@sphereon/ssi-sdk-ext.did-utils 0.34.1-next.91 → 0.36.1-feat.SSISDK.83.11

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (4) hide show
  1. package/dist/index.cjs.map +1 -1
  2. package/dist/index.js.map +1 -1
  3. package/package.json +7 -7
  4. package/src/did-functions.ts +37 -35
package/dist/index.cjs.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"sources":["../src/index.ts","../src/did-functions.ts","../src/types.ts"],"sourcesContent":["export * from './did-functions'\nexport * from './types'\n","import { computeAddress } from '@ethersproject/transactions'\nimport { UniResolver } from '@sphereon/did-uni-client'\nimport {\n ENC_KEY_ALGS,\n getKms,\n JwkKeyUse,\n keyTypeFromCryptographicSuite,\n rsaJwkToRawHexKey,\n sanitizedJwk,\n signatureAlgorithmFromKey,\n type TKeyType,\n toJwk,\n toPkcs1FromHex,\n} from '@sphereon/ssi-sdk-ext.key-utils'\nimport { base64ToHex } from '@sphereon/ssi-sdk-ext.x509-utils'\nimport { base58ToBytes, base64ToBytes, bytesToHex, hexToBytes, multibaseKeyToBytes } from '@sphereon/ssi-sdk.core'\nimport type { JWK } from '@sphereon/ssi-types'\nimport { convertPublicKeyToX25519 } from '@stablelib/ed25519'\nimport type { DIDDocument, DIDDocumentSection, DIDResolutionResult, IAgentContext, IDIDManager, IIdentifier, IKey, IResolver } from '@veramo/core'\nimport {\n type _ExtendedIKey,\n type _ExtendedVerificationMethod,\n type _NormalizedVerificationMethod,\n compressIdentifierSecp256k1Keys,\n convertIdentifierEncryptionKeys,\n getEthereumAddress,\n isDefined,\n mapIdentifierKeysToDoc,\n} from '@veramo/utils'\nimport { createJWT, Signer } from 'did-jwt'\nimport type { DIDResolutionOptions, JsonWebKey, Resolvable, VerificationMethod } from 'did-resolver'\n// @ts-ignore\nimport elliptic from 'elliptic'\n// @ts-ignore\nimport * as u8a from 'uint8arrays'\nimport {\n type CreateIdentifierOpts,\n type CreateOrGetIdentifierOpts,\n DID_PREFIX,\n type GetOrCreateResult,\n type GetSignerArgs,\n IdentifierAliasEnum,\n type IdentifierProviderOpts,\n type IDIDOptions,\n type SignJwtArgs,\n SupportedDidMethodEnum,\n} from './types'\n\nconst { fromString, toString } = u8a\n\nexport const getAuthenticationKey = async (\n {\n identifier,\n offlineWhenNoDIDRegistered,\n noVerificationMethodFallback,\n keyType,\n controllerKey,\n }: {\n identifier: IIdentifier\n keyType?: TKeyType\n offlineWhenNoDIDRegistered?: boolean\n noVerificationMethodFallback?: boolean\n controllerKey?: boolean\n },\n context: IAgentContext<IResolver & IDIDManager>\n): Promise<_ExtendedIKey> => {\n return await getFirstKeyWithRelation(\n {\n identifier,\n offlineWhenNoDIDRegistered,\n noVerificationMethodFallback,\n keyType,\n controllerKey,\n vmRelationship: 'authentication',\n },\n context\n )\n}\nexport const getFirstKeyWithRelation = async (\n {\n identifier,\n offlineWhenNoDIDRegistered,\n noVerificationMethodFallback,\n keyType,\n controllerKey,\n vmRelationship,\n }: {\n identifier: IIdentifier\n keyType?: TKeyType\n offlineWhenNoDIDRegistered?: boolean\n noVerificationMethodFallback?: boolean\n controllerKey?: boolean\n vmRelationship: DIDDocumentSection\n },\n context: IAgentContext<IResolver & IDIDManager>\n): Promise<_ExtendedIKey> => {\n let key: _ExtendedIKey | undefined = undefined\n try {\n key =\n (await getFirstKeyWithRelationFromDIDDoc(\n {\n identifier,\n vmRelationship,\n errorOnNotFound: false,\n keyType,\n controllerKey,\n },\n context\n )) ??\n (noVerificationMethodFallback || vmRelationship === 'verificationMethod' // let's not fallback to the same value again\n ? undefined\n : await getFirstKeyWithRelationFromDIDDoc(\n {\n identifier,\n vmRelationship: 'verificationMethod',\n errorOnNotFound: false,\n keyType,\n controllerKey,\n },\n context\n ))\n } catch (e) {\n if (e instanceof Error) {\n if (!e.message.includes('404') || !offlineWhenNoDIDRegistered) {\n throw e\n }\n } else {\n throw e\n }\n }\n if (!key && offlineWhenNoDIDRegistered) {\n const offlineDID = toDidDocument(identifier)\n key =\n (await getFirstKeyWithRelationFromDIDDoc(\n {\n identifier,\n vmRelationship,\n errorOnNotFound: false,\n didDocument: offlineDID,\n keyType,\n controllerKey,\n },\n context\n )) ??\n (noVerificationMethodFallback || vmRelationship === 'verificationMethod' // let's not fallback to the same value again\n ? undefined\n : await getFirstKeyWithRelationFromDIDDoc(\n {\n identifier,\n vmRelationship: 'verificationMethod',\n errorOnNotFound: false,\n didDocument: offlineDID,\n keyType,\n controllerKey,\n },\n context\n ))\n if (!key) {\n key = identifier.keys\n .map((key) => key as _ExtendedIKey)\n .filter((key) => keyType === undefined || key.type === keyType || (controllerKey && key.kid === identifier.controllerKeyId))\n .find((key) => key.meta.verificationMethod?.type.includes('authentication') || key.meta.purposes?.includes('authentication'))\n }\n }\n if (!key) {\n throw Error(`Could not find authentication key for DID ${identifier.did}`)\n }\n return key\n}\n\nexport const getOrCreatePrimaryIdentifier = async (\n context: IAgentContext<IDIDManager>,\n opts?: CreateOrGetIdentifierOpts\n): Promise<GetOrCreateResult<IIdentifier>> => {\n const primaryIdentifier = await getPrimaryIdentifier(context, { ...opts?.createOpts?.options, ...(opts?.method && { method: opts.method }) })\n if (primaryIdentifier !== undefined) {\n return {\n created: false,\n result: primaryIdentifier,\n }\n }\n\n if (opts?.method === SupportedDidMethodEnum.DID_KEY) {\n const createOpts = opts?.createOpts ?? {}\n createOpts.options = { codecName: 'EBSI', type: 'Secp256r1', ...createOpts }\n opts.createOpts = createOpts\n }\n const createdIdentifier = await createIdentifier(context, opts)\n return {\n created: true,\n result: createdIdentifier,\n }\n}\n\nexport const getPrimaryIdentifier = async (context: IAgentContext<IDIDManager>, opts?: IdentifierProviderOpts): Promise<IIdentifier | undefined> => {\n const identifiers = (await context.agent.didManagerFind(opts?.method ? { provider: `${DID_PREFIX}${opts?.method}` } : {})).filter(\n (identifier: IIdentifier) => opts?.type === undefined || identifier.keys.some((key: IKey) => key.type === opts?.type)\n )\n\n return identifiers && identifiers.length > 0 ? identifiers[0] : undefined\n}\n\nexport const createIdentifier = async (context: IAgentContext<IDIDManager>, opts?: CreateIdentifierOpts): Promise<IIdentifier> => {\n return await context.agent.didManagerCreate({\n kms: await getKms(context, opts?.createOpts?.kms),\n ...(opts?.method && { provider: `${DID_PREFIX}${opts?.method}` }),\n alias: opts?.createOpts?.alias ?? `${IdentifierAliasEnum.PRIMARY}-${opts?.method}-${opts?.createOpts?.options?.type}-${new Date().getTime()}`,\n options: opts?.createOpts?.options,\n })\n}\n\nexport const getFirstKeyWithRelationFromDIDDoc = async (\n {\n identifier,\n vmRelationship = 'verificationMethod',\n keyType,\n errorOnNotFound = false,\n didDocument,\n controllerKey,\n }: {\n identifier: IIdentifier\n controllerKey?: boolean\n vmRelationship?: DIDDocumentSection\n keyType?: TKeyType\n errorOnNotFound?: boolean\n didDocument?: DIDDocument\n },\n context: IAgentContext<IResolver & IDIDManager>\n): Promise<_ExtendedIKey | undefined> => {\n const matchedKeys = await mapIdentifierKeysToDocWithJwkSupport({ identifier, vmRelationship, didDocument }, context)\n if (Array.isArray(matchedKeys) && matchedKeys.length > 0) {\n const result = matchedKeys.find(\n (key) => keyType === undefined || key.type === keyType || (controllerKey && key.kid === identifier.controllerKeyId)\n )\n if (result) {\n return result\n }\n }\n if (errorOnNotFound) {\n throw new Error(\n `Could not find key with relationship ${vmRelationship} in DID document for ${identifier.did}${keyType ? ' and key type: ' + keyType : ''}`\n )\n }\n return undefined\n}\n\nexport const getEthereumAddressFromKey = ({ key }: { key: IKey }) => {\n if (key.type !== 'Secp256k1') {\n throw Error(`Can only get ethereum address from a Secp256k1 key. Type is ${key.type} for keyRef: ${key.kid}`)\n }\n const ethereumAddress = key.meta?.ethereumAddress ?? key.meta?.account?.toLowerCase() ?? computeAddress(`0x${key.publicKeyHex}`).toLowerCase()\n if (!ethereumAddress) {\n throw Error(`Could not get or generate ethereum address from key with keyRef ${key.kid}`)\n }\n return ethereumAddress\n}\n\nexport const getControllerKey = ({ identifier }: { identifier: IIdentifier }) => {\n const key = identifier.keys.find((key) => key.kid === identifier.controllerKeyId)\n if (!key) {\n throw Error(`Could not get controller key for identifier ${identifier}`)\n }\n return key\n}\n\nexport const getKeys = ({\n jwkThumbprint,\n kms,\n identifier,\n kmsKeyRef,\n keyType,\n controllerKey,\n}: {\n identifier: IIdentifier\n kmsKeyRef?: string\n keyType?: TKeyType\n kms?: string\n jwkThumbprint?: string\n controllerKey?: boolean\n}) => {\n return identifier.keys\n .filter((key) => !keyType || key.type === keyType)\n .filter((key) => !kms || key.kms === kms)\n .filter((key) => !kmsKeyRef || key.kid === kmsKeyRef)\n .filter((key) => !jwkThumbprint || key.meta?.jwkThumbprint === jwkThumbprint)\n .filter((key) => !controllerKey || identifier.controllerKeyId === key.kid)\n}\n\n//TODO: Move to ssi-sdk/core and create PR upstream\n/**\n * Dereferences keys from DID document and normalizes them for easy comparison.\n *\n * When dereferencing keyAgreement keys, only Ed25519 and X25519 curves are supported.\n * Other key types are omitted from the result and Ed25519 keys are converted to X25519\n *\n * @returns a Promise that resolves to the list of dereferenced keys.\n *\n * @beta This API may change without a BREAKING CHANGE notice.\n */\nexport async function dereferenceDidKeysWithJwkSupport(\n didDocument: DIDDocument,\n section: DIDDocumentSection = 'keyAgreement',\n context: IAgentContext<IResolver>\n): Promise<_NormalizedVerificationMethod[]> {\n const convert = section === 'keyAgreement'\n if (section === 'service') {\n return []\n }\n return (\n await Promise.all(\n (didDocument[section] || []).map(async (key: string | VerificationMethod) => {\n if (typeof key === 'string') {\n try {\n return (await context.agent.getDIDComponentById({\n didDocument,\n didUrl: key,\n section,\n })) as _ExtendedVerificationMethod\n } catch (e) {\n return null\n }\n } else {\n return key as _ExtendedVerificationMethod\n }\n })\n )\n )\n .filter(isDefined)\n .map((key) => {\n const hexKey = extractPublicKeyHexWithJwkSupport(key, convert)\n const { publicKeyHex, publicKeyBase58, publicKeyBase64, publicKeyJwk, ...keyProps } = key\n const newKey = { ...keyProps, publicKeyHex: hexKey }\n if (convert && 'Ed25519VerificationKey2018' === newKey.type) {\n newKey.type = 'X25519KeyAgreementKey2019'\n }\n return newKey\n })\n}\n\nexport function jwkTtoPublicKeyHex(jwk: JWK): string {\n // todo: Hacky way to convert this to a VM. Should extract the logic from the below methods\n // @ts-ignore\n const vm: _ExtendedVerificationMethod = {\n publicKeyJwk: sanitizedJwk(jwk),\n }\n return extractPublicKeyHexWithJwkSupport(vm)\n}\n\n/**\n * Converts the publicKey of a VerificationMethod to hex encoding (publicKeyHex)\n *\n * @param pk - the VerificationMethod to be converted\n * @param convert - when this flag is set to true, Ed25519 keys are converted to their X25519 pairs\n * @returns the hex encoding of the public key\n *\n * @beta This API may change without a BREAKING CHANGE notice.\n */\nexport function extractPublicKeyHexWithJwkSupport(pk: _ExtendedVerificationMethod, convert = false): string {\n if (pk.publicKeyJwk) {\n const jwk = sanitizedJwk(pk.publicKeyJwk)\n if (jwk.kty === 'EC') {\n const curve = jwk.crv ? toEcLibCurve(jwk.crv) : 'p256'\n const xHex = base64ToHex(jwk.x!, 'base64url')\n const yHex = base64ToHex(jwk.y!, 'base64url')\n const prefix = '04' // isEven(yHex) ? '02' : '03'\n // Uncompressed Hex format: 04<x><y>\n // Compressed Hex format: 02<x> (for even y) or 03<x> (for uneven y)\n const hex = `${prefix}${xHex}${yHex}`\n try {\n const ec = new elliptic.ec(curve)\n // We return directly as we don't want to convert the result back into Uint8Array and then convert again to hex as the elliptic lib already returns hex strings\n const publicKeyHex = ec.keyFromPublic(hex, 'hex').getPublic(true, 'hex')\n // This returns a short form (x) with 02 or 03 prefix\n return publicKeyHex\n } catch (error: any) {\n console.error(`Error converting EC with elliptic lib curve ${curve} from JWK to hex. x: ${jwk.x}, y: ${jwk.y}, error: ${error}`, error)\n }\n } else if (jwk.crv === 'Ed25519') {\n return toString(fromString(jwk.x!, 'base64url'), 'base16')\n } else if (jwk.kty === 'RSA') {\n return rsaJwkToRawHexKey(jwk)\n // return hexKeyFromPEMBasedJwk(jwk, 'public')\n }\n }\n // delegate the other types to the original Veramo function\n return extractPublicKeyHex(pk, convert)\n}\n\nexport function isEvenHexString(hex: string) {\n const lastChar = hex[hex.length - 1].toLowerCase()\n return ['0', '2', '4', '6', '8', 'a', 'c', 'e'].includes(lastChar)\n}\n\ninterface LegacyVerificationMethod extends VerificationMethod {\n publicKeyBase64: string\n}\n\n/**\n * Converts the publicKey of a VerificationMethod to hex encoding (publicKeyHex)\n *\n * @param pk - the VerificationMethod to be converted\n * @param convert - when this flag is set to true, Ed25519 keys are converted to their X25519 pairs\n * @returns the hex encoding of the public key\n *\n * @beta This API may change without a BREAKING CHANGE notice.\n */\nexport function extractPublicKeyHex(pk: _ExtendedVerificationMethod, convert: boolean = false): string {\n let keyBytes = extractPublicKeyBytes(pk)\n const jwk = pk.publicKeyJwk ? sanitizedJwk(pk.publicKeyJwk) : undefined\n if (convert) {\n if (\n ['Ed25519', 'Ed25519VerificationKey2018', 'Ed25519VerificationKey2020'].includes(pk.type) ||\n (pk.type === 'JsonWebKey2020' && jwk?.crv === 'Ed25519')\n ) {\n keyBytes = convertPublicKeyToX25519(keyBytes)\n } else if (\n !['X25519', 'X25519KeyAgreementKey2019', 'X25519KeyAgreementKey2020'].includes(pk.type) &&\n !(pk.type === 'JsonWebKey2020' && jwk?.crv === 'X25519')\n ) {\n return ''\n }\n }\n return bytesToHex(keyBytes)\n}\n\nfunction toEcLibCurve(input: string) {\n return input.toLowerCase().replace('-', '').replace('_', '')\n}\n\nfunction extractPublicKeyBytes(pk: VerificationMethod): Uint8Array {\n if (pk.publicKeyBase58) {\n return base58ToBytes(pk.publicKeyBase58)\n } else if (pk.publicKeyMultibase) {\n return multibaseKeyToBytes(pk.publicKeyMultibase)\n } else if ((<LegacyVerificationMethod>pk).publicKeyBase64) {\n return base64ToBytes((<LegacyVerificationMethod>pk).publicKeyBase64)\n } else if (pk.publicKeyHex) {\n return hexToBytes(pk.publicKeyHex)\n } else if (pk.publicKeyJwk?.crv && pk.publicKeyJwk.x && pk.publicKeyJwk.y) {\n return hexToBytes(extractPublicKeyHexWithJwkSupport(pk))\n } else if (pk.publicKeyJwk && (pk.publicKeyJwk.crv === 'Ed25519' || pk.publicKeyJwk.crv === 'X25519') && pk.publicKeyJwk.x) {\n return base64ToBytes(pk.publicKeyJwk.x)\n }\n return new Uint8Array()\n}\n\nexport function verificationMethodToJwk(vm: VerificationMethod, errorOnNotFound = true): JWK | null {\n let jwk: JWK | undefined = vm.publicKeyJwk as JWK\n if (!jwk) {\n let publicKeyHex = vm.publicKeyHex ?? toString(extractPublicKeyBytes(vm), 'hex')\n if (publicKeyHex && publicKeyHex.trim() !== '') {\n jwk = toJwk(publicKeyHex, keyTypeFromCryptographicSuite({ crv: vm.type }))\n }\n }\n if (!jwk) {\n if (errorOnNotFound) {\n throw Error(`Could not convert verification method ${vm.id} to jwk`)\n }\n return null\n }\n jwk.kid = vm.id\n return sanitizedJwk(jwk)\n}\n\nfunction didDocumentSectionToJwks(\n didDocumentSection: DIDDocumentSection,\n searchForVerificationMethods?: (VerificationMethod | string)[],\n verificationMethods?: VerificationMethod[]\n) {\n const jwks = new Set(\n (searchForVerificationMethods ?? [])\n .map((vmOrId) => (typeof vmOrId === 'object' ? vmOrId : verificationMethods?.find((vm) => vm.id === vmOrId)))\n .filter(isDefined)\n .map((vm) => verificationMethodToJwk(vm, false))\n .filter(isDefined)\n )\n return { didDocumentSection, jwks: Array.from(jwks) }\n}\n\nexport type DidDocumentJwks = Record<Exclude<DIDDocumentSection, 'publicKey' | 'service'>, Array<JWK>>\n\nexport function didDocumentToJwks(didDocument: DIDDocument): DidDocumentJwks {\n return {\n verificationMethod: [\n ...didDocumentSectionToJwks('publicKey', didDocument.publicKey, didDocument.verificationMethod).jwks, // legacy support\n ...didDocumentSectionToJwks('verificationMethod', didDocument.verificationMethod, didDocument.verificationMethod).jwks,\n ],\n assertionMethod: didDocumentSectionToJwks('assertionMethod', didDocument.assertionMethod, didDocument.verificationMethod).jwks,\n authentication: didDocumentSectionToJwks('authentication', didDocument.authentication, didDocument.verificationMethod).jwks,\n keyAgreement: didDocumentSectionToJwks('keyAgreement', didDocument.keyAgreement, didDocument.verificationMethod).jwks,\n capabilityInvocation: didDocumentSectionToJwks('capabilityInvocation', didDocument.capabilityInvocation, didDocument.verificationMethod).jwks,\n capabilityDelegation: didDocumentSectionToJwks('capabilityDelegation', didDocument.capabilityDelegation, didDocument.verificationMethod).jwks,\n }\n}\n\n/**\n * Maps the keys of a locally managed {@link @veramo/core#IIdentifier | IIdentifier} to the corresponding\n * {@link did-resolver#VerificationMethod | VerificationMethod} entries from the DID document.\n *\n * @param identifier - the identifier to be mapped\n * @param section - the section of the DID document to be mapped (see\n * {@link https://www.w3.org/TR/did-core/#verification-relationships | verification relationships}), but can also be\n * `verificationMethod` to map all the keys.\n * @param didDocument\n * @param context - the veramo agent context, which must contain a {@link @veramo/core#IResolver | IResolver}\n * implementation that can resolve the DID document of the identifier.\n *\n * @returns an array of mapped keys. The corresponding verification method is added to the `meta.verificationMethod`\n * property of the key.\n *\n * @beta This API may change without a BREAKING CHANGE notice.\n */\nexport async function mapIdentifierKeysToDocWithJwkSupport(\n {\n identifier,\n vmRelationship = 'verificationMethod',\n didDocument,\n kmsKeyRef,\n }: {\n identifier: IIdentifier\n vmRelationship?: DIDDocumentSection\n didDocument?: DIDDocument\n kmsKeyRef?: string\n },\n context: IAgentContext<IResolver & IDIDManager>\n): Promise<_ExtendedIKey[]> {\n const didDoc =\n didDocument ??\n (await getAgentResolver(context)\n .resolve(identifier.did)\n .then((result) => result.didDocument))\n if (!didDoc) {\n throw Error(`Could not resolve DID ${identifier.did}`)\n }\n\n // const rsaDidWeb = identifier.keys && identifier.keys.length > 0 && identifier.keys.find((key) => key.type === 'RSA') && didDocument\n\n // We skip mapping in case the identifier is RSA and a did document is supplied.\n const keys = didDoc ? [] : await mapIdentifierKeysToDoc(identifier, vmRelationship, context)\n\n // dereference all key agreement keys from DID document and normalize\n const documentKeys: VerificationMethod[] = await dereferenceDidKeysWithJwkSupport(didDoc, vmRelationship, context)\n\n if (kmsKeyRef) {\n let found = keys.filter((key) => key.kid === kmsKeyRef)\n if (found.length > 0) {\n return found\n }\n }\n\n const localKeys = vmRelationship === 'keyAgreement' ? convertIdentifierEncryptionKeys(identifier) : compressIdentifierSecp256k1Keys(identifier)\n\n // finally map the didDocument keys to the identifier keys by comparing `publicKeyHex`\n const extendedKeys: _ExtendedIKey[] = documentKeys\n .map((verificationMethod) => {\n let vmKey = verificationMethod.publicKeyHex\n if (vmKey?.startsWith('30')) {\n // DER encoded\n vmKey = toPkcs1FromHex(vmKey)\n }\n\n const localKey = localKeys.find(\n (localKey) =>\n localKey.publicKeyHex === vmKey ||\n (localKey.type === 'RSA' && vmKey?.startsWith('30') && toPkcs1FromHex(localKey.publicKeyHex) === vmKey) ||\n vmKey?.startsWith(localKey.publicKeyHex) ||\n compareBlockchainAccountId(localKey, verificationMethod)\n )\n if (localKey) {\n const { meta, ...localProps } = localKey\n return { ...localProps, meta: { ...meta, verificationMethod } }\n } else {\n return null\n }\n })\n .filter(isDefined)\n\n return Array.from(new Set(keys.concat(extendedKeys)))\n}\n\n/**\n * Compares the `blockchainAccountId` of a `EcdsaSecp256k1RecoveryMethod2020` verification method with the address\n * computed from a locally managed key.\n *\n * @returns true if the local key address corresponds to the `blockchainAccountId`\n *\n * @param localKey - The locally managed key\n * @param verificationMethod - a {@link did-resolver#VerificationMethod | VerificationMethod} with a\n * `blockchainAccountId`\n *\n * @beta This API may change without a BREAKING CHANGE notice.\n */\nfunction compareBlockchainAccountId(localKey: IKey, verificationMethod: VerificationMethod): boolean {\n if (\n (verificationMethod.type !== 'EcdsaSecp256k1RecoveryMethod2020' && verificationMethod.type !== 'EcdsaSecp256k1VerificationKey2019') ||\n localKey.type !== 'Secp256k1'\n ) {\n return false\n }\n let vmEthAddr = getEthereumAddress(verificationMethod)\n if (localKey.meta?.account) {\n return vmEthAddr === localKey.meta?.account.toLowerCase()\n }\n const computedAddr = computeAddress('0x' + localKey.publicKeyHex).toLowerCase()\n return computedAddr === vmEthAddr\n}\n\nexport async function getAgentDIDMethods(context: IAgentContext<IDIDManager>) {\n return (await context.agent.didManagerGetProviders()).map((provider) => provider.toLowerCase().replace('did:', ''))\n}\n\nexport function getDID(idOpts: { identifier: IIdentifier | string }): string {\n if (typeof idOpts.identifier === 'string') {\n return idOpts.identifier\n } else if (typeof idOpts.identifier === 'object') {\n return idOpts.identifier.did\n }\n throw Error(`Cannot get DID from identifier value`)\n}\n\nexport function toDID(identifier: string | IIdentifier | Partial<IIdentifier>): string {\n if (typeof identifier === 'string') {\n return identifier\n }\n if (identifier.did) {\n return identifier.did\n }\n throw Error(`No DID value present in identifier`)\n}\n\nexport function toDIDs(identifiers?: (string | IIdentifier | Partial<IIdentifier>)[]): string[] {\n if (!identifiers) {\n return []\n }\n return identifiers.map(toDID)\n}\n\nexport async function getKey(\n {\n identifier,\n vmRelationship = 'authentication',\n kmsKeyRef,\n }: {\n identifier: IIdentifier\n vmRelationship?: DIDDocumentSection\n kmsKeyRef?: string\n },\n context: IAgentContext<IResolver & IDIDManager>\n): Promise<_ExtendedIKey> {\n if (!identifier) {\n return Promise.reject(new Error(`No identifier provided to getKey method!`))\n }\n // normalize to kid, in case keyId was passed in as did#vm or #vm\n const kmsKeyRefParts = kmsKeyRef?.split(`#`)\n const kid = kmsKeyRefParts ? (kmsKeyRefParts?.length === 2 ? kmsKeyRefParts[1] : kmsKeyRefParts[0]) : undefined\n // todo: We really should do a keyRef and external kid here\n // const keyRefKeys = kmsKeyRef ? identifier.keys.find((key: IKey) => key.kid === kid || key?.meta?.jwkThumbprint === kid) : undefined\n let identifierKey: _ExtendedIKey | undefined = undefined\n\n const keys = await mapIdentifierKeysToDocWithJwkSupport({ identifier, vmRelationship: vmRelationship, kmsKeyRef: kmsKeyRef }, context)\n if (!keys || keys.length === 0) {\n throw new Error(`No keys found for verificationMethodSection: ${vmRelationship} and did ${identifier.did}`)\n }\n if (kmsKeyRef) {\n identifierKey = keys.find(\n (key: _ExtendedIKey) => key.meta.verificationMethod?.id === kmsKeyRef || (kid && key.meta.verificationMethod?.id?.includes(kid))\n )\n }\n if (!identifierKey) {\n identifierKey = keys.find(\n (key: _ExtendedIKey) => key.meta.verificationMethod?.type === vmRelationship || key.meta.purposes?.includes(vmRelationship)\n )\n }\n if (!identifierKey) {\n identifierKey = keys[0]\n }\n\n if (!identifierKey) {\n throw new Error(\n `No matching verificationMethodSection key found for keyId: ${kmsKeyRef} and vmSection: ${vmRelationship} for id ${identifier.did}`\n )\n }\n\n return identifierKey\n}\n\n/**\n *\n * @param identifier\n * @param context\n *\n * @deprecated Replaced by the identfier resolution plugin\n */\nasync function legacyGetIdentifier(\n {\n identifier,\n }: {\n identifier: string | IIdentifier\n },\n context: IAgentContext<IDIDManager>\n): Promise<IIdentifier> {\n if (typeof identifier === 'string') {\n return await context.agent.didManagerGet({ did: identifier })\n }\n return identifier\n}\n\n/**\n * Get the real kid as used in JWTs. This is the kid in the VM or in the JWT, not the kid in the Veramo/Sphereon keystore. That was just a poorly chosen name\n * @param key\n * @param idOpts\n * @param context\n */\nexport async function determineKid(\n {\n key,\n idOpts,\n }: {\n key: IKey\n idOpts: { identifier: IIdentifier | string; kmsKeyRef?: string }\n },\n context: IAgentContext<IResolver & IDIDManager>\n): Promise<string> {\n if (key.meta?.verificationMethod?.id) {\n return key.meta?.verificationMethod?.id\n }\n const identifier = await legacyGetIdentifier(idOpts, context)\n const mappedKeys = await mapIdentifierKeysToDocWithJwkSupport(\n {\n identifier,\n vmRelationship: 'verificationMethod',\n },\n context\n )\n const vmKey = mappedKeys.find((extendedKey) => extendedKey.kid === key.kid)\n if (vmKey) {\n return vmKey.meta?.verificationMethod?.id ?? vmKey.meta?.jwkThumbprint ?? idOpts.kmsKeyRef ?? vmKey.kid\n }\n\n return key.meta?.jwkThumbprint ?? idOpts.kmsKeyRef ?? key.kid\n}\n\nexport async function getSupportedDIDMethods(didOpts: IDIDOptions, context: IAgentContext<IDIDManager>) {\n return didOpts.supportedDIDMethods ?? (await getAgentDIDMethods(context))\n}\n\nexport function getAgentResolver(\n context: IAgentContext<IResolver & IDIDManager>,\n opts?: {\n localResolution?: boolean // Resolve identifiers hosted by the agent\n uniresolverResolution?: boolean // Resolve identifiers using universal resolver\n resolverResolution?: boolean // Use registered drivers\n }\n): Resolvable {\n return new AgentDIDResolver(context, opts)\n}\n\nexport class AgentDIDResolver implements Resolvable {\n private readonly context: IAgentContext<IResolver & IDIDManager>\n private readonly resolverResolution: boolean\n private readonly uniresolverResolution: boolean\n private readonly localResolution: boolean\n\n constructor(\n context: IAgentContext<IResolver & IDIDManager>,\n opts?: { uniresolverResolution?: boolean; localResolution?: boolean; resolverResolution?: boolean }\n ) {\n this.context = context\n this.resolverResolution = opts?.resolverResolution !== false\n this.uniresolverResolution = opts?.uniresolverResolution !== false\n this.localResolution = opts?.localResolution !== false\n }\n\n async resolve(didUrl: string, options?: DIDResolutionOptions): Promise<DIDResolutionResult> {\n let resolutionResult: DIDResolutionResult | undefined\n let origResolutionResult: DIDResolutionResult | undefined\n let err: any\n if (!this.resolverResolution && !this.localResolution && !this.uniresolverResolution) {\n throw Error(`No agent hosted DID resolution, regular agent resolution nor universal resolver resolution is enabled. Cannot resolve DIDs.`)\n }\n if (this.resolverResolution) {\n try {\n resolutionResult = await this.context.agent.resolveDid({ didUrl, options })\n } catch (error: unknown) {\n err = error\n }\n }\n if (resolutionResult) {\n origResolutionResult = resolutionResult\n if (resolutionResult.didDocument === null) {\n resolutionResult = undefined\n }\n } else {\n console.log(`Agent resolver resolution is disabled. This typically isn't desirable!`)\n }\n if (!resolutionResult && this.localResolution) {\n console.log(`Using local DID resolution, looking at DIDs hosted by the agent.`)\n try {\n const did = didUrl.split('#')[0]\n const iIdentifier = await this.context.agent.didManagerGet({ did })\n resolutionResult = toDidResolutionResult(iIdentifier, { did })\n if (resolutionResult.didDocument) {\n err = undefined\n } else {\n console.log(`Local resolution resulted in a DID Document for ${did}`)\n }\n } catch (error: unknown) {\n if (!err) {\n err = error\n }\n }\n }\n if (resolutionResult) {\n if (!origResolutionResult) {\n origResolutionResult = resolutionResult\n }\n if (!resolutionResult.didDocument) {\n resolutionResult = undefined\n }\n }\n if (!resolutionResult && this.uniresolverResolution) {\n console.log(`Using universal resolver resolution for did ${didUrl} `)\n resolutionResult = await new UniResolver().resolve(didUrl, options)\n if (!origResolutionResult) {\n origResolutionResult = resolutionResult\n }\n if (resolutionResult.didDocument) {\n err = undefined\n }\n }\n\n if (err) {\n // throw original error\n throw err\n }\n if (!resolutionResult && !origResolutionResult) {\n throw `Could not resolve ${didUrl}. Resolutions tried: online: ${this.resolverResolution}, local: ${this.localResolution}, uni resolver: ${this.uniresolverResolution}`\n }\n return resolutionResult ?? origResolutionResult!\n }\n}\n\n/**\n * Please note that this is not an exact representation of the actual DID Document.\n *\n * We try to do our best, to map keys onto relevant verification methods and relationships, but we simply lack the context\n * of the actual DID method here. Do not relly on this method for DID resolution. It is only handy for offline use cases\n * when no DID Document is cached. For DID:WEB it does provide an accurate representation!\n *\n * @param identifier\n * @param opts\n */\nexport function toDidDocument(\n identifier?: IIdentifier,\n opts?: {\n did?: string\n use?: JwkKeyUse[]\n }\n): DIDDocument | undefined {\n let didDocument: DIDDocument | undefined = undefined\n // TODO: Introduce jwk thumbprints here\n if (identifier) {\n const did = identifier.did ?? opts?.did\n didDocument = {\n '@context': 'https://www.w3.org/ns/did/v1',\n id: did,\n verificationMethod: identifier.keys.map((key) => {\n const vm: VerificationMethod = {\n controller: did,\n id: key.kid.startsWith(did) && key.kid.includes('#') ? key.kid : `${did}#${key.kid}`,\n publicKeyJwk: toJwk(key.publicKeyHex, key.type, {\n use: ENC_KEY_ALGS.includes(key.type) ? JwkKeyUse.Encryption : JwkKeyUse.Signature,\n key,\n }) as JsonWebKey,\n type: 'JsonWebKey2020',\n }\n return vm\n }),\n ...((opts?.use === undefined || opts?.use?.includes(JwkKeyUse.Signature)) &&\n identifier.keys && {\n assertionMethod: identifier.keys\n .filter(\n (key) =>\n key?.meta?.purpose === undefined || key?.meta?.purpose === 'assertionMethod' || key?.meta?.purposes?.includes('assertionMethod')\n )\n .map((key) => {\n if (key.kid.startsWith(did) && key.kid.includes('#')) {\n return key.kid\n }\n return `${did}#${key.kid}`\n }),\n }),\n ...((opts?.use === undefined || opts?.use?.includes(JwkKeyUse.Signature)) &&\n identifier.keys && {\n authentication: identifier.keys\n .filter(\n (key) => key?.meta?.purpose === undefined || key?.meta?.purpose === 'authentication' || key?.meta?.purposes?.includes('authentication')\n )\n .map((key) => {\n if (key.kid.startsWith(did) && key.kid.includes('#')) {\n return key.kid\n }\n return `${did}#${key.kid}`\n }),\n }),\n ...