@sphereon/ssi-sdk.mdl-mdoc 0.37.2-next.28 → 0.37.2-next.46

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (9) hide show
  1. package/dist/index.cjs +488 -36
  2. package/dist/index.cjs.map +1 -1
  3. package/dist/index.d.cts +7 -1
  4. package/dist/index.d.ts +7 -1
  5. package/dist/index.js +488 -36
  6. package/dist/index.js.map +1 -1
  7. package/package.json +15 -15
  8. package/src/agent/mDLMdoc.ts +149 -21
  9. package/src/functions/index.ts +312 -13
package/dist/index.cjs.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"sources":["../plugin.schema.json","../src/index.ts","../src/agent/mDLMdoc.ts","../src/functions/index.ts","../src/types/ImDLMdoc.ts"],"sourcesContent":["{\n \"IEBSIAuthorizationClient\": {\n \"components\": {\n \"schemas\": {\n \"EBSIAuthAccessTokenGetArgs\": {\n \"type\": \"object\",\n \"properties\": {\n \"vc\": {\n \"type\": \"string\"\n },\n \"definitionId\": {\n \"$ref\": \"#/components/schemas/ScopeByDefinition\"\n },\n \"did\": {\n \"type\": \"string\"\n },\n \"kid\": {\n \"type\": \"string\"\n },\n \"scope\": {\n \"$ref\": \"#/components/schemas/EBSIScope\"\n },\n \"apiOpts\": {\n \"$ref\": \"#/components/schemas/Optional<ApiOpts,\\\"version\\\">\"\n }\n },\n \"required\": [\"vc\", \"definitionId\", \"did\", \"kid\", \"scope\", \"apiOpts\"]\n },\n \"ScopeByDefinition\": {\n \"type\": \"string\",\n \"enum\": [\"didr_invite\", \"didr_write\", \"tir_invite\", \"tir_write\", \"timestamp_write\", \"tnt_authorise\", \"tnt_create\", \"tnt_write\"]\n },\n \"EBSIScope\": {\n \"type\": \"string\",\n \"enum\": [\n \"didr_write\",\n \"didr_invite\",\n \"tir_write\",\n \"tir_invite\",\n \"timestamp_write\",\n \"tnt_authorise\",\n \"tnt_create\",\n \"tnt_write\",\n \"did_authn\"\n ],\n \"description\": \"The OpenID scope\"\n },\n \"Optional<ApiOpts,\\\"version\\\">\": {\n \"type\": \"object\",\n \"properties\": {\n \"environment\": {\n \"$ref\": \"#/components/schemas/EbsiEnvironment\"\n },\n \"version\": {\n \"$ref\": \"#/components/schemas/EbsiApiVersion\"\n }\n }\n },\n \"EbsiEnvironment\": {\n \"type\": \"string\",\n \"enum\": [\"pilot\", \"conformance\", \"conformance-test\"]\n },\n \"EbsiApiVersion\": {\n \"type\": \"string\",\n \"enum\": [\"v3\", \"v4\", \"v5\"]\n },\n \"GetAccessTokenResponse\": {\n \"anyOf\": [\n {\n \"$ref\": \"#/components/schemas/GetAccessTokenSuccessResponse\"\n },\n {\n \"$ref\": \"#/components/schemas/ExceptionResponse\"\n }\n ]\n },\n \"GetAccessTokenSuccessResponse\": {\n \"type\": \"object\",\n \"properties\": {\n \"access_token\": {\n \"type\": \"string\"\n },\n \"token_type\": {\n \"$ref\": \"#/components/schemas/TokenType\"\n },\n \"expires_in\": {\n \"type\": \"number\"\n },\n \"scope\": {\n \"$ref\": \"#/components/schemas/EBSIScope\"\n },\n \"id_token\": {\n \"type\": \"string\"\n },\n \"apiOpts\": {\n \"$ref\": \"#/components/schemas/ApiOpts\"\n }\n },\n \"required\": [\"access_token\", \"token_type\", \"scope\", \"id_token\", \"apiOpts\"]\n },\n \"TokenType\": {\n \"type\": \"string\",\n \"const\": \"Bearer\"\n },\n \"ApiOpts\": {\n \"type\": \"object\",\n \"properties\": {\n \"environment\": {\n \"$ref\": \"#/components/schemas/EbsiEnvironment\"\n },\n \"version\": {\n \"$ref\": \"#/components/schemas/EbsiApiVersion\"\n }\n },\n \"required\": [\"version\"]\n },\n \"ExceptionResponse\": {\n \"type\": \"object\",\n \"properties\": {\n \"type\": {\n \"type\": \"string\"\n },\n \"title\": {\n \"type\": \"string\"\n },\n \"status\": {\n \"type\": \"number\"\n },\n \"detail\": {\n \"type\": \"string\"\n },\n \"instance\": {\n \"type\": \"string\"\n }\n }\n },\n \"GetOIDProviderJwksResponse\": {\n \"anyOf\": [\n {\n \"$ref\": \"#/components/schemas/GetOIDProviderJwksSuccessResponse\"\n },\n {\n \"$ref\": \"#/components/schemas/ExceptionResponse\"\n }\n ]\n },\n \"GetOIDProviderJwksSuccessResponse\": {\n \"type\": \"object\",\n \"properties\": {\n \"keys\": {\n \"type\": \"array\",\n \"items\": {\n \"$ref\": \"#/components/schemas/JWK\"\n }\n }\n },\n \"required\": [\"keys\"]\n },\n \"JWK\": {\n \"type\": \"object\",\n \"properties\": {\n \"alg\": {\n \"type\": \"string\",\n \"description\": \"JWK \\\"alg\\\" (Algorithm) Parameter.\"\n },\n \"crv\": {\n \"type\": \"string\"\n },\n \"d\": {\n \"type\": \"string\"\n },\n \"dp\": {\n \"type\": \"string\"\n },\n \"dq\": {\n \"type\": \"string\"\n },\n \"e\": {\n \"type\": \"string\"\n },\n \"ext\": {\n \"type\": \"boolean\",\n \"description\": \"JWK \\\"ext\\\" (Extractable) Parameter.\"\n },\n \"k\": {\n \"type\": \"string\"\n },\n \"key_ops\": {\n \"type\": \"array\",\n \"items\": {\n \"type\": \"string\"\n },\n \"description\": \"JWK \\\"key_ops\\\" (Key Operations) Parameter.\"\n },\n \"kid\": {\n \"type\": \"string\",\n \"description\": \"JWK \\\"kid\\\" (Key ID) Parameter.\"\n },\n \"kty\": {\n \"type\": \"string\",\n \"description\": \"JWK \\\"kty\\\" (Key Type) Parameter.\"\n },\n \"n\": {\n \"type\": \"string\"\n },\n \"oth\": {\n \"type\": \"array\",\n \"items\": {\n \"type\": \"object\",\n \"properties\": {\n \"d\": {\n \"type\": \"string\"\n },\n \"r\": {\n \"type\": \"string\"\n },\n \"t\": {\n \"type\": \"string\"\n }\n }\n }\n },\n \"p\": {\n \"type\": \"string\"\n },\n \"q\": {\n \"type\": \"string\"\n },\n \"qi\": {\n \"type\": \"string\"\n },\n \"use\": {\n \"type\": \"string\",\n \"description\": \"JWK \\\"use\\\" (Public Key Use) Parameter.\"\n },\n \"x\": {\n \"type\": \"string\"\n },\n \"y\": {\n \"type\": \"string\"\n },\n \"x5c\": {\n \"type\": \"array\",\n \"items\": {\n \"type\": \"string\"\n },\n \"description\": \"JWK \\\"x5c\\\" (X.509 Certificate Chain) Parameter.\"\n },\n \"x5t\": {\n \"type\": \"string\",\n \"description\": \"JWK \\\"x5t\\\" (X.509 Certificate SHA-1 Thumbprint) Parameter.\"\n },\n \"x5t#S256\": {\n \"type\": \"string\",\n \"description\": \"\\\"x5t#S256\\\" (X.509 Certificate SHA-256 Thumbprint) Parameter.\"\n },\n \"x5u\": {\n \"type\": \"string\",\n \"description\": \"JWK \\\"x5u\\\" (X.509 URL) Parameter.\"\n }\n },\n \"additionalProperties\": {},\n \"description\": \"JSON Web Key ( {@link https://www.rfc-editor.org/rfc/rfc7517 | JWK } ). \\\"RSA\\\", \\\"EC\\\", \\\"OKP\\\", and \\\"oct\\\" key types are supported.\"\n },\n \"GetPresentationDefinitionArgs\": {\n \"type\": \"object\",\n \"properties\": {\n \"scope\": {\n \"$ref\": \"#/components/schemas/EBSIScope\"\n },\n \"apiOpts\": {\n \"$ref\": \"#/components/schemas/ApiOpts\"\n }\n },\n \"required\": [\"scope\"]\n },\n \"GetPresentationDefinitionResponse\": {\n \"$ref\": \"#/components/schemas/GetPresentationDefinitionSuccessResponse\"\n },\n \"GetPresentationDefinitionSuccessResponse\": {\n \"type\": \"object\",\n \"properties\": {\n \"format\": {\n \"$ref\": \"#/components/schemas/Format\"\n },\n \"id\": {\n \"type\": \"string\"\n },\n \"name\": {\n \"type\": \"string\"\n },\n \"purpose\": {\n \"type\": \"string\"\n },\n \"submission_requirements\": {\n \"type\": \"array\",\n \"items\": {\n \"$ref\": \"#/components/schemas/SubmissionRequirement\"\n }\n },\n \"input_descriptors\": {\n \"type\": \"array\",\n \"items\": {\n \"$ref\": \"#/components/schemas/InputDescriptorV2\"\n }\n },\n \"frame\": {\n \"type\": \"object\"\n }\n },\n \"required\": [\"id\", \"input_descriptors\"]\n },\n \"Format\": {\n \"type\": \"object\",\n \"properties\": {\n \"jwt\": {\n \"$ref\": \"#/components/schemas/JwtObject\"\n },\n \"jwt_vc\": {\n \"$ref\": \"#/components/schemas/JwtObject\"\n },\n \"jwt_vc_json\": {\n \"$ref\": \"#/components/schemas/JwtObject\"\n },\n \"jwt_vp\": {\n \"$ref\": \"#/components/schemas/JwtObject\"\n },\n \"jwt_vp_json\": {\n \"$ref\": \"#/components/schemas/JwtObject\"\n },\n \"ldp\": {\n \"$ref\": \"#/components/schemas/LdpObject\"\n },\n \"ldp_vc\": {\n \"$ref\": \"#/components/schemas/LdpObject\"\n },\n \"ldp_vp\": {\n \"$ref\": \"#/components/schemas/LdpObject\"\n },\n \"di\": {\n \"$ref\": \"#/components/schemas/DiObject\"\n },\n \"di_vc\": {\n \"$ref\": \"#/components/schemas/DiObject\"\n },\n \"di_vp\": {\n \"$ref\": \"#/components/schemas/DiObject\"\n },\n \"dc+sd-jwt\": {\n \"$ref\": \"#/components/schemas/SdJwtObject\"\n }\n }\n },\n \"JwtObject\": {\n \"type\": \"object\",\n \"properties\": {\n \"alg\": {\n \"type\": \"array\",\n \"items\": {\n \"type\": \"string\"\n }\n }\n },\n \"required\": [\"alg\"]\n },\n \"LdpObject\": {\n \"type\": \"object\",\n \"properties\": {\n \"proof_type\": {\n \"type\": \"array\",\n \"items\": {\n \"type\": \"string\"\n }\n }\n },\n \"required\": [\"proof_type\"]\n },\n \"DiObject\": {\n \"type\": \"object\",\n \"properties\": {\n \"proof_type\": {\n \"type\": \"array\",\n \"items\": {\n \"type\": \"string\"\n }\n },\n \"cryptosuite\": {\n \"type\": \"array\",\n \"items\": {\n \"type\": \"string\"\n }\n }\n },\n \"required\": [\"proof_type\", \"cryptosuite\"]\n },\n \"SdJwtObject\": {\n \"type\": \"object\",\n \"properties\": {\n \"sd-jwt_alg_values\": {\n \"type\": \"array\",\n \"items\": {\n \"type\": \"string\"\n }\n },\n \"kb-jwt_alg_values\": {\n \"type\": \"array\",\n \"items\": {\n \"type\": \"string\"\n }\n }\n }\n },\n \"SubmissionRequirement\": {\n \"type\": \"object\",\n \"properties\": {\n \"name\": {\n \"type\": \"string\"\n },\n \"purpose\": {\n \"type\": \"string\"\n },\n \"rule\": {\n \"$ref\": \"#/components/schemas/Rules\"\n },\n \"count\": {\n \"type\": \"number\"\n },\n \"min\": {\n \"type\": \"number\"\n },\n \"max\": {\n \"type\": \"number\"\n },\n \"from\": {\n \"type\": \"string\"\n },\n \"from_nested\": {\n \"type\": \"array\",\n \"items\": {\n \"$ref\": \"#/components/schemas/SubmissionRequirement\"\n }\n }\n },\n \"required\": [\"rule\"]\n },\n \"Rules\": {\n \"type\": \"string\",\n \"enum\": [\"all\", \"pick\"]\n },\n \"InputDescriptorV2\": {\n \"type\": \"object\",\n \"properties\": {\n \"id\": {\n \"type\": \"string\"\n },\n \"name\": {\n \"type\": \"string\"\n },\n \"purpose\": {\n \"type\": \"string\"\n },\n \"format\": {\n \"$ref\": \"#/components/schemas/Format\"\n },\n \"group\": {\n \"type\": \"array\",\n \"items\": {\n \"type\": \"string\"\n }\n },\n \"issuance\": {\n \"type\": \"array\",\n \"items\": {\n \"$ref\": \"#/components/schemas/Issuance\"\n }\n },\n \"constraints\": {\n \"$ref\": \"#/components/schemas/ConstraintsV2\"\n }\n },\n \"required\": [\"id\", \"constraints\"]\n },\n \"Issuance\": {\n \"type\": \"object\",\n \"properties\": {\n \"manifest\": {\n \"type\": \"string\"\n }\n },\n \"additionalProperties\": {}\n },\n \"ConstraintsV2\": {\n \"type\": \"object\",\n \"properties\": {\n \"limit_disclosure\": {\n \"$ref\": \"#/components/schemas/Optionality\"\n },\n \"statuses\": {\n \"$ref\": \"#/components/schemas/Statuses\"\n },\n \"fields\": {\n \"type\": \"array\",\n \"items\": {\n \"$ref\": \"#/components/schemas/FieldV2\"\n }\n },\n \"subject_is_issuer\": {\n \"$ref\": \"#/components/schemas/Optionality\"\n },\n \"is_holder\": {\n \"type\": \"array\",\n \"items\": {\n \"$ref\": \"#/components/schemas/HolderSubject\"\n }\n },\n \"same_subject\": {\n \"type\": \"array\",\n \"items\": {\n \"$ref\": \"#/components/schemas/HolderSubject\"\n }\n }\n }\n },\n \"Optionality\": {\n \"type\": \"string\",\n \"enum\": [\"required\", \"preferred\"]\n },\n \"Statuses\": {\n \"type\": \"object\",\n \"properties\": {\n \"active\": {\n \"$ref\": \"#/components/schemas/PdStatus\"\n },\n \"suspended\": {\n \"$ref\": \"#/components/schemas/PdStatus\"\n },\n \"revoked\": {\n \"$ref\": \"#/components/schemas/PdStatus\"\n }\n }\n },\n \"PdStatus\": {\n \"type\": \"object\",\n \"properties\": {\n \"directive\": {\n \"$ref\": \"#/components/schemas/Directives\"\n }\n }\n },\n \"Directives\": {\n \"type\": \"string\",\n \"enum\": [\"required\", \"allowed\", \"disallowed\"]\n },\n \"FieldV2\": {\n \"type\": \"object\",\n \"properties\": {\n \"id\": {\n \"type\": \"string\"\n },\n \"path\": {\n \"type\": \"array\",\n \"items\": {\n \"type\": \"string\"\n }\n },\n \"purpose\": {\n \"type\": \"string\"\n },\n \"filter\": {\n \"$ref\": \"#/components/schemas/FilterV2\"\n },\n \"predicate\": {\n \"$ref\": \"#/components/schemas/Optionality\"\n },\n \"name\": {\n \"type\": \"string\"\n },\n \"optional\": {\n \"type\": \"boolean\"\n }\n },\n \"required\": [\"path\"]\n },\n \"FilterV2\": {\n \"type\": \"object\",\n \"properties\": {\n \"const\": {\n \"$ref\": \"#/components/schemas/OneOfNumberStringBoolean\"\n },\n \"enum\": {\n \"type\": \"array\",\n \"items\": {\n \"$ref\": \"#/components/schemas/OneOfNumberStringBoolean\"\n }\n },\n \"exclusiveMinimum\": {\n \"$ref\": \"#/components/schemas/OneOfNumberString\"\n },\n \"exclusiveMaximum\": {\n \"$ref\": \"#/components/schemas/OneOfNumberString\"\n },\n \"format\": {\n \"type\": \"string\"\n },\n \"formatMaximum\": {\n \"type\": \"string\"\n },\n \"formatMinimum\": {\n \"type\": \"string\"\n },\n \"formatExclusiveMaximum\": {\n \"type\": \"string\"\n },\n \"formatExclusiveMinimum\": {\n \"type\": \"string\"\n },\n \"minLength\": {\n \"type\": \"number\"\n },\n \"maxLength\": {\n \"type\": \"number\"\n },\n \"minimum\": {\n \"$ref\": \"#/components/schemas/OneOfNumberString\"\n },\n \"maximum\": {\n \"$ref\": \"#/components/schemas/OneOfNumberString\"\n },\n \"not\": {\n \"type\": \"object\"\n },\n \"pattern\": {\n \"type\": \"string\"\n },\n \"type\": {\n \"type\": \"string\"\n },\n \"contains\": {\n \"$ref\": \"#/components/schemas/FilterV2Base\"\n },\n \"items\": {\n \"$ref\": \"#/components/schemas/FilterV2BaseItems\"\n }\n },\n \"required\": [\"type\"]\n },\n \"OneOfNumberStringBoolean\": {\n \"type\": [\"boolean\", \"number\", \"string\"]\n },\n \"OneOfNumberString\": {\n \"type\": [\"number\", \"string\"]\n },\n \"FilterV2Base\": {\n \"type\": \"object\",\n \"properties\": {\n \"const\": {\n \"$ref\": \"#/components/schemas/OneOfNumberStringBoolean\"\n },\n \"enum\": {\n \"type\": \"array\",\n \"items\": {\n \"$ref\": \"#/components/schemas/OneOfNumberStringBoolean\"\n }\n },\n \"exclusiveMinimum\": {\n \"$ref\": \"#/components/schemas/OneOfNumberString\"\n },\n \"exclusiveMaximum\": {\n \"$ref\": \"#/components/schemas/OneOfNumberString\"\n },\n \"format\": {\n \"type\": \"string\"\n },\n \"formatMaximum\": {\n \"type\": \"string\"\n },\n \"formatMinimum\": {\n \"type\": \"string\"\n },\n \"formatExclusiveMaximum\": {\n \"type\": \"string\"\n },\n \"formatExclusiveMinimum\": {\n \"type\": \"string\"\n },\n \"minLength\": {\n \"type\": \"number\"\n },\n \"maxLength\": {\n \"type\": \"number\"\n },\n \"minimum\": {\n \"$ref\": \"#/components/schemas/OneOfNumberString\"\n },\n \"maximum\": {\n \"$ref\": \"#/components/schemas/OneOfNumberString\"\n },\n \"not\": {\n \"type\": \"object\"\n },\n \"pattern\": {\n \"type\": \"string\"\n },\n \"type\": {\n \"type\": \"string\"\n },\n \"contains\": {\n \"$ref\": \"#/components/schemas/FilterV2Base\"\n },\n \"items\": {\n \"$ref\": \"#/components/schemas/FilterV2BaseItems\"\n }\n }\n },\n \"FilterV2BaseItems\": {\n \"type\": \"object\",\n \"properties\": {\n \"const\": {\n \"$ref\": \"#/components/schemas/OneOfNumberStringBoolean\"\n },\n \"enum\": {\n \"type\": \"array\",\n \"items\": {\n \"$ref\": \"#/components/schemas/OneOfNumberStringBoolean\"\n }\n },\n \"exclusiveMinimum\": {\n \"$ref\": \"#/components/schemas/OneOfNumberString\"\n },\n \"exclusiveMaximum\": {\n \"$ref\": \"#/components/schemas/OneOfNumberString\"\n },\n \"format\": {\n \"type\": \"string\"\n },\n \"formatMaximum\": {\n \"type\": \"string\"\n },\n \"formatMinimum\": {\n \"type\": \"string\"\n },\n \"formatExclusiveMaximum\": {\n \"type\": \"string\"\n },\n \"formatExclusiveMinimum\": {\n \"type\": \"string\"\n },\n \"minLength\": {\n \"type\": \"number\"\n },\n \"maxLength\": {\n \"type\": \"number\"\n },\n \"minimum\": {\n \"$ref\": \"#/components/schemas/OneOfNumberString\"\n },\n \"maximum\": {\n \"$ref\": \"#/components/schemas/OneOfNumberString\"\n },\n \"not\": {\n \"type\": \"object\"\n },\n \"pattern\": {\n \"type\": \"string\"\n },\n \"type\": {\n \"type\": \"string\"\n },\n \"contains\": {\n \"$ref\": \"#/components/schemas/FilterV2Base\"\n },\n \"items\": {\n \"$ref\": \"#/components/schemas/FilterV2BaseItems\"\n }\n },\n \"required\": [\"type\"]\n },\n \"HolderSubject\": {\n \"type\": \"object\",\n \"properties\": {\n \"field_id\": {\n \"type\": \"array\",\n \"items\": {\n \"type\": \"string\"\n }\n },\n \"directive\": {\n \"$ref\": \"#/components/schemas/Optionality\"\n }\n },\n \"required\": [\"field_id\", \"directive\"]\n },\n \"GetOIDProviderMetadataResponse\": {\n \"$ref\": \"#/components/schemas/EbsiOpenIDMetadata\"\n },\n \"EbsiOpenIDMetadata\": {\n \"anyOf\": [\n {\n \"type\": \"object\",\n \"properties\": {\n \"presentation_definition_endpoint\": {\n \"type\": \"string\"\n },\n \"authorization_endpoint\": {\n \"anyOf\": [\n {\n \"$ref\": \"#/components/schemas/Schema\"\n },\n {\n \"type\": \"string\"\n }\n ]\n },\n \"issuer\": {\n \"anyOf\": [\n {\n \"$ref\": \"#/components/schemas/ResponseIss\"\n },\n {\n \"type\": \"string\"\n }\n ]\n },\n \"response_types_supported\": {\n \"anyOf\": [\n {\n \"type\": \"array\",\n \"items\": {\n \"$ref\": \"#/components/schemas/ResponseType\"\n }\n },\n {\n \"$ref\": \"#/components/schemas/ResponseType\"\n }\n ]\n },\n \"scopes_supported\": {\n \"anyOf\": [\n {\n \"type\": \"array\",\n \"items\": {\n \"$ref\": \"#/components/schemas/Scope\"\n }\n },\n {\n \"$ref\": \"#/components/schemas/Scope\"\n }\n ]\n },\n \"subject_types_supported\": {\n \"anyOf\": [\n {\n \"type\": \"array\",\n \"items\": {\n \"$ref\": \"#/components/schemas/SubjectType\"\n }\n },\n {\n \"$ref\": \"#/components/schemas/SubjectType\"\n }\n ]\n },\n \"id_token_signing_alg_values_supported\": {\n \"anyOf\": [\n {\n \"type\": \"array\",\n \"items\": {\n \"$ref\": \"#/components/schemas/SigningAlgo\"\n }\n },\n {\n \"$ref\": \"#/components/schemas/SigningAlgo\"\n }\n ]\n },\n \"request_object_signing_alg_values_supported\": {\n \"anyOf\": [\n {\n \"type\": \"array\",\n \"items\": {\n \"$ref\": \"#/components/schemas/SigningAlgo\"\n }\n },\n {\n \"$ref\": \"#/components/schemas/SigningAlgo\"\n }\n ]\n },\n \"subject_syntax_types_supported\": {\n \"type\": \"array\",\n \"items\": {\n \"type\": \"string\"\n }\n },\n \"token_endpoint\": {\n \"type\": \"string\"\n },\n \"userinfo_endpoint\": {\n \"type\": \"string\"\n },\n \"jwks_uri\": {\n \"type\": \"string\"\n },\n \"registration_endpoint\": {\n \"type\": \"string\"\n },\n \"response_modes_supported\": {\n \"anyOf\": [\n {\n \"type\": \"array\",\n \"items\": {\n \"$ref\": \"#/components/schemas/ResponseMode\"\n }\n },\n {\n \"$ref\": \"#/components/schemas/ResponseMode\"\n }\n ]\n },\n \"grant_types_supported\": {\n \"anyOf\": [\n {\n \"type\": \"array\",\n \"items\": {\n \"$ref\": \"#/components/schemas/GrantType\"\n }\n },\n {\n \"$ref\": \"#/components/schemas/GrantType\"\n }\n ]\n },\n \"acr_values_supported\": {\n \"anyOf\": [\n {\n \"type\": \"array\",\n \"items\": {\n \"$ref\": \"#/components/schemas/AuthenticationContextReferences\"\n }\n },\n {\n \"$ref\": \"#/components/schemas/AuthenticationContextReferences\"\n }\n ]\n },\n \"id_token_encryption_alg_values_supported\": {\n \"anyOf\": [\n {\n \"type\": \"array\",\n \"items\": {\n \"$ref\": \"#/components/schemas/SigningAlgo\"\n }\n },\n {\n \"$ref\": \"#/components/schemas/SigningAlgo\"\n }\n ]\n },\n \"id_token_encryption_enc_values_supported\": {\n \"anyOf\": [\n {\n \"type\": \"array\",\n \"items\": {\n \"type\": \"string\"\n }\n },\n {\n \"type\": \"string\"\n }\n ],\n \"description\": \"OPTIONAL. JSON array containing a list of the JWE encryption algorithms (enc values) supported by the OP for the ID Token to encode the Claims in a JWT [JWT].\"\n },\n \"userinfo_signing_alg_values_supported\": {\n \"anyOf\": [\n {\n \"type\": \"array\",\n \"items\": {\n \"$ref\": \"#/components/schemas/SigningAlgo\"\n }\n },\n {\n \"$ref\": \"#/components/schemas/SigningAlgo\"\n }\n ]\n },\n \"userinfo_encryption_alg_values_supported\": {\n \"anyOf\": [\n {\n \"type\": \"array\",\n \"items\": {\n \"$ref\": \"#/components/schemas/SigningAlgo\"\n }\n },\n {\n \"$ref\": \"#/components/schemas/SigningAlgo\"\n }\n ]\n },\n \"userinfo_encryption_enc_values_supported\": {\n \"anyOf\": [\n {\n \"type\": \"array\",\n \"items\": {\n \"type\": \"string\"\n }\n },\n {\n \"type\": \"string\"\n }\n ],\n \"description\": \"OPTIONAL. JSON array containing a list of the JWE encryption algorithms (enc values) [JWA] supported by the UserInfo Endpoint to encode the Claims in a JWT [JWT].\"\n },\n \"request_object_encryption_alg_values_supported\": {\n \"anyOf\": [\n {\n \"type\": \"array\",\n \"items\": {\n \"$ref\": \"#/components/schemas/SigningAlgo\"\n }\n },\n {\n \"$ref\": \"#/components/schemas/SigningAlgo\"\n }\n ]\n },\n \"request_object_encryption_enc_values_supported\": {\n \"anyOf\": [\n {\n \"type\": \"array\",\n \"items\": {\n \"type\": \"string\"\n }\n },\n {\n \"type\": \"string\"\n }\n ],\n \"description\": \"OPTIONAL. JSON array containing a list of the JWE encryption algorithms (enc values) supported by the OP for Request Objects. These algorithms are used both when the Request Object is passed by value and when it is passed by reference.\"\n },\n \"token_endpoint_auth_methods_supported\": {\n \"anyOf\": [\n {\n \"type\": \"array\",\n \"items\": {\n \"$ref\": \"#/components/schemas/TokenEndpointAuthMethod\"\n }\n },\n {\n \"$ref\": \"#/components/schemas/TokenEndpointAuthMethod\"\n }\n ]\n },\n \"token_endpoint_auth_signing_alg_values_supported\": {\n \"anyOf\": [\n {\n \"type\": \"array\",\n \"items\": {\n \"$ref\": \"#/components/schemas/SigningAlgo\"\n }\n },\n {\n \"$ref\": \"#/components/schemas/SigningAlgo\"\n }\n ]\n },\n \"display_values_supported\": {\n \"anyOf\": [\n {\n \"type\": \"array\",\n \"items\": {}\n },\n {}\n ],\n \"description\": \"OPTIONAL. JSON array containing a list of the display parameter values that the OpenID Provider supports. These values are described in Section 3.1.2.1 of OpenID Connect Core 1.0 [OpenID.Core].\"\n },\n \"claim_types_supported\": {\n \"anyOf\": [\n {\n \"type\": \"array\",\n \"items\": {\n \"$ref\": \"#/components/schemas/ClaimType\"\n }\n },\n {\n \"$ref\": \"#/components/schemas/ClaimType\"\n }\n ],\n \"description\": \"OPTIONAL. JSON array containing a list of the Claim Types that the OpenID Provider supports. These Claim Types are described in Section 5.6 of OpenID Connect Core 1.0 [OpenID.Core]. Values defined by this specification are normal, aggregated, and distributed. If omitted, the implementation supports only normal Claims.\"\n },\n \"claims_supported\": {\n \"anyOf\": [\n {\n \"type\": \"array\",\n \"items\": {\n \"type\": \"string\"\n }\n },\n {\n \"type\": \"string\"\n }\n ],\n \"description\": \"RECOMMENDED. JSON array containing a list of the Claim Names of the Claims that the OpenID Provider MAY be able to supply values for. Note that for privacy or other reasons, this might not be an exhaustive list.\"\n },\n \"service_documentation\": {\n \"type\": \"string\"\n },\n \"claims_locales_supported\": {\n \"anyOf\": [\n {\n \"type\": \"array\",\n \"items\": {\n \"type\": \"string\"\n }\n },\n {\n \"type\": \"string\"\n }\n ]\n },\n \"ui_locales_supported\": {\n \"anyOf\": [\n {\n \"type\": \"array\",\n \"items\": {\n \"type\": \"string\"\n }\n },\n {\n \"type\": \"string\"\n }\n ]\n },\n \"claims_parameter_supported\": {\n \"type\": \"boolean\"\n },\n \"request_parameter_supported\": {\n \"type\": \"boolean\"\n },\n \"request_uri_parameter_supported\": {\n \"type\": \"boolean\"\n },\n \"require_request_uri_registration\": {\n \"type\": \"boolean\"\n },\n \"op_policy_uri\": {\n \"type\": \"string\"\n },\n \"op_tos_uri\": {\n \"type\": \"string\"\n },\n \"client_id\": {\n \"type\": \"string\"\n },\n \"redirect_uris\": {\n \"type\": \"array\",\n \"items\": {\n \"type\": \"string\"\n }\n },\n \"client_name\": {\n \"type\": \"string\"\n },\n \"token_endpoint_auth_method\": {\n \"type\": \"string\"\n },\n \"application_type\": {\n \"type\": \"string\"\n },\n \"response_types\": {\n \"type\": \"string\"\n },\n \"grant_types\": {\n \"type\": \"string\"\n },\n \"vp_formats\": {\n \"$ref\": \"#/components/schemas/Format\"\n }\n }\n },\n {\n \"type\": \"object\",\n \"properties\": {\n \"presentation_definition_endpoint\": {\n \"type\": \"string\"\n },\n \"authorization_endpoint\": {\n \"anyOf\": [\n {\n \"$ref\": \"#/components/schemas/Schema\"\n },\n {\n \"type\": \"string\"\n }\n ]\n },\n \"issuer\": {\n \"anyOf\": [\n {\n \"$ref\": \"#/components/schemas/ResponseIss\"\n },\n {\n \"type\": \"string\"\n }\n ]\n },\n \"response_types_supported\": {\n \"anyOf\": [\n {\n \"type\": \"array\",\n \"items\": {\n \"$ref\": \"#/components/schemas/ResponseType\"\n }\n },\n {\n \"$ref\": \"#/components/schemas/ResponseType\"\n }\n ]\n },\n \"scopes_supported\": {\n \"anyOf\": [\n {\n \"type\": \"array\",\n \"items\": {\n \"$ref\": \"#/components/schemas/Scope\"\n }\n },\n {\n \"$ref\": \"#/components/schemas/Scope\"\n }\n ]\n },\n \"subject_types_supported\": {\n \"anyOf\": [\n {\n \"type\": \"array\",\n \"items\": {\n \"$ref\": \"#/components/schemas/SubjectType\"\n }\n },\n {\n \"$ref\": \"#/components/schemas/SubjectType\"\n }\n ]\n },\n \"id_token_signing_alg_values_supported\": {\n \"anyOf\": [\n {\n \"type\": \"array\",\n \"items\": {\n \"$ref\": \"#/components/schemas/SigningAlgo\"\n }\n },\n {\n \"$ref\": \"#/components/schemas/SigningAlgo\"\n }\n ]\n },\n \"request_object_signing_alg_values_supported\": {\n \"anyOf\": [\n {\n \"type\": \"array\",\n \"items\": {\n \"$ref\": \"#/components/schemas/SigningAlgo\"\n }\n },\n {\n \"$ref\": \"#/components/schemas/SigningAlgo\"\n }\n ]\n },\n \"subject_syntax_types_supported\": {\n \"type\": \"array\",\n \"items\": {\n \"type\": \"string\"\n }\n },\n \"token_endpoint\": {\n \"type\": \"string\"\n },\n \"userinfo_endpoint\": {\n \"type\": \"string\"\n },\n \"jwks_uri\": {\n \"type\": \"string\"\n },\n \"registration_endpoint\": {\n \"type\": \"string\"\n },\n \"response_modes_supported\": {\n \"anyOf\": [\n {\n \"type\": \"array\",\n \"items\": {\n \"$ref\": \"#/components/schemas/ResponseMode\"\n }\n },\n {\n \"$ref\": \"#/components/schemas/ResponseMode\"\n }\n ]\n },\n \"grant_types_supported\": {\n \"anyOf\": [\n {\n \"type\": \"array\",\n \"items\": {\n \"$ref\": \"#/components/schemas/GrantType\"\n }\n },\n {\n \"$ref\": \"#/components/schemas/GrantType\"\n }\n ]\n },\n \"acr_values_supported\": {\n \"anyOf\": [\n {\n \"type\": \"array\",\n \"items\": {\n \"$ref\": \"#/components/schemas/AuthenticationContextReferences\"\n }\n },\n {\n \"$ref\": \"#/components/schemas/AuthenticationContextReferences\"\n }\n ]\n },\n \"id_token_encryption_alg_values_supported\": {\n \"anyOf\": [\n {\n \"type\": \"array\",\n \"items\": {\n \"$ref\": \"#/components/schemas/SigningAlgo\"\n }\n },\n {\n \"$ref\": \"#/components/schemas/SigningAlgo\"\n }\n ]\n },\n \"id_token_encryption_enc_values_supported\": {\n \"anyOf\": [\n {\n \"type\": \"array\",\n \"items\": {\n \"type\": \"string\"\n }\n },\n {\n \"type\": \"string\"\n }\n ],\n \"description\": \"OPTIONAL. JSON array containing a list of the JWE encryption algorithms (enc values) supported by the OP for the ID Token to encode the Claims in a JWT [JWT].