@sphereon/ssi-sdk-ext.did-utils 0.36.1-next.11 → 0.36.1-next.115

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (9) hide show
  1. package/dist/index.cjs +41 -12
  2. package/dist/index.cjs.map +1 -1
  3. package/dist/index.d.cts +4 -1
  4. package/dist/index.d.ts +4 -1
  5. package/dist/index.js +41 -12
  6. package/dist/index.js.map +1 -1
  7. package/package.json +7 -7
  8. package/src/did-functions.ts +55 -25
  9. package/src/types.ts +3 -0
package/dist/index.cjs CHANGED
@@ -89,6 +89,7 @@ var SupportedDidMethodEnum = /* @__PURE__ */ (function(SupportedDidMethodEnum2)
89
89
  SupportedDidMethodEnum2["DID_EBSI"] = "ebsi";
90
90
  SupportedDidMethodEnum2["DID_JWK"] = "jwk";
91
91
  SupportedDidMethodEnum2["DID_OYD"] = "oyd";
92
+ SupportedDidMethodEnum2["DID_WEB"] = "web";
92
93
  return SupportedDidMethodEnum2;
93
94
  })({});
94
95
  var IdentifierAliasEnum = /* @__PURE__ */ (function(IdentifierAliasEnum2) {
@@ -192,7 +193,22 @@ var getPrimaryIdentifier = /* @__PURE__ */ __name(async (context, opts) => {
192
193
  const identifiers = (await context.agent.didManagerFind(opts?.method ? {
193
194
  provider: `${DID_PREFIX}${opts?.method}`
194
195
  } : {})).filter((identifier) => opts?.type === void 0 || identifier.keys.some((key) => key.type === opts?.type));
195
- return identifiers && identifiers.length > 0 ? identifiers[0] : void 0;
196
+ if (!identifiers || identifiers.length === 0) {
197
+ return void 0;
198
+ }
199
+ if (opts?.did) {
200
+ const didMatch = identifiers.find((identifier) => identifier.did === opts.did);
201
+ if (didMatch) {
202
+ return didMatch;
203
+ }
204
+ }
205
+ if (opts?.alias) {
206
+ const aliasMatch = identifiers.find((identifier) => identifier.alias === opts.alias);
207
+ if (aliasMatch) {
208
+ return aliasMatch;
209
+ }
210
+ }
211
+ return identifiers[0];
196
212
  }, "getPrimaryIdentifier");
197
213
  var createIdentifier = /* @__PURE__ */ __name(async (context, opts) => {
198
214
  return await context.agent.didManagerCreate({
@@ -211,7 +227,8 @@ var getFirstKeyWithRelationFromDIDDoc = /* @__PURE__ */ __name(async ({ identifi
211
227
  didDocument
212
228
  }, context);
213
229
  if (Array.isArray(matchedKeys) && matchedKeys.length > 0) {
214
- const result = matchedKeys.find((key) => keyType === void 0 || key.type === keyType || controllerKey && key.kid === identifier.controllerKeyId);
230
+ const controllerKeyMatch = identifier.controllerKeyId ? matchedKeys.find((key) => key.kid === identifier.controllerKeyId && (keyType === void 0 || key.type === keyType)) : void 0;
231
+ const result = controllerKeyMatch ?? matchedKeys.find((key) => keyType === void 0 || key.type === keyType);
215
232
  if (result) {
216
233
  return result;
217
234
  }
@@ -437,7 +454,17 @@ async function mapIdentifierKeysToDocWithJwkSupport({ identifier, vmRelationship
437
454
  return null;
438
455
  }
439
456
  }).filter(import_utils.isDefined);
440
- return Array.from(new Set(keys.concat(extendedKeys)));
457
+ const allKeys = Array.from(new Set(keys.concat(extendedKeys)));
458
+ if (vmRelationship === "verificationMethod") {
459
+ return allKeys;
460
+ }
461
+ return allKeys.filter((key) => {
462
+ const purposes = key.meta?.purposes;
463
+ if (!purposes || purposes.length === 0) {
464
+ return true;
465
+ }
466
+ return purposes.includes(vmRelationship);
467
+ });
441
468
  }
442
469
  __name(mapIdentifierKeysToDocWithJwkSupport, "mapIdentifierKeysToDocWithJwkSupport");
443
470
  function compareBlockchainAccountId(localKey, verificationMethod) {
@@ -632,6 +659,7 @@ var AgentDIDResolver = class {
632
659
  return resolutionResult ?? origResolutionResult;
633
660
  }
634
661
  };
662
+ var hasPurpose = /* @__PURE__ */ __name((key, purpose) => key?.meta?.purpose === void 0 && key?.meta?.purposes === void 0 || key?.meta?.purpose === purpose || key?.meta?.purposes?.includes(purpose), "hasPurpose");
635
663
  function toDidDocument(identifier, opts) {
636
664
  let didDocument = void 0;
637
665
  if (identifier) {
@@ -640,19 +668,20 @@ function toDidDocument(identifier, opts) {
640
668
  "@context": "https://www.w3.org/ns/did/v1",
641
669
  id: did,
642
670
  verificationMethod: identifier.keys.map((key) => {
671
+ const publicKeyJwk = key.meta?.jwk ? (0, import_ssi_sdk_ext.sanitizedJwk)(key.meta.jwk) : (0, import_ssi_sdk_ext.toJwk)(key.publicKeyHex, key.type, {
672
+ use: import_ssi_sdk_ext.ENC_KEY_ALGS.includes(key.type) ? import_ssi_sdk_ext.JwkKeyUse.Encryption : import_ssi_sdk_ext.JwkKeyUse.Signature,
673
+ key
674
+ });
643
675
  const vm = {
644
676
  controller: did,
645
677
  id: key.kid.startsWith(did) && key.kid.includes("#") ? key.kid : `${did}#${key.kid}`,
646
- publicKeyJwk: (0, import_ssi_sdk_ext.toJwk)(key.publicKeyHex, key.type, {
647
- use: import_ssi_sdk_ext.ENC_KEY_ALGS.includes(key.type) ? import_ssi_sdk_ext.JwkKeyUse.Encryption : import_ssi_sdk_ext.JwkKeyUse.Signature,
648
- key
649
- }),
678
+ publicKeyJwk,
650
679
  type: "JsonWebKey2020"
651
680
  };
652
681
  return vm;
653
682
  }),
654
683
  ...(opts?.use === void 0 || opts?.use?.includes(import_ssi_sdk_ext.JwkKeyUse.Signature)) && identifier.keys && {
655
- assertionMethod: identifier.keys.filter((key) => key?.meta?.purpose === void 0 || key?.meta?.purpose === "assertionMethod" || key?.meta?.purposes?.includes("assertionMethod")).map((key) => {
684
+ assertionMethod: identifier.keys.filter((key) => hasPurpose(key, "assertionMethod")).map((key) => {
656
685
  if (key.kid.startsWith(did) && key.kid.includes("#")) {
657
686
  return key.kid;
658
687
  }
@@ -660,7 +689,7 @@ function toDidDocument(identifier, opts) {
660
689
  })
661
690
  },
662
691
  ...(opts?.use === void 0 || opts?.use?.includes(import_ssi_sdk_ext.JwkKeyUse.Signature)) && identifier.keys && {
663
- authentication: identifier.keys.filter((key) => key?.meta?.purpose === void 0 || key?.meta?.purpose === "authentication" || key?.meta?.purposes?.includes("authentication")).map((key) => {
692
+ authentication: identifier.keys.filter((key) => hasPurpose(key, "authentication")).map((key) => {
664
693
  if (key.kid.startsWith(did) && key.kid.includes("#")) {
665
694
  return key.kid;
666
695
  }
@@ -668,7 +697,7 @@ function toDidDocument(identifier, opts) {
668
697
  })
669
698
  },
670
699
  ...(opts?.use === void 0 || opts?.use?.includes(import_ssi_sdk_ext.JwkKeyUse.Encryption)) && identifier.keys && {
671
- keyAgreement: identifier.keys.filter((key) => key.type === "X25519" || key?.meta?.purpose === "keyAgreement" || key?.meta?.purposes?.includes("keyAgreement")).map((key) => {
700
+ keyAgreement: identifier.keys.filter((key) => key.type === "X25519" || hasPurpose(key, "keyAgreement")).map((key) => {
672
701
  if (key.kid.startsWith(did) && key.kid.includes("#")) {
673
702
  return key.kid;
674
703
  }
@@ -676,7 +705,7 @@ function toDidDocument(identifier, opts) {
676
705
  })
677
706
  },
678
707
  ...(opts?.use === void 0 || opts?.use?.includes(import_ssi_sdk_ext.JwkKeyUse.Encryption)) && identifier.keys && {
679
- capabilityInvocation: identifier.keys.filter((key) => key.type === "X25519" || key?.meta?.purpose === "capabilityInvocation" || key?.meta?.purposes?.includes("capabilityInvocation")).map((key) => {
708
+ capabilityInvocation: identifier.keys.filter((key) => key.type === "X25519" || hasPurpose(key, "capabilityInvocation")).map((key) => {
680
709
  if (key.kid.startsWith(did) && key.kid.includes("#")) {
681
710
  return key.kid;
682
711
  }
@@ -684,7 +713,7 @@ function toDidDocument(identifier, opts) {
684
713
  })
685
714
  },
686
715
  ...(opts?.use === void 0 || opts?.use?.includes(import_ssi_sdk_ext.JwkKeyUse.Encryption)) && identifier.keys && {
687
- capabilityDelegation: identifier.keys.filter((key) => key.type === "X25519" || key?.meta?.purpose === "capabilityDelegation" || key?.meta?.purposes?.includes("capabilityDelegation")).map((key) => {
716
+ capabilityDelegation: identifier.keys.filter((key) => key.type === "X25519" || hasPurpose(key, "capabilityDelegation")).map((key) => {
688
717
  if (key.kid.startsWith(did) && key.kid.includes("#")) {
689
718
  return key.kid;
690
719
  }
package/dist/index.cjs.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"sources":["../src/index.ts","../src/did-functions.ts","../src/types.ts"],"sourcesContent":["export * from './did-functions'\nexport * from './types'\n","import { computeAddress } from '@ethersproject/transactions'\nimport { UniResolver } from '@sphereon/did-uni-client'\nimport {\n ENC_KEY_ALGS,\n getKms,\n JwkKeyUse,\n keyTypeFromCryptographicSuite,\n rsaJwkToRawHexKey,\n sanitizedJwk,\n signatureAlgorithmFromKey,\n type TKeyType,\n toJwk,\n toPkcs1FromHex,\n} from '@sphereon/ssi-sdk-ext.key-utils'\nimport { base64ToHex } from '@sphereon/ssi-sdk-ext.x509-utils'\nimport { base58ToBytes, base64ToBytes, bytesToHex, hexToBytes, multibaseKeyToBytes } from '@sphereon/ssi-sdk.core'\nimport type { JWK } from '@sphereon/ssi-types'\nimport { convertPublicKeyToX25519 } from '@stablelib/ed25519'\nimport type { DIDDocument, DIDDocumentSection, DIDResolutionResult, IAgentContext, IDIDManager, IIdentifier, IKey, IResolver } from '@veramo/core'\nimport {\n type _ExtendedIKey,\n type _ExtendedVerificationMethod,\n type _NormalizedVerificationMethod,\n compressIdentifierSecp256k1Keys,\n convertIdentifierEncryptionKeys,\n getEthereumAddress,\n isDefined,\n mapIdentifierKeysToDoc,\n} from '@veramo/utils'\nimport { createJWT, Signer } from 'did-jwt'\nimport type { DIDResolutionOptions, JsonWebKey, Resolvable, VerificationMethod } from 'did-resolver'\n// @ts-ignore\nimport elliptic from 'elliptic'\n// @ts-ignore\nimport * as u8a from 'uint8arrays'\nimport {\n type CreateIdentifierOpts,\n type CreateOrGetIdentifierOpts,\n DID_PREFIX,\n type GetOrCreateResult,\n type GetSignerArgs,\n IdentifierAliasEnum,\n type IdentifierProviderOpts,\n type IDIDOptions,\n type SignJwtArgs,\n SupportedDidMethodEnum,\n} from './types'\n\nconst { fromString, toString } = u8a\n\nexport const getAuthenticationKey = async (\n {\n identifier,\n offlineWhenNoDIDRegistered,\n noVerificationMethodFallback,\n keyType,\n controllerKey,\n }: {\n identifier: IIdentifier\n keyType?: TKeyType\n offlineWhenNoDIDRegistered?: boolean\n noVerificationMethodFallback?: boolean\n controllerKey?: boolean\n },\n context: IAgentContext<IResolver & IDIDManager>,\n): Promise<_ExtendedIKey> => {\n return await getFirstKeyWithRelation(\n {\n identifier,\n offlineWhenNoDIDRegistered,\n noVerificationMethodFallback,\n keyType,\n controllerKey,\n vmRelationship: 'authentication',\n },\n context,\n )\n}\nexport const getFirstKeyWithRelation = async (\n {\n identifier,\n offlineWhenNoDIDRegistered,\n noVerificationMethodFallback,\n keyType,\n controllerKey,\n vmRelationship,\n }: {\n identifier: IIdentifier\n keyType?: TKeyType\n offlineWhenNoDIDRegistered?: boolean\n noVerificationMethodFallback?: boolean\n controllerKey?: boolean\n vmRelationship: DIDDocumentSection\n },\n context: IAgentContext<IResolver & IDIDManager>,\n): Promise<_ExtendedIKey> => {\n let key: _ExtendedIKey | undefined = undefined\n try {\n key =\n (await getFirstKeyWithRelationFromDIDDoc(\n {\n identifier,\n vmRelationship,\n errorOnNotFound: false,\n keyType,\n controllerKey,\n },\n context,\n )) ??\n (noVerificationMethodFallback || vmRelationship === 'verificationMethod' // let's not fallback to the same value again\n ? undefined\n : await getFirstKeyWithRelationFromDIDDoc(\n {\n identifier,\n vmRelationship: 'verificationMethod',\n errorOnNotFound: false,\n keyType,\n controllerKey,\n },\n context,\n ))\n } catch (e) {\n if (e instanceof Error) {\n if (!e.message.includes('404') || !offlineWhenNoDIDRegistered) {\n throw e\n }\n } else {\n throw e\n }\n }\n if (!key && offlineWhenNoDIDRegistered) {\n const offlineDID = toDidDocument(identifier)\n key =\n (await getFirstKeyWithRelationFromDIDDoc(\n {\n identifier,\n vmRelationship,\n errorOnNotFound: false,\n didDocument: offlineDID,\n keyType,\n controllerKey,\n },\n context,\n )) ??\n (noVerificationMethodFallback || vmRelationship === 'verificationMethod' // let's not fallback to the same value again\n ? undefined\n : await getFirstKeyWithRelationFromDIDDoc(\n {\n identifier,\n vmRelationship: 'verificationMethod',\n errorOnNotFound: false,\n didDocument: offlineDID,\n keyType,\n controllerKey,\n },\n context,\n ))\n if (!key) {\n key = identifier.keys\n .map((key) => key as _ExtendedIKey)\n .filter((key) => keyType === undefined || key.type === keyType || (controllerKey && key.kid === identifier.controllerKeyId))\n .find((key) => key.meta.verificationMethod?.type.includes('authentication') || key.meta.purposes?.includes('authentication'))\n }\n }\n if (!key) {\n throw Error(`Could not find authentication key for DID ${identifier.did}`)\n }\n return key\n}\n\nexport const getOrCreatePrimaryIdentifier = async (\n context: IAgentContext<IDIDManager>,\n opts?: CreateOrGetIdentifierOpts,\n): Promise<GetOrCreateResult<IIdentifier>> => {\n const primaryIdentifier = await getPrimaryIdentifier(context, { ...opts?.createOpts?.options, ...(opts?.method && { method: opts.method }) })\n if (primaryIdentifier !== undefined) {\n return {\n created: false,\n result: primaryIdentifier,\n }\n }\n\n if (opts?.method === SupportedDidMethodEnum.DID_KEY) {\n const createOpts = opts?.createOpts ?? {}\n createOpts.options = { codecName: 'EBSI', type: 'Secp256r1', ...createOpts }\n opts.createOpts = createOpts\n }\n const createdIdentifier = await createIdentifier(context, opts)\n return {\n created: true,\n result: createdIdentifier,\n }\n}\n\nexport const getPrimaryIdentifier = async (context: IAgentContext<IDIDManager>, opts?: IdentifierProviderOpts): Promise<IIdentifier | undefined> => {\n const identifiers = (await context.agent.didManagerFind(opts?.method ? { provider: `${DID_PREFIX}${opts?.method}` } : {})).filter(\n (identifier: IIdentifier) => opts?.type === undefined || identifier.keys.some((key: IKey) => key.type === opts?.type),\n )\n\n return identifiers && identifiers.length > 0 ? identifiers[0] : undefined\n}\n\nexport const createIdentifier = async (context: IAgentContext<IDIDManager>, opts?: CreateIdentifierOpts): Promise<IIdentifier> => {\n return await context.agent.didManagerCreate({\n kms: await getKms(context, opts?.createOpts?.kms),\n ...(opts?.method && { provider: `${DID_PREFIX}${opts?.method}` }),\n alias: opts?.createOpts?.alias ?? `${IdentifierAliasEnum.PRIMARY}-${opts?.method}-${opts?.createOpts?.options?.type}-${new Date().getTime()}`,\n options: opts?.createOpts?.options,\n })\n}\n\nexport const getFirstKeyWithRelationFromDIDDoc = async (\n {\n identifier,\n vmRelationship = 'verificationMethod',\n keyType,\n errorOnNotFound = false,\n didDocument,\n controllerKey,\n }: {\n identifier: IIdentifier\n controllerKey?: boolean\n vmRelationship?: DIDDocumentSection\n keyType?: TKeyType\n errorOnNotFound?: boolean\n didDocument?: DIDDocument\n },\n context: IAgentContext<IResolver & IDIDManager>,\n): Promise<_ExtendedIKey | undefined> => {\n const matchedKeys = await mapIdentifierKeysToDocWithJwkSupport({ identifier, vmRelationship, didDocument }, context)\n if (Array.isArray(matchedKeys) && matchedKeys.length > 0) {\n const result = matchedKeys.find(\n (key) => keyType === undefined || key.type === keyType || (controllerKey && key.kid === identifier.controllerKeyId),\n )\n if (result) {\n return result\n }\n }\n if (errorOnNotFound) {\n throw new Error(\n `Could not find key with relationship ${vmRelationship} in DID document for ${identifier.did}${keyType ? ' and key type: ' + keyType : ''}`,\n )\n }\n return undefined\n}\n\nexport const getEthereumAddressFromKey = ({ key }: { key: IKey }) => {\n if (key.type !== 'Secp256k1') {\n throw Error(`Can only get ethereum address from a Secp256k1 key. Type is ${key.type} for keyRef: ${key.kid}`)\n }\n const ethereumAddress = key.meta?.ethereumAddress ?? key.meta?.account?.toLowerCase() ?? computeAddress(`0x${key.publicKeyHex}`).toLowerCase()\n if (!ethereumAddress) {\n throw Error(`Could not get or generate ethereum address from key with keyRef ${key.kid}`)\n }\n return ethereumAddress\n}\n\nexport const getControllerKey = ({ identifier }: { identifier: IIdentifier }) => {\n const key = identifier.keys.find((key) => key.kid === identifier.controllerKeyId)\n if (!key) {\n throw Error(`Could not get controller key for identifier ${identifier}`)\n }\n return key\n}\n\nexport const getKeys = ({\n jwkThumbprint,\n kms,\n identifier,\n kmsKeyRef,\n keyType,\n controllerKey,\n}: {\n identifier: IIdentifier\n kmsKeyRef?: string\n keyType?: TKeyType\n kms?: string\n jwkThumbprint?: string\n controllerKey?: boolean\n}) => {\n return identifier.keys\n .filter((key) => !keyType || key.type === keyType)\n .filter((key) => !kms || key.kms === kms)\n .filter((key) => !kmsKeyRef || key.kid === kmsKeyRef)\n .filter((key) => !jwkThumbprint || key.meta?.jwkThumbprint === jwkThumbprint)\n .filter((key) => !controllerKey || identifier.controllerKeyId === key.kid)\n}\n\n//TODO: Move to ssi-sdk/core and create PR upstream\n/**\n * Dereferences keys from DID document and normalizes them for easy comparison.\n *\n * When dereferencing keyAgreement keys, only Ed25519 and X25519 curves are supported.\n * Other key types are omitted from the result and Ed25519 keys are converted to X25519\n *\n * @returns a Promise that resolves to the list of dereferenced keys.\n *\n * @beta This API may change without a BREAKING CHANGE notice.\n */\nexport async function dereferenceDidKeysWithJwkSupport(\n didDocument: DIDDocument,\n section: DIDDocumentSection = 'keyAgreement',\n context: IAgentContext<IResolver>,\n): Promise<_NormalizedVerificationMethod[]> {\n const convert = section === 'keyAgreement'\n if (section === 'service') {\n return []\n }\n return (\n await Promise.all(\n (didDocument[section] || []).map(async (key: string | VerificationMethod) => {\n if (typeof key === 'string') {\n try {\n return (await context.agent.getDIDComponentById({\n didDocument,\n didUrl: key,\n section,\n })) as _ExtendedVerificationMethod\n } catch (e) {\n return null\n }\n } else {\n return key as _ExtendedVerificationMethod\n }\n }),\n )\n )\n .filter(isDefined)\n .map((key) => {\n const hexKey = extractPublicKeyHexWithJwkSupport(key, convert)\n const { publicKeyHex, publicKeyBase58, publicKeyBase64, publicKeyJwk, ...keyProps } = key\n const newKey = { ...keyProps, publicKeyHex: hexKey }\n if (convert && 'Ed25519VerificationKey2018' === newKey.type) {\n newKey.type = 'X25519KeyAgreementKey2019'\n }\n return newKey\n })\n}\n\nexport function jwkTtoPublicKeyHex(jwk: JWK): string {\n // todo: Hacky way to convert this to a VM. Should extract the logic from the below methods\n // @ts-ignore\n const vm: _ExtendedVerificationMethod = {\n publicKeyJwk: sanitizedJwk(jwk),\n }\n return extractPublicKeyHexWithJwkSupport(vm)\n}\n\n/**\n * Converts the publicKey of a VerificationMethod to hex encoding (publicKeyHex)\n *\n * @param pk - the VerificationMethod to be converted\n * @param convert - when this flag is set to true, Ed25519 keys are converted to their X25519 pairs\n * @returns the hex encoding of the public key\n *\n * @beta This API may change without a BREAKING CHANGE notice.\n */\nexport function extractPublicKeyHexWithJwkSupport(pk: _ExtendedVerificationMethod, convert = false): string {\n if (pk.publicKeyJwk) {\n const jwk = sanitizedJwk(pk.publicKeyJwk)\n if (jwk.kty === 'EC') {\n const curve = jwk.crv ? toEcLibCurve(jwk.crv) : 'p256'\n const xHex = base64ToHex(jwk.x!, 'base64url')\n const yHex = base64ToHex(jwk.y!, 'base64url')\n const prefix = '04' // isEven(yHex) ? '02' : '03'\n // Uncompressed Hex format: 04<x><y>\n // Compressed Hex format: 02<x> (for even y) or 03<x> (for uneven y)\n const hex = `${prefix}${xHex}${yHex}`\n try {\n const ec = new elliptic.ec(curve)\n // We return directly as we don't want to convert the result back into Uint8Array and then convert again to hex as the elliptic lib already returns hex strings\n const publicKeyHex = ec.keyFromPublic(hex, 'hex').getPublic(true, 'hex')\n // This returns a short form (x) with 02 or 03 prefix\n return publicKeyHex\n } catch (error: any) {\n console.error(`Error converting EC with elliptic lib curve ${curve} from JWK to hex. x: ${jwk.x}, y: ${jwk.y}, error: ${error}`, error)\n }\n } else if (jwk.crv === 'Ed25519') {\n return toString(fromString(jwk.x!, 'base64url'), 'base16')\n } else if (jwk.kty === 'RSA') {\n return rsaJwkToRawHexKey(jwk)\n // return hexKeyFromPEMBasedJwk(jwk, 'public')\n }\n }\n // delegate the other types to the original Veramo function\n return extractPublicKeyHex(pk, convert)\n}\n\nexport function isEvenHexString(hex: string) {\n const lastChar = hex[hex.length - 1].toLowerCase()\n return ['0', '2', '4', '6', '8', 'a', 'c', 'e'].includes(lastChar)\n}\n\ninterface LegacyVerificationMethod extends VerificationMethod {\n publicKeyBase64: string\n}\n\n/**\n * Converts the publicKey of a VerificationMethod to hex encoding (publicKeyHex)\n *\n * @param pk - the VerificationMethod to be converted\n * @param convert - when this flag is set to true, Ed25519 keys are converted to their X25519 pairs\n * @returns the hex encoding of the public key\n *\n * @beta This API may change without a BREAKING CHANGE notice.\n */\nexport function extractPublicKeyHex(pk: _ExtendedVerificationMethod, convert: boolean = false): string {\n let keyBytes = extractPublicKeyBytes(pk)\n const jwk = pk.publicKeyJwk ? sanitizedJwk(pk.publicKeyJwk) : undefined\n if (convert) {\n if (\n ['Ed25519', 'Ed25519VerificationKey2018', 'Ed25519VerificationKey2020'].includes(pk.type) ||\n (pk.type === 'JsonWebKey2020' && jwk?.crv === 'Ed25519')\n ) {\n keyBytes = convertPublicKeyToX25519(keyBytes)\n } else if (\n !['X25519', 'X25519KeyAgreementKey2019', 'X25519KeyAgreementKey2020'].includes(pk.type) &&\n !(pk.type === 'JsonWebKey2020' && jwk?.crv === 'X25519')\n ) {\n return ''\n }\n }\n return bytesToHex(keyBytes)\n}\n\nfunction toEcLibCurve(input: string) {\n return input.toLowerCase().replace('-', '').replace('_', '')\n}\n\nfunction extractPublicKeyBytes(pk: VerificationMethod): Uint8Array {\n if (pk.publicKeyBase58) {\n return base58ToBytes(pk.publicKeyBase58)\n } else if (pk.publicKeyMultibase) {\n return multibaseKeyToBytes(pk.publicKeyMultibase)\n } else if ((<LegacyVerificationMethod>pk).publicKeyBase64) {\n return base64ToBytes((<LegacyVerificationMethod>pk).publicKeyBase64)\n } else if (pk.publicKeyHex) {\n return hexToBytes(pk.publicKeyHex)\n } else if (pk.publicKeyJwk?.crv && pk.publicKeyJwk.x && pk.publicKeyJwk.y) {\n return hexToBytes(extractPublicKeyHexWithJwkSupport(pk))\n } else if (pk.publicKeyJwk && (pk.publicKeyJwk.crv === 'Ed25519' || pk.publicKeyJwk.crv === 'X25519') && pk.publicKeyJwk.x) {\n return base64ToBytes(pk.publicKeyJwk.x)\n }\n return new Uint8Array()\n}\n\nexport function verificationMethodToJwk(vm: VerificationMethod, errorOnNotFound = true): JWK | null {\n let jwk: JWK | undefined = vm.publicKeyJwk as JWK\n if (!jwk) {\n let publicKeyHex = vm.publicKeyHex ?? toString(extractPublicKeyBytes(vm), 'hex')\n if (publicKeyHex && publicKeyHex.trim() !== '') {\n jwk = toJwk(publicKeyHex, keyTypeFromCryptographicSuite({ crv: vm.type }))\n }\n }\n if (!jwk) {\n if (errorOnNotFound) {\n throw Error(`Could not convert verification method ${vm.id} to jwk`)\n }\n return null\n }\n jwk.kid = vm.id\n return sanitizedJwk(jwk)\n}\n\nfunction didDocumentSectionToJwks(\n didDocumentSection: DIDDocumentSection,\n searchForVerificationMethods?: (VerificationMethod | string)[],\n verificationMethods?: VerificationMethod[],\n) {\n const jwks = new Set(\n (searchForVerificationMethods ?? [])\n .map((vmOrId) => (typeof vmOrId === 'object' ? vmOrId : verificationMethods?.find((vm) => vm.id === vmOrId)))\n .filter(isDefined)\n .map((vm) => verificationMethodToJwk(vm, false))\n .filter(isDefined),\n )\n return { didDocumentSection, jwks: Array.from(jwks) }\n}\n\nexport type DidDocumentJwks = Record<Exclude<DIDDocumentSection, 'publicKey' | 'service'>, Array<JWK>>\n\nexport function didDocumentToJwks(didDocument: DIDDocument): DidDocumentJwks {\n return {\n verificationMethod: [\n ...didDocumentSectionToJwks('publicKey', didDocument.publicKey, didDocument.verificationMethod).jwks, // legacy support\n ...didDocumentSectionToJwks('verificationMethod', didDocument.verificationMethod, didDocument.verificationMethod).jwks,\n ],\n assertionMethod: didDocumentSectionToJwks('assertionMethod', didDocument.assertionMethod, didDocument.verificationMethod).jwks,\n authentication: didDocumentSectionToJwks('authentication', didDocument.authentication, didDocument.verificationMethod).jwks,\n keyAgreement: didDocumentSectionToJwks('keyAgreement', didDocument.keyAgreement, didDocument.verificationMethod).jwks,\n capabilityInvocation: didDocumentSectionToJwks('capabilityInvocation', didDocument.capabilityInvocation, didDocument.verificationMethod).jwks,\n capabilityDelegation: didDocumentSectionToJwks('capabilityDelegation', didDocument.capabilityDelegation, didDocument.verificationMethod).jwks,\n }\n}\n\n/**\n * Maps the keys of a locally managed {@link @veramo/core#IIdentifier | IIdentifier} to the corresponding\n * {@link did-resolver#VerificationMethod | VerificationMethod} entries from the DID document.\n *\n * @param identifier - the identifier to be mapped\n * @param section - the section of the DID document to be mapped (see\n * {@link https://www.w3.org/TR/did-core/#verification-relationships | verification relationships}), but can also be\n * `verificationMethod` to map all the keys.\n * @param didDocument\n * @param context - the veramo agent context, which must contain a {@link @veramo/core#IResolver | IResolver}\n * implementation that can resolve the DID document of the identifier.\n *\n * @returns an array of mapped keys. The corresponding verification method is added to the `meta.verificationMethod`\n * property of the key.\n *\n * @beta This API may change without a BREAKING CHANGE notice.\n */\nexport async function mapIdentifierKeysToDocWithJwkSupport(\n {\n identifier,\n vmRelationship = 'verificationMethod',\n didDocument,\n kmsKeyRef,\n }: {\n identifier: IIdentifier\n vmRelationship?: DIDDocumentSection\n didDocument?: DIDDocument\n kmsKeyRef?: string\n },\n context: IAgentContext<IResolver & IDIDManager>,\n): Promise<_ExtendedIKey[]> {\n const didDoc =\n didDocument ??\n (await getAgentResolver(context)\n .resolve(identifier.did)\n .then((result) => result.didDocument))\n if (!didDoc) {\n throw Error(`Could not resolve DID ${identifier.did}`)\n }\n\n // const rsaDidWeb = identifier.keys && identifier.keys.length > 0 && identifier.keys.find((key) => key.type === 'RSA') && didDocument\n\n // We skip mapping in case the identifier is RSA and a did document is supplied.\n const keys = didDoc ? [] : await mapIdentifierKeysToDoc(identifier, vmRelationship, context)\n\n // dereference all key agreement keys from DID document and normalize\n const documentKeys: VerificationMethod[] = await dereferenceDidKeysWithJwkSupport(didDoc, vmRelationship, context)\n\n if (kmsKeyRef) {\n let found = keys.filter((key) => key.kid === kmsKeyRef)\n if (found.length > 0) {\n return found\n }\n }\n\n const localKeys = vmRelationship === 'keyAgreement' ? convertIdentifierEncryptionKeys(identifier) : compressIdentifierSecp256k1Keys(identifier)\n\n // finally map the didDocument keys to the identifier keys by comparing `publicKeyHex`\n const extendedKeys: _ExtendedIKey[] = documentKeys\n .map((verificationMethod) => {\n let vmKey = verificationMethod.publicKeyHex\n if (vmKey?.startsWith('30')) {\n // DER encoded\n vmKey = toPkcs1FromHex(vmKey)\n }\n\n const localKey = localKeys.find(\n (localKey) =>\n localKey.publicKeyHex === vmKey ||\n (localKey.type === 'RSA' && vmKey?.startsWith('30') && toPkcs1FromHex(localKey.publicKeyHex) === vmKey) ||\n vmKey?.startsWith(localKey.publicKeyHex) ||\n compareBlockchainAccountId(localKey, verificationMethod),\n )\n if (localKey) {\n const { meta, ...localProps } = localKey\n return { ...localProps, meta: { ...meta, verificationMethod } }\n } else {\n return null\n }\n })\n .filter(isDefined)\n\n return Array.from(new Set(keys.concat(extendedKeys)))\n}\n\n/**\n * Compares the `blockchainAccountId` of a `EcdsaSecp256k1RecoveryMethod2020` verification method with the address\n * computed from a locally managed key.\n *\n * @returns true if the local key address corresponds to the `blockchainAccountId`\n *\n * @param localKey - The locally managed key\n * @param verificationMethod - a {@link did-resolver#VerificationMethod | VerificationMethod} with a\n * `blockchainAccountId`\n *\n * @beta This API may change without a BREAKING CHANGE notice.\n */\nfunction compareBlockchainAccountId(localKey: IKey, verificationMethod: VerificationMethod): boolean {\n if (\n (verificationMethod.type !== 'EcdsaSecp256k1RecoveryMethod2020' && verificationMethod.type !== 'EcdsaSecp256k1VerificationKey2019') ||\n localKey.type !== 'Secp256k1'\n ) {\n return false\n }\n let vmEthAddr = getEthereumAddress(verificationMethod)\n if (localKey.meta?.account) {\n return vmEthAddr === localKey.meta?.account.toLowerCase()\n }\n const computedAddr = computeAddress('0x' + localKey.publicKeyHex).toLowerCase()\n return computedAddr === vmEthAddr\n}\n\nexport async function getAgentDIDMethods(context: IAgentContext<IDIDManager>) {\n return (await context.agent.didManagerGetProviders()).map((provider) => provider.toLowerCase().replace('did:', ''))\n}\n\nexport function getDID(idOpts: { identifier: IIdentifier | string }): string {\n if (typeof idOpts.identifier === 'string') {\n return idOpts.identifier\n } else if (typeof idOpts.identifier === 'object') {\n return idOpts.identifier.did\n }\n throw Error(`Cannot get DID from identifier value`)\n}\n\nexport function toDID(identifier: string | IIdentifier | Partial<IIdentifier>): string {\n if (typeof identifier === 'string') {\n return identifier\n }\n if (identifier.did) {\n return identifier.did\n }\n throw Error(`No DID value present in identifier`)\n}\n\nexport function toDIDs(identifiers?: (string | IIdentifier | Partial<IIdentifier>)[]): string[] {\n if (!identifiers) {\n return []\n }\n return identifiers.map(toDID)\n}\n\nexport async function getKey(\n {\n identifier,\n vmRelationship = 'authentication',\n kmsKeyRef,\n }: {\n identifier: IIdentifier\n vmRelationship?: DIDDocumentSection\n kmsKeyRef?: string\n },\n context: IAgentContext<IResolver & IDIDManager>,\n): Promise<_ExtendedIKey> {\n if (!identifier) {\n return Promise.reject(new Error(`No identifier provided to getKey method!`))\n }\n // normalize to kid, in case keyId was passed in as did#vm or #vm\n const kmsKeyRefParts = kmsKeyRef?.split(`#`)\n const kid = kmsKeyRefParts ? (kmsKeyRefParts?.length === 2 ? kmsKeyRefParts[1] : kmsKeyRefParts[0]) : undefined\n // todo: We really should do a keyRef and external kid here\n // const keyRefKeys = kmsKeyRef ? identifier.keys.find((key: IKey) => key.kid === kid || key?.meta?.jwkThumbprint === kid) : undefined\n let identifierKey: _ExtendedIKey | undefined = undefined\n\n const keys = await mapIdentifierKeysToDocWithJwkSupport({ identifier, vmRelationship: vmRelationship, kmsKeyRef: kmsKeyRef }, context)\n if (!keys || keys.length === 0) {\n throw new Error(`No keys found for verificationMethodSection: ${vmRelationship} and did ${identifier.did}`)\n }\n if (kmsKeyRef) {\n identifierKey = keys.find(\n (key: _ExtendedIKey) => key.meta.verificationMethod?.id === kmsKeyRef || (kid && key.meta.verificationMethod?.id?.includes(kid)),\n )\n }\n if (!identifierKey) {\n identifierKey = keys.find(\n (key: _ExtendedIKey) => key.meta.verificationMethod?.type === vmRelationship || key.meta.purposes?.includes(vmRelationship),\n )\n }\n if (!identifierKey) {\n identifierKey = keys[0]\n }\n\n if (!identifierKey) {\n throw new Error(\n `No matching verificationMethodSection key found for keyId: ${kmsKeyRef} and vmSection: ${vmRelationship} for id ${identifier.did}`,\n )\n }\n\n return identifierKey\n}\n\n/**\n *\n * @param identifier\n * @param context\n *\n * @deprecated Replaced by the identfier resolution plugin\n */\nasync function legacyGetIdentifier(\n {\n identifier,\n }: {\n identifier: string | IIdentifier\n },\n context: IAgentContext<IDIDManager>,\n): Promise<IIdentifier> {\n if (typeof identifier === 'string') {\n return await context.agent.didManagerGet({ did: identifier })\n }\n return identifier\n}\n\n/**\n * Get the real kid as used in JWTs. This is the kid in the VM or in the JWT, not the kid in the Veramo/Sphereon keystore. That was just a poorly chosen name\n * @param key\n * @param idOpts\n * @param context\n */\nexport async function determineKid(\n {\n key,\n idOpts,\n }: {\n key: IKey\n idOpts: { identifier: IIdentifier | string; kmsKeyRef?: string }\n },\n context: IAgentContext<IResolver & IDIDManager>,\n): Promise<string> {\n if (key.meta?.verificationMethod?.id) {\n return key.meta?.verificationMethod?.id\n }\n const identifier = await legacyGetIdentifier(idOpts, context)\n const mappedKeys = await mapIdentifierKeysToDocWithJwkSupport(\n {\n identifier,\n vmRelationship: 'verificationMethod',\n },\n context,\n )\n const vmKey = mappedKeys.find((extendedKey) => extendedKey.kid === key.kid)\n if (vmKey) {\n return vmKey.meta?.verificationMethod?.id ?? vmKey.meta?.jwkThumbprint ?? idOpts.kmsKeyRef ?? vmKey.kid\n }\n\n return key.meta?.jwkThumbprint ?? idOpts.kmsKeyRef ?? key.kid\n}\n\nexport async function getSupportedDIDMethods(didOpts: IDIDOptions, context: IAgentContext<IDIDManager>) {\n return didOpts.supportedDIDMethods ?? (await getAgentDIDMethods(context))\n}\n\nexport function getAgentResolver(\n context: IAgentContext<IResolver & IDIDManager>,\n opts?: {\n localResolution?: boolean // Resolve identifiers hosted by the agent\n uniresolverResolution?: boolean // Resolve identifiers using universal resolver\n resolverResolution?: boolean // Use registered drivers\n },\n): Resolvable {\n return new AgentDIDResolver(context, opts)\n}\n\nexport class AgentDIDResolver implements Resolvable {\n private readonly context: IAgentContext<IResolver & IDIDManager>\n private readonly resolverResolution: boolean\n private readonly uniresolverResolution: boolean\n private readonly localResolution: boolean\n\n constructor(\n context: IAgentContext<IResolver & IDIDManager>,\n opts?: { uniresolverResolution?: boolean; localResolution?: boolean; resolverResolution?: boolean },\n ) {\n this.context = context\n this.resolverResolution = opts?.resolverResolution !