npm - @pagopa/io-react-native-wallet - Versions diffs - 2.5.0 → 3.0.0 - Mend

@pagopa/io-react-native-wallet 2.5.0 → 3.0.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (1562) hide show

package/lib/module/credential/offer/errors.js DELETED Viewed

@@ -1,14 +0,0 @@
-import { IoWalletError } from "../../utils/errors";
-export class InvalidCredentialOfferError extends IoWalletError {
-  code = "ERR_INVALID_CREDENTIAL_OFFER";
-  constructor(message) {
-    super(message);
-  }
-}
-export class InvalidQRCodeError extends IoWalletError {
-  code = "ERR_INVALID_QR_CODE";
-  constructor(message) {
-    super(message);
-  }
-}
-//# sourceMappingURL=errors.js.map

package/lib/module/credential/offer/errors.js.map DELETED Viewed

@@ -1 +0,0 @@

- {"version":3,"names":["IoWalletError","InvalidCredentialOfferError","code","constructor","message","InvalidQRCodeError"],"sourceRoot":"../../../../src","sources":["credential/offer/errors.ts"],"mappings":"AAAA,SAASA,aAAa,QAAQ,oBAAoB;AAElD,OAAO,MAAMC,2BAA2B,SAASD,aAAa,CAAC;EAC7DE,IAAI,GAAG,8BAA8B;EAErCC,WAAWA,CAACC,OAAgB,EAAE;IAC5B,KAAK,CAACA,OAAO,CAAC;EAChB;AACF;AAEA,OAAO,MAAMC,kBAAkB,SAASL,aAAa,CAAC;EACpDE,IAAI,GAAG,qBAAqB;EAE5BC,WAAWA,CAACC,OAAgB,EAAE;IAC5B,KAAK,CAACA,OAAO,CAAC;EAChB;AACF"}

package/lib/module/credential/offer/types.js DELETED Viewed

@@ -1,41 +0,0 @@
-import { z } from "zod";
-/**
- * OAuth 2.0 Authorization Code flow parameters.
- */
-export const AuthorizationCodeGrantSchema = z.object({
-  issuer_state: z.string().optional(),
-  authorization_server: z.string().url().optional()
-});
-/**
- * Transaction Code requirements for Pre-Authorized Code flow.
- */
-export const TransactionCodeSchema = z.object({
-  input_mode: z.enum(["numeric", "text"]).optional(),
-  length: z.number().int().positive().optional(),
-  description: z.string().max(300).optional()
-});
-/**
- * Pre-Authorized Code flow parameters.
- */
-export const PreAuthorizedCodeGrantSchema = z.object({
-  "pre-authorized_code": z.string(),
-  tx_code: TransactionCodeSchema.optional(),
-  authorization_server: z.string().url().optional()
-});
-/**
- * Supported grant types for Credential Offer.
- */
-export const GrantsSchema = z.object({
-  authorization_code: AuthorizationCodeGrantSchema.optional(),
-  "urn:ietf:params:oauth:grant-type:pre-authorized_code": PreAuthorizedCodeGrantSchema.optional()
-});
-/**
- * Credential Offer object as defined in OpenID4VCI Section 4.1.1.
- */
-export const CredentialOfferSchema = z.object({
-  credential_issuer: z.string().url(),
-  credential_configuration_ids: z.array(z.string()).min(1),
-  grants: GrantsSchema.optional()
-});
-//# sourceMappingURL=types.js.map

package/lib/module/credential/offer/types.js.map DELETED Viewed

@@ -1 +0,0 @@

- {"version":3,"names":["z","AuthorizationCodeGrantSchema","object","issuer_state","string","optional","authorization_server","url","TransactionCodeSchema","input_mode","enum","length","number","int","positive","description","max","PreAuthorizedCodeGrantSchema","tx_code","GrantsSchema","authorization_code","CredentialOfferSchema","credential_issuer","credential_configuration_ids","array","min","grants"],"sourceRoot":"../../../../src","sources":["credential/offer/types.ts"],"mappings":"AAAA,SAASA,CAAC,QAAQ,KAAK;;AAEvB;AACA;AACA;AACA,OAAO,MAAMC,4BAA4B,GAAGD,CAAC,CAACE,MAAM,CAAC;EACnDC,YAAY,EAAEH,CAAC,CAACI,MAAM,CAAC,CAAC,CAACC,QAAQ,CAAC,CAAC;EACnCC,oBAAoB,EAAEN,CAAC,CAACI,MAAM,CAAC,CAAC,CAACG,GAAG,CAAC,CAAC,CAACF,QAAQ,CAAC;AAClD,CAAC,CAAC;AAMF;AACA;AACA;AACA,OAAO,MAAMG,qBAAqB,GAAGR,CAAC,CAACE,MAAM,CAAC;EAC5CO,UAAU,EAAET,CAAC,CAACU,IAAI,CAAC,CAAC,SAAS,EAAE,MAAM,CAAC,CAAC,CAACL,QAAQ,CAAC,CAAC;EAClDM,MAAM,EAAEX,CAAC,CAACY,MAAM,CAAC,CAAC,CAACC,GAAG,CAAC,CAAC,CAACC,QAAQ,CAAC,CAAC,CAACT,QAAQ,CAAC,CAAC;EAC9CU,WAAW,EAAEf,CAAC,CAACI,MAAM,CAAC,CAAC,CAACY,GAAG,CAAC,GAAG,CAAC,CAACX,QAAQ,CAAC;AAC5C,CAAC,CAAC;AAIF;AACA;AACA;AACA,OAAO,MAAMY,4BAA4B,GAAGjB,CAAC,CAACE,MAAM,CAAC;EACnD,qBAAqB,EAAEF,CAAC,CAACI,MAAM,CAAC,CAAC;EACjCc,OAAO,EAAEV,qBAAqB,CAACH,QAAQ,CAAC,CAAC;EACzCC,oBAAoB,EAAEN,CAAC,CAACI,MAAM,CAAC,CAAC,CAACG,GAAG,CAAC,CAAC,CAACF,QAAQ,CAAC;AAClD,CAAC,CAAC;AAMF;AACA;AACA;AACA,OAAO,MAAMc,YAAY,GAAGnB,CAAC,CAACE,MAAM,CAAC;EACnCkB,kBAAkB,EAAEnB,4BAA4B,CAACI,QAAQ,CAAC,CAAC;EAC3D,sDAAsD,EACpDY,4BAA4B,CAACZ,QAAQ,CAAC;AAC1C,CAAC,CAAC;AAIF;AACA;AACA;AACA,OAAO,MAAMgB,qBAAqB,GAAGrB,CAAC,CAACE,MAAM,CAAC;EAC5CoB,iBAAiB,EAAEtB,CAAC,CAACI,MAAM,CAAC,CAAC,CAACG,GAAG,CAAC,CAAC;EACnCgB,4BAA4B,EAAEvB,CAAC,CAACwB,KAAK,CAACxB,CAAC,CAACI,MAAM,CAAC,CAAC,CAAC,CAACqB,GAAG,CAAC,CAAC,CAAC;EACxDC,MAAM,EAAEP,YAAY,CAACd,QAAQ,CAAC;AAChC,CAAC,CAAC"}

