npm - @sphereon/ssi-sdk.ebsi-support - Versions diffs - 0.36.1-feature.SSISDK.82.and.SSISDK.70.35 → 0.36.1-next.11 - Mend

@sphereon/ssi-sdk.ebsi-support 0.36.1-feature.SSISDK.82.and.SSISDK.70.35 → 0.36.1-next.11

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (9) hide show

package/dist/index.cjs +2 -3
package/dist/index.cjs.map +1 -1
package/dist/index.d.cts +1 -2
package/dist/index.d.ts +1 -2
package/dist/index.js +2 -3
package/dist/index.js.map +1 -1
package/package.json +24 -24
package/src/functions/Attestation.ts +1 -2
package/src/types/IEbsiSupport.ts +1 -2

package/dist/index.cjs.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"sources":["../plugin.schema.json","../src/index.ts","../src/agent/EbsiSupport.ts","../src/did/functions.ts","../src/functions/Attestation.ts","../src/functions/AttestationHeadlessCallbacks.ts","../src/functions/index.ts","../src/did/services/EbsiRestService.ts","../src/did/services/EbsiRPCService.ts","../src/did/types.ts","../src/types/IEbsiSupport.ts","../src/did/EbsiDidProvider.ts","../src/did/EbsiDidResolver.ts"],"sourcesContent":["{\n \"IEBSIAuthorizationClient\": {\n \"components\": {\n \"schemas\": {\n \"EBSIAuthAccessTokenGetArgs\": {\n \"type\": \"object\",\n \"properties\": {\n \"vc\": {\n \"type\": \"string\"\n },\n \"definitionId\": {\n \"$ref\": \"#/components/schemas/ScopeByDefinition\"\n },\n \"did\": {\n \"type\": \"string\"\n },\n \"kid\": {\n \"type\": \"string\"\n },\n \"scope\": {\n \"$ref\": \"#/components/schemas/EBSIScope\"\n },\n \"apiOpts\": {\n \"$ref\": \"#/components/schemas/Optional<ApiOpts,\\\"version\\\">\"\n }\n },\n \"required\": [\"vc\", \"definitionId\", \"did\", \"kid\", \"scope\", \"apiOpts\"]\n },\n \"ScopeByDefinition\": {\n \"type\": \"string\",\n \"enum\": [\"didr_invite\", \"didr_write\", \"tir_invite\", \"tir_write\", \"timestamp_write\", \"tnt_authorise\", \"tnt_create\", \"tnt_write\"]\n },\n \"EBSIScope\": {\n \"type\": \"string\",\n \"enum\": [\n \"didr_write\",\n \"didr_invite\",\n \"tir_write\",\n \"tir_invite\",\n \"timestamp_write\",\n \"tnt_authorise\",\n \"tnt_create\",\n \"tnt_write\",\n \"did_authn\"\n ],\n \"description\": \"The OpenID scope\"\n },\n \"Optional<ApiOpts,\\\"version\\\">\": {\n \"type\": \"object\",\n \"properties\": {\n \"environment\": {\n \"$ref\": \"#/components/schemas/EbsiEnvironment\"\n },\n \"version\": {\n \"$ref\": \"#/components/schemas/EbsiApiVersion\"\n }\n }\n },\n \"EbsiEnvironment\": {\n \"type\": \"string\",\n \"enum\": [\"pilot\", \"conformance\", \"conformance-test\"]\n },\n \"EbsiApiVersion\": {\n \"type\": \"string\",\n \"enum\": [\"v3\", \"v4\", \"v5\"]\n },\n \"GetAccessTokenResponse\": {\n \"anyOf\": [\n {\n \"$ref\": \"#/components/schemas/GetAccessTokenSuccessResponse\"\n },\n {\n \"$ref\": \"#/components/schemas/ExceptionResponse\"\n }\n ]\n },\n \"GetAccessTokenSuccessResponse\": {\n \"type\": \"object\",\n \"properties\": {\n \"access_token\": {\n \"type\": \"string\"\n },\n \"token_type\": {\n \"$ref\": \"#/components/schemas/TokenType\"\n },\n \"expires_in\": {\n \"type\": \"number\"\n },\n \"scope\": {\n \"$ref\": \"#/components/schemas/EBSIScope\"\n },\n \"id_token\": {\n \"type\": \"string\"\n },\n \"apiOpts\": {\n \"$ref\": \"#/components/schemas/ApiOpts\"\n }\n },\n \"required\": [\"access_token\", \"token_type\", \"scope\", \"id_token\", \"apiOpts\"]\n },\n \"TokenType\": {\n \"type\": \"string\",\n \"const\": \"Bearer\"\n },\n \"ApiOpts\": {\n \"type\": \"object\",\n \"properties\": {\n \"environment\": {\n \"$ref\": \"#/components/schemas/EbsiEnvironment\"\n },\n \"version\": {\n \"$ref\": \"#/components/schemas/EbsiApiVersion\"\n }\n },\n \"required\": [\"version\"]\n },\n \"ExceptionResponse\": {\n \"type\": \"object\",\n \"properties\": {\n \"type\": {\n \"type\": \"string\"\n },\n \"title\": {\n \"type\": \"string\"\n },\n \"status\": {\n \"type\": \"number\"\n },\n \"detail\": {\n \"type\": \"string\"\n },\n \"instance\": {\n \"type\": \"string\"\n }\n }\n },\n \"GetOIDProviderJwksResponse\": {\n \"anyOf\": [\n {\n \"$ref\": \"#/components/schemas/GetOIDProviderJwksSuccessResponse\"\n },\n {\n \"$ref\": \"#/components/schemas/ExceptionResponse\"\n }\n ]\n },\n \"GetOIDProviderJwksSuccessResponse\": {\n \"type\": \"object\",\n \"properties\": {\n \"keys\": {\n \"type\": \"array\",\n \"items\": {\n \"$ref\": \"#/components/schemas/JWK\"\n }\n }\n },\n \"required\": [\"keys\"]\n },\n \"JWK\": {\n \"type\": \"object\",\n \"properties\": {\n \"alg\": {\n \"type\": \"string\",\n \"description\": \"JWK \\\"alg\\\" (Algorithm) Parameter.\"\n },\n \"crv\": {\n \"type\": \"string\"\n },\n \"d\": {\n \"type\": \"string\"\n },\n \"dp\": {\n \"type\": \"string\"\n },\n \"dq\": {\n \"type\": \"string\"\n },\n \"e\": {\n \"type\": \"string\"\n },\n \"ext\": {\n \"type\": \"boolean\",\n \"description\": \"JWK \\\"ext\\\" (Extractable) Parameter.\"\n },\n \"k\": {\n \"type\": \"string\"\n },\n \"key_ops\": {\n \"type\": \"array\",\n \"items\": {\n \"type\": \"string\"\n },\n \"description\": \"JWK \\\"key_ops\\\" (Key Operations) Parameter.\"\n },\n \"kid\": {\n \"type\": \"string\",\n \"description\": \"JWK \\\"kid\\\" (Key ID) Parameter.\"\n },\n \"kty\": {\n \"type\": \"string\",\n \"description\": \"JWK \\\"kty\\\" (Key Type) Parameter.\"\n },\n \"n\": {\n \"type\": \"string\"\n },\n \"oth\": {\n \"type\": \"array\",\n \"items\": {\n \"type\": \"object\",\n \"properties\": {\n \"d\": {\n \"type\": \"string\"\n },\n \"r\": {\n \"type\": \"string\"\n },\n \"t\": {\n \"type\": \"string\"\n }\n }\n }\n },\n \"p\": {\n \"type\": \"string\"\n },\n \"q\": {\n \"type\": \"string\"\n },\n \"qi\": {\n \"type\": \"string\"\n },\n \"use\": {\n \"type\": \"string\",\n \"description\": \"JWK \\\"use\\\" (Public Key Use) Parameter.\"\n },\n \"x\": {\n \"type\": \"string\"\n },\n \"y\": {\n \"type\": \"string\"\n },\n \"x5c\": {\n \"type\": \"array\",\n \"items\": {\n \"type\": \"string\"\n },\n \"description\": \"JWK \\\"x5c\\\" (X.509 Certificate Chain) Parameter.\"\n },\n \"x5t\": {\n \"type\": \"string\",\n \"description\": \"JWK \\\"x5t\\\" (X.509 Certificate SHA-1 Thumbprint) Parameter.\"\n },\n \"x5t#S256\": {\n \"type\": \"string\",\n \"description\": \"\\\"x5t#S256\\\" (X.509 Certificate SHA-256 Thumbprint) Parameter.\"\n },\n \"x5u\": {\n \"type\": \"string\",\n \"description\": \"JWK \\\"x5u\\\" (X.509 URL) Parameter.\"\n }\n },\n \"additionalProperties\": {},\n \"description\": \"JSON Web Key ( {@link https://www.rfc-editor.org/rfc/rfc7517 \| JWK } ). \\\"RSA\\\", \\\"EC\\\", \\\"OKP\\\", and \\\"oct\\\" key types are supported.\"\n },\n \"GetPresentationDefinitionArgs\": {\n \"type\": \"object\",\n \"properties\": {\n \"scope\": {\n \"$ref\": \"#/components/schemas/EBSIScope\"\n },\n \"apiOpts\": {\n \"$ref\": \"#/components/schemas/ApiOpts\"\n }\n },\n \"required\": [\"scope\"]\n },\n \"GetPresentationDefinitionResponse\": {\n \"$ref\": \"#/components/schemas/GetPresentationDefinitionSuccessResponse\"\n },\n \"GetPresentationDefinitionSuccessResponse\": {\n \"type\": \"object\",\n \"properties\": {\n \"format\": {\n \"$ref\": \"#/components/schemas/Format\"\n },\n \"id\": {\n \"type\": \"string\"\n },\n \"name\": {\n \"type\": \"string\"\n },\n \"purpose\": {\n \"type\": \"string\"\n },\n \"submission_requirements\": {\n \"type\": \"array\",\n \"items\": {\n \"$ref\": \"#/components/schemas/SubmissionRequirement\"\n }\n },\n \"input_descriptors\": {\n \"type\": \"array\",\n \"items\": {\n \"$ref\": \"#/components/schemas/InputDescriptorV2\"\n }\n },\n \"frame\": {\n \"type\": \"object\"\n }\n },\n \"required\": [\"id\", \"input_descriptors\"]\n },\n \"Format\": {\n \"type\": \"object\",\n \"properties\": {\n \"jwt\": {\n \"$ref\": \"#/components/schemas/JwtObject\"\n },\n \"jwt_vc\": {\n \"$ref\": \"#/components/schemas/JwtObject\"\n },\n \"jwt_vc_json\": {\n \"$ref\": \"#/components/schemas/JwtObject\"\n },\n \"jwt_vp\": {\n \"$ref\": \"#/components/schemas/JwtObject\"\n },\n \"jwt_vp_json\": {\n \"$ref\": \"#/components/schemas/JwtObject\"\n },\n \"ldp\": {\n \"$ref\": \"#/components/schemas/LdpObject\"\n },\n \"ldp_vc\": {\n \"$ref\": \"#/components/schemas/LdpObject\"\n },\n \"ldp_vp\": {\n \"$ref\": \"#/components/schemas/LdpObject\"\n },\n \"di\": {\n \"$ref\": \"#/components/schemas/DiObject\"\n },\n \"di_vc\": {\n \"$ref\": \"#/components/schemas/DiObject\"\n },\n \"di_vp\": {\n \"$ref\": \"#/components/schemas/DiObject\"\n },\n \"dc+sd-jwt\": {\n \"$ref\": \"#/components/schemas/SdJwtObject\"\n }\n }\n },\n \"JwtObject\": {\n \"type\": \"object\",\n \"properties\": {\n \"alg\": {\n \"type\": \"array\",\n \"items\": {\n \"type\": \"string\"\n }\n }\n },\n \"required\": [\"alg\"]\n },\n \"LdpObject\": {\n \"type\": \"object\",\n \"properties\": {\n \"proof_type\": {\n \"type\": \"array\",\n \"items\": {\n \"type\": \"string\"\n }\n }\n },\n \"required\": [\"proof_type\"]\n },\n \"DiObject\": {\n \"type\": \"object\",\n \"properties\": {\n \"proof_type\": {\n \"type\": \"array\",\n \"items\": {\n \"type\": \"string\"\n }\n },\n \"cryptosuite\": {\n \"type\": \"array\",\n \"items\": {\n \"type\": \"string\"\n }\n }\n },\n \"required\": [\"proof_type\", \"cryptosuite\"]\n },\n \"SdJwtObject\": {\n \"type\": \"object\",\n \"properties\": {\n \"sd-jwt_alg_values\": {\n \"type\": \"array\",\n \"items\": {\n \"type\": \"string\"\n }\n },\n \"kb-jwt_alg_values\": {\n \"type\": \"array\",\n \"items\": {\n \"type\": \"string\"\n }\n }\n }\n },\n \"SubmissionRequirement\": {\n \"type\": \"object\",\n \"properties\": {\n \"name\": {\n \"type\": \"string\"\n },\n \"purpose\": {\n \"type\": \"string\"\n },\n \"rule\": {\n \"$ref\": \"#/components/schemas/Rules\"\n },\n \"count\": {\n \"type\": \"number\"\n },\n \"min\": {\n \"type\": \"number\"\n },\n \"max\": {\n \"type\": \"number\"\n },\n \"from\": {\n \"type\": \"string\"\n },\n \"from_nested\": {\n \"type\": \"array\",\n \"items\": {\n \"$ref\": \"#/components/schemas/SubmissionRequirement\"\n }\n }\n },\n \"required\": [\"rule\"]\n },\n \"Rules\": {\n \"type\": \"string\",\n \"enum\": [\"all\", \"pick\"]\n },\n \"InputDescriptorV2\": {\n \"type\": \"object\",\n \"properties\": {\n \"id\": {\n \"type\": \"string\"\n },\n \"name\": {\n \"type\": \"string\"\n },\n \"purpose\": {\n \"type\": \"string\"\n },\n \"format\": {\n \"$ref\": \"#/components/schemas/Format\"\n },\n \"group\": {\n \"type\": \"array\",\n \"items\": {\n \"type\": \"string\"\n }\n },\n \"issuance\": {\n \"type\": \"array\",\n \"items\": {\n \"$ref\": \"#/components/schemas/Issuance\"\n }\n },\n \"constraints\": {\n \"$ref\": \"#/components/schemas/ConstraintsV2\"\n }\n },\n \"required\": [\"id\", \"constraints\"]\n },\n \"Issuance\": {\n \"type\": \"object\",\n \"properties\": {\n \"manifest\": {\n \"type\": \"string\"\n }\n },\n \"additionalProperties\": {}\n },\n \"ConstraintsV2\": {\n \"type\": \"object\",\n \"properties\": {\n \"limit_disclosure\": {\n \"$ref\": \"#/components/schemas/Optionality\"\n },\n \"statuses\": {\n \"$ref\": \"#/components/schemas/Statuses\"\n },\n \"fields\": {\n \"type\": \"array\",\n \"items\": {\n \"$ref\": \"#/components/schemas/FieldV2\"\n }\n },\n \"subject_is_issuer\": {\n \"$ref\": \"#/components/schemas/Optionality\"\n },\n \"is_holder\": {\n \"type\": \"array\",\n \"items\": {\n \"$ref\": \"#/components/schemas/HolderSubject\"\n }\n },\n \"same_subject\": {\n \"type\": \"array\",\n \"items\": {\n \"$ref\": \"#/components/schemas/HolderSubject\"\n }\n }\n }\n },\n \"Optionality\": {\n \"type\": \"string\",\n \"enum\": [\"required\", \"preferred\"]\n },\n \"Statuses\": {\n \"type\": \"object\",\n \"properties\": {\n \"active\": {\n \"$ref\": \"#/components/schemas/PdStatus\"\n },\n \"suspended\": {\n \"$ref\": \"#/components/schemas/PdStatus\"\n },\n \"revoked\": {\n \"$ref\": \"#/components/schemas/PdStatus\"\n }\n }\n },\n \"PdStatus\": {\n \"type\": \"object\",\n \"properties\": {\n \"directive\": {\n \"$ref\": \"#/components/schemas/Directives\"\n }\n }\n },\n \"Directives\": {\n \"type\": \"string\",\n \"enum\": [\"required\", \"allowed\", \"disallowed\"]\n },\n \"FieldV2\": {\n \"type\": \"object\",\n \"properties\": {\n \"id\": {\n \"type\": \"string\"\n },\n \"path\": {\n \"type\": \"array\",\n \"items\": {\n \"type\": \"string\"\n }\n },\n \"purpose\": {\n \"type\": \"string\"\n },\n \"filter\": {\n \"$ref\": \"#/components/schemas/FilterV2\"\n },\n \"predicate\": {\n \"$ref\": \"#/components/schemas/Optionality\"\n },\n \"name\": {\n \"type\": \"string\"\n },\n \"optional\": {\n \"type\": \"boolean\"\n }\n },\n \"required\": [\"path\"]\n },\n \"FilterV2\": {\n \"type\": \"object\",\n \"properties\": {\n \"const\": {\n \"$ref\": \"#/components/schemas/OneOfNumberStringBoolean\"\n },\n \"enum\": {\n \"type\": \"array\",\n \"items\": {\n \"$ref\": \"#/components/schemas/OneOfNumberStringBoolean\"\n }\n },\n \"exclusiveMinimum\": {\n \"$ref\": \"#/components/schemas/OneOfNumberString\"\n },\n \"exclusiveMaximum\": {\n \"$ref\": \"#/components/schemas/OneOfNumberString\"\n },\n \"format\": {\n \"type\": \"string\"\n },\n \"formatMaximum\": {\n \"type\": \"string\"\n },\n \"formatMinimum\": {\n \"type\": \"string\"\n },\n \"formatExclusiveMaximum\": {\n \"type\": \"string\"\n },\n \"formatExclusiveMinimum\": {\n \"type\": \"string\"\n },\n \"minLength\": {\n \"type\": \"number\"\n },\n \"maxLength\": {\n \"type\": \"number\"\n },\n \"minimum\": {\n \"$ref\": \"#/components/schemas/OneOfNumberString\"\n },\n \"maximum\": {\n \"$ref\": \"#/components/schemas/OneOfNumberString\"\n },\n \"not\": {\n \"type\": \"object\"\n },\n \"pattern\": {\n \"type\": \"string\"\n },\n \"type\": {\n \"type\": \"string\"\n },\n \"contains\": {\n \"$ref\": \"#/components/schemas/FilterV2Base\"\n },\n \"items\": {\n \"$ref\": \"#/components/schemas/FilterV2BaseItems\"\n }\n },\n \"required\": [\"type\"]\n },\n \"OneOfNumberStringBoolean\": {\n \"type\": [\"boolean\", \"number\", \"string\"]\n },\n \"OneOfNumberString\": {\n \"type\": [\"number\", \"string\"]\n },\n \"FilterV2Base\": {\n \"type\": \"object\",\n \"properties\": {\n \"const\": {\n \"$ref\": \"#/components/schemas/OneOfNumberStringBoolean\"\n },\n \"enum\": {\n \"type\": \"array\",\n \"items\": {\n \"$ref\": \"#/components/schemas/OneOfNumberStringBoolean\"\n }\n },\n \"exclusiveMinimum\": {\n \"$ref\": \"#/components/schemas/OneOfNumberString\"\n },\n \"exclusiveMaximum\": {\n \"$ref\": \"#/components/schemas/OneOfNumberString\"\n },\n \"format\": {\n \"type\": \"string\"\n },\n \"formatMaximum\": {\n \"type\": \"string\"\n },\n \"formatMinimum\": {\n \"type\": \"string\"\n },\n \"formatExclusiveMaximum\": {\n \"type\": \"string\"\n },\n \"formatExclusiveMinimum\": {\n \"type\": \"string\"\n },\n \"minLength\": {\n \"type\": \"number\"\n },\n \"maxLength\": {\n \"type\": \"number\"\n },\n \"minimum\": {\n \"$ref\": \"#/components/schemas/OneOfNumberString\"\n },\n \"maximum\": {\n \"$ref\": \"#/components/schemas/OneOfNumberString\"\n },\n \"not\": {\n \"type\": \"object\"\n },\n \"pattern\": {\n \"type\": \"string\"\n },\n \"type\": {\n \"type\": \"string\"\n },\n \"contains\": {\n \"$ref\": \"#/components/schemas/FilterV2Base\"\n },\n \"items\": {\n \"$ref\": \"#/components/schemas/FilterV2BaseItems\"\n }\n }\n },\n \"FilterV2BaseItems\": {\n \"type\": \"object\",\n \"properties\": {\n \"const\": {\n \"$ref\": \"#/components/schemas/OneOfNumberStringBoolean\"\n },\n \"enum\": {\n \"type\": \"array\",\n \"items\": {\n \"$ref\": \"#/components/schemas/OneOfNumberStringBoolean\"\n }\n },\n \"exclusiveMinimum\": {\n \"$ref\": \"#/components/schemas/OneOfNumberString\"\n },\n \"exclusiveMaximum\": {\n \"$ref\": \"#/components/schemas/OneOfNumberString\"\n },\n \"format\": {\n \"type\": \"string\"\n },\n \"formatMaximum\": {\n \"type\": \"string\"\n },\n \"formatMinimum\": {\n \"type\": \"string\"\n },\n \"formatExclusiveMaximum\": {\n \"type\": \"string\"\n },\n \"formatExclusiveMinimum\": {\n \"type\": \"string\"\n },\n \"minLength\": {\n \"type\": \"number\"\n },\n \"maxLength\": {\n \"type\": \"number\"\n },\n \"minimum\": {\n \"$ref\": \"#/components/schemas/OneOfNumberString\"\n },\n \"maximum\": {\n \"$ref\": \"#/components/schemas/OneOfNumberString\"\n },\n \"not\": {\n \"type\": \"object\"\n },\n \"pattern\": {\n \"type\": \"string\"\n },\n \"type\": {\n \"type\": \"string\"\n },\n \"contains\": {\n \"$ref\": \"#/components/schemas/FilterV2Base\"\n },\n \"items\": {\n \"$ref\": \"#/components/schemas/FilterV2BaseItems\"\n }\n },\n \"required\": [\"type\"]\n },\n \"HolderSubject\": {\n \"type\": \"object\",\n \"properties\": {\n \"field_id\": {\n \"type\": \"array\",\n \"items\": {\n \"type\": \"string\"\n }\n },\n \"directive\": {\n \"$ref\": \"#/components/schemas/Optionality\"\n }\n },\n \"required\": [\"field_id\", \"directive\"]\n },\n \"GetOIDProviderMetadataResponse\": {\n \"$ref\": \"#/components/schemas/EbsiOpenIDMetadata\"\n },\n \"EbsiOpenIDMetadata\": {\n \"anyOf\": [\n {\n \"type\": \"object\",\n \"properties\": {\n \"presentation_definition_endpoint\": {\n \"type\": \"string\"\n },\n \"authorization_endpoint\": {\n \"anyOf\": [\n {\n \"$ref\": \"#/components/schemas/Schema\"\n },\n {\n \"type\": \"string\"\n }\n ]\n },\n \"issuer\": {\n \"anyOf\": [\n {\n \"$ref\": \"#/components/schemas/ResponseIss\"\n },\n {\n \"type\": \"string\"\n }\n ]\n },\n \"response_types_supported\": {\n \"anyOf\": [\n {\n \"type\": \"array\",\n \"items\": {\n \"$ref\": \"#/components/schemas/ResponseType\"\n }\n },\n {\n \"$ref\": \"#/components/schemas/ResponseType\"\n }\n ]\n },\n \"scopes_supported\": {\n \"anyOf\": [\n {\n \"type\": \"array\",\n \"items\": {\n \"$ref\": \"#/components/schemas/Scope\"\n }\n },\n {\n \"$ref\": \"#/components/schemas/Scope\"\n }\n ]\n },\n \"subject_types_supported\": {\n \"anyOf\": [\n {\n \"type\": \"array\",\n \"items\": {\n \"$ref\": \"#/components/schemas/SubjectType\"\n }\n },\n {\n \"$ref\": \"#/components/schemas/SubjectType\"\n }\n ]\n },\n \"id_token_signing_alg_values_supported\": {\n \"anyOf\": [\n {\n \"type\": \"array\",\n \"items\": {\n \"$ref\": \"#/components/schemas/SigningAlgo\"\n }\n },\n {\n \"$ref\": \"#/components/schemas/SigningAlgo\"\n }\n ]\n },\n \"request_object_signing_alg_values_supported\": {\n \"anyOf\": [\n {\n \"type\": \"array\",\n \"items\": {\n \"$ref\": \"#/components/schemas/SigningAlgo\"\n }\n },\n {\n \"$ref\": \"#/components/schemas/SigningAlgo\"\n }\n ]\n },\n \"subject_syntax_types_supported\": {\n \"type\": \"array\",\n \"items\": {\n \"type\": \"string\"\n }\n },\n \"token_endpoint\": {\n \"type\": \"string\"\n },\n \"userinfo_endpoint\": {\n \"type\": \"string\"\n },\n \"jwks_uri\": {\n \"type\": \"string\"\n },\n \"registration_endpoint\": {\n \"type\": \"string\"\n },\n \"response_modes_supported\": {\n \"anyOf\": [\n {\n \"type\": \"array\",\n \"items\": {\n \"$ref\": \"#/components/schemas/ResponseMode\"\n }\n },\n {\n \"$ref\": \"#/components/schemas/ResponseMode\"\n }\n ]\n },\n \"grant_types_supported\": {\n \"anyOf\": [\n {\n \"type\": \"array\",\n \"items\": {\n \"$ref\": \"#/components/schemas/GrantType\"\n }\n },\n {\n \"$ref\": \"#/components/schemas/GrantType\"\n }\n ]\n },\n \"acr_values_supported\": {\n \"anyOf\": [\n {\n \"type\": \"array\",\n \"items\": {\n \"$ref\": \"#/components/schemas/AuthenticationContextReferences\"\n }\n },\n {\n \"$ref\": \"#/components/schemas/AuthenticationContextReferences\"\n }\n ]\n },\n \"id_token_encryption_alg_values_supported\": {\n \"anyOf\": [\n {\n \"type\": \"array\",\n \"items\": {\n \"$ref\": \"#/components/schemas/SigningAlgo\"\n }\n },\n {\n \"$ref\": \"#/components/schemas/SigningAlgo\"\n }\n ]\n },\n \"id_token_encryption_enc_values_supported\": {\n \"anyOf\": [\n {\n \"type\": \"array\",\n \"items\": {\n \"type\": \"string\"\n }\n },\n {\n \"type\": \"string\"\n }\n ],\n \"description\": \"OPTIONAL. JSON array containing a list of the JWE encryption algorithms (enc values) supported by the OP for the ID Token to encode the Claims in a JWT [JWT].\"\n },\n \"userinfo_signing_alg_values_supported\": {\n \"anyOf\": [\n {\n \"type\": \"array\",\n \"items\": {\n \"$ref\": \"#/components/schemas/SigningAlgo\"\n }\n },\n {\n \"$ref\": \"#/components/schemas/SigningAlgo\"\n }\n ]\n },\n \"userinfo_encryption_alg_values_supported\": {\n \"anyOf\": [\n {\n \"type\": \"array\",\n \"items\": {\n \"$ref\": \"#/components/schemas/SigningAlgo\"\n }\n },\n {\n \"$ref\": \"#/components/schemas/SigningAlgo\"\n }\n ]\n },\n \"userinfo_encryption_enc_values_supported\": {\n \"anyOf\": [\n {\n \"type\": \"array\",\n \"items\": {\n \"type\": \"string\"\n }\n },\n {\n \"type\": \"string\"\n }\n ],\n \"description\": \"OPTIONAL. JSON array containing a list of the JWE encryption algorithms (enc values) [JWA] supported by the UserInfo Endpoint to encode the Claims in a JWT [JWT].\"\n },\n \"request_object_encryption_alg_values_supported\": {\n \"anyOf\": [\n {\n \"type\": \"array\",\n \"items\": {\n \"$ref\": \"#/components/schemas/SigningAlgo\"\n }\n },\n {\n \"$ref\": \"#/components/schemas/SigningAlgo\"\n }\n ]\n },\n \"request_object_encryption_enc_values_supported\": {\n \"anyOf\": [\n {\n \"type\": \"array\",\n \"items\": {\n \"type\": \"string\"\n }\n },\n {\n \"type\": \"string\"\n }\n ],\n \"description\": \"OPTIONAL. JSON array containing a list of the JWE encryption algorithms (enc values) supported by the OP for Request Objects. These algorithms are used both when the Request Object is passed by value and when it is passed by reference.\"\n },\n \"token_endpoint_auth_methods_supported\": {\n \"anyOf\": [\n {\n \"type\": \"array\",\n \"items\": {\n \"$ref\": \"#/components/schemas/TokenEndpointAuthMethod\"\n }\n },\n {\n \"$ref\": \"#/components/schemas/TokenEndpointAuthMethod\"\n }\n ]\n },\n \"token_endpoint_auth_signing_alg_values_supported\": {\n \"anyOf\": [\n {\n \"type\": \"array\",\n \"items\": {\n \"$ref\": \"#/components/schemas/SigningAlgo\"\n }\n },\n {\n \"$ref\": \"#/components/schemas/SigningAlgo\"\n }\n ]\n },\n \"display_values_supported\": {\n \"anyOf\": [\n {\n \"type\": \"array\",\n \"items\": {}\n },\n {}\n ],\n \"description\": \"OPTIONAL. JSON array containing a list of the display parameter values that the OpenID Provider supports. These values are described in Section 3.1.2.1 of OpenID Connect Core 1.0 [OpenID.Core].\"\n },\n \"claim_types_supported\": {\n \"anyOf\": [\n {\n \"type\": \"array\",\n \"items\": {\n \"$ref\": \"#/components/schemas/ClaimType\"\n }\n },\n {\n \"$ref\": \"#/components/schemas/ClaimType\"\n }\n ],\n \"description\": \"OPTIONAL. JSON array containing a list of the Claim Types that the OpenID Provider supports. These Claim Types are described in Section 5.6 of OpenID Connect Core 1.0 [OpenID.Core]. Values defined by this specification are normal, aggregated, and distributed. If omitted, the implementation supports only normal Claims.\"\n },\n \"claims_supported\": {\n \"anyOf\": [\n {\n \"type\": \"array\",\n \"items\": {\n \"type\": \"string\"\n }\n },\n {\n \"type\": \"string\"\n }\n ],\n \"description\": \"RECOMMENDED. JSON array containing a list of the Claim Names of the Claims that the OpenID Provider MAY be able to supply values for. Note that for privacy or other reasons, this might not be an exhaustive list.\"\n },\n \"service_documentation\": {\n \"type\": \"string\"\n },\n \"claims_locales_supported\": {\n \"anyOf\": [\n {\n \"type\": \"array\",\n \"items\": {\n \"type\": \"string\"\n }\n },\n {\n \"type\": \"string\"\n }\n ]\n },\n \"ui_locales_supported\": {\n \"anyOf\": [\n {\n \"type\": \"array\",\n \"items\": {\n \"type\": \"string\"\n }\n },\n {\n \"type\": \"string\"\n }\n ]\n },\n \"claims_parameter_supported\": {\n \"type\": \"boolean\"\n },\n \"request_parameter_supported\": {\n \"type\": \"boolean\"\n },\n \"request_uri_parameter_supported\": {\n \"type\": \"boolean\"\n },\n \"require_request_uri_registration\": {\n \"type\": \"boolean\"\n },\n \"op_policy_uri\": {\n \"type\": \"string\"\n },\n \"op_tos_uri\": {\n \"type\": \"string\"\n },\n \"client_id\": {\n \"type\": \"string\"\n },\n \"redirect_uris\": {\n \"type\": \"array\",\n \"items\": {\n \"type\": \"string\"\n }\n },\n \"client_name\": {\n \"type\": \"string\"\n },\n \"token_endpoint_auth_method\": {\n \"type\": \"string\"\n },\n \"application_type\": {\n \"type\": \"string\"\n },\n \"response_types\": {\n \"type\": \"string\"\n },\n \"grant_types\": {\n \"type\": \"string\"\n },\n \"vp_formats\": {\n \"$ref\": \"#/components/schemas/Format\"\n }\n }\n },\n {\n \"type\": \"object\",\n \"properties\": {\n \"presentation_definition_endpoint\": {\n \"type\": \"string\"\n },\n \"authorization_endpoint\": {\n \"anyOf\": [\n {\n \"$ref\": \"#/components/schemas/Schema\"\n },\n {\n \"type\": \"string\"\n }\n ]\n },\n \"issuer\": {\n \"anyOf\": [\n {\n \"$ref\": \"#/components/schemas/ResponseIss\"\n },\n {\n \"type\": \"string\"\n }\n ]\n },\n \"response_types_supported\": {\n \"anyOf\": [\n {\n \"type\": \"array\",\n \"items\": {\n \"$ref\": \"#/components/schemas/ResponseType\"\n }\n },\n {\n \"$ref\": \"#/components/schemas/ResponseType\"\n }\n ]\n },\n \"scopes_supported\": {\n \"anyOf\": [\n {\n \"type\": \"array\",\n \"items\": {\n \"$ref\": \"#/components/schemas/Scope\"\n }\n },\n {\n \"$ref\": \"#/components/schemas/Scope\"\n }\n ]\n },\n \"subject_types_supported\": {\n \"anyOf\": [\n {\n \"type\": \"array\",\n \"items\": {\n \"$ref\": \"#/components/schemas/SubjectType\"\n }\n },\n {\n \"$ref\": \"#/components/schemas/SubjectType\"\n }\n ]\n },\n \"id_token_signing_alg_values_supported\": {\n \"anyOf\": [\n {\n \"type\": \"array\",\n \"items\": {\n \"$ref\": \"#/components/schemas/SigningAlgo\"\n }\n },\n {\n \"$ref\": \"#/components/schemas/SigningAlgo\"\n }\n ]\n },\n \"request_object_signing_alg_values_supported\": {\n \"anyOf\": [\n {\n \"type\": \"array\",\n \"items\": {\n \"$ref\": \"#/components/schemas/SigningAlgo\"\n }\n },\n {\n \"$ref\": \"#/components/schemas/SigningAlgo\"\n }\n ]\n },\n \"subject_syntax_types_supported\": {\n \"type\": \"array\",\n \"items\": {\n \"type\": \"string\"\n }\n },\n \"token_endpoint\": {\n \"type\": \"string\"\n },\n \"userinfo_endpoint\": {\n \"type\": \"string\"\n },\n \"jwks_uri\": {\n \"type\": \"string\"\n },\n \"registration_endpoint\": {\n \"type\": \"string\"\n },\n \"response_modes_supported\": {\n \"anyOf\": [\n {\n \"type\": \"array\",\n \"items\": {\n \"$ref\": \"#/components/schemas/ResponseMode\"\n }\n },\n {\n \"$ref\": \"#/components/schemas/ResponseMode\"\n }\n ]\n },\n \"grant_types_supported\": {\n \"anyOf\": [\n {\n \"type\": \"array\",\n \"items\": {\n \"$ref\": \"#/components/schemas/GrantType\"\n }\n },\n {\n \"$ref\": \"#/components/schemas/GrantType\"\n }\n ]\n },\n \"acr_values_supported\": {\n \"anyOf\": [\n {\n \"type\": \"array\",\n \"items\": {\n \"$ref\": \"#/components/schemas/AuthenticationContextReferences\"\n }\n },\n {\n \"$ref\": \"#/components/schemas/AuthenticationContextReferences\"\n }\n ]\n },\n \"id_token_encryption_alg_values_supported\": {\n \"anyOf\": [\n {\n \"type\": \"array\",\n \"items\": {\n \"$ref\": \"#/components/schemas/SigningAlgo\"\n }\n },\n {\n \"$ref\": \"#/components/schemas/SigningAlgo\"\n }\n ]\n },\n \"id_token_encryption_enc_values_supported\": {\n \"anyOf\": [\n {\n \"type\": \"array\",\n \"items\": {\n \"type\": \"string\"\n }\n },\n {\n \"type\": \"string\"\n }\n ],\n \"description\": \"OPTIONAL. JSON array containing a list of the JWE encryption algorithms (enc values) supported by the OP for the ID Token to encode the Claims in a JWT [JWT].\"\n },\n \"userinfo_signing_alg_values_supported\": {\n \"anyOf\": [\n {\n \"type\": \"array\",\n \"items\": {\n \"$ref\": \"#/components/schemas/SigningAlgo\"\n }\n },\n {\n \"$ref\": \"#/components/schemas/SigningAlgo\"\n }\n ]\n },\n \"userinfo_encryption_alg_values_supported\": {\n \"anyOf\": [\n {\n \"type\": \"array\",\n \"items\": {\n \"$ref\": \"#/components/schemas/SigningAlgo\"\n }\n },\n {\n \"$ref\": \"#/components/schemas/SigningAlgo\"\n }\n ]\n },\n \"userinfo_encryption_enc_values_supported\": {\n \"anyOf\": [\n {\n \"type\": \"array\",\n \"items\": {\n \"type\": \"string\"\n }\n },\n {\n \"type\": \"string\"\n }\n ],\n \"description\": \"OPTIONAL. JSON array containing a list of the JWE encryption algorithms (enc values) [JWA] supported by the UserInfo Endpoint to encode the Claims in a JWT [JWT].\"\n },\n \"request_object_encryption_alg_values_supported\": {\n \"anyOf\": [\n {\n \"type\": \"array\",\n \"items\": {\n \"$ref\": \"#/components/schemas/SigningAlgo\"\n }\n },\n {\n \"$ref\": \"#/components/schemas/SigningAlgo\"\n }\n ]\n },\n \"request_object_encryption_enc_values_supported\": {\n \"anyOf\": [\n {\n \"type\": \"array\",\n \"items\": {\n \"type\": \"string\"\n }\n },\n {\n \"type\": \"string\"\n }\n ],\n \"description\": \"OPTIONAL. JSON array containing a list of the JWE encryption algorithms (enc values) supported by the OP for Request Objects. These algorithms are used both when the Request Object is passed by value and when it is passed by reference.\"\n },\n \"token_endpoint_auth_methods_supported\": {\n \"anyOf\": [\n {\n \"type\": \"array\",\n \"items\": {\n \"$ref\": \"#/components/schemas/TokenEndpointAuthMethod\"\n }\n },\n {\n \"$ref\": \"#/components/schemas/TokenEndpointAuthMethod\"\n }\n ]\n },\n \"token_endpoint_auth_signing_alg_values_supported\": {\n \"anyOf\": [\n {\n \"type\": \"array\",\n \"items\": {\n \"$ref\": \"#/components/schemas/SigningAlgo\"\n }\n },\n {\n \"$ref\": \"#/components/schemas/SigningAlgo\"\n }\n ]\n },\n \"display_values_supported\": {\n \"anyOf\": [\n {\n \"type\": \"array\",\n \"items\": {}\n },\n {}\n ],\n \"description\": \"OPTIONAL. JSON array containing a list of the display parameter values that the OpenID Provider supports. These values are described in Section 3.1.2.1 of OpenID Connect Core 1.0 [OpenID.Core].\"\n },\n \"claim_types_supported\": {\n \"anyOf\": [\n {\n \"type\": \"array\",\n \"items\": {\n \"$ref\": \"#/components/schemas/ClaimType\"\n }\n },\n {\n \"$ref\": \"#/components/schemas/ClaimType\"\n }\n ],\n \"description\": \"OPTIONAL. JSON array containing a list of the Claim Types that the OpenID Provider supports. These Claim Types are described in Section 5.6 of OpenID Connect Core 1.0 [OpenID.Core]. Values defined by this specification are normal, aggregated, and distributed. If omitted, the implementation supports only normal Claims.\"\n },\n \"claims_supported\": {\n \"anyOf\": [\n {\n \"type\": \"array\",\n \"items\": {\n \"type\": \"string\"\n }\n },\n {\n \"type\": \"string\"\n }\n ],\n \"description\": \"RECOMMENDED. JSON array containing a list of the Claim Names of the Claims that the OpenID Provider MAY be able to supply values for. Note that for privacy or other reasons, this might not be an exhaustive list.\"\n },\n \"service_documentation\": {\n \"type\": \"string\"\n },\n \"claims_locales_supported\": {\n \"anyOf\": [\n {\n \"type\": \"array\",\n \"items\": {\n \"type\": \"string\"\n }\n },\n {\n \"type\": \"string\"\n }\n ]\n },\n \"ui_locales_supported\": {\n \"anyOf\": [\n {\n \"type\": \"array\",\n \"items\": {\n \"type\": \"string\"\n }\n },\n {\n \"type\": \"string\"\n }\n ]\n },\n \"claims_parameter_supported\": {\n \"type\": \"boolean\"\n },\n \"request_parameter_supported\": {\n \"type\": \"boolean\"\n },\n \"request_uri_parameter_supported\": {\n \"type\": \"boolean\"\n },\n \"require_request_uri_registration\": {\n \"type\": \"boolean\"\n },\n \"op_policy_uri\": {\n \"type\": \"string\"\n },\n \"op_tos_uri\": {\n \"type\": \"string\"\n },\n \"client_id\": {\n \"type\": \"string\"\n },\n \"redirect_uris\": {\n \"type\": \"array\",\n \"items\": {\n \"type\": \"string\"\n }\n },\n \"client_name\": {\n \"type\": \"string\"\n },\n \"token_endpoint_auth_method\": {\n \"type\": \"string\"\n },\n \"application_type\": {\n \"type\": \"string\"\n },\n \"response_types\": {\n \"type\": \"string\"\n },\n \"grant_types\": {\n \"type\": \"string\"\n },\n \"vp_formats\": {\n \"$ref\": \"#/components/schemas/Format\"\n },\n \"logo_uri\": {\n \"type\": \"string\"\n },\n \"client_purpose\": {\n \"type\": \"string\"\n }\n }\n },\n {\n \"type\": \"object\",\n \"properties\": {\n \"presentation_definition_endpoint\": {\n \"type\": \"string\"\n },\n \"authorization_endpoint\": {\n \"anyOf\": [\n {\n \"$ref\": \"#/components/schemas/Schema\"\n },\n {\n \"type\": \"string\"\n }\n ]\n },\n \"issuer\": {\n \"anyOf\": [\n {\n \"$ref\": \"#/components/schemas/ResponseIss\"\n },\n {\n \"type\": \"string\"\n }\n ]\n },\n \"response_types_supported\": {\n \"anyOf\": [\n {\n \"type\": \"array\",\n \"items\": {\n \"$ref\": \"#/components/schemas/ResponseType\"\n }\n },\n {\n \"$ref\": \"#/components/schemas/ResponseType\"\n }\n ]\n },\n \"scopes_supported\": {\n \"anyOf\": [\n {\n \"type\": \"array\",\n \"items\": {\n \"$ref\": \"#/components/schemas/Scope\"\n }\n },\n {\n \"$ref\": \"#/components/schemas/Scope\"\n }\n ]\n },\n \"subject_types_supported\": {\n \"anyOf\": [\n {\n \"type\": \"array\",\n \"items\": {\n \"$ref\": \"#/components/schemas/SubjectType\"\n }\n },\n {\n \"$ref\": \"#/components/schemas/SubjectType\"\n }\n ]\n },\n \"id_token_signing_alg_values_supported\": {\n \"anyOf\": [\n {\n \"type\": \"array\",\n \"items\": {\n \"$ref\": \"#/components/schemas/SigningAlgo\"\n }\n },\n {\n \"$ref\": \"#/components/schemas/SigningAlgo\"\n }\n ]\n },\n \"request_object_signing_alg_values_supported\": {\n \"anyOf\": [\n {\n \"type\": \"array\",\n \"items\": {\n \"$ref\": \"#/components/schemas/SigningAlgo\"\n }\n },\n {\n \"$ref\": \"#/components/schemas/SigningAlgo\"\n }\n ]\n },\n \"subject_syntax_types_supported\": {\n \"type\": \"array\",\n \"items\": {\n \"type\": \"string\"\n }\n },\n \"token_endpoint\": {\n \"type\": \"string\"\n },\n \"userinfo_endpoint\": {\n \"type\": \"string\"\n },\n \"jwks_uri\": {\n \"type\": \"string\"\n },\n \"registration_endpoint\": {\n \"type\": \"string\"\n },\n \"response_modes_supported\": {\n \"anyOf\": [\n {\n \"type\": \"array\",\n \"items\": {\n \"$ref\": \"#/components/schemas/ResponseMode\"\n }\n },\n {\n \"$ref\": \"#/components/schemas/ResponseMode\"\n }\n ]\n },\n \"grant_types_supported\": {\n \"anyOf\": [\n {\n \"type\": \"array\",\n \"items\": {\n \"$ref\": \"#/components/schemas/GrantType\"\n }\n },\n {\n \"$ref\": \"#/components/schemas/GrantType\"\n }\n ]\n },\n \"acr_values_supported\": {\n \"anyOf\": [\n {\n \"type\": \"array\",\n \"items\": {\n \"$ref\": \"#/components/schemas/AuthenticationContextReferences\"\n }\n },\n {\n \"$ref\": \"#/components/schemas/AuthenticationContextReferences\"\n }\n ]\n },\n \"id_token_encryption_alg_values_supported\": {\n \"anyOf\": [\n {\n \"type\": \"array\",\n \"items\": {\n \"$ref\": \"#/components/schemas/SigningAlgo\"\n }\n },\n {\n \"$ref\": \"#/components/schemas/SigningAlgo\"\n }\n ]\n },\n \"id_token_encryption_enc_values_supported\": {\n \"anyOf\": [\n {\n \"type\": \"array\",\n \"items\": {\n \"type\": \"string\"\n }\n },\n {\n \"type\": \"string\"\n }\n ],\n \"description\": \"OPTIONAL. JSON array containing a list of the JWE encryption algorithms (enc values) supported by the OP for the ID Token to encode the Claims in a JWT [JWT].\"\n },\n \"userinfo_signing_alg_values_supported\": {\n \"anyOf\": [\n {\n \"type\": \"array\",\n \"items\": {\n \"$ref\": \"#/components/schemas/SigningAlgo\"\n }\n },\n {\n \"$ref\": \"#/components/schemas/SigningAlgo\"\n }\n ]\n },\n \"userinfo_encryption_alg_values_supported\": {\n \"anyOf\": [\n {\n \"type\": \"array\",\n \"items\": {\n \"$ref\": \"#/components/schemas/SigningAlgo\"\n }\n },\n {\n \"$ref\": \"#/components/schemas/SigningAlgo\"\n }\n ]\n },\n \"userinfo_encryption_enc_values_supported\": {\n \"anyOf\": [\n {\n \"type\": \"array\",\n \"items\": {\n \"type\": \"string\"\n }\n },\n {\n \"type\": \"string\"\n }\n ],\n \"description\": \"OPTIONAL. JSON array containing a list of the JWE encryption algorithms (enc values) [JWA] supported by the UserInfo Endpoint to encode the Claims in a JWT [JWT].\"\n },\n \"request_object_encryption_alg_values_supported\": {\n \"anyOf\": [\n {\n \"type\": \"array\",\n \"items\": {\n \"$ref\": \"#/components/schemas/SigningAlgo\"\n }\n },\n {\n \"$ref\": \"#/components/schemas/SigningAlgo\"\n }\n ]\n },\n \"request_object_encryption_enc_values_supported\": {\n \"anyOf\": [\n {\n \"type\": \"array\",\n \"items\": {\n \"type\": \"string\"\n }\n },\n {\n \"type\": \"string\"\n }\n ],\n \"description\": \"OPTIONAL. JSON array containing a list of the JWE encryption algorithms (enc values) supported by the OP for Request Objects. These algorithms are used both when the Request Object is passed by value and when it is passed by reference.\"\n },\n \"token_endpoint_auth_methods_supported\": {\n \"anyOf\": [\n {\n \"type\": \"array\",\n \"items\": {\n \"$ref\": \"#/components/schemas/TokenEndpointAuthMethod\"\n }\n },\n {\n \"$ref\": \"#/components/schemas/TokenEndpointAuthMethod\"\n }\n ]\n },\n \"token_endpoint_auth_signing_alg_values_supported\": {\n \"anyOf\": [\n {\n \"type\": \"array\",\n \"items\": {\n \"$ref\": \"#/components/schemas/SigningAlgo\"\n }\n },\n {\n \"$ref\": \"#/components/schemas/SigningAlgo\"\n }\n ]\n },\n \"display_values_supported\": {\n \"anyOf\": [\n {\n \"type\": \"array\",\n \"items\": {}\n },\n {}\n ],\n \"description\": \"OPTIONAL. JSON array containing a list of the display parameter values that the OpenID Provider supports. These values are described in Section 3.1.2.1 of OpenID Connect Core 1.0 [OpenID.Core].\"\n },\n \"claim_types_supported\": {\n \"anyOf\": [\n {\n \"type\": \"array\",\n \"items\": {\n \"$ref\": \"#/components/schemas/ClaimType\"\n }\n },\n {\n \"$ref\": \"#/components/schemas/ClaimType\"\n }\n ],\n \"description\": \"OPTIONAL. JSON array containing a list of the Claim Types that the OpenID Provider supports. These Claim Types are described in Section 5.6 of OpenID Connect Core 1.0 [OpenID.Core]. Values defined by this specification are normal, aggregated, and distributed. If omitted, the implementation supports only normal Claims.\"\n },\n \"claims_supported\": {\n \"anyOf\": [\n {\n \"type\": \"array\",\n \"items\": {\n \"type\": \"string\"\n }\n },\n {\n \"type\": \"string\"\n }\n ],\n \"description\": \"RECOMMENDED. JSON array containing a list of the Claim Names of the Claims that the OpenID Provider MAY be able to supply values for. Note that for privacy or other reasons, this might not be an exhaustive list.\"\n },\n \"service_documentation\": {\n \"type\": \"string\"\n },\n \"claims_locales_supported\": {\n \"anyOf\": [\n {\n \"type\": \"array\",\n \"items\": {\n \"type\": \"string\"\n }\n },\n {\n \"type\": \"string\"\n }\n ]\n },\n \"ui_locales_supported\": {\n \"anyOf\": [\n {\n \"type\": \"array\",\n \"items\": {\n \"type\": \"string\"\n }\n },\n {\n \"type\": \"string\"\n }\n ]\n },\n \"claims_parameter_supported\": {\n \"type\": \"boolean\"\n },\n \"request_parameter_supported\": {\n \"type\": \"boolean\"\n },\n \"request_uri_parameter_supported\": {\n \"type\": \"boolean\"\n },\n \"require_request_uri_registration\": {\n \"type\": \"boolean\"\n },\n \"op_policy_uri\": {\n \"type\": \"string\"\n },\n \"op_tos_uri\": {\n \"type\": \"string\"\n },\n \"id_token_types_supported\": {\n \"anyOf\": [\n {\n \"type\": \"array\",\n \"items\": {\n \"$ref\": \"#/components/schemas/IdTokenType\"\n }\n },\n {\n \"$ref\": \"#/components/schemas/IdTokenType\"\n }\n ]\n },\n \"vp_formats_supported\": {\n \"$ref\": \"#/components/schemas/Format\"\n }\n }\n }\n ]\n },\n \"Schema\": {\n \"type\": \"string\",\n \"enum\": [\"openid:\", \"openid-vc:\"]\n },\n \"ResponseIss\": {\n \"type\": \"string\",\n \"enum\": [\"https://self-issued.me\", \"https://self-issued.me/v2\", \"https://self-issued.me/v2/openid-vc\"]\n },\n \"ResponseType\": {\n \"type\": \"string\",\n \"enum\": [\"id_token\", \"vp_token\"]\n },\n \"Scope\": {\n \"type\": \"string\",\n \"enum\": [\"openid\", \"openid did_authn\", \"profile\", \"email\", \"address\", \"phone\"]\n },\n \"SubjectType\": {\n \"type\": \"string\",\n \"enum\": [\"public\", \"pairwise\"]\n },\n \"SigningAlgo\": {\n \"type\": \"string\",\n \"enum\": [\"EdDSA\", \"RS256\", \"PS256\", \"ES256\", \"ES256K\"]\n },\n \"ResponseMode\": {\n \"type\": \"string\",\n \"enum\": [\"fragment\", \"form_post\", \"post\", \"direct_post\", \"query\"]\n },\n \"GrantType\": {\n \"type\": \"string\",\n \"enum\": [\"authorization_code\", \"implicit\"]\n },\n \"AuthenticationContextReferences\": {\n \"type\": \"string\",\n \"enum\": [\"phr\", \"phrh\"]\n },\n \"TokenEndpointAuthMethod\": {\n \"type\": \"string\",\n \"enum\": [\"client_secret_post\", \"client_secret_basic\", \"client_secret_jwt\", \"private_key_jwt\"]\n },\n \"ClaimType\": {\n \"type\": \"string\",\n \"enum\": [\"normal\", \"aggregated\", \"distributed\"]\n },\n \"IdTokenType\": {\n \"type\": \"string\",\n \"enum\": [\"subject_signed\", \"attester_signed\"]\n }\n },\n \"methods\": {\n \"ebsiAccessTokenGet\": {\n \"description\": \"\",\n \"arguments\": {\n \"$ref\": \"#/components/schemas/EBSIAuthAccessTokenGetArgs\"\n },\n \"returnType\": {\n \"$ref\": \"#/components/schemas/GetAccessTokenResponse\"\n }\n },\n \"ebsiAuthorizationServerJwks\": {\n \"description\": \"\",\n \"arguments\": {\n \"$ref\": \"#/components/schemas/ApiOpts\"\n },\n \"returnType\": {\n \"$ref\": \"#/components/schemas/GetOIDProviderJwksResponse\"\n }\n },\n \"ebsiPresentationDefinitionGet\": {\n \"description\": \"\",\n \"arguments\": {\n \"$ref\": \"#/components/schemas/GetPresentationDefinitionArgs\"\n },\n \"returnType\": {\n \"$ref\": \"#/components/schemas/GetPresentationDefinitionResponse\"\n }\n },\n \"ebsiWellknownMetadata\": {\n \"description\": \"\",\n \"arguments\": {\n \"$ref\": \"#/components/schemas/ApiOpts\"\n },\n \"returnType\": {\n \"$ref\": \"#/components/schemas/GetOIDProviderMetadataResponse\"\n }\n }\n }\n }\n }\n}\n","import { Loggers, LogLevel, LogMethod } from '@sphereon/ssi-types'\n\nexport const logger = Loggers.DEFAULT.options('sphereon:ebsi-support', {\n defaultLogLevel: LogLevel.DEBUG,\n methods: [LogMethod.CONSOLE, LogMethod.DEBUG_PKG],\n}).get('sphereon:ebsi-support')\nconst schema = require('../plugin.schema.json')\nexport { schema }\nexport { EbsiSupport, ebsiSupportMethods } from './agent/EbsiSupport'\nexport * from './types/IEbsiSupport'\nexport * from './did'\n","import { CreateRequestObjectMode } from '@sphereon/oid4vci-common'\nimport { CredentialMapper, PresentationSubmission } from '@sphereon/ssi-types'\nimport { IAgentPlugin } from '@veramo/core'\nimport fetch from 'cross-fetch'\nimport { CreateEbsiDidOnLedgerResult, CreateEbsiDidParams } from '../did'\nimport { determineWellknownEndpoint, ebsiCreateDidOnLedger as ebsiCreateDidOnLedgerFunction, ebsiGetIssuerMock } from '../did/functions'\nimport { ebsiCreateAttestationAuthRequestURL, ebsiGetAttestation } from '../functions'\nimport {\n ApiOpts,\n EBSIAuthAccessTokenGetArgs,\n EbsiOpenIDMetadata,\n GetAccessTokenResult,\n GetPresentationDefinitionSuccessResponse,\n IRequiredContext,\n schema,\n WellknownOpts,\n} from '../index'\nimport {\n ExceptionResponse,\n GetAccessTokenArgs,\n GetAccessTokenResponse,\n GetOIDProviderJwksResponse,\n GetOIDProviderMetadataResponse,\n GetPresentationDefinitionArgs,\n GetPresentationDefinitionResponse,\n IEbsiSupport,\n} from '../types/IEbsiSupport'\n\nimport { v4 } from 'uuid'\nimport { defaultHasher } from '@sphereon/ssi-sdk.core'\n\nexport const ebsiSupportMethods: Array<string> = [\n 'ebsiCreateDidOnLedger',\n 'ebsiWellknownMetadata',\n 'ebsiAuthorizationServerJwks',\n 'ebsiPresentationDefinitionGet',\n 'ebsiAccessTokenGet',\n 'ebsiCreateAttestationAuthRequestURL',\n 'ebsiGetAttestation',\n]\n\nexport class EbsiSupport implements IAgentPlugin {\n readonly schema = schema.IEbsiSupport\n readonly methods: IEbsiSupport = {\n ebsiCreateDidOnLedger: this.ebsiCreateDidOnLedger.bind(this),\n ebsiWellknownMetadata: this.ebsiWellknownMetadata.bind(this),\n ebsiAuthorizationServerJwks: this.ebsiAuthorizationServerJwks.bind(this),\n ebsiPresentationDefinitionGet: this.ebsiPresentationDefinitionGet.bind(this),\n ebsiAccessTokenGet: this.ebsiAccessTokenGet.bind(this),\n ebsiCreateAttestationAuthRequestURL: ebsiCreateAttestationAuthRequestURL.bind(this),\n ebsiGetAttestation: ebsiGetAttestation.bind(this),\n }\n\n private async ebsiCreateDidOnLedger(args: CreateEbsiDidParams, context: IRequiredContext): Promise<CreateEbsiDidOnLedgerResult> {\n return await ebsiCreateDidOnLedgerFunction(args, context)\n }\n\n private async ebsiWellknownMetadata(args: WellknownOpts): Promise<GetOIDProviderMetadataResponse> {\n const url = determineWellknownEndpoint(args)\n return await (\n await fetch(url, {\n method: 'GET',\n headers: {\n Accept: 'application/json',\n },\n })\n ).json()\n }\n\n private async ebsiAuthorizationServerJwks(args: ApiOpts): Promise<GetOIDProviderJwksResponse \| ExceptionResponse> {\n const discoveryMetadata: EbsiOpenIDMetadata = await this.ebsiWellknownMetadata({\n ...args,\n type: 'openid-configuration',\n })\n return await (\n await fetch(`${discoveryMetadata.jwks_uri}`, {\n method: 'GET',\n headers: {\n Accept: 'application/jwk-set+json',\n },\n })\n ).json()\n }\n\n private async ebsiPresentationDefinitionGet(args: GetPresentationDefinitionArgs): Promise<GetPresentationDefinitionResponse> {\n const { scope, apiOpts, openIDMetadata } = args\n const discoveryMetadata: EbsiOpenIDMetadata =\n openIDMetadata ??\n (await this.ebsiWellknownMetadata({\n ...apiOpts,\n type: 'openid-configuration',\n system: apiOpts?.mock ? 'authorisation' : apiOpts?.system,\n version: apiOpts?.version ?? 'v4',\n }))\n return (await (\n await fetch(`${discoveryMetadata.presentation_definition_endpoint}?scope=openid%20${scope}`, {\n method: 'GET',\n headers: {\n Accept: 'application/json',\n },\n })\n ).json()) satisfies GetPresentationDefinitionSuccessResponse\n }\n\n private async ebsiAccessTokenGet(args: EBSIAuthAccessTokenGetArgs, context: IRequiredContext): Promise<GetAccessTokenResult> {\n const { scope, idOpts, jwksUri, clientId, allVerifiableCredentials, redirectUri, environment, skipDidResolution = false } = args\n const identifier = await context.agent.identifierManagedGetByDid(idOpts)\n console.log(`Getting access token for ${identifier.did}, scope ${scope} and clientId=${clientId}, skipDidResolution=${skipDidResolution}...`)\n const openIDMetadata = await this.ebsiWellknownMetadata({\n environment,\n version: 'v4',\n mock: undefined,\n system: 'authorisation',\n type: 'openid-configuration',\n })\n const definitionResponse = await this.ebsiPresentationDefinitionGet({\n ...args,\n openIDMetadata,\n apiOpts: { environment, version: 'v4', type: 'openid-configuration' },\n })\n const hasInputDescriptors = definitionResponse.input_descriptors.length > 0\n console.log(`PD response`, definitionResponse)\n\n if (!hasInputDescriptors) {\n // Yes EBSI expects VPs without a VC in some situations. This is not according to the PEX spec!\n // They probably should have used SIOP in these cases. We need to go through hoops as our libs do not expect PDs/VPs without VCs :(\n console.warn(`No INPUT descriptor returned for scope ${scope}`)\n }\n\n let attestationCredential = args.attestationCredential\n\n if (hasInputDescriptors && !attestationCredential) {\n if (allVerifiableCredentials && allVerifiableCredentials.length > 0) {\n const pexResult = await context.agent.pexDefinitionFilterCredentials({\n presentationDefinition: definitionResponse,\n credentialFilterOpts: { credentialRole: args.credentialRole, verifiableCredentials: allVerifiableCredentials },\n })\n if (pexResult.filteredCredentials.length > 0) {\n const filtered = pexResult.filteredCredentials\n .map((cred) => CredentialMapper.toUniformCredential(cred, { hasher: defaultHasher }))\n .filter((cred) => {\n if (!cred.expirationDate) {\n return cred\n } else if (new Date(cred.expirationDate!).getDate() >= Date.now()) {\n return cred\n }\n return undefined\n })\n .filter((cred) => !!cred)\n if (filtered.length > 0) {\n attestationCredential = filtered[0]\n }\n }\n }\n if (!attestationCredential) {\n console.log(`No attestation credential present. Will get one from within access token method!`)\n const credentialIssuer = args.credentialIssuer ?? ebsiGetIssuerMock({ environment })\n const authReqResult = await context.agent.ebsiCreateAttestationAuthRequestURL({\n credentialIssuer,\n idOpts,\n formats: ['jwt_vc'],\n clientId,\n redirectUri,\n requestObjectOpts: {\n iss: clientId,\n requestObjectMode: CreateRequestObjectMode.REQUEST_OBJECT,\n jwksUri,\n },\n credentialType: 'VerifiableAuthorisationToOnboard',\n })\n const attestationResult = await context.agent.ebsiGetAttestation({\n authReqResult,\n clientId,\n opts: { timeout: 30_000 },\n })\n // @ts-ignore\n attestationCredential = attestationResult.credentials[0]!.rawVerifiableCredential! as W3CVerifiableCredential\n }\n }\n\n // FIXME SSISDK-40 should use DCQL\n // const definition = {\n // definition: definitionResponse,\n // location: PresentationDefinitionLocation.TOPLEVEL_PRESENTATION_DEF,\n // version: SupportedVersion.SIOPv2_D11,\n // } satisfies PresentationDefinitionWithLocation\n\n // const pexResult = hasInputDescriptors\n // ? await context.agent.pexDefinitionFilterCredentials({\n // presentationDefinition: definitionResponse,\n // credentialFilterOpts: { credentialRole: args.credentialRole, verifiableCredentials: [attestationCredential!] },\n // })\n // : ({\n // // LOL, let's see whether we can trick PEX to create a VP without VCs\n // filteredCredentials: [],\n // id: definitionResponse.id,\n // selectResults: { verifiableCredential: [], areRequiredCredentialsPresent: 'info' },\n // } satisfies IPEXFilterResult)\n // const opSession = await context.agent.siopRegisterOPSession({\n // requestJwtOrUri: '', // Siop assumes we use an auth request, which we don't have in this case\n // op: { checkLinkedDomains: CheckLinkedDomain.NEVER },\n // //providedPresentationDefinitions: [definition],\n // })\n\n //const oid4vp = await opSession.getOID4VP({ allIdentifiers: [identifier.did] })\n // const vp = await oid4vp.createVerifiablePresentation(\n // args.credentialRole,\n // { dcqlQuery: definition, credentials: pexResult.filteredCredentials },\n // {\n // proofOpts: { domain: openIDMetadata.issuer, nonce: v4(), created: new Date(Date.now() - 120_000).toString() },\n // holder: identifier.did,\n // idOpts: idOpts,\n // skipDidResolution,\n // forceNoCredentialsInVP: !hasInputDescriptors,\n // },\n // )\n\n const presentationSubmission = { id: v4(), definition_id: definitionResponse.id, descriptor_map: [] } satisfies PresentationSubmission\n // FIXME SSISDK-40\n //hasInputDescriptors\n //? vp.presentationSubmission\n //: ({ id: v4(), definition_id: definitionResponse.id, descriptor_map: [] } satisfies PresentationSubmission)\n\n console.log(`Presentation submission`, presentationSubmission)\n const tokenRequestArgs = {\n grant_type: 'vp_token',\n // FIXME SSISDK-40\n vp_token: '', //CredentialMapper.toCompactJWT(vp.verifiablePresentations[0]), // FIXME How are we going to send multiple presentations in a vp_token?