== false\n this.uniresolverResolution = opts?.uniresolverResolution !== false\n this.localResolution = opts?.localResolution !== false\n }\n\n async resolve(didUrl: string, options?: DIDResolutionOptions): Promise<DIDResolutionResult> {\n let resolutionResult: DIDResolutionResult | undefined\n let origResolutionResult: DIDResolutionResult | undefined\n let err: any\n if (!this.resolverResolution && !this.localResolution && !this.uniresolverResolution) {\n throw Error(`No agent hosted DID resolution, regular agent resolution nor universal resolver resolution is enabled. Cannot resolve DIDs.`)\n }\n if (this.resolverResolution) {\n try {\n resolutionResult = await this.context.agent.resolveDid({ didUrl, options })\n } catch (error: unknown) {\n err = error\n }\n }\n if (resolutionResult) {\n origResolutionResult = resolutionResult\n if (resolutionResult.didDocument === null) {\n resolutionResult = undefined\n }\n } else {\n console.log(`Agent resolver resolution is disabled. This typically isn't desirable!`)\n }\n if (!resolutionResult && this.localResolution) {\n console.log(`Using local DID resolution, looking at DIDs hosted by the agent.`)\n try {\n const did = didUrl.split('#')[0]\n const iIdentifier = await this.context.agent.didManagerGet({ did })\n resolutionResult = toDidResolutionResult(iIdentifier, { did })\n if (resolutionResult.didDocument) {\n err = undefined\n } else {\n console.log(`Local resolution resulted in a DID Document for ${did}`)\n }\n } catch (error: unknown) {\n if (!err) {\n err = error\n }\n }\n }\n if (resolutionResult) {\n if (!origResolutionResult) {\n origResolutionResult = resolutionResult\n }\n if (!resolutionResult.didDocument) {\n resolutionResult = undefined\n }\n }\n if (!resolutionResult && this.uniresolverResolution) {\n console.log(`Using universal resolver resolution for did ${didUrl} `)\n resolutionResult = await new UniResolver().resolve(didUrl, options)\n if (!origResolutionResult) {\n origResolutionResult = resolutionResult\n }\n if (resolutionResult.didDocument) {\n err = undefined\n }\n }\n\n if (err) {\n // throw original error\n throw err\n }\n if (!resolutionResult && !origResolutionResult) {\n throw `Could not resolve ${didUrl}. Resolutions tried: online: ${this.resolverResolution}, local: ${this.localResolution}, uni resolver: ${this.uniresolverResolution}`\n }\n return resolutionResult ?? origResolutionResult!\n }\n}\n\n/**\n * Please note that this is not an exact representation of the actual DID Document.\n *\n * We try to do our best, to map keys onto relevant verification methods and relationships, but we simply lack the context\n * of the actual DID method here. Do not relly on this method for DID resolution. It is only handy for offline use cases\n * when no DID Document is cached. For DID:WEB it does provide an accurate representation!\n *\n * @param identifier\n * @param opts\n */\nexport function toDidDocument(\n identifier?: IIdentifier,\n opts?: {\n did?: string\n use?: JwkKeyUse[]\n },\n): DIDDocument | undefined {\n let didDocument: DIDDocument | undefined = undefined\n // TODO: Introduce jwk thumbprints here\n if (identifier) {\n const did = identifier.did ?? opts?.did\n didDocument = {\n '@context': 'https://www.w3.org/ns/did/v1',\n id: did,\n verificationMethod: identifier.keys.map((key) => {\n const vm: VerificationMethod = {\n controller: did,\n id: key.kid.startsWith(did) && key.kid.includes('#') ? key.kid : `${did}#${key.kid}`,\n publicKeyJwk: toJwk(key.publicKeyHex, key.type, {\n use: ENC_KEY_ALGS.includes(key.type) ? JwkKeyUse.Encryption : JwkKeyUse.Signature,\n key,\n }) as JsonWebKey,\n type: 'JsonWebKey2020',\n }\n return vm\n }),\n ...((opts?.use === undefined || opts?.use?.includes(JwkKeyUse.Signature)) &&\n identifier.keys && {\n assertionMethod: identifier.keys\n .filter(\n (key) =>\n key?.meta?.purpose === undefined || key?.meta?.purpose === 'assertionMethod' || key?.meta?.purposes?.includes('assertionMethod'),\n )\n .map((key) => {\n if (key.kid.startsWith(did) && key.kid.includes('#')) {\n return key.kid\n }\n return `${did}#${key.kid}`\n }),\n }),\n ...((opts?.use === undefined || opts?.use?.includes(JwkKeyUse.Signature)) &&\n identifier.keys && {\n authentication: identifier.keys\n .filter(\n (key) => key?.meta?.purpose === undefined || key?.meta?.purpose === 'authentication' || key?.meta?.purposes?.includes('authentication'),\n )\n .map((key) => {\n if (key.kid.startsWith(did) && key.kid.includes('#')) {\n return key.kid\n }\n return `${did}#${key.kid}`\n }),\n }),\n ...((opts?.use === undefined || opts?.use?.includes(JwkKeyUse.Encryption)) &&\n identifier.keys && {\n keyAgreement: identifier.keys\n .filter((key) => key.type === 'X25519' || key?.meta?.purpose === 'keyAgreement' || key?.meta?.purposes?.includes('keyAgreement'))\n .map((key) => {\n if (key.kid.startsWith(did) && key.kid.includes('#')) {\n return key.kid\n }\n return `${did}#${key.kid}`\n }),\n }),\n ...((opts?.use === undefined || opts?.use?.includes(JwkKeyUse.Encryption)) &&\n identifier.keys && {\n capabilityInvocation: identifier.keys\n .filter(\n (key) =>\n key.type === 'X25519' || key?.meta?.purpose === 'capabilityInvocation' || key?.meta?.purposes?.includes('capabilityInvocation'),\n )\n .map((key) => {\n if (key.kid.startsWith(did) && key.kid.includes('#')) {\n return key.kid\n }\n return `${did}#${key.kid}`\n }),\n }),\n ...((opts?.use === undefined || opts?.use?.includes(JwkKeyUse.Encryption)) &&\n identifier.keys && {\n capabilityDelegation: identifier.keys\n .filter(\n (key) =>\n key.type === 'X25519' || key?.meta?.purpose === 'capabilityDelegation' || key?.meta?.purposes?.includes('capabilityDelegation'),\n )\n .map((key) => {\n if (key.kid.startsWith(did) && key.kid.includes('#')) {\n return key.kid\n }\n return `${did}#${key.kid}`\n }),\n }),\n ...(identifier.services && identifier.services.length > 0 && { service: identifier.services }),\n }\n }\n return didDocument\n}\n\nexport function toDidResolutionResult(\n identifier?: IIdentifier,\n opts?: {\n did?: string\n supportedMethods?: string[]\n },\n): DIDResolutionResult {\n const didDocument = toDidDocument(identifier, opts) ?? null // null is used in case of errors and required by the did resolution spec\n\n const resolutionResult: DIDResolutionResult = {\n '@context': 'https://w3id.org/did-resolution/v1',\n didDocument,\n didResolutionMetadata: {\n ...(!didDocument && { error: 'notFound' }),\n ...(Array.isArray(opts?.supportedMethods) &&\n identifier &&\n !opts?.supportedMethods.includes(identifier.provider.replace('did:', '')) && { error: 'unsupportedDidMethod' }),\n },\n didDocumentMetadata: {\n ...(identifier?.alias && { equivalentId: identifier?.alias }),\n },\n }\n return resolutionResult\n}\n\nexport async function asDidWeb(hostnameOrDID: string): Promise<string> {\n let did = hostnameOrDID\n if (!did) {\n throw Error('Domain or DID expected, but received nothing.')\n }\n if (did.startsWith('did:web:')) {\n return did\n }\n return `did:web:${did.replace(/https?:\\/\\/([^/?#]+).*/i, '$1').toLowerCase()}`\n}\n\n/**\n * @deprecated Replaced by the new signer service\n */\nexport const signDidJWT = async (args: SignJwtArgs): Promise<string> => {\n const { idOpts, header, payload, context, options } = args\n const jwtOptions = {\n ...options,\n signer: await getDidSigner({ idOpts, context }),\n }\n\n return createJWT(payload, jwtOptions, header)\n}\n\n/**\n * @deprecated Replaced by the new signer service\n */\nexport const getDidSigner = async (\n args: GetSignerArgs & {\n idOpts: {\n /**\n * @deprecated\n */\n identifier: IIdentifier | string\n /**\n * @deprecated\n */\n verificationMethodSection?: DIDDocumentSection\n /**\n * @deprecated\n */\n kmsKeyRef?: string\n }\n },\n): Promise<Signer> => {\n const { idOpts, context } = args\n\n const identifier = await legacyGetIdentifier(idOpts, context)\n const key = await getKey(\n {\n identifier,\n vmRelationship: idOpts.verificationMethodSection,\n kmsKeyRef: idOpts.kmsKeyRef,\n },\n context,\n )\n const algorithm = await signatureAlgorithmFromKey({ key })\n\n return async (data: string | Uint8Array): Promise<string> => {\n const input = data instanceof Object.getPrototypeOf(Uint8Array) ? new TextDecoder().decode(data as Uint8Array) : (data as string)\n return await context.agent.keyManagerSign({\n keyRef: key.kid,\n algorithm,\n data: input,\n })\n }\n}\n","import type { TKeyType } from '@sphereon/ssi-sdk-ext.key-utils'\nimport type { IAgentContext, IDIDManager, IIdentifier, IKeyManager, IResolver } from '@veramo/core'\nimport type { JWTHeader, JWTPayload, JWTVerifyOptions } from 'did-jwt'\nimport type { Resolvable } from 'did-resolver'\n\nexport enum SupportedDidMethodEnum {\n DID_ETHR = 'ethr',\n DID_KEY = 'key',\n DID_LTO = 'lto',\n DID_ION = 'ion',\n DID_EBSI = 'ebsi',\n DID_JWK = 'jwk',\n DID_OYD = 'oyd',\n}\n\nexport enum IdentifierAliasEnum {\n PRIMARY = 'primary',\n}\n\nexport interface ResolveOpts {\n jwtVerifyOpts?: JWTVerifyOptions\n resolver?: Resolvable\n resolveUrl?: string\n noUniversalResolverFallback?: boolean\n subjectSyntaxTypesSupported?: string[]\n}\n\n/**\n * @deprecated Replaced by the identifier resolution service\n */\nexport interface IDIDOptions {\n resolveOpts?: ResolveOpts\n idOpts: LegacyIIdentifierOpts\n supportedDIDMethods?: string[]\n}\n\nexport type IdentifierProviderOpts = {\n type?: TKeyType\n use?: string\n method?: SupportedDidMethodEnum\n [x: string]: any\n}\n\nexport type CreateIdentifierOpts = {\n method: SupportedDidMethodEnum\n createOpts?: CreateIdentifierCreateOpts\n}\n\nexport type CreateIdentifierCreateOpts = {\n kms?: string\n alias?: string\n options?: IdentifierProviderOpts\n}\n\nexport type CreateOrGetIdentifierOpts = {\n method: SupportedDidMethodEnum\n createOpts?: CreateIdentifierCreateOpts\n}\n\nexport const DID_PREFIX = 'did:'\n\nexport interface GetOrCreateResult<T> {\n created: boolean\n result: T\n}\n\n/**\n * @deprecated Replaced by new signer\n */\nexport type SignJwtArgs = {\n idOpts: LegacyIIdentifierOpts\n header: Partial<JWTHeader>\n payload: Partial<JWTPayload>\n options: { issuer: string; expiresIn?: number; canonicalize?: boolean }\n context: IRequiredSignAgentContext\n}\n\n/**\n * @deprecated Replaced by new signer\n */\nexport type GetSignerArgs = {\n idOpts: LegacyIIdentifierOpts\n context: IRequiredSignAgentContext\n}\n\n/**\n * @deprecated Replaced by the identifier resolution service\n */\ntype LegacyIIdentifierOpts = {\n identifier: IIdentifier | string\n}\nexport type IRequiredSignAgentContext = IAgentContext<IKeyManager & IDIDManager & IResolver>\n"],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;ACAA,0BAA+B;AAC/B,4BAA4B;AAC5B,yBAWO;AACP,IAAAA,sBAA4B;AAC5B,qBAA0F;AAE1F,qBAAyC;AAEzC,mBASO;AACP,qBAAkC;AAGlC,sBAAqB;AAErB,UAAqB;;;AC7Bd,IAAKC,yBAAAA,0BAAAA,yBAAAA;;;;;;;;SAAAA;;AAUL,IAAKC,sBAAAA,0BAAAA,sBAAAA;;SAAAA;;AA4CL,IAAMC,aAAa;;;ADX1B,IAAM,EAAEC,YAAYC,SAAQ,IAAKC;AAE1B,IAAMC,uBAAuB,8BAClC,EACEC,YACAC,4BACAC,8BACAC,SACAC,cAAa,GAQfC,YAAAA;AAEA,SAAO,MAAMC,wBACX;IACEN;IACAC;IACAC;IACAC;IACAC;IACAG,gBAAgB;EAClB,GACAF,OAAAA;AAEJ,GA3BoC;AA4B7B,IAAMC,0BAA0B,8BACrC,EACEN,YACAC,4BACAC,8BACAC,SACAC,eACAG,eAAc,GAShBF,YAAAA;AAEA,MAAIG,MAAiCC;AACrC,MAAI;AACFD,UACG,MAAME,kCACL;MACEV;MACAO;MACAI,iBAAiB;MACjBR;MACAC;IACF,GACAC,OAAAA,MAEDH,gCAAgCK,mBAAmB,uBAChDE,SACA,MAAMC,kCACJ;MACEV;MACAO,gBAAgB;MAChBI,iBAAiB;MACjBR;MACAC;IACF,GACAC,OAAAA;EAEV,SAASO,GAAG;AACV,QAAIA,aAAaC,OAAO;AACtB,UAAI,CAACD,EAAEE,QAAQC,SAAS,KAAA,KAAU,CAACd,4BAA4B;AAC7D,cAAMW;MACR;IACF,OAAO;AACL,YAAMA;IACR;EACF;AACA,MAAI,CAACJ,OAAOP,4BAA4B;AACtC,UAAMe,aAAaC,cAAcjB,UAAAA;AACjCQ,UACG,MAAME,kCACL;MACEV;MACAO;MACAI,iBAAiB;MACjBO,aAAaF;MACbb;MACAC;IACF,GACAC,OAAAA,MAEDH,gCAAgCK,mBAAmB,uBAChDE,SACA,MAAMC,kCACJ;MACEV;MACAO,gBAAgB;MAChBI,iBAAiB;MACjBO,aAAaF;MACbb;MACAC;IACF,GACAC,OAAAA;AAER,QAAI,CAACG,KAAK;AACRA,YAAMR,WAAWmB,KACdC,IAAI,CAACZ,SAAQA,IAAAA,EACba,OAAO,CAACb,SAAQL,YAAYM,UAAaD,KAAIc,SAASnB,WAAYC,iBAAiBI,KAAIe,QAAQvB,WAAWwB,eAAe,EACzHC,KAAK,CAACjB,SAAQA,KAAIkB,KAAKC,oBAAoBL,KAAKP,SAAS,gBAAA,KAAqBP,KAAIkB,KAAKE,UAAUb,SAAS,gBAAA,CAAA;IAC/G;EACF;AACA,MAAI,CAACP,KAAK;AACR,UAAMK,MAAM,6CAA6Cb,WAAW6B,GAAG,EAAE;EAC3E;AACA,SAAOrB;AACT,GA1FuC;AA4FhC,IAAMsB,+BAA+B,8BAC1CzB,SACA0B,SAAAA;AAEA,QAAMC,oBAAoB,MAAMC,qBAAqB5B,SAAS;IAAE,GAAG0B,MAAMG,YAAYC;IAAS,GAAIJ,MAAMK,UAAU;MAAEA,QAAQL,KAAKK;IAAO;EAAG,CAAA;AAC3I,MAAIJ,sBAAsBvB,QAAW;AACnC,WAAO;MACL4B,SAAS;MACTC,QAAQN;IACV;EACF;AAEA,MAAID,MAAMK,WAAWG,uBAAuBC,SAAS;AACnD,UAAMN,aAAaH,MAAMG,cAAc,CAAC;AACxCA,eAAWC,UAAU;MAAEM,WAAW;MAAQnB,MAAM;MAAa,GAAGY;IAAW;AAC3EH,SAAKG,aAAaA;EACpB;AACA,QAAMQ,oBAAoB,MAAMC,iBAAiBtC,SAAS0B,IAAAA;AAC1D,SAAO;IACLM,SAAS;IACTC,QAAQI;EACV;AACF,GAtB4C;AAwBrC,IAAMT,uBAAuB,8BAAO5B,SAAqC0B,SAAAA;AAC9E,QAAMa,eAAe,MAAMvC,QAAQwC,MAAMC,eAAef,MAAMK,SAAS;IAAEW,UAAU,GAAGC,UAAAA,GAAajB,MAAMK,MAAAA;EAAS,IAAI,CAAC,CAAA,GAAIf,OACzH,CAACrB,eAA4B+B,MAAMT,SAASb,UAAaT,WAAWmB,KAAK8B,KAAK,CAACzC,QAAcA,IAAIc,SAASS,MAAMT,IAAAA,CAAAA;AAGlH,SAAOsB,eAAeA,YAAYM,SAAS,IAAIN,YAAY,CAAA,IAAKnC;AAClE,GANoC;AAQ7B,IAAMkC,mBAAmB,8BAAOtC,SAAqC0B,SAAAA;AAC1E,SAAO,MAAM1B,QAAQwC,MAAMM,iBAAiB;IAC1CC,KAAK,UAAMC,2BAAOhD,SAAS0B,MAAMG,YAAYkB,GAAAA;IAC7C,GAAIrB,MAAMK,UAAU;MAAEW,UAAU,GAAGC,UAAAA,GAAajB,MAAMK,MAAAA;IAAS;IAC/DkB,OAAOvB,MAAMG,YAAYoB,SAAS,GAAGC,oBAAoBC,OAAO,IAAIzB,MAAMK,MAAAA,IAAUL,MAAMG,YAAYC,SAASb,IAAAA,KAAQ,oBAAImC,KAAAA,GAAOC,QAAO,CAAA;IACzIvB,SAASJ,MAAMG,YAAYC;EAC7B,CAAA;AACF,GAPgC;AASzB,IAAMzB,oCAAoC,8BAC/C,EACEV,YACAO,iBAAiB,sBACjBJ,SACAQ,kBAAkB,OAClBO,aACAd,cAAa,GASfC,YAAAA;AAEA,QAAMsD,cAAc,MAAMC,qCAAqC;IAAE5D;IAAYO;IAAgBW;EAAY,GAAGb,OAAAA;AAC5G,MAAIwD,MAAMC,QAAQH,WAAAA,KAAgBA,YAAYT,SAAS,GAAG;AACxD,UAAMZ,SAASqB,YAAYlC,KACzB,CAACjB,QAAQL,YAAYM,UAAaD,IAAIc,SAASnB,WAAYC,iBAAiBI,IAAIe,QAAQvB,WAAWwB,eAAe;AAEpH,QAAIc,QAAQ;AACV,aAAOA;IACT;EACF;AACA,MAAI3B,iBAAiB;AACnB,UAAM,IAAIE,MACR,wCAAwCN,cAAAA,wBAAsCP,WAAW6B,GAAG,GAAG1B,UAAU,oBAAoBA,UAAU,EAAA,EAAI;EAE/I;AACA,SAAOM;AACT,GAjCiD;AAmC1C,IAAMsD,4BAA4B,wBAAC,EAAEvD,IAAG,MAAiB;AAC9D,MAAIA,IAAIc,SAAS,aAAa;AAC5B,UAAMT,MAAM,+DAA+DL,IAAIc,IAAI,gBAAgBd,IAAIe,GAAG,EAAE;EAC9G;AACA,QAAMyC,kBAAkBxD,IAAIkB,MAAMsC,mBAAmBxD,IAAIkB,MAAMuC,SAASC,YAAAA,SAAiBC,oCAAe,KAAK3D,IAAI4D,YAAY,EAAE,EAAEF,YAAW;AAC5I,MAAI,CAACF,iBAAiB;AACpB,UAAMnD,MAAM,mEAAmEL,IAAIe,GAAG,EAAE;EAC1F;AACA,SAAOyC;AACT,GATyC;AAWlC,IAAMK,mBAAmB,wBAAC,EAAErE,WAAU,MAA+B;AAC1E,QAAMQ,MAAMR,WAAWmB,KAAKM,KAAK,CAACjB,SAAQA,KAAIe,QAAQvB,WAAWwB,eAAe;AAChF,MAAI,CAAChB,KAAK;AACR,UAAMK,MAAM,+CAA+Cb,UAAAA,EAAY;EACzE;AACA,SAAOQ;AACT,GANgC;AAQzB,IAAM8D,UAAU,wBAAC,EACtBC,eACAnB,KACApD,YACAwE,WACArE,SACAC,cAAa,MAQd;AACC,SAAOJ,WAAWmB,KACfE,OAAO,CAACb,QAAQ,CAACL,WAAWK,IAAIc,SAASnB,OAAAA,EACzCkB,OAAO,CAACb,QAAQ,CAAC4C,OAAO5C,IAAI4C,QAAQA,GAAAA,EACpC/B,OAAO,CAACb,QAAQ,CAACgE,aAAahE,IAAIe,QAAQiD,SAAAA,EAC1CnD,OAAO,CAACb,QAAQ,CAAC+D,iBAAiB/D,IAAIkB,MAAM6C,kBAAkBA,aAAAA,EAC9DlD,OAAO,CAACb,QAAQ,CAACJ,iBAAiBJ,WAAWwB,oBAAoBhB,IAAIe,GAAG;AAC7E,GArBuB;AAkCvB,eAAsBkD,iCACpBvD,aACAwD,UAA8B,gBAC9BrE,SAAiC;AAEjC,QAAMsE,UAAUD,YAAY;AAC5B,MAAIA,YAAY,WAAW;AACzB,WAAO,CAAA;EACT;AACA,UACE,MAAME,QAAQC,KACX3D,YAAYwD,OAAAA,KAAY,CAAA,GAAItD,IAAI,OAAOZ,QAAAA;AACtC,QAAI,OAAOA,QAAQ,UAAU;AAC3B,UAAI;AACF,eAAQ,MAAMH,QAAQwC,MAAMiC,oBAAoB;UAC9C5D;UACA6D,QAAQvE;UACRkE;QACF,CAAA;MACF,SAAS9D,GAAG;AACV,eAAO;MACT;IACF,OAAO;AACL,aAAOJ;IACT;EACF,CAAA,CAAA,GAGDa,OAAO2D,sBAAAA,EACP5D,IAAI,CAACZ,QAAAA;AACJ,UAAMyE,SAASC,kCAAkC1E,KAAKmE,OAAAA;AACtD,UAAM,EAAEP,cAAce,iBAAiBC,iBAAiBC,cAAc,GAAGC,SAAAA,IAAa9E;AACtF,UAAM+E,SAAS;MAAE,GAAGD;MAAUlB,cAAca;IAAO;AACnD,QAAIN,WAAW,iCAAiCY,OAAOjE,MAAM;AAC3DiE,aAAOjE,OAAO;IAChB;AACA,WAAOiE;EACT,CAAA;AACJ;AAtCsBd;AAwCf,SAASe,mBAAmBC,KAAQ;AAGzC,QAAMC,KAAkC;IACtCL,kBAAcM,iCAAaF,GAAAA;EAC7B;AACA,SAAOP,kCAAkCQ,EAAAA;AAC3C;AAPgBF;AAkBT,SAASN,kCAAkCU,IAAiCjB,UAAU,OAAK;AAChG,MAAIiB,GAAGP,cAAc;AACnB,UAAMI,UAAME,iCAAaC,GAAGP,YAAY;AACxC,QAAII,IAAII,QAAQ,MAAM;AACpB,YAAMC,QAAQL,IAAIM,MAAMC,aAAaP,IAAIM,GAAG,IAAI;AAChD,YAAME,WAAOC,iCAAYT,IAAIU,GAAI,WAAA;AACjC,YAAMC,WAAOF,iCAAYT,IAAIY,GAAI,WAAA;AACjC,YAAMC,SAAS;AAGf,YAAMC,MAAM,GAAGD,MAAAA,GAASL,IAAAA,GAAOG,IAAAA;AAC/B,UAAI;AACF,cAAMI,KAAK,IAAIC,gBAAAA,QAASD,GAAGV,KAAAA;AAE3B,cAAM1B,eAAeoC,GAAGE,cAAcH,KAAK,KAAA,EAAOI,UAAU,MAAM,KAAA;AAElE,eAAOvC;MACT,SAASwC,OAAY;AACnBC,gBAAQD,MAAM,+CAA+Cd,KAAAA,wBAA6BL,IAAIU,CAAC,QAAQV,IAAIY,CAAC,YAAYO,KAAAA,IAASA,KAAAA;MACnI;IACF,WAAWnB,IAAIM,QAAQ,WAAW;AAChC,aAAOlG,SAASD,WAAW6F,IAAIU,GAAI,WAAA,GAAc,QAAA;IACnD,WAAWV,IAAII,QAAQ,OAAO;AAC5B,iBAAOiB,sCAAkBrB,GAAAA;IAE3B;EACF;AAEA,SAAOsB,oBAAoBnB,IAAIjB,OAAAA;AACjC;AA7BgBO;AA+BT,SAAS8B,gBAAgBT,KAAW;AACzC,QAAMU,WAAWV,IAAIA,IAAIrD,SAAS,CAAA,EAAGgB,YAAW;AAChD,SAAO;IAAC;IAAK;IAAK;IAAK;IAAK;IAAK;IAAK;IAAK;IAAKnD,SAASkG,QAAAA;AAC3D;AAHgBD;AAkBT,SAASD,oBAAoBnB,IAAiCjB,UAAmB,OAAK;AAC3F,MAAIuC,WAAWC,sBAAsBvB,EAAAA;AACrC,QAAMH,MAAMG,GAAGP,mBAAeM,iCAAaC,GAAGP,YAAY,IAAI5E;AAC9D,MAAIkE,SAAS;AACX,QACE;MAAC;MAAW;MAA8B;MAA8B5D,SAAS6E,GAAGtE,IAAI,KACvFsE,GAAGtE,SAAS,oBAAoBmE,KAAKM,QAAQ,WAC9C;AACAmB,qBAAWE,yCAAyBF,QAAAA;IACtC,WACE,CAAC;MAAC;MAAU;MAA6B;MAA6BnG,SAAS6E,GAAGtE,IAAI,KACtF,EAAEsE,GAAGtE,SAAS,oBAAoBmE,KAAKM,QAAQ,WAC/C;AACA,aAAO;IACT;EACF;AACA,aAAOsB,2BAAWH,QAAAA;AACpB;AAjBgBH;AAmBhB,SAASf,aAAasB,OAAa;AACjC,SAAOA,MAAMpD,YAAW,EAAGqD,QAAQ,KAAK,EAAA,EAAIA,QAAQ,KAAK,EAAA;AAC3D;AAFSvB;AAIT,SAASmB,sBAAsBvB,IAAsB;AACnD,MAAIA,GAAGT,iBAAiB;AACtB,eAAOqC,8BAAc5B,GAAGT,eAAe;EACzC,WAAWS,GAAG6B,oBAAoB;AAChC,eAAOC,oCAAoB9B,GAAG6B,kBAAkB;EAClD,WAAsC7B,GAAIR,iBAAiB;AACzD,eAAOuC,8BAAyC/B,GAAIR,eAAe;EACrE,WAAWQ,GAAGxB,cAAc;AAC1B,eAAOwD,2BAAWhC,GAAGxB,YAAY;EACnC,WAAWwB,GAAGP,cAAcU,OAAOH,GAAGP,aAAac,KAAKP,GAAGP,aAAagB,GAAG;AACzE,eAAOuB,2BAAW1C,kCAAkCU,EAAAA,CAAAA;EACtD,WAAWA,GAAGP,iBAAiBO,GAAGP,aAAaU,QAAQ,aAAaH,GAAGP,aAAaU,QAAQ,aAAaH,GAAGP,aAAac,GAAG;AAC1H,eAAOwB,8BAAc/B,GAAGP,aAAac,CAAC;EACxC;AACA,SAAO,IAAI0B,WAAAA;AACb;AAfSV;AAiBF,SAASW,wBAAwBpC,IAAwB/E,kBAAkB,MAAI;AACpF,MAAI8E,MAAuBC,GAAGL;AAC9B,MAAI,CAACI,KAAK;AACR,QAAIrB,eAAesB,GAAGtB,gBAAgBvE,SAASsH,sBAAsBzB,EAAAA,GAAK,KAAA;AAC1E,QAAItB,gBAAgBA,aAAa2D,KAAI,MAAO,IAAI;AAC9CtC,gBAAMuC,0BAAM5D,kBAAc6D,kDAA8B;QAAElC,KAAKL,GAAGpE;MAAK,CAAA,CAAA;IACzE;EACF;AACA,MAAI,CAACmE,KAAK;AACR,QAAI9E,iBAAiB;AACnB,YAAME,MAAM,yCAAyC6E,GAAGwC,EAAE,SAAS;IACrE;AACA,WAAO;EACT;AACAzC,MAAIlE,MAAMmE,GAAGwC;AACb,aAAOvC,iCAAaF,GAAAA;AACtB;AAhBgBqC;AAkBhB,SAASK,yBACPC,oBACAC,8BACAC,qBAA0C;AAE1C,QAAMC,OAAO,IAAIC,KACdH,gCAAgC,CAAA,GAC9BjH,IAAI,CAACqH,WAAY,OAAOA,WAAW,WAAWA,SAASH,qBAAqB7G,KAAK,CAACiE,OAAOA,GAAGwC,OAAOO,MAAAA,CAAAA,EACnGpH,OAAO2D,sBAAAA,EACP5D,IAAI,CAACsE,OAAOoC,wBAAwBpC,IAAI,KAAA,CAAA,EACxCrE,OAAO2D,sBAAAA,CAAAA;AAEZ,SAAO;IAAEoD;IAAoBG,MAAM1E,MAAM6E,KAAKH,IAAAA;EAAM;AACtD;AAbSJ;AAiBF,SAASQ,kBAAkBzH,aAAwB;AACxD,SAAO;IACLS,oBAAoB;SACfwG,yBAAyB,aAAajH,YAAY0H,WAAW1H,YAAYS,kBAAkB,EAAE4G;SAC7FJ,yBAAyB,sBAAsBjH,YAAYS,oBAAoBT,YAAYS,kBAAkB,EAAE4G;;IAEpHM,iBAAiBV,yBAAyB,mBAAmBjH,YAAY2H,iBAAiB3H,YAAYS,kBAAkB,EAAE4G;IAC1HO,gBAAgBX,yBAAyB,kBAAkBjH,YAAY4H,gBAAgB5H,YAAYS,kBAAkB,EAAE4G;IACvHQ,cAAcZ,yBAAyB,gBAAgBjH,YAAY6H,cAAc7H,YAAYS,kBAAkB,EAAE4G;IACjHS,sBAAsBb,yBAAyB,wBAAwBjH,YAAY8H,sBAAsB9H,YAAYS,kBAAkB,EAAE4G;IACzIU,sBAAsBd,yBAAyB,wBAAwBjH,YAAY+H,sBAAsB/H,YAAYS,kBAAkB,EAAE4G;EAC3I;AACF;AAZgBI;AA+BhB,eAAsB/E,qCACpB,EACE5D,YACAO,iBAAiB,sBACjBW,aACAsD,UAAS,GAOXnE,SAA+C;AAE/C,QAAM6I,SACJhI,eACC,MAAMiI,iBAAiB9I,OAAAA,EACrB+I,QAAQpJ,WAAW6B,GAAG,EACtBwH,KAAK,CAAC/G,WAAWA,OAAOpB,WAAW;AACxC,MAAI,CAACgI,QAAQ;AACX,UAAMrI,MAAM,yBAAyBb,WAAW6B,GAAG,EAAE;EACvD;AAKA,QAAMV,OAAO+H,SAAS,CAAA,IAAK,UAAMI,qCAAuBtJ,YAAYO,gBAAgBF,OAAAA;AAGpF,QAAMkJ,eAAqC,MAAM9E,iCAAiCyE,QAAQ3I,gBAAgBF,OAAAA;AAE1G,MAAImE,WAAW;AACb,QAAIgF,QAAQrI,KAAKE,OAAO,CAACb,QAAQA,IAAIe,QAAQiD,SAAAA;AAC7C,QAAIgF,MAAMtG,SAAS,GAAG;AACpB,aAAOsG;IACT;EACF;AAEA,QAAMC,YAAYlJ,mBAAmB,qBAAiBmJ,8CAAgC1J,UAAAA,QAAc2J,8CAAgC3J,UAAAA;AAGpI,QAAM4J,eAAgCL,aACnCnI,IAAI,CAACO,uBAAAA;AACJ,QAAIkI,QAAQlI,mBAAmByC;AAC/B,QAAIyF,OAAOC,WAAW,IAAA,GAAO;AAE3BD,kBAAQE,mCAAeF,KAAAA;IACzB;AAEA,UAAMG,WAAWP,UAAUhI,KACzB,CAACuI,cACCA,UAAS5F,iBAAiByF,SACzBG,UAAS1I,SAAS,SAASuI,OAAOC,WAAW,IAAA,SAASC,mCAAeC,UAAS5F,YAAY,MAAMyF,SACjGA,OAAOC,WAAWE,UAAS5F,YAAY,KACvC6F,2BAA2BD,WAAUrI,kBAAAA,CAAAA;AAEzC,QAAIqI,UAAU;AACZ,YAAM,EAAEtI,MAAM,GAAGwI,WAAAA,IAAeF;AAChC,aAAO;QAAE,GAAGE;QAAYxI,MAAM;UAAE,GAAGA;UAAMC;QAAmB;MAAE;IAChE,OAAO;AACL,aAAO;IACT;EACF,CAAA,EACCN,OAAO2D,sBAAAA;AAEV,SAAOnB,MAAM6E,KAAK,IAAIF,IAAIrH,KAAKgJ,OAAOP,YAAAA,CAAAA,CAAAA;AACxC;AAlEsBhG;AAgFtB,SAASqG,2BAA2BD,UAAgBrI,oBAAsC;AACxF,MACGA,mBAAmBL,SAAS,sCAAsCK,mBAAmBL,SAAS,uCAC/F0I,SAAS1I,SAAS,aAClB;AACA,WAAO;EACT;AACA,MAAI8I,gBAAYC,iCAAmB1I,kBAAAA;AACnC,MAAIqI,SAAStI,MAAMuC,SAAS;AAC1B,WAAOmG,cAAcJ,SAAStI,MAAMuC,QAAQC,YAAAA;EAC9C;AACA,QAAMoG,mBAAenG,oCAAe,OAAO6F,SAAS5F,YAAY,EAAEF,YAAW;AAC7E,SAAOoG,iBAAiBF;AAC1B;AAbSH;AAeT,eAAsBM,mBAAmBlK,SAAmC;AAC1E,UAAQ,MAAMA,QAAQwC,MAAM2H,uBAAsB,GAAIpJ,IAAI,CAAC2B,aAAaA,SAASmB,YAAW,EAAGqD,QAAQ,QAAQ,EAAA,CAAA;AACjH;AAFsBgD;AAIf,SAASE,OAAOC,QAA4C;AACjE,MAAI,OAAOA,OAAO1K,eAAe,UAAU;AACzC,WAAO0K,OAAO1K;EAChB,WAAW,OAAO0K,OAAO1K,eAAe,UAAU;AAChD,WAAO0K,OAAO1K,WAAW6B;EAC3B;AACA,QAAMhB,MAAM,sCAAsC;AACpD;AAPgB4J;AAST,SAASE,MAAM3K,YAAuD;AAC3E,MAAI,OAAOA,eAAe,UAAU;AAClC,WAAOA;EACT;AACA,MAAIA,WAAW6B,KAAK;AAClB,WAAO7B,WAAW6B;EACpB;AACA,QAAMhB,MAAM,oCAAoC;AAClD;AARgB8J;AAUT,SAASC,OAAOhI,aAA6D;AAClF,MAAI,CAACA,aAAa;AAChB,WAAO,CAAA;EACT;AACA,SAAOA,YAAYxB,IAAIuJ,KAAAA;AACzB;AALgBC;AAOhB,eAAsBC,OACpB,EACE7K,YACAO,iBAAiB,kBACjBiE,UAAS,GAMXnE,SAA+C;AAE/C,MAAI,CAACL,YAAY;AACf,WAAO4E,QAAQkG,OAAO,IAAIjK,MAAM,0CAA0C,CAAA;EAC5E;AAEA,QAAMkK,iBAAiBvG,WAAWwG,MAAM,GAAG;AAC3C,QAAMzJ,MAAMwJ,iBAAkBA,gBAAgB7H,WAAW,IAAI6H,eAAe,CAAA,IAAKA,eAAe,CAAA,IAAMtK;AAGtG,MAAIwK,gBAA2CxK;AAE/C,QAAMU,OAAO,MAAMyC,qCAAqC;IAAE5D;IAAYO;IAAgCiE;EAAqB,GAAGnE,OAAAA;AAC9H,MAAI,CAACc,QAAQA,KAAK+B,WAAW,GAAG;AAC9B,UAAM,IAAIrC,MAAM,gDAAgDN,cAAAA,YAA0BP,WAAW6B,GAAG,EAAE;EAC5G;AACA,MAAI2C,WAAW;AACbyG,oBAAgB9J,KAAKM,KACnB,CAACjB,QAAuBA,IAAIkB,KAAKC,oBAAoBuG,OAAO1D,aAAcjD,OAAOf,IAAIkB,KAAKC,oBAAoBuG,IAAInH,SAASQ,GAAAA,CAAAA;EAE/H;AACA,MAAI,CAAC0J,eAAe;AAClBA,oBAAgB9J,KAAKM,KACnB,CAACjB,QAAuBA,IAAIkB,KAAKC,oBAAoBL,SAASf,kBAAkBC,IAAIkB,KAAKE,UAAUb,SAASR,cAAAA,CAAAA;EAEhH;AACA,MAAI,CAAC0K,eAAe;AAClBA,oBAAgB9J,KAAK,CAAA;EACvB;AAEA,MAAI,CAAC8J,eAAe;AAClB,UAAM,IAAIpK,MACR,8DAA8D2D,SAAAA,mBAA4BjE,cAAAA,WAAyBP,WAAW6B,GAAG,EAAE;EAEvI;AAEA,SAAOoJ;AACT;AA/CsBJ;AAwDtB,eAAeK,oBACb,EACElL,WAAU,GAIZK,SAAmC;AAEnC,MAAI,OAAOL,eAAe,UAAU;AAClC,WAAO,MAAMK,QAAQwC,MAAMsI,cAAc;MAAEtJ,KAAK7B;IAAW,CAAA;EAC7D;AACA,SAAOA;AACT;AAZekL;AAoBf,eAAsBE,aACpB,EACE5K,KACAkK,OAAM,GAKRrK,SAA+C;AAE/C,MAAIG,IAAIkB,MAAMC,oBAAoBuG,IAAI;AACpC,WAAO1H,IAAIkB,MAAMC,oBAAoBuG;EACvC;AACA,QAAMlI,aAAa,MAAMkL,oBAAoBR,QAAQrK,OAAAA;AACrD,QAAMgL,aAAa,MAAMzH,qCACvB;IACE5D;IACAO,gBAAgB;EAClB,GACAF,OAAAA;AAEF,QAAMwJ,QAAQwB,WAAW5J,KAAK,CAAC6J,gBAAgBA,YAAY/J,QAAQf,IAAIe,GAAG;AAC1E,MAAIsI,OAAO;AACT,WAAOA,MAAMnI,MAAMC,oBAAoBuG,MAAM2B,MAAMnI,MAAM6C,iBAAiBmG,OAAOlG,aAAaqF,MAAMtI;EACtG;AAEA,SAAOf,IAAIkB,MAAM6C,iBAAiBmG,OAAOlG,aAAahE,IAAIe;AAC5D;AA3BsB6J;AA6BtB,eAAsBG,uBAAuBC,SAAsBnL,SAAmC;AACpG,SAAOmL,QAAQC,uBAAwB,MAAMlB,mBAAmBlK,OAAAA;AAClE;AAFsBkL;AAIf,SAASpC,iBACd9I,SACA0B,MAIC;AAED,SAAO,IAAI2J,iBAAiBrL,SAAS0B,IAAAA;AACvC;AATgBoH;AAWT,IAAMuC,mBAAN,MAAMA;EArvBb,OAqvBaA;;;EACMrL;EACAsL;EACAC;EACAC;EAEjB,YACExL,SACA0B,MACA;AACA,SAAK1B,UAAUA;AACf,SAAKsL,qBAAqB5J,MAAM4J,uBAAuB;AACvD,SAAKC,wBAAwB7J,MAAM6J,0BAA0B;AAC7D,SAAKC,kBAAkB9J,MAAM8J,oBAAoB;EACnD;EAEA,MAAMzC,QAAQrE,QAAgB5C,SAA8D;AAC1F,QAAI2J;AACJ,QAAIC;AACJ,QAAIC;AACJ,QAAI,CAAC,KAAKL,sBAAsB,CAAC,KAAKE,mBAAmB,CAAC,KAAKD,uBAAuB;AACpF,YAAM/K,MAAM,6HAA6H;IAC3I;AACA,QAAI,KAAK8K,oBAAoB;AAC3B,UAAI;AACFG,2BAAmB,MAAM,KAAKzL,QAAQwC,MAAMoJ,WAAW;UAAElH;UAAQ5C;QAAQ,CAAA;MAC3E,SAASyE,OAAgB;AACvBoF,cAAMpF;MACR;IACF;AACA,QAAIkF,kBAAkB;AACpBC,6BAAuBD;AACvB,UAAIA,iBAAiB5K,gBAAgB,MAAM;AACzC4K,2BAAmBrL;MACrB;IACF,OAAO;AACLoG,cAAQqF,IAAI,wEAAwE;IACtF;AACA,QAAI,CAACJ,oBAAoB,KAAKD,iBAAiB;AAC7ChF,cAAQqF,IAAI,kEAAkE;AAC9E,UAAI;AACF,cAAMrK,MAAMkD,OAAOiG,MAAM,GAAA,EAAK,CAAA;AAC9B,cAAMmB,cAAc,MAAM,KAAK9L,QAAQwC,MAAMsI,cAAc;UAAEtJ;QAAI,CAAA;AACjEiK,2BAAmBM,sBAAsBD,aAAa;UAAEtK;QAAI,CAAA;AAC5D,YAAIiK,iBAAiB5K,aAAa;AAChC8K,gBAAMvL;QACR,OAAO;AACLoG,kBAAQqF,IAAI,mDAAmDrK,GAAAA,EAAK;QACtE;MACF,SAAS+E,OAAgB;AACvB,YAAI,CAACoF,KAAK;AACRA,gBAAMpF;QACR;MACF;IACF;AACA,QAAIkF,kBAAkB;AACpB,UAAI,CAACC,sBAAsB;AACzBA,+BAAuBD;MACzB;AACA,UAAI,CAACA,iBAAiB5K,aAAa;AACjC4K,2BAAmBrL;MACrB;IACF;AACA,QAAI,CAACqL,oBAAoB,KAAKF,uBAAuB;AACnD/E,cAAQqF,IAAI,+CAA+CnH,MAAAA,GAAS;AACpE+G,yBAAmB,MAAM,IAAIO,kCAAAA,EAAcjD,QAAQrE,QAAQ5C,OAAAA;AAC3D,UAAI,CAAC4J,sBAAsB;AACzBA,+BAAuBD;MACzB;AACA,UAAIA,iBAAiB5K,aAAa;AAChC8K,cAAMvL;MACR;IACF;AAEA,QAAIuL,KAAK;AAEP,YAAMA;IACR;AACA,QAAI,CAACF,oBAAoB,CAACC,sBAAsB;AAC9C,YAAM,qBAAqBhH,MAAAA,gCAAsC,KAAK4G,kBAAkB,YAAY,KAAKE,eAAe,mBAAmB,KAAKD,qBAAqB;IACvK;AACA,WAAOE,oBAAoBC;EAC7B;AACF;AAYO,SAAS9K,cACdjB,YACA+B,MAGC;AAED,MAAIb,cAAuCT;AAE3C,MAAIT,YAAY;AACd,UAAM6B,MAAM7B,WAAW6B,OAAOE,MAAMF;AACpCX,kBAAc;MACZ,YAAY;MACZgH,IAAIrG;MACJF,oBAAoB3B,WAAWmB,KAAKC,IAAI,CAACZ,QAAAA;AACvC,cAAMkF,KAAyB;UAC7B4G,YAAYzK;UACZqG,IAAI1H,IAAIe,IAAIuI,WAAWjI,GAAAA,KAAQrB,IAAIe,IAAIR,SAAS,GAAA,IAAOP,IAAIe,MAAM,GAAGM,GAAAA,IAAOrB,IAAIe,GAAG;UAClF8D,kBAAc2C,0BAAMxH,IAAI4D,cAAc5D,IAAIc,MAAM;YAC9CiL,KAAKC,gCAAazL,SAASP,IAAIc,IAAI,IAAImL,6BAAUC,aAAaD,6BAAUE;YACxEnM;UACF,CAAA;UACAc,MAAM;QACR;AACA,eAAOoE;MACT,CAAA;MACA,IAAK3D,MAAMwK,QAAQ9L,UAAasB,MAAMwK,KAAKxL,SAAS0L,6BAAUE,SAAS,MACrE3M,WAAWmB,QAAQ;QACjB0H,iBAAiB7I,WAAWmB,KACzBE,OACC,CAACb,QACCA,KAAKkB,MAAMkL,YAAYnM,UAAaD,KAAKkB,MAAMkL,YAAY,qBAAqBpM,KAAKkB,MAAME,UAAUb,SAAS,iBAAA,CAAA,EAEjHK,IAAI,CAACZ,QAAAA;AACJ,cAAIA,IAAIe,IAAIuI,WAAWjI,GAAAA,KAAQrB,IAAIe,IAAIR,SAAS,GAAA,GAAM;AACpD,mBAAOP,IAAIe;UACb;AACA,iBAAO,GAAGM,GAAAA,IAAOrB,IAAIe,GAAG;QAC1B,CAAA;MACJ;MACF,IAAKQ,MAAMwK,QAAQ9L,UAAasB,MAAMwK,KAAKxL,SAAS0L,6BAAUE,SAAS,MACrE3M,WAAWmB,QAAQ;QACjB2H,gBAAgB9I,WAAWmB,KACxBE,OACC,CAACb,QAAQA,KAAKkB,MAAMkL,YAAYnM,UAAaD,KAAKkB,MAAMkL,YAAY,oBAAoBpM,KAAKkB,MAAME,UAAUb,SAAS,gBAAA,CAAA,EAEvHK,IAAI,CAACZ,QAAAA;AACJ,cAAIA,IAAIe,IAAIuI,WAAWjI,GAAAA,KAAQrB,IAAIe,IAAIR,SAAS,GAAA,GAAM;AACpD,mBAAOP,IAAIe;UACb;AACA,iBAAO,GAAGM,GAAAA,IAAOrB,IAAIe,GAAG;QAC1B,CAAA;MACJ;MACF,IAAKQ,MAAMwK,QAAQ9L,UAAasB,MAAMwK,KAAKxL,SAAS0L,6BAAUC,UAAU,MACtE1M,WAAWmB,QAAQ;QACjB4H,cAAc/I,WAAWmB,KACtBE,OAAO,CAACb,QAAQA,IAAIc,SAAS,YAAYd,KAAKkB,MAAMkL,YAAY,kBAAkBpM,KAAKkB,MAAME,UAAUb,SAAS,cAAA,CAAA,EAChHK,IAAI,CAACZ,QAAAA;AACJ,cAAIA,IAAIe,IAAIuI,WAAWjI,GAAAA,KAAQrB,IAAIe,IAAIR,SAAS,GAAA,GAAM;AACpD,mBAAOP,IAAIe;UACb;AACA,iBAAO,GAAGM,GAAAA,IAAOrB,IAAIe,GAAG;QAC1B,CAAA;MACJ;MACF,IAAKQ,MAAMwK,QAAQ9L,UAAasB,MAAMwK,KAAKxL,SAAS0L,6BAAUC,UAAU,MACtE1M,WAAWmB,QAAQ;QACjB6H,sBAAsBhJ,WAAWmB,KAC9BE,OACC,CAACb,QACCA,IAAIc,SAAS,YAAYd,KAAKkB,MAAMkL,YAAY,0BAA0BpM,KAAKkB,MAAME,UAAUb,SAAS,sBAAA,CAAA,EAE3GK,IAAI,CAACZ,QAAAA;AACJ,cAAIA,IAAIe,IAAIuI,WAAWjI,GAAAA,KAAQrB,IAAIe,IAAIR,SAAS,GAAA,GAAM;AACpD,mBAAOP,IAAIe;UACb;AACA,iBAAO,GAAGM,GAAAA,IAAOrB,IAAIe,GAAG;QAC1B,CAAA;MACJ;MACF,IAAKQ,MAAMwK,QAAQ9L,UAAasB,MAAMwK,KAAKxL,SAAS0L,6BAAUC,UAAU,MACtE1M,WAAWmB,QAAQ;QACjB8H,sBAAsBjJ,WAAWmB,KAC9BE,OACC,CAACb,QACCA,IAAIc,SAAS,YAAYd,KAAKkB,MAAMkL,YAAY,0BAA0BpM,KAAKkB,MAAME,UAAUb,SAAS,sBAAA,CAAA,EAE3GK,IAAI,CAACZ,QAAAA;AACJ,cAAIA,IAAIe,IAAIuI,WAAWjI,GAAAA,KAAQrB,IAAIe,IAAIR,SAAS,GAAA,GAAM;AACpD,mBAAOP,IAAIe;UACb;AACA,iBAAO,GAAGM,GAAAA,IAAOrB,IAAIe,GAAG;QAC1B,CAAA;MACJ;MACF,GAAIvB,WAAW6M,YAAY7M,WAAW6M,SAAS3J,SAAS,KAAK;QAAE4J,SAAS9M,WAAW6M;MAAS;IAC9F;EACF;AACA,SAAO3L;AACT;AAhGgBD;AAkGT,SAASmL,sBACdpM,YACA+B,MAGC;AAED,QAAMb,cAAcD,cAAcjB,YAAY+B,IAAAA,KAAS;AAEvD,QAAM+J,mBAAwC;IAC5C,YAAY;IACZ5K;IACA6L,uBAAuB;MACrB,GAAI,CAAC7L,eAAe;QAAE0F,OAAO;MAAW;MACxC,GAAI/C,MAAMC,QAAQ/B,MAAMiL,gBAAAA,KACtBhN,cACA,CAAC+B,MAAMiL,iBAAiBjM,SAASf,WAAW+C,SAASwE,QAAQ,QAAQ,EAAA,CAAA,KAAQ;QAAEX,OAAO;MAAuB;IACjH;IACAqG,qBAAqB;MACnB,GAAIjN,YAAYsD,SAAS;QAAE4J,cAAclN,YAAYsD;MAAM;IAC7D;EACF;AACA,SAAOwI;AACT;AAvBgBM;AAyBhB,eAAsBe,SAASC,eAAqB;AAClD,MAAIvL,MAAMuL;AACV,MAAI,CAACvL,KAAK;AACR,UAAMhB,MAAM,+CAAA;EACd;AACA,MAAIgB,IAAIiI,WAAW,UAAA,GAAa;AAC9B,WAAOjI;EACT;AACA,SAAO,WAAWA,IAAI0F,QAAQ,2BAA2B,IAAA,EAAMrD,YAAW,CAAA;AAC5E;AATsBiJ;AAcf,IAAME,aAAa,8BAAOC,SAAAA;AAC/B,QAAM,EAAE5C,QAAQ6C,QAAQC,SAASnN,SAAS8B,QAAO,IAAKmL;AACtD,QAAMG,aAAa;IACjB,GAAGtL;IACHuL,QAAQ,MAAMC,aAAa;MAAEjD;MAAQrK;IAAQ,CAAA;EAC/C;AAEA,aAAOuN,0BAAUJ,SAASC,YAAYF,MAAAA;AACxC,GAR0B;AAanB,IAAMI,eAAe,8BAC1BL,SAAAA;AAiBA,QAAM,EAAE5C,QAAQrK,QAAO,IAAKiN;AAE5B,QAAMtN,aAAa,MAAMkL,oBAAoBR,QAAQrK,OAAAA;AACrD,QAAMG,MAAM,MAAMqK,OAChB;IACE7K;IACAO,gBAAgBmK,OAAOmD;IACvBrJ,WAAWkG,OAAOlG;EACpB,GACAnE,OAAAA;AAEF,QAAMyN,YAAY,UAAMC,8CAA0B;IAAEvN;EAAI,CAAA;AAExD,SAAO,OAAOwN,SAAAA;AACZ,UAAM1G,QAAQ0G,gBAAgBC,OAAOC,eAAerG,UAAAA,IAAc,IAAIsG,YAAAA,EAAcC,OAAOJ,IAAAA,IAAuBA;AAClH,WAAO,MAAM3N,QAAQwC,MAAMwL,eAAe;MACxCC,QAAQ9N,IAAIe;MACZuM;MACAE,MAAM1G;IACR,CAAA;EACF;AACF,GAvC4B;","names":["import_ssi_sdk_ext","SupportedDidMethodEnum","IdentifierAliasEnum","DID_PREFIX","fromString","toString","u8a","getAuthenticationKey","identifier","offlineWhenNoDIDRegistered","noVerificationMethodFallback","keyType","controllerKey","context","getFirstKeyWithRelation","vmRelationship","key","undefined","getFirstKeyWithRelationFromDIDDoc","errorOnNotFound","e","Error","message","includes","offlineDID","toDidDocument","didDocument","keys","map","filter","type","kid","controllerKeyId","find","meta","verificationMethod","purposes","did","getOrCreatePrimaryIdentifier","opts","primaryIdentifier","getPrimaryIdentifier","createOpts","options","method","created","result","SupportedDidMethodEnum","DID_KEY","codecName","createdIdentifier","createIdentifier","identifiers","agent","didManagerFind","provider","DID_PREFIX","some","length","didManagerCreate","kms","getKms","alias","IdentifierAliasEnum","PRIMARY","Date","getTime","matchedKeys","mapIdentifierKeysToDocWithJwkSupport","Array","isArray","getEthereumAddressFromKey","ethereumAddress","account","toLowerCase","computeAddress","publicKeyHex","getControllerKey","getKeys","jwkThumbprint","kmsKeyRef","dereferenceDidKeysWithJwkSupport","section","convert","Promise","all","getDIDComponentById","didUrl","isDefined","hexKey","extractPublicKeyHexWithJwkSupport","publicKeyBase58","publicKeyBase64","publicKeyJwk","keyProps","newKey","jwkTtoPublicKeyHex","jwk","vm","sanitizedJwk","pk","kty","curve","crv","toEcLibCurve","xHex","base64ToHex","x","yHex","y","prefix","hex","ec","elliptic","keyFromPublic","getPublic","error","console","rsaJwkToRawHexKey","extractPublicKeyHex","isEvenHexString","lastChar","keyBytes","extractPublicKeyBytes","convertPublicKeyToX25519","bytesToHex","input","replace","base58ToBytes","publicKeyMultibase","multibaseKeyToBytes","base64ToBytes","hexToBytes","Uint8Array","verificationMethodToJwk","trim","toJwk","keyTypeFromCryptographicSuite","id","didDocumentSectionToJwks","didDocumentSection","searchForVerificationMethods","verificationMethods","jwks","Set","vmOrId","from","didDocumentToJwks","publicKey","assertionMethod","authentication","keyAgreement","capabilityInvocation","capabilityDelegation","didDoc","getAgentResolver","resolve","then","mapIdentifierKeysToDoc","documentKeys","found","localKeys","convertIdentifierEncryptionKeys","compressIdentifierSecp256k1Keys","extendedKeys","vmKey","startsWith","toPkcs1FromHex","localKey","compareBlockchainAccountId","localProps","concat","vmEthAddr","getEthereumAddress","computedAddr","getAgentDIDMethods","didManagerGetProviders","getDID","idOpts","toDID","toDIDs","getKey","reject","kmsKeyRefParts","split","identifierKey","legacyGetIdentifier","didManagerGet","determineKid","mappedKeys","extendedKey","getSupportedDIDMethods","didOpts","supportedDIDMethods","AgentDIDResolver","resolverResolution","uniresolverResolution","localResolution","resolutionResult","origResolutionResult","err","resolveDid","log","iIdentifier","toDidResolutionResult","UniResolver","controller","use","ENC_KEY_ALGS","JwkKeyUse","Encryption","Signature","purpose","services","service","didResolutionMetadata","supportedMethods","didDocumentMetadata","equivalentId","asDidWeb","hostnameOrDID","signDidJWT","args","header","payload","jwtOptions","signer","getDidSigner","createJWT","verificationMethodSection","algorithm","signatureAlgorithmFromKey","data","Object","getPrototypeOf","TextDecoder","decode","keyManagerSign","keyRef"]}
