@pagopa/io-react-native-wallet 3.1.2 → 3.3.0

package/lib/module/credential/presentation/v1.0.0/05-verify-request-object.js

@@ -1,6 +1,7 @@
 import { decode as decodeJwt, verify } from "@pagopa/io-react-native-jwt";
+import { IoWalletError } from "../../../utils/errors";
 import { InvalidRequestObjectError } from "../common/errors";
-import { RequestObjectPayload } from "./types";
+import { RawRequestObject } from "./types";
 import { mapToRequestObject } from "./mappers";
 import { getJwksFromRpConfig } from "./utils.jwks";
 export const verifyRequestObject = async (requestObjectEncodedJwt, _ref) => {
@@ -9,6 +10,9 @@ export const verifyRequestObject = async (requestObjectEncodedJwt, _ref) => {
     rpConf,
     state
   } = _ref;
+  if (!rpConf) {
+    throw new IoWalletError("Relying Party Configuration is required for OpenID Federation clients");
+  }
   const requestObjectJwt = decodeJwt(requestObjectEncodedJwt);
   const pubKey = getSigPublicKey(rpConf, requestObjectJwt.protectedHeader.kid);
   try {
@@ -19,17 +23,19 @@ export const verifyRequestObject = async (requestObjectEncodedJwt, _ref) => {
   } catch (_) {
     throw new InvalidRequestObjectError("The Request Object signature verification failed");
   }
-  const requestObject = validateRequestObjectShape(requestObjectJwt.payload);
-  const isClientIdMatch = clientId === requestObject.client_id && clientId === rpConf.subject;
+  const rawRequestObject = validateRequestObjectShape({
+    header: requestObjectJwt.protectedHeader,
+    payload: requestObjectJwt.payload
+  });
+  const isClientIdMatch = clientId === rawRequestObject.payload.client_id && clientId === rpConf.subject;
   if (!isClientIdMatch) {
     throw new InvalidRequestObjectError("Client ID does not match Request Object or Entity Configuration");
   }
-  const isStateMatch = state ? state === requestObject.state : true;
-  if (!isStateMatch) {
+  if (state && state !== rawRequestObject.payload.state) {
     throw new InvalidRequestObjectError("The provided state does not match the Request Object's");
   }
   return {
-    requestObject: mapToRequestObject(requestObject)
+    requestObject: mapToRequestObject(rawRequestObject)
   };
 };
 
@@ -41,7 +47,7 @@ export const verifyRequestObject = async (requestObjectEncodedJwt, _ref) => {
  * @throws {InvalidRequestObjectError} when the Request Object cannot be parsed
  */
 const validateRequestObjectShape = payload => {
-  const requestObjectParse = RequestObjectPayload.safeParse(payload);
+  const requestObjectParse = RawRequestObject.safeParse(payload);
   if (requestObjectParse.success) {
     return requestObjectParse.data;
   }

package/lib/module/credential/presentation/v1.0.0/05-verify-request-object.js.map

@@ -1 +1 @@
-{"version":3,"names":["decode","decodeJwt","verify","InvalidRequestObjectError","RequestObjectPayload","mapToRequestObject","getJwksFromRpConfig","verifyRequestObject","requestObjectEncodedJwt","_ref","clientId","rpConf","state","requestObjectJwt","pubKey","getSigPublicKey","protectedHeader","kid","issuer","_","requestObject","validateRequestObjectShape","payload","isClientIdMatch","client_id","subject","isStateMatch","requestObjectParse","safeParse","success","data","formatFlattenedZodErrors","error","flatten","keys","find","k","Error","errors","Object","entries","fieldErrors","map","_ref2","key","join"],"sourceRoot":"../../../../../src","sources":["credential/presentation/v1.0.0/05-verify-request-object.ts"],"mappings":"AAAA,SAASA,MAAM,IAAIC,SAAS,EAAEC,MAAM,QAAQ,6BAA6B;AAGzE,SAASC,yBAAyB,QAAQ,kBAAkB;AAC5D,SAASC,oBAAoB,QAAQ,SAAS;AAC9C,SAASC,kBAAkB,QAAQ,WAAW;AAC9C,SAASC,mBAAmB,QAAQ,cAAc;AAElD,OAAO,MAAMC,mBAAiE,GAC5E,MAAAA,CAAOC,uBAAuB,EAAAC,IAAA,KAAkC;EAAA,IAAhC;IAAEC,QAAQ;IAAEC,MAAM;IAAEC;EAAM,CAAC,GAAAH,IAAA;EACzD,MAAMI,gBAAgB,GAAGZ,SAAS,CAACO,uBAAuB,CAAC;EAE3D,MAAMM,MAAM,GAAGC,eAAe,CAC5BJ,MAAM,EACNE,gBAAgB,CAACG,eAAe,CAACC,GACnC,CAAC;EAED,IAAI;IACF;IACA,MAAMf,MAAM,CAACM,uBAAuB,EAAEM,MAAM,EAAE;MAAEI,MAAM,EAAER;IAAS,CAAC,CAAC;EACrE,CAAC,CAAC,OAAOS,CAAC,EAAE;IACV,MAAM,IAAIhB,yBAAyB,CACjC,kDACF,CAAC;EACH;EAEA,MAAMiB,aAAa,GAAGC,0BAA0B,CAACR,gBAAgB,CAACS,OAAO,CAAC;EAE1E,MAAMC,eAAe,GACnBb,QAAQ,KAAKU,aAAa,CAACI,SAAS,IAAId,QAAQ,KAAKC,MAAM,CAACc,OAAO;EAErE,IAAI,CAACF,eAAe,EAAE;IACpB,MAAM,IAAIpB,yBAAyB,CACjC,iEACF,CAAC;EACH;EAEA,MAAMuB,YAAY,GAAGd,KAAK,GAAGA,KAAK,KAAKQ,aAAa,CAACR,KAAK,GAAG,IAAI;EAEjE,IAAI,CAACc,YAAY,EAAE;IACjB,MAAM,IAAIvB,yBAAyB,CACjC,wDACF,CAAC;EACH;EAEA,OAAO;IAAEiB,aAAa,EAAEf,kBAAkB,CAACe,aAAa;EAAE,CAAC;AAC7D,CAAC;;AAEH;AACA;AACA;AACA;AACA;AACA;AACA;AACA,MAAMC,0BAA0B,GAAIC,OAAgB,IAA2B;EAC7E,MAAMK,kBAAkB,GAAGvB,oBAAoB,CAACwB,SAAS,CAACN,OAAO,CAAC;EAElE,IAAIK,kBAAkB,CAACE,OAAO,EAAE;IAC9B,OAAOF,kBAAkB,CAACG,IAAI;EAChC;EAEA,MAAM,IAAI3B,yBAAyB,CACjC,kDAAkD,EAClD4B,wBAAwB,CAACJ,kBAAkB,CAACK,KAAK,CAACC,OAAO,CAAC,CAAC,CAC7D,CAAC;AACH,CAAC;;AAED;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,MAAMlB,eAAe,GAAGA,CACtBJ,MAA0B,EAC1BM,GAAuB,KACpB;EACH,IAAI;IACF,MAAM;MAAEiB;IAAK,CAAC,GAAG5B,mBAAmB,CAACK,MAAM,CAAC;IAE5C,MAAMG,MAAM,GAAGoB,IAAI,CAACC,IAAI,CAAEC,CAAC,IAAKA,CAAC,CAACnB,GAAG,KAAKA,GAAG,CAAC;IAE9C,IAAI,CAACH,MAAM,EAAE,MAAM,IAAIuB,KAAK,CAAC,CAAC;IAE9B,OAAOvB,MAAM;EACf,CAAC,CAAC,OAAOK,CAAC,EAAE;IACV,MAAM,IAAIhB,yBAAyB,CAChC,8CAA6Cc,GAAI,+CACpD,CAAC;EACH;AACF,CAAC;;AAED;AACA;AACA;AACA,MAAMc,wBAAwB,GAC5BO,MAAuD,IAEvDC,MAAM,CAACC,OAAO,CAACF,MAAM,CAACG,WAAW,CAAC,CAC/BC,GAAG,CAACC,KAAA;EAAA,IAAC,CAACC,GAAG,EAAEZ,KAAK,CAAC,GAAAW,KAAA;EAAA,OAAM,GAAEC,GAAI,KAAIZ,KAAK,CAAC,CAAC,CAAE,EAAC;AAAA,EAAC,CAC5Ca,IAAI,CAAC,IAAI,CAAC"}
+{"version":3,"names":["decode","decodeJwt","verify","IoWalletError","InvalidRequestObjectError","RawRequestObject","mapToRequestObject","getJwksFromRpConfig","verifyRequestObject","requestObjectEncodedJwt","_ref","clientId","rpConf","state","requestObjectJwt","pubKey","getSigPublicKey","protectedHeader","kid","issuer","_","rawRequestObject","validateRequestObjectShape","header","payload","isClientIdMatch","client_id","subject","requestObject","requestObjectParse","safeParse","success","data","formatFlattenedZodErrors","error","flatten","keys","find","k","Error","errors","Object","entries","fieldErrors","map","_ref2","key","join"],"sourceRoot":"../../../../../src","sources":["credential/presentation/v1.0.0/05-verify-request-object.ts"],"mappings":"AAAA,SAASA,MAAM,IAAIC,SAAS,EAAEC,MAAM,QAAQ,6BAA6B;AAGzE,SAASC,aAAa,QAAQ,uBAAuB;AACrD,SAASC,yBAAyB,QAAQ,kBAAkB;AAC5D,SAASC,gBAAgB,QAAQ,SAAS;AAC1C,SAASC,kBAAkB,QAAQ,WAAW;AAC9C,SAASC,mBAAmB,QAAQ,cAAc;AAElD,OAAO,MAAMC,mBAAiE,GAC5E,MAAAA,CAAOC,uBAAuB,EAAAC,IAAA,KAAkC;EAAA,IAAhC;IAAEC,QAAQ;IAAEC,MAAM;IAAEC;EAAM,CAAC,GAAAH,IAAA;EACzD,IAAI,CAACE,MAAM,EAAE;IACX,MAAM,IAAIT,aAAa,CACrB,uEACF,CAAC;EACH;EAEA,MAAMW,gBAAgB,GAAGb,SAAS,CAACQ,uBAAuB,CAAC;EAE3D,MAAMM,MAAM,GAAGC,eAAe,CAC5BJ,MAAM,EACNE,gBAAgB,CAACG,eAAe,CAACC,GACnC,CAAC;EAED,IAAI;IACF;IACA,MAAMhB,MAAM,CAACO,uBAAuB,EAAEM,MAAM,EAAE;MAAEI,MAAM,EAAER;IAAS,CAAC,CAAC;EACrE,CAAC,CAAC,OAAOS,CAAC,EAAE;IACV,MAAM,IAAIhB,yBAAyB,CACjC,kDACF,CAAC;EACH;EAEA,MAAMiB,gBAAgB,GAAGC,0BAA0B,CAAC;IAClDC,MAAM,EAAET,gBAAgB,CAACG,eAAe;IACxCO,OAAO,EAAEV,gBAAgB,CAACU;EAC5B,CAAC,CAAC;EAEF,MAAMC,eAAe,GACnBd,QAAQ,KAAKU,gBAAgB,CAACG,OAAO,CAACE,SAAS,IAC/Cf,QAAQ,KAAKC,MAAM,CAACe,OAAO;EAE7B,IAAI,CAACF,eAAe,EAAE;IACpB,MAAM,IAAIrB,yBAAyB,CACjC,iEACF,CAAC;EACH;EAEA,IAAIS,KAAK,IAAIA,KAAK,KAAKQ,gBAAgB,CAACG,OAAO,CAACX,KAAK,EAAE;IACrD,MAAM,IAAIT,yBAAyB,CACjC,wDACF,CAAC;EACH;EAEA,OAAO;IACLwB,aAAa,EAAEtB,kBAAkB,CAACe,gBAAgB;EACpD,CAAC;AACH,CAAC;;AAEH;AACA;AACA;AACA;AACA;AACA;AACA;AACA,MAAMC,0BAA0B,GAAIE,OAAgB,IAAuB;EACzE,MAAMK,kBAAkB,GAAGxB,gBAAgB,CAACyB,SAAS,CAACN,OAAO,CAAC;EAE9D,IAAIK,kBAAkB,CAACE,OAAO,EAAE;IAC9B,OAAOF,kBAAkB,CAACG,IAAI;EAChC;EAEA,MAAM,IAAI5B,yBAAyB,CACjC,kDAAkD,EAClD6B,wBAAwB,CAACJ,kBAAkB,CAACK,KAAK,CAACC,OAAO,CAAC,CAAC,CAC7D,CAAC;AACH,CAAC;;AAED;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,MAAMnB,eAAe,GAAGA,CACtBJ,MAA0B,EAC1BM,GAAuB,KACpB;EACH,IAAI;IACF,MAAM;MAAEkB;IAAK,CAAC,GAAG7B,mBAAmB,CAACK,MAAM,CAAC;IAE5C,MAAMG,MAAM,GAAGqB,IAAI,CAACC,IAAI,CAAEC,CAAC,IAAKA,CAAC,CAACpB,GAAG,KAAKA,GAAG,CAAC;IAE9C,IAAI,CAACH,MAAM,EAAE,MAAM,IAAIwB,KAAK,CAAC,CAAC;IAE9B,OAAOxB,MAAM;EACf,CAAC,CAAC,OAAOK,CAAC,EAAE;IACV,MAAM,IAAIhB,yBAAyB,CAChC,8CAA6Cc,GAAI,+CACpD,CAAC;EACH;AACF,CAAC;;AAED;AACA;AACA;AACA,MAAMe,wBAAwB,GAC5BO,MAAmD,IAEnDC,MAAM,CAACC,OAAO,CAACF,MAAM,CAACG,WAAW,CAAC,CAC/BC,GAAG,CAACC,KAAA;EAAA,IAAC,CAACC,GAAG,EAAEZ,KAAK,CAAC,GAAAW,KAAA;EAAA,OAAM,GAAEC,GAAI,KAAIZ,KAAK,CAAC,CAAC,CAAE,EAAC;AAAA,EAAC,CAC5Ca,IAAI,CAAC,IAAI,CAAC"}

package/lib/module/credential/presentation/v1.0.0/07-send-authorization-response.js

@@ -1,7 +1,7 @@
 import { EncryptJwe } from "@pagopa/io-react-native-jwt";
 import { NoSuitableKeysFoundInEntityConfiguration } from "../common/errors";
 import { hasStatusOrThrow } from "../../../utils/misc";
-import { RelyingPartyResponseError, RelyingPartyResponseErrorCodes, ResponseErrorBuilder, UnexpectedStatusCodeError } from "../../../utils/errors";
+import { IoWalletError, RelyingPartyResponseError, RelyingPartyResponseErrorCodes, ResponseErrorBuilder, UnexpectedStatusCodeError } from "../../../utils/errors";
 import { prepareVpToken } from "../../../sd-jwt";
 import { AuthorizationResponse } from "./types";
 import { getJwksFromRpConfig } from "./utils.jwks";
@@ -90,6 +90,9 @@ export const sendAuthorizationResponse = async function (requestObject, remotePr
   let {
     appFetch = fetch
   } = arguments.length > 3 && arguments[3] !== undefined ? arguments[3] : {};
+  if (!rpConf) {
+    throw new IoWalletError("Relying Party Configuration is required for OpenID Federation clients");
+  }
   const {
     presentations
   } = remotePresentation;

package/lib/module/credential/presentation/v1.0.0/07-send-authorization-response.js.map