\n scope,\n presentation_submission: presentationSubmission,\n apiOpts: { environment, version: 'v4' },\n openIDMetadata,\n } satisfies GetAccessTokenArgs\n\n console.log(`Access token request:\\r\\n${JSON.stringify(tokenRequestArgs)}`)\n const accessTokenResponse = await this.getAccessToken(tokenRequestArgs)\n\n console.log(`Access token response:\\r\\n${JSON.stringify(accessTokenResponse)}`)\n if (!('access_token' in accessTokenResponse)) {\n throw Error(`Error response: ${JSON.stringify(accessTokenResponse)}`)\n }\n\n return {\n accessTokenResponse,\n // vp,\n scope,\n // definition,\n identifier: identifier,\n }\n }\n\n private async getAccessToken(args: GetAccessTokenArgs): Promise<GetAccessTokenResponse> {\n const { grant_type = 'vp_token', scope, vp_token, presentation_submission, apiOpts, openIDMetadata } = args\n const discoveryMetadata: EbsiOpenIDMetadata =\n openIDMetadata ??\n (await this.ebsiWellknownMetadata({\n ...apiOpts,\n type: 'openid-configuration',\n }))\n const request = {\n grant_type,\n scope: `openid ${scope}`,\n vp_token,\n presentation_submission: JSON.stringify(presentation_submission),\n }\n return await (\n await fetch(`${discoveryMetadata.token_endpoint}`, {\n method: 'POST',\n headers: {\n ContentType: 'application/x-www-form-urlencoded',\n Accept: 'application/json',\n },\n body: new URLSearchParams(request),\n })\n ).json()\n }\n}\n","import { randomBytes } from '@ethersproject/random'\nimport { CreateRequestObjectMode } from '@sphereon/oid4vci-common'\nimport { getControllerKey, getEthereumAddressFromKey, getKeys } from '@sphereon/ssi-sdk-ext.did-utils'\nimport { calculateJwkThumbprint, calculateJwkThumbprintForKey, JwkKeyUse, toJwk } from '@sphereon/ssi-sdk-ext.key-utils'\nimport { W3CVerifiableCredential } from '@sphereon/ssi-types'\nimport { IAgentContext, IKey, IKeyManager, MinimalImportableKey, TKeyType } from '@veramo/core'\nimport { getBytes, SigningKey, Transaction } from 'ethers'\n// @ts-ignore\nimport { base58btc } from 'multiformats/bases/base58'\n\n// @ts-ignore\nimport { fromString } from 'uint8arrays/from-string'\n// @ts-ignore\nimport { toString } from 'uint8arrays/to-string'\nimport { getEbsiApiBaseUrl, wait } from '../functions'\nimport { logger } from '../index'\nimport { ApiOpts, EbsiApiVersion, EbsiEnvironment, IRequiredContext, WellknownOpts } from '../types/IEbsiSupport'\nimport { ebsiWaitTillDocumentAnchored } from './services/EbsiRestService'\nimport { callRpcMethod } from './services/EbsiRPCService'\nimport {\n BASE_CONTEXT_DOC,\n CreateEbsiDidOnLedgerResult,\n CreateEbsiDidParams,\n EBSI_DID_SPEC_INFOS,\n EbsiDidRegistryAPIEndpoints,\n EbsiDidSpecInfo,\n EbsiKeyType,\n EbsiPublicKeyPurpose,\n EbsiRpcMethod,\n EbsiRPCResponse,\n IContext,\n IKeyOpts,\n RpcMethodArgs,\n RpcOkResponse,\n} from './types'\n\nexport function generateEbsiMethodSpecificId(specInfo?: EbsiDidSpecInfo): string {\n const spec = specInfo ?? EBSI_DID_SPEC_INFOS.V1\n const length = spec.didLength ?? 16\n\n const result = new Uint8Array(length + (spec.version ? 1 : 0))\n if (spec.version) {\n result.set([spec.version])\n }\n result.set(randomBytes(length), spec.version ? 1 : 0)\n return base58btc.encode(result)\n}\n\nexport function generateOrUseProvidedEbsiPrivateKeyHex(specInfo?: EbsiDidSpecInfo, privateKeyBytes?: Uint8Array): string {\n const spec = specInfo ?? EBSI_DID_SPEC_INFOS.V1\n const length = spec.didLength ? 2 * spec.didLength : 32\n\n if (privateKeyBytes) {\n if (privateKeyBytes.length !== length) {\n throw Error(`Invalid private key length supplied (${privateKeyBytes.length}. Expected ${length} for ${spec.type}`)\n }\n return toString(privateKeyBytes, 'base16')\n }\n return toString(randomBytes(length), 'base16')\n}\n\n/*\n Returns the public key in the correct format to be used with the did registry v5\n * - in case of Secp256k1 - returns the uncompressed public key as hex string prefixed with 0x04\n * - in case of Secp256r1 - returns the jwk public key as hex string\n * @param {{ key: IKey, type: EbsiKeyType }} args\n * - key is the cryptographic key containing the public key\n * - type is the type of the key which can be Secp256k1 or Secp256r1\n * @returns {string} The properly formatted public key\n * @throws {Error} If the key type is invalid\n /\nexport const formatEbsiPublicKey = (args: { key: IKey; type: TKeyType }): string => {\n const { key, type } = args\n switch (type) {\n case 'Secp256k1': {\n const bytes = getBytes('0x' + key.publicKeyHex, 'key')\n return SigningKey.computePublicKey(bytes, false)\n }\n case 'Secp256r1': {\n /\n Public key as hex string. For an ES256K key, it must be in uncompressed format prefixed with \"0x04\".\n For other algorithms, it must be the JWK transformed to string and then to hex format.\n /\n const jwk: JsonWebKey = toJwk(key.publicKeyHex, type, { use: JwkKeyUse.Signature, key })\n /\n Converting JWK to string and then hex is odd and may lead to errors. Implementing\n it like that because it's how EBSI does it. However, it may be a point of pain\n in the future.\n /\n const jwkString = JSON.stringify(jwk, null, 2)\n return `0x${toString(fromString(jwkString), 'base16')}`\n }\n default:\n throw new Error(`Unsupported EBSI key type: ${type}`)\n }\n}\n\nexport const ebsiGetIssuerMock = (args: { environment?: EbsiEnvironment; version?: EbsiApiVersion }): string => {\n const { environment = 'conformance', version = 'v3' } = args\n if (environment === 'pilot') {\n throw Error(`EBSI Pilot network does not have a issuer mock server`)\n }\n return `${getEbsiApiBaseUrl({ environment, version, system: environment })}/issuer-mock`\n}\n\nexport const ebsiGetAuthorisationServer = (args: { environment?: EbsiEnvironment; version?: EbsiApiVersion }): string => {\n const { environment = 'pilot', version = 'v4' } = args\n return `${getEbsiApiBaseUrl({ environment, version, system: 'authorisation' })}`\n}\n\nexport const ebsiGetRegistryAPIUrls = (args: { environment?: EbsiEnvironment; version?: EbsiApiVersion }): EbsiDidRegistryAPIEndpoints => {\n const { environment = 'pilot', version = 'v5' } = args\n const baseUrl = `${getEbsiApiBaseUrl({ environment, version, system: 'did-registry' })}`\n return {\n mutate: `${baseUrl}/jsonrpc`,\n query: `${baseUrl}/identifiers`,\n }\n}\n\nexport const determineWellknownEndpoint = ({ environment, version, type, system = environment, mock }: WellknownOpts): string => {\n const url = `${getEbsiApiBaseUrl({ environment, version, system })}${mock ? `/${mock}` : ''}/.well-known/${type}`\n logger.debug(`wellknown url: ${url}`)\n return url\n}\n\nexport const ebsiSignAndSendTransaction = async (\n args: {\n rpcRequest: RpcMethodArgs\n previousTxResponse?: EbsiRPCResponse\n kid: string\n accessToken: string\n apiOpts?: ApiOpts\n },\n context: IContext,\n): Promise<EbsiRPCResponse> => {\n const { rpcRequest, accessToken, kid, apiOpts, previousTxResponse } = args\n const unsignedTxResponse = await callRpcMethod(rpcRequest)\n const nonce = 'result' in unsignedTxResponse ? unsignedTxResponse.result.nonce : undefined\n // We should get a new nonce once the actual previous transaction has been anchored. Thus we retry if the nonce remains the same\n if (\n previousTxResponse &&\n 'result' in unsignedTxResponse &&\n 'nonce' in previousTxResponse &&\n 'nonce' in unsignedTxResponse.result &&\n typeof unsignedTxResponse.result === 'object' &&\n previousTxResponse.nonce === unsignedTxResponse.result.nonce\n ) {\n await wait(1_000)\n return await ebsiSignAndSendTransaction({ ...args, previousTxResponse }, context)\n }\n\n if ('error' in unsignedTxResponse && !!unsignedTxResponse.error) {\n logger.error(JSON.stringify(unsignedTxResponse))\n throw new Error(unsignedTxResponse.error.message ?? 'Unknown error occurred')\n }\n const unsignedTx = (unsignedTxResponse as RpcOkResponse).result\n\n const agentUnsignedTx = JSON.parse(JSON.stringify(unsignedTx))\n if (unsignedTx && 'chainId' in unsignedTx && typeof unsignedTx.chainId === 'string' && unsignedTx.chainId.toLowerCase().startsWith('0x')) {\n // We expect the chain id to be a regular number and not a hex string\n agentUnsignedTx.chainId = Number.parseInt(unsignedTx.chainId, 16)\n }\n const signedRawTx = await context.agent.keyManagerSignEthTX({\n kid,\n transaction: agentUnsignedTx,\n })\n\n const sig = Transaction.from(signedRawTx).signature!\n const { r, s, v } = sig\n\n const sTResponse = await callRpcMethod({\n params: [\n {\n protocol: 'eth',\n unsignedTransaction: unsignedTx,\n r,\n s,\n v: `0x${v.toString(16)}`,\n signedRawTransaction: signedRawTx,\n },\n ],\n rpcMethod: EbsiRpcMethod.SEND_SIGNED_TRANSACTION,\n rpcId: unsignedTxResponse.id,\n apiOpts,\n accessToken: accessToken,\n })\n\n if ('status' in sTResponse) {\n throw new Error(JSON.stringify(sTResponse, null, 2))\n }\n return { ...sTResponse, nonce }\n}\n\nexport const ebsiGenerateOrUseKeyPair = async (\n args: {\n keyOpts?: IKeyOpts\n keyType: EbsiKeyType\n kms: string\n controllerKey?: boolean\n },\n context: IAgentContext<IKeyManager>,\n) => {\n const { keyOpts, keyType, kms, controllerKey = false } = args\n let privateKeyHex = generateOrUseProvidedEbsiPrivateKeyHex(\n EBSI_DID_SPEC_INFOS.V1,\n keyOpts?.privateKeyHex ? fromString(keyOpts.privateKeyHex, 'base16') : undefined,\n )\n if (privateKeyHex.startsWith('0x')) {\n privateKeyHex = privateKeyHex.substring(2)\n }\n if (!privateKeyHex \|\| privateKeyHex.length !== 64) {\n throw new Error('Private key should be 32 bytes / 64 chars hex')\n }\n const importableKey = await toMinimalImportableKey({ key: { ...keyOpts, privateKeyHex }, type: keyType, kms })\n\n if (keyType === 'Secp256k1') {\n importableKey.meta = {\n ...importableKey.meta,\n ebsi: {\n anchored: false,\n controllerKey,\n },\n }\n }\n return importableKey\n}\n\nexport const toMinimalImportableKey = async (args: { key?: IKeyOpts; type: EbsiKeyType; kms: string }): Promise<MinimalImportableKey> => {\n const { key, kms } = args\n const minimalImportableKey: Partial<MinimalImportableKey> = { ...key }\n const type = args.key?.type ?? args.type\n minimalImportableKey.kms = kms\n minimalImportableKey.type = type\n if (!minimalImportableKey.privateKeyHex) {\n throw Error(`Minimal importable key needs a private key`)\n }\n\n minimalImportableKey.meta = {\n purposes: assertedPurposes({ key }) ?? setPurposes({ key, type }),\n jwkThumbprint: calculateJwkThumbprintForKey({\n key: minimalImportableKey as MinimalImportableKey,\n digestAlgorithm: 'sha256',\n }),\n }\n return minimalImportableKey as MinimalImportableKey\n}\n\nexport const assertedPurposes = (args: { key?: IKeyOpts }): EbsiPublicKeyPurpose[] \| undefined => {\n const { key } = args\n if (key?.purposes && key.purposes.length > 0) {\n switch (key.type) {\n case 'Secp256k1': {\n if (key?.purposes && key.purposes.length > 0 && key.purposes?.includes(EbsiPublicKeyPurpose.CapabilityInvocation)) {\n return key.purposes\n }\n throw new Error(`Secp256k1/ES256K key requires ${EbsiPublicKeyPurpose.CapabilityInvocation} purpose`)\n }\n case 'Secp256r1': {\n if (\n key?.purposes &&\n key.purposes.length > 0 &&\n key.purposes.includes(EbsiPublicKeyPurpose.AssertionMethod) &&\n key.purposes.includes(EbsiPublicKeyPurpose.Authentication)\n ) {\n return key.purposes\n }\n throw new Error(\n `Secp256r1/ES256 key requires ${[EbsiPublicKeyPurpose.AssertionMethod, EbsiPublicKeyPurpose.Authentication].join(', ')} purposes`,\n )\n }\n default:\n throw new Error(`Unsupported key type: ${key.type}`)\n }\n }\n return key?.purposes\n}\n\nexport const setPurposes = (args: { key?: IKeyOpts; type: EbsiKeyType }): EbsiPublicKeyPurpose[] => {\n const { key, type } = args\n if (!key?.purposes \|\| key.purposes.length === 0) {\n switch (type) {\n case 'Secp256k1':\n return [EbsiPublicKeyPurpose.CapabilityInvocation]\n case 'Secp256r1':\n return [EbsiPublicKeyPurpose.AssertionMethod, EbsiPublicKeyPurpose.Authentication]\n default:\n throw new Error(`Unsupported key type: ${key?.type}`)\n }\n }\n return key.purposes\n}\n\nexport const randomRpcId = (): number => {\n return Math.floor(Math.random() Number.MAX_SAFE_INTEGER)\n}\n\nexport const ebsiCreateDidOnLedger = async (args: CreateEbsiDidParams, context: IRequiredContext): Promise<CreateEbsiDidOnLedgerResult> => {\n const {\n accessTokenOpts,\n notBefore = Math.floor(Date.now() / 1000 - 60),\n notAfter = Math.floor(Date.now() / 1000 + 10 * 365 * 24 * 60 * 60),\n baseDocument,\n identifier,\n } = args\n const { clientId, redirectUri, environment, credentialIssuer } = accessTokenOpts\n const controllerKey = getControllerKey({ identifier })\n const secp256r1 = getKeys({ identifier, keyType: 'Secp256r1' })?.[0]\n let { attestationToOnboard, attestationToOnboardCredentialRole } = accessTokenOpts\n\n if (!controllerKey \|\| !secp256r1) {\n return Promise.reject(`No secp256k1 controller key and/or secp2561r key found for identifier ${identifier}`)\n }\n const from = getEthereumAddressFromKey({ key: controllerKey })\n if (!from) {\n return Promise.reject(Error(`EBSI 'from' address expected for key ${controllerKey.publicKeyHex}`))\n }\n const did = identifier.did\n const kid = controllerKey.kid\n const idOpts = { identifier, kid }\n let rpcId = args.rpcId ?? randomRpcId()\n const apiOpts = {\n environment,\n version: 'v5',\n } satisfies ApiOpts\n\n const jwksUri = args.accessTokenOpts.jwksUri ?? `${clientId}/.well-known/jwks/dids/${encodeURIComponent(identifier.did)}.json`\n\n if (!attestationToOnboard) {\n console.log(`No attestation to onboard present. Will get one`)\n const authReqResult = await context.agent.ebsiCreateAttestationAuthRequestURL({\n credentialIssuer,\n idOpts: idOpts,\n formats: ['jwt_vc'],\n clientId,\n redirectUri,\n credentialType: 'VerifiableAuthorisationToOnboard',\n requestObjectOpts: { iss: clientId, requestObjectMode: CreateRequestObjectMode.REQUEST_OBJECT, jwksUri },\n })\n const attestationResult = await context.agent.ebsiGetAttestation({\n clientId,\n authReqResult,\n opts: { timeout: 120_000 },\n })\n attestationToOnboard = attestationResult.credentials[0].rawVerifiableCredential as W3CVerifiableCredential\n console.log(`Attestation to onboard received`, attestationToOnboard)\n }\n\n const insertDidAccessTokenResponse = await context.agent.ebsiAccessTokenGet({\n credentialRole: attestationToOnboardCredentialRole,\n attestationCredential: attestationToOnboard,\n jwksUri,\n scope: 'didr_invite',\n idOpts: idOpts,\n redirectUri,\n credentialIssuer,\n clientId,\n environment,\n skipDidResolution: true,\n })\n\n const insertDidDocRequest = {\n params: [\n {\n from,\n did,\n baseDocument: baseDocument ?? BASE_CONTEXT_DOC,\n vMethodId: calculateJwkThumbprint({ jwk: toJwk(controllerKey.publicKeyHex, 'Secp256k1') }),\n isSecp256k1: true,\n publicKey: formatEbsiPublicKey({ key: controllerKey, type: 'Secp256k1' }),\n notBefore,\n notAfter,\n },\n ],\n rpcMethod: EbsiRpcMethod.INSERT_DID_DOCUMENT,\n rpcId,\n apiOpts,\n accessToken: insertDidAccessTokenResponse.accessTokenResponse.access_token,\n }\n\n const insertDidDocResponse = await ebsiSignAndSendTransaction(\n {\n rpcRequest: insertDidDocRequest,\n kid,\n accessToken: insertDidAccessTokenResponse.accessTokenResponse.access_token,\n apiOpts,\n },\n context,\n )\n\n let anchorTime = await ebsiWaitTillDocumentAnchored({\n did,\n ...apiOpts,\n maxWaitTime: 30_000,\n startIntervalMS: 2000,\n minIntervalMS: 500,\n decreaseIntervalMSPerStep: 750,\n })\n if (!anchorTime.didDocument) {\n throw Error(`did ${did} was not registered on EBSI network ${apiOpts.environment} in 45 seconds`)\n }\n logger.debug(`Anchoring did ${did} on network ${apiOpts.environment} took ${anchorTime.totalWaitTime / 1000} seconds in ${anchorTime.count} tries`)\n\n // Update to the controller key for the remainder\n idOpts.kid = calculateJwkThumbprintForKey({ key: controllerKey })\n\n const addVMAccessTokenResponse = await context.agent.ebsiAccessTokenGet({\n credentialRole: attestationToOnboardCredentialRole,\n // attestationCredential: attestationToOnboard,\n jwksUri,\n scope: 'didr_write',\n idOpts: idOpts,\n redirectUri,\n credentialIssuer: undefined,\n clientId,\n environment,\n skipDidResolution: true,\n })\n\n const vMethodId = calculateJwkThumbprint({ jwk: toJwk(secp256r1.publicKeyHex, 'Secp256r1') })\n const publicKey = formatEbsiPublicKey({ key: secp256r1, type: 'Secp256r1' })\n const addVerificationMethodRequest = {\n params: [\n {\n from,\n did,\n isSecp256k1: false,\n vMethodId,\n publicKey,\n },\n ],\n rpcMethod: EbsiRpcMethod.ADD_VERIFICATION_METHOD,\n rpcId,\n apiOpts,\n accessToken: addVMAccessTokenResponse.accessTokenResponse.access_token,\n }\n\n const addVerificationMethodResponse = await ebsiSignAndSendTransaction(\n {\n rpcRequest: addVerificationMethodRequest,\n previousTxResponse: insertDidDocResponse,\n kid,\n accessToken: addVMAccessTokenResponse.accessTokenResponse.access_token,\n apiOpts,\n },\n context,\n )\n\n // We need to wait, even after the anchor. The methods below also retry in case the nonce does not get updated.\n // But we simply know that at this point we need to introduce some delay\n await wait(2_000)\n\n const addAssertionMethodRelationshipRequest = {\n params: [\n {\n from,\n did,\n vMethodId,\n name: 'assertionMethod',\n notAfter,\n notBefore,\n },\n ],\n rpcMethod: EbsiRpcMethod.ADD_VERIFICATION_RELATIONSHIP,\n rpcId,\n apiOpts,\n accessToken: addVMAccessTokenResponse.accessTokenResponse.access_token,\n }\n\n const addAssertionMethodRelationshipResponse = await ebsiSignAndSendTransaction(\n {\n rpcRequest: addAssertionMethodRelationshipRequest,\n previousTxResponse: addVerificationMethodResponse,\n kid,\n accessToken: addVMAccessTokenResponse.accessTokenResponse.access_token,\n apiOpts,\n },\n context,\n )\n\n anchorTime = await ebsiWaitTillDocumentAnchored({\n did,\n ...apiOpts,\n maxWaitTime: 20_000,\n minIntervalMS: 500,\n decreaseIntervalMSPerStep: 500,\n searchForObject: { assertionMethod: [`${did}#${vMethodId}`] },\n })\n if (!anchorTime.didDocument) {\n throw Error(`did ${did} assertionMethod id ${vMethodId} was not registered on EBSI network ${apiOpts.environment} in 20 seconds`)\n }\n logger.debug(\n `Anchoring assertionMethod ${vMethodId} for DID ${did} on network ${apiOpts.environment} took ${anchorTime.totalWaitTime / 1000} seconds in ${anchorTime.count} tries`,\n )\n\n const addAuthenticationRelationshipRequest = {\n params: [\n {\n from,\n did,\n vMethodId,\n name: 'authentication',\n notAfter,\n notBefore,\n },\n ],\n rpcMethod: EbsiRpcMethod.ADD_VERIFICATION_RELATIONSHIP,\n rpcId,\n apiOpts,\n accessToken: addVMAccessTokenResponse.accessTokenResponse.access_token,\n }\n\n const addAuthenticationRelationshipResponse = await ebsiSignAndSendTransaction(\n {\n rpcRequest: addAuthenticationRelationshipRequest,\n previousTxResponse: addAssertionMethodRelationshipResponse,\n kid,\n accessToken: addVMAccessTokenResponse.accessTokenResponse.access_token,\n apiOpts,\n },\n context,\n )\n\n return {\n identifier,\n insertDidDoc: insertDidDocResponse,\n addVerificationMethod: addVerificationMethodResponse,\n addAuthenticationRelationship: addAuthenticationRelationshipResponse,\n addAssertionMethodRelationship: addAssertionMethodRelationshipResponse,\n }\n}\n","import { OpenID4VCIClient } from '@sphereon/oid4vci-client'\nimport {\n Alg,\n AuthorizationDetailsV1_0_15,\n AuthorizationRequestOpts,\n AuthzFlowType,\n CredentialConfigurationSupported,\n CredentialConfigurationSupportedV1_0_15,\n getJson,\n getTypesFromCredentialSupported,\n ProofOfPossessionCallbacks,\n} from '@sphereon/oid4vci-common'\nimport { getAuthenticationKey, SupportedDidMethodEnum } from '@sphereon/ssi-sdk-ext.did-utils'\nimport { ManagedIdentifierDidResult } from '@sphereon/ssi-sdk-ext.identifier-resolution'\nimport { calculateJwkThumbprintForKey, signatureAlgorithmFromKey } from '@sphereon/ssi-sdk-ext.key-utils'\nimport {\n IssuanceOpts,\n OID4VCICallbackStateListener,\n OID4VCIMachineInterpreter,\n OID4VCIMachineState,\n OID4VCIMachineStates,\n PrepareStartArgs,\n signCallback,\n} from '@sphereon/ssi-sdk.oid4vci-holder'\nimport {\n OID4VPCallbackStateListener,\n Siopv2MachineInterpreter,\n Siopv2MachineState,\n Siopv2MachineStates,\n Siopv2OID4VPLinkHandler,\n} from '@sphereon/ssi-sdk.siopv2-oid4vp-op-auth'\nimport { _ExtendedIKey } from '@veramo/utils'\nimport { waitFor } from 'xstate/lib/waitFor.js'\nimport { logger } from '../index'\nimport { AttestationResult, CreateAttestationAuthRequestURLArgs, EbsiEnvironment, GetAttestationArgs, IRequiredContext } from '../types/IEbsiSupport'\nimport {\n addContactCallback,\n authorizationCodeUrlCallback,\n handleErrorCallback,\n reviewCredentialsCallback,\n selectCredentialsCallback,\n siopDoneCallback,\n} from './AttestationHeadlessCallbacks'\nimport { getEbsiApiBaseUrl } from './index'\n\nexport interface AttestationAuthRequestUrlResult extends Omit<Required<PrepareStartArgs>, 'issuanceOpt'> {\n issuanceOpt?: IssuanceOpts\n authorizationCodeURL: string\n identifier: ManagedIdentifierDidResult\n authKey: _ExtendedIKey\n}\n\n/*\n Method to generate an authz url for getting attestation credentials from a (R)TAO on EBSI using a cloud/service wallet\n \n This method can be used standalone. But it can also be used as input for the `oid4vciHolderStart` agent method,\n * to start a OID4VCI holder flow.\n \n @param opts\n * @param context\n /\nexport const ebsiCreateAttestationAuthRequestURL = async (\n {\n clientId: clientIdArg,\n credentialIssuer,\n credentialType,\n idOpts,\n redirectUri,\n requestObjectOpts,\n formats = ['jwt_vc', 'jwt_vc_json'],\n }: CreateAttestationAuthRequestURLArgs,\n context: IRequiredContext,\n): Promise<AttestationAuthRequestUrlResult> => {\n logger.info(`create attestation ${credentialType} auth req URL for ${clientIdArg} and issuer ${credentialIssuer}`)\n const resolution = await context.agent.identifierManagedGetByDid(idOpts)\n const identifier = resolution.identifier\n if (identifier.provider !== 'did:ebsi' && identifier.provider !== 'did:key') {\n throw Error(\n `EBSI only supports did:key for natural persons and did:ebsi for legal persons. Provider: ${identifier.provider}, did: ${identifier.did}`,\n )\n }\n // This only works if the DID is actually registered, otherwise use our internal KMS;\n // that is why the offline argument is passed in when type is Verifiable Auth to Onboard, as no DID is present at that point yet\n // We are getting the ES256 key here, as that is the one needed for auth in EBSI\n const authKey = await getAuthenticationKey(\n {\n identifier,\n offlineWhenNoDIDRegistered: credentialType === 'VerifiableAuthorisationToOnboard',\n noVerificationMethodFallback: true,\n keyType: 'Secp256r1',\n },\n context,\n )\n const kid = authKey.meta?.jwkThumbprint ?? calculateJwkThumbprintForKey({ key: authKey })\n const clientId = clientIdArg ?? identifier.did\n\n const vciClient = await OpenID4VCIClient.fromCredentialIssuer({\n credentialIssuer,\n kid,\n clientId,\n createAuthorizationRequestURL: false, // We will do that down below\n retrieveServerMetadata: true,\n })\n\n const allMatches = {} as Record<string, CredentialConfigurationSupportedV1_0_15> \| Array<CredentialConfigurationSupported> // vciClient.getCredentialsSupported(format) FIXME SSISDK-40\n let arrayMatches: Array<CredentialConfigurationSupported>\n if (Array.isArray(allMatches)) {\n arrayMatches = allMatches\n } else {\n arrayMatches = Object.entries(allMatches).map(([id, supported]) => {\n supported.id = id\n return supported\n })\n }\n const supportedConfigurations = arrayMatches\n .filter((supported) => getTypesFromCredentialSupported(supported, { filterVerifiableCredential: false }).includes(credentialType))\n .filter((supported) => (supported.format === 'jwt_vc' \|\| supported.format === 'jwt_vc_json') && formats.includes(supported.format))\n if (supportedConfigurations.length === 0) {\n throw Error(`Could not find '${credentialType}' with format(s) '${formats.join(',')}' in list of supported types for issuer: ${credentialIssuer}`)\n }\n const authorizationDetails = supportedConfigurations.map((supported) => {\n const credential_configuration_id = supported.id as string\n if (!credential_configuration_id) {\n throw Error(`Credential configuration id missing for credential type: ${credentialType}`)\n }\n return {\n type: 'openid_credential',\n credential_configuration_id,\n credential_identifiers: getTypesFromCredentialSupported(supported),\n } satisfies AuthorizationDetailsV1_0_15\n })\n\n const signCallbacks: ProofOfPossessionCallbacks = requestObjectOpts.signCallbacks ?? {\n signCallback: signCallback(idOpts, context),\n }\n const authorizationRequestOpts = {\n redirectUri,\n clientId,\n authorizationDetails,\n requestObjectOpts: {\n ...requestObjectOpts,\n signCallbacks,\n kid: requestObjectOpts.kid ?? kid,\n },\n } satisfies AuthorizationRequestOpts\n // todo: Do we really need to do this, or can we just set the create option to true at this point? We are passing in the authzReq opts\n const authorizationCodeURL = await vciClient.createAuthorizationRequestUrl({\n authorizationRequest: authorizationRequestOpts,\n })\n logger.info(`create attestation ${credentialType} auth req URL for ${clientIdArg} and issuer ${credentialIssuer}, result: ${authorizationCodeURL}`)\n const jwaAlg = await signatureAlgorithmFromKey({ key: authKey })\n if (!(jwaAlg in Alg)) {\n return Promise.reject(Error(`${jwaAlg} is not supported`))\n }\n // @ts-ignore\n const alg: Alg = Alg[jwaAlg]\n\n return {\n requestData: {\n createAuthorizationRequestURL: false,\n flowType: AuthzFlowType.AUTHORIZATION_CODE_FLOW,\n uri: credentialIssuer,\n existingClientState: JSON.parse(await vciClient.exportState()),\n },\n accessTokenOpts: {\n clientOpts: {\n alg,\n clientId,\n kid,\n signCallbacks,\n clientAssertionType: 'urn:ietf:params:oauth:client-assertion-type:jwt-bearer',\n },\n },\n authorizationRequestOpts,\n authorizationCodeURL,\n identifier: resolution,\n authKey,\n didMethodPreferences: [SupportedDidMethodEnum.DID_EBSI, SupportedDidMethodEnum.DID_KEY],\n }\n}\n\nexport const ebsiGetAttestationInterpreter = async (\n { clientId, authReqResult, walletType }: Omit<GetAttestationArgs, 'opts'>,\n context: IRequiredContext,\n): Promise<OID4VCIMachineInterpreter> => {\n const identifier = authReqResult.identifier\n const vciStateCallbacks = new Map<OID4VCIMachineStates, (oid4vciMachine: OID4VCIMachineInterpreter, state: OID4VCIMachineState) => Promise<void>>()\n const vpStateCallbacks = new Map<Siopv2MachineStates, (oid4vpMachine: Siopv2MachineInterpreter, state: Siopv2MachineState) => Promise<void>>()\n\n const oid4vciMachine = await context.agent.oid4vciHolderGetMachineInterpreter({\n ...authReqResult,\n issuanceOpt: {\n identifier,\n supportedPreferredDidMethod: SupportedDidMethodEnum.DID_EBSI,\n kid: authReqResult.authKey.meta?.jwkThumbprint ?? authReqResult.authKey.kid,\n },\n clientOpts: {\n clientAssertionType: 'urn:ietf:params:oauth:client-assertion-type:jwt-bearer',\n kid: authReqResult.authKey.meta?.jwkThumbprint ?? authReqResult.authKey.kid,\n clientId,\n },\n didMethodPreferences: [SupportedDidMethodEnum.DID_EBSI, SupportedDidMethodEnum.DID_KEY],\n stateNavigationListener: OID4VCICallbackStateListener(vciStateCallbacks),\n walletType: walletType ?? 'NATURAL_PERSON',\n })\n const vpLinkHandler = new Siopv2OID4VPLinkHandler({\n protocols: ['openid:'],\n // @ts-ignore\n context,\n noStateMachinePersistence: true,\n stateNavigationListener: OID4VPCallbackStateListener(vpStateCallbacks),\n })\n\n vpStateCallbacks\n .set(Siopv2MachineStates.done, siopDoneCallback({ oid4vciMachine }, context))\n .set(Siopv2MachineStates.handleError, handleErrorCallback(context))\n .set(Siopv2MachineStates.error, handleErrorCallback(context))\n\n vciStateCallbacks\n .set(OID4VCIMachineStates.handleError, handleErrorCallback(context))\n .set(OID4VCIMachineStates.addContact, addContactCallback(context))\n .set(OID4VCIMachineStates.selectCredentials, selectCredentialsCallback(context))\n .set(\n OID4VCIMachineStates.initiateAuthorizationRequest,\n authorizationCodeUrlCallback(\n {\n authReqResult,\n vpLinkHandler,\n },\n context,\n ),\n )\n .set(OID4VCIMachineStates.reviewCredentials, reviewCredentialsCallback(context))\n\n return oid4vciMachine.interpreter\n}\n\nexport const ebsiGetAttestation = async (\n { clientId, authReqResult, opts = { timeout: 30_000 } }: GetAttestationArgs,\n agentContext: IRequiredContext,\n): Promise<AttestationResult> => {\n logger.info(`Getting EBSI attestation for ${authReqResult.identifier.did} and ${clientId}`)\n const interpreter = await ebsiGetAttestationInterpreter({ clientId, authReqResult }, agentContext)\n const state = await waitFor(interpreter.start(), (state) => state.matches('done') \|\| state.matches('handleError') \|\| state.matches('error'), {\n timeout: opts.timeout ?? 30_000,\n })\n const { contactAlias, contact, credentialBranding, issuanceOpt, error, credentialsToAccept } = state.context\n\n if (state.matches('handleError') \|\| state.matches('error')) {\n logger.error(JSON.stringify(state.context.error))\n throw Error(JSON.stringify(state.context.error))\n }\n\n const result = {\n contactAlias,\n contact: contact!,\n credentialBranding,\n identifier: issuanceOpt?.identifier\n ? ((await agentContext.agent.identifierManagedGet(issuanceOpt.identifier)) as ManagedIdentifierDidResult)\n : authReqResult.identifier,\n error,\n credentials: credentialsToAccept,\n }\n logger.info(`EBSI attestation for ${authReqResult.identifier.did} and ${clientId}`, result)\n\n return result\n}\n\n/\n Normally you would use the browser to let the user make this call in the front channel,\n * however EBSI mainly uses mocks at present, and we want to be able to test as well\n /\nexport const ebsiAuthRequestExecution = async (authRequestResult: AttestationAuthRequestUrlResult, opts?: {}) => {\n const { requestData, authorizationCodeURL } = authRequestResult\n const vciClient = await OpenID4VCIClient.fromState({ state: requestData?.existingClientState! })\n\n logger.debug(`URL: ${authorizationCodeURL}, according to client: ${vciClient.authorizationURL}`)\n\n const authResponse = await getJson<any>(authorizationCodeURL)\n const location: string \| null = authResponse.origResponse.headers.get('location')\n logger.debug(`LOCATION: ${location}`)\n}\n\nexport const ebsiGetIssuer = ({ credentialIssuer, environment = 'pilot' }: { credentialIssuer?: string; environment?: EbsiEnvironment }): string => {\n if (credentialIssuer) {\n return credentialIssuer\n }\n if (environment !== 'pilot') {\n return `${getEbsiApiBaseUrl({ environment, version: 'v3' })}/issuer-mock`\n }\n\n throw Error(`EBSI environment ${environment} needs explicit credential issuer`)\n}\n","import { decodeUriAsJson } from '@sphereon/did-auth-siop'\nimport { getIssuerName } from '@sphereon/oid4vci-common'\nimport {\n ConnectionType,\n CorrelationIdentifierType,\n IdentityOrigin,\n NonPersistedParty,\n Party,\n PartyOrigin,\n PartyTypeType,\n} from '@sphereon/ssi-sdk.data-store-types'\nimport { OID4VCIMachine, OID4VCIMachineEvents, OID4VCIMachineInterpreter, OID4VCIMachineState } from '@sphereon/ssi-sdk.oid4vci-holder'\nimport { Siopv2MachineInterpreter, Siopv2MachineState, Siopv2OID4VPLinkHandler } from '@sphereon/ssi-sdk.siopv2-oid4vp-op-auth'\nimport { CredentialRole } from '@sphereon/ssi-types'\nimport fetch from 'cross-fetch'\nimport { logger } from '../index'\nimport { IRequiredContext } from '../types/IEbsiSupport'\nimport { AttestationAuthRequestUrlResult } from './Attestation'\n\nexport const addContactCallback = (context: IRequiredContext) => {\n return async (oid4vciMachine: OID4VCIMachineInterpreter, state: OID4VCIMachineState) => {\n const { serverMetadata, hasContactConsent, contactAlias } = state.context\n\n if (!serverMetadata) {\n return Promise.reject(Error('Missing serverMetadata in context'))\n }\n\n const issuerUrl: URL = new URL(serverMetadata.issuer)\n const correlationId: string = `${issuerUrl.protocol}//${issuerUrl.hostname}`\n let issuerName: string = getIssuerName(correlationId, serverMetadata.credentialIssuerMetadata)\n\n const party: NonPersistedParty = {\n contact: {\n displayName: issuerName,\n legalName: issuerName,\n },\n // FIXME maybe its nicer if we can also just use the id only\n // TODO using the predefined party type from the contact migrations here\n // TODO this is not used as the screen itself adds one, look at the params of the screen, this is not being passed in\n partyType: {\n id: '3875c12e-fdaa-4ef6-a340-c936e054b627',\n origin: PartyOrigin.EXTERNAL,\n type: PartyTypeType.ORGANIZATION,\n name: 'Sphereon_default_type',\n tenantId: '95e09cfc-c974-4174-86aa-7bf1d5251fb4',\n },\n uri: correlationId,\n identities: [\n {\n alias: correlationId,\n roles: [CredentialRole.ISSUER],\n origin: IdentityOrigin.EXTERNAL,\n identifier: {\n type: CorrelationIdentifierType.URL,\n correlationId: issuerUrl.hostname,\n },\n // TODO WAL-476 add support for correct connection\n connection: {\n type: ConnectionType.OPENID_CONNECT,\n config: {\n clientId: '138d7bf8-c930-4c6e-b928-97d3a4928b01',\n clientSecret: '03b3955f-d020-4f2a-8a27-4e452d4e27a0',\n scopes: ['auth'],\n issuer: 'https://example.com/app-test',\n redirectUrl: 'app:/callback',\n dangerouslyAllowInsecureHttpRequests: true,\n clientAuthMethod: 'post' as const,\n },\n },\n },\n ],\n }\n\n const onCreate = async ({\n party,\n issuerUrl,\n issuerName,\n correlationId,\n }: {\n party: NonPersistedParty\n issuerUrl: string\n issuerName: string\n correlationId: string\n }): Promise<void> => {\n const displayName = party.contact.displayName ?? issuerName\n const contacts: Array<Party> = await context.agent.cmGetContacts({\n filter: [\n {\n contact: {\n // Searching on legalName as displayName is not unique, and we only support organizations for now\n legalName: displayName,\n },\n },\n ],\n })\n if (contacts.length === 0 \|\| !contacts[0]?.contact) {\n const contact = await context.agent.cmAddContact({\n ...party,\n displayName,\n legalName: displayName,\n contactType: {\n type: PartyTypeType.ORGANIZATION,\n name: displayName,\n origin: PartyOrigin.EXTERNAL,\n tenantId: party.tenantId ?? '1',\n },\n })\n oid4vciMachine.send({\n type: OID4VCIMachineEvents.CREATE_CONTACT,\n data: contact,\n })\n }\n }\n\n const onConsentChange = async (hasConsent: boolean): Promise<void> => {\n oid4vciMachine.send({\n type: OID4VCIMachineEvents.SET_CONTACT_CONSENT,\n data: hasConsent,\n })\n }\n\n const onAliasChange = async (alias: string): Promise<void> => {\n oid4vciMachine.send({\n type: OID4VCIMachineEvents.SET_CONTACT_ALIAS,\n data: alias,\n })\n }\n\n if (!issuerName) {\n issuerName = `EBSI unknown (${issuerUrl})`\n } else if (issuerName.startsWith('http')) {\n issuerName = `EBSI ${issuerName.replace(/https?:\\/\\//, '')}`\n }\n if (!contactAlias) {\n return await onAliasChange(issuerName)\n }\n issuerName = contactAlias\n if (!hasContactConsent) {\n return await onConsentChange(true)\n }\n await onCreate({ party, issuerName, issuerUrl: issuerUrl.toString(), correlationId })\n }\n}\n\nexport const handleErrorCallback = (context: IRequiredContext) => {\n return async (oid4vciMachine: OID4VCIMachineInterpreter \| Siopv2MachineInterpreter, state: OID4VCIMachineState \| Siopv2MachineState) => {\n console.error(`error callback event: ${state.event}`, state.context.error)\n logger.trace(state.event)\n }\n}\n\nexport const selectCredentialsCallback = (context: IRequiredContext) => {\n return async (oid4vciMachine: OID4VCIMachineInterpreter, state: OID4VCIMachineState) => {\n const { contact, credentialToSelectFrom, selectedCredentials } = state.context\n\n if (selectedCredentials && selectedCredentials.length > 0) {\n logger.info(`selected: ${selectedCredentials.join(', ')}`)\n oid4vciMachine.send({\n type: OID4VCIMachineEvents.NEXT,\n })\n return\n } else if (!contact) {\n return Promise.reject(Error('Missing contact in context'))\n }\n\n const onSelectType = async (selectedCredentials: Array<string>): Promise<void> => {\n console.log(`Selected credentials: ${selectedCredentials.join(', ')}`)\n oid4vciMachine.send({\n type: OID4VCIMachineEvents.SET_SELECTED_CREDENTIALS,\n data: selectedCredentials,\n })\n }\n\n await onSelectType(credentialToSelectFrom.map((sel) => sel.credentialId))\n }\n}\n\nexport const authorizationCodeUrlCallback = (\n {\n authReqResult,\n vpLinkHandler,\n }: {\n authReqResult: AttestationAuthRequestUrlResult\n vpLinkHandler: Siopv2OID4VPLinkHandler\n },\n context: IRequiredContext,\n) => {\n return async (oid4vciMachine: OID4VCIMachineInterpreter, state: OID4VCIMachineState) => {\n const url = state.context.authorizationCodeURL\n console.log('navigateAuthorizationCodeURL: ', url)\n if (!url) {\n return Promise.reject(Error('Missing authorization URL in context'))\n }\n const onOpenAuthorizationUrl = async (url: string): Promise<void> => {\n console.log('onOpenAuthorizationUrl being invoked: ', url)\n oid4vciMachine.send({\n type: OID4VCIMachineEvents.INVOKED_AUTHORIZATION_CODE_REQUEST,\n data: url,\n })\n const response = await fetch(url, { redirect: 'manual' })\n if (response.status < 301 \|\| response.status > 302) {\n throw Error(`When doing a headless auth, we expect to be redirected on getting the authz URL`)\n }\n const openidUri = response.headers.get('location')\n if (!openidUri \|\| !openidUri.startsWith('openid://')) {\n let error: string \| undefined = undefined\n if (openidUri) {\n if (openidUri.includes('error')) {\n error = 'Authorization server error: '\n const decoded = decodeUriAsJson(openidUri)\n if ('error' in decoded && decoded.error) {\n error += decoded.error + ', '\n }\n if ('error_description' in decoded && decoded.error_description) {\n error += decoded.error_description\n }\n }\n }\n throw Error(\n error ??\n `Expected a openid:// URI to be returned from EBSI in headless mode. Returned: ${openidUri}, ${JSON.stringify(await response.text())}`,\n )\n }\n\n console.log(`onOpenAuthorizationUrl after openUrl: ${url}`)\n const kid = authReqResult.authKey.meta?.jwkThumbprint\n ? `${authReqResult.identifier.did}#${authReqResult.authKey.meta.jwkThumbprint}`\n : authReqResult.identifier.kid\n await vpLinkHandler.handle(openidUri, { idOpts: { ...authReqResult.identifier, kmsKeyRef: kid } })\n }\n await onOpenAuthorizationUrl(url)\n }\n}\n\nexport const reviewCredentialsCallback = (context: IRequiredContext) => {\n return async (oid4vciMachine: OID4VCIMachineInterpreter, state: OID4VCIMachineState) => {\n console.log(`# REVIEW CREDENTIALS:`)\n console.log(JSON.stringify(state.context.credentialsToAccept, null, 2))\n oid4vciMachine.send({\n type: OID4VCIMachineEvents.NEXT,\n })\n }\n}\n\nexport const siopDoneCallback = ({ oid4vciMachine }: { oid4vciMachine: OID4VCIMachine }, context: IRequiredContext) => {\n return async (oid4vpMachine: Siopv2MachineInterpreter, state: Siopv2MachineState) => {\n // console.log('SIOP result:')\n // console.log(JSON.stringify(state.context, null , 2))\n if (!state.context.authorizationResponseData?.queryParams?.code) {\n throw Error(`No code was returned from the authorization step`)\n }\n oid4vciMachine.interpreter.send({\n type: OID4VCIMachineEvents.PROVIDE_AUTHORIZATION_CODE_RESPONSE,\n data: state.context.authorizationResponseData.url!,\n })\n console.log(`SIOP DONE!`)\n }\n}\n","import { ApiOpts, EbsiEnvironment } from '../types/IEbsiSupport'\n\nexport const getEbsiApiBaseUrl = ({\n environment = 'pilot',\n version,\n system = 'pilot',\n}: ApiOpts & { system?: 'authorisation' \| 'conformance' \| 'did-registry' \| EbsiEnvironment }) => {\n return `https://api-${environment}.ebsi.eu/${system}/${version}`\n}\n\nexport const wait = async (timeoutInMS: number) => {\n return new Promise((resolve) => setTimeout(resolve, timeoutInMS))\n}\n\nexport from './Attestation'\n","import fetch from 'cross-fetch'\nimport { DIDDocument } from 'did-resolver'\nimport { wait } from '../../functions'\nimport { logger } from '../../index'\nimport { ApiOpts } from '../../types/IEbsiSupport'\nimport { ebsiGetRegistryAPIUrls } from '../functions'\nimport { GetDidDocumentParams, GetDidDocumentsParams, GetDidDocumentsResponse } from '../types'\n\n/*\n Gets the DID document corresponding to the DID.\n * @param {{ params: GetDidDocumentParams, apiOpts?: ApiOpts }} args\n * @returns a did document\n /\nexport const ebsiGetDidDocument = async (args: { params: GetDidDocumentParams; apiOpts?: ApiOpts }): Promise<DIDDocument> => {\n const { params, apiOpts } = args\n const { did, validAt } = params\n if (!did) {\n throw new Error('did parameter is required')\n }\n const query = validAt ? `?valid_at=${validAt}` : ''\n const response = await fetch(`${ebsiGetRegistryAPIUrls({ ...apiOpts }).query}/${did}${query}`)\n const textBody = await response.text()\n const json = textBody.startsWith('{') ? JSON.parse(textBody) : undefined\n\n if (response.status >= 300 \|\| !json) {\n return Promise.reject(new Error(json ?? textBody))\n }\n return json\n}\n\n/\n Wait up to the number of MS for a DID Document or Verification methods and relationships to be registered. This is needed, as the EBSI blockchain does not directly propagate across all nodes, since it needs to mine for consensus first\n * @param args\n /\nexport const ebsiWaitTillDocumentAnchored = async (\n args: GetDidDocumentParams &\n ApiOpts & {\n startIntervalMS?: number\n minIntervalMS?: number\n decreaseIntervalMSPerStep?: number\n maxWaitTime?: number\n searchForObject?: Record<string, any>\n },\n): Promise<{\n totalWaitTime: number\n count: number\n didDocument: DIDDocument \| undefined\n}> => {\n const {\n did,\n startIntervalMS = 2000,\n minIntervalMS = 500,\n decreaseIntervalMSPerStep = 250,\n maxWaitTime = 60_000,\n version = 'v5',\n environment = 'pilot',\n searchForObject,\n } = args\n\n if (startIntervalMS < minIntervalMS) {\n return Promise.reject(Error(`min interval ${minIntervalMS} needs to be smaller or equal to the start interval ${startIntervalMS}`))\n } else if (decreaseIntervalMSPerStep < 0) {\n return Promise.reject(Error(`decrease interval per step ${decreaseIntervalMSPerStep} needs to be bigger than zero`))\n }\n let interval = startIntervalMS\n let totalWaitTime = 0\n let didDocument: DIDDocument \| undefined\n let count = 0\n function logCalback() {\n logger.debug(`Get DID Document; count ${count}: wait time: ${totalWaitTime}, ${did}`)\n }\n while (!didDocument && totalWaitTime <= maxWaitTime) {\n ++count\n try {\n logCalback()\n didDocument = await ebsiGetDidDocument({ params: { did }, apiOpts: { environment, version } })\n if (searchForObject!! && didDocument) {\n const didDocAsStr = JSON.stringify(didDocument)\n const search = JSON.stringify(searchForObject)\n const found = didDocAsStr.includes(search.substring(1, search.length - 1))\n if (!found) {\n logger.debug(`We did not find VM relationship or key ${JSON.stringify(searchForObject)} in DID document ${did}`)\n didDocument = undefined\n }\n }\n } catch (e) {}\n if (!didDocument) {\n await wait(interval)\n totalWaitTime += interval\n interval = Math.max(interval - decreaseIntervalMSPerStep, minIntervalMS)\n }\n }\n logCalback()\n return { didDocument, totalWaitTime, count }\n}\n\n/\n listDidDocuments - Returns a list of identifiers.\n * @param {{ params: GetDidDocumentsParams; apiOpts?: ApiOpts }} args\n * @returns a list of identifiers\n /\nexport const ebsiListDidDocuments = async (args: { params: GetDidDocumentsParams; apiOpts?: ApiOpts }): Promise<GetDidDocumentsResponse> => {\n const { params, apiOpts } = args\n const { offset, size, controller } = params\n const queryParams: string[] = []\n if (offset) {\n queryParams.push(`page[after]=${offset}`)\n }\n if (size) {\n queryParams.push(`page[size]=${size}`)\n }\n if (controller) {\n queryParams.push(`controller=${controller}`)\n }\n const query = `?${queryParams.filter(Boolean).join('&')}`\n return await (await fetch(`${ebsiGetRegistryAPIUrls({ ...apiOpts }).query}/${query}`)).json()\n}\n","import fetch from 'cross-fetch'\nimport { wait } from '../../functions'\nimport { logger } from '../../index'\nimport { ebsiGetRegistryAPIUrls, randomRpcId } from '../functions'\nimport { EbsiRPCResponse, JSON_RPC_VERSION, RpcMethodArgs } from '../types'\n\n/\n Allows to call 5 api methods of the EBSI RPC api\n * - insertDidDocument\n * - updateBaseDocument\n * - addVerificationMethod\n * - addVerificationMethodRelationship\n * - sendSignedTransaction\n * @function callRpcMethod\n * @param {{ params: RPCParams[]; id: number; token: string; method: EbsiRpcMethod; apiOpts? ApiOpts }} args\n /\nexport const callRpcMethod = async (args: RpcMethodArgs): Promise<EbsiRPCResponse> => {\n return callRpcMethodImpl({ ...args, retries: 10 })\n}\nconst callRpcMethodImpl = async (args: RpcMethodArgs & { retries: number }): Promise<EbsiRPCResponse> => {\n const { params, rpcId, accessToken, rpcMethod, apiOpts, doNotThrowErrors = false, retries } = args\n const options = buildFetchOptions({ accessToken: accessToken, params, rpcId, rpcMethod })\n logger.debug(`RPC call:\\r\\n ${JSON.stringify(options, null, 2)}`)\n const rpcResponse = await (await fetch(ebsiGetRegistryAPIUrls({ ...apiOpts }).mutate, options)).json()\n\n let result = rpcResponse.result\n logger.debug(`RPC RESPONSE:\\r\\n${JSON.stringify(result ?? rpcResponse.error)}`)\n\n if (rpcResponse.error !== undefined && !doNotThrowErrors) {\n logger.error(`RPC ERROR RESPONSE:`, rpcResponse)\n if (rpcResponse.error.message.includes(`replacement fee too low`)) {\n args.rpcId = randomRpcId()\n if (retries <= 0) {\n throw Error(rpcResponse.error.message)\n }\n logger.warning(`Replacement fee too low error. Waiting 1 sec. Retries: ${retries}`)\n await wait(1000)\n return callRpcMethodImpl({ ...args, retries: retries - 1 })\n }\n throw Error(rpcResponse.error.message)\n }\n\n return rpcResponse\n}\n\n/\n Builds the request body of the http request to EBSI RPC api\n * @function buildFetchOptions\n * @param {{ params: RPCParams[]; id: number; token: string; method: EbsiRpcMethod }} args\n /\nconst buildFetchOptions = (args: RpcMethodArgs): RequestInit => {\n const { params, rpcId, accessToken, rpcMethod } = args\n const fetchReq = {\n method: 'POST',\n headers: {\n 'Content-Type': 'application/json',\n Authorization: `Bearer ${accessToken}`,\n },\n body: JSON.stringify({\n jsonrpc: JSON_RPC_VERSION,\n method: rpcMethod,\n params: params,\n id: rpcId,\n }),\n } satisfies RequestInit\n logger.debug(fetchReq)\n return fetchReq\n}\n","import { W3CVerifiableCredential } from '@sphereon/ssi-types'\nimport { IAgentContext, IIdentifier, IKeyManager, MinimalImportableKey, TKeyType } from '@veramo/core'\nimport { IService } from '@veramo/core'\nimport { DIDDocument } from 'did-resolver'\nimport { AccessListish, BigNumberish, BytesLike } from 'ethers'\nimport { ApiOpts, EbsiEnvironment } from '../types/IEbsiSupport'\nimport { CredentialRole } from '@sphereon/ssi-types'\n\nexport type IContext = IAgentContext<IKeyManager>\n\n/\n The type of the DID to be created\n * @readonly\n * @enum {string}\n /\nexport type EbsiDIDType = 'NATURAL_PERSON' \| 'LEGAL_ENTITY'\n\n/\n The DID method to use\n * @readonly\n * @enum {string}\n /\nexport type EbsiDIDPrefix = 'did:ebsi:' \| 'did:key:'\n\n/\n @typedef EbsiDidSpecInfo\n * @type {object}\n * @property {EbsiDIDType} type - The type of the DID\n * @property {EbsiDIDPrefix} method - The method of the DID\n * @property {number} version - The version of the specs\n * @property {number} didLength - The length of the DID\n * @property {number} privateKeyLength The private key length\n /\nexport interface EbsiDidSpecInfo {\n type: EbsiDIDType\n method: EbsiDIDPrefix\n version?: number\n didLength?: number\n privateKeyLength?: number\n}\n\nexport const EBSI_DID_SPEC_INFOS: Record<string, EbsiDidSpecInfo> = {\n V1: {\n type: 'LEGAL_ENTITY',\n method: 'did:ebsi:',\n version: 0x01,\n didLength: 16,\n privateKeyLength: 32,\n },\n KEY: {\n type: 'NATURAL_PERSON',\n method: 'did:key:',\n },\n}\n\n/\n A minimal importable key with restricted types to choose from and purposes of the public key\n * @typedef IKeyOpts\n * @extends MinimalImportableKey\n * @property {EbsiKeyType} type\n * @property {EbsiPublicKeyPurpose[]} purposes\n /\nexport interface IKeyOpts extends WithRequiredProperty<Partial<MinimalImportableKey>, 'privateKeyHex'> {\n type?: EbsiKeyType\n purposes?: EbsiPublicKeyPurpose[]\n}\n\n// Needed to make a single property required\ntype WithRequiredProperty<Type, Key extends keyof Type> = Type & {\n [Property in Key]-?: Type[Property]\n}\n\nexport type RpcMethodArgs = {\n params: RPCParams[]\n rpcId: number\n accessToken: string\n rpcMethod: EbsiRpcMethod\n apiOpts?: ApiOpts\n doNotThrowErrors?: boolean\n}\n\nexport type EbsiCreateIdentifierOpts = {\n methodSpecificId?: string\n rpcId?: number\n secp256k1Key?: IKeyOpts\n secp256r1Key?: IKeyOpts\n did?: string\n keys?: IKeyOpts[] // additional importable keys, but only in case execute ledger is true\n executeLedgerOperation?: boolean // Whether to persist on the EBSI ledger. By default looks at whether access token opts are set or not\n baseDocument?: string\n notBefore?: number\n notAfter?: number\n accessTokenOpts: EbsiAccessTokenOpts\n services?: IService[]\n}\n\n/\n @typedef ICreateIdentifierArgs\n * @type {object}\n * @property {string} kms - The kms to use\n * @property {string} alias - The alias of the DID\n * @property {EbsiDidSpecInfo} type\n * @property {string} options.methodSpecificId - method specific id for import\n * @property {IKeyOpts} secp256k1Key - The options to create the key\n * @property {IKeyOpts} secp256r1Key - The options to create the key\n /\nexport interface ICreateIdentifierArgs {\n kms?: string\n alias?: string\n type?: EbsiDidSpecInfo\n options: EbsiCreateIdentifierOpts\n}\n\n/\n The Ebsi allowed key types - Secp256k1 and Secp256r1\n * @readonly\n * @enum {string}\n /\nexport type EbsiKeyType = Extract<TKeyType, 'Secp256k1' \| 'Secp256r1'>\n\n/\n The purpose of the public keys\n * @readonly\n * @enum {string}\n /\nexport enum EbsiPublicKeyPurpose {\n Authentication = 'authentication',\n AssertionMethod = 'assertionMethod',\n CapabilityInvocation = 'capabilityInvocation',\n}\n\n/\n @typedef InsertDidDocumentParams\n * @type {object}\n * @property {string} from - Ethereum address of the signer\n * @property {string} did - DID to insert. It must be for a legal entity (DID v1)\n * @property {string} BASE_CONTEXT_DOC - JSON string containing the @context of the DID document\n * @property {string} vMethodId - Thumbprint of the public key\n * @property {string} publicKey - Public key for secp256k1 in uncompressed format prefixed with \"0x04\"\n * @property {boolean} isSecp256k1 - It must be true\n * @property {number} notBefore - Capability invocation is valid from this time\n * @property {number} notAfter - Expiration of the capability invocation\n /\nexport type InsertDidDocumentParams = {\n from: string\n did: string\n baseDocument: string\n vMethodId: string\n publicKey: string\n isSecp256k1: boolean\n notBefore: number\n notAfter: number\n}\n\n/\n @typedef UpdateBaseDocumentParams\n * @type {object}\n * @property {string} from - Ethereum address of the signer\n * @property {string} did - Existing DID\n * @property {string} BASE_CONTEXT_DOC - JSON string containing the @context of the DID document\n /\nexport type UpdateBaseDocumentParams = Pick<InsertDidDocumentParams, 'from' \| 'did' \| 'baseDocument'>\n\n/\n @typedef UpdateIdentifierParams\n * @type {object}\n * @property {string} did - A DID\n * @property {Partial<DIDDocument>} document - The partial DID document\n * @property {{ [p: string]: any }} [options] - Any additional options\n /\nexport type UpdateIdentifierParams = {\n did: string\n document: Partial<DIDDocument>\n options?: { [p: string]: any }\n}\n\nexport type AddServiceParams = {\n from: string\n did: string\n service: IService\n}\n\n/\n @typedef AddVerificationMethodParams\n * @type {object}\n * @property {string} from - Ethereum address of the signer\n * @property {string} did - Existing DID\n * @property {string} vMethodId - New verification method id\n * @property {boolean} isSecp256k1 - Boolean defining if the public key is for secp256k1 curve or not\n * @property {string} publicKey - Public key as hex string. For an ES256K key, it must be in uncompressed format\n * prefixed with \"0x04\". For other algorithms, it must be the JWK transformed to string and then to hex format.