1
+ {"version":3,"sources":["../src/index.ts","../src/did-functions.ts","../src/types.ts"],"sourcesContent":["export * from './did-functions'\nexport * from './types'\n","import { computeAddress } from '@ethersproject/transactions'\nimport { UniResolver } from '@sphereon/did-uni-client'\nimport {\n ENC_KEY_ALGS,\n getKms,\n JwkKeyUse,\n keyTypeFromCryptographicSuite,\n rsaJwkToRawHexKey,\n sanitizedJwk,\n signatureAlgorithmFromKey,\n type TKeyType,\n toJwk,\n toPkcs1FromHex,\n} from '@sphereon/ssi-sdk-ext.key-utils'\nimport { base64ToHex } from '@sphereon/ssi-sdk-ext.x509-utils'\nimport { base58ToBytes, base64ToBytes, bytesToHex, hexToBytes, multibaseKeyToBytes } from '@sphereon/ssi-sdk.core'\nimport type { JWK } from '@sphereon/ssi-types'\nimport { convertPublicKeyToX25519 } from '@stablelib/ed25519'\nimport type { DIDDocument, DIDDocumentSection, DIDResolutionResult, IAgentContext, IDIDManager, IIdentifier, IKey, IResolver } from '@veramo/core'\nimport {\n type _ExtendedIKey,\n type _ExtendedVerificationMethod,\n type _NormalizedVerificationMethod,\n compressIdentifierSecp256k1Keys,\n convertIdentifierEncryptionKeys,\n getEthereumAddress,\n isDefined,\n mapIdentifierKeysToDoc,\n} from '@veramo/utils'\nimport { createJWT, Signer } from 'did-jwt'\nimport type { DIDResolutionOptions, JsonWebKey, Resolvable, VerificationMethod } from 'did-resolver'\n// @ts-ignore\nimport elliptic from 'elliptic'\n// @ts-ignore\nimport * as u8a from 'uint8arrays'\nimport {\n type CreateIdentifierOpts,\n type CreateOrGetIdentifierOpts,\n DID_PREFIX,\n type GetOrCreateResult,\n type GetSignerArgs,\n IdentifierAliasEnum,\n type IdentifierProviderOpts,\n type IDIDOptions,\n type SignJwtArgs,\n SupportedDidMethodEnum,\n} from './types'\n\nconst { fromString, toString } = u8a\n\nexport const getAuthenticationKey = async (\n {\n identifier,\n offlineWhenNoDIDRegistered,\n noVerificationMethodFallback,\n keyType,\n controllerKey,\n }: {\n identifier: IIdentifier\n keyType?: TKeyType\n offlineWhenNoDIDRegistered?: boolean\n noVerificationMethodFallback?: boolean\n controllerKey?: boolean\n },\n context: IAgentContext<IResolver & IDIDManager>,\n): Promise<_ExtendedIKey> => {\n return await getFirstKeyWithRelation(\n {\n identifier,\n offlineWhenNoDIDRegistered,\n noVerificationMethodFallback,\n keyType,\n controllerKey,\n vmRelationship: 'authentication',\n },\n context,\n )\n}\nexport const getFirstKeyWithRelation = async (\n {\n identifier,\n offlineWhenNoDIDRegistered,\n noVerificationMethodFallback,\n keyType,\n controllerKey,\n vmRelationship,\n }: {\n identifier: IIdentifier\n keyType?: TKeyType\n offlineWhenNoDIDRegistered?: boolean\n noVerificationMethodFallback?: boolean\n controllerKey?: boolean\n vmRelationship: DIDDocumentSection\n },\n context: IAgentContext<IResolver & IDIDManager>,\n): Promise<_ExtendedIKey> => {\n let key: _ExtendedIKey | undefined = undefined\n try {\n key =\n (await getFirstKeyWithRelationFromDIDDoc(\n {\n identifier,\n vmRelationship,\n errorOnNotFound: false,\n keyType,\n controllerKey,\n },\n context,\n )) ??\n (noVerificationMethodFallback || vmRelationship === 'verificationMethod' // let's not fallback to the same value again\n ? undefined\n : await getFirstKeyWithRelationFromDIDDoc(\n {\n identifier,\n vmRelationship: 'verificationMethod',\n errorOnNotFound: false,\n keyType,\n controllerKey,\n },\n context,\n ))\n } catch (e) {\n if (e instanceof Error) {\n if (!e.message.includes('404') || !offlineWhenNoDIDRegistered) {\n throw e\n }\n } else {\n throw e\n }\n }\n if (!key && offlineWhenNoDIDRegistered) {\n const offlineDID = toDidDocument(identifier)\n key =\n (await getFirstKeyWithRelationFromDIDDoc(\n {\n identifier,\n vmRelationship,\n errorOnNotFound: false,\n didDocument: offlineDID,\n keyType,\n controllerKey,\n },\n context,\n )) ??\n (noVerificationMethodFallback || vmRelationship === 'verificationMethod' // let's not fallback to the same value again\n ? undefined\n : await getFirstKeyWithRelationFromDIDDoc(\n {\n identifier,\n vmRelationship: 'verificationMethod',\n errorOnNotFound: false,\n didDocument: offlineDID,\n keyType,\n controllerKey,\n },\n context,\n ))\n if (!key) {\n key = identifier.keys\n .map((key) => key as _ExtendedIKey)\n .filter((key) => keyType === undefined || key.type === keyType || (controllerKey && key.kid === identifier.controllerKeyId))\n .find((key) => key.meta.verificationMethod?.type.includes('authentication') || key.meta.purposes?.includes('authentication'))\n }\n }\n if (!key) {\n throw Error(`Could not find authentication key for DID ${identifier.did}`)\n }\n return key\n}\n\nexport const getOrCreatePrimaryIdentifier = async (\n context: IAgentContext<IDIDManager>,\n opts?: CreateOrGetIdentifierOpts,\n): Promise<GetOrCreateResult<IIdentifier>> => {\n const primaryIdentifier = await getPrimaryIdentifier(context, { ...opts?.createOpts?.options, ...(opts?.method && { method: opts.method }) })\n if (primaryIdentifier !== undefined) {\n return {\n created: false,\n result: primaryIdentifier,\n }\n }\n\n if (opts?.method === SupportedDidMethodEnum.DID_KEY) {\n const createOpts = opts?.createOpts ?? {}\n createOpts.options = { codecName: 'EBSI', type: 'Secp256r1', ...createOpts }\n opts.createOpts = createOpts\n }\n const createdIdentifier = await createIdentifier(context, opts)\n return {\n created: true,\n result: createdIdentifier,\n }\n}\n\nexport const getPrimaryIdentifier = async (context: IAgentContext<IDIDManager>, opts?: IdentifierProviderOpts): Promise<IIdentifier | undefined> => {\n const identifiers = (await context.agent.didManagerFind(opts?.method ? { provider: `${DID_PREFIX}${opts?.method}` } : {})).filter(\n (identifier: IIdentifier) => opts?.type === undefined || identifier.keys.some((key: IKey) => key.type === opts?.type),\n )\n\n if (!identifiers || identifiers.length === 0) {\n return undefined\n }\n\n if (opts?.did) {\n const didMatch = identifiers.find((identifier: IIdentifier) => identifier.did === opts.did)\n if (didMatch) {\n return didMatch\n }\n }\n\n if (opts?.alias) {\n const aliasMatch = identifiers.find((identifier: IIdentifier) => identifier.alias === opts.alias)\n if (aliasMatch) {\n return aliasMatch\n }\n }\n\n return identifiers[0]\n}\n\nexport const createIdentifier = async (context: IAgentContext<IDIDManager>, opts?: CreateIdentifierOpts): Promise<IIdentifier> => {\n return await context.agent.didManagerCreate({\n kms: await getKms(context, opts?.createOpts?.kms),\n ...(opts?.method && { provider: `${DID_PREFIX}${opts?.method}` }),\n alias: opts?.createOpts?.alias ?? `${IdentifierAliasEnum.PRIMARY}-${opts?.method}-${opts?.createOpts?.options?.type}-${new Date().getTime()}`,\n options: opts?.createOpts?.options,\n })\n}\n\nexport const getFirstKeyWithRelationFromDIDDoc = async (\n {\n identifier,\n vmRelationship = 'verificationMethod',\n keyType,\n errorOnNotFound = false,\n didDocument,\n controllerKey,\n }: {\n identifier: IIdentifier\n controllerKey?: boolean\n vmRelationship?: DIDDocumentSection\n keyType?: TKeyType\n errorOnNotFound?: boolean\n didDocument?: DIDDocument\n },\n context: IAgentContext<IResolver & IDIDManager>,\n): Promise<_ExtendedIKey | undefined> => {\n const matchedKeys = await mapIdentifierKeysToDocWithJwkSupport({ identifier, vmRelationship, didDocument }, context)\n if (Array.isArray(matchedKeys) && matchedKeys.length > 0) {\n const controllerKeyMatch = identifier.controllerKeyId\n ? matchedKeys.find((key) => key.kid === identifier.controllerKeyId && (keyType === undefined || key.type === keyType))\n : undefined\n\n const result = controllerKeyMatch ?? matchedKeys.find((key) => keyType === undefined || key.type === keyType)\n if (result) {\n return result\n }\n }\n if (errorOnNotFound) {\n throw new Error(\n `Could not find key with relationship ${vmRelationship} in DID document for ${identifier.did}${keyType ? ' and key type: ' + keyType : ''}`,\n )\n }\n return undefined\n}\n\nexport const getEthereumAddressFromKey = ({ key }: { key: IKey }) => {\n if (key.type !== 'Secp256k1') {\n throw Error(`Can only get ethereum address from a Secp256k1 key. Type is ${key.type} for keyRef: ${key.kid}`)\n }\n const ethereumAddress = key.meta?.ethereumAddress ?? key.meta?.account?.toLowerCase() ?? computeAddress(`0x${key.publicKeyHex}`).toLowerCase()\n if (!ethereumAddress) {\n throw Error(`Could not get or generate ethereum address from key with keyRef ${key.kid}`)\n }\n return ethereumAddress\n}\n\nexport const getControllerKey = ({ identifier }: { identifier: IIdentifier }) => {\n const key = identifier.keys.find((key) => key.kid === identifier.controllerKeyId)\n if (!key) {\n throw Error(`Could not get controller key for identifier ${identifier}`)\n }\n return key\n}\n\nexport const getKeys = ({\n jwkThumbprint,\n kms,\n identifier,\n kmsKeyRef,\n keyType,\n controllerKey,\n}: {\n identifier: IIdentifier\n kmsKeyRef?: string\n keyType?: TKeyType\n kms?: string\n jwkThumbprint?: string\n controllerKey?: boolean\n}) => {\n return identifier.keys\n .filter((key) => !keyType || key.type === keyType)\n .filter((key) => !kms || key.kms === kms)\n .filter((key) => !kmsKeyRef || key.kid === kmsKeyRef)\n .filter((key) => !jwkThumbprint || key.meta?.jwkThumbprint === jwkThumbprint)\n .filter((key) => !controllerKey || identifier.controllerKeyId === key.kid)\n}\n\n//TODO: Move to ssi-sdk/core and create PR upstream\n/**\n * Dereferences keys from DID document and normalizes them for easy comparison.\n *\n * When dereferencing keyAgreement keys, only Ed25519 and X25519 curves are supported.\n * Other key types are omitted from the result and Ed25519 keys are converted to X25519\n *\n * @returns a Promise that resolves to the list of dereferenced keys.\n *\n * @beta This API may change without a BREAKING CHANGE notice.\n */\nexport async function dereferenceDidKeysWithJwkSupport(\n didDocument: DIDDocument,\n section: DIDDocumentSection = 'keyAgreement',\n context: IAgentContext<IResolver>,\n): Promise<_NormalizedVerificationMethod[]> {\n const convert = section === 'keyAgreement'\n if (section === 'service') {\n return []\n }\n return (\n await Promise.all(\n (didDocument[section] || []).map(async (key: string | VerificationMethod) => {\n if (typeof key === 'string') {\n try {\n return (await context.agent.getDIDComponentById({\n didDocument,\n didUrl: key,\n section,\n })) as _ExtendedVerificationMethod\n } catch (e) {\n return null\n }\n } else {\n return key as _ExtendedVerificationMethod\n }\n }),\n )\n )\n .filter(isDefined)\n .map((key) => {\n const hexKey = extractPublicKeyHexWithJwkSupport(key, convert)\n const { publicKeyHex, publicKeyBase58, publicKeyBase64, publicKeyJwk, ...keyProps } = key\n const newKey = { ...keyProps, publicKeyHex: hexKey }\n if (convert && 'Ed25519VerificationKey2018' === newKey.type) {\n newKey.type = 'X25519KeyAgreementKey2019'\n }\n return newKey\n })\n}\n\nexport function jwkTtoPublicKeyHex(jwk: JWK): string {\n // todo: Hacky way to convert this to a VM. Should extract the logic from the below methods\n // @ts-ignore\n const vm: _ExtendedVerificationMethod = {\n publicKeyJwk: sanitizedJwk(jwk),\n }\n return extractPublicKeyHexWithJwkSupport(vm)\n}\n\n/**\n * Converts the publicKey of a VerificationMethod to hex encoding (publicKeyHex)\n *\n * @param pk - the VerificationMethod to be converted\n * @param convert - when this flag is set to true, Ed25519 keys are converted to their X25519 pairs\n * @returns the hex encoding of the public key\n *\n * @beta This API may change without a BREAKING CHANGE notice.\n */\nexport function extractPublicKeyHexWithJwkSupport(pk: _ExtendedVerificationMethod, convert = false): string {\n if (pk.publicKeyJwk) {\n const jwk = sanitizedJwk(pk.publicKeyJwk)\n if (jwk.kty === 'EC') {\n const curve = jwk.crv ? toEcLibCurve(jwk.crv) : 'p256'\n const xHex = base64ToHex(jwk.x!, 'base64url')\n const yHex = base64ToHex(jwk.y!, 'base64url')\n const prefix = '04' // isEven(yHex) ? '02' : '03'\n // Uncompressed Hex format: 04<x><y>\n // Compressed Hex format: 02<x> (for even y) or 03<x> (for uneven y)\n const hex = `${prefix}${xHex}${yHex}`\n try {\n const ec = new elliptic.ec(curve)\n // We return directly as we don't want to convert the result back into Uint8Array and then convert again to hex as the elliptic lib already returns hex strings\n const publicKeyHex = ec.keyFromPublic(hex, 'hex').getPublic(true, 'hex')\n // This returns a short form (x) with 02 or 03 prefix\n return publicKeyHex\n } catch (error: any) {\n console.error(`Error converting EC with elliptic lib curve ${curve} from JWK to hex. x: ${jwk.x}, y: ${jwk.y}, error: ${error}`, error)\n }\n } else if (jwk.crv === 'Ed25519') {\n return toString(fromString(jwk.x!, 'base64url'), 'base16')\n } else if (jwk.kty === 'RSA') {\n return rsaJwkToRawHexKey(jwk)\n // return hexKeyFromPEMBasedJwk(jwk, 'public')\n }\n }\n // delegate the other types to the original Veramo function\n return extractPublicKeyHex(pk, convert)\n}\n\nexport function isEvenHexString(hex: string) {\n const lastChar = hex[hex.length - 1].toLowerCase()\n return ['0', '2', '4', '6', '8', 'a', 'c', 'e'].includes(lastChar)\n}\n\ninterface LegacyVerificationMethod extends VerificationMethod {\n publicKeyBase64: string\n}\n\n/**\n * Converts the publicKey of a VerificationMethod to hex encoding (publicKeyHex)\n *\n * @param pk - the VerificationMethod to be converted\n * @param convert - when this flag is set to true, Ed25519 keys are converted to their X25519 pairs\n * @returns the hex encoding of the public key\n *\n * @beta This API may change without a BREAKING CHANGE notice.\n */\nexport function extractPublicKeyHex(pk: _ExtendedVerificationMethod, convert: boolean = false): string {\n let keyBytes = extractPublicKeyBytes(pk)\n const jwk = pk.publicKeyJwk ? sanitizedJwk(pk.publicKeyJwk) : undefined\n if (convert) {\n if (\n ['Ed25519', 'Ed25519VerificationKey2018', 'Ed25519VerificationKey2020'].includes(pk.type) ||\n (pk.type === 'JsonWebKey2020' && jwk?.crv === 'Ed25519')\n ) {\n keyBytes = convertPublicKeyToX25519(keyBytes)\n } else if (\n !['X25519', 'X25519KeyAgreementKey2019', 'X25519KeyAgreementKey2020'].includes(pk.type) &&\n !(pk.type === 'JsonWebKey2020' && jwk?.crv === 'X25519')\n ) {\n return ''\n }\n }\n return bytesToHex(keyBytes)\n}\n\nfunction toEcLibCurve(input: string) {\n return input.toLowerCase().replace('-', '').replace('_', '')\n}\n\nfunction extractPublicKeyBytes(pk: VerificationMethod): Uint8Array {\n if (pk.publicKeyBase58) {\n return base58ToBytes(pk.publicKeyBase58)\n } else if (pk.publicKeyMultibase) {\n return multibaseKeyToBytes(pk.publicKeyMultibase)\n } else if ((<LegacyVerificationMethod>pk).publicKeyBase64) {\n return base64ToBytes((<LegacyVerificationMethod>pk).publicKeyBase64)\n } else if (pk.publicKeyHex) {\n return hexToBytes(pk.publicKeyHex)\n } else if (pk.publicKeyJwk?.crv && pk.publicKeyJwk.x && pk.publicKeyJwk.y) {\n return hexToBytes(extractPublicKeyHexWithJwkSupport(pk))\n } else if (pk.publicKeyJwk && (pk.publicKeyJwk.crv === 'Ed25519' || pk.publicKeyJwk.crv === 'X25519') && pk.publicKeyJwk.x) {\n return base64ToBytes(pk.publicKeyJwk.x)\n }\n return new Uint8Array()\n}\n\nexport function verificationMethodToJwk(vm: VerificationMethod, errorOnNotFound = true): JWK | null {\n let jwk: JWK | undefined = vm.publicKeyJwk as JWK\n if (!jwk) {\n let publicKeyHex = vm.publicKeyHex ?? toString(extractPublicKeyBytes(vm), 'hex')\n if (publicKeyHex && publicKeyHex.trim() !== '') {\n jwk = toJwk(publicKeyHex, keyTypeFromCryptographicSuite({ crv: vm.type }))\n }\n }\n if (!jwk) {\n if (errorOnNotFound) {\n throw Error(`Could not convert verification method ${vm.id} to jwk`)\n }\n return null\n }\n jwk.kid = vm.id\n return sanitizedJwk(jwk)\n}\n\nfunction didDocumentSectionToJwks(\n didDocumentSection: DIDDocumentSection,\n searchForVerificationMethods?: (VerificationMethod | string)[],\n verificationMethods?: VerificationMethod[],\n) {\n const jwks = new Set(\n (searchForVerificationMethods ?? [])\n .map((vmOrId) => (typeof vmOrId === 'object' ? vmOrId : verificationMethods?.find((vm) => vm.id === vmOrId)))\n .filter(isDefined)\n .map((vm) => verificationMethodToJwk(vm, false))\n .filter(isDefined),\n )\n return { didDocumentSection, jwks: Array.from(jwks) }\n}\n\nexport type DidDocumentJwks = Record<Exclude<DIDDocumentSection, 'publicKey' | 'service'>, Array<JWK>>\n\nexport function didDocumentToJwks(didDocument: DIDDocument): DidDocumentJwks {\n return {\n verificationMethod: [\n ...didDocumentSectionToJwks('publicKey', didDocument.publicKey, didDocument.verificationMethod).jwks, // legacy support\n ...didDocumentSectionToJwks('verificationMethod', didDocument.verificationMethod, didDocument.verificationMethod).jwks,\n ],\n assertionMethod: didDocumentSectionToJwks('assertionMethod', didDocument.assertionMethod, didDocument.verificationMethod).jwks,\n authentication: didDocumentSectionToJwks('authentication', didDocument.authentication, didDocument.verificationMethod).jwks,\n keyAgreement: didDocumentSectionToJwks('keyAgreement', didDocument.keyAgreement, didDocument.verificationMethod).jwks,\n capabilityInvocation: didDocumentSectionToJwks('capabilityInvocation', didDocument.capabilityInvocation, didDocument.verificationMethod).jwks,\n capabilityDelegation: didDocumentSectionToJwks('capabilityDelegation', didDocument.capabilityDelegation, didDocument.verificationMethod).jwks,\n }\n}\n\n/**\n * Maps the keys of a locally managed {@link @veramo/core#IIdentifier | IIdentifier} to the corresponding\n * {@link did-resolver#VerificationMethod | VerificationMethod} entries from the DID document.\n *\n * @param identifier - the identifier to be mapped\n * @param section - the section of the DID document to be mapped (see\n * {@link https://www.w3.org/TR/did-core/#verification-relationships | verification relationships}), but can also be\n * `verificationMethod` to map all the keys.\n * @param didDocument\n * @param context - the veramo agent context, which must contain a {@link @veramo/core#IResolver | IResolver}\n * implementation that can resolve the DID document of the identifier.\n *\n * @returns an array of mapped keys. The corresponding verification method is added to the `meta.verificationMethod`\n * property of the key.\n *\n * @beta This API may change without a BREAKING CHANGE notice.\n */\nexport async function mapIdentifierKeysToDocWithJwkSupport(\n {\n identifier,\n vmRelationship = 'verificationMethod',\n didDocument,\n kmsKeyRef,\n }: {\n identifier: IIdentifier\n vmRelationship?: DIDDocumentSection\n didDocument?: DIDDocument\n kmsKeyRef?: string\n },\n context: IAgentContext<IResolver & IDIDManager>,\n): Promise<_ExtendedIKey[]> {\n const didDoc =\n didDocument ??\n (await getAgentResolver(context)\n .resolve(identifier.did)\n .then((result) => result.didDocument))\n if (!didDoc) {\n throw Error(`Could not resolve DID ${identifier.did}`)\n }\n\n // const rsaDidWeb = identifier.keys && identifier.keys.length > 0 && identifier.keys.find((key) => key.type === 'RSA') && didDocument\n\n // We skip mapping in case the identifier is RSA and a did document is supplied.\n const keys = didDoc ? [] : await mapIdentifierKeysToDoc(identifier, vmRelationship, context)\n\n // dereference all key agreement keys from DID document and normalize\n const documentKeys: VerificationMethod[] = await dereferenceDidKeysWithJwkSupport(didDoc, vmRelationship, context)\n\n if (kmsKeyRef) {\n let found = keys.filter((key) => key.kid === kmsKeyRef)\n if (found.length > 0) {\n return found\n }\n }\n\n const localKeys = vmRelationship === 'keyAgreement' ? convertIdentifierEncryptionKeys(identifier) : compressIdentifierSecp256k1Keys(identifier)\n\n // finally map the didDocument keys to the identifier keys by comparing `publicKeyHex`\n const extendedKeys: _ExtendedIKey[] = documentKeys\n .map((verificationMethod) => {\n let vmKey = verificationMethod.publicKeyHex\n if (vmKey?.startsWith('30')) {\n // DER encoded\n vmKey = toPkcs1FromHex(vmKey)\n }\n\n const localKey = localKeys.find(\n (localKey) =>\n localKey.publicKeyHex === vmKey ||\n (localKey.type === 'RSA' && vmKey?.startsWith('30') && toPkcs1FromHex(localKey.publicKeyHex) === vmKey) ||\n vmKey?.startsWith(localKey.publicKeyHex) ||\n compareBlockchainAccountId(localKey, verificationMethod),\n )\n if (localKey) {\n const { meta, ...localProps } = localKey\n return { ...localProps, meta: { ...meta, verificationMethod } }\n } else {\n return null\n }\n })\n .filter(isDefined)\n\n const allKeys = Array.from(new Set(keys.concat(extendedKeys)))\n\n // Filter based on key metadata purposes, except when requesting all verificationMethods\n if (vmRelationship === 'verificationMethod') {\n return allKeys\n }\n\n return allKeys.filter((key) => {\n const purposes = key.meta?.purposes\n if (!purposes || purposes.length === 0) {\n return true\n }\n return purposes.includes(vmRelationship)\n })\n}\n\n/**\n * Compares the `blockchainAccountId` of a `EcdsaSecp256k1RecoveryMethod2020` verification method with the address\n * computed from a locally managed key.\n *\n * @returns true if the local key address corresponds to the `blockchainAccountId`\n *\n * @param localKey - The locally managed key\n * @param verificationMethod - a {@link did-resolver#VerificationMethod | VerificationMethod} with a\n * `blockchainAccountId`\n *\n * @beta This API may change without a BREAKING CHANGE notice.\n */\nfunction compareBlockchainAccountId(localKey: IKey, verificationMethod: VerificationMethod): boolean {\n if (\n (verificationMethod.type !== 'EcdsaSecp256k1RecoveryMethod2020' && verificationMethod.type !== 'EcdsaSecp256k1VerificationKey2019') ||\n localKey.type !== 'Secp256k1'\n ) {\n return false\n }\n let vmEthAddr = getEthereumAddress(verificationMethod)\n if (localKey.meta?.account) {\n return vmEthAddr === localKey.meta?.account.toLowerCase()\n }\n const computedAddr = computeAddress('0x' + localKey.publicKeyHex).toLowerCase()\n return computedAddr === vmEthAddr\n}\n\nexport async function getAgentDIDMethods(context: IAgentContext<IDIDManager>) {\n return (await context.agent.didManagerGetProviders()).map((provider) => provider.toLowerCase().replace('did:', ''))\n}\n\nexport function getDID(idOpts: { identifier: IIdentifier | string }): string {\n if (typeof idOpts.identifier === 'string') {\n return idOpts.identifier\n } else if (typeof idOpts.identifier === 'object') {\n return idOpts.identifier.did\n }\n throw Error(`Cannot get DID from identifier value`)\n}\n\nexport function toDID(identifier: string | IIdentifier | Partial<IIdentifier>): string {\n if (typeof identifier === 'string') {\n return identifier\n }\n if (identifier.did) {\n return identifier.did\n }\n throw Error(`No DID value present in identifier`)\n}\n\nexport function toDIDs(identifiers?: (string | IIdentifier | Partial<IIdentifier>)[]): string[] {\n if (!identifiers) {\n return []\n }\n return identifiers.map(toDID)\n}\n\nexport async function getKey(\n {\n identifier,\n vmRelationship = 'authentication',\n kmsKeyRef,\n }: {\n identifier: IIdentifier\n vmRelationship?: DIDDocumentSection\n kmsKeyRef?: string\n },\n context: IAgentContext<IResolver & IDIDManager>,\n): Promise<_ExtendedIKey> {\n if (!identifier) {\n return Promise.reject(new Error(`No identifier provided to getKey method!`))\n }\n // normalize to kid, in case keyId was passed in as did#vm or #vm\n const kmsKeyRefParts = kmsKeyRef?.split(`#`)\n const kid = kmsKeyRefParts ? (kmsKeyRefParts?.length === 2 ? kmsKeyRefParts[1] : kmsKeyRefParts[0]) : undefined\n // todo: We really should do a keyRef and external kid here\n // const keyRefKeys = kmsKeyRef ? identifier.keys.find((key: IKey) => key.kid === kid || key?.meta?.jwkThumbprint === kid) : undefined\n let identifierKey: _ExtendedIKey | undefined = undefined\n\n const keys = await mapIdentifierKeysToDocWithJwkSupport({ identifier, vmRelationship: vmRelationship, kmsKeyRef: kmsKeyRef }, context)\n if (!keys || keys.length === 0) {\n throw new Error(`No keys found for verificationMethodSection: ${vmRelationship} and did ${identifier.did}`)\n }\n if (kmsKeyRef) {\n identifierKey = keys.find(\n (key: _ExtendedIKey) => key.meta.verificationMethod?.id === kmsKeyRef || (kid && key.meta.verificationMethod?.id?.includes(kid)),\n )\n }\n if (!identifierKey) {\n identifierKey = keys.find(\n (key: _ExtendedIKey) => key.meta.verificationMethod?.type === vmRelationship || key.meta.purposes?.includes(vmRelationship),\n )\n }\n if (!identifierKey) {\n identifierKey = keys[0]\n }\n\n if (!identifierKey) {\n throw new Error(\n `No matching verificationMethodSection key found for keyId: ${kmsKeyRef} and vmSection: ${vmRelationship} for id ${identifier.did}`,\n )\n }\n\n return identifierKey\n}\n\n/**\n *\n * @param identifier\n * @param context\n *\n * @deprecated Replaced by the identfier resolution plugin\n */\nasync function legacyGetIdentifier(\n {\n identifier,\n }: {\n identifier: string | IIdentifier\n },\n context: IAgentContext<IDIDManager>,\n): Promise<IIdentifier> {\n if (typeof identifier === 'string') {\n return await context.agent.didManagerGet({ did: identifier })\n }\n return identifier\n}\n\n/**\n * Get the real kid as used in JWTs. This is the kid in the VM or in the JWT, not the kid in the Veramo/Sphereon keystore. That was just a poorly chosen name\n * @param key\n * @param idOpts\n * @param context\n */\nexport async function determineKid(\n {\n key,\n idOpts,\n }: {\n key: IKey\n idOpts: { identifier: IIdentifier | string; kmsKeyRef?: string }\n },\n context: IAgentContext<IResolver & IDIDManager>,\n): Promise<string> {\n if (key.meta?.verificationMethod?.id) {\n return key.meta?.verificationMethod?.id\n }\n const identifier = await legacyGetIdentifier(idOpts, context)\n const mappedKeys = await mapIdentifierKeysToDocWithJwkSupport(\n {\n identifier,\n vmRelationship: 'verificationMethod',\n },\n context,\n )\n const vmKey = mappedKeys.find((extendedKey) => extendedKey.kid === key.kid)\n if (vmKey) {\n return vmKey.meta?.verificationMethod?.id ?? vmKey.meta?.jwkThumbprint ?? idOpts.kmsKeyRef ?? vmKey.kid\n }\n\n return key.meta?.jwkThumbprint ?? idOpts.kmsKeyRef ?? key.kid\n}\n\nexport async function getSupportedDIDMethods(didOpts: IDIDOptions, context: IAgentContext<IDIDManager>) {\n return didOpts.supportedDIDMethods ?? (await getAgentDIDMethods(context))\n}\n\nexport function getAgentResolver(\n context: IAgentContext<IResolver & IDIDManager>,\n opts?: {\n localResolution?: boolean // Resolve identifiers hosted by the agent\n uniresolverResolution?: boolean // Resolve identifiers using universal resolver\n resolverResolution?: boolean // Use registered drivers\n },\n): Resolvable {\n return new AgentDIDResolver(context, opts)\n}\n\nexport class AgentDIDResolver implements Resolvable {\n private readonly context: IAgentContext<IResolver & IDIDManager>\n private readonly resolverResolution: boolean\n private readonly uniresolverResolution: boolean\n private readonly localResolution: boolean\n\n constructor(\n context: IAgentContext<IResolver & IDIDManager>,\n opts?: { uniresolverResolution?: boolean; localResolution?: boolean; resolverResolution?: boolean },\n ) {\n this.context = context\n this.resolverResolution = opts?.resolverResolution !== false\n this.uniresolverResolution = opts?.uniresolverResolution !== false\n this.localResolution = opts?.localResolution !== false\n }\n\n async resolve(didUrl: string, options?: DIDResolutionOptions): Promise<DIDResolutionResult> {\n let resolutionResult: DIDResolutionResult | undefined\n let origResolutionResult: DIDResolutionResult | undefined\n let err: any\n if (!this.resolverResolution && !this.localResolution && !this.uniresolverResolution) {\n throw Error(`No agent hosted DID resolution, regular agent resolution nor universal resolver resolution is enabled. Cannot resolve DIDs.`)\n }\n if (this.resolverResolution) {\n try {\n resolutionResult = await this.context.agent.resolveDid({ didUrl, options })\n } catch (error: unknown) {\n err = error\n }\n }\n if (resolutionResult) {\n origResolutionResult = resolutionResult\n if (resolutionResult.didDocument === null) {\n resolutionResult = undefined\n }\n } else {\n console.log(`Agent resolver resolution is disabled. This typically isn't desirable!`)\n }\n if (!resolutionResult && this.localResolution) {\n console.log(`Using local DID resolution, looking at DIDs hosted by the agent.`)\n try {\n const did = didUrl.split('#')[0]\n const iIdentifier = await this.context.agent.didManagerGet({ did })\n resolutionResult = toDidResolutionResult(iIdentifier, { did })\n if (resolutionResult.didDocument) {\n err = undefined\n } else {\n console.log(`Local resolution resulted in a DID Document for ${did}`)\n }\n } catch (error: unknown) {\n if (!err) {\n err = error\n }\n }\n }\n if (resolutionResult) {\n if (!origResolutionResult) {\n origResolutionResult = resolutionResult\n }\n if (!resolutionResult.didDocument) {\n resolutionResult = undefined\n }\n }\n if (!resolutionResult && this.uniresolverResolution) {\n console.log(`Using universal resolver resolution for did ${didUrl} `)\n resolutionResult = await new UniResolver().resolve(didUrl, options)\n if (!origResolutionResult) {\n origResolutionResult = resolutionResult\n }\n if (resolutionResult.didDocument) {\n err = undefined\n }\n }\n\n if (err) {\n // throw original error\n throw err\n }\n if (!resolutionResult && !origResolutionResult) {\n throw `Could not resolve ${didUrl}. Resolutions tried: online: ${this.resolverResolution}, local: ${this.localResolution}, uni resolver: ${this.uniresolverResolution}`\n }\n return resolutionResult ?? origResolutionResult!\n }\n}\n\nconst hasPurpose = (key: IKey, purpose: string) =>\n (key?.meta?.purpose === undefined && key?.meta?.purposes === undefined) || key?.meta?.purpose === purpose || key?.meta?.purposes?.includes(purpose)\n\n/**\n * Please note that this is not an exact representation of the actual DID Document.\n *\n * We try to do our best, to map keys onto relevant verification methods and relationships, but we simply lack the context\n * of the actual DID method here. Do not relly on this method for DID resolution. It is only handy for offline use cases\n * when no DID Document is cached. For DID:WEB it does provide an accurate representation!\n *\n * @param identifier\n * @param opts\n */\nexport function toDidDocument(\n identifier?: IIdentifier,\n opts?: {\n did?: string\n use?: JwkKeyUse[]\n },\n): DIDDocument | undefined {\n let didDocument: DIDDocument | undefined = undefined\n // TODO: Introduce jwk thumbprints here\n if (identifier) {\n const did = identifier.did ?? opts?.did\n didDocument = {\n '@context': 'https://www.w3.org/ns/did/v1',\n id: did,\n verificationMethod: identifier.keys.map((key) => {\n // Use existing JWK from meta if available, otherwise convert from publicKeyHex\n const publicKeyJwk = key.meta?.jwk\n ? sanitizedJwk(key.meta.jwk as JWK)\n : toJwk(key.publicKeyHex, key.type, {\n use: ENC_KEY_ALGS.includes(key.type) ? JwkKeyUse.Encryption : JwkKeyUse.Signature,\n key,\n })\n\n const vm: VerificationMethod = {\n controller: did,\n id: key.kid.startsWith(did) && key.kid.includes('#') ? key.kid : `${did}#${key.kid}`,\n publicKeyJwk: publicKeyJwk as JsonWebKey,\n type: 'JsonWebKey2020',\n }\n return vm\n }),\n ...((opts?.use === undefined || opts?.use?.includes(JwkKeyUse.Signature)) &&\n identifier.keys && {\n assertionMethod: identifier.keys\n .filter((key) => hasPurpose(key, 'assertionMethod'))\n .map((key) => {\n if (key.kid.startsWith(did) && key.kid.includes('#')) {\n return key.kid\n }\n return `${did}#${key.kid}`\n }),\n }),\n ...((opts?.use === undefined || opts?.use?.includes(JwkKeyUse.Signature)) &&\n identifier.keys && {\n authentication: identifier.keys\n .filter((key) => hasPurpose(key, 'authentication'))\n .map((key) => {\n if (key.kid.startsWith(did) && key.kid.includes('#')) {\n return key.kid\n }\n return `${did}#${key.kid}`\n }),\n }),\n ...