@sd-jwt/core 0.2.0 → 0.2.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/build/base64url.d.ts +28 -0
- package/build/base64url.js +40 -0
- package/build/base64url.js.map +1 -0
- package/build/hasherAlgorithm.d.ts +70 -0
- package/build/hasherAlgorithm.js +75 -0
- package/build/hasherAlgorithm.js.map +1 -0
- package/build/index.d.ts +3 -3
- package/build/index.js +2 -3
- package/build/index.js.map +1 -1
- package/build/jwt/compact.d.ts +6 -0
- package/build/jwt/compact.js +27 -0
- package/build/jwt/compact.js.map +1 -0
- package/build/jwt/jwt.d.ts +4 -0
- package/build/jwt/jwt.js +1 -0
- package/build/jwt/jwt.js.map +1 -1
- package/build/keyBinding/keyBinding.d.ts +10 -2
- package/build/keyBinding/keyBinding.js +21 -2
- package/build/keyBinding/keyBinding.js.map +1 -1
- package/build/sdJwt/compact.d.ts +8 -0
- package/build/sdJwt/compact.js +39 -0
- package/build/sdJwt/compact.js.map +1 -0
- package/build/sdJwt/decoys.d.ts +2 -1
- package/build/sdJwt/decoys.js.map +1 -1
- package/build/sdJwt/disclosureFrame.d.ts +2 -1
- package/build/sdJwt/disclosureFrame.js.map +1 -1
- package/build/sdJwt/disclosureMapping.d.ts +43 -0
- package/build/sdJwt/disclosureMapping.js +278 -0
- package/build/sdJwt/disclosureMapping.js.map +1 -0
- package/build/sdJwt/disclosures.d.ts +2 -2
- package/build/sdJwt/disclosures.js.map +1 -1
- package/build/sdJwt/presentationFrame.d.ts +3 -0
- package/build/sdJwt/presentationFrame.js +64 -0
- package/build/sdJwt/presentationFrame.js.map +1 -0
- package/build/sdJwt/sdJwt.d.ts +5 -4
- package/build/sdJwt/sdJwt.js +46 -8
- package/build/sdJwt/sdJwt.js.map +1 -1
- package/build/sdJwt/swapClaim.d.ts +2 -0
- package/build/sdJwt/swapClaim.js +79 -0
- package/build/sdJwt/swapClaim.js.map +1 -0
- package/build/sdJwtVc/sdJwtVc.d.ts +1 -1
- package/build/sdJwtVc/sdJwtVc.js +4 -3
- package/build/sdJwtVc/sdJwtVc.js.map +1 -1
- package/build/types/frame.d.ts +5 -0
- package/build/types/frame.js +3 -0
- package/build/types/frame.js.map +1 -0
- package/build/types/hasher.d.ts +8 -4
- package/build/types/index.d.ts +0 -1
- package/build/types/index.js +0 -1
- package/build/types/index.js.map +1 -1
- package/build/types/present.d.ts +2 -0
- package/build/types/present.js +3 -0
- package/build/types/present.js.map +1 -0
- package/build/utils/index.d.ts +2 -0
- package/build/utils/index.js +19 -0
- package/build/utils/index.js.map +1 -0
- package/build/utils/traverse.d.ts +8 -0
- package/build/utils/traverse.js +29 -0
- package/build/utils/traverse.js.map +1 -0
- package/build/utils/utils.d.ts +8 -0
- package/build/utils/utils.js +118 -0
- package/build/utils/utils.js.map +1 -0
- package/package.json +6 -6
|
@@ -0,0 +1,278 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
// This file contains helpers functions for mapping between disclosures entries and the payload of an SD-JWT.
|
|
3
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
4
|
+
exports.getDisclosureMap = exports.getPayloadDisclosureMapping = void 0;
|
|
5
|
+
const utils_1 = require("../utils");
|
|
6
|
+
const error_1 = require("./error");
|
|
7
|
+
/**
|
|
8
|
+
* Returns an array that includes the digests that should be disclosed for each item in the array.
|
|
9
|
+
*
|
|
10
|
+
* E.g. if the following array is passed:
|
|
11
|
+
* ```ts
|
|
12
|
+
* [ { '...': <SD_HASH_DIGEST_1> }, 'string_value', { '...': <SD_HASH_DIGEST_2> } ]
|
|
13
|
+
* ```
|
|
14
|
+
*
|
|
15
|
+
* The return value will be:
|
|
16
|
+
* ```ts
|
|
17
|
+
* ['<SD_HASH_DIGEST_1>', null, '<SD_HASH_DIGEST_2>']
|
|
18
|
+
* ```
|
|
19
|
+
*
|
|
20
|
+
* The second value will be null, as it's already disclosed, and thus there's no digests that
|
|
21
|
+
* need to be disclosed to reveal it. For the other values, it will include the digest that needs
|
|
22
|
+
* to be disclosed to reveal that array entry.
|
|
23
|
+
*
|
|
24
|
+
* In the case the array entry contains nested disclosures, the value will not be a digest, but rather
|
|
25
|
+
* the structure of the nested disclosures.
|
|
26
|
+
*
|
|
27
|
+
* Let's say the `<SD_HASH_DIGEST_1>` is the digest of the following disclosure:
|
|
28
|
+
* ```ts
|
|
29
|
+
* {
|
|
30
|
+
* // `<SD_HASH_DIGEST_3>` is the digest of the dateOfBirth property
|
|
31
|
+
* _sd: ['<SD_HASH_DIGEST_3>'],
|
|
32
|
+
* name: 'Jane Doe',
|
|
33
|
+
* }
|
|
34
|
+
* ```
|
|
35
|
+
*
|
|
36
|
+
* In this case the return value will be:
|
|
37
|
+
* ```ts
|
|
38
|
+
* [{ __digest: '<SD_HASH_DIGEST_1>', dateOfBirth: '<SD_HASH_DIGEST_3>' }, null, '<SD_HASH_DIGEST_2>']
|
|
39
|
+
* ```
|
|
40
|
+
* The `__digest` property indicates the digest of the encapsulating disclosure, and it being an object
|
|
41
|
+
* indicates that there's nested disclosures that need to be revealed.
|
|
42
|
+
*
|
|
43
|
+
* In the end the result value is an array, and all the string values in the return value are the digests.
|
|
44
|
+
* This allows you to easily build a path of digests to disclose to reveal a certain value.
|
|
45
|
+
*
|
|
46
|
+
* The return value can be endlessly nested, and will also call `getPayloadDisclosureMapping` recursively
|
|
47
|
+
* if the inner values are not arrays, but objects. That method in turn can call this method if the value
|
|
48
|
+
* of an object property is an array.
|
|
49
|
+
*/
|
|
50
|
+
function getArrayPayloadDisclosureMapping(array, map) {
|
|
51
|
+
const arrayPayloadDisclosureMapping = [];
|
|
52
|
+
// Loop through all the payload values of the array
|
|
53
|
+
for (const item of array) {
|
|
54
|
+
// If the item is an object, (both array and object are objects)
|
|
55
|
+
// it means there may be some values in here that need to be disclosed to
|
|
56
|
+
// reveal this array entry
|
|
57
|
+
if (item instanceof Object) {
|
|
58
|
+
// if Array item is { '...': <SD_HASH_DIGEST> }
|
|
59
|
+
// It means this item can be disclosed.
|
|
60
|
+
if ('...' in item) {
|
|
61
|
+
const digest = item['...'];
|
|
62
|
+
if (typeof digest !== 'string') {
|
|
63
|
+
throw new error_1.SdJwtError(`Expected value of key '...' to be of type string, but found ${typeof digest}`);
|
|
64
|
+
}
|
|
65
|
+
// Look up disclosure. It's valid that the disclosure is not present (decoy digests)
|
|
66
|
+
const disclosed = map[digest];
|
|
67
|
+
if (disclosed) {
|
|
68
|
+
// value is always the last item in the disclosure array
|
|
69
|
+
const value = [...disclosed.disclosure.decoded].pop();
|
|
70
|
+
// Recursively look if the disclosed value contains any disclosure references
|
|
71
|
+
// of itself. Based on the type we can decide how to handle it.
|
|
72
|
+
if ((0, utils_1.isObject)(value)) {
|
|
73
|
+
// Get nested disclosures for the object value
|
|
74
|
+
const unpacked = getPayloadDisclosureMapping(value, map);
|
|
75
|
+
// If there's any nested disclosures, we need to include both this item's
|
|
76
|
+
// disclosure, as well as the nested disclosures
|
|
77
|
+
if (unpacked && Object.keys(unpacked).length > 0) {
|
|
78
|
+
arrayPayloadDisclosureMapping.push(Object.assign(Object.assign({}, unpacked), { __digest: digest }));
|
|
79
|
+
}
|
|
80
|
+
else {
|
|
81
|
+
arrayPayloadDisclosureMapping.push(digest);
|
|
82
|
+
}
|
|
83
|
+
}
|
|
84
|
+
else if (Array.isArray(value)) {
|
|
85
|
+
// Get nested disclosures for the array value
|
|
86
|
+
const nestedUnpackedArray = getArrayPayloadDisclosureMapping(value, map);
|
|
87
|
+
// If all entries are null, it means there's no nested disclosures
|
|
88
|
+
// And thus we push the digest directly
|
|
89
|
+
if (nestedUnpackedArray.every((item) => item === null)) {
|
|
90
|
+
arrayPayloadDisclosureMapping.push(digest);
|
|
91
|
+
}
|
|
92
|
+
else {
|
|
93
|
+
arrayPayloadDisclosureMapping.push(Object.assign(Object.assign({}, nestedUnpackedArray), {
|
|
94
|
+
// __digest is for encapsulating disclosure
|
|
95
|
+
__digest: digest }));
|
|
96
|
+
}
|
|
97
|
+
}
|
|
98
|
+
// If the value is not an object or a array, it means there's no nested disclosures
|
|
99
|
+
// and thus we can push the digest directly
|
|
100
|
+
else {
|
|
101
|
+
arrayPayloadDisclosureMapping.push(digest);
|
|
102
|
+
}
|
|
103
|
+
}
|
|
104
|
+
else {
|
|
105
|
+
// Value is not a disclosure for an array ('...') so we unpack the object recursively
|
|
106
|
+
const claims = getPayloadDisclosureMapping(item, map);
|
|
107
|
+
if (claims && Object.keys(claims).length > 0) {
|
|
108
|
+
arrayPayloadDisclosureMapping.push(claims);
|
|
109
|
+
}
|
|
110
|
+
else {
|
|
111
|
+
arrayPayloadDisclosureMapping.push(null);
|
|
112
|
+
}
|
|
113
|
+
}
|
|
114
|
+
}
|
|
115
|
+
}
|
|
116
|
+
// If the value is not an Object it means the actual value is disclosed
|
|
117
|
+
// in the array directly (so we don't need to disclose anything to reveal it)
|
|
118
|
+
else {
|
|
119
|
+
arrayPayloadDisclosureMapping.push(null);
|
|
120
|
+
}
|
|
121
|
+
}
|
|
122
|
+
return arrayPayloadDisclosureMapping;
|
|
123
|
+
}
|
|
124
|
+
/**
|
|
125
|
+
* Get a mapping in the structure of the pretty payload, to indicate which digests should be disclosed for a
|
|
126
|
+
* given entry.