\n /\nexport type AddVerificationMethodParams = Pick<InsertDidDocumentParams, 'from' \| 'did' \| 'vMethodId' \| 'isSecp256k1' \| 'publicKey'>\n\n/\n @typedef AddVerificationMethodRelationshipParams\n * @type {object}\n * @property {string} from - Ethereum address of the signer\n * @property {string} did - Existing DID\n * @property {string} name - Name of the verification relationship\n * @property {string} vMethodId - Reference to the verification method\n * @property {number} notBefore - Verification relationship is valid from this time\n * @property {number} notAfter - Expiration of the verification relationship\n /\nexport type AddVerificationMethodRelationshipParams = Pick<InsertDidDocumentParams, 'from' \| 'did' \| 'vMethodId' \| 'notBefore' \| 'notAfter'> & {\n name: string\n}\n\n/\n @typedef UnsignedTransaction\n * @type {object}\n * @property {string} from - The sending address.\n * @property {string} to - The receiving address (if EOA, the transaction will transfer value. If a smart contract\n * account, the transaction will use contract code).\n * @property {string} data - Can contain code or a message to the recipient.\n * @property {string} nonce - A number used to track ordering of transactions and prevent replay attacks\n * @property {string} chainId - The Ethereum Network ID (ex: 1 - Ethereum Mainnet).\n * @property {string} gasLimit - The maximum amount of gas units that can be used.\n * @property {string} gasPrice - Gas price provided by the sender in Wei.\n * @property {string} value - The amount of ETH to be sent from the sending address (denominated in Wei)\n /\nexport type UnsignedTransaction = {\n to?: string\n nonce?: number\n\n gasLimit?: BigNumberish\n gasPrice?: BigNumberish\n\n data?: BytesLike\n value?: BigNumberish\n chainId?: number\n\n // Typed-Transaction features\n type?: number \| null\n\n // EIP-2930; Type 1 & EIP-1559; Type 2\n accessList?: AccessListish\n\n // EIP-1559; Type 2\n maxPriorityFeePerGas?: BigNumberish\n maxFeePerGas?: BigNumberish\n /from: string\n to: string\n data: string\n nonce: string\n chainId: string\n gasLimit: string\n gasPrice: string\n value: string/\n}\n/\n @typedef SendSignedTransactionParams\n * @type {object}\n * @property {string} protocol - Example: eth\n * @property {UnsignedTransaction} unsignedTransaction - The unsigned transaction\n * @property {string} r - ECDSA signature r\n * @property {string} s - ECDSA signature s\n * @property {string} v - ECDSA recovery id\n * @property {string} signedRawTransaction - The signed raw transaction\n /\nexport type SendSignedTransactionParams = {\n protocol: string\n unsignedTransaction: UnsignedTransaction\n r: string\n s: string\n v: string\n signedRawTransaction: string\n}\n\n/\n @typedef RpcOkResponse\n * @type {object}\n * @property {string} JSON_RPC_VERSION - Must be exactly \"2.0\"\n * @property {number} id - Same identifier established by the client in the call\n * @property {object} result - Result of the transaction\n /\nexport type RpcOkResponse = {\n jsonrpc: string\n id: number\n result: any\n}\n\nexport type RpcErrorResponse = {\n jsonrpc: string\n id: number\n error: {\n code: number\n message: string\n }\n}\n\n/\n @typedef ResponseNot200\n * @type {object}\n * @property {URL \| string} type - An absolute URI that identifies the problem type. When dereferenced,\n * it SHOULD provide human-readable documentation for the problem type.\n * @property {string} title - A short summary of the problem type.\n * @property {number} status - The HTTP status code generated by the origin server for this occurrence of the problem.\n * @property {string} detail - A human-readable explanation specific to this occurrence of the problem.\n * @property {URL \| string} instance An absolute URI that identifies the specific occurrence of the problem.\n * It may or may not yield further information if dereferenced.\n /\nexport type ResponseNot200 = {\n type: URL \| string\n id?: number\n title: string\n error?: {\n code: number\n message: string\n }\n status: number\n detail: string\n instance: URL \| string\n}\n\n/\n @typedef GetDidDocumentParams\n * @type {object}\n * @property {string} did\n * @property {string} validAt\n /\nexport type GetDidDocumentParams = {\n did: string\n validAt?: string\n}\n\n/\n @typedef GetDidDocumentsParams\n * @type {object}\n * @property {string} offset Originally page[after] Cursor that points to the end of the page of data that has been returned.\n * @property {number} size Originally page[size] Defines the maximum number of objects that may be returned.\n * @property {string} controller Filter by controller DID.\n /\nexport type GetDidDocumentsParams = {\n offset?: string\n size?: number\n controller?: string\n}\n\n/\n Result of listing dids\n * @typedef {Item}\n * @type {object}\n * @property {string} did - The DID\n * @property {string} href - The referrer of the DID\n /\nexport type Item = {\n did: string\n href: string\n}\n\n/\n The links related to pagination\n * @typedef Links\n * @type {object}\n * @property {string} first - The link to the first page\n * @property {string} prev - The link ot the previous page\n * @property {string} next - The link to the next page\n * @property {string} last - The link to the last page\n /\nexport type Links = {\n first: string\n prev: string\n next: string\n last: string\n}\n\n/\n @typedef GetDidDocumentResponse\n * @type {object}\n * @property {string} self - Absolute path to the collection (consult)\n * @property {Item[]} items - List of DIDs and their referrers\n * @property {number} total - Total number of items across all pages.\n * @property {pageSize} number - Maximum number of items per page. For the last page, its value should be independent of the number of actually returned items.\n * @property {Links} links - The links related to pagination\n /\nexport type GetDidDocumentsResponse = {\n self: string\n items: Item[]\n total: number\n pageSize: number\n links: Links\n}\n\nexport type EbsiAccessTokenOpts = {\n attestationToOnboard?: W3CVerifiableCredential\n attestationToOnboardCredentialRole: CredentialRole\n jwksUri?: string\n redirectUri: string\n credentialIssuer: string\n clientId: string\n environment: EbsiEnvironment\n}\n/\n @typedef CreateEbsiDidParams\n * @type {object}\n * @property {Omit<IIdentifier, 'provider'>} identifier An identifier without the provider\n * @property {ManagedKeyInfo} secp256k1ManagedKeyInfo A Secp256k1 managed key\n * @property {ManagedKeyInfo} secp256r1ManagedKeyInfo A Secp256r1 managed key\n * @property {number} id A client created id\n * @property {string} from The wallet eth like address\n * @property {string} [baseDocument] The base DID document\n * @property {number} notBefore Date of issuance of the identifier\n * @property {number} notAfter Date of expiration of the identifier\n * @property {ApiOpts} [apiOpts] The EBSI API options\n /\nexport type CreateEbsiDidParams = {\n identifier: IIdentifier\n rpcId?: number\n notBefore?: number\n notAfter?: number\n baseDocument?: string\n accessTokenOpts: EbsiAccessTokenOpts\n}\nexport interface CreateEbsiDidOnLedgerResult {\n identifier: IIdentifier\n addVerificationMethod: EbsiRPCResponse\n insertDidDoc: EbsiRPCResponse\n addAssertionMethodRelationship: EbsiRPCResponse\n addAuthenticationRelationship: EbsiRPCResponse\n}\n/\n @constant JSON_RPC_VERSION\n /\nexport const JSON_RPC_VERSION = '2.0'\n\n/\n @constant BASE_CONTEXT_DOC\n /\nexport const BASE_CONTEXT_DOC = JSON.stringify({ '@context': ['https://www.w3.org/ns/did/v1', 'https://w3id.org/security/suites/jws-2020/v1'] })\n\nexport interface EbsiDidRegistryAPIEndpoints {\n mutate: string\n query: string\n}\n\n/\n The EBSI RPC operations\n * @readonly\n * @enum {string}\n /\nexport enum EbsiRpcMethod {\n INSERT_DID_DOCUMENT = 'insertDidDocument',\n UPDATE_DID_DOCUMENT = 'updateBaseDocument',\n ADD_VERIFICATION_METHOD = 'addVerificationMethod',\n ADD_VERIFICATION_RELATIONSHIP = 'addVerificationRelationship',\n ADD_SERVICE = 'addService',\n SEND_SIGNED_TRANSACTION = 'sendSignedTransaction',\n}\n\nexport type RPCParams =\n \| InsertDidDocumentParams\n \| UpdateBaseDocumentParams\n \| AddVerificationMethodParams\n \| AddVerificationMethodRelationshipParams\n \| SendSignedTransactionParams\n \| AddServiceParams\n\nexport type EbsiRPCResponse = RpcOkResponse \| (RpcErrorResponse & { nonce: string })\n","import { DiscoveryMetadataPayload, JWK } from '@sphereon/did-auth-siop'\nimport { OID4VCICredentialFormat, RequestObjectOpts } from '@sphereon/oid4vci-common'\nimport { Format, PresentationDefinitionV2 } from '@sphereon/pex-models'\nimport { IIdentifierResolution, ManagedIdentifierDidOpts, ManagedIdentifierDidResult } from '@sphereon/ssi-sdk-ext.identifier-resolution'\nimport { IJwtService } from '@sphereon/ssi-sdk-ext.jwt-service'\nimport { IBasicCredentialLocaleBranding, Party } from '@sphereon/ssi-sdk.data-store-types'\nimport { CredentialRole } from '@sphereon/ssi-types'\nimport { ErrorDetails, IOID4VCIHolder, MappedCredentialToAccept, WalletType } from '@sphereon/ssi-sdk.oid4vci-holder'\nimport { IPresentationExchange } from '@sphereon/ssi-sdk.presentation-exchange'\nimport { IDidAuthSiopOpAuthenticator } from '@sphereon/ssi-sdk.siopv2-oid4vp-op-auth'\nimport { PresentationSubmission, W3CVerifiableCredential } from '@sphereon/ssi-types'\nimport { IAgentContext, IDIDManager, IKeyManager, IPluginMethodMap, IResolver } from '@veramo/core'\nimport { CreateEbsiDidOnLedgerResult, CreateEbsiDidParams } from '../did'\nimport { AttestationAuthRequestUrlResult } from '../functions'\n\n/\n The OpenID scope\n * @readonly\n * @enum {string}\n /\nexport type EBSIScope =\n \| 'didr_write'\n \| 'didr_invite'\n \| 'tir_write'\n \| 'tir_invite'\n \| 'timestamp_write'\n \| 'tnt_authorise'\n \| 'tnt_create'\n \| 'tnt_write'\n \| 'did_authn'\n\nexport enum TokenType {\n BEARER = 'Bearer',\n}\n\nexport type EbsiEnvironment = 'pilot' \| 'conformance' \| 'conformance-test'\nexport type EbsiApiVersion = 'v3' \| 'v4' \| 'v5'\nexport type WellknownType = 'openid-credential-issuer' \| 'openid-configuration'\nexport type EbsiMock = 'issuer-mock' \| 'auth-mock'\nexport type EbsiSystem = 'authorisation' \| 'conformance' \| 'did-registry'\n\nexport type ApiOpts = { environment?: EbsiEnvironment; version: EbsiApiVersion }\nexport type WellknownOpts = ApiOpts & { type: WellknownType; system?: EbsiSystem \| EbsiEnvironment; mock?: EbsiMock }\n\nexport interface IEbsiSupport extends IPluginMethodMap {\n ebsiCreateDidOnLedger(args: CreateEbsiDidParams, context: IRequiredContext): Promise<CreateEbsiDidOnLedgerResult>\n\n ebsiWellknownMetadata(args?: ApiOpts): Promise<GetOIDProviderMetadataResponse>\n\n ebsiAuthorizationServerJwks(args?: ApiOpts): Promise<GetOIDProviderJwksResponse>\n\n ebsiPresentationDefinitionGet(args: GetPresentationDefinitionArgs): Promise<GetPresentationDefinitionResponse>\n\n ebsiAccessTokenGet(args: EBSIAuthAccessTokenGetArgs, context: IRequiredContext): Promise<GetAccessTokenResult>\n\n ebsiCreateAttestationAuthRequestURL(args: CreateAttestationAuthRequestURLArgs, context: IRequiredContext): Promise<AttestationAuthRequestUrlResult>\n\n ebsiGetAttestation(args: GetAttestationArgs, context: IRequiredContext): Promise<AttestationResult>\n}\n\n// export type ApiOpts = { environment?: EbsiEnvironment; version?: string }\n\n/\n @typedef EbsiOpenIDMetadata\n * @type {object}\n * @property {(URL \| string)} issuer URL using the https scheme with no query or fragment component that the OP asserts as its Issuer Identifier. MUST be identical to the iss Claim value in ID Tokens issued from this Issuer.\n * @property {(URL \| string)} authorization_endpoint URL of the OP's OAuth 2.0 Authorization Endpoint.\n * @property {(URL \| string)} token_endpoint URL of the OP's OAuth 2.0 Token Endpoint.\n * @property {(URL \| string)} [presentation_definition_endpoint] URL of the OP's presentation definitions endpoint. Non-standard, used in EBSI\n * @property {(URL \| string)} jwks_uri URL of the authorization server's JWK Set [JWK] document\n * @property {string[]} scopes_supported JSON array containing a list of the OAuth 2.0 [RFC6749] scope values that this server supports. (SIOP v2)\n * @property {string[]} response_types_supported JSON array containing a list of the OAuth 2.0 \"response_type\" values that this authorization server supports (SIOP v2)\n * @property {string[]} [response_mode_supported] JSON array containing a list of the OAuth 2.0 response_mode values that this OP supports\n * @property {string[]} [grant_types_supported] JSON array containing a list of the OAuth 2.0 grant type values that this authorization server supports.\n * @property {string[]} subject_types_supported JSON array containing a list of the Subject Identifier types that this OP supports.\n * @property {string[]} id_token_signing_alg_values_supported JSON array containing a list of the JWS signing algorithms (alg values) supported by the OP for the ID Token to encode the Claims in a JWT\n * @property {string[]} [request_object_signing_alg_values_supported] JSON array containing a list of the JWS signing algorithms (alg values) supported by the OP for Request Objects\n * @property {string[]} [request_parameter_supported] Boolean value specifying whether the OP supports use of the request parameter, with true indicating support\n * @property {string[]} [token_endpoint_auth_methods_supported] JSON array containing a list of client authentication methods supported by this token endpoint\n * @property {{ authorization_endpoint: string[] }} [request_authentication_methods_supported] A JSON Object defining the client authentications supported for each endpoint\n * @property {string[]} [vp_formats_supported] An object containing a list of key value pairs, where the key is a string identifying a credential format supported by the AS\n * @property {(URL[] \| string[])} [subject_syntax_types_supported] A JSON array of strings representing URI scheme identifiers and optionally method names of supported Subject Syntax Types\n * @property {string[]} [subject_trust_frameworks_supported] A JSON array of supported trust frameworks.\n * @property {string[]} [id_token_types_supported] A JSON array of strings containing the list of ID Token types supported by the OP\n /\nexport type EbsiOpenIDMetadata = DiscoveryMetadataPayload & {\n presentation_definition_endpoint?: URL \| string\n}\n\n/\n JSON Web Key Set\n * @typedef GetOIDProviderJwksSuccessResponse\n * @property {JWK[]} keys\n /\nexport interface GetOIDProviderJwksSuccessResponse {\n keys: JWK[]\n}\n\n/\n @typedef GetPresentationDefinitionArgs\n * @type {object}\n * @property {EBSIScope} scope\n * @property {ApiOpts} [apiOpts] The environment and version of the API\n /\nexport interface GetPresentationDefinitionArgs {\n scope: EBSIScope\n apiOpts?: WellknownOpts\n openIDMetadata?: EbsiOpenIDMetadata\n}\n\nexport type CreateAttestationAuthRequestURLArgs = {\n credentialIssuer: string\n credentialType: string\n idOpts: ManagedIdentifierDidOpts\n requestObjectOpts: RequestObjectOpts\n clientId?: string\n redirectUri?: string\n formats?: Array<Extract<OID4VCICredentialFormat, 'jwt_vc' \| 'jwt_vc_json'>>\n}\n\nexport type GetAttestationArgs = {\n clientId: string\n authReqResult: AttestationAuthRequestUrlResult\n walletType?: WalletType\n opts?: {\n timeout: number\n }\n}\n\n/\n Presentation Definition V2\n * @typedef GetPresentationDefinitionSuccessResponse\n * @type {object}\n * @property {string} id A UUID or some other unique ID to identify this Presentation Definition\n * @property {string} [name] A name property is a human-friendly string intended to constitute a distinctive designation of the Presentation Definition.\n * @property {string} [purpose] It describes the purpose for which the Presentation Definition's inputs are being requested.\n * @property {Format} [format] What claim variants Verifiers and Holders support.\n * @property {SubmissionRequirement[]} [submission_requirements] List of requirements for described inputs in input descriptors.\n * @property {InputDescriptor[]} input_descriptors List of descriptions of the required inputs.\n * @property {object} [frame] a JSON LD Framing Document object.\n /\nexport type GetPresentationDefinitionSuccessResponse = PresentationDefinitionV2 & {\n format?: Pick<Format, 'jwt_vc' \| 'jwt_vc_json' \| 'jwt_vp' \| 'jwt_vp_json'>\n}\n\n/\n @typedef GetAccessTokenArgs\n * @type {object}\n * @property {string} grant_type MUST be set to \"vp_token\"\n * @property {string} vp_token Signed Verifiable Presentation. See also the VP Token schema definition.\n * @property {PresentationSubmission} presentation_submission Descriptor for the vp_token, linked by presentation_definition. See also the Presentation Definition schema.\n * @property {EBSIScope} scope Possible values: [openid didr_write, openid didr_invite, openid tir_write, openid tir_invite, openid timestamp_write, openid tnt_authorise, openid tnt_create, openid tnt_write] OIDC scope\n * @property {ApiOpts} [apiOpts] The environment and the version of the API\n /\nexport interface GetAccessTokenArgs {\n grant_type?: string\n vp_token: string\n presentation_submission: PresentationSubmission\n scope: EBSIScope\n openIDMetadata?: EbsiOpenIDMetadata\n apiOpts: ApiOpts\n}\n\nexport type GetAccessTokenResult = {\n identifier: ManagedIdentifierDidResult\n scope: EBSIScope\n // vp: VerifiablePresentationWithDefinition\n // definition: PresentationDefinitionWithLocation\n accessTokenResponse: GetAccessTokenSuccessResponse\n}\n/\n @typedef EBSIAuthAccessTokenGetArgs\n * @type {object}\n * @property {string} attestationCredential Verifiable Credential (Verifiable Authorisation to Onboard) JWT format\n // * @property {ScopeByDefinition} definitionId The presentation definition id\n * @property {string} [domain] The domain of the issuer\n * @property {string} did The did of the VP issuer\n * @property {string} kid kid in the format: did#kid\n * @property {EBSIScope} scope Needed to retrieve the authentication request\n * @property {ApiOpts} [apiOpts] The environment and the version of the API\n /\nexport interface EBSIAuthAccessTokenGetArgs {\n clientId: string\n credentialRole: CredentialRole\n credentialIssuer?: string\n attestationCredential?: W3CVerifiableCredential\n allVerifiableCredentials?: W3CVerifiableCredential[]\n redirectUri?: string\n jwksUri: string\n // definitionId: ScopeByDefinition\n idOpts: ManagedIdentifierDidOpts\n scope: EBSIScope\n environment: EbsiEnvironment\n skipDidResolution?: boolean\n}\n\n/\n @typedef GetAccessTokenSuccessResponse\n * @type {object}\n * @property {string} access_token ^(([A-Za-z0-9\\-_])+\\.)([A-Za-z0-9\\-_]+)(\\.([A-Za-z0-9\\-_]+)?$ The access token issued by the authorization server in JWS format. See also the \"Access Token\" schema definition\n * @property {TokenType} token_type Possible values: [Bearer]/MUST be Bearer\n * @property {number} [expires_in] Possible values: >= 1. The lifetime in seconds of the access token\n * @property {EBSIScope} scope Possible values: [openid didr_write, openid didr_invite, openid tir_invite, openid tir_write, openid timestamp_write, openid tnt_authorise, openid tnt_create, openid tnt_write] The scope of the access token\n * @property {string} id_token ^(([A-Za-z0-9\\-_])+\\.)([A-Za-z0-9\\-_]+)(\\.([A-Za-z0-9\\-_]+)?$ ID Token value associated with the authenticated session. Presents client's identity. ID Token is issued in a JWS format. See also the \"ID Token\" schema definition.\n * @property {ApiOpts} apiOpts The environment and the version of the API\n /\nexport interface GetAccessTokenSuccessResponse {\n access_token: string\n token_type: TokenType\n expires_in?: number\n scope: EBSIScope\n id_token: string\n apiOpts: ApiOpts\n}\n\n/\n @typedef ExceptionResponse\n * @type {object}\n * @property {(URL \| string)} [type] An absolute URI that identifies the problem type. When dereferenced, it SHOULD provide human-readable documentation for the problem type.\n * @property {string} [title] A short summary of the problem type.\n * @property {number} [status] Possible values: >= 400 and <= 600. The HTTP status code generated by the origin server for this occurrence of the problem.\n * @property {string} [detail] A human readable explanation specific to this occurrence of the problem.\n * @property {(URL \| string)} [instance] An absolute URI that identifies the specific occurrence of the problem. It may or may not yield further information if dereferenced.\n /\nexport interface ExceptionResponse {\n type?: URL \| string\n title?: string\n status?: number\n detail?: string\n instance?: URL \| string\n}\n\nexport type AttestationResult = {\n contactAlias: string\n contact: Party\n credentialBranding?: Record<string, Array<IBasicCredentialLocaleBranding>> \| undefined\n identifier: ManagedIdentifierDidResult\n error: ErrorDetails \| undefined\n credentials: Array<MappedCredentialToAccept>\n}\n\nexport type GetOIDProviderMetadataResponse = EbsiOpenIDMetadata\nexport type GetOIDProviderJwksResponse = GetOIDProviderJwksSuccessResponse \| ExceptionResponse\nexport type GetPresentationDefinitionResponse = GetPresentationDefinitionSuccessResponse\nexport type GetAccessTokenResponse = GetAccessTokenSuccessResponse \| ExceptionResponse\nexport type IRequiredContext = IAgentContext<\n IKeyManager &\n IDIDManager &\n IResolver &\n IIdentifierResolution &\n IJwtService &\n IDidAuthSiopOpAuthenticator &\n IPresentationExchange &\n IOID4VCIHolder &\n IEbsiSupport\n>\n","import { getControllerKey, getEthereumAddressFromKey } from '@sphereon/ssi-sdk-ext.did-utils'\nimport { calculateJwkThumbprint, calculateJwkThumbprintForKey, toJwk } from '@sphereon/ssi-sdk-ext.key-utils'\nimport { IAgentContext, IDIDManager, IIdentifier, IKeyManager } from '@veramo/core'\nimport { IKey, IService } from '@veramo/core'\nimport { AbstractIdentifierProvider } from '@veramo/did-manager'\nimport Debug from 'debug'\nimport { ApiOpts, IRequiredContext } from '../types/IEbsiSupport'\nimport {\n ebsiCreateDidOnLedger,\n ebsiGenerateOrUseKeyPair,\n ebsiSignAndSendTransaction,\n formatEbsiPublicKey,\n generateEbsiMethodSpecificId,\n randomRpcId,\n} from './functions'\nimport { EBSI_DID_SPEC_INFOS, EbsiRpcMethod, ICreateIdentifierArgs, UpdateIdentifierParams } from './types'\n\nconst debug = Debug('sphereon:did-provider-ebsi')\n\nexport class EbsiDidProvider extends AbstractIdentifierProvider {\n static readonly PROVIDER = 'did:ebsi'\n private readonly defaultKms?: string\n private readonly apiOpts?: ApiOpts\n\n constructor(options: { defaultKms?: string; apiOpts?: ApiOpts }) {\n super()\n this.defaultKms = options.defaultKms\n this.apiOpts = options.apiOpts\n }\n\n async createIdentifier(args: ICreateIdentifierArgs, context: IRequiredContext): Promise<Omit<IIdentifier, 'provider'>> {\n const { type, options, kms = this.defaultKms, alias } = args\n const {\n notBefore,\n notAfter,\n secp256k1Key,\n secp256r1Key,\n keys,\n accessTokenOpts,\n executeLedgerOperation = !!args.options?.accessTokenOpts,\n methodSpecificId = generateEbsiMethodSpecificId(EBSI_DID_SPEC_INFOS.V1),\n baseDocument,\n services,\n } = { ...options }\n\n if (executeLedgerOperation && !accessTokenOpts) {\n throw new Error('Access token options must be provided to execute ledger operation')\n }\n const rpcId = options?.rpcId ?? randomRpcId()\n\n if (type === EBSI_DID_SPEC_INFOS.KEY) {\n return Promise.reject(Error(`Type ${type} not supported. Please use @sphereon/ssi-sdk-ext.did-provider-key for Natural Person EBSI DIDs`))\n } else if (!kms) {\n return Promise.reject(Error(`No KMS value provided`))\n } else if (keys && keys.length > 0 && !executeLedgerOperation) {\n return Promise.reject(Error(`Cannot add additional keys if ledger operation is not enabled at creation. Please add the keys later yourself`))\n }\n\n // CapabilityInvocation purpose\n const secp256k1ImportKey = await ebsiGenerateOrUseKeyPair(\n {\n keyOpts: secp256k1Key,\n keyType: 'Secp256k1',\n kms,\n controllerKey: true,\n },\n context,\n )\n const secp256k1ManagedKeyInfo = await context.agent.keyManagerImport(secp256k1ImportKey)\n\n // Authentication, assertionMethod purpose\n const secp256r1ImportKey = await ebsiGenerateOrUseKeyPair(\n {\n keyOpts: secp256r1Key,\n keyType: 'Secp256r1',\n kms,\n },\n context,\n )\n\n const secp256r1ManagedKeyInfo = await context.agent.keyManagerImport(secp256r1ImportKey)\n\n const identifier: IIdentifier = {\n did: options.did && options.did.startsWith('did:ebsi:') ? options.did : `${EBSI_DID_SPEC_INFOS.V1.method}${methodSpecificId}`,\n controllerKeyId: secp256k1ManagedKeyInfo.kid,\n keys: [secp256k1ManagedKeyInfo, secp256r1ManagedKeyInfo],\n alias,\n services: services ?? [],\n provider: EbsiDidProvider.PROVIDER,\n }\n\n const apiOpts = { ...this.apiOpts }\n if (!apiOpts.environment) {\n apiOpts.environment = accessTokenOpts?.environment ?? 'pilot'\n }\n if (!apiOpts.version) {\n apiOpts.version = 'v5'\n }\n\n if (executeLedgerOperation) {\n // This can only work if we enable global jwks hosting. DID JWK hosting will not work as the DID is not registered at this point\n await ebsiCreateDidOnLedger(\n {\n identifier,\n baseDocument,\n accessTokenOpts: accessTokenOpts!,\n rpcId,\n notBefore,\n notAfter,\n },\n context,\n )\n if (keys && keys.length > 0) {\n for (const keyOpts of keys) {\n const key = await ebsiGenerateOrUseKeyPair(\n {\n keyOpts,\n keyType: keyOpts.type ?? 'Secp256r1',\n kms,\n },\n context,\n )\n const managedKeyInfo = await context.agent.keyManagerImport(key)\n console.warn(`FIXME: Anchor additional key on EBSI`, managedKeyInfo)\n }\n }\n }\n\n debug('Created', identifier.did)\n return identifier\n }\n\n async addKey(\n args: {\n identifier: IIdentifier\n key: IKey\n options: {\n rpcId?: number\n accessToken: string\n vmRelationships: 'authentication' \| 'assertionMethod' \| 'keyAgreement' \| 'capabilityInvocation' \| 'capabilityDelegation'[]\n apiOpts?: ApiOpts\n }\n },\n context: IAgentContext<IKeyManager>,\n ): Promise<any> {\n const { identifier, key, options } = args\n const { accessToken, vmRelationships, apiOpts, rpcId = randomRpcId() } = options\n if (vmRelationships.length === 0) {\n return Promise.reject(Error(`No verification method relationship provided`))\n }\n const controllerKey = getControllerKey({ identifier })\n const from = getEthereumAddressFromKey({ key: controllerKey })\n const kid = controllerKey.kid\n const did = identifier.did\n\n const addVerificationMethodRequest = {\n params: [\n {\n from,\n did,\n isSecp256k1: true,\n vMethodId: calculateJwkThumbprint({ jwk: toJwk(key.publicKeyHex, key.type) }),\n publicKey: formatEbsiPublicKey({ key: key, type: key.type }),\n },\n ],\n rpcMethod: EbsiRpcMethod.ADD_VERIFICATION_METHOD,\n rpcId,\n apiOpts,\n accessToken,\n }\n\n let rpcResponse = await ebsiSignAndSendTransaction(\n {\n rpcRequest: addVerificationMethodRequest,\n kid,\n accessToken: accessToken,\n apiOpts,\n },\n context,\n )\n\n const vMethodId = calculateJwkThumbprintForKey({ key })\n for (const vmRelationshipsKey in vmRelationships as string[]) {\n const addVerificationMethodRelationshipRequest = {\n params: [\n {\n from,\n did,\n vMethodId,\n name: vmRelationshipsKey,\n notAfter: Date.now() / 1000 - 60_000,\n notBefore: Date.now() / 1000 + 5 365 * 24 * 60 * 60,\n },\n ],\n rpcMethod: EbsiRpcMethod.ADD_VERIFICATION_RELATIONSHIP,\n rpcId,\n apiOpts,\n accessToken,\n }\n rpcResponse = await ebsiSignAndSendTransaction(\n {\n rpcRequest: addVerificationMethodRelationshipRequest,\n previousTxResponse: rpcResponse,\n kid,\n accessToken,\n apiOpts,\n },\n context,\n )\n }\n }\n\n async addService(\n args: {\n identifier: IIdentifier\n service: IService\n options: {\n rpcId?: number\n accessToken: string\n apiOpts?: ApiOpts\n }\n },\n context: IAgentContext<IKeyManager>,\n ): Promise<any> {\n const { identifier, service, options } = args\n const { accessToken, apiOpts, rpcId = randomRpcId() } = options\n const controllerKey = getControllerKey({ identifier })\n const from = getEthereumAddressFromKey({ key: controllerKey })\n const did = identifier.did\n const kid = controllerKey.kid\n\n const addServiceRequest = {\n params: [\n {\n from,\n did,\n service,\n },\n ],\n rpcMethod: EbsiRpcMethod.ADD_SERVICE,\n rpcId,\n apiOpts,\n accessToken,\n }\n\n return await ebsiSignAndSendTransaction(\n {\n rpcRequest: addServiceRequest,\n kid,\n accessToken,\n apiOpts,\n },\n context,\n )\n }\n\n deleteIdentifier(args: IIdentifier, context: IAgentContext<IKeyManager>): Promise<boolean> {\n return Promise.resolve(true)\n }\n\n removeKey(\n args: {\n identifier: IIdentifier\n kid: string\n options?: any\n },\n context: IAgentContext<IKeyManager>,\n ): Promise<any> {\n throw new Error(`Not (yet) implemented for the EBSI did provider`)\n }\n\n removeService(\n args: {\n identifier: IIdentifier\n id: string\n options?: any\n },\n context: IAgentContext<IKeyManager>,\n ): Promise<any> {\n throw new Error(`Not (yet) implemented for the EBSI did provider`)\n }\n\n // TODO How does it work? Not inferable from the api: https://hub.ebsi.eu/apis/pilot/did-registry/v5/post-jsonrpc#updatebasedocument\n async updateIdentifier(args: UpdateIdentifierParams, context: IAgentContext<IKeyManager & IDIDManager>): Promise<IIdentifier> {\n throw new Error(`Not (yet) implemented for the EBSI did provider`)\n }\n}\n","import { DIDResolutionOptions, DIDResolutionResult, DIDResolver, ParsedDID, Resolvable, Resolver } from 'did-resolver'\nimport { getResolver } from '@sphereon/ssi-sdk-ext.did-resolver-ebsi'\n\nconst resolveDidEbsi: DIDResolver = async (\n didUrl: string,\n _parsed: ParsedDID,\n _resolver: Resolvable,\n options: DIDResolutionOptions,\n): Promise<DIDResolutionResult> => {\n const resolver = new Resolver({ ...getResolver() })\n return resolver.resolve(didUrl, options)\n}\n\nexport function getDidEbsiResolver() {\n return { key: resolveDidEbsi }\n}\n"],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAAA;AAAA,gCAAAA,SAAA;AAAA,IAAAA,QAAA;AAAA,MACE,0BAA4B;AAAA,QAC1B,YAAc;AAAA,UACZ,SAAW;AAAA,YACT,4BAA8B;AAAA,cAC5B,MAAQ;AAAA,cACR,YAAc;AAAA,gBACZ,IAAM;AAAA,kBACJ,MAAQ;AAAA,gBACV;AAAA,gBACA,cAAgB;AAAA,kBACd,MAAQ;AAAA,gBACV;AAAA,gBACA,KAAO;AAAA,kBACL,MAAQ;AAAA,gBACV;AAAA,gBACA,KAAO;AAAA,kBACL,MAAQ;AAAA,gBACV;AAAA,gBACA,OAAS;AAAA,kBACP,MAAQ;AAAA,gBACV;AAAA,gBACA,SAAW;AAAA,kBACT,MAAQ;AAAA,gBACV;AAAA,cACF;AAAA,cACA,UAAY,CAAC,MAAM,gBAAgB,OAAO,OAAO,SAAS,SAAS;AAAA,YACrE;AAAA,YACA,mBAAqB;AAAA,cACnB,MAAQ;AAAA,cACR,MAAQ,CAAC,eAAe,cAAc,cAAc,aAAa,mBAAmB,iBAAiB,cAAc,WAAW;AAAA,YAChI;AAAA,YACA,WAAa;AAAA,cACX,MAAQ;AAAA,cACR,MAAQ;AAAA,gBACN;AAAA,gBACA;AAAA,gBACA;AAAA,gBACA;AAAA,gBACA;AAAA,gBACA;AAAA,gBACA;AAAA,gBACA;AAAA,gBACA;AAAA,cACF;AAAA,cACA,aAAe;AAAA,YACjB;AAAA,YACA,+BAAiC;AAAA,cAC/B,MAAQ;AAAA,cACR,YAAc;AAAA,gBACZ,aAAe;AAAA,kBACb,MAAQ;AAAA,gBACV;AAAA,gBACA,SAAW;AAAA,kBACT,MAAQ;AAAA,gBACV;AAAA,cACF;AAAA,YACF;AAAA,YACA,iBAAmB;AAAA,cACjB,MAAQ;AAAA,cACR,MAAQ,CAAC,SAAS,eAAe,kBAAkB;AAAA,YACrD;AAAA,YACA,gBAAkB;AAAA,cAChB,MAAQ;AAAA,cACR,MAAQ,CAAC,MAAM,MAAM,IAAI;AAAA,YAC3B;AAAA,YACA,wBAA0B;AAAA,cACxB,OAAS;AAAA,gBACP;AAAA,kBACE,MAAQ;AAAA,gBACV;AAAA,gBACA;AAAA,kBACE,MAAQ;AAAA,gBACV;AAAA,cACF;AAAA,YACF;AAAA,YACA,+BAAiC;AAAA,cAC/B,MAAQ;AAAA,cACR,YAAc;AAAA,gBACZ,cAAgB;AAAA,kBACd,MAAQ;AAAA,gBACV;AAAA,gBACA,YAAc;AAAA,kBACZ,MAAQ;AAAA,gBACV;AAAA,gBACA,YAAc;AAAA,kBACZ,MAAQ;AAAA,gBACV;AAAA,gBACA,OAAS;AAAA,kBACP,MAAQ;AAAA,gBACV;AAAA,gBACA,UAAY;AAAA,kBACV,MAAQ;AAAA,gBACV;AAAA,gBACA,SAAW;AAAA,kBACT,MAAQ;AAAA,gBACV;AAAA,cACF;AAAA,cACA,UAAY,CAAC,gBAAgB,cAAc,SAAS,YAAY,SAAS;AAAA,YAC3E;AAAA,YACA,WAAa;AAAA,cACX,MAAQ;AAAA,cACR,OAAS;AAAA,YACX;AAAA,YACA,SAAW;AAAA,cACT,MAAQ;AAAA,cACR,YAAc;AAAA,gBACZ,aAAe;AAAA,kBACb,MAAQ;AAAA,gBACV;AAAA,gBACA,SAAW;AAAA,kBACT,MAAQ;AAAA,gBACV;AAAA,cACF;AAAA,cACA,UAAY,CAAC,SAAS;AAAA,YACxB;AAAA,YACA,mBAAqB;AAAA,cACnB,MAAQ;AAAA,cACR,YAAc;AAAA,gBACZ,MAAQ;AAAA,kBACN,MAAQ;AAAA,gBACV;AAAA,gBACA,OAAS;AAAA,kBACP,MAAQ;AAAA,gBACV;AAAA,gBACA,QAAU;AAAA,kBACR,MAAQ;AAAA,gBACV;AAAA,gBACA,QAAU;AAAA,kBACR,MAAQ;AAAA,gBACV;AAAA,gBACA,UAAY;AAAA,kBACV,MAAQ;AAAA,gBACV;AAAA,cACF;AAAA,YACF;AAAA,YACA,4BAA8B;AAAA,cAC5B,OAAS;AAAA,gBACP;AAAA,kBACE,MAAQ;AAAA,gBACV;AAAA,gBACA;AAAA,kBACE,MAAQ;AAAA,gBACV;AAAA,cACF;AAAA,YACF;AAAA,YACA,mCAAqC;AAAA,cACnC,MAAQ;AAAA,cACR,YAAc;AAAA,gBACZ,MAAQ;AAAA,kBACN,MAAQ;AAAA,kBACR,OAAS;AAAA,oBACP,MAAQ;AAAA,kBACV;AAAA,gBACF;AAAA,cACF;AAAA,cACA,UAAY,CAAC,MAAM;AAAA,YACrB;AAAA,YACA,KAAO;AAAA,cACL,MAAQ;AAAA,cACR,YAAc;AAAA,gBACZ,KAAO;AAAA,kBACL,MAAQ;AAAA,kBACR,aAAe;AAAA,gBACjB;AAAA,gBACA,KAAO;AAAA,kBACL,MAAQ;AAAA,gBACV;AAAA,gBACA,GAAK;AAAA,kBACH,MAAQ;AAAA,gBACV;AAAA,gBACA,IAAM;AAAA,kBACJ,MAAQ;AAAA,gBACV;AAAA,gBACA,IAAM;AAAA,kBACJ,MAAQ;AAAA,gBACV;AAAA,gBACA,GAAK;AAAA,kBACH,MAAQ;AAAA,gBACV;AAAA,gBACA,KAAO;AAAA,kBACL,MAAQ;AAAA,kBACR,aAAe;AAAA,gBACjB;AAAA,gBACA,GAAK;AAAA,kBACH,MAAQ;AAAA,gBACV;AAAA,gBACA,SAAW;AAAA,kBACT,MAAQ;AAAA,kBACR,OAAS;AAAA,oBACP,MAAQ;AAAA,kBACV;AAAA,kBACA,aAAe;AAAA,gBACjB;AAAA,gBACA,KAAO;AAAA,kBACL,MAAQ;AAAA,kBACR,aAAe;AAAA,gBACjB;AAAA,gBACA,KAAO;AAAA,kBACL,MAAQ;AAAA,kBACR,aAAe;AAAA,gBACjB;AAAA,gBACA,GAAK;AAAA,kBACH,MAAQ;AAAA,gBACV;AAAA,gBACA,KAAO;AAAA,kBACL,MAAQ;AAAA,kBACR,OAAS;AAAA,oBACP,MAAQ;AAAA,oBACR,YAAc;AAAA,sBACZ,GAAK;AAAA,wBACH,MAAQ;AAAA,sBACV;AAAA,sBACA,GAAK;AAAA,wBACH,MAAQ;AAAA,sBACV;AAAA,sBACA,GAAK;AAAA,wBACH,MAAQ;AAAA,sBACV;AAAA,oBACF;AAAA,kBACF;AAAA,gBACF;AAAA,gBACA,GAAK;AAAA,kBACH,MAAQ;AAAA,gBACV;AAAA,gBACA,GAAK;AAAA,kBACH,MAAQ;AAAA,gBACV;AAAA,gBACA,IAAM;AAAA,kBACJ,MAAQ;AAAA,gBACV;AAAA,gBACA,KAAO;AAAA,kBACL,MAAQ;AAAA,kBACR,aAAe;AAAA,gBACjB;AAAA,gBACA,GAAK;AAAA,kBACH,MAAQ;AAAA,gBACV;AAAA,gBACA,GAAK;AAAA,kBACH,MAAQ;AAAA,gBACV;AAAA,gBACA,KAAO;AAAA,kBACL,MAAQ;AAAA,kBACR,OAAS;AAAA,oBACP,MAAQ;AAAA,kBACV;AAAA,kBACA,aAAe;AAAA,gBACjB;AAAA,gBACA,KAAO;AAAA,kBACL,MAAQ;AAAA,kBACR,aAAe;AAAA,gBACjB;AAAA,gBACA,YAAY;AAAA,kBACV,MAAQ;AAAA,kBACR,aAAe;AAAA,gBACjB;AAAA,gBACA,KAAO;AAAA,kBACL,MAAQ;AAAA,kBACR,aAAe;AAAA,gBACjB;AAAA,cACF;AAAA,cACA,sBAAwB,CAAC;AAAA,cACzB,aAAe;AAAA,YACjB;AAAA,YACA,+BAAiC;AAAA,cAC/B,MAAQ;AAAA,cACR,YAAc;AAAA,gBACZ,OAAS;AAAA,kBACP,MAAQ;AAAA,gBACV;AAAA,gBACA,SAAW;AAAA,kBACT,MAAQ;AAAA,gBACV;AAAA,cACF;AAAA,cACA,UAAY,CAAC,OAAO;AAAA,YACtB;AAAA,YACA,mCAAqC;AAAA,cACnC,MAAQ;AAAA,YACV;AAAA,YACA,0CAA4C;AAAA,cAC1C,MAAQ;AAAA,cACR,YAAc;AAAA,gBACZ,QAAU;AAAA,kBACR,MAAQ;AAAA,gBACV;AAAA,gBACA,IAAM;AAAA,kBACJ,MAAQ;AAAA,gBACV;AAAA,gBACA,MAAQ;AAAA,kBACN,MAAQ;AAAA,gBACV;AAAA,gBACA,SAAW;AAAA,kBACT,MAAQ;AAAA,gBACV;AAAA,gBACA,yBAA2B;AAAA,kBACzB,MAAQ;AAAA,kBACR,OAAS;AAAA,oBACP,MAAQ;AAAA,kBACV;AAAA,gBACF;AAAA,gBACA,mBAAqB;AAAA,kBACnB,MAAQ;AAAA,kBACR,OAAS;AAAA,oBACP,MAAQ;AAAA,kBACV;AAAA,gBACF;AAAA,gBACA,OAAS;AAAA,kBACP,MAAQ;AAAA,gBACV;AAAA,cACF;AAAA,cACA,UAAY,CAAC,MAAM,mBAAmB;AAAA,YACxC;AAAA,YACA,QAAU;AAAA,cACR,MAAQ;AAAA,cACR,YAAc;AAAA,gBACZ,KAAO;AAAA,kBACL,MAAQ;AAAA,gBACV;AAAA,gBACA,QAAU;AAAA,kBACR,MAAQ;AAAA,gBACV;AAAA,gBACA,aAAe;AAAA,kBACb,MAAQ;AAAA,gBACV;AAAA,gBACA,QAAU;AAAA,kBACR,MAAQ;AAAA,gBACV;AAAA,gBACA,aAAe;AAAA,kBACb,MAAQ;AAAA,gBACV;AAAA,gBACA,KAAO;AAAA,kBACL,MAAQ;AAAA,gBACV;AAAA,gBACA,QAAU;AAAA,kBACR,MAAQ;AAAA,gBACV;AAAA,gBACA,QAAU;AAAA,kBACR,MAAQ;AAAA,gBACV;AAAA,gBACA,IAAM;AAAA,kBACJ,MAAQ;AAAA,gBACV;AAAA,gBACA,OAAS;AAAA,kBACP,MAAQ;AAAA,gBACV;AAAA,gBACA,OAAS;AAAA,kBACP,MAAQ;AAAA,gBACV;AAAA,gBACA,aAAa;AAAA,kBACX,MAAQ;AAAA,gBACV;AAAA,cACF;AAAA,YACF;AAAA,YACA,WAAa;AAAA,cACX,MAAQ;AAAA,cACR,YAAc;AAAA,gBACZ,KAAO;AAAA,kBACL,MAAQ;AAAA,kBACR,OAAS;AAAA,oBACP,MAAQ;AAAA,kBACV;AAAA,gBACF;AAAA,cACF;AAAA,cACA,UAAY,CAAC,KAAK;AAAA,YACpB;AAAA,YACA,WAAa;AAAA,cACX,MAAQ;AAAA,cACR,YAAc;AAAA,gBACZ,YAAc;AAAA,kBACZ,MAAQ;AAAA,kBACR,OAAS;AAAA,oBACP,MAAQ;AAAA,kBACV;AAAA,gBACF;AAAA,cACF;AAAA,cACA,UAAY,CAAC,YAAY;AAAA,YAC3B;AAAA,YACA,UAAY;AAAA,cACV,MAAQ;AAAA,cACR,YAAc;AAAA,gBACZ,YAAc;AAAA,kBACZ,MAAQ;AAAA,kBACR,OAAS;AAAA,oBACP,MAAQ;AAAA,kBACV;AAAA,gBACF;AAAA,gBACA,aAAe;AAAA,kBACb,MAAQ;AAAA,kBACR,OAAS;AAAA,oBACP,MAAQ;AAAA,kBACV;AAAA,gBACF;AAAA,cACF;AAAA,cACA,UAAY,CAAC,cAAc,aAAa;AAAA,YAC1C;AAAA,YACA,aAAe;AAAA,cACb,MAAQ;AAAA,cACR,YAAc;AAAA,gBACZ,qBAAqB;AAAA,kBACnB,MAAQ;AAAA,kBACR,OAAS;AAAA,oBACP,MAAQ;AAAA,kBACV;AAAA,gBACF;AAAA,gBACA,qBAAqB;AAAA,kBACnB,MAAQ;AAAA,kBACR,OAAS;AAAA,oBACP,MAAQ;AAAA,kBACV;AAAA,gBACF;AAAA,cACF;AAAA,YACF;AAAA,YACA,uBAAyB;AAAA,cACvB,MAAQ;AAAA,cACR,YAAc;AAAA,gBACZ,MAAQ;AAAA,kBACN,MAAQ;AAAA,gBACV;AAAA,gBACA,SAAW;AAAA,kBACT,MAAQ;AAAA,gBACV;AAAA,gBACA,MAAQ;AAAA,kBACN,MAAQ;AAAA,gBACV;AAAA,gBACA,OAAS;AAAA,kBACP,MAAQ;AAAA,gBACV;AAAA,gBACA,KAAO;AAAA,kBACL,MAAQ;AAAA,gBACV;AAAA,gBACA,KAAO;AAAA,kBACL,MAAQ;AAAA,gBACV;AAAA,gBACA,MAAQ;AAAA,kBACN,MAAQ;AAAA,gBACV;AAAA,gBACA,aAAe;AAAA,kBACb,MAAQ;AAAA,kBACR,OAAS;AAAA,oBACP,MAAQ;AAAA,kBACV;AAAA,gBACF;AAAA,cACF;AAAA,cACA,UAAY,CAAC,MAAM;AAAA,YACrB;AAAA,YACA,OAAS;AAAA,cACP,MAAQ;AAAA,cACR,MAAQ,CAAC,OAAO,MAAM;AAAA,YACxB;AAAA,YACA,mBAAqB;AAAA,cACnB,MAAQ;AAAA,cACR,YAAc;AAAA,gBACZ,IAAM;AAAA,kBACJ,MAAQ;AAAA,gBACV;AAAA,gBACA,MAAQ;AAAA,kBACN,MAAQ;AAAA,gBACV;AAAA,gBACA,SAAW;AAAA,kBACT,MAAQ;AAAA,gBACV;AAAA,gBACA,QAAU;AAAA,kBACR,MAAQ;AAAA,gBACV;AAAA,gBACA,OAAS;AAAA,kBACP,MAAQ;AAAA,kBACR,OAAS;AAAA,oBACP,MAAQ;AAAA,kBACV;AAAA,gBACF;AAAA,gBACA,UAAY;AAAA,kBACV,MAAQ;AAAA,kBACR,OAAS;AAAA,oBACP,MAAQ;AAAA,kBACV;AAAA,gBACF;AAAA,gBACA,aAAe;AAAA,kBACb,MAAQ;AAAA,gBACV;AAAA,cACF;AAAA,cACA,UAAY,CAAC,MAAM,aAAa;AAAA,YAClC;AAAA,YACA,UAAY;AAAA,cACV,MAAQ;AAAA,cACR,YAAc;AAAA,gBACZ,UAAY;AAAA,kBACV,MAAQ;AAAA,gBACV;AAAA,cACF;AAAA,cACA,sBAAwB,CAAC;AAAA,YAC3B;AAAA,YACA,eAAiB;AAAA,cACf,MAAQ;AAAA,cACR,YAAc;AAAA,gBACZ,kBAAoB;AAAA,kBAClB,MAAQ;AAAA,gBACV;AAAA,gBACA,UAAY;AAAA,kBACV,MAAQ;AAAA,gBACV;AAAA,gBACA,QAAU;AAAA,kBACR,MAAQ;AAAA,kBACR,OAAS;AAAA,oBACP,MAAQ;AAAA,kBACV;AAAA,gBACF;AAAA,gBACA,mBAAqB;AAAA,kBACnB,MAAQ;AAAA,gBACV;AAAA,gBACA,WAAa;AAAA,kBACX,MAAQ;AAAA,kBACR,OAAS;AAAA,oBACP,MAAQ;AAAA,kBACV;AAAA,gBACF;AAAA,gBACA,cAAgB;AAAA,kBACd,MAAQ;AAAA,kBACR,OAAS;AAAA,oBACP,MAAQ;AAAA,kBACV;AAAA,gBACF;AAAA,cACF;AAAA,YACF;AAAA,YACA,aAAe;AAAA,cACb,MAAQ;AAAA,cACR,MAAQ,CAAC,YAAY,WAAW;AAAA,YAClC;AAAA,YACA,UAAY;AAAA,cACV,MAAQ;AAAA,cACR,YAAc;AAAA,gBACZ,QAAU;AAAA,kBACR,MAAQ;AAAA,gBACV;AAAA,gBACA,WAAa;AAAA,kBACX,MAAQ;AAAA,gBACV;AAAA,gBACA,SAAW;AAAA,kBACT,MAAQ;AAAA,gBACV;AAAA,cACF;AAAA,YACF;AAAA,YACA,UAAY;AAAA,cACV,MAAQ;AAAA,cACR,YAAc;AAAA,gBACZ,WAAa;AAAA,kBACX,MAAQ;AAAA,gBACV;AAAA,cACF;AAAA,YACF;AAAA,YACA,YAAc;AAAA,cACZ,MAAQ;AAAA,cACR,MAAQ,CAAC,YAAY,WAAW,YAAY;AAAA,YAC9C;AAAA,YACA,SAAW;AAAA,cACT,MAAQ;AAAA,cACR,YAAc;AAAA,gBACZ,IAAM;AAAA,kBACJ,MAAQ;AAAA,gBACV;AAAA,gBACA,MAAQ;AAAA,kBACN,MAAQ;AAAA,kBACR,OAAS;AAAA,oBACP,MAAQ;AAAA,kBACV;AAAA,gBACF;AAAA,gBACA,SAAW;AAAA,kBACT,MAAQ;AAAA,gBACV;AAAA,gBACA,QAAU;AAAA,kBACR,MAAQ;AAAA,gBACV;AAAA,gBACA,WAAa;AAAA,kBACX,MAAQ;AAAA,gBACV;AAAA,gBACA,MAAQ;AAAA,kBACN,MAAQ;AAAA,gBACV;AAAA,gBACA,UAAY;AAAA,kBACV,MAAQ;AAAA,gBACV;AAAA,cACF;AAAA,cACA,UAAY,CAAC,MAAM;AAAA,YACrB;AAAA,YACA,UAAY;AAAA,cACV,MAAQ;AAAA,cACR,YAAc;AAAA,gBACZ,OAAS;AAAA,kBACP,MAAQ;AAAA,gBACV;AAAA,gBACA,MAAQ;AAAA,kBACN,MAAQ;AAAA,kBACR,OAAS;AAAA,oBACP,MAAQ;AAAA,kBACV;AAAA,gBACF;AAAA,gBACA,kBAAoB;AAAA,kBAClB,MAAQ;AAAA,gBACV;AAAA,gBACA,kBAAoB;AAAA,kBAClB,MAAQ;AAAA,gBACV;AAAA,gBACA,QAAU;AAAA,kBACR,MAAQ;AAAA,gBACV;AAAA,gBACA,eAAiB;AAAA,kBACf,MAAQ;AAAA,gBACV;AAAA,gBACA,eAAiB;AAAA,kBACf,MAAQ;AAAA,gBACV;AAAA,gBACA,wBAA0B;AAAA,kBACxB,MAAQ;AAAA,gBACV;AAAA,gBACA,wBAA0B;AAAA,kBACxB,MAAQ;AAAA,gBACV;AAAA,gBACA,WAAa;AAAA,kBACX,MAAQ;AAAA,gBACV;AAAA,gBACA,WAAa;AAAA,kBACX,MAAQ;AAAA,gBACV;AAAA,gBACA,SAAW;AAAA,kBACT,MAAQ;AAAA,gBACV;AAAA,gBACA,SAAW;AAAA,kBACT,MAAQ;AAAA,gBACV;AAAA,gBACA,KAAO;AAAA,kBACL,MAAQ;AAAA,gBACV;AAAA,gBACA,SAAW;AAAA,kBACT,MAAQ;AAAA,gBACV;AAAA,gBACA,MAAQ;AAAA,kBACN,MAAQ;AAAA,gBACV;AAAA,gBACA,UAAY;AAAA,kBACV,MAAQ;AAAA,gBACV;AAAA,gBACA,OAAS;AAAA,kBACP,MAAQ;AAAA,gBACV;AAAA,cACF;AAAA,cACA,UAAY,CAAC,MAAM;AAAA,YACrB;AAAA,YACA,0BAA4B;AAAA,cAC1B,MAAQ,CAAC,WAAW,UAAU,QAAQ;AAAA,YACxC;AAAA,YACA,mBAAqB;AAAA,cACnB,MAAQ,CAAC,UAAU,QAAQ;AAAA,YAC7B;AAAA,YACA,cAAgB;AAAA,cACd,MAAQ;AAAA,cACR,YAAc;AAAA,gBACZ,OAAS;AAAA,kBACP,MAAQ;AAAA,gBACV;AAAA,gBACA,MAAQ;AAAA,kBACN,MAAQ;AAAA,kBACR,OAAS;AAAA,oBACP,MAAQ;AAAA,kBACV;AAAA,gBACF;AAAA,gBACA,kBAAoB;AAAA,kBAClB,MAAQ;AAAA,gBACV;AAAA,gBACA,kBAAoB;AAAA,kBAClB,MAAQ;AAAA,gBACV;AAAA,gBACA,QAAU;AAAA,kBACR,MAAQ;AAAA,gBACV;AAAA,gBACA,eAAiB;AAAA,kBACf,MAAQ;AAAA,gBACV;AAAA,gBACA,eAAiB;AAAA,kBACf,MAAQ;AAAA,gBACV;AAAA,gBACA,wBAA0B;AAAA,kBACxB,MAAQ;AAAA,gBACV;AAAA,gBACA,wBAA0B;AAAA,kBACxB,MAAQ;AAAA,gBACV;AAAA,gBACA,WAAa;AAAA,kBACX,MAAQ;AAAA,gBACV;AAAA,gBACA,WAAa;AAAA,kBACX,MAAQ;AAAA,gBACV;AAAA,gBACA,SAAW;AAAA,kBACT,MAAQ;AAAA,gBACV;AAAA,gBACA,SAAW;AAAA,kBACT,MAAQ;AAAA,gBACV;AAAA,gBACA,KAAO;AAAA,kBACL,MAAQ;AAAA,gBACV;AAAA,gBACA,SAAW;AAAA,kBACT,MAAQ;AAAA,gBACV;AAAA,gBACA,MAAQ;AAAA,kBACN,MAAQ;AAAA,gBACV;AAAA,gBACA,UAAY;AAAA,kBACV,MAAQ;AAAA,gBACV;AAAA,gBACA,OAAS;AAAA,kBACP,MAAQ;AAAA,gBACV;AAAA,cACF;AAAA,YACF;AAAA,YACA,mBAAqB;AAAA,cACnB,MAAQ;AAAA,cACR,YAAc;AAAA,gBACZ,OAAS;AAAA,kBACP,MAAQ;AAAA,gBACV;AAAA,gBACA,MAAQ;AAAA,kBACN,MAAQ;AAAA,kBACR,OAAS;AAAA,oBACP,MAAQ;AAAA,kBACV;AAAA,gBACF;AAAA,gBACA,kBAAoB;AAAA,kBAClB,MAAQ;AAAA,gBACV;AAAA,gBACA,kBAAoB;AAAA,kBAClB,MAAQ;AAAA,gBACV;AAAA,gBACA,QAAU;AAAA,kBACR,MAAQ;AAAA,gBACV;AAAA,gBACA,eAAiB;AAAA,kBACf,MAAQ;AAAA,gBACV;AAAA,gBACA,eAAiB;AAAA,kBACf,MAAQ;AAAA,gBACV;AAAA,gBACA,wBAA0B;AAAA,kBACxB,MAAQ;AAAA,gBACV;AAAA,gBACA,wBAA0B;AAAA,kBACxB,MAAQ;AAAA,gBACV;AAAA,gBACA,WAAa;AAAA,kBACX,MAAQ;AAAA,gBACV;AAAA,gBACA,WAAa;AAAA,kBACX,MAAQ;AAAA,gBACV;AAAA,gBACA,SAAW;AAAA,kBACT,MAAQ;AAAA,gBACV;AAAA,gBACA,SAAW;AAAA,kBACT,MAAQ;AAAA,gBACV;AAAA,gBACA,KAAO;AAAA,kBACL,MAAQ;AAAA,gBACV;AAAA,gBACA,SAAW;AAAA,kBACT,MAAQ;AAAA,gBACV;AAAA,gBACA,MAAQ;AAAA,kBACN,MAAQ;AAAA,gBACV;AAAA,gBACA,UAAY;AAAA,kBACV,MAAQ;AAAA,gBACV;AAAA,gBACA,OAAS;AAAA,kBACP,MAAQ;AAAA,gBACV;AAAA,cACF;AAAA,cACA,UAAY,CAAC,MAAM;AAAA,YACrB;AAAA,YACA,eAAiB;AAAA,cACf,MAAQ;AAAA,cACR,YAAc;AAAA,gBACZ,UAAY;AAAA,kBACV,MAAQ;AAAA,kBACR,OAAS;AAAA,oBACP,MAAQ;AAAA,kBACV;AAAA,gBACF;AAAA,gBACA,WAAa;AAAA,kBACX,MAAQ;AAAA,gBACV;AAAA,cACF;AAAA,cACA,UAAY,CAAC,YAAY,WAAW;AAAA,YACtC;AAAA,YACA,gCAAkC;AAAA,cAChC,MAAQ;AAAA,YACV;AAAA,YACA,oBAAsB;AAAA,cACpB,OAAS;AAAA,gBACP;AAAA,kBACE,MAAQ;AAAA,kBACR,YAAc;AAAA,oBACZ,kCAAoC;AAAA,sBAClC,MAAQ;AAAA,oBACV;AAAA,oBACA,wBAA0B;AAAA,sBACxB,OAAS;AAAA,wBACP;AAAA,0BACE,MAAQ;AAAA,wBACV;AAAA,wBACA;AAAA,0BACE,MAAQ;AAAA,wBACV;AAAA,sBACF;AAAA,oBACF;AAAA,oBACA,QAAU;AAAA,sBACR,OAAS;AAAA,wBACP;AAAA,0BACE,MAAQ;AAAA,wBACV;AAAA,wBACA;AAAA,0BACE,MAAQ;AAAA,wBACV;AAAA,sBACF;AAAA,oBACF;AAAA,oBACA,0BAA4B;AAAA,sBAC1B,OAAS;AAAA,wBACP;AAAA,0BACE,MAAQ;AAAA,0BACR,OAAS;AAAA,4BACP,MAAQ;AAAA,0BACV;AAAA,wBACF;AAAA,wBACA;AAAA,0BACE,MAAQ;AAAA,wBACV;AAAA,sBACF;AAAA,oBACF;AAAA,oBACA,kBAAoB;AAAA,sBAClB,OAAS;AAAA,wBACP;AAAA,0BACE,MAAQ;AAAA,0BACR,OAAS;AAAA,4BACP,MAAQ;AAAA,0BACV;AAAA,wBACF;AAAA,wBACA;AAAA,0BACE,MAAQ;AAAA,wBACV;AAAA,sBACF;AAAA,oBACF;AAAA,oBACA,yBAA2B;AAAA,sBACzB,OAAS;AAAA,wBACP;AAAA,0BACE,MAAQ;AAAA,0BACR,OAAS;AAAA,4BACP,MAAQ;AAAA,0BACV;AAAA,wBACF;AAAA,wBACA;AAAA,0BACE,MAAQ;AAAA,wBACV;AAAA,sBACF;AAAA,oBACF;AAAA,oBACA,uCAAyC;AAAA,sBACvC,OAAS;AAAA,wBACP;AAAA,0BACE,MAAQ;AAAA,0BACR,OAAS;AAAA,4BACP,MAAQ;AAAA,0BACV;AAAA,wBACF;AAAA,wBACA;AAAA,0BACE,MAAQ;AAAA,wBACV;AAAA,sBACF;AAAA,oBACF;AAAA,oBACA,6CAA+C;AAAA,sBAC7C,OAAS;AAAA,wBACP;AAAA,0BACE,MAAQ;AAAA,0BACR,OAAS;AAAA,4BACP,MAAQ;AAAA,0BACV;AAAA,wBACF;AAAA,wBACA;AAAA,0BACE,MAAQ;AAAA,wBACV;AAAA,sBACF;AAAA,oBACF;AAAA,oBACA,gCAAkC;AAAA,sBAChC,MAAQ;AAAA,sBACR,OAAS;AAAA,wBACP,MAAQ;AAAA,sBACV;AAAA,oBACF;AAAA,oBACA,gBAAkB;AAAA,sBAChB,MAAQ;AAAA,oBACV;AAAA,oBACA,mBAAqB;AAAA,sBACnB,MAAQ;AAAA,oBACV;AAAA,oBACA,UAAY;AAAA,sBACV,MAAQ;AAAA,oBACV;AAAA,oBACA,uBAAyB;AAAA,sBACvB,MAAQ;AAAA,oBACV;AAAA,oBACA,0BAA4B;AAAA,sBAC1B,OAAS;AAAA,wBACP;AAAA,0BACE,MAAQ;AAAA,0BACR,OAAS;AAAA,4BACP,MAAQ;AAAA,0BACV;AAAA,wBACF;AAAA,wBACA;AAAA,0BACE,MAAQ;AAAA,wBACV;AAAA,sBACF;AAAA,oBACF;AAAA,oBACA,uBAAyB;AAAA,sBACvB,OAAS;AAAA,wBACP;AAAA,0BACE,MAAQ;AAAA,0BACR,OAAS;AAAA,4BACP,MAAQ;AAAA,0BACV;AAAA,wBACF;AAAA,wBACA;AAAA,0BACE,MAAQ;AAAA,wBACV;AAAA,sBACF;AAAA,oBACF;AAAA,oBACA,sBAAwB;AAAA,sBACtB,OAAS;AAAA,wBACP;AAAA,0BACE,MAAQ;AAAA,0BACR,OAAS;AAAA,4BACP,MAAQ;AAAA,0BACV;AAAA,wBACF;AAAA,wBACA;AAAA,0BACE,MAAQ;AAAA,wBACV;AAAA,sBACF;AAAA,oBACF;AAAA,oBACA,0CAA4C;AAAA,sBAC1C,OAAS;AAAA,wBACP;AAAA,0BACE,MAAQ;AAAA,0BACR,OAAS;AAAA,4BACP,MAAQ;AAAA,0BACV;AAAA,wBACF;AAAA,wBACA;AAAA,0BACE,MAAQ;AAAA,wBACV;AAAA,sBACF;AAAA,oBACF;AAAA,oBACA,0CAA4C;AAAA,sBAC1C,OAAS;AAAA,wBACP;AAAA,0BACE,MAAQ;AAAA,0BACR,OAAS;AAAA,4BACP,MAAQ;AAAA,0BACV;AAAA,wBACF;AAAA,wBACA;AAAA,0BACE,MAAQ;AAAA,wBACV;AAAA,sBACF;AAAA,sBACA,aAAe;AAAA,oBACjB;AAAA,oBACA,uCAAyC;AAAA,sBACvC,OAAS;AAAA,wBACP;AAAA,0BACE,MAAQ;AAAA,0BACR,OAAS;AAAA,4BACP,MAAQ;AAAA,0BACV;AAAA,wBACF;AAAA,wBACA;AAAA,0BACE,MAAQ;AAAA,wBACV;AAAA,sBACF;AAAA,oBACF;AAAA,oBACA,0CAA4C;AAAA,sBAC1C,OAAS;AAAA,wBACP;AAAA,0BACE,MAAQ;AAAA,0BACR,OAAS;AAAA,4BACP,MAAQ;AAAA,0BACV;AAAA,wBACF;AAAA,wBACA;AAAA,0BACE,MAAQ;AAAA,wBACV;AAAA,sBACF;AAAA,oBACF;AAAA,oBACA,0CAA4C;AAAA,sBAC1C,OAAS;AAAA,wBACP;AAAA,0BACE,MAAQ;AAAA,0BACR,OAAS;AAAA,4BACP,MAAQ;AAAA,0BACV;AAAA,wBACF;AAAA,wBACA;AAAA,0BACE,MAAQ;AAAA,wBACV;AAAA,sBACF;AAAA,sBACA,aAAe;AAAA,oBACjB;AAAA,oBACA,gDAAkD;AAAA,sBAChD,OAAS;AAAA,wBACP;AAAA,0BACE,MAAQ;AAAA,0BACR,OAAS;AAAA,4BACP,MAAQ;AAAA,0BACV;AAAA,wBACF;AAAA,wBACA;AAAA,0BACE,MAAQ;AAAA,wBACV;AAAA,sBACF;AAAA,oBACF;AAAA,oBACA,gDAAkD;AAAA,sBAChD,OAAS;AAAA,wBACP;AAAA,0BACE,MAAQ;AAAA,0BACR,OAAS;AAAA,4BACP,MAAQ;AAAA,0BACV;AAAA,wBACF;AAAA,wBACA;AAAA,0BACE,MAAQ;AAAA,wBACV;AAAA,sBACF;AAAA,sBACA,aAAe;AAAA,oBACjB;AAAA,oBACA,uCAAyC;AAAA,sBACvC,OAAS;AAAA,wBACP;AAAA,0BACE,MAAQ;AAAA,0BACR,OAAS;AAAA,4BACP,MAAQ;AAAA,0BACV;AAAA,wBACF;AAAA,wBACA;AAAA,0BACE,MAAQ;AAAA,wBACV;AAAA,sBACF;AAAA,oBACF;AAAA,oBACA,kDAAoD;AAAA,sBAClD,OAAS;AAAA,wBACP;AAAA,0BACE,MAAQ;AAAA,0BACR,OAAS;AAAA,4BACP,MAAQ;AAAA,0BACV;AAAA,wBACF;AAAA,wBACA;AAAA,0BACE,MAAQ;AAAA,wBACV;AAAA,sBACF;AAAA,oBACF;AAAA,oBACA,0BAA4B;AAAA,sBAC1B,OAAS;AAAA,wBACP;AAAA,0BACE,MAAQ;AAAA,0BACR,OAAS,CAAC;AAAA,wBACZ;AAAA,wBACA,CAAC;AAAA,sBACH;AAAA,sBACA,aAAe;AAAA,oBACjB;AAAA,oBACA,uBAAyB;AAAA,sBACvB,OAAS;AAAA,wBACP;AAAA,0BACE,MAAQ;AAAA,0BACR,OAAS;AAAA,4BACP,MAAQ;AAAA,0BACV;AAAA,wBACF;AAAA,wBACA;AAAA,0BACE,MAAQ;AAAA,wBACV;AAAA,sBACF;AAAA,sBACA,aAAe;AAAA,oBACjB;AAAA,oBACA,kBAAoB;AAAA,sBAClB,OAAS;AAAA,wBACP;AAAA,0BACE,MAAQ;AAAA,0BACR,OAAS;AAAA,4BACP,MAAQ;AAAA,0BACV;AAAA,wBACF;AAAA,wBACA;AAAA,0BACE,MAAQ;AAAA,wBACV;AAAA,sBACF;AAAA,sBACA,aAAe;AAAA,oBACjB;AAAA,oBACA,uBAAyB;AAAA,sBACvB,MAAQ;AAAA,oBACV;AAAA,oBACA,0BAA4B;AAAA,sBAC1B,OAAS;AAAA,wBACP;AAAA,0BACE,MAAQ;AAAA,0BACR,OAAS;AAAA,4BACP,MAAQ;AAAA,0BACV;AAAA,wBACF;AAAA,wBACA;AAAA,0BACE,MAAQ;AAAA,wBACV;AAAA,sBACF;AAAA,oBACF;AAAA,oBACA,sBAAwB;AAAA,sBACtB,OAAS;AAAA,wBACP;AAAA,0BACE,MAAQ;AAAA,0BACR,OAAS;AAAA,4BACP,MAAQ;AAAA,0BACV;AAAA,wBACF;AAAA,wBACA;AAAA,0BACE,MAAQ;AAAA,wBACV;AAAA,sBACF;AAAA,oBACF;AAAA,oBACA,4BAA8B;AAAA,sBAC5B,MAAQ;AAAA,oBACV;AAAA,oBACA,6BAA+B;AAAA,sBAC7B,MAAQ;AAAA,oBACV;AAAA,oBACA,iCAAmC;AAAA,sBACjC,MAAQ;AAAA,oBACV;AAAA,oBACA,kCAAoC;AAAA,sBAClC,MAAQ;AAAA,oBACV;AAAA,oBACA,eAAiB;AAAA,sBACf,MAAQ;AAAA,oBACV;AAAA,oBACA,YAAc;AAAA,sBACZ,MAAQ;AAAA,oBACV;AAAA,oBACA,WAAa;AAAA,sBACX,MAAQ;AAAA,oBACV;AAAA,oBACA,eAAiB;AAAA,sBACf,MAAQ;AAAA,sBACR,OAAS;AAAA,wBACP,MAAQ;AAAA,sBACV;AAAA,oBACF;AAAA,oBACA,aAAe;AAAA,sBACb,MAAQ;AAAA,oBACV;AAAA,oBACA,4BAA8B;AAAA,sBAC5B,MAAQ;AAAA,oBACV;AAAA,oBACA,kBAAoB;AAAA,sBAClB,MAAQ;AAAA,oBACV;AAAA,oBACA,gBAAkB;AAAA,sBAChB,MAAQ;AAAA,oBACV;AAAA,oBACA,aAAe;AAAA,sBACb,MAAQ;AAAA,oBACV;AAAA,oBACA,YAAc;AAAA,sBACZ,MAAQ;AAAA,oBACV;AAAA,kBACF;AAAA,gBACF;AAAA,gBACA;AAAA,kBACE,MAAQ;AAAA,kBACR,YAAc;AAAA,oBACZ,kCAAoC;AAAA,sBAClC,MAAQ;AAAA,oBACV;AAAA,oBACA,wBAA0B;AAAA,sBACxB,OAAS;AAAA,wBACP;AAAA,0BACE,MAAQ;AAAA,wBACV;AAAA,wBACA;AAAA,0BACE,MAAQ;AAAA,wBACV;AAAA,sBACF;AAAA,oBACF;AAAA,oBACA,QAAU;AAAA,sBACR,OAAS;AAAA,wBACP;AAAA,0BACE,MAAQ;AAAA,wBACV;AAAA,wBACA;AAAA,0BACE,MAAQ;AAAA,wBACV;AAAA,sBACF;AAAA,oBACF;AAAA,oBACA,0BAA4B;AAAA,sBAC1B,OAAS;AAAA,wBACP;AAAA,0BACE,MAAQ;AAAA,0BACR,OAAS;AAAA,4BACP,MAAQ;AAAA,0BACV;AAAA,wBACF;AAAA,wBACA;AAAA,0BACE,MAAQ;AAAA,wBACV;AAAA,sBACF;AAAA,oBACF;AAAA,oBACA,kBAAoB;AAAA,sBAClB,OAAS;AAAA,wBACP;AAAA,0BACE,MAAQ;AAAA,0BACR,OAAS;AAAA,4BACP,MAAQ;AAAA,0BACV;AAAA,wBACF;AAAA,wBACA;AAAA,0BACE,MAAQ;AAAA,wBACV;AAAA,sBACF;AAAA,oBACF;AAAA,oBACA,yBAA2B;AAAA,sBACzB,OAAS;AAAA,wBACP;AAAA,0BACE,MAAQ;AAAA,0BACR,OAAS;AAAA,4BACP,MAAQ;AAAA,0BACV;AAAA,wBACF;AAAA,wBACA;AAAA,0BACE,MAAQ;AAAA,wBACV;AAAA,sBACF;AAAA,oBACF;AAAA,oBACA,uCAAyC;AAAA,sBACvC,OAAS;AAAA,wBACP;AAAA,0BACE,MAAQ;AAAA,0BACR,OAAS;AAAA,4BACP,MAAQ;AAAA,0BACV;AAAA,wBACF;AAAA,wBACA;AAAA,0BACE,MAAQ;AAAA,wBACV;AAAA,sBACF;AAAA,oBACF;AAAA,oBACA,6CAA+C;AAAA,sBAC7C,OAAS;AAAA,wBACP;AAAA,0BACE,MAAQ;AAAA,0BACR,OAAS;AAAA,4BACP,MAAQ;AAAA,0BACV;AAAA,wBACF;AAAA,wBACA;AAAA,0BACE,MAAQ;AAAA,wBACV;AAAA,sBACF;AAAA,oBACF;AAAA,oBACA,gCAAkC;AAAA,sBAChC,MAAQ;AAAA,sBACR,OAAS;AAAA,wBACP,MAAQ;AAAA,sBACV;AAAA,oBACF;AAAA,oBACA,gBAAkB;AAAA,sBAChB,MAAQ;AAAA,oBACV;AAAA,oBACA,mBAAqB;AAAA,sBACnB,MAAQ;AAAA,oBACV;AAAA,oBACA,UAAY;AAAA,sBACV,MAAQ;AAAA,oBACV;AAAA,oBACA,uBAAyB;AAAA,sBACvB,MAAQ;AAAA,oBACV;AAAA,oBACA,0BAA4B;AAAA,sBAC1B,OAAS;AAAA,wBACP;AAAA,0BACE,MAAQ;AAAA,0BACR,OAAS;AAAA,4BACP,MAAQ;AAAA,0BACV;AAAA,wBACF;AAAA,wBACA;AAAA,0BACE,MAAQ;AAAA,wBACV;AAAA,sBACF;AAAA,oBACF;AAAA,oBACA,uBAAyB;AAAA,sBACvB,OAAS;AAAA,wBACP;AAAA,0BACE,MAAQ;AAAA,0BACR,OAAS;AAAA,4BACP,MAAQ;AAAA,0BACV;AAAA,wBACF;AAAA,wBACA;AAAA,0BACE,MAAQ;AAAA,wBACV;AAAA,sBACF;AAAA,oBACF;AAAA,oBACA,sBAAwB;AAAA,sBACtB,OAAS;AAAA,wBACP;AAAA,0BACE,MAAQ;AAAA,0BACR,OAAS;AAAA,4BACP,MAAQ;AAAA,0BACV;AAAA,wBACF;AAAA,wBACA;AAAA,0BACE,MAAQ;AAAA,wBACV;AAAA,sBACF;AAAA,oBACF;AAAA,oBACA,0CAA4C;AAAA,sBAC1C,OAAS;AAAA,wBACP;AAAA,0BACE,MAAQ;AAAA,0BACR,OAAS;AAAA,4BACP,MAAQ;AAAA,0BACV;AAAA,wBACF;AAAA,wBACA;AAAA,0BACE,MAAQ;AAAA,wBACV;AAAA,sBACF;AAAA,oBACF;AAAA,oBACA,0CAA4C;AAAA,sBAC1C,OAAS;AAAA,wBACP;AAAA,0BACE,MAAQ;AAAA,0BACR,OAAS;AAAA,4BACP,MAAQ;AAAA,0BACV;AAAA,wBACF;AAAA,wBACA;AAAA,0BACE,MAAQ;AAAA,wBACV;AAAA,sBACF;AAAA,sBACA,aAAe;AAAA,oBACjB;AAAA,oBACA,uCAAyC;AAAA,sBACvC,OAAS;AAAA,wBACP;AAAA,0BACE,MAAQ;AAAA,0BACR,OAAS;AAAA,4BACP,MAAQ;AAAA,0BACV;AAAA,wBACF;AAAA,wBACA;AAAA,0BACE,MAAQ;AAAA,wBACV;AAAA,sBACF;AAAA,oBACF;AAAA,oBACA,0CAA4C;AAAA,sBAC1C,OAAS;AAAA,wBACP;AAAA,0BACE,MAAQ;AAAA,0BACR,OAAS;AAAA,4BACP,MAAQ;AAAA,0BACV;AAAA,wBACF;AAAA,wBACA;AAAA,0BACE,MAAQ;AAAA,wBACV;AAAA,sBACF;AAAA,oBACF;AAAA,oBACA,0CAA4C;AAAA,sBAC1C,OAAS;AAAA,wBACP;AAAA,0BACE,MAAQ;AAAA,0BACR,OAAS;AAAA,4BACP,MAAQ;AAAA,0