((opts?.use === undefined || opts?.use?.includes(JwkKeyUse.Encryption)) &&\n identifier.keys && {\n keyAgreement: identifier.keys\n .filter((key) => key.type === 'X25519' || hasPurpose(key, 'keyAgreement'))\n .map((key) => {\n if (key.kid.startsWith(did) && key.kid.includes('#')) {\n return key.kid\n }\n return `${did}#${key.kid}`\n }),\n }),\n ...((opts?.use === undefined || opts?.use?.includes(JwkKeyUse.Encryption)) &&\n identifier.keys && {\n capabilityInvocation: identifier.keys\n .filter((key) => key.type === 'X25519' || hasPurpose(key, 'capabilityInvocation'))\n .map((key) => {\n if (key.kid.startsWith(did) && key.kid.includes('#')) {\n return key.kid\n }\n return `${did}#${key.kid}`\n }),\n }),\n ...((opts?.use === undefined || opts?.use?.includes(JwkKeyUse.Encryption)) &&\n identifier.keys && {\n capabilityDelegation: identifier.keys\n .filter((key) => key.type === 'X25519' || hasPurpose(key, 'capabilityDelegation'))\n .map((key) => {\n if (key.kid.startsWith(did) && key.kid.includes('#')) {\n return key.kid\n }\n return `${did}#${key.kid}`\n }),\n }),\n ...(identifier.services && identifier.services.length > 0 && { service: identifier.services }),\n }\n }\n return didDocument\n}\n\nexport function toDidResolutionResult(\n identifier?: IIdentifier,\n opts?: {\n did?: string\n supportedMethods?: string[]\n },\n): DIDResolutionResult {\n const didDocument = toDidDocument(identifier, opts) ?? null // null is used in case of errors and required by the did resolution spec\n\n const resolutionResult: DIDResolutionResult = {\n '@context': 'https://w3id.org/did-resolution/v1',\n didDocument,\n didResolutionMetadata: {\n ...(!didDocument && { error: 'notFound' }),\n ...(Array.isArray(opts?.supportedMethods) &&\n identifier &&\n !opts?.supportedMethods.includes(identifier.provider.replace('did:', '')) && { error: 'unsupportedDidMethod' }),\n },\n didDocumentMetadata: {\n ...(identifier?.alias && { equivalentId: identifier?.alias }),\n },\n }\n return resolutionResult\n}\n\nexport async function asDidWeb(hostnameOrDID: string): Promise<string> {\n let did = hostnameOrDID\n if (!did) {\n throw Error('Domain or DID expected, but received nothing.')\n }\n if (did.startsWith('did:web:')) {\n return did\n }\n return `did:web:${did.replace(/https?:\\/\\/([^/?#]+).*/i, '$1').toLowerCase()}`\n}\n\n/**\n * @deprecated Replaced by the new signer service\n */\nexport const signDidJWT = async (args: SignJwtArgs): Promise<string> => {\n const { idOpts, header, payload, context, options } = args\n const jwtOptions = {\n ...options,\n signer: await getDidSigner({ idOpts, context }),\n }\n\n return createJWT(payload, jwtOptions, header)\n}\n\n/**\n * @deprecated Replaced by the new signer service\n */\nexport const getDidSigner = async (\n args: GetSignerArgs & {\n idOpts: {\n /**\n * @deprecated\n */\n identifier: IIdentifier | string\n /**\n * @deprecated\n */\n verificationMethodSection?: DIDDocumentSection\n /**\n * @deprecated\n */\n kmsKeyRef?: string\n }\n },\n): Promise<Signer> => {\n const { idOpts, context } = args\n\n const identifier = await legacyGetIdentifier(idOpts, context)\n const key = await getKey(\n {\n identifier,\n vmRelationship: idOpts.verificationMethodSection,\n kmsKeyRef: idOpts.kmsKeyRef,\n },\n context,\n )\n const algorithm = await signatureAlgorithmFromKey({ key })\n\n return async (data: string | Uint8Array): Promise<string> => {\n const input = data instanceof Object.getPrototypeOf(Uint8Array) ? new TextDecoder().decode(data as Uint8Array) : (data as string)\n return await context.agent.keyManagerSign({\n keyRef: key.kid,\n algorithm,\n data: input,\n })\n }\n}\n","import type { TKeyType } from '@sphereon/ssi-sdk-ext.key-utils'\nimport type { IAgentContext, IDIDManager, IIdentifier, IKeyManager, IResolver } from '@veramo/core'\nimport type { JWTHeader, JWTPayload, JWTVerifyOptions } from 'did-jwt'\nimport type { Resolvable } from 'did-resolver'\n\nexport enum SupportedDidMethodEnum {\n DID_ETHR = 'ethr',\n DID_KEY = 'key',\n DID_LTO = 'lto',\n DID_ION = 'ion',\n DID_EBSI = 'ebsi',\n DID_JWK = 'jwk',\n DID_OYD = 'oyd',\n DID_WEB = 'web',\n}\n\nexport enum IdentifierAliasEnum {\n PRIMARY = 'primary',\n}\n\nexport interface ResolveOpts {\n jwtVerifyOpts?: JWTVerifyOptions\n resolver?: Resolvable\n resolveUrl?: string\n noUniversalResolverFallback?: boolean\n subjectSyntaxTypesSupported?: string[]\n}\n\n/**\n * @deprecated Replaced by the identifier resolution service\n */\nexport interface IDIDOptions {\n resolveOpts?: ResolveOpts\n idOpts: LegacyIIdentifierOpts\n supportedDIDMethods?: string[]\n}\n\nexport type IdentifierProviderOpts = {\n type?: TKeyType\n use?: string\n method?: SupportedDidMethodEnum\n did?: string\n alias?: string\n [x: string]: any\n}\n\nexport type CreateIdentifierOpts = {\n method: SupportedDidMethodEnum\n createOpts?: CreateIdentifierCreateOpts\n}\n\nexport type CreateIdentifierCreateOpts = {\n kms?: string\n alias?: string\n options?: IdentifierProviderOpts\n}\n\nexport type CreateOrGetIdentifierOpts = {\n method: SupportedDidMethodEnum\n createOpts?: CreateIdentifierCreateOpts\n}\n\nexport const DID_PREFIX = 'did:'\n\nexport interface GetOrCreateResult<T> {\n created: boolean\n result: T\n}\n\n/**\n * @deprecated Replaced by new signer\n */\nexport type SignJwtArgs = {\n idOpts: LegacyIIdentifierOpts\n header: Partial<JWTHeader>\n payload: Partial<JWTPayload>\n options: { issuer: string; expiresIn?: number; canonicalize?: boolean }\n context: IRequiredSignAgentContext\n}\n\n/**\n * @deprecated Replaced by new signer\n */\nexport type GetSignerArgs = {\n idOpts: LegacyIIdentifierOpts\n context: IRequiredSignAgentContext\n}\n\n/**\n * @deprecated Replaced by the identifier resolution service\n */\ntype LegacyIIdentifierOpts = {\n identifier: IIdentifier | string\n}\nexport type IRequiredSignAgentContext = IAgentContext<IKeyManager & IDIDManager & IResolver>\n"],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;ACAA,0BAA+B;AAC/B,4BAA4B;AAC5B,yBAWO;AACP,IAAAA,sBAA4B;AAC5B,qBAA0F;AAE1F,qBAAyC;AAEzC,mBASO;AACP,qBAAkC;AAGlC,sBAAqB;AAErB,UAAqB;;;AC7Bd,IAAKC,yBAAAA,0BAAAA,yBAAAA;;;;;;;;;SAAAA;;AAWL,IAAKC,sBAAAA,0BAAAA,sBAAAA;;SAAAA;;AA8CL,IAAMC,aAAa;;;ADd1B,IAAM,EAAEC,YAAYC,SAAQ,IAAKC;AAE1B,IAAMC,uBAAuB,8BAClC,EACEC,YACAC,4BACAC,8BACAC,SACAC,cAAa,GAQfC,YAAAA;AAEA,SAAO,MAAMC,wBACX;IACEN;IACAC;IACAC;IACAC;IACAC;IACAG,gBAAgB;EAClB,GACAF,OAAAA;AAEJ,GA3BoC;AA4B7B,IAAMC,0BAA0B,8BACrC,EACEN,YACAC,4BACAC,8BACAC,SACAC,eACAG,eAAc,GAShBF,YAAAA;AAEA,MAAIG,MAAiCC;AACrC,MAAI;AACFD,UACG,MAAME,kCACL;MACEV;MACAO;MACAI,iBAAiB;MACjBR;MACAC;IACF,GACAC,OAAAA,MAEDH,gCAAgCK,mBAAmB,uBAChDE,SACA,MAAMC,kCACJ;MACEV;MACAO,gBAAgB;MAChBI,iBAAiB;MACjBR;MACAC;IACF,GACAC,OAAAA;EAEV,SAASO,GAAG;AACV,QAAIA,aAAaC,OAAO;AACtB,UAAI,CAACD,EAAEE,QAAQC,SAAS,KAAA,KAAU,CAACd,4BAA4B;AAC7D,cAAMW;MACR;IACF,OAAO;AACL,YAAMA;IACR;EACF;AACA,MAAI,CAACJ,OAAOP,4BAA4B;AACtC,UAAMe,aAAaC,cAAcjB,UAAAA;AACjCQ,UACG,MAAME,kCACL;MACEV;MACAO;MACAI,iBAAiB;MACjBO,aAAaF;MACbb;MACAC;IACF,GACAC,OAAAA,MAEDH,gCAAgCK,mBAAmB,uBAChDE,SACA,MAAMC,kCACJ;MACEV;MACAO,gBAAgB;MAChBI,iBAAiB;MACjBO,aAAaF;MACbb;MACAC;IACF,GACAC,OAAAA;AAER,QAAI,CAACG,KAAK;AACRA,YAAMR,WAAWmB,KACdC,IAAI,CAACZ,SAAQA,IAAAA,EACba,OAAO,CAACb,SAAQL,YAAYM,UAAaD,KAAIc,SAASnB,WAAYC,iBAAiBI,KAAIe,QAAQvB,WAAWwB,eAAe,EACzHC,KAAK,CAACjB,SAAQA,KAAIkB,KAAKC,oBAAoBL,KAAKP,SAAS,gBAAA,KAAqBP,KAAIkB,KAAKE,UAAUb,SAAS,gBAAA,CAAA;IAC/G;EACF;AACA,MAAI,CAACP,KAAK;AACR,UAAMK,MAAM,6CAA6Cb,WAAW6B,GAAG,EAAE;EAC3E;AACA,SAAOrB;AACT,GA1FuC;AA4FhC,IAAMsB,+BAA+B,8BAC1CzB,SACA0B,SAAAA;AAEA,QAAMC,oBAAoB,MAAMC,qBAAqB5B,SAAS;IAAE,GAAG0B,MAAMG,YAAYC;IAAS,GAAIJ,MAAMK,UAAU;MAAEA,QAAQL,KAAKK;IAAO;EAAG,CAAA;AAC3I,MAAIJ,sBAAsBvB,QAAW;AACnC,WAAO;MACL4B,SAAS;MACTC,QAAQN;IACV;EACF;AAEA,MAAID,MAAMK,WAAWG,uBAAuBC,SAAS;AACnD,UAAMN,aAAaH,MAAMG,cAAc,CAAC;AACxCA,eAAWC,UAAU;MAAEM,WAAW;MAAQnB,MAAM;MAAa,GAAGY;IAAW;AAC3EH,SAAKG,aAAaA;EACpB;AACA,QAAMQ,oBAAoB,MAAMC,iBAAiBtC,SAAS0B,IAAAA;AAC1D,SAAO;IACLM,SAAS;IACTC,QAAQI;EACV;AACF,GAtB4C;AAwBrC,IAAMT,uBAAuB,8BAAO5B,SAAqC0B,SAAAA;AAC9E,QAAMa,eAAe,MAAMvC,QAAQwC,MAAMC,eAAef,MAAMK,SAAS;IAAEW,UAAU,GAAGC,UAAAA,GAAajB,MAAMK,MAAAA;EAAS,IAAI,CAAC,CAAA,GAAIf,OACzH,CAACrB,eAA4B+B,MAAMT,SAASb,UAAaT,WAAWmB,KAAK8B,KAAK,CAACzC,QAAcA,IAAIc,SAASS,MAAMT,IAAAA,CAAAA;AAGlH,MAAI,CAACsB,eAAeA,YAAYM,WAAW,GAAG;AAC5C,WAAOzC;EACT;AAEA,MAAIsB,MAAMF,KAAK;AACb,UAAMsB,WAAWP,YAAYnB,KAAK,CAACzB,eAA4BA,WAAW6B,QAAQE,KAAKF,GAAG;AAC1F,QAAIsB,UAAU;AACZ,aAAOA;IACT;EACF;AAEA,MAAIpB,MAAMqB,OAAO;AACf,UAAMC,aAAaT,YAAYnB,KAAK,CAACzB,eAA4BA,WAAWoD,UAAUrB,KAAKqB,KAAK;AAChG,QAAIC,YAAY;AACd,aAAOA;IACT;EACF;AAEA,SAAOT,YAAY,CAAA;AACrB,GAxBoC;AA0B7B,IAAMD,mBAAmB,8BAAOtC,SAAqC0B,SAAAA;AAC1E,SAAO,MAAM1B,QAAQwC,MAAMS,iBAAiB;IAC1CC,KAAK,UAAMC,2BAAOnD,SAAS0B,MAAMG,YAAYqB,GAAAA;IAC7C,GAAIxB,MAAMK,UAAU;MAAEW,UAAU,GAAGC,UAAAA,GAAajB,MAAMK,MAAAA;IAAS;IAC/DgB,OAAOrB,MAAMG,YAAYkB,SAAS,GAAGK,oBAAoBC,OAAO,IAAI3B,MAAMK,MAAAA,IAAUL,MAAMG,YAAYC,SAASb,IAAAA,KAAQ,oBAAIqC,KAAAA,GAAOC,QAAO,CAAA;IACzIzB,SAASJ,MAAMG,YAAYC;EAC7B,CAAA;AACF,GAPgC;AASzB,IAAMzB,oCAAoC,8BAC/C,EACEV,YACAO,iBAAiB,sBACjBJ,SACAQ,kBAAkB,OAClBO,aACAd,cAAa,GASfC,YAAAA;AAEA,QAAMwD,cAAc,MAAMC,qCAAqC;IAAE9D;IAAYO;IAAgBW;EAAY,GAAGb,OAAAA;AAC5G,MAAI0D,MAAMC,QAAQH,WAAAA,KAAgBA,YAAYX,SAAS,GAAG;AACxD,UAAMe,qBAAqBjE,WAAWwB,kBAClCqC,YAAYpC,KAAK,CAACjB,QAAQA,IAAIe,QAAQvB,WAAWwB,oBAAoBrB,YAAYM,UAAaD,IAAIc,SAASnB,QAAM,IACjHM;AAEJ,UAAM6B,SAAS2B,sBAAsBJ,YAAYpC,KAAK,CAACjB,QAAQL,YAAYM,UAAaD,IAAIc,SAASnB,OAAAA;AACrG,QAAImC,QAAQ;AACV,aAAOA;IACT;EACF;AACA,MAAI3B,iBAAiB;AACnB,UAAM,IAAIE,MACR,wCAAwCN,cAAAA,wBAAsCP,WAAW6B,GAAG,GAAG1B,UAAU,oBAAoBA,UAAU,EAAA,EAAI;EAE/I;AACA,SAAOM;AACT,GAnCiD;AAqC1C,IAAMyD,4BAA4B,wBAAC,EAAE1D,IAAG,MAAiB;AAC9D,MAAIA,IAAIc,SAAS,aAAa;AAC5B,UAAMT,MAAM,+DAA+DL,IAAIc,IAAI,gBAAgBd,IAAIe,GAAG,EAAE;EAC9G;AACA,QAAM4C,kBAAkB3D,IAAIkB,MAAMyC,mBAAmB3D,IAAIkB,MAAM0C,SAASC,YAAAA,SAAiBC,oCAAe,KAAK9D,IAAI+D,YAAY,EAAE,EAAEF,YAAW;AAC5I,MAAI,CAACF,iBAAiB;AACpB,UAAMtD,MAAM,mEAAmEL,IAAIe,GAAG,EAAE;EAC1F;AACA,SAAO4C;AACT,GATyC;AAWlC,IAAMK,mBAAmB,wBAAC,EAAExE,WAAU,MAA+B;AAC1E,QAAMQ,MAAMR,WAAWmB,KAAKM,KAAK,CAACjB,SAAQA,KAAIe,QAAQvB,WAAWwB,eAAe;AAChF,MAAI,CAAChB,KAAK;AACR,UAAMK,MAAM,+CAA+Cb,UAAAA,EAAY;EACzE;AACA,SAAOQ;AACT,GANgC;AAQzB,IAAMiE,UAAU,wBAAC,EACtBC,eACAnB,KACAvD,YACA2E,WACAxE,SACAC,cAAa,MAQd;AACC,SAAOJ,WAAWmB,KACfE,OAAO,CAACb,QAAQ,CAACL,WAAWK,IAAIc,SAASnB,OAAAA,EACzCkB,OAAO,CAACb,QAAQ,CAAC+C,OAAO/C,IAAI+C,QAAQA,GAAAA,EACpClC,OAAO,CAACb,QAAQ,CAACmE,aAAanE,IAAIe,QAAQoD,SAAAA,EAC1CtD,OAAO,CAACb,QAAQ,CAACkE,iBAAiBlE,IAAIkB,MAAMgD,kBAAkBA,aAAAA,EAC9DrD,OAAO,CAACb,QAAQ,CAACJ,iBAAiBJ,WAAWwB,oBAAoBhB,IAAIe,GAAG;AAC7E,GArBuB;AAkCvB,eAAsBqD,iCACpB1D,aACA2D,UAA8B,gBAC9BxE,SAAiC;AAEjC,QAAMyE,UAAUD,YAAY;AAC5B,MAAIA,YAAY,WAAW;AACzB,WAAO,CAAA;EACT;AACA,UACE,MAAME,QAAQC,KACX9D,YAAY2D,OAAAA,KAAY,CAAA,GAAIzD,IAAI,OAAOZ,QAAAA;AACtC,QAAI,OAAOA,QAAQ,UAAU;AAC3B,UAAI;AACF,eAAQ,MAAMH,QAAQwC,MAAMoC,oBAAoB;UAC9C/D;UACAgE,QAAQ1E;UACRqE;QACF,CAAA;MACF,SAASjE,GAAG;AACV,eAAO;MACT;IACF,OAAO;AACL,aAAOJ;IACT;EACF,CAAA,CAAA,GAGDa,OAAO8D,sBAAAA,EACP/D,IAAI,CAACZ,QAAAA;AACJ,UAAM4E,SAASC,kCAAkC7E,KAAKsE,OAAAA;AACtD,UAAM,EAAEP,cAAce,iBAAiBC,iBAAiBC,cAAc,GAAGC,SAAAA,IAAajF;AACtF,UAAMkF,SAAS;MAAE,GAAGD;MAAUlB,cAAca;IAAO;AACnD,QAAIN,WAAW,iCAAiCY,OAAOpE,MAAM;AAC3DoE,aAAOpE,OAAO;IAChB;AACA,WAAOoE;EACT,CAAA;AACJ;AAtCsBd;AAwCf,SAASe,mBAAmBC,KAAQ;AAGzC,QAAMC,KAAkC;IACtCL,kBAAcM,iCAAaF,GAAAA;EAC7B;AACA,SAAOP,kCAAkCQ,EAAAA;AAC3C;AAPgBF;AAkBT,SAASN,kCAAkCU,IAAiCjB,UAAU,OAAK;AAChG,MAAIiB,GAAGP,cAAc;AACnB,UAAMI,UAAME,iCAAaC,GAAGP,YAAY;AACxC,QAAII,IAAII,QAAQ,MAAM;AACpB,YAAMC,QAAQL,IAAIM,MAAMC,aAAaP,IAAIM,GAAG,IAAI;AAChD,YAAME,WAAOC,iCAAYT,IAAIU,GAAI,WAAA;AACjC,YAAMC,WAAOF,iCAAYT,IAAIY,GAAI,WAAA;AACjC,YAAMC,SAAS;AAGf,YAAMC,MAAM,GAAGD,MAAAA,GAASL,IAAAA,GAAOG,IAAAA;AAC/B,UAAI;AACF,cAAMI,KAAK,IAAIC,gBAAAA,QAASD,GAAGV,KAAAA;AAE3B,cAAM1B,eAAeoC,GAAGE,cAAcH,KAAK,KAAA,EAAOI,UAAU,MAAM,KAAA;AAElE,eAAOvC;MACT,SAASwC,OAAY;AACnBC,gBAAQD,MAAM,+CAA+Cd,KAAAA,wBAA6BL,IAAIU,CAAC,QAAQV,IAAIY,CAAC,YAAYO,KAAAA,IAASA,KAAAA;MACnI;IACF,WAAWnB,IAAIM,QAAQ,WAAW;AAChC,aAAOrG,SAASD,WAAWgG,IAAIU,GAAI,WAAA,GAAc,QAAA;IACnD,WAAWV,IAAII,QAAQ,OAAO;AAC5B,iBAAOiB,sCAAkBrB,GAAAA;IAE3B;EACF;AAEA,SAAOsB,oBAAoBnB,IAAIjB,OAAAA;AACjC;AA7BgBO;AA+BT,SAAS8B,gBAAgBT,KAAW;AACzC,QAAMU,WAAWV,IAAIA,IAAIxD,SAAS,CAAA,EAAGmB,YAAW;AAChD,SAAO;IAAC;IAAK;IAAK;IAAK;IAAK;IAAK;IAAK;IAAK;IAAKtD,SAASqG,QAAAA;AAC3D;AAHgBD;AAkBT,SAASD,oBAAoBnB,IAAiCjB,UAAmB,OAAK;AAC3F,MAAIuC,WAAWC,sBAAsBvB,EAAAA;AACrC,QAAMH,MAAMG,GAAGP,mBAAeM,iCAAaC,GAAGP,YAAY,IAAI/E;AAC9D,MAAIqE,SAAS;AACX,QACE;MAAC;MAAW;MAA8B;MAA8B/D,SAASgF,GAAGzE,IAAI,KACvFyE,GAAGzE,SAAS,oBAAoBsE,KAAKM,QAAQ,WAC9C;AACAmB,qBAAWE,yCAAyBF,QAAAA;IACtC,WACE,CAAC;MAAC;MAAU;MAA6B;MAA6BtG,SAASgF,GAAGzE,IAAI,KACtF,EAAEyE,GAAGzE,SAAS,oBAAoBsE,KAAKM,QAAQ,WAC/C;AACA,aAAO;IACT;EACF;AACA,aAAOsB,2BAAWH,QAAAA;AACpB;AAjBgBH;AAmBhB,SAASf,aAAasB,OAAa;AACjC,SAAOA,MAAMpD,YAAW,EAAGqD,QAAQ,KAAK,EAAA,EAAIA,QAAQ,KAAK,EAAA;AAC3D;AAFSvB;AAIT,SAASmB,sBAAsBvB,IAAsB;AACnD,MAAIA,GAAGT,iBAAiB;AACtB,eAAOqC,8BAAc5B,GAAGT,eAAe;EACzC,WAAWS,GAAG6B,oBAAoB;AAChC,eAAOC,oCAAoB9B,GAAG6B,kBAAkB;EAClD,WAAsC7B,GAAIR,iBAAiB;AACzD,eAAOuC,8BAAyC/B,GAAIR,eAAe;EACrE,WAAWQ,GAAGxB,cAAc;AAC1B,eAAOwD,2BAAWhC,GAAGxB,YAAY;EACnC,WAAWwB,GAAGP,cAAcU,OAAOH,GAAGP,aAAac,KAAKP,GAAGP,aAAagB,GAAG;AACzE,eAAOuB,2BAAW1C,kCAAkCU,EAAAA,CAAAA;EACtD,WAAWA,GAAGP,iBAAiBO,GAAGP,aAAaU,QAAQ,aAAaH,GAAGP,aAAaU,QAAQ,aAAaH,GAAGP,aAAac,GAAG;AAC1H,eAAOwB,8BAAc/B,GAAGP,aAAac,CAAC;EACxC;AACA,SAAO,IAAI0B,WAAAA;AACb;AAfSV;AAiBF,SAASW,wBAAwBpC,IAAwBlF,kBAAkB,MAAI;AACpF,MAAIiF,MAAuBC,GAAGL;AAC9B,MAAI,CAACI,KAAK;AACR,QAAIrB,eAAesB,GAAGtB,gBAAgB1E,SAASyH,sBAAsBzB,EAAAA,GAAK,KAAA;AAC1E,QAAItB,gBAAgBA,aAAa2D,KAAI,MAAO,IAAI;AAC9CtC,gBAAMuC,0BAAM5D,kBAAc6D,kDAA8B;QAAElC,KAAKL,GAAGvE;MAAK,CAAA,CAAA;IACzE;EACF;AACA,MAAI,CAACsE,KAAK;AACR,QAAIjF,iBAAiB;AACnB,YAAME,MAAM,yCAAyCgF,GAAGwC,EAAE,SAAS;IACrE;AACA,WAAO;EACT;AACAzC,MAAIrE,MAAMsE,GAAGwC;AACb,aAAOvC,iCAAaF,GAAAA;AACtB;AAhBgBqC;AAkBhB,SAASK,yBACPC,oBACAC,8BACAC,qBAA0C;AAE1C,QAAMC,OAAO,IAAIC,KACdH,gCAAgC,CAAA,GAC9BpH,IAAI,CAACwH,WAAY,OAAOA,WAAW,WAAWA,SAASH,qBAAqBhH,KAAK,CAACoE,OAAOA,GAAGwC,OAAOO,MAAAA,CAAAA,EACnGvH,OAAO8D,sBAAAA,EACP/D,IAAI,CAACyE,OAAOoC,wBAAwBpC,IAAI,KAAA,CAAA,EACxCxE,OAAO8D,sBAAAA,CAAAA;AAEZ,SAAO;IAAEoD;IAAoBG,MAAM3E,MAAM8E,KAAKH,IAAAA;EAAM;AACtD;AAbSJ;AAiBF,SAASQ,kBAAkB5H,aAAwB;AACxD,SAAO;IACLS,oBAAoB;SACf2G,yBAAyB,aAAapH,YAAY6H,WAAW7H,YAAYS,kBAAkB,EAAE+G;SAC7FJ,yBAAyB,sBAAsBpH,YAAYS,oBAAoBT,YAAYS,kBAAkB,EAAE+G;;IAEpHM,iBAAiBV,yBAAyB,mBAAmBpH,YAAY8H,iBAAiB9H,YAAYS,kBAAkB,EAAE+G;IAC1HO,gBAAgBX,yBAAyB,kBAAkBpH,YAAY+H,gBAAgB/H,YAAYS,kBAAkB,EAAE+G;IACvHQ,cAAcZ,yBAAyB,gBAAgBpH,YAAYgI,cAAchI,YAAYS,kBAAkB,EAAE+G;IACjHS,sBAAsBb,yBAAyB,wBAAwBpH,YAAYiI,sBAAsBjI,YAAYS,kBAAkB,EAAE+G;IACzIU,sBAAsBd,yBAAyB,wBAAwBpH,YAAYkI,sBAAsBlI,YAAYS,kBAAkB,EAAE+G;EAC3I;AACF;AAZgBI;AA+BhB,eAAsBhF,qCACpB,EACE9D,YACAO,iBAAiB,sBACjBW,aACAyD,UAAS,GAOXtE,SAA+C;AAE/C,QAAMgJ,SACJnI,eACC,MAAMoI,iBAAiBjJ,OAAAA,EACrBkJ,QAAQvJ,WAAW6B,GAAG,EACtB2H,KAAK,CAAClH,WAAWA,OAAOpB,WAAW;AACxC,MAAI,CAACmI,QAAQ;AACX,UAAMxI,MAAM,yBAAyBb,WAAW6B,GAAG,EAAE;EACvD;AAKA,QAAMV,OAAOkI,SAAS,CAAA,IAAK,UAAMI,qCAAuBzJ,YAAYO,gBAAgBF,OAAAA;AAGpF,QAAMqJ,eAAqC,MAAM9E,iCAAiCyE,QAAQ9I,gBAAgBF,OAAAA;AAE1G,MAAIsE,WAAW;AACb,QAAIgF,QAAQxI,KAAKE,OAAO,CAACb,QAAQA,IAAIe,QAAQoD,SAAAA;AAC7C,QAAIgF,MAAMzG,SAAS,GAAG;AACpB,aAAOyG;IACT;EACF;AAEA,QAAMC,YAAYrJ,mBAAmB,qBAAiBsJ,8CAAgC7J,UAAAA,QAAc8J,8CAAgC9J,UAAAA;AAGpI,QAAM+J,eAAgCL,aACnCtI,IAAI,CAACO,uBAAAA;AACJ,QAAIqI,QAAQrI,mBAAmB4C;AAC/B,QAAIyF,OAAOC,WAAW,IAAA,GAAO;AAE3BD,kBAAQE,mCAAeF,KAAAA;IACzB;AAEA,UAAMG,WAAWP,UAAUnI,KACzB,CAAC0I,cACCA,UAAS5F,iBAAiByF,SACzBG,UAAS7I,SAAS,SAAS0I,OAAOC,WAAW,IAAA,SAASC,mCAAeC,UAAS5F,YAAY,MAAMyF,SACjGA,OAAOC,WAAWE,UAAS5F,YAAY,KACvC6F,2BAA2BD,WAAUxI,kBAAAA,CAAAA;AAEzC,QAAIwI,UAAU;AACZ,YAAM,EAAEzI,MAAM,GAAG2I,WAAAA,IAAeF;AAChC,aAAO;QAAE,GAAGE;QAAY3I,MAAM;UAAE,GAAGA;UAAMC;QAAmB;MAAE;IAChE,OAAO;AACL,aAAO;IACT;EACF,CAAA,EACCN,OAAO8D,sBAAAA;AAEV,QAAMmF,UAAUvG,MAAM8E,KAAK,IAAIF,IAAIxH,KAAKoJ,OAAOR,YAAAA,CAAAA,CAAAA;AAG/C,MAAIxJ,mBAAmB,sBAAsB;AAC3C,WAAO+J;EACT;AAEA,SAAOA,QAAQjJ,OAAO,CAACb,QAAAA;AACrB,UAAMoB,WAAWpB,IAAIkB,MAAME;AAC3B,QAAI,CAACA,YAAYA,SAASsB,WAAW,GAAG;AACtC,aAAO;IACT;AACA,WAAOtB,SAASb,SAASR,cAAAA;EAC3B,CAAA;AACF;AA/EsBuD;AA6FtB,SAASsG,2BAA2BD,UAAgBxI,oBAAsC;AACxF,MACGA,mBAAmBL,SAAS,sCAAsCK,mBAAmBL,SAAS,uCAC/F6I,SAAS7I,SAAS,aAClB;AACA,WAAO;EACT;AACA,MAAIkJ,gBAAYC,iCAAmB9I,kBAAAA;AACnC,MAAIwI,SAASzI,MAAM0C,SAAS;AAC1B,WAAOoG,cAAcL,SAASzI,MAAM0C,QAAQC,YAAAA;EAC9C;AACA,QAAMqG,mBAAepG,oCAAe,OAAO6F,SAAS5F,YAAY,EAAEF,YAAW;AAC7E,SAAOqG,iBAAiBF;AAC1B;AAbSJ;AAeT,eAAsBO,mBAAmBtK,SAAmC;AAC1E,UAAQ,MAAMA,QAAQwC,MAAM+H,uBAAsB,GAAIxJ,IAAI,CAAC2B,aAAaA,SAASsB,YAAW,EAAGqD,QAAQ,QAAQ,EAAA,CAAA;AACjH;AAFsBiD;AAIf,SAASE,OAAOC,QAA4C;AACjE,MAAI,OAAOA,OAAO9K,eAAe,UAAU;AACzC,WAAO8K,OAAO9K;EAChB,WAAW,OAAO8K,OAAO9K,eAAe,UAAU;AAChD,WAAO8K,OAAO9K,WAAW6B;EAC3B;AACA,QAAMhB,MAAM,sCAAsC;AACpD;AAPgBgK;AAST,SAASE,MAAM/K,YAAuD;AAC3E,MAAI,OAAOA,eAAe,UAAU;AAClC,WAAOA;EACT;AACA,MAAIA,WAAW6B,KAAK;AAClB,WAAO7B,WAAW6B;EACpB;AACA,QAAMhB,MAAM,oCAAoC;AAClD;AARgBkK;AAUT,SAASC,OAAOpI,aAA6D;AAClF,MAAI,CAACA,aAAa;AAChB,WAAO,CAAA;EACT;AACA,SAAOA,YAAYxB,IAAI2J,KAAAA;AACzB;AALgBC;AAOhB,eAAsBC,OACpB,EACEjL,YACAO,iBAAiB,kBACjBoE,UAAS,GAMXtE,SAA+C;AAE/C,MAAI,CAACL,YAAY;AACf,WAAO+E,QAAQmG,OAAO,IAAIrK,MAAM,0CAA0C,CAAA;EAC5E;AAEA,QAAMsK,iBAAiBxG,WAAWyG,MAAM,GAAG;AAC3C,QAAM7J,MAAM4J,iBAAkBA,gBAAgBjI,WAAW,IAAIiI,eAAe,CAAA,IAAKA,eAAe,CAAA,IAAM1K;AAGtG,MAAI4K,gBAA2C5K;AAE/C,QAAMU,OAAO,MAAM2C,qCAAqC;IAAE9D;IAAYO;IAAgCoE;EAAqB,GAAGtE,OAAAA;AAC9H,MAAI,CAACc,QAAQA,KAAK+B,WAAW,GAAG;AAC9B,UAAM,IAAIrC,MAAM,gDAAgDN,cAAAA,YAA0BP,WAAW6B,GAAG,EAAE;EAC5G;AACA,MAAI8C,WAAW;AACb0G,oBAAgBlK,KAAKM,KACnB,CAACjB,QAAuBA,IAAIkB,KAAKC,oBAAoB0G,OAAO1D,aAAcpD,OAAOf,IAAIkB,KAAKC,oBAAoB0G,IAAItH,SAASQ,GAAAA,CAAAA;EAE/H;AACA,MAAI,CAAC8J,eAAe;AAClBA,oBAAgBlK,KAAKM,KACnB,CAACjB,QAAuBA,IAAIkB,KAAKC,oBAAoBL,SAASf,kBAAkBC,IAAIkB,KAAKE,UAAUb,SAASR,cAAAA,CAAAA;EAEhH;AACA,MAAI,CAAC8K,eAAe;AAClBA,oBAAgBlK,KAAK,CAAA;EACvB;AAEA,MAAI,CAACkK,eAAe;AAClB,UAAM,IAAIxK,MACR,8DAA8D8D,SAAAA,mBAA4BpE,cAAAA,WAAyBP,WAAW6B,GAAG,EAAE;EAEvI;AAEA,SAAOwJ;AACT;AA/CsBJ;AAwDtB,eAAeK,oBACb,EACEtL,WAAU,GAIZK,SAAmC;AAEnC,MAAI,OAAOL,eAAe,UAAU;AAClC,WAAO,MAAMK,QAAQwC,MAAM0I,cAAc;MAAE1J,KAAK7B;IAAW,CAAA;EAC7D;AACA,SAAOA;AACT;AAZesL;AAoBf,eAAsBE,aACpB,EACEhL,KACAsK,OAAM,GAKRzK,SAA+C;AAE/C,MAAIG,IAAIkB,MAAMC,oBAAoB0G,IAAI;AACpC,WAAO7H,IAAIkB,MAAMC,oBAAoB0G;EACvC;AACA,QAAMrI,aAAa,MAAMsL,oBAAoBR,QAAQzK,OAAAA;AACrD,QAAMoL,aAAa,MAAM3H,qCACvB;IACE9D;IACAO,gBAAgB;EAClB,GACAF,OAAAA;AAEF,QAAM2J,QAAQyB,WAAWhK,KAAK,CAACiK,gBAAgBA,YAAYnK,QAAQf,IAAIe,GAAG;AAC1E,MAAIyI,OAAO;AACT,WAAOA,MAAMtI,MAAMC,oBAAoB0G,MAAM2B,MAAMtI,MAAMgD,iBAAiBoG,OAAOnG,aAAaqF,MAAMzI;EACtG;AAEA,SAAOf,IAAIkB,MAAMgD,iBAAiBoG,OAAOnG,aAAanE,IAAIe;AAC5D;AA3BsBiK;AA6BtB,eAAsBG,uBAAuBC,SAAsBvL,SAAmC;AACpG,SAAOuL,QAAQC,uBAAwB,MAAMlB,mBAAmBtK,OAAAA;AAClE;AAFsBsL;AAIf,SAASrC,iBACdjJ,SACA0B,MAIC;AAED,SAAO,IAAI+J,iBAAiBzL,SAAS0B,IAAAA;AACvC;AATgBuH;AAWT,IAAMwC,mBAAN,MAAMA;EAtxBb,OAsxBaA;;;EACMzL;EACA0L;EACAC;EACAC;EAEjB,YACE5L,SACA0B,MACA;AACA,SAAK1B,UAAUA;AACf,SAAK0L,qBAAqBhK,MAAMgK,uBAAuB;AACvD,SAAKC,wBAAwBjK,MAAMiK,0BAA0B;AAC7D,SAAKC,kBAAkBlK,MAAMkK,oBAAoB;EACnD;EAEA,MAAM1C,QAAQrE,QAAgB/C,SAA8D;AAC1F,QAAI+J;AACJ,QAAIC;AACJ,QAAIC;AACJ,QAAI,CAAC,KAAKL,sBAAsB,CAAC,KAAKE,mBAAmB,CAAC,KAAKD,uBAAuB;AACpF,YAAMnL,MAAM,6HAA6H;IAC3I;AACA,QAAI,KAAKkL,oBAAoB;AAC3B,UAAI;AACFG,2BAAmB,MAAM,KAAK7L,QAAQwC,MAAMwJ,WAAW;UAAEnH;UAAQ/C;QAAQ,CAAA;MAC3E,SAAS4E,OAAgB;AACvBqF,cAAMrF;MACR;IACF;AACA,QAAImF,kBAAkB;AACpBC,6BAAuBD;AACvB,UAAIA,iBAAiBhL,gBAAgB,MAAM;AACzCgL,2BAAmBzL;MACrB;IACF,OAAO;AACLuG,cAAQsF,IAAI,wEAAwE;IACtF;AACA,QAAI,CAACJ,oBAAoB,KAAKD,iBAAiB;AAC7CjF,cAAQsF,IAAI,kEAAkE;AAC9E,UAAI;AACF,cAAMzK,MAAMqD,OAAOkG,MAAM,GAAA,EAAK,CAAA;AAC9B,cAAMmB,cAAc,MAAM,KAAKlM,QAAQwC,MAAM0I,cAAc;UAAE1J;QAAI,CAAA;AACjEqK,2BAAmBM,sBAAsBD,aAAa;UAAE1K;QAAI,CAAA;AAC5D,YAAIqK,iBAAiBhL,aAAa;AAChCkL,gBAAM3L;QACR,OAAO;AACLuG,kBAAQsF,IAAI,mDAAmDzK,GAAAA,EAAK;QACtE;MACF,SAASkF,OAAgB;AACvB,YAAI,CAACqF,KAAK;AACRA,gBAAMrF;QACR;MACF;IACF;AACA,QAAImF,kBAAkB;AACpB,UAAI,CAACC,sBAAsB;AACzBA,+BAAuBD;MACzB;AACA,UAAI,CAACA,iBAAiBhL,aAAa;AACjCgL,2BAAmBzL;MACrB;IACF;AACA,QAAI,CAACyL,oBAAoB,KAAKF,uBAAuB;AACnDhF,cAAQsF,IAAI,+CAA+CpH,MAAAA,GAAS;AACpEgH,yBAAmB,MAAM,IAAIO,kCAAAA,EAAclD,QAAQrE,QAAQ/C,OAAAA;AAC3D,UAAI,CAACgK,sBAAsB;AACzBA,+BAAuBD;MACzB;AACA,UAAIA,iBAAiBhL,aAAa;AAChCkL,cAAM3L;MACR;IACF;AAEA,QAAI2L,KAAK;AAEP,YAAMA;IACR;AACA,QAAI,CAACF,oBAAoB,CAACC,sBAAsB;AAC9C,YAAM,qBAAqBjH,MAAAA,gCAAsC,KAAK6G,kBAAkB,YAAY,KAAKE,eAAe,mBAAmB,KAAKD,qBAAqB;IACvK;AACA,WAAOE,oBAAoBC;EAC7B;AACF;AAEA,IAAMO,aAAa,wBAAClM,KAAWmM,YAC5BnM,KAAKkB,MAAMiL,YAAYlM,UAAaD,KAAKkB,MAAME,aAAanB,UAAcD,KAAKkB,MAAMiL,YAAYA,WAAWnM,KAAKkB,MAAME,UAAUb,SAAS4L,OAAAA,GAD1H;AAaZ,SAAS1L,cACdjB,YACA+B,MAGC;AAED,MAAIb,cAAuCT;AAE3C,MAAIT,YAAY;AACd,UAAM6B,MAAM7B,WAAW6B,OAAOE,MAAMF;AACpCX,kBAAc;MACZ,YAAY;MACZmH,IAAIxG;MACJF,oBAAoB3B,WAAWmB,KAAKC,IAAI,CAACZ,QAAAA;AAEvC,cAAMgF,eAAehF,IAAIkB,MAAMkE,UAC3BE,iCAAatF,IAAIkB,KAAKkE,GAAG,QACzBuC,0BAAM3H,IAAI+D,cAAc/D,IAAIc,MAAM;UAChCsL,KAAKC,gCAAa9L,SAASP,IAAIc,IAAI,IAAIwL,6BAAUC,aAAaD,6BAAUE;UACxExM;QACF,CAAA;AAEJ,cAAMqF,KAAyB;UAC7BoH,YAAYpL;UACZwG,IAAI7H,IAAIe,IAAI0I,WAAWpI,GAAAA,KAAQrB,IAAIe,IAAIR,SAAS,GAAA,IAAOP,IAAIe,MAAM,GAAGM,GAAAA,IAAOrB,IAAIe,GAAG;UAClFiE;UACAlE,MAAM;QACR;AACA,eAAOuE;MACT,CAAA;MACA,IAAK9D,MAAM6K,QAAQnM,UAAasB,MAAM6K,KAAK7L,SAAS+L,6BAAUE,SAAS,MACrEhN,WAAWmB,QAAQ;QACjB6H,iBAAiBhJ,WAAWmB,KACzBE,OAAO,CAACb,QAAQkM,WAAWlM,KAAK,iBAAA,CAAA,EAChCY,IAAI,CAACZ,QAAAA;AACJ,cAAIA,IAAIe,IAAI0I,WAAWpI,GAAAA,KAAQrB,IAAIe,IAAIR,SAAS,GAAA,GAAM;AACpD,mBAAOP,IAAIe;UACb;AACA,iBAAO,GAAGM,GAAAA,IAAOrB,IAAIe,GAAG;QAC1B,CAAA;MACJ;MACF,IAAKQ,MAAM6K,QAAQnM,UAAasB,MAAM6K,KAAK7L,SAAS+L,6BAAUE,SAAS,MACrEhN,WAAWmB,QAAQ;QACjB8H,gBAAgBjJ,WAAWmB,KACxBE,OAAO,CAACb,QAAQkM,WAAWlM,KAAK,gBAAA,CAAA,EAChCY,IAAI,CAACZ,QAAAA;AACJ,cAAIA,IAAIe,IAAI0I,WAAWpI,GAAAA,KAAQrB,IAAIe,IAAIR,SAAS,GAAA,GAAM;AACpD,mBAAOP,IAAIe;UACb;AACA,iBAAO,GAAGM,GAAAA,IAAOrB,IAAIe,GAAG;QAC1B,CAAA;MACJ;MACF,IAAKQ,MAAM6K,QAAQnM,UAAasB,MAAM6K,KAAK7L,SAAS+L,6BAAUC,UAAU,MACtE/M,WAAWmB,QAAQ;QACjB+H,cAAclJ,WAAWmB,KACtBE,OAAO,CAACb,QAAQA,IAAIc,SAAS,YAAYoL,WAAWlM,KAAK,cAAA,CAAA,EACzDY,IAAI,CAACZ,QAAAA;AACJ,cAAIA,IAAIe,IAAI0I,WAAWpI,GAAAA,KAAQrB,IAAIe,IAAIR,SAAS,GAAA,GAAM;AACpD,mBAAOP,IAAIe;UACb;AACA,iBAAO,GAAGM,GAAAA,IAAOrB,IAAIe,GAAG;QAC1B,CAAA;MACJ;MACF,IAAKQ,MAAM6K,QAAQnM,UAAasB,MAAM6K,KAAK7L,SAAS+L,6BAAUC,UAAU,MACtE/M,WAAWmB,QAAQ;QACjBgI,sBAAsBnJ,WAAWmB,KAC9BE,OAAO,CAACb,QAAQA,IAAIc,SAAS,YAAYoL,WAAWlM,KAAK,sBAAA,CAAA,EACzDY,IAAI,CAACZ,QAAAA;AACJ,cAAIA,IAAIe,IAAI0I,WAAWpI,GAAAA,KAAQrB,IAAIe,IAAIR,SAAS,GAAA,GAAM;AACpD,mBAAOP,IAAIe;UACb;AACA,iBAAO,GAAGM,GAAAA,IAAOrB,IAAIe,GAAG;QAC1B,CAAA;MACJ;MACF,IAAKQ,MAAM6K,QAAQnM,UAAasB,MAAM6K,KAAK7L,SAAS+L,6BAAUC,UAAU,MACtE/M,WAAWmB,QAAQ;QACjBiI,sBAAsBpJ,WAAWmB,KAC9BE,OAAO,CAACb,QAAQA,IAAIc,SAAS,YAAYoL,WAAWlM,KAAK,sBAAA,CAAA,EACzDY,IAAI,CAACZ,QAAAA;AACJ,cAAIA,IAAIe,IAAI0I,WAAWpI,GAAAA,KAAQrB,IAAIe,IAAIR,SAAS,GAAA,GAAM;AACpD,mBAAOP,IAAIe;UACb;AACA,iBAAO,GAAGM,GAAAA,IAAOrB,IAAIe,GAAG;QAC1B,CAAA;MACJ;MACF,GAAIvB,WAAWkN,YAAYlN,WAAWkN,SAAShK,SAAS,KAAK;QAAEiK,SAASnN,WAAWkN;MAAS;IAC9F;EACF;AACA,SAAOhM;AACT;AA1FgBD;AA4FT,SAASuL,sBACdxM,YACA+B,MAGC;AAED,QAAMb,cAAcD,cAAcjB,YAAY+B,IAAAA,KAAS;AAEvD,QAAMmK,mBAAwC;IAC5C,YAAY;IACZhL;IACAkM,uBAAuB;MACrB,GAAI,CAAClM,eAAe;QAAE6F,OAAO;MAAW;MACxC,GAAIhD,MAAMC,QAAQjC,MAAMsL,gBAAAA,KACtBrN,cACA,CAAC+B,MAAMsL,iBAAiBtM,SAASf,WAAW+C,SAAS2E,QAAQ,QAAQ,EAAA,CAAA,KAAQ;QAAEX,OAAO;MAAuB;IACjH;IACAuG,qBAAqB;MACnB,GAAItN,YAAYoD,SAAS;QAAEmK,cAAcvN,YAAYoD;MAAM;IAC7D;EACF;AACA,SAAO8I;AACT;AAvBgBM;AAyBhB,eAAsBgB,SAASC,eAAqB;AAClD,MAAI5L,MAAM4L;AACV,MAAI,CAAC5L,KAAK;AACR,UAAMhB,MAAM,+CAAA;EACd;AACA,MAAIgB,IAAIoI,WAAW,UAAA,GAAa;AAC9B,WAAOpI;EACT;AACA,SAAO,WAAWA,IAAI6F,QAAQ,2BAA2B,IAAA,EAAMrD,YAAW,CAAA;AAC5E;AATsBmJ;AAcf,IAAME,aAAa,8BAAOC,SAAAA;AAC/B,QAAM,EAAE7C,QAAQ8C,QAAQC,SAASxN,SAAS8B,QAAO,IAAKwL;AACtD,QAAMG,aAAa;IACjB,GAAG3L;IACH4L,QAAQ,MAAMC,aAAa;MAAElD;MAAQzK;IAAQ,CAAA;EAC/C;AAEA,aAAO4N,0BAAUJ,SAASC,YAAYF,MAAAA;AACxC,GAR0B;AAanB,IAAMI,eAAe,8BAC1BL,SAAAA;AAiBA,QAAM,EAAE7C,QAAQzK,QAAO,IAAKsN;AAE5B,QAAM3N,aAAa,MAAMsL,oBAAoBR,QAAQzK,OAAAA;AACrD,QAAMG,MAAM,MAAMyK,OAChB;IACEjL;IACAO,gBAAgBuK,OAAOoD;IACvBvJ,WAAWmG,OAAOnG;EACpB,GACAtE,OAAAA;AAEF,QAAM8N,YAAY,UAAMC,8CAA0B;IAAE5N;EAAI,CAAA;AAExD,SAAO,OAAO6N,SAAAA;AACZ,UAAM5G,QAAQ4G,gBAAgBC,OAAOC,eAAevG,UAAAA,IAAc,IAAIwG,YAAAA,EAAcC,OAAOJ,IAAAA,IAAuBA;AAClH,WAAO,MAAMhO,QAAQwC,MAAM6L,eAAe;MACxCC,QAAQnO,IAAIe;MACZ4M;MACAE,MAAM5G;IACR,CAAA;EACF;AACF,GAvC4B;","names":["import_ssi_sdk_ext","SupportedDidMethodEnum","IdentifierAliasEnum","DID_PREFIX","fromString","toString","u8a","getAuthenticationKey","identifier","offlineWhenNoDIDRegistered","noVerificationMethodFallback","keyType","controllerKey","context","getFirstKeyWithRelation","vmRelationship","key","undefined","getFirstKeyWithRelationFromDIDDoc","errorOnNotFound","e","Error","message","includes","offlineDID","toDidDocument","didDocument","keys","map","filter","type","kid","controllerKeyId","find","meta","verificationMethod","purposes","did","getOrCreatePrimaryIdentifier","opts","primaryIdentifier","getPrimaryIdentifier","createOpts","options","method","created","result","SupportedDidMethodEnum","DID_KEY","codecName","createdIdentifier","createIdentifier","identifiers","agent","didManagerFind","provider","DID_PREFIX","some","length","didMatch","alias","aliasMatch","didManagerCreate","kms","getKms","IdentifierAliasEnum","PRIMARY","Date","getTime","matchedKeys","mapIdentifierKeysToDocWithJwkSupport","Array","isArray","controllerKeyMatch","getEthereumAddressFromKey","ethereumAddress","account","toLowerCase","computeAddress","publicKeyHex","getControllerKey","getKeys","jwkThumbprint","kmsKeyRef","dereferenceDidKeysWithJwkSupport","section","convert","Promise","all","getDIDComponentById","didUrl","isDefined","hexKey","extractPublicKeyHexWithJwkSupport","publicKeyBase58","publicKeyBase64","publicKeyJwk","keyProps","newKey","jwkTtoPublicKeyHex","jwk","vm","sanitizedJwk","pk","kty","curve","crv","toEcLibCurve","xHex","base64ToHex","x","yHex","y","prefix","hex","ec","elliptic","keyFromPublic","getPublic","error","console","rsaJwkToRawHexKey","extractPublicKeyHex","isEvenHexString","lastChar","keyBytes","extractPublicKeyBytes","convertPublicKeyToX25519","bytesToHex","input","replace","base58ToBytes","publicKeyMultibase","multibaseKeyToBytes","base64ToBytes","hexToBytes","Uint8Array","verificationMethodToJwk","trim","toJwk","keyTypeFromCryptographicSuite","id","didDocumentSectionToJwks","didDocumentSection","searchForVerificationMethods","verificationMethods","jwks","Set","vmOrId","from","didDocumentToJwks","publicKey","assertionMethod","authentication","keyAgreement","capabilityInvocation","capabilityDelegation","didDoc","getAgentResolver","resolve","then","mapIdentifierKeysToDoc","documentKeys","found","localKeys","convertIdentifierEncryptionKeys","compressIdentifierSecp256k1Keys","extendedKeys","vmKey","startsWith","toPkcs1FromHex","localKey","compareBlockchainAccountId","localProps","allKeys","concat","vmEthAddr","getEthereumAddress","computedAddr","getAgentDIDMethods","didManagerGetProviders","getDID","idOpts","toDID","toDIDs","getKey","reject","kmsKeyRefParts","split","identifierKey","legacyGetIdentifier","didManagerGet","determineKid","mappedKeys","extendedKey","getSupportedDIDMethods","didOpts","supportedDIDMethods","AgentDIDResolver","resolverResolution","uniresolverResolution","localResolution","resolutionResult","origResolutionResult","err","resolveDid","log","iIdentifier","toDidResolutionResult","UniResolver","hasPurpose","purpose","use","ENC_KEY_ALGS","JwkKeyUse","Encryption","Signature","controller","services","service","didResolutionMetadata","supportedMethods","didDocumentMetadata","equivalentId","asDidWeb","hostnameOrDID","signDidJWT","args","header","payload","jwtOptions","signer","getDidSigner","createJWT","verificationMethodSection","algorithm","signatureAlgorithmFromKey","data","Object","getPrototypeOf","TextDecoder","decode","keyManagerSign","keyRef"]}
package/dist/index.d.cts CHANGED
@@ -12,7 +12,8 @@ declare enum SupportedDidMethodEnum {
12
12
  DID_ION = "ion",
13
13
  DID_EBSI = "ebsi",
14
14
  DID_JWK = "jwk",
15
- DID_OYD = "oyd"
15
+ DID_OYD = "oyd",
16
+ DID_WEB = "web"
16
17
  }
17
18
  declare enum IdentifierAliasEnum {
18
19
  PRIMARY = "primary"
@@ -36,6 +37,8 @@ type IdentifierProviderOpts = {
36
37
  type?: TKeyType;
37
38
  use?: string;
38
39
  method?: SupportedDidMethodEnum;
40
+ did?: string;
41
+ alias?: string;
39
42
  [x: string]: any;
40
43
  };
41
44
  type CreateIdentifierOpts = {
package/dist/index.d.ts CHANGED
@@ -12,7 +12,8 @@ declare enum SupportedDidMethodEnum {
12
12
  DID_ION = "ion",
13
13
  DID_EBSI = "ebsi",
14
14
  DID_JWK = "jwk",
15
- DID_OYD = "oyd"
15
+ DID_OYD = "oyd",
16
+ DID_WEB = "web"
16
17
  }
17
18
  declare enum IdentifierAliasEnum {
18
19
  PRIMARY = "primary"
@@ -36,6 +37,8 @@ type IdentifierProviderOpts = {
36
37
  type?: TKeyType;
37
38
  use?: string;
38
39
  method?: SupportedDidMethodEnum;
40
+ did?: string;
41
+ alias?: string;
39
42
  [x: string]: any;
40
43
  };
41
44
  type CreateIdentifierOpts = {
package/dist/index.js CHANGED
@@ -22,6 +22,7 @@ var SupportedDidMethodEnum = /* @__PURE__ */ (function(SupportedDidMethodEnum2)
22
22
  SupportedDidMethodEnum2["DID_EBSI"] = "ebsi";
23
23
  SupportedDidMethodEnum2["DID_JWK"] = "jwk";
24
24
  SupportedDidMethodEnum2["DID_OYD"] = "oyd";
25
+ SupportedDidMethodEnum2["DID_WEB"] = "web";
25
26
  return SupportedDidMethodEnum2;
26
27
  })({});
27
28
  var IdentifierAliasEnum = /* @__PURE__ */ (function(IdentifierAliasEnum2) {
@@ -125,7 +126,22 @@ var getPrimaryIdentifier = /* @__PURE__ */ __name(async (context, opts) => {
125
126
  const identifiers = (await context.agent.didManagerFind(opts?.method ? {
126
127
  provider: `${DID_PREFIX}${opts?.method}`
127
128
  } : {})).filter((identifier) => opts?.type === void 0 || identifier.keys.some((key) => key.type === opts?.type));
128
- return identifiers && identifiers.length > 0 ? identifiers[0] : void 0;
129
+ if (!identifiers || identifiers.length === 0) {
130
+ return void 0;
131
+ }
132
+ if (opts?.did) {
133
+ const didMatch = identifiers.find((identifier) => identifier.did === opts.did);
134
+ if (didMatch) {
135
+ return didMatch;
136
+ }
137
+ }
138
+ if (opts?.alias) {
139
+ const aliasMatch = identifiers.find((identifier) => identifier.alias === opts.alias);
140
+ if (aliasMatch) {
141
+ return aliasMatch;
142
+ }
143
+ }
144
+ return identifiers[0];
129
145
  }, "getPrimaryIdentifier");
130
146
  var createIdentifier = /* @__PURE__ */ __name(async (context, opts) => {
131
147
  return await context.agent.didManagerCreate({
@@ -144,7 +160,8 @@ var getFirstKeyWithRelationFromDIDDoc = /* @__PURE__ */ __name(async ({ identifi
144
160
  didDocument
145
161
  }, context);
146
162
  if (Array.isArray(matchedKeys) && matchedKeys.length > 0) {
147
- const result = matchedKeys.find((key) => keyType === void 0 || key.type === keyType || controllerKey && key.kid === identifier.controllerKeyId);
163
+ const controllerKeyMatch = identifier.controllerKeyId ? matchedKeys.find((key) => key.kid === identifier.controllerKeyId && (keyType === void 0 || key.type === keyType)) : void 0;
164
+ const result = controllerKeyMatch ?? matchedKeys.find((key) => keyType === void 0 || key.type === keyType);
148
165
  if (result) {
149
166
  return result;
150
167
  }
@@ -370,7 +387,17 @@ async function mapIdentifierKeysToDocWithJwkSupport({ identifier, vmRelationship
370
387
  return null;
371
388
  }
372
389
  }).filter(isDefined);
373
- return Array.from(new Set(keys.concat(extendedKeys)));
390
+ const allKeys = Array.from(new Set(keys.concat(extendedKeys)));
391
+ if (vmRelationship === "verificationMethod") {
392
+ return allKeys;
393
+ }
394
+ return allKeys.filter((key) => {
395
+ const purposes = key.meta?.purposes;
396
+ if (!purposes || purposes.length === 0) {
397
+ return true;
398
+ }
399
+ return purposes.includes(vmRelationship);
400
+ });
374
401
  }
375
402
  __name(mapIdentifierKeysToDocWithJwkSupport, "mapIdentifierKeysToDocWithJwkSupport");
376
403
  function compareBlockchainAccountId(localKey, verificationMethod) {
@@ -565,6 +592,7 @@ var AgentDIDResolver = class {
565
592
  return resolutionResult ?? origResolutionResult;
566
593
  }
567
594
  };
595
+ var hasPurpose = /* @__PURE__ */ __name((key, purpose) => key?.meta?.purpose === void 0 && key?.meta?.purposes === void 0 || key?.meta?.purpose === purpose || key?.meta?.purposes?.includes(purpose), "hasPurpose");
568
596
  function toDidDocument(identifier, opts) {
569
597
  let didDocument = void 0;
570
598
  if (identifier) {
@@ -573,19 +601,20 @@ function toDidDocument(identifier, opts) {
573
601
  "@context": "https://www.w3.org/ns/did/v1",
574
602
  id: did,
575
603
  verificationMethod: identifier.keys.map((key) => {
604
+ const publicKeyJwk = key.meta?.jwk ? sanitizedJwk(key.meta.jwk) : toJwk(key.publicKeyHex, key.type, {
605
+ use: ENC_KEY_ALGS.includes(key.type) ? JwkKeyUse.Encryption : JwkKeyUse.Signature,