package/lib/module/credential/presentation/01-start-flow.js DELETED Viewed

@@ -1,36 +0,0 @@
-import * as z from "zod";
-import { InvalidQRCodeError } from "./errors";
-const PresentationParams = z.object({
-  client_id: z.string().nonempty(),
-  request_uri: z.string().url(),
-  request_uri_method: z.enum(["get", "post"]),
-  state: z.string().optional()
-});
-/**
- * The beginning of the presentation flow.
- * To be implemented according to the user touchpoint
- *
- * @param params Presentation parameters, depending on the starting touchpoint
- * @returns The url for the Relying Party to connect with
- */
-/**
- * Start a presentation flow by validating the required parameters.
- * Parameters are extracted from a url encoded in a QR code or in a deep link.
- *
- * @param params The parameters to be validated
- * @returns The url for the Relying Party to connect with
- * @throws If the provided parameters are not valid
- */
-export const startFlowFromQR = params => {
-  const result = PresentationParams.safeParse({
-    ...params,
-    request_uri_method: params.request_uri_method ?? "get"
-  });
-  if (result.success) {
-    return result.data;
-  }
-  throw new InvalidQRCodeError(result.error.message);
-};
-//# sourceMappingURL=01-start-flow.js.map

package/lib/module/credential/presentation/01-start-flow.js.map DELETED Viewed

@@ -1 +0,0 @@

- {"version":3,"names":["z","InvalidQRCodeError","PresentationParams","object","client_id","string","nonempty","request_uri","url","request_uri_method","enum","state","optional","startFlowFromQR","params","result","safeParse","success","data","error","message"],"sourceRoot":"../../../../src","sources":["credential/presentation/01-start-flow.ts"],"mappings":"AAAA,OAAO,KAAKA,CAAC,MAAM,KAAK;AACxB,SAASC,kBAAkB,QAAQ,UAAU;AAE7C,MAAMC,kBAAkB,GAAGF,CAAC,CAACG,MAAM,CAAC;EAClCC,SAAS,EAAEJ,CAAC,CAACK,MAAM,CAAC,CAAC,CAACC,QAAQ,CAAC,CAAC;EAChCC,WAAW,EAAEP,CAAC,CAACK,MAAM,CAAC,CAAC,CAACG,GAAG,CAAC,CAAC;EAC7BC,kBAAkB,EAAET,CAAC,CAACU,IAAI,CAAC,CAAC,KAAK,EAAE,MAAM,CAAC,CAAC;EAC3CC,KAAK,EAAEX,CAAC,CAACK,MAAM,CAAC,CAAC,CAACO,QAAQ,CAAC;AAC7B,CAAC,CAAC;;AAGF;AACA;AACA;AACA;AACA;AACA;AACA;;AAKA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,OAAO,MAAMC,eAA0B,GAAIC,MAAM,IAAK;EACpD,MAAMC,MAAM,GAAGb,kBAAkB,CAACc,SAAS,CAAC;IAC1C,GAAGF,MAAM;IACTL,kBAAkB,EAAEK,MAAM,CAACL,kBAAkB,IAAI;EACnD,CAAC,CAAC;EAEF,IAAIM,MAAM,CAACE,OAAO,EAAE;IAClB,OAAOF,MAAM,CAACG,IAAI;EACpB;EAEA,MAAM,IAAIjB,kBAAkB,CAACc,MAAM,CAACI,KAAK,CAACC,OAAO,CAAC;AACpD,CAAC"}

package/lib/module/credential/presentation/02-evaluate-rp-trust.js DELETED Viewed

@@ -1,27 +0,0 @@
-import { getRelyingPartyEntityConfiguration } from "../../trust/build-chain";
-/**
- * The Relying Party trust evaluation phase.
- * Fetch the  Relying Party's configuration and verify trust.
- *
- * @param rpUrl The base url of the Issuer
- * @param context.appFetch (optional) fetch api implementation. Default: built-in fetch
- * @returns The Relying Party's configuration
- */
-export const evaluateRelyingPartyTrust = async function (rpUrl) {
-  let {
-    appFetch = fetch
-  } = arguments.length > 1 && arguments[1] !== undefined ? arguments[1] : {};
-  const {
-    payload: {
-      metadata: rpConf,
-      sub
-    }
-  } = await getRelyingPartyEntityConfiguration(rpUrl, {
-    appFetch
-  });
-  return {
-    rpConf,
-    subject: sub
-  };
-};
-//# sourceMappingURL=02-evaluate-rp-trust.js.map

package/lib/module/credential/presentation/02-evaluate-rp-trust.js.map DELETED Viewed

@@ -1 +0,0 @@

- {"version":3,"names":["getRelyingPartyEntityConfiguration","evaluateRelyingPartyTrust","rpUrl","appFetch","fetch","arguments","length","undefined","payload","metadata","rpConf","sub","subject"],"sourceRoot":"../../../../src","sources":["credential/presentation/02-evaluate-rp-trust.ts"],"mappings":"AAGA,SAASA,kCAAkC,QAAQ,yBAAyB;AAY5E;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,OAAO,MAAMC,yBAAoD,GAAG,eAAAA,CAClEC,KAAK,EAEF;EAAA,IADH;IAAEC,QAAQ,GAAGC;EAAM,CAAC,GAAAC,SAAA,CAAAC,MAAA,QAAAD,SAAA,QAAAE,SAAA,GAAAF,SAAA,MAAG,CAAC,CAAC;EAEzB,MAAM;IACJG,OAAO,EAAE;MAAEC,QAAQ,EAAEC,MAAM;MAAEC;IAAI;EACnC,CAAC,GAAG,MAAMX,kCAAkC,CAACE,KAAK,EAAE;IAClDC;EACF,CAAC,CAAC;EACF,OAAO;IAAEO,MAAM;IAAEE,OAAO,EAAED;EAAI,CAAC;AACjC,CAAC"}

package/lib/module/credential/presentation/03-get-request-object.js DELETED Viewed