@@ -1 +1 @@
-{"version":3,"names":["EncryptJwe","NoSuitableKeysFoundInEntityConfiguration","hasStatusOrThrow","RelyingPartyResponseError","RelyingPartyResponseErrorCodes","ResponseErrorBuilder","UnexpectedStatusCodeError","prepareVpToken","AuthorizationResponse","getJwksFromRpConfig","buildDirectPostBody","createCryptoContextFor","choosePublicKeyToEncrypt","rpJwkKeys","encKey","find","jwk","use","buildDirectPostJwtBody","requestObject","rpConf","payload","authzResponsePayload","JSON","stringify","state","keys","encPublicJwk","authorization_encrypted_response_alg","authorization_encrypted_response_enc","defaultAlg","kty","encryptedResponse","alg","enc","kid","encrypt","formBody","URLSearchParams","response","toString","prepareRemotePresentations","credentials","authRequestObject","presentations","Promise","all","map","item","vp_token","nonce","clientId","credential","presentationFrame","keyTag","requestedClaims","requiredDisclosures","_ref","name","credentialId","id","vpToken","format","sendAuthorizationResponse","remotePresentation","appFetch","fetch","arguments","length","undefined","requestBody","reduce","acc","presentation","response_uri","method","headers","body","then","res","json","parse","catch","handleAuthorizationResponseError","sendAuthorizationErrorResponse","_ref2","error","errorDescription","error_description","e","handle","code","InvalidAuthorizationResponse","message","RelyingPartyGenericError","buildFrom"],"sourceRoot":"../../../../../src","sources":["credential/presentation/v1.0.0/07-send-authorization-response.ts"],"mappings":"AAAA,SAASA,UAAU,QAAQ,6BAA6B;AACxD,SAASC,wCAAwC,QAAQ,kBAAkB;AAC3E,SAASC,gBAAgB,QAAQ,qBAAqB;AAEtD,SACEC,yBAAyB,EACzBC,8BAA8B,EAC9BC,oBAAoB,EACpBC,yBAAyB,QACpB,uBAAuB;AAC9B,SAASC,cAAc,QAAQ,iBAAiB;AAGhD,SAASC,qBAAqB,QAAwC,SAAS;AAC/E,SAASC,mBAAmB,QAAQ,cAAc;AAClD,SAASC,mBAAmB,QAAQ,sBAAsB;AAC1D,SAASC,sBAAsB,QAAQ,uBAAuB;;AAE9D;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,OAAO,MAAMC,wBAAwB,GAAIC,SAAgB,IAAU;EACjE,MAAMC,MAAM,GAAGD,SAAS,CAACE,IAAI,CAAEC,GAAG,IAAKA,GAAG,CAACC,GAAG,KAAK,KAAK,CAAC;EAEzD,IAAIH,MAAM,EAAE;IACV,OAAOA,MAAM;EACf;;EAEA;EACA,MAAM,IAAIb,wCAAwC,CAChD,8CACF,CAAC;AACH,CAAC;;AAED;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,OAAO,MAAMiB,sBAAsB,GAAG,MAAAA,CACpCC,aAA4B,EAC5BC,MAA0B,EAC1BC,OAAuC,KACnB;EAGpB;EACA,MAAMC,oBAAoB,GAAGC,IAAI,CAACC,SAAS,CAAC;IAC1CC,KAAK,EAAEN,aAAa,CAACM,KAAK;IAC1B,GAAGJ;EACL,CAAC,CAAC;EACF;EACA,MAAM;IAAEK;EAAK,CAAC,GAAGjB,mBAAmB,CAACW,MAAM,CAAC;EAC5C,MAAMO,YAAY,GAAGf,wBAAwB,CAACc,IAAI,CAAC;;EAEnD;EACA,MAAM;IACJE,oCAAoC;IACpCC;EACF,CAAC,GAAGT,MAAM;EAEV,MAAMU,UAAsB,GAC1BH,YAAY,CAACI,GAAG,KAAK,IAAI,GAAG,SAAS,GAAG,cAAc;EAExD,MAAMC,iBAAiB,GAAG,MAAM,IAAIhC,UAAU,CAACsB,oBAAoB,EAAE;IACnEW,GAAG,EAAGL,oCAAoC,IAAmBE,UAAU;IACvEI,GAAG,EACAL,oCAAoC,IAAmB,eAAe;IACzEM,GAAG,EAAER,YAAY,CAACQ;EACpB,CAAC,CAAC,CAACC,OAAO,CAACT,YAAY,CAAC;;EAExB;EACA,MAAMU,QAAQ,GAAG,IAAIC,eAAe,CAAC;IACnCC,QAAQ,EAAEP,iBAAiB;IAC3BP,KAAK,EAAEN,aAAa,CAACM;EACvB,CAAC,CAAC;EACF,OAAOY,QAAQ,CAACG,QAAQ,CAAC,CAAC;AAC5B,CAAC;AAED,OAAO,MAAMC,0BAA+E,GAC1F,MAAAA,CAAOC,WAAW,EAAEC,iBAAiB,KAAK;EACxC,MAAMC,aAAa,GAAG,MAAMC,OAAO,CAACC,GAAG,CACrCJ,WAAW,CAACK,GAAG,CAAC,MAAOC,IAAI,IAAK;IAC9B,MAAM;MAAEC;IAAS,CAAC,GAAG,MAAM1C,cAAc,CACvCoC,iBAAiB,CAACO,KAAK,EACvBP,iBAAiB,CAACQ,QAAQ,EAC1B,CACEH,IAAI,CAACI,UAAU,EACfJ,IAAI,CAACK,iBAAiB,EACtB1C,sBAAsB,CAACqC,IAAI,CAACM,MAAM,CAAC,CAEvC,CAAC;IAED,OAAO;MACLC,eAAe,EAAEP,IAAI,CAACQ,mBAAmB,CAACT,GAAG,CAACU,IAAA;QAAA,IAAC;UAAEC;QAAK,CAAC,GAAAD,IAAA;QAAA,OAAKC,IAAI;MAAA,EAAC;MACjEC,YAAY,EAAEX,IAAI,CAACY,EAAE;MACrBC,OAAO,EAAEZ,QAAQ;MACjBa,MAAM,EAAEd,IAAI,CAACc;IACf,CAAC;EACH,CAAC,CACH,CAAC;EAED,OAAO;IAAElB;EAAc,CAAC;AAC1B,CAAC;AAEH,OAAO,MAAMmB,yBAA6E,GACxF,eAAAA,CACE5C,aAAa,EACb6C,kBAAkB,EAClB5C,MAAM,EAEH;EAAA,IADH;IAAE6C,QAAQ,GAAGC;EAAM,CAAC,GAAAC,SAAA,CAAAC,MAAA,QAAAD,SAAA,QAAAE,SAAA,GAAAF,SAAA,MAAG,CAAC,CAAC;EAEzB,MAAM;IAAEvB;EAAc,CAAC,GAAGoB,kBAAkB;EAC5C;EACA,MAAMM,WAAW,GAAG,MAAMpD,sBAAsB,CAACC,aAAa,EAAEC,MAAM,EAAE;IACtE6B,QAAQ,EAAEL,aAAa,CAAC2B,MAAM,CAC5B,CAACC,GAAG,EAAEC,YAAY,MAAM;MACtB,GAAGD,GAAG;MACN,CAACC,YAAY,CAACd,YAAY,GAAGc,YAAY,CAACZ;IAC5C,CAAC,CAAC,EACF,CAAC,CACH;EACF,CAAC,CAAC;;EAEF;EACA,OAAO,MAAMI,QAAQ,CAAC9C,aAAa,CAACuD,YAAY,EAAE;IAChDC,MAAM,EAAE,MAAM;IACdC,OAAO,EAAE;MACP,cAAc,EAAE;IAClB,CAAC;IACDC,IAAI,EAAEP;EACR,CAAC,CAAC,CACCQ,IAAI,CAAC5E,gBAAgB,CAAC,GAAG,CAAC,CAAC,CAC3B4E,IAAI,CAAEC,GAAG,IAAKA,GAAG,CAACC,IAAI,CAAC,CAAC,CAAC,CACzBF,IAAI,CAACtE,qBAAqB,CAACyE,KAAK,CAAC,CACjCC,KAAK,CAACC,gCAAgC,CAAC;AAC5C,CAAC;AAEH,OAAO,MAAMC,8BAAuF,GAClG,eAAAA,CACEjE,aAAa,EAAAkE,KAAA,EAGV;EAAA,IAFH;IAAEC,KAAK;IAAEC;EAAiB,CAAC,GAAAF,KAAA;EAAA,IAC3B;IAAEpB,QAAQ,GAAGC;EAAM,CAAC,GAAAC,SAAA,CAAAC,MAAA,QAAAD,SAAA,QAAAE,SAAA,GAAAF,SAAA,MAAG,CAAC,CAAC;EAEzB,MAAMG,WAAW,GAAG,MAAM5D,mBAAmB,CAACS,aAAa,EAAE;IAC3DmE,KAAK;IACLE,iBAAiB,EAAED;EACrB,CAAC,CAAC;EAEF,OAAO,MAAMtB,QAAQ,CAAC9C,aAAa,CAACuD,YAAY,EAAE;IAChDC,MAAM,EAAE,MAAM;IACdC,OAAO,EAAE;MACP,cAAc,EAAE;IAClB,CAAC;IACDC,IAAI,EAAEP;EACR,CAAC,CAAC,CACCQ,IAAI,CAAC5E,gBAAgB,CAAC,GAAG,EAAEC,yBAAyB,CAAC,CAAC,CACtD2E,IAAI,CAAEC,GAAG,IAAKA,GAAG,CAACC,IAAI,CAAC,CAAC,CAAC,CACzBF,IAAI,CAACtE,qBAAqB,CAACyE,KAAK,CAAC;AACtC,CAAC;;AAEH;AACA;AACA;AACA;AACA;AACA;AACA,MAAME,gCAAgC,GAAIM,CAAU,IAAK;EACvD,IAAI,EAAEA,CAAC,YAAYnF,yBAAyB,CAAC,EAAE;IAC7C,MAAMmF,CAAC;EACT;EAEA,MAAM,IAAIpF,oBAAoB,CAACF,yBAAyB,CAAC,CACtDuF,MAAM,CAAC,GAAG,EAAE;IACXC,IAAI,EAAEvF,8BAA8B,CAACwF,4BAA4B;IACjEC,OAAO,EACL;EACJ,CAAC,CAAC,CACDH,MAAM,CAAC,GAAG,EAAE;IACXC,IAAI,EAAEvF,8BAA8B,CAACwF,4BAA4B;IACjEC,OAAO,EAAE;EACX,CAAC,CAAC,CACDH,MAAM,CAAC,GAAG,EAAE;IACXC,IAAI,EAAEvF,8BAA8B,CAAC0F,wBAAwB;IAC7DD,OAAO,EAAE;EACX,CAAC,CAAC,CACDE,SAAS,CAACN,CAAC,CAAC;AACjB,CAAC"}
+{"version":3,"names":["EncryptJwe","NoSuitableKeysFoundInEntityConfiguration","hasStatusOrThrow","IoWalletError","RelyingPartyResponseError","RelyingPartyResponseErrorCodes","ResponseErrorBuilder","UnexpectedStatusCodeError","prepareVpToken","AuthorizationResponse","getJwksFromRpConfig","buildDirectPostBody","createCryptoContextFor","choosePublicKeyToEncrypt","rpJwkKeys","encKey","find","jwk","use","buildDirectPostJwtBody","requestObject","rpConf","payload","authzResponsePayload","JSON","stringify","state","keys","encPublicJwk","authorization_encrypted_response_alg","authorization_encrypted_response_enc","defaultAlg","kty","encryptedResponse","alg","enc","kid","encrypt","formBody","URLSearchParams","response","toString","prepareRemotePresentations","credentials","authRequestObject","presentations","Promise","all","map","item","vp_token","nonce","clientId","credential","presentationFrame","keyTag","requestedClaims","requiredDisclosures","_ref","name","credentialId","id","vpToken","format","sendAuthorizationResponse","remotePresentation","appFetch","fetch","arguments","length","undefined","requestBody","reduce","acc","presentation","response_uri","method","headers","body","then","res","json","parse","catch","handleAuthorizationResponseError","sendAuthorizationErrorResponse","_ref2","error","errorDescription","error_description","e","handle","code","InvalidAuthorizationResponse","message","RelyingPartyGenericError","buildFrom"],"sourceRoot":"../../../../../src","sources":["credential/presentation/v1.0.0/07-send-authorization-response.ts"],"mappings":"AAAA,SAASA,UAAU,QAAQ,6BAA6B;AACxD,SAASC,wCAAwC,QAAQ,kBAAkB;AAC3E,SAASC,gBAAgB,QAAQ,qBAAqB;AAEtD,SACEC,aAAa,EACbC,yBAAyB,EACzBC,8BAA8B,EAC9BC,oBAAoB,EACpBC,yBAAyB,QACpB,uBAAuB;AAC9B,SAASC,cAAc,QAAQ,iBAAiB;AAGhD,SAASC,qBAAqB,QAAwC,SAAS;AAC/E,SAASC,mBAAmB,QAAQ,cAAc;AAClD,SAASC,mBAAmB,QAAQ,sBAAsB;AAC1D,SAASC,sBAAsB,QAAQ,uBAAuB;;AAE9D;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,OAAO,MAAMC,wBAAwB,GAAIC,SAAgB,IAAU;EACjE,MAAMC,MAAM,GAAGD,SAAS,CAACE,IAAI,CAAEC,GAAG,IAAKA,GAAG,CAACC,GAAG,KAAK,KAAK,CAAC;EAEzD,IAAIH,MAAM,EAAE;IACV,OAAOA,MAAM;EACf;;EAEA;EACA,MAAM,IAAId,wCAAwC,CAChD,8CACF,CAAC;AACH,CAAC;;AAED;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,OAAO,MAAMkB,sBAAsB,GAAG,MAAAA,CACpCC,aAA4B,EAC5BC,MAA0B,EAC1BC,OAAuC,KACnB;EAGpB;EACA,MAAMC,oBAAoB,GAAGC,IAAI,CAACC,SAAS,CAAC;IAC1CC,KAAK,EAAEN,aAAa,CAACM,KAAK;IAC1B,GAAGJ;EACL,CAAC,CAAC;EACF;EACA,MAAM;IAAEK;EAAK,CAAC,GAAGjB,mBAAmB,CAACW,MAAM,CAAC;EAC5C,MAAMO,YAAY,GAAGf,wBAAwB,CAACc,IAAI,CAAC;;EAEnD;EACA,MAAM;IACJE,oCAAoC;IACpCC;EACF,CAAC,GAAGT,MAAM;EAEV,MAAMU,UAAsB,GAC1BH,YAAY,CAACI,GAAG,KAAK,IAAI,GAAG,SAAS,GAAG,cAAc;EAExD,MAAMC,iBAAiB,GAAG,MAAM,IAAIjC,UAAU,CAACuB,oBAAoB,EAAE;IACnEW,GAAG,EAAGL,oCAAoC,IAAmBE,UAAU;IACvEI,GAAG,EACAL,oCAAoC,IAAmB,eAAe;IACzEM,GAAG,EAAER,YAAY,CAACQ;EACpB,CAAC,CAAC,CAACC,OAAO,CAACT,YAAY,CAAC;;EAExB;EACA,MAAMU,QAAQ,GAAG,IAAIC,eAAe,CAAC;IACnCC,QAAQ,EAAEP,iBAAiB;IAC3BP,KAAK,EAAEN,aAAa,CAACM;EACvB,CAAC,CAAC;EACF,OAAOY,QAAQ,CAACG,QAAQ,CAAC,CAAC;AAC5B,CAAC;AAED,OAAO,MAAMC,0BAA+E,GAC1F,MAAAA,CAAOC,WAAW,EAAEC,iBAAiB,KAAK;EACxC,MAAMC,aAAa,GAAG,MAAMC,OAAO,CAACC,GAAG,CACrCJ,WAAW,CAACK,GAAG,CAAC,MAAOC,IAAI,IAAK;IAC9B,MAAM;MAAEC;IAAS,CAAC,GAAG,MAAM1C,cAAc,CACvCoC,iBAAiB,CAACO,KAAK,EACvBP,iBAAiB,CAACQ,QAAQ,EAC1B,CACEH,IAAI,CAACI,UAAU,EACfJ,IAAI,CAACK,iBAAiB,EACtB1C,sBAAsB,CAACqC,IAAI,CAACM,MAAM,CAAC,CAEvC,CAAC;IAED,OAAO;MACLC,eAAe,EAAEP,IAAI,CAACQ,mBAAmB,CAACT,GAAG,CAACU,IAAA;QAAA,IAAC;UAAEC;QAAK,CAAC,GAAAD,IAAA;QAAA,OAAKC,IAAI;MAAA,EAAC;MACjEC,YAAY,EAAEX,IAAI,CAACY,EAAE;MACrBC,OAAO,EAAEZ,QAAQ;MACjBa,MAAM,EAAEd,IAAI,CAACc;IACf,CAAC;EACH,CAAC,CACH,CAAC;EAED,OAAO;IAAElB;EAAc,CAAC;AAC1B,CAAC;AAEH,OAAO,MAAMmB,yBAA6E,GACxF,eAAAA,CACE5C,aAAa,EACb6C,kBAAkB,EAClB5C,MAAM,EAEH;EAAA,IADH;IAAE6C,QAAQ,GAAGC;EAAM,CAAC,GAAAC,SAAA,CAAAC,MAAA,QAAAD,SAAA,QAAAE,SAAA,GAAAF,SAAA,MAAG,CAAC,CAAC;EAEzB,IAAI,CAAC/C,MAAM,EAAE;IACX,MAAM,IAAIlB,aAAa,CACrB,uEACF,CAAC;EACH;EAEA,MAAM;IAAE0C;EAAc,CAAC,GAAGoB,kBAAkB;EAC5C;EACA,MAAMM,WAAW,GAAG,MAAMpD,sBAAsB,CAACC,aAAa,EAAEC,MAAM,EAAE;IACtE6B,QAAQ,EAAEL,aAAa,CAAC2B,MAAM,CAC5B,CAACC,GAAG,EAAEC,YAAY,MAAM;MACtB,GAAGD,GAAG;MACN,CAACC,YAAY,CAACd,YAAY,GAAGc,YAAY,CAACZ;IAC5C,CAAC,CAAC,EACF,CAAC,CACH;EACF,CAAC,CAAC;;EAEF;EACA,OAAO,MAAMI,QAAQ,CAAC9C,aAAa,CAACuD,YAAY,EAAE;IAChDC,MAAM,EAAE,MAAM;IACdC,OAAO,EAAE;MACP,cAAc,EAAE;IAClB,CAAC;IACDC,IAAI,EAAEP;EACR,CAAC,CAAC,CACCQ,IAAI,CAAC7E,gBAAgB,CAAC,GAAG,CAAC,CAAC,CAC3B6E,IAAI,CAAEC,GAAG,IAAKA,GAAG,CAACC,IAAI,CAAC,CAAC,CAAC,CACzBF,IAAI,CAACtE,qBAAqB,CAACyE,KAAK,CAAC,CACjCC,KAAK,CAACC,gCAAgC,CAAC;AAC5C,CAAC;AAEH,OAAO,MAAMC,8BAAuF,GAClG,eAAAA,CACEjE,aAAa,EAAAkE,KAAA,EAGV;EAAA,IAFH;IAAEC,KAAK;IAAEC;EAAiB,CAAC,GAAAF,KAAA;EAAA,IAC3B;IAAEpB,QAAQ,GAAGC;EAAM,CAAC,GAAAC,SAAA,CAAAC,MAAA,QAAAD,SAAA,QAAAE,SAAA,GAAAF,SAAA,MAAG,CAAC,CAAC;EAEzB,MAAMG,WAAW,GAAG,MAAM5D,mBAAmB,CAACS,aAAa,EAAE;IAC3DmE,KAAK;IACLE,iBAAiB,EAAED;EACrB,CAAC,CAAC;EAEF,OAAO,MAAMtB,QAAQ,CAAC9C,aAAa,CAACuD,YAAY,EAAE;IAChDC,MAAM,EAAE,MAAM;IACdC,OAAO,EAAE;MACP,cAAc,EAAE;IAClB,CAAC;IACDC,IAAI,EAAEP;EACR,CAAC,CAAC,CACCQ,IAAI,CAAC7E,gBAAgB,CAAC,GAAG,EAAEE,yBAAyB,CAAC,CAAC,CACtD2E,IAAI,CAAEC,GAAG,IAAKA,GAAG,CAACC,IAAI,CAAC,CAAC,CAAC,CACzBF,IAAI,CAACtE,qBAAqB,CAACyE,KAAK,CAAC;AACtC,CAAC;;AAEH;AACA;AACA;AACA;AACA;AACA;AACA,MAAME,gCAAgC,GAAIM,CAAU,IAAK;EACvD,IAAI,EAAEA,CAAC,YAAYnF,yBAAyB,CAAC,EAAE;IAC7C,MAAMmF,CAAC;EACT;EAEA,MAAM,IAAIpF,oBAAoB,CAACF,yBAAyB,CAAC,CACtDuF,MAAM,CAAC,GAAG,EAAE;IACXC,IAAI,EAAEvF,8BAA8B,CAACwF,4BAA4B;IACjEC,OAAO,EACL;EACJ,CAAC,CAAC,CACDH,MAAM,CAAC,GAAG,EAAE;IACXC,IAAI,EAAEvF,8BAA8B,CAACwF,4BAA4B;IACjEC,OAAO,EAAE;EACX,CAAC,CAAC,CACDH,MAAM,CAAC,GAAG,EAAE;IACXC,IAAI,EAAEvF,8BAA8B,CAAC0F,wBAAwB;IAC7DD,OAAO,EAAE;EACX,CAAC,CAAC,CACDE,SAAS,CAACN,CAAC,CAAC;AACjB,CAAC"}