\"\n },\n \"userinfo_signing_alg_values_supported\": {\n \"anyOf\": [\n {\n \"type\": \"array\",\n \"items\": {\n \"$ref\": \"#/components/schemas/SigningAlgo\"\n }\n },\n {\n \"$ref\": \"#/components/schemas/SigningAlgo\"\n }\n ]\n },\n \"userinfo_encryption_alg_values_supported\": {\n \"anyOf\": [\n {\n \"type\": \"array\",\n \"items\": {\n \"$ref\": \"#/components/schemas/SigningAlgo\"\n }\n },\n {\n \"$ref\": \"#/components/schemas/SigningAlgo\"\n }\n ]\n },\n \"userinfo_encryption_enc_values_supported\": {\n \"anyOf\": [\n {\n \"type\": \"array\",\n \"items\": {\n \"type\": \"string\"\n }\n },\n {\n \"type\": \"string\"\n }\n ],\n \"description\": \"OPTIONAL. JSON array containing a list of the JWE encryption algorithms (enc values) [JWA] supported by the UserInfo Endpoint to encode the Claims in a JWT [JWT].\"\n },\n \"request_object_encryption_alg_values_supported\": {\n \"anyOf\": [\n {\n \"type\": \"array\",\n \"items\": {\n \"$ref\": \"#/components/schemas/SigningAlgo\"\n }\n },\n {\n \"$ref\": \"#/components/schemas/SigningAlgo\"\n }\n ]\n },\n \"request_object_encryption_enc_values_supported\": {\n \"anyOf\": [\n {\n \"type\": \"array\",\n \"items\": {\n \"type\": \"string\"\n }\n },\n {\n \"type\": \"string\"\n }\n ],\n \"description\": \"OPTIONAL. JSON array containing a list of the JWE encryption algorithms (enc values) supported by the OP for Request Objects. These algorithms are used both when the Request Object is passed by value and when it is passed by reference.\"\n },\n \"token_endpoint_auth_methods_supported\": {\n \"anyOf\": [\n {\n \"type\": \"array\",\n \"items\": {\n \"$ref\": \"#/components/schemas/TokenEndpointAuthMethod\"\n }\n },\n {\n \"$ref\": \"#/components/schemas/TokenEndpointAuthMethod\"\n }\n ]\n },\n \"token_endpoint_auth_signing_alg_values_supported\": {\n \"anyOf\": [\n {\n \"type\": \"array\",\n \"items\": {\n \"$ref\": \"#/components/schemas/SigningAlgo\"\n }\n },\n {\n \"$ref\": \"#/components/schemas/SigningAlgo\"\n }\n ]\n },\n \"display_values_supported\": {\n \"anyOf\": [\n {\n \"type\": \"array\",\n \"items\": {}\n },\n {}\n ],\n \"description\": \"OPTIONAL. JSON array containing a list of the display parameter values that the OpenID Provider supports. These values are described in Section 3.1.2.1 of OpenID Connect Core 1.0 [OpenID.Core].\"\n },\n \"claim_types_supported\": {\n \"anyOf\": [\n {\n \"type\": \"array\",\n \"items\": {\n \"$ref\": \"#/components/schemas/ClaimType\"\n }\n },\n {\n \"$ref\": \"#/components/schemas/ClaimType\"\n }\n ],\n \"description\": \"OPTIONAL. JSON array containing a list of the Claim Types that the OpenID Provider supports. These Claim Types are described in Section 5.6 of OpenID Connect Core 1.0 [OpenID.Core]. Values defined by this specification are normal, aggregated, and distributed. If omitted, the implementation supports only normal Claims.\"\n },\n \"claims_supported\": {\n \"anyOf\": [\n {\n \"type\": \"array\",\n \"items\": {\n \"type\": \"string\"\n }\n },\n {\n \"type\": \"string\"\n }\n ],\n \"description\": \"RECOMMENDED. JSON array containing a list of the Claim Names of the Claims that the OpenID Provider MAY be able to supply values for. Note that for privacy or other reasons, this might not be an exhaustive list.\"\n },\n \"service_documentation\": {\n \"type\": \"string\"\n },\n \"claims_locales_supported\": {\n \"anyOf\": [\n {\n \"type\": \"array\",\n \"items\": {\n \"type\": \"string\"\n }\n },\n {\n \"type\": \"string\"\n }\n ]\n },\n \"ui_locales_supported\": {\n \"anyOf\": [\n {\n \"type\": \"array\",\n \"items\": {\n \"type\": \"string\"\n }\n },\n {\n \"type\": \"string\"\n }\n ]\n },\n \"claims_parameter_supported\": {\n \"type\": \"boolean\"\n },\n \"request_parameter_supported\": {\n \"type\": \"boolean\"\n },\n \"request_uri_parameter_supported\": {\n \"type\": \"boolean\"\n },\n \"require_request_uri_registration\": {\n \"type\": \"boolean\"\n },\n \"op_policy_uri\": {\n \"type\": \"string\"\n },\n \"op_tos_uri\": {\n \"type\": \"string\"\n },\n \"client_id\": {\n \"type\": \"string\"\n },\n \"redirect_uris\": {\n \"type\": \"array\",\n \"items\": {\n \"type\": \"string\"\n }\n },\n \"client_name\": {\n \"type\": \"string\"\n },\n \"token_endpoint_auth_method\": {\n \"type\": \"string\"\n },\n \"application_type\": {\n \"type\": \"string\"\n },\n \"response_types\": {\n \"type\": \"string\"\n },\n \"grant_types\": {\n \"type\": \"string\"\n },\n \"vp_formats\": {\n \"$ref\": \"#/components/schemas/Format\"\n },\n \"logo_uri\": {\n \"type\": \"string\"\n },\n \"client_purpose\": {\n \"type\": \"string\"\n }\n }\n },\n {\n \"type\": \"object\",\n \"properties\": {\n \"presentation_definition_endpoint\": {\n \"type\": \"string\"\n },\n \"authorization_endpoint\": {\n \"anyOf\": [\n {\n \"$ref\": \"#/components/schemas/Schema\"\n },\n {\n \"type\": \"string\"\n }\n ]\n },\n \"issuer\": {\n \"anyOf\": [\n {\n \"$ref\": \"#/components/schemas/ResponseIss\"\n },\n {\n \"type\": \"string\"\n }\n ]\n },\n \"response_types_supported\": {\n \"anyOf\": [\n {\n \"type\": \"array\",\n \"items\": {\n \"$ref\": \"#/components/schemas/ResponseType\"\n }\n },\n {\n \"$ref\": \"#/components/schemas/ResponseType\"\n }\n ]\n },\n \"scopes_supported\": {\n \"anyOf\": [\n {\n \"type\": \"array\",\n \"items\": {\n \"$ref\": \"#/components/schemas/Scope\"\n }\n },\n {\n \"$ref\": \"#/components/schemas/Scope\"\n }\n ]\n },\n \"subject_types_supported\": {\n \"anyOf\": [\n {\n \"type\": \"array\",\n \"items\": {\n \"$ref\": \"#/components/schemas/SubjectType\"\n }\n },\n {\n \"$ref\": \"#/components/schemas/SubjectType\"\n }\n ]\n },\n \"id_token_signing_alg_values_supported\": {\n \"anyOf\": [\n {\n \"type\": \"array\",\n \"items\": {\n \"$ref\": \"#/components/schemas/SigningAlgo\"\n }\n },\n {\n \"$ref\": \"#/components/schemas/SigningAlgo\"\n }\n ]\n },\n \"request_object_signing_alg_values_supported\": {\n \"anyOf\": [\n {\n \"type\": \"array\",\n \"items\": {\n \"$ref\": \"#/components/schemas/SigningAlgo\"\n }\n },\n {\n \"$ref\": \"#/components/schemas/SigningAlgo\"\n }\n ]\n },\n \"subject_syntax_types_supported\": {\n \"type\": \"array\",\n \"items\": {\n \"type\": \"string\"\n }\n },\n \"token_endpoint\": {\n \"type\": \"string\"\n },\n \"userinfo_endpoint\": {\n \"type\": \"string\"\n },\n \"jwks_uri\": {\n \"type\": \"string\"\n },\n \"registration_endpoint\": {\n \"type\": \"string\"\n },\n \"response_modes_supported\": {\n \"anyOf\": [\n {\n \"type\": \"array\",\n \"items\": {\n \"$ref\": \"#/components/schemas/ResponseMode\"\n }\n },\n {\n \"$ref\": \"#/components/schemas/ResponseMode\"\n }\n ]\n },\n \"grant_types_supported\": {\n \"anyOf\": [\n {\n \"type\": \"array\",\n \"items\": {\n \"$ref\": \"#/components/schemas/GrantType\"\n }\n },\n {\n \"$ref\": \"#/components/schemas/GrantType\"\n }\n ]\n },\n \"acr_values_supported\": {\n \"anyOf\": [\n {\n \"type\": \"array\",\n \"items\": {\n \"$ref\": \"#/components/schemas/AuthenticationContextReferences\"\n }\n },\n {\n \"$ref\": \"#/components/schemas/AuthenticationContextReferences\"\n }\n ]\n },\n \"id_token_encryption_alg_values_supported\": {\n \"anyOf\": [\n {\n \"type\": \"array\",\n \"items\": {\n \"$ref\": \"#/components/schemas/SigningAlgo\"\n }\n },\n {\n \"$ref\": \"#/components/schemas/SigningAlgo\"\n }\n ]\n },\n \"id_token_encryption_enc_values_supported\": {\n \"anyOf\": [\n {\n \"type\": \"array\",\n \"items\": {\n \"type\": \"string\"\n }\n },\n {\n \"type\": \"string\"\n }\n ],\n \"description\": \"OPTIONAL. JSON array containing a list of the JWE encryption algorithms (enc values) supported by the OP for the ID Token to encode the Claims in a JWT [JWT].\"\n },\n \"userinfo_signing_alg_values_supported\": {\n \"anyOf\": [\n {\n \"type\": \"array\",\n \"items\": {\n \"$ref\": \"#/components/schemas/SigningAlgo\"\n }\n },\n {\n \"$ref\": \"#/components/schemas/SigningAlgo\"\n }\n ]\n },\n \"userinfo_encryption_alg_values_supported\": {\n \"anyOf\": [\n {\n \"type\": \"array\",\n \"items\": {\n \"$ref\": \"#/components/schemas/SigningAlgo\"\n }\n },\n {\n \"$ref\": \"#/components/schemas/SigningAlgo\"\n }\n ]\n },\n \"userinfo_encryption_enc_values_supported\": {\n \"anyOf\": [\n {\n \"type\": \"array\",\n \"items\": {\n \"type\": \"string\"\n }\n },\n {\n \"type\": \"string\"\n }\n ],\n \"description\": \"OPTIONAL. JSON array containing a list of the JWE encryption algorithms (enc values) [JWA] supported by the UserInfo Endpoint to encode the Claims in a JWT [JWT].\"\n },\n \"request_object_encryption_alg_values_supported\": {\n \"anyOf\": [\n {\n \"type\": \"array\",\n \"items\": {\n \"$ref\": \"#/components/schemas/SigningAlgo\"\n }\n },\n {\n \"$ref\": \"#/components/schemas/SigningAlgo\"\n }\n ]\n },\n \"request_object_encryption_enc_values_supported\": {\n \"anyOf\": [\n {\n \"type\": \"array\",\n \"items\": {\n \"type\": \"string\"\n }\n },\n {\n \"type\": \"string\"\n }\n ],\n \"description\": \"OPTIONAL. JSON array containing a list of the JWE encryption algorithms (enc values) supported by the OP for Request Objects. These algorithms are used both when the Request Object is passed by value and when it is passed by reference.\"\n },\n \"token_endpoint_auth_methods_supported\": {\n \"anyOf\": [\n {\n \"type\": \"array\",\n \"items\": {\n \"$ref\": \"#/components/schemas/TokenEndpointAuthMethod\"\n }\n },\n {\n \"$ref\": \"#/components/schemas/TokenEndpointAuthMethod\"\n }\n ]\n },\n \"token_endpoint_auth_signing_alg_values_supported\": {\n \"anyOf\": [\n {\n \"type\": \"array\",\n \"items\": {\n \"$ref\": \"#/components/schemas/SigningAlgo\"\n }\n },\n {\n \"$ref\": \"#/components/schemas/SigningAlgo\"\n }\n ]\n },\n \"display_values_supported\": {\n \"anyOf\": [\n {\n \"type\": \"array\",\n \"items\": {}\n },\n {}\n ],\n \"description\": \"OPTIONAL. JSON array containing a list of the display parameter values that the OpenID Provider supports. These values are described in Section 3.1.2.1 of OpenID Connect Core 1.0 [OpenID.Core].\"\n },\n \"claim_types_supported\": {\n \"anyOf\": [\n {\n \"type\": \"array\",\n \"items\": {\n \"$ref\": \"#/components/schemas/ClaimType\"\n }\n },\n {\n \"$ref\": \"#/components/schemas/ClaimType\"\n }\n ],\n \"description\": \"OPTIONAL. JSON array containing a list of the Claim Types that the OpenID Provider supports. These Claim Types are described in Section 5.6 of OpenID Connect Core 1.0 [OpenID.Core]. Values defined by this specification are normal, aggregated, and distributed. If omitted, the implementation supports only normal Claims.\"\n },\n \"claims_supported\": {\n \"anyOf\": [\n {\n \"type\": \"array\",\n \"items\": {\n \"type\": \"string\"\n }\n },\n {\n \"type\": \"string\"\n }\n ],\n \"description\": \"RECOMMENDED. JSON array containing a list of the Claim Names of the Claims that the OpenID Provider MAY be able to supply values for. Note that for privacy or other reasons, this might not be an exhaustive list.\"\n },\n \"service_documentation\": {\n \"type\": \"string\"\n },\n \"claims_locales_supported\": {\n \"anyOf\": [\n {\n \"type\": \"array\",\n \"items\": {\n \"type\": \"string\"\n }\n },\n {\n \"type\": \"string\"\n }\n ]\n },\n \"ui_locales_supported\": {\n \"anyOf\": [\n {\n \"type\": \"array\",\n \"items\": {\n \"type\": \"string\"\n }\n },\n {\n \"type\": \"string\"\n }\n ]\n },\n \"claims_parameter_supported\": {\n \"type\": \"boolean\"\n },\n \"request_parameter_supported\": {\n \"type\": \"boolean\"\n },\n \"request_uri_parameter_supported\": {\n \"type\": \"boolean\"\n },\n \"require_request_uri_registration\": {\n \"type\": \"boolean\"\n },\n \"op_policy_uri\": {\n \"type\": \"string\"\n },\n \"op_tos_uri\": {\n \"type\": \"string\"\n },\n \"id_token_types_supported\": {\n \"anyOf\": [\n {\n \"type\": \"array\",\n \"items\": {\n \"$ref\": \"#/components/schemas/IdTokenType\"\n }\n },\n {\n \"$ref\": \"#/components/schemas/IdTokenType\"\n }\n ]\n },\n \"vp_formats_supported\": {\n \"$ref\": \"#/components/schemas/Format\"\n }\n }\n }\n ]\n },\n \"Schema\": {\n \"type\": \"string\",\n \"enum\": [\"openid:\", \"openid-vc:\"]\n },\n \"ResponseIss\": {\n \"type\": \"string\",\n \"enum\": [\"https://self-issued.me\", \"https://self-issued.me/v2\", \"https://self-issued.me/v2/openid-vc\"]\n },\n \"ResponseType\": {\n \"type\": \"string\",\n \"enum\": [\"id_token\", \"vp_token\"]\n },\n \"Scope\": {\n \"type\": \"string\",\n \"enum\": [\"openid\", \"openid did_authn\", \"profile\", \"email\", \"address\", \"phone\"]\n },\n \"SubjectType\": {\n \"type\": \"string\",\n \"enum\": [\"public\", \"pairwise\"]\n },\n \"SigningAlgo\": {\n \"type\": \"string\",\n \"enum\": [\"EdDSA\", \"RS256\", \"PS256\", \"ES256\", \"ES256K\"]\n },\n \"ResponseMode\": {\n \"type\": \"string\",\n \"enum\": [\"fragment\", \"form_post\", \"post\", \"direct_post\", \"query\"]\n },\n \"GrantType\": {\n \"type\": \"string\",\n \"enum\": [\"authorization_code\", \"implicit\"]\n },\n \"AuthenticationContextReferences\": {\n \"type\": \"string\",\n \"enum\": [\"phr\", \"phrh\"]\n },\n \"TokenEndpointAuthMethod\": {\n \"type\": \"string\",\n \"enum\": [\"client_secret_post\", \"client_secret_basic\", \"client_secret_jwt\", \"private_key_jwt\"]\n },\n \"ClaimType\": {\n \"type\": \"string\",\n \"enum\": [\"normal\", \"aggregated\", \"distributed\"]\n },\n \"IdTokenType\": {\n \"type\": \"string\",\n \"enum\": [\"subject_signed\", \"attester_signed\"]\n }\n },\n \"methods\": {\n \"ebsiAccessTokenGet\": {\n \"description\": \"\",\n \"arguments\": {\n \"$ref\": \"#/components/schemas/EBSIAuthAccessTokenGetArgs\"\n },\n \"returnType\": {\n \"$ref\": \"#/components/schemas/GetAccessTokenResponse\"\n }\n },\n \"ebsiAuthorizationServerJwks\": {\n \"description\": \"\",\n \"arguments\": {\n \"$ref\": \"#/components/schemas/ApiOpts\"\n },\n \"returnType\": {\n \"$ref\": \"#/components/schemas/GetOIDProviderJwksResponse\"\n }\n },\n \"ebsiPresentationDefinitionGet\": {\n \"description\": \"\",\n \"arguments\": {\n \"$ref\": \"#/components/schemas/GetPresentationDefinitionArgs\"\n },\n \"returnType\": {\n \"$ref\": \"#/components/schemas/GetPresentationDefinitionResponse\"\n }\n },\n \"ebsiWellknownMetadata\": {\n \"description\": \"\",\n \"arguments\": {\n \"$ref\": \"#/components/schemas/ApiOpts\"\n },\n \"returnType\": {\n \"$ref\": \"#/components/schemas/GetOIDProviderMetadataResponse\"\n }\n }\n }\n }\n }\n}\n","import { Loggers } from '@sphereon/ssi-types'\n\nexport const logger = Loggers.DEFAULT.get('sphereon:mdoc')\nconst schema = require('../plugin.schema.json')\nexport { schema }\nexport { MDLMdoc, mdocSupportMethods } from './agent/mDLMdoc'\nexport * from './types/ImDLMdoc'\nexport * from './functions'\n","import mdocPkg from '@sphereon/kmp-mdoc-core'\nconst { com } = mdocPkg\nimport { calculateJwkThumbprint } from '@sphereon/ssi-sdk-ext.key-utils'\nimport { CertificateInfo, getCertificateInfo, pemOrDerToX509Certificate, X509ValidationResult } from '@sphereon/ssi-sdk-ext.x509-utils'\nimport { JWK } from '@sphereon/ssi-types'\nimport { IAgentPlugin } from '@veramo/core'\nimport { MdocOid4vpPresentArgs, MdocOid4VPPresentationAuth, MdocOid4vpRPVerifyArgs, MdocOid4vpRPVerifyResult, MdocOid4vpService, schema } from '..'\nimport { CoseCryptoService, X509CallbackService } from '../functions'\nimport {\n CborByteString,\n CoseCryptoServiceJS,\n CoseJoseKeyMappingService,\n CoseKeyCbor,\n DateTimeUtils,\n decodeFrom,\n DocumentCbor,\n DocumentDescriptorMatchResult,\n encodeTo,\n Encoding,\n GetX509CertificateInfoArgs,\n ImDLMdoc,\n IOid4VPPresentationDefinition,\n IRequiredContext,\n IVerifySignatureResult,\n KeyInfo,\n KeyType,\n Oid4VPPresentationSubmission,\n MdocValidations,\n MdocVerifyIssuerSignedArgs,\n VerifyCertificateChainArgs,\n} from '../types/ImDLMdoc'\n\nexport const mdocSupportMethods: Array<string> = [\n 'x509VerifyCertificateChain',\n 'x509GetCertificateInfo',\n 'mdocVerifyIssuerSigned',\n 'mdocOid4vpHolderPresent',\n 'mdocOid4vpRPVerify',\n]\n\n/**\n * The MDLMdoc class implements the IAgentPlugin interface, providing methods for\n * verification and information retrieval related to X.509 certificates and mDL (mobile\n * driver's license) documents.\n */\nexport class MDLMdoc implements IAgentPlugin {\n readonly schema = schema.IMDLMdoc\n readonly methods: ImDLMdoc = {\n x509VerifyCertificateChain: this.x509VerifyCertificateChain.bind(this),\n x509GetCertificateInfo: this.x509GetCertificateInfo.bind(this),\n mdocVerifyIssuerSigned: this.mdocVerifyIssuerSigned.bind(this),\n mdocOid4vpHolderPresent: this.mdocOid4vpHolderPresent.bind(this),\n mdocOid4vpRPVerify: this.mdocOid4vpRPVerify.bind(this),\n }\n private readonly trustAnchors: string[]\n private opts: {\n trustRootWhenNoAnchors?: boolean\n allowSingleNoCAChainElement?: boolean\n blindlyTrustedAnchors?: string[]\n }\n\n constructor(args?: {\n trustAnchors?: string[]\n opts?: {\n // Trust the supplied root from the chain, when no anchors are being passed in.\n trustRootWhenNoAnchors?: boolean\n // Do not perform a chain validation check if the chain only has a single value. This means only the certificate itself will be validated. No chain checks for CA certs will be performed. Only used when the cert has no issuer\n allowSingleNoCAChainElement?: boolean\n // WARNING: Do not use in production\n // Similar to regular trust anchors, but no validation is performed whatsoever. Do not use in production settings! Can be handy with self generated certificates as we perform many validations, making it hard to test with self-signed certs. Only applied in case a chain with 1 element is passed in to really make sure people do not abuse this option\n blindlyTrustedAnchors?: string[]\n }\n }) {\n this.trustAnchors = args?.trustAnchors ?? []\n this.opts = args?.opts ?? { trustRootWhenNoAnchors: true }\n }\n\n /**\n * Processes and verifies the provided mdoc, generates device response and presentation submission tokens.\n *\n * @param {MdocOid4vpPresentArgs} args - An object containing arguments for mdoc oid4vp holder presentation.\n * @param {IRequiredContext} _context - Required context for the operation.\n * @return {Promise<MdocOid4VPPresentationAuth>} A promise that resolves to an object containing vp_token and presentation_submission.\n */\n private async mdocOid4vpHolderPresent(args: MdocOid4vpPresentArgs, _context: IRequiredContext): Promise<MdocOid4VPPresentationAuth> {\n const { mdocs, presentationDefinition, trustAnchors, verifications, mdocHolderNonce, authorizationRequestNonce, responseUri, clientId } = args\n\n const oid4vpService = new MdocOid4vpService()\n // const mdoc = DocumentCbor.Static.cborDecode(decodeFrom(mdocBase64Url, Encoding.BASE64URL))\n const validate = async (mdoc: DocumentCbor) => {\n try {\n const result = await MdocValidations.fromDocumentAsync(\n mdoc,\n null,\n trustAnchors ?? this.trustAnchors,\n DateTimeUtils.Static.DEFAULT.dateTimeLocal((verifications?.verificationTime?.getTime() ?? Date.now()) / 1000),\n verifications?.allowExpiredDocuments,\n )\n if (result.error) {\n console.log(JSON.stringify(result, null, 2))\n }\n return result\n } catch (e) {\n console.log(e)\n return {\n error: true,\n verifications: [\n {\n name: 'mdoc',\n error: true,\n critical: true,\n message: e.message as string,\n },\n ],\n }\n }\n }\n\n const allMatches: DocumentDescriptorMatchResult[] = oid4vpService.matchDocumentsAndDescriptors(\n mdocHolderNonce,\n mdocs,\n presentationDefinition as IOid4VPPresentationDefinition,\n )\n const docsAndDescriptors: DocumentDescriptorMatchResult[] = []\n let lastError: mdocPkg.com.sphereon.crypto.generic.IVerifyResults<mdocPkg.com.sphereon.crypto.cose.ICoseKeyCbor> | undefined = undefined\n for (let match of allMatches) {\n if (match.document) {\n const result = await validate(match.document)\n if (!result.error || responseUri.includes('openid.net')) {\n // TODO: We relax for the conformance suite, as the cert would be invalid\n try {\n const cborKey = result.keyInfo?.key ? CoseKeyCbor.Static.fromDTO(result.keyInfo.key) : undefined\n if (!cborKey) {\n throw Error('No key found in result')\n }\n let jwk = CoseJoseKeyMappingService.toJoseJwk(cborKey).toJsonDTO<JWK>()\n if (!result.keyInfo?.kmsKeyRef) {\n const keyInfo = result.keyInfo!\n const kid = jwk.kid ?? calculateJwkThumbprint({ jwk: jwk })\n\n const key = await _context.agent.keyManagerGet({ kid })\n const kms = key.kms\n const kmsKeyRef = key.meta?.kmsKeyRef\n const updateCborKey = cborKey.copy(false, cborKey.kty, cborKey.kid ?? new CborByteString(decodeFrom(kid, Encoding.UTF8)))\n const deviceKeyInfo = KeyInfo.Static.fromDTO(keyInfo).copy(\n kid,\n updateCborKey,\n keyInfo.opts,\n keyInfo.keyVisibility,\n keyInfo.signatureAlgorithm,\n keyInfo.x5c,\n kmsKeyRef,\n kms,\n )\n const updateMatch = match.copy(match.inputDescriptor, match.document, match.documentError, deviceKeyInfo)\n match = updateMatch\n }\n } catch (e: any) {\n console.log(`We tied to ammend key info from the KMS, but failed. Potential trouble ahead ${e.message}`, e)\n }\n\n docsAndDescriptors.push(match)\n } else if (result.error) {\n lastError = result\n }\n }\n }\n if (docsAndDescriptors.length === 0) {\n if (lastError) {\n return Promise.reject(Error(lastError.verifications[0].message ?? 'No matching documents found'))\n }\n return Promise.reject(Error('No matching documents found'))\n }\n const deviceResponse = await oid4vpService.createDeviceResponse(\n docsAndDescriptors,\n presentationDefinition as IOid4VPPresentationDefinition,\n clientId,\n responseUri,\n authorizationRequestNonce,\n )\n const vp_token = encodeTo(deviceResponse.cborEncode(), Encoding.BASE64URL)\n const presentation_submission = Oid4VPPresentationSubmission.Static.fromPresentationDefinition(\n presentationDefinition as IOid4VPPresentationDefinition,\n )\n return { vp_token, presentation_submission }\n }\n\n /**\n * Verifies on the Relying Party (RP) side for mdoc (mobile document) OIDC4VP (OpenID Connect for Verifiable Presentations).\n *\n * @param {MdocOid4vpRPVerifyArgs} args - The arguments required for verification, including the vp_token, presentation_submission, and trustAnchors.\n * @param {IRequiredContext} _context - The required context for this method.\n * @return {Promise<MdocOid4vpRPVerifyResult>} - A promise that resolves to an object containing error status,\n * validated documents, and the original presentation submission.\n */\n private async mdocOid4vpRPVerify(args: MdocOid4vpRPVerifyArgs, _context: IRequiredContext): Promise<MdocOid4vpRPVerifyResult> {\n const { vp_token, presentation_submission, trustAnchors } = args\n const deviceResponse = com.sphereon.mdoc.data.device.DeviceResponseCbor.Static.cborDecode(decodeFrom(vp_token, Encoding.BASE64URL))\n if (!deviceResponse.documents) {\n return Promise.reject(Error(`No documents found in vp_token`))\n }\n let error = false\n const documents = await Promise.all(\n deviceResponse.documents.map(async (document) => {\n try {\n const validations = await MdocValidations.fromDocumentAsync(document, null, trustAnchors ?? this.trustAnchors)\n if (!validations || validations.error) {\n error = true\n }\n if (presentation_submission.descriptor_map.find((m) => m.id === document.docType.value) === null) {\n error = true\n validations.verifications.push({\n name: 'mdoc',\n error,\n critical: error,\n message: `No descriptor map id with document type ${document.docType.value} present`,\n })\n }\n return { document: document.toJson(), validations }\n } catch (e) {\n error = true\n return {\n document: document.toJson(),\n validations: {\n error: true,\n verifications: [\n {\n name: 'mdoc',\n error,\n critical: true,\n message: e.message as string,\n },\n ],\n },\n }\n }\n }),\n )\n if (error) {\n console.log(JSON.stringify(documents, null, 2))\n }\n return { error, documents, presentation_submission }\n }\n\n /**\n * Verifies the issuer-signed Mobile Document (mDoc) using the provided arguments and context.\n *\n * @param {MdocVerifyIssuerSignedArgs} args - The arguments required for verification, including input and key information.\n * @param {IRequiredContext} context - The context encompassing necessary dependencies and configurations.\n * @return {Promise<IVerifySignatureResult<KeyType>>} A promise that resolves to the result of the signature verification, including key information if available.\n */\n private async mdocVerifyIssuerSigned(args: MdocVerifyIssuerSignedArgs, context: IRequiredContext): Promise<IVerifySignatureResult<KeyType>> {\n const { input, keyInfo, requireX5Chain } = args\n const coseKeyInfo = keyInfo && CoseJoseKeyMappingService.toCoseKeyInfo(keyInfo)\n const verification = await new CoseCryptoServiceJS(new CoseCryptoService(context)).verify1(\n com.sphereon.crypto.cose.CoseSign1Json.Static.fromDTO(input).toCbor(),\n coseKeyInfo,\n requireX5Chain,\n )\n return { ...verification, keyInfo: keyInfo }\n }\n\n /**\n * Verifies an X.509 certificate chain against a set of trust anchors.\n *\n * @param {VerifyCertificateChainArgs} args - The arguments required for verifying the certificate chain.\n * This includes the certificate chain to be verified and any additional trust anchors to be used.\n * @param {IRequiredContext} _context - The context required for verification, including necessary dependencies and settings.\n * @return {Promise<X509ValidationResult>} A promise that resolves to the result of the validation process, indicating the success or failure of the certificate chain verification.\n */\n private async x509VerifyCertificateChain(args: VerifyCertificateChainArgs, _context: IRequiredContext): Promise<X509ValidationResult> {\n const mergedAnchors: string[] = [...this.trustAnchors, ...(args.trustAnchors ?? [])]\n const trustAnchors = new Set<string>(mergedAnchors)\n const validationResult = await new X509CallbackService(Array.from(mergedAnchors)).verifyCertificateChain({\n ...args,\n trustAnchors: Array.from(trustAnchors),\n opts: { ...args?.opts, ...this.opts },\n })\n console.log(\n `x509 validation for ${validationResult.error ? 'Error' : 'Success'}. message: ${validationResult.message}, details: ${validationResult.detailMessage}`,\n )\n return validationResult\n }\n\n /**\n * Extracts information from a list of X509 certificates.\n *\n * @param {GetX509CertificateInfoArgs} args - Arguments required to retrieve certificate information,\n * including the certificates and optional Subject Alternative Name (SAN) type filter.\n * @param {IRequiredContext} context - The context required for the operation, which may include\n * logging, configuration, and other operational details.