npm - @sphereon/ssi-sdk-ext.key-utils - Versions diffs - 0.36.1-feature.SSISDK.82.and.SSISDK.70.37 → 0.36.1-next.39 - Mend

@sphereon/ssi-sdk-ext.key-utils 0.36.1-feature.SSISDK.82.and.SSISDK.70.37 → 0.36.1-next.39

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (10) hide show

package/dist/index.cjs +20 -92
package/dist/index.cjs.map +1 -1
package/dist/index.d.cts +5 -12
package/dist/index.d.ts +5 -12
package/dist/index.js +20 -92
package/dist/index.js.map +1 -1
package/package.json +4 -4
package/src/digest-methods.ts +11 -13
package/src/functions.ts +7 -75
package/src/types/key-util-types.ts +0 -2

package/dist/index.cjs.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"sources":["../src/index.ts","../src/functions.ts","../src/digest-methods.ts","../src/jwk-jcs.ts","../src/types/key-util-types.ts","../src/conversion.ts"],"sourcesContent":["/*\n Provides `did:jwk` {@link @veramo/did-provider-jwk#JwkDIDProvider \| identifier provider }\n * for the {@link @veramo/did-manager#DIDManager}\n \n @packageDocumentation\n /\nexport from './functions'\nexport * from './conversion'\nexport * from './jwk-jcs'\nexport * from './types'\nexport * from './digest-methods'\n","import { randomBytes } from '@ethersproject/random'\n// Do not change these require statements to imports before we change to ESM. Breaks external CJS packages depending on this module\nimport { bls12_381 } from '@noble/curves/bls12-381'\nimport { ed25519, x25519 } from '@noble/curves/ed25519'\nimport { p256 } from '@noble/curves/p256'\nimport { p384 } from '@noble/curves/p384'\nimport { p521 } from '@noble/curves/p521'\nimport { secp256k1 } from '@noble/curves/secp256k1'\nimport { sha256, sha384, sha512 } from '@noble/hashes/sha2'\nimport {\n cryptoSubtleImportRSAKey,\n generateRSAKeyAsPEM,\n hexToBase64,\n hexToPEM,\n PEMToJwk,\n privateKeyHexFromPEM,\n} from '@sphereon/ssi-sdk-ext.x509-utils'\nimport { JoseCurve, JoseSignatureAlgorithm, type JWK, JwkKeyType, Loggers } from '@sphereon/ssi-types'\nimport { generateKeyPair as generateSigningKeyPair } from '@stablelib/ed25519'\nimport type { IAgentContext, IKey, IKeyManager, ManagedKeyInfo, MinimalImportableKey } from '@veramo/core'\nimport debug from 'debug'\n\nimport type { JsonWebKey } from 'did-resolver'\nimport elliptic from 'elliptic'\nimport * as rsa from 'micro-rsa-dsa-dh/rsa.js'\n\n// @ts-ignore\nimport { Crypto } from 'node'\n// @ts-ignore\nimport * as u8a from 'uint8arrays'\nimport { digestMethodParams } from './digest-methods'\nimport { validateJwk } from './jwk-jcs'\nimport {\n DigestAlgorithm,\n ENC_KEY_ALGS,\n type IImportProvidedOrGeneratedKeyArgs,\n JwkKeyUse,\n type KeyTypeFromCryptographicSuiteArgs,\n SIG_KEY_ALGS,\n type SignatureAlgorithmFromKeyArgs,\n type SignatureAlgorithmFromKeyTypeArgs,\n type TKeyType,\n} from './types'\n\nconst { fromString, toString } = u8a\n\nexport const logger = Loggers.DEFAULT.get('sphereon:key-utils')\n\n/*\n Function that returns the provided KMS name or the default KMS name if none is provided.\n * The default KMS is either explicitly defined during agent construction, or the first KMS available in the system\n * @param context\n * @param kms. Optional KMS to use. If provided will be the returned name. Otherwise the default KMS will be returned\n /\nexport const getKms = async (context: IAgentContext<any>, kms?: string): Promise<string> => {\n if (kms) {\n return kms\n }\n if (!context.agent.availableMethods().includes('keyManagerGetDefaultKeyManagementSystem')) {\n throw Error('Cannot determine default KMS if not provided and a non Sphereon Key Manager is being used')\n }\n return context.agent.keyManagerGetDefaultKeyManagementSystem()\n}\n\n/\n Generates a random Private Hex Key for the specified key type\n * @param type The key type\n * @return The private key in Hex form\n /\nexport const generatePrivateKeyHex = async (type: TKeyType): Promise<string> => {\n switch (type) {\n case 'Ed25519': {\n const keyPairEd25519 = generateSigningKeyPair()\n return toString(keyPairEd25519.secretKey, 'base16')\n }\n // The Secp256 types use the same method to generate the key\n case 'Secp256r1':\n case 'Secp256k1': {\n const privateBytes = randomBytes(32)\n return toString(privateBytes, 'base16')\n }\n case 'RSA': {\n const pem = await generateRSAKeyAsPEM('RSA-PSS', 'SHA-256', 2048)\n return privateKeyHexFromPEM(pem)\n }\n default:\n throw Error(`not_supported: Key type ${type} not yet supported for this did:jwk implementation`)\n }\n}\n\nconst keyMetaAlgorithmsFromKeyType = (type: string \| TKeyType) => {\n switch (type) {\n case 'Ed25519':\n return ['Ed25519', 'EdDSA']\n case 'ES256K':\n case 'Secp256k1':\n return ['ES256K', 'ES256K-R', 'eth_signTransaction', 'eth_signTypedData', 'eth_signMessage', 'eth_rawSign']\n case 'Secp256r1':\n return ['ES256']\n case 'X25519':\n return ['ECDH', 'ECDH-ES', 'ECDH-1PU']\n case 'RSA':\n return ['RS256', 'RS512', 'PS256', 'PS512']\n }\n return [type]\n}\n\n/\n We optionally generate and then import our own keys.\n \n @param args The key arguments\n * @param context The Veramo agent context\n * @private\n /\nexport async function importProvidedOrGeneratedKey(\n args: IImportProvidedOrGeneratedKeyArgs & {\n kms: string\n },\n context: IAgentContext<IKeyManager>,\n): Promise<IKey> {\n // @ts-ignore\n const type = args.options?.type ?? args.options?.key?.type ?? args.options?.keyType ?? 'Secp256r1'\n const key = args?.options?.key\n if (key) {\n key.meta = {\n ...key.meta,\n providerName: args.providerName,\n }\n\n // Make sure x509 options are also set on the metadata as that is what the kms will look for\n if (args.options?.x509) {\n key.meta = {\n ...key.meta,\n x509: {\n ...args.options.x509,\n ...key.meta?.x509,\n },\n }\n }\n }\n\n if (args.options && args.options?.use === JwkKeyUse.Encryption && !ENC_KEY_ALGS.includes(type)) {\n throw new Error(`${type} keys are not valid for encryption`)\n }\n\n let privateKeyHex: string \| undefined = undefined\n if (key) {\n privateKeyHex = key.privateKeyHex ?? key.meta?.x509?.privateKeyHex\n if ((!privateKeyHex \|\| privateKeyHex.trim() === '') && key?.meta?.x509?.privateKeyPEM) {\n // If we do not have a privateKeyHex but do have a PEM\n privateKeyHex = privateKeyHexFromPEM(key.meta.x509.privateKeyPEM)\n }\n }\n if (privateKeyHex) {\n return context.agent.keyManagerImport({\n ...key,\n kms: args.kms,\n type,\n privateKeyHex: privateKeyHex!,\n })\n }\n\n return context.agent.keyManagerCreate({\n type,\n kms: args.kms,\n meta: {\n ...key?.meta,\n algorithms: keyMetaAlgorithmsFromKeyType(type),\n ...(key?.meta?.keyAlias ? {} : { keyAlias: args.alias }),\n },\n })\n}\n\nexport const calculateJwkThumbprintForKey = (args: {\n key: IKey \| MinimalImportableKey \| ManagedKeyInfo\n digestAlgorithm?: 'sha256' \| 'sha512'\n}): string => {\n const { key } = args\n\n const jwk = key.publicKeyHex\n ? toJwk(key.publicKeyHex, key.type, { key: key, isPrivateKey: false })\n : 'privateKeyHex' in key && key.privateKeyHex\n ? toJwk(key.privateKeyHex, key.type, { isPrivateKey: true })\n : undefined\n if (!jwk) {\n throw Error(`Could not determine jwk from key ${key.kid}`)\n }\n return calculateJwkThumbprint({ jwk, digestAlgorithm: args.digestAlgorithm })\n}\n\nconst assertJwkClaimPresent = (value: unknown, description: string) => {\n if (typeof value !== 'string' \|\| !value) {\n throw new Error(`${description} missing or invalid`)\n }\n}\nexport const toBase64url = (input: string): string => toString(fromString(input), 'base64url')\n\n/\n Calculate the JWK thumbprint\n * @param args\n /\nexport const calculateJwkThumbprint = (args: { jwk: JWK; digestAlgorithm?: DigestAlgorithm }): string => {\n const digestAlgorithm = normalizeHashAlgorithm(args.digestAlgorithm ?? 'SHA-256')\n const jwk = sanitizedJwk(args.jwk)\n let components\n switch (jwk.kty) {\n case 'EC':\n assertJwkClaimPresent(jwk.crv, '\"crv\" (Curve) Parameter')\n assertJwkClaimPresent(jwk.x, '\"x\" (X Coordinate) Parameter')\n assertJwkClaimPresent(jwk.y, '\"y\" (Y Coordinate) Parameter')\n components = { crv: jwk.crv, kty: jwk.kty, x: jwk.x, y: jwk.y }\n break\n case 'OKP':\n assertJwkClaimPresent(jwk.crv, '\"crv\" (Subtype of Key Pair) Parameter')\n assertJwkClaimPresent(jwk.x, '\"x\" (Public Key) Parameter')\n components = { crv: jwk.crv, kty: jwk.kty, x: jwk.x }\n break\n case 'RSA':\n assertJwkClaimPresent(jwk.e, '\"e\" (Exponent) Parameter')\n assertJwkClaimPresent(jwk.n, '\"n\" (Modulus) Parameter')\n components = { e: jwk.e, kty: jwk.kty, n: jwk.n }\n break\n case 'oct':\n assertJwkClaimPresent(jwk.k, '\"k\" (Key Value) Parameter')\n components = { k: jwk.k, kty: jwk.kty }\n break\n default:\n throw new Error('\"kty\" (Key Type) Parameter missing or unsupported')\n }\n const data = JSON.stringify(components)\n return digestMethodParams(digestAlgorithm).digestMethod(data, 'base64url')\n}\n\nexport const toJwkFromKey = (\n key: IKey \| MinimalImportableKey \| ManagedKeyInfo,\n opts?: {\n use?: JwkKeyUse\n noKidThumbprint?: boolean\n },\n): JWK => {\n const isPrivateKey = 'privateKeyHex' in key\n return toJwk(key.publicKeyHex!, key.type, { ...opts, key, isPrivateKey })\n}\n\n/\n Converts a public key in hex format to a JWK\n * @param publicKeyHex public key in hex\n * @param type The type of the key (Ed25519, Secp256k1/r1)\n * @param opts. Options, like the optional use for the key (sig/enc)\n * @return The JWK\n /\nexport const toJwk = (\n publicKeyHex: string,\n type: TKeyType,\n opts?: { use?: JwkKeyUse; key?: IKey \| MinimalImportableKey; isPrivateKey?: boolean; noKidThumbprint?: boolean },\n): JWK => {\n const { key, noKidThumbprint = false } = opts ?? {}\n if (key && key.publicKeyHex !== publicKeyHex && opts?.isPrivateKey !== true) {\n throw Error(`Provided key with id ${key.kid}, has a different public key hex ${key.publicKeyHex} than supplied public key ${publicKeyHex}`)\n }\n let jwk: JWK\n switch (type) {\n case 'Ed25519':\n jwk = toEd25519OrX25519Jwk(publicKeyHex, { ...opts, crv: JoseCurve.Ed25519 })\n break\n case 'X25519':\n jwk = toEd25519OrX25519Jwk(publicKeyHex, { ...opts, crv: JoseCurve.X25519 })\n break\n case 'Secp256k1':\n jwk = toSecp256k1Jwk(publicKeyHex, opts)\n break\n case 'Secp256r1':\n jwk = toSecp256r1Jwk(publicKeyHex, opts)\n break\n case 'RSA':\n jwk = toRSAJwk(publicKeyHex, opts)\n break\n default:\n throw new Error(`not_supported: Key type ${type} not yet supported for this did:jwk implementation`)\n }\n if (!jwk.kid && !noKidThumbprint) {\n jwk['kid'] = calculateJwkThumbprint({ jwk })\n }\n return sanitizedJwk(jwk)\n}\n\n/\n Convert a JWK to a raw hex key.\n * Currently supports `RSA` and `EC` keys. Extendable for other key types.\n * @param jwk - The JSON Web Key object.\n * @returns A string representing the key in raw hexadecimal format.\n /\nexport const jwkToRawHexKey = async (jwk: JWK): Promise<string> => {\n // TODO: Probably makes sense to have an option to do the same for private keys\n jwk = sanitizedJwk(jwk)\n if (jwk.kty === 'RSA') {\n return rsaJwkToRawHexKey(jwk)\n } else if (jwk.kty === 'EC') {\n return ecJwkToRawHexKey(jwk)\n } else if (jwk.kty === 'OKP') {\n return okpJwkToRawHexKey(jwk)\n } else if (jwk.kty === 'oct') {\n return octJwkToRawHexKey(jwk)\n } else {\n throw new Error(`Unsupported key type: ${jwk.kty}`)\n }\n}\n\n/\n Convert an RSA JWK to a raw hex key.\n * @param jwk - The RSA JWK object.\n * @returns A string representing the RSA key in raw hexadecimal format.\n /\nexport function rsaJwkToRawHexKey(jwk: JsonWebKey): string {\n /\n Encode an integer value (given as a Uint8Array) into DER INTEGER:\n * 0x02 \|\| length \|\| value (with a leading 0x00 if the high bit is set).\n /\n function encodeInteger(bytes: Uint8Array): Uint8Array {\n // if high bit set, prefix a 0x00\n if (bytes[0] & 0x80) {\n bytes = Uint8Array.from([0x00, ...bytes])\n }\n const len = encodeLength(bytes.length)\n return Uint8Array.from([0x02, ...len, ...bytes])\n }\n\n /\n Encode length per DER rules:\n * - If <128, one byte\n * - Else 0x80\|numBytes followed by big-endian length\n /\n function encodeLength(len: any) {\n if (len < 0x80) {\n return Uint8Array.of(len)\n }\n let hex = len.toString(16)\n if (hex.length % 2 === 1) {\n hex = '0' + hex\n }\n const lenBytes = Uint8Array.from(hex.match(/.{2}/g)!.map((h: any) => parseInt(h, 16)))\n return Uint8Array.of(0x80 \| lenBytes.length, ...lenBytes)\n }\n\n /\n Wrap one or more DER elements in a SEQUENCE:\n * 0x30 \|\| totalLength \|\| concatenatedElements\n /\n function encodeSequence(elements: any) {\n const content = elements.reduce((acc: any, elm: any) => Uint8Array.from([...acc, ...elm]), new Uint8Array())\n const len = encodeLength(content.length)\n return Uint8Array.from([0x30, ...len, ...content])\n }\n\n /\n Convert a Base64-URL string into a Uint8Array (handles padding & “-_/”).\n /\n function base64UrlToBytes(b64url: string): Uint8Array {\n return fromString(b64url, 'base64url')\n }\n\n jwk = sanitizedJwk(jwk)\n if (!jwk.n \|\| !jwk.e) {\n throw new Error(\"RSA JWK must contain 'n' and 'e' properties.\")\n }\n const modulusBytes = base64UrlToBytes(jwk.n)\n const exponentBytes = base64UrlToBytes(jwk.e)\n const sequence = encodeSequence([encodeInteger(modulusBytes), encodeInteger(exponentBytes)])\n const result = toString(sequence, 'hex')\n return result\n /\n // We are converting from base64 to base64url to be sure. The spec uses base64url, but in the wild we sometimes encounter a base64 string\n const modulus = fromString(jwk.n.replace(/\\+/g, '-').replace(/\\//g, '_').replace(/=+$/, ''), 'base64url') // 'n' is the modulus\n const exponent = fromString(jwk.e.replace(/\\+/g, '-').replace(/\\//g, '_').replace(/=+$/, ''), 'base64url') // 'e' is the exponent\n\n return toString(modulus, 'hex') + toString(exponent, 'hex')/\n}\n\n/\n Convert an EC JWK to a raw hex key.\n * @param jwk - The EC JWK object.\n * @returns A string representing the EC key in raw hexadecimal format.\n /\nfunction ecJwkToRawHexKey(jwk: JsonWebKey): string {\n jwk = sanitizedJwk(jwk)\n if (!jwk.x \|\| !jwk.y) {\n throw new Error(\"EC JWK must contain 'x' and 'y' properties.\")\n }\n\n // We are converting from base64 to base64url to be sure. The spec uses base64url, but in the wild we sometimes encounter a base64 string\n const x = fromString(jwk.x.replace(/\\+/g, '-').replace(/\\//g, '_').replace(/=+$/, ''), 'base64url')\n const y = fromString(jwk.y.replace(/\\+/g, '-').replace(/\\//g, '_').replace(/=+$/, ''), 'base64url')\n\n return '04' + toString(x, 'hex') + toString(y, 'hex')\n}\n\n/\n Convert an EC JWK to a raw hex key.\n * @param jwk - The EC JWK object.\n * @returns A string representing the EC key in raw hexadecimal format.\n /\nfunction okpJwkToRawHexKey(jwk: JsonWebKey): string {\n jwk = sanitizedJwk(jwk)\n if (!jwk.x) {\n throw new Error(\"OKP JWK must contain 'x' property.\")\n }\n\n // We are converting from base64 to base64url to be sure. The spec uses base64url, but in the wild we sometimes encounter a base64 string\n const x = fromString(jwk.x.replace(/\\+/g, '-').replace(/\\//g, '_').replace(/=+$/, ''), 'base64url')\n\n return toString(x, 'hex')\n}\n\n/\n Convert an octet JWK to a raw hex key.\n * @param jwk - The octet JWK object.\n * @returns A string representing the octet key in raw hexadecimal format.\n /\nfunction octJwkToRawHexKey(jwk: JsonWebKey): string {\n jwk = sanitizedJwk(jwk)\n if (!jwk.k) {\n throw new Error(\"Octet JWK must contain 'k' property.\")\n }\n\n // We are converting from base64 to base64url to be sure. The spec uses base64url, but in the wild we sometimes encounter a base64 string\n const key = fromString(jwk.k.replace(/\\+/g, '-').replace(/\\//g, '_').replace(/=+$/, ''), 'base64url')\n\n return toString(key, 'hex')\n}\n\nexport function x25519PublicHexFromPrivateHex(privateKeyHex: string): string {\n if (!/^[0-9a-fA-F]{64}$/.test(privateKeyHex)) {\n throw new Error('Private key must be 32-byte hex (64 chars)')\n }\n\n const priv = Uint8Array.from(Buffer.from(privateKeyHex, 'hex'))\n const pub = x25519.getPublicKey(priv)\n\n return Buffer.from(pub).toString('hex')\n}\n\n/\n Determines the use param based upon the key/signature type or supplied use value.\n \n @param type The key type\n * @param suppliedUse A supplied use. Will be used in case it is present\n /\nexport const jwkDetermineUse = (type: TKeyType, suppliedUse?: JwkKeyUse): JwkKeyUse \| undefined => {\n return suppliedUse\n ? suppliedUse\n : SIG_KEY_ALGS.includes(type)\n ? JwkKeyUse.Signature\n : ENC_KEY_ALGS.includes(type)\n ? JwkKeyUse.Encryption\n : undefined\n}\n\n/\n Assert the key has a proper length\n \n @param keyHex Input key\n * @param expectedKeyLength Expected key length(s)\n /\nconst assertProperKeyLength = (keyHex: string, expectedKeyLength: number \| number[]) => {\n if (Array.isArray(expectedKeyLength)) {\n if (!expectedKeyLength.includes(keyHex.length)) {\n throw Error(\n `Invalid key length. Needs to be a hex string with length from ${JSON.stringify(expectedKeyLength)} instead of ${\n keyHex.length\n }. Input: ${keyHex}`,\n )\n }\n } else if (keyHex.length !== expectedKeyLength) {\n throw Error(`Invalid key length. Needs to be a hex string with length ${expectedKeyLength} instead of ${keyHex.length}. Input: ${keyHex}`)\n }\n}\n\n/\n Generates a JWK from a Secp256k1 public key\n * @param keyHex Secp256k1 public or private key in hex\n * @param use The use for the key\n * @return The JWK\n /\nconst toSecp256k1Jwk = (keyHex: string, opts?: { use?: JwkKeyUse; isPrivateKey?: boolean }): JWK => {\n const { use } = opts ?? {}\n logger.debug(`toSecp256k1Jwk keyHex: ${keyHex}, length: ${keyHex.length}`)\n if (opts?.isPrivateKey) {\n assertProperKeyLength(keyHex, [64])\n } else {\n assertProperKeyLength(keyHex, [66, 130])\n }\n\n const secp256k1 = new elliptic.ec('secp256k1')\n const keyBytes = fromString(keyHex, 'base16')\n const keyPair = opts?.isPrivateKey ? secp256k1.keyFromPrivate(keyBytes) : secp256k1.keyFromPublic(keyBytes)\n const pubPoint = keyPair.getPublic()\n\n return sanitizedJwk({\n alg: JoseSignatureAlgorithm.ES256K,\n ...(use !== undefined && { use }),\n kty: JwkKeyType.EC,\n crv: JoseCurve.secp256k1,\n x: hexToBase64(pubPoint.getX().toString('hex').padStart(64, '0'), 'base64url'),\n y: hexToBase64(pubPoint.getY().toString('hex').padStart(64, '0'), 'base64url'),\n ...(opts?.isPrivateKey && { d: hexToBase64(keyPair.getPrivate('hex'), 'base64url') }),\n })\n}\n\n/\n Generates a JWK from a Secp256r1 public key\n * @param keyHex Secp256r1 public key in hex\n * @param use The use for the key\n * @return The JWK\n /\nconst toSecp256r1Jwk = (keyHex: string, opts?: { use?: JwkKeyUse; isPrivateKey?: boolean }): JWK => {\n const { use } = opts ?? {}\n logger.debug(`toSecp256r1Jwk keyHex: ${keyHex}, length: ${keyHex.length}`)\n if (opts?.isPrivateKey) {\n assertProperKeyLength(keyHex, [64])\n } else {\n assertProperKeyLength(keyHex, [66, 130])\n }\n\n const secp256r1 = new elliptic.ec('p256')\n const keyBytes = fromString(keyHex, 'base16')\n logger.debug(`keyBytes length: ${keyBytes}`)\n const keyPair = opts?.isPrivateKey ? secp256r1.keyFromPrivate(keyBytes) : secp256r1.keyFromPublic(keyBytes)\n const pubPoint = keyPair.getPublic()\n return sanitizedJwk({\n alg: JoseSignatureAlgorithm.ES256,\n ...(use !== undefined && { use }),\n kty: JwkKeyType.EC,\n crv: JoseCurve.P_256,\n x: hexToBase64(pubPoint.getX().toString('hex').padStart(64, '0'), 'base64url'),\n y: hexToBase64(pubPoint.getY().toString('hex').padStart(64, '0'), 'base64url'),\n ...(opts?.isPrivateKey && { d: hexToBase64(keyPair.getPrivate('hex'), 'base64url') }),\n })\n}\n\n/\n Generates a JWK from an Ed25519/X25519 public key\n * @param publicKeyHex Ed25519/X25519 public key in hex\n * @param opts\n * @return The JWK\n /\nconst toEd25519OrX25519Jwk = (\n publicKeyHex: string,\n opts: {\n use?: JwkKeyUse\n crv: JoseCurve.Ed25519 \| JoseCurve.X25519\n },\n): JWK => {\n assertProperKeyLength(publicKeyHex, 64)\n const { use } = opts ?? {}\n return sanitizedJwk({\n alg: JoseSignatureAlgorithm.EdDSA,\n ...(use !== undefined && { use }),\n kty: JwkKeyType.OKP,\n crv: opts?.crv ?? JoseCurve.Ed25519,\n x: hexToBase64(publicKeyHex, 'base64url'),\n })\n}\n\nconst toRSAJwk = (publicKeyHex: string, opts?: { use?: JwkKeyUse; key?: IKey \| MinimalImportableKey }): JWK => {\n function parseDerIntegers(pubKeyHex: string): { modulus: string; exponent: string } {\n const bytes = Buffer.from(pubKeyHex, 'hex')\n let offset = 0\n\n // 1) Outer SEQUENCE\n if (bytes[offset++] !== 0x30) throw new Error('Not a SEQUENCE')\n let len = bytes[offset++]\n if (len & 0x80) {\n const nBytes = len & 0x7f\n len = 0\n for (let i = 0; i < nBytes; i++) {\n len = (len << 8) + bytes[offset++]\n }\n }\n\n // 2) Look at next tag: INTEGER(0x02) means raw PKCS#1,\n // otherwise assume X.509/SPKI wrapper.\n if (bytes[offset] !== 0x02) {\n // --- skip AlgorithmIdentifier SEQUENCE ---\n if (bytes[offset++] !== 0x30) throw new Error('Expected alg-ID SEQUENCE')\n let algLen = bytes[offset++]\n if (algLen & 0x80) {\n const nB = algLen & 0x7f\n algLen = 0\n for (let i = 0; i < nB; i++) algLen = (algLen << 8) + bytes[offset++]\n }\n offset += algLen\n\n // --- skip BIT STRING wrapper ---\n if (bytes[offset++] !== 0x03) throw new Error('Expected BIT STRING')\n let bitLen = bytes[offset++]\n if (bitLen & 0x80) {\n const nB = bitLen & 0x7f\n bitLen = 0\n for (let i = 0; i < nB; i++) bitLen = (bitLen << 8) + bytes[offset++]\n }\n // skip the “unused bits” byte\n offset += 1\n\n // now the next byte should be 0x30 for the inner SEQUENCE\n if (bytes[offset++] !== 0x30) throw new Error('Expected inner SEQUENCE')\n let innerLen = bytes[offset++]\n if (innerLen & 0x80) {\n const nB = innerLen & 0x7f\n innerLen = 0\n for (let i = 0; i < nB; i++) innerLen = (innerLen << 8) + bytes[offset++]\n }\n }\n\n // 3) Parse modulus INTEGER\n if (bytes[offset++] !== 0x02) throw new Error('Expected INTEGER for modulus')\n let modLen = bytes[offset++]\n if (modLen & 0x80) {\n const nB = modLen & 0x7f\n modLen = 0\n for (let i = 0; i < nB; i++) modLen = (modLen << 8) + bytes[offset++]\n }\n let modulusBytes = bytes.slice(offset, offset + modLen)\n offset += modLen\n\n // strip leading zero if present (unsigned integer in JWK)\n if (modulusBytes[0] === 0x00) {\n modulusBytes = modulusBytes.slice(1)\n }\n\n // 4) Parse exponent INTEGER\n if (bytes[offset++] !== 0x02) throw new Error('Expected INTEGER for exponent')\n let expLen = bytes[offset++]\n if (expLen & 0x80) {\n const nB = expLen & 0x7f\n expLen = 0\n for (let i = 0; i < nB; i++) expLen = (expLen << 8) + bytes[offset++]\n }\n const exponentBytes = bytes.slice(offset, offset + expLen)\n\n return {\n modulus: modulusBytes.toString('hex'),\n exponent: exponentBytes.toString('hex'),\n }\n }\n\n const meta = opts?.key?.meta\n if (meta?.publicKeyJwk \|\| meta?.publicKeyPEM) {\n if (meta?.publicKeyJwk) {\n return meta.publicKeyJwk as JWK\n }\n const publicKeyPEM = meta?.publicKeyPEM ?? hexToPEM(publicKeyHex, 'public')\n const jwk = PEMToJwk(publicKeyPEM, 'public') as JWK\n return jwk\n }\n\n const { modulus, exponent } = parseDerIntegers(publicKeyHex)\n const sanitized = sanitizedJwk({\n kty: 'RSA',\n n: hexToBase64(modulus, 'base64url'),\n e: hexToBase64(exponent, 'base64url'),\n })\n return sanitized\n}\n\nexport const padLeft = (args: { data: string; size?: number; padString?: string }): string => {\n const { data } = args\n const size = args.size ?? 