package/lib/module/credential/presentation/v1.0.0/index.js

@@ -1,7 +1,6 @@
 import { startFlowFromQR } from "./01-start-flow";
 import { evaluateRelyingPartyTrust } from "./02-evaluate-rp-trust";
 import { getRequestObject } from "./03-get-request-object";
-import { verifyAuthRequestCertificateChain } from "./04-verify-certificate-chain";
 import { verifyRequestObject } from "./05-verify-request-object";
 import { evaluateDcqlQuery } from "./06-evaluate-dcql-query";
 import { prepareRemotePresentations, sendAuthorizationResponse, sendAuthorizationErrorResponse } from "./07-send-authorization-response";
@@ -9,7 +8,6 @@ export const RemotePresentation = {
   startFlowFromQR,
   evaluateRelyingPartyTrust,
   getRequestObject,
-  verifyAuthRequestCertificateChain,
   verifyRequestObject,
   evaluateDcqlQuery,
   prepareRemotePresentations,

package/lib/module/credential/presentation/v1.0.0/index.js.map

@@ -1 +1 @@
-{"version":3,"names":["startFlowFromQR","evaluateRelyingPartyTrust","getRequestObject","verifyAuthRequestCertificateChain","verifyRequestObject","evaluateDcqlQuery","prepareRemotePresentations","sendAuthorizationResponse","sendAuthorizationErrorResponse","RemotePresentation"],"sourceRoot":"../../../../../src","sources":["credential/presentation/v1.0.0/index.ts"],"mappings":"AACA,SAASA,eAAe,QAAQ,iBAAiB;AACjD,SAASC,yBAAyB,QAAQ,wBAAwB;AAClE,SAASC,gBAAgB,QAAQ,yBAAyB;AAC1D,SAASC,iCAAiC,QAAQ,+BAA+B;AACjF,SAASC,mBAAmB,QAAQ,4BAA4B;AAChE,SAASC,iBAAiB,QAAQ,0BAA0B;AAC5D,SACEC,0BAA0B,EAC1BC,yBAAyB,EACzBC,8BAA8B,QACzB,kCAAkC;AAEzC,OAAO,MAAMC,kBAAyC,GAAG;EACvDT,eAAe;EACfC,yBAAyB;EACzBC,gBAAgB;EAChBC,iCAAiC;EACjCC,mBAAmB;EACnBC,iBAAiB;EACjBC,0BAA0B;EAC1BC,yBAAyB;EACzBC;AACF,CAAC"}
+{"version":3,"names":["startFlowFromQR","evaluateRelyingPartyTrust","getRequestObject","verifyRequestObject","evaluateDcqlQuery","prepareRemotePresentations","sendAuthorizationResponse","sendAuthorizationErrorResponse","RemotePresentation"],"sourceRoot":"../../../../../src","sources":["credential/presentation/v1.0.0/index.ts"],"mappings":"AACA,SAASA,eAAe,QAAQ,iBAAiB;AACjD,SAASC,yBAAyB,QAAQ,wBAAwB;AAClE,SAASC,gBAAgB,QAAQ,yBAAyB;AAC1D,SAASC,mBAAmB,QAAQ,4BAA4B;AAChE,SAASC,iBAAiB,QAAQ,0BAA0B;AAC5D,SACEC,0BAA0B,EAC1BC,yBAAyB,EACzBC,8BAA8B,QACzB,kCAAkC;AAEzC,OAAO,MAAMC,kBAAyC,GAAG;EACvDR,eAAe;EACfC,yBAAyB;EACzBC,gBAAgB;EAChBC,mBAAmB;EACnBC,iBAAiB;EACjBC,0BAA0B;EAC1BC,yBAAyB;EACzBC;AACF,CAAC"}

package/lib/module/credential/presentation/v1.0.0/mappers.js

@@ -1,25 +1,35 @@
 import { createMapper } from "../../../utils/mappers";
-export const mapToRelyingPartyConfig = createMapper(x => {
+export const mapToRelyingPartyConfig = createMapper(_ref => {
+  let {
+    payload
+  } = _ref;
   const {
     federation_entity,
     openid_credential_verifier
-  } = x.payload.metadata;
+  } = payload.metadata;
   return {
-    subject: x.payload.sub,
+    subject: payload.sub,
     jwks: openid_credential_verifier.jwks,
     authorization_encrypted_response_alg: openid_credential_verifier.authorization_encrypted_response_alg,
     authorization_encrypted_response_enc: openid_credential_verifier.authorization_encrypted_response_enc,
     federation_entity
   };
 });
-export const mapToRequestObject = createMapper(x => ({
-  iss: x.iss,
-  client_id: x.client_id,
-  dcql_query: x.dcql_query,
-  nonce: x.nonce,
-  response_uri: x.response_uri,
-  state: x.state,
-  response_mode: x.response_mode,
-  response_type: x.response_type
-}));
+export const mapToRequestObject = createMapper(_ref2 => {
+  let {
+    header,
+    payload
+  } = _ref2;
+  return {
+    iss: payload.iss,
+    client_id: payload.client_id,
+    dcql_query: payload.dcql_query,
+    nonce: payload.nonce,
+    response_uri: payload.response_uri,
+    state: payload.state,
+    response_mode: payload.response_mode,
+    response_type: payload.response_type,
+    trust_chain: header.trust_chain
+  };
+});
 //# sourceMappingURL=mappers.js.map

package/lib/module/credential/presentation/v1.0.0/mappers.js.map

@@ -1 +1 @@
-{"version":3,"names":["createMapper","mapToRelyingPartyConfig","x","federation_entity","openid_credential_verifier","payload","metadata","subject","sub","jwks","authorization_encrypted_response_alg","authorization_encrypted_response_enc","mapToRequestObject","iss","client_id","dcql_query","nonce","response_uri","state","response_mode","response_type"],"sourceRoot":"../../../../../src","sources":["credential/presentation/v1.0.0/mappers.ts"],"mappings":"AAAA,SAASA,YAAY,QAAQ,wBAAwB;AAMrD,OAAO,MAAMC,uBAAuB,GAAGD,YAAY,CAGhDE,CAAC,IAAK;EACP,MAAM;IAAEC,iBAAiB;IAAEC;EAA2B,CAAC,GAAGF,CAAC,CAACG,OAAO,CAACC,QAAQ;EAC5E,OAAO;IACLC,OAAO,EAAEL,CAAC,CAACG,OAAO,CAACG,GAAG;IACtBC,IAAI,EAAEL,0BAA0B,CAACK,IAAI;IACrCC,oCAAoC,EAClCN,0BAA0B,CAACM,oCAAoC;IACjEC,oCAAoC,EAClCP,0BAA0B,CAACO,oCAAoC;IACjER;EACF,CAAC;AACH,CAAC,CAAC;AAEF,OAAO,MAAMS,kBAAkB,GAAGZ,YAAY,CAG3CE,CAAC,KAAM;EACRW,GAAG,EAAEX,CAAC,CAACW,GAAG;EACVC,SAAS,EAAEZ,CAAC,CAACY,SAAS;EACtBC,UAAU,EAAEb,CAAC,CAACa,UAAU;EACxBC,KAAK,EAAEd,CAAC,CAACc,KAAK;EACdC,YAAY,EAAEf,CAAC,CAACe,YAAY;EAC5BC,KAAK,EAAEhB,CAAC,CAACgB,KAAK;EACdC,aAAa,EAAEjB,CAAC,CAACiB,aAAa;EAC9BC,aAAa,EAAElB,CAAC,CAACkB;AACnB,CAAC,CAAC,CAAC"}
+{"version":3,"names":["createMapper","mapToRelyingPartyConfig","_ref","payload","federation_entity","openid_credential_verifier","metadata","subject","sub","jwks","authorization_encrypted_response_alg","authorization_encrypted_response_enc","mapToRequestObject","_ref2","header","iss","client_id","dcql_query","nonce","response_uri","state","response_mode","response_type","trust_chain"],"sourceRoot":"../../../../../src","sources":["credential/presentation/v1.0.0/mappers.ts"],"mappings":"AAAA,SAASA,YAAY,QAAQ,wBAAwB;AAMrD,OAAO,MAAMC,uBAAuB,GAAGD,YAAY,CAGjDE,IAAA,IAAiB;EAAA,IAAhB;IAAEC;EAAQ,CAAC,GAAAD,IAAA;EACZ,MAAM;IAAEE,iBAAiB;IAAEC;EAA2B,CAAC,GAAGF,OAAO,CAACG,QAAQ;EAC1E,OAAO;IACLC,OAAO,EAAEJ,OAAO,CAACK,GAAG;IACpBC,IAAI,EAAEJ,0BAA0B,CAACI,IAAI;IACrCC,oCAAoC,EAClCL,0BAA0B,CAACK,oCAAoC;IACjEC,oCAAoC,EAClCN,0BAA0B,CAACM,oCAAoC;IACjEP;EACF,CAAC;AACH,CAAC,CAAC;AAEF,OAAO,MAAMQ,kBAAkB,GAAGZ,YAAY,CAC5Ca,KAAA;EAAA,IAAC;IAAEC,MAAM;IAAEX;EAAQ,CAAC,GAAAU,KAAA;EAAA,OAAM;IACxBE,GAAG,EAAEZ,OAAO,CAACY,GAAG;IAChBC,SAAS,EAAEb,OAAO,CAACa,SAAS;IAC5BC,UAAU,EAAEd,OAAO,CAACc,UAAU;IAC9BC,KAAK,EAAEf,OAAO,CAACe,KAAK;IACpBC,YAAY,EAAEhB,OAAO,CAACgB,YAAY;IAClCC,KAAK,EAAEjB,OAAO,CAACiB,KAAK;IACpBC,aAAa,EAAElB,OAAO,CAACkB,aAAa;IACpCC,aAAa,EAAEnB,OAAO,CAACmB,aAAa;IACpCC,WAAW,EAAET,MAAM,CAACS;EACtB,CAAC;AAAA,CACH,CAAC"}

package/lib/module/credential/presentation/v1.0.0/types.js

@@ -1,21 +1,29 @@
 import * as z from "zod";
 import { UnixTime } from "../../../utils/zod";
 import { ErrorResponse } from "../api/types";
-export const RequestObjectPayload = z.object({
-  iss: z.string(),
-  iat: UnixTime,
-  exp: UnixTime,
-  state: z.string(),
-  nonce: z.string(),
-  response_uri: z.string(),
-  request_uri_method: z.string().optional(),
-  response_type: z.literal("vp_token"),
-  response_mode: z.literal("direct_post.jwt"),
-  client_id: z.string(),
-  dcql_query: z.record(z.string(), z.any()),
-  // Validation happens within the `dcql` library, no need to duplicate it here
-  scope: z.string().optional(),
-  wallet_nonce: z.string().optional()
+export const RawRequestObject = z.object({
+  header: z.object({
+    alg: z.string(),
+    kid: z.string(),
+    typ: z.literal("oauth-authz-req+jwt"),
+    trust_chain: z.array(z.string()).optional()
+  }),
+  payload: z.object({
+    iss: z.string(),
+    iat: UnixTime,
+    exp: UnixTime,
+    state: z.string(),
+    nonce: z.string(),
+    response_uri: z.string(),
+    request_uri_method: z.string().optional(),
+    response_type: z.literal("vp_token"),
+    response_mode: z.literal("direct_post.jwt"),
+    client_id: z.string(),
+    dcql_query: z.record(z.string(), z.any()),
+    // Validation happens within the `dcql` library, no need to duplicate it here
+    scope: z.string().optional(),
+    wallet_nonce: z.string().optional()
+  })
 });
 
