@sphereon/ssi-sdk-ext.did-utils 0.28.1-feature.jose.vcdm.20 → 0.28.1-feature.jose.vcdm.22

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (8) hide show
  1. package/dist/index.cjs +24 -19
  2. package/dist/index.cjs.map +1 -1
  3. package/dist/index.d.cts +3 -2
  4. package/dist/index.d.ts +3 -2
  5. package/dist/index.js +24 -19
  6. package/dist/index.js.map +1 -1
  7. package/package.json +4 -4
  8. package/src/did-functions.ts +31 -20
package/dist/index.cjs CHANGED
@@ -399,13 +399,19 @@ function didDocumentToJwks(didDocument) {
399
399
  };
400
400
  }
401
401
  __name(didDocumentToJwks, "didDocumentToJwks");
402
- async function mapIdentifierKeysToDocWithJwkSupport({ identifier, vmRelationship = "verificationMethod", didDocument }, context) {
402
+ async function mapIdentifierKeysToDocWithJwkSupport({ identifier, vmRelationship = "verificationMethod", didDocument, kmsKeyRef }, context) {
403
403
  const didDoc = didDocument ?? await getAgentResolver(context).resolve(identifier.did).then((result) => result.didDocument);
404
404
  if (!didDoc) {
405
405
  throw Error(`Could not resolve DID ${identifier.did}`);
406
406
  }
407
407
  const keys = didDoc ? [] : await (0, import_utils.mapIdentifierKeysToDoc)(identifier, vmRelationship, context);
408
408
  const documentKeys = await dereferenceDidKeysWithJwkSupport(didDoc, vmRelationship, context);
409
+ if (kmsKeyRef) {
410
+ let found = keys.filter((key) => key.kid === kmsKeyRef);
411
+ if (found.length > 0) {
412
+ return found;
413
+ }
414
+ }
409
415
  const localKeys = vmRelationship === "keyAgreement" ? (0, import_utils.convertIdentifierEncryptionKeys)(identifier) : (0, import_utils.compressIdentifierSecp256k1Keys)(identifier);
410
416
  const extendedKeys = documentKeys.map((verificationMethod) => {
411
417
  const localKey = localKeys.find((localKey2) => localKey2.publicKeyHex === verificationMethod.publicKeyHex || verificationMethod.publicKeyHex?.startsWith(localKey2.publicKeyHex) || compareBlockchainAccountId(localKey2, verificationMethod));
@@ -422,7 +428,7 @@ async function mapIdentifierKeysToDocWithJwkSupport({ identifier, vmRelationship
422
428
  return null;
423
429
  }
424
430
  }).filter(import_utils.isDefined);
425
- return keys.concat(extendedKeys);
431
+ return Array.from(new Set(keys.concat(extendedKeys)));
426
432
  }
427
433
  __name(mapIdentifierKeysToDocWithJwkSupport, "mapIdentifierKeysToDocWithJwkSupport");
428
434
  function compareBlockchainAccountId(localKey, verificationMethod) {
@@ -473,24 +479,23 @@ async function getKey({ identifier, vmRelationship = "authentication", kmsKeyRef
473
479
  }
474
480
  const kmsKeyRefParts = kmsKeyRef?.split(`#`);
475
481
  const kid = kmsKeyRefParts ? kmsKeyRefParts?.length === 2 ? kmsKeyRefParts[1] : kmsKeyRefParts[0] : void 0;
476
- let identifierKey = kmsKeyRef ? identifier.keys.find((key) => key.kid === kid || key?.meta?.jwkThumbprint === kid) : void 0;
482
+ let identifierKey = void 0;
483
+ const keys = await mapIdentifierKeysToDocWithJwkSupport({
484
+ identifier,
485
+ vmRelationship,
486
+ kmsKeyRef
487
+ }, context);
488
+ if (!keys || keys.length === 0) {
489
+ throw new Error(`No keys found for verificationMethodSection: ${vmRelationship} and did ${identifier.did}`);
490
+ }
491
+ if (kmsKeyRef) {
492
+ identifierKey = keys.find((key) => key.meta.verificationMethod?.id === kmsKeyRef || kid && key.meta.verificationMethod?.id?.includes(kid));
493
+ }
477
494
  if (!identifierKey) {
478
- const keys = await mapIdentifierKeysToDocWithJwkSupport({
479
- identifier,
480
- vmRelationship
481
- }, context);
482
- if (!keys || keys.length === 0) {
483
- throw new Error(`No keys found for verificationMethodSection: ${vmRelationship} and did ${identifier.did}`);
484
- }
485
- if (kmsKeyRef) {
486
- identifierKey = keys.find((key) => key.meta.verificationMethod?.id === kmsKeyRef || kid && key.meta.verificationMethod?.id?.includes(kid));
487
- }
488
- if (!identifierKey) {
489
- identifierKey = keys.find((key) => key.meta.verificationMethod?.type === vmRelationship || key.meta.purposes?.includes(vmRelationship));
490
- }
491
- if (!identifierKey) {
492
- identifierKey = keys[0];
493
- }
495
+ identifierKey = keys.find((key) => key.meta.verificationMethod?.type === vmRelationship || key.meta.purposes?.includes(vmRelationship));
496
+ }
497
+ if (!identifierKey) {
498
+ identifierKey = keys[0];
494
499
  }
495
500
  if (!identifierKey) {
496
501
  throw new Error(`No matching verificationMethodSection key found for keyId: ${kmsKeyRef} and vmSection: ${vmRelationship} for id ${identifier.did}`);
package/dist/index.cjs.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"sources":["../src/index.ts","../src/did-functions.ts","../src/types.ts"],"sourcesContent":["export * from './did-functions'\nexport * from './types'\n","import { computeAddress } from '@ethersproject/transactions'\nimport { UniResolver } from '@sphereon/did-uni-client'\nimport {\n ENC_KEY_ALGS,\n getKms,\n JwkKeyUse,\n keyTypeFromCryptographicSuite,\n sanitizedJwk,\n signatureAlgorithmFromKey,\n type TKeyType,\n toJwk,\n} from '@sphereon/ssi-sdk-ext.key-utils'\nimport { base64ToHex, hexKeyFromPEMBasedJwk } from '@sphereon/ssi-sdk-ext.x509-utils'\nimport { base58ToBytes, base64ToBytes, bytesToHex, hexToBytes, multibaseKeyToBytes } from '@sphereon/ssi-sdk.core'\nimport type { JWK } from '@sphereon/ssi-types'\nimport { convertPublicKeyToX25519 } from '@stablelib/ed25519'\nimport type { DIDDocument, DIDDocumentSection, DIDResolutionResult, IAgentContext, IDIDManager, IIdentifier, IKey, IResolver } from '@veramo/core'\nimport {\n type _ExtendedIKey,\n type _ExtendedVerificationMethod,\n type _NormalizedVerificationMethod,\n compressIdentifierSecp256k1Keys,\n convertIdentifierEncryptionKeys,\n getEthereumAddress,\n isDefined,\n mapIdentifierKeysToDoc,\n} from '@veramo/utils'\nimport { createJWT, Signer } from 'did-jwt'\nimport type { DIDResolutionOptions, JsonWebKey, Resolvable, VerificationMethod } from 'did-resolver'\n// @ts-ignore\nimport elliptic from 'elliptic'\n// @ts-ignore\nimport * as u8a from 'uint8arrays'\nconst { fromString, toString } = u8a\nimport {\n type CreateIdentifierOpts,\n type CreateOrGetIdentifierOpts,\n DID_PREFIX,\n type GetOrCreateResult,\n type GetSignerArgs,\n IdentifierAliasEnum,\n type IdentifierProviderOpts,\n type IDIDOptions,\n type SignJwtArgs,\n SupportedDidMethodEnum,\n} from './types'\n\nexport const getAuthenticationKey = async (\n {\n identifier,\n offlineWhenNoDIDRegistered,\n noVerificationMethodFallback,\n keyType,\n controllerKey,\n }: {\n identifier: IIdentifier\n keyType?: TKeyType\n offlineWhenNoDIDRegistered?: boolean\n noVerificationMethodFallback?: boolean\n controllerKey?: boolean\n },\n context: IAgentContext<IResolver & IDIDManager>\n): Promise<_ExtendedIKey> => {\n return await getFirstKeyWithRelation(\n {\n identifier,\n offlineWhenNoDIDRegistered,\n noVerificationMethodFallback,\n keyType,\n controllerKey,\n vmRelationship: 'authentication',\n },\n context\n )\n}\nexport const getFirstKeyWithRelation = async (\n {\n identifier,\n offlineWhenNoDIDRegistered,\n noVerificationMethodFallback,\n keyType,\n controllerKey,\n vmRelationship,\n }: {\n identifier: IIdentifier\n keyType?: TKeyType\n offlineWhenNoDIDRegistered?: boolean\n noVerificationMethodFallback?: boolean\n controllerKey?: boolean\n vmRelationship: DIDDocumentSection\n },\n context: IAgentContext<IResolver & IDIDManager>\n): Promise<_ExtendedIKey> => {\n let key: _ExtendedIKey | undefined = undefined\n try {\n key =\n (await getFirstKeyWithRelationFromDIDDoc(\n {\n identifier,\n vmRelationship,\n errorOnNotFound: false,\n keyType,\n controllerKey,\n },\n context\n )) ??\n (noVerificationMethodFallback || vmRelationship === 'verificationMethod' // let's not fallback to the same value again\n ? undefined\n : await getFirstKeyWithRelationFromDIDDoc(\n {\n identifier,\n vmRelationship: 'verificationMethod',\n errorOnNotFound: false,\n keyType,\n controllerKey,\n },\n context\n ))\n } catch (e) {\n if (e instanceof Error) {\n if (!e.message.includes('404') || !offlineWhenNoDIDRegistered) {\n throw e\n }\n } else {\n throw e\n }\n }\n if (!key && offlineWhenNoDIDRegistered) {\n const offlineDID = toDidDocument(identifier)\n key =\n (await getFirstKeyWithRelationFromDIDDoc(\n {\n identifier,\n vmRelationship,\n errorOnNotFound: false,\n didDocument: offlineDID,\n keyType,\n controllerKey,\n },\n context\n )) ??\n (noVerificationMethodFallback || vmRelationship === 'verificationMethod' // let's not fallback to the same value again\n ? undefined\n : await getFirstKeyWithRelationFromDIDDoc(\n {\n identifier,\n vmRelationship: 'verificationMethod',\n errorOnNotFound: false,\n didDocument: offlineDID,\n keyType,\n controllerKey,\n },\n context\n ))\n if (!key) {\n key = identifier.keys\n .map((key) => key as _ExtendedIKey)\n .filter((key) => keyType === undefined || key.type === keyType || (controllerKey && key.kid === identifier.controllerKeyId))\n .find((key) => key.meta.verificationMethod?.type.includes('authentication') || key.meta.purposes?.includes('authentication'))\n }\n }\n if (!key) {\n throw Error(`Could not find authentication key for DID ${identifier.did}`)\n }\n return key\n}\n\nexport const getOrCreatePrimaryIdentifier = async (\n context: IAgentContext<IDIDManager>,\n opts?: CreateOrGetIdentifierOpts\n): Promise<GetOrCreateResult<IIdentifier>> => {\n const primaryIdentifier = await getPrimaryIdentifier(context, { ...opts?.createOpts?.options, ...(opts?.method && { method: opts.method }) })\n if (primaryIdentifier !== undefined) {\n return {\n created: false,\n result: primaryIdentifier,\n }\n }\n\n if (opts?.method === SupportedDidMethodEnum.DID_KEY) {\n const createOpts = opts?.createOpts ?? {}\n createOpts.options = { codecName: 'EBSI', type: 'Secp256r1', ...createOpts }\n opts.createOpts = createOpts\n }\n const createdIdentifier = await createIdentifier(context, opts)\n return {\n created: true,\n result: createdIdentifier,\n }\n}\n\nexport const getPrimaryIdentifier = async (context: IAgentContext<IDIDManager>, opts?: IdentifierProviderOpts): Promise<IIdentifier | undefined> => {\n const identifiers = (await context.agent.didManagerFind(opts?.method ? { provider: `${DID_PREFIX}${opts?.method}` } : {})).filter(\n (identifier: IIdentifier) => opts?.type === undefined || identifier.keys.some((key: IKey) => key.type === opts?.type)\n )\n\n return identifiers && identifiers.length > 0 ? identifiers[0] : undefined\n}\n\nexport const createIdentifier = async (context: IAgentContext<IDIDManager>, opts?: CreateIdentifierOpts): Promise<IIdentifier> => {\n return await context.agent.didManagerCreate({\n kms: await getKms(context, opts?.createOpts?.kms),\n ...(opts?.method && { provider: `${DID_PREFIX}${opts?.method}` }),\n alias: opts?.createOpts?.alias ?? `${IdentifierAliasEnum.PRIMARY}-${opts?.method}-${opts?.createOpts?.options?.type}-${new Date().getTime()}`,\n options: opts?.createOpts?.options,\n })\n}\n\nexport const getFirstKeyWithRelationFromDIDDoc = async (\n {\n identifier,\n vmRelationship = 'verificationMethod',\n keyType,\n errorOnNotFound = false,\n didDocument,\n controllerKey,\n }: {\n identifier: IIdentifier\n controllerKey?: boolean\n vmRelationship?: DIDDocumentSection\n keyType?: TKeyType\n errorOnNotFound?: boolean\n didDocument?: DIDDocument\n },\n context: IAgentContext<IResolver & IDIDManager>\n): Promise<_ExtendedIKey | undefined> => {\n const matchedKeys = await mapIdentifierKeysToDocWithJwkSupport({ identifier, vmRelationship, didDocument }, context)\n if (Array.isArray(matchedKeys) && matchedKeys.length > 0) {\n const result = matchedKeys.find(\n (key) => keyType === undefined || key.type === keyType || (controllerKey && key.kid === identifier.controllerKeyId)\n )\n if (result) {\n return result\n }\n }\n if (errorOnNotFound) {\n throw new Error(\n `Could not find key with relationship ${vmRelationship} in DID document for ${identifier.did}${keyType ? ' and key type: ' + keyType : ''}`\n )\n }\n return undefined\n}\n\nexport const getEthereumAddressFromKey = ({ key }: { key: IKey }) => {\n if (key.type !== 'Secp256k1') {\n throw Error(`Can only get ethereum address from a Secp256k1 key. Type is ${key.type} for keyRef: ${key.kid}`)\n }\n const ethereumAddress = key.meta?.ethereumAddress ?? key.meta?.account?.toLowerCase() ?? computeAddress(`0x${key.publicKeyHex}`).toLowerCase()\n if (!ethereumAddress) {\n throw Error(`Could not get or generate ethereum address from key with keyRef ${key.kid}`)\n }\n return ethereumAddress\n}\n\nexport const getControllerKey = ({ identifier }: { identifier: IIdentifier }) => {\n const key = identifier.keys.find((key) => key.kid === identifier.controllerKeyId)\n if (!key) {\n throw Error(`Could not get controller key for identifier ${identifier}`)\n }\n return key\n}\n\nexport const getKeys = ({\n jwkThumbprint,\n kms,\n identifier,\n kmsKeyRef,\n keyType,\n controllerKey,\n}: {\n identifier: IIdentifier\n kmsKeyRef?: string\n keyType?: TKeyType\n kms?: string\n jwkThumbprint?: string\n controllerKey?: boolean\n}) => {\n return identifier.keys\n .filter((key) => !keyType || key.type === keyType)\n .filter((key) => !kms || key.kms === kms)\n .filter((key) => !kmsKeyRef || key.kid === kmsKeyRef)\n .filter((key) => !jwkThumbprint || key.meta?.jwkThumbprint === jwkThumbprint)\n .filter((key) => !controllerKey || identifier.controllerKeyId === key.kid)\n}\n\n//TODO: Move to ssi-sdk/core and create PR upstream\n/**\n * Dereferences keys from DID document and normalizes them for easy comparison.\n *\n * When dereferencing keyAgreement keys, only Ed25519 and X25519 curves are supported.\n * Other key types are omitted from the result and Ed25519 keys are converted to X25519\n *\n * @returns a Promise that resolves to the list of dereferenced keys.\n *\n * @beta This API may change without a BREAKING CHANGE notice.\n */\nexport async function dereferenceDidKeysWithJwkSupport(\n didDocument: DIDDocument,\n section: DIDDocumentSection = 'keyAgreement',\n context: IAgentContext<IResolver>\n): Promise<_NormalizedVerificationMethod[]> {\n const convert = section === 'keyAgreement'\n if (section === 'service') {\n return []\n }\n return (\n await Promise.all(\n (didDocument[section] || []).map(async (key: string | VerificationMethod) => {\n if (typeof key === 'string') {\n try {\n return (await context.agent.getDIDComponentById({\n didDocument,\n didUrl: key,\n section,\n })) as _ExtendedVerificationMethod\n } catch (e) {\n return null\n }\n } else {\n return key as _ExtendedVerificationMethod\n }\n })\n )\n )\n .filter(isDefined)\n .map((key) => {\n const hexKey = extractPublicKeyHexWithJwkSupport(key, convert)\n const { publicKeyHex, publicKeyBase58, publicKeyBase64, publicKeyJwk, ...keyProps } = key\n const newKey = { ...keyProps, publicKeyHex: hexKey }\n if (convert && 'Ed25519VerificationKey2018' === newKey.type) {\n newKey.type = 'X25519KeyAgreementKey2019'\n }\n return newKey\n })\n}\n\nexport function jwkTtoPublicKeyHex(jwk: JWK): string {\n // todo: Hacky way to convert this to a VM. Should extract the logic from the below methods\n // @ts-ignore\n const vm: _ExtendedVerificationMethod = {\n publicKeyJwk: sanitizedJwk(jwk),\n }\n return extractPublicKeyHexWithJwkSupport(vm)\n}\n\n/**\n * Converts the publicKey of a VerificationMethod to hex encoding (publicKeyHex)\n *\n * @param pk - the VerificationMethod to be converted\n * @param convert - when this flag is set to true, Ed25519 keys are converted to their X25519 pairs\n * @returns the hex encoding of the public key\n *\n * @beta This API may change without a BREAKING CHANGE notice.\n */\nexport function extractPublicKeyHexWithJwkSupport(pk: _ExtendedVerificationMethod, convert = false): string {\n if (pk.publicKeyJwk) {\n const jwk = sanitizedJwk(pk.publicKeyJwk)\n if (jwk.kty === 'EC') {\n const curve = jwk.crv ? toEcLibCurve(jwk.crv) : 'p256'\n const xHex = base64ToHex(jwk.x!, 'base64url')\n const yHex = base64ToHex(jwk.y!, 'base64url')\n const prefix = '04' // isEven(yHex) ? '02' : '03'\n // Uncompressed Hex format: 04<x><y>\n // Compressed Hex format: 02<x> (for even y) or 03<x> (for uneven y)\n const hex = `${prefix}${xHex}${yHex}`\n try {\n const ec = new elliptic.ec(curve)\n // We return directly as we don't want to convert the result back into Uint8Array and then convert again to hex as the elliptic lib already returns hex strings\n const publicKeyHex = ec.keyFromPublic(hex, 'hex').getPublic(true, 'hex')\n // This returns a short form (x) with 02 or 03 prefix\n return publicKeyHex\n } catch (error: any) {\n console.error(`Error converting EC with elliptic lib curve ${curve} from JWK to hex. x: ${jwk.x}, y: ${jwk.y}, error: ${error}`, error)\n }\n } else if (jwk.crv === 'Ed25519') {\n return toString(fromString(jwk.x!, 'base64url'), 'base16')\n } else if (jwk.kty === 'RSA') {\n return hexKeyFromPEMBasedJwk(jwk, 'public')\n }\n }\n // delegate the other types to the original Veramo function\n return extractPublicKeyHex(pk, convert)\n}\n\nexport function isEvenHexString(hex: string) {\n const lastChar = hex[hex.length - 1].toLowerCase()\n return ['0', '2', '4', '6', '8', 'a', 'c', 'e'].includes(lastChar)\n}\n\ninterface LegacyVerificationMethod extends VerificationMethod {\n publicKeyBase64: string\n}\n\n/**\n * Converts the publicKey of a VerificationMethod to hex encoding (publicKeyHex)\n *\n * @param pk - the VerificationMethod to be converted\n * @param convert - when this flag is set to true, Ed25519 keys are converted to their X25519 pairs\n * @returns the hex encoding of the public key\n *\n * @beta This API may change without a BREAKING CHANGE notice.\n */\nexport function extractPublicKeyHex(pk: _ExtendedVerificationMethod, convert: boolean = false): string {\n let keyBytes = extractPublicKeyBytes(pk)\n const jwk = pk.publicKeyJwk ? sanitizedJwk(pk.publicKeyJwk) : undefined\n if (convert) {\n if (\n ['Ed25519', 'Ed25519VerificationKey2018', 'Ed25519VerificationKey2020'].includes(pk.type) ||\n (pk.type === 'JsonWebKey2020' && jwk?.crv === 'Ed25519')\n ) {\n keyBytes = convertPublicKeyToX25519(keyBytes)\n } else if (\n !['X25519', 'X25519KeyAgreementKey2019', 'X25519KeyAgreementKey2020'].includes(pk.type) &&\n !(pk.type === 'JsonWebKey2020' && jwk?.crv === 'X25519')\n ) {\n return ''\n }\n }\n return bytesToHex(keyBytes)\n}\n\nfunction toEcLibCurve(input: string) {\n return input.toLowerCase().replace('-', '').replace('_', '')\n}\n\nfunction extractPublicKeyBytes(pk: VerificationMethod): Uint8Array {\n if (pk.publicKeyBase58) {\n return base58ToBytes(pk.publicKeyBase58)\n } else if (pk.publicKeyMultibase) {\n return multibaseKeyToBytes(pk.publicKeyMultibase)\n } else if ((<LegacyVerificationMethod>pk).publicKeyBase64) {\n return base64ToBytes((<LegacyVerificationMethod>pk).publicKeyBase64)\n } else if (pk.publicKeyHex) {\n return hexToBytes(pk.publicKeyHex)\n } else if (pk.publicKeyJwk?.crv && pk.publicKeyJwk.x && pk.publicKeyJwk.y) {\n return hexToBytes(extractPublicKeyHexWithJwkSupport(pk))\n } else if (pk.publicKeyJwk && (pk.publicKeyJwk.crv === 'Ed25519' || pk.publicKeyJwk.crv === 'X25519') && pk.publicKeyJwk.x) {\n return base64ToBytes(pk.publicKeyJwk.x)\n }\n return new Uint8Array()\n}\n\nexport function verificationMethodToJwk(vm: VerificationMethod): JWK {\n let jwk: JWK | undefined = vm.publicKeyJwk as JWK\n if (!jwk) {\n let publicKeyHex = vm.publicKeyHex ?? toString(extractPublicKeyBytes(vm), 'hex')\n jwk = toJwk(publicKeyHex, keyTypeFromCryptographicSuite({ crv: vm.type }))\n }\n if (!jwk) {\n throw Error(`Could not convert verification method to jwk`)\n }\n jwk.kid = vm.id\n return sanitizedJwk(jwk)\n}\n\nfunction didDocumentSectionToJwks(\n didDocumentSection: DIDDocumentSection,\n searchForVerificationMethods?: (VerificationMethod | string)[],\n verificationMethods?: VerificationMethod[]\n) {\n const jwks = new Set(\n (searchForVerificationMethods ?? [])\n .map((vmOrId) => (typeof vmOrId === 'object' ? vmOrId : verificationMethods?.find((vm) => vm.id === vmOrId)))\n .filter(isDefined)\n .map((vm) => verificationMethodToJwk(vm))\n )\n return { didDocumentSection, jwks: Array.from(jwks) }\n}\n\nexport type DidDocumentJwks = Record<Exclude<DIDDocumentSection, 'publicKey' | 'service'>, Array<JWK>>\n\nexport function didDocumentToJwks(didDocument: DIDDocument): DidDocumentJwks {\n return {\n verificationMethod: [\n ...didDocumentSectionToJwks('publicKey', didDocument.publicKey, didDocument.verificationMethod).jwks, // legacy support\n ...didDocumentSectionToJwks('verificationMethod', didDocument.verificationMethod, didDocument.verificationMethod).jwks,\n ],\n assertionMethod: didDocumentSectionToJwks('assertionMethod', didDocument.assertionMethod, didDocument.verificationMethod).jwks,\n authentication: didDocumentSectionToJwks('authentication', didDocument.authentication, didDocument.verificationMethod).jwks,\n keyAgreement: didDocumentSectionToJwks('keyAgreement', didDocument.keyAgreement, didDocument.verificationMethod).jwks,\n capabilityInvocation: didDocumentSectionToJwks('capabilityInvocation', didDocument.capabilityInvocation, didDocument.verificationMethod).jwks,\n capabilityDelegation: didDocumentSectionToJwks('capabilityDelegation', didDocument.capabilityDelegation, didDocument.verificationMethod).jwks,\n }\n}\n\n/**\n * Maps the keys of a locally managed {@link @veramo/core#IIdentifier | IIdentifier} to the corresponding\n * {@link did-resolver#VerificationMethod | VerificationMethod} entries from the DID document.\n *\n * @param identifier - the identifier to be mapped\n * @param section - the section of the DID document to be mapped (see\n * {@link https://www.w3.org/TR/did-core/#verification-relationships | verification relationships}), but can also be\n * `verificationMethod` to map all the keys.\n * @param didDocument\n * @param context - the veramo agent context, which must contain a {@link @veramo/core#IResolver | IResolver}\n * implementation that can resolve the DID document of the identifier.\n *\n * @returns an array of mapped keys. The corresponding verification method is added to the `meta.verificationMethod`\n * property of the key.\n *\n * @beta This API may change without a BREAKING CHANGE notice.\n */\nexport async function mapIdentifierKeysToDocWithJwkSupport(\n {\n identifier,\n vmRelationship = 'verificationMethod',\n didDocument,\n }: {\n identifier: IIdentifier\n vmRelationship?: DIDDocumentSection\n didDocument?: DIDDocument\n },\n context: IAgentContext<IResolver & IDIDManager>\n): Promise<_ExtendedIKey[]> {\n const didDoc =\n didDocument ??\n (await getAgentResolver(context)\n .resolve(identifier.did)\n .then((result) => result.didDocument))\n if (!didDoc) {\n throw Error(`Could not resolve DID ${identifier.did}`)\n }\n\n // const rsaDidWeb = identifier.keys && identifier.keys.length > 0 && identifier.keys.find((key) => key.type === 'RSA') && didDocument\n\n // We skip mapping in case the identifier is RSA and a did document is supplied.\n const keys = didDoc ? [] : await mapIdentifierKeysToDoc(identifier, vmRelationship, context)\n\n // dereference all key agreement keys from DID document and normalize\n const documentKeys: VerificationMethod[] = await dereferenceDidKeysWithJwkSupport(didDoc, vmRelationship, context)\n\n const localKeys = vmRelationship === 'keyAgreement' ? convertIdentifierEncryptionKeys(identifier) : compressIdentifierSecp256k1Keys(identifier)\n\n // finally map the didDocument keys to the identifier keys by comparing `publicKeyHex`\n const extendedKeys: _ExtendedIKey[] = documentKeys\n .map((verificationMethod) => {\n /*if (verificationMethod.type !== 'JsonWebKey2020') {\n return null\n }*/\n const localKey = localKeys.find(\n (localKey) =>\n localKey.publicKeyHex === verificationMethod.publicKeyHex ||\n verificationMethod.publicKeyHex?.startsWith(localKey.publicKeyHex) ||\n compareBlockchainAccountId(localKey, verificationMethod)\n )\n if (localKey) {\n const { meta, ...localProps } = localKey\n return { ...localProps, meta: { ...meta, verificationMethod } }\n } else {\n return null\n }\n })\n .filter(isDefined)\n\n return keys.concat(extendedKeys)\n}\n\n/**\n * Compares the `blockchainAccountId` of a `EcdsaSecp256k1RecoveryMethod2020` verification method with the address\n * computed from a locally managed key.\n *\n * @returns true if the local key address corresponds to the `blockchainAccountId`\n *\n * @param localKey - The locally managed key\n * @param verificationMethod - a {@link did-resolver#VerificationMethod | VerificationMethod} with a\n * `blockchainAccountId`\n *\n * @beta This API may change without a BREAKING CHANGE notice.\n */\nfunction compareBlockchainAccountId(localKey: IKey, verificationMethod: VerificationMethod): boolean {\n if (\n (verificationMethod.type !== 'EcdsaSecp256k1RecoveryMethod2020' && verificationMethod.type !== 'EcdsaSecp256k1VerificationKey2019') ||\n localKey.type !== 'Secp256k1'\n ) {\n return false\n }\n let vmEthAddr = getEthereumAddress(verificationMethod)\n if (localKey.meta?.account) {\n return vmEthAddr === localKey.meta?.account.toLowerCase()\n }\n const computedAddr = computeAddress('0x' + localKey.publicKeyHex).toLowerCase()\n return computedAddr === vmEthAddr\n}\n\nexport async function getAgentDIDMethods(context: IAgentContext<IDIDManager>) {\n return (await context.agent.didManagerGetProviders()).map((provider) => provider.toLowerCase().replace('did:', ''))\n}\n\nexport function getDID(idOpts: { identifier: IIdentifier | string }): string {\n if (typeof idOpts.identifier === 'string') {\n return idOpts.identifier\n } else if (typeof idOpts.identifier === 'object') {\n return idOpts.identifier.did\n }\n throw Error(`Cannot get DID from identifier value`)\n}\n\nexport function toDID(identifier: string | IIdentifier | Partial<IIdentifier>): string {\n if (typeof identifier === 'string') {\n return identifier\n }\n if (identifier.did) {\n return identifier.did\n }\n throw Error(`No DID value present in identifier`)\n}\n\nexport function toDIDs(identifiers?: (string | IIdentifier | Partial<IIdentifier>)[]): string[] {\n if (!identifiers) {\n return []\n }\n return identifiers.map(toDID)\n}\n\nexport async function getKey(\n {\n identifier,\n vmRelationship = 'authentication',\n kmsKeyRef,\n }: {\n identifier: IIdentifier\n vmRelationship?: DIDDocumentSection\n kmsKeyRef?: string\n },\n context: IAgentContext<IResolver & IDIDManager>\n): Promise<IKey> {\n if (!identifier) {\n return Promise.reject(new Error(`No identifier provided to getKey method!`))\n }\n // normalize to kid, in case keyId was passed in as did#vm or #vm\n const kmsKeyRefParts = kmsKeyRef?.split(`#`)\n const kid = kmsKeyRefParts ? (kmsKeyRefParts?.length === 2 ? kmsKeyRefParts[1] : kmsKeyRefParts[0]) : undefined\n // todo: We really should do a keyRef and external kid here\n let identifierKey = kmsKeyRef ? identifier.keys.find((key: IKey) => key.kid === kid || key?.meta?.jwkThumbprint === kid) : undefined\n if (!identifierKey) {\n const keys = await mapIdentifierKeysToDocWithJwkSupport({ identifier, vmRelationship: vmRelationship }, context)\n if (!keys || keys.length === 0) {\n throw new Error(`No keys found for verificationMethodSection: ${vmRelationship} and did ${identifier.did}`)\n }\n if (kmsKeyRef) {\n identifierKey = keys.find(\n (key: _ExtendedIKey) => key.meta.verificationMethod?.id === kmsKeyRef || (kid && key.meta.verificationMethod?.id?.includes(kid))\n )\n }\n if (!identifierKey) {\n identifierKey = keys.find(\n (key: _ExtendedIKey) => key.meta.verificationMethod?.type === vmRelationship || key.meta.purposes?.includes(vmRelationship)\n )\n }\n if (!identifierKey) {\n identifierKey = keys[0]\n }\n }\n if (!identifierKey) {\n throw new Error(\n `No matching verificationMethodSection key found for keyId: ${kmsKeyRef} and vmSection: ${vmRelationship} for id ${identifier.did}`\n )\n }\n\n return identifierKey\n}\n\n/**\n *\n * @param identifier\n * @param context\n *\n * @deprecated Replaced by the identfier resolution plugin\n */\nasync function legacyGetIdentifier(\n {\n identifier,\n }: {\n identifier: string | IIdentifier\n },\n context: IAgentContext<IDIDManager>\n): Promise<IIdentifier> {\n if (typeof identifier === 'string') {\n return await context.agent.didManagerGet({ did: identifier })\n }\n return identifier\n}\n\n/**\n * Get the real kid as used in JWTs. This is the kid in the VM or in the JWT, not the kid in the Veramo/Sphereon keystore. That was just a poorly chosen name\n * @param key\n * @param idOpts\n * @param context\n */\nexport async function determineKid(\n {\n key,\n idOpts,\n }: {\n key: IKey\n idOpts: { identifier: IIdentifier | string; kmsKeyRef?: string }\n },\n context: IAgentContext<IResolver & IDIDManager>\n): Promise<string> {\n if (key.meta?.verificationMethod?.id) {\n return key.meta?.verificationMethod?.id\n }\n const identifier = await legacyGetIdentifier(idOpts, context)\n const mappedKeys = await mapIdentifierKeysToDocWithJwkSupport(\n {\n identifier,\n vmRelationship: 'verificationMethod',\n },\n context\n )\n const vmKey = mappedKeys.find((extendedKey) => extendedKey.kid === key.kid)\n if (vmKey) {\n return vmKey.meta?.verificationMethod?.id ?? vmKey.meta?.jwkThumbprint ?? idOpts.kmsKeyRef ?? vmKey.kid\n }\n\n return key.meta?.jwkThumbprint ?? idOpts.kmsKeyRef ?? key.kid\n}\n\nexport async function getSupportedDIDMethods(didOpts: IDIDOptions, context: IAgentContext<IDIDManager>) {\n return didOpts.supportedDIDMethods ?? (await getAgentDIDMethods(context))\n}\n\nexport function getAgentResolver(\n context: IAgentContext<IResolver & IDIDManager>,\n opts?: {\n localResolution?: boolean // Resolve identifiers hosted by the agent\n uniresolverResolution?: boolean // Resolve identifiers using universal resolver\n resolverResolution?: boolean // Use registered drivers\n }\n): Resolvable {\n return new AgentDIDResolver(context, opts)\n}\n\nexport class AgentDIDResolver implements Resolvable {\n private readonly context: IAgentContext<IResolver & IDIDManager>\n private readonly resolverResolution: boolean\n private readonly uniresolverResolution: boolean\n private readonly localResolution: boolean\n\n constructor(\n context: IAgentContext<IResolver & IDIDManager>,\n opts?: { uniresolverResolution?: boolean; localResolution?: boolean; resolverResolution?: boolean }\n ) {\n this.context = context\n this.resolverResolution = opts?.resolverResolution !