@sd-jwt/core 0.1.0

package/build/sdJwt/presentationFrame.js

@@ -0,0 +1,73 @@
+"use strict";
+var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) {
+    function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }
+    return new (P || (P = Promise))(function (resolve, reject) {
+        function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } }
+        function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } }
+        function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); }
+        step((generator = generator.apply(thisArg, _arguments || [])).next());
+    });
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.getDisclosuresForPresentationFrame = void 0;
+const utils_1 = require("../utils");
+const error_1 = require("./error");
+const disclosureMapping_1 = require("./disclosureMapping");
+const getDisclosuresForPresentationFrame = (signedPayload, presentationFrame, prettyClaims, hasher, disclosures = []) => __awaiter(void 0, void 0, void 0, function* () {
+    const requiredDisclosureDigests = new Set();
+    const disclosureMap = yield (0, disclosureMapping_1.getDisclosureMap)(disclosures, hasher);
+    const payloadDisclosureMapping = (0, disclosureMapping_1.getPayloadDisclosureMapping)(signedPayload, disclosureMap);
+    // No disclosures needed
+    if (payloadDisclosureMapping === null) {
+        if (disclosures.length > 0) {
+            throw new error_1.SdJwtError('Payload disclosure mapping is null, but disclosures are present.');
+        }
+        return [];
+    }
+    for (const node of (0, utils_1.traverseNodes)(presentationFrame)) {
+        // We only want to process leaf nodes here
+        if (!node.isLeaf)
+            continue;
+        if (typeof node.value !== 'boolean') {
+            throw new error_1.SdJwtError(`Expected leaf value in presentation frame to be of type boolean, but found ${typeof node.value}`);
+        }
+        // If the value is false, it means we don't want to disclose it
+        if (node.value === false)
+            continue;
+        if (!(0, utils_1.hasByPath)(prettyClaims, node.path)) {
+            throw new error_1.SdJwtError(`Path ${node.path.join('.')} from presentation frame is not present in pretty SD-JWT payload. The presentation frame may only include properties that are present in the SD-JWT payload.`);
+        }
+        let path = [...node.path];
+        while (!(0, utils_1.hasByPath)(payloadDisclosureMapping, path)) {
+            if (path.pop() === undefined)
+                break;
+        }
+        // There are no disclosures on this path, meaning the property is disclosed by default in the signed payload
+        if (path.length === 0)
+            continue;
+        const disclosure = (0, utils_1.getByPath)(payloadDisclosureMapping, path);
+        // If disclosure is string, it means it's already the digest
+        if (typeof disclosure === 'string')
+            requiredDisclosureDigests.add(disclosure);
+        // Otherwise we want to get all the child digests as well
+        else {
+            for (const nestedItem of (0, utils_1.traverseNodes)(disclosure)) {
+                if (!nestedItem.isLeaf ||
+                    typeof nestedItem.value !== 'string') {
+                    continue;
+                }
+                requiredDisclosureDigests.add(nestedItem.value);
+            }
+        }
+    }
+    for (const disclosureDigest of requiredDisclosureDigests.values()) {
+        const disclosure = disclosureMap[disclosureDigest];
+        if (!disclosure) {
+            throw new Error('disclosure not found');
+        }
+        yield Promise.all(disclosure.parentDisclosures.map((d) => __awaiter(void 0, void 0, void 0, function* () { return requiredDisclosureDigests.add(yield d.digest(hasher)); })));
+    }
+    return Array.from(requiredDisclosureDigests).map((digest) => disclosureMap[digest].disclosure);
+});
+exports.getDisclosuresForPresentationFrame = getDisclosuresForPresentationFrame;
+//# sourceMappingURL=presentationFrame.js.map

package/build/sdJwt/presentationFrame.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"presentationFrame.js","sourceRoot":"","sources":["../../src/sdJwt/presentationFrame.ts"],"names":[],"mappings":";;;;;;;;;;;;AAAA,oCAA8D;AAE9D,mCAAoC;AAGpC,2DAG4B;AAErB,MAAM,kCAAkC,GAAG,CAG9C,aAAsB,EACtB,iBAA6C,EAC7C,YAAqB,EACrB,MAAc,EACd,cAAiC,EAAE,EACT,EAAE;IAC5B,MAAM,yBAAyB,GAAG,IAAI,GAAG,EAAU,CAAA;IACnD,MAAM,aAAa,GAAG,MAAM,IAAA,oCAAgB,EAAC,WAAW,EAAE,MAAM,CAAC,CAAA;IACjE,MAAM,wBAAwB,GAAG,IAAA,+CAA2B,EACxD,aAAa,EACb,aAAa,CAChB,CAAA;IAED,wBAAwB;IACxB,IAAI,wBAAwB,KAAK,IAAI,EAAE,CAAC;QACpC,IAAI,WAAW,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YACzB,MAAM,IAAI,kBAAU,CAChB,kEAAkE,CACrE,CAAA;QACL,CAAC;QAED,OAAO,EAAE,CAAA;IACb,CAAC;IAED,KAAK,MAAM,IAAI,IAAI,IAAA,qBAAa,EAAC,iBAAiB,CAAC,EAAE,CAAC;QAClD,0CAA0C;QAC1C,IAAI,CAAC,IAAI,CAAC,MAAM;YAAE,SAAQ;QAE1B,IAAI,OAAO,IAAI,CAAC,KAAK,KAAK,SAAS,EAAE,CAAC;YAClC,MAAM,IAAI,kBAAU,CAChB,8EAA8E,OAAO,IAAI,CAAC,KAAK,EAAE,CACpG,CAAA;QACL,CAAC;QAED,+DAA+D;QAC/D,IAAI,IAAI,CAAC,KAAK,KAAK,KAAK;YAAE,SAAQ;QAElC,IAAI,CAAC,IAAA,iBAAS,EAAC,YAAY,EAAE,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC;YACtC,MAAM,IAAI,kBAAU,CAChB,QAAQ,IAAI,CAAC,IAAI,CAAC,IAAI,CAClB,GAAG,CACN,8JAA8J,CAClK,CAAA;QACL,CAAC;QAED,IAAI,IAAI,GAAG,CAAC,GAAG,IAAI,CAAC,IAAI,CAAC,CAAA;QACzB,OAAO,CAAC,IAAA,iBAAS,EAAC,wBAAwB,EAAE,IAAI,CAAC,EAAE,CAAC;YAChD,IAAI,IAAI,CAAC,GAAG,EAAE,KAAK,SAAS;gBAAE,MAAK;QACvC,CAAC;QAED,4GAA4G;QAC5G,IAAI,IAAI,CAAC,MAAM,KAAK,CAAC;YAAE,SAAQ;QAE/B,MAAM,UAAU,GAAG,IAAA,iBAAS,EAAC,wBAAwB,EAAE,IAAI,CAAC,CAAA;QAC5D,4DAA4D;QAC5D,IAAI,OAAO,UAAU,KAAK,QAAQ;YAC9B,yBAAyB,CAAC,GAAG,CAAC,UAAU,CAAC,CAAA;QAC7C,yDAAyD;aACpD,CAAC;YACF,KAAK,MAAM,UAAU,IAAI,IAAA,qBAAa,EAAC,UAAU,CAAC,EAAE,CAAC;gBACjD,IACI,CAAC,UAAU,CAAC,MAAM;oBAClB,OAAO,UAAU,CAAC,KAAK,KAAK,QAAQ,EACtC,CAAC;oBACC,SAAQ;gBACZ,CAAC;gBACD,yBAAyB,CAAC,GAAG,CAAC,UAAU,CAAC,KAAK,CAAC,CAAA;YACnD,CAAC;QACL,CAAC;IACL,CAAC;IAED,KAAK,MAAM,gBAAgB,IAAI,yBAAyB,CAAC,MAAM,EAAE,EAAE,CAAC;QAChE,MAAM,UAAU,GAAG,aAAa,CAAC,gBAAgB,CAAC,CAAA;QAElD,IAAI,CAAC,UAAU,EAAE,CAAC;YACd,MAAM,IAAI,KAAK,CAAC,sBAAsB,CAAC,CAAA;QAC3C,CAAC;QAED,MAAM,OAAO,CAAC,GAAG,CACb,UAAU,CAAC,iBAAiB,CAAC,GAAG,CAAC,CAAO,CAAC,EAAE,EAAE,kDACzC,OAAA,yBAAyB,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC,CAAA,GAAA,CACxD,CACJ,CAAA;IACL,CAAC;IAED,OAAO,KAAK,CAAC,IAAI,CAAC,yBAAyB,CAAC,CAAC,GAAG,CAC5C,CAAC,MAAM,EAAE,EAAE,CAAC,aAAa,CAAC,MAAM,CAAC,CAAC,UAAU,CAC/C,CAAA;AACL,CAAC,CAAA,CAAA;AA3FY,QAAA,kCAAkC,sCA2F9C"}

package/build/sdJwt/sdJwt.d.ts

@@ -0,0 +1,204 @@
+import { DisclosureFrame, HasherAndAlgorithm, SaltGenerator, Verifier } from '../types';
+import { Jwt, JwtAdditionalOptions, JwtVerificationResult } from '../jwt/jwt';
+import { KeyBinding } from '../keyBinding';
+import { ReturnSdJwtWithHeaderAndPayload, ReturnSdJwtWithKeyBinding, ReturnSdJwtWithPayload } from './types';
+import { Disclosure } from './disclosures';
+import { HasherAlgorithm } from '../hasherAlgorithm';
+import { PresentationFrame } from '../types/present';
+export type SdJwtToCompactOptions<DisclosablePayload extends Record<string, unknown>> = {
+    disclosureFrame?: DisclosureFrame<DisclosablePayload>;
+    shouldApplyFrame?: boolean;
+};
+export type SdJwtOptions<Header extends Record<string, unknown>, Payload extends Record<string, unknown>> = {
+    header?: Header;
+    payload?: Payload;
+    signature?: Uint8Array;
+    keyBinding?: KeyBinding;
+    disclosures?: Array<Disclosure>;
+};
+export type SdJwtAdditionalOptions<Payload extends Record<string, unknown>> = JwtAdditionalOptions & {
+    hasherAndAlgorithm?: HasherAndAlgorithm;
+    saltGenerator?: SaltGenerator;
+    disclosureFrame?: DisclosureFrame<Payload>;
+};
+export type SdJwtVerificationResult = JwtVerificationResult & {
+    isKeyBindingValid?: boolean;
+};
+export declare class SdJwt<Header extends Record<string, unknown> = Record<string, unknown>, Payload extends Record<string, unknown> = Record<string, unknown>> extends Jwt<Header, Payload> {
+    disclosures?: Array<Disclosure>;
+    keyBinding?: KeyBinding;
+    private saltGenerator?;
+    private hasherAndAlgorithm?;
+    disclosureFrame?: DisclosureFrame<Payload>;
+    constructor(options?: SdJwtOptions<Header, Payload>, additionalOptions?: SdJwtAdditionalOptions<Payload>);
+    /**
+     *
+     * Create an sd-jwt from a compact format. This will succeed for a normal jwt as well.
+     *
+     */
+    static fromCompact<Header extends Record<string, unknown> = Record<string, unknown>, Payload extends Record<string, unknown> = Record<string, unknown>>(compact: string): ReturnSdJwtWithHeaderAndPayload<Header, Payload, SdJwt<Header, Payload>>;
+    /**
+     *
+     * Add a salt generator.
+     *
+     * Recommended size is 128 bits (i.e. 16 bytes).
+     *
+     * Salts will not be seeded and a new one will be used for each claim.
+     *
+     * @example
+     *
+     * Node.js: `crypto.randomBytes(128 / 8)`
+     *
+     * React Native: `expo-standard-web-crypto`
+     *
+     * Browser: `crypto.getRandomValues(new Uint8Array(128 / 8))`
+     *
+     */
+    withSaltGenerator(saltGenerator: SaltGenerator): this;
+    /**
+     *
+     * Add a hasher that will be used to hash the disclosures.
+     *
+     * @note Make sure to return a base64url encoded version of the hash.
+     *
+     * @example
+     *
+     * Node.js: `createHash('sha256').update(input).digest().toString('base64url')`
+     *
+     */
+    withHasher(hasherAndAlgorithm: HasherAndAlgorithm): ReturnSdJwtWithPayload<Header, Payload, this>;
+    /**
+     *
+     * Adds the algorithm of the hasher to the payload.
