npm - @pagopa/io-react-native-wallet - Versions diffs - 2.5.1 → 3.0.0 - Mend

@pagopa/io-react-native-wallet 2.5.1 → 3.0.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (1551) hide show

package/lib/commonjs/trust/common/build-chain.js ADDED Viewed

@@ -0,0 +1,118 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", {
+  value: true
+});
+exports.createBuildTrustChain = createBuildTrustChain;
+exports.createGatherTrustChain = createGatherTrustChain;
+var _errors = require("./errors");
+var _utils = require("./utils");
+/**
+ * Factory function to create `buildTrustChain`.
+ * @param config Version specific Entity shapes
+ * @returns `buildTrustChain` function compliant with the public API
+ */
+function createBuildTrustChain(config) {
+  return async function buildTrustChain(relyingPartyEntityBaseUrl, trustAnchorConfig) {
+    let appFetch = arguments.length > 2 && arguments[2] !== undefined ? arguments[2] : fetch;
+    // 1: Verify if the RP is authorized by the Trust Anchor's federation list
+    // Extract the Trust Anchor's signing key and federation_list_endpoint
+    // (we assume the TA has only one key, as per spec)
+    const trustAnchorKey = trustAnchorConfig.keys[0];
+    if (!trustAnchorKey) {
+      throw new _errors.BuildTrustChainError("Cannot verify trust anchor: missing signing key in entity configuration.");
+    }
+    const federationListEndpoint = trustAnchorConfig.federation_entity.federation_list_endpoint;
+    if (federationListEndpoint) {
+      const federationList = await (0, _utils.getFederationList)(federationListEndpoint, {
+        appFetch
+      });
+      if (!federationList.includes(relyingPartyEntityBaseUrl)) {
+        throw new _errors.RelyingPartyNotAuthorizedError("Relying Party entity base URL is not authorized by the Trust Anchor's federation list.", {
+          relyingPartyUrl: relyingPartyEntityBaseUrl,
+          federationListEndpoint
+        });
+      }
+    }
+    const gatherTrustChain = createGatherTrustChain(config);
+    // 1: Recursively gather the trust chain from the RP up to the Trust Anchor
+    const trustChain = await gatherTrustChain(relyingPartyEntityBaseUrl, appFetch);
+    // 2: Trust Anchor signature verification
+    const chainTrustAnchorJwt = trustChain[trustChain.length - 1];
+    if (!chainTrustAnchorJwt) {
+      throw new _errors.BuildTrustChainError("Cannot verify trust anchor: missing entity configuration in gathered chain.", {
+        relyingPartyUrl: relyingPartyEntityBaseUrl
+      });
+    }
+    if (!trustAnchorKey.kid) {
+      throw new _errors.TrustAnchorKidMissingError();
+    }
+    await (0, _utils.verify)(chainTrustAnchorJwt, trustAnchorKey.kid, [trustAnchorKey]);
+    return trustChain;
+  };
+}
+/**
+ * Factory function to create `gatherTrustChain`.
+ * @param config Version specific Entity shapes
+ * @returns `gatherTrustChain` function.
+ */
+function createGatherTrustChain(_ref) {
+  let {
+    EntityConfigurationShape,
+    EntityStatementShape
+  } = _ref;
+  return async function gatherTrustChain(entityBaseUrl, appFetch) {
+    let isLeaf = arguments.length > 2 && arguments[2] !== undefined ? arguments[2] : true;
+    const chain = [];
+    // Fetch self-signed EC (only needed for the leaf)
+    const entityECJwt = await (0, _utils.getSignedEntityConfiguration)(entityBaseUrl, {
+      appFetch
+    });
+    const entityEC = EntityConfigurationShape.parse((0, _utils.decode)(entityECJwt));
+    if (isLeaf) {
+      // Only push EC for the leaf
+      chain.push(entityECJwt);
+    }
+    // Find authority_hints (parent, if any)
+    const authorityHints = entityEC.payload.authority_hints ?? [];
+    if (authorityHints.length === 0) {
+      // This is the Trust Anchor (no parent)
+      if (!isLeaf) {
+        chain.push(entityECJwt);
+      }
+      return chain;
+    }
+    const parentEntityBaseUrl = authorityHints[0];
+    // Fetch parent EC
+    const parentECJwt = await (0, _utils.getSignedEntityConfiguration)(parentEntityBaseUrl, {
+      appFetch
+    });
+    const parentEC = EntityConfigurationShape.parse((0, _utils.decode)(parentECJwt));
+    // Fetch ES
+    const federationFetchEndpoint = parentEC.payload.metadata.federation_entity.federation_fetch_endpoint;
+    if (!federationFetchEndpoint) {
+      throw new _errors.MissingFederationFetchEndpointError(`Missing federation_fetch_endpoint in parent's (${parentEntityBaseUrl}) configuration when gathering chain for ${entityBaseUrl}.`, {
+        entityBaseUrl,
+        missingInEntityUrl: parentEntityBaseUrl
+      });
+    }
+    const entityStatementJwt = await (0, _utils.getSignedEntityStatement)(federationFetchEndpoint, entityBaseUrl, {
+      appFetch
+    });
+    // Validate the ES
+    EntityStatementShape.parse((0, _utils.decode)(entityStatementJwt));
+    // Push this ES into the chain