606
+ key
607
+ });
576
608
  const vm = {
577
609
  controller: did,
578
610
  id: key.kid.startsWith(did) && key.kid.includes("#") ? key.kid : `${did}#${key.kid}`,
579
- publicKeyJwk: toJwk(key.publicKeyHex, key.type, {
580
- use: ENC_KEY_ALGS.includes(key.type) ? JwkKeyUse.Encryption : JwkKeyUse.Signature,
581
- key
582
- }),
611
+ publicKeyJwk,
583
612
  type: "JsonWebKey2020"
584
613
  };
585
614
  return vm;
586
615
  }),
587
616
  ...(opts?.use === void 0 || opts?.use?.includes(JwkKeyUse.Signature)) && identifier.keys && {
588
- assertionMethod: identifier.keys.filter((key) => key?.meta?.purpose === void 0 || key?.meta?.purpose === "assertionMethod" || key?.meta?.purposes?.includes("assertionMethod")).map((key) => {
617
+ assertionMethod: identifier.keys.filter((key) => hasPurpose(key, "assertionMethod")).map((key) => {
589
618
  if (key.kid.startsWith(did) && key.kid.includes("#")) {
590
619
  return key.kid;
591
620
  }
@@ -593,7 +622,7 @@ function toDidDocument(identifier, opts) {
593
622
  })
594
623
  },
595
624
  ...(opts?.use === void 0 || opts?.use?.includes(JwkKeyUse.Signature)) && identifier.keys && {
596
- authentication: identifier.keys.filter((key) => key?.meta?.purpose === void 0 || key?.meta?.purpose === "authentication" || key?.meta?.purposes?.includes("authentication")).map((key) => {
625
+ authentication: identifier.keys.filter((key) => hasPurpose(key, "authentication")).map((key) => {
597
626
  if (key.kid.startsWith(did) && key.kid.includes("#")) {
598
627
  return key.kid;
599
628
  }
@@ -601,7 +630,7 @@ function toDidDocument(identifier, opts) {
601
630
  })
602
631
  },
603
632
  ...(opts?.use === void 0 || opts?.use?.includes(JwkKeyUse.Encryption)) && identifier.keys && {
604
- keyAgreement: identifier.keys.filter((key) => key.type === "X25519" || key?.meta?.purpose === "keyAgreement" || key?.meta?.purposes?.includes("keyAgreement")).map((key) => {
633
+ keyAgreement: identifier.keys.filter((key) => key.type === "X25519" || hasPurpose(key, "keyAgreement")).map((key) => {
605
634
  if (key.kid.startsWith(did) && key.kid.includes("#")) {
606
635
  return key.kid;
607
636
  }
@@ -609,7 +638,7 @@ function toDidDocument(identifier, opts) {
609
638
  })
610
639
  },
611
640
  ...(opts?.use === void 0 || opts?.use?.includes(JwkKeyUse.Encryption)) && identifier.keys && {
612
- capabilityInvocation: identifier.keys.filter((key) => key.type === "X25519" || key?.meta?.purpose === "capabilityInvocation" || key?.meta?.purposes?.includes("capabilityInvocation")).map((key) => {
641
+ capabilityInvocation: identifier.keys.filter((key) => key.type === "X25519" || hasPurpose(key, "capabilityInvocation")).map((key) => {
613
642
  if (key.kid.startsWith(did) && key.kid.includes("#")) {
614
643
  return key.kid;
615
644
  }
@@ -617,7 +646,7 @@ function toDidDocument(identifier, opts) {
617
646
  })
618
647
  },
619
648
  ...(opts?.use === void 0 || opts?.use?.includes(JwkKeyUse.Encryption)) && identifier.keys && {
620
- capabilityDelegation: identifier.keys.filter((key) => key.type === "X25519" || key?.meta?.purpose === "capabilityDelegation" || key?.meta?.purposes?.includes("capabilityDelegation")).map((key) => {
649
+ capabilityDelegation: identifier.keys.filter((key) => key.type === "X25519" || hasPurpose(key, "capabilityDelegation")).map((key) => {
621
650
  if (key.kid.startsWith(did) && key.kid.includes("#")) {
622
651
  return key.kid;
623
652
  }
package/dist/index.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"sources":["../src/did-functions.ts","../src/types.ts"],"sourcesContent":["import { computeAddress } from '@ethersproject/transactions'\nimport { UniResolver } from '@sphereon/did-uni-client'\nimport {\n ENC_KEY_ALGS,\n getKms,\n JwkKeyUse,\n keyTypeFromCryptographicSuite,\n rsaJwkToRawHexKey,\n sanitizedJwk,\n signatureAlgorithmFromKey,\n type TKeyType,\n toJwk,\n toPkcs1FromHex,\n} from '@sphereon/ssi-sdk-ext.key-utils'\nimport { base64ToHex } from '@sphereon/ssi-sdk-ext.x509-utils'\nimport { base58ToBytes, base64ToBytes, bytesToHex, hexToBytes, multibaseKeyToBytes } from '@sphereon/ssi-sdk.core'\nimport type { JWK } from '@sphereon/ssi-types'\nimport { convertPublicKeyToX25519 } from '@stablelib/ed25519'\nimport type { DIDDocument, DIDDocumentSection, DIDResolutionResult, IAgentContext, IDIDManager, IIdentifier, IKey, IResolver } from '@veramo/core'\nimport {\n type _ExtendedIKey,\n type _ExtendedVerificationMethod,\n type _NormalizedVerificationMethod,\n compressIdentifierSecp256k1Keys,\n convertIdentifierEncryptionKeys,\n getEthereumAddress,\n isDefined,\n mapIdentifierKeysToDoc,\n} from '@veramo/utils'\nimport { createJWT, Signer } from 'did-jwt'\nimport type { DIDResolutionOptions, JsonWebKey, Resolvable, VerificationMethod } from 'did-resolver'\n// @ts-ignore\nimport elliptic from 'elliptic'\n// @ts-ignore\nimport * as u8a from 'uint8arrays'\nimport {\n type CreateIdentifierOpts,\n type CreateOrGetIdentifierOpts,\n DID_PREFIX,\n type GetOrCreateResult,\n type GetSignerArgs,\n IdentifierAliasEnum,\n type IdentifierProviderOpts,\n type IDIDOptions,\n type SignJwtArgs,\n SupportedDidMethodEnum,\n} from './types'\n\nconst { fromString, toString } = u8a\n\nexport const getAuthenticationKey = async (\n {\n identifier,\n offlineWhenNoDIDRegistered,\n noVerificationMethodFallback,\n keyType,\n controllerKey,\n }: {\n identifier: IIdentifier\n keyType?: TKeyType\n offlineWhenNoDIDRegistered?: boolean\n noVerificationMethodFallback?: boolean\n controllerKey?: boolean\n },\n context: IAgentContext<IResolver & IDIDManager>,\n): Promise<_ExtendedIKey> => {\n return await getFirstKeyWithRelation(\n {\n identifier,\n offlineWhenNoDIDRegistered,\n noVerificationMethodFallback,\n keyType,\n controllerKey,\n vmRelationship: 'authentication',\n },\n context,\n )\n}\nexport const getFirstKeyWithRelation = async (\n {\n identifier,\n offlineWhenNoDIDRegistered,\n noVerificationMethodFallback,\n keyType,\n controllerKey,\n vmRelationship,\n }: {\n identifier: IIdentifier\n keyType?: TKeyType\n offlineWhenNoDIDRegistered?: boolean\n noVerificationMethodFallback?: boolean\n controllerKey?: boolean\n vmRelationship: DIDDocumentSection\n },\n context: IAgentContext<IResolver & IDIDManager>,\n): Promise<_ExtendedIKey> => {\n let key: _ExtendedIKey | undefined = undefined\n try {\n key =\n (await getFirstKeyWithRelationFromDIDDoc(\n {\n identifier,\n vmRelationship,\n errorOnNotFound: false,\n keyType,\n controllerKey,\n },\n context,\n )) ??\n (noVerificationMethodFallback || vmRelationship === 'verificationMethod' // let's not fallback to the same value again\n ? undefined\n : await getFirstKeyWithRelationFromDIDDoc(\n {\n identifier,\n vmRelationship: 'verificationMethod',\n errorOnNotFound: false,\n keyType,\n controllerKey,\n },\n context,\n ))\n } catch (e) {\n if (e instanceof Error) {\n if (!e.message.includes('404') || !offlineWhenNoDIDRegistered) {\n throw e\n }\n } else {\n throw e\n }\n }\n if (!key && offlineWhenNoDIDRegistered) {\n const offlineDID = toDidDocument(identifier)\n key =\n (await getFirstKeyWithRelationFromDIDDoc(\n {\n identifier,\n vmRelationship,\n errorOnNotFound: false,\n didDocument: offlineDID,\n keyType,\n controllerKey,\n },\n context,\n )) ??\n (noVerificationMethodFallback || vmRelationship === 'verificationMethod' // let's not fallback to the same value again\n ? undefined\n : await getFirstKeyWithRelationFromDIDDoc(\n {\n identifier,\n vmRelationship: 'verificationMethod',\n errorOnNotFound: false,\n didDocument: offlineDID,\n keyType,\n controllerKey,\n },\n context,\n ))\n if (!key) {\n key = identifier.keys\n .map((key) => key as _ExtendedIKey)\n .filter((key) => keyType === undefined || key.type === keyType || (controllerKey && key.kid === identifier.controllerKeyId))\n .find((key) => key.meta.verificationMethod?.type.includes('authentication') || key.meta.purposes?.includes('authentication'))\n }\n }\n if (!key) {\n throw Error(`Could not find authentication key for DID ${identifier.did}`)\n }\n return key\n}\n\nexport const getOrCreatePrimaryIdentifier = async (\n context: IAgentContext<IDIDManager>,\n opts?: CreateOrGetIdentifierOpts,\n): Promise<GetOrCreateResult<IIdentifier>> => {\n const primaryIdentifier = await getPrimaryIdentifier(context, { ...opts?.createOpts?.options, ...(opts?.method && { method: opts.method }) })\n if (primaryIdentifier !== undefined) {\n return {\n created: false,\n result: primaryIdentifier,\n }\n }\n\n if (opts?.method === SupportedDidMethodEnum.DID_KEY) {\n const createOpts = opts?.createOpts ?? {}\n createOpts.options = { codecName: 'EBSI', type: 'Secp256r1', ...createOpts }\n opts.createOpts = createOpts\n }\n const createdIdentifier = await createIdentifier(context, opts)\n return {\n created: true,\n result: createdIdentifier,\n }\n}\n\nexport const getPrimaryIdentifier = async (context: IAgentContext<IDIDManager>, opts?: IdentifierProviderOpts): Promise<IIdentifier | undefined> => {\n const identifiers = (await context.agent.didManagerFind(opts?.method ? { provider: `${DID_PREFIX}${opts?.method}` } : {})).filter(\n (identifier: IIdentifier) => opts?.type === undefined || identifier.keys.some((key: IKey) => key.type === opts?.type),\n )\n\n return identifiers && identifiers.length > 0 ? identifiers[0] : undefined\n}\n\nexport const createIdentifier = async (context: IAgentContext<IDIDManager>, opts?: CreateIdentifierOpts): Promise<IIdentifier> => {\n return await context.agent.didManagerCreate({\n kms: await getKms(context, opts?.createOpts?.kms),\n ...(opts?.method && { provider: `${DID_PREFIX}${opts?.method}` }),\n alias: opts?.createOpts?.alias ?? `${IdentifierAliasEnum.PRIMARY}-${opts?.method}-${opts?.createOpts?.options?.type}-${new Date().getTime()}`,\n options: opts?.createOpts?.options,\n })\n}\n\nexport const getFirstKeyWithRelationFromDIDDoc = async (\n {\n identifier,\n vmRelationship = 'verificationMethod',\n keyType,\n errorOnNotFound = false,\n didDocument,\n controllerKey,\n }: {\n identifier: IIdentifier\n controllerKey?: boolean\n vmRelationship?: DIDDocumentSection\n keyType?: TKeyType\n errorOnNotFound?: boolean\n didDocument?: DIDDocument\n },\n context: IAgentContext<IResolver & IDIDManager>,\n): Promise<_ExtendedIKey | undefined> => {\n const matchedKeys = await mapIdentifierKeysToDocWithJwkSupport({ identifier, vmRelationship, didDocument }, context)\n if (Array.isArray(matchedKeys) && matchedKeys.length > 0) {\n const result = matchedKeys.find(\n (key) => keyType === undefined || key.type === keyType || (controllerKey && key.kid === identifier.controllerKeyId),\n )\n if (result) {\n return result\n }\n }\n if (errorOnNotFound) {\n throw new Error(\n `Could not find key with relationship ${vmRelationship} in DID document for ${identifier.did}${keyType ? ' and key type: ' + keyType : ''}`,\n )\n }\n return undefined\n}\n\nexport const getEthereumAddressFromKey = ({ key }: { key: IKey }) => {\n if (key.type !== 'Secp256k1') {\n throw Error(`Can only get ethereum address from a Secp256k1 key. Type is ${key.type} for keyRef: ${key.kid}`)\n }\n const ethereumAddress = key.meta?.ethereumAddress ?? key.meta?.account?.toLowerCase() ?? computeAddress(`0x${key.publicKeyHex}`).toLowerCase()\n if (!ethereumAddress) {\n throw Error(`Could not get or generate ethereum address from key with keyRef ${key.kid}`)\n }\n return ethereumAddress\n}\n\nexport const getControllerKey = ({ identifier }: { identifier: IIdentifier }) => {\n const key = identifier.keys.find((key) => key.kid === identifier.controllerKeyId)\n if (!key) {\n throw Error(`Could not get controller key for identifier ${identifier}`)\n }\n return key\n}\n\nexport const getKeys = ({\n jwkThumbprint,\n kms,\n identifier,\n kmsKeyRef,\n keyType,\n controllerKey,\n}: {\n identifier: IIdentifier\n kmsKeyRef?: string\n keyType?: TKeyType\n kms?: string\n jwkThumbprint?: string\n controllerKey?: boolean\n}) => {\n return identifier.keys\n .filter((key) => !keyType || key.type === keyType)\n .filter((key) => !kms || key.kms === kms)\n .filter((key) => !kmsKeyRef || key.kid === kmsKeyRef)\n .filter((key) => !jwkThumbprint || key.meta?.jwkThumbprint === jwkThumbprint)\n .filter((key) => !controllerKey || identifier.controllerKeyId === key.kid)\n}\n\n//TODO: Move to ssi-sdk/core and create PR upstream\n/**\n * Dereferences keys from DID document and normalizes them for easy comparison.\n *\n * When dereferencing keyAgreement keys, only Ed25519 and X25519 curves are supported.\n * Other key types are omitted from the result and Ed25519 keys are converted to X25519\n *\n * @returns a Promise that resolves to the list of dereferenced keys.\n *\n * @beta This API may change without a BREAKING CHANGE notice.\n */\nexport async function dereferenceDidKeysWithJwkSupport(\n didDocument: DIDDocument,\n section: DIDDocumentSection = 'keyAgreement',\n context: IAgentContext<IResolver>,\n): Promise<_NormalizedVerificationMethod[]> {\n const convert = section === 'keyAgreement'\n if (section === 'service') {\n return []\n }\n return (\n await Promise.all(\n (didDocument[section] || []).map(async (key: string | VerificationMethod) => {\n if (typeof key === 'string') {\n try {\n return (await context.agent.getDIDComponentById({\n didDocument,\n didUrl: key,\n section,\n })) as _ExtendedVerificationMethod\n } catch (e) {\n return null\n }\n } else {\n return key as _ExtendedVerificationMethod\n }\n }),\n )\n )\n .filter(isDefined)\n .map((key) => {\n const hexKey = extractPublicKeyHexWithJwkSupport(key, convert)\n const { publicKeyHex, publicKeyBase58, publicKeyBase64, publicKeyJwk, ...keyProps } = key\n const newKey = { ...keyProps, publicKeyHex: hexKey }\n if (convert && 'Ed25519VerificationKey2018' === newKey.type) {\n newKey.type = 'X25519KeyAgreementKey2019'\n }\n return newKey\n })\n}\n\nexport function jwkTtoPublicKeyHex(jwk: JWK): string {\n // todo: Hacky way to convert this to a VM. Should extract the logic from the below methods\n // @ts-ignore\n const vm: _ExtendedVerificationMethod = {\n publicKeyJwk: sanitizedJwk(jwk),\n }\n return extractPublicKeyHexWithJwkSupport(vm)\n}\n\n/**\n * Converts the publicKey of a VerificationMethod to hex encoding (publicKeyHex)\n *\n * @param pk - the VerificationMethod to be converted\n * @param convert - when this flag is set to true, Ed25519 keys are converted to their X25519 pairs\n * @returns the hex encoding of the public key\n *\n * @beta This API may change without a BREAKING CHANGE notice.\n */\nexport function extractPublicKeyHexWithJwkSupport(pk: _ExtendedVerificationMethod, convert = false): string {\n if (pk.publicKeyJwk) {\n const jwk = sanitizedJwk(pk.publicKeyJwk)\n if (jwk.kty === 'EC') {\n const curve = jwk.crv ? toEcLibCurve(jwk.crv) : 'p256'\n const xHex = base64ToHex(jwk.x!, 'base64url')\n const yHex = base64ToHex(jwk.y!, 'base64url')\n const prefix = '04' // isEven(yHex) ? '02' : '03'\n // Uncompressed Hex format: 04<x><y>\n // Compressed Hex format: 02<x> (for even y) or 03<x> (for uneven y)\n const hex = `${prefix}${xHex}${yHex}`\n try {\n const ec = new elliptic.ec(curve)\n // We return directly as we don't want to convert the result back into Uint8Array and then convert again to hex as the elliptic lib already returns hex strings\n const publicKeyHex = ec.keyFromPublic(hex, 'hex').getPublic(true, 'hex')\n // This returns a short form (x) with 02 or 03 prefix\n return publicKeyHex\n } catch (error: any) {\n console.error(`Error converting EC with elliptic lib curve ${curve} from JWK to hex. x: ${jwk.x}, y: ${jwk.y}, error: ${error}`, error)\n }\n } else if (jwk.crv === 'Ed25519') {\n return toString(fromString(jwk.x!, 'base64url'), 'base16')\n } else if (jwk.kty === 'RSA') {\n return rsaJwkToRawHexKey(jwk)\n // return hexKeyFromPEMBasedJwk(jwk, 'public')\n }\n }\n // delegate the other types to the original Veramo function\n return extractPublicKeyHex(pk, convert)\n}\n\nexport function isEvenHexString(hex: string) {\n const lastChar = hex[hex.length - 1].toLowerCase()\n return ['0', '2', '4', '6', '8', 'a', 'c', 'e'].includes(lastChar)\n}\n\ninterface LegacyVerificationMethod extends VerificationMethod {\n publicKeyBase64: string\n}\n\n/**\n * Converts the publicKey of a VerificationMethod to hex encoding (publicKeyHex)\n *\n * @param pk - the VerificationMethod to be converted\n * @param convert - when this flag is set to true, Ed25519 keys are converted to their X25519 pairs\n * @returns the hex encoding of the public key\n *\n * @beta This API may change without a BREAKING CHANGE notice.\n */\nexport function extractPublicKeyHex(pk: _ExtendedVerificationMethod, convert: boolean = false): string {\n let keyBytes = extractPublicKeyBytes(pk)\n const jwk = pk.publicKeyJwk ? sanitizedJwk(pk.publicKeyJwk) : undefined\n if (convert) {\n if (\n ['Ed25519', 'Ed25519VerificationKey2018', 'Ed25519VerificationKey2020'].includes(pk.type) ||\n (pk.type === 'JsonWebKey2020' && jwk?.crv === 'Ed25519')\n ) {\n keyBytes = convertPublicKeyToX25519(keyBytes)\n } else if (\n !['X25519', 'X25519KeyAgreementKey2019', 'X25519KeyAgreementKey2020'].includes(pk.type) &&\n !(pk.type === 'JsonWebKey2020' && jwk?.crv === 'X25519')\n ) {\n return ''\n }\n }\n return bytesToHex(keyBytes)\n}\n\nfunction toEcLibCurve(input: string) {\n return input.toLowerCase().replace('-', '').replace('_', '')\n}\n\nfunction extractPublicKeyBytes(pk: VerificationMethod): Uint8Array {\n if (pk.publicKeyBase58) {\n return base58ToBytes(pk.publicKeyBase58)\n } else if (pk.publicKeyMultibase) {\n return multibaseKeyToBytes(pk.publicKeyMultibase)\n } else if ((<LegacyVerificationMethod>pk).publicKeyBase64) {\n return base64ToBytes((<LegacyVerificationMethod>pk).publicKeyBase64)\n } else if (pk.publicKeyHex) {\n return hexToBytes(pk.publicKeyHex)\n } else if (pk.publicKeyJwk?.crv && pk.publicKeyJwk.x && pk.publicKeyJwk.y) {\n return hexToBytes(extractPublicKeyHexWithJwkSupport(pk))\n } else if (pk.publicKeyJwk && (pk.publicKeyJwk.crv === 'Ed25519' || pk.publicKeyJwk.crv === 'X25519') && pk.publicKeyJwk.x) {\n return base64ToBytes(pk.publicKeyJwk.x)\n }\n return new Uint8Array()\n}\n\nexport function verificationMethodToJwk(vm: VerificationMethod, errorOnNotFound = true): JWK | null {\n let jwk: JWK | undefined = vm.publicKeyJwk as JWK\n if (!jwk) {\n let publicKeyHex = vm.publicKeyHex ?? toString(extractPublicKeyBytes(vm), 'hex')\n if (publicKeyHex && publicKeyHex.trim() !== '') {\n jwk = toJwk(publicKeyHex, keyTypeFromCryptographicSuite({ crv: vm.type }))\n }\n }\n if (!jwk) {\n if (errorOnNotFound) {\n throw Error(`Could not convert verification method ${vm.id} to jwk`)\n }\n return null\n }\n jwk.kid = vm.id\n return sanitizedJwk(jwk)\n}\n\nfunction didDocumentSectionToJwks(\n didDocumentSection: DIDDocumentSection,\n searchForVerificationMethods?: (VerificationMethod | string)[],\n verificationMethods?: VerificationMethod[],\n) {\n const jwks = new Set(\n (searchForVerificationMethods ?? [])\n .map((vmOrId) => (typeof vmOrId === 'object' ? vmOrId : verificationMethods?.find((vm) => vm.id === vmOrId)))\n .filter(isDefined)\n .map((vm) => verificationMethodToJwk(vm, false))\n .filter(isDefined),\n )\n return { didDocumentSection, jwks: Array.from(jwks) }\n}\n\nexport type DidDocumentJwks = Record<Exclude<DIDDocumentSection, 'publicKey' | 'service'>, Array<JWK>>\n\nexport function didDocumentToJwks(didDocument: DIDDocument): DidDocumentJwks {\n return {\n verificationMethod: [\n ...didDocumentSectionToJwks('publicKey', didDocument.publicKey, didDocument.verificationMethod).jwks, // legacy support\n ...didDocumentSectionToJwks('verificationMethod', didDocument.verificationMethod, didDocument.verificationMethod).jwks,\n ],\n assertionMethod: didDocumentSectionToJwks('assertionMethod', didDocument.assertionMethod, didDocument.verificationMethod).jwks,\n authentication: didDocumentSectionToJwks('authentication', didDocument.authentication, didDocument.verificationMethod).jwks,\n keyAgreement: didDocumentSectionToJwks('keyAgreement', didDocument.keyAgreement, didDocument.verificationMethod).jwks,\n capabilityInvocation: didDocumentSectionToJwks('capabilityInvocation', didDocument.capabilityInvocation, didDocument.verificationMethod).jwks,\n capabilityDelegation: didDocumentSectionToJwks('capabilityDelegation', didDocument.capabilityDelegation, didDocument.verificationMethod).jwks,\n }\n}\n\n/**\n * Maps the keys of a locally managed {@link @veramo/core#IIdentifier | IIdentifier} to the corresponding\n * {@link did-resolver#VerificationMethod | VerificationMethod} entries from the DID document.\n *\n * @param identifier - the identifier to be mapped\n * @param section - the section of the DID document to be mapped (see\n * {@link https://www.w3.org/TR/did-core/#verification-relationships | verification relationships}), but can also be\n * `verificationMethod` to map all the keys.\n * @param didDocument\n * @param context - the veramo agent context, which must contain a {@link @veramo/core#IResolver | IResolver}\n * implementation that can resolve the DID document of the identifier.\n *\n * @returns an array of mapped keys. The corresponding verification method is added to the `meta.verificationMethod`\n * property of the key.\n *\n * @beta This API may change without a BREAKING CHANGE notice.\n */\nexport async function mapIdentifierKeysToDocWithJwkSupport(\n {\n identifier,\n vmRelationship = 'verificationMethod',\n didDocument,\n kmsKeyRef,\n }: {\n identifier: IIdentifier\n vmRelationship?: DIDDocumentSection\n didDocument?: DIDDocument\n kmsKeyRef?: string\n },\n context: IAgentContext<IResolver & IDIDManager>,\n): Promise<_ExtendedIKey[]> {\n const didDoc =\n didDocument ??\n (await getAgentResolver(context)\n .resolve(identifier.did)\n .then((result) => result.didDocument))\n if (!didDoc) {\n throw Error(`Could not resolve DID ${identifier.did}`)\n }\n\n // const rsaDidWeb = identifier.keys && identifier.keys.length > 0 && identifier.keys.find((key) => key.type === 'RSA') && didDocument\n\n // We skip mapping in case the identifier is RSA and a did document is supplied.\n const keys = didDoc ? [] : await mapIdentifierKeysToDoc(identifier, vmRelationship, context)\n\n // dereference all key agreement keys from DID document and normalize\n const documentKeys: VerificationMethod[] = await dereferenceDidKeysWithJwkSupport(didDoc, vmRelationship, context)\n\n if (kmsKeyRef) {\n let found = keys.filter((key) => key.kid === kmsKeyRef)\n if (found.length > 0) {\n return found\n }\n }\n\n const localKeys = vmRelationship === 'keyAgreement' ? convertIdentifierEncryptionKeys(identifier) : compressIdentifierSecp256k1Keys(identifier)\n\n // finally map the didDocument keys to the identifier keys by comparing `publicKeyHex`\n const extendedKeys: _ExtendedIKey[] = documentKeys\n .map((verificationMethod) => {\n let vmKey = verificationMethod.publicKeyHex\n if (vmKey?.startsWith('30')) {\n // DER encoded\n vmKey = toPkcs1FromHex(vmKey)\n }\n\n const localKey = localKeys.find(\n (localKey) =>\n localKey.publicKeyHex === vmKey ||\n (localKey.type === 'RSA' && vmKey?.startsWith('30') && toPkcs1FromHex(localKey.publicKeyHex) === vmKey) ||\n vmKey?.startsWith(localKey.publicKeyHex) ||\n compareBlockchainAccountId(localKey, verificationMethod),\n )\n if (localKey) {\n const { meta, ...localProps } = localKey\n return { ...localProps, meta: { ...meta, verificationMethod } }\n } else {\n return null\n }\n })\n .filter(isDefined)\n\n return Array.from(new Set(keys.concat(extendedKeys)))\n}\n\n/**\n * Compares the `blockchainAccountId` of a `EcdsaSecp256k1RecoveryMethod2020` verification method with the address\n * computed from a locally managed key.\n *\n * @returns true if the local key address corresponds to the `blockchainAccountId`\n *\n * @param localKey - The locally managed key\n * @param verificationMethod - a {@link did-resolver#VerificationMethod | VerificationMethod} with a\n * `blockchainAccountId`\n *\n * @beta This API may change without a BREAKING CHANGE notice.\n */\nfunction compareBlockchainAccountId(localKey: IKey, verificationMethod: VerificationMethod): boolean {\n if (\n (verificationMethod.type !== 'EcdsaSecp256k1RecoveryMethod2020' && verificationMethod.type !== 'EcdsaSecp256k1VerificationKey2019') ||\n localKey.type !== 'Secp256k1'\n ) {\n return false\n }\n let vmEthAddr = getEthereumAddress(verificationMethod)\n if (localKey.meta?.account) {\n return vmEthAddr === localKey.meta?.account.toLowerCase()\n }\n const computedAddr = computeAddress('0x' + localKey.publicKeyHex).toLowerCase()\n return computedAddr === vmEthAddr\n}\n\nexport async function getAgentDIDMethods(context: IAgentContext<IDIDManager>) {\n return (await context.agent.didManagerGetProviders()).map((provider) => provider.toLowerCase().replace('did:', ''))\n}\n\nexport function getDID(idOpts: { identifier: IIdentifier | string }): string {\n if (typeof idOpts.identifier === 'string') {\n return idOpts.identifier\n } else if (typeof idOpts.identifier === 'object') {\n return idOpts.identifier.did\n }\n throw Error(`Cannot get DID from identifier value`)\n}\n\nexport function toDID(identifier: string | IIdentifier | Partial<IIdentifier>): string {\n if (typeof identifier === 'string') {\n return identifier\n }\n if (identifier.did) {\n return identifier.did\n }\n throw Error(`No DID value present in identifier`)\n}\n\nexport function toDIDs(identifiers?: (string | IIdentifier | Partial<IIdentifier>)[]): string[] {\n if (!identifiers) {\n return []\n }\n return identifiers.map(toDID)\n}\n\nexport async function getKey(\n {\n identifier,\n vmRelationship = 'authentication',\n kmsKeyRef,\n }: {\n identifier: IIdentifier\n vmRelationship?: DIDDocumentSection\n kmsKeyRef?: string\n },\n context: IAgentContext<IResolver & IDIDManager>,\n): Promise<_ExtendedIKey> {\n if (!identifier) {\n return Promise.reject(new Error(`No identifier provided to getKey method!`))\n }\n // normalize to kid, in case keyId was passed in as did#vm or #vm\n const kmsKeyRefParts = kmsKeyRef?.split(`#`)\n const kid = kmsKeyRefParts ? (kmsKeyRefParts?.length === 2 ? kmsKeyRefParts[1] : kmsKeyRefParts[0]) : undefined\n // todo: We really should do a keyRef and external kid here\n // const keyRefKeys = kmsKeyRef ? identifier.keys.find((key: IKey) => key.kid === kid || key?.meta?.jwkThumbprint === kid) : undefined\n let identifierKey: _ExtendedIKey | undefined = undefined\n\n const keys = await mapIdentifierKeysToDocWithJwkSupport({ identifier, vmRelationship: vmRelationship, kmsKeyRef: kmsKeyRef }, context)\n if (!keys || keys.length === 0) {\n throw new Error(`No keys found for verificationMethodSection: ${vmRelationship} and did ${identifier.did}`)\n }\n if (kmsKeyRef) {\n identifierKey = keys.find(\n (key: _ExtendedIKey) => key.meta.verificationMethod?.id === kmsKeyRef || (kid && key.meta.verificationMethod?.id?.includes(kid)),\n )\n }\n if (!identifierKey) {\n identifierKey = keys.find(\n (key: _ExtendedIKey) => key.meta.verificationMethod?.type === vmRelationship || key.meta.purposes?.includes(vmRelationship),\n )\n }\n if (!identifierKey) {\n identifierKey = keys[0]\n }\n\n if (!identifierKey) {\n throw new Error(\n `No matching verificationMethodSection key found for keyId: ${kmsKeyRef} and vmSection: ${vmRelationship} for id ${identifier.did}`,\n )\n }\n\n return identifierKey\n}\n\n/**\n *\n * @param identifier\n * @param context\n *\n * @deprecated Replaced by the identfier resolution plugin\n */\nasync function legacyGetIdentifier(\n {\n identifier,\n }: {\n identifier: string | IIdentifier\n },\n context: IAgentContext<IDIDManager>,\n): Promise<IIdentifier> {\n if (typeof identifier === 'string') {\n return await context.agent.didManagerGet({ did: identifier })\n }\n return identifier\n}\n\n/**\n * Get the real kid as used in JWTs. This is the kid in the VM or in the JWT, not the kid in the Veramo/Sphereon keystore. That was just a poorly chosen name\n * @param key\n * @param idOpts\n * @param context\n */\nexport async function determineKid(\n {\n key,\n idOpts,\n }: {\n key: IKey\n idOpts: { identifier: IIdentifier | string; kmsKeyRef?: string }\n },\n context: IAgentContext<IResolver & IDIDManager>,\n): Promise<string> {\n if (key.meta?.verificationMethod?.id) {\n return key.meta?.verificationMethod?.id\n }\n const identifier = await legacyGetIdentifier(idOpts, context)\n const mappedKeys = await mapIdentifierKeysToDocWithJwkSupport(\n {\n identifier,\n vmRelationship: 'verificationMethod',\n },\n context,\n )\n const vmKey = mappedKeys.find((extendedKey) => extendedKey.kid === key.kid)\n if (vmKey) {\n return vmKey.meta?.verificationMethod?.id ?? vmKey.meta?.jwkThumbprint ?? idOpts.kmsKeyRef ?? vmKey.kid\n }\n\n return key.meta?.jwkThumbprint ?? idOpts.kmsKeyRef ?? key.kid\n}\n\nexport async function getSupportedDIDMethods(didOpts: IDIDOptions, context: IAgentContext<IDIDManager>) {\n return didOpts.supportedDIDMethods ?? (await getAgentDIDMethods(context))\n}\n\nexport function getAgentResolver(\n context: IAgentContext<IResolver & IDIDManager>,\n opts?: {\n localResolution?: boolean // Resolve identifiers hosted by the agent\n uniresolverResolution?: boolean // Resolve identifiers using universal resolver\n resolverResolution?: boolean // Use registered drivers\n },\n): Resolvable {\n return new AgentDIDResolver(context, opts)\n}\n\nexport class AgentDIDResolver implements Resolvable {\n private readonly context: IAgentContext<IResolver & IDIDManager>\n private readonly resolverResolution: boolean\n private readonly uniresolverResolution: boolean\n private readonly localResolution: boolean\n\n constructor(\n context: IAgentContext<IResolver & IDIDManager>,\n opts?: { uniresolverResolution?: boolean; localResolution?: boolean; resolverResolution?: boolean },\n ) {\n this.context = context\n this.resolverResolution = opts?.resolverResolution !== false\n this.uniresolverResolution = opts?.uniresolverResolution !== false\n this.localResolution = opts?.localResolution !== false\n }\n\n async resolve(didUrl: string, options?: DIDResolutionOptions): Promise<DIDResolutionResult> {\n let resolutionResult: DIDResolutionResult | undefined\n let origResolutionResult: DIDResolutionResult | undefined\n let err: any\n if (!this.resolverResolution && !this.localResolution && !this.uniresolverResolution) {\n throw Error(`No agent hosted DID resolution, regular agent resolution nor universal resolver resolution is enabled. Cannot resolve DIDs.`)\n }\n if (this.resolverResolution) {\n try {\n resolutionResult = await this.context.agent.resolveDid({ didUrl, options })\n } catch (error: unknown) {\n err = error\n }\n }\n if (resolutionResult) {\n origResolutionResult = resolutionResult\n if (resolutionResult.didDocument === null) {\n resolutionResult = undefined\n }\n } else {\n console.log(`Agent resolver resolution is disabled. This typically isn't desirable!`)\n }\n if (!resolutionResult && this.localResolution) {\n console.log(`Using local DID resolution, looking at DIDs hosted by the agent.`)\n try {\n const did = didUrl.split('#')[0]\n const iIdentifier = await this.context.agent.didManagerGet({ did })\n resolutionResult = toDidResolutionResult(iIdentifier, { did })\n if (resolutionResult.didDocument) {\n err = undefined\n } else {\n console.log(`Local resolution resulted in a DID Document for ${did}`)\n }\n } catch (error: unknown) {\n if (!err) {\n err = error\n }\n }\n }\n if (resolutionResult) {\n if (!origResolutionResult) {\n origResolutionResult = resolutionResult\n }\n if (!resolutionResult.didDocument) {\n resolutionResult = undefined\n }\n }\n if (!resolutionResult && this.uniresolverResolution) {\n console.log(`Using universal resolver resolution for did ${didUrl} `)\n resolutionResult = await new UniResolver().resolve(didUrl, options)\n if (!origResolutionResult) {\n origResolutionResult = resolutionResult\n }\n if (resolutionResult.didDocument) {\n err = undefined\n }\n }\n\n if (err) {\n // throw original error\n throw err\n }\n if (!resolutionResult && !origResolutionResult) {\n throw `Could not resolve ${didUrl}. Resolutions tried: online: ${this.resolverResolution}, local: ${this.localResolution}, uni resolver: ${this.uniresolverResolution}`\n }\n return resolutionResult ?? origResolutionResult!\n }\n}\n\n/**\n * Please note that this is not an exact representation of the actual DID Document.\n *\n * We try to do our best, to map keys onto relevant verification methods and relationships, but we simply lack the context\n * of the actual DID method here. Do not relly on this method for DID resolution. It is only handy for offline use cases\n * when no DID Document is cached. For DID:WEB it does provide an accurate representation!