== false\n this.uniresolverResolution = opts?.uniresolverResolution !== false\n this.localResolution = opts?.localResolution !== false\n }\n\n async resolve(didUrl: string, options?: DIDResolutionOptions): Promise<DIDResolutionResult> {\n let resolutionResult: DIDResolutionResult | undefined\n let origResolutionResult: DIDResolutionResult | undefined\n let err: any\n if (!this.resolverResolution && !this.localResolution && !this.uniresolverResolution) {\n throw Error(`No agent hosted DID resolution, regular agent resolution nor universal resolver resolution is enabled. Cannot resolve DIDs.`)\n }\n if (this.resolverResolution) {\n try {\n resolutionResult = await this.context.agent.resolveDid({ didUrl, options })\n } catch (error: unknown) {\n err = error\n }\n }\n if (resolutionResult) {\n origResolutionResult = resolutionResult\n if (resolutionResult.didDocument === null) {\n resolutionResult = undefined\n }\n } else {\n console.log(`Agent resolver resolution is disabled. This typically isn't desirable!`)\n }\n if (!resolutionResult && this.localResolution) {\n console.log(`Using local DID resolution, looking at DIDs hosted by the agent.`)\n try {\n const did = didUrl.split('#')[0]\n const iIdentifier = await this.context.agent.didManagerGet({ did })\n resolutionResult = toDidResolutionResult(iIdentifier, { did })\n if (resolutionResult.didDocument) {\n err = undefined\n } else {\n console.log(`Local resolution resulted in a DID Document for ${did}`)\n }\n } catch (error: unknown) {\n if (!err) {\n err = error\n }\n }\n }\n if (resolutionResult) {\n if (!origResolutionResult) {\n origResolutionResult = resolutionResult\n }\n if (!resolutionResult.didDocument) {\n resolutionResult = undefined\n }\n }\n if (!resolutionResult && this.uniresolverResolution) {\n console.log(`Using universal resolver resolution for did ${didUrl} `)\n resolutionResult = await new UniResolver().resolve(didUrl, options)\n if (!origResolutionResult) {\n origResolutionResult = resolutionResult\n }\n if (resolutionResult.didDocument) {\n err = undefined\n }\n }\n\n if (err) {\n // throw original error\n throw err\n }\n if (!resolutionResult && !origResolutionResult) {\n throw `Could not resolve ${didUrl}. Resolutions tried: online: ${this.resolverResolution}, local: ${this.localResolution}, uni resolver: ${this.uniresolverResolution}`\n }\n return resolutionResult ?? origResolutionResult!\n }\n}\n\n/**\n * Please note that this is not an exact representation of the actual DID Document.\n *\n * We try to do our best, to map keys onto relevant verification methods and relationships, but we simply lack the context\n * of the actual DID method here. Do not relly on this method for DID resolution. It is only handy for offline use cases\n * when no DID Document is cached. For DID:WEB it does provide an accurate representation!\n *\n * @param identifier\n * @param opts\n */\nexport function toDidDocument(\n identifier?: IIdentifier,\n opts?: {\n did?: string\n use?: JwkKeyUse[]\n }\n): DIDDocument | undefined {\n let didDocument: DIDDocument | undefined = undefined\n // TODO: Introduce jwk thumbprints here\n if (identifier) {\n const did = identifier.did ?? opts?.did\n didDocument = {\n '@context': 'https://www.w3.org/ns/did/v1',\n id: did,\n verificationMethod: identifier.keys.map((key) => {\n const vm: VerificationMethod = {\n controller: did,\n id: key.kid.startsWith(did) && key.kid.includes('#') ? key.kid : `${did}#${key.kid}`,\n publicKeyJwk: toJwk(key.publicKeyHex, key.type, {\n use: ENC_KEY_ALGS.includes(key.type) ? JwkKeyUse.Encryption : JwkKeyUse.Signature,\n key,\n }) as JsonWebKey,\n type: 'JsonWebKey2020',\n }\n return vm\n }),\n ...((opts?.use === undefined || opts?.use?.includes(JwkKeyUse.Signature)) &&\n identifier.keys && {\n assertionMethod: identifier.keys\n .filter(\n (key) =>\n key?.meta?.purpose === undefined || key?.meta?.purpose === 'assertionMethod' || key?.meta?.purposes?.includes('assertionMethod')\n )\n .map((key) => {\n if (key.kid.startsWith(did) && key.kid.includes('#')) {\n return key.kid\n }\n return `${did}#${key.kid}`\n }),\n }),\n ...((opts?.use === undefined || opts?.use?.includes(JwkKeyUse.Signature)) &&\n identifier.keys && {\n authentication: identifier.keys\n .filter(\n (key) => key?.meta?.purpose === undefined || key?.meta?.purpose === 'authentication' || key?.meta?.purposes?.includes('authentication')\n )\n .map((key) => {\n if (key.kid.startsWith(did) && key.kid.includes('#')) {\n return key.kid\n }\n return `${did}#${key.kid}`\n }),\n }),\n ...((opts?.use === undefined || opts?.use?.includes(JwkKeyUse.Encryption)) &&\n identifier.keys && {\n keyAgreement: identifier.keys\n .filter((key) => key.type === 'X25519' || key?.meta?.purpose === 'keyAgreement' || key?.meta?.purposes?.includes('keyAgreement'))\n .map((key) => {\n if (key.kid.startsWith(did) && key.kid.includes('#')) {\n return key.kid\n }\n return `${did}#${key.kid}`\n }),\n }),\n ...((opts?.use === undefined || opts?.use?.includes(JwkKeyUse.Encryption)) &&\n identifier.keys && {\n capabilityInvocation: identifier.keys\n .filter(\n (key) => key.type === 'X25519' || key?.meta?.purpose === 'capabilityInvocation' || key?.meta?.purposes?.includes('capabilityInvocation')\n )\n .map((key) => {\n if (key.kid.startsWith(did) && key.kid.includes('#')) {\n return key.kid\n }\n return `${did}#${key.kid}`\n }),\n }),\n ...((opts?.use === undefined || opts?.use?.includes(JwkKeyUse.Encryption)) &&\n identifier.keys && {\n capabilityDelegation: identifier.keys\n .filter(\n (key) => key.type === 'X25519' || key?.meta?.purpose === 'capabilityDelegation' || key?.meta?.purposes?.includes('capabilityDelegation')\n )\n .map((key) => {\n if (key.kid.startsWith(did) && key.kid.includes('#')) {\n return key.kid\n }\n return `${did}#${key.kid}`\n }),\n }),\n ...(identifier.services && identifier.services.length > 0 && { service: identifier.services }),\n }\n }\n return didDocument\n}\n\nexport function toDidResolutionResult(\n identifier?: IIdentifier,\n opts?: {\n did?: string\n supportedMethods?: string[]\n }\n): DIDResolutionResult {\n const didDocument = toDidDocument(identifier, opts) ?? null // null is used in case of errors and required by the did resolution spec\n\n const resolutionResult: DIDResolutionResult = {\n '@context': 'https://w3id.org/did-resolution/v1',\n didDocument,\n didResolutionMetadata: {\n ...(!didDocument && { error: 'notFound' }),\n ...(Array.isArray(opts?.supportedMethods) &&\n identifier &&\n !opts?.supportedMethods.includes(identifier.provider.replace('did:', '')) && { error: 'unsupportedDidMethod' }),\n },\n didDocumentMetadata: {\n ...(identifier?.alias && { equivalentId: identifier?.alias }),\n },\n }\n return resolutionResult\n}\n\nexport async function asDidWeb(hostnameOrDID: string): Promise<string> {\n let did = hostnameOrDID\n if (!did) {\n throw Error('Domain or DID expected, but received nothing.')\n }\n if (did.startsWith('did:web:')) {\n return did\n }\n return `did:web:${did.replace(/https?:\\/\\/([^/?#]+).*/i, '$1').toLowerCase()}`\n}\n\n/**\n * @deprecated Replaced by the new signer service\n */\nexport const signDidJWT = async (args: SignJwtArgs): Promise<string> => {\n const { idOpts, header, payload, context, options } = args\n const jwtOptions = {\n ...options,\n signer: await getDidSigner({ idOpts, context }),\n }\n\n return createJWT(payload, jwtOptions, header)\n}\n\n/**\n * @deprecated Replaced by the new signer service\n */\nexport const getDidSigner = async (\n args: GetSignerArgs & {\n idOpts: {\n /**\n * @deprecated\n */\n identifier: IIdentifier | string\n /**\n * @deprecated\n */\n verificationMethodSection?: DIDDocumentSection\n /**\n * @deprecated\n */\n kmsKeyRef?: string\n }\n }\n): Promise<Signer> => {\n const { idOpts, context } = args\n\n const identifier = await legacyGetIdentifier(idOpts, context)\n const key = await getKey(\n {\n identifier,\n vmRelationship: idOpts.verificationMethodSection,\n kmsKeyRef: idOpts.kmsKeyRef,\n },\n context\n )\n const algorithm = await signatureAlgorithmFromKey({ key })\n\n return async (data: string | Uint8Array): Promise<string> => {\n const input = data instanceof Object.getPrototypeOf(Uint8Array) ? new TextDecoder().decode(data as Uint8Array) : (data as string)\n return await context.agent.keyManagerSign({\n keyRef: key.kid,\n algorithm,\n data: input,\n })\n }\n}\n","import type { TKeyType } from '@sphereon/ssi-sdk-ext.key-utils'\nimport type { IAgentContext, IDIDManager, IIdentifier, IKeyManager, IResolver } from '@veramo/core'\nimport type { JWTHeader, JWTPayload, JWTVerifyOptions } from 'did-jwt'\nimport type { Resolvable } from 'did-resolver'\n\nexport enum SupportedDidMethodEnum {\n DID_ETHR = 'ethr',\n DID_KEY = 'key',\n DID_LTO = 'lto',\n DID_ION = 'ion',\n DID_EBSI = 'ebsi',\n DID_JWK = 'jwk',\n DID_OYD = 'oyd',\n}\n\nexport enum IdentifierAliasEnum {\n PRIMARY = 'primary',\n}\n\nexport interface ResolveOpts {\n jwtVerifyOpts?: JWTVerifyOptions\n resolver?: Resolvable\n resolveUrl?: string\n noUniversalResolverFallback?: boolean\n subjectSyntaxTypesSupported?: string[]\n}\n\n/**\n * @deprecated Replaced by the identifier resolution service\n */\nexport interface IDIDOptions {\n resolveOpts?: ResolveOpts\n idOpts: LegacyIIdentifierOpts\n supportedDIDMethods?: string[]\n}\n\nexport type IdentifierProviderOpts = {\n type?: TKeyType\n use?: string\n method?: SupportedDidMethodEnum\n [x: string]: any\n}\n\nexport type CreateIdentifierOpts = {\n method: SupportedDidMethodEnum\n createOpts?: CreateIdentifierCreateOpts\n}\n\nexport type CreateIdentifierCreateOpts = {\n kms?: string\n alias?: string\n options?: IdentifierProviderOpts\n}\n\nexport type CreateOrGetIdentifierOpts = {\n method: SupportedDidMethodEnum\n createOpts?: CreateIdentifierCreateOpts\n}\n\nexport const DID_PREFIX = 'did:'\n\nexport interface GetOrCreateResult<T> {\n created: boolean\n result: T\n}\n\n/**\n * @deprecated Replaced by new signer\n */\nexport type SignJwtArgs = {\n idOpts: LegacyIIdentifierOpts\n header: Partial<JWTHeader>\n payload: Partial<JWTPayload>\n options: { issuer: string; expiresIn?: number; canonicalize?: boolean }\n context: IRequiredSignAgentContext\n}\n\n/**\n * @deprecated Replaced by new signer\n */\nexport type GetSignerArgs = {\n idOpts: LegacyIIdentifierOpts\n context: IRequiredSignAgentContext\n}\n\n/**\n * @deprecated Replaced by the identifier resolution service\n */\ntype LegacyIIdentifierOpts = {\n identifier: IIdentifier | string\n}\nexport type IRequiredSignAgentContext = IAgentContext<IKeyManager & IDIDManager & IResolver>\n"],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;ACAA,0BAA+B;AAC/B,4BAA4B;AAC5B,yBASO;AACP,IAAAA,sBAAmD;AACnD,qBAA0F;AAE1F,qBAAyC;AAEzC,mBASO;AACP,qBAAkC;AAGlC,sBAAqB;AAErB,UAAqB;;;AC3Bd,IAAKC,yBAAAA,yBAAAA,yBAAAA;;;;;;;;SAAAA;;AAUL,IAAKC,sBAAAA,yBAAAA,sBAAAA;;SAAAA;;AA4CL,IAAMC,aAAa;;;AD1B1B,IAAM,EAAEC,YAAYC,SAAQ,IAAKC;AAc1B,IAAMC,uBAAuB,8BAClC,EACEC,YACAC,4BACAC,8BACAC,SACAC,cAAa,GAQfC,YAAAA;AAEA,SAAO,MAAMC,wBACX;IACEN;IACAC;IACAC;IACAC;IACAC;IACAG,gBAAgB;EAClB,GACAF,OAAAA;AAEJ,GA3BoC;AA4B7B,IAAMC,0BAA0B,8BACrC,EACEN,YACAC,4BACAC,8BACAC,SACAC,eACAG,eAAc,GAShBF,YAAAA;AAEA,MAAIG,MAAiCC;AACrC,MAAI;AACFD,UACG,MAAME,kCACL;MACEV;MACAO;MACAI,iBAAiB;MACjBR;MACAC;IACF,GACAC,OAAAA,MAEDH,gCAAgCK,mBAAmB,uBAChDE,SACA,MAAMC,kCACJ;MACEV;MACAO,gBAAgB;MAChBI,iBAAiB;MACjBR;MACAC;IACF,GACAC,OAAAA;EAEV,SAASO,GAAG;AACV,QAAIA,aAAaC,OAAO;AACtB,UAAI,CAACD,EAAEE,QAAQC,SAAS,KAAA,KAAU,CAACd,4BAA4B;AAC7D,cAAMW;MACR;IACF,OAAO;AACL,YAAMA;IACR;EACF;AACA,MAAI,CAACJ,OAAOP,4BAA4B;AACtC,UAAMe,aAAaC,cAAcjB,UAAAA;AACjCQ,UACG,MAAME,kCACL;MACEV;MACAO;MACAI,iBAAiB;MACjBO,aAAaF;MACbb;MACAC;IACF,GACAC,OAAAA,MAEDH,gCAAgCK,mBAAmB,uBAChDE,SACA,MAAMC,kCACJ;MACEV;MACAO,gBAAgB;MAChBI,iBAAiB;MACjBO,aAAaF;MACbb;MACAC;IACF,GACAC,OAAAA;AAER,QAAI,CAACG,KAAK;AACRA,YAAMR,WAAWmB,KACdC,IAAI,CAACZ,SAAQA,IAAAA,EACba,OAAO,CAACb,SAAQL,YAAYM,UAAaD,KAAIc,SAASnB,WAAYC,iBAAiBI,KAAIe,QAAQvB,WAAWwB,eAAe,EACzHC,KAAK,CAACjB,SAAQA,KAAIkB,KAAKC,oBAAoBL,KAAKP,SAAS,gBAAA,KAAqBP,KAAIkB,KAAKE,UAAUb,SAAS,gBAAA,CAAA;IAC/G;EACF;AACA,MAAI,CAACP,KAAK;AACR,UAAMK,MAAM,6CAA6Cb,WAAW6B,GAAG,EAAE;EAC3E;AACA,SAAOrB;AACT,GA1FuC;AA4FhC,IAAMsB,+BAA+B,8BAC1CzB,SACA0B,SAAAA;AAEA,QAAMC,oBAAoB,MAAMC,qBAAqB5B,SAAS;IAAE,GAAG0B,MAAMG,YAAYC;IAAS,GAAIJ,MAAMK,UAAU;MAAEA,QAAQL,KAAKK;IAAO;EAAG,CAAA;AAC3I,MAAIJ,sBAAsBvB,QAAW;AACnC,WAAO;MACL4B,SAAS;MACTC,QAAQN;IACV;EACF;AAEA,MAAID,MAAMK,WAAWG,uBAAuBC,SAAS;AACnD,UAAMN,aAAaH,MAAMG,cAAc,CAAC;AACxCA,eAAWC,UAAU;MAAEM,WAAW;MAAQnB,MAAM;MAAa,GAAGY;IAAW;AAC3EH,SAAKG,aAAaA;EACpB;AACA,QAAMQ,oBAAoB,MAAMC,iBAAiBtC,SAAS0B,IAAAA;AAC1D,SAAO;IACLM,SAAS;IACTC,QAAQI;EACV;AACF,GAtB4C;AAwBrC,IAAMT,uBAAuB,8BAAO5B,SAAqC0B,SAAAA;AAC9E,QAAMa,eAAe,MAAMvC,QAAQwC,MAAMC,eAAef,MAAMK,SAAS;IAAEW,UAAU,GAAGC,UAAAA,GAAajB,MAAMK,MAAAA;EAAS,IAAI,CAAC,CAAA,GAAIf,OACzH,CAACrB,eAA4B+B,MAAMT,SAASb,UAAaT,WAAWmB,KAAK8B,KAAK,CAACzC,QAAcA,IAAIc,SAASS,MAAMT,IAAAA,CAAAA;AAGlH,SAAOsB,eAAeA,YAAYM,SAAS,IAAIN,YAAY,CAAA,IAAKnC;AAClE,GANoC;AAQ7B,IAAMkC,mBAAmB,8BAAOtC,SAAqC0B,SAAAA;AAC1E,SAAO,MAAM1B,QAAQwC,MAAMM,iBAAiB;IAC1CC,KAAK,UAAMC,2BAAOhD,SAAS0B,MAAMG,YAAYkB,GAAAA;IAC7C,GAAIrB,MAAMK,UAAU;MAAEW,UAAU,GAAGC,UAAAA,GAAajB,MAAMK,MAAAA;IAAS;IAC/DkB,OAAOvB,MAAMG,YAAYoB,SAAS,GAAGC,oBAAoBC,OAAO,IAAIzB,MAAMK,MAAAA,IAAUL,MAAMG,YAAYC,SAASb,IAAAA,KAAQ,oBAAImC,KAAAA,GAAOC,QAAO,CAAA;IACzIvB,SAASJ,MAAMG,YAAYC;EAC7B,CAAA;AACF,GAPgC;AASzB,IAAMzB,oCAAoC,8BAC/C,EACEV,YACAO,iBAAiB,sBACjBJ,SACAQ,kBAAkB,OAClBO,aACAd,cAAa,GASfC,YAAAA;AAEA,QAAMsD,cAAc,MAAMC,qCAAqC;IAAE5D;IAAYO;IAAgBW;EAAY,GAAGb,OAAAA;AAC5G,MAAIwD,MAAMC,QAAQH,WAAAA,KAAgBA,YAAYT,SAAS,GAAG;AACxD,UAAMZ,SAASqB,YAAYlC,KACzB,CAACjB,QAAQL,YAAYM,UAAaD,IAAIc,SAASnB,WAAYC,iBAAiBI,IAAIe,QAAQvB,WAAWwB,eAAe;AAEpH,QAAIc,QAAQ;AACV,aAAOA;IACT;EACF;AACA,MAAI3B,iBAAiB;AACnB,UAAM,IAAIE,MACR,wCAAwCN,cAAAA,wBAAsCP,WAAW6B,GAAG,GAAG1B,UAAU,oBAAoBA,UAAU,EAAA,EAAI;EAE/I;AACA,SAAOM;AACT,GAjCiD;AAmC1C,IAAMsD,4BAA4B,wBAAC,EAAEvD,IAAG,MAAiB;AAC9D,MAAIA,IAAIc,SAAS,aAAa;AAC5B,UAAMT,MAAM,+DAA+DL,IAAIc,IAAI,gBAAgBd,IAAIe,GAAG,EAAE;EAC9G;AACA,QAAMyC,kBAAkBxD,IAAIkB,MAAMsC,mBAAmBxD,IAAIkB,MAAMuC,SAASC,YAAAA,SAAiBC,oCAAe,KAAK3D,IAAI4D,YAAY,EAAE,EAAEF,YAAW;AAC5I,MAAI,CAACF,iBAAiB;AACpB,UAAMnD,MAAM,mEAAmEL,IAAIe,GAAG,EAAE;EAC1F;AACA,SAAOyC;AACT,GATyC;AAWlC,IAAMK,mBAAmB,wBAAC,EAAErE,WAAU,MAA+B;AAC1E,QAAMQ,MAAMR,WAAWmB,KAAKM,KAAK,CAACjB,SAAQA,KAAIe,QAAQvB,WAAWwB,eAAe;AAChF,MAAI,CAAChB,KAAK;AACR,UAAMK,MAAM,+CAA+Cb,UAAAA,EAAY;EACzE;AACA,SAAOQ;AACT,GANgC;AAQzB,IAAM8D,UAAU,wBAAC,EACtBC,eACAnB,KACApD,YACAwE,WACArE,SACAC,cAAa,MAQd;AACC,SAAOJ,WAAWmB,KACfE,OAAO,CAACb,QAAQ,CAACL,WAAWK,IAAIc,SAASnB,OAAAA,EACzCkB,OAAO,CAACb,QAAQ,CAAC4C,OAAO5C,IAAI4C,QAAQA,GAAAA,EACpC/B,OAAO,CAACb,QAAQ,CAACgE,aAAahE,IAAIe,QAAQiD,SAAAA,EAC1CnD,OAAO,CAACb,QAAQ,CAAC+D,iBAAiB/D,IAAIkB,MAAM6C,kBAAkBA,aAAAA,EAC9DlD,OAAO,CAACb,QAAQ,CAACJ,iBAAiBJ,WAAWwB,oBAAoBhB,IAAIe,GAAG;AAC7E,GArBuB;AAkCvB,eAAsBkD,iCACpBvD,aACAwD,UAA8B,gBAC9BrE,SAAiC;AAEjC,QAAMsE,UAAUD,YAAY;AAC5B,MAAIA,YAAY,WAAW;AACzB,WAAO,CAAA;EACT;AACA,UACE,MAAME,QAAQC,KACX3D,YAAYwD,OAAAA,KAAY,CAAA,GAAItD,IAAI,OAAOZ,QAAAA;AACtC,QAAI,OAAOA,QAAQ,UAAU;AAC3B,UAAI;AACF,eAAQ,MAAMH,QAAQwC,MAAMiC,oBAAoB;UAC9C5D;UACA6D,QAAQvE;UACRkE;QACF,CAAA;MACF,SAAS9D,GAAG;AACV,eAAO;MACT;IACF,OAAO;AACL,aAAOJ;IACT;EACF,CAAA,CAAA,GAGDa,OAAO2D,sBAAAA,EACP5D,IAAI,CAACZ,QAAAA;AACJ,UAAMyE,SAASC,kCAAkC1E,KAAKmE,OAAAA;AACtD,UAAM,EAAEP,cAAce,iBAAiBC,iBAAiBC,cAAc,GAAGC,SAAAA,IAAa9E;AACtF,UAAM+E,SAAS;MAAE,GAAGD;MAAUlB,cAAca;IAAO;AACnD,QAAIN,WAAW,iCAAiCY,OAAOjE,MAAM;AAC3DiE,aAAOjE,OAAO;IAChB;AACA,WAAOiE;EACT,CAAA;AACJ;AAtCsBd;AAwCf,SAASe,mBAAmBC,KAAQ;AAGzC,QAAMC,KAAkC;IACtCL,kBAAcM,iCAAaF,GAAAA;EAC7B;AACA,SAAOP,kCAAkCQ,EAAAA;AAC3C;AAPgBF;AAkBT,SAASN,kCAAkCU,IAAiCjB,UAAU,OAAK;AAChG,MAAIiB,GAAGP,cAAc;AACnB,UAAMI,UAAME,iCAAaC,GAAGP,YAAY;AACxC,QAAII,IAAII,QAAQ,MAAM;AACpB,YAAMC,QAAQL,IAAIM,MAAMC,aAAaP,IAAIM,GAAG,IAAI;AAChD,YAAME,WAAOC,iCAAYT,IAAIU,GAAI,WAAA;AACjC,YAAMC,WAAOF,iCAAYT,IAAIY,GAAI,WAAA;AACjC,YAAMC,SAAS;AAGf,YAAMC,MAAM,GAAGD,MAAAA,GAASL,IAAAA,GAAOG,IAAAA;AAC/B,UAAI;AACF,cAAMI,KAAK,IAAIC,gBAAAA,QAASD,GAAGV,KAAAA;AAE3B,cAAM1B,eAAeoC,GAAGE,cAAcH,KAAK,KAAA,EAAOI,UAAU,MAAM,KAAA;AAElE,eAAOvC;MACT,SAASwC,OAAY;AACnBC,gBAAQD,MAAM,+CAA+Cd,KAAAA,wBAA6BL,IAAIU,CAAC,QAAQV,IAAIY,CAAC,YAAYO,KAAAA,IAASA,KAAAA;MACnI;IACF,WAAWnB,IAAIM,QAAQ,WAAW;AAChC,aAAOlG,SAASD,WAAW6F,IAAIU,GAAI,WAAA,GAAc,QAAA;IACnD,WAAWV,IAAII,QAAQ,OAAO;AAC5B,iBAAOiB,2CAAsBrB,KAAK,QAAA;IACpC;EACF;AAEA,SAAOsB,oBAAoBnB,IAAIjB,OAAAA;AACjC;AA5BgBO;AA8BT,SAAS8B,gBAAgBT,KAAW;AACzC,QAAMU,WAAWV,IAAIA,IAAIrD,SAAS,CAAA,EAAGgB,YAAW;AAChD,SAAO;IAAC;IAAK;IAAK;IAAK;IAAK;IAAK;IAAK;IAAK;IAAKnD,SAASkG,QAAAA;AAC3D;AAHgBD;AAkBT,SAASD,oBAAoBnB,IAAiCjB,UAAmB,OAAK;AAC3F,MAAIuC,WAAWC,sBAAsBvB,EAAAA;AACrC,QAAMH,MAAMG,GAAGP,mBAAeM,iCAAaC,GAAGP,YAAY,IAAI5E;AAC9D,MAAIkE,SAAS;AACX,QACE;MAAC;MAAW;MAA8B;MAA8B5D,SAAS6E,GAAGtE,IAAI,KACvFsE,GAAGtE,SAAS,oBAAoBmE,KAAKM,QAAQ,WAC9C;AACAmB,qBAAWE,yCAAyBF,QAAAA;IACtC,WACE,CAAC;MAAC;MAAU;MAA6B;MAA6BnG,SAAS6E,GAAGtE,IAAI,KACtF,EAAEsE,GAAGtE,SAAS,oBAAoBmE,KAAKM,QAAQ,WAC/C;AACA,aAAO;IACT;EACF;AACA,aAAOsB,2BAAWH,QAAAA;AACpB;AAjBgBH;AAmBhB,SAASf,aAAasB,OAAa;AACjC,SAAOA,MAAMpD,YAAW,EAAGqD,QAAQ,KAAK,EAAA,EAAIA,QAAQ,KAAK,EAAA;AAC3D;AAFSvB;AAIT,SAASmB,sBAAsBvB,IAAsB;AACnD,MAAIA,GAAGT,iBAAiB;AACtB,eAAOqC,8BAAc5B,GAAGT,eAAe;EACzC,WAAWS,GAAG6B,oBAAoB;AAChC,eAAOC,oCAAoB9B,GAAG6B,kBAAkB;EAClD,WAAsC7B,GAAIR,iBAAiB;AACzD,eAAOuC,8BAAyC/B,GAAIR,eAAe;EACrE,WAAWQ,GAAGxB,cAAc;AAC1B,eAAOwD,2BAAWhC,GAAGxB,YAAY;EACnC,WAAWwB,GAAGP,cAAcU,OAAOH,GAAGP,aAAac,KAAKP,GAAGP,aAAagB,GAAG;AACzE,eAAOuB,2BAAW1C,kCAAkCU,EAAAA,CAAAA;EACtD,WAAWA,GAAGP,iBAAiBO,GAAGP,aAAaU,QAAQ,aAAaH,GAAGP,aAAaU,QAAQ,aAAaH,GAAGP,aAAac,GAAG;AAC1H,eAAOwB,8BAAc/B,GAAGP,aAAac,CAAC;EACxC;AACA,SAAO,IAAI0B,WAAAA;AACb;AAfSV;AAiBF,SAASW,wBAAwBpC,IAAsB;AAC5D,MAAID,MAAuBC,GAAGL;AAC9B,MAAI,CAACI,KAAK;AACR,QAAIrB,eAAesB,GAAGtB,gBAAgBvE,SAASsH,sBAAsBzB,EAAAA,GAAK,KAAA;AAC1ED,cAAMsC,0BAAM3D,kBAAc4D,kDAA8B;MAAEjC,KAAKL,GAAGpE;IAAK,CAAA,CAAA;EACzE;AACA,MAAI,CAACmE,KAAK;AACR,UAAM5E,MAAM,8CAA8C;EAC5D;AACA4E,MAAIlE,MAAMmE,GAAGuC;AACb,aAAOtC,iCAAaF,GAAAA;AACtB;AAXgBqC;AAahB,SAASI,yBACPC,oBACAC,8BACAC,qBAA0C;AAE1C,QAAMC,OAAO,IAAIC,KACdH,gCAAgC,CAAA,GAC9BhH,IAAI,CAACoH,WAAY,OAAOA,WAAW,WAAWA,SAASH,qBAAqB5G,KAAK,CAACiE,OAAOA,GAAGuC,OAAOO,MAAAA,CAAAA,EACnGnH,OAAO2D,sBAAAA,EACP5D,IAAI,CAACsE,OAAOoC,wBAAwBpC,EAAAA,CAAAA,CAAAA;AAEzC,SAAO;IAAEyC;IAAoBG,MAAMzE,MAAM4E,KAAKH,IAAAA;EAAM;AACtD;AAZSJ;AAgBF,SAASQ,kBAAkBxH,aAAwB;AACxD,SAAO;IACLS,oBAAoB;SACfuG,yBAAyB,aAAahH,YAAYyH,WAAWzH,YAAYS,kBAAkB,EAAE2G;SAC7FJ,yBAAyB,sBAAsBhH,YAAYS,oBAAoBT,YAAYS,kBAAkB,EAAE2G;;IAEpHM,iBAAiBV,yBAAyB,mBAAmBhH,YAAY0H,iBAAiB1H,YAAYS,kBAAkB,EAAE2G;IAC1HO,gBAAgBX,yBAAyB,kBAAkBhH,YAAY2H,gBAAgB3H,YAAYS,kBAAkB,EAAE2G;IACvHQ,cAAcZ,yBAAyB,gBAAgBhH,YAAY4H,cAAc5H,YAAYS,kBAAkB,EAAE2G;IACjHS,sBAAsBb,yBAAyB,wBAAwBhH,YAAY6H,sBAAsB7H,YAAYS,kBAAkB,EAAE2G;IACzIU,sBAAsBd,yBAAyB,wBAAwBhH,YAAY8H,sBAAsB9H,YAAYS,kBAAkB,EAAE2G;EAC3I;AACF;AAZgBI;AA+BhB,eAAsB9E,qCACpB,EACE5D,YACAO,iBAAiB,sBACjBW,YAAW,GAMbb,SAA+C;AAE/C,QAAM4I,SACJ/H,eACC,MAAMgI,iBAAiB7I,OAAAA,EACrB8I,QAAQnJ,WAAW6B,GAAG,EACtBuH,KAAK,CAAC9G,WAAWA,OAAOpB,WAAW;AACxC,MAAI,CAAC+H,QAAQ;AACX,UAAMpI,MAAM,yBAAyBb,WAAW6B,GAAG,EAAE;EACvD;AAKA,QAAMV,OAAO8H,SAAS,CAAA,IAAK,UAAMI,qCAAuBrJ,YAAYO,gBAAgBF,OAAAA;AAGpF,QAAMiJ,eAAqC,MAAM7E,iCAAiCwE,QAAQ1I,gBAAgBF,OAAAA;AAE1G,QAAMkJ,YAAYhJ,mBAAmB,qBAAiBiJ,8CAAgCxJ,UAAAA,QAAcyJ,8CAAgCzJ,UAAAA;AAGpI,QAAM0J,eAAgCJ,aACnClI,IAAI,CAACO,uBAAAA;AAIJ,UAAMgI,WAAWJ,UAAU9H,KACzB,CAACkI,cACCA,UAASvF,iBAAiBzC,mBAAmByC,gBAC7CzC,mBAAmByC,cAAcwF,WAAWD,UAASvF,YAAY,KACjEyF,2BAA2BF,WAAUhI,kBAAAA,CAAAA;AAEzC,QAAIgI,UAAU;AACZ,YAAM,EAAEjI,MAAM,GAAGoI,WAAAA,IAAeH;AAChC,aAAO;QAAE,GAAGG;QAAYpI,MAAM;UAAE,GAAGA;UAAMC;QAAmB;MAAE;IAChE,OAAO;AACL,aAAO;IACT;EACF,CAAA,EACCN,OAAO2D,sBAAAA;AAEV,SAAO7D,KAAK4I,OAAOL,YAAAA;AACrB;AArDsB9F;AAmEtB,SAASiG,2BAA2BF,UAAgBhI,oBAAsC;AACxF,MACGA,mBAAmBL,SAAS,sCAAsCK,mBAAmBL,SAAS,uCAC/FqI,SAASrI,SAAS,aAClB;AACA,WAAO;EACT;AACA,MAAI0I,gBAAYC,iCAAmBtI,kBAAAA;AACnC,MAAIgI,SAASjI,MAAMuC,SAAS;AAC1B,WAAO+F,cAAcL,SAASjI,MAAMuC,QAAQC,YAAAA;EAC9C;AACA,QAAMgG,mBAAe/F,oCAAe,OAAOwF,SAASvF,YAAY,EAAEF,YAAW;AAC7E,SAAOgG,iBAAiBF;AAC1B;AAbSH;AAeT,eAAsBM,mBAAmB9J,SAAmC;AAC1E,UAAQ,MAAMA,QAAQwC,MAAMuH,uBAAsB,GAAIhJ,IAAI,CAAC2B,aAAaA,SAASmB,YAAW,EAAGqD,QAAQ,QAAQ,EAAA,CAAA;AACjH;AAFsB4C;AAIf,SAASE,OAAOC,QAA4C;AACjE,MAAI,OAAOA,OAAOtK,eAAe,UAAU;AACzC,WAAOsK,OAAOtK;EAChB,WAAW,OAAOsK,OAAOtK,eAAe,UAAU;AAChD,WAAOsK,OAAOtK,WAAW6B;EAC3B;AACA,QAAMhB,MAAM,sCAAsC;AACpD;AAPgBwJ;AAST,SAASE,MAAMvK,YAAuD;AAC3E,MAAI,OAAOA,eAAe,UAAU;AAClC,WAAOA;EACT;AACA,MAAIA,WAAW6B,KAAK;AAClB,WAAO7B,WAAW6B;EACpB;AACA,QAAMhB,MAAM,oCAAoC;AAClD;AARgB0J;AAUT,SAASC,OAAO5H,aAA6D;AAClF,MAAI,CAACA,aAAa;AAChB,WAAO,CAAA;EACT;AACA,SAAOA,YAAYxB,IAAImJ,KAAAA;AACzB;AALgBC;AAOhB,eAAsBC,OACpB,EACEzK,YACAO,iBAAiB,kBACjBiE,UAAS,GAMXnE,SAA+C;AAE/C,MAAI,CAACL,YAAY;AACf,WAAO4E,QAAQ8F,OAAO,IAAI7J,MAAM,0CAA0C,CAAA;EAC5E;AAEA,QAAM8J,iBAAiBnG,WAAWoG,MAAM,GAAG;AAC3C,QAAMrJ,MAAMoJ,iBAAkBA,gBAAgBzH,WAAW,IAAIyH,eAAe,CAAA,IAAKA,eAAe,CAAA,IAAMlK;AAEtG,MAAIoK,gBAAgBrG,YAAYxE,WAAWmB,KAAKM,KAAK,CAACjB,QAAcA,IAAIe,QAAQA,OAAOf,KAAKkB,MAAM6C,kBAAkBhD,GAAAA,IAAOd;AAC3H,MAAI,CAACoK,eAAe;AAClB,UAAM1J,OAAO,MAAMyC,qCAAqC;MAAE5D;MAAYO;IAA+B,GAAGF,OAAAA;AACxG,QAAI,CAACc,QAAQA,KAAK+B,WAAW,GAAG;AAC9B,YAAM,IAAIrC,MAAM,gDAAgDN,cAAAA,YAA0BP,WAAW6B,GAAG,EAAE;IAC5G;AACA,QAAI2C,WAAW;AACbqG,sBAAgB1J,KAAKM,KACnB,CAACjB,QAAuBA,IAAIkB,KAAKC,oBAAoBsG,OAAOzD,aAAcjD,OAAOf,IAAIkB,KAAKC,oBAAoBsG,IAAIlH,SAASQ,GAAAA,CAAAA;IAE/H;AACA,QAAI,CAACsJ,eAAe;AAClBA,sBAAgB1J,KAAKM,KACnB,CAACjB,QAAuBA,IAAIkB,KAAKC,oBAAoBL,SAASf,kBAAkBC,IAAIkB,KAAKE,UAAUb,SAASR,cAAAA,CAAAA;IAEhH;AACA,QAAI,CAACsK,eAAe;AAClBA,sBAAgB1J,KAAK,CAAA;IACvB;EACF;AACA,MAAI,CAAC0J,eAAe;AAClB,UAAM,IAAIhK,MACR,8DAA8D2D,SAAAA,mBAA4BjE,cAAAA,WAAyBP,WAAW6B,GAAG,EAAE;EAEvI;AAEA,SAAOgJ;AACT;AA9CsBJ;AAuDtB,eAAeK,oBACb,EACE9K,WAAU,GAIZK,SAAmC;AAEnC,MAAI,OAAOL,eAAe,UAAU;AAClC,WAAO,MAAMK,QAAQwC,MAAMkI,cAAc;MAAElJ,KAAK7B;IAAW,CAAA;EAC7D;AACA,SAAOA;AACT;AAZe8K;AAoBf,eAAsBE,aACpB,EACExK,KACA8J,OAAM,GAKRjK,SAA+C;AAE/C,MAAIG,IAAIkB,MAAMC,oBAAoBsG,IAAI;AACpC,WAAOzH,IAAIkB,MAAMC,oBAAoBsG;EACvC;AACA,QAAMjI,aAAa,MAAM8K,oBAAoBR,QAAQjK,OAAAA;AACrD,QAAM4K,aAAa,MAAMrH,qCACvB;IACE5D;IACAO,gBAAgB;EAClB,GACAF,OAAAA;AAEF,QAAM6K,QAAQD,WAAWxJ,KAAK,CAAC0J,gBAAgBA,YAAY5J,QAAQf,IAAIe,GAAG;AAC1E,MAAI2J,OAAO;AACT,WAAOA,MAAMxJ,MAAMC,oBAAoBsG,MAAMiD,MAAMxJ,MAAM6C,iBAAiB+F,OAAO9F,aAAa0G,MAAM3J;EACtG;AAEA,SAAOf,IAAIkB,MAAM6C,iBAAiB+F,OAAO9F,aAAahE,IAAIe;AAC5D;AA3BsByJ;AA6BtB,eAAsBI,uBAAuBC,SAAsBhL,SAAmC;AACpG,SAAOgL,QAAQC,uBAAwB,MAAMnB,mBAAmB9J,OAAAA;AAClE;AAFsB+K;AAIf,SAASlC,iBACd7I,SACA0B,MAIC;AAED,SAAO,IAAIwJ,iBAAiBlL,SAAS0B,IAAAA;AACvC;AATgBmH;AAWT,IAAMqC,mBAAN,MAAMA;EA7tBb,OA6tBaA;;;EACMlL;EACAmL;EACAC;EACAC;EAEjBC,YACEtL,SACA0B,MACA;AACA,SAAK1B,UAAUA;AACf,SAAKmL,qBAAqBzJ,MAAMyJ,uBAAuB;AACvD,SAAKC,wBAAwB1J,MAAM0J,0BAA0B;AAC7D,SAAKC,kBAAkB3J,MAAM2J,oBAAoB;EACnD;EAEA,MAAMvC,QAAQpE,QAAgB5C,SAA8D;AAC1F,QAAIyJ;AACJ,QAAIC;AACJ,QAAIC;AACJ,QAAI,CAAC,KAAKN,sBAAsB,CAAC,KAAKE,mBAAmB,CAAC,KAAKD,uBAAuB;AACpF,YAAM5K,MAAM,6HAA6H;IAC3I;AACA,QAAI,KAAK2K,oBAAoB;AAC3B,UAAI;AACFI,2BAAmB,MAAM,KAAKvL,QAAQwC,MAAMkJ,WAAW;UAAEhH;UAAQ5C;QAAQ,CAAA;MAC3E,SAASyE,OAAgB;AACvBkF,cAAMlF;MACR;IACF;AACA,QAAIgF,kBAAkB;AACpBC,6BAAuBD;AACvB,UAAIA,iBAAiB1K,gBAAgB,MAAM;AACzC0K,2BAAmBnL;MACrB;IACF,OAAO;AACLoG,cAAQmF,IAAI,wEAAwE;IACtF;AACA,QAAI,CAACJ,oBAAoB,KAAKF,iBAAiB;AAC7C7E,cAAQmF,IAAI,kEAAkE;AAC9E,UAAI;AACF,cAAMnK,MAAMkD,OAAO6F,MAAM,GAAA,EAAK,CAAA;AAC9B,cAAMqB,cAAc,MAAM,KAAK5L,QAAQwC,MAAMkI,cAAc;UAAElJ;QAAI,CAAA;AACjE+J,2BAAmBM,sBAAsBD,aAAa;UAAEpK;QAAI,CAAA;AAC5D,YAAI+J,iBAAiB1K,aAAa;AAChC4K,gBAAMrL;QACR,OAAO;AACLoG,kBAAQmF,IAAI,mDAAmDnK,GAAAA,EAAK;QACtE;MACF,SAAS+E,OAAgB;AACvB,YAAI,CAACkF,KAAK;AACRA,gBAAMlF;QACR;MACF;IACF;AACA,QAAIgF,kBAAkB;AACpB,UAAI,CAACC,sBAAsB;AACzBA,+BAAuBD;MACzB;AACA,UAAI,CAACA,iBAAiB1K,aAAa;AACjC0K,2BAAmBnL;MACrB;IACF;AACA,QAAI,CAACmL,oBAAoB,KAAKH,uBAAuB;AACnD5E,cAAQmF,IAAI,+CAA+CjH,MAAAA,GAAS;AACpE6G,yBAAmB,MAAM,IAAIO,kCAAAA,EAAchD,QAAQpE,QAAQ5C,OAAAA;AAC3D,UAAI,CAAC0J,sBAAsB;AACzBA,+BAAuBD;MACzB;AACA,UAAIA,iBAAiB1K,aAAa;AAChC4K,cAAMrL;MACR;IACF;AAEA,QAAIqL,KAAK;AAEP,YAAMA;IACR;AACA,QAAI,CAACF,oBAAoB,CAACC,sBAAsB;AAC9C,YAAM,qBAAqB9G,MAAAA,gCAAsC,KAAKyG,kBAAkB,YAAY,KAAKE,eAAe,mBAAmB,KAAKD,qBAAqB;IACvK;AACA,WAAOG,oBAAoBC;EAC7B;AACF;AAYO,SAAS5K,cACdjB,YACA+B,MAGC;AAED,MAAIb,cAAuCT;AAE3C,MAAIT,YAAY;AACd,UAAM6B,MAAM7B,WAAW6B,OAAOE,MAAMF;AACpCX,kBAAc;MACZ,YAAY;MACZ+G,IAAIpG;MACJF,oBAAoB3B,WAAWmB,KAAKC,IAAI,CAACZ,QAAAA;AACvC,cAAMkF,KAAyB;UAC7B0G,YAAYvK;UACZoG,IAAIzH,IAAIe,IAAIqI,WAAW/H,GAAAA,KAAQrB,IAAIe,IAAIR,SAAS,GAAA,IAAOP,IAAIe,MAAM,GAAGM,GAAAA,IAAOrB,IAAIe,GAAG;UAClF8D,kBAAc0C,0BAAMvH,IAAI4D,cAAc5D,IAAIc,MAAM;YAC9C+K,KAAKC,gCAAavL,SAASP,IAAIc,IAAI,IAAIiL,6BAAUC,aAAaD,6BAAUE;YACxEjM;UACF,CAAA;UACAc,MAAM;QACR;AACA,eAAOoE;MACT,CAAA;MACA,IAAK3D,MAAMsK,QAAQ5L,UAAasB,MAAMsK,KAAKtL,SAASwL,6BAAUE,SAAS,MACrEzM,WAAWmB,QAAQ;QACjByH,iBAAiB5I,WAAWmB,KACzBE,OACC,CAACb,QACCA,KAAKkB,MAAMgL,YAAYjM,UAAaD,KAAKkB,MAAMgL,YAAY,qBAAqBlM,KAAKkB,MAAME,UAAUb,SAAS,iBAAA,CAAA,EAEjHK,IAAI,CAACZ,QAAAA;AACJ,cAAIA,IAAIe,IAAIqI,WAAW/H,GAAAA,KAAQrB,IAAIe,IAAIR,SAAS,GAAA,GAAM;AACpD,mBAAOP,IAAIe;UACb;AACA,iBAAO,GAAGM,GAAAA,IAAOrB,IAAIe,GAAG;QAC1B,CAAA;MACJ;MACF,IAAKQ,MAAMsK,QAAQ5L,UAAasB,MAAMsK,KAAKtL,SAASwL,6BAAUE,SAAS,MACrEzM,WAAWmB,QAAQ;QACjB0H,gBAAgB7I,WAAWmB,KACxBE,OACC,CAACb,QAAQA,KAAKkB,MAAMgL,YAAYjM,UAAaD,KAAKkB,MAAMgL,YAAY,oBAAoBlM,KAAKkB,MAAME,UAAUb,SAAS,gBAAA,CAAA,EAEvHK,IAAI,CAACZ,QAAAA;AACJ,cAAIA,IAAIe,IAAIqI,WAAW/H,GAAAA,KAAQrB,IAAIe,IAAIR,SAAS,GAAA,GAAM;AACpD,mBAAOP,IAAIe;UACb;AACA,iBAAO,GAAGM,GAAAA,IAAOrB,IAAIe,GAAG;QAC1B,CAAA;MACJ;MACF,IAAKQ,MAAMsK,QAAQ5L,UAAasB,MAAMsK,KAAKtL,SAASwL,6BAAUC,UAAU,MACtExM,WAAWmB,QAAQ;QACjB2H,cAAc9I,WAAWmB,KACtBE,OAAO,CAACb,QAAQA,IAAIc,SAAS,YAAYd,KAAKkB,MAAMgL,YAAY,kBAAkBlM,KAAKkB,MAAME,UAAUb,SAAS,cAAA,CAAA,EAChHK,IAAI,CAACZ,QAAAA;AACJ,cAAIA,IAAIe,IAAIqI,WAAW/H,GAAAA,KAAQrB,IAAIe,IAAIR,SAAS,GAAA,GAAM;AACpD,mBAAOP,IAAIe;UACb;AACA,iBAAO,GAAGM,GAAAA,IAAOrB,IAAIe,GAAG;QAC1B,CAAA;MACJ;MACF,IAAKQ,MAAMsK,QAAQ5L,UAAasB,MAAMsK,KAAKtL,SAASwL,6BAAUC,UAAU,MACtExM,WAAWmB,QAAQ;QACjB4H,sBAAsB/I,WAAWmB,KAC9BE,OACC,CAACb,QAAQA,IAAIc,SAAS,YAAYd,KAAKkB,MAAMgL,YAAY,0BAA0BlM,KAAKkB,MAAME,UAAUb,SAAS,sBAAA,CAAA,EAElHK,IAAI,CAACZ,QAAAA;AACJ,cAAIA,IAAIe,IAAIqI,WAAW/H,GAAAA,KAAQrB,IAAIe,IAAIR,SAAS,GAAA,GAAM;AACpD,mBAAOP,IAAIe;UACb;AACA,iBAAO,GAAGM,GAAAA,IAAOrB,IAAIe,GAAG;QAC1B,CAAA;MACJ;MACF,IAAKQ,MAAMsK,QAAQ5L,UAAasB,MAAMsK,KAAKtL,SAASwL,6BAAUC,UAAU,MACtExM,WAAWmB,QAAQ;QACjB6H,sBAAsBhJ,WAAWmB,KAC9BE,OACC,CAACb,QAAQA,IAAIc,SAAS,YAAYd,KAAKkB,MAAMgL,YAAY,0BAA0BlM,KAAKkB,MAAME,UAAUb,SAAS,sBAAA,CAAA,EAElHK,IAAI,CAACZ,QAAAA;AACJ,cAAIA,IAAIe,IAAIqI,WAAW/H,GAAAA,KAAQrB,IAAIe,IAAIR,SAAS,GAAA,GAAM;AACpD,mBAAOP,IAAIe;UACb;AACA,iBAAO,GAAGM,GAAAA,IAAOrB,IAAIe,GAAG;QAC1B,CAAA;MACJ;MACF,GAAIvB,WAAW2M,YAAY3M,WAAW2M,SAASzJ,SAAS,KAAK;QAAE0J,SAAS5M,WAAW2M;MAAS;IAC9F;EACF;AACA,SAAOzL;AACT;AA9FgBD;AAgGT,SAASiL,sBACdlM,YACA+B,MAGC;AAED,QAAMb,cAAcD,cAAcjB,YAAY+B,IAAAA,KAAS;AAEvD,QAAM6J,mBAAwC;IAC5C,YAAY;IACZ1K;IACA2L,uBAAuB;MACrB,GAAI,CAAC3L,eAAe;QAAE0F,OAAO;MAAW;MACxC,GAAI/C,MAAMC,QAAQ/B,MAAM+K,gBAAAA,KACtB9M,cACA,CAAC+B,MAAM+K,iBAAiB/L,SAASf,WAAW+C,SAASwE,QAAQ,QAAQ,EAAA,CAAA,KAAQ;QAAEX,OAAO;MAAuB;IACjH;IACAmG,qBAAqB;MACnB,GAAI/M,YAAYsD,SAAS;QAAE0J,cAAchN,YAAYsD;MAAM;IAC7D;EACF;AACA,SAAOsI;AACT;AAvBgBM;AAyBhB,eAAsBe,SAASC,eAAqB;AAClD,MAAIrL,MAAMqL;AACV,MAAI,CAACrL,KAAK;AACR,UAAMhB,MAAM,+CAAA;EACd;AACA,MAAIgB,IAAI+H,WAAW,UAAA,GAAa;AAC9B,WAAO/H;EACT;AACA,SAAO,WAAWA,IAAI0F,QAAQ,2BAA2B,IAAA,EAAMrD,YAAW,CAAA;AAC5E;AATsB+I;AAcf,IAAME,aAAa,8BAAOC,SAAAA;AAC/B,QAAM,EAAE9C,QAAQ+C,QAAQC,SAASjN,SAAS8B,QAAO,IAAKiL;AACtD,QAAMG,aAAa;IACjB,GAAGpL;IACHqL,QAAQ,MAAMC,aAAa;MAAEnD;MAAQjK;IAAQ,CAAA;EAC/C;AAEA,aAAOqN,0BAAUJ,SAASC,YAAYF,MAAAA;AACxC,GAR0B;AAanB,IAAMI,eAAe,8BAC1BL,SAAAA;AAiBA,QAAM,EAAE9C,QAAQjK,QAAO,IAAK+M;AAE5B,QAAMpN,aAAa,MAAM8K,oBAAoBR,QAAQjK,OAAAA;AACrD,QAAMG,MAAM,MAAMiK,OAChB;IACEzK;IACAO,gBAAgB+J,OAAOqD;IACvBnJ,WAAW8F,OAAO9F;EACpB,GACAnE,OAAAA;AAEF,QAAMuN,YAAY,UAAMC,8CAA0B;IAAErN;EAAI,CAAA;AAExD,SAAO,OAAOsN,SAAAA;AACZ,UAAMxG,QAAQwG,gBAAgBC,OAAOC,eAAenG,UAAAA,IAAc,IAAIoG,YAAAA,EAAcC,OAAOJ,IAAAA,IAAuBA;AAClH,WAAO,MAAMzN,QAAQwC,MAAMsL,eAAe;MACxCC,QAAQ5N,IAAIe;MACZqM;MACAE,MAAMxG;IACR,CAAA;EACF;AACF,GAvC4B;","names":["import_ssi_sdk_ext","SupportedDidMethodEnum","IdentifierAliasEnum","DID_PREFIX","fromString","toString","u8a","getAuthenticationKey","identifier","offlineWhenNoDIDRegistered","noVerificationMethodFallback","keyType","controllerKey","context","getFirstKeyWithRelation","vmRelationship","key","undefined","getFirstKeyWithRelationFromDIDDoc","errorOnNotFound","e","Error","message","includes","offlineDID","toDidDocument","didDocument","keys","map","filter","type","kid","controllerKeyId","find","meta","verificationMethod","purposes","did","getOrCreatePrimaryIdentifier","opts","primaryIdentifier","getPrimaryIdentifier","createOpts","options","method","created","result","SupportedDidMethodEnum","DID_KEY","codecName","createdIdentifier","createIdentifier","identifiers","agent","didManagerFind","provider","DID_PREFIX","some","length","didManagerCreate","kms","getKms","alias","IdentifierAliasEnum","PRIMARY","Date","getTime","matchedKeys","mapIdentifierKeysToDocWithJwkSupport","Array","isArray","getEthereumAddressFromKey","ethereumAddress","account","toLowerCase","computeAddress","publicKeyHex","getControllerKey","getKeys","jwkThumbprint","kmsKeyRef","dereferenceDidKeysWithJwkSupport","section","convert","Promise","all","getDIDComponentById","didUrl","isDefined","hexKey","extractPublicKeyHexWithJwkSupport","publicKeyBase58","publicKeyBase64","publicKeyJwk","keyProps","newKey","jwkTtoPublicKeyHex","jwk","vm","sanitizedJwk","pk","kty","curve","crv","toEcLibCurve","xHex","base64ToHex","x","yHex","y","prefix","hex","ec","elliptic","keyFromPublic","getPublic","error","console","hexKeyFromPEMBasedJwk","extractPublicKeyHex","isEvenHexString","lastChar","keyBytes","extractPublicKeyBytes","convertPublicKeyToX25519","bytesToHex","input","replace","base58ToBytes","publicKeyMultibase","multibaseKeyToBytes","base64ToBytes","hexToBytes","Uint8Array","verificationMethodToJwk","toJwk","keyTypeFromCryptographicSuite","id","didDocumentSectionToJwks","didDocumentSection","searchForVerificationMethods","verificationMethods","jwks","Set","vmOrId","from","didDocumentToJwks","publicKey","assertionMethod","authentication","keyAgreement","capabilityInvocation","capabilityDelegation","didDoc","getAgentResolver","resolve","then","mapIdentifierKeysToDoc","documentKeys","localKeys","convertIdentifierEncryptionKeys","compressIdentifierSecp256k1Keys","extendedKeys","localKey","startsWith","compareBlockchainAccountId","localProps","concat","vmEthAddr","getEthereumAddress","computedAddr","getAgentDIDMethods","didManagerGetProviders","getDID","idOpts","toDID","toDIDs","getKey","reject","kmsKeyRefParts","split","identifierKey","legacyGetIdentifier","didManagerGet","determineKid","mappedKeys","vmKey","extendedKey","getSupportedDIDMethods","didOpts","supportedDIDMethods","AgentDIDResolver","resolverResolution","uniresolverResolution","localResolution","constructor","resolutionResult","origResolutionResult","err","resolveDid","log","iIdentifier","toDidResolutionResult","UniResolver","controller","use","ENC_KEY_ALGS","JwkKeyUse","Encryption","Signature","purpose","services","service","didResolutionMetadata","supportedMethods","didDocumentMetadata","equivalentId","asDidWeb","hostnameOrDID","signDidJWT","args","header","payload","jwtOptions","signer","getDidSigner","createJWT","verificationMethodSection","algorithm","signatureAlgorithmFromKey","data","Object","getPrototypeOf","TextDecoder","decode","keyManagerSign","keyRef"]}