BACV;AAAA,wBACF;AAAA,wBACA;AAAA,0BACE,MAAQ;AAAA,wBACV;AAAA,sBACF;AAAA,sBACA,aAAe;AAAA,oBACjB;AAAA,oBACA,gDAAkD;AAAA,sBAChD,OAAS;AAAA,wBACP;AAAA,0BACE,MAAQ;AAAA,0BACR,OAAS;AAAA,4BACP,MAAQ;AAAA,0BACV;AAAA,wBACF;AAAA,wBACA;AAAA,0BACE,MAAQ;AAAA,wBACV;AAAA,sBACF;AAAA,oBACF;AAAA,oBACA,gDAAkD;AAAA,sBAChD,OAAS;AAAA,wBACP;AAAA,0BACE,MAAQ;AAAA,0BACR,OAAS;AAAA,4BACP,MAAQ;AAAA,0BACV;AAAA,wBACF;AAAA,wBACA;AAAA,0BACE,MAAQ;AAAA,wBACV;AAAA,sBACF;AAAA,sBACA,aAAe;AAAA,oBACjB;AAAA,oBACA,uCAAyC;AAAA,sBACvC,OAAS;AAAA,wBACP;AAAA,0BACE,MAAQ;AAAA,0BACR,OAAS;AAAA,4BACP,MAAQ;AAAA,0BACV;AAAA,wBACF;AAAA,wBACA;AAAA,0BACE,MAAQ;AAAA,wBACV;AAAA,sBACF;AAAA,oBACF;AAAA,oBACA,kDAAoD;AAAA,sBAClD,OAAS;AAAA,wBACP;AAAA,0BACE,MAAQ;AAAA,0BACR,OAAS;AAAA,4BACP,MAAQ;AAAA,0BACV;AAAA,wBACF;AAAA,wBACA;AAAA,0BACE,MAAQ;AAAA,wBACV;AAAA,sBACF;AAAA,oBACF;AAAA,oBACA,0BAA4B;AAAA,sBAC1B,OAAS;AAAA,wBACP;AAAA,0BACE,MAAQ;AAAA,0BACR,OAAS,CAAC;AAAA,wBACZ;AAAA,wBACA,CAAC;AAAA,sBACH;AAAA,sBACA,aAAe;AAAA,oBACjB;AAAA,oBACA,uBAAyB;AAAA,sBACvB,OAAS;AAAA,wBACP;AAAA,0BACE,MAAQ;AAAA,0BACR,OAAS;AAAA,4BACP,MAAQ;AAAA,0BACV;AAAA,wBACF;AAAA,wBACA;AAAA,0BACE,MAAQ;AAAA,wBACV;AAAA,sBACF;AAAA,sBACA,aAAe;AAAA,oBACjB;AAAA,oBACA,kBAAoB;AAAA,sBAClB,OAAS;AAAA,wBACP;AAAA,0BACE,MAAQ;AAAA,0BACR,OAAS;AAAA,4BACP,MAAQ;AAAA,0BACV;AAAA,wBACF;AAAA,wBACA;AAAA,0BACE,MAAQ;AAAA,wBACV;AAAA,sBACF;AAAA,sBACA,aAAe;AAAA,oBACjB;AAAA,oBACA,uBAAyB;AAAA,sBACvB,MAAQ;AAAA,oBACV;AAAA,oBACA,0BAA4B;AAAA,sBAC1B,OAAS;AAAA,wBACP;AAAA,0BACE,MAAQ;AAAA,0BACR,OAAS;AAAA,4BACP,MAAQ;AAAA,0BACV;AAAA,wBACF;AAAA,wBACA;AAAA,0BACE,MAAQ;AAAA,wBACV;AAAA,sBACF;AAAA,oBACF;AAAA,oBACA,sBAAwB;AAAA,sBACtB,OAAS;AAAA,wBACP;AAAA,0BACE,MAAQ;AAAA,0BACR,OAAS;AAAA,4BACP,MAAQ;AAAA,0BACV;AAAA,wBACF;AAAA,wBACA;AAAA,0BACE,MAAQ;AAAA,wBACV;AAAA,sBACF;AAAA,oBACF;AAAA,oBACA,4BAA8B;AAAA,sBAC5B,MAAQ;AAAA,oBACV;AAAA,oBACA,6BAA+B;AAAA,sBAC7B,MAAQ;AAAA,oBACV;AAAA,oBACA,iCAAmC;AAAA,sBACjC,MAAQ;AAAA,oBACV;AAAA,oBACA,kCAAoC;AAAA,sBAClC,MAAQ;AAAA,oBACV;AAAA,oBACA,eAAiB;AAAA,sBACf,MAAQ;AAAA,oBACV;AAAA,oBACA,YAAc;AAAA,sBACZ,MAAQ;AAAA,oBACV;AAAA,oBACA,WAAa;AAAA,sBACX,MAAQ;AAAA,oBACV;AAAA,oBACA,eAAiB;AAAA,sBACf,MAAQ;AAAA,sBACR,OAAS;AAAA,wBACP,MAAQ;AAAA,sBACV;AAAA,oBACF;AAAA,oBACA,aAAe;AAAA,sBACb,MAAQ;AAAA,oBACV;AAAA,oBACA,4BAA8B;AAAA,sBAC5B,MAAQ;AAAA,oBACV;AAAA,oBACA,kBAAoB;AAAA,sBAClB,MAAQ;AAAA,oBACV;AAAA,oBACA,gBAAkB;AAAA,sBAChB,MAAQ;AAAA,oBACV;AAAA,oBACA,aAAe;AAAA,sBACb,MAAQ;AAAA,oBACV;AAAA,oBACA,YAAc;AAAA,sBACZ,MAAQ;AAAA,oBACV;AAAA,oBACA,UAAY;AAAA,sBACV,MAAQ;AAAA,oBACV;AAAA,oBACA,gBAAkB;AAAA,sBAChB,MAAQ;AAAA,oBACV;AAAA,kBACF;AAAA,gBACF;AAAA,gBACA;AAAA,kBACE,MAAQ;AAAA,kBACR,YAAc;AAAA,oBACZ,kCAAoC;AAAA,sBAClC,MAAQ;AAAA,oBACV;AAAA,oBACA,wBAA0B;AAAA,sBACxB,OAAS;AAAA,wBACP;AAAA,0BACE,MAAQ;AAAA,wBACV;AAAA,wBACA;AAAA,0BACE,MAAQ;AAAA,wBACV;AAAA,sBACF;AAAA,oBACF;AAAA,oBACA,QAAU;AAAA,sBACR,OAAS;AAAA,wBACP;AAAA,0BACE,MAAQ;AAAA,wBACV;AAAA,wBACA;AAAA,0BACE,MAAQ;AAAA,wBACV;AAAA,sBACF;AAAA,oBACF;AAAA,oBACA,0BAA4B;AAAA,sBAC1B,OAAS;AAAA,wBACP;AAAA,0BACE,MAAQ;AAAA,0BACR,OAAS;AAAA,4BACP,MAAQ;AAAA,0BACV;AAAA,wBACF;AAAA,wBACA;AAAA,0BACE,MAAQ;AAAA,wBACV;AAAA,sBACF;AAAA,oBACF;AAAA,oBACA,kBAAoB;AAAA,sBAClB,OAAS;AAAA,wBACP;AAAA,0BACE,MAAQ;AAAA,0BACR,OAAS;AAAA,4BACP,MAAQ;AAAA,0BACV;AAAA,wBACF;AAAA,wBACA;AAAA,0BACE,MAAQ;AAAA,wBACV;AAAA,sBACF;AAAA,oBACF;AAAA,oBACA,yBAA2B;AAAA,sBACzB,OAAS;AAAA,wBACP;AAAA,0BACE,MAAQ;AAAA,0BACR,OAAS;AAAA,4BACP,MAAQ;AAAA,0BACV;AAAA,wBACF;AAAA,wBACA;AAAA,0BACE,MAAQ;AAAA,wBACV;AAAA,sBACF;AAAA,oBACF;AAAA,oBACA,uCAAyC;AAAA,sBACvC,OAAS;AAAA,wBACP;AAAA,0BACE,MAAQ;AAAA,0BACR,OAAS;AAAA,4BACP,MAAQ;AAAA,0BACV;AAAA,wBACF;AAAA,wBACA;AAAA,0BACE,MAAQ;AAAA,wBACV;AAAA,sBACF;AAAA,oBACF;AAAA,oBACA,6CAA+C;AAAA,sBAC7C,OAAS;AAAA,wBACP;AAAA,0BACE,MAAQ;AAAA,0BACR,OAAS;AAAA,4BACP,MAAQ;AAAA,0BACV;AAAA,wBACF;AAAA,wBACA;AAAA,0BACE,MAAQ;AAAA,wBACV;AAAA,sBACF;AAAA,oBACF;AAAA,oBACA,gCAAkC;AAAA,sBAChC,MAAQ;AAAA,sBACR,OAAS;AAAA,wBACP,MAAQ;AAAA,sBACV;AAAA,oBACF;AAAA,oBACA,gBAAkB;AAAA,sBAChB,MAAQ;AAAA,oBACV;AAAA,oBACA,mBAAqB;AAAA,sBACnB,MAAQ;AAAA,oBACV;AAAA,oBACA,UAAY;AAAA,sBACV,MAAQ;AAAA,oBACV;AAAA,oBACA,uBAAyB;AAAA,sBACvB,MAAQ;AAAA,oBACV;AAAA,oBACA,0BAA4B;AAAA,sBAC1B,OAAS;AAAA,wBACP;AAAA,0BACE,MAAQ;AAAA,0BACR,OAAS;AAAA,4BACP,MAAQ;AAAA,0BACV;AAAA,wBACF;AAAA,wBACA;AAAA,0BACE,MAAQ;AAAA,wBACV;AAAA,sBACF;AAAA,oBACF;AAAA,oBACA,uBAAyB;AAAA,sBACvB,OAAS;AAAA,wBACP;AAAA,0BACE,MAAQ;AAAA,0BACR,OAAS;AAAA,4BACP,MAAQ;AAAA,0BACV;AAAA,wBACF;AAAA,wBACA;AAAA,0BACE,MAAQ;AAAA,wBACV;AAAA,sBACF;AAAA,oBACF;AAAA,oBACA,sBAAwB;AAAA,sBACtB,OAAS;AAAA,wBACP;AAAA,0BACE,MAAQ;AAAA,0BACR,OAAS;AAAA,4BACP,MAAQ;AAAA,0BACV;AAAA,wBACF;AAAA,wBACA;AAAA,0BACE,MAAQ;AAAA,wBACV;AAAA,sBACF;AAAA,oBACF;AAAA,oBACA,0CAA4C;AAAA,sBAC1C,OAAS;AAAA,wBACP;AAAA,0BACE,MAAQ;AAAA,0BACR,OAAS;AAAA,4BACP,MAAQ;AAAA,0BACV;AAAA,wBACF;AAAA,wBACA;AAAA,0BACE,MAAQ;AAAA,wBACV;AAAA,sBACF;AAAA,oBACF;AAAA,oBACA,0CAA4C;AAAA,sBAC1C,OAAS;AAAA,wBACP;AAAA,0BACE,MAAQ;AAAA,0BACR,OAAS;AAAA,4BACP,MAAQ;AAAA,0BACV;AAAA,wBACF;AAAA,wBACA;AAAA,0BACE,MAAQ;AAAA,wBACV;AAAA,sBACF;AAAA,sBACA,aAAe;AAAA,oBACjB;AAAA,oBACA,uCAAyC;AAAA,sBACvC,OAAS;AAAA,wBACP;AAAA,0BACE,MAAQ;AAAA,0BACR,OAAS;AAAA,4BACP,MAAQ;AAAA,0BACV;AAAA,wBACF;AAAA,wBACA;AAAA,0BACE,MAAQ;AAAA,wBACV;AAAA,sBACF;AAAA,oBACF;AAAA,oBACA,0CAA4C;AAAA,sBAC1C,OAAS;AAAA,wBACP;AAAA,0BACE,MAAQ;AAAA,0BACR,OAAS;AAAA,4BACP,MAAQ;AAAA,0BACV;AAAA,wBACF;AAAA,wBACA;AAAA,0BACE,MAAQ;AAAA,wBACV;AAAA,sBACF;AAAA,oBACF;AAAA,oBACA,0CAA4C;AAAA,sBAC1C,OAAS;AAAA,wBACP;AAAA,0BACE,MAAQ;AAAA,0BACR,OAAS;AAAA,4BACP,MAAQ;AAAA,0BACV;AAAA,wBACF;AAAA,wBACA;AAAA,0BACE,MAAQ;AAAA,wBACV;AAAA,sBACF;AAAA,sBACA,aAAe;AAAA,oBACjB;AAAA,oBACA,gDAAkD;AAAA,sBAChD,OAAS;AAAA,wBACP;AAAA,0BACE,MAAQ;AAAA,0BACR,OAAS;AAAA,4BACP,MAAQ;AAAA,0BACV;AAAA,wBACF;AAAA,wBACA;AAAA,0BACE,MAAQ;AAAA,wBACV;AAAA,sBACF;AAAA,oBACF;AAAA,oBACA,gDAAkD;AAAA,sBAChD,OAAS;AAAA,wBACP;AAAA,0BACE,MAAQ;AAAA,0BACR,OAAS;AAAA,4BACP,MAAQ;AAAA,0BACV;AAAA,wBACF;AAAA,wBACA;AAAA,0BACE,MAAQ;AAAA,wBACV;AAAA,sBACF;AAAA,sBACA,aAAe;AAAA,oBACjB;AAAA,oBACA,uCAAyC;AAAA,sBACvC,OAAS;AAAA,wBACP;AAAA,0BACE,MAAQ;AAAA,0BACR,OAAS;AAAA,4BACP,MAAQ;AAAA,0BACV;AAAA,wBACF;AAAA,wBACA;AAAA,0BACE,MAAQ;AAAA,wBACV;AAAA,sBACF;AAAA,oBACF;AAAA,oBACA,kDAAoD;AAAA,sBAClD,OAAS;AAAA,wBACP;AAAA,0BACE,MAAQ;AAAA,0BACR,OAAS;AAAA,4BACP,MAAQ;AAAA,0BACV;AAAA,wBACF;AAAA,wBACA;AAAA,0BACE,MAAQ;AAAA,wBACV;AAAA,sBACF;AAAA,oBACF;AAAA,oBACA,0BAA4B;AAAA,sBAC1B,OAAS;AAAA,wBACP;AAAA,0BACE,MAAQ;AAAA,0BACR,OAAS,CAAC;AAAA,wBACZ;AAAA,wBACA,CAAC;AAAA,sBACH;AAAA,sBACA,aAAe;AAAA,oBACjB;AAAA,oBACA,uBAAyB;AAAA,sBACvB,OAAS;AAAA,wBACP;AAAA,0BACE,MAAQ;AAAA,0BACR,OAAS;AAAA,4BACP,MAAQ;AAAA,0BACV;AAAA,wBACF;AAAA,wBACA;AAAA,0BACE,MAAQ;AAAA,wBACV;AAAA,sBACF;AAAA,sBACA,aAAe;AAAA,oBACjB;AAAA,oBACA,kBAAoB;AAAA,sBAClB,OAAS;AAAA,wBACP;AAAA,0BACE,MAAQ;AAAA,0BACR,OAAS;AAAA,4BACP,MAAQ;AAAA,0BACV;AAAA,wBACF;AAAA,wBACA;AAAA,0BACE,MAAQ;AAAA,wBACV;AAAA,sBACF;AAAA,sBACA,aAAe;AAAA,oBACjB;AAAA,oBACA,uBAAyB;AAAA,sBACvB,MAAQ;AAAA,oBACV;AAAA,oBACA,0BAA4B;AAAA,sBAC1B,OAAS;AAAA,wBACP;AAAA,0BACE,MAAQ;AAAA,0BACR,OAAS;AAAA,4BACP,MAAQ;AAAA,0BACV;AAAA,wBACF;AAAA,wBACA;AAAA,0BACE,MAAQ;AAAA,wBACV;AAAA,sBACF;AAAA,oBACF;AAAA,oBACA,sBAAwB;AAAA,sBACtB,OAAS;AAAA,wBACP;AAAA,0BACE,MAAQ;AAAA,0BACR,OAAS;AAAA,4BACP,MAAQ;AAAA,0BACV;AAAA,wBACF;AAAA,wBACA;AAAA,0BACE,MAAQ;AAAA,wBACV;AAAA,sBACF;AAAA,oBACF;AAAA,oBACA,4BAA8B;AAAA,sBAC5B,MAAQ;AAAA,oBACV;AAAA,oBACA,6BAA+B;AAAA,sBAC7B,MAAQ;AAAA,oBACV;AAAA,oBACA,iCAAmC;AAAA,sBACjC,MAAQ;AAAA,oBACV;AAAA,oBACA,kCAAoC;AAAA,sBAClC,MAAQ;AAAA,oBACV;AAAA,oBACA,eAAiB;AAAA,sBACf,MAAQ;AAAA,oBACV;AAAA,oBACA,YAAc;AAAA,sBACZ,MAAQ;AAAA,oBACV;AAAA,oBACA,0BAA4B;AAAA,sBAC1B,OAAS;AAAA,wBACP;AAAA,0BACE,MAAQ;AAAA,0BACR,OAAS;AAAA,4BACP,MAAQ;AAAA,0BACV;AAAA,wBACF;AAAA,wBACA;AAAA,0BACE,MAAQ;AAAA,wBACV;AAAA,sBACF;AAAA,oBACF;AAAA,oBACA,sBAAwB;AAAA,sBACtB,MAAQ;AAAA,oBACV;AAAA,kBACF;AAAA,gBACF;AAAA,cACF;AAAA,YACF;AAAA,YACA,QAAU;AAAA,cACR,MAAQ;AAAA,cACR,MAAQ,CAAC,WAAW,YAAY;AAAA,YAClC;AAAA,YACA,aAAe;AAAA,cACb,MAAQ;AAAA,cACR,MAAQ,CAAC,0BAA0B,6BAA6B,qCAAqC;AAAA,YACvG;AAAA,YACA,cAAgB;AAAA,cACd,MAAQ;AAAA,cACR,MAAQ,CAAC,YAAY,UAAU;AAAA,YACjC;AAAA,YACA,OAAS;AAAA,cACP,MAAQ;AAAA,cACR,MAAQ,CAAC,UAAU,oBAAoB,WAAW,SAAS,WAAW,OAAO;AAAA,YAC/E;AAAA,YACA,aAAe;AAAA,cACb,MAAQ;AAAA,cACR,MAAQ,CAAC,UAAU,UAAU;AAAA,YAC/B;AAAA,YACA,aAAe;AAAA,cACb,MAAQ;AAAA,cACR,MAAQ,CAAC,SAAS,SAAS,SAAS,SAAS,QAAQ;AAAA,YACvD;AAAA,YACA,cAAgB;AAAA,cACd,MAAQ;AAAA,cACR,MAAQ,CAAC,YAAY,aAAa,QAAQ,eAAe,OAAO;AAAA,YAClE;AAAA,YACA,WAAa;AAAA,cACX,MAAQ;AAAA,cACR,MAAQ,CAAC,sBAAsB,UAAU;AAAA,YAC3C;AAAA,YACA,iCAAmC;AAAA,cACjC,MAAQ;AAAA,cACR,MAAQ,CAAC,OAAO,MAAM;AAAA,YACxB;AAAA,YACA,yBAA2B;AAAA,cACzB,MAAQ;AAAA,cACR,MAAQ,CAAC,sBAAsB,uBAAuB,qBAAqB,iBAAiB;AAAA,YAC9F;AAAA,YACA,WAAa;AAAA,cACX,MAAQ;AAAA,cACR,MAAQ,CAAC,UAAU,cAAc,aAAa;AAAA,YAChD;AAAA,YACA,aAAe;AAAA,cACb,MAAQ;AAAA,cACR,MAAQ,CAAC,kBAAkB,iBAAiB;AAAA,YAC9C;AAAA,UACF;AAAA,UACA,SAAW;AAAA,YACT,oBAAsB;AAAA,cACpB,aAAe;AAAA,cACf,WAAa;AAAA,gBACX,MAAQ;AAAA,cACV;AAAA,cACA,YAAc;AAAA,gBACZ,MAAQ;AAAA,cACV;AAAA,YACF;AAAA,YACA,6BAA+B;AAAA,cAC7B,aAAe;AAAA,cACf,WAAa;AAAA,gBACX,MAAQ;AAAA,cACV;AAAA,cACA,YAAc;AAAA,gBACZ,MAAQ;AAAA,cACV;AAAA,YACF;AAAA,YACA,+BAAiC;AAAA,cAC/B,aAAe;AAAA,cACf,WAAa;AAAA,gBACX,MAAQ;AAAA,cACV;AAAA,cACA,YAAc;AAAA,gBACZ,MAAQ;AAAA,cACV;AAAA,YACF;AAAA,YACA,uBAAyB;AAAA,cACvB,aAAe;AAAA,cACf,WAAa;AAAA,gBACX,MAAQ;AAAA,cACV;AAAA,cACA,YAAc;AAAA,gBACZ,MAAQ;AAAA,cACV;AAAA,YACF;AAAA,UACF;AAAA,QACF;AAAA,MACF;AAAA,IACF;AAAA;AAAA;;;AC7+DA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAAA,IAAAC,oBAA6C;;;ACA7C,IAAAC,yBAAwC;AACxC,IAAAC,oBAAyD;AAEzD,IAAAC,sBAAkB;;;ACHlB,oBAA4B;AAC5B,IAAAC,yBAAwC;AACxC,IAAAC,sBAAqE;AACrE,IAAAA,sBAAuF;AAGvF,oBAAkD;AAElD,oBAA0B;AAG1B,yBAA2B;AAE3B,uBAAyB;;;ACbzB,4BAAiC;AACjC,IAAAC,yBAUO;AACP,yBAA6D;AAE7D,IAAAC,sBAAwE;AACxE,IAAAC,kBAQO;AACP,IAAAA,kBAMO;AAEP,qBAAwB;;;AChCxB,2BAAgC;AAChC,4BAA8B;AAC9B,qBAQO;AACP,IAAAC,kBAAqG;AAErG,uBAA+B;AAC/B,yBAAkB;AAKX,IAAMC,qBAAqB,wBAACC,YAAAA;AACjC,SAAO,OAAOC,gBAA2CC,UAAAA;AACvD,UAAM,EAAEC,gBAAgBC,mBAAmBC,aAAY,IAAKH,MAAMF;AAElE,QAAI,CAACG,gBAAgB;AACnB,aAAOG,QAAQC,OAAOC,MAAM,mCAAA,CAAA;IAC9B;AAEA,UAAMC,YAAiB,IAAIC,IAAIP,eAAeQ,MAAM;AACpD,UAAMC,gBAAwB,GAAGH,UAAUI,QAAQ,KAAKJ,UAAUK,QAAQ;AAC1E,QAAIC,iBAAqBC,qCAAcJ,eAAeT,eAAec,wBAAwB;AAE7F,UAAMC,QAA2B;MAC/BC,SAAS;QACPC,aAAaL;QACbM,WAAWN;MACb;;;;MAIAO,WAAW;QACTC,IAAI;QACJC,QAAQC,2BAAYC;QACpBC,MAAMC,6BAAcC;QACpBC,MAAM;QACNC,UAAU;MACZ;MACAC,KAAKpB;MACLqB,YAAY;QACV;UACEC,OAAOtB;UACPuB,OAAO;YAACC,gCAAeC;;UACvBb,QAAQc,8BAAeZ;UACvBa,YAAY;YACVZ,MAAMa,yCAA0B9B;YAChCE,eAAeH,UAAUK;UAC3B;;UAEA2B,YAAY;YACVd,MAAMe,8BAAeC;YACrBC,QAAQ;cACNC,UAAU;cACVC,cAAc;cACdC,QAAQ;gBAAC;;cACTpC,QAAQ;cACRqC,aAAa;cACbC,sCAAsC;cACtCC,kBAAkB;YACpB;UACF;QACF;;IAEJ;AAEA,UAAMC,WAAW,8BAAO,EACtBjC,OAAAA,QACAT,WAAAA,YACAM,YAAAA,aACAH,eAAAA,eAAa,MAMd;AACC,YAAMQ,cAAcF,OAAMC,QAAQC,eAAeL;AACjD,YAAMqC,WAAyB,MAAMpD,QAAQqD,MAAMC,cAAc;QAC/DC,QAAQ;UACN;YACEpC,SAAS;;cAEPE,WAAWD;YACb;UACF;;MAEJ,CAAA;AACA,UAAIgC,SAASI,WAAW,KAAK,CAACJ,SAAS,CAAA,GAAIjC,SAAS;AAClD,cAAMA,UAAU,MAAMnB,QAAQqD,MAAMI,aAAa;UAC/C,GAAGvC;UACHE;UACAC,WAAWD;UACXsC,aAAa;YACX/B,MAAMC,6BAAcC;YACpBC,MAAMV;YACNI,QAAQC,2BAAYC;YACpBK,UAAUb,OAAMa,YAAY;UAC9B;QACF,CAAA;AACA9B,uBAAe0D,KAAK;UAClBhC,MAAMiC,qCAAqBC;UAC3BC,MAAM3C;QACR,CAAA;MACF;IACF,GAvCiB;AAyCjB,UAAM4C,kBAAkB,8BAAOC,eAAAA;AAC7B/D,qBAAe0D,KAAK;QAClBhC,MAAMiC,qCAAqBK;QAC3BH,MAAME;MACR,CAAA;IACF,GALwB;AAOxB,UAAME,gBAAgB,8BAAOhC,UAAAA;AAC3BjC,qBAAe0D,KAAK;QAClBhC,MAAMiC,qCAAqBO;QAC3BL,MAAM5B;MACR,CAAA;IACF,GALsB;AAOtB,QAAI,CAACnB,YAAY;AACfA,mBAAa,iBAAiBN,SAAAA;IAChC,WAAWM,WAAWqD,WAAW,MAAA,GAAS;AACxCrD,mBAAa,QAAQA,WAAWsD,QAAQ,eAAe,EAAA,CAAA;IACzD;AACA,QAAI,CAAChE,cAAc;AACjB,aAAO,MAAM6D,cAAcnD,UAAAA;IAC7B;AACAA,iBAAaV;AACb,QAAI,CAACD,mBAAmB;AACtB,aAAO,MAAM2D,gBAAgB,IAAA;IAC/B;AACA,UAAMZ,SAAS;MAAEjC;MAAOH;MAAYN,WAAWA,UAAU6D,SAAQ;MAAI1D;IAAc,CAAA;EACrF;AACF,GA3HkC;AA6H3B,IAAM2D,sBAAsB,wBAACvE,YAAAA;AAClC,SAAO,OAAOC,gBAAsEC,UAAAA;AAClFsE,YAAQC,MAAM,yBAAyBvE,MAAMwE,KAAK,IAAIxE,MAAMF,QAAQyE,KAAK;AACzEE,WAAOC,MAAM1E,MAAMwE,KAAK;EAC1B;AACF,GALmC;AAO5B,IAAMG,4BAA4B,wBAAC7E,YAAAA;AACxC,SAAO,OAAOC,gBAA2CC,UAAAA;AACvD,UAAM,EAAEiB,SAAS2D,wBAAwBC,oBAAmB,IAAK7E,MAAMF;AAEvE,QAAI+E,uBAAuBA,oBAAoBvB,SAAS,GAAG;AACzDmB,aAAOK,KAAK,aAAaD,oBAAoBE,KAAK,IAAA,CAAA,EAAO;AACzDhF,qBAAe0D,KAAK;QAClBhC,MAAMiC,qCAAqBsB;MAC7B,CAAA;AACA;IACF,WAAW,CAAC/D,SAAS;AACnB,aAAOb,QAAQC,OAAOC,MAAM,4BAAA,CAAA;IAC9B;AAEA,UAAM2E,eAAe,8BAAOJ,yBAAAA;AAC1BP,cAAQY,IAAI,yBAAyBL,qBAAoBE,KAAK,IAAA,CAAA,EAAO;AACrEhF,qBAAe0D,KAAK;QAClBhC,MAAMiC,qCAAqByB;QAC3BvB,MAAMiB;MACR,CAAA;IACF,GANqB;AAQrB,UAAMI,aAAaL,uBAAuBQ,IAAI,CAACC,QAAQA,IAAIC,YAAY,CAAA;EACzE;AACF,GAxByC;AA0BlC,IAAMC,+BAA+B,wBAC1C,EACEC,eACAC,cAAa,GAKf3F,YAAAA;AAEA,SAAO,OAAOC,gBAA2CC,UAAAA;AACvD,UAAM0F,MAAM1F,MAAMF,QAAQ6F;AAC1BrB,YAAQY,IAAI,kCAAkCQ,GAAAA;AAC9C,QAAI,CAACA,KAAK;AACR,aAAOtF,QAAQC,OAAOC,MAAM,sCAAA,CAAA;IAC9B;AACA,UAAMsF,yBAAyB,8BAAOF,SAAAA;AACpCpB,cAAQY,IAAI,0CAA0CQ,IAAAA;AACtD3F,qBAAe0D,KAAK;QAClBhC,MAAMiC,qCAAqBmC;QAC3BjC,MAAM8B;MACR,CAAA;AACA,YAAMI,WAAW,UAAMC,mBAAAA,SAAML,MAAK;QAAEM,UAAU;MAAS,CAAA;AACvD,UAAIF,SAASG,SAAS,OAAOH,SAASG,SAAS,KAAK;AAClD,cAAM3F,MAAM,iFAAiF;MAC/F;AACA,YAAM4F,YAAYJ,SAASK,QAAQC,IAAI,UAAA;AACvC,UAAI,CAACF,aAAa,CAACA,UAAUhC,WAAW,WAAA,GAAc;AACpD,YAAIK,QAA4B8B;AAChC,YAAIH,WAAW;AACb,cAAIA,UAAUI,SAAS,OAAA,GAAU;AAC/B/B,oBAAQ;AACR,kBAAMgC,cAAUC,sCAAgBN,SAAAA;AAChC,gBAAI,WAAWK,WAAWA,QAAQhC,OAAO;AACvCA,uBAASgC,QAAQhC,QAAQ;YAC3B;AACA,gBAAI,uBAAuBgC,WAAWA,QAAQE,mBAAmB;AAC/DlC,uBAASgC,QAAQE;YACnB;UACF;QACF;AACA,cAAMnG,MACJiE,SACE,iFAAiF2B,SAAAA,KAAcQ,KAAKC,UAAU,MAAMb,SAASc,KAAI,CAAA,CAAA,EAAK;MAE5I;AAEAtC,cAAQY,IAAI,yCAAyCQ,IAAAA,EAAK;AAC1D,YAAMmB,MAAMrB,cAAcsB,QAAQC,MAAMC,gBACpC,GAAGxB,cAAcnD,WAAW4E,GAAG,IAAIzB,cAAcsB,QAAQC,KAAKC,aAAa,KAC3ExB,cAAcnD,WAAWwE;AAC7B,YAAMpB,cAAcyB,OAAOhB,WAAW;QAAEiB,QAAQ;UAAE,GAAG3B,cAAcnD;UAAY+E,WAAWP;QAAI;MAAE,CAAA;IAClG,GApC+B;AAqC/B,UAAMjB,uBAAuBF,GAAAA;EAC/B;AACF,GAvD4C;AAyDrC,IAAM2B,4BAA4B,wBAACvH,YAAAA;AACxC,SAAO,OAAOC,gBAA2CC,UAAAA;AACvDsE,YAAQY,IAAI,uBAAuB;AACnCZ,YAAQY,IAAIwB,KAAKC,UAAU3G,MAAMF,QAAQwH,qBAAqB,MAAM,CAAA,CAAA;AACpEvH,mBAAe0D,KAAK;MAClBhC,MAAMiC,qCAAqBsB;IAC7B,CAAA;EACF;AACF,GARyC;AAUlC,IAAMuC,mBAAmB,wBAAC,EAAExH,eAAc,GAAwCD,YAAAA;AACvF,SAAO,OAAO0H,eAAyCxH,UAAAA;AAGrD,QAAI,CAACA,MAAMF,QAAQ2H,2BAA2BC,aAAaC,MAAM;AAC/D,YAAMrH,MAAM,kDAAkD;IAChE;AACAP,mBAAe6H,YAAYnE,KAAK;MAC9BhC,MAAMiC,qCAAqBmE;MAC3BjE,MAAM5D,MAAMF,QAAQ2H,0BAA0B/B;IAChD,CAAA;AACApB,YAAQY,IAAI,YAAY;EAC1B;AACF,GAbgC;;;ADvLzB,IAAM4C,sCAAsC,8BACjD,EACEC,UAAUC,aACVC,kBACAC,gBACAC,QACAC,aACAC,mBACAC,UAAU;EAAC;EAAU;EAAc,GAErCC,YAAAA;AAEAC,SAAOC,KAAK,sBAAsBP,cAAAA,qBAAmCF,WAAAA,eAA0BC,gBAAAA,EAAkB;AACjH,QAAMS,aAAa,MAAMH,QAAQI,MAAMC,0BAA0BT,MAAAA;AACjE,QAAMU,aAAaH,WAAWG;AAC9B,MAAIA,WAAWC,aAAa,cAAcD,WAAWC,aAAa,WAAW;AAC3E,UAAMC,MACJ,4FAA4FF,WAAWC,QAAQ,UAAUD,WAAWG,GAAG,EAAE;EAE7I;AAIA,QAAMC,UAAU,UAAMC,yCACpB;IACEL;IACAM,4BAA4BjB,mBAAmB;IAC/CkB,8BAA8B;IAC9BC,SAAS;EACX,GACAd,OAAAA;AAEF,QAAMe,MAAML,QAAQM,MAAMC,qBAAiBC,kDAA6B;IAAEC,KAAKT;EAAQ,CAAA;AACvF,QAAMlB,WAAWC,eAAea,WAAWG;AAE3C,QAAMW,YAAY,MAAMC,uCAAiBC,qBAAqB;IAC5D5B;IACAqB;IACAvB;IACA+B,+BAA+B;IAC/BC,wBAAwB;EAC1B,CAAA;AAEA,QAAMC,aAAa,CAAC;AACpB,MAAIC;AACJ,MAAIC,MAAMC,QAAQH,UAAAA,GAAa;AAC7BC,mBAAeD;EACjB,OAAO;AACLC,mBAAeG,OAAOC,QAAQL,UAAAA,EAAYM,IAAI,CAAC,CAACC,IAAIC,SAAAA,MAAU;AAC5DA,gBAAUD,KAAKA;AACf,aAAOC;IACT,CAAA;EACF;AACA,QAAMC,0BAA0BR,aAC7BS,OAAO,CAACF,kBAAcG,wDAAgCH,WAAW;IAAEI,4BAA4B;EAAM,CAAA,EAAGC,SAAS3C,cAAAA,CAAAA,EACjHwC,OAAO,CAACF,eAAeA,UAAUM,WAAW,YAAYN,UAAUM,WAAW,kBAAkBxC,QAAQuC,SAASL,UAAUM,MAAM,CAAA;AACnI,MAAIL,wBAAwBM,WAAW,GAAG;AACxC,UAAMhC,MAAM,mBAAmBb,cAAAA,qBAAmCI,QAAQ0C,KAAK,GAAA,CAAA,4CAAgD/C,gBAAAA,EAAkB;EACnJ;AACA,QAAMgD,uBAAuBR,wBAAwBH,IAAI,CAACE,cAAAA;AACxD,UAAMU,8BAA8BV,UAAUD;AAC9C,QAAI,CAACW,6BAA6B;AAChC,YAAMnC,MAAM,4DAA4Db,cAAAA,EAAgB;IAC1F;AACA,WAAO;MACLiD,MAAM;MACND;MACAE,4BAAwBT,wDAAgCH,SAAAA;IAC1D;EACF,CAAA;AAEA,QAAMa,gBAA4ChD,kBAAkBgD,iBAAiB;IACnFC,kBAAcA,8BAAanD,QAAQI,OAAAA;EACrC;AACA,QAAMgD,2BAA2B;IAC/BnD;IACAL;IACAkD;IACA5C,mBAAmB;MACjB,GAAGA;MACHgD;MACA/B,KAAKjB,kBAAkBiB,OAAOA;IAChC;EACF;AAEA,QAAMkC,uBAAuB,MAAM7B,UAAU8B,8BAA8B;IACzEC,sBAAsBH;EACxB,CAAA;AACA/C,SAAOC,KAAK,sBAAsBP,cAAAA,qBAAmCF,WAAAA,eAA0BC,gBAAAA,aAA6BuD,oBAAAA,EAAsB;AAClJ,QAAMG,SAAS,UAAMC,+CAA0B;IAAElC,KAAKT;EAAQ,CAAA;AAC9D,MAAI,EAAE0C,UAAUE,6BAAM;AACpB,WAAOC,QAAQC,OAAOhD,MAAM,GAAG4C,MAAAA,mBAAyB,CAAA;EAC1D;AAEA,QAAMK,MAAWH,2BAAIF,MAAAA;AAErB,SAAO;IACLM,aAAa;MACXnC,+BAA+B;MAC/BoC,UAAUC,qCAAcC;MACxBC,KAAKpE;MACLqE,qBAAqBC,KAAKC,MAAM,MAAM7C,UAAU8C,YAAW,CAAA;IAC7D;IACAC,iBAAiB;MACfC,YAAY;QACVX;QACAjE;QACAuB;QACA+B;QACAuB,qBAAqB;MACvB;IACF;IACArB;IACAC;IACA3C,YAAYH;IACZO;IACA4D,sBAAsB;MAACC,0CAAuBC;MAAUD,0CAAuBE;;EACjF;AACF,GAtHmD;AAwH5C,IAAMC,gCAAgC,8BAC3C,EAAElF,UAAUmF,eAAeC,WAAU,GACrC5E,YAAAA;AAEA,QAAMM,aAAaqE,cAAcrE;AACjC,QAAMuE,oBAAoB,oBAAIC,IAAAA;AAC9B,QAAMC,mBAAmB,oBAAID,IAAAA;AAE7B,QAAME,iBAAiB,MAAMhF,QAAQI,MAAM6E,mCAAmC;IAC5E,GAAGN;IACHO,aAAa;MACX5E;MACA6E,6BAA6BZ,0CAAuBC;MACpDzD,KAAK4D,cAAcjE,QAAQM,MAAMC,iBAAiB0D,cAAcjE,QAAQK;IAC1E;IACAqD,YAAY;MACVC,qBAAqB;MACrBtD,KAAK4D,cAAcjE,QAAQM,MAAMC,iBAAiB0D,cAAcjE,QAAQK;MACxEvB;IACF;IACA8E,sBAAsB;MAACC,0CAAuBC;MAAUD,0CAAuBE;;IAC/EW,6BAAyBC,8CAA6BR,iBAAAA;IACtDD,YAAYA,cAAc;EAC5B,CAAA;AACA,QAAMU,gBAAgB,IAAIC,wCAAwB;IAChDC,WAAW;MAAC;;;IAEZxF;IACAyF,2BAA2B;IAC3BL,6BAAyBM,6CAA4BX,gBAAAA;EACvD,CAAA;AAEAA,mBACGY,IAAIC,oCAAoBC,MAAMC,iBAAiB;IAAEd;EAAe,GAAGhF,OAAAA,CAAAA,EACnE2F,IAAIC,oCAAoBG,aAAaC,oBAAoBhG,OAAAA,CAAAA,EACzD2F,IAAIC,oCAAoBK,OAAOD,oBAAoBhG,OAAAA,CAAAA;AAEtD6E,oBACGc,IAAIO,qCAAqBH,aAAaC,oBAAoBhG,OAAAA,CAAAA,EAC1D2F,IAAIO,qCAAqBC,YAAYC,mBAAmBpG,OAAAA,CAAAA,EACxD2F,IAAIO,qCAAqBG,mBAAmBC,0BAA0BtG,OAAAA,CAAAA,EACtE2F,IACCO,qCAAqBK,8BACrBC,6BACE;IACE7B;IACAW;EACF,GACAtF,OAAAA,CAAAA,EAGH2F,IAAIO,qCAAqBO,mBAAmBC,0BAA0B1G,OAAAA,CAAAA;AAEzE,SAAOgF,eAAe2B;AACxB,GAtD6C;AAwDtC,IAAMC,qBAAqB,8BAChC,EAAEpH,UAAUmF,eAAekC,OAAO;EAAEC,SAAS;AAAO,EAAC,GACrDC,iBAAAA;AAEA9G,SAAOC,KAAK,gCAAgCyE,cAAcrE,WAAWG,GAAG,QAAQjB,QAAAA,EAAU;AAC1F,QAAMmH,cAAc,MAAMjC,8BAA8B;IAAElF;IAAUmF;EAAc,GAAGoC,YAAAA;AACrF,QAAMC,QAAQ,UAAMC,wBAAQN,YAAYO,MAAK,GAAI,CAACF,WAAUA,OAAMG,QAAQ,MAAA,KAAWH,OAAMG,QAAQ,aAAA,KAAkBH,OAAMG,QAAQ,OAAA,GAAU;IAC3IL,SAASD,KAAKC,WAAW;EAC3B,CAAA;AACA,QAAM,EAAEM,cAAcC,SAASC,oBAAoBpC,aAAae,OAAOsB,oBAAmB,IAAKP,MAAMhH;AAErG,MAAIgH,MAAMG,QAAQ,aAAA,KAAkBH,MAAMG,QAAQ,OAAA,GAAU;AAC1DlH,WAAOgG,MAAMjC,KAAKwD,UAAUR,MAAMhH,QAAQiG,KAAK,CAAA;AAC/C,UAAMzF,MAAMwD,KAAKwD,UAAUR,MAAMhH,QAAQiG,KAAK,CAAA;EAChD;AAEA,QAAMwB,SAAS;IACbL;IACAC;IACAC;IACAhH,YAAY4E,aAAa5E,aACnB,MAAMyG,aAAa3G,MAAMsH,qBAAqBxC,YAAY5E,UAAU,IACtEqE,cAAcrE;IAClB2F;IACA0B,aAAaJ;EACf;AACAtH,SAAOC,KAAK,wBAAwByE,cAAcrE,WAAWG,GAAG,QAAQjB,QAAAA,IAAYiI,MAAAA;AAEpF,SAAOA;AACT,GA7BkC;;;AE3O3B,IAAMG,oBAAoB,wBAAC,EAChCC,cAAc,SACdC,SACAC,SAAS,QAAO,MAC0E;AAC1F,SAAO,eAAeF,WAAAA,YAAuBE,MAAAA,IAAUD,OAAAA;AACzD,GANiC;AAQ1B,IAAME,OAAO,8BAAOC,gBAAAA;AACzB,SAAO,IAAIC,QAAQ,CAACC,YAAYC,WAAWD,SAASF,WAAAA,CAAAA;AACtD,GAFoB;;;ACVpB,IAAAI,sBAAkB;AAaX,IAAMC,qBAAqB,8BAAOC,SAAAA;AACvC,QAAM,EAAEC,QAAQC,QAAO,IAAKF;AAC5B,QAAM,EAAEG,KAAKC,QAAO,IAAKH;AACzB,MAAI,CAACE,KAAK;AACR,UAAM,IAAIE,MAAM,2BAAA;EAClB;AACA,QAAMC,QAAQF,UAAU,aAAaA,OAAAA,KAAY;AACjD,QAAMG,WAAW,UAAMC,oBAAAA,SAAM,GAAGC,uBAAuB;IAAE,GAAGP;EAAQ,CAAA,EAAGI,KAAK,IAAIH,GAAAA,GAAMG,KAAAA,EAAO;AAC7F,QAAMI,WAAW,MAAMH,SAASI,KAAI;AACpC,QAAMC,OAAOF,SAASG,WAAW,GAAA,IAAOC,KAAKC,MAAML,QAAAA,IAAYM;AAE/D,MAAIT,SAASU,UAAU,OAAO,CAACL,MAAM;AACnC,WAAOM,QAAQC,OAAO,IAAId,MAAMO,QAAQF,QAAAA,CAAAA;EAC1C;AACA,SAAOE;AACT,GAfkC;AAqB3B,IAAMQ,+BAA+B,8BAC1CpB,SAAAA;AAaA,QAAM,EACJG,KACAkB,kBAAkB,KAClBC,gBAAgB,KAChBC,4BAA4B,KAC5BC,cAAc,KACdC,UAAU,MACVC,cAAc,SACdC,gBAAe,IACb3B;AAEJ,MAAIqB,kBAAkBC,eAAe;AACnC,WAAOJ,QAAQC,OAAOd,MAAM,gBAAgBiB,aAAAA,uDAAoED,eAAAA,EAAiB,CAAA;EACnI,WAAWE,4BAA4B,GAAG;AACxC,WAAOL,QAAQC,OAAOd,MAAM,8BAA8BkB,yBAAAA,+BAAwD,CAAA;EACpH;AACA,MAAIK,WAAWP;AACf,MAAIQ,gBAAgB;AACpB,MAAIC;AACJ,MAAIC,QAAQ;AACZ,WAASC,aAAAA;AACPC,WAAOC,MAAM,2BAA2BH,KAAAA,gBAAqBF,aAAAA,KAAkB1B,GAAAA,EAAK;EACtF;AAFS6B;AAGT,SAAO,CAACF,eAAeD,iBAAiBL,aAAa;AACnD,MAAEO;AACF,QAAI;AACFC,iBAAAA;AACAF,oBAAc,MAAM/B,mBAAmB;QAAEE,QAAQ;UAAEE;QAAI;QAAGD,SAAS;UAAEwB;UAAaD;QAAQ;MAAE,CAAA;AAC5F,UAAIE,mBAAqBG,aAAa;AACpC,cAAMK,cAAcrB,KAAKsB,UAAUN,WAAAA;AACnC,cAAMO,SAASvB,KAAKsB,UAAUT,eAAAA;AAC9B,cAAMW,QAAQH,YAAYI,SAASF,OAAOG,UAAU,GAAGH,OAAOI,SAAS,CAAA,CAAA;AACvE,YAAI,CAACH,OAAO;AACVL,iBAAOC,MAAM,0CAA0CpB,KAAKsB,UAAUT,eAAAA,CAAAA,oBAAoCxB,GAAAA,EAAK;AAC/G2B,wBAAcd;QAChB;MACF;IACF,SAAS0B,GAAG;IAAC;AACb,QAAI,CAACZ,aAAa;AAChB,YAAMa,KAAKf,QAAAA;AACXC,uBAAiBD;AACjBA,iBAAWgB,KAAKC,IAAIjB,WAAWL,2BAA2BD,aAAAA;IAC5D;EACF;AACAU,aAAAA;AACA,SAAO;IAAEF;IAAaD;IAAeE;EAAM;AAC7C,GA5D4C;AAmErC,IAAMe,uBAAuB,8BAAO9C,SAAAA;AACzC,QAAM,EAAEC,QAAQC,QAAO,IAAKF;AAC5B,QAAM,EAAE+C,QAAQC,MAAMC,WAAU,IAAKhD;AACrC,QAAMiD,cAAwB,CAAA;AAC9B,MAAIH,QAAQ;AACVG,gBAAYC,KAAK,eAAeJ,MAAAA,EAAQ;EAC1C;AACA,MAAIC,MAAM;AACRE,gBAAYC,KAAK,cAAcH,IAAAA,EAAM;EACvC;AACA,MAAIC,YAAY;AACdC,gBAAYC,KAAK,cAAcF,UAAAA,EAAY;EAC7C;AACA,QAAM3C,QAAQ,IAAI4C,YAAYE,OAAOC,OAAAA,EAASC,KAAK,GAAA,CAAA;AACnD,SAAO,OAAO,UAAM9C,oBAAAA,SAAM,GAAGC,uBAAuB;IAAE,GAAGP;EAAQ,CAAA,EAAGI,KAAK,IAAIA,KAAAA,EAAO,GAAGM,KAAI;AAC7F,GAfoC;;;ACrGpC,IAAA2C,sBAAkB;;;ACyCX,IAAMC,sBAAuD;EAClEC,IAAI;IACFC,MAAM;IACNC,QAAQ;IACRC,SAAS;IACTC,WAAW;IACXC,kBAAkB;EACpB;EACAC,KAAK;IACHL,MAAM;IACNC,QAAQ;EACV;AACF;AAwEO,IAAKK,uBAAAA,0BAAAA,uBAAAA;;;;SAAAA;;AA2SL,IAAMC,mBAAmB;AAKzB,IAAMC,mBAAmBC,KAAKC,UAAU;EAAE,YAAY;IAAC;IAAgC;;AAAgD,CAAA;AAYvI,IAAKC,gBAAAA,0BAAAA,gBAAAA;;;;;;;SAAAA;;;;ADzaL,IAAMC,gBAAgB,8BAAOC,SAAAA;AAClC,SAAOC,kBAAkB;IAAE,GAAGD;IAAME,SAAS;EAAG,CAAA;AAClD,GAF6B;AAG7B,IAAMD,oBAAoB,8BAAOD,SAAAA;AAC/B,QAAM,EAAEG,QAAQC,OAAOC,aAAaC,WAAWC,SAASC,mBAAmB,OAAON,QAAO,IAAKF;AAC9F,QAAMS,UAAUC,kBAAkB;IAAEL;IAA0BF;IAAQC;IAAOE;EAAU,CAAA;AACvFK,SAAOC,MAAM;GAAiBC,KAAKC,UAAUL,SAAS,MAAM,CAAA,CAAA,EAAI;AAChE,QAAMM,cAAc,OAAO,UAAMC,oBAAAA,SAAMC,uBAAuB;IAAE,GAAGV;EAAQ,CAAA,EAAGW,QAAQT,OAAAA,GAAUU,KAAI;AAEpG,MAAIC,SAASL,YAAYK;AACzBT,SAAOC,MAAM;EAAoBC,KAAKC,UAAUM,UAAUL,YAAYM,KAAK,CAAA,EAAG;AAE9E,MAAIN,YAAYM,UAAUC,UAAa,CAACd,kBAAkB;AACxDG,WAAOU,MAAM,uBAAuBN,WAAAA;AACpC,QAAIA,YAAYM,MAAME,QAAQC,SAAS,yBAAyB,GAAG;AACjExB,WAAKI,QAAQqB,YAAAA;AACb,UAAIvB,WAAW,GAAG;AAChB,cAAMwB,MAAMX,YAAYM,MAAME,OAAO;MACvC;AACAZ,aAAOgB,QAAQ,0DAA0DzB,OAAAA,EAAS;AAClF,YAAM0B,KAAK,GAAA;AACX,aAAO3B,kBAAkB;QAAE,GAAGD;QAAME,SAASA,UAAU;MAAE,CAAA;IAC3D;AACA,UAAMwB,MAAMX,YAAYM,MAAME,OAAO;EACvC;AAEA,SAAOR;AACT,GAxB0B;AA+B1B,IAAML,oBAAoB,wBAACV,SAAAA;AACzB,QAAM,EAAEG,QAAQC,OAAOC,aAAaC,UAAS,IAAKN;AAClD,QAAM6B,WAAW;IACfC,QAAQ;IACRC,SAAS;MACP,gBAAgB;MAChBC,eAAe,UAAU3B,WAAAA;IAC3B;IACA4B,MAAMpB,KAAKC,UAAU;MACnBoB,SAASC;MACTL,QAAQxB;MACRH;MACAiC,IAAIhC;IACN,CAAA;EACF;AACAO,SAAOC,MAAMiB,QAAAA;AACb,SAAOA;AACT,GAjB0B;;;ALdnB,SAASQ,6BAA6BC,UAA0B;AACrE,QAAMC,OAAOD,YAAYE,oBAAoBC;AAC7C,QAAMC,SAASH,KAAKI,aAAa;AAEjC,QAAMC,SAAS,IAAIC,WAAWH,UAAUH,KAAKO,UAAU,IAAI,EAAA;AAC3D,MAAIP,KAAKO,SAAS;AAChBF,WAAOG,IAAI;MAACR,KAAKO;KAAQ;EAC3B;AACAF,SAAOG,QAAIC,2BAAYN,MAAAA,GAASH,KAAKO,UAAU,IAAI,CAAA;AACnD,SAAOG,wBAAUC,OAAON,MAAAA;AAC1B;AAVgBP;AAYT,SAASc,uCAAuCb,UAA4Bc,iBAA4B;AAC7G,QAAMb,OAAOD,YAAYE,oBAAoBC;AAC7C,QAAMC,SAASH,KAAKI,YAAY,IAAIJ,KAAKI,YAAY;AAErD,MAAIS,iBAAiB;AACnB,QAAIA,gBAAgBV,WAAWA,QAAQ;AACrC,YAAMW,MAAM,wCAAwCD,gBAAgBV,MAAM,cAAcA,MAAAA,QAAcH,KAAKe,IAAI,EAAE;IACnH;AACA,eAAOC,2BAASH,iBAAiB,QAAA;EACnC;AACA,aAAOG,+BAASP,2BAAYN,MAAAA,GAAS,QAAA;AACvC;AAXgBS;AAuBT,IAAMK,sBAAsB,wBAACC,SAAAA;AAClC,QAAM,EAAEC,KAAKJ,KAAI,IAAKG;AACtB,UAAQH,MAAAA;IACN,KAAK,aAAa;AAChB,YAAMK,YAAQC,wBAAS,OAAOF,IAAIG,cAAc,KAAA;AAChD,aAAOC,yBAAWC,iBAAiBJ,OAAO,KAAA;IAC5C;IACA,KAAK,aAAa;AAKhB,YAAMK,UAAkBC,2BAAMP,IAAIG,cAAcP,MAAM;QAAEY,KAAKC,8BAAUC;QAAWV;MAAI,CAAA;AAMtF,YAAMW,YAAYC,KAAKC,UAAUP,KAAK,MAAM,CAAA;AAC5C,aAAO,SAAKT,+BAASiB,+BAAWH,SAAAA,GAAY,QAAA,CAAA;IAC9C;IACA;AACE,YAAM,IAAIhB,MAAM,8BAA8BC,IAAAA,EAAM;EACxD;AACF,GAxBmC;AA0B5B,IAAMmB,oBAAoB,wBAAChB,SAAAA;AAChC,QAAM,EAAEiB,cAAc,eAAe5B,UAAU,KAAI,IAAKW;AACxD,MAAIiB,gBAAgB,SAAS;AAC3B,UAAMrB,MAAM,uDAAuD;EACrE;AACA,SAAO,GAAGsB,kBAAkB;IAAED;IAAa5B;IAAS8B,QAAQF;EAAY,CAAA,CAAA;AAC1E,GANiC;AAQ1B,IAAMG,6BAA6B,wBAACpB,SAAAA;AACzC,QAAM,EAAEiB,cAAc,SAAS5B,UAAU,KAAI,IAAKW;AAClD,SAAO,GAAGkB,kBAAkB;IAAED;IAAa5B;IAAS8B,QAAQ;EAAgB,CAAA,CAAA;AAC9E,GAH0C;AAKnC,IAAME,yBAAyB,wBAACrB,SAAAA;AACrC,QAAM,EAAEiB,cAAc,SAAS5B,UAAU,KAAI,IAAKW;AAClD,QAAMsB,UAAU,GAAGJ,kBAAkB;IAAED;IAAa5B;IAAS8B,QAAQ;EAAe,CAAA,CAAA;AACpF,SAAO;IACLI,QAAQ,GAAGD,OAAAA;IACXE,OAAO,GAAGF,OAAAA;EACZ;AACF,GAPsC;AAS/B,IAAMG,6BAA6B,wBAAC,EAAER,aAAa5B,SAASQ,MAAMsB,SAASF,aAAaS,KAAI,MAAiB;AAClH,QAAMC,MAAM,GAAGT,kBAAkB;IAAED;IAAa5B;IAAS8B;EAAO,CAAA,CAAA,GAAKO,OAAO,IAAIA,IAAAA,KAAS,EAAA,gBAAkB7B,IAAAA;AAC3G+B,SAAOC,MAAM,kBAAkBF,GAAAA,EAAK;AACpC,SAAOA;AACT,GAJ0C;AAMnC,IAAMG,6BAA6B,8BACxC9B,MAOA+B,YAAAA;AAEA,QAAM,EAAEC,YAAYC,aAAaC,KAAKC,SAASC,mBAAkB,IAAKpC;AACtE,QAAMqC,qBAAqB,MAAMC,cAAcN,UAAAA;AAC/C,QAAMO,QAAQ,YAAYF,qBAAqBA,mBAAmBlD,OAAOoD,QAAQC;AAEjF,MACEJ,sBACA,YAAYC,sBACZ,WAAWD,sBACX,WAAWC,mBAAmBlD,UAC9B,OAAOkD,mBAAmBlD,WAAW,YACrCiD,mBAAmBG,UAAUF,mBAAmBlD,OAAOoD,OACvD;AACA,UAAME,KAAK,GAAA;AACX,WAAO,MAAMX,2BAA2B;MAAE,GAAG9B;MAAMoC;IAAmB,GAAGL,OAAAA;EAC3E;AAEA,MAAI,WAAWM,sBAAsB,CAAC,CAACA,mBAAmBK,OAAO;AAC/Dd,WAAOc,MAAM7B,KAAKC,UAAUuB,kBAAAA,CAAAA;AAC5B,UAAM,IAAIzC,MAAMyC,mBAAmBK,MAAMC,WAAW,wBAAA;EACtD;AACA,QAAMC,aAAcP,mBAAqClD;AAEzD,QAAM0D,kBAAkBhC,KAAKiC,MAAMjC,KAAKC,UAAU8B,UAAAA,CAAAA;AAClD,MAAIA,cAAc,aAAaA,cAAc,OAAOA,WAAWG,YAAY,YAAYH,WAAWG,QAAQC,YAAW,EAAGC,WAAW,IAAA,GAAO;AAExIJ,oBAAgBE,UAAUG,OAAOC,SAASP,WAAWG,SAAS,EAAA;EAChE;AACA,QAAMK,cAAc,MAAMrB,QAAQsB,MAAMC,oBAAoB;IAC1DpB;IACAqB,aAAaV;EACf,CAAA;AAEA,QAAMW,MAAMC,0BAAYC,KAAKN,WAAAA,EAAaO;AAC1C,QAAM,EAAEC,GAAGC,GAAGC,EAAC,IAAKN;AAEpB,QAAMO,aAAa,MAAMzB,cAAc;IACrC0B,QAAQ;MACN;QACEC,UAAU;QACVC,qBAAqBtB;QACrBgB;QACAC;QACAC,GAAG,KAAKA,EAAEhE,SAAS,EAAA,CAAA;QACnBqE,sBAAsBf;MACxB;;IAEFgB,WAAWC,cAAcC;IACzBC,OAAOlC,mBAAmBmC;IAC1BrC;IACAF;EACF,CAAA;AAEA,MAAI,YAAY8B,YAAY;AAC1B,UAAM,IAAInE,MAAMiB,KAAKC,UAAUiD,YAAY,MAAM,CAAA,CAAA;EACnD;AACA,SAAO;IAAE,GAAGA;IAAYxB;EAAM;AAChC,GAlE0C;AAoEnC,IAAMkC,2BAA2B,8BACtCzE,MAMA+B,YAAAA;AAEA,QAAM,EAAE2C,SAASC,SAASC,KAAKC,gBAAgB,MAAK,IAAK7E;AACzD,MAAI8E,gBAAgBpF,uCAClBX,oBAAoBC,IACpB0F,SAASI,oBAAgB/D,+BAAW2D,QAAQI,eAAe,QAAA,IAAYtC,MAAAA;AAEzE,MAAIsC,cAAc7B,WAAW,IAAA,GAAO;AAClC6B,oBAAgBA,cAAcC,UAAU,CAAA;EAC1C;AACA,MAAI,CAACD,iBAAiBA,cAAc7F,WAAW,IAAI;AACjD,UAAM,IAAIW,MAAM,+CAAA;EAClB;AACA,QAAMoF,gBAAgB,MAAMC,uBAAuB;IAAEhF,KAAK;MAAE,GAAGyE;MAASI;IAAc;IAAGjF,MAAM8E;IAASC;EAAI,CAAA;AAE5G,MAAID,YAAY,aAAa;AAC3BK,kBAAcE,OAAO;MACnB,GAAGF,cAAcE;MACjBC,MAAM;QACJC,UAAU;QACVP;MACF;IACF;EACF;AACA,SAAOG;AACT,GAhCwC;AAkCjC,IAAMC,yBAAyB,8BAAOjF,SAAAA;AAC3C,QAAM,EAAEC,KAAK2E,IAAG,IAAK5E;AACrB,QAAMqF,uBAAsD;IAAE,GAAGpF;EAAI;AACrE,QAAMJ,OAAOG,KAAKC,KAAKJ,QAAQG,KAAKH;AACpCwF,uBAAqBT,MAAMA;AAC3BS,uBAAqBxF,OAAOA;AAC5B,MAAI,CAACwF,qBAAqBP,eAAe;AACvC,UAAMlF,MAAM,4CAA4C;EAC1D;AAEAyF,uBAAqBH,OAAO;IAC1BI,UAAUC,iBAAiB;MAAEtF;IAAI,CAAA,KAAMuF,YAAY;MAAEvF;MAAKJ;IAAK,CAAA;IAC/D4F,mBAAeC,kDAA6B;MAC1CzF,KAAKoF;MACLM,iBAAiB;IACnB,CAAA;EACF;AACA,SAAON;AACT,GAlBsC;AAoB/B,IAAME,mBAAmB,wBAACvF,SAAAA;AAC/B,QAAM,EAAEC,IAAG,IAAKD;AAChB,MAAIC,KAAKqF,YAAYrF,IAAIqF,SAASrG,SAAS,GAAG;AAC5C,YAAQgB,IAAIJ,MAAI;MACd,KAAK,aAAa;AAChB,YAAII,KAAKqF,YAAYrF,IAAIqF,SAASrG,SAAS,KAAKgB,IAAIqF,UAAUM,SAASC,qBAAqBC,oBAAoB,GAAG;AACjH,iBAAO7F,IAAIqF;QACb;AACA,cAAM,IAAI1F,MAAM,iCAAiCiG,qBAAqBC,oBAAoB,UAAU;MACtG;MACA,KAAK,aAAa;AAChB,YACE7F,KAAKqF,YACLrF,IAAIqF,SAASrG,SAAS,KACtBgB,IAAIqF,SAASM,SAASC,qBAAqBE,eAAe,KAC1D9F,IAAIqF,SAASM,SAASC,qBAAqBG,cAAc,GACzD;AACA,iBAAO/F,IAAIqF;QACb;AACA,cAAM,IAAI1F,MACR,gCAAgC;UAACiG,qBAAqBE;UAAiBF,qBAAqBG;UAAgBC,KAAK,IAAA,CAAA,WAAgB;MAErI;MACA;AACE,cAAM,IAAIrG,MAAM,yBAAyBK,IAAIJ,IAAI,EAAE;IACvD;EACF;AACA,SAAOI,KAAKqF;AACd,GA5BgC;AA8BzB,IAAME,cAAc,wBAACxF,SAAAA;AAC1B,QAAM,EAAEC,KAAKJ,KAAI,IAAKG;AACtB,MAAI,CAACC,KAAKqF,YAAYrF,IAAIqF,SAASrG,WAAW,GAAG;AAC/C,YAAQY,MAAAA;MACN,KAAK;AACH,eAAO;UAACgG,qBAAqBC;;MAC/B,KAAK;AACH,eAAO;UAACD,qBAAqBE;UAAiBF,qBAAqBG;;MACrE;AACE,cAAM,IAAIpG,MAAM,yBAAyBK,KAAKJ,IAAAA,EAAM;IACxD;EACF;AACA,SAAOI,IAAIqF;AACb,GAb2B;AAepB,IAAMY,cAAc,6BAAA;AACzB,SAAOC,KAAKC,MAAMD,KAAKE,OAAM,IAAKnD,OAAOoD,gBAAgB;AAC3D,GAF2B;AAIpB,IAAMC,wBAAwB,8BAAOvG,MAA2B+B,YAAAA;AACrE,QAAM,EACJyE,iBACAC,YAAYN,KAAKC,MAAMM,KAAKC,IAAG,IAAK,MAAO,EAAA,GAC3CC,WAAWT,KAAKC,MAAMM,KAAKC,IAAG,IAAK,MAAO,KAAK,MAAM,KAAK,KAAK,EAAA,GAC/DE,cACAC,WAAU,IACR9G;AACJ,QAAM,EAAE+G,UAAUC,aAAa/F,aAAagG,iBAAgB,IAAKT;AACjE,QAAM3B,oBAAgBqC,sCAAiB;IAAEJ;EAAW,CAAA;AACpD,QAAMK,gBAAYC,6BAAQ;IAAEN;IAAYnC,SAAS;EAAY,CAAA,IAAK,CAAA;AAClE,MAAI,EAAE0C,sBAAsBC,mCAAkC,IAAKd;AAEnE,MAAI,CAAC3B,iBAAiB,CAACsC,WAAW;AAChC,WAAOI,QAAQC,OAAO,yEAAyEV,UAAAA,EAAY;EAC7G;AACA,QAAMpD,WAAO+D,+CAA0B;IAAExH,KAAK4E;EAAc,CAAA;AAC5D,MAAI,CAACnB,MAAM;AACT,WAAO6D,QAAQC,OAAO5H,MAAM,wCAAwCiF,cAAczE,YAAY,EAAE,CAAA;EAClG;AACA,QAAMsH,MAAMZ,WAAWY;AACvB,QAAMxF,MAAM2C,cAAc3C;AAC1B,QAAMyF,SAAS;IAAEb;IAAY5E;EAAI;AACjC,MAAIqC,QAAQvE,KAAKuE,SAAS2B,YAAAA;AAC1B,QAAM/D,UAAU;IACdlB;IACA5B,SAAS;EACX;AAEA,QAAMuI,UAAU5H,KAAKwG,gBAAgBoB,WAAW,GAAGb,QAAAA,0BAAkCc,mBAAmBf,WAAWY,GAAG,CAAA;AAEtH,MAAI,CAACL,sBAAsB;AACzBS,YAAQC,IAAI,iDAAiD;AAC7D,UAAMC,gBAAgB,MAAMjG,QAAQsB,MAAM4E,oCAAoC;MAC5EhB;MACAU;MACAO,SAAS;QAAC;;MACVnB;MACAC;MACAmB,gBAAgB;MAChBC,mBAAmB;QAAEC,KAAKtB;QAAUuB,mBAAmBC,+CAAwBC;QAAgBZ;MAAQ;IACzG,CAAA;AACA,UAAMa,oBAAoB,MAAM1G,QAAQsB,MAAMqF,mBAAmB;MAC/D3B;MACAiB;MACAW,MAAM;QAAEC,SAAS;MAAQ;IAC3B,CAAA;AACAvB,2BAAuBoB,kBAAkBI,YAAY,CAAA,EAAGC;AACxDhB,YAAQC,IAAI,mCAAmCV,oBAAAA;EACjD;AAEA,QAAM0B,+BAA+B,MAAMhH,QAAQsB,MAAM2F,mBAAmB;IAC1EC,gBAAgB3B;IAChB4B,uBAAuB7B;IACvBO;IACAuB,OAAO;IACPxB;IACAX;IACAC;IACAF;IACA9F;IACAmI,mBAAmB;EACrB,CAAA;AAEA,QAAMC,sBAAsB;IAC1BrF,QAAQ;MACN;QACEN;QACAgE;QACAb,cAAcA,gBAAgByC;QAC9BC,eAAWC,4CAAuB;UAAEjJ,SAAKC,2BAAMqE,cAAczE,cAAc,WAAA;QAAa,CAAA;QACxFqJ,aAAa;QACbC,WAAW3J,oBAAoB;UAAEE,KAAK4E;UAAehF,MAAM;QAAY,CAAA;QACvE4G;QACAG;MACF;;IAEFxC,WAAWC,cAAcsF;IACzBpF;IACApC;IACAF,aAAa8G,6BAA6Ba,oBAAoBC;EAChE;AAEA,QAAMC,uBAAuB,MAAMhI,2BACjC;IACEE,YAAYqH;IACZnH;IACAD,aAAa8G,6BAA6Ba,oBAAoBC;IAC9D1H;EACF,GACAJ,OAAAA;AAGF,MAAIgI,aAAa,MAAMC,6BAA6B;IAClDtC;IACA,GAAGvF;IACH8H,aAAa;IACbC,iBAAiB;IACjBC,eAAe;IACfC,2BAA2B;EAC7B,CAAA;AACA,MAAI,CAACL,WAAWM,aAAa;AAC3B,UAAMzK,MAAM,OAAO8H,GAAAA,uCAA0CvF,QAAQlB,WAAW,gBAAgB;EAClG;AACAW,SAAOC,MAAM,iBAAiB6F,GAAAA,eAAkBvF,QAAQlB,WAAW,SAAS8I,WAAWO,gBAAgB,GAAA,eAAmBP,WAAWQ,KAAK,QAAQ;AAGlJ5C,SAAOzF,UAAMwD,kDAA6B;IAAEzF,KAAK4E;EAAc,CAAA;AAE/D,QAAM2F,2BAA2B,MAAMzI,QAAQsB,MAAM2F,mBAAmB;IACtEC,gBAAgB3B;;IAEhBM;IACAuB,OAAO;IACPxB;IACAX;IACAC,kBAAkBzE;IAClBuE;IACA9F;IACAmI,mBAAmB;EACrB,CAAA;AAEA,QAAMG,gBAAYC,4CAAuB;IAAEjJ,SAAKC,2BAAM2G,UAAU/G,cAAc,WAAA;EAAa,CAAA;AAC3F,QAAMsJ,YAAY3J,oBAAoB;IAAEE,KAAKkH;IAAWtH,MAAM;EAAY,CAAA;AAC1E,QAAM4K,+BAA+B;IACnCzG,QAAQ;MACN;QACEN;QACAgE;QACA+B,aAAa;QACbF;QACAG;MACF;;IAEFtF,WAAWC,cAAcqG;IACzBnG;IACApC;IACAF,aAAauI,yBAAyBZ,oBAAoBC;EAC5D;AAEA,QAAMc,gCAAgC,MAAM7I,2BAC1C;IACEE,YAAYyI;IACZrI,oBAAoB0H;IACpB5H;IACAD,aAAauI,yBAAyBZ,oBAAoBC;IAC1D1H;EACF,GACAJ,OAAAA;AAKF,QAAMU,KAAK,GAAA;AAEX,QAAMmI,wCAAwC;IAC5C5G,QAAQ;MACN;QACEN;QACAgE;QACA6B;QACAsB,MAAM;QACNjE;QACAH;MACF;;IAEFrC,WAAWC,cAAcyG;IACzBvG;IACApC;IACAF,aAAauI,yBAAyBZ,oBAAoBC;EAC5D;AAEA,QAAMkB,yCAAyC,MAAMjJ,2BACnD;IACEE,YAAY4I;IACZxI,oBAAoBuI;IACpBzI;IACAD,aAAauI,yBAAyBZ,oBAAoBC;IAC1D1H;EACF,GACAJ,OAAAA;AAGFgI,eAAa,MAAMC,6BAA6B;IAC9CtC;IACA,GAAGvF;IACH8H,aAAa;IACbE,eAAe;IACfC,2BAA2B;IAC3BY,iBAAiB;MAAEC,iBAAiB;QAAC,GAAGvD,GAAAA,IAAO6B,SAAAA;;IAAa;EAC9D,CAAA;AACA,MAAI,CAACQ,WAAWM,aAAa;AAC3B,UAAMzK,MAAM,OAAO8H,GAAAA,uBAA0B6B,SAAAA,uCAAgDpH,QAAQlB,WAAW,gBAAgB;EAClI;AACAW,SAAOC,MACL,6BAA6B0H,SAAAA,YAAqB7B,GAAAA,eAAkBvF,QAAQlB,WAAW,SAAS8I,WAAWO,gBAAgB,GAAA,eAAmBP,WAAWQ,KAAK,QAAQ;AAGxK,QAAMW,uCAAuC;IAC3ClH,QAAQ;MACN;QACEN;QACAgE;QACA6B;QACAsB,MAAM;QACNjE;QACAH;MACF;;IAEFrC,WAAWC,cAAcyG;IACzBvG;IACApC;IACAF,aAAauI,yBAAyBZ,oBAAoBC;EAC5D;AAEA,QAAMsB,wCAAwC,MAAMrJ,2BAClD;IACEE,YAAYkJ;IACZ9I,oBAAoB2I;IACpB7I;IACAD,aAAauI,yBAAyBZ,oBAAoBC;IAC1D1H;EACF,GACAJ,OAAAA;AAGF,SAAO;IACL+E;IACAsE,cAActB;IACduB,uBAAuBV;IACvBW,+BAA+BH;IAC/BI,gCAAgCR;EAClC;AACF,GAzOqC;;;AD5QrC,kBAAmB;AACnB,IAAAS,kBAA8B;AAEvB,IAAMC,qBAAoC;EAC/C;EACA;EACA;EACA;EACA;EACA;EACA;;AAGK,IAAMC,cAAN,MAAMA;EAzCb,OAyCaA;;;EACFC,SAASA,OAAOC;EAChBC,UAAwB;IAC/BC,uBAAuB,KAAKA,sBAAsBC,KAAK,IAAI;IAC3DC,uBAAuB,KAAKA,sBAAsBD,KAAK,IAAI;IAC3DE,6BAA6B,KAAKA,4BAA4BF,KAAK,IAAI;IACvEG,+BAA+B,KAAKA,8BAA8BH,KAAK,IAAI;IAC3EI,oBAAoB,KAAKA,mBAAmBJ,KAAK,IAAI;IACrDK,qCAAqCA,oCAAoCL,KAAK,IAAI;IAClFM,oBAAoBA,mBAAmBN,KAAK,IAAI;EAClD;EAEA,MAAcD,sBAAsBQ,MAA2BC,SAAiE;AAC9H,WAAO,MAAMC,sBAA8BF,MAAMC,OAAAA;EACnD;EAEA,MAAcP,sBAAsBM,MAA8D;AAChG,UAAMG,MAAMC,2BAA2BJ,IAAAA;AACvC,WAAO,OACL,UAAMK,oBAAAA,SAAMF,KAAK;MACfG,QAAQ;MACRC,SAAS;QACPC,QAAQ;MACV;IACF,CAAA,GACAC,KAAI;EACR;EAEA,MAAcd,4BAA4BK,MAAwE;AAChH,UAAMU,oBAAwC,MAAM,KAAKhB,sBAAsB;MAC7E,GAAGM;MACHW,MAAM;IACR,CAAA;AACA,WAAO,OACL,UAAMN,oBAAAA,SAAM,GAAGK,kBAAkBE,QAAQ,IAAI;MAC3CN,QAAQ;MACRC,SAAS;QACPC,QAAQ;MACV;IACF,CAAA,GACAC,KAAI;EACR;EAEA,MAAcb,8BAA8BI,MAAiF;AAC3H,UAAM,EAAEa,OAAOC,SAASC,eAAc,IAAKf;AAC3C,UAAMU,oBACJK,kBACC,MAAM,KAAKrB,sBAAsB;MAChC,GAAGoB;MACHH,MAAM;MACNK,QAAQF,SAASG,OAAO,kBAAkBH,SAASE;MACnDE,SAASJ,SAASI,WAAW;IAC/B,CAAA;AACF,WAAQ,OACN,UAAMb,oBAAAA,SAAM,GAAGK,kBAAkBS,gCAAgC,mBAAmBN,KAAAA,IAAS;MAC3FP,QAAQ;MACRC,SAAS;QACPC,QAAQ;MACV;IACF,CAAA,GACAC,KAAI;EACR;EAEA,MAAcZ,mBAAmBG,MAAkCC,SAA0D;AAC3H,UAAM,EAAEY,OAAOO,QAAQC,SAASC,UAAUC,0BAA0BC,aAAaC,aAAaC,oBAAoB,MAAK,IAAK1B;AAC5H,UAAM2B,aAAa,MAAM1B,QAAQ2B,MAAMC,0BAA0BT,MAAAA;AACjEU,YAAQC,IAAI,4BAA4BJ,WAAWK,GAAG,WAAWnB,KAAAA,iBAAsBS,QAAAA,uBAA+BI,iBAAAA,KAAsB;AAC5I,UAAMX,iBAAiB,MAAM,KAAKrB,sBAAsB;MACtD+B;MACAP,SAAS;MACTD,MAAMgB;MACNjB,QAAQ;MACRL,MAAM;IACR,CAAA;AACA,UAAMuB,qBAAqB,MAAM,KAAKtC,8BAA8B;MAClE,GAAGI;MACHe;MACAD,SAAS;QAAEW;QAAaP,SAAS;QAAMP,MAAM;MAAuB;IACtE,CAAA;AACA,UAAMwB,sBAAsBD,mBAAmBE,kBAAkBC,SAAS;AAC1EP,YAAQC,IAAI,eAAeG,kBAAAA;AAE3B,QAAI,CAACC,qBAAqB;AAGxBL,cAAQQ,KAAK,0CAA0CzB,KAAAA,EAAO;IAChE;AAEA,QAAI0B,wBAAwBvC,KAAKuC;AAEjC,QAAIJ,uBAAuB,CAACI,uBAAuB;AACjD,UAAIhB,4BAA4BA,yBAAyBc,SAAS,GAAG;AACnE,cAAMG,YAAY,MAAMvC,QAAQ2B,MAAMa,+BAA+B;UACnEC,wBAAwBR;UACxBS,sBAAsB;YAAEC,gBAAgB5C,KAAK4C;YAAgBC,uBAAuBtB;UAAyB;QAC/G,CAAA;AACA,YAAIiB,UAAUM,oBAAoBT,SAAS,GAAG;AAC5C,gBAAMU,WAAWP,UAAUM,oBACxBE,IAAI,CAACC,SAASC,mCAAiBC,oBAAoBF,MAAM;YAAEG,QAAQC;UAAc,CAAA,CAAA,EACjFC,OAAO,CAACL,SAAAA;AACP,gBAAI,CAACA,KAAKM,gBAAgB;AACxB,qBAAON;YACT,WAAW,IAAIO,KAAKP,KAAKM,cAAc,EAAGE,QAAO,KAAMD,KAAKE,IAAG,GAAI;AACjE,qBAAOT;YACT;AACA,mBAAOhB;UACT,CAAA,EACCqB,OAAO,CAACL,SAAS,CAAC,CAACA,IAAAA;AACtB,cAAIF,SAASV,SAAS,GAAG;AACvBE,oCAAwBQ,SAAS,CAAA;UACnC;QACF;MACF;AACA,UAAI,CAACR,uBAAuB;AAC1BT,gBAAQC,IAAI,kFAAkF;AAC9F,cAAM4B,mBAAmB3D,KAAK2D,oBAAoBC,kBAAkB;UAAEnC;QAAY,CAAA;AAClF,cAAMoC,gBAAgB,MAAM5D,QAAQ2B,MAAM9B,oCAAoC;UAC5E6D;UACAvC;UACA0C,SAAS;YAAC;;UACVxC;UACAE;UACAuC,mBAAmB;YACjBC,KAAK1C;YACL2C,mBAAmBC,+CAAwBC;YAC3C9C;UACF;UACA+C,gBAAgB;QAClB,CAAA;AACA,cAAMC,oBAAoB,MAAMpE,QAAQ2B,MAAM7B,mBAAmB;UAC/D8D;UACAvC;UACAgD,MAAM;YAAEC,SAAS;UAAO;QAC1B,CAAA;AAEAhC,gCAAwB8B,kBAAkBG,YAAY,CAAA,EAAIC;MAC5D;IACF;AAuCA,UAAMC,yBAAyB;MAAEC,QAAIC,gBAAAA;MAAMC,eAAe3C,mBAAmByC;MAAIG,gBAAgB,CAAA;IAAG;AAMpGhD,YAAQC,IAAI,2BAA2B2C,sBAAAA;AACvC,UAAMK,mBAAmB;MACvBC,YAAY;;MAEZC,UAAU;MACVpE;MACAqE,yBAAyBR;MACzB5D,SAAS;QAAEW;QAAaP,SAAS;MAAK;MACtCH;IACF;AAEAe,YAAQC,IAAI;EAA4BoD,KAAKC,UAAUL,gBAAAA,CAAAA,EAAmB;AAC1E,UAAMM,sBAAsB,MAAM,KAAKC,eAAeP,gBAAAA;AAEtDjD,YAAQC,IAAI;EAA6BoD,KAAKC,UAAUC,mBAAAA,CAAAA,EAAsB;AAC9E,QAAI,EAAE,kBAAkBA,sBAAsB;AAC5C,YAAME,MAAM,mBAAmBJ,KAAKC,UAAUC,mBAAAA,CAAAA,EAAsB;IACtE;AAEA,WAAO;MACLA;;MAEAxE;;MAEAc;IACF;EACF;EAEA,MAAc2D,eAAetF,MAA2D;AACtF,UAAM,EAAEgF,aAAa,YAAYnE,OAAOoE,UAAUC,yBAAyBpE,SAASC,eAAc,IAAKf;AACvG,UAAMU,oBACJK,kBACC,MAAM,KAAKrB,sBAAsB;MAChC,GAAGoB;MACHH,MAAM;IACR,CAAA;AACF,UAAM6E,UAAU;MACdR;MACAnE,OAAO,UAAUA,KAAAA;MACjBoE;MACAC,yBAAyBC,KAAKC,UAAUF,uBAAAA;IAC1C;AACA,WAAO,OACL,UAAM7E,oBAAAA,SAAM,GAAGK,kBAAkB+E,cAAc,IAAI;MACjDnF,QAAQ;MACRC,SAAS;QACPmF,aAAa;QACblF,QAAQ;MACV;MACAmF,MAAM,IAAIC,gBAAgBJ,OAAAA;IAC5B,CAAA,GACA/E,KAAI;EACR;AACF;;;AQrPO,IAAKoF,YAAAA,0BAAAA,YAAAA;;SAAAA;;;;AC/BZ,IAAAC,sBAA4D;AAC5D,IAAAA,sBAA4E;AAG5E,yBAA2C;AAC3C,mBAAkB;AAYlB,IAAMC,YAAQC,aAAAA,SAAM,4BAAA;AAEb,IAAMC,kBAAN,MAAMA,yBAAwBC,8CAAAA;EAnBrC,OAmBqCA;;;EACnC,OAAgBC,WAAW;EACVC;EACAC;EAEjB,YAAYC,SAAqD;AAC/D,UAAK;AACL,SAAKF,aAAaE,QAAQF;AAC1B,SAAKC,UAAUC,QAAQD;EACzB;EAEA,MAAME,iBAAiBC,MAA6BC,SAAmE;AACrH,UAAM,EAAEC,MAAMJ,SAASK,MAAM,KAAKP,YAAYQ,MAAK,IAAKJ;AACxD,UAAM,EACJK,WACAC,UACAC,cACAC,cACAC,MACAC,iBACAC,yBAAyB,CAAC,CAACX,KAAKF,SAASY,iBACzCE,mBAAmBC,6BAA6BC,oBAAoBC,EAAE,GACtEC,cACAC,SAAQ,IACN;MAAE,GAAGnB;IAAQ;AAEjB,QAAIa,0BAA0B,CAACD,iBAAiB;AAC9C,YAAM,IAAIQ,MAAM,mEAAA;IAClB;AACA,UAAMC,QAAQrB,SAASqB,SAASC,YAAAA;AAEhC,QAAIlB,SAASY,oBAAoBO,KAAK;AACpC,aAAOC,QAAQC,OAAOL,MAAM,QAAQhB,IAAAA,gGAAoG,CAAA;IAC1I,WAAW,CAACC,KAAK;AACf,aAAOmB,QAAQC,OAAOL,MAAM,uBAAuB,CAAA;IACrD,WAAWT,QAAQA,KAAKe,SAAS,KAAK,CAACb,wBAAwB;AAC7D,aAAOW,QAAQC,OAAOL,MAAM,+GAA+G,CAAA;IAC7I;AAGA,UAAMO,qBAAqB,MAAMC,yBAC/B;MACEC,SAASpB;MACTqB,SAAS;MACTzB;MACA0B,eAAe;IACjB,GACA5B,OAAAA;AAEF,UAAM6B,0BAA0B,MAAM7B,QAAQ8B,MAAMC,iBAAiBP,kBAAAA;AAGrE,UAAMQ,qBAAqB,MAAMP,yBAC/B;MACEC,SAASnB;MACToB,SAAS;MACTzB;IACF,GACAF,OAAAA;AAGF,UAAMiC,0BAA0B,MAAMjC,QAAQ8B,MAAMC,iBAAiBC,kBAAAA;AAErE,UAAME,aAA0B;MAC9BC,KAAKtC,QAAQsC,OAAOtC,QAAQsC,IAAIC,WAAW,WAAA,IAAevC,QAAQsC,MAAM,GAAGtB,oBAAoBC,GAAGuB,MAAM,GAAG1B,gBAAAA;MAC3G2B,iBAAiBT,wBAAwBU;MACzC/B,MAAM;QAACqB;QAAyBI;;MAChC9B;MACAa,UAAUA,YAAY,CAAA;MACtBwB,UAAUhD,iBAAgBE;IAC5B;AAEA,UAAME,UAAU;MAAE,GAAG,KAAKA;IAAQ;AAClC,QAAI,CAACA,QAAQ6C,aAAa;AACxB7C,cAAQ6C,cAAchC,iBAAiBgC,eAAe;IACxD;AACA,QAAI,CAAC7C,QAAQ8C,SAAS;AACpB9C,cAAQ8C,UAAU;IACpB;AAEA,QAAIhC,wBAAwB;AAE1B,YAAMiC,sBACJ;QACET;QACAnB;QACAN;QACAS;QACAd;QACAC;MACF,GACAL,OAAAA;AAEF,UAAIQ,QAAQA,KAAKe,SAAS,GAAG;AAC3B,mBAAWG,WAAWlB,MAAM;AAC1B,gBAAMoC,MAAM,MAAMnB,yBAChB;YACEC;YACAC,SAASD,QAAQzB,QAAQ;YACzBC;UACF,GACAF,OAAAA;AAEF,gBAAM6C,iBAAiB,MAAM7C,QAAQ8B,MAAMC,iBAAiBa,GAAAA;AAC5DE,kBAAQC,KAAK,wCAAwCF,cAAAA;QACvD;MACF;IACF;AAEAvD,UAAM,WAAW4C,WAAWC,GAAG;AAC/B,WAAOD;EACT;EAEA,MAAMc,OACJjD,MAUAC,SACc;AACd,UAAM,EAAEkC,YAAYU,KAAK/C,QAAO,IAAKE;AACrC,UAAM,EAAEkD,aAAaC,iBAAiBtD,SAASsB,QAAQC,YAAAA,EAAa,IAAKtB;AACzE,QAAIqD,gBAAgB3B,WAAW,GAAG;AAChC,aAAOF,QAAQC,OAAOL,MAAM,8CAA8C,CAAA;IAC5E;AACA,UAAMW,oBAAgBuB,sCAAiB;MAAEjB;IAAW,CAAA;AACpD,UAAMkB,WAAOC,+CAA0B;MAAET,KAAKhB;IAAc,CAAA;AAC5D,UAAMW,MAAMX,cAAcW;AAC1B,UAAMJ,MAAMD,WAAWC;AAEvB,UAAMmB,+BAA+B;MACnCC,QAAQ;QACN;UACEH;UACAjB;UACAqB,aAAa;UACbC,eAAWC,4CAAuB;YAAEC,SAAKC,2BAAMhB,IAAIiB,cAAcjB,IAAI3C,IAAI;UAAE,CAAA;UAC3E6D,WAAWC,oBAAoB;YAAEnB;YAAU3C,MAAM2C,IAAI3C;UAAK,CAAA;QAC5D;;MAEF+D,WAAWC,cAAcC;MACzBhD;MACAtB;MACAqD;IACF;AAEA,QAAIkB,cAAc,MAAMC,2BACtB;MACEC,YAAYf;MACZf;MACAU;MACArD;IACF,GACAI,OAAAA;AAGF,UAAMyD,gBAAYa,kDAA6B;MAAE1B;IAAI,CAAA;AACrD,eAAW2B,sBAAsBrB,iBAA6B;AAC5D,YAAMsB,2CAA2C;QAC/CjB,QAAQ;UACN;YACEH;YACAjB;YACAsB;YACAgB,MAAMF;YACNlE,UAAUqE,KAAKC,IAAG,IAAK,MAAO;YAC9BvE,WAAWsE,KAAKC,IAAG,IAAK,MAAO,IAAI,MAAM,KAAK,KAAK;UACrD;;QAEFX,WAAWC,cAAcW;QACzB1D;QACAtB;QACAqD;MACF;AACAkB,oBAAc,MAAMC,2BAClB;QACEC,YAAYG;QACZK,oBAAoBV;QACpB5B;QACAU;QACArD;MACF,GACAI,OAAAA;IAEJ;EACF;EAEA,MAAM8E,WACJ/E,MASAC,SACc;AACd,UAAM,EAAEkC,YAAY6C,SAASlF,QAAO,IAAKE;AACzC,UAAM,EAAEkD,aAAarD,SAASsB,QAAQC,YAAAA,EAAa,IAAKtB;AACxD,UAAM+B,oBAAgBuB,sCAAiB;MAAEjB;IAAW,CAAA;AACpD,UAAMkB,WAAOC,+CAA0B;MAAET,KAAKhB;IAAc,CAAA;AAC5D,UAAMO,MAAMD,WAAWC;AACvB,UAAMI,MAAMX,cAAcW;AAE1B,UAAMyC,oBAAoB;MACxBzB,QAAQ;QACN;UACEH;UACAjB;UACA4C;QACF;;MAEFf,WAAWC,cAAcgB;MACzB/D;MACAtB;MACAqD;IACF;AAEA,WAAO,MAAMmB,2BACX;MACEC,YAAYW;MACZzC;MACAU;MACArD;IACF,GACAI,OAAAA;EAEJ;EAEAkF,iBAAiBnF,MAAmBC,SAAuD;AACzF,WAAOqB,QAAQ8D,QAAQ,IAAA;EACzB;EAEAC,UACErF,MAKAC,SACc;AACd,UAAM,IAAIiB,MAAM,iDAAiD;EACnE;EAEAoE,cACEtF,MAKAC,SACc;AACd,UAAM,IAAIiB,MAAM,iDAAiD;EACnE;;EAGA,MAAMqE,iBAAiBvF,MAA8BC,SAAyE;AAC5H,UAAM,IAAIiB,MAAM,iDAAiD;EACnE;AACF;;;AC9RA,0BAAwG;AACxG,IAAAsE,sBAA4B;AAE5B,IAAMC,iBAA8B,8BAClCC,QACAC,SACAC,WACAC,YAAAA;AAEA,QAAMC,WAAW,IAAIC,6BAAS;IAAE,OAAGC,iCAAAA;EAAc,CAAA;AACjD,SAAOF,SAASG,QAAQP,QAAQG,OAAAA;AAClC,GARoC;AAU7B,SAASK,qBAAAA;AACd,SAAO;IAAEC,KAAKV;EAAe;AAC/B;AAFgBS;;;AXXT,IAAME,SAASC,0BAAQC,QAAQC,QAAQ,yBAAyB;EACrEC,iBAAiBC,2BAASC;EAC1BC,SAAS;IAACC,4BAAUC;IAASD,4BAAUE;;AACzC,CAAA,EAAGC,IAAI,uBAAA;AACP,IAAMC,SAASC;","names":["module","import_ssi_types","import_oid4vci_common","import_ssi_types","import_cross_fetch","import_oid4vci_common","import_ssi_sdk_ext","import_oid4vci_common","import_ssi_sdk_ext","import_ssi_sdk","import_ssi_sdk","addContactCallback","context","oid4vciMachine","state","serverMetadata","hasContactConsent","contactAlias","Promise","reject","Error","issuerUrl","URL","issuer","correlationId","protocol","hostname","issuerName","getIssuerName","credentialIssuerMetadata","party","contact","displayName","legalName","partyType","id","origin","PartyOrigin","EXTERNAL","type","PartyTypeType","ORGANIZATION","name","tenantId","uri","identities","alias","roles","CredentialRole","ISSUER","IdentityOrigin","identifier","CorrelationIdentifierType","connection","ConnectionType","OPENID_CONNECT","config","clientId","clientSecret","scopes","redirectUrl","dangerouslyAllowInsecureHttpRequests","clientAuthMethod","onCreate","contacts","agent","cmGetContacts","filter","length","cmAddContact","contactType","send","OID4VCIMachineEvents","CREATE_CONTACT","data","onConsentChange","hasConsent","SET_CONTACT_CONSENT","onAliasChange","SET_CONTACT_ALIAS","startsWith","replace","toString","handleErrorCallback","console","error","event","logger","trace","selectCredentialsCallback","credentialToSelectFrom","selectedCredentials","info","join","NEXT","onSelectType","log","SET_SELECTED_CREDENTIALS","map","sel","credentialId","authorizationCodeUrlCallback","authReqResult","vpLinkHandler","url","authorizationCodeURL","onOpenAuthorizationUrl","INVOKED_AUTHORIZATION_CODE_REQUEST","response","fetch","redirect","status","openidUri","headers","get","undefined","includes","decoded","decodeUriAsJson","error_description","JSON","stringify","text","kid","authKey","meta","jwkThumbprint","did","handle","idOpts","kmsKeyRef","reviewCredentialsCallback","credentialsToAccept","siopDoneCallback","oid4vpMachine","authorizationResponseData","queryParams","code","interpreter","PROVIDE_AUTHORIZATION_CODE_RESPONSE","ebsiCreateAttestationAuthRequestURL","clientId","clientIdArg","credentialIssuer","credentialType","idOpts","redirectUri","requestObjectOpts","formats","context","logger","info","resolution","agent","identifierManagedGetByDid","identifier","provider","Error","did","authKey","getAuthenticationKey","offlineWhenNoDIDRegistered","noVerificationMethodFallback","keyType","kid","meta","jwkThumbprint","calculateJwkThumbprintForKey","key","vciClient","OpenID4VCIClient","fromCredentialIssuer","createAuthorizationRequestURL","retrieveServerMetadata","allMatches","arrayMatches","Array","isArray","Object","entries","map","id","supported","supportedConfigurations","filter","getTypesFromCredentialSupported","filterVerifiableCredential","includes","format","length","join","authorizationDetails","credential_configuration_id","type","credential_identifiers","signCallbacks","signCallback","authorizationRequestOpts","authorizationCodeURL","createAuthorizationRequestUrl","authorizationRequest","jwaAlg","signatureAlgorithmFromKey","Alg","Promise","reject","alg","requestData","flowType","AuthzFlowType","AUTHORIZATION_CODE_FLOW","uri","existingClientState","JSON","parse","exportState","accessTokenOpts","clientOpts","clientAssertionType","didMethodPreferences","SupportedDidMethodEnum","DID_EBSI","DID_KEY","ebsiGetAttestationInterpreter","authReqResult","walletType","vciStateCallbacks","Map","vpStateCallbacks","oid4vciMachine","oid4vciHolderGetMachineInterpreter","issuanceOpt","supportedPreferredDidMethod","stateNavigationListener","OID4VCICallbackStateListener","vpLinkHandler","Siopv2OID4VPLinkHandler","protocols","noStateMachinePersistence","OID4VPCallbackStateListener","set","Siopv2MachineStates","done","siopDoneCallback","handleError","handleErrorCallback","error","OID4VCIMachineStates","addContact","addContactCallback","selectCredentials","selectCredentialsCallback","initiateAuthorizationRequest","authorizationCodeUrlCallback","reviewCredentials","reviewCredentialsCallback","interpreter","ebsiGetAttestation","opts","timeout","agentContext","state","waitFor","start","matches","contactAlias","contact","credentialBranding","credentialsToAccept","stringify","result","identifierManagedGet","credentials","getEbsiApiBaseUrl","environment","version","system","wait","timeoutInMS","Promise","resolve","setTimeout","import_cross_fetch","ebsiGetDidDocument","args","params","apiOpts","did","validAt","Error","query","response","fetch","ebsiGetRegistryAPIUrls","textBody","text","json","startsWith","JSON","parse","undefined","status","Promise","reject","ebsiWaitTillDocumentAnchored","startIntervalMS","minIntervalMS","decreaseIntervalMSPerStep","maxWaitTime","version","environment","searchForObject","interval","totalWaitTime","didDocument","count","logCalback","logger","debug","didDocAsStr","stringify","search","found","includes","substring","length","e","wait","Math","max","ebsiListDidDocuments","offset","size","controller","queryParams","push","filter","Boolean","join","import_cross_fetch","EBSI_DID_SPEC_INFOS","V1","type","method","version","didLength","privateKeyLength","KEY","EbsiPublicKeyPurpose","JSON_RPC_VERSION","BASE_CONTEXT_DOC","JSON","stringify","EbsiRpcMethod","callRpcMethod","args","callRpcMethodImpl","retries","params","rpcId","accessToken","rpcMethod","apiOpts","doNotThrowErrors","options","buildFetchOptions","logger","debug","JSON","stringify","rpcResponse","fetch","ebsiGetRegistryAPIUrls","mutate","json","result","error","undefined","message","includes","randomRpcId","Error","warning","wait","fetchReq","method","headers","Authorization","body","jsonrpc","JSON_RPC_VERSION","id","generateEbsiMethodSpecificId","specInfo","spec","EBSI_DID_SPEC_INFOS","V1","length","didLength","result","Uint8Array","version","set","randomBytes","base58btc","encode","generateOrUseProvidedEbsiPrivateKeyHex","privateKeyBytes","Error","type","toString","formatEbsiPublicKey","args","key","bytes","getBytes","publicKeyHex","SigningKey","computePublicKey","jwk","toJwk","use","JwkKeyUse","Signature","jwkString","JSON","stringify","fromString","ebsiGetIssuerMock","environment","getEbsiApiBaseUrl","system","ebsiGetAuthorisationServer","ebsiGetRegistryAPIUrls","baseUrl","mutate","query","determineWellknownEndpoint","mock","url","logger","debug","ebsiSignAndSendTransaction","context","rpcRequest","accessToken","kid","apiOpts","previousTxResponse","unsignedTxResponse","callRpcMethod","nonce","undefined","wait","error","message","unsignedTx","agentUnsignedTx","parse","chainId","toLowerCase","startsWith","Number","parseInt","signedRawTx","agent","keyManagerSignEthTX","transaction","sig","Transaction","from","signature","r","s","v","sTResponse","params","protocol","unsignedTransaction","signedRawTransaction","rpcMethod","EbsiRpcMethod","SEND_SIGNED_TRANSACTION","rpcId","id","ebsiGenerateOrUseKeyPair","keyOpts","keyType","kms","controllerKey","privateKeyHex","substring","importableKey","toMinimalImportableKey","meta","ebsi","anchored","minimalImportableKey","purposes","assertedPurposes","setPurposes","jwkThumbprint","calculateJwkThumbprintForKey","digestAlgorithm","includes","EbsiPublicKeyPurpose","CapabilityInvocation","AssertionMethod","Authentication","join","randomRpcId","Math","floor","random","MAX_SAFE_INTEGER","ebsiCreateDidOnLedger","accessTokenOpts","notBefore","Date","now","notAfter","baseDocument","identifier","clientId","redirectUri","credentialIssuer","getControllerKey","secp256r1","getKeys","attestationToOnboard","attestationToOnboardCredentialRole","Promise","reject","getEthereumAddressFromKey","did","idOpts","jwksUri","encodeURIComponent","console","log","authReqResult","ebsiCreateAttestationAuthRequestURL","formats","credentialType","requestObjectOpts","iss","requestObjectMode","CreateRequestObjectMode","REQUEST_OBJECT","attestationResult","ebsiGetAttestation","opts","timeout","credentials","rawVerifiableCredential","insertDidAccessTokenResponse","ebsiAccessTokenGet","credentialRole","attestationCredential","scope","skipDidResolution","insertDidDocRequest","BASE_CONTEXT_DOC","vMethodId","calculateJwkThumbprint","isSecp256k1","publicKey","INSERT_DID_DOCUMENT","accessTokenResponse","access_token","insertDidDocResponse","anchorTime","ebsiWaitTillDocumentAnchored","maxWaitTime","startIntervalMS","minIntervalMS","decreaseIntervalMSPerStep","didDocument","totalWaitTime","count","addVMAccessTokenResponse","addVerificationMethodRequest","ADD_VERIFICATION_METHOD","addVerificationMethodResponse","addAssertionMethodRelationshipRequest","name","ADD_VERIFICATION_RELATIONSHIP","addAssertionMethodRelationshipResponse","searchForObject","assertionMethod","addAuthenticationRelationshipRequest","addAuthenticationRelationshipResponse","insertDidDoc","addVerificationMethod","addAuthenticationRelationship","addAssertionMethodRelationship","import_ssi_sdk","ebsiSupportMethods","EbsiSupport","schema","IEbsiSupport","methods","ebsiCreateDidOnLedger","bind","ebsiWellknownMetadata","ebsiAuthorizationServerJwks","ebsiPresentationDefinitionGet","ebsiAccessTokenGet","ebsiCreateAttestationAuthRequestURL","ebsiGetAttestation","args","context","ebsiCreateDidOnLedgerFunction","url","determineWellknownEndpoint","fetch","method","headers","Accept","json","discoveryMetadata","type","jwks_uri","scope","apiOpts","openIDMetadata","system","mock","version","presentation_definition_endpoint","idOpts","jwksUri","clientId","allVerifiableCredentials","redirectUri","environment","skipDidResolution","identifier","agent","identifierManagedGetByDid","console","log","did","undefined","definitionResponse","hasInputDescriptors","input_descriptors","length","warn","attestationCredential","pexResult","pexDefinitionFilterCredentials","presentationDefinition","credentialFilterOpts","credentialRole","verifiableCredentials","filteredCredentials","filtered","map","cred","CredentialMapper","toUniformCredential","hasher","defaultHasher","filter","expirationDate","Date","getDate","now","credentialIssuer","ebsiGetIssuerMock","authReqResult","formats","requestObjectOpts","iss","requestObjectMode","CreateRequestObjectMode","REQUEST_OBJECT","credentialType","attestationResult","opts","timeout","credentials","rawVerifiableCredential","presentationSubmission","id","v4","definition_id","descriptor_map","tokenRequestArgs","grant_type","vp_token","presentation_submission","JSON","stringify","accessTokenResponse","getAccessToken","Error","request","token_endpoint","ContentType","body","URLSearchParams","TokenType","import_ssi_sdk_ext","debug","Debug","EbsiDidProvider","AbstractIdentifierProvider","PROVIDER","defaultKms","apiOpts","options","createIdentifier","args","context","type","kms","alias","notBefore","notAfter","secp256k1Key","secp256r1Key","keys","accessTokenOpts","executeLedgerOperation","methodSpecificId","generateEbsiMethodSpecificId","EBSI_DID_SPEC_INFOS","V1","baseDocument","services","Error","rpcId","randomRpcId","KEY","Promise","reject","length","secp256k1ImportKey","ebsiGenerateOrUseKeyPair","keyOpts","keyType","controllerKey","secp256k1ManagedKeyInfo","agent","keyManagerImport","secp256r1ImportKey","secp256r1ManagedKeyInfo","identifier","did","startsWith","method","controllerKeyId","kid","provider","environment","version","ebsiCreateDidOnLedger","key","managedKeyInfo","console","warn","addKey","accessToken","vmRelationships","getControllerKey","from","getEthereumAddressFromKey","addVerificationMethodRequest","params","isSecp256k1","vMethodId","calculateJwkThumbprint","jwk","toJwk","publicKeyHex","publicKey","formatEbsiPublicKey","rpcMethod","EbsiRpcMethod","ADD_VERIFICATION_METHOD","rpcResponse","ebsiSignAndSendTransaction","rpcRequest","calculateJwkThumbprintForKey","vmRelationshipsKey","addVerificationMethodRelationshipRequest","name","Date","now","ADD_VERIFICATION_RELATIONSHIP","previousTxResponse","addService","service","addServiceRequest","ADD_SERVICE","deleteIdentifier","resolve","removeKey","removeService","updateIdentifier","import_ssi_sdk_ext","resolveDidEbsi","didUrl","_parsed","_resolver","options","resolver","Resolver","getResolver","resolve","getDidEbsiResolver","key","logger","Loggers","DEFAULT","options","defaultLogLevel","LogLevel","DEBUG","methods","LogMethod","CONSOLE","DEBUG_PKG","get","schema","require"]}