\n * @return {Promise<CertificateInfo[]>} A promise that resolves with an array of certificate\n * information objects, each containing details extracted from individual certificates.\n */\n private async x509GetCertificateInfo(args: GetX509CertificateInfoArgs, context: IRequiredContext): Promise<CertificateInfo[]> {\n const certificates = args.certificates.map((cert) => pemOrDerToX509Certificate(cert))\n return await Promise.all(certificates.map((cert) => getCertificateInfo(cert, args.sanTypeFilter && { sanTypeFilter: args.sanTypeFilter })))\n }\n}\n","import mdocPkg from '@sphereon/kmp-mdoc-core'\nconst { com } = mdocPkg\nimport { Nullable } from '@sphereon/kmp-mdoc-core'\n\nimport { calculateJwkThumbprint, globalCrypto, verifyRawSignature } from '@sphereon/ssi-sdk-ext.key-utils'\nimport {\n CertificateInfo,\n derToPEM,\n getCertificateInfo,\n getSubjectDN,\n pemOrDerToX509Certificate,\n validateX509CertificateChain,\n X509ValidationResult,\n} from '@sphereon/ssi-sdk-ext.x509-utils'\nimport { JWK } from '@sphereon/ssi-types'\nimport * as crypto from 'crypto'\nimport { Certificate, CryptoEngine, setEngine } from 'pkijs'\n// @ts-ignore\nimport { fromString } from 'uint8arrays/from-string'\nimport { IRequiredContext, VerifyCertificateChainArgs } from '../types/ImDLMdoc'\n\ntype CoseKeyCbor = mdocPkg.com.sphereon.crypto.cose.CoseKeyCbor\ntype ICoseKeyCbor = mdocPkg.com.sphereon.crypto.cose.ICoseKeyCbor\ntype ToBeSignedCbor = mdocPkg.com.sphereon.crypto.cose.ToBeSignedCbor\nconst CoseJoseKeyMappingService = com.sphereon.crypto.CoseJoseKeyMappingService\ntype SignatureAlgorithm = mdocPkg.com.sphereon.crypto.generic.SignatureAlgorithm\ntype ICoseCryptoCallbackJS = mdocPkg.com.sphereon.crypto.ICoseCryptoCallbackJS\ntype IKey = mdocPkg.com.sphereon.crypto.IKey\ntype IX509ServiceJS = mdocPkg.com.sphereon.crypto.IX509ServiceJS\ntype Jwk = mdocPkg.com.sphereon.crypto.jose.Jwk\nconst KeyInfo = mdocPkg.com.sphereon.crypto.KeyInfo\ntype X509VerificationProfile = mdocPkg.com.sphereon.crypto.X509VerificationProfile\nconst DateTimeUtils = mdocPkg.com.sphereon.kmp.DateTimeUtils\nconst decodeFrom = mdocPkg.com.sphereon.kmp.decodeFrom\nconst encodeTo = mdocPkg.com.sphereon.kmp.encodeTo\nconst Encoding = mdocPkg.com.sphereon.kmp.Encoding\ntype LocalDateTimeKMP = mdocPkg.com.sphereon.kmp.LocalDateTimeKMP\nconst SignatureAlgorithm = mdocPkg.com.sphereon.crypto.generic.SignatureAlgorithm\nconst DefaultCallbacks = mdocPkg.com.sphereon.crypto.DefaultCallbacks\n\nexport class CoseCryptoService implements ICoseCryptoCallbackJS {\n constructor(private context?: IRequiredContext) {}\n\n setContext(context: IRequiredContext) {\n this.context = context\n }\n\n async signAsync(input: ToBeSignedCbor, requireX5Chain: Nullable<boolean>): Promise<Int8Array> {\n if (!this.context) {\n throw Error('No context provided. Please provide a context with the setContext method or constructor')\n }\n const { keyInfo, alg, value } = input\n let kmsKeyRef = keyInfo.kmsKeyRef ?? undefined\n if (!kmsKeyRef) {\n const key = keyInfo.key\n if (key == null) {\n return Promise.reject(Error('No key present in keyInfo. This implementation cannot sign without a key!'))\n }\n const resolvedKeyInfo = com.sphereon.crypto.ResolvedKeyInfo.Static.fromKeyInfo(keyInfo, key)\n const jwkKeyInfo: mdocPkg.com.sphereon.crypto.ResolvedKeyInfo<Jwk> = CoseJoseKeyMappingService.toResolvedJwkKeyInfo(resolvedKeyInfo)\n\n const kid = jwkKeyInfo.kid ?? calculateJwkThumbprint({ jwk: jwkKeyInfo.key.toJsonDTO() }) ?? jwkKeyInfo.key.getKidAsString(true)\n if (!kid) {\n return Promise.reject(Error('No kid present and not kmsKeyRef provided'))\n }\n kmsKeyRef = kid\n }\n const result = await this.context.agent.keyManagerSign({\n algorithm: alg.jose!!.value,\n data: encodeTo(value, Encoding.UTF8),\n encoding: 'utf-8',\n keyRef: kmsKeyRef!!,\n })\n return decodeFrom(result, Encoding.UTF8)\n }\n\n async verify1Async<CborType>(\n input: mdocPkg.com.sphereon.crypto.cose.CoseSign1Cbor<CborType>,\n keyInfo: mdocPkg.com.sphereon.crypto.IKeyInfo<ICoseKeyCbor>,\n requireX5Chain: Nullable<boolean>,\n ): Promise<mdocPkg.com.sphereon.crypto.generic.IVerifySignatureResult<ICoseKeyCbor>> {\n const getCertAndKey = async (\n x5c: Nullable<Array<string>>,\n ): Promise<{\n issuerCert?: Certificate\n issuerJwk?: Jwk\n }> => {\n if (requireX5Chain && (!x5c || x5c.length === 0)) {\n // We should not be able to get here anyway, as the MLD-mdoc library already validated at this point. But let's make sure\n return Promise.reject(new Error(`No x5chain was present in the CoseSign headers!`))\n }\n // TODO: According to the IETF spec there should be a x5t in case the x5chain is in the protected headers. In the Funke this does not seem to be done/used!\n issuerCert = x5c ? pemOrDerToX509Certificate(x5c[0]) : undefined\n let issuerJwk: Jwk | undefined\n if (issuerCert) {\n const info = await getCertificateInfo(issuerCert)\n issuerJwk = info.publicKeyJWK\n }\n return { issuerCert, issuerJwk }\n }\n\n const coseKeyInfo = CoseJoseKeyMappingService.toCoseKeyInfo(keyInfo)\n\n if (coseKeyInfo?.key?.d) {\n throw Error('Do not use private keys to verify!')\n } else if (!input.payload?.value) {\n return Promise.reject(Error('Signature validation without payload not supported'))\n }\n const sign1Json = input.toJson() // Let's make it a bit easier on ourselves, instead of working with CBOR\n const coseAlg = sign1Json.protectedHeader.alg\n if (!coseAlg) {\n return Promise.reject(Error('No alg protected header present'))\n }\n\n let issuerCert: Certificate | undefined\n let issuerCoseKey: CoseKeyCbor | undefined\n let kid = coseKeyInfo?.kid ?? sign1Json.protectedHeader.kid ?? sign1Json.unprotectedHeader?.kid\n // Please note this method does not perform chain validation. The MDL-MSO_MDOC library already performed this before this step\n const x5c = coseKeyInfo?.key?.getX509CertificateChain() ?? sign1Json.protectedHeader?.x5chain ?? sign1Json.unprotectedHeader?.x5chain\n if (!coseKeyInfo || !coseKeyInfo?.key || coseKeyInfo?.key?.x5chain) {\n const certAndKey = await getCertAndKey(x5c)\n issuerCoseKey = certAndKey.issuerJwk ? CoseJoseKeyMappingService.toCoseKey(certAndKey.issuerJwk) : undefined\n issuerCert = certAndKey.issuerCert\n }\n if (!issuerCoseKey) {\n if (!coseKeyInfo?.key) {\n return Promise.reject(Error(`Either a x5c needs to be in the headers, or you need to provide a key for verification`))\n }\n if (kid === null) {\n kid = coseKeyInfo.key.getKidAsString(false)\n }\n issuerCoseKey = com.sphereon.crypto.cose.CoseKeyCbor.Static.fromDTO(coseKeyInfo.key)\n }\n\n const issuerCoseKeyInfo = new KeyInfo<CoseKeyCbor>(\n kid,\n issuerCoseKey,\n coseKeyInfo.opts,\n coseKeyInfo.keyVisibility,\n issuerCoseKey.getSignatureAlgorithm() ?? coseKeyInfo.signatureAlgorithm,\n x5c,\n coseKeyInfo.kmsKeyRef,\n coseKeyInfo.kms,\n coseKeyInfo.keyType ?? issuerCoseKey.getKty(),\n )\n const recalculatedToBeSigned = input.toBeSignedJson(issuerCoseKeyInfo, SignatureAlgorithm.Static.fromCose(coseAlg))\n const key = CoseJoseKeyMappingService.toJoseJwk(issuerCoseKeyInfo.key!).toJsonDTO<JWK>()\n const valid = await verifyRawSignature({\n data: fromString(recalculatedToBeSigned.base64UrlValue, 'base64url'),\n signature: fromString(sign1Json.signature, 'base64url'),\n key,\n })\n\n return {\n name: 'mdoc',\n critical: true,\n error: !valid,\n message: `Signature of '${issuerCert ? getSubjectDN(issuerCert).DN : kid}' was ${valid ? '' : 'in'}valid`,\n keyInfo: issuerCoseKeyInfo,\n } satisfies mdocPkg.com.sphereon.crypto.generic.IVerifySignatureResult<ICoseKeyCbor>\n }\n\n resolvePublicKeyAsync<KT extends mdocPkg.com.sphereon.crypto.IKey>(\n keyInfo: mdocPkg.com.sphereon.crypto.IKeyInfo<KT>,\n ): Promise<mdocPkg.com.sphereon.crypto.IResolvedKeyInfo<KT>> {\n if (keyInfo.key) {\n return Promise.resolve(CoseJoseKeyMappingService.toResolvedKeyInfo(keyInfo, keyInfo.key))\n }\n return Promise.reject(Error('No key present in keyInfo. This implementation cannot resolve public keys on its own currently!'))\n }\n}\n\n/**\n * This class can be used for X509 validations.\n * Either have an instance per trustedCerts and verification invocation or use a single instance and provide the trusted certs in the method argument\n *\n * The class is also registered with the low-level mDL/mdoc Kotlin Multiplatform library\n * Next to the specific function for the library it exports a more powerful version of the same verification method as well\n */\nexport class X509CallbackService implements IX509ServiceJS {\n private _trustedCerts?: Array<string>\n\n constructor(trustedCerts?: Array<string>) {\n this.setTrustedCerts(trustedCerts)\n }\n\n /**\n * A more powerful version of the method below. Allows to verify at a specific time and returns more information\n * @param chain\n * @param trustAnchors\n * @param verificationTime\n */\n async verifyCertificateChain({\n chain,\n trustAnchors = this.getTrustedCerts(),\n verificationTime,\n opts,\n }: VerifyCertificateChainArgs): Promise<X509ValidationResult> {\n return await validateX509CertificateChain({\n chain,\n trustAnchors,\n verificationTime,\n opts,\n })\n }\n\n /**\n * This method is the implementation used within the mDL/Mdoc library\n */\n async verifyCertificateChainJS<KeyType extends IKey>(\n chainDER: Nullable<Int8Array[]>,\n chainPEM: Nullable<string[]>,\n trustedCerts: Nullable<string[]>,\n verificationProfile?: X509VerificationProfile | undefined,\n verificationTime?: Nullable<LocalDateTimeKMP>,\n ): Promise<mdocPkg.com.sphereon.crypto.IX509VerificationResult<KeyType>> {\n const verificationAt = verificationTime ?? DateTimeUtils.Static.DEFAULT.dateTimeLocal()\n let chain: Array<string | Uint8Array> = []\n if (chainDER && chainDER.length > 0) {\n chain = chainDER.map((der) => Uint8Array.from(der))\n }\n if (chainPEM && chainPEM.length > 0) {\n chain = (chain ?? []).concat(chainPEM)\n }\n const result = await validateX509CertificateChain({\n chain: chain, // The function will handle an empty array\n trustAnchors: trustedCerts ?? this.getTrustedCerts(),\n verificationTime: new Date(verificationAt.toEpochSeconds().toULong() * 1000),\n opts: { trustRootWhenNoAnchors: true },\n })\n\n const cert: CertificateInfo | undefined = result.certificateChain ? result.certificateChain[result.certificateChain.length - 1] : undefined\n\n return {\n publicKey: cert?.publicKeyJWK as KeyType, // fixme\n publicKeyAlgorithm: cert?.publicKeyJWK?.alg,\n name: 'x.509',\n critical: result.critical,\n message: result.message,\n error: result.error,\n verificationTime: verificationAt,\n } satisfies mdocPkg.com.sphereon.crypto.IX509VerificationResult<KeyType>\n }\n\n setTrustedCerts = (trustedCertsInPEM?: Array<string>) => {\n this._trustedCerts = trustedCertsInPEM?.map((cert) => {\n if (cert.includes('CERTIFICATE')) {\n // PEM\n return cert\n }\n return derToPEM(cert)\n })\n }\n\n getTrustedCerts = () => this._trustedCerts\n}\n\nconst defaultCryptoEngine = () => {\n // @ts-ignore\n if (typeof self !== 'undefined') {\n // @ts-ignore\n if ('crypto' in self) {\n let engineName = 'webcrypto'\n // @ts-ignore\n if ('webkitSubtle' in self.crypto) {\n engineName = 'safari'\n }\n // @ts-ignore\n setEngine(engineName, new CryptoEngine({ name: engineName, crypto: crypto }))\n }\n } else if (typeof crypto !== 'undefined' && 'webcrypto' in crypto) {\n const name = 'NodeJS ^15'\n const nodeCrypto = crypto.webcrypto\n // @ts-ignore\n setEngine(name, new CryptoEngine({ name, crypto: nodeCrypto }))\n } else {\n // @ts-ignore\n const name = 'crypto'\n setEngine(name, new CryptoEngine({ name, crypto: globalCrypto(false) }))\n }\n}\n\ndefaultCryptoEngine()\n\n// We register the services with the mDL/mdoc library. Please note that the context is not passed in, meaning we cannot sign by default.\nDefaultCallbacks.setCoseCryptoDefault(new CoseCryptoService())\nDefaultCallbacks.setX509Default(new X509CallbackService())\n","import mdocPkg from '@sphereon/kmp-mdoc-core'\nconst { com } = mdocPkg\nimport { PresentationDefinitionV2, PresentationSubmission } from '@sphereon/pex-models'\nimport { ISphereonKeyManager } from '@sphereon/ssi-sdk-ext.key-manager'\nimport { CertificateInfo, SubjectAlternativeGeneralName, X509ValidationResult } from '@sphereon/ssi-sdk-ext.x509-utils'\nimport { IAgentContext, IDIDManager, IPluginMethodMap, IResolver } from '@veramo/core'\nexport type IKey = mdocPkg.com.sphereon.crypto.IKey\nexport type CoseSign1Json = mdocPkg.com.sphereon.crypto.cose.CoseSign1Json\nexport type CoseSign1Cbor<Any> = mdocPkg.com.sphereon.crypto.cose.CoseSign1Cbor<Any>\nexport type ICoseKeyCbor = mdocPkg.com.sphereon.crypto.cose.ICoseKeyCbor\nexport type ICoseKeyJson = mdocPkg.com.sphereon.crypto.cose.ICoseKeyJson\nexport type IKeyInfo<KT extends IKey = IKey> = mdocPkg.com.sphereon.crypto.IKeyInfo<KT>\nexport type IVerifyResults<KT extends IKey> = mdocPkg.com.sphereon.crypto.generic.IVerifyResults<KT>\nexport type IVerifySignatureResult<KT extends IKey> = mdocPkg.com.sphereon.crypto.generic.IVerifySignatureResult<KT>\nexport type DocumentJson = mdocPkg.com.sphereon.mdoc.data.device.DocumentJson\nexport type DocumentCbor = mdocPkg.com.sphereon.mdoc.data.device.DocumentCbor\nexport const CborByteString = com.sphereon.cbor.CborByteString\nexport const CoseKeyCbor = com.sphereon.crypto.cose.CoseKeyCbor\nexport const CoseCryptoServiceJS = com.sphereon.crypto.CoseCryptoServiceJS\nexport const CoseJoseKeyMappingService = com.sphereon.crypto.CoseJoseKeyMappingService\nexport const KeyInfo = com.sphereon.crypto.KeyInfo\nexport const DateTimeUtils = com.sphereon.kmp.DateTimeUtils\nexport const decodeFrom = com.sphereon.kmp.decodeFrom\nexport const encodeTo = com.sphereon.kmp.encodeTo\nexport const Encoding = com.sphereon.kmp.Encoding\nexport const MdocValidations = com.sphereon.mdoc.data.MdocValidations\nexport const MdocOid4vpService = com.sphereon.mdoc.oid4vp.MdocOid4vpServiceJs\nexport const Jwk = com.sphereon.crypto.jose.Jwk\nexport type DocumentDescriptorMatchResult = mdocPkg.com.sphereon.mdoc.oid4vp.DocumentDescriptorMatchResult\nexport type IOid4VPPresentationDefinition = mdocPkg.com.sphereon.mdoc.oid4vp.IOid4VPPresentationDefinition\nexport const Oid4VPPresentationSubmission = com.sphereon.mdoc.oid4vp.Oid4VPPresentationSubmission\n\nexport interface ImDLMdoc extends IPluginMethodMap {\n // TODO: Extract cert methods to its own plugin\n x509VerifyCertificateChain(args: VerifyCertificateChainArgs, context: IRequiredContext): Promise<X509ValidationResult>\n\n x509GetCertificateInfo(args: GetX509CertificateInfoArgs, context: IRequiredContext): Promise<CertificateInfo[]>\n\n mdocVerifyIssuerSigned(args: MdocVerifyIssuerSignedArgs, context: IRequiredContext): Promise<IVerifySignatureResult<KeyType>>\n\n mdocOid4vpHolderPresent(args: MdocOid4vpPresentArgs, context: IRequiredContext): Promise<MdocOid4VPPresentationAuth>\n\n mdocOid4vpRPVerify(args: MdocOid4vpRPVerifyArgs, _context: IRequiredContext): Promise<MdocOid4vpRPVerifyResult>\n}\n\nexport type IRequiredContext = IAgentContext<ISphereonKeyManager & IDIDManager & IResolver>\nexport type VerifyCertificateChainArgs = {\n chain: Array<string | Uint8Array>\n trustAnchors?: string[]\n verificationTime?: Date\n opts?: {\n // If no trust anchor is found, but the chain itself checks out, allow. (defaults to false:)\n allowNoTrustAnchorsFound?: boolean\n // Trust the supplied root from the chain, when no anchors are being passed in.\n trustRootWhenNoAnchors?: boolean\n // Do not perform a chain validation check if the chain only has a single value. This means only the certificate itself will be validated. No chain checks for CA certs will be performed. Only used when the cert has no issuer\n allowSingleNoCAChainElement?: boolean\n // WARNING: Do not use in production\n // Similar to regular trust anchors, but no validation is performed whatsover. Do not use in production settings! Can be handy with self generated certificates as we perform many validations, making it hard to test with self-signed certs. Only applied in case a chain with 1 element is passed in to really make sure people do not abuse this option\n blindlyTrustedAnchors?: string[]\n }\n}\n\nexport type GetX509CertificateInfoArgs = {\n certificates: (string | Uint8Array)[] // pem or der\n sanTypeFilter?: SubjectAlternativeGeneralName | SubjectAlternativeGeneralName[]\n}\n\nexport type KeyType = ICoseKeyJson\nexport type MdocVerifyIssuerSignedArgs = {\n input: CoseSign1Json\n keyInfo?: IKeyInfo<KeyType>\n requireX5Chain?: boolean\n}\n\nexport interface MdocOid4VPPresentationAuth {\n vp_token: string\n presentation_submission: PresentationSubmission\n}\n\nexport interface MdocOid4vpPresentArgs {\n mdocs: DocumentCbor[]\n mdocHolderNonce?: string\n presentationDefinition: PresentationDefinitionV2\n trustAnchors?: string[]\n verifications?: VerificationOptions\n clientId: string\n responseUri: string\n authorizationRequestNonce: string\n}\n\nexport type VerificationOptions = {\n allowExpiredDocuments?: boolean\n verificationTime?: Date\n}\n\nexport type DocumentVerifyResult = { document: DocumentJson; validations: IVerifyResults<ICoseKeyCbor> }\nexport type MdocOid4vpRPVerifyResult = { error: boolean; documents: Array<DocumentVerifyResult>; presentation_submission: PresentationSubmission }\n\nexport interface MdocOid4vpRPVerifyArgs {\n vp_token: string\n presentation_submission: PresentationSubmission\n trustAnchors?: string[]\n}\n"],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAAA;AAAA,gCAAAA,SAAA;AAAA,IAAAA,QAAA;AAAA,MACE,0BAA4B;AAAA,QAC1B,YAAc;AAAA,UACZ,SAAW;AAAA,YACT,4BAA8B;AAAA,cAC5B,MAAQ;AAAA,cACR,YAAc;AAAA,gBACZ,IAAM;AAAA,kBACJ,MAAQ;AAAA,gBACV;AAAA,gBACA,cAAgB;AAAA,kBACd,MAAQ;AAAA,gBACV;AAAA,gBACA,KAAO;AAAA,kBACL,MAAQ;AAAA,gBACV;AAAA,gBACA,KAAO;AAAA,kBACL,MAAQ;AAAA,gBACV;AAAA,gBACA,OAAS;AAAA,kBACP,MAAQ;AAAA,gBACV;AAAA,gBACA,SAAW;AAAA,kBACT,MAAQ;AAAA,gBACV;AAAA,cACF;AAAA,cACA,UAAY,CAAC,MAAM,gBAAgB,OAAO,OAAO,SAAS,SAAS;AAAA,YACrE;AAAA,YACA,mBAAqB;AAAA,cACnB,MAAQ;AAAA,cACR,MAAQ,CAAC,eAAe,cAAc,cAAc,aAAa,mBAAmB,iBAAiB,cAAc,WAAW;AAAA,YAChI;AAAA,YACA,WAAa;AAAA,cACX,MAAQ;AAAA,cACR,MAAQ;AAAA,gBACN;AAAA,gBACA;AAAA,gBACA;AAAA,gBACA;AAAA,gBACA;AAAA,gBACA;AAAA,gBACA;AAAA,gBACA;AAAA,gBACA;AAAA,cACF;AAAA,cACA,aAAe;AAAA,YACjB;AAAA,YACA,+BAAiC;AAAA,cAC/B,MAAQ;AAAA,cACR,YAAc;AAAA,gBACZ,aAAe;AAAA,kBACb,MAAQ;AAAA,gBACV;AAAA,gBACA,SAAW;AAAA,kBACT,MAAQ;AAAA,gBACV;AAAA,cACF;AAAA,YACF;AAAA,YACA,iBAAmB;AAAA,cACjB,MAAQ;AAAA,cACR,MAAQ,CAAC,SAAS,eAAe,kBAAkB;AAAA,YACrD;AAAA,YACA,gBAAkB;AAAA,cAChB,MAAQ;AAAA,cACR,MAAQ,CAAC,MAAM,MAAM,IAAI;AAAA,YAC3B;AAAA,YACA,wBAA0B;AAAA,cACxB,OAAS;AAAA,gBACP;AAAA,kBACE,MAAQ;AAAA,gBACV;AAAA,gBACA;AAAA,kBACE,MAAQ;AAAA,gBACV;AAAA,cACF;AAAA,YACF;AAAA,YACA,+BAAiC;AAAA,cAC/B,MAAQ;AAAA,cACR,YAAc;AAAA,gBACZ,cAAgB;AAAA,kBACd,MAAQ;AAAA,gBACV;AAAA,gBACA,YAAc;AAAA,kBACZ,MAAQ;AAAA,gBACV;AAAA,gBACA,YAAc;AAAA,kBACZ,MAAQ;AAAA,gBACV;AAAA,gBACA,OAAS;AAAA,kBACP,MAAQ;AAAA,gBACV;AAAA,gBACA,UAAY;AAAA,kBACV,MAAQ;AAAA,gBACV;AAAA,gBACA,SAAW;AAAA,kBACT,MAAQ;AAAA,gBACV;AAAA,cACF;AAAA,cACA,UAAY,CAAC,gBAAgB,cAAc,SAAS,YAAY,SAAS;AAAA,YAC3E;AAAA,YACA,WAAa;AAAA,cACX,MAAQ;AAAA,cACR,OAAS;AAAA,YACX;AAAA,YACA,SAAW;AAAA,cACT,MAAQ;AAAA,cACR,YAAc;AAAA,gBACZ,aAAe;AAAA,kBACb,MAAQ;AAAA,gBACV;AAAA,gBACA,SAAW;AAAA,kBACT,MAAQ;AAAA,gBACV;AAAA,cACF;AAAA,cACA,UAAY,CAAC,SAAS;AAAA,YACxB;AAAA,YACA,mBAAqB;AAAA,cACnB,MAAQ;AAAA,cACR,YAAc;AAAA,gBACZ,MAAQ;AAAA,kBACN,MAAQ;AAAA,gBACV;AAAA,gBACA,OAAS;AAAA,kBACP,MAAQ;AAAA,gBACV;AAAA,gBACA,QAAU;AAAA,kBACR,MAAQ;AAAA,gBACV;AAAA,gBACA,QAAU;AAAA,kBACR,MAAQ;AAAA,gBACV;AAAA,gBACA,UAAY;AAAA,kBACV,MAAQ;AAAA,gBACV;AAAA,cACF;AAAA,YACF;AAAA,YACA,4BAA8B;AAAA,cAC5B,OAAS;AAAA,gBACP;AAAA,kBACE,MAAQ;AAAA,gBACV;AAAA,gBACA;AAAA,kBACE,MAAQ;AAAA,gBACV;AAAA,cACF;AAAA,YACF;AAAA,YACA,mCAAqC;AAAA,cACnC,MAAQ;AAAA,cACR,YAAc;AAAA,gBACZ,MAAQ;AAAA,kBACN,MAAQ;AAAA,kBACR,OAAS;AAAA,oBACP,MAAQ;AAAA,kBACV;AAAA,gBACF;AAAA,cACF;AAAA,cACA,UAAY,CAAC,MAAM;AAAA,YACrB;AAAA,YACA,KAAO;AAAA,cACL,MAAQ;AAAA,cACR,YAAc;AAAA,gBACZ,KAAO;AAAA,kBACL,MAAQ;AAAA,kBACR,aAAe;AAAA,gBACjB;AAAA,gBACA,KAAO;AAAA,kBACL,MAAQ;AAAA,gBACV;AAAA,gBACA,GAAK;AAAA,kBACH,MAAQ;AAAA,gBACV;AAAA,gBACA,IAAM;AAAA,kBACJ,MAAQ;AAAA,gBACV;AAAA,gBACA,IAAM;AAAA,kBACJ,MAAQ;AAAA,gBACV;AAAA,gBACA,GAAK;AAAA,kBACH,MAAQ;AAAA,gBACV;AAAA,gBACA,KAAO;AAAA,kBACL,MAAQ;AAAA,kBACR,aAAe;AAAA,gBACjB;AAAA,gBACA,GAAK;AAAA,kBACH,MAAQ;AAAA,gBACV;AAAA,gBACA,SAAW;AAAA,kBACT,MAAQ;AAAA,kBACR,OAAS;AAAA,oBACP,MAAQ;AAAA,kBACV;AAAA,kBACA,aAAe;AAAA,gBACjB;AAAA,gBACA,KAAO;AAAA,kBACL,MAAQ;AAAA,kBACR,aAAe;AAAA,gBACjB;AAAA,gBACA,KAAO;AAAA,kBACL,MAAQ;AAAA,kBACR,aAAe;AAAA,gBACjB;AAAA,gBACA,GAAK;AAAA,kBACH,MAAQ;AAAA,gBACV;AAAA,gBACA,KAAO;AAAA,kBACL,MAAQ;AAAA,kBACR,OAAS;AAAA,oBACP,MAAQ;AAAA,oBACR,YAAc;AAAA,sBACZ,GAAK;AAAA,wBACH,MAAQ;AAAA,sBACV;AAAA,sBACA,GAAK;AAAA,wBACH,MAAQ;AAAA,sBACV;AAAA,sBACA,GAAK;AAAA,wBACH,MAAQ;AAAA,sBACV;AAAA,oBACF;AAAA,kBACF;AAAA,gBACF;AAAA,gBACA,GAAK;AAAA,kBACH,MAAQ;AAAA,gBACV;AAAA,gBACA,GAAK;AAAA,kBACH,MAAQ;AAAA,gBACV;AAAA,gBACA,IAAM;AAAA,kBACJ,MAAQ;AAAA,gBACV;AAAA,gBACA,KAAO;AAAA,kBACL,MAAQ;AAAA,kBACR,aAAe;AAAA,gBACjB;AAAA,gBACA,GAAK;AAAA,kBACH,MAAQ;AAAA,gBACV;AAAA,gBACA,GAAK;AAAA,kBACH,MAAQ;AAAA,gBACV;AAAA,gBACA,KAAO;AAAA,kBACL,MAAQ;AAAA,kBACR,OAAS;AAAA,oBACP,MAAQ;AAAA,kBACV;AAAA,kBACA,aAAe;AAAA,gBACjB;AAAA,gBACA,KAAO;AAAA,kBACL,MAAQ;AAAA,kBACR,aAAe;AAAA,gBACjB;AAAA,gBACA,YAAY;AAAA,kBACV,MAAQ;AAAA,kBACR,aAAe;AAAA,gBACjB;AAAA,gBACA,KAAO;AAAA,kBACL,MAAQ;AAAA,kBACR,aAAe;AAAA,gBACjB;AAAA,cACF;AAAA,cACA,sBAAwB,CAAC;AAAA,cACzB,aAAe;AAAA,YACjB;AAAA,YACA,+BAAiC;AAAA,cAC/B,MAAQ;AAAA,cACR,YAAc;AAAA,gBACZ,OAAS;AAAA,kBACP,MAAQ;AAAA,gBACV;AAAA,gBACA,SAAW;AAAA,kBACT,MAAQ;AAAA,gBACV;AAAA,cACF;AAAA,cACA,UAAY,CAAC,OAAO;AAAA,YACtB;AAAA,YACA,mCAAqC;AAAA,cACnC,MAAQ;AAAA,YACV;AAAA,YACA,0CAA4C;AAAA,cAC1C,MAAQ;AAAA,cACR,YAAc;AAAA,gBACZ,QAAU;AAAA,kBACR,MAAQ;AAAA,gBACV;AAAA,gBACA,IAAM;AAAA,kBACJ,MAAQ;AAAA,gBACV;AAAA,gBACA,MAAQ;AAAA,kBACN,MAAQ;AAAA,gBACV;AAAA,gBACA,SAAW;AAAA,kBACT,MAAQ;AAAA,gBACV;AAAA,gBACA,yBAA2B;AAAA,kBACzB,MAAQ;AAAA,kBACR,OAAS;AAAA,oBACP,MAAQ;AAAA,kBACV;AAAA,gBACF;AAAA,gBACA,mBAAqB;AAAA,kBACnB,MAAQ;AAAA,kBACR,OAAS;AAAA,oBACP,MAAQ;AAAA,kBACV;AAAA,gBACF;AAAA,gBACA,OAAS;AAAA,kBACP,MAAQ;AAAA,gBACV;AAAA,cACF;AAAA,cACA,UAAY,CAAC,MAAM,mBAAmB;AAAA,YACxC;AAAA,YACA,QAAU;AAAA,cACR,MAAQ;AAAA,cACR,YAAc;AAAA,gBACZ,KAAO;AAAA,kBACL,MAAQ;AAAA,gBACV;AAAA,gBACA,QAAU;AAAA,kBACR,MAAQ;AAAA,gBACV;AAAA,gBACA,aAAe;AAAA,kBACb,MAAQ;AAAA,gBACV;AAAA,gBACA,QAAU;AAAA,kBACR,MAAQ;AAAA,gBACV;AAAA,gBACA,aAAe;AAAA,kBACb,MAAQ;AAAA,gBACV;AAAA,gBACA,KAAO;AAAA,kBACL,MAAQ;AAAA,gBACV;AAAA,gBACA,QAAU;AAAA,kBACR,MAAQ;AAAA,gBACV;AAAA,gBACA,QAAU;AAAA,kBACR,MAAQ;AAAA,gBACV;AAAA,gBACA,IAAM;AAAA,kBACJ,MAAQ;AAAA,gBACV;AAAA,gBACA,OAAS;AAAA,kBACP,MAAQ;AAAA,gBACV;AAAA,gBACA,OAAS;AAAA,kBACP,MAAQ;AAAA,gBACV;AAAA,gBACA,aAAa;AAAA,kBACX,MAAQ;AAAA,gBACV;AAAA,cACF;AAAA,YACF;AAAA,YACA,WAAa;AAAA,cACX,MAAQ;AAAA,cACR,YAAc;AAAA,gBACZ,KAAO;AAAA,kBACL,MAAQ;AAAA,kBACR,OAAS;AAAA,oBACP,MAAQ;AAAA,kBACV;AAAA,gBACF;AAAA,cACF;AAAA,cACA,UAAY,CAAC,KAAK;AAAA,YACpB;AAAA,YACA,WAAa;AAAA,cACX,MAAQ;AAAA,cACR,YAAc;AAAA,gBACZ,YAAc;AAAA,kBACZ,MAAQ;AAAA,kBACR,OAAS;AAAA,oBACP,MAAQ;AAAA,kBACV;AAAA,gBACF;AAAA,cACF;AAAA,cACA,UAAY,CAAC,YAAY;AAAA,YAC3B;AAAA,YACA,UAAY;AAAA,cACV,MAAQ;AAAA,cACR,YAAc;AAAA,gBACZ,YAAc;AAAA,kBACZ,MAAQ;AAAA,kBACR,OAAS;AAAA,oBACP,MAAQ;AAAA,kBACV;AAAA,gBACF;AAAA,gBACA,aAAe;AAAA,kBACb,MAAQ;AAAA,kBACR,OAAS;AAAA,oBACP,MAAQ;AAAA,kBACV;AAAA,gBACF;AAAA,cACF;AAAA,cACA,UAAY,CAAC,cAAc,aAAa;AAAA,YAC1C;AAAA,YACA,aAAe;AAAA,cACb,MAAQ;AAAA,cACR,YAAc;AAAA,gBACZ,qBAAqB;AAAA,kBACnB,MAAQ;AAAA,kBACR,OAAS;AAAA,oBACP,MAAQ;AAAA,kBACV;AAAA,gBACF;AAAA,gBACA,qBAAqB;AAAA,kBACnB,MAAQ;AAAA,kBACR,OAAS;AAAA,oBACP,MAAQ;AAAA,kBACV;AAAA,gBACF;AAAA,cACF;AAAA,YACF;AAAA,YACA,uBAAyB;AAAA,cACvB,MAAQ;AAAA,cACR,YAAc;AAAA,gBACZ,MAAQ;AAAA,kBACN,MAAQ;AAAA,gBACV;AAAA,gBACA,SAAW;AAAA,kBACT,MAAQ;AAAA,gBACV;AAAA,gBACA,MAAQ;AAAA,kBACN,MAAQ;AAAA,gBACV;AAAA,gBACA,OAAS;AAAA,kBACP,MAAQ;AAAA,gBACV;AAAA,gBACA,KAAO;AAAA,kBACL,MAAQ;AAAA,gBACV;AAAA,gBACA,KAAO;AAAA,kBACL,MAAQ;AAAA,gBACV;AAAA,gBACA,MAAQ;AAAA,kBACN,MAAQ;AAAA,gBACV;AAAA,gBACA,aAAe;AAAA,kBACb,MAAQ;AAAA,kBACR,OAAS;AAAA,oBACP,MAAQ;AAAA,kBACV;AAAA,gBACF;AAAA,cACF;AAAA,cACA,UAAY,CAAC,MAAM;AAAA,YACrB;AAAA,YACA,OAAS;AAAA,cACP,MAAQ;AAAA,cACR,MAAQ,CAAC,OAAO,MAAM;AAAA,YACxB;AAAA,YACA,mBAAqB;AAAA,cACnB,MAAQ;AAAA,cACR,YAAc;AAAA,gBACZ,IAAM;AAAA,kBACJ,MAAQ;AAAA,gBACV;AAAA,gBACA,MAAQ;AAAA,kBACN,MAAQ;AAAA,gBACV;AAAA,gBACA,SAAW;AAAA,kBACT,MAAQ;AAAA,gBACV;AAAA,gBACA,QAAU;AAAA,kBACR,MAAQ;AAAA,gBACV;AAAA,gBACA,OAAS;AAAA,kBACP,MAAQ;AAAA,kBACR,OAAS;AAAA,oBACP,MAAQ;AAAA,kBACV;AAAA,gBACF;AAAA,gBACA,UAAY;AAAA,kBACV,MAAQ;AAAA,kBACR,OAAS;AAAA,oBACP,MAAQ;AAAA,kBACV;AAAA,gBACF;AAAA,gBACA,aAAe;AAAA,kBACb,MAAQ;AAAA,gBACV;AAAA,cACF;AAAA,cACA,UAAY,CAAC,MAAM,aAAa;AAAA,YAClC;AAAA,YACA,UAAY;AAAA,cACV,MAAQ;AAAA,cACR,YAAc;AAAA,gBACZ,UAAY;AAAA,kBACV,MAAQ;AAAA,gBACV;AAAA,cACF;AAAA,cACA,sBAAwB,CAAC;AAAA,YAC3B;AAAA,YACA,eAAiB;AAAA,cACf,MAAQ;AAAA,cACR,YAAc;AAAA,gBACZ,kBAAoB;AAAA,kBAClB,MAAQ;AAAA,gBACV;AAAA,gBACA,UAAY;AAAA,kBACV,MAAQ;AAAA,gBACV;AAAA,gBACA,QAAU;AAAA,kBACR,MAAQ;AAAA,kBACR,OAAS;AAAA,oBACP,MAAQ;AAAA,kBACV;AAAA,gBACF;AAAA,gBACA,mBAAqB;AAAA,kBACnB,MAAQ;AAAA,gBACV;AAAA,gBACA,WAAa;AAAA,kBACX,MAAQ;AAAA,kBACR,OAAS;AAAA,oBACP,MAAQ;AAAA,kBACV;AAAA,gBACF;AAAA,gBACA,cAAgB;AAAA,kBACd,MAAQ;AAAA,kBACR,OAAS;AAAA,oBACP,MAAQ;AAAA,kBACV;AAAA,gBACF;AAAA,cACF;AAAA,YACF;AAAA,YACA,aAAe;AAAA,cACb,MAAQ;AAAA,cACR,MAAQ,CAAC,YAAY,WAAW;AAAA,YAClC;AAAA,YACA,UAAY;AAAA,cACV,MAAQ;AAAA,cACR,YAAc;AAAA,gBACZ,QAAU;AAAA,kBACR,MAAQ;AAAA,gBACV;AAAA,gBACA,WAAa;AAAA,kBACX,MAAQ;AAAA,gBACV;AAAA,gBACA,SAAW;AAAA,kBACT,MAAQ;AAAA,gBACV;AAAA,cACF;AAAA,YACF;AAAA,YACA,UAAY;AAAA,cACV,MAAQ;AAAA,cACR,YAAc;AAAA,gBACZ,WAAa;AAAA,kBACX,MAAQ;AAAA,gBACV;AAAA,cACF;AAAA,YACF;AAAA,YACA,YAAc;AAAA,cACZ,MAAQ;AAAA,cACR,MAAQ,CAAC,YAAY,WAAW,YAAY;AAAA,YAC9C;AAAA,YACA,SAAW;AAAA,cACT,MAAQ;AAAA,cACR,YAAc;AAAA,gBACZ,IAAM;AAAA,kBACJ,MAAQ;AAAA,gBACV;AAAA,gBACA,MAAQ;AAAA,kBACN,MAAQ;AAAA,kBACR,OAAS;AAAA,oBACP,MAAQ;AAAA,kBACV;AAAA,gBACF;AAAA,gBACA,SAAW;AAAA,kBACT,MAAQ;AAAA,gBACV;AAAA,gBACA,QAAU;AAAA,kBACR,MAAQ;AAAA,gBACV;AAAA,gBACA,WAAa;AAAA,kBACX,MAAQ;AAAA,gBACV;AAAA,gBACA,MAAQ;AAAA,kBACN,MAAQ;AAAA,gBACV;AAAA,gBACA,UAAY;AAAA,kBACV,MAAQ;AAAA,gBACV;AAAA,cACF;AAAA,cACA,UAAY,CAAC,MAAM;AAAA,YACrB;AAAA,YACA,UAAY;AAAA,cACV,MAAQ;AAAA,cACR,YAAc;AAAA,gBACZ,OAAS;AAAA,kBACP,MAAQ;AAAA,gBACV;AAAA,gBACA,MAAQ;AAAA,kBACN,MAAQ;AAAA,kBACR,OAAS;AAAA,oBACP,MAAQ;AAAA,kBACV;AAAA,gBACF;AAAA,gBACA,kBAAoB;AAAA,kBAClB,MAAQ;AAAA,gBACV;AAAA,gBACA,kBAAoB;AAAA,kBAClB,MAAQ;AAAA,gBACV;AAAA,gBACA,QAAU;AAAA,kBACR,MAAQ;AAAA,gBACV;AAAA,gBACA,eAAiB;AAAA,kBACf,MAAQ;AAAA,gBACV;AAAA,gBACA,eAAiB;AAAA,kBACf,MAAQ;AAAA,gBACV;AAAA,gBACA,wBAA0B;AAAA,kBACxB,MAAQ;AAAA,gBACV;AAAA,gBACA,wBAA0B;AAAA,kBACxB,MAAQ;AAAA,gBACV;AAAA,gBACA,WAAa;AAAA,kBACX,MAAQ;AAAA,gBACV;AAAA,gBACA,WAAa;AAAA,kBACX,MAAQ;AAAA,gBACV;AAAA,gBACA,SAAW;AAAA,kBACT,MAAQ;AAAA,gBACV;AAAA,gBACA,SAAW;AAAA,kBACT,MAAQ;AAAA,gBACV;AAAA,gBACA,KAAO;AAAA,kBACL,MAAQ;AAAA,gBACV;AAAA,gBACA,SAAW;AAAA,kBACT,MAAQ;AAAA,gBACV;AAAA,gBACA,MAAQ;AAAA,kBACN,MAAQ;AAAA,gBACV;AAAA,gBACA,UAAY;AAAA,kBACV,MAAQ;AAAA,gBACV;AAAA,gBACA,OAAS;AAAA,kBACP,MAAQ;AAAA,gBACV;AAAA,cACF;AAAA,cACA,UAAY,CAAC,MAAM;AAAA,YACrB;AAAA,YACA,0BAA4B;AAAA,cAC1B,MAAQ,CAAC,WAAW,UAAU,QAAQ;AAAA,YACxC;AAAA,YACA,mBAAqB;AAAA,cACnB,MAAQ,CAAC,UAAU,QAAQ;AAAA,YAC7B;AAAA,YACA,cAAgB;AAAA,cACd,MAAQ;AAAA,cACR,YAAc;AAAA,gBACZ,OAAS;AAAA,kBACP,MAAQ;AAAA,gBACV;AAAA,gBACA,MAAQ;AAAA,kBACN,MAAQ;AAAA,kBACR,OAAS;AAAA,oBACP,MAAQ;AAAA,kBACV;AAAA,gBACF;AAAA,gBACA,kBAAoB;AAAA,kBAClB,MAAQ;AAAA,gBACV;AAAA,gBACA,kBAAoB;AAAA,kBAClB,MAAQ;AAAA,gBACV;AAAA,gBACA,QAAU;AAAA,kBACR,MAAQ;AAAA,gBACV;AAAA,gBACA,eAAiB;AAAA,kBACf,MAAQ;AAAA,gBACV;AAAA,gBACA,eAAiB;AAAA,kBACf,MAAQ;AAAA,gBACV;AAAA,gBACA,wBAA0B;AAAA,kBACxB,MAAQ;AAAA,gBACV;AAAA,gBACA,wBAA0B;AAAA,kBACxB,MAAQ;AAAA,gBACV;AAAA,gBACA,WAAa;AAAA,kBACX,MAAQ;AAAA,gBACV;AAAA,gBACA,WAAa;AAAA,kBACX,MAAQ;AAAA,gBACV;AAAA,gBACA,SAAW;AAAA,kBACT,MAAQ;AAAA,gBACV;AAAA,gBACA,SAAW;AAAA,kBACT,MAAQ;AAAA,gBACV;AAAA,gBACA,KAAO;AAAA,kBACL,MAAQ;AAAA,gBACV;AAAA,gBACA,SAAW;AAAA,kBACT,MAAQ;AAAA,gBACV;AAAA,gBACA,MAAQ;AAAA,kBACN,MAAQ;AAAA,gBACV;AAAA,gBACA,UAAY;AAAA,kBACV,MAAQ;AAAA,gBACV;AAAA,gBACA,OAAS;AAAA,kBACP,MAAQ;AAAA,gBACV;AAAA,cACF;AAAA,YACF;AAAA,YACA,mBAAqB;AAAA,cACnB,MAAQ;AAAA,cACR,YAAc;AAAA,gBACZ,OAAS;AAAA,kBACP,MAAQ;AAAA,gBACV;AAAA,gBACA,MAAQ;AAAA,kBACN,MAAQ;AAAA,kBACR,OAAS;AAAA,oBACP,MAAQ;AAAA,kBACV;AAAA,gBACF;AAAA,gBACA,kBAAoB;AAAA,kBAClB,MAAQ;AAAA,gBACV;AAAA,gBACA,kBAAoB;AAAA,kBAClB,MAAQ;AAAA,gBACV;AAAA,gBACA,QAAU;AAAA,kBACR,MAAQ;AAAA,gBACV;AAAA,gBACA,eAAiB;AAAA,kBACf,MAAQ;AAAA,gBACV;AAAA,gBACA,eAAiB;AAAA,kBACf,MAAQ;AAAA,gBACV;AAAA,gBACA,wBAA0B;AAAA,kBACxB,MAAQ;AAAA,gBACV;AAAA,gBACA,wBAA0B;AAAA,kBACxB,MAAQ;AAAA,gBACV;AAAA,gBACA,WAAa;AAAA,kBACX,MAAQ;AAAA,gBACV;AAAA,gBACA,WAAa;AAAA,kBACX,MAAQ;AAAA,gBACV;AAAA,gBACA,SAAW;AAAA,kBACT,MAAQ;AAAA,gBACV;AAAA,gBACA,SAAW;AAAA,kBACT,MAAQ;AAAA,gBACV;AAAA,gBACA,KAAO;AAAA,kBACL,MAAQ;AAAA,gBACV;AAAA,gBACA,SAAW;AAAA,kBACT,MAAQ;AAAA,gBACV;AAAA,gBACA,MAAQ;AAAA,kBACN,MAAQ;AAAA,gBACV;AAAA,gBACA,UAAY;AAAA,kBACV,MAAQ;AAAA,gBACV;AAAA,gBACA,OAAS;AAAA,kBACP,MAAQ;AAAA,gBACV;AAAA,cACF;AAAA,cACA,UAAY,CAAC,MAAM;AAAA,YACrB;AAAA,YACA,eAAiB;AAAA,cACf,MAAQ;AAAA,cACR,YAAc;AAAA,gBACZ,UAAY;AAAA,kBACV,MAAQ;AAAA,kBACR,OAAS;AAAA,oBACP,MAAQ;AAAA,kBACV;AAAA,gBACF;AAAA,gBACA,WAAa;AAAA,kBACX,MAAQ;AAAA,gBACV;AAAA,cACF;AAAA,cACA,UAAY,CAAC,YAAY,WAAW;AAAA,YACtC;AAAA,YACA,gCAAkC;AAAA,cAChC,MAAQ;AAAA,YACV;AAAA,YACA,oBAAsB;AAAA,cACpB,OAAS;AAAA,gBACP;AAAA,kBACE,MAAQ;AAAA,kBACR,YAAc;AAAA,oBACZ,kCAAoC;AAAA,sBAClC,MAAQ;AAAA,oBACV;AAAA,oBACA,wBAA0B;AAAA,sBACxB,OAAS;AAAA,wBACP;AAAA,0BACE,MAAQ;AAAA,wBACV;AAAA,wBACA;AAAA,0BACE,MAAQ;AAAA,wBACV;AAAA,sBACF;AAAA,oBACF;AAAA,oBACA,QAAU;AAAA,sBACR,OAAS;AAAA,wBACP;AAAA,0BACE,MAAQ;AAAA,wBACV;AAAA,wBACA;AAAA,0BACE,MAAQ;AAAA,wBACV;AAAA,sBACF;AAAA,oBACF;AAAA,oBACA,0BAA4B;AAAA,sBAC1B,OAAS;AAAA,wBACP;AAAA,0BACE,MAAQ;AAAA,0BACR,OAAS;AAAA,4BACP,MAAQ;AAAA,0BACV;AAAA,wBACF;AAAA,wBACA;AAAA,0BACE,MAAQ;AAAA,wBACV;AAAA,sBACF;AAAA,oBACF;AAAA,oBACA,kBAAoB;AAAA,sBAClB,OAAS;AAAA,wBACP;AAAA,0BACE,MAAQ;AAAA,0BACR,OAAS;AAAA,4BACP,MAAQ;AAAA,0BACV;AAAA,wBACF;AAAA,wBACA;AAAA,0BACE,MAAQ;AAAA,wBACV;AAAA,sBACF;AAAA,oBACF;AAAA,oBACA,yBAA2B;AAAA,sBACzB,OAAS;AAAA,wBACP;AAAA,0BACE,MAAQ;AAAA,0BACR,OAAS;AAAA,4BACP,MAAQ;AAAA,0BACV;AAAA,wBACF;AAAA,wBACA;AAAA,0BACE,MAAQ;AAAA,wBACV;AAAA,sBACF;AAAA,oBACF;AAAA,oBACA,uCAAyC;AAAA,sBACvC,OAAS;AAAA,wBACP;AAAA,0BACE,MAAQ;AAAA,0BACR,OAAS;AAAA,4BACP,MAAQ;AAAA,0BACV;AAAA,wBACF;AAAA,wBACA;AAAA,0BACE,MAAQ;AAAA,wBACV;AAAA,sBACF;AAAA,oBACF;AAAA,oBACA,6CAA+C;AAAA,sBAC7C,OAAS;AAAA,wBACP;AAAA,0BACE,MAAQ;AAAA,0BACR,OAAS;AAAA,4BACP,MAAQ;AAAA,0BACV;AAAA,wBACF;AAAA,wBACA;AAAA,0BACE,MAAQ;AAAA,wBACV;AAAA,sBACF;AAAA,oBACF;AAAA,oBACA,gCAAkC;AAAA,sBAChC,MAAQ;AAAA,sBACR,OAAS;AAAA,wBACP,MAAQ;AAAA,sBACV;AAAA,oBACF;AAAA,oBACA,gBAAkB;AAAA,sBAChB,MAAQ;AAAA,oBACV;AAAA,oBACA,mBAAqB;AAAA,sBACnB,MAAQ;AAAA,oBACV;AAAA,oBACA,UAAY;AAAA,sBACV,MAAQ;AAAA,oBACV;AAAA,oBACA,uBAAyB;AAAA,sBACvB,MAAQ;AAAA,oBACV;AAAA,oBACA,0BAA4B;AAAA,sBAC1B,OAAS;AAAA,wBACP;AAAA,0BACE,MAAQ;AAAA,0BACR,OAAS;AAAA,4BACP,MAAQ;AAAA,0BACV;AAAA,wBACF;AAAA,wBACA;AAAA,0BACE,MAAQ;AAAA,wBACV;AAAA,sBACF;AAAA,oBACF;AAAA,oBACA,uBAAyB;AAAA,sBACvB,OAAS;AAAA,wBACP;AAAA,0BACE,MAAQ;AAAA,0BACR,OAAS;AAAA,4BACP,MAAQ;AAAA,0BACV;AAAA,wBACF;AAAA,wBACA;AAAA,0BACE,MAAQ;AAAA,wBACV;AAAA,sBACF;AAAA,oBACF;AAAA,oBACA,sBAAwB;AAAA,sBACtB,OAAS;AAAA,wBACP;AAAA,0BACE,MAAQ;AAAA,0BACR,OAAS;AAAA,4BACP,MAAQ;AAAA,0BACV;AAAA,wBACF;AAAA,wBACA;AAAA,0BACE,MAAQ;AAAA,wBACV;AAAA,sBACF;AAAA,oBACF;AAAA,oBACA,0CAA4C;AAAA,sBAC1C,OAAS;AAAA,wBACP;AAAA,0BACE,MAAQ;AAAA,0BACR,OAAS;AAAA,4BACP,MAAQ;AAAA,0BACV;AAAA,wBACF;AAAA,wBACA;AAAA,0BACE,MAAQ;AAAA,wBACV;AAAA,sBACF;AAAA,oBACF;AAAA,oBACA,0CAA4C;AAAA,sBAC1C,OAAS;AAAA,wBACP;AAAA,0BACE,MAAQ;AAAA,0BACR,OAAS;AAAA,4BACP,MAAQ;AAAA,0BACV;AAAA,wBACF;AAAA,wBACA;AAAA,0BACE,MAAQ;AAAA,wBACV;AAAA,sBACF;AAAA,sBACA,aAAe;AAAA,oBACjB;AAAA,oBACA,uCAAyC;AAAA,sBACvC,OAAS;AAAA,wBACP;AAAA,0BACE,MAAQ;AAAA,0BACR,OAAS;AAAA,4BACP,MAAQ;AAAA,0BACV;AAAA,wBACF;AAAA,wBACA;AAAA,0BACE,MAAQ;AAAA,wBACV;AAAA,sBACF;AAAA,oBACF;AAAA,oBACA,0CAA4C;AAAA,sBAC1C,OAAS;AAAA,wBACP;AAAA,0BACE,MAAQ;AAAA,0BACR,OAAS;AAAA,4BACP,MAAQ;AAAA,0BACV;AAAA,wBACF;AAAA,wBACA;AAAA,0BACE,MAAQ;AAAA,wBACV;AAAA,sBACF;AAAA,oBACF;AAAA,oBACA,0CAA4C;AAAA,sBAC1C,OAAS;AAAA,wBACP;AAAA,0BACE,MAAQ;AAAA,0BACR,OAAS;AAAA,4BACP,MAAQ;AAAA,0BACV;AAAA,wBACF;AAAA,wBACA;AAAA,0BACE,MAAQ;AAAA,wBACV;AAAA,sBACF;AAAA,sBACA,aAAe;AAAA,oBACjB;AAAA,oBACA,gDAAkD;AAAA,sBAChD,OAAS;AAAA,wBACP;AAAA,0BACE,MAAQ;AAAA,0BACR,OAAS;AAAA,4BACP,MAAQ;AAAA,0BACV;AAAA,wBACF;AAAA,wBACA;AAAA,0BACE,MAAQ;AAAA,wBACV;AAAA,sBACF;AAAA,oBACF;AAAA,oBACA,gDAAkD;AAAA,sBAChD,OAAS;AAAA,wBACP;AAAA,0BACE,MAAQ;AAAA,0BACR,OAAS;AAAA,4BACP,MAAQ;AAAA,0BACV;AAAA,wBACF;AAAA,wBACA;AAAA,0BACE,MAAQ;AAAA,wBACV;AAAA,sBACF;AAAA,sBACA,aAAe;AAAA,oBACjB;AAAA,oBACA,uCAAyC;AAAA,sBACvC,OAAS;AAAA,wBACP;AAAA,0BACE,MAAQ;AAAA,0BACR,OAAS;AAAA,4BACP,MAAQ;AAAA,0BACV;AAAA,wBACF;AAAA,wBACA;AAAA,0BACE,MAAQ;AAAA,wBACV;AAAA,sBACF;AAAA,oBACF;AAAA,oBACA,kDAAoD;AAAA,sBAClD,OAAS;AAAA,wBACP;AAAA,0BACE,MAAQ;AAAA,0BACR,OAAS;AAAA,4BACP,MAAQ;AAAA,0BACV;AAAA,wBACF;AAAA,wBACA;AAAA,0BACE,MAAQ;AAAA,wBACV;AAAA,sBACF;AAAA,oBACF;AAAA,oBACA,0BAA4B;AAAA,sBAC1B,OAAS;AAAA,wBACP;AAAA,0BACE,MAAQ;AAAA,0BACR,OAAS,CAAC;AAAA,wBACZ;AAAA,wBACA,CAAC;AAAA,sBACH;AAAA,sBACA,aAAe;AAAA,oBACjB;AAAA,oBACA,uBAAyB;AAAA,sBACvB,OAAS;AAAA,wBACP;AAAA,0BACE,MAAQ;AAAA,0BACR,OAAS;AAAA,4BACP,MAAQ;AAAA,0BACV;AAAA,wBACF;AAAA,wBACA;AAAA,0BACE,MAAQ;AAAA,wBACV;AAAA,sBACF;AAAA,sBACA,aAAe;AAAA,oBACjB;AAAA,oBACA,kBAAoB;AAAA,sBAClB,OAAS;AAAA,wBACP;AAAA,0BACE,MAAQ;AAAA,0BACR,OAAS;AAAA,4BACP,MAAQ;AAAA,0BACV;AAAA,wBACF;AAAA,wBACA;AAAA,0BACE,MAAQ;AAAA,wBACV;AAAA,sBACF;AAAA,sBACA,aAAe;AAAA,oBACjB;AAAA,oBACA,uBAAyB;AAAA,sBACvB,MAAQ;AAAA,oBACV;AAAA,oBACA,0BAA4B;AAAA,sBAC1B,OAAS;AAAA,wBACP;AAAA,0BACE,MAAQ;AAAA,0BACR,OAAS;AAAA,4BACP,MAAQ;AAAA,0BACV;AAAA,wBACF;AAAA,wBACA;AAAA,0BACE,MAAQ;AAAA,wBACV;AAAA,sBACF;AAAA,oBACF;AAAA,oBACA,sBAAwB;AAAA,sBACtB,OAAS;AAAA,wBACP;AAAA,0BACE,MAAQ;AAAA,0BACR,OAAS;AAAA,4BACP,MAAQ;AAAA,0BACV;AAAA,wBACF;AAAA,wBACA;AAAA,0BACE,MAAQ;AAAA,wBACV;AAAA,sBACF;AAAA,oBACF;AAAA,oBACA,4BAA8B;AAAA,sBAC5B,MAAQ;AAAA,oBACV;AAAA,oBACA,6BAA+B;AAAA,sBAC7B,MAAQ;AAAA,oBACV;AAAA,oBACA,iCAAmC;AAAA,sBACjC,MAAQ;AAAA,oBACV;AAAA,oBACA,kCAAoC;AAAA,sBAClC,MAAQ;AAAA,oBACV;AAAA,oBACA,eAAiB;AAAA,sBACf,MAAQ;AAAA,oBACV;AAAA,oBACA,YAAc;AAAA,sBACZ,MAAQ;AAAA,oBACV;AAAA,oBACA,WAAa;AAAA,sBACX,MAAQ;AAAA,oBACV;AAAA,oBACA,eAAiB;AAAA,sBACf,MAAQ;AAAA,sBACR,OAAS;AAAA,wBACP,MAAQ;AAAA,sBACV;AAAA,oBACF;AAAA,oBACA,aAAe;AAAA,sBACb,MAAQ;AAAA,oBACV;AAAA,oBACA,4BAA8B;AAAA,sBAC5B,MAAQ;AAAA,oBACV;AAAA,oBACA,kBAAoB;AAAA,sBAClB,MAAQ;AAAA,oBACV;AAAA,oBACA,gBAAkB;AAAA,sBAChB,MAAQ;AAAA,oBACV;AAAA,oBACA,aAAe;AAAA,sBACb,MAAQ;AAAA,oBACV;AAAA,oBACA,YAAc;AAAA,sBACZ,MAAQ;AAAA,oBACV;AAAA,kBACF;AAAA,gBACF;AAAA,gBACA;AAAA,kBACE,MAAQ;AAAA,kBACR,YAAc;AAAA,oBACZ,kCAAoC;AAAA,sBAClC,MAAQ;AAAA,oBACV;AAAA,oBACA,wBAA0B;AAAA,sBACxB,OAAS;AAAA,wBACP;AAAA,0BACE,MAAQ;AAAA,wBACV;AAAA,wBACA;AAAA,0BACE,MAAQ;AAAA,wBACV;AAAA,sBACF;AAAA,oBACF;AAAA,oBACA,QAAU;AAAA,sBACR,OAAS;AAAA,wBACP;AAAA,0BACE,MAAQ;AAAA,wBACV;AAAA,wBACA;AAAA,0BACE,MAAQ;AAAA,wBACV;AAAA,sBACF;AAAA,oBACF;AAAA,oBACA,0BAA4B;AAAA,sBAC1B,OAAS;AAAA,wBACP;AAAA,0BACE,MAAQ;AAAA,0BACR,OAAS;AAAA,4BACP,MAAQ;AAAA,0BACV;AAAA,wBACF;AAAA,wBACA;AAAA,0BACE,MAAQ;AAAA,wBACV;AAAA,sBACF;AAAA,oBACF;AAAA,oBACA,kBAAoB;AAAA,sBAClB,OAAS;AAAA,wBACP;AAAA,0BACE,MAAQ;AAAA,0BACR,OAAS;AAAA,4BACP,MAAQ;AAAA,0BACV;AAAA,wBACF;AAAA,wBACA;AAAA,0BACE,MAAQ;AAAA,wBACV;AAAA,sBACF;AAAA,oBACF;AAAA,oBACA,yBAA2B;AAAA,sBACzB,OAAS;AAAA,wBACP;AAAA,0BACE,MAAQ;AAAA,0BACR,OAAS;AAAA,4BACP,MAAQ;AAAA,0BACV;AAAA,wBACF;AAAA,wBACA;AAAA,0BACE,MAAQ;AAAA,wBACV;AAAA,sBACF;AAAA,oBACF;AAAA,oBACA,uCAAyC;AAAA,sBACvC,OAAS;AAAA,wBACP;AAAA,0BACE,MAAQ;AAAA,0BACR,OAAS;AAAA,4BACP,MAAQ;AAAA,0BACV;AAAA,wBACF;AAAA,wBACA;AAAA,0BACE,MAAQ;AAAA,wBACV;AAAA,sBACF;AAAA,oBACF;AAAA,oBACA,6CAA+C;AAAA,sBAC7C,OAAS;AAAA,wBACP;AAAA,0BACE,MAAQ;AAAA,0BACR,OAAS;AAAA,4BACP,MAAQ;AAAA,0BACV;AAAA,wBACF;AAAA,wBACA;AAAA,0BACE,MAAQ;AAAA,wBACV;AAAA,sBACF;AAAA,oBACF;AAAA,oBACA,gCAAkC;AAAA,sBAChC,MAAQ;AAAA,sBACR,OAAS;AAAA,wBACP,MAAQ;AAAA,sBACV;AAAA,oBACF;AAAA,oBACA,gBAAkB;AAAA,sBAChB,MAAQ;AAAA,oBACV;AAAA,oBACA,mBAAqB;AAAA,sBACnB,MAAQ;AAAA,oBACV;AAAA,oBACA,UAAY;AAAA,sBACV,MAAQ;AAAA,oBACV;AAAA,oBACA,uBAAyB;AAAA,sBACvB,MAAQ;AAAA,oBACV;AAAA,oBACA,0BAA4B;AAAA,sBAC1B,OAAS;AAAA,wBACP;AAAA,0BACE,MAAQ;AAAA,0BACR,OAAS;AAAA,4BACP,MAAQ;AAAA,0BACV;AAAA,wBACF;AAAA,wBACA;AAAA,0BACE,MAAQ;AAAA,wBACV;AAAA,sBACF;AAAA,oBACF;AAAA,oBACA,uBAAyB;AAAA,sBACvB,OAAS;AAAA,wBACP;AAAA,0BACE,MAAQ;AAAA,0BACR,OAAS;AAAA,4BACP,MAAQ;AAAA,0BACV;AAAA,wBACF;AAAA,wBACA;AAAA,0BACE,MAAQ;AAAA,wBACV;AAAA,sBACF;AAAA,oBACF;AAAA,oBACA,sBAAwB;AAAA,sBACtB,OAAS;AAAA,wBACP;AAAA,0BACE,MAAQ;AAAA,0BACR,OAAS;AAAA,4BACP,MAAQ;AAAA,0BACV;AAAA,wBACF;AAAA,wBACA;AAAA,0BACE,MAAQ;AAAA,wBACV;AAAA,sBACF;AAAA,oBACF;AAAA,oBACA,0CAA4C;AAAA,sBAC1C,OAAS;AAAA,wBACP;AAAA,0BACE,MAAQ;AAAA,0BACR,OAAS;AAAA,4BACP,MAAQ;AAAA,0BACV;AAAA,wBACF;AAAA,wBACA;AAAA,0BACE,MAAQ;AAAA,wBACV;AAAA,sBACF;AAAA,oBACF;AAAA,oBACA,0CAA4C;AAAA,sBAC1C,OAAS;AAAA,wBACP;AAAA,0BACE,MAAQ;AAAA,0BACR,OAAS;AAAA,4BACP,MAAQ;AAAA,0BACV;AAAA,wBACF;AAAA,wBACA;AAAA,0BACE,MAAQ;AAAA,wBACV;AAAA,sBACF;AAAA,sBACA,aAAe;AAAA,oBACjB;AAAA,oBACA,uCAAyC;AAAA,sBACvC,OAAS;AAAA,wBACP;AAAA,0BACE,MAAQ;AAAA,0BACR,OAAS;AAAA,4BACP,MAAQ;AAAA,0BACV;AAAA,wBACF;AAAA,wBACA;AAAA,0BACE,MAAQ;AAAA,wBACV;AAAA,sBACF;AAAA,oBACF;AAAA,oBACA,0CAA4C;AAAA,sBAC1C,OAAS;AAAA,wBACP;AAAA,0BACE,MAAQ;AAAA,0BACR,OAAS;AAAA,4BACP,MAAQ;AAAA,0BACV;AAAA,wBACF;AAAA,wBACA;AAAA,0BACE,MAAQ;AAAA,wBACV;AAAA,sBACF;AAAA,oBACF;AAAA,oBACA,0CAA4C;AAAA,sBAC1C,OAAS;AAAA,wBACP;AAAA,0BACE,MAAQ;AAAA,0BACR,OAAS;AAAA,4BACP,MAAQ;AAAA,0BACV;AAAA,wBACF;AAAA,wBACA;AAAA,0BACE,MAAQ;AAAA,wBACV;AAAA,sBACF;AAAA,sBACA,aAAe;AAAA,oBACjB;AAAA,oBACA,gDAAkD;AAAA,sBAChD,OAAS;AAAA,wBACP;AAAA,0BACE,MAAQ;AAAA,0BACR,OAAS;AAAA,4BACP,MAAQ;AAAA,0BACV;AAAA,wBACF;AAAA,wBACA;AAAA,0BACE,MAAQ;AAAA,wBACV;AAAA,sBACF;AAAA,oBACF;AAAA,oBACA,gDAAkD;AAAA,sBAChD,OAAS;AAAA,wBACP;AAAA,0BACE,MAAQ;AAAA,0BACR,OAAS;AAAA,4BACP,MAAQ;AAAA,0BACV;AAAA,wBACF;AAAA,wBACA;AAAA,0BACE,MAAQ;AAAA,wBACV;AAAA,sBACF;AAAA,sBACA,aAAe;AAAA,oBACjB;AAAA,oBACA,uCAAyC;AAAA,sBACvC,OAAS;AAAA,wBACP;AAAA,0BACE,MAAQ;AAAA,0BACR,OAAS;AAAA,4BACP,MAAQ;AAAA,0BACV;AAAA,wBACF;AAAA,wBACA;AAAA,0BACE,MAAQ;AAAA,wBACV;AAAA,sBACF;AAAA,oBACF;AAAA,oBACA,kDAAoD;AAAA,sBAClD,OAAS;AAAA,wBACP;AAAA,0BACE,MAAQ;AAAA,0BACR,OAAS;AAAA,4BACP,MAAQ;AAAA,0BACV;AAAA,wBACF;AAAA,wBACA;AAAA,0BACE,MAAQ;AAAA,wBACV;AAAA,sBACF;AAAA,oBACF;AAAA,oBACA,0BAA4B;AAAA,sBAC1B,OAAS;AAAA,wBACP;AAAA,0BACE,MAAQ;AAAA,0BACR,OAAS,CAAC;AAAA,wBACZ;AAAA,wBACA,CAAC;AAAA,sBACH;AAAA,sBACA,aAAe;AAAA,oBACjB;AAAA,oBACA,uBAAyB;AAAA,sBACvB,OAAS;AAAA,wBACP;AAAA,0BACE,MAAQ;AAAA,0BACR,OAAS;AAAA,4BACP,MAAQ;AAAA,0BACV;AAAA,wBACF;AAAA,wBACA;AAAA,0BACE,MAAQ;AAAA,wBACV;AAAA,sBACF;AAAA,sBACA,aAAe;AAAA,oBACjB;AAAA,oBACA,kBAAoB;AAAA,sBAClB,OAAS;AAAA,wBACP;AAAA,0BACE,MAAQ;AAAA,0BACR,OAAS;AAAA,4BACP,MAAQ;AAAA,0BACV;AAAA,wBACF;AAAA,wBACA;AAAA,0BACE,MAAQ;AAAA,wBACV;AAAA,sBACF;AAAA,sBACA,aAAe;AAAA,oBACjB;AAAA,oBACA,uBAAyB;AAAA,sBACvB,MAAQ;AAAA,oBACV;AAAA,oBACA,0BAA4B;AAAA,sBAC1B,OAAS;AAAA,wBACP;AAAA,0BACE,MAAQ;AAAA,0BACR,OAAS;AAAA,4BACP,MAAQ;AAAA,0BACV;AAAA,wBACF;AAAA,wBACA;AAAA,0BACE,MAAQ;AAAA,wBACV;AAAA,sBACF;AAAA,oBACF;AAAA,oBACA,sBAAwB;AAAA,sBACtB,OAAS;AAAA,wBACP;AAAA,0BACE,MAAQ;AAAA,0BACR,OAAS;AAAA,4BACP,MAAQ;AAAA,0BACV;AAAA,wBACF;AAAA,wBACA;AAAA,0BACE,MAAQ;AAAA,wBACV;AAAA,sBACF;AAAA,oBACF;AAAA,oBACA,4BAA8B;AAAA,sBAC5B,MAAQ;AAAA,oBACV;AAAA,oBACA,6BAA+B;AAAA,sBAC7B,MAAQ;AAAA,oBACV;AAAA,oBACA,iCAAmC;AAAA,sBACjC,MAAQ;AAAA,oBACV;AAAA,oBACA,kCAAoC;AAAA,sBAClC,MAAQ;AAAA,oBACV;AAAA,oBACA,eAAiB;AAAA,sBACf,MAAQ;AAAA,oBACV;AAAA,oBACA,YAAc;AAAA,sBACZ,MAAQ;AAAA,oBACV;AAAA,oBACA,WAAa;AAAA,sBACX,MAAQ;AAAA,oBACV;AAAA,oBACA,eAAiB;AAAA,sBACf,MAAQ;AAAA,sBACR,OAAS;AAAA,wBACP,MAAQ;AAAA,sBACV;AAAA,oBACF;AAAA,oBACA,aAAe;AAAA,sBACb,MAAQ;AAAA,oBACV;AAAA,oBACA,4BAA8B;AAAA,sBAC5B,MAAQ;AAAA,oBACV;AAAA,oBACA,kBAAoB;AAAA,sBAClB,MAAQ;AAAA,oBACV;AAAA,oBACA,gBAAkB;AAAA,sBAChB,MAAQ;AAAA,oBACV;AAAA,oBACA,aAAe;AAAA,sBACb,MAAQ;AAAA,oBACV;AAAA,oBACA,YAAc;AAAA,sBACZ,MAAQ;AAAA,oBACV;AAAA,oBACA,UAAY;AAAA,sBACV,MAAQ;AAAA,oBACV;AAAA,oBACA,gBAAkB;AAAA,sBAChB,MAAQ;AAAA,oBACV;AAAA,kBACF;AAAA,gBACF;AAAA,gBACA;AAAA,kBACE,MAAQ;AAAA,kBACR,YAAc;AAAA,oBACZ,kCAAoC;AAAA,sBAClC,MAAQ;AAAA,oBACV;AAAA,oBACA,wBAA0B;AAAA,sBACxB,OAAS;AAAA,wBACP;AAAA,0BACE,MAAQ;AAAA,wBACV;AAAA,wBACA;AAAA,0BACE,MAAQ;AAAA,wBACV;AAAA,sBACF;AAAA,oBACF;AAAA,oBACA,QAAU;AAAA,sBACR,OAAS;AAAA,wBACP;AAAA,0BACE,MAAQ;AAAA,wBACV;AAAA,wBACA;AAAA,0BACE,MAAQ;AAAA,wBACV;AAAA,sBACF;AAAA,oBACF;AAAA,oBACA,0BAA4B;AAAA,sBAC1B,OAAS;AAAA,wBACP;AAAA,0BACE,MAAQ;AAAA,0BACR,OAAS;AAAA,4BACP,MAAQ;AAAA,0BACV;AAAA,wBACF;AAAA,wBACA;AAAA,0BACE,MAAQ;AAAA,wBACV;AAAA,sBACF;AAAA,oBACF;AAAA,oBACA,kBAAoB;AAAA,sBAClB,OAAS;AAAA,wBACP;AAAA,0BACE,MAAQ;AAAA,0BACR,OAAS;AAAA,4BACP,MAAQ;AAAA,0BACV;AAAA,wBACF;AAAA,wBACA;AAAA,0BACE,MAAQ;AAAA,wBACV;AAAA,sBACF;AAAA,oBACF;AAAA,oBACA,yBAA2B;AAAA,sBACzB,OAAS;AAAA,wBACP;AAAA,0BACE,MAAQ;AAAA,0BACR,OAAS;AAAA,4BACP,MAAQ;AAAA,0BACV;AAAA,wBACF;AAAA,wBACA;AAAA,0BACE,MAAQ;AAAA,wBACV;AAAA,sBACF;AAAA,oBACF;AAAA,oBACA,uCAAyC;AAAA,sBACvC,OAAS;AAAA,wBACP;AAAA,0BACE,MAAQ;AAAA,0BACR,OAAS;AAAA,4BACP,MAAQ;AAAA,0BACV;AAAA,wBACF;AAAA,wBACA;AAAA,0BACE,MAAQ;AAAA,wBACV;AAAA,sBACF;AAAA,oBACF;AAAA,oBACA,6CAA+C;AAAA,sBAC7C,OAAS;AAAA,wBACP;AAAA,0BACE,MAAQ;AAAA,0BACR,OAAS;AAAA,4BACP,MAAQ;AAAA,0BACV;AAAA,wBACF;AAAA,wBACA;AAAA,0BACE,MAAQ;AAAA,wBACV;AAAA,sBACF;AAAA,oBACF;AAAA,oBACA,gCAAkC;AAAA,sBAChC,MAAQ;AAAA,sBACR,OAAS;AAAA,wBACP,MAAQ;AAAA,sBACV;AAAA,oBACF;AAAA,oBACA,gBAAkB;AAAA,sBAChB,MAAQ;AAAA,oBACV;AAAA,oBACA,mBAAqB;AAAA,sBACnB,MAAQ;AAAA,oBACV;AAAA,oBACA,UAAY;AAAA,sBACV,MAAQ;AAAA,oBACV;AAAA,oBACA,uBAAyB;AAAA,sBACvB,MAAQ;AAAA,oBACV;AAAA,oBACA,0BAA4B;AAAA,sBAC1B,OAAS;AAAA,wBACP;AAAA,0BACE,MAAQ;AAAA,0BACR,OAAS;AAAA,4BACP,MAAQ;AAAA,0BACV;AAAA,wBACF;AAAA,wBACA;AAAA,0BACE,MAAQ;AAAA,wBACV;AAAA,sBACF;AAAA,oBACF;AAAA,oBACA,uBAAyB;AAAA,sBACvB,OAAS;AAAA,wBACP;AAAA,0BACE,MAAQ;AAAA,0BACR,OAAS;AAAA,4BACP,MAAQ;AAAA,0BACV;AAAA,wBACF;AAAA,wBACA;AAAA,0BACE,MAAQ;AAAA,wBACV;AAAA,sBACF;AAAA,oBACF;AAAA,oBACA,sBAAwB;AAAA,sBACtB,OAAS;AAAA,wBACP;AAAA,0BACE,MAAQ;AAAA,0BACR,OAAS;AAAA,4BACP,MAAQ;AAAA,0BACV;AAAA,wBACF;AAAA,wBACA;AAAA,0BACE,MAAQ;AAAA,wBACV;AAAA,sBACF;AAAA,oBACF;AAAA,oBACA,0CAA4C;AAAA,sBAC1C,OAAS;AAAA,wBACP;AAAA,0BACE,MAAQ;AAAA,0BACR,OAAS;AAAA,4BACP,MAAQ;AAAA,0BACV;AAAA,wBACF;AAAA,wBACA;AAAA,0BACE,MAAQ;AAAA,wBACV;AAAA,sBACF;AAAA,oBACF;AAAA,oBACA,0CAA4C;AAAA,sBAC1C,OAAS;AAAA,wBACP;AAAA,0BACE,MAAQ;AAAA,0BACR,OAAS;AAAA,4BACP,MAAQ;AAAA,0BACV;AAAA,wBACF;AAAA,wBACA;AAAA,0BACE,MAAQ;AAAA,wBACV;AAAA,sBACF;AAAA,sBACA,aAAe;AAAA,oBACjB;AAAA,oBACA,uCAAyC;AAAA,sBACvC,OAAS;AAAA,wBACP;AAAA,0BACE,MAAQ;AAAA,0BACR,OAAS;AAAA,4BACP,MAAQ;AAAA,0BACV;AAAA,wBACF;AAAA,wBACA;AAAA,0BACE,MAAQ;AAAA,wBACV;AAAA,sBACF;AAAA,oBACF;AAAA,oBACA,0CAA4C;AAAA,sBAC1C,OAAS;AAAA,wBACP;AAAA,0BACE,MAAQ;AAAA,0BACR,OAAS;AAAA,4BACP,MAAQ;AAAA,0BACV;AAAA,wBACF;AAAA,wBACA;AAAA,0BACE,MAAQ;AAAA,wBACV;AAAA,sBACF;AAAA,oBACF;AAAA,oBACA,0CAA4C;AAAA,sBAC1C,OAAS;AAAA,wBACP;AAAA,0BACE,MAAQ;AAAA,0BACR,OAAS;AAAA,4BACP,MAAQ;AAAA,0BACV;AAAA,wBACF;AAAA,wBACA;AAAA,0BACE,MAAQ;AAAA,wBACV;AAAA,sBACF;AAAA,sBACA,aAAe;AAAA,oBACjB;AAAA,oBACA,gDAAkD;AAAA,sBAChD,OAAS;AAAA,wBACP;AAAA,0BACE,MAAQ;AAAA,0BACR,OAAS;AAAA,4BACP,MAAQ;AAAA,0BACV;AAAA,wBACF;AAAA,wBACA;AAAA,0BACE,MAAQ;AAAA,wBACV;AAAA,sBACF;AAAA,oBACF;AAAA,oBACA,gDAAkD;AAAA,sBAChD,OAAS;AAAA,wBACP;AAAA,0BACE,MAAQ;AAAA,0BACR,OAAS;AAAA,4BACP,MAAQ;AAAA,0BACV;AAAA,wBACF;AAAA,wBACA;AAAA,0BACE,MAAQ;AAAA,wBACV;AAAA,sBACF;AAAA,sBACA,aAAe;AAAA,oBACjB;AAAA,oBACA,uCAAyC;AAAA,sBACvC,OAAS;AAAA,wBACP;AAAA,0BACE,MAAQ;AAAA,0BACR,OAAS;AAAA,4BACP,MAAQ;AAAA,0BACV;AAAA,wBACF;AAAA,wBACA;AAAA,0BACE,MAAQ;AAAA,wBACV;AAAA,sBACF;AAAA,oBACF;AAAA,oBACA,kDAAoD;AAAA,sBAClD,OAAS;AAAA,wBACP;AAAA,0BACE,MAAQ;AAAA,0BACR,OAAS;AAAA,4BACP,MAAQ;AAAA,0BACV;AAAA,wBACF;AAAA,wBACA;AAAA,0BACE,MAAQ;AAAA,wBACV;AAAA,sBACF;AAAA,oBACF;AAAA,oBACA,0BAA4B;AAAA,sBAC1B,OAAS;AAAA,wBACP;AAAA,0BACE,MAAQ;AAAA,0BACR,OAAS,CAAC;AAAA,wBACZ;AAAA,wBACA,CAAC;AAAA,sBACH;AAAA,sBACA,aAAe;AAAA,oBACjB;AAAA,oBACA,uBAAyB;AAAA,sBACvB,OAAS;AAAA,wBACP;AAAA,0BACE,MAAQ;AAAA,0BACR,OAAS;AAAA,4BACP,MAAQ;AAAA,0BACV;AAAA,wBACF;AAAA,wBACA;AAAA,0BACE,MAAQ;AAAA,wBACV;AAAA,sBACF;AAAA,sBACA,aAAe;AAAA,oBACjB;AAAA,oBACA,kBAAoB;AAAA,sBAClB,OAAS;AAAA,wBACP;AAAA,0BACE,MAAQ;AAAA,0BACR,OAAS;AAAA,4BACP,MAAQ;AAAA,0BACV;AAAA,wBACF;AAAA,wBACA;AAAA,0BACE,MAAQ;AAAA,wBACV;AAAA,sBACF;AAAA,sBACA,aAAe;AAAA,oBACjB;AAAA,oBACA,uBAAyB;AAAA,sBACvB,MAAQ;AAAA,oBACV;AAAA,oBACA,0BAA4B;AAAA,sBAC1B,OAAS;AAAA,wBACP;AAAA,0BACE,MAAQ;AAAA,0BACR,OAAS;AAAA,4BACP,MAAQ;AAAA,0BACV;AAAA,wBACF;AAAA,wBACA;AAAA,0BACE,MAAQ;AAAA,wBACV;AAAA,sBACF;AAAA,oBACF;AAAA,oBACA,sBAAwB;AAAA,sBACtB,OAAS;AAAA,wBACP;AAAA,0BACE,MAAQ;AAAA,0BACR,OAAS;AAAA,4BACP,MAAQ;AAAA,0BACV;AAAA,wBACF;AAAA,wBACA;AAAA,0BACE,MAAQ;AAAA,wBACV;AAAA,sBACF;AAAA,oBACF;AAAA,oBACA,4BAA8B;AAAA,sBAC5B,MAAQ;AAAA,oBACV;AAAA,oBACA,6BAA+B;AAAA,sBAC7B,MAAQ;AAAA,oBACV;AAAA,oBACA,iCAAmC;AAAA,sBACjC,MAAQ;AAAA,oBACV;AAAA,oBACA,kCAAoC;AAAA,sBAClC,MAAQ;AAAA,oBACV;AAAA,oBACA,eAAiB;AAAA,sBACf,MAAQ;AAAA,oBACV;AAAA,oBACA,YAAc;AAAA,sBACZ,MAAQ;AAAA,oBACV;AAAA,oBACA,0BAA4B;AAAA,sBAC1B,OAAS;AAAA,wBACP;AAAA,0BACE,MAAQ;AAAA,0BACR,OAAS;AAAA,4BACP,MAAQ;AAAA,0BACV;AAAA,wBACF;AAAA,wBACA;AAAA,0BACE,MAAQ;AAAA,wBACV;AAAA,sBACF;AAAA,oBACF;AAAA,oBACA,sBAAwB;AAAA,sBACtB,MAAQ;AAAA,oBACV;AAAA,kBACF;AAAA,gBACF;AAAA,cACF;AAAA,YACF;AAAA,YACA,QAAU;AAAA,cACR,MAAQ;AAAA,cACR,MAAQ,CAAC,WAAW,YAAY;AAAA,YAClC;AAAA,YACA,aAAe;AAAA,cACb,MAAQ;AAAA,cACR,MAAQ,CAAC,0BAA0B,6BAA6B,qCAAqC;AAAA,YACvG;AAAA,YACA,cAAgB;AAAA,cACd,MAAQ;AAAA,cACR,MAAQ,CAAC,YAAY,UAAU;AAAA,YACjC;AAAA,YACA,OAAS;AAAA,cACP,MAAQ;AAAA,cACR,MAAQ,CAAC,UAAU,oBAAoB,WAAW,SAAS,WAAW,OAAO;AAAA,YAC/E;AAAA,YACA,aAAe;AAAA,cACb,MAAQ;AAAA,cACR,MAAQ,CAAC,UAAU,UAAU;AAAA,YAC/B;AAAA,YACA,aAAe;AAAA,cACb,MAAQ;AAAA,cACR,MAAQ,CAAC,SAAS,SAAS,SAAS,SAAS,QAAQ;AAAA,YACvD;AAAA,YACA,cAAgB;AAAA,cACd,MAAQ;AAAA,cACR,MAAQ,CAAC,YAAY,aAAa,QAAQ,eAAe,OAAO;AAAA,YAClE;AAAA,YACA,WAAa;AAAA,cACX,MAAQ;AAAA,cACR,MAAQ,CAAC,sBAAsB,UAAU;AAAA,YAC3C;AAAA,YACA,iCAAmC;AAAA,cACjC,MAAQ;AAAA,cACR,MAAQ,CAAC,OAAO,MAAM;AAAA,YACxB;AAAA,YACA,yBAA2B;AAAA,cACzB,MAAQ;AAAA,cACR,MAAQ,CAAC,sBAAsB,uBAAuB,qBAAqB,iBAAiB;AAAA,YAC9F;AAAA,YACA,WAAa;AAAA,cACX,MAAQ;AAAA,cACR,MAAQ,CAAC,UAAU,cAAc,aAAa;AAAA,YAChD;AAAA,YACA,aAAe;AAAA,cACb,MAAQ;AAAA,cACR,MAAQ,CAAC,kBAAkB,iBAAiB;AAAA,YAC9C;AAAA,UACF;AAAA,UACA,SAAW;AAAA,YACT,oBAAsB;AAAA,cACpB,aAAe;AAAA,cACf,WAAa;AAAA,gBACX,MAAQ;AAAA,cACV;AAAA,cACA,YAAc;AAAA,gBACZ,MAAQ;AAAA,cACV;AAAA,YACF;AAAA,YACA,6BAA+B;AAAA,cAC7B,aAAe;AAAA,cACf,WAAa;AAAA,gBACX,MAAQ;AAAA,cACV;AAAA,cACA,YAAc;AAAA,gBACZ,MAAQ;AAAA,cACV;AAAA,YACF;AAAA,YACA,+BAAiC;AAAA,cAC/B,aAAe;AAAA,cACf,WAAa;AAAA,gBACX,MAAQ;AAAA,cACV;AAAA,cACA,YAAc;AAAA,gBACZ,MAAQ;AAAA,cACV;AAAA,YACF;AAAA,YACA,uBAAyB;AAAA,cACvB,aAAe;AAAA,cACf,WAAa;AAAA,gBACX,MAAQ;AAAA,cACV;AAAA,cACA,YAAc;AAAA,gBACZ,MAAQ;AAAA,cACV;AAAA,YACF;AAAA,UACF;AAAA,QACF;AAAA,MACF;AAAA,IACF;AAAA;AAAA;;;AC7+DA;;;;;mCAAAC;EAAA;uBAAAC;EAAA,gBAAAC;EAAA;iBAAAC;EAAA;;;;;oBAAAC;EAAA,gBAAAC;EAAA;;;;;AAAA,uBAAwB;;;ACAxB,IAAAC,wBAAoB;AAEpB,IAAAC,sBAAuC;AACvC,IAAAA,sBAAqG;;;ACHrG,2BAAoB;AAIpB,yBAAyE;AACzE,IAAAC,sBAQO;AAEP,aAAwB;AACxB,mBAAqD;AAErD,yBAA2B;AAjB3B,IAAM,EAAEC,IAAG,IAAKC,qBAAAA;AAuBhB,IAAMC,4BAA4BF,IAAIG,SAASC,OAAOF;AAMtD,IAAMG,UAAUJ,qBAAAA,QAAQD,IAAIG,SAASC,OAAOC;AAE5C,IAAMC,gBAAgBL,qBAAAA,QAAQD,IAAIG,SAASI,IAAID;AAC/C,IAAME,aAAaP,qBAAAA,QAAQD,IAAIG,SAASI,IAAIC;AAC5C,IAAMC,WAAWR,qBAAAA,QAAQD,IAAIG,SAASI,IAAIE;AAC1C,IAAMC,WAAWT,qBAAAA,QAAQD,IAAIG,SAASI,IAAIG;AAE1C,IAAMC,qBAAqBV,qBAAAA,QAAQD,IAAIG,SAASC,OAAOQ,QAAQD;AAC/D,IAAME,mBAAmBZ,qBAAAA,QAAQD,IAAIG,SAASC,OAAOS;AAE9C,IAAMC,oBAAN,MAAMA;EAxCb,OAwCaA;;;;EACX,YAAoBC,SAA4B;SAA5BA,UAAAA;EAA6B;EAEjDC,WAAWD,SAA2B;AACpC,SAAKA,UAAUA;EACjB;EAEA,MAAME,UAAUC,OAAuBC,gBAAuD;AAC5F,QAAI,CAAC,KAAKJ,SAAS;AACjB,YAAMK,MAAM,yFAAA;IACd;AACA,UAAM,EAAEC,SAASC,KAAKC,MAAK,IAAKL;AAChC,QAAIM,YAAYH,QAAQG,aAAaC;AACrC,QAAI,CAACD,WAAW;AACd,YAAME,MAAML,QAAQK;AACpB,UAAIA,OAAO,MAAM;AACf,eAAOC,QAAQC,OAAOR,MAAM,2EAAA,CAAA;MAC9B;AACA,YAAMS,kBAAkB7B,IAAIG,SAASC,OAAO0B,gBAAgBC,OAAOC,YAAYX,SAASK,GAAAA;AACxF,YAAMO,aAA+D/B,0BAA0BgC,qBAAqBL,eAAAA;AAEpH,YAAMM,MAAMF,WAAWE,WAAOC,2CAAuB;QAAEC,KAAKJ,WAAWP,IAAIY,UAAS;MAAG,CAAA,KAAML,WAAWP,IAAIa,eAAe,IAAA;AAC3H,UAAI,CAACJ,KAAK;AACR,eAAOR,QAAQC,OAAOR,MAAM,2CAAA,CAAA;MAC9B;AACAI,kBAAYW;IACd;AACA,UAAMK,SAAS,MAAM,KAAKzB,QAAQ0B,MAAMC,eAAe;MACrDC,WAAWrB,IAAIsB,KAAOrB;MACtBsB,MAAMpC,SAASc,OAAOb,SAASoC,IAAI;MACnCC,UAAU;MACVC,QAAQxB;IACV,CAAA;AACA,WAAOhB,WAAWgC,QAAQ9B,SAASoC,IAAI;EACzC;EAEA,MAAMG,aACJ/B,OACAG,SACAF,gBACmF;AACnF,UAAM+B,gBAAgB,8BACpBC,SAAAA;AAKA,UAAIhC,mBAAmB,CAACgC,QAAOA,KAAIC,WAAW,IAAI;AAEhD,eAAOzB,QAAQC,OAAO,IAAIR,MAAM,iDAAiD,CAAA;MACnF;AAEAiC,mBAAaF,WAAMG,+CAA0BH,KAAI,CAAA,CAAE,IAAI1B;AACvD,UAAI8B;AACJ,UAAIF,YAAY;AACd,cAAMG,OAAO,UAAMC,wCAAmBJ,UAAAA;AACtCE,oBAAYC,KAAKE;MACnB;AACA,aAAO;QAAEL;QAAYE;MAAU;IACjC,GAlBsB;AAoBtB,UAAMI,cAAczD,0BAA0B0D,cAAcvC,OAAAA;AAE5D,QAAIsC,aAAajC,KAAKmC,GAAG;AACvB,YAAMzC,MAAM,oCAAA;IACd,WAAW,CAACF,MAAM4C,SAASvC,OAAO;AAChC,aAAOI,QAAQC,OAAOR,MAAM,oDAAA,CAAA;IAC9B;AACA,UAAM2C,YAAY7C,MAAM8C,OAAM;AAC9B,UAAMC,UAAUF,UAAUG,gBAAgB5C;AAC1C,QAAI,CAAC2C,SAAS;AACZ,aAAOtC,QAAQC,OAAOR,MAAM,iCAAA,CAAA;IAC9B;AAEA,QAAIiC;AACJ,QAAIc;AACJ,QAAIhC,MAAMwB,aAAaxB,OAAO4B,UAAUG,gBAAgB/B,OAAO4B,UAAUK,mBAAmBjC;AAE5F,UAAMgB,MAAMQ,aAAajC,KAAK2C,wBAAAA,KAA6BN,UAAUG,iBAAiBI,WAAWP,UAAUK,mBAAmBE;AAC9H,QAAI,CAACX,eAAe,CAACA,aAAajC,OAAOiC,aAAajC,KAAK4C,SAAS;AAClE,YAAMC,aAAa,MAAMrB,cAAcC,GAAAA;AACvCgB,sBAAgBI,WAAWhB,YAAYrD,0BAA0BsE,UAAUD,WAAWhB,SAAS,IAAI9B;AACnG4B,mBAAakB,WAAWlB;IAC1B;AACA,QAAI,CAACc,eAAe;AAClB,UAAI,CAACR,aAAajC,KAAK;AACrB,eAAOC,QAAQC,OAAOR,MAAM,wFAAwF,CAAA;MACtH;AACA,UAAIe,QAAQ,MAAM;AAChBA,cAAMwB,YAAYjC,IAAIa,eAAe,KAAA;MACvC;AACA4B,sBAAgBnE,IAAIG,SAASC,OAAOqE,KAAKC,YAAY3C,OAAO4C,QAAQhB,YAAYjC,GAAG;IACrF;AAEA,UAAMkD,oBAAoB,IAAIvE,QAC5B8B,KACAgC,eACAR,YAAYkB,MACZlB,YAAYmB,eACZX,cAAcY,sBAAqB,KAAMpB,YAAYqB,oBACrD7B,KACAQ,YAAYnC,WACZmC,YAAYsB,KACZtB,YAAYuB,WAAWf,cAAcgB,OAAM,CAAA;AAE7C,UAAMC,yBAAyBlE,MAAMmE,eAAeT,mBAAmBjE,mBAAmBoB,OAAOuD,SAASrB,OAAAA,CAAAA;AAC1G,UAAMvC,MAAMxB,0BAA0BqF,UAAUX,kBAAkBlD,GAAG,EAAGY,UAAS;AACjF,UAAMkD,QAAQ,UAAMC,uCAAmB;MACrC5C,UAAM6C,+BAAWN,uBAAuBO,gBAAgB,WAAA;MACxDC,eAAWF,+BAAW3B,UAAU6B,WAAW,WAAA;MAC3ClE;IACF,CAAA;AAEA,WAAO;MACLmE,MAAM;MACNC,UAAU;MACVC,OAAO,CAACP;MACRQ,SAAS,iBAAiB3C,iBAAa4C,kCAAa5C,UAAAA,EAAY6C,KAAK/D,GAAAA,SAAYqD,QAAQ,KAAK,IAAA;MAC9FnE,SAASuD;IACX;EACF;EAEAuB,sBACE9E,SAC2D;AAC3D,QAAIA,QAAQK,KAAK;AACf,aAAOC,QAAQyE,QAAQlG,0BAA0BmG,kBAAkBhF,SAASA,QAAQK,GAAG,CAAA;IACzF;AACA,WAAOC,QAAQC,OAAOR,MAAM,iGAAA,CAAA;EAC9B;AACF;AASO,IAAMkF,sBAAN,MAAMA;EAnLb,OAmLaA;;;EACHC;EAER,YAAYC,cAA8B;AACxC,SAAKC,gBAAgBD,YAAAA;EACvB;;;;;;;EAQA,MAAME,uBAAuB,EAC3BC,OACAC,eAAe,KAAKC,gBAAe,GACnCC,kBACAjC,KAAI,GACwD;AAC5D,WAAO,UAAMkC,kDAA6B;MACxCJ;MACAC;MACAE;MACAjC;IACF,CAAA;EACF;;;;EAKA,MAAMmC,yBACJC,UACAC,UACAV,cACAW,qBACAL,kBACuE;AACvE,UAAMM,iBAAiBN,oBAAoBxG,cAAcyB,OAAOsF,QAAQC,cAAa;AACrF,QAAIX,QAAoC,CAAA;AACxC,QAAIM,YAAYA,SAAS7D,SAAS,GAAG;AACnCuD,cAAQM,SAASM,IAAI,CAACC,QAAQC,WAAWC,KAAKF,GAAAA,CAAAA;IAChD;AACA,QAAIN,YAAYA,SAAS9D,SAAS,GAAG;AACnCuD,eAASA,SAAS,CAAA,GAAIgB,OAAOT,QAAAA;IAC/B;AACA,UAAM1E,SAAS,UAAMuE,kDAA6B;MAChDJ;MACAC,cAAcJ,gBAAgB,KAAKK,gBAAe;MAClDC,kBAAkB,IAAIc,KAAKR,eAAeS,eAAc,EAAGC,QAAO,IAAK,GAAA;MACvEjD,MAAM;QAAEkD,wBAAwB;MAAK;IACvC,CAAA;AAEA,UAAMC,OAAoCxF,OAAOyF,mBAAmBzF,OAAOyF,iBAAiBzF,OAAOyF,iBAAiB7E,SAAS,CAAA,IAAK3B;AAElI,WAAO;MACLyG,WAAWF,MAAMtE;MACjByE,oBAAoBH,MAAMtE,cAAcpC;MACxCuE,MAAM;MACNC,UAAUtD,OAAOsD;MACjBE,SAASxD,OAAOwD;MAChBD,OAAOvD,OAAOuD;MACde,kBAAkBM;IACpB;EACF;EAEAX,kBAAkB,wBAAC2B,sBAAAA;AACjB,SAAK7B,gBAAgB6B,mBAAmBb,IAAI,CAACS,SAAAA;AAC3C,UAAIA,KAAKK,SAAS,aAAA,GAAgB;AAEhC,eAAOL;MACT;AACA,iBAAOM,8BAASN,IAAAA;IAClB,CAAA;EACF,GARkB;EAUlBnB,kBAAkB,6BAAM,KAAKN,eAAX;AACpB;AAEA,IAAMgC,sBAAsB,6BAAA;AAE1B,MAAI,OAAOC,SAAS,aAAa;AAE/B,QAAI,YAAYA,MAAM;AACpB,UAAIC,aAAa;AAEjB,UAAI,kBAAkBD,KAAKpI,QAAQ;AACjCqI,qBAAa;MACf;AAEAC,kCAAUD,YAAY,IAAIE,0BAAa;QAAE9C,MAAM4C;QAAYrI;MAAe,CAAA,CAAA;IAC5E;EACF,WAAW,OAAOA,WAAW,eAAe,eAAeA,QAAQ;AACjE,UAAMyF,OAAO;AACb,UAAM+C,aAAoBC;AAE1BH,gCAAU7C,MAAM,IAAI8C,0BAAa;MAAE9C;MAAMzF,QAAQwI;IAAW,CAAA,CAAA;EAC9D,OAAO;AAEL,UAAM/C,OAAO;AACb6C,gCAAU7C,MAAM,IAAI8C,0BAAa;MAAE9C;MAAMzF,YAAQ0I,iCAAa,KAAA;IAAO,CAAA,CAAA;EACvE;AACF,GAvB4B;AAyB5BP,oBAAAA;AAGA1H,iBAAiBkI,qBAAqB,IAAIjI,kBAAAA,CAAAA;AAC1CD,iBAAiBmI,eAAe,IAAI1C,oBAAAA,CAAAA;;;AC9RpC,IAAA2C,wBAAoB;AACpB,IAAM,EAAEC,KAAAA,KAAG,IAAKC,sBAAAA;AAeT,IAAMC,iBAAiBF,KAAIG,SAASC,KAAKF;AACzC,IAAMG,cAAcL,KAAIG,SAASG,OAAOC,KAAKF;AAC7C,IAAMG,sBAAsBR,KAAIG,SAASG,OAAOE;AAChD,IAAMC,6BAA4BT,KAAIG,SAASG,OAAOG;AACtD,IAAMC,WAAUV,KAAIG,SAASG,OAAOI;AACpC,IAAMC,iBAAgBX,KAAIG,SAASS,IAAID;AACvC,IAAME,cAAab,KAAIG,SAASS,IAAIC;AACpC,IAAMC,YAAWd,KAAIG,SAASS,IAAIE;AAClC,IAAMC,YAAWf,KAAIG,SAASS,IAAIG;AAClC,IAAMC,kBAAkBhB,KAAIG,SAASc,KAAKC,KAAKF;AAC/C,IAAMG,oBAAoBnB,KAAIG,SAASc,KAAKG,OAAOC;AACnD,IAAMC,MAAMtB,KAAIG,SAASG,OAAOiB,KAAKD;AAGrC,IAAME,+BAA+BxB,KAAIG,SAASc,KAAKG,OAAOI;;;AF7BrE,IAAM,EAAEC,KAAAA,KAAG,IAAKC,sBAAAA;AA+BT,IAAMC,qBAAoC;EAC/C;EACA;EACA;EACA;EACA;;AAQK,IAAMC,UAAN,MAAMA;EA7Cb,OA6CaA;;;EACFC,SAASA,OAAOC;EAChBC,UAAoB;IAC3BC,4BAA4B,KAAKA,2BAA2BC,KAAK,IAAI;IACrEC,wBAAwB,KAAKA,uBAAuBD,KAAK,IAAI;IAC7DE,wBAAwB,KAAKA,uBAAuBF,KAAK,IAAI;IAC7DG,yBAAyB,KAAKA,wBAAwBH,KAAK,IAAI;IAC/DI,oBAAoB,KAAKA,mBAAmBJ,KAAK,IAAI;EACvD;EACiBK;EACTC;EAMR,YAAYC,MAWT;AACD,SAAKF,eAAeE,MAAMF,gBAAgB,CAAA;AAC1C,SAAKC,OAAOC,MAAMD,QAAQ;MAAEE,wBAAwB;IAAK;EAC3D;;;;;;;;EASA,MAAcL,wBAAwBI,MAA6BE,UAAiE;AAClI,UAAM,EAAEC,OAAOC,wBAAwBN,cAAcO,eAAeC,iBAAiBC,2BAA2BC,aAAaC,SAAQ,IAAKT;AAE1I,UAAMU,gBAAgB,IAAIC,kBAAAA;AAE1B,UAAMC,WAAW,8BAAOC,SAAAA;AACtB,UAAI;AACF,cAAMC,SAAS,MAAMC,gBAAgBC,kBACnCH,MACA,MACAf,gBAAgB,KAAKA,cACrBmB,eAAcC,OAAOC,QAAQC,eAAef,eAAegB,kBAAkBC,QAAAA,KAAaC,KAAKC,IAAG,KAAM,GAAA,GACxGnB,eAAeoB,qBAAAA;AAEjB,YAAIX,OAAOY,OAAO;AAChBC,kBAAQC,IAAIC,KAAKC,UAAUhB,QAAQ,MAAM,CAAA,CAAA;QAC3C;AACA,eAAOA;MACT,SAASiB,GAAG;AACVJ,gBAAQC,IAAIG,CAAAA;AACZ,eAAO;UACLL,OAAO;UACPrB,eAAe;YACb;cACE2B,MAAM;cACNN,OAAO;cACPO,UAAU;cACVC,SAASH,EAAEG;YACb;;QAEJ;MACF;IACF,GA3BiB;AA6BjB,UAAMC,aAA8CzB,cAAc0B,6BAChE9B,iBACAH,OACAC,sBAAAA;AAEF,UAAMiC,qBAAsD,CAAA;AAC5D,QAAIC,YAA2HC;AAC/H,aAASC,SAASL,YAAY;AAC5B,UAAIK,MAAMC,UAAU;AAClB,cAAM3B,SAAS,MAAMF,SAAS4B,MAAMC,QAAQ;AAC5C,YAAI,CAAC3B,OAAOY,SAASlB,YAAYkC,SAAS,YAAA,GAAe;AAEvD,cAAI;AACF,kBAAMC