@pagopa/io-react-native-wallet 2.5.0 → 3.0.0

package/lib/commonjs/credential/presentation/05-verify-request-object.js

@@ -1,95 +0,0 @@
-"use strict";
-
-Object.defineProperty(exports, "__esModule", {
-  value: true
-});
-exports.verifyRequestObject = void 0;
-var _ioReactNativeJwt = require("@pagopa/io-react-native-jwt");
-var _errors = require("./errors");
-var _types = require("./types");
-var _retrieveRpJwks = require("./04-retrieve-rp-jwks");
-/**
- * Function to verify the Request Object's validity, from the signature to the required properties.
- * @param requestObjectEncodedJwt The Request Object in JWT format
- * @param context.clientId The client ID to verify
- * @param context.rpConf The Entity Configuration of the Relying Party
- * @param context.state Optional state
- * @returns The verified Request Object
- * @throws {InvalidRequestObjectError} if the Request Object cannot be validated
- */
-const verifyRequestObject = async (requestObjectEncodedJwt, _ref) => {
-  let {
-    clientId,
-    rpConf,
-    rpSubject,
-    state
-  } = _ref;
-  const requestObjectJwt = (0, _ioReactNativeJwt.decode)(requestObjectEncodedJwt);
-  const pubKey = getSigPublicKey(rpConf, requestObjectJwt.protectedHeader.kid);
-  try {
-    // Standard claims are verified within `verify`
-    await (0, _ioReactNativeJwt.verify)(requestObjectEncodedJwt, pubKey, {
-      issuer: clientId
-    });
-  } catch (_) {
-    throw new _errors.InvalidRequestObjectError("The Request Object signature verification failed");
-  }
-  const requestObject = validateRequestObjectShape(requestObjectJwt.payload);
-  const isClientIdMatch = clientId === requestObject.client_id && clientId === rpSubject;
-  if (!isClientIdMatch) {
-    throw new _errors.InvalidRequestObjectError("Client ID does not match Request Object or Entity Configuration");
-  }
-  const isStateMatch = state && requestObject.state ? state === requestObject.state : true;
-  if (!isStateMatch) {
-    throw new _errors.InvalidRequestObjectError("The provided state does not match the Request Object's");
-  }
-  return {
-    requestObject
-  };
-};
-
-/**
- * Validate the shape of the Request Object to ensure all required properties are present and are of the expected type.
- *
- * @param payload The Request Object to validate
- * @returns A valid Request Object
- * @throws {InvalidRequestObjectError} when the Request Object cannot be parsed
- */
-exports.verifyRequestObject = verifyRequestObject;
-const validateRequestObjectShape = payload => {
-  const requestObjectParse = _types.RequestObject.safeParse(payload);
-  if (requestObjectParse.success) {
-    return requestObjectParse.data;
-  }
-  throw new _errors.InvalidRequestObjectError("The Request Object cannot be parsed successfully", formatFlattenedZodErrors(requestObjectParse.error.flatten()));
-};
-
-/**
- * Get the public key to verify the Request Object's signature from the Relying Party's EC.
- *
- * @param rpConf The Relying Party's EC
- * @param kid The identifier of the key to find
- * @returns The corresponding public key to verify the signature
- * @throws {InvalidRequestObjectError} when the key cannot be found
- */
-const getSigPublicKey = (rpConf, kid) => {
-  try {
-    const {
-      keys
-    } = (0, _retrieveRpJwks.getJwksFromConfig)(rpConf);
-    const pubKey = keys.find(k => k.kid === kid);
-    if (!pubKey) throw new Error();
-    return pubKey;
-  } catch (_) {
-    throw new _errors.InvalidRequestObjectError(`The public key for signature verification (${kid}) cannot be found in the Entity Configuration`);
-  }
-};
-
-/**
- * Utility to format flattened Zod errors into a simplified string `key1: key1_error, key2: key2_error`
- */
-const formatFlattenedZodErrors = errors => Object.entries(errors.fieldErrors).map(_ref2 => {
-  let [key, error] = _ref2;
-  return `${key}: ${error[0]}`;
-}).join(", ");
-//# sourceMappingURL=05-verify-request-object.js.map

package/lib/commonjs/credential/presentation/05-verify-request-object.js.map

@@ -1 +0,0 @@
-{"version":3,"names":["_ioReactNativeJwt","require","_errors","_types","_retrieveRpJwks","verifyRequestObject","requestObjectEncodedJwt","_ref","clientId","rpConf","rpSubject","state","requestObjectJwt","decodeJwt","pubKey","getSigPublicKey","protectedHeader","kid","verify","issuer","_","InvalidRequestObjectError","requestObject","validateRequestObjectShape","payload","isClientIdMatch","client_id","isStateMatch","exports","requestObjectParse","RequestObject","safeParse","success","data","formatFlattenedZodErrors","error","flatten","keys","getJwksFromConfig","find","k","Error","errors","Object","entries","fieldErrors","map","_ref2","key","join"],"sourceRoot":"../../../../src","sources":["credential/presentation/05-verify-request-object.ts"],"mappings":";;;;;;AAAA,IAAAA,iBAAA,GAAAC,OAAA;AACA,IAAAC,OAAA,GAAAD,OAAA;AACA,IAAAE,MAAA,GAAAF,OAAA;AACA,IAAAG,eAAA,GAAAH,OAAA;AAaA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACO,MAAMI,mBAAwC,GAAG,MAAAA,CACtDC,uBAAuB,EAAAC,IAAA,KAEpB;EAAA,IADH;IAAEC,QAAQ;IAAEC,MAAM;IAAEC,SAAS;IAAEC;EAAM,CAAC,GAAAJ,IAAA;EAEtC,MAAMK,gBAAgB,GAAG,IAAAC,wBAAS,EAACP,uBAAuB,CAAC;EAE3D,MAAMQ,MAAM,GAAGC,eAAe,CAACN,MAAM,EAAEG,gBAAgB,CAACI,eAAe,CAACC,GAAG,CAAC;EAE5E,IAAI;IACF;IACA,MAAM,IAAAC,wBAAM,EAACZ,uBAAuB,EAAEQ,MAAM,EAAE;MAAEK,MAAM,EAAEX;IAAS,CAAC,CAAC;EACrE,CAAC,CAAC,OAAOY,CAAC,EAAE;IACV,MAAM,IAAIC,iCAAyB,CACjC,kDACF,CAAC;EACH;EAEA,MAAMC,aAAa,GAAGC,0BAA0B,CAACX,gBAAgB,CAACY,OAAO,CAAC;EAE1E,MAAMC,eAAe,GACnBjB,QAAQ,KAAKc,aAAa,CAACI,SAAS,IAAIlB,QAAQ,KAAKE,SAAS;EAEhE,IAAI,CAACe,eAAe,EAAE;IACpB,MAAM,IAAIJ,iCAAyB,CACjC,iEACF,CAAC;EACH;EAEA,MAAMM,YAAY,GAChBhB,KAAK,IAAIW,aAAa,CAACX,KAAK,GAAGA,KAAK,KAAKW,aAAa,CAACX,KAAK,GAAG,IAAI;EAErE,IAAI,CAACgB,YAAY,EAAE;IACjB,MAAM,IAAIN,iCAAyB,CACjC,wDACF,CAAC;EACH;EAEA,OAAO;IAAEC;EAAc,CAAC;AAC1B,CAAC;;AAED;AACA;AACA;AACA;AACA;AACA;AACA;AANAM,OAAA,CAAAvB,mBAAA,GAAAA,mBAAA;AAOA,MAAMkB,0BAA0B,GAAIC,OAAgB,IAAoB;EACtE,MAAMK,kBAAkB,GAAGC,oBAAa,CAACC,SAAS,CAACP,OAAO,CAAC;EAE3D,IAAIK,kBAAkB,CAACG,OAAO,EAAE;IAC9B,OAAOH,kBAAkB,CAACI,IAAI;EAChC;EAEA,MAAM,IAAIZ,iCAAyB,CACjC,kDAAkD,EAClDa,wBAAwB,CAACL,kBAAkB,CAACM,KAAK,CAACC,OAAO,CAAC,CAAC,CAC7D,CAAC;AACH,CAAC;;AAED;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,MAAMrB,eAAe,GAAGA,CACtBN,MAA8D,EAC9DQ,GAAuB,KACpB;EACH,IAAI;IACF,MAAM;MAAEoB;IAAK,CAAC,GAAG,IAAAC,iCAAiB,EAAC7B,MAAM,CAAC;IAE1C,MAAMK,MAAM,GAAGuB,IAAI,CAACE,IAAI,CAAEC,CAAC,IAAKA,CAAC,CAACvB,GAAG,KAAKA,GAAG,CAAC;IAE9C,IAAI,CAACH,MAAM,EAAE,MAAM,IAAI2B,KAAK,CAAC,CAAC;IAE9B,OAAO3B,MAAM;EACf,CAAC,CAAC,OAAOM,CAAC,EAAE;IACV,MAAM,IAAIC,iCAAyB,CAChC,8CAA6CJ,GAAI,+CACpD,CAAC;EACH;AACF,CAAC;;AAED;AACA;AACA;AACA,MAAMiB,wBAAwB,GAC5BQ,MAA+C,IAE/CC,MAAM,CAACC,OAAO,CAACF,MAAM,CAACG,WAAW,CAAC,CAC/BC,GAAG,CAACC,KAAA;EAAA,IAAC,CAACC,GAAG,EAAEb,KAAK,CAAC,GAAAY,KAAA;EAAA,OAAM,GAAEC,GAAI,KAAIb,KAAK,CAAC,CAAC,CAAE,EAAC;AAAA,EAAC,CAC5Cc,IAAI,CAAC,IAAI,CAAC"}