1	+ {"version":3,"sources":["../plugin.schema.json","../src/index.ts","../src/agent/EbsiSupport.ts","../src/did/functions.ts","../src/functions/Attestation.ts","../src/functions/AttestationHeadlessCallbacks.ts","../src/functions/index.ts","../src/did/services/EbsiRestService.ts","../src/did/services/EbsiRPCService.ts","../src/did/types.ts","../src/types/IEbsiSupport.ts","../src/did/EbsiDidProvider.ts","../src/did/EbsiDidResolver.ts"],"sourcesContent":["{\n \"IEBSIAuthorizationClient\": {\n \"components\": {\n \"schemas\": {\n \"EBSIAuthAccessTokenGetArgs\": {\n \"type\": \"object\",\n \"properties\": {\n \"vc\": {\n \"type\": \"string\"\n },\n \"definitionId\": {\n \"$ref\": \"#/components/schemas/ScopeByDefinition\"\n },\n \"did\": {\n \"type\": \"string\"\n },\n \"kid\": {\n \"type\": \"string\"\n },\n \"scope\": {\n \"$ref\": \"#/components/schemas/EBSIScope\"\n },\n \"apiOpts\": {\n \"$ref\": \"#/components/schemas/Optional<ApiOpts,\\\"version\\\">\"\n }\n },\n \"required\": [\"vc\", \"definitionId\", \"did\", \"kid\", \"scope\", \"apiOpts\"]\n },\n \"ScopeByDefinition\": {\n \"type\": \"string\",\n \"enum\": [\"didr_invite\", \"didr_write\", \"tir_invite\", \"tir_write\", \"timestamp_write\", \"tnt_authorise\", \"tnt_create\", \"tnt_write\"]\n },\n \"EBSIScope\": {\n \"type\": \"string\",\n \"enum\": [\n \"didr_write\",\n \"didr_invite\",\n \"tir_write\",\n \"tir_invite\",\n \"timestamp_write\",\n \"tnt_authorise\",\n \"tnt_create\",\n \"tnt_write\",\n \"did_authn\"\n ],\n \"description\": \"The OpenID scope\"\n },\n \"Optional<ApiOpts,\\\"version\\\">\": {\n \"type\": \"object\",\n \"properties\": {\n \"environment\": {\n \"$ref\": \"#/components/schemas/EbsiEnvironment\"\n },\n \"version\": {\n \"$ref\": \"#/components/schemas/EbsiApiVersion\"\n }\n }\n },\n \"EbsiEnvironment\": {\n \"type\": \"string\",\n \"enum\": [\"pilot\", \"conformance\", \"conformance-test\"]\n },\n \"EbsiApiVersion\": {\n \"type\": \"string\",\n \"enum\": [\"v3\", \"v4\", \"v5\"]\n },\n \"GetAccessTokenResponse\": {\n \"anyOf\": [\n {\n \"$ref\": \"#/components/schemas/GetAccessTokenSuccessResponse\"\n },\n {\n \"$ref\": \"#/components/schemas/ExceptionResponse\"\n }\n ]\n },\n \"GetAccessTokenSuccessResponse\": {\n \"type\": \"object\",\n \"properties\": {\n \"access_token\": {\n \"type\": \"string\"\n },\n \"token_type\": {\n \"$ref\": \"#/components/schemas/TokenType\"\n },\n \"expires_in\": {\n \"type\": \"number\"\n },\n \"scope\": {\n \"$ref\": \"#/components/schemas/EBSIScope\"\n },\n \"id_token\": {\n \"type\": \"string\"\n },\n \"apiOpts\": {\n \"$ref\": \"#/components/schemas/ApiOpts\"\n }\n },\n \"required\": [\"access_token\", \"token_type\", \"scope\", \"id_token\", \"apiOpts\"]\n },\n \"TokenType\": {\n \"type\": \"string\",\n \"const\": \"Bearer\"\n },\n \"ApiOpts\": {\n \"type\": \"object\",\n \"properties\": {\n \"environment\": {\n \"$ref\": \"#/components/schemas/EbsiEnvironment\"\n },\n \"version\": {\n \"$ref\": \"#/components/schemas/EbsiApiVersion\"\n }\n },\n \"required\": [\"version\"]\n },\n \"ExceptionResponse\": {\n \"type\": \"object\",\n \"properties\": {\n \"type\": {\n \"type\": \"string\"\n },\n \"title\": {\n \"type\": \"string\"\n },\n \"status\": {\n \"type\": \"number\"\n },\n \"detail\": {\n \"type\": \"string\"\n },\n \"instance\": {\n \"type\": \"string\"\n }\n }\n },\n \"GetOIDProviderJwksResponse\": {\n \"anyOf\": [\n {\n \"$ref\": \"#/components/schemas/GetOIDProviderJwksSuccessResponse\"\n },\n {\n \"$ref\": \"#/components/schemas/ExceptionResponse\"\n }\n ]\n },\n \"GetOIDProviderJwksSuccessResponse\": {\n \"type\": \"object\",\n \"properties\": {\n \"keys\": {\n \"type\": \"array\",\n \"items\": {\n \"$ref\": \"#/components/schemas/JWK\"\n }\n }\n },\n \"required\": [\"keys\"]\n },\n \"JWK\": {\n \"type\": \"object\",\n \"properties\": {\n \"alg\": {\n \"type\": \"string\",\n \"description\": \"JWK \\\"alg\\\" (Algorithm) Parameter.\"\n },\n \"crv\": {\n \"type\": \"string\"\n },\n \"d\": {\n \"type\": \"string\"\n },\n \"dp\": {\n \"type\": \"string\"\n },\n \"dq\": {\n \"type\": \"string\"\n },\n \"e\": {\n \"type\": \"string\"\n },\n \"ext\": {\n \"type\": \"boolean\",\n \"description\": \"JWK \\\"ext\\\" (Extractable) Parameter.\"\n },\n \"k\": {\n \"type\": \"string\"\n },\n \"key_ops\": {\n \"type\": \"array\",\n \"items\": {\n \"type\": \"string\"\n },\n \"description\": \"JWK \\\"key_ops\\\" (Key Operations) Parameter.\"\n },\n \"kid\": {\n \"type\": \"string\",\n \"description\": \"JWK \\\"kid\\\" (Key ID) Parameter.\"\n },\n \"kty\": {\n \"type\": \"string\",\n \"description\": \"JWK \\\"kty\\\" (Key Type) Parameter.\"\n },\n \"n\": {\n \"type\": \"string\"\n },\n \"oth\": {\n \"type\": \"array\",\n \"items\": {\n \"type\": \"object\",\n \"properties\": {\n \"d\": {\n \"type\": \"string\"\n },\n \"r\": {\n \"type\": \"string\"\n },\n \"t\": {\n \"type\": \"string\"\n }\n }\n }\n },\n \"p\": {\n \"type\": \"string\"\n },\n \"q\": {\n \"type\": \"string\"\n },\n \"qi\": {\n \"type\": \"string\"\n },\n \"use\": {\n \"type\": \"string\",\n \"description\": \"JWK \\\"use\\\" (Public Key Use) Parameter.\"\n },\n \"x\": {\n \"type\": \"string\"\n },\n \"y\": {\n \"type\": \"string\"\n },\n \"x5c\": {\n \"type\": \"array\",\n \"items\": {\n \"type\": \"string\"\n },\n \"description\": \"JWK \\\"x5c\\\" (X.509 Certificate Chain) Parameter.\"\n },\n \"x5t\": {\n \"type\": \"string\",\n \"description\": \"JWK \\\"x5t\\\" (X.509 Certificate SHA-1 Thumbprint) Parameter.\"\n },\n \"x5t#S256\": {\n \"type\": \"string\",\n \"description\": \"\\\"x5t#S256\\\" (X.509 Certificate SHA-256 Thumbprint) Parameter.\"\n },\n \"x5u\": {\n \"type\": \"string\",\n \"description\": \"JWK \\\"x5u\\\" (X.509 URL) Parameter.\"\n }\n },\n \"additionalProperties\": {},\n \"description\": \"JSON Web Key ( {@link https://www.rfc-editor.org/rfc/rfc7517 \| JWK } ). \\\"RSA\\\", \\\"EC\\\", \\\"OKP\\\", and \\\"oct\\\" key types are supported.\"\n },\n \"GetPresentationDefinitionArgs\": {\n \"type\": \"object\",\n \"properties\": {\n \"scope\": {\n \"$ref\": \"#/components/schemas/EBSIScope\"\n },\n \"apiOpts\": {\n \"$ref\": \"#/components/schemas/ApiOpts\"\n }\n },\n \"required\": [\"scope\"]\n },\n \"GetPresentationDefinitionResponse\": {\n \"$ref\": \"#/components/schemas/GetPresentationDefinitionSuccessResponse\"\n },\n \"GetPresentationDefinitionSuccessResponse\": {\n \"type\": \"object\",\n \"properties\": {\n \"format\": {\n \"$ref\": \"#/components/schemas/Format\"\n },\n \"id\": {\n \"type\": \"string\"\n },\n \"name\": {\n \"type\": \"string\"\n },\n \"purpose\": {\n \"type\": \"string\"\n },\n \"submission_requirements\": {\n \"type\": \"array\",\n \"items\": {\n \"$ref\": \"#/components/schemas/SubmissionRequirement\"\n }\n },\n \"input_descriptors\": {\n \"type\": \"array\",\n \"items\": {\n \"$ref\": \"#/components/schemas/InputDescriptorV2\"\n }\n },\n \"frame\": {\n \"type\": \"object\"\n }\n },\n \"required\": [\"id\", \"input_descriptors\"]\n },\n \"Format\": {\n \"type\": \"object\",\n \"properties\": {\n \"jwt\": {\n \"$ref\": \"#/components/schemas/JwtObject\"\n },\n \"jwt_vc\": {\n \"$ref\": \"#/components/schemas/JwtObject\"\n },\n \"jwt_vc_json\": {\n \"$ref\": \"#/components/schemas/JwtObject\"\n },\n \"jwt_vp\": {\n \"$ref\": \"#/components/schemas/JwtObject\"\n },\n \"jwt_vp_json\": {\n \"$ref\": \"#/components/schemas/JwtObject\"\n },\n \"ldp\": {\n \"$ref\": \"#/components/schemas/LdpObject\"\n },\n \"ldp_vc\": {\n \"$ref\": \"#/components/schemas/LdpObject\"\n },\n \"ldp_vp\": {\n \"$ref\": \"#/components/schemas/LdpObject\"\n },\n \"di\": {\n \"$ref\": \"#/components/schemas/DiObject\"\n },\n \"di_vc\": {\n \"$ref\": \"#/components/schemas/DiObject\"\n },\n \"di_vp\": {\n \"$ref\": \"#/components/schemas/DiObject\"\n },\n \"dc+sd-jwt\": {\n \"$ref\": \"#/components/schemas/SdJwtObject\"\n }\n }\n },\n \"JwtObject\": {\n \"type\": \"object\",\n \"properties\": {\n \"alg\": {\n \"type\": \"array\",\n \"items\": {\n \"type\": \"string\"\n }\n }\n },\n \"required\": [\"alg\"]\n },\n \"LdpObject\": {\n \"type\": \"object\",\n \"properties\": {\n \"proof_type\": {\n \"type\": \"array\",\n \"items\": {\n \"type\": \"string\"\n }\n }\n },\n \"required\": [\"proof_type\"]\n },\n \"DiObject\": {\n \"type\": \"object\",\n \"properties\": {\n \"proof_type\": {\n \"type\": \"array\",\n \"items\": {\n \"type\": \"string\"\n }\n },\n \"cryptosuite\": {\n \"type\": \"array\",\n \"items\": {\n \"type\": \"string\"\n }\n }\n },\n \"required\": [\"proof_type\", \"cryptosuite\"]\n },\n \"SdJwtObject\": {\n \"type\": \"object\",\n \"properties\": {\n \"sd-jwt_alg_values\": {\n \"type\": \"array\",\n \"items\": {\n \"type\": \"string\"\n }\n },\n \"kb-jwt_alg_values\": {\n \"type\": \"array\",\n \"items\": {\n \"type\": \"string\"\n }\n }\n }\n },\n \"SubmissionRequirement\": {\n \"type\": \"object\",\n \"properties\": {\n \"name\": {\n \"type\": \"string\"\n },\n \"purpose\": {\n \"type\": \"string\"\n },\n \"rule\": {\n \"$ref\": \"#/components/schemas/Rules\"\n },\n \"count\": {\n \"type\": \"number\"\n },\n \"min\": {\n \"type\": \"number\"\n },\n \"max\": {\n \"type\": \"number\"\n },\n \"from\": {\n \"type\": \"string\"\n },\n \"from_nested\": {\n \"type\": \"array\",\n \"items\": {\n \"$ref\": \"#/components/schemas/SubmissionRequirement\"\n }\n }\n },\n \"required\": [\"rule\"]\n },\n \"Rules\": {\n \"type\": \"string\",\n \"enum\": [\"all\", \"pick\"]\n },\n \"InputDescriptorV2\": {\n \"type\": \"object\",\n \"properties\": {\n \"id\": {\n \"type\": \"string\"\n },\n \"name\": {\n \"type\": \"string\"\n },\n \"purpose\": {\n \"type\": \"string\"\n },\n \"format\": {\n \"$ref\": \"#/components/schemas/Format\"\n },\n \"group\": {\n \"type\": \"array\",\n \"items\": {\n \"type\": \"string\"\n }\n },\n \"issuance\": {\n \"type\": \"array\",\n \"items\": {\n \"$ref\": \"#/components/schemas/Issuance\"\n }\n },\n \"constraints\": {\n \"$ref\": \"#/components/schemas/ConstraintsV2\"\n }\n },\n \"required\": [\"id\", \"constraints\"]\n },\n \"Issuance\": {\n \"type\": \"object\",\n \"properties\": {\n \"manifest\": {\n \"type\": \"string\"\n }\n },\n \"additionalProperties\": {}\n },\n \"ConstraintsV2\": {\n \"type\": \"object\",\n \"properties\": {\n \"limit_disclosure\": {\n \"$ref\": \"#/components/schemas/Optionality\"\n },\n \"statuses\": {\n \"$ref\": \"#/components/schemas/Statuses\"\n },\n \"fields\": {\n \"type\": \"array\",\n \"items\": {\n \"$ref\": \"#/components/schemas/FieldV2\"\n }\n },\n \"subject_is_issuer\": {\n \"$ref\": \"#/components/schemas/Optionality\"\n },\n \"is_holder\": {\n \"type\": \"array\",\n \"items\": {\n \"$ref\": \"#/components/schemas/HolderSubject\"\n }\n },\n \"same_subject\": {\n \"type\": \"array\",\n \"items\": {\n \"$ref\": \"#/components/schemas/HolderSubject\"\n }\n }\n }\n },\n \"Optionality\": {\n \"type\": \"string\",\n \"enum\": [\"required\", \"preferred\"]\n },\n \"Statuses\": {\n \"type\": \"object\",\n \"properties\": {\n \"active\": {\n \"$ref\": \"#/components/schemas/PdStatus\"\n },\n \"suspended\": {\n \"$ref\": \"#/components/schemas/PdStatus\"\n },\n \"revoked\": {\n \"$ref\": \"#/components/schemas/PdStatus\"\n }\n }\n },\n \"PdStatus\": {\n \"type\": \"object\",\n \"properties\": {\n \"directive\": {\n \"$ref\": \"#/components/schemas/Directives\"\n }\n }\n },\n \"Directives\": {\n \"type\": \"string\",\n \"enum\": [\"required\", \"allowed\", \"disallowed\"]\n },\n \"FieldV2\": {\n \"type\": \"object\",\n \"properties\": {\n \"id\": {\n \"type\": \"string\"\n },\n \"path\": {\n \"type\": \"array\",\n \"items\": {\n \"type\": \"string\"\n }\n },\n \"purpose\": {\n \"type\": \"string\"\n },\n \"filter\": {\n \"$ref\": \"#/components/schemas/FilterV2\"\n },\n \"predicate\": {\n \"$ref\": \"#/components/schemas/Optionality\"\n },\n \"name\": {\n \"type\": \"string\"\n },\n \"optional\": {\n \"type\": \"boolean\"\n }\n },\n \"required\": [\"path\"]\n },\n \"FilterV2\": {\n \"type\": \"object\",\n \"properties\": {\n \"const\": {\n \"$ref\": \"#/components/schemas/OneOfNumberStringBoolean\"\n },\n \"enum\": {\n \"type\": \"array\",\n \"items\": {\n \"$ref\": \"#/components/schemas/OneOfNumberStringBoolean\"\n }\n },\n \"exclusiveMinimum\": {\n \"$ref\": \"#/components/schemas/OneOfNumberString\"\n },\n \"exclusiveMaximum\": {\n \"$ref\": \"#/components/schemas/OneOfNumberString\"\n },\n \"format\": {\n \"type\": \"string\"\n },\n \"formatMaximum\": {\n \"type\": \"string\"\n },\n \"formatMinimum\": {\n \"type\": \"string\"\n },\n \"formatExclusiveMaximum\": {\n \"type\": \"string\"\n },\n \"formatExclusiveMinimum\": {\n \"type\": \"string\"\n },\n \"minLength\": {\n \"type\": \"number\"\n },\n \"maxLength\": {\n \"type\": \"number\"\n },\n \"minimum\": {\n \"$ref\": \"#/components/schemas/OneOfNumberString\"\n },\n \"maximum\": {\n \"$ref\": \"#/components/schemas/OneOfNumberString\"\n },\n \"not\": {\n \"type\": \"object\"\n },\n \"pattern\": {\n \"type\": \"string\"\n },\n \"type\": {\n \"type\": \"string\"\n },\n \"contains\": {\n \"$ref\": \"#/components/schemas/FilterV2Base\"\n },\n \"items\": {\n \"$ref\": \"#/components/schemas/FilterV2BaseItems\"\n }\n },\n \"required\": [\"type\"]\n },\n \"OneOfNumberStringBoolean\": {\n \"type\": [\"boolean\", \"number\", \"string\"]\n },\n \"OneOfNumberString\": {\n \"type\": [\"number\", \"string\"]\n },\n \"FilterV2Base\": {\n \"type\": \"object\",\n \"properties\": {\n \"const\": {\n \"$ref\": \"#/components/schemas/OneOfNumberStringBoolean\"\n },\n \"enum\": {\n \"type\": \"array\",\n \"items\": {\n \"$ref\": \"#/components/schemas/OneOfNumberStringBoolean\"\n }\n },\n \"exclusiveMinimum\": {\n \"$ref\": \"#/components/schemas/OneOfNumberString\"\n },\n \"exclusiveMaximum\": {\n \"$ref\": \"#/components/schemas/OneOfNumberString\"\n },\n \"format\": {\n \"type\": \"string\"\n },\n \"formatMaximum\": {\n \"type\": \"string\"\n },\n \"formatMinimum\": {\n \"type\": \"string\"\n },\n \"formatExclusiveMaximum\": {\n \"type\": \"string\"\n },\n \"formatExclusiveMinimum\": {\n \"type\": \"string\"\n },\n \"minLength\": {\n \"type\": \"number\"\n },\n \"maxLength\": {\n \"type\": \"number\"\n },\n \"minimum\": {\n \"$ref\": \"#/components/schemas/OneOfNumberString\"\n },\n \"maximum\": {\n \"$ref\": \"#/components/schemas/OneOfNumberString\"\n },\n \"not\": {\n \"type\": \"object\"\n },\n \"pattern\": {\n \"type\": \"string\"\n },\n \"type\": {\n \"type\": \"string\"\n },\n \"contains\": {\n \"$ref\": \"#/components/schemas/FilterV2Base\"\n },\n \"items\": {\n \"$ref\": \"#/components/schemas/FilterV2BaseItems\"\n }\n }\n },\n \"FilterV2BaseItems\": {\n \"type\": \"object\",\n \"properties\": {\n \"const\": {\n \"$ref\": \"#/components/schemas/OneOfNumberStringBoolean\"\n },\n \"enum\": {\n \"type\": \"array\",\n \"items\": {\n \"$ref\": \"#/components/schemas/OneOfNumberStringBoolean\"\n }\n },\n \"exclusiveMinimum\": {\n \"$ref\": \"#/components/schemas/OneOfNumberString\"\n },\n \"exclusiveMaximum\": {\n \"$ref\": \"#/components/schemas/OneOfNumberString\"\n },\n \"format\": {\n \"type\": \"string\"\n },\n \"formatMaximum\": {\n \"type\": \"string\"\n },\n \"formatMinimum\": {\n \"type\": \"string\"\n },\n \"formatExclusiveMaximum\": {\n \"type\": \"string\"\n },\n \"formatExclusiveMinimum\": {\n \"type\": \"string\"\n },\n \"minLength\": {\n \"type\": \"number\"\n },\n \"maxLength\": {\n \"type\": \"number\"\n },\n \"minimum\": {\n \"$ref\": \"#/components/schemas/OneOfNumberString\"\n },\n \"maximum\": {\n \"$ref\": \"#/components/schemas/OneOfNumberString\"\n },\n \"not\": {\n \"type\": \"object\"\n },\n \"pattern\": {\n \"type\": \"string\"\n },\n \"type\": {\n \"type\": \"string\"\n },\n \"contains\": {\n \"$ref\": \"#/components/schemas/FilterV2Base\"\n },\n \"items\": {\n \"$ref\": \"#/components/schemas/FilterV2BaseItems\"\n }\n },\n \"required\": [\"type\"]\n },\n \"HolderSubject\": {\n \"type\": \"object\",\n \"properties\": {\n \"field_id\": {\n \"type\": \"array\",\n \"items\": {\n \"type\": \"string\"\n }\n },\n \"directive\": {\n \"$ref\": \"#/components/schemas/Optionality\"\n }\n },\n \"required\": [\"field_id\", \"directive\"]\n },\n \"GetOIDProviderMetadataResponse\": {\n \"$ref\": \"#/components/schemas/EbsiOpenIDMetadata\"\n },\n \"EbsiOpenIDMetadata\": {\n \"anyOf\": [\n {\n \"type\": \"object\",\n \"properties\": {\n \"presentation_definition_endpoint\": {\n \"type\": \"string\"\n },\n \"authorization_endpoint\": {\n \"anyOf\": [\n {\n \"$ref\": \"#/components/schemas/Schema\"\n },\n {\n \"type\": \"string\"\n }\n ]\n },\n \"issuer\": {\n \"anyOf\": [\n {\n \"$ref\": \"#/components/schemas/ResponseIss\"\n },\n {\n \"type\": \"string\"\n }\n ]\n },\n \"response_types_supported\": {\n \"anyOf\": [\n {\n \"type\": \"array\",\n \"items\": {\n \"$ref\": \"#/components/schemas/ResponseType\"\n }\n },\n {\n \"$ref\": \"#/components/schemas/ResponseType\"\n }\n ]\n },\n \"scopes_supported\": {\n \"anyOf\": [\n {\n \"type\": \"array\",\n \"items\": {\n \"$ref\": \"#/components/schemas/Scope\"\n }\n },\n {\n \"$ref\": \"#/components/schemas/Scope\"\n }\n ]\n },\n \"subject_types_supported\": {\n \"anyOf\": [\n {\n \"type\": \"array\",\n \"items\": {\n \"$ref\": \"#/components/schemas/SubjectType\"\n }\n },\n {\n \"$ref\": \"#/components/schemas/SubjectType\"\n }\n ]\n },\n \"id_token_signing_alg_values_supported\": {\n \"anyOf\": [\n {\n \"type\": \"array\",\n \"items\": {\n \"$ref\": \"#/components/schemas/SigningAlgo\"\n }\n },\n {\n \"$ref\": \"#/components/schemas/SigningAlgo\"\n }\n ]\n },\n \"request_object_signing_alg_values_supported\": {\n \"anyOf\": [\n {\n \"type\": \"array\",\n \"items\": {\n \"$ref\": \"#/components/schemas/SigningAlgo\"\n }\n },\n {\n \"$ref\": \"#/components/schemas/SigningAlgo\"\n }\n ]\n },\n \"subject_syntax_types_supported\": {\n \"type\": \"array\",\n \"items\": {\n \"type\": \"string\"\n }\n },\n \"token_endpoint\": {\n \"type\": \"string\"\n },\n \"userinfo_endpoint\": {\n \"type\": \"string\"\n },\n \"jwks_uri\": {\n \"type\": \"string\"\n },\n \"registration_endpoint\": {\n \"type\": \"string\"\n },\n \"response_modes_supported\": {\n \"anyOf\": [\n {\n \"type\": \"array\",\n \"items\": {\n \"$ref\": \"#/components/schemas/ResponseMode\"\n }\n },\n {\n \"$ref\": \"#/components/schemas/ResponseMode\"\n }\n ]\n },\n \"grant_types_supported\": {\n \"anyOf\": [\n {\n \"type\": \"array\",\n \"items\": {\n \"$ref\": \"#/components/schemas/GrantType\"\n }\n },\n {\n \"$ref\": \"#/components/schemas/GrantType\"\n }\n ]\n },\n \"acr_values_supported\": {\n \"anyOf\": [\n {\n \"type\": \"array\",\n \"items\": {\n \"$ref\": \"#/components/schemas/AuthenticationContextReferences\"\n }\n },\n {\n \"$ref\": \"#/components/schemas/AuthenticationContextReferences\"\n }\n ]\n },\n \"id_token_encryption_alg_values_supported\": {\n \"anyOf\": [\n {\n \"type\": \"array\",\n \"items\": {\n \"$ref\": \"#/components/schemas/SigningAlgo\"\n }\n },\n {\n \"$ref\": \"#/components/schemas/SigningAlgo\"\n }\n ]\n },\n \"id_token_encryption_enc_values_supported\": {\n \"anyOf\": [\n {\n \"type\": \"array\",\n \"items\": {\n \"type\": \"string\"\n }\n },\n {\n \"type\": \"string\"\n }\n ],\n \"description\": \"OPTIONAL. JSON array containing a list of the JWE encryption algorithms (enc values) supported by the OP for the ID Token to encode the Claims in a JWT [JWT].\"\n },\n \"userinfo_signing_alg_values_supported\": {\n \"anyOf\": [\n {\n \"type\": \"array\",\n \"items\": {\n \"$ref\": \"#/components/schemas/SigningAlgo\"\n }\n },\n {\n \"$ref\": \"#/components/schemas/SigningAlgo\"\n }\n ]\n },\n \"userinfo_encryption_alg_values_supported\": {\n \"anyOf\": [\n {\n \"type\": \"array\",\n \"items\": {\n \"$ref\": \"#/components/schemas/SigningAlgo\"\n }\n },\n {\n \"$ref\": \"#/components/schemas/SigningAlgo\"\n }\n ]\n },\n \"userinfo_encryption_enc_values_supported\": {\n \"anyOf\": [\n {\n \"type\": \"array\",\n \"items\": {\n \"type\": \"string\"\n }\n },\n {\n \"type\": \"string\"\n }\n ],\n \"description\": \"OPTIONAL. JSON array containing a list of the JWE encryption algorithms (enc values) [JWA] supported by the UserInfo Endpoint to encode the Claims in a JWT [JWT].\"\n },\n \"request_object_encryption_alg_values_supported\": {\n \"anyOf\": [\n {\n \"type\": \"array\",\n \"items\": {\n \"$ref\": \"#/components/schemas/SigningAlgo\"\n }\n },\n {\n \"$ref\": \"#/components/schemas/SigningAlgo\"\n }\n ]\n },\n \"request_object_encryption_enc_values_supported\": {\n \"anyOf\": [\n {\n \"type\": \"array\",\n \"items\": {\n \"type\": \"string\"\n }\n },\n {\n \"type\": \"string\"\n }\n ],\n \"description\": \"OPTIONAL. JSON array containing a list of the JWE encryption algorithms (enc values) supported by the OP for Request Objects. These algorithms are used both when the Request Object is passed by value and when it is passed by reference.\"\n },\n \"token_endpoint_auth_methods_supported\": {\n \"anyOf\": [\n {\n \"type\": \"array\",\n \"items\": {\n \"$ref\": \"#/components/schemas/TokenEndpointAuthMethod\"\n }\n },\n {\n \"$ref\": \"#/components/schemas/TokenEndpointAuthMethod\"\n }\n ]\n },\n \"token_endpoint_auth_signing_alg_values_supported\": {\n \"anyOf\": [\n {\n \"type\": \"array\",\n \"items\": {\n \"$ref\": \"#/components/schemas/SigningAlgo\"\n }\n },\n {\n \"$ref\": \"#/components/schemas/SigningAlgo\"\n }\n ]\n },\n \"display_values_supported\": {\n \"anyOf\": [\n {\n \"type\": \"array\",\n \"items\": {}\n },\n {}\n ],\n \"description\": \"OPTIONAL. JSON array containing a list of the display parameter values that the OpenID Provider supports. These values are described in Section 3.1.2.1 of OpenID Connect Core 1.0 [OpenID.Core].\"\n },\n \"claim_types_supported\": {\n \"anyOf\": [\n {\n \"type\": \"array\",\n \"items\": {\n \"$ref\": \"#/components/schemas/ClaimType\"\n }\n },\n {\n \"$ref\": \"#/components/schemas/ClaimType\"\n }\n ],\n \"description\": \"OPTIONAL. JSON array containing a list of the Claim Types that the OpenID Provider supports. These Claim Types are described in Section 5.6 of OpenID Connect Core 1.0 [OpenID.Core]. Values defined by this specification are normal, aggregated, and distributed. If omitted, the implementation supports only normal Claims.\"\n },\n \"claims_supported\": {\n \"anyOf\": [\n {\n \"type\": \"array\",\n \"items\": {\n \"type\": \"string\"\n }\n },\n {\n \"type\": \"string\"\n }\n ],\n \"description\": \"RECOMMENDED. JSON array containing a list of the Claim Names of the Claims that the OpenID Provider MAY be able to supply values for. Note that for privacy or other reasons, this might not be an exhaustive list.\"\n },\n \"service_documentation\": {\n \"type\": \"string\"\n },\n \"claims_locales_supported\": {\n \"anyOf\": [\n {\n \"type\": \"array\",\n \"items\": {\n \"type\": \"string\"\n }\n },\n {\n \"type\": \"string\"\n }\n ]\n },\n \"ui_locales_supported\": {\n \"anyOf\": [\n {\n \"type\": \"array\",\n \"items\": {\n \"type\": \"string\"\n }\n },\n {\n \"type\": \"string\"\n }\n ]\n },\n \"claims_parameter_supported\": {\n \"type\": \"boolean\"\n },\n \"request_parameter_supported\": {\n \"type\": \"boolean\"\n },\n \"request_uri_parameter_supported\": {\n \"type\": \"boolean\"\n },\n \"require_request_uri_registration\": {\n \"type\": \"boolean\"\n },\n \"op_policy_uri\": {\n \"type\": \"string\"\n },\n \"op_tos_uri\": {\n \"type\": \"string\"\n },\n \"client_id\": {\n \"type\": \"string\"\n },\n \"redirect_uris\": {\n \"type\": \"array\",\n \"items\": {\n \"type\": \"string\"\n }\n },\n \"client_name\": {\n \"type\": \"string\"\n },\n \"token_endpoint_auth_method\": {\n \"type\": \"string\"\n },\n \"application_type\": {\n \"type\": \"string\"\n },\n \"response_types\": {\n \"type\": \"string\"\n },\n \"grant_types\": {\n \"type\": \"string\"\n },\n \"vp_formats\": {\n \"$ref\": \"#/components/schemas/Format\"\n }\n }\n },\n {\n \"type\": \"object\",\n \"properties\": {\n \"presentation_definition_endpoint\": {\n \"type\": \"string\"\n },\n \"authorization_endpoint\": {\n \"anyOf\": [\n {\n \"$ref\": \"#/components/schemas/Schema\"\n },\n {\n \"type\": \"string\"\n }\n ]\n },\n \"issuer\": {\n \"anyOf\": [\n {\n \"$ref\": \"#/components/schemas/ResponseIss\"\n },\n {\n \"type\": \"string\"\n }\n ]\n },\n \"response_types_supported\": {\n \"anyOf\": [\n {\n \"type\": \"array\",\n \"items\": {\n \"$ref\": \"#/components/schemas/ResponseType\"\n }\n },\n {\n \"$ref\": \"#/components/schemas/ResponseType\"\n }\n ]\n },\n \"scopes_supported\": {\n \"anyOf\": [\n {\n \"type\": \"array\",\n \"items\": {\n \"$ref\": \"#/components/schemas/Scope\"\n }\n },\n {\n \"$ref\": \"#/components/schemas/Scope\"\n }\n ]\n },\n \"subject_types_supported\": {\n \"anyOf\": [\n {\n \"type\": \"array\",\n \"items\": {\n \"$ref\": \"#/components/schemas/SubjectType\"\n }\n },\n {\n \"$ref\": \"#/components/schemas/SubjectType\"\n }\n ]\n },\n \"id_token_signing_alg_values_supported\": {\n \"anyOf\": [\n {\n \"type\": \"array\",\n \"items\": {\n \"$ref\": \"#/components/schemas/SigningAlgo\"\n }\n },\n {\n \"$ref\": \"#/components/schemas/SigningAlgo\"\n }\n ]\n },\n \"request_object_signing_alg_values_supported\": {\n \"anyOf\": [\n {\n \"type\": \"array\",\n \"items\": {\n \"$ref\": \"#/components/schemas/SigningAlgo\"\n }\n },\n {\n \"$ref\": \"#/components/schemas/SigningAlgo\"\n }\n ]\n },\n \"subject_syntax_types_supported\": {\n \"type\": \"array\",\n \"items\": {\n \"type\": \"string\"\n }\n },\n \"token_endpoint\": {\n \"type\": \"string\"\n },\n \"userinfo_endpoint\": {\n \"type\": \"string\"\n },\n \"jwks_uri\": {\n \"type\": \"string\"\n },\n \"registration_endpoint\": {\n \"type\": \"string\"\n },\n \"response_modes_supported\": {\n \"anyOf\": [\n {\n \"type\": \"array\",\n \"items\": {\n \"$ref\": \"#/components/schemas/ResponseMode\"\n }\n },\n {\n \"$ref\": \"#/components/schemas/ResponseMode\"\n }\n ]\n },\n \"grant_types_supported\": {\n \"anyOf\": [\n {\n \"type\": \"array\",\n \"items\": {\n \"$ref\": \"#/components/schemas/GrantType\"\n }\n },\n {\n \"$ref\": \"#/components/schemas/GrantType\"\n }\n ]\n },\n \"acr_values_supported\": {\n \"anyOf\": [\n {\n \"type\": \"array\",\n \"items\": {\n \"$ref\": \"#/components/schemas/AuthenticationContextReferences\"\n }\n },\n {\n \"$ref\": \"#/components/schemas/AuthenticationContextReferences\"\n }\n ]\n },\n \"id_token_encryption_alg_values_supported\": {\n \"anyOf\": [\n {\n \"type\": \"array\",\n \"items\": {\n \"$ref\": \"#/components/schemas/SigningAlgo\"\n }\n },\n {\n \"$ref\": \"#/components/schemas/SigningAlgo\"\n }\n ]\n },\n \"id_token_encryption_enc_values_supported\": {\n \"anyOf\": [\n {\n \"type\": \"array\",\n \"items\": {\n \"type\": \"string\"\n }\n },\n {\n \"type\": \"string\"\n }\n ],\n \"description\": \"OPTIONAL. JSON array containing a list of the JWE encryption algorithms (enc values) supported by the OP for the ID Token to encode the Claims in a JWT [JWT].\"\n },\n \"userinfo_signing_alg_values_supported\": {\n \"anyOf\": [\n {\n \"type\": \"array\",\n \"items\": {\n \"$ref\": \"#/components/schemas/SigningAlgo\"\n }\n },\n {\n \"$ref\": \"#/components/schemas/SigningAlgo\"\n }\n ]\n },\n \"userinfo_encryption_alg_values_supported\": {\n \"anyOf\": [\n {\n \"type\": \"array\",\n \"items\": {\n \"$ref\": \"#/components/schemas/SigningAlgo\"\n }\n },\n {\n \"$ref\": \"#/components/schemas/SigningAlgo\"\n }\n ]\n },\n \"userinfo_encryption_enc_values_supported\": {\n \"anyOf\": [\n {\n \"type\": \"array\",\n \"items\": {\n \"type\": \"string\"\n }\n },\n {\n \"type\": \"string\"\n }\n ],\n \"description\": \"OPTIONAL. JSON array containing a list of the JWE encryption algorithms (enc values) [JWA] supported by the UserInfo Endpoint to encode the Claims in a JWT [JWT].\"\n },\n \"request_object_encryption_alg_values_supported\": {\n \"anyOf\": [\n {\n \"type\": \"array\",\n \"items\": {\n \"$ref\": \"#/components/schemas/SigningAlgo\"\n }\n },\n {\n \"$ref\": \"#/components/schemas/SigningAlgo\"\n }\n ]\n },\n \"request_object_encryption_enc_values_supported\": {\n \"anyOf\": [\n {\n \"type\": \"array\",\n \"items\": {\n \"type\": \"string\"\n }\n },\n {\n \"type\": \"string\"\n }\n ],\n \"description\": \"OPTIONAL. JSON array containing a list of the JWE encryption algorithms (enc values) supported by the OP for Request Objects. These algorithms are used both when the Request Object is passed by value and when it is passed by reference.\"\n },\n \"token_endpoint_auth_methods_supported\": {\n \"anyOf\": [\n {\n \"type\": \"array\",\n \"items\": {\n \"$ref\": \"#/components/schemas/TokenEndpointAuthMethod\"\n }\n },\n {\n \"$ref\": \"#/components/schemas/TokenEndpointAuthMethod\"\n }\n ]\n },\n \"token_endpoint_auth_signing_alg_values_supported\": {\n \"anyOf\": [\n {\n \"type\": \"array\",\n \"items\": {\n \"$ref\": \"#/components/schemas/SigningAlgo\"\n }\n },\n {\n \"$ref\": \"#/components/schemas/SigningAlgo\"\n }\n ]\n },\n \"display_values_supported\": {\n \"anyOf\": [\n {\n \"type\": \"array\",\n \"items\": {}\n },\n {}\n ],\n \"description\": \"OPTIONAL. JSON array containing a list of the display parameter values that the OpenID Provider supports. These values are described in Section 3.1.2.1 of OpenID Connect Core 1.0 [OpenID.Core].\"\n },\n \"claim_types_supported\": {\n \"anyOf\": [\n {\n \"type\": \"array\",\n \"items\": {\n \"$ref\": \"#/components/schemas/ClaimType\"\n }\n },\n {\n \"$ref\": \"#/components/schemas/ClaimType\"\n }\n ],\n \"description\": \"OPTIONAL. JSON array containing a list of the Claim Types that the OpenID Provider supports. These Claim Types are described in Section 5.6 of OpenID Connect Core 1.0 [OpenID.Core]. Values defined by this specification are normal, aggregated, and distributed. If omitted, the implementation supports only normal Claims.\"\n },\n \"claims_supported\": {\n \"anyOf\": [\n {\n \"type\": \"array\",\n \"items\": {\n \"type\": \"string\"\n }\n },\n {\n \"type\": \"string\"\n }\n ],\n \"description\": \"RECOMMENDED. JSON array containing a list of the Claim Names of the Claims that the OpenID Provider MAY be able to supply values for. Note that for privacy or other reasons, this might not be an exhaustive list.\"\n },\n \"service_documentation\": {\n \"type\": \"string\"\n },\n \"claims_locales_supported\": {\n \"anyOf\": [\n {\n \"type\": \"array\",\n \"items\": {\n \"type\": \"string\"\n }\n },\n {\n \"type\": \"string\"\n }\n ]\n },\n \"ui_locales_supported\": {\n \"anyOf\": [\n {\n \"type\": \"array\",\n \"items\": {\n \"type\": \"string\"\n }\n },\n {\n \"type\": \"string\"\n }\n ]\n },\n \"claims_parameter_supported\": {\n \"type\": \"boolean\"\n },\n \"request_parameter_supported\": {\n \"type\": \"boolean\"\n },\n \"request_uri_parameter_supported\": {\n \"type\": \"boolean\"\n },\n \"require_request_uri_registration\": {\n \"type\": \"boolean\"\n },\n \"op_policy_uri\": {\n \"type\": \"string\"\n },\n \"op_tos_uri\": {\n \"type\": \"string\"\n },\n \"client_id\": {\n \"type\": \"string\"\n },\n \"redirect_uris\": {\n \"type\": \"array\",\n \"items\": {\n \"type\": \"string\"\n }\n },\n \"client_name\": {\n \"type\": \"string\"\n },\n \"token_endpoint_auth_method\": {\n \"type\": \"string\"\n },\n \"application_type\": {\n \"type\": \"string\"\n },\n \"response_types\": {\n \"type\": \"string\"\n },\n \"grant_types\": {\n \"type\": \"string\"\n },\n \"vp_formats\": {\n \"$ref\": \"#/components/schemas/Format\"\n },\n \"logo_uri\": {\n \"type\": \"string\"\n },\n \"client_purpose\": {\n \"type\": \"string\"\n }\n }\n },\n {\n \"type\": \"object\",\n \"properties\": {\n \"presentation_definition_endpoint\": {\n \"type\": \"string\"\n },\n \"authorization_endpoint\": {\n \"anyOf\": [\n {\n \"$ref\": \"#/components/schemas/Schema\"\n },\n {\n \"type\": \"string\"\n }\n ]\n },\n \"issuer\": {\n \"anyOf\": [\n {\n \"$ref\": \"#/components/schemas/ResponseIss\"\n },\n {\n \"type\": \"string\"\n }\n ]\n },\n \"response_types_supported\": {\n \"anyOf\": [\n {\n \"type\": \"array\",\n \"items\": {\n \"$ref\": \"#/components/schemas/ResponseType\"\n }\n },\n {\n \"$ref\": \"#/components/schemas/ResponseType\"\n }\n ]\n },\n \"scopes_supported\": {\n \"anyOf\": [\n {\n \"type\": \"array\",\n \"items\": {\n \"$ref\": \"#/components/schemas/Scope\"\n }\n },\n {\n \"$ref\": \"#/components/schemas/Scope\"\n }\n ]\n },\n \"subject_types_supported\": {\n \"anyOf\": [\n {\n \"type\": \"array\",\n \"items\": {\n \"$ref\": \"#/components/schemas/SubjectType\"\n }\n },\n {\n \"$ref\": \"#/components/schemas/SubjectType\"\n }\n ]\n },\n \"id_token_signing_alg_values_supported\": {\n \"anyOf\": [\n {\n \"type\": \"array\",\n \"items\": {\n \"$ref\": \"#/components/schemas/SigningAlgo\"\n }\n },\n {\n \"$ref\": \"#/components/schemas/SigningAlgo\"\n }\n ]\n },\n \"request_object_signing_alg_values_supported\": {\n \"anyOf\": [\n {\n \"type\": \"array\",\n \"items\": {\n \"$ref\": \"#/components/schemas/SigningAlgo\"\n }\n },\n {\n \"$ref\": \"#/components/schemas/SigningAlgo\"\n }\n ]\n },\n \"subject_syntax_types_supported\": {\n \"type\": \"array\",\n \"items\": {\n \"type\": \"string\"\n }\n },\n \"token_endpoint\": {\n \"type\": \"string\"\n },\n \"userinfo_endpoint\": {\n \"type\": \"string\"\n },\n \"jwks_uri\": {\n \"type\": \"string\"\n },\n \"registration_endpoint\": {\n \"type\": \"string\"\n },\n \"response_modes_supported\": {\n \"anyOf\": [\n {\n \"type\": \"array\",\n \"items\": {\n \"$ref\": \"#/components/schemas/ResponseMode\"\n }\n },\n {\n \"$ref\": \"#/components/schemas/ResponseMode\"\n }\n ]\n },\n \"grant_types_supported\": {\n \"anyOf\": [\n {\n \"type\": \"array\",\n \"items\": {\n \"$ref\": \"#/components/schemas/GrantType\"\n }\n },\n {\n \"$ref\": \"#/components/schemas/GrantType\"\n }\n ]\n },\n \"acr_values_supported\": {\n \"anyOf\": [\n {\n \"type\": \"array\",\n \"items\": {\n \"$ref\": \"#/components/schemas/AuthenticationContextReferences\"\n }\n },\n {\n \"$ref\": \"#/components/schemas/AuthenticationContextReferences\"\n }\n ]\n },\n \"id_token_encryption_alg_values_supported\": {\n \"anyOf\": [\n {\n \"type\": \"array\",\n \"items\": {\n \"$ref\": \"#/components/schemas/SigningAlgo\"\n }\n },\n {\n \"$ref\": \"#/components/schemas/SigningAlgo\"\n }\n ]\n },\n \"id_token_encryption_enc_values_supported\": {\n \"anyOf\": [\n {\n \"type\": \"array\",\n \"items\": {\n \"type\": \"string\"\n }\n },\n {\n \"type\": \"string\"\n }\n ],\n \"description\": \"OPTIONAL. JSON array containing a list of the JWE encryption algorithms (enc values) supported by the OP for the ID Token to encode the Claims in a JWT [JWT].\"\n },\n \"userinfo_signing_alg_values_supported\": {\n \"anyOf\": [\n {\n \"type\": \"array\",\n \"items\": {\n \"$ref\": \"#/components/schemas/SigningAlgo\"\n }\n },\n {\n \"$ref\": \"#/components/schemas/SigningAlgo\"\n }\n ]\n },\n \"userinfo_encryption_alg_values_supported\": {\n \"anyOf\": [\n {\n \"type\": \"array\",\n \"items\": {\n \"$ref\": \"#/components/schemas/SigningAlgo\"\n }\n },\n {\n \"$ref\": \"#/components/schemas/SigningAlgo\"\n }\n ]\n },\n \"userinfo_encryption_enc_values_supported\": {\n \"anyOf\": [\n {\n \"type\": \"array\",\n \"items\": {\n \"type\": \"string\"\n }\n },\n {\n \"type\": \"string\"\n }\n ],\n \"description\": \"OPTIONAL. JSON array containing a list of the JWE encryption algorithms (enc values) [JWA] supported by the UserInfo Endpoint to encode the Claims in a JWT [JWT].\"\n },\n \"request_object_encryption_alg_values_supported\": {\n \"anyOf\": [\n {\n \"type\": \"array\",\n \"items\": {\n \"$ref\": \"#/components/schemas/SigningAlgo\"\n }\n },\n {\n \"$ref\": \"#/components/schemas/SigningAlgo\"\n }\n ]\n },\n \"request_object_encryption_enc_values_supported\": {\n \"anyOf\": [\n {\n \"type\": \"array\",\n \"items\": {\n \"type\": \"string\"\n }\n },\n {\n \"type\": \"string\"\n }\n ],\n \"description\": \"OPTIONAL. JSON array containing a list of the JWE encryption algorithms (enc values) supported by the OP for Request Objects. These algorithms are used both when the Request Object is passed by value and when it is passed by reference.\"\n },\n \"token_endpoint_auth_methods_supported\": {\n \"anyOf\": [\n {\n \"type\": \"array\",\n \"items\": {\n \"$ref\": \"#/components/schemas/TokenEndpointAuthMethod\"\n }\n },\n {\n \"$ref\": \"#/components/schemas/TokenEndpointAuthMethod\"\n }\n ]\n },\n \"token_endpoint_auth_signing_alg_values_supported\": {\n \"anyOf\": [\n {\n \"type\": \"array\",\n \"items\": {\n \"$ref\": \"#/components/schemas/SigningAlgo\"\n }\n },\n {\n \"$ref\": \"#/components/schemas/SigningAlgo\"\n }\n ]\n },\n \"display_values_supported\": {\n \"anyOf\": [\n {\n \"type\": \"array\",\n \"items\": {}\n },\n {}\n ],\n \"description\": \"OPTIONAL. JSON array containing a list of the display parameter values that the OpenID Provider supports. These values are described in Section 3.1.2.1 of OpenID Connect Core 1.0 [OpenID.Core].\"\n },\n \"claim_types_supported\": {\n \"anyOf\": [\n {\n \"type\": \"array\",\n \"items\": {\n \"$ref\": \"#/components/schemas/ClaimType\"\n }\n },\n {\n \"$ref\": \"#/components/schemas/ClaimType\"\n }\n ],\n \"description\": \"OPTIONAL. JSON array containing a list of the Claim Types that the OpenID Provider supports. These Claim Types are described in Section 5.6 of OpenID Connect Core 1.0 [OpenID.Core]. Values defined by this specification are normal, aggregated, and distributed. If omitted, the implementation supports only normal Claims.\"\n },\n \"claims_supported\": {\n \"anyOf\": [\n {\n \"type\": \"array\",\n \"items\": {\n \"type\": \"string\"\n }\n },\n {\n \"type\": \"string\"\n }\n ],\n \"description\": \"RECOMMENDED. JSON array containing a list of the Claim Names of the Claims that the OpenID Provider MAY be able to supply values for. Note that for privacy or other reasons, this might not be an exhaustive list.\"\n },\n \"service_documentation\": {\n \"type\": \"string\"\n },\n \"claims_locales_supported\": {\n \"anyOf\": [\n {\n \"type\": \"array\",\n \"items\": {\n \"type\": \"string\"\n }\n },\n {\n \"type\": \"string\"\n }\n ]\n },\n \"ui_locales_supported\": {\n \"anyOf\": [\n {\n \"type\": \"array\",\n \"items\": {\n \"type\": \"string\"\n }\n },\n {\n \"type\": \"string\"\n }\n ]\n },\n \"claims_parameter_supported\": {\n \"type\": \"boolean\"\n },\n \"request_parameter_supported\": {\n \"type\": \"boolean\"\n },\n \"request_uri_parameter_supported\": {\n \"type\": \"boolean\"\n },\n \"require_request_uri_registration\": {\n \"type\": \"boolean\"\n },\n \"op_policy_uri\": {\n \"type\": \"string\"\n },\n \"op_tos_uri\": {\n \"type\": \"string\"\n },\n \"id_token_types_supported\": {\n \"anyOf\": [\n {\n \"type\": \"array\",\n \"items\": {\n \"$ref\": \"#/components/schemas/IdTokenType\"\n }\n },\n {\n \"$ref\": \"#/components/schemas/IdTokenType\"\n }\n ]\n },\n \"vp_formats_supported\": {\n \"$ref\": \"#/components/schemas/Format\"\n }\n }\n }\n ]\n },\n \"Schema\": {\n \"type\": \"string\",\n \"enum\": [\"openid:\", \"openid-vc:\"]\n },\n \"ResponseIss\": {\n \"type\": \"string\",\n \"enum\": [\"https://self-issued.me\", \"https://self-issued.me/v2\", \"https://self-issued.me/v2/openid-vc\"]\n },\n \"ResponseType\": {\n \"type\": \"string\",\n \"enum\": [\"id_token\", \"vp_token\"]\n },\n \"Scope\": {\n \"type\": \"string\",\n \"enum\": [\"openid\", \"openid did_authn\", \"profile\", \"email\", \"address\", \"phone\"]\n },\n \"SubjectType\": {\n \"type\": \"string\",\n \"enum\": [\"public\", \"pairwise\"]\n },\n \"SigningAlgo\": {\n \"type\": \"string\",\n \"enum\": [\"EdDSA\", \"RS256\", \"PS256\", \"ES256\", \"ES256K\"]\n },\n \"ResponseMode\": {\n \"type\": \"string\",\n \"enum\": [\"fragment\", \"form_post\", \"post\", \"direct_post\", \"query\"]\n },\n \"GrantType\": {\n \"type\": \"string\",\n \"enum\": [\"authorization_code\", \"implicit\"]\n },\n \"AuthenticationContextReferences\": {\n \"type\": \"string\",\n \"enum\": [\"phr\", \"phrh\"]\n },\n \"TokenEndpointAuthMethod\": {\n \"type\": \"string\",\n \"enum\": [\"client_secret_post\", \"client_secret_basic\", \"client_secret_jwt\", \"private_key_jwt\"]\n },\n \"ClaimType\": {\n \"type\": \"string\",\n \"enum\": [\"normal\", \"aggregated\", \"distributed\"]\n },\n \"IdTokenType\": {\n \"type\": \"string\",\n \"enum\": [\"subject_signed\", \"attester_signed\"]\n }\n },\n \"methods\": {\n \"ebsiAccessTokenGet\": {\n \"description\": \"\",\n \"arguments\": {\n \"$ref\": \"#/components/schemas/EBSIAuthAccessTokenGetArgs\"\n },\n \"returnType\": {\n \"$ref\": \"#/components/schemas/GetAccessTokenResponse\"\n }\n },\n \"ebsiAuthorizationServerJwks\": {\n \"description\": \"\",\n \"arguments\": {\n \"$ref\": \"#/components/schemas/ApiOpts\"\n },\n \"returnType\": {\n \"$ref\": \"#/components/schemas/GetOIDProviderJwksResponse\"\n }\n },\n \"ebsiPresentationDefinitionGet\": {\n \"description\": \"\",\n \"arguments\": {\n \"$ref\": \"#/components/schemas/GetPresentationDefinitionArgs\"\n },\n \"returnType\": {\n \"$ref\": \"#/components/schemas/GetPresentationDefinitionResponse\"\n }\n },\n \"ebsiWellknownMetadata\": {\n \"description\": \"\",\n \"arguments\": {\n \"$ref\": \"#/components/schemas/ApiOpts\"\n },\n \"returnType\": {\n \"$ref\": \"#/components/schemas/GetOIDProviderMetadataResponse\"\n }\n }\n }\n }\n }\n}\n","import { Loggers, LogLevel, LogMethod } from '@sphereon/ssi-types'\n\nexport const logger = Loggers.DEFAULT.options('sphereon:ebsi-support', {\n defaultLogLevel: LogLevel.DEBUG,\n methods: [LogMethod.CONSOLE, LogMethod.DEBUG_PKG],\n}).get('sphereon:ebsi-support')\nconst schema = require('../plugin.schema.json')\nexport { schema }\nexport { EbsiSupport, ebsiSupportMethods } from './agent/EbsiSupport'\nexport * from './types/IEbsiSupport'\nexport * from './did'\n","import { CreateRequestObjectMode } from '@sphereon/oid4vci-common'\nimport { CredentialMapper, PresentationSubmission } from '@sphereon/ssi-types'\nimport { IAgentPlugin } from '@veramo/core'\nimport fetch from 'cross-fetch'\nimport { CreateEbsiDidOnLedgerResult, CreateEbsiDidParams } from '../did'\nimport { determineWellknownEndpoint, ebsiCreateDidOnLedger as ebsiCreateDidOnLedgerFunction, ebsiGetIssuerMock } from '../did/functions'\nimport { ebsiCreateAttestationAuthRequestURL, ebsiGetAttestation } from '../functions'\nimport {\n ApiOpts,\n EBSIAuthAccessTokenGetArgs,\n EbsiOpenIDMetadata,\n GetAccessTokenResult,\n GetPresentationDefinitionSuccessResponse,\n IRequiredContext,\n schema,\n WellknownOpts,\n} from '../index'\nimport {\n ExceptionResponse,\n GetAccessTokenArgs,\n GetAccessTokenResponse,\n GetOIDProviderJwksResponse,\n GetOIDProviderMetadataResponse,\n GetPresentationDefinitionArgs,\n GetPresentationDefinitionResponse,\n IEbsiSupport,\n} from '../types/IEbsiSupport'\n\nimport { v4 } from 'uuid'\nimport { defaultHasher } from '@sphereon/ssi-sdk.core'\n\nexport const ebsiSupportMethods: Array<string> = [\n 'ebsiCreateDidOnLedger',\n 'ebsiWellknownMetadata',\n 'ebsiAuthorizationServerJwks',\n 'ebsiPresentationDefinitionGet',\n 'ebsiAccessTokenGet',\n 'ebsiCreateAttestationAuthRequestURL',\n 'ebsiGetAttestation',\n]\n\nexport class EbsiSupport implements IAgentPlugin {\n readonly schema = schema.IEbsiSupport\n readonly methods: IEbsiSupport = {\n ebsiCreateDidOnLedger: this.ebsiCreateDidOnLedger.bind(this),\n ebsiWellknownMetadata: this.ebsiWellknownMetadata.bind(this),\n ebsiAuthorizationServerJwks: this.ebsiAuthorizationServerJwks.bind(this),\n ebsiPresentationDefinitionGet: this.ebsiPresentationDefinitionGet.bind(this),\n ebsiAccessTokenGet: this.ebsiAccessTokenGet.bind(this),\n ebsiCreateAttestationAuthRequestURL: ebsiCreateAttestationAuthRequestURL.bind(this),\n ebsiGetAttestation: ebsiGetAttestation.bind(this),\n }\n\n private async ebsiCreateDidOnLedger(args: CreateEbsiDidParams, context: IRequiredContext): Promise<CreateEbsiDidOnLedgerResult> {\n return await ebsiCreateDidOnLedgerFunction(args, context)\n }\n\n private async ebsiWellknownMetadata(args: WellknownOpts): Promise<GetOIDProviderMetadataResponse> {\n const url = determineWellknownEndpoint(args)\n return await (\n await fetch(url, {\n method: 'GET',\n headers: {\n Accept: 'application/json',\n },\n })\n ).json()\n }\n\n private async ebsiAuthorizationServerJwks(args: ApiOpts): Promise<GetOIDProviderJwksResponse \| ExceptionResponse> {\n const discoveryMetadata: EbsiOpenIDMetadata = await this.ebsiWellknownMetadata({\n ...args,\n type: 'openid-configuration',\n })\n return await (\n await fetch(`${discoveryMetadata.jwks_uri}`, {\n method: 'GET',\n headers: {\n Accept: 'application/jwk-set+json',\n },\n })\n ).json()\n }\n\n private async ebsiPresentationDefinitionGet(args: GetPresentationDefinitionArgs): Promise<GetPresentationDefinitionResponse> {\n const { scope, apiOpts, openIDMetadata } = args\n const discoveryMetadata: EbsiOpenIDMetadata =\n openIDMetadata ??\n (await this.ebsiWellknownMetadata({\n ...apiOpts,\n type: 'openid-configuration',\n system: apiOpts?.mock ? 'authorisation' : apiOpts?.system,\n version: apiOpts?.version ?? 'v4',\n }))\n return (await (\n await fetch(`${discoveryMetadata.presentation_definition_endpoint}?scope=openid%20${scope}`, {\n method: 'GET',\n headers: {\n Accept: 'application/json',\n },\n })\n ).json()) satisfies GetPresentationDefinitionSuccessResponse\n }\n\n private async ebsiAccessTokenGet(args: EBSIAuthAccessTokenGetArgs, context: IRequiredContext): Promise<GetAccessTokenResult> {\n const { scope, idOpts, jwksUri, clientId, allVerifiableCredentials, redirectUri, environment, skipDidResolution = false } = args\n const identifier = await context.agent.identifierManagedGetByDid(idOpts)\n console.log(`Getting access token for ${identifier.did}, scope ${scope} and clientId=${clientId}, skipDidResolution=${skipDidResolution}...`)\n const openIDMetadata = await this.ebsiWellknownMetadata({\n environment,\n version: 'v4',\n mock: undefined,\n system: 'authorisation',\n type: 'openid-configuration',\n })\n const definitionResponse = await this.ebsiPresentationDefinitionGet({\n ...args,\n openIDMetadata,\n apiOpts: { environment, version: 'v4', type: 'openid-configuration' },\n })\n const hasInputDescriptors = definitionResponse.input_descriptors.length > 0\n console.log(`PD response`, definitionResponse)\n\n if (!hasInputDescriptors) {\n // Yes EBSI expects VPs without a VC in some situations. This is not according to the PEX spec!\n // They probably should have used SIOP in these cases. We need to go through hoops as our libs do not expect PDs/VPs without VCs :(\n console.warn(`No INPUT descriptor returned for scope ${scope}`)\n }\n\n let attestationCredential = args.attestationCredential\n\n if (hasInputDescriptors && !attestationCredential) {\n if (allVerifiableCredentials && allVerifiableCredentials.length > 0) {\n const pexResult = await context.agent.pexDefinitionFilterCredentials({\n presentationDefinition: definitionResponse,\n credentialFilterOpts: { credentialRole: args.credentialRole, verifiableCredentials: allVerifiableCredentials },\n })\n if (pexResult.filteredCredentials.length > 0) {\n const filtered = pexResult.filteredCredentials\n .map((cred) => CredentialMapper.toUniformCredential(cred, { hasher: defaultHasher }))\n .filter((cred) => {\n if (!cred.expirationDate) {\n return cred\n } else if (new Date(cred.expirationDate!).getDate() >= Date.now()) {\n return cred\n }\n return undefined\n })\n .filter((cred) => !!cred)\n if (filtered.length > 0) {\n attestationCredential = filtered[0]\n }\n }\n }\n if (!attestationCredential) {\n console.log(`No attestation credential present. Will get one from within access token method!`)\n const credentialIssuer = args.credentialIssuer ?? ebsiGetIssuerMock({ environment })\n const authReqResult = await context.agent.ebsiCreateAttestationAuthRequestURL({\n credentialIssuer,\n idOpts,\n formats: ['jwt_vc'],\n clientId,\n redirectUri,\n requestObjectOpts: {\n iss: clientId,\n requestObjectMode: CreateRequestObjectMode.REQUEST_OBJECT,\n jwksUri,\n },\n credentialType: 'VerifiableAuthorisationToOnboard',\n })\n const attestationResult = await context.agent.ebsiGetAttestation({\n authReqResult,\n clientId,\n opts: { timeout: 30_000 },\n })\n // @ts-ignore\n attestationCredential = attestationResult.credentials[0]!.rawVerifiableCredential! as W3CVerifiableCredential\n }\n }\n\n // FIXME SSISDK-40 should use DCQL\n // const definition = {\n // definition: definitionResponse,\n // location: PresentationDefinitionLocation.TOPLEVEL_PRESENTATION_DEF,\n // version: SupportedVersion.SIOPv2_D11,\n // } satisfies PresentationDefinitionWithLocation\n\n // const pexResult = hasInputDescriptors\n // ? await context.agent.pexDefinitionFilterCredentials({\n // presentationDefinition: definitionResponse,\n // credentialFilterOpts: { credentialRole: args.credentialRole, verifiableCredentials: [attestationCredential!] },\n // })\n // : ({\n // // LOL, let's see whether we can trick PEX to create a VP without VCs\n // filteredCredentials: [],\n // id: definitionResponse.id,\n // selectResults: { verifiableCredential: [], areRequiredCredentialsPresent: 'info' },\n // } satisfies IPEXFilterResult)\n // const opSession = await context.agent.siopRegisterOPSession({\n // requestJwtOrUri: '', // Siop assumes we use an auth request, which we don't have in this case\n // op: { checkLinkedDomains: CheckLinkedDomain.NEVER },\n // //providedPresentationDefinitions: [definition],\n // })\n\n //const oid4vp = await opSession.getOID4VP({ allIdentifiers: [identifier.did] })\n // const vp = await oid4vp.createVerifiablePresentation(\n // args.credentialRole,\n // { dcqlQuery: definition, credentials: pexResult.filteredCredentials },\n // {\n // proofOpts: { domain: openIDMetadata.issuer, nonce: v4(), created: new Date(Date.now() - 120_000).toString() },\n // holder: identifier.did,\n // idOpts: idOpts,\n // skipDidResolution,\n // forceNoCredentialsInVP: !hasInputDescriptors,\n // },\n // )\n\n const presentationSubmission = { id: v4(), definition_id: definitionResponse.id, descriptor_map: [] } satisfies PresentationSubmission\n // FIXME SSISDK-40\n //hasInputDescriptors\n //? vp.presentationSubmission\n //: ({ id: v4(), definition_id: definitionResponse.id, descriptor_map: [] } satisfies PresentationSubmission)\n\n console.log(`Presentation submission`, presentationSubmission)\n const tokenRequestArgs = {\n grant_type: 'vp_token',\n // FIXME SSISDK-40\n vp_token: '', //CredentialMapper.toCompactJWT(vp.verifiablePresentations[0]), // FIXME How are we going to send multiple presentations in a vp_token?\n scope,\n presentation_submission: presentationSubmission,\n apiOpts: { environment, version: 'v4' },\n openIDMetadata,\n } satisfies GetAccessTokenArgs\n\n console.log(`Access token request:\\r\\n${JSON.stringify(tokenRequestArgs)}`)\n const accessTokenResponse = await this.getAccessToken(tokenRequestArgs)\n\n console.log(`Access token response:\\r\\n${JSON.stringify(accessTokenResponse)}`)\n if (!