+    chain.push(entityStatementJwt);
+    // Recurse into the parent
+    const parentChain = await gatherTrustChain(parentEntityBaseUrl, appFetch, false);
+    return chain.concat(parentChain);
+  };
+}
+//# sourceMappingURL=build-chain.js.map

package/lib/commonjs/trust/common/build-chain.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"names":["_errors","require","_utils","createBuildTrustChain","config","buildTrustChain","relyingPartyEntityBaseUrl","trustAnchorConfig","appFetch","arguments","length","undefined","fetch","trustAnchorKey","keys","BuildTrustChainError","federationListEndpoint","federation_entity","federation_list_endpoint","federationList","getFederationList","includes","RelyingPartyNotAuthorizedError","relyingPartyUrl","gatherTrustChain","createGatherTrustChain","trustChain","chainTrustAnchorJwt","kid","TrustAnchorKidMissingError","verify","_ref","EntityConfigurationShape","EntityStatementShape","entityBaseUrl","isLeaf","chain","entityECJwt","getSignedEntityConfiguration","entityEC","parse","decode","push","authorityHints","payload","authority_hints","parentEntityBaseUrl","parentECJwt","parentEC","federationFetchEndpoint","metadata","federation_fetch_endpoint","MissingFederationFetchEndpointError","missingInEntityUrl","entityStatementJwt","getSignedEntityStatement","parentChain","concat"],"sourceRoot":"../../../../src","sources":["trust/common/build-chain.ts"],"mappings":";;;;;;;AAAA,IAAAA,OAAA,GAAAC,OAAA;AAMA,IAAAC,MAAA,GAAAD,OAAA;AAgBA;AACA;AACA;AACA;AACA;AACO,SAASE,qBAAqBA,CACnCC,MAAqB,EACQ;EAC7B,OAAO,eAAeC,eAAeA,CACnCC,yBAAyB,EACzBC,iBAAiB,EAEjB;IAAA,IADAC,QAAQ,GAAAC,SAAA,CAAAC,MAAA,QAAAD,SAAA,QAAAE,SAAA,GAAAF,SAAA,MAAGG,KAAK;IAEhB;IACA;IACA;IACA,MAAMC,cAAc,GAAGN,iBAAiB,CAACO,IAAI,CAAC,CAAC,CAAC;IAEhD,IAAI,CAACD,cAAc,EAAE;MACnB,MAAM,IAAIE,4BAAoB,CAC5B,0EACF,CAAC;IACH;IAEA,MAAMC,sBAAsB,GAC1BT,iBAAiB,CAACU,iBAAiB,CAACC,wBAAwB;IAE9D,IAAIF,sBAAsB,EAAE;MAC1B,MAAMG,cAAc,GAAG,MAAM,IAAAC,wBAAiB,EAACJ,sBAAsB,EAAE;QACrER;MACF,CAAC,CAAC;MAEF,IAAI,CAACW,cAAc,CAACE,QAAQ,CAACf,yBAAyB,CAAC,EAAE;QACvD,MAAM,IAAIgB,sCAA8B,CACtC,wFAAwF,EACxF;UAAEC,eAAe,EAAEjB,yBAAyB;UAAEU;QAAuB,CACvE,CAAC;MACH;IACF;IAEA,MAAMQ,gBAAgB,GAAGC,sBAAsB,CAACrB,MAAM,CAAC;;IAEvD;IACA,MAAMsB,UAAU,GAAG,MAAMF,gBAAgB,CACvClB,yBAAyB,EACzBE,QACF,CAAC;IACD;IACA,MAAMmB,mBAAmB,GAAGD,UAAU,CAACA,UAAU,CAAChB,MAAM,GAAG,CAAC,CAAC;IAC7D,IAAI,CAACiB,mBAAmB,EAAE;MACxB,MAAM,IAAIZ,4BAAoB,CAC5B,6EAA6E,EAC7E;QAAEQ,eAAe,EAAEjB;MAA0B,CAC/C,CAAC;IACH;IAEA,IAAI,CAACO,cAAc,CAACe,GAAG,EAAE;MACvB,MAAM,IAAIC,kCAA0B,CAAC,CAAC;IACxC;IAEA,MAAM,IAAAC,aAAM,EAACH,mBAAmB,EAAEd,cAAc,CAACe,GAAG,EAAE,CAACf,cAAc,CAAC,CAAC;IAEvE,OAAOa,UAAU;EACnB,CAAC;AACH;;AAEA;AACA;AACA;AACA;AACA;AACO,SAASD,sBAAsBA,CAAAM,IAAA,EAGpB;EAAA,IAHqB;IACrCC,wBAAwB;IACxBC;EACa,CAAC,GAAAF,IAAA;EACd,OAAO,eAAeP,gBAAgBA,CACpCU,aAAqB,EACrB1B,QAA8B,EAEX;IAAA,IADnB2B,MAAe,GAAA1B,SAAA,CAAAC,MAAA,QAAAD,SAAA,QAAAE,SAAA,GAAAF,SAAA,MAAG,IAAI;IAEtB,MAAM2B,KAAe,GAAG,EAAE;;IAE1B;IACA,MAAMC,WAAW,GAAG,MAAM,IAAAC,mCAA4B,EAACJ,aAAa,EAAE;MACpE1B;IACF,CAAC,CAAC;IACF,MAAM+B,QAAQ,GAAGP,wBAAwB,CAACQ,KAAK,CAAC,IAAAC,aAAM,EAACJ,WAAW,CAAC,CAAC;IACpE,IAAIF,MAAM,EAAE;MACV;MACAC,KAAK,CAACM,IAAI,CAACL,WAAW,CAAC;IACzB;;IAEA;IACA,MAAMM,cAAc,GAAGJ,QAAQ,CAACK,OAAO,CAACC,eAAe,IAAI,EAAE;IAC7D,IAAIF,cAAc,CAACjC,MAAM,KAAK,CAAC,EAAE;MAC/B;MACA,IAAI,CAACyB,MAAM,EAAE;QACXC,KAAK,CAACM,IAAI,CAACL,WAAW,CAAC;MACzB;MACA,OAAOD,KAAK;IACd;IACA,MAAMU,mBAAmB,GAAGH,cAAc,CAAC,CAAC,CAAE;;IAE9C;IACA,MAAMI,WAAW,GAAG,MAAM,IAAAT,mCAA4B,EACpDQ,mBAAmB,EACnB;MAAEtC;IAAS,CACb,CAAC;IACD,MAAMwC,QAAQ,GAAGhB,wBAAwB,CAACQ,KAAK,CAAC,IAAAC,aAAM,EAACM,WAAW,CAAC,CAAC;IACpE;IACA,MAAME,uBAAuB,GAC3BD,QAAQ,CAACJ,OAAO,CAACM,QAAQ,CAACjC,iBAAiB,CAACkC,yBAAyB;IACvE,IAAI,CAACF,uBAAuB,EAAE;MAC5B,MAAM,IAAIG,2CAAmC,CAC1C,kDAAiDN,mBAAoB,4CAA2CZ,aAAc,GAAE,EACjI;QAAEA,aAAa;QAAEmB,kBAAkB,EAAEP;MAAoB,CAC3D,CAAC;IACH;IACA,MAAMQ,kBAAkB,GAAG,MAAM,IAAAC,+BAAwB,EACvDN,uBAAuB,EACvBf,aAAa,EACb;MAAE1B;IAAS,CACb,CAAC;IACD;IACAyB,oBAAoB,CAACO,KAAK,CAAC,IAAAC,aAAM,EAACa,kBAAkB,CAAC,CAAC;;IAEtD;IACAlB,KAAK,CAACM,IAAI,CAACY,kBAAkB,CAAC;;IAE9B;IACA,MAAME,WAAW,GAAG,MAAMhC,gBAAgB,CACxCsB,mBAAmB,EACnBtC,QAAQ,EACR,KACF,CAAC;IAED,OAAO4B,KAAK,CAACqB,MAAM,CAACD,WAAW,CAAC;EAClC,CAAC;AACH"}

package/lib/commonjs/trust/common/errors.js ADDED Viewed

@@ -0,0 +1,134 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", {
+  value: true
+});
+exports.X509ValidationError = exports.TrustChainTokenMissingError = exports.TrustChainRenewalError = exports.TrustChainEmptyError = exports.TrustAnchorKidMissingError = exports.RelyingPartyNotAuthorizedError = exports.MissingX509CertsError = exports.MissingFederationFetchEndpointError = exports.FederationListParseError = exports.FederationError = exports.BuildTrustChainError = void 0;
+var _errors = require("../../utils/errors");
+// Ensure this path is correct
+/**
+ * Base class for all federation-specific errors.