package/lib/commonjs/credential/presentation/06-fetch-presentation-definition.js

@@ -1,39 +0,0 @@
-"use strict";
-
-Object.defineProperty(exports, "__esModule", {
-  value: true
-});
-exports.fetchPresentDefinition = void 0;
-/**
- * Retrieves a PresentationDefinition based on the given parameters.
- *
- * The method attempts the following strategies in order:
- * 1. Checks if `presentation_definition` is directly available in the request object.
- * 2. Uses a pre-configured `presentation_definition` from the relying party configuration if the `scope` is present in the request object.
- *
- * If none of the above conditions are met, the function throws an error indicating the definition could not be found. Note that `presentation_definition_uri` is not supported in 0.9.x.
- *
- * @param {RequestObject} requestObject - The request object containing the presentation definition or references to it.
- * @param {RelyingPartyEntityConfiguration["payload"]["metadata"]} [rpConf] - Optional relying party configuration.
- * @returns {Promise<{ presentationDefinition: PresentationDefinition }>} - Resolves with the presentation definition.
- * @throws {Error} - Throws if the presentation definition cannot be found or fetched.
- */
-const fetchPresentDefinition = async (requestObject, rpConf) => {
-  var _rpConf$openid_creden;
-  // Check if `presentation_definition` is directly available in the request object
-  if (requestObject.presentation_definition) {
-    return {
-      presentationDefinition: requestObject.presentation_definition
-    };
-  }
-
-  // Check if `scope` is present in the request object and a pre-configured presentation definition exists
-  if (requestObject.scope && rpConf !== null && rpConf !== void 0 && (_rpConf$openid_creden = rpConf.openid_credential_verifier) !== null && _rpConf$openid_creden !== void 0 && _rpConf$openid_creden.presentation_definition) {
-    return {
-      presentationDefinition: rpConf.openid_credential_verifier.presentation_definition
-    };
-  }
-  throw new Error("Presentation definition not found");
-};
-exports.fetchPresentDefinition = fetchPresentDefinition;
-//# sourceMappingURL=06-fetch-presentation-definition.js.map

package/lib/commonjs/credential/presentation/06-fetch-presentation-definition.js.map

@@ -1 +0,0 @@
-{"version":3,"names":["fetchPresentDefinition","requestObject","rpConf","_rpConf$openid_creden","presentation_definition","presentationDefinition","scope","openid_credential_verifier","Error","exports"],"sourceRoot":"../../../../src","sources":["credential/presentation/06-fetch-presentation-definition.ts"],"mappings":";;;;;;AAUA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACO,MAAMA,sBAAmD,GAAG,MAAAA,CACjEC,aAAa,EACbC,MAAM,KACH;EAAA,IAAAC,qBAAA;EACH;EACA,IAAIF,aAAa,CAACG,uBAAuB,EAAE;IACzC,OAAO;MACLC,sBAAsB,EAAEJ,aAAa,CAACG;IACxC,CAAC;EACH;;EAEA;EACA,IACEH,aAAa,CAACK,KAAK,IACnBJ,MAAM,aAANA,MAAM,gBAAAC,qBAAA,GAAND,MAAM,CAAEK,0BAA0B,cAAAJ,qBAAA,eAAlCA,qBAAA,CAAoCC,uBAAuB,EAC3D;IACA,OAAO;MACLC,sBAAsB,EACpBH,MAAM,CAACK,0BAA0B,CAACH;IACtC,CAAC;EACH;EAEA,MAAM,IAAII,KAAK,CAAC,mCAAmC,CAAC;AACtD,CAAC;AAACC,OAAA,CAAAT,sBAAA,GAAAA,sBAAA"}