('access_token' in accessTokenResponse)) {\n throw Error(`Error response: ${JSON.stringify(accessTokenResponse)}`)\n }\n\n return {\n accessTokenResponse,\n // vp,\n scope,\n // definition,\n identifier: identifier,\n }\n }\n\n private async getAccessToken(args: GetAccessTokenArgs): Promise<GetAccessTokenResponse> {\n const { grant_type = 'vp_token', scope, vp_token, presentation_submission, apiOpts, openIDMetadata } = args\n const discoveryMetadata: EbsiOpenIDMetadata =\n openIDMetadata ??\n (await this.ebsiWellknownMetadata({\n ...apiOpts,\n type: 'openid-configuration',\n }))\n const request = {\n grant_type,\n scope: `openid ${scope}`,\n vp_token,\n presentation_submission: JSON.stringify(presentation_submission),\n }\n return await (\n await fetch(`${discoveryMetadata.token_endpoint}`, {\n method: 'POST',\n headers: {\n ContentType: 'application/x-www-form-urlencoded',\n Accept: 'application/json',\n },\n body: new URLSearchParams(request),\n })\n ).json()\n }\n}\n","import { randomBytes } from '@ethersproject/random'\nimport { CreateRequestObjectMode } from '@sphereon/oid4vci-common'\nimport { getControllerKey, getEthereumAddressFromKey, getKeys } from '@sphereon/ssi-sdk-ext.did-utils'\nimport { calculateJwkThumbprint, calculateJwkThumbprintForKey, JwkKeyUse, toJwk } from '@sphereon/ssi-sdk-ext.key-utils'\nimport { W3CVerifiableCredential } from '@sphereon/ssi-types'\nimport { IAgentContext, IKey, IKeyManager, MinimalImportableKey, TKeyType } from '@veramo/core'\nimport { getBytes, SigningKey, Transaction } from 'ethers'\n// @ts-ignore\nimport { base58btc } from 'multiformats/bases/base58'\n\n// @ts-ignore\nimport { fromString } from 'uint8arrays/from-string'\n// @ts-ignore\nimport { toString } from 'uint8arrays/to-string'\nimport { getEbsiApiBaseUrl, wait } from '../functions'\nimport { logger } from '../index'\nimport { ApiOpts, EbsiApiVersion, EbsiEnvironment, IRequiredContext, WellknownOpts } from '../types/IEbsiSupport'\nimport { ebsiWaitTillDocumentAnchored } from './services/EbsiRestService'\nimport { callRpcMethod } from './services/EbsiRPCService'\nimport {\n BASE_CONTEXT_DOC,\n CreateEbsiDidOnLedgerResult,\n CreateEbsiDidParams,\n EBSI_DID_SPEC_INFOS,\n EbsiDidRegistryAPIEndpoints,\n EbsiDidSpecInfo,\n EbsiKeyType,\n EbsiPublicKeyPurpose,\n EbsiRpcMethod,\n EbsiRPCResponse,\n IContext,\n IKeyOpts,\n RpcMethodArgs,\n RpcOkResponse,\n} from './types'\n\nexport function generateEbsiMethodSpecificId(specInfo?: EbsiDidSpecInfo): string {\n const spec = specInfo ?? EBSI_DID_SPEC_INFOS.V1\n const length = spec.didLength ?? 16\n\n const result = new Uint8Array(length + (spec.version ? 1 : 0))\n if (spec.version) {\n result.set([spec.version])\n }\n result.set(randomBytes(length), spec.version ? 1 : 0)\n return base58btc.encode(result)\n}\n\nexport function generateOrUseProvidedEbsiPrivateKeyHex(specInfo?: EbsiDidSpecInfo, privateKeyBytes?: Uint8Array): string {\n const spec = specInfo ?? EBSI_DID_SPEC_INFOS.V1\n const length = spec.didLength ? 2 * spec.didLength : 32\n\n if (privateKeyBytes) {\n if (privateKeyBytes.length !== length) {\n throw Error(`Invalid private key length supplied (${privateKeyBytes.length}. Expected ${length} for ${spec.type}`)\n }\n return toString(privateKeyBytes, 'base16')\n }\n return toString(randomBytes(length), 'base16')\n}\n\n/*\n Returns the public key in the correct format to be used with the did registry v5\n * - in case of Secp256k1 - returns the uncompressed public key as hex string prefixed with 0x04\n * - in case of Secp256r1 - returns the jwk public key as hex string\n * @param {{ key: IKey, type: EbsiKeyType }} args\n * - key is the cryptographic key containing the public key\n * - type is the type of the key which can be Secp256k1 or Secp256r1\n * @returns {string} The properly formatted public key\n * @throws {Error} If the key type is invalid\n /\nexport const formatEbsiPublicKey = (args: { key: IKey; type: TKeyType }): string => {\n const { key, type } = args\n switch (type) {\n case 'Secp256k1': {\n const bytes = getBytes('0x' + key.publicKeyHex, 'key')\n return SigningKey.computePublicKey(bytes, false)\n }\n case 'Secp256r1': {\n /\n Public key as hex string. For an ES256K key, it must be in uncompressed format prefixed with \"0x04\".\n For other algorithms, it must be the JWK transformed to string and then to hex format.\n /\n const jwk: JsonWebKey = toJwk(key.publicKeyHex, type, { use: JwkKeyUse.Signature, key })\n /\n Converting JWK to string and then hex is odd and may lead to errors. Implementing\n it like that because it's how EBSI does it. However, it may be a point of pain\n in the future.\n /\n const jwkString = JSON.stringify(jwk, null, 2)\n return `0x${toString(fromString(jwkString), 'base16')}`\n }\n default:\n throw new Error(`Unsupported EBSI key type: ${type}`)\n }\n}\n\nexport const ebsiGetIssuerMock = (args: { environment?: EbsiEnvironment; version?: EbsiApiVersion }): string => {\n const { environment = 'conformance', version = 'v3' } = args\n if (environment === 'pilot') {\n throw Error(`EBSI Pilot network does not have a issuer mock server`)\n }\n return `${getEbsiApiBaseUrl({ environment, version, system: environment })}/issuer-mock`\n}\n\nexport const ebsiGetAuthorisationServer = (args: { environment?: EbsiEnvironment; version?: EbsiApiVersion }): string => {\n const { environment = 'pilot', version = 'v4' } = args\n return `${getEbsiApiBaseUrl({ environment, version, system: 'authorisation' })}`\n}\n\nexport const ebsiGetRegistryAPIUrls = (args: { environment?: EbsiEnvironment; version?: EbsiApiVersion }): EbsiDidRegistryAPIEndpoints => {\n const { environment = 'pilot', version = 'v5' } = args\n const baseUrl = `${getEbsiApiBaseUrl({ environment, version, system: 'did-registry' })}`\n return {\n mutate: `${baseUrl}/jsonrpc`,\n query: `${baseUrl}/identifiers`,\n }\n}\n\nexport const determineWellknownEndpoint = ({ environment, version, type, system = environment, mock }: WellknownOpts): string => {\n const url = `${getEbsiApiBaseUrl({ environment, version, system })}${mock ? `/${mock}` : ''}/.well-known/${type}`\n logger.debug(`wellknown url: ${url}`)\n return url\n}\n\nexport const ebsiSignAndSendTransaction = async (\n args: {\n rpcRequest: RpcMethodArgs\n previousTxResponse?: EbsiRPCResponse\n kid: string\n accessToken: string\n apiOpts?: ApiOpts\n },\n context: IContext,\n): Promise<EbsiRPCResponse> => {\n const { rpcRequest, accessToken, kid, apiOpts, previousTxResponse } = args\n const unsignedTxResponse = await callRpcMethod(rpcRequest)\n const nonce = 'result' in unsignedTxResponse ? unsignedTxResponse.result.nonce : undefined\n // We should get a new nonce once the actual previous transaction has been anchored. Thus we retry if the nonce remains the same\n if (\n previousTxResponse &&\n 'result' in unsignedTxResponse &&\n 'nonce' in previousTxResponse &&\n 'nonce' in unsignedTxResponse.result &&\n typeof unsignedTxResponse.result === 'object' &&\n previousTxResponse.nonce === unsignedTxResponse.result.nonce\n ) {\n await wait(1_000)\n return await ebsiSignAndSendTransaction({ ...args, previousTxResponse }, context)\n }\n\n if ('error' in unsignedTxResponse && !!unsignedTxResponse.error) {\n logger.error(JSON.stringify(unsignedTxResponse))\n throw new Error(unsignedTxResponse.error.message ?? 'Unknown error occurred')\n }\n const unsignedTx = (unsignedTxResponse as RpcOkResponse).result\n\n const agentUnsignedTx = JSON.parse(JSON.stringify(unsignedTx))\n if (unsignedTx && 'chainId' in unsignedTx && typeof unsignedTx.chainId === 'string' && unsignedTx.chainId.toLowerCase().startsWith('0x')) {\n // We expect the chain id to be a regular number and not a hex string\n agentUnsignedTx.chainId = Number.parseInt(unsignedTx.chainId, 16)\n }\n const signedRawTx = await context.agent.keyManagerSignEthTX({\n kid,\n transaction: agentUnsignedTx,\n })\n\n const sig = Transaction.from(signedRawTx).signature!\n const { r, s, v } = sig\n\n const sTResponse = await callRpcMethod({\n params: [\n {\n protocol: 'eth',\n unsignedTransaction: unsignedTx,\n r,\n s,\n v: `0x${v.toString(16)}`,\n signedRawTransaction: signedRawTx,\n },\n ],\n rpcMethod: EbsiRpcMethod.SEND_SIGNED_TRANSACTION,\n rpcId: unsignedTxResponse.id,\n apiOpts,\n accessToken: accessToken,\n })\n\n if ('status' in sTResponse) {\n throw new Error(JSON.stringify(sTResponse, null, 2))\n }\n return { ...sTResponse, nonce }\n}\n\nexport const ebsiGenerateOrUseKeyPair = async (\n args: {\n keyOpts?: IKeyOpts\n keyType: EbsiKeyType\n kms: string\n controllerKey?: boolean\n },\n context: IAgentContext<IKeyManager>,\n) => {\n const { keyOpts, keyType, kms, controllerKey = false } = args\n let privateKeyHex = generateOrUseProvidedEbsiPrivateKeyHex(\n EBSI_DID_SPEC_INFOS.V1,\n keyOpts?.privateKeyHex ? fromString(keyOpts.privateKeyHex, 'base16') : undefined,\n )\n if (privateKeyHex.startsWith('0x')) {\n privateKeyHex = privateKeyHex.substring(2)\n }\n if (!privateKeyHex \|\| privateKeyHex.length !== 64) {\n throw new Error('Private key should be 32 bytes / 64 chars hex')\n }\n const importableKey = await toMinimalImportableKey({ key: { ...keyOpts, privateKeyHex }, type: keyType, kms })\n\n if (keyType === 'Secp256k1') {\n importableKey.meta = {\n ...importableKey.meta,\n ebsi: {\n anchored: false,\n controllerKey,\n },\n }\n }\n return importableKey\n}\n\nexport const toMinimalImportableKey = async (args: { key?: IKeyOpts; type: EbsiKeyType; kms: string }): Promise<MinimalImportableKey> => {\n const { key, kms } = args\n const minimalImportableKey: Partial<MinimalImportableKey> = { ...key }\n const type = args.key?.type ?? args.type\n minimalImportableKey.kms = kms\n minimalImportableKey.type = type\n if (!minimalImportableKey.privateKeyHex) {\n throw Error(`Minimal importable key needs a private key`)\n }\n\n minimalImportableKey.meta = {\n purposes: assertedPurposes({ key }) ?? setPurposes({ key, type }),\n jwkThumbprint: calculateJwkThumbprintForKey({\n key: minimalImportableKey as MinimalImportableKey,\n digestAlgorithm: 'sha256',\n }),\n }\n return minimalImportableKey as MinimalImportableKey\n}\n\nexport const assertedPurposes = (args: { key?: IKeyOpts }): EbsiPublicKeyPurpose[] \| undefined => {\n const { key } = args\n if (key?.purposes && key.purposes.length > 0) {\n switch (key.type) {\n case 'Secp256k1': {\n if (key?.purposes && key.purposes.length > 0 && key.purposes?.includes(EbsiPublicKeyPurpose.CapabilityInvocation)) {\n return key.purposes\n }\n throw new Error(`Secp256k1/ES256K key requires ${EbsiPublicKeyPurpose.CapabilityInvocation} purpose`)\n }\n case 'Secp256r1': {\n if (\n key?.purposes &&\n key.purposes.length > 0 &&\n key.purposes.includes(EbsiPublicKeyPurpose.AssertionMethod) &&\n key.purposes.includes(EbsiPublicKeyPurpose.Authentication)\n ) {\n return key.purposes\n }\n throw new Error(\n `Secp256r1/ES256 key requires ${[EbsiPublicKeyPurpose.AssertionMethod, EbsiPublicKeyPurpose.Authentication].join(', ')} purposes`,\n )\n }\n default:\n throw new Error(`Unsupported key type: ${key.type}`)\n }\n }\n return key?.purposes\n}\n\nexport const setPurposes = (args: { key?: IKeyOpts; type: EbsiKeyType }): EbsiPublicKeyPurpose[] => {\n const { key, type } = args\n if (!key?.purposes \|\| key.purposes.length === 0) {\n switch (type) {\n case 'Secp256k1':\n return [EbsiPublicKeyPurpose.CapabilityInvocation]\n case 'Secp256r1':\n return [EbsiPublicKeyPurpose.AssertionMethod, EbsiPublicKeyPurpose.Authentication]\n default:\n throw new Error(`Unsupported key type: ${key?.type}`)\n }\n }\n return key.purposes\n}\n\nexport const randomRpcId = (): number => {\n return Math.floor(Math.random() Number.MAX_SAFE_INTEGER)\n}\n\nexport const ebsiCreateDidOnLedger = async (args: CreateEbsiDidParams, context: IRequiredContext): Promise<CreateEbsiDidOnLedgerResult> => {\n const {\n accessTokenOpts,\n notBefore = Math.floor(Date.now() / 1000 - 60),\n notAfter = Math.floor(Date.now() / 1000 + 10 * 365 * 24 * 60 * 60),\n baseDocument,\n identifier,\n } = args\n const { clientId, redirectUri, environment, credentialIssuer } = accessTokenOpts\n const controllerKey = getControllerKey({ identifier })\n const secp256r1 = getKeys({ identifier, keyType: 'Secp256r1' })?.[0]\n let { attestationToOnboard, attestationToOnboardCredentialRole } = accessTokenOpts\n\n if (!controllerKey \|\| !secp256r1) {\n return Promise.reject(`No secp256k1 controller key and/or secp2561r key found for identifier ${identifier}`)\n }\n const from = getEthereumAddressFromKey({ key: controllerKey })\n if (!from) {\n return Promise.reject(Error(`EBSI 'from' address expected for key ${controllerKey.publicKeyHex}`))\n }\n const did = identifier.did\n const kid = controllerKey.kid\n const idOpts = { identifier, kid }\n let rpcId = args.rpcId ?? randomRpcId()\n const apiOpts = {\n environment,\n version: 'v5',\n } satisfies ApiOpts\n\n const jwksUri = args.accessTokenOpts.jwksUri ?? `${clientId}/.well-known/jwks/dids/${encodeURIComponent(identifier.did)}.json`\n\n if (!attestationToOnboard) {\n console.log(`No attestation to onboard present. Will get one`)\n const authReqResult = await context.agent.ebsiCreateAttestationAuthRequestURL({\n credentialIssuer,\n idOpts: idOpts,\n formats: ['jwt_vc'],\n clientId,\n redirectUri,\n credentialType: 'VerifiableAuthorisationToOnboard',\n requestObjectOpts: { iss: clientId, requestObjectMode: CreateRequestObjectMode.REQUEST_OBJECT, jwksUri },\n })\n const attestationResult = await context.agent.ebsiGetAttestation({\n clientId,\n authReqResult,\n opts: { timeout: 120_000 },\n })\n attestationToOnboard = attestationResult.credentials[0].rawVerifiableCredential as W3CVerifiableCredential\n console.log(`Attestation to onboard received`, attestationToOnboard)\n }\n\n const insertDidAccessTokenResponse = await context.agent.ebsiAccessTokenGet({\n credentialRole: attestationToOnboardCredentialRole,\n attestationCredential: attestationToOnboard,\n jwksUri,\n scope: 'didr_invite',\n idOpts: idOpts,\n redirectUri,\n credentialIssuer,\n clientId,\n environment,\n skipDidResolution: true,\n })\n\n const insertDidDocRequest = {\n params: [\n {\n from,\n did,\n baseDocument: baseDocument ?? BASE_CONTEXT_DOC,\n vMethodId: calculateJwkThumbprint({ jwk: toJwk(controllerKey.publicKeyHex, 'Secp256k1') }),\n isSecp256k1: true,\n publicKey: formatEbsiPublicKey({ key: controllerKey, type: 'Secp256k1' }),\n notBefore,\n notAfter,\n },\n ],\n rpcMethod: EbsiRpcMethod.INSERT_DID_DOCUMENT,\n rpcId,\n apiOpts,\n accessToken: insertDidAccessTokenResponse.accessTokenResponse.access_token,\n }\n\n const insertDidDocResponse = await ebsiSignAndSendTransaction(\n {\n rpcRequest: insertDidDocRequest,\n kid,\n accessToken: insertDidAccessTokenResponse.accessTokenResponse.access_token,\n apiOpts,\n },\n context,\n )\n\n let anchorTime = await ebsiWaitTillDocumentAnchored({\n did,\n ...apiOpts,\n maxWaitTime: 30_000,\n startIntervalMS: 2000,\n minIntervalMS: 500,\n decreaseIntervalMSPerStep: 750,\n })\n if (!anchorTime.didDocument) {\n throw Error(`did ${did} was not registered on EBSI network ${apiOpts.environment} in 45 seconds`)\n }\n logger.debug(`Anchoring did ${did} on network ${apiOpts.environment} took ${anchorTime.totalWaitTime / 1000} seconds in ${anchorTime.count} tries`)\n\n // Update to the controller key for the remainder\n idOpts.kid = calculateJwkThumbprintForKey({ key: controllerKey })\n\n const addVMAccessTokenResponse = await context.agent.ebsiAccessTokenGet({\n credentialRole: attestationToOnboardCredentialRole,\n // attestationCredential: attestationToOnboard,\n jwksUri,\n scope: 'didr_write',\n idOpts: idOpts,\n redirectUri,\n credentialIssuer: undefined,\n clientId,\n environment,\n skipDidResolution: true,\n })\n\n const vMethodId = calculateJwkThumbprint({ jwk: toJwk(secp256r1.publicKeyHex, 'Secp256r1') })\n const publicKey = formatEbsiPublicKey({ key: secp256r1, type: 'Secp256r1' })\n const addVerificationMethodRequest = {\n params: [\n {\n from,\n did,\n isSecp256k1: false,\n vMethodId,\n publicKey,\n },\n ],\n rpcMethod: EbsiRpcMethod.ADD_VERIFICATION_METHOD,\n rpcId,\n apiOpts,\n accessToken: addVMAccessTokenResponse.accessTokenResponse.access_token,\n }\n\n const addVerificationMethodResponse = await ebsiSignAndSendTransaction(\n {\n rpcRequest: addVerificationMethodRequest,\n previousTxResponse: insertDidDocResponse,\n kid,\n accessToken: addVMAccessTokenResponse.accessTokenResponse.access_token,\n apiOpts,\n },\n context,\n )\n\n // We need to wait, even after the anchor. The methods below also retry in case the nonce does not get updated.\n // But we simply know that at this point we need to introduce some delay\n await wait(2_000)\n\n const addAssertionMethodRelationshipRequest = {\n params: [\n {\n from,\n did,\n vMethodId,\n name: 'assertionMethod',\n notAfter,\n notBefore,\n },\n ],\n rpcMethod: EbsiRpcMethod.ADD_VERIFICATION_RELATIONSHIP,\n rpcId,\n apiOpts,\n accessToken: addVMAccessTokenResponse.accessTokenResponse.access_token,\n }\n\n const addAssertionMethodRelationshipResponse = await ebsiSignAndSendTransaction(\n {\n rpcRequest: addAssertionMethodRelationshipRequest,\n previousTxResponse: addVerificationMethodResponse,\n kid,\n accessToken: addVMAccessTokenResponse.accessTokenResponse.access_token,\n apiOpts,\n },\n context,\n )\n\n anchorTime = await ebsiWaitTillDocumentAnchored({\n did,\n ...apiOpts,\n maxWaitTime: 20_000,\n minIntervalMS: 500,\n decreaseIntervalMSPerStep: 500,\n searchForObject: { assertionMethod: [`${did}#${vMethodId}`] },\n })\n if (!anchorTime.didDocument) {\n throw Error(`did ${did} assertionMethod id ${vMethodId} was not registered on EBSI network ${apiOpts.environment} in 20 seconds`)\n }\n logger.debug(\n `Anchoring assertionMethod ${vMethodId} for DID ${did} on network ${apiOpts.environment} took ${anchorTime.totalWaitTime / 1000} seconds in ${anchorTime.count} tries`,\n )\n\n const addAuthenticationRelationshipRequest = {\n params: [\n {\n from,\n did,\n vMethodId,\n name: 'authentication',\n notAfter,\n notBefore,\n },\n ],\n rpcMethod: EbsiRpcMethod.ADD_VERIFICATION_RELATIONSHIP,\n rpcId,\n apiOpts,\n accessToken: addVMAccessTokenResponse.accessTokenResponse.access_token,\n }\n\n const addAuthenticationRelationshipResponse = await ebsiSignAndSendTransaction(\n {\n rpcRequest: addAuthenticationRelationshipRequest,\n previousTxResponse: addAssertionMethodRelationshipResponse,\n kid,\n accessToken: addVMAccessTokenResponse.accessTokenResponse.access_token,\n apiOpts,\n },\n context,\n )\n\n return {\n identifier,\n insertDidDoc: insertDidDocResponse,\n addVerificationMethod: addVerificationMethodResponse,\n addAuthenticationRelationship: addAuthenticationRelationshipResponse,\n addAssertionMethodRelationship: addAssertionMethodRelationshipResponse,\n }\n}\n","import { OpenID4VCIClient } from '@sphereon/oid4vci-client'\nimport {\n Alg,\n AuthorizationDetailsV1_0_15,\n AuthorizationRequestOpts,\n AuthzFlowType,\n CredentialConfigurationSupported,\n CredentialConfigurationSupportedV1_0_15,\n getJson,\n getTypesFromCredentialSupported,\n ProofOfPossessionCallbacks,\n} from '@sphereon/oid4vci-common'\nimport { getAuthenticationKey, SupportedDidMethodEnum } from '@sphereon/ssi-sdk-ext.did-utils'\nimport { ManagedIdentifierDidResult } from '@sphereon/ssi-sdk-ext.identifier-resolution'\nimport { calculateJwkThumbprintForKey, signatureAlgorithmFromKey } from '@sphereon/ssi-sdk-ext.key-utils'\nimport {\n IssuanceOpts,\n OID4VCICallbackStateListener,\n OID4VCIMachineInterpreter,\n OID4VCIMachineState,\n OID4VCIMachineStates,\n PrepareStartArgs,\n signCallback,\n} from '@sphereon/ssi-sdk.oid4vci-holder'\nimport {\n OID4VPCallbackStateListener,\n Siopv2MachineInterpreter,\n Siopv2MachineState,\n Siopv2MachineStates,\n Siopv2OID4VPLinkHandler,\n} from '@sphereon/ssi-sdk.siopv2-oid4vp-op-auth'\nimport { _ExtendedIKey } from '@veramo/utils'\nimport { waitFor } from 'xstate/lib/waitFor.js'\nimport { logger } from '../index'\nimport { AttestationResult, CreateAttestationAuthRequestURLArgs, EbsiEnvironment, GetAttestationArgs, IRequiredContext } from '../types/IEbsiSupport'\nimport {\n addContactCallback,\n authorizationCodeUrlCallback,\n handleErrorCallback,\n reviewCredentialsCallback,\n selectCredentialsCallback,\n siopDoneCallback,\n} from './AttestationHeadlessCallbacks'\nimport { getEbsiApiBaseUrl } from './index'\n\nexport interface AttestationAuthRequestUrlResult extends Omit<Required<PrepareStartArgs>, 'issuanceOpt'> {\n issuanceOpt?: IssuanceOpts\n authorizationCodeURL: string\n identifier: ManagedIdentifierDidResult\n authKey: _ExtendedIKey\n}\n\n/*\n Method to generate an authz url for getting attestation credentials from a (R)TAO on EBSI using a cloud/service wallet\n \n This method can be used standalone. But it can also be used as input for the `oid4vciHolderStart` agent method,\n * to start a OID4VCI holder flow.\n \n @param opts\n * @param context\n /\nexport const ebsiCreateAttestationAuthRequestURL = async (\n {\n clientId: clientIdArg,\n credentialIssuer,\n credentialType,\n idOpts,\n redirectUri,\n requestObjectOpts,\n formats = ['jwt_vc', 'jwt_vc_json'],\n }: CreateAttestationAuthRequestURLArgs,\n context: IRequiredContext,\n): Promise<AttestationAuthRequestUrlResult> => {\n logger.info(`create attestation ${credentialType} auth req URL for ${clientIdArg} and issuer ${credentialIssuer}`)\n const resolution = await context.agent.identifierManagedGetByDid(idOpts)\n const identifier = resolution.identifier\n if (identifier.provider !== 'did:ebsi' && identifier.provider !== 'did:key') {\n throw Error(\n `EBSI only supports did:key for natural persons and did:ebsi for legal persons. Provider: ${identifier.provider}, did: ${identifier.did}`,\n )\n }\n // This only works if the DID is actually registered, otherwise use our internal KMS;\n // that is why the offline argument is passed in when type is Verifiable Auth to Onboard, as no DID is present at that point yet\n // We are getting the ES256 key here, as that is the one needed for auth in EBSI\n const authKey = await getAuthenticationKey(\n {\n identifier,\n offlineWhenNoDIDRegistered: credentialType === 'VerifiableAuthorisationToOnboard',\n noVerificationMethodFallback: true,\n keyType: 'Secp256r1',\n },\n context,\n )\n const kid = authKey.meta?.jwkThumbprint ?? calculateJwkThumbprintForKey({ key: authKey })\n const clientId = clientIdArg ?? identifier.did\n\n const vciClient = await OpenID4VCIClient.fromCredentialIssuer({\n credentialIssuer,\n kid,\n clientId,\n createAuthorizationRequestURL: false, // We will do that down below\n retrieveServerMetadata: true,\n })\n\n const allMatches = {} as Record<string, CredentialConfigurationSupportedV1_0_15> \| Array<CredentialConfigurationSupported> // vciClient.getCredentialsSupported(format) FIXME SSISDK-40\n let arrayMatches: Array<CredentialConfigurationSupported>\n if (Array.isArray(allMatches)) {\n arrayMatches = allMatches\n } else {\n arrayMatches = Object.entries(allMatches).map(([id, supported]) => {\n supported.id = id\n return supported\n })\n }\n const supportedConfigurations = arrayMatches\n .filter((supported) => getTypesFromCredentialSupported(supported, { filterVerifiableCredential: false }).includes(credentialType))\n .filter((supported) => (supported.format === 'jwt_vc' \|\| supported.format === 'jwt_vc_json') && formats.includes(supported.format))\n if (supportedConfigurations.length === 0) {\n throw Error(`Could not find '${credentialType}' with format(s) '${formats.join(',')}' in list of supported types for issuer: ${credentialIssuer}`)\n }\n const authorizationDetails = supportedConfigurations.map((supported) => {\n const credential_configuration_id = supported.id as string\n if (!credential_configuration_id) {\n throw Error(`Credential configuration id missing for credential type: ${credentialType}`)\n }\n return {\n type: 'openid_credential',\n credential_configuration_id,\n credential_identifiers: getTypesFromCredentialSupported(supported),\n } satisfies AuthorizationDetailsV1_0_15\n })\n\n const signCallbacks: ProofOfPossessionCallbacks = requestObjectOpts.signCallbacks ?? {\n signCallback: signCallback(idOpts, context),\n }\n const authorizationRequestOpts = {\n redirectUri,\n clientId,\n authorizationDetails,\n requestObjectOpts: {\n ...requestObjectOpts,\n signCallbacks,\n kid: requestObjectOpts.kid ?? kid,\n },\n } satisfies AuthorizationRequestOpts\n // todo: Do we really need to do this, or can we just set the create option to true at this point? We are passing in the authzReq opts\n const authorizationCodeURL = await vciClient.createAuthorizationRequestUrl({\n authorizationRequest: authorizationRequestOpts,\n })\n logger.info(`create attestation ${credentialType} auth req URL for ${clientIdArg} and issuer ${credentialIssuer}, result: ${authorizationCodeURL}`)\n const jwaAlg = await signatureAlgorithmFromKey({ key: authKey })\n if (!(jwaAlg in Alg)) {\n return Promise.reject(Error(`${jwaAlg} is not supported`))\n }\n // @ts-ignore\n const alg: Alg = Alg[jwaAlg]\n\n return {\n requestData: {\n createAuthorizationRequestURL: false,\n flowType: AuthzFlowType.AUTHORIZATION_CODE_FLOW,\n uri: credentialIssuer,\n existingClientState: JSON.parse(await vciClient.exportState()),\n },\n accessTokenOpts: {\n clientOpts: {\n alg,\n clientId,\n kid,\n signCallbacks,\n clientAssertionType: 'urn:ietf:params:oauth:client-assertion-type:jwt-bearer',\n },\n },\n authorizationRequestOpts,\n authorizationCodeURL,\n identifier: resolution,\n authKey,\n didMethodPreferences: [SupportedDidMethodEnum.DID_EBSI, SupportedDidMethodEnum.DID_KEY],\n }\n}\n\nexport const ebsiGetAttestationInterpreter = async (\n { clientId, authReqResult }: Omit<GetAttestationArgs, 'opts'>,\n context: IRequiredContext,\n): Promise<OID4VCIMachineInterpreter> => {\n const identifier = authReqResult.identifier\n const vciStateCallbacks = new Map<OID4VCIMachineStates, (oid4vciMachine: OID4VCIMachineInterpreter, state: OID4VCIMachineState) => Promise<void>>()\n const vpStateCallbacks = new Map<Siopv2MachineStates, (oid4vpMachine: Siopv2MachineInterpreter, state: Siopv2MachineState) => Promise<void>>()\n\n const oid4vciMachine = await context.agent.oid4vciHolderGetMachineInterpreter({\n ...authReqResult,\n issuanceOpt: {\n identifier,\n supportedPreferredDidMethod: SupportedDidMethodEnum.DID_EBSI,\n kid: authReqResult.authKey.meta?.jwkThumbprint ?? authReqResult.authKey.kid,\n },\n clientOpts: {\n clientAssertionType: 'urn:ietf:params:oauth:client-assertion-type:jwt-bearer',\n kid: authReqResult.authKey.meta?.jwkThumbprint ?? authReqResult.authKey.kid,\n clientId,\n },\n didMethodPreferences: [SupportedDidMethodEnum.DID_EBSI, SupportedDidMethodEnum.DID_KEY],\n stateNavigationListener: OID4VCICallbackStateListener(vciStateCallbacks),\n })\n const vpLinkHandler = new Siopv2OID4VPLinkHandler({\n protocols: ['openid:'],\n // @ts-ignore\n context,\n noStateMachinePersistence: true,\n stateNavigationListener: OID4VPCallbackStateListener(vpStateCallbacks),\n })\n\n vpStateCallbacks\n .set(Siopv2MachineStates.done, siopDoneCallback({ oid4vciMachine }, context))\n .set(Siopv2MachineStates.handleError, handleErrorCallback(context))\n .set(Siopv2MachineStates.error, handleErrorCallback(context))\n\n vciStateCallbacks\n .set(OID4VCIMachineStates.handleError, handleErrorCallback(context))\n .set(OID4VCIMachineStates.addContact, addContactCallback(context))\n .set(OID4VCIMachineStates.selectCredentials, selectCredentialsCallback(context))\n .set(\n OID4VCIMachineStates.initiateAuthorizationRequest,\n authorizationCodeUrlCallback(\n {\n authReqResult,\n vpLinkHandler,\n },\n context,\n ),\n )\n .set(OID4VCIMachineStates.reviewCredentials, reviewCredentialsCallback(context))\n\n return oid4vciMachine.interpreter\n}\n\nexport const ebsiGetAttestation = async (\n { clientId, authReqResult, opts = { timeout: 30_000 } }: GetAttestationArgs,\n agentContext: IRequiredContext,\n): Promise<AttestationResult> => {\n logger.info(`Getting EBSI attestation for ${authReqResult.identifier.did} and ${clientId}`)\n const interpreter = await ebsiGetAttestationInterpreter({ clientId, authReqResult }, agentContext)\n const state = await waitFor(interpreter.start(), (state) => state.matches('done') \|\| state.matches('handleError') \|\| state.matches('error'), {\n timeout: opts.timeout ?? 30_000,\n })\n const { contactAlias, contact, credentialBranding, issuanceOpt, error, credentialsToAccept } = state.context\n\n if (state.matches('handleError') \|\| state.matches('error')) {\n logger.error(JSON.stringify(state.context.error))\n throw Error(JSON.stringify(state.context.error))\n }\n\n const result = {\n contactAlias,\n contact: contact!,\n credentialBranding,\n identifier: issuanceOpt?.identifier\n ? ((await agentContext.agent.identifierManagedGet(issuanceOpt.identifier)) as ManagedIdentifierDidResult)\n : authReqResult.identifier,\n error,\n credentials: credentialsToAccept,\n }\n logger.info(`EBSI attestation for ${authReqResult.identifier.did} and ${clientId}`, result)\n\n return result\n}\n\n/\n Normally you would use the browser to let the user make this call in the front channel,\n * however EBSI mainly uses mocks at present, and we want to be able to test as well\n /\nexport const ebsiAuthRequestExecution = async (authRequestResult: AttestationAuthRequestUrlResult, opts?: {}) => {\n const { requestData, authorizationCodeURL } = authRequestResult\n const vciClient = await OpenID4VCIClient.fromState({ state: requestData?.existingClientState! })\n\n logger.debug(`URL: ${authorizationCodeURL}, according to client: ${vciClient.authorizationURL}`)\n\n const authResponse = await getJson<any>(authorizationCodeURL)\n const location: string \| null = authResponse.origResponse.headers.get('location')\n logger.debug(`LOCATION: ${location}`)\n}\n\nexport const ebsiGetIssuer = ({ credentialIssuer, environment = 'pilot' }: { credentialIssuer?: string; environment?: EbsiEnvironment }): string => {\n if (credentialIssuer) {\n return credentialIssuer\n }\n if (environment !== 'pilot') {\n return `${getEbsiApiBaseUrl({ environment, version: 'v3' })}/issuer-mock`\n }\n\n throw Error(`EBSI environment ${environment} needs explicit credential issuer`)\n}\n","import { decodeUriAsJson } from '@sphereon/did-auth-siop'\nimport { getIssuerName } from '@sphereon/oid4vci-common'\nimport {\n ConnectionType,\n CorrelationIdentifierType,\n IdentityOrigin,\n NonPersistedParty,\n Party,\n PartyOrigin,\n PartyTypeType,\n} from '@sphereon/ssi-sdk.data-store-types'\nimport { OID4VCIMachine, OID4VCIMachineEvents, OID4VCIMachineInterpreter, OID4VCIMachineState } from '@sphereon/ssi-sdk.oid4vci-holder'\nimport { Siopv2MachineInterpreter, Siopv2MachineState, Siopv2OID4VPLinkHandler } from '@sphereon/ssi-sdk.siopv2-oid4vp-op-auth'\nimport { CredentialRole } from '@sphereon/ssi-types'\nimport fetch from 'cross-fetch'\nimport { logger } from '../index'\nimport { IRequiredContext } from '../types/IEbsiSupport'\nimport { AttestationAuthRequestUrlResult } from './Attestation'\n\nexport const addContactCallback = (context: IRequiredContext) => {\n return async (oid4vciMachine: OID4VCIMachineInterpreter, state: OID4VCIMachineState) => {\n const { serverMetadata, hasContactConsent, contactAlias } = state.context\n\n if (!serverMetadata) {\n return Promise.reject(Error('Missing serverMetadata in context'))\n }\n\n const issuerUrl: URL = new URL(serverMetadata.issuer)\n const correlationId: string = `${issuerUrl.protocol}//${issuerUrl.hostname}`\n let issuerName: string = getIssuerName(correlationId, serverMetadata.credentialIssuerMetadata)\n\n const party: NonPersistedParty = {\n contact: {\n displayName: issuerName,\n legalName: issuerName,\n },\n // FIXME maybe its nicer if we can also just use the id only\n // TODO using the predefined party type from the contact migrations here\n // TODO this is not used as the screen itself adds one, look at the params of the screen, this is not being passed in\n partyType: {\n id: '3875c12e-fdaa-4ef6-a340-c936e054b627',\n origin: PartyOrigin.EXTERNAL,\n type: PartyTypeType.ORGANIZATION,\n name: 'Sphereon_default_type',\n tenantId: '95e09cfc-c974-4174-86aa-7bf1d5251fb4',\n },\n uri: correlationId,\n identities: [\n {\n alias: correlationId,\n roles: [CredentialRole.ISSUER],\n origin: IdentityOrigin.EXTERNAL,\n identifier: {\n type: CorrelationIdentifierType.URL,\n correlationId: issuerUrl.hostname,\n },\n // TODO WAL-476 add support for correct connection\n connection: {\n type: ConnectionType.OPENID_CONNECT,\n config: {\n clientId: '138d7bf8-c930-4c6e-b928-97d3a4928b01',\n clientSecret: '03b3955f-d020-4f2a-8a27-4e452d4e27a0',\n scopes: ['auth'],\n issuer: 'https://example.com/app-test',\n redirectUrl: 'app:/callback',\n dangerouslyAllowInsecureHttpRequests: true,\n clientAuthMethod: 'post' as const,\n },\n },\n },\n ],\n }\n\n const onCreate = async ({\n party,\n issuerUrl,\n issuerName,\n correlationId,\n }: {\n party: NonPersistedParty\n issuerUrl: string\n issuerName: string\n correlationId: string\n }): Promise<void> => {\n const displayName = party.contact.displayName ?? issuerName\n const contacts: Array<Party> = await context.agent.cmGetContacts({\n filter: [\n {\n contact: {\n // Searching on legalName as displayName is not unique, and we only support organizations for now\n legalName: displayName,\n },\n },\n ],\n })\n if (contacts.length === 0 \|\| !contacts[0]?.contact) {\n const contact = await context.agent.cmAddContact({\n ...party,\n displayName,\n legalName: displayName,\n contactType: {\n type: PartyTypeType.ORGANIZATION,\n name: displayName,\n origin: PartyOrigin.EXTERNAL,\n tenantId: party.tenantId ?? '1',\n },\n })\n oid4vciMachine.send({\n type: OID4VCIMachineEvents.CREATE_CONTACT,\n data: contact,\n })\n }\n }\n\n const onConsentChange = async (hasConsent: boolean): Promise<void> => {\n oid4vciMachine.send({\n type: OID4VCIMachineEvents.SET_CONTACT_CONSENT,\n data: hasConsent,\n })\n }\n\n const onAliasChange = async (alias: string): Promise<void> => {\n oid4vciMachine.send({\n type: OID4VCIMachineEvents.SET_CONTACT_ALIAS,\n data: alias,\n })\n }\n\n if (!issuerName) {\n issuerName = `EBSI unknown (${issuerUrl})`\n } else if (issuerName.startsWith('http')) {\n issuerName = `EBSI ${issuerName.replace(/https?:\\/\\//, '')}`\n }\n if (!contactAlias) {\n return await onAliasChange(issuerName)\n }\n issuerName = contactAlias\n if (!hasContactConsent) {\n return await onConsentChange(true)\n }\n await onCreate({ party, issuerName, issuerUrl: issuerUrl.toString(), correlationId })\n }\n}\n\nexport const handleErrorCallback = (context: IRequiredContext) => {\n return async (oid4vciMachine: OID4VCIMachineInterpreter \| Siopv2MachineInterpreter, state: OID4VCIMachineState \| Siopv2MachineState) => {\n console.error(`error callback event: ${state.event}`, state.context.error)\n logger.trace(state.event)\n }\n}\n\nexport const selectCredentialsCallback = (context: IRequiredContext) => {\n return async (oid4vciMachine: OID4VCIMachineInterpreter, state: OID4VCIMachineState) => {\n const { contact, credentialToSelectFrom, selectedCredentials } = state.context\n\n if (selectedCredentials && selectedCredentials.length > 0) {\n logger.info(`selected: ${selectedCredentials.join(', ')}`)\n oid4vciMachine.send({\n type: OID4VCIMachineEvents.NEXT,\n })\n return\n } else if (!contact) {\n return Promise.reject(Error('Missing contact in context'))\n }\n\n const onSelectType = async (selectedCredentials: Array<string>): Promise<void> => {\n console.log(`Selected credentials: ${selectedCredentials.join(', ')}`)\n oid4vciMachine.send({\n type: OID4VCIMachineEvents.SET_SELECTED_CREDENTIALS,\n data: selectedCredentials,\n })\n }\n\n await onSelectType(credentialToSelectFrom.map((sel) => sel.credentialId))\n }\n}\n\nexport const authorizationCodeUrlCallback = (\n {\n authReqResult,\n vpLinkHandler,\n }: {\n authReqResult: AttestationAuthRequestUrlResult\n vpLinkHandler: Siopv2OID4VPLinkHandler\n },\n context: IRequiredContext,\n) => {\n return async (oid4vciMachine: OID4VCIMachineInterpreter, state: OID4VCIMachineState) => {\n const url = state.context.authorizationCodeURL\n console.log('navigateAuthorizationCodeURL: ', url)\n if (!url) {\n return Promise.reject(Error('Missing authorization URL in context'))\n }\n const onOpenAuthorizationUrl = async (url: string): Promise<void> => {\n console.log('onOpenAuthorizationUrl being invoked: ', url)\n oid4vciMachine.send({\n type: OID4VCIMachineEvents.INVOKED_AUTHORIZATION_CODE_REQUEST,\n data: url,\n })\n const response = await fetch(url, { redirect: 'manual' })\n if (response.status < 301 \|\| response.status > 302) {\n throw Error(`When doing a headless auth, we expect to be redirected on getting the authz URL`)\n }\n const openidUri = response.headers.get('location')\n if (!openidUri \|\| !openidUri.startsWith('openid://')) {\n let error: string \| undefined = undefined\n if (openidUri) {\n if (openidUri.includes('error')) {\n error = 'Authorization server error: '\n const decoded = decodeUriAsJson(openidUri)\n if ('error' in decoded && decoded.error) {\n error += decoded.error + ', '\n }\n if ('error_description' in decoded && decoded.error_description) {\n error += decoded.error_description\n }\n }\n }\n throw Error(\n error ??\n `Expected a openid:// URI to be returned from EBSI in headless mode. Returned: ${openidUri}, ${JSON.stringify(await response.text())}`,\n )\n }\n\n console.log(`onOpenAuthorizationUrl after openUrl: ${url}`)\n const kid = authReqResult.authKey.meta?.jwkThumbprint\n ? `${authReqResult.identifier.did}#${authReqResult.authKey.meta.jwkThumbprint}`\n : authReqResult.identifier.kid\n await vpLinkHandler.handle(openidUri, { idOpts: { ...authReqResult.identifier, kmsKeyRef: kid } })\n }\n await onOpenAuthorizationUrl(url)\n }\n}\n\nexport const reviewCredentialsCallback = (context: IRequiredContext) => {\n return async (oid4vciMachine: OID4VCIMachineInterpreter, state: OID4VCIMachineState) => {\n console.log(`# REVIEW CREDENTIALS:`)\n console.log(JSON.stringify(state.context.credentialsToAccept, null, 2))\n oid4vciMachine.send({\n type: OID4VCIMachineEvents.NEXT,\n })\n }\n}\n\nexport const siopDoneCallback = ({ oid4vciMachine }: { oid4vciMachine: OID4VCIMachine }, context: IRequiredContext) => {\n return async (oid4vpMachine: Siopv2MachineInterpreter, state: Siopv2MachineState) => {\n // console.log('SIOP result:')\n // console.log(JSON.stringify(state.context, null , 2))\n if (!state.context.authorizationResponseData?.queryParams?.code) {\n throw Error(`No code was returned from the authorization step`)\n }\n oid4vciMachine.interpreter.send({\n type: OID4VCIMachineEvents.PROVIDE_AUTHORIZATION_CODE_RESPONSE,\n data: state.context.authorizationResponseData.url!,\n })\n console.log(`SIOP DONE!`)\n }\n}\n","import { ApiOpts, EbsiEnvironment } from '../types/IEbsiSupport'\n\nexport const getEbsiApiBaseUrl = ({\n environment = 'pilot',\n version,\n system = 'pilot',\n}: ApiOpts & { system?: 'authorisation' \| 'conformance' \| 'did-registry' \| EbsiEnvironment }) => {\n return `https://api-${environment}.ebsi.eu/${system}/${version}`\n}\n\nexport const wait = async (timeoutInMS: number) => {\n return new Promise((resolve) => setTimeout(resolve, timeoutInMS))\n}\n\nexport from './Attestation'\n","import fetch from 'cross-fetch'\nimport { DIDDocument } from 'did-resolver'\nimport { wait } from '../../functions'\nimport { logger } from '../../index'\nimport { ApiOpts } from '../../types/IEbsiSupport'\nimport { ebsiGetRegistryAPIUrls } from '../functions'\nimport { GetDidDocumentParams, GetDidDocumentsParams, GetDidDocumentsResponse } from '../types'\n\n/*\n Gets the DID document corresponding to the DID.\n * @param {{ params: GetDidDocumentParams, apiOpts?: ApiOpts }} args\n * @returns a did document\n /\nexport const ebsiGetDidDocument = async (args: { params: GetDidDocumentParams; apiOpts?: ApiOpts }): Promise<DIDDocument> => {\n const { params, apiOpts } = args\n const { did, validAt } = params\n if (!did) {\n throw new Error('did parameter is required')\n }\n const query = validAt ? `?valid_at=${validAt}` : ''\n const response = await fetch(`${ebsiGetRegistryAPIUrls({ ...apiOpts }).query}/${did}${query}`)\n const textBody = await response.text()\n const json = textBody.startsWith('{') ? JSON.parse(textBody) : undefined\n\n if (response.status >= 300 \|\| !json) {\n return Promise.reject(new Error(json ?? textBody))\n }\n return json\n}\n\n/\n Wait up to the number of MS for a DID Document or Verification methods and relationships to be registered. This is needed, as the EBSI blockchain does not directly propagate across all nodes, since it needs to mine for consensus first\n * @param args\n /\nexport const ebsiWaitTillDocumentAnchored = async (\n args: GetDidDocumentParams &\n ApiOpts & {\n startIntervalMS?: number\n minIntervalMS?: number\n decreaseIntervalMSPerStep?: number\n maxWaitTime?: number\n searchForObject?: Record<string, any>\n },\n): Promise<{\n totalWaitTime: number\n count: number\n didDocument: DIDDocument \| undefined\n}> => {\n const {\n did,\n startIntervalMS = 2000,\n minIntervalMS = 500,\n decreaseIntervalMSPerStep = 250,\n maxWaitTime = 60_000,\n version = 'v5',\n environment = 'pilot',\n searchForObject,\n } = args\n\n if (startIntervalMS < minIntervalMS) {\n return Promise.reject(Error(`min interval ${minIntervalMS} needs to be smaller or equal to the start interval ${startIntervalMS}`))\n } else if (decreaseIntervalMSPerStep < 0) {\n return Promise.reject(Error(`decrease interval per step ${decreaseIntervalMSPerStep} needs to be bigger than zero`))\n }\n let interval = startIntervalMS\n let totalWaitTime = 0\n let didDocument: DIDDocument \| undefined\n let count = 0\n function logCalback() {\n logger.debug(`Get DID Document; count ${count}: wait time: ${totalWaitTime}, ${did}`)\n }\n while (!didDocument && totalWaitTime <= maxWaitTime) {\n ++count\n try {\n logCalback()\n didDocument = await ebsiGetDidDocument({ params: { did }, apiOpts: { environment, version } })\n if (searchForObject!! && didDocument) {\n const didDocAsStr = JSON.stringify(didDocument)\n const search = JSON.stringify(searchForObject)\n const found = didDocAsStr.includes(search.substring(1, search.length - 1))\n if (!found) {\n logger.debug(`We did not find VM relationship or key ${JSON.stringify(searchForObject)} in DID document ${did}`)\n didDocument = undefined\n }\n }\n } catch (e) {}\n if (!didDocument) {\n await wait(interval)\n totalWaitTime += interval\n interval = Math.max(interval - decreaseIntervalMSPerStep, minIntervalMS)\n }\n }\n logCalback()\n return { didDocument, totalWaitTime, count }\n}\n\n/\n listDidDocuments - Returns a list of identifiers.\n * @param {{ params: GetDidDocumentsParams; apiOpts?: ApiOpts }} args\n * @returns a list of identifiers\n /\nexport const ebsiListDidDocuments = async (args: { params: GetDidDocumentsParams; apiOpts?: ApiOpts }): Promise<GetDidDocumentsResponse> => {\n const { params, apiOpts } = args\n const { offset, size, controller } = params\n const queryParams: string[] = []\n if (offset) {\n queryParams.push(`page[after]=${offset}`)\n }\n if (size) {\n queryParams.push(`page[size]=${size}`)\n }\n if (controller) {\n queryParams.push(`controller=${controller}`)\n }\n const query = `?${queryParams.filter(Boolean).join('&')}`\n return await (await fetch(`${ebsiGetRegistryAPIUrls({ ...apiOpts }).query}/${query}`)).json()\n}\n","import fetch from 'cross-fetch'\nimport { wait } from '../../functions'\nimport { logger } from '../../index'\nimport { ebsiGetRegistryAPIUrls, randomRpcId } from '../functions'\nimport { EbsiRPCResponse, JSON_RPC_VERSION, RpcMethodArgs } from '../types'\n\n/\n Allows to call 5 api methods of the EBSI RPC api\n * - insertDidDocument\n * - updateBaseDocument\n * - addVerificationMethod\n * - addVerificationMethodRelationship\n * - sendSignedTransaction\n * @function callRpcMethod\n * @param {{ params: RPCParams[]; id: number; token: string; method: EbsiRpcMethod; apiOpts? ApiOpts }} args\n /\nexport const callRpcMethod = async (args: RpcMethodArgs): Promise<EbsiRPCResponse> => {\n return callRpcMethodImpl({ ...args, retries: 10 })\n}\nconst callRpcMethodImpl = async (args: RpcMethodArgs & { retries: number }): Promise<EbsiRPCResponse> => {\n const { params, rpcId, accessToken, rpcMethod, apiOpts, doNotThrowErrors = false, retries } = args\n const options = buildFetchOptions({ accessToken: accessToken, params, rpcId, rpcMethod })\n logger.debug(`RPC call:\\r\\n ${JSON.stringify(options, null, 2)}`)\n const rpcResponse = await (await fetch(ebsiGetRegistryAPIUrls({ ...apiOpts }).mutate, options)).json()\n\n let result = rpcResponse.result\n logger.debug(`RPC RESPONSE:\\r\\n${JSON.stringify(result ?? rpcResponse.error)}`)\n\n if (rpcResponse.error !== undefined && !doNotThrowErrors) {\n logger.error(`RPC ERROR RESPONSE:`, rpcResponse)\n if (rpcResponse.error.message.includes(`replacement fee too low`)) {\n args.rpcId = randomRpcId()\n if (retries <= 0) {\n throw Error(rpcResponse.error.message)\n }\n logger.warning(`Replacement fee too low error. Waiting 1 sec. Retries: ${retries}`)\n await wait(1000)\n return callRpcMethodImpl({ ...args, retries: retries - 1 })\n }\n throw Error(rpcResponse.error.message)\n }\n\n return rpcResponse\n}\n\n/\n Builds the request body of the http request to EBSI RPC api\n * @function buildFetchOptions\n * @param {{ params: RPCParams[]; id: number; token: string; method: EbsiRpcMethod }} args\n /\nconst buildFetchOptions = (args: RpcMethodArgs): RequestInit => {\n const { params, rpcId, accessToken, rpcMethod } = args\n const fetchReq = {\n method: 'POST',\n headers: {\n 'Content-Type': 'application/json',\n Authorization: `Bearer ${accessToken}`,\n },\n body: JSON.stringify({\n jsonrpc: JSON_RPC_VERSION,\n method: rpcMethod,\n params: params,\n id: rpcId,\n }),\n } satisfies RequestInit\n logger.debug(fetchReq)\n return fetchReq\n}\n","import { W3CVerifiableCredential } from '@sphereon/ssi-types'\nimport { IAgentContext, IIdentifier, IKeyManager, MinimalImportableKey, TKeyType } from '@veramo/core'\nimport { IService } from '@veramo/core'\nimport { DIDDocument } from 'did-resolver'\nimport { AccessListish, BigNumberish, BytesLike } from 'ethers'\nimport { ApiOpts, EbsiEnvironment } from '../types/IEbsiSupport'\nimport { CredentialRole } from '@sphereon/ssi-types'\n\nexport type IContext = IAgentContext<IKeyManager>\n\n/\n The type of the DID to be created\n * @readonly\n * @enum {string}\n /\nexport type EbsiDIDType = 'NATURAL_PERSON' \| 'LEGAL_ENTITY'\n\n/\n The DID method to use\n * @readonly\n * @enum {string}\n /\nexport type EbsiDIDPrefix = 'did:ebsi:' \| 'did:key:'\n\n/\n @typedef EbsiDidSpecInfo\n * @type {object}\n * @property {EbsiDIDType} type - The type of the DID\n * @property {EbsiDIDPrefix} method - The method of the DID\n * @property {number} version - The version of the specs\n * @property {number} didLength - The length of the DID\n * @property {number} privateKeyLength The private key length\n /\nexport interface EbsiDidSpecInfo {\n type: EbsiDIDType\n method: EbsiDIDPrefix\n version?: number\n didLength?: number\n privateKeyLength?: number\n}\n\nexport const EBSI_DID_SPEC_INFOS: Record<string, EbsiDidSpecInfo> = {\n V1: {\n type: 'LEGAL_ENTITY',\n method: 'did:ebsi:',\n version: 0x01,\n didLength: 16,\n privateKeyLength: 32,\n },\n KEY: {\n type: 'NATURAL_PERSON',\n method: 'did:key:',\n },\n}\n\n/\n A minimal importable key with restricted types to choose from and purposes of the public key\n * @typedef IKeyOpts\n * @extends MinimalImportableKey\n * @property {EbsiKeyType} type\n * @property {EbsiPublicKeyPurpose[]} purposes\n /\nexport interface IKeyOpts extends WithRequiredProperty<Partial<MinimalImportableKey>, 'privateKeyHex'> {\n type?: EbsiKeyType\n purposes?: EbsiPublicKeyPurpose[]\n}\n\n// Needed to make a single property required\ntype WithRequiredProperty<Type, Key extends keyof Type> = Type & {\n [Property in Key]-?: Type[Property]\n}\n\nexport type RpcMethodArgs = {\n params: RPCParams[]\n rpcId: number\n accessToken: string\n rpcMethod: EbsiRpcMethod\n apiOpts?: ApiOpts\n doNotThrowErrors?: boolean\n}\n\nexport type EbsiCreateIdentifierOpts = {\n methodSpecificId?: string\n rpcId?: number\n secp256k1Key?: IKeyOpts\n secp256r1Key?: IKeyOpts\n did?: string\n keys?: IKeyOpts[] // additional importable keys, but only in case execute ledger is true\n executeLedgerOperation?: boolean // Whether to persist on the EBSI ledger. By default looks at whether access token opts are set or not\n baseDocument?: string\n notBefore?: number\n notAfter?: number\n accessTokenOpts: EbsiAccessTokenOpts\n services?: IService[]\n}\n\n/\n @typedef ICreateIdentifierArgs\n * @type {object}\n * @property {string} kms - The kms to use\n * @property {string} alias - The alias of the DID\n * @property {EbsiDidSpecInfo} type\n * @property {string} options.methodSpecificId - method specific id for import\n * @property {IKeyOpts} secp256k1Key - The options to create the key\n * @property {IKeyOpts} secp256r1Key - The options to create the key\n /\nexport interface ICreateIdentifierArgs {\n kms?: string\n alias?: string\n type?: EbsiDidSpecInfo\n options: EbsiCreateIdentifierOpts\n}\n\n/\n The Ebsi allowed key types - Secp256k1 and Secp256r1\n * @readonly\n * @enum {string}\n /\nexport type EbsiKeyType = Extract<TKeyType, 'Secp256k1' \| 'Secp256r1'>\n\n/\n The purpose of the public keys\n * @readonly\n * @enum {string}\n /\nexport enum EbsiPublicKeyPurpose {\n Authentication = 'authentication',\n AssertionMethod = 'assertionMethod',\n CapabilityInvocation = 'capabilityInvocation',\n}\n\n/\n @typedef InsertDidDocumentParams\n * @type {object}\n * @property {string} from - Ethereum address of the signer\n * @property {string} did - DID to insert. It must be for a legal entity (DID v1)\n * @property {string} BASE_CONTEXT_DOC - JSON string containing the @context of the DID document\n * @property {string} vMethodId - Thumbprint of the public key\n * @property {string} publicKey - Public key for secp256k1 in uncompressed format prefixed with \"0x04\"\n * @property {boolean} isSecp256k1 - It must be true\n * @property {number} notBefore - Capability invocation is valid from this time\n * @property {number} notAfter - Expiration of the capability invocation\n /\nexport type InsertDidDocumentParams = {\n from: string\n did: string\n baseDocument: string\n vMethodId: string\n publicKey: string\n isSecp256k1: boolean\n notBefore: number\n notAfter: number\n}\n\n/\n @typedef UpdateBaseDocumentParams\n * @type {object}\n * @property {string} from - Ethereum address of the signer\n * @property {string} did - Existing DID\n * @property {string} BASE_CONTEXT_DOC - JSON string containing the @context of the DID document\n /\nexport type UpdateBaseDocumentParams = Pick<InsertDidDocumentParams, 'from' \| 'did' \| 'baseDocument'>\n\n/\n @typedef UpdateIdentifierParams\n * @type {object}\n * @property {string} did - A DID\n * @property {Partial<DIDDocument>} document - The partial DID document\n * @property {{ [p: string]: any }} [options] - Any additional options\n /\nexport type UpdateIdentifierParams = {\n did: string\n document: Partial<DIDDocument>\n options?: { [p: string]: any }\n}\n\nexport type AddServiceParams = {\n from: string\n did: string\n service: IService\n}\n\n/\n @typedef AddVerificationMethodParams\n * @type {object}\n * @property {string} from - Ethereum address of the signer\n * @property {string} did - Existing DID\n * @property {string} vMethodId - New verification method id\n * @property {boolean} isSecp256k1 - Boolean defining if the public key is for secp256k1 curve or not\n * @property {string} publicKey - Public key as hex string. For an ES256K key, it must be in uncompressed format\n * prefixed with \"0x04\". For other algorithms, it must be the JWK transformed to string and then to hex format.