+     *
+     * For convience, this also allows you to set the hasher.
+     *
+     * @throws when the hasher and algorithm are not set.
+     *
+     */
+    addHasherAlgorithmToPayload(hasherAndAlgorithm?: HasherAndAlgorithm): ReturnSdJwtWithPayload<Header, Payload, this>;
+    /**
+     *
+     * Set the `KeyBinding` jwt.
+     *
+     * This can be done as a holder to provide proof of possession of key material
+     *
+     */
+    withKeyBinding(keyBinding: Jwt | KeyBinding | string): ReturnSdJwtWithKeyBinding<Header, Payload, this>;
+    /**
+     *
+     * Set the disclosure frame which will be applied via `SdJwt.applyDisclosureFrame` or when `SdJwt.toCompact` is called.
+     *
+     */
+    withDisclosureFrame(disclosureFrame: DisclosureFrame<Payload>): this;
+    /**
+     *
+     * Apply the disclosure frame.
+     *
+     * @throws when the salt generator is not set
+     * @throws when the hasher and algorithm is not set
+     * @throws when the payload is not set
+     * @throws when no disclosure frame is set
+     * @throws when disclosures are included and a signature is set, but no signer is provided `*`
+     * @throws when the disclosure frame is inconsistent with the payload
+     *
+     * * This is done as removing items from the payload alters the signature and it has to be resigned.
+     *
+     */
+    applyDisclosureFrame(): Promise<void>;
+    /**
+     *
+     * Assert that the disclosure frame is set.
+     *
+     */
+    assertDisclosureFrame(): void;
+    /**
+     *
+     * Assert that the salt generator is set.
+     *
+     */
+    private assertSaltGenerator;
+    /**
+     *
+     * Assert that the hasher and algorithm is set.
+     *
+     */
+    private assertHashAndAlgorithm;
+    /**
+     *
+     * Assert that a certain claim is included in the disclosure frame.
+     *
+     * @throws when the disclosure frame is not set
+     *
+     */
+    assertClaimInDisclosureFrame(claimKey: string): void;
+    /**
+     * This function creates a presentation of an SD-JWT, based on the presentation frame. The
+     * presentation frame is similar to the disclosure frame, and allows you to present a subset
+     * of the disclosures.
+     *
+     * If no `presentationFrame` is passed, the entire SD-JWT will be presented.
+     * To create a presentation without any of the disclosures, pass an empty object as the `presentationFrame`.
+     *
+     * @example
+     * The following example will expose `name`, `a.nested`, and `orderItems[0]` and `orderItems[2]`.
+     * Based on the disclosures it will also expose the parent and child disclosures when needed.
+     * E.g. if `a` can only be disclosed as a whole, disclosing `a.nested` will also disclose `a`.
+     * The same is true for child disclosures. If you expose `name`, and it potentially contains recursive
+     * disclosures, all disclosures under name will be disclosed as well.
+     * ```ts
+     * await sdJwt.present({
+     *   name: true,
+     *   a: {
+     *     nested: 'property'
+     *   }
+     *   orderItems: [true, false, true]
+     * })
+     * ```
+     *
+     * @throws when the presentation frame does not match the decoded/pretty payload of the sd-jwt
+     * @throws when the presentation frame contains fields other than object, array or boolean
+     *
+     */
+    present(presentationFrame?: PresentationFrame<Payload>): Promise<string>;
+    /**
+     *
+     * Verify the sd-jwt.
+     *
+     * It validates the following properties:
+     *   - sd-jwt issuer signature
+     *   - Optionally, the required claims
+     *   - The `nbf` and `exp` claims
+     *   - Whether the key binding is valid
+     *
+     */
+    verify(verifier: Verifier<Header>, requiredClaimKeys?: Array<keyof Payload | string>, publicKeyJwk?: Record<string, unknown>): Promise<SdJwtVerificationResult>;
+    /**
+     *
+     * Utility method to check whether the expected hasher algorithm is used.
+     *
+     */
+    checkHasher(expectedHasher: HasherAlgorithm | string): boolean;
+    assertNonSelectivelyDisclosableClaim(claimKey: string): void;
+    assertNonSelectivelyDisclosableClaims(): void;
+    /**
+     *
+     * Return all claims from the payload and the disclosures on their original place.
+     *
+     */
+    getPrettyClaims<Claims extends Record<string, unknown> = Payload>(): Promise<Claims>;
+    /**
+     *
+     * Create a compact format of the sd-jwt.
+     *
+     * This will
+     *   - Apply the disclosure frame
+     *   - Add a signature if there is none
+     *
+     * @throws When the signature and signer are not defined
+     * @throws When a claim is requested to be selectively disclosable, but it was not found in the payload
+     *
+     */
+    toCompact(): Promise<string>;
+    private __toCompact;
+}

package/build/sdJwt/sdJwt.js

@@ -0,0 +1,383 @@
+"use strict";
+var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) {
+    function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }
+    return new (P || (P = Promise))(function (resolve, reject) {
+        function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } }
+        function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } }
+        function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); }
+        step((generator = generator.apply(thisArg, _arguments || [])).next());
+    });
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.SdJwt = void 0;
+const base64url_1 = require("../base64url");
+const error_1 = require("./error");
+const jwt_1 = require("../jwt/jwt");
+const keyBinding_1 = require("../keyBinding");
+const compact_1 = require("./compact");
+const disclosureFrame_1 = require("./disclosureFrame");
+const swapClaim_1 = require("./swapClaim");
+const utils_1 = require("../utils");
+const presentationFrame_1 = require("./presentationFrame");
+class SdJwt extends jwt_1.Jwt {
+    constructor(options, additionalOptions) {
+        super(options, additionalOptions);
+        this.header = options === null || options === void 0 ? void 0 : options.header;
+        this.payload = options === null || options === void 0 ? void 0 : options.payload;
+        this.signature = options === null || options === void 0 ? void 0 : options.signature;
+        this.disclosures = options === null || options === void 0 ? void 0 : options.disclosures;
+        this.keyBinding = options === null || options === void 0 ? void 0 : options.keyBinding;
+        if (additionalOptions === null || additionalOptions === void 0 ? void 0 : additionalOptions.hasherAndAlgorithm) {
+            this.withHasher(additionalOptions.hasherAndAlgorithm);
+        }
+        if (additionalOptions === null || additionalOptions === void 0 ? void 0 : additionalOptions.saltGenerator) {
+            this.withSaltGenerator(additionalOptions.saltGenerator);
+        }
+        if (additionalOptions === null || additionalOptions === void 0 ? void 0 : additionalOptions.disclosureFrame) {
+            this.withDisclosureFrame(additionalOptions.disclosureFrame);
+        }
+        if (additionalOptions === null || additionalOptions === void 0 ? void 0 : additionalOptions.signer) {
+            this.withSigner(additionalOptions.signer);
+        }
+    }
+    /**
+     *
+     * Create an sd-jwt from a compact format. This will succeed for a normal jwt as well.