32\n const padString = args.padString ?? '0'\n if (data.length >= size) {\n return data\n }\n\n if (padString && padString.length === 0) {\n throw Error(`Pad string needs to have at least a length of 1`)\n }\n const length = padString.length\n return padString.repeat((size - data.length) / length) + data\n}\n\nenum OIDType {\n Secp256k1,\n Secp256r1,\n Ed25519,\n}\n\nconst OID: Record<OIDType, Uint8Array> = {\n [OIDType.Secp256k1]: new Uint8Array([0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02, 0x01]),\n [OIDType.Secp256r1]: new Uint8Array([0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07]),\n [OIDType.Ed25519]: new Uint8Array([0x06, 0x03, 0x2b, 0x65, 0x70]),\n}\n\nconst compareUint8Arrays = (a: Uint8Array, b: Uint8Array): boolean => {\n if (a.length !== b.length) {\n return false\n }\n for (let i = 0; i < a.length; i++) {\n if (a[i] !== b[i]) {\n return false\n }\n }\n return true\n}\n\nconst findSubarray = (haystack: Uint8Array, needle: Uint8Array): number => {\n for (let i = 0; i <= haystack.length - needle.length; i++) {\n if (compareUint8Arrays(haystack.subarray(i, i + needle.length), needle)) {\n return i\n }\n }\n return -1\n}\n\nconst getTargetOID = (keyType: TKeyType) => {\n switch (keyType) {\n case 'Secp256k1':\n return OID[OIDType.Secp256k1]\n case 'Secp256r1':\n return OID[OIDType.Secp256r1]\n case 'Ed25519':\n return OID[OIDType.Ed25519]\n default:\n throw new Error(`Unsupported key type: ${keyType}`)\n }\n}\n\nexport const isAsn1Der = (key: Uint8Array): boolean => key[0] === 0x30\n\nexport const asn1DerToRawPublicKey = (derKey: Uint8Array, keyType: TKeyType): Uint8Array => {\n if (!isAsn1Der(derKey)) {\n throw new Error('Invalid DER encoding: Expected to start with sequence tag')\n }\n\n let index = 2\n if (derKey[1] & 0x80) {\n const lengthBytesCount = derKey[1] & 0x7f\n index += lengthBytesCount\n }\n const targetOid = getTargetOID(keyType)\n const oidIndex = findSubarray(derKey, targetOid)\n if (oidIndex === -1) {\n throw new Error(`OID for ${keyType} not found in DER encoding`)\n }\n\n index = oidIndex + targetOid.length\n\n while (index < derKey.length && derKey[index] !== 0x03) {\n index++\n }\n\n if (index >= derKey.length) {\n throw new Error('Invalid DER encoding: Bit string not found')\n }\n\n // Skip the bit string tag (0x03) and length byte\n index += 2\n\n // Skip the unused bits count byte\n index++\n\n return derKey.slice(index)\n}\n\nexport const isRawCompressedPublicKey = (key: Uint8Array): boolean => key.length === 33 && (key[0] === 0x02 \|\| key[0] === 0x03)\n\nexport const toRawCompressedHexPublicKey = (rawPublicKey: Uint8Array, keyType: TKeyType): string => {\n if (isRawCompressedPublicKey(rawPublicKey)) {\n return hexStringFromUint8Array(rawPublicKey)\n }\n\n if (keyType === 'Secp256k1' \|\| keyType === 'Secp256r1') {\n if (rawPublicKey[0] === 0x04 && rawPublicKey.length === 65) {\n const xCoordinate = rawPublicKey.slice(1, 33)\n const yCoordinate = rawPublicKey.slice(33)\n const prefix = new Uint8Array([yCoordinate[31] % 2 === 0 ? 0x02 : 0x03])\n const resultKey = hexStringFromUint8Array(new Uint8Array([...prefix, ...xCoordinate]))\n logger.debug(`converted public key ${hexStringFromUint8Array(rawPublicKey)} to ${resultKey}`)\n return resultKey\n }\n return toString(rawPublicKey, 'base16')\n } else if (keyType === 'Ed25519') {\n // Ed25519 keys are always in compressed form\n return toString(rawPublicKey, 'base16')\n }\n\n throw new Error(`Unsupported key type: ${keyType}`)\n}\n\nexport const hexStringFromUint8Array = (value: Uint8Array): string => toString(value, 'base16')\n\nexport const signatureAlgorithmFromKey = async (args: SignatureAlgorithmFromKeyArgs): Promise<JoseSignatureAlgorithm> => {\n const { key } = args\n return signatureAlgorithmFromKeyType({ type: key.type })\n}\n\nexport const signatureAlgorithmFromKeyType = (args: SignatureAlgorithmFromKeyTypeArgs): JoseSignatureAlgorithm => {\n const { type } = args\n switch (type) {\n case 'Ed25519':\n case 'X25519':\n return JoseSignatureAlgorithm.EdDSA\n case 'Secp256r1':\n return JoseSignatureAlgorithm.ES256\n case 'Secp384r1':\n return JoseSignatureAlgorithm.ES384\n case 'Secp521r1':\n return JoseSignatureAlgorithm.ES512\n case 'Secp256k1':\n return JoseSignatureAlgorithm.ES256K\n case 'RSA':\n return JoseSignatureAlgorithm.PS256\n default:\n throw new Error(`Key type '${type}' not supported`)\n }\n}\n\n// TODO improve this conversion for jwt and jsonld, not a fan of current structure\nexport const keyTypeFromCryptographicSuite = (args: KeyTypeFromCryptographicSuiteArgs): TKeyType => {\n const { crv, kty, alg } = args\n\n switch (alg) {\n case 'RSASSA-PSS':\n case 'RS256':\n case 'RS384':\n case 'RS512':\n case 'PS256':\n case 'PS384':\n case 'PS512':\n return 'RSA'\n }\n\n switch (crv) {\n case 'EdDSA':\n case 'Ed25519':\n case 'Ed25519Signature2018':\n case 'Ed25519Signature2020':\n case 'JcsEd25519Signature2020':\n return 'Ed25519'\n case 'JsonWebSignature2020':\n case 'ES256':\n case 'ECDSA':\n case 'P-256':\n return 'Secp256r1'\n case 'ES384':\n case 'P-384':\n return 'Secp384r1'\n case 'ES512':\n case 'P-521':\n return 'Secp521r1'\n case 'EcdsaSecp256k1Signature2019':\n case 'secp256k1':\n case 'ES256K':\n case 'EcdsaSecp256k1VerificationKey2019':\n case 'EcdsaSecp256k1RecoveryMethod2020':\n return 'Secp256k1'\n }\n if (kty) {\n return kty as TKeyType\n }\n\n throw new Error(`Cryptographic suite '${crv}' not supported`)\n}\n\nexport function removeNulls<T>(obj: T \| any) {\n Object.keys(obj).forEach((key) => {\n if (obj[key] && typeof obj[key] === 'object') removeNulls(obj[key])\n else if (obj[key] == null) delete obj[key]\n })\n return obj\n}\n\nexport const globalCrypto = (setGlobal: boolean, suppliedCrypto?: Crypto): Crypto => {\n let webcrypto: Crypto\n if (typeof suppliedCrypto !== 'undefined') {\n webcrypto = suppliedCrypto\n } else if (typeof crypto !== 'undefined') {\n webcrypto = crypto\n } else if (typeof global.crypto !== 'undefined') {\n webcrypto = global.crypto\n } else {\n // @ts-ignore\n if (typeof global.window?.crypto?.subtle !== 'undefined') {\n // @ts-ignore\n webcrypto = global.window.crypto\n } else {\n webcrypto = import('crypto') as Crypto\n }\n }\n if (setGlobal) {\n global.crypto = webcrypto\n }\n\n return webcrypto\n}\n\nexport const sanitizedJwk = (input: JWK \| JsonWebKey): JWK => {\n const inputJwk = typeof input['toJsonDTO'] === 'function' ? input['toJsonDTO']() : ({ ...input } as JWK) // KMP code can expose this. It converts a KMP JWK with mangled names into a clean JWK\n\n const jwk = {\n ...inputJwk,\n ...(inputJwk.x && { x: base64ToBase64Url(inputJwk.x as string) }),\n ...(inputJwk.y && { y: base64ToBase64Url(inputJwk.y as string) }),\n ...(inputJwk.d && { d: base64ToBase64Url(inputJwk.d as string) }),\n ...(inputJwk.n && { n: base64ToBase64Url(inputJwk.n as string) }),\n ...(inputJwk.e && { e: base64ToBase64Url(inputJwk.e as string) }),\n ...(inputJwk.k && { k: base64ToBase64Url(inputJwk.k as string) }),\n } as JWK\n\n return removeNulls(jwk)\n}\n\nexport const base64ToBase64Url = (input: string): string => {\n return input.replace(/\\+/g, '-').replace(/\\//g, '_').replace(/=+$/, '')\n}\n\n/\n \n /\nexport async function verifyRawSignature({\n data,\n signature,\n key: inputKey,\n opts,\n}: {\n data: Uint8Array\n signature: Uint8Array\n key: JWK\n opts?: {\n signatureAlg?: JoseSignatureAlgorithm\n }\n}) {\n /\n Converts a Base64URL-encoded JWK property to a BigInt.\n * @param jwkProp - The Base64URL-encoded string.\n * @returns The BigInt representation of the decoded value.\n /\n function jwkPropertyToBigInt(jwkProp: string): bigint {\n // Decode Base64URL to Uint8Array\n const byteArray = fromString(jwkProp, 'base64url')\n\n // Convert Uint8Array to hexadecimal string and then to BigInt\n const hex = toString(byteArray, 'hex')\n return BigInt(`0x${hex}`)\n }\n\n try {\n debug(`verifyRawSignature for: ${inputKey}`)\n const jwk = sanitizedJwk(inputKey)\n validateJwk(jwk, { crvOptional: true })\n const keyType = keyTypeFromCryptographicSuite({ crv: jwk.crv, kty: jwk.kty, alg: jwk.alg })\n const publicKeyHex = await jwkToRawHexKey(jwk)\n\n // TODO: We really should look at the signature alg first if provided! From key type should be the last resort\n switch (keyType) {\n case 'Secp256k1':\n return secp256k1.verify(signature, data, publicKeyHex, { format: 'compact', prehash: true })\n case 'Secp256r1':\n return p256.verify(signature, data, publicKeyHex, { format: 'compact', prehash: true })\n case 'Secp384r1':\n return p384.verify(signature, data, publicKeyHex, { format: 'compact', prehash: true })\n case 'Secp521r1':\n return p521.verify(signature, data, publicKeyHex, { format: 'compact', prehash: true })\n case 'Ed25519':\n return ed25519.verify(signature, data, fromString(publicKeyHex, 'hex'))\n case 'Bls12381G1':\n case 'Bls12381G2':\n return bls12_381.verify(signature, data, fromString(publicKeyHex, 'hex'))\n case 'RSA': {\n const signatureAlgorithm = opts?.signatureAlg ?? (jwk.alg as JoseSignatureAlgorithm \| undefined) ?? JoseSignatureAlgorithm.PS256\n const hashAlg =\n signatureAlgorithm === JoseSignatureAlgorithm.RS512 \|\| signatureAlgorithm === JoseSignatureAlgorithm.PS512\n ? sha512\n : signatureAlgorithm === JoseSignatureAlgorithm.RS384 \|\| signatureAlgorithm === JoseSignatureAlgorithm.PS384\n ? sha384\n : sha256\n switch (signatureAlgorithm) {\n case JoseSignatureAlgorithm.RS256:\n return rsa.PKCS1_SHA256.verify(\n {\n n: jwkPropertyToBigInt(jwk.n!),\n e: jwkPropertyToBigInt(jwk.e!),\n },\n data,\n signature,\n )\n case JoseSignatureAlgorithm.RS384:\n return rsa.PKCS1_SHA384.verify(\n {\n n: jwkPropertyToBigInt(jwk.n!),\n e: jwkPropertyToBigInt(jwk.e!),\n },\n data,\n signature,\n )\n case JoseSignatureAlgorithm.RS512:\n return rsa.PKCS1_SHA512.verify(\n {\n n: jwkPropertyToBigInt(jwk.n!),\n e: jwkPropertyToBigInt(jwk.e!),\n },\n data,\n signature,\n )\n case JoseSignatureAlgorithm.PS256:\n case JoseSignatureAlgorithm.PS384:\n case JoseSignatureAlgorithm.PS512:\n if (typeof crypto !== 'undefined' && typeof crypto.subtle !== 'undefined') {\n const key = await cryptoSubtleImportRSAKey(jwk, 'RSA-PSS')\n const saltLength =\n signatureAlgorithm === JoseSignatureAlgorithm.PS256 ? 32 : signatureAlgorithm === JoseSignatureAlgorithm.PS384 ? 48 : 64\n return crypto.subtle.verify({ name: 'rsa-pss', hash: hashAlg, saltLength }, key, signature, data)\n }\n\n // FIXME\n console.warn(`Using fallback for RSA-PSS verify signature, which is known to be flaky!!`)\n return rsa.PSS(hashAlg, rsa.mgf1(hashAlg)).verify(\n {\n n: jwkPropertyToBigInt(jwk.n!),\n e: jwkPropertyToBigInt(jwk.e!),\n },\n data,\n signature,\n )\n }\n }\n }\n\n throw Error(`Unsupported key type for signature validation: ${keyType}`)\n } catch (error: any) {\n logger.error(`Error: ${error}`)\n throw error\n }\n}\n\n/\n Minimal DER parser to unwrap X.509/SPKI‐wrapped RSA keys\n * into raw PKCS#1 RSAPublicKey format, using only Uint8Array.\n /\n\n/\n Read a DER length at the given offset.\n * @param bytes – full DER buffer\n * @param offset – index of the length byte\n * @returns the parsed length, and how many bytes were used to encode it\n /\nfunction readLength(bytes: Uint8Array, offset: number): { length: number; lengthBytes: number } {\n const first = bytes[offset]\n if (first < 0x80) {\n return { length: first, lengthBytes: 1 }\n }\n const numBytes = first & 0x7f\n let length = 0\n for (let i = 0; i < numBytes; i++) {\n length = (length << 8) \| bytes[offset + 1 + i]\n }\n return { length, lengthBytes: 1 + numBytes }\n}\n\n/\n Ensure the given DER‐encoded RSA public key (Uint8Array)\n * is raw PKCS#1. If it's X.509/SPKI‐wrapped, we strip the wrapper.\n \n @param derBytes – DER‐encoded public key, either PKCS#1 or X.509/SPKI\n * @returns DER‐encoded PKCS#1 RSAPublicKey\n /\nexport function toPkcs1(derBytes: Uint8Array): Uint8Array {\n if (derBytes[0] !== 0x30) {\n throw new Error('Invalid DER: expected SEQUENCE')\n }\n\n // Parse outer SEQUENCE length\n const { lengthBytes: outerLenBytes } = readLength(derBytes, 1)\n const outerHeaderLen = 1 + outerLenBytes\n const innerTag = derBytes[outerHeaderLen]\n\n // If next tag is INTEGER (0x02), it's already raw PKCS#1\n if (innerTag === 0x02) {\n return derBytes\n }\n\n // Otherwise expect X.509/SPKI: SEQUENCE { algId, BIT STRING }\n if (innerTag !== 0x30) {\n throw new Error('Unexpected DER tag, not PKCS#1 or SPKI')\n }\n\n // Skip the algId SEQUENCE\n const { length: algLen, lengthBytes: algLenBytes } = readLength(derBytes, outerHeaderLen + 1)\n const algHeaderLen = 1 + algLenBytes\n const algIdEnd = outerHeaderLen + algHeaderLen + algLen\n\n // Next tag should be BIT STRING (0x03)\n if (derBytes[algIdEnd] !== 0x03) {\n throw new Error('Expected BIT STRING after algId')\n }\n\n const { length: bitStrLen, lengthBytes: bitStrLenBytes } = readLength(derBytes, algIdEnd + 1)\n const bitStrHeaderLen = 1 + bitStrLenBytes\n const bitStrStart = algIdEnd + bitStrHeaderLen\n\n // First byte of the BIT STRING is the \"unused bits\" count; usually 0x00\n const unusedBits = derBytes[bitStrStart]\n if (unusedBits !== 0x00) {\n throw new Error(`Unexpected unused bits: ${unusedBits}`)\n }\n\n // The rest is the PKCS#1 DER\n const pkcs1Start = bitStrStart + 1\n const pkcs1Len = bitStrLen - 1\n\n return derBytes.slice(pkcs1Start, pkcs1Start + pkcs1Len)\n}\n\n/\n Ensure the given DER‐encoded RSA public key in Hex\n * is raw PKCS#1. If it's X.509/SPKI‐wrapped, we strip the wrapper.\n \n @param derBytes – DER‐encoded public key, either PKCS#1 or X.509/SPKI\n * @returns DER‐encoded PKCS#1 RSAPublicKey in hex\n /\nexport function toPkcs1FromHex(publicKeyHex: string) {\n const pkcs1 = toPkcs1(fromString(publicKeyHex, 'hex'))\n return toString(pkcs1, 'hex')\n}\n\nexport function joseAlgorithmToDigest(alg: string): DigestAlgorithm {\n switch (alg.toUpperCase().replace('-', '')) {\n case 'RS256':\n case 'ES256':\n case 'ES256K':\n case 'PS256':\n case 'HS256':\n return 'SHA-256'\n case 'RS384':\n case 'ES384':\n case 'PS384':\n case 'HS384':\n return 'SHA-384'\n case 'RS512':\n case 'ES512':\n case 'PS512':\n case 'HS512':\n return 'SHA-512'\n case 'EdDSA':\n return 'SHA-512'\n default:\n return 'SHA-256'\n }\n}\n\nexport function isHash(input: string): boolean {\n const length = input.length\n // SHA-256: 64 hex chars, SHA-384: 96 hex chars, SHA-512: 128 hex chars\n if (length !== 64 && length !== 96 && length !== 128) {\n return false\n }\n return input.match(/^([0-9A-Fa-f])+$/g) !== null\n}\n\nexport function isHashString(input: Uint8Array): boolean {\n const length = input.length\n // SHA-256: 32 bytes, SHA-384: 48 bytes, SHA-512: 64 bytes\n if (length !== 32 && length !== 48 && length !== 64) {\n return false\n }\n for (let i = 0; i < length; i++) {\n const byte = input[i]\n if (byte === undefined) {\n return false\n }\n // 0-9: 48-57, A-F: 65-70, a-f: 97-102\n if (!((byte >= 48 && byte <= 57) \|\| (byte >= 65 && byte <= 70) \|\| (byte >= 97 && byte <= 102))) {\n return false\n }\n }\n return true\n}\n\nexport type HashAlgorithm = 'SHA-256' \| 'sha256' \| 'SHA-384' \| 'sha384' \| 'SHA-512' \| 'sha512'\n\nexport function normalizeHashAlgorithm(alg?: HashAlgorithm): 'SHA-256' \| 'SHA-384' \| 'SHA-512' {\n if (!alg) {\n return 'SHA-256'\n }\n const upper = alg.toUpperCase()\n if (upper.includes('256')) return 'SHA-256'\n if (upper.includes('384')) return 'SHA-384'\n if (upper.includes('512')) return 'SHA-512'\n throw new Error(`Invalid hash algorithm: ${alg}`)\n}\n\nexport function isSameHash(left: HashAlgorithm, right: HashAlgorithm): boolean {\n return normalizeHashAlgorithm(left) === normalizeHashAlgorithm(right)\n}\n","import { sha256 } from '@noble/hashes/sha256'\nimport { sha384, sha512 } from '@noble/hashes/sha512'\nimport type { HasherSync } from '@sphereon/ssi-types'\n// @ts-ignore\nimport as u8a from 'uint8arrays'\nimport { normalizeHashAlgorithm } from './functions'\nimport { DigestAlgorithm } from './types'\nconst { fromString, toString, SupportedEncodings } = u8a\n\nexport type TDigestMethod = (input: string, encoding?: typeof SupportedEncodings) => string\n\nexport const digestMethodParams = (\n hashAlgorithm: DigestAlgorithm,\n): { hashAlgorithm: DigestAlgorithm; digestMethod: TDigestMethod; hash: (data: Uint8Array) => Uint8Array } => {\n switch (normalizeHashAlgorithm(hashAlgorithm)) {\n case 'SHA-256':\n return { hashAlgorithm: 'SHA-256', digestMethod: sha256DigestMethod, hash: sha256 }\n case 'SHA-384':\n return { hashAlgorithm: 'SHA-384', digestMethod: sha384DigestMethod, hash: sha384 }\n case 'SHA-512':\n return { hashAlgorithm: 'SHA-512', digestMethod: sha512DigestMethod, hash: sha512 }\n }\n}\n\nexport const shaHasher: HasherSync = (input: string \| ArrayBuffer \| SharedArrayBuffer, alg: string): Uint8Array => {\n const hashAlgorithm: DigestAlgorithm = alg.includes('384') ? 'SHA-384' : alg.includes('512') ? 'SHA-512' : 'SHA-256'\n return digestMethodParams(hashAlgorithm).hash(typeof input === 'string' ? fromString(input, 'utf-8') : new Uint8Array(input))\n}\n\nconst sha256DigestMethod = (input: string, encoding: typeof SupportedEncodings = 'base16'): string => {\n return toString(sha256(fromString(input, 'utf-8')), encoding)\n}\n\nconst sha384DigestMethod = (input: string, encoding: typeof SupportedEncodings = 'base16'): string => {\n return toString(sha384(fromString(input, 'utf-8')), encoding)\n}\n\nconst sha512DigestMethod = (input: string, encoding: typeof SupportedEncodings = 'base16'): string => {\n return toString(sha512(fromString(input, 'utf-8')), encoding)\n}\n\n/\n// PKCS#1 (PSS) mask generation function\nfunction pss_mgf1_str(seed, len, hash) {\n var mask = '', i = 0;\n\n while (mask.length < len) {\n mask += hextorstr(hash(rstrtohex(seed + String.fromCharCode.apply(String, [\n (i & 0xff000000) >> 24,\n (i & 0x00ff0000) >> 16,\n (i & 0x0000ff00) >> 8,\n i & 0x000000ff]))));\n i += 1;\n }\n\n return mask;\n}\n\n /\n\n/\n\n/!\n Generate mask of specified length.\n \n @param {String} seed The seed for mask generation.\n * @param maskLen Number of bytes to generate.\n * @return {String} The generated mask.\n !/\nexport const mgf1 = (dm: TDigestMethod, seed: string, maskLen: number) => {\n /! 2. Let T be the empty octet string. !/\n var t = new forge.util.ByteBuffer();\n\n /! 3. For counter from 0 to ceil(maskLen / hLen), do the following: !/\n var len = Math.ceil(maskLen / md.digestLength);\n for(var i = 0; i < len; i++) {\n /! a. Convert counter to an octet string C of length 4 octets !/\n var c = new forge.util.ByteBuffer();\n c.putInt32(i);\n\n /! b. Concatenate the hash of the seed mgfSeed and C to the octet\n * string T: !/\n md.start();\n md.update(seed + c.getBytes());\n t.putBuffer(md.digest());\n }\n\n /! Output the leading maskLen octets of T as the octet string mask. !/\n t.truncate(t.length() - maskLen);\n return t.getBytes();\n}\n/\n","import { JsonWebKey, JWK } from '@sphereon/ssi-types'\n// @ts-ignore\nimport type { ByteView } from 'multiformats/codecs/interface'\n// @ts-ignore\nimport { TextDecoder, TextEncoder } from 'web-encoding'\n\nconst textEncoder = new TextEncoder()\nconst textDecoder = new TextDecoder()\n\n/*\n Checks if the value is a non-empty string.\n \n @param value - The value to check.\n * @param description - Description of the value to check.\n * @param optional\n /\nfunction check(value: unknown, description: string, optional: boolean = false) {\n if (optional && !value) {\n return\n }\n if (typeof value !== 'string' \|\| !value) {\n throw new Error(`${description} missing or invalid`)\n }\n}\n\n/\n Checks if the value is a valid JSON object.\n \n @param value - The value to check.\n /\nfunction assertObject(value: unknown) {\n if (!value \|\| typeof value !== 'object') {\n throw new Error('Value must be an object')\n }\n}\n\n/\n Checks if the JWK is valid. It must contain all the required members.\n \n @see https://www.rfc-editor.org/rfc/rfc7518#section-6\n * @see https://www.rfc-editor.org/rfc/rfc8037#section-2\n \n @param jwk - The JWK to check.\n * @param opts\n /\nexport function validateJwk(jwk: any, opts?: { crvOptional?: boolean }) {\n assertObject(jwk)\n const { crvOptional = false } = opts ?? {}\n check(jwk.kty, '\"kty\" (Key Type) Parameter', false)\n\n // Check JWK required members based on the key type\n switch (jwk.kty) {\n /\n @see https://www.rfc-editor.org/rfc/rfc7518#section-6.2.1\n /\n case 'EC':\n check(jwk.crv, '\"crv\" (Curve) Parameter', crvOptional)\n check(jwk.x, '\"x\" (X Coordinate) Parameter')\n check(jwk.y, '\"y\" (Y Coordinate) Parameter')\n break\n /\n @see https://www.rfc-editor.org/rfc/rfc8037#section-2\n /\n case 'OKP':\n check(jwk.crv, '\"crv\" (Subtype of Key Pair) Parameter', crvOptional) // Shouldn't this one always be true as crv is not always present?\n check(jwk.x, '\"x\" (Public Key) Parameter')\n break\n /\n @see https://www.rfc-editor.org/rfc/rfc7518#section-6.3.1\n /\n case 'RSA':\n check(jwk.e, '\"e\" (Exponent) Parameter')\n check(jwk.n, '\"n\" (Modulus) Parameter')\n break\n default:\n throw new Error('\"kty\" (Key Type) Parameter missing or unsupported')\n }\n}\n\n/\n Extracts the required members of the JWK and canonicalizes it.\n \n @param jwk - The JWK to canonicalize.\n * @returns The JWK with only the required members, ordered lexicographically.\n /\nexport function minimalJwk(jwk: any): JWK {\n // \"default\" case is not needed\n // eslint-disable-next-line default-case\n switch (jwk.kty) {\n case 'EC':\n return { ...(jwk.crv && { crv: jwk.crv }), kty: jwk.kty, x: jwk.x, y: jwk.y }\n case 'OKP':\n return { ...(jwk.crv && { crv: jwk.crv }), kty: jwk.kty, x: jwk.x }\n case 'RSA':\n return { e: jwk.e, kty: jwk.kty, n: jwk.n }\n }\n throw Error(`Unsupported key type (kty) provided: ${jwk.kty}`)\n}\n\n/\n Encodes a JWK into a Uint8Array. Only the required JWK members are encoded.\n \n @see https://www.rfc-editor.org/rfc/rfc7518#section-6\n * @see https://www.rfc-editor.org/rfc/rfc8037#section-2\n * @see https://github.com/panva/jose/blob/3b8aa47b92d07a711bf5c3125276cc9a011794a4/src/jwk/thumbprint.ts#L37\n \n @param jwk - JSON Web Key.\n * @returns Uint8Array-encoded JWK.\n /\nexport function jwkJcsEncode(jwk: unknown): Uint8Array {\n validateJwk(jwk)\n const strippedJwk = minimalJwk(jwk)\n return textEncoder.encode(jcsCanonicalize(strippedJwk))\n}\n\n/\n Decodes an array of bytes into a JWK. Throws an error if the JWK is not valid.\n \n @param bytes - The array of bytes to decode.\n * @returns The corresponding JSON Web Key.\n /\nexport function jwkJcsDecode(bytes: ByteView<JsonWebKey>): JsonWebKey {\n const jwk = JSON.parse(textDecoder.decode(bytes))\n validateJwk(jwk)\n if (JSON.stringify(jwk) !== jcsCanonicalize(minimalJwk(jwk))) {\n throw new Error('The JWK embedded in the DID is not correctly formatted')\n }\n return jwk\n}\n\n// From: https://github.com/cyberphone/json-canonicalization\nexport function jcsCanonicalize(object: any) {\n let buffer = ''\n serialize(object)\n return buffer\n\n function serialize(object: any) {\n if (object === null \|\| typeof object !