAAuB,CAACO,GAAG,CACxEtG,CAAC,CAAC0B,MAAM,CAAC;EACP+C,OAAO,EAAEzE,CAAC,CAAC0B,MAAM,CAAC;IAChBwE,QAAQ,EAAElG,CAAC,CAAC0B,MAAM,CAAC;MACjBiG,0BAA0B,EAAE5F;IAC9B,CAAC;EACH,CAAC;AACH,CAAC,CACH,CAAC;;AAED;AAAAD,OAAA,CAAA8F,+BAAA,GAAAA,+BAAA;AAIO,MAAMC,iCAAiC,GAAG9B,uBAAuB,CAACO,GAAG,CAC1EtG,CAAC,CAAC0B,MAAM,CAAC;EACP+C,OAAO,EAAEzE,CAAC,CAAC0B,MAAM,CAAC;IAChBwE,QAAQ,EAAElG,CAAC,CAAC0B,MAAM,CAAC;MACjBoG,eAAe,EAAE9H,CAAC,CACf0B,MAAM,CAAC;QACNsF,cAAc,EAAEhH,CAAC,CAAC4B,MAAM,CAAC,CAAC;QAC1BmG,oBAAoB,EAAE/H,CAAC,CAACsC,KAAK,CAACtC,CAAC,CAAC4B,MAAM,CAAC,CAAC,CAAC,CAACK,QAAQ,CAAC,CAAC;QACpDmF,qBAAqB,EAAEpH,CAAC,CAACsC,KAAK,CAACtC,CAAC,CAAC4B,MAAM,CAAC,CAAC,CAAC;QAC1C4F,qCAAqC,EAAExH,CAAC,CAACsC,KAAK,CAACtC,CAAC,CAAC4B,MAAM,CAAC,CAAC,CAAC;QAC1D6F,gDAAgD,EAAEzH,CAAC,CAACsC,KAAK,CACvDtC,CAAC,CAAC4B,MAAM,CAAC,CACX,CAAC;QACDQ,IAAI,EAAEpC,CAAC,CAAC0B,MAAM,CAAC;UAAEW,IAAI,EAAErC,CAAC,CAACsC,KAAK,CAACC,QAAG;QAAE,CAAC;MACvC,CAAC,CAAC,CACDuD,WAAW,CAAC;IACjB,CAAC;EACH,CAAC;AACH,CAAC,CACH,CAAC;;AAED;AAAAhE,OAAA,CAAA+F,iCAAA,GAAAA,iCAAA;AAEO,MAAMG,mBAAmB,GAAGhI,CAAC,CAAC4D,KAAK,CACxC,CACEiE,iCAAiC,EACjCxB,mCAAmC,EACnCD,8BAA8B,EAC9BwB,+BAA+B,CAChC,EACD;EACEnE,WAAW,EAAE;AACf,CACF,CAAC;AAAC3B,OAAA,CAAAkG,mBAAA,GAAAA,mBAAA;AAEK,MAAMC,sBAAsB,GAAGjI,CAAC,CAACsC,KAAK,CAACtC,CAAC,CAAC4B,MAAM,CAAC,CAAC,CAAC;AAACE,OAAA,CAAAmG,sBAAA,GAAAA,sBAAA"}