@@ -1,49 +0,0 @@
-import { RelyingPartyResponseError } from "../../utils/errors";
-import { hasStatusOrThrow } from "../../utils/misc";
-import { RequestObjectWalletCapabilities } from "./types";
-/**
- * Obtain the Request Object for RP authentication. Both the GET and POST `request_uri_method` are supported.
- * @see https://italia.github.io/eudi-wallet-it-docs/versione-corrente/en/relying-party-solution.html
- *
- * @param requestUri The url for the Relying Party to connect with
- * @param rpConf The Relying Party's configuration * @param context.walletInstanceAttestation The Wallet Instance Attestation token
- * @param context.walletCapabilities (optional) An object containing the wallet technical capabilities that will be sent with a POST request
- * @param context.appFetch (optional) fetch api implementation. Default: built-in fetch
- * @returns The Request Object that describes the presentation
- */
-export const getRequestObject = async function (requestUri) {
-  let {
-    appFetch = fetch,
-    walletCapabilities
-  } = arguments.length > 1 && arguments[1] !== undefined ? arguments[1] : {};
-  if (walletCapabilities) {
-    // Validate external input
-    const {
-      wallet_metadata,
-      wallet_nonce
-    } = RequestObjectWalletCapabilities.parse(walletCapabilities);
-    const formUrlEncodedBody = new URLSearchParams({
-      wallet_metadata: JSON.stringify(wallet_metadata),
-      ...(wallet_nonce && {
-        wallet_nonce
-      })
-    });
-    const requestObjectEncodedJwt = await appFetch(requestUri, {
-      method: "POST",
-      headers: {
-        "Content-Type": "application/x-www-form-urlencoded"
-      },
-      body: formUrlEncodedBody.toString()
-    }).then(hasStatusOrThrow(200, RelyingPartyResponseError)).then(res => res.text());
-    return {
-      requestObjectEncodedJwt
-    };
-  }
-  const requestObjectEncodedJwt = await appFetch(requestUri, {
-    method: "GET"
-  }).then(hasStatusOrThrow(200, RelyingPartyResponseError)).then(res => res.text());
-  return {
-    requestObjectEncodedJwt
-  };
-};
-//# sourceMappingURL=03-get-request-object.js.map

package/lib/module/credential/presentation/03-get-request-object.js.map DELETED Viewed

@@ -1 +0,0 @@

- {"version":3,"names":["RelyingPartyResponseError","hasStatusOrThrow","RequestObjectWalletCapabilities","getRequestObject","requestUri","appFetch","fetch","walletCapabilities","arguments","length","undefined","wallet_metadata","wallet_nonce","parse","formUrlEncodedBody","URLSearchParams","JSON","stringify","requestObjectEncodedJwt","method","headers","body","toString","then","res","text"],"sourceRoot":"../../../../src","sources":["credential/presentation/03-get-request-object.ts"],"mappings":"AAAA,SAASA,yBAAyB,QAAQ,oBAAoB;AAC9D,SAASC,gBAAgB,QAAQ,kBAAkB;AACnD,SAASC,+BAA+B,QAAQ,SAAS;AAUzD;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,OAAO,MAAMC,gBAAkC,GAAG,eAAAA,CAChDC,UAAU,EAEP;EAAA,IADH;IAAEC,QAAQ,GAAGC,KAAK;IAAEC;EAAmB,CAAC,GAAAC,SAAA,CAAAC,MAAA,QAAAD,SAAA,QAAAE,SAAA,GAAAF,SAAA,MAAG,CAAC,CAAC;EAE7C,IAAID,kBAAkB,EAAE;IACtB;IACA,MAAM;MAAEI,eAAe;MAAEC;IAAa,CAAC,GACrCV,+BAA+B,CAACW,KAAK,CAACN,kBAAkB,CAAC;IAE3D,MAAMO,kBAAkB,GAAG,IAAIC,eAAe,CAAC;MAC7CJ,eAAe,EAAEK,IAAI,CAACC,SAAS,CAACN,eAAe,CAAC;MAChD,IAAIC,YAAY,IAAI;QAAEA;MAAa,CAAC;IACtC,CAAC,CAAC;IAEF,MAAMM,uBAAuB,GAAG,MAAMb,QAAQ,CAACD,UAAU,EAAE;MACzDe,MAAM,EAAE,MAAM;MACdC,OAAO,EAAE;QACP,cAAc,EAAE;MAClB,CAAC;MACDC,IAAI,EAAEP,kBAAkB,CAACQ,QAAQ,CAAC;IACpC,CAAC,CAAC,CACCC,IAAI,CAACtB,gBAAgB,CAAC,GAAG,EAAED,yBAAyB,CAAC,CAAC,CACtDuB,IAAI,CAAEC,GAAG,IAAKA,GAAG,CAACC,IAAI,CAAC,CAAC,CAAC;IAE5B,OAAO;MACLP;IACF,CAAC;EACH;EAEA,MAAMA,uBAAuB,GAAG,MAAMb,QAAQ,CAACD,UAAU,EAAE;IACzDe,MAAM,EAAE;EACV,CAAC,CAAC,CACCI,IAAI,CAACtB,gBAAgB,CAAC,GAAG,EAAED,yBAAyB,CAAC,CAAC,CACtDuB,IAAI,CAAEC,GAAG,IAAKA,GAAG,CAACC,IAAI,CAAC,CAAC,CAAC;EAE5B,OAAO;IACLP;EACF,CAAC;AACH,CAAC"}

package/lib/module/credential/presentation/04-retrieve-rp-jwks.js DELETED Viewed

@@ -1,25 +0,0 @@
-/**
- * Defines the signature for a function that retrieves JSON Web Key Sets (JWKS) from a client.
- *
- * @template T - The tuple type representing the function arguments.
- * @param args - The arguments passed to the function.
- * @returns A promise resolving to an object containing an array of JWKs.
- */
-/**
- * Retrieves the JSON Web Key Set (JWKS) from a Relying Party's entity configuration.
- *
- * @param rpConfig - The configuration object of the Relying Party entity.
- * @returns An object containing an array of JWKs.
- * @throws Will throw an error if the configuration is invalid or if JWKS is not found.
- */
-export const getJwksFromConfig = rpConfig => {
-  const jwks = rpConfig.openid_credential_verifier.jwks;
-  if (!jwks || !Array.isArray(jwks.keys)) {
-    throw new Error("JWKS not found in Relying Party configuration.");
-  }
-  return {
-    keys: jwks.keys
-  };
-};
-//# sourceMappingURL=04-retrieve-rp-jwks.js.map

package/lib/module/credential/presentation/04-retrieve-rp-jwks.js.map DELETED Viewed