package/lib/commonjs/credential/presentation/07-evaluate-dcql-query.js

@@ -1,155 +0,0 @@
-"use strict";
-
-Object.defineProperty(exports, "__esModule", {
-  value: true
-});
-exports.prepareRemotePresentations = exports.evaluateDcqlQuery = void 0;
-var _dcql = require("dcql");
-var _valibot = require("valibot");
-var _sdJwt = require("../../sd-jwt");
-var _types = require("../../sd-jwt/types");
-var _errors = require("./errors");
-/**
- * The purpose for the credential request by the RP.
- */
-
-/**
- * Convert a credential in JWT format to an object with claims
- * for correct parsing by the `dcql` library.
- */
-const mapCredentialToObject = jwt => {
-  const {
-    sdJwt,
-    disclosures
-  } = (0, _sdJwt.decode)(jwt);
-  const credentialFormat = sdJwt.header.typ;
-  return {
-    vct: sdJwt.payload.vct,
-    credential_format: credentialFormat,
-    claims: disclosures.reduce((acc, disclosure) => ({
-      ...acc,
-      [disclosure.decoded[1]]: disclosure.decoded
-    }), {})
-  };
-};
-
-/**
- * Extract only successful matches from the DCQL query result.
- */
-const getDcqlQueryMatches = result => Object.entries(result.credential_matches).filter(_ref => {
-  let [, match] = _ref;
-  return match.success === true;
-});
-
-/**
- * Extract only failed matches from the DCQL query result.
- */
-const getDcqlQueryFailedMatches = result => Object.entries(result.credential_matches).filter(_ref2 => {
-  let [, match] = _ref2;
-  return match.success === false;
-});
-
-/**
- * Extract missing credentials from the DCQL query result.
- * Note: here we are assuming a failed match is a missing credential,
- * but there might be other reasons for its failure.
- */
-const extractMissingCredentials = (queryResult, originalQuery) => {
-  return getDcqlQueryFailedMatches(queryResult).map(_ref3 => {
-    var _credential$meta;
-    let [id] = _ref3;
-    const credential = originalQuery.credentials.find(c => c.id === id);
-    if ((credential === null || credential === void 0 ? void 0 : credential.format) !== "dc+sd-jwt" && (credential === null || credential === void 0 ? void 0 : credential.format) !== _types.LEGACY_SD_JWT) {
-      throw new Error("Unsupported format"); // TODO [SIW-2082]: support MDOC credentials
-    }
-
-    return {
-      id,
-      vctValues: (_credential$meta = credential.meta) === null || _credential$meta === void 0 ? void 0 : _credential$meta.vct_values
-    };
-  });
-};
-const evaluateDcqlQuery = (credentialsSdJwt, query) => {
-  const credentials = credentialsSdJwt.map(_ref4 => {
-    let [, credential] = _ref4;
-    return mapCredentialToObject(credential);
-  });
-  try {
-    // Validate the query
-    const parsedQuery = _dcql.DcqlQuery.parse(query);
-    _dcql.DcqlQuery.validate(parsedQuery);
-    const queryResult = _dcql.DcqlQuery.query(parsedQuery, credentials);
-    if (!queryResult.canBeSatisfied) {
-      throw new _errors.CredentialsNotFoundError(extractMissingCredentials(queryResult, parsedQuery));
-    }
-
-    // Build an object vct:credentialJwt to map matched credentials to their JWT
-    const credentialsSdJwtByVct = credentials.reduce((acc, c, i) => ({
-      ...acc,
-      [c.vct]: credentialsSdJwt[i]
-    }), {});
-    return getDcqlQueryMatches(queryResult).map(_ref5 => {
-      var _queryResult$credenti;
-      let [id, match] = _ref5;
-      if (match.output.credential_format !== "dc+sd-jwt" && match.output.credential_format !== _types.LEGACY_SD_JWT) {
-        throw new Error("Unsupported format"); // TODO [SIW-2082]: support MDOC credentials
-      }
-
-      const {
-        vct,
-        claims
-      } = match.output;
-      const purposes = (_queryResult$credenti = queryResult.credential_sets) === null || _queryResult$credenti === void 0 || (_queryResult$credenti = _queryResult$credenti.filter(set => {
-        var _set$matching_options;
-        return (_set$matching_options = set.matching_options) === null || _set$matching_options === void 0 ? void 0 : _set$matching_options.flat().includes(id);
-      })) === null || _queryResult$credenti === void 0 ? void 0 : _queryResult$credenti.map(credentialSet => {
-        var _credentialSet$purpos;
-        return {
-          description: (_credentialSet$purpos = credentialSet.purpose) === null || _credentialSet$purpos === void 0 ? void 0 : _credentialSet$purpos.toString(),
-          required: Boolean(credentialSet.required)
-        };
-      });
-      const [cryptoContext, credential] = credentialsSdJwtByVct[vct];
-      const requiredDisclosures = Object.values(claims);
-      return {
-        id,
-        vct,
-        cryptoContext,
-        credential,
-        requiredDisclosures,
-        // When it is a match but no credential_sets are found, the credential is required by default
-        // See https://openid.net/specs/openid-4-verifiable-presentations-1_0-24.html#section-6.3.1.2-2.1
-        purposes: purposes ?? [{
-          required: true
-        }]
-      };
-    });
-  } catch (error) {
-    // Invalid DCQL query structure. Remap to `DcqlError` for consistency.
-    if ((0, _valibot.isValiError)(error)) {
-      throw new _dcql.DcqlError({
-        message: "Failed to parse the provided DCQL query",
-        code: "PARSE_ERROR",
-        cause: error.issues
-      });
-    }
-
-    // Let other errors propagate so they can be caught with `err instanceof DcqlError`
-    throw error;
-  }
-};
-exports.evaluateDcqlQuery = evaluateDcqlQuery;
-const prepareRemotePresentations = async (credentials, nonce, clientId) => {
-  return Promise.all(credentials.map(async item => {
-    const {
-      vp_token
-    } = await (0, _sdJwt.prepareVpToken)(nonce, clientId, [item.credential, item.requestedClaims, item.cryptoContext]);
-    return {
-      credentialId: item.id,
-      requestedClaims: item.requestedClaims,
-      vpToken: vp_token
-    };
-  }));
-};
-exports.prepareRemotePresentations = prepareRemotePresentations;
-//# sourceMappingURL=07-evaluate-dcql-query.js.map