,UAAU7B,OAAO8B,SAASC,MAAMC,YAAY5B,OAAO6B,QAAQjC,OAAO8B,QAAQC,GAAG,IAAIN;AACvF,gBAAI,CAACI,SAAS;AACZ,oBAAMK,MAAM,wBAAA;YACd;AACA,gBAAIC,MAAMC,2BAA0BC,UAAUR,OAAAA,EAASS,UAAS;AAChE,gBAAI,CAACtC,OAAO8B,SAASS,WAAW;AAC9B,oBAAMT,UAAU9B,OAAO8B;AACvB,oBAAMU,MAAML,IAAIK,WAAOC,4CAAuB;gBAAEN;cAAS,CAAA;AAEzD,oBAAMJ,MAAM,MAAM3C,SAASsD,MAAMC,cAAc;gBAAEH;cAAI,CAAA;AACrD,oBAAMI,MAAMb,IAAIa;AAChB,oBAAML,YAAYR,IAAIc,MAAMN;AAC5B,oBAAMO,gBAAgBjB,QAAQkB,KAAK,OAAOlB,QAAQmB,KAAKnB,QAAQW,OAAO,IAAIS,eAAeC,YAAWV,KAAKW,UAASC,IAAI,CAAA,CAAA;AACtH,oBAAMC,gBAAgBC,SAAQlD,OAAO6B,QAAQH,OAAAA,EAASiB,KACpDP,KACAM,eACAhB,QAAQ7C,MACR6C,QAAQyB,eACRzB,QAAQ0B,oBACR1B,QAAQ2B,KACRlB,WACAK,GAAAA;AAEF,oBAAMc,cAAchC,MAAMqB,KAAKrB,MAAMiC,iBAAiBjC,MAAMC,UAAUD,MAAMkC,eAAeP,aAAAA;AAC3F3B,sBAAQgC;YACV;UACF,SAASzC,GAAQ;AACfJ,oBAAQC,IAAI,gFAAgFG,EAAEG,OAAO,IAAIH,CAAAA;UAC3G;AAEAM,6BAAmBsC,KAAKnC,KAAAA;QAC1B,WAAW1B,OAAOY,OAAO;AACvBY,sBAAYxB;QACd;MACF;IACF;AACA,QAAIuB,mBAAmBuC,WAAW,GAAG;AACnC,UAAItC,WAAW;AACb,eAAOuC,QAAQC,OAAO9B,MAAMV,UAAUjC,cAAc,CAAA,EAAG6B,WAAW,6BAAA,CAAA;MACpE;AACA,aAAO2C,QAAQC,OAAO9B,MAAM,6BAAA,CAAA;IAC9B;AACA,UAAM+B,iBAAiB,MAAMrE,cAAcsE,qBACzC3C,oBACAjC,wBACAK,UACAD,aACAD,yBAAAA;AAEF,UAAM0E,WAAWC,UAASH,eAAeI,WAAU,GAAIlB,UAASmB,SAAS;AACzE,UAAMC,0BAA0BC,6BAA6BpE,OAAOqE,2BAClEnF,sBAAAA;AAEF,WAAO;MAAE6E;MAAUI;IAAwB;EAC7C;;;;;;;;;EAUA,MAAcxF,mBAAmBG,MAA8BE,UAA+D;AAC5H,UAAM,EAAE+E,UAAUI,yBAAyBvF,aAAY,IAAKE;AAC5D,UAAM+E,iBAAiB9F,KAAIuG,SAAS3E,KAAK4E,KAAKC,OAAOC,mBAAmBzE,OAAO0E,WAAW5B,YAAWiB,UAAUhB,UAASmB,SAAS,CAAA;AACjI,QAAI,CAACL,eAAec,WAAW;AAC7B,aAAOhB,QAAQC,OAAO9B,MAAM,gCAAgC,CAAA;IAC9D;AACA,QAAItB,QAAQ;AACZ,UAAMmE,YAAY,MAAMhB,QAAQiB,IAC9Bf,eAAec,UAAUE,IAAI,OAAOtD,aAAAA;AAClC,UAAI;AACF,cAAMuD,cAAc,MAAMjF,gBAAgBC,kBAAkByB,UAAU,MAAM3C,gBAAgB,KAAKA,YAAY;AAC7G,YAAI,CAACkG,eAAeA,YAAYtE,OAAO;AACrCA,kBAAQ;QACV;AACA,YAAI2D,wBAAwBY,eAAeC,KAAK,CAACC,MAAMA,EAAEC,OAAO3D,SAAS4D,QAAQC,KAAK,MAAM,MAAM;AAChG5E,kBAAQ;AACRsE,sBAAY3F,cAAcsE,KAAK;YAC7B3C,MAAM;YACNN;YACAO,UAAUP;YACVQ,SAAS,2CAA2CO,SAAS4D,QAAQC,KAAK;UAC5E,CAAA;QACF;AACA,eAAO;UAAE7D,UAAUA,SAAS8D,OAAM;UAAIP;QAAY;MACpD,SAASjE,GAAG;AACVL,gBAAQ;AACR,eAAO;UACLe,UAAUA,SAAS8D,OAAM;UACzBP,aAAa;YACXtE,OAAO;YACPrB,eAAe;cACb;gBACE2B,MAAM;gBACNN;gBACAO,UAAU;gBACVC,SAASH,EAAEG;cACb;;UAEJ;QACF;MACF;IACF,CAAA,CAAA;AAEF,QAAIR,OAAO;AACTC,cAAQC,IAAIC,KAAKC,UAAU+D,WAAW,MAAM,CAAA,CAAA;IAC9C;AACA,WAAO;MAAEnE;MAAOmE;MAAWR;IAAwB;EACrD;;;;;;;;EASA,MAAc1F,uBAAuBK,MAAkCwG,SAAqE;AAC1I,UAAM,EAAEC,OAAO7D,SAAS8D,eAAc,IAAK1G;AAC3C,UAAM2G,cAAc/D,WAAWM,2BAA0B0D,cAAchE,OAAAA;AACvE,UAAMiE,eAAe,MAAM,IAAIC,oBAAoB,IAAIC,kBAAkBP,OAAAA,CAAAA,EAAUQ,QACjF/H,KAAIuG,SAASyB,OAAOC,KAAKC,cAAcjG,OAAO6B,QAAQ0D,KAAAA,EAAOW,OAAM,GACnET,aACAD,cAAAA;AAEF,WAAO;MAAE,GAAGG;MAAcjE;IAAiB;EAC7C;;;;;;;;;EAUA,MAAcpD,2BAA2BQ,MAAkCE,UAA2D;AACpI,UAAMmH,gBAA0B;SAAI,KAAKvH;SAAkBE,KAAKF,gBAAgB,CAAA;;AAChF,UAAMA,eAAe,IAAIwH,IAAYD,aAAAA;AACrC,UAAME,mBAAmB,MAAM,IAAIC,oBAAoBC,MAAMC,KAAKL,aAAAA,CAAAA,EAAgBM,uBAAuB;MACvG,GAAG3H;MACHF,cAAc2H,MAAMC,KAAK5H,YAAAA;MACzBC,MAAM;QAAE,GAAGC,MAAMD;QAAM,GAAG,KAAKA;MAAK;IACtC,CAAA;AACA4B,YAAQC,IACN,uBAAuB2F,iBAAiB7F,QAAQ,UAAU,SAAA,cAAuB6F,iBAAiBrF,OAAO,cAAcqF,iBAAiBK,aAAa,EAAE;AAEzJ,WAAOL;EACT;;;;;;;;;;;EAYA,MAAc7H,uBAAuBM,MAAkCwG,SAAuD;AAC5H,UAAMqB,eAAe7H,KAAK6H,aAAa9B,IAAI,CAAC+B,aAASC,+CAA0BD,IAAAA,CAAAA;AAC/E,WAAO,MAAMjD,QAAQiB,IAAI+B,aAAa9B,IAAI,CAAC+B,aAASE,wCAAmBF,MAAM9H,KAAKiI,iBAAiB;MAAEA,eAAejI,KAAKiI;IAAc,CAAA,CAAA,CAAA;EACzI;AACF;;;ADxSO,IAAMC,SAASC,yBAAQC,QAAQC,IAAI,eAAA;AAC1C,IAAMC,SAASC;","names":["module","CoseJoseKeyMappingService","DateTimeUtils","Encoding","KeyInfo","decodeFrom","encodeTo","import_kmp_mdoc_core","import_ssi_sdk_ext","import_ssi_sdk_ext","com","mdocPkg","CoseJoseKeyMappingService","sphereon","crypto","KeyInfo","DateTimeUtils","kmp","decodeFrom","encodeTo","Encoding","SignatureAlgorithm","generic","DefaultCallbacks","CoseCryptoService","context","setContext","signAsync","input","requireX5Chain","Error","keyInfo","alg","value","kmsKeyRef","undefined","key","Promise","reject","resolvedKeyInfo","ResolvedKeyInfo","Static","fromKeyInfo","jwkKeyInfo","toResolvedJwkKeyInfo","kid","calculateJwkThumbprint","jwk","toJsonDTO","getKidAsString","result","agent","keyManagerSign","algorithm","jose","data","UTF8","encoding","keyRef","verify1Async","getCertAndKey","x5c","length","issuerCert","pemOrDerToX509Certificate","issuerJwk","info","getCertificateInfo","publicKeyJWK","coseKeyInfo","toCoseKeyInfo","d","payload","sign1Json","toJson","coseAlg","protectedHeader","issuerCoseKey","unprotectedHeader","getX509CertificateChain","x5chain","certAndKey","toCoseKey","cose","CoseKeyCbor","fromDTO","issuerCoseKeyInfo","opts","keyVisibility","getSignatureAlgorithm","signatureAlgorithm","kms","keyType","getKty","recalculatedToBeSigned","toBeSignedJson","fromCose","toJoseJwk","valid","verifyRawSignature","fromString","base64UrlValue","signature","name","critical","error","message","getSubjectDN","DN","resolvePublicKeyAsync","resolve","toResolvedKeyInfo","X509CallbackService","_trustedCerts","trustedCerts","setTrustedCerts","verifyCertificateChain","chain","trustAnchors","getTrustedCerts","verificationTime","validateX509CertificateChain","verifyCertificateChainJS","chainDER","chainPEM","verificationProfile","verificationAt","DEFAULT","dateTimeLocal","map","der","Uint8Array","from","concat","Date","toEpochSeconds","toULong","trustRootWhenNoAnchors","cert","certificateChain","publicKey","publicKeyAlgorithm","trustedCertsInPEM","includes","derToPEM","defaultCryptoEngine","self","engineName","setEngine","CryptoEngine","nodeCrypto","webcrypto","globalCrypto","setCoseCryptoDefault","setX509Default","import_kmp_mdoc_core","com","mdocPkg","CborByteString","sphereon","cbor","CoseKeyCbor","crypto","cose","CoseCryptoServiceJS","CoseJoseKeyMappingService","KeyInfo","DateTimeUtils","kmp","decodeFrom","encodeTo","Encoding","MdocValidations","mdoc","data","MdocOid4vpService","oid4vp","MdocOid4vpServiceJs","Jwk","jose","Oid4VPPresentationSubmission","com","mdocPkg","mdocSupportMethods","MDLMdoc","schema","IMDLMdoc","methods","x509VerifyCertificateChain","bind","x509GetCertificateInfo","mdocVerifyIssuerSigned","mdocOid4vpHolderPresent","mdocOid4vpRPVerify","trustAnchors","opts","args","trustRootWhenNoAnchors","_context","mdocs","presentationDefinition","verifications","mdocHolderNonce","authorizationRequestNonce","responseUri","clientId","oid4vpService","MdocOid4vpService","validate","mdoc","result","MdocValidations","fromDocumentAsync","DateTimeUtils","Static","DEFAULT","dateTimeLocal","verificationTime","getTime","Date","now","allowExpiredDocuments","error","console","log","JSON","stringify","e","name","critical","message","allMatches","matchDocumentsAndDescriptors","docsAndDescriptors","lastError","undefined","match","document","includes","cborKey","keyInfo","key","CoseKeyCbor","fromDTO","Error","jwk","CoseJoseKeyMappingService","toJoseJwk","toJsonDTO","kmsKeyRef","kid","calculateJwkThumbprint","agent","keyManagerGet","kms","meta","updateCborKey","copy","kty","CborByteString","decodeFrom","Encoding","UTF8","deviceKeyInfo","KeyInfo","keyVisibility","signatureAlgorithm","x5c","updateMatch","inputDescriptor","documentError","push","length","Promise","reject","deviceResponse","createDeviceResponse","vp_token","encodeTo","cborEncode","BASE64URL","presentation_submission","Oid4VPPresentationSubmission","fromPresentationDefinition","sphereon","data","device","DeviceResponseCbor","cborDecode","documents","all","map","validations","descriptor_map","find","m","id","docType","value","toJson","context","input","requireX5Chain","coseKeyInfo","toCoseKeyInfo","verification","CoseCryptoServiceJS","CoseCryptoService","verify1","crypto","cose","CoseSign1Json","toCbor","mergedAnchors","Set","validationResult","X509CallbackService","Array","from","verifyCertificateChain","detailMessage","certificates","cert","pemOrDerToX509Certificate","getCertificateInfo","sanTypeFilter","logger","Loggers","DEFAULT","get","schema","require"]}
1
+ {"version":3,"sources":["../plugin.schema.json","../src/index.ts","../src/agent/mDLMdoc.ts","../src/functions/index.ts","../src/types/ImDLMdoc.ts"],"sourcesContent":["{\n \"IEBSIAuthorizationClient\": {\n \"components\": {\n \"schemas\": {\n \"EBSIAuthAccessTokenGetArgs\": {\n \"type\": \"object\",\n \"properties\": {\n \"vc\": {\n \"type\": \"string\"\n },\n \"definitionId\": {\n \"$ref\": \"#/components/schemas/ScopeByDefinition\"\n },\n \"did\": {\n \"type\": \"string\"\n },\n \"kid\": {\n \"type\": \"string\"\n },\n \"scope\": {\n \"$ref\": \"#/components/schemas/EBSIScope\"\n },\n \"apiOpts\": {\n \"$ref\": \"#/components/schemas/Optional<ApiOpts,\\\"version\\\">\"\n }\n },\n \"required\": [\"vc\", \"definitionId\", \"did\", \"kid\", \"scope\", \"apiOpts\"]\n },\n \"ScopeByDefinition\": {\n \"type\": \"string\",\n \"enum\": [\"didr_invite\", \"didr_write\", \"tir_invite\", \"tir_write\", \"timestamp_write\", \"tnt_authorise\", \"tnt_create\", \"tnt_write\"]\n },\n \"EBSIScope\": {\n \"type\": \"string\",\n \"enum\": [\n \"didr_write\",\n \"didr_invite\",\n \"tir_write\",\n \"tir_invite\",\n \"timestamp_write\",\n \"tnt_authorise\",\n \"tnt_create\",\n \"tnt_write\",\n \"did_authn\"\n ],\n \"description\": \"The OpenID scope\"\n },\n \"Optional<ApiOpts,\\\"version\\\">\": {\n \"type\": \"object\",\n \"properties\": {\n \"environment\": {\n \"$ref\": \"#/components/schemas/EbsiEnvironment\"\n },\n \"version\": {\n \"$ref\": \"#/components/schemas/EbsiApiVersion\"\n }\n }\n },\n \"EbsiEnvironment\": {\n \"type\": \"string\",\n \"enum\": [\"pilot\", \"conformance\", \"conformance-test\"]\n },\n \"EbsiApiVersion\": {\n \"type\": \"string\",\n \"enum\": [\"v3\", \"v4\", \"v5\"]\n },\n \"GetAccessTokenResponse\": {\n \"anyOf\": [\n {\n \"$ref\": \"#/components/schemas/GetAccessTokenSuccessResponse\"\n },\n {\n \"$ref\": \"#/components/schemas/ExceptionResponse\"\n }\n ]\n },\n \"GetAccessTokenSuccessResponse\": {\n \"type\": \"object\",\n \"properties\": {\n \"access_token\": {\n \"type\": \"string\"\n },\n \"token_type\": {\n \"$ref\": \"#/components/schemas/TokenType\"\n },\n \"expires_in\": {\n \"type\": \"number\"\n },\n \"scope\": {\n \"$ref\": \"#/components/schemas/EBSIScope\"\n },\n \"id_token\": {\n \"type\": \"string\"\n },\n \"apiOpts\": {\n \"$ref\": \"#/components/schemas/ApiOpts\"\n }\n },\n \"required\": [\"access_token\", \"token_type\", \"scope\", \"id_token\", \"apiOpts\"]\n },\n \"TokenType\": {\n \"type\": \"string\",\n \"const\": \"Bearer\"\n },\n \"ApiOpts\": {\n \"type\": \"object\",\n \"properties\": {\n \"environment\": {\n \"$ref\": \"#/components/schemas/EbsiEnvironment\"\n },\n \"version\": {\n \"$ref\": \"#/components/schemas/EbsiApiVersion\"\n }\n },\n \"required\": [\"version\"]\n },\n \"ExceptionResponse\": {\n \"type\": \"object\",\n \"properties\": {\n \"type\": {\n \"type\": \"string\"\n },\n \"title\": {\n \"type\": \"string\"\n },\n \"status\": {\n \"type\": \"number\"\n },\n \"detail\": {\n \"type\": \"string\"\n },\n \"instance\": {\n \"type\": \"string\"\n }\n }\n },\n \"GetOIDProviderJwksResponse\": {\n \"anyOf\": [\n {\n \"$ref\": \"#/components/schemas/GetOIDProviderJwksSuccessResponse\"\n },\n {\n \"$ref\": \"#/components/schemas/ExceptionResponse\"\n }\n ]\n },\n \"GetOIDProviderJwksSuccessResponse\": {\n \"type\": \"object\",\n \"properties\": {\n \"keys\": {\n \"type\": \"array\",\n \"items\": {\n \"$ref\": \"#/components/schemas/JWK\"\n }\n }\n },\n \"required\": [\"keys\"]\n },\n \"JWK\": {\n \"type\": \"object\",\n \"properties\": {\n \"alg\": {\n \"type\": \"string\",\n \"description\": \"JWK \\\"alg\\\" (Algorithm) Parameter.\"\n },\n \"crv\": {\n \"type\": \"string\"\n },\n \"d\": {\n \"type\": \"string\"\n },\n \"dp\": {\n \"type\": \"string\"\n },\n \"dq\": {\n \"type\": \"string\"\n },\n \"e\": {\n \"type\": \"string\"\n },\n \"ext\": {\n \"type\": \"boolean\",\n \"description\": \"JWK \\\"ext\\\" (Extractable) Parameter.\"\n },\n \"k\": {\n \"type\": \"string\"\n },\n \"key_ops\": {\n \"type\": \"array\",\n \"items\": {\n \"type\": \"string\"\n },\n \"description\": \"JWK \\\"key_ops\\\" (Key Operations) Parameter.\"\n },\n \"kid\": {\n \"type\": \"string\",\n \"description\": \"JWK \\\"kid\\\" (Key ID) Parameter.\"\n },\n \"kty\": {\n \"type\": \"string\",\n \"description\": \"JWK \\\"kty\\\" (Key Type) Parameter.\"\n },\n \"n\": {\n \"type\": \"string\"\n },\n \"oth\": {\n \"type\": \"array\",\n \"items\": {\n \"type\": \"object\",\n \"properties\": {\n \"d\": {\n \"type\": \"string\"\n },\n \"r\": {\n \"type\": \"string\"\n },\n \"t\": {\n \"type\": \"string\"\n }\n }\n }\n },\n \"p\": {\n \"type\": \"string\"\n },\n \"q\": {\n \"type\": \"string\"\n },\n \"qi\": {\n \"type\": \"string\"\n },\n \"use\": {\n \"type\": \"string\",\n \"description\": \"JWK \\\"use\\\" (Public Key Use) Parameter.\"\n },\n \"x\": {\n \"type\": \"string\"\n },\n \"y\": {\n \"type\": \"string\"\n },\n \"x5c\": {\n \"type\": \"array\",\n \"items\": {\n \"type\": \"string\"\n },\n \"description\": \"JWK \\\"x5c\\\" (X.509 Certificate Chain) Parameter.\"\n },\n \"x5t\": {\n \"type\": \"string\",\n \"description\": \"JWK \\\"x5t\\\" (X.509 Certificate SHA-1 Thumbprint) Parameter.\"\n },\n \"x5t#S256\": {\n \"type\": \"string\",\n \"description\": \"\\\"x5t#S256\\\" (X.509 Certificate SHA-256 Thumbprint) Parameter.\"\n },\n \"x5u\": {\n \"type\": \"string\",\n \"description\": \"JWK \\\"x5u\\\" (X.509 URL) Parameter.\"\n }\n },\n \"additionalProperties\": {},\n \"description\": \"JSON Web Key ( {@link https://www.rfc-editor.org/rfc/rfc7517 | JWK } ). \\\"RSA\\\", \\\"EC\\\", \\\"OKP\\\", and \\\"oct\\\" key types are supported.\"\n },\n \"GetPresentationDefinitionArgs\": {\n \"type\": \"object\",\n \"properties\": {\n \"scope\": {\n \"$ref\": \"#/components/schemas/EBSIScope\"\n },\n \"apiOpts\": {\n \"$ref\": \"#/components/schemas/ApiOpts\"\n }\n },\n \"required\": [\"scope\"]\n },\n \"GetPresentationDefinitionResponse\": {\n \"$ref\": \"#/components/schemas/GetPresentationDefinitionSuccessResponse\"\n },\n \"GetPresentationDefinitionSuccessResponse\": {\n \"type\": \"object\",\n \"properties\": {\n \"format\": {\n \"$ref\": \"#/components/schemas/Format\"\n },\n \"id\": {\n \"type\": \"string\"\n },\n \"name\": {\n \"type\": \"string\"\n },\n \"purpose\": {\n \"type\": \"string\"\n },\n \"submission_requirements\": {\n \"type\": \"array\",\n \"items\": {\n \"$ref\": \"#/components/schemas/SubmissionRequirement\"\n }\n },\n \"input_descriptors\": {\n \"type\": \"array\",\n \"items\": {\n \"$ref\": \"#/components/schemas/InputDescriptorV2\"\n }\n },\n \"frame\": {\n \"type\": \"object\"\n }\n },\n \"required\": [\"id\", \"input_descriptors\"]\n },\n \"Format\": {\n \"type\": \"object\",\n \"properties\": {\n \"jwt\": {\n \"$ref\": \"#/components/schemas/JwtObject\"\n },\n \"jwt_vc\": {\n \"$ref\": \"#/components/schemas/JwtObject\"\n },\n \"jwt_vc_json\": {\n \"$ref\": \"#/components/schemas/JwtObject\"\n },\n \"jwt_vp\": {\n \"$ref\": \"#/components/schemas/JwtObject\"\n },\n \"jwt_vp_json\": {\n \"$ref\": \"#/components/schemas/JwtObject\"\n },\n \"ldp\": {\n \"$ref\": \"#/components/schemas/LdpObject\"\n },\n \"ldp_vc\": {\n \"$ref\": \"#/components/schemas/LdpObject\"\n },\n \"ldp_vp\": {\n \"$ref\": \"#/components/schemas/LdpObject\"\n },\n \"di\": {\n \"$ref\": \"#/components/schemas/DiObject\"\n },\n \"di_vc\": {\n \"$ref\": \"#/components/schemas/DiObject\"\n },\n \"di_vp\": {\n \"$ref\": \"#/components/schemas/DiObject\"\n },\n \"dc+sd-jwt\": {\n \"$ref\": \"#/components/schemas/SdJwtObject\"\n }\n }\n },\n \"JwtObject\": {\n \"type\": \"object\",\n \"properties\": {\n \"alg\": {\n \"type\": \"array\",\n \"items\": {\n \"type\": \"string\"\n }\n }\n },\n \"required\": [\"alg\"]\n },\n \"LdpObject\": {\n \"type\": \"object\",\n \"properties\": {\n \"proof_type\": {\n \"type\": \"array\",\n \"items\": {\n \"type\": \"string\"\n }\n }\n },\n \"required\": [\"proof_type\"]\n },\n \"DiObject\": {\n \"type\": \"object\",\n \"properties\": {\n \"proof_type\": {\n \"type\": \"array\",\n \"items\": {\n \"type\": \"string\"\n }\n },\n \"cryptosuite\": {\n \"type\": \"array\",\n \"items\": {\n \"type\": \"string\"\n }\n }\n },\n \"required\": [\"proof_type\", \"cryptosuite\"]\n },\n \"SdJwtObject\": {\n \"type\": \"object\",\n \"properties\": {\n \"sd-jwt_alg_values\": {\n \"type\": \"array\",\n \"items\": {\n \"type\": \"string\"\n }\n },\n \"kb-jwt_alg_values\": {\n \"type\": \"array\",\n \"items\": {\n \"type\": \"string\"\n }\n }\n }\n },\n \"SubmissionRequirement\": {\n \"type\": \"object\",\n \"properties\": {\n \"name\": {\n \"type\": \"string\"\n },\n \"purpose\": {\n \"type\": \"string\"\n },\n \"rule\": {\n \"$ref\": \"#/components/schemas/Rules\"\n },\n \"count\": {\n \"type\": \"number\"\n },\n \"min\": {\n \"type\": \"number\"\n },\n \"max\": {\n \"type\": \"number\"\n },\n \"from\": {\n \"type\": \"string\"\n },\n \"from_nested\": {\n \"type\": \"array\",\n \"items\": {\n \"$ref\": \"#/components/schemas/SubmissionRequirement\"\n }\n }\n },\n \"required\": [\"rule\"]\n },\n \"Rules\": {\n \"type\": \"string\",\n \"enum\": [\"all\", \"pick\"]\n },\n \"InputDescriptorV2\": {\n \"type\": \"object\",\n \"properties\": {\n \"id\": {\n \"type\": \"string\"\n },\n \"name\": {\n \"type\": \"string\"\n },\n \"purpose\": {\n \"type\": \"string\"\n },\n \"format\": {\n \"$ref\": \"#/components/schemas/Format\"\n },\n \"group\": {\n \"type\": \"array\",\n \"items\": {\n \"type\": \"string\"\n }\n },\n \"issuance\": {\n \"type\": \"array\",\n \"items\": {\n \"$ref\": \"#/components/schemas/Issuance\"\n }\n },\n \"constraints\": {\n \"$ref\": \"#/components/schemas/ConstraintsV2\"\n }\n },\n \"required\": [\"id\", \"constraints\"]\n },\n \"Issuance\": {\n \"type\": \"object\",\n \"properties\": {\n \"manifest\": {\n \"type\": \"string\"\n }\n },\n \"additionalProperties\": {}\n },\n \"ConstraintsV2\": {\n \"type\": \"object\",\n \"properties\": {\n \"limit_disclosure\": {\n \"$ref\": \"#/components/schemas/Optionality\"\n },\n \"statuses\": {\n \"$ref\": \"#/components/schemas/Statuses\"\n },\n \"fields\": {\n \"type\": \"array\",\n \"items\": {\n \"$ref\": \"#/components/schemas/FieldV2\"\n }\n },\n \"subject_is_issuer\": {\n \"$ref\": \"#/components/schemas/Optionality\"\n },\n \"is_holder\": {\n \"type\": \"array\",\n \"items\": {\n \"$ref\": \"#/components/schemas/HolderSubject\"\n }\n },\n \"same_subject\": {\n \"type\": \"array\",\n \"items\": {\n \"$ref\": \"#/components/schemas/HolderSubject\"\n }\n }\n }\n },\n \"Optionality\": {\n \"type\": \"string\",\n \"enum\": [\"required\", \"preferred\"]\n },\n \"Statuses\": {\n \"type\": \"object\",\n \"properties\": {\n \"active\": {\n \"$ref\": \"#/components/schemas/PdStatus\"\n },\n \"suspended\": {\n \"$ref\": \"#/components/schemas/PdStatus\"\n },\n \"revoked\": {\n \"$ref\": \"#/components/schemas/PdStatus\"\n }\n }\n },\n \"PdStatus\": {\n \"type\": \"object\",\n \"properties\": {\n \"directive\": {\n \"$ref\": \"#/components/schemas/Directives\"\n }\n }\n },\n \"Directives\": {\n \"type\": \"string\",\n \"enum\": [\"required\", \"allowed\", \"disallowed\"]\n },\n \"FieldV2\": {\n \"type\": \"object\",\n \"properties\": {\n \"id\": {\n \"type\": \"string\"\n },\n \"path\": {\n \"type\": \"array\",\n \"items\": {\n \"type\": \"string\"\n }\n },\n \"purpose\": {\n \"type\": \"string\"\n },\n \"filter\": {\n \"$ref\": \"#/components/schemas/FilterV2\"\n },\n \"predicate\": {\n \"$ref\": \"#/components/schemas/Optionality\"\n },\n \"name\": {\n \"type\": \"string\"\n },\n \"optional\": {\n \"type\": \"boolean\"\n }\n },\n \"required\": [\"path\"]\n },\n \"FilterV2\": {\n \"type\": \"object\",\n \"properties\": {\n \"const\": {\n \"$ref\": \"#/components/schemas/OneOfNumberStringBoolean\"\n },\n \"enum\": {\n \"type\": \"array\",\n \"items\": {\n \"$ref\": \"#/components/schemas/OneOfNumberStringBoolean\"\n }\n },\n \"exclusiveMinimum\": {\n \"$ref\": \"#/components/schemas/OneOfNumberString\"\n },\n \"exclusiveMaximum\": {\n \"$ref\": \"#/components/schemas/OneOfNumberString\"\n },\n \"format\": {\n \"type\": \"string\"\n },\n \"formatMaximum\": {\n \"type\": \"string\"\n },\n \"formatMinimum\": {\n \"type\": \"string\"\n },\n \"formatExclusiveMaximum\": {\n \"type\": \"string\"\n },\n \"formatExclusiveMinimum\": {\n \"type\": \"string\"\n },\n \"minLength\": {\n \"type\": \"number\"\n },\n \"maxLength\": {\n \"type\": \"number\"\n },\n \"minimum\": {\n \"$ref\": \"#/components/schemas/OneOfNumberString\"\n },\n \"maximum\": {\n \"$ref\": \"#/components/schemas/OneOfNumberString\"\n },\n \"not\": {\n \"type\": \"object\"\n },\n \"pattern\": {\n \"type\": \"string\"\n },\n \"type\": {\n \"type\": \"string\"\n },\n \"contains\": {\n \"$ref\": \"#/components/schemas/FilterV2Base\"\n },\n \"items\": {\n \"$ref\": \"#/components/schemas/FilterV2BaseItems\"\n }\n },\n \"required\": [\"type\"]\n },\n \"OneOfNumberStringBoolean\": {\n \"type\": [\"boolean\", \"number\", \"string\"]\n },\n \"OneOfNumberString\": {\n \"type\": [\"number\", \"string\"]\n },\n \"FilterV2Base\": {\n \"type\": \"object\",\n \"properties\": {\n \"const\": {\n \"$ref\": \"#/components/schemas/OneOfNumberStringBoolean\"\n },\n \"enum\": {\n \"type\": \"array\",\n \"items\": {\n \"$ref\": \"#/components/schemas/OneOfNumberStringBoolean\"\n }\n },\n \"exclusiveMinimum\": {\n \"$ref\": \"#/components/schemas/OneOfNumberString\"\n },\n \"exclusiveMaximum\": {\n \"$ref\": \"#/components/schemas/OneOfNumberString\"\n },\n \"format\": {\n \"type\": \"string\"\n },\n \"formatMaximum\": {\n \"type\": \"string\"\n },\n \"formatMinimum\": {\n \"type\": \"string\"\n },\n \"formatExclusiveMaximum\": {\n \"type\": \"string\"\n },\n \"formatExclusiveMinimum\": {\n \"type\": \"string\"\n },\n \"minLength\": {\n \"type\": \"number\"\n },\n \"maxLength\": {\n \"type\": \"number\"\n },\n \"minimum\": {\n \"$ref\": \"#/components/schemas/OneOfNumberString\"\n },\n \"maximum\": {\n \"$ref\": \"#/components/schemas/OneOfNumberString\"\n },\n \"not\": {\n \"type\": \"object\"\n },\n \"pattern\": {\n \"type\": \"string\"\n },\n \"type\": {\n \"type\": \"string\"\n },\n \"contains\": {\n \"$ref\": \"#/components/schemas/FilterV2Base\"\n },\n \"items\": {\n \"$ref\": \"#/components/schemas/FilterV2BaseItems\"\n }\n }\n },\n \"FilterV2BaseItems\": {\n \"type\": \"object\",\n \"properties\": {\n \"const\": {\n \"$ref\": \"#/components/schemas/OneOfNumberStringBoolean\"\n },\n \"enum\": {\n \"type\": \"array\",\n \"items\": {\n \"$ref\": \"#/components/schemas/OneOfNumberStringBoolean\"\n }\n },\n \"exclusiveMinimum\": {\n \"$ref\": \"#/components/schemas/OneOfNumberString\"\n },\n \"exclusiveMaximum\": {\n \"$ref\": \"#/components/schemas/OneOfNumberString\"\n },\n \"format\": {\n \"type\": \"string\"\n },\n \"formatMaximum\": {\n \"type\": \"string\"\n },\n \"formatMinimum\": {\n \"type\": \"string\"\n },\n \"formatExclusiveMaximum\": {\n \"type\": \"string\"\n },\n \"formatExclusiveMinimum\": {\n \"type\": \"string\"\n },\n \"minLength\": {\n \"type\": \"number\"\n },\n \"maxLength\": {\n \"type\": \"number\"\n },\n \"minimum\": {\n \"$ref\": \"#/components/schemas/OneOfNumberString\"\n },\n \"maximum\": {\n \"$ref\": \"#/components/schemas/OneOfNumberString\"\n },\n \"not\": {\n \"type\": \"object\"\n },\n \"pattern\": {\n \"type\": \"string\"\n },\n \"type\": {\n \"type\": \"string\"\n },\n \"contains\": {\n \"$ref\": \"#/components/schemas/FilterV2Base\"\n },\n \"items\": {\n \"$ref\": \"#/components/schemas/FilterV2BaseItems\"\n }\n },\n \"required\": [\"type\"]\n },\n \"HolderSubject\": {\n \"type\": \"object\",\n \"properties\": {\n \"field_id\": {\n \"type\": \"array\",\n \"items\": {\n \"type\": \"string\"\n }\n },\n \"directive\": {\n \"$ref\": \"#/components/schemas/Optionality\"\n }\n },\n \"required\": [\"field_id\", \"directive\"]\n },\n \"GetOIDProviderMetadataResponse\": {\n \"$ref\": \"#/components/schemas/EbsiOpenIDMetadata\"\n },\n \"EbsiOpenIDMetadata\": {\n \"anyOf\": [\n {\n \"type\": \"object\",\n \"properties\": {\n \"presentation_definition_endpoint\": {\n \"type\": \"string\"\n },\n \"authorization_endpoint\": {\n \"anyOf\": [\n {\n \"$ref\": \"#/components/schemas/Schema\"\n },\n {\n \"type\": \"string\"\n }\n ]\n },\n \"issuer\": {\n \"anyOf\": [\n {\n \"$ref\": \"#/components/schemas/ResponseIss\"\n },\n {\n \"type\": \"string\"\n }\n ]\n },\n \"response_types_supported\": {\n \"anyOf\": [\n {\n \"type\": \"array\",\n \"items\": {\n \"$ref\": \"#/components/schemas/ResponseType\"\n }\n },\n {\n \"$ref\": \"#/components/schemas/ResponseType\"\n }\n ]\n },\n \"scopes_supported\": {\n \"anyOf\": [\n {\n \"type\": \"array\",\n \"items\": {\n \"$ref\": \"#/components/schemas/Scope\"\n }\n },\n {\n \"$ref\": \"#/components/schemas/Scope\"\n }\n ]\n },\n \"subject_types_supported\": {\n \"anyOf\": [\n {\n \"type\": \"array\",\n \"items\": {\n \"$ref\": \"#/components/schemas/SubjectType\"\n }\n },\n {\n \"$ref\": \"#/components/schemas/SubjectType\"\n }\n ]\n },\n \"id_token_signing_alg_values_supported\": {\n \"anyOf\": [\n {\n \"type\": \"array\",\n \"items\": {\n \"$ref\": \"#/components/schemas/SigningAlgo\"\n }\n },\n {\n \"$ref\": \"#/components/schemas/SigningAlgo\"\n }\n ]\n },\n \"request_object_signing_alg_values_supported\": {\n \"anyOf\": [\n {\n \"type\": \"array\",\n \"items\": {\n \"$ref\": \"#/components/schemas/SigningAlgo\"\n }\n },\n {\n \"$ref\": \"#/components/schemas/SigningAlgo\"\n }\n ]\n },\n \"subject_syntax_types_supported\": {\n \"type\": \"array\",\n \"items\": {\n \"type\": \"string\"\n }\n },\n \"token_endpoint\": {\n \"type\": \"string\"\n },\n \"userinfo_endpoint\": {\n \"type\": \"string\"\n },\n \"jwks_uri\": {\n \"type\": \"string\"\n },\n \"registration_endpoint\": {\n \"type\": \"string\"\n },\n \"response_modes_supported\": {\n \"anyOf\": [\n {\n \"type\": \"array\",\n \"items\": {\n \"$ref\": \"#/components/schemas/ResponseMode\"\n }\n },\n {\n \"$ref\": \"#/components/schemas/ResponseMode\"\n }\n ]\n },\n \"grant_types_supported\": {\n \"anyOf\": [\n {\n \"type\": \"array\",\n \"items\": {\n \"$ref\": \"#/components/schemas/GrantType\"\n }\n },\n {\n \"$ref\": \"#/components/schemas/GrantType\"\n }\n ]\n },\n \"acr_values_supported\": {\n \"anyOf\": [\n {\n \"type\": \"array\",\n \"items\": {\n \"$ref\": \"#/components/schemas/AuthenticationContextReferences\"\n }\n },\n {\n \"$ref\": \"#/components/schemas/AuthenticationContextReferences\"\n }\n ]\n },\n \"id_token_encryption_alg_values_supported\": {\n \"anyOf\": [\n {\n \"type\": \"array\",\n \"items\": {\n \"$ref\": \"#/components/schemas/SigningAlgo\"\n }\n },\n {\n \"$ref\": \"#/components/schemas/SigningAlgo\"\n }\n ]\n },\n \"id_token_encryption_enc_values_supported\": {\n \"anyOf\": [\n {\n \"type\": \"array\",\n \"items\": {\n \"type\": \"string\"\n }\n },\n {\n \"type\": \"string\"\n }\n ],\n \"description\": \"OPTIONAL. JSON array containing a list of the JWE encryption algorithms (enc values) supported by the OP for the ID Token to encode the Claims in a JWT [JWT].