+ */
+class FederationError extends _errors.IoWalletError {
+  constructor(message, details) {
+    super(details ? (0, _errors.serializeAttrs)({
+      message,
+      ...details
+    }) : message);
+    this.name = this.constructor.name;
+    this.details = details;
+  }
+}
+/**
+ * Error thrown when a trust chain is unexpectedly empty.
+ */
+exports.FederationError = FederationError;
+class TrustChainEmptyError extends FederationError {
+  code = "ERR_FED_TRUST_CHAIN_EMPTY";
+  constructor() {
+    let message = arguments.length > 0 && arguments[0] !== undefined ? arguments[0] : "Trust chain cannot be empty.";
+    super(message, undefined);
+  }
+}
+/**
+ * Error thrown when a token is unexpectedly missing from a trust chain during processing.
+ */
+exports.TrustChainEmptyError = TrustChainEmptyError;
+class TrustChainTokenMissingError extends FederationError {
+  code = "ERR_FED_TRUST_CHAIN_TOKEN_MISSING";
+  constructor(message, details) {
+    super(message, details);
+  }
+}
+/**
+ * Error thrown when renewing a trust chain fails.
+ * This class itself might be used or could be considered a more general renewal error.
+ */
+exports.TrustChainTokenMissingError = TrustChainTokenMissingError;
+class TrustChainRenewalError extends FederationError {
+  code = "ERR_FED_TRUST_CHAIN_RENEWAL_FAILED";
+  constructor(message, details) {
+    super(message, details);
+  }
+}
+exports.TrustChainRenewalError = TrustChainRenewalError;
+class FederationListParseError extends FederationError {
+  code = "ERR_FED_FEDERATION_LIST_PARSE_FAILED";
+  constructor(message, details) {
+    super(message, details);
+  }
+}
+/**
+ * General error thrown during the trust chain building process.
+ */
+exports.FederationListParseError = FederationListParseError;
+class BuildTrustChainError extends FederationError {
+  code = "ERR_FED_BUILD_TRUST_CHAIN_FAILED";
+  constructor(message, details) {
+    super(message, details);
+  }
+}
+/**
+ * Error thrown when the Trust Anchor's key is missing a 'kid'.
+ */
+exports.BuildTrustChainError = BuildTrustChainError;
+class TrustAnchorKidMissingError extends FederationError {
+  code = "ERR_FED_TRUST_ANCHOR_KID_MISSING";
+  constructor() {
+    let message = arguments.length > 0 && arguments[0] !== undefined ? arguments[0] : "Missing 'kid' in provided Trust Anchor key.";
+    super(message, undefined);
+  }
+}
+/**
+ * Error thrown if the Relying Party is not found in the Trust Anchor's federation list.
+ */
+exports.TrustAnchorKidMissingError = TrustAnchorKidMissingError;
+class RelyingPartyNotAuthorizedError extends FederationError {
+  code = "ERR_FED_RELYING_PARTY_NOT_AUTHORIZED";
+  constructor(message, details) {
+    super(message, details);
+  }
+}
+/**
+ * Error thrown when a 'federation_fetch_endpoint' is missing in an entity's configuration.
+ */
+exports.RelyingPartyNotAuthorizedError = RelyingPartyNotAuthorizedError;
+class MissingFederationFetchEndpointError extends FederationError {
+  code = "ERR_FED_MISSING_FEDERATION_FETCH_ENDPOINT";
+  constructor(message, details) {
+    super(message, details);
+  }
+}
+/**
+ * Error thrown when the X.509 certificate chain is missing in an entity's configuration.
+ */
+exports.MissingFederationFetchEndpointError = MissingFederationFetchEndpointError;
+class MissingX509CertsError extends FederationError {
+  code = "ERR_FED_MISSING_X509_CERTS";
+  constructor(message) {
+    super(message, undefined);
+  }
+}
+/**
+ * Error thrown when an X.509 certificate validation fails.
+ * This is used to indicate issues with the certificate chain or signature verification.
+ */
+exports.MissingX509CertsError = MissingX509CertsError;
+class X509ValidationError extends FederationError {
+  code = "ERR_FED_X509_VALIDATION_FAILED";
+  constructor(message, details) {
+    super(message, details);
+  }
+}
+exports.X509ValidationError = X509ValidationError;
+//# sourceMappingURL=errors.js.map