1
+ {"version":3,"sources":["../src/index.ts","../src/did-functions.ts","../src/types.ts"],"sourcesContent":["export * from './did-functions'\nexport * from './types'\n","import { computeAddress } from '@ethersproject/transactions'\nimport { UniResolver } from '@sphereon/did-uni-client'\nimport {\n ENC_KEY_ALGS,\n getKms,\n JwkKeyUse,\n keyTypeFromCryptographicSuite,\n sanitizedJwk,\n signatureAlgorithmFromKey,\n type TKeyType,\n toJwk,\n} from '@sphereon/ssi-sdk-ext.key-utils'\nimport { base64ToHex, hexKeyFromPEMBasedJwk } from '@sphereon/ssi-sdk-ext.x509-utils'\nimport { base58ToBytes, base64ToBytes, bytesToHex, hexToBytes, multibaseKeyToBytes } from '@sphereon/ssi-sdk.core'\nimport type { JWK } from '@sphereon/ssi-types'\nimport { convertPublicKeyToX25519 } from '@stablelib/ed25519'\nimport type { DIDDocument, DIDDocumentSection, DIDResolutionResult, IAgentContext, IDIDManager, IIdentifier, IKey, IResolver } from '@veramo/core'\nimport {\n type _ExtendedIKey,\n type _ExtendedVerificationMethod,\n type _NormalizedVerificationMethod,\n compressIdentifierSecp256k1Keys,\n convertIdentifierEncryptionKeys,\n getEthereumAddress,\n isDefined,\n mapIdentifierKeysToDoc,\n} from '@veramo/utils'\nimport { createJWT, Signer } from 'did-jwt'\nimport type { DIDResolutionOptions, JsonWebKey, Resolvable, VerificationMethod } from 'did-resolver'\n// @ts-ignore\nimport elliptic from 'elliptic'\n// @ts-ignore\nimport * as u8a from 'uint8arrays'\n\nconst { fromString, toString } = u8a\nimport {\n type CreateIdentifierOpts,\n type CreateOrGetIdentifierOpts,\n DID_PREFIX,\n type GetOrCreateResult,\n type GetSignerArgs,\n IdentifierAliasEnum,\n type IdentifierProviderOpts,\n type IDIDOptions,\n type SignJwtArgs,\n SupportedDidMethodEnum,\n} from './types'\n\nexport const getAuthenticationKey = async (\n {\n identifier,\n offlineWhenNoDIDRegistered,\n noVerificationMethodFallback,\n keyType,\n controllerKey,\n }: {\n identifier: IIdentifier\n keyType?: TKeyType\n offlineWhenNoDIDRegistered?: boolean\n noVerificationMethodFallback?: boolean\n controllerKey?: boolean\n },\n context: IAgentContext<IResolver & IDIDManager>\n): Promise<_ExtendedIKey> => {\n return await getFirstKeyWithRelation(\n {\n identifier,\n offlineWhenNoDIDRegistered,\n noVerificationMethodFallback,\n keyType,\n controllerKey,\n vmRelationship: 'authentication',\n },\n context\n )\n}\nexport const getFirstKeyWithRelation = async (\n {\n identifier,\n offlineWhenNoDIDRegistered,\n noVerificationMethodFallback,\n keyType,\n controllerKey,\n vmRelationship,\n }: {\n identifier: IIdentifier\n keyType?: TKeyType\n offlineWhenNoDIDRegistered?: boolean\n noVerificationMethodFallback?: boolean\n controllerKey?: boolean\n vmRelationship: DIDDocumentSection\n },\n context: IAgentContext<IResolver & IDIDManager>\n): Promise<_ExtendedIKey> => {\n let key: _ExtendedIKey | undefined = undefined\n try {\n key =\n (await getFirstKeyWithRelationFromDIDDoc(\n {\n identifier,\n vmRelationship,\n errorOnNotFound: false,\n keyType,\n controllerKey,\n },\n context\n )) ??\n (noVerificationMethodFallback || vmRelationship === 'verificationMethod' // let's not fallback to the same value again\n ? undefined\n : await getFirstKeyWithRelationFromDIDDoc(\n {\n identifier,\n vmRelationship: 'verificationMethod',\n errorOnNotFound: false,\n keyType,\n controllerKey,\n },\n context\n ))\n } catch (e) {\n if (e instanceof Error) {\n if (!e.message.includes('404') || !offlineWhenNoDIDRegistered) {\n throw e\n }\n } else {\n throw e\n }\n }\n if (!key && offlineWhenNoDIDRegistered) {\n const offlineDID = toDidDocument(identifier)\n key =\n (await getFirstKeyWithRelationFromDIDDoc(\n {\n identifier,\n vmRelationship,\n errorOnNotFound: false,\n didDocument: offlineDID,\n keyType,\n controllerKey,\n },\n context\n )) ??\n (noVerificationMethodFallback || vmRelationship === 'verificationMethod' // let's not fallback to the same value again\n ? undefined\n : await getFirstKeyWithRelationFromDIDDoc(\n {\n identifier,\n vmRelationship: 'verificationMethod',\n errorOnNotFound: false,\n didDocument: offlineDID,\n keyType,\n controllerKey,\n },\n context\n ))\n if (!key) {\n key = identifier.keys\n .map((key) => key as _ExtendedIKey)\n .filter((key) => keyType === undefined || key.type === keyType || (controllerKey && key.kid === identifier.controllerKeyId))\n .find((key) => key.meta.verificationMethod?.type.includes('authentication') || key.meta.purposes?.includes('authentication'))\n }\n }\n if (!key) {\n throw Error(`Could not find authentication key for DID ${identifier.did}`)\n }\n return key\n}\n\nexport const getOrCreatePrimaryIdentifier = async (\n context: IAgentContext<IDIDManager>,\n opts?: CreateOrGetIdentifierOpts\n): Promise<GetOrCreateResult<IIdentifier>> => {\n const primaryIdentifier = await getPrimaryIdentifier(context, { ...opts?.createOpts?.options, ...(opts?.method && { method: opts.method }) })\n if (primaryIdentifier !== undefined) {\n return {\n created: false,\n result: primaryIdentifier,\n }\n }\n\n if (opts?.method === SupportedDidMethodEnum.DID_KEY) {\n const createOpts = opts?.createOpts ?? {}\n createOpts.options = { codecName: 'EBSI', type: 'Secp256r1', ...createOpts }\n opts.createOpts = createOpts\n }\n const createdIdentifier = await createIdentifier(context, opts)\n return {\n created: true,\n result: createdIdentifier,\n }\n}\n\nexport const getPrimaryIdentifier = async (context: IAgentContext<IDIDManager>, opts?: IdentifierProviderOpts): Promise<IIdentifier | undefined> => {\n const identifiers = (await context.agent.didManagerFind(opts?.method ? { provider: `${DID_PREFIX}${opts?.method}` } : {})).filter(\n (identifier: IIdentifier) => opts?.type === undefined || identifier.keys.some((key: IKey) => key.type === opts?.type)\n )\n\n return identifiers && identifiers.length > 0 ? identifiers[0] : undefined\n}\n\nexport const createIdentifier = async (context: IAgentContext<IDIDManager>, opts?: CreateIdentifierOpts): Promise<IIdentifier> => {\n return await context.agent.didManagerCreate({\n kms: await getKms(context, opts?.createOpts?.kms),\n ...(opts?.method && { provider: `${DID_PREFIX}${opts?.method}` }),\n alias: opts?.createOpts?.alias ?? `${IdentifierAliasEnum.PRIMARY}-${opts?.method}-${opts?.createOpts?.options?.type}-${new Date().getTime()}`,\n options: opts?.createOpts?.options,\n })\n}\n\nexport const getFirstKeyWithRelationFromDIDDoc = async (\n {\n identifier,\n vmRelationship = 'verificationMethod',\n keyType,\n errorOnNotFound = false,\n didDocument,\n controllerKey,\n }: {\n identifier: IIdentifier\n controllerKey?: boolean\n vmRelationship?: DIDDocumentSection\n keyType?: TKeyType\n errorOnNotFound?: boolean\n didDocument?: DIDDocument\n },\n context: IAgentContext<IResolver & IDIDManager>\n): Promise<_ExtendedIKey | undefined> => {\n const matchedKeys = await mapIdentifierKeysToDocWithJwkSupport({ identifier, vmRelationship, didDocument }, context)\n if (Array.isArray(matchedKeys) && matchedKeys.length > 0) {\n const result = matchedKeys.find(\n (key) => keyType === undefined || key.type === keyType || (controllerKey && key.kid === identifier.controllerKeyId)\n )\n if (result) {\n return result\n }\n }\n if (errorOnNotFound) {\n throw new Error(\n `Could not find key with relationship ${vmRelationship} in DID document for ${identifier.did}${keyType ? ' and key type: ' + keyType : ''}`\n )\n }\n return undefined\n}\n\nexport const getEthereumAddressFromKey = ({ key }: { key: IKey }) => {\n if (key.type !== 'Secp256k1') {\n throw Error(`Can only get ethereum address from a Secp256k1 key. Type is ${key.type} for keyRef: ${key.kid}`)\n }\n const ethereumAddress = key.meta?.ethereumAddress ?? key.meta?.account?.toLowerCase() ?? computeAddress(`0x${key.publicKeyHex}`).toLowerCase()\n if (!ethereumAddress) {\n throw Error(`Could not get or generate ethereum address from key with keyRef ${key.kid}`)\n }\n return ethereumAddress\n}\n\nexport const getControllerKey = ({ identifier }: { identifier: IIdentifier }) => {\n const key = identifier.keys.find((key) => key.kid === identifier.controllerKeyId)\n if (!key) {\n throw Error(`Could not get controller key for identifier ${identifier}`)\n }\n return key\n}\n\nexport const getKeys = ({\n jwkThumbprint,\n kms,\n identifier,\n kmsKeyRef,\n keyType,\n controllerKey,\n}: {\n identifier: IIdentifier\n kmsKeyRef?: string\n keyType?: TKeyType\n kms?: string\n jwkThumbprint?: string\n controllerKey?: boolean\n}) => {\n return identifier.keys\n .filter((key) => !keyType || key.type === keyType)\n .filter((key) => !kms || key.kms === kms)\n .filter((key) => !kmsKeyRef || key.kid === kmsKeyRef)\n .filter((key) => !jwkThumbprint || key.meta?.jwkThumbprint === jwkThumbprint)\n .filter((key) => !controllerKey || identifier.controllerKeyId === key.kid)\n}\n\n//TODO: Move to ssi-sdk/core and create PR upstream\n/**\n * Dereferences keys from DID document and normalizes them for easy comparison.\n *\n * When dereferencing keyAgreement keys, only Ed25519 and X25519 curves are supported.\n * Other key types are omitted from the result and Ed25519 keys are converted to X25519\n *\n * @returns a Promise that resolves to the list of dereferenced keys.\n *\n * @beta This API may change without a BREAKING CHANGE notice.\n */\nexport async function dereferenceDidKeysWithJwkSupport(\n didDocument: DIDDocument,\n section: DIDDocumentSection = 'keyAgreement',\n context: IAgentContext<IResolver>\n): Promise<_NormalizedVerificationMethod[]> {\n const convert = section === 'keyAgreement'\n if (section === 'service') {\n return []\n }\n return (\n await Promise.all(\n (didDocument[section] || []).map(async (key: string | VerificationMethod) => {\n if (typeof key === 'string') {\n try {\n return (await context.agent.getDIDComponentById({\n didDocument,\n didUrl: key,\n section,\n })) as _ExtendedVerificationMethod\n } catch (e) {\n return null\n }\n } else {\n return key as _ExtendedVerificationMethod\n }\n })\n )\n )\n .filter(isDefined)\n .map((key) => {\n const hexKey = extractPublicKeyHexWithJwkSupport(key, convert)\n const { publicKeyHex, publicKeyBase58, publicKeyBase64, publicKeyJwk, ...keyProps } = key\n const newKey = { ...keyProps, publicKeyHex: hexKey }\n if (convert && 'Ed25519VerificationKey2018' === newKey.type) {\n newKey.type = 'X25519KeyAgreementKey2019'\n }\n return newKey\n })\n}\n\nexport function jwkTtoPublicKeyHex(jwk: JWK): string {\n // todo: Hacky way to convert this to a VM. Should extract the logic from the below methods\n // @ts-ignore\n const vm: _ExtendedVerificationMethod = {\n publicKeyJwk: sanitizedJwk(jwk),\n }\n return extractPublicKeyHexWithJwkSupport(vm)\n}\n\n/**\n * Converts the publicKey of a VerificationMethod to hex encoding (publicKeyHex)\n *\n * @param pk - the VerificationMethod to be converted\n * @param convert - when this flag is set to true, Ed25519 keys are converted to their X25519 pairs\n * @returns the hex encoding of the public key\n *\n * @beta This API may change without a BREAKING CHANGE notice.\n */\nexport function extractPublicKeyHexWithJwkSupport(pk: _ExtendedVerificationMethod, convert = false): string {\n if (pk.publicKeyJwk) {\n const jwk = sanitizedJwk(pk.publicKeyJwk)\n if (jwk.kty === 'EC') {\n const curve = jwk.crv ? toEcLibCurve(jwk.crv) : 'p256'\n const xHex = base64ToHex(jwk.x!, 'base64url')\n const yHex = base64ToHex(jwk.y!, 'base64url')\n const prefix = '04' // isEven(yHex) ? '02' : '03'\n // Uncompressed Hex format: 04<x><y>\n // Compressed Hex format: 02<x> (for even y) or 03<x> (for uneven y)\n const hex = `${prefix}${xHex}${yHex}`\n try {\n const ec = new elliptic.ec(curve)\n // We return directly as we don't want to convert the result back into Uint8Array and then convert again to hex as the elliptic lib already returns hex strings\n const publicKeyHex = ec.keyFromPublic(hex, 'hex').getPublic(true, 'hex')\n // This returns a short form (x) with 02 or 03 prefix\n return publicKeyHex\n } catch (error: any) {\n console.error(`Error converting EC with elliptic lib curve ${curve} from JWK to hex. x: ${jwk.x}, y: ${jwk.y}, error: ${error}`, error)\n }\n } else if (jwk.crv === 'Ed25519') {\n return toString(fromString(jwk.x!, 'base64url'), 'base16')\n } else if (jwk.kty === 'RSA') {\n return hexKeyFromPEMBasedJwk(jwk, 'public')\n }\n }\n // delegate the other types to the original Veramo function\n return extractPublicKeyHex(pk, convert)\n}\n\nexport function isEvenHexString(hex: string) {\n const lastChar = hex[hex.length - 1].toLowerCase()\n return ['0', '2', '4', '6', '8', 'a', 'c', 'e'].includes(lastChar)\n}\n\ninterface LegacyVerificationMethod extends VerificationMethod {\n publicKeyBase64: string\n}\n\n/**\n * Converts the publicKey of a VerificationMethod to hex encoding (publicKeyHex)\n *\n * @param pk - the VerificationMethod to be converted\n * @param convert - when this flag is set to true, Ed25519 keys are converted to their X25519 pairs\n * @returns the hex encoding of the public key\n *\n * @beta This API may change without a BREAKING CHANGE notice.\n */\nexport function extractPublicKeyHex(pk: _ExtendedVerificationMethod, convert: boolean = false): string {\n let keyBytes = extractPublicKeyBytes(pk)\n const jwk = pk.publicKeyJwk ? sanitizedJwk(pk.publicKeyJwk) : undefined\n if (convert) {\n if (\n ['Ed25519', 'Ed25519VerificationKey2018', 'Ed25519VerificationKey2020'].includes(pk.type) ||\n (pk.type === 'JsonWebKey2020' && jwk?.crv === 'Ed25519')\n ) {\n keyBytes = convertPublicKeyToX25519(keyBytes)\n } else if (\n !['X25519', 'X25519KeyAgreementKey2019', 'X25519KeyAgreementKey2020'].includes(pk.type) &&\n !(pk.type === 'JsonWebKey2020' && jwk?.crv === 'X25519')\n ) {\n return ''\n }\n }\n return bytesToHex(keyBytes)\n}\n\nfunction toEcLibCurve(input: string) {\n return input.toLowerCase().replace('-', '').replace('_', '')\n}\n\nfunction extractPublicKeyBytes(pk: VerificationMethod): Uint8Array {\n if (pk.publicKeyBase58) {\n return base58ToBytes(pk.publicKeyBase58)\n } else if (pk.publicKeyMultibase) {\n return multibaseKeyToBytes(pk.publicKeyMultibase)\n } else if ((<LegacyVerificationMethod>pk).publicKeyBase64) {\n return base64ToBytes((<LegacyVerificationMethod>pk).publicKeyBase64)\n } else if (pk.publicKeyHex) {\n return hexToBytes(pk.publicKeyHex)\n } else if (pk.publicKeyJwk?.crv && pk.publicKeyJwk.x && pk.publicKeyJwk.y) {\n return hexToBytes(extractPublicKeyHexWithJwkSupport(pk))\n } else if (pk.publicKeyJwk && (pk.publicKeyJwk.crv === 'Ed25519' || pk.publicKeyJwk.crv === 'X25519') && pk.publicKeyJwk.x) {\n return base64ToBytes(pk.publicKeyJwk.x)\n }\n return new Uint8Array()\n}\n\nexport function verificationMethodToJwk(vm: VerificationMethod): JWK {\n let jwk: JWK | undefined = vm.publicKeyJwk as JWK\n if (!jwk) {\n let publicKeyHex = vm.publicKeyHex ?? toString(extractPublicKeyBytes(vm), 'hex')\n jwk = toJwk(publicKeyHex, keyTypeFromCryptographicSuite({ crv: vm.type }))\n }\n if (!jwk) {\n throw Error(`Could not convert verification method to jwk`)\n }\n jwk.kid = vm.id\n return sanitizedJwk(jwk)\n}\n\nfunction didDocumentSectionToJwks(\n didDocumentSection: DIDDocumentSection,\n searchForVerificationMethods?: (VerificationMethod | string)[],\n verificationMethods?: VerificationMethod[]\n) {\n const jwks = new Set(\n (searchForVerificationMethods ?? [])\n .map((vmOrId) => (typeof vmOrId === 'object' ? vmOrId : verificationMethods?.find((vm) => vm.id === vmOrId)))\n .filter(isDefined)\n .map((vm) => verificationMethodToJwk(vm))\n )\n return { didDocumentSection, jwks: Array.from(jwks) }\n}\n\nexport type DidDocumentJwks = Record<Exclude<DIDDocumentSection, 'publicKey' | 'service'>, Array<JWK>>\n\nexport function didDocumentToJwks(didDocument: DIDDocument): DidDocumentJwks {\n return {\n verificationMethod: [\n ...didDocumentSectionToJwks('publicKey', didDocument.publicKey, didDocument.verificationMethod).jwks, // legacy support\n ...didDocumentSectionToJwks('verificationMethod', didDocument.verificationMethod, didDocument.verificationMethod).jwks,\n ],\n assertionMethod: didDocumentSectionToJwks('assertionMethod', didDocument.assertionMethod, didDocument.verificationMethod).jwks,\n authentication: didDocumentSectionToJwks('authentication', didDocument.authentication, didDocument.verificationMethod).jwks,\n keyAgreement: didDocumentSectionToJwks('keyAgreement', didDocument.keyAgreement, didDocument.verificationMethod).jwks,\n capabilityInvocation: didDocumentSectionToJwks('capabilityInvocation', didDocument.capabilityInvocation, didDocument.verificationMethod).jwks,\n capabilityDelegation: didDocumentSectionToJwks('capabilityDelegation', didDocument.capabilityDelegation, didDocument.verificationMethod).jwks,\n }\n}\n\n/**\n * Maps the keys of a locally managed {@link @veramo/core#IIdentifier | IIdentifier} to the corresponding\n * {@link did-resolver#VerificationMethod | VerificationMethod} entries from the DID document.\n *\n * @param identifier - the identifier to be mapped\n * @param section - the section of the DID document to be mapped (see\n * {@link https://www.w3.org/TR/did-core/#verification-relationships | verification relationships}), but can also be\n * `verificationMethod` to map all the keys.\n * @param didDocument\n * @param context - the veramo agent context, which must contain a {@link @veramo/core#IResolver | IResolver}\n * implementation that can resolve the DID document of the identifier.\n *\n * @returns an array of mapped keys. The corresponding verification method is added to the `meta.verificationMethod`\n * property of the key.\n *\n * @beta This API may change without a BREAKING CHANGE notice.\n */\nexport async function mapIdentifierKeysToDocWithJwkSupport(\n {\n identifier,\n vmRelationship = 'verificationMethod',\n didDocument,\n kmsKeyRef,\n }: {\n identifier: IIdentifier\n vmRelationship?: DIDDocumentSection\n didDocument?: DIDDocument\n kmsKeyRef?: string\n },\n context: IAgentContext<IResolver & IDIDManager>\n): Promise<_ExtendedIKey[]> {\n const didDoc =\n didDocument ??\n (await getAgentResolver(context)\n .resolve(identifier.did)\n .then((result) => result.didDocument))\n if (!didDoc) {\n throw Error(`Could not resolve DID ${identifier.did}`)\n }\n\n // const rsaDidWeb = identifier.keys && identifier.keys.length > 0 && identifier.keys.find((key) => key.type === 'RSA') && didDocument\n\n // We skip mapping in case the identifier is RSA and a did document is supplied.\n const keys = didDoc ? [] : await mapIdentifierKeysToDoc(identifier, vmRelationship, context)\n\n // dereference all key agreement keys from DID document and normalize\n const documentKeys: VerificationMethod[] = await dereferenceDidKeysWithJwkSupport(didDoc, vmRelationship, context)\n\n if (kmsKeyRef) {\n let found = keys.filter((key) => key.kid === kmsKeyRef)\n if (found.length > 0) {\n return found\n }\n }\n\n const localKeys = vmRelationship === 'keyAgreement' ? convertIdentifierEncryptionKeys(identifier) : compressIdentifierSecp256k1Keys(identifier)\n\n // finally map the didDocument keys to the identifier keys by comparing `publicKeyHex`\n const extendedKeys: _ExtendedIKey[] = documentKeys\n .map((verificationMethod) => {\n /*if (verificationMethod.type !== 'JsonWebKey2020') {\n return null\n }*/\n const localKey = localKeys.find(\n (localKey) =>\n localKey.publicKeyHex === verificationMethod.publicKeyHex ||\n verificationMethod.publicKeyHex?.startsWith(localKey.publicKeyHex) ||\n compareBlockchainAccountId(localKey, verificationMethod)\n )\n if (localKey) {\n const { meta, ...localProps } = localKey\n return { ...localProps, meta: { ...meta, verificationMethod } }\n } else {\n return null\n }\n })\n .filter(isDefined)\n\n return Array.from(new Set(keys.concat(extendedKeys)))\n}\n\n/**\n * Compares the `blockchainAccountId` of a `EcdsaSecp256k1RecoveryMethod2020` verification method with the address\n * computed from a locally managed key.\n *\n * @returns true if the local key address corresponds to the `blockchainAccountId`\n *\n * @param localKey - The locally managed key\n * @param verificationMethod - a {@link did-resolver#VerificationMethod | VerificationMethod} with a\n * `blockchainAccountId`\n *\n * @beta This API may change without a BREAKING CHANGE notice.\n */\nfunction compareBlockchainAccountId(localKey: IKey, verificationMethod: VerificationMethod): boolean {\n if (\n (verificationMethod.type !== 'EcdsaSecp256k1RecoveryMethod2020' && verificationMethod.type !== 'EcdsaSecp256k1VerificationKey2019') ||\n localKey.type !== 'Secp256k1'\n ) {\n return false\n }\n let vmEthAddr = getEthereumAddress(verificationMethod)\n if (localKey.meta?.account) {\n return vmEthAddr === localKey.meta?.account.toLowerCase()\n }\n const computedAddr = computeAddress('0x' + localKey.publicKeyHex).toLowerCase()\n return computedAddr === vmEthAddr\n}\n\nexport async function getAgentDIDMethods(context: IAgentContext<IDIDManager>) {\n return (await context.agent.didManagerGetProviders()).map((provider) => provider.toLowerCase().replace('did:', ''))\n}\n\nexport function getDID(idOpts: { identifier: IIdentifier | string }): string {\n if (typeof idOpts.identifier === 'string') {\n return idOpts.identifier\n } else if (typeof idOpts.identifier === 'object') {\n return idOpts.identifier.did\n }\n throw Error(`Cannot get DID from identifier value`)\n}\n\nexport function toDID(identifier: string | IIdentifier | Partial<IIdentifier>): string {\n if (typeof identifier === 'string') {\n return identifier\n }\n if (identifier.did) {\n return identifier.did\n }\n throw Error(`No DID value present in identifier`)\n}\n\nexport function toDIDs(identifiers?: (string | IIdentifier | Partial<IIdentifier>)[]): string[] {\n if (!identifiers) {\n return []\n }\n return identifiers.map(toDID)\n}\n\nexport async function getKey(\n {\n identifier,\n vmRelationship = 'authentication',\n kmsKeyRef,\n }: {\n identifier: IIdentifier\n vmRelationship?: DIDDocumentSection\n kmsKeyRef?: string\n },\n context: IAgentContext<IResolver & IDIDManager>\n): Promise<_ExtendedIKey> {\n if (!identifier) {\n return Promise.reject(new Error(`No identifier provided to getKey method!`))\n }\n // normalize to kid, in case keyId was passed in as did#vm or #vm\n const kmsKeyRefParts = kmsKeyRef?.split(`#`)\n const kid = kmsKeyRefParts ? (kmsKeyRefParts?.length === 2 ? kmsKeyRefParts[1] : kmsKeyRefParts[0]) : undefined\n // todo: We really should do a keyRef and external kid here\n // const keyRefKeys = kmsKeyRef ? identifier.keys.find((key: IKey) => key.kid === kid || key?.meta?.jwkThumbprint === kid) : undefined\n let identifierKey: _ExtendedIKey | undefined = undefined\n\n const keys = await mapIdentifierKeysToDocWithJwkSupport({ identifier, vmRelationship: vmRelationship, kmsKeyRef: kmsKeyRef }, context)\n if (!keys || keys.length === 0) {\n throw new Error(`No keys found for verificationMethodSection: ${vmRelationship} and did ${identifier.did}`)\n }\n if (kmsKeyRef) {\n identifierKey = keys.find(\n (key: _ExtendedIKey) => key.meta.verificationMethod?.id === kmsKeyRef || (kid && key.meta.verificationMethod?.id?.includes(kid))\n )\n }\n if (!identifierKey) {\n identifierKey = keys.find(\n (key: _ExtendedIKey) => key.meta.verificationMethod?.type === vmRelationship || key.meta.purposes?.includes(vmRelationship)\n )\n }\n if (!identifierKey) {\n identifierKey = keys[0]\n }\n\n if (!identifierKey) {\n throw new Error(\n `No matching verificationMethodSection key found for keyId: ${kmsKeyRef} and vmSection: ${vmRelationship} for id ${identifier.did}`\n )\n }\n\n return identifierKey\n}\n\n/**\n *\n * @param identifier\n * @param context\n *\n * @deprecated Replaced by the identfier resolution plugin\n */\nasync function legacyGetIdentifier(\n {\n identifier,\n }: {\n identifier: string | IIdentifier\n },\n context: IAgentContext<IDIDManager>\n): Promise<IIdentifier> {\n if (typeof identifier === 'string') {\n return await context.agent.didManagerGet({ did: identifier })\n }\n return identifier\n}\n\n/**\n * Get the real kid as used in JWTs. This is the kid in the VM or in the JWT, not the kid in the Veramo/Sphereon keystore. That was just a poorly chosen name\n * @param key\n * @param idOpts\n * @param context\n */\nexport async function determineKid(\n {\n key,\n idOpts,\n }: {\n key: IKey\n idOpts: { identifier: IIdentifier | string; kmsKeyRef?: string }\n },\n context: IAgentContext<IResolver & IDIDManager>\n): Promise<string> {\n if (key.meta?.verificationMethod?.id) {\n return key.meta?.verificationMethod?.id\n }\n const identifier = await legacyGetIdentifier(idOpts, context)\n const mappedKeys = await mapIdentifierKeysToDocWithJwkSupport(\n {\n identifier,\n vmRelationship: 'verificationMethod',\n },\n context\n )\n const vmKey = mappedKeys.find((extendedKey) => extendedKey.kid === key.kid)\n if (vmKey) {\n return vmKey.meta?.verificationMethod?.id ?? vmKey.meta?.jwkThumbprint ?? idOpts.kmsKeyRef ?? vmKey.kid\n }\n\n return key.meta?.jwkThumbprint ?? idOpts.kmsKeyRef ?? key.kid\n}\n\nexport async function getSupportedDIDMethods(didOpts: IDIDOptions, context: IAgentContext<IDIDManager>) {\n return didOpts.supportedDIDMethods ?? (await getAgentDIDMethods(context))\n}\n\nexport function getAgentResolver(\n context: IAgentContext<IResolver & IDIDManager>,\n opts?: {\n localResolution?: boolean // Resolve identifiers hosted by the agent\n uniresolverResolution?: boolean // Resolve identifiers using universal resolver\n resolverResolution?: boolean // Use registered drivers\n }\n): Resolvable {\n return new AgentDIDResolver(context, opts)\n}\n\nexport class AgentDIDResolver implements Resolvable {\n private readonly context: IAgentContext<IResolver & IDIDManager>\n private readonly resolverResolution: boolean\n private readonly uniresolverResolution: boolean\n private readonly localResolution: boolean\n\n constructor(\n context: IAgentContext<IResolver & IDIDManager>,\n opts?: { uniresolverResolution?: boolean; localResolution?: boolean; resolverResolution?: boolean }\n ) {\n this.context = context\n this.resolverResolution = opts?.resolverResolution !== false\n this.uniresolverResolution = opts?.uniresolverResolution !== false\n this.localResolution = opts?.localResolution !== false\n }\n\n async resolve(didUrl: string, options?: DIDResolutionOptions): Promise<DIDResolutionResult> {\n let resolutionResult: DIDResolutionResult | undefined\n let origResolutionResult: DIDResolutionResult | undefined\n let err: any\n if (!this.resolverResolution && !this.localResolution && !this.uniresolverResolution) {\n throw Error(`No agent hosted DID resolution, regular agent resolution nor universal resolver resolution is enabled. Cannot resolve DIDs.`)\n }\n if (this.resolverResolution) {\n try {\n resolutionResult = await this.context.agent.resolveDid({ didUrl, options })\n } catch (error: unknown) {\n err = error\n }\n }\n if (resolutionResult) {\n origResolutionResult = resolutionResult\n if (resolutionResult.didDocument === null) {\n resolutionResult = undefined\n }\n } else {\n console.log(`Agent resolver resolution is disabled. This typically isn't desirable!`)\n }\n if (!resolutionResult && this.localResolution) {\n console.log(`Using local DID resolution, looking at DIDs hosted by the agent.`)\n try {\n const did = didUrl.split('#')[0]\n const iIdentifier = await this.context.agent.didManagerGet({ did })\n resolutionResult = toDidResolutionResult(iIdentifier, { did })\n if (resolutionResult.didDocument) {\n err = undefined\n } else {\n console.log(`Local resolution resulted in a DID Document for ${did}`)\n }\n } catch (error: unknown) {\n if (!err) {\n err = error\n }\n }\n }\n if (resolutionResult) {\n if (!origResolutionResult) {\n origResolutionResult = resolutionResult\n }\n if (!resolutionResult.didDocument) {\n resolutionResult = undefined\n }\n }\n if (!resolutionResult && this.uniresolverResolution) {\n console.log(`Using universal resolver resolution for did ${didUrl} `)\n resolutionResult = await new UniResolver().resolve(didUrl, options)\n if (!origResolutionResult) {\n origResolutionResult = resolutionResult\n }\n if (resolutionResult.didDocument) {\n err = undefined\n }\n }\n\n if (err) {\n // throw original error\n throw err\n }\n if (!resolutionResult && !origResolutionResult) {\n throw `Could not resolve ${didUrl}. Resolutions tried: online: ${this.resolverResolution}, local: ${this.localResolution}, uni resolver: ${this.uniresolverResolution}`\n }\n return resolutionResult ?? origResolutionResult!\n }\n}\n\n/**\n * Please note that this is not an exact representation of the actual DID Document.\n *\n * We try to do our best, to map keys onto relevant verification methods and relationships, but we simply lack the context\n * of the actual DID method here. Do not relly on this method for DID resolution. It is only handy for offline use cases\n * when no DID Document is cached. For DID:WEB it does provide an accurate representation!