+     *
+     */
+    static fromCompact(compact) {
+        const { disclosures, keyBinding, signature, payload, header } = (0, compact_1.sdJwtFromCompact)(compact);
+        const sdJwt = new SdJwt({
+            header,
+            payload,
+            signature,
+            disclosures,
+            keyBinding
+        });
+        return sdJwt;
+    }
+    /**
+     *
+     * Add a salt generator.
+     *
+     * Recommended size is 128 bits (i.e. 16 bytes).
+     *
+     * Salts will not be seeded and a new one will be used for each claim.
+     *
+     * @example
+     *
+     * Node.js: `crypto.randomBytes(128 / 8)`
+     *
+     * React Native: `expo-standard-web-crypto`
+     *
+     * Browser: `crypto.getRandomValues(new Uint8Array(128 / 8))`
+     *
+     */
+    withSaltGenerator(saltGenerator) {
+        this.saltGenerator = saltGenerator;
+        return this;
+    }
+    /**
+     *
+     * Add a hasher that will be used to hash the disclosures.
+     *
+     * @note Make sure to return a base64url encoded version of the hash.
+     *
+     * @example
+     *
+     * Node.js: `createHash('sha256').update(input).digest().toString('base64url')`
+     *
+     */
+    withHasher(hasherAndAlgorithm) {
+        this.hasherAndAlgorithm = hasherAndAlgorithm;
+        return this;
+    }
+    /**
+     *
+     * Adds the algorithm of the hasher to the payload.
+     *
+     * For convience, this also allows you to set the hasher.
+     *
+     * @throws when the hasher and algorithm are not set.
+     *
+     */
+    addHasherAlgorithmToPayload(hasherAndAlgorithm) {
+        if (hasherAndAlgorithm)
+            this.withHasher(hasherAndAlgorithm);
+        this.assertHashAndAlgorithm();
+        this.addPayloadClaim('_sd_alg', this.hasherAndAlgorithm.algorithm);
+        return this;
+    }
+    /**
+     *
+     * Set the `KeyBinding` jwt.
+     *
+     * This can be done as a holder to provide proof of possession of key material
+     *
+     */
+    withKeyBinding(keyBinding) {
+        const kb = typeof keyBinding === 'string'
+            ? keyBinding_1.KeyBinding.fromCompact(keyBinding)
+            : keyBinding instanceof keyBinding_1.KeyBinding
+                ? keyBinding
+                : keyBinding_1.KeyBinding.fromJwt(keyBinding);
+        this.keyBinding = kb;
+        return this;
+    }
+    /**
+     *
+     * Set the disclosure frame which will be applied via `SdJwt.applyDisclosureFrame` or when `SdJwt.toCompact` is called.
+     *
+     */
+    withDisclosureFrame(disclosureFrame) {
+        this.disclosureFrame = disclosureFrame;
+        return this;
+    }
+    /**
+     *
+     * Apply the disclosure frame.
+     *
+     * @throws when the salt generator is not set
+     * @throws when the hasher and algorithm is not set
+     * @throws when the payload is not set
+     * @throws when no disclosure frame is set
+     * @throws when disclosures are included and a signature is set, but no signer is provided `*`
+     * @throws when the disclosure frame is inconsistent with the payload
+     *
+     * * This is done as removing items from the payload alters the signature and it has to be resigned.
+     *
+     */
+    applyDisclosureFrame() {
+        return __awaiter(this, void 0, void 0, function* () {
+            this.assertSaltGenerator();
+            this.assertHashAndAlgorithm();
+            this.assertPayload();
+            this.assertDisclosureFrame();
+            if (this.disclosures &&
+                this.disclosures.length > 0 &&
+                this.signature &&
+                !this.signer) {
+                throw new error_1.SdJwtError('Signature is already set by the user when selectively disclosable items still have to be removed. This will invalidate the signature. Try to provide a signer on SdJwt.withSigner and SdJwt.toCompact will call it at the correct time.');
+            }
+            const { payload: framedPayload, disclosures } = yield (0, disclosureFrame_1.applyDisclosureFrame)(this.saltGenerator, this.hasherAndAlgorithm.hasher, this.addHasherAlgorithmToPayload().payload, this.disclosureFrame);
+            this.disclosures = disclosures;
+            this.payload = framedPayload;
+        });
+    }
+    /**
+     *
+     * Assert that the disclosure frame is set.
+     *
+     */
+    assertDisclosureFrame() {
+        if (this.disclosureFrame)
+            return;
+        throw new error_1.SdJwtError('Disclosureframe must be defined');
+    }
+    /**
+     *
+     * Assert that the salt generator is set.
+     *
+     */
+    assertSaltGenerator() {
+        if (!this.saltGenerator) {
+            throw new error_1.SdJwtError('Cannot create a disclosure without a salt generator. You can set it with this.withSaltGenerator()');
+        }
+    }
+    /**
+     *
+     * Assert that the hasher and algorithm is set.
+     *
+     */
+    assertHashAndAlgorithm() {
+        if (!this.hasherAndAlgorithm) {
+            throw new error_1.SdJwtError('A hasher and algorithm must be set in order to create a digest of a disclosure. You can set it with this.withHasherAndAlgorithm()');
+        }
+    }
+    /**
+     *
+     * Assert that a certain claim is included in the disclosure frame.
+     *
+     * @throws when the disclosure frame is not set
+     *
+     */
+    assertClaimInDisclosureFrame(claimKey) {
+        this.assertDisclosureFrame();
+        const value = (0, utils_1.getValueByKeyAnyLevel)(this.disclosureFrame, claimKey);
+        if (!value) {
+            throw new error_1.SdJwtError(`Claim key '${claimKey}' not found in any level of the disclosureFrame`);
+        }
+    }
+    /**
+     * This function creates a presentation of an SD-JWT, based on the presentation frame. The
+     * presentation frame is similar to the disclosure frame, and allows you to present a subset
+     * of the disclosures.