package/lib/commonjs/trust/common/errors.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"names":["_errors","require","FederationError","IoWalletError","constructor","message","details","serializeAttrs","name","exports","TrustChainEmptyError","code","arguments","length","undefined","TrustChainTokenMissingError","TrustChainRenewalError","FederationListParseError","BuildTrustChainError","TrustAnchorKidMissingError","RelyingPartyNotAuthorizedError","MissingFederationFetchEndpointError","MissingX509CertsError","X509ValidationError"],"sourceRoot":"../../../../src","sources":["trust/common/errors.ts"],"mappings":";;;;;;AAAA,IAAAA,OAAA,GAAAC,OAAA;AACmF;;AAEnF;AACA;AACA;AACO,MAAMC,eAAe,SAASC,qBAAa,CAAC;EAEjDC,WAAWA,CAACC,OAAe,EAAEC,OAAiC,EAAE;IAC9D,KAAK,CAACA,OAAO,GAAG,IAAAC,sBAAc,EAAC;MAAEF,OAAO;MAAE,GAAGC;IAAQ,CAAC,CAAC,GAAGD,OAAO,CAAC;IAClE,IAAI,CAACG,IAAI,GAAG,IAAI,CAACJ,WAAW,CAACI,IAAI;IACjC,IAAI,CAACF,OAAO,GAAGA,OAAO;EACxB;AACF;;AAEA;AACA;AACA;AAFAG,OAAA,CAAAP,eAAA,GAAAA,eAAA;AAGO,MAAMQ,oBAAoB,SAASR,eAAe,CAAC;EACxDS,IAAI,GAAG,2BAA2B;EAClCP,WAAWA,CAAA,EAA2C;IAAA,IAA1CC,OAAO,GAAAO,SAAA,CAAAC,MAAA,QAAAD,SAAA,QAAAE,SAAA,GAAAF,SAAA,MAAG,8BAA8B;IAClD,KAAK,CAACP,OAAO,EAAES,SAAS,CAAC;EAC3B;AACF;;AAEA;AACA;AACA;AAFAL,OAAA,CAAAC,oBAAA,GAAAA,oBAAA;AAGO,MAAMK,2BAA2B,SAASb,eAAe,CAAC;EAC/DS,IAAI,GAAG,mCAAmC;EAC1CP,WAAWA,CAACC,OAAe,EAAEC,OAA4B,EAAE;IACzD,KAAK,CAACD,OAAO,EAAEC,OAAO,CAAC;EACzB;AACF;;AAEA;AACA;AACA;AACA;AAHAG,OAAA,CAAAM,2BAAA,GAAAA,2BAAA;AAIO,MAAMC,sBAAsB,SAASd,eAAe,CAAC;EAC1DS,IAAI,GAAG,oCAAoC;EAC3CP,WAAWA,CACTC,OAAe,EACfC,OAA8D,EAC9D;IACA,KAAK,CAACD,OAAO,EAAEC,OAAO,CAAC;EACzB;AACF;AAACG,OAAA,CAAAO,sBAAA,GAAAA,sBAAA;AAEM,MAAMC,wBAAwB,SAASf,eAAe,CAAC;EAC5DS,IAAI,GAAG,sCAAsC;EAC7CP,WAAWA,CAACC,OAAe,EAAEC,OAA6C,EAAE;IAC1E,KAAK,CAACD,OAAO,EAAEC,OAAO,CAAC;EACzB;AACF;;AAEA;AACA;AACA;AAFAG,OAAA,CAAAQ,wBAAA,GAAAA,wBAAA;AAGO,MAAMC,oBAAoB,SAAShB,eAAe,CAAC;EACxDS,IAAI,GAAG,kCAAkC;EACzCP,WAAWA,CACTC,OAAe,EACfC,OAIC,EACD;IACA,KAAK,CAACD,OAAO,EAAEC,OAAO,CAAC;EACzB;AACF;;AAEA;AACA;AACA;AAFAG,OAAA,CAAAS,oBAAA,GAAAA,oBAAA;AAGO,MAAMC,0BAA0B,SAASjB,eAAe,CAAC;EAC9DS,IAAI,GAAG,kCAAkC;EACzCP,WAAWA,CAAA,EAA0D;IAAA,IAAzDC,OAAO,GAAAO,SAAA,CAAAC,MAAA,QAAAD,SAAA,QAAAE,SAAA,GAAAF,SAAA,MAAG,6CAA6C;IACjE,KAAK,CAACP,OAAO,EAAES,SAAS,CAAC;EAC3B;AACF;;AAEA;AACA;AACA;AAFAL,OAAA,CAAAU,0BAAA,GAAAA,0BAAA;AAGO,MAAMC,8BAA8B,SAASlB,eAAe,CAAC;EAClES,IAAI,GAAG,sCAAsC;EAC7CP,WAAWA,CACTC,OAAe,EACfC,OAAqE,EACrE;IACA,KAAK,CAACD,OAAO,EAAEC,OAAO,CAAC;EACzB;AACF;;AAEA;AACA;AACA;AAFAG,OAAA,CAAAW,8BAAA,GAAAA,8BAAA;AAGO,MAAMC,mCAAmC,SAASnB,eAAe,CAAC;EACvES,IAAI,GAAG,2CAA2C;EAClDP,WAAWA,CACTC,OAAe,EACfC,OAA8D,EAC9D;IACA,KAAK,CAACD,OAAO,EAAEC,OAAO,CAAC;EACzB;AACF;;AAEA;AACA;AACA;AAFAG,OAAA,CAAAY,mCAAA,GAAAA,mCAAA;AAGO,MAAMC,qBAAqB,SAASpB,eAAe,CAAC;EACzDS,IAAI,GAAG,4BAA4B;EACnCP,WAAWA,CAACC,OAAe,EAAE;IAC3B,KAAK,CAACA,OAAO,EAAES,SAAS,CAAC;EAC3B;AACF;;AAEA;AACA;AACA;AACA;AAHAL,OAAA,CAAAa,qBAAA,GAAAA,qBAAA;AAIO,MAAMC,mBAAmB,SAASrB,eAAe,CAAC;EACvDS,IAAI,GAAG,gCAAgC;EACvCP,WAAWA,CACTC,OAAe,EACfC,OAMC,EACD;IACA,KAAK,CAACD,OAAO,EAAEC,OAAO,CAAC;EACzB;AACF;AAACG,OAAA,CAAAc,mBAAA,GAAAA,mBAAA"}

package/lib/commonjs/trust/common/types.js ADDED Viewed

@@ -0,0 +1,82 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", {
+  value: true
+});
+exports.TrustMark = exports.FederationListResponse = exports.FederationEntityMetadata = exports.EntityStatement = exports.EntityConfigurationHeader = exports.BaseEntityConfiguration = void 0;
+var z = _interopRequireWildcard(require("zod"));
+var _jwk = require("../../utils/jwk");
+var _zod2 = require("../../utils/zod");
+function _getRequireWildcardCache(nodeInterop) { if (typeof WeakMap !== "function") return null; var cacheBabelInterop = new WeakMap(); var cacheNodeInterop = new WeakMap(); return (_getRequireWildcardCache = function (nodeInterop) { return nodeInterop ? cacheNodeInterop : cacheBabelInterop; })(nodeInterop); }
+function _interopRequireWildcard(obj, nodeInterop) { if (!nodeInterop && obj && obj.__esModule) { return obj; } if (obj === null || typeof obj !== "object" && typeof obj !== "function") { return { default: obj }; } var cache = _getRequireWildcardCache(nodeInterop); if (cache && cache.has(obj)) { return cache.get(obj); } var newObj = {}; var hasPropertyDescriptor = Object.defineProperty && Object.getOwnPropertyDescriptor; for (var key in obj) { if (key !== "default" && Object.prototype.hasOwnProperty.call(obj, key)) { var desc = hasPropertyDescriptor ? Object.getOwnPropertyDescriptor(obj, key) : null; if (desc && (desc.get || desc.set)) { Object.defineProperty(newObj, key, desc); } else { newObj[key] = obj[key]; } } } newObj.default = obj; if (cache) { cache.set(obj, newObj); } return newObj; }
+const TrustMark = z.object({