((opts?.use === undefined || opts?.use?.includes(JwkKeyUse.Encryption)) &&\n identifier.keys && {\n keyAgreement: identifier.keys\n .filter((key) => key.type === 'X25519' || key?.meta?.purpose === 'keyAgreement' || key?.meta?.purposes?.includes('keyAgreement'))\n .map((key) => {\n if (key.kid.startsWith(did) && key.kid.includes('#')) {\n return key.kid\n }\n return `${did}#${key.kid}`\n }),\n }),\n ...((opts?.use === undefined || opts?.use?.includes(JwkKeyUse.Encryption)) &&\n identifier.keys && {\n capabilityInvocation: identifier.keys\n .filter(\n (key) => key.type === 'X25519' || key?.meta?.purpose === 'capabilityInvocation' || key?.meta?.purposes?.includes('capabilityInvocation')\n )\n .map((key) => {\n if (key.kid.startsWith(did) && key.kid.includes('#')) {\n return key.kid\n }\n return `${did}#${key.kid}`\n }),\n }),\n ...((opts?.use === undefined || opts?.use?.includes(JwkKeyUse.Encryption)) &&\n identifier.keys && {\n capabilityDelegation: identifier.keys\n .filter(\n (key) => key.type === 'X25519' || key?.meta?.purpose === 'capabilityDelegation' || key?.meta?.purposes?.includes('capabilityDelegation')\n )\n .map((key) => {\n if (key.kid.startsWith(did) && key.kid.includes('#')) {\n return key.kid\n }\n return `${did}#${key.kid}`\n }),\n }),\n ...(identifier.services && identifier.services.length > 0 && { service: identifier.services }),\n }\n }\n return didDocument\n}\n\nexport function toDidResolutionResult(\n identifier?: IIdentifier,\n opts?: {\n did?: string\n supportedMethods?: string[]\n }\n): DIDResolutionResult {\n const didDocument = toDidDocument(identifier, opts) ?? null // null is used in case of errors and required by the did resolution spec\n\n const resolutionResult: DIDResolutionResult = {\n '@context': 'https://w3id.org/did-resolution/v1',\n didDocument,\n didResolutionMetadata: {\n ...(!didDocument && { error: 'notFound' }),\n ...(Array.isArray(opts?.supportedMethods) &&\n identifier &&\n !opts?.supportedMethods.includes(identifier.provider.replace('did:', '')) && { error: 'unsupportedDidMethod' }),\n },\n didDocumentMetadata: {\n ...(identifier?.alias && { equivalentId: identifier?.alias }),\n },\n }\n return resolutionResult\n}\n\nexport async function asDidWeb(hostnameOrDID: string): Promise<string> {\n let did = hostnameOrDID\n if (!did) {\n throw Error('Domain or DID expected, but received nothing.')\n }\n if (did.startsWith('did:web:')) {\n return did\n }\n return `did:web:${did.replace(/https?:\\/\\/([^/?#]+).*/i, '$1').toLowerCase()}`\n}\n\n/**\n * @deprecated Replaced by the new signer service\n */\nexport const signDidJWT = async (args: SignJwtArgs): Promise<string> => {\n const { idOpts, header, payload, context, options } = args\n const jwtOptions = {\n ...options,\n signer: await getDidSigner({ idOpts, context }),\n }\n\n return createJWT(payload, jwtOptions, header)\n}\n\n/**\n * @deprecated Replaced by the new signer service\n */\nexport const getDidSigner = async (\n args: GetSignerArgs & {\n idOpts: {\n /**\n * @deprecated\n */\n identifier: IIdentifier | string\n /**\n * @deprecated\n */\n verificationMethodSection?: DIDDocumentSection\n /**\n * @deprecated\n */\n kmsKeyRef?: string\n }\n }\n): Promise<Signer> => {\n const { idOpts, context } = args\n\n const identifier = await legacyGetIdentifier(idOpts, context)\n const key = await getKey(\n {\n identifier,\n vmRelationship: idOpts.verificationMethodSection,\n kmsKeyRef: idOpts.kmsKeyRef,\n },\n context\n )\n const algorithm = await signatureAlgorithmFromKey({ key })\n\n return async (data: string | Uint8Array): Promise<string> => {\n const input = data instanceof Object.getPrototypeOf(Uint8Array) ? new TextDecoder().decode(data as Uint8Array) : (data as string)\n return await context.agent.keyManagerSign({\n keyRef: key.kid,\n algorithm,\n data: input,\n })\n }\n}\n","import type { TKeyType } from '@sphereon/ssi-sdk-ext.key-utils'\nimport type { IAgentContext, IDIDManager, IIdentifier, IKeyManager, IResolver } from '@veramo/core'\nimport type { JWTHeader, JWTPayload, JWTVerifyOptions } from 'did-jwt'\nimport type { Resolvable } from 'did-resolver'\n\nexport enum SupportedDidMethodEnum {\n DID_ETHR = 'ethr',\n DID_KEY = 'key',\n DID_LTO = 'lto',\n DID_ION = 'ion',\n DID_EBSI = 'ebsi',\n DID_JWK = 'jwk',\n DID_OYD = 'oyd',\n}\n\nexport enum IdentifierAliasEnum {\n PRIMARY = 'primary',\n}\n\nexport interface ResolveOpts {\n jwtVerifyOpts?: JWTVerifyOptions\n resolver?: Resolvable\n resolveUrl?: string\n noUniversalResolverFallback?: boolean\n subjectSyntaxTypesSupported?: string[]\n}\n\n/**\n * @deprecated Replaced by the identifier resolution service\n */\nexport interface IDIDOptions {\n resolveOpts?: ResolveOpts\n idOpts: LegacyIIdentifierOpts\n supportedDIDMethods?: string[]\n}\n\nexport type IdentifierProviderOpts = {\n type?: TKeyType\n use?: string\n method?: SupportedDidMethodEnum\n [x: string]: any\n}\n\nexport type CreateIdentifierOpts = {\n method: SupportedDidMethodEnum\n createOpts?: CreateIdentifierCreateOpts\n}\n\nexport type CreateIdentifierCreateOpts = {\n kms?: string\n alias?: string\n options?: IdentifierProviderOpts\n}\n\nexport type CreateOrGetIdentifierOpts = {\n method: SupportedDidMethodEnum\n createOpts?: CreateIdentifierCreateOpts\n}\n\nexport const DID_PREFIX = 'did:'\n\nexport interface GetOrCreateResult<T> {\n created: boolean\n result: T\n}\n\n/**\n * @deprecated Replaced by new signer\n */\nexport type SignJwtArgs = {\n idOpts: LegacyIIdentifierOpts\n header: Partial<JWTHeader>\n payload: Partial<JWTPayload>\n options: { issuer: string; expiresIn?: number; canonicalize?: boolean }\n context: IRequiredSignAgentContext\n}\n\n/**\n * @deprecated Replaced by new signer\n */\nexport type GetSignerArgs = {\n idOpts: LegacyIIdentifierOpts\n context: IRequiredSignAgentContext\n}\n\n/**\n * @deprecated Replaced by the identifier resolution service\n */\ntype LegacyIIdentifierOpts = {\n identifier: IIdentifier | string\n}\nexport type IRequiredSignAgentContext = IAgentContext<IKeyManager & IDIDManager & IResolver>\n"],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;ACAA,0BAA+B;AAC/B,4BAA4B;AAC5B,yBAWO;AACP,IAAAA,sBAA4B;AAC5B,qBAA0F;AAE1F,qBAAyC;AAEzC,mBASO;AACP,qBAAkC;AAGlC,sBAAqB;AAErB,UAAqB;;;AC7Bd,IAAKC,yBAAAA,0BAAAA,yBAAAA;;;;;;;;SAAAA;;AAUL,IAAKC,sBAAAA,0BAAAA,sBAAAA;;SAAAA;;AA4CL,IAAMC,aAAa;;;ADX1B,IAAM,EAAEC,YAAYC,SAAQ,IAAKC;AAE1B,IAAMC,uBAAuB,8BAClC,EACEC,YACAC,4BACAC,8BACAC,SACAC,cAAa,GAQfC,YAAAA;AAEA,SAAO,MAAMC,wBACX;IACEN;IACAC;IACAC;IACAC;IACAC;IACAG,gBAAgB;EAClB,GACAF,OAAAA;AAEJ,GA3BoC;AA4B7B,IAAMC,0BAA0B,8BACrC,EACEN,YACAC,4BACAC,8BACAC,SACAC,eACAG,eAAc,GAShBF,YAAAA;AAEA,MAAIG,MAAiCC;AACrC,MAAI;AACFD,UACG,MAAME,kCACL;MACEV;MACAO;MACAI,iBAAiB;MACjBR;MACAC;IACF,GACAC,OAAAA,MAEDH,gCAAgCK,mBAAmB,uBAChDE,SACA,MAAMC,kCACJ;MACEV;MACAO,gBAAgB;MAChBI,iBAAiB;MACjBR;MACAC;IACF,GACAC,OAAAA;EAEV,SAASO,GAAG;AACV,QAAIA,aAAaC,OAAO;AACtB,UAAI,CAACD,EAAEE,QAAQC,SAAS,KAAA,KAAU,CAACd,4BAA4B;AAC7D,cAAMW;MACR;IACF,OAAO;AACL,YAAMA;IACR;EACF;AACA,MAAI,CAACJ,OAAOP,4BAA4B;AACtC,UAAMe,aAAaC,cAAcjB,UAAAA;AACjCQ,UACG,MAAME,kCACL;MACEV;MACAO;MACAI,iBAAiB;MACjBO,aAAaF;MACbb;MACAC;IACF,GACAC,OAAAA,MAEDH,gCAAgCK,mBAAmB,uBAChDE,SACA,MAAMC,kCACJ;MACEV;MACAO,gBAAgB;MAChBI,iBAAiB;MACjBO,aAAaF;MACbb;MACAC;IACF,GACAC,OAAAA;AAER,QAAI,CAACG,KAAK;AACRA,YAAMR,WAAWmB,KACdC,IAAI,CAACZ,SAAQA,IAAAA,EACba,OAAO,CAACb,SAAQL,YAAYM,UAAaD,KAAIc,SAASnB,WAAYC,iBAAiBI,KAAIe,QAAQvB,WAAWwB,eAAe,EACzHC,KAAK,CAACjB,SAAQA,KAAIkB,KAAKC,oBAAoBL,KAAKP,SAAS,gBAAA,KAAqBP,KAAIkB,KAAKE,UAAUb,SAAS,gBAAA,CAAA;IAC/G;EACF;AACA,MAAI,CAACP,KAAK;AACR,UAAMK,MAAM,6CAA6Cb,WAAW6B,GAAG,EAAE;EAC3E;AACA,SAAOrB;AACT,GA1FuC;AA4FhC,IAAMsB,+BAA+B,8BAC1CzB,SACA0B,SAAAA;AAEA,QAAMC,oBAAoB,MAAMC,qBAAqB5B,SAAS;IAAE,GAAG0B,MAAMG,YAAYC;IAAS,GAAIJ,MAAMK,UAAU;MAAEA,QAAQL,KAAKK;IAAO;EAAG,CAAA;AAC3I,MAAIJ,sBAAsBvB,QAAW;AACnC,WAAO;MACL4B,SAAS;MACTC,QAAQN;IACV;EACF;AAEA,MAAID,MAAMK,WAAWG,uBAAuBC,SAAS;AACnD,UAAMN,aAAaH,MAAMG,cAAc,CAAC;AACxCA,eAAWC,UAAU;MAAEM,WAAW;MAAQnB,MAAM;MAAa,GAAGY;IAAW;AAC3EH,SAAKG,aAAaA;EACpB;AACA,QAAMQ,oBAAoB,MAAMC,iBAAiBtC,SAAS0B,IAAAA;AAC1D,SAAO;IACLM,SAAS;IACTC,QAAQI;EACV;AACF,GAtB4C;AAwBrC,IAAMT,uBAAuB,8BAAO5B,SAAqC0B,SAAAA;AAC9E,QAAMa,eAAe,MAAMvC,QAAQwC,MAAMC,eAAef,MAAMK,SAAS;IAAEW,UAAU,GAAGC,UAAAA,GAAajB,MAAMK,MAAAA;EAAS,IAAI,CAAC,CAAA,GAAIf,OACzH,CAACrB,eAA4B+B,MAAMT,SAASb,UAAaT,WAAWmB,KAAK8B,KAAK,CAACzC,QAAcA,IAAIc,SAASS,MAAMT,IAAAA,CAAAA;AAGlH,SAAOsB,eAAeA,YAAYM,SAAS,IAAIN,YAAY,CAAA,IAAKnC;AAClE,GANoC;AAQ7B,IAAMkC,mBAAmB,8BAAOtC,SAAqC0B,SAAAA;AAC1E,SAAO,MAAM1B,QAAQwC,MAAMM,iBAAiB;IAC1CC,KAAK,UAAMC,2BAAOhD,SAAS0B,MAAMG,YAAYkB,GAAAA;IAC7C,GAAIrB,MAAMK,UAAU;MAAEW,UAAU,GAAGC,UAAAA,GAAajB,MAAMK,MAAAA;IAAS;IAC/DkB,OAAOvB,MAAMG,YAAYoB,SAAS,GAAGC,oBAAoBC,OAAO,IAAIzB,MAAMK,MAAAA,IAAUL,MAAMG,YAAYC,SAASb,IAAAA,KAAQ,oBAAImC,KAAAA,GAAOC,QAAO,CAAA;IACzIvB,SAASJ,MAAMG,YAAYC;EAC7B,CAAA;AACF,GAPgC;AASzB,IAAMzB,oCAAoC,8BAC/C,EACEV,YACAO,iBAAiB,sBACjBJ,SACAQ,kBAAkB,OAClBO,aACAd,cAAa,GASfC,YAAAA;AAEA,QAAMsD,cAAc,MAAMC,qCAAqC;IAAE5D;IAAYO;IAAgBW;EAAY,GAAGb,OAAAA;AAC5G,MAAIwD,MAAMC,QAAQH,WAAAA,KAAgBA,YAAYT,SAAS,GAAG;AACxD,UAAMZ,SAASqB,YAAYlC,KACzB,CAACjB,QAAQL,YAAYM,UAAaD,IAAIc,SAASnB,WAAYC,iBAAiBI,IAAIe,QAAQvB,WAAWwB,eAAe;AAEpH,QAAIc,QAAQ;AACV,aAAOA;IACT;EACF;AACA,MAAI3B,iBAAiB;AACnB,UAAM,IAAIE,MACR,wCAAwCN,cAAAA,wBAAsCP,WAAW6B,GAAG,GAAG1B,UAAU,oBAAoBA,UAAU,EAAA,EAAI;EAE/I;AACA,SAAOM;AACT,GAjCiD;AAmC1C,IAAMsD,4BAA4B,wBAAC,EAAEvD,IAAG,MAAiB;AAC9D,MAAIA,IAAIc,SAAS,aAAa;AAC5B,UAAMT,MAAM,+DAA+DL,IAAIc,IAAI,gBAAgBd,IAAIe,GAAG,EAAE;EAC9G;AACA,QAAMyC,kBAAkBxD,IAAIkB,MAAMsC,mBAAmBxD,IAAIkB,MAAMuC,SAASC,YAAAA,SAAiBC,oCAAe,KAAK3D,IAAI4D,YAAY,EAAE,EAAEF,YAAW;AAC5I,MAAI,CAACF,iBAAiB;AACpB,UAAMnD,MAAM,mEAAmEL,IAAIe,GAAG,EAAE;EAC1F;AACA,SAAOyC;AACT,GATyC;AAWlC,IAAMK,mBAAmB,wBAAC,EAAErE,WAAU,MAA+B;AAC1E,QAAMQ,MAAMR,WAAWmB,KAAKM,KAAK,CAACjB,SAAQA,KAAIe,QAAQvB,WAAWwB,eAAe;AAChF,MAAI,CAAChB,KAAK;AACR,UAAMK,MAAM,+CAA+Cb,UAAAA,EAAY;EACzE;AACA,SAAOQ;AACT,GANgC;AAQzB,IAAM8D,UAAU,wBAAC,EACtBC,eACAnB,KACApD,YACAwE,WACArE,SACAC,cAAa,MAQd;AACC,SAAOJ,WAAWmB,KACfE,OAAO,CAACb,QAAQ,CAACL,WAAWK,IAAIc,SAASnB,OAAAA,EACzCkB,OAAO,CAACb,QAAQ,CAAC4C,OAAO5C,IAAI4C,QAAQA,GAAAA,EACpC/B,OAAO,CAACb,QAAQ,CAACgE,aAAahE,IAAIe,QAAQiD,SAAAA,EAC1CnD,OAAO,CAACb,QAAQ,CAAC+D,iBAAiB/D,IAAIkB,MAAM6C,kBAAkBA,aAAAA,EAC9DlD,OAAO,CAACb,QAAQ,CAACJ,iBAAiBJ,WAAWwB,oBAAoBhB,IAAIe,GAAG;AAC7E,GArBuB;AAkCvB,eAAsBkD,iCACpBvD,aACAwD,UAA8B,gBAC9BrE,SAAiC;AAEjC,QAAMsE,UAAUD,YAAY;AAC5B,MAAIA,YAAY,WAAW;AACzB,WAAO,CAAA;EACT;AACA,UACE,MAAME,QAAQC,KACX3D,YAAYwD,OAAAA,KAAY,CAAA,GAAItD,IAAI,OAAOZ,QAAAA;AACtC,QAAI,OAAOA,QAAQ,UAAU;AAC3B,UAAI;AACF,eAAQ,MAAMH,QAAQwC,MAAMiC,oBAAoB;UAC9C5D;UACA6D,QAAQvE;UACRkE;QACF,CAAA;MACF,SAAS9D,GAAG;AACV,eAAO;MACT;IACF,OAAO;AACL,aAAOJ;IACT;EACF,CAAA,CAAA,GAGDa,OAAO2D,sBAAAA,EACP5D,IAAI,CAACZ,QAAAA;AACJ,UAAMyE,SAASC,kCAAkC1E,KAAKmE,OAAAA;AACtD,UAAM,EAAEP,cAAce,iBAAiBC,iBAAiBC,cAAc,GAAGC,SAAAA,IAAa9E;AACtF,UAAM+E,SAAS;MAAE,GAAGD;MAAUlB,cAAca;IAAO;AACnD,QAAIN,WAAW,iCAAiCY,OAAOjE,MAAM;AAC3DiE,aAAOjE,OAAO;IAChB;AACA,WAAOiE;EACT,CAAA;AACJ;AAtCsBd;AAwCf,SAASe,mBAAmBC,KAAQ;AAGzC,QAAMC,KAAkC;IACtCL,kBAAcM,iCAAaF,GAAAA;EAC7B;AACA,SAAOP,kCAAkCQ,EAAAA;AAC3C;AAPgBF;AAkBT,SAASN,kCAAkCU,IAAiCjB,UAAU,OAAK;AAChG,MAAIiB,GAAGP,cAAc;AACnB,UAAMI,UAAME,iCAAaC,GAAGP,YAAY;AACxC,QAAII,IAAII,QAAQ,MAAM;AACpB,YAAMC,QAAQL,IAAIM,MAAMC,aAAaP,IAAIM,GAAG,IAAI;AAChD,YAAME,WAAOC,iCAAYT,IAAIU,GAAI,WAAA;AACjC,YAAMC,WAAOF,iCAAYT,IAAIY,GAAI,WAAA;AACjC,YAAMC,SAAS;AAGf,YAAMC,MAAM,GAAGD,MAAAA,GAASL,IAAAA,GAAOG,IAAAA;AAC/B,UAAI;AACF,cAAMI,KAAK,IAAIC,gBAAAA,QAASD,GAAGV,KAAAA;AAE3B,cAAM1B,eAAeoC,GAAGE,cAAcH,KAAK,KAAA,EAAOI,UAAU,MAAM,KAAA;AAElE,eAAOvC;MACT,SAASwC,OAAY;AACnBC,gBAAQD,MAAM,+CAA+Cd,KAAAA,wBAA6BL,IAAIU,CAAC,QAAQV,IAAIY,CAAC,YAAYO,KAAAA,IAASA,KAAAA;MACnI;IACF,WAAWnB,IAAIM,QAAQ,WAAW;AAChC,aAAOlG,SAASD,WAAW6F,IAAIU,GAAI,WAAA,GAAc,QAAA;IACnD,WAAWV,IAAII,QAAQ,OAAO;AAC5B,iBAAOiB,sCAAkBrB,GAAAA;IAE3B;EACF;AAEA,SAAOsB,oBAAoBnB,IAAIjB,OAAAA;AACjC;AA7BgBO;AA+BT,SAAS8B,gBAAgBT,KAAW;AACzC,QAAMU,WAAWV,IAAIA,IAAIrD,SAAS,CAAA,EAAGgB,YAAW;AAChD,SAAO;IAAC;IAAK;IAAK;IAAK;IAAK;IAAK;IAAK;IAAK;IAAKnD,SAASkG,QAAAA;AAC3D;AAHgBD;AAkBT,SAASD,oBAAoBnB,IAAiCjB,UAAmB,OAAK;AAC3F,MAAIuC,WAAWC,sBAAsBvB,EAAAA;AACrC,QAAMH,MAAMG,GAAGP,mBAAeM,iCAAaC,GAAGP,YAAY,IAAI5E;AAC9D,MAAIkE,SAAS;AACX,QACE;MAAC;MAAW;MAA8B;MAA8B5D,SAAS6E,GAAGtE,IAAI,KACvFsE,GAAGtE,SAAS,oBAAoBmE,KAAKM,QAAQ,WAC9C;AACAmB,qBAAWE,yCAAyBF,QAAAA;IACtC,WACE,CAAC;MAAC;MAAU;MAA6B;MAA6BnG,SAAS6E,GAAGtE,IAAI,KACtF,EAAEsE,GAAGtE,SAAS,oBAAoBmE,KAAKM,QAAQ,WAC/C;AACA,aAAO;IACT;EACF;AACA,aAAOsB,2BAAWH,QAAAA;AACpB;AAjBgBH;AAmBhB,SAASf,aAAasB,OAAa;AACjC,SAAOA,MAAMpD,YAAW,EAAGqD,QAAQ,KAAK,EAAA,EAAIA,QAAQ,KAAK,EAAA;AAC3D;AAFSvB;AAIT,SAASmB,sBAAsBvB,IAAsB;AACnD,MAAIA,GAAGT,iBAAiB;AACtB,eAAOqC,8BAAc5B,GAAGT,eAAe;EACzC,WAAWS,GAAG6B,oBAAoB;AAChC,eAAOC,oCAAoB9B,GAAG6B,kBAAkB;EAClD,WAAsC7B,GAAIR,iBAAiB;AACzD,eAAOuC,8BAAyC/B,GAAIR,eAAe;EACrE,WAAWQ,GAAGxB,cAAc;AAC1B,eAAOwD,2BAAWhC,GAAGxB,YAAY;EACnC,WAAWwB,GAAGP,cAAcU,OAAOH,GAAGP,aAAac,KAAKP,GAAGP,aAAagB,GAAG;AACzE,eAAOuB,2BAAW1C,kCAAkCU,EAAAA,CAAAA;EACtD,WAAWA,GAAGP,iBAAiBO,GAAGP,aAAaU,QAAQ,aAAaH,GAAGP,aAAaU,QAAQ,aAAaH,GAAGP,aAAac,GAAG;AAC1H,eAAOwB,8BAAc/B,GAAGP,aAAac,CAAC;EACxC;AACA,SAAO,IAAI0B,WAAAA;AACb;AAfSV;AAiBF,SAASW,wBAAwBpC,IAAwB/E,kBAAkB,MAAI;AACpF,MAAI8E,MAAuBC,GAAGL;AAC9B,MAAI,CAACI,KAAK;AACR,QAAIrB,eAAesB,GAAGtB,gBAAgBvE,SAASsH,sBAAsBzB,EAAAA,GAAK,KAAA;AAC1E,QAAItB,gBAAgBA,aAAa2D,KAAI,MAAO,IAAI;AAC9CtC,gBAAMuC,0BAAM5D,kBAAc6D,kDAA8B;QAAElC,KAAKL,GAAGpE;MAAK,CAAA,CAAA;IACzE;EACF;AACA,MAAI,CAACmE,KAAK;AACR,QAAI9E,iBAAiB;AACnB,YAAME,MAAM,yCAAyC6E,GAAGwC,EAAE,SAAS;IACrE;AACA,WAAO;EACT;AACAzC,MAAIlE,MAAMmE,GAAGwC;AACb,aAAOvC,iCAAaF,GAAAA;AACtB;AAhBgBqC;AAkBhB,SAASK,yBACPC,oBACAC,8BACAC,qBAA0C;AAE1C,QAAMC,OAAO,IAAIC,KACdH,gCAAgC,CAAA,GAC9BjH,IAAI,CAACqH,WAAY,OAAOA,WAAW,WAAWA,SAASH,qBAAqB7G,KAAK,CAACiE,OAAOA,GAAGwC,OAAOO,MAAAA,CAAAA,EACnGpH,OAAO2D,sBAAAA,EACP5D,IAAI,CAACsE,OAAOoC,wBAAwBpC,IAAI,KAAA,CAAA,EACxCrE,OAAO2D,sBAAAA,CAAAA;AAEZ,SAAO;IAAEoD;IAAoBG,MAAM1E,MAAM6E,KAAKH,IAAAA;EAAM;AACtD;AAbSJ;AAiBF,SAASQ,kBAAkBzH,aAAwB;AACxD,SAAO;IACLS,oBAAoB;SACfwG,yBAAyB,aAAajH,YAAY0H,WAAW1H,YAAYS,kBAAkB,EAAE4G;SAC7FJ,yBAAyB,sBAAsBjH,YAAYS,oBAAoBT,YAAYS,kBAAkB,EAAE4G;;IAEpHM,iBAAiBV,yBAAyB,mBAAmBjH,YAAY2H,iBAAiB3H,YAAYS,kBAAkB,EAAE4G;IAC1HO,gBAAgBX,yBAAyB,kBAAkBjH,YAAY4H,gBAAgB5H,YAAYS,kBAAkB,EAAE4G;IACvHQ,cAAcZ,yBAAyB,gBAAgBjH,YAAY6H,cAAc7H,YAAYS,kBAAkB,EAAE4G;IACjHS,sBAAsBb,yBAAyB,wBAAwBjH,YAAY8H,sBAAsB9H,YAAYS,kBAAkB,EAAE4G;IACzIU,sBAAsBd,yBAAyB,wBAAwBjH,YAAY+H,sBAAsB/H,YAAYS,kBAAkB,EAAE4G;EAC3I;AACF;AAZgBI;AA+BhB,eAAsB/E,qCACpB,EACE5D,YACAO,iBAAiB,sBACjBW,aACAsD,UAAS,GAOXnE,SAA+C;AAE/C,QAAM6I,SACJhI,eACC,MAAMiI,iBAAiB9I,OAAAA,EACrB+I,QAAQpJ,WAAW6B,GAAG,EACtBwH,KAAK,CAAC/G,WAAWA,OAAOpB,WAAW;AACxC,MAAI,CAACgI,QAAQ;AACX,UAAMrI,MAAM,yBAAyBb,WAAW6B,GAAG,EAAE;EACvD;AAKA,QAAMV,OAAO+H,SAAS,CAAA,IAAK,UAAMI,qCAAuBtJ,YAAYO,gBAAgBF,OAAAA;AAGpF,QAAMkJ,eAAqC,MAAM9E,iCAAiCyE,QAAQ3I,gBAAgBF,OAAAA;AAE1G,MAAImE,WAAW;AACb,QAAIgF,QAAQrI,KAAKE,OAAO,CAACb,QAAQA,IAAIe,QAAQiD,SAAAA;AAC7C,QAAIgF,MAAMtG,SAAS,GAAG;AACpB,aAAOsG;IACT;EACF;AAEA,QAAMC,YAAYlJ,mBAAmB,qBAAiBmJ,8CAAgC1J,UAAAA,QAAc2J,8CAAgC3J,UAAAA;AAGpI,QAAM4J,eAAgCL,aACnCnI,IAAI,CAACO,uBAAAA;AACJ,QAAIkI,QAAQlI,mBAAmByC;AAC/B,QAAIyF,OAAOC,WAAW,IAAA,GAAO;AAE3BD,kBAAQE,mCAAeF,KAAAA;IACzB;AAEA,UAAMG,WAAWP,UAAUhI,KACzB,CAACuI,cACCA,UAAS5F,iBAAiByF,SACzBG,UAAS1I,SAAS,SAASuI,OAAOC,WAAW,IAAA,SAASC,mCAAeC,UAAS5F,YAAY,MAAMyF,SACjGA,OAAOC,WAAWE,UAAS5F,YAAY,KACvC6F,2BAA2BD,WAAUrI,kBAAAA,CAAAA;AAEzC,QAAIqI,UAAU;AACZ,YAAM,EAAEtI,MAAM,GAAGwI,WAAAA,IAAeF;AAChC,aAAO;QAAE,GAAGE;QAAYxI,MAAM;UAAE,GAAGA;UAAMC;QAAmB;MAAE;IAChE,OAAO;AACL,aAAO;IACT;EACF,CAAA,EACCN,OAAO2D,sBAAAA;AAEV,SAAOnB,MAAM6E,KAAK,IAAIF,IAAIrH,KAAKgJ,OAAOP,YAAAA,CAAAA,CAAAA;AACxC;AAlEsBhG;AAgFtB,SAASqG,2BAA2BD,UAAgBrI,oBAAsC;AACxF,MACGA,mBAAmBL,SAAS,sCAAsCK,mBAAmBL,SAAS,uCAC/F0I,SAAS1I,SAAS,aAClB;AACA,WAAO;EACT;AACA,MAAI8I,gBAAYC,iCAAmB1I,kBAAAA;AACnC,MAAIqI,SAAStI,MAAMuC,SAAS;AAC1B,WAAOmG,cAAcJ,SAAStI,MAAMuC,QAAQC,YAAAA;EAC9C;AACA,QAAMoG,mBAAenG,oCAAe,OAAO6F,SAAS5F,YAAY,EAAEF,YAAW;AAC7E,SAAOoG,iBAAiBF;AAC1B;AAbSH;AAeT,eAAsBM,mBAAmBlK,SAAmC;AAC1E,UAAQ,MAAMA,QAAQwC,MAAM2H,uBAAsB,GAAIpJ,IAAI,CAAC2B,aAAaA,SAASmB,YAAW,EAAGqD,QAAQ,QAAQ,EAAA,CAAA;AACjH;AAFsBgD;AAIf,SAASE,OAAOC,QAA4C;AACjE,MAAI,OAAOA,OAAO1K,eAAe,UAAU;AACzC,WAAO0K,OAAO1K;EAChB,WAAW,OAAO0K,OAAO1K,eAAe,UAAU;AAChD,WAAO0K,OAAO1K,WAAW6B;EAC3B;AACA,QAAMhB,MAAM,sCAAsC;AACpD;AAPgB4J;AAST,SAASE,MAAM3K,YAAuD;AAC3E,MAAI,OAAOA,eAAe,UAAU;AAClC,WAAOA;EACT;AACA,MAAIA,WAAW6B,KAAK;AAClB,WAAO7B,WAAW6B;EACpB;AACA,QAAMhB,MAAM,oCAAoC;AAClD;AARgB8J;AAUT,SAASC,OAAOhI,aAA6D;AAClF,MAAI,CAACA,aAAa;AAChB,WAAO,CAAA;EACT;AACA,SAAOA,YAAYxB,IAAIuJ,KAAAA;AACzB;AALgBC;AAOhB,eAAsBC,OACpB,EACE7K,YACAO,iBAAiB,kBACjBiE,UAAS,GAMXnE,SAA+C;AAE/C,MAAI,CAACL,YAAY;AACf,WAAO4E,QAAQkG,OAAO,IAAIjK,MAAM,0CAA0C,CAAA;EAC5E;AAEA,QAAMkK,iBAAiBvG,WAAWwG,MAAM,GAAG;AAC3C,QAAMzJ,MAAMwJ,iBAAkBA,gBAAgB7H,WAAW,IAAI6H,eAAe,CAAA,IAAKA,eAAe,CAAA,IAAMtK;AAGtG,MAAIwK,gBAA2CxK;AAE/C,QAAMU,OAAO,MAAMyC,qCAAqC;IAAE5D;IAAYO;IAAgCiE;EAAqB,GAAGnE,OAAAA;AAC9H,MAAI,CAACc,QAAQA,KAAK+B,WAAW,GAAG;AAC9B,UAAM,IAAIrC,MAAM,gDAAgDN,cAAAA,YAA0BP,WAAW6B,GAAG,EAAE;EAC5G;AACA,MAAI2C,WAAW;AACbyG,oBAAgB9J,KAAKM,KACnB,CAACjB,QAAuBA,IAAIkB,KAAKC,oBAAoBuG,OAAO1D,aAAcjD,OAAOf,IAAIkB,KAAKC,oBAAoBuG,IAAInH,SAASQ,GAAAA,CAAAA;EAE/H;AACA,MAAI,CAAC0J,eAAe;AAClBA,oBAAgB9J,KAAKM,KACnB,CAACjB,QAAuBA,IAAIkB,KAAKC,oBAAoBL,SAASf,kBAAkBC,IAAIkB,KAAKE,UAAUb,SAASR,cAAAA,CAAAA;EAEhH;AACA,MAAI,CAAC0K,eAAe;AAClBA,oBAAgB9J,KAAK,CAAA;EACvB;AAEA,MAAI,CAAC8J,eAAe;AAClB,UAAM,IAAIpK,MACR,8DAA8D2D,SAAAA,mBAA4BjE,cAAAA,WAAyBP,WAAW6B,GAAG,EAAE;EAEvI;AAEA,SAAOoJ;AACT;AA/CsBJ;AAwDtB,eAAeK,oBACb,EACElL,WAAU,GAIZK,SAAmC;AAEnC,MAAI,OAAOL,eAAe,UAAU;AAClC,WAAO,MAAMK,QAAQwC,MAAMsI,cAAc;MAAEtJ,KAAK7B;IAAW,CAAA;EAC7D;AACA,SAAOA;AACT;AAZekL;AAoBf,eAAsBE,aACpB,EACE5K,KACAkK,OAAM,GAKRrK,SAA+C;AAE/C,MAAIG,IAAIkB,MAAMC,oBAAoBuG,IAAI;AACpC,WAAO1H,IAAIkB,MAAMC,oBAAoBuG;EACvC;AACA,QAAMlI,aAAa,MAAMkL,oBAAoBR,QAAQrK,OAAAA;AACrD,QAAMgL,aAAa,MAAMzH,qCACvB;IACE5D;IACAO,gBAAgB;EAClB,GACAF,OAAAA;AAEF,QAAMwJ,QAAQwB,WAAW5J,KAAK,CAAC6J,gBAAgBA,YAAY/J,QAAQf,IAAIe,GAAG;AAC1E,MAAIsI,OAAO;AACT,WAAOA,MAAMnI,MAAMC,oBAAoBuG,MAAM2B,MAAMnI,MAAM6C,iBAAiBmG,OAAOlG,aAAaqF,MAAMtI;EACtG;AAEA,SAAOf,IAAIkB,MAAM6C,iBAAiBmG,OAAOlG,aAAahE,IAAIe;AAC5D;AA3BsB6J;AA6BtB,eAAsBG,uBAAuBC,SAAsBnL,SAAmC;AACpG,SAAOmL,QAAQC,uBAAwB,MAAMlB,mBAAmBlK,OAAAA;AAClE;AAFsBkL;AAIf,SAASpC,iBACd9I,SACA0B,MAIC;AAED,SAAO,IAAI2J,iBAAiBrL,SAAS0B,IAAAA;AACvC;AATgBoH;AAWT,IAAMuC,mBAAN,MAAMA;EArvBb,OAqvBaA;;;EACMrL;EACAsL;EACAC;EACAC;EAEjB,YACExL,SACA0B,MACA;AACA,SAAK1B,UAAUA;AACf,SAAKsL,qBAAqB5J,MAAM4J,uBAAuB;AACvD,SAAKC,wBAAwB7J,MAAM6J,0BAA0B;AAC7D,SAAKC,kBAAkB9J,MAAM8J,oBAAoB;EACnD;EAEA,MAAMzC,QAAQrE,QAAgB5C,SAA8D;AAC1F,QAAI2J;AACJ,QAAIC;AACJ,QAAIC;AACJ,QAAI,CAAC,KAAKL,sBAAsB,CAAC,KAAKE,mBAAmB,CAAC,KAAKD,uBAAuB;AACpF,YAAM/K,MAAM,6HAA6H;IAC3I;AACA,QAAI,KAAK8K,oBAAoB;AAC3B,UAAI;AACFG,2BAAmB,MAAM,KAAKzL,QAAQwC,MAAMoJ,WAAW;UAAElH;UAAQ5C;QAAQ,CAAA;MAC3E,SAASyE,OAAgB;AACvBoF,cAAMpF;MACR;IACF;AACA,QAAIkF,kBAAkB;AACpBC,6BAAuBD;AACvB,UAAIA,iBAAiB5K,gBAAgB,MAAM;AACzC4K,2BAAmBrL;MACrB;IACF,OAAO;AACLoG,cAAQqF,IAAI,wEAAwE;IACtF;AACA,QAAI,CAACJ,oBAAoB,KAAKD,iBAAiB;AAC7ChF,cAAQqF,IAAI,kEAAkE;AAC9E,UAAI;AACF,cAAMrK,MAAMkD,OAAOiG,MAAM,GAAA,EAAK,CAAA;AAC9B,cAAMmB,cAAc,MAAM,KAAK9L,QAAQwC,MAAMsI,cAAc;UAAEtJ;QAAI,CAAA;AACjEiK,2BAAmBM,sBAAsBD,aAAa;UAAEtK;QAAI,CAAA;AAC5D,YAAIiK,iBAAiB5K,aAAa;AAChC8K,gBAAMvL;QACR,OAAO;AACLoG,kBAAQqF,IAAI,mDAAmDrK,GAAAA,EAAK;QACtE;MACF,SAAS+E,OAAgB;AACvB,YAAI,CAACoF,KAAK;AACRA,gBAAMpF;QACR;MACF;IACF;AACA,QAAIkF,kBAAkB;AACpB,UAAI,CAACC,sBAAsB;AACzBA,+BAAuBD;MACzB;AACA,UAAI,CAACA,iBAAiB5K,aAAa;AACjC4K,2BAAmBrL;MACrB;IACF;AACA,QAAI,CAACqL,oBAAoB,KAAKF,uBAAuB;AACnD/E,cAAQqF,IAAI,+CAA+CnH,MAAAA,GAAS;AACpE+G,yBAAmB,MAAM,IAAIO,kCAAAA,EAAcjD,QAAQrE,QAAQ5C,OAAAA;AAC3D,UAAI,CAAC4J,sBAAsB;AACzBA,+BAAuBD;MACzB;AACA,UAAIA,iBAAiB5K,aAAa;AAChC8K,cAAMvL;MACR;IACF;AAEA,QAAIuL,KAAK;AAEP,YAAMA;IACR;AACA,QAAI,CAACF,oBAAoB,CAACC,sBAAsB;AAC9C,YAAM,qBAAqBhH,MAAAA,gCAAsC,KAAK4G,kBAAkB,YAAY,KAAKE,eAAe,mBAAmB,KAAKD,qBAAqB;IACvK;AACA,WAAOE,oBAAoBC;EAC7B;AACF;AAYO,SAAS9K,cACdjB,YACA+B,MAGC;AAED,MAAIb,cAAuCT;AAE3C,MAAIT,YAAY;AACd,UAAM6B,MAAM7B,WAAW6B,OAAOE,MAAMF;AACpCX,kBAAc;MACZ,YAAY;MACZgH,IAAIrG;MACJF,oBAAoB3B,WAAWmB,KAAKC,IAAI,CAACZ,QAAAA;AACvC,cAAMkF,KAAyB;UAC7B4G,YAAYzK;UACZqG,IAAI1H,IAAIe,IAAIuI,WAAWjI,GAAAA,KAAQrB,IAAIe,IAAIR,SAAS,GAAA,IAAOP,IAAIe,MAAM,GAAGM,GAAAA,IAAOrB,IAAIe,GAAG;UAClF8D,kBAAc2C,0BAAMxH,IAAI4D,cAAc5D,IAAIc,MAAM;YAC9CiL,KAAKC,gCAAazL,SAASP,IAAIc,IAAI,IAAImL,6BAAUC,aAAaD,6BAAUE;YACxEnM;UACF,CAAA;UACAc,MAAM;QACR;AACA,eAAOoE;MACT,CAAA;MACA,IAAK3D,MAAMwK,QAAQ9L,UAAasB,MAAMwK,KAAKxL,SAAS0L,6BAAUE,SAAS,MACrE3M,WAAWmB,QAAQ;QACjB0H,iBAAiB7I,WAAWmB,KACzBE,OACC,CAACb,QACCA,KAAKkB,MAAMkL,YAAYnM,UAAaD,KAAKkB,MAAMkL,YAAY,qBAAqBpM,KAAKkB,MAAME,UAAUb,SAAS,iBAAA,CAAA,EAEjHK,IAAI,CAACZ,QAAAA;AACJ,cAAIA,IAAIe,IAAIuI,WAAWjI,GAAAA,KAAQrB,IAAIe,IAAIR,SAAS,GAAA,GAAM;AACpD,mBAAOP,IAAIe;UACb;AACA,iBAAO,GAAGM,GAAAA,IAAOrB,IAAIe,GAAG;QAC1B,CAAA;MACJ;MACF,IAAKQ,MAAMwK,QAAQ9L,UAAasB,MAAMwK,KAAKxL,SAAS0L,6BAAUE,SAAS,MACrE3M,WAAWmB,QAAQ;QACjB2H,gBAAgB9I,WAAWmB,KACxBE,OACC,CAACb,QAAQA,KAAKkB,MAAMkL,YAAYnM,UAAaD,KAAKkB,MAAMkL,YAAY,oBAAoBpM,KAAKkB,MAAME,UAAUb,SAAS,gBAAA,CAAA,EAEvHK,IAAI,CAACZ,QAAAA;AACJ,cAAIA,IAAIe,IAAIuI,WAAWjI,GAAAA,KAAQrB,IAAIe,IAAIR,SAAS,GAAA,GAAM;AACpD,mBAAOP,IAAIe;UACb;AACA,iBAAO,GAAGM,GAAAA,IAAOrB,IAAIe,GAAG;QAC1B,CAAA;MACJ;MACF,IAAKQ,MAAMwK,QAAQ9L,UAAasB,MAAMwK,KAAKxL,SAAS0L,6BAAUC,UAAU,MACtE1M,WAAWmB,QAAQ;QACjB4H,cAAc/I,WAAWmB,KACtBE,OAAO,CAACb,QAAQA,IAAIc,SAAS,YAAYd,KAAKkB,MAAMkL,YAAY,kBAAkBpM,KAAKkB,MAAME,UAAUb,SAAS,cAAA,CAAA,EAChHK,IAAI,CAACZ,QAAAA;AACJ,cAAIA,IAAIe,IAAIuI,WAAWjI,GAAAA,KAAQrB,IAAIe,IAAIR,SAAS,GAAA,GAAM;AACpD,mBAAOP,IAAIe;UACb;AACA,iBAAO,GAAGM,GAAAA,IAAOrB,IAAIe,GAAG;QAC1B,CAAA;MACJ;MACF,IAAKQ,MAAMwK,QAAQ9L,UAAasB,MAAMwK,KAAKxL,SAAS0L,6BAAUC,UAAU,MACtE1M,WAAWmB,QAAQ;QACjB6H,sBAAsBhJ,WAAWmB,KAC9BE,OACC,CAACb,QAAQA,IAAIc,SAAS,YAAYd,KAAKkB,MAAMkL,YAAY,0BAA0BpM,KAAKkB,MAAME,UAAUb,SAAS,sBAAA,CAAA,EAElHK,IAAI,CAACZ,QAAAA;AACJ,cAAIA,IAAIe,IAAIuI,WAAWjI,GAAAA,KAAQrB,IAAIe,IAAIR,SAAS,GAAA,GAAM;AACpD,mBAAOP,IAAIe;UACb;AACA,iBAAO,GAAGM,GAAAA,IAAOrB,IAAIe,GAAG;QAC1B,CAAA;MACJ;MACF,IAAKQ,MAAMwK,QAAQ9L,UAAasB,MAAMwK,KAAKxL,SAAS0L,6BAAUC,UAAU,MACtE1M,WAAWmB,QAAQ;QACjB8H,sBAAsBjJ,WAAWmB,KAC9BE,OACC,CAACb,QAAQA,IAAIc,SAAS,YAAYd,KAAKkB,MAAMkL,YAAY,0BAA0BpM,KAAKkB,MAAME,UAAUb,SAAS,sBAAA,CAAA,EAElHK,IAAI,CAACZ,QAAAA;AACJ,cAAIA,IAAIe,IAAIuI,WAAWjI,GAAAA,KAAQrB,IAAIe,IAAIR,SAAS,GAAA,GAAM;AACpD,mBAAOP,IAAIe;UACb;AACA,iBAAO,GAAGM,GAAAA,IAAOrB,IAAIe,GAAG;QAC1B,CAAA;MACJ;MACF,GAAIvB,WAAW6M,YAAY7M,WAAW6M,SAAS3J,SAAS,KAAK;QAAE4J,SAAS9M,WAAW6M;MAAS;IAC9F;EACF;AACA,SAAO3L;AACT;AA9FgBD;AAgGT,SAASmL,sBACdpM,YACA+B,MAGC;AAED,QAAMb,cAAcD,cAAcjB,YAAY+B,IAAAA,KAAS;AAEvD,QAAM+J,mBAAwC;IAC5C,YAAY;IACZ5K;IACA6L,uBAAuB;MACrB,GAAI,CAAC7L,eAAe;QAAE0F,OAAO;MAAW;MACxC,GAAI/C,MAAMC,QAAQ/B,MAAMiL,gBAAAA,KACtBhN,cACA,CAAC+B,MAAMiL,iBAAiBjM,SAASf,WAAW+C,SAASwE,QAAQ,QAAQ,EAAA,CAAA,KAAQ;QAAEX,OAAO;MAAuB;IACjH;IACAqG,qBAAqB;MACnB,GAAIjN,YAAYsD,SAAS;QAAE4J,cAAclN,YAAYsD;MAAM;IAC7D;EACF;AACA,SAAOwI;AACT;AAvBgBM;AAyBhB,eAAsBe,SAASC,eAAqB;AAClD,MAAIvL,MAAMuL;AACV,MAAI,CAACvL,KAAK;AACR,UAAMhB,MAAM,+CAAA;EACd;AACA,MAAIgB,IAAIiI,WAAW,UAAA,GAAa;AAC9B,WAAOjI;EACT;AACA,SAAO,WAAWA,IAAI0F,QAAQ,2BAA2B,IAAA,EAAMrD,YAAW,CAAA;AAC5E;AATsBiJ;AAcf,IAAME,aAAa,8BAAOC,SAAAA;AAC/B,QAAM,EAAE5C,QAAQ6C,QAAQC,SAASnN,SAAS8B,QAAO,IAAKmL;AACtD,QAAMG,aAAa;IACjB,GAAGtL;IACHuL,QAAQ,MAAMC,aAAa;MAAEjD;MAAQrK;IAAQ,CAAA;EAC/C;AAEA,aAAOuN,0BAAUJ,SAASC,YAAYF,MAAAA;AACxC,GAR0B;AAanB,IAAMI,eAAe,8BAC1BL,SAAAA;AAiBA,QAAM,EAAE5C,QAAQrK,QAAO,IAAKiN;AAE5B,QAAMtN,aAAa,MAAMkL,oBAAoBR,QAAQrK,OAAAA;AACrD,QAAMG,MAAM,MAAMqK,OAChB;IACE7K;IACAO,gBAAgBmK,OAAOmD;IACvBrJ,WAAWkG,OAAOlG;EACpB,GACAnE,OAAAA;AAEF,QAAMyN,YAAY,UAAMC,8CAA0B;IAAEvN;EAAI,CAAA;AAExD,SAAO,OAAOwN,SAAAA;AACZ,UAAM1G,QAAQ0G,gBAAgBC,OAAOC,eAAerG,UAAAA,IAAc,IAAIsG,YAAAA,EAAcC,OAAOJ,IAAAA,IAAuBA;AAClH,WAAO,MAAM3N,QAAQwC,MAAMwL,eAAe;MACxCC,QAAQ9N,IAAIe;MACZuM;MACAE,MAAM1G;IACR,CAAA;EACF;AACF,GAvC4B;","names":["import_ssi_sdk_ext","SupportedDidMethodEnum","IdentifierAliasEnum","DID_PREFIX","fromString","toString","u8a","getAuthenticationKey","identifier","offlineWhenNoDIDRegistered","noVerificationMethodFallback","keyType","controllerKey","context","getFirstKeyWithRelation","vmRelationship","key","undefined","getFirstKeyWithRelationFromDIDDoc","errorOnNotFound","e","Error","message","includes","offlineDID","toDidDocument","didDocument","keys","map","filter","type","kid","controllerKeyId","find","meta","verificationMethod","purposes","did","getOrCreatePrimaryIdentifier","opts","primaryIdentifier","getPrimaryIdentifier","createOpts","options","method","created","result","SupportedDidMethodEnum","DID_KEY","codecName","createdIdentifier","createIdentifier","identifiers","agent","didManagerFind","provider","DID_PREFIX","some","length","didManagerCreate","kms","getKms","alias","IdentifierAliasEnum","PRIMARY","Date","getTime","matchedKeys","mapIdentifierKeysToDocWithJwkSupport","Array","isArray","getEthereumAddressFromKey","ethereumAddress","account","toLowerCase","computeAddress","publicKeyHex","getControllerKey","getKeys","jwkThumbprint","kmsKeyRef","dereferenceDidKeysWithJwkSupport","section","convert","Promise","all","getDIDComponentById","didUrl","isDefined","hexKey","extractPublicKeyHexWithJwkSupport","publicKeyBase58","publicKeyBase64","publicKeyJwk","keyProps","newKey","jwkTtoPublicKeyHex","jwk","vm","sanitizedJwk","pk","kty","curve","crv","toEcLibCurve","xHex","base64ToHex","x","yHex","y","prefix","hex","ec","elliptic","keyFromPublic","getPublic","error","console","rsaJwkToRawHexKey","extractPublicKeyHex","isEvenHexString","lastChar","keyBytes","extractPublicKeyBytes","convertPublicKeyToX25519","bytesToHex","input","replace","base58ToBytes","publicKeyMultibase","multibaseKeyToBytes","base64ToBytes","hexToBytes","Uint8Array","verificationMethodToJwk","trim","toJwk","keyTypeFromCryptographicSuite","id","didDocumentSectionToJwks","didDocumentSection","searchForVerificationMethods","verificationMethods","jwks","Set","vmOrId","from","didDocumentToJwks","publicKey","assertionMethod","authentication","keyAgreement","capabilityInvocation","capabilityDelegation","didDoc","getAgentResolver","resolve","then","mapIdentifierKeysToDoc","documentKeys","found","localKeys","convertIdentifierEncryptionKeys","compressIdentifierSecp256k1Keys","extendedKeys","vmKey","startsWith","toPkcs1FromHex","localKey","compareBlockchainAccountId","localProps","concat","vmEthAddr","getEthereumAddress","computedAddr","getAgentDIDMethods","didManagerGetProviders","getDID","idOpts","toDID","toDIDs","getKey","reject","kmsKeyRefParts","split","identifierKey","legacyGetIdentifier","didManagerGet","determineKid","mappedKeys","extendedKey","getSupportedDIDMethods","didOpts","supportedDIDMethods","AgentDIDResolver","resolverResolution","uniresolverResolution","localResolution","resolutionResult","origResolutionResult","err","resolveDid","log","iIdentifier","toDidResolutionResult","UniResolver","controller","use","ENC_KEY_ALGS","JwkKeyUse","Encryption","Signature","purpose","services","service","didResolutionMetadata","supportedMethods","didDocumentMetadata","equivalentId","asDidWeb","hostnameOrDID","signDidJWT","args","header","payload","jwtOptions","signer","getDidSigner","createJWT","verificationMethodSection","algorithm","signatureAlgorithmFromKey","data","Object","getPrototypeOf","TextDecoder","decode","keyManagerSign","keyRef"]}
1