+     *
+     * If no `presentationFrame` is passed, the entire SD-JWT will be presented.
+     * To create a presentation without any of the disclosures, pass an empty object as the `presentationFrame`.
+     *
+     * @example
+     * The following example will expose `name`, `a.nested`, and `orderItems[0]` and `orderItems[2]`.
+     * Based on the disclosures it will also expose the parent and child disclosures when needed.
+     * E.g. if `a` can only be disclosed as a whole, disclosing `a.nested` will also disclose `a`.
+     * The same is true for child disclosures. If you expose `name`, and it potentially contains recursive
+     * disclosures, all disclosures under name will be disclosed as well.
+     * ```ts
+     * await sdJwt.present({
+     *   name: true,
+     *   a: {
+     *     nested: 'property'
+     *   }
+     *   orderItems: [true, false, true]
+     * })
+     * ```
+     *
+     * @throws when the presentation frame does not match the decoded/pretty payload of the sd-jwt
+     * @throws when the presentation frame contains fields other than object, array or boolean
+     *
+     */
+    present(presentationFrame) {
+        var _a;
+        return __awaiter(this, void 0, void 0, function* () {
+            if (!this.disclosures && this.disclosureFrame) {
+                yield this.applyDisclosureFrame();
+            }
+            // TODO: wouldn't it be easier if this returned the value so we don't have to use !
+            this.assertHashAndAlgorithm();
+            this.assertPayload();
+            // If no presentationFrame is passed, we want to disclose everything
+            if (!presentationFrame) {
+                return yield this.__toCompact(this.disclosures, false);
+            }
+            if ((Object.keys(presentationFrame).length > 0 && !this.disclosures) ||
+                ((_a = this.disclosures) === null || _a === void 0 ? void 0 : _a.length) === 0) {
+                throw new error_1.SdJwtError('Cannot create a presentation with disclosures while no disclosures are on the sd-jwt');
+            }
+            const requiredDisclosures = yield (0, presentationFrame_1.getDisclosuresForPresentationFrame)(this.payload, presentationFrame, yield this.getPrettyClaims(), this.hasherAndAlgorithm.hasher, this.disclosures);
+            return yield this.__toCompact(requiredDisclosures, false);
+        });
+    }
+    /**
+     *
+     * Verify the sd-jwt.
+     *
+     * It validates the following properties:
+     *   - sd-jwt issuer signature
+     *   - Optionally, the required claims
+     *   - The `nbf` and `exp` claims
+     *   - Whether the key binding is valid
+     *
+     */
+    verify(verifier, requiredClaimKeys, publicKeyJwk) {
+        const _super = Object.create(null, {
+            verify: { get: () => super.verify }
+        });
+        var _a;
+        return __awaiter(this, void 0, void 0, function* () {
+            this.assertSignature();
+            const jwtVerificationResult = (yield _super.verify.call(this, verifier, requiredClaimKeys));
+            if (this.keyBinding) {
+                const { isValid } = yield this.keyBinding.verify(verifier, [], publicKeyJwk);
+                jwtVerificationResult.isKeyBindingValid = isValid;
+            }
+            const claimKeys = (0, utils_1.getAllKeys)(this.payload).concat(((_a = this.disclosures) !== null && _a !== void 0 ? _a : []).map((d) => d.decoded[1]));
+            if (requiredClaimKeys) {
+                jwtVerificationResult.areRequiredClaimsIncluded =
+                    requiredClaimKeys.every((key) => claimKeys.includes(key));
+            }
+            return Object.assign(Object.assign({}, jwtVerificationResult), { isValid: Object.entries(jwtVerificationResult)
+                    .filter(([key, value]) => typeof value === 'boolean' && key !== 'isValid')
+                    .every(([, value]) => !!value) });
+        });
+    }
+    /**
+     *
+     * Utility method to check whether the expected hasher algorithm is used.
+     *
+     */
+    checkHasher(expectedHasher) {
+        try {
+            this.assertPayload();
+            this.assertClaimInPayload('_sd_alg', expectedHasher.toString());
+            return true;
+        }
+        catch (e) {
+            console.error(e);
+            return false;
+        }
+    }
+    assertNonSelectivelyDisclosableClaim(claimKey) {
+        try {
+            this.assertClaimInDisclosureFrame(claimKey);
+        }
+        catch (_a) {
+            return;
+        }
+        throw new error_1.SdJwtError(`Claim key '${claimKey}' was found in the disclosure frame. This claim is not allowed to be selectively disclosed`);
+    }
+    assertNonSelectivelyDisclosableClaims() {
+        if (!this.disclosureFrame)
+            return;
+        ['_sd', '_sd_alg', '...'].forEach(this.assertNonSelectivelyDisclosableClaim);
+    }
+    /**
+     *
+     * Return all claims from the payload and the disclosures on their original place.
+     *
+     */
+    getPrettyClaims() {
+        var _a;
+        return __awaiter(this, void 0, void 0, function* () {
+            this.assertPayload();
+            this.assertHashAndAlgorithm();
+            const newPayload = yield (0, swapClaim_1.swapClaims)(this.hasherAndAlgorithm.hasher, this.payload, (_a = this.disclosures) !== null && _a !== void 0 ? _a : []);
+            return newPayload;
+        });
+    }
+    /**
+     *
+     * Create a compact format of the sd-jwt.