+  id: z.string(),
+  trust_mark: z.string()
+});
+exports.TrustMark = TrustMark;
+const EntityStatement = z.object({
+  header: z.object({
+    typ: z.literal("entity-statement+jwt"),
+    alg: z.string(),
+    kid: z.string()
+  }),
+  payload: z.object({
+    iss: z.string(),
+    sub: z.string(),
+    jwks: z.object({
+      keys: z.array(_jwk.JWK)
+    }),
+    trust_marks: z.array(TrustMark).optional(),
+    iat: z.number(),
+    exp: z.number()
+  })
+});
+exports.EntityStatement = EntityStatement;
+const EntityConfigurationHeader = z.object({
+  typ: z.literal("entity-statement+jwt"),
+  alg: z.string(),
+  kid: z.string()
+});
+/**
+ * @see https://openid.net/specs/openid-federation-1_0-46.html
+ */
+exports.EntityConfigurationHeader = EntityConfigurationHeader;
+const FederationEntityMetadata = z.object({
+  federation_fetch_endpoint: z.string().optional(),
+  federation_list_endpoint: z.string().optional(),
+  federation_resolve_endpoint: z.string().optional(),
+  federation_trust_mark_status_endpoint: z.string().optional(),
+  federation_trust_mark_list_endpoint: z.string().optional(),
+  federation_trust_mark_endpoint: z.string().optional(),
+  federation_historical_keys_endpoint: z.string().optional(),
+  endpoint_auth_signing_alg_values_supported: z.string().optional(),
+  organization_name: z.string().optional(),
+  homepage_uri: z.string().optional(),
+  policy_uri: z.string().optional(),
+  logo_uri: z.string().optional(),
+  contacts: z.array(z.string()).optional()
+}).passthrough();
+// Structure common to every Entity Configuration document
+exports.FederationEntityMetadata = FederationEntityMetadata;
+const BaseEntityConfiguration = z.object({
+  header: EntityConfigurationHeader,
+  payload: z.object({
+    iss: z.string(),
+    sub: z.string(),
+    iat: _zod2.UnixTime,
+    exp: _zod2.UnixTime,
+    authority_hints: z.array(z.string()).optional(),
+    metadata: z.object({
+      federation_entity: FederationEntityMetadata
+    }).passthrough(),
+    jwks: z.object({
+      keys: z.array(_jwk.JWK)
+    })
+  }).passthrough()
+});
+exports.BaseEntityConfiguration = BaseEntityConfiguration;
+const FederationListResponse = z.array(z.string());
+exports.FederationListResponse = FederationListResponse;
+//# sourceMappingURL=types.js.map

package/lib/commonjs/trust/common/types.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"names":["z","_interopRequireWildcard","require","_jwk","_zod2","_getRequireWildcardCache","nodeInterop","WeakMap","cacheBabelInterop","cacheNodeInterop","obj","__esModule","default","cache","has","get","newObj","hasPropertyDescriptor","Object","defineProperty","getOwnPropertyDescriptor","key","prototype","hasOwnProperty","call","desc","set","TrustMark","object","id","string","trust_mark","exports","EntityStatement","header","typ","literal","alg","kid","payload","iss","sub","jwks","keys","array","JWK","trust_marks","optional","iat","number","exp","EntityConfigurationHeader","FederationEntityMetadata","federation_fetch_endpoint","federation_list_endpoint","federation_resolve_endpoint","federation_trust_mark_status_endpoint","federation_trust_mark_list_endpoint","federation_trust_mark_endpoint","federation_historical_keys_endpoint","endpoint_auth_signing_alg_values_supported","organization_name","homepage_uri","policy_uri","logo_uri","contacts","passthrough","BaseEntityConfiguration","UnixTime","authority_hints","metadata","federation_entity","FederationListResponse"],"sourceRoot":"../../../../src","sources":["trust/common/types.ts"],"mappings":";;;;;;AAAA,IAAAA,CAAA,GAAAC,uBAAA,CAAAC,OAAA;AACA,IAAAC,IAAA,GAAAD,OAAA;AACA,IAAAE,KAAA,GAAAF,OAAA;AAA2C,SAAAG,yBAAAC,WAAA,eAAAC,OAAA,kCAAAC,iBAAA,OAAAD,OAAA,QAAAE,gBAAA,OAAAF,OAAA,YAAAF,wBAAA,YAAAA,CAAAC,WAAA,WAAAA,WAAA,GAAAG,gBAAA,GAAAD,iBAAA,KAAAF,WAAA;AAAA,SAAAL,wBAAAS,GAAA,EAAAJ,WAAA,SAAAA,WAAA,IAAAI,GAAA,IAAAA,GAAA,CAAAC,UAAA,WAAAD,GAAA,QAAAA,GAAA,oBAAAA,GAAA,wBAAAA,GAAA,4BAAAE,OAAA,EAAAF,GAAA,UAAAG,KAAA,GAAAR,wBAAA,CAAAC,WAAA,OAAAO,KAAA,IAAAA,KAAA,CAAAC,GAAA,CAAAJ,GAAA,YAAAG,KAAA,CAAAE,GAAA,CAAAL,GAAA,SAAAM,MAAA,WAAAC,qBAAA,GAAAC,MAAA,CAAAC,cAAA,IAAAD,MAAA,CAAAE,wBAAA,WAAAC,GAAA,IAAAX,GAAA,QAAAW,GAAA,kBAAAH,MAAA,CAAAI,SAAA,CAAAC,cAAA,CAAAC,IAAA,CAAAd,GAAA,EAAAW,GAAA,SAAAI,IAAA,GAAAR,qBAAA,GAAAC,MAAA,CAAAE,wBAAA,CAAAV,GAAA,EAAAW,GAAA,cAAAI,IAAA,KAAAA,IAAA,CAAAV,GAAA,IAAAU,IAAA,CAAAC,GAAA,KAAAR,MAAA,CAAAC,cAAA,CAAAH,MAAA,EAAAK,GAAA,EAAAI,IAAA,YAAAT,MAAA,CAAAK,GAAA,IAAAX,GAAA,CAAAW,GAAA,SAAAL,MAAA,CAAAJ,OAAA,GAAAF,GAAA,MAAAG,KAAA,IAAAA,KAAA,CAAAa,GAAA,CAAAhB,GAAA,EAAAM,MAAA,YAAAA,MAAA;AAEpC,MAAMW,SAAS,GAAG3B,CAAC,CAAC4B,MAAM,CAAC;EAAEC,EAAE,EAAE7B,CAAC,CAAC8B,MAAM,CAAC,CAAC;EAAEC,UAAU,EAAE/B,CAAC,CAAC8B,MAAM,CAAC;AAAE,CAAC,CAAC;AAACE,OAAA,CAAAL,SAAA,GAAAA,SAAA;AAIvE,MAAMM,eAAe,GAAGjC,CAAC,CAAC4B,MAAM,CAAC;EACtCM,MAAM,EAAElC,CAAC,CAAC4B,MAAM,CAAC;IACfO,GAAG,EAAEnC,CAAC,CAACoC,OAAO,CAAC,sBAAsB,CAAC;IACtCC,GAAG,EAAErC,CAAC,CAAC8B,MAAM,CAAC,CAAC;IACfQ,GAAG,EAAEtC,CAAC,CAAC8B,MAAM,CAAC;EAChB,CAAC,CAAC;EACFS,OAAO,EAAEvC,CAAC,CAAC4B,MAAM,CAAC;IAChBY,GAAG,EAAExC,CAAC,CAAC8B,MAAM,CAAC,CAAC;IACfW,GAAG,EAAEzC,CAAC,CAAC8B,MAAM,CAAC,CAAC;IACfY,IAAI,EAAE1C,CAAC,CAAC4B,MAAM,CAAC;MAAEe,IAAI,EAAE3C,CAAC,CAAC4C,KAAK,CAACC,QAAG;IAAE,CAAC,CAAC;IACtCC,WAAW,EAAE9C,CAAC,CAAC4C,KAAK,CAACjB,SAAS,CAAC,CAACoB,QAAQ,CAAC,CAAC;IAC1CC,GAAG,EAAEhD,CAAC,CAACiD,MAAM,CAAC,CAAC;IACfC,GAAG,EAAElD,CAAC,CAACiD,MAAM,CAAC;EAChB,CAAC;AACH,CAAC,CAAC;AAACjB,OAAA,CAAAC,eAAA,GAAAA,eAAA;AAKI,MAAMkB,yBAAyB,GAAGnD,CAAC,CAAC4B,MAAM,CAAC;EAChDO,GAAG,EAAEnC,CAAC,CAACoC,OAAO,CAAC,sBAAsB,CAAC;EACtCC,GAAG,EAAErC,CAAC,CAAC8B,MAAM,CAAC,CAAC;EACfQ,GAAG,EAAEtC,CAAC,CAAC8B,MAAM,CAAC;AAChB,CAAC,CAAC;;AAEF;AACA;AACA;AAFAE,OAAA,CAAAmB,yBAAA,GAAAA,yBAAA;AAGO,MAAMC,wBAAwB,GAAGpD,CAAC,CACtC4B,MAAM,CAAC;EACNyB,yBAAyB,EAAErD,CAAC,CAAC8B,MAAM,CAAC,CAAC,CAACiB,QAAQ,CAAC,CAAC;EAChDO,wBAAwB,EAAEtD,CAAC,CAAC8B,MAAM,CAAC,CAAC,CAACiB,QAAQ,CAAC,CAAC;EAC/CQ,2BAA2B,EAAEvD,CAAC,CAAC8B,MAAM,CAAC,CAAC,CAACiB,QAAQ,CAAC,CAAC;EAClDS,qCAAqC,EAAExD,CAAC,CAAC8B,MAAM,CAAC,CAAC,CAACiB,QAAQ,CAAC,CAAC;EAC5DU,mCAAmC,EAAEzD,CAAC,CAAC8B,MAAM,CAAC,CAAC,CAACiB,QAAQ,CAAC,CAAC;EAC1DW,8BAA8B,EAAE1D,CAAC,CAAC8B,MAAM,CAAC,CAAC,CAACiB,QAAQ,CAAC,CAAC;EACrDY,mCAAmC,EAAE3D,CAAC,CAAC8B,MAAM,CAAC,CAAC,CAACiB,QAAQ,CAAC,CAAC;EAC1Da,0CAA0C,EAAE5D,CAAC,CAAC8B,MAAM,CAAC,CAAC,CAACiB,QAAQ,CAAC,CAAC;EACjEc,iBAAiB,EAAE7D,CAAC,CAAC8B,MAAM,CAAC,CAAC,CAACiB,QAAQ,CAAC,CAAC;EACxCe,YAAY,EAAE9D,CAAC,CAAC8B,MAAM,CAAC,CAAC,CAACiB,QAAQ,CAAC,CAAC;EACnCgB,UAAU,EAAE/D,CAAC,CAAC8B,MAAM,CAAC,CAAC,CAACiB,QAAQ,CAAC,CAAC;EACjCiB,QAAQ,EAAEhE,CAAC,CAAC8B,MAAM,CAAC,CAAC,CAACiB,QAAQ,CAAC,CAAC;EAC/BkB,QAAQ,EAAEjE,CAAC,CAAC4C,KAAK,CAAC5C,CAAC,CAAC8B,MAAM,CAAC,CAAC,CAAC,CAACiB,QAAQ,CAAC;AACzC,CAAC,CAAC,CACDmB,WAAW,CAAC,CAAC;;AAEhB;AAAAlC,OAAA,CAAAoB,wBAAA,GAAAA,wBAAA;AAEO,MAAMe,uBAAuB,GAAGnE,CAAC,CAAC4B,MAAM,CAAC;EAC9CM,MAAM,EAAEiB,yBAAyB;EACjCZ,OAAO,EAAEvC,CAAC,CACP4B,MAAM,CAAC;IACNY,GAAG,EAAExC,CAAC,CAAC8B,MAAM,CAAC,CAAC;IACfW,GAAG,EAAEzC,CAAC,CAAC8B,MAAM,CAAC,CAAC;IACfkB,GAAG,EAAEoB,cAAQ;IACblB,GAAG,EAAEkB,cAAQ;IACbC,eAAe,EAAErE,CAAC,CAAC4C,KAAK,CAAC5C,CAAC,CAAC8B,MAAM,CAAC,CAAC,CAAC,CAACiB,QAAQ,CAAC,CAAC;IAC/CuB,QAAQ,EAAEtE,CAAC,CACR4B,MAAM,CAAC;MACN2C,iBAAiB,EAAEnB;IACrB,CAAC,CAAC,CACDc,WAAW,CAAC,CAAC;IAChBxB,IAAI,EAAE1C,CAAC,CAAC4B,MAAM,CAAC;MACbe,IAAI,EAAE3C,CAAC,CAAC4C,KAAK,CAACC,QAAG;IACnB,CAAC;EACH,CAAC,CAAC,CACDqB,WAAW,CAAC;AACjB,CAAC,CAAC;AAAClC,OAAA,CAAAmC,uBAAA,GAAAA,uBAAA;AAEI,MAAMK,sBAAsB,GAAGxE,CAAC,CAAC4C,KAAK,CAAC5C,CAAC,CAAC8B,MAAM,CAAC,CAAC,CAAC;AAACE,OAAA,CAAAwC,sBAAA,GAAAA,sBAAA"}

package/lib/commonjs/trust/common/utils.js ADDED Viewed

@@ -0,0 +1,139 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", {
+  value: true
+});
+exports.decode = void 0;
+exports.getFederationList = getFederationList;
+exports.getSignedEntityConfiguration = getSignedEntityConfiguration;
+exports.getSignedEntityStatement = getSignedEntityStatement;
+exports.getTrustAnchorX509Certificate = getTrustAnchorX509Certificate;
+exports.verify = void 0;
+var _ioReactNativeJwt = require("@pagopa/io-react-native-jwt");
+var _misc = require("../../utils/misc");
+var _errors = require("./errors");
+var _types = require("./types");
+// Verify a token signature
+// The kid is extracted from the token header
+const verify = async (token, kid, jwks) => {
+  const jwk = jwks.find(k => k.kid === kid);
+  if (!jwk) {
+    throw new Error(`Invalid kid: ${kid}, token: ${token}`);
+  }
+  const {
+    protectedHeader: header,
+    payload
+  } = await (0, _ioReactNativeJwt.verify)(token, jwk);
+  return {
+    header,
+    payload
+  };
+};
+/**
+ * Return type for this function is necessary to avoid an issue during the bob build process.