 /**

package/lib/module/credential/presentation/v1.0.0/types.js.map

@@ -1 +1 @@
-{"version":3,"names":["z","UnixTime","ErrorResponse","RequestObjectPayload","object","iss","string","iat","exp","state","nonce","response_uri","request_uri_method","optional","response_type","literal","response_mode","client_id","dcql_query","record","any","scope","wallet_nonce","DirectAuthorizationBodyPayload","union","vp_token","error","error_description","AuthorizationResponse","status","response_code","redirect_uri"],"sourceRoot":"../../../../../src","sources":["credential/presentation/v1.0.0/types.ts"],"mappings":"AAAA,OAAO,KAAKA,CAAC,MAAM,KAAK;AACxB,SAASC,QAAQ,QAAQ,oBAAoB;AAC7C,SAASC,aAAa,QAAQ,cAAc;AAG5C,OAAO,MAAMC,oBAAoB,GAAGH,CAAC,CAACI,MAAM,CAAC;EAC3CC,GAAG,EAAEL,CAAC,CAACM,MAAM,CAAC,CAAC;EACfC,GAAG,EAAEN,QAAQ;EACbO,GAAG,EAAEP,QAAQ;EACbQ,KAAK,EAAET,CAAC,CAACM,MAAM,CAAC,CAAC;EACjBI,KAAK,EAAEV,CAAC,CAACM,MAAM,CAAC,CAAC;EACjBK,YAAY,EAAEX,CAAC,CAACM,MAAM,CAAC,CAAC;EACxBM,kBAAkB,EAAEZ,CAAC,CAACM,MAAM,CAAC,CAAC,CAACO,QAAQ,CAAC,CAAC;EACzCC,aAAa,EAAEd,CAAC,CAACe,OAAO,CAAC,UAAU,CAAC;EACpCC,aAAa,EAAEhB,CAAC,CAACe,OAAO,CAAC,iBAAiB,CAAC;EAC3CE,SAAS,EAAEjB,CAAC,CAACM,MAAM,CAAC,CAAC;EACrBY,UAAU,EAAElB,CAAC,CAACmB,MAAM,CAACnB,CAAC,CAACM,MAAM,CAAC,CAAC,EAAEN,CAAC,CAACoB,GAAG,CAAC,CAAC,CAAC;EAAE;EAC3CC,KAAK,EAAErB,CAAC,CAACM,MAAM,CAAC,CAAC,CAACO,QAAQ,CAAC,CAAC;EAC5BS,YAAY,EAAEtB,CAAC,CAACM,MAAM,CAAC,CAAC,CAACO,QAAQ,CAAC;AACpC,CAAC,CAAC;;AAEF;AACA;AACA;;AAIA,OAAO,MAAMU,8BAA8B,GAAGvB,CAAC,CAACwB,KAAK,CAAC,CACpDxB,CAAC,CAACI,MAAM,CAAC;EACPqB,QAAQ,EAAEzB,CAAC,CAACmB,MAAM,CAACnB,CAAC,CAACM,MAAM,CAAC,CAAC,EAAEN,CAAC,CAACM,MAAM,CAAC,CAAC;AAC3C,CAAC,CAAC,EACFN,CAAC,CAACI,MAAM,CAAC;EAAEsB,KAAK,EAAExB,aAAa;EAAEyB,iBAAiB,EAAE3B,CAAC,CAACM,MAAM,CAAC;AAAE,CAAC,CAAC,CAClE,CAAC;AAGF,OAAO,MAAMsB,qBAAqB,GAAG5B,CAAC,CAACI,MAAM,CAAC;EAC5CyB,MAAM,EAAE7B,CAAC,CAACM,MAAM,CAAC,CAAC,CAACO,QAAQ,CAAC,CAAC;EAC7BiB,aAAa,EAAE9B,CAAC,CAACM,MAAM,CAAC,CAAC,CAACO,QAAQ,CAAC,CAAC;EACpCkB,YAAY,EAAE/B,CAAC,CAACM,MAAM,CAAC,CAAC,CAACO,QAAQ,CAAC;AACpC,CAAC,CAAC"}
+{"version":3,"names":["z","UnixTime","ErrorResponse","RawRequestObject","object","header","alg","string","kid","typ","literal","trust_chain","array","optional","payload","iss","iat","exp","state","nonce","response_uri","request_uri_method","response_type","response_mode","client_id","dcql_query","record","any","scope","wallet_nonce","DirectAuthorizationBodyPayload","union","vp_token","error","error_description","AuthorizationResponse","status","response_code","redirect_uri"],"sourceRoot":"../../../../../src","sources":["credential/presentation/v1.0.0/types.ts"],"mappings":"AAAA,OAAO,KAAKA,CAAC,MAAM,KAAK;AACxB,SAASC,QAAQ,QAAQ,oBAAoB;AAC7C,SAASC,aAAa,QAAQ,cAAc;AAG5C,OAAO,MAAMC,gBAAgB,GAAGH,CAAC,CAACI,MAAM,CAAC;EACvCC,MAAM,EAAEL,CAAC,CAACI,MAAM,CAAC;IACfE,GAAG,EAAEN,CAAC,CAACO,MAAM,CAAC,CAAC;IACfC,GAAG,EAAER,CAAC,CAACO,MAAM,CAAC,CAAC;IACfE,GAAG,EAAET,CAAC,CAACU,OAAO,CAAC,qBAAqB,CAAC;IACrCC,WAAW,EAAEX,CAAC,CAACY,KAAK,CAACZ,CAAC,CAACO,MAAM,CAAC,CAAC,CAAC,CAACM,QAAQ,CAAC;EAC5C,CAAC,CAAC;EACFC,OAAO,EAAEd,CAAC,CAACI,MAAM,CAAC;IAChBW,GAAG,EAAEf,CAAC,CAACO,MAAM,CAAC,CAAC;IACfS,GAAG,EAAEf,QAAQ;IACbgB,GAAG,EAAEhB,QAAQ;IACbiB,KAAK,EAAElB,CAAC,CAACO,MAAM,CAAC,CAAC;IACjBY,KAAK,EAAEnB,CAAC,CAACO,MAAM,CAAC,CAAC;IACjBa,YAAY,EAAEpB,CAAC,CAACO,MAAM,CAAC,CAAC;IACxBc,kBAAkB,EAAErB,CAAC,CAACO,MAAM,CAAC,CAAC,CAACM,QAAQ,CAAC,CAAC;IACzCS,aAAa,EAAEtB,CAAC,CAACU,OAAO,CAAC,UAAU,CAAC;IACpCa,aAAa,EAAEvB,CAAC,CAACU,OAAO,CAAC,iBAAiB,CAAC;IAC3Cc,SAAS,EAAExB,CAAC,CAACO,MAAM,CAAC,CAAC;IACrBkB,UAAU,EAAEzB,CAAC,CAAC0B,MAAM,CAAC1B,CAAC,CAACO,MAAM,CAAC,CAAC,EAAEP,CAAC,CAAC2B,GAAG,CAAC,CAAC,CAAC;IAAE;IAC3CC,KAAK,EAAE5B,CAAC,CAACO,MAAM,CAAC,CAAC,CAACM,QAAQ,CAAC,CAAC;IAC5BgB,YAAY,EAAE7B,CAAC,CAACO,MAAM,CAAC,CAAC,CAACM,QAAQ,CAAC;EACpC,CAAC;AACH,CAAC,CAAC;;AAEF;AACA;AACA;;AAIA,OAAO,MAAMiB,8BAA8B,GAAG9B,CAAC,CAAC+B,KAAK,CAAC,CACpD/B,CAAC,CAACI,MAAM,CAAC;EACP4B,QAAQ,EAAEhC,CAAC,CAAC0B,MAAM,CAAC1B,CAAC,CAACO,MAAM,CAAC,CAAC,EAAEP,CAAC,CAACO,MAAM,CAAC,CAAC;AAC3C,CAAC,CAAC,EACFP,CAAC,CAACI,MAAM,CAAC;EAAE6B,KAAK,EAAE/B,aAAa;EAAEgC,iBAAiB,EAAElC,CAAC,CAACO,MAAM,CAAC;AAAE,CAAC,CAAC,CAClE,CAAC;AAGF,OAAO,MAAM4B,qBAAqB,GAAGnC,CAAC,CAACI,MAAM,CAAC;EAC5CgC,MAAM,EAAEpC,CAAC,CAACO,MAAM,CAAC,CAAC,CAACM,QAAQ,CAAC,CAAC;EAC7BwB,aAAa,EAAErC,CAAC,CAACO,MAAM,CAAC,CAAC,CAACM,QAAQ,CAAC,CAAC;EACpCyB,YAAY,EAAEtC,CAAC,CAACO,MAAM,CAAC,CAAC,CAACM,QAAQ,CAAC;AACpC,CAAC,CAAC"}

package/lib/module/credential/presentation/v1.3.3/05-verify-request-object.js

@@ -1,6 +1,8 @@
-import { parseAuthorizeRequest as sdkParseAuthorizeRequest } from "@pagopa/io-wallet-oid4vp";
+import { parseAuthorizeRequest as sdkParseAuthorizeRequest, ClientIdPrefix, extractClientIdPrefix } from "@pagopa/io-wallet-oid4vp";
+import QuickCrypto from "react-native-quick-crypto";
 import { partialCallbacks } from "../../../utils/callbacks";
 import { sdkConfigV1_3 } from "../../../utils/config";
+import { IoWalletError } from "../../../utils/errors";
 import { InvalidRequestObjectError } from "../common/errors";
 import { mapSdkRequestObjectError } from "./sdkErrorMapper";
 import { mapToRequestObject } from "./mappers";
@@ -16,13 +18,33 @@ export const verifyRequestObject = async (requestObjectEncodedJwt, _ref) => {
       verifyJwt: partialCallbacks.verifyJwt
     }
   }).catch(mapSdkRequestObjectError);
-  const payload = parsedRequestObject.payload;
-  const isClientIdMatch = clientId === payload.client_id && clientId === rpConf.subject;
-  if (!isClientIdMatch) {
-    throw new InvalidRequestObjectError("Client ID does not match Request Object or Entity Configuration");
+  const rawRequestObject = parsedRequestObject;
+  const clientIdPrefix = extractClientIdPrefix(clientId);
+  if (clientIdPrefix === ClientIdPrefix.X509_HASH) {
+    validateX509HashClient(rawRequestObject.header.x5c, clientId);
+  }
+  if (clientIdPrefix === ClientIdPrefix.OPENID_FEDERATION || clientIdPrefix === ClientIdPrefix.NONE) {
+    validateOpenIDFederationClient(rawRequestObject, clientId, rpConf);
   }
   return {
-    requestObject: mapToRequestObject(payload)
+    requestObject: mapToRequestObject(rawRequestObject)
   };
 };
+const validateOpenIDFederationClient = (requestObject, clientId, rpConf) => {
+  if (!rpConf) {
+    throw new IoWalletError("Relying Party Configuration is required for OpenID Federation clients");
+  }
+  const isClientIdMatch = clientId === requestObject.payload.client_id && stripOpenIdFederationPrefix(clientId) === rpConf.subject;
+  if (!isClientIdMatch) {
+    throw new InvalidRequestObjectError("Client ID does not match Request Object or Entity Configuration");
+  }
+};
+const validateX509HashClient = (certificateChain, clientId) => {
+  const [, x509Hash] = clientId.split(":");
+  const calculatedHash = QuickCrypto.createHash("sha-256").update(certificateChain[0], "base64").digest("base64url");
+  if (x509Hash !== calculatedHash) {
+    throw new InvalidRequestObjectError("x509_hash does not match the hash of the x5c leaf certificate");
+  }
+};
+const stripOpenIdFederationPrefix = clientId => clientId.replace("openid_federation:", "");
 //# sourceMappingURL=05-verify-request-object.js.map

package/lib/module/credential/presentation/v1.3.3/05-verify-request-object.js.map