package/lib/commonjs/credential/presentation/07-evaluate-dcql-query.js.map

@@ -1 +0,0 @@
-{"version":3,"names":["_dcql","require","_valibot","_sdJwt","_types","_errors","mapCredentialToObject","jwt","sdJwt","disclosures","decode","credentialFormat","header","typ","vct","payload","credential_format","claims","reduce","acc","disclosure","decoded","getDcqlQueryMatches","result","Object","entries","credential_matches","filter","_ref","match","success","getDcqlQueryFailedMatches","_ref2","extractMissingCredentials","queryResult","originalQuery","map","_ref3","_credential$meta","id","credential","credentials","find","c","format","LEGACY_SD_JWT","Error","vctValues","meta","vct_values","evaluateDcqlQuery","credentialsSdJwt","query","_ref4","parsedQuery","DcqlQuery","parse","validate","canBeSatisfied","CredentialsNotFoundError","credentialsSdJwtByVct","i","_ref5","_queryResult$credenti","output","purposes","credential_sets","set","_set$matching_options","matching_options","flat","includes","credentialSet","_credentialSet$purpos","description","purpose","toString","required","Boolean","cryptoContext","requiredDisclosures","values","error","isValiError","DcqlError","message","code","cause","issues","exports","prepareRemotePresentations","nonce","clientId","Promise","all","item","vp_token","prepareVpToken","requestedClaims","credentialId","vpToken"],"sourceRoot":"../../../../src","sources":["credential/presentation/07-evaluate-dcql-query.ts"],"mappings":";;;;;;AAAA,IAAAA,KAAA,GAAAC,OAAA;AACA,IAAAC,QAAA,GAAAD,OAAA;AAEA,IAAAE,MAAA,GAAAF,OAAA;AACA,IAAAG,MAAA,GAAAH,OAAA;AAEA,IAAAI,OAAA,GAAAJ,OAAA;AAEA;AACA;AACA;;AAuCA;AACA;AACA;AACA;AACA,MAAMK,qBAAqB,GAAIC,GAAW,IAAK;EAC7C,MAAM;IAAEC,KAAK;IAAEC;EAAY,CAAC,GAAG,IAAAC,aAAM,EAACH,GAAG,CAAC;EAC1C,MAAMI,gBAAgB,GAAGH,KAAK,CAACI,MAAM,CAACC,GAAG;EAEzC,OAAO;IACLC,GAAG,EAAEN,KAAK,CAACO,OAAO,CAACD,GAAG;IACtBE,iBAAiB,EAAEL,gBAAgB;IACnCM,MAAM,EAAER,WAAW,CAACS,MAAM,CACxB,CAACC,GAAG,EAAEC,UAAU,MAAM;MACpB,GAAGD,GAAG;MACN,CAACC,UAAU,CAACC,OAAO,CAAC,CAAC,CAAC,GAAGD,UAAU,CAACC;IACtC,CAAC,CAAC,EACF,CAAC,CACH;EACF,CAAC;AACH,CAAC;;AAED;AACA;AACA;AACA,MAAMC,mBAAmB,GAAIC,MAAuB,IAClDC,MAAM,CAACC,OAAO,CAACF,MAAM,CAACG,kBAAkB,CAAC,CAACC,MAAM,CAC9CC,IAAA;EAAA,IAAC,GAAGC,KAAK,CAAC,GAAAD,IAAA;EAAA,OAAKC,KAAK,CAACC,OAAO,KAAK,IAAI;AAAA,CACvC,CAAiC;;AAEnC;AACA;AACA;AACA,MAAMC,yBAAyB,GAAIR,MAAuB,IACxDC,MAAM,CAACC,OAAO,CAACF,MAAM,CAACG,kBAAkB,CAAC,CAACC,MAAM,CAC9CK,KAAA;EAAA,IAAC,GAAGH,KAAK,CAAC,GAAAG,KAAA;EAAA,OAAKH,KAAK,CAACC,OAAO,KAAK,KAAK;AAAA,CACxC,CAAiC;;AAEnC;AACA;AACA;AACA;AACA;AACA,MAAMG,yBAAyB,GAAGA,CAChCC,WAA4B,EAC5BC,aAAwB,KACH;EACrB,OAAOJ,yBAAyB,CAACG,WAAW,CAAC,CAACE,GAAG,CAACC,KAAA,IAAU;IAAA,IAAAC,gBAAA;IAAA,IAAT,CAACC,EAAE,CAAC,GAAAF,KAAA;IACrD,MAAMG,UAAU,GAAGL,aAAa,CAACM,WAAW,CAACC,IAAI,CAAEC,CAAC,IAAKA,CAAC,CAACJ,EAAE,KAAKA,EAAE,CAAC;IACrE,IACE,CAAAC,UAAU,aAAVA,UAAU,uBAAVA,UAAU,CAAEI,MAAM,MAAK,WAAW,IAClC,CAAAJ,UAAU,aAAVA,UAAU,uBAAVA,UAAU,CAAEI,MAAM,MAAKC,oBAAa,EACpC;MACA,MAAM,IAAIC,KAAK,CAAC,oBAAoB,CAAC,CAAC,CAAC;IACzC;;IACA,OAAO;MAAEP,EAAE;MAAEQ,SAAS,GAAAT,gBAAA,GAAEE,UAAU,CAACQ,IAAI,cAAAV,gBAAA,uBAAfA,gBAAA,CAAiBW;IAAW,CAAC;EACvD,CAAC,CAAC;AACJ,CAAC;AAEM,MAAMC,iBAAoC,GAAGA,CAClDC,gBAAgB,EAChBC,KAAK,KACF;EACH,MAAMX,WAAW,GAAGU,gBAAgB,CAACf,GAAG,CAACiB,KAAA;IAAA,IAAC,GAAGb,UAAU,CAAC,GAAAa,KAAA;IAAA,OACtD/C,qBAAqB,CAACkC,UAAU,CAAC;EAAA,CACnC,CAAC;EACD,IAAI;IACF;IACA,MAAMc,WAAW,GAAGC,eAAS,CAACC,KAAK,CAACJ,KAAK,CAAC;IAC1CG,eAAS,CAACE,QAAQ,CAACH,WAAW,CAAC;IAE/B,MAAMpB,WAAW,GAAGqB,eAAS,CAACH,KAAK,CAACE,WAAW,EAAEb,WAAW,CAAC;IAE7D,IAAI,CAACP,WAAW,CAACwB,cAAc,EAAE;MAC/B,MAAM,IAAIC,gCAAwB,CAChC1B,yBAAyB,CAACC,WAAW,EAAEoB,WAAW,CACpD,CAAC;IACH;;IAEA;IACA,MAAMM,qBAAqB,GAAGnB,WAAW,CAACvB,MAAM,CAC9C,CAACC,GAAG,EAAEwB,CAAC,EAAEkB,CAAC,MAAM;MAAE,GAAG1C,GAAG;MAAE,CAACwB,CAAC,CAAC7B,GAAG,GAAGqC,gBAAgB,CAACU,CAAC;IAAG,CAAC,CAAC,EAC1D,CAAC,CACH,CAAC;IAED,OAAOvC,mBAAmB,CAACY,WAAW,CAAC,CAACE,GAAG,CAAC0B,KAAA,IAAiB;MAAA,IAAAC,qBAAA;MAAA,IAAhB,CAACxB,EAAE,EAAEV,KAAK,CAAC,GAAAiC,KAAA;MACtD,IACEjC,KAAK,CAACmC,MAAM,CAAChD,iBAAiB,KAAK,WAAW,IAC9Ca,KAAK,CAACmC,MAAM,CAAChD,iBAAiB,KAAK6B,oBAAa,EAChD;QACA,MAAM,IAAIC,KAAK,CAAC,oBAAoB,CAAC,CAAC,CAAC;MACzC;;MACA,MAAM;QAAEhC,GAAG;QAAEG;MAAO,CAAC,GAAGY,KAAK,CAACmC,MAAM;MAEpC,MAAMC,QAAQ,IAAAF,qBAAA,GAAG7B,WAAW,CAACgC,eAAe,cAAAH,qBAAA,gBAAAA,qBAAA,GAA3BA,qBAAA,CACbpC,MAAM,CAAEwC,GAAG;QAAA,IAAAC,qBAAA;QAAA,QAAAA,qBAAA,GAAKD,GAAG,CAACE,gBAAgB,cAAAD,qBAAA,uBAApBA,qBAAA,CAAsBE,IAAI,CAAC,CAAC,CAACC,QAAQ,CAAChC,EAAE,CAAC;MAAA,EAAC,cAAAwB,qBAAA,uBAD7CA,qBAAA,CAEb3B,GAAG,CAAqBoC,aAAa;QAAA,IAAAC,qBAAA;QAAA,OAAM;UAC3CC,WAAW,GAAAD,qBAAA,GAAED,aAAa,CAACG,OAAO,cAAAF,qBAAA,uBAArBA,qBAAA,CAAuBG,QAAQ,CAAC,CAAC;UAC9CC,QAAQ,EAAEC,OAAO,CAACN,aAAa,CAACK,QAAQ;QAC1C,CAAC;MAAA,CAAC,CAAC;MAEL,MAAM,CAACE,aAAa,EAAEvC,UAAU,CAAC,GAAGoB,qBAAqB,CAAC9C,GAAG,CAAE;MAC/D,MAAMkE,mBAAmB,GAAGxD,MAAM,CAACyD,MAAM,CAAChE,MAAM,CAAiB;MACjE,OAAO;QACLsB,EAAE;QACFzB,GAAG;QACHiE,aAAa;QACbvC,UAAU;QACVwC,mBAAmB;QACnB;QACA;QACAf,QAAQ,EAAEA,QAAQ,IAAI,CAAC;UAAEY,QAAQ,EAAE;QAAK,CAAC;MAC3C,CAAC;IACH,CAAC,CAAC;EACJ,CAAC,CAAC,OAAOK,KAAK,EAAE;IACd;IACA,IAAI,IAAAC,oBAAW,EAACD,KAAK,CAAC,EAAE;MACtB,MAAM,IAAIE,eAAS,CAAC;QAClBC,OAAO,EAAE,yCAAyC;QAClDC,IAAI,EAAE,aAAa;QACnBC,KAAK,EAAEL,KAAK,CAACM;MACf,CAAC,CAAC;IACJ;;IAEA;IACA,MAAMN,KAAK;EACb;AACF,CAAC;AAACO,OAAA,CAAAvC,iBAAA,GAAAA,iBAAA;AAEK,MAAMwC,0BAAsD,GAAG,MAAAA,CACpEjD,WAAW,EACXkD,KAAK,EACLC,QAAQ,KACL;EACH,OAAOC,OAAO,CAACC,GAAG,CAChBrD,WAAW,CAACL,GAAG,CAAC,MAAO2D,IAAI,IAAK;IAC9B,MAAM;MAAEC;IAAS,CAAC,GAAG,MAAM,IAAAC,qBAAc,EAACN,KAAK,EAAEC,QAAQ,EAAE,CACzDG,IAAI,CAACvD,UAAU,EACfuD,IAAI,CAACG,eAAe,EACpBH,IAAI,CAAChB,aAAa,CACnB,CAAC;IAEF,OAAO;MACLoB,YAAY,EAAEJ,IAAI,CAACxD,EAAE;MACrB2D,eAAe,EAAEH,IAAI,CAACG,eAAe;MACrCE,OAAO,EAAEJ;IACX,CAAC;EACH,CAAC,CACH,CAAC;AACH,CAAC;AAACP,OAAA,CAAAC,0BAAA,GAAAA,0BAAA"}