\n /\nexport type AddVerificationMethodParams = Pick<InsertDidDocumentParams, 'from' \| 'did' \| 'vMethodId' \| 'isSecp256k1' \| 'publicKey'>\n\n/\n @typedef AddVerificationMethodRelationshipParams\n * @type {object}\n * @property {string} from - Ethereum address of the signer\n * @property {string} did - Existing DID\n * @property {string} name - Name of the verification relationship\n * @property {string} vMethodId - Reference to the verification method\n * @property {number} notBefore - Verification relationship is valid from this time\n * @property {number} notAfter - Expiration of the verification relationship\n /\nexport type AddVerificationMethodRelationshipParams = Pick<InsertDidDocumentParams, 'from' \| 'did' \| 'vMethodId' \| 'notBefore' \| 'notAfter'> & {\n name: string\n}\n\n/\n @typedef UnsignedTransaction\n * @type {object}\n * @property {string} from - The sending address.\n * @property {string} to - The receiving address (if EOA, the transaction will transfer value. If a smart contract\n * account, the transaction will use contract code).\n * @property {string} data - Can contain code or a message to the recipient.\n * @property {string} nonce - A number used to track ordering of transactions and prevent replay attacks\n * @property {string} chainId - The Ethereum Network ID (ex: 1 - Ethereum Mainnet).\n * @property {string} gasLimit - The maximum amount of gas units that can be used.\n * @property {string} gasPrice - Gas price provided by the sender in Wei.\n * @property {string} value - The amount of ETH to be sent from the sending address (denominated in Wei)\n /\nexport type UnsignedTransaction = {\n to?: string\n nonce?: number\n\n gasLimit?: BigNumberish\n gasPrice?: BigNumberish\n\n data?: BytesLike\n value?: BigNumberish\n chainId?: number\n\n // Typed-Transaction features\n type?: number \| null\n\n // EIP-2930; Type 1 & EIP-1559; Type 2\n accessList?: AccessListish\n\n // EIP-1559; Type 2\n maxPriorityFeePerGas?: BigNumberish\n maxFeePerGas?: BigNumberish\n /from: string\n to: string\n data: string\n nonce: string\n chainId: string\n gasLimit: string\n gasPrice: string\n value: string/\n}\n/\n @typedef SendSignedTransactionParams\n * @type {object}\n * @property {string} protocol - Example: eth\n * @property {UnsignedTransaction} unsignedTransaction - The unsigned transaction\n * @property {string} r - ECDSA signature r\n * @property {string} s - ECDSA signature s\n * @property {string} v - ECDSA recovery id\n * @property {string} signedRawTransaction - The signed raw transaction\n /\nexport type SendSignedTransactionParams = {\n protocol: string\n unsignedTransaction: UnsignedTransaction\n r: string\n s: string\n v: string\n signedRawTransaction: string\n}\n\n/\n @typedef RpcOkResponse\n * @type {object}\n * @property {string} JSON_RPC_VERSION - Must be exactly \"2.0\"\n * @property {number} id - Same identifier established by the client in the call\n * @property {object} result - Result of the transaction\n /\nexport type RpcOkResponse = {\n jsonrpc: string\n id: number\n result: any\n}\n\nexport type RpcErrorResponse = {\n jsonrpc: string\n id: number\n error: {\n code: number\n message: string\n }\n}\n\n/\n @typedef ResponseNot200\n * @type {object}\n * @property {URL \| string} type - An absolute URI that identifies the problem type. When dereferenced,\n * it SHOULD provide human-readable documentation for the problem type.\n * @property {string} title - A short summary of the problem type.\n * @property {number} status - The HTTP status code generated by the origin server for this occurrence of the problem.\n * @property {string} detail - A human-readable explanation specific to this occurrence of the problem.\n * @property {URL \| string} instance An absolute URI that identifies the specific occurrence of the problem.\n * It may or may not yield further information if dereferenced.\n /\nexport type ResponseNot200 = {\n type: URL \| string\n id?: number\n title: string\n error?: {\n code: number\n message: string\n }\n status: number\n detail: string\n instance: URL \| string\n}\n\n/\n @typedef GetDidDocumentParams\n * @type {object}\n * @property {string} did\n * @property {string} validAt\n /\nexport type GetDidDocumentParams = {\n did: string\n validAt?: string\n}\n\n/\n @typedef GetDidDocumentsParams\n * @type {object}\n * @property {string} offset Originally page[after] Cursor that points to the end of the page of data that has been returned.\n * @property {number} size Originally page[size] Defines the maximum number of objects that may be returned.\n * @property {string} controller Filter by controller DID.\n /\nexport type GetDidDocumentsParams = {\n offset?: string\n size?: number\n controller?: string\n}\n\n/\n Result of listing dids\n * @typedef {Item}\n * @type {object}\n * @property {string} did - The DID\n * @property {string} href - The referrer of the DID\n /\nexport type Item = {\n did: string\n href: string\n}\n\n/\n The links related to pagination\n * @typedef Links\n * @type {object}\n * @property {string} first - The link to the first page\n * @property {string} prev - The link ot the previous page\n * @property {string} next - The link to the next page\n * @property {string} last - The link to the last page\n /\nexport type Links = {\n first: string\n prev: string\n next: string\n last: string\n}\n\n/\n @typedef GetDidDocumentResponse\n * @type {object}\n * @property {string} self - Absolute path to the collection (consult)\n * @property {Item[]} items - List of DIDs and their referrers\n * @property {number} total - Total number of items across all pages.\n * @property {pageSize} number - Maximum number of items per page. For the last page, its value should be independent of the number of actually returned items.\n * @property {Links} links - The links related to pagination\n /\nexport type GetDidDocumentsResponse = {\n self: string\n items: Item[]\n total: number\n pageSize: number\n links: Links\n}\n\nexport type EbsiAccessTokenOpts = {\n attestationToOnboard?: W3CVerifiableCredential\n attestationToOnboardCredentialRole: CredentialRole\n jwksUri?: string\n redirectUri: string\n credentialIssuer: string\n clientId: string\n environment: EbsiEnvironment\n}\n/\n @typedef CreateEbsiDidParams\n * @type {object}\n * @property {Omit<IIdentifier, 'provider'>} identifier An identifier without the provider\n * @property {ManagedKeyInfo} secp256k1ManagedKeyInfo A Secp256k1 managed key\n * @property {ManagedKeyInfo} secp256r1ManagedKeyInfo A Secp256r1 managed key\n * @property {number} id A client created id\n * @property {string} from The wallet eth like address\n * @property {string} [baseDocument] The base DID document\n * @property {number} notBefore Date of issuance of the identifier\n * @property {number} notAfter Date of expiration of the identifier\n * @property {ApiOpts} [apiOpts] The EBSI API options\n /\nexport type CreateEbsiDidParams = {\n identifier: IIdentifier\n rpcId?: number\n notBefore?: number\n notAfter?: number\n baseDocument?: string\n accessTokenOpts: EbsiAccessTokenOpts\n}\nexport interface CreateEbsiDidOnLedgerResult {\n identifier: IIdentifier\n addVerificationMethod: EbsiRPCResponse\n insertDidDoc: EbsiRPCResponse\n addAssertionMethodRelationship: EbsiRPCResponse\n addAuthenticationRelationship: EbsiRPCResponse\n}\n/\n @constant JSON_RPC_VERSION\n /\nexport const JSON_RPC_VERSION = '2.0'\n\n/\n @constant BASE_CONTEXT_DOC\n /\nexport const BASE_CONTEXT_DOC = JSON.stringify({ '@context': ['https://www.w3.org/ns/did/v1', 'https://w3id.org/security/suites/jws-2020/v1'] })\n\nexport interface EbsiDidRegistryAPIEndpoints {\n mutate: string\n query: string\n}\n\n/\n The EBSI RPC operations\n * @readonly\n * @enum {string}\n /\nexport enum EbsiRpcMethod {\n INSERT_DID_DOCUMENT = 'insertDidDocument',\n UPDATE_DID_DOCUMENT = 'updateBaseDocument',\n ADD_VERIFICATION_METHOD = 'addVerificationMethod',\n ADD_VERIFICATION_RELATIONSHIP = 'addVerificationRelationship',\n ADD_SERVICE = 'addService',\n SEND_SIGNED_TRANSACTION = 'sendSignedTransaction',\n}\n\nexport type RPCParams =\n \| InsertDidDocumentParams\n \| UpdateBaseDocumentParams\n \| AddVerificationMethodParams\n \| AddVerificationMethodRelationshipParams\n \| SendSignedTransactionParams\n \| AddServiceParams\n\nexport type EbsiRPCResponse = RpcOkResponse \| (RpcErrorResponse & { nonce: string })\n","import { DiscoveryMetadataPayload, JWK } from '@sphereon/did-auth-siop'\nimport { OID4VCICredentialFormat, RequestObjectOpts } from '@sphereon/oid4vci-common'\nimport { Format, PresentationDefinitionV2 } from '@sphereon/pex-models'\nimport { IIdentifierResolution, ManagedIdentifierDidOpts, ManagedIdentifierDidResult } from '@sphereon/ssi-sdk-ext.identifier-resolution'\nimport { IJwtService } from '@sphereon/ssi-sdk-ext.jwt-service'\nimport { IBasicCredentialLocaleBranding, Party } from '@sphereon/ssi-sdk.data-store-types'\nimport { CredentialRole } from '@sphereon/ssi-types'\nimport { ErrorDetails, IOID4VCIHolder, MappedCredentialToAccept } from '@sphereon/ssi-sdk.oid4vci-holder'\nimport { IPresentationExchange } from '@sphereon/ssi-sdk.presentation-exchange'\nimport { IDidAuthSiopOpAuthenticator } from '@sphereon/ssi-sdk.siopv2-oid4vp-op-auth'\nimport { PresentationSubmission, W3CVerifiableCredential } from '@sphereon/ssi-types'\nimport { IAgentContext, IDIDManager, IKeyManager, IPluginMethodMap, IResolver } from '@veramo/core'\nimport { CreateEbsiDidOnLedgerResult, CreateEbsiDidParams } from '../did'\nimport { AttestationAuthRequestUrlResult } from '../functions'\n\n/\n The OpenID scope\n * @readonly\n * @enum {string}\n /\nexport type EBSIScope =\n \| 'didr_write'\n \| 'didr_invite'\n \| 'tir_write'\n \| 'tir_invite'\n \| 'timestamp_write'\n \| 'tnt_authorise'\n \| 'tnt_create'\n \| 'tnt_write'\n \| 'did_authn'\n\nexport enum TokenType {\n BEARER = 'Bearer',\n}\n\nexport type EbsiEnvironment = 'pilot' \| 'conformance' \| 'conformance-test'\nexport type EbsiApiVersion = 'v3' \| 'v4' \| 'v5'\nexport type WellknownType = 'openid-credential-issuer' \| 'openid-configuration'\nexport type EbsiMock = 'issuer-mock' \| 'auth-mock'\nexport type EbsiSystem = 'authorisation' \| 'conformance' \| 'did-registry'\n\nexport type ApiOpts = { environment?: EbsiEnvironment; version: EbsiApiVersion }\nexport type WellknownOpts = ApiOpts & { type: WellknownType; system?: EbsiSystem \| EbsiEnvironment; mock?: EbsiMock }\n\nexport interface IEbsiSupport extends IPluginMethodMap {\n ebsiCreateDidOnLedger(args: CreateEbsiDidParams, context: IRequiredContext): Promise<CreateEbsiDidOnLedgerResult>\n\n ebsiWellknownMetadata(args?: ApiOpts): Promise<GetOIDProviderMetadataResponse>\n\n ebsiAuthorizationServerJwks(args?: ApiOpts): Promise<GetOIDProviderJwksResponse>\n\n ebsiPresentationDefinitionGet(args: GetPresentationDefinitionArgs): Promise<GetPresentationDefinitionResponse>\n\n ebsiAccessTokenGet(args: EBSIAuthAccessTokenGetArgs, context: IRequiredContext): Promise<GetAccessTokenResult>\n\n ebsiCreateAttestationAuthRequestURL(args: CreateAttestationAuthRequestURLArgs, context: IRequiredContext): Promise<AttestationAuthRequestUrlResult>\n\n ebsiGetAttestation(args: GetAttestationArgs, context: IRequiredContext): Promise<AttestationResult>\n}\n\n// export type ApiOpts = { environment?: EbsiEnvironment; version?: string }\n\n/\n @typedef EbsiOpenIDMetadata\n * @type {object}\n * @property {(URL \| string)} issuer URL using the https scheme with no query or fragment component that the OP asserts as its Issuer Identifier. MUST be identical to the iss Claim value in ID Tokens issued from this Issuer.\n * @property {(URL \| string)} authorization_endpoint URL of the OP's OAuth 2.0 Authorization Endpoint.\n * @property {(URL \| string)} token_endpoint URL of the OP's OAuth 2.0 Token Endpoint.\n * @property {(URL \| string)} [presentation_definition_endpoint] URL of the OP's presentation definitions endpoint. Non-standard, used in EBSI\n * @property {(URL \| string)} jwks_uri URL of the authorization server's JWK Set [JWK] document\n * @property {string[]} scopes_supported JSON array containing a list of the OAuth 2.0 [RFC6749] scope values that this server supports. (SIOP v2)\n * @property {string[]} response_types_supported JSON array containing a list of the OAuth 2.0 \"response_type\" values that this authorization server supports (SIOP v2)\n * @property {string[]} [response_mode_supported] JSON array containing a list of the OAuth 2.0 response_mode values that this OP supports\n * @property {string[]} [grant_types_supported] JSON array containing a list of the OAuth 2.0 grant type values that this authorization server supports.\n * @property {string[]} subject_types_supported JSON array containing a list of the Subject Identifier types that this OP supports.\n * @property {string[]} id_token_signing_alg_values_supported JSON array containing a list of the JWS signing algorithms (alg values) supported by the OP for the ID Token to encode the Claims in a JWT\n * @property {string[]} [request_object_signing_alg_values_supported] JSON array containing a list of the JWS signing algorithms (alg values) supported by the OP for Request Objects\n * @property {string[]} [request_parameter_supported] Boolean value specifying whether the OP supports use of the request parameter, with true indicating support\n * @property {string[]} [token_endpoint_auth_methods_supported] JSON array containing a list of client authentication methods supported by this token endpoint\n * @property {{ authorization_endpoint: string[] }} [request_authentication_methods_supported] A JSON Object defining the client authentications supported for each endpoint\n * @property {string[]} [vp_formats_supported] An object containing a list of key value pairs, where the key is a string identifying a credential format supported by the AS\n * @property {(URL[] \| string[])} [subject_syntax_types_supported] A JSON array of strings representing URI scheme identifiers and optionally method names of supported Subject Syntax Types\n * @property {string[]} [subject_trust_frameworks_supported] A JSON array of supported trust frameworks.\n * @property {string[]} [id_token_types_supported] A JSON array of strings containing the list of ID Token types supported by the OP\n /\nexport type EbsiOpenIDMetadata = DiscoveryMetadataPayload & {\n presentation_definition_endpoint?: URL \| string\n}\n\n/\n JSON Web Key Set\n * @typedef GetOIDProviderJwksSuccessResponse\n * @property {JWK[]} keys\n /\nexport interface GetOIDProviderJwksSuccessResponse {\n keys: JWK[]\n}\n\n/\n @typedef GetPresentationDefinitionArgs\n * @type {object}\n * @property {EBSIScope} scope\n * @property {ApiOpts} [apiOpts] The environment and version of the API\n /\nexport interface GetPresentationDefinitionArgs {\n scope: EBSIScope\n apiOpts?: WellknownOpts\n openIDMetadata?: EbsiOpenIDMetadata\n}\n\nexport type CreateAttestationAuthRequestURLArgs = {\n credentialIssuer: string\n credentialType: string\n idOpts: ManagedIdentifierDidOpts\n requestObjectOpts: RequestObjectOpts\n clientId?: string\n redirectUri?: string\n formats?: Array<Extract<OID4VCICredentialFormat, 'jwt_vc' \| 'jwt_vc_json'>>\n}\n\nexport type GetAttestationArgs = {\n clientId: string\n authReqResult: AttestationAuthRequestUrlResult\n opts?: {\n timeout: number\n }\n}\n\n/\n Presentation Definition V2\n * @typedef GetPresentationDefinitionSuccessResponse\n * @type {object}\n * @property {string} id A UUID or some other unique ID to identify this Presentation Definition\n * @property {string} [name] A name property is a human-friendly string intended to constitute a distinctive designation of the Presentation Definition.\n * @property {string} [purpose] It describes the purpose for which the Presentation Definition's inputs are being requested.\n * @property {Format} [format] What claim variants Verifiers and Holders support.\n * @property {SubmissionRequirement[]} [submission_requirements] List of requirements for described inputs in input descriptors.\n * @property {InputDescriptor[]} input_descriptors List of descriptions of the required inputs.\n * @property {object} [frame] a JSON LD Framing Document object.\n /\nexport type GetPresentationDefinitionSuccessResponse = PresentationDefinitionV2 & {\n format?: Pick<Format, 'jwt_vc' \| 'jwt_vc_json' \| 'jwt_vp' \| 'jwt_vp_json'>\n}\n\n/\n @typedef GetAccessTokenArgs\n * @type {object}\n * @property {string} grant_type MUST be set to \"vp_token\"\n * @property {string} vp_token Signed Verifiable Presentation. See also the VP Token schema definition.\n * @property {PresentationSubmission} presentation_submission Descriptor for the vp_token, linked by presentation_definition. See also the Presentation Definition schema.\n * @property {EBSIScope} scope Possible values: [openid didr_write, openid didr_invite, openid tir_write, openid tir_invite, openid timestamp_write, openid tnt_authorise, openid tnt_create, openid tnt_write] OIDC scope\n * @property {ApiOpts} [apiOpts] The environment and the version of the API\n /\nexport interface GetAccessTokenArgs {\n grant_type?: string\n vp_token: string\n presentation_submission: PresentationSubmission\n scope: EBSIScope\n openIDMetadata?: EbsiOpenIDMetadata\n apiOpts: ApiOpts\n}\n\nexport type GetAccessTokenResult = {\n identifier: ManagedIdentifierDidResult\n scope: EBSIScope\n // vp: VerifiablePresentationWithDefinition\n // definition: PresentationDefinitionWithLocation\n accessTokenResponse: GetAccessTokenSuccessResponse\n}\n/\n @typedef EBSIAuthAccessTokenGetArgs\n * @type {object}\n * @property {string} attestationCredential Verifiable Credential (Verifiable Authorisation to Onboard) JWT format\n // * @property {ScopeByDefinition} definitionId The presentation definition id\n * @property {string} [domain] The domain of the issuer\n * @property {string} did The did of the VP issuer\n * @property {string} kid kid in the format: did#kid\n * @property {EBSIScope} scope Needed to retrieve the authentication request\n * @property {ApiOpts} [apiOpts] The environment and the version of the API\n /\nexport interface EBSIAuthAccessTokenGetArgs {\n clientId: string\n credentialRole: CredentialRole\n credentialIssuer?: string\n attestationCredential?: W3CVerifiableCredential\n allVerifiableCredentials?: W3CVerifiableCredential[]\n redirectUri?: string\n jwksUri: string\n // definitionId: ScopeByDefinition\n idOpts: ManagedIdentifierDidOpts\n scope: EBSIScope\n environment: EbsiEnvironment\n skipDidResolution?: boolean\n}\n\n/\n @typedef GetAccessTokenSuccessResponse\n * @type {object}\n * @property {string} access_token ^(([A-Za-z0-9\\-_])+\\.)([A-Za-z0-9\\-_]+)(\\.([A-Za-z0-9\\-_]+)?$ The access token issued by the authorization server in JWS format. See also the \"Access Token\" schema definition\n * @property {TokenType} token_type Possible values: [Bearer]/MUST be Bearer\n * @property {number} [expires_in] Possible values: >= 1. The lifetime in seconds of the access token\n * @property {EBSIScope} scope Possible values: [openid didr_write, openid didr_invite, openid tir_invite, openid tir_write, openid timestamp_write, openid tnt_authorise, openid tnt_create, openid tnt_write] The scope of the access token\n * @property {string} id_token ^(([A-Za-z0-9\\-_])+\\.)([A-Za-z0-9\\-_]+)(\\.([A-Za-z0-9\\-_]+)?$ ID Token value associated with the authenticated session. Presents client's identity. ID Token is issued in a JWS format. See also the \"ID Token\" schema definition.\n * @property {ApiOpts} apiOpts The environment and the version of the API\n /\nexport interface GetAccessTokenSuccessResponse {\n access_token: string\n token_type: TokenType\n expires_in?: number\n scope: EBSIScope\n id_token: string\n apiOpts: ApiOpts\n}\n\n/\n @typedef ExceptionResponse\n * @type {object}\n * @property {(URL \| string)} [type] An absolute URI that identifies the problem type. When dereferenced, it SHOULD provide human-readable documentation for the problem type.\n * @property {string} [title] A short summary of the problem type.\n * @property {number} [status] Possible values: >= 400 and <= 600. The HTTP status code generated by the origin server for this occurrence of the problem.\n * @property {string} [detail] A human readable explanation specific to this occurrence of the problem.\n * @property {(URL \| string)} [instance] An absolute URI that identifies the specific occurrence of the problem. It may or may not yield further information if dereferenced.\n /\nexport interface ExceptionResponse {\n type?: URL \| string\n title?: string\n status?: number\n detail?: string\n instance?: URL \| string\n}\n\nexport type AttestationResult = {\n contactAlias: string\n contact: Party\n credentialBranding?: Record<string, Array<IBasicCredentialLocaleBranding>> \| undefined\n identifier: ManagedIdentifierDidResult\n error: ErrorDetails \| undefined\n credentials: Array<MappedCredentialToAccept>\n}\n\nexport type GetOIDProviderMetadataResponse = EbsiOpenIDMetadata\nexport type GetOIDProviderJwksResponse = GetOIDProviderJwksSuccessResponse \| ExceptionResponse\nexport type GetPresentationDefinitionResponse = GetPresentationDefinitionSuccessResponse\nexport type GetAccessTokenResponse = GetAccessTokenSuccessResponse \| ExceptionResponse\nexport type IRequiredContext = IAgentContext<\n IKeyManager &\n IDIDManager &\n IResolver &\n IIdentifierResolution &\n IJwtService &\n IDidAuthSiopOpAuthenticator &\n IPresentationExchange &\n IOID4VCIHolder &\n IEbsiSupport\n>\n","import { getControllerKey, getEthereumAddressFromKey } from '@sphereon/ssi-sdk-ext.did-utils'\nimport { calculateJwkThumbprint, calculateJwkThumbprintForKey, toJwk } from '@sphereon/ssi-sdk-ext.key-utils'\nimport { IAgentContext, IDIDManager, IIdentifier, IKeyManager } from '@veramo/core'\nimport { IKey, IService } from '@veramo/core'\nimport { AbstractIdentifierProvider } from '@veramo/did-manager'\nimport Debug from 'debug'\nimport { ApiOpts, IRequiredContext } from '../types/IEbsiSupport'\nimport {\n ebsiCreateDidOnLedger,\n ebsiGenerateOrUseKeyPair,\n ebsiSignAndSendTransaction,\n formatEbsiPublicKey,\n generateEbsiMethodSpecificId,\n randomRpcId,\n} from './functions'\nimport { EBSI_DID_SPEC_INFOS, EbsiRpcMethod, ICreateIdentifierArgs, UpdateIdentifierParams } from './types'\n\nconst debug = Debug('sphereon:did-provider-ebsi')\n\nexport class EbsiDidProvider extends AbstractIdentifierProvider {\n static readonly PROVIDER = 'did:ebsi'\n private readonly defaultKms?: string\n private readonly apiOpts?: ApiOpts\n\n constructor(options: { defaultKms?: string; apiOpts?: ApiOpts }) {\n super()\n this.defaultKms = options.defaultKms\n this.apiOpts = options.apiOpts\n }\n\n async createIdentifier(args: ICreateIdentifierArgs, context: IRequiredContext): Promise<Omit<IIdentifier, 'provider'>> {\n const { type, options, kms = this.defaultKms, alias } = args\n const {\n notBefore,\n notAfter,\n secp256k1Key,\n secp256r1Key,\n keys,\n accessTokenOpts,\n executeLedgerOperation = !!args.options?.accessTokenOpts,\n methodSpecificId = generateEbsiMethodSpecificId(EBSI_DID_SPEC_INFOS.V1),\n baseDocument,\n services,\n } = { ...options }\n\n if (executeLedgerOperation && !accessTokenOpts) {\n throw new Error('Access token options must be provided to execute ledger operation')\n }\n const rpcId = options?.rpcId ?? randomRpcId()\n\n if (type === EBSI_DID_SPEC_INFOS.KEY) {\n return Promise.reject(Error(`Type ${type} not supported. Please use @sphereon/ssi-sdk-ext.did-provider-key for Natural Person EBSI DIDs`))\n } else if (!kms) {\n return Promise.reject(Error(`No KMS value provided`))\n } else if (keys && keys.length > 0 && !executeLedgerOperation) {\n return Promise.reject(Error(`Cannot add additional keys if ledger operation is not enabled at creation. Please add the keys later yourself`))\n }\n\n // CapabilityInvocation purpose\n const secp256k1ImportKey = await ebsiGenerateOrUseKeyPair(\n {\n keyOpts: secp256k1Key,\n keyType: 'Secp256k1',\n kms,\n controllerKey: true,\n },\n context,\n )\n const secp256k1ManagedKeyInfo = await context.agent.keyManagerImport(secp256k1ImportKey)\n\n // Authentication, assertionMethod purpose\n const secp256r1ImportKey = await ebsiGenerateOrUseKeyPair(\n {\n keyOpts: secp256r1Key,\n keyType: 'Secp256r1',\n kms,\n },\n context,\n )\n\n const secp256r1ManagedKeyInfo = await context.agent.keyManagerImport(secp256r1ImportKey)\n\n const identifier: IIdentifier = {\n did: options.did && options.did.startsWith('did:ebsi:') ? options.did : `${EBSI_DID_SPEC_INFOS.V1.method}${methodSpecificId}`,\n controllerKeyId: secp256k1ManagedKeyInfo.kid,\n keys: [secp256k1ManagedKeyInfo, secp256r1ManagedKeyInfo],\n alias,\n services: services ?? [],\n provider: EbsiDidProvider.PROVIDER,\n }\n\n const apiOpts = { ...this.apiOpts }\n if (!apiOpts.environment) {\n apiOpts.environment = accessTokenOpts?.environment ?? 'pilot'\n }\n if (!apiOpts.version) {\n apiOpts.version = 'v5'\n }\n\n if (executeLedgerOperation) {\n // This can only work if we enable global jwks hosting. DID JWK hosting will not work as the DID is not registered at this point\n await ebsiCreateDidOnLedger(\n {\n identifier,\n baseDocument,\n accessTokenOpts: accessTokenOpts!,\n rpcId,\n notBefore,\n notAfter,\n },\n context,\n )\n if (keys && keys.length > 0) {\n for (const keyOpts of keys) {\n const key = await ebsiGenerateOrUseKeyPair(\n {\n keyOpts,\n keyType: keyOpts.type ?? 'Secp256r1',\n kms,\n },\n context,\n )\n const managedKeyInfo = await context.agent.keyManagerImport(key)\n console.warn(`FIXME: Anchor additional key on EBSI`, managedKeyInfo)\n }\n }\n }\n\n debug('Created', identifier.did)\n return identifier\n }\n\n async addKey(\n args: {\n identifier: IIdentifier\n key: IKey\n options: {\n rpcId?: number\n accessToken: string\n vmRelationships: 'authentication' \| 'assertionMethod' \| 'keyAgreement' \| 'capabilityInvocation' \| 'capabilityDelegation'[]\n apiOpts?: ApiOpts\n }\n },\n context: IAgentContext<IKeyManager>,\n ): Promise<any> {\n const { identifier, key, options } = args\n const { accessToken, vmRelationships, apiOpts, rpcId = randomRpcId() } = options\n if (vmRelationships.length === 0) {\n return Promise.reject(Error(`No verification method relationship provided`))\n }\n const controllerKey = getControllerKey({ identifier })\n const from = getEthereumAddressFromKey({ key: controllerKey })\n const kid = controllerKey.kid\n const did = identifier.did\n\n const addVerificationMethodRequest = {\n params: [\n {\n from,\n did,\n isSecp256k1: true,\n vMethodId: calculateJwkThumbprint({ jwk: toJwk(key.publicKeyHex, key.type) }),\n publicKey: formatEbsiPublicKey({ key: key, type: key.type }),\n },\n ],\n rpcMethod: EbsiRpcMethod.ADD_VERIFICATION_METHOD,\n rpcId,\n apiOpts,\n accessToken,\n }\n\n let rpcResponse = await ebsiSignAndSendTransaction(\n {\n rpcRequest: addVerificationMethodRequest,\n kid,\n accessToken: accessToken,\n apiOpts,\n },\n context,\n )\n\n const vMethodId = calculateJwkThumbprintForKey({ key })\n for (const vmRelationshipsKey in vmRelationships as string[]) {\n const addVerificationMethodRelationshipRequest = {\n params: [\n {\n from,\n did,\n vMethodId,\n name: vmRelationshipsKey,\n notAfter: Date.now() / 1000 - 60_000,\n notBefore: Date.now() / 1000 + 5 365 * 24 * 60 * 60,\n },\n ],\n rpcMethod: EbsiRpcMethod.ADD_VERIFICATION_RELATIONSHIP,\n rpcId,\n apiOpts,\n accessToken,\n }\n rpcResponse = await ebsiSignAndSendTransaction(\n {\n rpcRequest: addVerificationMethodRelationshipRequest,\n previousTxResponse: rpcResponse,\n kid,\n accessToken,\n apiOpts,\n },\n context,\n )\n }\n }\n\n async addService(\n args: {\n identifier: IIdentifier\n service: IService\n options: {\n rpcId?: number\n accessToken: string\n apiOpts?: ApiOpts\n }\n },\n context: IAgentContext<IKeyManager>,\n ): Promise<any> {\n const { identifier, service, options } = args\n const { accessToken, apiOpts, rpcId = randomRpcId() } = options\n const controllerKey = getControllerKey({ identifier })\n const from = getEthereumAddressFromKey({ key: controllerKey })\n const did = identifier.did\n const kid = controllerKey.kid\n\n const addServiceRequest = {\n params: [\n {\n from,\n did,\n service,\n },\n ],\n rpcMethod: EbsiRpcMethod.ADD_SERVICE,\n rpcId,\n apiOpts,\n accessToken,\n }\n\n return await ebsiSignAndSendTransaction(\n {\n rpcRequest: addServiceRequest,\n kid,\n accessToken,\n apiOpts,\n },\n context,\n )\n }\n\n deleteIdentifier(args: IIdentifier, context: IAgentContext<IKeyManager>): Promise<boolean> {\n return Promise.resolve(true)\n }\n\n removeKey(\n args: {\n identifier: IIdentifier\n kid: string\n options?: any\n },\n context: IAgentContext<IKeyManager>,\n ): Promise<any> {\n throw new Error(`Not (yet) implemented for the EBSI did provider`)\n }\n\n removeService(\n args: {\n identifier: IIdentifier\n id: string\n options?: any\n },\n context: IAgentContext<IKeyManager>,\n ): Promise<any> {\n throw new Error(`Not (yet) implemented for the EBSI did provider`)\n }\n\n // TODO How does it work? Not inferable from the api: https://hub.ebsi.eu/apis/pilot/did-registry/v5/post-jsonrpc#updatebasedocument\n async updateIdentifier(args: UpdateIdentifierParams, context: IAgentContext<IKeyManager & IDIDManager>): Promise<IIdentifier> {\n throw new Error(`Not (yet) implemented for the EBSI did provider`)\n }\n}\n","import { DIDResolutionOptions, DIDResolutionResult, DIDResolver, ParsedDID, Resolvable, Resolver } from 'did-resolver'\nimport { getResolver } from '@sphereon/ssi-sdk-ext.did-resolver-ebsi'\n\nconst resolveDidEbsi: DIDResolver = async (\n didUrl: string,\n _parsed: ParsedDID,\n _resolver: Resolvable,\n options: DIDResolutionOptions,\n): Promise<DIDResolutionResult> => {\n const resolver = new Resolver({ ...getResolver() })\n return resolver.resolve(didUrl, options)\n}\n\nexport function getDidEbsiResolver() {\n return { key: resolveDidEbsi }\n}\n"],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAAA;AAAA,gCAAAA,SAAA;AAAA,IAAAA,QAAA;AAAA,MACE,0BAA4B;AAAA,QAC1B,YAAc;AAAA,UACZ,SAAW;AAAA,YACT,4BAA8B;AAAA,cAC5B,MAAQ;AAAA,cACR,YAAc;AAAA,gBACZ,IAAM;AAAA,kBACJ,MAAQ;AAAA,gBACV;AAAA,gBACA,cAAgB;AAAA,kBACd,MAAQ;AAAA,gBACV;AAAA,gBACA,KAAO;AAAA,kBACL,MAAQ;AAAA,gBACV;AAAA,gBACA,KAAO;AAAA,kBACL,MAAQ;AAAA,gBACV;AAAA,gBACA,OAAS;AAAA,kBACP,MAAQ;AAAA,gBACV;AAAA,gBACA,SAAW;AAAA,kBACT,MAAQ;AAAA,gBACV;AAAA,cACF;AAAA,cACA,UAAY,CAAC,MAAM,gBAAgB,OAAO,OAAO,SAAS,SAAS;AAAA,YACrE;AAAA,YACA,mBAAqB;AAAA,cACnB,MAAQ;AAAA,cACR,MAAQ,CAAC,eAAe,cAAc,cAAc,aAAa,mBAAmB,iBAAiB,cAAc,WAAW;AAAA,YAChI;AAAA,YACA,WAAa;AAAA,cACX,MAAQ;AAAA,cACR,MAAQ;AAAA,gBACN;AAAA,gBACA;AAAA,gBACA;AAAA,gBACA;AAAA,gBACA;AAAA,gBACA;AAAA,gBACA;AAAA,gBACA;AAAA,gBACA;AAAA,cACF;AAAA,cACA,aAAe;AAAA,YACjB;AAAA,YACA,+BAAiC;AAAA,cAC/B,MAAQ;AAAA,cACR,YAAc;AAAA,gBACZ,aAAe;AAAA,kBACb,MAAQ;AAAA,gBACV;AAAA,gBACA,SAAW;AAAA,kBACT,MAAQ;AAAA,gBACV;AAAA,cACF;AAAA,YACF;AAAA,YACA,iBAAmB;AAAA,cACjB,MAAQ;AAAA,cACR,MAAQ,CAAC,SAAS,eAAe,kBAAkB;AAAA,YACrD;AAAA,YACA,gBAAkB;AAAA,cAChB,MAAQ;AAAA,cACR,MAAQ,CAAC,MAAM,MAAM,IAAI;AAAA,YAC3B;AAAA,YACA,wBAA0B;AAAA,cACxB,OAAS;AAAA,gBACP;AAAA,kBACE,MAAQ;AAAA,gBACV;AAAA,gBACA;AAAA,kBACE,MAAQ;AAAA,gBACV;AAAA,cACF;AAAA,YACF;AAAA,YACA,+BAAiC;AAAA,cAC/B,MAAQ;AAAA,cACR,YAAc;AAAA,gBACZ,cAAgB;AAAA,kBACd,MAAQ;AAAA,gBACV;AAAA,gBACA,YAAc;AAAA,kBACZ,MAAQ;AAAA,gBACV;AAAA,gBACA,YAAc;AAAA,kBACZ,MAAQ;AAAA,gBACV;AAAA,gBACA,OAAS;AAAA,kBACP,MAAQ;AAAA,gBACV;AAAA,gBACA,UAAY;AAAA,kBACV,MAAQ;AAAA,gBACV;AAAA,gBACA,SAAW;AAAA,kBACT,MAAQ;AAAA,gBACV;AAAA,cACF;AAAA,cACA,UAAY,CAAC,gBAAgB,cAAc,SAAS,YAAY,SAAS;AAAA,YAC3E;AAAA,YACA,WAAa;AAAA,cACX,MAAQ;AAAA,cACR,OAAS;AAAA,YACX;AAAA,YACA,SAAW;AAAA,cACT,MAAQ;AAAA,cACR,YAAc;AAAA,gBACZ,aAAe;AAAA,kBACb,MAAQ;AAAA,gBACV;AAAA,gBACA,SAAW;AAAA,kBACT,MAAQ;AAAA,gBACV;AAAA,cACF;AAAA,cACA,UAAY,CAAC,SAAS;AAAA,YACxB;AAAA,YACA,mBAAqB;AAAA,cACnB,MAAQ;AAAA,cACR,YAAc;AAAA,gBACZ,MAAQ;AAAA,kBACN,MAAQ;AAAA,gBACV;AAAA,gBACA,OAAS;AAAA,kBACP,MAAQ;AAAA,gBACV;AAAA,gBACA,QAAU;AAAA,kBACR,MAAQ;AAAA,gBACV;AAAA,gBACA,QAAU;AAAA,kBACR,MAAQ;AAAA,gBACV;AAAA,gBACA,UAAY;AAAA,kBACV,MAAQ;AAAA,gBACV;AAAA,cACF;AAAA,YACF;AAAA,YACA,4BAA8B;AAAA,cAC5B,OAAS;AAAA,gBACP;AAAA,kBACE,MAAQ;AAAA,gBACV;AAAA,gBACA;AAAA,kBACE,MAAQ;AAAA,gBACV;AAAA,cACF;AAAA,YACF;AAAA,YACA,mCAAqC;AAAA,cACnC,MAAQ;AAAA,cACR,YAAc;AAAA,gBACZ,MAAQ;AAAA,kBACN,MAAQ;AAAA,kBACR,OAAS;AAAA,oBACP,MAAQ;AAAA,kBACV;AAAA,gBACF;AAAA,cACF;AAAA,cACA,UAAY,CAAC,MAAM;AAAA,YACrB;AAAA,YACA,KAAO;AAAA,cACL,MAAQ;AAAA,cACR,YAAc;AAAA,gBACZ,KAAO;AAAA,kBACL,MAAQ;AAAA,kBACR,aAAe;AAAA,gBACjB;AAAA,gBACA,KAAO;AAAA,kBACL,MAAQ;AAAA,gBACV;AAAA,gBACA,GAAK;AAAA,kBACH,MAAQ;AAAA,gBACV;AAAA,gBACA,IAAM;AAAA,kBACJ,MAAQ;AAAA,gBACV;AAAA,gBACA,IAAM;AAAA,kBACJ,MAAQ;AAAA,gBACV;AAAA,gBACA,GAAK;AAAA,kBACH,MAAQ;AAAA,gBACV;AAAA,gBACA,KAAO;AAAA,kBACL,MAAQ;AAAA,kBACR,aAAe;AAAA,gBACjB;AAAA,gBACA,GAAK;AAAA,kBACH,MAAQ;AAAA,gBACV;AAAA,gBACA,SAAW;AAAA,kBACT,MAAQ;AAAA,kBACR,OAAS;AAAA,oBACP,MAAQ;AAAA,kBACV;AAAA,kBACA,aAAe;AAAA,gBACjB;AAAA,gBACA,KAAO;AAAA,kBACL,MAAQ;AAAA,kBACR,aAAe;AAAA,gBACjB;AAAA,gBACA,KAAO;AAAA,kBACL,MAAQ;AAAA,kBACR,aAAe;AAAA,gBACjB;AAAA,gBACA,GAAK;AAAA,kBACH,MAAQ;AAAA,gBACV;AAAA,gBACA,KAAO;AAAA,kBACL,MAAQ;AAAA,kBACR,OAAS;AAAA,oBACP,MAAQ;AAAA,oBACR,YAAc;AAAA,sBACZ,GAAK;AAAA,wBACH,MAAQ;AAAA,sBACV;AAAA,sBACA,GAAK;AAAA,wBACH,MAAQ;AAAA,sBACV;AAAA,sBACA,GAAK;AAAA,wBACH,MAAQ;AAAA,sBACV;AAAA,oBACF;AAAA,kBACF;AAAA,gBACF;AAAA,gBACA,GAAK;AAAA,kBACH,MAAQ;AAAA,gBACV;AAAA,gBACA,GAAK;AAAA,kBACH,MAAQ;AAAA,gBACV;AAAA,gBACA,IAAM;AAAA,kBACJ,MAAQ;AAAA,gBACV;AAAA,gBACA,KAAO;AAAA,kBACL,MAAQ;AAAA,kBACR,aAAe;AAAA,gBACjB;AAAA,gBACA,GAAK;AAAA,kBACH,MAAQ;AAAA,gBACV;AAAA,gBACA,GAAK;AAAA,kBACH,MAAQ;AAAA,gBACV;AAAA,gBACA,KAAO;AAAA,kBACL,MAAQ;AAAA,kBACR,OAAS;AAAA,oBACP,MAAQ;AAAA,kBACV;AAAA,kBACA,aAAe;AAAA,gBACjB;AAAA,gBACA,KAAO;AAAA,kBACL,MAAQ;AAAA,kBACR,aAAe;AAAA,gBACjB;AAAA,gBACA,YAAY;AAAA,kBACV,MAAQ;AAAA,kBACR,aAAe;AAAA,gBACjB;AAAA,gBACA,KAAO;AAAA,kBACL,MAAQ;AAAA,kBACR,aAAe;AAAA,gBACjB;AAAA,cACF;AAAA,cACA,sBAAwB,CAAC;AAAA,cACzB,aAAe;AAAA,YACjB;AAAA,YACA,+BAAiC;AAAA,cAC/B,MAAQ;AAAA,cACR,YAAc;AAAA,gBACZ,OAAS;AAAA,kBACP,MAAQ;AAAA,gBACV;AAAA,gBACA,SAAW;AAAA,kBACT,MAAQ;AAAA,gBACV;AAAA,cACF;AAAA,cACA,UAAY,CAAC,OAAO;AAAA,YACtB;AAAA,YACA,mCAAqC;AAAA,cACnC,MAAQ;AAAA,YACV;AAAA,YACA,0CAA4C;AAAA,cAC1C,MAAQ;AAAA,cACR,YAAc;AAAA,gBACZ,QAAU;AAAA,kBACR,MAAQ;AAAA,gBACV;AAAA,gBACA,IAAM;AAAA,kBACJ,MAAQ;AAAA,gBACV;AAAA,gBACA,MAAQ;AAAA,kBACN,MAAQ;AAAA,gBACV;AAAA,gBACA,SAAW;AAAA,kBACT,MAAQ;AAAA,gBACV;AAAA,gBACA,yBAA2B;AAAA,kBACzB,MAAQ;AAAA,kBACR,OAAS;AAAA,oBACP,MAAQ;AAAA,kBACV;AAAA,gBACF;AAAA,gBACA,mBAAqB;AAAA,kBACnB,MAAQ;AAAA,kBACR,OAAS;AAAA,oBACP,MAAQ;AAAA,kBACV;AAAA,gBACF;AAAA,gBACA,OAAS;AAAA,kBACP,MAAQ;AAAA,gBACV;AAAA,cACF;AAAA,cACA,UAAY,CAAC,MAAM,mBAAmB;AAAA,YACxC;AAAA,YACA,QAAU;AAAA,cACR,MAAQ;AAAA,cACR,YAAc;AAAA,gBACZ,KAAO;AAAA,kBACL,MAAQ;AAAA,gBACV;AAAA,gBACA,QAAU;AAAA,kBACR,MAAQ;AAAA,gBACV;AAAA,gBACA,aAAe;AAAA,kBACb,MAAQ;AAAA,gBACV;AAAA,gBACA,QAAU;AAAA,kBACR,MAAQ;AAAA,gBACV;AAAA,gBACA,aAAe;AAAA,kBACb,MAAQ;AAAA,gBACV;AAAA,gBACA,KAAO;AAAA,kBACL,MAAQ;AAAA,gBACV;AAAA,gBACA,QAAU;AAAA,kBACR,MAAQ;AAAA,gBACV;AAAA,gBACA,QAAU;AAAA,kBACR,MAAQ;AAAA,gBACV;AAAA,gBACA,IAAM;AAAA,kBACJ,MAAQ;AAAA,gBACV;AAAA,gBACA,OAAS;AAAA,kBACP,MAAQ;AAAA,gBACV;AAAA,gBACA,OAAS;AAAA,kBACP,MAAQ;AAAA,gBACV;AAAA,gBACA,aAAa;AAAA,kBACX,MAAQ;AAAA,gBACV;AAAA,cACF;AAAA,YACF;AAAA,YACA,WAAa;AAAA,cACX,MAAQ;AAAA,cACR,YAAc;AAAA,gBACZ,KAAO;AAAA,kBACL,MAAQ;AAAA,kBACR,OAAS;AAAA,oBACP,MAAQ;AAAA,kBACV;AAAA,gBACF;AAAA,cACF;AAAA,cACA,UAAY,CAAC,KAAK;AAAA,YACpB;AAAA,YACA,WAAa;AAAA,cACX,MAAQ;AAAA,cACR,YAAc;AAAA,gBACZ,YAAc;AAAA,kBACZ,MAAQ;AAAA,kBACR,OAAS;AAAA,oBACP,MAAQ;AAAA,kBACV;AAAA,gBACF;AAAA,cACF;AAAA,cACA,UAAY,CAAC,YAAY;AAAA,YAC3B;AAAA,YACA,UAAY;AAAA,cACV,MAAQ;AAAA,cACR,YAAc;AAAA,gBACZ,YAAc;AAAA,kBACZ,MAAQ;AAAA,kBACR,OAAS;AAAA,oBACP,MAAQ;AAAA,kBACV;AAAA,gBACF;AAAA,gBACA,aAAe;AAAA,kBACb,MAAQ;AAAA,kBACR,OAAS;AAAA,oBACP,MAAQ;AAAA,kBACV;AAAA,gBACF;AAAA,cACF;AAAA,cACA,UAAY,CAAC,cAAc,aAAa;AAAA,YAC1C;AAAA,YACA,aAAe;AAAA,cACb,MAAQ;AAAA,cACR,YAAc;AAAA,gBACZ,qBAAqB;AAAA,kBACnB,MAAQ;AAAA,kBACR,OAAS;AAAA,oBACP,MAAQ;AAAA,kBACV;AAAA,gBACF;AAAA,gBACA,qBAAqB;AAAA,kBACnB,MAAQ;AAAA,kBACR,OAAS;AAAA,oBACP,MAAQ;AAAA,kBACV;AAAA,gBACF;AAAA,cACF;AAAA,YACF;AAAA,YACA,uBAAyB;AAAA,cACvB,MAAQ;AAAA,cACR,YAAc;AAAA,gBACZ,MAAQ;AAAA,kBACN,MAAQ;AAAA,gBACV;AAAA,gBACA,SAAW;AAAA,kBACT,MAAQ;AAAA,gBACV;AAAA,gBACA,MAAQ;AAAA,kBACN,MAAQ;AAAA,gBACV;AAAA,gBACA,OAAS;AAAA,kBACP,MAAQ;AAAA,gBACV;AAAA,gBACA,KAAO;AAAA,kBACL,MAAQ;AAAA,gBACV;AAAA,gBACA,KAAO;AAAA,kBACL,MAAQ;AAAA,gBACV;AAAA,gBACA,MAAQ;AAAA,kBACN,MAAQ;AAAA,gBACV;AAAA,gBACA,aAAe;AAAA,kBACb,MAAQ;AAAA,kBACR,OAAS;AAAA,oBACP,MAAQ;AAAA,kBACV;AAAA,gBACF;AAAA,cACF;AAAA,cACA,UAAY,CAAC,MAAM;AAAA,YACrB;AAAA,YACA,OAAS;AAAA,cACP,MAAQ;AAAA,cACR,MAAQ,CAAC,OAAO,MAAM;AAAA,YACxB;AAAA,YACA,mBAAqB;AAAA,cACnB,MAAQ;AAAA,cACR,YAAc;AAAA,gBACZ,IAAM;AAAA,kBACJ,MAAQ;AAAA,gBACV;AAAA,gBACA,MAAQ;AAAA,kBACN,MAAQ;AAAA,gBACV;AAAA,gBACA,SAAW;AAAA,kBACT,MAAQ;AAAA,gBACV;AAAA,gBACA,QAAU;AAAA,kBACR,MAAQ;AAAA,gBACV;AAAA,gBACA,OAAS;AAAA,kBACP,MAAQ;AAAA,kBACR,OAAS;AAAA,oBACP,MAAQ;AAAA,kBACV;AAAA,gBACF;AAAA,gBACA,UAAY;AAAA,kBACV,MAAQ;AAAA,kBACR,OAAS;AAAA,oBACP,MAAQ;AAAA,kBACV;AAAA,gBACF;AAAA,gBACA,aAAe;AAAA,kBACb,MAAQ;AAAA,gBACV;AAAA,cACF;AAAA,cACA,UAAY,CAAC,MAAM,aAAa;AAAA,YAClC;AAAA,YACA,UAAY;AAAA,cACV,MAAQ;AAAA,cACR,YAAc;AAAA,gBACZ,UAAY;AAAA,kBACV,MAAQ;AAAA,gBACV;AAAA,cACF;AAAA,cACA,sBAAwB,CAAC;AAAA,YAC3B;AAAA,YACA,eAAiB;AAAA,cACf,MAAQ;AAAA,cACR,YAAc;AAAA,gBACZ,kBAAoB;AAAA,kBAClB,MAAQ;AAAA,gBACV;AAAA,gBACA,UAAY;AAAA,kBACV,MAAQ;AAAA,gBACV;AAAA,gBACA,QAAU;AAAA,kBACR,MAAQ;AAAA,kBACR,OAAS;AAAA,oBACP,MAAQ;AAAA,kBACV;AAAA,gBACF;AAAA,gBACA,mBAAqB;AAAA,kBACnB,MAAQ;AAAA,gBACV;AAAA,gBACA,WAAa;AAAA,kBACX,MAAQ;AAAA,kBACR,OAAS;AAAA,oBACP,MAAQ;AAAA,kBACV;AAAA,gBACF;AAAA,gBACA,cAAgB;AAAA,kBACd,MAAQ;AAAA,kBACR,OAAS;AAAA,oBACP,MAAQ;AAAA,kBACV;AAAA,gBACF;AAAA,cACF;AAAA,YACF;AAAA,YACA,aAAe;AAAA,cACb,MAAQ;AAAA,cACR,MAAQ,CAAC,YAAY,WAAW;AAAA,YAClC;AAAA,YACA,UAAY;AAAA,cACV,MAAQ;AAAA,cACR,YAAc;AAAA,gBACZ,QAAU;AAAA,kBACR,MAAQ;AAAA,gBACV;AAAA,gBACA,WAAa;AAAA,kBACX,MAAQ;AAAA,gBACV;AAAA,gBACA,SAAW;AAAA,kBACT,MAAQ;AAAA,gBACV;AAAA,cACF;AAAA,YACF;AAAA,YACA,UAAY;AAAA,cACV,MAAQ;AAAA,cACR,YAAc;AAAA,gBACZ,WAAa;AAAA,kBACX,MAAQ;AAAA,gBACV;AAAA,cACF;AAAA,YACF;AAAA,YACA,YAAc;AAAA,cACZ,MAAQ;AAAA,cACR,MAAQ,CAAC,YAAY,WAAW,YAAY;AAAA,YAC9C;AAAA,YACA,SAAW;AAAA,cACT,MAAQ;AAAA,cACR,YAAc;AAAA,gBACZ,IAAM;AAAA,kBACJ,MAAQ;AAAA,gBACV;AAAA,gBACA,MAAQ;AAAA,kBACN,MAAQ;AAAA,kBACR,OAAS;AAAA,oBACP,MAAQ;AAAA,kBACV;AAAA,gBACF;AAAA,gBACA,SAAW;AAAA,kBACT,MAAQ;AAAA,gBACV;AAAA,gBACA,QAAU;AAAA,kBACR,MAAQ;AAAA,gBACV;AAAA,gBACA,WAAa;AAAA,kBACX,MAAQ;AAAA,gBACV;AAAA,gBACA,MAAQ;AAAA,kBACN,MAAQ;AAAA,gBACV;AAAA,gBACA,UAAY;AAAA,kBACV,MAAQ;AAAA,gBACV;AAAA,cACF;AAAA,cACA,UAAY,CAAC,MAAM;AAAA,YACrB;AAAA,YACA,UAAY;AAAA,cACV,MAAQ;AAAA,cACR,YAAc;AAAA,gBACZ,OAAS;AAAA,kBACP,MAAQ;AAAA,gBACV;AAAA,gBACA,MAAQ;AAAA,kBACN,MAAQ;AAAA,kBACR,OAAS;AAAA,oBACP,MAAQ;AAAA,kBACV;AAAA,gBACF;AAAA,gBACA,kBAAoB;AAAA,kBAClB,MAAQ;AAAA,gBACV;AAAA,gBACA,kBAAoB;AAAA,kBAClB,MAAQ;AAAA,gBACV;AAAA,gBACA,QAAU;AAAA,kBACR,MAAQ;AAAA,gBACV;AAAA,gBACA,eAAiB;AAAA,kBACf,MAAQ;AAAA,gBACV;AAAA,gBACA,eAAiB;AAAA,kBACf,MAAQ;AAAA,gBACV;AAAA,gBACA,wBAA0B;AAAA,kBACxB,MAAQ;AAAA,gBACV;AAAA,gBACA,wBAA0B;AAAA,kBACxB,MAAQ;AAAA,gBACV;AAAA,gBACA,WAAa;AAAA,kBACX,MAAQ;AAAA,gBACV;AAAA,gBACA,WAAa;AAAA,kBACX,MAAQ;AAAA,gBACV;AAAA,gBACA,SAAW;AAAA,kBACT,MAAQ;AAAA,gBACV;AAAA,gBACA,SAAW;AAAA,kBACT,MAAQ;AAAA,gBACV;AAAA,gBACA,KAAO;AAAA,kBACL,MAAQ;AAAA,gBACV;AAAA,gBACA,SAAW;AAAA,kBACT,MAAQ;AAAA,gBACV;AAAA,gBACA,MAAQ;AAAA,kBACN,MAAQ;AAAA,gBACV;AAAA,gBACA,UAAY;AAAA,kBACV,MAAQ;AAAA,gBACV;AAAA,gBACA,OAAS;AAAA,kBACP,MAAQ;AAAA,gBACV;AAAA,cACF;AAAA,cACA,UAAY,CAAC,MAAM;AAAA,YACrB;AAAA,YACA,0BAA4B;AAAA,cAC1B,MAAQ,CAAC,WAAW,UAAU,QAAQ;AAAA,YACxC;AAAA,YACA,mBAAqB;AAAA,cACnB,MAAQ,CAAC,UAAU,QAAQ;AAAA,YAC7B;AAAA,YACA,cAAgB;AAAA,cACd,MAAQ;AAAA,cACR,YAAc;AAAA,gBACZ,OAAS;AAAA,kBACP,MAAQ;AAAA,gBACV;AAAA,gBACA,MAAQ;AAAA,kBACN,MAAQ;AAAA,kBACR,OAAS;AAAA,oBACP,MAAQ;AAAA,kBACV;AAAA,gBACF;AAAA,gBACA,kBAAoB;AAAA,kBAClB,MAAQ;AAAA,gBACV;AAAA,gBACA,kBAAoB;AAAA,kBAClB,MAAQ;AAAA,gBACV;AAAA,gBACA,QAAU;AAAA,kBACR,MAAQ;AAAA,gBACV;AAAA,gBACA,eAAiB;AAAA,kBACf,MAAQ;AAAA,gBACV;AAAA,gBACA,eAAiB;AAAA,kBACf,MAAQ;AAAA,gBACV;AAAA,gBACA,wBAA0B;AAAA,kBACxB,MAAQ;AAAA,gBACV;AAAA,gBACA,wBAA0B;AAAA,kBACxB,MAAQ;AAAA,gBACV;AAAA,gBACA,WAAa;AAAA,kBACX,MAAQ;AAAA,gBACV;AAAA,gBACA,WAAa;AAAA,kBACX,MAAQ;AAAA,gBACV;AAAA,gBACA,SAAW;AAAA,kBACT,MAAQ;AAAA,gBACV;AAAA,gBACA,SAAW;AAAA,kBACT,MAAQ;AAAA,gBACV;AAAA,gBACA,KAAO;AAAA,kBACL,MAAQ;AAAA,gBACV;AAAA,gBACA,SAAW;AAAA,kBACT,MAAQ;AAAA,gBACV;AAAA,gBACA,MAAQ;AAAA,kBACN,MAAQ;AAAA,gBACV;AAAA,gBACA,UAAY;AAAA,kBACV,MAAQ;AAAA,gBACV;AAAA,gBACA,OAAS;AAAA,kBACP,MAAQ;AAAA,gBACV;AAAA,cACF;AAAA,YACF;AAAA,YACA,mBAAqB;AAAA,cACnB,MAAQ;AAAA,cACR,YAAc;AAAA,gBACZ,OAAS;AAAA,kBACP,MAAQ;AAAA,gBACV;AAAA,gBACA,MAAQ;AAAA,kBACN,MAAQ;AAAA,kBACR,OAAS;AAAA,oBACP,MAAQ;AAAA,kBACV;AAAA,gBACF;AAAA,gBACA,kBAAoB;AAAA,kBAClB,MAAQ;AAAA,gBACV;AAAA,gBACA,kBAAoB;AAAA,kBAClB,MAAQ;AAAA,gBACV;AAAA,gBACA,QAAU;AAAA,kBACR,MAAQ;AAAA,gBACV;AAAA,gBACA,eAAiB;AAAA,kBACf,MAAQ;AAAA,gBACV;AAAA,gBACA,eAAiB;AAAA,kBACf,MAAQ;AAAA,gBACV;AAAA,gBACA,wBAA0B;AAAA,kBACxB,MAAQ;AAAA,gBACV;AAAA,gBACA,wBAA0B;AAAA,kBACxB,MAAQ;AAAA,gBACV;AAAA,gBACA,WAAa;AAAA,kBACX,MAAQ;AAAA,gBACV;AAAA,gBACA,WAAa;AAAA,kBACX,MAAQ;AAAA,gBACV;AAAA,gBACA,SAAW;AAAA,kBACT,MAAQ;AAAA,gBACV;AAAA,gBACA,SAAW;AAAA,kBACT,MAAQ;AAAA,gBACV;AAAA,gBACA,KAAO;AAAA,kBACL,MAAQ;AAAA,gBACV;AAAA,gBACA,SAAW;AAAA,kBACT,MAAQ;AAAA,gBACV;AAAA,gBACA,MAAQ;AAAA,kBACN,MAAQ;AAAA,gBACV;AAAA,gBACA,UAAY;AAAA,kBACV,MAAQ;AAAA,gBACV;AAAA,gBACA,OAAS;AAAA,kBACP,MAAQ;AAAA,gBACV;AAAA,cACF;AAAA,cACA,UAAY,CAAC,MAAM;AAAA,YACrB;AAAA,YACA,eAAiB;AAAA,cACf,MAAQ;AAAA,cACR,YAAc;AAAA,gBACZ,UAAY;AAAA,kBACV,MAAQ;AAAA,kBACR,OAAS;AAAA,oBACP,MAAQ;AAAA,kBACV;AAAA,gBACF;AAAA,gBACA,WAAa;AAAA,kBACX,MAAQ;AAAA,gBACV;AAAA,cACF;AAAA,cACA,UAAY,CAAC,YAAY,WAAW;AAAA,YACtC;AAAA,YACA,gCAAkC;AAAA,cAChC,MAAQ;AAAA,YACV;AAAA,YACA,oBAAsB;AAAA,cACpB,OAAS;AAAA,gBACP;AAAA,kBACE,MAAQ;AAAA,kBACR,YAAc;AAAA,oBACZ,kCAAoC;AAAA,sBAClC,MAAQ;AAAA,oBACV;AAAA,oBACA,wBAA0B;AAAA,sBACxB,OAAS;AAAA,wBACP;AAAA,0BACE,MAAQ;AAAA,wBACV;AAAA,wBACA;AAAA,0BACE,MAAQ;AAAA,wBACV;AAAA,sBACF;AAAA,oBACF;AAAA,oBACA,QAAU;AAAA,sBACR,OAAS;AAAA,wBACP;AAAA,0BACE,MAAQ;AAAA,wBACV;AAAA,wBACA;AAAA,0BACE,MAAQ;AAAA,wBACV;AAAA,sBACF;AAAA,oBACF;AAAA,oBACA,0BAA4B;AAAA,sBAC1B,OAAS;AAAA,wBACP;AAAA,0BACE,MAAQ;AAAA,0BACR,OAAS;AAAA,4BACP,MAAQ;AAAA,0BACV;AAAA,wBACF;AAAA,wBACA;AAAA,0BACE,MAAQ;AAAA,wBACV;AAAA,sBACF;AAAA,oBACF;AAAA,oBACA,kBAAoB;AAAA,sBAClB,OAAS;AAAA,wBACP;AAAA,0BACE,MAAQ;AAAA,0BACR,OAAS;AAAA,4BACP,MAAQ;AAAA,0BACV;AAAA,wBACF;AAAA,wBACA;AAAA,0BACE,MAAQ;AAAA,wBACV;AAAA,sBACF;AAAA,oBACF;AAAA,oBACA,yBAA2B;AAAA,sBACzB,OAAS;AAAA,wBACP;AAAA,0BACE,MAAQ;AAAA,0BACR,OAAS;AAAA,4BACP,MAAQ;AAAA,0BACV;AAAA,wBACF;AAAA,wBACA;AAAA,0BACE,MAAQ;AAAA,wBACV;AAAA,sBACF;AAAA,oBACF;AAAA,oBACA,uCAAyC;AAAA,sBACvC,OAAS;AAAA,wBACP;AAAA,0BACE,MAAQ;AAAA,0BACR,OAAS;AAAA,4BACP,MAAQ;AAAA,0BACV;AAAA,wBACF;AAAA,wBACA;AAAA,0BACE,MAAQ;AAAA,wBACV;AAAA,sBACF;AAAA,oBACF;AAAA,oBACA,6CAA+C;AAAA,sBAC7C,OAAS;AAAA,wBACP;AAAA,0BACE,MAAQ;AAAA,0BACR,OAAS;AAAA,4BACP,MAAQ;AAAA,0BACV;AAAA,wBACF;AAAA,wBACA;AAAA,0BACE,MAAQ;AAAA,wBACV;AAAA,sBACF;AAAA,oBACF;AAAA,oBACA,gCAAkC;AAAA,sBAChC,MAAQ;AAAA,sBACR,OAAS;AAAA,wBACP,MAAQ;AAAA,sBACV;AAAA,oBACF;AAAA,oBACA,gBAAkB;AAAA,sBAChB,MAAQ;AAAA,oBACV;AAAA,oBACA,mBAAqB;AAAA,sBACnB,MAAQ;AAAA,oBACV;AAAA,oBACA,UAAY;AAAA,sBACV,MAAQ;AAAA,oBACV;AAAA,oBACA,uBAAyB;AAAA,sBACvB,MAAQ;AAAA,oBACV;AAAA,oBACA,0BAA4B;AAAA,sBAC1B,OAAS;AAAA,wBACP;AAAA,0BACE,MAAQ;AAAA,0BACR,OAAS;AAAA,4BACP,MAAQ;AAAA,0BACV;AAAA,wBACF;AAAA,wBACA;AAAA,0BACE,MAAQ;AAAA,wBACV;AAAA,sBACF;AAAA,oBACF;AAAA,oBACA,uBAAyB;AAAA,sBACvB,OAAS;AAAA,wBACP;AAAA,0BACE,MAAQ;AAAA,0BACR,OAAS;AAAA,4BACP,MAAQ;AAAA,0BACV;AAAA,wBACF;AAAA,wBACA;AAAA,0BACE,MAAQ;AAAA,wBACV;AAAA,sBACF;AAAA,oBACF;AAAA,oBACA,sBAAwB;AAAA,sBACtB,OAAS;AAAA,wBACP;AAAA,0BACE,MAAQ;AAAA,0BACR,OAAS;AAAA,4BACP,MAAQ;AAAA,0BACV;AAAA,wBACF;AAAA,wBACA;AAAA,0BACE,MAAQ;AAAA,wBACV;AAAA,sBACF;AAAA,oBACF;AAAA,oBACA,0CAA4C;AAAA,sBAC1C,OAAS;AAAA,wBACP;AAAA,0BACE,MAAQ;AAAA,0BACR,OAAS;AAAA,4BACP,MAAQ;AAAA,0BACV;AAAA,wBACF;AAAA,wBACA;AAAA,0BACE,MAAQ;AAAA,wBACV;AAAA,sBACF;AAAA,oBACF;AAAA,oBACA,0CAA4C;AAAA,sBAC1C,OAAS;AAAA,wBACP;AAAA,0BACE,MAAQ;AAAA,0BACR,OAAS;AAAA,4BACP,MAAQ;AAAA,0BACV;AAAA,wBACF;AAAA,wBACA;AAAA,0BACE,MAAQ;AAAA,wBACV;AAAA,sBACF;AAAA,sBACA,aAAe;AAAA,oBACjB;AAAA,oBACA,uCAAyC;AAAA,sBACvC,OAAS;AAAA,wBACP;AAAA,0BACE,MAAQ;AAAA,0BACR,OAAS;AAAA,4BACP,MAAQ;AAAA,0BACV;AAAA,wBACF;AAAA,wBACA;AAAA,0BACE,MAAQ;AAAA,wBACV;AAAA,sBACF;AAAA,oBACF;AAAA,oBACA,0CAA4C;AAAA,sBAC1C,OAAS;AAAA,wBACP;AAAA,0BACE,MAAQ;AAAA,0BACR,OAAS;AAAA,4BACP,MAAQ;AAAA,0BACV;AAAA,wBACF;AAAA,wBACA;AAAA,0BACE,MAAQ;AAAA,wBACV;AAAA,sBACF;AAAA,oBACF;AAAA,oBACA,0CAA4C;AAAA,sBAC1C,OAAS;AAAA,wBACP;AAAA,0BACE,MAAQ;AAAA,0BACR,OAAS;AAAA,4BACP,MAAQ;AAAA,0BACV;AAAA,wBACF;AAAA,wBACA;AAAA,0BACE,MAAQ;AAAA,wBACV;AAAA,sBACF;AAAA,sBACA,aAAe;AAAA,oBACjB;AAAA,oBACA,gDAAkD;AAAA,sBAChD,OAAS;AAAA,wBACP;AAAA,0BACE,MAAQ;AAAA,0BACR,OAAS;AAAA,4BACP,MAAQ;AAAA,0BACV;AAAA,wBACF;AAAA,wBACA;AAAA,0BACE,MAAQ;AAAA,wBACV;AAAA,sBACF;AAAA,oBACF;AAAA,oBACA,gDAAkD;AAAA,sBAChD,OAAS;AAAA,wBACP;AAAA,0BACE,MAAQ;AAAA,0BACR,OAAS;AAAA,4BACP,MAAQ;AAAA,0BACV;AAAA,wBACF;AAAA,wBACA;AAAA,0BACE,MAAQ;AAAA,wBACV;AAAA,sBACF;AAAA,sBACA,aAAe;AAAA,oBACjB;AAAA,oBACA,uCAAyC;AAAA,sBACvC,OAAS;AAAA,wBACP;AAAA,0BACE,MAAQ;AAAA,0BACR,OAAS;AAAA,4BACP,MAAQ;AAAA,0BACV;AAAA,wBACF;AAAA,wBACA;AAAA,0BACE,MAAQ;AAAA,wBACV;AAAA,sBACF;AAAA,oBACF;AAAA,oBACA,kDAAoD;AAAA,sBAClD,OAAS;AAAA,wBACP;AAAA,0BACE,MAAQ;AAAA,0BACR,OAAS;AAAA,4BACP,MAAQ;AAAA,0BACV;AAAA,wBACF;AAAA,wBACA;AAAA,0BACE,MAAQ;AAAA,wBACV;AAAA,sBACF;AAAA,oBACF;AAAA,oBACA,0BAA4B;AAAA,sBAC1B,OAAS;AAAA,wBACP;AAAA,0BACE,MAAQ;AAAA,0BACR,OAAS,CAAC;AAAA,wBACZ;AAAA,wBACA,CAAC;AAAA,sBACH;AAAA,sBACA,aAAe;AAAA,oBACjB;AAAA,oBACA,uBAAyB;AAAA,sBACvB,OAAS;AAAA,wBACP;AAAA,0BACE,MAAQ;AAAA,0BACR,OAAS;AAAA,4BACP,MAAQ;AAAA,0BACV;AAAA,wBACF;AAAA,wBACA;AAAA,0BACE,MAAQ;AAAA,wBACV;AAAA,sBACF;AAAA,sBACA,aAAe;AAAA,oBACjB;AAAA,oBACA,kBAAoB;AAAA,sBAClB,OAAS;AAAA,wBACP;AAAA,0BACE,MAAQ;AAAA,0BACR,OAAS;AAAA,4BACP,MAAQ;AAAA,0BACV;AAAA,wBACF;AAAA,wBACA;AAAA,0BACE,MAAQ;AAAA,wBACV;AAAA,sBACF;AAAA,sBACA,aAAe;AAAA,oBACjB;AAAA,oBACA,uBAAyB;AAAA,sBACvB,MAAQ;AAAA,oBACV;AAAA,oBACA,0BAA4B;AAAA,sBAC1B,OAAS;AAAA,wBACP;AAAA,0BACE,MAAQ;AAAA,0BACR,OAAS;AAAA,4BACP,MAAQ;AAAA,0BACV;AAAA,wBACF;AAAA,wBACA;AAAA,0BACE,MAAQ;AAAA,wBACV;AAAA,sBACF;AAAA,oBACF;AAAA,oBACA,sBAAwB;AAAA,sBACtB,OAAS;AAAA,wBACP;AAAA,0BACE,MAAQ;AAAA,0BACR,OAAS;AAAA,4BACP,MAAQ;AAAA,0BACV;AAAA,wBACF;AAAA,wBACA;AAAA,0BACE,MAAQ;AAAA,wBACV;AAAA,sBACF;AAAA,oBACF;AAAA,oBACA,4BAA8B;AAAA,sBAC5B,MAAQ;AAAA,oBACV;AAAA,oBACA,6BAA+B;AAAA,sBAC7B,MAAQ;AAAA,oBACV;AAAA,oBACA,iCAAmC;AAAA,sBACjC,MAAQ;AAAA,oBACV;AAAA,oBACA,kCAAoC;AAAA,sBAClC,MAAQ;AAAA,oBACV;AAAA,oBACA,eAAiB;AAAA,sBACf,MAAQ;AAAA,oBACV;AAAA,oBACA,YAAc;AAAA,sBACZ,MAAQ;AAAA,oBACV;AAAA,oBACA,WAAa;AAAA,sBACX,MAAQ;AAAA,oBACV;AAAA,oBACA,eAAiB;AAAA,sBACf,MAAQ;AAAA,sBACR,OAAS;AAAA,wBACP,MAAQ;AAAA,sBACV;AAAA,oBACF;AAAA,oBACA,aAAe;AAAA,sBACb,MAAQ;AAAA,oBACV;AAAA,oBACA,4BAA8B;AAAA,sBAC5B,MAAQ;AAAA,oBACV;AAAA,oBACA,kBAAoB;AAAA,sBAClB,MAAQ;AAAA,oBACV;AAAA,oBACA,gBAAkB;AAAA,sBAChB,MAAQ;AAAA,oBACV;AAAA,oBACA,aAAe;AAAA,sBACb,MAAQ;AAAA,oBACV;AAAA,oBACA,YAAc;AAAA,sBACZ,MAAQ;AAAA,oBACV;AAAA,kBACF;AAAA,gBACF;AAAA,gBACA;AAAA,kBACE,MAAQ;AAAA,kBACR,YAAc;AAAA,oBACZ,kCAAoC;AAAA,sBAClC,MAAQ;AAAA,oBACV;AAAA,oBACA,wBAA0B;AAAA,sBACxB,OAAS;AAAA,wBACP;AAAA,0BACE,MAAQ;AAAA,wBACV;AAAA,wBACA;AAAA,0BACE,MAAQ;AAAA,wBACV;AAAA,sBACF;AAAA,oBACF;AAAA,oBACA,QAAU;AAAA,sBACR,OAAS;AAAA,wBACP;AAAA,0BACE,MAAQ;AAAA,wBACV;AAAA,wBACA;AAAA,0BACE,MAAQ;AAAA,wBACV;AAAA,sBACF;AAAA,oBACF;AAAA,oBACA,0BAA4B;AAAA,sBAC1B,OAAS;AAAA,wBACP;AAAA,0BACE,MAAQ;AAAA,0BACR,OAAS;AAAA,4BACP,MAAQ;AAAA,0BACV;AAAA,wBACF;AAAA,wBACA;AAAA,0BACE,MAAQ;AAAA,wBACV;AAAA,sBACF;AAAA,oBACF;AAAA,oBACA,kBAAoB;AAAA,sBAClB,OAAS;AAAA,wBACP;AAAA,0BACE,MAAQ;AAAA,0BACR,OAAS;AAAA,4BACP,MAAQ;AAAA,0BACV;AAAA,wBACF;AAAA,wBACA;AAAA,0BACE,MAAQ;AAAA,wBACV;AAAA,sBACF;AAAA,oBACF;AAAA,oBACA,yBAA2B;AAAA,sBACzB,OAAS;AAAA,wBACP;AAAA,0BACE,MAAQ;AAAA,0BACR,OAAS;AAAA,4BACP,MAAQ;AAAA,0BACV;AAAA,wBACF;AAAA,wBACA;AAAA,0BACE,MAAQ;AAAA,wBACV;AAAA,sBACF;AAAA,oBACF;AAAA,oBACA,uCAAyC;AAAA,sBACvC,OAAS;AAAA,wBACP;AAAA,0BACE,MAAQ;AAAA,0BACR,OAAS;AAAA,4BACP,MAAQ;AAAA,0BACV;AAAA,wBACF;AAAA,wBACA;AAAA,0BACE,MAAQ;AAAA,wBACV;AAAA,sBACF;AAAA,oBACF;AAAA,oBACA,6CAA+C;AAAA,sBAC7C,OAAS;AAAA,wBACP;AAAA,0BACE,MAAQ;AAAA,0BACR,OAAS;AAAA,4BACP,MAAQ;AAAA,0BACV;AAAA,wBACF;AAAA,wBACA;AAAA,0BACE,MAAQ;AAAA,wBACV;AAAA,sBACF;AAAA,oBACF;AAAA,oBACA,gCAAkC;AAAA,sBAChC,MAAQ;AAAA,sBACR,OAAS;AAAA,wBACP,MAAQ;AAAA,sBACV;AAAA,oBACF;AAAA,oBACA,gBAAkB;AAAA,sBAChB,MAAQ;AAAA,oBACV;AAAA,oBACA,mBAAqB;AAAA,sBACnB,MAAQ;AAAA,oBACV;AAAA,oBACA,UAAY;AAAA,sBACV,MAAQ;AAAA,oBACV;AAAA,oBACA,uBAAyB;AAAA,sBACvB,MAAQ;AAAA,oBACV;AAAA,oBACA,0BAA4B;AAAA,sBAC1B,OAAS;AAAA,wBACP;AAAA,0BACE,MAAQ;AAAA,0BACR,OAAS;AAAA,4BACP,MAAQ;AAAA,0BACV;AAAA,wBACF;AAAA,wBACA;AAAA,0BACE,MAAQ;AAAA,wBACV;AAAA,sBACF;AAAA,oBACF;AAAA,oBACA,uBAAyB;AAAA,sBACvB,OAAS;AAAA,wBACP;AAAA,0BACE,MAAQ;AAAA,0BACR,OAAS;AAAA,4BACP,MAAQ;AAAA,0BACV;AAAA,wBACF;AAAA,wBACA;AAAA,0BACE,MAAQ;AAAA,wBACV;AAAA,sBACF;AAAA,oBACF;AAAA,oBACA,sBAAwB;AAAA,sBACtB,OAAS;AAAA,wBACP;AAAA,0BACE,MAAQ;AAAA,0BACR,OAAS;AAAA,4BACP,MAAQ;AAAA,0BACV;AAAA,wBACF;AAAA,wBACA;AAAA,0BACE,MAAQ;AAAA,wBACV;AAAA,sBACF;AAAA,oBACF;AAAA,oBACA,0CAA4C;AAAA,sBAC1C,OAAS;AAAA,wBACP;AAAA,0BACE,MAAQ;AAAA,0BACR,OAAS;AAAA,4BACP,MAAQ;AAAA,0BACV;AAAA,wBACF;AAAA,wBACA;AAAA,0BACE,MAAQ;AAAA,wBACV;AAAA,sBACF;AAAA,oBACF;AAAA,oBACA,0CAA4C;AAAA,sBAC1C,OAAS;AAAA,wBACP;AAAA,0BACE,MAAQ;AAAA,0BACR,OAAS;AAAA,4BACP,MAAQ;AAAA,0BACV;AAAA,wBACF;AAAA,wBACA;AAAA,0BACE,MAAQ;AAAA,wBACV;AAAA,sBACF;AAAA,sBACA,aAAe;AAAA,oBACjB;AAAA,oBACA,uCAAyC;AAAA,sBACvC,OAAS;AAAA,wBACP;AAAA,0BACE,MAAQ;AAAA,0BACR,OAAS;AAAA,4BACP,MAAQ;AAAA,0BACV;AAAA,wBACF;AAAA,wBACA;AAAA,0BACE,MAAQ;AAAA,wBACV;AAAA,sBACF;AAAA,oBACF;AAAA,oBACA,0CAA4C;AAAA,sBAC1C,OAAS;AAAA,wBACP;AAAA,0BACE,MAAQ;AAAA,0BACR,OAAS;AAAA,4BACP,MAAQ;AAAA,0BACV;AAAA,wBACF;AAAA,wBACA;AAAA,0BACE,MAAQ;AAAA,wBACV;AAAA,sBACF;AAAA,oBACF;AAAA,oBACA,0CAA4C;AAAA,sBAC1C,OAAS;AAAA,wBACP;AAAA,0BACE,MAAQ;AAAA,0BACR,OAAS;AAAA,4BACP,MAAQ;AAAA,0BACV;AAAA,wBACF;AAAA,wBACA;AAAA,0BACE,MAAQ;AAAA,wBACV;AAAA,sBACF;AAAA,sBACA,aAAe;AAAA,oBACjB;AAAA,oBACA,gDAAkD;AAAA,sBAChD,OAAS;AAAA,wBACP;AAAA,0BACE,MAAQ;AAAA,0BACR,OAAS;AAAA,4BACP,MAAQ;AAAA,0BACV;AAAA,wBACF;AAAA,wBACA;AAAA,0BACE,MAAQ;AAAA,wBACV;AAAA,sBACF;AAAA,oBACF;AAAA,oBACA,gDAAkD;AAAA,sBAChD,OAAS;AAAA,wBACP;AAAA,0BACE,MAAQ;AAAA,0BACR,OAAS;AAAA,4BACP,MAAQ;AAAA,0BACV;AAAA,wBACF;AAAA,wBACA;AAAA,0BACE,MAAQ;AAAA,wBACV;AAAA,sBACF;AAAA,sBACA,aAAe;AAAA,oBACjB;AAAA,oBACA,uCAAyC;AAAA,sBACvC,OAAS;AAAA,wBACP;AAAA,0BACE,MAAQ;AAAA,0BACR,OAAS;AAAA,4BACP,MAAQ;AAAA,0BACV;AAAA,wBACF;AAAA,wBACA;AAAA,0BACE,MAAQ;AAAA,wBACV;AAAA,sBACF;AAAA,oBACF;AAAA,oBACA,kDAAoD;AAAA,sBAClD,OAAS;AAAA,wBACP;AAAA,0BACE,MAAQ;AAAA,0BACR,OAAS;AAAA,4BACP,MAAQ;AAAA,0BACV;AAAA,wBACF;AAAA,wBACA;AAAA,0BACE,MAAQ;AAAA,wBACV;AAAA,sBACF;AAAA,oBACF;AAAA,oBACA,0BAA4B;AAAA,sBAC1B,OAAS;AAAA,wBACP;AAAA,0BACE,MAAQ;AAAA,0BACR,OAAS,CAAC;AAAA,wBACZ;AAAA,wBACA,CAAC;AAAA,sBACH;AAAA,sBACA,aAAe;AAAA,oBACjB;AAAA,oBACA,uBAAyB;AAAA,sBACvB,OAAS;AAAA,wBACP;AAAA,0BACE,MAAQ;AAAA,0BACR,OAAS;AAAA,4BACP,MAAQ;AAAA,0BACV;AAAA,wBACF;AAAA,wBACA;AAAA,0BACE,MAAQ;AAAA,wBACV;AAAA,sBACF;AAAA,sBACA,aAAe;AAAA,oBACjB;AAAA,oBACA,kBAAoB;AAAA,sBAClB,OAAS;AAAA,wBACP;AAAA,0BACE,MAAQ;AAAA,0BACR,OAAS;AAAA,4BACP,MAAQ;AAAA,0BACV;AAAA,wBACF;AAAA,wBACA;AAAA,0BACE,MAAQ;AAAA,wBACV;AAAA,sBACF;AAAA,sBACA,aAAe;AAAA,oBACjB;AAAA,oBACA,uBAAyB;AAAA,sBACvB,MAAQ;AAAA,oBACV;AAAA,oBACA,0BAA4B;AAAA,sBAC1B,OAAS;AAAA,wBACP;AAAA,0BACE,MAAQ;AAAA,0BACR,OAAS;AAAA,4BACP,MAAQ;AAAA,0BACV;AAAA,wBACF;AAAA,wBACA;AAAA,0BACE,MAAQ;AAAA,wBACV;AAAA,sBACF;AAAA,oBACF;AAAA,oBACA,sBAAwB;AAAA,sBACtB,OAAS;AAAA,wBACP;AAAA,0BACE,MAAQ;AAAA,0BACR,OAAS;AAAA,4BACP,MAAQ;AAAA,0BACV;AAAA,wBACF;AAAA,wBACA;AAAA,0BACE,MAAQ;AAAA,wBACV;AAAA,sBACF;AAAA,oBACF;AAAA,oBACA,4BAA8B;AAAA,sBAC5B,MAAQ;AAAA,oBACV;AAAA,oBACA,6BAA+B;AAAA,sBAC7B,MAAQ;AAAA,oBACV;AAAA,oBACA,iCAAmC;AAAA,sBACjC,MAAQ;AAAA,oBACV;AAAA,oBACA,kCAAoC;AAAA,sBAClC,MAAQ;AAAA,oBACV;AAAA,oBACA,eAAiB;AAAA,sBACf,MAAQ;AAAA,oBACV;AAAA,oBACA,YAAc;AAAA,sBACZ,MAAQ;AAAA,oBACV;AAAA,oBACA,WAAa;AAAA,sBACX,MAAQ;AAAA,oBACV;AAAA,oBACA,eAAiB;AAAA,sBACf,MAAQ;AAAA,sBACR,OAAS;AAAA,wBACP,MAAQ;AAAA,sBACV;AAAA,oBACF;AAAA,oBACA,aAAe;AAAA,sBACb,MAAQ;AAAA,oBACV;AAAA,oBACA,4BAA8B;AAAA,sBAC5B,MAAQ;AAAA,oBACV;AAAA,oBACA,kBAAoB;AAAA,sBAClB,MAAQ;AAAA,oBACV;AAAA,oBACA,gBAAkB;AAAA,sBAChB,MAAQ;AAAA,oBACV;AAAA,oBACA,aAAe;AAAA,sBACb,MAAQ;AAAA,oBACV;AAAA,oBACA,YAAc;AAAA,sBACZ,MAAQ;AAAA,oBACV;AAAA,oBACA,UAAY;AAAA,sBACV,MAAQ;AAAA,oBACV;AAAA,oBACA,gBAAkB;AAAA,sBAChB,MAAQ;AAAA,oBACV;AAAA,kBACF;AAAA,gBACF;AAAA,gBACA;AAAA,kBACE,MAAQ;AAAA,kBACR,YAAc;AAAA,oBACZ,kCAAoC;AAAA,sBAClC,MAAQ;AAAA,oBACV;AAAA,oBACA,wBAA0B;AAAA,sBACxB,OAAS;AAAA,wBACP;AAAA,0BACE,MAAQ;AAAA,wBACV;AAAA,wBACA;AAAA,0BACE,MAAQ;AAAA,wBACV;AAAA,sBACF;AAAA,oBACF;AAAA,oBACA,QAAU;AAAA,sBACR,OAAS;AAAA,wBACP;AAAA,0BACE,MAAQ;AAAA,wBACV;AAAA,wBACA;AAAA,0BACE,MAAQ;AAAA,wBACV;AAAA,sBACF;AAAA,oBACF;AAAA,oBACA,0BAA4B;AAAA,sBAC1B,OAAS;AAAA,wBACP;AAAA,0BACE,MAAQ;AAAA,0BACR,OAAS;AAAA,4BACP,MAAQ;AAAA,0BACV;AAAA,wBACF;AAAA,wBACA;AAAA,0BACE,MAAQ;AAAA,wBACV;AAAA,sBACF;AAAA,oBACF;AAAA,oBACA,kBAAoB;AAAA,sBAClB,OAAS;AAAA,wBACP;AAAA,0BACE,MAAQ;AAAA,0BACR,OAAS;AAAA,4BACP,MAAQ;AAAA,0BACV;AAAA,wBACF;AAAA,wBACA;AAAA,0BACE,MAAQ;AAAA,wBACV;AAAA,sBACF;AAAA,oBACF;AAAA,oBACA,yBAA2B;AAAA,sBACzB,OAAS;AAAA,wBACP;AAAA,0BACE,MAAQ;AAAA,0BACR,OAAS;AAAA,4BACP,MAAQ;AAAA,0BACV;AAAA,wBACF;AAAA,wBACA;AAAA,0BACE,MAAQ;AAAA,wBACV;AAAA,sBACF;AAAA,oBACF;AAAA,oBACA,uCAAyC;AAAA,sBACvC,OAAS;AAAA,wBACP;AAAA,0BACE,MAAQ;AAAA,0BACR,OAAS;AAAA,4BACP,MAAQ;AAAA,0BACV;AAAA,wBACF;AAAA,wBACA;AAAA,0BACE,MAAQ;AAAA,wBACV;AAAA,sBACF;AAAA,oBACF;AAAA,oBACA,6CAA+C;AAAA,sBAC7C,OAAS;AAAA,wBACP;AAAA,0BACE,MAAQ;AAAA,0BACR,OAAS;AAAA,4BACP,MAAQ;AAAA,0BACV;AAAA,wBACF;AAAA,wBACA;AAAA,0BACE,MAAQ;AAAA,wBACV;AAAA,sBACF;AAAA,oBACF;AAAA,oBACA,gCAAkC;AAAA,sBAChC,MAAQ;AAAA,sBACR,OAAS;AAAA,wBACP,MAAQ;AAAA,sBACV;AAAA,oBACF;AAAA,oBACA,gBAAkB;AAAA,sBAChB,MAAQ;AAAA,oBACV;AAAA,oBACA,mBAAqB;AAAA,sBACnB,MAAQ;AAAA,oBACV;AAAA,oBACA,UAAY;AAAA,sBACV,MAAQ;AAAA,oBACV;AAAA,oBACA,uBAAyB;AAAA,sBACvB,MAAQ;AAAA,oBACV;AAAA,oBACA,0BAA4B;AAAA,sBAC1B,OAAS;AAAA,wBACP;AAAA,0BACE,MAAQ;AAAA,0BACR,OAAS;AAAA,4BACP,MAAQ;AAAA,0BACV;AAAA,wBACF;AAAA,wBACA;AAAA,0BACE,MAAQ;AAAA,wBACV;AAAA,sBACF;AAAA,oBACF;AAAA,oBACA,uBAAyB;AAAA,sBACvB,OAAS;AAAA,wBACP;AAAA,0BACE,MAAQ;AAAA,0BACR,OAAS;AAAA,4BACP,MAAQ;AAAA,0BACV;AAAA,wBACF;AAAA,wBACA;AAAA,0BACE,MAAQ;AAAA,wBACV;AAAA,sBACF;AAAA,oBACF;AAAA,oBACA,sBAAwB;AAAA,sBACtB,OAAS;AAAA,wBACP;AAAA,0BACE,MAAQ;AAAA,0BACR,OAAS;AAAA,4BACP,MAAQ;AAAA,0BACV;AAAA,wBACF;AAAA,wBACA;AAAA,0BACE,MAAQ;AAAA,wBACV;AAAA,sBACF;AAAA,oBACF;AAAA,oBACA,0CAA4C;AAAA,sBAC1C,OAAS;AAAA,wBACP;AAAA,0BACE,MAAQ;AAAA,0BACR,OAAS;AAAA,4BACP,MAAQ;AAAA,0BACV;AAAA,wBACF;AAAA,wBACA;AAAA,0BACE,MAAQ;AAAA,wBACV;AAAA,sBACF;AAAA,oBACF;AAAA,oBACA,0CAA4C;AAAA,sBAC1C,OAAS;AAAA,wBACP;AAAA,0BACE,MAAQ;AAAA,0BACR,OAAS;AAAA,4BACP,MAAQ;AAAA,0BACV;AAAA,wBACF;AAAA,wBACA;AAAA,0BACE,MAAQ;AAAA,wBACV;AAAA,sBACF;AAAA,sBACA,aAAe;AAAA,oBACjB;AAAA,oBACA,uCAAyC;AAAA,sBACvC,OAAS;AAAA,wBACP;AAAA,0BACE,MAAQ;AAAA,0BACR,OAAS;AAAA,4BACP,MAAQ;AAAA,0BACV;AAAA,wBACF;AAAA,wBACA;AAAA,0BACE,MAAQ;AAAA,wBACV;AAAA,sBACF;AAAA,oBACF;AAAA,oBACA,0CAA4C;AAAA,sBAC1C,OAAS;AAAA,wBACP;AAAA,0BACE,MAAQ;AAAA,0BACR,OAAS;AAAA,4BACP,MAAQ;AAAA,0BACV;AAAA,wBACF;AAAA,wBACA;AAAA,0BACE,MAAQ;AAAA,wBACV;AAAA,sBACF;AAAA,oBACF;AAAA,oBACA,0CAA4C;AAAA,sBAC1C,OAAS;AAAA,wBACP;AAAA,0BACE,MAAQ;AAAA,0BACR,OAAS;AAAA,4BACP,MAAQ;AAAA,0BACV;AAAA,wBACF;AAAA,wBACA;AAAA,0BACE,MAAQ;AAAA,wBACV;AAAA,sBACF;AAAA,sBACA,aAAe;AAAA,oBACjB;AAAA,oBACA,gDAAkD;AAAA,sBAChD,OAAS;AAAA,wBACP;AAAA,0BACE,MAAQ;AAAA,0BACR,OAAS;AAAA,4BACP,MAAQ;AAAA,0BACV;AAAA,wBACF;AAAA,wBACA;AAAA,0BACE,MAAQ;AAAA,wBACV;AAAA,sBACF;AAAA,oBACF;AAAA,oBACA,gDAAkD;AAAA,sBAChD,OAAS;AAAA,wBACP;AAAA,0BACE,MAAQ;AAAA,0BACR,OAAS;AAAA,4BACP,MAAQ;AAAA,0BACV;AAAA,wBACF;AAAA,wBACA;AAAA,0BACE,MAAQ;AAAA,wBACV;AAAA,sBACF;AAAA,sBACA,aAAe;AAAA,oBACjB;AAAA,oBACA,uCAAyC;AAAA,sBACvC,OAAS;AAAA,wBACP;AAAA,0BACE,MAAQ;AAAA,0BACR,OAAS;AAAA,4BACP,MAAQ;AAAA,0BACV;AAAA,wBACF;AAAA,wBACA;AAAA,0BACE,MAAQ;AAAA,wBACV;AAAA,sBACF;AAAA,oBACF;AAAA,oBACA,kDAAoD;AAAA,sBAClD,OAAS;AAAA,wBACP;AAAA,0BACE,MAAQ;AAAA,0BACR,OAAS;AAAA,4BACP,MAAQ;AAAA,0BACV;AAAA,wBACF;AAAA,wBACA;AAAA,0BACE,MAAQ;AAAA,wBACV;AAAA,sBACF;AAAA,oBACF;AAAA,oBACA,0BAA4B;AAAA,sBAC1B,OAAS;AAAA,wBACP;AAAA,0BACE,MAAQ;AAAA,0BACR,OAAS,CAAC;AAAA,wBACZ;AAAA,wBACA,CAAC;AAAA,sBACH;AAAA,sBACA,aAAe;AAAA,oBACjB;AAAA,oBACA,uBAAyB;AAAA,sBACvB,OAAS;AAAA,wBACP;AAAA,0BACE,MAAQ;AAAA,0BACR,OAAS;AAAA,4BACP,MAAQ;AAAA,0BACV;AAAA,wBACF;AAAA,wBACA;AAAA,0BACE,MAAQ;AAAA,wBACV;AAAA,sBACF;AAAA,sBACA,aAAe;AAAA,oBACjB;AAAA,oBACA,kBAAoB;AAAA,sBAClB,OAAS;AAAA,wBACP;AAAA,0BACE,MAAQ;AAAA,0BACR,OAAS;AAAA,4BACP,MAAQ;AAAA,0BACV;AAAA,wBACF;AAAA,wBACA;AAAA,0BACE,MAAQ;AAAA,wBACV;AAAA,sBACF;AAAA,sBACA,aAAe;AAAA,oBACjB;AAAA,oBACA,uBAAyB;AAAA,sBACvB,MAAQ;AAAA,oBACV;AAAA,oBACA,0BAA4B;AAAA,sBAC1B,OAAS;AAAA,wBACP;AAAA,0BACE,MAAQ;AAAA,0BACR,OAAS;AAAA,4BACP,MAAQ;AAAA,0BACV;AAAA,wBACF;AAAA,wBACA;AAAA,0BACE,MAAQ;AAAA,wBACV;AAAA,sBACF;AAAA,oBACF;AAAA,oBACA,sBAAwB;AAAA,sBACtB,OAAS;AAAA,wBACP;AAAA,0BACE,MAAQ;AAAA,0BACR,OAAS;AAAA,4BACP,MAAQ;AAAA,0BACV;AAAA,wBACF;AAAA,wBACA;AAAA,0BACE,MAAQ;AAAA,wBACV;AAAA,sBACF;AAAA,oBACF;AAAA,oBACA,4BAA8B;AAAA,sBAC5B,MAAQ;AAAA,oBACV;AAAA,oBACA,6BAA+B;AAAA,sBAC7B,MAAQ;AAAA,oBACV;AAAA,oBACA,iCAAmC;AAAA,sBACjC,MAAQ;AAAA,oBACV;AAAA,oBACA,kCAAoC;AAAA,sBAClC,MAAQ;AAAA,oBACV;AAAA,oBACA,eAAiB;AAAA,sBACf,MAAQ;AAAA,oBACV;AAAA,oBACA,YAAc;AAAA,sBACZ,MAAQ;AAAA,oBACV;AAAA,oBACA,0BAA4B;AAAA,sBAC1B,OAAS;AAAA,wBACP;AAAA,0BACE,MAAQ;AAAA,0BACR,OAAS;AAAA,4BACP,MAAQ;AAAA,0BACV;AAAA,wBACF;AAAA,wBACA;AAAA,0BACE,MAAQ;AAAA,wBACV;AAAA,sBACF;AAAA,oBACF;AAAA,oBACA,sBAAwB;AAAA,sBACtB,MAAQ;AAAA,oBACV;AAAA,kBACF;AAAA,gBACF;AAAA,cACF;AAAA,YACF;AAAA,YACA,QAAU;AAAA,cACR,MAAQ;AAAA,cACR,MAAQ,CAAC,WAAW,YAAY;AAAA,YAClC;AAAA,YACA,aAAe;AAAA,cACb,MAAQ;AAAA,cACR,MAAQ,CAAC,0BAA0B,6BAA6B,qCAAqC;AAAA,YACvG;AAAA,YACA,cAAgB;AAAA,cACd,MAAQ;AAAA,cACR,MAAQ,CAAC,YAAY,UAAU;AAAA,YACjC;AAAA,YACA,OAAS;AAAA,cACP,MAAQ;AAAA,cACR,MAAQ,CAAC,UAAU,oBAAoB,WAAW,SAAS,WAAW,OAAO;AAAA,YAC/E;AAAA,YACA,aAAe;AAAA,cACb,MAAQ;AAAA,cACR,MAAQ,CAAC,UAAU,UAAU;AAAA,YAC/B;AAAA,YACA,aAAe;AAAA,cACb,MAAQ;AAAA,cACR,MAAQ,CAAC,SAAS,SAAS,SAAS,SAAS,QAAQ;AAAA,YACvD;AAAA,YACA,cAAgB;AAAA,cACd,MAAQ;AAAA,cACR,MAAQ,CAAC,YAAY,aAAa,QAAQ,eAAe,OAAO;AAAA,YAClE;AAAA,YACA,WAAa;AAAA,cACX,MAAQ;AAAA,cACR,MAAQ,CAAC,sBAAsB,UAAU;AAAA,YAC3C;AAAA,YACA,iCAAmC;AAAA,cACjC,MAAQ;AAAA,cACR,MAAQ,CAAC,OAAO,MAAM;AAAA,YACxB;AAAA,YACA,yBAA2B;AAAA,cACzB,MAAQ;AAAA,cACR,MAAQ,CAAC,sBAAsB,uBAAuB,qBAAqB,iBAAiB;AAAA,YAC9F;AAAA,YACA,WAAa;AAAA,cACX,MAAQ;AAAA,cACR,MAAQ,CAAC,UAAU,cAAc,aAAa;AAAA,YAChD;AAAA,YACA,aAAe;AAAA,cACb,MAAQ;AAAA,cACR,MAAQ,CAAC,kBAAkB,iBAAiB;AAAA,YAC9C;AAAA,UACF;AAAA,UACA,SAAW;AAAA,YACT,oBAAsB;AAAA,cACpB,aAAe;AAAA,cACf,WAAa;AAAA,gBACX,MAAQ;AAAA,cACV;AAAA,cACA,YAAc;AAAA,gBACZ,MAAQ;AAAA,cACV;AAAA,YACF;AAAA,YACA,6BAA+B;AAAA,cAC7B,aAAe;AAAA,cACf,WAAa;AAAA,gBACX,MAAQ;AAAA,cACV;AAAA,cACA,YAAc;AAAA,gBACZ,MAAQ;AAAA,cACV;AAAA,YACF;AAAA,YACA,+BAAiC;AAAA,cAC/B,aAAe;AAAA,cACf,WAAa;AAAA,gBACX,MAAQ;AAAA,cACV;AAAA,cACA,YAAc;AAAA,gBACZ,MAAQ;AAAA,cACV;AAAA,YACF;AAAA,YACA,uBAAyB;AAAA,cACvB,aAAe;AAAA,cACf,WAAa;AAAA,gBACX,MAAQ;AAAA,cACV;AAAA,cACA,YAAc;AAAA,gBACZ,MAAQ;AAAA,cACV;AAAA,YACF;AAAA,UACF;AAAA,QACF;AAAA,MACF;AAAA,IACF;AAAA;AAAA;;;AC7+DA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAAA,IAAAC,oBAA6C;;;ACA7C,IAAAC,yBAAwC;AACxC,IAAAC,oBAAyD;AAEzD,IAAAC,sBAAkB;;;ACHlB,oBAA4B;AAC5B,IAAAC,yBAAwC;AACxC,IAAAC,sBAAqE;AACrE,IAAAA,sBAAuF;AAGvF,oBAAkD;AAElD,oBAA0B;AAG1B,yBAA2B;AAE3B,uBAAyB;;;ACbzB,4BAAiC;AACjC,IAAAC,yBAUO;AACP,yBAA6D;AAE7D,IAAAC,sBAAwE;AACxE,IAAAC,kBAQO;AACP,IAAAA,kBAMO;AAEP,qBAAwB;;;AChCxB,2BAAgC;AAChC,4BAA8B;AAC9B,qBAQO;AACP,IAAAC,kBAAqG;AAErG,uBAA+B;AAC/B,yBAAkB;AAKX,IAAMC,qBAAqB,wBAACC,YAAAA;AACjC,SAAO,OAAOC,gBAA2CC,UAAAA;AACvD,UAAM,EAAEC,gBAAgBC,mBAAmBC,aAAY,IAAKH,MAAMF;AAElE,QAAI,CAACG,gBAAgB;AACnB,aAAOG,QAAQC,OAAOC,MAAM,mCAAA,CAAA;IAC9B;AAEA,UAAMC,YAAiB,IAAIC,IAAIP,eAAeQ,MAAM;AACpD,UAAMC,gBAAwB,GAAGH,UAAUI,QAAQ,KAAKJ,UAAUK,QAAQ;AAC1E,QAAIC,iBAAqBC,qCAAcJ,eAAeT,eAAec,wBAAwB;AAE7F,UAAMC,QAA2B;MAC/BC,SAAS;QACPC,aAAaL;QACbM,WAAWN;MACb;;;;MAIAO,WAAW;QACTC,IAAI;QACJC,QAAQC,2BAAYC;QACpBC,MAAMC,6BAAcC;QACpBC,MAAM;QACNC,UAAU;MACZ;MACAC,KAAKpB;MACLqB,YAAY;QACV;UACEC,OAAOtB;UACPuB,OAAO;YAACC,gCAAeC;;UACvBb,QAAQc,8BAAeZ;UACvBa,YAAY;YACVZ,MAAMa,yCAA0B9B;YAChCE,eAAeH,UAAUK;UAC3B;;UAEA2B,YAAY;YACVd,MAAMe,8BAAeC;YACrBC,QAAQ;cACNC,UAAU;cACVC,cAAc;cACdC,QAAQ;gBAAC;;cACTpC,QAAQ;cACRqC,aAAa;cACbC,sCAAsC;cACtCC,kBAAkB;YACpB;UACF;QACF;;IAEJ;AAEA,UAAMC,WAAW,8BAAO,EACtBjC,OAAAA,QACAT,WAAAA,YACAM,YAAAA,aACAH,eAAAA,eAAa,MAMd;AACC,YAAMQ,cAAcF,OAAMC,QAAQC,eAAeL;AACjD,YAAMqC,WAAyB,MAAMpD,QAAQqD,MAAMC,cAAc;QAC/DC,QAAQ;UACN;YACEpC,SAAS;;cAEPE,WAAWD;YACb;UACF;;MAEJ,CAAA;AACA,UAAIgC,SAASI,WAAW,KAAK,CAACJ,SAAS,CAAA,GAAIjC,SAAS;AAClD,cAAMA,UAAU,MAAMnB,QAAQqD,MAAMI,aAAa;UAC/C,GAAGvC;UACHE;UACAC,WAAWD;UACXsC,aAAa;YACX/B,MAAMC,6BAAcC;YACpBC,MAAMV;YACNI,QAAQC,2BAAYC;YACpBK,UAAUb,OAAMa,YAAY;UAC9B;QACF,CAAA;AACA9B,uBAAe0D,KAAK;UAClBhC,MAAMiC,qCAAqBC;UAC3BC,MAAM3C;QACR,CAAA;MACF;IACF,GAvCiB;AAyCjB,UAAM4C,kBAAkB,8BAAOC,eAAAA;AAC7B/D,qBAAe0D,KAAK;QAClBhC,MAAMiC,qCAAqBK;QAC3BH,MAAME;MACR,CAAA;IACF,GALwB;AAOxB,UAAME,gBAAgB,8BAAOhC,UAAAA;AAC3BjC,qBAAe0D,KAAK;QAClBhC,MAAMiC,qCAAqBO;QAC3BL,MAAM5B;MACR,CAAA;IACF,GALsB;AAOtB,QAAI,CAACnB,YAAY;AACfA,mBAAa,iBAAiBN,SAAAA;IAChC,WAAWM,WAAWqD,WAAW,MAAA,GAAS;AACxCrD,mBAAa,QAAQA,WAAWsD,QAAQ,eAAe,EAAA,CAAA;IACzD;AACA,QAAI,CAAChE,cAAc;AACjB,aAAO,MAAM6D,cAAcnD,UAAAA;IAC7B;AACAA,iBAAaV;AACb,QAAI,CAACD,mBAAmB;AACtB,aAAO,MAAM2D,gBAAgB,IAAA;IAC/B;AACA,UAAMZ,SAAS;MAAEjC;MAAOH;MAAYN,WAAWA,UAAU6D,SAAQ;MAAI1D;IAAc,CAAA;EACrF;AACF,GA3HkC;AA6H3B,IAAM2D,sBAAsB,wBAACvE,YAAAA;AAClC,SAAO,OAAOC,gBAAsEC,UAAAA;AAClFsE,YAAQC,MAAM,yBAAyBvE,MAAMwE,KAAK,IAAIxE,MAAMF,QAAQyE,KAAK;AACzEE,WAAOC,MAAM1E,MAAMwE,KAAK;EAC1B;AACF,GALmC;AAO5B,IAAMG,4BAA4B,wBAAC7E,YAAAA;AACxC,SAAO,OAAOC,gBAA2CC,UAAAA;AACvD,UAAM,EAAEiB,SAAS2D,wBAAwBC,oBAAmB,IAAK7E,MAAMF;AAEvE,QAAI+E,uBAAuBA,oBAAoBvB,SAAS,GAAG;AACzDmB,aAAOK,KAAK,aAAaD,oBAAoBE,KAAK,IAAA,CAAA,EAAO;AACzDhF,qBAAe0D,KAAK;QAClBhC,MAAMiC,qCAAqBsB;MAC7B,CAAA;AACA;IACF,WAAW,CAAC/D,SAAS;AACnB,aAAOb,QAAQC,OAAOC,MAAM,4BAAA,CAAA;IAC9B;AAEA,UAAM2E,eAAe,8BAAOJ,yBAAAA;AAC1BP,cAAQY,IAAI,yBAAyBL,qBAAoBE,KAAK,IAAA,CAAA,EAAO;AACrEhF,qBAAe0D,KAAK;QAClBhC,MAAMiC,qCAAqByB;QAC3BvB,MAAMiB;MACR,CAAA;IACF,GANqB;AAQrB,UAAMI,aAAaL,uBAAuBQ,IAAI,CAACC,QAAQA,IAAIC,YAAY,CAAA;EACzE;AACF,GAxByC;AA0BlC,IAAMC,+BAA+B,wBAC1C,EACEC,eACAC,cAAa,GAKf3F,YAAAA;AAEA,SAAO,OAAOC,gBAA2CC,UAAAA;AACvD,UAAM0F,MAAM1F,MAAMF,QAAQ6F;AAC1BrB,YAAQY,IAAI,kCAAkCQ,GAAAA;AAC9C,QAAI,CAACA,KAAK;AACR,aAAOtF,QAAQC,OAAOC,MAAM,sCAAA,CAAA;IAC9B;AACA,UAAMsF,yBAAyB,8BAAOF,SAAAA;AACpCpB,cAAQY,IAAI,0CAA0CQ,IAAAA;AACtD3F,qBAAe0D,KAAK;QAClBhC,MAAMiC,qCAAqBmC;QAC3BjC,MAAM8B;MACR,CAAA;AACA,YAAMI,WAAW,UAAMC,mBAAAA,SAAML,MAAK;QAAEM,UAAU;MAAS,CAAA;AACvD,UAAIF,SAASG,SAAS,OAAOH,SAASG,SAAS,KAAK;AAClD,cAAM3F,MAAM,iFAAiF;MAC/F;AACA,YAAM4F,YAAYJ,SAASK,QAAQC,IAAI,UAAA;AACvC,UAAI,CAACF,aAAa,CAACA,UAAUhC,WAAW,WAAA,GAAc;AACpD,YAAIK,QAA4B8B;AAChC,YAAIH,WAAW;AACb,cAAIA,UAAUI,SAAS,OAAA,GAAU;AAC/B/B,oBAAQ;AACR,kBAAMgC,cAAUC,sCAAgBN,SAAAA;AAChC,gBAAI,WAAWK,WAAWA,QAAQhC,OAAO;AACvCA,uBAASgC,QAAQhC,QAAQ;YAC3B;AACA,gBAAI,uBAAuBgC,WAAWA,QAAQE,mBAAmB;AAC/DlC,uBAASgC,QAAQE;YACnB;UACF;QACF;AACA,cAAMnG,MACJiE,SACE,iFAAiF2B,SAAAA,KAAcQ,KAAKC,UAAU,MAAMb,SAASc,KAAI,CAAA,CAAA,EAAK;MAE5I;AAEAtC,cAAQY,IAAI,yCAAyCQ,IAAAA,EAAK;AAC1D,YAAMmB,MAAMrB,cAAcsB,QAAQC,MAAMC,gBACpC,GAAGxB,cAAcnD,WAAW4E,GAAG,IAAIzB,cAAcsB,QAAQC,KAAKC,aAAa,KAC3ExB,cAAcnD,WAAWwE;AAC7B,YAAMpB,cAAcyB,OAAOhB,WAAW;QAAEiB,QAAQ;UAAE,GAAG3B,cAAcnD;UAAY+E,WAAWP;QAAI;MAAE,CAAA;IAClG,GApC+B;AAqC/B,UAAMjB,uBAAuBF,GAAAA;EAC/B;AACF,GAvD4C;AAyDrC,IAAM2B,4BAA4B,wBAACvH,YAAAA;AACxC,SAAO,OAAOC,gBAA2CC,UAAAA;AACvDsE,YAAQY,IAAI,uBAAuB;AACnCZ,YAAQY,IAAIwB,KAAKC,UAAU3G,MAAMF,QAAQwH,qBAAqB,MAAM,CAAA,CAAA;AACpEvH,mBAAe0D,KAAK;MAClBhC,MAAMiC,qCAAqBsB;IAC7B,CAAA;EACF;AACF,GARyC;AAUlC,IAAMuC,mBAAmB,wBAAC,EAAExH,eAAc,GAAwCD,YAAAA;AACvF,SAAO,OAAO0H,eAAyCxH,UAAAA;AAGrD,QAAI,CAACA,MAAMF,QAAQ2H,2BAA2BC,aAAaC,MAAM;AAC/D,YAAMrH,MAAM,kDAAkD;IAChE;AACAP,mBAAe6H,YAAYnE,KAAK;MAC9BhC,MAAMiC,qCAAqBmE;MAC3BjE,MAAM5D,MAAMF,QAAQ2H,0BAA0B/B;IAChD,CAAA;AACApB,YAAQY,IAAI,YAAY;EAC1B;AACF,GAbgC;;;ADvLzB,IAAM4C,sCAAsC,8BACjD,EACEC,UAAUC,aACVC,kBACAC,gBACAC,QACAC,aACAC,mBACAC,UAAU;EAAC;EAAU;EAAc,GAErCC,YAAAA;AAEAC,SAAOC,KAAK,sBAAsBP,cAAAA,qBAAmCF,WAAAA,eAA0BC,gBAAAA,EAAkB;AACjH,QAAMS,aAAa,MAAMH,QAAQI,MAAMC,0BAA0BT,MAAAA;AACjE,QAAMU,aAAaH,WAAWG;AAC9B,MAAIA,WAAWC,aAAa,cAAcD,WAAWC,aAAa,WAAW;AAC3E,UAAMC,MACJ,4FAA4FF,WAAWC,QAAQ,UAAUD,WAAWG,GAAG,EAAE;EAE7I;AAIA,QAAMC,UAAU,UAAMC,yCACpB;IACEL;IACAM,4BAA4BjB,mBAAmB;IAC/CkB,8BAA8B;IAC9BC,SAAS;EACX,GACAd,OAAAA;AAEF,QAAMe,MAAML,QAAQM,MAAMC,qBAAiBC,kDAA6B;IAAEC,KAAKT;EAAQ,CAAA;AACvF,QAAMlB,WAAWC,eAAea,WAAWG;AAE3C,QAAMW,YAAY,MAAMC,uCAAiBC,qBAAqB;IAC5D5B;IACAqB;IACAvB;IACA+B,+BAA+B;IAC/BC,wBAAwB;EAC1B,CAAA;AAEA,QAAMC,aAAa,CAAC;AACpB,MAAIC;AACJ,MAAIC,MAAMC,QAAQH,UAAAA,GAAa;AAC7BC,mBAAeD;EACjB,OAAO;AACLC,mBAAeG,OAAOC,QAAQL,UAAAA,EAAYM,IAAI,CAAC,CAACC,IAAIC,SAAAA,MAAU;AAC5DA,gBAAUD,KAAKA;AACf,aAAOC;IACT,CAAA;EACF;AACA,QAAMC,0BAA0BR,aAC7BS,OAAO,CAACF,kBAAcG,wDAAgCH,WAAW;IAAEI,4BAA4B;EAAM,CAAA,EAAGC,SAAS3C,cAAAA,CAAAA,EACjHwC,OAAO,CAACF,eAAeA,UAAUM,WAAW,YAAYN,UAAUM,WAAW,kBAAkBxC,QAAQuC,SAASL,UAAUM,MAAM,CAAA;AACnI,MAAIL,wBAAwBM,WAAW,GAAG;AACxC,UAAMhC,MAAM,mBAAmBb,cAAAA,qBAAmCI,QAAQ0C,KAAK,GAAA,CAAA,4CAAgD/C,gBAAAA,EAAkB;EACnJ;AACA,QAAMgD,uBAAuBR,wBAAwBH,IAAI,CAACE,cAAAA;AACxD,UAAMU,8BAA8BV,UAAUD;AAC9C,QAAI,CAACW,6BAA6B;AAChC,YAAMnC,MAAM,4DAA4Db,cAAAA,EAAgB;IAC1F;AACA,WAAO;MACLiD,MAAM;MACND;MACAE,4BAAwBT,wDAAgCH,SAAAA;IAC1D;EACF,CAAA;AAEA,QAAMa,gBAA4ChD,kBAAkBgD,iBAAiB;IACnFC,kBAAcA,8BAAanD,QAAQI,OAAAA;EACrC;AACA,QAAMgD,2BAA2B;IAC/BnD;IACAL;IACAkD;IACA5C,mBAAmB;MACjB,GAAGA;MACHgD;MACA/B,KAAKjB,kBAAkBiB,OAAOA;IAChC;EACF;AAEA,QAAMkC,uBAAuB,MAAM7B,UAAU8B,8BAA8B;IACzEC,sBAAsBH;EACxB,CAAA;AACA/C,SAAOC,KAAK,sBAAsBP,cAAAA,qBAAmCF,WAAAA,eAA0BC,gBAAAA,aAA6BuD,oBAAAA,EAAsB;AAClJ,QAAMG,SAAS,UAAMC,+CAA0B;IAAElC,KAAKT;EAAQ,CAAA;AAC9D,MAAI,EAAE0C,UAAUE,6BAAM;AACpB,WAAOC,QAAQC,OAAOhD,MAAM,GAAG4C,MAAAA,mBAAyB,CAAA;EAC1D;AAEA,QAAMK,MAAWH,2BAAIF,MAAAA;AAErB,SAAO;IACLM,aAAa;MACXnC,+BAA+B;MAC/BoC,UAAUC,qCAAcC;MACxBC,KAAKpE;MACLqE,qBAAqBC,KAAKC,MAAM,MAAM7C,UAAU8C,YAAW,CAAA;IAC7D;IACAC,iBAAiB;MACfC,YAAY;QACVX;QACAjE;QACAuB;QACA+B;QACAuB,qBAAqB;MACvB;IACF;IACArB;IACAC;IACA3C,YAAYH;IACZO;IACA4D,sBAAsB;MAACC,0CAAuBC;MAAUD,0CAAuBE;;EACjF;AACF,GAtHmD;AAwH5C,IAAMC,gCAAgC,8BAC3C,EAAElF,UAAUmF,cAAa,GACzB3E,YAAAA;AAEA,QAAMM,aAAaqE,cAAcrE;AACjC,QAAMsE,oBAAoB,oBAAIC,IAAAA;AAC9B,QAAMC,mBAAmB,oBAAID,IAAAA;AAE7B,QAAME,iBAAiB,MAAM/E,QAAQI,MAAM4E,mCAAmC;IAC5E,GAAGL;IACHM,aAAa;MACX3E;MACA4E,6BAA6BX,0CAAuBC;MACpDzD,KAAK4D,cAAcjE,QAAQM,MAAMC,iBAAiB0D,cAAcjE,QAAQK;IAC1E;IACAqD,YAAY;MACVC,qBAAqB;MACrBtD,KAAK4D,cAAcjE,QAAQM,MAAMC,iBAAiB0D,cAAcjE,QAAQK;MACxEvB;IACF;IACA8E,sBAAsB;MAACC,0CAAuBC;MAAUD,0CAAuBE;;IAC/EU,6BAAyBC,8CAA6BR,iBAAAA;EACxD,CAAA;AACA,QAAMS,gBAAgB,IAAIC,wCAAwB;IAChDC,WAAW;MAAC;;;IAEZvF;IACAwF,2BAA2B;IAC3BL,6BAAyBM,6CAA4BX,gBAAAA;EACvD,CAAA;AAEAA,mBACGY,IAAIC,oCAAoBC,MAAMC,iBAAiB;IAAEd;EAAe,GAAG/E,OAAAA,CAAAA,EACnE0F,IAAIC,oCAAoBG,aAAaC,oBAAoB/F,OAAAA,CAAAA,EACzD0F,IAAIC,oCAAoBK,OAAOD,oBAAoB/F,OAAAA,CAAAA;AAEtD4E,oBACGc,IAAIO,qCAAqBH,aAAaC,oBAAoB/F,OAAAA,CAAAA,EAC1D0F,IAAIO,qCAAqBC,YAAYC,mBAAmBnG,OAAAA,CAAAA,EACxD0F,IAAIO,qCAAqBG,mBAAmBC,0BAA0BrG,OAAAA,CAAAA,EACtE0F,IACCO,qCAAqBK,8BACrBC,6BACE;IACE5B;IACAU;EACF,GACArF,OAAAA,CAAAA,EAGH0F,IAAIO,qCAAqBO,mBAAmBC,0BAA0BzG,OAAAA,CAAAA;AAEzE,SAAO+E,eAAe2B;AACxB,GArD6C;AAuDtC,IAAMC,qBAAqB,8BAChC,EAAEnH,UAAUmF,eAAeiC,OAAO;EAAEC,SAAS;AAAO,EAAC,GACrDC,iBAAAA;AAEA7G,SAAOC,KAAK,gCAAgCyE,cAAcrE,WAAWG,GAAG,QAAQjB,QAAAA,EAAU;AAC1F,QAAMkH,cAAc,MAAMhC,8BAA8B;IAAElF;IAAUmF;EAAc,GAAGmC,YAAAA;AACrF,QAAMC,QAAQ,UAAMC,wBAAQN,YAAYO,MAAK,GAAI,CAACF,WAAUA,OAAMG,QAAQ,MAAA,KAAWH,OAAMG,QAAQ,aAAA,KAAkBH,OAAMG,QAAQ,OAAA,GAAU;IAC3IL,SAASD,KAAKC,WAAW;EAC3B,CAAA;AACA,QAAM,EAAEM,cAAcC,SAASC,oBAAoBpC,aAAae,OAAOsB,oBAAmB,IAAKP,MAAM/G;AAErG,MAAI+G,MAAMG,QAAQ,aAAA,KAAkBH,MAAMG,QAAQ,OAAA,GAAU;AAC1DjH,WAAO+F,MAAMhC,KAAKuD,UAAUR,MAAM/G,QAAQgG,KAAK,CAAA;AAC/C,UAAMxF,MAAMwD,KAAKuD,UAAUR,MAAM/G,QAAQgG,KAAK,CAAA;EAChD;AAEA,QAAMwB,SAAS;IACbL;IACAC;IACAC;IACA/G,YAAY2E,aAAa3E,aACnB,MAAMwG,aAAa1G,MAAMqH,qBAAqBxC,YAAY3E,UAAU,IACtEqE,cAAcrE;IAClB0F;IACA0B,aAAaJ;EACf;AACArH,SAAOC,KAAK,wBAAwByE,cAAcrE,WAAWG,GAAG,QAAQjB,QAAAA,IAAYgI,MAAAA;AAEpF,SAAOA;AACT,GA7BkC;;;AE1O3B,IAAMG,oBAAoB,wBAAC,EAChCC,cAAc,SACdC,SACAC,SAAS,QAAO,MAC0E;AAC1F,SAAO,eAAeF,WAAAA,YAAuBE,MAAAA,IAAUD,OAAAA;AACzD,GANiC;AAQ1B,IAAME,OAAO,8BAAOC,gBAAAA;AACzB,SAAO,IAAIC,QAAQ,CAACC,YAAYC,WAAWD,SAASF,WAAAA,CAAAA;AACtD,GAFoB;;;ACVpB,IAAAI,sBAAkB;AAaX,IAAMC,qBAAqB,8BAAOC,SAAAA;AACvC,QAAM,EAAEC,QAAQC,QAAO,IAAKF;AAC5B,QAAM,EAAEG,KAAKC,QAAO,IAAKH;AACzB,MAAI,CAACE,KAAK;AACR,UAAM,IAAIE,MAAM,2BAAA;EAClB;AACA,QAAMC,QAAQF,UAAU,aAAaA,OAAAA,KAAY;AACjD,QAAMG,WAAW,UAAMC,oBAAAA,SAAM,GAAGC,uBAAuB;IAAE,GAAGP;EAAQ,CAAA,EAAGI,KAAK,IAAIH,GAAAA,GAAMG,KAAAA,EAAO;AAC7F,QAAMI,WAAW,MAAMH,SAASI,KAAI;AACpC,QAAMC,OAAOF,SAASG,WAAW,GAAA,IAAOC,KAAKC,MAAML,QAAAA,IAAYM;AAE/D,MAAIT,SAASU,UAAU,OAAO,CAACL,MAAM;AACnC,WAAOM,QAAQC,OAAO,IAAId,MAAMO,QAAQF,QAAAA,CAAAA;EAC1C;AACA,SAAOE;AACT,GAfkC;AAqB3B,IAAMQ,+BAA+B,8BAC1CpB,SAAAA;AAaA,QAAM,EACJG,KACAkB,kBAAkB,KAClBC,gBAAgB,KAChBC,4BAA4B,KAC5BC,cAAc,KACdC,UAAU,MACVC,cAAc,SACdC,gBAAe,IACb3B;AAEJ,MAAIqB,kBAAkBC,eAAe;AACnC,WAAOJ,QAAQC,OAAOd,MAAM,gBAAgBiB,aAAAA,uDAAoED,eAAAA,EAAiB,CAAA;EACnI,WAAWE,4BAA4B,GAAG;AACxC,WAAOL,QAAQC,OAAOd,MAAM,8BAA8BkB,yBAAAA,+BAAwD,CAAA;EACpH;AACA,MAAIK,WAAWP;AACf,MAAIQ,gBAAgB;AACpB,MAAIC;AACJ,MAAIC,QAAQ;AACZ,WAASC,aAAAA;AACPC,WAAOC,MAAM,2BAA2BH,KAAAA,gBAAqBF,aAAAA,KAAkB1B,GAAAA,EAAK;EACtF;AAFS6B;AAGT,SAAO,CAACF,eAAeD,iBAAiBL,aAAa;AACnD,MAAEO;AACF,QAAI;AACFC,iBAAAA;AACAF,oBAAc,MAAM/B,mBAAmB;QAAEE,QAAQ;UAAEE;QAAI;QAAGD,SAAS;UAAEwB;UAAaD;QAAQ;MAAE,CAAA;AAC5F,UAAIE,mBAAqBG,aAAa;AACpC,cAAMK,cAAcrB,KAAKsB,UAAUN,WAAAA;AACnC,cAAMO,SAASvB,KAAKsB,UAAUT,eAAAA;AAC9B,cAAMW,QAAQH,YAAYI,SAASF,OAAOG,UAAU,GAAGH,OAAOI,SAAS,CAAA,CAAA;AACvE,YAAI,CAACH,OAAO;AACVL,iBAAOC,MAAM,0CAA0CpB,KAAKsB,UAAUT,eAAAA,CAAAA,oBAAoCxB,GAAAA,EAAK;AAC/G2B,wBAAcd;QAChB;MACF;IACF,SAAS0B,GAAG;IAAC;AACb,QAAI,CAACZ,aAAa;AAChB,YAAMa,KAAKf,QAAAA;AACXC,uBAAiBD;AACjBA,iBAAWgB,KAAKC,IAAIjB,WAAWL,2BAA2BD,aAAAA;IAC5D;EACF;AACAU,aAAAA;AACA,SAAO;IAAEF;IAAaD;IAAeE;EAAM;AAC7C,GA5D4C;AAmErC,IAAMe,uBAAuB,8BAAO9C,SAAAA;AACzC,QAAM,EAAEC,QAAQC,QAAO,IAAKF;AAC5B,QAAM,EAAE+C,QAAQC,MAAMC,WAAU,IAAKhD;AACrC,QAAMiD,cAAwB,CAAA;AAC9B,MAAIH,QAAQ;AACVG,gBAAYC,KAAK,eAAeJ,MAAAA,EAAQ;EAC1C;AACA,MAAIC,MAAM;AACRE,gBAAYC,KAAK,cAAcH,IAAAA,EAAM;EACvC;AACA,MAAIC,YAAY;AACdC,gBAAYC,KAAK,cAAcF,UAAAA,EAAY;EAC7C;AACA,QAAM3C,QAAQ,IAAI4C,YAAYE,OAAOC,OAAAA,EAASC,KAAK,GAAA,CAAA;AACnD,SAAO,OAAO,UAAM9C,oBAAAA,SAAM,GAAGC,uBAAuB;IAAE,GAAGP;EAAQ,CAAA,EAAGI,KAAK,IAAIA,KAAAA,EAAO,GAAGM,KAAI;AAC7F,GAfoC;;;ACrGpC,IAAA2C,sBAAkB;;;ACyCX,IAAMC,sBAAuD;EAClEC,IAAI;IACFC,MAAM;IACNC,QAAQ;IACRC,SAAS;IACTC,WAAW;IACXC,kBAAkB;EACpB;EACAC,KAAK;IACHL,MAAM;IACNC,QAAQ;EACV;AACF;AAwEO,IAAKK,uBAAAA,0BAAAA,uBAAAA;;;;SAAAA;;AA2SL,IAAMC,mBAAmB;AAKzB,IAAMC,mBAAmBC,KAAKC,UAAU;EAAE,YAAY;IAAC;IAAgC;;AAAgD,CAAA;AAYvI,IAAKC,gBAAAA,0BAAAA,gBAAAA;;;;;;;SAAAA;;;;ADzaL,IAAMC,gBAAgB,8BAAOC,SAAAA;AAClC,SAAOC,kBAAkB;IAAE,GAAGD;IAAME,SAAS;EAAG,CAAA;AAClD,GAF6B;AAG7B,IAAMD,oBAAoB,8BAAOD,SAAAA;AAC/B,QAAM,EAAEG,QAAQC,OAAOC,aAAaC,WAAWC,SAASC,mBAAmB,OAAON,QAAO,IAAKF;AAC9F,QAAMS,UAAUC,kBAAkB;IAAEL;IAA0BF;IAAQC;IAAOE;EAAU,CAAA;AACvFK,SAAOC,MAAM;GAAiBC,KAAKC,UAAUL,SAAS,MAAM,CAAA,CAAA,EAAI;AAChE,QAAMM,cAAc,OAAO,UAAMC,oBAAAA,SAAMC,uBAAuB;IAAE,GAAGV;EAAQ,CAAA,EAAGW,QAAQT,OAAAA,GAAUU,KAAI;AAEpG,MAAIC,SAASL,YAAYK;AACzBT,SAAOC,MAAM;EAAoBC,KAAKC,UAAUM,UAAUL,YAAYM,KAAK,CAAA,EAAG;AAE9E,MAAIN,YAAYM,UAAUC,UAAa,CAACd,kBAAkB;AACxDG,WAAOU,MAAM,uBAAuBN,WAAAA;AACpC,QAAIA,YAAYM,MAAME,QAAQC,SAAS,yBAAyB,GAAG;AACjExB,WAAKI,QAAQqB,YAAAA;AACb,UAAIvB,WAAW,GAAG;AAChB,cAAMwB,MAAMX,YAAYM,MAAME,OAAO;MACvC;AACAZ,aAAOgB,QAAQ,0DAA0DzB,OAAAA,EAAS;AAClF,YAAM0B,KAAK,GAAA;AACX,aAAO3B,kBAAkB;QAAE,GAAGD;QAAME,SAASA,UAAU;MAAE,CAAA;IAC3D;AACA,UAAMwB,MAAMX,YAAYM,MAAME,OAAO;EACvC;AAEA,SAAOR;AACT,GAxB0B;AA+B1B,IAAML,oBAAoB,wBAACV,SAAAA;AACzB,QAAM,EAAEG,QAAQC,OAAOC,aAAaC,UAAS,IAAKN;AAClD,QAAM6B,WAAW;IACfC,QAAQ;IACRC,SAAS;MACP,gBAAgB;MAChBC,eAAe,UAAU3B,WAAAA;IAC3B;IACA4B,MAAMpB,KAAKC,UAAU;MACnBoB,SAASC;MACTL,QAAQxB;MACRH;MACAiC,IAAIhC;IACN,CAAA;EACF;AACAO,SAAOC,MAAMiB,QAAAA;AACb,SAAOA;AACT,GAjB0B;;;ALdnB,SAASQ,6BAA6BC,UAA0B;AACrE,QAAMC,OAAOD,YAAYE,oBAAoBC;AAC7C,QAAMC,SAASH,KAAKI,aAAa;AAEjC,QAAMC,SAAS,IAAIC,WAAWH,UAAUH,KAAKO,UAAU,IAAI,EAAA;AAC3D,MAAIP,KAAKO,SAAS;AAChBF,WAAOG,IAAI;MAACR,KAAKO;KAAQ;EAC3B;AACAF,SAAOG,QAAIC,2BAAYN,MAAAA,GAASH,KAAKO,UAAU,IAAI,CAAA;AACnD,SAAOG,wBAAUC,OAAON,MAAAA;AAC1B;AAVgBP;AAYT,SAASc,uCAAuCb,UAA4Bc,iBAA4B;AAC7G,QAAMb,OAAOD,YAAYE,oBAAoBC;AAC7C,QAAMC,SAASH,KAAKI,YAAY,IAAIJ,KAAKI,YAAY;AAErD,MAAIS,iBAAiB;AACnB,QAAIA,gBAAgBV,WAAWA,QAAQ;AACrC,YAAMW,MAAM,wCAAwCD,gBAAgBV,MAAM,cAAcA,MAAAA,QAAcH,KAAKe,IAAI,EAAE;IACnH;AACA,eAAOC,2BAASH,iBAAiB,QAAA;EACnC;AACA,aAAOG,+BAASP,2BAAYN,MAAAA,GAAS,QAAA;AACvC;AAXgBS;AAuBT,IAAMK,sBAAsB,wBAACC,SAAAA;AAClC,QAAM,EAAEC,KAAKJ,KAAI,IAAKG;AACtB,UAAQH,MAAAA;IACN,KAAK,aAAa;AAChB,YAAMK,YAAQC,wBAAS,OAAOF,IAAIG,cAAc,KAAA;AAChD,aAAOC,yBAAWC,iBAAiBJ,OAAO,KAAA;IAC5C;IACA,KAAK,aAAa;AAKhB,YAAMK,UAAkBC,2BAAMP,IAAIG,cAAcP,MAAM;QAAEY,KAAKC,8BAAUC;QAAWV;MAAI,CAAA;AAMtF,YAAMW,YAAYC,KAAKC,UAAUP,KAAK,MAAM,CAAA;AAC5C,aAAO,SAAKT,+BAASiB,+BAAWH,SAAAA,GAAY,QAAA,CAAA;IAC9C;IACA;AACE,YAAM,IAAIhB,MAAM,8BAA8BC,IAAAA,EAAM;EACxD;AACF,GAxBmC;AA0B5B,IAAMmB,oBAAoB,wBAAChB,SAAAA;AAChC,QAAM,EAAEiB,cAAc,eAAe5B,UAAU,KAAI,IAAKW;AACxD,MAAIiB,gBAAgB,SAAS;AAC3B,UAAMrB,MAAM,uDAAuD;EACrE;AACA,SAAO,GAAGsB,kBAAkB;IAAED;IAAa5B;IAAS8B,QAAQF;EAAY,CAAA,CAAA;AAC1E,GANiC;AAQ1B,IAAMG,6BAA6B,wBAACpB,SAAAA;AACzC,QAAM,EAAEiB,cAAc,SAAS5B,UAAU,KAAI,IAAKW;AAClD,SAAO,GAAGkB,kBAAkB;IAAED;IAAa5B;IAAS8B,QAAQ;EAAgB,CAAA,CAAA;AAC9E,GAH0C;AAKnC,IAAME,yBAAyB,wBAACrB,SAAAA;AACrC,QAAM,EAAEiB,cAAc,SAAS5B,UAAU,KAAI,IAAKW;AAClD,QAAMsB,UAAU,GAAGJ,kBAAkB;IAAED;IAAa5B;IAAS8B,QAAQ;EAAe,CAAA,CAAA;AACpF,SAAO;IACLI,QAAQ,GAAGD,OAAAA;IACXE,OAAO,GAAGF,OAAAA;EACZ;AACF,GAPsC;AAS/B,IAAMG,6BAA6B,wBAAC,EAAER,aAAa5B,SAASQ,MAAMsB,SAASF,aAAaS,KAAI,MAAiB;AAClH,QAAMC,MAAM,GAAGT,kBAAkB;IAAED;IAAa5B;IAAS8B;EAAO,CAAA,CAAA,GAAKO,OAAO,IAAIA,IAAAA,KAAS,EAAA,gBAAkB7B,IAAAA;AAC3G+B,SAAOC,MAAM,kBAAkBF,GAAAA,EAAK;AACpC,SAAOA;AACT,GAJ0C;AAMnC,IAAMG,6BAA6B,8BACxC9B,MAOA+B,YAAAA;AAEA,QAAM,EAAEC,YAAYC,aAAaC,KAAKC,SAASC,mBAAkB,IAAKpC;AACtE,QAAMqC,qBAAqB,MAAMC,cAAcN,UAAAA;AAC/C,QAAMO,QAAQ,YAAYF,qBAAqBA,mBAAmBlD,OAAOoD,QAAQC;AAEjF,MACEJ,sBACA,YAAYC,sBACZ,WAAWD,sBACX,WAAWC,mBAAmBlD,UAC9B,OAAOkD,mBAAmBlD,WAAW,YACrCiD,mBAAmBG,UAAUF,mBAAmBlD,OAAOoD,OACvD;AACA,UAAME,KAAK,GAAA;AACX,WAAO,MAAMX,2BAA2B;MAAE,GAAG9B;MAAMoC;IAAmB,GAAGL,OAAAA;EAC3E;AAEA,MAAI,WAAWM,sBAAsB,CAAC,CAACA,mBAAmBK,OAAO;AAC/Dd,WAAOc,MAAM7B,KAAKC,UAAUuB,kBAAAA,CAAAA;AAC5B,UAAM,IAAIzC,MAAMyC,mBAAmBK,MAAMC,WAAW,wBAAA;EACtD;AACA,QAAMC,aAAcP,mBAAqClD;AAEzD,QAAM0D,kBAAkBhC,KAAKiC,MAAMjC,KAAKC,UAAU8B,UAAAA,CAAAA;AAClD,MAAIA,cAAc,aAAaA,cAAc,OAAOA,WAAWG,YAAY,YAAYH,WAAWG,QAAQC,YAAW,EAAGC,WAAW,IAAA,GAAO;AAExIJ,oBAAgBE,UAAUG,OAAOC,SAASP,WAAWG,SAAS,EAAA;EAChE;AACA,QAAMK,cAAc,MAAMrB,QAAQsB,MAAMC,oBAAoB;IAC1DpB;IACAqB,aAAaV;EACf,CAAA;AAEA,QAAMW,MAAMC,0BAAYC,KAAKN,WAAAA,EAAaO;AAC1C,QAAM,EAAEC,GAAGC,GAAGC,EAAC,IAAKN;AAEpB,QAAMO,aAAa,MAAMzB,cAAc;IACrC0B,QAAQ;MACN;QACEC,UAAU;QACVC,qBAAqBtB;QACrBgB;QACAC;QACAC,GAAG,KAAKA,EAAEhE,SAAS,EAAA,CAAA;QACnBqE,sBAAsBf;MACxB;;IAEFgB,WAAWC,cAAcC;IACzBC,OAAOlC,mBAAmBmC;IAC1BrC;IACAF;EACF,CAAA;AAEA,MAAI,YAAY8B,YAAY;AAC1B,UAAM,IAAInE,MAAMiB,KAAKC,UAAUiD,YAAY,MAAM,CAAA,CAAA;EACnD;AACA,SAAO;IAAE,GAAGA;IAAYxB;EAAM;AAChC,GAlE0C;AAoEnC,IAAMkC,2BAA2B,8BACtCzE,MAMA+B,YAAAA;AAEA,QAAM,EAAE2C,SAASC,SAASC,KAAKC,gBAAgB,MAAK,IAAK7E;AACzD,MAAI8E,gBAAgBpF,uCAClBX,oBAAoBC,IACpB0F,SAASI,oBAAgB/D,+BAAW2D,QAAQI,eAAe,QAAA,IAAYtC,MAAAA;AAEzE,MAAIsC,cAAc7B,WAAW,IAAA,GAAO;AAClC6B,oBAAgBA,cAAcC,UAAU,CAAA;EAC1C;AACA,MAAI,CAACD,iBAAiBA,cAAc7F,WAAW,IAAI;AACjD,UAAM,IAAIW,MAAM,+CAAA;EAClB;AACA,QAAMoF,gBAAgB,MAAMC,uBAAuB;IAAEhF,KAAK;MAAE,GAAGyE;MAASI;IAAc;IAAGjF,MAAM8E;IAASC;EAAI,CAAA;AAE5G,MAAID,YAAY,aAAa;AAC3BK,kBAAcE,OAAO;MACnB,GAAGF,cAAcE;MACjBC,MAAM;QACJC,UAAU;QACVP;MACF;IACF;EACF;AACA,SAAOG;AACT,GAhCwC;AAkCjC,IAAMC,yBAAyB,8BAAOjF,SAAAA;AAC3C,QAAM,EAAEC,KAAK2E,IAAG,IAAK5E;AACrB,QAAMqF,uBAAsD;IAAE,GAAGpF;EAAI;AACrE,QAAMJ,OAAOG,KAAKC,KAAKJ,QAAQG,KAAKH;AACpCwF,uBAAqBT,MAAMA;AAC3BS,uBAAqBxF,OAAOA;AAC5B,MAAI,CAACwF,qBAAqBP,eAAe;AACvC,UAAMlF,MAAM,4CAA4C;EAC1D;AAEAyF,uBAAqBH,OAAO;IAC1BI,UAAUC,iBAAiB;MAAEtF;IAAI,CAAA,KAAMuF,YAAY;MAAEvF;MAAKJ;IAAK,CAAA;IAC/D4F,mBAAeC,kDAA6B;MAC1CzF,KAAKoF;MACLM,iBAAiB;IACnB,CAAA;EACF;AACA,SAAON;AACT,GAlBsC;AAoB/B,IAAME,mBAAmB,wBAACvF,SAAAA;AAC/B,QAAM,EAAEC,IAAG,IAAKD;AAChB,MAAIC,KAAKqF,YAAYrF,IAAIqF,SAASrG,SAAS,GAAG;AAC5C,YAAQgB,IAAIJ,MAAI;MACd,KAAK,aAAa;AAChB,YAAII,KAAKqF,YAAYrF,IAAIqF,SAASrG,SAAS,KAAKgB,IAAIqF,UAAUM,SAASC,qBAAqBC,oBAAoB,GAAG;AACjH,iBAAO7F,IAAIqF;QACb;AACA,cAAM,IAAI1F,MAAM,iCAAiCiG,qBAAqBC,oBAAoB,UAAU;MACtG;MACA,KAAK,aAAa;AAChB,YACE7F,KAAKqF,YACLrF,IAAIqF,SAASrG,SAAS,KACtBgB,IAAIqF,SAASM,SAASC,qBAAqBE,eAAe,KAC1D9F,IAAIqF,SAASM,SAASC,qBAAqBG,cAAc,GACzD;AACA,iBAAO/F,IAAIqF;QACb;AACA,cAAM,IAAI1F,MACR,gCAAgC;UAACiG,qBAAqBE;UAAiBF,qBAAqBG;UAAgBC,KAAK,IAAA,CAAA,WAAgB;MAErI;MACA;AACE,cAAM,IAAIrG,MAAM,yBAAyBK,IAAIJ,IAAI,EAAE;IACvD;EACF;AACA,SAAOI,KAAKqF;AACd,GA5BgC;AA8BzB,IAAME,cAAc,wBAACxF,SAAAA;AAC1B,QAAM,EAAEC,KAAKJ,KAAI,IAAKG;AACtB,MAAI,CAACC,KAAKqF,YAAYrF,IAAIqF,SAASrG,WAAW,GAAG;AAC/C,YAAQY,MAAAA;MACN,KAAK;AACH,eAAO;UAACgG,qBAAqBC;;MAC/B,KAAK;AACH,eAAO;UAACD,qBAAqBE;UAAiBF,qBAAqBG;;MACrE;AACE,cAAM,IAAIpG,MAAM,yBAAyBK,KAAKJ,IAAAA,EAAM;IACxD;EACF;AACA,SAAOI,IAAIqF;AACb,GAb2B;AAepB,IAAMY,cAAc,6BAAA;AACzB,SAAOC,KAAKC,MAAMD,KAAKE,OAAM,IAAKnD,OAAOoD,gBAAgB;AAC3D,GAF2B;AAIpB,IAAMC,wBAAwB,8BAAOvG,MAA2B+B,YAAAA;AACrE,QAAM,EACJyE,iBACAC,YAAYN,KAAKC,MAAMM,KAAKC,IAAG,IAAK,MAAO,EAAA,GAC3CC,WAAWT,KAAKC,MAAMM,KAAKC,IAAG,IAAK,MAAO,KAAK,MAAM,KAAK,KAAK,EAAA,GAC/DE,cACAC,WAAU,IACR9G;AACJ,QAAM,EAAE+G,UAAUC,aAAa/F,aAAagG,iBAAgB,IAAKT;AACjE,QAAM3B,oBAAgBqC,sCAAiB;IAAEJ;EAAW,CAAA;AACpD,QAAMK,gBAAYC,6BAAQ;IAAEN;IAAYnC,SAAS;EAAY,CAAA,IAAK,CAAA;AAClE,MAAI,EAAE0C,sBAAsBC,mCAAkC,IAAKd;AAEnE,MAAI,CAAC3B,iBAAiB,CAACsC,WAAW;AAChC,WAAOI,QAAQC,OAAO,yEAAyEV,UAAAA,EAAY;EAC7G;AACA,QAAMpD,WAAO+D,+CAA0B;IAAExH,KAAK4E;EAAc,CAAA;AAC5D,MAAI,CAACnB,MAAM;AACT,WAAO6D,QAAQC,OAAO5H,MAAM,wCAAwCiF,cAAczE,YAAY,EAAE,CAAA;EAClG;AACA,QAAMsH,MAAMZ,WAAWY;AACvB,QAAMxF,MAAM2C,cAAc3C;AAC1B,QAAMyF,SAAS;IAAEb;IAAY5E;EAAI;AACjC,MAAIqC,QAAQvE,KAAKuE,SAAS2B,YAAAA;AAC1B,QAAM/D,UAAU;IACdlB;IACA5B,SAAS;EACX;AAEA,QAAMuI,UAAU5H,KAAKwG,gBAAgBoB,WAAW,GAAGb,QAAAA,0BAAkCc,mBAAmBf,WAAWY,GAAG,CAAA;AAEtH,MAAI,CAACL,sBAAsB;AACzBS,YAAQC,IAAI,iDAAiD;AAC7D,UAAMC,gBAAgB,MAAMjG,QAAQsB,MAAM4E,oCAAoC;MAC5EhB;MACAU;MACAO,SAAS;QAAC;;MACVnB;MACAC;MACAmB,gBAAgB;MAChBC,mBAAmB;QAAEC,KAAKtB;QAAUuB,mBAAmBC,+CAAwBC;QAAgBZ;MAAQ;IACzG,CAAA;AACA,UAAMa,oBAAoB,MAAM1G,QAAQsB,MAAMqF,mBAAmB;MAC/D3B;MACAiB;MACAW,MAAM;QAAEC,SAAS;MAAQ;IAC3B,CAAA;AACAvB,2BAAuBoB,kBAAkBI,YAAY,CAAA,EAAGC;AACxDhB,YAAQC,IAAI,mCAAmCV,oBAAAA;EACjD;AAEA,QAAM0B,+BAA+B,MAAMhH,QAAQsB,MAAM2F,mBAAmB;IAC1EC,gBAAgB3B;IAChB4B,uBAAuB7B;IACvBO;IACAuB,OAAO;IACPxB;IACAX;IACAC;IACAF;IACA9F;IACAmI,mBAAmB;EACrB,CAAA;AAEA,QAAMC,sBAAsB;IAC1BrF,QAAQ;MACN;QACEN;QACAgE;QACAb,cAAcA,gBAAgByC;QAC9BC,eAAWC,4CAAuB;UAAEjJ,SAAKC,2BAAMqE,cAAczE,cAAc,WAAA;QAAa,CAAA;QACxFqJ,aAAa;QACbC,WAAW3J,oBAAoB;UAAEE,KAAK4E;UAAehF,MAAM;QAAY,CAAA;QACvE4G;QACAG;MACF;;IAEFxC,WAAWC,cAAcsF;IACzBpF;IACApC;IACAF,aAAa8G,6BAA6Ba,oBAAoBC;EAChE;AAEA,QAAMC,uBAAuB,MAAMhI,2BACjC;IACEE,YAAYqH;IACZnH;IACAD,aAAa8G,6BAA6Ba,oBAAoBC;IAC9D1H;EACF,GACAJ,OAAAA;AAGF,MAAIgI,aAAa,MAAMC,6BAA6B;IAClDtC;IACA,GAAGvF;IACH8H,aAAa;IACbC,iBAAiB;IACjBC,eAAe;IACfC,2BAA2B;EAC7B,CAAA;AACA,MAAI,CAACL,WAAWM,aAAa;AAC3B,UAAMzK,MAAM,OAAO8H,GAAAA,uCAA0CvF,QAAQlB,WAAW,gBAAgB;EAClG;AACAW,SAAOC,MAAM,iBAAiB6F,GAAAA,eAAkBvF,QAAQlB,WAAW,SAAS8I,WAAWO,gBAAgB,GAAA,eAAmBP,WAAWQ,KAAK,QAAQ;AAGlJ5C,SAAOzF,UAAMwD,kDAA6B;IAAEzF,KAAK4E;EAAc,CAAA;AAE/D,QAAM2F,2BAA2B,MAAMzI,QAAQsB,MAAM2F,mBAAmB;IACtEC,gBAAgB3B;;IAEhBM;IACAuB,OAAO;IACPxB;IACAX;IACAC,kBAAkBzE;IAClBuE;IACA9F;IACAmI,mBAAmB;EACrB,CAAA;AAEA,QAAMG,gBAAYC,4CAAuB;IAAEjJ,SAAKC,2BAAM2G,UAAU/G,cAAc,WAAA;EAAa,CAAA;AAC3F,QAAMsJ,YAAY3J,oBAAoB;IAAEE,KAAKkH;IAAWtH,MAAM;EAAY,CAAA;AAC1E,QAAM4K,+BAA+B;IACnCzG,QAAQ;MACN;QACEN;QACAgE;QACA+B,aAAa;QACbF;QACAG;MACF;;IAEFtF,WAAWC,cAAcqG;IACzBnG;IACApC;IACAF,aAAauI,yBAAyBZ,oBAAoBC;EAC5D;AAEA,QAAMc,gCAAgC,MAAM7I,2BAC1C;IACEE,YAAYyI;IACZrI,oBAAoB0H;IACpB5H;IACAD,aAAauI,yBAAyBZ,oBAAoBC;IAC1D1H;EACF,GACAJ,OAAAA;AAKF,QAAMU,KAAK,GAAA;AAEX,QAAMmI,wCAAwC;IAC5C5G,QAAQ;MACN;QACEN;QACAgE;QACA6B;QACAsB,MAAM;QACNjE;QACAH;MACF;;IAEFrC,WAAWC,cAAcyG;IACzBvG;IACApC;IACAF,aAAauI,yBAAyBZ,oBAAoBC;EAC5D;AAEA,QAAMkB,yCAAyC,MAAMjJ,2BACnD;IACEE,YAAY4I;IACZxI,oBAAoBuI;IACpBzI;IACAD,aAAauI,yBAAyBZ,oBAAoBC;IAC1D1H;EACF,GACAJ,OAAAA;AAGFgI,eAAa,MAAMC,6BAA6B;IAC9CtC;IACA,GAAGvF;IACH8H,aAAa;IACbE,eAAe;IACfC,2BAA2B;IAC3BY,iBAAiB;MAAEC,iBAAiB;QAAC,GAAGvD,GAAAA,IAAO6B,SAAAA;;IAAa;EAC9D,CAAA;AACA,MAAI,CAACQ,WAAWM,aAAa;AAC3B,UAAMzK,MAAM,OAAO8H,GAAAA,uBAA0B6B,SAAAA,uCAAgDpH,QAAQlB,WAAW,gBAAgB;EAClI;AACAW,SAAOC,MACL,6BAA6B0H,SAAAA,YAAqB7B,GAAAA,eAAkBvF,QAAQlB,WAAW,SAAS8I,WAAWO,gBAAgB,GAAA,eAAmBP,WAAWQ,KAAK,QAAQ;AAGxK,QAAMW,uCAAuC;IAC3ClH,QAAQ;MACN;QACEN;QACAgE;QACA6B;QACAsB,MAAM;QACNjE;QACAH;MACF;;IAEFrC,WAAWC,cAAcyG;IACzBvG;IACApC;IACAF,aAAauI,yBAAyBZ,oBAAoBC;EAC5D;AAEA,QAAMsB,wCAAwC,MAAMrJ,2BAClD;IACEE,YAAYkJ;IACZ9I,oBAAoB2I;IACpB7I;IACAD,aAAauI,yBAAyBZ,oBAAoBC;IAC1D1H;EACF,GACAJ,OAAAA;AAGF,SAAO;IACL+E;IACAsE,cAActB;IACduB,uBAAuBV;IACvBW,+BAA+BH;IAC/BI,gCAAgCR;EAClC;AACF,GAzOqC;;;AD5QrC,kBAAmB;AACnB,IAAAS,kBAA8B;AAEvB,IAAMC,qBAAoC;EAC/C;EACA;EACA;EACA;EACA;EACA;EACA;;AAGK,IAAMC,cAAN,MAAMA;EAzCb,OAyCaA;;;EACFC,SAASA,OAAOC;EAChBC,UAAwB;IAC/BC,uBAAuB,KAAKA,sBAAsBC,KAAK,IAAI;IAC3DC,uBAAuB,KAAKA,sBAAsBD,KAAK,IAAI;IAC3DE,6BAA6B,KAAKA,4BAA4BF,KAAK,IAAI;IACvEG,+BAA+B,KAAKA,8BAA8BH,KAAK,IAAI;IAC3EI,oBAAoB,KAAKA,mBAAmBJ,KAAK,IAAI;IACrDK,qCAAqCA,oCAAoCL,KAAK,IAAI;IAClFM,oBAAoBA,mBAAmBN,KAAK,IAAI;EAClD;EAEA,MAAcD,sBAAsBQ,MAA2BC,SAAiE;AAC9H,WAAO,MAAMC,sBAA8BF,MAAMC,OAAAA;EACnD;EAEA,MAAcP,sBAAsBM,MAA8D;AAChG,UAAMG,MAAMC,2BAA2BJ,IAAAA;AACvC,WAAO,OACL,UAAMK,oBAAAA,SAAMF,KAAK;MACfG,QAAQ;MACRC,SAAS;QACPC,QAAQ;MACV;IACF,CAAA,GACAC,KAAI;EACR;EAEA,MAAcd,4BAA4BK,MAAwE;AAChH,UAAMU,oBAAwC,MAAM,KAAKhB,sBAAsB;MAC7E,GAAGM;MACHW,MAAM;IACR,CAAA;AACA,WAAO,OACL,UAAMN,oBAAAA,SAAM,GAAGK,kBAAkBE,QAAQ,IAAI;MAC3CN,QAAQ;MACRC,SAAS;QACPC,QAAQ;MACV;IACF,CAAA,GACAC,KAAI;EACR;EAEA,MAAcb,8BAA8BI,MAAiF;AAC3H,UAAM,EAAEa,OAAOC,SAASC,eAAc,IAAKf;AAC3C,UAAMU,oBACJK,kBACC,MAAM,KAAKrB,sBAAsB;MAChC,GAAGoB;MACHH,MAAM;MACNK,QAAQF,SAASG,OAAO,kBAAkBH,SAASE;MACnDE,SAASJ,SAASI,WAAW;IAC/B,CAAA;AACF,WAAQ,OACN,UAAMb,oBAAAA,SAAM,GAAGK,kBAAkBS,gCAAgC,mBAAmBN,KAAAA,IAAS;MAC3FP,QAAQ;MACRC,SAAS;QACPC,QAAQ;MACV;IACF,CAAA,GACAC,KAAI;EACR;EAEA,MAAcZ,mBAAmBG,MAAkCC,SAA0D;AAC3H,UAAM,EAAEY,OAAOO,QAAQC,SAASC,UAAUC,0BAA0BC,aAAaC,aAAaC,oBAAoB,MAAK,IAAK1B;AAC5H,UAAM2B,aAAa,MAAM1B,QAAQ2B,MAAMC,0BAA0BT,MAAAA;AACjEU,YAAQC,IAAI,4BAA4BJ,WAAWK,GAAG,WAAWnB,KAAAA,iBAAsBS,QAAAA,uBAA+BI,iBAAAA,KAAsB;AAC5I,UAAMX,iBAAiB,MAAM,KAAKrB,sBAAsB;MACtD+B;MACAP,SAAS;MACTD,MAAMgB;MACNjB,QAAQ;MACRL,MAAM;IACR,CAAA;AACA,UAAMuB,qBAAqB,MAAM,KAAKtC,8BAA8B;MAClE,GAAGI;MACHe;MACAD,SAAS;QAAEW;QAAaP,SAAS;QAAMP,MAAM;MAAuB;IACtE,CAAA;AACA,UAAMwB,sBAAsBD,mBAAmBE,kBAAkBC,SAAS;AAC1EP,YAAQC,IAAI,eAAeG,kBAAAA;AAE3B,QAAI,CAACC,qBAAqB;AAGxBL,cAAQQ,KAAK,0CAA0CzB,KAAAA,EAAO;IAChE;AAEA,QAAI0B,wBAAwBvC,KAAKuC;AAEjC,QAAIJ,uBAAuB,CAACI,uBAAuB;AACjD,UAAIhB,4BAA4BA,yBAAyBc,SAAS,GAAG;AACnE,cAAMG,YAAY,MAAMvC,QAAQ2B,MAAMa,+BAA+B;UACnEC,wBAAwBR;UACxBS,sBAAsB;YAAEC,gBAAgB5C,KAAK4C;YAAgBC,uBAAuBtB;UAAyB;QAC/G,CAAA;AACA,YAAIiB,UAAUM,oBAAoBT,SAAS,GAAG;AAC5C,gBAAMU,WAAWP,UAAUM,oBACxBE,IAAI,CAACC,SAASC,mCAAiBC,oBAAoBF,MAAM;YAAEG,QAAQC;UAAc,CAAA,CAAA,EACjFC,OAAO,CAACL,SAAAA;AACP,gBAAI,CAACA,KAAKM,gBAAgB;AACxB,qBAAON;YACT,WAAW,IAAIO,KAAKP,KAAKM,cAAc,EAAGE,QAAO,KAAMD,KAAKE,IAAG,GAAI;AACjE,qBAAOT;YACT;AACA,mBAAOhB;UACT,CAAA,EACCqB,OAAO,CAACL,SAAS,CAAC,CAACA,IAAAA;AACtB,cAAIF,SAASV,SAAS,GAAG;AACvBE,oCAAwBQ,SAAS,CAAA;UACnC;QACF;MACF;AACA,UAAI,CAACR,uBAAuB;AAC1BT,gBAAQC,IAAI,kFAAkF;AAC9F,cAAM4B,mBAAmB3D,KAAK2D,oBAAoBC,kBAAkB;UAAEnC;QAAY,CAAA;AAClF,cAAMoC,gBAAgB,MAAM5D,QAAQ2B,MAAM9B,oCAAoC;UAC5E6D;UACAvC;UACA0C,SAAS;YAAC;;UACVxC;UACAE;UACAuC,mBAAmB;YACjBC,KAAK1C;YACL2C,mBAAmBC,+CAAwBC;YAC3C9C;UACF;UACA+C,gBAAgB;QAClB,CAAA;AACA,cAAMC,oBAAoB,MAAMpE,QAAQ2B,MAAM7B,mBAAmB;UAC/D8D;UACAvC;UACAgD,MAAM;YAAEC,SAAS;UAAO;QAC1B,CAAA;AAEAhC,gCAAwB8B,kBAAkBG,YAAY,CAAA,EAAIC;MAC5D;IACF;AAuCA,UAAMC,yBAAyB;MAAEC,QAAIC,gBAAAA;MAAMC,eAAe3C,mBAAmByC;MAAIG,gBAAgB,CAAA;IAAG;AAMpGhD,YAAQC,IAAI,2BAA2B2C,sBAAAA;AACvC,UAAMK,mBAAmB;MACvBC,YAAY;;MAEZC,UAAU;MACVpE;MACAqE,yBAAyBR;MACzB5D,SAAS;QAAEW;QAAaP,SAAS;MAAK;MACtCH;IACF;AAEAe,YAAQC,IAAI;EAA4BoD,KAAKC,UAAUL,gBAAAA,CAAAA,EAAmB;AAC1E,UAAMM,sBAAsB,MAAM,KAAKC,eAAeP,gBAAAA;AAEtDjD,YAAQC,IAAI;EAA6BoD,KAAKC,UAAUC,mBAAAA,CAAAA,EAAsB;AAC9E,QAAI,EAAE,kBAAkBA,sBAAsB;AAC5C,YAAME,MAAM,mBAAmBJ,KAAKC,UAAUC,mBAAAA,CAAAA,EAAsB;IACtE;AAEA,WAAO;MACLA;;MAEAxE;;MAEAc;IACF;EACF;EAEA,MAAc2D,eAAetF,MAA2D;AACtF,UAAM,EAAEgF,aAAa,YAAYnE,OAAOoE,UAAUC,yBAAyBpE,SAASC,eAAc,IAAKf;AACvG,UAAMU,oBACJK,kBACC,MAAM,KAAKrB,sBAAsB;MAChC,GAAGoB;MACHH,MAAM;IACR,CAAA;AACF,UAAM6E,UAAU;MACdR;MACAnE,OAAO,UAAUA,KAAAA;MACjBoE;MACAC,yBAAyBC,KAAKC,UAAUF,uBAAAA;IAC1C;AACA,WAAO,OACL,UAAM7E,oBAAAA,SAAM,GAAGK,kBAAkB+E,cAAc,IAAI;MACjDnF,QAAQ;MACRC,SAAS;QACPmF,aAAa;QACblF,QAAQ;MACV;MACAmF,MAAM,IAAIC,gBAAgBJ,OAAAA;IAC5B,CAAA,GACA/E,KAAI;EACR;AACF;;;AQrPO,IAAKoF,YAAAA,0BAAAA,YAAAA;;SAAAA;;;;AC/BZ,IAAAC,sBAA4D;AAC5D,IAAAA,sBAA4E;AAG5E,yBAA2C;AAC3C,mBAAkB;AAYlB,IAAMC,YAAQC,aAAAA,SAAM,4BAAA;AAEb,IAAMC,kBAAN,MAAMA,yBAAwBC,8CAAAA;EAnBrC,OAmBqCA;;;EACnC,OAAgBC,WAAW;EACVC;EACAC;EAEjB,YAAYC,SAAqD;AAC/D,UAAK;AACL,SAAKF,aAAaE,QAAQF;AAC1B,SAAKC,UAAUC,QAAQD;EACzB;EAEA,MAAME,iBAAiBC,MAA6BC,SAAmE;AACrH,UAAM,EAAEC,MAAMJ,SAASK,MAAM,KAAKP,YAAYQ,MAAK,IAAKJ;AACxD,UAAM,EACJK,WACAC,UACAC,cACAC,cACAC,MACAC,iBACAC,yBAAyB,CAAC,CAACX,KAAKF,SAASY,iBACzCE,mBAAmBC,6BAA6BC,oBAAoBC,EAAE,GACtEC,cACAC,SAAQ,IACN;MAAE,GAAGnB;IAAQ;AAEjB,QAAIa,0BAA0B,CAACD,iBAAiB;AAC9C,YAAM,IAAIQ,MAAM,mEAAA;IAClB;AACA,UAAMC,QAAQrB,SAASqB,SAASC,YAAAA;AAEhC,QAAIlB,SAASY,oBAAoBO,KAAK;AACpC,aAAOC,QAAQC,OAAOL,MAAM,QAAQhB,IAAAA,gGAAoG,CAAA;IAC1I,WAAW,CAACC,KAAK;AACf,aAAOmB,QAAQC,OAAOL,MAAM,uBAAuB,CAAA;IACrD,WAAWT,QAAQA,KAAKe,SAAS,KAAK,CAACb,wBAAwB;AAC7D,aAAOW,QAAQC,OAAOL,MAAM,+GAA+G,CAAA;IAC7I;AAGA,UAAMO,qBAAqB,MAAMC,yBAC/B;MACEC,SAASpB;MACTqB,SAAS;MACTzB;MACA0B,eAAe;IACjB,GACA5B,OAAAA;AAEF,UAAM6B,0BAA0B,MAAM7B,QAAQ8B,MAAMC,iBAAiBP,kBAAAA;AAGrE,UAAMQ,qBAAqB,MAAMP,yBAC/B;MACEC,SAASnB;MACToB,SAAS;MACTzB;IACF,GACAF,OAAAA;AAGF,UAAMiC,0BAA0B,MAAMjC,QAAQ8B,MAAMC,iBAAiBC,kBAAAA;AAErE,UAAME,aAA0B;MAC9BC,KAAKtC,QAAQsC,OAAOtC,QAAQsC,IAAIC,WAAW,WAAA,IAAevC,QAAQsC,MAAM,GAAGtB,oBAAoBC,GAAGuB,MAAM,GAAG1B,gBAAAA;MAC3G2B,iBAAiBT,wBAAwBU;MACzC/B,MAAM;QAACqB;QAAyBI;;MAChC9B;MACAa,UAAUA,YAAY,CAAA;MACtBwB,UAAUhD,iBAAgBE;IAC5B;AAEA,UAAME,UAAU;MAAE,GAAG,KAAKA;IAAQ;AAClC,QAAI,CAACA,QAAQ6C,aAAa;AACxB7C,cAAQ6C,cAAchC,iBAAiBgC,eAAe;IACxD;AACA,QAAI,CAAC7C,QAAQ8C,SAAS;AACpB9C,cAAQ8C,UAAU;IACpB;AAEA,QAAIhC,wBAAwB;AAE1B,YAAMiC,sBACJ;QACET;QACAnB;QACAN;QACAS;QACAd;QACAC;MACF,GACAL,OAAAA;AAEF,UAAIQ,QAAQA,KAAKe,SAAS,GAAG;AAC3B,mBAAWG,WAAWlB,MAAM;AAC1B,gBAAMoC,MAAM,MAAMnB,yBAChB;YACEC;YACAC,SAASD,QAAQzB,QAAQ;YACzBC;UACF,GACAF,OAAAA;AAEF,gBAAM6C,iBAAiB,MAAM7C,QAAQ8B,MAAMC,iBAAiBa,GAAAA;AAC5DE,kBAAQC,KAAK,wCAAwCF,cAAAA;QACvD;MACF;IACF;AAEAvD,UAAM,WAAW4C,WAAWC,GAAG;AAC/B,WAAOD;EACT;EAEA,MAAMc,OACJjD,MAUAC,SACc;AACd,UAAM,EAAEkC,YAAYU,KAAK/C,QAAO,IAAKE;AACrC,UAAM,EAAEkD,aAAaC,iBAAiBtD,SAASsB,QAAQC,YAAAA,EAAa,IAAKtB;AACzE,QAAIqD,gBAAgB3B,WAAW,GAAG;AAChC,aAAOF,QAAQC,OAAOL,MAAM,8CAA8C,CAAA;IAC5E;AACA,UAAMW,oBAAgBuB,sCAAiB;MAAEjB;IAAW,CAAA;AACpD,UAAMkB,WAAOC,+CAA0B;MAAET,KAAKhB;IAAc,CAAA;AAC5D,UAAMW,MAAMX,cAAcW;AAC1B,UAAMJ,MAAMD,WAAWC;AAEvB,UAAMmB,+BAA+B;MACnCC,QAAQ;QACN;UACEH;UACAjB;UACAqB,aAAa;UACbC,eAAWC,4CAAuB;YAAEC,SAAKC,2BAAMhB,IAAIiB,cAAcjB,IAAI3C,IAAI;UAAE,CAAA;UAC3E6D,WAAWC,oBAAoB;YAAEnB;YAAU3C,MAAM2C,IAAI3C;UAAK,CAAA;QAC5D;;MAEF+D,WAAWC,cAAcC;MACzBhD;MACAtB;MACAqD;IACF;AAEA,QAAIkB,cAAc,MAAMC,2BACtB;MACEC,YAAYf;MACZf;MACAU;MACArD;IACF,GACAI,OAAAA;AAGF,UAAMyD,gBAAYa,kDAA6B;MAAE1B;IAAI,CAAA;AACrD,eAAW2B,sBAAsBrB,iBAA6B;AAC5D,YAAMsB,2CAA2C;QAC/CjB,QAAQ;UACN;YACEH;YACAjB;YACAsB;YACAgB,MAAMF;YACNlE,UAAUqE,KAAKC,IAAG,IAAK,MAAO;YAC9BvE,WAAWsE,KAAKC,IAAG,IAAK,MAAO,IAAI,MAAM,KAAK,KAAK;UACrD;;QAEFX,WAAWC,cAAcW;QACzB1D;QACAtB;QACAqD;MACF;AACAkB,oBAAc,MAAMC,2BAClB;QACEC,YAAYG;QACZK,oBAAoBV;QACpB5B;QACAU;QACArD;MACF,GACAI,OAAAA;IAEJ;EACF;EAEA,MAAM8E,WACJ/E,MASAC,SACc;AACd,UAAM,EAAEkC,YAAY6C,SAASlF,QAAO,IAAKE;AACzC,UAAM,EAAEkD,aAAarD,SAASsB,QAAQC,YAAAA,EAAa,IAAKtB;AACxD,UAAM+B,oBAAgBuB,sCAAiB;MAAEjB;IAAW,CAAA;AACpD,UAAMkB,WAAOC,+CAA0B;MAAET,KAAKhB;IAAc,CAAA;AAC5D,UAAMO,MAAMD,WAAWC;AACvB,UAAMI,MAAMX,cAAcW;AAE1B,UAAMyC,oBAAoB;MACxBzB,QAAQ;QACN;UACEH;UACAjB;UACA4C;QACF;;MAEFf,WAAWC,cAAcgB;MACzB/D;MACAtB;MACAqD;IACF;AAEA,WAAO,MAAMmB,2BACX;MACEC,YAAYW;MACZzC;MACAU;MACArD;IACF,GACAI,OAAAA;EAEJ;EAEAkF,iBAAiBnF,MAAmBC,SAAuD;AACzF,WAAOqB,QAAQ8D,QAAQ,IAAA;EACzB;EAEAC,UACErF,MAKAC,SACc;AACd,UAAM,IAAIiB,MAAM,iDAAiD;EACnE;EAEAoE,cACEtF,MAKAC,SACc;AACd,UAAM,IAAIiB,MAAM,iDAAiD;EACnE;;EAGA,MAAMqE,iBAAiBvF,MAA8BC,SAAyE;AAC5H,UAAM,IAAIiB,MAAM,iDAAiD;EACnE;AACF;;;AC9RA,0BAAwG;AACxG,IAAAsE,sBAA4B;AAE5B,IAAMC,iBAA8B,8BAClCC,QACAC,SACAC,WACAC,YAAAA;AAEA,QAAMC,WAAW,IAAIC,6BAAS;IAAE,OAAGC,iCAAAA;EAAc,CAAA;AACjD,SAAOF,SAASG,QAAQP,QAAQG,OAAAA;AAClC,GARoC;AAU7B,SAASK,qBAAAA;AACd,SAAO;IAAEC,KAAKV;EAAe;AAC/B;AAFgBS;;;AXXT,IAAME,SAASC,0BAAQC,QAAQC,QAAQ,yBAAyB;EACrEC,iBAAiBC,2BAASC;EAC1BC,SAAS;IAACC,4BAAUC;IAASD,4BAAUE;;AACzC,CAAA,EAAGC,IAAI,uBAAA;AACP,IAAMC,SAASC;","names":["module","import_ssi_types","import_oid4vci_common","import_ssi_types","import_cross_fetch","import_oid4vci_common","import_ssi_sdk_ext","import_oid4vci_common","import_ssi_sdk_ext","import_ssi_sdk","import_ssi_sdk","addContactCallback","context","oid4vciMachine","state","serverMetadata","hasContactConsent","contactAlias","Promise","reject","Error","issuerUrl","URL","issuer","correlationId","protocol","hostname","issuerName","getIssuerName","credentialIssuerMetadata","party","contact","displayName","legalName","partyType","id","origin","PartyOrigin","EXTERNAL","type","PartyTypeType","ORGANIZATION","name","tenantId","uri","identities","alias","roles","CredentialRole","ISSUER","IdentityOrigin","identifier","CorrelationIdentifierType","connection","ConnectionType","OPENID_CONNECT","config","clientId","clientSecret","scopes","redirectUrl","dangerouslyAllowInsecureHttpRequests","clientAuthMethod","onCreate","contacts","agent","cmGetContacts","filter","length","cmAddContact","contactType","send","OID4VCIMachineEvents","CREATE_CONTACT","data","onConsentChange","hasConsent","SET_CONTACT_CONSENT","onAliasChange","SET_CONTACT_ALIAS","startsWith","replace","toString","handleErrorCallback","console","error","event","logger","trace","selectCredentialsCallback","credentialToSelectFrom","selectedCredentials","info","join","NEXT","onSelectType","log","SET_SELECTED_CREDENTIALS","map","sel","credentialId","authorizationCodeUrlCallback","authReqResult","vpLinkHandler","url","authorizationCodeURL","onOpenAuthorizationUrl","INVOKED_AUTHORIZATION_CODE_REQUEST","response","fetch","redirect","status","openidUri","headers","get","undefined","includes","decoded","decodeUriAsJson","error_description","JSON","stringify","text","kid","authKey","meta","jwkThumbprint","did","handle","idOpts","kmsKeyRef","reviewCredentialsCallback","credentialsToAccept","siopDoneCallback","oid4vpMachine","authorizationResponseData","queryParams","code","interpreter","PROVIDE_AUTHORIZATION_CODE_RESPONSE","ebsiCreateAttestationAuthRequestURL","clientId","clientIdArg","credentialIssuer","credentialType","idOpts","redirectUri","requestObjectOpts","formats","context","logger","info","resolution","agent","identifierManagedGetByDid","identifier","provider","Error","did","authKey","getAuthenticationKey","offlineWhenNoDIDRegistered","noVerificationMethodFallback","keyType","kid","meta","jwkThumbprint","calculateJwkThumbprintForKey","key","vciClient","OpenID4VCIClient","fromCredentialIssuer","createAuthorizationRequestURL","retrieveServerMetadata","allMatches","arrayMatches","Array","isArray","Object","entries","map","id","supported","supportedConfigurations","filter","getTypesFromCredentialSupported","filterVerifiableCredential","includes","format","length","join","authorizationDetails","credential_configuration_id","type","credential_identifiers","signCallbacks","signCallback","authorizationRequestOpts","authorizationCodeURL","createAuthorizationRequestUrl","authorizationRequest","jwaAlg","signatureAlgorithmFromKey","Alg","Promise","reject","alg","requestData","flowType","AuthzFlowType","AUTHORIZATION_CODE_FLOW","uri","existingClientState","JSON","parse","exportState","accessTokenOpts","clientOpts","clientAssertionType","didMethodPreferences","SupportedDidMethodEnum","DID_EBSI","DID_KEY","ebsiGetAttestationInterpreter","authReqResult","vciStateCallbacks","Map","vpStateCallbacks","oid4vciMachine","oid4vciHolderGetMachineInterpreter","issuanceOpt","supportedPreferredDidMethod","stateNavigationListener","OID4VCICallbackStateListener","vpLinkHandler","Siopv2OID4VPLinkHandler","protocols","noStateMachinePersistence","OID4VPCallbackStateListener","set","Siopv2MachineStates","done","siopDoneCallback","handleError","handleErrorCallback","error","OID4VCIMachineStates","addContact","addContactCallback","selectCredentials","selectCredentialsCallback","initiateAuthorizationRequest","authorizationCodeUrlCallback","reviewCredentials","reviewCredentialsCallback","interpreter","ebsiGetAttestation","opts","timeout","agentContext","state","waitFor","start","matches","contactAlias","contact","credentialBranding","credentialsToAccept","stringify","result","identifierManagedGet","credentials","getEbsiApiBaseUrl","environment","version","system","wait","timeoutInMS","Promise","resolve","setTimeout","import_cross_fetch","ebsiGetDidDocument","args","params","apiOpts","did","validAt","Error","query","response","fetch","ebsiGetRegistryAPIUrls","textBody","text","json","startsWith","JSON","parse","undefined","status","Promise","reject","ebsiWaitTillDocumentAnchored","startIntervalMS","minIntervalMS","decreaseIntervalMSPerStep","maxWaitTime","version","environment","searchForObject","interval","totalWaitTime","didDocument","count","logCalback","logger","debug","didDocAsStr","stringify","search","found","includes","substring","length","e","wait","Math","max","ebsiListDidDocuments","offset","size","controller","queryParams","push","filter","Boolean","join","import_cross_fetch","EBSI_DID_SPEC_INFOS","V1","type","method","version","didLength","privateKeyLength","KEY","EbsiPublicKeyPurpose","JSON_RPC_VERSION","BASE_CONTEXT_DOC","JSON","stringify","EbsiRpcMethod","callRpcMethod","args","callRpcMethodImpl","retries","params","rpcId","accessToken","rpcMethod","apiOpts","doNotThrowErrors","options","buildFetchOptions","logger","debug","JSON","stringify","rpcResponse","fetch","ebsiGetRegistryAPIUrls","mutate","json","result","error","undefined","message","includes","randomRpcId","Error","warning","wait","fetchReq","method","headers","Authorization","body","jsonrpc","JSON_RPC_VERSION","id","generateEbsiMethodSpecificId","specInfo","spec","EBSI_DID_SPEC_INFOS","V1","length","didLength","result","Uint8Array","version","set","randomBytes","base58btc","encode","generateOrUseProvidedEbsiPrivateKeyHex","privateKeyBytes","Error","type","toString","formatEbsiPublicKey","args","key","bytes","getBytes","publicKeyHex","SigningKey","computePublicKey","jwk","toJwk","use","JwkKeyUse","Signature","jwkString","JSON","stringify","fromString","ebsiGetIssuerMock","environment","getEbsiApiBaseUrl","system","ebsiGetAuthorisationServer","ebsiGetRegistryAPIUrls","baseUrl","mutate","query","determineWellknownEndpoint","mock","url","logger","debug","ebsiSignAndSendTransaction","context","rpcRequest","accessToken","kid","apiOpts","previousTxResponse","unsignedTxResponse","callRpcMethod","nonce","undefined","wait","error","message","unsignedTx","agentUnsignedTx","parse","chainId","toLowerCase","startsWith","Number","parseInt","signedRawTx","agent","keyManagerSignEthTX","transaction","sig","Transaction","from","signature","r","s","v","sTResponse","params","protocol","unsignedTransaction","signedRawTransaction","rpcMethod","EbsiRpcMethod","SEND_SIGNED_TRANSACTION","rpcId","id","ebsiGenerateOrUseKeyPair","keyOpts","keyType","kms","controllerKey","privateKeyHex","substring","importableKey","toMinimalImportableKey","meta","ebsi","anchored","minimalImportableKey","purposes","assertedPurposes","setPurposes","jwkThumbprint","calculateJwkThumbprintForKey","digestAlgorithm","includes","EbsiPublicKeyPurpose","CapabilityInvocation","AssertionMethod","Authentication","join","randomRpcId","Math","floor","random","MAX_SAFE_INTEGER","ebsiCreateDidOnLedger","accessTokenOpts","notBefore","Date","now","notAfter","baseDocument","identifier","clientId","redirectUri","credentialIssuer","getControllerKey","secp256r1","getKeys","attestationToOnboard","attestationToOnboardCredentialRole","Promise","reject","getEthereumAddressFromKey","did","idOpts","jwksUri","encodeURIComponent","console","log","authReqResult","ebsiCreateAttestationAuthRequestURL","formats","credentialType","requestObjectOpts","iss","requestObjectMode","CreateRequestObjectMode","REQUEST_OBJECT","attestationResult","ebsiGetAttestation","opts","timeout","credentials","rawVerifiableCredential","insertDidAccessTokenResponse","ebsiAccessTokenGet","credentialRole","attestationCredential","scope","skipDidResolution","insertDidDocRequest","BASE_CONTEXT_DOC","vMethodId","calculateJwkThumbprint","isSecp256k1","publicKey","INSERT_DID_DOCUMENT","accessTokenResponse","access_token","insertDidDocResponse","anchorTime","ebsiWaitTillDocumentAnchored","maxWaitTime","startIntervalMS","minIntervalMS","decreaseIntervalMSPerStep","didDocument","totalWaitTime","count","addVMAccessTokenResponse","addVerificationMethodRequest","ADD_VERIFICATION_METHOD","addVerificationMethodResponse","addAssertionMethodRelationshipRequest","name","ADD_VERIFICATION_RELATIONSHIP","addAssertionMethodRelationshipResponse","searchForObject","assertionMethod","addAuthenticationRelationshipRequest","addAuthenticationRelationshipResponse","insertDidDoc","addVerificationMethod","addAuthenticationRelationship","addAssertionMethodRelationship","import_ssi_sdk","ebsiSupportMethods","EbsiSupport","schema","IEbsiSupport","methods","ebsiCreateDidOnLedger","bind","ebsiWellknownMetadata","ebsiAuthorizationServerJwks","ebsiPresentationDefinitionGet","ebsiAccessTokenGet","ebsiCreateAttestationAuthRequestURL","ebsiGetAttestation","args","context","ebsiCreateDidOnLedgerFunction","url","determineWellknownEndpoint","fetch","method","headers","Accept","json","discoveryMetadata","type","jwks_uri","scope","apiOpts","openIDMetadata","system","mock","version","presentation_definition_endpoint","idOpts","jwksUri","clientId","allVerifiableCredentials","redirectUri","environment","skipDidResolution","identifier","agent","identifierManagedGetByDid","console","log","did","undefined","definitionResponse","hasInputDescriptors","input_descriptors","length","warn","attestationCredential","pexResult","pexDefinitionFilterCredentials","presentationDefinition","credentialFilterOpts","credentialRole","verifiableCredentials","filteredCredentials","filtered","map","cred","CredentialMapper","toUniformCredential","hasher","defaultHasher","filter","expirationDate","Date","getDate","now","credentialIssuer","ebsiGetIssuerMock","authReqResult","formats","requestObjectOpts","iss","requestObjectMode","CreateRequestObjectMode","REQUEST_OBJECT","credentialType","attestationResult","opts","timeout","credentials","rawVerifiableCredential","presentationSubmission","id","v4","definition_id","descriptor_map","tokenRequestArgs","grant_type","vp_token","presentation_submission","JSON","stringify","accessTokenResponse","getAccessToken","Error","request","token_endpoint","ContentType","body","URLSearchParams","TokenType","import_ssi_sdk_ext","debug","Debug","EbsiDidProvider","AbstractIdentifierProvider","PROVIDER","defaultKms","apiOpts","options","createIdentifier","args","context","type","kms","alias","notBefore","notAfter","secp256k1Key","secp256r1Key","keys","accessTokenOpts","executeLedgerOperation","methodSpecificId","generateEbsiMethodSpecificId","EBSI_DID_SPEC_INFOS","V1","baseDocument","services","Error","rpcId","randomRpcId","KEY","Promise","reject","length","secp256k1ImportKey","ebsiGenerateOrUseKeyPair","keyOpts","keyType","controllerKey","secp256k1ManagedKeyInfo","agent","keyManagerImport","secp256r1ImportKey","secp256r1ManagedKeyInfo","identifier","did","startsWith","method","controllerKeyId","kid","provider","environment","version","ebsiCreateDidOnLedger","key","managedKeyInfo","console","warn","addKey","accessToken","vmRelationships","getControllerKey","from","getEthereumAddressFromKey","addVerificationMethodRequest","params","isSecp256k1","vMethodId","calculateJwkThumbprint","jwk","toJwk","publicKeyHex","publicKey","formatEbsiPublicKey","rpcMethod","EbsiRpcMethod","ADD_VERIFICATION_METHOD","rpcResponse","ebsiSignAndSendTransaction","rpcRequest","calculateJwkThumbprintForKey","vmRelationshipsKey","addVerificationMethodRelationshipRequest","name","Date","now","ADD_VERIFICATION_RELATIONSHIP","previousTxResponse","addService","service","addServiceRequest","ADD_SERVICE","deleteIdentifier","resolve","removeKey","removeService","updateIdentifier","import_ssi_sdk_ext","resolveDidEbsi","didUrl","_parsed","_resolver","options","resolver","Resolver","getResolver","resolve","getDidEbsiResolver","key","logger","Loggers","DEFAULT","options","defaultLogLevel","LogLevel","DEBUG","methods","LogMethod","CONSOLE","DEBUG_PKG","get","schema","require"]}