|
|
127
|
+
*
|
|
128
|
+
* For example if you call this method with the following payload:
|
|
129
|
+
* ```ts
|
|
130
|
+
* {
|
|
131
|
+
* _sd: ['iss_digest', 'nested_field_digest'],
|
|
132
|
+
* }
|
|
133
|
+
* ```
|
|
134
|
+
*
|
|
135
|
+
* It can return the following mapping:
|
|
136
|
+
* ```ts
|
|
137
|
+
* {
|
|
138
|
+
* iss: 'iss_digest',
|
|
139
|
+
* nested_field: {
|
|
140
|
+
* __digest: 'nested_field_digest',
|
|
141
|
+
* more_nested_field: {
|
|
142
|
+
* // index 1 is null, as it's always in the payload, so doesn't need to be disclosed
|
|
143
|
+
* // separately
|
|
144
|
+
* a: ['a_0_digest', null, 'a_2_digest'],
|
|
145
|
+
* }
|
|
146
|
+
* }
|
|
147
|
+
* }
|
|
148
|
+
* ```
|
|
149
|
+
*
|
|
150
|
+
* This method will recursively call itself and `getArrayPayloadDisclosureMapping` if the value of a property is an object or array.
|
|
151
|
+
*/
|
|
152
|
+
function getPayloadDisclosureMapping(payload, map) {
|
|
153
|
+
// Handle array
|
|
154
|
+
if (payload instanceof Array) {
|
|
155
|
+
return getArrayPayloadDisclosureMapping(payload, map);
|
|
156
|
+
}
|
|
157
|
+
// Not an array or object, so it means the top-level value is already disclosed
|
|
158
|
+
if (!(0, utils_1.isObject)(payload)) {
|
|
159
|
+
return null;
|
|
160
|
+
}
|
|
161
|
+
const payloadDisclosureMapping = {};
|
|
162
|
+
for (const key in payload) {
|
|
163
|
+
// if obj property value is an object or array
|
|
164
|
+
// recursively unpack
|
|
165
|
+
if (key !== '_sd' && key !== '...' && payload[key] instanceof Object) {
|
|
166
|
+
const claim = getPayloadDisclosureMapping(payload[key], map);
|
|
167
|
+
if (claim && Object.keys(claim).length > 0) {
|
|
168
|
+
payloadDisclosureMapping[key] = claim;
|
|
169
|
+
}
|
|
170
|
+
}
|
|
171
|
+
}
|
|
172
|
+
// If the payload contains a _sd property, it means there's disclosures
|
|
173
|
+
if (payload._sd) {
|
|
174
|
+
if (!Array.isArray(payload._sd)) {
|
|
175
|
+
throw new error_1.SdJwtError(`Expect value of '_sd' to be of type array, but found ${typeof payload._sd}`);
|
|
176
|
+
}
|
|
177
|
+
// We are going to resolve all digests
|
|
178
|
+
for (const digest of payload._sd) {
|
|
179
|
+
if (typeof digest !== 'string') {
|
|
180
|
+
throw new error_1.SdJwtError(`Expected entries in '_sd' property to be of type string, found ${typeof digest}`);
|
|
181
|
+
}
|
|
182
|
+
// Look up disclosure. It's valid that the disclosure is not present (decoy digests)
|
|
183
|
+
const disclosed = map[digest];
|
|
184
|
+
if (disclosed) {
|
|
185
|
+
// value is always the last item in the disclosure array
|
|
186
|
+
// We know this is an object, so the associated disclosure MUST have length 3
|
|
187
|
+
const value = [...disclosed.disclosure.decoded].pop();
|
|
188
|
+
if (disclosed.disclosure.decoded.length !== 3) {
|
|
189
|
+
throw new error_1.SdJwtError(`Expected disclosure for value ${value} to have 3 items, but found ${disclosed.disclosure.decoded.length}`);
|
|
190
|
+
}
|
|
191
|
+
const key = disclosed.disclosure.decoded[1];
|
|
192
|
+
// This checks if there's a nested disclosure anywhere down the tree
|
|
193
|
+
// So when a disclosure value is an object or array, it can contain disclosures
|
|
194
|
+
// of itself (using `_sd` and `...` keys)
|
|
195
|
+
if ((0, utils_1.isObject)(value)) {
|
|
196
|
+
const unpacked = getPayloadDisclosureMapping(value, map);
|
|
197
|
+
if (unpacked && Object.keys(unpacked).length > 0) {
|
|
198
|
+
payloadDisclosureMapping[key] = Object.assign(Object.assign({}, unpacked), { __digest: digest });
|
|
199
|
+
}
|
|
200
|
+
// If there's no nested disclosures, we add the digest directly
|
|
201
|
+
else {
|
|
202
|
+
payloadDisclosureMapping[key] = digest;
|
|
203
|
+
}
|
|
204
|
+
}
|
|
205
|
+
else if (Array.isArray(value)) {
|
|
206
|
+
// Get nested disclosures for the array value
|
|
207
|
+
const nestedUnpackedArray = getArrayPayloadDisclosureMapping(value, map);
|
|
208
|
+
// If all entries are null, it means there's no nested disclosures
|
|
209
|
+
// And thus we push the digest directly
|
|
210
|
+
if (nestedUnpackedArray.every((item) => item === null)) {
|
|
211
|
+
payloadDisclosureMapping[key] = digest;
|
|
212
|
+
}
|
|
213
|
+
else {
|
|
214
|
+
payloadDisclosureMapping[key] = Object.assign(Object.assign({}, nestedUnpackedArray), {
|
|
215
|
+
// __digest is for encapsulating disclosure
|
|
216
|
+
__digest: digest });
|
|
217
|
+
}
|
|
218
|
+
}
|
|
219
|
+
else {
|
|
220
|
+
payloadDisclosureMapping[key] = digest;
|
|
221
|
+
}
|
|
222
|
+
}
|
|
223
|
+
}
|
|
224
|
+
}
|
|
225
|
+
return payloadDisclosureMapping;
|
|
226
|
+
}
|
|
227
|
+
exports.getPayloadDisclosureMapping = getPayloadDisclosureMapping;
|
|
228
|
+
const getParentDisclosure = (disclosure, digestMap) => {
|
|
229
|
+
const parent = digestMap[disclosure.digest];
|
|
230
|
+
if (!parent) {
|
|
231
|
+
return [];
|
|
232
|
+
}
|
|
233
|
+
if (digestMap[disclosure.digest]) {
|
|
234
|
+
return [parent].concat(getParentDisclosure(parent, digestMap));
|
|
235
|
+
}
|
|
236
|
+
return [parent];
|
|
237
|
+
};
|
|
238
|
+
/**
|
|
239
|
+
* Get a mapping from a digest to the corresponding disclosure and its parent disclosures.