package/lib/commonjs/credential/presentation/07-evaluate-input-descriptor.js

@@ -1,307 +0,0 @@
-"use strict";
-
-Object.defineProperty(exports, "__esModule", {
-  value: true
-});
-exports.prepareLegacyRemotePresentations = exports.findCredentialSdJwt = exports.evaluateInputDescriptors = exports.evaluateInputDescriptorForSdJwt4VC = void 0;
-var _sdJwt = require("../../sd-jwt");
-var _jsonpathPlus = require("jsonpath-plus");
-var _errors = require("./errors");
-var _ajv = _interopRequireDefault(require("ajv"));
-function _interopRequireDefault(obj) { return obj && obj.__esModule ? obj : { default: obj }; }
-const ajv = new _ajv.default({
-  allErrors: true
-});
-const INDEX_CLAIM_NAME = 1;
-
-/**
- * @deprecated Use `prepareRemotePresentations` from DCQL
- */
-
-/**
- * Transforms an array of DisclosureWithEncoded objects into a key-value map.
- * @param disclosures - An array of DisclosureWithEncoded, each containing a decoded property with [?, claimName, claimValue].
- * @returns An object mapping claim names to their corresponding values.
- */
-const mapDisclosuresToObject = disclosures => {
-  return disclosures.reduce((obj, _ref) => {
-    let {
-      decoded
-    } = _ref;
-    const [, claimName, claimValue] = decoded;
-    obj[claimName] = claimValue;
-    return obj;
-  }, {});
-};
-
-/**
- * Finds a claim within the payload based on provided JSONPath expressions.
- * @param paths - An array of JSONPath expressions to search for in the payload.
- * @param payload - The object to search within using JSONPath.
- * @returns A tuple with the first matched JSONPath and its corresponding value, or [undefined, undefined] if not found.
- */
-const findMatchedClaim = (paths, payload) => {
-  let matchedPath;
-  let matchedValue;
-  paths.some(singlePath => {
-    try {
-      const result = (0, _jsonpathPlus.JSONPath)({
-        path: singlePath,
-        json: payload
-      });
-      if (result.length > 0) {
-        matchedPath = singlePath;
-        matchedValue = result[0];
-        return true;
-      }
-    } catch (error) {
-      throw new _errors.MissingDataError(`JSONPath for "${singlePath}" does not match the provided payload.`);
-    }
-    return false;
-  });
-  return [matchedPath, matchedValue];
-};
-
-/**
- * Extracts the claim name from a path that can be in one of the following formats:
- * 1. $.propertyName
- * 2. $["propertyName"] or $['propertyName']
- *
- * @param path - The path string containing the claim reference.
- * @returns The extracted claim name if matched; otherwise, throws an exception.
- */
-const extractClaimName = path => {
-  // Define a regular expression that matches both formats:
-  // 1. $.propertyName
-  // 2. $["propertyName"] or $['propertyName']
-  const regex = /^\$\.(\w+)$|^\$\[(?:'|")(\w+)(?:'|")\]$/;
-  const match = path.match(regex);
-  if (match) {
-    // match[1] corresponds to the first capture group (\w+) after $.
-    // match[2] corresponds to the second capture group (\w+) inside [""] or ['']
-    return match[1] || match[2];
-  }
-
-  // If the input doesn't match any of the expected formats, return null
-
-  throw new Error(`Invalid input format: "${path}". Expected formats are "$.propertyName", "$['propertyName']", or '$["propertyName"]'.`);
-};
-
-/**
- * Evaluates an InputDescriptor for an SD-JWT-based verifiable credential.
- *
- * - Checks each field in the InputDescriptor against the provided `payloadCredential`
- *   and `disclosures` (selectively disclosed claims).
- * - Validates whether required fields are present (unless marked optional)
- *   and match any specified JSONPath.
- * - If a field includes a JSON Schema filter, validates the claim value against that schema.
- * - Enforces `limit_disclosure` rules by returning only disclosures, required and optional, matching the specified fields
- *   if set to "required". Otherwise also return the array unrequestedDisclosures with disclosures which can be passed for a particular use case.
- * - Throws an error if a required field is invalid or missing.
- *
- * @param inputDescriptor - Describes constraints (fields, filters, etc.) that must be satisfied.
- * @param payloadCredential - The credential payload to check against.
- * @param disclosures - An array of DisclosureWithEncoded objects representing selective disclosures.
- * @returns A filtered list of disclosures satisfying the descriptor constraints, or throws an error if not.
- * @throws Will throw an error if any required constraint fails or if JSONPath lookups are invalid.
- */
-const evaluateInputDescriptorForSdJwt4VC = (inputDescriptor, payloadCredential, disclosures) => {
-  var _inputDescriptor$cons;
-  if (!(inputDescriptor !== null && inputDescriptor !== void 0 && (_inputDescriptor$cons = inputDescriptor.constraints) !== null && _inputDescriptor$cons !== void 0 && _inputDescriptor$cons.fields)) {
-    // No validation, all field are optional
-    return {
-      requiredDisclosures: [],
-      optionalDisclosures: [],
-      unrequestedDisclosures: disclosures
-    };
-  }
-  const requiredClaimNames = [];
-  const optionalClaimNames = [];
-
-  // Transform disclosures to find claim using JSONPath
-  const disclosuresAsPayload = mapDisclosuresToObject(disclosures);
-
-  // For each field, we need at least one matching path
-  // If we succeed, we push the matched disclosure in matchedDisclosures and stop checking further paths
-  const allFieldsValid = inputDescriptor.constraints.fields.every(field => {
-    // For Potential profile, selectively disclosed claims will always be built as an individual object property, by using a name-value pair.
-    // Hence that selective claim for array element and recursive disclosures are not supported by Potential for the first iteration of Piloting.
-    // We need to check inside disclosures or inside credential payload. Example path: "$.given_name"
-    let [matchedPath, matchedValue] = findMatchedClaim(field.path, disclosuresAsPayload);
-    if (!matchedPath) {
-      [matchedPath, matchedValue] = findMatchedClaim(field.path, payloadCredential);
-      if (!matchedPath) {
-        // Path could be optional, in this case no need to validate! continue to next field
-        return field === null || field === void 0 ? void 0 : field.optional;
-      }
-    } else {
-      // if match a disclouse we save which is required or optional
-      const claimName = extractClaimName(matchedPath);
-      if (claimName) {
-        (field !== null && field !== void 0 && field.optional ? optionalClaimNames : requiredClaimNames).push(claimName);
-      }
-    }
-
-    // FILTER validation
-    // If this field has a "filter" (JSON Schema), validate the claimValue