\n *\n * @param identifier\n * @param opts\n */\nexport function toDidDocument(\n identifier?: IIdentifier,\n opts?: {\n did?: string\n use?: JwkKeyUse[]\n },\n): DIDDocument | undefined {\n let didDocument: DIDDocument | undefined = undefined\n // TODO: Introduce jwk thumbprints here\n if (identifier) {\n const did = identifier.did ?? opts?.did\n didDocument = {\n '@context': 'https://www.w3.org/ns/did/v1',\n id: did,\n verificationMethod: identifier.keys.map((key) => {\n const vm: VerificationMethod = {\n controller: did,\n id: key.kid.startsWith(did) && key.kid.includes('#') ? key.kid : `${did}#${key.kid}`,\n publicKeyJwk: toJwk(key.publicKeyHex, key.type, {\n use: ENC_KEY_ALGS.includes(key.type) ? JwkKeyUse.Encryption : JwkKeyUse.Signature,\n key,\n }) as JsonWebKey,\n type: 'JsonWebKey2020',\n }\n return vm\n }),\n ...((opts?.use === undefined || opts?.use?.includes(JwkKeyUse.Signature)) &&\n identifier.keys && {\n assertionMethod: identifier.keys\n .filter(\n (key) =>\n key?.meta?.purpose === undefined || key?.meta?.purpose === 'assertionMethod' || key?.meta?.purposes?.includes('assertionMethod'),\n )\n .map((key) => {\n if (key.kid.startsWith(did) && key.kid.includes('#')) {\n return key.kid\n }\n return `${did}#${key.kid}`\n }),\n }),\n ...((opts?.use === undefined || opts?.use?.includes(JwkKeyUse.Signature)) &&\n identifier.keys && {\n authentication: identifier.keys\n .filter(\n (key) => key?.meta?.purpose === undefined || key?.meta?.purpose === 'authentication' || key?.meta?.purposes?.includes('authentication'),\n )\n .map((key) => {\n if (key.kid.startsWith(did) && key.kid.includes('#')) {\n return key.kid\n }\n return `${did}#${key.kid}`\n }),\n }),\n ...((opts?.use === undefined || opts?.use?.includes(JwkKeyUse.Encryption)) &&\n identifier.keys && {\n keyAgreement: identifier.keys\n .filter((key) => key.type === 'X25519' || key?.meta?.purpose === 'keyAgreement' || key?.meta?.purposes?.includes('keyAgreement'))\n .map((key) => {\n if (key.kid.startsWith(did) && key.kid.includes('#')) {\n return key.kid\n }\n return `${did}#${key.kid}`\n }),\n }),\n ...((opts?.use === undefined || opts?.use?.includes(JwkKeyUse.Encryption)) &&\n identifier.keys && {\n capabilityInvocation: identifier.keys\n .filter(\n (key) =>\n key.type === 'X25519' || key?.meta?.purpose === 'capabilityInvocation' || key?.meta?.purposes?.includes('capabilityInvocation'),\n )\n .map((key) => {\n if (key.kid.startsWith(did) && key.kid.includes('#')) {\n return key.kid\n }\n return `${did}#${key.kid}`\n }),\n }),\n ...((opts?.use === undefined || opts?.use?.includes(JwkKeyUse.Encryption)) &&\n identifier.keys && {\n capabilityDelegation: identifier.keys\n .filter(\n (key) =>\n key.type === 'X25519' || key?.meta?.purpose === 'capabilityDelegation' || key?.meta?.purposes?.includes('capabilityDelegation'),\n )\n .map((key) => {\n if (key.kid.startsWith(did) && key.kid.includes('#')) {\n return key.kid\n }\n return `${did}#${key.kid}`\n }),\n }),\n ...(identifier.services && identifier.services.length > 0 && { service: identifier.services }),\n }\n }\n return didDocument\n}\n\nexport function toDidResolutionResult(\n identifier?: IIdentifier,\n opts?: {\n did?: string\n supportedMethods?: string[]\n },\n): DIDResolutionResult {\n const didDocument = toDidDocument(identifier, opts) ?? null // null is used in case of errors and required by the did resolution spec\n\n const resolutionResult: DIDResolutionResult = {\n '@context': 'https://w3id.org/did-resolution/v1',\n didDocument,\n didResolutionMetadata: {\n ...(!didDocument && { error: 'notFound' }),\n ...(Array.isArray(opts?.supportedMethods) &&\n identifier &&\n !opts?.supportedMethods.includes(identifier.provider.replace('did:', '')) && { error: 'unsupportedDidMethod' }),\n },\n didDocumentMetadata: {\n ...(identifier?.alias && { equivalentId: identifier?.alias }),\n },\n }\n return resolutionResult\n}\n\nexport async function asDidWeb(hostnameOrDID: string): Promise<string> {\n let did = hostnameOrDID\n if (!did) {\n throw Error('Domain or DID expected, but received nothing.')\n }\n if (did.startsWith('did:web:')) {\n return did\n }\n return `did:web:${did.replace(/https?:\\/\\/([^/?#]+).*/i, '$1').toLowerCase()}`\n}\n\n/**\n * @deprecated Replaced by the new signer service\n */\nexport const signDidJWT = async (args: SignJwtArgs): Promise<string> => {\n const { idOpts, header, payload, context, options } = args\n const jwtOptions = {\n ...options,\n signer: await getDidSigner({ idOpts, context }),\n }\n\n return createJWT(payload, jwtOptions, header)\n}\n\n/**\n * @deprecated Replaced by the new signer service\n */\nexport const getDidSigner = async (\n args: GetSignerArgs & {\n idOpts: {\n /**\n * @deprecated\n */\n identifier: IIdentifier | string\n /**\n * @deprecated\n */\n verificationMethodSection?: DIDDocumentSection\n /**\n * @deprecated\n */\n kmsKeyRef?: string\n }\n },\n): Promise<Signer> => {\n const { idOpts, context } = args\n\n const identifier = await legacyGetIdentifier(idOpts, context)\n const key = await getKey(\n {\n identifier,\n vmRelationship: idOpts.verificationMethodSection,\n kmsKeyRef: idOpts.kmsKeyRef,\n },\n context,\n )\n const algorithm = await signatureAlgorithmFromKey({ key })\n\n return async (data: string | Uint8Array): Promise<string> => {\n const input = data instanceof Object.getPrototypeOf(Uint8Array) ? new TextDecoder().decode(data as Uint8Array) : (data as string)\n return await context.agent.keyManagerSign({\n keyRef: key.kid,\n algorithm,\n data: input,\n })\n }\n}\n","import type { TKeyType } from '@sphereon/ssi-sdk-ext.key-utils'\nimport type { IAgentContext, IDIDManager, IIdentifier, IKeyManager, IResolver } from '@veramo/core'\nimport type { JWTHeader, JWTPayload, JWTVerifyOptions } from 'did-jwt'\nimport type { Resolvable } from 'did-resolver'\n\nexport enum SupportedDidMethodEnum {\n DID_ETHR = 'ethr',\n DID_KEY = 'key',\n DID_LTO = 'lto',\n DID_ION = 'ion',\n DID_EBSI = 'ebsi',\n DID_JWK = 'jwk',\n DID_OYD = 'oyd',\n}\n\nexport enum IdentifierAliasEnum {\n PRIMARY = 'primary',\n}\n\nexport interface ResolveOpts {\n jwtVerifyOpts?: JWTVerifyOptions\n resolver?: Resolvable\n resolveUrl?: string\n noUniversalResolverFallback?: boolean\n subjectSyntaxTypesSupported?: string[]\n}\n\n/**\n * @deprecated Replaced by the identifier resolution service\n */\nexport interface IDIDOptions {\n resolveOpts?: ResolveOpts\n idOpts: LegacyIIdentifierOpts\n supportedDIDMethods?: string[]\n}\n\nexport type IdentifierProviderOpts = {\n type?: TKeyType\n use?: string\n method?: SupportedDidMethodEnum\n [x: string]: any\n}\n\nexport type CreateIdentifierOpts = {\n method: SupportedDidMethodEnum\n createOpts?: CreateIdentifierCreateOpts\n}\n\nexport type CreateIdentifierCreateOpts = {\n kms?: string\n alias?: string\n options?: IdentifierProviderOpts\n}\n\nexport type CreateOrGetIdentifierOpts = {\n method: SupportedDidMethodEnum\n createOpts?: CreateIdentifierCreateOpts\n}\n\nexport const DID_PREFIX = 'did:'\n\nexport interface GetOrCreateResult<T> {\n created: boolean\n result: T\n}\n\n/**\n * @deprecated Replaced by new signer\n */\nexport type SignJwtArgs = {\n idOpts: LegacyIIdentifierOpts\n header: Partial<JWTHeader>\n payload: Partial<JWTPayload>\n options: { issuer: string; expiresIn?: number; canonicalize?: boolean }\n context: IRequiredSignAgentContext\n}\n\n/**\n * @deprecated Replaced by new signer\n */\nexport type GetSignerArgs = {\n idOpts: LegacyIIdentifierOpts\n context: IRequiredSignAgentContext\n}\n\n/**\n * @deprecated Replaced by the identifier resolution service\n */\ntype LegacyIIdentifierOpts = {\n identifier: IIdentifier | string\n}\nexport type IRequiredSignAgentContext = IAgentContext<IKeyManager & IDIDManager & IResolver>\n"],"mappings":";;;;AAAA,SAASA,sBAAsB;AAC/B,SAASC,mBAAmB;AAC5B,SACEC,cACAC,QACAC,WACAC,+BACAC,mBACAC,cACAC,2BAEAC,OACAC,sBACK;AACP,SAASC,mBAAmB;AAC5B,SAASC,eAAeC,eAAeC,YAAYC,YAAYC,2BAA2B;AAE1F,SAASC,gCAAgC;AAEzC,SAIEC,iCACAC,iCACAC,oBACAC,WACAC,8BACK;AACP,SAASC,iBAAyB;AAGlC,OAAOC,cAAc;AAErB,YAAYC,SAAS;;;AC7Bd,IAAKC,yBAAAA,0BAAAA,yBAAAA;;;;;;;;SAAAA;;AAUL,IAAKC,sBAAAA,0BAAAA,sBAAAA;;SAAAA;;AA4CL,IAAMC,aAAa;;;ADX1B,IAAM,EAAEC,YAAYC,SAAQ,IAAKC;AAE1B,IAAMC,uBAAuB,8BAClC,EACEC,YACAC,4BACAC,8BACAC,SACAC,cAAa,GAQfC,YAAAA;AAEA,SAAO,MAAMC,wBACX;IACEN;IACAC;IACAC;IACAC;IACAC;IACAG,gBAAgB;EAClB,GACAF,OAAAA;AAEJ,GA3BoC;AA4B7B,IAAMC,0BAA0B,8BACrC,EACEN,YACAC,4BACAC,8BACAC,SACAC,eACAG,eAAc,GAShBF,YAAAA;AAEA,MAAIG,MAAiCC;AACrC,MAAI;AACFD,UACG,MAAME,kCACL;MACEV;MACAO;MACAI,iBAAiB;MACjBR;MACAC;IACF,GACAC,OAAAA,MAEDH,gCAAgCK,mBAAmB,uBAChDE,SACA,MAAMC,kCACJ;MACEV;MACAO,gBAAgB;MAChBI,iBAAiB;MACjBR;MACAC;IACF,GACAC,OAAAA;EAEV,SAASO,GAAG;AACV,QAAIA,aAAaC,OAAO;AACtB,UAAI,CAACD,EAAEE,QAAQC,SAAS,KAAA,KAAU,CAACd,4BAA4B;AAC7D,cAAMW;MACR;IACF,OAAO;AACL,YAAMA;IACR;EACF;AACA,MAAI,CAACJ,OAAOP,4BAA4B;AACtC,UAAMe,aAAaC,cAAcjB,UAAAA;AACjCQ,UACG,MAAME,kCACL;MACEV;MACAO;MACAI,iBAAiB;MACjBO,aAAaF;MACbb;MACAC;IACF,GACAC,OAAAA,MAEDH,gCAAgCK,mBAAmB,uBAChDE,SACA,MAAMC,kCACJ;MACEV;MACAO,gBAAgB;MAChBI,iBAAiB;MACjBO,aAAaF;MACbb;MACAC;IACF,GACAC,OAAAA;AAER,QAAI,CAACG,KAAK;AACRA,YAAMR,WAAWmB,KACdC,IAAI,CAACZ,SAAQA,IAAAA,EACba,OAAO,CAACb,SAAQL,YAAYM,UAAaD,KAAIc,SAASnB,WAAYC,iBAAiBI,KAAIe,QAAQvB,WAAWwB,eAAe,EACzHC,KAAK,CAACjB,SAAQA,KAAIkB,KAAKC,oBAAoBL,KAAKP,SAAS,gBAAA,KAAqBP,KAAIkB,KAAKE,UAAUb,SAAS,gBAAA,CAAA;IAC/G;EACF;AACA,MAAI,CAACP,KAAK;AACR,UAAMK,MAAM,6CAA6Cb,WAAW6B,GAAG,EAAE;EAC3E;AACA,SAAOrB;AACT,GA1FuC;AA4FhC,IAAMsB,+BAA+B,8BAC1CzB,SACA0B,SAAAA;AAEA,QAAMC,oBAAoB,MAAMC,qBAAqB5B,SAAS;IAAE,GAAG0B,MAAMG,YAAYC;IAAS,GAAIJ,MAAMK,UAAU;MAAEA,QAAQL,KAAKK;IAAO;EAAG,CAAA;AAC3I,MAAIJ,sBAAsBvB,QAAW;AACnC,WAAO;MACL4B,SAAS;MACTC,QAAQN;IACV;EACF;AAEA,MAAID,MAAMK,WAAWG,uBAAuBC,SAAS;AACnD,UAAMN,aAAaH,MAAMG,cAAc,CAAC;AACxCA,eAAWC,UAAU;MAAEM,WAAW;MAAQnB,MAAM;MAAa,GAAGY;IAAW;AAC3EH,SAAKG,aAAaA;EACpB;AACA,QAAMQ,oBAAoB,MAAMC,iBAAiBtC,SAAS0B,IAAAA;AAC1D,SAAO;IACLM,SAAS;IACTC,QAAQI;EACV;AACF,GAtB4C;AAwBrC,IAAMT,uBAAuB,8BAAO5B,SAAqC0B,SAAAA;AAC9E,QAAMa,eAAe,MAAMvC,QAAQwC,MAAMC,eAAef,MAAMK,SAAS;IAAEW,UAAU,GAAGC,UAAAA,GAAajB,MAAMK,MAAAA;EAAS,IAAI,CAAC,CAAA,GAAIf,OACzH,CAACrB,eAA4B+B,MAAMT,SAASb,UAAaT,WAAWmB,KAAK8B,KAAK,CAACzC,QAAcA,IAAIc,SAASS,MAAMT,IAAAA,CAAAA;AAGlH,SAAOsB,eAAeA,YAAYM,SAAS,IAAIN,YAAY,CAAA,IAAKnC;AAClE,GANoC;AAQ7B,IAAMkC,mBAAmB,8BAAOtC,SAAqC0B,SAAAA;AAC1E,SAAO,MAAM1B,QAAQwC,MAAMM,iBAAiB;IAC1CC,KAAK,MAAMC,OAAOhD,SAAS0B,MAAMG,YAAYkB,GAAAA;IAC7C,GAAIrB,MAAMK,UAAU;MAAEW,UAAU,GAAGC,UAAAA,GAAajB,MAAMK,MAAAA;IAAS;IAC/DkB,OAAOvB,MAAMG,YAAYoB,SAAS,GAAGC,oBAAoBC,OAAO,IAAIzB,MAAMK,MAAAA,IAAUL,MAAMG,YAAYC,SAASb,IAAAA,KAAQ,oBAAImC,KAAAA,GAAOC,QAAO,CAAA;IACzIvB,SAASJ,MAAMG,YAAYC;EAC7B,CAAA;AACF,GAPgC;AASzB,IAAMzB,oCAAoC,8BAC/C,EACEV,YACAO,iBAAiB,sBACjBJ,SACAQ,kBAAkB,OAClBO,aACAd,cAAa,GASfC,YAAAA;AAEA,QAAMsD,cAAc,MAAMC,qCAAqC;IAAE5D;IAAYO;IAAgBW;EAAY,GAAGb,OAAAA;AAC5G,MAAIwD,MAAMC,QAAQH,WAAAA,KAAgBA,YAAYT,SAAS,GAAG;AACxD,UAAMZ,SAASqB,YAAYlC,KACzB,CAACjB,QAAQL,YAAYM,UAAaD,IAAIc,SAASnB,WAAYC,iBAAiBI,IAAIe,QAAQvB,WAAWwB,eAAe;AAEpH,QAAIc,QAAQ;AACV,aAAOA;IACT;EACF;AACA,MAAI3B,iBAAiB;AACnB,UAAM,IAAIE,MACR,wCAAwCN,cAAAA,wBAAsCP,WAAW6B,GAAG,GAAG1B,UAAU,oBAAoBA,UAAU,EAAA,EAAI;EAE/I;AACA,SAAOM;AACT,GAjCiD;AAmC1C,IAAMsD,4BAA4B,wBAAC,EAAEvD,IAAG,MAAiB;AAC9D,MAAIA,IAAIc,SAAS,aAAa;AAC5B,UAAMT,MAAM,+DAA+DL,IAAIc,IAAI,gBAAgBd,IAAIe,GAAG,EAAE;EAC9G;AACA,QAAMyC,kBAAkBxD,IAAIkB,MAAMsC,mBAAmBxD,IAAIkB,MAAMuC,SAASC,YAAAA,KAAiBC,eAAe,KAAK3D,IAAI4D,YAAY,EAAE,EAAEF,YAAW;AAC5I,MAAI,CAACF,iBAAiB;AACpB,UAAMnD,MAAM,mEAAmEL,IAAIe,GAAG,EAAE;EAC1F;AACA,SAAOyC;AACT,GATyC;AAWlC,IAAMK,mBAAmB,wBAAC,EAAErE,WAAU,MAA+B;AAC1E,QAAMQ,MAAMR,WAAWmB,KAAKM,KAAK,CAACjB,SAAQA,KAAIe,QAAQvB,WAAWwB,eAAe;AAChF,MAAI,CAAChB,KAAK;AACR,UAAMK,MAAM,+CAA+Cb,UAAAA,EAAY;EACzE;AACA,SAAOQ;AACT,GANgC;AAQzB,IAAM8D,UAAU,wBAAC,EACtBC,eACAnB,KACApD,YACAwE,WACArE,SACAC,cAAa,MAQd;AACC,SAAOJ,WAAWmB,KACfE,OAAO,CAACb,QAAQ,CAACL,WAAWK,IAAIc,SAASnB,OAAAA,EACzCkB,OAAO,CAACb,QAAQ,CAAC4C,OAAO5C,IAAI4C,QAAQA,GAAAA,EACpC/B,OAAO,CAACb,QAAQ,CAACgE,aAAahE,IAAIe,QAAQiD,SAAAA,EAC1CnD,OAAO,CAACb,QAAQ,CAAC+D,iBAAiB/D,IAAIkB,MAAM6C,kBAAkBA,aAAAA,EAC9DlD,OAAO,CAACb,QAAQ,CAACJ,iBAAiBJ,WAAWwB,oBAAoBhB,IAAIe,GAAG;AAC7E,GArBuB;AAkCvB,eAAsBkD,iCACpBvD,aACAwD,UAA8B,gBAC9BrE,SAAiC;AAEjC,QAAMsE,UAAUD,YAAY;AAC5B,MAAIA,YAAY,WAAW;AACzB,WAAO,CAAA;EACT;AACA,UACE,MAAME,QAAQC,KACX3D,YAAYwD,OAAAA,KAAY,CAAA,GAAItD,IAAI,OAAOZ,QAAAA;AACtC,QAAI,OAAOA,QAAQ,UAAU;AAC3B,UAAI;AACF,eAAQ,MAAMH,QAAQwC,MAAMiC,oBAAoB;UAC9C5D;UACA6D,QAAQvE;UACRkE;QACF,CAAA;MACF,SAAS9D,GAAG;AACV,eAAO;MACT;IACF,OAAO;AACL,aAAOJ;IACT;EACF,CAAA,CAAA,GAGDa,OAAO2D,SAAAA,EACP5D,IAAI,CAACZ,QAAAA;AACJ,UAAMyE,SAASC,kCAAkC1E,KAAKmE,OAAAA;AACtD,UAAM,EAAEP,cAAce,iBAAiBC,iBAAiBC,cAAc,GAAGC,SAAAA,IAAa9E;AACtF,UAAM+E,SAAS;MAAE,GAAGD;MAAUlB,cAAca;IAAO;AACnD,QAAIN,WAAW,iCAAiCY,OAAOjE,MAAM;AAC3DiE,aAAOjE,OAAO;IAChB;AACA,WAAOiE;EACT,CAAA;AACJ;AAtCsBd;AAwCf,SAASe,mBAAmBC,KAAQ;AAGzC,QAAMC,KAAkC;IACtCL,cAAcM,aAAaF,GAAAA;EAC7B;AACA,SAAOP,kCAAkCQ,EAAAA;AAC3C;AAPgBF;AAkBT,SAASN,kCAAkCU,IAAiCjB,UAAU,OAAK;AAChG,MAAIiB,GAAGP,cAAc;AACnB,UAAMI,MAAME,aAAaC,GAAGP,YAAY;AACxC,QAAII,IAAII,QAAQ,MAAM;AACpB,YAAMC,QAAQL,IAAIM,MAAMC,aAAaP,IAAIM,GAAG,IAAI;AAChD,YAAME,OAAOC,YAAYT,IAAIU,GAAI,WAAA;AACjC,YAAMC,OAAOF,YAAYT,IAAIY,GAAI,WAAA;AACjC,YAAMC,SAAS;AAGf,YAAMC,MAAM,GAAGD,MAAAA,GAASL,IAAAA,GAAOG,IAAAA;AAC/B,UAAI;AACF,cAAMI,KAAK,IAAIC,SAASD,GAAGV,KAAAA;AAE3B,cAAM1B,eAAeoC,GAAGE,cAAcH,KAAK,KAAA,EAAOI,UAAU,MAAM,KAAA;AAElE,eAAOvC;MACT,SAASwC,OAAY;AACnBC,gBAAQD,MAAM,+CAA+Cd,KAAAA,wBAA6BL,IAAIU,CAAC,QAAQV,IAAIY,CAAC,YAAYO,KAAAA,IAASA,KAAAA;MACnI;IACF,WAAWnB,IAAIM,QAAQ,WAAW;AAChC,aAAOlG,SAASD,WAAW6F,IAAIU,GAAI,WAAA,GAAc,QAAA;IACnD,WAAWV,IAAII,QAAQ,OAAO;AAC5B,aAAOiB,kBAAkBrB,GAAAA;IAE3B;EACF;AAEA,SAAOsB,oBAAoBnB,IAAIjB,OAAAA;AACjC;AA7BgBO;AA+BT,SAAS8B,gBAAgBT,KAAW;AACzC,QAAMU,WAAWV,IAAIA,IAAIrD,SAAS,CAAA,EAAGgB,YAAW;AAChD,SAAO;IAAC;IAAK;IAAK;IAAK;IAAK;IAAK;IAAK;IAAK;IAAKnD,SAASkG,QAAAA;AAC3D;AAHgBD;AAkBT,SAASD,oBAAoBnB,IAAiCjB,UAAmB,OAAK;AAC3F,MAAIuC,WAAWC,sBAAsBvB,EAAAA;AACrC,QAAMH,MAAMG,GAAGP,eAAeM,aAAaC,GAAGP,YAAY,IAAI5E;AAC9D,MAAIkE,SAAS;AACX,QACE;MAAC;MAAW;MAA8B;MAA8B5D,SAAS6E,GAAGtE,IAAI,KACvFsE,GAAGtE,SAAS,oBAAoBmE,KAAKM,QAAQ,WAC9C;AACAmB,iBAAWE,yBAAyBF,QAAAA;IACtC,WACE,CAAC;MAAC;MAAU;MAA6B;MAA6BnG,SAAS6E,GAAGtE,IAAI,KACtF,EAAEsE,GAAGtE,SAAS,oBAAoBmE,KAAKM,QAAQ,WAC/C;AACA,aAAO;IACT;EACF;AACA,SAAOsB,WAAWH,QAAAA;AACpB;AAjBgBH;AAmBhB,SAASf,aAAasB,OAAa;AACjC,SAAOA,MAAMpD,YAAW,EAAGqD,QAAQ,KAAK,EAAA,EAAIA,QAAQ,KAAK,EAAA;AAC3D;AAFSvB;AAIT,SAASmB,sBAAsBvB,IAAsB;AACnD,MAAIA,GAAGT,iBAAiB;AACtB,WAAOqC,cAAc5B,GAAGT,eAAe;EACzC,WAAWS,GAAG6B,oBAAoB;AAChC,WAAOC,oBAAoB9B,GAAG6B,kBAAkB;EAClD,WAAsC7B,GAAIR,iBAAiB;AACzD,WAAOuC,cAAyC/B,GAAIR,eAAe;EACrE,WAAWQ,GAAGxB,cAAc;AAC1B,WAAOwD,WAAWhC,GAAGxB,YAAY;EACnC,WAAWwB,GAAGP,cAAcU,OAAOH,GAAGP,aAAac,KAAKP,GAAGP,aAAagB,GAAG;AACzE,WAAOuB,WAAW1C,kCAAkCU,EAAAA,CAAAA;EACtD,WAAWA,GAAGP,iBAAiBO,GAAGP,aAAaU,QAAQ,aAAaH,GAAGP,aAAaU,QAAQ,aAAaH,GAAGP,aAAac,GAAG;AAC1H,WAAOwB,cAAc/B,GAAGP,aAAac,CAAC;EACxC;AACA,SAAO,IAAI0B,WAAAA;AACb;AAfSV;AAiBF,SAASW,wBAAwBpC,IAAwB/E,kBAAkB,MAAI;AACpF,MAAI8E,MAAuBC,GAAGL;AAC9B,MAAI,CAACI,KAAK;AACR,QAAIrB,eAAesB,GAAGtB,gBAAgBvE,SAASsH,sBAAsBzB,EAAAA,GAAK,KAAA;AAC1E,QAAItB,gBAAgBA,aAAa2D,KAAI,MAAO,IAAI;AAC9CtC,YAAMuC,MAAM5D,cAAc6D,8BAA8B;QAAElC,KAAKL,GAAGpE;MAAK,CAAA,CAAA;IACzE;EACF;AACA,MAAI,CAACmE,KAAK;AACR,QAAI9E,iBAAiB;AACnB,YAAME,MAAM,yCAAyC6E,GAAGwC,EAAE,SAAS;IACrE;AACA,WAAO;EACT;AACAzC,MAAIlE,MAAMmE,GAAGwC;AACb,SAAOvC,aAAaF,GAAAA;AACtB;AAhBgBqC;AAkBhB,SAASK,yBACPC,oBACAC,8BACAC,qBAA0C;AAE1C,QAAMC,OAAO,IAAIC,KACdH,gCAAgC,CAAA,GAC9BjH,IAAI,CAACqH,WAAY,OAAOA,WAAW,WAAWA,SAASH,qBAAqB7G,KAAK,CAACiE,OAAOA,GAAGwC,OAAOO,MAAAA,CAAAA,EACnGpH,OAAO2D,SAAAA,EACP5D,IAAI,CAACsE,OAAOoC,wBAAwBpC,IAAI,KAAA,CAAA,EACxCrE,OAAO2D,SAAAA,CAAAA;AAEZ,SAAO;IAAEoD;IAAoBG,MAAM1E,MAAM6E,KAAKH,IAAAA;EAAM;AACtD;AAbSJ;AAiBF,SAASQ,kBAAkBzH,aAAwB;AACxD,SAAO;IACLS,oBAAoB;SACfwG,yBAAyB,aAAajH,YAAY0H,WAAW1H,YAAYS,kBAAkB,EAAE4G;SAC7FJ,yBAAyB,sBAAsBjH,YAAYS,oBAAoBT,YAAYS,kBAAkB,EAAE4G;;IAEpHM,iBAAiBV,yBAAyB,mBAAmBjH,YAAY2H,iBAAiB3H,YAAYS,kBAAkB,EAAE4G;IAC1HO,gBAAgBX,yBAAyB,kBAAkBjH,YAAY4H,gBAAgB5H,YAAYS,kBAAkB,EAAE4G;IACvHQ,cAAcZ,yBAAyB,gBAAgBjH,YAAY6H,cAAc7H,YAAYS,kBAAkB,EAAE4G;IACjHS,sBAAsBb,yBAAyB,wBAAwBjH,YAAY8H,sBAAsB9H,YAAYS,kBAAkB,EAAE4G;IACzIU,sBAAsBd,yBAAyB,wBAAwBjH,YAAY+H,sBAAsB/H,YAAYS,kBAAkB,EAAE4G;EAC3I;AACF;AAZgBI;AA+BhB,eAAsB/E,qCACpB,EACE5D,YACAO,iBAAiB,sBACjBW,aACAsD,UAAS,GAOXnE,SAA+C;AAE/C,QAAM6I,SACJhI,eACC,MAAMiI,iBAAiB9I,OAAAA,EACrB+I,QAAQpJ,WAAW6B,GAAG,EACtBwH,KAAK,CAAC/G,WAAWA,OAAOpB,WAAW;AACxC,MAAI,CAACgI,QAAQ;AACX,UAAMrI,MAAM,yBAAyBb,WAAW6B,GAAG,EAAE;EACvD;AAKA,QAAMV,OAAO+H,SAAS,CAAA,IAAK,MAAMI,uBAAuBtJ,YAAYO,gBAAgBF,OAAAA;AAGpF,QAAMkJ,eAAqC,MAAM9E,iCAAiCyE,QAAQ3I,gBAAgBF,OAAAA;AAE1G,MAAImE,WAAW;AACb,QAAIgF,QAAQrI,KAAKE,OAAO,CAACb,QAAQA,IAAIe,QAAQiD,SAAAA;AAC7C,QAAIgF,MAAMtG,SAAS,GAAG;AACpB,aAAOsG;IACT;EACF;AAEA,QAAMC,YAAYlJ,mBAAmB,iBAAiBmJ,gCAAgC1J,UAAAA,IAAc2J,gCAAgC3J,UAAAA;AAGpI,QAAM4J,eAAgCL,aACnCnI,IAAI,CAACO,uBAAAA;AACJ,QAAIkI,QAAQlI,mBAAmByC;AAC/B,QAAIyF,OAAOC,WAAW,IAAA,GAAO;AAE3BD,cAAQE,eAAeF,KAAAA;IACzB;AAEA,UAAMG,WAAWP,UAAUhI,KACzB,CAACuI,cACCA,UAAS5F,iBAAiByF,SACzBG,UAAS1I,SAAS,SAASuI,OAAOC,WAAW,IAAA,KAASC,eAAeC,UAAS5F,YAAY,MAAMyF,SACjGA,OAAOC,WAAWE,UAAS5F,YAAY,KACvC6F,2BAA2BD,WAAUrI,kBAAAA,CAAAA;AAEzC,QAAIqI,UAAU;AACZ,YAAM,EAAEtI,MAAM,GAAGwI,WAAAA,IAAeF;AAChC,aAAO;QAAE,GAAGE;QAAYxI,MAAM;UAAE,GAAGA;UAAMC;QAAmB;MAAE;IAChE,OAAO;AACL,aAAO;IACT;EACF,CAAA,EACCN,OAAO2D,SAAAA;AAEV,SAAOnB,MAAM6E,KAAK,IAAIF,IAAIrH,KAAKgJ,OAAOP,YAAAA,CAAAA,CAAAA;AACxC;AAlEsBhG;AAgFtB,SAASqG,2BAA2BD,UAAgBrI,oBAAsC;AACxF,MACGA,mBAAmBL,SAAS,sCAAsCK,mBAAmBL,SAAS,uCAC/F0I,SAAS1I,SAAS,aAClB;AACA,WAAO;EACT;AACA,MAAI8I,YAAYC,mBAAmB1I,kBAAAA;AACnC,MAAIqI,SAAStI,MAAMuC,SAAS;AAC1B,WAAOmG,cAAcJ,SAAStI,MAAMuC,QAAQC,YAAAA;EAC9C;AACA,QAAMoG,eAAenG,eAAe,OAAO6F,SAAS5F,YAAY,EAAEF,YAAW;AAC7E,SAAOoG,iBAAiBF;AAC1B;AAbSH;AAeT,eAAsBM,mBAAmBlK,SAAmC;AAC1E,UAAQ,MAAMA,QAAQwC,MAAM2H,uBAAsB,GAAIpJ,IAAI,CAAC2B,aAAaA,SAASmB,YAAW,EAAGqD,QAAQ,QAAQ,EAAA,CAAA;AACjH;AAFsBgD;AAIf,SAASE,OAAOC,QAA4C;AACjE,MAAI,OAAOA,OAAO1K,eAAe,UAAU;AACzC,WAAO0K,OAAO1K;EAChB,WAAW,OAAO0K,OAAO1K,eAAe,UAAU;AAChD,WAAO0K,OAAO1K,WAAW6B;EAC3B;AACA,QAAMhB,MAAM,sCAAsC;AACpD;AAPgB4J;AAST,SAASE,MAAM3K,YAAuD;AAC3E,MAAI,OAAOA,eAAe,UAAU;AAClC,WAAOA;EACT;AACA,MAAIA,WAAW6B,KAAK;AAClB,WAAO7B,WAAW6B;EACpB;AACA,QAAMhB,MAAM,oCAAoC;AAClD;AARgB8J;AAUT,SAASC,OAAOhI,aAA6D;AAClF,MAAI,CAACA,aAAa;AAChB,WAAO,CAAA;EACT;AACA,SAAOA,YAAYxB,IAAIuJ,KAAAA;AACzB;AALgBC;AAOhB,eAAsBC,OACpB,EACE7K,YACAO,iBAAiB,kBACjBiE,UAAS,GAMXnE,SAA+C;AAE/C,MAAI,CAACL,YAAY;AACf,WAAO4E,QAAQkG,OAAO,IAAIjK,MAAM,0CAA0C,CAAA;EAC5E;AAEA,QAAMkK,iBAAiBvG,WAAWwG,MAAM,GAAG;AAC3C,QAAMzJ,MAAMwJ,iBAAkBA,gBAAgB7H,WAAW,IAAI6H,eAAe,CAAA,IAAKA,eAAe,CAAA,IAAMtK;AAGtG,MAAIwK,gBAA2CxK;AAE/C,QAAMU,OAAO,MAAMyC,qCAAqC;IAAE5D;IAAYO;IAAgCiE;EAAqB,GAAGnE,OAAAA;AAC9H,MAAI,CAACc,QAAQA,KAAK+B,WAAW,GAAG;AAC9B,UAAM,IAAIrC,MAAM,gDAAgDN,cAAAA,YAA0BP,WAAW6B,GAAG,EAAE;EAC5G;AACA,MAAI2C,WAAW;AACbyG,oBAAgB9J,KAAKM,KACnB,CAACjB,QAAuBA,IAAIkB,KAAKC,oBAAoBuG,OAAO1D,aAAcjD,OAAOf,IAAIkB,KAAKC,oBAAoBuG,IAAInH,SAASQ,GAAAA,CAAAA;EAE/H;AACA,MAAI,CAAC0J,eAAe;AAClBA,oBAAgB9J,KAAKM,KACnB,CAACjB,QAAuBA,IAAIkB,KAAKC,oBAAoBL,SAASf,kBAAkBC,IAAIkB,KAAKE,UAAUb,SAASR,cAAAA,CAAAA;EAEhH;AACA,MAAI,CAAC0K,eAAe;AAClBA,oBAAgB9J,KAAK,CAAA;EACvB;AAEA,MAAI,CAAC8J,eAAe;AAClB,UAAM,IAAIpK,MACR,8DAA8D2D,SAAAA,mBAA4BjE,cAAAA,WAAyBP,WAAW6B,GAAG,EAAE;EAEvI;AAEA,SAAOoJ;AACT;AA/CsBJ;AAwDtB,eAAeK,oBACb,EACElL,WAAU,GAIZK,SAAmC;AAEnC,MAAI,OAAOL,eAAe,UAAU;AAClC,WAAO,MAAMK,QAAQwC,MAAMsI,cAAc;MAAEtJ,KAAK7B;IAAW,CAAA;EAC7D;AACA,SAAOA;AACT;AAZekL;AAoBf,eAAsBE,aACpB,EACE5K,KACAkK,OAAM,GAKRrK,SAA+C;AAE/C,MAAIG,IAAIkB,MAAMC,oBAAoBuG,IAAI;AACpC,WAAO1H,IAAIkB,MAAMC,oBAAoBuG;EACvC;AACA,QAAMlI,aAAa,MAAMkL,oBAAoBR,QAAQrK,OAAAA;AACrD,QAAMgL,aAAa,MAAMzH,qCACvB;IACE5D;IACAO,gBAAgB;EAClB,GACAF,OAAAA;AAEF,QAAMwJ,QAAQwB,WAAW5J,KAAK,CAAC6J,gBAAgBA,YAAY/J,QAAQf,IAAIe,GAAG;AAC1E,MAAIsI,OAAO;AACT,WAAOA,MAAMnI,MAAMC,oBAAoBuG,MAAM2B,MAAMnI,MAAM6C,iBAAiBmG,OAAOlG,aAAaqF,MAAMtI;EACtG;AAEA,SAAOf,IAAIkB,MAAM6C,iBAAiBmG,OAAOlG,aAAahE,IAAIe;AAC5D;AA3BsB6J;AA6BtB,eAAsBG,uBAAuBC,SAAsBnL,SAAmC;AACpG,SAAOmL,QAAQC,uBAAwB,MAAMlB,mBAAmBlK,OAAAA;AAClE;AAFsBkL;AAIf,SAASpC,iBACd9I,SACA0B,MAIC;AAED,SAAO,IAAI2J,iBAAiBrL,SAAS0B,IAAAA;AACvC;AATgBoH;AAWT,IAAMuC,mBAAN,MAAMA;EArvBb,OAqvBaA;;;EACMrL;EACAsL;EACAC;EACAC;EAEjB,YACExL,SACA0B,MACA;AACA,SAAK1B,UAAUA;AACf,SAAKsL,qBAAqB5J,MAAM4J,uBAAuB;AACvD,SAAKC,wBAAwB7J,MAAM6J,0BAA0B;AAC7D,SAAKC,kBAAkB9J,MAAM8J,oBAAoB;EACnD;EAEA,MAAMzC,QAAQrE,QAAgB5C,SAA8D;AAC1F,QAAI2J;AACJ,QAAIC;AACJ,QAAIC;AACJ,QAAI,CAAC,KAAKL,sBAAsB,CAAC,KAAKE,mBAAmB,CAAC,KAAKD,uBAAuB;AACpF,YAAM/K,MAAM,6HAA6H;IAC3I;AACA,QAAI,KAAK8K,oBAAoB;AAC3B,UAAI;AACFG,2BAAmB,MAAM,KAAKzL,QAAQwC,MAAMoJ,WAAW;UAAElH;UAAQ5C;QAAQ,CAAA;MAC3E,SAASyE,OAAgB;AACvBoF,cAAMpF;MACR;IACF;AACA,QAAIkF,kBAAkB;AACpBC,6BAAuBD;AACvB,UAAIA,iBAAiB5K,gBAAgB,MAAM;AACzC4K,2BAAmBrL;MACrB;IACF,OAAO;AACLoG,cAAQqF,IAAI,wEAAwE;IACtF;AACA,QAAI,CAACJ,oBAAoB,KAAKD,iBAAiB;AAC7ChF,cAAQqF,IAAI,kEAAkE;AAC9E,UAAI;AACF,cAAMrK,MAAMkD,OAAOiG,MAAM,GAAA,EAAK,CAAA;AAC9B,cAAMmB,cAAc,MAAM,KAAK9L,QAAQwC,MAAMsI,cAAc;UAAEtJ;QAAI,CAAA;AACjEiK,2BAAmBM,sBAAsBD,aAAa;UAAEtK;QAAI,CAAA;AAC5D,YAAIiK,iBAAiB5K,aAAa;AAChC8K,gBAAMvL;QACR,OAAO;AACLoG,kBAAQqF,IAAI,mDAAmDrK,GAAAA,EAAK;QACtE;MACF,SAAS+E,OAAgB;AACvB,YAAI,CAACoF,KAAK;AACRA,gBAAMpF;QACR;MACF;IACF;AACA,QAAIkF,kBAAkB;AACpB,UAAI,CAACC,sBAAsB;AACzBA,+BAAuBD;MACzB;AACA,UAAI,CAACA,iBAAiB5K,aAAa;AACjC4K,2BAAmBrL;MACrB;IACF;AACA,QAAI,CAACqL,oBAAoB,KAAKF,uBAAuB;AACnD/E,cAAQqF,IAAI,+CAA+CnH,MAAAA,GAAS;AACpE+G,yBAAmB,MAAM,IAAIO,YAAAA,EAAcjD,QAAQrE,QAAQ5C,OAAAA;AAC3D,UAAI,CAAC4J,sBAAsB;AACzBA,+BAAuBD;MACzB;AACA,UAAIA,iBAAiB5K,aAAa;AAChC8K,cAAMvL;MACR;IACF;AAEA,QAAIuL,KAAK;AAEP,YAAMA;IACR;AACA,QAAI,CAACF,oBAAoB,CAACC,sBAAsB;AAC9C,YAAM,qBAAqBhH,MAAAA,gCAAsC,KAAK4G,kBAAkB,YAAY,KAAKE,eAAe,mBAAmB,KAAKD,qBAAqB;IACvK;AACA,WAAOE,oBAAoBC;EAC7B;AACF;AAYO,SAAS9K,cACdjB,YACA+B,MAGC;AAED,MAAIb,cAAuCT;AAE3C,MAAIT,YAAY;AACd,UAAM6B,MAAM7B,WAAW6B,OAAOE,MAAMF;AACpCX,kBAAc;MACZ,YAAY;MACZgH,IAAIrG;MACJF,oBAAoB3B,WAAWmB,KAAKC,IAAI,CAACZ,QAAAA;AACvC,cAAMkF,KAAyB;UAC7B4G,YAAYzK;UACZqG,IAAI1H,IAAIe,IAAIuI,WAAWjI,GAAAA,KAAQrB,IAAIe,IAAIR,SAAS,GAAA,IAAOP,IAAIe,MAAM,GAAGM,GAAAA,IAAOrB,IAAIe,GAAG;UAClF8D,cAAc2C,MAAMxH,IAAI4D,cAAc5D,IAAIc,MAAM;YAC9CiL,KAAKC,aAAazL,SAASP,IAAIc,IAAI,IAAImL,UAAUC,aAAaD,UAAUE;YACxEnM;UACF,CAAA;UACAc,MAAM;QACR;AACA,eAAOoE;MACT,CAAA;MACA,IAAK3D,MAAMwK,QAAQ9L,UAAasB,MAAMwK,KAAKxL,SAAS0L,UAAUE,SAAS,MACrE3M,WAAWmB,QAAQ;QACjB0H,iBAAiB7I,WAAWmB,KACzBE,OACC,CAACb,QACCA,KAAKkB,MAAMkL,YAAYnM,UAAaD,KAAKkB,MAAMkL,YAAY,qBAAqBpM,KAAKkB,MAAME,UAAUb,SAAS,iBAAA,CAAA,EAEjHK,IAAI,CAACZ,QAAAA;AACJ,cAAIA,IAAIe,IAAIuI,WAAWjI,GAAAA,KAAQrB,IAAIe,IAAIR,SAAS,GAAA,GAAM;AACpD,mBAAOP,IAAIe;UACb;AACA,iBAAO,GAAGM,GAAAA,IAAOrB,IAAIe,GAAG;QAC1B,CAAA;MACJ;MACF,IAAKQ,MAAMwK,QAAQ9L,UAAasB,MAAMwK,KAAKxL,SAAS0L,UAAUE,SAAS,MACrE3M,WAAWmB,QAAQ;QACjB2H,gBAAgB9I,WAAWmB,KACxBE,OACC,CAACb,QAAQA,KAAKkB,MAAMkL,YAAYnM,UAAaD,KAAKkB,MAAMkL,YAAY,oBAAoBpM,KAAKkB,MAAME,UAAUb,SAAS,gBAAA,CAAA,EAEvHK,IAAI,CAACZ,QAAAA;AACJ,cAAIA,IAAIe,IAAIuI,WAAWjI,GAAAA,KAAQrB,IAAIe,IAAIR,SAAS,GAAA,GAAM;AACpD,mBAAOP,IAAIe;UACb;AACA,iBAAO,GAAGM,GAAAA,IAAOrB,IAAIe,GAAG;QAC1B,CAAA;MACJ;MACF,IAAKQ,MAAMwK,QAAQ9L,UAAasB,MAAMwK,KAAKxL,SAAS0L,UAAUC,UAAU,MACtE1M,WAAWmB,QAAQ;QACjB4H,cAAc/I,WAAWmB,KACtBE,OAAO,CAACb,QAAQA,IAAIc,SAAS,YAAYd,KAAKkB,MAAMkL,YAAY,kBAAkBpM,KAAKkB,MAAME,UAAUb,SAAS,cAAA,CAAA,EAChHK,IAAI,CAACZ,QAAAA;AACJ,cAAIA,IAAIe,IAAIuI,WAAWjI,GAAAA,KAAQrB,IAAIe,IAAIR,SAAS,GAAA,GAAM;AACpD,mBAAOP,IAAIe;UACb;AACA,iBAAO,GAAGM,GAAAA,IAAOrB,IAAIe,GAAG;QAC1B,CAAA;MACJ;MACF,IAAKQ,MAAMwK,QAAQ9L,UAAasB,MAAMwK,KAAKxL,SAAS0L,UAAUC,UAAU,MACtE1M,WAAWmB,QAAQ;QACjB6H,sBAAsBhJ,WAAWmB,KAC9BE,OACC,CAACb,QACCA,IAAIc,SAAS,YAAYd,KAAKkB,MAAMkL,YAAY,0BAA0BpM,KAAKkB,MAAME,UAAUb,SAAS,sBAAA,CAAA,EAE3GK,IAAI,CAACZ,QAAAA;AACJ,cAAIA,IAAIe,IAAIuI,WAAWjI,GAAAA,KAAQrB,IAAIe,IAAIR,SAAS,GAAA,GAAM;AACpD,mBAAOP,IAAIe;UACb;AACA,iBAAO,GAAGM,GAAAA,IAAOrB,IAAIe,GAAG;QAC1B,CAAA;MACJ;MACF,IAAKQ,MAAMwK,QAAQ9L,UAAasB,MAAMwK,KAAKxL,SAAS0L,UAAUC,UAAU,MACtE1M,WAAWmB,QAAQ;QACjB8H,sBAAsBjJ,WAAWmB,KAC9BE,OACC,CAACb,QACCA,IAAIc,SAAS,YAAYd,KAAKkB,MAAMkL,YAAY,0BAA0BpM,KAAKkB,MAAME,UAAUb,SAAS,sBAAA,CAAA,EAE3GK,IAAI,CAACZ,QAAAA;AACJ,cAAIA,IAAIe,IAAIuI,WAAWjI,GAAAA,KAAQrB,IAAIe,IAAIR,SAAS,GAAA,GAAM;AACpD,mBAAOP,IAAIe;UACb;AACA,iBAAO,GAAGM,GAAAA,IAAOrB,IAAIe,GAAG;QAC1B,CAAA;MACJ;MACF,GAAIvB,WAAW6M,YAAY7M,WAAW6M,SAAS3J,SAAS,KAAK;QAAE4J,SAAS9M,WAAW6M;MAAS;IAC9F;EACF;AACA,SAAO3L;AACT;AAhGgBD;AAkGT,SAASmL,sBACdpM,YACA+B,MAGC;AAED,QAAMb,cAAcD,cAAcjB,YAAY+B,IAAAA,KAAS;AAEvD,QAAM+J,mBAAwC;IAC5C,YAAY;IACZ5K;IACA6L,uBAAuB;MACrB,GAAI,CAAC7L,eAAe;QAAE0F,OAAO;MAAW;MACxC,GAAI/C,MAAMC,QAAQ/B,MAAMiL,gBAAAA,KACtBhN,cACA,CAAC+B,MAAMiL,iBAAiBjM,SAASf,WAAW+C,SAASwE,QAAQ,QAAQ,EAAA,CAAA,KAAQ;QAAEX,OAAO;MAAuB;IACjH;IACAqG,qBAAqB;MACnB,GAAIjN,YAAYsD,SAAS;QAAE4J,cAAclN,YAAYsD;MAAM;IAC7D;EACF;AACA,SAAOwI;AACT;AAvBgBM;AAyBhB,eAAsBe,SAASC,eAAqB;AAClD,MAAIvL,MAAMuL;AACV,MAAI,CAACvL,KAAK;AACR,UAAMhB,MAAM,+CAAA;EACd;AACA,MAAIgB,IAAIiI,WAAW,UAAA,GAAa;AAC9B,WAAOjI;EACT;AACA,SAAO,WAAWA,IAAI0F,QAAQ,2BAA2B,IAAA,EAAMrD,YAAW,CAAA;AAC5E;AATsBiJ;AAcf,IAAME,aAAa,8BAAOC,SAAAA;AAC/B,QAAM,EAAE5C,QAAQ6C,QAAQC,SAASnN,SAAS8B,QAAO,IAAKmL;AACtD,QAAMG,aAAa;IACjB,GAAGtL;IACHuL,QAAQ,MAAMC,aAAa;MAAEjD;MAAQrK;IAAQ,CAAA;EAC/C;AAEA,SAAOuN,UAAUJ,SAASC,YAAYF,MAAAA;AACxC,GAR0B;AAanB,IAAMI,eAAe,8BAC1BL,SAAAA;AAiBA,QAAM,EAAE5C,QAAQrK,QAAO,IAAKiN;AAE5B,QAAMtN,aAAa,MAAMkL,oBAAoBR,QAAQrK,OAAAA;AACrD,QAAMG,MAAM,MAAMqK,OAChB;IACE7K;IACAO,gBAAgBmK,OAAOmD;IACvBrJ,WAAWkG,OAAOlG;EACpB,GACAnE,OAAAA;AAEF,QAAMyN,YAAY,MAAMC,0BAA0B;IAAEvN;EAAI,CAAA;AAExD,SAAO,OAAOwN,SAAAA;AACZ,UAAM1G,QAAQ0G,gBAAgBC,OAAOC,eAAerG,UAAAA,IAAc,IAAIsG,YAAAA,EAAcC,OAAOJ,IAAAA,IAAuBA;AAClH,WAAO,MAAM3N,QAAQwC,MAAMwL,eAAe;MACxCC,QAAQ9N,IAAIe;MACZuM;MACAE,MAAM1G;IACR,CAAA;EACF;AACF,GAvC4B;","names":["computeAddress","UniResolver","ENC_KEY_ALGS","getKms","JwkKeyUse","keyTypeFromCryptographicSuite","rsaJwkToRawHexKey","sanitizedJwk","signatureAlgorithmFromKey","toJwk","toPkcs1FromHex","base64ToHex","base58ToBytes","base64ToBytes","bytesToHex","hexToBytes","multibaseKeyToBytes","convertPublicKeyToX25519","compressIdentifierSecp256k1Keys","convertIdentifierEncryptionKeys","getEthereumAddress","isDefined","mapIdentifierKeysToDoc","createJWT","elliptic","u8a","SupportedDidMethodEnum","IdentifierAliasEnum","DID_PREFIX","fromString","toString","u8a","getAuthenticationKey","identifier","offlineWhenNoDIDRegistered","noVerificationMethodFallback","keyType","controllerKey","context","getFirstKeyWithRelation","vmRelationship","key","undefined","getFirstKeyWithRelationFromDIDDoc","errorOnNotFound","e","Error","message","includes","offlineDID","toDidDocument","didDocument","keys","map","filter","type","kid","controllerKeyId","find","meta","verificationMethod","purposes","did","getOrCreatePrimaryIdentifier","opts","primaryIdentifier","getPrimaryIdentifier","createOpts","options","method","created","result","SupportedDidMethodEnum","DID_KEY","codecName","createdIdentifier","createIdentifier","identifiers","agent","didManagerFind","provider","DID_PREFIX","some","length","didManagerCreate","kms","getKms","alias","IdentifierAliasEnum","PRIMARY","Date","getTime","matchedKeys","mapIdentifierKeysToDocWithJwkSupport","Array","isArray","getEthereumAddressFromKey","ethereumAddress","account","toLowerCase","computeAddress","publicKeyHex","getControllerKey","getKeys","jwkThumbprint","kmsKeyRef","dereferenceDidKeysWithJwkSupport","section","convert","Promise","all","getDIDComponentById","didUrl","isDefined","hexKey","extractPublicKeyHexWithJwkSupport","publicKeyBase58","publicKeyBase64","publicKeyJwk","keyProps","newKey","jwkTtoPublicKeyHex","jwk","vm","sanitizedJwk","pk","kty","curve","crv","toEcLibCurve","xHex","base64ToHex","x","yHex","y","prefix","hex","ec","elliptic","keyFromPublic","getPublic","error","console","rsaJwkToRawHexKey","extractPublicKeyHex","isEvenHexString","lastChar","keyBytes","extractPublicKeyBytes","convertPublicKeyToX25519","bytesToHex","input","replace","base58ToBytes","publicKeyMultibase","multibaseKeyToBytes","base64ToBytes","hexToBytes","Uint8Array","verificationMethodToJwk","trim","toJwk","keyTypeFromCryptographicSuite","id","didDocumentSectionToJwks","didDocumentSection","searchForVerificationMethods","verificationMethods","jwks","Set","vmOrId","from","didDocumentToJwks","publicKey","assertionMethod","authentication","keyAgreement","capabilityInvocation","capabilityDelegation","didDoc","getAgentResolver","resolve","then","mapIdentifierKeysToDoc","documentKeys","found","localKeys","convertIdentifierEncryptionKeys","compressIdentifierSecp256k1Keys","extendedKeys","vmKey","startsWith","toPkcs1FromHex","localKey","compareBlockchainAccountId","localProps","concat","vmEthAddr","getEthereumAddress","computedAddr","getAgentDIDMethods","didManagerGetProviders","getDID","idOpts","toDID","toDIDs","getKey","reject","kmsKeyRefParts","split","identifierKey","legacyGetIdentifier","didManagerGet","determineKid","mappedKeys","extendedKey","getSupportedDIDMethods","didOpts","supportedDIDMethods","AgentDIDResolver","resolverResolution","uniresolverResolution","localResolution","resolutionResult","origResolutionResult","err","resolveDid","log","iIdentifier","toDidResolutionResult","UniResolver","controller","use","ENC_KEY_ALGS","JwkKeyUse","Encryption","Signature","purpose","services","service","didResolutionMetadata","supportedMethods","didDocumentMetadata","equivalentId","asDidWeb","hostnameOrDID","signDidJWT","args","header","payload","jwtOptions","signer","getDidSigner","createJWT","verificationMethodSection","algorithm","signatureAlgorithmFromKey","data","Object","getPrototypeOf","TextDecoder","decode","keyManagerSign","keyRef"]}
1