|
|
240
|
+
*/
|
|
241
|
+
const getDisclosureMap = (disclosures) => {
|
|
242
|
+
const map = {};
|
|
243
|
+
const parentMap = {};
|
|
244
|
+
for (const disclosure of disclosures) {
|
|
245
|
+
// value is always the last item in the disclosure array
|
|
246
|
+
const value = [...disclosure.decoded].pop();
|
|
247
|
+
(0, utils_1.traverseNodes)(value).forEach(({ path, value }) => {
|
|
248
|
+
const lastPathItem = path[path.length - 1];
|
|
249
|
+
if (lastPathItem === '_sd') {
|
|
250
|
+
if (!Array.isArray(value)) {
|
|
251
|
+
throw new error_1.SdJwtError(`Expect value of '_sd' to be of type array, but found ${typeof value}`);
|
|
252
|
+
}
|
|
253
|
+
value.forEach((digest) => {
|
|
254
|
+
if (typeof digest !== 'string') {
|
|
255
|
+
throw new error_1.SdJwtError(`Expected entries in '_sd' property to be of type string, found ${typeof digest}`);
|
|
256
|
+
}
|
|
257
|
+
parentMap[digest] = disclosure;
|
|
258
|
+
});
|
|
259
|
+
}
|
|
260
|
+
else if (lastPathItem === '...') {
|
|
261
|
+
if (typeof value !== 'string') {
|
|
262
|
+
throw new error_1.SdJwtError(`Expected value of '...' to be of type string, but found ${typeof value}`);
|
|
263
|
+
}
|
|
264
|
+
parentMap[value] = disclosure;
|
|
265
|
+
}
|
|
266
|
+
});
|
|
267
|
+
}
|
|
268
|
+
for (const disclosure of disclosures) {
|
|
269
|
+
const parent = getParentDisclosure(disclosure, parentMap);
|
|
270
|
+
map[disclosure.digest] = {
|
|
271
|
+
disclosure,
|
|
272
|
+
parentDisclosures: parent
|
|
273
|
+
};
|
|
274
|
+
}
|
|
275
|
+
return map;
|
|
276
|
+
};
|
|
277
|
+
exports.getDisclosureMap = getDisclosureMap;
|
|
278
|
+
//# sourceMappingURL=disclosureMapping.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"disclosureMapping.js","sourceRoot":"","sources":["../../src/sdJwt/disclosureMapping.ts"],"names":[],"mappings":";AAAA,6GAA6G;;;AAE7G,oCAAkD;AAElD,mCAAoC;AAYpC;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GA0CG;AACH,SAAS,gCAAgC,CACrC,KAAqB,EACrB,GAAkB;IAElB,MAAM,6BAA6B,GAAU,EAAE,CAAA;IAE/C,mDAAmD;IACnD,KAAK,MAAM,IAAI,IAAI,KAAK,EAAE,CAAC;QACvB,gEAAgE;QAChE,yEAAyE;QACzE,0BAA0B;QAC1B,IAAI,IAAI,YAAY,MAAM,EAAE,CAAC;YACzB,+CAA+C;YAC/C,uCAAuC;YACvC,IAAI,KAAK,IAAI,IAAI,EAAE,CAAC;gBAChB,MAAM,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,CAAA;gBAC1B,IAAI,OAAO,MAAM,KAAK,QAAQ,EAAE,CAAC;oBAC7B,MAAM,IAAI,kBAAU,CAChB,+DAA+D,OAAO,MAAM,EAAE,CACjF,CAAA;gBACL,CAAC;gBAED,oFAAoF;gBACpF,MAAM,SAAS,GAAG,GAAG,CAAC,MAAM,CAAC,CAAA;gBAC7B,IAAI,SAAS,EAAE,CAAC;oBACZ,wDAAwD;oBACxD,MAAM,KAAK,GAAG,CAAC,GAAG,SAAS,CAAC,UAAU,CAAC,OAAO,CAAC,CAAC,GAAG,EAAE,CAAA;oBAErD,6EAA6E;oBAC7E,+DAA+D;oBAC/D,IAAI,IAAA,gBAAQ,EAAC,KAAK,CAAC,EAAE,CAAC;wBAClB,8CAA8C;wBAC9C,MAAM,QAAQ,GAAG,2BAA2B,CAAC,KAAK,EAAE,GAAG,CAAC,CAAA;wBAExD,yEAAyE;wBACzE,gDAAgD;wBAChD,IAAI,QAAQ,IAAI,MAAM,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;4BAC/C,6BAA6B,CAAC,IAAI,iCAC3B,QAAQ,KACX,QAAQ,EAAE,MAAM,IAClB,CAAA;wBACN,CAAC;6BAAM,CAAC;4BACJ,6BAA6B,CAAC,IAAI,CAAC,MAAM,CAAC,CAAA;wBAC9C,CAAC;oBACL,CAAC;yBAAM,IAAI,KAAK,CAAC,OAAO,CAAC,KAAK,CAAC,EAAE,CAAC;wBAC9B,6CAA6C;wBAC7C,MAAM,mBAAmB,GACrB,gCAAgC,CAAC,KAAK,EAAE,GAAG,CAAC,CAAA;wBAEhD,kEAAkE;wBAClE,uCAAuC;wBACvC,IACI,mBAAmB,CAAC,KAAK,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,IAAI,KAAK,IAAI,CAAC,EACpD,CAAC;4BACC,6BAA6B,CAAC,IAAI,CAAC,MAAM,CAAC,CAAA;wBAC9C,CAAC;6BAAM,CAAC;4BACJ,6BAA6B,CAAC,IAAI,iCAK3B,mBAAmB;gCACtB,2CAA2C;gCAC3C,QAAQ,EAAE,MAAM,IAClB,CAAA;wBACN,CAAC;oBACL,CAAC;oBACD,mFAAmF;oBACnF,2CAA2C;yBACtC,CAAC;wBACF,6BAA6B,CAAC,IAAI,CAAC,MAAM,CAAC,CAAA;oBAC9C,CAAC;gBACL,CAAC;qBAAM,CAAC;oBACJ,qFAAqF;oBACrF,MAAM,MAAM,GAAG,2BAA2B,CAAC,IAAI,EAAE,GAAG,CAAC,CAAA;oBACrD,IAAI,MAAM,IAAI,MAAM,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;wBAC3C,6BAA6B,CAAC,IAAI,CAAC,MAAM,CAAC,CAAA;oBAC9C,CAAC;yBAAM,CAAC;wBACJ,6BAA6B,CAAC,IAAI,CAAC,IAAI,CAAC,CAAA;oBAC5C,CAAC;gBACL,CAAC;YACL,CAAC;QACL,CAAC;QACD,uEAAuE;QACvE,6EAA6E;aACxE,CAAC;YACF,6BAA6B,CAAC,IAAI,CAAC,IAAI,CAAC,CAAA;QAC5C,CAAC;IACL,CAAC;IAED,OAAO,6BAA6B,CAAA;AACxC,CAAC;AAED;;;;;;;;;;;;;;;;;;;;;;;;;;;GA2BG;AACH,SAAgB,2BAA2B,CAAC,OAAY,EAAE,GAAkB;IACxE,eAAe;IACf,IAAI,OAAO,YAAY,KAAK,EAAE,CAAC;QAC3B,OAAO,gCAAgC,CAAC,OAAO,EAAE,GAAG,CAAC,CAAA;IACzD,CAAC;IAED,+EAA+E;IAC/E,IAAI,CAAC,IAAA,gBAAQ,EAAC,OAAO,CAAC,EAAE,CAAC;QACrB,OAAO,IAAI,CAAA;IACf,CAAC;IAED,MAAM,wBAAwB,GAA4B,EAAE,CAAA;IAC5D,KAAK,MAAM,GAAG,IAAI,OAAO,EAAE,CAAC;QACxB,8CAA8C;QAC9C,qBAAqB;QACrB,IAAI,GAAG,KAAK,KAAK,IAAI,GAAG,KAAK,KAAK,IAAI,OAAO,CAAC,GAAG,CAAC,YAAY,MAAM,EAAE,CAAC;YACnE,MAAM,KAAK,GAAG,2BAA2B,CAAC,OAAO,CAAC,GAAG,CAAC,EAAE,GAAG,CAAC,CAAA;YAC5D,IAAI,KAAK,IAAI,MAAM,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;gBACzC,wBAAwB,CAAC,GAAG,CAAC,GAAG,KAAK,CAAA;YACzC,CAAC;QACL,CAAC;IACL,CAAC;IAED,uEAAuE;IACvE,IAAI,OAAO,CAAC,GAAG,EAAE,CAAC;QACd,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC;YAC9B,MAAM,IAAI,kBAAU,CAChB,wDAAwD,OAAO,OAAO,CAAC,GAAG,EAAE,CAC/E,CAAA;QACL,CAAC;QAED,sCAAsC;QACtC,KAAK,MAAM,MAAM,IAAI,OAAO,CAAC,GAAG,EAAE,CAAC;YAC/B,IAAI,OAAO,MAAM,KAAK,QAAQ,EAAE,CAAC;gBAC7B,MAAM,IAAI,kBAAU,CAChB,kEAAkE,OAAO,MAAM,EAAE,CACpF,CAAA;YACL,CAAC;YAED,oFAAoF;YACpF,MAAM,SAAS,GAAG,GAAG,CAAC,MAAM,CAAC,CAAA;YAC7B,IAAI,SAAS,EAAE,CAAC;gBACZ,wDAAwD;gBACxD,6EAA6E;gBAC7E,MAAM,KAAK,GAAG,CAAC,GAAG,SAAS,CAAC,UAAU,CAAC,OAAO,CAAC,CAAC,GAAG,EAAE,CAAA;gBACrD,IAAI,SAAS,CAAC,UAAU,CAAC,OAAO,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;oBAC5C,MAAM,IAAI,kBAAU,CAChB,iCAAiC,KAAK,+BAA+B,SAAS,CAAC,UAAU,CAAC,OAAO,CAAC,MAAM,EAAE,CAC7G,CAAA;gBACL,CAAC;gBACD,MAAM,GAAG,GAAG,SAAS,CAAC,UAAU,CAAC,OAAO,CAAC,CAAC,CAAC,CAAA;gBAE3C,oEAAoE;gBACpE,+EAA+E;gBAC/E,yCAAyC;gBACzC,IAAI,IAAA,gBAAQ,EAAC,KAAK,CAAC,EAAE,CAAC;oBAClB,MAAM,QAAQ,GAAG,2BAA2B,CAAC,KAAK,EAAE,GAAG,CAAC,CAAA;oBACxD,IAAI,QAAQ,IAAI,MAAM,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;wBAC/C,wBAAwB,CAAC,GAAG,CAAC,mCACtB,QAAQ,KACX,QAAQ,EAAE,MAAM,GACnB,CAAA;oBACL,CAAC;oBACD,+DAA+D;yBAC1D,CAAC;wBACF,wBAAwB,CAAC,GAAG,CAAC,GAAG,MAAM,CAAA;oBAC1C,CAAC;gBACL,CAAC;qBAAM,IAAI,KAAK,CAAC,OAAO,CAAC,KAAK,CAAC,EAAE,CAAC;oBAC9B,6CAA6C;oBAC7C,MAAM,mBAAmB,GACrB,gCAAgC,CAAC,KAAK,EAAE,GAAG,CAAC,CAAA;oBAEhD,kEAAkE;oBAClE,uCAAuC;oBACvC,IAAI,mBAAmB,CAAC,KAAK,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,IAAI,KAAK,IAAI,CAAC,EAAE,CAAC;wBACrD,wBAAwB,CAAC,GAAG,CAAC,GAAG,MAAM,CAAA;oBAC1C,CAAC;yBAAM,CAAC;wBACJ,wBAAwB,CAAC,GAAG,CAAC,mCAKtB,mBAAmB;4BACtB,2CAA2C;4BAC3C,QAAQ,EAAE,MAAM,GACnB,CAAA;oBACL,CAAC;gBACL,CAAC;qBAAM,CAAC;oBACJ,wBAAwB,CAAC,GAAG,CAAC,GAAG,MAAM,CAAA;gBAC1C,CAAC;YACL,CAAC;QACL,CAAC;IACL,CAAC;IAED,OAAO,wBAAwB,CAAA;AACnC,CAAC;AA/FD,kEA+FC;AAED,MAAM,mBAAmB,GAAG,CACxB,UAAgC,EAChC,SAA+C,EACzB,EAAE;IACxB,MAAM,MAAM,GAAG,SAAS,CAAC,UAAU,CAAC,MAAM,CAAC,CAAA;IAE3C,IAAI,CAAC,MAAM,EAAE,CAAC;QACV,OAAO,EAAE,CAAA;IACb,CAAC;IAED,IAAI,SAAS,CAAC,UAAU,CAAC,MAAM,CAAC,EAAE,CAAC;QAC/B,OAAO,CAAC,MAAM,CAAC,CAAC,MAAM,CAAC,mBAAmB,CAAC,MAAM,EAAE,SAAS,CAAC,CAAC,CAAA;IAClE,CAAC;IAED,OAAO,CAAC,MAAM,CAAC,CAAA;AACnB,CAAC,CAAA;AAED;;GAEG;AACI,MAAM,gBAAgB,GAAG,CAC5B,WAAmC,EACtB,EAAE;IACf,MAAM,GAAG,GAAkB,EAAE,CAAA;IAC7B,MAAM,SAAS,GAAyC,EAAE,CAAA;IAE1D,KAAK,MAAM,UAAU,IAAI,WAAW,EAAE,CAAC;QACnC,wDAAwD;QACxD,MAAM,KAAK,GAAG,CAAC,GAAG,UAAU,CAAC,OAAO,CAAC,CAAC,GAAG,EAAE,CAAA;QAE3C,IAAA,qBAAa,EAAC,KAAK,CAAC,CAAC,OAAO,CAAC,CAAC,EAAE,IAAI,EAAE,KAAK,EAAE,EAAE,EAAE;YAC7C,MAAM,YAAY,GAAG,IAAI,CAAC,IAAI,CAAC,MAAM,GAAG,CAAC,CAAC,CAAA;YAE1C,IAAI,YAAY,KAAK,KAAK,EAAE,CAAC;gBACzB,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,KAAK,CAAC,EAAE,CAAC;oBACxB,MAAM,IAAI,kBAAU,CAChB,wDAAwD,OAAO,KAAK,EAAE,CACzE,CAAA;gBACL,CAAC;gBAED,KAAK,CAAC,OAAO,CAAC,CAAC,MAAM,EAAE,EAAE;oBACrB,IAAI,OAAO,MAAM,KAAK,QAAQ,EAAE,CAAC;wBAC7B,MAAM,IAAI,kBAAU,CAChB,kEAAkE,OAAO,MAAM,EAAE,CACpF,CAAA;oBACL,CAAC;oBACD,SAAS,CAAC,MAAM,CAAC,GAAG,UAAU,CAAA;gBAClC,CAAC,CAAC,CAAA;YACN,CAAC;iBAAM,IAAI,YAAY,KAAK,KAAK,EAAE,CAAC;gBAChC,IAAI,OAAO,KAAK,KAAK,QAAQ,EAAE,CAAC;oBAC5B,MAAM,IAAI,kBAAU,CAChB,2DAA2D,OAAO,KAAK,EAAE,CAC5E,CAAA;gBACL,CAAC;gBACD,SAAS,CAAC,KAAK,CAAC,GAAG,UAAU,CAAA;YACjC,CAAC;QACL,CAAC,CAAC,CAAA;IACN,CAAC;IAED,KAAK,MAAM,UAAU,IAAI,WAAW,EAAE,CAAC;QACnC,MAAM,MAAM,GAAG,mBAAmB,CAAC,UAAU,EAAE,SAAS,CAAC,CAAA;QAEzD,GAAG,CAAC,UAAU,CAAC,MAAM,CAAC,GAAG;YACrB,UAAU;YACV,iBAAiB,EAAE,MAAM;SAC5B,CAAA;IACL,CAAC;IAED,OAAO,GAAG,CAAA;AACd,CAAC,CAAA;AAjDY,QAAA,gBAAgB,oBAiD5B"}
|
|
@@ -1,5 +1,5 @@
|
|
|
1
|
-
import { AsyncHasher, Hasher } from '@sd-jwt/types';
|
|
2
|
-
import { DisclosureItem
|
|
1
|
+
import { AsyncHasher, Hasher, HasherAndAlgorithm } from '@sd-jwt/types';
|
|
2
|
+
import { DisclosureItem } from '../types';
|
|
3
3
|
import { DisclosureWithDigest as DisclosureWithDigestJson, Disclosure as DisclosureJson } from '@sd-jwt/types';
|
|
4
4
|
export type DisclosureWithDigest = Disclosure & {
|
|
5
5
|
digest: string;
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"disclosures.js","sourceRoot":"","sources":["../../src/sdJwt/disclosures.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;AAAA,2CAA0D;
|
|
1
|
+
{"version":3,"file":"disclosures.js","sourceRoot":"","sources":["../../src/sdJwt/disclosures.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;AAAA,2CAA0D;AAO1D,yCAAoD;AAEpD,mCAAoC;AASpC,MAAa,UAAU;IAMnB,YAAmB,IAAY,EAAE,KAAc,EAAE,GAAY;QAF7D,qCAAgB;QAGZ,IAAI,OAAO,KAAK,KAAK,QAAQ,IAAI,KAAK,CAAC,KAAK,CAAC,EAAE,CAAC;YAC5C,MAAM,IAAI,kBAAU,CAChB,gDAAgD,CACnD,CAAA;QACL,CAAC;QAED,IAAI,OAAO,KAAK,KAAK,QAAQ,IAAI,CAAC,QAAQ,CAAC,KAAK,CAAC,EAAE,CAAC;YAChD,MAAM,IAAI,kBAAU,CAChB,qDAAqD,CACxD,CAAA;QACL,CAAC;QAED,IAAI,CAAC,IAAI,GAAG,IAAI,CAAA;QAChB,IAAI,CAAC,GAAG,GAAG,GAAG,CAAA;QACd,IAAI,CAAC,KAAK,GAAG,KAAK,CAAA;IACtB,CAAC;IAEM,MAAM,CAAC,UAAU,CAAC,CAAS;QAC9B,MAAM,IAAI,GAAG,iBAAS,CAAC,YAAY,CAAiB,CAAC,CAAC,CAAA;QAEtD,OAAO,UAAU,CAAC,SAAS,CAAC,IAAI,CAAC,CAAA;IACrC,CAAC;IAEM,MAAM,CAAC,SAAS,CAAC,IAAoB;QACxC,OAAO,IAAI,CAAC,CAAC,CAAC,KAAK,SAAS;YACxB,CAAC,CAAC,IAAI,UAAU,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,IAAI,CAAC,CAAC,CAAC,CAAC;YAClC,CAAC,CAAC,IAAI,UAAU,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,IAAI,CAAC,CAAC,CAAC,EAAE,IAAI,CAAC,CAAC,CAAW,CAAC,CAAA;IAC7D,CAAC;IAED,IAAW,OAAO;QACd,OAAO,iBAAS,CAAC,cAAc,CAAC,IAAI,CAAC,OAAO,CAAC,CAAA;IACjD,CAAC;IAED,IAAW,OAAO;QACd,OAAO,IAAI,CAAC,GAAG;YACX,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,EAAE,IAAI,CAAC,GAAG,EAAE,IAAI,CAAC,KAAK,CAAC;YACnC,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,EAAE,IAAI,CAAC,KAAK,CAAC,CAAA;IACjC,CAAC;IAED,IAAW,MAAM;QACb,OAAO,uBAAA,IAAI,0BAAQ,CAAA;IACvB,CAAC;IAED;;;;;OAKG;IACI,UAAU,CAAC,MAAc;QAC5B,uBAAA,IAAI,sBAAW,MAAM,MAAA,CAAA;QACrB,OAAO,IAA4B,CAAA;IACvC,CAAC;IAEM,mBAAmB,CAGtB,kBAA4D;IAC5D,+DAA+D;IAC/D,EAAE,WAAW,GAAG,KAAK,KAAgC,EAAE;QAEvD,8EAA8E;QAC9E,iFAAiF;QACjF,6EAA6E;QAC7E,2DAA2D;QAC3D,IAAI,CAAC,WAAW,IAAI,sBAAsB,CAAC,IAAI,CAAC,EAAE,CAAC;YAC/C,OAAO,IAAsE,CAAA;QACjF,CAAC;QAED,MAAM,YAAY,GAAG,IAAA,kCAAyB,EAC1C,IAAI,CAAC,MAAM,EAAE;QACb,kCAAkC;QAClC,kBAAkB,CAAC,SAA4B,EAC/C,kBAAkB,CAAC,MAAM,CAC5B,CAAA;QAED,IAAI,IAAA,iBAAS,EAAC,YAAY,CAAC,EAAE,CAAC;YAC1B,OAAO,YAAY,CAAC,IAAI,CAAC,CAAC,MAAM,EAAE,EAAE;gBAChC,uBAAA,IAAI,sBAAW,MAAM,MAAA,CAAA;gBAErB,8CAA8C;gBAC9C,OAAO,IAAI,CAAA;YACf,CAAC,CAAmE,CAAA;QACxE,CAAC;aAAM,CAAC;YACJ,uBAAA,IAAI,sBAAW,YAAY,MAAA,CAAA;YAE3B,8CAA8C;YAC9C,OAAO,IAAsE,CAAA;QACjF,CAAC;IACL,CAAC;IAEM,QAAQ;QACX,OAAO,IAAI,CAAC,OAAO,CAAA;IACvB,CAAC;IAEM,MAAM;QACT,OAAO;YACH,OAAO,EAAE,IAAI,CAAC,OAAO;YACrB,IAAI,EAAE,IAAI,CAAC,IAAI;YACf,KAAK,EAAE,IAAI,CAAC,KAAK;YACjB,GAAG,EAAE,IAAI,CAAC,GAAG;YACb,MAAM,EAAE,IAAI,CAAC,MAAM;SAGH,CAAA;IACxB,CAAC;IAEM,MAAM,CAAC,QAAQ,CAClB,cAAiB;QAEjB,MAAM,UAAU,GAAG,IAAI,UAAU,CAC7B,cAAc,CAAC,IAAI,EACnB,cAAc,CAAC,KAAK,EACpB,cAAc,CAAC,GAAG,CACrB,CAAA;QAED,IAAI,QAAQ,IAAI,cAAc,EAAE,CAAC;YAC7B,UAAU,CAAC,UAAU,CAAC,cAAc,CAAC,MAAM,CAAC,CAAA;QAChD,CAAC;QAED,OAAO,UAES,CAAA;IACpB,CAAC;CACJ;AAnID,gCAmIC;;AAQD,SAAgB,sBAAsB,CAClC,UAAsB;IAEtB,OAAO,UAAU,CAAC,MAAM,KAAK,SAAS,CAAA;AAC1C,CAAC;AAJD,wDAIC"}
|
|
@@ -0,0 +1,3 @@
|
|
|
1
|
+
import { DisclosureWithDigest } from './disclosures';
|
|
2
|
+
import { PresentationFrame } from '../types/present';
|
|
3
|
+
export declare const getDisclosuresForPresentationFrame: <Payload extends Record<string, unknown> = Record<string, unknown>>(signedPayload: Payload, presentationFrame: PresentationFrame<Payload>, prettyClaims: Payload, disclosures?: Array<DisclosureWithDigest>) => Array<DisclosureWithDigest>;
|
|
@@ -0,0 +1,64 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
|
+
exports.getDisclosuresForPresentationFrame = void 0;
|
|
4
|
+
const utils_1 = require("../utils");
|
|
5
|
+
const error_1 = require("./error");
|
|
6
|
+
const disclosureMapping_1 = require("./disclosureMapping");
|
|
7
|
+
const getDisclosuresForPresentationFrame = (signedPayload, presentationFrame, prettyClaims, disclosures = []) => {
|
|
8
|
+
const requiredDisclosureDigests = new Set();
|
|
9
|
+
const disclosureMap = (0, disclosureMapping_1.getDisclosureMap)(disclosures);
|
|
10
|
+
const payloadDisclosureMapping = (0, disclosureMapping_1.getPayloadDisclosureMapping)(signedPayload, disclosureMap);
|
|
11
|
+
// No disclosures needed
|
|
12
|
+
if (payloadDisclosureMapping === null) {
|
|
13
|
+
if (disclosures.length > 0) {