== 'object' \|\| object.toJSON != null) {\n /////////////////////////////////////////////////\n // Primitive type or toJSON - Use ES6/JSON //\n /////////////////////////////////////////////////\n buffer += JSON.stringify(object)\n } else if (Array.isArray(object)) {\n /////////////////////////////////////////////////\n // Array - Maintain element order //\n /////////////////////////////////////////////////\n buffer += '['\n let next = false\n object.forEach((element) => {\n if (next) {\n buffer += ','\n }\n next = true\n /////////////////////////////////////////\n // Array element - Recursive expansion //\n /////////////////////////////////////////\n serialize(element)\n })\n buffer += ']'\n } else {\n /////////////////////////////////////////////////\n // Object - Sort properties before serializing //\n /////////////////////////////////////////////////\n buffer += '{'\n let next = false\n Object.keys(object)\n .sort()\n .forEach((property) => {\n if (next) {\n buffer += ','\n }\n next = true\n ///////////////////////////////////////////////\n // Property names are strings - Use ES6/JSON //\n ///////////////////////////////////////////////\n buffer += JSON.stringify(property)\n buffer += ':'\n //////////////////////////////////////////\n // Property value - Recursive expansion //\n //////////////////////////////////////////\n serialize(object[property])\n })\n buffer += '}'\n }\n }\n}\n","import type { IKey, MinimalImportableKey } from '@veramo/core'\n\nexport const JWK_JCS_PUB_NAME = 'jwk_jcs-pub' as const\nexport const JWK_JCS_PUB_PREFIX = 0xeb51\n\nexport type TKeyType = 'Ed25519' \| 'Secp256k1' \| 'Secp256r1' \| 'Secp384r1' \| 'Secp521r1' \| 'X25519' \| 'Bls12381G1' \| 'Bls12381G2' \| 'RSA'\n\nexport enum Key {\n Ed25519 = 'Ed25519',\n Secp256k1 = 'Secp256k1',\n Secp256r1 = 'Secp256r1',\n}\n\nexport enum JwkKeyUse {\n Encryption = 'enc',\n Signature = 'sig',\n}\n\nexport const SIG_KEY_ALGS = ['ES256', 'ES384', 'ES512', 'EdDSA', 'ES256K', 'Ed25519', 'Secp256k1', 'Secp256r1', 'Bls12381G1', 'Bls12381G2']\nexport const ENC_KEY_ALGS = ['X25519', 'ECDH_ES_A256KW', 'RSA_OAEP_256']\n\nexport type KeyVisibility = 'public' \| 'private'\n\nexport type DigestAlgorithm = 'SHA-256' \| 'sha256' \| 'SHA-384' \| 'sha384' \| 'SHA-512' \| 'sha512'\n\nexport interface X509Opts {\n cn?: string // The certificate Common Name. Will be used as the KID for the private key. Uses alias if not provided.\n privateKeyPEM?: string // Optional as you also need to provide it in hex format, but advisable to use it\n certificatePEM?: string // Optional, as long as the certificate then is part of the certificateChainPEM\n certificateChainURL?: string // Certificate chain URL. If used this is where the certificateChainPEM will be hosted/found.\n certificateChainPEM?: string // Base64 (not url!) encoded DER certificate chain. Please provide even if certificateChainURL is used!\n}\n\nexport interface IImportProvidedOrGeneratedKeyArgs {\n providerName: string\n kms?: string\n alias?: string\n options?: IKeyOpts\n}\nexport interface IKeyOpts {\n key?: Partial<MinimalImportableKey> // Optional key to import with only privateKeyHex mandatory. If not specified a key with random kid will be created\n type?: Exclude<TKeyType, 'Secp384r1' \| 'Secp521r1'> // The key type. Defaults to Secp256k1. The exclude is there as we do not support it yet for key generation\n use?: JwkKeyUse // The key use\n x509?: X509Opts\n}\n/\n// Needed to make a single property required\ntype WithRequiredProperty<Type, Key extends keyof Type> = Type & {\n [Property in Key]-?: Type[Property]\n}*/\n\nexport type SignatureAlgorithmFromKeyArgs = {\n key: IKey\n}\n\nexport type SignatureAlgorithmFromKeyTypeArgs = {\n type: TKeyType\n}\n\nexport type KeyTypeFromCryptographicSuiteArgs = {\n crv?: string\n kty?: string\n alg?: string\n}\n","import {\n ICoseCurve,\n type ICoseKeyJson,\n ICoseKeyOperation,\n ICoseKeyType,\n ICoseSignatureAlgorithm,\n JoseCurve,\n type JoseCurveString,\n JoseKeyOperation,\n type JoseKeyOperationString,\n JoseSignatureAlgorithm,\n type JoseSignatureAlgorithmString,\n type JWK,\n JwkKeyType,\n type JwkKeyTypeString,\n} from '@sphereon/ssi-types'\nimport { removeNulls } from './functions'\n\nexport function coseKeyToJwk(coseKey: ICoseKeyJson): JWK {\n const { x5chain, key_ops, crv, alg, baseIV, kty, ...rest } = coseKey\n return removeNulls({\n ...rest,\n kty: coseToJoseKty(kty),\n ...(crv && { crv: coseToJoseCurve(crv) }),\n ...(key_ops && { key_ops: key_ops.map(coseToJoseKeyOperation) }),\n ...(alg && { alg: coseToJoseSignatureAlg(alg) }),\n ...(baseIV && { iv: baseIV }),\n ...(x5chain && { x5c: x5chain }),\n }) satisfies JWK\n}\n\nexport function jwkToCoseKey(jwk: JWK): ICoseKeyJson {\n const { x5c, key_ops, crv, alg, iv, kty, ...rest } = jwk\n\n return removeNulls({\n ...rest,\n kty: joseToCoseKty(kty),\n ...(crv && { crv: joseToCoseCurve(crv) }),\n ...(key_ops && { key_ops: key_ops.map(joseToCoseKeyOperation) }),\n ...(alg && { alg: joseToCoseSignatureAlg(alg) }),\n ...(iv && { baseIV: iv }),\n ...(x5c && { x5chain: x5c }),\n // @ts-ignore\n } satisfies ICoseKeyJson)\n}\n\nexport function coseToJoseKty(kty: ICoseKeyType): JwkKeyType {\n switch (kty) {\n case ICoseKeyType.EC2:\n return JwkKeyType.EC\n case ICoseKeyType.RSA:\n return JwkKeyType.RSA\n case ICoseKeyType.Symmetric:\n return JwkKeyType.oct\n case ICoseKeyType.OKP:\n return JwkKeyType.OKP\n default:\n throw Error(`Key type ${kty} not supported in JWA`)\n }\n}\n\nexport function joseToCoseKty(kty: JwkKeyType \| JwkKeyTypeString): ICoseKeyType {\n switch (kty) {\n case 'EC':\n return ICoseKeyType.EC2\n case 'RSA':\n return ICoseKeyType.RSA\n case 'oct':\n return ICoseKeyType.Symmetric\n case 'OKP':\n return ICoseKeyType.OKP\n default:\n throw Error(`Key type ${kty} not supported in Cose`)\n }\n}\n\nexport function coseToJoseSignatureAlg(coseAlg: ICoseSignatureAlgorithm): JoseSignatureAlgorithm {\n switch (coseAlg) {\n case ICoseSignatureAlgorithm.ES256K:\n return JoseSignatureAlgorithm.ES256K\n case ICoseSignatureAlgorithm.ES256:\n return JoseSignatureAlgorithm.ES256\n case ICoseSignatureAlgorithm.ES384:\n return JoseSignatureAlgorithm.ES384\n case ICoseSignatureAlgorithm.ES512:\n return JoseSignatureAlgorithm.ES512\n case ICoseSignatureAlgorithm.PS256:\n return JoseSignatureAlgorithm.PS256\n case ICoseSignatureAlgorithm.PS384:\n return JoseSignatureAlgorithm.PS384\n case ICoseSignatureAlgorithm.PS512:\n return JoseSignatureAlgorithm.PS512\n case ICoseSignatureAlgorithm.HS256:\n return JoseSignatureAlgorithm.HS256\n case ICoseSignatureAlgorithm.HS384:\n return JoseSignatureAlgorithm.HS384\n case ICoseSignatureAlgorithm.HS512:\n return JoseSignatureAlgorithm.HS512\n case ICoseSignatureAlgorithm.EdDSA:\n return JoseSignatureAlgorithm.EdDSA\n default:\n throw Error(`Signature algorithm ${coseAlg} not supported in Jose`)\n }\n}\n\nexport function joseToCoseSignatureAlg(joseAlg: JoseSignatureAlgorithm \| JoseSignatureAlgorithmString): ICoseSignatureAlgorithm {\n switch (joseAlg) {\n case JoseSignatureAlgorithm.ES256K:\n case 'ES256K':\n return ICoseSignatureAlgorithm.ES256K\n case JoseSignatureAlgorithm.ES256:\n case 'ES256':\n return ICoseSignatureAlgorithm.ES256\n case JoseSignatureAlgorithm.ES384:\n case 'ES384':\n return ICoseSignatureAlgorithm.ES384\n case JoseSignatureAlgorithm.ES512:\n case 'ES512':\n return ICoseSignatureAlgorithm.ES512\n case JoseSignatureAlgorithm.PS256:\n case 'PS256':\n return ICoseSignatureAlgorithm.PS256\n case JoseSignatureAlgorithm.PS384:\n case 'PS384':\n return ICoseSignatureAlgorithm.PS384\n case JoseSignatureAlgorithm.PS512:\n case 'PS512':\n return ICoseSignatureAlgorithm.PS512\n case JoseSignatureAlgorithm.HS256:\n case 'HS256':\n return ICoseSignatureAlgorithm.HS256\n case JoseSignatureAlgorithm.HS384:\n case 'HS384':\n return ICoseSignatureAlgorithm.HS384\n case JoseSignatureAlgorithm.HS512:\n case 'HS512':\n return ICoseSignatureAlgorithm.HS512\n case JoseSignatureAlgorithm.EdDSA:\n case 'EdDSA':\n return ICoseSignatureAlgorithm.EdDSA\n default:\n throw Error(`Signature algorithm ${joseAlg} not supported in Cose`)\n }\n}\n\nexport function joseToCoseKeyOperation(keyOp: JoseKeyOperation \| JoseKeyOperationString): ICoseKeyOperation {\n switch (keyOp) {\n case JoseKeyOperation.SIGN:\n case 'sign':\n return ICoseKeyOperation.SIGN\n case JoseKeyOperation.VERIFY:\n case 'verify':\n return ICoseKeyOperation.VERIFY\n case JoseKeyOperation.ENCRYPT:\n case 'encrypt':\n return ICoseKeyOperation.ENCRYPT\n case JoseKeyOperation.DECRYPT:\n case 'decrypt':\n return ICoseKeyOperation.DECRYPT\n case JoseKeyOperation.WRAP_KEY:\n case 'wrapKey':\n return ICoseKeyOperation.WRAP_KEY\n case JoseKeyOperation.UNWRAP_KEY:\n case 'unwrapKey':\n return ICoseKeyOperation.UNWRAP_KEY\n case JoseKeyOperation.DERIVE_KEY:\n case 'deriveKey':\n return ICoseKeyOperation.DERIVE_KEY\n case JoseKeyOperation.DERIVE_BITS:\n case 'deriveBits':\n return ICoseKeyOperation.DERIVE_BITS\n default:\n throw Error(`Key operation ${keyOp} not supported in Cose`)\n }\n}\n\nexport function coseToJoseKeyOperation(keyOp: ICoseKeyOperation): JoseKeyOperation {\n switch (keyOp) {\n case ICoseKeyOperation.SIGN:\n return JoseKeyOperation.SIGN\n case ICoseKeyOperation.VERIFY:\n return JoseKeyOperation.VERIFY\n case ICoseKeyOperation.ENCRYPT:\n return JoseKeyOperation.ENCRYPT\n case ICoseKeyOperation.DECRYPT:\n return JoseKeyOperation.DECRYPT\n case ICoseKeyOperation.WRAP_KEY:\n return JoseKeyOperation.WRAP_KEY\n case ICoseKeyOperation.UNWRAP_KEY:\n return JoseKeyOperation.UNWRAP_KEY\n case ICoseKeyOperation.DERIVE_KEY:\n return JoseKeyOperation.DERIVE_KEY\n case ICoseKeyOperation.DERIVE_BITS:\n return JoseKeyOperation.DERIVE_BITS\n default:\n throw Error(`Key operation ${keyOp} not supported in Jose`)\n }\n}\n\nexport function joseToCoseCurve(curve: JoseCurve \| JoseCurveString): ICoseCurve {\n switch (curve) {\n case (JoseCurve.P_256, 'P-256'):\n return ICoseCurve.P_256\n case (JoseCurve.P_384, 'P-384'):\n return ICoseCurve.P_384\n case (JoseCurve.P_521, 'P-521'):\n return ICoseCurve.P_521\n case (JoseCurve.X25519, 'X25519'):\n return ICoseCurve.X25519\n case (JoseCurve.X448, 'X448'):\n return ICoseCurve.X448\n case (JoseCurve.Ed25519, 'Ed25519'):\n return ICoseCurve.Ed25519\n case (JoseCurve.Ed448, 'Ed448'):\n return ICoseCurve.Ed448\n case (JoseCurve.secp256k1, 'secp256k1'):\n return ICoseCurve.secp256k1\n default:\n throw Error(`Curve ${curve} not supported in Cose`)\n }\n}\n\nexport function coseToJoseCurve(curve: ICoseCurve): JoseCurve {\n switch (curve) {\n case ICoseCurve.P_256:\n return JoseCurve.P_256\n case ICoseCurve.P_384:\n return JoseCurve.P_384\n case ICoseCurve.P_521:\n return JoseCurve.P_521\n case ICoseCurve.X25519:\n return JoseCurve.X25519\n case ICoseCurve.X448:\n return JoseCurve.X448\n case ICoseCurve.Ed25519:\n return JoseCurve.Ed25519\n case ICoseCurve.Ed448:\n return JoseCurve.Ed448\n case ICoseCurve.secp256k1:\n return JoseCurve.secp256k1\n default:\n throw Error(`Curve ${curve} not supported in Jose`)\n }\n}\n"],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;ACAA,oBAA4B;AAE5B,uBAA0B;AAC1B,qBAAgC;AAChC,kBAAqB;AACrB,kBAAqB;AACrB,kBAAqB;AACrB,uBAA0B;AAC1B,kBAAuC;AACvC,yBAOO;AACP,uBAAiF;AACjF,IAAAA,kBAA0D;AAE1D,mBAAkB;AAGlB,sBAAqB;AACrB,UAAqB;AAKrB,IAAAC,OAAqB;;;AC7BrB,oBAAuB;AACvB,oBAA+B;AAG/B,UAAqB;AAGrB,IAAM,EAAEC,YAAYC,UAAUC,mBAAkB,IAAKC;AAI9C,IAAMC,qBAAqB,wBAChCC,kBAAAA;AAEA,UAAQC,uBAAuBD,aAAAA,GAAAA;IAC7B,KAAK;AACH,aAAO;QAAEA,eAAe;QAAWE,cAAcC;QAAoBC,MAAMC;MAAO;IACpF,KAAK;AACH,aAAO;QAAEL,eAAe;QAAWE,cAAcI;QAAoBF,MAAMG;MAAO;IACpF,KAAK;AACH,aAAO;QAAEP,eAAe;QAAWE,cAAcM;QAAoBJ,MAAMK;MAAO;EACtF;AACF,GAXkC;AAa3B,IAAMC,YAAwB,wBAACC,OAAiDC,QAAAA;AACrF,QAAMZ,gBAAiCY,IAAIC,SAAS,KAAA,IAAS,YAAYD,IAAIC,SAAS,KAAA,IAAS,YAAY;AAC3G,SAAOd,mBAAmBC,aAAAA,EAAeI,KAAK,OAAOO,UAAU,WAAWhB,WAAWgB,OAAO,OAAA,IAAW,IAAIG,WAAWH,KAAAA,CAAAA;AACxH,GAHqC;AAKrC,IAAMR,qBAAqB,wBAACQ,OAAeI,WAAsC,aAAQ;AACvF,SAAOnB,aAASS,sBAAOV,WAAWgB,OAAO,OAAA,CAAA,GAAWI,QAAAA;AACtD,GAF2B;AAI3B,IAAMT,qBAAqB,wBAACK,OAAeI,WAAsC,aAAQ;AACvF,SAAOnB,aAASW,sBAAOZ,WAAWgB,OAAO,OAAA,CAAA,GAAWI,QAAAA;AACtD,GAF2B;AAI3B,IAAMP,qBAAqB,wBAACG,OAAeI,WAAsC,aAAQ;AACvF,SAAOnB,aAASa,sBAAOd,WAAWgB,OAAO,OAAA,CAAA,GAAWI,QAAAA;AACtD,GAF2B;;;ACjC3B,0BAAyC;AAEzC,IAAMC,cAAc,IAAIC,gCAAAA;AACxB,IAAMC,cAAc,IAAIC,gCAAAA;AASxB,SAASC,MAAMC,OAAgBC,aAAqBC,WAAoB,OAAK;AAC3E,MAAIA,YAAY,CAACF,OAAO;AACtB;EACF;AACA,MAAI,OAAOA,UAAU,YAAY,CAACA,OAAO;AACvC,UAAM,IAAIG,MAAM,GAAGF,WAAAA,qBAAgC;EACrD;AACF;AAPSF;AAcT,SAASK,aAAaJ,OAAc;AAClC,MAAI,CAACA,SAAS,OAAOA,UAAU,UAAU;AACvC,UAAM,IAAIG,MAAM,yBAAA;EAClB;AACF;AAJSC;AAeF,SAASC,YAAYC,KAAUC,MAAgC;AACpEH,eAAaE,GAAAA;AACb,QAAM,EAAEE,cAAc,MAAK,IAAKD,QAAQ,CAAC;AACzCR,QAAMO,IAAIG,KAAK,8BAA8B,KAAA;AAG7C,UAAQH,IAAIG,KAAG;;;;IAIb,KAAK;AACHV,YAAMO,IAAII,KAAK,2BAA2BF,WAAAA;AAC1CT,YAAMO,IAAIK,GAAG,8BAAA;AACbZ,YAAMO,IAAIM,GAAG,8BAAA;AACb;;;;IAIF,KAAK;AACHb,YAAMO,IAAII,KAAK,yCAAyCF,WAAAA;AACxDT,YAAMO,IAAIK,GAAG,4BAAA;AACb;;;;IAIF,KAAK;AACHZ,YAAMO,IAAIO,GAAG,0BAAA;AACbd,YAAMO,IAAIQ,GAAG,yBAAA;AACb;IACF;AACE,YAAM,IAAIX,MAAM,mDAAA;EACpB;AACF;AAhCgBE;AAwCT,SAASU,WAAWT,KAAQ;AAGjC,UAAQA,IAAIG,KAAG;IACb,KAAK;AACH,aAAO;QAAE,GAAIH,IAAII,OAAO;UAAEA,KAAKJ,IAAII;QAAI;QAAID,KAAKH,IAAIG;QAAKE,GAAGL,IAAIK;QAAGC,GAAGN,IAAIM;MAAE;IAC9E,KAAK;AACH,aAAO;QAAE,GAAIN,IAAII,OAAO;UAAEA,KAAKJ,IAAII;QAAI;QAAID,KAAKH,IAAIG;QAAKE,GAAGL,IAAIK;MAAE;IACpE,KAAK;AACH,aAAO;QAAEE,GAAGP,IAAIO;QAAGJ,KAAKH,IAAIG;QAAKK,GAAGR,IAAIQ;MAAE;EAC9C;AACA,QAAMX,MAAM,wCAAwCG,IAAIG,GAAG,EAAE;AAC/D;AAZgBM;AAwBT,SAASC,aAAaV,KAAY;AACvCD,cAAYC,GAAAA;AACZ,QAAMW,cAAcF,WAAWT,GAAAA;AAC/B,SAAOX,YAAYuB,OAAOC,gBAAgBF,WAAAA,CAAAA;AAC5C;AAJgBD;AAYT,SAASI,aAAaC,OAA2B;AACtD,QAAMf,MAAMgB,KAAKC,MAAM1B,YAAY2B,OAAOH,KAAAA,CAAAA;AAC1ChB,cAAYC,GAAAA;AACZ,MAAIgB,KAAKG,UAAUnB,GAAAA,MAASa,gBAAgBJ,WAAWT,GAAAA,CAAAA,GAAO;AAC5D,UAAM,IAAIH,MAAM,wDAAA;EAClB;AACA,SAAOG;AACT;AAPgBc;AAUT,SAASD,gBAAgBO,QAAW;AACzC,MAAIC,SAAS;AACbC,YAAUF,MAAAA;AACV,SAAOC;AAEP,WAASC,UAAUF,SAAW;AAC5B,QAAIA,YAAW,QAAQ,OAAOA,YAAW,YAAYA,QAAOG,UAAU,MAAM;AAI1EF,gBAAUL,KAAKG,UAAUC,OAAAA;IAC3B,WAAWI,MAAMC,QAAQL,OAAAA,GAAS;AAIhCC,gBAAU;AACV,UAAIK,OAAO;AACXN,MAAAA,QAAOO,QAAQ,CAACC,YAAAA;AACd,YAAIF,MAAM;AACRL,oBAAU;QACZ;AACAK,eAAO;AAIPJ,kBAAUM,OAAAA;MACZ,CAAA;AACAP,gBAAU;IACZ,OAAO;AAILA,gBAAU;AACV,UAAIK,OAAO;AACXG,aAAOC,KAAKV,OAAAA,EACTW,KAAI,EACJJ,QAAQ,CAACK,aAAAA;AACR,YAAIN,MAAM;AACRL,oBAAU;QACZ;AACAK,eAAO;AAIPL,kBAAUL,KAAKG,UAAUa,QAAAA;AACzBX,kBAAU;AAIVC,kBAAUF,QAAOY,QAAAA,CAAS;MAC5B,CAAA;AACFX,gBAAU;IACZ;EACF;AAhDSC;AAiDX;AAtDgBT;;;ACjIT,IAAMoB,mBAAmB;AACzB,IAAMC,qBAAqB;AAI3B,IAAKC,MAAAA,0BAAAA,MAAAA;;;;SAAAA;;AAML,IAAKC,YAAAA,0BAAAA,YAAAA;;;SAAAA;;AAKL,IAAMC,eAAe;EAAC;EAAS;EAAS;EAAS;EAAS;EAAU;EAAW;EAAa;EAAa;EAAc;;AACvH,IAAMC,eAAe;EAAC;EAAU;EAAkB;;;;AHyBzD,IAAM,EAAEC,YAAAA,aAAYC,UAAAA,UAAQ,IAAKC;AAE1B,IAAMC,SAASC,yBAAQC,QAAQC,IAAI,oBAAA;AAQnC,IAAMC,SAAS,8BAAOC,SAA6BC,QAAAA;AACxD,MAAIA,KAAK;AACP,WAAOA;EACT;AACA,MAAI,CAACD,QAAQE,MAAMC,iBAAgB,EAAGC,SAAS,yCAAA,GAA4C;AACzF,UAAMC,MAAM,2FAAA;EACd;AACA,SAAOL,QAAQE,MAAMI,wCAAuC;AAC9D,GARsB;AAef,IAAMC,wBAAwB,8BAAOC,SAAAA;AAC1C,UAAQA,MAAAA;IACN,KAAK,WAAW;AACd,YAAMC,qBAAiBC,gBAAAA,iBAAAA;AACvB,aAAOjB,UAASgB,eAAeE,WAAW,QAAA;IAC5C;;IAEA,KAAK;IACL,KAAK,aAAa;AAChB,YAAMC,mBAAeC,2BAAY,EAAA;AACjC,aAAOpB,UAASmB,cAAc,QAAA;IAChC;IACA,KAAK,OAAO;AACV,YAAME,MAAM,UAAMC,wCAAoB,WAAW,WAAW,IAAA;AAC5D,iBAAOC,yCAAqBF,GAAAA;IAC9B;IACA;AACE,YAAMT,MAAM,2BAA2BG,IAAAA,oDAAwD;EACnG;AACF,GAnBqC;AAqBrC,IAAMS,+BAA+B,wBAACT,SAAAA;AACpC,UAAQA,MAAAA;IACN,KAAK;AACH,aAAO;QAAC;QAAW;;IACrB,KAAK;IACL,KAAK;AACH,aAAO;QAAC;QAAU;QAAY;QAAuB;QAAqB;QAAmB;;IAC/F,KAAK;AACH,aAAO;QAAC;;IACV,KAAK;AACH,aAAO;QAAC;QAAQ;QAAW;;IAC7B,KAAK;AACH,aAAO;QAAC;QAAS;QAAS;QAAS;;EACvC;AACA,SAAO;IAACA;;AACV,GAfqC;AAwBrC,eAAsBU,6BACpBC,MAGAnB,SAAmC;AAGnC,QAAMQ,OAAOW,KAAKC,SAASZ,QAAQW,KAAKC,SAASC,KAAKb,QAAQW,KAAKC,SAASE,WAAW;AACvF,QAAMD,MAAMF,MAAMC,SAASC;AAC3B,MAAIA,KAAK;AACPA,QAAIE,OAAO;MACT,GAAGF,IAAIE;MACPC,cAAcL,KAAKK;IACrB;AAGA,QAAIL,KAAKC,SAASK,MAAM;AACtBJ,UAAIE,OAAO;QACT,GAAGF,IAAIE;QACPE,MAAM;UACJ,GAAGN,KAAKC,QAAQK;UAChB,GAAGJ,IAAIE,MAAME;QACf;MACF;IACF;EACF;AAEA,MAAIN,KAAKC,WAAWD,KAAKC,SAASM,QAAQC,UAAUC,cAAc,CAACC,aAAazB,SAASI,IAAAA,GAAO;AAC9F,UAAM,IAAIH,MAAM,GAAGG,IAAAA,oCAAwC;EAC7D;AAEA,MAAIsB,gBAAoCC;AACxC,MAAIV,KAAK;AACPS,oBAAgBT,IAAIS,iBAAiBT,IAAIE,MAAME,MAAMK;AACrD,SAAK,CAACA,iBAAiBA,cAAcE,KAAI,MAAO,OAAOX,KAAKE,MAAME,MAAMQ,eAAe;AAErFH,0BAAgBd,yCAAqBK,IAAIE,KAAKE,KAAKQ,aAAa;IAClE;EACF;AACA,MAAIH,eAAe;AACjB,WAAO9B,QAAQE,MAAMgC,iBAAiB;MACpC,GAAGb;MACHpB,KAAKkB,KAAKlB;MACVO;MACAsB;IACF,CAAA;EACF;AAEA,SAAO9B,QAAQE,MAAMiC,iBAAiB;IACpC3B;IACAP,KAAKkB,KAAKlB;IACVsB,MAAM;MACJ,GAAGF,KAAKE;MACRa,YAAYnB,6BAA6BT,IAAAA;MACzC,GAAIa,KAAKE,MAAMc,WAAW,CAAC,IAAI;QAAEA,UAAUlB,KAAKmB;MAAM;IACxD;EACF,CAAA;AACF;AAzDsBpB;AA2Df,IAAMqB,+BAA+B,wBAACpB,SAAAA;AAI3C,QAAM,EAAEE,IAAG,IAAKF;AAEhB,QAAMqB,MAAMnB,IAAIoB,eACZC,MAAMrB,IAAIoB,cAAcpB,IAAIb,MAAM;IAAEa;IAAUsB,cAAc;EAAM,CAAA,IAClE,mBAAmBtB,OAAOA,IAAIS,gBAC5BY,MAAMrB,IAAIS,eAAeT,IAAIb,MAAM;IAAEmC,cAAc;EAAK,CAAA,IACxDZ;AACN,MAAI,CAACS,KAAK;AACR,UAAMnC,MAAM,oCAAoCgB,IAAIuB,GAAG,EAAE;EAC3D;AACA,SAAOC,uBAAuB;IAAEL;IAAKM,iBAAiB3B,KAAK2B;EAAgB,CAAA;AAC7E,GAf4C;AAiB5C,IAAMC,wBAAwB,wBAACC,OAAgBC,gBAAAA;AAC7C,MAAI,OAAOD,UAAU,YAAY,CAACA,OAAO;AACvC,UAAM,IAAI3C,MAAM,GAAG4C,WAAAA,qBAAgC;EACrD;AACF,GAJ8B;AAKvB,IAAMC,cAAc,wBAACC,UAA0B1D,UAASD,YAAW2D,KAAAA,GAAQ,WAAA,GAAvD;AAMpB,IAAMN,yBAAyB,wBAAC1B,SAAAA;AACrC,QAAM2B,kBAAkBM,uBAAuBjC,KAAK2B,mBAAmB,SAAA;AACvE,QAAMN,MAAMa,aAAalC,KAAKqB,GAAG;AACjC,MAAIc;AACJ,UAAQd,IAAIe,KAAG;IACb,KAAK;AACHR,4BAAsBP,IAAIgB,KAAK,yBAAA;AAC/BT,4BAAsBP,IAAIiB,GAAG,8BAAA;AAC7BV,4BAAsBP,IAAIkB,GAAG,8BAAA;AAC7BJ,mBAAa;QAAEE,KAAKhB,IAAIgB;QAAKD,KAAKf,IAAIe;QAAKE,GAAGjB,IAAIiB;QAAGC,GAAGlB,IAAIkB;MAAE;AAC9D;IACF,KAAK;AACHX,4BAAsBP,IAAIgB,KAAK,uCAAA;AAC/BT,4BAAsBP,IAAIiB,GAAG,4BAAA;AAC7BH,mBAAa;QAAEE,KAAKhB,IAAIgB;QAAKD,KAAKf,IAAIe;QAAKE,GAAGjB,IAAIiB;MAAE;AACpD;IACF,KAAK;AACHV,4BAAsBP,IAAImB,GAAG,0BAAA;AAC7BZ,4BAAsBP,IAAIoB,GAAG,yBAAA;AAC7BN,mBAAa;QAAEK,GAAGnB,IAAImB;QAAGJ,KAAKf,IAAIe;QAAKK,GAAGpB,IAAIoB;MAAE;AAChD;IACF,KAAK;AACHb,4BAAsBP,IAAIqB,GAAG,2BAAA;AAC7BP,mBAAa;QAAEO,GAAGrB,IAAIqB;QAAGN,KAAKf,IAAIe;MAAI;AACtC;IACF;AACE,YAAM,IAAIlD,MAAM,mDAAA;EACpB;AACA,QAAMyD,OAAOC,KAAKC,UAAUV,UAAAA;AAC5B,SAAOW,mBAAmBnB,eAAAA,EAAiBoB,aAAaJ,MAAM,WAAA;AAChE,GA9BsC;AAgC/B,IAAMK,eAAe,wBAC1B9C,KACA+C,SAAAA;AAKA,QAAMzB,eAAe,mBAAmBtB;AACxC,SAAOqB,MAAMrB,IAAIoB,cAAepB,IAAIb,MAAM;IAAE,GAAG4D;IAAM/C;IAAKsB;EAAa,CAAA;AACzE,GAT4B;AAkBrB,IAAMD,QAAQ,wBACnBD,cACAjC,MACA4D,SAAAA;AAEA,QAAM,EAAE/C,KAAKgD,kBAAkB,MAAK,IAAKD,QAAQ,CAAC;AAClD,MAAI/C,OAAOA,IAAIoB,iBAAiBA,gBAAgB2B,MAAMzB,iBAAiB,MAAM;AAC3E,UAAMtC,MAAM,wBAAwBgB,IAAIuB,GAAG,oCAAoCvB,IAAIoB,YAAY,6BAA6BA,YAAAA,EAAc;EAC5I;AACA,MAAID;AACJ,UAAQhC,MAAAA;IACN,KAAK;AACHgC,YAAM8B,qBAAqB7B,cAAc;QAAE,GAAG2B;QAAMZ,KAAKe,2BAAUC;MAAQ,CAAA;AAC3E;IACF,KAAK;AACHhC,YAAM8B,qBAAqB7B,cAAc;QAAE,GAAG2B;QAAMZ,KAAKe,2BAAUE;MAAO,CAAA;AAC1E;IACF,KAAK;AACHjC,YAAMkC,eAAejC,cAAc2B,IAAAA;AACnC;IACF,KAAK;AACH5B,YAAMmC,eAAelC,cAAc2B,IAAAA;AACnC;IACF,KAAK;AACH5B,YAAMoC,SAASnC,cAAc2B,IAAAA;AAC7B;IACF;AACE,YAAM,IAAI/D,MAAM,2BAA2BG,IAAAA,oDAAwD;EACvG;AACA,MAAI,CAACgC,IAAII,OAAO,CAACyB,iBAAiB;AAChC7B,QAAI,KAAA,IAASK,uBAAuB;MAAEL;IAAI,CAAA;EAC5C;AACA,SAAOa,aAAab,GAAAA;AACtB,GAjCqB;AAyCd,IAAMqC,iBAAiB,8BAAOrC,QAAAA;AAEnCA,QAAMa,aAAab,GAAAA;AACnB,MAAIA,IAAIe,QAAQ,OAAO;AACrB,WAAOuB,kBAAkBtC,GAAAA;EAC3B,WAAWA,IAAIe,QAAQ,MAAM;AAC3B,WAAOwB,iBAAiBvC,GAAAA;EAC1B,WAAWA,IAAIe,QAAQ,OAAO;AAC5B,WAAOyB,kBAAkBxC,GAAAA;EAC3B,WAAWA,IAAIe,QAAQ,OAAO;AAC5B,WAAO0B,kBAAkBzC,GAAAA;EAC3B,OAAO;AACL,UAAM,IAAInC,MAAM,yBAAyBmC,IAAIe,GAAG,EAAE;EACpD;AACF,GAd8B;AAqBvB,SAASuB,kBAAkBtC,KAAe;AAK/C,WAAS0C,cAAcC,OAAiB;AAEtC,QAAIA,MAAM,CAAA,IAAK,KAAM;AACnBA,cAAQC,WAAWC,KAAK;QAAC;WAASF;OAAM;IAC1C;AACA,UAAMG,MAAMC,aAAaJ,MAAMK,MAAM;AACrC,WAAOJ,WAAWC,KAAK;MAAC;SAASC;SAAQH;KAAM;EACjD;AAPSD;AAcT,WAASK,aAAaD,KAAQ;AAC5B,QAAIA,MAAM,KAAM;AACd,aAAOF,WAAWK,GAAGH,GAAAA;IACvB;AACA,QAAII,MAAMJ,IAAI7F,SAAS,EAAA;AACvB,QAAIiG,IAAIF,SAAS,MAAM,GAAG;AACxBE,YAAM,MAAMA;IACd;AACA,UAAMC,WAAWP,WAAWC,KAAKK,IAAIE,MAAM,OAAA,EAAUC,IAAI,CAACC,MAAWC,SAASD,GAAG,EAAA,CAAA,CAAA;AACjF,WAAOV,WAAWK,GAAG,MAAOE,SAASH,QAAM,GAAKG,QAAAA;EAClD;AAVSJ;AAgBT,WAASS,eAAeC,UAAa;AACnC,UAAMC,UAAUD,SAASE,OAAO,CAACC,KAAUC,QAAajB,WAAWC,KAAK;SAAIe;SAAQC;KAAI,GAAG,IAAIjB,WAAAA,CAAAA;AAC/F,UAAME,MAAMC,aAAaW,QAAQV,MAAM;AACvC,WAAOJ,WAAWC,KAAK;MAAC;SAASC;SAAQY;KAAQ;EACnD;AAJSF;AAST,WAASM,iBAAiBC,QAAc;AACtC,WAAO/G,YAAW+G,QAAQ,WAAA;EAC5B;AAFSD;AAIT9D,QAAMa,aAAab,GAAAA;AACnB,MAAI,CAACA,IAAIoB,KAAK,CAACpB,IAAImB,GAAG;AACpB,UAAM,IAAItD,MAAM,8CAAA;EAClB;AACA,QAAMmG,eAAeF,iBAAiB9D,IAAIoB,CAAC;AAC3C,QAAM6C,gBAAgBH,iBAAiB9D,IAAImB,CAAC;AAC5C,QAAM+C,WAAWV,eAAe;IAACd,cAAcsB,YAAAA;IAAetB,cAAcuB,aAAAA;GAAe;AAC3F,QAAME,SAASlH,UAASiH,UAAU,KAAA;AAClC,SAAOC;AAOT;AA/DgB7B;AAsEhB,SAASC,iBAAiBvC,KAAe;AACvCA,QAAMa,aAAab,GAAAA;AACnB,MAAI,CAACA,IAAIiB,KAAK,CAACjB,IAAIkB,GAAG;AACpB,UAAM,IAAIrD,MAAM,6CAAA;EAClB;AAGA,QAAMoD,IAAIjE,YAAWgD,IAAIiB,EAAEmD,QAAQ,OAAO,GAAA,EAAKA,QAAQ,OAAO,GAAA,EAAKA,QAAQ,OAAO,EAAA,GAAK,WAAA;AACvF,QAAMlD,IAAIlE,YAAWgD,IAAIkB,EAAEkD,QAAQ,OAAO,GAAA,EAAKA,QAAQ,OAAO,GAAA,EAAKA,QAAQ,OAAO,EAAA,GAAK,WAAA;AAEvF,SAAO,OAAOnH,UAASgE,GAAG,KAAA,IAAShE,UAASiE,GAAG,KAAA;AACjD;AAXSqB;AAkBT,SAASC,kBAAkBxC,KAAe;AACxCA,QAAMa,aAAab,GAAAA;AACnB,MAAI,CAACA,IAAIiB,GAAG;AACV,UAAM,IAAIpD,MAAM,oCAAA;EAClB;AAGA,QAAMoD,IAAIjE,YAAWgD,IAAIiB,EAAEmD,QAAQ,OAAO,GAAA,EAAKA,QAAQ,OAAO,GAAA,EAAKA,QAAQ,OAAO,EAAA,GAAK,WAAA;AAEvF,SAAOnH,UAASgE,GAAG,KAAA;AACrB;AAVSuB;AAiBT,SAASC,kBAAkBzC,KAAe;AACxCA,QAAMa,aAAab,GAAAA;AACnB,MAAI,CAACA,IAAIqB,GAAG;AACV,UAAM,IAAIxD,MAAM,sCAAA;EAClB;AAGA,QAAMgB,MAAM7B,YAAWgD,IAAIqB,EAAE+C,QAAQ,OAAO,GAAA,EAAKA,QAAQ,OAAO,GAAA,EAAKA,QAAQ,OAAO,EAAA,GAAK,WAAA;AAEzF,SAAOnH,UAAS4B,KAAK,KAAA;AACvB;AAVS4D;AAYF,SAAS4B,8BAA8B/E,eAAqB;AACjE,MAAI,CAAC,oBAAoBgF,KAAKhF,aAAAA,GAAgB;AAC5C,UAAM,IAAIzB,MAAM,4CAAA;EAClB;AAEA,QAAM0G,OAAO3B,WAAWC,KAAK2B,OAAO3B,KAAKvD,eAAe,KAAA,CAAA;AACxD,QAAMmF,MAAMC,sBAAOC,aAAaJ,IAAAA;AAEhC,SAAOC,OAAO3B,KAAK4B,GAAAA,EAAKxH,SAAS,KAAA;AACnC;AATgBoH;AAiBT,IAAMO,kBAAkB,wBAAC5G,MAAgB6G,gBAAAA;AAC9C,SAAOA,cACHA,cACAC,aAAalH,SAASI,IAAAA,IACpBmB,UAAU4F,YACV1F,aAAazB,SAASI,IAAAA,IACpBmB,UAAUC,aACVG;AACV,GAR+B;AAgB/B,IAAMyF,wBAAwB,wBAACC,QAAgBC,sBAAAA;AAC7C,MAAIC,MAAMC,QAAQF,iBAAAA,GAAoB;AACpC,QAAI,CAACA,kBAAkBtH,SAASqH,OAAOjC,MAAM,GAAG;AAC9C,YAAMnF,MACJ,iEAAiE0D,KAAKC,UAAU0D,iBAAAA,CAAAA,eAC9ED,OAAOjC,MAAM,YACHiC,MAAAA,EAAQ;IAExB;EACF,WAAWA,OAAOjC,WAAWkC,mBAAmB;AAC9C,UAAMrH,MAAM,4DAA4DqH,iBAAAA,eAAgCD,OAAOjC,MAAM,YAAYiC,MAAAA,EAAQ;EAC3I;AACF,GAZ8B;AAoB9B,IAAM/C,iBAAiB,wBAAC+C,QAAgBrD,SAAAA;AACtC,QAAM,EAAE1C,IAAG,IAAK0C,QAAQ,CAAC;AACzBzE,SAAOkI,MAAM,0BAA0BJ,MAAAA,aAAmBA,OAAOjC,MAAM,EAAE;AACzE,MAAIpB,MAAMzB,cAAc;AACtB6E,0BAAsBC,QAAQ;MAAC;KAAG;EACpC,OAAO;AACLD,0BAAsBC,QAAQ;MAAC;MAAI;KAAI;EACzC;AAEA,QAAMK,aAAY,IAAIC,gBAAAA,QAASC,GAAG,WAAA;AAClC,QAAMC,WAAWzI,YAAWiI,QAAQ,QAAA;AACpC,QAAMS,UAAU9D,MAAMzB,eAAemF,WAAUK,eAAeF,QAAAA,IAAYH,WAAUM,cAAcH,QAAAA;AAClG,QAAMI,WAAWH,QAAQI,UAAS;AAElC,SAAOjF,aAAa;IAClBkF,KAAKC,wCAAuBC;IAC5B,GAAI/G,QAAQK,UAAa;MAAEL;IAAI;IAC/B6B,KAAKmF,4BAAWC;IAChBnF,KAAKe,2BAAUuD;IACfrE,OAAGmF,gCAAYP,SAASQ,KAAI,EAAGpJ,SAAS,KAAA,EAAOqJ,SAAS,IAAI,GAAA,GAAM,WAAA;IAClEpF,OAAGkF,gCAAYP,SAASU,KAAI,EAAGtJ,SAAS,KAAA,EAAOqJ,SAAS,IAAI,GAAA,GAAM,WAAA;IAClE,GAAI1E,MAAMzB,gBAAgB;MAAEqG,OAAGJ,gCAAYV,QAAQe,WAAW,KAAA,GAAQ,WAAA;IAAa;EACrF,CAAA;AACF,GAvBuB;AA+BvB,IAAMtE,iBAAiB,wBAAC8C,QAAgBrD,SAAAA;AACtC,QAAM,EAAE1C,IAAG,IAAK0C,QAAQ,CAAC;AACzBzE,SAAOkI,MAAM,0BAA0BJ,MAAAA,aAAmBA,OAAOjC,MAAM,EAAE;AACzE,MAAIpB,MAAMzB,cAAc;AACtB6E,0BAAsBC,QAAQ;MAAC;KAAG;EACpC,OAAO;AACLD,0BAAsBC,QAAQ;MAAC;MAAI;KAAI;EACzC;AAEA,QAAMyB,YAAY,IAAInB,gBAAAA,QAASC,GAAG,MAAA;AAClC,QAAMC,WAAWzI,YAAWiI,QAAQ,QAAA;AACpC9H,SAAOkI,MAAM,oBAAoBI,QAAAA,EAAU;AAC3C,QAAMC,UAAU9D,MAAMzB,eAAeuG,UAAUf,eAAeF,QAAAA,IAAYiB,UAAUd,cAAcH,QAAAA;AAClG,QAAMI,WAAWH,QAAQI,UAAS;AAClC,SAAOjF,aAAa;IAClBkF,KAAKC,wCAAuBW;IAC5B,GAAIzH,QAAQK,UAAa;MAAEL;IAAI;IAC/B6B,KAAKmF,4BAAWC;IAChBnF,KAAKe,2BAAU6E;IACf3F,OAAGmF,gCAAYP,SAASQ,KAAI,EAAGpJ,SAAS,KAAA,EAAOqJ,SAAS,IAAI,GAAA,GAAM,WAAA;IAClEpF,OAAGkF,gCAAYP,SAASU,KAAI,EAAGtJ,SAAS,KAAA,EAAOqJ,SAAS,IAAI,GAAA,GAAM,WAAA;IAClE,GAAI1E,MAAMzB,gBAAgB;MAAEqG,OAAGJ,gCAAYV,QAAQe,WAAW,KAAA,GAAQ,WAAA;IAAa;EACrF,CAAA;AACF,GAvBuB;AA+BvB,IAAM3E,uBAAuB,wBAC3B7B,cACA2B,SAAAA;AAKAoD,wBAAsB/E,cAAc,EAAA;AACpC,QAAM,EAAEf,IAAG,IAAK0C,QAAQ,CAAC;AACzB,SAAOf,aAAa;IAClBkF,KAAKC,wCAAuBa;IAC5B,GAAI3H,QAAQK,UAAa;MAAEL;IAAI;IAC/B6B,KAAKmF,4BAAWY;IAChB9F,KAAKY,MAAMZ,OAAOe,2BAAUC;IAC5Bf,OAAGmF,gCAAYnG,cAAc,WAAA;EAC/B,CAAA;AACF,GAhB6B;AAkB7B,IAAMmC,WAAW,wBAACnC,cAAsB2B,SAAAA;AACtC,WAASmF,iBAAiBC,WAAiB;AACzC,UAAMrE,QAAQ6B,OAAO3B,KAAKmE,WAAW,KAAA;AACrC,QAAIC,SAAS;AAGb,QAAItE,MAAMsE,QAAAA,MAAc,GAAM,OAAM,IAAIpJ,MAAM,gBAAA;AAC9C,QAAIiF,MAAMH,MAAMsE,QAAAA;AAChB,QAAInE,MAAM,KAAM;AACd,YAAMoE,SAASpE,MAAM;AACrBA,YAAM;AACN,eAASqE,IAAI,GAAGA,IAAID,QAAQC,KAAK;AAC/BrE,eAAOA,OAAO,KAAKH,MAAMsE,QAAAA;MAC3B;IACF;AAIA,QAAItE,MAAMsE,MAAAA,MAAY,GAAM;AAE1B,UAAItE,MAAMsE,QAAAA,MAAc,GAAM,OAAM,IAAIpJ,MAAM,0BAAA;AAC9C,UAAIuJ,SAASzE,MAAMsE,QAAAA;AACnB,UAAIG,SAAS,KAAM;AACjB,cAAMC,KAAKD,SAAS;AACpBA,iBAAS;AACT,iBAASD,IAAI,GAAGA,IAAIE,IAAIF,IAAKC,WAAUA,UAAU,KAAKzE,MAAMsE,QAAAA;MAC9D;AACAA,gBAAUG;AAGV,UAAIzE,MAAMsE,QAAAA,MAAc,EAAM,OAAM,IAAIpJ,MAAM,qBAAA;AAC9C,UAAIyJ,SAAS3E,MAAMsE,QAAAA;AACnB,UAAIK,SAAS,KAAM;AACjB,cAAMD,KAAKC,SAAS;AACpBA,iBAAS;AACT,iBAASH,IAAI,GAAGA,IAAIE,IAAIF,IAAKG,WAAUA,UAAU,KAAK3E,MAAMsE,QAAAA;MAC9D;AAEAA,gBAAU;AAGV,UAAItE,MAAMsE,QAAAA,MAAc,GAAM,OAAM,IAAIpJ,MAAM,yBAAA;AAC9C,UAAI0J,WAAW5E,MAAMsE,QAAAA;AACrB,UAAIM,WAAW,KAAM;AACnB,cAAMF,KAAKE,WAAW;AACtBA,mBAAW;AACX,iBAASJ,IAAI,GAAGA,IAAIE,IAAIF,IAAKI,aAAYA,YAAY,KAAK5E,MAAMsE,QAAAA;MAClE;IACF;AAGA,QAAItE,MAAMsE,QAAAA,MAAc,EAAM,OAAM,IAAIpJ,MAAM,8BAAA;AAC9C,QAAI2J,SAAS7E,MAAMsE,QAAAA;AACnB,QAAIO,SAAS,KAAM;AACjB,YAAMH,KAAKG,SAAS;AACpBA,eAAS;AACT,eAASL,IAAI,GAAGA,IAAIE,IAAIF,IAAKK,WAAUA,UAAU,KAAK7E,MAAMsE,QAAAA;IAC9D;AACA,QAAIjD,eAAerB,MAAM8E,MAAMR,QAAQA,SAASO,MAAAA;AAChDP,cAAUO;AAGV,QAAIxD,aAAa,CAAA,MAAO,GAAM;AAC5BA,qBAAeA,aAAayD,MAAM,CAAA;IACpC;AAGA,QAAI9E,MAAMsE,QAAAA,MAAc,EAAM,OAAM,IAAIpJ,MAAM,+BAAA;AAC9C,QAAI6J,SAAS/E,MAAMsE,QAAAA;AACnB,QAAIS,SAAS,KAAM;AACjB,YAAML,KAAKK,SAAS;AACpBA,eAAS;AACT,eAASP,IAAI,GAAGA,IAAIE,IAAIF,IAAKO,WAAUA,UAAU,KAAK/E,MAAMsE,QAAAA;IAC9D;AACA,UAAMhD,gBAAgBtB,MAAM8E,MAAMR,QAAQA,SAASS,MAAAA;AAEnD,WAAO;MACLC,SAAS3D,aAAa/G,SAAS,KAAA;MAC/B2K,UAAU3D,cAAchH,SAAS,KAAA;IACnC;EACF;AA/ES8J;AAiFT,QAAMhI,OAAO6C,MAAM/C,KAAKE;AACxB,MAAIA,MAAM8I,gBAAgB9I,MAAM+I,cAAc;AAC5C,QAAI/I,MAAM8I,cAAc;AACtB,aAAO9I,KAAK8I;IACd;AACA,UAAMC,eAAe/I,MAAM+I,oBAAgBC,6BAAS9H,cAAc,QAAA;AAClE,UAAMD,UAAMgI,6BAASF,cAAc,QAAA;AACnC,WAAO9H;EACT;AAEA,QAAM,EAAE2H,SAASC,SAAQ,IAAKb,iBAAiB9G,YAAAA;AAC/C,QAAMgI,YAAYpH,aAAa;IAC7BE,KAAK;IACLK,OAAGgF,gCAAYuB,SAAS,WAAA;IACxBxG,OAAGiF,gCAAYwB,UAAU,WAAA;EAC3B,CAAA;AACA,SAAOK;AACT,GAnGiB;AAqGV,IAAMC,UAAU,wBAACvJ,SAAAA;AACtB,QAAM,EAAE2C,KAAI,IAAK3C;AACjB,QAAMwJ,OAAOxJ,KAAKwJ,QAAQ;AAC1B,QAAMC,YAAYzJ,KAAKyJ,aAAa;AACpC,MAAI9G,KAAK0B,UAAUmF,MAAM;AACvB,WAAO7G;EACT;AAEA,MAAI8G,aAAaA,UAAUpF,WAAW,GAAG;AACvC,UAAMnF,MAAM,iDAAiD;EAC/D;AACA,QAAMmF,SAASoF,UAAUpF;AACzB,SAAOoF,UAAUC,QAAQF,OAAO7G,KAAK0B,UAAUA,MAAAA,IAAU1B;AAC3D,GAbuB;AAqBvB,IAAMgH,MAAmC;EACvC,CAAA,CAAA,GAAqB,IAAIC,WAAW;IAAC;IAAM;IAAM;IAAM;IAAM;IAAM;IAAM;IAAM;IAAM;GAAK;EAC1F,CAAA,CAAA,GAAqB,IAAIA,WAAW;IAAC;IAAM;IAAM;IAAM;IAAM;IAAM;IAAM;IAAM;IAAM;IAAM;GAAK;EAChG,CAAA,CAAA,GAAmB,IAAIA,WAAW;IAAC;IAAM;IAAM;IAAM;IAAM;GAAK;AAClE;AAEA,IAAMC,qBAAqB,wBAACC,GAAeC,MAAAA;AACzC,MAAID,EAAEE,WAAWD,EAAEC,QAAQ;AACzB,WAAO;EACT;AACA,WAASC,IAAI,GAAGA,IAAIH,EAAEE,QAAQC,KAAK;AACjC,QAAIH,EAAEG,CAAAA,MAAOF,EAAEE,CAAAA,GAAI;AACjB,aAAO;IACT;EACF;AACA,SAAO;AACT,GAV2B;AAY3B,IAAMC,eAAe,wBAACC,UAAsBC,WAAAA;AAC1C,WAASH,IAAI,GAAGA,KAAKE,SAASH,SAASI,OAAOJ,QAAQC,KAAK;AACzD,QAAIJ,mBAAmBM,SAASE,SAASJ,GAAGA,IAAIG,OAAOJ,MAAM,GAAGI,MAAAA,GAAS;AACvE,aAAOH;IACT;EACF;AACA,SAAO;AACT,GAPqB;AASrB,IAAMK,eAAe,wBAACC,YAAAA;AACpB,UAAQA,SAAAA;IACN,KAAK;AACH,aAAOZ,IAAG,CAAA;IACZ,KAAK;AACH,aAAOA,IAAG,CAAA;IACZ,KAAK;AACH,aAAOA,IAAG,CAAA;IACZ;AACE,YAAM,IAAIa,MAAM,yBAAyBD,OAAAA,EAAS;EACtD;AACF,GAXqB;AAad,IAAME,YAAY,wBAACC,QAA6BA,IAAI,CAAA,MAAO,IAAzC;AAElB,IAAMC,wBAAwB,wBAACC,QAAoBL,YAAAA;AACxD,MAAI,CAACE,UAAUG,MAAAA,GAAS;AACtB,UAAM,IAAIJ,MAAM,2DAAA;EAClB;AAEA,MAAIK,QAAQ;AACZ,MAAID,OAAO,CAAA,IAAK,KAAM;AACpB,UAAME,mBAAmBF,OAAO,CAAA,IAAK;AACrCC,aAASC;EACX;AACA,QAAMC,YAAYT,aAAaC,OAAAA;AAC/B,QAAMS,WAAWd,aAAaU,QAAQG,SAAAA;AACtC,MAAIC,aAAa,IAAI;AACnB,UAAM,IAAIR,MAAM,WAAWD,OAAAA,4BAAmC;EAChE;AAEAM,UAAQG,WAAWD,UAAUf;AAE7B,SAAOa,QAAQD,OAAOZ,UAAUY,OAAOC,KAAAA,MAAW,GAAM;AACtDA;EACF;AAEA,MAAIA,SAASD,OAAOZ,QAAQ;AAC1B,UAAM,IAAIQ,MAAM,4CAAA;EAClB;AAGAK,WAAS;AAGTA;AAEA,SAAOD,OAAOK,MAAMJ,KAAAA;AACtB,GAjCqC;AAmC9B,IAAMK,2BAA2B,wBAACR,QAA6BA,IAAIV,WAAW,OAAOU,IAAI,CAAA,MAAO,KAAQA,IAAI,CAAA,MAAO,IAAlF;AAEjC,IAAMS,8BAA8B,wBAACC,cAA0Bb,YAAAA;AACpE,MAAIW,yBAAyBE,YAAAA,GAAe;AAC1C,WAAOC,wBAAwBD,YAAAA;EACjC;AAEA,MAAIb,YAAY,eAAeA,YAAY,aAAa;AACtD,QAAIa,aAAa,CAAA,MAAO,KAAQA,aAAapB,WAAW,IAAI;AAC1D,YAAMsB,cAAcF,aAAaH,MAAM,GAAG,EAAA;AAC1C,YAAMM,cAAcH,aAAaH,MAAM,EAAA;AACvC,YAAMO,SAAS,IAAI5B,WAAW;QAAC2B,YAAY,EAAA,IAAM,MAAM,IAAI,IAAO;OAAK;AACvE,YAAME,YAAYJ,wBAAwB,IAAIzB,WAAW;WAAI4B;WAAWF;OAAY,CAAA;AACpFI,aAAOC,MAAM,wBAAwBN,wBAAwBD,YAAAA,CAAAA,OAAoBK,SAAAA,EAAW;AAC5F,aAAOA;IACT;AACA,WAAOG,UAASR,cAAc,QAAA;EAChC,WAAWb,YAAY,WAAW;AAEhC,WAAOqB,UAASR,cAAc,QAAA;EAChC;AAEA,QAAM,IAAIZ,MAAM,yBAAyBD,OAAAA,EAAS;AACpD,GArB2C;AAuBpC,IAAMc,0BAA0B,wBAACQ,UAA8BD,UAASC,OAAO,QAAA,GAA/C;AAEhC,IAAMC,4BAA4B,8BAAOC,SAAAA;AAC9C,QAAM,EAAErB,IAAG,IAAKqB;AAChB,SAAOC,8BAA8B;IAAEC,MAAMvB,IAAIuB;EAAK,CAAA;AACxD,GAHyC;AAKlC,IAAMD,gCAAgC,wBAACD,SAAAA;AAC5C,QAAM,EAAEE,KAAI,IAAKF;AACjB,UAAQE,MAAAA;IACN,KAAK;IACL,KAAK;AACH,aAAOC,wCAAuBC;IAChC,KAAK;AACH,aAAOD,wCAAuBE;IAChC,KAAK;AACH,aAAOF,wCAAuBG;IAChC,KAAK;AACH,aAAOH,wCAAuBI;IAChC,KAAK;AACH,aAAOJ,wCAAuBK;IAChC,KAAK;AACH,aAAOL,wCAAuBM;IAChC;AACE,YAAM,IAAIhC,MAAM,aAAayB,IAAAA,iBAAqB;EACtD;AACF,GAnB6C;AAsBtC,IAAMQ,gCAAgC,wBAACV,SAAAA;AAC5C,QAAM,EAAEW,KAAKC,KAAKC,IAAG,IAAKb;AAE1B,UAAQa,KAAAA;IACN,KAAK;IACL,KAAK;IACL,KAAK;IACL,KAAK;IACL,KAAK;IACL,KAAK;IACL,KAAK;AACH,aAAO;EACX;AAEA,UAAQF,KAAAA;IACN,KAAK;IACL,KAAK;IACL,KAAK;IACL,KAAK;IACL,KAAK;AACH,aAAO;IACT,KAAK;IACL,KAAK;IACL,KAAK;IACL,KAAK;AACH,aAAO;IACT,KAAK;IACL,KAAK;AACH,aAAO;IACT,KAAK;IACL,KAAK;AACH,aAAO;IACT,KAAK;IACL,KAAK;IACL,KAAK;IACL,KAAK;IACL,KAAK;AACH,aAAO;EACX;AACA,MAAIC,KAAK;AACP,WAAOA;EACT;AAEA,QAAM,IAAInC,MAAM,wBAAwBkC,GAAAA,iBAAoB;AAC9D,GA5C6C;AA8CtC,SAASG,YAAeC,KAAY;AACzCC,SAAOC,KAAKF,GAAAA,EAAKG,QAAQ,CAACvC,QAAAA;AACxB,QAAIoC,IAAIpC,GAAAA,KAAQ,OAAOoC,IAAIpC,GAAAA,MAAS,SAAUmC,aAAYC,IAAIpC,GAAAA,CAAI;aACzDoC,IAAIpC,GAAAA,KAAQ,KAAM,QAAOoC,IAAIpC,GAAAA;EACxC,CAAA;AACA,SAAOoC;AACT;AANgBD;AAQT,IAAMK,eAAe,wBAACC,WAAoBC,mBAAAA;AAC/C,MAAIC;AACJ,MAAI,OAAOD,mBAAmB,aAAa;AACzCC,gBAAYD;EACd,WAAW,OAAOE,WAAW,aAAa;AACxCD,gBAAYC;EACd,WAAW,OAAOC,OAAOD,WAAW,aAAa;AAC/CD,gBAAYE,OAAOD;EACrB,OAAO;AAEL,QAAI,OAAOC,OAAOC,QAAQF,QAAQG,WAAW,aAAa;AAExDJ,kBAAYE,OAAOC,OAAOF;IAC5B,OAAO;AACLD,kBAAY,OAAO,QAAA;IACrB;EACF;AACA,MAAIF,WAAW;AACbI,WAAOD,SAASD;EAClB;AAEA,SAAOA;AACT,GAtB4B;AAwBrB,IAAMK,eAAe,wBAACC,UAAAA;AAC3B,QAAMC,WAAW,OAAOD,MAAM,WAAA,MAAiB,aAAaA,MAAM,WAAA,EAAY,IAAM;IAAE,GAAGA;EAAM;AAE/F,QAAME,MAAM;IACV,GAAGD;IACH,GAAIA,SAASE,KAAK;MAAEA,GAAGC,kBAAkBH,SAASE,CAAC;IAAY;IAC/D,GAAIF,SAASI,KAAK;MAAEA,GAAGD,kBAAkBH,SAASI,CAAC;IAAY;IAC/D,GAAIJ,SAASK,KAAK;MAAEA,GAAGF,kBAAkBH,SAASK,CAAC;IAAY;IAC/D,GAAIL,SAASM,KAAK;MAAEA,GAAGH,kBAAkBH,SAASM,CAAC;IAAY;IAC/D,GAAIN,SAASO,KAAK;MAAEA,GAAGJ,kBAAkBH,SAASO,CAAC;IAAY;IAC/D,GAAIP,SAASQ,KAAK;MAAEA,GAAGL,kBAAkBH,SAASQ,CAAC;IAAY;EACjE;AAEA,SAAOvB,YAAYgB,GAAAA;AACrB,GAd4B;AAgBrB,IAAME,oBAAoB,wBAACJ,UAAAA;AAChC,SAAOA,MAAMU,QAAQ,OAAO,GAAA,EAAKA,QAAQ,OAAO,GAAA,EAAKA,QAAQ,OAAO,EAAA;AACtE,GAFiC;AAOjC,eAAsBC,mBAAmB,EACvCC,MACAC,WACA9D,KAAK+D,UACLC,KAAI,GAQL;AAMC,WAASC,oBAAoBC,SAAe;AAE1C,UAAMC,YAAYC,YAAWF,SAAS,WAAA;AAGtC,UAAMG,MAAMnD,UAASiD,WAAW,KAAA;AAChC,WAAOG,OAAO,KAAKD,GAAAA,EAAK;EAC1B;AAPSJ;AAST,MAAI;AACFhD,qBAAAA,SAAM,2BAA2B8C,QAAAA,EAAU;AAC3C,UAAMZ,MAAMH,aAAae,QAAAA;AACzBQ,gBAAYpB,KAAK;MAAEqB,aAAa;IAAK,CAAA;AACrC,UAAM3E,UAAUkC,8BAA8B;MAAEC,KAAKmB,IAAInB;MAAKC,KAAKkB,IAAIlB;MAAKC,KAAKiB,IAAIjB;IAAI,CAAA;AACzF,UAAMuC,eAAe,MAAMC,eAAevB,GAAAA;AAG1C,YAAQtD,SAAAA;MACN,KAAK;AACH,eAAO8E,2BAAUC,OAAOd,WAAWD,MAAMY,cAAc;UAAEI,QAAQ;UAAWC,SAAS;QAAK,CAAA;MAC5F,KAAK;AACH,eAAOC,iBAAKH,OAAOd,WAAWD,MAAMY,cAAc;UAAEI,QAAQ;UAAWC,SAAS;QAAK,CAAA;MACvF,KAAK;AACH,eAAOE,iBAAKJ,OAAOd,WAAWD,MAAMY,cAAc;UAAEI,QAAQ;UAAWC,SAAS;QAAK,CAAA;MACvF,KAAK;AACH,eAAOG,iBAAKL,OAAOd,WAAWD,MAAMY,cAAc;UAAEI,QAAQ;UAAWC,SAAS;QAAK,CAAA;MACvF,KAAK;AACH,eAAOI,uBAAQN,OAAOd,WAAWD,MAAMO,YAAWK,cAAc,KAAA,CAAA;MAClE,KAAK;MACL,KAAK;AACH,eAAOU,2BAAUP,OAAOd,WAAWD,MAAMO,YAAWK,cAAc,KAAA,CAAA;MACpE,KAAK,OAAO;AACV,cAAMW,qBAAqBpB,MAAMqB,gBAAiBlC,IAAIjB,OAA8CV,wCAAuBM;AAC3H,cAAMwD,UACJF,uBAAuB5D,wCAAuB+D,SAASH,uBAAuB5D,wCAAuBgE,QACjGC,qBACAL,uBAAuB5D,wCAAuBkE,SAASN,uBAAuB5D,wCAAuBmE,QACnGC,qBACAC;AACR,gBAAQT,oBAAAA;UACN,KAAK5D,wCAAuBsE;AAC1B,mBAAWC,iBAAanB,OACtB;cACEpB,GAAGS,oBAAoBd,IAAIK,CAAC;cAC5BC,GAAGQ,oBAAoBd,IAAIM,CAAC;YAC9B,GACAI,MACAC,SAAAA;UAEJ,KAAKtC,wCAAuBkE;AAC1B,mBAAWM,iBAAapB,OACtB;cACEpB,GAAGS,oBAAoBd,IAAIK,CAAC;cAC5BC,GAAGQ,oBAAoBd,IAAIM,CAAC;YAC9B,GACAI,MACAC,SAAAA;UAEJ,KAAKtC,wCAAuB+D;AAC1B,mBAAWU,iBAAarB,OACtB;cACEpB,GAAGS,oBAAoBd,IAAIK,CAAC;cAC5BC,GAAGQ,oBAAoBd,IAAIM,CAAC;YAC9B,GACAI,MACAC,SAAAA;UAEJ,KAAKtC,wCAAuBM;UAC5B,KAAKN,wCAAuBmE;UAC5B,KAAKnE,wCAAuBgE;AAC1B,gBAAI,OAAO5C,WAAW,eAAe,OAAOA,OAAOG,WAAW,aAAa;AACzE,oBAAM/C,MAAM,UAAMkG,6CAAyB/C,KAAK,SAAA;AAChD,oBAAMgD,aACJf,uBAAuB5D,wCAAuBM,QAAQ,KAAKsD,uBAAuB5D,wCAAuBmE,QAAQ,KAAK;AACxH,qBAAO/C,OAAOG,OAAO6B,OAAO;gBAAEwB,MAAM;gBAAWC,MAAMf;gBAASa;cAAW,GAAGnG,KAAK8D,WAAWD,IAAAA;YAC9F;AAGAyC,oBAAQC,KAAK,2EAA2E;AACxF,mBAAWC,QAAIlB,SAAamB,SAAKnB,OAAAA,CAAAA,EAAUV,OACzC;cACEpB,GAAGS,oBAAoBd,IAAIK,CAAC;cAC5BC,GAAGQ,oBAAoBd,IAAIM,CAAC;YAC9B,GACAI,MACAC,SAAAA;QAEN;MACF;IACF;AAEA,UAAMhE,MAAM,kDAAkDD,OAAAA,EAAS;EACzE,SAAS6G,OAAY;AACnB1F,WAAO0F,MAAM,UAAUA,KAAAA,EAAO;AAC9B,UAAMA;EACR;AACF;AAlHsB9C;AA+HtB,SAAS+C,WAAWC,OAAmBC,QAAc;AACnD,QAAMC,QAAQF,MAAMC,MAAAA;AACpB,MAAIC,QAAQ,KAAM;AAChB,WAAO;MAAExH,QAAQwH;MAAOC,aAAa;IAAE;EACzC;AACA,QAAMC,WAAWF,QAAQ;AACzB,MAAIxH,SAAS;AACb,WAASC,IAAI,GAAGA,IAAIyH,UAAUzH,KAAK;AACjCD,aAAUA,UAAU,IAAKsH,MAAMC,SAAS,IAAItH,CAAAA;EAC9C;AACA,SAAO;IAAED;IAAQyH,aAAa,IAAIC;EAAS;AAC7C;AAXSL;AAoBF,SAASM,QAAQC,UAAoB;AAC1C,MAAIA,SAAS,CAAA,MAAO,IAAM;AACxB,UAAM,IAAIpH,MAAM,gCAAA;EAClB;AAGA,QAAM,EAAEiH,aAAaI,cAAa,IAAKR,WAAWO,UAAU,CAAA;AAC5D,QAAME,iBAAiB,IAAID;AAC3B,QAAME,WAAWH,SAASE,cAAAA;AAG1B,MAAIC,aAAa,GAAM;AACrB,WAAOH;EACT;AAGA,MAAIG,aAAa,IAAM;AACrB,UAAM,IAAIvH,MAAM,wCAAA;EAClB;AAGA,QAAM,EAAER,QAAQgI,QAAQP,aAAaQ,YAAW,IAAKZ,WAAWO,UAAUE,iBAAiB,CAAA;AAC3F,QAAMI,eAAe,IAAID;AACzB,QAAME,WAAWL,iBAAiBI,eAAeF;AAGjD,MAAIJ,SAASO,QAAAA,MAAc,GAAM;AAC/B,UAAM,IAAI3H,MAAM,iCAAA;EAClB;AAEA,QAAM,EAAER,QAAQoI,WAAWX,aAAaY,eAAc,IAAKhB,WAAWO,UAAUO,WAAW,CAAA;AAC3F,QAAMG,kBAAkB,IAAID;AAC5B,QAAME,cAAcJ,WAAWG;AAG/B,QAAME,aAAaZ,SAASW,WAAAA;AAC5B,MAAIC,eAAe,GAAM;AACvB,UAAM,IAAIhI,MAAM,2BAA2BgI,UAAAA,EAAY;EACzD;AAGA,QAAMC,aAAaF,cAAc;AACjC,QAAMG,WAAWN,YAAY;AAE7B,SAAOR,SAAS3G,MAAMwH,YAAYA,aAAaC,QAAAA;AACjD;AA7CgBf;AAsDT,SAASgB,eAAexD,cAAoB;AACjD,QAAMyD,QAAQjB,QAAQ7C,YAAWK,cAAc,KAAA,CAAA;AAC/C,SAAOvD,UAASgH,OAAO,KAAA;AACzB;AAHgBD;AAKT,SAASE,sBAAsBjG,KAAW;AAC/C,UAAQA,IAAIkG,YAAW,EAAGzE,QAAQ,KAAK,EAAA,GAAA;IACrC,KAAK;IACL,KAAK;IACL,KAAK;IACL,KAAK;IACL,KAAK;AACH,aAAO;IACT,KAAK;IACL,KAAK;IACL,KAAK;IACL,KAAK;AACH,aAAO;IACT,KAAK;IACL,KAAK;IACL,KAAK;IACL,KAAK;AACH,aAAO;IACT,KAAK;AACH,aAAO;IACT;AACE,aAAO;EACX;AACF;AAvBgBwE;AAyBT,SAASE,OAAOpF,OAAa;AAClC,QAAM3D,SAAS2D,MAAM3D;AAErB,MAAIA,WAAW,MAAMA,WAAW,MAAMA,WAAW,KAAK;AACpD,WAAO;EACT;AACA,SAAO2D,MAAMqF,MAAM,mBAAA,MAAyB;AAC9C;AAPgBD;AAST,SAASE,aAAatF,OAAiB;AAC5C,QAAM3D,SAAS2D,MAAM3D;AAErB,MAAIA,WAAW,MAAMA,WAAW,MAAMA,WAAW,IAAI;AACnD,WAAO;EACT;AACA,WAASC,IAAI,GAAGA,IAAID,QAAQC,KAAK;AAC/B,UAAMiJ,OAAOvF,MAAM1D,CAAAA;AACnB,QAAIiJ,SAASC,QAAW;AACtB,aAAO;IACT;AAEA,QAAI,EAAGD,QAAQ,MAAMA,QAAQ,MAAQA,QAAQ,MAAMA,QAAQ,MAAQA,QAAQ,MAAMA,QAAQ,MAAO;AAC9F,aAAO;IACT;EACF;AACA,SAAO;AACT;AAjBgBD;AAqBT,SAASG,uBAAuBxG,KAAmB;AACxD,MAAI,CAACA,KAAK;AACR,WAAO;EACT;AACA,QAAMyG,QAAQzG,IAAIkG,YAAW;AAC7B,MAAIO,MAAMC,SAAS,KAAA,EAAQ,QAAO;AAClC,MAAID,MAAMC,SAAS,KAAA,EAAQ,QAAO;AAClC,MAAID,MAAMC,SAAS,KAAA,EAAQ,QAAO;AAClC,QAAM,IAAI9I,MAAM,2BAA2BoC,GAAAA,EAAK;AAClD;AATgBwG;AAWT,SAASG,WAAWC,MAAqBC,OAAoB;AAClE,SAAOL,uBAAuBI,IAAAA,MAAUJ,uBAAuBK,KAAAA;AACjE;AAFgBF;;;AIrqChB,IAAAG,oBAeO;AAGA,SAASC,aAAaC,SAAqB;AAChD,QAAM,EAAEC,SAASC,SAASC,KAAKC,KAAKC,QAAQC,KAAK,GAAGC,KAAAA,IAASP;AAC7D,SAAOQ,YAAY;IACjB,GAAGD;IACHD,KAAKG,cAAcH,GAAAA;IACnB,GAAIH,OAAO;MAAEA,KAAKO,gBAAgBP,GAAAA;IAAK;IACvC,GAAID,WAAW;MAAEA,SAASA,QAAQS,IAAIC,sBAAAA;IAAwB;IAC9D,GAAIR,OAAO;MAAEA,KAAKS,uBAAuBT,GAAAA;IAAK;IAC9C,GAAIC,UAAU;MAAES,IAAIT;IAAO;IAC3B,GAAIJ,WAAW;MAAEc,KAAKd;IAAQ;EAChC,CAAA;AACF;AAXgBF;AAaT,SAASiB,aAAaC,KAAQ;AACnC,QAAM,EAAEF,KAAKb,SAASC,KAAKC,KAAKU,IAAIR,KAAK,GAAGC,KAAAA,IAASU;AAErD,SAAOT,YAAY;IACjB,GAAGD;IACHD,KAAKY,cAAcZ,GAAAA;IACnB,GAAIH,OAAO;MAAEA,KAAKgB,gBAAgBhB,GAAAA;IAAK;IACvC,GAAID,WAAW;MAAEA,SAASA,QAAQS,IAAIS,sBAAAA;IAAwB;IAC9D,GAAIhB,OAAO;MAAEA,KAAKiB,uBAAuBjB,GAAAA;IAAK;IAC9C,GAAIU,MAAM;MAAET,QAAQS;IAAG;IACvB,GAAIC,OAAO;MAAEd,SAASc;IAAI;EAE5B,CAAA;AACF;AAbgBC;AAeT,SAASP,cAAcH,KAAiB;AAC7C,UAAQA,KAAAA;IACN,KAAKgB,+BAAaC;AAChB,aAAOC,6BAAWC;IACpB,KAAKH,+BAAaI;AAChB,aAAOF,6BAAWE;IACpB,KAAKJ,+BAAaK;AAChB,aAAOH,6BAAWI;IACpB,KAAKN,+BAAaO;AAChB,aAAOL,6BAAWK;IACpB;AACE,YAAMC,MAAM,YAAYxB,GAAAA,uBAA0B;EACtD;AACF;AAbgBG;AAeT,SAASS,cAAcZ,KAAkC;AAC9D,UAAQA,KAAAA;IACN,KAAK;AACH,aAAOgB,+BAAaC;IACtB,KAAK;AACH,aAAOD,+BAAaI;IACtB,KAAK;AACH,aAAOJ,+BAAaK;IACtB,KAAK;AACH,aAAOL,+BAAaO;IACtB;AACE,YAAMC,MAAM,YAAYxB,GAAAA,wBAA2B;EACvD;AACF;AAbgBY;AAeT,SAASL,uBAAuBkB,SAAgC;AACrE,UAAQA,SAAAA;IACN,KAAKC,0CAAwBC;AAC3B,aAAOC,yCAAuBD;IAChC,KAAKD,0CAAwBG;AAC3B,aAAOD,yCAAuBC;IAChC,KAAKH,0CAAwBI;AAC3B,aAAOF,yCAAuBE;IAChC,KAAKJ,0CAAwBK;AAC3B,aAAOH,yCAAuBG;IAChC,KAAKL,0CAAwBM;AAC3B,aAAOJ,yCAAuBI;IAChC,KAAKN,0CAAwBO;AAC3B,aAAOL,yCAAuBK;IAChC,KAAKP,0CAAwBQ;AAC3B,aAAON,yCAAuBM;IAChC,KAAKR,0CAAwBS;AAC3B,aAAOP,yCAAuBO;IAChC,KAAKT,0CAAwBU;AAC3B,aAAOR,yCAAuBQ;IAChC,KAAKV,0CAAwBW;AAC3B,aAAOT,yCAAuBS;IAChC,KAAKX,0CAAwBY;AAC3B,aAAOV,yCAAuBU;IAChC;AACE,YAAMd,MAAM,uBAAuBC,OAAAA,wBAA+B;EACtE;AACF;AA3BgBlB;AA6BT,SAASQ,uBAAuBwB,SAA8D;AACnG,UAAQA,SAAAA;IACN,KAAKX,yCAAuBD;IAC5B,KAAK;AACH,aAAOD,0CAAwBC;IACjC,KAAKC,yCAAuBC;IAC5B,KAAK;AACH,aAAOH,0CAAwBG;IACjC,KAAKD,yCAAuBE;IAC5B,KAAK;AACH,aAAOJ,0CAAwBI;IACjC,KAAKF,yCAAuBG;IAC5B,KAAK;AACH,aAAOL,0CAAwBK;IACjC,KAAKH,yCAAuBI;IAC5B,KAAK;AACH,aAAON,0CAAwBM;IACjC,KAAKJ,yCAAuBK;IAC5B,KAAK;AACH,aAAOP,0CAAwBO;IACjC,KAAKL,yCAAuBM;IAC5B,KAAK;AACH,aAAOR,0CAAwBQ;IACjC,KAAKN,yCAAuBO;IAC5B,KAAK;AACH,aAAOT,0CAAwBS;IACjC,KAAKP,yCAAuBQ;IAC5B,KAAK;AACH,aAAOV,0CAAwBU;IACjC,KAAKR,yCAAuBS;IAC5B,KAAK;AACH,aAAOX,0CAAwBW;IACjC,KAAKT,yCAAuBU;IAC5B,KAAK;AACH,aAAOZ,0CAAwBY;IACjC;AACE,YAAMd,MAAM,uBAAuBe,OAAAA,wBAA+B;EACtE;AACF;AAtCgBxB;AAwCT,SAASD,uBAAuB0B,OAAgD;AACrF,UAAQA,OAAAA;IACN,KAAKC,mCAAiBC;IACtB,KAAK;AACH,aAAOC,oCAAkBD;IAC3B,KAAKD,mCAAiBG;IACtB,KAAK;AACH,aAAOD,oCAAkBC;IAC3B,KAAKH,mCAAiBI;IACtB,KAAK;AACH,aAAOF,oCAAkBE;IAC3B,KAAKJ,mCAAiBK;IACtB,KAAK;AACH,aAAOH,oCAAkBG;IAC3B,KAAKL,mCAAiBM;IACtB,KAAK;AACH,aAAOJ,oCAAkBI;IAC3B,KAAKN,mCAAiBO;IACtB,KAAK;AACH,aAAOL,oCAAkBK;IAC3B,KAAKP,mCAAiBQ;IACtB,KAAK;AACH,aAAON,oCAAkBM;IAC3B,KAAKR,mCAAiBS;IACtB,KAAK;AACH,aAAOP,oCAAkBO;IAC3B;AACE,YAAM1B,MAAM,iBAAiBgB,KAAAA,wBAA6B;EAC9D;AACF;AA7BgB1B;AA+BT,SAASR,uBAAuBkC,OAAwB;AAC7D,UAAQA,OAAAA;IACN,KAAKG,oCAAkBD;AACrB,aAAOD,mCAAiBC;IAC1B,KAAKC,oCAAkBC;AACrB,aAAOH,mCAAiBG;IAC1B,KAAKD,oCAAkBE;AACrB,aAAOJ,mCAAiBI;IAC1B,KAAKF,oCAAkBG;AACrB,aAAOL,mCAAiBK;IAC1B,KAAKH,oCAAkBI;AACrB,aAAON,mCAAiBM;IAC1B,KAAKJ,oCAAkBK;AACrB,aAAOP,mCAAiBO;IAC1B,KAAKL,oCAAkBM;AACrB,aAAOR,mCAAiBQ;IAC1B,KAAKN,oCAAkBO;AACrB,aAAOT,mCAAiBS;IAC1B;AACE,YAAM1B,MAAM,iBAAiBgB,KAAAA,wBAA6B;EAC9D;AACF;AArBgBlC;AAuBT,SAASO,gBAAgBsC,OAAkC;AAChE,UAAQA,OAAAA;IACN,MAAMC,4BAAUC,OAAO;AACrB,aAAOC,6BAAWD;IACpB,MAAMD,4BAAUG,OAAO;AACrB,aAAOD,6BAAWC;IACpB,MAAMH,4BAAUI,OAAO;AACrB,aAAOF,6BAAWE;IACpB,MAAMJ,4BAAUK,QAAQ;AACtB,aAAOH,6BAAWG;IACpB,MAAML,4BAAUM,MAAM;AACpB,aAAOJ,6BAAWI;IACpB,MAAMN,4BAAUO,SAAS;AACvB,aAAOL,6BAAWK;IACpB,MAAMP,4BAAUQ,OAAO;AACrB,aAAON,6BAAWM;IACpB,MAAMR,4BAAUS,WAAW;AACzB,aAAOP,6BAAWO;IACpB;AACE,YAAMrC,MAAM,SAAS2B,KAAAA,wBAA6B;EACtD;AACF;AArBgBtC;AAuBT,SAAST,gBAAgB+C,OAAiB;AAC/C,UAAQA,OAAAA;IACN,KAAKG,6BAAWD;AACd,aAAOD,4BAAUC;IACnB,KAAKC,6BAAWC;AACd,aAAOH,4BAAUG;IACnB,KAAKD,6BAAWE;AACd,aAAOJ,4BAAUI;IACnB,KAAKF,6BAAWG;AACd,aAAOL,4BAAUK;IACnB,KAAKH,6BAAWI;AACd,aAAON,4BAAUM;IACnB,KAAKJ,6BAAWK;AACd,aAAOP,4BAAUO;IACnB,KAAKL,6BAAWM;AACd,aAAOR,4BAAUQ;IACnB,KAAKN,6BAAWO;AACd,aAAOT,4BAAUS;IACnB;AACE,YAAMrC,MAAM,SAAS2B,KAAAA,wBAA6B;EACtD;AACF;AArBgB/C;","names":["import_ed25519","u8a","fromString","toString","SupportedEncodings","u8a","digestMethodParams","hashAlgorithm","normalizeHashAlgorithm","digestMethod","sha256DigestMethod","hash","sha256","sha384DigestMethod","sha384","sha512DigestMethod","sha512","shaHasher","input","alg","includes","Uint8Array","encoding","textEncoder","TextEncoder","textDecoder","TextDecoder","check","value","description","optional","Error","assertObject","validateJwk","jwk","opts","crvOptional","kty","crv","x","y","e","n","minimalJwk","jwkJcsEncode","strippedJwk","encode","jcsCanonicalize","jwkJcsDecode","bytes","JSON","parse","decode","stringify","object","buffer","serialize","toJSON","Array","isArray","next","forEach","element","Object","keys","sort","property","JWK_JCS_PUB_NAME","JWK_JCS_PUB_PREFIX","Key","JwkKeyUse","SIG_KEY_ALGS","ENC_KEY_ALGS","fromString","toString","u8a","logger","Loggers","DEFAULT","get","getKms","context","kms","agent","availableMethods","includes","Error","keyManagerGetDefaultKeyManagementSystem","generatePrivateKeyHex","type","keyPairEd25519","generateSigningKeyPair","secretKey","privateBytes","randomBytes","pem","generateRSAKeyAsPEM","privateKeyHexFromPEM","keyMetaAlgorithmsFromKeyType","importProvidedOrGeneratedKey","args","options","key","keyType","meta","providerName","x509","use","JwkKeyUse","Encryption","ENC_KEY_ALGS","privateKeyHex","undefined","trim","privateKeyPEM","keyManagerImport","keyManagerCreate","algorithms","keyAlias","alias","calculateJwkThumbprintForKey","jwk","publicKeyHex","toJwk","isPrivateKey","kid","calculateJwkThumbprint","digestAlgorithm","assertJwkClaimPresent","value","description","toBase64url","input","normalizeHashAlgorithm","sanitizedJwk","components","kty","crv","x","y","e","n","k","data","JSON","stringify","digestMethodParams","digestMethod","toJwkFromKey","opts","noKidThumbprint","toEd25519OrX25519Jwk","JoseCurve","Ed25519","X25519","toSecp256k1Jwk","toSecp256r1Jwk","toRSAJwk","jwkToRawHexKey","rsaJwkToRawHexKey","ecJwkToRawHexKey","okpJwkToRawHexKey","octJwkToRawHexKey","encodeInteger","bytes","Uint8Array","from","len","encodeLength","length","of","hex","lenBytes","match","map","h","parseInt","encodeSequence","elements","content","reduce","acc","elm","base64UrlToBytes","b64url","modulusBytes","exponentBytes","sequence","result","replace","x25519PublicHexFromPrivateHex","test","priv","Buffer","pub","x25519","getPublicKey","jwkDetermineUse","suppliedUse","SIG_KEY_ALGS","Signature","assertProperKeyLength","keyHex","expectedKeyLength","Array","isArray","debug","secp256k1","elliptic","ec","keyBytes","keyPair","keyFromPrivate","keyFromPublic","pubPoint","getPublic","alg","JoseSignatureAlgorithm","ES256K","JwkKeyType","EC","hexToBase64","getX","padStart","getY","d","getPrivate","secp256r1","ES256","P_256","EdDSA","OKP","parseDerIntegers","pubKeyHex","offset","nBytes","i","algLen","nB","bitLen","innerLen","modLen","slice","expLen","modulus","exponent","publicKeyJwk","publicKeyPEM","hexToPEM","PEMToJwk","sanitized","padLeft","size","padString","repeat","OID","Uint8Array","compareUint8Arrays","a","b","length","i","findSubarray","haystack","needle","subarray","getTargetOID","keyType","Error","isAsn1Der","key","asn1DerToRawPublicKey","derKey","index","lengthBytesCount","targetOid","oidIndex","slice","isRawCompressedPublicKey","toRawCompressedHexPublicKey","rawPublicKey","hexStringFromUint8Array","xCoordinate","yCoordinate","prefix","resultKey","logger","debug","toString","value","signatureAlgorithmFromKey","args","signatureAlgorithmFromKeyType","type","JoseSignatureAlgorithm","EdDSA","ES256","ES384","ES512","ES256K","PS256","keyTypeFromCryptographicSuite","crv","kty","alg","removeNulls","obj","Object","keys","forEach","globalCrypto","setGlobal","suppliedCrypto","webcrypto","crypto","global","window","subtle","sanitizedJwk","input","inputJwk","jwk","x","base64ToBase64Url","y","d","n","e","k","replace","verifyRawSignature","data","signature","inputKey","opts","jwkPropertyToBigInt","jwkProp","byteArray","fromString","hex","BigInt","validateJwk","crvOptional","publicKeyHex","jwkToRawHexKey","secp256k1","verify","format","prehash","p256","p384","p521","ed25519","bls12_381","signatureAlgorithm","signatureAlg","hashAlg","RS512","PS512","sha512","RS384","PS384","sha384","sha256","RS256","PKCS1_SHA256","PKCS1_SHA384","PKCS1_SHA512","cryptoSubtleImportRSAKey","saltLength","name","hash","console","warn","PSS","mgf1","error","readLength","bytes","offset","first","lengthBytes","numBytes","toPkcs1","derBytes","outerLenBytes","outerHeaderLen","innerTag","algLen","algLenBytes","algHeaderLen","algIdEnd","bitStrLen","bitStrLenBytes","bitStrHeaderLen","bitStrStart","unusedBits","pkcs1Start","pkcs1Len","toPkcs1FromHex","pkcs1","joseAlgorithmToDigest","toUpperCase","isHash","match","isHashString","byte","undefined","normalizeHashAlgorithm","upper","includes","isSameHash","left","right","import_ssi_types","coseKeyToJwk","coseKey","x5chain","key_ops","crv","alg","baseIV","kty","rest","removeNulls","coseToJoseKty","coseToJoseCurve","map","coseToJoseKeyOperation","coseToJoseSignatureAlg","iv","x5c","jwkToCoseKey","jwk","joseToCoseKty","joseToCoseCurve","joseToCoseKeyOperation","joseToCoseSignatureAlg","ICoseKeyType","EC2","JwkKeyType","EC","RSA","Symmetric","oct","OKP","Error","coseAlg","ICoseSignatureAlgorithm","ES256K","JoseSignatureAlgorithm","ES256","ES384","ES512","PS256","PS384","PS512","HS256","HS384","HS512","EdDSA","joseAlg","keyOp","JoseKeyOperation","SIGN","ICoseKeyOperation","VERIFY","ENCRYPT","DECRYPT","WRAP_KEY","UNWRAP_KEY","DERIVE_KEY","DERIVE_BITS","curve","JoseCurve","P_256","ICoseCurve","P_384","P_521","X25519","X448","Ed25519","Ed448","secp256k1"]}