+ * It seems like typescript can't correctly infer the return type of the function.
+ */
+exports.verify = verify;
+const decode = token => {
+  const {
+    protectedHeader: header,
+    payload
+  } = (0, _ioReactNativeJwt.decode)(token);
+  return {
+    header,
+    payload
+  };
+};
+/**
+ * Extracts the X.509 Trust Anchor certificate (Base64 encoded) from the
+ * Trust Anchor's Entity Configuration.
+ *
+ * @param trustAnchorEntity The entity configuration of the known trust anchor.
+ * @returns The Base64 encoded X.509 certificate string.
+ * @throws {FederationError} If the certificate cannot be derived.
+ */
+exports.decode = decode;
+function getTrustAnchorX509Certificate(trustAnchorEntity) {
+  const taHeaderKid = trustAnchorEntity.jwt.header.kid;
+  const taSigningJwk = trustAnchorEntity.keys.find(key => key.kid === taHeaderKid);
+  if (!taSigningJwk) {
+    throw new _errors.FederationError(`Cannot derive X.509 Trust Anchor certificate: JWK with kid '${taHeaderKid}' not found in Trust Anchor's JWKS.`, {
+      trustAnchorKid: taHeaderKid,
+      reason: "JWK not found for header kid"
+    });
+  }
+  if (taSigningJwk.x5c && taSigningJwk.x5c.length > 0 && taSigningJwk.x5c[0]) {
+    return taSigningJwk.x5c[0];
+  }
+  throw new _errors.FederationError(`Cannot derive X.509 Trust Anchor certificate: JWK with kid '${taHeaderKid}' does not contain a valid 'x5c' certificate array.`, {
+    trustAnchorKid: taHeaderKid,
+    reason: "Missing or empty x5c in JWK"
+  });
+}
+/**
+ * Fetch the signed entity configuration token for an entity
+ *
+ * @param entityBaseUrl The url of the entity to fetch
+ * @param appFetch (optional) fetch api implementation
+ * @returns The signed Entity Configuration token
+ */
+async function getSignedEntityConfiguration(entityBaseUrl) {
+  let {
+    appFetch = fetch
+  } = arguments.length > 1 && arguments[1] !== undefined ? arguments[1] : {};
+  const wellKnownUrl = `${entityBaseUrl}/.well-known/openid-federation`;
+  return await appFetch(wellKnownUrl, {
+    method: "GET"
+  }).then((0, _misc.hasStatusOrThrow)(200)).then(res => res.text());
+}
+/**
+ * Fetch the entity statement document for a given federation entity.
+ *
+ * @param federationFetchEndpoint The exact endpoint provided by the parent EC's metadata.
+ * @param subordinatedEntityBaseUrl The url that identifies the subordinate entity.
+ * @param appFetch An optional instance of the http client to be used.
+ * @returns The signed entity statement token.
+ * @throws {IoWalletError} If the http request fails.
+ */
+async function getSignedEntityStatement(federationFetchEndpoint, subordinatedEntityBaseUrl) {
+  let {
+    appFetch = fetch
+  } = arguments.length > 2 && arguments[2] !== undefined ? arguments[2] : {};
+  const url = new URL(federationFetchEndpoint);
+  url.searchParams.set("sub", subordinatedEntityBaseUrl);
+  return await appFetch(url.toString(), {
+    method: "GET"
+  }).then((0, _misc.hasStatusOrThrow)(200)).then(res => res.text());
+}
+/**
+ * Fetch the federation list document from a given endpoint.
+ *
+ * @param federationListEndpoint The URL of the federation list endpoint.
+ * @param appFetch An optional instance of the http client to be used.
+ * @returns The federation list as an array of strings.
+ * @throws {IoWalletError} If the HTTP request fails.
+ * @throws {FederationError} If the result is not in the expected format.
+ */
+async function getFederationList(federationListEndpoint) {
+  let {
+    appFetch = fetch
+  } = arguments.length > 1 && arguments[1] !== undefined ? arguments[1] : {};
+  return await appFetch(federationListEndpoint, {
+    method: "GET"
+  }).then((0, _misc.hasStatusOrThrow)(200)).then(res => res.json()).then(json => {
+    const result = _types.FederationListResponse.safeParse(json);
+    if (!result.success) {
+      throw new _errors.FederationListParseError(`Invalid federation list format received from ${federationListEndpoint}. Error: ${result.error.message}`, {
+        url: federationListEndpoint,
+        parseError: result.error.toString()
+      });
+    }
+    return result.data;
+  });
+}
+//# sourceMappingURL=utils.js.map