+ {"version":3,"sources":["../src/index.ts","../src/did-functions.ts","../src/types.ts"],"sourcesContent":["export * from './did-functions'\nexport * from './types'\n","import { computeAddress } from '@ethersproject/transactions'\nimport { UniResolver } from '@sphereon/did-uni-client'\nimport {\n ENC_KEY_ALGS,\n getKms,\n JwkKeyUse,\n keyTypeFromCryptographicSuite,\n rsaJwkToRawHexKey,\n sanitizedJwk,\n signatureAlgorithmFromKey,\n type TKeyType,\n toJwk,\n toPkcs1FromHex,\n} from '@sphereon/ssi-sdk-ext.key-utils'\nimport { base64ToHex } from '@sphereon/ssi-sdk-ext.x509-utils'\nimport { base58ToBytes, base64ToBytes, bytesToHex, hexToBytes, multibaseKeyToBytes } from '@sphereon/ssi-sdk.core'\nimport type { JWK } from '@sphereon/ssi-types'\nimport { convertPublicKeyToX25519 } from '@stablelib/ed25519'\nimport type { DIDDocument, DIDDocumentSection, DIDResolutionResult, IAgentContext, IDIDManager, IIdentifier, IKey, IResolver } from '@veramo/core'\nimport {\n type _ExtendedIKey,\n type _ExtendedVerificationMethod,\n type _NormalizedVerificationMethod,\n compressIdentifierSecp256k1Keys,\n convertIdentifierEncryptionKeys,\n getEthereumAddress,\n isDefined,\n mapIdentifierKeysToDoc,\n} from '@veramo/utils'\nimport { createJWT, Signer } from 'did-jwt'\nimport type { DIDResolutionOptions, JsonWebKey, Resolvable, VerificationMethod } from 'did-resolver'\n// @ts-ignore\nimport elliptic from 'elliptic'\n// @ts-ignore\nimport * as u8a from 'uint8arrays'\nimport {\n type CreateIdentifierOpts,\n type CreateOrGetIdentifierOpts,\n DID_PREFIX,\n type GetOrCreateResult,\n type GetSignerArgs,\n IdentifierAliasEnum,\n type IdentifierProviderOpts,\n type IDIDOptions,\n type SignJwtArgs,\n SupportedDidMethodEnum,\n} from './types'\n\nconst { fromString, toString } = u8a\n\nexport const getAuthenticationKey = async (\n {\n identifier,\n offlineWhenNoDIDRegistered,\n noVerificationMethodFallback,\n keyType,\n controllerKey,\n }: {\n identifier: IIdentifier\n keyType?: TKeyType\n offlineWhenNoDIDRegistered?: boolean\n noVerificationMethodFallback?: boolean\n controllerKey?: boolean\n },\n context: IAgentContext<IResolver & IDIDManager>,\n): Promise<_ExtendedIKey> => {\n return await getFirstKeyWithRelation(\n {\n identifier,\n offlineWhenNoDIDRegistered,\n noVerificationMethodFallback,\n keyType,\n controllerKey,\n vmRelationship: 'authentication',\n },\n context,\n )\n}\nexport const getFirstKeyWithRelation = async (\n {\n identifier,\n offlineWhenNoDIDRegistered,\n noVerificationMethodFallback,\n keyType,\n controllerKey,\n vmRelationship,\n }: {\n identifier: IIdentifier\n keyType?: TKeyType\n offlineWhenNoDIDRegistered?: boolean\n noVerificationMethodFallback?: boolean\n controllerKey?: boolean\n vmRelationship: DIDDocumentSection\n },\n context: IAgentContext<IResolver & IDIDManager>,\n): Promise<_ExtendedIKey> => {\n let key: _ExtendedIKey | undefined = undefined\n try {\n key =\n (await getFirstKeyWithRelationFromDIDDoc(\n {\n identifier,\n vmRelationship,\n errorOnNotFound: false,\n keyType,\n controllerKey,\n },\n context,\n )) ??\n (noVerificationMethodFallback || vmRelationship === 'verificationMethod' // let's not fallback to the same value again\n ? undefined\n : await getFirstKeyWithRelationFromDIDDoc(\n {\n identifier,\n vmRelationship: 'verificationMethod',\n errorOnNotFound: false,\n keyType,\n controllerKey,\n },\n context,\n ))\n } catch (e) {\n if (e instanceof Error) {\n if (!e.message.includes('404') || !offlineWhenNoDIDRegistered) {\n throw e\n }\n } else {\n throw e\n }\n }\n if (!key && offlineWhenNoDIDRegistered) {\n const offlineDID = toDidDocument(identifier)\n key =\n (await getFirstKeyWithRelationFromDIDDoc(\n {\n identifier,\n vmRelationship,\n errorOnNotFound: false,\n didDocument: offlineDID,\n keyType,\n controllerKey,\n },\n context,\n )) ??\n (noVerificationMethodFallback || vmRelationship === 'verificationMethod' // let's not fallback to the same value again\n ? undefined\n : await getFirstKeyWithRelationFromDIDDoc(\n {\n identifier,\n vmRelationship: 'verificationMethod',\n errorOnNotFound: false,\n didDocument: offlineDID,\n keyType,\n controllerKey,\n },\n context,\n ))\n if (!key) {\n key = identifier.keys\n .map((key) => key as _ExtendedIKey)\n .filter((key) => keyType === undefined || key.type === keyType || (controllerKey && key.kid === identifier.controllerKeyId))\n .find((key) => key.meta.verificationMethod?.type.includes('authentication') || key.meta.purposes?.includes('authentication'))\n }\n }\n if (!key) {\n throw Error(`Could not find authentication key for DID ${identifier.did}`)\n }\n return key\n}\n\nexport const getOrCreatePrimaryIdentifier = async (\n context: IAgentContext<IDIDManager>,\n opts?: CreateOrGetIdentifierOpts,\n): Promise<GetOrCreateResult<IIdentifier>> => {\n const primaryIdentifier = await getPrimaryIdentifier(context, { ...opts?.createOpts?.options, ...(opts?.method && { method: opts.method }) })\n if (primaryIdentifier !== undefined) {\n return {\n created: false,\n result: primaryIdentifier,\n }\n }\n\n if (opts?.method === SupportedDidMethodEnum.DID_KEY) {\n const createOpts = opts?.createOpts ?? {}\n createOpts.options = { codecName: 'EBSI', type: 'Secp256r1', ...createOpts }\n opts.createOpts = createOpts\n }\n const createdIdentifier = await createIdentifier(context, opts)\n return {\n created: true,\n result: createdIdentifier,\n }\n}\n\nexport const getPrimaryIdentifier = async (context: IAgentContext<IDIDManager>, opts?: IdentifierProviderOpts): Promise<IIdentifier | undefined> => {\n const identifiers = (await context.agent.didManagerFind(opts?.method ? { provider: `${DID_PREFIX}${opts?.method}` } : {})).filter(\n (identifier: IIdentifier) => opts?.type === undefined || identifier.keys.some((key: IKey) => key.type === opts?.type),\n )\n\n return identifiers && identifiers.length > 0 ? identifiers[0] : undefined\n}\n\nexport const createIdentifier = async (context: IAgentContext<IDIDManager>, opts?: CreateIdentifierOpts): Promise<IIdentifier> => {\n return await context.agent.didManagerCreate({\n kms: await getKms(context, opts?.createOpts?.kms),\n ...(opts?.method && { provider: `${DID_PREFIX}${opts?.method}` }),\n alias: opts?.createOpts?.alias ?? `${IdentifierAliasEnum.PRIMARY}-${opts?.method}-${opts?.createOpts?.options?.type}-${new Date().getTime()}`,\n options: opts?.createOpts?.options,\n })\n}\n\nexport const getFirstKeyWithRelationFromDIDDoc = async (\n {\n identifier,\n vmRelationship = 'verificationMethod',\n keyType,\n errorOnNotFound = false,\n didDocument,\n controllerKey,\n }: {\n identifier: IIdentifier\n controllerKey?: boolean\n vmRelationship?: DIDDocumentSection\n keyType?: TKeyType\n errorOnNotFound?: boolean\n didDocument?: DIDDocument\n },\n context: IAgentContext<IResolver & IDIDManager>,\n): Promise<_ExtendedIKey | undefined> => {\n const matchedKeys = await mapIdentifierKeysToDocWithJwkSupport({ identifier, vmRelationship, didDocument }, context)\n if (Array.isArray(matchedKeys) && matchedKeys.length > 0) {\n const result = matchedKeys.find(\n (key) => keyType === undefined || key.type === keyType || (controllerKey && key.kid === identifier.controllerKeyId),\n )\n if (result) {\n return result\n }\n }\n if (errorOnNotFound) {\n throw new Error(\n `Could not find key with relationship ${vmRelationship} in DID document for ${identifier.did}${keyType ? ' and key type: ' + keyType : ''}`,\n )\n }\n return undefined\n}\n\nexport const getEthereumAddressFromKey = ({ key }: { key: IKey }) => {\n if (key.type !== 'Secp256k1') {\n throw Error(`Can only get ethereum address from a Secp256k1 key. Type is ${key.type} for keyRef: ${key.kid}`)\n }\n const ethereumAddress = key.meta?.ethereumAddress ?? key.meta?.account?.toLowerCase() ?? computeAddress(`0x${key.publicKeyHex}`).toLowerCase()\n if (!ethereumAddress) {\n throw Error(`Could not get or generate ethereum address from key with keyRef ${key.kid}`)\n }\n return ethereumAddress\n}\n\nexport const getControllerKey = ({ identifier }: { identifier: IIdentifier }) => {\n const key = identifier.keys.find((key) => key.kid === identifier.controllerKeyId)\n if (!key) {\n throw Error(`Could not get controller key for identifier ${identifier}`)\n }\n return key\n}\n\nexport const getKeys = ({\n jwkThumbprint,\n kms,\n identifier,\n kmsKeyRef,\n keyType,\n controllerKey,\n}: {\n identifier: IIdentifier\n kmsKeyRef?: string\n keyType?: TKeyType\n kms?: string\n jwkThumbprint?: string\n controllerKey?: boolean\n}) => {\n return identifier.keys\n .filter((key) => !keyType || key.type === keyType)\n .filter((key) => !kms || key.kms === kms)\n .filter((key) => !kmsKeyRef || key.kid === kmsKeyRef)\n .filter((key) => !jwkThumbprint || key.meta?.jwkThumbprint === jwkThumbprint)\n .filter((key) => !controllerKey || identifier.controllerKeyId === key.kid)\n}\n\n//TODO: Move to ssi-sdk/core and create PR upstream\n/**\n * Dereferences keys from DID document and normalizes them for easy comparison.\n *\n * When dereferencing keyAgreement keys, only Ed25519 and X25519 curves are supported.\n * Other key types are omitted from the result and Ed25519 keys are converted to X25519\n *\n * @returns a Promise that resolves to the list of dereferenced keys.\n *\n * @beta This API may change without a BREAKING CHANGE notice.\n */\nexport async function dereferenceDidKeysWithJwkSupport(\n didDocument: DIDDocument,\n section: DIDDocumentSection = 'keyAgreement',\n context: IAgentContext<IResolver>,\n): Promise<_NormalizedVerificationMethod[]> {\n const convert = section === 'keyAgreement'\n if (section === 'service') {\n return []\n }\n return (\n await Promise.all(\n (didDocument[section] || []).map(async (key: string | VerificationMethod) => {\n if (typeof key === 'string') {\n try {\n return (await context.agent.getDIDComponentById({\n didDocument,\n didUrl: key,\n section,\n })) as _ExtendedVerificationMethod\n } catch (e) {\n return null\n }\n } else {\n return key as _ExtendedVerificationMethod\n }\n }),\n )\n )\n .filter(isDefined)\n .map((key) => {\n const hexKey = extractPublicKeyHexWithJwkSupport(key, convert)\n const { publicKeyHex, publicKeyBase58, publicKeyBase64, publicKeyJwk, ...keyProps } = key\n const newKey = { ...keyProps, publicKeyHex: hexKey }\n if (convert && 'Ed25519VerificationKey2018' === newKey.type) {\n newKey.type = 'X25519KeyAgreementKey2019'\n }\n return newKey\n })\n}\n\nexport function jwkTtoPublicKeyHex(jwk: JWK): string {\n // todo: Hacky way to convert this to a VM. Should extract the logic from the below methods\n // @ts-ignore\n const vm: _ExtendedVerificationMethod = {\n publicKeyJwk: sanitizedJwk(jwk),\n }\n return extractPublicKeyHexWithJwkSupport(vm)\n}\n\n/**\n * Converts the publicKey of a VerificationMethod to hex encoding (publicKeyHex)\n *\n * @param pk - the VerificationMethod to be converted\n * @param convert - when this flag is set to true, Ed25519 keys are converted to their X25519 pairs\n * @returns the hex encoding of the public key\n *\n * @beta This API may change without a BREAKING CHANGE notice.\n */\nexport function extractPublicKeyHexWithJwkSupport(pk: _ExtendedVerificationMethod, convert = false): string {\n if (pk.publicKeyJwk) {\n const jwk = sanitizedJwk(pk.publicKeyJwk)\n if (jwk.kty === 'EC') {\n const curve = jwk.crv ? toEcLibCurve(jwk.crv) : 'p256'\n const xHex = base64ToHex(jwk.x!, 'base64url')\n const yHex = base64ToHex(jwk.y!, 'base64url')\n const prefix = '04' // isEven(yHex) ? '02' : '03'\n // Uncompressed Hex format: 04<x><y>\n // Compressed Hex format: 02<x> (for even y) or 03<x> (for uneven y)\n const hex = `${prefix}${xHex}${yHex}`\n try {\n const ec = new elliptic.ec(curve)\n // We return directly as we don't want to convert the result back into Uint8Array and then convert again to hex as the elliptic lib already returns hex strings\n const publicKeyHex = ec.keyFromPublic(hex, 'hex').getPublic(true, 'hex')\n // This returns a short form (x) with 02 or 03 prefix\n return publicKeyHex\n } catch (error: any) {\n console.error(`Error converting EC with elliptic lib curve ${curve} from JWK to hex. x: ${jwk.x}, y: ${jwk.y}, error: ${error}`, error)\n }\n } else if (jwk.crv === 'Ed25519') {\n return toString(fromString(jwk.x!, 'base64url'), 'base16')\n } else if (jwk.kty === 'RSA') {\n return rsaJwkToRawHexKey(jwk)\n // return hexKeyFromPEMBasedJwk(jwk, 'public')\n }\n }\n // delegate the other types to the original Veramo function\n return extractPublicKeyHex(pk, convert)\n}\n\nexport function isEvenHexString(hex: string) {\n const lastChar = hex[hex.length - 1].toLowerCase()\n return ['0', '2', '4', '6', '8', 'a', 'c', 'e'].includes(lastChar)\n}\n\ninterface LegacyVerificationMethod extends VerificationMethod {\n publicKeyBase64: string\n}\n\n/**\n * Converts the publicKey of a VerificationMethod to hex encoding (publicKeyHex)\n *\n * @param pk - the VerificationMethod to be converted\n * @param convert - when this flag is set to true, Ed25519 keys are converted to their X25519 pairs\n * @returns the hex encoding of the public key\n *\n * @beta This API may change without a BREAKING CHANGE notice.\n */\nexport function extractPublicKeyHex(pk: _ExtendedVerificationMethod, convert: boolean = false): string {\n let keyBytes = extractPublicKeyBytes(pk)\n const jwk = pk.publicKeyJwk ? sanitizedJwk(pk.publicKeyJwk) : undefined\n if (convert) {\n if (\n ['Ed25519', 'Ed25519VerificationKey2018', 'Ed25519VerificationKey2020'].includes(pk.type) ||\n (pk.type === 'JsonWebKey2020' && jwk?.crv === 'Ed25519')\n ) {\n keyBytes = convertPublicKeyToX25519(keyBytes)\n } else if (\n !['X25519', 'X25519KeyAgreementKey2019', 'X25519KeyAgreementKey2020'].includes(pk.type) &&\n !(pk.type === 'JsonWebKey2020' && jwk?.crv === 'X25519')\n ) {\n return ''\n }\n }\n return bytesToHex(keyBytes)\n}\n\nfunction toEcLibCurve(input: string) {\n return input.toLowerCase().replace('-', '').replace('_', '')\n}\n\nfunction extractPublicKeyBytes(pk: VerificationMethod): Uint8Array {\n if (pk.publicKeyBase58) {\n return base58ToBytes(pk.publicKeyBase58)\n } else if (pk.publicKeyMultibase) {\n return multibaseKeyToBytes(pk.publicKeyMultibase)\n } else if ((<LegacyVerificationMethod>pk).publicKeyBase64) {\n return base64ToBytes((<LegacyVerificationMethod>pk).publicKeyBase64)\n } else if (pk.publicKeyHex) {\n return hexToBytes(pk.publicKeyHex)\n } else if (pk.publicKeyJwk?.crv && pk.publicKeyJwk.x && pk.publicKeyJwk.y) {\n return hexToBytes(extractPublicKeyHexWithJwkSupport(pk))\n } else if (pk.publicKeyJwk && (pk.publicKeyJwk.crv === 'Ed25519' || pk.publicKeyJwk.crv === 'X25519') && pk.publicKeyJwk.x) {\n return base64ToBytes(pk.publicKeyJwk.x)\n }\n return new Uint8Array()\n}\n\nexport function verificationMethodToJwk(vm: VerificationMethod, errorOnNotFound = true): JWK | null {\n let jwk: JWK | undefined = vm.publicKeyJwk as JWK\n if (!jwk) {\n let publicKeyHex = vm.publicKeyHex ?? toString(extractPublicKeyBytes(vm), 'hex')\n if (publicKeyHex && publicKeyHex.trim() !== '') {\n jwk = toJwk(publicKeyHex, keyTypeFromCryptographicSuite({ crv: vm.type }))\n }\n }\n if (!jwk) {\n if (errorOnNotFound) {\n throw Error(`Could not convert verification method ${vm.id} to jwk`)\n }\n return null\n }\n jwk.kid = vm.id\n return sanitizedJwk(jwk)\n}\n\nfunction didDocumentSectionToJwks(\n didDocumentSection: DIDDocumentSection,\n searchForVerificationMethods?: (VerificationMethod | string)[],\n verificationMethods?: VerificationMethod[],\n) {\n const jwks = new Set(\n (searchForVerificationMethods ?? [])\n .map((vmOrId) => (typeof vmOrId === 'object' ? vmOrId : verificationMethods?.find((vm) => vm.id === vmOrId)))\n .filter(isDefined)\n .map((vm) => verificationMethodToJwk(vm, false))\n .filter(isDefined),\n )\n return { didDocumentSection, jwks: Array.from(jwks) }\n}\n\nexport type DidDocumentJwks = Record<Exclude<DIDDocumentSection, 'publicKey' | 'service'>, Array<JWK>>\n\nexport function didDocumentToJwks(didDocument: DIDDocument): DidDocumentJwks {\n return {\n verificationMethod: [\n ...didDocumentSectionToJwks('publicKey', didDocument.publicKey, didDocument.verificationMethod).jwks, // legacy support\n ...didDocumentSectionToJwks('verificationMethod', didDocument.verificationMethod, didDocument.verificationMethod).jwks,\n ],\n assertionMethod: didDocumentSectionToJwks('assertionMethod', didDocument.assertionMethod, didDocument.verificationMethod).jwks,\n authentication: didDocumentSectionToJwks('authentication', didDocument.authentication, didDocument.verificationMethod).jwks,\n keyAgreement: didDocumentSectionToJwks('keyAgreement', didDocument.keyAgreement, didDocument.verificationMethod).jwks,\n capabilityInvocation: didDocumentSectionToJwks('capabilityInvocation', didDocument.capabilityInvocation, didDocument.verificationMethod).jwks,\n capabilityDelegation: didDocumentSectionToJwks('capabilityDelegation', didDocument.capabilityDelegation, didDocument.verificationMethod).jwks,\n }\n}\n\n/**\n * Maps the keys of a locally managed {@link @veramo/core#IIdentifier | IIdentifier} to the corresponding\n * {@link did-resolver#VerificationMethod | VerificationMethod} entries from the DID document.\n *\n * @param identifier - the identifier to be mapped\n * @param section - the section of the DID document to be mapped (see\n * {@link https://www.w3.org/TR/did-core/#verification-relationships | verification relationships}), but can also be\n * `verificationMethod` to map all the keys.\n * @param didDocument\n * @param context - the veramo agent context, which must contain a {@link @veramo/core#IResolver | IResolver}\n * implementation that can resolve the DID document of the identifier.\n *\n * @returns an array of mapped keys. The corresponding verification method is added to the `meta.verificationMethod`\n * property of the key.\n *\n * @beta This API may change without a BREAKING CHANGE notice.\n */\nexport async function mapIdentifierKeysToDocWithJwkSupport(\n {\n identifier,\n vmRelationship = 'verificationMethod',\n didDocument,\n kmsKeyRef,\n }: {\n identifier: IIdentifier\n vmRelationship?: DIDDocumentSection\n didDocument?: DIDDocument\n kmsKeyRef?: string\n },\n context: IAgentContext<IResolver & IDIDManager>,\n): Promise<_ExtendedIKey[]> {\n const didDoc =\n didDocument ??\n (await getAgentResolver(context)\n .resolve(identifier.did)\n .then((result) => result.didDocument))\n if (!didDoc) {\n throw Error(`Could not resolve DID ${identifier.did}`)\n }\n\n // const rsaDidWeb = identifier.keys && identifier.keys.length > 0 && identifier.keys.find((key) => key.type === 'RSA') && didDocument\n\n // We skip mapping in case the identifier is RSA and a did document is supplied.\n const keys = didDoc ? [] : await mapIdentifierKeysToDoc(identifier, vmRelationship, context)\n\n // dereference all key agreement keys from DID document and normalize\n const documentKeys: VerificationMethod[] = await dereferenceDidKeysWithJwkSupport(didDoc, vmRelationship, context)\n\n if (kmsKeyRef) {\n let found = keys.filter((key) => key.kid === kmsKeyRef)\n if (found.length > 0) {\n return found\n }\n }\n\n const localKeys = vmRelationship === 'keyAgreement' ? convertIdentifierEncryptionKeys(identifier) : compressIdentifierSecp256k1Keys(identifier)\n\n // finally map the didDocument keys to the identifier keys by comparing `publicKeyHex`\n const extendedKeys: _ExtendedIKey[] = documentKeys\n .map((verificationMethod) => {\n let vmKey = verificationMethod.publicKeyHex\n if (vmKey?.startsWith('30')) {\n // DER encoded\n vmKey = toPkcs1FromHex(vmKey)\n }\n\n const localKey = localKeys.find(\n (localKey) =>\n localKey.publicKeyHex === vmKey ||\n (localKey.type === 'RSA' && vmKey?.startsWith('30') && toPkcs1FromHex(localKey.publicKeyHex) === vmKey) ||\n vmKey?.startsWith(localKey.publicKeyHex) ||\n compareBlockchainAccountId(localKey, verificationMethod),\n )\n if (localKey) {\n const { meta, ...localProps } = localKey\n return { ...localProps, meta: { ...meta, verificationMethod } }\n } else {\n return null\n }\n })\n .filter(isDefined)\n\n return Array.from(new Set(keys.concat(extendedKeys)))\n}\n\n/**\n * Compares the `blockchainAccountId` of a `EcdsaSecp256k1RecoveryMethod2020` verification method with the address\n * computed from a locally managed key.\n *\n * @returns true if the local key address corresponds to the `blockchainAccountId`\n *\n * @param localKey - The locally managed key\n * @param verificationMethod - a {@link did-resolver#VerificationMethod | VerificationMethod} with a\n * `blockchainAccountId`\n *\n * @beta This API may change without a BREAKING CHANGE notice.\n */\nfunction compareBlockchainAccountId(localKey: IKey, verificationMethod: VerificationMethod): boolean {\n if (\n (verificationMethod.type !== 'EcdsaSecp256k1RecoveryMethod2020' && verificationMethod.type !== 'EcdsaSecp256k1VerificationKey2019') ||\n localKey.type !== 'Secp256k1'\n ) {\n return false\n }\n let vmEthAddr = getEthereumAddress(verificationMethod)\n if (localKey.meta?.account) {\n return vmEthAddr === localKey.meta?.account.toLowerCase()\n }\n const computedAddr = computeAddress('0x' + localKey.publicKeyHex).toLowerCase()\n return computedAddr === vmEthAddr\n}\n\nexport async function getAgentDIDMethods(context: IAgentContext<IDIDManager>) {\n return (await context.agent.didManagerGetProviders()).map((provider) => provider.toLowerCase().replace('did:', ''))\n}\n\nexport function getDID(idOpts: { identifier: IIdentifier | string }): string {\n if (typeof idOpts.identifier === 'string') {\n return idOpts.identifier\n } else if (typeof idOpts.identifier === 'object') {\n return idOpts.identifier.did\n }\n throw Error(`Cannot get DID from identifier value`)\n}\n\nexport function toDID(identifier: string | IIdentifier | Partial<IIdentifier>): string {\n if (typeof identifier === 'string') {\n return identifier\n }\n if (identifier.did) {\n return identifier.did\n }\n throw Error(`No DID value present in identifier`)\n}\n\nexport function toDIDs(identifiers?: (string | IIdentifier | Partial<IIdentifier>)[]): string[] {\n if (!identifiers) {\n return []\n }\n return identifiers.map(toDID)\n}\n\nexport async function getKey(\n {\n identifier,\n vmRelationship = 'authentication',\n kmsKeyRef,\n }: {\n identifier: IIdentifier\n vmRelationship?: DIDDocumentSection\n kmsKeyRef?: string\n },\n context: IAgentContext<IResolver & IDIDManager>,\n): Promise<_ExtendedIKey> {\n if (!identifier) {\n return Promise.reject(new Error(`No identifier provided to getKey method!`))\n }\n // normalize to kid, in case keyId was passed in as did#vm or #vm\n const kmsKeyRefParts = kmsKeyRef?.split(`#`)\n const kid = kmsKeyRefParts ? (kmsKeyRefParts?.length === 2 ? kmsKeyRefParts[1] : kmsKeyRefParts[0]) : undefined\n // todo: We really should do a keyRef and external kid here\n // const keyRefKeys = kmsKeyRef ? identifier.keys.find((key: IKey) => key.kid === kid || key?.meta?.jwkThumbprint === kid) : undefined\n let identifierKey: _ExtendedIKey | undefined = undefined\n\n const keys = await mapIdentifierKeysToDocWithJwkSupport({ identifier, vmRelationship: vmRelationship, kmsKeyRef: kmsKeyRef }, context)\n if (!keys || keys.length === 0) {\n throw new Error(`No keys found for verificationMethodSection: ${vmRelationship} and did ${identifier.did}`)\n }\n if (kmsKeyRef) {\n identifierKey = keys.find(\n (key: _ExtendedIKey) => key.meta.verificationMethod?.id === kmsKeyRef || (kid && key.meta.verificationMethod?.id?.includes(kid)),\n )\n }\n if (!identifierKey) {\n identifierKey = keys.find(\n (key: _ExtendedIKey) => key.meta.verificationMethod?.type === vmRelationship || key.meta.purposes?.includes(vmRelationship),\n )\n }\n if (!identifierKey) {\n identifierKey = keys[0]\n }\n\n if (!identifierKey) {\n throw new Error(\n `No matching verificationMethodSection key found for keyId: ${kmsKeyRef} and vmSection: ${vmRelationship} for id ${identifier.did}`,\n )\n }\n\n return identifierKey\n}\n\n/**\n *\n * @param identifier\n * @param context\n *\n * @deprecated Replaced by the identfier resolution plugin\n */\nasync function legacyGetIdentifier(\n {\n identifier,\n }: {\n identifier: string | IIdentifier\n },\n context: IAgentContext<IDIDManager>,\n): Promise<IIdentifier> {\n if (typeof identifier === 'string') {\n return await context.agent.didManagerGet({ did: identifier })\n }\n return identifier\n}\n\n/**\n * Get the real kid as used in JWTs. This is the kid in the VM or in the JWT, not the kid in the Veramo/Sphereon keystore. That was just a poorly chosen name\n * @param key\n * @param idOpts\n * @param context\n */\nexport async function determineKid(\n {\n key,\n idOpts,\n }: {\n key: IKey\n idOpts: { identifier: IIdentifier | string; kmsKeyRef?: string }\n },\n context: IAgentContext<IResolver & IDIDManager>,\n): Promise<string> {\n if (key.meta?.verificationMethod?.id) {\n return key.meta?.verificationMethod?.id\n }\n const identifier = await legacyGetIdentifier(idOpts, context)\n const mappedKeys = await mapIdentifierKeysToDocWithJwkSupport(\n {\n identifier,\n vmRelationship: 'verificationMethod',\n },\n context,\n )\n const vmKey = mappedKeys.find((extendedKey) => extendedKey.kid === key.kid)\n if (vmKey) {\n return vmKey.meta?.verificationMethod?.id ?? vmKey.meta?.jwkThumbprint ?? idOpts.kmsKeyRef ?? vmKey.kid\n }\n\n return key.meta?.jwkThumbprint ?? idOpts.kmsKeyRef ?? key.kid\n}\n\nexport async function getSupportedDIDMethods(didOpts: IDIDOptions, context: IAgentContext<IDIDManager>) {\n return didOpts.supportedDIDMethods ?? (await getAgentDIDMethods(context))\n}\n\nexport function getAgentResolver(\n context: IAgentContext<IResolver & IDIDManager>,\n opts?: {\n localResolution?: boolean // Resolve identifiers hosted by the agent\n uniresolverResolution?: boolean // Resolve identifiers using universal resolver\n resolverResolution?: boolean // Use registered drivers\n },\n): Resolvable {\n return new AgentDIDResolver(context, opts)\n}\n\nexport class AgentDIDResolver implements Resolvable {\n private readonly context: IAgentContext<IResolver & IDIDManager>\n private readonly resolverResolution: boolean\n private readonly uniresolverResolution: boolean\n private readonly localResolution: boolean\n\n constructor(\n context: IAgentContext<IResolver & IDIDManager>,\n opts?: { uniresolverResolution?: boolean; localResolution?: boolean; resolverResolution?: boolean },\n ) {\n this.context = context\n this.resolverResolution = opts?.resolverResolution !== false\n this.uniresolverResolution = opts?.uniresolverResolution !== false\n this.localResolution = opts?.localResolution !== false\n }\n\n async resolve(didUrl: string, options?: DIDResolutionOptions): Promise<DIDResolutionResult> {\n let resolutionResult: DIDResolutionResult | undefined\n let origResolutionResult: DIDResolutionResult | undefined\n let err: any\n if (!this.resolverResolution && !this.localResolution && !this.uniresolverResolution) {\n throw Error(`No agent hosted DID resolution, regular agent resolution nor universal resolver resolution is enabled. Cannot resolve DIDs.`)\n }\n if (this.resolverResolution) {\n try {\n resolutionResult = await this.context.agent.resolveDid({ didUrl, options })\n } catch (error: unknown) {\n err = error\n }\n }\n if (resolutionResult) {\n origResolutionResult = resolutionResult\n if (resolutionResult.didDocument === null) {\n resolutionResult = undefined\n }\n } else {\n console.log(`Agent resolver resolution is disabled. This typically isn't desirable!`)\n }\n if (!resolutionResult && this.localResolution) {\n console.log(`Using local DID resolution, looking at DIDs hosted by the agent.`)\n try {\n const did = didUrl.split('#')[0]\n const iIdentifier = await this.context.agent.didManagerGet({ did })\n resolutionResult = toDidResolutionResult(iIdentifier, { did })\n if (resolutionResult.didDocument) {\n err = undefined\n } else {\n console.log(`Local resolution resulted in a DID Document for ${did}`)\n }\n } catch (error: unknown) {\n if (!err) {\n err = error\n }\n }\n }\n if (resolutionResult) {\n if (!origResolutionResult) {\n origResolutionResult = resolutionResult\n }\n if (!resolutionResult.didDocument) {\n resolutionResult = undefined\n }\n }\n if (!resolutionResult && this.uniresolverResolution) {\n console.log(`Using universal resolver resolution for did ${didUrl} `)\n resolutionResult = await new UniResolver().resolve(didUrl, options)\n if (!origResolutionResult) {\n origResolutionResult = resolutionResult\n }\n if (resolutionResult.didDocument) {\n err = undefined\n }\n }\n\n if (err) {\n // throw original error\n throw err\n }\n if (!resolutionResult && !origResolutionResult) {\n throw `Could not resolve ${didUrl}. Resolutions tried: online: ${this.resolverResolution}, local: ${this.localResolution}, uni resolver: ${this.uniresolverResolution}`\n }\n return resolutionResult ?? origResolutionResult!\n }\n}\n\n/**\n * Please note that this is not an exact representation of the actual DID Document.\n *\n * We try to do our best, to map keys onto relevant verification methods and relationships, but we simply lack the context\n * of the actual DID method here. Do not relly on this method for DID resolution. It is only handy for offline use cases\n * when no DID Document is cached. For DID:WEB it does provide an accurate representation!\n *\n * @param identifier\n * @param opts\n */\nexport function toDidDocument(\n identifier?: IIdentifier,\n opts?: {\n did?: string\n use?: JwkKeyUse[]\n },\n): DIDDocument | undefined {\n let didDocument: DIDDocument | undefined = undefined\n // TODO: Introduce jwk thumbprints here\n if (identifier) {\n const did = identifier.did ?? opts?.did\n didDocument = {\n '@context': 'https://www.w3.org/ns/did/v1',\n id: did,\n verificationMethod: identifier.keys.map((key) => {\n const vm: VerificationMethod = {\n controller: did,\n id: key.kid.startsWith(did) && key.kid.includes('#') ? key.kid : `${did}#${key.kid}`,\n publicKeyJwk: toJwk(key.publicKeyHex, key.type, {\n use: ENC_KEY_ALGS.includes(key.type) ? JwkKeyUse.Encryption : JwkKeyUse.Signature,\n key,\n }) as JsonWebKey,\n type: 'JsonWebKey2020',\n }\n return vm\n }),\n ...((opts?.use === undefined || opts?.use?.includes(JwkKeyUse.Signature)) &&\n identifier.keys && {\n assertionMethod: identifier.keys\n .filter(\n (key) =>\n key?.meta?.purpose === undefined || key?.meta?.purpose === 'assertionMethod' || key?.meta?.purposes?.includes('assertionMethod'),\n )\n .map((key) => {\n if (key.kid.startsWith(did) && key.kid.includes('#')) {\n return key.kid\n }\n return `${did}#${key.kid}`\n }),\n }),\n ...((opts?.use === undefined || opts?.use?.includes(JwkKeyUse.Signature)) &&\n identifier.keys && {\n authentication: identifier.keys\n .filter(\n (key) => key?.meta?.purpose === undefined || key?.meta?.purpose === 'authentication' || key?.meta?.purposes?.includes('authentication'),\n )\n .map((key) => {\n if (key.kid.startsWith(did) && key.kid.includes('#')) {\n return key.kid\n }\n return `${did}#${key.kid}`\n }),\n }),\n ...((opts?.use === undefined || opts?.use?.includes(JwkKeyUse.Encryption)) &&\n identifier.keys && {\n keyAgreement: identifier.keys\n .filter((key) => key.type === 'X25519' || key?.meta?.purpose === 'keyAgreement' || key?.meta?.purposes?.includes('keyAgreement'))\n .map((key) => {\n if (key.kid.startsWith(did) && key.kid.includes('#')) {\n return key.kid\n }\n return `${did}#${key.kid}`\n }),\n }),\n ...((opts?.use === undefined || opts?.use?.includes(JwkKeyUse.Encryption)) &&\n identifier.keys && {\n capabilityInvocation: identifier.keys\n .filter(\n (key) =>\n key.type === 'X25519' || key?.meta?.purpose === 'capabilityInvocation' || key?.meta?.purposes?.includes('capabilityInvocation'),\n )\n .map((key) => {\n if (key.kid.startsWith(did) && key.kid.includes('#')) {\n return key.kid\n }\n return `${did}#${key.kid}`\n }),\n }),\n ...((opts?.use === undefined || opts?.use?.includes(JwkKeyUse.Encryption)) &&\n identifier.keys && {\n capabilityDelegation: identifier.keys\n .filter(\n (key) =>\n key.type === 'X25519' || key?.meta?.purpose === 'capabilityDelegation' || key?.meta?.purposes?.includes('capabilityDelegation'),\n )\n .map((key) => {\n if (key.kid.startsWith(did) && key.kid.includes('#')) {\n return key.kid\n }\n return `${did}#${key.kid}`\n }),\n }),\n ...(identifier.services && identifier.services.length > 0 && { service: identifier.services }),\n }\n }\n return didDocument\n}\n\nexport function toDidResolutionResult(\n identifier?: IIdentifier,\n opts?: {\n did?: string\n supportedMethods?: string[]\n },\n): DIDResolutionResult {\n const didDocument = toDidDocument(identifier, opts) ?? null // null is used in case of errors and required by the did resolution spec\n\n const resolutionResult: DIDResolutionResult = {\n '@context': 'https://w3id.org/did-resolution/v1',\n didDocument,\n didResolutionMetadata: {\n ...(!didDocument && { error: 'notFound' }),\n ...(Array.isArray(opts?.supportedMethods) &&\n identifier &&\n !opts?.supportedMethods.includes(identifier.provider.replace('did:', '')) && { error: 'unsupportedDidMethod' }),\n },\n didDocumentMetadata: {\n ...(identifier?.alias && { equivalentId: identifier?.alias }),\n },\n }\n return resolutionResult\n}\n\nexport async function asDidWeb(hostnameOrDID: string): Promise<string> {\n let did = hostnameOrDID\n if (!did) {\n throw Error('Domain or DID expected, but received nothing.')\n }\n if (did.startsWith('did:web:')) {\n return did\n }\n return `did:web:${did.replace(/https?:\\/\\/([^/?#]+).