1	+ {"version":3,"sources":["../src/index.ts","../src/functions.ts","../src/digest-methods.ts","../src/jwk-jcs.ts","../src/types/key-util-types.ts","../src/conversion.ts"],"sourcesContent":["/*\n Provides `did:jwk` {@link @veramo/did-provider-jwk#JwkDIDProvider \| identifier provider }\n * for the {@link @veramo/did-manager#DIDManager}\n \n @packageDocumentation\n /\nexport from './functions'\nexport * from './conversion'\nexport * from './jwk-jcs'\nexport * from './types'\nexport * from './digest-methods'\n","import { randomBytes } from '@ethersproject/random'\n// Do not change these require statements to imports before we change to ESM. Breaks external CJS packages depending on this module\nimport { bls12_381 } from '@noble/curves/bls12-381'\nimport { ed25519, x25519 } from '@noble/curves/ed25519'\nimport { p256 } from '@noble/curves/p256'\nimport { p384 } from '@noble/curves/p384'\nimport { p521 } from '@noble/curves/p521'\nimport { secp256k1 } from '@noble/curves/secp256k1'\nimport { sha256, sha384, sha512 } from '@noble/hashes/sha2'\nimport {\n cryptoSubtleImportRSAKey,\n generateRSAKeyAsPEM,\n hexToBase64,\n hexToPEM,\n PEMToJwk,\n privateKeyHexFromPEM,\n} from '@sphereon/ssi-sdk-ext.x509-utils'\nimport { JoseCurve, JoseSignatureAlgorithm, type JWK, JwkKeyType, Loggers } from '@sphereon/ssi-types'\nimport { generateKeyPair as generateSigningKeyPair } from '@stablelib/ed25519'\nimport type { IAgentContext, IKey, IKeyManager, ManagedKeyInfo, MinimalImportableKey } from '@veramo/core'\nimport debug from 'debug'\n\nimport type { JsonWebKey } from 'did-resolver'\nimport elliptic from 'elliptic'\nimport * as rsa from 'micro-rsa-dsa-dh/rsa.js'\n\n// @ts-ignore\nimport { Crypto } from 'node'\n// @ts-ignore\nimport * as u8a from 'uint8arrays'\nimport { digestMethodParams } from './digest-methods'\nimport { validateJwk } from './jwk-jcs'\nimport {\n ENC_KEY_ALGS,\n type IImportProvidedOrGeneratedKeyArgs,\n JwkKeyUse,\n type KeyTypeFromCryptographicSuiteArgs,\n SIG_KEY_ALGS,\n type SignatureAlgorithmFromKeyArgs,\n type SignatureAlgorithmFromKeyTypeArgs,\n type TKeyType,\n} from './types'\n\nconst { fromString, toString } = u8a\n\nexport const logger = Loggers.DEFAULT.get('sphereon:key-utils')\n\n/*\n Function that returns the provided KMS name or the default KMS name if none is provided.\n * The default KMS is either explicitly defined during agent construction, or the first KMS available in the system\n * @param context\n * @param kms. Optional KMS to use. If provided will be the returned name. Otherwise the default KMS will be returned\n /\nexport const getKms = async (context: IAgentContext<any>, kms?: string): Promise<string> => {\n if (kms) {\n return kms\n }\n if (!context.agent.availableMethods().includes('keyManagerGetDefaultKeyManagementSystem')) {\n throw Error('Cannot determine default KMS if not provided and a non Sphereon Key Manager is being used')\n }\n return context.agent.keyManagerGetDefaultKeyManagementSystem()\n}\n\n/\n Generates a random Private Hex Key for the specified key type\n * @param type The key type\n * @return The private key in Hex form\n /\nexport const generatePrivateKeyHex = async (type: TKeyType): Promise<string> => {\n switch (type) {\n case 'Ed25519': {\n const keyPairEd25519 = generateSigningKeyPair()\n return toString(keyPairEd25519.secretKey, 'base16')\n }\n // The Secp256 types use the same method to generate the key\n case 'Secp256r1':\n case 'Secp256k1': {\n const privateBytes = randomBytes(32)\n return toString(privateBytes, 'base16')\n }\n case 'RSA': {\n const pem = await generateRSAKeyAsPEM('RSA-PSS', 'SHA-256', 2048)\n return privateKeyHexFromPEM(pem)\n }\n default:\n throw Error(`not_supported: Key type ${type} not yet supported for this did:jwk implementation`)\n }\n}\n\nconst keyMetaAlgorithmsFromKeyType = (type: string \| TKeyType) => {\n switch (type) {\n case 'Ed25519':\n return ['Ed25519', 'EdDSA']\n case 'ES256K':\n case 'Secp256k1':\n return ['ES256K', 'ES256K-R', 'eth_signTransaction', 'eth_signTypedData', 'eth_signMessage', 'eth_rawSign']\n case 'Secp256r1':\n return ['ES256']\n case 'X25519':\n return ['ECDH', 'ECDH-ES', 'ECDH-1PU']\n case 'RSA':\n return ['RS256', 'RS512', 'PS256', 'PS512']\n }\n return [type]\n}\n\n/\n We optionally generate and then import our own keys.\n \n @param args The key arguments\n * @param context The Veramo agent context\n * @private\n /\nexport async function importProvidedOrGeneratedKey(\n args: IImportProvidedOrGeneratedKeyArgs & {\n kms: string\n },\n context: IAgentContext<IKeyManager>,\n): Promise<IKey> {\n // @ts-ignore\n const type = args.options?.type ?? args.options?.key?.type ?? args.options?.keyType ?? 'Secp256r1'\n const key = args?.options?.key\n if (key) {\n key.meta = {\n ...key.meta,\n providerName: args.providerName,\n }\n\n // Make sure x509 options are also set on the metadata as that is what the kms will look for\n if (args.options?.x509) {\n key.meta = {\n ...key.meta,\n x509: {\n ...args.options.x509,\n ...key.meta?.x509,\n },\n }\n }\n }\n\n if (args.options && args.options?.use === JwkKeyUse.Encryption && !ENC_KEY_ALGS.includes(type)) {\n throw new Error(`${type} keys are not valid for encryption`)\n }\n\n let privateKeyHex: string \| undefined = undefined\n if (key) {\n privateKeyHex = key.privateKeyHex ?? key.meta?.x509?.privateKeyHex\n if ((!privateKeyHex \|\| privateKeyHex.trim() === '') && key?.meta?.x509?.privateKeyPEM) {\n // If we do not have a privateKeyHex but do have a PEM\n privateKeyHex = privateKeyHexFromPEM(key.meta.x509.privateKeyPEM)\n }\n }\n if (privateKeyHex) {\n return context.agent.keyManagerImport({\n ...key,\n kms: args.kms,\n type,\n privateKeyHex: privateKeyHex!,\n })\n }\n\n return context.agent.keyManagerCreate({\n type,\n kms: args.kms,\n meta: {\n ...key?.meta,\n algorithms: keyMetaAlgorithmsFromKeyType(type),\n ...(key?.meta?.keyAlias ? {} : { keyAlias: args.alias }),\n },\n })\n}\n\nexport const calculateJwkThumbprintForKey = (args: {\n key: IKey \| MinimalImportableKey \| ManagedKeyInfo\n digestAlgorithm?: 'sha256' \| 'sha512'\n}): string => {\n const { key } = args\n\n const jwk = key.publicKeyHex\n ? toJwk(key.publicKeyHex, key.type, { key: key, isPrivateKey: false })\n : 'privateKeyHex' in key && key.privateKeyHex\n ? toJwk(key.privateKeyHex, key.type, { isPrivateKey: true })\n : undefined\n if (!jwk) {\n throw Error(`Could not determine jwk from key ${key.kid}`)\n }\n return calculateJwkThumbprint({ jwk, digestAlgorithm: args.digestAlgorithm })\n}\n\nconst assertJwkClaimPresent = (value: unknown, description: string) => {\n if (typeof value !== 'string' \|\| !value) {\n throw new Error(`${description} missing or invalid`)\n }\n}\nexport const toBase64url = (input: string): string => toString(fromString(input), 'base64url')\n\n/\n Calculate the JWK thumbprint\n * @param args\n /\nexport const calculateJwkThumbprint = (args: { jwk: JWK; digestAlgorithm?: 'sha256' \| 'sha512' }): string => {\n const { digestAlgorithm = 'sha256' } = args\n const jwk = sanitizedJwk(args.jwk)\n let components\n switch (jwk.kty) {\n case 'EC':\n assertJwkClaimPresent(jwk.crv, '\"crv\" (Curve) Parameter')\n assertJwkClaimPresent(jwk.x, '\"x\" (X Coordinate) Parameter')\n assertJwkClaimPresent(jwk.y, '\"y\" (Y Coordinate) Parameter')\n components = { crv: jwk.crv, kty: jwk.kty, x: jwk.x, y: jwk.y }\n break\n case 'OKP':\n assertJwkClaimPresent(jwk.crv, '\"crv\" (Subtype of Key Pair) Parameter')\n assertJwkClaimPresent(jwk.x, '\"x\" (Public Key) Parameter')\n components = { crv: jwk.crv, kty: jwk.kty, x: jwk.x }\n break\n case 'RSA':\n assertJwkClaimPresent(jwk.e, '\"e\" (Exponent) Parameter')\n assertJwkClaimPresent(jwk.n, '\"n\" (Modulus) Parameter')\n components = { e: jwk.e, kty: jwk.kty, n: jwk.n }\n break\n case 'oct':\n assertJwkClaimPresent(jwk.k, '\"k\" (Key Value) Parameter')\n components = { k: jwk.k, kty: jwk.kty }\n break\n default:\n throw new Error('\"kty\" (Key Type) Parameter missing or unsupported')\n }\n const data = JSON.stringify(components)\n\n return digestAlgorithm === 'sha512'\n ? digestMethodParams('SHA-512').digestMethod(data, 'base64url')\n : digestMethodParams('SHA-256').digestMethod(data, 'base64url')\n}\n\nexport const toJwkFromKey = (\n key: IKey \| MinimalImportableKey \| ManagedKeyInfo,\n opts?: {\n use?: JwkKeyUse\n noKidThumbprint?: boolean\n },\n): JWK => {\n const isPrivateKey = 'privateKeyHex' in key\n return toJwk(key.publicKeyHex!, key.type, { ...opts, key, isPrivateKey })\n}\n\n/\n Converts a public key in hex format to a JWK\n * @param publicKeyHex public key in hex\n * @param type The type of the key (Ed25519, Secp256k1/r1)\n * @param opts. Options, like the optional use for the key (sig/enc)\n * @return The JWK\n /\nexport const toJwk = (\n publicKeyHex: string,\n type: TKeyType,\n opts?: { use?: JwkKeyUse; key?: IKey \| MinimalImportableKey; isPrivateKey?: boolean; noKidThumbprint?: boolean },\n): JWK => {\n const { key, noKidThumbprint = false } = opts ?? {}\n if (key && key.publicKeyHex !== publicKeyHex && opts?.isPrivateKey !== true) {\n throw Error(`Provided key with id ${key.kid}, has a different public key hex ${key.publicKeyHex} than supplied public key ${publicKeyHex}`)\n }\n let jwk: JWK\n switch (type) {\n case 'Ed25519':\n jwk = toEd25519OrX25519Jwk(publicKeyHex, { ...opts, crv: JoseCurve.Ed25519 })\n break\n case 'X25519':\n jwk = toEd25519OrX25519Jwk(publicKeyHex, { ...opts, crv: JoseCurve.X25519 })\n break\n case 'Secp256k1':\n jwk = toSecp256k1Jwk(publicKeyHex, opts)\n break\n case 'Secp256r1':\n jwk = toSecp256r1Jwk(publicKeyHex, opts)\n break\n case 'RSA':\n jwk = toRSAJwk(publicKeyHex, opts)\n break\n default:\n throw new Error(`not_supported: Key type ${type} not yet supported for this did:jwk implementation`)\n }\n if (!jwk.kid && !noKidThumbprint) {\n jwk['kid'] = calculateJwkThumbprint({ jwk })\n }\n return sanitizedJwk(jwk)\n}\n\n/\n Convert a JWK to a raw hex key.\n * Currently supports `RSA` and `EC` keys. Extendable for other key types.\n * @param jwk - The JSON Web Key object.\n * @returns A string representing the key in raw hexadecimal format.\n /\nexport const jwkToRawHexKey = async (jwk: JWK): Promise<string> => {\n // TODO: Probably makes sense to have an option to do the same for private keys\n jwk = sanitizedJwk(jwk)\n if (jwk.kty === 'RSA') {\n return rsaJwkToRawHexKey(jwk)\n } else if (jwk.kty === 'EC') {\n return ecJwkToRawHexKey(jwk)\n } else if (jwk.kty === 'OKP') {\n return okpJwkToRawHexKey(jwk)\n } else if (jwk.kty === 'oct') {\n return octJwkToRawHexKey(jwk)\n } else {\n throw new Error(`Unsupported key type: ${jwk.kty}`)\n }\n}\n\n/\n Convert an RSA JWK to a raw hex key.\n * @param jwk - The RSA JWK object.\n * @returns A string representing the RSA key in raw hexadecimal format.\n /\nexport function rsaJwkToRawHexKey(jwk: JsonWebKey): string {\n /\n Encode an integer value (given as a Uint8Array) into DER INTEGER:\n * 0x02 \|\| length \|\| value (with a leading 0x00 if the high bit is set).\n /\n function encodeInteger(bytes: Uint8Array): Uint8Array {\n // if high bit set, prefix a 0x00\n if (bytes[0] & 0x80) {\n bytes = Uint8Array.from([0x00, ...bytes])\n }\n const len = encodeLength(bytes.length)\n return Uint8Array.from([0x02, ...len, ...bytes])\n }\n\n /\n Encode length per DER rules:\n * - If <128, one byte\n * - Else 0x80\|numBytes followed by big-endian length\n /\n function encodeLength(len: any) {\n if (len < 0x80) {\n return Uint8Array.of(len)\n }\n let hex = len.toString(16)\n if (hex.length % 2 === 1) {\n hex = '0' + hex\n }\n const lenBytes = Uint8Array.from(hex.match(/.{2}/g)!.map((h: any) => parseInt(h, 16)))\n return Uint8Array.of(0x80 \| lenBytes.length, ...lenBytes)\n }\n\n /\n Wrap one or more DER elements in a SEQUENCE:\n * 0x30 \|\| totalLength \|\| concatenatedElements\n /\n function encodeSequence(elements: any) {\n const content = elements.reduce((acc: any, elm: any) => Uint8Array.from([...acc, ...elm]), new Uint8Array())\n const len = encodeLength(content.length)\n return Uint8Array.from([0x30, ...len, ...content])\n }\n\n /\n Convert a Base64-URL string into a Uint8Array (handles padding & “-_/”).\n /\n function base64UrlToBytes(b64url: string): Uint8Array {\n return fromString(b64url, 'base64url')\n }\n\n jwk = sanitizedJwk(jwk)\n if (!jwk.n \|\| !jwk.e) {\n throw new Error(\"RSA JWK must contain 'n' and 'e' properties.\")\n }\n const modulusBytes = base64UrlToBytes(jwk.n)\n const exponentBytes = base64UrlToBytes(jwk.e)\n const sequence = encodeSequence([encodeInteger(modulusBytes), encodeInteger(exponentBytes)])\n const result = toString(sequence, 'hex')\n return result\n /\n // We are converting from base64 to base64url to be sure. The spec uses base64url, but in the wild we sometimes encounter a base64 string\n const modulus = fromString(jwk.n.replace(/\\+/g, '-').replace(/\\//g, '_').replace(/=+$/, ''), 'base64url') // 'n' is the modulus\n const exponent = fromString(jwk.e.replace(/\\+/g, '-').replace(/\\//g, '_').replace(/=+$/, ''), 'base64url') // 'e' is the exponent\n\n return toString(modulus, 'hex') + toString(exponent, 'hex')/\n}\n\n/\n Convert an EC JWK to a raw hex key.\n * @param jwk - The EC JWK object.\n * @returns A string representing the EC key in raw hexadecimal format.\n /\nfunction ecJwkToRawHexKey(jwk: JsonWebKey): string {\n jwk = sanitizedJwk(jwk)\n if (!jwk.x \|\| !jwk.y) {\n throw new Error(\"EC JWK must contain 'x' and 'y' properties.\")\n }\n\n // We are converting from base64 to base64url to be sure. The spec uses base64url, but in the wild we sometimes encounter a base64 string\n const x = fromString(jwk.x.replace(/\\+/g, '-').replace(/\\//g, '_').replace(/=+$/, ''), 'base64url')\n const y = fromString(jwk.y.replace(/\\+/g, '-').replace(/\\//g, '_').replace(/=+$/, ''), 'base64url')\n\n return '04' + toString(x, 'hex') + toString(y, 'hex')\n}\n\n/\n Convert an EC JWK to a raw hex key.\n * @param jwk - The EC JWK object.\n * @returns A string representing the EC key in raw hexadecimal format.\n /\nfunction okpJwkToRawHexKey(jwk: JsonWebKey): string {\n jwk = sanitizedJwk(jwk)\n if (!jwk.x) {\n throw new Error(\"OKP JWK must contain 'x' property.\")\n }\n\n // We are converting from base64 to base64url to be sure. The spec uses base64url, but in the wild we sometimes encounter a base64 string\n const x = fromString(jwk.x.replace(/\\+/g, '-').replace(/\\//g, '_').replace(/=+$/, ''), 'base64url')\n\n return toString(x, 'hex')\n}\n\n/\n Convert an octet JWK to a raw hex key.\n * @param jwk - The octet JWK object.\n * @returns A string representing the octet key in raw hexadecimal format.\n /\nfunction octJwkToRawHexKey(jwk: JsonWebKey): string {\n jwk = sanitizedJwk(jwk)\n if (!jwk.k) {\n throw new Error(\"Octet JWK must contain 'k' property.\")\n }\n\n // We are converting from base64 to base64url to be sure. The spec uses base64url, but in the wild we sometimes encounter a base64 string\n const key = fromString(jwk.k.replace(/\\+/g, '-').replace(/\\//g, '_').replace(/=+$/, ''), 'base64url')\n\n return toString(key, 'hex')\n}\n\nexport function x25519PublicHexFromPrivateHex(privateKeyHex: string): string {\n if (!/^[0-9a-fA-F]{64}$/.test(privateKeyHex)) {\n throw new Error('Private key must be 32-byte hex (64 chars)')\n }\n\n const priv = Uint8Array.from(Buffer.from(privateKeyHex, 'hex'))\n const pub = x25519.getPublicKey(priv)\n\n return Buffer.from(pub).toString('hex')\n}\n\n/\n Determines the use param based upon the key/signature type or supplied use value.\n \n @param type The key type\n * @param suppliedUse A supplied use. Will be used in case it is present\n /\nexport const jwkDetermineUse = (type: TKeyType, suppliedUse?: JwkKeyUse): JwkKeyUse \| undefined => {\n return suppliedUse\n ? suppliedUse\n : SIG_KEY_ALGS.includes(type)\n ? JwkKeyUse.Signature\n : ENC_KEY_ALGS.includes(type)\n ? JwkKeyUse.Encryption\n : undefined\n}\n\n/\n Assert the key has a proper length\n \n @param keyHex Input key\n * @param expectedKeyLength Expected key length(s)\n /\nconst assertProperKeyLength = (keyHex: string, expectedKeyLength: number \| number[]) => {\n if (Array.isArray(expectedKeyLength)) {\n if (!expectedKeyLength.includes(keyHex.length)) {\n throw Error(\n `Invalid key length. Needs to be a hex string with length from ${JSON.stringify(expectedKeyLength)} instead of ${\n keyHex.length\n }. Input: ${keyHex}`,\n )\n }\n } else if (keyHex.length !== expectedKeyLength) {\n throw Error(`Invalid key length. Needs to be a hex string with length ${expectedKeyLength} instead of ${keyHex.length}. Input: ${keyHex}`)\n }\n}\n\n/\n Generates a JWK from a Secp256k1 public key\n * @param keyHex Secp256k1 public or private key in hex\n * @param use The use for the key\n * @return The JWK\n /\nconst toSecp256k1Jwk = (keyHex: string, opts?: { use?: JwkKeyUse; isPrivateKey?: boolean }): JWK => {\n const { use } = opts ?? {}\n logger.debug(`toSecp256k1Jwk keyHex: ${keyHex}, length: ${keyHex.length}`)\n if (opts?.isPrivateKey) {\n assertProperKeyLength(keyHex, [64])\n } else {\n assertProperKeyLength(keyHex, [66, 130])\n }\n\n const secp256k1 = new elliptic.ec('secp256k1')\n const keyBytes = fromString(keyHex, 'base16')\n const keyPair = opts?.isPrivateKey ? secp256k1.keyFromPrivate(keyBytes) : secp256k1.keyFromPublic(keyBytes)\n const pubPoint = keyPair.getPublic()\n\n return sanitizedJwk({\n alg: JoseSignatureAlgorithm.ES256K,\n ...(use !== undefined && { use }),\n kty: JwkKeyType.EC,\n crv: JoseCurve.secp256k1,\n x: hexToBase64(pubPoint.getX().toString('hex').padStart(64, '0'), 'base64url'),\n y: hexToBase64(pubPoint.getY().toString('hex').padStart(64, '0'), 'base64url'),\n ...(opts?.isPrivateKey && { d: hexToBase64(keyPair.getPrivate('hex'), 'base64url') }),\n })\n}\n\n/\n Generates a JWK from a Secp256r1 public key\n * @param keyHex Secp256r1 public key in hex\n * @param use The use for the key\n * @return The JWK\n /\nconst toSecp256r1Jwk = (keyHex: string, opts?: { use?: JwkKeyUse; isPrivateKey?: boolean }): JWK => {\n const { use } = opts ?? {}\n logger.debug(`toSecp256r1Jwk keyHex: ${keyHex}, length: ${keyHex.length}`)\n if (opts?.isPrivateKey) {\n assertProperKeyLength(keyHex, [64])\n } else {\n assertProperKeyLength(keyHex, [66, 130])\n }\n\n const secp256r1 = new elliptic.ec('p256')\n const keyBytes = fromString(keyHex, 'base16')\n logger.debug(`keyBytes length: ${keyBytes}`)\n const keyPair = opts?.isPrivateKey ? secp256r1.keyFromPrivate(keyBytes) : secp256r1.keyFromPublic(keyBytes)\n const pubPoint = keyPair.getPublic()\n return sanitizedJwk({\n alg: JoseSignatureAlgorithm.ES256,\n ...(use !== undefined && { use }),\n kty: JwkKeyType.EC,\n crv: JoseCurve.P_256,\n x: hexToBase64(pubPoint.getX().toString('hex').padStart(64, '0'), 'base64url'),\n y: hexToBase64(pubPoint.getY().toString('hex').padStart(64, '0'), 'base64url'),\n ...(opts?.isPrivateKey && { d: hexToBase64(keyPair.getPrivate('hex'), 'base64url') }),\n })\n}\n\n/\n Generates a JWK from an Ed25519/X25519 public key\n * @param publicKeyHex Ed25519/X25519 public key in hex\n * @param opts\n * @return The JWK\n /\nconst toEd25519OrX25519Jwk = (\n publicKeyHex: string,\n opts: {\n use?: JwkKeyUse\n crv: JoseCurve.Ed25519 \| JoseCurve.X25519\n },\n): JWK => {\n assertProperKeyLength(publicKeyHex, 64)\n const { use } = opts ?? {}\n return sanitizedJwk({\n alg: JoseSignatureAlgorithm.EdDSA,\n ...(use !== undefined && { use }),\n kty: JwkKeyType.OKP,\n crv: opts?.crv ?? JoseCurve.Ed25519,\n x: hexToBase64(publicKeyHex, 'base64url'),\n })\n}\n\nconst toRSAJwk = (publicKeyHex: string, opts?: { use?: JwkKeyUse; key?: IKey \| MinimalImportableKey }): JWK => {\n function parseDerIntegers(pubKeyHex: string): { modulus: string; exponent: string } {\n const bytes = Buffer.from(pubKeyHex, 'hex')\n let offset = 0\n\n // 1) Outer SEQUENCE\n if (bytes[offset++] !== 0x30) throw new Error('Not a SEQUENCE')\n let len = bytes[offset++]\n if (len & 0x80) {\n const nBytes = len & 0x7f\n len = 0\n for (let i = 0; i < nBytes; i++) {\n len = (len << 8) + bytes[offset++]\n }\n }\n\n // 2) Look at next tag: INTEGER(0x02) means raw PKCS#1,\n // otherwise assume X.509/SPKI wrapper.\n if (bytes[offset] !== 0x02) {\n // --- skip AlgorithmIdentifier SEQUENCE ---\n if (bytes[offset++] !== 0x30) throw new Error('Expected alg-ID SEQUENCE')\n let algLen = bytes[offset++]\n if (algLen & 0x80) {\n const nB = algLen & 0x7f\n algLen = 0\n for (let i = 0; i < nB; i++) algLen = (algLen << 8) + bytes[offset++]\n }\n offset += algLen\n\n // --- skip BIT STRING wrapper ---\n if (bytes[offset++] !== 0x03) throw new Error('Expected BIT STRING')\n let bitLen = bytes[offset++]\n if (bitLen & 0x80) {\n const nB = bitLen & 0x7f\n bitLen = 0\n for (let i = 0; i < nB; i++) bitLen = (bitLen << 8) + bytes[offset++]\n }\n // skip the “unused bits” byte\n offset += 1\n\n // now the next byte should be 0x30 for the inner SEQUENCE\n if (bytes[offset++] !== 0x30) throw new Error('Expected inner SEQUENCE')\n let innerLen = bytes[offset++]\n if (innerLen & 0x80) {\n const nB = innerLen & 0x7f\n innerLen = 0\n for (let i = 0; i < nB; i++) innerLen = (innerLen << 8) + bytes[offset++]\n }\n }\n\n // 3) Parse modulus INTEGER\n if (bytes[offset++] !== 0x02) throw new Error('Expected INTEGER for modulus')\n let modLen = bytes[offset++]\n if (modLen & 0x80) {\n const nB = modLen & 0x7f\n modLen = 0\n for (let i = 0; i < nB; i++) modLen = (modLen << 8) + bytes[offset++]\n }\n let modulusBytes = bytes.slice(offset, offset + modLen)\n offset += modLen\n\n // strip leading zero if present (unsigned integer in JWK)\n if (modulusBytes[0] === 0x00) {\n modulusBytes = modulusBytes.slice(1)\n }\n\n // 4) Parse exponent INTEGER\n if (bytes[offset++] !== 0x02) throw new Error('Expected INTEGER for exponent')\n let expLen = bytes[offset++]\n if (expLen & 0x80) {\n const nB = expLen & 0x7f\n expLen = 0\n for (let i = 0; i < nB; i++) expLen = (expLen << 8) + bytes[offset++]\n }\n const exponentBytes = bytes.slice(offset, offset + expLen)\n\n return {\n modulus: modulusBytes.toString('hex'),\n exponent: exponentBytes.toString('hex'),\n }\n }\n\n const meta = opts?.key?.meta\n if (meta?.publicKeyJwk \|\| meta?.publicKeyPEM) {\n if (meta?.publicKeyJwk) {\n return meta.publicKeyJwk as JWK\n }\n const publicKeyPEM = meta?.publicKeyPEM ?? hexToPEM(publicKeyHex, 'public')\n const jwk = PEMToJwk(publicKeyPEM, 'public') as JWK\n return jwk\n }\n\n const { modulus, exponent } = parseDerIntegers(publicKeyHex)\n const sanitized = sanitizedJwk({\n kty: 'RSA',\n n: hexToBase64(modulus, 'base64url'),\n e: hexToBase64(exponent, 'base64url'),\n })\n return sanitized\n}\n\nexport const padLeft = (args: { data: string; size?: number; padString?: string }): string => {\n const { data } = args\n const size = args.size ?? 32\n const padString = args.padString ?? '0'\n if (data.length >= size) {\n return data\n }\n\n if (padString && padString.length === 0) {\n throw Error(`Pad string needs to have at least a length of 1`)\n }\n const length = padString.length\n return padString.repeat((size - data.length) / length) + data\n}\n\nenum OIDType {\n Secp256k1,\n Secp256r1,\n Ed25519,\n}\n\nconst OID: Record<OIDType, Uint8Array> = {\n [OIDType.Secp256k1]: new Uint8Array([0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02, 0x01]),\n [OIDType.Secp256r1]: new Uint8Array([0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07]),\n [OIDType.Ed25519]: new Uint8Array([0x06, 0x03, 0x2b, 0x65, 0x70]),\n}\n\nconst compareUint8Arrays = (a: Uint8Array, b: Uint8Array): boolean => {\n if (a.length !== b.length) {\n return false\n }\n for (let i = 0; i < a.length; i++) {\n if (a[i] !