package/lib/commonjs/trust/common/utils.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"names":["_ioReactNativeJwt","require","_misc","_errors","_types","verify","token","kid","jwks","jwk","find","k","Error","protectedHeader","header","payload","verifyJwt","exports","decode","decodeJwt","getTrustAnchorX509Certificate","trustAnchorEntity","taHeaderKid","jwt","taSigningJwk","keys","key","FederationError","trustAnchorKid","reason","x5c","length","getSignedEntityConfiguration","entityBaseUrl","appFetch","fetch","arguments","undefined","wellKnownUrl","method","then","hasStatusOrThrow","res","text","getSignedEntityStatement","federationFetchEndpoint","subordinatedEntityBaseUrl","url","URL","searchParams","set","toString","getFederationList","federationListEndpoint","json","result","FederationListResponse","safeParse","success","FederationListParseError","error","message","parseError","data"],"sourceRoot":"../../../../src","sources":["trust/common/utils.ts"],"mappings":";;;;;;;;;;;AAAA,IAAAA,iBAAA,GAAAC,OAAA;AAKA,IAAAC,KAAA,GAAAD,OAAA;AAEA,IAAAE,OAAA,GAAAF,OAAA;AAEA,IAAAG,MAAA,GAAAH,OAAA;AAWA;AACA;AACO,MAAMI,MAAM,GAAG,MAAAA,CACpBC,KAAa,EACbC,GAAW,EACXC,IAAW,KACc;EACzB,MAAMC,GAAG,GAAGD,IAAI,CAACE,IAAI,CAAEC,CAAC,IAAKA,CAAC,CAACJ,GAAG,KAAKA,GAAG,CAAC;EAC3C,IAAI,CAACE,GAAG,EAAE;IACR,MAAM,IAAIG,KAAK,CAAE,gBAAeL,GAAI,YAAWD,KAAM,EAAC,CAAC;EACzD;EACA,MAAM;IAAEO,eAAe,EAAEC,MAAM;IAAEC;EAAQ,CAAC,GAAG,MAAM,IAAAC,wBAAS,EAACV,KAAK,EAAEG,GAAG,CAAC;EACxE,OAAO;IAAEK,MAAM;IAAEC;EAAQ,CAAC;AAC5B,CAAC;;AAED;AACA;AACA;AACA;AAHAE,OAAA,CAAAZ,MAAA,GAAAA,MAAA;AAIO,MAAMa,MAAM,GAAIZ,KAAa,IAAkB;EACpD,MAAM;IAAEO,eAAe,EAAEC,MAAM;IAAEC;EAAQ,CAAC,GAAG,IAAAI,wBAAS,EAACb,KAAK,CAAC;EAC7D,OAAO;IAAEQ,MAAM;IAAEC;EAAQ,CAAC;AAC5B,CAAC;;AAED;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AAPAE,OAAA,CAAAC,MAAA,GAAAA,MAAA;AAQO,SAASE,6BAA6BA,CAC3CC,iBAAoC,EAC5B;EACR,MAAMC,WAAW,GAAGD,iBAAiB,CAACE,GAAG,CAACT,MAAM,CAACP,GAAG;EACpD,MAAMiB,YAAY,GAAGH,iBAAiB,CAACI,IAAI,CAACf,IAAI,CAC7CgB,GAAG,IAAKA,GAAG,CAACnB,GAAG,KAAKe,WACvB,CAAC;EAED,IAAI,CAACE,YAAY,EAAE;IACjB,MAAM,IAAIG,uBAAe,CACtB,+DAA8DL,WAAY,qCAAoC,EAC/G;MAAEM,cAAc,EAAEN,WAAW;MAAEO,MAAM,EAAE;IAA+B,CACxE,CAAC;EACH;EAEA,IAAIL,YAAY,CAACM,GAAG,IAAIN,YAAY,CAACM,GAAG,CAACC,MAAM,GAAG,CAAC,IAAIP,YAAY,CAACM,GAAG,CAAC,CAAC,CAAC,EAAE;IAC1E,OAAON,YAAY,CAACM,GAAG,CAAC,CAAC,CAAC;EAC5B;EAEA,MAAM,IAAIH,uBAAe,CACtB,+DAA8DL,WAAY,qDAAoD,EAC/H;IAAEM,cAAc,EAAEN,WAAW;IAAEO,MAAM,EAAE;EAA8B,CACvE,CAAC;AACH;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACO,eAAeG,4BAA4BA,CAChDC,aAAqB,EAEJ;EAAA,IADjB;IAAEC,QAAQ,GAAGC;EAAoB,CAAC,GAAAC,SAAA,CAAAL,MAAA,QAAAK,SAAA,QAAAC,SAAA,GAAAD,SAAA,MAAG,CAAC,CAAC;EAEvC,MAAME,YAAY,GAAI,GAAEL,aAAc,gCAA+B;EAErE,OAAO,MAAMC,QAAQ,CAACI,YAAY,EAAE;IAClCC,MAAM,EAAE;EACV,CAAC,CAAC,CACCC,IAAI,CAAC,IAAAC,sBAAgB,EAAC,GAAG,CAAC,CAAC,CAC3BD,IAAI,CAAEE,GAAG,IAAKA,GAAG,CAACC,IAAI,CAAC,CAAC,CAAC;AAC9B;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACO,eAAeC,wBAAwBA,CAC5CC,uBAA+B,EAC/BC,yBAAiC,EAEjC;EAAA,IADA;IAAEZ,QAAQ,GAAGC;EAAoB,CAAC,GAAAC,SAAA,CAAAL,MAAA,QAAAK,SAAA,QAAAC,SAAA,GAAAD,SAAA,MAAG,CAAC,CAAC;EAEvC,MAAMW,GAAG,GAAG,IAAIC,GAAG,CAACH,uBAAuB,CAAC;EAC5CE,GAAG,CAACE,YAAY,CAACC,GAAG,CAAC,KAAK,EAAEJ,yBAAyB,CAAC;EAEtD,OAAO,MAAMZ,QAAQ,CAACa,GAAG,CAACI,QAAQ,CAAC,CAAC,EAAE;IACpCZ,MAAM,EAAE;EACV,CAAC,CAAC,CACCC,IAAI,CAAC,IAAAC,sBAAgB,EAAC,GAAG,CAAC,CAAC,CAC3BD,IAAI,CAAEE,GAAG,IAAKA,GAAG,CAACC,IAAI,CAAC,CAAC,CAAC;AAC9B;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACO,eAAeS,iBAAiBA,CACrCC,sBAA8B,EAEX;EAAA,IADnB;IAAEnB,QAAQ,GAAGC;EAAoB,CAAC,GAAAC,SAAA,CAAAL,MAAA,QAAAK,SAAA,QAAAC,SAAA,GAAAD,SAAA,MAAG,CAAC,CAAC;EAEvC,OAAO,MAAMF,QAAQ,CAACmB,sBAAsB,EAAE;IAC5Cd,MAAM,EAAE;EACV,CAAC,CAAC,CACCC,IAAI,CAAC,IAAAC,sBAAgB,EAAC,GAAG,CAAC,CAAC,CAC3BD,IAAI,CAAEE,GAAG,IAAKA,GAAG,CAACY,IAAI,CAAC,CAAC,CAAC,CACzBd,IAAI,CAAEc,IAAI,IAAK;IACd,MAAMC,MAAM,GAAGC,6BAAsB,CAACC,SAAS,CAACH,IAAI,CAAC;IACrD,IAAI,CAACC,MAAM,CAACG,OAAO,EAAE;MACnB,MAAM,IAAIC,gCAAwB,CAC/B,gDAA+CN,sBAAuB,YAAWE,MAAM,CAACK,KAAK,CAACC,OAAQ,EAAC,EACxG;QAAEd,GAAG,EAAEM,sBAAsB;QAAES,UAAU,EAAEP,MAAM,CAACK,KAAK,CAACT,QAAQ,CAAC;MAAE,CACrE,CAAC;IACH;IACA,OAAOI,MAAM,CAACQ,IAAI;EACpB,CAAC,CAAC;AACN"}