\"\n },\n \"userinfo_signing_alg_values_supported\": {\n \"anyOf\": [\n {\n \"type\": \"array\",\n \"items\": {\n \"$ref\": \"#/components/schemas/SigningAlgo\"\n }\n },\n {\n \"$ref\": \"#/components/schemas/SigningAlgo\"\n }\n ]\n },\n \"userinfo_encryption_alg_values_supported\": {\n \"anyOf\": [\n {\n \"type\": \"array\",\n \"items\": {\n \"$ref\": \"#/components/schemas/SigningAlgo\"\n }\n },\n {\n \"$ref\": \"#/components/schemas/SigningAlgo\"\n }\n ]\n },\n \"userinfo_encryption_enc_values_supported\": {\n \"anyOf\": [\n {\n \"type\": \"array\",\n \"items\": {\n \"type\": \"string\"\n }\n },\n {\n \"type\": \"string\"\n }\n ],\n \"description\": \"OPTIONAL. JSON array containing a list of the JWE encryption algorithms (enc values) [JWA] supported by the UserInfo Endpoint to encode the Claims in a JWT [JWT].\"\n },\n \"request_object_encryption_alg_values_supported\": {\n \"anyOf\": [\n {\n \"type\": \"array\",\n \"items\": {\n \"$ref\": \"#/components/schemas/SigningAlgo\"\n }\n },\n {\n \"$ref\": \"#/components/schemas/SigningAlgo\"\n }\n ]\n },\n \"request_object_encryption_enc_values_supported\": {\n \"anyOf\": [\n {\n \"type\": \"array\",\n \"items\": {\n \"type\": \"string\"\n }\n },\n {\n \"type\": \"string\"\n }\n ],\n \"description\": \"OPTIONAL. JSON array containing a list of the JWE encryption algorithms (enc values) supported by the OP for Request Objects. These algorithms are used both when the Request Object is passed by value and when it is passed by reference.\"\n },\n \"token_endpoint_auth_methods_supported\": {\n \"anyOf\": [\n {\n \"type\": \"array\",\n \"items\": {\n \"$ref\": \"#/components/schemas/TokenEndpointAuthMethod\"\n }\n },\n {\n \"$ref\": \"#/components/schemas/TokenEndpointAuthMethod\"\n }\n ]\n },\n \"token_endpoint_auth_signing_alg_values_supported\": {\n \"anyOf\": [\n {\n \"type\": \"array\",\n \"items\": {\n \"$ref\": \"#/components/schemas/SigningAlgo\"\n }\n },\n {\n \"$ref\": \"#/components/schemas/SigningAlgo\"\n }\n ]\n },\n \"display_values_supported\": {\n \"anyOf\": [\n {\n \"type\": \"array\",\n \"items\": {}\n },\n {}\n ],\n \"description\": \"OPTIONAL. JSON array containing a list of the display parameter values that the OpenID Provider supports. These values are described in Section 3.1.2.1 of OpenID Connect Core 1.0 [OpenID.Core].\"\n },\n \"claim_types_supported\": {\n \"anyOf\": [\n {\n \"type\": \"array\",\n \"items\": {\n \"$ref\": \"#/components/schemas/ClaimType\"\n }\n },\n {\n \"$ref\": \"#/components/schemas/ClaimType\"\n }\n ],\n \"description\": \"OPTIONAL. JSON array containing a list of the Claim Types that the OpenID Provider supports. These Claim Types are described in Section 5.6 of OpenID Connect Core 1.0 [OpenID.Core]. Values defined by this specification are normal, aggregated, and distributed. If omitted, the implementation supports only normal Claims.\"\n },\n \"claims_supported\": {\n \"anyOf\": [\n {\n \"type\": \"array\",\n \"items\": {\n \"type\": \"string\"\n }\n },\n {\n \"type\": \"string\"\n }\n ],\n \"description\": \"RECOMMENDED. JSON array containing a list of the Claim Names of the Claims that the OpenID Provider MAY be able to supply values for. Note that for privacy or other reasons, this might not be an exhaustive list.\"\n },\n \"service_documentation\": {\n \"type\": \"string\"\n },\n \"claims_locales_supported\": {\n \"anyOf\": [\n {\n \"type\": \"array\",\n \"items\": {\n \"type\": \"string\"\n }\n },\n {\n \"type\": \"string\"\n }\n ]\n },\n \"ui_locales_supported\": {\n \"anyOf\": [\n {\n \"type\": \"array\",\n \"items\": {\n \"type\": \"string\"\n }\n },\n {\n \"type\": \"string\"\n }\n ]\n },\n \"claims_parameter_supported\": {\n \"type\": \"boolean\"\n },\n \"request_parameter_supported\": {\n \"type\": \"boolean\"\n },\n \"request_uri_parameter_supported\": {\n \"type\": \"boolean\"\n },\n \"require_request_uri_registration\": {\n \"type\": \"boolean\"\n },\n \"op_policy_uri\": {\n \"type\": \"string\"\n },\n \"op_tos_uri\": {\n \"type\": \"string\"\n },\n \"client_id\": {\n \"type\": \"string\"\n },\n \"redirect_uris\": {\n \"type\": \"array\",\n \"items\": {\n \"type\": \"string\"\n }\n },\n \"client_name\": {\n \"type\": \"string\"\n },\n \"token_endpoint_auth_method\": {\n \"type\": \"string\"\n },\n \"application_type\": {\n \"type\": \"string\"\n },\n \"response_types\": {\n \"type\": \"string\"\n },\n \"grant_types\": {\n \"type\": \"string\"\n },\n \"vp_formats\": {\n \"$ref\": \"#/components/schemas/Format\"\n }\n }\n },\n {\n \"type\": \"object\",\n \"properties\": {\n \"presentation_definition_endpoint\": {\n \"type\": \"string\"\n },\n \"authorization_endpoint\": {\n \"anyOf\": [\n {\n \"$ref\": \"#/components/schemas/Schema\"\n },\n {\n \"type\": \"string\"\n }\n ]\n },\n \"issuer\": {\n \"anyOf\": [\n {\n \"$ref\": \"#/components/schemas/ResponseIss\"\n },\n {\n \"type\": \"string\"\n }\n ]\n },\n \"response_types_supported\": {\n \"anyOf\": [\n {\n \"type\": \"array\",\n \"items\": {\n \"$ref\": \"#/components/schemas/ResponseType\"\n }\n },\n {\n \"$ref\": \"#/components/schemas/ResponseType\"\n }\n ]\n },\n \"scopes_supported\": {\n \"anyOf\": [\n {\n \"type\": \"array\",\n \"items\": {\n \"$ref\": \"#/components/schemas/Scope\"\n }\n },\n {\n \"$ref\": \"#/components/schemas/Scope\"\n }\n ]\n },\n \"subject_types_supported\": {\n \"anyOf\": [\n {\n \"type\": \"array\",\n \"items\": {\n \"$ref\": \"#/components/schemas/SubjectType\"\n }\n },\n {\n \"$ref\": \"#/components/schemas/SubjectType\"\n }\n ]\n },\n \"id_token_signing_alg_values_supported\": {\n \"anyOf\": [\n {\n \"type\": \"array\",\n \"items\": {\n \"$ref\": \"#/components/schemas/SigningAlgo\"\n }\n },\n {\n \"$ref\": \"#/components/schemas/SigningAlgo\"\n }\n ]\n },\n \"request_object_signing_alg_values_supported\": {\n \"anyOf\": [\n {\n \"type\": \"array\",\n \"items\": {\n \"$ref\": \"#/components/schemas/SigningAlgo\"\n }\n },\n {\n \"$ref\": \"#/components/schemas/SigningAlgo\"\n }\n ]\n },\n \"subject_syntax_types_supported\": {\n \"type\": \"array\",\n \"items\": {\n \"type\": \"string\"\n }\n },\n \"token_endpoint\": {\n \"type\": \"string\"\n },\n \"userinfo_endpoint\": {\n \"type\": \"string\"\n },\n \"jwks_uri\": {\n \"type\": \"string\"\n },\n \"registration_endpoint\": {\n \"type\": \"string\"\n },\n \"response_modes_supported\": {\n \"anyOf\": [\n {\n \"type\": \"array\",\n \"items\": {\n \"$ref\": \"#/components/schemas/ResponseMode\"\n }\n },\n {\n \"$ref\": \"#/components/schemas/ResponseMode\"\n }\n ]\n },\n \"grant_types_supported\": {\n \"anyOf\": [\n {\n \"type\": \"array\",\n \"items\": {\n \"$ref\": \"#/components/schemas/GrantType\"\n }\n },\n {\n \"$ref\": \"#/components/schemas/GrantType\"\n }\n ]\n },\n \"acr_values_supported\": {\n \"anyOf\": [\n {\n \"type\": \"array\",\n \"items\": {\n \"$ref\": \"#/components/schemas/AuthenticationContextReferences\"\n }\n },\n {\n \"$ref\": \"#/components/schemas/AuthenticationContextReferences\"\n }\n ]\n },\n \"id_token_encryption_alg_values_supported\": {\n \"anyOf\": [\n {\n \"type\": \"array\",\n \"items\": {\n \"$ref\": \"#/components/schemas/SigningAlgo\"\n }\n },\n {\n \"$ref\": \"#/components/schemas/SigningAlgo\"\n }\n ]\n },\n \"id_token_encryption_enc_values_supported\": {\n \"anyOf\": [\n {\n \"type\": \"array\",\n \"items\": {\n \"type\": \"string\"\n }\n },\n {\n \"type\": \"string\"\n }\n ],\n \"description\": \"OPTIONAL. JSON array containing a list of the JWE encryption algorithms (enc values) supported by the OP for the ID Token to encode the Claims in a JWT [JWT].\"\n },\n \"userinfo_signing_alg_values_supported\": {\n \"anyOf\": [\n {\n \"type\": \"array\",\n \"items\": {\n \"$ref\": \"#/components/schemas/SigningAlgo\"\n }\n },\n {\n \"$ref\": \"#/components/schemas/SigningAlgo\"\n }\n ]\n },\n \"userinfo_encryption_alg_values_supported\": {\n \"anyOf\": [\n {\n \"type\": \"array\",\n \"items\": {\n \"$ref\": \"#/components/schemas/SigningAlgo\"\n }\n },\n {\n \"$ref\": \"#/components/schemas/SigningAlgo\"\n }\n ]\n },\n \"userinfo_encryption_enc_values_supported\": {\n \"anyOf\": [\n {\n \"type\": \"array\",\n \"items\": {\n \"type\": \"string\"\n }\n },\n {\n \"type\": \"string\"\n }\n ],\n \"description\": \"OPTIONAL. JSON array containing a list of the JWE encryption algorithms (enc values) [JWA] supported by the UserInfo Endpoint to encode the Claims in a JWT [JWT].\"\n },\n \"request_object_encryption_alg_values_supported\": {\n \"anyOf\": [\n {\n \"type\": \"array\",\n \"items\": {\n \"$ref\": \"#/components/schemas/SigningAlgo\"\n }\n },\n {\n \"$ref\": \"#/components/schemas/SigningAlgo\"\n }\n ]\n },\n \"request_object_encryption_enc_values_supported\": {\n \"anyOf\": [\n {\n \"type\": \"array\",\n \"items\": {\n \"type\": \"string\"\n }\n },\n {\n \"type\": \"string\"\n }\n ],\n \"description\": \"OPTIONAL. JSON array containing a list of the JWE encryption algorithms (enc values) supported by the OP for Request Objects. These algorithms are used both when the Request Object is passed by value and when it is passed by reference.\"\n },\n \"token_endpoint_auth_methods_supported\": {\n \"anyOf\": [\n {\n \"type\": \"array\",\n \"items\": {\n \"$ref\": \"#/components/schemas/TokenEndpointAuthMethod\"\n }\n },\n {\n \"$ref\": \"#/components/schemas/TokenEndpointAuthMethod\"\n }\n ]\n },\n \"token_endpoint_auth_signing_alg_values_supported\": {\n \"anyOf\": [\n {\n \"type\": \"array\",\n \"items\": {\n \"$ref\": \"#/components/schemas/SigningAlgo\"\n }\n },\n {\n \"$ref\": \"#/components/schemas/SigningAlgo\"\n }\n ]\n },\n \"display_values_supported\": {\n \"anyOf\": [\n {\n \"type\": \"array\",\n \"items\": {}\n },\n {}\n ],\n \"description\": \"OPTIONAL. JSON array containing a list of the display parameter values that the OpenID Provider supports. These values are described in Section 3.1.2.1 of OpenID Connect Core 1.0 [OpenID.Core].\"\n },\n \"claim_types_supported\": {\n \"anyOf\": [\n {\n \"type\": \"array\",\n \"items\": {\n \"$ref\": \"#/components/schemas/ClaimType\"\n }\n },\n {\n \"$ref\": \"#/components/schemas/ClaimType\"\n }\n ],\n \"description\": \"OPTIONAL. JSON array containing a list of the Claim Types that the OpenID Provider supports. These Claim Types are described in Section 5.6 of OpenID Connect Core 1.0 [OpenID.Core]. Values defined by this specification are normal, aggregated, and distributed. If omitted, the implementation supports only normal Claims.\"\n },\n \"claims_supported\": {\n \"anyOf\": [\n {\n \"type\": \"array\",\n \"items\": {\n \"type\": \"string\"\n }\n },\n {\n \"type\": \"string\"\n }\n ],\n \"description\": \"RECOMMENDED. JSON array containing a list of the Claim Names of the Claims that the OpenID Provider MAY be able to supply values for. Note that for privacy or other reasons, this might not be an exhaustive list.\"\n },\n \"service_documentation\": {\n \"type\": \"string\"\n },\n \"claims_locales_supported\": {\n \"anyOf\": [\n {\n \"type\": \"array\",\n \"items\": {\n \"type\": \"string\"\n }\n },\n {\n \"type\": \"string\"\n }\n ]\n },\n \"ui_locales_supported\": {\n \"anyOf\": [\n {\n \"type\": \"array\",\n \"items\": {\n \"type\": \"string\"\n }\n },\n {\n \"type\": \"string\"\n }\n ]\n },\n \"claims_parameter_supported\": {\n \"type\": \"boolean\"\n },\n \"request_parameter_supported\": {\n \"type\": \"boolean\"\n },\n \"request_uri_parameter_supported\": {\n \"type\": \"boolean\"\n },\n \"require_request_uri_registration\": {\n \"type\": \"boolean\"\n },\n \"op_policy_uri\": {\n \"type\": \"string\"\n },\n \"op_tos_uri\": {\n \"type\": \"string\"\n },\n \"client_id\": {\n \"type\": \"string\"\n },\n \"redirect_uris\": {\n \"type\": \"array\",\n \"items\": {\n \"type\": \"string\"\n }\n },\n \"client_name\": {\n \"type\": \"string\"\n },\n \"token_endpoint_auth_method\": {\n \"type\": \"string\"\n },\n \"application_type\": {\n \"type\": \"string\"\n },\n \"response_types\": {\n \"type\": \"string\"\n },\n \"grant_types\": {\n \"type\": \"string\"\n },\n \"vp_formats\": {\n \"$ref\": \"#/components/schemas/Format\"\n },\n \"logo_uri\": {\n \"type\": \"string\"\n },\n \"client_purpose\": {\n \"type\": \"string\"\n }\n }\n },\n {\n \"type\": \"object\",\n \"properties\": {\n \"presentation_definition_endpoint\": {\n \"type\": \"string\"\n },\n \"authorization_endpoint\": {\n \"anyOf\": [\n {\n \"$ref\": \"#/components/schemas/Schema\"\n },\n {\n \"type\": \"string\"\n }\n ]\n },\n \"issuer\": {\n \"anyOf\": [\n {\n \"$ref\": \"#/components/schemas/ResponseIss\"\n },\n {\n \"type\": \"string\"\n }\n ]\n },\n \"response_types_supported\": {\n \"anyOf\": [\n {\n \"type\": \"array\",\n \"items\": {\n \"$ref\": \"#/components/schemas/ResponseType\"\n }\n },\n {\n \"$ref\": \"#/components/schemas/ResponseType\"\n }\n ]\n },\n \"scopes_supported\": {\n \"anyOf\": [\n {\n \"type\": \"array\",\n \"items\": {\n \"$ref\": \"#/components/schemas/Scope\"\n }\n },\n {\n \"$ref\": \"#/components/schemas/Scope\"\n }\n ]\n },\n \"subject_types_supported\": {\n \"anyOf\": [\n {\n \"type\": \"array\",\n \"items\": {\n \"$ref\": \"#/components/schemas/SubjectType\"\n }\n },\n {\n \"$ref\": \"#/components/schemas/SubjectType\"\n }\n ]\n },\n \"id_token_signing_alg_values_supported\": {\n \"anyOf\": [\n {\n \"type\": \"array\",\n \"items\": {\n \"$ref\": \"#/components/schemas/SigningAlgo\"\n }\n },\n {\n \"$ref\": \"#/components/schemas/SigningAlgo\"\n }\n ]\n },\n \"request_object_signing_alg_values_supported\": {\n \"anyOf\": [\n {\n \"type\": \"array\",\n \"items\": {\n \"$ref\": \"#/components/schemas/SigningAlgo\"\n }\n },\n {\n \"$ref\": \"#/components/schemas/SigningAlgo\"\n }\n ]\n },\n \"subject_syntax_types_supported\": {\n \"type\": \"array\",\n \"items\": {\n \"type\": \"string\"\n }\n },\n \"token_endpoint\": {\n \"type\": \"string\"\n },\n \"userinfo_endpoint\": {\n \"type\": \"string\"\n },\n \"jwks_uri\": {\n \"type\": \"string\"\n },\n \"registration_endpoint\": {\n \"type\": \"string\"\n },\n \"response_modes_supported\": {\n \"anyOf\": [\n {\n \"type\": \"array\",\n \"items\": {\n \"$ref\": \"#/components/schemas/ResponseMode\"\n }\n },\n {\n \"$ref\": \"#/components/schemas/ResponseMode\"\n }\n ]\n },\n \"grant_types_supported\": {\n \"anyOf\": [\n {\n \"type\": \"array\",\n \"items\": {\n \"$ref\": \"#/components/schemas/GrantType\"\n }\n },\n {\n \"$ref\": \"#/components/schemas/GrantType\"\n }\n ]\n },\n \"acr_values_supported\": {\n \"anyOf\": [\n {\n \"type\": \"array\",\n \"items\": {\n \"$ref\": \"#/components/schemas/AuthenticationContextReferences\"\n }\n },\n {\n \"$ref\": \"#/components/schemas/AuthenticationContextReferences\"\n }\n ]\n },\n \"id_token_encryption_alg_values_supported\": {\n \"anyOf\": [\n {\n \"type\": \"array\",\n \"items\": {\n \"$ref\": \"#/components/schemas/SigningAlgo\"\n }\n },\n {\n \"$ref\": \"#/components/schemas/SigningAlgo\"\n }\n ]\n },\n \"id_token_encryption_enc_values_supported\": {\n \"anyOf\": [\n {\n \"type\": \"array\",\n \"items\": {\n \"type\": \"string\"\n }\n },\n {\n \"type\": \"string\"\n }\n ],\n \"description\": \"OPTIONAL. JSON array containing a list of the JWE encryption algorithms (enc values) supported by the OP for the ID Token to encode the Claims in a JWT [JWT].\"\n },\n \"userinfo_signing_alg_values_supported\": {\n \"anyOf\": [\n {\n \"type\": \"array\",\n \"items\": {\n \"$ref\": \"#/components/schemas/SigningAlgo\"\n }\n },\n {\n \"$ref\": \"#/components/schemas/SigningAlgo\"\n }\n ]\n },\n \"userinfo_encryption_alg_values_supported\": {\n \"anyOf\": [\n {\n \"type\": \"array\",\n \"items\": {\n \"$ref\": \"#/components/schemas/SigningAlgo\"\n }\n },\n {\n \"$ref\": \"#/components/schemas/SigningAlgo\"\n }\n ]\n },\n \"userinfo_encryption_enc_values_supported\": {\n \"anyOf\": [\n {\n \"type\": \"array\",\n \"items\": {\n \"type\": \"string\"\n }\n },\n {\n \"type\": \"string\"\n }\n ],\n \"description\": \"OPTIONAL. JSON array containing a list of the JWE encryption algorithms (enc values) [JWA] supported by the UserInfo Endpoint to encode the Claims in a JWT [JWT].\"\n },\n \"request_object_encryption_alg_values_supported\": {\n \"anyOf\": [\n {\n \"type\": \"array\",\n \"items\": {\n \"$ref\": \"#/components/schemas/SigningAlgo\"\n }\n },\n {\n \"$ref\": \"#/components/schemas/SigningAlgo\"\n }\n ]\n },\n \"request_object_encryption_enc_values_supported\": {\n \"anyOf\": [\n {\n \"type\": \"array\",\n \"items\": {\n \"type\": \"string\"\n }\n },\n {\n \"type\": \"string\"\n }\n ],\n \"description\": \"OPTIONAL. JSON array containing a list of the JWE encryption algorithms (enc values) supported by the OP for Request Objects. These algorithms are used both when the Request Object is passed by value and when it is passed by reference.\"\n },\n \"token_endpoint_auth_methods_supported\": {\n \"anyOf\": [\n {\n \"type\": \"array\",\n \"items\": {\n \"$ref\": \"#/components/schemas/TokenEndpointAuthMethod\"\n }\n },\n {\n \"$ref\": \"#/components/schemas/TokenEndpointAuthMethod\"\n }\n ]\n },\n \"token_endpoint_auth_signing_alg_values_supported\": {\n \"anyOf\": [\n {\n \"type\": \"array\",\n \"items\": {\n \"$ref\": \"#/components/schemas/SigningAlgo\"\n }\n },\n {\n \"$ref\": \"#/components/schemas/SigningAlgo\"\n }\n ]\n },\n \"display_values_supported\": {\n \"anyOf\": [\n {\n \"type\": \"array\",\n \"items\": {}\n },\n {}\n ],\n \"description\": \"OPTIONAL. JSON array containing a list of the display parameter values that the OpenID Provider supports. These values are described in Section 3.1.2.1 of OpenID Connect Core 1.0 [OpenID.Core].\"\n },\n \"claim_types_supported\": {\n \"anyOf\": [\n {\n \"type\": \"array\",\n \"items\": {\n \"$ref\": \"#/components/schemas/ClaimType\"\n }\n },\n {\n \"$ref\": \"#/components/schemas/ClaimType\"\n }\n ],\n \"description\": \"OPTIONAL. JSON array containing a list of the Claim Types that the OpenID Provider supports. These Claim Types are described in Section 5.6 of OpenID Connect Core 1.0 [OpenID.Core]. Values defined by this specification are normal, aggregated, and distributed. If omitted, the implementation supports only normal Claims.\"\n },\n \"claims_supported\": {\n \"anyOf\": [\n {\n \"type\": \"array\",\n \"items\": {\n \"type\": \"string\"\n }\n },\n {\n \"type\": \"string\"\n }\n ],\n \"description\": \"RECOMMENDED. JSON array containing a list of the Claim Names of the Claims that the OpenID Provider MAY be able to supply values for. Note that for privacy or other reasons, this might not be an exhaustive list.\"\n },\n \"service_documentation\": {\n \"type\": \"string\"\n },\n \"claims_locales_supported\": {\n \"anyOf\": [\n {\n \"type\": \"array\",\n \"items\": {\n \"type\": \"string\"\n }\n },\n {\n \"type\": \"string\"\n }\n ]\n },\n \"ui_locales_supported\": {\n \"anyOf\": [\n {\n \"type\": \"array\",\n \"items\": {\n \"type\": \"string\"\n }\n },\n {\n \"type\": \"string\"\n }\n ]\n },\n \"claims_parameter_supported\": {\n \"type\": \"boolean\"\n },\n \"request_parameter_supported\": {\n \"type\": \"boolean\"\n },\n \"request_uri_parameter_supported\": {\n \"type\": \"boolean\"\n },\n \"require_request_uri_registration\": {\n \"type\": \"boolean\"\n },\n \"op_policy_uri\": {\n \"type\": \"string\"\n },\n \"op_tos_uri\": {\n \"type\": \"string\"\n },\n \"id_token_types_supported\": {\n \"anyOf\": [\n {\n \"type\": \"array\",\n \"items\": {\n \"$ref\": \"#/components/schemas/IdTokenType\"\n }\n },\n {\n \"$ref\": \"#/components/schemas/IdTokenType\"\n }\n ]\n },\n \"vp_formats_supported\": {\n \"$ref\": \"#/components/schemas/Format\"\n }\n }\n }\n ]\n },\n \"Schema\": {\n \"type\": \"string\",\n \"enum\": [\"openid:\", \"openid-vc:\"]\n },\n \"ResponseIss\": {\n \"type\": \"string\",\n \"enum\": [\"https://self-issued.me\", \"https://self-issued.me/v2\", \"https://self-issued.me/v2/openid-vc\"]\n },\n \"ResponseType\": {\n \"type\": \"string\",\n \"enum\": [\"id_token\", \"vp_token\"]\n },\n \"Scope\": {\n \"type\": \"string\",\n \"enum\": [\"openid\", \"openid did_authn\", \"profile\", \"email\", \"address\", \"phone\"]\n },\n \"SubjectType\": {\n \"type\": \"string\",\n \"enum\": [\"public\", \"pairwise\"]\n },\n \"SigningAlgo\": {\n \"type\": \"string\",\n \"enum\": [\"EdDSA\", \"RS256\", \"PS256\", \"ES256\", \"ES256K\"]\n },\n \"ResponseMode\": {\n \"type\": \"string\",\n \"enum\": [\"fragment\", \"form_post\", \"post\", \"direct_post\", \"query\"]\n },\n \"GrantType\": {\n \"type\": \"string\",\n \"enum\": [\"authorization_code\", \"implicit\"]\n },\n \"AuthenticationContextReferences\": {\n \"type\": \"string\",\n \"enum\": [\"phr\", \"phrh\"]\n },\n \"TokenEndpointAuthMethod\": {\n \"type\": \"string\",\n \"enum\": [\"client_secret_post\", \"client_secret_basic\", \"client_secret_jwt\", \"private_key_jwt\"]\n },\n \"ClaimType\": {\n \"type\": \"string\",\n \"enum\": [\"normal\", \"aggregated\", \"distributed\"]\n },\n \"IdTokenType\": {\n \"type\": \"string\",\n \"enum\": [\"subject_signed\", \"attester_signed\"]\n }\n },\n \"methods\": {\n \"ebsiAccessTokenGet\": {\n \"description\": \"\",\n \"arguments\": {\n \"$ref\": \"#/components/schemas/EBSIAuthAccessTokenGetArgs\"\n },\n \"returnType\": {\n \"$ref\": \"#/components/schemas/GetAccessTokenResponse\"\n }\n },\n \"ebsiAuthorizationServerJwks\": {\n \"description\": \"\",\n \"arguments\": {\n \"$ref\": \"#/components/schemas/ApiOpts\"\n },\n \"returnType\": {\n \"$ref\": \"#/components/schemas/GetOIDProviderJwksResponse\"\n }\n },\n \"ebsiPresentationDefinitionGet\": {\n \"description\": \"\",\n \"arguments\": {\n \"$ref\": \"#/components/schemas/GetPresentationDefinitionArgs\"\n },\n \"returnType\": {\n \"$ref\": \"#/components/schemas/GetPresentationDefinitionResponse\"\n }\n },\n \"ebsiWellknownMetadata\": {\n \"description\": \"\",\n \"arguments\": {\n \"$ref\": \"#/components/schemas/ApiOpts\"\n },\n \"returnType\": {\n \"$ref\": \"#/components/schemas/GetOIDProviderMetadataResponse\"\n }\n }\n }\n }\n }\n}\n","import { Loggers } from '@sphereon/ssi-types'\n\nexport const logger = Loggers.DEFAULT.get('sphereon:mdoc')\nconst schema = require('../plugin.schema.json')\nexport { schema }\nexport { MDLMdoc, mdocSupportMethods } from './agent/mDLMdoc'\nexport * from './types/ImDLMdoc'\nexport * from './functions'\n","import mdocPkg from '@sphereon/kmp-mdoc-core'\nconst { com } = mdocPkg\nimport { calculateJwkThumbprint } from '@sphereon/ssi-sdk-ext.key-utils'\nimport { CertificateInfo, getCertificateInfo, pemOrDerToX509Certificate, X509ValidationResult } from '@sphereon/ssi-sdk-ext.x509-utils'\nimport { JWK } from '@sphereon/ssi-types'\nimport { IAgentPlugin } from '@veramo/core'\nimport { MdocOid4vpPresentArgs, MdocOid4VPPresentationAuth, MdocOid4vpRPVerifyArgs, MdocOid4vpRPVerifyResult, MdocOid4vpService, schema } from '..'\nimport { CoseCryptoService, X509CallbackService } from '../functions'\nimport {\n CborByteString,\n CoseCryptoServiceJS,\n CoseJoseKeyMappingService,\n CoseKeyCbor,\n DateTimeUtils,\n decodeFrom,\n DocumentCbor,\n DocumentDescriptorMatchResult,\n encodeTo,\n Encoding,\n GetX509CertificateInfoArgs,\n ImDLMdoc,\n IOid4VPPresentationDefinition,\n IRequiredContext,\n IVerifySignatureResult,\n KeyInfo,\n KeyType,\n Oid4VPPresentationSubmission,\n MdocValidations,\n MdocVerifyIssuerSignedArgs,\n VerifyCertificateChainArgs,\n} from '../types/ImDLMdoc'\n\nexport const mdocSupportMethods: Array<string> = [\n 'x509VerifyCertificateChain',\n 'x509GetCertificateInfo',\n 'mdocVerifyIssuerSigned',\n 'mdocOid4vpHolderPresent',\n 'mdocOid4vpRPVerify',\n]\n\n/**\n * The MDLMdoc class implements the IAgentPlugin interface, providing methods for\n * verification and information retrieval related to X.509 certificates and mDL (mobile\n * driver's license) documents.\n */\nexport class MDLMdoc implements IAgentPlugin {\n readonly schema = schema.IMDLMdoc\n readonly methods: ImDLMdoc = {\n x509VerifyCertificateChain: this.x509VerifyCertificateChain.bind(this),\n x509GetCertificateInfo: this.x509GetCertificateInfo.bind(this),\n mdocVerifyIssuerSigned: this.mdocVerifyIssuerSigned.bind(this),\n mdocOid4vpHolderPresent: this.mdocOid4vpHolderPresent.bind(this),\n mdocOid4vpRPVerify: this.mdocOid4vpRPVerify.bind(this),\n }\n private readonly staticTrustAnchors: string[]\n private readonly trustAnchorProvider?: () => string[]\n private readonly blindlyTrustedAnchorProvider?: () => string[]\n private opts: {\n trustRootWhenNoAnchors?: boolean\n allowSingleNoCAChainElement?: boolean\n blindlyTrustedAnchors?: string[]\n }\n\n constructor(args?: {\n trustAnchors?: string[]\n // Provider returning runtime trust anchors, merged with the static (constructor) trustAnchors on every verification.\n trustAnchorProvider?: () => string[]\n // Provider returning runtime blindly-trusted anchors, merged with opts.blindlyTrustedAnchors on every verification.\n blindlyTrustedAnchorProvider?: () => string[]\n opts?: {\n // Trust the supplied root from the chain, when no anchors are being passed in.\n trustRootWhenNoAnchors?: boolean\n // Do not perform a chain validation check if the chain only has a single value. This means only the certificate itself will be validated. No chain checks for CA certs will be performed. Only used when the cert has no issuer\n allowSingleNoCAChainElement?: boolean\n // WARNING: Do not use in production\n // Similar to regular trust anchors, but no validation is performed whatsoever. Do not use in production settings! Can be handy with self generated certificates as we perform many validations, making it hard to test with self-signed certs. Only applied in case a chain with 1 element is passed in to really make sure people do not abuse this option\n blindlyTrustedAnchors?: string[]\n }\n }) {\n this.staticTrustAnchors = args?.trustAnchors ?? []\n this.trustAnchorProvider = args?.trustAnchorProvider\n this.blindlyTrustedAnchorProvider = args?.blindlyTrustedAnchorProvider\n this.opts = args?.opts ?? { trustRootWhenNoAnchors: true }\n }\n\n // Live-merged anchors: static (constructor) + provider (runtime/user). Read on every verification.\n private get trustAnchors(): string[] {\n return [...this.staticTrustAnchors, ...(this.trustAnchorProvider?.() ?? [])]\n }\n\n private get effectiveBlindlyTrustedAnchors(): string[] {\n return [...(this.opts.blindlyTrustedAnchors ?? []), ...(this.blindlyTrustedAnchorProvider?.() ?? [])]\n }\n\n /**\n * Processes and verifies the provided mdoc, generates device response and presentation submission tokens.\n *\n * @param {MdocOid4vpPresentArgs} args - An object containing arguments for mdoc oid4vp holder presentation.\n * @param {IRequiredContext} _context - Required context for the operation.\n * @return {Promise<MdocOid4VPPresentationAuth>} A promise that resolves to an object containing vp_token and presentation_submission.