\n *\n * @param identifier\n * @param opts\n */\nexport function toDidDocument(\n identifier?: IIdentifier,\n opts?: {\n did?: string\n use?: JwkKeyUse[]\n }\n): DIDDocument | undefined {\n let didDocument: DIDDocument | undefined = undefined\n // TODO: Introduce jwk thumbprints here\n if (identifier) {\n const did = identifier.did ?? opts?.did\n didDocument = {\n '@context': 'https://www.w3.org/ns/did/v1',\n id: did,\n verificationMethod: identifier.keys.map((key) => {\n const vm: VerificationMethod = {\n controller: did,\n id: key.kid.startsWith(did) && key.kid.includes('#') ? key.kid : `${did}#${key.kid}`,\n publicKeyJwk: toJwk(key.publicKeyHex, key.type, {\n use: ENC_KEY_ALGS.includes(key.type) ? JwkKeyUse.Encryption : JwkKeyUse.Signature,\n key,\n }) as JsonWebKey,\n type: 'JsonWebKey2020',\n }\n return vm\n }),\n ...((opts?.use === undefined || opts?.use?.includes(JwkKeyUse.Signature)) &&\n identifier.keys && {\n assertionMethod: identifier.keys\n .filter(\n (key) =>\n key?.meta?.purpose === undefined || key?.meta?.purpose === 'assertionMethod' || key?.meta?.purposes?.includes('assertionMethod')\n )\n .map((key) => {\n if (key.kid.startsWith(did) && key.kid.includes('#')) {\n return key.kid\n }\n return `${did}#${key.kid}`\n }),\n }),\n ...((opts?.use === undefined || opts?.use?.includes(JwkKeyUse.Signature)) &&\n identifier.keys && {\n authentication: identifier.keys\n .filter(\n (key) => key?.meta?.purpose === undefined || key?.meta?.purpose === 'authentication' || key?.meta?.purposes?.includes('authentication')\n )\n .map((key) => {\n if (key.kid.startsWith(did) && key.kid.includes('#')) {\n return key.kid\n }\n return `${did}#${key.kid}`\n }),\n }),\n ...((opts?.use === undefined || opts?.use?.includes(JwkKeyUse.Encryption)) &&\n identifier.keys && {\n keyAgreement: identifier.keys\n .filter((key) => key.type === 'X25519' || key?.meta?.purpose === 'keyAgreement' || key?.meta?.purposes?.includes('keyAgreement'))\n .map((key) => {\n if (key.kid.startsWith(did) && key.kid.includes('#')) {\n return key.kid\n }\n return `${did}#${key.kid}`\n }),\n }),\n ...((opts?.use === undefined || opts?.use?.includes(JwkKeyUse.Encryption)) &&\n identifier.keys && {\n capabilityInvocation: identifier.keys\n .filter(\n (key) => key.type === 'X25519' || key?.meta?.purpose === 'capabilityInvocation' || key?.meta?.purposes?.includes('capabilityInvocation')\n )\n .map((key) => {\n if (key.kid.startsWith(did) && key.kid.includes('#')) {\n return key.kid\n }\n return `${did}#${key.kid}`\n }),\n }),\n ...((opts?.use === undefined || opts?.use?.includes(JwkKeyUse.Encryption)) &&\n identifier.keys && {\n capabilityDelegation: identifier.keys\n .filter(\n (key) => key.type === 'X25519' || key?.meta?.purpose === 'capabilityDelegation' || key?.meta?.purposes?.includes('capabilityDelegation')\n )\n .map((key) => {\n if (key.kid.startsWith(did) && key.kid.includes('#')) {\n return key.kid\n }\n return `${did}#${key.kid}`\n }),\n }),\n ...(identifier.services && identifier.services.length > 0 && { service: identifier.services }),\n }\n }\n return didDocument\n}\n\nexport function toDidResolutionResult(\n identifier?: IIdentifier,\n opts?: {\n did?: string\n supportedMethods?: string[]\n }\n): DIDResolutionResult {\n const didDocument = toDidDocument(identifier, opts) ?? null // null is used in case of errors and required by the did resolution spec\n\n const resolutionResult: DIDResolutionResult = {\n '@context': 'https://w3id.org/did-resolution/v1',\n didDocument,\n didResolutionMetadata: {\n ...(!didDocument && { error: 'notFound' }),\n ...(Array.isArray(opts?.supportedMethods) &&\n identifier &&\n !opts?.supportedMethods.includes(identifier.provider.replace('did:', '')) && { error: 'unsupportedDidMethod' }),\n },\n didDocumentMetadata: {\n ...(identifier?.alias && { equivalentId: identifier?.alias }),\n },\n }\n return resolutionResult\n}\n\nexport async function asDidWeb(hostnameOrDID: string): Promise<string> {\n let did = hostnameOrDID\n if (!did) {\n throw Error('Domain or DID expected, but received nothing.')\n }\n if (did.startsWith('did:web:')) {\n return did\n }\n return `did:web:${did.replace(/https?:\\/\\/([^/?#]+).*/i, '$1').toLowerCase()}`\n}\n\n/**\n * @deprecated Replaced by the new signer service\n */\nexport const signDidJWT = async (args: SignJwtArgs): Promise<string> => {\n const { idOpts, header, payload, context, options } = args\n const jwtOptions = {\n ...options,\n signer: await getDidSigner({ idOpts, context }),\n }\n\n return createJWT(payload, jwtOptions, header)\n}\n\n/**\n * @deprecated Replaced by the new signer service\n */\nexport const getDidSigner = async (\n args: GetSignerArgs & {\n idOpts: {\n /**\n * @deprecated\n */\n identifier: IIdentifier | string\n /**\n * @deprecated\n */\n verificationMethodSection?: DIDDocumentSection\n /**\n * @deprecated\n */\n kmsKeyRef?: string\n }\n }\n): Promise<Signer> => {\n const { idOpts, context } = args\n\n const identifier = await legacyGetIdentifier(idOpts, context)\n const key = await getKey(\n {\n identifier,\n vmRelationship: idOpts.verificationMethodSection,\n kmsKeyRef: idOpts.kmsKeyRef,\n },\n context\n )\n const algorithm = await signatureAlgorithmFromKey({ key })\n\n return async (data: string | Uint8Array): Promise<string> => {\n const input = data instanceof Object.getPrototypeOf(Uint8Array) ? new TextDecoder().decode(data as Uint8Array) : (data as string)\n return await context.agent.keyManagerSign({\n keyRef: key.kid,\n algorithm,\n data: input,\n })\n }\n}\n","import type { TKeyType } from '@sphereon/ssi-sdk-ext.key-utils'\nimport type { IAgentContext, IDIDManager, IIdentifier, IKeyManager, IResolver } from '@veramo/core'\nimport type { JWTHeader, JWTPayload, JWTVerifyOptions } from 'did-jwt'\nimport type { Resolvable } from 'did-resolver'\n\nexport enum SupportedDidMethodEnum {\n DID_ETHR = 'ethr',\n DID_KEY = 'key',\n DID_LTO = 'lto',\n DID_ION = 'ion',\n DID_EBSI = 'ebsi',\n DID_JWK = 'jwk',\n DID_OYD = 'oyd',\n}\n\nexport enum IdentifierAliasEnum {\n PRIMARY = 'primary',\n}\n\nexport interface ResolveOpts {\n jwtVerifyOpts?: JWTVerifyOptions\n resolver?: Resolvable\n resolveUrl?: string\n noUniversalResolverFallback?: boolean\n subjectSyntaxTypesSupported?: string[]\n}\n\n/**\n * @deprecated Replaced by the identifier resolution service\n */\nexport interface IDIDOptions {\n resolveOpts?: ResolveOpts\n idOpts: LegacyIIdentifierOpts\n supportedDIDMethods?: string[]\n}\n\nexport type IdentifierProviderOpts = {\n type?: TKeyType\n use?: string\n method?: SupportedDidMethodEnum\n [x: string]: any\n}\n\nexport type CreateIdentifierOpts = {\n method: SupportedDidMethodEnum\n createOpts?: CreateIdentifierCreateOpts\n}\n\nexport type CreateIdentifierCreateOpts = {\n kms?: string\n alias?: string\n options?: IdentifierProviderOpts\n}\n\nexport type CreateOrGetIdentifierOpts = {\n method: SupportedDidMethodEnum\n createOpts?: CreateIdentifierCreateOpts\n}\n\nexport const DID_PREFIX = 'did:'\n\nexport interface GetOrCreateResult<T> {\n created: boolean\n result: T\n}\n\n/**\n * @deprecated Replaced by new signer\n */\nexport type SignJwtArgs = {\n idOpts: LegacyIIdentifierOpts\n header: Partial<JWTHeader>\n payload: Partial<JWTPayload>\n options: { issuer: string; expiresIn?: number; canonicalize?: boolean }\n context: IRequiredSignAgentContext\n}\n\n/**\n * @deprecated Replaced by new signer\n */\nexport type GetSignerArgs = {\n idOpts: LegacyIIdentifierOpts\n context: IRequiredSignAgentContext\n}\n\n/**\n * @deprecated Replaced by the identifier resolution service\n */\ntype LegacyIIdentifierOpts = {\n identifier: IIdentifier | string\n}\nexport type IRequiredSignAgentContext = IAgentContext<IKeyManager & IDIDManager & IResolver>\n"],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;ACAA,0BAA+B;AAC/B,4BAA4B;AAC5B,yBASO;AACP,IAAAA,sBAAmD;AACnD,qBAA0F;AAE1F,qBAAyC;AAEzC,mBASO;AACP,qBAAkC;AAGlC,sBAAqB;AAErB,UAAqB;;;AC3Bd,IAAKC,yBAAAA,yBAAAA,yBAAAA;;;;;;;;SAAAA;;AAUL,IAAKC,sBAAAA,yBAAAA,sBAAAA;;SAAAA;;AA4CL,IAAMC,aAAa;;;ADzB1B,IAAM,EAAEC,YAAYC,SAAQ,IAAKC;AAc1B,IAAMC,uBAAuB,8BAClC,EACEC,YACAC,4BACAC,8BACAC,SACAC,cAAa,GAQfC,YAAAA;AAEA,SAAO,MAAMC,wBACX;IACEN;IACAC;IACAC;IACAC;IACAC;IACAG,gBAAgB;EAClB,GACAF,OAAAA;AAEJ,GA3BoC;AA4B7B,IAAMC,0BAA0B,8BACrC,EACEN,YACAC,4BACAC,8BACAC,SACAC,eACAG,eAAc,GAShBF,YAAAA;AAEA,MAAIG,MAAiCC;AACrC,MAAI;AACFD,UACG,MAAME,kCACL;MACEV;MACAO;MACAI,iBAAiB;MACjBR;MACAC;IACF,GACAC,OAAAA,MAEDH,gCAAgCK,mBAAmB,uBAChDE,SACA,MAAMC,kCACJ;MACEV;MACAO,gBAAgB;MAChBI,iBAAiB;MACjBR;MACAC;IACF,GACAC,OAAAA;EAEV,SAASO,GAAG;AACV,QAAIA,aAAaC,OAAO;AACtB,UAAI,CAACD,EAAEE,QAAQC,SAAS,KAAA,KAAU,CAACd,4BAA4B;AAC7D,cAAMW;MACR;IACF,OAAO;AACL,YAAMA;IACR;EACF;AACA,MAAI,CAACJ,OAAOP,4BAA4B;AACtC,UAAMe,aAAaC,cAAcjB,UAAAA;AACjCQ,UACG,MAAME,kCACL;MACEV;MACAO;MACAI,iBAAiB;MACjBO,aAAaF;MACbb;MACAC;IACF,GACAC,OAAAA,MAEDH,gCAAgCK,mBAAmB,uBAChDE,SACA,MAAMC,kCACJ;MACEV;MACAO,gBAAgB;MAChBI,iBAAiB;MACjBO,aAAaF;MACbb;MACAC;IACF,GACAC,OAAAA;AAER,QAAI,CAACG,KAAK;AACRA,YAAMR,WAAWmB,KACdC,IAAI,CAACZ,SAAQA,IAAAA,EACba,OAAO,CAACb,SAAQL,YAAYM,UAAaD,KAAIc,SAASnB,WAAYC,iBAAiBI,KAAIe,QAAQvB,WAAWwB,eAAe,EACzHC,KAAK,CAACjB,SAAQA,KAAIkB,KAAKC,oBAAoBL,KAAKP,SAAS,gBAAA,KAAqBP,KAAIkB,KAAKE,UAAUb,SAAS,gBAAA,CAAA;IAC/G;EACF;AACA,MAAI,CAACP,KAAK;AACR,UAAMK,MAAM,6CAA6Cb,WAAW6B,GAAG,EAAE;EAC3E;AACA,SAAOrB;AACT,GA1FuC;AA4FhC,IAAMsB,+BAA+B,8BAC1CzB,SACA0B,SAAAA;AAEA,QAAMC,oBAAoB,MAAMC,qBAAqB5B,SAAS;IAAE,GAAG0B,MAAMG,YAAYC;IAAS,GAAIJ,MAAMK,UAAU;MAAEA,QAAQL,KAAKK;IAAO;EAAG,CAAA;AAC3I,MAAIJ,sBAAsBvB,QAAW;AACnC,WAAO;MACL4B,SAAS;MACTC,QAAQN;IACV;EACF;AAEA,MAAID,MAAMK,WAAWG,uBAAuBC,SAAS;AACnD,UAAMN,aAAaH,MAAMG,cAAc,CAAC;AACxCA,eAAWC,UAAU;MAAEM,WAAW;MAAQnB,MAAM;MAAa,GAAGY;IAAW;AAC3EH,SAAKG,aAAaA;EACpB;AACA,QAAMQ,oBAAoB,MAAMC,iBAAiBtC,SAAS0B,IAAAA;AAC1D,SAAO;IACLM,SAAS;IACTC,QAAQI;EACV;AACF,GAtB4C;AAwBrC,IAAMT,uBAAuB,8BAAO5B,SAAqC0B,SAAAA;AAC9E,QAAMa,eAAe,MAAMvC,QAAQwC,MAAMC,eAAef,MAAMK,SAAS;IAAEW,UAAU,GAAGC,UAAAA,GAAajB,MAAMK,MAAAA;EAAS,IAAI,CAAC,CAAA,GAAIf,OACzH,CAACrB,eAA4B+B,MAAMT,SAASb,UAAaT,WAAWmB,KAAK8B,KAAK,CAACzC,QAAcA,IAAIc,SAASS,MAAMT,IAAAA,CAAAA;AAGlH,SAAOsB,eAAeA,YAAYM,SAAS,IAAIN,YAAY,CAAA,IAAKnC;AAClE,GANoC;AAQ7B,IAAMkC,mBAAmB,8BAAOtC,SAAqC0B,SAAAA;AAC1E,SAAO,MAAM1B,QAAQwC,MAAMM,iBAAiB;IAC1CC,KAAK,UAAMC,2BAAOhD,SAAS0B,MAAMG,YAAYkB,GAAAA;IAC7C,GAAIrB,MAAMK,UAAU;MAAEW,UAAU,GAAGC,UAAAA,GAAajB,MAAMK,MAAAA;IAAS;IAC/DkB,OAAOvB,MAAMG,YAAYoB,SAAS,GAAGC,oBAAoBC,OAAO,IAAIzB,MAAMK,MAAAA,IAAUL,MAAMG,YAAYC,SAASb,IAAAA,KAAQ,oBAAImC,KAAAA,GAAOC,QAAO,CAAA;IACzIvB,SAASJ,MAAMG,YAAYC;EAC7B,CAAA;AACF,GAPgC;AASzB,IAAMzB,oCAAoC,8BAC/C,EACEV,YACAO,iBAAiB,sBACjBJ,SACAQ,kBAAkB,OAClBO,aACAd,cAAa,GASfC,YAAAA;AAEA,QAAMsD,cAAc,MAAMC,qCAAqC;IAAE5D;IAAYO;IAAgBW;EAAY,GAAGb,OAAAA;AAC5G,MAAIwD,MAAMC,QAAQH,WAAAA,KAAgBA,YAAYT,SAAS,GAAG;AACxD,UAAMZ,SAASqB,YAAYlC,KACzB,CAACjB,QAAQL,YAAYM,UAAaD,IAAIc,SAASnB,WAAYC,iBAAiBI,IAAIe,QAAQvB,WAAWwB,eAAe;AAEpH,QAAIc,QAAQ;AACV,aAAOA;IACT;EACF;AACA,MAAI3B,iBAAiB;AACnB,UAAM,IAAIE,MACR,wCAAwCN,cAAAA,wBAAsCP,WAAW6B,GAAG,GAAG1B,UAAU,oBAAoBA,UAAU,EAAA,EAAI;EAE/I;AACA,SAAOM;AACT,GAjCiD;AAmC1C,IAAMsD,4BAA4B,wBAAC,EAAEvD,IAAG,MAAiB;AAC9D,MAAIA,IAAIc,SAAS,aAAa;AAC5B,UAAMT,MAAM,+DAA+DL,IAAIc,IAAI,gBAAgBd,IAAIe,GAAG,EAAE;EAC9G;AACA,QAAMyC,kBAAkBxD,IAAIkB,MAAMsC,mBAAmBxD,IAAIkB,MAAMuC,SAASC,YAAAA,SAAiBC,oCAAe,KAAK3D,IAAI4D,YAAY,EAAE,EAAEF,YAAW;AAC5I,MAAI,CAACF,iBAAiB;AACpB,UAAMnD,MAAM,mEAAmEL,IAAIe,GAAG,EAAE;EAC1F;AACA,SAAOyC;AACT,GATyC;AAWlC,IAAMK,mBAAmB,wBAAC,EAAErE,WAAU,MAA+B;AAC1E,QAAMQ,MAAMR,WAAWmB,KAAKM,KAAK,CAACjB,SAAQA,KAAIe,QAAQvB,WAAWwB,eAAe;AAChF,MAAI,CAAChB,KAAK;AACR,UAAMK,MAAM,+CAA+Cb,UAAAA,EAAY;EACzE;AACA,SAAOQ;AACT,GANgC;AAQzB,IAAM8D,UAAU,wBAAC,EACtBC,eACAnB,KACApD,YACAwE,WACArE,SACAC,cAAa,MAQd;AACC,SAAOJ,WAAWmB,KACfE,OAAO,CAACb,QAAQ,CAACL,WAAWK,IAAIc,SAASnB,OAAAA,EACzCkB,OAAO,CAACb,QAAQ,CAAC4C,OAAO5C,IAAI4C,QAAQA,GAAAA,EACpC/B,OAAO,CAACb,QAAQ,CAACgE,aAAahE,IAAIe,QAAQiD,SAAAA,EAC1CnD,OAAO,CAACb,QAAQ,CAAC+D,iBAAiB/D,IAAIkB,MAAM6C,kBAAkBA,aAAAA,EAC9DlD,OAAO,CAACb,QAAQ,CAACJ,iBAAiBJ,WAAWwB,oBAAoBhB,IAAIe,GAAG;AAC7E,GArBuB;AAkCvB,eAAsBkD,iCACpBvD,aACAwD,UAA8B,gBAC9BrE,SAAiC;AAEjC,QAAMsE,UAAUD,YAAY;AAC5B,MAAIA,YAAY,WAAW;AACzB,WAAO,CAAA;EACT;AACA,UACE,MAAME,QAAQC,KACX3D,YAAYwD,OAAAA,KAAY,CAAA,GAAItD,IAAI,OAAOZ,QAAAA;AACtC,QAAI,OAAOA,QAAQ,UAAU;AAC3B,UAAI;AACF,eAAQ,MAAMH,QAAQwC,MAAMiC,oBAAoB;UAC9C5D;UACA6D,QAAQvE;UACRkE;QACF,CAAA;MACF,SAAS9D,GAAG;AACV,eAAO;MACT;IACF,OAAO;AACL,aAAOJ;IACT;EACF,CAAA,CAAA,GAGDa,OAAO2D,sBAAAA,EACP5D,IAAI,CAACZ,QAAAA;AACJ,UAAMyE,SAASC,kCAAkC1E,KAAKmE,OAAAA;AACtD,UAAM,EAAEP,cAAce,iBAAiBC,iBAAiBC,cAAc,GAAGC,SAAAA,IAAa9E;AACtF,UAAM+E,SAAS;MAAE,GAAGD;MAAUlB,cAAca;IAAO;AACnD,QAAIN,WAAW,iCAAiCY,OAAOjE,MAAM;AAC3DiE,aAAOjE,OAAO;IAChB;AACA,WAAOiE;EACT,CAAA;AACJ;AAtCsBd;AAwCf,SAASe,mBAAmBC,KAAQ;AAGzC,QAAMC,KAAkC;IACtCL,kBAAcM,iCAAaF,GAAAA;EAC7B;AACA,SAAOP,kCAAkCQ,EAAAA;AAC3C;AAPgBF;AAkBT,SAASN,kCAAkCU,IAAiCjB,UAAU,OAAK;AAChG,MAAIiB,GAAGP,cAAc;AACnB,UAAMI,UAAME,iCAAaC,GAAGP,YAAY;AACxC,QAAII,IAAII,QAAQ,MAAM;AACpB,YAAMC,QAAQL,IAAIM,MAAMC,aAAaP,IAAIM,GAAG,IAAI;AAChD,YAAME,WAAOC,iCAAYT,IAAIU,GAAI,WAAA;AACjC,YAAMC,WAAOF,iCAAYT,IAAIY,GAAI,WAAA;AACjC,YAAMC,SAAS;AAGf,YAAMC,MAAM,GAAGD,MAAAA,GAASL,IAAAA,GAAOG,IAAAA;AAC/B,UAAI;AACF,cAAMI,KAAK,IAAIC,gBAAAA,QAASD,GAAGV,KAAAA;AAE3B,cAAM1B,eAAeoC,GAAGE,cAAcH,KAAK,KAAA,EAAOI,UAAU,MAAM,KAAA;AAElE,eAAOvC;MACT,SAASwC,OAAY;AACnBC,gBAAQD,MAAM,+CAA+Cd,KAAAA,wBAA6BL,IAAIU,CAAC,QAAQV,IAAIY,CAAC,YAAYO,KAAAA,IAASA,KAAAA;MACnI;IACF,WAAWnB,IAAIM,QAAQ,WAAW;AAChC,aAAOlG,SAASD,WAAW6F,IAAIU,GAAI,WAAA,GAAc,QAAA;IACnD,WAAWV,IAAII,QAAQ,OAAO;AAC5B,iBAAOiB,2CAAsBrB,KAAK,QAAA;IACpC;EACF;AAEA,SAAOsB,oBAAoBnB,IAAIjB,OAAAA;AACjC;AA5BgBO;AA8BT,SAAS8B,gBAAgBT,KAAW;AACzC,QAAMU,WAAWV,IAAIA,IAAIrD,SAAS,CAAA,EAAGgB,YAAW;AAChD,SAAO;IAAC;IAAK;IAAK;IAAK;IAAK;IAAK;IAAK;IAAK;IAAKnD,SAASkG,QAAAA;AAC3D;AAHgBD;AAkBT,SAASD,oBAAoBnB,IAAiCjB,UAAmB,OAAK;AAC3F,MAAIuC,WAAWC,sBAAsBvB,EAAAA;AACrC,QAAMH,MAAMG,GAAGP,mBAAeM,iCAAaC,GAAGP,YAAY,IAAI5E;AAC9D,MAAIkE,SAAS;AACX,QACE;MAAC;MAAW;MAA8B;MAA8B5D,SAAS6E,GAAGtE,IAAI,KACvFsE,GAAGtE,SAAS,oBAAoBmE,KAAKM,QAAQ,WAC9C;AACAmB,qBAAWE,yCAAyBF,QAAAA;IACtC,WACE,CAAC;MAAC;MAAU;MAA6B;MAA6BnG,SAAS6E,GAAGtE,IAAI,KACtF,EAAEsE,GAAGtE,SAAS,oBAAoBmE,KAAKM,QAAQ,WAC/C;AACA,aAAO;IACT;EACF;AACA,aAAOsB,2BAAWH,QAAAA;AACpB;AAjBgBH;AAmBhB,SAASf,aAAasB,OAAa;AACjC,SAAOA,MAAMpD,YAAW,EAAGqD,QAAQ,KAAK,EAAA,EAAIA,QAAQ,KAAK,EAAA;AAC3D;AAFSvB;AAIT,SAASmB,sBAAsBvB,IAAsB;AACnD,MAAIA,GAAGT,iBAAiB;AACtB,eAAOqC,8BAAc5B,GAAGT,eAAe;EACzC,WAAWS,GAAG6B,oBAAoB;AAChC,eAAOC,oCAAoB9B,GAAG6B,kBAAkB;EAClD,WAAsC7B,GAAIR,iBAAiB;AACzD,eAAOuC,8BAAyC/B,GAAIR,eAAe;EACrE,WAAWQ,GAAGxB,cAAc;AAC1B,eAAOwD,2BAAWhC,GAAGxB,YAAY;EACnC,WAAWwB,GAAGP,cAAcU,OAAOH,GAAGP,aAAac,KAAKP,GAAGP,aAAagB,GAAG;AACzE,eAAOuB,2BAAW1C,kCAAkCU,EAAAA,CAAAA;EACtD,WAAWA,GAAGP,iBAAiBO,GAAGP,aAAaU,QAAQ,aAAaH,GAAGP,aAAaU,QAAQ,aAAaH,GAAGP,aAAac,GAAG;AAC1H,eAAOwB,8BAAc/B,GAAGP,aAAac,CAAC;EACxC;AACA,SAAO,IAAI0B,WAAAA;AACb;AAfSV;AAiBF,SAASW,wBAAwBpC,IAAsB;AAC5D,MAAID,MAAuBC,GAAGL;AAC9B,MAAI,CAACI,KAAK;AACR,QAAIrB,eAAesB,GAAGtB,gBAAgBvE,SAASsH,sBAAsBzB,EAAAA,GAAK,KAAA;AAC1ED,cAAMsC,0BAAM3D,kBAAc4D,kDAA8B;MAAEjC,KAAKL,GAAGpE;IAAK,CAAA,CAAA;EACzE;AACA,MAAI,CAACmE,KAAK;AACR,UAAM5E,MAAM,8CAA8C;EAC5D;AACA4E,MAAIlE,MAAMmE,GAAGuC;AACb,aAAOtC,iCAAaF,GAAAA;AACtB;AAXgBqC;AAahB,SAASI,yBACPC,oBACAC,8BACAC,qBAA0C;AAE1C,QAAMC,OAAO,IAAIC,KACdH,gCAAgC,CAAA,GAC9BhH,IAAI,CAACoH,WAAY,OAAOA,WAAW,WAAWA,SAASH,qBAAqB5G,KAAK,CAACiE,OAAOA,GAAGuC,OAAOO,MAAAA,CAAAA,EACnGnH,OAAO2D,sBAAAA,EACP5D,IAAI,CAACsE,OAAOoC,wBAAwBpC,EAAAA,CAAAA,CAAAA;AAEzC,SAAO;IAAEyC;IAAoBG,MAAMzE,MAAM4E,KAAKH,IAAAA;EAAM;AACtD;AAZSJ;AAgBF,SAASQ,kBAAkBxH,aAAwB;AACxD,SAAO;IACLS,oBAAoB;SACfuG,yBAAyB,aAAahH,YAAYyH,WAAWzH,YAAYS,kBAAkB,EAAE2G;SAC7FJ,yBAAyB,sBAAsBhH,YAAYS,oBAAoBT,YAAYS,kBAAkB,EAAE2G;;IAEpHM,iBAAiBV,yBAAyB,mBAAmBhH,YAAY0H,iBAAiB1H,YAAYS,kBAAkB,EAAE2G;IAC1HO,gBAAgBX,yBAAyB,kBAAkBhH,YAAY2H,gBAAgB3H,YAAYS,kBAAkB,EAAE2G;IACvHQ,cAAcZ,yBAAyB,gBAAgBhH,YAAY4H,cAAc5H,YAAYS,kBAAkB,EAAE2G;IACjHS,sBAAsBb,yBAAyB,wBAAwBhH,YAAY6H,sBAAsB7H,YAAYS,kBAAkB,EAAE2G;IACzIU,sBAAsBd,yBAAyB,wBAAwBhH,YAAY8H,sBAAsB9H,YAAYS,kBAAkB,EAAE2G;EAC3I;AACF;AAZgBI;AA+BhB,eAAsB9E,qCACpB,EACE5D,YACAO,iBAAiB,sBACjBW,aACAsD,UAAS,GAOXnE,SAA+C;AAE/C,QAAM4I,SACJ/H,eACC,MAAMgI,iBAAiB7I,OAAAA,EACrB8I,QAAQnJ,WAAW6B,GAAG,EACtBuH,KAAK,CAAC9G,WAAWA,OAAOpB,WAAW;AACxC,MAAI,CAAC+H,QAAQ;AACX,UAAMpI,MAAM,yBAAyBb,WAAW6B,GAAG,EAAE;EACvD;AAKA,QAAMV,OAAO8H,SAAS,CAAA,IAAK,UAAMI,qCAAuBrJ,YAAYO,gBAAgBF,OAAAA;AAGpF,QAAMiJ,eAAqC,MAAM7E,iCAAiCwE,QAAQ1I,gBAAgBF,OAAAA;AAE1G,MAAImE,WAAW;AACb,QAAI+E,QAAQpI,KAAKE,OAAO,CAACb,QAAQA,IAAIe,QAAQiD,SAAAA;AAC7C,QAAI+E,MAAMrG,SAAS,GAAG;AACpB,aAAOqG;IACT;EACF;AAEA,QAAMC,YAAYjJ,mBAAmB,qBAAiBkJ,8CAAgCzJ,UAAAA,QAAc0J,8CAAgC1J,UAAAA;AAGpI,QAAM2J,eAAgCL,aACnClI,IAAI,CAACO,uBAAAA;AAIJ,UAAMiI,WAAWJ,UAAU/H,KACzB,CAACmI,cACCA,UAASxF,iBAAiBzC,mBAAmByC,gBAC7CzC,mBAAmByC,cAAcyF,WAAWD,UAASxF,YAAY,KACjE0F,2BAA2BF,WAAUjI,kBAAAA,CAAAA;AAEzC,QAAIiI,UAAU;AACZ,YAAM,EAAElI,MAAM,GAAGqI,WAAAA,IAAeH;AAChC,aAAO;QAAE,GAAGG;QAAYrI,MAAM;UAAE,GAAGA;UAAMC;QAAmB;MAAE;IAChE,OAAO;AACL,aAAO;IACT;EACF,CAAA,EACCN,OAAO2D,sBAAAA;AAEV,SAAOnB,MAAM4E,KAAK,IAAIF,IAAIpH,KAAK6I,OAAOL,YAAAA,CAAAA,CAAAA;AACxC;AA9DsB/F;AA4EtB,SAASkG,2BAA2BF,UAAgBjI,oBAAsC;AACxF,MACGA,mBAAmBL,SAAS,sCAAsCK,mBAAmBL,SAAS,uCAC/FsI,SAAStI,SAAS,aAClB;AACA,WAAO;EACT;AACA,MAAI2I,gBAAYC,iCAAmBvI,kBAAAA;AACnC,MAAIiI,SAASlI,MAAMuC,SAAS;AAC1B,WAAOgG,cAAcL,SAASlI,MAAMuC,QAAQC,YAAAA;EAC9C;AACA,QAAMiG,mBAAehG,oCAAe,OAAOyF,SAASxF,YAAY,EAAEF,YAAW;AAC7E,SAAOiG,iBAAiBF;AAC1B;AAbSH;AAeT,eAAsBM,mBAAmB/J,SAAmC;AAC1E,UAAQ,MAAMA,QAAQwC,MAAMwH,uBAAsB,GAAIjJ,IAAI,CAAC2B,aAAaA,SAASmB,YAAW,EAAGqD,QAAQ,QAAQ,EAAA,CAAA;AACjH;AAFsB6C;AAIf,SAASE,OAAOC,QAA4C;AACjE,MAAI,OAAOA,OAAOvK,eAAe,UAAU;AACzC,WAAOuK,OAAOvK;EAChB,WAAW,OAAOuK,OAAOvK,eAAe,UAAU;AAChD,WAAOuK,OAAOvK,WAAW6B;EAC3B;AACA,QAAMhB,MAAM,sCAAsC;AACpD;AAPgByJ;AAST,SAASE,MAAMxK,YAAuD;AAC3E,MAAI,OAAOA,eAAe,UAAU;AAClC,WAAOA;EACT;AACA,MAAIA,WAAW6B,KAAK;AAClB,WAAO7B,WAAW6B;EACpB;AACA,QAAMhB,MAAM,oCAAoC;AAClD;AARgB2J;AAUT,SAASC,OAAO7H,aAA6D;AAClF,MAAI,CAACA,aAAa;AAChB,WAAO,CAAA;EACT;AACA,SAAOA,YAAYxB,IAAIoJ,KAAAA;AACzB;AALgBC;AAOhB,eAAsBC,OACpB,EACE1K,YACAO,iBAAiB,kBACjBiE,UAAS,GAMXnE,SAA+C;AAE/C,MAAI,CAACL,YAAY;AACf,WAAO4E,QAAQ+F,OAAO,IAAI9J,MAAM,0CAA0C,CAAA;EAC5E;AAEA,QAAM+J,iBAAiBpG,WAAWqG,MAAM,GAAG;AAC3C,QAAMtJ,MAAMqJ,iBAAkBA,gBAAgB1H,WAAW,IAAI0H,eAAe,CAAA,IAAKA,eAAe,CAAA,IAAMnK;AAGtG,MAAIqK,gBAA2CrK;AAE/C,QAAMU,OAAO,MAAMyC,qCAAqC;IAAE5D;IAAYO;IAAgCiE;EAAqB,GAAGnE,OAAAA;AAC9H,MAAI,CAACc,QAAQA,KAAK+B,WAAW,GAAG;AAC9B,UAAM,IAAIrC,MAAM,gDAAgDN,cAAAA,YAA0BP,WAAW6B,GAAG,EAAE;EAC5G;AACA,MAAI2C,WAAW;AACbsG,oBAAgB3J,KAAKM,KACnB,CAACjB,QAAuBA,IAAIkB,KAAKC,oBAAoBsG,OAAOzD,aAAcjD,OAAOf,IAAIkB,KAAKC,oBAAoBsG,IAAIlH,SAASQ,GAAAA,CAAAA;EAE/H;AACA,MAAI,CAACuJ,eAAe;AAClBA,oBAAgB3J,KAAKM,KACnB,CAACjB,QAAuBA,IAAIkB,KAAKC,oBAAoBL,SAASf,kBAAkBC,IAAIkB,KAAKE,UAAUb,SAASR,cAAAA,CAAAA;EAEhH;AACA,MAAI,CAACuK,eAAe;AAClBA,oBAAgB3J,KAAK,CAAA;EACvB;AAEA,MAAI,CAAC2J,eAAe;AAClB,UAAM,IAAIjK,MACR,8DAA8D2D,SAAAA,mBAA4BjE,cAAAA,WAAyBP,WAAW6B,GAAG,EAAE;EAEvI;AAEA,SAAOiJ;AACT;AA/CsBJ;AAwDtB,eAAeK,oBACb,EACE/K,WAAU,GAIZK,SAAmC;AAEnC,MAAI,OAAOL,eAAe,UAAU;AAClC,WAAO,MAAMK,QAAQwC,MAAMmI,cAAc;MAAEnJ,KAAK7B;IAAW,CAAA;EAC7D;AACA,SAAOA;AACT;AAZe+K;AAoBf,eAAsBE,aACpB,EACEzK,KACA+J,OAAM,GAKRlK,SAA+C;AAE/C,MAAIG,IAAIkB,MAAMC,oBAAoBsG,IAAI;AACpC,WAAOzH,IAAIkB,MAAMC,oBAAoBsG;EACvC;AACA,QAAMjI,aAAa,MAAM+K,oBAAoBR,QAAQlK,OAAAA;AACrD,QAAM6K,aAAa,MAAMtH,qCACvB;IACE5D;IACAO,gBAAgB;EAClB,GACAF,OAAAA;AAEF,QAAM8K,QAAQD,WAAWzJ,KAAK,CAAC2J,gBAAgBA,YAAY7J,QAAQf,IAAIe,GAAG;AAC1E,MAAI4J,OAAO;AACT,WAAOA,MAAMzJ,MAAMC,oBAAoBsG,MAAMkD,MAAMzJ,MAAM6C,iBAAiBgG,OAAO/F,aAAa2G,MAAM5J;EACtG;AAEA,SAAOf,IAAIkB,MAAM6C,iBAAiBgG,OAAO/F,aAAahE,IAAIe;AAC5D;AA3BsB0J;AA6BtB,eAAsBI,uBAAuBC,SAAsBjL,SAAmC;AACpG,SAAOiL,QAAQC,uBAAwB,MAAMnB,mBAAmB/J,OAAAA;AAClE;AAFsBgL;AAIf,SAASnC,iBACd7I,SACA0B,MAIC;AAED,SAAO,IAAIyJ,iBAAiBnL,SAAS0B,IAAAA;AACvC;AATgBmH;AAWT,IAAMsC,mBAAN,MAAMA;EAxuBb,OAwuBaA;;;EACMnL;EACAoL;EACAC;EACAC;EAEjBC,YACEvL,SACA0B,MACA;AACA,SAAK1B,UAAUA;AACf,SAAKoL,qBAAqB1J,MAAM0J,uBAAuB;AACvD,SAAKC,wBAAwB3J,MAAM2J,0BAA0B;AAC7D,SAAKC,kBAAkB5J,MAAM4J,oBAAoB;EACnD;EAEA,MAAMxC,QAAQpE,QAAgB5C,SAA8D;AAC1F,QAAI0J;AACJ,QAAIC;AACJ,QAAIC;AACJ,QAAI,CAAC,KAAKN,sBAAsB,CAAC,KAAKE,mBAAmB,CAAC,KAAKD,uBAAuB;AACpF,YAAM7K,MAAM,6HAA6H;IAC3I;AACA,QAAI,KAAK4K,oBAAoB;AAC3B,UAAI;AACFI,2BAAmB,MAAM,KAAKxL,QAAQwC,MAAMmJ,WAAW;UAAEjH;UAAQ5C;QAAQ,CAAA;MAC3E,SAASyE,OAAgB;AACvBmF,cAAMnF;MACR;IACF;AACA,QAAIiF,kBAAkB;AACpBC,6BAAuBD;AACvB,UAAIA,iBAAiB3K,gBAAgB,MAAM;AACzC2K,2BAAmBpL;MACrB;IACF,OAAO;AACLoG,cAAQoF,IAAI,wEAAwE;IACtF;AACA,QAAI,CAACJ,oBAAoB,KAAKF,iBAAiB;AAC7C9E,cAAQoF,IAAI,kEAAkE;AAC9E,UAAI;AACF,cAAMpK,MAAMkD,OAAO8F,MAAM,GAAA,EAAK,CAAA;AAC9B,cAAMqB,cAAc,MAAM,KAAK7L,QAAQwC,MAAMmI,cAAc;UAAEnJ;QAAI,CAAA;AACjEgK,2BAAmBM,sBAAsBD,aAAa;UAAErK;QAAI,CAAA;AAC5D,YAAIgK,iBAAiB3K,aAAa;AAChC6K,gBAAMtL;QACR,OAAO;AACLoG,kBAAQoF,IAAI,mDAAmDpK,GAAAA,EAAK;QACtE;MACF,SAAS+E,OAAgB;AACvB,YAAI,CAACmF,KAAK;AACRA,gBAAMnF;QACR;MACF;IACF;AACA,QAAIiF,kBAAkB;AACpB,UAAI,CAACC,sBAAsB;AACzBA,+BAAuBD;MACzB;AACA,UAAI,CAACA,iBAAiB3K,aAAa;AACjC2K,2BAAmBpL;MACrB;IACF;AACA,QAAI,CAACoL,oBAAoB,KAAKH,uBAAuB;AACnD7E,cAAQoF,IAAI,+CAA+ClH,MAAAA,GAAS;AACpE8G,yBAAmB,MAAM,IAAIO,kCAAAA,EAAcjD,QAAQpE,QAAQ5C,OAAAA;AAC3D,UAAI,CAAC2J,sBAAsB;AACzBA,+BAAuBD;MACzB;AACA,UAAIA,iBAAiB3K,aAAa;AAChC6K,cAAMtL;MACR;IACF;AAEA,QAAIsL,KAAK;AAEP,YAAMA;IACR;AACA,QAAI,CAACF,oBAAoB,CAACC,sBAAsB;AAC9C,YAAM,qBAAqB/G,MAAAA,gCAAsC,KAAK0G,kBAAkB,YAAY,KAAKE,eAAe,mBAAmB,KAAKD,qBAAqB;IACvK;AACA,WAAOG,oBAAoBC;EAC7B;AACF;AAYO,SAAS7K,cACdjB,YACA+B,MAGC;AAED,MAAIb,cAAuCT;AAE3C,MAAIT,YAAY;AACd,UAAM6B,MAAM7B,WAAW6B,OAAOE,MAAMF;AACpCX,kBAAc;MACZ,YAAY;MACZ+G,IAAIpG;MACJF,oBAAoB3B,WAAWmB,KAAKC,IAAI,CAACZ,QAAAA;AACvC,cAAMkF,KAAyB;UAC7B2G,YAAYxK;UACZoG,IAAIzH,IAAIe,IAAIsI,WAAWhI,GAAAA,KAAQrB,IAAIe,IAAIR,SAAS,GAAA,IAAOP,IAAIe,MAAM,GAAGM,GAAAA,IAAOrB,IAAIe,GAAG;UAClF8D,kBAAc0C,0BAAMvH,IAAI4D,cAAc5D,IAAIc,MAAM;YAC9CgL,KAAKC,gCAAaxL,SAASP,IAAIc,IAAI,IAAIkL,6BAAUC,aAAaD,6BAAUE;YACxElM;UACF,CAAA;UACAc,MAAM;QACR;AACA,eAAOoE;MACT,CAAA;MACA,IAAK3D,MAAMuK,QAAQ7L,UAAasB,MAAMuK,KAAKvL,SAASyL,6BAAUE,SAAS,MACrE1M,WAAWmB,QAAQ;QACjByH,iBAAiB5I,WAAWmB,KACzBE,OACC,CAACb,QACCA,KAAKkB,MAAMiL,YAAYlM,UAAaD,KAAKkB,MAAMiL,YAAY,qBAAqBnM,KAAKkB,MAAME,UAAUb,SAAS,iBAAA,CAAA,EAEjHK,IAAI,CAACZ,QAAAA;AACJ,cAAIA,IAAIe,IAAIsI,WAAWhI,GAAAA,KAAQrB,IAAIe,IAAIR,SAAS,GAAA,GAAM;AACpD,mBAAOP,IAAIe;UACb;AACA,iBAAO,GAAGM,GAAAA,IAAOrB,IAAIe,GAAG;QAC1B,CAAA;MACJ;MACF,IAAKQ,MAAMuK,QAAQ7L,UAAasB,MAAMuK,KAAKvL,SAASyL,6BAAUE,SAAS,MACrE1M,WAAWmB,QAAQ;QACjB0H,gBAAgB7I,WAAWmB,KACxBE,OACC,CAACb,QAAQA,KAAKkB,MAAMiL,YAAYlM,UAAaD,KAAKkB,MAAMiL,YAAY,oBAAoBnM,KAAKkB,MAAME,UAAUb,SAAS,gBAAA,CAAA,EAEvHK,IAAI,CAACZ,QAAAA;AACJ,cAAIA,IAAIe,IAAIsI,WAAWhI,GAAAA,KAAQrB,IAAIe,IAAIR,SAAS,GAAA,GAAM;AACpD,mBAAOP,IAAIe;UACb;AACA,iBAAO,GAAGM,GAAAA,IAAOrB,IAAIe,GAAG;QAC1B,CAAA;MACJ;MACF,IAAKQ,MAAMuK,QAAQ7L,UAAasB,MAAMuK,KAAKvL,SAASyL,6BAAUC,UAAU,MACtEzM,WAAWmB,QAAQ;QACjB2H,cAAc9I,WAAWmB,KACtBE,OAAO,CAACb,QAAQA,IAAIc,SAAS,YAAYd,KAAKkB,MAAMiL,YAAY,kBAAkBnM,KAAKkB,MAAME,UAAUb,SAAS,cAAA,CAAA,EAChHK,IAAI,CAACZ,QAAAA;AACJ,cAAIA,IAAIe,IAAIsI,WAAWhI,GAAAA,KAAQrB,IAAIe,IAAIR,SAAS,GAAA,GAAM;AACpD,mBAAOP,IAAIe;UACb;AACA,iBAAO,GAAGM,GAAAA,IAAOrB,IAAIe,GAAG;QAC1B,CAAA;MACJ;MACF,IAAKQ,MAAMuK,QAAQ7L,UAAasB,MAAMuK,KAAKvL,SAASyL,6BAAUC,UAAU,MACtEzM,WAAWmB,QAAQ;QACjB4H,sBAAsB/I,WAAWmB,KAC9BE,OACC,CAACb,QAAQA,IAAIc,SAAS,YAAYd,KAAKkB,MAAMiL,YAAY,0BAA0BnM,KAAKkB,MAAME,UAAUb,SAAS,sBAAA,CAAA,EAElHK,IAAI,CAACZ,QAAAA;AACJ,cAAIA,IAAIe,IAAIsI,WAAWhI,GAAAA,KAAQrB,IAAIe,IAAIR,SAAS,GAAA,GAAM;AACpD,mBAAOP,IAAIe;UACb;AACA,iBAAO,GAAGM,GAAAA,IAAOrB,IAAIe,GAAG;QAC1B,CAAA;MACJ;MACF,IAAKQ,MAAMuK,QAAQ7L,UAAasB,MAAMuK,KAAKvL,SAASyL,6BAAUC,UAAU,MACtEzM,WAAWmB,QAAQ;QACjB6H,sBAAsBhJ,WAAWmB,KAC9BE,OACC,CAACb,QAAQA,IAAIc,SAAS,YAAYd,KAAKkB,MAAMiL,YAAY,0BAA0BnM,KAAKkB,MAAME,UAAUb,SAAS,sBAAA,CAAA,EAElHK,IAAI,CAACZ,QAAAA;AACJ,cAAIA,IAAIe,IAAIsI,WAAWhI,GAAAA,KAAQrB,IAAIe,IAAIR,SAAS,GAAA,GAAM;AACpD,mBAAOP,IAAIe;UACb;AACA,iBAAO,GAAGM,GAAAA,IAAOrB,IAAIe,GAAG;QAC1B,CAAA;MACJ;MACF,GAAIvB,WAAW4M,YAAY5M,WAAW4M,SAAS1J,SAAS,KAAK;QAAE2J,SAAS7M,WAAW4M;MAAS;IAC9F;EACF;AACA,SAAO1L;AACT;AA9FgBD;AAgGT,SAASkL,sBACdnM,YACA+B,MAGC;AAED,QAAMb,cAAcD,cAAcjB,YAAY+B,IAAAA,KAAS;AAEvD,QAAM8J,mBAAwC;IAC5C,YAAY;IACZ3K;IACA4L,uBAAuB;MACrB,GAAI,CAAC5L,eAAe;QAAE0F,OAAO;MAAW;MACxC,GAAI/C,MAAMC,QAAQ/B,MAAMgL,gBAAAA,KACtB/M,cACA,CAAC+B,MAAMgL,iBAAiBhM,SAASf,WAAW+C,SAASwE,QAAQ,QAAQ,EAAA,CAAA,KAAQ;QAAEX,OAAO;MAAuB;IACjH;IACAoG,qBAAqB;MACnB,GAAIhN,YAAYsD,SAAS;QAAE2J,cAAcjN,YAAYsD;MAAM;IAC7D;EACF;AACA,SAAOuI;AACT;AAvBgBM;AAyBhB,eAAsBe,SAASC,eAAqB;AAClD,MAAItL,MAAMsL;AACV,MAAI,CAACtL,KAAK;AACR,UAAMhB,MAAM,+CAAA;EACd;AACA,MAAIgB,IAAIgI,WAAW,UAAA,GAAa;AAC9B,WAAOhI;EACT;AACA,SAAO,WAAWA,IAAI0F,QAAQ,2BAA2B,IAAA,EAAMrD,YAAW,CAAA;AAC5E;AATsBgJ;AAcf,IAAME,aAAa,8BAAOC,SAAAA;AAC/B,QAAM,EAAE9C,QAAQ+C,QAAQC,SAASlN,SAAS8B,QAAO,IAAKkL;AACtD,QAAMG,aAAa;IACjB,GAAGrL;IACHsL,QAAQ,MAAMC,aAAa;MAAEnD;MAAQlK;IAAQ,CAAA;EAC/C;AAEA,aAAOsN,0BAAUJ,SAASC,YAAYF,MAAAA;AACxC,GAR0B;AAanB,IAAMI,eAAe,8BAC1BL,SAAAA;AAiBA,QAAM,EAAE9C,QAAQlK,QAAO,IAAKgN;AAE5B,QAAMrN,aAAa,MAAM+K,oBAAoBR,QAAQlK,OAAAA;AACrD,QAAMG,MAAM,MAAMkK,OAChB;IACE1K;IACAO,gBAAgBgK,OAAOqD;IACvBpJ,WAAW+F,OAAO/F;EACpB,GACAnE,OAAAA;AAEF,QAAMwN,YAAY,UAAMC,8CAA0B;IAAEtN;EAAI,CAAA;AAExD,SAAO,OAAOuN,SAAAA;AACZ,UAAMzG,QAAQyG,gBAAgBC,OAAOC,eAAepG,UAAAA,IAAc,IAAIqG,YAAAA,EAAcC,OAAOJ,IAAAA,IAAuBA;AAClH,WAAO,MAAM1N,QAAQwC,MAAMuL,eAAe;MACxCC,QAAQ7N,IAAIe;MACZsM;MACAE,MAAMzG;IACR,CAAA;EACF;AACF,GAvC4B;","names":["import_ssi_sdk_ext","SupportedDidMethodEnum","IdentifierAliasEnum","DID_PREFIX","fromString","toString","u8a","getAuthenticationKey","identifier","offlineWhenNoDIDRegistered","noVerificationMethodFallback","keyType","controllerKey","context","getFirstKeyWithRelation","vmRelationship","key","undefined","getFirstKeyWithRelationFromDIDDoc","errorOnNotFound","e","Error","message","includes","offlineDID","toDidDocument","didDocument","keys","map","filter","type","kid","controllerKeyId","find","meta","verificationMethod","purposes","did","getOrCreatePrimaryIdentifier","opts","primaryIdentifier","getPrimaryIdentifier","createOpts","options","method","created","result","SupportedDidMethodEnum","DID_KEY","codecName","createdIdentifier","createIdentifier","identifiers","agent","didManagerFind","provider","DID_PREFIX","some","length","didManagerCreate","kms","getKms","alias","IdentifierAliasEnum","PRIMARY","Date","getTime","matchedKeys","mapIdentifierKeysToDocWithJwkSupport","Array","isArray","getEthereumAddressFromKey","ethereumAddress","account","toLowerCase","computeAddress","publicKeyHex","getControllerKey","getKeys","jwkThumbprint","kmsKeyRef","dereferenceDidKeysWithJwkSupport","section","convert","Promise","all","getDIDComponentById","didUrl","isDefined","hexKey","extractPublicKeyHexWithJwkSupport","publicKeyBase58","publicKeyBase64","publicKeyJwk","keyProps","newKey","jwkTtoPublicKeyHex","jwk","vm","sanitizedJwk","pk","kty","curve","crv","toEcLibCurve","xHex","base64ToHex","x","yHex","y","prefix","hex","ec","elliptic","keyFromPublic","getPublic","error","console","hexKeyFromPEMBasedJwk","extractPublicKeyHex","isEvenHexString","lastChar","keyBytes","extractPublicKeyBytes","convertPublicKeyToX25519","bytesToHex","input","replace","base58ToBytes","publicKeyMultibase","multibaseKeyToBytes","base64ToBytes","hexToBytes","Uint8Array","verificationMethodToJwk","toJwk","keyTypeFromCryptographicSuite","id","didDocumentSectionToJwks","didDocumentSection","searchForVerificationMethods","verificationMethods","jwks","Set","vmOrId","from","didDocumentToJwks","publicKey","assertionMethod","authentication","keyAgreement","capabilityInvocation","capabilityDelegation","didDoc","getAgentResolver","resolve","then","mapIdentifierKeysToDoc","documentKeys","found","localKeys","convertIdentifierEncryptionKeys","compressIdentifierSecp256k1Keys","extendedKeys","localKey","startsWith","compareBlockchainAccountId","localProps","concat","vmEthAddr","getEthereumAddress","computedAddr","getAgentDIDMethods","didManagerGetProviders","getDID","idOpts","toDID","toDIDs","getKey","reject","kmsKeyRefParts","split","identifierKey","legacyGetIdentifier","didManagerGet","determineKid","mappedKeys","vmKey","extendedKey","getSupportedDIDMethods","didOpts","supportedDIDMethods","AgentDIDResolver","resolverResolution","uniresolverResolution","localResolution","constructor","resolutionResult","origResolutionResult","err","resolveDid","log","iIdentifier","toDidResolutionResult","UniResolver","controller","use","ENC_KEY_ALGS","JwkKeyUse","Encryption","Signature","purpose","services","service","didResolutionMetadata","supportedMethods","didDocumentMetadata","equivalentId","asDidWeb","hostnameOrDID","signDidJWT","args","header","payload","jwtOptions","signer","getDidSigner","createJWT","verificationMethodSection","algorithm","signatureAlgorithmFromKey","data","Object","getPrototypeOf","TextDecoder","decode","keyManagerSign","keyRef"]}
package/dist/index.d.cts CHANGED
@@ -178,10 +178,11 @@ declare function didDocumentToJwks(didDocument: DIDDocument): DidDocumentJwks;
178
178
  *
179
179
  * @beta This API may change without a BREAKING CHANGE notice.
180
180
  */
181
- declare function mapIdentifierKeysToDocWithJwkSupport({ identifier, vmRelationship, didDocument, }: {
181
+ declare function mapIdentifierKeysToDocWithJwkSupport({ identifier, vmRelationship, didDocument, kmsKeyRef, }: {
182
182
  identifier: IIdentifier;
183
183
  vmRelationship?: DIDDocumentSection;
184
184
  didDocument?: DIDDocument;
185
+ kmsKeyRef?: string;
185
186
  }, context: IAgentContext<IResolver & IDIDManager>): Promise<_ExtendedIKey[]>;
186
187
  declare function getAgentDIDMethods(context: IAgentContext<IDIDManager>): Promise<string[]>;
187
188
  declare function getDID(idOpts: {
@@ -193,7 +194,7 @@ declare function getKey({ identifier, vmRelationship, kmsKeyRef, }: {
193
194
  identifier: IIdentifier;
194
195
  vmRelationship?: DIDDocumentSection;
195
196
  kmsKeyRef?: string;
196
- }, context: IAgentContext<IResolver & IDIDManager>): Promise<IKey>;
197
+ }, context: IAgentContext<IResolver & IDIDManager>): Promise<_ExtendedIKey>;
197
198
  /**
198
199
  * Get the real kid as used in JWTs. This is the kid in the VM or in the JWT, not the kid in the Veramo/Sphereon keystore. That was just a poorly chosen name
199
200
  * @param key
package/dist/index.d.ts CHANGED
@@ -178,10 +178,11 @@ declare function didDocumentToJwks(didDocument: DIDDocument): DidDocumentJwks;
178
178
  *
179
179
  * @beta This API may change without a BREAKING CHANGE notice.