-    if (field.filter) {
-      try {
-        const validateSchema = ajv.compile(field.filter);
-        if (!validateSchema(matchedValue)) {
-          throw new _errors.MissingDataError(`Claim value "${matchedValue}" for path "${matchedPath}" does not match the provided JSON Schema.`);
-        }
-      } catch (error) {
-        return false;
-      }
-    }
-    // Submission Requirements validation
-    // TODO: [EUDIW-216] Read rule value if “all” o “pick” and validate
-
-    return true;
-  });
-  if (!allFieldsValid) {
-    throw new _errors.MissingDataError("Credential validation failed: Required fields are missing or do not match the input descriptor.");
-  }
-
-  // Categorizes disclosures into required and optional based on claim names and disclosure constraints.
-
-  const requiredDisclosures = disclosures.filter(disclosure => requiredClaimNames.includes(disclosure.decoded[INDEX_CLAIM_NAME]));
-  const optionalDisclosures = disclosures.filter(disclosure => optionalClaimNames.includes(disclosure.decoded[INDEX_CLAIM_NAME]));
-  const isNotLimitDisclosure = !(inputDescriptor.constraints.limit_disclosure === "required");
-  const unrequestedDisclosures = isNotLimitDisclosure ? disclosures.filter(disclosure => !optionalClaimNames.includes(disclosure.decoded[INDEX_CLAIM_NAME]) && !requiredClaimNames.includes(disclosure.decoded[INDEX_CLAIM_NAME])) : [];
-  return {
-    requiredDisclosures,
-    optionalDisclosures,
-    unrequestedDisclosures
-  };
-};
-exports.evaluateInputDescriptorForSdJwt4VC = evaluateInputDescriptorForSdJwt4VC;
-/**
- * Finds the first credential that satisfies the input descriptor constraints.
- * @param inputDescriptor The input descriptor to evaluate.
- * @param decodedSdJwtCredentials An array of decoded SD-JWT credentials.
- * @returns An object containing the matched evaluation, keyTag, and credential.
- */
-const findCredentialSdJwt = (inputDescriptor, decodedSdJwtCredentials) => {
-  for (const {
-    cryptoContext,
-    credential,
-    sdJwt,
-    disclosures
-  } of decodedSdJwtCredentials) {
-    try {
-      const evaluatedDisclosure = evaluateInputDescriptorForSdJwt4VC(inputDescriptor, sdJwt.payload, disclosures);
-      return {
-        matchedEvaluation: evaluatedDisclosure,
-        cryptoContext,
-        matchedCredential: credential
-      };
-    } catch {
-      // skip to next credential
-      continue;
-    }
-  }
-  throw new _errors.CredentialsNotFoundError([{
-    id: "",
-    reason: "None of the vc+sd-jwt credentials satisfy the requirements."
-  }]);
-};
-
-/**
- * Evaluates multiple input descriptors against provided SD-JWT and MDOC credentials.
- *
- * For each input descriptor, this function:
- * - Checks the credential format.
- * - Decodes the credential.
- * - Evaluates the descriptor using the associated disclosures.
- *
- * @param inputDescriptors - An array of input descriptors.
- * @param credentialsSdJwt - An array of tuples containing keyTag and SD-JWT credential.
- * @returns An array of objects, each containing the evaluated disclosures,
- *          the input descriptor, the credential, and the keyTag.
- * @throws {CredentialNotFoundError} When the credential format is unsupported.
- */
-exports.findCredentialSdJwt = findCredentialSdJwt;
-const evaluateInputDescriptors = async (inputDescriptors, credentialsSdJwt) => {
-  // We need decode SD-JWT credentials for evaluation
-  const decodedSdJwtCredentials = (credentialsSdJwt === null || credentialsSdJwt === void 0 ? void 0 : credentialsSdJwt.map(_ref2 => {
-    let [cryptoContext, credential] = _ref2;
-    const {
-      sdJwt,
-      disclosures
-    } = (0, _sdJwt.decode)(credential);
-    return {
-      cryptoContext,
-      credential,
-      sdJwt,
-      disclosures
-    };
-  })) || [];
-  return Promise.all(inputDescriptors.map(async descriptor => {
-    var _descriptor$format;
-    if ((_descriptor$format = descriptor.format) !== null && _descriptor$format !== void 0 && _descriptor$format["dc+sd-jwt"]) {
-      if (!decodedSdJwtCredentials.length) {
-        throw new _errors.CredentialsNotFoundError([{
-          id: descriptor.id,
-          reason: "vc+sd-jwt credential is not supported."
-        }]);
-      }
-      const {
-        matchedEvaluation,
-        cryptoContext,
-        matchedCredential
-      } = findCredentialSdJwt(descriptor, decodedSdJwtCredentials);
-      return {
-        evaluatedDisclosure: matchedEvaluation,
-        inputDescriptor: descriptor,
-        credential: matchedCredential,
-        cryptoContext
-      };
-    }
-    throw new _errors.CredentialsNotFoundError([{
-      id: descriptor.id,
-      reason: `${descriptor.format} format is not supported.`
-    }]);
-  }));
-};
-
-/**
- * Prepares remote presentations for a set of credentials based on input descriptors.
- *
- * For each credential and its corresponding input descriptor, this function:
- * - Validates the credential format.
- * - Generates a verifiable presentation token (vpToken) using the provided nonce and client identifier.
- *
- * @deprecated Use `prepareRemotePresentations` from DCQL
- *
- * @param credentialAndDescriptors - An array containing objects with requested claims,
- *                                   input descriptor, credential, and keyTag.
- * @param nonce - A unique nonce for the verifiable presentation token.
- * @param client_id - The client identifier.
- * @returns A promise that resolves to an array of RemotePresentation objects.
- * @throws {CredentialNotFoundError} When the credential format is unsupported.
- */
-exports.evaluateInputDescriptors = evaluateInputDescriptors;
-const prepareLegacyRemotePresentations = async (credentialAndDescriptors, nonce, client_id) => {
-  return Promise.all(credentialAndDescriptors.map(async item => {
-    var _descriptor$format2;
-    const descriptor = item.inputDescriptor;
-    if ((_descriptor$format2 = descriptor.format) !== null && _descriptor$format2 !== void 0 && _descriptor$format2["dc+sd-jwt"]) {
-      const {
-        vp_token
-      } = await (0, _sdJwt.prepareVpToken)(nonce, client_id, [item.credential, item.requestedClaims, item.cryptoContext]);
-      return {
-        requestedClaims: item.requestedClaims,
-        inputDescriptor: descriptor,
-        vpToken: vp_token,
-        format: "dc+sd-jwt"
-      };
-    }
-    throw new _errors.CredentialsNotFoundError([{
-      id: descriptor.id,
-      reason: `${descriptor.format} format is not supported.`
-    }]);
-  }));
-};
-exports.prepareLegacyRemotePresentations = prepareLegacyRemotePresentations;
-//# sourceMappingURL=07-evaluate-input-descriptor.js.map