+ {"version":3,"sources":["../src/did-functions.ts","../src/types.ts"],"sourcesContent":["import { computeAddress } from '@ethersproject/transactions'\nimport { UniResolver } from '@sphereon/did-uni-client'\nimport {\n ENC_KEY_ALGS,\n getKms,\n JwkKeyUse,\n keyTypeFromCryptographicSuite,\n rsaJwkToRawHexKey,\n sanitizedJwk,\n signatureAlgorithmFromKey,\n type TKeyType,\n toJwk,\n toPkcs1FromHex,\n} from '@sphereon/ssi-sdk-ext.key-utils'\nimport { base64ToHex } from '@sphereon/ssi-sdk-ext.x509-utils'\nimport { base58ToBytes, base64ToBytes, bytesToHex, hexToBytes, multibaseKeyToBytes } from '@sphereon/ssi-sdk.core'\nimport type { JWK } from '@sphereon/ssi-types'\nimport { convertPublicKeyToX25519 } from '@stablelib/ed25519'\nimport type { DIDDocument, DIDDocumentSection, DIDResolutionResult, IAgentContext, IDIDManager, IIdentifier, IKey, IResolver } from '@veramo/core'\nimport {\n type _ExtendedIKey,\n type _ExtendedVerificationMethod,\n type _NormalizedVerificationMethod,\n compressIdentifierSecp256k1Keys,\n convertIdentifierEncryptionKeys,\n getEthereumAddress,\n isDefined,\n mapIdentifierKeysToDoc,\n} from '@veramo/utils'\nimport { createJWT, Signer } from 'did-jwt'\nimport type { DIDResolutionOptions, JsonWebKey, Resolvable, VerificationMethod } from 'did-resolver'\n// @ts-ignore\nimport elliptic from 'elliptic'\n// @ts-ignore\nimport * as u8a from 'uint8arrays'\nimport {\n type CreateIdentifierOpts,\n type CreateOrGetIdentifierOpts,\n DID_PREFIX,\n type GetOrCreateResult,\n type GetSignerArgs,\n IdentifierAliasEnum,\n type IdentifierProviderOpts,\n type IDIDOptions,\n type SignJwtArgs,\n SupportedDidMethodEnum,\n} from './types'\n\nconst { fromString, toString } = u8a\n\nexport const getAuthenticationKey = async (\n {\n identifier,\n offlineWhenNoDIDRegistered,\n noVerificationMethodFallback,\n keyType,\n controllerKey,\n }: {\n identifier: IIdentifier\n keyType?: TKeyType\n offlineWhenNoDIDRegistered?: boolean\n noVerificationMethodFallback?: boolean\n controllerKey?: boolean\n },\n context: IAgentContext<IResolver & IDIDManager>,\n): Promise<_ExtendedIKey> => {\n return await getFirstKeyWithRelation(\n {\n identifier,\n offlineWhenNoDIDRegistered,\n noVerificationMethodFallback,\n keyType,\n controllerKey,\n vmRelationship: 'authentication',\n },\n context,\n )\n}\nexport const getFirstKeyWithRelation = async (\n {\n identifier,\n offlineWhenNoDIDRegistered,\n noVerificationMethodFallback,\n keyType,\n controllerKey,\n vmRelationship,\n }: {\n identifier: IIdentifier\n keyType?: TKeyType\n offlineWhenNoDIDRegistered?: boolean\n noVerificationMethodFallback?: boolean\n controllerKey?: boolean\n vmRelationship: DIDDocumentSection\n },\n context: IAgentContext<IResolver & IDIDManager>,\n): Promise<_ExtendedIKey> => {\n let key: _ExtendedIKey | undefined = undefined\n try {\n key =\n (await getFirstKeyWithRelationFromDIDDoc(\n {\n identifier,\n vmRelationship,\n errorOnNotFound: false,\n keyType,\n controllerKey,\n },\n context,\n )) ??\n (noVerificationMethodFallback || vmRelationship === 'verificationMethod' // let's not fallback to the same value again\n ? undefined\n : await getFirstKeyWithRelationFromDIDDoc(\n {\n identifier,\n vmRelationship: 'verificationMethod',\n errorOnNotFound: false,\n keyType,\n controllerKey,\n },\n context,\n ))\n } catch (e) {\n if (e instanceof Error) {\n if (!e.message.includes('404') || !offlineWhenNoDIDRegistered) {\n throw e\n }\n } else {\n throw e\n }\n }\n if (!key && offlineWhenNoDIDRegistered) {\n const offlineDID = toDidDocument(identifier)\n key =\n (await getFirstKeyWithRelationFromDIDDoc(\n {\n identifier,\n vmRelationship,\n errorOnNotFound: false,\n didDocument: offlineDID,\n keyType,\n controllerKey,\n },\n context,\n )) ??\n (noVerificationMethodFallback || vmRelationship === 'verificationMethod' // let's not fallback to the same value again\n ? undefined\n : await getFirstKeyWithRelationFromDIDDoc(\n {\n identifier,\n vmRelationship: 'verificationMethod',\n errorOnNotFound: false,\n didDocument: offlineDID,\n keyType,\n controllerKey,\n },\n context,\n ))\n if (!key) {\n key = identifier.keys\n .map((key) => key as _ExtendedIKey)\n .filter((key) => keyType === undefined || key.type === keyType || (controllerKey && key.kid === identifier.controllerKeyId))\n .find((key) => key.meta.verificationMethod?.type.includes('authentication') || key.meta.purposes?.includes('authentication'))\n }\n }\n if (!key) {\n throw Error(`Could not find authentication key for DID ${identifier.did}`)\n }\n return key\n}\n\nexport const getOrCreatePrimaryIdentifier = async (\n context: IAgentContext<IDIDManager>,\n opts?: CreateOrGetIdentifierOpts,\n): Promise<GetOrCreateResult<IIdentifier>> => {\n const primaryIdentifier = await getPrimaryIdentifier(context, { ...opts?.createOpts?.options, ...(opts?.method && { method: opts.method }) })\n if (primaryIdentifier !== undefined) {\n return {\n created: false,\n result: primaryIdentifier,\n }\n }\n\n if (opts?.method === SupportedDidMethodEnum.DID_KEY) {\n const createOpts = opts?.createOpts ?? {}\n createOpts.options = { codecName: 'EBSI', type: 'Secp256r1', ...createOpts }\n opts.createOpts = createOpts\n }\n const createdIdentifier = await createIdentifier(context, opts)\n return {\n created: true,\n result: createdIdentifier,\n }\n}\n\nexport const getPrimaryIdentifier = async (context: IAgentContext<IDIDManager>, opts?: IdentifierProviderOpts): Promise<IIdentifier | undefined> => {\n const identifiers = (await context.agent.didManagerFind(opts?.method ? { provider: `${DID_PREFIX}${opts?.method}` } : {})).filter(\n (identifier: IIdentifier) => opts?.type === undefined || identifier.keys.some((key: IKey) => key.type === opts?.type),\n )\n\n if (!identifiers || identifiers.length === 0) {\n return undefined\n }\n\n if (opts?.did) {\n const didMatch = identifiers.find((identifier: IIdentifier) => identifier.did === opts.did)\n if (didMatch) {\n return didMatch\n }\n }\n\n if (opts?.alias) {\n const aliasMatch = identifiers.find((identifier: IIdentifier) => identifier.alias === opts.alias)\n if (aliasMatch) {\n return aliasMatch\n }\n }\n\n return identifiers[0]\n}\n\nexport const createIdentifier = async (context: IAgentContext<IDIDManager>, opts?: CreateIdentifierOpts): Promise<IIdentifier> => {\n return await context.agent.didManagerCreate({\n kms: await getKms(context, opts?.createOpts?.kms),\n ...(opts?.method && { provider: `${DID_PREFIX}${opts?.method}` }),\n alias: opts?.createOpts?.alias ?? `${IdentifierAliasEnum.PRIMARY}-${opts?.method}-${opts?.createOpts?.options?.type}-${new Date().getTime()}`,\n options: opts?.createOpts?.options,\n })\n}\n\nexport const getFirstKeyWithRelationFromDIDDoc = async (\n {\n identifier,\n vmRelationship = 'verificationMethod',\n keyType,\n errorOnNotFound = false,\n didDocument,\n controllerKey,\n }: {\n identifier: IIdentifier\n controllerKey?: boolean\n vmRelationship?: DIDDocumentSection\n keyType?: TKeyType\n errorOnNotFound?: boolean\n didDocument?: DIDDocument\n },\n context: IAgentContext<IResolver & IDIDManager>,\n): Promise<_ExtendedIKey | undefined> => {\n const matchedKeys = await mapIdentifierKeysToDocWithJwkSupport({ identifier, vmRelationship, didDocument }, context)\n if (Array.isArray(matchedKeys) && matchedKeys.length > 0) {\n const controllerKeyMatch = identifier.controllerKeyId\n ? matchedKeys.find((key) => key.kid === identifier.controllerKeyId && (keyType === undefined || key.type === keyType))\n : undefined\n\n const result = controllerKeyMatch ?? matchedKeys.find((key) => keyType === undefined || key.type === keyType)\n if (result) {\n return result\n }\n }\n if (errorOnNotFound) {\n throw new Error(\n `Could not find key with relationship ${vmRelationship} in DID document for ${identifier.did}${keyType ? ' and key type: ' + keyType : ''}`,\n )\n }\n return undefined\n}\n\nexport const getEthereumAddressFromKey = ({ key }: { key: IKey }) => {\n if (key.type !== 'Secp256k1') {\n throw Error(`Can only get ethereum address from a Secp256k1 key. Type is ${key.type} for keyRef: ${key.kid}`)\n }\n const ethereumAddress = key.meta?.ethereumAddress ?? key.meta?.account?.toLowerCase() ?? computeAddress(`0x${key.publicKeyHex}`).toLowerCase()\n if (!ethereumAddress) {\n throw Error(`Could not get or generate ethereum address from key with keyRef ${key.kid}`)\n }\n return ethereumAddress\n}\n\nexport const getControllerKey = ({ identifier }: { identifier: IIdentifier }) => {\n const key = identifier.keys.find((key) => key.kid === identifier.controllerKeyId)\n if (!key) {\n throw Error(`Could not get controller key for identifier ${identifier}`)\n }\n return key\n}\n\nexport const getKeys = ({\n jwkThumbprint,\n kms,\n identifier,\n kmsKeyRef,\n keyType,\n controllerKey,\n}: {\n identifier: IIdentifier\n kmsKeyRef?: string\n keyType?: TKeyType\n kms?: string\n jwkThumbprint?: string\n controllerKey?: boolean\n}) => {\n return identifier.keys\n .filter((key) => !keyType || key.type === keyType)\n .filter((key) => !kms || key.kms === kms)\n .filter((key) => !kmsKeyRef || key.kid === kmsKeyRef)\n .filter((key) => !jwkThumbprint || key.meta?.jwkThumbprint === jwkThumbprint)\n .filter((key) => !controllerKey || identifier.controllerKeyId === key.kid)\n}\n\n//TODO: Move to ssi-sdk/core and create PR upstream\n/**\n * Dereferences keys from DID document and normalizes them for easy comparison.\n *\n * When dereferencing keyAgreement keys, only Ed25519 and X25519 curves are supported.\n * Other key types are omitted from the result and Ed25519 keys are converted to X25519\n *\n * @returns a Promise that resolves to the list of dereferenced keys.\n *\n * @beta This API may change without a BREAKING CHANGE notice.\n */\nexport async function dereferenceDidKeysWithJwkSupport(\n didDocument: DIDDocument,\n section: DIDDocumentSection = 'keyAgreement',\n context: IAgentContext<IResolver>,\n): Promise<_NormalizedVerificationMethod[]> {\n const convert = section === 'keyAgreement'\n if (section === 'service') {\n return []\n }\n return (\n await Promise.all(\n (didDocument[section] || []).map(async (key: string | VerificationMethod) => {\n if (typeof key === 'string') {\n try {\n return (await context.agent.getDIDComponentById({\n didDocument,\n didUrl: key,\n section,\n })) as _ExtendedVerificationMethod\n } catch (e) {\n return null\n }\n } else {\n return key as _ExtendedVerificationMethod\n }\n }),\n )\n )\n .filter(isDefined)\n .map((key) => {\n const hexKey = extractPublicKeyHexWithJwkSupport(key, convert)\n const { publicKeyHex, publicKeyBase58, publicKeyBase64, publicKeyJwk, ...keyProps } = key\n const newKey = { ...keyProps, publicKeyHex: hexKey }\n if (convert && 'Ed25519VerificationKey2018' === newKey.type) {\n newKey.type = 'X25519KeyAgreementKey2019'\n }\n return newKey\n })\n}\n\nexport function jwkTtoPublicKeyHex(jwk: JWK): string {\n // todo: Hacky way to convert this to a VM. Should extract the logic from the below methods\n // @ts-ignore\n const vm: _ExtendedVerificationMethod = {\n publicKeyJwk: sanitizedJwk(jwk),\n }\n return extractPublicKeyHexWithJwkSupport(vm)\n}\n\n/**\n * Converts the publicKey of a VerificationMethod to hex encoding (publicKeyHex)\n *\n * @param pk - the VerificationMethod to be converted\n * @param convert - when this flag is set to true, Ed25519 keys are converted to their X25519 pairs\n * @returns the hex encoding of the public key\n *\n * @beta This API may change without a BREAKING CHANGE notice.\n */\nexport function extractPublicKeyHexWithJwkSupport(pk: _ExtendedVerificationMethod, convert = false): string {\n if (pk.publicKeyJwk) {\n const jwk = sanitizedJwk(pk.publicKeyJwk)\n if (jwk.kty === 'EC') {\n const curve = jwk.crv ? toEcLibCurve(jwk.crv) : 'p256'\n const xHex = base64ToHex(jwk.x!, 'base64url')\n const yHex = base64ToHex(jwk.y!, 'base64url')\n const prefix = '04' // isEven(yHex) ? '02' : '03'\n // Uncompressed Hex format: 04<x><y>\n // Compressed Hex format: 02<x> (for even y) or 03<x> (for uneven y)\n const hex = `${prefix}${xHex}${yHex}`\n try {\n const ec = new elliptic.ec(curve)\n // We return directly as we don't want to convert the result back into Uint8Array and then convert again to hex as the elliptic lib already returns hex strings\n const publicKeyHex = ec.keyFromPublic(hex, 'hex').getPublic(true, 'hex')\n // This returns a short form (x) with 02 or 03 prefix\n return publicKeyHex\n } catch (error: any) {\n console.error(`Error converting EC with elliptic lib curve ${curve} from JWK to hex. x: ${jwk.x}, y: ${jwk.y}, error: ${error}`, error)\n }\n } else if (jwk.crv === 'Ed25519') {\n return toString(fromString(jwk.x!, 'base64url'), 'base16')\n } else if (jwk.kty === 'RSA') {\n return rsaJwkToRawHexKey(jwk)\n // return hexKeyFromPEMBasedJwk(jwk, 'public')\n }\n }\n // delegate the other types to the original Veramo function\n return extractPublicKeyHex(pk, convert)\n}\n\nexport function isEvenHexString(hex: string) {\n const lastChar = hex[hex.length - 1].toLowerCase()\n return ['0', '2', '4', '6', '8', 'a', 'c', 'e'].includes(lastChar)\n}\n\ninterface LegacyVerificationMethod extends VerificationMethod {\n publicKeyBase64: string\n}\n\n/**\n * Converts the publicKey of a VerificationMethod to hex encoding (publicKeyHex)\n *\n * @param pk - the VerificationMethod to be converted\n * @param convert - when this flag is set to true, Ed25519 keys are converted to their X25519 pairs\n * @returns the hex encoding of the public key\n *\n * @beta This API may change without a BREAKING CHANGE notice.\n */\nexport function extractPublicKeyHex(pk: _ExtendedVerificationMethod, convert: boolean = false): string {\n let keyBytes = extractPublicKeyBytes(pk)\n const jwk = pk.publicKeyJwk ? sanitizedJwk(pk.publicKeyJwk) : undefined\n if (convert) {\n if (\n ['Ed25519', 'Ed25519VerificationKey2018', 'Ed25519VerificationKey2020'].includes(pk.type) ||\n (pk.type === 'JsonWebKey2020' && jwk?.crv === 'Ed25519')\n ) {\n keyBytes = convertPublicKeyToX25519(keyBytes)\n } else if (\n !['X25519', 'X25519KeyAgreementKey2019', 'X25519KeyAgreementKey2020'].includes(pk.type) &&\n !(pk.type === 'JsonWebKey2020' && jwk?.crv === 'X25519')\n ) {\n return ''\n }\n }\n return bytesToHex(keyBytes)\n}\n\nfunction toEcLibCurve(input: string) {\n return input.toLowerCase().replace('-', '').replace('_', '')\n}\n\nfunction extractPublicKeyBytes(pk: VerificationMethod): Uint8Array {\n if (pk.publicKeyBase58) {\n return base58ToBytes(pk.publicKeyBase58)\n } else if (pk.publicKeyMultibase) {\n return multibaseKeyToBytes(pk.publicKeyMultibase)\n } else if ((<LegacyVerificationMethod>pk).publicKeyBase64) {\n return base64ToBytes((<LegacyVerificationMethod>pk).publicKeyBase64)\n } else if (pk.publicKeyHex) {\n return hexToBytes(pk.publicKeyHex)\n } else if (pk.publicKeyJwk?.crv && pk.publicKeyJwk.x && pk.publicKeyJwk.y) {\n return hexToBytes(extractPublicKeyHexWithJwkSupport(pk))\n } else if (pk.publicKeyJwk && (pk.publicKeyJwk.crv === 'Ed25519' || pk.publicKeyJwk.crv === 'X25519') && pk.publicKeyJwk.x) {\n return base64ToBytes(pk.publicKeyJwk.x)\n }\n return new Uint8Array()\n}\n\nexport function verificationMethodToJwk(vm: VerificationMethod, errorOnNotFound = true): JWK | null {\n let jwk: JWK | undefined = vm.publicKeyJwk as JWK\n if (!jwk) {\n let publicKeyHex = vm.publicKeyHex ?? toString(extractPublicKeyBytes(vm), 'hex')\n if (publicKeyHex && publicKeyHex.trim() !== '') {\n jwk = toJwk(publicKeyHex, keyTypeFromCryptographicSuite({ crv: vm.type }))\n }\n }\n if (!jwk) {\n if (errorOnNotFound) {\n throw Error(`Could not convert verification method ${vm.id} to jwk`)\n }\n return null\n }\n jwk.kid = vm.id\n return sanitizedJwk(jwk)\n}\n\nfunction didDocumentSectionToJwks(\n didDocumentSection: DIDDocumentSection,\n searchForVerificationMethods?: (VerificationMethod | string)[],\n verificationMethods?: VerificationMethod[],\n) {\n const jwks = new Set(\n (searchForVerificationMethods ?? [])\n .map((vmOrId) => (typeof vmOrId === 'object' ? vmOrId : verificationMethods?.find((vm) => vm.id === vmOrId)))\n .filter(isDefined)\n .map((vm) => verificationMethodToJwk(vm, false))\n .filter(isDefined),\n )\n return { didDocumentSection, jwks: Array.from(jwks) }\n}\n\nexport type DidDocumentJwks = Record<Exclude<DIDDocumentSection, 'publicKey' | 'service'>, Array<JWK>>\n\nexport function didDocumentToJwks(didDocument: DIDDocument): DidDocumentJwks {\n return {\n verificationMethod: [\n ...didDocumentSectionToJwks('publicKey', didDocument.publicKey, didDocument.verificationMethod).jwks, // legacy support\n ...didDocumentSectionToJwks('verificationMethod', didDocument.verificationMethod, didDocument.verificationMethod).jwks,\n ],\n assertionMethod: didDocumentSectionToJwks('assertionMethod', didDocument.assertionMethod, didDocument.verificationMethod).jwks,\n authentication: didDocumentSectionToJwks('authentication', didDocument.authentication, didDocument.verificationMethod).jwks,\n keyAgreement: didDocumentSectionToJwks('keyAgreement', didDocument.keyAgreement, didDocument.verificationMethod).jwks,\n capabilityInvocation: didDocumentSectionToJwks('capabilityInvocation', didDocument.capabilityInvocation, didDocument.verificationMethod).jwks,\n capabilityDelegation: didDocumentSectionToJwks('capabilityDelegation', didDocument.capabilityDelegation, didDocument.verificationMethod).jwks,\n }\n}\n\n/**\n * Maps the keys of a locally managed {@link @veramo/core#IIdentifier | IIdentifier} to the corresponding\n * {@link did-resolver#VerificationMethod | VerificationMethod} entries from the DID document.\n *\n * @param identifier - the identifier to be mapped\n * @param section - the section of the DID document to be mapped (see\n * {@link https://www.w3.org/TR/did-core/#verification-relationships | verification relationships}), but can also be\n * `verificationMethod` to map all the keys.\n * @param didDocument\n * @param context - the veramo agent context, which must contain a {@link @veramo/core#IResolver | IResolver}\n * implementation that can resolve the DID document of the identifier.\n *\n * @returns an array of mapped keys. The corresponding verification method is added to the `meta.verificationMethod`\n * property of the key.\n *\n * @beta This API may change without a BREAKING CHANGE notice.\n */\nexport async function mapIdentifierKeysToDocWithJwkSupport(\n {\n identifier,\n vmRelationship = 'verificationMethod',\n didDocument,\n kmsKeyRef,\n }: {\n identifier: IIdentifier\n vmRelationship?: DIDDocumentSection\n didDocument?: DIDDocument\n kmsKeyRef?: string\n },\n context: IAgentContext<IResolver & IDIDManager>,\n): Promise<_ExtendedIKey[]> {\n const didDoc =\n didDocument ??\n (await getAgentResolver(context)\n .resolve(identifier.did)\n .then((result) => result.didDocument))\n if (!didDoc) {\n throw Error(`Could not resolve DID ${identifier.did}`)\n }\n\n // const rsaDidWeb = identifier.keys && identifier.keys.length > 0 && identifier.keys.find((key) => key.type === 'RSA') && didDocument\n\n // We skip mapping in case the identifier is RSA and a did document is supplied.\n const keys = didDoc ? [] : await mapIdentifierKeysToDoc(identifier, vmRelationship, context)\n\n // dereference all key agreement keys from DID document and normalize\n const documentKeys: VerificationMethod[] = await dereferenceDidKeysWithJwkSupport(didDoc, vmRelationship, context)\n\n if (kmsKeyRef) {\n let found = keys.filter((key) => key.kid === kmsKeyRef)\n if (found.length > 0) {\n return found\n }\n }\n\n const localKeys = vmRelationship === 'keyAgreement' ? convertIdentifierEncryptionKeys(identifier) : compressIdentifierSecp256k1Keys(identifier)\n\n // finally map the didDocument keys to the identifier keys by comparing `publicKeyHex`\n const extendedKeys: _ExtendedIKey[] = documentKeys\n .map((verificationMethod) => {\n let vmKey = verificationMethod.publicKeyHex\n if (vmKey?.startsWith('30')) {\n // DER encoded\n vmKey = toPkcs1FromHex(vmKey)\n }\n\n const localKey = localKeys.find(\n (localKey) =>\n localKey.publicKeyHex === vmKey ||\n (localKey.type === 'RSA' && vmKey?.startsWith('30') && toPkcs1FromHex(localKey.publicKeyHex) === vmKey) ||\n vmKey?.startsWith(localKey.publicKeyHex) ||\n compareBlockchainAccountId(localKey, verificationMethod),\n )\n if (localKey) {\n const { meta, ...localProps } = localKey\n return { ...localProps, meta: { ...meta, verificationMethod } }\n } else {\n return null\n }\n })\n .filter(isDefined)\n\n const allKeys = Array.from(new Set(keys.concat(extendedKeys)))\n\n // Filter based on key metadata purposes, except when requesting all verificationMethods\n if (vmRelationship === 'verificationMethod') {\n return allKeys\n }\n\n return allKeys.filter((key) => {\n const purposes = key.meta?.purposes\n if (!purposes || purposes.length === 0) {\n return true\n }\n return purposes.includes(vmRelationship)\n })\n}\n\n/**\n * Compares the `blockchainAccountId` of a `EcdsaSecp256k1RecoveryMethod2020` verification method with the address\n * computed from a locally managed key.\n *\n * @returns true if the local key address corresponds to the `blockchainAccountId`\n *\n * @param localKey - The locally managed key\n * @param verificationMethod - a {@link did-resolver#VerificationMethod | VerificationMethod} with a\n * `blockchainAccountId`\n *\n * @beta This API may change without a BREAKING CHANGE notice.\n */\nfunction compareBlockchainAccountId(localKey: IKey, verificationMethod: VerificationMethod): boolean {\n if (\n (verificationMethod.type !== 'EcdsaSecp256k1RecoveryMethod2020' && verificationMethod.type !== 'EcdsaSecp256k1VerificationKey2019') ||\n localKey.type !== 'Secp256k1'\n ) {\n return false\n }\n let vmEthAddr = getEthereumAddress(verificationMethod)\n if (localKey.meta?.account) {\n return vmEthAddr === localKey.meta?.account.toLowerCase()\n }\n const computedAddr = computeAddress('0x' + localKey.publicKeyHex).toLowerCase()\n return computedAddr === vmEthAddr\n}\n\nexport async function getAgentDIDMethods(context: IAgentContext<IDIDManager>) {\n return (await context.agent.didManagerGetProviders()).map((provider) => provider.toLowerCase().replace('did:', ''))\n}\n\nexport function getDID(idOpts: { identifier: IIdentifier | string }): string {\n if (typeof idOpts.identifier === 'string') {\n return idOpts.identifier\n } else if (typeof idOpts.identifier === 'object') {\n return idOpts.identifier.did\n }\n throw Error(`Cannot get DID from identifier value`)\n}\n\nexport function toDID(identifier: string | IIdentifier | Partial<IIdentifier>): string {\n if (typeof identifier === 'string') {\n return identifier\n }\n if (identifier.did) {\n return identifier.did\n }\n throw Error(`No DID value present in identifier`)\n}\n\nexport function toDIDs(identifiers?: (string | IIdentifier | Partial<IIdentifier>)[]): string[] {\n if (!identifiers) {\n return []\n }\n return identifiers.map(toDID)\n}\n\nexport async function getKey(\n {\n identifier,\n vmRelationship = 'authentication',\n kmsKeyRef,\n }: {\n identifier: IIdentifier\n vmRelationship?: DIDDocumentSection\n kmsKeyRef?: string\n },\n context: IAgentContext<IResolver & IDIDManager>,\n): Promise<_ExtendedIKey> {\n if (!identifier) {\n return Promise.reject(new Error(`No identifier provided to getKey method!`))\n }\n // normalize to kid, in case keyId was passed in as did#vm or #vm\n const kmsKeyRefParts = kmsKeyRef?.split(`#`)\n const kid = kmsKeyRefParts ? (kmsKeyRefParts?.length === 2 ? kmsKeyRefParts[1] : kmsKeyRefParts[0]) : undefined\n // todo: We really should do a keyRef and external kid here\n // const keyRefKeys = kmsKeyRef ? identifier.keys.find((key: IKey) => key.kid === kid || key?.meta?.jwkThumbprint === kid) : undefined\n let identifierKey: _ExtendedIKey | undefined = undefined\n\n const keys = await mapIdentifierKeysToDocWithJwkSupport({ identifier, vmRelationship: vmRelationship, kmsKeyRef: kmsKeyRef }, context)\n if (!keys || keys.length === 0) {\n throw new Error(`No keys found for verificationMethodSection: ${vmRelationship} and did ${identifier.did}`)\n }\n if (kmsKeyRef) {\n identifierKey = keys.find(\n (key: _ExtendedIKey) => key.meta.verificationMethod?.id === kmsKeyRef || (kid && key.meta.verificationMethod?.id?.includes(kid)),\n )\n }\n if (!identifierKey) {\n identifierKey = keys.find(\n (key: _ExtendedIKey) => key.meta.verificationMethod?.type === vmRelationship || key.meta.purposes?.includes(vmRelationship),\n )\n }\n if (!identifierKey) {\n identifierKey = keys[0]\n }\n\n if (!identifierKey) {\n throw new Error(\n `No matching verificationMethodSection key found for keyId: ${kmsKeyRef} and vmSection: ${vmRelationship} for id ${identifier.did}`,\n )\n }\n\n return identifierKey\n}\n\n/**\n *\n * @param identifier\n * @param context\n *\n * @deprecated Replaced by the identfier resolution plugin\n */\nasync function legacyGetIdentifier(\n {\n identifier,\n }: {\n identifier: string | IIdentifier\n },\n context: IAgentContext<IDIDManager>,\n): Promise<IIdentifier> {\n if (typeof identifier === 'string') {\n return await context.agent.didManagerGet({ did: identifier })\n }\n return identifier\n}\n\n/**\n * Get the real kid as used in JWTs. This is the kid in the VM or in the JWT, not the kid in the Veramo/Sphereon keystore. That was just a poorly chosen name\n * @param key\n * @param idOpts\n * @param context\n */\nexport async function determineKid(\n {\n key,\n idOpts,\n }: {\n key: IKey\n idOpts: { identifier: IIdentifier | string; kmsKeyRef?: string }\n },\n context: IAgentContext<IResolver & IDIDManager>,\n): Promise<string> {\n if (key.meta?.verificationMethod?.id) {\n return key.meta?.verificationMethod?.id\n }\n const identifier = await legacyGetIdentifier(idOpts, context)\n const mappedKeys = await mapIdentifierKeysToDocWithJwkSupport(\n {\n identifier,\n vmRelationship: 'verificationMethod',\n },\n context,\n )\n const vmKey = mappedKeys.find((extendedKey) => extendedKey.kid === key.kid)\n if (vmKey) {\n return vmKey.meta?.verificationMethod?.id ?? vmKey.meta?.jwkThumbprint ?? idOpts.kmsKeyRef ?? vmKey.kid\n }\n\n return key.meta?.jwkThumbprint ?? idOpts.kmsKeyRef ?? key.kid\n}\n\nexport async function getSupportedDIDMethods(didOpts: IDIDOptions, context: IAgentContext<IDIDManager>) {\n return didOpts.supportedDIDMethods ?? (await getAgentDIDMethods(context))\n}\n\nexport function getAgentResolver(\n context: IAgentContext<IResolver & IDIDManager>,\n opts?: {\n localResolution?: boolean // Resolve identifiers hosted by the agent\n uniresolverResolution?: boolean // Resolve identifiers using universal resolver\n resolverResolution?: boolean // Use registered drivers\n },\n): Resolvable {\n return new AgentDIDResolver(context, opts)\n}\n\nexport class AgentDIDResolver implements Resolvable {\n private readonly context: IAgentContext<IResolver & IDIDManager>\n private readonly resolverResolution: boolean\n private readonly uniresolverResolution: boolean\n private readonly localResolution: boolean\n\n constructor(\n context: IAgentContext<IResolver & IDIDManager>,\n opts?: { uniresolverResolution?: boolean; localResolution?: boolean; resolverResolution?: boolean },\n ) {\n this.context = context\n this.resolverResolution = opts?.resolverResolution !== false\n this.uniresolverResolution = opts?.uniresolverResolution !== false\n this.localResolution = opts?.localResolution !== false\n }\n\n async resolve(didUrl: string, options?: DIDResolutionOptions): Promise<DIDResolutionResult> {\n let resolutionResult: DIDResolutionResult | undefined\n let origResolutionResult: DIDResolutionResult | undefined\n let err: any\n if (!this.resolverResolution && !this.localResolution && !this.uniresolverResolution) {\n throw Error(`No agent hosted DID resolution, regular agent resolution nor universal resolver resolution is enabled. Cannot resolve DIDs.`)\n }\n if (this.resolverResolution) {\n try {\n resolutionResult = await this.context.agent.resolveDid({ didUrl, options })\n } catch (error: unknown) {\n err = error\n }\n }\n if (resolutionResult) {\n origResolutionResult = resolutionResult\n if (resolutionResult.didDocument === null) {\n resolutionResult = undefined\n }\n } else {\n console.log(`Agent resolver resolution is disabled. This typically isn't desirable!`)\n }\n if (!resolutionResult && this.localResolution) {\n console.log(`Using local DID resolution, looking at DIDs hosted by the agent.`)\n try {\n const did = didUrl.split('#')[0]\n const iIdentifier = await this.context.agent.didManagerGet({ did })\n resolutionResult = toDidResolutionResult(iIdentifier, { did })\n if (resolutionResult.didDocument) {\n err = undefined\n } else {\n console.log(`Local resolution resulted in a DID Document for ${did}`)\n }\n } catch (error: unknown) {\n if (!err) {\n err = error\n }\n }\n }\n if (resolutionResult) {\n if (!origResolutionResult) {\n origResolutionResult = resolutionResult\n }\n if (!resolutionResult.didDocument) {\n resolutionResult = undefined\n }\n }\n if (!resolutionResult && this.uniresolverResolution) {\n console.log(`Using universal resolver resolution for did ${didUrl} `)\n resolutionResult = await new UniResolver().resolve(didUrl, options)\n if (!origResolutionResult) {\n origResolutionResult = resolutionResult\n }\n if (resolutionResult.didDocument) {\n err = undefined\n }\n }\n\n if (err) {\n // throw original error\n throw err\n }\n if (!resolutionResult && !origResolutionResult) {\n throw `Could not resolve ${didUrl}. Resolutions tried: online: ${this.resolverResolution}, local: ${this.localResolution}, uni resolver: ${this.uniresolverResolution}`\n }\n return resolutionResult ?? origResolutionResult!\n }\n}\n\nconst hasPurpose = (key: IKey, purpose: string) =>\n (key?.meta?.purpose === undefined && key?.meta?.purposes === undefined) || key?.meta?.purpose === purpose || key?.meta?.purposes?.includes(purpose)\n\n/**\n * Please note that this is not an exact representation of the actual DID Document.\n *\n * We try to do our best, to map keys onto relevant verification methods and relationships, but we simply lack the context\n * of the actual DID method here. Do not relly on this method for DID resolution. It is only handy for offline use cases\n * when no DID Document is cached. For DID:WEB it does provide an accurate representation!\n *\n * @param identifier\n * @param opts\n */\nexport function toDidDocument(\n identifier?: IIdentifier,\n opts?: {\n did?: string\n use?: JwkKeyUse[]\n },\n): DIDDocument | undefined {\n let didDocument: DIDDocument | undefined = undefined\n // TODO: Introduce jwk thumbprints here\n if (identifier) {\n const did = identifier.did ?? opts?.did\n didDocument = {\n '@context': 'https://www.w3.org/ns/did/v1',\n id: did,\n verificationMethod: identifier.keys.map((key) => {\n // Use existing JWK from meta if available, otherwise convert from publicKeyHex\n const publicKeyJwk = key.meta?.jwk\n ? sanitizedJwk(key.meta.jwk as JWK)\n : toJwk(key.publicKeyHex, key.type, {\n use: ENC_KEY_ALGS.includes(key.type) ? JwkKeyUse.Encryption : JwkKeyUse.Signature,\n key,\n })\n\n const vm: VerificationMethod = {\n controller: did,\n id: key.kid.startsWith(did) && key.kid.includes('#') ? key.kid : `${did}#${key.kid}`,\n publicKeyJwk: publicKeyJwk as JsonWebKey,\n type: 'JsonWebKey2020',\n }\n return vm\n }),\n ...((opts?.use === undefined || opts?.use?.includes(JwkKeyUse.Signature)) &&\n identifier.keys && {\n assertionMethod: identifier.keys\n .filter((key) => hasPurpose(key, 'assertionMethod'))\n .map((key) => {\n if (key.kid.startsWith(did) && key.kid.includes('#')) {\n return key.kid\n }\n return `${did}#${key.kid}`\n }),\n }),\n ...((opts?.use === undefined || opts?.use?.includes(JwkKeyUse.Signature)) &&\n identifier.keys && {\n authentication: identifier.keys\n .filter((key) => hasPurpose(key, 'authentication'))\n .map((key) => {\n if (key.kid.startsWith(did) && key.kid.includes('#')) {\n return key.kid\n }\n return `${did}#${key.kid}`\n }),\n }),\n ...((opts?.use === undefined || opts?.use?.includes(JwkKeyUse.Encryption)) &&\n identifier.keys && {\n keyAgreement: identifier.keys\n .filter((key) => key.type === 'X25519' || hasPurpose(key, 'keyAgreement'))\n .map((key) => {\n if (key.kid.startsWith(did) && key.kid.includes('#')) {\n return key.kid\n }\n return `${did}#${key.kid}`\n }),\n }),\n ...((opts?.use === undefined || opts?.use?.includes(JwkKeyUse.Encryption)) &&\n identifier.keys && {\n capabilityInvocation: identifier.keys\n .filter((key) => key.type === 'X25519' || hasPurpose(key, 'capabilityInvocation'))\n .map((key) => {\n if (key.kid.startsWith(did) && key.kid.includes('#')) {\n return key.kid\n }\n return `${did}#${key.kid}`\n }),\n }),\n ...((opts?.use === undefined || opts?.use?.includes(JwkKeyUse.Encryption)) &&\n identifier.keys && {\n capabilityDelegation: identifier.keys\n .filter((key) => key.type === 'X25519' || hasPurpose(key, 'capabilityDelegation'))\n .map((key) => {\n if (key.kid.startsWith(did) && key.kid.includes('#')) {\n return key.kid\n }\n return `${did}#${key.kid}`\n }),\n }),\n ...(identifier.services && identifier.services.length > 0 && { service: identifier.services }),\n }\n }\n return didDocument\n}\n\nexport function toDidResolutionResult(\n identifier?: IIdentifier,\n opts?: {\n did?: string\n supportedMethods?: string[]\n },\n): DIDResolutionResult {\n const didDocument = toDidDocument(identifier, opts) ?? null // null is used in case of errors and required by the did resolution spec\n\n const resolutionResult: DIDResolutionResult = {\n '@context': 'https://w3id.org/did-resolution/v1',\n didDocument,\n didResolutionMetadata: {\n ...(!didDocument && { error: 'notFound' }),\n ...(Array.isArray(opts?.supportedMethods) &&\n identifier &&\n !opts?.supportedMethods.includes(identifier.provider.replace('did:', '')) && { error: 'unsupportedDidMethod' }),\n },\n didDocumentMetadata: {\n ...(identifier?.alias && { equivalentId: identifier?.alias }),\n },\n }\n return resolutionResult\n}\n\nexport async function asDidWeb(hostnameOrDID: string): Promise<string> {\n let did = hostnameOrDID\n if (!did) {\n throw Error('Domain or DID expected, but received nothing.')\n }\n if (did.startsWith('did:web:')) {\n return did\n }\n return `did:web:${did.replace(/https?:\\/\\/([^/?#]+).