180
180
  */
181
- declare function mapIdentifierKeysToDocWithJwkSupport({ identifier, vmRelationship, didDocument, }: {
181
+ declare function mapIdentifierKeysToDocWithJwkSupport({ identifier, vmRelationship, didDocument, kmsKeyRef, }: {
182
182
  identifier: IIdentifier;
183
183
  vmRelationship?: DIDDocumentSection;
184
184
  didDocument?: DIDDocument;
185
+ kmsKeyRef?: string;
185
186
  }, context: IAgentContext<IResolver & IDIDManager>): Promise<_ExtendedIKey[]>;
186
187
  declare function getAgentDIDMethods(context: IAgentContext<IDIDManager>): Promise<string[]>;
187
188
  declare function getDID(idOpts: {
@@ -193,7 +194,7 @@ declare function getKey({ identifier, vmRelationship, kmsKeyRef, }: {
193
194
  identifier: IIdentifier;
194
195
  vmRelationship?: DIDDocumentSection;
195
196
  kmsKeyRef?: string;
196
- }, context: IAgentContext<IResolver & IDIDManager>): Promise<IKey>;
197
+ }, context: IAgentContext<IResolver & IDIDManager>): Promise<_ExtendedIKey>;
197
198
  /**
198
199
  * Get the real kid as used in JWTs. This is the kid in the VM or in the JWT, not the kid in the Veramo/Sphereon keystore. That was just a poorly chosen name
199
200
  * @param key
package/dist/index.js CHANGED
@@ -332,13 +332,19 @@ function didDocumentToJwks(didDocument) {
332
332
  };
333
333
  }
334
334
  __name(didDocumentToJwks, "didDocumentToJwks");
335
- async function mapIdentifierKeysToDocWithJwkSupport({ identifier, vmRelationship = "verificationMethod", didDocument }, context) {
335
+ async function mapIdentifierKeysToDocWithJwkSupport({ identifier, vmRelationship = "verificationMethod", didDocument, kmsKeyRef }, context) {
336
336
  const didDoc = didDocument ?? await getAgentResolver(context).resolve(identifier.did).then((result) => result.didDocument);
337
337
  if (!didDoc) {
338
338
  throw Error(`Could not resolve DID ${identifier.did}`);
339
339
  }
340
340
  const keys = didDoc ? [] : await mapIdentifierKeysToDoc(identifier, vmRelationship, context);
341
341
  const documentKeys = await dereferenceDidKeysWithJwkSupport(didDoc, vmRelationship, context);
342
+ if (kmsKeyRef) {
343
+ let found = keys.filter((key) => key.kid === kmsKeyRef);
344
+ if (found.length > 0) {
345
+ return found;
346
+ }
347
+ }
342
348
  const localKeys = vmRelationship === "keyAgreement" ? convertIdentifierEncryptionKeys(identifier) : compressIdentifierSecp256k1Keys(identifier);
343
349
  const extendedKeys = documentKeys.map((verificationMethod) => {
344
350
  const localKey = localKeys.find((localKey2) => localKey2.publicKeyHex === verificationMethod.publicKeyHex || verificationMethod.publicKeyHex?.startsWith(localKey2.publicKeyHex) || compareBlockchainAccountId(localKey2, verificationMethod));
@@ -355,7 +361,7 @@ async function mapIdentifierKeysToDocWithJwkSupport({ identifier, vmRelationship
355
361
  return null;
356
362
  }
357
363
  }).filter(isDefined);
358
- return keys.concat(extendedKeys);
364
+ return Array.from(new Set(keys.concat(extendedKeys)));
359
365
  }
360
366
  __name(mapIdentifierKeysToDocWithJwkSupport, "mapIdentifierKeysToDocWithJwkSupport");
361
367
  function compareBlockchainAccountId(localKey, verificationMethod) {
@@ -406,24 +412,23 @@ async function getKey({ identifier, vmRelationship = "authentication", kmsKeyRef
406
412
  }
407
413
  const kmsKeyRefParts = kmsKeyRef?.split(`#`);
408
414
  const kid = kmsKeyRefParts ? kmsKeyRefParts?.length === 2 ? kmsKeyRefParts[1] : kmsKeyRefParts[0] : void 0;
409
- let identifierKey = kmsKeyRef ? identifier.keys.find((key) => key.kid === kid || key?.meta?.jwkThumbprint === kid) : void 0;
415
+ let identifierKey = void 0;
416
+ const keys = await mapIdentifierKeysToDocWithJwkSupport({
417
+ identifier,
418
+ vmRelationship,
419
+ kmsKeyRef
420
+ }, context);
421
+ if (!keys || keys.length === 0) {
422
+ throw new Error(`No keys found for verificationMethodSection: ${vmRelationship} and did ${identifier.did}`);
423
+ }
424
+ if (kmsKeyRef) {
425
+ identifierKey = keys.find((key) => key.meta.verificationMethod?.id === kmsKeyRef || kid && key.meta.verificationMethod?.id?.includes(kid));
426
+ }
410
427
  if (!identifierKey) {
411
- const keys = await mapIdentifierKeysToDocWithJwkSupport({
412
- identifier,
413
- vmRelationship
414
- }, context);
415
- if (!keys || keys.length === 0) {
416
- throw new Error(`No keys found for verificationMethodSection: ${vmRelationship} and did ${identifier.did}`);
417
- }
418
- if (kmsKeyRef) {
419
- identifierKey = keys.find((key) => key.meta.verificationMethod?.id === kmsKeyRef || kid && key.meta.verificationMethod?.id?.includes(kid));
420
- }
421
- if (!identifierKey) {
422
- identifierKey = keys.find((key) => key.meta.verificationMethod?.type === vmRelationship || key.meta.purposes?.includes(vmRelationship));
423
- }
424
- if (!identifierKey) {
425
- identifierKey = keys[0];
426
- }
428
+ identifierKey = keys.find((key) => key.meta.verificationMethod?.type === vmRelationship || key.meta.purposes?.includes(vmRelationship));
429
+ }
430
+ if (!identifierKey) {
431
+ identifierKey = keys[0];
427
432
  }
428
433
  if (!identifierKey) {
429
434
  throw new Error(`No matching verificationMethodSection key found for keyId: ${kmsKeyRef} and vmSection: ${vmRelationship} for id ${identifier.did}`);
package/dist/index.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"sources":["../src/did-functions.ts","../src/types.ts"],"sourcesContent":["import { computeAddress } from '@ethersproject/transactions'\nimport { UniResolver } from '@sphereon/did-uni-client'\nimport {\n ENC_KEY_ALGS,\n getKms,\n JwkKeyUse,\n keyTypeFromCryptographicSuite,\n sanitizedJwk,\n signatureAlgorithmFromKey,\n type TKeyType,\n toJwk,\n} from '@sphereon/ssi-sdk-ext.key-utils'\nimport { base64ToHex, hexKeyFromPEMBasedJwk } from '@sphereon/ssi-sdk-ext.x509-utils'\nimport { base58ToBytes, base64ToBytes, bytesToHex, hexToBytes, multibaseKeyToBytes } from '@sphereon/ssi-sdk.core'\nimport type { JWK } from '@sphereon/ssi-types'\nimport { convertPublicKeyToX25519 } from '@stablelib/ed25519'\nimport type { DIDDocument, DIDDocumentSection, DIDResolutionResult, IAgentContext, IDIDManager, IIdentifier, IKey, IResolver } from '@veramo/core'\nimport {\n type _ExtendedIKey,\n type _ExtendedVerificationMethod,\n type _NormalizedVerificationMethod,\n compressIdentifierSecp256k1Keys,\n convertIdentifierEncryptionKeys,\n getEthereumAddress,\n isDefined,\n mapIdentifierKeysToDoc,\n} from '@veramo/utils'\nimport { createJWT, Signer } from 'did-jwt'\nimport type { DIDResolutionOptions, JsonWebKey, Resolvable, VerificationMethod } from 'did-resolver'\n// @ts-ignore\nimport elliptic from 'elliptic'\n// @ts-ignore\nimport * as u8a from 'uint8arrays'\nconst { fromString, toString } = u8a\nimport {\n type CreateIdentifierOpts,\n type CreateOrGetIdentifierOpts,\n DID_PREFIX,\n type GetOrCreateResult,\n type GetSignerArgs,\n IdentifierAliasEnum,\n type IdentifierProviderOpts,\n type IDIDOptions,\n type SignJwtArgs,\n SupportedDidMethodEnum,\n} from './types'\n\nexport const getAuthenticationKey = async (\n {\n identifier,\n offlineWhenNoDIDRegistered,\n noVerificationMethodFallback,\n keyType,\n controllerKey,\n }: {\n identifier: IIdentifier\n keyType?: TKeyType\n offlineWhenNoDIDRegistered?: boolean\n noVerificationMethodFallback?: boolean\n controllerKey?: boolean\n },\n context: IAgentContext<IResolver & IDIDManager>\n): Promise<_ExtendedIKey> => {\n return await getFirstKeyWithRelation(\n {\n identifier,\n offlineWhenNoDIDRegistered,\n noVerificationMethodFallback,\n keyType,\n controllerKey,\n vmRelationship: 'authentication',\n },\n context\n )\n}\nexport const getFirstKeyWithRelation = async (\n {\n identifier,\n offlineWhenNoDIDRegistered,\n noVerificationMethodFallback,\n keyType,\n controllerKey,\n vmRelationship,\n }: {\n identifier: IIdentifier\n keyType?: TKeyType\n offlineWhenNoDIDRegistered?: boolean\n noVerificationMethodFallback?: boolean\n controllerKey?: boolean\n vmRelationship: DIDDocumentSection\n },\n context: IAgentContext<IResolver & IDIDManager>\n): Promise<_ExtendedIKey> => {\n let key: _ExtendedIKey | undefined = undefined\n try {\n key =\n (await getFirstKeyWithRelationFromDIDDoc(\n {\n identifier,\n vmRelationship,\n errorOnNotFound: false,\n keyType,\n controllerKey,\n },\n context\n )) ??\n (noVerificationMethodFallback || vmRelationship === 'verificationMethod' // let's not fallback to the same value again\n ? undefined\n : await getFirstKeyWithRelationFromDIDDoc(\n {\n identifier,\n vmRelationship: 'verificationMethod',\n errorOnNotFound: false,\n keyType,\n controllerKey,\n },\n context\n ))\n } catch (e) {\n if (e instanceof Error) {\n if (!e.message.includes('404') || !offlineWhenNoDIDRegistered) {\n throw e\n }\n } else {\n throw e\n }\n }\n if (!key && offlineWhenNoDIDRegistered) {\n const offlineDID = toDidDocument(identifier)\n key =\n (await getFirstKeyWithRelationFromDIDDoc(\n {\n identifier,\n vmRelationship,\n errorOnNotFound: false,\n didDocument: offlineDID,\n keyType,\n controllerKey,\n },\n context\n )) ??\n (noVerificationMethodFallback || vmRelationship === 'verificationMethod' // let's not fallback to the same value again\n ? undefined\n : await getFirstKeyWithRelationFromDIDDoc(\n {\n identifier,\n vmRelationship: 'verificationMethod',\n errorOnNotFound: false,\n didDocument: offlineDID,\n keyType,\n controllerKey,\n },\n context\n ))\n if (!key) {\n key = identifier.keys\n .map((key) => key as _ExtendedIKey)\n .filter((key) => keyType === undefined || key.type === keyType || (controllerKey && key.kid === identifier.controllerKeyId))\n .find((key) => key.meta.verificationMethod?.type.includes('authentication') || key.meta.purposes?.includes('authentication'))\n }\n }\n if (!key) {\n throw Error(`Could not find authentication key for DID ${identifier.did}`)\n }\n return key\n}\n\nexport const getOrCreatePrimaryIdentifier = async (\n context: IAgentContext<IDIDManager>,\n opts?: CreateOrGetIdentifierOpts\n): Promise<GetOrCreateResult<IIdentifier>> => {\n const primaryIdentifier = await getPrimaryIdentifier(context, { ...opts?.createOpts?.options, ...(opts?.method && { method: opts.method }) })\n if (primaryIdentifier !== undefined) {\n return {\n created: false,\n result: primaryIdentifier,\n }\n }\n\n if (opts?.method === SupportedDidMethodEnum.DID_KEY) {\n const createOpts = opts?.createOpts ?? {}\n createOpts.options = { codecName: 'EBSI', type: 'Secp256r1', ...createOpts }\n opts.createOpts = createOpts\n }\n const createdIdentifier = await createIdentifier(context, opts)\n return {\n created: true,\n result: createdIdentifier,\n }\n}\n\nexport const getPrimaryIdentifier = async (context: IAgentContext<IDIDManager>, opts?: IdentifierProviderOpts): Promise<IIdentifier | undefined> => {\n const identifiers = (await context.agent.didManagerFind(opts?.method ? { provider: `${DID_PREFIX}${opts?.method}` } : {})).filter(\n (identifier: IIdentifier) => opts?.type === undefined || identifier.keys.some((key: IKey) => key.type === opts?.type)\n )\n\n return identifiers && identifiers.length > 0 ? identifiers[0] : undefined\n}\n\nexport const createIdentifier = async (context: IAgentContext<IDIDManager>, opts?: CreateIdentifierOpts): Promise<IIdentifier> => {\n return await context.agent.didManagerCreate({\n kms: await getKms(context, opts?.createOpts?.kms),\n ...(opts?.method && { provider: `${DID_PREFIX}${opts?.method}` }),\n alias: opts?.createOpts?.alias ?? `${IdentifierAliasEnum.PRIMARY}-${opts?.method}-${opts?.createOpts?.options?.type}-${new Date().getTime()}`,\n options: opts?.createOpts?.options,\n })\n}\n\nexport const getFirstKeyWithRelationFromDIDDoc = async (\n {\n identifier,\n vmRelationship = 'verificationMethod',\n keyType,\n errorOnNotFound = false,\n didDocument,\n controllerKey,\n }: {\n identifier: IIdentifier\n controllerKey?: boolean\n vmRelationship?: DIDDocumentSection\n keyType?: TKeyType\n errorOnNotFound?: boolean\n didDocument?: DIDDocument\n },\n context: IAgentContext<IResolver & IDIDManager>\n): Promise<_ExtendedIKey | undefined> => {\n const matchedKeys = await mapIdentifierKeysToDocWithJwkSupport({ identifier, vmRelationship, didDocument }, context)\n if (Array.isArray(matchedKeys) && matchedKeys.length > 0) {\n const result = matchedKeys.find(\n (key) => keyType === undefined || key.type === keyType || (controllerKey && key.kid === identifier.controllerKeyId)\n )\n if (result) {\n return result\n }\n }\n if (errorOnNotFound) {\n throw new Error(\n `Could not find key with relationship ${vmRelationship} in DID document for ${identifier.did}${keyType ? ' and key type: ' + keyType : ''}`\n )\n }\n return undefined\n}\n\nexport const getEthereumAddressFromKey = ({ key }: { key: IKey }) => {\n if (key.type !== 'Secp256k1') {\n throw Error(`Can only get ethereum address from a Secp256k1 key. Type is ${key.type} for keyRef: ${key.kid}`)\n }\n const ethereumAddress = key.meta?.ethereumAddress ?? key.meta?.account?.toLowerCase() ?? computeAddress(`0x${key.publicKeyHex}`).toLowerCase()\n if (!ethereumAddress) {\n throw Error(`Could not get or generate ethereum address from key with keyRef ${key.kid}`)\n }\n return ethereumAddress\n}\n\nexport const getControllerKey = ({ identifier }: { identifier: IIdentifier }) => {\n const key = identifier.keys.find((key) => key.kid === identifier.controllerKeyId)\n if (!key) {\n throw Error(`Could not get controller key for identifier ${identifier}`)\n }\n return key\n}\n\nexport const getKeys = ({\n jwkThumbprint,\n kms,\n identifier,\n kmsKeyRef,\n keyType,\n controllerKey,\n}: {\n identifier: IIdentifier\n kmsKeyRef?: string\n keyType?: TKeyType\n kms?: string\n jwkThumbprint?: string\n controllerKey?: boolean\n}) => {\n return identifier.keys\n .filter((key) => !keyType || key.type === keyType)\n .filter((key) => !kms || key.kms === kms)\n .filter((key) => !kmsKeyRef || key.kid === kmsKeyRef)\n .filter((key) => !jwkThumbprint || key.meta?.jwkThumbprint === jwkThumbprint)\n .filter((key) => !controllerKey || identifier.controllerKeyId === key.kid)\n}\n\n//TODO: Move to ssi-sdk/core and create PR upstream\n/**\n * Dereferences keys from DID document and normalizes them for easy comparison.\n *\n * When dereferencing keyAgreement keys, only Ed25519 and X25519 curves are supported.\n * Other key types are omitted from the result and Ed25519 keys are converted to X25519\n *\n * @returns a Promise that resolves to the list of dereferenced keys.\n *\n * @beta This API may change without a BREAKING CHANGE notice.\n */\nexport async function dereferenceDidKeysWithJwkSupport(\n didDocument: DIDDocument,\n section: DIDDocumentSection = 'keyAgreement',\n context: IAgentContext<IResolver>\n): Promise<_NormalizedVerificationMethod[]> {\n const convert = section === 'keyAgreement'\n if (section === 'service') {\n return []\n }\n return (\n await Promise.all(\n (didDocument[section] || []).map(async (key: string | VerificationMethod) => {\n if (typeof key === 'string') {\n try {\n return (await context.agent.getDIDComponentById({\n didDocument,\n didUrl: key,\n section,\n })) as _ExtendedVerificationMethod\n } catch (e) {\n return null\n }\n } else {\n return key as _ExtendedVerificationMethod\n }\n })\n )\n )\n .filter(isDefined)\n .map((key) => {\n const hexKey = extractPublicKeyHexWithJwkSupport(key, convert)\n const { publicKeyHex, publicKeyBase58, publicKeyBase64, publicKeyJwk, ...keyProps } = key\n const newKey = { ...keyProps, publicKeyHex: hexKey }\n if (convert && 'Ed25519VerificationKey2018' === newKey.type) {\n newKey.type = 'X25519KeyAgreementKey2019'\n }\n return newKey\n })\n}\n\nexport function jwkTtoPublicKeyHex(jwk: JWK): string {\n // todo: Hacky way to convert this to a VM. Should extract the logic from the below methods\n // @ts-ignore\n const vm: _ExtendedVerificationMethod = {\n publicKeyJwk: sanitizedJwk(jwk),\n }\n return extractPublicKeyHexWithJwkSupport(vm)\n}\n\n/**\n * Converts the publicKey of a VerificationMethod to hex encoding (publicKeyHex)\n *\n * @param pk - the VerificationMethod to be converted\n * @param convert - when this flag is set to true, Ed25519 keys are converted to their X25519 pairs\n * @returns the hex encoding of the public key\n *\n * @beta This API may change without a BREAKING CHANGE notice.\n */\nexport function extractPublicKeyHexWithJwkSupport(pk: _ExtendedVerificationMethod, convert = false): string {\n if (pk.publicKeyJwk) {\n const jwk = sanitizedJwk(pk.publicKeyJwk)\n if (jwk.kty === 'EC') {\n const curve = jwk.crv ? toEcLibCurve(jwk.crv) : 'p256'\n const xHex = base64ToHex(jwk.x!, 'base64url')\n const yHex = base64ToHex(jwk.y!, 'base64url')\n const prefix = '04' // isEven(yHex) ? '02' : '03'\n // Uncompressed Hex format: 04<x><y>\n // Compressed Hex format: 02<x> (for even y) or 03<x> (for uneven y)\n const hex = `${prefix}${xHex}${yHex}`\n try {\n const ec = new elliptic.ec(curve)\n // We return directly as we don't want to convert the result back into Uint8Array and then convert again to hex as the elliptic lib already returns hex strings\n const publicKeyHex = ec.keyFromPublic(hex, 'hex').getPublic(true, 'hex')\n // This returns a short form (x) with 02 or 03 prefix\n return publicKeyHex\n } catch (error: any) {\n console.error(`Error converting EC with elliptic lib curve ${curve} from JWK to hex. x: ${jwk.x}, y: ${jwk.y}, error: ${error}`, error)\n }\n } else if (jwk.crv === 'Ed25519') {\n return toString(fromString(jwk.x!, 'base64url'), 'base16')\n } else if (jwk.kty === 'RSA') {\n return hexKeyFromPEMBasedJwk(jwk, 'public')\n }\n }\n // delegate the other types to the original Veramo function\n return extractPublicKeyHex(pk, convert)\n}\n\nexport function isEvenHexString(hex: string) {\n const lastChar = hex[hex.length - 1].toLowerCase()\n return ['0', '2', '4', '6', '8', 'a', 'c', 'e'].includes(lastChar)\n}\n\ninterface LegacyVerificationMethod extends VerificationMethod {\n publicKeyBase64: string\n}\n\n/**\n * Converts the publicKey of a VerificationMethod to hex encoding (publicKeyHex)\n *\n * @param pk - the VerificationMethod to be converted\n * @param convert - when this flag is set to true, Ed25519 keys are converted to their X25519 pairs\n * @returns the hex encoding of the public key\n *\n * @beta This API may change without a BREAKING CHANGE notice.\n */\nexport function extractPublicKeyHex(pk: _ExtendedVerificationMethod, convert: boolean = false): string {\n let keyBytes = extractPublicKeyBytes(pk)\n const jwk = pk.publicKeyJwk ? sanitizedJwk(pk.publicKeyJwk) : undefined\n if (convert) {\n if (\n ['Ed25519', 'Ed25519VerificationKey2018', 'Ed25519VerificationKey2020'].includes(pk.type) ||\n (pk.type === 'JsonWebKey2020' && jwk?.crv === 'Ed25519')\n ) {\n keyBytes = convertPublicKeyToX25519(keyBytes)\n } else if (\n !['X25519', 'X25519KeyAgreementKey2019', 'X25519KeyAgreementKey2020'].includes(pk.type) &&\n !(pk.type === 'JsonWebKey2020' && jwk?.crv === 'X25519')\n ) {\n return ''\n }\n }\n return bytesToHex(keyBytes)\n}\n\nfunction toEcLibCurve(input: string) {\n return input.toLowerCase().replace('-', '').replace('_', '')\n}\n\nfunction extractPublicKeyBytes(pk: VerificationMethod): Uint8Array {\n if (pk.publicKeyBase58) {\n return base58ToBytes(pk.publicKeyBase58)\n } else if (pk.publicKeyMultibase) {\n return multibaseKeyToBytes(pk.publicKeyMultibase)\n } else if ((<LegacyVerificationMethod>pk).publicKeyBase64) {\n return base64ToBytes((<LegacyVerificationMethod>pk).publicKeyBase64)\n } else if (pk.publicKeyHex) {\n return hexToBytes(pk.publicKeyHex)\n } else if (pk.publicKeyJwk?.crv && pk.publicKeyJwk.x && pk.publicKeyJwk.y) {\n return hexToBytes(extractPublicKeyHexWithJwkSupport(pk))\n } else if (pk.publicKeyJwk && (pk.publicKeyJwk.crv === 'Ed25519' || pk.publicKeyJwk.crv === 'X25519') && pk.publicKeyJwk.x) {\n return base64ToBytes(pk.publicKeyJwk.x)\n }\n return new Uint8Array()\n}\n\nexport function verificationMethodToJwk(vm: VerificationMethod): JWK {\n let jwk: JWK | undefined = vm.publicKeyJwk as JWK\n if (!jwk) {\n let publicKeyHex = vm.publicKeyHex ?? toString(extractPublicKeyBytes(vm), 'hex')\n jwk = toJwk(publicKeyHex, keyTypeFromCryptographicSuite({ crv: vm.type }))\n }\n if (!jwk) {\n throw Error(`Could not convert verification method to jwk`)\n }\n jwk.kid = vm.id\n return sanitizedJwk(jwk)\n}\n\nfunction didDocumentSectionToJwks(\n didDocumentSection: DIDDocumentSection,\n searchForVerificationMethods?: (VerificationMethod | string)[],\n verificationMethods?: VerificationMethod[]\n) {\n const jwks = new Set(\n (searchForVerificationMethods ?? [])\n .map((vmOrId) => (typeof vmOrId === 'object' ? vmOrId : verificationMethods?.find((vm) => vm.id === vmOrId)))\n .filter(isDefined)\n .map((vm) => verificationMethodToJwk(vm))\n )\n return { didDocumentSection, jwks: Array.from(jwks) }\n}\n\nexport type DidDocumentJwks = Record<Exclude<DIDDocumentSection, 'publicKey' | 'service'>, Array<JWK>>\n\nexport function didDocumentToJwks(didDocument: DIDDocument): DidDocumentJwks {\n return {\n verificationMethod: [\n ...didDocumentSectionToJwks('publicKey', didDocument.publicKey, didDocument.verificationMethod).jwks, // legacy support\n ...didDocumentSectionToJwks('verificationMethod', didDocument.verificationMethod, didDocument.verificationMethod).jwks,\n ],\n assertionMethod: didDocumentSectionToJwks('assertionMethod', didDocument.assertionMethod, didDocument.verificationMethod).jwks,\n authentication: didDocumentSectionToJwks('authentication', didDocument.authentication, didDocument.verificationMethod).jwks,\n keyAgreement: didDocumentSectionToJwks('keyAgreement', didDocument.keyAgreement, didDocument.verificationMethod).jwks,\n capabilityInvocation: didDocumentSectionToJwks('capabilityInvocation', didDocument.capabilityInvocation, didDocument.verificationMethod).jwks,\n capabilityDelegation: didDocumentSectionToJwks('capabilityDelegation', didDocument.capabilityDelegation, didDocument.verificationMethod).jwks,\n }\n}\n\n/**\n * Maps the keys of a locally managed {@link @veramo/core#IIdentifier | IIdentifier} to the corresponding\n * {@link did-resolver#VerificationMethod | VerificationMethod} entries from the DID document.\n *\n * @param identifier - the identifier to be mapped\n * @param section - the section of the DID document to be mapped (see\n * {@link https://www.w3.org/TR/did-core/#verification-relationships | verification relationships}), but can also be\n * `verificationMethod` to map all the keys.\n * @param didDocument\n * @param context - the veramo agent context, which must contain a {@link @veramo/core#IResolver | IResolver}\n * implementation that can resolve the DID document of the identifier.\n *\n * @returns an array of mapped keys. The corresponding verification method is added to the `meta.verificationMethod`\n * property of the key.\n *\n * @beta This API may change without a BREAKING CHANGE notice.\n */\nexport async function mapIdentifierKeysToDocWithJwkSupport(\n {\n identifier,\n vmRelationship = 'verificationMethod',\n didDocument,\n }: {\n identifier: IIdentifier\n vmRelationship?: DIDDocumentSection\n didDocument?: DIDDocument\n },\n context: IAgentContext<IResolver & IDIDManager>\n): Promise<_ExtendedIKey[]> {\n const didDoc =\n didDocument ??\n (await getAgentResolver(context)\n .resolve(identifier.did)\n .then((result) => result.didDocument))\n if (!didDoc) {\n throw Error(`Could not resolve DID ${identifier.did}`)\n }\n\n // const rsaDidWeb = identifier.keys && identifier.keys.length > 0 && identifier.keys.find((key) => key.type === 'RSA') && didDocument\n\n // We skip mapping in case the identifier is RSA and a did document is supplied.\n const keys = didDoc ? [] : await mapIdentifierKeysToDoc(identifier, vmRelationship, context)\n\n // dereference all key agreement keys from DID document and normalize\n const documentKeys: VerificationMethod[] = await dereferenceDidKeysWithJwkSupport(didDoc, vmRelationship, context)\n\n const localKeys = vmRelationship === 'keyAgreement' ? convertIdentifierEncryptionKeys(identifier) : compressIdentifierSecp256k1Keys(identifier)\n\n // finally map the didDocument keys to the identifier keys by comparing `publicKeyHex`\n const extendedKeys: _ExtendedIKey[] = documentKeys\n .map((verificationMethod) => {\n /*if (verificationMethod.type !== 'JsonWebKey2020') {\n return null\n }*/\n const localKey = localKeys.find(\n (localKey) =>\n localKey.publicKeyHex === verificationMethod.publicKeyHex ||\n verificationMethod.publicKeyHex?.startsWith(localKey.publicKeyHex) ||\n compareBlockchainAccountId(localKey, verificationMethod)\n )\n if (localKey) {\n const { meta, ...localProps } = localKey\n return { ...localProps, meta: { ...meta, verificationMethod } }\n } else {\n return null\n }\n })\n .filter(isDefined)\n\n return keys.concat(extendedKeys)\n}\n\n/**\n * Compares the `blockchainAccountId` of a `EcdsaSecp256k1RecoveryMethod2020` verification method with the address\n * computed from a locally managed key.\n *\n * @returns true if the local key address corresponds to the `blockchainAccountId`\n *\n * @param localKey - The locally managed key\n * @param verificationMethod - a {@link did-resolver#VerificationMethod | VerificationMethod} with a\n * `blockchainAccountId`\n *\n * @beta This API may change without a BREAKING CHANGE notice.\n */\nfunction compareBlockchainAccountId(localKey: IKey, verificationMethod: VerificationMethod): boolean {\n if (\n (verificationMethod.type !== 'EcdsaSecp256k1RecoveryMethod2020' && verificationMethod.type !== 'EcdsaSecp256k1VerificationKey2019') ||\n localKey.type !== 'Secp256k1'\n ) {\n return false\n }\n let vmEthAddr = getEthereumAddress(verificationMethod)\n if (localKey.meta?.account) {\n return vmEthAddr === localKey.meta?.account.toLowerCase()\n }\n const computedAddr = computeAddress('0x' + localKey.publicKeyHex).toLowerCase()\n return computedAddr === vmEthAddr\n}\n\nexport async function getAgentDIDMethods(context: IAgentContext<IDIDManager>) {\n return (await context.agent.didManagerGetProviders()).map((provider) => provider.toLowerCase().replace('did:', ''))\n}\n\nexport function getDID(idOpts: { identifier: IIdentifier | string }): string {\n if (typeof idOpts.identifier === 'string') {\n return idOpts.identifier\n } else if (typeof idOpts.identifier === 'object') {\n return idOpts.identifier.did\n }\n throw Error(`Cannot get DID from identifier value`)\n}\n\nexport function toDID(identifier: string | IIdentifier | Partial<IIdentifier>): string {\n if (typeof identifier === 'string') {\n return identifier\n }\n if (identifier.did) {\n return identifier.did\n }\n throw Error(`No DID value present in identifier`)\n}\n\nexport function toDIDs(identifiers?: (string | IIdentifier | Partial<IIdentifier>)[]): string[] {\n if (!identifiers) {\n return []\n }\n return identifiers.map(toDID)\n}\n\nexport async function getKey(\n {\n identifier,\n vmRelationship = 'authentication',\n kmsKeyRef,\n }: {\n identifier: IIdentifier\n vmRelationship?: DIDDocumentSection\n kmsKeyRef?: string\n },\n context: IAgentContext<IResolver & IDIDManager>\n): Promise<IKey> {\n if (!identifier) {\n return Promise.reject(new Error(`No identifier provided to getKey method!`))\n }\n // normalize to kid, in case keyId was passed in as did#vm or #vm\n const kmsKeyRefParts = kmsKeyRef?.split(`#`)\n const kid = kmsKeyRefParts ? (kmsKeyRefParts?.length === 2 ? kmsKeyRefParts[1] : kmsKeyRefParts[0]) : undefined\n // todo: We really should do a keyRef and external kid here\n let identifierKey = kmsKeyRef ? identifier.keys.find((key: IKey) => key.kid === kid || key?.meta?.jwkThumbprint === kid) : undefined\n if (!identifierKey) {\n const keys = await mapIdentifierKeysToDocWithJwkSupport({ identifier, vmRelationship: vmRelationship }, context)\n if (!keys || keys.length === 0) {\n throw new Error(`No keys found for verificationMethodSection: ${vmRelationship} and did ${identifier.did}`)\n }\n if (kmsKeyRef) {\n identifierKey = keys.find(\n (key: _ExtendedIKey) => key.meta.verificationMethod?.id === kmsKeyRef || (kid && key.meta.verificationMethod?.id?.includes(kid))\n )\n }\n if (!identifierKey) {\n identifierKey = keys.find(\n (key: _ExtendedIKey) => key.meta.verificationMethod?.type === vmRelationship || key.meta.purposes?.includes(vmRelationship)\n )\n }\n if (!identifierKey) {\n identifierKey = keys[0]\n }\n }\n if (!identifierKey) {\n throw new Error(\n `No matching verificationMethodSection key found for keyId: ${kmsKeyRef} and vmSection: ${vmRelationship} for id ${identifier.did}`\n )\n }\n\n return identifierKey\n}\n\n/**\n *\n * @param identifier\n * @param context\n *\n * @deprecated Replaced by the identfier resolution plugin\n */\nasync function legacyGetIdentifier(\n {\n identifier,\n }: {\n identifier: string | IIdentifier\n },\n context: IAgentContext<IDIDManager>\n): Promise<IIdentifier> {\n if (typeof identifier === 'string') {\n return await context.agent.didManagerGet({ did: identifier })\n }\n return identifier\n}\n\n/**\n * Get the real kid as used in JWTs. This is the kid in the VM or in the JWT, not the kid in the Veramo/Sphereon keystore. That was just a poorly chosen name\n * @param key\n * @param idOpts\n * @param context\n */\nexport async function determineKid(\n {\n key,\n idOpts,\n }: {\n key: IKey\n idOpts: { identifier: IIdentifier | string; kmsKeyRef?: string }\n },\n context: IAgentContext<IResolver & IDIDManager>\n): Promise<string> {\n if (key.meta?.verificationMethod?.id) {\n return key.meta?.verificationMethod?.id\n }\n const identifier = await legacyGetIdentifier(idOpts, context)\n const mappedKeys = await mapIdentifierKeysToDocWithJwkSupport(\n {\n identifier,\n vmRelationship: 'verificationMethod',\n },\n context\n )\n const vmKey = mappedKeys.find((extendedKey) => extendedKey.kid === key.kid)\n if (vmKey) {\n return vmKey.meta?.verificationMethod?.id ?? vmKey.meta?.jwkThumbprint ?? idOpts.kmsKeyRef ?? vmKey.kid\n }\n\n return key.meta?.jwkThumbprint ?? idOpts.kmsKeyRef ?? key.kid\n}\n\nexport async function getSupportedDIDMethods(didOpts: IDIDOptions, context: IAgentContext<IDIDManager>) {\n return didOpts.supportedDIDMethods ?? (await getAgentDIDMethods(context))\n}\n\nexport function getAgentResolver(\n context: IAgentContext<IResolver & IDIDManager>,\n opts?: {\n localResolution?: boolean // Resolve identifiers hosted by the agent\n uniresolverResolution?: boolean // Resolve identifiers using universal resolver\n resolverResolution?: boolean // Use registered drivers\n }\n): Resolvable {\n return new AgentDIDResolver(context, opts)\n}\n\nexport class AgentDIDResolver implements Resolvable {\n private readonly context: IAgentContext<IResolver & IDIDManager>\n private readonly resolverResolution: boolean\n private readonly uniresolverResolution: boolean\n private readonly localResolution: boolean\n\n constructor(\n context: IAgentContext<IResolver & IDIDManager>,\n opts?: { uniresolverResolution?: boolean; localResolution?: boolean; resolverResolution?: boolean }\n ) {\n this.context = context\n this.resolverResolution = opts?.resolverResolution !== false\n this.uniresolverResolution = opts?.uniresolverResolution !== false\n this.localResolution = opts?.localResolution !== false\n }\n\n async resolve(didUrl: string, options?: DIDResolutionOptions): Promise<DIDResolutionResult> {\n let resolutionResult: DIDResolutionResult | undefined\n let origResolutionResult: DIDResolutionResult | undefined\n let err: any\n if (!this.resolverResolution && !this.localResolution && !this.uniresolverResolution) {\n throw Error(`No agent hosted DID resolution, regular agent resolution nor universal resolver resolution is enabled. Cannot resolve DIDs.