+     *
+     * This will
+     *   - Apply the disclosure frame
+     *   - Add a signature if there is none
+     *
+     * @throws When the signature and signer are not defined
+     * @throws When a claim is requested to be selectively disclosable, but it was not found in the payload
+     *
+     */
+    toCompact() {
+        return __awaiter(this, void 0, void 0, function* () {
+            return this.__toCompact();
+        });
+    }
+    __toCompact(disclosures = this.disclosures, shouldApplyFrame = true) {
+        var _a, _b;
+        return __awaiter(this, void 0, void 0, function* () {
+            this.assertHeader();
+            this.assertPayload();
+            yield ((_a = this.keyBinding) === null || _a === void 0 ? void 0 : _a.assertValidForKeyBinding());
+            if (this.disclosureFrame && shouldApplyFrame) {
+                yield this.applyDisclosureFrame();
+            }
+            disclosures !== null && disclosures !== void 0 ? disclosures : (disclosures = this.disclosures);
+            const compactHeader = base64url_1.Base64url.encode(JSON.stringify(this.header));
+            const compactPayload = base64url_1.Base64url.encode(JSON.stringify(this.payload));
+            const sSignature = this.signature
+                ? base64url_1.Base64url.encode(this.signature)
+                : base64url_1.Base64url.encode((yield this.signAndAdd()).signature);
+            const sDisclosures = disclosures && disclosures.length > 0
+                ? `~${disclosures.join('~')}~`
+                : '';
+            const kb = yield ((_b = this.keyBinding) === null || _b === void 0 ? void 0 : _b.toCompact());
+            const sKeyBinding = this.keyBinding
+                ? sDisclosures.length > 0
+                    ? kb
+                    : `~${kb}`
+                : '';
+            return `${compactHeader}.${compactPayload}.${sSignature}${sDisclosures}${sKeyBinding}`;
+        });
+    }
+}
+exports.SdJwt = SdJwt;
+//# sourceMappingURL=sdJwt.js.map

package/build/sdJwt/sdJwt.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"sdJwt.js","sourceRoot":"","sources":["../../src/sdJwt/sdJwt.ts"],"names":[],"mappings":";;;;;;;;;;;;AAAA,4CAAwC;AACxC,mCAAoC;AAOpC,oCAA6E;AAC7E,8CAA0C;AAM1C,uCAA4C;AAE5C,uDAAwD;AACxD,2CAAwC;AACxC,oCAA4D;AAG5D,2DAAwE;AA+BxE,MAAa,KAGX,SAAQ,SAAoB;IAQ1B,YACI,OAAuC,EACvC,iBAAmD;QAEnD,KAAK,CAAC,OAAO,EAAE,iBAAiB,CAAC,CAAA;QACjC,IAAI,CAAC,MAAM,GAAG,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,MAAM,CAAA;QAC7B,IAAI,CAAC,OAAO,GAAG,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,OAAO,CAAA;QAC/B,IAAI,CAAC,SAAS,GAAG,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,SAAS,CAAA;QACnC,IAAI,CAAC,WAAW,GAAG,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,WAAW,CAAA;QACvC,IAAI,CAAC,UAAU,GAAG,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,UAAU,CAAA;QAErC,IAAI,iBAAiB,aAAjB,iBAAiB,uBAAjB,iBAAiB,CAAE,kBAAkB,EAAE,CAAC;YACxC,IAAI,CAAC,UAAU,CAAC,iBAAiB,CAAC,kBAAkB,CAAC,CAAA;QACzD,CAAC;QAED,IAAI,iBAAiB,aAAjB,iBAAiB,uBAAjB,iBAAiB,CAAE,aAAa,EAAE,CAAC;YACnC,IAAI,CAAC,iBAAiB,CAAC,iBAAiB,CAAC,aAAa,CAAC,CAAA;QAC3D,CAAC;QAED,IAAI,iBAAiB,aAAjB,iBAAiB,uBAAjB,iBAAiB,CAAE,eAAe,EAAE,CAAC;YACrC,IAAI,CAAC,mBAAmB,CAAC,iBAAiB,CAAC,eAAe,CAAC,CAAA;QAC/D,CAAC;QAED,IAAI,