@@ -1 +1 @@
-{"version":3,"names":["parseAuthorizeRequest","sdkParseAuthorizeRequest","partialCallbacks","sdkConfigV1_3","InvalidRequestObjectError","mapSdkRequestObjectError","mapToRequestObject","verifyRequestObject","requestObjectEncodedJwt","_ref","clientId","rpConf","parsedRequestObject","config","requestObjectJwt","callbacks","verifyJwt","catch","payload","isClientIdMatch","client_id","subject","requestObject"],"sourceRoot":"../../../../../src","sources":["credential/presentation/v1.3.3/05-verify-request-object.ts"],"mappings":"AACA,SAASA,qBAAqB,IAAIC,wBAAwB,QAAQ,0BAA0B;AAC5F,SAASC,gBAAgB,QAAQ,0BAA0B;AAC3D,SAASC,aAAa,QAAQ,uBAAuB;AACrD,SAASC,yBAAyB,QAAQ,kBAAkB;AAC5D,SAASC,wBAAwB,QAAQ,kBAAkB;AAC3D,SAASC,kBAAkB,QAAQ,WAAW;AAE9C,OAAO,MAAMC,mBAAiE,GAC5E,MAAAA,CAAOC,uBAAuB,EAAAC,IAAA,KAA2B;EAAA,IAAzB;IAAEC,QAAQ;IAAEC;EAAO,CAAC,GAAAF,IAAA;EAClD,MAAMG,mBAAmB,GAAG,MAAMX,wBAAwB,CAAC;IACzDY,MAAM,EAAEV,aAAa;IACrBW,gBAAgB,EAAEN,uBAAuB;IACzCO,SAAS,EAAE;MACTC,SAAS,EAAEd,gBAAgB,CAACc;IAC9B;EACF,CAAC,CAAC,CAACC,KAAK,CAACZ,wBAAwB,CAAC;EAElC,MAAMa,OAAO,GAAGN,mBAAmB,CAACM,OAAO;EAE3C,MAAMC,eAAe,GACnBT,QAAQ,KAAKQ,OAAO,CAACE,SAAS,IAAIV,QAAQ,KAAKC,MAAM,CAACU,OAAO;EAE/D,IAAI,CAACF,eAAe,EAAE;IACpB,MAAM,IAAIf,yBAAyB,CACjC,iEACF,CAAC;EACH;EAEA,OAAO;IACLkB,aAAa,EAAEhB,kBAAkB,CAACY,OAAO;EAC3C,CAAC;AACH,CAAC"}
+{"version":3,"names":["parseAuthorizeRequest","sdkParseAuthorizeRequest","ClientIdPrefix","extractClientIdPrefix","QuickCrypto","partialCallbacks","sdkConfigV1_3","IoWalletError","InvalidRequestObjectError","mapSdkRequestObjectError","mapToRequestObject","verifyRequestObject","requestObjectEncodedJwt","_ref","clientId","rpConf","parsedRequestObject","config","requestObjectJwt","callbacks","verifyJwt","catch","rawRequestObject","clientIdPrefix","X509_HASH","validateX509HashClient","header","x5c","OPENID_FEDERATION","NONE","validateOpenIDFederationClient","requestObject","isClientIdMatch","payload","client_id","stripOpenIdFederationPrefix","subject","certificateChain","x509Hash","split","calculatedHash","createHash","update","digest","replace"],"sourceRoot":"../../../../../src","sources":["credential/presentation/v1.3.3/05-verify-request-object.ts"],"mappings":"AACA,SACEA,qBAAqB,IAAIC,wBAAwB,EACjDC,cAAc,EACdC,qBAAqB,QAChB,0BAA0B;AACjC,OAAOC,WAAW,MAAM,2BAA2B;AACnD,SAASC,gBAAgB,QAAQ,0BAA0B;AAC3D,SAASC,aAAa,QAAQ,uBAAuB;AACrD,SAASC,aAAa,QAAQ,uBAAuB;AACrD,SAASC,yBAAyB,QAAQ,kBAAkB;AAC5D,SAASC,wBAAwB,QAAQ,kBAAkB;AAC3D,SAASC,kBAAkB,QAAQ,WAAW;AAG9C,OAAO,MAAMC,mBAAiE,GAC5E,MAAAA,CAAOC,uBAAuB,EAAAC,IAAA,KAA2B;EAAA,IAAzB;IAAEC,QAAQ;IAAEC;EAAO,CAAC,GAAAF,IAAA;EAClD,MAAMG,mBAAmB,GAAG,MAAMf,wBAAwB,CAAC;IACzDgB,MAAM,EAAEX,aAAa;IACrBY,gBAAgB,EAAEN,uBAAuB;IACzCO,SAAS,EAAE;MACTC,SAAS,EAAEf,gBAAgB,CAACe;IAC9B;EACF,CAAC,CAAC,CAACC,KAAK,CAACZ,wBAAwB,CAAC;EAElC,MAAMa,gBAAgB,GAAGN,mBAAuC;EAEhE,MAAMO,cAAc,GAAGpB,qBAAqB,CAACW,QAAQ,CAAC;EAEtD,IAAIS,cAAc,KAAKrB,cAAc,CAACsB,SAAS,EAAE;IAC/CC,sBAAsB,CAACH,gBAAgB,CAACI,MAAM,CAACC,GAAG,EAAEb,QAAQ,CAAC;EAC/D;EAEA,IACES,cAAc,KAAKrB,cAAc,CAAC0B,iBAAiB,IACnDL,cAAc,KAAKrB,cAAc,CAAC2B,IAAI,EACtC;IACAC,8BAA8B,CAACR,gBAAgB,EAAER,QAAQ,EAAEC,MAAM,CAAC;EACpE;EAEA,OAAO;IACLgB,aAAa,EAAErB,kBAAkB,CAACY,gBAAgB;EACpD,CAAC;AACH,CAAC;AAEH,MAAMQ,8BAA8B,GAAGA,CACrCC,aAA+B,EAC/BjB,QAAgB,EAChBC,MAAsC,KACnC;EACH,IAAI,CAACA,MAAM,EAAE;IACX,MAAM,IAAIR,aAAa,CACrB,uEACF,CAAC;EACH;EAEA,MAAMyB,eAAe,GACnBlB,QAAQ,KAAKiB,aAAa,CAACE,OAAO,CAACC,SAAS,IAC5CC,2BAA2B,CAACrB,QAAQ,CAAC,KAAKC,MAAM,CAACqB,OAAO;EAE1D,IAAI,CAACJ,eAAe,EAAE;IACpB,MAAM,IAAIxB,yBAAyB,CACjC,iEACF,CAAC;EACH;AACF,CAAC;AAED,MAAMiB,sBAAsB,GAAGA,CAC7BY,gBAA0B,EAC1BvB,QAAgB,KACb;EACH,MAAM,GAAGwB,QAAQ,CAAC,GAAGxB,QAAQ,CAACyB,KAAK,CAAC,GAAG,CAAC;EAExC,MAAMC,cAAc,GAAGpC,WAAW,CAACqC,UAAU,CAAC,SAAS,CAAC,CACrDC,MAAM,CAACL,gBAAgB,CAAC,CAAC,CAAC,EAAG,QAAQ,CAAC,CACtCM,MAAM,CAAC,WAAW,CAAC;EAEtB,IAAIL,QAAQ,KAAKE,cAAc,EAAE;IAC/B,MAAM,IAAIhC,yBAAyB,CACjC,+DACF,CAAC;EACH;AACF,CAAC;AAED,MAAM2B,2BAA2B,GAAIrB,QAAgB,IACnDA,QAAQ,CAAC8B,OAAO,CAAC,oBAAoB,EAAE,EAAE,CAAC"}

package/lib/module/credential/presentation/v1.3.3/06-evaluate-dcql-query.js

@@ -1,10 +1,9 @@
 import { DcqlQuery, DcqlError } from "dcql";
 import { isValiError } from "valibot";
 import { CredentialsNotFoundError } from "../common/errors";
-import * as mdocUtils from "./utils.mdoc";
 import * as sdJwtUtils from "../common/utils/sd-jwt";
-import { getClaimsFromDcqlMatch } from "./utils.mdoc";
-import { extractFailedCredentialsDetails, getDcqlQueryMatches, getPresentationFrameFromDcqlMatch } from "../common/utils/dcql";
+import * as mdocUtils from "../common/utils/mdoc";
+import { extractFailedCredentialsDetails, getDcqlQueryMatches, getClaimsFromDcqlMatch, getPresentationFrameFromDcqlMatch } from "../common/utils/dcql";
 export const evaluateDcqlQuery = async function (query, credentialsSdJwt) {
   let credentialsMdoc = arguments.length > 2 && arguments[2] !== undefined ? arguments[2] : [];
   const credentials = (await Promise.all([sdJwtUtils.mapCredentialsToObj(credentialsSdJwt), mdocUtils.mapCredentialsToObj(credentialsMdoc)])).flat();

package/lib/module/credential/presentation/v1.3.3/06-evaluate-dcql-query.js.map

@@ -1 +1 @@
-{"version":3,"names":["DcqlQuery","DcqlError","isValiError","CredentialsNotFoundError","mdocUtils","sdJwtUtils","getClaimsFromDcqlMatch","extractFailedCredentialsDetails","getDcqlQueryMatches","getPresentationFrameFromDcqlMatch","evaluateDcqlQuery","query","credentialsSdJwt","credentialsMdoc","arguments","length","undefined","credentials","Promise","all","mapCredentialsToObj","flat","credentialsById","reduce","acc","c","vct","doctype","original_credential","parsedQuery","parse","validate","queryResult","can_be_satisfied","map","_ref","_queryResult$credenti","_match$valid_credenti","id","match","purposes","credential_sets","filter","set","_set$matching_options","matching_options","includes","credentialSet","_credentialSet$purpos","description","purpose","toString","required","Boolean","matchOutput","valid_credentials","meta","output","credential_format","keyTag","credential","requiredDisclosures","presentationFrame","format","getPresentationFrameFromClaims","Error","error","message","code","cause","issues"],"sourceRoot":"../../../../../src","sources":["credential/presentation/v1.3.3/06-evaluate-dcql-query.ts"],"mappings":"AAAA,SAASA,SAAS,EAAEC,SAAS,QAAQ,MAAM;AAC3C,SAASC,WAAW,QAAQ,SAAS;AACrC,SAASC,wBAAwB,QAAQ,kBAAkB;AAE3D,OAAO,KAAKC,SAAS,MAAM,cAAc;AAEzC,OAAO,KAAKC,UAAU,MAAM,wBAAwB;AACpD,SAASC,sBAAsB,QAAQ,cAAc;AACrD,SACEC,+BAA+B,EAC/BC,mBAAmB,EACnBC,iCAAiC,QAC5B,sBAAsB;AAE7B,OAAO,MAAMC,iBAA6D,GACxE,eAAAA,CAAOC,KAAK,EAAEC,gBAAgB,EAA2B;EAAA,IAAzBC,eAAe,GAAAC,SAAA,CAAAC,MAAA,QAAAD,SAAA,QAAAE,SAAA,GAAAF,SAAA,MAAG,EAAE;EAClD,MAAMG,WAAW,GAAG,CAClB,MAAMC,OAAO,CAACC,GAAG,CAAC,CAChBd,UAAU,CAACe,mBAAmB,CAACR,gBAAgB,CAAC,EAChDR,SAAS,CAACgB,mBAAmB,CAACP,eAAe,CAAC,CAC/C,CAAC,EACFQ,IAAI,CAAC,CAAC;;EAER;EACA,MAAMC,eAAe,GAAGL,WAAW,CAACM,MAAM,CACxC,CAACC,GAAG,EAAEC,CAAC,MAAM;IACX,GAAGD,GAAG;IACN,CAAC,KAAK,IAAIC,CAAC,GAAGA,CAAC,CAACC,GAAG,GAAGD,CAAC,CAACE,OAAO,GAAGF,CAAC,CAACG;EACtC,CAAC,CAAC,EACF,CAAC,CACH,CAAC;EAED,IAAI;IACF;IACA,MAAMC,WAAW,GAAG7B,SAAS,CAAC8B,KAAK,CAACnB,KAAK,CAAC;IAC1CX,SAAS,CAAC+B,QAAQ,CAACF,WAAW,CAAC;IAE/B,MAAMG,WAAW,GAAGhC,SAAS,CAACW,KAAK,CAACkB,WAAW,EAAEZ,WAAW,CAAC;IAE7D,IAAI,CAACe,WAAW,CAACC,gBAAgB,EAAE;MACjC,MAAM,IAAI9B,wBAAwB,CAChCI,+BAA+B,CAACyB,WAAW,CAC7C,CAAC;IACH;IAEA,OAAOxB,mBAAmB,CAACwB,WAAW,CAAC,CAACE,GAAG,CAACC,IAAA,IAAiB;MAAA,IAAAC,qBAAA,EAAAC,qBAAA;MAAA,IAAhB,CAACC,EAAE,EAAEC,KAAK,CAAC,GAAAJ,IAAA;MACtD,MAAMK,QAAQ,IAAAJ,qBAAA,GAAGJ,WAAW,CAACS,eAAe,cAAAL,qBAAA,gBAAAA,qBAAA,GAA3BA,qBAAA,CACbM,MAAM,CAAEC,GAAG;QAAA,IAAAC,qBAAA;QAAA,QAAAA,qBAAA,GAAKD,GAAG,CAACE,gBAAgB,cAAAD,qBAAA,uBAApBA,qBAAA,CAAsBvB,IAAI,CAAC,CAAC,CAACyB,QAAQ,CAACR,EAAE,CAAC;MAAA,EAAC,cAAAF,qBAAA,uBAD7CA,qBAAA,CAEbF,GAAG,CAAqBa,aAAa;QAAA,IAAAC,qBAAA;QAAA,OAAM;UAC3CC,WAAW,GAAAD,qBAAA,GAAED,aAAa,CAACG,OAAO,cAAAF,qBAAA,uBAArBA,qBAAA,CAAuBG,QAAQ,CAAC,CAAC;UAC9CC,QAAQ,EAAEC,OAAO,CAACN,aAAa,CAACK,QAAQ;QAC1C,CAAC;MAAA,CAAC,CAAC;MAEL,MAAME,WAAW,IAAAjB,qBAAA,GAAGE,KAAK,CAACgB,iBAAiB,CAAC,CAAC,CAAC,cAAAlB,qBAAA,uBAA1BA,qBAAA,CAA4BmB,IAAI,CAACC,MAAM;MAE3D,IAAI,CAAAH,WAAW,aAAXA,WAAW,uBAAXA,WAAW,CAAEI,iBAAiB,MAAK,WAAW,EAAE;QAClD,MAAM;UAAEhC;QAAI,CAAC,GAAG4B,WAAW;QAC3B,MAAM,CAACK,MAAM,EAAEC,UAAU,CAAC,GAAGtC,eAAe,CAACI,GAAG,CAAE;QAElD,MAAMmC,mBAAmB,GAAGvD,sBAAsB,CAACiC,KAAK,CAAC;QACzD,MAAMuB,iBAAiB,GAAGrD,iCAAiC,CACzD8B,KAAK,EACLV,WACF,CAAC;QAED,OAAO;UACLS,EAAE;UACFZ,GAAG;UACHiC,MAAM;UACNI,MAAM,EAAET,WAAW,CAACI,iBAAiB;UACrCE,UAAU;UACVC,mBAAmB;UACnBC,iBAAiB;UACjB;UACA;UACAtB,QAAQ,EAAEA,QAAQ,IAAI,CAAC;YAAEY,QAAQ,EAAE;UAAK,CAAC;QAC3C,CAAC;MACH;MAEA,IAAI,CAAAE,WAAW,aAAXA,WAAW,uBAAXA,WAAW,CAAEI,iBAAiB,MAAK,UAAU,EAAE;QACjD,MAAM;UAAE/B;QAAQ,CAAC,GAAG2B,WAAW;QAC/B,MAAM,CAACK,MAAM,EAAEC,UAAU,CAAC,GAAGtC,eAAe,CAACK,OAAO,CAAE;QAEtD,MAAMkC,mBAAmB,GAAGzD,SAAS,CAACE,sBAAsB,CAACiC,KAAK,CAAC;QACnE,MAAMuB,iBAAiB,GAAG1D,SAAS,CAAC4D,8BAA8B,CAChEH,mBAAmB,EACnBlC,OACF,CAAC;QAED,OAAO;UACLW,EAAE;UACFX,OAAO;UACPgC,MAAM;UACNI,MAAM,EAAET,WAAW,CAACI,iBAAiB;UACrCE,UAAU;UACVC,mBAAmB;UACnBC,iBAAiB;UACjBtB,QAAQ,EAAEA,QAAQ,IAAI,CAAC;YAAEY,QAAQ,EAAE;UAAK,CAAC;QAC3C,CAAC;MACH;MAEA,MAAM,IAAIa,KAAK,CACZ,kCAAiCX,WAAW,aAAXA,WAAW,uBAAXA,WAAW,CAAEI,iBAAkB,EACnE,CAAC;IACH,CAAC,CAAC;EACJ,CAAC,CAAC,OAAOQ,KAAK,EAAE;IACd;IACA,IAAIhE,WAAW,CAACgE,KAAK,CAAC,EAAE;MACtB,MAAM,IAAIjE,SAAS,CAAC;QAClBkE,OAAO,EAAE,yCAAyC;QAClDC,IAAI,EAAE,aAAa;QACnBC,KAAK,EAAEH,KAAK,CAACI;MACf,CAAC,CAAC;IACJ;;IAEA;IACA,MAAMJ,KAAK;EACb;AACF,CAAC"}
+{"version":3,"names":["DcqlQuery","DcqlError","isValiError","CredentialsNotFoundError","sdJwtUtils","mdocUtils","extractFailedCredentialsDetails","getDcqlQueryMatches","getClaimsFromDcqlMatch","getPresentationFrameFromDcqlMatch","evaluateDcqlQuery","query","credentialsSdJwt","credentialsMdoc","arguments","length","undefined","credentials","Promise","all","mapCredentialsToObj","flat","credentialsById","reduce","acc","c","vct","doctype","original_credential","parsedQuery","parse","validate","queryResult","can_be_satisfied","map","_ref","_queryResult$credenti","_match$valid_credenti","id","match","purposes","credential_sets","filter","set","_set$matching_options","matching_options","includes","credentialSet","_credentialSet$purpos","description","purpose","toString","required","Boolean","matchOutput","valid_credentials","meta","output","credential_format","keyTag","credential","requiredDisclosures","presentationFrame","format","getPresentationFrameFromClaims","Error","error","message","code","cause","issues"],"sourceRoot":"../../../../../src","sources":["credential/presentation/v1.3.3/06-evaluate-dcql-query.ts"],"mappings":"AAAA,SAASA,SAAS,EAAEC,SAAS,QAAQ,MAAM;AAC3C,SAASC,WAAW,QAAQ,SAAS;AACrC,SAASC,wBAAwB,QAAQ,kBAAkB;AAE3D,OAAO,KAAKC,UAAU,MAAM,wBAAwB;AACpD,OAAO,KAAKC,SAAS,MAAM,sBAAsB;AAEjD,SACEC,+BAA+B,EAC/BC,mBAAmB,EACnBC,sBAAsB,EACtBC,iCAAiC,QAC5B,sBAAsB;AAE7B,OAAO,MAAMC,iBAA6D,GACxE,eAAAA,CAAOC,KAAK,EAAEC,gBAAgB,EAA2B;EAAA,IAAzBC,eAAe,GAAAC,SAAA,CAAAC,MAAA,QAAAD,SAAA,QAAAE,SAAA,GAAAF,SAAA,MAAG,EAAE;EAClD,MAAMG,WAAW,GAAG,CAClB,MAAMC,OAAO,CAACC,GAAG,CAAC,CAChBf,UAAU,CAACgB,mBAAmB,CAACR,gBAAgB,CAAC,EAChDP,SAAS,CAACe,mBAAmB,CAACP,eAAe,CAAC,CAC/C,CAAC,EACFQ,IAAI,CAAC,CAAC;;EAER;EACA,MAAMC,eAAe,GAAGL,WAAW,CAACM,MAAM,CACxC,CAACC,GAAG,EAAEC,CAAC,MAAM;IACX,GAAGD,GAAG;IACN,CAAC,KAAK,IAAIC,CAAC,GAAGA,CAAC,CAACC,GAAG,GAAGD,CAAC,CAACE,OAAO,GAAGF,CAAC,CAACG;EACtC,CAAC,CAAC,EACF,CAAC,CACH,CAAC;EAED,IAAI;IACF;IACA,MAAMC,WAAW,GAAG7B,SAAS,CAAC8B,KAAK,CAACnB,KAAK,CAAC;IAC1CX,SAAS,CAAC+B,QAAQ,CAACF,WAAW,CAAC;IAE/B,MAAMG,WAAW,GAAGhC,SAAS,CAACW,KAAK,CAACkB,WAAW,EAAEZ,WAAW,CAAC;IAE7D,IAAI,CAACe,WAAW,CAACC,gBAAgB,EAAE;MACjC,MAAM,IAAI9B,wBAAwB,CAChCG,+BAA+B,CAAC0B,WAAW,CAC7C,CAAC;IACH;IAEA,OAAOzB,mBAAmB,CAACyB,WAAW,CAAC,CAACE,GAAG,CAACC,IAAA,IAAiB;MAAA,IAAAC,qBAAA,EAAAC,qBAAA;MAAA,IAAhB,CAACC,EAAE,EAAEC,KAAK,CAAC,GAAAJ,IAAA;MACtD,MAAMK,QAAQ,IAAAJ,qBAAA,GAAGJ,WAAW,CAACS,eAAe,cAAAL,qBAAA,gBAAAA,qBAAA,GAA3BA,qBAAA,CACbM,MAAM,CAAEC,GAAG;QAAA,IAAAC,qBAAA;QAAA,QAAAA,qBAAA,GAAKD,GAAG,CAACE,gBAAgB,cAAAD,qBAAA,uBAApBA,qBAAA,CAAsBvB,IAAI,CAAC,CAAC,CAACyB,QAAQ,CAACR,EAAE,CAAC;MAAA,EAAC,cAAAF,qBAAA,uBAD7CA,qBAAA,CAEbF,GAAG,CAAqBa,aAAa;QAAA,IAAAC,qBAAA;QAAA,OAAM;UAC3CC,WAAW,GAAAD,qBAAA,GAAED,aAAa,CAACG,OAAO,cAAAF,qBAAA,uBAArBA,qBAAA,CAAuBG,QAAQ,CAAC,CAAC;UAC9CC,QAAQ,EAAEC,OAAO,CAACN,aAAa,CAACK,QAAQ;QAC1C,CAAC;MAAA,CAAC,CAAC;MAEL,MAAME,WAAW,IAAAjB,qBAAA,GAAGE,KAAK,CAACgB,iBAAiB,CAAC,CAAC,CAAC,cAAAlB,qBAAA,uBAA1BA,qBAAA,CAA4BmB,IAAI,CAACC,MAAM;MAE3D,IAAI,CAAAH,WAAW,aAAXA,WAAW,uBAAXA,WAAW,CAAEI,iBAAiB,MAAK,WAAW,EAAE;QAClD,MAAM;UAAEhC;QAAI,CAAC,GAAG4B,WAAW;QAC3B,MAAM,CAACK,MAAM,EAAEC,UAAU,CAAC,GAAGtC,eAAe,CAACI,GAAG,CAAE;QAElD,MAAMmC,mBAAmB,GAAGrD,sBAAsB,CAAC+B,KAAK,CAAC;QACzD,MAAMuB,iBAAiB,GAAGrD,iCAAiC,CACzD8B,KAAK,EACLV,WACF,CAAC;QAED,OAAO;UACLS,EAAE;UACFZ,GAAG;UACHiC,MAAM;UACNI,MAAM,EAAET,WAAW,CAACI,iBAAiB;UACrCE,UAAU;UACVC,mBAAmB;UACnBC,iBAAiB;UACjB;UACA;UACAtB,QAAQ,EAAEA,QAAQ,IAAI,CAAC;YAAEY,QAAQ,EAAE;UAAK,CAAC;QAC3C,CAAC;MACH;MAEA,IAAI,CAAAE,WAAW,aAAXA,WAAW,uBAAXA,WAAW,CAAEI,iBAAiB,MAAK,UAAU,EAAE;QACjD,MAAM;UAAE/B;QAAQ,CAAC,GAAG2B,WAAW;QAC/B,MAAM,CAACK,MAAM,EAAEC,UAAU,CAAC,GAAGtC,eAAe,CAACK,OAAO,CAAE;QAEtD,MAAMkC,mBAAmB,GAAGxD,SAAS,CAACG,sBAAsB,CAAC+B,KAAK,CAAC;QACnE,MAAMuB,iBAAiB,GAAGzD,SAAS,CAAC2D,8BAA8B,CAChEH,mBAAmB,EACnBlC,OACF,CAAC;QAED,OAAO;UACLW,EAAE;UACFX,OAAO;UACPgC,MAAM;UACNI,MAAM,EAAET,WAAW,CAACI,iBAAiB;UACrCE,UAAU;UACVC,mBAAmB;UACnBC,iBAAiB;UACjBtB,QAAQ,EAAEA,QAAQ,IAAI,CAAC;YAAEY,QAAQ,EAAE;UAAK,CAAC;QAC3C,CAAC;MACH;MAEA,MAAM,IAAIa,KAAK,CACZ,kCAAiCX,WAAW,aAAXA,WAAW,uBAAXA,WAAW,CAAEI,iBAAkB,EACnE,CAAC;IACH,CAAC,CAAC;EACJ,CAAC,CAAC,OAAOQ,KAAK,EAAE;IACd;IACA,IAAIhE,WAAW,CAACgE,KAAK,CAAC,EAAE;MACtB,MAAM,IAAIjE,SAAS,CAAC;QAClBkE,OAAO,EAAE,yCAAyC;QAClDC,IAAI,EAAE,aAAa;QACnBC,KAAK,EAAEH,KAAK,CAACI;MACf,CAAC,CAAC;IACJ;;IAEA;IACA,MAAMJ,KAAK;EACb;AACF,CAAC"}