@@ -1 +0,0 @@

- {"version":3,"names":["getJwksFromConfig","rpConfig","jwks","openid_credential_verifier","Array","isArray","keys","Error"],"sourceRoot":"../../../../src","sources":["credential/presentation/04-retrieve-rp-jwks.ts"],"mappings":"AAGA;AACA;AACA;AACA;AACA;AACA;AACA;;AAKA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,OAAO,MAAMA,iBAEZ,GAAIC,QAAQ,IAAK;EAChB,MAAMC,IAAI,GAAGD,QAAQ,CAACE,0BAA0B,CAACD,IAAI;EAErD,IAAI,CAACA,IAAI,IAAI,CAACE,KAAK,CAACC,OAAO,CAACH,IAAI,CAACI,IAAI,CAAC,EAAE;IACtC,MAAM,IAAIC,KAAK,CAAC,gDAAgD,CAAC;EACnE;EAEA,OAAO;IACLD,IAAI,EAAEJ,IAAI,CAACI;EACb,CAAC;AACH,CAAC"}

package/lib/module/credential/presentation/05-verify-request-object.js DELETED Viewed

@@ -1,88 +0,0 @@
-import { decode as decodeJwt, verify } from "@pagopa/io-react-native-jwt";
-import { InvalidRequestObjectError } from "./errors";
-import { RequestObject } from "./types";
-import { getJwksFromConfig } from "./04-retrieve-rp-jwks";
-/**
- * Function to verify the Request Object's validity, from the signature to the required properties.
- * @param requestObjectEncodedJwt The Request Object in JWT format
- * @param context.clientId The client ID to verify
- * @param context.rpConf The Entity Configuration of the Relying Party
- * @param context.state Optional state
- * @returns The verified Request Object
- * @throws {InvalidRequestObjectError} if the Request Object cannot be validated
- */
-export const verifyRequestObject = async (requestObjectEncodedJwt, _ref) => {
-  let {
-    clientId,
-    rpConf,
-    rpSubject,
-    state
-  } = _ref;
-  const requestObjectJwt = decodeJwt(requestObjectEncodedJwt);
-  const pubKey = getSigPublicKey(rpConf, requestObjectJwt.protectedHeader.kid);
-  try {
-    // Standard claims are verified within `verify`
-    await verify(requestObjectEncodedJwt, pubKey, {
-      issuer: clientId
-    });
-  } catch (_) {
-    throw new InvalidRequestObjectError("The Request Object signature verification failed");
-  }
-  const requestObject = validateRequestObjectShape(requestObjectJwt.payload);
-  const isClientIdMatch = clientId === requestObject.client_id && clientId === rpSubject;
-  if (!isClientIdMatch) {
-    throw new InvalidRequestObjectError("Client ID does not match Request Object or Entity Configuration");
-  }
-  const isStateMatch = state && requestObject.state ? state === requestObject.state : true;
-  if (!isStateMatch) {
-    throw new InvalidRequestObjectError("The provided state does not match the Request Object's");
-  }
-  return {
-    requestObject
-  };
-};
-/**
- * Validate the shape of the Request Object to ensure all required properties are present and are of the expected type.
- *
- * @param payload The Request Object to validate
- * @returns A valid Request Object
- * @throws {InvalidRequestObjectError} when the Request Object cannot be parsed
- */
-const validateRequestObjectShape = payload => {
-  const requestObjectParse = RequestObject.safeParse(payload);
-  if (requestObjectParse.success) {
-    return requestObjectParse.data;
-  }
-  throw new InvalidRequestObjectError("The Request Object cannot be parsed successfully", formatFlattenedZodErrors(requestObjectParse.error.flatten()));
-};
-/**
- * Get the public key to verify the Request Object's signature from the Relying Party's EC.
- *
- * @param rpConf The Relying Party's EC
- * @param kid The identifier of the key to find
- * @returns The corresponding public key to verify the signature
- * @throws {InvalidRequestObjectError} when the key cannot be found
- */
-const getSigPublicKey = (rpConf, kid) => {
-  try {
-    const {
-      keys
-    } = getJwksFromConfig(rpConf);
-    const pubKey = keys.find(k => k.kid === kid);
-    if (!pubKey) throw new Error();
-    return pubKey;
-  } catch (_) {
-    throw new InvalidRequestObjectError(`The public key for signature verification (${kid}) cannot be found in the Entity Configuration`);
-  }
-};
-/**
- * Utility to format flattened Zod errors into a simplified string `key1: key1_error, key2: key2_error`
- */
-const formatFlattenedZodErrors = errors => Object.entries(errors.fieldErrors).map(_ref2 => {
-  let [key, error] = _ref2;
-  return `${key}: ${error[0]}`;
-}).join(", ");
-//# sourceMappingURL=05-verify-request-object.js.map

package/lib/module/credential/presentation/05-verify-request-object.js.map DELETED Viewed