iBAAiB,aAAjB,iBAAiB,uBAAjB,iBAAiB,CAAE,MAAM,EAAE,CAAC;YAC5B,IAAI,CAAC,UAAU,CAAC,iBAAiB,CAAC,MAAM,CAAC,CAAA;QAC7C,CAAC;IACL,CAAC;IAED;;;;OAIG;IACI,MAAM,CAAU,WAAW,CAGhC,OAAe;QACb,MAAM,EAAE,WAAW,EAAE,UAAU,EAAE,SAAS,EAAE,OAAO,EAAE,MAAM,EAAE,GACzD,IAAA,0BAAgB,EAAkB,OAAO,CAAC,CAAA;QAE9C,MAAM,KAAK,GAAG,IAAI,KAAK,CAAkB;YACrC,MAAM;YACN,OAAO;YACP,SAAS;YACT,WAAW;YACX,UAAU;SACb,CAAC,CAAA;QAEF,OAAO,KAIN,CAAA;IACL,CAAC;IAED;;;;;;;;;;;;;;;;OAgBG;IACI,iBAAiB,CAAC,aAA4B;QACjD,IAAI,CAAC,aAAa,GAAG,aAAa,CAAA;QAClC,OAAO,IAAI,CAAA;IACf,CAAC;IAED;;;;;;;;;;OAUG;IACI,UAAU,CAAC,kBAAsC;QACpD,IAAI,CAAC,kBAAkB,GAAG,kBAAkB,CAAA;QAE5C,OAAO,IAAqD,CAAA;IAChE,CAAC;IAED;;;;;;;;OAQG;IACI,2BAA2B,CAC9B,kBAAuC;QAEvC,IAAI,kBAAkB;YAAE,IAAI,CAAC,UAAU,CAAC,kBAAkB,CAAC,CAAA;QAC3D,IAAI,CAAC,sBAAsB,EAAE,CAAA;QAE7B,IAAI,CAAC,eAAe,CAAC,SAAS,EAAE,IAAI,CAAC,kBAAmB,CAAC,SAAS,CAAC,CAAA;QAEnE,OAAO,IAAqD,CAAA;IAChE,CAAC;IAED;;;;;;OAMG;IACI,cAAc,CACjB,UAAqC;QAErC,MAAM,EAAE,GACJ,OAAO,UAAU,KAAK,QAAQ;YAC1B,CAAC,CAAC,uBAAU,CAAC,WAAW,CAAC,UAAU,CAAC;YACpC,CAAC,CAAC,UAAU,YAAY,uBAAU;gBAChC,CAAC,CAAC,UAAU;gBACZ,CAAC,CAAC,uBAAU,CAAC,OAAO,CAAC,UAAU,CAAC,CAAA;QAE1C,IAAI,CAAC,UAAU,GAAG,EAAE,CAAA;QACpB,OAAO,IAAwD,CAAA;IACnE,CAAC;IAED;;;;OAIG;IACI,mBAAmB,CAAC,eAAyC;QAChE,IAAI,CAAC,eAAe,GAAG,eAAe,CAAA;QACtC,OAAO,IAAI,CAAA;IACf,CAAC;IAED;;;;;;;;;;;;;OAaG;IACU,oBAAoB;;YAC7B,IAAI,CAAC,mBAAmB,EAAE,CAAA;YAC1B,IAAI,CAAC,sBAAsB,EAAE,CAAA;YAC7B,IAAI,CAAC,aAAa,EAAE,CAAA;YACpB,IAAI,CAAC,qBAAqB,EAAE,CAAA;YAE5B,IACI,IAAI,CAAC,WAAW;gBAChB,IAAI,CAAC,WAAW,CAAC,MAAM,GAAG,CAAC;gBAC3B,IAAI,CAAC,SAAS;gBACd,CAAC,IAAI,CAAC,MAAM,EACd,CAAC;gBACC,MAAM,IAAI,kBAAU,CAChB,yOAAyO,CAC5O,CAAA;YACL,CAAC;YAED,MAAM,EAAE,OAAO,EAAE,aAAa,EAAE,WAAW,EAAE,GACzC,MAAM,IAAA,sCAAoB,EACtB,IAAI,CAAC,aAAc,EACnB,IAAI,CAAC,kBAAmB,CAAC,MAAM,EAC/B,IAAI,CAAC,2BAA2B,EAAE,CAAC,OAAQ,EAC3C,IAAI,CAAC,eAAgB,CACxB,CAAA;YAEL,IAAI,CAAC,WAAW,GAAG,WAAW,CAAA;YAC9B,IAAI,CAAC,OAAO,GAAG,aAAwB,CAAA;QAC3C,CAAC;KAAA;IAED;;;;OAIG;IACI,qBAAqB;QACxB,IAAI,IAAI,CAAC,eAAe;YAAE,OAAM;QAEhC,MAAM,IAAI,kBAAU,CAAC,iCAAiC,CAAC,CAAA;IAC3D,CAAC;IAED;;;;OAIG;IACK,mBAAmB;QACvB,IAAI,CAAC,IAAI,CAAC,aAAa,EAAE,CAAC;YACtB,MAAM,IAAI,kBAAU,CAChB,mGAAmG,CACtG,CAAA;QACL,CAAC;IACL,CAAC;IAED;;;;OAIG;IACK,sBAAsB;QAC1B,IAAI,CAAC,IAAI,CAAC,kBAAkB,EAAE,CAAC;YAC3B,MAAM,IAAI,kBAAU,CAChB,mIAAmI,CACtI,CAAA;QACL,CAAC;IACL,CAAC;IAED;;;;;;OAMG;IACI,4BAA4B,CAAC,QAAgB;QAChD,IAAI,CAAC,qBAAqB,EAAE,CAAA;QAE5B,MAAM,KAAK,GAAG,IAAA,6BAAqB,EAAC,IAAI,CAAC,eAAgB,EAAE,QAAQ,CAAC,CAAA;QAEpE,IAAI,CAAC,KAAK,EAAE,CAAC;YACT,MAAM,IAAI,kBAAU,CAChB,cAAc,QAAQ,iDAAiD,CAC1E,CAAA;QACL,CAAC;IACL,CAAC;IAED;;;;;;;;;;;;;;;;;;;;;;;;;;;OA2BG;IACU,OAAO,CAAC,iBAA8C;;;YAC/D,IAAI,CAAC,IAAI,CAAC,WAAW,IAAI,IAAI,CAAC,eAAe,EAAE,CAAC;gBAC5C,MAAM,IAAI,CAAC,oBAAoB,EAAE,CAAA;YACrC,CAAC;YAED,mFAAmF;YACnF,IAAI,CAAC,sBAAsB,EAAE,CAAA;YAC7B,IAAI,CAAC,aAAa,EAAE,CAAA;YAEpB,oEAAoE;YACpE,IAAI,CAAC,iBAAiB,EAAE,CAAC;gBACrB,OAAO,MAAM,IAAI,CAAC,WAAW,CAAC,IAAI,CAAC,WAAW,EAAE,KAAK,CAAC,CAAA;YAC1D,CAAC;YAED,IACI,CAAC,MAAM,CAAC,IAAI,CAAC,iBAAiB,CAAC,CAAC,MAAM,GAAG,CAAC,IAAI,CAAC,IAAI,CAAC,WAAW,CAAC;gBAChE,CAAA,MAAA,IAAI,CAAC,WAAW,0CAAE,MAAM,MAAK,CAAC,EAChC,CAAC;gBACC,MAAM,IAAI,kBAAU,CAChB,sFAAsF,CACzF,CAAA;YACL,CAAC;YAED,MAAM,mBAAmB,GAAG,MAAM,IAAA,sDAAkC,EAChE,IAAI,CAAC,OAAQ,EACb,iBAAiB,EACjB,MAAM,IAAI,CAAC,eAAe,EAAE,EAC5B,IAAI,CAAC,kBAAmB,CAAC,MAAM