package/lib/module/credential/presentation/v1.3.3/07-send-authorization-response.js

@@ -73,14 +73,17 @@ export const sendAuthorizationResponse = async function (requestObject, remotePr
     appFetch = fetch
   } = arguments.length > 3 && arguments[3] !== undefined ? arguments[3] : {};
   try {
-    const {
-      presentations
-    } = remotePresentation;
+    if (!rpConf && !requestObject.client_metadata) {
+      throw new IoWalletError("At least one of rpConf or requestObject.client_metadata must be provided to send the authorization response");
+    }
+
+    // When the RP is not an OpenID Federation client, rpConf will be undefined
+    // so the keys are taken from the Request Object's client_metadata.
     const rpJwks = {
-      jwks: rpConf.jwks,
-      encrypted_response_enc_values_supported: rpConf.encrypted_response_enc_values_supported
+      jwks: (rpConf === null || rpConf === void 0 ? void 0 : rpConf.jwks) ?? requestObject.client_metadata.jwks,
+      encrypted_response_enc_values_supported: (rpConf === null || rpConf === void 0 ? void 0 : rpConf.encrypted_response_enc_values_supported) ?? requestObject.client_metadata.encrypted_response_enc_values_supported
     };
-    const vp_token = presentations.reduce((acc, p) => {
+    const vp_token = remotePresentation.presentations.reduce((acc, p) => {
       (acc[p.credentialId] ??= []).push(p.vpToken);
       return acc;
     }, {});

package/lib/module/credential/presentation/v1.3.3/07-send-authorization-response.js.map