|
|
14
|
+
throw new error_1.SdJwtError('Payload disclosure mapping is null, but disclosures are present.');
|
|
15
|
+
}
|
|
16
|
+
return [];
|
|
17
|
+
}
|
|
18
|
+
for (const node of (0, utils_1.traverseNodes)(presentationFrame)) {
|
|
19
|
+
// We only want to process leaf nodes here
|
|
20
|
+
if (!node.isLeaf)
|
|
21
|
+
continue;
|
|
22
|
+
if (typeof node.value !== 'boolean') {
|
|
23
|
+
throw new error_1.SdJwtError(`Expected leaf value in presentation frame to be of type boolean, but found ${typeof node.value}`);
|
|
24
|
+
}
|
|
25
|
+
// If the value is false, it means we don't want to disclose it
|
|
26
|
+
if (node.value === false)
|
|
27
|
+
continue;
|
|
28
|
+
if (!(0, utils_1.hasByPath)(prettyClaims, node.path)) {
|
|
29
|
+
throw new error_1.SdJwtError(`Path ${node.path.join('.')} from presentation frame is not present in pretty SD-JWT payload. The presentation frame may only include properties that are present in the SD-JWT payload.`);
|
|
30
|
+
}
|
|
31
|
+
let path = [...node.path];
|
|
32
|
+
while (!(0, utils_1.hasByPath)(payloadDisclosureMapping, path)) {
|
|
33
|
+
if (path.pop() === undefined)
|
|
34
|
+
break;
|
|
35
|
+
}
|
|
36
|
+
// There are no disclosures on this path, meaning the property is disclosed by default in the signed payload
|
|
37
|
+
if (path.length === 0)
|
|
38
|
+
continue;
|
|
39
|
+
const disclosure = (0, utils_1.getByPath)(payloadDisclosureMapping, path);
|
|
40
|
+
// If disclosure is string, it means it's already the digest
|
|
41
|
+
if (typeof disclosure === 'string')
|
|
42
|
+
requiredDisclosureDigests.add(disclosure);
|
|
43
|
+
// Otherwise we want to get all the child digests as well
|
|
44
|
+
else {
|
|
45
|
+
for (const nestedItem of (0, utils_1.traverseNodes)(disclosure)) {
|
|
46
|
+
if (!nestedItem.isLeaf ||
|
|
47
|
+
typeof nestedItem.value !== 'string') {
|
|
48
|
+
continue;
|
|
49
|
+
}
|
|
50
|
+
requiredDisclosureDigests.add(nestedItem.value);
|
|
51
|
+
}
|
|
52
|
+
}
|
|
53
|
+
}
|
|
54
|
+
for (const disclosureDigest of requiredDisclosureDigests.values()) {
|
|
55
|
+
const disclosure = disclosureMap[disclosureDigest];
|
|
56
|
+
if (!disclosure) {
|
|
57
|
+
throw new Error('disclosure not found');
|
|
58
|
+
}
|
|
59
|
+
disclosure.parentDisclosures.forEach((d) => requiredDisclosureDigests.add(d.digest));
|
|
60
|
+
}
|
|
61
|
+
return Array.from(requiredDisclosureDigests).map((digest) => disclosureMap[digest].disclosure);
|
|
62
|
+
};
|
|
63
|
+
exports.getDisclosuresForPresentationFrame = getDisclosuresForPresentationFrame;
|
|
64
|
+
//# sourceMappingURL=presentationFrame.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"presentationFrame.js","sourceRoot":"","sources":["../../src/sdJwt/presentationFrame.ts"],"names":[],"mappings":";;;AAAA,oCAA8D;AAE9D,mCAAoC;AAEpC,2DAG4B;AAErB,MAAM,kCAAkC,GAAG,CAG9C,aAAsB,EACtB,iBAA6C,EAC7C,YAAqB,EACrB,cAA2C,EAAE,EAClB,EAAE;IAC7B,MAAM,yBAAyB,GAAG,IAAI,GAAG,EAAU,CAAA;IACnD,MAAM,aAAa,GAAG,IAAA,oCAAgB,EAAC,WAAW,CAAC,CAAA;IACnD,MAAM,wBAAwB,GAAG,IAAA,+CAA2B,EACxD,aAAa,EACb,aAAa,CAChB,CAAA;IAED,wBAAwB;IACxB,IAAI,wBAAwB,KAAK,IAAI,EAAE,CAAC;QACpC,IAAI,WAAW,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YACzB,MAAM,IAAI,kBAAU,CAChB,kEAAkE,CACrE,CAAA;QACL,CAAC;QAED,OAAO,EAAE,CAAA;IACb,CAAC;IAED,KAAK,MAAM,IAAI,IAAI,IAAA,qBAAa,EAAC,iBAAiB,CAAC,EAAE,CAAC;QAClD,0CAA0C;QAC1C,IAAI,CAAC,IAAI,CAAC,MAAM;YAAE,SAAQ;QAE1B,IAAI,OAAO,IAAI,CAAC,KAAK,KAAK,SAAS,EAAE,CAAC;YAClC,MAAM,IAAI,kBAAU,CAChB,8EAA8E,OAAO,IAAI,CAAC,KAAK,EAAE,CACpG,CAAA;QACL,CAAC;QAED,+DAA+D;QAC/D,IAAI,IAAI,CAAC,KAAK,KAAK,KAAK;YAAE,SAAQ;QAElC,IAAI,CAAC,IAAA,iBAAS,EAAC,YAAY,EAAE,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC;YACtC,MAAM,IAAI,kBAAU,CAChB,QAAQ,IAAI,CAAC,IAAI,CAAC,IAAI,CAClB,GAAG,CACN,8JAA8J,CAClK,CAAA;QACL,CAAC;QAED,IAAI,IAAI,GAAG,CAAC,GAAG,IAAI,CAAC,IAAI,CAAC,CAAA;QACzB,OAAO,CAAC,IAAA,iBAAS,EAAC,wBAAwB,EAAE,IAAI,CAAC,EAAE,CAAC;YAChD,IAAI,IAAI,CAAC,GAAG,EAAE,KAAK,SAAS;gBAAE,MAAK;QACvC,CAAC;QAED,4GAA4G;QAC5G,IAAI,IAAI,CAAC,MAAM,KAAK,CAAC;YAAE,SAAQ;QAE/B,MAAM,UAAU,GAAG,IAAA,iBAAS,EAAC,wBAAwB,EAAE,IAAI,CAAC,CAAA;QAC5D,4DAA4D;QAC5D,IAAI,OAAO,UAAU,KAAK,QAAQ;YAC9B,yBAAyB,CAAC,GAAG,CAAC,UAAU,CAAC,CAAA;QAC7C,yDAAyD;aACpD,CAAC;YACF,KAAK,MAAM,UAAU,IAAI,IAAA,qBAAa,EAAC,UAAU,CAAC,EAAE,CAAC;gBACjD,IACI,CAAC,UAAU,CAAC,MAAM;oBAClB,OAAO,UAAU,CAAC,KAAK,KAAK,QAAQ,EACtC,CAAC;oBACC,SAAQ;gBACZ,CAAC;gBACD,yBAAyB,CAAC,GAAG,CAAC,UAAU,CAAC,KAAK,CAAC,CAAA;YACnD,CAAC;QACL,CAAC;IACL,CAAC;IAED,KAAK,MAAM,gBAAgB,IAAI,yBAAyB,CAAC,MAAM,EAAE,EAAE,CAAC;QAChE,MAAM,UAAU,GAAG,aAAa,CAAC,gBAAgB,CAAC,CAAA;QAElD,IAAI,CAAC,UAAU,EAAE,CAAC;YACd,MAAM,IAAI,KAAK,CAAC,sBAAsB,CAAC,CAAA;QAC3C,CAAC;QAED,UAAU,CAAC,iBAAiB,CAAC,OAAO,CAAC,CAAC,CAAC,EAAE,EAAE,CACvC,yBAAyB,CAAC,GAAG,CAAC,CAAC,CAAC,MAAM,CAAC,CAC1C,CAAA;IACL,CAAC;IAED,OAAO,KAAK,CAAC,IAAI,CAAC,yBAAyB,CAAC,CAAC,GAAG,CAC5C,CAAC,MAAM,EAAE,EAAE,CAAC,aAAa,CAAC,MAAM,CAAC,CAAC,UAAU,CAC/C,CAAA;AACL,CAAC,CAAA;AAxFY,QAAA,kCAAkC,sCAwF9C"}
|
package/build/sdJwt/sdJwt.d.ts
CHANGED
|
@@ -1,10 +1,10 @@
|
|
|
1
1
|
import { PresentationFrame } from '@sd-jwt/present';
|
|
2
|
-
import { HasherAlgorithm } from '@sd-jwt/utils';
|
|
3
2
|
import { Jwt, JwtAdditionalOptions, JwtVerificationResult } from '../jwt/jwt';
|
|
4
3
|
import { KeyBinding } from '../keyBinding';
|
|
5
|
-
import { DisclosureFrame,
|
|
4
|
+
import { DisclosureFrame, SaltGenerator, Verifier } from '../types';
|
|
6
5
|
import { Disclosure, DisclosureWithDigest } from './disclosures';
|
|
7
6
|
import { ReturnSdJwtWithHeaderAndPayload, ReturnSdJwtWithKeyBinding, ReturnSdJwtWithPayload } from './types';
|
|
7
|
+
import { HasherAlgorithm, HasherAndAlgorithm } from '@sd-jwt/types';
|
|
8
8
|
export type SdJwtToCompactOptions<DisclosablePayload extends Record<string, unknown>> = {
|
|
9
9
|
disclosureFrame?: DisclosureFrame<DisclosablePayload>;
|
|
10
10
|
shouldApplyFrame?: boolean;
|
|
@@ -84,7 +84,7 @@ export declare class SdJwt<Header extends Record<string, unknown> = Record<strin
|
|
|
84
84
|
* This can be done as a holder to provide proof of possession of key material
|
|
85
85
|
*
|
|
86
86
|
*/
|
|
87
|
-
withKeyBinding(keyBinding: Jwt | KeyBinding | string): ReturnSdJwtWithKeyBinding<Header, Payload, this>;
|
|
87
|
+
withKeyBinding(keyBinding: Jwt | KeyBinding<any, any> | string): ReturnSdJwtWithKeyBinding<Header, Payload, this>;
|
|
88
88
|
/**
|
|
89
89
|
*
|
|
90
90
|
* Set the disclosure frame which will be applied via `SdJwt.applyDisclosureFrame` or when `SdJwt.toCompact` is called.