`)\n }\n if (this.resolverResolution) {\n try {\n resolutionResult = await this.context.agent.resolveDid({ didUrl, options })\n } catch (error: unknown) {\n err = error\n }\n }\n if (resolutionResult) {\n origResolutionResult = resolutionResult\n if (resolutionResult.didDocument === null) {\n resolutionResult = undefined\n }\n } else {\n console.log(`Agent resolver resolution is disabled. This typically isn't desirable!`)\n }\n if (!resolutionResult && this.localResolution) {\n console.log(`Using local DID resolution, looking at DIDs hosted by the agent.`)\n try {\n const did = didUrl.split('#')[0]\n const iIdentifier = await this.context.agent.didManagerGet({ did })\n resolutionResult = toDidResolutionResult(iIdentifier, { did })\n if (resolutionResult.didDocument) {\n err = undefined\n } else {\n console.log(`Local resolution resulted in a DID Document for ${did}`)\n }\n } catch (error: unknown) {\n if (!err) {\n err = error\n }\n }\n }\n if (resolutionResult) {\n if (!origResolutionResult) {\n origResolutionResult = resolutionResult\n }\n if (!resolutionResult.didDocument) {\n resolutionResult = undefined\n }\n }\n if (!resolutionResult && this.uniresolverResolution) {\n console.log(`Using universal resolver resolution for did ${didUrl} `)\n resolutionResult = await new UniResolver().resolve(didUrl, options)\n if (!origResolutionResult) {\n origResolutionResult = resolutionResult\n }\n if (resolutionResult.didDocument) {\n err = undefined\n }\n }\n\n if (err) {\n // throw original error\n throw err\n }\n if (!resolutionResult && !origResolutionResult) {\n throw `Could not resolve ${didUrl}. Resolutions tried: online: ${this.resolverResolution}, local: ${this.localResolution}, uni resolver: ${this.uniresolverResolution}`\n }\n return resolutionResult ?? origResolutionResult!\n }\n}\n\n/**\n * Please note that this is not an exact representation of the actual DID Document.\n *\n * We try to do our best, to map keys onto relevant verification methods and relationships, but we simply lack the context\n * of the actual DID method here. Do not relly on this method for DID resolution. It is only handy for offline use cases\n * when no DID Document is cached. For DID:WEB it does provide an accurate representation!\n *\n * @param identifier\n * @param opts\n */\nexport function toDidDocument(\n identifier?: IIdentifier,\n opts?: {\n did?: string\n use?: JwkKeyUse[]\n }\n): DIDDocument | undefined {\n let didDocument: DIDDocument | undefined = undefined\n // TODO: Introduce jwk thumbprints here\n if (identifier) {\n const did = identifier.did ?? opts?.did\n didDocument = {\n '@context': 'https://www.w3.org/ns/did/v1',\n id: did,\n verificationMethod: identifier.keys.map((key) => {\n const vm: VerificationMethod = {\n controller: did,\n id: key.kid.startsWith(did) && key.kid.includes('#') ? key.kid : `${did}#${key.kid}`,\n publicKeyJwk: toJwk(key.publicKeyHex, key.type, {\n use: ENC_KEY_ALGS.includes(key.type) ? JwkKeyUse.Encryption : JwkKeyUse.Signature,\n key,\n }) as JsonWebKey,\n type: 'JsonWebKey2020',\n }\n return vm\n }),\n ...((opts?.use === undefined || opts?.use?.includes(JwkKeyUse.Signature)) &&\n identifier.keys && {\n assertionMethod: identifier.keys\n .filter(\n (key) =>\n key?.meta?.purpose === undefined || key?.meta?.purpose === 'assertionMethod' || key?.meta?.purposes?.includes('assertionMethod')\n )\n .map((key) => {\n if (key.kid.startsWith(did) && key.kid.includes('#')) {\n return key.kid\n }\n return `${did}#${key.kid}`\n }),\n }),\n ...((opts?.use === undefined || opts?.use?.includes(JwkKeyUse.Signature)) &&\n identifier.keys && {\n authentication: identifier.keys\n .filter(\n (key) => key?.meta?.purpose === undefined || key?.meta?.purpose === 'authentication' || key?.meta?.purposes?.includes('authentication')\n )\n .map((key) => {\n if (key.kid.startsWith(did) && key.kid.includes('#')) {\n return key.kid\n }\n return `${did}#${key.kid}`\n }),\n }),\n ...((opts?.use === undefined || opts?.use?.includes(JwkKeyUse.Encryption)) &&\n identifier.keys && {\n keyAgreement: identifier.keys\n .filter((key) => key.type === 'X25519' || key?.meta?.purpose === 'keyAgreement' || key?.meta?.purposes?.includes('keyAgreement'))\n .map((key) => {\n if (key.kid.startsWith(did) && key.kid.includes('#')) {\n return key.kid\n }\n return `${did}#${key.kid}`\n }),\n }),\n ...((opts?.use === undefined || opts?.use?.includes(JwkKeyUse.Encryption)) &&\n identifier.keys && {\n capabilityInvocation: identifier.keys\n .filter(\n (key) => key.type === 'X25519' || key?.meta?.purpose === 'capabilityInvocation' || key?.meta?.purposes?.includes('capabilityInvocation')\n )\n .map((key) => {\n if (key.kid.startsWith(did) && key.kid.includes('#')) {\n return key.kid\n }\n return `${did}#${key.kid}`\n }),\n }),\n ...((opts?.use === undefined || opts?.use?.includes(JwkKeyUse.Encryption)) &&\n identifier.keys && {\n capabilityDelegation: identifier.keys\n .filter(\n (key) => key.type === 'X25519' || key?.meta?.purpose === 'capabilityDelegation' || key?.meta?.purposes?.includes('capabilityDelegation')\n )\n .map((key) => {\n if (key.kid.startsWith(did) && key.kid.includes('#')) {\n return key.kid\n }\n return `${did}#${key.kid}`\n }),\n }),\n ...(identifier.services && identifier.services.length > 0 && { service: identifier.services }),\n }\n }\n return didDocument\n}\n\nexport function toDidResolutionResult(\n identifier?: IIdentifier,\n opts?: {\n did?: string\n supportedMethods?: string[]\n }\n): DIDResolutionResult {\n const didDocument = toDidDocument(identifier, opts) ?? null // null is used in case of errors and required by the did resolution spec\n\n const resolutionResult: DIDResolutionResult = {\n '@context': 'https://w3id.org/did-resolution/v1',\n didDocument,\n didResolutionMetadata: {\n ...(!didDocument && { error: 'notFound' }),\n ...(Array.isArray(opts?.supportedMethods) &&\n identifier &&\n !opts?.supportedMethods.includes(identifier.provider.replace('did:', '')) && { error: 'unsupportedDidMethod' }),\n },\n didDocumentMetadata: {\n ...(identifier?.alias && { equivalentId: identifier?.alias }),\n },\n }\n return resolutionResult\n}\n\nexport async function asDidWeb(hostnameOrDID: string): Promise<string> {\n let did = hostnameOrDID\n if (!did) {\n throw Error('Domain or DID expected, but received nothing.')\n }\n if (did.startsWith('did:web:')) {\n return did\n }\n return `did:web:${did.replace(/https?:\\/\\/([^/?#]+).*/i, '$1').toLowerCase()}`\n}\n\n/**\n * @deprecated Replaced by the new signer service\n */\nexport const signDidJWT = async (args: SignJwtArgs): Promise<string> => {\n const { idOpts, header, payload, context, options } = args\n const jwtOptions = {\n ...options,\n signer: await getDidSigner({ idOpts, context }),\n }\n\n return createJWT(payload, jwtOptions, header)\n}\n\n/**\n * @deprecated Replaced by the new signer service\n */\nexport const getDidSigner = async (\n args: GetSignerArgs & {\n idOpts: {\n /**\n * @deprecated\n */\n identifier: IIdentifier | string\n /**\n * @deprecated\n */\n verificationMethodSection?: DIDDocumentSection\n /**\n * @deprecated\n */\n kmsKeyRef?: string\n }\n }\n): Promise<Signer> => {\n const { idOpts, context } = args\n\n const identifier = await legacyGetIdentifier(idOpts, context)\n const key = await getKey(\n {\n identifier,\n vmRelationship: idOpts.verificationMethodSection,\n kmsKeyRef: idOpts.kmsKeyRef,\n },\n context\n )\n const algorithm = await signatureAlgorithmFromKey({ key })\n\n return async (data: string | Uint8Array): Promise<string> => {\n const input = data instanceof Object.getPrototypeOf(Uint8Array) ? new TextDecoder().decode(data as Uint8Array) : (data as string)\n return await context.agent.keyManagerSign({\n keyRef: key.kid,\n algorithm,\n data: input,\n })\n }\n}\n","import type { TKeyType } from '@sphereon/ssi-sdk-ext.key-utils'\nimport type { IAgentContext, IDIDManager, IIdentifier, IKeyManager, IResolver } from '@veramo/core'\nimport type { JWTHeader, JWTPayload, JWTVerifyOptions } from 'did-jwt'\nimport type { Resolvable } from 'did-resolver'\n\nexport enum SupportedDidMethodEnum {\n DID_ETHR = 'ethr',\n DID_KEY = 'key',\n DID_LTO = 'lto',\n DID_ION = 'ion',\n DID_EBSI = 'ebsi',\n DID_JWK = 'jwk',\n DID_OYD = 'oyd',\n}\n\nexport enum IdentifierAliasEnum {\n PRIMARY = 'primary',\n}\n\nexport interface ResolveOpts {\n jwtVerifyOpts?: JWTVerifyOptions\n resolver?: Resolvable\n resolveUrl?: string\n noUniversalResolverFallback?: boolean\n subjectSyntaxTypesSupported?: string[]\n}\n\n/**\n * @deprecated Replaced by the identifier resolution service\n */\nexport interface IDIDOptions {\n resolveOpts?: ResolveOpts\n idOpts: LegacyIIdentifierOpts\n supportedDIDMethods?: string[]\n}\n\nexport type IdentifierProviderOpts = {\n type?: TKeyType\n use?: string\n method?: SupportedDidMethodEnum\n [x: string]: any\n}\n\nexport type CreateIdentifierOpts = {\n method: SupportedDidMethodEnum\n createOpts?: CreateIdentifierCreateOpts\n}\n\nexport type CreateIdentifierCreateOpts = {\n kms?: string\n alias?: string\n options?: IdentifierProviderOpts\n}\n\nexport type CreateOrGetIdentifierOpts = {\n method: SupportedDidMethodEnum\n createOpts?: CreateIdentifierCreateOpts\n}\n\nexport const DID_PREFIX = 'did:'\n\nexport interface GetOrCreateResult<T> {\n created: boolean\n result: T\n}\n\n/**\n * @deprecated Replaced by new signer\n */\nexport type SignJwtArgs = {\n idOpts: LegacyIIdentifierOpts\n header: Partial<JWTHeader>\n payload: Partial<JWTPayload>\n options: { issuer: string; expiresIn?: number; canonicalize?: boolean }\n context: IRequiredSignAgentContext\n}\n\n/**\n * @deprecated Replaced by new signer\n */\nexport type GetSignerArgs = {\n idOpts: LegacyIIdentifierOpts\n context: IRequiredSignAgentContext\n}\n\n/**\n * @deprecated Replaced by the identifier resolution service\n */\ntype LegacyIIdentifierOpts = {\n identifier: IIdentifier | string\n}\nexport type IRequiredSignAgentContext = IAgentContext<IKeyManager & IDIDManager & IResolver>\n"],"mappings":";;;;AAAA,SAASA,sBAAsB;AAC/B,SAASC,mBAAmB;AAC5B,SACEC,cACAC,QACAC,WACAC,+BACAC,cACAC,2BAEAC,aACK;AACP,SAASC,aAAaC,6BAA6B;AACnD,SAASC,eAAeC,eAAeC,YAAYC,YAAYC,2BAA2B;AAE1F,SAASC,gCAAgC;AAEzC,SAIEC,iCACAC,iCACAC,oBACAC,WACAC,8BACK;AACP,SAASC,iBAAyB;AAGlC,OAAOC,cAAc;AAErB,YAAYC,SAAS;;;AC3Bd,IAAKC,yBAAAA,yBAAAA,yBAAAA;;;;;;;;SAAAA;;AAUL,IAAKC,sBAAAA,yBAAAA,sBAAAA;;SAAAA;;AA4CL,IAAMC,aAAa;;;AD1B1B,IAAM,EAAEC,YAAYC,SAAQ,IAAKC;AAc1B,IAAMC,uBAAuB,8BAClC,EACEC,YACAC,4BACAC,8BACAC,SACAC,cAAa,GAQfC,YAAAA;AAEA,SAAO,MAAMC,wBACX;IACEN;IACAC;IACAC;IACAC;IACAC;IACAG,gBAAgB;EAClB,GACAF,OAAAA;AAEJ,GA3BoC;AA4B7B,IAAMC,0BAA0B,8BACrC,EACEN,YACAC,4BACAC,8BACAC,SACAC,eACAG,eAAc,GAShBF,YAAAA;AAEA,MAAIG,MAAiCC;AACrC,MAAI;AACFD,UACG,MAAME,kCACL;MACEV;MACAO;MACAI,iBAAiB;MACjBR;MACAC;IACF,GACAC,OAAAA,MAEDH,gCAAgCK,mBAAmB,uBAChDE,SACA,MAAMC,kCACJ;MACEV;MACAO,gBAAgB;MAChBI,iBAAiB;MACjBR;MACAC;IACF,GACAC,OAAAA;EAEV,SAASO,GAAG;AACV,QAAIA,aAAaC,OAAO;AACtB,UAAI,CAACD,EAAEE,QAAQC,SAAS,KAAA,KAAU,CAACd,4BAA4B;AAC7D,cAAMW;MACR;IACF,OAAO;AACL,YAAMA;IACR;EACF;AACA,MAAI,CAACJ,OAAOP,4BAA4B;AACtC,UAAMe,aAAaC,cAAcjB,UAAAA;AACjCQ,UACG,MAAME,kCACL;MACEV;MACAO;MACAI,iBAAiB;MACjBO,aAAaF;MACbb;MACAC;IACF,GACAC,OAAAA,MAEDH,gCAAgCK,mBAAmB,uBAChDE,SACA,MAAMC,kCACJ;MACEV;MACAO,gBAAgB;MAChBI,iBAAiB;MACjBO,aAAaF;MACbb;MACAC;IACF,GACAC,OAAAA;AAER,QAAI,CAACG,KAAK;AACRA,YAAMR,WAAWmB,KACdC,IAAI,CAACZ,SAAQA,IAAAA,EACba,OAAO,CAACb,SAAQL,YAAYM,UAAaD,KAAIc,SAASnB,WAAYC,iBAAiBI,KAAIe,QAAQvB,WAAWwB,eAAe,EACzHC,KAAK,CAACjB,SAAQA,KAAIkB,KAAKC,oBAAoBL,KAAKP,SAAS,gBAAA,KAAqBP,KAAIkB,KAAKE,UAAUb,SAAS,gBAAA,CAAA;IAC/G;EACF;AACA,MAAI,CAACP,KAAK;AACR,UAAMK,MAAM,6CAA6Cb,WAAW6B,GAAG,EAAE;EAC3E;AACA,SAAOrB;AACT,GA1FuC;AA4FhC,IAAMsB,+BAA+B,8BAC1CzB,SACA0B,SAAAA;AAEA,QAAMC,oBAAoB,MAAMC,qBAAqB5B,SAAS;IAAE,GAAG0B,MAAMG,YAAYC;IAAS,GAAIJ,MAAMK,UAAU;MAAEA,QAAQL,KAAKK;IAAO;EAAG,CAAA;AAC3I,MAAIJ,sBAAsBvB,QAAW;AACnC,WAAO;MACL4B,SAAS;MACTC,QAAQN;IACV;EACF;AAEA,MAAID,MAAMK,WAAWG,uBAAuBC,SAAS;AACnD,UAAMN,aAAaH,MAAMG,cAAc,CAAC;AACxCA,eAAWC,UAAU;MAAEM,WAAW;MAAQnB,MAAM;MAAa,GAAGY;IAAW;AAC3EH,SAAKG,aAAaA;EACpB;AACA,QAAMQ,oBAAoB,MAAMC,iBAAiBtC,SAAS0B,IAAAA;AAC1D,SAAO;IACLM,SAAS;IACTC,QAAQI;EACV;AACF,GAtB4C;AAwBrC,IAAMT,uBAAuB,8BAAO5B,SAAqC0B,SAAAA;AAC9E,QAAMa,eAAe,MAAMvC,QAAQwC,MAAMC,eAAef,MAAMK,SAAS;IAAEW,UAAU,GAAGC,UAAAA,GAAajB,MAAMK,MAAAA;EAAS,IAAI,CAAC,CAAA,GAAIf,OACzH,CAACrB,eAA4B+B,MAAMT,SAASb,UAAaT,WAAWmB,KAAK8B,KAAK,CAACzC,QAAcA,IAAIc,SAASS,MAAMT,IAAAA,CAAAA;AAGlH,SAAOsB,eAAeA,YAAYM,SAAS,IAAIN,YAAY,CAAA,IAAKnC;AAClE,GANoC;AAQ7B,IAAMkC,mBAAmB,8BAAOtC,SAAqC0B,SAAAA;AAC1E,SAAO,MAAM1B,QAAQwC,MAAMM,iBAAiB;IAC1CC,KAAK,MAAMC,OAAOhD,SAAS0B,MAAMG,YAAYkB,GAAAA;IAC7C,GAAIrB,MAAMK,UAAU;MAAEW,UAAU,GAAGC,UAAAA,GAAajB,MAAMK,MAAAA;IAAS;IAC/DkB,OAAOvB,MAAMG,YAAYoB,SAAS,GAAGC,oBAAoBC,OAAO,IAAIzB,MAAMK,MAAAA,IAAUL,MAAMG,YAAYC,SAASb,IAAAA,KAAQ,oBAAImC,KAAAA,GAAOC,QAAO,CAAA;IACzIvB,SAASJ,MAAMG,YAAYC;EAC7B,CAAA;AACF,GAPgC;AASzB,IAAMzB,oCAAoC,8BAC/C,EACEV,YACAO,iBAAiB,sBACjBJ,SACAQ,kBAAkB,OAClBO,aACAd,cAAa,GASfC,YAAAA;AAEA,QAAMsD,cAAc,MAAMC,qCAAqC;IAAE5D;IAAYO;IAAgBW;EAAY,GAAGb,OAAAA;AAC5G,MAAIwD,MAAMC,QAAQH,WAAAA,KAAgBA,YAAYT,SAAS,GAAG;AACxD,UAAMZ,SAASqB,YAAYlC,KACzB,CAACjB,QAAQL,YAAYM,UAAaD,IAAIc,SAASnB,WAAYC,iBAAiBI,IAAIe,QAAQvB,WAAWwB,eAAe;AAEpH,QAAIc,QAAQ;AACV,aAAOA;IACT;EACF;AACA,MAAI3B,iBAAiB;AACnB,UAAM,IAAIE,MACR,wCAAwCN,cAAAA,wBAAsCP,WAAW6B,GAAG,GAAG1B,UAAU,oBAAoBA,UAAU,EAAA,EAAI;EAE/I;AACA,SAAOM;AACT,GAjCiD;AAmC1C,IAAMsD,4BAA4B,wBAAC,EAAEvD,IAAG,MAAiB;AAC9D,MAAIA,IAAIc,SAAS,aAAa;AAC5B,UAAMT,MAAM,+DAA+DL,IAAIc,IAAI,gBAAgBd,IAAIe,GAAG,EAAE;EAC9G;AACA,QAAMyC,kBAAkBxD,IAAIkB,MAAMsC,mBAAmBxD,IAAIkB,MAAMuC,SAASC,YAAAA,KAAiBC,eAAe,KAAK3D,IAAI4D,YAAY,EAAE,EAAEF,YAAW;AAC5I,MAAI,CAACF,iBAAiB;AACpB,UAAMnD,MAAM,mEAAmEL,IAAIe,GAAG,EAAE;EAC1F;AACA,SAAOyC;AACT,GATyC;AAWlC,IAAMK,mBAAmB,wBAAC,EAAErE,WAAU,MAA+B;AAC1E,QAAMQ,MAAMR,WAAWmB,KAAKM,KAAK,CAACjB,SAAQA,KAAIe,QAAQvB,WAAWwB,eAAe;AAChF,MAAI,CAAChB,KAAK;AACR,UAAMK,MAAM,+CAA+Cb,UAAAA,EAAY;EACzE;AACA,SAAOQ;AACT,GANgC;AAQzB,IAAM8D,UAAU,wBAAC,EACtBC,eACAnB,KACApD,YACAwE,WACArE,SACAC,cAAa,MAQd;AACC,SAAOJ,WAAWmB,KACfE,OAAO,CAACb,QAAQ,CAACL,WAAWK,IAAIc,SAASnB,OAAAA,EACzCkB,OAAO,CAACb,QAAQ,CAAC4C,OAAO5C,IAAI4C,QAAQA,GAAAA,EACpC/B,OAAO,CAACb,QAAQ,CAACgE,aAAahE,IAAIe,QAAQiD,SAAAA,EAC1CnD,OAAO,CAACb,QAAQ,CAAC+D,iBAAiB/D,IAAIkB,MAAM6C,kBAAkBA,aAAAA,EAC9DlD,OAAO,CAACb,QAAQ,CAACJ,iBAAiBJ,WAAWwB,oBAAoBhB,IAAIe,GAAG;AAC7E,GArBuB;AAkCvB,eAAsBkD,iCACpBvD,aACAwD,UAA8B,gBAC9BrE,SAAiC;AAEjC,QAAMsE,UAAUD,YAAY;AAC5B,MAAIA,YAAY,WAAW;AACzB,WAAO,CAAA;EACT;AACA,UACE,MAAME,QAAQC,KACX3D,YAAYwD,OAAAA,KAAY,CAAA,GAAItD,IAAI,OAAOZ,QAAAA;AACtC,QAAI,OAAOA,QAAQ,UAAU;AAC3B,UAAI;AACF,eAAQ,MAAMH,QAAQwC,MAAMiC,oBAAoB;UAC9C5D;UACA6D,QAAQvE;UACRkE;QACF,CAAA;MACF,SAAS9D,GAAG;AACV,eAAO;MACT;IACF,OAAO;AACL,aAAOJ;IACT;EACF,CAAA,CAAA,GAGDa,OAAO2D,SAAAA,EACP5D,IAAI,CAACZ,QAAAA;AACJ,UAAMyE,SAASC,kCAAkC1E,KAAKmE,OAAAA;AACtD,UAAM,EAAEP,cAAce,iBAAiBC,iBAAiBC,cAAc,GAAGC,SAAAA,IAAa9E;AACtF,UAAM+E,SAAS;MAAE,GAAGD;MAAUlB,cAAca;IAAO;AACnD,QAAIN,WAAW,iCAAiCY,OAAOjE,MAAM;AAC3DiE,aAAOjE,OAAO;IAChB;AACA,WAAOiE;EACT,CAAA;AACJ;AAtCsBd;AAwCf,SAASe,mBAAmBC,KAAQ;AAGzC,QAAMC,KAAkC;IACtCL,cAAcM,aAAaF,GAAAA;EAC7B;AACA,SAAOP,kCAAkCQ,EAAAA;AAC3C;AAPgBF;AAkBT,SAASN,kCAAkCU,IAAiCjB,UAAU,OAAK;AAChG,MAAIiB,GAAGP,cAAc;AACnB,UAAMI,MAAME,aAAaC,GAAGP,YAAY;AACxC,QAAII,IAAII,QAAQ,MAAM;AACpB,YAAMC,QAAQL,IAAIM,MAAMC,aAAaP,IAAIM,GAAG,IAAI;AAChD,YAAME,OAAOC,YAAYT,IAAIU,GAAI,WAAA;AACjC,YAAMC,OAAOF,YAAYT,IAAIY,GAAI,WAAA;AACjC,YAAMC,SAAS;AAGf,YAAMC,MAAM,GAAGD,MAAAA,GAASL,IAAAA,GAAOG,IAAAA;AAC/B,UAAI;AACF,cAAMI,KAAK,IAAIC,SAASD,GAAGV,KAAAA;AAE3B,cAAM1B,eAAeoC,GAAGE,cAAcH,KAAK,KAAA,EAAOI,UAAU,MAAM,KAAA;AAElE,eAAOvC;MACT,SAASwC,OAAY;AACnBC,gBAAQD,MAAM,+CAA+Cd,KAAAA,wBAA6BL,IAAIU,CAAC,QAAQV,IAAIY,CAAC,YAAYO,KAAAA,IAASA,KAAAA;MACnI;IACF,WAAWnB,IAAIM,QAAQ,WAAW;AAChC,aAAOlG,SAASD,WAAW6F,IAAIU,GAAI,WAAA,GAAc,QAAA;IACnD,WAAWV,IAAII,QAAQ,OAAO;AAC5B,aAAOiB,sBAAsBrB,KAAK,QAAA;IACpC;EACF;AAEA,SAAOsB,oBAAoBnB,IAAIjB,OAAAA;AACjC;AA5BgBO;AA8BT,SAAS8B,gBAAgBT,KAAW;AACzC,QAAMU,WAAWV,IAAIA,IAAIrD,SAAS,CAAA,EAAGgB,YAAW;AAChD,SAAO;IAAC;IAAK;IAAK;IAAK;IAAK;IAAK;IAAK;IAAK;IAAKnD,SAASkG,QAAAA;AAC3D;AAHgBD;AAkBT,SAASD,oBAAoBnB,IAAiCjB,UAAmB,OAAK;AAC3F,MAAIuC,WAAWC,sBAAsBvB,EAAAA;AACrC,QAAMH,MAAMG,GAAGP,eAAeM,aAAaC,GAAGP,YAAY,IAAI5E;AAC9D,MAAIkE,SAAS;AACX,QACE;MAAC;MAAW;MAA8B;MAA8B5D,SAAS6E,GAAGtE,IAAI,KACvFsE,GAAGtE,SAAS,oBAAoBmE,KAAKM,QAAQ,WAC9C;AACAmB,iBAAWE,yBAAyBF,QAAAA;IACtC,WACE,CAAC;MAAC;MAAU;MAA6B;MAA6BnG,SAAS6E,GAAGtE,IAAI,KACtF,EAAEsE,GAAGtE,SAAS,oBAAoBmE,KAAKM,QAAQ,WAC/C;AACA,aAAO;IACT;EACF;AACA,SAAOsB,WAAWH,QAAAA;AACpB;AAjBgBH;AAmBhB,SAASf,aAAasB,OAAa;AACjC,SAAOA,MAAMpD,YAAW,EAAGqD,QAAQ,KAAK,EAAA,EAAIA,QAAQ,KAAK,EAAA;AAC3D;AAFSvB;AAIT,SAASmB,sBAAsBvB,IAAsB;AACnD,MAAIA,GAAGT,iBAAiB;AACtB,WAAOqC,cAAc5B,GAAGT,eAAe;EACzC,WAAWS,GAAG6B,oBAAoB;AAChC,WAAOC,oBAAoB9B,GAAG6B,kBAAkB;EAClD,WAAsC7B,GAAIR,iBAAiB;AACzD,WAAOuC,cAAyC/B,GAAIR,eAAe;EACrE,WAAWQ,GAAGxB,cAAc;AAC1B,WAAOwD,WAAWhC,GAAGxB,YAAY;EACnC,WAAWwB,GAAGP,cAAcU,OAAOH,GAAGP,aAAac,KAAKP,GAAGP,aAAagB,GAAG;AACzE,WAAOuB,WAAW1C,kCAAkCU,EAAAA,CAAAA;EACtD,WAAWA,GAAGP,iBAAiBO,GAAGP,aAAaU,QAAQ,aAAaH,GAAGP,aAAaU,QAAQ,aAAaH,GAAGP,aAAac,GAAG;AAC1H,WAAOwB,cAAc/B,GAAGP,aAAac,CAAC;EACxC;AACA,SAAO,IAAI0B,WAAAA;AACb;AAfSV;AAiBF,SAASW,wBAAwBpC,IAAsB;AAC5D,MAAID,MAAuBC,GAAGL;AAC9B,MAAI,CAACI,KAAK;AACR,QAAIrB,eAAesB,GAAGtB,gBAAgBvE,SAASsH,sBAAsBzB,EAAAA,GAAK,KAAA;AAC1ED,UAAMsC,MAAM3D,cAAc4D,8BAA8B;MAAEjC,KAAKL,GAAGpE;IAAK,CAAA,CAAA;EACzE;AACA,MAAI,CAACmE,KAAK;AACR,UAAM5E,MAAM,8CAA8C;EAC5D;AACA4E,MAAIlE,MAAMmE,GAAGuC;AACb,SAAOtC,aAAaF,GAAAA;AACtB;AAXgBqC;AAahB,SAASI,yBACPC,oBACAC,8BACAC,qBAA0C;AAE1C,QAAMC,OAAO,IAAIC,KACdH,gCAAgC,CAAA,GAC9BhH,IAAI,CAACoH,WAAY,OAAOA,WAAW,WAAWA,SAASH,qBAAqB5G,KAAK,CAACiE,OAAOA,GAAGuC,OAAOO,MAAAA,CAAAA,EACnGnH,OAAO2D,SAAAA,EACP5D,IAAI,CAACsE,OAAOoC,wBAAwBpC,EAAAA,CAAAA,CAAAA;AAEzC,SAAO;IAAEyC;IAAoBG,MAAMzE,MAAM4E,KAAKH,IAAAA;EAAM;AACtD;AAZSJ;AAgBF,SAASQ,kBAAkBxH,aAAwB;AACxD,SAAO;IACLS,oBAAoB;SACfuG,yBAAyB,aAAahH,YAAYyH,WAAWzH,YAAYS,kBAAkB,EAAE2G;SAC7FJ,yBAAyB,sBAAsBhH,YAAYS,oBAAoBT,YAAYS,kBAAkB,EAAE2G;;IAEpHM,iBAAiBV,yBAAyB,mBAAmBhH,YAAY0H,iBAAiB1H,YAAYS,kBAAkB,EAAE2G;IAC1HO,gBAAgBX,yBAAyB,kBAAkBhH,YAAY2H,gBAAgB3H,YAAYS,kBAAkB,EAAE2G;IACvHQ,cAAcZ,yBAAyB,gBAAgBhH,YAAY4H,cAAc5H,YAAYS,kBAAkB,EAAE2G;IACjHS,sBAAsBb,yBAAyB,wBAAwBhH,YAAY6H,sBAAsB7H,YAAYS,kBAAkB,EAAE2G;IACzIU,sBAAsBd,yBAAyB,wBAAwBhH,YAAY8H,sBAAsB9H,YAAYS,kBAAkB,EAAE2G;EAC3I;AACF;AAZgBI;AA+BhB,eAAsB9E,qCACpB,EACE5D,YACAO,iBAAiB,sBACjBW,YAAW,GAMbb,SAA+C;AAE/C,QAAM4I,SACJ/H,eACC,MAAMgI,iBAAiB7I,OAAAA,EACrB8I,QAAQnJ,WAAW6B,GAAG,EACtBuH,KAAK,CAAC9G,WAAWA,OAAOpB,WAAW;AACxC,MAAI,CAAC+H,QAAQ;AACX,UAAMpI,MAAM,yBAAyBb,WAAW6B,GAAG,EAAE;EACvD;AAKA,QAAMV,OAAO8H,SAAS,CAAA,IAAK,MAAMI,uBAAuBrJ,YAAYO,gBAAgBF,OAAAA;AAGpF,QAAMiJ,eAAqC,MAAM7E,iCAAiCwE,QAAQ1I,gBAAgBF,OAAAA;AAE1G,QAAMkJ,YAAYhJ,mBAAmB,iBAAiBiJ,gCAAgCxJ,UAAAA,IAAcyJ,gCAAgCzJ,UAAAA;AAGpI,QAAM0J,eAAgCJ,aACnClI,IAAI,CAACO,uBAAAA;AAIJ,UAAMgI,WAAWJ,UAAU9H,KACzB,CAACkI,cACCA,UAASvF,iBAAiBzC,mBAAmByC,gBAC7CzC,mBAAmByC,cAAcwF,WAAWD,UAASvF,YAAY,KACjEyF,2BAA2BF,WAAUhI,kBAAAA,CAAAA;AAEzC,QAAIgI,UAAU;AACZ,YAAM,EAAEjI,MAAM,GAAGoI,WAAAA,IAAeH;AAChC,aAAO;QAAE,GAAGG;QAAYpI,MAAM;UAAE,GAAGA;UAAMC;QAAmB;MAAE;IAChE,OAAO;AACL,aAAO;IACT;EACF,CAAA,EACCN,OAAO2D,SAAAA;AAEV,SAAO7D,KAAK4I,OAAOL,YAAAA;AACrB;AArDsB9F;AAmEtB,SAASiG,2BAA2BF,UAAgBhI,oBAAsC;AACxF,MACGA,mBAAmBL,SAAS,sCAAsCK,mBAAmBL,SAAS,uCAC/FqI,SAASrI,SAAS,aAClB;AACA,WAAO;EACT;AACA,MAAI0I,YAAYC,mBAAmBtI,kBAAAA;AACnC,MAAIgI,SAASjI,MAAMuC,SAAS;AAC1B,WAAO+F,cAAcL,SAASjI,MAAMuC,QAAQC,YAAAA;EAC9C;AACA,QAAMgG,eAAe/F,eAAe,OAAOwF,SAASvF,YAAY,EAAEF,YAAW;AAC7E,SAAOgG,iBAAiBF;AAC1B;AAbSH;AAeT,eAAsBM,mBAAmB9J,SAAmC;AAC1E,UAAQ,MAAMA,QAAQwC,MAAMuH,uBAAsB,GAAIhJ,IAAI,CAAC2B,aAAaA,SAASmB,YAAW,EAAGqD,QAAQ,QAAQ,EAAA,CAAA;AACjH;AAFsB4C;AAIf,SAASE,OAAOC,QAA4C;AACjE,MAAI,OAAOA,OAAOtK,eAAe,UAAU;AACzC,WAAOsK,OAAOtK;EAChB,WAAW,OAAOsK,OAAOtK,eAAe,UAAU;AAChD,WAAOsK,OAAOtK,WAAW6B;EAC3B;AACA,QAAMhB,MAAM,sCAAsC;AACpD;AAPgBwJ;AAST,SAASE,MAAMvK,YAAuD;AAC3E,MAAI,OAAOA,eAAe,UAAU;AAClC,WAAOA;EACT;AACA,MAAIA,WAAW6B,KAAK;AAClB,WAAO7B,WAAW6B;EACpB;AACA,QAAMhB,MAAM,oCAAoC;AAClD;AARgB0J;AAUT,SAASC,OAAO5H,aAA6D;AAClF,MAAI,CAACA,aAAa;AAChB,WAAO,CAAA;EACT;AACA,SAAOA,YAAYxB,IAAImJ,KAAAA;AACzB;AALgBC;AAOhB,eAAsBC,OACpB,EACEzK,YACAO,iBAAiB,kBACjBiE,UAAS,GAMXnE,SAA+C;AAE/C,MAAI,CAACL,YAAY;AACf,WAAO4E,QAAQ8F,OAAO,IAAI7J,MAAM,0CAA0C,CAAA;EAC5E;AAEA,QAAM8J,iBAAiBnG,WAAWoG,MAAM,GAAG;AAC3C,QAAMrJ,MAAMoJ,iBAAkBA,gBAAgBzH,WAAW,IAAIyH,eAAe,CAAA,IAAKA,eAAe,CAAA,IAAMlK;AAEtG,MAAIoK,gBAAgBrG,YAAYxE,WAAWmB,KAAKM,KAAK,CAACjB,QAAcA,IAAIe,QAAQA,OAAOf,KAAKkB,MAAM6C,kBAAkBhD,GAAAA,IAAOd;AAC3H,MAAI,CAACoK,eAAe;AAClB,UAAM1J,OAAO,MAAMyC,qCAAqC;MAAE5D;MAAYO;IAA+B,GAAGF,OAAAA;AACxG,QAAI,CAACc,QAAQA,KAAK+B,WAAW,GAAG;AAC9B,YAAM,IAAIrC,MAAM,gDAAgDN,cAAAA,YAA0BP,WAAW6B,GAAG,EAAE;IAC5G;AACA,QAAI2C,WAAW;AACbqG,sBAAgB1J,KAAKM,KACnB,CAACjB,QAAuBA,IAAIkB,KAAKC,oBAAoBsG,OAAOzD,aAAcjD,OAAOf,IAAIkB,KAAKC,oBAAoBsG,IAAIlH,SAASQ,GAAAA,CAAAA;IAE/H;AACA,QAAI,CAACsJ,eAAe;AAClBA,sBAAgB1J,KAAKM,KACnB,CAACjB,QAAuBA,IAAIkB,KAAKC,oBAAoBL,SAASf,kBAAkBC,IAAIkB,KAAKE,UAAUb,SAASR,cAAAA,CAAAA;IAEhH;AACA,QAAI,CAACsK,eAAe;AAClBA,sBAAgB1J,KAAK,CAAA;IACvB;EACF;AACA,MAAI,CAAC0J,eAAe;AAClB,UAAM,IAAIhK,MACR,8DAA8D2D,SAAAA,mBAA4BjE,cAAAA,WAAyBP,WAAW6B,GAAG,EAAE;EAEvI;AAEA,SAAOgJ;AACT;AA9CsBJ;AAuDtB,eAAeK,oBACb,EACE9K,WAAU,GAIZK,SAAmC;AAEnC,MAAI,OAAOL,eAAe,UAAU;AAClC,WAAO,MAAMK,QAAQwC,MAAMkI,cAAc;MAAElJ,KAAK7B;IAAW,CAAA;EAC7D;AACA,SAAOA;AACT;AAZe8K;AAoBf,eAAsBE,aACpB,EACExK,KACA8J,OAAM,GAKRjK,SAA+C;AAE/C,MAAIG,IAAIkB,MAAMC,oBAAoBsG,IAAI;AACpC,WAAOzH,IAAIkB,MAAMC,oBAAoBsG;EACvC;AACA,QAAMjI,aAAa,MAAM8K,oBAAoBR,QAAQjK,OAAAA;AACrD,QAAM4K,aAAa,MAAMrH,qCACvB;IACE5D;IACAO,gBAAgB;EAClB,GACAF,OAAAA;AAEF,QAAM6K,QAAQD,WAAWxJ,KAAK,CAAC0J,gBAAgBA,YAAY5J,QAAQf,IAAIe,GAAG;AAC1E,MAAI2J,OAAO;AACT,WAAOA,MAAMxJ,MAAMC,oBAAoBsG,MAAMiD,MAAMxJ,MAAM6C,iBAAiB+F,OAAO9F,aAAa0G,MAAM3J;EACtG;AAEA,SAAOf,IAAIkB,MAAM6C,iBAAiB+F,OAAO9F,aAAahE,IAAIe;AAC5D;AA3BsByJ;AA6BtB,eAAsBI,uBAAuBC,SAAsBhL,SAAmC;AACpG,SAAOgL,QAAQC,uBAAwB,MAAMnB,mBAAmB9J,OAAAA;AAClE;AAFsB+K;AAIf,SAASlC,iBACd7I,SACA0B,MAIC;AAED,SAAO,IAAIwJ,iBAAiBlL,SAAS0B,IAAAA;AACvC;AATgBmH;AAWT,IAAMqC,mBAAN,MAAMA;EA7tBb,OA6tBaA;;;EACMlL;EACAmL;EACAC;EACAC;EAEjBC,YACEtL,SACA0B,MACA;AACA,SAAK1B,UAAUA;AACf,SAAKmL,qBAAqBzJ,MAAMyJ,uBAAuB;AACvD,SAAKC,wBAAwB1J,MAAM0J,0BAA0B;AAC7D,SAAKC,kBAAkB3J,MAAM2J,oBAAoB;EACnD;EAEA,MAAMvC,QAAQpE,QAAgB5C,SAA8D;AAC1F,QAAIyJ;AACJ,QAAIC;AACJ,QAAIC;AACJ,QAAI,CAAC,KAAKN,sBAAsB,CAAC,KAAKE,mBAAmB,CAAC,KAAKD,uBAAuB;AACpF,YAAM5K,MAAM,6HAA6H;IAC3I;AACA,QAAI,KAAK2K,oBAAoB;AAC3B,UAAI;AACFI,2BAAmB,MAAM,KAAKvL,QAAQwC,MAAMkJ,WAAW;UAAEhH;UAAQ5C;QAAQ,CAAA;MAC3E,SAASyE,OAAgB;AACvBkF,cAAMlF;MACR;IACF;AACA,QAAIgF,kBAAkB;AACpBC,6BAAuBD;AACvB,UAAIA,iBAAiB1K,gBAAgB,MAAM;AACzC0K,2BAAmBnL;MACrB;IACF,OAAO;AACLoG,cAAQmF,IAAI,wEAAwE;IACtF;AACA,QAAI,CAACJ,oBAAoB,KAAKF,iBAAiB;AAC7C7E,cAAQmF,IAAI,kEAAkE;AAC9E,UAAI;AACF,cAAMnK,MAAMkD,OAAO6F,MAAM,GAAA,EAAK,CAAA;AAC9B,cAAMqB,cAAc,MAAM,KAAK5L,QAAQwC,MAAMkI,cAAc;UAAElJ;QAAI,CAAA;AACjE+J,2BAAmBM,sBAAsBD,aAAa;UAAEpK;QAAI,CAAA;AAC5D,YAAI+J,iBAAiB1K,aAAa;AAChC4K,gBAAMrL;QACR,OAAO;AACLoG,kBAAQmF,IAAI,mDAAmDnK,GAAAA,EAAK;QACtE;MACF,SAAS+E,OAAgB;AACvB,YAAI,CAACkF,KAAK;AACRA,gBAAMlF;QACR;MACF;IACF;AACA,QAAIgF,kBAAkB;AACpB,UAAI,CAACC,sBAAsB;AACzBA,+BAAuBD;MACzB;AACA,UAAI,CAACA,iBAAiB1K,aAAa;AACjC0K,2BAAmBnL;MACrB;IACF;AACA,QAAI,CAACmL,oBAAoB,KAAKH,uBAAuB;AACnD5E,cAAQmF,IAAI,+CAA+CjH,MAAAA,GAAS;AACpE6G,yBAAmB,MAAM,IAAIO,YAAAA,EAAchD,QAAQpE,QAAQ5C,OAAAA;AAC3D,UAAI,CAAC0J,sBAAsB;AACzBA,+BAAuBD;MACzB;AACA,UAAIA,iBAAiB1K,aAAa;AAChC4K,cAAMrL;MACR;IACF;AAEA,QAAIqL,KAAK;AAEP,YAAMA;IACR;AACA,QAAI,CAACF,oBAAoB,CAACC,sBAAsB;AAC9C,YAAM,qBAAqB9G,MAAAA,gCAAsC,KAAKyG,kBAAkB,YAAY,KAAKE,eAAe,mBAAmB,KAAKD,qBAAqB;IACvK;AACA,WAAOG,oBAAoBC;EAC7B;AACF;AAYO,SAAS5K,cACdjB,YACA+B,MAGC;AAED,MAAIb,cAAuCT;AAE3C,MAAIT,YAAY;AACd,UAAM6B,MAAM7B,WAAW6B,OAAOE,MAAMF;AACpCX,kBAAc;MACZ,YAAY;MACZ+G,IAAIpG;MACJF,oBAAoB3B,WAAWmB,KAAKC,IAAI,CAACZ,QAAAA;AACvC,cAAMkF,KAAyB;UAC7B0G,YAAYvK;UACZoG,IAAIzH,IAAIe,IAAIqI,WAAW/H,GAAAA,KAAQrB,IAAIe,IAAIR,SAAS,GAAA,IAAOP,IAAIe,MAAM,GAAGM,GAAAA,IAAOrB,IAAIe,GAAG;UAClF8D,cAAc0C,MAAMvH,IAAI4D,cAAc5D,IAAIc,MAAM;YAC9C+K,KAAKC,aAAavL,SAASP,IAAIc,IAAI,IAAIiL,UAAUC,aAAaD,UAAUE;YACxEjM;UACF,CAAA;UACAc,MAAM;QACR;AACA,eAAOoE;MACT,CAAA;MACA,IAAK3D,MAAMsK,QAAQ5L,UAAasB,MAAMsK,KAAKtL,SAASwL,UAAUE,SAAS,MACrEzM,WAAWmB,QAAQ;QACjByH,iBAAiB5I,WAAWmB,KACzBE,OACC,CAACb,QACCA,KAAKkB,MAAMgL,YAAYjM,UAAaD,KAAKkB,MAAMgL,YAAY,qBAAqBlM,KAAKkB,MAAME,UAAUb,SAAS,iBAAA,CAAA,EAEjHK,IAAI,CAACZ,QAAAA;AACJ,cAAIA,IAAIe,IAAIqI,WAAW/H,GAAAA,KAAQrB,IAAIe,IAAIR,SAAS,GAAA,GAAM;AACpD,mBAAOP,IAAIe;UACb;AACA,iBAAO,GAAGM,GAAAA,IAAOrB,IAAIe,GAAG;QAC1B,CAAA;MACJ;MACF,IAAKQ,MAAMsK,QAAQ5L,UAAasB,MAAMsK,KAAKtL,SAASwL,UAAUE,SAAS,MACrEzM,WAAWmB,QAAQ;QACjB0H,gBAAgB7I,WAAWmB,KACxBE,OACC,CAACb,QAAQA,KAAKkB,MAAMgL,YAAYjM,UAAaD,KAAKkB,MAAMgL,YAAY,oBAAoBlM,KAAKkB,MAAME,UAAUb,SAAS,gBAAA,CAAA,EAEvHK,IAAI,CAACZ,QAAAA;AACJ,cAAIA,IAAIe,IAAIqI,WAAW/H,GAAAA,KAAQrB,IAAIe,IAAIR,SAAS,GAAA,GAAM;AACpD,mBAAOP,IAAIe;UACb;AACA,iBAAO,GAAGM,GAAAA,IAAOrB,IAAIe,GAAG;QAC1B,CAAA;MACJ;MACF,IAAKQ,MAAMsK,QAAQ5L,UAAasB,MAAMsK,KAAKtL,SAASwL,UAAUC,UAAU,MACtExM,WAAWmB,QAAQ;QACjB2H,cAAc9I,WAAWmB,KACtBE,OAAO,CAACb,QAAQA,IAAIc,SAAS,YAAYd,KAAKkB,MAAMgL,YAAY,kBAAkBlM,KAAKkB,MAAME,UAAUb,SAAS,cAAA,CAAA,EAChHK,IAAI,CAACZ,QAAAA;AACJ,cAAIA,IAAIe,IAAIqI,WAAW/H,GAAAA,KAAQrB,IAAIe,IAAIR,SAAS,GAAA,GAAM;AACpD,mBAAOP,IAAIe;UACb;AACA,iBAAO,GAAGM,GAAAA,IAAOrB,IAAIe,GAAG;QAC1B,CAAA;MACJ;MACF,IAAKQ,MAAMsK,QAAQ5L,UAAasB,MAAMsK,KAAKtL,SAASwL,UAAUC,UAAU,MACtExM,WAAWmB,QAAQ;QACjB4H,sBAAsB/I,WAAWmB,KAC9BE,OACC,CAACb,QAAQA,IAAIc,SAAS,YAAYd,KAAKkB,MAAMgL,YAAY,0BAA0BlM,KAAKkB,MAAME,UAAUb,SAAS,sBAAA,CAAA,EAElHK,IAAI,CAACZ,QAAAA;AACJ,cAAIA,IAAIe,IAAIqI,WAAW/H,GAAAA,KAAQrB,IAAIe,IAAIR,SAAS,GAAA,GAAM;AACpD,mBAAOP,IAAIe;UACb;AACA,iBAAO,GAAGM,GAAAA,IAAOrB,IAAIe,GAAG;QAC1B,CAAA;MACJ;MACF,IAAKQ,MAAMsK,QAAQ5L,UAAasB,MAAMsK,KAAKtL,SAASwL,UAAUC,UAAU,MACtExM,WAAWmB,QAAQ;QACjB6H,sBAAsBhJ,WAAWmB,KAC9BE,OACC,CAACb,QAAQA,IAAIc,SAAS,YAAYd,KAAKkB,MAAMgL,YAAY,0BAA0BlM,KAAKkB,MAAME,UAAUb,SAAS,sBAAA,CAAA,EAElHK,IAAI,CAACZ,QAAAA;AACJ,cAAIA,IAAIe,IAAIqI,WAAW/H,GAAAA,KAAQrB,IAAIe,IAAIR,SAAS,GAAA,GAAM;AACpD,mBAAOP,IAAIe;UACb;AACA,iBAAO,GAAGM,GAAAA,IAAOrB,IAAIe,GAAG;QAC1B,CAAA;MACJ;MACF,GAAIvB,WAAW2M,YAAY3M,WAAW2M,SAASzJ,SAAS,KAAK;QAAE0J,SAAS5M,WAAW2M;MAAS;IAC9F;EACF;AACA,SAAOzL;AACT;AA9FgBD;AAgGT,SAASiL,sBACdlM,YACA+B,MAGC;AAED,QAAMb,cAAcD,cAAcjB,YAAY+B,IAAAA,KAAS;AAEvD,QAAM6J,mBAAwC;IAC5C,YAAY;IACZ1K;IACA2L,uBAAuB;MACrB,GAAI,CAAC3L,eAAe;QAAE0F,OAAO;MAAW;MACxC,GAAI/C,MAAMC,QAAQ/B,MAAM+K,gBAAAA,KACtB9M,cACA,CAAC+B,MAAM+K,iBAAiB/L,SAASf,WAAW+C,SAASwE,QAAQ,QAAQ,EAAA,CAAA,KAAQ;QAAEX,OAAO;MAAuB;IACjH;IACAmG,qBAAqB;MACnB,GAAI/M,YAAYsD,SAAS;QAAE0J,cAAchN,YAAYsD;MAAM;IAC7D;EACF;AACA,SAAOsI;AACT;AAvBgBM;AAyBhB,eAAsBe,SAASC,eAAqB;AAClD,MAAIrL,MAAMqL;AACV,MAAI,CAACrL,KAAK;AACR,UAAMhB,MAAM,+CAAA;EACd;AACA,MAAIgB,IAAI+H,WAAW,UAAA,GAAa;AAC9B,WAAO/H;EACT;AACA,SAAO,WAAWA,IAAI0F,QAAQ,2BAA2B,IAAA,EAAMrD,YAAW,CAAA;AAC5E;AATsB+I;AAcf,IAAME,aAAa,8BAAOC,SAAAA;AAC/B,QAAM,EAAE9C,QAAQ+C,QAAQC,SAASjN,SAAS8B,QAAO,IAAKiL;AACtD,QAAMG,aAAa;IACjB,GAAGpL;IACHqL,QAAQ,MAAMC,aAAa;MAAEnD;MAAQjK;IAAQ,CAAA;EAC/C;AAEA,SAAOqN,UAAUJ,SAASC,YAAYF,MAAAA;AACxC,GAR0B;AAanB,IAAMI,eAAe,8BAC1BL,SAAAA;AAiBA,QAAM,EAAE9C,QAAQjK,QAAO,IAAK+M;AAE5B,QAAMpN,aAAa,MAAM8K,oBAAoBR,QAAQjK,OAAAA;AACrD,QAAMG,MAAM,MAAMiK,OAChB;IACEzK;IACAO,gBAAgB+J,OAAOqD;IACvBnJ,WAAW8F,OAAO9F;EACpB,GACAnE,OAAAA;AAEF,QAAMuN,YAAY,MAAMC,0BAA0B;IAAErN;EAAI,CAAA;AAExD,SAAO,OAAOsN,SAAAA;AACZ,UAAMxG,QAAQwG,gBAAgBC,OAAOC,eAAenG,UAAAA,IAAc,IAAIoG,YAAAA,EAAcC,OAAOJ,IAAAA,IAAuBA;AAClH,WAAO,MAAMzN,QAAQwC,MAAMsL,eAAe;MACxCC,QAAQ5N,IAAIe;MACZqM;MACAE,MAAMxG;IACR,CAAA;EACF;AACF,GAvC4B;","names":["computeAddress","UniResolver","ENC_KEY_ALGS","getKms","JwkKeyUse","keyTypeFromCryptographicSuite","sanitizedJwk","signatureAlgorithmFromKey","toJwk","base64ToHex","hexKeyFromPEMBasedJwk","base58ToBytes","base64ToBytes","bytesToHex","hexToBytes","multibaseKeyToBytes","convertPublicKeyToX25519","compressIdentifierSecp256k1Keys","convertIdentifierEncryptionKeys","getEthereumAddress","isDefined","mapIdentifierKeysToDoc","createJWT","elliptic","u8a","SupportedDidMethodEnum","IdentifierAliasEnum","DID_PREFIX","fromString","toString","u8a","getAuthenticationKey","identifier","offlineWhenNoDIDRegistered","noVerificationMethodFallback","keyType","controllerKey","context","getFirstKeyWithRelation","vmRelationship","key","undefined","getFirstKeyWithRelationFromDIDDoc","errorOnNotFound","e","Error","message","includes","offlineDID","toDidDocument","didDocument","keys","map","filter","type","kid","controllerKeyId","find","meta","verificationMethod","purposes","did","getOrCreatePrimaryIdentifier","opts","primaryIdentifier","getPrimaryIdentifier","createOpts","options","method","created","result","SupportedDidMethodEnum","DID_KEY","codecName","createdIdentifier","createIdentifier","identifiers","agent","didManagerFind","provider","DID_PREFIX","some","length","didManagerCreate","kms","getKms","alias","IdentifierAliasEnum","PRIMARY","Date","getTime","matchedKeys","mapIdentifierKeysToDocWithJwkSupport","Array","isArray","getEthereumAddressFromKey","ethereumAddress","account","toLowerCase","computeAddress","publicKeyHex","getControllerKey","getKeys","jwkThumbprint","kmsKeyRef","dereferenceDidKeysWithJwkSupport","section","convert","Promise","all","getDIDComponentById","didUrl","isDefined","hexKey","extractPublicKeyHexWithJwkSupport","publicKeyBase58","publicKeyBase64","publicKeyJwk","keyProps","newKey","jwkTtoPublicKeyHex","jwk","vm","sanitizedJwk","pk","kty","curve","crv","toEcLibCurve","xHex","base64ToHex","x","yHex","y","prefix","hex","ec","elliptic","keyFromPublic","getPublic","error","console","hexKeyFromPEMBasedJwk","extractPublicKeyHex","isEvenHexString","lastChar","keyBytes","extractPublicKeyBytes","convertPublicKeyToX25519","bytesToHex","input","replace","base58ToBytes","publicKeyMultibase","multibaseKeyToBytes","base64ToBytes","hexToBytes","Uint8Array","verificationMethodToJwk","toJwk","keyTypeFromCryptographicSuite","id","didDocumentSectionToJwks","didDocumentSection","searchForVerificationMethods","verificationMethods","jwks","Set","vmOrId","from","didDocumentToJwks","publicKey","assertionMethod","authentication","keyAgreement","capabilityInvocation","capabilityDelegation","didDoc","getAgentResolver","resolve","then","mapIdentifierKeysToDoc","documentKeys","localKeys","convertIdentifierEncryptionKeys","compressIdentifierSecp256k1Keys","extendedKeys","localKey","startsWith","compareBlockchainAccountId","localProps","concat","vmEthAddr","getEthereumAddress","computedAddr","getAgentDIDMethods","didManagerGetProviders","getDID","idOpts","toDID","toDIDs","getKey","reject","kmsKeyRefParts","split","identifierKey","legacyGetIdentifier","didManagerGet","determineKid","mappedKeys","vmKey","extendedKey","getSupportedDIDMethods","didOpts","supportedDIDMethods","AgentDIDResolver","resolverResolution","uniresolverResolution","localResolution","constructor","resolutionResult","origResolutionResult","err","resolveDid","log","iIdentifier","toDidResolutionResult","UniResolver","controller","use","ENC_KEY_ALGS","JwkKeyUse","Encryption","Signature","purpose","services","service","didResolutionMetadata","supportedMethods","didDocumentMetadata","equivalentId","asDidWeb","hostnameOrDID","signDidJWT","args","header","payload","jwtOptions","signer","getDidSigner","createJWT","verificationMethodSection","algorithm","signatureAlgorithmFromKey","data","Object","getPrototypeOf","TextDecoder","decode","keyManagerSign","keyRef"]}
1