package/lib/commonjs/credential/presentation/07-evaluate-input-descriptor.js.map

@@ -1 +0,0 @@
-{"version":3,"names":["_sdJwt","require","_jsonpathPlus","_errors","_ajv","_interopRequireDefault","obj","__esModule","default","ajv","Ajv","allErrors","INDEX_CLAIM_NAME","mapDisclosuresToObject","disclosures","reduce","_ref","decoded","claimName","claimValue","findMatchedClaim","paths","payload","matchedPath","matchedValue","some","singlePath","result","JSONPath","path","json","length","error","MissingDataError","extractClaimName","regex","match","Error","evaluateInputDescriptorForSdJwt4VC","inputDescriptor","payloadCredential","_inputDescriptor$cons","constraints","fields","requiredDisclosures","optionalDisclosures","unrequestedDisclosures","requiredClaimNames","optionalClaimNames","disclosuresAsPayload","allFieldsValid","every","field","optional","push","filter","validateSchema","compile","disclosure","includes","isNotLimitDisclosure","limit_disclosure","exports","findCredentialSdJwt","decodedSdJwtCredentials","cryptoContext","credential","sdJwt","evaluatedDisclosure","matchedEvaluation","matchedCredential","CredentialsNotFoundError","id","reason","evaluateInputDescriptors","inputDescriptors","credentialsSdJwt","map","_ref2","decode","Promise","all","descriptor","_descriptor$format","format","prepareLegacyRemotePresentations","credentialAndDescriptors","nonce","client_id","item","_descriptor$format2","vp_token","prepareVpToken","requestedClaims","vpToken"],"sourceRoot":"../../../../src","sources":["credential/presentation/07-evaluate-input-descriptor.ts"],"mappings":";;;;;;AAEA,IAAAA,MAAA,GAAAC,OAAA;AACA,IAAAC,aAAA,GAAAD,OAAA;AACA,IAAAE,OAAA,GAAAF,OAAA;AACA,IAAAG,IAAA,GAAAC,sBAAA,CAAAJ,OAAA;AAAsB,SAAAI,uBAAAC,GAAA,WAAAA,GAAA,IAAAA,GAAA,CAAAC,UAAA,GAAAD,GAAA,KAAAE,OAAA,EAAAF,GAAA;AAGtB,MAAMG,GAAG,GAAG,IAAIC,YAAG,CAAC;EAAEC,SAAS,EAAE;AAAK,CAAC,CAAC;AACxC,MAAMC,gBAAgB,GAAG,CAAC;;AA6B1B;AACA;AACA;;AAYA;AACA;AACA;AACA;AACA;AACA,MAAMC,sBAAsB,GAC1BC,WAAoC,IACR;EAC5B,OAAOA,WAAW,CAACC,MAAM,CACvB,CAACT,GAAG,EAAAU,IAAA,KAAkB;IAAA,IAAhB;MAAEC;IAAQ,CAAC,GAAAD,IAAA;IACf,MAAM,GAAGE,SAAS,EAAEC,UAAU,CAAC,GAAGF,OAAO;IACzCX,GAAG,CAACY,SAAS,CAAC,GAAGC,UAAU;IAC3B,OAAOb,GAAG;EACZ,CAAC,EACD,CAAC,CACH,CAAC;AACH,CAAC;;AAED;AACA;AACA;AACA;AACA;AACA;AACA,MAAMc,gBAAgB,GAAGA,CACvBC,KAAe,EACfC,OAAY,KACW;EACvB,IAAIC,WAAW;EACf,IAAIC,YAAY;EAChBH,KAAK,CAACI,IAAI,CAAEC,UAAU,IAAK;IACzB,IAAI;MACF,MAAMC,MAAM,GAAG,IAAAC,sBAAQ,EAAC;QAAEC,IAAI,EAAEH,UAAU;QAAEI,IAAI,EAAER;MAAQ,CAAC,CAAC;MAC5D,IAAIK,MAAM,CAACI,MAAM,GAAG,CAAC,EAAE;QACrBR,WAAW,GAAGG,UAAU;QACxBF,YAAY,GAAGG,MAAM,CAAC,CAAC,CAAC;QACxB,OAAO,IAAI;MACb;IACF,CAAC,CAAC,OAAOK,KAAK,EAAE;MACd,MAAM,IAAIC,wBAAgB,CACvB,iBAAgBP,UAAW,wCAC9B,CAAC;IACH;IACA,OAAO,KAAK;EACd,CAAC,CAAC;EAEF,OAAO,CAACH,WAAW,EAAEC,YAAY,CAAC;AACpC,CAAC;;AAED;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,MAAMU,gBAAgB,GAAIL,IAAY,IAAyB;EAC7D;EACA;EACA;EACA,MAAMM,KAAK,GAAG,yCAAyC;EAEvD,MAAMC,KAAK,GAAGP,IAAI,CAACO,KAAK,CAACD,KAAK,CAAC;EAC/B,IAAIC,KAAK,EAAE;IACT;IACA;IACA,OAAOA,KAAK,CAAC,CAAC,CAAC,IAAIA,KAAK,CAAC,CAAC,CAAC;EAC7B;;EAEA;;EAEA,MAAM,IAAIC,KAAK,CACZ,0BAAyBR,IAAK,wFACjC,CAAC;AACH,CAAC;;AAED;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACO,MAAMS,kCAAmE,GAC9EA,CAACC,eAAe,EAAEC,iBAAiB,EAAE1B,WAAW,KAAK;EAAA,IAAA2B,qBAAA;EACnD,IAAI,EAACF,eAAe,aAAfA,eAAe,gBAAAE,qBAAA,GAAfF,eAAe,CAAEG,WAAW,cAAAD,qBAAA,eAA5BA,qBAAA,CAA8BE,MAAM,GAAE;IACzC;IACA,OAAO;MACLC,mBAAmB,EAAE,EAAE;MACvBC,mBAAmB,EAAE,EAAE;MACvBC,sBAAsB,EAAEhC;IAC1B,CAAC;EACH;EACA,MAAMiC,kBAA4B,GAAG,EAAE;EACvC,MAAMC,kBAA4B,GAAG,EAAE;;EAEvC;EACA,MAAMC,oBAAoB,GAAGpC,sBAAsB,CAACC,WAAW,CAAC;;EAEhE;EACA;EACA,MAAMoC,cAAc,GAAGX,eAAe,CAACG,WAAW,CAACC,MAAM,CAACQ,KAAK,CAAEC,KAAK,IAAK;IACzE;IACA;IACA;IACA,IAAI,CAAC7B,WAAW,EAAEC,YAAY,CAAC,GAAGJ,gBAAgB,CAChDgC,KAAK,CAACvB,IAAI,EACVoB,oBACF,CAAC;IAED,IAAI,CAAC1B,WAAW,EAAE;MAChB,CAACA,WAAW,EAAEC,YAAY,CAAC,GAAGJ,gBAAgB,CAC5CgC,KAAK,CAACvB,IAAI,EACVW,iBACF,CAAC;MAED,IAAI,CAACjB,WAAW,EAAE;QAChB;QACA,OAAO6B,KAAK,aAALA,KAAK,uBAALA,KAAK,CAAEC,QAAQ;MACxB;IACF,CAAC,MAAM;MACL;MACA,MAAMnC,SAAS,GAAGgB,gBAAgB,CAACX,WAAW,CAAC;MAC/C,IAAIL,SAAS,EAAE;QACb,CAACkC,KAAK,aAALA,KAAK,eAALA,KAAK,CAAEC,QAAQ,GAAGL,kBAAkB,GAAGD,kBAAkB,EAAEO,IAAI,CAC9DpC,SACF,CAAC;MACH;IACF;;IAEA;IACA;IACA,IAAIkC,KAAK,CAACG,MAAM,EAAE;MAChB,IAAI;QACF,MAAMC,cAAc,GAAG/C,GAAG,CAACgD,OAAO,CAACL,KAAK,CAACG,MAAM,CAAC;QAChD,IAAI,CAACC,cAAc,CAAChC,YAAY,CAAC,EAAE;UACjC,MAAM,IAAIS,wBAAgB,CACvB,gBAAeT,YAAa,eAAcD,WAAY,4CACzD,CAAC;QACH;MACF,CAAC,CAAC,OAAOS,KAAK,EAAE;QACd,OAAO,KAAK;MACd;IACF;IACA;IACA;;IAEA,OAAO,IAAI;EACb,CAAC,CAAC;EAEF,IAAI,CAACkB,cAAc,EAAE;IACnB,MAAM,IAAIjB,wBAAgB,CACxB,iGACF,CAAC;EACH;;EAEA;;EAEA,MAAMW,mBAAmB,GAAG9B,WAAW,CAACyC,MAAM,CAAEG,UAAU,IACxDX,kBAAkB,CAACY,QAAQ,CAACD,UAAU,CAACzC,OAAO,CAACL,gBAAgB,CAAC,CAClE,CAAC;EAED,MAAMiC,mBAAmB,GAAG/B,WAAW,CAACyC,MAAM,CAAEG,UAAU,IACxDV,kBAAkB,CAACW,QAAQ,CAACD,UAAU,CAACzC,OAAO,CAACL,gBAAgB,CAAC,CAClE,CAAC;EAED,MAAMgD,oBAAoB,GAAG,EAC3BrB,eAAe,CAACG,WAAW,CAACmB,gBAAgB,KAAK,UAAU,CAC5D;EAED,MAAMf,sBAAsB,GAAGc,oBAAoB,GAC/C9C,WAAW,CAACyC,MAAM,CACfG,UAAU,IACT,CAACV,kBAAkB,CAACW,QAAQ,CAC1BD,UAAU,CAACzC,OAAO,CAACL,gBAAgB,CACrC,CAAC,IACD,CAACmC,kBAAkB,CAACY,QAAQ,CAACD,UAAU,CAACzC,OAAO,CAACL,gBAAgB,CAAC,CACrE,CAAC,GACD,EAAE;EAEN,OAAO;IACLgC,mBAAmB;IACnBC,mBAAmB;IACnBC;EACF,CAAC;AACH,CAAC;AAACgB,OAAA,CAAAxB,kCAAA,GAAAA,kCAAA;AASJ;AACA;AACA;AACA;AACA;AACA;AACO,MAAMyB,mBAAmB,GAAGA,CACjCxB,eAAgC,EAChCyB,uBAAiD,KAK9C;EACH,KAAK,MAAM;IACTC,aAAa;IACbC,UAAU;IACVC,KAAK;IACLrD;EACF,CAAC,IAAIkD,uBAAuB,EAAE;IAC5B,IAAI;MACF,MAAMI,mBAAmB,GAAG9B,kCAAkC,CAC5DC,eAAe,EACf4B,KAAK,CAAC7C,OAAO,EACbR,WACF,CAAC;MAED,OAAO;QACLuD,iBAAiB,EAAED,mBAAmB;QACtCH,aAAa;QACbK,iBAAiB,EAAEJ;MACrB,CAAC;IACH,CAAC,CAAC,MAAM;MACN;MACA;IACF;EACF;EAEA,MAAM,IAAIK,gCAAwB,CAAC,CACjC;IACEC,EAAE,EAAE,EAAE;IACNC,MAAM,EAAE;EACV,CAAC,CACF,CAAC;AACJ,CAAC;;AAED;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AAbAX,OAAA,CAAAC,mBAAA,GAAAA,mBAAA;AAcO,MAAMW,wBAAkD,GAAG,MAAAA,CAChEC,gBAAgB,EAChBC,gBAAgB,KACb;EACH;EACA,MAAMZ,uBAAuB,GAC3B,CAAAY,gBAAgB,aAAhBA,gBAAgB,uBAAhBA,gBAAgB,CAAEC,GAAG,CAACC,KAAA,IAAiC;IAAA,IAAhC,CAACb,aAAa,EAAEC,UAAU,CAAC,GAAAY,KAAA;IAChD,MAAM;MAAEX,KAAK;MAAErD;IAAY,CAAC,GAAG,IAAAiE,aAAM,EAACb,UAAU,CAAC;IACjD,OAAO;MAAED,aAAa;MAAEC,UAAU;MAAEC,KAAK;MAAErD;IAAY,CAAC;EAC1D,CAAC,CAAC,KAAI,EAAE;EAEV,OAAOkE,OAAO,CAACC,GAAG,CAChBN,gBAAgB,CAACE,GAAG,CAAC,MAAOK,UAAU,IAAK;IAAA,IAAAC,kBAAA;IACzC,KAAAA,kBAAA,GAAID,UAAU,CAACE,MAAM,cAAAD,kBAAA,eAAjBA,kBAAA,CAAoB,WAAW,CAAC,EAAE;MACpC,IAAI,CAACnB,uBAAuB,CAACjC,MAAM,EAAE;QACnC,MAAM,IAAIwC,gCAAwB,CAAC,CACjC;UACEC,EAAE,EAAEU,UAAU,CAACV,EAAE;UACjBC,MAAM,EAAE;QACV,CAAC,CACF,CAAC;MACJ;MAEA,MAAM;QAAEJ,iBAAiB;QAAEJ,aAAa;QAAEK;MAAkB,CAAC,GAC3DP,mBAAmB,CAACmB,UAAU,EAAElB,uBAAuB,CAAC;MAE1D,OAAO;QACLI,mBAAmB,EAAEC,iBAAiB;QACtC9B,eAAe,EAAE2C,UAAU;QAC3BhB,UAAU,EAAEI,iBAAiB;QAC7BL;MACF,CAAC;IACH;IAEA,MAAM,IAAIM,gCAAwB,CAAC,CACjC;MACEC,EAAE,EAAEU,UAAU,CAACV,EAAE;MACjBC,MAAM,EAAG,GAAES,UAAU,CAACE,MAAO;IAC/B,CAAC,CACF,CAAC;EACJ,CAAC,CACH,CAAC;AACH,CAAC;;AAED;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AAfAtB,OAAA,CAAAY,wBAAA,GAAAA,wBAAA;AAgBO,MAAMW,gCAAkE,GAC7E,MAAAA,CAAOC,wBAAwB,EAAEC,KAAK,EAAEC,SAAS,KAAK;EACpD,OAAOR,OAAO,CAACC,GAAG,CAChBK,wBAAwB,CAACT,GAAG,CAAC,MAAOY,IAAI,IAAK;IAAA,IAAAC,mBAAA;IAC3C,MAAMR,UAAU,GAAGO,IAAI,CAAClD,eAAe;IAEvC,KAAAmD,mBAAA,GAAIR,UAAU,CAACE,MAAM,cAAAM,mBAAA,eAAjBA,mBAAA,CAAoB,WAAW,CAAC,EAAE;MACpC,MAAM;QAAEC;MAAS,CAAC,GAAG,MAAM,IAAAC,qBAAc,EAACL,KAAK,EAAEC,SAAS,EAAE,CAC1DC,IAAI,CAACvB,UAAU,EACfuB,IAAI,CAACI,eAAe,EACpBJ,IAAI,CAACxB,aAAa,CACnB,CAAC;MAEF,OAAO;QACL4B,eAAe,EAAEJ,IAAI,CAACI,eAAe;QACrCtD,eAAe,EAAE2C,UAAU;QAC3BY,OAAO,EAAEH,QAAQ;QACjBP,MAAM,EAAE;MACV,CAAC;IACH;IAEA,MAAM,IAAIb,gCAAwB,CAAC,CACjC;MACEC,EAAE,EAAEU,UAAU,CAACV,EAAE;MACjBC,MAAM,EAAG,GAAES,UAAU,CAACE,MAAO;IAC/B,CAAC,CACF,CAAC;EACJ,CAAC,CACH,CAAC;AACH,CAAC;AAACtB,OAAA,CAAAuB,gCAAA,GAAAA,gCAAA"}