|
|
@@ -173,7 +173,7 @@ export declare class SdJwt<Header extends Record<string, unknown> = Record<strin
|
|
|
173
173
|
* - Whether the key binding is valid
|
|
174
174
|
*
|
|
175
175
|
*/
|
|
176
|
-
verify(verifier: Verifier<Header>, requiredClaimKeys?: Array<keyof Payload | string>,
|
|
176
|
+
verify(verifier: Verifier<Header>, requiredClaimKeys?: Array<keyof Payload | string>, kbJwtPublicKeyJwk?: Record<string, unknown>, issuerPublicKeyJwk?: Record<string, unknown>): Promise<SdJwtVerificationResult>;
|
|
177
177
|
/**
|
|
178
178
|
*
|
|
179
179
|
* Utility method to check whether the expected hasher algorithm is used.
|
|
@@ -202,4 +202,5 @@ export declare class SdJwt<Header extends Record<string, unknown> = Record<strin
|
|
|
202
202
|
*/
|
|
203
203
|
toCompact(): Promise<string>;
|
|
204
204
|
private __toCompact;
|
|
205
|
+
private calculateSdHash;
|
|
205
206
|
}
|
package/build/sdJwt/sdJwt.js
CHANGED
|
@@ -60,6 +60,7 @@ class SdJwt extends jwt_1.Jwt {
|
|
|
60
60
|
disclosures,
|
|
61
61
|
keyBinding
|
|
62
62
|
});
|
|
63
|
+
sdJwt.compact = compact;
|
|
63
64
|
return sdJwt;
|
|
64
65
|
}
|
|
65
66
|
/**
|
|
@@ -208,7 +209,7 @@ class SdJwt extends jwt_1.Jwt {
|
|
|
208
209
|
*/
|
|
209
210
|
assertHashAndAlgorithm() {
|
|
210
211
|
if (!this.hasherAndAlgorithm) {
|
|
211
|
-
throw new error_1.SdJwtError('A hasher and algorithm must be set in order to create a
|
|
212
|
+
throw new error_1.SdJwtError('A hasher and algorithm must be set in order to create a digests for disclosures or integrity protection of a kb-jwt. You can set it with this.withHasher()');
|
|
212
213
|
}
|
|
213
214
|
}
|
|
214
215
|
/**
|
|
@@ -287,16 +288,24 @@ class SdJwt extends jwt_1.Jwt {
|
|
|
287
288
|
* - Whether the key binding is valid
|
|
288
289
|
*
|
|
289
290
|
*/
|
|
290
|
-
verify(verifier, requiredClaimKeys,
|
|
291
|
+
verify(verifier, requiredClaimKeys, kbJwtPublicKeyJwk, issuerPublicKeyJwk) {
|
|
291
292
|
const _super = Object.create(null, {
|
|
292
293
|
verify: { get: () => super.verify }
|
|
293
294
|
});
|
|
294
295
|
var _a;
|
|
295
296
|
return __awaiter(this, void 0, void 0, function* () {
|
|
296
297
|
this.assertSignature();
|
|
297
|
-
const jwtVerificationResult = (yield _super.verify.call(this, verifier, requiredClaimKeys));
|
|
298
298
|
if (this.keyBinding) {
|
|
299
|
-
|
|
299
|
+
this.assertHashAndAlgorithm();
|
|
300
|
+
}
|
|
301
|
+
const jwtVerificationResult = (yield _super.verify.call(this, verifier, requiredClaimKeys, issuerPublicKeyJwk));
|
|
302
|
+
if (this.keyBinding) {
|
|
303
|
+
if (!this.keyBinding.expectedSdHash) {
|
|
304
|
+
// Calculate and set expected _sd_hash
|
|
305
|
+
const sdHash = yield this.calculateSdHash();
|
|
306
|
+
this.keyBinding.withExpectedSdHash(sdHash);
|
|
307
|
+
}
|
|
308
|
+
const { isValid } = yield this.keyBinding.verify(verifier, [], kbJwtPublicKeyJwk);
|
|
300
309
|
jwtVerificationResult.isKeyBindingValid = isValid;
|
|
301
310
|
}
|
|
302
311
|
const claimKeys = (0, utils_1.getAllKeys)(this.payload).concat(((_a = this.disclosures) !== null && _a !== void 0 ? _a : []).map((d) => d.decoded[1]));
|
|
@@ -378,11 +387,13 @@ class SdJwt extends jwt_1.Jwt {
|
|
|
378
387
|
});
|
|
379
388
|
}
|
|
380
389
|
__toCompact(disclosures = this.disclosures, shouldApplyFrame = true) {
|
|
381
|
-
var _a, _b, _c;
|
|
390
|
+
var _a, _b, _c, _d, _e;
|
|
382
391
|
return __awaiter(this, void 0, void 0, function* () {
|
|
383
392
|
this.assertHeader();
|
|
384
393
|
this.assertPayload();
|
|
385
|
-
|
|
394
|
+
if (this.keyBinding && !this.keyBinding.expectedSdHash) {
|
|
395
|
+
this.assertHashAndAlgorithm();
|
|
396
|
+
}
|
|
386
397
|
if (this.disclosureFrame && shouldApplyFrame) {
|
|
387
398
|
yield this.applyDisclosureFrame();
|
|
388
399
|
}
|
|
@@ -395,8 +406,35 @@ class SdJwt extends jwt_1.Jwt {
|
|
|
395
406
|
const sDisclosures = disclosures && disclosures.length > 0
|
|
396
407
|
? `~${disclosures.join('~')}~`
|
|
397
408
|
: '~';
|
|
398
|
-
const
|
|
399
|
-
|
|
409
|
+
const sdJwtWithoutKb = `${compactHeader}.${compactPayload}.${sSignature}${sDisclosures}`;
|
|
410
|
+
if (this.keyBinding) {
|
|
411
|
+
const sdHash = (_a = this.keyBinding.expectedSdHash) !== null && _a !== void 0 ? _a : (yield this.calculateSdHash(sdJwtWithoutKb));
|
|
412
|
+
if (this.keyBinding.signature &&
|
|
413
|
+
!((_b = this.keyBinding.payload) === null || _b === void 0 ? void 0 : _b._sd_hash)) {
|
|
414
|
+
throw new error_1.SdJwtError("Key binding is already signed, but missing _sd_hash. If you're manually signing the kb-jwt, make sure the correct _sd_hash is set.");
|
|
415
|
+
}
|
|
416
|
+
// If the signature is already set we don't want to add the _sd_hash ourselves
|
|
417
|
+
// Also the signature won't be re-calculated if it's already set -- this seems like a security issue to me
|
|
418
|
+
if (!this.keyBinding.signature &&
|
|
419
|
+
!((_c = this.keyBinding.payload) === null || _c === void 0 ? void 0 : _c._sd_hash)) {
|
|
420
|
+
this.keyBinding.withSdHashClaim(sdHash);
|
|
421
|
+
}
|
|
422
|
+
// Make sure the sd_hash is valid. If there's already a signature set
|
|
423
|
+
// this will ensure the signature was made with the correct _sd_hash
|
|
424
|
+
yield this.keyBinding.assertValidForKeyBinding(sdHash);
|
|
425
|
+
}
|
|
426
|
+
const kb = (_e = (yield ((_d = this.keyBinding) === null || _d === void 0 ? void 0 : _d.toCompact()))) !== null && _e !== void 0 ? _e : '';
|
|
427
|
+
return sdJwtWithoutKb + kb;
|
|
428
|
+
});
|
|
429
|
+
}
|
|
430