== b[i]) {\n return false\n }\n }\n return true\n}\n\nconst findSubarray = (haystack: Uint8Array, needle: Uint8Array): number => {\n for (let i = 0; i <= haystack.length - needle.length; i++) {\n if (compareUint8Arrays(haystack.subarray(i, i + needle.length), needle)) {\n return i\n }\n }\n return -1\n}\n\nconst getTargetOID = (keyType: TKeyType) => {\n switch (keyType) {\n case 'Secp256k1':\n return OID[OIDType.Secp256k1]\n case 'Secp256r1':\n return OID[OIDType.Secp256r1]\n case 'Ed25519':\n return OID[OIDType.Ed25519]\n default:\n throw new Error(`Unsupported key type: ${keyType}`)\n }\n}\n\nexport const isAsn1Der = (key: Uint8Array): boolean => key[0] === 0x30\n\nexport const asn1DerToRawPublicKey = (derKey: Uint8Array, keyType: TKeyType): Uint8Array => {\n if (!isAsn1Der(derKey)) {\n throw new Error('Invalid DER encoding: Expected to start with sequence tag')\n }\n\n let index = 2\n if (derKey[1] & 0x80) {\n const lengthBytesCount = derKey[1] & 0x7f\n index += lengthBytesCount\n }\n const targetOid = getTargetOID(keyType)\n const oidIndex = findSubarray(derKey, targetOid)\n if (oidIndex === -1) {\n throw new Error(`OID for ${keyType} not found in DER encoding`)\n }\n\n index = oidIndex + targetOid.length\n\n while (index < derKey.length && derKey[index] !== 0x03) {\n index++\n }\n\n if (index >= derKey.length) {\n throw new Error('Invalid DER encoding: Bit string not found')\n }\n\n // Skip the bit string tag (0x03) and length byte\n index += 2\n\n // Skip the unused bits count byte\n index++\n\n return derKey.slice(index)\n}\n\nexport const isRawCompressedPublicKey = (key: Uint8Array): boolean => key.length === 33 && (key[0] === 0x02 \|\| key[0] === 0x03)\n\nexport const toRawCompressedHexPublicKey = (rawPublicKey: Uint8Array, keyType: TKeyType): string => {\n if (isRawCompressedPublicKey(rawPublicKey)) {\n return hexStringFromUint8Array(rawPublicKey)\n }\n\n if (keyType === 'Secp256k1' \|\| keyType === 'Secp256r1') {\n if (rawPublicKey[0] === 0x04 && rawPublicKey.length === 65) {\n const xCoordinate = rawPublicKey.slice(1, 33)\n const yCoordinate = rawPublicKey.slice(33)\n const prefix = new Uint8Array([yCoordinate[31] % 2 === 0 ? 0x02 : 0x03])\n const resultKey = hexStringFromUint8Array(new Uint8Array([...prefix, ...xCoordinate]))\n logger.debug(`converted public key ${hexStringFromUint8Array(rawPublicKey)} to ${resultKey}`)\n return resultKey\n }\n return toString(rawPublicKey, 'base16')\n } else if (keyType === 'Ed25519') {\n // Ed25519 keys are always in compressed form\n return toString(rawPublicKey, 'base16')\n }\n\n throw new Error(`Unsupported key type: ${keyType}`)\n}\n\nexport const hexStringFromUint8Array = (value: Uint8Array): string => toString(value, 'base16')\n\nexport const signatureAlgorithmFromKey = async (args: SignatureAlgorithmFromKeyArgs): Promise<JoseSignatureAlgorithm> => {\n const { key } = args\n return signatureAlgorithmFromKeyType({ type: key.type })\n}\n\nexport const signatureAlgorithmFromKeyType = (args: SignatureAlgorithmFromKeyTypeArgs): JoseSignatureAlgorithm => {\n const { type } = args\n switch (type) {\n case 'Ed25519':\n case 'X25519':\n return JoseSignatureAlgorithm.EdDSA\n case 'Secp256r1':\n return JoseSignatureAlgorithm.ES256\n case 'Secp384r1':\n return JoseSignatureAlgorithm.ES384\n case 'Secp521r1':\n return JoseSignatureAlgorithm.ES512\n case 'Secp256k1':\n return JoseSignatureAlgorithm.ES256K\n case 'RSA':\n return JoseSignatureAlgorithm.PS256\n default:\n throw new Error(`Key type '${type}' not supported`)\n }\n}\n\n// TODO improve this conversion for jwt and jsonld, not a fan of current structure\nexport const keyTypeFromCryptographicSuite = (args: KeyTypeFromCryptographicSuiteArgs): TKeyType => {\n const { crv, kty, alg } = args\n\n switch (alg) {\n case 'RSASSA-PSS':\n case 'RS256':\n case 'RS384':\n case 'RS512':\n case 'PS256':\n case 'PS384':\n case 'PS512':\n return 'RSA'\n }\n\n switch (crv) {\n case 'EdDSA':\n case 'Ed25519':\n case 'Ed25519Signature2018':\n case 'Ed25519Signature2020':\n case 'JcsEd25519Signature2020':\n return 'Ed25519'\n case 'JsonWebSignature2020':\n case 'ES256':\n case 'ECDSA':\n case 'P-256':\n return 'Secp256r1'\n case 'ES384':\n case 'P-384':\n return 'Secp384r1'\n case 'ES512':\n case 'P-521':\n return 'Secp521r1'\n case 'EcdsaSecp256k1Signature2019':\n case 'secp256k1':\n case 'ES256K':\n case 'EcdsaSecp256k1VerificationKey2019':\n case 'EcdsaSecp256k1RecoveryMethod2020':\n return 'Secp256k1'\n }\n if (kty) {\n return kty as TKeyType\n }\n\n throw new Error(`Cryptographic suite '${crv}' not supported`)\n}\n\nexport function removeNulls<T>(obj: T \| any) {\n Object.keys(obj).forEach((key) => {\n if (obj[key] && typeof obj[key] === 'object') removeNulls(obj[key])\n else if (obj[key] == null) delete obj[key]\n })\n return obj\n}\n\nexport const globalCrypto = (setGlobal: boolean, suppliedCrypto?: Crypto): Crypto => {\n let webcrypto: Crypto\n if (typeof suppliedCrypto !== 'undefined') {\n webcrypto = suppliedCrypto\n } else if (typeof crypto !== 'undefined') {\n webcrypto = crypto\n } else if (typeof global.crypto !== 'undefined') {\n webcrypto = global.crypto\n } else {\n // @ts-ignore\n if (typeof global.window?.crypto?.subtle !== 'undefined') {\n // @ts-ignore\n webcrypto = global.window.crypto\n } else {\n webcrypto = import('crypto') as Crypto\n }\n }\n if (setGlobal) {\n global.crypto = webcrypto\n }\n\n return webcrypto\n}\n\nexport const sanitizedJwk = (input: JWK \| JsonWebKey): JWK => {\n const inputJwk = typeof input['toJsonDTO'] === 'function' ? input['toJsonDTO']() : ({ ...input } as JWK) // KMP code can expose this. It converts a KMP JWK with mangled names into a clean JWK\n\n const jwk = {\n ...inputJwk,\n ...(inputJwk.x && { x: base64ToBase64Url(inputJwk.x as string) }),\n ...(inputJwk.y && { y: base64ToBase64Url(inputJwk.y as string) }),\n ...(inputJwk.d && { d: base64ToBase64Url(inputJwk.d as string) }),\n ...(inputJwk.n && { n: base64ToBase64Url(inputJwk.n as string) }),\n ...(inputJwk.e && { e: base64ToBase64Url(inputJwk.e as string) }),\n ...(inputJwk.k && { k: base64ToBase64Url(inputJwk.k as string) }),\n } as JWK\n\n return removeNulls(jwk)\n}\n\nconst base64ToBase64Url = (input: string): string => {\n return input.replace(/\\+/g, '-').replace(/\\//g, '_').replace(/=+$/, '')\n}\n\n/\n \n /\nexport async function verifyRawSignature({\n data,\n signature,\n key: inputKey,\n opts,\n}: {\n data: Uint8Array\n signature: Uint8Array\n key: JWK\n opts?: {\n signatureAlg?: JoseSignatureAlgorithm\n }\n}) {\n /\n Converts a Base64URL-encoded JWK property to a BigInt.\n * @param jwkProp - The Base64URL-encoded string.\n * @returns The BigInt representation of the decoded value.\n /\n function jwkPropertyToBigInt(jwkProp: string): bigint {\n // Decode Base64URL to Uint8Array\n const byteArray = fromString(jwkProp, 'base64url')\n\n // Convert Uint8Array to hexadecimal string and then to BigInt\n const hex = toString(byteArray, 'hex')\n return BigInt(`0x${hex}`)\n }\n\n try {\n debug(`verifyRawSignature for: ${inputKey}`)\n const jwk = sanitizedJwk(inputKey)\n validateJwk(jwk, { crvOptional: true })\n const keyType = keyTypeFromCryptographicSuite({ crv: jwk.crv, kty: jwk.kty, alg: jwk.alg })\n const publicKeyHex = await jwkToRawHexKey(jwk)\n\n // TODO: We really should look at the signature alg first if provided! From key type should be the last resort\n switch (keyType) {\n case 'Secp256k1':\n return secp256k1.verify(signature, data, publicKeyHex, { format: 'compact', prehash: true })\n case 'Secp256r1':\n return p256.verify(signature, data, publicKeyHex, { format: 'compact', prehash: true })\n case 'Secp384r1':\n return p384.verify(signature, data, publicKeyHex, { format: 'compact', prehash: true })\n case 'Secp521r1':\n return p521.verify(signature, data, publicKeyHex, { format: 'compact', prehash: true })\n case 'Ed25519':\n return ed25519.verify(signature, data, fromString(publicKeyHex, 'hex'))\n case 'Bls12381G1':\n case 'Bls12381G2':\n return bls12_381.verify(signature, data, fromString(publicKeyHex, 'hex'))\n case 'RSA': {\n const signatureAlgorithm = opts?.signatureAlg ?? (jwk.alg as JoseSignatureAlgorithm \| undefined) ?? JoseSignatureAlgorithm.PS256\n const hashAlg =\n signatureAlgorithm === JoseSignatureAlgorithm.RS512 \|\| signatureAlgorithm === JoseSignatureAlgorithm.PS512\n ? sha512\n : signatureAlgorithm === JoseSignatureAlgorithm.RS384 \|\| signatureAlgorithm === JoseSignatureAlgorithm.PS384\n ? sha384\n : sha256\n switch (signatureAlgorithm) {\n case JoseSignatureAlgorithm.RS256:\n return rsa.PKCS1_SHA256.verify(\n {\n n: jwkPropertyToBigInt(jwk.n!),\n e: jwkPropertyToBigInt(jwk.e!),\n },\n data,\n signature,\n )\n case JoseSignatureAlgorithm.RS384:\n return rsa.PKCS1_SHA384.verify(\n {\n n: jwkPropertyToBigInt(jwk.n!),\n e: jwkPropertyToBigInt(jwk.e!),\n },\n data,\n signature,\n )\n case JoseSignatureAlgorithm.RS512:\n return rsa.PKCS1_SHA512.verify(\n {\n n: jwkPropertyToBigInt(jwk.n!),\n e: jwkPropertyToBigInt(jwk.e!),\n },\n data,\n signature,\n )\n case JoseSignatureAlgorithm.PS256:\n case JoseSignatureAlgorithm.PS384:\n case JoseSignatureAlgorithm.PS512:\n if (typeof crypto !== 'undefined' && typeof crypto.subtle !== 'undefined') {\n const key = await cryptoSubtleImportRSAKey(jwk, 'RSA-PSS')\n const saltLength =\n signatureAlgorithm === JoseSignatureAlgorithm.PS256 ? 32 : signatureAlgorithm === JoseSignatureAlgorithm.PS384 ? 48 : 64\n return crypto.subtle.verify({ name: 'rsa-pss', hash: hashAlg, saltLength }, key, signature, data)\n }\n\n // FIXME\n console.warn(`Using fallback for RSA-PSS verify signature, which is known to be flaky!!`)\n return rsa.PSS(hashAlg, rsa.mgf1(hashAlg)).verify(\n {\n n: jwkPropertyToBigInt(jwk.n!),\n e: jwkPropertyToBigInt(jwk.e!),\n },\n data,\n signature,\n )\n }\n }\n }\n\n throw Error(`Unsupported key type for signature validation: ${keyType}`)\n } catch (error: any) {\n logger.error(`Error: ${error}`)\n throw error\n }\n}\n\n/\n Minimal DER parser to unwrap X.509/SPKI‐wrapped RSA keys\n * into raw PKCS#1 RSAPublicKey format, using only Uint8Array.\n /\n\n/\n Read a DER length at the given offset.\n * @param bytes – full DER buffer\n * @param offset – index of the length byte\n * @returns the parsed length, and how many bytes were used to encode it\n /\nfunction readLength(bytes: Uint8Array, offset: number): { length: number; lengthBytes: number } {\n const first = bytes[offset]\n if (first < 0x80) {\n return { length: first, lengthBytes: 1 }\n }\n const numBytes = first & 0x7f\n let length = 0\n for (let i = 0; i < numBytes; i++) {\n length = (length << 8) \| bytes[offset + 1 + i]\n }\n return { length, lengthBytes: 1 + numBytes }\n}\n\n/\n Ensure the given DER‐encoded RSA public key (Uint8Array)\n * is raw PKCS#1. If it's X.509/SPKI‐wrapped, we strip the wrapper.\n \n @param derBytes – DER‐encoded public key, either PKCS#1 or X.509/SPKI\n * @returns DER‐encoded PKCS#1 RSAPublicKey\n /\nexport function toPkcs1(derBytes: Uint8Array): Uint8Array {\n if (derBytes[0] !== 0x30) {\n throw new Error('Invalid DER: expected SEQUENCE')\n }\n\n // Parse outer SEQUENCE length\n const { lengthBytes: outerLenBytes } = readLength(derBytes, 1)\n const outerHeaderLen = 1 + outerLenBytes\n const innerTag = derBytes[outerHeaderLen]\n\n // If next tag is INTEGER (0x02), it's already raw PKCS#1\n if (innerTag === 0x02) {\n return derBytes\n }\n\n // Otherwise expect X.509/SPKI: SEQUENCE { algId, BIT STRING }\n if (innerTag !== 0x30) {\n throw new Error('Unexpected DER tag, not PKCS#1 or SPKI')\n }\n\n // Skip the algId SEQUENCE\n const { length: algLen, lengthBytes: algLenBytes } = readLength(derBytes, outerHeaderLen + 1)\n const algHeaderLen = 1 + algLenBytes\n const algIdEnd = outerHeaderLen + algHeaderLen + algLen\n\n // Next tag should be BIT STRING (0x03)\n if (derBytes[algIdEnd] !== 0x03) {\n throw new Error('Expected BIT STRING after algId')\n }\n\n const { length: bitStrLen, lengthBytes: bitStrLenBytes } = readLength(derBytes, algIdEnd + 1)\n const bitStrHeaderLen = 1 + bitStrLenBytes\n const bitStrStart = algIdEnd + bitStrHeaderLen\n\n // First byte of the BIT STRING is the \"unused bits\" count; usually 0x00\n const unusedBits = derBytes[bitStrStart]\n if (unusedBits !== 0x00) {\n throw new Error(`Unexpected unused bits: ${unusedBits}`)\n }\n\n // The rest is the PKCS#1 DER\n const pkcs1Start = bitStrStart + 1\n const pkcs1Len = bitStrLen - 1\n\n return derBytes.slice(pkcs1Start, pkcs1Start + pkcs1Len)\n}\n\n/\n Ensure the given DER‐encoded RSA public key in Hex\n * is raw PKCS#1. If it's X.509/SPKI‐wrapped, we strip the wrapper.\n \n @param derBytes – DER‐encoded public key, either PKCS#1 or X.509/SPKI\n * @returns DER‐encoded PKCS#1 RSAPublicKey in hex\n /\nexport function toPkcs1FromHex(publicKeyHex: string) {\n const pkcs1 = toPkcs1(fromString(publicKeyHex, 'hex'))\n return toString(pkcs1, 'hex')\n}\n","import { sha256 } from '@noble/hashes/sha256'\nimport { sha384, sha512 } from '@noble/hashes/sha512'\nimport type { HasherSync } from '@sphereon/ssi-types'\n// @ts-ignore\nimport as u8a from 'uint8arrays'\nconst { fromString, toString, SupportedEncodings } = u8a\n\nexport type HashAlgorithm = 'SHA-256' \| 'SHA-384' \| 'SHA-512'\nexport type TDigestMethod = (input: string, encoding?: typeof SupportedEncodings) => string\n\nexport const digestMethodParams = (\n hashAlgorithm: HashAlgorithm,\n): { hashAlgorithm: HashAlgorithm; digestMethod: TDigestMethod; hash: (data: Uint8Array) => Uint8Array } => {\n if (hashAlgorithm === 'SHA-256') {\n return { hashAlgorithm: 'SHA-256', digestMethod: sha256DigestMethod, hash: sha256 }\n } else if (hashAlgorithm === 'SHA-384') {\n return { hashAlgorithm: 'SHA-384', digestMethod: sha384DigestMethod, hash: sha384 }\n } else {\n return { hashAlgorithm: 'SHA-512', digestMethod: sha512DigestMethod, hash: sha512 }\n }\n}\n\nexport const shaHasher: HasherSync = (input: string \| ArrayBuffer, alg: string): Uint8Array => {\n const hashAlgorithm: HashAlgorithm = alg.includes('384') ? 'SHA-384' : alg.includes('512') ? 'SHA-512' : 'SHA-256'\n return digestMethodParams(hashAlgorithm).hash(typeof input === 'string' ? fromString(input, 'utf-8') : new Uint8Array(input))\n}\n\nconst sha256DigestMethod = (input: string, encoding: typeof SupportedEncodings = 'base16'): string => {\n return toString(sha256(fromString(input, 'utf-8')), encoding)\n}\n\nconst sha384DigestMethod = (input: string, encoding: typeof SupportedEncodings = 'base16'): string => {\n return toString(sha384(fromString(input, 'utf-8')), encoding)\n}\n\nconst sha512DigestMethod = (input: string, encoding: typeof SupportedEncodings = 'base16'): string => {\n return toString(sha512(fromString(input, 'utf-8')), encoding)\n}\n\n/\n// PKCS#1 (PSS) mask generation function\nfunction pss_mgf1_str(seed, len, hash) {\n var mask = '', i = 0;\n\n while (mask.length < len) {\n mask += hextorstr(hash(rstrtohex(seed + String.fromCharCode.apply(String, [\n (i & 0xff000000) >> 24,\n (i & 0x00ff0000) >> 16,\n (i & 0x0000ff00) >> 8,\n i & 0x000000ff]))));\n i += 1;\n }\n\n return mask;\n}\n\n /\n\n/\n\n/!\n Generate mask of specified length.\n \n @param {String} seed The seed for mask generation.\n * @param maskLen Number of bytes to generate.\n * @return {String} The generated mask.\n !/\nexport const mgf1 = (dm: TDigestMethod, seed: string, maskLen: number) => {\n /! 2. Let T be the empty octet string. !/\n var t = new forge.util.ByteBuffer();\n\n /! 3. For counter from 0 to ceil(maskLen / hLen), do the following: !/\n var len = Math.ceil(maskLen / md.digestLength);\n for(var i = 0; i < len; i++) {\n /! a. Convert counter to an octet string C of length 4 octets !/\n var c = new forge.util.ByteBuffer();\n c.putInt32(i);\n\n /! b. Concatenate the hash of the seed mgfSeed and C to the octet\n * string T: !/\n md.start();\n md.update(seed + c.getBytes());\n t.putBuffer(md.digest());\n }\n\n /! Output the leading maskLen octets of T as the octet string mask. !/\n t.truncate(t.length() - maskLen);\n return t.getBytes();\n}\n/\n","import { JsonWebKey, JWK } from '@sphereon/ssi-types'\n// @ts-ignore\nimport type { ByteView } from 'multiformats/codecs/interface'\n// @ts-ignore\nimport { TextDecoder, TextEncoder } from 'web-encoding'\n\nconst textEncoder = new TextEncoder()\nconst textDecoder = new TextDecoder()\n\n/*\n Checks if the value is a non-empty string.\n \n @param value - The value to check.\n * @param description - Description of the value to check.\n * @param optional\n /\nfunction check(value: unknown, description: string, optional: boolean = false) {\n if (optional && !value) {\n return\n }\n if (typeof value !== 'string' \|\| !value) {\n throw new Error(`${description} missing or invalid`)\n }\n}\n\n/\n Checks if the value is a valid JSON object.\n \n @param value - The value to check.\n /\nfunction assertObject(value: unknown) {\n if (!value \|\| typeof value !== 'object') {\n throw new Error('Value must be an object')\n }\n}\n\n/\n Checks if the JWK is valid. It must contain all the required members.\n \n @see https://www.rfc-editor.org/rfc/rfc7518#section-6\n * @see https://www.rfc-editor.org/rfc/rfc8037#section-2\n \n @param jwk - The JWK to check.\n * @param opts\n /\nexport function validateJwk(jwk: any, opts?: { crvOptional?: boolean }) {\n assertObject(jwk)\n const { crvOptional = false } = opts ?? {}\n check(jwk.kty, '\"kty\" (Key Type) Parameter', false)\n\n // Check JWK required members based on the key type\n switch (jwk.kty) {\n /\n @see https://www.rfc-editor.org/rfc/rfc7518#section-6.2.1\n /\n case 'EC':\n check(jwk.crv, '\"crv\" (Curve) Parameter', crvOptional)\n check(jwk.x, '\"x\" (X Coordinate) Parameter')\n check(jwk.y, '\"y\" (Y Coordinate) Parameter')\n break\n /\n @see https://www.rfc-editor.org/rfc/rfc8037#section-2\n /\n case 'OKP':\n check(jwk.crv, '\"crv\" (Subtype of Key Pair) Parameter', crvOptional) // Shouldn't this one always be true as crv is not always present?\n check(jwk.x, '\"x\" (Public Key) Parameter')\n break\n /\n @see https://www.rfc-editor.org/rfc/rfc7518#section-6.3.1\n /\n case 'RSA':\n check(jwk.e, '\"e\" (Exponent) Parameter')\n check(jwk.n, '\"n\" (Modulus) Parameter')\n break\n default:\n throw new Error('\"kty\" (Key Type) Parameter missing or unsupported')\n }\n}\n\n/\n Extracts the required members of the JWK and canonicalizes it.\n \n @param jwk - The JWK to canonicalize.\n * @returns The JWK with only the required members, ordered lexicographically.\n /\nexport function minimalJwk(jwk: any): JWK {\n // \"default\" case is not needed\n // eslint-disable-next-line default-case\n switch (jwk.kty) {\n case 'EC':\n return { ...(jwk.crv && { crv: jwk.crv }), kty: jwk.kty, x: jwk.x, y: jwk.y }\n case 'OKP':\n return { ...(jwk.crv && { crv: jwk.crv }), kty: jwk.kty, x: jwk.x }\n case 'RSA':\n return { e: jwk.e, kty: jwk.kty, n: jwk.n }\n }\n throw Error(`Unsupported key type (kty) provided: ${jwk.kty}`)\n}\n\n/\n Encodes a JWK into a Uint8Array. Only the required JWK members are encoded.\n \n @see https://www.rfc-editor.org/rfc/rfc7518#section-6\n * @see https://www.rfc-editor.org/rfc/rfc8037#section-2\n * @see https://github.com/panva/jose/blob/3b8aa47b92d07a711bf5c3125276cc9a011794a4/src/jwk/thumbprint.ts#L37\n \n @param jwk - JSON Web Key.\n * @returns Uint8Array-encoded JWK.\n /\nexport function jwkJcsEncode(jwk: unknown): Uint8Array {\n validateJwk(jwk)\n const strippedJwk = minimalJwk(jwk)\n return textEncoder.encode(jcsCanonicalize(strippedJwk))\n}\n\n/\n Decodes an array of bytes into a JWK. Throws an error if the JWK is not valid.\n \n @param bytes - The array of bytes to decode.\n * @returns The corresponding JSON Web Key.\n /\nexport function jwkJcsDecode(bytes: ByteView<JsonWebKey>): JsonWebKey {\n const jwk = JSON.parse(textDecoder.decode(bytes))\n validateJwk(jwk)\n if (JSON.stringify(jwk) !== jcsCanonicalize(minimalJwk(jwk))) {\n throw new Error('The JWK embedded in the DID is not correctly formatted')\n }\n return jwk\n}\n\n// From: https://github.com/cyberphone/json-canonicalization\nexport function jcsCanonicalize(object: any) {\n let buffer = ''\n serialize(object)\n return buffer\n\n function serialize(object: any) {\n if (object === null \|\| typeof object !== 'object' \|\| object.toJSON != null) {\n /////////////////////////////////////////////////\n // Primitive type or toJSON - Use ES6/JSON //\n /////////////////////////////////////////////////\n buffer += JSON.stringify(object)\n } else if (Array.isArray(object)) {\n /////////////////////////////////////////////////\n // Array - Maintain element order //\n /////////////////////////////////////////////////\n buffer += '['\n let next = false\n object.forEach((element) => {\n if (next) {\n buffer += ','\n }\n next = true\n /////////////////////////////////////////\n // Array element - Recursive expansion //\n /////////////////////////////////////////\n serialize(element)\n })\n buffer += ']'\n } else {\n /////////////////////////////////////////////////\n // Object - Sort properties before serializing //\n /////////////////////////////////////////////////\n buffer += '{'\n let next = false\n Object.keys(object)\n .sort()\n .forEach((property) => {\n if (next) {\n buffer += ','\n }\n next = true\n ///////////////////////////////////////////////\n // Property names are strings - Use ES6/JSON //\n ///////////////////////////////////////////////\n buffer += JSON.stringify(property)\n buffer += ':'\n //////////////////////////////////////////\n // Property value - Recursive expansion //\n //////////////////////////////////////////\n serialize(object[property])\n })\n buffer += '}'\n }\n }\n}\n","import type { IKey, MinimalImportableKey } from '@veramo/core'\n\nexport const JWK_JCS_PUB_NAME = 'jwk_jcs-pub' as const\nexport const JWK_JCS_PUB_PREFIX = 0xeb51\n\nexport type TKeyType = 'Ed25519' \| 'Secp256k1' \| 'Secp256r1' \| 'Secp384r1' \| 'Secp521r1' \| 'X25519' \| 'Bls12381G1' \| 'Bls12381G2' \| 'RSA'\n\nexport enum Key {\n Ed25519 = 'Ed25519',\n Secp256k1 = 'Secp256k1',\n Secp256r1 = 'Secp256r1',\n}\n\nexport enum JwkKeyUse {\n Encryption = 'enc',\n Signature = 'sig',\n}\n\nexport const SIG_KEY_ALGS = ['ES256', 'ES384', 'ES512', 'EdDSA', 'ES256K', 'Ed25519', 'Secp256k1', 'Secp256r1', 'Bls12381G1', 'Bls12381G2']\nexport const ENC_KEY_ALGS = ['X25519', 'ECDH_ES_A256KW', 'RSA_OAEP_256']\n\nexport type KeyVisibility = 'public' \| 'private'\n\nexport interface X509Opts {\n cn?: string // The certificate Common Name. Will be used as the KID for the private key. Uses alias if not provided.\n privateKeyPEM?: string // Optional as you also need to provide it in hex format, but advisable to use it\n certificatePEM?: string // Optional, as long as the certificate then is part of the certificateChainPEM\n certificateChainURL?: string // Certificate chain URL. If used this is where the certificateChainPEM will be hosted/found.\n certificateChainPEM?: string // Base64 (not url!) encoded DER certificate chain. Please provide even if certificateChainURL is used!