*/i, '$1').toLowerCase()}`\n}\n\n/**\n * @deprecated Replaced by the new signer service\n */\nexport const signDidJWT = async (args: SignJwtArgs): Promise<string> => {\n const { idOpts, header, payload, context, options } = args\n const jwtOptions = {\n ...options,\n signer: await getDidSigner({ idOpts, context }),\n }\n\n return createJWT(payload, jwtOptions, header)\n}\n\n/**\n * @deprecated Replaced by the new signer service\n */\nexport const getDidSigner = async (\n args: GetSignerArgs & {\n idOpts: {\n /**\n * @deprecated\n */\n identifier: IIdentifier | string\n /**\n * @deprecated\n */\n verificationMethodSection?: DIDDocumentSection\n /**\n * @deprecated\n */\n kmsKeyRef?: string\n }\n },\n): Promise<Signer> => {\n const { idOpts, context } = args\n\n const identifier = await legacyGetIdentifier(idOpts, context)\n const key = await getKey(\n {\n identifier,\n vmRelationship: idOpts.verificationMethodSection,\n kmsKeyRef: idOpts.kmsKeyRef,\n },\n context,\n )\n const algorithm = await signatureAlgorithmFromKey({ key })\n\n return async (data: string | Uint8Array): Promise<string> => {\n const input = data instanceof Object.getPrototypeOf(Uint8Array) ? new TextDecoder().decode(data as Uint8Array) : (data as string)\n return await context.agent.keyManagerSign({\n keyRef: key.kid,\n algorithm,\n data: input,\n })\n }\n}\n","import type { TKeyType } from '@sphereon/ssi-sdk-ext.key-utils'\nimport type { IAgentContext, IDIDManager, IIdentifier, IKeyManager, IResolver } from '@veramo/core'\nimport type { JWTHeader, JWTPayload, JWTVerifyOptions } from 'did-jwt'\nimport type { Resolvable } from 'did-resolver'\n\nexport enum SupportedDidMethodEnum {\n DID_ETHR = 'ethr',\n DID_KEY = 'key',\n DID_LTO = 'lto',\n DID_ION = 'ion',\n DID_EBSI = 'ebsi',\n DID_JWK = 'jwk',\n DID_OYD = 'oyd',\n DID_WEB = 'web',\n}\n\nexport enum IdentifierAliasEnum {\n PRIMARY = 'primary',\n}\n\nexport interface ResolveOpts {\n jwtVerifyOpts?: JWTVerifyOptions\n resolver?: Resolvable\n resolveUrl?: string\n noUniversalResolverFallback?: boolean\n subjectSyntaxTypesSupported?: string[]\n}\n\n/**\n * @deprecated Replaced by the identifier resolution service\n */\nexport interface IDIDOptions {\n resolveOpts?: ResolveOpts\n idOpts: LegacyIIdentifierOpts\n supportedDIDMethods?: string[]\n}\n\nexport type IdentifierProviderOpts = {\n type?: TKeyType\n use?: string\n method?: SupportedDidMethodEnum\n did?: string\n alias?: string\n [x: string]: any\n}\n\nexport type CreateIdentifierOpts = {\n method: SupportedDidMethodEnum\n createOpts?: CreateIdentifierCreateOpts\n}\n\nexport type CreateIdentifierCreateOpts = {\n kms?: string\n alias?: string\n options?: IdentifierProviderOpts\n}\n\nexport type CreateOrGetIdentifierOpts = {\n method: SupportedDidMethodEnum\n createOpts?: CreateIdentifierCreateOpts\n}\n\nexport const DID_PREFIX = 'did:'\n\nexport interface GetOrCreateResult<T> {\n created: boolean\n result: T\n}\n\n/**\n * @deprecated Replaced by new signer\n */\nexport type SignJwtArgs = {\n idOpts: LegacyIIdentifierOpts\n header: Partial<JWTHeader>\n payload: Partial<JWTPayload>\n options: { issuer: string; expiresIn?: number; canonicalize?: boolean }\n context: IRequiredSignAgentContext\n}\n\n/**\n * @deprecated Replaced by new signer\n */\nexport type GetSignerArgs = {\n idOpts: LegacyIIdentifierOpts\n context: IRequiredSignAgentContext\n}\n\n/**\n * @deprecated Replaced by the identifier resolution service\n */\ntype LegacyIIdentifierOpts = {\n identifier: IIdentifier | string\n}\nexport type IRequiredSignAgentContext = IAgentContext<IKeyManager & IDIDManager & IResolver>\n"],"mappings":";;;;AAAA,SAASA,sBAAsB;AAC/B,SAASC,mBAAmB;AAC5B,SACEC,cACAC,QACAC,WACAC,+BACAC,mBACAC,cACAC,2BAEAC,OACAC,sBACK;AACP,SAASC,mBAAmB;AAC5B,SAASC,eAAeC,eAAeC,YAAYC,YAAYC,2BAA2B;AAE1F,SAASC,gCAAgC;AAEzC,SAIEC,iCACAC,iCACAC,oBACAC,WACAC,8BACK;AACP,SAASC,iBAAyB;AAGlC,OAAOC,cAAc;AAErB,YAAYC,SAAS;;;AC7Bd,IAAKC,yBAAAA,0BAAAA,yBAAAA;;;;;;;;;SAAAA;;AAWL,IAAKC,sBAAAA,0BAAAA,sBAAAA;;SAAAA;;AA8CL,IAAMC,aAAa;;;ADd1B,IAAM,EAAEC,YAAYC,SAAQ,IAAKC;AAE1B,IAAMC,uBAAuB,8BAClC,EACEC,YACAC,4BACAC,8BACAC,SACAC,cAAa,GAQfC,YAAAA;AAEA,SAAO,MAAMC,wBACX;IACEN;IACAC;IACAC;IACAC;IACAC;IACAG,gBAAgB;EAClB,GACAF,OAAAA;AAEJ,GA3BoC;AA4B7B,IAAMC,0BAA0B,8BACrC,EACEN,YACAC,4BACAC,8BACAC,SACAC,eACAG,eAAc,GAShBF,YAAAA;AAEA,MAAIG,MAAiCC;AACrC,MAAI;AACFD,UACG,MAAME,kCACL;MACEV;MACAO;MACAI,iBAAiB;MACjBR;MACAC;IACF,GACAC,OAAAA,MAEDH,gCAAgCK,mBAAmB,uBAChDE,SACA,MAAMC,kCACJ;MACEV;MACAO,gBAAgB;MAChBI,iBAAiB;MACjBR;MACAC;IACF,GACAC,OAAAA;EAEV,SAASO,GAAG;AACV,QAAIA,aAAaC,OAAO;AACtB,UAAI,CAACD,EAAEE,QAAQC,SAAS,KAAA,KAAU,CAACd,4BAA4B;AAC7D,cAAMW;MACR;IACF,OAAO;AACL,YAAMA;IACR;EACF;AACA,MAAI,CAACJ,OAAOP,4BAA4B;AACtC,UAAMe,aAAaC,cAAcjB,UAAAA;AACjCQ,UACG,MAAME,kCACL;MACEV;MACAO;MACAI,iBAAiB;MACjBO,aAAaF;MACbb;MACAC;IACF,GACAC,OAAAA,MAEDH,gCAAgCK,mBAAmB,uBAChDE,SACA,MAAMC,kCACJ;MACEV;MACAO,gBAAgB;MAChBI,iBAAiB;MACjBO,aAAaF;MACbb;MACAC;IACF,GACAC,OAAAA;AAER,QAAI,CAACG,KAAK;AACRA,YAAMR,WAAWmB,KACdC,IAAI,CAACZ,SAAQA,IAAAA,EACba,OAAO,CAACb,SAAQL,YAAYM,UAAaD,KAAIc,SAASnB,WAAYC,iBAAiBI,KAAIe,QAAQvB,WAAWwB,eAAe,EACzHC,KAAK,CAACjB,SAAQA,KAAIkB,KAAKC,oBAAoBL,KAAKP,SAAS,gBAAA,KAAqBP,KAAIkB,KAAKE,UAAUb,SAAS,gBAAA,CAAA;IAC/G;EACF;AACA,MAAI,CAACP,KAAK;AACR,UAAMK,MAAM,6CAA6Cb,WAAW6B,GAAG,EAAE;EAC3E;AACA,SAAOrB;AACT,GA1FuC;AA4FhC,IAAMsB,+BAA+B,8BAC1CzB,SACA0B,SAAAA;AAEA,QAAMC,oBAAoB,MAAMC,qBAAqB5B,SAAS;IAAE,GAAG0B,MAAMG,YAAYC;IAAS,GAAIJ,MAAMK,UAAU;MAAEA,QAAQL,KAAKK;IAAO;EAAG,CAAA;AAC3I,MAAIJ,sBAAsBvB,QAAW;AACnC,WAAO;MACL4B,SAAS;MACTC,QAAQN;IACV;EACF;AAEA,MAAID,MAAMK,WAAWG,uBAAuBC,SAAS;AACnD,UAAMN,aAAaH,MAAMG,cAAc,CAAC;AACxCA,eAAWC,UAAU;MAAEM,WAAW;MAAQnB,MAAM;MAAa,GAAGY;IAAW;AAC3EH,SAAKG,aAAaA;EACpB;AACA,QAAMQ,oBAAoB,MAAMC,iBAAiBtC,SAAS0B,IAAAA;AAC1D,SAAO;IACLM,SAAS;IACTC,QAAQI;EACV;AACF,GAtB4C;AAwBrC,IAAMT,uBAAuB,8BAAO5B,SAAqC0B,SAAAA;AAC9E,QAAMa,eAAe,MAAMvC,QAAQwC,MAAMC,eAAef,MAAMK,SAAS;IAAEW,UAAU,GAAGC,UAAAA,GAAajB,MAAMK,MAAAA;EAAS,IAAI,CAAC,CAAA,GAAIf,OACzH,CAACrB,eAA4B+B,MAAMT,SAASb,UAAaT,WAAWmB,KAAK8B,KAAK,CAACzC,QAAcA,IAAIc,SAASS,MAAMT,IAAAA,CAAAA;AAGlH,MAAI,CAACsB,eAAeA,YAAYM,WAAW,GAAG;AAC5C,WAAOzC;EACT;AAEA,MAAIsB,MAAMF,KAAK;AACb,UAAMsB,WAAWP,YAAYnB,KAAK,CAACzB,eAA4BA,WAAW6B,QAAQE,KAAKF,GAAG;AAC1F,QAAIsB,UAAU;AACZ,aAAOA;IACT;EACF;AAEA,MAAIpB,MAAMqB,OAAO;AACf,UAAMC,aAAaT,YAAYnB,KAAK,CAACzB,eAA4BA,WAAWoD,UAAUrB,KAAKqB,KAAK;AAChG,QAAIC,YAAY;AACd,aAAOA;IACT;EACF;AAEA,SAAOT,YAAY,CAAA;AACrB,GAxBoC;AA0B7B,IAAMD,mBAAmB,8BAAOtC,SAAqC0B,SAAAA;AAC1E,SAAO,MAAM1B,QAAQwC,MAAMS,iBAAiB;IAC1CC,KAAK,MAAMC,OAAOnD,SAAS0B,MAAMG,YAAYqB,GAAAA;IAC7C,GAAIxB,MAAMK,UAAU;MAAEW,UAAU,GAAGC,UAAAA,GAAajB,MAAMK,MAAAA;IAAS;IAC/DgB,OAAOrB,MAAMG,YAAYkB,SAAS,GAAGK,oBAAoBC,OAAO,IAAI3B,MAAMK,MAAAA,IAAUL,MAAMG,YAAYC,SAASb,IAAAA,KAAQ,oBAAIqC,KAAAA,GAAOC,QAAO,CAAA;IACzIzB,SAASJ,MAAMG,YAAYC;EAC7B,CAAA;AACF,GAPgC;AASzB,IAAMzB,oCAAoC,8BAC/C,EACEV,YACAO,iBAAiB,sBACjBJ,SACAQ,kBAAkB,OAClBO,aACAd,cAAa,GASfC,YAAAA;AAEA,QAAMwD,cAAc,MAAMC,qCAAqC;IAAE9D;IAAYO;IAAgBW;EAAY,GAAGb,OAAAA;AAC5G,MAAI0D,MAAMC,QAAQH,WAAAA,KAAgBA,YAAYX,SAAS,GAAG;AACxD,UAAMe,qBAAqBjE,WAAWwB,kBAClCqC,YAAYpC,KAAK,CAACjB,QAAQA,IAAIe,QAAQvB,WAAWwB,oBAAoBrB,YAAYM,UAAaD,IAAIc,SAASnB,QAAM,IACjHM;AAEJ,UAAM6B,SAAS2B,sBAAsBJ,YAAYpC,KAAK,CAACjB,QAAQL,YAAYM,UAAaD,IAAIc,SAASnB,OAAAA;AACrG,QAAImC,QAAQ;AACV,aAAOA;IACT;EACF;AACA,MAAI3B,iBAAiB;AACnB,UAAM,IAAIE,MACR,wCAAwCN,cAAAA,wBAAsCP,WAAW6B,GAAG,GAAG1B,UAAU,oBAAoBA,UAAU,EAAA,EAAI;EAE/I;AACA,SAAOM;AACT,GAnCiD;AAqC1C,IAAMyD,4BAA4B,wBAAC,EAAE1D,IAAG,MAAiB;AAC9D,MAAIA,IAAIc,SAAS,aAAa;AAC5B,UAAMT,MAAM,+DAA+DL,IAAIc,IAAI,gBAAgBd,IAAIe,GAAG,EAAE;EAC9G;AACA,QAAM4C,kBAAkB3D,IAAIkB,MAAMyC,mBAAmB3D,IAAIkB,MAAM0C,SAASC,YAAAA,KAAiBC,eAAe,KAAK9D,IAAI+D,YAAY,EAAE,EAAEF,YAAW;AAC5I,MAAI,CAACF,iBAAiB;AACpB,UAAMtD,MAAM,mEAAmEL,IAAIe,GAAG,EAAE;EAC1F;AACA,SAAO4C;AACT,GATyC;AAWlC,IAAMK,mBAAmB,wBAAC,EAAExE,WAAU,MAA+B;AAC1E,QAAMQ,MAAMR,WAAWmB,KAAKM,KAAK,CAACjB,SAAQA,KAAIe,QAAQvB,WAAWwB,eAAe;AAChF,MAAI,CAAChB,KAAK;AACR,UAAMK,MAAM,+CAA+Cb,UAAAA,EAAY;EACzE;AACA,SAAOQ;AACT,GANgC;AAQzB,IAAMiE,UAAU,wBAAC,EACtBC,eACAnB,KACAvD,YACA2E,WACAxE,SACAC,cAAa,MAQd;AACC,SAAOJ,WAAWmB,KACfE,OAAO,CAACb,QAAQ,CAACL,WAAWK,IAAIc,SAASnB,OAAAA,EACzCkB,OAAO,CAACb,QAAQ,CAAC+C,OAAO/C,IAAI+C,QAAQA,GAAAA,EACpClC,OAAO,CAACb,QAAQ,CAACmE,aAAanE,IAAIe,QAAQoD,SAAAA,EAC1CtD,OAAO,CAACb,QAAQ,CAACkE,iBAAiBlE,IAAIkB,MAAMgD,kBAAkBA,aAAAA,EAC9DrD,OAAO,CAACb,QAAQ,CAACJ,iBAAiBJ,WAAWwB,oBAAoBhB,IAAIe,GAAG;AAC7E,GArBuB;AAkCvB,eAAsBqD,iCACpB1D,aACA2D,UAA8B,gBAC9BxE,SAAiC;AAEjC,QAAMyE,UAAUD,YAAY;AAC5B,MAAIA,YAAY,WAAW;AACzB,WAAO,CAAA;EACT;AACA,UACE,MAAME,QAAQC,KACX9D,YAAY2D,OAAAA,KAAY,CAAA,GAAIzD,IAAI,OAAOZ,QAAAA;AACtC,QAAI,OAAOA,QAAQ,UAAU;AAC3B,UAAI;AACF,eAAQ,MAAMH,QAAQwC,MAAMoC,oBAAoB;UAC9C/D;UACAgE,QAAQ1E;UACRqE;QACF,CAAA;MACF,SAASjE,GAAG;AACV,eAAO;MACT;IACF,OAAO;AACL,aAAOJ;IACT;EACF,CAAA,CAAA,GAGDa,OAAO8D,SAAAA,EACP/D,IAAI,CAACZ,QAAAA;AACJ,UAAM4E,SAASC,kCAAkC7E,KAAKsE,OAAAA;AACtD,UAAM,EAAEP,cAAce,iBAAiBC,iBAAiBC,cAAc,GAAGC,SAAAA,IAAajF;AACtF,UAAMkF,SAAS;MAAE,GAAGD;MAAUlB,cAAca;IAAO;AACnD,QAAIN,WAAW,iCAAiCY,OAAOpE,MAAM;AAC3DoE,aAAOpE,OAAO;IAChB;AACA,WAAOoE;EACT,CAAA;AACJ;AAtCsBd;AAwCf,SAASe,mBAAmBC,KAAQ;AAGzC,QAAMC,KAAkC;IACtCL,cAAcM,aAAaF,GAAAA;EAC7B;AACA,SAAOP,kCAAkCQ,EAAAA;AAC3C;AAPgBF;AAkBT,SAASN,kCAAkCU,IAAiCjB,UAAU,OAAK;AAChG,MAAIiB,GAAGP,cAAc;AACnB,UAAMI,MAAME,aAAaC,GAAGP,YAAY;AACxC,QAAII,IAAII,QAAQ,MAAM;AACpB,YAAMC,QAAQL,IAAIM,MAAMC,aAAaP,IAAIM,GAAG,IAAI;AAChD,YAAME,OAAOC,YAAYT,IAAIU,GAAI,WAAA;AACjC,YAAMC,OAAOF,YAAYT,IAAIY,GAAI,WAAA;AACjC,YAAMC,SAAS;AAGf,YAAMC,MAAM,GAAGD,MAAAA,GAASL,IAAAA,GAAOG,IAAAA;AAC/B,UAAI;AACF,cAAMI,KAAK,IAAIC,SAASD,GAAGV,KAAAA;AAE3B,cAAM1B,eAAeoC,GAAGE,cAAcH,KAAK,KAAA,EAAOI,UAAU,MAAM,KAAA;AAElE,eAAOvC;MACT,SAASwC,OAAY;AACnBC,gBAAQD,MAAM,+CAA+Cd,KAAAA,wBAA6BL,IAAIU,CAAC,QAAQV,IAAIY,CAAC,YAAYO,KAAAA,IAASA,KAAAA;MACnI;IACF,WAAWnB,IAAIM,QAAQ,WAAW;AAChC,aAAOrG,SAASD,WAAWgG,IAAIU,GAAI,WAAA,GAAc,QAAA;IACnD,WAAWV,IAAII,QAAQ,OAAO;AAC5B,aAAOiB,kBAAkBrB,GAAAA;IAE3B;EACF;AAEA,SAAOsB,oBAAoBnB,IAAIjB,OAAAA;AACjC;AA7BgBO;AA+BT,SAAS8B,gBAAgBT,KAAW;AACzC,QAAMU,WAAWV,IAAIA,IAAIxD,SAAS,CAAA,EAAGmB,YAAW;AAChD,SAAO;IAAC;IAAK;IAAK;IAAK;IAAK;IAAK;IAAK;IAAK;IAAKtD,SAASqG,QAAAA;AAC3D;AAHgBD;AAkBT,SAASD,oBAAoBnB,IAAiCjB,UAAmB,OAAK;AAC3F,MAAIuC,WAAWC,sBAAsBvB,EAAAA;AACrC,QAAMH,MAAMG,GAAGP,eAAeM,aAAaC,GAAGP,YAAY,IAAI/E;AAC9D,MAAIqE,SAAS;AACX,QACE;MAAC;MAAW;MAA8B;MAA8B/D,SAASgF,GAAGzE,IAAI,KACvFyE,GAAGzE,SAAS,oBAAoBsE,KAAKM,QAAQ,WAC9C;AACAmB,iBAAWE,yBAAyBF,QAAAA;IACtC,WACE,CAAC;MAAC;MAAU;MAA6B;MAA6BtG,SAASgF,GAAGzE,IAAI,KACtF,EAAEyE,GAAGzE,SAAS,oBAAoBsE,KAAKM,QAAQ,WAC/C;AACA,aAAO;IACT;EACF;AACA,SAAOsB,WAAWH,QAAAA;AACpB;AAjBgBH;AAmBhB,SAASf,aAAasB,OAAa;AACjC,SAAOA,MAAMpD,YAAW,EAAGqD,QAAQ,KAAK,EAAA,EAAIA,QAAQ,KAAK,EAAA;AAC3D;AAFSvB;AAIT,SAASmB,sBAAsBvB,IAAsB;AACnD,MAAIA,GAAGT,iBAAiB;AACtB,WAAOqC,cAAc5B,GAAGT,eAAe;EACzC,WAAWS,GAAG6B,oBAAoB;AAChC,WAAOC,oBAAoB9B,GAAG6B,kBAAkB;EAClD,WAAsC7B,GAAIR,iBAAiB;AACzD,WAAOuC,cAAyC/B,GAAIR,eAAe;EACrE,WAAWQ,GAAGxB,cAAc;AAC1B,WAAOwD,WAAWhC,GAAGxB,YAAY;EACnC,WAAWwB,GAAGP,cAAcU,OAAOH,GAAGP,aAAac,KAAKP,GAAGP,aAAagB,GAAG;AACzE,WAAOuB,WAAW1C,kCAAkCU,EAAAA,CAAAA;EACtD,WAAWA,GAAGP,iBAAiBO,GAAGP,aAAaU,QAAQ,aAAaH,GAAGP,aAAaU,QAAQ,aAAaH,GAAGP,aAAac,GAAG;AAC1H,WAAOwB,cAAc/B,GAAGP,aAAac,CAAC;EACxC;AACA,SAAO,IAAI0B,WAAAA;AACb;AAfSV;AAiBF,SAASW,wBAAwBpC,IAAwBlF,kBAAkB,MAAI;AACpF,MAAIiF,MAAuBC,GAAGL;AAC9B,MAAI,CAACI,KAAK;AACR,QAAIrB,eAAesB,GAAGtB,gBAAgB1E,SAASyH,sBAAsBzB,EAAAA,GAAK,KAAA;AAC1E,QAAItB,gBAAgBA,aAAa2D,KAAI,MAAO,IAAI;AAC9CtC,YAAMuC,MAAM5D,cAAc6D,8BAA8B;QAAElC,KAAKL,GAAGvE;MAAK,CAAA,CAAA;IACzE;EACF;AACA,MAAI,CAACsE,KAAK;AACR,QAAIjF,iBAAiB;AACnB,YAAME,MAAM,yCAAyCgF,GAAGwC,EAAE,SAAS;IACrE;AACA,WAAO;EACT;AACAzC,MAAIrE,MAAMsE,GAAGwC;AACb,SAAOvC,aAAaF,GAAAA;AACtB;AAhBgBqC;AAkBhB,SAASK,yBACPC,oBACAC,8BACAC,qBAA0C;AAE1C,QAAMC,OAAO,IAAIC,KACdH,gCAAgC,CAAA,GAC9BpH,IAAI,CAACwH,WAAY,OAAOA,WAAW,WAAWA,SAASH,qBAAqBhH,KAAK,CAACoE,OAAOA,GAAGwC,OAAOO,MAAAA,CAAAA,EACnGvH,OAAO8D,SAAAA,EACP/D,IAAI,CAACyE,OAAOoC,wBAAwBpC,IAAI,KAAA,CAAA,EACxCxE,OAAO8D,SAAAA,CAAAA;AAEZ,SAAO;IAAEoD;IAAoBG,MAAM3E,MAAM8E,KAAKH,IAAAA;EAAM;AACtD;AAbSJ;AAiBF,SAASQ,kBAAkB5H,aAAwB;AACxD,SAAO;IACLS,oBAAoB;SACf2G,yBAAyB,aAAapH,YAAY6H,WAAW7H,YAAYS,kBAAkB,EAAE+G;SAC7FJ,yBAAyB,sBAAsBpH,YAAYS,oBAAoBT,YAAYS,kBAAkB,EAAE+G;;IAEpHM,iBAAiBV,yBAAyB,mBAAmBpH,YAAY8H,iBAAiB9H,YAAYS,kBAAkB,EAAE+G;IAC1HO,gBAAgBX,yBAAyB,kBAAkBpH,YAAY+H,gBAAgB/H,YAAYS,kBAAkB,EAAE+G;IACvHQ,cAAcZ,yBAAyB,gBAAgBpH,YAAYgI,cAAchI,YAAYS,kBAAkB,EAAE+G;IACjHS,sBAAsBb,yBAAyB,wBAAwBpH,YAAYiI,sBAAsBjI,YAAYS,kBAAkB,EAAE+G;IACzIU,sBAAsBd,yBAAyB,wBAAwBpH,YAAYkI,sBAAsBlI,YAAYS,kBAAkB,EAAE+G;EAC3I;AACF;AAZgBI;AA+BhB,eAAsBhF,qCACpB,EACE9D,YACAO,iBAAiB,sBACjBW,aACAyD,UAAS,GAOXtE,SAA+C;AAE/C,QAAMgJ,SACJnI,eACC,MAAMoI,iBAAiBjJ,OAAAA,EACrBkJ,QAAQvJ,WAAW6B,GAAG,EACtB2H,KAAK,CAAClH,WAAWA,OAAOpB,WAAW;AACxC,MAAI,CAACmI,QAAQ;AACX,UAAMxI,MAAM,yBAAyBb,WAAW6B,GAAG,EAAE;EACvD;AAKA,QAAMV,OAAOkI,SAAS,CAAA,IAAK,MAAMI,uBAAuBzJ,YAAYO,gBAAgBF,OAAAA;AAGpF,QAAMqJ,eAAqC,MAAM9E,iCAAiCyE,QAAQ9I,gBAAgBF,OAAAA;AAE1G,MAAIsE,WAAW;AACb,QAAIgF,QAAQxI,KAAKE,OAAO,CAACb,QAAQA,IAAIe,QAAQoD,SAAAA;AAC7C,QAAIgF,MAAMzG,SAAS,GAAG;AACpB,aAAOyG;IACT;EACF;AAEA,QAAMC,YAAYrJ,mBAAmB,iBAAiBsJ,gCAAgC7J,UAAAA,IAAc8J,gCAAgC9J,UAAAA;AAGpI,QAAM+J,eAAgCL,aACnCtI,IAAI,CAACO,uBAAAA;AACJ,QAAIqI,QAAQrI,mBAAmB4C;AAC/B,QAAIyF,OAAOC,WAAW,IAAA,GAAO;AAE3BD,cAAQE,eAAeF,KAAAA;IACzB;AAEA,UAAMG,WAAWP,UAAUnI,KACzB,CAAC0I,cACCA,UAAS5F,iBAAiByF,SACzBG,UAAS7I,SAAS,SAAS0I,OAAOC,WAAW,IAAA,KAASC,eAAeC,UAAS5F,YAAY,MAAMyF,SACjGA,OAAOC,WAAWE,UAAS5F,YAAY,KACvC6F,2BAA2BD,WAAUxI,kBAAAA,CAAAA;AAEzC,QAAIwI,UAAU;AACZ,YAAM,EAAEzI,MAAM,GAAG2I,WAAAA,IAAeF;AAChC,aAAO;QAAE,GAAGE;QAAY3I,MAAM;UAAE,GAAGA;UAAMC;QAAmB;MAAE;IAChE,OAAO;AACL,aAAO;IACT;EACF,CAAA,EACCN,OAAO8D,SAAAA;AAEV,QAAMmF,UAAUvG,MAAM8E,KAAK,IAAIF,IAAIxH,KAAKoJ,OAAOR,YAAAA,CAAAA,CAAAA;AAG/C,MAAIxJ,mBAAmB,sBAAsB;AAC3C,WAAO+J;EACT;AAEA,SAAOA,QAAQjJ,OAAO,CAACb,QAAAA;AACrB,UAAMoB,WAAWpB,IAAIkB,MAAME;AAC3B,QAAI,CAACA,YAAYA,SAASsB,WAAW,GAAG;AACtC,aAAO;IACT;AACA,WAAOtB,SAASb,SAASR,cAAAA;EAC3B,CAAA;AACF;AA/EsBuD;AA6FtB,SAASsG,2BAA2BD,UAAgBxI,oBAAsC;AACxF,MACGA,mBAAmBL,SAAS,sCAAsCK,mBAAmBL,SAAS,uCAC/F6I,SAAS7I,SAAS,aAClB;AACA,WAAO;EACT;AACA,MAAIkJ,YAAYC,mBAAmB9I,kBAAAA;AACnC,MAAIwI,SAASzI,MAAM0C,SAAS;AAC1B,WAAOoG,cAAcL,SAASzI,MAAM0C,QAAQC,YAAAA;EAC9C;AACA,QAAMqG,eAAepG,eAAe,OAAO6F,SAAS5F,YAAY,EAAEF,YAAW;AAC7E,SAAOqG,iBAAiBF;AAC1B;AAbSJ;AAeT,eAAsBO,mBAAmBtK,SAAmC;AAC1E,UAAQ,MAAMA,QAAQwC,MAAM+H,uBAAsB,GAAIxJ,IAAI,CAAC2B,aAAaA,SAASsB,YAAW,EAAGqD,QAAQ,QAAQ,EAAA,CAAA;AACjH;AAFsBiD;AAIf,SAASE,OAAOC,QAA4C;AACjE,MAAI,OAAOA,OAAO9K,eAAe,UAAU;AACzC,WAAO8K,OAAO9K;EAChB,WAAW,OAAO8K,OAAO9K,eAAe,UAAU;AAChD,WAAO8K,OAAO9K,WAAW6B;EAC3B;AACA,QAAMhB,MAAM,sCAAsC;AACpD;AAPgBgK;AAST,SAASE,MAAM/K,YAAuD;AAC3E,MAAI,OAAOA,eAAe,UAAU;AAClC,WAAOA;EACT;AACA,MAAIA,WAAW6B,KAAK;AAClB,WAAO7B,WAAW6B;EACpB;AACA,QAAMhB,MAAM,oCAAoC;AAClD;AARgBkK;AAUT,SAASC,OAAOpI,aAA6D;AAClF,MAAI,CAACA,aAAa;AAChB,WAAO,CAAA;EACT;AACA,SAAOA,YAAYxB,IAAI2J,KAAAA;AACzB;AALgBC;AAOhB,eAAsBC,OACpB,EACEjL,YACAO,iBAAiB,kBACjBoE,UAAS,GAMXtE,SAA+C;AAE/C,MAAI,CAACL,YAAY;AACf,WAAO+E,QAAQmG,OAAO,IAAIrK,MAAM,0CAA0C,CAAA;EAC5E;AAEA,QAAMsK,iBAAiBxG,WAAWyG,MAAM,GAAG;AAC3C,QAAM7J,MAAM4J,iBAAkBA,gBAAgBjI,WAAW,IAAIiI,eAAe,CAAA,IAAKA,eAAe,CAAA,IAAM1K;AAGtG,MAAI4K,gBAA2C5K;AAE/C,QAAMU,OAAO,MAAM2C,qCAAqC;IAAE9D;IAAYO;IAAgCoE;EAAqB,GAAGtE,OAAAA;AAC9H,MAAI,CAACc,QAAQA,KAAK+B,WAAW,GAAG;AAC9B,UAAM,IAAIrC,MAAM,gDAAgDN,cAAAA,YAA0BP,WAAW6B,GAAG,EAAE;EAC5G;AACA,MAAI8C,WAAW;AACb0G,oBAAgBlK,KAAKM,KACnB,CAACjB,QAAuBA,IAAIkB,KAAKC,oBAAoB0G,OAAO1D,aAAcpD,OAAOf,IAAIkB,KAAKC,oBAAoB0G,IAAItH,SAASQ,GAAAA,CAAAA;EAE/H;AACA,MAAI,CAAC8J,eAAe;AAClBA,oBAAgBlK,KAAKM,KACnB,CAACjB,QAAuBA,IAAIkB,KAAKC,oBAAoBL,SAASf,kBAAkBC,IAAIkB,KAAKE,UAAUb,SAASR,cAAAA,CAAAA;EAEhH;AACA,MAAI,CAAC8K,eAAe;AAClBA,oBAAgBlK,KAAK,CAAA;EACvB;AAEA,MAAI,CAACkK,eAAe;AAClB,UAAM,IAAIxK,MACR,8DAA8D8D,SAAAA,mBAA4BpE,cAAAA,WAAyBP,WAAW6B,GAAG,EAAE;EAEvI;AAEA,SAAOwJ;AACT;AA/CsBJ;AAwDtB,eAAeK,oBACb,EACEtL,WAAU,GAIZK,SAAmC;AAEnC,MAAI,OAAOL,eAAe,UAAU;AAClC,WAAO,MAAMK,QAAQwC,MAAM0I,cAAc;MAAE1J,KAAK7B;IAAW,CAAA;EAC7D;AACA,SAAOA;AACT;AAZesL;AAoBf,eAAsBE,aACpB,EACEhL,KACAsK,OAAM,GAKRzK,SAA+C;AAE/C,MAAIG,IAAIkB,MAAMC,oBAAoB0G,IAAI;AACpC,WAAO7H,IAAIkB,MAAMC,oBAAoB0G;EACvC;AACA,QAAMrI,aAAa,MAAMsL,oBAAoBR,QAAQzK,OAAAA;AACrD,QAAMoL,aAAa,MAAM3H,qCACvB;IACE9D;IACAO,gBAAgB;EAClB,GACAF,OAAAA;AAEF,QAAM2J,QAAQyB,WAAWhK,KAAK,CAACiK,gBAAgBA,YAAYnK,QAAQf,IAAIe,GAAG;AAC1E,MAAIyI,OAAO;AACT,WAAOA,MAAMtI,MAAMC,oBAAoB0G,MAAM2B,MAAMtI,MAAMgD,iBAAiBoG,OAAOnG,aAAaqF,MAAMzI;EACtG;AAEA,SAAOf,IAAIkB,MAAMgD,iBAAiBoG,OAAOnG,aAAanE,IAAIe;AAC5D;AA3BsBiK;AA6BtB,eAAsBG,uBAAuBC,SAAsBvL,SAAmC;AACpG,SAAOuL,QAAQC,uBAAwB,MAAMlB,mBAAmBtK,OAAAA;AAClE;AAFsBsL;AAIf,SAASrC,iBACdjJ,SACA0B,MAIC;AAED,SAAO,IAAI+J,iBAAiBzL,SAAS0B,IAAAA;AACvC;AATgBuH;AAWT,IAAMwC,mBAAN,MAAMA;EAtxBb,OAsxBaA;;;EACMzL;EACA0L;EACAC;EACAC;EAEjB,YACE5L,SACA0B,MACA;AACA,SAAK1B,UAAUA;AACf,SAAK0L,qBAAqBhK,MAAMgK,uBAAuB;AACvD,SAAKC,wBAAwBjK,MAAMiK,0BAA0B;AAC7D,SAAKC,kBAAkBlK,MAAMkK,oBAAoB;EACnD;EAEA,MAAM1C,QAAQrE,QAAgB/C,SAA8D;AAC1F,QAAI+J;AACJ,QAAIC;AACJ,QAAIC;AACJ,QAAI,CAAC,KAAKL,sBAAsB,CAAC,KAAKE,mBAAmB,CAAC,KAAKD,uBAAuB;AACpF,YAAMnL,MAAM,6HAA6H;IAC3I;AACA,QAAI,KAAKkL,oBAAoB;AAC3B,UAAI;AACFG,2BAAmB,MAAM,KAAK7L,QAAQwC,MAAMwJ,WAAW;UAAEnH;UAAQ/C;QAAQ,CAAA;MAC3E,SAAS4E,OAAgB;AACvBqF,cAAMrF;MACR;IACF;AACA,QAAImF,kBAAkB;AACpBC,6BAAuBD;AACvB,UAAIA,iBAAiBhL,gBAAgB,MAAM;AACzCgL,2BAAmBzL;MACrB;IACF,OAAO;AACLuG,cAAQsF,IAAI,wEAAwE;IACtF;AACA,QAAI,CAACJ,oBAAoB,KAAKD,iBAAiB;AAC7CjF,cAAQsF,IAAI,kEAAkE;AAC9E,UAAI;AACF,cAAMzK,MAAMqD,OAAOkG,MAAM,GAAA,EAAK,CAAA;AAC9B,cAAMmB,cAAc,MAAM,KAAKlM,QAAQwC,MAAM0I,cAAc;UAAE1J;QAAI,CAAA;AACjEqK,2BAAmBM,sBAAsBD,aAAa;UAAE1K;QAAI,CAAA;AAC5D,YAAIqK,iBAAiBhL,aAAa;AAChCkL,gBAAM3L;QACR,OAAO;AACLuG,kBAAQsF,IAAI,mDAAmDzK,GAAAA,EAAK;QACtE;MACF,SAASkF,OAAgB;AACvB,YAAI,CAACqF,KAAK;AACRA,gBAAMrF;QACR;MACF;IACF;AACA,QAAImF,kBAAkB;AACpB,UAAI,CAACC,sBAAsB;AACzBA,+BAAuBD;MACzB;AACA,UAAI,CAACA,iBAAiBhL,aAAa;AACjCgL,2BAAmBzL;MACrB;IACF;AACA,QAAI,CAACyL,oBAAoB,KAAKF,uBAAuB;AACnDhF,cAAQsF,IAAI,+CAA+CpH,MAAAA,GAAS;AACpEgH,yBAAmB,MAAM,IAAIO,YAAAA,EAAclD,QAAQrE,QAAQ/C,OAAAA;AAC3D,UAAI,CAACgK,sBAAsB;AACzBA,+BAAuBD;MACzB;AACA,UAAIA,iBAAiBhL,aAAa;AAChCkL,cAAM3L;MACR;IACF;AAEA,QAAI2L,KAAK;AAEP,YAAMA;IACR;AACA,QAAI,CAACF,oBAAoB,CAACC,sBAAsB;AAC9C,YAAM,qBAAqBjH,MAAAA,gCAAsC,KAAK6G,kBAAkB,YAAY,KAAKE,eAAe,mBAAmB,KAAKD,qBAAqB;IACvK;AACA,WAAOE,oBAAoBC;EAC7B;AACF;AAEA,IAAMO,aAAa,wBAAClM,KAAWmM,YAC5BnM,KAAKkB,MAAMiL,YAAYlM,UAAaD,KAAKkB,MAAME,aAAanB,UAAcD,KAAKkB,MAAMiL,YAAYA,WAAWnM,KAAKkB,MAAME,UAAUb,SAAS4L,OAAAA,GAD1H;AAaZ,SAAS1L,cACdjB,YACA+B,MAGC;AAED,MAAIb,cAAuCT;AAE3C,MAAIT,YAAY;AACd,UAAM6B,MAAM7B,WAAW6B,OAAOE,MAAMF;AACpCX,kBAAc;MACZ,YAAY;MACZmH,IAAIxG;MACJF,oBAAoB3B,WAAWmB,KAAKC,IAAI,CAACZ,QAAAA;AAEvC,cAAMgF,eAAehF,IAAIkB,MAAMkE,MAC3BE,aAAatF,IAAIkB,KAAKkE,GAAG,IACzBuC,MAAM3H,IAAI+D,cAAc/D,IAAIc,MAAM;UAChCsL,KAAKC,aAAa9L,SAASP,IAAIc,IAAI,IAAIwL,UAAUC,aAAaD,UAAUE;UACxExM;QACF,CAAA;AAEJ,cAAMqF,KAAyB;UAC7BoH,YAAYpL;UACZwG,IAAI7H,IAAIe,IAAI0I,WAAWpI,GAAAA,KAAQrB,IAAIe,IAAIR,SAAS,GAAA,IAAOP,IAAIe,MAAM,GAAGM,GAAAA,IAAOrB,IAAIe,GAAG;UAClFiE;UACAlE,MAAM;QACR;AACA,eAAOuE;MACT,CAAA;MACA,IAAK9D,MAAM6K,QAAQnM,UAAasB,MAAM6K,KAAK7L,SAAS+L,UAAUE,SAAS,MACrEhN,WAAWmB,QAAQ;QACjB6H,iBAAiBhJ,WAAWmB,KACzBE,OAAO,CAACb,QAAQkM,WAAWlM,KAAK,iBAAA,CAAA,EAChCY,IAAI,CAACZ,QAAAA;AACJ,cAAIA,IAAIe,IAAI0I,WAAWpI,GAAAA,KAAQrB,IAAIe,IAAIR,SAAS,GAAA,GAAM;AACpD,mBAAOP,IAAIe;UACb;AACA,iBAAO,GAAGM,GAAAA,IAAOrB,IAAIe,GAAG;QAC1B,CAAA;MACJ;MACF,IAAKQ,MAAM6K,QAAQnM,UAAasB,MAAM6K,KAAK7L,SAAS+L,UAAUE,SAAS,MACrEhN,WAAWmB,QAAQ;QACjB8H,gBAAgBjJ,WAAWmB,KACxBE,OAAO,CAACb,QAAQkM,WAAWlM,KAAK,gBAAA,CAAA,EAChCY,IAAI,CAACZ,QAAAA;AACJ,cAAIA,IAAIe,IAAI0I,WAAWpI,GAAAA,KAAQrB,IAAIe,IAAIR,SAAS,GAAA,GAAM;AACpD,mBAAOP,IAAIe;UACb;AACA,iBAAO,GAAGM,GAAAA,IAAOrB,IAAIe,GAAG;QAC1B,CAAA;MACJ;MACF,IAAKQ,MAAM6K,QAAQnM,UAAasB,MAAM6K,KAAK7L,SAAS+L,UAAUC,UAAU,MACtE/M,WAAWmB,QAAQ;QACjB+H,cAAclJ,WAAWmB,KACtBE,OAAO,CAACb,QAAQA,IAAIc,SAAS,YAAYoL,WAAWlM,KAAK,cAAA,CAAA,EACzDY,IAAI,CAACZ,QAAAA;AACJ,cAAIA,IAAIe,IAAI0I,WAAWpI,GAAAA,KAAQrB,IAAIe,IAAIR,SAAS,GAAA,GAAM;AACpD,mBAAOP,IAAIe;UACb;AACA,iBAAO,GAAGM,GAAAA,IAAOrB,IAAIe,GAAG;QAC1B,CAAA;MACJ;MACF,IAAKQ,MAAM6K,QAAQnM,UAAasB,MAAM6K,KAAK7L,SAAS+L,UAAUC,UAAU,MACtE/M,WAAWmB,QAAQ;QACjBgI,sBAAsBnJ,WAAWmB,KAC9BE,OAAO,CAACb,QAAQA,IAAIc,SAAS,YAAYoL,WAAWlM,KAAK,sBAAA,CAAA,EACzDY,IAAI,CAACZ,QAAAA;AACJ,cAAIA,IAAIe,IAAI0I,WAAWpI,GAAAA,KAAQrB,IAAIe,IAAIR,SAAS,GAAA,GAAM;AACpD,mBAAOP,IAAIe;UACb;AACA,iBAAO,GAAGM,GAAAA,IAAOrB,IAAIe,GAAG;QAC1B,CAAA;MACJ;MACF,IAAKQ,MAAM6K,QAAQnM,UAAasB,MAAM6K,KAAK7L,SAAS+L,UAAUC,UAAU,MACtE/M,WAAWmB,QAAQ;QACjBiI,sBAAsBpJ,WAAWmB,KAC9BE,OAAO,CAACb,QAAQA,IAAIc,SAAS,YAAYoL,WAAWlM,KAAK,sBAAA,CAAA,EACzDY,IAAI,CAACZ,QAAAA;AACJ,cAAIA,IAAIe,IAAI0I,WAAWpI,GAAAA,KAAQrB,IAAIe,IAAIR,SAAS,GAAA,GAAM;AACpD,mBAAOP,IAAIe;UACb;AACA,iBAAO,GAAGM,GAAAA,IAAOrB,IAAIe,GAAG;QAC1B,CAAA;MACJ;MACF,GAAIvB,WAAWkN,YAAYlN,WAAWkN,SAAShK,SAAS,KAAK;QAAEiK,SAASnN,WAAWkN;MAAS;IAC9F;EACF;AACA,SAAOhM;AACT;AA1FgBD;AA4FT,SAASuL,sBACdxM,YACA+B,MAGC;AAED,QAAMb,cAAcD,cAAcjB,YAAY+B,IAAAA,KAAS;AAEvD,QAAMmK,mBAAwC;IAC5C,YAAY;IACZhL;IACAkM,uBAAuB;MACrB,GAAI,CAAClM,eAAe;QAAE6F,OAAO;MAAW;MACxC,GAAIhD,MAAMC,QAAQjC,MAAMsL,gBAAAA,KACtBrN,cACA,CAAC+B,MAAMsL,iBAAiBtM,SAASf,WAAW+C,SAAS2E,QAAQ,QAAQ,EAAA,CAAA,KAAQ;QAAEX,OAAO;MAAuB;IACjH;IACAuG,qBAAqB;MACnB,GAAItN,YAAYoD,SAAS;QAAEmK,cAAcvN,YAAYoD;MAAM;IAC7D;EACF;AACA,SAAO8I;AACT;AAvBgBM;AAyBhB,eAAsBgB,SAASC,eAAqB;AAClD,MAAI5L,MAAM4L;AACV,MAAI,CAAC5L,KAAK;AACR,UAAMhB,MAAM,+CAAA;EACd;AACA,MAAIgB,IAAIoI,WAAW,UAAA,GAAa;AAC9B,WAAOpI;EACT;AACA,SAAO,WAAWA,IAAI6F,QAAQ,2BAA2B,IAAA,EAAMrD,YAAW,CAAA;AAC5E;AATsBmJ;AAcf,IAAME,aAAa,8BAAOC,SAAAA;AAC/B,QAAM,EAAE7C,QAAQ8C,QAAQC,SAASxN,SAAS8B,QAAO,IAAKwL;AACtD,QAAMG,aAAa;IACjB,GAAG3L;IACH4L,QAAQ,MAAMC,aAAa;MAAElD;MAAQzK;IAAQ,CAAA;EAC/C;AAEA,SAAO4N,UAAUJ,SAASC,YAAYF,MAAAA;AACxC,GAR0B;AAanB,IAAMI,eAAe,8BAC1BL,SAAAA;AAiBA,QAAM,EAAE7C,QAAQzK,QAAO,IAAKsN;AAE5B,QAAM3N,aAAa,MAAMsL,oBAAoBR,QAAQzK,OAAAA;AACrD,QAAMG,MAAM,MAAMyK,OAChB;IACEjL;IACAO,gBAAgBuK,OAAOoD;IACvBvJ,WAAWmG,OAAOnG;EACpB,GACAtE,OAAAA;AAEF,QAAM8N,YAAY,MAAMC,0BAA0B;IAAE5N;EAAI,CAAA;AAExD,SAAO,OAAO6N,SAAAA;AACZ,UAAM5G,QAAQ4G,gBAAgBC,OAAOC,eAAevG,UAAAA,IAAc,IAAIwG,YAAAA,EAAcC,OAAOJ,IAAAA,IAAuBA;AAClH,WAAO,MAAMhO,QAAQwC,MAAM6L,eAAe;MACxCC,QAAQnO,IAAIe;MACZ4M;MACAE,MAAM5G;IACR,CAAA;EACF;AACF,GAvC4B;","names":["computeAddress","UniResolver","ENC_KEY_ALGS","getKms","JwkKeyUse","keyTypeFromCryptographicSuite","rsaJwkToRawHexKey","sanitizedJwk","signatureAlgorithmFromKey","toJwk","toPkcs1FromHex","base64ToHex","base58ToBytes","base64ToBytes","bytesToHex","hexToBytes","multibaseKeyToBytes","convertPublicKeyToX25519","compressIdentifierSecp256k1Keys","convertIdentifierEncryptionKeys","getEthereumAddress","isDefined","mapIdentifierKeysToDoc","createJWT","elliptic","u8a","SupportedDidMethodEnum","IdentifierAliasEnum","DID_PREFIX","fromString","toString","u8a","getAuthenticationKey","identifier","offlineWhenNoDIDRegistered","noVerificationMethodFallback","keyType","controllerKey","context","getFirstKeyWithRelation","vmRelationship","key","undefined","getFirstKeyWithRelationFromDIDDoc","errorOnNotFound","e","Error","message","includes","offlineDID","toDidDocument","didDocument","keys","map","filter","type","kid","controllerKeyId","find","meta","verificationMethod","purposes","did","getOrCreatePrimaryIdentifier","opts","primaryIdentifier","getPrimaryIdentifier","createOpts","options","method","created","result","SupportedDidMethodEnum","DID_KEY","codecName","createdIdentifier","createIdentifier","identifiers","agent","didManagerFind","provider","DID_PREFIX","some","length","didMatch","alias","aliasMatch","didManagerCreate","kms","getKms","IdentifierAliasEnum","PRIMARY","Date","getTime","matchedKeys","mapIdentifierKeysToDocWithJwkSupport","Array","isArray","controllerKeyMatch","getEthereumAddressFromKey","ethereumAddress","account","toLowerCase","computeAddress","publicKeyHex","getControllerKey","getKeys","jwkThumbprint","kmsKeyRef","dereferenceDidKeysWithJwkSupport","section","convert","Promise","all","getDIDComponentById","didUrl","isDefined","hexKey","extractPublicKeyHexWithJwkSupport","publicKeyBase58","publicKeyBase64","publicKeyJwk","keyProps","newKey","jwkTtoPublicKeyHex","jwk","vm","sanitizedJwk","pk","kty","curve","crv","toEcLibCurve","xHex","base64ToHex","x","yHex","y","prefix","hex","ec","elliptic","keyFromPublic","getPublic","error","console","rsaJwkToRawHexKey","extractPublicKeyHex","isEvenHexString","lastChar","keyBytes","extractPublicKeyBytes","convertPublicKeyToX25519","bytesToHex","input","replace","base58ToBytes","publicKeyMultibase","multibaseKeyToBytes","base64ToBytes","hexToBytes","Uint8Array","verificationMethodToJwk","trim","toJwk","keyTypeFromCryptographicSuite","id","didDocumentSectionToJwks","didDocumentSection","searchForVerificationMethods","verificationMethods","jwks","Set","vmOrId","from","didDocumentToJwks","publicKey","assertionMethod","authentication","keyAgreement","capabilityInvocation","capabilityDelegation","didDoc","getAgentResolver","resolve","then","mapIdentifierKeysToDoc","documentKeys","found","localKeys","convertIdentifierEncryptionKeys","compressIdentifierSecp256k1Keys","extendedKeys","vmKey","startsWith","toPkcs1FromHex","localKey","compareBlockchainAccountId","localProps","allKeys","concat","vmEthAddr","getEthereumAddress","computedAddr","getAgentDIDMethods","didManagerGetProviders","getDID","idOpts","toDID","toDIDs","getKey","reject","kmsKeyRefParts","split","identifierKey","legacyGetIdentifier","didManagerGet","determineKid","mappedKeys","extendedKey","getSupportedDIDMethods","didOpts","supportedDIDMethods","AgentDIDResolver","resolverResolution","uniresolverResolution","localResolution","resolutionResult","origResolutionResult","err","resolveDid","log","iIdentifier","toDidResolutionResult","UniResolver","hasPurpose","purpose","use","ENC_KEY_ALGS","JwkKeyUse","Encryption","Signature","controller","services","service","didResolutionMetadata","supportedMethods","didDocumentMetadata","equivalentId","asDidWeb","hostnameOrDID","signDidJWT","args","header","payload","jwtOptions","signer","getDidSigner","createJWT","verificationMethodSection","algorithm","signatureAlgorithmFromKey","data","Object","getPrototypeOf","TextDecoder","decode","keyManagerSign","keyRef"]}
package/package.json CHANGED
@@ -1,7 +1,7 @@
1
1
  {
2
2
  "name": "@sphereon/ssi-sdk-ext.did-utils",
3
3
  "description": "DID Utils",
4
- "version": "0.36.1-next.11+262d209a",
4
+ "version": "0.36.1-next.115+0fab323a",
5
5
  "source": "./src/index.ts",
6
6
  "type": "module",
7
7
  "main": "./dist/index.cjs",
@@ -25,11 +25,11 @@
25
25
  "@ethersproject/networks": "^5.7.1",
26
26
  "@ethersproject/transactions": "^5.7.0",
27
27
  "@sphereon/did-uni-client": "^0.6.3",
28
- "@sphereon/ssi-sdk-ext.key-utils": "0.36.1-next.11+262d209a",
29
- "@sphereon/ssi-sdk-ext.x509-utils": "0.36.1-next.11+262d209a",
30
- "@sphereon/ssi-sdk.agent-config": "0.36.1-next.11+262d209a",
31
- "@sphereon/ssi-sdk.core": "0.36.1-next.11+262d209a",
32
- "@sphereon/ssi-types": "0.36.1-next.11+262d209a",
28
+ "@sphereon/ssi-sdk-ext.key-utils": "0.36.1-next.115+0fab323a",
29
+ "@sphereon/ssi-sdk-ext.x509-utils": "0.36.1-next.115+0fab323a",
30
+ "@sphereon/ssi-sdk.agent-config": "0.36.1-next.115+0fab323a",
31
+ "@sphereon/ssi-sdk.core": "0.36.1-next.115+0fab323a",
32
+ "@sphereon/ssi-types": "0.36.1-next.115+0fab323a",
33
33
  "@stablelib/ed25519": "^1.0.3",
34
34
  "@veramo/core": "4.2.0",
35
35
  "@veramo/utils": "4.2.0",
@@ -53,5 +53,5 @@
53
53
  "author": "Sphereon <dev@sphereon.com>",
54
54
  "license": "Apache-2.0",
55
55
  "keywords": [],
56
- "gitHead": "262d209a803fecfba1ad5878724c4f6f91f86cec"
56
+ "gitHead": "0fab323abf92edba332557800ab79493e3681e1f"
57
57
  }
package/src/did-functions.ts CHANGED
@@ -197,7 +197,25 @@ export const getPrimaryIdentifier = async (context: IAgentContext<IDIDManager>,
197
197
  (identifier: IIdentifier) => opts?.type === undefined || identifier.keys.some((key: IKey) => key.type === opts?.type),
198
198
  )
199
199
 
200
- return identifiers && identifiers.length > 0 ? identifiers[0] : undefined
200
+ if (!identifiers || identifiers.length === 0) {
201
+ return undefined
202
+ }
203
+
204
+ if (opts?.did) {
205
+ const didMatch = identifiers.find((identifier: IIdentifier) => identifier.did === opts.did)
206
+ if (didMatch) {
207
+ return didMatch
208
+ }
209
+ }
210
+
211
+ if (opts?.alias) {
212
+ const aliasMatch = identifiers.find((identifier: IIdentifier) => identifier.alias === opts.alias)
213
+ if (aliasMatch) {
214
+ return aliasMatch
215
+ }
216
+ }
217
+
218
+ return identifiers[0]
201
219
  }
202
220
 
203
221
  export const createIdentifier = async (context: IAgentContext<IDIDManager>, opts?: CreateIdentifierOpts): Promise<IIdentifier> => {
@@ -229,9 +247,11 @@ export const getFirstKeyWithRelationFromDIDDoc = async (
229
247
  ): Promise<_ExtendedIKey | undefined> => {
230
248
  const matchedKeys = await mapIdentifierKeysToDocWithJwkSupport({ identifier, vmRelationship, didDocument }, context)
231
249
  if (Array.isArray(matchedKeys) && matchedKeys.length > 0) {
232
- const result = matchedKeys.find(
233
- (key) => keyType === undefined || key.type === keyType || (controllerKey && key.kid === identifier.controllerKeyId),
234
- )
250
+ const controllerKeyMatch = identifier.controllerKeyId
251
+ ? matchedKeys.find((key) => key.kid === identifier.controllerKeyId && (keyType === undefined || key.type === keyType))
252
+ : undefined
253
+
254
+ const result = controllerKeyMatch ?? matchedKeys.find((key) => keyType === undefined || key.type === keyType)
235
255
  if (result) {
236
256
  return result
237
257
  }
@@ -575,7 +595,20 @@ export async function mapIdentifierKeysToDocWithJwkSupport(
575
595
  })
576
596
  .filter(isDefined)
577
597
 
578
- return Array.from(new Set(keys.concat(extendedKeys)))
598
+ const allKeys = Array.from(new Set(keys.concat(extendedKeys)))
599
+
600
+ // Filter based on key metadata purposes, except when requesting all verificationMethods
601
+ if (vmRelationship === 'verificationMethod') {
602
+ return allKeys
603
+ }
604
+
605
+ return allKeys.filter((key) => {
606
+ const purposes = key.meta?.purposes
607
+ if (!purposes || purposes.length === 0) {
608
+ return true
609
+ }
610
+ return purposes.includes(vmRelationship)
611
+ })
579
612
  }
580
613
 
581
614
  /**
@@ -840,6 +873,9 @@ export class AgentDIDResolver implements Resolvable {
840
873
  }
841
874
  }
842
875
 
876
+ const hasPurpose = (key: IKey, purpose: string) =>
877
+ (key?.meta?.purpose === undefined && key?.meta?.purposes === undefined) || key?.meta?.purpose === purpose || key?.meta?.purposes?.includes(purpose)
878
+
843
879
  /**
844
880
  * Please note that this is not an exact representation of the actual DID Document.
845
881
  *
@@ -865,13 +901,18 @@ export function toDidDocument(
865
901
  '@context': 'https://www.w3.org/ns/did/v1',
866
902
  id: did,
867
903
  verificationMethod: identifier.keys.map((key) => {
904
+ // Use existing JWK from meta if available, otherwise convert from publicKeyHex
905
+ const publicKeyJwk = key.meta?.jwk
906
+ ? sanitizedJwk(key.meta.jwk as JWK)
907
+ : toJwk(key.publicKeyHex, key.type, {
908
+ use: ENC_KEY_ALGS.includes(key.type) ? JwkKeyUse.Encryption : JwkKeyUse.Signature,
909
+ key,
910
+ })
911
+
868
912
  const vm: VerificationMethod = {
869
913
  controller: did,
870
914
  id: key.kid.startsWith(did) && key.kid.includes('#') ? key.kid : `${did}#${key.kid}`,
871
- publicKeyJwk: toJwk(key.publicKeyHex, key.type, {
872
- use: ENC_KEY_ALGS.includes(key.type) ? JwkKeyUse.Encryption : JwkKeyUse.Signature,
873
- key,
874
- }) as JsonWebKey,
915
+ publicKeyJwk: publicKeyJwk as JsonWebKey,
875
916
  type: 'JsonWebKey2020',
876
917
  }
877
918
  return vm
@@ -879,10 +920,7 @@ export function toDidDocument(
879
920
  ...((opts?.use === undefined || opts?.use?.includes(JwkKeyUse.Signature)) &&
880
921
  identifier.keys && {
881
922
  assertionMethod: identifier.keys
882
- .filter(
883
- (key) =>
884
- key?.meta?.purpose === undefined || key?.meta?.purpose === 'assertionMethod' || key?.meta?.purposes?.includes('assertionMethod'),
885
- )
923
+ .filter((key) => hasPurpose(key, 'assertionMethod'))
886
924
  .map((key) => {
887
925
  if (key.kid.startsWith(did) && key.kid.includes('#')) {
888
926
  return key.kid
@@ -893,9 +931,7 @@ export function toDidDocument(
893
931
  ...((opts?.use === undefined || opts?.use?.includes(JwkKeyUse.Signature)) &&
894
932
  identifier.keys && {
895
933
  authentication: identifier.keys
896
- .filter(
897
- (key) => key?.meta?.purpose === undefined || key?.meta?.purpose === 'authentication' || key?.meta?.purposes?.includes('authentication'),
898
- )
934
+ .filter((key) => hasPurpose(key, 'authentication'))
899
935
  .map((key) => {
900
936
  if (key.kid.startsWith(did) && key.kid.includes('#')) {
901
937
  return key.kid
@@ -906,7 +942,7 @@ export function toDidDocument(
906
942
  ...((opts?.use === undefined || opts?.use?.includes(JwkKeyUse.Encryption)) &&
907
943
  identifier.keys && {
908
944
  keyAgreement: identifier.keys
909
- .filter((key) => key.type === 'X25519' || key?.meta?.purpose === 'keyAgreement' || key?.meta?.purposes?.includes('keyAgreement'))
945
+ .filter((key) => key.type === 'X25519' || hasPurpose(key, 'keyAgreement'))
910
946
  .map((key) => {
911
947
  if (key.kid.startsWith(did) && key.kid.includes('#')) {
912
948
  return key.kid
@@ -917,10 +953,7 @@ export function toDidDocument(
917
953
  ...((opts?.use === undefined || opts?.use?.includes(JwkKeyUse.Encryption)) &&
918
954
  identifier.keys && {
919
955
  capabilityInvocation: identifier.keys
920
- .filter(
921
- (key) =>
922
- key.type === 'X25519' || key?.meta?.purpose === 'capabilityInvocation' || key?.meta?.purposes?.includes('capabilityInvocation'),
923
- )
956
+ .filter((key) => key.type === 'X25519' || hasPurpose(key, 'capabilityInvocation'))
924
957
  .map((key) => {
925
958
  if (key.kid.startsWith(did) && key.kid.includes('#')) {
926
959
  return key.kid
@@ -931,10 +964,7 @@ export function toDidDocument(
931
964
  ...((opts?.use === undefined || opts?.use?.includes(JwkKeyUse.Encryption)) &&
932
965
  identifier.keys && {
933
966
  capabilityDelegation: identifier.keys
934
- .filter(
935
- (key) =>
936
- key.type === 'X25519' || key?.meta?.purpose === 'capabilityDelegation' || key?.meta?.purposes?.includes('capabilityDelegation'),
937
- )
967
+ .filter((key) => key.type === 'X25519' || hasPurpose(key, 'capabilityDelegation'))
938
968
  .map((key) => {
939
969
  if (key.kid.startsWith(did) && key.kid.includes('#')) {
940
970
  return key.kid
package/src/types.ts CHANGED
@@ -11,6 +11,7 @@ export enum SupportedDidMethodEnum {
11
11
  DID_EBSI = 'ebsi',
12
12
  DID_JWK = 'jwk',
13
13
  DID_OYD = 'oyd',
14
+ DID_WEB = 'web',
14
15
  }
15
16
 
16
17
  export enum IdentifierAliasEnum {
@@ -38,6 +39,8 @@ export type IdentifierProviderOpts = {
38
39
  type?: TKeyType
39
40
  use?: string
40
41
  method?: SupportedDidMethodEnum
42
+ did?: string
43
+ alias?: string
41
44
  [x: string]: any
42
45
  }
43
46