+ {"version":3,"sources":["../src/did-functions.ts","../src/types.ts"],"sourcesContent":["import { computeAddress } from '@ethersproject/transactions'\nimport { UniResolver } from '@sphereon/did-uni-client'\nimport {\n ENC_KEY_ALGS,\n getKms,\n JwkKeyUse,\n keyTypeFromCryptographicSuite,\n sanitizedJwk,\n signatureAlgorithmFromKey,\n type TKeyType,\n toJwk,\n} from '@sphereon/ssi-sdk-ext.key-utils'\nimport { base64ToHex, hexKeyFromPEMBasedJwk } from '@sphereon/ssi-sdk-ext.x509-utils'\nimport { base58ToBytes, base64ToBytes, bytesToHex, hexToBytes, multibaseKeyToBytes } from '@sphereon/ssi-sdk.core'\nimport type { JWK } from '@sphereon/ssi-types'\nimport { convertPublicKeyToX25519 } from '@stablelib/ed25519'\nimport type { DIDDocument, DIDDocumentSection, DIDResolutionResult, IAgentContext, IDIDManager, IIdentifier, IKey, IResolver } from '@veramo/core'\nimport {\n type _ExtendedIKey,\n type _ExtendedVerificationMethod,\n type _NormalizedVerificationMethod,\n compressIdentifierSecp256k1Keys,\n convertIdentifierEncryptionKeys,\n getEthereumAddress,\n isDefined,\n mapIdentifierKeysToDoc,\n} from '@veramo/utils'\nimport { createJWT, Signer } from 'did-jwt'\nimport type { DIDResolutionOptions, JsonWebKey, Resolvable, VerificationMethod } from 'did-resolver'\n// @ts-ignore\nimport elliptic from 'elliptic'\n// @ts-ignore\nimport * as u8a from 'uint8arrays'\n\nconst { fromString, toString } = u8a\nimport {\n type CreateIdentifierOpts,\n type CreateOrGetIdentifierOpts,\n DID_PREFIX,\n type GetOrCreateResult,\n type GetSignerArgs,\n IdentifierAliasEnum,\n type IdentifierProviderOpts,\n type IDIDOptions,\n type SignJwtArgs,\n SupportedDidMethodEnum,\n} from './types'\n\nexport const getAuthenticationKey = async (\n {\n identifier,\n offlineWhenNoDIDRegistered,\n noVerificationMethodFallback,\n keyType,\n controllerKey,\n }: {\n identifier: IIdentifier\n keyType?: TKeyType\n offlineWhenNoDIDRegistered?: boolean\n noVerificationMethodFallback?: boolean\n controllerKey?: boolean\n },\n context: IAgentContext<IResolver & IDIDManager>\n): Promise<_ExtendedIKey> => {\n return await getFirstKeyWithRelation(\n {\n identifier,\n offlineWhenNoDIDRegistered,\n noVerificationMethodFallback,\n keyType,\n controllerKey,\n vmRelationship: 'authentication',\n },\n context\n )\n}\nexport const getFirstKeyWithRelation = async (\n {\n identifier,\n offlineWhenNoDIDRegistered,\n noVerificationMethodFallback,\n keyType,\n controllerKey,\n vmRelationship,\n }: {\n identifier: IIdentifier\n keyType?: TKeyType\n offlineWhenNoDIDRegistered?: boolean\n noVerificationMethodFallback?: boolean\n controllerKey?: boolean\n vmRelationship: DIDDocumentSection\n },\n context: IAgentContext<IResolver & IDIDManager>\n): Promise<_ExtendedIKey> => {\n let key: _ExtendedIKey | undefined = undefined\n try {\n key =\n (await getFirstKeyWithRelationFromDIDDoc(\n {\n identifier,\n vmRelationship,\n errorOnNotFound: false,\n keyType,\n controllerKey,\n },\n context\n )) ??\n (noVerificationMethodFallback || vmRelationship === 'verificationMethod' // let's not fallback to the same value again\n ? undefined\n : await getFirstKeyWithRelationFromDIDDoc(\n {\n identifier,\n vmRelationship: 'verificationMethod',\n errorOnNotFound: false,\n keyType,\n controllerKey,\n },\n context\n ))\n } catch (e) {\n if (e instanceof Error) {\n if (!e.message.includes('404') || !offlineWhenNoDIDRegistered) {\n throw e\n }\n } else {\n throw e\n }\n }\n if (!key && offlineWhenNoDIDRegistered) {\n const offlineDID = toDidDocument(identifier)\n key =\n (await getFirstKeyWithRelationFromDIDDoc(\n {\n identifier,\n vmRelationship,\n errorOnNotFound: false,\n didDocument: offlineDID,\n keyType,\n controllerKey,\n },\n context\n )) ??\n (noVerificationMethodFallback || vmRelationship === 'verificationMethod' // let's not fallback to the same value again\n ? undefined\n : await getFirstKeyWithRelationFromDIDDoc(\n {\n identifier,\n vmRelationship: 'verificationMethod',\n errorOnNotFound: false,\n didDocument: offlineDID,\n keyType,\n controllerKey,\n },\n context\n ))\n if (!key) {\n key = identifier.keys\n .map((key) => key as _ExtendedIKey)\n .filter((key) => keyType === undefined || key.type === keyType || (controllerKey && key.kid === identifier.controllerKeyId))\n .find((key) => key.meta.verificationMethod?.type.includes('authentication') || key.meta.purposes?.includes('authentication'))\n }\n }\n if (!key) {\n throw Error(`Could not find authentication key for DID ${identifier.did}`)\n }\n return key\n}\n\nexport const getOrCreatePrimaryIdentifier = async (\n context: IAgentContext<IDIDManager>,\n opts?: CreateOrGetIdentifierOpts\n): Promise<GetOrCreateResult<IIdentifier>> => {\n const primaryIdentifier = await getPrimaryIdentifier(context, { ...opts?.createOpts?.options, ...(opts?.method && { method: opts.method }) })\n if (primaryIdentifier !== undefined) {\n return {\n created: false,\n result: primaryIdentifier,\n }\n }\n\n if (opts?.method === SupportedDidMethodEnum.DID_KEY) {\n const createOpts = opts?.createOpts ?? {}\n createOpts.options = { codecName: 'EBSI', type: 'Secp256r1', ...createOpts }\n opts.createOpts = createOpts\n }\n const createdIdentifier = await createIdentifier(context, opts)\n return {\n created: true,\n result: createdIdentifier,\n }\n}\n\nexport const getPrimaryIdentifier = async (context: IAgentContext<IDIDManager>, opts?: IdentifierProviderOpts): Promise<IIdentifier | undefined> => {\n const identifiers = (await context.agent.didManagerFind(opts?.method ? { provider: `${DID_PREFIX}${opts?.method}` } : {})).filter(\n (identifier: IIdentifier) => opts?.type === undefined || identifier.keys.some((key: IKey) => key.type === opts?.type)\n )\n\n return identifiers && identifiers.length > 0 ? identifiers[0] : undefined\n}\n\nexport const createIdentifier = async (context: IAgentContext<IDIDManager>, opts?: CreateIdentifierOpts): Promise<IIdentifier> => {\n return await context.agent.didManagerCreate({\n kms: await getKms(context, opts?.createOpts?.kms),\n ...(opts?.method && { provider: `${DID_PREFIX}${opts?.method}` }),\n alias: opts?.createOpts?.alias ?? `${IdentifierAliasEnum.PRIMARY}-${opts?.method}-${opts?.createOpts?.options?.type}-${new Date().getTime()}`,\n options: opts?.createOpts?.options,\n })\n}\n\nexport const getFirstKeyWithRelationFromDIDDoc = async (\n {\n identifier,\n vmRelationship = 'verificationMethod',\n keyType,\n errorOnNotFound = false,\n didDocument,\n controllerKey,\n }: {\n identifier: IIdentifier\n controllerKey?: boolean\n vmRelationship?: DIDDocumentSection\n keyType?: TKeyType\n errorOnNotFound?: boolean\n didDocument?: DIDDocument\n },\n context: IAgentContext<IResolver & IDIDManager>\n): Promise<_ExtendedIKey | undefined> => {\n const matchedKeys = await mapIdentifierKeysToDocWithJwkSupport({ identifier, vmRelationship, didDocument }, context)\n if (Array.isArray(matchedKeys) && matchedKeys.length > 0) {\n const result = matchedKeys.find(\n (key) => keyType === undefined || key.type === keyType || (controllerKey && key.kid === identifier.controllerKeyId)\n )\n if (result) {\n return result\n }\n }\n if (errorOnNotFound) {\n throw new Error(\n `Could not find key with relationship ${vmRelationship} in DID document for ${identifier.did}${keyType ? ' and key type: ' + keyType : ''}`\n )\n }\n return undefined\n}\n\nexport const getEthereumAddressFromKey = ({ key }: { key: IKey }) => {\n if (key.type !== 'Secp256k1') {\n throw Error(`Can only get ethereum address from a Secp256k1 key. Type is ${key.type} for keyRef: ${key.kid}`)\n }\n const ethereumAddress = key.meta?.ethereumAddress ?? key.meta?.account?.toLowerCase() ?? computeAddress(`0x${key.publicKeyHex}`).toLowerCase()\n if (!ethereumAddress) {\n throw Error(`Could not get or generate ethereum address from key with keyRef ${key.kid}`)\n }\n return ethereumAddress\n}\n\nexport const getControllerKey = ({ identifier }: { identifier: IIdentifier }) => {\n const key = identifier.keys.find((key) => key.kid === identifier.controllerKeyId)\n if (!key) {\n throw Error(`Could not get controller key for identifier ${identifier}`)\n }\n return key\n}\n\nexport const getKeys = ({\n jwkThumbprint,\n kms,\n identifier,\n kmsKeyRef,\n keyType,\n controllerKey,\n}: {\n identifier: IIdentifier\n kmsKeyRef?: string\n keyType?: TKeyType\n kms?: string\n jwkThumbprint?: string\n controllerKey?: boolean\n}) => {\n return identifier.keys\n .filter((key) => !keyType || key.type === keyType)\n .filter((key) => !kms || key.kms === kms)\n .filter((key) => !kmsKeyRef || key.kid === kmsKeyRef)\n .filter((key) => !jwkThumbprint || key.meta?.jwkThumbprint === jwkThumbprint)\n .filter((key) => !controllerKey || identifier.controllerKeyId === key.kid)\n}\n\n//TODO: Move to ssi-sdk/core and create PR upstream\n/**\n * Dereferences keys from DID document and normalizes them for easy comparison.\n *\n * When dereferencing keyAgreement keys, only Ed25519 and X25519 curves are supported.\n * Other key types are omitted from the result and Ed25519 keys are converted to X25519\n *\n * @returns a Promise that resolves to the list of dereferenced keys.\n *\n * @beta This API may change without a BREAKING CHANGE notice.\n */\nexport async function dereferenceDidKeysWithJwkSupport(\n didDocument: DIDDocument,\n section: DIDDocumentSection = 'keyAgreement',\n context: IAgentContext<IResolver>\n): Promise<_NormalizedVerificationMethod[]> {\n const convert = section === 'keyAgreement'\n if (section === 'service') {\n return []\n }\n return (\n await Promise.all(\n (didDocument[section] || []).map(async (key: string | VerificationMethod) => {\n if (typeof key === 'string') {\n try {\n return (await context.agent.getDIDComponentById({\n didDocument,\n didUrl: key,\n section,\n })) as _ExtendedVerificationMethod\n } catch (e) {\n return null\n }\n } else {\n return key as _ExtendedVerificationMethod\n }\n })\n )\n )\n .filter(isDefined)\n .map((key) => {\n const hexKey = extractPublicKeyHexWithJwkSupport(key, convert)\n const { publicKeyHex, publicKeyBase58, publicKeyBase64, publicKeyJwk, ...keyProps } = key\n const newKey = { ...keyProps, publicKeyHex: hexKey }\n if (convert && 'Ed25519VerificationKey2018' === newKey.type) {\n newKey.type = 'X25519KeyAgreementKey2019'\n }\n return newKey\n })\n}\n\nexport function jwkTtoPublicKeyHex(jwk: JWK): string {\n // todo: Hacky way to convert this to a VM. Should extract the logic from the below methods\n // @ts-ignore\n const vm: _ExtendedVerificationMethod = {\n publicKeyJwk: sanitizedJwk(jwk),\n }\n return extractPublicKeyHexWithJwkSupport(vm)\n}\n\n/**\n * Converts the publicKey of a VerificationMethod to hex encoding (publicKeyHex)\n *\n * @param pk - the VerificationMethod to be converted\n * @param convert - when this flag is set to true, Ed25519 keys are converted to their X25519 pairs\n * @returns the hex encoding of the public key\n *\n * @beta This API may change without a BREAKING CHANGE notice.\n */\nexport function extractPublicKeyHexWithJwkSupport(pk: _ExtendedVerificationMethod, convert = false): string {\n if (pk.publicKeyJwk) {\n const jwk = sanitizedJwk(pk.publicKeyJwk)\n if (jwk.kty === 'EC') {\n const curve = jwk.crv ? toEcLibCurve(jwk.crv) : 'p256'\n const xHex = base64ToHex(jwk.x!, 'base64url')\n const yHex = base64ToHex(jwk.y!, 'base64url')\n const prefix = '04' // isEven(yHex) ? '02' : '03'\n // Uncompressed Hex format: 04<x><y>\n // Compressed Hex format: 02<x> (for even y) or 03<x> (for uneven y)\n const hex = `${prefix}${xHex}${yHex}`\n try {\n const ec = new elliptic.ec(curve)\n // We return directly as we don't want to convert the result back into Uint8Array and then convert again to hex as the elliptic lib already returns hex strings\n const publicKeyHex = ec.keyFromPublic(hex, 'hex').getPublic(true, 'hex')\n // This returns a short form (x) with 02 or 03 prefix\n return publicKeyHex\n } catch (error: any) {\n console.error(`Error converting EC with elliptic lib curve ${curve} from JWK to hex. x: ${jwk.x}, y: ${jwk.y}, error: ${error}`, error)\n }\n } else if (jwk.crv === 'Ed25519') {\n return toString(fromString(jwk.x!, 'base64url'), 'base16')\n } else if (jwk.kty === 'RSA') {\n return hexKeyFromPEMBasedJwk(jwk, 'public')\n }\n }\n // delegate the other types to the original Veramo function\n return extractPublicKeyHex(pk, convert)\n}\n\nexport function isEvenHexString(hex: string) {\n const lastChar = hex[hex.length - 1].toLowerCase()\n return ['0', '2', '4', '6', '8', 'a', 'c', 'e'].includes(lastChar)\n}\n\ninterface LegacyVerificationMethod extends VerificationMethod {\n publicKeyBase64: string\n}\n\n/**\n * Converts the publicKey of a VerificationMethod to hex encoding (publicKeyHex)\n *\n * @param pk - the VerificationMethod to be converted\n * @param convert - when this flag is set to true, Ed25519 keys are converted to their X25519 pairs\n * @returns the hex encoding of the public key\n *\n * @beta This API may change without a BREAKING CHANGE notice.\n */\nexport function extractPublicKeyHex(pk: _ExtendedVerificationMethod, convert: boolean = false): string {\n let keyBytes = extractPublicKeyBytes(pk)\n const jwk = pk.publicKeyJwk ? sanitizedJwk(pk.publicKeyJwk) : undefined\n if (convert) {\n if (\n ['Ed25519', 'Ed25519VerificationKey2018', 'Ed25519VerificationKey2020'].includes(pk.type) ||\n (pk.type === 'JsonWebKey2020' && jwk?.crv === 'Ed25519')\n ) {\n keyBytes = convertPublicKeyToX25519(keyBytes)\n } else if (\n !['X25519', 'X25519KeyAgreementKey2019', 'X25519KeyAgreementKey2020'].includes(pk.type) &&\n !(pk.type === 'JsonWebKey2020' && jwk?.crv === 'X25519')\n ) {\n return ''\n }\n }\n return bytesToHex(keyBytes)\n}\n\nfunction toEcLibCurve(input: string) {\n return input.toLowerCase().replace('-', '').replace('_', '')\n}\n\nfunction extractPublicKeyBytes(pk: VerificationMethod): Uint8Array {\n if (pk.publicKeyBase58) {\n return base58ToBytes(pk.publicKeyBase58)\n } else if (pk.publicKeyMultibase) {\n return multibaseKeyToBytes(pk.publicKeyMultibase)\n } else if ((<LegacyVerificationMethod>pk).publicKeyBase64) {\n return base64ToBytes((<LegacyVerificationMethod>pk).publicKeyBase64)\n } else if (pk.publicKeyHex) {\n return hexToBytes(pk.publicKeyHex)\n } else if (pk.publicKeyJwk?.crv && pk.publicKeyJwk.x && pk.publicKeyJwk.y) {\n return hexToBytes(extractPublicKeyHexWithJwkSupport(pk))\n } else if (pk.publicKeyJwk && (pk.publicKeyJwk.crv === 'Ed25519' || pk.publicKeyJwk.crv === 'X25519') && pk.publicKeyJwk.x) {\n return base64ToBytes(pk.publicKeyJwk.x)\n }\n return new Uint8Array()\n}\n\nexport function verificationMethodToJwk(vm: VerificationMethod): JWK {\n let jwk: JWK | undefined = vm.publicKeyJwk as JWK\n if (!jwk) {\n let publicKeyHex = vm.publicKeyHex ?? toString(extractPublicKeyBytes(vm), 'hex')\n jwk = toJwk(publicKeyHex, keyTypeFromCryptographicSuite({ crv: vm.type }))\n }\n if (!jwk) {\n throw Error(`Could not convert verification method to jwk`)\n }\n jwk.kid = vm.id\n return sanitizedJwk(jwk)\n}\n\nfunction didDocumentSectionToJwks(\n didDocumentSection: DIDDocumentSection,\n searchForVerificationMethods?: (VerificationMethod | string)[],\n verificationMethods?: VerificationMethod[]\n) {\n const jwks = new Set(\n (searchForVerificationMethods ?? [])\n .map((vmOrId) => (typeof vmOrId === 'object' ? vmOrId : verificationMethods?.find((vm) => vm.id === vmOrId)))\n .filter(isDefined)\n .map((vm) => verificationMethodToJwk(vm))\n )\n return { didDocumentSection, jwks: Array.from(jwks) }\n}\n\nexport type DidDocumentJwks = Record<Exclude<DIDDocumentSection, 'publicKey' | 'service'>, Array<JWK>>\n\nexport function didDocumentToJwks(didDocument: DIDDocument): DidDocumentJwks {\n return {\n verificationMethod: [\n ...didDocumentSectionToJwks('publicKey', didDocument.publicKey, didDocument.verificationMethod).jwks, // legacy support\n ...didDocumentSectionToJwks('verificationMethod', didDocument.verificationMethod, didDocument.verificationMethod).jwks,\n ],\n assertionMethod: didDocumentSectionToJwks('assertionMethod', didDocument.assertionMethod, didDocument.verificationMethod).jwks,\n authentication: didDocumentSectionToJwks('authentication', didDocument.authentication, didDocument.verificationMethod).jwks,\n keyAgreement: didDocumentSectionToJwks('keyAgreement', didDocument.keyAgreement, didDocument.verificationMethod).jwks,\n capabilityInvocation: didDocumentSectionToJwks('capabilityInvocation', didDocument.capabilityInvocation, didDocument.verificationMethod).jwks,\n capabilityDelegation: didDocumentSectionToJwks('capabilityDelegation', didDocument.capabilityDelegation, didDocument.verificationMethod).jwks,\n }\n}\n\n/**\n * Maps the keys of a locally managed {@link @veramo/core#IIdentifier | IIdentifier} to the corresponding\n * {@link did-resolver#VerificationMethod | VerificationMethod} entries from the DID document.\n *\n * @param identifier - the identifier to be mapped\n * @param section - the section of the DID document to be mapped (see\n * {@link https://www.w3.org/TR/did-core/#verification-relationships | verification relationships}), but can also be\n * `verificationMethod` to map all the keys.\n * @param didDocument\n * @param context - the veramo agent context, which must contain a {@link @veramo/core#IResolver | IResolver}\n * implementation that can resolve the DID document of the identifier.\n *\n * @returns an array of mapped keys. The corresponding verification method is added to the `meta.verificationMethod`\n * property of the key.\n *\n * @beta This API may change without a BREAKING CHANGE notice.\n */\nexport async function mapIdentifierKeysToDocWithJwkSupport(\n {\n identifier,\n vmRelationship = 'verificationMethod',\n didDocument,\n kmsKeyRef,\n }: {\n identifier: IIdentifier\n vmRelationship?: DIDDocumentSection\n didDocument?: DIDDocument\n kmsKeyRef?: string\n },\n context: IAgentContext<IResolver & IDIDManager>\n): Promise<_ExtendedIKey[]> {\n const didDoc =\n didDocument ??\n (await getAgentResolver(context)\n .resolve(identifier.did)\n .then((result) => result.didDocument))\n if (!didDoc) {\n throw Error(`Could not resolve DID ${identifier.did}`)\n }\n\n // const rsaDidWeb = identifier.keys && identifier.keys.length > 0 && identifier.keys.find((key) => key.type === 'RSA') && didDocument\n\n // We skip mapping in case the identifier is RSA and a did document is supplied.\n const keys = didDoc ? [] : await mapIdentifierKeysToDoc(identifier, vmRelationship, context)\n\n // dereference all key agreement keys from DID document and normalize\n const documentKeys: VerificationMethod[] = await dereferenceDidKeysWithJwkSupport(didDoc, vmRelationship, context)\n\n if (kmsKeyRef) {\n let found = keys.filter((key) => key.kid === kmsKeyRef)\n if (found.length > 0) {\n return found\n }\n }\n\n const localKeys = vmRelationship === 'keyAgreement' ? convertIdentifierEncryptionKeys(identifier) : compressIdentifierSecp256k1Keys(identifier)\n\n // finally map the didDocument keys to the identifier keys by comparing `publicKeyHex`\n const extendedKeys: _ExtendedIKey[] = documentKeys\n .map((verificationMethod) => {\n /*if (verificationMethod.type !== 'JsonWebKey2020') {\n return null\n }*/\n const localKey = localKeys.find(\n (localKey) =>\n localKey.publicKeyHex === verificationMethod.publicKeyHex ||\n verificationMethod.publicKeyHex?.startsWith(localKey.publicKeyHex) ||\n compareBlockchainAccountId(localKey, verificationMethod)\n )\n if (localKey) {\n const { meta, ...localProps } = localKey\n return { ...localProps, meta: { ...meta, verificationMethod } }\n } else {\n return null\n }\n })\n .filter(isDefined)\n\n return Array.from(new Set(keys.concat(extendedKeys)))\n}\n\n/**\n * Compares the `blockchainAccountId` of a `EcdsaSecp256k1RecoveryMethod2020` verification method with the address\n * computed from a locally managed key.\n *\n * @returns true if the local key address corresponds to the `blockchainAccountId`\n *\n * @param localKey - The locally managed key\n * @param verificationMethod - a {@link did-resolver#VerificationMethod | VerificationMethod} with a\n * `blockchainAccountId`\n *\n * @beta This API may change without a BREAKING CHANGE notice.\n */\nfunction compareBlockchainAccountId(localKey: IKey, verificationMethod: VerificationMethod): boolean {\n if (\n (verificationMethod.type !== 'EcdsaSecp256k1RecoveryMethod2020' && verificationMethod.type !== 'EcdsaSecp256k1VerificationKey2019') ||\n localKey.type !== 'Secp256k1'\n ) {\n return false\n }\n let vmEthAddr = getEthereumAddress(verificationMethod)\n if (localKey.meta?.account) {\n return vmEthAddr === localKey.meta?.account.toLowerCase()\n }\n const computedAddr = computeAddress('0x' + localKey.publicKeyHex).toLowerCase()\n return computedAddr === vmEthAddr\n}\n\nexport async function getAgentDIDMethods(context: IAgentContext<IDIDManager>) {\n return (await context.agent.didManagerGetProviders()).map((provider) => provider.toLowerCase().replace('did:', ''))\n}\n\nexport function getDID(idOpts: { identifier: IIdentifier | string }): string {\n if (typeof idOpts.identifier === 'string') {\n return idOpts.identifier\n } else if (typeof idOpts.identifier === 'object') {\n return idOpts.identifier.did\n }\n throw Error(`Cannot get DID from identifier value`)\n}\n\nexport function toDID(identifier: string | IIdentifier | Partial<IIdentifier>): string {\n if (typeof identifier === 'string') {\n return identifier\n }\n if (identifier.did) {\n return identifier.did\n }\n throw Error(`No DID value present in identifier`)\n}\n\nexport function toDIDs(identifiers?: (string | IIdentifier | Partial<IIdentifier>)[]): string[] {\n if (!identifiers) {\n return []\n }\n return identifiers.map(toDID)\n}\n\nexport async function getKey(\n {\n identifier,\n vmRelationship = 'authentication',\n kmsKeyRef,\n }: {\n identifier: IIdentifier\n vmRelationship?: DIDDocumentSection\n kmsKeyRef?: string\n },\n context: IAgentContext<IResolver & IDIDManager>\n): Promise<_ExtendedIKey> {\n if (!identifier) {\n return Promise.reject(new Error(`No identifier provided to getKey method!`))\n }\n // normalize to kid, in case keyId was passed in as did#vm or #vm\n const kmsKeyRefParts = kmsKeyRef?.split(`#`)\n const kid = kmsKeyRefParts ? (kmsKeyRefParts?.length === 2 ? kmsKeyRefParts[1] : kmsKeyRefParts[0]) : undefined\n // todo: We really should do a keyRef and external kid here\n // const keyRefKeys = kmsKeyRef ? identifier.keys.find((key: IKey) => key.kid === kid || key?.meta?.jwkThumbprint === kid) : undefined\n let identifierKey: _ExtendedIKey | undefined = undefined\n\n const keys = await mapIdentifierKeysToDocWithJwkSupport({ identifier, vmRelationship: vmRelationship, kmsKeyRef: kmsKeyRef }, context)\n if (!keys || keys.length === 0) {\n throw new Error(`No keys found for verificationMethodSection: ${vmRelationship} and did ${identifier.did}`)\n }\n if (kmsKeyRef) {\n identifierKey = keys.find(\n (key: _ExtendedIKey) => key.meta.verificationMethod?.id === kmsKeyRef || (kid && key.meta.verificationMethod?.id?.includes(kid))\n )\n }\n if (!identifierKey) {\n identifierKey = keys.find(\n (key: _ExtendedIKey) => key.meta.verificationMethod?.type === vmRelationship || key.meta.purposes?.includes(vmRelationship)\n )\n }\n if (!identifierKey) {\n identifierKey = keys[0]\n }\n\n if (!identifierKey) {\n throw new Error(\n `No matching verificationMethodSection key found for keyId: ${kmsKeyRef} and vmSection: ${vmRelationship} for id ${identifier.did}`\n )\n }\n\n return identifierKey\n}\n\n/**\n *\n * @param identifier\n * @param context\n *\n * @deprecated Replaced by the identfier resolution plugin\n */\nasync function legacyGetIdentifier(\n {\n identifier,\n }: {\n identifier: string | IIdentifier\n },\n context: IAgentContext<IDIDManager>\n): Promise<IIdentifier> {\n if (typeof identifier === 'string') {\n return await context.agent.didManagerGet({ did: identifier })\n }\n return identifier\n}\n\n/**\n * Get the real kid as used in JWTs. This is the kid in the VM or in the JWT, not the kid in the Veramo/Sphereon keystore. That was just a poorly chosen name\n * @param key\n * @param idOpts\n * @param context\n */\nexport async function determineKid(\n {\n key,\n idOpts,\n }: {\n key: IKey\n idOpts: { identifier: IIdentifier | string; kmsKeyRef?: string }\n },\n context: IAgentContext<IResolver & IDIDManager>\n): Promise<string> {\n if (key.meta?.verificationMethod?.id) {\n return key.meta?.verificationMethod?.id\n }\n const identifier = await legacyGetIdentifier(idOpts, context)\n const mappedKeys = await mapIdentifierKeysToDocWithJwkSupport(\n {\n identifier,\n vmRelationship: 'verificationMethod',\n },\n context\n )\n const vmKey = mappedKeys.find((extendedKey) => extendedKey.kid === key.kid)\n if (vmKey) {\n return vmKey.meta?.verificationMethod?.id ?? vmKey.meta?.jwkThumbprint ?? idOpts.kmsKeyRef ?? vmKey.kid\n }\n\n return key.meta?.jwkThumbprint ?? idOpts.kmsKeyRef ?? key.kid\n}\n\nexport async function getSupportedDIDMethods(didOpts: IDIDOptions, context: IAgentContext<IDIDManager>) {\n return didOpts.supportedDIDMethods ?? (await getAgentDIDMethods(context))\n}\n\nexport function getAgentResolver(\n context: IAgentContext<IResolver & IDIDManager>,\n opts?: {\n localResolution?: boolean // Resolve identifiers hosted by the agent\n uniresolverResolution?: boolean // Resolve identifiers using universal resolver\n resolverResolution?: boolean // Use registered drivers\n }\n): Resolvable {\n return new AgentDIDResolver(context, opts)\n}\n\nexport class AgentDIDResolver implements Resolvable {\n private readonly context: IAgentContext<IResolver & IDIDManager>\n private readonly resolverResolution: boolean\n private readonly uniresolverResolution: boolean\n private readonly localResolution: boolean\n\n constructor(\n context: IAgentContext<IResolver & IDIDManager>,\n opts?: { uniresolverResolution?: boolean; localResolution?: boolean; resolverResolution?: boolean }\n ) {\n this.context = context\n this.resolverResolution = opts?.resolverResolution !== false\n this.uniresolverResolution = opts?.uniresolverResolution !== false\n this.localResolution = opts?.localResolution !== false\n }\n\n async resolve(didUrl: string, options?: DIDResolutionOptions): Promise<DIDResolutionResult> {\n let resolutionResult: DIDResolutionResult | undefined\n let origResolutionResult: DIDResolutionResult | undefined\n let err: any\n if (!this.resolverResolution && !this.localResolution && !this.uniresolverResolution) {\n throw Error(`No agent hosted DID resolution, regular agent resolution nor universal resolver resolution is enabled. Cannot resolve DIDs.`)\n }\n if (this.resolverResolution) {\n try {\n resolutionResult = await this.context.agent.resolveDid({ didUrl, options })\n } catch (error: unknown) {\n err = error\n }\n }\n if (resolutionResult) {\n origResolutionResult = resolutionResult\n if (resolutionResult.didDocument === null) {\n resolutionResult = undefined\n }\n } else {\n console.log(`Agent resolver resolution is disabled. This typically isn't desirable!`)\n }\n if (!resolutionResult && this.localResolution) {\n console.log(`Using local DID resolution, looking at DIDs hosted by the agent.`)\n try {\n const did = didUrl.split('#')[0]\n const iIdentifier = await this.context.agent.didManagerGet({ did })\n resolutionResult = toDidResolutionResult(iIdentifier, { did })\n if (resolutionResult.didDocument) {\n err = undefined\n } else {\n console.log(`Local resolution resulted in a DID Document for ${did}`)\n }\n } catch (error: unknown) {\n if (!err) {\n err = error\n }\n }\n }\n if (resolutionResult) {\n if (!origResolutionResult) {\n origResolutionResult = resolutionResult\n }\n if (!resolutionResult.didDocument) {\n resolutionResult = undefined\n }\n }\n if (!resolutionResult && this.uniresolverResolution) {\n console.log(`Using universal resolver resolution for did ${didUrl} `)\n resolutionResult = await new UniResolver().resolve(didUrl, options)\n if (!origResolutionResult) {\n origResolutionResult = resolutionResult\n }\n if (resolutionResult.didDocument) {\n err = undefined\n }\n }\n\n if (err) {\n // throw original error\n throw err\n }\n if (!resolutionResult && !origResolutionResult) {\n throw `Could not resolve ${didUrl}. Resolutions tried: online: ${this.resolverResolution}, local: ${this.localResolution}, uni resolver: ${this.uniresolverResolution}`\n }\n return resolutionResult ?? origResolutionResult!\n }\n}\n\n/**\n * Please note that this is not an exact representation of the actual DID Document.\n *\n * We try to do our best, to map keys onto relevant verification methods and relationships, but we simply lack the context\n * of the actual DID method here. Do not relly on this method for DID resolution. It is only handy for offline use cases\n * when no DID Document is cached. For DID:WEB it does provide an accurate representation!\n *\n * @param identifier\n * @param opts\n */\nexport function toDidDocument(\n identifier?: IIdentifier,\n opts?: {\n did?: string\n use?: JwkKeyUse[]\n }\n): DIDDocument | undefined {\n let didDocument: DIDDocument | undefined = undefined\n // TODO: Introduce jwk thumbprints here\n if (identifier) {\n const did = identifier.did ?? opts?.did\n didDocument = {\n '@context': 'https://www.w3.org/ns/did/v1',\n id: did,\n verificationMethod: identifier.keys.map((key) => {\n const vm: VerificationMethod = {\n controller: did,\n id: key.kid.startsWith(did) && key.kid.includes('#') ? key.kid : `${did}#${key.kid}`,\n publicKeyJwk: toJwk(key.publicKeyHex, key.type, {\n use: ENC_KEY_ALGS.includes(key.type) ? JwkKeyUse.Encryption : JwkKeyUse.Signature,\n key,\n }) as JsonWebKey,\n type: 'JsonWebKey2020',\n }\n return vm\n }),\n ...((opts?.use === undefined || opts?.use?.includes(JwkKeyUse.Signature)) &&\n identifier.keys && {\n assertionMethod: identifier.keys\n .filter(\n (key) =>\n key?.meta?.purpose === undefined || key?.meta?.purpose === 'assertionMethod' || key?.meta?.purposes?.includes('assertionMethod')\n )\n .map((key) => {\n if (key.kid.startsWith(did) && key.kid.includes('#')) {\n return key.kid\n }\n return `${did}#${key.kid}`\n }),\n }),\n ...((opts?.use === undefined || opts?.use?.includes(JwkKeyUse.Signature)) &&\n identifier.keys && {\n authentication: identifier.keys\n .filter(\n (key) => key?.meta?.purpose === undefined || key?.meta?.purpose === 'authentication' || key?.meta?.purposes?.includes('authentication')\n )\n .map((key) => {\n if (key.kid.startsWith(did) && key.kid.includes('#')) {\n return key.kid\n }\n return `${did}#${key.kid}`\n }),\n }),\n ...((opts?.use === undefined || opts?.use?.includes(JwkKeyUse.Encryption)) &&\n identifier.keys && {\n keyAgreement: identifier.keys\n .filter((key) => key.type === 'X25519' || key?.meta?.purpose === 'keyAgreement' || key?.meta?.purposes?.includes('keyAgreement'))\n .map((key) => {\n if (key.kid.startsWith(did) && key.kid.includes('#')) {\n return key.kid\n }\n return `${did}#${key.kid}`\n }),\n }),\n ...((opts?.use === undefined || opts?.use?.includes(JwkKeyUse.Encryption)) &&\n identifier.keys && {\n capabilityInvocation: identifier.keys\n .filter(\n (key) => key.type === 'X25519' || key?.meta?.purpose === 'capabilityInvocation' || key?.meta?.purposes?.includes('capabilityInvocation')\n )\n .map((key) => {\n if (key.kid.startsWith(did) && key.kid.includes('#')) {\n return key.kid\n }\n return `${did}#${key.kid}`\n }),\n }),\n ...((opts?.use === undefined || opts?.use?.includes(JwkKeyUse.Encryption)) &&\n identifier.keys && {\n capabilityDelegation: identifier.keys\n .filter(\n (key) => key.type === 'X25519' || key?.meta?.purpose === 'capabilityDelegation' || key?.meta?.purposes?.includes('capabilityDelegation')\n )\n .map((key) => {\n if (key.kid.startsWith(did) && key.kid.includes('#')) {\n return key.kid\n }\n return `${did}#${key.kid}`\n }),\n }),\n ...(identifier.services && identifier.services.length > 0 && { service: identifier.services }),\n }\n }\n return didDocument\n}\n\nexport function toDidResolutionResult(\n identifier?: IIdentifier,\n opts?: {\n did?: string\n supportedMethods?: string[]\n }\n): DIDResolutionResult {\n const didDocument = toDidDocument(identifier, opts) ?? null // null is used in case of errors and required by the did resolution spec\n\n const resolutionResult: DIDResolutionResult = {\n '@context': 'https://w3id.org/did-resolution/v1',\n didDocument,\n didResolutionMetadata: {\n ...