\n}\n\nexport interface IImportProvidedOrGeneratedKeyArgs {\n providerName: string\n kms?: string\n alias?: string\n options?: IKeyOpts\n}\nexport interface IKeyOpts {\n key?: Partial<MinimalImportableKey> // Optional key to import with only privateKeyHex mandatory. If not specified a key with random kid will be created\n type?: Exclude<TKeyType, 'Secp384r1' \| 'Secp521r1'> // The key type. Defaults to Secp256k1. The exclude is there as we do not support it yet for key generation\n use?: JwkKeyUse // The key use\n x509?: X509Opts\n}\n/\n// Needed to make a single property required\ntype WithRequiredProperty<Type, Key extends keyof Type> = Type & {\n [Property in Key]-?: Type[Property]\n}*/\n\nexport type SignatureAlgorithmFromKeyArgs = {\n key: IKey\n}\n\nexport type SignatureAlgorithmFromKeyTypeArgs = {\n type: TKeyType\n}\n\nexport type KeyTypeFromCryptographicSuiteArgs = {\n crv?: string\n kty?: string\n alg?: string\n}\n","import {\n ICoseCurve,\n type ICoseKeyJson,\n ICoseKeyOperation,\n ICoseKeyType,\n ICoseSignatureAlgorithm,\n JoseCurve,\n type JoseCurveString,\n JoseKeyOperation,\n type JoseKeyOperationString,\n JoseSignatureAlgorithm,\n type JoseSignatureAlgorithmString,\n type JWK,\n JwkKeyType,\n type JwkKeyTypeString,\n} from '@sphereon/ssi-types'\nimport { removeNulls } from './functions'\n\nexport function coseKeyToJwk(coseKey: ICoseKeyJson): JWK {\n const { x5chain, key_ops, crv, alg, baseIV, kty, ...rest } = coseKey\n return removeNulls({\n ...rest,\n kty: coseToJoseKty(kty),\n ...(crv && { crv: coseToJoseCurve(crv) }),\n ...(key_ops && { key_ops: key_ops.map(coseToJoseKeyOperation) }),\n ...(alg && { alg: coseToJoseSignatureAlg(alg) }),\n ...(baseIV && { iv: baseIV }),\n ...(x5chain && { x5c: x5chain }),\n }) satisfies JWK\n}\n\nexport function jwkToCoseKey(jwk: JWK): ICoseKeyJson {\n const { x5c, key_ops, crv, alg, iv, kty, ...rest } = jwk\n\n return removeNulls({\n ...rest,\n kty: joseToCoseKty(kty),\n ...(crv && { crv: joseToCoseCurve(crv) }),\n ...(key_ops && { key_ops: key_ops.map(joseToCoseKeyOperation) }),\n ...(alg && { alg: joseToCoseSignatureAlg(alg) }),\n ...(iv && { baseIV: iv }),\n ...(x5c && { x5chain: x5c }),\n // @ts-ignore\n } satisfies ICoseKeyJson)\n}\n\nexport function coseToJoseKty(kty: ICoseKeyType): JwkKeyType {\n switch (kty) {\n case ICoseKeyType.EC2:\n return JwkKeyType.EC\n case ICoseKeyType.RSA:\n return JwkKeyType.RSA\n case ICoseKeyType.Symmetric:\n return JwkKeyType.oct\n case ICoseKeyType.OKP:\n return JwkKeyType.OKP\n default:\n throw Error(`Key type ${kty} not supported in JWA`)\n }\n}\n\nexport function joseToCoseKty(kty: JwkKeyType \| JwkKeyTypeString): ICoseKeyType {\n switch (kty) {\n case 'EC':\n return ICoseKeyType.EC2\n case 'RSA':\n return ICoseKeyType.RSA\n case 'oct':\n return ICoseKeyType.Symmetric\n case 'OKP':\n return ICoseKeyType.OKP\n default:\n throw Error(`Key type ${kty} not supported in Cose`)\n }\n}\n\nexport function coseToJoseSignatureAlg(coseAlg: ICoseSignatureAlgorithm): JoseSignatureAlgorithm {\n switch (coseAlg) {\n case ICoseSignatureAlgorithm.ES256K:\n return JoseSignatureAlgorithm.ES256K\n case ICoseSignatureAlgorithm.ES256:\n return JoseSignatureAlgorithm.ES256\n case ICoseSignatureAlgorithm.ES384:\n return JoseSignatureAlgorithm.ES384\n case ICoseSignatureAlgorithm.ES512:\n return JoseSignatureAlgorithm.ES512\n case ICoseSignatureAlgorithm.PS256:\n return JoseSignatureAlgorithm.PS256\n case ICoseSignatureAlgorithm.PS384:\n return JoseSignatureAlgorithm.PS384\n case ICoseSignatureAlgorithm.PS512:\n return JoseSignatureAlgorithm.PS512\n case ICoseSignatureAlgorithm.HS256:\n return JoseSignatureAlgorithm.HS256\n case ICoseSignatureAlgorithm.HS384:\n return JoseSignatureAlgorithm.HS384\n case ICoseSignatureAlgorithm.HS512:\n return JoseSignatureAlgorithm.HS512\n case ICoseSignatureAlgorithm.EdDSA:\n return JoseSignatureAlgorithm.EdDSA\n default:\n throw Error(`Signature algorithm ${coseAlg} not supported in Jose`)\n }\n}\n\nexport function joseToCoseSignatureAlg(joseAlg: JoseSignatureAlgorithm \| JoseSignatureAlgorithmString): ICoseSignatureAlgorithm {\n switch (joseAlg) {\n case JoseSignatureAlgorithm.ES256K:\n case 'ES256K':\n return ICoseSignatureAlgorithm.ES256K\n case JoseSignatureAlgorithm.ES256:\n case 'ES256':\n return ICoseSignatureAlgorithm.ES256\n case JoseSignatureAlgorithm.ES384:\n case 'ES384':\n return ICoseSignatureAlgorithm.ES384\n case JoseSignatureAlgorithm.ES512:\n case 'ES512':\n return ICoseSignatureAlgorithm.ES512\n case JoseSignatureAlgorithm.PS256:\n case 'PS256':\n return ICoseSignatureAlgorithm.PS256\n case JoseSignatureAlgorithm.PS384:\n case 'PS384':\n return ICoseSignatureAlgorithm.PS384\n case JoseSignatureAlgorithm.PS512:\n case 'PS512':\n return ICoseSignatureAlgorithm.PS512\n case JoseSignatureAlgorithm.HS256:\n case 'HS256':\n return ICoseSignatureAlgorithm.HS256\n case JoseSignatureAlgorithm.HS384:\n case 'HS384':\n return ICoseSignatureAlgorithm.HS384\n case JoseSignatureAlgorithm.HS512:\n case 'HS512':\n return ICoseSignatureAlgorithm.HS512\n case JoseSignatureAlgorithm.EdDSA:\n case 'EdDSA':\n return ICoseSignatureAlgorithm.EdDSA\n default:\n throw Error(`Signature algorithm ${joseAlg} not supported in Cose`)\n }\n}\n\nexport function joseToCoseKeyOperation(keyOp: JoseKeyOperation \| JoseKeyOperationString): ICoseKeyOperation {\n switch (keyOp) {\n case JoseKeyOperation.SIGN:\n case 'sign':\n return ICoseKeyOperation.SIGN\n case JoseKeyOperation.VERIFY:\n case 'verify':\n return ICoseKeyOperation.VERIFY\n case JoseKeyOperation.ENCRYPT:\n case 'encrypt':\n return ICoseKeyOperation.ENCRYPT\n case JoseKeyOperation.DECRYPT:\n case 'decrypt':\n return ICoseKeyOperation.DECRYPT\n case JoseKeyOperation.WRAP_KEY:\n case 'wrapKey':\n return ICoseKeyOperation.WRAP_KEY\n case JoseKeyOperation.UNWRAP_KEY:\n case 'unwrapKey':\n return ICoseKeyOperation.UNWRAP_KEY\n case JoseKeyOperation.DERIVE_KEY:\n case 'deriveKey':\n return ICoseKeyOperation.DERIVE_KEY\n case JoseKeyOperation.DERIVE_BITS:\n case 'deriveBits':\n return ICoseKeyOperation.DERIVE_BITS\n default:\n throw Error(`Key operation ${keyOp} not supported in Cose`)\n }\n}\n\nexport function coseToJoseKeyOperation(keyOp: ICoseKeyOperation): JoseKeyOperation {\n switch (keyOp) {\n case ICoseKeyOperation.SIGN:\n return JoseKeyOperation.SIGN\n case ICoseKeyOperation.VERIFY:\n return JoseKeyOperation.VERIFY\n case ICoseKeyOperation.ENCRYPT:\n return JoseKeyOperation.ENCRYPT\n case ICoseKeyOperation.DECRYPT:\n return JoseKeyOperation.DECRYPT\n case ICoseKeyOperation.WRAP_KEY:\n return JoseKeyOperation.WRAP_KEY\n case ICoseKeyOperation.UNWRAP_KEY:\n return JoseKeyOperation.UNWRAP_KEY\n case ICoseKeyOperation.DERIVE_KEY:\n return JoseKeyOperation.DERIVE_KEY\n case ICoseKeyOperation.DERIVE_BITS:\n return JoseKeyOperation.DERIVE_BITS\n default:\n throw Error(`Key operation ${keyOp} not supported in Jose`)\n }\n}\n\nexport function joseToCoseCurve(curve: JoseCurve \| JoseCurveString): ICoseCurve {\n switch (curve) {\n case (JoseCurve.P_256, 'P-256'):\n return ICoseCurve.P_256\n case (JoseCurve.P_384, 'P-384'):\n return ICoseCurve.P_384\n case (JoseCurve.P_521, 'P-521'):\n return ICoseCurve.P_521\n case (JoseCurve.X25519, 'X25519'):\n return ICoseCurve.X25519\n case (JoseCurve.X448, 'X448'):\n return ICoseCurve.X448\n case (JoseCurve.Ed25519, 'Ed25519'):\n return ICoseCurve.Ed25519\n case (JoseCurve.Ed448, 'Ed448'):\n return ICoseCurve.Ed448\n case (JoseCurve.secp256k1, 'secp256k1'):\n return ICoseCurve.secp256k1\n default:\n throw Error(`Curve ${curve} not supported in Cose`)\n }\n}\n\nexport function coseToJoseCurve(curve: ICoseCurve): JoseCurve {\n switch (curve) {\n case ICoseCurve.P_256:\n return JoseCurve.P_256\n case ICoseCurve.P_384:\n return JoseCurve.P_384\n case ICoseCurve.P_521:\n return JoseCurve.P_521\n case ICoseCurve.X25519:\n return JoseCurve.X25519\n case ICoseCurve.X448:\n return JoseCurve.X448\n case ICoseCurve.Ed25519:\n return JoseCurve.Ed25519\n case ICoseCurve.Ed448:\n return JoseCurve.Ed448\n case ICoseCurve.secp256k1:\n return JoseCurve.secp256k1\n default:\n throw Error(`Curve ${curve} not supported in Jose`)\n }\n}\n"],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;ACAA,oBAA4B;AAE5B,uBAA0B;AAC1B,qBAAgC;AAChC,kBAAqB;AACrB,kBAAqB;AACrB,kBAAqB;AACrB,uBAA0B;AAC1B,kBAAuC;AACvC,yBAOO;AACP,uBAAiF;AACjF,IAAAA,kBAA0D;AAE1D,mBAAkB;AAGlB,sBAAqB;AACrB,UAAqB;AAKrB,IAAAC,OAAqB;;;AC7BrB,oBAAuB;AACvB,oBAA+B;AAG/B,UAAqB;AACrB,IAAM,EAAEC,YAAYC,UAAUC,mBAAkB,IAAKC;AAK9C,IAAMC,qBAAqB,wBAChCC,kBAAAA;AAEA,MAAIA,kBAAkB,WAAW;AAC/B,WAAO;MAAEA,eAAe;MAAWC,cAAcC;MAAoBC,MAAMC;IAAO;EACpF,WAAWJ,kBAAkB,WAAW;AACtC,WAAO;MAAEA,eAAe;MAAWC,cAAcI;MAAoBF,MAAMG;IAAO;EACpF,OAAO;AACL,WAAO;MAAEN,eAAe;MAAWC,cAAcM;MAAoBJ,MAAMK;IAAO;EACpF;AACF,GAVkC;AAY3B,IAAMC,YAAwB,wBAACC,OAA6BC,QAAAA;AACjE,QAAMX,gBAA+BW,IAAIC,SAAS,KAAA,IAAS,YAAYD,IAAIC,SAAS,KAAA,IAAS,YAAY;AACzG,SAAOb,mBAAmBC,aAAAA,EAAeG,KAAK,OAAOO,UAAU,WAAWf,WAAWe,OAAO,OAAA,IAAW,IAAIG,WAAWH,KAAAA,CAAAA;AACxH,GAHqC;AAKrC,IAAMR,qBAAqB,wBAACQ,OAAeI,WAAsC,aAAQ;AACvF,SAAOlB,aAASQ,sBAAOT,WAAWe,OAAO,OAAA,CAAA,GAAWI,QAAAA;AACtD,GAF2B;AAI3B,IAAMT,qBAAqB,wBAACK,OAAeI,WAAsC,aAAQ;AACvF,SAAOlB,aAASU,sBAAOX,WAAWe,OAAO,OAAA,CAAA,GAAWI,QAAAA;AACtD,GAF2B;AAI3B,IAAMP,qBAAqB,wBAACG,OAAeI,WAAsC,aAAQ;AACvF,SAAOlB,aAASY,sBAAOb,WAAWe,OAAO,OAAA,CAAA,GAAWI,QAAAA;AACtD,GAF2B;;;AC/B3B,0BAAyC;AAEzC,IAAMC,cAAc,IAAIC,gCAAAA;AACxB,IAAMC,cAAc,IAAIC,gCAAAA;AASxB,SAASC,MAAMC,OAAgBC,aAAqBC,WAAoB,OAAK;AAC3E,MAAIA,YAAY,CAACF,OAAO;AACtB;EACF;AACA,MAAI,OAAOA,UAAU,YAAY,CAACA,OAAO;AACvC,UAAM,IAAIG,MAAM,GAAGF,WAAAA,qBAAgC;EACrD;AACF;AAPSF;AAcT,SAASK,aAAaJ,OAAc;AAClC,MAAI,CAACA,SAAS,OAAOA,UAAU,UAAU;AACvC,UAAM,IAAIG,MAAM,yBAAA;EAClB;AACF;AAJSC;AAeF,SAASC,YAAYC,KAAUC,MAAgC;AACpEH,eAAaE,GAAAA;AACb,QAAM,EAAEE,cAAc,MAAK,IAAKD,QAAQ,CAAC;AACzCR,QAAMO,IAAIG,KAAK,8BAA8B,KAAA;AAG7C,UAAQH,IAAIG,KAAG;;;;IAIb,KAAK;AACHV,YAAMO,IAAII,KAAK,2BAA2BF,WAAAA;AAC1CT,YAAMO,IAAIK,GAAG,8BAAA;AACbZ,YAAMO,IAAIM,GAAG,8BAAA;AACb;;;;IAIF,KAAK;AACHb,YAAMO,IAAII,KAAK,yCAAyCF,WAAAA;AACxDT,YAAMO,IAAIK,GAAG,4BAAA;AACb;;;;IAIF,KAAK;AACHZ,YAAMO,IAAIO,GAAG,0BAAA;AACbd,YAAMO,IAAIQ,GAAG,yBAAA;AACb;IACF;AACE,YAAM,IAAIX,MAAM,mDAAA;EACpB;AACF;AAhCgBE;AAwCT,SAASU,WAAWT,KAAQ;AAGjC,UAAQA,IAAIG,KAAG;IACb,KAAK;AACH,aAAO;QAAE,GAAIH,IAAII,OAAO;UAAEA,KAAKJ,IAAII;QAAI;QAAID,KAAKH,IAAIG;QAAKE,GAAGL,IAAIK;QAAGC,GAAGN,IAAIM;MAAE;IAC9E,KAAK;AACH,aAAO;QAAE,GAAIN,IAAII,OAAO;UAAEA,KAAKJ,IAAII;QAAI;QAAID,KAAKH,IAAIG;QAAKE,GAAGL,IAAIK;MAAE;IACpE,KAAK;AACH,aAAO;QAAEE,GAAGP,IAAIO;QAAGJ,KAAKH,IAAIG;QAAKK,GAAGR,IAAIQ;MAAE;EAC9C;AACA,QAAMX,MAAM,wCAAwCG,IAAIG,GAAG,EAAE;AAC/D;AAZgBM;AAwBT,SAASC,aAAaV,KAAY;AACvCD,cAAYC,GAAAA;AACZ,QAAMW,cAAcF,WAAWT,GAAAA;AAC/B,SAAOX,YAAYuB,OAAOC,gBAAgBF,WAAAA,CAAAA;AAC5C;AAJgBD;AAYT,SAASI,aAAaC,OAA2B;AACtD,QAAMf,MAAMgB,KAAKC,MAAM1B,YAAY2B,OAAOH,KAAAA,CAAAA;AAC1ChB,cAAYC,GAAAA;AACZ,MAAIgB,KAAKG,UAAUnB,GAAAA,MAASa,gBAAgBJ,WAAWT,GAAAA,CAAAA,GAAO;AAC5D,UAAM,IAAIH,MAAM,wDAAA;EAClB;AACA,SAAOG;AACT;AAPgBc;AAUT,SAASD,gBAAgBO,QAAW;AACzC,MAAIC,SAAS;AACbC,YAAUF,MAAAA;AACV,SAAOC;AAEP,WAASC,UAAUF,SAAW;AAC5B,QAAIA,YAAW,QAAQ,OAAOA,YAAW,YAAYA,QAAOG,UAAU,MAAM;AAI1EF,gBAAUL,KAAKG,UAAUC,OAAAA;IAC3B,WAAWI,MAAMC,QAAQL,OAAAA,GAAS;AAIhCC,gBAAU;AACV,UAAIK,OAAO;AACXN,MAAAA,QAAOO,QAAQ,CAACC,YAAAA;AACd,YAAIF,MAAM;AACRL,oBAAU;QACZ;AACAK,eAAO;AAIPJ,kBAAUM,OAAAA;MACZ,CAAA;AACAP,gBAAU;IACZ,OAAO;AAILA,gBAAU;AACV,UAAIK,OAAO;AACXG,aAAOC,KAAKV,OAAAA,EACTW,KAAI,EACJJ,QAAQ,CAACK,aAAAA;AACR,YAAIN,MAAM;AACRL,oBAAU;QACZ;AACAK,eAAO;AAIPL,kBAAUL,KAAKG,UAAUa,QAAAA;AACzBX,kBAAU;AAIVC,kBAAUF,QAAOY,QAAAA,CAAS;MAC5B,CAAA;AACFX,gBAAU;IACZ;EACF;AAhDSC;AAiDX;AAtDgBT;;;ACjIT,IAAMoB,mBAAmB;AACzB,IAAMC,qBAAqB;AAI3B,IAAKC,MAAAA,0BAAAA,MAAAA;;;;SAAAA;;AAML,IAAKC,YAAAA,0BAAAA,YAAAA;;;SAAAA;;AAKL,IAAMC,eAAe;EAAC;EAAS;EAAS;EAAS;EAAS;EAAU;EAAW;EAAa;EAAa;EAAc;;AACvH,IAAMC,eAAe;EAAC;EAAU;EAAkB;;;;AHwBzD,IAAM,EAAEC,YAAAA,aAAYC,UAAAA,UAAQ,IAAKC;AAE1B,IAAMC,SAASC,yBAAQC,QAAQC,IAAI,oBAAA;AAQnC,IAAMC,SAAS,8BAAOC,SAA6BC,QAAAA;AACxD,MAAIA,KAAK;AACP,WAAOA;EACT;AACA,MAAI,CAACD,QAAQE,MAAMC,iBAAgB,EAAGC,SAAS,yCAAA,GAA4C;AACzF,UAAMC,MAAM,2FAAA;EACd;AACA,SAAOL,QAAQE,MAAMI,wCAAuC;AAC9D,GARsB;AAef,IAAMC,wBAAwB,8BAAOC,SAAAA;AAC1C,UAAQA,MAAAA;IACN,KAAK,WAAW;AACd,YAAMC,qBAAiBC,gBAAAA,iBAAAA;AACvB,aAAOjB,UAASgB,eAAeE,WAAW,QAAA;IAC5C;;IAEA,KAAK;IACL,KAAK,aAAa;AAChB,YAAMC,mBAAeC,2BAAY,EAAA;AACjC,aAAOpB,UAASmB,cAAc,QAAA;IAChC;IACA,KAAK,OAAO;AACV,YAAME,MAAM,UAAMC,wCAAoB,WAAW,WAAW,IAAA;AAC5D,iBAAOC,yCAAqBF,GAAAA;IAC9B;IACA;AACE,YAAMT,MAAM,2BAA2BG,IAAAA,oDAAwD;EACnG;AACF,GAnBqC;AAqBrC,IAAMS,+BAA+B,wBAACT,SAAAA;AACpC,UAAQA,MAAAA;IACN,KAAK;AACH,aAAO;QAAC;QAAW;;IACrB,KAAK;IACL,KAAK;AACH,aAAO;QAAC;QAAU;QAAY;QAAuB;QAAqB;QAAmB;;IAC/F,KAAK;AACH,aAAO;QAAC;;IACV,KAAK;AACH,aAAO;QAAC;QAAQ;QAAW;;IAC7B,KAAK;AACH,aAAO;QAAC;QAAS;QAAS;QAAS;;EACvC;AACA,SAAO;IAACA;;AACV,GAfqC;AAwBrC,eAAsBU,6BACpBC,MAGAnB,SAAmC;AAGnC,QAAMQ,OAAOW,KAAKC,SAASZ,QAAQW,KAAKC,SAASC,KAAKb,QAAQW,KAAKC,SAASE,WAAW;AACvF,QAAMD,MAAMF,MAAMC,SAASC;AAC3B,MAAIA,KAAK;AACPA,QAAIE,OAAO;MACT,GAAGF,IAAIE;MACPC,cAAcL,KAAKK;IACrB;AAGA,QAAIL,KAAKC,SAASK,MAAM;AACtBJ,UAAIE,OAAO;QACT,GAAGF,IAAIE;QACPE,MAAM;UACJ,GAAGN,KAAKC,QAAQK;UAChB,GAAGJ,IAAIE,MAAME;QACf;MACF;IACF;EACF;AAEA,MAAIN,KAAKC,WAAWD,KAAKC,SAASM,QAAQC,UAAUC,cAAc,CAACC,aAAazB,SAASI,IAAAA,GAAO;AAC9F,UAAM,IAAIH,MAAM,GAAGG,IAAAA,oCAAwC;EAC7D;AAEA,MAAIsB,gBAAoCC;AACxC,MAAIV,KAAK;AACPS,oBAAgBT,IAAIS,iBAAiBT,IAAIE,MAAME,MAAMK;AACrD,SAAK,CAACA,iBAAiBA,cAAcE,KAAI,MAAO,OAAOX,KAAKE,MAAME,MAAMQ,eAAe;AAErFH,0BAAgBd,yCAAqBK,IAAIE,KAAKE,KAAKQ,aAAa;IAClE;EACF;AACA,MAAIH,eAAe;AACjB,WAAO9B,QAAQE,MAAMgC,iBAAiB;MACpC,GAAGb;MACHpB,KAAKkB,KAAKlB;MACVO;MACAsB;IACF,CAAA;EACF;AAEA,SAAO9B,QAAQE,MAAMiC,iBAAiB;IACpC3B;IACAP,KAAKkB,KAAKlB;IACVsB,MAAM;MACJ,GAAGF,KAAKE;MACRa,YAAYnB,6BAA6BT,IAAAA;MACzC,GAAIa,KAAKE,MAAMc,WAAW,CAAC,IAAI;QAAEA,UAAUlB,KAAKmB;MAAM;IACxD;EACF,CAAA;AACF;AAzDsBpB;AA2Df,IAAMqB,+BAA+B,wBAACpB,SAAAA;AAI3C,QAAM,EAAEE,IAAG,IAAKF;AAEhB,QAAMqB,MAAMnB,IAAIoB,eACZC,MAAMrB,IAAIoB,cAAcpB,IAAIb,MAAM;IAAEa;IAAUsB,cAAc;EAAM,CAAA,IAClE,mBAAmBtB,OAAOA,IAAIS,gBAC5BY,MAAMrB,IAAIS,eAAeT,IAAIb,MAAM;IAAEmC,cAAc;EAAK,CAAA,IACxDZ;AACN,MAAI,CAACS,KAAK;AACR,UAAMnC,MAAM,oCAAoCgB,IAAIuB,GAAG,EAAE;EAC3D;AACA,SAAOC,uBAAuB;IAAEL;IAAKM,iBAAiB3B,KAAK2B;EAAgB,CAAA;AAC7E,GAf4C;AAiB5C,IAAMC,wBAAwB,wBAACC,OAAgBC,gBAAAA;AAC7C,MAAI,OAAOD,UAAU,YAAY,CAACA,OAAO;AACvC,UAAM,IAAI3C,MAAM,GAAG4C,WAAAA,qBAAgC;EACrD;AACF,GAJ8B;AAKvB,IAAMC,cAAc,wBAACC,UAA0B1D,UAASD,YAAW2D,KAAAA,GAAQ,WAAA,GAAvD;AAMpB,IAAMN,yBAAyB,wBAAC1B,SAAAA;AACrC,QAAM,EAAE2B,kBAAkB,SAAQ,IAAK3B;AACvC,QAAMqB,MAAMY,aAAajC,KAAKqB,GAAG;AACjC,MAAIa;AACJ,UAAQb,IAAIc,KAAG;IACb,KAAK;AACHP,4BAAsBP,IAAIe,KAAK,yBAAA;AAC/BR,4BAAsBP,IAAIgB,GAAG,8BAAA;AAC7BT,4BAAsBP,IAAIiB,GAAG,8BAAA;AAC7BJ,mBAAa;QAAEE,KAAKf,IAAIe;QAAKD,KAAKd,IAAIc;QAAKE,GAAGhB,IAAIgB;QAAGC,GAAGjB,IAAIiB;MAAE;AAC9D;IACF,KAAK;AACHV,4BAAsBP,IAAIe,KAAK,uCAAA;AAC/BR,4BAAsBP,IAAIgB,GAAG,4BAAA;AAC7BH,mBAAa;QAAEE,KAAKf,IAAIe;QAAKD,KAAKd,IAAIc;QAAKE,GAAGhB,IAAIgB;MAAE;AACpD;IACF,KAAK;AACHT,4BAAsBP,IAAIkB,GAAG,0BAAA;AAC7BX,4BAAsBP,IAAImB,GAAG,yBAAA;AAC7BN,mBAAa;QAAEK,GAAGlB,IAAIkB;QAAGJ,KAAKd,IAAIc;QAAKK,GAAGnB,IAAImB;MAAE;AAChD;IACF,KAAK;AACHZ,4BAAsBP,IAAIoB,GAAG,2BAAA;AAC7BP,mBAAa;QAAEO,GAAGpB,IAAIoB;QAAGN,KAAKd,IAAIc;MAAI;AACtC;IACF;AACE,YAAM,IAAIjD,MAAM,mDAAA;EACpB;AACA,QAAMwD,OAAOC,KAAKC,UAAUV,UAAAA;AAE5B,SAAOP,oBAAoB,WACvBkB,mBAAmB,SAAA,EAAWC,aAAaJ,MAAM,WAAA,IACjDG,mBAAmB,SAAA,EAAWC,aAAaJ,MAAM,WAAA;AACvD,GAjCsC;AAmC/B,IAAMK,eAAe,wBAC1B7C,KACA8C,SAAAA;AAKA,QAAMxB,eAAe,mBAAmBtB;AACxC,SAAOqB,MAAMrB,IAAIoB,cAAepB,IAAIb,MAAM;IAAE,GAAG2D;IAAM9C;IAAKsB;EAAa,CAAA;AACzE,GAT4B;AAkBrB,IAAMD,QAAQ,wBACnBD,cACAjC,MACA2D,SAAAA;AAEA,QAAM,EAAE9C,KAAK+C,kBAAkB,MAAK,IAAKD,QAAQ,CAAC;AAClD,MAAI9C,OAAOA,IAAIoB,iBAAiBA,gBAAgB0B,MAAMxB,iBAAiB,MAAM;AAC3E,UAAMtC,MAAM,wBAAwBgB,IAAIuB,GAAG,oCAAoCvB,IAAIoB,YAAY,6BAA6BA,YAAAA,EAAc;EAC5I;AACA,MAAID;AACJ,UAAQhC,MAAAA;IACN,KAAK;AACHgC,YAAM6B,qBAAqB5B,cAAc;QAAE,GAAG0B;QAAMZ,KAAKe,2BAAUC;MAAQ,CAAA;AAC3E;IACF,KAAK;AACH/B,YAAM6B,qBAAqB5B,cAAc;QAAE,GAAG0B;QAAMZ,KAAKe,2BAAUE;MAAO,CAAA;AAC1E;IACF,KAAK;AACHhC,YAAMiC,eAAehC,cAAc0B,IAAAA;AACnC;IACF,KAAK;AACH3B,YAAMkC,eAAejC,cAAc0B,IAAAA;AACnC;IACF,KAAK;AACH3B,YAAMmC,SAASlC,cAAc0B,IAAAA;AAC7B;IACF;AACE,YAAM,IAAI9D,MAAM,2BAA2BG,IAAAA,oDAAwD;EACvG;AACA,MAAI,CAACgC,IAAII,OAAO,CAACwB,iBAAiB;AAChC5B,QAAI,KAAA,IAASK,uBAAuB;MAAEL;IAAI,CAAA;EAC5C;AACA,SAAOY,aAAaZ,GAAAA;AACtB,GAjCqB;AAyCd,IAAMoC,iBAAiB,8BAAOpC,QAAAA;AAEnCA,QAAMY,aAAaZ,GAAAA;AACnB,MAAIA,IAAIc,QAAQ,OAAO;AACrB,WAAOuB,kBAAkBrC,GAAAA;EAC3B,WAAWA,IAAIc,QAAQ,MAAM;AAC3B,WAAOwB,iBAAiBtC,GAAAA;EAC1B,WAAWA,IAAIc,QAAQ,OAAO;AAC5B,WAAOyB,kBAAkBvC,GAAAA;EAC3B,WAAWA,IAAIc,QAAQ,OAAO;AAC5B,WAAO0B,kBAAkBxC,GAAAA;EAC3B,OAAO;AACL,UAAM,IAAInC,MAAM,yBAAyBmC,IAAIc,GAAG,EAAE;EACpD;AACF,GAd8B;AAqBvB,SAASuB,kBAAkBrC,KAAe;AAK/C,WAASyC,cAAcC,OAAiB;AAEtC,QAAIA,MAAM,CAAA,IAAK,KAAM;AACnBA,cAAQC,WAAWC,KAAK;QAAC;WAASF;OAAM;IAC1C;AACA,UAAMG,MAAMC,aAAaJ,MAAMK,MAAM;AACrC,WAAOJ,WAAWC,KAAK;MAAC;SAASC;SAAQH;KAAM;EACjD;AAPSD;AAcT,WAASK,aAAaD,KAAQ;AAC5B,QAAIA,MAAM,KAAM;AACd,aAAOF,WAAWK,GAAGH,GAAAA;IACvB;AACA,QAAII,MAAMJ,IAAI5F,SAAS,EAAA;AACvB,QAAIgG,IAAIF,SAAS,MAAM,GAAG;AACxBE,YAAM,MAAMA;IACd;AACA,UAAMC,WAAWP,WAAWC,KAAKK,IAAIE,MAAM,OAAA,EAAUC,IAAI,CAACC,MAAWC,SAASD,GAAG,EAAA,CAAA,CAAA;AACjF,WAAOV,WAAWK,GAAG,MAAOE,SAASH,QAAM,GAAKG,QAAAA;EAClD;AAVSJ;AAgBT,WAASS,eAAeC,UAAa;AACnC,UAAMC,UAAUD,SAASE,OAAO,CAACC,KAAUC,QAAajB,WAAWC,KAAK;SAAIe;SAAQC;KAAI,GAAG,IAAIjB,WAAAA,CAAAA;AAC/F,UAAME,MAAMC,aAAaW,QAAQV,MAAM;AACvC,WAAOJ,WAAWC,KAAK;MAAC;SAASC;SAAQY;KAAQ;EACnD;AAJSF;AAST,WAASM,iBAAiBC,QAAc;AACtC,WAAO9G,YAAW8G,QAAQ,WAAA;EAC5B;AAFSD;AAIT7D,QAAMY,aAAaZ,GAAAA;AACnB,MAAI,CAACA,IAAImB,KAAK,CAACnB,IAAIkB,GAAG;AACpB,UAAM,IAAIrD,MAAM,8CAAA;EAClB;AACA,QAAMkG,eAAeF,iBAAiB7D,IAAImB,CAAC;AAC3C,QAAM6C,gBAAgBH,iBAAiB7D,IAAIkB,CAAC;AAC5C,QAAM+C,WAAWV,eAAe;IAACd,cAAcsB,YAAAA;IAAetB,cAAcuB,aAAAA;GAAe;AAC3F,QAAME,SAASjH,UAASgH,UAAU,KAAA;AAClC,SAAOC;AAOT;AA/DgB7B;AAsEhB,SAASC,iBAAiBtC,KAAe;AACvCA,QAAMY,aAAaZ,GAAAA;AACnB,MAAI,CAACA,IAAIgB,KAAK,CAAChB,IAAIiB,GAAG;AACpB,UAAM,IAAIpD,MAAM,6CAAA;EAClB;AAGA,QAAMmD,IAAIhE,YAAWgD,IAAIgB,EAAEmD,QAAQ,OAAO,GAAA,EAAKA,QAAQ,OAAO,GAAA,EAAKA,QAAQ,OAAO,EAAA,GAAK,WAAA;AACvF,QAAMlD,IAAIjE,YAAWgD,IAAIiB,EAAEkD,QAAQ,OAAO,GAAA,EAAKA,QAAQ,OAAO,GAAA,EAAKA,QAAQ,OAAO,EAAA,GAAK,WAAA;AAEvF,SAAO,OAAOlH,UAAS+D,GAAG,KAAA,IAAS/D,UAASgE,GAAG,KAAA;AACjD;AAXSqB;AAkBT,SAASC,kBAAkBvC,KAAe;AACxCA,QAAMY,aAAaZ,GAAAA;AACnB,MAAI,CAACA,IAAIgB,GAAG;AACV,UAAM,IAAInD,MAAM,oCAAA;EAClB;AAGA,QAAMmD,IAAIhE,YAAWgD,IAAIgB,EAAEmD,QAAQ,OAAO,GAAA,EAAKA,QAAQ,OAAO,GAAA,EAAKA,QAAQ,OAAO,EAAA,GAAK,WAAA;AAEvF,SAAOlH,UAAS+D,GAAG,KAAA;AACrB;AAVSuB;AAiBT,SAASC,kBAAkBxC,KAAe;AACxCA,QAAMY,aAAaZ,GAAAA;AACnB,MAAI,CAACA,IAAIoB,GAAG;AACV,UAAM,IAAIvD,MAAM,sCAAA;EAClB;AAGA,QAAMgB,MAAM7B,YAAWgD,IAAIoB,EAAE+C,QAAQ,OAAO,GAAA,EAAKA,QAAQ,OAAO,GAAA,EAAKA,QAAQ,OAAO,EAAA,GAAK,WAAA;AAEzF,SAAOlH,UAAS4B,KAAK,KAAA;AACvB;AAVS2D;AAYF,SAAS4B,8BAA8B9E,eAAqB;AACjE,MAAI,CAAC,oBAAoB+E,KAAK/E,aAAAA,GAAgB;AAC5C,UAAM,IAAIzB,MAAM,4CAAA;EAClB;AAEA,QAAMyG,OAAO3B,WAAWC,KAAK2B,OAAO3B,KAAKtD,eAAe,KAAA,CAAA;AACxD,QAAMkF,MAAMC,sBAAOC,aAAaJ,IAAAA;AAEhC,SAAOC,OAAO3B,KAAK4B,GAAAA,EAAKvH,SAAS,KAAA;AACnC;AATgBmH;AAiBT,IAAMO,kBAAkB,wBAAC3G,MAAgB4G,gBAAAA;AAC9C,SAAOA,cACHA,cACAC,aAAajH,SAASI,IAAAA,IACpBmB,UAAU2F,YACVzF,aAAazB,SAASI,IAAAA,IACpBmB,UAAUC,aACVG;AACV,GAR+B;AAgB/B,IAAMwF,wBAAwB,wBAACC,QAAgBC,sBAAAA;AAC7C,MAAIC,MAAMC,QAAQF,iBAAAA,GAAoB;AACpC,QAAI,CAACA,kBAAkBrH,SAASoH,OAAOjC,MAAM,GAAG;AAC9C,YAAMlF,MACJ,iEAAiEyD,KAAKC,UAAU0D,iBAAAA,CAAAA,eAC9ED,OAAOjC,MAAM,YACHiC,MAAAA,EAAQ;IAExB;EACF,WAAWA,OAAOjC,WAAWkC,mBAAmB;AAC9C,UAAMpH,MAAM,4DAA4DoH,iBAAAA,eAAgCD,OAAOjC,MAAM,YAAYiC,MAAAA,EAAQ;EAC3I;AACF,GAZ8B;AAoB9B,IAAM/C,iBAAiB,wBAAC+C,QAAgBrD,SAAAA;AACtC,QAAM,EAAEzC,IAAG,IAAKyC,QAAQ,CAAC;AACzBxE,SAAOiI,MAAM,0BAA0BJ,MAAAA,aAAmBA,OAAOjC,MAAM,EAAE;AACzE,MAAIpB,MAAMxB,cAAc;AACtB4E,0BAAsBC,QAAQ;MAAC;KAAG;EACpC,OAAO;AACLD,0BAAsBC,QAAQ;MAAC;MAAI;KAAI;EACzC;AAEA,QAAMK,aAAY,IAAIC,gBAAAA,QAASC,GAAG,WAAA;AAClC,QAAMC,WAAWxI,YAAWgI,QAAQ,QAAA;AACpC,QAAMS,UAAU9D,MAAMxB,eAAekF,WAAUK,eAAeF,QAAAA,IAAYH,WAAUM,cAAcH,QAAAA;AAClG,QAAMI,WAAWH,QAAQI,UAAS;AAElC,SAAOjF,aAAa;IAClBkF,KAAKC,wCAAuBC;IAC5B,GAAI9G,QAAQK,UAAa;MAAEL;IAAI;IAC/B4B,KAAKmF,4BAAWC;IAChBnF,KAAKe,2BAAUuD;IACfrE,OAAGmF,gCAAYP,SAASQ,KAAI,EAAGnJ,SAAS,KAAA,EAAOoJ,SAAS,IAAI,GAAA,GAAM,WAAA;IAClEpF,OAAGkF,gCAAYP,SAASU,KAAI,EAAGrJ,SAAS,KAAA,EAAOoJ,SAAS,IAAI,GAAA,GAAM,WAAA;IAClE,GAAI1E,MAAMxB,gBAAgB;MAAEoG,OAAGJ,gCAAYV,QAAQe,WAAW,KAAA,GAAQ,WAAA;IAAa;EACrF,CAAA;AACF,GAvBuB;AA+BvB,IAAMtE,iBAAiB,wBAAC8C,QAAgBrD,SAAAA;AACtC,QAAM,EAAEzC,IAAG,IAAKyC,QAAQ,CAAC;AACzBxE,SAAOiI,MAAM,0BAA0BJ,MAAAA,aAAmBA,OAAOjC,MAAM,EAAE;AACzE,MAAIpB,MAAMxB,cAAc;AACtB4E,0BAAsBC,QAAQ;MAAC;KAAG;EACpC,OAAO;AACLD,0BAAsBC,QAAQ;MAAC;MAAI;KAAI;EACzC;AAEA,QAAMyB,YAAY,IAAInB,gBAAAA,QAASC,GAAG,MAAA;AAClC,QAAMC,WAAWxI,YAAWgI,QAAQ,QAAA;AACpC7H,SAAOiI,MAAM,oBAAoBI,QAAAA,EAAU;AAC3C,QAAMC,UAAU9D,MAAMxB,eAAesG,UAAUf,eAAeF,QAAAA,IAAYiB,UAAUd,cAAcH,QAAAA;AAClG,QAAMI,WAAWH,QAAQI,UAAS;AAClC,SAAOjF,aAAa;IAClBkF,KAAKC,wCAAuBW;IAC5B,GAAIxH,QAAQK,UAAa;MAAEL;IAAI;IAC/B4B,KAAKmF,4BAAWC;IAChBnF,KAAKe,2BAAU6E;IACf3F,OAAGmF,gCAAYP,SAASQ,KAAI,EAAGnJ,SAAS,KAAA,EAAOoJ,SAAS,IAAI,GAAA,GAAM,WAAA;IAClEpF,OAAGkF,gCAAYP,SAASU,KAAI,EAAGrJ,SAAS,KAAA,EAAOoJ,SAAS,IAAI,GAAA,GAAM,WAAA;IAClE,GAAI1E,MAAMxB,gBAAgB;MAAEoG,OAAGJ,gCAAYV,QAAQe,WAAW,KAAA,GAAQ,WAAA;IAAa;EACrF,CAAA;AACF,GAvBuB;AA+BvB,IAAM3E,uBAAuB,wBAC3B5B,cACA0B,SAAAA;AAKAoD,wBAAsB9E,cAAc,EAAA;AACpC,QAAM,EAAEf,IAAG,IAAKyC,QAAQ,CAAC;AACzB,SAAOf,aAAa;IAClBkF,KAAKC,wCAAuBa;IAC5B,GAAI1H,QAAQK,UAAa;MAAEL;IAAI;IAC/B4B,KAAKmF,4BAAWY;IAChB9F,KAAKY,MAAMZ,OAAOe,2BAAUC;IAC5Bf,OAAGmF,gCAAYlG,cAAc,WAAA;EAC/B,CAAA;AACF,GAhB6B;AAkB7B,IAAMkC,WAAW,wBAAClC,cAAsB0B,SAAAA;AACtC,WAASmF,iBAAiBC,WAAiB;AACzC,UAAMrE,QAAQ6B,OAAO3B,KAAKmE,WAAW,KAAA;AACrC,QAAIC,SAAS;AAGb,QAAItE,MAAMsE,QAAAA,MAAc,GAAM,OAAM,IAAInJ,MAAM,gBAAA;AAC9C,QAAIgF,MAAMH,MAAMsE,QAAAA;AAChB,QAAInE,MAAM,KAAM;AACd,YAAMoE,SAASpE,MAAM;AACrBA,YAAM;AACN,eAASqE,IAAI,GAAGA,IAAID,QAAQC,KAAK;AAC/BrE,eAAOA,OAAO,KAAKH,MAAMsE,QAAAA;MAC3B;IACF;AAIA,QAAItE,MAAMsE,MAAAA,MAAY,GAAM;AAE1B,UAAItE,MAAMsE,QAAAA,MAAc,GAAM,OAAM,IAAInJ,MAAM,0BAAA;AAC9C,UAAIsJ,SAASzE,MAAMsE,QAAAA;AACnB,UAAIG,SAAS,KAAM;AACjB,cAAMC,KAAKD,SAAS;AACpBA,iBAAS;AACT,iBAASD,IAAI,GAAGA,IAAIE,IAAIF,IAAKC,WAAUA,UAAU,KAAKzE,MAAMsE,QAAAA;MAC9D;AACAA,gBAAUG;AAGV,UAAIzE,MAAMsE,QAAAA,MAAc,EAAM,OAAM,IAAInJ,MAAM,qBAAA;AAC9C,UAAIwJ,SAAS3E,MAAMsE,QAAAA;AACnB,UAAIK,SAAS,KAAM;AACjB,cAAMD,KAAKC,SAAS;AACpBA,iBAAS;AACT,iBAASH,IAAI,GAAGA,IAAIE,IAAIF,IAAKG,WAAUA,UAAU,KAAK3E,MAAMsE,QAAAA;MAC9D;AAEAA,gBAAU;AAGV,UAAItE,MAAMsE,QAAAA,MAAc,GAAM,OAAM,IAAInJ,MAAM,yBAAA;AAC9C,UAAIyJ,WAAW5E,MAAMsE,QAAAA;AACrB,UAAIM,WAAW,KAAM;AACnB,cAAMF,KAAKE,WAAW;AACtBA,mBAAW;AACX,iBAASJ,IAAI,GAAGA,IAAIE,IAAIF,IAAKI,aAAYA,YAAY,KAAK5E,MAAMsE,QAAAA;MAClE;IACF;AAGA,QAAItE,MAAMsE,QAAAA,MAAc,EAAM,OAAM,IAAInJ,MAAM,8BAAA;AAC9C,QAAI0J,SAAS7E,MAAMsE,QAAAA;AACnB,QAAIO,SAAS,KAAM;AACjB,YAAMH,KAAKG,SAAS;AACpBA,eAAS;AACT,eAASL,IAAI,GAAGA,IAAIE,IAAIF,IAAKK,WAAUA,UAAU,KAAK7E,MAAMsE,QAAAA;IAC9D;AACA,QAAIjD,eAAerB,MAAM8E,MAAMR,QAAQA,SAASO,MAAAA;AAChDP,cAAUO;AAGV,QAAIxD,aAAa,CAAA,MAAO,GAAM;AAC5BA,qBAAeA,aAAayD,MAAM,CAAA;IACpC;AAGA,QAAI9E,MAAMsE,QAAAA,MAAc,EAAM,OAAM,IAAInJ,MAAM,+BAAA;AAC9C,QAAI4J,SAAS/E,MAAMsE,QAAAA;AACnB,QAAIS,SAAS,KAAM;AACjB,YAAML,KAAKK,SAAS;AACpBA,eAAS;AACT,eAASP,IAAI,GAAGA,IAAIE,IAAIF,IAAKO,WAAUA,UAAU,KAAK/E,MAAMsE,QAAAA;IAC9D;AACA,UAAMhD,gBAAgBtB,MAAM8E,MAAMR,QAAQA,SAASS,MAAAA;AAEnD,WAAO;MACLC,SAAS3D,aAAa9G,SAAS,KAAA;MAC/B0K,UAAU3D,cAAc/G,SAAS,KAAA;IACnC;EACF;AA/ES6J;AAiFT,QAAM/H,OAAO4C,MAAM9C,KAAKE;AACxB,MAAIA,MAAM6I,gBAAgB7I,MAAM8I,cAAc;AAC5C,QAAI9I,MAAM6I,cAAc;AACtB,aAAO7I,KAAK6I;IACd;AACA,UAAMC,eAAe9I,MAAM8I,oBAAgBC,6BAAS7H,cAAc,QAAA;AAClE,UAAMD,UAAM+H,6BAASF,cAAc,QAAA;AACnC,WAAO7H;EACT;AAEA,QAAM,EAAE0H,SAASC,SAAQ,IAAKb,iBAAiB7G,YAAAA;AAC/C,QAAM+H,YAAYpH,aAAa;IAC7BE,KAAK;IACLK,OAAGgF,gCAAYuB,SAAS,WAAA;IACxBxG,OAAGiF,gCAAYwB,UAAU,WAAA;EAC3B,CAAA;AACA,SAAOK;AACT,GAnGiB;AAqGV,IAAMC,UAAU,wBAACtJ,SAAAA;AACtB,QAAM,EAAE0C,KAAI,IAAK1C;AACjB,QAAMuJ,OAAOvJ,KAAKuJ,QAAQ;AAC1B,QAAMC,YAAYxJ,KAAKwJ,aAAa;AACpC,MAAI9G,KAAK0B,UAAUmF,MAAM;AACvB,WAAO7G;EACT;AAEA,MAAI8G,aAAaA,UAAUpF,WAAW,GAAG;AACvC,UAAMlF,MAAM,iDAAiD;EAC/D;AACA,QAAMkF,SAASoF,UAAUpF;AACzB,SAAOoF,UAAUC,QAAQF,OAAO7G,KAAK0B,UAAUA,MAAAA,IAAU1B;AAC3D,GAbuB;AAqBvB,IAAMgH,MAAmC;EACvC,CAAA,CAAA,GAAqB,IAAIC,WAAW;IAAC;IAAM;IAAM;IAAM;IAAM;IAAM;IAAM;IAAM;IAAM;GAAK;EAC1F,CAAA,CAAA,GAAqB,IAAIA,WAAW;IAAC;IAAM;IAAM;IAAM;IAAM;IAAM;IAAM;IAAM;IAAM;IAAM;GAAK;EAChG,CAAA,CAAA,GAAmB,IAAIA,WAAW;IAAC;IAAM;IAAM;IAAM;IAAM;GAAK;AAClE;AAEA,IAAMC,qBAAqB,wBAACC,GAAeC,MAAAA;AACzC,MAAID,EAAEE,WAAWD,EAAEC,QAAQ;AACzB,WAAO;EACT;AACA,WAASC,IAAI,GAAGA,IAAIH,EAAEE,QAAQC,KAAK;AACjC,QAAIH,EAAEG,CAAAA,MAAOF,EAAEE,CAAAA,GAAI;AACjB,aAAO;IACT;EACF;AACA,SAAO;AACT,GAV2B;AAY3B,IAAMC,eAAe,wBAACC,UAAsBC,WAAAA;AAC1C,WAASH,IAAI,GAAGA,KAAKE,SAASH,SAASI,OAAOJ,QAAQC,KAAK;AACzD,QAAIJ,mBAAmBM,SAASE,SAASJ,GAAGA,IAAIG,OAAOJ,MAAM,GAAGI,MAAAA,GAAS;AACvE,aAAOH;IACT;EACF;AACA,SAAO;AACT,GAPqB;AASrB,IAAMK,eAAe,wBAACC,YAAAA;AACpB,UAAQA,SAAAA;IACN,KAAK;AACH,aAAOZ,IAAG,CAAA;IACZ,KAAK;AACH,aAAOA,IAAG,CAAA;IACZ,KAAK;AACH,aAAOA,IAAG,CAAA;IACZ;AACE,YAAM,IAAIa,MAAM,yBAAyBD,OAAAA,EAAS;EACtD;AACF,GAXqB;AAad,IAAME,YAAY,wBAACC,QAA6BA,IAAI,CAAA,MAAO,IAAzC;AAElB,IAAMC,wBAAwB,wBAACC,QAAoBL,YAAAA;AACxD,MAAI,CAACE,UAAUG,MAAAA,GAAS;AACtB,UAAM,IAAIJ,MAAM,2DAAA;EAClB;AAEA,MAAIK,QAAQ;AACZ,MAAID,OAAO,CAAA,IAAK,KAAM;AACpB,UAAME,mBAAmBF,OAAO,CAAA,IAAK;AACrCC,aAASC;EACX;AACA,QAAMC,YAAYT,aAAaC,OAAAA;AAC/B,QAAMS,WAAWd,aAAaU,QAAQG,SAAAA;AACtC,MAAIC,aAAa,IAAI;AACnB,UAAM,IAAIR,MAAM,WAAWD,OAAAA,4BAAmC;EAChE;AAEAM,UAAQG,WAAWD,UAAUf;AAE7B,SAAOa,QAAQD,OAAOZ,UAAUY,OAAOC,KAAAA,MAAW,GAAM;AACtDA;EACF;AAEA,MAAIA,SAASD,OAAOZ,QAAQ;AAC1B,UAAM,IAAIQ,MAAM,4CAAA;EAClB;AAGAK,WAAS;AAGTA;AAEA,SAAOD,OAAOK,MAAMJ,KAAAA;AACtB,GAjCqC;AAmC9B,IAAMK,2BAA2B,wBAACR,QAA6BA,IAAIV,WAAW,OAAOU,IAAI,CAAA,MAAO,KAAQA,IAAI,CAAA,MAAO,IAAlF;AAEjC,IAAMS,8BAA8B,wBAACC,cAA0Bb,YAAAA;AACpE,MAAIW,yBAAyBE,YAAAA,GAAe;AAC1C,WAAOC,wBAAwBD,YAAAA;EACjC;AAEA,MAAIb,YAAY,eAAeA,YAAY,aAAa;AACtD,QAAIa,aAAa,CAAA,MAAO,KAAQA,aAAapB,WAAW,IAAI;AAC1D,YAAMsB,cAAcF,aAAaH,MAAM,GAAG,EAAA;AAC1C,YAAMM,cAAcH,aAAaH,MAAM,EAAA;AACvC,YAAMO,SAAS,IAAI5B,WAAW;QAAC2B,YAAY,EAAA,IAAM,MAAM,IAAI,IAAO;OAAK;AACvE,YAAME,YAAYJ,wBAAwB,IAAIzB,WAAW;WAAI4B;WAAWF;OAAY,CAAA;AACpFI,aAAOC,MAAM,wBAAwBN,wBAAwBD,YAAAA,CAAAA,OAAoBK,SAAAA,EAAW;AAC5F,aAAOA;IACT;AACA,WAAOG,UAASR,cAAc,QAAA;EAChC,WAAWb,YAAY,WAAW;AAEhC,WAAOqB,UAASR,cAAc,QAAA;EAChC;AAEA,QAAM,IAAIZ,MAAM,yBAAyBD,OAAAA,EAAS;AACpD,GArB2C;AAuBpC,IAAMc,0BAA0B,wBAACQ,UAA8BD,UAASC,OAAO,QAAA,GAA/C;AAEhC,IAAMC,4BAA4B,8BAAOC,SAAAA;AAC9C,QAAM,EAAErB,IAAG,IAAKqB;AAChB,SAAOC,8BAA8B;IAAEC,MAAMvB,IAAIuB;EAAK,CAAA;AACxD,GAHyC;AAKlC,IAAMD,gCAAgC,wBAACD,SAAAA;AAC5C,QAAM,EAAEE,KAAI,IAAKF;AACjB,UAAQE,MAAAA;IACN,KAAK;IACL,KAAK;AACH,aAAOC,wCAAuBC;IAChC,KAAK;AACH,aAAOD,wCAAuBE;IAChC,KAAK;AACH,aAAOF,wCAAuBG;IAChC,KAAK;AACH,aAAOH,wCAAuBI;IAChC,KAAK;AACH,aAAOJ,wCAAuBK;IAChC,KAAK;AACH,aAAOL,wCAAuBM;IAChC;AACE,YAAM,IAAIhC,MAAM,aAAayB,IAAAA,iBAAqB;EACtD;AACF,GAnB6C;AAsBtC,IAAMQ,gCAAgC,wBAACV,SAAAA;AAC5C,QAAM,EAAEW,KAAKC,KAAKC,IAAG,IAAKb;AAE1B,UAAQa,KAAAA;IACN,KAAK;IACL,KAAK;IACL,KAAK;IACL,KAAK;IACL,KAAK;IACL,KAAK;IACL,KAAK;AACH,aAAO;EACX;AAEA,UAAQF,KAAAA;IACN,KAAK;IACL,KAAK;IACL,KAAK;IACL,KAAK;IACL,KAAK;AACH,aAAO;IACT,KAAK;IACL,KAAK;IACL,KAAK;IACL,KAAK;AACH,aAAO;IACT,KAAK;IACL,KAAK;AACH,aAAO;IACT,KAAK;IACL,KAAK;AACH,aAAO;IACT,KAAK;IACL,KAAK;IACL,KAAK;IACL,KAAK;IACL,KAAK;AACH,aAAO;EACX;AACA,MAAIC,KAAK;AACP,WAAOA;EACT;AAEA,QAAM,IAAInC,MAAM,wBAAwBkC,GAAAA,iBAAoB;AAC9D,GA5C6C;AA8CtC,SAASG,YAAeC,KAAY;AACzCC,SAAOC,KAAKF,GAAAA,EAAKG,QAAQ,CAACvC,QAAAA;AACxB,QAAIoC,IAAIpC,GAAAA,KAAQ,OAAOoC,IAAIpC,GAAAA,MAAS,SAAUmC,aAAYC,IAAIpC,GAAAA,CAAI;aACzDoC,IAAIpC,GAAAA,KAAQ,KAAM,QAAOoC,IAAIpC,GAAAA;EACxC,CAAA;AACA,SAAOoC;AACT;AANgBD;AAQT,IAAMK,eAAe,wBAACC,WAAoBC,mBAAAA;AAC/C,MAAIC;AACJ,MAAI,OAAOD,mBAAmB,aAAa;AACzCC,gBAAYD;EACd,WAAW,OAAOE,WAAW,aAAa;AACxCD,gBAAYC;EACd,WAAW,OAAOC,OAAOD,WAAW,aAAa;AAC/CD,gBAAYE,OAAOD;EACrB,OAAO;AAEL,QAAI,OAAOC,OAAOC,QAAQF,QAAQG,WAAW,aAAa;AAExDJ,kBAAYE,OAAOC,OAAOF;IAC5B,OAAO;AACLD,kBAAY,OAAO,QAAA;IACrB;EACF;AACA,MAAIF,WAAW;AACbI,WAAOD,SAASD;EAClB;AAEA,SAAOA;AACT,GAtB4B;AAwBrB,IAAMK,eAAe,wBAACC,UAAAA;AAC3B,QAAMC,WAAW,OAAOD,MAAM,WAAA,MAAiB,aAAaA,MAAM,WAAA,EAAY,IAAM;IAAE,GAAGA;EAAM;AAE/F,QAAME,MAAM;IACV,GAAGD;IACH,GAAIA,SAASE,KAAK;MAAEA,GAAGC,kBAAkBH,SAASE,CAAC;IAAY;IAC/D,GAAIF,SAASI,KAAK;MAAEA,GAAGD,kBAAkBH,SAASI,CAAC;IAAY;IAC/D,GAAIJ,SAASK,KAAK;MAAEA,GAAGF,kBAAkBH,SAASK,CAAC;IAAY;IAC/D,GAAIL,SAASM,KAAK;MAAEA,GAAGH,kBAAkBH,SAASM,CAAC;IAAY;IAC/D,GAAIN,SAASO,KAAK;MAAEA,GAAGJ,kBAAkBH,SAASO,CAAC;IAAY;IAC/D,GAAIP,SAASQ,KAAK;MAAEA,GAAGL,kBAAkBH,SAASQ,CAAC;IAAY;EACjE;AAEA,SAAOvB,YAAYgB,GAAAA;AACrB,GAd4B;AAgB5B,IAAME,oBAAoB,wBAACJ,UAAAA;AACzB,SAAOA,MAAMU,QAAQ,OAAO,GAAA,EAAKA,QAAQ,OAAO,GAAA,EAAKA,QAAQ,OAAO,EAAA;AACtE,GAF0B;AAO1B,eAAsBC,mBAAmB,EACvCC,MACAC,WACA9D,KAAK+D,UACLC,KAAI,GAQL;AAMC,WAASC,oBAAoBC,SAAe;AAE1C,UAAMC,YAAYC,YAAWF,SAAS,WAAA;AAGtC,UAAMG,MAAMnD,UAASiD,WAAW,KAAA;AAChC,WAAOG,OAAO,KAAKD,GAAAA,EAAK;EAC1B;AAPSJ;AAST,MAAI;AACFhD,qBAAAA,SAAM,2BAA2B8C,QAAAA,EAAU;AAC3C,UAAMZ,MAAMH,aAAae,QAAAA;AACzBQ,gBAAYpB,KAAK;MAAEqB,aAAa;IAAK,CAAA;AACrC,UAAM3E,UAAUkC,8BAA8B;MAAEC,KAAKmB,IAAInB;MAAKC,KAAKkB,IAAIlB;MAAKC,KAAKiB,IAAIjB;IAAI,CAAA;AACzF,UAAMuC,eAAe,MAAMC,eAAevB,GAAAA;AAG1C,YAAQtD,SAAAA;MACN,KAAK;AACH,eAAO8E,2BAAUC,OAAOd,WAAWD,MAAMY,cAAc;UAAEI,QAAQ;UAAWC,SAAS;QAAK,CAAA;MAC5F,KAAK;AACH,eAAOC,iBAAKH,OAAOd,WAAWD,MAAMY,cAAc;UAAEI,QAAQ;UAAWC,SAAS;QAAK,CAAA;MACvF,KAAK;AACH,eAAOE,iBAAKJ,OAAOd,WAAWD,MAAMY,cAAc;UAAEI,QAAQ;UAAWC,SAAS;QAAK,CAAA;MACvF,KAAK;AACH,eAAOG,iBAAKL,OAAOd,WAAWD,MAAMY,cAAc;UAAEI,QAAQ;UAAWC,SAAS;QAAK,CAAA;MACvF,KAAK;AACH,eAAOI,uBAAQN,OAAOd,WAAWD,MAAMO,YAAWK,cAAc,KAAA,CAAA;MAClE,KAAK;MACL,KAAK;AACH,eAAOU,2BAAUP,OAAOd,WAAWD,MAAMO,YAAWK,cAAc,KAAA,CAAA;MACpE,KAAK,OAAO;AACV,cAAMW,qBAAqBpB,MAAMqB,gBAAiBlC,IAAIjB,OAA8CV,wCAAuBM;AAC3H,cAAMwD,UACJF,uBAAuB5D,wCAAuB+D,SAASH,uBAAuB5D,wCAAuBgE,QACjGC,qBACAL,uBAAuB5D,wCAAuBkE,SAASN,uBAAuB5D,wCAAuBmE,QACnGC,qBACAC;AACR,gBAAQT,oBAAAA;UACN,KAAK5D,wCAAuBsE;AAC1B,mBAAWC,iBAAanB,OACtB;cACEpB,GAAGS,oBAAoBd,IAAIK,CAAC;cAC5BC,GAAGQ,oBAAoBd,IAAIM,CAAC;YAC9B,GACAI,MACAC,SAAAA;UAEJ,KAAKtC,wCAAuBkE;AAC1B,mBAAWM,iBAAapB,OACtB;cACEpB,GAAGS,oBAAoBd,IAAIK,CAAC;cAC5BC,GAAGQ,oBAAoBd,IAAIM,CAAC;YAC9B,GACAI,MACAC,SAAAA;UAEJ,KAAKtC,wCAAuB+D;AAC1B,mBAAWU,iBAAarB,OACtB;cACEpB,GAAGS,oBAAoBd,IAAIK,CAAC;cAC5BC,GAAGQ,oBAAoBd,IAAIM,CAAC;YAC9B,GACAI,MACAC,SAAAA;UAEJ,KAAKtC,wCAAuBM;UAC5B,KAAKN,wCAAuBmE;UAC5B,KAAKnE,wCAAuBgE;AAC1B,gBAAI,OAAO5C,WAAW,eAAe,OAAOA,OAAOG,WAAW,aAAa;AACzE,oBAAM/C,MAAM,UAAMkG,6CAAyB/C,KAAK,SAAA;AAChD,oBAAMgD,aACJf,uBAAuB5D,wCAAuBM,QAAQ,KAAKsD,uBAAuB5D,wCAAuBmE,QAAQ,KAAK;AACxH,qBAAO/C,OAAOG,OAAO6B,OAAO;gBAAEwB,MAAM;gBAAWC,MAAMf;gBAASa;cAAW,GAAGnG,KAAK8D,WAAWD,IAAAA;YAC9F;AAGAyC,oBAAQC,KAAK,2EAA2E;AACxF,mBAAWC,QAAIlB,SAAamB,SAAKnB,OAAAA,CAAAA,EAAUV,OACzC;cACEpB,GAAGS,oBAAoBd,IAAIK,CAAC;cAC5BC,GAAGQ,oBAAoBd,IAAIM,CAAC;YAC9B,GACAI,MACAC,SAAAA;QAEN;MACF;IACF;AAEA,UAAMhE,MAAM,kDAAkDD,OAAAA,EAAS;EACzE,SAAS6G,OAAY;AACnB1F,WAAO0F,MAAM,UAAUA,KAAAA,EAAO;AAC9B,UAAMA;EACR;AACF;AAlHsB9C;AA+HtB,SAAS+C,WAAWC,OAAmBC,QAAc;AACnD,QAAMC,QAAQF,MAAMC,MAAAA;AACpB,MAAIC,QAAQ,KAAM;AAChB,WAAO;MAAExH,QAAQwH;MAAOC,aAAa;IAAE;EACzC;AACA,QAAMC,WAAWF,QAAQ;AACzB,MAAIxH,SAAS;AACb,WAASC,IAAI,GAAGA,IAAIyH,UAAUzH,KAAK;AACjCD,aAAUA,UAAU,IAAKsH,MAAMC,SAAS,IAAItH,CAAAA;EAC9C;AACA,SAAO;IAAED;IAAQyH,aAAa,IAAIC;EAAS;AAC7C;AAXSL;AAoBF,SAASM,QAAQC,UAAoB;AAC1C,MAAIA,SAAS,CAAA,MAAO,IAAM;AACxB,UAAM,IAAIpH,MAAM,gCAAA;EAClB;AAGA,QAAM,EAAEiH,aAAaI,cAAa,IAAKR,WAAWO,UAAU,CAAA;AAC5D,QAAME,iBAAiB,IAAID;AAC3B,QAAME,WAAWH,SAASE,cAAAA;AAG1B,MAAIC,aAAa,GAAM;AACrB,WAAOH;EACT;AAGA,MAAIG,aAAa,IAAM;AACrB,UAAM,IAAIvH,MAAM,wCAAA;EAClB;AAGA,QAAM,EAAER,QAAQgI,QAAQP,aAAaQ,YAAW,IAAKZ,WAAWO,UAAUE,iBAAiB,CAAA;AAC3F,QAAMI,eAAe,IAAID;AACzB,QAAME,WAAWL,iBAAiBI,eAAeF;AAGjD,MAAIJ,SAASO,QAAAA,MAAc,GAAM;AAC/B,UAAM,IAAI3H,MAAM,iCAAA;EAClB;AAEA,QAAM,EAAER,QAAQoI,WAAWX,aAAaY,eAAc,IAAKhB,WAAWO,UAAUO,WAAW,CAAA;AAC3F,QAAMG,kBAAkB,IAAID;AAC5B,QAAME,cAAcJ,WAAWG;AAG/B,QAAME,aAAaZ,SAASW,WAAAA;AAC5B,MAAIC,eAAe,GAAM;AACvB,UAAM,IAAIhI,MAAM,2BAA2BgI,UAAAA,EAAY;EACzD;AAGA,QAAMC,aAAaF,cAAc;AACjC,QAAMG,WAAWN,YAAY;AAE7B,SAAOR,SAAS3G,MAAMwH,YAAYA,aAAaC,QAAAA;AACjD;AA7CgBf;AAsDT,SAASgB,eAAexD,cAAoB;AACjD,QAAMyD,QAAQjB,QAAQ7C,YAAWK,cAAc,KAAA,CAAA;AAC/C,SAAOvD,UAASgH,OAAO,KAAA;AACzB;AAHgBD;;;AIhmChB,IAAAE,oBAeO;AAGA,SAASC,aAAaC,SAAqB;AAChD,QAAM,EAAEC,SAASC,SAASC,KAAKC,KAAKC,QAAQC,KAAK,GAAGC,KAAAA,IAASP;AAC7D,SAAOQ,YAAY;IACjB,GAAGD;IACHD,KAAKG,cAAcH,GAAAA;IACnB,GAAIH,OAAO;MAAEA,KAAKO,gBAAgBP,GAAAA;IAAK;IACvC,GAAID,WAAW;MAAEA,SAASA,QAAQS,IAAIC,sBAAAA;IAAwB;IAC9D,GAAIR,OAAO;MAAEA,KAAKS,uBAAuBT,GAAAA;IAAK;IAC9C,GAAIC,UAAU;MAAES,IAAIT;IAAO;IAC3B,GAAIJ,WAAW;MAAEc,KAAKd;IAAQ;EAChC,CAAA;AACF;AAXgBF;AAaT,SAASiB,aAAaC,KAAQ;AACnC,QAAM,EAAEF,KAAKb,SAASC,KAAKC,KAAKU,IAAIR,KAAK,GAAGC,KAAAA,IAASU;AAErD,SAAOT,YAAY;IACjB,GAAGD;IACHD,KAAKY,cAAcZ,GAAAA;IACnB,GAAIH,OAAO;MAAEA,KAAKgB,gBAAgBhB,GAAAA;IAAK;IACvC,GAAID,WAAW;MAAEA,SAASA,QAAQS,IAAIS,sBAAAA;IAAwB;IAC9D,GAAIhB,OAAO;MAAEA,KAAKiB,uBAAuBjB,GAAAA;IAAK;IAC9C,GAAIU,MAAM;MAAET,QAAQS;IAAG;IACvB,GAAIC,OAAO;MAAEd,SAASc;IAAI;EAE5B,CAAA;AACF;AAbgBC;AAeT,SAASP,cAAcH,KAAiB;AAC7C,UAAQA,KAAAA;IACN,KAAKgB,+BAAaC;AAChB,aAAOC,6BAAWC;IACpB,KAAKH,+BAAaI;AAChB,aAAOF,6BAAWE;IACpB,KAAKJ,+BAAaK;AAChB,aAAOH,6BAAWI;IACpB,KAAKN,+BAAaO;AAChB,aAAOL,6BAAWK;IACpB;AACE,YAAMC,MAAM,YAAYxB,GAAAA,uBAA0B;EACtD;AACF;AAbgBG;AAeT,SAASS,cAAcZ,KAAkC;AAC9D,UAAQA,KAAAA;IACN,KAAK;AACH,aAAOgB,+BAAaC;IACtB,KAAK;AACH,aAAOD,+BAAaI;IACtB,KAAK;AACH,aAAOJ,+BAAaK;IACtB,KAAK;AACH,aAAOL,+BAAaO;IACtB;AACE,YAAMC,MAAM,YAAYxB,GAAAA,wBAA2B;EACvD;AACF;AAbgBY;AAeT,SAASL,uBAAuBkB,SAAgC;AACrE,UAAQA,SAAAA;IACN,KAAKC,0CAAwBC;AAC3B,aAAOC,yCAAuBD;IAChC,KAAKD,0CAAwBG;AAC3B,aAAOD,yCAAuBC;IAChC,KAAKH,0CAAwBI;AAC3B,aAAOF,yCAAuBE;IAChC,KAAKJ,0CAAwBK;AAC3B,aAAOH,yCAAuBG;IAChC,KAAKL,0CAAwBM;AAC3B,aAAOJ,yCAAuBI;IAChC,KAAKN,0CAAwBO;AAC3B,aAAOL,yCAAuBK;IAChC,KAAKP,0CAAwBQ;AAC3B,aAAON,yCAAuBM;IAChC,KAAKR,0CAAwBS;AAC3B,aAAOP,yCAAuBO;IAChC,KAAKT,0CAAwBU;AAC3B,aAAOR,yCAAuBQ;IAChC,KAAKV,0CAAwBW;AAC3B,aAAOT,yCAAuBS;IAChC,KAAKX,0CAAwBY;AAC3B,aAAOV,yCAAuBU;IAChC;AACE,YAAMd,MAAM,uBAAuBC,OAAAA,wBAA+B;EACtE;AACF;AA3BgBlB;AA6BT,SAASQ,uBAAuBwB,SAA8D;AACnG,UAAQA,SAAAA;IACN,KAAKX,yCAAuBD;IAC5B,KAAK;AACH,aAAOD,0CAAwBC;IACjC,KAAKC,yCAAuBC;IAC5B,KAAK;AACH,aAAOH,0CAAwBG;IACjC,KAAKD,yCAAuBE;IAC5B,KAAK;AACH,aAAOJ,0CAAwBI;IACjC,KAAKF,yCAAuBG;IAC5B,KAAK;AACH,aAAOL,0CAAwBK;IACjC,KAAKH,yCAAuBI;IAC5B,KAAK;AACH,aAAON,0CAAwBM;IACjC,KAAKJ,yCAAuBK;IAC5B,KAAK;AACH,aAAOP,0CAAwBO;IACjC,KAAKL,yCAAuBM;IAC5B,KAAK;AACH,aAAOR,0CAAwBQ;IACjC,KAAKN,yCAAuBO;IAC5B,KAAK;AACH,aAAOT,0CAAwBS;IACjC,KAAKP,yCAAuBQ;IAC5B,KAAK;AACH,aAAOV,0CAAwBU;IACjC,KAAKR,yCAAuBS;IAC5B,KAAK;AACH,aAAOX,0CAAwBW;IACjC,KAAKT,yCAAuBU;IAC5B,KAAK;AACH,aAAOZ,0CAAwBY;IACjC;AACE,YAAMd,MAAM,uBAAuBe,OAAAA,wBAA+B;EACtE;AACF;AAtCgBxB;AAwCT,SAASD,uBAAuB0B,OAAgD;AACrF,UAAQA,OAAAA;IACN,KAAKC,mCAAiBC;IACtB,KAAK;AACH,aAAOC,oCAAkBD;IAC3B,KAAKD,mCAAiBG;IACtB,KAAK;AACH,aAAOD,oCAAkBC;IAC3B,KAAKH,mCAAiBI;IACtB,KAAK;AACH,aAAOF,oCAAkBE;IAC3B,KAAKJ,mCAAiBK;IACtB,KAAK;AACH,aAAOH,oCAAkBG;IAC3B,KAAKL,mCAAiBM;IACtB,KAAK;AACH,aAAOJ,oCAAkBI;IAC3B,KAAKN,mCAAiBO;IACtB,KAAK;AACH,aAAOL,oCAAkBK;IAC3B,KAAKP,mCAAiBQ;IACtB,KAAK;AACH,aAAON,oCAAkBM;IAC3B,KAAKR,mCAAiBS;IACtB,KAAK;AACH,aAAOP,oCAAkBO;IAC3B;AACE,YAAM1B,MAAM,iBAAiBgB,KAAAA,wBAA6B;EAC9D;AACF;AA7BgB1B;AA+BT,SAASR,uBAAuBkC,OAAwB;AAC7D,UAAQA,OAAAA;IACN,KAAKG,oCAAkBD;AACrB,aAAOD,mCAAiBC;IAC1B,KAAKC,oCAAkBC;AACrB,aAAOH,mCAAiBG;IAC1B,KAAKD,oCAAkBE;AACrB,aAAOJ,mCAAiBI;IAC1B,KAAKF,oCAAkBG;AACrB,aAAOL,mCAAiBK;IAC1B,KAAKH,oCAAkBI;AACrB,aAAON,mCAAiBM;IAC1B,KAAKJ,oCAAkBK;AACrB,aAAOP,mCAAiBO;IAC1B,KAAKL,oCAAkBM;AACrB,aAAOR,mCAAiBQ;IAC1B,KAAKN,oCAAkBO;AACrB,aAAOT,mCAAiBS;IAC1B;AACE,YAAM1B,MAAM,iBAAiBgB,KAAAA,wBAA6B;EAC9D;AACF;AArBgBlC;AAuBT,SAASO,gBAAgBsC,OAAkC;AAChE,UAAQA,OAAAA;IACN,MAAMC,4BAAUC,OAAO;AACrB,aAAOC,6BAAWD;IACpB,MAAMD,4BAAUG,OAAO;AACrB,aAAOD,6BAAWC;IACpB,MAAMH,4BAAUI,OAAO;AACrB,aAAOF,6BAAWE;IACpB,MAAMJ,4BAAUK,QAAQ;AACtB,aAAOH,6BAAWG;IACpB,MAAML,4BAAUM,MAAM;AACpB,aAAOJ,6BAAWI;IACpB,MAAMN,4BAAUO,SAAS;AACvB,aAAOL,6BAAWK;IACpB,MAAMP,4BAAUQ,OAAO;AACrB,aAAON,6BAAWM;IACpB,MAAMR,4BAAUS,WAAW;AACzB,aAAOP,6BAAWO;IACpB;AACE,YAAMrC,MAAM,SAAS2B,KAAAA,wBAA6B;EACtD;AACF;AArBgBtC;AAuBT,SAAST,gBAAgB+C,OAAiB;AAC/C,UAAQA,OAAAA;IACN,KAAKG,6BAAWD;AACd,aAAOD,4BAAUC;IACnB,KAAKC,6BAAWC;AACd,aAAOH,4BAAUG;IACnB,KAAKD,6BAAWE;AACd,aAAOJ,4BAAUI;IACnB,KAAKF,6BAAWG;AACd,aAAOL,4BAAUK;IACnB,KAAKH,6BAAWI;AACd,aAAON,4BAAUM;IACnB,KAAKJ,6BAAWK;AACd,aAAOP,4BAAUO;IACnB,KAAKL,6BAAWM;AACd,aAAOR,4BAAUQ;IACnB,KAAKN,6BAAWO;AACd,aAAOT,4BAAUS;IACnB;AACE,YAAMrC,MAAM,SAAS2B,KAAAA,wBAA6B;EACtD;AACF;AArBgB/C;","names":["import_ed25519","u8a","fromString","toString","SupportedEncodings","u8a","digestMethodParams","hashAlgorithm","digestMethod","sha256DigestMethod","hash","sha256","sha384DigestMethod","sha384","sha512DigestMethod","sha512","shaHasher","input","alg","includes","Uint8Array","encoding","textEncoder","TextEncoder","textDecoder","TextDecoder","check","value","description","optional","Error","assertObject","validateJwk","jwk","opts","crvOptional","kty","crv","x","y","e","n","minimalJwk","jwkJcsEncode","strippedJwk","encode","jcsCanonicalize","jwkJcsDecode","bytes","JSON","parse","decode","stringify","object","buffer","serialize","toJSON","Array","isArray","next","forEach","element","Object","keys","sort","property","JWK_JCS_PUB_NAME","JWK_JCS_PUB_PREFIX","Key","JwkKeyUse","SIG_KEY_ALGS","ENC_KEY_ALGS","fromString","toString","u8a","logger","Loggers","DEFAULT","get","getKms","context","kms","agent","availableMethods","includes","Error","keyManagerGetDefaultKeyManagementSystem","generatePrivateKeyHex","type","keyPairEd25519","generateSigningKeyPair","secretKey","privateBytes","randomBytes","pem","generateRSAKeyAsPEM","privateKeyHexFromPEM","keyMetaAlgorithmsFromKeyType","importProvidedOrGeneratedKey","args","options","key","keyType","meta","providerName","x509","use","JwkKeyUse","Encryption","ENC_KEY_ALGS","privateKeyHex","undefined","trim","privateKeyPEM","keyManagerImport","keyManagerCreate","algorithms","keyAlias","alias","calculateJwkThumbprintForKey","jwk","publicKeyHex","toJwk","isPrivateKey","kid","calculateJwkThumbprint","digestAlgorithm","assertJwkClaimPresent","value","description","toBase64url","input","sanitizedJwk","components","kty","crv","x","y","e","n","k","data","JSON","stringify","digestMethodParams","digestMethod","toJwkFromKey","opts","noKidThumbprint","toEd25519OrX25519Jwk","JoseCurve","Ed25519","X25519","toSecp256k1Jwk","toSecp256r1Jwk","toRSAJwk","jwkToRawHexKey","rsaJwkToRawHexKey","ecJwkToRawHexKey","okpJwkToRawHexKey","octJwkToRawHexKey","encodeInteger","bytes","Uint8Array","from","len","encodeLength","length","of","hex","lenBytes","match","map","h","parseInt","encodeSequence","elements","content","reduce","acc","elm","base64UrlToBytes","b64url","modulusBytes","exponentBytes","sequence","result","replace","x25519PublicHexFromPrivateHex","test","priv","Buffer","pub","x25519","getPublicKey","jwkDetermineUse","suppliedUse","SIG_KEY_ALGS","Signature","assertProperKeyLength","keyHex","expectedKeyLength","Array","isArray","debug","secp256k1","elliptic","ec","keyBytes","keyPair","keyFromPrivate","keyFromPublic","pubPoint","getPublic","alg","JoseSignatureAlgorithm","ES256K","JwkKeyType","EC","hexToBase64","getX","padStart","getY","d","getPrivate","secp256r1","ES256","P_256","EdDSA","OKP","parseDerIntegers","pubKeyHex","offset","nBytes","i","algLen","nB","bitLen","innerLen","modLen","slice","expLen","modulus","exponent","publicKeyJwk","publicKeyPEM","hexToPEM","PEMToJwk","sanitized","padLeft","size","padString","repeat","OID","Uint8Array","compareUint8Arrays","a","b","length","i","findSubarray","haystack","needle","subarray","getTargetOID","keyType","Error","isAsn1Der","key","asn1DerToRawPublicKey","derKey","index","lengthBytesCount","targetOid","oidIndex","slice","isRawCompressedPublicKey","toRawCompressedHexPublicKey","rawPublicKey","hexStringFromUint8Array","xCoordinate","yCoordinate","prefix","resultKey","logger","debug","toString","value","signatureAlgorithmFromKey","args","signatureAlgorithmFromKeyType","type","JoseSignatureAlgorithm","EdDSA","ES256","ES384","ES512","ES256K","PS256","keyTypeFromCryptographicSuite","crv","kty","alg","removeNulls","obj","Object","keys","forEach","globalCrypto","setGlobal","suppliedCrypto","webcrypto","crypto","global","window","subtle","sanitizedJwk","input","inputJwk","jwk","x","base64ToBase64Url","y","d","n","e","k","replace","verifyRawSignature","data","signature","inputKey","opts","jwkPropertyToBigInt","jwkProp","byteArray","fromString","hex","BigInt","validateJwk","crvOptional","publicKeyHex","jwkToRawHexKey","secp256k1","verify","format","prehash","p256","p384","p521","ed25519","bls12_381","signatureAlgorithm","signatureAlg","hashAlg","RS512","PS512","sha512","RS384","PS384","sha384","sha256","RS256","PKCS1_SHA256","PKCS1_SHA384","PKCS1_SHA512","cryptoSubtleImportRSAKey","saltLength","name","hash","console","warn","PSS","mgf1","error","readLength","bytes","offset","first","lengthBytes","numBytes","toPkcs1","derBytes","outerLenBytes","outerHeaderLen","innerTag","algLen","algLenBytes","algHeaderLen","algIdEnd","bitStrLen","bitStrLenBytes","bitStrHeaderLen","bitStrStart","unusedBits","pkcs1Start","pkcs1Len","toPkcs1FromHex","pkcs1","import_ssi_types","coseKeyToJwk","coseKey","x5chain","key_ops","crv","alg","baseIV","kty","rest","removeNulls","coseToJoseKty","coseToJoseCurve","map","coseToJoseKeyOperation","coseToJoseSignatureAlg","iv","x5c","jwkToCoseKey","jwk","joseToCoseKty","joseToCoseCurve","joseToCoseKeyOperation","joseToCoseSignatureAlg","ICoseKeyType","EC2","JwkKeyType","EC","RSA","Symmetric","oct","OKP","Error","coseAlg","ICoseSignatureAlgorithm","ES256K","JoseSignatureAlgorithm","ES256","ES384","ES512","PS256","PS384","PS512","HS256","HS384","HS512","EdDSA","joseAlg","keyOp","JoseKeyOperation","SIGN","ICoseKeyOperation","VERIFY","ENCRYPT","DECRYPT","WRAP_KEY","UNWRAP_KEY","DERIVE_KEY","DERIVE_BITS","curve","JoseCurve","P_256","ICoseCurve","P_384","P_521","X25519","X448","Ed25519","Ed448","secp256k1"]}

package/dist/index.d.cts CHANGED Viewed

@@ -20,7 +20,6 @@ declare enum JwkKeyUse {
 declare const SIG_KEY_ALGS: string[];
 declare const ENC_KEY_ALGS: string[];
 type KeyVisibility = 'public' | 'private';
-type DigestAlgorithm = 'SHA-256' | 'sha256' | 'SHA-384' | 'sha384' | 'SHA-512' | 'sha512';
 interface X509Opts {
     cn?: string;
     privateKeyPEM?: string;
@@ -87,7 +86,7 @@ declare const toBase64url: (input: string) => string;
  */
 declare const calculateJwkThumbprint: (args: {
     jwk: JWK;
-    digestAlgorithm?: DigestAlgorithm;
+    digestAlgorithm?: "sha256" | "sha512";
 }) => string;
 declare const toJwkFromKey: (key: IKey | MinimalImportableKey | ManagedKeyInfo, opts?: {
     use?: JwkKeyUse;
@@ -143,7 +142,6 @@ declare const keyTypeFromCryptographicSuite: (args: KeyTypeFromCryptographicSuit
 declare function removeNulls<T>(obj: T | any): any;
 declare const globalCrypto: (setGlobal: boolean, suppliedCrypto?: Crypto) => Crypto;
 declare const sanitizedJwk: (input: JWK | JsonWebKey) => JWK;
-declare const base64ToBase64Url: (input: string) => string;
 /**
  *
  */
@@ -171,12 +169,6 @@ declare function toPkcs1(derBytes: Uint8Array): Uint8Array;
  * @returns DER‐encoded PKCS#1 RSAPublicKey in hex
  */
 declare function toPkcs1FromHex(publicKeyHex: string): any;
-declare function joseAlgorithmToDigest(alg: string): DigestAlgorithm;
-declare function isHash(input: string): boolean;
-declare function isHashString(input: Uint8Array): boolean;
-type HashAlgorithm = 'SHA-256' | 'sha256' | 'SHA-384' | 'sha384' | 'SHA-512' | 'sha512';
-declare function normalizeHashAlgorithm(alg?: HashAlgorithm): 'SHA-256' | 'SHA-384' | 'SHA-512';
-declare function isSameHash(left: HashAlgorithm, right: HashAlgorithm): boolean;
 declare function coseKeyToJwk(coseKey: ICoseKeyJson): JWK;
 declare function jwkToCoseKey(jwk: JWK): ICoseKeyJson;
@@ -229,12 +221,13 @@ declare function jwkJcsDecode(bytes: ByteView<JsonWebKey$1>): JsonWebKey$1;
 declare function jcsCanonicalize(object: any): string;
 declare const SupportedEncodings: any;
+type HashAlgorithm = 'SHA-256' | 'SHA-384' | 'SHA-512';
 type TDigestMethod = (input: string, encoding?: typeof SupportedEncodings) => string;
-declare const digestMethodParams: (hashAlgorithm: DigestAlgorithm) => {
-    hashAlgorithm: DigestAlgorithm;
+declare const digestMethodParams: (hashAlgorithm: HashAlgorithm) => {
+    hashAlgorithm: HashAlgorithm;
     digestMethod: TDigestMethod;
     hash: (data: Uint8Array) => Uint8Array;
 };
 declare const shaHasher: HasherSync;
-export { type DigestAlgorithm, ENC_KEY_ALGS, type HashAlgorithm, type IImportProvidedOrGeneratedKeyArgs, type IKeyOpts, JWK_JCS_PUB_NAME, JWK_JCS_PUB_PREFIX, JwkKeyUse, Key, type KeyTypeFromCryptographicSuiteArgs, type KeyVisibility, SIG_KEY_ALGS, type SignatureAlgorithmFromKeyArgs, type SignatureAlgorithmFromKeyTypeArgs, type TDigestMethod, type TKeyType, type X509Opts, asn1DerToRawPublicKey, base64ToBase64Url, calculateJwkThumbprint, calculateJwkThumbprintForKey, coseKeyToJwk, coseToJoseCurve, coseToJoseKeyOperation, coseToJoseKty, coseToJoseSignatureAlg, digestMethodParams, generatePrivateKeyHex, getKms, globalCrypto, hexStringFromUint8Array, importProvidedOrGeneratedKey, isAsn1Der, isHash, isHashString, isRawCompressedPublicKey, isSameHash, jcsCanonicalize, joseAlgorithmToDigest, joseToCoseCurve, joseToCoseKeyOperation, joseToCoseKty, joseToCoseSignatureAlg, jwkDetermineUse, jwkJcsDecode, jwkJcsEncode, jwkToCoseKey, jwkToRawHexKey, keyTypeFromCryptographicSuite, logger, minimalJwk, normalizeHashAlgorithm, padLeft, removeNulls, rsaJwkToRawHexKey, sanitizedJwk, shaHasher, signatureAlgorithmFromKey, signatureAlgorithmFromKeyType, toBase64url, toJwk, toJwkFromKey, toPkcs1, toPkcs1FromHex, toRawCompressedHexPublicKey, validateJwk, verifyRawSignature, x25519PublicHexFromPrivateHex };
+export { ENC_KEY_ALGS, type HashAlgorithm, type IImportProvidedOrGeneratedKeyArgs, type IKeyOpts, JWK_JCS_PUB_NAME, JWK_JCS_PUB_PREFIX, JwkKeyUse, Key, type KeyTypeFromCryptographicSuiteArgs, type KeyVisibility, SIG_KEY_ALGS, type SignatureAlgorithmFromKeyArgs, type SignatureAlgorithmFromKeyTypeArgs, type TDigestMethod, type TKeyType, type X509Opts, asn1DerToRawPublicKey, calculateJwkThumbprint, calculateJwkThumbprintForKey, coseKeyToJwk, coseToJoseCurve, coseToJoseKeyOperation, coseToJoseKty, coseToJoseSignatureAlg, digestMethodParams, generatePrivateKeyHex, getKms, globalCrypto, hexStringFromUint8Array, importProvidedOrGeneratedKey, isAsn1Der, isRawCompressedPublicKey, jcsCanonicalize, joseToCoseCurve, joseToCoseKeyOperation, joseToCoseKty, joseToCoseSignatureAlg, jwkDetermineUse, jwkJcsDecode, jwkJcsEncode, jwkToCoseKey, jwkToRawHexKey, keyTypeFromCryptographicSuite, logger, minimalJwk, padLeft, removeNulls, rsaJwkToRawHexKey, sanitizedJwk, shaHasher, signatureAlgorithmFromKey, signatureAlgorithmFromKeyType, toBase64url, toJwk, toJwkFromKey, toPkcs1, toPkcs1FromHex, toRawCompressedHexPublicKey, validateJwk, verifyRawSignature, x25519PublicHexFromPrivateHex };