*/i, '$1').toLowerCase()}`\n}\n\n/**\n * @deprecated Replaced by the new signer service\n */\nexport const signDidJWT = async (args: SignJwtArgs): Promise<string> => {\n const { idOpts, header, payload, context, options } = args\n const jwtOptions = {\n ...options,\n signer: await getDidSigner({ idOpts, context }),\n }\n\n return createJWT(payload, jwtOptions, header)\n}\n\n/**\n * @deprecated Replaced by the new signer service\n */\nexport const getDidSigner = async (\n args: GetSignerArgs & {\n idOpts: {\n /**\n * @deprecated\n */\n identifier: IIdentifier | string\n /**\n * @deprecated\n */\n verificationMethodSection?: DIDDocumentSection\n /**\n * @deprecated\n */\n kmsKeyRef?: string\n }\n },\n): Promise<Signer> => {\n const { idOpts, context } = args\n\n const identifier = await legacyGetIdentifier(idOpts, context)\n const key = await getKey(\n {\n identifier,\n vmRelationship: idOpts.verificationMethodSection,\n kmsKeyRef: idOpts.kmsKeyRef,\n },\n context,\n )\n const algorithm = await signatureAlgorithmFromKey({ key })\n\n return async (data: string | Uint8Array): Promise<string> => {\n const input = data instanceof Object.getPrototypeOf(Uint8Array) ? new TextDecoder().decode(data as Uint8Array) : (data as string)\n return await context.agent.keyManagerSign({\n keyRef: key.kid,\n algorithm,\n data: input,\n })\n }\n}\n","import type { TKeyType } from '@sphereon/ssi-sdk-ext.key-utils'\nimport type { IAgentContext, IDIDManager, IIdentifier, IKeyManager, IResolver } from '@veramo/core'\nimport type { JWTHeader, JWTPayload, JWTVerifyOptions } from 'did-jwt'\nimport type { Resolvable } from 'did-resolver'\n\nexport enum SupportedDidMethodEnum {\n DID_ETHR = 'ethr',\n DID_KEY = 'key',\n DID_LTO = 'lto',\n DID_ION = 'ion',\n DID_EBSI = 'ebsi',\n DID_JWK = 'jwk',\n DID_OYD = 'oyd',\n}\n\nexport enum IdentifierAliasEnum {\n PRIMARY = 'primary',\n}\n\nexport interface ResolveOpts {\n jwtVerifyOpts?: JWTVerifyOptions\n resolver?: Resolvable\n resolveUrl?: string\n noUniversalResolverFallback?: boolean\n subjectSyntaxTypesSupported?: string[]\n}\n\n/**\n * @deprecated Replaced by the identifier resolution service\n */\nexport interface IDIDOptions {\n resolveOpts?: ResolveOpts\n idOpts: LegacyIIdentifierOpts\n supportedDIDMethods?: string[]\n}\n\nexport type IdentifierProviderOpts = {\n type?: TKeyType\n use?: string\n method?: SupportedDidMethodEnum\n [x: string]: any\n}\n\nexport type CreateIdentifierOpts = {\n method: SupportedDidMethodEnum\n createOpts?: CreateIdentifierCreateOpts\n}\n\nexport type CreateIdentifierCreateOpts = {\n kms?: string\n alias?: string\n options?: IdentifierProviderOpts\n}\n\nexport type CreateOrGetIdentifierOpts = {\n method: SupportedDidMethodEnum\n createOpts?: CreateIdentifierCreateOpts\n}\n\nexport const DID_PREFIX = 'did:'\n\nexport interface GetOrCreateResult<T> {\n created: boolean\n result: T\n}\n\n/**\n * @deprecated Replaced by new signer\n */\nexport type SignJwtArgs = {\n idOpts: LegacyIIdentifierOpts\n header: Partial<JWTHeader>\n payload: Partial<JWTPayload>\n options: { issuer: string; expiresIn?: number; canonicalize?: boolean }\n context: IRequiredSignAgentContext\n}\n\n/**\n * @deprecated Replaced by new signer\n */\nexport type GetSignerArgs = {\n idOpts: LegacyIIdentifierOpts\n context: IRequiredSignAgentContext\n}\n\n/**\n * @deprecated Replaced by the identifier resolution service\n */\ntype LegacyIIdentifierOpts = {\n identifier: IIdentifier | string\n}\nexport type IRequiredSignAgentContext = IAgentContext<IKeyManager & IDIDManager & IResolver>\n"],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;ACAA,0BAA+B;AAC/B,4BAA4B;AAC5B,yBAWO;AACP,IAAAA,sBAA4B;AAC5B,qBAA0F;AAE1F,qBAAyC;AAEzC,mBASO;AACP,qBAAkC;AAGlC,sBAAqB;AAErB,UAAqB;;;AC7Bd,IAAKC,yBAAAA,0BAAAA,yBAAAA;;;;;;;;SAAAA;;AAUL,IAAKC,sBAAAA,0BAAAA,sBAAAA;;SAAAA;;AA4CL,IAAMC,aAAa;;;ADX1B,IAAM,EAAEC,YAAYC,SAAQ,IAAKC;AAE1B,IAAMC,uBAAuB,8BAClC,EACEC,YACAC,4BACAC,8BACAC,SACAC,cAAa,GAQfC,YAAAA;AAEA,SAAO,MAAMC,wBACX;IACEN;IACAC;IACAC;IACAC;IACAC;IACAG,gBAAgB;EAClB,GACAF,OAAAA;AAEJ,GA3BoC;AA4B7B,IAAMC,0BAA0B,8BACrC,EACEN,YACAC,4BACAC,8BACAC,SACAC,eACAG,eAAc,GAShBF,YAAAA;AAEA,MAAIG,MAAiCC;AACrC,MAAI;AACFD,UACG,MAAME,kCACL;MACEV;MACAO;MACAI,iBAAiB;MACjBR;MACAC;IACF,GACAC,OAAAA,MAEDH,gCAAgCK,mBAAmB,uBAChDE,SACA,MAAMC,kCACJ;MACEV;MACAO,gBAAgB;MAChBI,iBAAiB;MACjBR;MACAC;IACF,GACAC,OAAAA;EAEV,SAASO,GAAG;AACV,QAAIA,aAAaC,OAAO;AACtB,UAAI,CAACD,EAAEE,QAAQC,SAAS,KAAA,KAAU,CAACd,4BAA4B;AAC7D,cAAMW;MACR;IACF,OAAO;AACL,YAAMA;IACR;EACF;AACA,MAAI,CAACJ,OAAOP,4BAA4B;AACtC,UAAMe,aAAaC,cAAcjB,UAAAA;AACjCQ,UACG,MAAME,kCACL;MACEV;MACAO;MACAI,iBAAiB;MACjBO,aAAaF;MACbb;MACAC;IACF,GACAC,OAAAA,MAEDH,gCAAgCK,mBAAmB,uBAChDE,SACA,MAAMC,kCACJ;MACEV;MACAO,gBAAgB;MAChBI,iBAAiB;MACjBO,aAAaF;MACbb;MACAC;IACF,GACAC,OAAAA;AAER,QAAI,CAACG,KAAK;AACRA,YAAMR,WAAWmB,KACdC,IAAI,CAACZ,SAAQA,IAAAA,EACba,OAAO,CAACb,SAAQL,YAAYM,UAAaD,KAAIc,SAASnB,WAAYC,iBAAiBI,KAAIe,QAAQvB,WAAWwB,eAAe,EACzHC,KAAK,CAACjB,SAAQA,KAAIkB,KAAKC,oBAAoBL,KAAKP,SAAS,gBAAA,KAAqBP,KAAIkB,KAAKE,UAAUb,SAAS,gBAAA,CAAA;IAC/G;EACF;AACA,MAAI,CAACP,KAAK;AACR,UAAMK,MAAM,6CAA6Cb,WAAW6B,GAAG,EAAE;EAC3E;AACA,SAAOrB;AACT,GA1FuC;AA4FhC,IAAMsB,+BAA+B,8BAC1CzB,SACA0B,SAAAA;AAEA,QAAMC,oBAAoB,MAAMC,qBAAqB5B,SAAS;IAAE,GAAG0B,MAAMG,YAAYC;IAAS,GAAIJ,MAAMK,UAAU;MAAEA,QAAQL,KAAKK;IAAO;EAAG,CAAA;AAC3I,MAAIJ,sBAAsBvB,QAAW;AACnC,WAAO;MACL4B,SAAS;MACTC,QAAQN;IACV;EACF;AAEA,MAAID,MAAMK,WAAWG,uBAAuBC,SAAS;AACnD,UAAMN,aAAaH,MAAMG,cAAc,CAAC;AACxCA,eAAWC,UAAU;MAAEM,WAAW;MAAQnB,MAAM;MAAa,GAAGY;IAAW;AAC3EH,SAAKG,aAAaA;EACpB;AACA,QAAMQ,oBAAoB,MAAMC,iBAAiBtC,SAAS0B,IAAAA;AAC1D,SAAO;IACLM,SAAS;IACTC,QAAQI;EACV;AACF,GAtB4C;AAwBrC,IAAMT,uBAAuB,8BAAO5B,SAAqC0B,SAAAA;AAC9E,QAAMa,eAAe,MAAMvC,QAAQwC,MAAMC,eAAef,MAAMK,SAAS;IAAEW,UAAU,GAAGC,UAAAA,GAAajB,MAAMK,MAAAA;EAAS,IAAI,CAAC,CAAA,GAAIf,OACzH,CAACrB,eAA4B+B,MAAMT,SAASb,UAAaT,WAAWmB,KAAK8B,KAAK,CAACzC,QAAcA,IAAIc,SAASS,MAAMT,IAAAA,CAAAA;AAGlH,SAAOsB,eAAeA,YAAYM,SAAS,IAAIN,YAAY,CAAA,IAAKnC;AAClE,GANoC;AAQ7B,IAAMkC,mBAAmB,8BAAOtC,SAAqC0B,SAAAA;AAC1E,SAAO,MAAM1B,QAAQwC,MAAMM,iBAAiB;IAC1CC,KAAK,UAAMC,2BAAOhD,SAAS0B,MAAMG,YAAYkB,GAAAA;IAC7C,GAAIrB,MAAMK,UAAU;MAAEW,UAAU,GAAGC,UAAAA,GAAajB,MAAMK,MAAAA;IAAS;IAC/DkB,OAAOvB,MAAMG,YAAYoB,SAAS,GAAGC,oBAAoBC,OAAO,IAAIzB,MAAMK,MAAAA,IAAUL,MAAMG,YAAYC,SAASb,IAAAA,KAAQ,oBAAImC,KAAAA,GAAOC,QAAO,CAAA;IACzIvB,SAASJ,MAAMG,YAAYC;EAC7B,CAAA;AACF,GAPgC;AASzB,IAAMzB,oCAAoC,8BAC/C,EACEV,YACAO,iBAAiB,sBACjBJ,SACAQ,kBAAkB,OAClBO,aACAd,cAAa,GASfC,YAAAA;AAEA,QAAMsD,cAAc,MAAMC,qCAAqC;IAAE5D;IAAYO;IAAgBW;EAAY,GAAGb,OAAAA;AAC5G,MAAIwD,MAAMC,QAAQH,WAAAA,KAAgBA,YAAYT,SAAS,GAAG;AACxD,UAAMZ,SAASqB,YAAYlC,KACzB,CAACjB,QAAQL,YAAYM,UAAaD,IAAIc,SAASnB,WAAYC,iBAAiBI,IAAIe,QAAQvB,WAAWwB,eAAe;AAEpH,QAAIc,QAAQ;AACV,aAAOA;IACT;EACF;AACA,MAAI3B,iBAAiB;AACnB,UAAM,IAAIE,MACR,wCAAwCN,cAAAA,wBAAsCP,WAAW6B,GAAG,GAAG1B,UAAU,oBAAoBA,UAAU,EAAA,EAAI;EAE/I;AACA,SAAOM;AACT,GAjCiD;AAmC1C,IAAMsD,4BAA4B,wBAAC,EAAEvD,IAAG,MAAiB;AAC9D,MAAIA,IAAIc,SAAS,aAAa;AAC5B,UAAMT,MAAM,+DAA+DL,IAAIc,IAAI,gBAAgBd,IAAIe,GAAG,EAAE;EAC9G;AACA,QAAMyC,kBAAkBxD,IAAIkB,MAAMsC,mBAAmBxD,IAAIkB,MAAMuC,SAASC,YAAAA,SAAiBC,oCAAe,KAAK3D,IAAI4D,YAAY,EAAE,EAAEF,YAAW;AAC5I,MAAI,CAACF,iBAAiB;AACpB,UAAMnD,MAAM,mEAAmEL,IAAIe,GAAG,EAAE;EAC1F;AACA,SAAOyC;AACT,GATyC;AAWlC,IAAMK,mBAAmB,wBAAC,EAAErE,WAAU,MAA+B;AAC1E,QAAMQ,MAAMR,WAAWmB,KAAKM,KAAK,CAACjB,SAAQA,KAAIe,QAAQvB,WAAWwB,eAAe;AAChF,MAAI,CAAChB,KAAK;AACR,UAAMK,MAAM,+CAA+Cb,UAAAA,EAAY;EACzE;AACA,SAAOQ;AACT,GANgC;AAQzB,IAAM8D,UAAU,wBAAC,EACtBC,eACAnB,KACApD,YACAwE,WACArE,SACAC,cAAa,MAQd;AACC,SAAOJ,WAAWmB,KACfE,OAAO,CAACb,QAAQ,CAACL,WAAWK,IAAIc,SAASnB,OAAAA,EACzCkB,OAAO,CAACb,QAAQ,CAAC4C,OAAO5C,IAAI4C,QAAQA,GAAAA,EACpC/B,OAAO,CAACb,QAAQ,CAACgE,aAAahE,IAAIe,QAAQiD,SAAAA,EAC1CnD,OAAO,CAACb,QAAQ,CAAC+D,iBAAiB/D,IAAIkB,MAAM6C,kBAAkBA,aAAAA,EAC9DlD,OAAO,CAACb,QAAQ,CAACJ,iBAAiBJ,WAAWwB,oBAAoBhB,IAAIe,GAAG;AAC7E,GArBuB;AAkCvB,eAAsBkD,iCACpBvD,aACAwD,UAA8B,gBAC9BrE,SAAiC;AAEjC,QAAMsE,UAAUD,YAAY;AAC5B,MAAIA,YAAY,WAAW;AACzB,WAAO,CAAA;EACT;AACA,UACE,MAAME,QAAQC,KACX3D,YAAYwD,OAAAA,KAAY,CAAA,GAAItD,IAAI,OAAOZ,QAAAA;AACtC,QAAI,OAAOA,QAAQ,UAAU;AAC3B,UAAI;AACF,eAAQ,MAAMH,QAAQwC,MAAMiC,oBAAoB;UAC9C5D;UACA6D,QAAQvE;UACRkE;QACF,CAAA;MACF,SAAS9D,GAAG;AACV,eAAO;MACT;IACF,OAAO;AACL,aAAOJ;IACT;EACF,CAAA,CAAA,GAGDa,OAAO2D,sBAAAA,EACP5D,IAAI,CAACZ,QAAAA;AACJ,UAAMyE,SAASC,kCAAkC1E,KAAKmE,OAAAA;AACtD,UAAM,EAAEP,cAAce,iBAAiBC,iBAAiBC,cAAc,GAAGC,SAAAA,IAAa9E;AACtF,UAAM+E,SAAS;MAAE,GAAGD;MAAUlB,cAAca;IAAO;AACnD,QAAIN,WAAW,iCAAiCY,OAAOjE,MAAM;AAC3DiE,aAAOjE,OAAO;IAChB;AACA,WAAOiE;EACT,CAAA;AACJ;AAtCsBd;AAwCf,SAASe,mBAAmBC,KAAQ;AAGzC,QAAMC,KAAkC;IACtCL,kBAAcM,iCAAaF,GAAAA;EAC7B;AACA,SAAOP,kCAAkCQ,EAAAA;AAC3C;AAPgBF;AAkBT,SAASN,kCAAkCU,IAAiCjB,UAAU,OAAK;AAChG,MAAIiB,GAAGP,cAAc;AACnB,UAAMI,UAAME,iCAAaC,GAAGP,YAAY;AACxC,QAAII,IAAII,QAAQ,MAAM;AACpB,YAAMC,QAAQL,IAAIM,MAAMC,aAAaP,IAAIM,GAAG,IAAI;AAChD,YAAME,WAAOC,iCAAYT,IAAIU,GAAI,WAAA;AACjC,YAAMC,WAAOF,iCAAYT,IAAIY,GAAI,WAAA;AACjC,YAAMC,SAAS;AAGf,YAAMC,MAAM,GAAGD,MAAAA,GAASL,IAAAA,GAAOG,IAAAA;AAC/B,UAAI;AACF,cAAMI,KAAK,IAAIC,gBAAAA,QAASD,GAAGV,KAAAA;AAE3B,cAAM1B,eAAeoC,GAAGE,cAAcH,KAAK,KAAA,EAAOI,UAAU,MAAM,KAAA;AAElE,eAAOvC;MACT,SAASwC,OAAY;AACnBC,gBAAQD,MAAM,+CAA+Cd,KAAAA,wBAA6BL,IAAIU,CAAC,QAAQV,IAAIY,CAAC,YAAYO,KAAAA,IAASA,KAAAA;MACnI;IACF,WAAWnB,IAAIM,QAAQ,WAAW;AAChC,aAAOlG,SAASD,WAAW6F,IAAIU,GAAI,WAAA,GAAc,QAAA;IACnD,WAAWV,IAAII,QAAQ,OAAO;AAC5B,iBAAOiB,sCAAkBrB,GAAAA;IAE3B;EACF;AAEA,SAAOsB,oBAAoBnB,IAAIjB,OAAAA;AACjC;AA7BgBO;AA+BT,SAAS8B,gBAAgBT,KAAW;AACzC,QAAMU,WAAWV,IAAIA,IAAIrD,SAAS,CAAA,EAAGgB,YAAW;AAChD,SAAO;IAAC;IAAK;IAAK;IAAK;IAAK;IAAK;IAAK;IAAK;IAAKnD,SAASkG,QAAAA;AAC3D;AAHgBD;AAkBT,SAASD,oBAAoBnB,IAAiCjB,UAAmB,OAAK;AAC3F,MAAIuC,WAAWC,sBAAsBvB,EAAAA;AACrC,QAAMH,MAAMG,GAAGP,mBAAeM,iCAAaC,GAAGP,YAAY,IAAI5E;AAC9D,MAAIkE,SAAS;AACX,QACE;MAAC;MAAW;MAA8B;MAA8B5D,SAAS6E,GAAGtE,IAAI,KACvFsE,GAAGtE,SAAS,oBAAoBmE,KAAKM,QAAQ,WAC9C;AACAmB,qBAAWE,yCAAyBF,QAAAA;IACtC,WACE,CAAC;MAAC;MAAU;MAA6B;MAA6BnG,SAAS6E,GAAGtE,IAAI,KACtF,EAAEsE,GAAGtE,SAAS,oBAAoBmE,KAAKM,QAAQ,WAC/C;AACA,aAAO;IACT;EACF;AACA,aAAOsB,2BAAWH,QAAAA;AACpB;AAjBgBH;AAmBhB,SAASf,aAAasB,OAAa;AACjC,SAAOA,MAAMpD,YAAW,EAAGqD,QAAQ,KAAK,EAAA,EAAIA,QAAQ,KAAK,EAAA;AAC3D;AAFSvB;AAIT,SAASmB,sBAAsBvB,IAAsB;AACnD,MAAIA,GAAGT,iBAAiB;AACtB,eAAOqC,8BAAc5B,GAAGT,eAAe;EACzC,WAAWS,GAAG6B,oBAAoB;AAChC,eAAOC,oCAAoB9B,GAAG6B,kBAAkB;EAClD,WAAsC7B,GAAIR,iBAAiB;AACzD,eAAOuC,8BAAyC/B,GAAIR,eAAe;EACrE,WAAWQ,GAAGxB,cAAc;AAC1B,eAAOwD,2BAAWhC,GAAGxB,YAAY;EACnC,WAAWwB,GAAGP,cAAcU,OAAOH,GAAGP,aAAac,KAAKP,GAAGP,aAAagB,GAAG;AACzE,eAAOuB,2BAAW1C,kCAAkCU,EAAAA,CAAAA;EACtD,WAAWA,GAAGP,iBAAiBO,GAAGP,aAAaU,QAAQ,aAAaH,GAAGP,aAAaU,QAAQ,aAAaH,GAAGP,aAAac,GAAG;AAC1H,eAAOwB,8BAAc/B,GAAGP,aAAac,CAAC;EACxC;AACA,SAAO,IAAI0B,WAAAA;AACb;AAfSV;AAiBF,SAASW,wBAAwBpC,IAAwB/E,kBAAkB,MAAI;AACpF,MAAI8E,MAAuBC,GAAGL;AAC9B,MAAI,CAACI,KAAK;AACR,QAAIrB,eAAesB,GAAGtB,gBAAgBvE,SAASsH,sBAAsBzB,EAAAA,GAAK,KAAA;AAC1E,QAAItB,gBAAgBA,aAAa2D,KAAI,MAAO,IAAI;AAC9CtC,gBAAMuC,0BAAM5D,kBAAc6D,kDAA8B;QAAElC,KAAKL,GAAGpE;MAAK,CAAA,CAAA;IACzE;EACF;AACA,MAAI,CAACmE,KAAK;AACR,QAAI9E,iBAAiB;AACnB,YAAME,MAAM,yCAAyC6E,GAAGwC,EAAE,SAAS;IACrE;AACA,WAAO;EACT;AACAzC,MAAIlE,MAAMmE,GAAGwC;AACb,aAAOvC,iCAAaF,GAAAA;AACtB;AAhBgBqC;AAkBhB,SAASK,yBACPC,oBACAC,8BACAC,qBAA0C;AAE1C,QAAMC,OAAO,IAAIC,KACdH,gCAAgC,CAAA,GAC9BjH,IAAI,CAACqH,WAAY,OAAOA,WAAW,WAAWA,SAASH,qBAAqB7G,KAAK,CAACiE,OAAOA,GAAGwC,OAAOO,MAAAA,CAAAA,EACnGpH,OAAO2D,sBAAAA,EACP5D,IAAI,CAACsE,OAAOoC,wBAAwBpC,IAAI,KAAA,CAAA,EACxCrE,OAAO2D,sBAAAA,CAAAA;AAEZ,SAAO;IAAEoD;IAAoBG,MAAM1E,MAAM6E,KAAKH,IAAAA;EAAM;AACtD;AAbSJ;AAiBF,SAASQ,kBAAkBzH,aAAwB;AACxD,SAAO;IACLS,oBAAoB;SACfwG,yBAAyB,aAAajH,YAAY0H,WAAW1H,YAAYS,kBAAkB,EAAE4G;SAC7FJ,yBAAyB,sBAAsBjH,YAAYS,oBAAoBT,YAAYS,kBAAkB,EAAE4G;;IAEpHM,iBAAiBV,yBAAyB,mBAAmBjH,YAAY2H,iBAAiB3H,YAAYS,kBAAkB,EAAE4G;IAC1HO,gBAAgBX,yBAAyB,kBAAkBjH,YAAY4H,gBAAgB5H,YAAYS,kBAAkB,EAAE4G;IACvHQ,cAAcZ,yBAAyB,gBAAgBjH,YAAY6H,cAAc7H,YAAYS,kBAAkB,EAAE4G;IACjHS,sBAAsBb,yBAAyB,wBAAwBjH,YAAY8H,sBAAsB9H,YAAYS,kBAAkB,EAAE4G;IACzIU,sBAAsBd,yBAAyB,wBAAwBjH,YAAY+H,sBAAsB/H,YAAYS,kBAAkB,EAAE4G;EAC3I;AACF;AAZgBI;AA+BhB,eAAsB/E,qCACpB,EACE5D,YACAO,iBAAiB,sBACjBW,aACAsD,UAAS,GAOXnE,SAA+C;AAE/C,QAAM6I,SACJhI,eACC,MAAMiI,iBAAiB9I,OAAAA,EACrB+I,QAAQpJ,WAAW6B,GAAG,EACtBwH,KAAK,CAAC/G,WAAWA,OAAOpB,WAAW;AACxC,MAAI,CAACgI,QAAQ;AACX,UAAMrI,MAAM,yBAAyBb,WAAW6B,GAAG,EAAE;EACvD;AAKA,QAAMV,OAAO+H,SAAS,CAAA,IAAK,UAAMI,qCAAuBtJ,YAAYO,gBAAgBF,OAAAA;AAGpF,QAAMkJ,eAAqC,MAAM9E,iCAAiCyE,QAAQ3I,gBAAgBF,OAAAA;AAE1G,MAAImE,WAAW;AACb,QAAIgF,QAAQrI,KAAKE,OAAO,CAACb,QAAQA,IAAIe,QAAQiD,SAAAA;AAC7C,QAAIgF,MAAMtG,SAAS,GAAG;AACpB,aAAOsG;IACT;EACF;AAEA,QAAMC,YAAYlJ,mBAAmB,qBAAiBmJ,8CAAgC1J,UAAAA,QAAc2J,8CAAgC3J,UAAAA;AAGpI,QAAM4J,eAAgCL,aACnCnI,IAAI,CAACO,uBAAAA;AACJ,QAAIkI,QAAQlI,mBAAmByC;AAC/B,QAAIyF,OAAOC,WAAW,IAAA,GAAO;AAE3BD,kBAAQE,mCAAeF,KAAAA;IACzB;AAEA,UAAMG,WAAWP,UAAUhI,KACzB,CAACuI,cACCA,UAAS5F,iBAAiByF,SACzBG,UAAS1I,SAAS,SAASuI,OAAOC,WAAW,IAAA,SAASC,mCAAeC,UAAS5F,YAAY,MAAMyF,SACjGA,OAAOC,WAAWE,UAAS5F,YAAY,KACvC6F,2BAA2BD,WAAUrI,kBAAAA,CAAAA;AAEzC,QAAIqI,UAAU;AACZ,YAAM,EAAEtI,MAAM,GAAGwI,WAAAA,IAAeF;AAChC,aAAO;QAAE,GAAGE;QAAYxI,MAAM;UAAE,GAAGA;UAAMC;QAAmB;MAAE;IAChE,OAAO;AACL,aAAO;IACT;EACF,CAAA,EACCN,OAAO2D,sBAAAA;AAEV,SAAOnB,MAAM6E,KAAK,IAAIF,IAAIrH,KAAKgJ,OAAOP,YAAAA,CAAAA,CAAAA;AACxC;AAlEsBhG;AAgFtB,SAASqG,2BAA2BD,UAAgBrI,oBAAsC;AACxF,MACGA,mBAAmBL,SAAS,sCAAsCK,mBAAmBL,SAAS,uCAC/F0I,SAAS1I,SAAS,aAClB;AACA,WAAO;EACT;AACA,MAAI8I,gBAAYC,iCAAmB1I,kBAAAA;AACnC,MAAIqI,SAAStI,MAAMuC,SAAS;AAC1B,WAAOmG,cAAcJ,SAAStI,MAAMuC,QAAQC,YAAAA;EAC9C;AACA,QAAMoG,mBAAenG,oCAAe,OAAO6F,SAAS5F,YAAY,EAAEF,YAAW;AAC7E,SAAOoG,iBAAiBF;AAC1B;AAbSH;AAeT,eAAsBM,mBAAmBlK,SAAmC;AAC1E,UAAQ,MAAMA,QAAQwC,MAAM2H,uBAAsB,GAAIpJ,IAAI,CAAC2B,aAAaA,SAASmB,YAAW,EAAGqD,QAAQ,QAAQ,EAAA,CAAA;AACjH;AAFsBgD;AAIf,SAASE,OAAOC,QAA4C;AACjE,MAAI,OAAOA,OAAO1K,eAAe,UAAU;AACzC,WAAO0K,OAAO1K;EAChB,WAAW,OAAO0K,OAAO1K,eAAe,UAAU;AAChD,WAAO0K,OAAO1K,WAAW6B;EAC3B;AACA,QAAMhB,MAAM,sCAAsC;AACpD;AAPgB4J;AAST,SAASE,MAAM3K,YAAuD;AAC3E,MAAI,OAAOA,eAAe,UAAU;AAClC,WAAOA;EACT;AACA,MAAIA,WAAW6B,KAAK;AAClB,WAAO7B,WAAW6B;EACpB;AACA,QAAMhB,MAAM,oCAAoC;AAClD;AARgB8J;AAUT,SAASC,OAAOhI,aAA6D;AAClF,MAAI,CAACA,aAAa;AAChB,WAAO,CAAA;EACT;AACA,SAAOA,YAAYxB,IAAIuJ,KAAAA;AACzB;AALgBC;AAOhB,eAAsBC,OACpB,EACE7K,YACAO,iBAAiB,kBACjBiE,UAAS,GAMXnE,SAA+C;AAE/C,MAAI,CAACL,YAAY;AACf,WAAO4E,QAAQkG,OAAO,IAAIjK,MAAM,0CAA0C,CAAA;EAC5E;AAEA,QAAMkK,iBAAiBvG,WAAWwG,MAAM,GAAG;AAC3C,QAAMzJ,MAAMwJ,iBAAkBA,gBAAgB7H,WAAW,IAAI6H,eAAe,CAAA,IAAKA,eAAe,CAAA,IAAMtK;AAGtG,MAAIwK,gBAA2CxK;AAE/C,QAAMU,OAAO,MAAMyC,qCAAqC;IAAE5D;IAAYO;IAAgCiE;EAAqB,GAAGnE,OAAAA;AAC9H,MAAI,CAACc,QAAQA,KAAK+B,WAAW,GAAG;AAC9B,UAAM,IAAIrC,MAAM,gDAAgDN,cAAAA,YAA0BP,WAAW6B,GAAG,EAAE;EAC5G;AACA,MAAI2C,WAAW;AACbyG,oBAAgB9J,KAAKM,KACnB,CAACjB,QAAuBA,IAAIkB,KAAKC,oBAAoBuG,OAAO1D,aAAcjD,OAAOf,IAAIkB,KAAKC,oBAAoBuG,IAAInH,SAASQ,GAAAA,CAAAA;EAE/H;AACA,MAAI,CAAC0J,eAAe;AAClBA,oBAAgB9J,KAAKM,KACnB,CAACjB,QAAuBA,IAAIkB,KAAKC,oBAAoBL,SAASf,kBAAkBC,IAAIkB,KAAKE,UAAUb,SAASR,cAAAA,CAAAA;EAEhH;AACA,MAAI,CAAC0K,eAAe;AAClBA,oBAAgB9J,KAAK,CAAA;EACvB;AAEA,MAAI,CAAC8J,eAAe;AAClB,UAAM,IAAIpK,MACR,8DAA8D2D,SAAAA,mBAA4BjE,cAAAA,WAAyBP,WAAW6B,GAAG,EAAE;EAEvI;AAEA,SAAOoJ;AACT;AA/CsBJ;AAwDtB,eAAeK,oBACb,EACElL,WAAU,GAIZK,SAAmC;AAEnC,MAAI,OAAOL,eAAe,UAAU;AAClC,WAAO,MAAMK,QAAQwC,MAAMsI,cAAc;MAAEtJ,KAAK7B;IAAW,CAAA;EAC7D;AACA,SAAOA;AACT;AAZekL;AAoBf,eAAsBE,aACpB,EACE5K,KACAkK,OAAM,GAKRrK,SAA+C;AAE/C,MAAIG,IAAIkB,MAAMC,oBAAoBuG,IAAI;AACpC,WAAO1H,IAAIkB,MAAMC,oBAAoBuG;EACvC;AACA,QAAMlI,aAAa,MAAMkL,oBAAoBR,QAAQrK,OAAAA;AACrD,QAAMgL,aAAa,MAAMzH,qCACvB;IACE5D;IACAO,gBAAgB;EAClB,GACAF,OAAAA;AAEF,QAAMwJ,QAAQwB,WAAW5J,KAAK,CAAC6J,gBAAgBA,YAAY/J,QAAQf,IAAIe,GAAG;AAC1E,MAAIsI,OAAO;AACT,WAAOA,MAAMnI,MAAMC,oBAAoBuG,MAAM2B,MAAMnI,MAAM6C,iBAAiBmG,OAAOlG,aAAaqF,MAAMtI;EACtG;AAEA,SAAOf,IAAIkB,MAAM6C,iBAAiBmG,OAAOlG,aAAahE,IAAIe;AAC5D;AA3BsB6J;AA6BtB,eAAsBG,uBAAuBC,SAAsBnL,SAAmC;AACpG,SAAOmL,QAAQC,uBAAwB,MAAMlB,mBAAmBlK,OAAAA;AAClE;AAFsBkL;AAIf,SAASpC,iBACd9I,SACA0B,MAIC;AAED,SAAO,IAAI2J,iBAAiBrL,SAAS0B,IAAAA;AACvC;AATgBoH;AAWT,IAAMuC,mBAAN,MAAMA;EArvBb,OAqvBaA;;;EACMrL;EACAsL;EACAC;EACAC;EAEjB,YACExL,SACA0B,MACA;AACA,SAAK1B,UAAUA;AACf,SAAKsL,qBAAqB5J,MAAM4J,uBAAuB;AACvD,SAAKC,wBAAwB7J,MAAM6J,0BAA0B;AAC7D,SAAKC,kBAAkB9J,MAAM8J,oBAAoB;EACnD;EAEA,MAAMzC,QAAQrE,QAAgB5C,SAA8D;AAC1F,QAAI2J;AACJ,QAAIC;AACJ,QAAIC;AACJ,QAAI,CAAC,KAAKL,sBAAsB,CAAC,KAAKE,mBAAmB,CAAC,KAAKD,uBAAuB;AACpF,YAAM/K,MAAM,6HAA6H;IAC3I;AACA,QAAI,KAAK8K,oBAAoB;AAC3B,UAAI;AACFG,2BAAmB,MAAM,KAAKzL,QAAQwC,MAAMoJ,WAAW;UAAElH;UAAQ5C;QAAQ,CAAA;MAC3E,SAASyE,OAAgB;AACvBoF,cAAMpF;MACR;IACF;AACA,QAAIkF,kBAAkB;AACpBC,6BAAuBD;AACvB,UAAIA,iBAAiB5K,gBAAgB,MAAM;AACzC4K,2BAAmBrL;MACrB;IACF,OAAO;AACLoG,cAAQqF,IAAI,wEAAwE;IACtF;AACA,QAAI,CAACJ,oBAAoB,KAAKD,iBAAiB;AAC7ChF,cAAQqF,IAAI,kEAAkE;AAC9E,UAAI;AACF,cAAMrK,MAAMkD,OAAOiG,MAAM,GAAA,EAAK,CAAA;AAC9B,cAAMmB,cAAc,MAAM,KAAK9L,QAAQwC,MAAMsI,cAAc;UAAEtJ;QAAI,CAAA;AACjEiK,2BAAmBM,sBAAsBD,aAAa;UAAEtK;QAAI,CAAA;AAC5D,YAAIiK,iBAAiB5K,aAAa;AAChC8K,gBAAMvL;QACR,OAAO;AACLoG,kBAAQqF,IAAI,mDAAmDrK,GAAAA,EAAK;QACtE;MACF,SAAS+E,OAAgB;AACvB,YAAI,CAACoF,KAAK;AACRA,gBAAMpF;QACR;MACF;IACF;AACA,QAAIkF,kBAAkB;AACpB,UAAI,CAACC,sBAAsB;AACzBA,+BAAuBD;MACzB;AACA,UAAI,CAACA,iBAAiB5K,aAAa;AACjC4K,2BAAmBrL;MACrB;IACF;AACA,QAAI,CAACqL,oBAAoB,KAAKF,uBAAuB;AACnD/E,cAAQqF,IAAI,+CAA+CnH,MAAAA,GAAS;AACpE+G,yBAAmB,MAAM,IAAIO,kCAAAA,EAAcjD,QAAQrE,QAAQ5C,OAAAA;AAC3D,UAAI,CAAC4J,sBAAsB;AACzBA,+BAAuBD;MACzB;AACA,UAAIA,iBAAiB5K,aAAa;AAChC8K,cAAMvL;MACR;IACF;AAEA,QAAIuL,KAAK;AAEP,YAAMA;IACR;AACA,QAAI,CAACF,oBAAoB,CAACC,sBAAsB;AAC9C,YAAM,qBAAqBhH,MAAAA,gCAAsC,KAAK4G,kBAAkB,YAAY,KAAKE,eAAe,mBAAmB,KAAKD,qBAAqB;IACvK;AACA,WAAOE,oBAAoBC;EAC7B;AACF;AAYO,SAAS9K,cACdjB,YACA+B,MAGC;AAED,MAAIb,cAAuCT;AAE3C,MAAIT,YAAY;AACd,UAAM6B,MAAM7B,WAAW6B,OAAOE,MAAMF;AACpCX,kBAAc;MACZ,YAAY;MACZgH,IAAIrG;MACJF,oBAAoB3B,WAAWmB,KAAKC,IAAI,CAACZ,QAAAA;AACvC,cAAMkF,KAAyB;UAC7B4G,YAAYzK;UACZqG,IAAI1H,IAAIe,IAAIuI,WAAWjI,GAAAA,KAAQrB,IAAIe,IAAIR,SAAS,GAAA,IAAOP,IAAIe,MAAM,GAAGM,GAAAA,IAAOrB,IAAIe,GAAG;UAClF8D,kBAAc2C,0BAAMxH,IAAI4D,cAAc5D,IAAIc,MAAM;YAC9CiL,KAAKC,gCAAazL,SAASP,IAAIc,IAAI,IAAImL,6BAAUC,aAAaD,6BAAUE;YACxEnM;UACF,CAAA;UACAc,MAAM;QACR;AACA,eAAOoE;MACT,CAAA;MACA,IAAK3D,MAAMwK,QAAQ9L,UAAasB,MAAMwK,KAAKxL,SAAS0L,6BAAUE,SAAS,MACrE3M,WAAWmB,QAAQ;QACjB0H,iBAAiB7I,WAAWmB,KACzBE,OACC,CAACb,QACCA,KAAKkB,MAAMkL,YAAYnM,UAAaD,KAAKkB,MAAMkL,YAAY,qBAAqBpM,KAAKkB,MAAME,UAAUb,SAAS,iBAAA,CAAA,EAEjHK,IAAI,CAACZ,QAAAA;AACJ,cAAIA,IAAIe,IAAIuI,WAAWjI,GAAAA,KAAQrB,IAAIe,IAAIR,SAAS,GAAA,GAAM;AACpD,mBAAOP,IAAIe;UACb;AACA,iBAAO,GAAGM,GAAAA,IAAOrB,IAAIe,GAAG;QAC1B,CAAA;MACJ;MACF,IAAKQ,MAAMwK,QAAQ9L,UAAasB,MAAMwK,KAAKxL,SAAS0L,6BAAUE,SAAS,MACrE3M,WAAWmB,QAAQ;QACjB2H,gBAAgB9I,WAAWmB,KACxBE,OACC,CAACb,QAAQA,KAAKkB,MAAMkL,YAAYnM,UAAaD,KAAKkB,MAAMkL,YAAY,oBAAoBpM,KAAKkB,MAAME,UAAUb,SAAS,gBAAA,CAAA,EAEvHK,IAAI,CAACZ,QAAAA;AACJ,cAAIA,IAAIe,IAAIuI,WAAWjI,GAAAA,KAAQrB,IAAIe,IAAIR,SAAS,GAAA,GAAM;AACpD,mBAAOP,IAAIe;UACb;AACA,iBAAO,GAAGM,GAAAA,IAAOrB,IAAIe,GAAG;QAC1B,CAAA;MACJ;MACF,IAAKQ,MAAMwK,QAAQ9L,UAAasB,MAAMwK,KAAKxL,SAAS0L,6BAAUC,UAAU,MACtE1M,WAAWmB,QAAQ;QACjB4H,cAAc/I,WAAWmB,KACtBE,OAAO,CAACb,QAAQA,IAAIc,SAAS,YAAYd,KAAKkB,MAAMkL,YAAY,kBAAkBpM,KAAKkB,MAAME,UAAUb,SAAS,cAAA,CAAA,EAChHK,IAAI,CAACZ,QAAAA;AACJ,cAAIA,IAAIe,IAAIuI,WAAWjI,GAAAA,KAAQrB,IAAIe,IAAIR,SAAS,GAAA,GAAM;AACpD,mBAAOP,IAAIe;UACb;AACA,iBAAO,GAAGM,GAAAA,IAAOrB,IAAIe,GAAG;QAC1B,CAAA;MACJ;MACF,IAAKQ,MAAMwK,QAAQ9L,UAAasB,MAAMwK,KAAKxL,SAAS0L,6BAAUC,UAAU,MACtE1M,WAAWmB,QAAQ;QACjB6H,sBAAsBhJ,WAAWmB,KAC9BE,OACC,CAACb,QACCA,IAAIc,SAAS,YAAYd,KAAKkB,MAAMkL,YAAY,0BAA0BpM,KAAKkB,MAAME,UAAUb,SAAS,sBAAA,CAAA,EAE3GK,IAAI,CAACZ,QAAAA;AACJ,cAAIA,IAAIe,IAAIuI,WAAWjI,GAAAA,KAAQrB,IAAIe,IAAIR,SAAS,GAAA,GAAM;AACpD,mBAAOP,IAAIe;UACb;AACA,iBAAO,GAAGM,GAAAA,IAAOrB,IAAIe,GAAG;QAC1B,CAAA;MACJ;MACF,IAAKQ,MAAMwK,QAAQ9L,UAAasB,MAAMwK,KAAKxL,SAAS0L,6BAAUC,UAAU,MACtE1M,WAAWmB,QAAQ;QACjB8H,sBAAsBjJ,WAAWmB,KAC9BE,OACC,CAACb,QACCA,IAAIc,SAAS,YAAYd,KAAKkB,MAAMkL,YAAY,0BAA0BpM,KAAKkB,MAAME,UAAUb,SAAS,sBAAA,CAAA,EAE3GK,IAAI,CAACZ,QAAAA;AACJ,cAAIA,IAAIe,IAAIuI,WAAWjI,GAAAA,KAAQrB,IAAIe,IAAIR,SAAS,GAAA,GAAM;AACpD,mBAAOP,IAAIe;UACb;AACA,iBAAO,GAAGM,GAAAA,IAAOrB,IAAIe,GAAG;QAC1B,CAAA;MACJ;MACF,GAAIvB,WAAW6M,YAAY7M,WAAW6M,SAAS3J,SAAS,KAAK;QAAE4J,SAAS9M,WAAW6M;MAAS;IAC9F;EACF;AACA,SAAO3L;AACT;AAhGgBD;AAkGT,SAASmL,sBACdpM,YACA+B,MAGC;AAED,QAAMb,cAAcD,cAAcjB,YAAY+B,IAAAA,KAAS;AAEvD,QAAM+J,mBAAwC;IAC5C,YAAY;IACZ5K;IACA6L,uBAAuB;MACrB,GAAI,CAAC7L,eAAe;QAAE0F,OAAO;MAAW;MACxC,GAAI/C,MAAMC,QAAQ/B,MAAMiL,gBAAAA,KACtBhN,cACA,CAAC+B,MAAMiL,iBAAiBjM,SAASf,WAAW+C,SAASwE,QAAQ,QAAQ,EAAA,CAAA,KAAQ;QAAEX,OAAO;MAAuB;IACjH;IACAqG,qBAAqB;MACnB,GAAIjN,YAAYsD,SAAS;QAAE4J,cAAclN,YAAYsD;MAAM;IAC7D;EACF;AACA,SAAOwI;AACT;AAvBgBM;AAyBhB,eAAsBe,SAASC,eAAqB;AAClD,MAAIvL,MAAMuL;AACV,MAAI,CAACvL,KAAK;AACR,UAAMhB,MAAM,+CAAA;EACd;AACA,MAAIgB,IAAIiI,WAAW,UAAA,GAAa;AAC9B,WAAOjI;EACT;AACA,SAAO,WAAWA,IAAI0F,QAAQ,2BAA2B,IAAA,EAAMrD,YAAW,CAAA;AAC5E;AATsBiJ;AAcf,IAAME,aAAa,8BAAOC,SAAAA;AAC/B,QAAM,EAAE5C,QAAQ6C,QAAQC,SAASnN,SAAS8B,QAAO,IAAKmL;AACtD,QAAMG,aAAa;IACjB,GAAGtL;IACHuL,QAAQ,MAAMC,aAAa;MAAEjD;MAAQrK;IAAQ,CAAA;EAC/C;AAEA,aAAOuN,0BAAUJ,SAASC,YAAYF,MAAAA;AACxC,GAR0B;AAanB,IAAMI,eAAe,8BAC1BL,SAAAA;AAiBA,QAAM,EAAE5C,QAAQrK,QAAO,IAAKiN;AAE5B,QAAMtN,aAAa,MAAMkL,oBAAoBR,QAAQrK,OAAAA;AACrD,QAAMG,MAAM,MAAMqK,OAChB;IACE7K;IACAO,gBAAgBmK,OAAOmD;IACvBrJ,WAAWkG,OAAOlG;EACpB,GACAnE,OAAAA;AAEF,QAAMyN,YAAY,UAAMC,8CAA0B;IAAEvN;EAAI,CAAA;AAExD,SAAO,OAAOwN,SAAAA;AACZ,UAAM1G,QAAQ0G,gBAAgBC,OAAOC,eAAerG,UAAAA,IAAc,IAAIsG,YAAAA,EAAcC,OAAOJ,IAAAA,IAAuBA;AAClH,WAAO,MAAM3N,QAAQwC,MAAMwL,eAAe;MACxCC,QAAQ9N,IAAIe;MACZuM;MACAE,MAAM1G;IACR,CAAA;EACF;AACF,GAvC4B;","names":["import_ssi_sdk_ext","SupportedDidMethodEnum","IdentifierAliasEnum","DID_PREFIX","fromString","toString","u8a","getAuthenticationKey","identifier","offlineWhenNoDIDRegistered","noVerificationMethodFallback","keyType","controllerKey","context","getFirstKeyWithRelation","vmRelationship","key","undefined","getFirstKeyWithRelationFromDIDDoc","errorOnNotFound","e","Error","message","includes","offlineDID","toDidDocument","didDocument","keys","map","filter","type","kid","controllerKeyId","find","meta","verificationMethod","purposes","did","getOrCreatePrimaryIdentifier","opts","primaryIdentifier","getPrimaryIdentifier","createOpts","options","method","created","result","SupportedDidMethodEnum","DID_KEY","codecName","createdIdentifier","createIdentifier","identifiers","agent","didManagerFind","provider","DID_PREFIX","some","length","didManagerCreate","kms","getKms","alias","IdentifierAliasEnum","PRIMARY","Date","getTime","matchedKeys","mapIdentifierKeysToDocWithJwkSupport","Array","isArray","getEthereumAddressFromKey","ethereumAddress","account","toLowerCase","computeAddress","publicKeyHex","getControllerKey","getKeys","jwkThumbprint","kmsKeyRef","dereferenceDidKeysWithJwkSupport","section","convert","Promise","all","getDIDComponentById","didUrl","isDefined","hexKey","extractPublicKeyHexWithJwkSupport","publicKeyBase58","publicKeyBase64","publicKeyJwk","keyProps","newKey","jwkTtoPublicKeyHex","jwk","vm","sanitizedJwk","pk","kty","curve","crv","toEcLibCurve","xHex","base64ToHex","x","yHex","y","prefix","hex","ec","elliptic","keyFromPublic","getPublic","error","console","rsaJwkToRawHexKey","extractPublicKeyHex","isEvenHexString","lastChar","keyBytes","extractPublicKeyBytes","convertPublicKeyToX25519","bytesToHex","input","replace","base58ToBytes","publicKeyMultibase","multibaseKeyToBytes","base64ToBytes","hexToBytes","Uint8Array","verificationMethodToJwk","trim","toJwk","keyTypeFromCryptographicSuite","id","didDocumentSectionToJwks","didDocumentSection","searchForVerificationMethods","verificationMethods","jwks","Set","vmOrId","from","didDocumentToJwks","publicKey","assertionMethod","authentication","keyAgreement","capabilityInvocation","capabilityDelegation","didDoc","getAgentResolver","resolve","then","mapIdentifierKeysToDoc","documentKeys","found","localKeys","convertIdentifierEncryptionKeys","compressIdentifierSecp256k1Keys","extendedKeys","vmKey","startsWith","toPkcs1FromHex","localKey","compareBlockchainAccountId","localProps","concat","vmEthAddr","getEthereumAddress","computedAddr","getAgentDIDMethods","didManagerGetProviders","getDID","idOpts","toDID","toDIDs","getKey","reject","kmsKeyRefParts","split","identifierKey","legacyGetIdentifier","didManagerGet","determineKid","mappedKeys","extendedKey","getSupportedDIDMethods","didOpts","supportedDIDMethods","AgentDIDResolver","resolverResolution","uniresolverResolution","localResolution","resolutionResult","origResolutionResult","err","resolveDid","log","iIdentifier","toDidResolutionResult","UniResolver","controller","use","ENC_KEY_ALGS","JwkKeyUse","Encryption","Signature","purpose","services","service","didResolutionMetadata","supportedMethods","didDocumentMetadata","equivalentId","asDidWeb","hostnameOrDID","signDidJWT","args","header","payload","jwtOptions","signer","getDidSigner","createJWT","verificationMethodSection","algorithm","signatureAlgorithmFromKey","data","Object","getPrototypeOf","TextDecoder","decode","keyManagerSign","keyRef"]}
package/dist/index.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"sources":["../src/did-functions.ts","../src/types.ts"],"sourcesContent":["import { computeAddress } from '@ethersproject/transactions'\nimport { UniResolver } from '@sphereon/did-uni-client'\nimport {\n ENC_KEY_ALGS,\n getKms,\n JwkKeyUse,\n keyTypeFromCryptographicSuite,\n rsaJwkToRawHexKey,\n sanitizedJwk,\n signatureAlgorithmFromKey,\n type TKeyType,\n toJwk,\n toPkcs1FromHex,\n} from '@sphereon/ssi-sdk-ext.key-utils'\nimport { base64ToHex } from '@sphereon/ssi-sdk-ext.x509-utils'\nimport { base58ToBytes, base64ToBytes, bytesToHex, hexToBytes, multibaseKeyToBytes } from '@sphereon/ssi-sdk.core'\nimport type { JWK } from '@sphereon/ssi-types'\nimport { convertPublicKeyToX25519 } from '@stablelib/ed25519'\nimport type { DIDDocument, DIDDocumentSection, DIDResolutionResult, IAgentContext, IDIDManager, IIdentifier, IKey, IResolver } from '@veramo/core'\nimport {\n type _ExtendedIKey,\n type _ExtendedVerificationMethod,\n type _NormalizedVerificationMethod,\n compressIdentifierSecp256k1Keys,\n convertIdentifierEncryptionKeys,\n getEthereumAddress,\n isDefined,\n mapIdentifierKeysToDoc,\n} from '@veramo/utils'\nimport { createJWT, Signer } from 'did-jwt'\nimport type { DIDResolutionOptions, JsonWebKey, Resolvable, VerificationMethod } from 'did-resolver'\n// @ts-ignore\nimport elliptic from 'elliptic'\n// @ts-ignore\nimport * as u8a from 'uint8arrays'\nimport {\n type CreateIdentifierOpts,\n type CreateOrGetIdentifierOpts,\n DID_PREFIX,\n type GetOrCreateResult,\n type GetSignerArgs,\n IdentifierAliasEnum,\n type IdentifierProviderOpts,\n type IDIDOptions,\n type SignJwtArgs,\n SupportedDidMethodEnum,\n} from './types'\n\nconst { fromString, toString } = u8a\n\nexport const getAuthenticationKey = async (\n {\n identifier,\n offlineWhenNoDIDRegistered,\n noVerificationMethodFallback,\n keyType,\n controllerKey,\n }: {\n identifier: IIdentifier\n keyType?: TKeyType\n offlineWhenNoDIDRegistered?: boolean\n noVerificationMethodFallback?: boolean\n controllerKey?: boolean\n },\n context: IAgentContext<IResolver & IDIDManager>\n): Promise<_ExtendedIKey> => {\n return await getFirstKeyWithRelation(\n {\n identifier,\n offlineWhenNoDIDRegistered,\n noVerificationMethodFallback,\n keyType,\n controllerKey,\n vmRelationship: 'authentication',\n },\n context\n )\n}\nexport const getFirstKeyWithRelation = async (\n {\n identifier,\n offlineWhenNoDIDRegistered,\n noVerificationMethodFallback,\n keyType,\n controllerKey,\n vmRelationship,\n }: {\n identifier: IIdentifier\n keyType?: TKeyType\n offlineWhenNoDIDRegistered?: boolean\n noVerificationMethodFallback?: boolean\n controllerKey?: boolean\n vmRelationship: DIDDocumentSection\n },\n context: IAgentContext<IResolver & IDIDManager>\n): Promise<_ExtendedIKey> => {\n let key: _ExtendedIKey | undefined = undefined\n try {\n key =\n (await getFirstKeyWithRelationFromDIDDoc(\n {\n identifier,\n vmRelationship,\n errorOnNotFound: false,\n keyType,\n controllerKey,\n },\n context\n )) ??\n (noVerificationMethodFallback || vmRelationship === 'verificationMethod' // let's not fallback to the same value again\n ? undefined\n : await getFirstKeyWithRelationFromDIDDoc(\n {\n identifier,\n vmRelationship: 'verificationMethod',\n errorOnNotFound: false,\n keyType,\n controllerKey,\n },\n context\n ))\n } catch (e) {\n if (e instanceof Error) {\n if (!e.message.includes('404') || !offlineWhenNoDIDRegistered) {\n throw e\n }\n } else {\n throw e\n }\n }\n if (!key && offlineWhenNoDIDRegistered) {\n const offlineDID = toDidDocument(identifier)\n key =\n (await getFirstKeyWithRelationFromDIDDoc(\n {\n identifier,\n vmRelationship,\n errorOnNotFound: false,\n didDocument: offlineDID,\n keyType,\n controllerKey,\n },\n context\n )) ??\n (noVerificationMethodFallback || vmRelationship === 'verificationMethod' // let's not fallback to the same value again\n ? undefined\n : await getFirstKeyWithRelationFromDIDDoc(\n {\n identifier,\n vmRelationship: 'verificationMethod',\n errorOnNotFound: false,\n didDocument: offlineDID,\n keyType,\n controllerKey,\n },\n context\n ))\n if (!key) {\n key = identifier.keys\n .map((key) => key as _ExtendedIKey)\n .filter((key) => keyType === undefined || key.type === keyType || (controllerKey && key.kid === identifier.controllerKeyId))\n .find((key) => key.meta.verificationMethod?.type.includes('authentication') || key.meta.purposes?.includes('authentication'))\n }\n }\n if (!key) {\n throw Error(`Could not find authentication key for DID ${identifier.did}`)\n }\n return key\n}\n\nexport const getOrCreatePrimaryIdentifier = async (\n context: IAgentContext<IDIDManager>,\n opts?: CreateOrGetIdentifierOpts\n): Promise<GetOrCreateResult<IIdentifier>> => {\n const primaryIdentifier = await getPrimaryIdentifier(context, { ...opts?.createOpts?.options, ...(opts?.method && { method: opts.method }) })\n if (primaryIdentifier !== undefined) {\n return {\n created: false,\n result: primaryIdentifier,\n }\n }\n\n if (opts?.method === SupportedDidMethodEnum.DID_KEY) {\n const createOpts = opts?.createOpts ?? {}\n createOpts.options = { codecName: 'EBSI', type: 'Secp256r1', ...createOpts }\n opts.createOpts = createOpts\n }\n const createdIdentifier = await createIdentifier(context, opts)\n return {\n created: true,\n result: createdIdentifier,\n }\n}\n\nexport const getPrimaryIdentifier = async (context: IAgentContext<IDIDManager>, opts?: IdentifierProviderOpts): Promise<IIdentifier | undefined> => {\n const identifiers = (await context.agent.didManagerFind(opts?.method ? { provider: `${DID_PREFIX}${opts?.method}` } : {})).filter(\n (identifier: IIdentifier) => opts?.type === undefined || identifier.keys.some((key: IKey) => key.type === opts?.type)\n )\n\n return identifiers && identifiers.length > 0 ? identifiers[0] : undefined\n}\n\nexport const createIdentifier = async (context: IAgentContext<IDIDManager>, opts?: CreateIdentifierOpts): Promise<IIdentifier> => {\n return await context.agent.didManagerCreate({\n kms: await getKms(context, opts?.createOpts?.kms),\n ...(opts?.method && { provider: `${DID_PREFIX}${opts?.method}` }),\n alias: opts?.createOpts?.alias ?? `${IdentifierAliasEnum.PRIMARY}-${opts?.method}-${opts?.createOpts?.options?.type}-${new Date().getTime()}`,\n options: opts?.createOpts?.options,\n })\n}\n\nexport const getFirstKeyWithRelationFromDIDDoc = async (\n {\n identifier,\n vmRelationship = 'verificationMethod',\n keyType,\n errorOnNotFound = false,\n didDocument,\n controllerKey,\n }: {\n identifier: IIdentifier\n controllerKey?: boolean\n vmRelationship?: DIDDocumentSection\n keyType?: TKeyType\n errorOnNotFound?: boolean\n didDocument?: DIDDocument\n },\n context: IAgentContext<IResolver & IDIDManager>\n): Promise<_ExtendedIKey | undefined> => {\n const matchedKeys = await mapIdentifierKeysToDocWithJwkSupport({ identifier, vmRelationship, didDocument }, context)\n if (Array.isArray(matchedKeys) && matchedKeys.length > 0) {\n const result = matchedKeys.find(\n (key) => keyType === undefined || key.type === keyType || (controllerKey && key.kid === identifier.controllerKeyId)\n )\n if (result) {\n return result\n }\n }\n if (errorOnNotFound) {\n throw new Error(\n `Could not find key with relationship ${vmRelationship} in DID document for ${identifier.did}${keyType ? ' and key type: ' + keyType : ''}`\n )\n }\n return undefined\n}\n\nexport const getEthereumAddressFromKey = ({ key }: { key: IKey }) => {\n if (key.type !