@@ -1 +0,0 @@

- {"version":3,"names":["decode","decodeJwt","verify","InvalidRequestObjectError","RequestObject","getJwksFromConfig","verifyRequestObject","requestObjectEncodedJwt","_ref","clientId","rpConf","rpSubject","state","requestObjectJwt","pubKey","getSigPublicKey","protectedHeader","kid","issuer","_","requestObject","validateRequestObjectShape","payload","isClientIdMatch","client_id","isStateMatch","requestObjectParse","safeParse","success","data","formatFlattenedZodErrors","error","flatten","keys","find","k","Error","errors","Object","entries","fieldErrors","map","_ref2","key","join"],"sourceRoot":"../../../../src","sources":["credential/presentation/05-verify-request-object.ts"],"mappings":"AAAA,SAASA,MAAM,IAAIC,SAAS,EAAEC,MAAM,QAAQ,6BAA6B;AACzE,SAASC,yBAAyB,QAAQ,UAAU;AACpD,SAASC,aAAa,QAAQ,SAAS;AACvC,SAASC,iBAAiB,QAAQ,uBAAuB;AAazD;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,OAAO,MAAMC,mBAAwC,GAAG,MAAAA,CACtDC,uBAAuB,EAAAC,IAAA,KAEpB;EAAA,IADH;IAAEC,QAAQ;IAAEC,MAAM;IAAEC,SAAS;IAAEC;EAAM,CAAC,GAAAJ,IAAA;EAEtC,MAAMK,gBAAgB,GAAGZ,SAAS,CAACM,uBAAuB,CAAC;EAE3D,MAAMO,MAAM,GAAGC,eAAe,CAACL,MAAM,EAAEG,gBAAgB,CAACG,eAAe,CAACC,GAAG,CAAC;EAE5E,IAAI;IACF;IACA,MAAMf,MAAM,CAACK,uBAAuB,EAAEO,MAAM,EAAE;MAAEI,MAAM,EAAET;IAAS,CAAC,CAAC;EACrE,CAAC,CAAC,OAAOU,CAAC,EAAE;IACV,MAAM,IAAIhB,yBAAyB,CACjC,kDACF,CAAC;EACH;EAEA,MAAMiB,aAAa,GAAGC,0BAA0B,CAACR,gBAAgB,CAACS,OAAO,CAAC;EAE1E,MAAMC,eAAe,GACnBd,QAAQ,KAAKW,aAAa,CAACI,SAAS,IAAIf,QAAQ,KAAKE,SAAS;EAEhE,IAAI,CAACY,eAAe,EAAE;IACpB,MAAM,IAAIpB,yBAAyB,CACjC,iEACF,CAAC;EACH;EAEA,MAAMsB,YAAY,GAChBb,KAAK,IAAIQ,aAAa,CAACR,KAAK,GAAGA,KAAK,KAAKQ,aAAa,CAACR,KAAK,GAAG,IAAI;EAErE,IAAI,CAACa,YAAY,EAAE;IACjB,MAAM,IAAItB,yBAAyB,CACjC,wDACF,CAAC;EACH;EAEA,OAAO;IAAEiB;EAAc,CAAC;AAC1B,CAAC;;AAED;AACA;AACA;AACA;AACA;AACA;AACA;AACA,MAAMC,0BAA0B,GAAIC,OAAgB,IAAoB;EACtE,MAAMI,kBAAkB,GAAGtB,aAAa,CAACuB,SAAS,CAACL,OAAO,CAAC;EAE3D,IAAII,kBAAkB,CAACE,OAAO,EAAE;IAC9B,OAAOF,kBAAkB,CAACG,IAAI;EAChC;EAEA,MAAM,IAAI1B,yBAAyB,CACjC,kDAAkD,EAClD2B,wBAAwB,CAACJ,kBAAkB,CAACK,KAAK,CAACC,OAAO,CAAC,CAAC,CAC7D,CAAC;AACH,CAAC;;AAED;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,MAAMjB,eAAe,GAAGA,CACtBL,MAA8D,EAC9DO,GAAuB,KACpB;EACH,IAAI;IACF,MAAM;MAAEgB;IAAK,CAAC,GAAG5B,iBAAiB,CAACK,MAAM,CAAC;IAE1C,MAAMI,MAAM,GAAGmB,IAAI,CAACC,IAAI,CAAEC,CAAC,IAAKA,CAAC,CAAClB,GAAG,KAAKA,GAAG,CAAC;IAE9C,IAAI,CAACH,MAAM,EAAE,MAAM,IAAIsB,KAAK,CAAC,CAAC;IAE9B,OAAOtB,MAAM;EACf,CAAC,CAAC,OAAOK,CAAC,EAAE;IACV,MAAM,IAAIhB,yBAAyB,CAChC,8CAA6Cc,GAAI,+CACpD,CAAC;EACH;AACF,CAAC;;AAED;AACA;AACA;AACA,MAAMa,wBAAwB,GAC5BO,MAA+C,IAE/CC,MAAM,CAACC,OAAO,CAACF,MAAM,CAACG,WAAW,CAAC,CAC/BC,GAAG,CAACC,KAAA;EAAA,IAAC,CAACC,GAAG,EAAEZ,KAAK,CAAC,GAAAW,KAAA;EAAA,OAAM,GAAEC,GAAI,KAAIZ,KAAK,CAAC,CAAC,CAAE,EAAC;AAAA,EAAC,CAC5Ca,IAAI,CAAC,IAAI,CAAC"}

package/lib/module/credential/presentation/06-fetch-presentation-definition.js DELETED Viewed

@@ -1,32 +0,0 @@
-/**
- * Retrieves a PresentationDefinition based on the given parameters.
- *
- * The method attempts the following strategies in order:
- * 1. Checks if `presentation_definition` is directly available in the request object.
- * 2. Uses a pre-configured `presentation_definition` from the relying party configuration if the `scope` is present in the request object.
- *
- * If none of the above conditions are met, the function throws an error indicating the definition could not be found. Note that `presentation_definition_uri` is not supported in 0.9.x.
- *
- * @param {RequestObject} requestObject - The request object containing the presentation definition or references to it.
- * @param {RelyingPartyEntityConfiguration["payload"]["metadata"]} [rpConf] - Optional relying party configuration.
- * @returns {Promise<{ presentationDefinition: PresentationDefinition }>} - Resolves with the presentation definition.
- * @throws {Error} - Throws if the presentation definition cannot be found or fetched.
- */
-export const fetchPresentDefinition = async (requestObject, rpConf) => {
-  var _rpConf$openid_creden;
-  // Check if `presentation_definition` is directly available in the request object
-  if (requestObject.presentation_definition) {
-    return {
-      presentationDefinition: requestObject.presentation_definition
-    };
-  }
-  // Check if `scope` is present in the request object and a pre-configured presentation definition exists
-  if (requestObject.scope && rpConf !== null && rpConf !== void 0 && (_rpConf$openid_creden = rpConf.openid_credential_verifier) !== null && _rpConf$openid_creden !== void 0 && _rpConf$openid_creden.presentation_definition) {
-    return {
-      presentationDefinition: rpConf.openid_credential_verifier.presentation_definition
-    };
-  }
-  throw new Error("Presentation definition not found");
-};
-//# sourceMappingURL=06-fetch-presentation-definition.js.map

package/lib/module/credential/presentation/06-fetch-presentation-definition.js.map DELETED Viewed