@@ -1 +1 @@
-{"version":3,"names":["createAuthorizationResponse","sdkCreateAuthorizationResponse","fetchAuthorizationResponse","sdkFetchAuthorizationResponse","partialCallbacks","mapSdkAuthorizationResponseError","generateRandomAlphaNumericString","hasStatusOrThrow","IoWalletError","RelyingPartyResponseError","AuthorizationResponse","buildDirectPostBody","prepareVpToken","createCryptoContextFor","prepareVpTokenMdoc","prepareRemotePresentations","credentials","authRequestObject","generatedNonce","presentations","Promise","all","map","item","format","vp_token","nonce","clientId","credential","presentationFrame","keyTag","requestedClaims","requiredDisclosures","_ref","name","credentialId","id","vpToken","responseUri","doctype","_ref2","sendAuthorizationResponse","requestObject","remotePresentation","rpConf","appFetch","fetch","arguments","length","undefined","rpJwks","jwks","encrypted_response_enc_values_supported","reduce","acc","p","push","jarm","callbacks","encryptJwe","generateRandom","authorizationResponseJarm","responseJwe","presentationResponseUri","response_uri","err","sendAuthorizationErrorResponse","_ref3","error","errorDescription","requestBody","error_description","method","headers","body","then","res","json","parse"],"sourceRoot":"../../../../../src","sources":["credential/presentation/v1.3.3/07-send-authorization-response.ts"],"mappings":"AAAA,SACEA,2BAA2B,IAAIC,8BAA8B,EAC7DC,0BAA0B,IAAIC,6BAA6B,QACtD,0BAA0B;AAEjC,SAASC,gBAAgB,QAAQ,0BAA0B;AAC3D,SAASC,gCAAgC,QAAQ,kBAAkB;AACnE,SACEC,gCAAgC,EAChCC,gBAAgB,QACX,qBAAqB;AAC5B,SACEC,aAAa,EACbC,yBAAyB,QACpB,uBAAuB;AAC9B,SAASC,qBAAqB,QAAQ,SAAS;AAC/C,SAASC,mBAAmB,QAAQ,sBAAsB;AAC1D,SAASC,cAAc,QAAQ,iBAAiB;AAChD,SAASC,sBAAsB,QAAQ,uBAAuB;AAC9D,SAASC,kBAAkB,QAAQ,eAAe;;AAElD;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,OAAO,MAAMC,0BAA+E,GAC1F,MAAAA,CAAOC,WAAW,EAAEC,iBAAiB,KAAK;EACxC;EACA,MAAMC,cAAc,GAAGZ,gCAAgC,CAAC,EAAE,CAAC;EAE3D,MAAMa,aAAa,GAAG,MAAMC,OAAO,CAACC,GAAG,CACrCL,WAAW,CAACM,GAAG,CAAC,MAAOC,IAAI,IAAK;IAC9B,MAAM;MAAEC;IAAO,CAAC,GAAGD,IAAI;IAEvB,IAAIC,MAAM,KAAK,WAAW,EAAE;MAC1B,MAAM;QAAEC;MAAS,CAAC,GAAG,MAAMb,cAAc,CACvCK,iBAAiB,CAACS,KAAK,EACvBT,iBAAiB,CAACU,QAAQ,EAC1B,CACEJ,IAAI,CAACK,UAAU,EACfL,IAAI,CAACM,iBAAiB,EACtBhB,sBAAsB,CAACU,IAAI,CAACO,MAAM,CAAC,CAEvC,CAAC;MAED,OAAO;QACLC,eAAe,EAAER,IAAI,CAACS,mBAAmB,CAACV,GAAG,CAACW,IAAA;UAAA,IAAC;YAAEC;UAAK,CAAC,GAAAD,IAAA;UAAA,OAAKC,IAAI;QAAA,EAAC;QACjEC,YAAY,EAAEZ,IAAI,CAACa,EAAE;QACrBC,OAAO,EAAEZ,QAAQ;QACjBD;MACF,CAAC;IACH;IAEA,IAAIA,MAAM,KAAK,UAAU,EAAE;MACzB,MAAM;QAAEC;MAAS,CAAC,GAAG,MAAMX,kBAAkB,CAC3CG,iBAAiB,CAACS,KAAK,EACvBR,cAAc,EACdD,iBAAiB,CAACU,QAAQ,EAC1BV,iBAAiB,CAACqB,WAAW,EAC7Bf,IAAI,CAACgB,OAAO,EACZhB,IAAI,CAACO,MAAM,EACX,CACEP,IAAI,CAACK,UAAU,EACfL,IAAI,CAACM,iBAAiB,EACtBhB,sBAAsB,CAACU,IAAI,CAACO,MAAM,CAAC,CAEvC,CAAC;MAED,OAAO;QACLC,eAAe,EAAER,IAAI,CAACS,mBAAmB,CAACV,GAAG,CAACkB,KAAA;UAAA,IAAC;YAAEN;UAAK,CAAC,GAAAM,KAAA;UAAA,OAAKN,IAAI;QAAA,EAAC;QACjEC,YAAY,EAAEZ,IAAI,CAACa,EAAE;QACrBC,OAAO,EAAEZ,QAAQ;QACjBD,MAAM,EAAE;MACV,CAAC;IACH;IAEA,MAAM,IAAIhB,aAAa,CAAE,GAAEgB,MAAO,2BAA0B,CAAC;EAC/D,CAAC,CACH,CAAC;EAED,OAAO;IACLL,aAAa;IACbD;EACF,CAAC;AACH,CAAC;AAEH,OAAO,MAAMuB,yBAA6E,GACxF,eAAAA,CACEC,aAAa,EACbC,kBAAkB,EAClBC,MAAM,EAEH;EAAA,IADH;IAAEC,QAAQ,GAAGC;EAAM,CAAC,GAAAC,SAAA,CAAAC,MAAA,QAAAD,SAAA,QAAAE,SAAA,GAAAF,SAAA,MAAG,CAAC,CAAC;EAEzB,IAAI;IACF,MAAM;MAAE5B;IAAc,CAAC,GAAGwB,kBAAkB;IAC5C,MAAMO,MAAM,GAAG;MACbC,IAAI,EAAEP,MAAM,CAACO,IAAI;MACjBC,uCAAuC,EACrCR,MAAM,CAACQ;IACX,CAAC;IAED,MAAM3B,QAAQ,GAAGN,aAAa,CAACkC,MAAM,CACnC,CAACC,GAAG,EAAEC,CAAC,KAAK;MACV,CAACD,GAAG,CAACC,CAAC,CAACpB,YAAY,CAAC,KAAK,EAAE,EAAEqB,IAAI,CAACD,CAAC,CAAClB,OAAO,CAAC;MAC5C,OAAOiB,GAAG;IACZ,CAAC,EACD,CAAC,CACH,CAAC;IAED,MAAM;MAAEG;IAAK,CAAC,GAAG,MAAMxD,8BAA8B,CAAC;MACpDyC,aAAa;MACbQ,MAAM;MACNzB,QAAQ;MACRiC,SAAS,EAAE;QACTC,UAAU,EAAEvD,gBAAgB,CAACuD,UAAU;QACvCC,cAAc,EAAExD,gBAAgB,CAACwD;MACnC;IACF,CAAC,CAAC;IAEF,OAAO,MAAMzD,6BAA6B,CAAC;MACzC0D,yBAAyB,EAAEJ,IAAI,CAACK,WAAW;MAC3CC,uBAAuB,EAAErB,aAAa,CAACsB,YAAY;MACnDN,SAAS,EAAE;QAAEZ,KAAK,EAAED;MAAS;IAC/B,CAAC,CAAC;EACJ,CAAC,CAAC,OAAOoB,GAAG,EAAE;IACZ,MAAM5D,gCAAgC,CAAC4D,GAAG,CAAC;EAC7C;AACF,CAAC;AAEH,OAAO,MAAMC,8BAAuF,GAClG,eAAAA,CACExB,aAAa,EAAAyB,KAAA,EAGV;EAAA,IAFH;IAAEC,KAAK;IAAEC;EAAiB,CAAC,GAAAF,KAAA;EAAA,IAC3B;IAAEtB,QAAQ,GAAGC;EAAM,CAAC,GAAAC,SAAA,CAAAC,MAAA,QAAAD,SAAA,QAAAE,SAAA,GAAAF,SAAA,MAAG,CAAC,CAAC;EAEzB,MAAMuB,WAAW,GAAG,MAAM3D,mBAAmB,CAAC+B,aAAa,EAAE;IAC3D0B,KAAK;IACLG,iBAAiB,EAAEF;EACrB,CAAC,CAAC;EAEF,OAAO,MAAMxB,QAAQ,CAACH,aAAa,CAACsB,YAAY,EAAE;IAChDQ,MAAM,EAAE,MAAM;IACdC,OAAO,EAAE;MACP,cAAc,EAAE;IAClB,CAAC;IACDC,IAAI,EAAEJ;EACR,CAAC,CAAC,CACCK,IAAI,CAACpE,gBAAgB,CAAC,GAAG,EAAEE,yBAAyB,CAAC,CAAC,CACtDkE,IAAI,CAAEC,GAAG,IAAKA,GAAG,CAACC,IAAI,CAAC,CAAC,CAAC,CACzBF,IAAI,CAACjE,qBAAqB,CAACoE,KAAK,CAAC;AACtC,CAAC"}
+{"version":3,"names":["createAuthorizationResponse","sdkCreateAuthorizationResponse","fetchAuthorizationResponse","sdkFetchAuthorizationResponse","partialCallbacks","mapSdkAuthorizationResponseError","generateRandomAlphaNumericString","hasStatusOrThrow","IoWalletError","RelyingPartyResponseError","AuthorizationResponse","buildDirectPostBody","prepareVpToken","createCryptoContextFor","prepareVpTokenMdoc","prepareRemotePresentations","credentials","authRequestObject","generatedNonce","presentations","Promise","all","map","item","format","vp_token","nonce","clientId","credential","presentationFrame","keyTag","requestedClaims","requiredDisclosures","_ref","name","credentialId","id","vpToken","responseUri","doctype","_ref2","sendAuthorizationResponse","requestObject","remotePresentation","rpConf","appFetch","fetch","arguments","length","undefined","client_metadata","rpJwks","jwks","encrypted_response_enc_values_supported","reduce","acc","p","push","jarm","callbacks","encryptJwe","generateRandom","authorizationResponseJarm","responseJwe","presentationResponseUri","response_uri","err","sendAuthorizationErrorResponse","_ref3","error","errorDescription","requestBody","error_description","method","headers","body","then","res","json","parse"],"sourceRoot":"../../../../../src","sources":["credential/presentation/v1.3.3/07-send-authorization-response.ts"],"mappings":"AAAA,SACEA,2BAA2B,IAAIC,8BAA8B,EAC7DC,0BAA0B,IAAIC,6BAA6B,QACtD,0BAA0B;AAEjC,SAASC,gBAAgB,QAAQ,0BAA0B;AAC3D,SAASC,gCAAgC,QAAQ,kBAAkB;AACnE,SACEC,gCAAgC,EAChCC,gBAAgB,QACX,qBAAqB;AAC5B,SACEC,aAAa,EACbC,yBAAyB,QACpB,uBAAuB;AAC9B,SAASC,qBAAqB,QAAQ,SAAS;AAC/C,SAASC,mBAAmB,QAAQ,sBAAsB;AAC1D,SAASC,cAAc,QAAQ,iBAAiB;AAChD,SAASC,sBAAsB,QAAQ,uBAAuB;AAC9D,SAASC,kBAAkB,QAAQ,eAAe;;AAElD;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,OAAO,MAAMC,0BAA+E,GAC1F,MAAAA,CAAOC,WAAW,EAAEC,iBAAiB,KAAK;EACxC;EACA,MAAMC,cAAc,GAAGZ,gCAAgC,CAAC,EAAE,CAAC;EAE3D,MAAMa,aAAa,GAAG,MAAMC,OAAO,CAACC,GAAG,CACrCL,WAAW,CAACM,GAAG,CAAC,MAAOC,IAAI,IAAK;IAC9B,MAAM;MAAEC;IAAO,CAAC,GAAGD,IAAI;IAEvB,IAAIC,MAAM,KAAK,WAAW,EAAE;MAC1B,MAAM;QAAEC;MAAS,CAAC,GAAG,MAAMb,cAAc,CACvCK,iBAAiB,CAACS,KAAK,EACvBT,iBAAiB,CAACU,QAAQ,EAC1B,CACEJ,IAAI,CAACK,UAAU,EACfL,IAAI,CAACM,iBAAiB,EACtBhB,sBAAsB,CAACU,IAAI,CAACO,MAAM,CAAC,CAEvC,CAAC;MAED,OAAO;QACLC,eAAe,EAAER,IAAI,CAACS,mBAAmB,CAACV,GAAG,CAACW,IAAA;UAAA,IAAC;YAAEC;UAAK,CAAC,GAAAD,IAAA;UAAA,OAAKC,IAAI;QAAA,EAAC;QACjEC,YAAY,EAAEZ,IAAI,CAACa,EAAE;QACrBC,OAAO,EAAEZ,QAAQ;QACjBD;MACF,CAAC;IACH;IAEA,IAAIA,MAAM,KAAK,UAAU,EAAE;MACzB,MAAM;QAAEC;MAAS,CAAC,GAAG,MAAMX,kBAAkB,CAC3CG,iBAAiB,CAACS,KAAK,EACvBR,cAAc,EACdD,iBAAiB,CAACU,QAAQ,EAC1BV,iBAAiB,CAACqB,WAAW,EAC7Bf,IAAI,CAACgB,OAAO,EACZhB,IAAI,CAACO,MAAM,EACX,CACEP,IAAI,CAACK,UAAU,EACfL,IAAI,CAACM,iBAAiB,EACtBhB,sBAAsB,CAACU,IAAI,CAACO,MAAM,CAAC,CAEvC,CAAC;MAED,OAAO;QACLC,eAAe,EAAER,IAAI,CAACS,mBAAmB,CAACV,GAAG,CAACkB,KAAA;UAAA,IAAC;YAAEN;UAAK,CAAC,GAAAM,KAAA;UAAA,OAAKN,IAAI;QAAA,EAAC;QACjEC,YAAY,EAAEZ,IAAI,CAACa,EAAE;QACrBC,OAAO,EAAEZ,QAAQ;QACjBD,MAAM,EAAE;MACV,CAAC;IACH;IAEA,MAAM,IAAIhB,aAAa,CAAE,GAAEgB,MAAO,2BAA0B,CAAC;EAC/D,CAAC,CACH,CAAC;EAED,OAAO;IACLL,aAAa;IACbD;EACF,CAAC;AACH,CAAC;AAEH,OAAO,MAAMuB,yBAA6E,GACxF,eAAAA,CACEC,aAAa,EACbC,kBAAkB,EAClBC,MAAM,EAEH;EAAA,IADH;IAAEC,QAAQ,GAAGC;EAAM,CAAC,GAAAC,SAAA,CAAAC,MAAA,QAAAD,SAAA,QAAAE,SAAA,GAAAF,SAAA,MAAG,CAAC,CAAC;EAEzB,IAAI;IACF,IAAI,CAACH,MAAM,IAAI,CAACF,aAAa,CAACQ,eAAe,EAAE;MAC7C,MAAM,IAAI1C,aAAa,CACrB,6GACF,CAAC;IACH;;IAEA;IACA;IACA,MAAM2C,MAAM,GAAG;MACbC,IAAI,EAAE,CAAAR,MAAM,aAANA,MAAM,uBAANA,MAAM,CAAEQ,IAAI,KAAIV,aAAa,CAACQ,eAAe,CAAEE,IAAI;MACzDC,uCAAuC,EACrC,CAAAT,MAAM,aAANA,MAAM,uBAANA,MAAM,CAAES,uCAAuC,KAC/CX,aAAa,CAACQ,eAAe,CAC1BG;IACP,CAAC;IAED,MAAM5B,QAAQ,GAAGkB,kBAAkB,CAACxB,aAAa,CAACmC,MAAM,CACtD,CAACC,GAAG,EAAEC,CAAC,KAAK;MACV,CAACD,GAAG,CAACC,CAAC,CAACrB,YAAY,CAAC,KAAK,EAAE,EAAEsB,IAAI,CAACD,CAAC,CAACnB,OAAO,CAAC;MAC5C,OAAOkB,GAAG;IACZ,CAAC,EACD,CAAC,CACH,CAAC;IAED,MAAM;MAAEG;IAAK,CAAC,GAAG,MAAMzD,8BAA8B,CAAC;MACpDyC,aAAa;MACbS,MAAM;MACN1B,QAAQ;MACRkC,SAAS,EAAE;QACTC,UAAU,EAAExD,gBAAgB,CAACwD,UAAU;QACvCC,cAAc,EAAEzD,gBAAgB,CAACyD;MACnC;IACF,CAAC,CAAC;IAEF,OAAO,MAAM1D,6BAA6B,CAAC;MACzC2D,yBAAyB,EAAEJ,IAAI,CAACK,WAAW;MAC3CC,uBAAuB,EAAEtB,aAAa,CAACuB,YAAY;MACnDN,SAAS,EAAE;QAAEb,KAAK,EAAED;MAAS;IAC/B,CAAC,CAAC;EACJ,CAAC,CAAC,OAAOqB,GAAG,EAAE;IACZ,MAAM7D,gCAAgC,CAAC6D,GAAG,CAAC;EAC7C;AACF,CAAC;AAEH,OAAO,MAAMC,8BAAuF,GAClG,eAAAA,CACEzB,aAAa,EAAA0B,KAAA,EAGV;EAAA,IAFH;IAAEC,KAAK;IAAEC;EAAiB,CAAC,GAAAF,KAAA;EAAA,IAC3B;IAAEvB,QAAQ,GAAGC;EAAM,CAAC,GAAAC,SAAA,CAAAC,MAAA,QAAAD,SAAA,QAAAE,SAAA,GAAAF,SAAA,MAAG,CAAC,CAAC;EAEzB,MAAMwB,WAAW,GAAG,MAAM5D,mBAAmB,CAAC+B,aAAa,EAAE;IAC3D2B,KAAK;IACLG,iBAAiB,EAAEF;EACrB,CAAC,CAAC;EAEF,OAAO,MAAMzB,QAAQ,CAACH,aAAa,CAACuB,YAAY,EAAE;IAChDQ,MAAM,EAAE,MAAM;IACdC,OAAO,EAAE;MACP,cAAc,EAAE;IAClB,CAAC;IACDC,IAAI,EAAEJ;EACR,CAAC,CAAC,CACCK,IAAI,CAACrE,gBAAgB,CAAC,GAAG,EAAEE,yBAAyB,CAAC,CAAC,CACtDmE,IAAI,CAAEC,GAAG,IAAKA,GAAG,CAACC,IAAI,CAAC,CAAC,CAAC,CACzBF,IAAI,CAAClE,qBAAqB,CAACqE,KAAK,CAAC;AACtC,CAAC"}

package/lib/module/credential/presentation/v1.3.3/mappers.js

@@ -1,24 +1,36 @@
 import { createMapper } from "../../../utils/mappers";
-export const mapToRelyingPartyConfig = createMapper(x => {
+export const mapToRelyingPartyConfig = createMapper(_ref => {
+  let {
+    payload
+  } = _ref;
   const {
     federation_entity,
     openid_credential_verifier
-  } = x.payload.metadata;
+  } = payload.metadata;
   return {
-    subject: x.payload.sub,
+    subject: payload.sub,
     jwks: openid_credential_verifier.jwks,
     federation_entity,
     encrypted_response_enc_values_supported: openid_credential_verifier.encrypted_response_enc_values_supported
   };
 });
-export const mapToRequestObject = createMapper(x => ({
-  iss: x.iss,
-  client_id: x.client_id,
-  dcql_query: x.dcql_query,
-  nonce: x.nonce,
-  response_uri: x.response_uri,
-  state: x.state,
-  response_mode: x.response_mode,
-  response_type: x.response_type
-}));
+export const mapToRequestObject = createMapper(_ref2 => {
+  let {
+    payload,
+    header
+  } = _ref2;
+  return {
+    iss: payload.iss,
+    client_id: payload.client_id,
+    dcql_query: payload.dcql_query,
+    nonce: payload.nonce,
+    response_uri: payload.response_uri,
+    state: payload.state,
+    response_mode: payload.response_mode,
+    response_type: payload.response_type,
+    client_metadata: payload.client_metadata,
+    x5c: header.x5c,
+    trust_chain: header.trust_chain
+  };
+});
 //# sourceMappingURL=mappers.js.map

package/lib/module/credential/presentation/v1.3.3/mappers.js.map

@@ -1 +1 @@
-{"version":3,"names":["createMapper","mapToRelyingPartyConfig","x","federation_entity","openid_credential_verifier","payload","metadata","subject","sub","jwks","encrypted_response_enc_values_supported","mapToRequestObject","iss","client_id","dcql_query","nonce","response_uri","state","response_mode","response_type"],"sourceRoot":"../../../../../src","sources":["credential/presentation/v1.3.3/mappers.ts"],"mappings":"AACA,SAASA,YAAY,QAAQ,wBAAwB;AAKrD,OAAO,MAAMC,uBAAuB,GAAGD,YAAY,CAGhDE,CAAC,IAAK;EACP,MAAM;IAAEC,iBAAiB;IAAEC;EAA2B,CAAC,GAAGF,CAAC,CAACG,OAAO,CAACC,QAAQ;EAE5E,OAAO;IACLC,OAAO,EAAEL,CAAC,CAACG,OAAO,CAACG,GAAG;IACtBC,IAAI,EAAEL,0BAA0B,CAACK,IAAI;IACrCN,iBAAiB;IACjBO,uCAAuC,EACrCN,0BAA0B,CAACM;EAC/B,CAAC;AACH,CAAC,CAAC;AAEF,OAAO,MAAMC,kBAAkB,GAAGX,YAAY,CAG3CE,CAAC,KAAM;EACRU,GAAG,EAAEV,CAAC,CAACU,GAAG;EACVC,SAAS,EAAEX,CAAC,CAACW,SAAS;EACtBC,UAAU,EAAEZ,CAAC,CAACY,UAAU;EACxBC,KAAK,EAAEb,CAAC,CAACa,KAAK;EACdC,YAAY,EAAEd,CAAC,CAACc,YAAY;EAC5BC,KAAK,EAAEf,CAAC,CAACe,KAAK;EACdC,aAAa,EAAEhB,CAAC,CAACgB,aAAa;EAC9BC,aAAa,EAAEjB,CAAC,CAACiB;AACnB,CAAC,CAAC,CAAC"}
+{"version":3,"names":["createMapper","mapToRelyingPartyConfig","_ref","payload","federation_entity","openid_credential_verifier","metadata","subject","sub","jwks","encrypted_response_enc_values_supported","mapToRequestObject","_ref2","header","iss","client_id","dcql_query","nonce","response_uri","state","response_mode","response_type","client_metadata","x5c","trust_chain"],"sourceRoot":"../../../../../src","sources":["credential/presentation/v1.3.3/mappers.ts"],"mappings":"AACA,SAASA,YAAY,QAAQ,wBAAwB;AAKrD,OAAO,MAAMC,uBAAuB,GAAGD,YAAY,CAGjDE,IAAA,IAAiB;EAAA,IAAhB;IAAEC;EAAQ,CAAC,GAAAD,IAAA;EACZ,MAAM;IAAEE,iBAAiB;IAAEC;EAA2B,CAAC,GAAGF,OAAO,CAACG,QAAQ;EAE1E,OAAO;IACLC,OAAO,EAAEJ,OAAO,CAACK,GAAG;IACpBC,IAAI,EAAEJ,0BAA0B,CAACI,IAAI;IACrCL,iBAAiB;IACjBM,uCAAuC,EACrCL,0BAA0B,CAACK;EAC/B,CAAC;AACH,CAAC,CAAC;AAEF,OAAO,MAAMC,kBAAkB,GAAGX,YAAY,CAC5CY,KAAA;EAAA,IAAC;IAAET,OAAO;IAAEU;EAAO,CAAC,GAAAD,KAAA;EAAA,OAAM;IACxBE,GAAG,EAAEX,OAAO,CAACW,GAAG;IAChBC,SAAS,EAAEZ,OAAO,CAACY,SAAS;IAC5BC,UAAU,EAAEb,OAAO,CAACa,UAAU;IAC9BC,KAAK,EAAEd,OAAO,CAACc,KAAK;IACpBC,YAAY,EAAEf,OAAO,CAACe,YAAY;IAClCC,KAAK,EAAEhB,OAAO,CAACgB,KAAK;IACpBC,aAAa,EAAEjB,OAAO,CAACiB,aAAa;IACpCC,aAAa,EAAElB,OAAO,CAACkB,aAAa;IACpCC,eAAe,EAAEnB,OAAO,CAACmB,eAAe;IACxCC,GAAG,EAAEV,MAAM,CAACU,GAAG;IACfC,WAAW,EAAEX,MAAM,CAACW;EACtB,CAAC;AAAA,CACH,CAAC"}