,EAC/B,IAAI,CAAC,WAAW,CACnB,CAAA;YAED,OAAO,MAAM,IAAI,CAAC,WAAW,CAAC,mBAAmB,EAAE,KAAK,CAAC,CAAA;;KAC5D;IAED;;;;;;;;;;OAUG;IACU,MAAM,CACf,QAA0B,EAC1B,iBAAiD,EACjD,YAAsC;;;;;;YAEtC,IAAI,CAAC,eAAe,EAAE,CAAA;YAEtB,MAAM,qBAAqB,GAAG,CAAC,MAAM,OAAM,MAAM,YAC7C,QAAQ,EACR,iBAAiB,CACpB,CAA4B,CAAA;YAE7B,IAAI,IAAI,CAAC,UAAU,EAAE,CAAC;gBAClB,MAAM,EAAE,OAAO,EAAE,GAAG,MAAM,IAAI,CAAC,UAAU,CAAC,MAAM,CAC5C,QAAoB,EACpB,EAAE,EACF,YAAY,CACf,CAAA;gBAED,qBAAqB,CAAC,iBAAiB,GAAG,OAAO,CAAA;YACrD,CAAC;YAED,MAAM,SAAS,GAAG,IAAA,kBAAU,EAAC,IAAI,CAAC,OAAQ,CAAC,CAAC,MAAM,CAC9C,CAAC,MAAA,IAAI,CAAC,WAAW,mCAAI,EAAE,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAW,CAAC,CAC9D,CAAA;YAED,IAAI,iBAAiB,EAAE,CAAC;gBACpB,qBAAqB,CAAC,yBAAyB;oBAC3C,iBAAiB,CAAC,KAAK,CAAC,CAAC,GAAG,EAAE,EAAE,CAC5B,SAAS,CAAC,QAAQ,CAAC,GAAa,CAAC,CACpC,CAAA;YACT,CAAC;YAED,uCACO,qBAAqB,KACxB,OAAO,EAAE,MAAM,CAAC,OAAO,CAAC,qBAAqB,CAAC;qBACzC,MAAM,CACH,CAAC,CAAC,GAAG,EAAE,KAAK,CAAC,EAAE,EAAE,CACb,OAAO,KAAK,KAAK,SAAS,IAAI,GAAG,KAAK,SAAS,CACtD;qBACA,KAAK,CAAC,CAAC,CAAC,EAAE,KAAK,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,KAAK,CAAC,IACrC;;KACJ;IAED;;;;OAIG;IACI,WAAW,CAAC,cAAwC;QACvD,IAAI,CAAC;YACD,IAAI,CAAC,aAAa,EAAE,CAAA;YACpB,IAAI,CAAC,oBAAoB,CAAC,SAAS,EAAE,cAAc,CAAC,QAAQ,EAAE,CAAC,CAAA;YAC/D,OAAO,IAAI,CAAA;QACf,CAAC;QAAC,OAAO,CAAC,EAAE,CAAC;YACT,OAAO,CAAC,KAAK,CAAC,CAAC,CAAC,CAAA;YAChB,OAAO,KAAK,CAAA;QAChB,CAAC;IACL,CAAC;IAEM,oCAAoC,CAAC,QAAgB;QACxD,IAAI,CAAC;YACD,IAAI,CAAC,4BAA4B,CAAC,QAAQ,CAAC,CAAA;QAC/C,CAAC;QAAC,WAAM,CAAC;YACL,OAAM;QACV,CAAC;QACD,MAAM,IAAI,kBAAU,CAChB,cAAc,QAAQ,4FAA4F,CACrH,CAAA;IACL,CAAC;IAEM,qCAAqC;QACxC,IAAI,CAAC,IAAI,CAAC,eAAe;YAAE,OAC1B;QAAA,CAAC,KAAK,EAAE,SAAS,EAAE,KAAK,CAAC,CAAC,OAAO,CAC9B,IAAI,CAAC,oCAAoC,CAC5C,CAAA;IACL,CAAC;IAED;;;;OAIG;IACU,eAAe;;;YAGxB,IAAI,CAAC,aAAa,EAAE,CAAA;YACpB,IAAI,CAAC,sBAAsB,EAAE,CAAA;YAE7B,MAAM,UAAU,GAAG,MAAM,IAAA,sBAAU,EAC/B,IAAI,CAAC,kBAAmB,CAAC,MAAM,EAC/B,IAAI,CAAC,OAAQ,EACb,MAAA,IAAI,CAAC,WAAW,mCAAI,EAAE,CACzB,CAAA;YAED,OAAO,UAAoB,CAAA;;KAC9B;IAED;;;;;;;;;;;OAWG;IACU,SAAS;;YAClB,OAAO,IAAI,CAAC,WAAW,EAAE,CAAA;QAC7B,CAAC;KAAA;IAEa,WAAW,CACrB,cAA6C,IAAI,CAAC,WAAW,EAC7D,mBAA4B,IAAI;;;YAEhC,IAAI,CAAC,YAAY,EAAE,CAAA;YACnB,IAAI,CAAC,aAAa,EAAE,CAAA;YAEpB,MAAM,CAAA,MAAA,IAAI,CAAC,UAAU,0CAAE,wBAAwB,EAAE,CAAA,CAAA;YAEjD,IAAI,IAAI,CAAC,eAAe,IAAI,gBAAgB,EAAE,CAAC;gBAC3C,MAAM,IAAI,CAAC,oBAAoB,EAAE,CAAA;YACrC,CAAC;YAED,WAAW,aAAX,WAAW,cAAX,WAAW,IAAX,WAAW,GAAK,IAAI,CAAC,WAAW,EAAA;YAEhC,MAAM,aAAa,GAAG,qBAAS,CAAC,MAAM,CAAC,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC,CAAA;YACnE,MAAM,cAAc,GAAG,qBAAS,CAAC,MAAM,CAAC,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,CAAA;YAErE,MAAM,UAAU,GAAG,IAAI,CAAC,SAAS;gBAC7B,CAAC,CAAC,qBAAS,CAAC,MAAM,CAAC,IAAI,CAAC,SAAS,CAAC;gBAClC,CAAC,CAAC,qBAAS,CAAC,MAAM,CAAC,CAAC,MAAM,IAAI,CAAC,UAAU,EAAE,CAAC,CAAC,SAAU,CAAC,CAAA;YAE5D,MAAM,YAAY,GACd,WAAW,IAAI,WAAW,CAAC,MAAM,GAAG,CAAC;gBACjC,CAAC,CAAC,IAAI,WAAW,CAAC,IAAI,CAAC,GAAG,CAAC,GAAG;gBAC9B,CAAC,CAAC,EAAE,CAAA;YAEZ,MAAM,EAAE,GAAG,MAAM,CAAA,MAAA,IAAI,CAAC,UAAU,0CAAE,SAAS,EAAE,CAAA,CAAA;YAE7C,MAAM,WAAW,GAAG,IAAI,CAAC,UAAU;gBAC/B,CAAC,CAAC,YAAY,CAAC,MAAM,GAAG,CAAC;oBACrB,CAAC,CAAC,EAAE;oBACJ,CAAC,CAAC,IAAI,EAAE,EAAE;gBACd,CAAC,CAAC,EAAE,CAAA;YAER,OAAO,GAAG,aAAa,IAAI,cAAc,IAAI,UAAU,GAAG,YAAY,GAAG,WAAW,EAAE,CAAA;;KACzF;CACJ;AA/dD,sBA+dC"}