@@ -1 +0,0 @@

- {"version":3,"names":["fetchPresentDefinition","requestObject","rpConf","_rpConf$openid_creden","presentation_definition","presentationDefinition","scope","openid_credential_verifier","Error"],"sourceRoot":"../../../../src","sources":["credential/presentation/06-fetch-presentation-definition.ts"],"mappings":"AAUA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,OAAO,MAAMA,sBAAmD,GAAG,MAAAA,CACjEC,aAAa,EACbC,MAAM,KACH;EAAA,IAAAC,qBAAA;EACH;EACA,IAAIF,aAAa,CAACG,uBAAuB,EAAE;IACzC,OAAO;MACLC,sBAAsB,EAAEJ,aAAa,CAACG;IACxC,CAAC;EACH;;EAEA;EACA,IACEH,aAAa,CAACK,KAAK,IACnBJ,MAAM,aAANA,MAAM,gBAAAC,qBAAA,GAAND,MAAM,CAAEK,0BAA0B,cAAAJ,qBAAA,eAAlCA,qBAAA,CAAoCC,uBAAuB,EAC3D;IACA,OAAO;MACLC,sBAAsB,EACpBH,MAAM,CAACK,0BAA0B,CAACH;IACtC,CAAC;EACH;EAEA,MAAM,IAAII,KAAK,CAAC,mCAAmC,CAAC;AACtD,CAAC"}

package/lib/module/credential/presentation/07-evaluate-dcql-query.js DELETED Viewed

@@ -1,148 +0,0 @@
-import { DcqlQuery, DcqlError } from "dcql";
-import { isValiError } from "valibot";
-import { decode, prepareVpToken } from "../../sd-jwt";
-import { LEGACY_SD_JWT } from "../../sd-jwt/types";
-import { CredentialsNotFoundError } from "./errors";
-/**
- * The purpose for the credential request by the RP.
- */
-/**
- * Convert a credential in JWT format to an object with claims
- * for correct parsing by the `dcql` library.
- */
-const mapCredentialToObject = jwt => {
-  const {
-    sdJwt,
-    disclosures
-  } = decode(jwt);
-  const credentialFormat = sdJwt.header.typ;
-  return {
-    vct: sdJwt.payload.vct,
-    credential_format: credentialFormat,
-    claims: disclosures.reduce((acc, disclosure) => ({
-      ...acc,
-      [disclosure.decoded[1]]: disclosure.decoded
-    }), {})
-  };
-};
-/**
- * Extract only successful matches from the DCQL query result.
- */
-const getDcqlQueryMatches = result => Object.entries(result.credential_matches).filter(_ref => {
-  let [, match] = _ref;
-  return match.success === true;
-});
-/**
- * Extract only failed matches from the DCQL query result.
- */
-const getDcqlQueryFailedMatches = result => Object.entries(result.credential_matches).filter(_ref2 => {
-  let [, match] = _ref2;
-  return match.success === false;
-});
-/**
- * Extract missing credentials from the DCQL query result.
- * Note: here we are assuming a failed match is a missing credential,
- * but there might be other reasons for its failure.
- */
-const extractMissingCredentials = (queryResult, originalQuery) => {
-  return getDcqlQueryFailedMatches(queryResult).map(_ref3 => {
-    var _credential$meta;
-    let [id] = _ref3;
-    const credential = originalQuery.credentials.find(c => c.id === id);
-    if ((credential === null || credential === void 0 ? void 0 : credential.format) !== "dc+sd-jwt" && (credential === null || credential === void 0 ? void 0 : credential.format) !== LEGACY_SD_JWT) {
-      throw new Error("Unsupported format"); // TODO [SIW-2082]: support MDOC credentials
-    }
-    return {
-      id,
-      vctValues: (_credential$meta = credential.meta) === null || _credential$meta === void 0 ? void 0 : _credential$meta.vct_values
-    };
-  });
-};
-export const evaluateDcqlQuery = (credentialsSdJwt, query) => {
-  const credentials = credentialsSdJwt.map(_ref4 => {
-    let [, credential] = _ref4;
-    return mapCredentialToObject(credential);
-  });
-  try {
-    // Validate the query
-    const parsedQuery = DcqlQuery.parse(query);
-    DcqlQuery.validate(parsedQuery);
-    const queryResult = DcqlQuery.query(parsedQuery, credentials);
-    if (!queryResult.canBeSatisfied) {
-      throw new CredentialsNotFoundError(extractMissingCredentials(queryResult, parsedQuery));
-    }
-    // Build an object vct:credentialJwt to map matched credentials to their JWT
-    const credentialsSdJwtByVct = credentials.reduce((acc, c, i) => ({
-      ...acc,
-      [c.vct]: credentialsSdJwt[i]
-    }), {});
-    return getDcqlQueryMatches(queryResult).map(_ref5 => {
-      var _queryResult$credenti;
-      let [id, match] = _ref5;
-      if (match.output.credential_format !== "dc+sd-jwt" && match.output.credential_format !== LEGACY_SD_JWT) {
-        throw new Error("Unsupported format"); // TODO [SIW-2082]: support MDOC credentials
-      }
-      const {
-        vct,
-        claims
-      } = match.output;
-      const purposes = (_queryResult$credenti = queryResult.credential_sets) === null || _queryResult$credenti === void 0 || (_queryResult$credenti = _queryResult$credenti.filter(set => {
-        var _set$matching_options;
-        return (_set$matching_options = set.matching_options) === null || _set$matching_options === void 0 ? void 0 : _set$matching_options.flat().includes(id);
-      })) === null || _queryResult$credenti === void 0 ? void 0 : _queryResult$credenti.map(credentialSet => {
-        var _credentialSet$purpos;
-        return {
-          description: (_credentialSet$purpos = credentialSet.purpose) === null || _credentialSet$purpos === void 0 ? void 0 : _credentialSet$purpos.toString(),
-          required: Boolean(credentialSet.required)
-        };
-      });
-      const [cryptoContext, credential] = credentialsSdJwtByVct[vct];
-      const requiredDisclosures = Object.values(claims);
-      return {
-        id,
-        vct,
-        cryptoContext,
-        credential,
-        requiredDisclosures,
-        // When it is a match but no credential_sets are found, the credential is required by default
-        // See https://openid.net/specs/openid-4-verifiable-presentations-1_0-24.html#section-6.3.1.2-2.1
-        purposes: purposes ?? [{
-          required: true
-        }]
-      };
-    });
-  } catch (error) {
-    // Invalid DCQL query structure. Remap to `DcqlError` for consistency.
-    if (isValiError(error)) {
-      throw new DcqlError({
-        message: "Failed to parse the provided DCQL query",
-        code: "PARSE_ERROR",
-        cause: error.issues
-      });
-    }
-    // Let other errors propagate so they can be caught with `err instanceof DcqlError`
-    throw error;
-  }
-};
-export const prepareRemotePresentations = async (credentials, nonce, clientId) => {
-  return Promise.all(credentials.map(async item => {
-    const {
-      vp_token
-    } = await prepareVpToken(nonce, clientId, [item.credential, item.requestedClaims, item.cryptoContext]);
-    return {
-      credentialId: item.id,
-      requestedClaims: item.requestedClaims,
-      vpToken: vp_token
-    };
-  }));
-};
-//# sourceMappingURL=07-evaluate-dcql-query.js.map