package/lib/module/credential/presentation/v1.3.3/types.js

@@ -1,6 +1,9 @@
 import * as z from "zod";
-import { zOpenid4vpAuthorizationRequestPayload as sdkRequestObjectPayload } from "@pagopa/io-wallet-oid4vp";
-export const RequestObjectPayload = sdkRequestObjectPayload;
+import { zOpenid4vpAuthorizationRequestHeaderV1_3, zOpenid4vpAuthorizationRequestPayload } from "@pagopa/io-wallet-oid4vp";
+export const RawRequestObject = z.object({
+  header: zOpenid4vpAuthorizationRequestHeaderV1_3,
+  payload: zOpenid4vpAuthorizationRequestPayload
+});
 export const AuthorizationResponse = z.object({
   status: z.string().optional(),
   response_code: z.string().optional(),

package/lib/module/credential/presentation/v1.3.3/types.js.map

@@ -1 +1 @@
-{"version":3,"names":["z","zOpenid4vpAuthorizationRequestPayload","sdkRequestObjectPayload","RequestObjectPayload","AuthorizationResponse","object","status","string","optional","response_code","redirect_uri"],"sourceRoot":"../../../../../src","sources":["credential/presentation/v1.3.3/types.ts"],"mappings":"AAAA,OAAO,KAAKA,CAAC,MAAM,KAAK;AACxB,SAASC,qCAAqC,IAAIC,uBAAuB,QAAQ,0BAA0B;AAG3G,OAAO,MAAMC,oBAAoB,GAAGD,uBAAuB;AAG3D,OAAO,MAAME,qBAAqB,GAAGJ,CAAC,CAACK,MAAM,CAAC;EAC5CC,MAAM,EAAEN,CAAC,CAACO,MAAM,CAAC,CAAC,CAACC,QAAQ,CAAC,CAAC;EAC7BC,aAAa,EAAET,CAAC,CAACO,MAAM,CAAC,CAAC,CAACC,QAAQ,CAAC,CAAC;EACpCE,YAAY,EAAEV,CAAC,CAACO,MAAM,CAAC,CAAC,CAACC,QAAQ,CAAC;AACpC,CAAC,CAAC"}
+{"version":3,"names":["z","zOpenid4vpAuthorizationRequestHeaderV1_3","zOpenid4vpAuthorizationRequestPayload","RawRequestObject","object","header","payload","AuthorizationResponse","status","string","optional","response_code","redirect_uri"],"sourceRoot":"../../../../../src","sources":["credential/presentation/v1.3.3/types.ts"],"mappings":"AAAA,OAAO,KAAKA,CAAC,MAAM,KAAK;AACxB,SACEC,wCAAwC,EACxCC,qCAAqC,QAChC,0BAA0B;AAGjC,OAAO,MAAMC,gBAAgB,GAAGH,CAAC,CAACI,MAAM,CAAC;EACvCC,MAAM,EAAEJ,wCAAwC;EAChDK,OAAO,EAAEJ;AACX,CAAC,CAAC;AAGF,OAAO,MAAMK,qBAAqB,GAAGP,CAAC,CAACI,MAAM,CAAC;EAC5CI,MAAM,EAAER,CAAC,CAACS,MAAM,CAAC,CAAC,CAACC,QAAQ,CAAC,CAAC;EAC7BC,aAAa,EAAEX,CAAC,CAACS,MAAM,CAAC,CAAC,CAACC,QAAQ,CAAC,CAAC;EACpCE,YAAY,EAAEZ,CAAC,CAACS,MAAM,CAAC,CAAC,CAACC,QAAQ,CAAC;AACpC,CAAC,CAAC"}

package/lib/module/credential/status/README.md

@@ -111,15 +111,16 @@ const res = await wallet.CredentialStatus.statusList.get(
 );
 
 // Verify and parse the status list response to get the credential status
-const { status } =
+const { status, statusBit } =
   await wallet.CredentialStatus.statusList.verifyAndParse(
-    issuerConf,
+    issuerConf.keys,
     res
   );
 
 return {
   statusList: res.statusList,
   status,
+  statusBit,
 };
 ```
 

package/lib/module/credential/status/v1.3.3/01-status-list.js

@@ -1,4 +1,5 @@
 import { CBOR } from "@pagopa/io-react-native-iso18013";
+import { decode as decodeJwt } from "@pagopa/io-react-native-jwt";
 import { getStatusListFromJWT } from "@sd-jwt/jwt-status-list";
 import { IoWalletError } from "../../../utils/errors";
 import { hasStatusOrThrow } from "../../../utils/misc";
@@ -26,11 +27,32 @@ export const getStatusList = async function (credential, format) {
     uri,
     idx
   } = await getStatusListEntry(credential, format);
-  const statusList = await appFetch(uri, {
-    headers: {
-      Accept: "application/statuslist+jwt"
-    }
-  }).then(hasStatusOrThrow(200)).then(response => response.text());
+  const fetchStatusList = function () {
+    let options = arguments.length > 0 && arguments[0] !== undefined ? arguments[0] : {};
+    return appFetch(uri, {
+      headers: {
+        Accept: "application/statuslist+jwt",
+        ...(options.cacheDisabled && {
+          "Cache-Control": "no-cache"
+        })
+      }
+    }).then(hasStatusOrThrow(200)).then(response => response.text());
+  };
+
+  // When the HTTP response includes cache headers, fetch will return a cached response and the JWT might be expired
+  let statusList = await fetchStatusList();
+  const decoded = decodeJwt(statusList);
+  const {
+    exp
+  } = decoded.payload;
+
+  // If the status list JWT is expired, try to fetch it again bypassing the HTTP cache.
+  // If it is still expired after the refetch, `verifyAndParseStatusList` will throw.
+  if (exp && exp < Math.floor(Date.now() / 1000)) {
+    statusList = await fetchStatusList({
+      cacheDisabled: true
+    });
+  }
   return {
     statusList,
     uri,

package/lib/module/credential/status/v1.3.3/01-status-list.js.map

@@ -1 +1 @@
-{"version":3,"names":["CBOR","getStatusListFromJWT","IoWalletError","hasStatusOrThrow","getStatusListEntry","credential","format","statusListEntry","_decoded$issuerAuth","decoded","decode","issuerAuth","payload","status","status_list","getStatusList","appFetch","fetch","arguments","length","undefined","uri","idx","statusList","headers","Accept","then","response","text"],"sourceRoot":"../../../../../src","sources":["credential/status/v1.3.3/01-status-list.ts"],"mappings":"AAAA,SAASA,IAAI,QAAQ,kCAAkC;AACvD,SACEC,oBAAoB,QAEf,yBAAyB;AAChC,SAASC,aAAa,QAAQ,uBAAuB;AACrD,SAASC,gBAAgB,QAAQ,qBAAqB;AAItD,MAAMC,kBAAkB,GAAG,MAAAA,CACzBC,UAAkB,EAClBC,MAAwB,KACK;EAC7B,IAAIC,eAA4C;EAEhD,IAAID,MAAM,KAAK,UAAU,EAAE;IAAA,IAAAE,mBAAA;IACzB;IACA,MAAMC,OAAO,GAAG,MAAMT,IAAI,CAACU,MAAM,CAACL,UAAU,CAAC;IAC7CE,eAAe,IAAAC,mBAAA,GAAGC,OAAO,CAACE,UAAU,cAAAH,mBAAA,gBAAAA,mBAAA,GAAlBA,mBAAA,CAAoBI,OAAO,cAAAJ,mBAAA,gBAAAA,mBAAA,GAA3BA,mBAAA,CAA6BK,MAAM,cAAAL,mBAAA,uBAAnCA,mBAAA,CAAqCM,WAAW;EACpE;EAEA,IAAIR,MAAM,KAAK,WAAW,EAAE;IAC1BC,eAAe,GAAGN,oBAAoB,CAACI,UAAU,CAAC;EACpD;EAEA,IAAI,CAACE,eAAe,EAAE;IACpB,MAAM,IAAIL,aAAa,CAAC,+CAA+C,CAAC;EAC1E;EAEA,OAAOK,eAAe;AACxB,CAAC;AAED,OAAO,MAAMQ,aAAmC,GAAG,eAAAA,CACjDV,UAAU,EACVC,MAAM,EAEH;EAAA,IADH;IAAEU,QAAQ,GAAGC;EAAM,CAAC,GAAAC,SAAA,CAAAC,MAAA,QAAAD,SAAA,QAAAE,SAAA,GAAAF,SAAA,MAAG,CAAC,CAAC;EAEzB,MAAM;IAAEG,GAAG;IAAEC;EAAI,CAAC,GAAG,MAAMlB,kBAAkB,CAACC,UAAU,EAAEC,MAAM,CAAC;EAEjE,MAAMiB,UAAU,GAAG,MAAMP,QAAQ,CAACK,GAAG,EAAE;IACrCG,OAAO,EAAE;MACPC,MAAM,EAAE;IACV;EACF,CAAC,CAAC,CACCC,IAAI,CAACvB,gBAAgB,CAAC,GAAG,CAAC,CAAC,CAC3BuB,IAAI,CAAEC,QAAQ,IAAKA,QAAQ,CAACC,IAAI,CAAC,CAAC,CAAC;EAEtC,OAAO;IAAEL,UAAU;IAAEF,GAAG;IAAEC,GAAG;IAAEhB,MAAM,EAAE;EAAM,CAAC;AAChD,CAAC"}
+{"version":3,"names":["CBOR","decode","decodeJwt","getStatusListFromJWT","IoWalletError","hasStatusOrThrow","getStatusListEntry","credential","format","statusListEntry","_decoded$issuerAuth","decoded","issuerAuth","payload","status","status_list","getStatusList","appFetch","fetch","arguments","length","undefined","uri","idx","fetchStatusList","options","headers","Accept","cacheDisabled","then","response","text","statusList","exp","Math","floor","Date","now"],"sourceRoot":"../../../../../src","sources":["credential/status/v1.3.3/01-status-list.ts"],"mappings":"AAAA,SAASA,IAAI,QAAQ,kCAAkC;AACvD,SAASC,MAAM,IAAIC,SAAS,QAAQ,6BAA6B;AACjE,SACEC,oBAAoB,QAEf,yBAAyB;AAChC,SAASC,aAAa,QAAQ,uBAAuB;AACrD,SAASC,gBAAgB,QAAQ,qBAAqB;AAItD,MAAMC,kBAAkB,GAAG,MAAAA,CACzBC,UAAkB,EAClBC,MAAwB,KACK;EAC7B,IAAIC,eAA4C;EAEhD,IAAID,MAAM,KAAK,UAAU,EAAE;IAAA,IAAAE,mBAAA;IACzB;IACA,MAAMC,OAAO,GAAG,MAAMX,IAAI,CAACC,MAAM,CAACM,UAAU,CAAC;IAC7CE,eAAe,IAAAC,mBAAA,GAAGC,OAAO,CAACC,UAAU,cAAAF,mBAAA,gBAAAA,mBAAA,GAAlBA,mBAAA,CAAoBG,OAAO,cAAAH,mBAAA,gBAAAA,mBAAA,GAA3BA,mBAAA,CAA6BI,MAAM,cAAAJ,mBAAA,uBAAnCA,mBAAA,CAAqCK,WAAW;EACpE;EAEA,IAAIP,MAAM,KAAK,WAAW,EAAE;IAC1BC,eAAe,GAAGN,oBAAoB,CAACI,UAAU,CAAC;EACpD;EAEA,IAAI,CAACE,eAAe,EAAE;IACpB,MAAM,IAAIL,aAAa,CAAC,+CAA+C,CAAC;EAC1E;EAEA,OAAOK,eAAe;AACxB,CAAC;AAED,OAAO,MAAMO,aAAmC,GAAG,eAAAA,CACjDT,UAAU,EACVC,MAAM,EAEH;EAAA,IADH;IAAES,QAAQ,GAAGC;EAAM,CAAC,GAAAC,SAAA,CAAAC,MAAA,QAAAD,SAAA,QAAAE,SAAA,GAAAF,SAAA,MAAG,CAAC,CAAC;EAEzB,MAAM;IAAEG,GAAG;IAAEC;EAAI,CAAC,GAAG,MAAMjB,kBAAkB,CAACC,UAAU,EAAEC,MAAM,CAAC;EAEjE,MAAMgB,eAAe,GAAG,SAAAA,CAAA;IAAA,IAACC,OAAoC,GAAAN,SAAA,CAAAC,MAAA,QAAAD,SAAA,QAAAE,SAAA,GAAAF,SAAA,MAAG,CAAC,CAAC;IAAA,OAChEF,QAAQ,CAACK,GAAG,EAAE;MACZI,OAAO,EAAE;QACPC,MAAM,EAAE,4BAA4B;QACpC,IAAIF,OAAO,CAACG,aAAa,IAAI;UAAE,eAAe,EAAE;QAAW,CAAC;MAC9D;IACF,CAAC,CAAC,CACCC,IAAI,CAACxB,gBAAgB,CAAC,GAAG,CAAC,CAAC,CAC3BwB,IAAI,CAAEC,QAAQ,IAAKA,QAAQ,CAACC,IAAI,CAAC,CAAC,CAAC;EAAA;;EAExC;EACA,IAAIC,UAAU,GAAG,MAAMR,eAAe,CAAC,CAAC;EACxC,MAAMb,OAAO,GAAGT,SAAS,CAAC8B,UAAU,CAAC;EAErC,MAAM;IAAEC;EAAI,CAAC,GAAGtB,OAAO,CAACE,OAAO;;EAE/B;EACA;EACA,IAAIoB,GAAG,IAAIA,GAAG,GAAGC,IAAI,CAACC,KAAK,CAACC,IAAI,CAACC,GAAG,CAAC,CAAC,GAAG,IAAI,CAAC,EAAE;IAC9CL,UAAU,GAAG,MAAMR,eAAe,CAAC;MAAEI,aAAa,EAAE;IAAK,CAAC,CAAC;EAC7D;EACA,OAAO;IAAEI,UAAU;IAAEV,GAAG;IAAEC,GAAG;IAAEf,MAAM,EAAE;EAAM,CAAC;AAChD,CAAC"}