== 'Secp256k1') {\n throw Error(`Can only get ethereum address from a Secp256k1 key. Type is ${key.type} for keyRef: ${key.kid}`)\n }\n const ethereumAddress = key.meta?.ethereumAddress ?? key.meta?.account?.toLowerCase() ?? computeAddress(`0x${key.publicKeyHex}`).toLowerCase()\n if (!ethereumAddress) {\n throw Error(`Could not get or generate ethereum address from key with keyRef ${key.kid}`)\n }\n return ethereumAddress\n}\n\nexport const getControllerKey = ({ identifier }: { identifier: IIdentifier }) => {\n const key = identifier.keys.find((key) => key.kid === identifier.controllerKeyId)\n if (!key) {\n throw Error(`Could not get controller key for identifier ${identifier}`)\n }\n return key\n}\n\nexport const getKeys = ({\n jwkThumbprint,\n kms,\n identifier,\n kmsKeyRef,\n keyType,\n controllerKey,\n}: {\n identifier: IIdentifier\n kmsKeyRef?: string\n keyType?: TKeyType\n kms?: string\n jwkThumbprint?: string\n controllerKey?: boolean\n}) => {\n return identifier.keys\n .filter((key) => !keyType || key.type === keyType)\n .filter((key) => !kms || key.kms === kms)\n .filter((key) => !kmsKeyRef || key.kid === kmsKeyRef)\n .filter((key) => !jwkThumbprint || key.meta?.jwkThumbprint === jwkThumbprint)\n .filter((key) => !controllerKey || identifier.controllerKeyId === key.kid)\n}\n\n//TODO: Move to ssi-sdk/core and create PR upstream\n/**\n * Dereferences keys from DID document and normalizes them for easy comparison.\n *\n * When dereferencing keyAgreement keys, only Ed25519 and X25519 curves are supported.\n * Other key types are omitted from the result and Ed25519 keys are converted to X25519\n *\n * @returns a Promise that resolves to the list of dereferenced keys.\n *\n * @beta This API may change without a BREAKING CHANGE notice.\n */\nexport async function dereferenceDidKeysWithJwkSupport(\n didDocument: DIDDocument,\n section: DIDDocumentSection = 'keyAgreement',\n context: IAgentContext<IResolver>\n): Promise<_NormalizedVerificationMethod[]> {\n const convert = section === 'keyAgreement'\n if (section === 'service') {\n return []\n }\n return (\n await Promise.all(\n (didDocument[section] || []).map(async (key: string | VerificationMethod) => {\n if (typeof key === 'string') {\n try {\n return (await context.agent.getDIDComponentById({\n didDocument,\n didUrl: key,\n section,\n })) as _ExtendedVerificationMethod\n } catch (e) {\n return null\n }\n } else {\n return key as _ExtendedVerificationMethod\n }\n })\n )\n )\n .filter(isDefined)\n .map((key) => {\n const hexKey = extractPublicKeyHexWithJwkSupport(key, convert)\n const { publicKeyHex, publicKeyBase58, publicKeyBase64, publicKeyJwk, ...keyProps } = key\n const newKey = { ...keyProps, publicKeyHex: hexKey }\n if (convert && 'Ed25519VerificationKey2018' === newKey.type) {\n newKey.type = 'X25519KeyAgreementKey2019'\n }\n return newKey\n })\n}\n\nexport function jwkTtoPublicKeyHex(jwk: JWK): string {\n // todo: Hacky way to convert this to a VM. Should extract the logic from the below methods\n // @ts-ignore\n const vm: _ExtendedVerificationMethod = {\n publicKeyJwk: sanitizedJwk(jwk),\n }\n return extractPublicKeyHexWithJwkSupport(vm)\n}\n\n/**\n * Converts the publicKey of a VerificationMethod to hex encoding (publicKeyHex)\n *\n * @param pk - the VerificationMethod to be converted\n * @param convert - when this flag is set to true, Ed25519 keys are converted to their X25519 pairs\n * @returns the hex encoding of the public key\n *\n * @beta This API may change without a BREAKING CHANGE notice.\n */\nexport function extractPublicKeyHexWithJwkSupport(pk: _ExtendedVerificationMethod, convert = false): string {\n if (pk.publicKeyJwk) {\n const jwk = sanitizedJwk(pk.publicKeyJwk)\n if (jwk.kty === 'EC') {\n const curve = jwk.crv ? toEcLibCurve(jwk.crv) : 'p256'\n const xHex = base64ToHex(jwk.x!, 'base64url')\n const yHex = base64ToHex(jwk.y!, 'base64url')\n const prefix = '04' // isEven(yHex) ? '02' : '03'\n // Uncompressed Hex format: 04<x><y>\n // Compressed Hex format: 02<x> (for even y) or 03<x> (for uneven y)\n const hex = `${prefix}${xHex}${yHex}`\n try {\n const ec = new elliptic.ec(curve)\n // We return directly as we don't want to convert the result back into Uint8Array and then convert again to hex as the elliptic lib already returns hex strings\n const publicKeyHex = ec.keyFromPublic(hex, 'hex').getPublic(true, 'hex')\n // This returns a short form (x) with 02 or 03 prefix\n return publicKeyHex\n } catch (error: any) {\n console.error(`Error converting EC with elliptic lib curve ${curve} from JWK to hex. x: ${jwk.x}, y: ${jwk.y}, error: ${error}`, error)\n }\n } else if (jwk.crv === 'Ed25519') {\n return toString(fromString(jwk.x!, 'base64url'), 'base16')\n } else if (jwk.kty === 'RSA') {\n return rsaJwkToRawHexKey(jwk)\n // return hexKeyFromPEMBasedJwk(jwk, 'public')\n }\n }\n // delegate the other types to the original Veramo function\n return extractPublicKeyHex(pk, convert)\n}\n\nexport function isEvenHexString(hex: string) {\n const lastChar = hex[hex.length - 1].toLowerCase()\n return ['0', '2', '4', '6', '8', 'a', 'c', 'e'].includes(lastChar)\n}\n\ninterface LegacyVerificationMethod extends VerificationMethod {\n publicKeyBase64: string\n}\n\n/**\n * Converts the publicKey of a VerificationMethod to hex encoding (publicKeyHex)\n *\n * @param pk - the VerificationMethod to be converted\n * @param convert - when this flag is set to true, Ed25519 keys are converted to their X25519 pairs\n * @returns the hex encoding of the public key\n *\n * @beta This API may change without a BREAKING CHANGE notice.\n */\nexport function extractPublicKeyHex(pk: _ExtendedVerificationMethod, convert: boolean = false): string {\n let keyBytes = extractPublicKeyBytes(pk)\n const jwk = pk.publicKeyJwk ? sanitizedJwk(pk.publicKeyJwk) : undefined\n if (convert) {\n if (\n ['Ed25519', 'Ed25519VerificationKey2018', 'Ed25519VerificationKey2020'].includes(pk.type) ||\n (pk.type === 'JsonWebKey2020' && jwk?.crv === 'Ed25519')\n ) {\n keyBytes = convertPublicKeyToX25519(keyBytes)\n } else if (\n !['X25519', 'X25519KeyAgreementKey2019', 'X25519KeyAgreementKey2020'].includes(pk.type) &&\n !(pk.type === 'JsonWebKey2020' && jwk?.crv === 'X25519')\n ) {\n return ''\n }\n }\n return bytesToHex(keyBytes)\n}\n\nfunction toEcLibCurve(input: string) {\n return input.toLowerCase().replace('-', '').replace('_', '')\n}\n\nfunction extractPublicKeyBytes(pk: VerificationMethod): Uint8Array {\n if (pk.publicKeyBase58) {\n return base58ToBytes(pk.publicKeyBase58)\n } else if (pk.publicKeyMultibase) {\n return multibaseKeyToBytes(pk.publicKeyMultibase)\n } else if ((<LegacyVerificationMethod>pk).publicKeyBase64) {\n return base64ToBytes((<LegacyVerificationMethod>pk).publicKeyBase64)\n } else if (pk.publicKeyHex) {\n return hexToBytes(pk.publicKeyHex)\n } else if (pk.publicKeyJwk?.crv && pk.publicKeyJwk.x && pk.publicKeyJwk.y) {\n return hexToBytes(extractPublicKeyHexWithJwkSupport(pk))\n } else if (pk.publicKeyJwk && (pk.publicKeyJwk.crv === 'Ed25519' || pk.publicKeyJwk.crv === 'X25519') && pk.publicKeyJwk.x) {\n return base64ToBytes(pk.publicKeyJwk.x)\n }\n return new Uint8Array()\n}\n\nexport function verificationMethodToJwk(vm: VerificationMethod, errorOnNotFound = true): JWK | null {\n let jwk: JWK | undefined = vm.publicKeyJwk as JWK\n if (!jwk) {\n let publicKeyHex = vm.publicKeyHex ?? toString(extractPublicKeyBytes(vm), 'hex')\n if (publicKeyHex && publicKeyHex.trim() !== '') {\n jwk = toJwk(publicKeyHex, keyTypeFromCryptographicSuite({ crv: vm.type }))\n }\n }\n if (!jwk) {\n if (errorOnNotFound) {\n throw Error(`Could not convert verification method ${vm.id} to jwk`)\n }\n return null\n }\n jwk.kid = vm.id\n return sanitizedJwk(jwk)\n}\n\nfunction didDocumentSectionToJwks(\n didDocumentSection: DIDDocumentSection,\n searchForVerificationMethods?: (VerificationMethod | string)[],\n verificationMethods?: VerificationMethod[]\n) {\n const jwks = new Set(\n (searchForVerificationMethods ?? [])\n .map((vmOrId) => (typeof vmOrId === 'object' ? vmOrId : verificationMethods?.find((vm) => vm.id === vmOrId)))\n .filter(isDefined)\n .map((vm) => verificationMethodToJwk(vm, false))\n .filter(isDefined)\n )\n return { didDocumentSection, jwks: Array.from(jwks) }\n}\n\nexport type DidDocumentJwks = Record<Exclude<DIDDocumentSection, 'publicKey' | 'service'>, Array<JWK>>\n\nexport function didDocumentToJwks(didDocument: DIDDocument): DidDocumentJwks {\n return {\n verificationMethod: [\n ...didDocumentSectionToJwks('publicKey', didDocument.publicKey, didDocument.verificationMethod).jwks, // legacy support\n ...didDocumentSectionToJwks('verificationMethod', didDocument.verificationMethod, didDocument.verificationMethod).jwks,\n ],\n assertionMethod: didDocumentSectionToJwks('assertionMethod', didDocument.assertionMethod, didDocument.verificationMethod).jwks,\n authentication: didDocumentSectionToJwks('authentication', didDocument.authentication, didDocument.verificationMethod).jwks,\n keyAgreement: didDocumentSectionToJwks('keyAgreement', didDocument.keyAgreement, didDocument.verificationMethod).jwks,\n capabilityInvocation: didDocumentSectionToJwks('capabilityInvocation', didDocument.capabilityInvocation, didDocument.verificationMethod).jwks,\n capabilityDelegation: didDocumentSectionToJwks('capabilityDelegation', didDocument.capabilityDelegation, didDocument.verificationMethod).jwks,\n }\n}\n\n/**\n * Maps the keys of a locally managed {@link @veramo/core#IIdentifier | IIdentifier} to the corresponding\n * {@link did-resolver#VerificationMethod | VerificationMethod} entries from the DID document.\n *\n * @param identifier - the identifier to be mapped\n * @param section - the section of the DID document to be mapped (see\n * {@link https://www.w3.org/TR/did-core/#verification-relationships | verification relationships}), but can also be\n * `verificationMethod` to map all the keys.\n * @param didDocument\n * @param context - the veramo agent context, which must contain a {@link @veramo/core#IResolver | IResolver}\n * implementation that can resolve the DID document of the identifier.\n *\n * @returns an array of mapped keys. The corresponding verification method is added to the `meta.verificationMethod`\n * property of the key.\n *\n * @beta This API may change without a BREAKING CHANGE notice.\n */\nexport async function mapIdentifierKeysToDocWithJwkSupport(\n {\n identifier,\n vmRelationship = 'verificationMethod',\n didDocument,\n kmsKeyRef,\n }: {\n identifier: IIdentifier\n vmRelationship?: DIDDocumentSection\n didDocument?: DIDDocument\n kmsKeyRef?: string\n },\n context: IAgentContext<IResolver & IDIDManager>\n): Promise<_ExtendedIKey[]> {\n const didDoc =\n didDocument ??\n (await getAgentResolver(context)\n .resolve(identifier.did)\n .then((result) => result.didDocument))\n if (!didDoc) {\n throw Error(`Could not resolve DID ${identifier.did}`)\n }\n\n // const rsaDidWeb = identifier.keys && identifier.keys.length > 0 && identifier.keys.find((key) => key.type === 'RSA') && didDocument\n\n // We skip mapping in case the identifier is RSA and a did document is supplied.\n const keys = didDoc ? [] : await mapIdentifierKeysToDoc(identifier, vmRelationship, context)\n\n // dereference all key agreement keys from DID document and normalize\n const documentKeys: VerificationMethod[] = await dereferenceDidKeysWithJwkSupport(didDoc, vmRelationship, context)\n\n if (kmsKeyRef) {\n let found = keys.filter((key) => key.kid === kmsKeyRef)\n if (found.length > 0) {\n return found\n }\n }\n\n const localKeys = vmRelationship === 'keyAgreement' ? convertIdentifierEncryptionKeys(identifier) : compressIdentifierSecp256k1Keys(identifier)\n\n // finally map the didDocument keys to the identifier keys by comparing `publicKeyHex`\n const extendedKeys: _ExtendedIKey[] = documentKeys\n .map((verificationMethod) => {\n let vmKey = verificationMethod.publicKeyHex\n if (vmKey?.startsWith('30')) {\n // DER encoded\n vmKey = toPkcs1FromHex(vmKey)\n }\n\n const localKey = localKeys.find(\n (localKey) =>\n localKey.publicKeyHex === vmKey ||\n (localKey.type === 'RSA' && vmKey?.startsWith('30') && toPkcs1FromHex(localKey.publicKeyHex) === vmKey) ||\n vmKey?.startsWith(localKey.publicKeyHex) ||\n compareBlockchainAccountId(localKey, verificationMethod)\n )\n if (localKey) {\n const { meta, ...localProps } = localKey\n return { ...localProps, meta: { ...meta, verificationMethod } }\n } else {\n return null\n }\n })\n .filter(isDefined)\n\n return Array.from(new Set(keys.concat(extendedKeys)))\n}\n\n/**\n * Compares the `blockchainAccountId` of a `EcdsaSecp256k1RecoveryMethod2020` verification method with the address\n * computed from a locally managed key.\n *\n * @returns true if the local key address corresponds to the `blockchainAccountId`\n *\n * @param localKey - The locally managed key\n * @param verificationMethod - a {@link did-resolver#VerificationMethod | VerificationMethod} with a\n * `blockchainAccountId`\n *\n * @beta This API may change without a BREAKING CHANGE notice.\n */\nfunction compareBlockchainAccountId(localKey: IKey, verificationMethod: VerificationMethod): boolean {\n if (\n (verificationMethod.type !== 'EcdsaSecp256k1RecoveryMethod2020' && verificationMethod.type !== 'EcdsaSecp256k1VerificationKey2019') ||\n localKey.type !== 'Secp256k1'\n ) {\n return false\n }\n let vmEthAddr = getEthereumAddress(verificationMethod)\n if (localKey.meta?.account) {\n return vmEthAddr === localKey.meta?.account.toLowerCase()\n }\n const computedAddr = computeAddress('0x' + localKey.publicKeyHex).toLowerCase()\n return computedAddr === vmEthAddr\n}\n\nexport async function getAgentDIDMethods(context: IAgentContext<IDIDManager>) {\n return (await context.agent.didManagerGetProviders()).map((provider) => provider.toLowerCase().replace('did:', ''))\n}\n\nexport function getDID(idOpts: { identifier: IIdentifier | string }): string {\n if (typeof idOpts.identifier === 'string') {\n return idOpts.identifier\n } else if (typeof idOpts.identifier === 'object') {\n return idOpts.identifier.did\n }\n throw Error(`Cannot get DID from identifier value`)\n}\n\nexport function toDID(identifier: string | IIdentifier | Partial<IIdentifier>): string {\n if (typeof identifier === 'string') {\n return identifier\n }\n if (identifier.did) {\n return identifier.did\n }\n throw Error(`No DID value present in identifier`)\n}\n\nexport function toDIDs(identifiers?: (string | IIdentifier | Partial<IIdentifier>)[]): string[] {\n if (!identifiers) {\n return []\n }\n return identifiers.map(toDID)\n}\n\nexport async function getKey(\n {\n identifier,\n vmRelationship = 'authentication',\n kmsKeyRef,\n }: {\n identifier: IIdentifier\n vmRelationship?: DIDDocumentSection\n kmsKeyRef?: string\n },\n context: IAgentContext<IResolver & IDIDManager>\n): Promise<_ExtendedIKey> {\n if (!identifier) {\n return Promise.reject(new Error(`No identifier provided to getKey method!`))\n }\n // normalize to kid, in case keyId was passed in as did#vm or #vm\n const kmsKeyRefParts = kmsKeyRef?.split(`#`)\n const kid = kmsKeyRefParts ? (kmsKeyRefParts?.length === 2 ? kmsKeyRefParts[1] : kmsKeyRefParts[0]) : undefined\n // todo: We really should do a keyRef and external kid here\n // const keyRefKeys = kmsKeyRef ? identifier.keys.find((key: IKey) => key.kid === kid || key?.meta?.jwkThumbprint === kid) : undefined\n let identifierKey: _ExtendedIKey | undefined = undefined\n\n const keys = await mapIdentifierKeysToDocWithJwkSupport({ identifier, vmRelationship: vmRelationship, kmsKeyRef: kmsKeyRef }, context)\n if (!keys || keys.length === 0) {\n throw new Error(`No keys found for verificationMethodSection: ${vmRelationship} and did ${identifier.did}`)\n }\n if (kmsKeyRef) {\n identifierKey = keys.find(\n (key: _ExtendedIKey) => key.meta.verificationMethod?.id === kmsKeyRef || (kid && key.meta.verificationMethod?.id?.includes(kid))\n )\n }\n if (!identifierKey) {\n identifierKey = keys.find(\n (key: _ExtendedIKey) => key.meta.verificationMethod?.type === vmRelationship || key.meta.purposes?.includes(vmRelationship)\n )\n }\n if (!identifierKey) {\n identifierKey = keys[0]\n }\n\n if (!identifierKey) {\n throw new Error(\n `No matching verificationMethodSection key found for keyId: ${kmsKeyRef} and vmSection: ${vmRelationship} for id ${identifier.did}`\n )\n }\n\n return identifierKey\n}\n\n/**\n *\n * @param identifier\n * @param context\n *\n * @deprecated Replaced by the identfier resolution plugin\n */\nasync function legacyGetIdentifier(\n {\n identifier,\n }: {\n identifier: string | IIdentifier\n },\n context: IAgentContext<IDIDManager>\n): Promise<IIdentifier> {\n if (typeof identifier === 'string') {\n return await context.agent.didManagerGet({ did: identifier })\n }\n return identifier\n}\n\n/**\n * Get the real kid as used in JWTs. This is the kid in the VM or in the JWT, not the kid in the Veramo/Sphereon keystore. That was just a poorly chosen name\n * @param key\n * @param idOpts\n * @param context\n */\nexport async function determineKid(\n {\n key,\n idOpts,\n }: {\n key: IKey\n idOpts: { identifier: IIdentifier | string; kmsKeyRef?: string }\n },\n context: IAgentContext<IResolver & IDIDManager>\n): Promise<string> {\n if (key.meta?.verificationMethod?.id) {\n return key.meta?.verificationMethod?.id\n }\n const identifier = await legacyGetIdentifier(idOpts, context)\n const mappedKeys = await mapIdentifierKeysToDocWithJwkSupport(\n {\n identifier,\n vmRelationship: 'verificationMethod',\n },\n context\n )\n const vmKey = mappedKeys.find((extendedKey) => extendedKey.kid === key.kid)\n if (vmKey) {\n return vmKey.meta?.verificationMethod?.id ?? vmKey.meta?.jwkThumbprint ?? idOpts.kmsKeyRef ?? vmKey.kid\n }\n\n return key.meta?.jwkThumbprint ?? idOpts.kmsKeyRef ?? key.kid\n}\n\nexport async function getSupportedDIDMethods(didOpts: IDIDOptions, context: IAgentContext<IDIDManager>) {\n return didOpts.supportedDIDMethods ?? (await getAgentDIDMethods(context))\n}\n\nexport function getAgentResolver(\n context: IAgentContext<IResolver & IDIDManager>,\n opts?: {\n localResolution?: boolean // Resolve identifiers hosted by the agent\n uniresolverResolution?: boolean // Resolve identifiers using universal resolver\n resolverResolution?: boolean // Use registered drivers\n }\n): Resolvable {\n return new AgentDIDResolver(context, opts)\n}\n\nexport class AgentDIDResolver implements Resolvable {\n private readonly context: IAgentContext<IResolver & IDIDManager>\n private readonly resolverResolution: boolean\n private readonly uniresolverResolution: boolean\n private readonly localResolution: boolean\n\n constructor(\n context: IAgentContext<IResolver & IDIDManager>,\n opts?: { uniresolverResolution?: boolean; localResolution?: boolean; resolverResolution?: boolean }\n ) {\n this.context = context\n this.resolverResolution = opts?.resolverResolution !== false\n this.uniresolverResolution = opts?.uniresolverResolution !== false\n this.localResolution = opts?.localResolution !== false\n }\n\n async resolve(didUrl: string, options?: DIDResolutionOptions): Promise<DIDResolutionResult> {\n let resolutionResult: DIDResolutionResult | undefined\n let origResolutionResult: DIDResolutionResult | undefined\n let err: any\n if (!this.resolverResolution && !this.localResolution && !this.uniresolverResolution) {\n throw Error(`No agent hosted DID resolution, regular agent resolution nor universal resolver resolution is enabled. Cannot resolve DIDs.`)\n }\n if (this.resolverResolution) {\n try {\n resolutionResult = await this.context.agent.resolveDid({ didUrl, options })\n } catch (error: unknown) {\n err = error\n }\n }\n if (resolutionResult) {\n origResolutionResult = resolutionResult\n if (resolutionResult.didDocument === null) {\n resolutionResult = undefined\n }\n } else {\n console.log(`Agent resolver resolution is disabled. This typically isn't desirable!`)\n }\n if (!resolutionResult && this.localResolution) {\n console.log(`Using local DID resolution, looking at DIDs hosted by the agent.`)\n try {\n const did = didUrl.split('#')[0]\n const iIdentifier = await this.context.agent.didManagerGet({ did })\n resolutionResult = toDidResolutionResult(iIdentifier, { did })\n if (resolutionResult.didDocument) {\n err = undefined\n } else {\n console.log(`Local resolution resulted in a DID Document for ${did}`)\n }\n } catch (error: unknown) {\n if (!err) {\n err = error\n }\n }\n }\n if (resolutionResult) {\n if (!origResolutionResult) {\n origResolutionResult = resolutionResult\n }\n if (!resolutionResult.didDocument) {\n resolutionResult = undefined\n }\n }\n if (!resolutionResult && this.uniresolverResolution) {\n console.log(`Using universal resolver resolution for did ${didUrl} `)\n resolutionResult = await new UniResolver().resolve(didUrl, options)\n if (!origResolutionResult) {\n origResolutionResult = resolutionResult\n }\n if (resolutionResult.didDocument) {\n err = undefined\n }\n }\n\n if (err) {\n // throw original error\n throw err\n }\n if (!resolutionResult && !origResolutionResult) {\n throw `Could not resolve ${didUrl}. Resolutions tried: online: ${this.resolverResolution}, local: ${this.localResolution}, uni resolver: ${this.uniresolverResolution}`\n }\n return resolutionResult ?? origResolutionResult!\n }\n}\n\n/**\n * Please note that this is not an exact representation of the actual DID Document.\n *\n * We try to do our best, to map keys onto relevant verification methods and relationships, but we simply lack the context\n * of the actual DID method here. Do not relly on this method for DID resolution. It is only handy for offline use cases\n * when no DID Document is cached. For DID:WEB it does provide an accurate representation!\n *\n * @param identifier\n * @param opts\n */\nexport function toDidDocument(\n identifier?: IIdentifier,\n opts?: {\n did?: string\n use?: JwkKeyUse[]\n }\n): DIDDocument | undefined {\n let didDocument: DIDDocument | undefined = undefined\n // TODO: Introduce jwk thumbprints here\n if (identifier) {\n const did = identifier.did ?? opts?.did\n didDocument = {\n '@context': 'https://www.w3.org/ns/did/v1',\n id: did,\n verificationMethod: identifier.keys.map((key) => {\n const vm: VerificationMethod = {\n controller: did,\n id: key.kid.startsWith(did) && key.kid.includes('#') ? key.kid : `${did}#${key.kid}`,\n publicKeyJwk: toJwk(key.publicKeyHex, key.type, {\n use: ENC_KEY_ALGS.includes(key.type) ? JwkKeyUse.Encryption : JwkKeyUse.Signature,\n key,\n }) as JsonWebKey,\n type: 'JsonWebKey2020',\n }\n return vm\n }),\n ...((opts?.use === undefined || opts?.use?.includes(JwkKeyUse.Signature)) &&\n identifier.keys && {\n assertionMethod: identifier.keys\n .filter(\n (key) =>\n key?.meta?.purpose === undefined || key?.meta?.purpose === 'assertionMethod' || key?.meta?.purposes?.includes('assertionMethod')\n )\n .map((key) => {\n if (key.kid.startsWith(did) && key.kid.includes('#')) {\n return key.kid\n }\n return `${did}#${key.kid}`\n }),\n }),\n ...((opts?.use === undefined || opts?.use?.includes(JwkKeyUse.Signature)) &&\n identifier.keys && {\n authentication: identifier.keys\n .filter(\n (key) => key?.meta?.purpose === undefined || key?.meta?.purpose === 'authentication' || key?.meta?.purposes?.includes('authentication')\n )\n .map((key) => {\n if (key.kid.startsWith(did) && key.kid.includes('#')) {\n return key.kid\n }\n return `${did}#${key.kid}`\n }),\n }),\n ...((opts?.use === undefined || opts?.use?.includes(JwkKeyUse.Encryption)) &&\n identifier.keys && {\n keyAgreement: identifier.keys\n .filter((key) => key.type === 'X25519' || key?.meta?.purpose === 'keyAgreement' || key?.meta?.purposes?.includes('keyAgreement'))\n .map((key) => {\n if (key.kid.startsWith(did) && key.kid.includes('#')) {\n return key.kid\n }\n return `${did}#${key.kid}`\n }),\n }),\n ...((opts?.use === undefined || opts?.use?.includes(JwkKeyUse.Encryption)) &&\n identifier.keys && {\n capabilityInvocation: identifier.keys\n .filter(\n (key) => key.type === 'X25519' || key?.meta?.purpose === 'capabilityInvocation' || key?.meta?.purposes?.includes('capabilityInvocation')\n )\n .map((key) => {\n if (key.kid.startsWith(did) && key.kid.includes('#')) {\n return key.kid\n }\n return `${did}#${key.kid}`\n }),\n }),\n ...((opts?.use === undefined || opts?.use?.includes(JwkKeyUse.Encryption)) &&\n identifier.keys && {\n capabilityDelegation: identifier.keys\n .filter(\n (key) => key.type === 'X25519' || key?.meta?.purpose === 'capabilityDelegation' || key?.meta?.purposes?.includes('capabilityDelegation')\n )\n .map((key) => {\n if (key.kid.startsWith(did) && key.kid.includes('#')) {\n return key.kid\n }\n return `${did}#${key.kid}`\n }),\n }),\n ...(identifier.services && identifier.services.length > 0 && { service: identifier.services }),\n }\n }\n return didDocument\n}\n\nexport function toDidResolutionResult(\n identifier?: IIdentifier,\n opts?: {\n did?: string\n supportedMethods?: string[]\n }\n): DIDResolutionResult {\n const didDocument = toDidDocument(identifier, opts) ?? null // null is used in case of errors and required by the did resolution spec\n\n const resolutionResult: DIDResolutionResult = {\n '@context': 'https://w3id.org/did-resolution/v1',\n didDocument,\n didResolutionMetadata: {\n ...(!didDocument && { error: 'notFound' }),\n ...(Array.isArray(opts?.supportedMethods) &&\n identifier &&\n !opts?.supportedMethods.includes(identifier.provider.replace('did:', '')) && { error: 'unsupportedDidMethod' }),\n },\n didDocumentMetadata: {\n ...(identifier?.alias && { equivalentId: identifier?.alias }),\n },\n }\n return resolutionResult\n}\n\nexport async function asDidWeb(hostnameOrDID: string): Promise<string> {\n let did = hostnameOrDID\n if (!did) {\n throw Error('Domain or DID expected, but received nothing.')\n }\n if (did.startsWith('did:web:')) {\n return did\n }\n return `did:web:${did.replace(/https?:\\/\\/([^/?#]+).*/i, '$1').toLowerCase()}`\n}\n\n/**\n * @deprecated Replaced by the new signer service\n */\nexport const signDidJWT = async (args: SignJwtArgs): Promise<string> => {\n const { idOpts, header, payload, context, options } = args\n const jwtOptions = {\n ...options,\n signer: await getDidSigner({ idOpts, context }),\n }\n\n return createJWT(payload, jwtOptions, header)\n}\n\n/**\n * @deprecated Replaced by the new signer service\n */\nexport const getDidSigner = async (\n args: GetSignerArgs & {\n idOpts: {\n /**\n * @deprecated\n */\n identifier: IIdentifier | string\n /**\n * @deprecated\n */\n verificationMethodSection?: DIDDocumentSection\n /**\n * @deprecated\n */\n kmsKeyRef?: string\n }\n }\n): Promise<Signer> => {\n const { idOpts, context } = args\n\n const identifier = await legacyGetIdentifier(idOpts, context)\n const key = await getKey(\n {\n identifier,\n vmRelationship: idOpts.verificationMethodSection,\n kmsKeyRef: idOpts.kmsKeyRef,\n },\n context\n )\n const algorithm = await signatureAlgorithmFromKey({ key })\n\n return async (data: string | Uint8Array): Promise<string> => {\n const input = data instanceof Object.getPrototypeOf(Uint8Array) ? new TextDecoder().decode(data as Uint8Array) : (data as string)\n return await context.agent.keyManagerSign({\n keyRef: key.kid,\n algorithm,\n data: input,\n })\n }\n}\n","import type { TKeyType } from '@sphereon/ssi-sdk-ext.key-utils'\nimport type { IAgentContext, IDIDManager, IIdentifier, IKeyManager, IResolver } from '@veramo/core'\nimport type { JWTHeader, JWTPayload, JWTVerifyOptions } from 'did-jwt'\nimport type { Resolvable } from 'did-resolver'\n\nexport enum SupportedDidMethodEnum {\n DID_ETHR = 'ethr',\n DID_KEY = 'key',\n DID_LTO = 'lto',\n DID_ION = 'ion',\n DID_EBSI = 'ebsi',\n DID_JWK = 'jwk',\n DID_OYD = 'oyd',\n}\n\nexport enum IdentifierAliasEnum {\n PRIMARY = 'primary',\n}\n\nexport interface ResolveOpts {\n jwtVerifyOpts?: JWTVerifyOptions\n resolver?: Resolvable\n resolveUrl?: string\n noUniversalResolverFallback?: boolean\n subjectSyntaxTypesSupported?: string[]\n}\n\n/**\n * @deprecated Replaced by the identifier resolution service\n */\nexport interface IDIDOptions {\n resolveOpts?: ResolveOpts\n idOpts: LegacyIIdentifierOpts\n supportedDIDMethods?: string[]\n}\n\nexport type IdentifierProviderOpts = {\n type?: TKeyType\n use?: string\n method?: SupportedDidMethodEnum\n [x: string]: any\n}\n\nexport type CreateIdentifierOpts = {\n method: SupportedDidMethodEnum\n createOpts?: CreateIdentifierCreateOpts\n}\n\nexport type CreateIdentifierCreateOpts = {\n kms?: string\n alias?: string\n options?: IdentifierProviderOpts\n}\n\nexport type CreateOrGetIdentifierOpts = {\n method: SupportedDidMethodEnum\n createOpts?: CreateIdentifierCreateOpts\n}\n\nexport const DID_PREFIX = 'did:'\n\nexport interface GetOrCreateResult<T> {\n created: boolean\n result: T\n}\n\n/**\n * @deprecated Replaced by new signer\n */\nexport type SignJwtArgs = {\n idOpts: LegacyIIdentifierOpts\n header: Partial<JWTHeader>\n payload: Partial<JWTPayload>\n options: { issuer: string; expiresIn?: number; canonicalize?: boolean }\n context: IRequiredSignAgentContext\n}\n\n/**\n * @deprecated Replaced by new signer\n */\nexport type GetSignerArgs = {\n idOpts: LegacyIIdentifierOpts\n context: IRequiredSignAgentContext\n}\n\n/**\n * @deprecated Replaced by the identifier resolution service\n */\ntype LegacyIIdentifierOpts = {\n identifier: IIdentifier | string\n}\nexport type IRequiredSignAgentContext = IAgentContext<IKeyManager & IDIDManager & IResolver>\n"],"mappings":";;;;AAAA,SAASA,sBAAsB;AAC/B,SAASC,mBAAmB;AAC5B,SACEC,cACAC,QACAC,WACAC,+BACAC,mBACAC,cACAC,2BAEAC,OACAC,sBACK;AACP,SAASC,mBAAmB;AAC5B,SAASC,eAAeC,eAAeC,YAAYC,YAAYC,2BAA2B;AAE1F,SAASC,gCAAgC;AAEzC,SAIEC,iCACAC,iCACAC,oBACAC,WACAC,8BACK;AACP,SAASC,iBAAyB;AAGlC,OAAOC,cAAc;AAErB,YAAYC,SAAS;;;AC7Bd,IAAKC,yBAAAA,0BAAAA,yBAAAA;;;;;;;;SAAAA;;AAUL,IAAKC,sBAAAA,0BAAAA,sBAAAA;;SAAAA;;AA4CL,IAAMC,aAAa;;;ADX1B,IAAM,EAAEC,YAAYC,SAAQ,IAAKC;AAE1B,IAAMC,uBAAuB,8BAClC,EACEC,YACAC,4BACAC,8BACAC,SACAC,cAAa,GAQfC,YAAAA;AAEA,SAAO,MAAMC,wBACX;IACEN;IACAC;IACAC;IACAC;IACAC;IACAG,gBAAgB;EAClB,GACAF,OAAAA;AAEJ,GA3BoC;AA4B7B,IAAMC,0BAA0B,8BACrC,EACEN,YACAC,4BACAC,8BACAC,SACAC,eACAG,eAAc,GAShBF,YAAAA;AAEA,MAAIG,MAAiCC;AACrC,MAAI;AACFD,UACG,MAAME,kCACL;MACEV;MACAO;MACAI,iBAAiB;MACjBR;MACAC;IACF,GACAC,OAAAA,MAEDH,gCAAgCK,mBAAmB,uBAChDE,SACA,MAAMC,kCACJ;MACEV;MACAO,gBAAgB;MAChBI,iBAAiB;MACjBR;MACAC;IACF,GACAC,OAAAA;EAEV,SAASO,GAAG;AACV,QAAIA,aAAaC,OAAO;AACtB,UAAI,CAACD,EAAEE,QAAQC,SAAS,KAAA,KAAU,CAACd,4BAA4B;AAC7D,cAAMW;MACR;IACF,OAAO;AACL,YAAMA;IACR;EACF;AACA,MAAI,CAACJ,OAAOP,4BAA4B;AACtC,UAAMe,aAAaC,cAAcjB,UAAAA;AACjCQ,UACG,MAAME,kCACL;MACEV;MACAO;MACAI,iBAAiB;MACjBO,aAAaF;MACbb;MACAC;IACF,GACAC,OAAAA,MAEDH,gCAAgCK,mBAAmB,uBAChDE,SACA,MAAMC,kCACJ;MACEV;MACAO,gBAAgB;MAChBI,iBAAiB;MACjBO,aAAaF;MACbb;MACAC;IACF,GACAC,OAAAA;AAER,QAAI,CAACG,KAAK;AACRA,YAAMR,WAAWmB,KACdC,IAAI,CAACZ,SAAQA,IAAAA,EACba,OAAO,CAACb,SAAQL,YAAYM,UAAaD,KAAIc,SAASnB,WAAYC,iBAAiBI,KAAIe,QAAQvB,WAAWwB,eAAe,EACzHC,KAAK,CAACjB,SAAQA,KAAIkB,KAAKC,oBAAoBL,KAAKP,SAAS,gBAAA,KAAqBP,KAAIkB,KAAKE,UAAUb,SAAS,gBAAA,CAAA;IAC/G;EACF;AACA,MAAI,CAACP,KAAK;AACR,UAAMK,MAAM,6CAA6Cb,WAAW6B,GAAG,EAAE;EAC3E;AACA,SAAOrB;AACT,GA1FuC;AA4FhC,IAAMsB,+BAA+B,8BAC1CzB,SACA0B,SAAAA;AAEA,QAAMC,oBAAoB,MAAMC,qBAAqB5B,SAAS;IAAE,GAAG0B,MAAMG,YAAYC;IAAS,GAAIJ,MAAMK,UAAU;MAAEA,QAAQL,KAAKK;IAAO;EAAG,CAAA;AAC3I,MAAIJ,sBAAsBvB,QAAW;AACnC,WAAO;MACL4B,SAAS;MACTC,QAAQN;IACV;EACF;AAEA,MAAID,MAAMK,WAAWG,uBAAuBC,SAAS;AACnD,UAAMN,aAAaH,MAAMG,cAAc,CAAC;AACxCA,eAAWC,UAAU;MAAEM,WAAW;MAAQnB,MAAM;MAAa,GAAGY;IAAW;AAC3EH,SAAKG,aAAaA;EACpB;AACA,QAAMQ,oBAAoB,MAAMC,iBAAiBtC,SAAS0B,IAAAA;AAC1D,SAAO;IACLM,SAAS;IACTC,QAAQI;EACV;AACF,GAtB4C;AAwBrC,IAAMT,uBAAuB,8BAAO5B,SAAqC0B,SAAAA;AAC9E,QAAMa,eAAe,MAAMvC,QAAQwC,MAAMC,eAAef,MAAMK,SAAS;IAAEW,UAAU,GAAGC,UAAAA,GAAajB,MAAMK,MAAAA;EAAS,IAAI,CAAC,CAAA,GAAIf,OACzH,CAACrB,eAA4B+B,MAAMT,SAASb,UAAaT,WAAWmB,KAAK8B,KAAK,CAACzC,QAAcA,IAAIc,SAASS,MAAMT,IAAAA,CAAAA;AAGlH,SAAOsB,eAAeA,YAAYM,SAAS,IAAIN,YAAY,CAAA,IAAKnC;AAClE,GANoC;AAQ7B,IAAMkC,mBAAmB,8BAAOtC,SAAqC0B,SAAAA;AAC1E,SAAO,MAAM1B,QAAQwC,MAAMM,iBAAiB;IAC1CC,KAAK,MAAMC,OAAOhD,SAAS0B,MAAMG,YAAYkB,GAAAA;IAC7C,GAAIrB,MAAMK,UAAU;MAAEW,UAAU,GAAGC,UAAAA,GAAajB,MAAMK,MAAAA;IAAS;IAC/DkB,OAAOvB,MAAMG,YAAYoB,SAAS,GAAGC,oBAAoBC,OAAO,IAAIzB,MAAMK,MAAAA,IAAUL,MAAMG,YAAYC,SAASb,IAAAA,KAAQ,oBAAImC,KAAAA,GAAOC,QAAO,CAAA;IACzIvB,SAASJ,MAAMG,YAAYC;EAC7B,CAAA;AACF,GAPgC;AASzB,IAAMzB,oCAAoC,8BAC/C,EACEV,YACAO,iBAAiB,sBACjBJ,SACAQ,kBAAkB,OAClBO,aACAd,cAAa,GASfC,YAAAA;AAEA,QAAMsD,cAAc,MAAMC,qCAAqC;IAAE5D;IAAYO;IAAgBW;EAAY,GAAGb,OAAAA;AAC5G,MAAIwD,MAAMC,QAAQH,WAAAA,KAAgBA,YAAYT,SAAS,GAAG;AACxD,UAAMZ,SAASqB,YAAYlC,KACzB,CAACjB,QAAQL,YAAYM,UAAaD,IAAIc,SAASnB,WAAYC,iBAAiBI,IAAIe,QAAQvB,WAAWwB,eAAe;AAEpH,QAAIc,QAAQ;AACV,aAAOA;IACT;EACF;AACA,MAAI3B,iBAAiB;AACnB,UAAM,IAAIE,MACR,wCAAwCN,cAAAA,wBAAsCP,WAAW6B,GAAG,GAAG1B,UAAU,oBAAoBA,UAAU,EAAA,EAAI;EAE/I;AACA,SAAOM;AACT,GAjCiD;AAmC1C,IAAMsD,4BAA4B,wBAAC,EAAEvD,IAAG,MAAiB;AAC9D,MAAIA,IAAIc,SAAS,aAAa;AAC5B,UAAMT,MAAM,+DAA+DL,IAAIc,IAAI,gBAAgBd,IAAIe,GAAG,EAAE;EAC9G;AACA,QAAMyC,kBAAkBxD,IAAIkB,MAAMsC,mBAAmBxD,IAAIkB,MAAMuC,SAASC,YAAAA,KAAiBC,eAAe,KAAK3D,IAAI4D,YAAY,EAAE,EAAEF,YAAW;AAC5I,MAAI,CAACF,iBAAiB;AACpB,UAAMnD,MAAM,mEAAmEL,IAAIe,GAAG,EAAE;EAC1F;AACA,SAAOyC;AACT,GATyC;AAWlC,IAAMK,mBAAmB,wBAAC,EAAErE,WAAU,MAA+B;AAC1E,QAAMQ,MAAMR,WAAWmB,KAAKM,KAAK,CAACjB,SAAQA,KAAIe,QAAQvB,WAAWwB,eAAe;AAChF,MAAI,CAAChB,KAAK;AACR,UAAMK,MAAM,+CAA+Cb,UAAAA,EAAY;EACzE;AACA,SAAOQ;AACT,GANgC;AAQzB,IAAM8D,UAAU,wBAAC,EACtBC,eACAnB,KACApD,YACAwE,WACArE,SACAC,cAAa,MAQd;AACC,SAAOJ,WAAWmB,KACfE,OAAO,CAACb,QAAQ,CAACL,WAAWK,IAAIc,SAASnB,OAAAA,EACzCkB,OAAO,CAACb,QAAQ,CAAC4C,OAAO5C,IAAI4C,QAAQA,GAAAA,EACpC/B,OAAO,CAACb,QAAQ,CAACgE,aAAahE,IAAIe,QAAQiD,SAAAA,EAC1CnD,OAAO,CAACb,QAAQ,CAAC+D,iBAAiB/D,IAAIkB,MAAM6C,kBAAkBA,aAAAA,EAC9DlD,OAAO,CAACb,QAAQ,CAACJ,iBAAiBJ,WAAWwB,oBAAoBhB,IAAIe,GAAG;AAC7E,GArBuB;AAkCvB,eAAsBkD,iCACpBvD,aACAwD,UAA8B,gBAC9BrE,SAAiC;AAEjC,QAAMsE,UAAUD,YAAY;AAC5B,MAAIA,YAAY,WAAW;AACzB,WAAO,CAAA;EACT;AACA,UACE,MAAME,QAAQC,KACX3D,YAAYwD,OAAAA,KAAY,CAAA,GAAItD,IAAI,OAAOZ,QAAAA;AACtC,QAAI,OAAOA,QAAQ,UAAU;AAC3B,UAAI;AACF,eAAQ,MAAMH,QAAQwC,MAAMiC,oBAAoB;UAC9C5D;UACA6D,QAAQvE;UACRkE;QACF,CAAA;MACF,SAAS9D,GAAG;AACV,eAAO;MACT;IACF,OAAO;AACL,aAAOJ;IACT;EACF,CAAA,CAAA,GAGDa,OAAO2D,SAAAA,EACP5D,IAAI,CAACZ,QAAAA;AACJ,UAAMyE,SAASC,kCAAkC1E,KAAKmE,OAAAA;AACtD,UAAM,EAAEP,cAAce,iBAAiBC,iBAAiBC,cAAc,GAAGC,SAAAA,IAAa9E;AACtF,UAAM+E,SAAS;MAAE,GAAGD;MAAUlB,cAAca;IAAO;AACnD,QAAIN,WAAW,iCAAiCY,OAAOjE,MAAM;AAC3DiE,aAAOjE,OAAO;IAChB;AACA,WAAOiE;EACT,CAAA;AACJ;AAtCsBd;AAwCf,SAASe,mBAAmBC,KAAQ;AAGzC,QAAMC,KAAkC;IACtCL,cAAcM,aAAaF,GAAAA;EAC7B;AACA,SAAOP,kCAAkCQ,EAAAA;AAC3C;AAPgBF;AAkBT,SAASN,kCAAkCU,IAAiCjB,UAAU,OAAK;AAChG,MAAIiB,GAAGP,cAAc;AACnB,UAAMI,MAAME,aAAaC,GAAGP,YAAY;AACxC,QAAII,IAAII,QAAQ,MAAM;AACpB,YAAMC,QAAQL,IAAIM,MAAMC,aAAaP,IAAIM,GAAG,IAAI;AAChD,YAAME,OAAOC,YAAYT,IAAIU,GAAI,WAAA;AACjC,YAAMC,OAAOF,YAAYT,IAAIY,GAAI,WAAA;AACjC,YAAMC,SAAS;AAGf,YAAMC,MAAM,GAAGD,MAAAA,GAASL,IAAAA,GAAOG,IAAAA;AAC/B,UAAI;AACF,cAAMI,KAAK,IAAIC,SAASD,GAAGV,KAAAA;AAE3B,cAAM1B,eAAeoC,GAAGE,cAAcH,KAAK,KAAA,EAAOI,UAAU,MAAM,KAAA;AAElE,eAAOvC;MACT,SAASwC,OAAY;AACnBC,gBAAQD,MAAM,+CAA+Cd,KAAAA,wBAA6BL,IAAIU,CAAC,QAAQV,IAAIY,CAAC,YAAYO,KAAAA,IAASA,KAAAA;MACnI;IACF,WAAWnB,IAAIM,QAAQ,WAAW;AAChC,aAAOlG,SAASD,WAAW6F,IAAIU,GAAI,WAAA,GAAc,QAAA;IACnD,WAAWV,IAAII,QAAQ,OAAO;AAC5B,aAAOiB,kBAAkBrB,GAAAA;IAE3B;EACF;AAEA,SAAOsB,oBAAoBnB,IAAIjB,OAAAA;AACjC;AA7BgBO;AA+BT,SAAS8B,gBAAgBT,KAAW;AACzC,QAAMU,WAAWV,IAAIA,IAAIrD,SAAS,CAAA,EAAGgB,YAAW;AAChD,SAAO;IAAC;IAAK;IAAK;IAAK;IAAK;IAAK;IAAK;IAAK;IAAKnD,SAASkG,QAAAA;AAC3D;AAHgBD;AAkBT,SAASD,oBAAoBnB,IAAiCjB,UAAmB,OAAK;AAC3F,MAAIuC,WAAWC,sBAAsBvB,EAAAA;AACrC,QAAMH,MAAMG,GAAGP,eAAeM,aAAaC,GAAGP,YAAY,IAAI5E;AAC9D,MAAIkE,SAAS;AACX,QACE;MAAC;MAAW;MAA8B;MAA8B5D,SAAS6E,GAAGtE,IAAI,KACvFsE,GAAGtE,SAAS,oBAAoBmE,KAAKM,QAAQ,WAC9C;AACAmB,iBAAWE,yBAAyBF,QAAAA;IACtC,WACE,CAAC;MAAC;MAAU;MAA6B;MAA6BnG,SAAS6E,GAAGtE,IAAI,KACtF,EAAEsE,GAAGtE,SAAS,oBAAoBmE,KAAKM,QAAQ,WAC/C;AACA,aAAO;IACT;EACF;AACA,SAAOsB,WAAWH,QAAAA;AACpB;AAjBgBH;AAmBhB,SAASf,aAAasB,OAAa;AACjC,SAAOA,MAAMpD,YAAW,EAAGqD,QAAQ,KAAK,EAAA,EAAIA,QAAQ,KAAK,EAAA;AAC3D;AAFSvB;AAIT,SAASmB,sBAAsBvB,IAAsB;AACnD,MAAIA,GAAGT,iBAAiB;AACtB,WAAOqC,cAAc5B,GAAGT,eAAe;EACzC,WAAWS,GAAG6B,oBAAoB;AAChC,WAAOC,oBAAoB9B,GAAG6B,kBAAkB;EAClD,WAAsC7B,GAAIR,iBAAiB;AACzD,WAAOuC,cAAyC/B,GAAIR,eAAe;EACrE,WAAWQ,GAAGxB,cAAc;AAC1B,WAAOwD,WAAWhC,GAAGxB,YAAY;EACnC,WAAWwB,GAAGP,cAAcU,OAAOH,GAAGP,aAAac,KAAKP,GAAGP,aAAagB,GAAG;AACzE,WAAOuB,WAAW1C,kCAAkCU,EAAAA,CAAAA;EACtD,WAAWA,GAAGP,iBAAiBO,GAAGP,aAAaU,QAAQ,aAAaH,GAAGP,aAAaU,QAAQ,aAAaH,GAAGP,aAAac,GAAG;AAC1H,WAAOwB,cAAc/B,GAAGP,aAAac,CAAC;EACxC;AACA,SAAO,IAAI0B,WAAAA;AACb;AAfSV;AAiBF,SAASW,wBAAwBpC,IAAwB/E,kBAAkB,MAAI;AACpF,MAAI8E,MAAuBC,GAAGL;AAC9B,MAAI,CAACI,KAAK;AACR,QAAIrB,eAAesB,GAAGtB,gBAAgBvE,SAASsH,sBAAsBzB,EAAAA,GAAK,KAAA;AAC1E,QAAItB,gBAAgBA,aAAa2D,KAAI,MAAO,IAAI;AAC9CtC,YAAMuC,MAAM5D,cAAc6D,8BAA8B;QAAElC,KAAKL,GAAGpE;MAAK,CAAA,CAAA;IACzE;EACF;AACA,MAAI,CAACmE,KAAK;AACR,QAAI9E,iBAAiB;AACnB,YAAME,MAAM,yCAAyC6E,GAAGwC,EAAE,SAAS;IACrE;AACA,WAAO;EACT;AACAzC,MAAIlE,MAAMmE,GAAGwC;AACb,SAAOvC,aAAaF,GAAAA;AACtB;AAhBgBqC;AAkBhB,SAASK,yBACPC,oBACAC,8BACAC,qBAA0C;AAE1C,QAAMC,OAAO,IAAIC,KACdH,gCAAgC,CAAA,GAC9BjH,IAAI,CAACqH,WAAY,OAAOA,WAAW,WAAWA,SAASH,qBAAqB7G,KAAK,CAACiE,OAAOA,GAAGwC,OAAOO,MAAAA,CAAAA,EACnGpH,OAAO2D,SAAAA,EACP5D,IAAI,CAACsE,OAAOoC,wBAAwBpC,IAAI,KAAA,CAAA,EACxCrE,OAAO2D,SAAAA,CAAAA;AAEZ,SAAO;IAAEoD;IAAoBG,MAAM1E,MAAM6E,KAAKH,IAAAA;EAAM;AACtD;AAbSJ;AAiBF,SAASQ,kBAAkBzH,aAAwB;AACxD,SAAO;IACLS,oBAAoB;SACfwG,yBAAyB,aAAajH,YAAY0H,WAAW1H,YAAYS,kBAAkB,EAAE4G;SAC7FJ,yBAAyB,sBAAsBjH,YAAYS,oBAAoBT,YAAYS,kBAAkB,EAAE4G;;IAEpHM,iBAAiBV,yBAAyB,mBAAmBjH,YAAY2H,iBAAiB3H,YAAYS,kBAAkB,EAAE4G;IAC1HO,gBAAgBX,yBAAyB,kBAAkBjH,YAAY4H,gBAAgB5H,YAAYS,kBAAkB,EAAE4G;IACvHQ,cAAcZ,yBAAyB,gBAAgBjH,YAAY6H,cAAc7H,YAAYS,kBAAkB,EAAE4G;IACjHS,sBAAsBb,yBAAyB,wBAAwBjH,YAAY8H,sBAAsB9H,YAAYS,kBAAkB,EAAE4G;IACzIU,sBAAsBd,yBAAyB,wBAAwBjH,YAAY+H,sBAAsB/H,YAAYS,kBAAkB,EAAE4G;EAC3I;AACF;AAZgBI;AA+BhB,eAAsB/E,qCACpB,EACE5D,YACAO,iBAAiB,sBACjBW,aACAsD,UAAS,GAOXnE,SAA+C;AAE/C,QAAM6I,SACJhI,eACC,MAAMiI,iBAAiB9I,OAAAA,EACrB+I,QAAQpJ,WAAW6B,GAAG,EACtBwH,KAAK,CAAC/G,WAAWA,OAAOpB,WAAW;AACxC,MAAI,CAACgI,QAAQ;AACX,UAAMrI,MAAM,yBAAyBb,WAAW6B,GAAG,EAAE;EACvD;AAKA,QAAMV,OAAO+H,SAAS,CAAA,IAAK,MAAMI,uBAAuBtJ,YAAYO,gBAAgBF,OAAAA;AAGpF,QAAMkJ,eAAqC,MAAM9E,iCAAiCyE,QAAQ3I,gBAAgBF,OAAAA;AAE1G,MAAImE,WAAW;AACb,QAAIgF,QAAQrI,KAAKE,OAAO,CAACb,QAAQA,IAAIe,QAAQiD,SAAAA;AAC7C,QAAIgF,MAAMtG,SAAS,GAAG;AACpB,aAAOsG;IACT;EACF;AAEA,QAAMC,YAAYlJ,mBAAmB,iBAAiBmJ,gCAAgC1J,UAAAA,IAAc2J,gCAAgC3J,UAAAA;AAGpI,QAAM4J,eAAgCL,aACnCnI,IAAI,CAACO,uBAAAA;AACJ,QAAIkI,QAAQlI,mBAAmByC;AAC/B,QAAIyF,OAAOC,WAAW,IAAA,GAAO;AAE3BD,cAAQE,eAAeF,KAAAA;IACzB;AAEA,UAAMG,WAAWP,UAAUhI,KACzB,CAACuI,cACCA,UAAS5F,iBAAiByF,SACzBG,UAAS1I,SAAS,SAASuI,OAAOC,WAAW,IAAA,KAASC,eAAeC,UAAS5F,YAAY,MAAMyF,SACjGA,OAAOC,WAAWE,UAAS5F,YAAY,KACvC6F,2BAA2BD,WAAUrI,kBAAAA,CAAAA;AAEzC,QAAIqI,UAAU;AACZ,YAAM,EAAEtI,MAAM,GAAGwI,WAAAA,IAAeF;AAChC,aAAO;QAAE,GAAGE;QAAYxI,MAAM;UAAE,GAAGA;UAAMC;QAAmB;MAAE;IAChE,OAAO;AACL,aAAO;IACT;EACF,CAAA,EACCN,OAAO2D,SAAAA;AAEV,SAAOnB,MAAM6E,KAAK,IAAIF,IAAIrH,KAAKgJ,OAAOP,YAAAA,CAAAA,CAAAA;AACxC;AAlEsBhG;AAgFtB,SAASqG,2BAA2BD,UAAgBrI,oBAAsC;AACxF,MACGA,mBAAmBL,SAAS,sCAAsCK,mBAAmBL,SAAS,uCAC/F0I,SAAS1I,SAAS,aAClB;AACA,WAAO;EACT;AACA,MAAI8I,YAAYC,mBAAmB1I,kBAAAA;AACnC,MAAIqI,SAAStI,MAAMuC,SAAS;AAC1B,WAAOmG,cAAcJ,SAAStI,MAAMuC,QAAQC,YAAAA;EAC9C;AACA,QAAMoG,eAAenG,eAAe,OAAO6F,SAAS5F,YAAY,EAAEF,YAAW;AAC7E,SAAOoG,iBAAiBF;AAC1B;AAbSH;AAeT,eAAsBM,mBAAmBlK,SAAmC;AAC1E,UAAQ,MAAMA,QAAQwC,MAAM2H,uBAAsB,GAAIpJ,IAAI,CAAC2B,aAAaA,SAASmB,YAAW,EAAGqD,QAAQ,QAAQ,EAAA,CAAA;AACjH;AAFsBgD;AAIf,SAASE,OAAOC,QAA4C;AACjE,MAAI,OAAOA,OAAO1K,eAAe,UAAU;AACzC,WAAO0K,OAAO1K;EAChB,WAAW,OAAO0K,OAAO1K,eAAe,UAAU;AAChD,WAAO0K,OAAO1K,WAAW6B;EAC3B;AACA,QAAMhB,MAAM,sCAAsC;AACpD;AAPgB4J;AAST,SAASE,MAAM3K,YAAuD;AAC3E,MAAI,OAAOA,eAAe,UAAU;AAClC,WAAOA;EACT;AACA,MAAIA,WAAW6B,KAAK;AAClB,WAAO7B,WAAW6B;EACpB;AACA,QAAMhB,MAAM,oCAAoC;AAClD;AARgB8J;AAUT,SAASC,OAAOhI,aAA6D;AAClF,MAAI,CAACA,aAAa;AAChB,WAAO,CAAA;EACT;AACA,SAAOA,YAAYxB,IAAIuJ,KAAAA;AACzB;AALgBC;AAOhB,eAAsBC,OACpB,EACE7K,YACAO,iBAAiB,kBACjBiE,UAAS,GAMXnE,SAA+C;AAE/C,MAAI,CAACL,YAAY;AACf,WAAO4E,QAAQkG,OAAO,IAAIjK,MAAM,0CAA0C,CAAA;EAC5E;AAEA,QAAMkK,iBAAiBvG,WAAWwG,MAAM,GAAG;AAC3C,QAAMzJ,MAAMwJ,iBAAkBA,gBAAgB7H,WAAW,IAAI6H,eAAe,CAAA,IAAKA,eAAe,CAAA,IAAMtK;AAGtG,MAAIwK,gBAA2CxK;AAE/C,QAAMU,OAAO,MAAMyC,qCAAqC;IAAE5D;IAAYO;IAAgCiE;EAAqB,GAAGnE,OAAAA;AAC9H,MAAI,CAACc,QAAQA,KAAK+B,WAAW,GAAG;AAC9B,UAAM,IAAIrC,MAAM,gDAAgDN,cAAAA,YAA0BP,WAAW6B,GAAG,EAAE;EAC5G;AACA,MAAI2C,WAAW;AACbyG,oBAAgB9J,KAAKM,KACnB,CAACjB,QAAuBA,IAAIkB,KAAKC,oBAAoBuG,OAAO1D,aAAcjD,OAAOf,IAAIkB,KAAKC,oBAAoBuG,IAAInH,SAASQ,GAAAA,CAAAA;EAE/H;AACA,MAAI,CAAC0J,eAAe;AAClBA,oBAAgB9J,KAAKM,KACnB,CAACjB,QAAuBA,IAAIkB,KAAKC,oBAAoBL,SAASf,kBAAkBC,IAAIkB,KAAKE,UAAUb,SAASR,cAAAA,CAAAA;EAEhH;AACA,MAAI,CAAC0K,eAAe;AAClBA,oBAAgB9J,KAAK,CAAA;EACvB;AAEA,MAAI,CAAC8J,eAAe;AAClB,UAAM,IAAIpK,MACR,8DAA8D2D,SAAAA,mBAA4BjE,cAAAA,WAAyBP,WAAW6B,GAAG,EAAE;EAEvI;AAEA,SAAOoJ;AACT;AA/CsBJ;AAwDtB,eAAeK,oBACb,EACElL,WAAU,GAIZK,SAAmC;AAEnC,MAAI,OAAOL,eAAe,UAAU;AAClC,WAAO,MAAMK,QAAQwC,MAAMsI,cAAc;MAAEtJ,KAAK7B;IAAW,CAAA;EAC7D;AACA,SAAOA;AACT;AAZekL;AAoBf,eAAsBE,aACpB,EACE5K,KACAkK,OAAM,GAKRrK,SAA+C;AAE/C,MAAIG,IAAIkB,MAAMC,oBAAoBuG,IAAI;AACpC,WAAO1H,IAAIkB,MAAMC,oBAAoBuG;EACvC;AACA,QAAMlI,aAAa,MAAMkL,oBAAoBR,QAAQrK,OAAAA;AACrD,QAAMgL,aAAa,MAAMzH,qCACvB;IACE5D;IACAO,gBAAgB;EAClB,GACAF,OAAAA;AAEF,QAAMwJ,QAAQwB,WAAW5J,KAAK,CAAC6J,gBAAgBA,YAAY/J,QAAQf,IAAIe,GAAG;AAC1E,MAAIsI,OAAO;AACT,WAAOA,MAAMnI,MAAMC,oBAAoBuG,MAAM2B,MAAMnI,MAAM6C,iBAAiBmG,OAAOlG,aAAaqF,MAAMtI;EACtG;AAEA,SAAOf,IAAIkB,MAAM6C,iBAAiBmG,OAAOlG,aAAahE,IAAIe;AAC5D;AA3BsB6J;AA6BtB,eAAsBG,uBAAuBC,SAAsBnL,SAAmC;AACpG,SAAOmL,QAAQC,uBAAwB,MAAMlB,mBAAmBlK,OAAAA;AAClE;AAFsBkL;AAIf,SAASpC,iBACd9I,SACA0B,MAIC;AAED,SAAO,IAAI2J,iBAAiBrL,SAAS0B,IAAAA;AACvC;AATgBoH;AAWT,IAAMuC,mBAAN,MAAMA;EArvBb,OAqvBaA;;;EACMrL;EACAsL;EACAC;EACAC;EAEjB,YACExL,SACA0B,MACA;AACA,SAAK1B,UAAUA;AACf,SAAKsL,qBAAqB5J,MAAM4J,uBAAuB;AACvD,SAAKC,wBAAwB7J,MAAM6J,0BAA0B;AAC7D,SAAKC,kBAAkB9J,MAAM8J,oBAAoB;EACnD;EAEA,MAAMzC,QAAQrE,QAAgB5C,SAA8D;AAC1F,QAAI2J;AACJ,QAAIC;AACJ,QAAIC;AACJ,QAAI,CAAC,KAAKL,sBAAsB,CAAC,KAAKE,mBAAmB,CAAC,KAAKD,uBAAuB;AACpF,YAAM/K,MAAM,6HAA6H;IAC3I;AACA,QAAI,KAAK8K,oBAAoB;AAC3B,UAAI;AACFG,2BAAmB,MAAM,KAAKzL,QAAQwC,MAAMoJ,WAAW;UAAElH;UAAQ5C;QAAQ,CAAA;MAC3E,SAASyE,OAAgB;AACvBoF,cAAMpF;MACR;IACF;AACA,QAAIkF,kBAAkB;AACpBC,6BAAuBD;AACvB,UAAIA,iBAAiB5K,gBAAgB,MAAM;AACzC4K,2BAAmBrL;MACrB;IACF,OAAO;AACLoG,cAAQqF,IAAI,wEAAwE;IACtF;AACA,QAAI,CAACJ,oBAAoB,KAAKD,iBAAiB;AAC7ChF,cAAQqF,IAAI,kEAAkE;AAC9E,UAAI;AACF,cAAMrK,MAAMkD,OAAOiG,MAAM,GAAA,EAAK,CAAA;AAC9B,cAAMmB,cAAc,MAAM,KAAK9L,QAAQwC,MAAMsI,cAAc;UAAEtJ;QAAI,CAAA;AACjEiK,2BAAmBM,sBAAsBD,aAAa;UAAEtK;QAAI,CAAA;AAC5D,YAAIiK,iBAAiB5K,aAAa;AAChC8K,gBAAMvL;QACR,OAAO;AACLoG,kBAAQqF,IAAI,mDAAmDrK,GAAAA,EAAK;QACtE;MACF,SAAS+E,OAAgB;AACvB,YAAI,CAACoF,KAAK;AACRA,gBAAMpF;QACR;MACF;IACF;AACA,QAAIkF,kBAAkB;AACpB,UAAI,CAACC,sBAAsB;AACzBA,+BAAuBD;MACzB;AACA,UAAI,CAACA,iBAAiB5K,aAAa;AACjC4K,2BAAmBrL;MACrB;IACF;AACA,QAAI,CAACqL,oBAAoB,KAAKF,uBAAuB;AACnD/E,cAAQqF,IAAI,+CAA+CnH,MAAAA,GAAS;AACpE+G,yBAAmB,MAAM,IAAIO,YAAAA,EAAcjD,QAAQrE,QAAQ5C,OAAAA;AAC3D,UAAI,CAAC4J,sBAAsB;AACzBA,+BAAuBD;MACzB;AACA,UAAIA,iBAAiB5K,aAAa;AAChC8K,cAAMvL;MACR;IACF;AAEA,QAAIuL,KAAK;AAEP,YAAMA;IACR;AACA,QAAI,CAACF,oBAAoB,CAACC,sBAAsB;AAC9C,YAAM,qBAAqBhH,MAAAA,gCAAsC,KAAK4G,kBAAkB,YAAY,KAAKE,eAAe,mBAAmB,KAAKD,qBAAqB;IACvK;AACA,WAAOE,oBAAoBC;EAC7B;AACF;AAYO,SAAS9K,cACdjB,YACA+B,MAGC;AAED,MAAIb,cAAuCT;AAE3C,MAAIT,YAAY;AACd,UAAM6B,MAAM7B,WAAW6B,OAAOE,MAAMF;AACpCX,kBAAc;MACZ,YAAY;MACZgH,IAAIrG;MACJF,oBAAoB3B,WAAWmB,KAAKC,IAAI,CAACZ,QAAAA;AACvC,cAAMkF,KAAyB;UAC7B4G,YAAYzK;UACZqG,IAAI1H,IAAIe,IAAIuI,WAAWjI,GAAAA,KAAQrB,IAAIe,IAAIR,SAAS,GAAA,IAAOP,IAAIe,MAAM,GAAGM,GAAAA,IAAOrB,IAAIe,GAAG;UAClF8D,cAAc2C,MAAMxH,IAAI4D,cAAc5D,IAAIc,MAAM;YAC9CiL,KAAKC,aAAazL,SAASP,IAAIc,IAAI,IAAImL,UAAUC,aAAaD,UAAUE;YACxEnM;UACF,CAAA;UACAc,MAAM;QACR;AACA,eAAOoE;MACT,CAAA;MACA,IAAK3D,MAAMwK,QAAQ9L,UAAasB,MAAMwK,KAAKxL,SAAS0L,UAAUE,SAAS,MACrE3M,WAAWmB,QAAQ;QACjB0H,iBAAiB7I,WAAWmB,KACzBE,OACC,CAACb,QACCA,KAAKkB,MAAMkL,YAAYnM,UAAaD,KAAKkB,MAAMkL,YAAY,qBAAqBpM,KAAKkB,MAAME,UAAUb,SAAS,iBAAA,CAAA,EAEjHK,IAAI,CAACZ,QAAAA;AACJ,cAAIA,IAAIe,IAAIuI,WAAWjI,GAAAA,KAAQrB,IAAIe,IAAIR,SAAS,GAAA,GAAM;AACpD,mBAAOP,IAAIe;UACb;AACA,iBAAO,GAAGM,GAAAA,IAAOrB,IAAIe,GAAG;QAC1B,CAAA;MACJ;MACF,IAAKQ,MAAMwK,QAAQ9L,UAAasB,MAAMwK,KAAKxL,SAAS0L,UAAUE,SAAS,MACrE3M,WAAWmB,QAAQ;QACjB2H,gBAAgB9I,WAAWmB,KACxBE,OACC,CAACb,QAAQA,KAAKkB,MAAMkL,YAAYnM,UAAaD,KAAKkB,MAAMkL,YAAY,oBAAoBpM,KAAKkB,MAAME,UAAUb,SAAS,gBAAA,CAAA,EAEvHK,IAAI,CAACZ,QAAAA;AACJ,cAAIA,IAAIe,IAAIuI,WAAWjI,GAAAA,KAAQrB,IAAIe,IAAIR,SAAS,GAAA,GAAM;AACpD,mBAAOP,IAAIe;UACb;AACA,iBAAO,GAAGM,GAAAA,IAAOrB,IAAIe,GAAG;QAC1B,CAAA;MACJ;MACF,IAAKQ,MAAMwK,QAAQ9L,UAAasB,MAAMwK,KAAKxL,SAAS0L,UAAUC,UAAU,MACtE1M,WAAWmB,QAAQ;QACjB4H,cAAc/I,WAAWmB,KACtBE,OAAO,CAACb,QAAQA,IAAIc,SAAS,YAAYd,KAAKkB,MAAMkL,YAAY,kBAAkBpM,KAAKkB,MAAME,UAAUb,SAAS,cAAA,CAAA,EAChHK,IAAI,CAACZ,QAAAA;AACJ,cAAIA,IAAIe,IAAIuI,WAAWjI,GAAAA,KAAQrB,IAAIe,IAAIR,SAAS,GAAA,GAAM;AACpD,mBAAOP,IAAIe;UACb;AACA,iBAAO,GAAGM,GAAAA,IAAOrB,IAAIe,GAAG;QAC1B,CAAA;MACJ;MACF,IAAKQ,MAAMwK,QAAQ9L,UAAasB,MAAMwK,KAAKxL,SAAS0L,UAAUC,UAAU,MACtE1M,WAAWmB,QAAQ;QACjB6H,sBAAsBhJ,WAAWmB,KAC9BE,OACC,CAACb,QAAQA,IAAIc,SAAS,YAAYd,KAAKkB,MAAMkL,YAAY,0BAA0BpM,KAAKkB,MAAME,UAAUb,SAAS,sBAAA,CAAA,EAElHK,IAAI,CAACZ,QAAAA;AACJ,cAAIA,IAAIe,IAAIuI,WAAWjI,GAAAA,KAAQrB,IAAIe,IAAIR,SAAS,GAAA,GAAM;AACpD,mBAAOP,IAAIe;UACb;AACA,iBAAO,GAAGM,GAAAA,IAAOrB,IAAIe,GAAG;QAC1B,CAAA;MACJ;MACF,IAAKQ,MAAMwK,QAAQ9L,UAAasB,MAAMwK,KAAKxL,SAAS0L,UAAUC,UAAU,MACtE1M,WAAWmB,QAAQ;QACjB8H,sBAAsBjJ,WAAWmB,KAC9BE,OACC,CAACb,QAAQA,IAAIc,SAAS,YAAYd,KAAKkB,MAAMkL,YAAY,0BAA0BpM,KAAKkB,MAAME,UAAUb,SAAS,sBAAA,CAAA,EAElHK,IAAI,CAACZ,QAAAA;AACJ,cAAIA,IAAIe,IAAIuI,WAAWjI,GAAAA,KAAQrB,IAAIe,IAAIR,SAAS,GAAA,GAAM;AACpD,mBAAOP,IAAIe;UACb;AACA,iBAAO,GAAGM,GAAAA,IAAOrB,IAAIe,GAAG;QAC1B,CAAA;MACJ;MACF,GAAIvB,WAAW6M,YAAY7M,WAAW6M,SAAS3J,SAAS,KAAK;QAAE4J,SAAS9M,WAAW6M;MAAS;IAC9F;EACF;AACA,SAAO3L;AACT;AA9FgBD;AAgGT,SAASmL,sBACdpM,YACA+B,MAGC;AAED,QAAMb,cAAcD,cAAcjB,YAAY+B,IAAAA,KAAS;AAEvD,QAAM+J,mBAAwC;IAC5C,YAAY;IACZ5K;IACA6L,uBAAuB;MACrB,GAAI,CAAC7L,eAAe;QAAE0F,OAAO;MAAW;MACxC,GAAI/C,MAAMC,QAAQ/B,MAAMiL,gBAAAA,KACtBhN,cACA,CAAC+B,MAAMiL,iBAAiBjM,SAASf,WAAW+C,SAASwE,QAAQ,QAAQ,EAAA,CAAA,KAAQ;QAAEX,OAAO;MAAuB;IACjH;IACAqG,qBAAqB;MACnB,GAAIjN,YAAYsD,SAAS;QAAE4J,cAAclN,YAAYsD;MAAM;IAC7D;EACF;AACA,SAAOwI;AACT;AAvBgBM;AAyBhB,eAAsBe,SAASC,eAAqB;AAClD,MAAIvL,MAAMuL;AACV,MAAI,CAACvL,KAAK;AACR,UAAMhB,MAAM,+CAAA;EACd;AACA,MAAIgB,IAAIiI,WAAW,UAAA,GAAa;AAC9B,WAAOjI;EACT;AACA,SAAO,WAAWA,IAAI0F,QAAQ,2BAA2B,IAAA,EAAMrD,YAAW,CAAA;AAC5E;AATsBiJ;AAcf,IAAME,aAAa,8BAAOC,SAAAA;AAC/B,QAAM,EAAE5C,QAAQ6C,QAAQC,SAASnN,SAAS8B,QAAO,IAAKmL;AACtD,QAAMG,aAAa;IACjB,GAAGtL;IACHuL,QAAQ,MAAMC,aAAa;MAAEjD;MAAQrK;IAAQ,CAAA;EAC/C;AAEA,SAAOuN,UAAUJ,SAASC,YAAYF,MAAAA;AACxC,GAR0B;AAanB,IAAMI,eAAe,8BAC1BL,SAAAA;AAiBA,QAAM,EAAE5C,QAAQrK,QAAO,IAAKiN;AAE5B,QAAMtN,aAAa,MAAMkL,oBAAoBR,QAAQrK,OAAAA;AACrD,QAAMG,MAAM,MAAMqK,OAChB;IACE7K;IACAO,gBAAgBmK,OAAOmD;IACvBrJ,WAAWkG,OAAOlG;EACpB,GACAnE,OAAAA;AAEF,QAAMyN,YAAY,MAAMC,0BAA0B;IAAEvN;EAAI,CAAA;AAExD,SAAO,OAAOwN,SAAAA;AACZ,UAAM1G,QAAQ0G,gBAAgBC,OAAOC,eAAerG,UAAAA,IAAc,IAAIsG,YAAAA,EAAcC,OAAOJ,IAAAA,IAAuBA;AAClH,WAAO,MAAM3N,QAAQwC,MAAMwL,eAAe;MACxCC,QAAQ9N,IAAIe;MACZuM;MACAE,MAAM1G;IACR,CAAA;EACF;AACF,GAvC4B;","names":["computeAddress","UniResolver","ENC_KEY_ALGS","getKms","JwkKeyUse","keyTypeFromCryptographicSuite","rsaJwkToRawHexKey","sanitizedJwk","signatureAlgorithmFromKey","toJwk","toPkcs1FromHex","base64ToHex","base58ToBytes","base64ToBytes","bytesToHex","hexToBytes","multibaseKeyToBytes","convertPublicKeyToX25519","compressIdentifierSecp256k1Keys","convertIdentifierEncryptionKeys","getEthereumAddress","isDefined","mapIdentifierKeysToDoc","createJWT","elliptic","u8a","SupportedDidMethodEnum","IdentifierAliasEnum","DID_PREFIX","fromString","toString","u8a","getAuthenticationKey","identifier","offlineWhenNoDIDRegistered","noVerificationMethodFallback","keyType","controllerKey","context","getFirstKeyWithRelation","vmRelationship","key","undefined","getFirstKeyWithRelationFromDIDDoc","errorOnNotFound","e","Error","message","includes","offlineDID","toDidDocument","didDocument","keys","map","filter","type","kid","controllerKeyId","find","meta","verificationMethod","purposes","did","getOrCreatePrimaryIdentifier","opts","primaryIdentifier","getPrimaryIdentifier","createOpts","options","method","created","result","SupportedDidMethodEnum","DID_KEY","codecName","createdIdentifier","createIdentifier","identifiers","agent","didManagerFind","provider","DID_PREFIX","some","length","didManagerCreate","kms","getKms","alias","IdentifierAliasEnum","PRIMARY","Date","getTime","matchedKeys","mapIdentifierKeysToDocWithJwkSupport","Array","isArray","getEthereumAddressFromKey","ethereumAddress","account","toLowerCase","computeAddress","publicKeyHex","getControllerKey","getKeys","jwkThumbprint","kmsKeyRef","dereferenceDidKeysWithJwkSupport","section","convert","Promise","all","getDIDComponentById","didUrl","isDefined","hexKey","extractPublicKeyHexWithJwkSupport","publicKeyBase58","publicKeyBase64","publicKeyJwk","keyProps","newKey","jwkTtoPublicKeyHex","jwk","vm","sanitizedJwk","pk","kty","curve","crv","toEcLibCurve","xHex","base64ToHex","x","yHex","y","prefix","hex","ec","elliptic","keyFromPublic","getPublic","error","console","rsaJwkToRawHexKey","extractPublicKeyHex","isEvenHexString","lastChar","keyBytes","extractPublicKeyBytes","convertPublicKeyToX25519","bytesToHex","input","replace","base58ToBytes","publicKeyMultibase","multibaseKeyToBytes","base64ToBytes","hexToBytes","Uint8Array","verificationMethodToJwk","trim","toJwk","keyTypeFromCryptographicSuite","id","didDocumentSectionToJwks","didDocumentSection","searchForVerificationMethods","verificationMethods","jwks","Set","vmOrId","from","didDocumentToJwks","publicKey","assertionMethod","authentication","keyAgreement","capabilityInvocation","capabilityDelegation","didDoc","getAgentResolver","resolve","then","mapIdentifierKeysToDoc","documentKeys","found","localKeys","convertIdentifierEncryptionKeys","compressIdentifierSecp256k1Keys","extendedKeys","vmKey","startsWith","toPkcs1FromHex","localKey","compareBlockchainAccountId","localProps","concat","vmEthAddr","getEthereumAddress","computedAddr","getAgentDIDMethods","didManagerGetProviders","getDID","idOpts","toDID","toDIDs","getKey","reject","kmsKeyRefParts","split","identifierKey","legacyGetIdentifier","didManagerGet","determineKid","mappedKeys","extendedKey","getSupportedDIDMethods","didOpts","supportedDIDMethods","AgentDIDResolver","resolverResolution","uniresolverResolution","localResolution","resolutionResult","origResolutionResult","err","resolveDid","log","iIdentifier","toDidResolutionResult","UniResolver","controller","use","ENC_KEY_ALGS","JwkKeyUse","Encryption","Signature","purpose","services","service","didResolutionMetadata","supportedMethods","didDocumentMetadata","equivalentId","asDidWeb","hostnameOrDID","signDidJWT","args","header","payload","jwtOptions","signer","getDidSigner","createJWT","verificationMethodSection","algorithm","signatureAlgorithmFromKey","data","Object","getPrototypeOf","TextDecoder","decode","keyManagerSign","keyRef"]}
1
+ {"version":3,"sources":["../src/did-functions.ts","../src/types.ts"],"sourcesContent":["import { computeAddress } from '@ethersproject/transactions'\nimport { UniResolver } from '@sphereon/did-uni-client'\nimport {\n ENC_KEY_ALGS,\n getKms,\n JwkKeyUse,\n keyTypeFromCryptographicSuite,\n rsaJwkToRawHexKey,\n sanitizedJwk,\n signatureAlgorithmFromKey,\n type TKeyType,\n toJwk,\n toPkcs1FromHex,\n} from '@sphereon/ssi-sdk-ext.key-utils'\nimport { base64ToHex } from '@sphereon/ssi-sdk-ext.x509-utils'\nimport { base58ToBytes, base64ToBytes, bytesToHex, hexToBytes, multibaseKeyToBytes } from '@sphereon/ssi-sdk.core'\nimport type { JWK } from '@sphereon/ssi-types'\nimport { convertPublicKeyToX25519 } from '@stablelib/ed25519'\nimport type { DIDDocument, DIDDocumentSection, DIDResolutionResult, IAgentContext, IDIDManager, IIdentifier, IKey, IResolver } from '@veramo/core'\nimport {\n type _ExtendedIKey,\n type _ExtendedVerificationMethod,\n type _NormalizedVerificationMethod,\n compressIdentifierSecp256k1Keys,\n convertIdentifierEncryptionKeys,\n getEthereumAddress,\n isDefined,\n mapIdentifierKeysToDoc,\n} from '@veramo/utils'\nimport { createJWT, Signer } from 'did-jwt'\nimport type { DIDResolutionOptions, JsonWebKey, Resolvable, VerificationMethod } from 'did-resolver'\n// @ts-ignore\nimport elliptic from 'elliptic'\n// @ts-ignore\nimport * as u8a from 'uint8arrays'\nimport {\n type CreateIdentifierOpts,\n type CreateOrGetIdentifierOpts,\n DID_PREFIX,\n type GetOrCreateResult,\n type GetSignerArgs,\n IdentifierAliasEnum,\n type IdentifierProviderOpts,\n type IDIDOptions,\n type SignJwtArgs,\n SupportedDidMethodEnum,\n} from './types'\n\nconst { fromString, toString } = u8a\n\nexport const getAuthenticationKey = async (\n {\n identifier,\n offlineWhenNoDIDRegistered,\n noVerificationMethodFallback,\n keyType,\n controllerKey,\n }: {\n identifier: IIdentifier\n keyType?: TKeyType\n offlineWhenNoDIDRegistered?: boolean\n noVerificationMethodFallback?: boolean\n controllerKey?: boolean\n },\n context: IAgentContext<IResolver & IDIDManager>,\n): Promise<_ExtendedIKey> => {\n return await getFirstKeyWithRelation(\n {\n identifier,\n offlineWhenNoDIDRegistered,\n noVerificationMethodFallback,\n keyType,\n controllerKey,\n vmRelationship: 'authentication',\n },\n context,\n )\n}\nexport const getFirstKeyWithRelation = async (\n {\n identifier,\n offlineWhenNoDIDRegistered,\n noVerificationMethodFallback,\n keyType,\n controllerKey,\n vmRelationship,\n }: {\n identifier: IIdentifier\n keyType?: TKeyType\n offlineWhenNoDIDRegistered?: boolean\n noVerificationMethodFallback?: boolean\n controllerKey?: boolean\n vmRelationship: DIDDocumentSection\n },\n context: IAgentContext<IResolver & IDIDManager>,\n): Promise<_ExtendedIKey> => {\n let key: _ExtendedIKey | undefined = undefined\n try {\n key =\n (await getFirstKeyWithRelationFromDIDDoc(\n {\n identifier,\n vmRelationship,\n errorOnNotFound: false,\n keyType,\n controllerKey,\n },\n context,\n )) ??\n (noVerificationMethodFallback || vmRelationship === 'verificationMethod' // let's not fallback to the same value again\n ? undefined\n : await getFirstKeyWithRelationFromDIDDoc(\n {\n identifier,\n vmRelationship: 'verificationMethod',\n errorOnNotFound: false,\n keyType,\n controllerKey,\n },\n context,\n ))\n } catch (e) {\n if (e instanceof Error) {\n if (!e.message.includes('404') || !offlineWhenNoDIDRegistered) {\n throw e\n }\n } else {\n throw e\n }\n }\n if (!key && offlineWhenNoDIDRegistered) {\n const offlineDID = toDidDocument(identifier)\n key =\n (await getFirstKeyWithRelationFromDIDDoc(\n {\n identifier,\n vmRelationship,\n errorOnNotFound: false,\n didDocument: offlineDID,\n keyType,\n controllerKey,\n },\n context,\n )) ??\n (noVerificationMethodFallback || vmRelationship === 'verificationMethod' // let's not fallback to the same value again\n ? undefined\n : await getFirstKeyWithRelationFromDIDDoc(\n {\n identifier,\n vmRelationship: 'verificationMethod',\n errorOnNotFound: false,\n didDocument: offlineDID,\n keyType,\n controllerKey,\n },\n context,\n ))\n if (!key) {\n key = identifier.keys\n .map((key) => key as _ExtendedIKey)\n .filter((key) => keyType === undefined || key.type === keyType || (controllerKey && key.kid === identifier.controllerKeyId))\n .find((key) => key.meta.verificationMethod?.type.includes('authentication') || key.meta.purposes?.includes('authentication'))\n }\n }\n if (!key) {\n throw Error(`Could not find authentication key for DID ${identifier.did}`)\n }\n return key\n}\n\nexport const getOrCreatePrimaryIdentifier = async (\n context: IAgentContext<IDIDManager>,\n opts?: CreateOrGetIdentifierOpts,\n): Promise<GetOrCreateResult<IIdentifier>> => {\n const primaryIdentifier = await getPrimaryIdentifier(context, { ...opts?.createOpts?.options, ...(opts?.method && { method: opts.method }) })\n if (primaryIdentifier !== undefined) {\n return {\n created: false,\n result: primaryIdentifier,\n }\n }\n\n if (opts?.method === SupportedDidMethodEnum.DID_KEY) {\n const createOpts = opts?.createOpts ?? {}\n createOpts.options = { codecName: 'EBSI', type: 'Secp256r1', ...createOpts }\n opts.createOpts = createOpts\n }\n const createdIdentifier = await createIdentifier(context, opts)\n return {\n created: true,\n result: createdIdentifier,\n }\n}\n\nexport const getPrimaryIdentifier = async (context: IAgentContext<IDIDManager>, opts?: IdentifierProviderOpts): Promise<IIdentifier | undefined> => {\n const identifiers = (await context.agent.didManagerFind(opts?.method ? { provider: `${DID_PREFIX}${opts?.method}` } : {})).filter(\n (identifier: IIdentifier) => opts?.type === undefined || identifier.keys.some((key: IKey) => key.type === opts?.type),\n )\n\n return identifiers && identifiers.length > 0 ? identifiers[0] : undefined\n}\n\nexport const createIdentifier = async (context: IAgentContext<IDIDManager>, opts?: CreateIdentifierOpts): Promise<IIdentifier> => {\n return await context.agent.didManagerCreate({\n kms: await getKms(context, opts?.createOpts?.kms),\n ...(opts?.method && { provider: `${DID_PREFIX}${opts?.method}` }),\n alias: opts?.createOpts?.alias ?? `${IdentifierAliasEnum.PRIMARY}-${opts?.method}-${opts?.createOpts?.options?.type}-${new Date().getTime()}`,\n options: opts?.createOpts?.options,\n })\n}\n\nexport const getFirstKeyWithRelationFromDIDDoc = async (\n {\n identifier,\n vmRelationship = 'verificationMethod',\n keyType,\n errorOnNotFound = false,\n didDocument,\n controllerKey,\n }: {\n identifier: IIdentifier\n controllerKey?: boolean\n vmRelationship?: DIDDocumentSection\n keyType?: TKeyType\n errorOnNotFound?: boolean\n didDocument?: DIDDocument\n },\n context: IAgentContext<IResolver & IDIDManager>,\n): Promise<_ExtendedIKey | undefined> => {\n const matchedKeys = await mapIdentifierKeysToDocWithJwkSupport({ identifier, vmRelationship, didDocument }, context)\n if (Array.isArray(matchedKeys) && matchedKeys.length > 0) {\n const result = matchedKeys.find(\n (key) => keyType === undefined || key.type === keyType || (controllerKey && key.kid === identifier.controllerKeyId),\n )\n if (result) {\n return result\n }\n }\n if (errorOnNotFound) {\n throw new Error(\n `Could not find key with relationship ${vmRelationship} in DID document for ${identifier.did}${keyType ? ' and key type: ' + keyType : ''}`,\n )\n }\n return undefined\n}\n\nexport const getEthereumAddressFromKey = ({ key }: { key: IKey }) => {\n if (key.type !== 'Secp256k1') {\n throw Error(`Can only get ethereum address from a Secp256k1 key. Type is ${key.type} for keyRef: ${key.kid}`)\n }\n const ethereumAddress = key.meta?.ethereumAddress ?? key.meta?.account?.toLowerCase() ?? computeAddress(`0x${key.publicKeyHex}`).toLowerCase()\n if (!ethereumAddress) {\n throw Error(`Could not get or generate ethereum address from key with keyRef ${key.kid}`)\n }\n return ethereumAddress\n}\n\nexport const getControllerKey = ({ identifier }: { identifier: IIdentifier }) => {\n const key = identifier.keys.find((key) => key.kid === identifier.controllerKeyId)\n if (!key) {\n throw Error(`Could not get controller key for identifier ${identifier}`)\n }\n return key\n}\n\nexport const getKeys = ({\n jwkThumbprint,\n kms,\n identifier,\n kmsKeyRef,\n keyType,\n controllerKey,\n}: {\n identifier: IIdentifier\n kmsKeyRef?: string\n keyType?: TKeyType\n kms?: string\n jwkThumbprint?: string\n controllerKey?: boolean\n}) => {\n return identifier.keys\n .filter((key) => !keyType || key.type === keyType)\n .filter((key) => !kms || key.kms === kms)\n .filter((key) => !kmsKeyRef || key.kid === kmsKeyRef)\n .filter((key) => !jwkThumbprint || key.meta?.jwkThumbprint === jwkThumbprint)\n .filter((key) => !controllerKey || identifier.controllerKeyId === key.kid)\n}\n\n//TODO: Move to ssi-sdk/core and create PR upstream\n/**\n * Dereferences keys from DID document and normalizes them for easy comparison.\n *\n * When dereferencing keyAgreement keys, only Ed25519 and X25519 curves are supported.\n * Other key types are omitted from the result and Ed25519 keys are converted to X25519\n *\n * @returns a Promise that resolves to the list of dereferenced keys.\n *\n * @beta This API may change without a BREAKING CHANGE notice.\n */\nexport async function dereferenceDidKeysWithJwkSupport(\n didDocument: DIDDocument,\n section: DIDDocumentSection = 'keyAgreement',\n context: IAgentContext<IResolver>,\n): Promise<_NormalizedVerificationMethod[]> {\n const convert = section === 'keyAgreement'\n if (section === 'service') {\n return []\n }\n return (\n await Promise.all(\n (didDocument[section] || []).map(async (key: string | VerificationMethod) => {\n if (typeof key === 'string') {\n try {\n return (await context.agent.getDIDComponentById({\n didDocument,\n didUrl: key,\n section,\n })) as _ExtendedVerificationMethod\n } catch (e) {\n return null\n }\n } else {\n return key as _ExtendedVerificationMethod\n }\n }),\n )\n )\n .filter(isDefined)\n .map((key) => {\n const hexKey = extractPublicKeyHexWithJwkSupport(key, convert)\n const { publicKeyHex, publicKeyBase58, publicKeyBase64, publicKeyJwk, ...keyProps } = key\n const newKey = { ...keyProps, publicKeyHex: hexKey }\n if (convert && 'Ed25519VerificationKey2018' === newKey.type) {\n newKey.type = 'X25519KeyAgreementKey2019'\n }\n return newKey\n })\n}\n\nexport function jwkTtoPublicKeyHex(jwk: JWK): string {\n // todo: Hacky way to convert this to a VM. Should extract the logic from the below methods\n // @ts-ignore\n const vm: _ExtendedVerificationMethod = {\n publicKeyJwk: sanitizedJwk(jwk),\n }\n return extractPublicKeyHexWithJwkSupport(vm)\n}\n\n/**\n * Converts the publicKey of a VerificationMethod to hex encoding (publicKeyHex)\n *\n * @param pk - the VerificationMethod to be converted\n * @param convert - when this flag is set to true, Ed25519 keys are converted to their X25519 pairs\n * @returns the hex encoding of the public key\n *\n * @beta This API may change without a BREAKING CHANGE notice.