(!didDocument && { error: 'notFound' }),\n ...(Array.isArray(opts?.supportedMethods) &&\n identifier &&\n !opts?.supportedMethods.includes(identifier.provider.replace('did:', '')) && { error: 'unsupportedDidMethod' }),\n },\n didDocumentMetadata: {\n ...(identifier?.alias && { equivalentId: identifier?.alias }),\n },\n }\n return resolutionResult\n}\n\nexport async function asDidWeb(hostnameOrDID: string): Promise<string> {\n let did = hostnameOrDID\n if (!did) {\n throw Error('Domain or DID expected, but received nothing.')\n }\n if (did.startsWith('did:web:')) {\n return did\n }\n return `did:web:${did.replace(/https?:\\/\\/([^/?#]+).*/i, '$1').toLowerCase()}`\n}\n\n/**\n * @deprecated Replaced by the new signer service\n */\nexport const signDidJWT = async (args: SignJwtArgs): Promise<string> => {\n const { idOpts, header, payload, context, options } = args\n const jwtOptions = {\n ...options,\n signer: await getDidSigner({ idOpts, context }),\n }\n\n return createJWT(payload, jwtOptions, header)\n}\n\n/**\n * @deprecated Replaced by the new signer service\n */\nexport const getDidSigner = async (\n args: GetSignerArgs & {\n idOpts: {\n /**\n * @deprecated\n */\n identifier: IIdentifier | string\n /**\n * @deprecated\n */\n verificationMethodSection?: DIDDocumentSection\n /**\n * @deprecated\n */\n kmsKeyRef?: string\n }\n }\n): Promise<Signer> => {\n const { idOpts, context } = args\n\n const identifier = await legacyGetIdentifier(idOpts, context)\n const key = await getKey(\n {\n identifier,\n vmRelationship: idOpts.verificationMethodSection,\n kmsKeyRef: idOpts.kmsKeyRef,\n },\n context\n )\n const algorithm = await signatureAlgorithmFromKey({ key })\n\n return async (data: string | Uint8Array): Promise<string> => {\n const input = data instanceof Object.getPrototypeOf(Uint8Array) ? new TextDecoder().decode(data as Uint8Array) : (data as string)\n return await context.agent.keyManagerSign({\n keyRef: key.kid,\n algorithm,\n data: input,\n })\n }\n}\n","import type { TKeyType } from '@sphereon/ssi-sdk-ext.key-utils'\nimport type { IAgentContext, IDIDManager, IIdentifier, IKeyManager, IResolver } from '@veramo/core'\nimport type { JWTHeader, JWTPayload, JWTVerifyOptions } from 'did-jwt'\nimport type { Resolvable } from 'did-resolver'\n\nexport enum SupportedDidMethodEnum {\n DID_ETHR = 'ethr',\n DID_KEY = 'key',\n DID_LTO = 'lto',\n DID_ION = 'ion',\n DID_EBSI = 'ebsi',\n DID_JWK = 'jwk',\n DID_OYD = 'oyd',\n}\n\nexport enum IdentifierAliasEnum {\n PRIMARY = 'primary',\n}\n\nexport interface ResolveOpts {\n jwtVerifyOpts?: JWTVerifyOptions\n resolver?: Resolvable\n resolveUrl?: string\n noUniversalResolverFallback?: boolean\n subjectSyntaxTypesSupported?: string[]\n}\n\n/**\n * @deprecated Replaced by the identifier resolution service\n */\nexport interface IDIDOptions {\n resolveOpts?: ResolveOpts\n idOpts: LegacyIIdentifierOpts\n supportedDIDMethods?: string[]\n}\n\nexport type IdentifierProviderOpts = {\n type?: TKeyType\n use?: string\n method?: SupportedDidMethodEnum\n [x: string]: any\n}\n\nexport type CreateIdentifierOpts = {\n method: SupportedDidMethodEnum\n createOpts?: CreateIdentifierCreateOpts\n}\n\nexport type CreateIdentifierCreateOpts = {\n kms?: string\n alias?: string\n options?: IdentifierProviderOpts\n}\n\nexport type CreateOrGetIdentifierOpts = {\n method: SupportedDidMethodEnum\n createOpts?: CreateIdentifierCreateOpts\n}\n\nexport const DID_PREFIX = 'did:'\n\nexport interface GetOrCreateResult<T> {\n created: boolean\n result: T\n}\n\n/**\n * @deprecated Replaced by new signer\n */\nexport type SignJwtArgs = {\n idOpts: LegacyIIdentifierOpts\n header: Partial<JWTHeader>\n payload: Partial<JWTPayload>\n options: { issuer: string; expiresIn?: number; canonicalize?: boolean }\n context: IRequiredSignAgentContext\n}\n\n/**\n * @deprecated Replaced by new signer\n */\nexport type GetSignerArgs = {\n idOpts: LegacyIIdentifierOpts\n context: IRequiredSignAgentContext\n}\n\n/**\n * @deprecated Replaced by the identifier resolution service\n */\ntype LegacyIIdentifierOpts = {\n identifier: IIdentifier | string\n}\nexport type IRequiredSignAgentContext = IAgentContext<IKeyManager & IDIDManager & IResolver>\n"],"mappings":";;;;AAAA,SAASA,sBAAsB;AAC/B,SAASC,mBAAmB;AAC5B,SACEC,cACAC,QACAC,WACAC,+BACAC,cACAC,2BAEAC,aACK;AACP,SAASC,aAAaC,6BAA6B;AACnD,SAASC,eAAeC,eAAeC,YAAYC,YAAYC,2BAA2B;AAE1F,SAASC,gCAAgC;AAEzC,SAIEC,iCACAC,iCACAC,oBACAC,WACAC,8BACK;AACP,SAASC,iBAAyB;AAGlC,OAAOC,cAAc;AAErB,YAAYC,SAAS;;;AC3Bd,IAAKC,yBAAAA,yBAAAA,yBAAAA;;;;;;;;SAAAA;;AAUL,IAAKC,sBAAAA,yBAAAA,sBAAAA;;SAAAA;;AA4CL,IAAMC,aAAa;;;ADzB1B,IAAM,EAAEC,YAAYC,SAAQ,IAAKC;AAc1B,IAAMC,uBAAuB,8BAClC,EACEC,YACAC,4BACAC,8BACAC,SACAC,cAAa,GAQfC,YAAAA;AAEA,SAAO,MAAMC,wBACX;IACEN;IACAC;IACAC;IACAC;IACAC;IACAG,gBAAgB;EAClB,GACAF,OAAAA;AAEJ,GA3BoC;AA4B7B,IAAMC,0BAA0B,8BACrC,EACEN,YACAC,4BACAC,8BACAC,SACAC,eACAG,eAAc,GAShBF,YAAAA;AAEA,MAAIG,MAAiCC;AACrC,MAAI;AACFD,UACG,MAAME,kCACL;MACEV;MACAO;MACAI,iBAAiB;MACjBR;MACAC;IACF,GACAC,OAAAA,MAEDH,gCAAgCK,mBAAmB,uBAChDE,SACA,MAAMC,kCACJ;MACEV;MACAO,gBAAgB;MAChBI,iBAAiB;MACjBR;MACAC;IACF,GACAC,OAAAA;EAEV,SAASO,GAAG;AACV,QAAIA,aAAaC,OAAO;AACtB,UAAI,CAACD,EAAEE,QAAQC,SAAS,KAAA,KAAU,CAACd,4BAA4B;AAC7D,cAAMW;MACR;IACF,OAAO;AACL,YAAMA;IACR;EACF;AACA,MAAI,CAACJ,OAAOP,4BAA4B;AACtC,UAAMe,aAAaC,cAAcjB,UAAAA;AACjCQ,UACG,MAAME,kCACL;MACEV;MACAO;MACAI,iBAAiB;MACjBO,aAAaF;MACbb;MACAC;IACF,GACAC,OAAAA,MAEDH,gCAAgCK,mBAAmB,uBAChDE,SACA,MAAMC,kCACJ;MACEV;MACAO,gBAAgB;MAChBI,iBAAiB;MACjBO,aAAaF;MACbb;MACAC;IACF,GACAC,OAAAA;AAER,QAAI,CAACG,KAAK;AACRA,YAAMR,WAAWmB,KACdC,IAAI,CAACZ,SAAQA,IAAAA,EACba,OAAO,CAACb,SAAQL,YAAYM,UAAaD,KAAIc,SAASnB,WAAYC,iBAAiBI,KAAIe,QAAQvB,WAAWwB,eAAe,EACzHC,KAAK,CAACjB,SAAQA,KAAIkB,KAAKC,oBAAoBL,KAAKP,SAAS,gBAAA,KAAqBP,KAAIkB,KAAKE,UAAUb,SAAS,gBAAA,CAAA;IAC/G;EACF;AACA,MAAI,CAACP,KAAK;AACR,UAAMK,MAAM,6CAA6Cb,WAAW6B,GAAG,EAAE;EAC3E;AACA,SAAOrB;AACT,GA1FuC;AA4FhC,IAAMsB,+BAA+B,8BAC1CzB,SACA0B,SAAAA;AAEA,QAAMC,oBAAoB,MAAMC,qBAAqB5B,SAAS;IAAE,GAAG0B,MAAMG,YAAYC;IAAS,GAAIJ,MAAMK,UAAU;MAAEA,QAAQL,KAAKK;IAAO;EAAG,CAAA;AAC3I,MAAIJ,sBAAsBvB,QAAW;AACnC,WAAO;MACL4B,SAAS;MACTC,QAAQN;IACV;EACF;AAEA,MAAID,MAAMK,WAAWG,uBAAuBC,SAAS;AACnD,UAAMN,aAAaH,MAAMG,cAAc,CAAC;AACxCA,eAAWC,UAAU;MAAEM,WAAW;MAAQnB,MAAM;MAAa,GAAGY;IAAW;AAC3EH,SAAKG,aAAaA;EACpB;AACA,QAAMQ,oBAAoB,MAAMC,iBAAiBtC,SAAS0B,IAAAA;AAC1D,SAAO;IACLM,SAAS;IACTC,QAAQI;EACV;AACF,GAtB4C;AAwBrC,IAAMT,uBAAuB,8BAAO5B,SAAqC0B,SAAAA;AAC9E,QAAMa,eAAe,MAAMvC,QAAQwC,MAAMC,eAAef,MAAMK,SAAS;IAAEW,UAAU,GAAGC,UAAAA,GAAajB,MAAMK,MAAAA;EAAS,IAAI,CAAC,CAAA,GAAIf,OACzH,CAACrB,eAA4B+B,MAAMT,SAASb,UAAaT,WAAWmB,KAAK8B,KAAK,CAACzC,QAAcA,IAAIc,SAASS,MAAMT,IAAAA,CAAAA;AAGlH,SAAOsB,eAAeA,YAAYM,SAAS,IAAIN,YAAY,CAAA,IAAKnC;AAClE,GANoC;AAQ7B,IAAMkC,mBAAmB,8BAAOtC,SAAqC0B,SAAAA;AAC1E,SAAO,MAAM1B,QAAQwC,MAAMM,iBAAiB;IAC1CC,KAAK,MAAMC,OAAOhD,SAAS0B,MAAMG,YAAYkB,GAAAA;IAC7C,GAAIrB,MAAMK,UAAU;MAAEW,UAAU,GAAGC,UAAAA,GAAajB,MAAMK,MAAAA;IAAS;IAC/DkB,OAAOvB,MAAMG,YAAYoB,SAAS,GAAGC,oBAAoBC,OAAO,IAAIzB,MAAMK,MAAAA,IAAUL,MAAMG,YAAYC,SAASb,IAAAA,KAAQ,oBAAImC,KAAAA,GAAOC,QAAO,CAAA;IACzIvB,SAASJ,MAAMG,YAAYC;EAC7B,CAAA;AACF,GAPgC;AASzB,IAAMzB,oCAAoC,8BAC/C,EACEV,YACAO,iBAAiB,sBACjBJ,SACAQ,kBAAkB,OAClBO,aACAd,cAAa,GASfC,YAAAA;AAEA,QAAMsD,cAAc,MAAMC,qCAAqC;IAAE5D;IAAYO;IAAgBW;EAAY,GAAGb,OAAAA;AAC5G,MAAIwD,MAAMC,QAAQH,WAAAA,KAAgBA,YAAYT,SAAS,GAAG;AACxD,UAAMZ,SAASqB,YAAYlC,KACzB,CAACjB,QAAQL,YAAYM,UAAaD,IAAIc,SAASnB,WAAYC,iBAAiBI,IAAIe,QAAQvB,WAAWwB,eAAe;AAEpH,QAAIc,QAAQ;AACV,aAAOA;IACT;EACF;AACA,MAAI3B,iBAAiB;AACnB,UAAM,IAAIE,MACR,wCAAwCN,cAAAA,wBAAsCP,WAAW6B,GAAG,GAAG1B,UAAU,oBAAoBA,UAAU,EAAA,EAAI;EAE/I;AACA,SAAOM;AACT,GAjCiD;AAmC1C,IAAMsD,4BAA4B,wBAAC,EAAEvD,IAAG,MAAiB;AAC9D,MAAIA,IAAIc,SAAS,aAAa;AAC5B,UAAMT,MAAM,+DAA+DL,IAAIc,IAAI,gBAAgBd,IAAIe,GAAG,EAAE;EAC9G;AACA,QAAMyC,kBAAkBxD,IAAIkB,MAAMsC,mBAAmBxD,IAAIkB,MAAMuC,SAASC,YAAAA,KAAiBC,eAAe,KAAK3D,IAAI4D,YAAY,EAAE,EAAEF,YAAW;AAC5I,MAAI,CAACF,iBAAiB;AACpB,UAAMnD,MAAM,mEAAmEL,IAAIe,GAAG,EAAE;EAC1F;AACA,SAAOyC;AACT,GATyC;AAWlC,IAAMK,mBAAmB,wBAAC,EAAErE,WAAU,MAA+B;AAC1E,QAAMQ,MAAMR,WAAWmB,KAAKM,KAAK,CAACjB,SAAQA,KAAIe,QAAQvB,WAAWwB,eAAe;AAChF,MAAI,CAAChB,KAAK;AACR,UAAMK,MAAM,+CAA+Cb,UAAAA,EAAY;EACzE;AACA,SAAOQ;AACT,GANgC;AAQzB,IAAM8D,UAAU,wBAAC,EACtBC,eACAnB,KACApD,YACAwE,WACArE,SACAC,cAAa,MAQd;AACC,SAAOJ,WAAWmB,KACfE,OAAO,CAACb,QAAQ,CAACL,WAAWK,IAAIc,SAASnB,OAAAA,EACzCkB,OAAO,CAACb,QAAQ,CAAC4C,OAAO5C,IAAI4C,QAAQA,GAAAA,EACpC/B,OAAO,CAACb,QAAQ,CAACgE,aAAahE,IAAIe,QAAQiD,SAAAA,EAC1CnD,OAAO,CAACb,QAAQ,CAAC+D,iBAAiB/D,IAAIkB,MAAM6C,kBAAkBA,aAAAA,EAC9DlD,OAAO,CAACb,QAAQ,CAACJ,iBAAiBJ,WAAWwB,oBAAoBhB,IAAIe,GAAG;AAC7E,GArBuB;AAkCvB,eAAsBkD,iCACpBvD,aACAwD,UAA8B,gBAC9BrE,SAAiC;AAEjC,QAAMsE,UAAUD,YAAY;AAC5B,MAAIA,YAAY,WAAW;AACzB,WAAO,CAAA;EACT;AACA,UACE,MAAME,QAAQC,KACX3D,YAAYwD,OAAAA,KAAY,CAAA,GAAItD,IAAI,OAAOZ,QAAAA;AACtC,QAAI,OAAOA,QAAQ,UAAU;AAC3B,UAAI;AACF,eAAQ,MAAMH,QAAQwC,MAAMiC,oBAAoB;UAC9C5D;UACA6D,QAAQvE;UACRkE;QACF,CAAA;MACF,SAAS9D,GAAG;AACV,eAAO;MACT;IACF,OAAO;AACL,aAAOJ;IACT;EACF,CAAA,CAAA,GAGDa,OAAO2D,SAAAA,EACP5D,IAAI,CAACZ,QAAAA;AACJ,UAAMyE,SAASC,kCAAkC1E,KAAKmE,OAAAA;AACtD,UAAM,EAAEP,cAAce,iBAAiBC,iBAAiBC,cAAc,GAAGC,SAAAA,IAAa9E;AACtF,UAAM+E,SAAS;MAAE,GAAGD;MAAUlB,cAAca;IAAO;AACnD,QAAIN,WAAW,iCAAiCY,OAAOjE,MAAM;AAC3DiE,aAAOjE,OAAO;IAChB;AACA,WAAOiE;EACT,CAAA;AACJ;AAtCsBd;AAwCf,SAASe,mBAAmBC,KAAQ;AAGzC,QAAMC,KAAkC;IACtCL,cAAcM,aAAaF,GAAAA;EAC7B;AACA,SAAOP,kCAAkCQ,EAAAA;AAC3C;AAPgBF;AAkBT,SAASN,kCAAkCU,IAAiCjB,UAAU,OAAK;AAChG,MAAIiB,GAAGP,cAAc;AACnB,UAAMI,MAAME,aAAaC,GAAGP,YAAY;AACxC,QAAII,IAAII,QAAQ,MAAM;AACpB,YAAMC,QAAQL,IAAIM,MAAMC,aAAaP,IAAIM,GAAG,IAAI;AAChD,YAAME,OAAOC,YAAYT,IAAIU,GAAI,WAAA;AACjC,YAAMC,OAAOF,YAAYT,IAAIY,GAAI,WAAA;AACjC,YAAMC,SAAS;AAGf,YAAMC,MAAM,GAAGD,MAAAA,GAASL,IAAAA,GAAOG,IAAAA;AAC/B,UAAI;AACF,cAAMI,KAAK,IAAIC,SAASD,GAAGV,KAAAA;AAE3B,cAAM1B,eAAeoC,GAAGE,cAAcH,KAAK,KAAA,EAAOI,UAAU,MAAM,KAAA;AAElE,eAAOvC;MACT,SAASwC,OAAY;AACnBC,gBAAQD,MAAM,+CAA+Cd,KAAAA,wBAA6BL,IAAIU,CAAC,QAAQV,IAAIY,CAAC,YAAYO,KAAAA,IAASA,KAAAA;MACnI;IACF,WAAWnB,IAAIM,QAAQ,WAAW;AAChC,aAAOlG,SAASD,WAAW6F,IAAIU,GAAI,WAAA,GAAc,QAAA;IACnD,WAAWV,IAAII,QAAQ,OAAO;AAC5B,aAAOiB,sBAAsBrB,KAAK,QAAA;IACpC;EACF;AAEA,SAAOsB,oBAAoBnB,IAAIjB,OAAAA;AACjC;AA5BgBO;AA8BT,SAAS8B,gBAAgBT,KAAW;AACzC,QAAMU,WAAWV,IAAIA,IAAIrD,SAAS,CAAA,EAAGgB,YAAW;AAChD,SAAO;IAAC;IAAK;IAAK;IAAK;IAAK;IAAK;IAAK;IAAK;IAAKnD,SAASkG,QAAAA;AAC3D;AAHgBD;AAkBT,SAASD,oBAAoBnB,IAAiCjB,UAAmB,OAAK;AAC3F,MAAIuC,WAAWC,sBAAsBvB,EAAAA;AACrC,QAAMH,MAAMG,GAAGP,eAAeM,aAAaC,GAAGP,YAAY,IAAI5E;AAC9D,MAAIkE,SAAS;AACX,QACE;MAAC;MAAW;MAA8B;MAA8B5D,SAAS6E,GAAGtE,IAAI,KACvFsE,GAAGtE,SAAS,oBAAoBmE,KAAKM,QAAQ,WAC9C;AACAmB,iBAAWE,yBAAyBF,QAAAA;IACtC,WACE,CAAC;MAAC;MAAU;MAA6B;MAA6BnG,SAAS6E,GAAGtE,IAAI,KACtF,EAAEsE,GAAGtE,SAAS,oBAAoBmE,KAAKM,QAAQ,WAC/C;AACA,aAAO;IACT;EACF;AACA,SAAOsB,WAAWH,QAAAA;AACpB;AAjBgBH;AAmBhB,SAASf,aAAasB,OAAa;AACjC,SAAOA,MAAMpD,YAAW,EAAGqD,QAAQ,KAAK,EAAA,EAAIA,QAAQ,KAAK,EAAA;AAC3D;AAFSvB;AAIT,SAASmB,sBAAsBvB,IAAsB;AACnD,MAAIA,GAAGT,iBAAiB;AACtB,WAAOqC,cAAc5B,GAAGT,eAAe;EACzC,WAAWS,GAAG6B,oBAAoB;AAChC,WAAOC,oBAAoB9B,GAAG6B,kBAAkB;EAClD,WAAsC7B,GAAIR,iBAAiB;AACzD,WAAOuC,cAAyC/B,GAAIR,eAAe;EACrE,WAAWQ,GAAGxB,cAAc;AAC1B,WAAOwD,WAAWhC,GAAGxB,YAAY;EACnC,WAAWwB,GAAGP,cAAcU,OAAOH,GAAGP,aAAac,KAAKP,GAAGP,aAAagB,GAAG;AACzE,WAAOuB,WAAW1C,kCAAkCU,EAAAA,CAAAA;EACtD,WAAWA,GAAGP,iBAAiBO,GAAGP,aAAaU,QAAQ,aAAaH,GAAGP,aAAaU,QAAQ,aAAaH,GAAGP,aAAac,GAAG;AAC1H,WAAOwB,cAAc/B,GAAGP,aAAac,CAAC;EACxC;AACA,SAAO,IAAI0B,WAAAA;AACb;AAfSV;AAiBF,SAASW,wBAAwBpC,IAAsB;AAC5D,MAAID,MAAuBC,GAAGL;AAC9B,MAAI,CAACI,KAAK;AACR,QAAIrB,eAAesB,GAAGtB,gBAAgBvE,SAASsH,sBAAsBzB,EAAAA,GAAK,KAAA;AAC1ED,UAAMsC,MAAM3D,cAAc4D,8BAA8B;MAAEjC,KAAKL,GAAGpE;IAAK,CAAA,CAAA;EACzE;AACA,MAAI,CAACmE,KAAK;AACR,UAAM5E,MAAM,8CAA8C;EAC5D;AACA4E,MAAIlE,MAAMmE,GAAGuC;AACb,SAAOtC,aAAaF,GAAAA;AACtB;AAXgBqC;AAahB,SAASI,yBACPC,oBACAC,8BACAC,qBAA0C;AAE1C,QAAMC,OAAO,IAAIC,KACdH,gCAAgC,CAAA,GAC9BhH,IAAI,CAACoH,WAAY,OAAOA,WAAW,WAAWA,SAASH,qBAAqB5G,KAAK,CAACiE,OAAOA,GAAGuC,OAAOO,MAAAA,CAAAA,EACnGnH,OAAO2D,SAAAA,EACP5D,IAAI,CAACsE,OAAOoC,wBAAwBpC,EAAAA,CAAAA,CAAAA;AAEzC,SAAO;IAAEyC;IAAoBG,MAAMzE,MAAM4E,KAAKH,IAAAA;EAAM;AACtD;AAZSJ;AAgBF,SAASQ,kBAAkBxH,aAAwB;AACxD,SAAO;IACLS,oBAAoB;SACfuG,yBAAyB,aAAahH,YAAYyH,WAAWzH,YAAYS,kBAAkB,EAAE2G;SAC7FJ,yBAAyB,sBAAsBhH,YAAYS,oBAAoBT,YAAYS,kBAAkB,EAAE2G;;IAEpHM,iBAAiBV,yBAAyB,mBAAmBhH,YAAY0H,iBAAiB1H,YAAYS,kBAAkB,EAAE2G;IAC1HO,gBAAgBX,yBAAyB,kBAAkBhH,YAAY2H,gBAAgB3H,YAAYS,kBAAkB,EAAE2G;IACvHQ,cAAcZ,yBAAyB,gBAAgBhH,YAAY4H,cAAc5H,YAAYS,kBAAkB,EAAE2G;IACjHS,sBAAsBb,yBAAyB,wBAAwBhH,YAAY6H,sBAAsB7H,YAAYS,kBAAkB,EAAE2G;IACzIU,sBAAsBd,yBAAyB,wBAAwBhH,YAAY8H,sBAAsB9H,YAAYS,kBAAkB,EAAE2G;EAC3I;AACF;AAZgBI;AA+BhB,eAAsB9E,qCACpB,EACE5D,YACAO,iBAAiB,sBACjBW,aACAsD,UAAS,GAOXnE,SAA+C;AAE/C,QAAM4I,SACJ/H,eACC,MAAMgI,iBAAiB7I,OAAAA,EACrB8I,QAAQnJ,WAAW6B,GAAG,EACtBuH,KAAK,CAAC9G,WAAWA,OAAOpB,WAAW;AACxC,MAAI,CAAC+H,QAAQ;AACX,UAAMpI,MAAM,yBAAyBb,WAAW6B,GAAG,EAAE;EACvD;AAKA,QAAMV,OAAO8H,SAAS,CAAA,IAAK,MAAMI,uBAAuBrJ,YAAYO,gBAAgBF,OAAAA;AAGpF,QAAMiJ,eAAqC,MAAM7E,iCAAiCwE,QAAQ1I,gBAAgBF,OAAAA;AAE1G,MAAImE,WAAW;AACb,QAAI+E,QAAQpI,KAAKE,OAAO,CAACb,QAAQA,IAAIe,QAAQiD,SAAAA;AAC7C,QAAI+E,MAAMrG,SAAS,GAAG;AACpB,aAAOqG;IACT;EACF;AAEA,QAAMC,YAAYjJ,mBAAmB,iBAAiBkJ,gCAAgCzJ,UAAAA,IAAc0J,gCAAgC1J,UAAAA;AAGpI,QAAM2J,eAAgCL,aACnClI,IAAI,CAACO,uBAAAA;AAIJ,UAAMiI,WAAWJ,UAAU/H,KACzB,CAACmI,cACCA,UAASxF,iBAAiBzC,mBAAmByC,gBAC7CzC,mBAAmByC,cAAcyF,WAAWD,UAASxF,YAAY,KACjE0F,2BAA2BF,WAAUjI,kBAAAA,CAAAA;AAEzC,QAAIiI,UAAU;AACZ,YAAM,EAAElI,MAAM,GAAGqI,WAAAA,IAAeH;AAChC,aAAO;QAAE,GAAGG;QAAYrI,MAAM;UAAE,GAAGA;UAAMC;QAAmB;MAAE;IAChE,OAAO;AACL,aAAO;IACT;EACF,CAAA,EACCN,OAAO2D,SAAAA;AAEV,SAAOnB,MAAM4E,KAAK,IAAIF,IAAIpH,KAAK6I,OAAOL,YAAAA,CAAAA,CAAAA;AACxC;AA9DsB/F;AA4EtB,SAASkG,2BAA2BF,UAAgBjI,oBAAsC;AACxF,MACGA,mBAAmBL,SAAS,sCAAsCK,mBAAmBL,SAAS,uCAC/FsI,SAAStI,SAAS,aAClB;AACA,WAAO;EACT;AACA,MAAI2I,YAAYC,mBAAmBvI,kBAAAA;AACnC,MAAIiI,SAASlI,MAAMuC,SAAS;AAC1B,WAAOgG,cAAcL,SAASlI,MAAMuC,QAAQC,YAAAA;EAC9C;AACA,QAAMiG,eAAehG,eAAe,OAAOyF,SAASxF,YAAY,EAAEF,YAAW;AAC7E,SAAOiG,iBAAiBF;AAC1B;AAbSH;AAeT,eAAsBM,mBAAmB/J,SAAmC;AAC1E,UAAQ,MAAMA,QAAQwC,MAAMwH,uBAAsB,GAAIjJ,IAAI,CAAC2B,aAAaA,SAASmB,YAAW,EAAGqD,QAAQ,QAAQ,EAAA,CAAA;AACjH;AAFsB6C;AAIf,SAASE,OAAOC,QAA4C;AACjE,MAAI,OAAOA,OAAOvK,eAAe,UAAU;AACzC,WAAOuK,OAAOvK;EAChB,WAAW,OAAOuK,OAAOvK,eAAe,UAAU;AAChD,WAAOuK,OAAOvK,WAAW6B;EAC3B;AACA,QAAMhB,MAAM,sCAAsC;AACpD;AAPgByJ;AAST,SAASE,MAAMxK,YAAuD;AAC3E,MAAI,OAAOA,eAAe,UAAU;AAClC,WAAOA;EACT;AACA,MAAIA,WAAW6B,KAAK;AAClB,WAAO7B,WAAW6B;EACpB;AACA,QAAMhB,MAAM,oCAAoC;AAClD;AARgB2J;AAUT,SAASC,OAAO7H,aAA6D;AAClF,MAAI,CAACA,aAAa;AAChB,WAAO,CAAA;EACT;AACA,SAAOA,YAAYxB,IAAIoJ,KAAAA;AACzB;AALgBC;AAOhB,eAAsBC,OACpB,EACE1K,YACAO,iBAAiB,kBACjBiE,UAAS,GAMXnE,SAA+C;AAE/C,MAAI,CAACL,YAAY;AACf,WAAO4E,QAAQ+F,OAAO,IAAI9J,MAAM,0CAA0C,CAAA;EAC5E;AAEA,QAAM+J,iBAAiBpG,WAAWqG,MAAM,GAAG;AAC3C,QAAMtJ,MAAMqJ,iBAAkBA,gBAAgB1H,WAAW,IAAI0H,eAAe,CAAA,IAAKA,eAAe,CAAA,IAAMnK;AAGtG,MAAIqK,gBAA2CrK;AAE/C,QAAMU,OAAO,MAAMyC,qCAAqC;IAAE5D;IAAYO;IAAgCiE;EAAqB,GAAGnE,OAAAA;AAC9H,MAAI,CAACc,QAAQA,KAAK+B,WAAW,GAAG;AAC9B,UAAM,IAAIrC,MAAM,gDAAgDN,cAAAA,YAA0BP,WAAW6B,GAAG,EAAE;EAC5G;AACA,MAAI2C,WAAW;AACbsG,oBAAgB3J,KAAKM,KACnB,CAACjB,QAAuBA,IAAIkB,KAAKC,oBAAoBsG,OAAOzD,aAAcjD,OAAOf,IAAIkB,KAAKC,oBAAoBsG,IAAIlH,SAASQ,GAAAA,CAAAA;EAE/H;AACA,MAAI,CAACuJ,eAAe;AAClBA,oBAAgB3J,KAAKM,KACnB,CAACjB,QAAuBA,IAAIkB,KAAKC,oBAAoBL,SAASf,kBAAkBC,IAAIkB,KAAKE,UAAUb,SAASR,cAAAA,CAAAA;EAEhH;AACA,MAAI,CAACuK,eAAe;AAClBA,oBAAgB3J,KAAK,CAAA;EACvB;AAEA,MAAI,CAAC2J,eAAe;AAClB,UAAM,IAAIjK,MACR,8DAA8D2D,SAAAA,mBAA4BjE,cAAAA,WAAyBP,WAAW6B,GAAG,EAAE;EAEvI;AAEA,SAAOiJ;AACT;AA/CsBJ;AAwDtB,eAAeK,oBACb,EACE/K,WAAU,GAIZK,SAAmC;AAEnC,MAAI,OAAOL,eAAe,UAAU;AAClC,WAAO,MAAMK,QAAQwC,MAAMmI,cAAc;MAAEnJ,KAAK7B;IAAW,CAAA;EAC7D;AACA,SAAOA;AACT;AAZe+K;AAoBf,eAAsBE,aACpB,EACEzK,KACA+J,OAAM,GAKRlK,SAA+C;AAE/C,MAAIG,IAAIkB,MAAMC,oBAAoBsG,IAAI;AACpC,WAAOzH,IAAIkB,MAAMC,oBAAoBsG;EACvC;AACA,QAAMjI,aAAa,MAAM+K,oBAAoBR,QAAQlK,OAAAA;AACrD,QAAM6K,aAAa,MAAMtH,qCACvB;IACE5D;IACAO,gBAAgB;EAClB,GACAF,OAAAA;AAEF,QAAM8K,QAAQD,WAAWzJ,KAAK,CAAC2J,gBAAgBA,YAAY7J,QAAQf,IAAIe,GAAG;AAC1E,MAAI4J,OAAO;AACT,WAAOA,MAAMzJ,MAAMC,oBAAoBsG,MAAMkD,MAAMzJ,MAAM6C,iBAAiBgG,OAAO/F,aAAa2G,MAAM5J;EACtG;AAEA,SAAOf,IAAIkB,MAAM6C,iBAAiBgG,OAAO/F,aAAahE,IAAIe;AAC5D;AA3BsB0J;AA6BtB,eAAsBI,uBAAuBC,SAAsBjL,SAAmC;AACpG,SAAOiL,QAAQC,uBAAwB,MAAMnB,mBAAmB/J,OAAAA;AAClE;AAFsBgL;AAIf,SAASnC,iBACd7I,SACA0B,MAIC;AAED,SAAO,IAAIyJ,iBAAiBnL,SAAS0B,IAAAA;AACvC;AATgBmH;AAWT,IAAMsC,mBAAN,MAAMA;EAxuBb,OAwuBaA;;;EACMnL;EACAoL;EACAC;EACAC;EAEjBC,YACEvL,SACA0B,MACA;AACA,SAAK1B,UAAUA;AACf,SAAKoL,qBAAqB1J,MAAM0J,uBAAuB;AACvD,SAAKC,wBAAwB3J,MAAM2J,0BAA0B;AAC7D,SAAKC,kBAAkB5J,MAAM4J,oBAAoB;EACnD;EAEA,MAAMxC,QAAQpE,QAAgB5C,SAA8D;AAC1F,QAAI0J;AACJ,QAAIC;AACJ,QAAIC;AACJ,QAAI,CAAC,KAAKN,sBAAsB,CAAC,KAAKE,mBAAmB,CAAC,KAAKD,uBAAuB;AACpF,YAAM7K,MAAM,6HAA6H;IAC3I;AACA,QAAI,KAAK4K,oBAAoB;AAC3B,UAAI;AACFI,2BAAmB,MAAM,KAAKxL,QAAQwC,MAAMmJ,WAAW;UAAEjH;UAAQ5C;QAAQ,CAAA;MAC3E,SAASyE,OAAgB;AACvBmF,cAAMnF;MACR;IACF;AACA,QAAIiF,kBAAkB;AACpBC,6BAAuBD;AACvB,UAAIA,iBAAiB3K,gBAAgB,MAAM;AACzC2K,2BAAmBpL;MACrB;IACF,OAAO;AACLoG,cAAQoF,IAAI,wEAAwE;IACtF;AACA,QAAI,CAACJ,oBAAoB,KAAKF,iBAAiB;AAC7C9E,cAAQoF,IAAI,kEAAkE;AAC9E,UAAI;AACF,cAAMpK,MAAMkD,OAAO8F,MAAM,GAAA,EAAK,CAAA;AAC9B,cAAMqB,cAAc,MAAM,KAAK7L,QAAQwC,MAAMmI,cAAc;UAAEnJ;QAAI,CAAA;AACjEgK,2BAAmBM,sBAAsBD,aAAa;UAAErK;QAAI,CAAA;AAC5D,YAAIgK,iBAAiB3K,aAAa;AAChC6K,gBAAMtL;QACR,OAAO;AACLoG,kBAAQoF,IAAI,mDAAmDpK,GAAAA,EAAK;QACtE;MACF,SAAS+E,OAAgB;AACvB,YAAI,CAACmF,KAAK;AACRA,gBAAMnF;QACR;MACF;IACF;AACA,QAAIiF,kBAAkB;AACpB,UAAI,CAACC,sBAAsB;AACzBA,+BAAuBD;MACzB;AACA,UAAI,CAACA,iBAAiB3K,aAAa;AACjC2K,2BAAmBpL;MACrB;IACF;AACA,QAAI,CAACoL,oBAAoB,KAAKH,uBAAuB;AACnD7E,cAAQoF,IAAI,+CAA+ClH,MAAAA,GAAS;AACpE8G,yBAAmB,MAAM,IAAIO,YAAAA,EAAcjD,QAAQpE,QAAQ5C,OAAAA;AAC3D,UAAI,CAAC2J,sBAAsB;AACzBA,+BAAuBD;MACzB;AACA,UAAIA,iBAAiB3K,aAAa;AAChC6K,cAAMtL;MACR;IACF;AAEA,QAAIsL,KAAK;AAEP,YAAMA;IACR;AACA,QAAI,CAACF,oBAAoB,CAACC,sBAAsB;AAC9C,YAAM,qBAAqB/G,MAAAA,gCAAsC,KAAK0G,kBAAkB,YAAY,KAAKE,eAAe,mBAAmB,KAAKD,qBAAqB;IACvK;AACA,WAAOG,oBAAoBC;EAC7B;AACF;AAYO,SAAS7K,cACdjB,YACA+B,MAGC;AAED,MAAIb,cAAuCT;AAE3C,MAAIT,YAAY;AACd,UAAM6B,MAAM7B,WAAW6B,OAAOE,MAAMF;AACpCX,kBAAc;MACZ,YAAY;MACZ+G,IAAIpG;MACJF,oBAAoB3B,WAAWmB,KAAKC,IAAI,CAACZ,QAAAA;AACvC,cAAMkF,KAAyB;UAC7B2G,YAAYxK;UACZoG,IAAIzH,IAAIe,IAAIsI,WAAWhI,GAAAA,KAAQrB,IAAIe,IAAIR,SAAS,GAAA,IAAOP,IAAIe,MAAM,GAAGM,GAAAA,IAAOrB,IAAIe,GAAG;UAClF8D,cAAc0C,MAAMvH,IAAI4D,cAAc5D,IAAIc,MAAM;YAC9CgL,KAAKC,aAAaxL,SAASP,IAAIc,IAAI,IAAIkL,UAAUC,aAAaD,UAAUE;YACxElM;UACF,CAAA;UACAc,MAAM;QACR;AACA,eAAOoE;MACT,CAAA;MACA,IAAK3D,MAAMuK,QAAQ7L,UAAasB,MAAMuK,KAAKvL,SAASyL,UAAUE,SAAS,MACrE1M,WAAWmB,QAAQ;QACjByH,iBAAiB5I,WAAWmB,KACzBE,OACC,CAACb,QACCA,KAAKkB,MAAMiL,YAAYlM,UAAaD,KAAKkB,MAAMiL,YAAY,qBAAqBnM,KAAKkB,MAAME,UAAUb,SAAS,iBAAA,CAAA,EAEjHK,IAAI,CAACZ,QAAAA;AACJ,cAAIA,IAAIe,IAAIsI,WAAWhI,GAAAA,KAAQrB,IAAIe,IAAIR,SAAS,GAAA,GAAM;AACpD,mBAAOP,IAAIe;UACb;AACA,iBAAO,GAAGM,GAAAA,IAAOrB,IAAIe,GAAG;QAC1B,CAAA;MACJ;MACF,IAAKQ,MAAMuK,QAAQ7L,UAAasB,MAAMuK,KAAKvL,SAASyL,UAAUE,SAAS,MACrE1M,WAAWmB,QAAQ;QACjB0H,gBAAgB7I,WAAWmB,KACxBE,OACC,CAACb,QAAQA,KAAKkB,MAAMiL,YAAYlM,UAAaD,KAAKkB,MAAMiL,YAAY,oBAAoBnM,KAAKkB,MAAME,UAAUb,SAAS,gBAAA,CAAA,EAEvHK,IAAI,CAACZ,QAAAA;AACJ,cAAIA,IAAIe,IAAIsI,WAAWhI,GAAAA,KAAQrB,IAAIe,IAAIR,SAAS,GAAA,GAAM;AACpD,mBAAOP,IAAIe;UACb;AACA,iBAAO,GAAGM,GAAAA,IAAOrB,IAAIe,GAAG;QAC1B,CAAA;MACJ;MACF,IAAKQ,MAAMuK,QAAQ7L,UAAasB,MAAMuK,KAAKvL,SAASyL,UAAUC,UAAU,MACtEzM,WAAWmB,QAAQ;QACjB2H,cAAc9I,WAAWmB,KACtBE,OAAO,CAACb,QAAQA,IAAIc,SAAS,YAAYd,KAAKkB,MAAMiL,YAAY,kBAAkBnM,KAAKkB,MAAME,UAAUb,SAAS,cAAA,CAAA,EAChHK,IAAI,CAACZ,QAAAA;AACJ,cAAIA,IAAIe,IAAIsI,WAAWhI,GAAAA,KAAQrB,IAAIe,IAAIR,SAAS,GAAA,GAAM;AACpD,mBAAOP,IAAIe;UACb;AACA,iBAAO,GAAGM,GAAAA,IAAOrB,IAAIe,GAAG;QAC1B,CAAA;MACJ;MACF,IAAKQ,MAAMuK,QAAQ7L,UAAasB,MAAMuK,KAAKvL,SAASyL,UAAUC,UAAU,MACtEzM,WAAWmB,QAAQ;QACjB4H,sBAAsB/I,WAAWmB,KAC9BE,OACC,CAACb,QAAQA,IAAIc,SAAS,YAAYd,KAAKkB,MAAMiL,YAAY,0BAA0BnM,KAAKkB,MAAME,UAAUb,SAAS,sBAAA,CAAA,EAElHK,IAAI,CAACZ,QAAAA;AACJ,cAAIA,IAAIe,IAAIsI,WAAWhI,GAAAA,KAAQrB,IAAIe,IAAIR,SAAS,GAAA,GAAM;AACpD,mBAAOP,IAAIe;UACb;AACA,iBAAO,GAAGM,GAAAA,IAAOrB,IAAIe,GAAG;QAC1B,CAAA;MACJ;MACF,IAAKQ,MAAMuK,QAAQ7L,UAAasB,MAAMuK,KAAKvL,SAASyL,UAAUC,UAAU,MACtEzM,WAAWmB,QAAQ;QACjB6H,sBAAsBhJ,WAAWmB,KAC9BE,OACC,CAACb,QAAQA,IAAIc,SAAS,YAAYd,KAAKkB,MAAMiL,YAAY,0BAA0BnM,KAAKkB,MAAME,UAAUb,SAAS,sBAAA,CAAA,EAElHK,IAAI,CAACZ,QAAAA;AACJ,cAAIA,IAAIe,IAAIsI,WAAWhI,GAAAA,KAAQrB,IAAIe,IAAIR,SAAS,GAAA,GAAM;AACpD,mBAAOP,IAAIe;UACb;AACA,iBAAO,GAAGM,GAAAA,IAAOrB,IAAIe,GAAG;QAC1B,CAAA;MACJ;MACF,GAAIvB,WAAW4M,YAAY5M,WAAW4M,SAAS1J,SAAS,KAAK;QAAE2J,SAAS7M,WAAW4M;MAAS;IAC9F;EACF;AACA,SAAO1L;AACT;AA9FgBD;AAgGT,SAASkL,sBACdnM,YACA+B,MAGC;AAED,QAAMb,cAAcD,cAAcjB,YAAY+B,IAAAA,KAAS;AAEvD,QAAM8J,mBAAwC;IAC5C,YAAY;IACZ3K;IACA4L,uBAAuB;MACrB,GAAI,CAAC5L,eAAe;QAAE0F,OAAO;MAAW;MACxC,GAAI/C,MAAMC,QAAQ/B,MAAMgL,gBAAAA,KACtB/M,cACA,CAAC+B,MAAMgL,iBAAiBhM,SAASf,WAAW+C,SAASwE,QAAQ,QAAQ,EAAA,CAAA,KAAQ;QAAEX,OAAO;MAAuB;IACjH;IACAoG,qBAAqB;MACnB,GAAIhN,YAAYsD,SAAS;QAAE2J,cAAcjN,YAAYsD;MAAM;IAC7D;EACF;AACA,SAAOuI;AACT;AAvBgBM;AAyBhB,eAAsBe,SAASC,eAAqB;AAClD,MAAItL,MAAMsL;AACV,MAAI,CAACtL,KAAK;AACR,UAAMhB,MAAM,+CAAA;EACd;AACA,MAAIgB,IAAIgI,WAAW,UAAA,GAAa;AAC9B,WAAOhI;EACT;AACA,SAAO,WAAWA,IAAI0F,QAAQ,2BAA2B,IAAA,EAAMrD,YAAW,CAAA;AAC5E;AATsBgJ;AAcf,IAAME,aAAa,8BAAOC,SAAAA;AAC/B,QAAM,EAAE9C,QAAQ+C,QAAQC,SAASlN,SAAS8B,QAAO,IAAKkL;AACtD,QAAMG,aAAa;IACjB,GAAGrL;IACHsL,QAAQ,MAAMC,aAAa;MAAEnD;MAAQlK;IAAQ,CAAA;EAC/C;AAEA,SAAOsN,UAAUJ,SAASC,YAAYF,MAAAA;AACxC,GAR0B;AAanB,IAAMI,eAAe,8BAC1BL,SAAAA;AAiBA,QAAM,EAAE9C,QAAQlK,QAAO,IAAKgN;AAE5B,QAAMrN,aAAa,MAAM+K,oBAAoBR,QAAQlK,OAAAA;AACrD,QAAMG,MAAM,MAAMkK,OAChB;IACE1K;IACAO,gBAAgBgK,OAAOqD;IACvBpJ,WAAW+F,OAAO/F;EACpB,GACAnE,OAAAA;AAEF,QAAMwN,YAAY,MAAMC,0BAA0B;IAAEtN;EAAI,CAAA;AAExD,SAAO,OAAOuN,SAAAA;AACZ,UAAMzG,QAAQyG,gBAAgBC,OAAOC,eAAepG,UAAAA,IAAc,IAAIqG,YAAAA,EAAcC,OAAOJ,IAAAA,IAAuBA;AAClH,WAAO,MAAM1N,QAAQwC,MAAMuL,eAAe;MACxCC,QAAQ7N,IAAIe;MACZsM;MACAE,MAAMzG;IACR,CAAA;EACF;AACF,GAvC4B;","names":["computeAddress","UniResolver","ENC_KEY_ALGS","getKms","JwkKeyUse","keyTypeFromCryptographicSuite","sanitizedJwk","signatureAlgorithmFromKey","toJwk","base64ToHex","hexKeyFromPEMBasedJwk","base58ToBytes","base64ToBytes","bytesToHex","hexToBytes","multibaseKeyToBytes","convertPublicKeyToX25519","compressIdentifierSecp256k1Keys","convertIdentifierEncryptionKeys","getEthereumAddress","isDefined","mapIdentifierKeysToDoc","createJWT","elliptic","u8a","SupportedDidMethodEnum","IdentifierAliasEnum","DID_PREFIX","fromString","toString","u8a","getAuthenticationKey","identifier","offlineWhenNoDIDRegistered","noVerificationMethodFallback","keyType","controllerKey","context","getFirstKeyWithRelation","vmRelationship","key","undefined","getFirstKeyWithRelationFromDIDDoc","errorOnNotFound","e","Error","message","includes","offlineDID","toDidDocument","didDocument","keys","map","filter","type","kid","controllerKeyId","find","meta","verificationMethod","purposes","did","getOrCreatePrimaryIdentifier","opts","primaryIdentifier","getPrimaryIdentifier","createOpts","options","method","created","result","SupportedDidMethodEnum","DID_KEY","codecName","createdIdentifier","createIdentifier","identifiers","agent","didManagerFind","provider","DID_PREFIX","some","length","didManagerCreate","kms","getKms","alias","IdentifierAliasEnum","PRIMARY","Date","getTime","matchedKeys","mapIdentifierKeysToDocWithJwkSupport","Array","isArray","getEthereumAddressFromKey","ethereumAddress","account","toLowerCase","computeAddress","publicKeyHex","getControllerKey","getKeys","jwkThumbprint","kmsKeyRef","dereferenceDidKeysWithJwkSupport","section","convert","Promise","all","getDIDComponentById","didUrl","isDefined","hexKey","extractPublicKeyHexWithJwkSupport","publicKeyBase58","publicKeyBase64","publicKeyJwk","keyProps","newKey","jwkTtoPublicKeyHex","jwk","vm","sanitizedJwk","pk","kty","curve","crv","toEcLibCurve","xHex","base64ToHex","x","yHex","y","prefix","hex","ec","elliptic","keyFromPublic","getPublic","error","console","hexKeyFromPEMBasedJwk","extractPublicKeyHex","isEvenHexString","lastChar","keyBytes","extractPublicKeyBytes","convertPublicKeyToX25519","bytesToHex","input","replace","base58ToBytes","publicKeyMultibase","multibaseKeyToBytes","base64ToBytes","hexToBytes","Uint8Array","verificationMethodToJwk","toJwk","keyTypeFromCryptographicSuite","id","didDocumentSectionToJwks","didDocumentSection","searchForVerificationMethods","verificationMethods","jwks","Set","vmOrId","from","didDocumentToJwks","publicKey","assertionMethod","authentication","keyAgreement","capabilityInvocation","capabilityDelegation","didDoc","getAgentResolver","resolve","then","mapIdentifierKeysToDoc","documentKeys","found","localKeys","convertIdentifierEncryptionKeys","compressIdentifierSecp256k1Keys","extendedKeys","localKey","startsWith","compareBlockchainAccountId","localProps","concat","vmEthAddr","getEthereumAddress","computedAddr","getAgentDIDMethods","didManagerGetProviders","getDID","idOpts","toDID","toDIDs","getKey","reject","kmsKeyRefParts","split","identifierKey","legacyGetIdentifier","didManagerGet","determineKid","mappedKeys","vmKey","extendedKey","getSupportedDIDMethods","didOpts","supportedDIDMethods","AgentDIDResolver","resolverResolution","uniresolverResolution","localResolution","constructor","resolutionResult","origResolutionResult","err","resolveDid","log","iIdentifier","toDidResolutionResult","UniResolver","controller","use","ENC_KEY_ALGS","JwkKeyUse","Encryption","Signature","purpose","services","service","didResolutionMetadata","supportedMethods","didDocumentMetadata","equivalentId","asDidWeb","hostnameOrDID","signDidJWT","args","header","payload","jwtOptions","signer","getDidSigner","createJWT","verificationMethodSection","algorithm","signatureAlgorithmFromKey","data","Object","getPrototypeOf","TextDecoder","decode","keyManagerSign","keyRef"]}
package/package.json CHANGED
@@ -1,7 +1,7 @@
1
1
  {
2
2
  "name": "@sphereon/ssi-sdk-ext.did-utils",
3
3
  "description": "DID Utils",
4
- "version": "0.28.1-feature.jose.vcdm.20+0d68761",
4
+ "version": "0.28.1-feature.jose.vcdm.22+3b45295",
5
5
  "source": "./src/index.ts",
6
6
  "type": "module",
7
7
  "main": "./dist/index.cjs",
@@ -25,8 +25,8 @@
25
25
  "@ethersproject/networks": "^5.7.1",
26
26
  "@ethersproject/transactions": "^5.7.0",
27
27
  "@sphereon/did-uni-client": "^0.6.3",
28
- "@sphereon/ssi-sdk-ext.key-utils": "0.28.1-feature.jose.vcdm.20+0d68761",
29
- "@sphereon/ssi-sdk-ext.x509-utils": "0.28.1-feature.jose.vcdm.20+0d68761",
28
+ "@sphereon/ssi-sdk-ext.key-utils": "0.28.1-feature.jose.vcdm.22+3b45295",
29
+ "@sphereon/ssi-sdk-ext.x509-utils": "0.28.1-feature.jose.vcdm.22+3b45295",
30
30
  "@sphereon/ssi-sdk.agent-config": "0.33.1-feature.jose.vcdm.56",
31
31
  "@sphereon/ssi-sdk.core": "0.33.1-feature.jose.vcdm.56",
32
32
  "@sphereon/ssi-types": "0.33.1-feature.jose.vcdm.56",
@@ -53,5 +53,5 @@
53
53
  "author": "Sphereon <dev@sphereon.com>",
54
54
  "license": "Apache-2.0",
55
55
  "keywords": [],
56
- "gitHead": "0d68761c4490c4759a24780bdb9e29046145549d"
56
+ "gitHead": "3b452950a62a171d157338cab2634c4a5371409c"
57
57
  }
package/src/did-functions.ts CHANGED
@@ -31,6 +31,7 @@ import type { DIDResolutionOptions, JsonWebKey, Resolvable, VerificationMethod }
31
31
  import elliptic from 'elliptic'
32
32
  // @ts-ignore
33
33
  import * as u8a from 'uint8arrays'
34
+
34
35
  const { fromString, toString } = u8a
35
36
  import {
36
37
  type CreateIdentifierOpts,
@@ -505,10 +506,12 @@ export async function mapIdentifierKeysToDocWithJwkSupport(
505
506
  identifier,
506
507
  vmRelationship = 'verificationMethod',
507
508
  didDocument,
509
+ kmsKeyRef,
508
510
  }: {
509
511
  identifier: IIdentifier
510
512
  vmRelationship?: DIDDocumentSection
511
513
  didDocument?: DIDDocument
514
+ kmsKeyRef?: string
512
515
  },
513
516
  context: IAgentContext<IResolver & IDIDManager>
514
517
  ): Promise<_ExtendedIKey[]> {
@@ -529,6 +532,13 @@ export async function mapIdentifierKeysToDocWithJwkSupport(
529
532
  // dereference all key agreement keys from DID document and normalize
530
533
  const documentKeys: VerificationMethod[] = await dereferenceDidKeysWithJwkSupport(didDoc, vmRelationship, context)
531
534
 
535
+ if (kmsKeyRef) {
536
+ let found = keys.filter((key) => key.kid === kmsKeyRef)
537
+ if (found.length > 0) {
538
+ return found
539
+ }
540
+ }
541
+
532
542
  const localKeys = vmRelationship === 'keyAgreement' ? convertIdentifierEncryptionKeys(identifier) : compressIdentifierSecp256k1Keys(identifier)
533
543
 
534
544
  // finally map the didDocument keys to the identifier keys by comparing `publicKeyHex`
@@ -552,7 +562,7 @@ export async function mapIdentifierKeysToDocWithJwkSupport(
552
562
  })
553
563
  .filter(isDefined)
554
564
 
555
- return keys.concat(extendedKeys)
565
+ return Array.from(new Set(keys.concat(extendedKeys)))
556
566
  }
557
567
 
558
568
  /**
@@ -623,7 +633,7 @@ export async function getKey(
623
633
  kmsKeyRef?: string
624
634
  },
625
635
  context: IAgentContext<IResolver & IDIDManager>
626
- ): Promise<IKey> {
636
+ ): Promise<_ExtendedIKey> {
627
637
  if (!identifier) {
628
638
  return Promise.reject(new Error(`No identifier provided to getKey method!`))
629
639
  }
@@ -631,26 +641,27 @@ export async function getKey(
631
641
  const kmsKeyRefParts = kmsKeyRef?.split(`#`)
632
642
  const kid = kmsKeyRefParts ? (kmsKeyRefParts?.length === 2 ? kmsKeyRefParts[1] : kmsKeyRefParts[0]) : undefined
633
643
  // todo: We really should do a keyRef and external kid here
634
- let identifierKey = kmsKeyRef ? identifier.keys.find((key: IKey) => key.kid === kid || key?.meta?.jwkThumbprint === kid) : undefined
644
+ // const keyRefKeys = kmsKeyRef ? identifier.keys.find((key: IKey) => key.kid === kid || key?.meta?.jwkThumbprint === kid) : undefined
645
+ let identifierKey: _ExtendedIKey | undefined = undefined
646
+
647
+ const keys = await mapIdentifierKeysToDocWithJwkSupport({ identifier, vmRelationship: vmRelationship, kmsKeyRef: kmsKeyRef }, context)
648
+ if (!keys || keys.length === 0) {
649
+ throw new Error(`No keys found for verificationMethodSection: ${vmRelationship} and did ${identifier.did}`)
650
+ }
651
+ if (kmsKeyRef) {
652
+ identifierKey = keys.find(
653
+ (key: _ExtendedIKey) => key.meta.verificationMethod?.id === kmsKeyRef || (kid && key.meta.verificationMethod?.id?.includes(kid))
654
+ )
655
+ }
635
656
  if (!identifierKey) {
636
- const keys = await mapIdentifierKeysToDocWithJwkSupport({ identifier, vmRelationship: vmRelationship }, context)
637
- if (!keys || keys.length === 0) {
638
- throw new Error(`No keys found for verificationMethodSection: ${vmRelationship} and did ${identifier.did}`)
639
- }
640
- if (kmsKeyRef) {
641
- identifierKey = keys.find(
642
- (key: _ExtendedIKey) => key.meta.verificationMethod?.id === kmsKeyRef || (kid && key.meta.verificationMethod?.id?.includes(kid))
643
- )
644
- }
645
- if (!identifierKey) {
646
- identifierKey = keys.find(
647
- (key: _ExtendedIKey) => key.meta.verificationMethod?.type === vmRelationship || key.meta.purposes?.includes(vmRelationship)
648
- )
649
- }
650
- if (!identifierKey) {
651
- identifierKey = keys[0]
652
- }
657
+ identifierKey = keys.find(
658
+ (key: _ExtendedIKey) => key.meta.verificationMethod?.type === vmRelationship || key.meta.purposes?.includes(vmRelationship)
659
+ )
653
660
  }
661
+ if (!identifierKey) {
662
+ identifierKey = keys[0]
663
+ }
664
+
654
665
  if (!identifierKey) {
655
666
  throw new Error(
656
667
  `No matching verificationMethodSection key found for keyId: ${kmsKeyRef} and vmSection: ${vmRelationship} for id ${identifier.did}`