package/lib/module/credential/presentation/07-evaluate-dcql-query.js.map DELETED Viewed

@@ -1 +0,0 @@

- {"version":3,"names":["DcqlQuery","DcqlError","isValiError","decode","prepareVpToken","LEGACY_SD_JWT","CredentialsNotFoundError","mapCredentialToObject","jwt","sdJwt","disclosures","credentialFormat","header","typ","vct","payload","credential_format","claims","reduce","acc","disclosure","decoded","getDcqlQueryMatches","result","Object","entries","credential_matches","filter","_ref","match","success","getDcqlQueryFailedMatches","_ref2","extractMissingCredentials","queryResult","originalQuery","map","_ref3","_credential$meta","id","credential","credentials","find","c","format","Error","vctValues","meta","vct_values","evaluateDcqlQuery","credentialsSdJwt","query","_ref4","parsedQuery","parse","validate","canBeSatisfied","credentialsSdJwtByVct","i","_ref5","_queryResult$credenti","output","purposes","credential_sets","set","_set$matching_options","matching_options","flat","includes","credentialSet","_credentialSet$purpos","description","purpose","toString","required","Boolean","cryptoContext","requiredDisclosures","values","error","message","code","cause","issues","prepareRemotePresentations","nonce","clientId","Promise","all","item","vp_token","requestedClaims","credentialId","vpToken"],"sourceRoot":"../../../../src","sources":["credential/presentation/07-evaluate-dcql-query.ts"],"mappings":"AAAA,SAASA,SAAS,EAAEC,SAAS,QAAyB,MAAM;AAC5D,SAASC,WAAW,QAAQ,SAAS;AAErC,SAASC,MAAM,EAAEC,cAAc,QAAQ,cAAc;AACrD,SAASC,aAAa,QAAyB,oBAAoB;AAEnE,SAASC,wBAAwB,QAA6B,UAAU;;AAExE;AACA;AACA;;AAuCA;AACA;AACA;AACA;AACA,MAAMC,qBAAqB,GAAIC,GAAW,IAAK;EAC7C,MAAM;IAAEC,KAAK;IAAEC;EAAY,CAAC,GAAGP,MAAM,CAACK,GAAG,CAAC;EAC1C,MAAMG,gBAAgB,GAAGF,KAAK,CAACG,MAAM,CAACC,GAAG;EAEzC,OAAO;IACLC,GAAG,EAAEL,KAAK,CAACM,OAAO,CAACD,GAAG;IACtBE,iBAAiB,EAAEL,gBAAgB;IACnCM,MAAM,EAAEP,WAAW,CAACQ,MAAM,CACxB,CAACC,GAAG,EAAEC,UAAU,MAAM;MACpB,GAAGD,GAAG;MACN,CAACC,UAAU,CAACC,OAAO,CAAC,CAAC,CAAC,GAAGD,UAAU,CAACC;IACtC,CAAC,CAAC,EACF,CAAC,CACH;EACF,CAAC;AACH,CAAC;;AAED;AACA;AACA;AACA,MAAMC,mBAAmB,GAAIC,MAAuB,IAClDC,MAAM,CAACC,OAAO,CAACF,MAAM,CAACG,kBAAkB,CAAC,CAACC,MAAM,CAC9CC,IAAA;EAAA,IAAC,GAAGC,KAAK,CAAC,GAAAD,IAAA;EAAA,OAAKC,KAAK,CAACC,OAAO,KAAK,IAAI;AAAA,CACvC,CAAiC;;AAEnC;AACA;AACA;AACA,MAAMC,yBAAyB,GAAIR,MAAuB,IACxDC,MAAM,CAACC,OAAO,CAACF,MAAM,CAACG,kBAAkB,CAAC,CAACC,MAAM,CAC9CK,KAAA;EAAA,IAAC,GAAGH,KAAK,CAAC,GAAAG,KAAA;EAAA,OAAKH,KAAK,CAACC,OAAO,KAAK,KAAK;AAAA,CACxC,CAAiC;;AAEnC;AACA;AACA;AACA;AACA;AACA,MAAMG,yBAAyB,GAAGA,CAChCC,WAA4B,EAC5BC,aAAwB,KACH;EACrB,OAAOJ,yBAAyB,CAACG,WAAW,CAAC,CAACE,GAAG,CAACC,KAAA,IAAU;IAAA,IAAAC,gBAAA;IAAA,IAAT,CAACC,EAAE,CAAC,GAAAF,KAAA;IACrD,MAAMG,UAAU,GAAGL,aAAa,CAACM,WAAW,CAACC,IAAI,CAAEC,CAAC,IAAKA,CAAC,CAACJ,EAAE,KAAKA,EAAE,CAAC;IACrE,IACE,CAAAC,UAAU,aAAVA,UAAU,uBAAVA,UAAU,CAAEI,MAAM,MAAK,WAAW,IAClC,CAAAJ,UAAU,aAAVA,UAAU,uBAAVA,UAAU,CAAEI,MAAM,MAAKvC,aAAa,EACpC;MACA,MAAM,IAAIwC,KAAK,CAAC,oBAAoB,CAAC,CAAC,CAAC;IACzC;;IACA,OAAO;MAAEN,EAAE;MAAEO,SAAS,GAAAR,gBAAA,GAAEE,UAAU,CAACO,IAAI,cAAAT,gBAAA,uBAAfA,gBAAA,CAAiBU;IAAW,CAAC;EACvD,CAAC,CAAC;AACJ,CAAC;AAED,OAAO,MAAMC,iBAAoC,GAAGA,CAClDC,gBAAgB,EAChBC,KAAK,KACF;EACH,MAAMV,WAAW,GAAGS,gBAAgB,CAACd,GAAG,CAACgB,KAAA;IAAA,IAAC,GAAGZ,UAAU,CAAC,GAAAY,KAAA;IAAA,OACtD7C,qBAAqB,CAACiC,UAAU,CAAC;EAAA,CACnC,CAAC;EACD,IAAI;IACF;IACA,MAAMa,WAAW,GAAGrD,SAAS,CAACsD,KAAK,CAACH,KAAK,CAAC;IAC1CnD,SAAS,CAACuD,QAAQ,CAACF,WAAW,CAAC;IAE/B,MAAMnB,WAAW,GAAGlC,SAAS,CAACmD,KAAK,CAACE,WAAW,EAAEZ,WAAW,CAAC;IAE7D,IAAI,CAACP,WAAW,CAACsB,cAAc,EAAE;MAC/B,MAAM,IAAIlD,wBAAwB,CAChC2B,yBAAyB,CAACC,WAAW,EAAEmB,WAAW,CACpD,CAAC;IACH;;IAEA;IACA,MAAMI,qBAAqB,GAAGhB,WAAW,CAACvB,MAAM,CAC9C,CAACC,GAAG,EAAEwB,CAAC,EAAEe,CAAC,MAAM;MAAE,GAAGvC,GAAG;MAAE,CAACwB,CAAC,CAAC7B,GAAG,GAAGoC,gBAAgB,CAACQ,CAAC;IAAG,CAAC,CAAC,EAC1D,CAAC,CACH,CAAC;IAED,OAAOpC,mBAAmB,CAACY,WAAW,CAAC,CAACE,GAAG,CAACuB,KAAA,IAAiB;MAAA,IAAAC,qBAAA;MAAA,IAAhB,CAACrB,EAAE,EAAEV,KAAK,CAAC,GAAA8B,KAAA;MACtD,IACE9B,KAAK,CAACgC,MAAM,CAAC7C,iBAAiB,KAAK,WAAW,IAC9Ca,KAAK,CAACgC,MAAM,CAAC7C,iBAAiB,KAAKX,aAAa,EAChD;QACA,MAAM,IAAIwC,KAAK,CAAC,oBAAoB,CAAC,CAAC,CAAC;MACzC;;MACA,MAAM;QAAE/B,GAAG;QAAEG;MAAO,CAAC,GAAGY,KAAK,CAACgC,MAAM;MAEpC,MAAMC,QAAQ,IAAAF,qBAAA,GAAG1B,WAAW,CAAC6B,eAAe,cAAAH,qBAAA,gBAAAA,qBAAA,GAA3BA,qBAAA,CACbjC,MAAM,CAAEqC,GAAG;QAAA,IAAAC,qBAAA;QAAA,QAAAA,qBAAA,GAAKD,GAAG,CAACE,gBAAgB,cAAAD,qBAAA,uBAApBA,qBAAA,CAAsBE,IAAI,CAAC,CAAC,CAACC,QAAQ,CAAC7B,EAAE,CAAC;MAAA,EAAC,cAAAqB,qBAAA,uBAD7CA,qBAAA,CAEbxB,GAAG,CAAqBiC,aAAa;QAAA,IAAAC,qBAAA;QAAA,OAAM;UAC3CC,WAAW,GAAAD,qBAAA,GAAED,aAAa,CAACG,OAAO,cAAAF,qBAAA,uBAArBA,qBAAA,CAAuBG,QAAQ,CAAC,CAAC;UAC9CC,QAAQ,EAAEC,OAAO,CAACN,aAAa,CAACK,QAAQ;QAC1C,CAAC;MAAA,CAAC,CAAC;MAEL,MAAM,CAACE,aAAa,EAAEpC,UAAU,CAAC,GAAGiB,qBAAqB,CAAC3C,GAAG,CAAE;MAC/D,MAAM+D,mBAAmB,GAAGrD,MAAM,CAACsD,MAAM,CAAC7D,MAAM,CAAiB;MACjE,OAAO;QACLsB,EAAE;QACFzB,GAAG;QACH8D,aAAa;QACbpC,UAAU;QACVqC,mBAAmB;QACnB;QACA;QACAf,QAAQ,EAAEA,QAAQ,IAAI,CAAC;UAAEY,QAAQ,EAAE;QAAK,CAAC;MAC3C,CAAC;IACH,CAAC,CAAC;EACJ,CAAC,CAAC,OAAOK,KAAK,EAAE;IACd;IACA,IAAI7E,WAAW,CAAC6E,KAAK,CAAC,EAAE;MACtB,MAAM,IAAI9E,SAAS,CAAC;QAClB+E,OAAO,EAAE,yCAAyC;QAClDC,IAAI,EAAE,aAAa;QACnBC,KAAK,EAAEH,KAAK,CAACI;MACf,CAAC,CAAC;IACJ;;IAEA;IACA,MAAMJ,KAAK;EACb;AACF,CAAC;AAED,OAAO,MAAMK,0BAAsD,GAAG,MAAAA,CACpE3C,WAAW,EACX4C,KAAK,EACLC,QAAQ,KACL;EACH,OAAOC,OAAO,CAACC,GAAG,CAChB/C,WAAW,CAACL,GAAG,CAAC,MAAOqD,IAAI,IAAK;IAC9B,MAAM;MAAEC;IAAS,CAAC,GAAG,MAAMtF,cAAc,CAACiF,KAAK,EAAEC,QAAQ,EAAE,CACzDG,IAAI,CAACjD,UAAU,EACfiD,IAAI,CAACE,eAAe,EACpBF,IAAI,CAACb,aAAa,CACnB,CAAC;IAEF,OAAO;MACLgB,YAAY,EAAEH,IAAI,CAAClD,EAAE;MACrBoD,eAAe,EAAEF,IAAI,CAACE,eAAe;MACrCE,OAAO,EAAEH;IACX,CAAC;EACH,CAAC,CACH,CAAC;AACH,CAAC"}