|
+
calculateSdHash(compact) {
|
|
431
|
+
return __awaiter(this, void 0, void 0, function* () {
|
|
432
|
+
this.assertHashAndAlgorithm();
|
|
433
|
+
const c = compact !== null && compact !== void 0 ? compact : this.compact;
|
|
434
|
+
if (!c) {
|
|
435
|
+
throw new error_1.SdJwtError("Unable to calculate _sd_hash for sd-jwt, without 'compact' variant to compare _sd_hash. Use `fromCompact`, or call `sdJwt.keyBinding.withExpectedSdHash` to set the expected _sd_hash.");
|
|
436
|
+
}
|
|
437
|
+
return (0, decode_1.calculateSdHash)(c, this.hasherAndAlgorithm);
|
|
400
438
|
});
|
|
401
439
|
}
|
|
402
440
|
}
|
package/build/sdJwt/sdJwt.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"sdJwt.js","sourceRoot":"","sources":["../../src/sdJwt/sdJwt.ts"],"names":[],"mappings":";;;;;;;;;;;;AAAA,
|
|
1
|
+
{"version":3,"file":"sdJwt.js","sourceRoot":"","sources":["../../src/sdJwt/sdJwt.ts"],"names":[],"mappings":";;;;;;;;;;;;AAAA,2CAIuB;AACvB,6CAGwB;AACxB,yCAA4E;AAC5E,oCAA6E;AAC7E,8CAA0C;AAE1C,uDAAwD;AACxD,+CAAgE;AAChE,mCAAoC;AAqCpC,MAAa,KAGX,SAAQ,SAAoB;IAQ1B,YACI,OAAuC,EACvC,iBAAmD;QAEnD,KAAK,CAAC,OAAO,EAAE,iBAAiB,CAAC,CAAA;QACjC,IAAI,CAAC,MAAM,GAAG,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,MAAM,CAAA;QAC7B,IAAI,CAAC,OAAO,GAAG,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,OAAO,CAAA;QAC/B,IAAI,CAAC,SAAS,GAAG,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,SAAS,CAAA;QACnC,IAAI,CAAC,WAAW,GAAG,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,WAAW,CAAA;QACvC,IAAI,CAAC,UAAU,GAAG,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,UAAU,CAAA;QAErC,IAAI,iBAAiB,aAAjB,iBAAiB,uBAAjB,iBAAiB,CAAE,kBAAkB,EAAE,CAAC;YACxC,IAAI,CAAC,UAAU,CAAC,iBAAiB,CAAC,kBAAkB,CAAC,CAAA;QACzD,CAAC;QAED,IAAI,iBAAiB,aAAjB,iBAAiB,uBAAjB,iBAAiB,CAAE,aAAa,EAAE,CAAC;YACnC,IAAI,CAAC,iBAAiB,CAAC,iBAAiB,CAAC,aAAa,CAAC,CAAA;QAC3D,CAAC;QAED,IAAI,iBAAiB,aAAjB,iBAAiB,uBAAjB,iBAAiB,CAAE,eAAe,EAAE,CAAC;YACrC,IAAI,CAAC,mBAAmB,CAAC,iBAAiB,CAAC,eAAe,CAAC,CAAA;QAC/D,CAAC;QAED,IAAI,iBAAiB,aAAjB,iBAAiB,uBAAjB,iBAAiB,CAAE,MAAM,EAAE,CAAC;YAC5B,IAAI,CAAC,UAAU,CAAC,iBAAiB,CAAC,MAAM,CAAC,CAAA;QAC7C,CAAC;IACL,CAAC;IAED;;;;OAIG;IACI,MAAM,CAAU,WAAW,CAGhC,OAAe;QACb,MAAM,EACF,WAAW,EAAE,CAAC,EACd,UAAU,EAAE,EAAE,EACd,SAAS,EACT,OAAO,EACP,MAAM,EACT,GAAG,IAAA,yBAAgB,EAAkB,OAAO,CAAC,CAAA;QAE9C,MAAM,WAAW,GAAG,CAAC,aAAD,CAAC,uBAAD,CAAC,CAAE,GAAG,CACtB,CAAC,UAAU,EAAE,EAAE,CACX,IAAI,wBAAU,CACV,UAAU,CAAC,IAAI,EACf,UAAU,CAAC,KAAK,EAChB,UAAU,CAAC,GAAG,CACjB,CACR,CAAA;QAED,MAAM,UAAU,GAAG,EAAE;YACjB,CAAC,CAAC,IAAI,uBAAU,EAAE;iBACX,UAAU,CAAC,EAAE,CAAC,MAAM,CAAC;iBACrB,WAAW,CAAC,EAAE,CAAC,OAAO,CAAC;iBACvB,aAAa,CAAC,EAAE,CAAC,SAAS,CAAC;YAClC,CAAC,CAAC,SAAS,CAAA;QAEf,MAAM,KAAK,GAAG,IAAI,KAAK,CAAkB;YACrC,MAAM;YACN,OAAO;YACP,SAAS;YACT,WAAW;YACX,UAAU;SACb,CAAC,CAAA;QAEF,KAAK,CAAC,OAAO,GAAG,OAAO,CAAA;QACvB,OAAO,KAIN,CAAA;IACL,CAAC;IAED;;;;;;;;;;;;;;;;OAgBG;IACI,iBAAiB,CAAC,aAA4B;QACjD,IAAI,CAAC,aAAa,GAAG,aAAa,CAAA;QAClC,OAAO,IAAI,CAAA;IACf,CAAC;IAED;;;;;;;;;;OAUG;IACI,UAAU,CAAC,kBAAsC;QACpD,IAAI,CAAC,kBAAkB,GAAG,kBAAkB,CAAA;QAE5C,OAAO,IAAqD,CAAA;IAChE,CAAC;IAED;;;;;;;;OAQG;IACI,2BAA2B,CAC9B,kBAAuC;QAEvC,IAAI,kBAAkB;YAAE,IAAI,CAAC,UAAU,CAAC,kBAAkB,CAAC,CAAA;QAC3D,IAAI,CAAC,sBAAsB,EAAE,CAAA;QAE7B,IAAI,CAAC,eAAe,CAAC,SAAS,EAAE,IAAI,CAAC,kBAAmB,CAAC,SAAS,CAAC,CAAA;QAEnE,OAAO,IAAqD,CAAA;IAChE,CAAC;IAED;;;;;;OAMG;IACI,cAAc,CACjB,UAA+C;QAE/C,MAAM,EAAE,GACJ,OAAO,UAAU,KAAK,QAAQ;YAC1B,CAAC,CAAC,uBAAU,CAAC,WAAW,CAAC,UAAU,CAAC;YACpC,CAAC,CAAC,UAAU,YAAY,uBAAU;gBAChC,CAAC,CAAC,UAAU;gBACZ,CAAC,CAAC,uBAAU,CAAC,OAAO,CAAC,UAAU,CAAC,CAAA;QAE1C,IAAI,CAAC,UAAU,GAAG,EAAE,CAAA;QACpB,OAAO,IAAwD,CAAA;IACnE,CAAC;IAED;;;;OAIG;IACI,mBAAmB,CAAC,eAAyC;QAChE,IAAI,CAAC,eAAe,GAAG,eAAe,CAAA;QACtC,OAAO,IAAI,CAAA;IACf,CAAC;IAED;;;;;;;;;;;;;OAaG;IACU,oBAAoB;;YAC7B,IAAI,CAAC,mBAAmB,EAAE,CAAA;YAC1B,IAAI,CAAC,sBAAsB,EAAE,CAAA;YAC7B,IAAI,CAAC,aAAa,EAAE,CAAA;YACpB,IAAI,CAAC,qBAAqB,EAAE,CAAA;YAE5B,IACI,IAAI,CAAC,WAAW;gBAChB,IAAI,CAAC,WAAW,CAAC,MAAM,GAAG,CAAC;gBAC3B,IAAI,CAAC,SAAS;gBACd,CAAC,IAAI,CAAC,MAAM,EACd,CAAC;gBACC,MAAM,IAAI,kBAAU,CAChB,yOAAyO,CAC5O,CAAA;YACL,CAAC;YAED,MAAM,EAAE,OAAO,EAAE,aAAa,EAAE,WAAW,EAAE,GACzC,MAAM,IAAA,sCAAoB,EACtB,IAAI,CAAC,aAAc,EACnB,IAAI,CAAC,kBAAmB,EACxB,IAAI,CAAC,2BAA2B,EAAE,CAAC,OAAQ,EAC3C,IAAI,CAAC,eAAgB,CACxB,CAAA;YAEL,IAAI,CAAC,WAAW,GAAG,WAAW,CAAA;YAC9B,IAAI,CAAC,OAAO,GAAG,aAAwB,CAAA;QAC3C,CAAC;KAAA;IAEY,qBAAqB;;YAG9B,IAAI,CAAC,sBAAsB,EAAE,CAAA;YAE7B,IAAI,CAAC,IAAI,CAAC,WAAW,IAAI,IAAI,CAAC,eAAe,EAAE,CAAC;gBAC5C,MAAM,IAAI,CAAC,oBAAoB,EAAE,CAAA;YACrC,CAAC;YAED,IAAI,CAAC,IAAI,CAAC,WAAW;gBAAE,OAAO,SAAS,CAAA;YAEvC,OAAO,OAAO,CAAC,GAAG,CACd,IAAI,CAAC,WAAW,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CACvB,CAAC,CAAC,mBAAmB,CAAC,IAAI,CAAC,kBAAmB,CAAC,CAClD,CACJ,CAAA;QACL,CAAC;KAAA;IAED;;;;OAIG;IACI,qBAAqB;QACxB,IAAI,IAAI,CAAC,eAAe;YAAE,OAAM;QAEhC,MAAM,IAAI,kBAAU,CAAC,iCAAiC,CAAC,CAAA;IAC3D,CAAC;IAED;;;;OAIG;IACK,mBAAmB;QACvB,IAAI,CAAC,IAAI,CAAC,aAAa,EAAE,CAAC;YACtB,MAAM,IAAI,kBAAU,CAChB,mGAAmG,CACtG,CAAA;QACL,CAAC;IACL,CAAC;IAED;;;;OAIG;IACK,sBAAsB;QAC1B,IAAI,CAAC,IAAI,CAAC,kBAAkB,EAAE,CAAC;YAC3B,MAAM,IAAI,kBAAU,CAChB,4JAA4J,CAC/J,CAAA;QACL,CAAC;IACL,CAAC;IAED;;;;;;OAMG;IACI,4BAA4B,CAAC,QAAgB;QAChD,IAAI,CAAC,qBAAqB,EAAE,CAAA;QAE5B,MAAM,KAAK,GAAG,IAAA,6BAAqB,EAAC,IAAI,CAAC,eAAgB,EAAE,QAAQ,CAAC,CAAA;QAEpE,IAAI,CAAC,KAAK,EAAE,CAAC;YACT,MAAM,IAAI,kBAAU,CAChB,cAAc,QAAQ,iDAAiD,CAC1E,CAAA;QACL,CAAC;IACL,CAAC;IAED;;;;;;;;;;;;;;;;;;;;;;;;;;;OA2BG;IACU,OAAO,CAAC,iBAA8C;;;YAC/D,IAAI,CAAC,IAAI,CAAC,WAAW,IAAI,IAAI,CAAC,eAAe,EAAE,CAAC;gBAC5C,MAAM,IAAI,CAAC,oBAAoB,EAAE,CAAA;YACrC,CAAC;YAED,mFAAmF;YACnF,IAAI,CAAC,sBAAsB,EAAE,CAAA;YAC7B,IAAI,CAAC,aAAa,EAAE,CAAA;YAEpB,oEAAoE;YACpE,IAAI,CAAC,iBAAiB,EAAE,CAAC;gBACrB,OAAO,MAAM,IAAI,CAAC,WAAW,CAAC,IAAI,CAAC,WAAW,EAAE,KAAK,CAAC,CAAA;YAC1D,CAAC;YAED,IACI,CAAC,MAAM,CAAC,IAAI,CAAC,iBAAiB,CAAC,CAAC,MAAM,GAAG,CAAC,IAAI,CAAC,IAAI,CAAC,WAAW,CAAC;gBAChE,CAAA,MAAA,IAAI,CAAC,WAAW,0CAAE,MAAM,MAAK,CAAC,EAChC,CAAC;gBACC,MAAM,IAAI,kBAAU,CAChB,sFAAsF,CACzF,CAAA;YACL,CAAC;YAED,4CAA4C;YAC5C,MAAM,qBAAqB,GAAG,MAAM,IAAI,CAAC,qBAAqB,EAAE,CAAA;YAEhE,MAAM,mBAAmB,GAAG,IAAA,4CAAkC,EAC1D,IAAI,CAAC,OAAQ,EACb,iBAAiB,EACjB,MAAM,IAAI,CAAC,eAAe,EAAE,EAC5B,qBAAqB,aAArB,qBAAqB,uBAArB,qBAAqB,CAAE,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,MAAM,EAAE,CAAC,CAChD,CAAA;YAED,OAAO,MAAM,IAAI,CAAC,WAAW,CACzB,mBAAmB,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,wBAAU,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,EACtD,KAAK,CACR,CAAA;;KACJ;IAED;;;;;;;;;;OAUG;IACU,MAAM,CACf,QAA0B,EAC1B,iBAAiD,EACjD,iBAA2C,EAC3C,kBAA4C;;;;;;YAE5C,IAAI,CAAC,eAAe,EAAE,CAAA;YAEtB,IAAI,IAAI,CAAC,UAAU,EAAE,CAAC;gBAClB,IAAI,CAAC,sBAAsB,EAAE,CAAA;YACjC,CAAC;YAED,MAAM,qBAAqB,GAAG,CAAC,MAAM,OAAM,MAAM,YAC7C,QAAQ,EACR,iBAAiB,EACjB,kBAAkB,CACrB,CAA4B,CAAA;YAE7B,IAAI,IAAI,CAAC,UAAU,EAAE,CAAC;gBAClB,IAAI,CAAC,IAAI,CAAC,UAAU,CAAC,cAAc,EAAE,CAAC;oBAClC,sCAAsC;oBACtC,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,eAAe,EAAE,CAAA;oBAC3C,IAAI,CAAC,UAAU,CAAC,kBAAkB,CAAC,MAAM,CAAC,CAAA;gBAC9C,CAAC;gBAED,MAAM,EAAE,OAAO,EAAE,GAAG,MAAM,IAAI,CAAC,UAAU,CAAC,MAAM,CAC5C,QAAoB,EACpB,EAAE,EACF,iBAAiB,CACpB,CAAA;gBAED,qBAAqB,CAAC,iBAAiB,GAAG,OAAO,CAAA;YACrD,CAAC;YAED,MAAM,SAAS,GAAG,IAAA,kBAAU,EAAC,IAAI,CAAC,OAAQ,CAAC,CAAC,MAAM,CAC9C,CAAC,MAAA,IAAI,CAAC,WAAW,mCAAI,EAAE,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAW,CAAC,CAC9D,CAAA;YAED,IAAI,iBAAiB,EAAE,CAAC;gBACpB,qBAAqB,CAAC,yBAAyB;oBAC3C,iBAAiB,CAAC,KAAK,CAAC,CAAC,GAAG,EAAE,EAAE,CAC5B,SAAS,CAAC,QAAQ,CAAC,GAAa,CAAC,CACpC,CAAA;YACT,CAAC;YAED,uCACO,qBAAqB,KACxB,OAAO,EAAE,MAAM,CAAC,OAAO,CAAC,qBAAqB,CAAC;qBACzC,MAAM,CACH,CAAC,CAAC,GAAG,EAAE,KAAK,CAAC,EAAE,EAAE,CACb,OAAO,KAAK,KAAK,SAAS,IAAI,GAAG,KAAK,SAAS,CACtD;qBACA,KAAK,CAAC,CAAC,CAAC,EAAE,KAAK,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,KAAK,CAAC,IACrC;;KACJ;IAED;;;;OAIG;IACI,WAAW,CAAC,cAAwC;QACvD,IAAI,CAAC;YACD,IAAI,CAAC,aAAa,EAAE,CAAA;YACpB,IAAI,CAAC,oBAAoB,CAAC,SAAS,EAAE,cAAc,CAAC,QAAQ,EAAE,CAAC,CAAA;YAC/D,OAAO,IAAI,CAAA;QACf,CAAC;QAAC,OAAO,CAAC,EAAE,CAAC;YACT,OAAO,CAAC,KAAK,CAAC,CAAC,CAAC,CAAA;YAChB,OAAO,KAAK,CAAA;QAChB,CAAC;IACL,CAAC;IAEM,oCAAoC,CAAC,QAAgB;QACxD,IAAI,CAAC;YACD,IAAI,CAAC,4BAA4B,CAAC,QAAQ,CAAC,CAAA;QAC/C,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACb,oFAAoF;YACpF,IAAI,KAAK,YAAY,kBAAU;gBAAE,OAAM;QAC3C,CAAC;QACD,MAAM,IAAI,kBAAU,CAChB,cAAc,QAAQ,4FAA4F,CACrH,CAAA;IACL,CAAC;IAEM,qCAAqC;QACxC,IAAI,CAAC,IAAI,CAAC,eAAe;YAAE,OAAM;QAEjC,+DAA+D;QAC/D,8BAA8B;QAC9B,KAAK,MAAM,QAAQ,IAAI,CAAC,KAAK,EAAE,SAAS,EAAE,KAAK,CAAC,EAAE,CAAC;YAC/C,IAAI,CAAC,oCAAoC,CAAC,QAAQ,CAAC,CAAA;QACvD,CAAC;IACL,CAAC;IAED;;;;OAIG;IACU,eAAe;;;YAGxB,IAAI,CAAC,aAAa,EAAE,CAAA;YACpB,IAAI,CAAC,sBAAsB,EAAE,CAAA;YAE7B,MAAM,qBAAqB,GAAG,MAAM,IAAI,CAAC,qBAAqB,EAAE,CAAA;YAChE,MAAM,UAAU,GAAG,IAAA,mCAA0B,EACzC,IAAI,CAAC,OAAQ,EACb,MAAA,qBAAqB,aAArB,qBAAqB,uBAArB,qBAAqB,CAAE,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,MAAM,EAAE,CAAC,mCAAI,EAAE,CACtD,CAAA;YAED,OAAO,UAAoB,CAAA;;KAC9B;IAED;;;;;;;;;;;OAWG;IACU,SAAS;;YAClB,OAAO,IAAI,CAAC,WAAW,EAAE,CAAA;QAC7B,CAAC;KAAA;IAEa,WAAW,CACrB,cAA6C,IAAI,CAAC,WAAW,EAC7D,mBAA4B,IAAI;;;YAEhC,IAAI,CAAC,YAAY,EAAE,CAAA;YACnB,IAAI,CAAC,aAAa,EAAE,CAAA;YAEpB,IAAI,IAAI,CAAC,UAAU,IAAI,CAAC,IAAI,CAAC,UAAU,CAAC,cAAc,EAAE,CAAC;gBACrD,IAAI,CAAC,sBAAsB,EAAE,CAAA;YACjC,CAAC;YAED,IAAI,IAAI,CAAC,eAAe,IAAI,gBAAgB,EAAE,CAAC;gBAC3C,MAAM,IAAI,CAAC,oBAAoB,EAAE,CAAA;YACrC,CAAC;YAED,WAAW,aAAX,WAAW,cAAX,WAAW,IAAX,WAAW,GAAK,IAAI,CAAC,WAAW,EAAA;YAEhC,MAAM,aAAa,GAAG,iBAAS,CAAC,MAAM,CAAC,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC,CAAA;YACnE,MAAM,cAAc,GAAG,iBAAS,CAAC,MAAM,CAAC,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,CAAA;YAErE,MAAM,UAAU,GAAG,IAAI,CAAC,SAAS;gBAC7B,CAAC,CAAC,iBAAS,CAAC,MAAM,CAAC,IAAI,CAAC,SAAS,CAAC;gBAClC,CAAC,CAAC,iBAAS,CAAC,MAAM,CAAC,CAAC,MAAM,IAAI,CAAC,UAAU,EAAE,CAAC,CAAC,SAAU,CAAC,CAAA;YAE5D,MAAM,YAAY,GACd,WAAW,IAAI,WAAW,CAAC,MAAM,GAAG,CAAC;gBACjC,CAAC,CAAC,IAAI,WAAW,CAAC,IAAI,CAAC,GAAG,CAAC,GAAG;gBAC9B,CAAC,CAAC,GAAG,CAAA;YAEb,MAAM,cAAc,GAAG,GAAG,aAAa,IAAI,cAAc,IAAI,UAAU,GAAG,YAAY,EAAE,CAAA;YAExF,IAAI,IAAI,CAAC,UAAU,EAAE,CAAC;gBAClB,MAAM,MAAM,GACR,MAAA,IAAI,CAAC,UAAU,CAAC,cAAc,mCAC9B,CAAC,MAAM,IAAI,CAAC,eAAe,CAAC,cAAc,CAAC,CAAC,CAAA;gBAEhD,IACI,IAAI,CAAC,UAAU,CAAC,SAAS;oBACzB,CAAC,CAAA,MAAA,IAAI,CAAC,UAAU,CAAC,OAAO,0CAAE,QAAQ,CAAA,EACpC,CAAC;oBACC,MAAM,IAAI,kBAAU,CAChB,oIAAoI,CACvI,CAAA;gBACL,CAAC;gBAED,8EAA8E;gBAC9E,0GAA0G;gBAC1G,IACI,CAAC,IAAI,CAAC,UAAU,CAAC,SAAS;oBAC1B,CAAC,CAAA,MAAA,IAAI,CAAC,UAAU,CAAC,OAAO,0CAAE,QAAQ,CAAA,EACpC,CAAC;oBACC,IAAI,CAAC,UAAU,CAAC,eAAe,CAAC,MAAM,CAAC,CAAA;gBAC3C,CAAC;gBAED,qEAAqE;gBACrE,oEAAoE;gBACpE,MAAM,IAAI,CAAC,UAAU,CAAC,wBAAwB,CAAC,MAAM,CAAC,CAAA;YAC1D,CAAC;YAED,MAAM,EAAE,GAAG,MAAA,CAAC,MAAM,CAAA,MAAA,IAAI,CAAC,UAAU,0CAAE,SAAS,EAAE,CAAA,CAAC,mCAAI,EAAE,CAAA;YACrD,OAAO,cAAc,GAAG,EAAE,CAAA;;KAC7B;IAEa,eAAe,CAAC,OAAgB;;YAC1C,IAAI,CAAC,sBAAsB,EAAE,CAAA;YAC7B,MAAM,CAAC,GAAG,OAAO,aAAP,OAAO,cAAP,OAAO,GAAI,IAAI,CAAC,OAAO,CAAA;YAEjC,IAAI,CAAC,CAAC,EAAE,CAAC;gBACL,MAAM,IAAI,kBAAU,CAChB,wLAAwL,CAC3L,CAAA;YACL,CAAC;YAED,OAAO,IAAA,wBAAe,EAAC,CAAC,EAAE,IAAI,CAAC,kBAAmB,CAAC,CAAA;QACvD,CAAC;KAAA;CACJ;AAlkBD,sBAkkBC"}
|