\n */\n private async mdocOid4vpHolderPresent(args: MdocOid4vpPresentArgs, _context: IRequiredContext): Promise<MdocOid4VPPresentationAuth> {\n const { mdocs, presentationDefinition, trustAnchors, verifications, mdocHolderNonce, authorizationRequestNonce, responseUri, clientId } = args\n\n const oid4vpService = new MdocOid4vpService()\n // const mdoc = DocumentCbor.Static.cborDecode(decodeFrom(mdocBase64Url, Encoding.BASE64URL))\n const validate = async (mdoc: DocumentCbor) => {\n try {\n const result = await MdocValidations.fromDocumentAsync(\n mdoc,\n null,\n trustAnchors ?? this.trustAnchors,\n DateTimeUtils.Static.DEFAULT.dateTimeLocal((verifications?.verificationTime?.getTime() ?? Date.now()) / 1000),\n verifications?.allowExpiredDocuments,\n )\n if (result.error) {\n console.log(JSON.stringify(result, null, 2))\n }\n return result\n } catch (e) {\n console.log(e)\n return {\n error: true,\n verifications: [\n {\n name: 'mdoc',\n error: true,\n critical: true,\n message: e.message as string,\n },\n ],\n }\n }\n }\n\n const allMatches: DocumentDescriptorMatchResult[] = oid4vpService.matchDocumentsAndDescriptors(\n mdocHolderNonce,\n mdocs,\n presentationDefinition as IOid4VPPresentationDefinition,\n )\n const docsAndDescriptors: DocumentDescriptorMatchResult[] = []\n let lastError: mdocPkg.com.sphereon.crypto.generic.IVerifyResults<mdocPkg.com.sphereon.crypto.cose.ICoseKeyCbor> | undefined = undefined\n for (let match of allMatches) {\n if (match.document) {\n const result = await validate(match.document)\n if (!result.error || responseUri.includes('openid.net')) {\n // TODO: We relax for the conformance suite, as the cert would be invalid\n try {\n // Source the DEVICE key from the matched document's deviceKeyInfo (the mdoc MSO device key). The validation\n // result.keyInfo is the x5chain ISSUER key, which kmp-mdoc-core does not (yet) convert to a CborKey\n // (\"we do not convert all properties to a Cborkey yet\"), so result.keyInfo.key is undefined. Without a\n // complete device keyInfo the device-response assembly later fails (\"Cannot read property 'toJson' of undefined\").\n const matchDeviceKeyInfo: any = (match as any).deviceKeyInfo\n const deviceKeyInfoSource: any = matchDeviceKeyInfo ?? result.keyInfo\n console.log(\n `(mdl-mdoc:deviceKey) amend: match.deviceKeyInfo present=${!!matchDeviceKeyInfo}, match.deviceKeyInfo.key present=${!!matchDeviceKeyInfo?.key}, ` +\n `result.keyInfo present=${!!result.keyInfo}, result.keyInfo.key present=${!!result.keyInfo?.key}, source=${matchDeviceKeyInfo ? 'match.deviceKeyInfo' : 'result.keyInfo'}`,\n )\n const cborKey = deviceKeyInfoSource?.key ? CoseKeyCbor.Static.fromDTO(deviceKeyInfoSource.key) : undefined\n if (!cborKey) {\n // Note: this is the PUBLIC device key only (the private key is hardware-backed in the KMS). We only need\n // the public key here to look up the matching KMS key reference by thumbprint.\n throw Error(\n 'No device (public) key found to amend: neither match.deviceKeyInfo.key nor result.keyInfo.key is populated. ' +\n 'The mdoc MSO device public key is required to resolve the hardware-backed KMS key for signing.',\n )\n }\n let jwk = CoseJoseKeyMappingService.toJoseJwk(cborKey).toJsonDTO<JWK>()\n if (!deviceKeyInfoSource?.kmsKeyRef) {\n const keyInfo = deviceKeyInfoSource\n const thumbprint = calculateJwkThumbprint({ jwk: jwk })\n const kid = jwk.kid ?? thumbprint\n console.log(`(mdl-mdoc:deviceKey) amend: resolved device public jwk kid=${jwk.kid}, thumbprint=${thumbprint}`)\n\n // The device COSE key kid can be the (mangled) x-coordinate; the KMS resolves the key by its JWK\n // thumbprint, so fall back to that when the kid lookup fails.\n let key\n try {\n key = await _context.agent.keyManagerGet({ kid })\n } catch (e) {\n console.log(\n `(mdl-mdoc:deviceKey) amend: keyManagerGet by kid '${kid}' failed (${(e as any)?.message}); retrying by thumbprint '${thumbprint}'`,\n )\n key = await _context.agent.keyManagerGet({ kid: thumbprint })\n }\n const kms = key.kms\n const kmsKeyRef = key.meta?.kmsKeyRef ?? key.kid\n console.log(`(mdl-mdoc:deviceKey) amend: resolved hardware KMS key kms=${kms}, kmsKeyRef=${kmsKeyRef}`)\n const updateCborKey = cborKey.copy(false, cborKey.kty, cborKey.kid ?? new CborByteString(decodeFrom(kid, Encoding.UTF8)))\n const deviceKeyInfo = KeyInfo.Static.fromDTO(keyInfo).copy(\n kid,\n updateCborKey,\n keyInfo.opts,\n keyInfo.keyVisibility,\n keyInfo.signatureAlgorithm,\n keyInfo.x5c,\n kmsKeyRef,\n kms,\n )\n const updateMatch = match.copy(match.inputDescriptor, match.document, match.documentError, deviceKeyInfo)\n match = updateMatch\n }\n } catch (e: any) {\n console.log(`We tied to ammend key info from the KMS, but failed. Potential trouble ahead ${e.message}`, e)\n }\n\n docsAndDescriptors.push(match)\n } else if (result.error) {\n lastError = result\n }\n }\n }\n if (docsAndDescriptors.length === 0) {\n if (lastError) {\n return Promise.reject(Error(lastError.verifications[0].message ?? 'No matching documents found'))\n }\n return Promise.reject(Error('No matching documents found'))\n }\n // Log all createDeviceResponse arguments so we can reason about the post-sign 'toJson of undefined' crash.\n try {\n console.log(\n `(mdl-mdoc:deviceResponse) args: clientId=${clientId}, responseUri=${responseUri}, authorizationRequestNonce=${authorizationRequestNonce}, docCount=${docsAndDescriptors.length}`,\n )\n try {\n console.log(`(mdl-mdoc:deviceResponse) presentationDefinition=${JSON.stringify(presentationDefinition)}`)\n } catch (e: any) {\n console.log(`(mdl-mdoc:deviceResponse) presentationDefinition stringify failed: ${e?.message}`)\n }\n docsAndDescriptors.forEach((d: any, idx: number) => {\n const dk: any = d?.deviceKeyInfo\n let docType: any = undefined\n try {\n docType = d?.document?.docType?.value ?? d?.document?.MSO?.value?.docType?.value ?? d?.document?.getDocType?.()\n } catch {\n /* ignore */\n }\n console.log(\n `(mdl-mdoc:deviceResponse) doc[${idx}]: inputDescriptor.id=${d?.inputDescriptor?.id?.value ?? d?.inputDescriptor?.id}, docType=${docType}, ` +\n `document present=${!!d?.document}, documentError present=${!!d?.documentError}, ` +\n `deviceKeyInfo present=${!!dk}, deviceKeyInfo.key present=${!!dk?.key}, deviceKeyInfo.kid=${dk?.kid}, kmsKeyRef=${dk?.kmsKeyRef}, kms=${dk?.kms}, ` +\n `signatureAlgorithm=${dk?.signatureAlgorithm}, x5c present=${!!dk?.x5c}`,\n )\n try {\n const dkJson = dk?.toJson ? dk.toJson() : dk\n console.log(`(mdl-mdoc:deviceResponse) doc[${idx}] deviceKeyInfo=${JSON.stringify(dkJson)}`)\n } catch (e: any) {\n console.log(`(mdl-mdoc:deviceResponse) doc[${idx}] deviceKeyInfo serialize failed: ${e?.message}`)\n }\n try {\n const keyJson = dk?.key?.toJson ? dk.key.toJson() : dk?.key\n console.log(`(mdl-mdoc:deviceResponse) doc[${idx}] deviceKeyInfo.key=${JSON.stringify(keyJson)}`)\n } catch (e: any) {\n console.log(`(mdl-mdoc:deviceResponse) doc[${idx}] deviceKeyInfo.key serialize failed: ${e?.message}`)\n }\n })\n } catch (e: any) {\n console.log(`(mdl-mdoc:deviceResponse) argument logging failed: ${e?.message}`)\n }\n\n let deviceResponse\n try {\n deviceResponse = await oid4vpService.createDeviceResponse(\n docsAndDescriptors,\n presentationDefinition as IOid4VPPresentationDefinition,\n clientId,\n responseUri,\n authorizationRequestNonce,\n )\n } catch (e: any) {\n console.log(`(mdl-mdoc:deviceResponse) createDeviceResponse failed: ${e?.message}`)\n console.log(`(mdl-mdoc:deviceResponse) STACK: ${e?.stack}`)\n throw e\n }\n // NOTE: the 'Cannot read property toJson of undefined' crash happens HERE (after createDeviceResponse returns),\n // during cborEncode() of the assembled DeviceResponse — NOT inside createDeviceResponse. Probe + stack-log it.\n try {\n console.log(`(mdl-mdoc:deviceResponse) createDeviceResponse returned: present=${!!deviceResponse}, type=${typeof deviceResponse}`)\n const dr: any = deviceResponse as any\n try {\n const docs = dr?.documents ?? dr?.b3p_1 ?? undefined\n console.log(\n `(mdl-mdoc:deviceResponse) deviceResponse.version present=${!!dr?.version}, status present=${dr?.status != null}, ` +\n `documents present=${!!docs}, documentsCount=${docs?.length ?? docs?.size ?? 'n/a'}`,\n )\n } catch (e: any) {\n console.log(`(mdl-mdoc:deviceResponse) deviceResponse structure probe failed: ${e?.message}`)\n }\n } catch {\n /* ignore */\n }\n\n let vp_token: string\n try {\n const encoded = deviceResponse.cborEncode()\n console.log(`(mdl-mdoc:deviceResponse) cborEncode OK, byteLen=${encoded?.length}`)\n vp_token = encodeTo(encoded, Encoding.BASE64URL)\n } catch (e: any) {\n console.log(`(mdl-mdoc:deviceResponse) cborEncode failed: ${e?.message}`)\n console.log(`(mdl-mdoc:deviceResponse) cborEncode STACK: ${e?.stack}`)\n throw e\n }\n\n let presentation_submission\n try {\n presentation_submission = Oid4VPPresentationSubmission.Static.fromPresentationDefinition(\n presentationDefinition as IOid4VPPresentationDefinition,\n )\n } catch (e: any) {\n console.log(`(mdl-mdoc:deviceResponse) fromPresentationDefinition failed: ${e?.message}`)\n console.log(`(mdl-mdoc:deviceResponse) fromPresentationDefinition STACK: ${e?.stack}`)\n throw e\n }\n return { vp_token, presentation_submission }\n }\n\n /**\n * Verifies on the Relying Party (RP) side for mdoc (mobile document) OIDC4VP (OpenID Connect for Verifiable Presentations).\n *\n * @param {MdocOid4vpRPVerifyArgs} args - The arguments required for verification, including the vp_token, presentation_submission, and trustAnchors.\n * @param {IRequiredContext} _context - The required context for this method.\n * @return {Promise<MdocOid4vpRPVerifyResult>} - A promise that resolves to an object containing error status,\n * validated documents, and the original presentation submission.\n */\n private async mdocOid4vpRPVerify(args: MdocOid4vpRPVerifyArgs, _context: IRequiredContext): Promise<MdocOid4vpRPVerifyResult> {\n const { vp_token, presentation_submission, trustAnchors } = args\n const deviceResponse = com.sphereon.mdoc.data.device.DeviceResponseCbor.Static.cborDecode(decodeFrom(vp_token, Encoding.BASE64URL))\n if (!deviceResponse.documents) {\n return Promise.reject(Error(`No documents found in vp_token`))\n }\n let error = false\n const documents = await Promise.all(\n deviceResponse.documents.map(async (document) => {\n try {\n const validations = await MdocValidations.fromDocumentAsync(document, null, trustAnchors ?? this.trustAnchors)\n if (!validations || validations.error) {\n error = true\n }\n if (presentation_submission.descriptor_map.find((m) => m.id === document.docType.value) === null) {\n error = true\n validations.verifications.push({\n name: 'mdoc',\n error,\n critical: error,\n message: `No descriptor map id with document type ${document.docType.value} present`,\n })\n }\n return { document: document.toJson(), validations }\n } catch (e) {\n error = true\n return {\n document: document.toJson(),\n validations: {\n error: true,\n verifications: [\n {\n name: 'mdoc',\n error,\n critical: true,\n message: e.message as string,\n },\n ],\n },\n }\n }\n }),\n )\n if (error) {\n console.log(JSON.stringify(documents, null, 2))\n }\n return { error, documents, presentation_submission }\n }\n\n /**\n * Verifies the issuer-signed Mobile Document (mDoc) using the provided arguments and context.\n *\n * @param {MdocVerifyIssuerSignedArgs} args - The arguments required for verification, including input and key information.\n * @param {IRequiredContext} context - The context encompassing necessary dependencies and configurations.\n * @return {Promise<IVerifySignatureResult<KeyType>>} A promise that resolves to the result of the signature verification, including key information if available.\n */\n private async mdocVerifyIssuerSigned(args: MdocVerifyIssuerSignedArgs, context: IRequiredContext): Promise<IVerifySignatureResult<KeyType>> {\n const { input, keyInfo, requireX5Chain } = args\n const coseKeyInfo = keyInfo && CoseJoseKeyMappingService.toCoseKeyInfo(keyInfo)\n const verification = await new CoseCryptoServiceJS(new CoseCryptoService(context)).verify1(\n com.sphereon.crypto.cose.CoseSign1Json.Static.fromDTO(input).toCbor(),\n coseKeyInfo,\n requireX5Chain,\n )\n return { ...verification, keyInfo: keyInfo }\n }\n\n /**\n * Verifies an X.509 certificate chain against a set of trust anchors.\n *\n * @param {VerifyCertificateChainArgs} args - The arguments required for verifying the certificate chain.\n * This includes the certificate chain to be verified and any additional trust anchors to be used.\n * @param {IRequiredContext} _context - The context required for verification, including necessary dependencies and settings.\n * @return {Promise<X509ValidationResult>} A promise that resolves to the result of the validation process, indicating the success or failure of the certificate chain verification.\n */\n private async x509VerifyCertificateChain(args: VerifyCertificateChainArgs, _context: IRequiredContext): Promise<X509ValidationResult> {\n const mergedAnchors: string[] = [...this.trustAnchors, ...(args.trustAnchors ?? [])]\n const trustAnchors = new Set<string>(mergedAnchors)\n const validationResult = await new X509CallbackService(Array.from(mergedAnchors)).verifyCertificateChain({\n ...args,\n trustAnchors: Array.from(trustAnchors),\n opts: { ...args?.opts, ...this.opts, blindlyTrustedAnchors: this.effectiveBlindlyTrustedAnchors },\n })\n console.log(\n `x509 validation for ${validationResult.error ? 'Error' : 'Success'}. message: ${validationResult.message}, details: ${validationResult.detailMessage}`,\n )\n return validationResult\n }\n\n /**\n * Extracts information from a list of X509 certificates.\n *\n * @param {GetX509CertificateInfoArgs} args - Arguments required to retrieve certificate information,\n * including the certificates and optional Subject Alternative Name (SAN) type filter.\n * @param {IRequiredContext} context - The context required for the operation, which may include\n * logging, configuration, and other operational details.\n * @return {Promise<CertificateInfo[]>} A promise that resolves with an array of certificate\n * information objects, each containing details extracted from individual certificates.\n */\n private async x509GetCertificateInfo(args: GetX509CertificateInfoArgs, context: IRequiredContext): Promise<CertificateInfo[]> {\n const certificates = args.certificates.map((cert) => pemOrDerToX509Certificate(cert))\n return await Promise.all(certificates.map((cert) => getCertificateInfo(cert, args.sanTypeFilter && { sanTypeFilter: args.sanTypeFilter })))\n }\n}\n","import mdocPkg from '@sphereon/kmp-mdoc-core'\nconst { com } = mdocPkg\nimport { Nullable } from '@sphereon/kmp-mdoc-core'\n\nimport { calculateJwkThumbprint, globalCrypto, verifyRawSignature } from '@sphereon/ssi-sdk-ext.key-utils'\nimport {\n CertificateInfo,\n derToPEM,\n getCertificateInfo,\n getSubjectDN,\n pemOrDerToX509Certificate,\n validateX509CertificateChain,\n X509ValidationResult,\n} from '@sphereon/ssi-sdk-ext.x509-utils'\nimport { JWK } from '@sphereon/ssi-types'\nimport * as crypto from 'crypto'\nimport { Certificate, CryptoEngine, setEngine } from 'pkijs'\n// @ts-ignore\nimport { fromString } from 'uint8arrays/from-string'\n// @ts-ignore\nimport { toString as u8aToString } from 'uint8arrays/to-string'\nimport { IRequiredContext, VerifyCertificateChainArgs } from '../types/ImDLMdoc'\n\ntype CoseKeyCbor = mdocPkg.com.sphereon.crypto.cose.CoseKeyCbor\ntype ICoseKeyCbor = mdocPkg.com.sphereon.crypto.cose.ICoseKeyCbor\ntype ToBeSignedCbor = mdocPkg.com.sphereon.crypto.cose.ToBeSignedCbor\nconst CoseJoseKeyMappingService = com.sphereon.crypto.CoseJoseKeyMappingService\ntype SignatureAlgorithm = mdocPkg.com.sphereon.crypto.generic.SignatureAlgorithm\ntype ICoseCryptoCallbackJS = mdocPkg.com.sphereon.crypto.ICoseCryptoCallbackJS\ntype IKey = mdocPkg.com.sphereon.crypto.IKey\ntype IX509ServiceJS = mdocPkg.com.sphereon.crypto.IX509ServiceJS\ntype Jwk = mdocPkg.com.sphereon.crypto.jose.Jwk\nconst KeyInfo = mdocPkg.com.sphereon.crypto.KeyInfo\ntype X509VerificationProfile = mdocPkg.com.sphereon.crypto.X509VerificationProfile\nconst DateTimeUtils = mdocPkg.com.sphereon.kmp.DateTimeUtils\ntype LocalDateTimeKMP = mdocPkg.com.sphereon.kmp.LocalDateTimeKMP\nconst SignatureAlgorithm = mdocPkg.com.sphereon.crypto.generic.SignatureAlgorithm\nconst DefaultCallbacks = mdocPkg.com.sphereon.crypto.DefaultCallbacks\n\n// ---------- Minimal CBOR helpers for the kmp-mdoc-core kid-mangling workaround ----------\nfunction toU8(bytes: unknown): Uint8Array {\n if (bytes instanceof Uint8Array) return bytes\n if (ArrayBuffer.isView(bytes)) {\n const v = bytes as ArrayBufferView\n return new Uint8Array(v.buffer, v.byteOffset, v.byteLength)\n }\n if (Array.isArray(bytes)) return Uint8Array.from((bytes as number[]).map((b) => b & 0xff))\n throw new Error('unsupported raw bytes type')\n}\nfunction extractIssuerAuthRawParts(rawInput: unknown): { protectedBytes: Uint8Array; payloadBytes: Uint8Array } | undefined {\n const u8 = toU8(rawInput)\n let pos = 0\n const readHead = (): { mt: number; len: number } => {\n const b = u8[pos++]\n const mt = b >> 5\n const info = b & 0x1f\n let len: number\n if (info < 24) len = info\n else if (info === 24) {\n len = u8[pos]\n pos += 1\n } else if (info === 25) {\n len = (u8[pos] << 8) | u8[pos + 1]\n pos += 2\n } else if (info === 26) {\n len = u8[pos] * 0x1000000 + (u8[pos + 1] << 16) + (u8[pos + 2] << 8) + u8[pos + 3]\n pos += 4\n } else throw new Error('unsupported cbor length info ' + info)\n return { mt, len }\n }\n const skip = (): void => {\n const h = readHead()\n switch (h.mt) {\n case 0:\n case 1:\n case 7:\n return\n case 2:\n case 3:\n pos += h.len\n return\n case 4:\n for (let i = 0; i < h.len; i++) skip()\n return\n case 5:\n for (let i = 0; i < h.len * 2; i++) skip()\n return\n case 6:\n skip()\n return\n }\n }\n const readBstr = (): Uint8Array => {\n const h = readHead()\n if (h.mt !== 2) throw new Error('expected bstr, got mt ' + h.mt)\n const out = u8.slice(pos, pos + h.len)\n pos += h.len\n return out\n }\n const readTstr = (): string => {\n const h = readHead()\n if (h.mt !== 3) throw new Error('expected tstr, got mt ' + h.mt)\n const out = new TextDecoder().decode(u8.slice(pos, pos + h.len))\n pos += h.len\n return out\n }\n const outer = readHead()\n if (outer.mt !== 5) return undefined\n for (let i = 0; i < outer.len; i++) {\n const key = readTstr()\n if (key === 'issuerAuth') {\n const arr = readHead()\n if (arr.mt !== 4 || arr.len !== 4) throw new Error('issuerAuth is not a 4-element array')\n const protectedBytes = readBstr()\n skip()\n const payloadBytes = readBstr()\n return { protectedBytes, payloadBytes }\n }\n skip()\n }\n return undefined\n}\nfunction encodeBstrHeader(len: number): Uint8Array {\n if (len < 24) return new Uint8Array([0x40 | len])\n if (len < 0x100) return new Uint8Array([0x58, len])\n if (len < 0x10000) return new Uint8Array([0x59, (len >> 8) & 0xff, len & 0xff])\n return new Uint8Array([0x5a, (len >>> 24) & 0xff, (len >> 16) & 0xff, (len >> 8) & 0xff, len & 0xff])\n}\nfunction concatU8(parts: Uint8Array[]): Uint8Array {\n let total = 0\n for (const p of parts) total += p.length\n const out = new Uint8Array(total)\n let off = 0\n for (const p of parts) {\n out.set(p, off)\n off += p.length\n }\n return out\n}\nfunction buildSig1Structure(protectedBytes: Uint8Array, payloadBytes: Uint8Array): Uint8Array {\n const sig1Label = new Uint8Array([0x6a, 0x53, 0x69, 0x67, 0x6e, 0x61, 0x74, 0x75, 0x72, 0x65, 0x31])\n return concatU8([\n new Uint8Array([0x84]),\n sig1Label,\n encodeBstrHeader(protectedBytes.length),\n protectedBytes,\n new Uint8Array([0x40]),\n encodeBstrHeader(payloadBytes.length),\n payloadBytes,\n ])\n}\n\n// Convert a DER-encoded ECDSA signature (SEQUENCE { INTEGER r, INTEGER s }) to the raw fixed-width r||s\n// form that COSE_Sign1 requires (each coordinate left-padded to `coordSize`, e.g. 32 bytes for ES256/P-256).\nfunction derEcdsaToRaw(der: Uint8Array, coordSize: number): Uint8Array {\n let offset = 0\n if (der[offset++] !== 0x30) throw new Error('Invalid DER ECDSA signature: missing SEQUENCE tag')\n let seqLen = der[offset++]\n if (seqLen & 0x80) {\n const numBytes = seqLen & 0x7f\n seqLen = 0\n for (let i = 0; i < numBytes; i++) seqLen = (seqLen << 8) | der[offset++]\n }\n const readInt = (): Uint8Array => {\n if (der[offset++] !== 0x02) throw new Error('Invalid DER ECDSA signature: missing INTEGER tag')\n const len = der[offset++]\n let val = der.slice(offset, offset + len)\n offset += len\n let start = 0\n while (start < val.length - 1 && val[start] === 0x00) start++ // strip DER sign/leading zero bytes\n val = val.slice(start)\n if (val.length > coordSize) throw new Error(`Invalid DER ECDSA signature: integer (${val.length}) exceeds ${coordSize}`)\n const out = new Uint8Array(coordSize)\n out.set(val, coordSize - val.length) // left-pad\n return out\n }\n const r = readInt()\n const s = readInt()\n return concatU8([r, s])\n}\n\n// The KMS/MUSAP bridge returns the signature as a base64 (or base64url) string. COSE needs raw r||s bytes.\n// Normalize to url-safe unpadded base64, decode, and DER->raw-convert when the bytes are a DER ECDSA signature.\nfunction decodeKmsSignatureToRaw(signature: string, coordSize: number): Uint8Array {\n const normalized = signature.trim().replace(/\\s+/g, '').replace(/\\+/g, '-').replace(/\\//g, '_').replace(/=+$/g, '')\n const bytes = fromString(normalized, 'base64url') as Uint8Array\n if (bytes.length > coordSize * 2 && bytes[0] === 0x30) {\n return derEcdsaToRaw(bytes, coordSize)\n }\n return bytes\n}\n\n// ---------- Minimal CBOR length walker (definite-length items only) ----------\nfunction cborHeader(buf: Uint8Array, off: number): { major: number; headerLen: number; argument: number } {\n const ib = buf[off]\n const major = ib >> 5\n const ai = ib & 0x1f\n if (ai < 24) return { major, headerLen: 1, argument: ai }\n if (ai === 24) return { major, headerLen: 2, argument: buf[off + 1] }\n if (ai === 25) return { major, headerLen: 3, argument: (buf[off + 1] << 8) | buf[off + 2] }\n if (ai === 26) return { major, headerLen: 5, argument: buf[off + 1] * 0x1000000 + (buf[off + 2] << 16) + (buf[off + 3] << 8) + buf[off + 4] }\n if (ai === 27) {\n let v = 0\n for (let i = 1; i <= 8; i++) v = v * 256 + buf[off + i]\n return { major, headerLen: 9, argument: v }\n }\n throw new Error(`unsupported CBOR additional-info ${ai} at offset ${off}`)\n}\n\nfunction cborItemLen(buf: Uint8Array, off: number): number {\n const h = cborHeader(buf, off)\n let total = h.headerLen\n switch (h.major) {\n case 0: // uint\n case 1: // negint\n case 7: // simple/float (null/true/false/floats — argument captured in headerLen)\n break\n case 2: // bstr\n case 3: // tstr\n total += h.argument\n break\n case 4: // array\n for (let i = 0; i < h.argument; i++) total += cborItemLen(buf, off + total)\n break\n case 5: // map\n for (let i = 0; i < h.argument * 2; i++) total += cborItemLen(buf, off + total)\n break\n case 6: // tag (one following item)\n total += cborItemLen(buf, off + total)\n break\n default:\n throw new Error(`unsupported CBOR major type ${h.major}`)\n }\n return total\n}\n\n// The bundled kmp-mdoc-core builds the DeviceAuth COSE Sig_structure non-conformantly: per ISO 18013-5 §9.1.3 (and the\n// reference impls auth0/mdl + IDK) the signed payload MUST be DeviceAuthenticationBytes = #6.24(bstr .cbor\n// [\"DeviceAuthentication\", [null,null,OpenID4VPHandover], docType, #6.24(bstr .cbor DeviceNameSpaces)]), and the\n// Sig_structure payload = bstr(DeviceAuthenticationBytes). kmp omits BOTH tag-24 wrappers (element 4 + the outer one).\n// Re-wrap them here so the device signature matches a conformant verifier. (Element 2 = the SessionTranscript\n// [null,null,handover] is already produced by the kmp-mdoc-core handover patch.) \"Signature1\" / protected / external_aad\n// are left untouched. Returns the input unchanged if the structure isn't the expected DeviceAuth Sig_structure.\nfunction reconstructMdocDeviceAuthSigStructure(sig: Uint8Array): Uint8Array {\n if (sig[0] !== 0x84) return sig // Sig_structure must be a 4-element array\n let off = 1\n off += cborItemLen(sig, off) // \"Signature1\"\n off += cborItemLen(sig, off) // protected (bstr)\n off += cborItemLen(sig, off) // external_aad (bstr)\n const payloadStart = off\n const ph = cborHeader(sig, payloadStart)\n if (ph.major !== 2) return sig // payload must be a bstr\n const daStart = payloadStart + ph.headerLen\n const da = sig.subarray(daStart, daStart + ph.argument) // cbor(DeviceAuthentication)\n if (da[0] !== 0x84) return sig // DeviceAuthentication must be a 4-element array\n let d = 1\n d += cborItemLen(da, d) // \"DeviceAuthentication\"\n d += cborItemLen(da, d) // SessionTranscript ([null,null,handover])\n d += cborItemLen(da, d) // docType\n const e4 = da.subarray(d, d + cborItemLen(da, d)) // deviceNameSpaces (currently un-tagged)\n const e4Tagged = concatU8([new Uint8Array([0xd8, 0x18]), encodeBstrHeader(e4.length), e4]) // #6.24(bstr deviceNameSpaces)\n const daCorrected = concatU8([da.subarray(0, d), e4Tagged])\n const deviceAuthBytes = concatU8([new Uint8Array([0xd8, 0x18]), encodeBstrHeader(daCorrected.length), daCorrected]) // #6.24(bstr DeviceAuthentication)\n const newPayload = concatU8([encodeBstrHeader(deviceAuthBytes.length), deviceAuthBytes]) // bstr(DeviceAuthenticationBytes)\n return concatU8([sig.subarray(0, payloadStart), newPayload])\n}\n\nexport class CoseCryptoService implements ICoseCryptoCallbackJS {\n constructor(private context?: IRequiredContext) {}\n\n setContext(context: IRequiredContext) {\n this.context = context\n }\n\n async signAsync(input: ToBeSignedCbor, requireX5Chain: Nullable<boolean>): Promise<Int8Array> {\n if (!this.context) {\n throw Error('No context provided. Please provide a context with the setContext method or constructor')\n }\n const { keyInfo, alg, value } = input\n // The kmp-mdoc-core Sig_structure omits the ISO 18013-5 §9.1.3 tag-24 wrappers around deviceNameSpaces and the\n // whole DeviceAuthentication. Re-wrap them so the signed bytes match a conformant verifier (auth0/mdl, IDK).\n let toBeSigned: Uint8Array = toU8(value as any)\n try {\n toBeSigned = reconstructMdocDeviceAuthSigStructure(toBeSigned)\n } catch (e: any) {\n console.log(`(mdl-mdoc:sign) Sig_structure tag-24 reconstruction failed, signing kmp original: ${e?.message}`)\n }\n // DIAGNOSTIC: dump the exact COSE Sig_structure (ToBeSigned) the holder signs, so it can be diffed\n // byte-for-byte against the verifier's reconstructed DeviceAuthentication (handover/transcript debugging).