\n */\nexport function extractPublicKeyHexWithJwkSupport(pk: _ExtendedVerificationMethod, convert = false): string {\n if (pk.publicKeyJwk) {\n const jwk = sanitizedJwk(pk.publicKeyJwk)\n if (jwk.kty === 'EC') {\n const curve = jwk.crv ? toEcLibCurve(jwk.crv) : 'p256'\n const xHex = base64ToHex(jwk.x!, 'base64url')\n const yHex = base64ToHex(jwk.y!, 'base64url')\n const prefix = '04' // isEven(yHex) ? '02' : '03'\n // Uncompressed Hex format: 04<x><y>\n // Compressed Hex format: 02<x> (for even y) or 03<x> (for uneven y)\n const hex = `${prefix}${xHex}${yHex}`\n try {\n const ec = new elliptic.ec(curve)\n // We return directly as we don't want to convert the result back into Uint8Array and then convert again to hex as the elliptic lib already returns hex strings\n const publicKeyHex = ec.keyFromPublic(hex, 'hex').getPublic(true, 'hex')\n // This returns a short form (x) with 02 or 03 prefix\n return publicKeyHex\n } catch (error: any) {\n console.error(`Error converting EC with elliptic lib curve ${curve} from JWK to hex. x: ${jwk.x}, y: ${jwk.y}, error: ${error}`, error)\n }\n } else if (jwk.crv === 'Ed25519') {\n return toString(fromString(jwk.x!, 'base64url'), 'base16')\n } else if (jwk.kty === 'RSA') {\n return rsaJwkToRawHexKey(jwk)\n // return hexKeyFromPEMBasedJwk(jwk, 'public')\n }\n }\n // delegate the other types to the original Veramo function\n return extractPublicKeyHex(pk, convert)\n}\n\nexport function isEvenHexString(hex: string) {\n const lastChar = hex[hex.length - 1].toLowerCase()\n return ['0', '2', '4', '6', '8', 'a', 'c', 'e'].includes(lastChar)\n}\n\ninterface LegacyVerificationMethod extends VerificationMethod {\n publicKeyBase64: string\n}\n\n/**\n * Converts the publicKey of a VerificationMethod to hex encoding (publicKeyHex)\n *\n * @param pk - the VerificationMethod to be converted\n * @param convert - when this flag is set to true, Ed25519 keys are converted to their X25519 pairs\n * @returns the hex encoding of the public key\n *\n * @beta This API may change without a BREAKING CHANGE notice.\n */\nexport function extractPublicKeyHex(pk: _ExtendedVerificationMethod, convert: boolean = false): string {\n let keyBytes = extractPublicKeyBytes(pk)\n const jwk = pk.publicKeyJwk ? sanitizedJwk(pk.publicKeyJwk) : undefined\n if (convert) {\n if (\n ['Ed25519', 'Ed25519VerificationKey2018', 'Ed25519VerificationKey2020'].includes(pk.type) ||\n (pk.type === 'JsonWebKey2020' && jwk?.crv === 'Ed25519')\n ) {\n keyBytes = convertPublicKeyToX25519(keyBytes)\n } else if (\n !['X25519', 'X25519KeyAgreementKey2019', 'X25519KeyAgreementKey2020'].includes(pk.type) &&\n !(pk.type === 'JsonWebKey2020' && jwk?.crv === 'X25519')\n ) {\n return ''\n }\n }\n return bytesToHex(keyBytes)\n}\n\nfunction toEcLibCurve(input: string) {\n return input.toLowerCase().replace('-', '').replace('_', '')\n}\n\nfunction extractPublicKeyBytes(pk: VerificationMethod): Uint8Array {\n if (pk.publicKeyBase58) {\n return base58ToBytes(pk.publicKeyBase58)\n } else if (pk.publicKeyMultibase) {\n return multibaseKeyToBytes(pk.publicKeyMultibase)\n } else if ((<LegacyVerificationMethod>pk).publicKeyBase64) {\n return base64ToBytes((<LegacyVerificationMethod>pk).publicKeyBase64)\n } else if (pk.publicKeyHex) {\n return hexToBytes(pk.publicKeyHex)\n } else if (pk.publicKeyJwk?.crv && pk.publicKeyJwk.x && pk.publicKeyJwk.y) {\n return hexToBytes(extractPublicKeyHexWithJwkSupport(pk))\n } else if (pk.publicKeyJwk && (pk.publicKeyJwk.crv === 'Ed25519' || pk.publicKeyJwk.crv === 'X25519') && pk.publicKeyJwk.x) {\n return base64ToBytes(pk.publicKeyJwk.x)\n }\n return new Uint8Array()\n}\n\nexport function verificationMethodToJwk(vm: VerificationMethod, errorOnNotFound = true): JWK | null {\n let jwk: JWK | undefined = vm.publicKeyJwk as JWK\n if (!jwk) {\n let publicKeyHex = vm.publicKeyHex ?? toString(extractPublicKeyBytes(vm), 'hex')\n if (publicKeyHex && publicKeyHex.trim() !== '') {\n jwk = toJwk(publicKeyHex, keyTypeFromCryptographicSuite({ crv: vm.type }))\n }\n }\n if (!jwk) {\n if (errorOnNotFound) {\n throw Error(`Could not convert verification method ${vm.id} to jwk`)\n }\n return null\n }\n jwk.kid = vm.id\n return sanitizedJwk(jwk)\n}\n\nfunction didDocumentSectionToJwks(\n didDocumentSection: DIDDocumentSection,\n searchForVerificationMethods?: (VerificationMethod | string)[],\n verificationMethods?: VerificationMethod[],\n) {\n const jwks = new Set(\n (searchForVerificationMethods ?? [])\n .map((vmOrId) => (typeof vmOrId === 'object' ? vmOrId : verificationMethods?.find((vm) => vm.id === vmOrId)))\n .filter(isDefined)\n .map((vm) => verificationMethodToJwk(vm, false))\n .filter(isDefined),\n )\n return { didDocumentSection, jwks: Array.from(jwks) }\n}\n\nexport type DidDocumentJwks = Record<Exclude<DIDDocumentSection, 'publicKey' | 'service'>, Array<JWK>>\n\nexport function didDocumentToJwks(didDocument: DIDDocument): DidDocumentJwks {\n return {\n verificationMethod: [\n ...didDocumentSectionToJwks('publicKey', didDocument.publicKey, didDocument.verificationMethod).jwks, // legacy support\n ...didDocumentSectionToJwks('verificationMethod', didDocument.verificationMethod, didDocument.verificationMethod).jwks,\n ],\n assertionMethod: didDocumentSectionToJwks('assertionMethod', didDocument.assertionMethod, didDocument.verificationMethod).jwks,\n authentication: didDocumentSectionToJwks('authentication', didDocument.authentication, didDocument.verificationMethod).jwks,\n keyAgreement: didDocumentSectionToJwks('keyAgreement', didDocument.keyAgreement, didDocument.verificationMethod).jwks,\n capabilityInvocation: didDocumentSectionToJwks('capabilityInvocation', didDocument.capabilityInvocation, didDocument.verificationMethod).jwks,\n capabilityDelegation: didDocumentSectionToJwks('capabilityDelegation', didDocument.capabilityDelegation, didDocument.verificationMethod).jwks,\n }\n}\n\n/**\n * Maps the keys of a locally managed {@link @veramo/core#IIdentifier | IIdentifier} to the corresponding\n * {@link did-resolver#VerificationMethod | VerificationMethod} entries from the DID document.\n *\n * @param identifier - the identifier to be mapped\n * @param section - the section of the DID document to be mapped (see\n * {@link https://www.w3.org/TR/did-core/#verification-relationships | verification relationships}), but can also be\n * `verificationMethod` to map all the keys.\n * @param didDocument\n * @param context - the veramo agent context, which must contain a {@link @veramo/core#IResolver | IResolver}\n * implementation that can resolve the DID document of the identifier.\n *\n * @returns an array of mapped keys. The corresponding verification method is added to the `meta.verificationMethod`\n * property of the key.\n *\n * @beta This API may change without a BREAKING CHANGE notice.\n */\nexport async function mapIdentifierKeysToDocWithJwkSupport(\n {\n identifier,\n vmRelationship = 'verificationMethod',\n didDocument,\n kmsKeyRef,\n }: {\n identifier: IIdentifier\n vmRelationship?: DIDDocumentSection\n didDocument?: DIDDocument\n kmsKeyRef?: string\n },\n context: IAgentContext<IResolver & IDIDManager>,\n): Promise<_ExtendedIKey[]> {\n const didDoc =\n didDocument ??\n (await getAgentResolver(context)\n .resolve(identifier.did)\n .then((result) => result.didDocument))\n if (!didDoc) {\n throw Error(`Could not resolve DID ${identifier.did}`)\n }\n\n // const rsaDidWeb = identifier.keys && identifier.keys.length > 0 && identifier.keys.find((key) => key.type === 'RSA') && didDocument\n\n // We skip mapping in case the identifier is RSA and a did document is supplied.\n const keys = didDoc ? [] : await mapIdentifierKeysToDoc(identifier, vmRelationship, context)\n\n // dereference all key agreement keys from DID document and normalize\n const documentKeys: VerificationMethod[] = await dereferenceDidKeysWithJwkSupport(didDoc, vmRelationship, context)\n\n if (kmsKeyRef) {\n let found = keys.filter((key) => key.kid === kmsKeyRef)\n if (found.length > 0) {\n return found\n }\n }\n\n const localKeys = vmRelationship === 'keyAgreement' ? convertIdentifierEncryptionKeys(identifier) : compressIdentifierSecp256k1Keys(identifier)\n\n // finally map the didDocument keys to the identifier keys by comparing `publicKeyHex`\n const extendedKeys: _ExtendedIKey[] = documentKeys\n .map((verificationMethod) => {\n let vmKey = verificationMethod.publicKeyHex\n if (vmKey?.startsWith('30')) {\n // DER encoded\n vmKey = toPkcs1FromHex(vmKey)\n }\n\n const localKey = localKeys.find(\n (localKey) =>\n localKey.publicKeyHex === vmKey ||\n (localKey.type === 'RSA' && vmKey?.startsWith('30') && toPkcs1FromHex(localKey.publicKeyHex) === vmKey) ||\n vmKey?.startsWith(localKey.publicKeyHex) ||\n compareBlockchainAccountId(localKey, verificationMethod),\n )\n if (localKey) {\n const { meta, ...localProps } = localKey\n return { ...localProps, meta: { ...meta, verificationMethod } }\n } else {\n return null\n }\n })\n .filter(isDefined)\n\n return Array.from(new Set(keys.concat(extendedKeys)))\n}\n\n/**\n * Compares the `blockchainAccountId` of a `EcdsaSecp256k1RecoveryMethod2020` verification method with the address\n * computed from a locally managed key.\n *\n * @returns true if the local key address corresponds to the `blockchainAccountId`\n *\n * @param localKey - The locally managed key\n * @param verificationMethod - a {@link did-resolver#VerificationMethod | VerificationMethod} with a\n * `blockchainAccountId`\n *\n * @beta This API may change without a BREAKING CHANGE notice.\n */\nfunction compareBlockchainAccountId(localKey: IKey, verificationMethod: VerificationMethod): boolean {\n if (\n (verificationMethod.type !== 'EcdsaSecp256k1RecoveryMethod2020' && verificationMethod.type !== 'EcdsaSecp256k1VerificationKey2019') ||\n localKey.type !== 'Secp256k1'\n ) {\n return false\n }\n let vmEthAddr = getEthereumAddress(verificationMethod)\n if (localKey.meta?.account) {\n return vmEthAddr === localKey.meta?.account.toLowerCase()\n }\n const computedAddr = computeAddress('0x' + localKey.publicKeyHex).toLowerCase()\n return computedAddr === vmEthAddr\n}\n\nexport async function getAgentDIDMethods(context: IAgentContext<IDIDManager>) {\n return (await context.agent.didManagerGetProviders()).map((provider) => provider.toLowerCase().replace('did:', ''))\n}\n\nexport function getDID(idOpts: { identifier: IIdentifier | string }): string {\n if (typeof idOpts.identifier === 'string') {\n return idOpts.identifier\n } else if (typeof idOpts.identifier === 'object') {\n return idOpts.identifier.did\n }\n throw Error(`Cannot get DID from identifier value`)\n}\n\nexport function toDID(identifier: string | IIdentifier | Partial<IIdentifier>): string {\n if (typeof identifier === 'string') {\n return identifier\n }\n if (identifier.did) {\n return identifier.did\n }\n throw Error(`No DID value present in identifier`)\n}\n\nexport function toDIDs(identifiers?: (string | IIdentifier | Partial<IIdentifier>)[]): string[] {\n if (!identifiers) {\n return []\n }\n return identifiers.map(toDID)\n}\n\nexport async function getKey(\n {\n identifier,\n vmRelationship = 'authentication',\n kmsKeyRef,\n }: {\n identifier: IIdentifier\n vmRelationship?: DIDDocumentSection\n kmsKeyRef?: string\n },\n context: IAgentContext<IResolver & IDIDManager>,\n): Promise<_ExtendedIKey> {\n if (!identifier) {\n return Promise.reject(new Error(`No identifier provided to getKey method!`))\n }\n // normalize to kid, in case keyId was passed in as did#vm or #vm\n const kmsKeyRefParts = kmsKeyRef?.split(`#`)\n const kid = kmsKeyRefParts ? (kmsKeyRefParts?.length === 2 ? kmsKeyRefParts[1] : kmsKeyRefParts[0]) : undefined\n // todo: We really should do a keyRef and external kid here\n // const keyRefKeys = kmsKeyRef ? identifier.keys.find((key: IKey) => key.kid === kid || key?.meta?.jwkThumbprint === kid) : undefined\n let identifierKey: _ExtendedIKey | undefined = undefined\n\n const keys = await mapIdentifierKeysToDocWithJwkSupport({ identifier, vmRelationship: vmRelationship, kmsKeyRef: kmsKeyRef }, context)\n if (!keys || keys.length === 0) {\n throw new Error(`No keys found for verificationMethodSection: ${vmRelationship} and did ${identifier.did}`)\n }\n if (kmsKeyRef) {\n identifierKey = keys.find(\n (key: _ExtendedIKey) => key.meta.verificationMethod?.id === kmsKeyRef || (kid && key.meta.verificationMethod?.id?.includes(kid)),\n )\n }\n if (!identifierKey) {\n identifierKey = keys.find(\n (key: _ExtendedIKey) => key.meta.verificationMethod?.type === vmRelationship || key.meta.purposes?.includes(vmRelationship),\n )\n }\n if (!identifierKey) {\n identifierKey = keys[0]\n }\n\n if (!identifierKey) {\n throw new Error(\n `No matching verificationMethodSection key found for keyId: ${kmsKeyRef} and vmSection: ${vmRelationship} for id ${identifier.did}`,\n )\n }\n\n return identifierKey\n}\n\n/**\n *\n * @param identifier\n * @param context\n *\n * @deprecated Replaced by the identfier resolution plugin\n */\nasync function legacyGetIdentifier(\n {\n identifier,\n }: {\n identifier: string | IIdentifier\n },\n context: IAgentContext<IDIDManager>,\n): Promise<IIdentifier> {\n if (typeof identifier === 'string') {\n return await context.agent.didManagerGet({ did: identifier })\n }\n return identifier\n}\n\n/**\n * Get the real kid as used in JWTs. This is the kid in the VM or in the JWT, not the kid in the Veramo/Sphereon keystore. That was just a poorly chosen name\n * @param key\n * @param idOpts\n * @param context\n */\nexport async function determineKid(\n {\n key,\n idOpts,\n }: {\n key: IKey\n idOpts: { identifier: IIdentifier | string; kmsKeyRef?: string }\n },\n context: IAgentContext<IResolver & IDIDManager>,\n): Promise<string> {\n if (key.meta?.verificationMethod?.id) {\n return key.meta?.verificationMethod?.id\n }\n const identifier = await legacyGetIdentifier(idOpts, context)\n const mappedKeys = await mapIdentifierKeysToDocWithJwkSupport(\n {\n identifier,\n vmRelationship: 'verificationMethod',\n },\n context,\n )\n const vmKey = mappedKeys.find((extendedKey) => extendedKey.kid === key.kid)\n if (vmKey) {\n return vmKey.meta?.verificationMethod?.id ?? vmKey.meta?.jwkThumbprint ?? idOpts.kmsKeyRef ?? vmKey.kid\n }\n\n return key.meta?.jwkThumbprint ?? idOpts.kmsKeyRef ?? key.kid\n}\n\nexport async function getSupportedDIDMethods(didOpts: IDIDOptions, context: IAgentContext<IDIDManager>) {\n return didOpts.supportedDIDMethods ?? (await getAgentDIDMethods(context))\n}\n\nexport function getAgentResolver(\n context: IAgentContext<IResolver & IDIDManager>,\n opts?: {\n localResolution?: boolean // Resolve identifiers hosted by the agent\n uniresolverResolution?: boolean // Resolve identifiers using universal resolver\n resolverResolution?: boolean // Use registered drivers\n },\n): Resolvable {\n return new AgentDIDResolver(context, opts)\n}\n\nexport class AgentDIDResolver implements Resolvable {\n private readonly context: IAgentContext<IResolver & IDIDManager>\n private readonly resolverResolution: boolean\n private readonly uniresolverResolution: boolean\n private readonly localResolution: boolean\n\n constructor(\n context: IAgentContext<IResolver & IDIDManager>,\n opts?: { uniresolverResolution?: boolean; localResolution?: boolean; resolverResolution?: boolean },\n ) {\n this.context = context\n this.resolverResolution = opts?.resolverResolution !== false\n this.uniresolverResolution = opts?.uniresolverResolution !== false\n this.localResolution = opts?.localResolution !== false\n }\n\n async resolve(didUrl: string, options?: DIDResolutionOptions): Promise<DIDResolutionResult> {\n let resolutionResult: DIDResolutionResult | undefined\n let origResolutionResult: DIDResolutionResult | undefined\n let err: any\n if (!this.resolverResolution && !this.localResolution && !this.uniresolverResolution) {\n throw Error(`No agent hosted DID resolution, regular agent resolution nor universal resolver resolution is enabled. Cannot resolve DIDs.`)\n }\n if (this.resolverResolution) {\n try {\n resolutionResult = await this.context.agent.resolveDid({ didUrl, options })\n } catch (error: unknown) {\n err = error\n }\n }\n if (resolutionResult) {\n origResolutionResult = resolutionResult\n if (resolutionResult.didDocument === null) {\n resolutionResult = undefined\n }\n } else {\n console.log(`Agent resolver resolution is disabled. This typically isn't desirable!`)\n }\n if (!resolutionResult && this.localResolution) {\n console.log(`Using local DID resolution, looking at DIDs hosted by the agent.`)\n try {\n const did = didUrl.split('#')[0]\n const iIdentifier = await this.context.agent.didManagerGet({ did })\n resolutionResult = toDidResolutionResult(iIdentifier, { did })\n if (resolutionResult.didDocument) {\n err = undefined\n } else {\n console.log(`Local resolution resulted in a DID Document for ${did}`)\n }\n } catch (error: unknown) {\n if (!err) {\n err = error\n }\n }\n }\n if (resolutionResult) {\n if (!origResolutionResult) {\n origResolutionResult = resolutionResult\n }\n if (!resolutionResult.didDocument) {\n resolutionResult = undefined\n }\n }\n if (!resolutionResult && this.uniresolverResolution) {\n console.log(`Using universal resolver resolution for did ${didUrl} `)\n resolutionResult = await new UniResolver().resolve(didUrl, options)\n if (!origResolutionResult) {\n origResolutionResult = resolutionResult\n }\n if (resolutionResult.didDocument) {\n err = undefined\n }\n }\n\n if (err) {\n // throw original error\n throw err\n }\n if (!resolutionResult && !origResolutionResult) {\n throw `Could not resolve ${didUrl}. Resolutions tried: online: ${this.resolverResolution}, local: ${this.localResolution}, uni resolver: ${this.uniresolverResolution}`\n }\n return resolutionResult ?? origResolutionResult!\n }\n}\n\n/**\n * Please note that this is not an exact representation of the actual DID Document.\n *\n * We try to do our best, to map keys onto relevant verification methods and relationships, but we simply lack the context\n * of the actual DID method here. Do not relly on this method for DID resolution. It is only handy for offline use cases\n * when no DID Document is cached. For DID:WEB it does provide an accurate representation!\n *\n * @param identifier\n * @param opts\n */\nexport function toDidDocument(\n identifier?: IIdentifier,\n opts?: {\n did?: string\n use?: JwkKeyUse[]\n },\n): DIDDocument | undefined {\n let didDocument: DIDDocument | undefined = undefined\n // TODO: Introduce jwk thumbprints here\n if (identifier) {\n const did = identifier.did ?? opts?.did\n didDocument = {\n '@context': 'https://www.w3.org/ns/did/v1',\n id: did,\n verificationMethod: identifier.keys.map((key) => {\n const vm: VerificationMethod = {\n controller: did,\n id: key.kid.startsWith(did) && key.kid.includes('#') ? key.kid : `${did}#${key.kid}`,\n publicKeyJwk: toJwk(key.publicKeyHex, key.type, {\n use: ENC_KEY_ALGS.includes(key.type) ? JwkKeyUse.Encryption : JwkKeyUse.Signature,\n key,\n }) as JsonWebKey,\n type: 'JsonWebKey2020',\n }\n return vm\n }),\n ...((opts?.use === undefined || opts?.use?.includes(JwkKeyUse.Signature)) &&\n identifier.keys && {\n assertionMethod: identifier.keys\n .filter(\n (key) =>\n key?.meta?.purpose === undefined || key?.meta?.purpose === 'assertionMethod' || key?.meta?.purposes?.includes('assertionMethod'),\n )\n .map((key) => {\n if (key.kid.startsWith(did) && key.kid.includes('#')) {\n return key.kid\n }\n return `${did}#${key.kid}`\n }),\n }),\n ...((opts?.use === undefined || opts?.use?.includes(JwkKeyUse.Signature)) &&\n identifier.keys && {\n authentication: identifier.keys\n .filter(\n (key) => key?.meta?.purpose === undefined || key?.meta?.purpose === 'authentication' || key?.meta?.purposes?.includes('authentication'),\n )\n .map((key) => {\n if (key.kid.startsWith(did) && key.kid.includes('#')) {\n return key.kid\n }\n return `${did}#${key.kid}`\n }),\n }),\n ...((opts?.use === undefined || opts?.use?.includes(JwkKeyUse.Encryption)) &&\n identifier.keys && {\n keyAgreement: identifier.keys\n .filter((key) => key.type === 'X25519' || key?.meta?.purpose === 'keyAgreement' || key?.meta?.purposes?.includes('keyAgreement'))\n .map((key) => {\n if (key.kid.startsWith(did) && key.kid.includes('#')) {\n return key.kid\n }\n return `${did}#${key.kid}`\n }),\n }),\n ...((opts?.use === undefined || opts?.use?.includes(JwkKeyUse.Encryption)) &&\n identifier.keys && {\n capabilityInvocation: identifier.keys\n .filter(\n (key) =>\n key.type === 'X25519' || key?.meta?.purpose === 'capabilityInvocation' || key?.meta?.purposes?.includes('capabilityInvocation'),\n )\n .map((key) => {\n if (key.kid.startsWith(did) && key.kid.includes('#')) {\n return key.kid\n }\n return `${did}#${key.kid}`\n }),\n }),\n ...((opts?.use === undefined || opts?.use?.includes(JwkKeyUse.Encryption)) &&\n identifier.keys && {\n capabilityDelegation: identifier.keys\n .filter(\n (key) =>\n key.type === 'X25519' || key?.meta?.purpose === 'capabilityDelegation' || key?.meta?.purposes?.includes('capabilityDelegation'),\n )\n .map((key) => {\n if (key.kid.startsWith(did) && key.kid.includes('#')) {\n return key.kid\n }\n return `${did}#${key.kid}`\n }),\n }),\n ...(identifier.services && identifier.services.length > 0 && { service: identifier.services }),\n }\n }\n return didDocument\n}\n\nexport function toDidResolutionResult(\n identifier?: IIdentifier,\n opts?: {\n did?: string\n supportedMethods?: string[]\n },\n): DIDResolutionResult {\n const didDocument = toDidDocument(identifier, opts) ?? null // null is used in case of errors and required by the did resolution spec\n\n const resolutionResult: DIDResolutionResult = {\n '@context': 'https://w3id.org/did-resolution/v1',\n didDocument,\n didResolutionMetadata: {\n ...(!didDocument && { error: 'notFound' }),\n ...(Array.isArray(opts?.supportedMethods) &&\n identifier &&\n !opts?.supportedMethods.includes(identifier.provider.replace('did:', '')) && { error: 'unsupportedDidMethod' }),\n },\n didDocumentMetadata: {\n ...(identifier?.alias && { equivalentId: identifier?.alias }),\n },\n }\n return resolutionResult\n}\n\nexport async function asDidWeb(hostnameOrDID: string): Promise<string> {\n let did = hostnameOrDID\n if (!did) {\n throw Error('Domain or DID expected, but received nothing.')\n }\n if (did.startsWith('did:web:')) {\n return did\n }\n return `did:web:${did.replace(/https?:\\/\\/([^/?#]+).*/i, '$1').toLowerCase()}`\n}\n\n/**\n * @deprecated Replaced by the new signer service\n */\nexport const signDidJWT = async (args: SignJwtArgs): Promise<string> => {\n const { idOpts, header, payload, context, options } = args\n const jwtOptions = {\n ...options,\n signer: await getDidSigner({ idOpts, context }),\n }\n\n return createJWT(payload, jwtOptions, header)\n}\n\n/**\n * @deprecated Replaced by the new signer service\n */\nexport const getDidSigner = async (\n args: GetSignerArgs & {\n idOpts: {\n /**\n * @deprecated\n */\n identifier: IIdentifier | string\n /**\n * @deprecated\n */\n verificationMethodSection?: DIDDocumentSection\n /**\n * @deprecated\n */\n kmsKeyRef?: string\n }\n },\n): Promise<Signer> => {\n const { idOpts, context } = args\n\n const identifier = await legacyGetIdentifier(idOpts, context)\n const key = await getKey(\n {\n identifier,\n vmRelationship: idOpts.verificationMethodSection,\n kmsKeyRef: idOpts.kmsKeyRef,\n },\n context,\n )\n const algorithm = await signatureAlgorithmFromKey({ key })\n\n return async (data: string | Uint8Array): Promise<string> => {\n const input = data instanceof Object.getPrototypeOf(Uint8Array) ? new TextDecoder().decode(data as Uint8Array) : (data as string)\n return await context.agent.keyManagerSign({\n keyRef: key.kid,\n algorithm,\n data: input,\n })\n }\n}\n","import type { TKeyType } from '@sphereon/ssi-sdk-ext.key-utils'\nimport type { IAgentContext, IDIDManager, IIdentifier, IKeyManager, IResolver } from '@veramo/core'\nimport type { JWTHeader, JWTPayload, JWTVerifyOptions } from 'did-jwt'\nimport type { Resolvable } from 'did-resolver'\n\nexport enum SupportedDidMethodEnum {\n DID_ETHR = 'ethr',\n DID_KEY = 'key',\n DID_LTO = 'lto',\n DID_ION = 'ion',\n DID_EBSI = 'ebsi',\n DID_JWK = 'jwk',\n DID_OYD = 'oyd',\n}\n\nexport enum IdentifierAliasEnum {\n PRIMARY = 'primary',\n}\n\nexport interface ResolveOpts {\n jwtVerifyOpts?: JWTVerifyOptions\n resolver?: Resolvable\n resolveUrl?: string\n noUniversalResolverFallback?: boolean\n subjectSyntaxTypesSupported?: string[]\n}\n\n/**\n * @deprecated Replaced by the identifier resolution service\n */\nexport interface IDIDOptions {\n resolveOpts?: ResolveOpts\n idOpts: LegacyIIdentifierOpts\n supportedDIDMethods?: string[]\n}\n\nexport type IdentifierProviderOpts = {\n type?: TKeyType\n use?: string\n method?: SupportedDidMethodEnum\n [x: string]: any\n}\n\nexport type CreateIdentifierOpts = {\n method: SupportedDidMethodEnum\n createOpts?: CreateIdentifierCreateOpts\n}\n\nexport type CreateIdentifierCreateOpts = {\n kms?: string\n alias?: string\n options?: IdentifierProviderOpts\n}\n\nexport type CreateOrGetIdentifierOpts = {\n method: SupportedDidMethodEnum\n createOpts?: CreateIdentifierCreateOpts\n}\n\nexport const DID_PREFIX = 'did:'\n\nexport interface GetOrCreateResult<T> {\n created: boolean\n result: T\n}\n\n/**\n * @deprecated Replaced by new signer\n */\nexport type SignJwtArgs = {\n idOpts: LegacyIIdentifierOpts\n header: Partial<JWTHeader>\n payload: Partial<JWTPayload>\n options: { issuer: string; expiresIn?: number; canonicalize?: boolean }\n context: IRequiredSignAgentContext\n}\n\n/**\n * @deprecated Replaced by new signer\n */\nexport type GetSignerArgs = {\n idOpts: LegacyIIdentifierOpts\n context: IRequiredSignAgentContext\n}\n\n/**\n * @deprecated Replaced by the identifier resolution service\n */\ntype LegacyIIdentifierOpts = {\n identifier: IIdentifier | string\n}\nexport type IRequiredSignAgentContext = IAgentContext<IKeyManager & IDIDManager & IResolver>\n"],"mappings":";;;;AAAA,SAASA,sBAAsB;AAC/B,SAASC,mBAAmB;AAC5B,SACEC,cACAC,QACAC,WACAC,+BACAC,mBACAC,cACAC,2BAEAC,OACAC,sBACK;AACP,SAASC,mBAAmB;AAC5B,SAASC,eAAeC,eAAeC,YAAYC,YAAYC,2BAA2B;AAE1F,SAASC,gCAAgC;AAEzC,SAIEC,iCACAC,iCACAC,oBACAC,WACAC,8BACK;AACP,SAASC,iBAAyB;AAGlC,OAAOC,cAAc;AAErB,YAAYC,SAAS;;;AC7Bd,IAAKC,yBAAAA,0BAAAA,yBAAAA;;;;;;;;SAAAA;;AAUL,IAAKC,sBAAAA,0BAAAA,sBAAAA;;SAAAA;;AA4CL,IAAMC,aAAa;;;ADX1B,IAAM,EAAEC,YAAYC,SAAQ,IAAKC;AAE1B,IAAMC,uBAAuB,8BAClC,EACEC,YACAC,4BACAC,8BACAC,SACAC,cAAa,GAQfC,YAAAA;AAEA,SAAO,MAAMC,wBACX;IACEN;IACAC;IACAC;IACAC;IACAC;IACAG,gBAAgB;EAClB,GACAF,OAAAA;AAEJ,GA3BoC;AA4B7B,IAAMC,0BAA0B,8BACrC,EACEN,YACAC,4BACAC,8BACAC,SACAC,eACAG,eAAc,GAShBF,YAAAA;AAEA,MAAIG,MAAiCC;AACrC,MAAI;AACFD,UACG,MAAME,kCACL;MACEV;MACAO;MACAI,iBAAiB;MACjBR;MACAC;IACF,GACAC,OAAAA,MAEDH,gCAAgCK,mBAAmB,uBAChDE,SACA,MAAMC,kCACJ;MACEV;MACAO,gBAAgB;MAChBI,iBAAiB;MACjBR;MACAC;IACF,GACAC,OAAAA;EAEV,SAASO,GAAG;AACV,QAAIA,aAAaC,OAAO;AACtB,UAAI,CAACD,EAAEE,QAAQC,SAAS,KAAA,KAAU,CAACd,4BAA4B;AAC7D,cAAMW;MACR;IACF,OAAO;AACL,YAAMA;IACR;EACF;AACA,MAAI,CAACJ,OAAOP,4BAA4B;AACtC,UAAMe,aAAaC,cAAcjB,UAAAA;AACjCQ,UACG,MAAME,kCACL;MACEV;MACAO;MACAI,iBAAiB;MACjBO,aAAaF;MACbb;MACAC;IACF,GACAC,OAAAA,MAEDH,gCAAgCK,mBAAmB,uBAChDE,SACA,MAAMC,kCACJ;MACEV;MACAO,gBAAgB;MAChBI,iBAAiB;MACjBO,aAAaF;MACbb;MACAC;IACF,GACAC,OAAAA;AAER,QAAI,CAACG,KAAK;AACRA,YAAMR,WAAWmB,KACdC,IAAI,CAACZ,SAAQA,IAAAA,EACba,OAAO,CAACb,SAAQL,YAAYM,UAAaD,KAAIc,SAASnB,WAAYC,iBAAiBI,KAAIe,QAAQvB,WAAWwB,eAAe,EACzHC,KAAK,CAACjB,SAAQA,KAAIkB,KAAKC,oBAAoBL,KAAKP,SAAS,gBAAA,KAAqBP,KAAIkB,KAAKE,UAAUb,SAAS,gBAAA,CAAA;IAC/G;EACF;AACA,MAAI,CAACP,KAAK;AACR,UAAMK,MAAM,6CAA6Cb,WAAW6B,GAAG,EAAE;EAC3E;AACA,SAAOrB;AACT,GA1FuC;AA4FhC,IAAMsB,+BAA+B,8BAC1CzB,SACA0B,SAAAA;AAEA,QAAMC,oBAAoB,MAAMC,qBAAqB5B,SAAS;IAAE,GAAG0B,MAAMG,YAAYC;IAAS,GAAIJ,MAAMK,UAAU;MAAEA,QAAQL,KAAKK;IAAO;EAAG,CAAA;AAC3I,MAAIJ,sBAAsBvB,QAAW;AACnC,WAAO;MACL4B,SAAS;MACTC,QAAQN;IACV;EACF;AAEA,MAAID,MAAMK,WAAWG,uBAAuBC,SAAS;AACnD,UAAMN,aAAaH,MAAMG,cAAc,CAAC;AACxCA,eAAWC,UAAU;MAAEM,WAAW;MAAQnB,MAAM;MAAa,GAAGY;IAAW;AAC3EH,SAAKG,aAAaA;EACpB;AACA,QAAMQ,oBAAoB,MAAMC,iBAAiBtC,SAAS0B,IAAAA;AAC1D,SAAO;IACLM,SAAS;IACTC,QAAQI;EACV;AACF,GAtB4C;AAwBrC,IAAMT,uBAAuB,8BAAO5B,SAAqC0B,SAAAA;AAC9E,QAAMa,eAAe,MAAMvC,QAAQwC,MAAMC,eAAef,MAAMK,SAAS;IAAEW,UAAU,GAAGC,UAAAA,GAAajB,MAAMK,MAAAA;EAAS,IAAI,CAAC,CAAA,GAAIf,OACzH,CAACrB,eAA4B+B,MAAMT,SAASb,UAAaT,WAAWmB,KAAK8B,KAAK,CAACzC,QAAcA,IAAIc,SAASS,MAAMT,IAAAA,CAAAA;AAGlH,SAAOsB,eAAeA,YAAYM,SAAS,IAAIN,YAAY,CAAA,IAAKnC;AAClE,GANoC;AAQ7B,IAAMkC,mBAAmB,8BAAOtC,SAAqC0B,SAAAA;AAC1E,SAAO,MAAM1B,QAAQwC,MAAMM,iBAAiB;IAC1CC,KAAK,MAAMC,OAAOhD,SAAS0B,MAAMG,YAAYkB,GAAAA;IAC7C,GAAIrB,MAAMK,UAAU;MAAEW,UAAU,GAAGC,UAAAA,GAAajB,MAAMK,MAAAA;IAAS;IAC/DkB,OAAOvB,MAAMG,YAAYoB,SAAS,GAAGC,oBAAoBC,OAAO,IAAIzB,MAAMK,MAAAA,IAAUL,MAAMG,YAAYC,SAASb,IAAAA,KAAQ,oBAAImC,KAAAA,GAAOC,QAAO,CAAA;IACzIvB,SAASJ,MAAMG,YAAYC;EAC7B,CAAA;AACF,GAPgC;AASzB,IAAMzB,oCAAoC,8BAC/C,EACEV,YACAO,iBAAiB,sBACjBJ,SACAQ,kBAAkB,OAClBO,aACAd,cAAa,GASfC,YAAAA;AAEA,QAAMsD,cAAc,MAAMC,qCAAqC;IAAE5D;IAAYO;IAAgBW;EAAY,GAAGb,OAAAA;AAC5G,MAAIwD,MAAMC,QAAQH,WAAAA,KAAgBA,YAAYT,SAAS,GAAG;AACxD,UAAMZ,SAASqB,YAAYlC,KACzB,CAACjB,QAAQL,YAAYM,UAAaD,IAAIc,SAASnB,WAAYC,iBAAiBI,IAAIe,QAAQvB,WAAWwB,eAAe;AAEpH,QAAIc,QAAQ;AACV,aAAOA;IACT;EACF;AACA,MAAI3B,iBAAiB;AACnB,UAAM,IAAIE,MACR,wCAAwCN,cAAAA,wBAAsCP,WAAW6B,GAAG,GAAG1B,UAAU,oBAAoBA,UAAU,EAAA,EAAI;EAE/I;AACA,SAAOM;AACT,GAjCiD;AAmC1C,IAAMsD,4BAA4B,wBAAC,EAAEvD,IAAG,MAAiB;AAC9D,MAAIA,IAAIc,SAAS,aAAa;AAC5B,UAAMT,MAAM,+DAA+DL,IAAIc,IAAI,gBAAgBd,IAAIe,GAAG,EAAE;EAC9G;AACA,QAAMyC,kBAAkBxD,IAAIkB,MAAMsC,mBAAmBxD,IAAIkB,MAAMuC,SAASC,YAAAA,KAAiBC,eAAe,KAAK3D,IAAI4D,YAAY,EAAE,EAAEF,YAAW;AAC5I,MAAI,CAACF,iBAAiB;AACpB,UAAMnD,MAAM,mEAAmEL,IAAIe,GAAG,EAAE;EAC1F;AACA,SAAOyC;AACT,GATyC;AAWlC,IAAMK,mBAAmB,wBAAC,EAAErE,WAAU,MAA+B;AAC1E,QAAMQ,MAAMR,WAAWmB,KAAKM,KAAK,CAACjB,SAAQA,KAAIe,QAAQvB,WAAWwB,eAAe;AAChF,MAAI,CAAChB,KAAK;AACR,UAAMK,MAAM,+CAA+Cb,UAAAA,EAAY;EACzE;AACA,SAAOQ;AACT,GANgC;AAQzB,IAAM8D,UAAU,wBAAC,EACtBC,eACAnB,KACApD,YACAwE,WACArE,SACAC,cAAa,MAQd;AACC,SAAOJ,WAAWmB,KACfE,OAAO,CAACb,QAAQ,CAACL,WAAWK,IAAIc,SAASnB,OAAAA,EACzCkB,OAAO,CAACb,QAAQ,CAAC4C,OAAO5C,IAAI4C,QAAQA,GAAAA,EACpC/B,OAAO,CAACb,QAAQ,CAACgE,aAAahE,IAAIe,QAAQiD,SAAAA,EAC1CnD,OAAO,CAACb,QAAQ,CAAC+D,iBAAiB/D,IAAIkB,MAAM6C,kBAAkBA,aAAAA,EAC9DlD,OAAO,CAACb,QAAQ,CAACJ,iBAAiBJ,WAAWwB,oBAAoBhB,IAAIe,GAAG;AAC7E,GArBuB;AAkCvB,eAAsBkD,iCACpBvD,aACAwD,UAA8B,gBAC9BrE,SAAiC;AAEjC,QAAMsE,UAAUD,YAAY;AAC5B,MAAIA,YAAY,WAAW;AACzB,WAAO,CAAA;EACT;AACA,UACE,MAAME,QAAQC,KACX3D,YAAYwD,OAAAA,KAAY,CAAA,GAAItD,IAAI,OAAOZ,QAAAA;AACtC,QAAI,OAAOA,QAAQ,UAAU;AAC3B,UAAI;AACF,eAAQ,MAAMH,QAAQwC,MAAMiC,oBAAoB;UAC9C5D;UACA6D,QAAQvE;UACRkE;QACF,CAAA;MACF,SAAS9D,GAAG;AACV,eAAO;MACT;IACF,OAAO;AACL,aAAOJ;IACT;EACF,CAAA,CAAA,GAGDa,OAAO2D,SAAAA,EACP5D,IAAI,CAACZ,QAAAA;AACJ,UAAMyE,SAASC,kCAAkC1E,KAAKmE,OAAAA;AACtD,UAAM,EAAEP,cAAce,iBAAiBC,iBAAiBC,cAAc,GAAGC,SAAAA,IAAa9E;AACtF,UAAM+E,SAAS;MAAE,GAAGD;MAAUlB,cAAca;IAAO;AACnD,QAAIN,WAAW,iCAAiCY,OAAOjE,MAAM;AAC3DiE,aAAOjE,OAAO;IAChB;AACA,WAAOiE;EACT,CAAA;AACJ;AAtCsBd;AAwCf,SAASe,mBAAmBC,KAAQ;AAGzC,QAAMC,KAAkC;IACtCL,cAAcM,aAAaF,GAAAA;EAC7B;AACA,SAAOP,kCAAkCQ,EAAAA;AAC3C;AAPgBF;AAkBT,SAASN,kCAAkCU,IAAiCjB,UAAU,OAAK;AAChG,MAAIiB,GAAGP,cAAc;AACnB,UAAMI,MAAME,aAAaC,GAAGP,YAAY;AACxC,QAAII,IAAII,QAAQ,MAAM;AACpB,YAAMC,QAAQL,IAAIM,MAAMC,aAAaP,IAAIM,GAAG,IAAI;AAChD,YAAME,OAAOC,YAAYT,IAAIU,GAAI,WAAA;AACjC,YAAMC,OAAOF,YAAYT,IAAIY,GAAI,WAAA;AACjC,YAAMC,SAAS;AAGf,YAAMC,MAAM,GAAGD,MAAAA,GAASL,IAAAA,GAAOG,IAAAA;AAC/B,UAAI;AACF,cAAMI,KAAK,IAAIC,SAASD,GAAGV,KAAAA;AAE3B,cAAM1B,eAAeoC,GAAGE,cAAcH,KAAK,KAAA,EAAOI,UAAU,MAAM,KAAA;AAElE,eAAOvC;MACT,SAASwC,OAAY;AACnBC,gBAAQD,MAAM,+CAA+Cd,KAAAA,wBAA6BL,IAAIU,CAAC,QAAQV,IAAIY,CAAC,YAAYO,KAAAA,IAASA,KAAAA;MACnI;IACF,WAAWnB,IAAIM,QAAQ,WAAW;AAChC,aAAOlG,SAASD,WAAW6F,IAAIU,GAAI,WAAA,GAAc,QAAA;IACnD,WAAWV,IAAII,QAAQ,OAAO;AAC5B,aAAOiB,kBAAkBrB,GAAAA;IAE3B;EACF;AAEA,SAAOsB,oBAAoBnB,IAAIjB,OAAAA;AACjC;AA7BgBO;AA+BT,SAAS8B,gBAAgBT,KAAW;AACzC,QAAMU,WAAWV,IAAIA,IAAIrD,SAAS,CAAA,EAAGgB,YAAW;AAChD,SAAO;IAAC;IAAK;IAAK;IAAK;IAAK;IAAK;IAAK;IAAK;IAAKnD,SAASkG,QAAAA;AAC3D;AAHgBD;AAkBT,SAASD,oBAAoBnB,IAAiCjB,UAAmB,OAAK;AAC3F,MAAIuC,WAAWC,sBAAsBvB,EAAAA;AACrC,QAAMH,MAAMG,GAAGP,eAAeM,aAAaC,GAAGP,YAAY,IAAI5E;AAC9D,MAAIkE,SAAS;AACX,QACE;MAAC;MAAW;MAA8B;MAA8B5D,SAAS6E,GAAGtE,IAAI,KACvFsE,GAAGtE,SAAS,oBAAoBmE,KAAKM,QAAQ,WAC9C;AACAmB,iBAAWE,yBAAyBF,QAAAA;IACtC,WACE,CAAC;MAAC;MAAU;MAA6B;MAA6BnG,SAAS6E,GAAGtE,IAAI,KACtF,EAAEsE,GAAGtE,SAAS,oBAAoBmE,KAAKM,QAAQ,WAC/C;AACA,aAAO;IACT;EACF;AACA,SAAOsB,WAAWH,QAAAA;AACpB;AAjBgBH;AAmBhB,SAASf,aAAasB,OAAa;AACjC,SAAOA,MAAMpD,YAAW,EAAGqD,QAAQ,KAAK,EAAA,EAAIA,QAAQ,KAAK,EAAA;AAC3D;AAFSvB;AAIT,SAASmB,sBAAsBvB,IAAsB;AACnD,MAAIA,GAAGT,iBAAiB;AACtB,WAAOqC,cAAc5B,GAAGT,eAAe;EACzC,WAAWS,GAAG6B,oBAAoB;AAChC,WAAOC,oBAAoB9B,GAAG6B,kBAAkB;EAClD,WAAsC7B,GAAIR,iBAAiB;AACzD,WAAOuC,cAAyC/B,GAAIR,eAAe;EACrE,WAAWQ,GAAGxB,cAAc;AAC1B,WAAOwD,WAAWhC,GAAGxB,YAAY;EACnC,WAAWwB,GAAGP,cAAcU,OAAOH,GAAGP,aAAac,KAAKP,GAAGP,aAAagB,GAAG;AACzE,WAAOuB,WAAW1C,kCAAkCU,EAAAA,CAAAA;EACtD,WAAWA,GAAGP,iBAAiBO,GAAGP,aAAaU,QAAQ,aAAaH,GAAGP,aAAaU,QAAQ,aAAaH,GAAGP,aAAac,GAAG;AAC1H,WAAOwB,cAAc/B,GAAGP,aAAac,CAAC;EACxC;AACA,SAAO,IAAI0B,WAAAA;AACb;AAfSV;AAiBF,SAASW,wBAAwBpC,IAAwB/E,kBAAkB,MAAI;AACpF,MAAI8E,MAAuBC,GAAGL;AAC9B,MAAI,CAACI,KAAK;AACR,QAAIrB,eAAesB,GAAGtB,gBAAgBvE,SAASsH,sBAAsBzB,EAAAA,GAAK,KAAA;AAC1E,QAAItB,gBAAgBA,aAAa2D,KAAI,MAAO,IAAI;AAC9CtC,YAAMuC,MAAM5D,cAAc6D,8BAA8B;QAAElC,KAAKL,GAAGpE;MAAK,CAAA,CAAA;IACzE;EACF;AACA,MAAI,CAACmE,KAAK;AACR,QAAI9E,iBAAiB;AACnB,YAAME,MAAM,yCAAyC6E,GAAGwC,EAAE,SAAS;IACrE;AACA,WAAO;EACT;AACAzC,MAAIlE,MAAMmE,GAAGwC;AACb,SAAOvC,aAAaF,GAAAA;AACtB;AAhBgBqC;AAkBhB,SAASK,yBACPC,oBACAC,8BACAC,qBAA0C;AAE1C,QAAMC,OAAO,IAAIC,KACdH,gCAAgC,CAAA,GAC9BjH,IAAI,CAACqH,WAAY,OAAOA,WAAW,WAAWA,SAASH,qBAAqB7G,KAAK,CAACiE,OAAOA,GAAGwC,OAAOO,MAAAA,CAAAA,EACnGpH,OAAO2D,SAAAA,EACP5D,IAAI,CAACsE,OAAOoC,wBAAwBpC,IAAI,KAAA,CAAA,EACxCrE,OAAO2D,SAAAA,CAAAA;AAEZ,SAAO;IAAEoD;IAAoBG,MAAM1E,MAAM6E,KAAKH,IAAAA;EAAM;AACtD;AAbSJ;AAiBF,SAASQ,kBAAkBzH,aAAwB;AACxD,SAAO;IACLS,oBAAoB;SACfwG,yBAAyB,aAAajH,YAAY0H,WAAW1H,YAAYS,kBAAkB,EAAE4G;SAC7FJ,yBAAyB,sBAAsBjH,YAAYS,oBAAoBT,YAAYS,kBAAkB,EAAE4G;;IAEpHM,iBAAiBV,yBAAyB,mBAAmBjH,YAAY2H,iBAAiB3H,YAAYS,kBAAkB,EAAE4G;IAC1HO,gBAAgBX,yBAAyB,kBAAkBjH,YAAY4H,gBAAgB5H,YAAYS,kBAAkB,EAAE4G;IACvHQ,cAAcZ,yBAAyB,gBAAgBjH,YAAY6H,cAAc7H,YAAYS,kBAAkB,EAAE4G;IACjHS,sBAAsBb,yBAAyB,wBAAwBjH,YAAY8H,sBAAsB9H,YAAYS,kBAAkB,EAAE4G;IACzIU,sBAAsBd,yBAAyB,wBAAwBjH,YAAY+H,sBAAsB/H,YAAYS,kBAAkB,EAAE4G;EAC3I;AACF;AAZgBI;AA+BhB,eAAsB/E,qCACpB,EACE5D,YACAO,iBAAiB,sBACjBW,aACAsD,UAAS,GAOXnE,SAA+C;AAE/C,QAAM6I,SACJhI,eACC,MAAMiI,iBAAiB9I,OAAAA,EACrB+I,QAAQpJ,WAAW6B,GAAG,EACtBwH,KAAK,CAAC/G,WAAWA,OAAOpB,WAAW;AACxC,MAAI,CAACgI,QAAQ;AACX,UAAMrI,MAAM,yBAAyBb,WAAW6B,GAAG,EAAE;EACvD;AAKA,QAAMV,OAAO+H,SAAS,CAAA,IAAK,MAAMI,uBAAuBtJ,YAAYO,gBAAgBF,OAAAA;AAGpF,QAAMkJ,eAAqC,MAAM9E,iCAAiCyE,QAAQ3I,gBAAgBF,OAAAA;AAE1G,MAAImE,WAAW;AACb,QAAIgF,QAAQrI,KAAKE,OAAO,CAACb,QAAQA,IAAIe,QAAQiD,SAAAA;AAC7C,QAAIgF,MAAMtG,SAAS,GAAG;AACpB,aAAOsG;IACT;EACF;AAEA,QAAMC,YAAYlJ,mBAAmB,iBAAiBmJ,gCAAgC1J,UAAAA,IAAc2J,gCAAgC3J,UAAAA;AAGpI,QAAM4J,eAAgCL,aACnCnI,IAAI,CAACO,uBAAAA;AACJ,QAAIkI,QAAQlI,mBAAmByC;AAC/B,QAAIyF,OAAOC,WAAW,IAAA,GAAO;AAE3BD,cAAQE,eAAeF,KAAAA;IACzB;AAEA,UAAMG,WAAWP,UAAUhI,KACzB,CAACuI,cACCA,UAAS5F,iBAAiByF,SACzBG,UAAS1I,SAAS,SAASuI,OAAOC,WAAW,IAAA,KAASC,eAAeC,UAAS5F,YAAY,MAAMyF,SACjGA,OAAOC,WAAWE,UAAS5F,YAAY,KACvC6F,2BAA2BD,WAAUrI,kBAAAA,CAAAA;AAEzC,QAAIqI,UAAU;AACZ,YAAM,EAAEtI,MAAM,GAAGwI,WAAAA,IAAeF;AAChC,aAAO;QAAE,GAAGE;QAAYxI,MAAM;UAAE,GAAGA;UAAMC;QAAmB;MAAE;IAChE,OAAO;AACL,aAAO;IACT;EACF,CAAA,EACCN,OAAO2D,SAAAA;AAEV,SAAOnB,MAAM6E,KAAK,IAAIF,IAAIrH,KAAKgJ,OAAOP,YAAAA,CAAAA,CAAAA;AACxC;AAlEsBhG;AAgFtB,SAASqG,2BAA2BD,UAAgBrI,oBAAsC;AACxF,MACGA,mBAAmBL,SAAS,sCAAsCK,mBAAmBL,SAAS,uCAC/F0I,SAAS1I,SAAS,aAClB;AACA,WAAO;EACT;AACA,MAAI8I,YAAYC,mBAAmB1I,kBAAAA;AACnC,MAAIqI,SAAStI,MAAMuC,SAAS;AAC1B,WAAOmG,cAAcJ,SAAStI,MAAMuC,QAAQC,YAAAA;EAC9C;AACA,QAAMoG,eAAenG,eAAe,OAAO6F,SAAS5F,YAAY,EAAEF,YAAW;AAC7E,SAAOoG,iBAAiBF;AAC1B;AAbSH;AAeT,eAAsBM,mBAAmBlK,SAAmC;AAC1E,UAAQ,MAAMA,QAAQwC,MAAM2H,uBAAsB,GAAIpJ,IAAI,CAAC2B,aAAaA,SAASmB,YAAW,EAAGqD,QAAQ,QAAQ,EAAA,CAAA;AACjH;AAFsBgD;AAIf,SAASE,OAAOC,QAA4C;AACjE,MAAI,OAAOA,OAAO1K,eAAe,UAAU;AACzC,WAAO0K,OAAO1K;EAChB,WAAW,OAAO0K,OAAO1K,eAAe,UAAU;AAChD,WAAO0K,OAAO1K,WAAW6B;EAC3B;AACA,QAAMhB,MAAM,sCAAsC;AACpD;AAPgB4J;AAST,SAASE,MAAM3K,YAAuD;AAC3E,MAAI,OAAOA,eAAe,UAAU;AAClC,WAAOA;EACT;AACA,MAAIA,WAAW6B,KAAK;AAClB,WAAO7B,WAAW6B;EACpB;AACA,QAAMhB,MAAM,oCAAoC;AAClD;AARgB8J;AAUT,SAASC,OAAOhI,aAA6D;AAClF,MAAI,CAACA,aAAa;AAChB,WAAO,CAAA;EACT;AACA,SAAOA,YAAYxB,IAAIuJ,KAAAA;AACzB;AALgBC;AAOhB,eAAsBC,OACpB,EACE7K,YACAO,iBAAiB,kBACjBiE,UAAS,GAMXnE,SAA+C;AAE/C,MAAI,CAACL,YAAY;AACf,WAAO4E,QAAQkG,OAAO,IAAIjK,MAAM,0CAA0C,CAAA;EAC5E;AAEA,QAAMkK,iBAAiBvG,WAAWwG,MAAM,GAAG;AAC3C,QAAMzJ,MAAMwJ,iBAAkBA,gBAAgB7H,WAAW,IAAI6H,eAAe,CAAA,IAAKA,eAAe,CAAA,IAAMtK;AAGtG,MAAIwK,gBAA2CxK;AAE/C,QAAMU,OAAO,MAAMyC,qCAAqC;IAAE5D;IAAYO;IAAgCiE;EAAqB,GAAGnE,OAAAA;AAC9H,MAAI,CAACc,QAAQA,KAAK+B,WAAW,GAAG;AAC9B,UAAM,IAAIrC,MAAM,gDAAgDN,cAAAA,YAA0BP,WAAW6B,GAAG,EAAE;EAC5G;AACA,MAAI2C,WAAW;AACbyG,oBAAgB9J,KAAKM,KACnB,CAACjB,QAAuBA,IAAIkB,KAAKC,oBAAoBuG,OAAO1D,aAAcjD,OAAOf,IAAIkB,KAAKC,oBAAoBuG,IAAInH,SAASQ,GAAAA,CAAAA;EAE/H;AACA,MAAI,CAAC0J,eAAe;AAClBA,oBAAgB9J,KAAKM,KACnB,CAACjB,QAAuBA,IAAIkB,KAAKC,oBAAoBL,SAASf,kBAAkBC,IAAIkB,KAAKE,UAAUb,SAASR,cAAAA,CAAAA;EAEhH;AACA,MAAI,CAAC0K,eAAe;AAClBA,oBAAgB9J,KAAK,CAAA;EACvB;AAEA,MAAI,CAAC8J,eAAe;AAClB,UAAM,IAAIpK,MACR,8DAA8D2D,SAAAA,mBAA4BjE,cAAAA,WAAyBP,WAAW6B,GAAG,EAAE;EAEvI;AAEA,SAAOoJ;AACT;AA/CsBJ;AAwDtB,eAAeK,oBACb,EACElL,WAAU,GAIZK,SAAmC;AAEnC,MAAI,OAAOL,eAAe,UAAU;AAClC,WAAO,MAAMK,QAAQwC,MAAMsI,cAAc;MAAEtJ,KAAK7B;IAAW,CAAA;EAC7D;AACA,SAAOA;AACT;AAZekL;AAoBf,eAAsBE,aACpB,EACE5K,KACAkK,OAAM,GAKRrK,SAA+C;AAE/C,MAAIG,IAAIkB,MAAMC,oBAAoBuG,IAAI;AACpC,WAAO1H,IAAIkB,MAAMC,oBAAoBuG;EACvC;AACA,QAAMlI,aAAa,MAAMkL,oBAAoBR,QAAQrK,OAAAA;AACrD,QAAMgL,aAAa,MAAMzH,qCACvB;IACE5D;IACAO,gBAAgB;EAClB,GACAF,OAAAA;AAEF,QAAMwJ,QAAQwB,WAAW5J,KAAK,CAAC6J,gBAAgBA,YAAY/J,QAAQf,IAAIe,GAAG;AAC1E,MAAIsI,OAAO;AACT,WAAOA,MAAMnI,MAAMC,oBAAoBuG,MAAM2B,MAAMnI,MAAM6C,iBAAiBmG,OAAOlG,aAAaqF,MAAMtI;EACtG;AAEA,SAAOf,IAAIkB,MAAM6C,iBAAiBmG,OAAOlG,aAAahE,IAAIe;AAC5D;AA3BsB6J;AA6BtB,eAAsBG,uBAAuBC,SAAsBnL,SAAmC;AACpG,SAAOmL,QAAQC,uBAAwB,MAAMlB,mBAAmBlK,OAAAA;AAClE;AAFsBkL;AAIf,SAASpC,iBACd9I,SACA0B,MAIC;AAED,SAAO,IAAI2J,iBAAiBrL,SAAS0B,IAAAA;AACvC;AATgBoH;AAWT,IAAMuC,mBAAN,MAAMA;EArvBb,OAqvBaA;;;EACMrL;EACAsL;EACAC;EACAC;EAEjB,YACExL,SACA0B,MACA;AACA,SAAK1B,UAAUA;AACf,SAAKsL,qBAAqB5J,MAAM4J,uBAAuB;AACvD,SAAKC,wBAAwB7J,MAAM6J,0BAA0B;AAC7D,SAAKC,kBAAkB9J,MAAM8J,oBAAoB;EACnD;EAEA,MAAMzC,QAAQrE,QAAgB5C,SAA8D;AAC1F,QAAI2J;AACJ,QAAIC;AACJ,QAAIC;AACJ,QAAI,CAAC,KAAKL,sBAAsB,CAAC,KAAKE,mBAAmB,CAAC,KAAKD,uBAAuB;AACpF,YAAM/K,MAAM,6HAA6H;IAC3I;AACA,QAAI,KAAK8K,oBAAoB;AAC3B,UAAI;AACFG,2BAAmB,MAAM,KAAKzL,QAAQwC,MAAMoJ,WAAW;UAAElH;UAAQ5C;QAAQ,CAAA;MAC3E,SAASyE,OAAgB;AACvBoF,cAAMpF;MACR;IACF;AACA,QAAIkF,kBAAkB;AACpBC,6BAAuBD;AACvB,UAAIA,iBAAiB5K,gBAAgB,MAAM;AACzC4K,2BAAmBrL;MACrB;IACF,OAAO;AACLoG,cAAQqF,IAAI,wEAAwE;IACtF;AACA,QAAI,CAACJ,oBAAoB,KAAKD,iBAAiB;AAC7ChF,cAAQqF,IAAI,kEAAkE;AAC9E,UAAI;AACF,cAAMrK,MAAMkD,OAAOiG,MAAM,GAAA,EAAK,CAAA;AAC9B,cAAMmB,cAAc,MAAM,KAAK9L,QAAQwC,MAAMsI,cAAc;UAAEtJ;QAAI,CAAA;AACjEiK,2BAAmBM,sBAAsBD,aAAa;UAAEtK;QAAI,CAAA;AAC5D,YAAIiK,iBAAiB5K,aAAa;AAChC8K,gBAAMvL;QACR,OAAO;AACLoG,kBAAQqF,IAAI,mDAAmDrK,GAAAA,EAAK;QACtE;MACF,SAAS+E,OAAgB;AACvB,YAAI,CAACoF,KAAK;AACRA,gBAAMpF;QACR;MACF;IACF;AACA,QAAIkF,kBAAkB;AACpB,UAAI,CAACC,sBAAsB;AACzBA,+BAAuBD;MACzB;AACA,UAAI,CAACA,iBAAiB5K,aAAa;AACjC4K,2BAAmBrL;MACrB;IACF;AACA,QAAI,CAACqL,oBAAoB,KAAKF,uBAAuB;AACnD/E,cAAQqF,IAAI,+CAA+CnH,MAAAA,GAAS;AACpE+G,yBAAmB,MAAM,IAAIO,YAAAA,EAAcjD,QAAQrE,QAAQ5C,OAAAA;AAC3D,UAAI,CAAC4J,sBAAsB;AACzBA,+BAAuBD;MACzB;AACA,UAAIA,iBAAiB5K,aAAa;AAChC8K,cAAMvL;MACR;IACF;AAEA,QAAIuL,KAAK;AAEP,YAAMA;IACR;AACA,QAAI,CAACF,oBAAoB,CAACC,sBAAsB;AAC9C,YAAM,qBAAqBhH,MAAAA,gCAAsC,KAAK4G,kBAAkB,YAAY,KAAKE,eAAe,mBAAmB,KAAKD,qBAAqB;IACvK;AACA,WAAOE,oBAAoBC;EAC7B;AACF;AAYO,SAAS9K,cACdjB,YACA+B,MAGC;AAED,MAAIb,cAAuCT;AAE3C,MAAIT,YAAY;AACd,UAAM6B,MAAM7B,WAAW6B,OAAOE,MAAMF;AACpCX,kBAAc;MACZ,YAAY;MACZgH,IAAIrG;MACJF,oBAAoB3B,WAAWmB,KAAKC,IAAI,CAACZ,QAAAA;AACvC,cAAMkF,KAAyB;UAC7B4G,YAAYzK;UACZqG,IAAI1H,IAAIe,IAAIuI,WAAWjI,GAAAA,KAAQrB,IAAIe,IAAIR,SAAS,GAAA,IAAOP,IAAIe,MAAM,GAAGM,GAAAA,IAAOrB,IAAIe,GAAG;UAClF8D,cAAc2C,MAAMxH,IAAI4D,cAAc5D,IAAIc,MAAM;YAC9CiL,KAAKC,aAAazL,SAASP,IAAIc,IAAI,IAAImL,UAAUC,aAAaD,UAAUE;YACxEnM;UACF,CAAA;UACAc,MAAM;QACR;AACA,eAAOoE;MACT,CAAA;MACA,IAAK3D,MAAMwK,QAAQ9L,UAAasB,MAAMwK,KAAKxL,SAAS0L,UAAUE,SAAS,MACrE3M,WAAWmB,QAAQ;QACjB0H,iBAAiB7I,WAAWmB,KACzBE,OACC,CAACb,QACCA,KAAKkB,MAAMkL,YAAYnM,UAAaD,KAAKkB,MAAMkL,YAAY,qBAAqBpM,KAAKkB,MAAME,UAAUb,SAAS,iBAAA,CAAA,EAEjHK,IAAI,CAACZ,QAAAA;AACJ,cAAIA,IAAIe,IAAIuI,WAAWjI,GAAAA,KAAQrB,IAAIe,IAAIR,SAAS,GAAA,GAAM;AACpD,mBAAOP,IAAIe;UACb;AACA,iBAAO,GAAGM,GAAAA,IAAOrB,IAAIe,GAAG;QAC1B,CAAA;MACJ;MACF,IAAKQ,MAAMwK,QAAQ9L,UAAasB,MAAMwK,KAAKxL,SAAS0L,UAAUE,SAAS,MACrE3M,WAAWmB,QAAQ;QACjB2H,gBAAgB9I,WAAWmB,KACxBE,OACC,CAACb,QAAQA,KAAKkB,MAAMkL,YAAYnM,UAAaD,KAAKkB,MAAMkL,YAAY,oBAAoBpM,KAAKkB,MAAME,UAAUb,SAAS,gBAAA,CAAA,EAEvHK,IAAI,CAACZ,QAAAA;AACJ,cAAIA,IAAIe,IAAIuI,WAAWjI,GAAAA,KAAQrB,IAAIe,IAAIR,SAAS,GAAA,GAAM;AACpD,mBAAOP,IAAIe;UACb;AACA,iBAAO,GAAGM,GAAAA,IAAOrB,IAAIe,GAAG;QAC1B,CAAA;MACJ;MACF,IAAKQ,MAAMwK,QAAQ9L,UAAasB,MAAMwK,KAAKxL,SAAS0L,UAAUC,UAAU,MACtE1M,WAAWmB,QAAQ;QACjB4H,cAAc/I,WAAWmB,KACtBE,OAAO,CAACb,QAAQA,IAAIc,SAAS,YAAYd,KAAKkB,MAAMkL,YAAY,kBAAkBpM,KAAKkB,MAAME,UAAUb,SAAS,cAAA,CAAA,EAChHK,IAAI,CAACZ,QAAAA;AACJ,cAAIA,IAAIe,IAAIuI,WAAWjI,GAAAA,KAAQrB,IAAIe,IAAIR,SAAS,GAAA,GAAM;AACpD,mBAAOP,IAAIe;UACb;AACA,iBAAO,GAAGM,GAAAA,IAAOrB,IAAIe,GAAG;QAC1B,CAAA;MACJ;MACF,IAAKQ,MAAMwK,QAAQ9L,UAAasB,MAAMwK,KAAKxL,SAAS0L,UAAUC,UAAU,MACtE1M,WAAWmB,QAAQ;QACjB6H,sBAAsBhJ,WAAWmB,KAC9BE,OACC,CAACb,QACCA,IAAIc,SAAS,YAAYd,KAAKkB,MAAMkL,YAAY,0BAA0BpM,KAAKkB,MAAME,UAAUb,SAAS,sBAAA,CAAA,EAE3GK,IAAI,CAACZ,QAAAA;AACJ,cAAIA,IAAIe,IAAIuI,WAAWjI,GAAAA,KAAQrB,IAAIe,IAAIR,SAAS,GAAA,GAAM;AACpD,mBAAOP,IAAIe;UACb;AACA,iBAAO,GAAGM,GAAAA,IAAOrB,IAAIe,GAAG;QAC1B,CAAA;MACJ;MACF,IAAKQ,MAAMwK,QAAQ9L,UAAasB,MAAMwK,KAAKxL,SAAS0L,UAAUC,UAAU,MACtE1M,WAAWmB,QAAQ;QACjB8H,sBAAsBjJ,WAAWmB,KAC9BE,OACC,CAACb,QACCA,IAAIc,SAAS,YAAYd,KAAKkB,MAAMkL,YAAY,0BAA0BpM,KAAKkB,MAAME,UAAUb,SAAS,sBAAA,CAAA,EAE3GK,IAAI,CAACZ,QAAAA;AACJ,cAAIA,IAAIe,IAAIuI,WAAWjI,GAAAA,KAAQrB,IAAIe,IAAIR,SAAS,GAAA,GAAM;AACpD,mBAAOP,IAAIe;UACb;AACA,iBAAO,GAAGM,GAAAA,IAAOrB,IAAIe,GAAG;QAC1B,CAAA;MACJ;MACF,GAAIvB,WAAW6M,YAAY7M,WAAW6M,SAAS3J,SAAS,KAAK;QAAE4J,SAAS9M,WAAW6M;MAAS;IAC9F;EACF;AACA,SAAO3L;AACT;AAhGgBD;AAkGT,SAASmL,sBACdpM,YACA+B,MAGC;AAED,QAAMb,cAAcD,cAAcjB,YAAY+B,IAAAA,KAAS;AAEvD,QAAM+J,mBAAwC;IAC5C,YAAY;IACZ5K;IACA6L,uBAAuB;MACrB,GAAI,CAAC7L,eAAe;QAAE0F,OAAO;MAAW;MACxC,GAAI/C,MAAMC,QAAQ/B,MAAMiL,gBAAAA,KACtBhN,cACA,CAAC+B,MAAMiL,iBAAiBjM,SAASf,WAAW+C,SAASwE,QAAQ,QAAQ,EAAA,CAAA,KAAQ;QAAEX,OAAO;MAAuB;IACjH;IACAqG,qBAAqB;MACnB,GAAIjN,YAAYsD,SAAS;QAAE4J,cAAclN,YAAYsD;MAAM;IAC7D;EACF;AACA,SAAOwI;AACT;AAvBgBM;AAyBhB,eAAsBe,SAASC,eAAqB;AAClD,MAAIvL,MAAMuL;AACV,MAAI,CAACvL,KAAK;AACR,UAAMhB,MAAM,+CAAA;EACd;AACA,MAAIgB,IAAIiI,WAAW,UAAA,GAAa;AAC9B,WAAOjI;EACT;AACA,SAAO,WAAWA,IAAI0F,QAAQ,2BAA2B,IAAA,EAAMrD,YAAW,CAAA;AAC5E;AATsBiJ;AAcf,IAAME,aAAa,8BAAOC,SAAAA;AAC/B,QAAM,EAAE5C,QAAQ6C,QAAQC,SAASnN,SAAS8B,QAAO,IAAKmL;AACtD,QAAMG,aAAa;IACjB,GAAGtL;IACHuL,QAAQ,MAAMC,aAAa;MAAEjD;MAAQrK;IAAQ,CAAA;EAC/C;AAEA,SAAOuN,UAAUJ,SAASC,YAAYF,MAAAA;AACxC,GAR0B;AAanB,IAAMI,eAAe,8BAC1BL,SAAAA;AAiBA,QAAM,EAAE5C,QAAQrK,QAAO,IAAKiN;AAE5B,QAAMtN,aAAa,MAAMkL,oBAAoBR,QAAQrK,OAAAA;AACrD,QAAMG,MAAM,MAAMqK,OAChB;IACE7K;IACAO,gBAAgBmK,OAAOmD;IACvBrJ,WAAWkG,OAAOlG;EACpB,GACAnE,OAAAA;AAEF,QAAMyN,YAAY,MAAMC,0BAA0B;IAAEvN;EAAI,CAAA;AAExD,SAAO,OAAOwN,SAAAA;AACZ,UAAM1G,QAAQ0G,gBAAgBC,OAAOC,eAAerG,UAAAA,IAAc,IAAIsG,YAAAA,EAAcC,OAAOJ,IAAAA,IAAuBA;AAClH,WAAO,MAAM3N,QAAQwC,MAAMwL,eAAe;MACxCC,QAAQ9N,IAAIe;MACZuM;MACAE,MAAM1G;IACR,CAAA;EACF;AACF,GAvC4B;","names":["computeAddress","UniResolver","ENC_KEY_ALGS","getKms","JwkKeyUse","keyTypeFromCryptographicSuite","rsaJwkToRawHexKey","sanitizedJwk","signatureAlgorithmFromKey","toJwk","toPkcs1FromHex","base64ToHex","base58ToBytes","base64ToBytes","bytesToHex","hexToBytes","multibaseKeyToBytes","convertPublicKeyToX25519","compressIdentifierSecp256k1Keys","convertIdentifierEncryptionKeys","getEthereumAddress","isDefined","mapIdentifierKeysToDoc","createJWT","elliptic","u8a","SupportedDidMethodEnum","IdentifierAliasEnum","DID_PREFIX","fromString","toString","u8a","getAuthenticationKey","identifier","offlineWhenNoDIDRegistered","noVerificationMethodFallback","keyType","controllerKey","context","getFirstKeyWithRelation","vmRelationship","key","undefined","getFirstKeyWithRelationFromDIDDoc","errorOnNotFound","e","Error","message","includes","offlineDID","toDidDocument","didDocument","keys","map","filter","type","kid","controllerKeyId","find","meta","verificationMethod","purposes","did","getOrCreatePrimaryIdentifier","opts","primaryIdentifier","getPrimaryIdentifier","createOpts","options","method","created","result","SupportedDidMethodEnum","DID_KEY","codecName","createdIdentifier","createIdentifier","identifiers","agent","didManagerFind","provider","DID_PREFIX","some","length","didManagerCreate","kms","getKms","alias","IdentifierAliasEnum","PRIMARY","Date","getTime","matchedKeys","mapIdentifierKeysToDocWithJwkSupport","Array","isArray","getEthereumAddressFromKey","ethereumAddress","account","toLowerCase","computeAddress","publicKeyHex","getControllerKey","getKeys","jwkThumbprint","kmsKeyRef","dereferenceDidKeysWithJwkSupport","section","convert","Promise","all","getDIDComponentById","didUrl","isDefined","hexKey","extractPublicKeyHexWithJwkSupport","publicKeyBase58","publicKeyBase64","publicKeyJwk","keyProps","newKey","jwkTtoPublicKeyHex","jwk","vm","sanitizedJwk","pk","kty","curve","crv","toEcLibCurve","xHex","base64ToHex","x","yHex","y","prefix","hex","ec","elliptic","keyFromPublic","getPublic","error","console","rsaJwkToRawHexKey","extractPublicKeyHex","isEvenHexString","lastChar","keyBytes","extractPublicKeyBytes","convertPublicKeyToX25519","bytesToHex","input","replace","base58ToBytes","publicKeyMultibase","multibaseKeyToBytes","base64ToBytes","hexToBytes","Uint8Array","verificationMethodToJwk","trim","toJwk","keyTypeFromCryptographicSuite","id","didDocumentSectionToJwks","didDocumentSection","searchForVerificationMethods","verificationMethods","jwks","Set","vmOrId","from","didDocumentToJwks","publicKey","assertionMethod","authentication","keyAgreement","capabilityInvocation","capabilityDelegation","didDoc","getAgentResolver","resolve","then","mapIdentifierKeysToDoc","documentKeys","found","localKeys","convertIdentifierEncryptionKeys","compressIdentifierSecp256k1Keys","extendedKeys","vmKey","startsWith","toPkcs1FromHex","localKey","compareBlockchainAccountId","localProps","concat","vmEthAddr","getEthereumAddress","computedAddr","getAgentDIDMethods","didManagerGetProviders","getDID","idOpts","toDID","toDIDs","getKey","reject","kmsKeyRefParts","split","identifierKey","legacyGetIdentifier","didManagerGet","determineKid","mappedKeys","extendedKey","getSupportedDIDMethods","didOpts","supportedDIDMethods","AgentDIDResolver","resolverResolution","uniresolverResolution","localResolution","resolutionResult","origResolutionResult","err","resolveDid","log","iIdentifier","toDidResolutionResult","UniResolver","controller","use","ENC_KEY_ALGS","JwkKeyUse","Encryption","Signature","purpose","services","service","didResolutionMetadata","supportedMethods","didDocumentMetadata","equivalentId","asDidWeb","hostnameOrDID","signDidJWT","args","header","payload","jwtOptions","signer","getDidSigner","createJWT","verificationMethodSection","algorithm","signatureAlgorithmFromKey","data","Object","getPrototypeOf","TextDecoder","decode","keyManagerSign","keyRef"]}
package/package.json CHANGED
@@ -1,7 +1,7 @@
1
1
  {
2
2
  "name": "@sphereon/ssi-sdk-ext.did-utils",
3
3
  "description": "DID Utils",
4
- "version": "0.34.1-next.91+3c949810",
4
+ "version": "0.36.1-feat.SSISDK.83.11+15665c90",
5
5
  "source": "./src/index.ts",
6
6
  "type": "module",
7
7
  "main": "./dist/index.cjs",
@@ -25,11 +25,11 @@
25
25
  "@ethersproject/networks": "^5.7.1",
26
26
  "@ethersproject/transactions": "^5.7.0",
27
27
  "@sphereon/did-uni-client": "^0.6.3",
28
- "@sphereon/ssi-sdk-ext.key-utils": "0.34.1-next.91+3c949810",
29
- "@sphereon/ssi-sdk-ext.x509-utils": "0.34.1-next.91+3c949810",
30
- "@sphereon/ssi-sdk.agent-config": "0.34.1-next.91+3c949810",
31
- "@sphereon/ssi-sdk.core": "0.34.1-next.91+3c949810",
32
- "@sphereon/ssi-types": "0.34.1-next.91+3c949810",
28
+ "@sphereon/ssi-sdk-ext.key-utils": "0.36.1-feat.SSISDK.83.11+15665c90",
29
+ "@sphereon/ssi-sdk-ext.x509-utils": "0.36.1-feat.SSISDK.83.11+15665c90",
30
+ "@sphereon/ssi-sdk.agent-config": "0.36.1-feat.SSISDK.83.11+15665c90",
31
+ "@sphereon/ssi-sdk.core": "0.36.1-feat.SSISDK.83.11+15665c90",
32
+ "@sphereon/ssi-types": "0.36.1-feat.SSISDK.83.11+15665c90",
33
33
  "@stablelib/ed25519": "^1.0.3",
34
34
  "@veramo/core": "4.2.0",
35
35
  "@veramo/utils": "4.2.0",
@@ -53,5 +53,5 @@
53
53
  "author": "Sphereon <dev@sphereon.com>",
54
54
  "license": "Apache-2.0",
55
55
  "keywords": [],
56
- "gitHead": "3c9498100ca07dfc2ba7979e7347fb9b19c47d18"
56
+ "gitHead": "15665c90d27b72a0c3b7267375f60512d2cd4085"
57
57
  }
package/src/did-functions.ts CHANGED
@@ -62,7 +62,7 @@ export const getAuthenticationKey = async (
62
62
  noVerificationMethodFallback?: boolean
63
63
  controllerKey?: boolean
64
64
  },
65
- context: IAgentContext<IResolver & IDIDManager>
65
+ context: IAgentContext<IResolver & IDIDManager>,
66
66
  ): Promise<_ExtendedIKey> => {
67
67
  return await getFirstKeyWithRelation(
68
68
  {
@@ -73,7 +73,7 @@ export const getAuthenticationKey = async (
73
73
  controllerKey,
74
74
  vmRelationship: 'authentication',
75
75
  },
76
- context
76
+ context,
77
77
  )
78
78
  }
79
79
  export const getFirstKeyWithRelation = async (
@@ -92,7 +92,7 @@ export const getFirstKeyWithRelation = async (
92
92
  controllerKey?: boolean
93
93
  vmRelationship: DIDDocumentSection
94
94
  },
95
- context: IAgentContext<IResolver & IDIDManager>
95
+ context: IAgentContext<IResolver & IDIDManager>,
96
96
  ): Promise<_ExtendedIKey> => {
97
97
  let key: _ExtendedIKey | undefined = undefined
98
98
  try {
@@ -105,7 +105,7 @@ export const getFirstKeyWithRelation = async (
105
105
  keyType,
106
106
  controllerKey,
107
107
  },
108
- context
108
+ context,
109
109
  )) ??
110
110
  (noVerificationMethodFallback || vmRelationship === 'verificationMethod' // let's not fallback to the same value again
111
111
  ? undefined
@@ -117,7 +117,7 @@ export const getFirstKeyWithRelation = async (
117
117
  keyType,
118
118
  controllerKey,
119
119
  },
120
- context
120
+ context,
121
121
  ))
122
122
  } catch (e) {
123
123
  if (e instanceof Error) {
@@ -140,7 +140,7 @@ export const getFirstKeyWithRelation = async (
140
140
  keyType,
141
141
  controllerKey,
142
142
  },
143
- context
143
+ context,
144
144
  )) ??
145
145
  (noVerificationMethodFallback || vmRelationship === 'verificationMethod' // let's not fallback to the same value again
146
146
  ? undefined
@@ -153,7 +153,7 @@ export const getFirstKeyWithRelation = async (
153
153
  keyType,
154
154
  controllerKey,
155
155
  },
156
- context
156
+ context,
157
157
  ))
158
158
  if (!key) {
159
159
  key = identifier.keys
@@ -170,7 +170,7 @@ export const getFirstKeyWithRelation = async (
170
170
 
171
171
  export const getOrCreatePrimaryIdentifier = async (
172
172
  context: IAgentContext<IDIDManager>,
173
- opts?: CreateOrGetIdentifierOpts
173
+ opts?: CreateOrGetIdentifierOpts,
174
174
  ): Promise<GetOrCreateResult<IIdentifier>> => {
175
175
  const primaryIdentifier = await getPrimaryIdentifier(context, { ...opts?.createOpts?.options, ...(opts?.method && { method: opts.method }) })
176
176
  if (primaryIdentifier !== undefined) {
@@ -194,7 +194,7 @@ export const getOrCreatePrimaryIdentifier = async (
194
194
 
195
195
  export const getPrimaryIdentifier = async (context: IAgentContext<IDIDManager>, opts?: IdentifierProviderOpts): Promise<IIdentifier | undefined> => {
196
196
  const identifiers = (await context.agent.didManagerFind(opts?.method ? { provider: `${DID_PREFIX}${opts?.method}` } : {})).filter(
197
- (identifier: IIdentifier) => opts?.type === undefined || identifier.keys.some((key: IKey) => key.type === opts?.type)
197
+ (identifier: IIdentifier) => opts?.type === undefined || identifier.keys.some((key: IKey) => key.type === opts?.type),
198
198
  )
199
199
 
200
200
  return identifiers && identifiers.length > 0 ? identifiers[0] : undefined
@@ -225,12 +225,12 @@ export const getFirstKeyWithRelationFromDIDDoc = async (
225
225
  errorOnNotFound?: boolean
226
226
  didDocument?: DIDDocument
227
227
  },
228
- context: IAgentContext<IResolver & IDIDManager>
228
+ context: IAgentContext<IResolver & IDIDManager>,
229
229
  ): Promise<_ExtendedIKey | undefined> => {
230
230
  const matchedKeys = await mapIdentifierKeysToDocWithJwkSupport({ identifier, vmRelationship, didDocument }, context)
231
231
  if (Array.isArray(matchedKeys) && matchedKeys.length > 0) {
232
232
  const result = matchedKeys.find(
233
- (key) => keyType === undefined || key.type === keyType || (controllerKey && key.kid === identifier.controllerKeyId)
233
+ (key) => keyType === undefined || key.type === keyType || (controllerKey && key.kid === identifier.controllerKeyId),
234
234
  )
235
235
  if (result) {
236
236
  return result
@@ -238,7 +238,7 @@ export const getFirstKeyWithRelationFromDIDDoc = async (
238
238
  }
239
239
  if (errorOnNotFound) {
240
240
  throw new Error(
241
- `Could not find key with relationship ${vmRelationship} in DID document for ${identifier.did}${keyType ? ' and key type: ' + keyType : ''}`
241
+ `Could not find key with relationship ${vmRelationship} in DID document for ${identifier.did}${keyType ? ' and key type: ' + keyType : ''}`,
242
242
  )
243
243
  }
244
244
  return undefined
@@ -300,7 +300,7 @@ export const getKeys = ({
300
300
  export async function dereferenceDidKeysWithJwkSupport(
301
301
  didDocument: DIDDocument,
302
302
  section: DIDDocumentSection = 'keyAgreement',
303
- context: IAgentContext<IResolver>
303
+ context: IAgentContext<IResolver>,
304
304
  ): Promise<_NormalizedVerificationMethod[]> {
305
305
  const convert = section === 'keyAgreement'
306
306
  if (section === 'service') {
@@ -322,7 +322,7 @@ export async function dereferenceDidKeysWithJwkSupport(
322
322
  } else {
323
323
  return key as _ExtendedVerificationMethod
324
324
  }
325
- })
325
+ }),
326
326
  )
327
327
  )
328
328
  .filter(isDefined)
@@ -465,14 +465,14 @@ export function verificationMethodToJwk(vm: VerificationMethod, errorOnNotFound
465
465
  function didDocumentSectionToJwks(
466
466
  didDocumentSection: DIDDocumentSection,
467
467
  searchForVerificationMethods?: (VerificationMethod | string)[],
468
- verificationMethods?: VerificationMethod[]
468
+ verificationMethods?: VerificationMethod[],
469
469
  ) {
470
470
  const jwks = new Set(
471
471
  (searchForVerificationMethods ?? [])
472
472
  .map((vmOrId) => (typeof vmOrId === 'object' ? vmOrId : verificationMethods?.find((vm) => vm.id === vmOrId)))
473
473
  .filter(isDefined)
474
474
  .map((vm) => verificationMethodToJwk(vm, false))
475
- .filter(isDefined)
475
+ .filter(isDefined),
476
476
  )
477
477
  return { didDocumentSection, jwks: Array.from(jwks) }
478
478
  }
@@ -522,7 +522,7 @@ export async function mapIdentifierKeysToDocWithJwkSupport(
522
522
  didDocument?: DIDDocument
523
523
  kmsKeyRef?: string
524
524
  },
525
- context: IAgentContext<IResolver & IDIDManager>
525
+ context: IAgentContext<IResolver & IDIDManager>,
526
526
  ): Promise<_ExtendedIKey[]> {
527
527
  const didDoc =
528
528
  didDocument ??
@@ -564,7 +564,7 @@ export async function mapIdentifierKeysToDocWithJwkSupport(
564
564
  localKey.publicKeyHex === vmKey ||
565
565
  (localKey.type === 'RSA' && vmKey?.startsWith('30') && toPkcs1FromHex(localKey.publicKeyHex) === vmKey) ||
566
566
  vmKey?.startsWith(localKey.publicKeyHex) ||
567
- compareBlockchainAccountId(localKey, verificationMethod)
567
+ compareBlockchainAccountId(localKey, verificationMethod),
568
568
  )
569
569
  if (localKey) {
570
570
  const { meta, ...localProps } = localKey
@@ -645,7 +645,7 @@ export async function getKey(
645
645
  vmRelationship?: DIDDocumentSection
646
646
  kmsKeyRef?: string
647
647
  },
648
- context: IAgentContext<IResolver & IDIDManager>
648
+ context: IAgentContext<IResolver & IDIDManager>,
649
649
  ): Promise<_ExtendedIKey> {
650
650
  if (!identifier) {
651
651
  return Promise.reject(new Error(`No identifier provided to getKey method!`))
@@ -663,12 +663,12 @@ export async function getKey(
663
663
  }
664
664
  if (kmsKeyRef) {
665
665
  identifierKey = keys.find(
666
- (key: _ExtendedIKey) => key.meta.verificationMethod?.id === kmsKeyRef || (kid && key.meta.verificationMethod?.id?.includes(kid))
666
+ (key: _ExtendedIKey) => key.meta.verificationMethod?.id === kmsKeyRef || (kid && key.meta.verificationMethod?.id?.includes(kid)),
667
667
  )
668
668
  }
669
669
  if (!identifierKey) {
670
670
  identifierKey = keys.find(
671
- (key: _ExtendedIKey) => key.meta.verificationMethod?.type === vmRelationship || key.meta.purposes?.includes(vmRelationship)
671
+ (key: _ExtendedIKey) => key.meta.verificationMethod?.type === vmRelationship || key.meta.purposes?.includes(vmRelationship),
672
672
  )
673
673
  }
674
674
  if (!identifierKey) {
@@ -677,7 +677,7 @@ export async function getKey(
677
677
 
678
678
  if (!identifierKey) {
679
679
  throw new Error(
680
- `No matching verificationMethodSection key found for keyId: ${kmsKeyRef} and vmSection: ${vmRelationship} for id ${identifier.did}`
680
+ `No matching verificationMethodSection key found for keyId: ${kmsKeyRef} and vmSection: ${vmRelationship} for id ${identifier.did}`,
681
681
  )
682
682
  }
683
683
 
@@ -697,7 +697,7 @@ async function legacyGetIdentifier(
697
697
  }: {
698
698
  identifier: string | IIdentifier
699
699
  },
700
- context: IAgentContext<IDIDManager>
700
+ context: IAgentContext<IDIDManager>,
701
701
  ): Promise<IIdentifier> {
702
702
  if (typeof identifier === 'string') {
703
703
  return await context.agent.didManagerGet({ did: identifier })
@@ -719,7 +719,7 @@ export async function determineKid(
719
719
  key: IKey
720
720
  idOpts: { identifier: IIdentifier | string; kmsKeyRef?: string }
721
721
  },
722
- context: IAgentContext<IResolver & IDIDManager>
722
+ context: IAgentContext<IResolver & IDIDManager>,
723
723
  ): Promise<string> {
724
724
  if (key.meta?.verificationMethod?.id) {
725
725
  return key.meta?.verificationMethod?.id
@@ -730,7 +730,7 @@ export async function determineKid(
730
730
  identifier,
731
731
  vmRelationship: 'verificationMethod',
732
732
  },
733
- context
733
+ context,
734
734
  )
735
735
  const vmKey = mappedKeys.find((extendedKey) => extendedKey.kid === key.kid)
736
736
  if (vmKey) {
@@ -750,7 +750,7 @@ export function getAgentResolver(
750
750
  localResolution?: boolean // Resolve identifiers hosted by the agent
751
751
  uniresolverResolution?: boolean // Resolve identifiers using universal resolver
752
752
  resolverResolution?: boolean // Use registered drivers
753
- }
753
+ },
754
754
  ): Resolvable {
755
755
  return new AgentDIDResolver(context, opts)
756
756
  }
@@ -763,7 +763,7 @@ export class AgentDIDResolver implements Resolvable {
763
763
 
764
764
  constructor(
765
765
  context: IAgentContext<IResolver & IDIDManager>,
766
- opts?: { uniresolverResolution?: boolean; localResolution?: boolean; resolverResolution?: boolean }
766
+ opts?: { uniresolverResolution?: boolean; localResolution?: boolean; resolverResolution?: boolean },
767
767
  ) {
768
768
  this.context = context
769
769
  this.resolverResolution = opts?.resolverResolution !== false
@@ -855,7 +855,7 @@ export function toDidDocument(
855
855
  opts?: {
856
856
  did?: string
857
857
  use?: JwkKeyUse[]
858
- }
858
+ },
859
859
  ): DIDDocument | undefined {
860
860
  let didDocument: DIDDocument | undefined = undefined
861
861
  // TODO: Introduce jwk thumbprints here
@@ -881,7 +881,7 @@ export function toDidDocument(
881
881
  assertionMethod: identifier.keys
882
882
  .filter(
883
883
  (key) =>
884
- key?.meta?.purpose === undefined || key?.meta?.purpose === 'assertionMethod' || key?.meta?.purposes?.includes('assertionMethod')
884
+ key?.meta?.purpose === undefined || key?.meta?.purpose === 'assertionMethod' || key?.meta?.purposes?.includes('assertionMethod'),
885
885
  )
886
886
  .map((key) => {
887
887
  if (key.kid.startsWith(did) && key.kid.includes('#')) {
@@ -894,7 +894,7 @@ export function toDidDocument(
894
894
  identifier.keys && {
895
895
  authentication: identifier.keys
896
896
  .filter(
897
- (key) => key?.meta?.purpose === undefined || key?.meta?.purpose === 'authentication' || key?.meta?.purposes?.includes('authentication')
897
+ (key) => key?.meta?.purpose === undefined || key?.meta?.purpose === 'authentication' || key?.meta?.purposes?.includes('authentication'),
898
898
  )
899
899
  .map((key) => {
900
900
  if (key.kid.startsWith(did) && key.kid.includes('#')) {
@@ -918,7 +918,8 @@ export function toDidDocument(
918
918
  identifier.keys && {
919
919
  capabilityInvocation: identifier.keys
920
920
  .filter(
921
- (key) => key.type === 'X25519' || key?.meta?.purpose === 'capabilityInvocation' || key?.meta?.purposes?.includes('capabilityInvocation')
921
+ (key) =>
922
+ key.type === 'X25519' || key?.meta?.purpose === 'capabilityInvocation' || key?.meta?.purposes?.includes('capabilityInvocation'),
922
923
  )
923
924
  .map((key) => {
924
925
  if (key.kid.startsWith(did) && key.kid.includes('#')) {
@@ -931,7 +932,8 @@ export function toDidDocument(
931
932
  identifier.keys && {
932
933
  capabilityDelegation: identifier.keys
933
934
  .filter(
934
- (key) => key.type === 'X25519' || key?.meta?.purpose === 'capabilityDelegation' || key?.meta?.purposes?.includes('capabilityDelegation')
935
+ (key) =>
936
+ key.type === 'X25519' || key?.meta?.purpose === 'capabilityDelegation' || key?.meta?.purposes?.includes('capabilityDelegation'),
935
937
  )
936
938
  .map((key) => {
937
939
  if (key.kid.startsWith(did) && key.kid.includes('#')) {
@@ -951,7 +953,7 @@ export function toDidResolutionResult(
951
953
  opts?: {
952
954
  did?: string
953
955
  supportedMethods?: string[]
954
- }
956
+ },
955
957
  ): DIDResolutionResult {
956
958
  const didDocument = toDidDocument(identifier, opts) ?? null // null is used in case of errors and required by the did resolution spec
957
959
 
@@ -1014,7 +1016,7 @@ export const getDidSigner = async (
1014
1016
  */
1015
1017
  kmsKeyRef?: string
1016
1018
  }
1017
- }
1019
+ },
1018
1020
  ): Promise<Signer> => {
1019
1021
  const { idOpts, context } = args
1020
1022
 
@@ -1025,7 +1027,7 @@ export const getDidSigner = async (
1025
1027
  vmRelationship: idOpts.verificationMethodSection,
1026
1028
  kmsKeyRef: idOpts.kmsKeyRef,
1027
1029
  },
1028
- context
1030
+ context,
1029
1031
  )
1030
1032
  const algorithm = await signatureAlgorithmFromKey({ key })
1031
1033