\n try {\n let hex = ''\n for (let i = 0; i < toBeSigned.length; i++) hex += (toBeSigned[i] & 0xff).toString(16).padStart(2, '0')\n console.log(`(mdl-mdoc:sign) ToBeSigned len=${toBeSigned.length} hex=${hex}`)\n } catch (e: any) {\n console.log(`(mdl-mdoc:sign) ToBeSigned hex failed: ${e?.message}`)\n }\n let kmsKeyRef = keyInfo.kmsKeyRef ?? undefined\n // Additional key references to try if the primary keyRef is not found in the KMS. The COSE key kid coming from\n // an mdoc deviceKey can be the (mangled) x-coordinate rather than the KMS kid; the KMS can also resolve a key by\n // its JWK thumbprint, so we fall back to that.\n const fallbackKeyRefs: Array<string> = []\n if (!kmsKeyRef) {\n const key = keyInfo.key\n if (key == null) {\n return Promise.reject(Error('No key present in keyInfo. This implementation cannot sign without a key!'))\n }\n const resolvedKeyInfo = com.sphereon.crypto.ResolvedKeyInfo.Static.fromKeyInfo(keyInfo, key)\n const jwkKeyInfo: mdocPkg.com.sphereon.crypto.ResolvedKeyInfo<Jwk> = CoseJoseKeyMappingService.toResolvedJwkKeyInfo(resolvedKeyInfo)\n\n const thumbprint = calculateJwkThumbprint({ jwk: jwkKeyInfo.key.toJsonDTO() })\n const kid = jwkKeyInfo.kid ?? thumbprint ?? jwkKeyInfo.key.getKidAsString(true)\n if (!kid) {\n return Promise.reject(Error('No kid present and not kmsKeyRef provided'))\n }\n kmsKeyRef = kid\n if (thumbprint && thumbprint !== kid) {\n fallbackKeyRefs.push(thumbprint)\n }\n }\n const doSign = (keyRef: string): Promise<string> =>\n this.context!.agent.keyManagerSign({\n algorithm: alg.jose!!.value,\n // Pass the raw ToBeSigned (COSE Sig_structure) bytes as base64. The previous `encodeTo(value, UTF8)`\n // interpreted the binary CBOR as UTF-8 text, corrupting every non-ASCII byte before the KMS even saw it\n // (the MUSAP bridge then signed the mangled bytes -> verifier \"Signature invalid\"). base64 round-trips losslessly.\n data: u8aToString(toBeSigned, 'base64'),\n encoding: 'base64',\n keyRef,\n })\n let result: string\n try {\n result = await doSign(kmsKeyRef!!)\n } catch (error) {\n let signed: string | undefined\n for (const ref of fallbackKeyRefs) {\n try {\n signed = await doSign(ref)\n break\n } catch {\n // try the next fallback key reference\n }\n }\n if (signed === undefined) {\n throw error\n }\n result = signed\n }\n // COSE_Sign1 needs the raw fixed-width r||s signature, not the base64(url)/DER form the KMS returns.\n // (Previously this returned `decodeFrom(result, Encoding.UTF8)` — the UTF-8 bytes of the base64 string —\n // which the verifier rejected with \"Expected signature size 64, received: 86\".)\n const joseAlg = alg.jose?.value\n const coordSize = joseAlg === 'ES512' ? 66 : joseAlg === 'ES384' ? 48 : 32\n const raw = decodeKmsSignatureToRaw(result, coordSize)\n console.log(`(mdl-mdoc:sign) signature decoded: alg=${joseAlg}, inputChars=${result.length}, rawLen=${raw.length} (expected ${coordSize * 2})`)\n return Int8Array.from(raw)\n }\n\n async verify1Async<CborType>(\n input: mdocPkg.com.sphereon.crypto.cose.CoseSign1Cbor<CborType>,\n keyInfo: mdocPkg.com.sphereon.crypto.IKeyInfo<ICoseKeyCbor>,\n requireX5Chain: Nullable<boolean>,\n ): Promise<mdocPkg.com.sphereon.crypto.generic.IVerifySignatureResult<ICoseKeyCbor>> {\n const getCertAndKey = async (\n x5c: Nullable<Array<string>>,\n ): Promise<{\n issuerCert?: Certificate\n issuerJwk?: Jwk\n }> => {\n if (requireX5Chain && (!x5c || x5c.length === 0)) {\n // We should not be able to get here anyway, as the MLD-mdoc library already validated at this point. But let's make sure\n return Promise.reject(new Error(`No x5chain was present in the CoseSign headers!`))\n }\n // TODO: According to the IETF spec there should be a x5t in case the x5chain is in the protected headers. In the Funke this does not seem to be done/used!\n issuerCert = x5c ? pemOrDerToX509Certificate(x5c[0]) : undefined\n let issuerJwk: Jwk | undefined\n if (issuerCert) {\n const info = await getCertificateInfo(issuerCert)\n issuerJwk = info.publicKeyJWK\n }\n return { issuerCert, issuerJwk }\n }\n\n const coseKeyInfo = CoseJoseKeyMappingService.toCoseKeyInfo(keyInfo)\n\n if (coseKeyInfo?.key?.d) {\n throw Error('Do not use private keys to verify!')\n } else if (!input.payload?.value) {\n return Promise.reject(Error('Signature validation without payload not supported'))\n }\n const sign1Json = input.toJson() // Let's make it a bit easier on ourselves, instead of working with CBOR\n const coseAlg = sign1Json.protectedHeader.alg\n if (!coseAlg) {\n return Promise.reject(Error('No alg protected header present'))\n }\n\n let issuerCert: Certificate | undefined\n let issuerCoseKey: CoseKeyCbor | undefined\n let kid = coseKeyInfo?.kid ?? sign1Json.protectedHeader.kid ?? sign1Json.unprotectedHeader?.kid\n // Please note this method does not perform chain validation. The MDL-MSO_MDOC library already performed this before this step\n const x5c = coseKeyInfo?.key?.getX509CertificateChain() ?? sign1Json.protectedHeader?.x5chain ?? sign1Json.unprotectedHeader?.x5chain\n if (!coseKeyInfo || !coseKeyInfo?.key || coseKeyInfo?.key?.x5chain) {\n const certAndKey = await getCertAndKey(x5c)\n issuerCoseKey = certAndKey.issuerJwk ? CoseJoseKeyMappingService.toCoseKey(certAndKey.issuerJwk) : undefined\n issuerCert = certAndKey.issuerCert\n }\n if (!issuerCoseKey) {\n if (!coseKeyInfo?.key) {\n return Promise.reject(Error(`Either a x5c needs to be in the headers, or you need to provide a key for verification`))\n }\n if (kid === null) {\n kid = coseKeyInfo.key.getKidAsString(false)\n }\n issuerCoseKey = com.sphereon.crypto.cose.CoseKeyCbor.Static.fromDTO(coseKeyInfo.key)\n }\n\n const issuerCoseKeyInfo = new KeyInfo<CoseKeyCbor>(\n kid,\n issuerCoseKey,\n coseKeyInfo.opts,\n coseKeyInfo.keyVisibility,\n issuerCoseKey.getSignatureAlgorithm() ?? coseKeyInfo.signatureAlgorithm,\n x5c,\n coseKeyInfo.kmsKeyRef,\n coseKeyInfo.kms,\n coseKeyInfo.keyType ?? issuerCoseKey.getKty(),\n )\n const recalculatedToBeSigned = input.toBeSignedJson(issuerCoseKeyInfo, SignatureAlgorithm.Static.fromCose(coseAlg))\n const key = CoseJoseKeyMappingService.toJoseJwk(issuerCoseKeyInfo.key!).toJsonDTO<JWK>()\n let data = fromString(recalculatedToBeSigned.base64UrlValue, 'base64url')\n const signatureBytes = fromString(sign1Json.signature, 'base64url')\n // Workaround: kmp-mdoc-core mangles binary protected-header values (e.g. a bstr kid)\n // by round-tripping them through a UTF-8 String. When the caller stashed the raw mdoc\n // bytes on globalThis (see @sphereon/ssi-sdk.credential-validation cvVerifyMdoc), reparse\n // them here to build the Sig_structure from the untouched protected/payload bstrs, instead\n // of relying on input.toBeSignedJson() which re-encodes the mangled protected header.\n const rawMdocBytes = (globalThis as unknown as { __sphereon_mdoc_raw_bytes?: Uint8Array }).__sphereon_mdoc_raw_bytes\n if (rawMdocBytes) {\n try {\n const extracted = extractIssuerAuthRawParts(rawMdocBytes)\n if (extracted) {\n data = buildSig1Structure(extracted.protectedBytes, extracted.payloadBytes)\n }\n } catch (e) {\n console.warn('[mdl-mdoc verify] failed to reparse raw mdoc; falling back to kmp-computed Sig_structure:', (e as Error).message)\n }\n }\n const valid = await verifyRawSignature({\n data,\n signature: signatureBytes,\n key,\n })\n\n return {\n name: 'mdoc',\n critical: true,\n error: !valid,\n message: `Signature of '${issuerCert ? getSubjectDN(issuerCert).DN : kid}' was ${valid ? '' : 'in'}valid`,\n keyInfo: issuerCoseKeyInfo,\n } satisfies mdocPkg.com.sphereon.crypto.generic.IVerifySignatureResult<ICoseKeyCbor>\n }\n\n resolvePublicKeyAsync<KT extends mdocPkg.com.sphereon.crypto.IKey>(\n keyInfo: mdocPkg.com.sphereon.crypto.IKeyInfo<KT>,\n ): Promise<mdocPkg.com.sphereon.crypto.IResolvedKeyInfo<KT>> {\n if (keyInfo.key) {\n return Promise.resolve(CoseJoseKeyMappingService.toResolvedKeyInfo(keyInfo, keyInfo.key))\n }\n return Promise.reject(Error('No key present in keyInfo. This implementation cannot resolve public keys on its own currently!'))\n }\n}\n\n/**\n * This class can be used for X509 validations.\n * Either have an instance per trustedCerts and verification invocation or use a single instance and provide the trusted certs in the method argument\n *\n * The class is also registered with the low-level mDL/mdoc Kotlin Multiplatform library\n * Next to the specific function for the library it exports a more powerful version of the same verification method as well\n */\nexport class X509CallbackService implements IX509ServiceJS {\n private _trustedCerts?: Array<string>\n\n constructor(trustedCerts?: Array<string>) {\n this.setTrustedCerts(trustedCerts)\n }\n\n /**\n * A more powerful version of the method below. Allows to verify at a specific time and returns more information\n * @param chain\n * @param trustAnchors\n * @param verificationTime\n */\n async verifyCertificateChain({\n chain,\n trustAnchors = this.getTrustedCerts(),\n verificationTime,\n opts,\n }: VerifyCertificateChainArgs): Promise<X509ValidationResult> {\n return await validateX509CertificateChain({\n chain,\n trustAnchors,\n verificationTime,\n opts,\n })\n }\n\n /**\n * This method is the implementation used within the mDL/Mdoc library\n */\n async verifyCertificateChainJS<KeyType extends IKey>(\n chainDER: Nullable<Int8Array[]>,\n chainPEM: Nullable<string[]>,\n trustedCerts: Nullable<string[]>,\n verificationProfile?: X509VerificationProfile | undefined,\n verificationTime?: Nullable<LocalDateTimeKMP>,\n ): Promise<mdocPkg.com.sphereon.crypto.IX509VerificationResult<KeyType>> {\n const verificationAt = verificationTime ?? DateTimeUtils.Static.DEFAULT.dateTimeLocal()\n let chain: Array<string | Uint8Array> = []\n if (chainDER && chainDER.length > 0) {\n chain = chainDER.map((der) => Uint8Array.from(der))\n }\n if (chainPEM && chainPEM.length > 0) {\n chain = (chain ?? []).concat(chainPEM)\n }\n const result = await validateX509CertificateChain({\n chain: chain, // The function will handle an empty array\n trustAnchors: trustedCerts ?? this.getTrustedCerts(),\n verificationTime: new Date(verificationAt.toEpochSeconds().toULong() * 1000),\n opts: { trustRootWhenNoAnchors: true },\n })\n\n const cert: CertificateInfo | undefined = result.certificateChain ? result.certificateChain[result.certificateChain.length - 1] : undefined\n\n return {\n publicKey: cert?.publicKeyJWK as KeyType, // fixme\n publicKeyAlgorithm: cert?.publicKeyJWK?.alg,\n name: 'x.509',\n critical: result.critical,\n message: result.message,\n error: result.error,\n verificationTime: verificationAt,\n } satisfies mdocPkg.com.sphereon.crypto.IX509VerificationResult<KeyType>\n }\n\n setTrustedCerts = (trustedCertsInPEM?: Array<string>) => {\n this._trustedCerts = trustedCertsInPEM?.map((cert) => {\n if (cert.includes('CERTIFICATE')) {\n // PEM\n return cert\n }\n return derToPEM(cert)\n })\n }\n\n getTrustedCerts = () => this._trustedCerts\n}\n\nconst defaultCryptoEngine = () => {\n // @ts-ignore\n if (typeof self !== 'undefined') {\n // @ts-ignore\n if ('crypto' in self) {\n let engineName = 'webcrypto'\n // @ts-ignore\n if ('webkitSubtle' in self.crypto) {\n engineName = 'safari'\n }\n // @ts-ignore\n setEngine(engineName, new CryptoEngine({ name: engineName, crypto: crypto }))\n }\n } else if (typeof crypto !== 'undefined' && 'webcrypto' in crypto) {\n const name = 'NodeJS ^15'\n const nodeCrypto = crypto.webcrypto\n // @ts-ignore\n setEngine(name, new CryptoEngine({ name, crypto: nodeCrypto }))\n } else {\n // @ts-ignore\n const name = 'crypto'\n setEngine(name, new CryptoEngine({ name, crypto: globalCrypto(false) }))\n }\n}\n\ndefaultCryptoEngine()\n\n// We register the services with the mDL/mdoc library. Please note that the context is not passed in, meaning we cannot sign by default.\nDefaultCallbacks.setCoseCryptoDefault(new CoseCryptoService())\nDefaultCallbacks.setX509Default(new X509CallbackService())\n","import mdocPkg from '@sphereon/kmp-mdoc-core'\nconst { com } = mdocPkg\nimport { PresentationDefinitionV2, PresentationSubmission } from '@sphereon/pex-models'\nimport { ISphereonKeyManager } from '@sphereon/ssi-sdk-ext.key-manager'\nimport { CertificateInfo, SubjectAlternativeGeneralName, X509ValidationResult } from '@sphereon/ssi-sdk-ext.x509-utils'\nimport { IAgentContext, IDIDManager, IPluginMethodMap, IResolver } from '@veramo/core'\nexport type IKey = mdocPkg.com.sphereon.crypto.IKey\nexport type CoseSign1Json = mdocPkg.com.sphereon.crypto.cose.CoseSign1Json\nexport type CoseSign1Cbor<Any> = mdocPkg.com.sphereon.crypto.cose.CoseSign1Cbor<Any>\nexport type ICoseKeyCbor = mdocPkg.com.sphereon.crypto.cose.ICoseKeyCbor\nexport type ICoseKeyJson = mdocPkg.com.sphereon.crypto.cose.ICoseKeyJson\nexport type IKeyInfo<KT extends IKey = IKey> = mdocPkg.com.sphereon.crypto.IKeyInfo<KT>\nexport type IVerifyResults<KT extends IKey> = mdocPkg.com.sphereon.crypto.generic.IVerifyResults<KT>\nexport type IVerifySignatureResult<KT extends IKey> = mdocPkg.com.sphereon.crypto.generic.IVerifySignatureResult<KT>\nexport type DocumentJson = mdocPkg.com.sphereon.mdoc.data.device.DocumentJson\nexport type DocumentCbor = mdocPkg.com.sphereon.mdoc.data.device.DocumentCbor\nexport const CborByteString = com.sphereon.cbor.CborByteString\nexport const CoseKeyCbor = com.sphereon.crypto.cose.CoseKeyCbor\nexport const CoseCryptoServiceJS = com.sphereon.crypto.CoseCryptoServiceJS\nexport const CoseJoseKeyMappingService = com.sphereon.crypto.CoseJoseKeyMappingService\nexport const KeyInfo = com.sphereon.crypto.KeyInfo\nexport const DateTimeUtils = com.sphereon.kmp.DateTimeUtils\nexport const decodeFrom = com.sphereon.kmp.decodeFrom\nexport const encodeTo = com.sphereon.kmp.encodeTo\nexport const Encoding = com.sphereon.kmp.Encoding\nexport const MdocValidations = com.sphereon.mdoc.data.MdocValidations\nexport const MdocOid4vpService = com.sphereon.mdoc.oid4vp.MdocOid4vpServiceJs\nexport const Jwk = com.sphereon.crypto.jose.Jwk\nexport type DocumentDescriptorMatchResult = mdocPkg.com.sphereon.mdoc.oid4vp.DocumentDescriptorMatchResult\nexport type IOid4VPPresentationDefinition = mdocPkg.com.sphereon.mdoc.oid4vp.IOid4VPPresentationDefinition\nexport const Oid4VPPresentationSubmission = com.sphereon.mdoc.oid4vp.Oid4VPPresentationSubmission\n\nexport interface ImDLMdoc extends IPluginMethodMap {\n // TODO: Extract cert methods to its own plugin\n x509VerifyCertificateChain(args: VerifyCertificateChainArgs, context: IRequiredContext): Promise<X509ValidationResult>\n\n x509GetCertificateInfo(args: GetX509CertificateInfoArgs, context: IRequiredContext): Promise<CertificateInfo[]>\n\n mdocVerifyIssuerSigned(args: MdocVerifyIssuerSignedArgs, context: IRequiredContext): Promise<IVerifySignatureResult<KeyType>>\n\n mdocOid4vpHolderPresent(args: MdocOid4vpPresentArgs, context: IRequiredContext): Promise<MdocOid4VPPresentationAuth>\n\n mdocOid4vpRPVerify(args: MdocOid4vpRPVerifyArgs, _context: IRequiredContext): Promise<MdocOid4vpRPVerifyResult>\n}\n\nexport type IRequiredContext = IAgentContext<ISphereonKeyManager & IDIDManager & IResolver>\nexport type VerifyCertificateChainArgs = {\n chain: Array<string | Uint8Array>\n trustAnchors?: string[]\n verificationTime?: Date\n opts?: {\n // If no trust anchor is found, but the chain itself checks out, allow. (defaults to false:)\n allowNoTrustAnchorsFound?: boolean\n // Trust the supplied root from the chain, when no anchors are being passed in.\n trustRootWhenNoAnchors?: boolean\n // Do not perform a chain validation check if the chain only has a single value. This means only the certificate itself will be validated. No chain checks for CA certs will be performed. Only used when the cert has no issuer\n allowSingleNoCAChainElement?: boolean\n // WARNING: Do not use in production\n // Similar to regular trust anchors, but no validation is performed whatsover. Do not use in production settings! Can be handy with self generated certificates as we perform many validations, making it hard to test with self-signed certs. Only applied in case a chain with 1 element is passed in to really make sure people do not abuse this option\n blindlyTrustedAnchors?: string[]\n }\n}\n\nexport type GetX509CertificateInfoArgs = {\n certificates: (string | Uint8Array)[] // pem or der\n sanTypeFilter?: SubjectAlternativeGeneralName | SubjectAlternativeGeneralName[]\n}\n\nexport type KeyType = ICoseKeyJson\nexport type MdocVerifyIssuerSignedArgs = {\n input: CoseSign1Json\n keyInfo?: IKeyInfo<KeyType>\n requireX5Chain?: boolean\n}\n\nexport interface MdocOid4VPPresentationAuth {\n vp_token: string\n presentation_submission: PresentationSubmission\n}\n\nexport interface MdocOid4vpPresentArgs {\n mdocs: DocumentCbor[]\n mdocHolderNonce?: string\n presentationDefinition: PresentationDefinitionV2\n trustAnchors?: string[]\n verifications?: VerificationOptions\n clientId: string\n responseUri: string\n authorizationRequestNonce: string\n}\n\nexport type VerificationOptions = {\n allowExpiredDocuments?: boolean\n verificationTime?: Date\n}\n\nexport type DocumentVerifyResult = { document: DocumentJson; validations: IVerifyResults<ICoseKeyCbor> }\nexport type MdocOid4vpRPVerifyResult = { error: boolean; documents: Array<DocumentVerifyResult>; presentation_submission: PresentationSubmission }\n\nexport interface MdocOid4vpRPVerifyArgs {\n vp_token: string\n presentation_submission: PresentationSubmission\n trustAnchors?: string[]\n}\n"],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAAA;AAAA,gCAAAA,SAAA;AAAA,IAAAA,QAAA;AAAA,MACE,0BAA4B;AAAA,QAC1B,YAAc;AAAA,UACZ,SAAW;AAAA,YACT,4BAA8B;AAAA,cAC5B,MAAQ;AAAA,cACR,YAAc;AAAA,gBACZ,IAAM;AAAA,kBACJ,MAAQ;AAAA,gBACV;AAAA,gBACA,cAAgB;AAAA,kBACd,MAAQ;AAAA,gBACV;AAAA,gBACA,KAAO;AAAA,kBACL,MAAQ;AAAA,gBACV;AAAA,gBACA,KAAO;AAAA,kBACL,MAAQ;AAAA,gBACV;AAAA,gBACA,OAAS;AAAA,kBACP,MAAQ;AAAA,gBACV;AAAA,gBACA,SAAW;AAAA,kBACT,MAAQ;AAAA,gBACV;AAAA,cACF;AAAA,cACA,UAAY,CAAC,MAAM,gBAAgB,OAAO,OAAO,SAAS,SAAS;AAAA,YACrE;AAAA,YACA,mBAAqB;AAAA,cACnB,MAAQ;AAAA,cACR,MAAQ,CAAC,eAAe,cAAc,cAAc,aAAa,mBAAmB,iBAAiB,cAAc,WAAW;AAAA,YAChI;AAAA,YACA,WAAa;AAAA,cACX,MAAQ;AAAA,cACR,MAAQ;AAAA,gBACN;AAAA,gBACA;AAAA,gBACA;AAAA,gBACA;AAAA,gBACA;AAAA,gBACA;AAAA,gBACA;AAAA,gBACA;AAAA,gBACA;AAAA,cACF;AAAA,cACA,aAAe;AAAA,YACjB;AAAA,YACA,+BAAiC;AAAA,cAC/B,MAAQ;AAAA,cACR,YAAc;AAAA,gBACZ,aAAe;AAAA,kBACb,MAAQ;AAAA,gBACV;AAAA,gBACA,SAAW;AAAA,kBACT,MAAQ;AAAA,gBACV;AAAA,cACF;AAAA,YACF;AAAA,YACA,iBAAmB;AAAA,cACjB,MAAQ;AAAA,cACR,MAAQ,CAAC,SAAS,eAAe,kBAAkB;AAAA,YACrD;AAAA,YACA,gBAAkB;AAAA,cAChB,MAAQ;AAAA,cACR,MAAQ,CAAC,MAAM,MAAM,IAAI;AAAA,YAC3B;AAAA,YACA,wBAA0B;AAAA,cACxB,OAAS;AAAA,gBACP;AAAA,kBACE,MAAQ;AAAA,gBACV;AAAA,gBACA;AAAA,kBACE,MAAQ;AAAA,gBACV;AAAA,cACF;AAAA,YACF;AAAA,YACA,+BAAiC;AAAA,cAC/B,MAAQ;AAAA,cACR,YAAc;AAAA,gBACZ,cAAgB;AAAA,kBACd,MAAQ;AAAA,gBACV;AAAA,gBACA,YAAc;AAAA,kBACZ,MAAQ;AAAA,gBACV;AAAA,gBACA,YAAc;AAAA,kBACZ,MAAQ;AAAA,gBACV;AAAA,gBACA,OAAS;AAAA,kBACP,MAAQ;AAAA,gBACV;AAAA,gBACA,UAAY;AAAA,kBACV,MAAQ;AAAA,gBACV;AAAA,gBACA,SAAW;AAAA,kBACT,MAAQ;AAAA,gBACV;AAAA,cACF;AAAA,cACA,UAAY,CAAC,gBAAgB,cAAc,SAAS,YAAY,SAAS;AAAA,YAC3E;AAAA,YACA,WAAa;AAAA,cACX,MAAQ;AAAA,cACR,OAAS;AAAA,YACX;AAAA,YACA,SAAW;AAAA,cACT,MAAQ;AAAA,cACR,YAAc;AAAA,gBACZ,aAAe;AAAA,kBACb,MAAQ;AAAA,gBACV;AAAA,gBACA,SAAW;AAAA,kBACT,MAAQ;AAAA,gBACV;AAAA,cACF;AAAA,cACA,UAAY,CAAC,SAAS;AAAA,YACxB;AAAA,YACA,mBAAqB;AAAA,cACnB,MAAQ;AAAA,cACR,YAAc;AAAA,gBACZ,MAAQ;AAAA,kBACN,MAAQ;AAAA,gBACV;AAAA,gBACA,OAAS;AAAA,kBACP,MAAQ;AAAA,gBACV;AAAA,gBACA,QAAU;AAAA,kBACR,MAAQ;AAAA,gBACV;AAAA,gBACA,QAAU;AAAA,kBACR,MAAQ;AAAA,gBACV;AAAA,gBACA,UAAY;AAAA,kBACV,MAAQ;AAAA,gBACV;AAAA,cACF;AAAA,YACF;AAAA,YACA,4BAA8B;AAAA,cAC5B,OAAS;AAAA,gBACP;AAAA,kBACE,MAAQ;AAAA,gBACV;AAAA,gBACA;AAAA,kBACE,MAAQ;AAAA,gBACV;AAAA,cACF;AAAA,YACF;AAAA,YACA,mCAAqC;AAAA,cACnC,MAAQ;AAAA,cACR,YAAc;AAAA,gBACZ,MAAQ;AAAA,kBACN,MAAQ;AAAA,kBACR,OAAS;AAAA,oBACP,MAAQ;AAAA,kBACV;AAAA,gBACF;AAAA,cACF;AAAA,cACA,UAAY,CAAC,MAAM;AAAA,YACrB;AAAA,YACA,KAAO;AAAA,cACL,MAAQ;AAAA,cACR,YAAc;AAAA,gBACZ,KAAO;AAAA,kBACL,MAAQ;AAAA,kBACR,aAAe;AAAA,gBACjB;AAAA,gBACA,KAAO;AAAA,kBACL,MAAQ;AAAA,gBACV;AAAA,gBACA,GAAK;AAAA,kBACH,MAAQ;AAAA,gBACV;AAAA,gBACA,IAAM;AAAA,kBACJ,MAAQ;AAAA,gBACV;AAAA,gBACA,IAAM;AAAA,kBACJ,MAAQ;AAAA,gBACV;AAAA,gBACA,GAAK;AAAA,kBACH,MAAQ;AAAA,gBACV;AAAA,gBACA,KAAO;AAAA,kBACL,MAAQ;AAAA,kBACR,aAAe;AAAA,gBACjB;AAAA,gBACA,GAAK;AAAA,kBACH,MAAQ;AAAA,gBACV;AAAA,gBACA,SAAW;AAAA,kBACT,MAAQ;AAAA,kBACR,OAAS;AAAA,oBACP,MAAQ;AAAA,kBACV;AAAA,kBACA,aAAe;AAAA,gBACjB;AAAA,gBACA,KAAO;AAAA,kBACL,MAAQ;AAAA,kBACR,aAAe;AAAA,gBACjB;AAAA,gBACA,KAAO;AAAA,kBACL,MAAQ;AAAA,kBACR,aAAe;AAAA,gBACjB;AAAA,gBACA,GAAK;AAAA,kBACH,MAAQ;AAAA,gBACV;AAAA,gBACA,KAAO;AAAA,kBACL,MAAQ;AAAA,kBACR,OAAS;AAAA,oBACP,MAAQ;AAAA,oBACR,YAAc;AAAA,sBACZ,GAAK;AAAA,wBACH,MAAQ;AAAA,sBACV;AAAA,sBACA,GAAK;AAAA,wBACH,MAAQ;AAAA,sBACV;AAAA,sBACA,GAAK;AAAA,wBACH,MAAQ;AAAA,sBACV;AAAA,oBACF;AAAA,kBACF;AAAA,gBACF;AAAA,gBACA,GAAK;AAAA,kBACH,MAAQ;AAAA,gBACV;AAAA,gBACA,GAAK;AAAA,kBACH,MAAQ;AAAA,gBACV;AAAA,gBACA,IAAM;AAAA,kBACJ,MAAQ;AAAA,gBACV;AAAA,gBACA,KAAO;AAAA,kBACL,MAAQ;AAAA,kBACR,aAAe;AAAA,gBACjB;AAAA,gBACA,GAAK;AAAA,kBACH,MAAQ;AAAA,gBACV;AAAA,gBACA,GAAK;AAAA,kBACH,MAAQ;AAAA,gBACV;AAAA,gBACA,KAAO;AAAA,kBACL,MAAQ;AAAA,kBACR,OAAS;AAAA,oBACP,MAAQ;AAAA,kBACV;AAAA,kBACA,aAAe;AAAA,gBACjB;AAAA,gBACA,KAAO;AAAA,kBACL,MAAQ;AAAA,kBACR,aAAe;AAAA,gBACjB;AAAA,gBACA,YAAY;AAAA,kBACV,MAAQ;AAAA,kBACR,aAAe;AAAA,gBACjB;AAAA,gBACA,KAAO;AAAA,kBACL,MAAQ;AAAA,kBACR,aAAe;AAAA,gBACjB;AAAA,cACF;AAAA,cACA,sBAAwB,CAAC;AAAA,cACzB,aAAe;AAAA,YACjB;AAAA,YACA,+BAAiC;AAAA,cAC/B,MAAQ;AAAA,cACR,YAAc;AAAA,gBACZ,OAAS;AAAA,kBACP,MAAQ;AAAA,gBACV;AAAA,gBACA,SAAW;AAAA,kBACT,MAAQ;AAAA,gBACV;AAAA,cACF;AAAA,cACA,UAAY,CAAC,OAAO;AAAA,YACtB;AAAA,YACA,mCAAqC;AAAA,cACnC,MAAQ;AAAA,YACV;AAAA,YACA,0CAA4C;AAAA,cAC1C,MAAQ;AAAA,cACR,YAAc;AAAA,gBACZ,QAAU;AAAA,kBACR,MAAQ;AAAA,gBACV;AAAA,gBACA,IAAM;AAAA,kBACJ,MAAQ;AAAA,gBACV;AAAA,gBACA,MAAQ;AAAA,kBACN,MAAQ;AAAA,gBACV;AAAA,gBACA,SAAW;AAAA,kBACT,MAAQ;AAAA,gBACV;AAAA,gBACA,yBAA2B;AAAA,kBACzB,MAAQ;AAAA,kBACR,OAAS;AAAA,oBACP,MAAQ;AAAA,kBACV;AAAA,gBACF;AAAA,gBACA,mBAAqB;AAAA,kBACnB,MAAQ;AAAA,kBACR,OAAS;AAAA,oBACP,MAAQ;AAAA,kBACV;AAAA,gBACF;AAAA,gBACA,OAAS;AAAA,kBACP,MAAQ;AAAA,gBACV;AAAA,cACF;AAAA,cACA,UAAY,CAAC,MAAM,mBAAmB;AAAA,YACxC;AAAA,YACA,QAAU;AAAA,cACR,MAAQ;AAAA,cACR,YAAc;AAAA,gBACZ,KAAO;AAAA,kBACL,MAAQ;AAAA,gBACV;AAAA,gBACA,QAAU;AAAA,kBACR,MAAQ;AAAA,gBACV;AAAA,gBACA,aAAe;AAAA,kBACb,MAAQ;AAAA,gBACV;AAAA,gBACA,QAAU;AAAA,kBACR,MAAQ;AAAA,gBACV;AAAA,gBACA,aAAe;AAAA,kBACb,MAAQ;AAAA,gBACV;AAAA,gBACA,KAAO;AAAA,kBACL,MAAQ;AAAA,gBACV;AAAA,gBACA,QAAU;AAAA,kBACR,MAAQ;AAAA,gBACV;AAAA,gBACA,QAAU;AAAA,kBACR,MAAQ;AAAA,gBACV;AAAA,gBACA,IAAM;AAAA,kBACJ,MAAQ;AAAA,gBACV;AAAA,gBACA,OAAS;AAAA,kBACP,MAAQ;AAAA,gBACV;AAAA,gBACA,OAAS;AAAA,kBACP,MAAQ;AAAA,gBACV;AAAA,gBACA,aAAa;AAAA,kBACX,MAAQ;AAAA,gBACV;AAAA,cACF;AAAA,YACF;AAAA,YACA,WAAa;AAAA,cACX,MAAQ;AAAA,cACR,YAAc;AAAA,gBACZ,KAAO;AAAA,kBACL,MAAQ;AAAA,kBACR,OAAS;AAAA,oBACP,MAAQ;AAAA,kBACV;AAAA,gBACF;AAAA,cACF;AAAA,cACA,UAAY,CAAC,KAAK;AAAA,YACpB;AAAA,YACA,WAAa;AAAA,cACX,MAAQ;AAAA,cACR,YAAc;AAAA,gBACZ,YAAc;AAAA,kBACZ,MAAQ;AAAA,kBACR,OAAS;AAAA,oBACP,MAAQ;AAAA,kBACV;AAAA,gBACF;AAAA,cACF;AAAA,cACA,UAAY,CAAC,YAAY;AAAA,YAC3B;AAAA,YACA,UAAY;AAAA,cACV,MAAQ;AAAA,cACR,YAAc;AAAA,gBACZ,YAAc;AAAA,kBACZ,MAAQ;AAAA,kBACR,OAAS;AAAA,oBACP,MAAQ;AAAA,kBACV;AAAA,gBACF;AAAA,gBACA,aAAe;AAAA,kBACb,MAAQ;AAAA,kBACR,OAAS;AAAA,oBACP,MAAQ;AAAA,kBACV;AAAA,gBACF;AAAA,cACF;AAAA,cACA,UAAY,CAAC,cAAc,aAAa;AAAA,YAC1C;AAAA,YACA,aAAe;AAAA,cACb,MAAQ;AAAA,cACR,YAAc;AAAA,gBACZ,qBAAqB;AAAA,kBACnB,MAAQ;AAAA,kBACR,OAAS;AAAA,oBACP,MAAQ;AAAA,kBACV;AAAA,gBACF;AAAA,gBACA,qBAAqB;AAAA,kBACnB,MAAQ;AAAA,kBACR,OAAS;AAAA,oBACP,MAAQ;AAAA,kBACV;AAAA,gBACF;AAAA,cACF;AAAA,YACF;AAAA,YACA,uBAAyB;AAAA,cACvB,MAAQ;AAAA,cACR,YAAc;AAAA,gBACZ,MAAQ;AAAA,kBACN,MAAQ;AAAA,gBACV;AAAA,gBACA,SAAW;AAAA,kBACT,MAAQ;AAAA,gBACV;AAAA,gBACA,MAAQ;AAAA,kBACN,MAAQ;AAAA,gBACV;AAAA,gBACA,OAAS;AAAA,kBACP,MAAQ;AAAA,gBACV;AAAA,gBACA,KAAO;AAAA,kBACL,MAAQ;AAAA,gBACV;AAAA,gBACA,KAAO;AAAA,kBACL,MAAQ;AAAA,gBACV;AAAA,gBACA,MAAQ;AAAA,kBACN,MAAQ;AAAA,gBACV;AAAA,gBACA,aAAe;AAAA,kBACb,MAAQ;AAAA,kBACR,OAAS;AAAA,oBACP,MAAQ;AAAA,kBACV;AAAA,gBACF;AAAA,cACF;AAAA,cACA,UAAY,CAAC,MAAM;AAAA,YACrB;AAAA,YACA,OAAS;AAAA,cACP,MAAQ;AAAA,cACR,MAAQ,CAAC,OAAO,MAAM;AAAA,YACxB;AAAA,YACA,mBAAqB;AAAA,cACnB,MAAQ;AAAA,cACR,YAAc;AAAA,gBACZ,IAAM;AAAA,kBACJ,MAAQ;AAAA,gBACV;AAAA,gBACA,MAAQ;AAAA,kBACN,MAAQ;AAAA,gBACV;AAAA,gBACA,SAAW;AAAA,kBACT,MAAQ;AAAA,gBACV;AAAA,gBACA,QAAU;AAAA,kBACR,MAAQ;AAAA,gBACV;AAAA,gBACA,OAAS;AAAA,kBACP,MAAQ;AAAA,kBACR,OAAS;AAAA,oBACP,MAAQ;AAAA,kBACV;AAAA,gBACF;AAAA,gBACA,UAAY;AAAA,kBACV,MAAQ;AAAA,kBACR,OAAS;AAAA,oBACP,MAAQ;AAAA,kBACV;AAAA,gBACF;AAAA,gBACA,aAAe;AAAA,kBACb,MAAQ;AAAA,gBACV;AAAA,cACF;AAAA,cACA,UAAY,CAAC,MAAM,aAAa;AAAA,YAClC;AAAA,YACA,UAAY;AAAA,cACV,MAAQ;AAAA,cACR,YAAc;AAAA,gBACZ,UAAY;AAAA,kBACV,MAAQ;AAAA,gBACV;AAAA,cACF;AAAA,cACA,sBAAwB,CAAC;AAAA,YAC3B;AAAA,YACA,eAAiB;AAAA,cACf,MAAQ;AAAA,cACR,YAAc;AAAA,gBACZ,kBAAoB;AAAA,kBAClB,MAAQ;AAAA,gBACV;AAAA,gBACA,UAAY;AAAA,kBACV,MAAQ;AAAA,gBACV;AAAA,gBACA,QAAU;AAAA,kBACR,MAAQ;AAAA,kBACR,OAAS;AAAA,oBACP,MAAQ;AAAA,kBACV;AAAA,gBACF;AAAA,gBACA,mBAAqB;AAAA,kBACnB,MAAQ;AAAA,gBACV;AAAA,gBACA,WAAa;AAAA,kBACX,MAAQ;AAAA,kBACR,OAAS;AAAA,oBACP,MAAQ;AAAA,kBACV;AAAA,gBACF;AAAA,gBACA,cAAgB;AAAA,kBACd,MAAQ;AAAA,kBACR,OAAS;AAAA,oBACP,MAAQ;AAAA,kBACV;AAAA,gBACF;AAAA,cACF;AAAA,YACF;AAAA,YACA,aAAe;AAAA,cACb,MAAQ;AAAA,cACR,MAAQ,CAAC,YAAY,WAAW;AAAA,YAClC;AAAA,YACA,UAAY;AAAA,cACV,MAAQ;AAAA,cACR,YAAc;AAAA,gBACZ,QAAU;AAAA,kBACR,MAAQ;AAAA,gBACV;AAAA,gBACA,WAAa;AAAA,kBACX,MAAQ;AAAA,gBACV;AAAA,gBACA,SAAW;AAAA,kBACT,MAAQ;AAAA,gBACV;AAAA,cACF;AAAA,YACF;AAAA,YACA,UAAY;AAAA,cACV,MAAQ;AAAA,cACR,YAAc;AAAA,gBACZ,WAAa;AAAA,kBACX,MAAQ;AAAA,gBACV;AAAA,cACF;AAAA,YACF;AAAA,YACA,YAAc;AAAA,cACZ,MAAQ;AAAA,cACR,MAAQ,CAAC,YAAY,WAAW,YAAY;AAAA,YAC9C;AAAA,YACA,SAAW;AAAA,cACT,MAAQ;AAAA,cACR,YAAc;AAAA,gBACZ,IAAM;AAAA,kBACJ,MAAQ;AAAA,gBACV;AAAA,gBACA,MAAQ;AAAA,kBACN,MAAQ;AAAA,kBACR,OAAS;AAAA,oBACP,MAAQ;AAAA,kBACV;AAAA,gBACF;AAAA,gBACA,SAAW;AAAA,kBACT,MAAQ;AAAA,gBACV;AAAA,gBACA,QAAU;AAAA,kBACR,MAAQ;AAAA,gBACV;AAAA,gBACA,WAAa;AAAA,kBACX,MAAQ;AAAA,gBACV;AAAA,gBACA,MAAQ;AAAA,kBACN,MAAQ;AAAA,gBACV;AAAA,gBACA,UAAY;AAAA,kBACV,MAAQ;AAAA,gBACV;AAAA,cACF;AAAA,cACA,UAAY,CAAC,MAAM;AAAA,YACrB;AAAA,YACA,UAAY;AAAA,cACV,MAAQ;AAAA,cACR,YAAc;AAAA,gBACZ,OAAS;AAAA,kBACP,MAAQ;AAAA,gBACV;AAAA,gBACA,MAAQ;AAAA,kBACN,MAAQ;AAAA,kBACR,OAAS;AAAA,oBACP,MAAQ;AAAA,kBACV;AAAA,gBACF;AAAA,gBACA,kBAAoB;AAAA,kBAClB,MAAQ;AAAA,gBACV;AAAA,gBACA,kBAAoB;AAAA,kBAClB,MAAQ;AAAA,gBACV;AAAA,gBACA,QAAU;AAAA,kBACR,MAAQ;AAAA,gBACV;AAAA,gBACA,eAAiB;AAAA,kBACf,MAAQ;AAAA,gBACV;AAAA,gBACA,eAAiB;AAAA,kBACf,MAAQ;AAAA,gBACV;AAAA,gBACA,wBAA0B;AAAA,kBACxB,MAAQ;AAAA,gBACV;AAAA,gBACA,wBAA0B;AAAA,kBACxB,MAAQ;AAAA,gBACV;AAAA,gBACA,WAAa;AAAA,kBACX,MAAQ;AAAA,gBACV;AAAA,gBACA,WAAa;AAAA,kBACX,MAAQ;AAAA,gBACV;AAAA,gBACA,SAAW;AAAA,kBACT,MAAQ;AAAA,gBACV;AAAA,gBACA,SAAW;AAAA,kBACT,MAAQ;AAAA,gBACV;AAAA,gBACA,KAAO;AAAA,kBACL,MAAQ;AAAA,gBACV;AAAA,gBACA,SAAW;AAAA,kBACT,MAAQ;AAAA,gBACV;AAAA,gBACA,MAAQ;AAAA,kBACN,MAAQ;AAAA,gBACV;AAAA,gBACA,UAAY;AAAA,kBACV,MAAQ;AAAA,gBACV;AAAA,gBACA,OAAS;AAAA,kBACP,MAAQ;AAAA,gBACV;AAAA,cACF;AAAA,cACA,UAAY,CAAC,MAAM;AAAA,YACrB;AAAA,YACA,0BAA4B;AAAA,cAC1B,MAAQ,CAAC,WAAW,UAAU,QAAQ;AAAA,YACxC;AAAA,YACA,mBAAqB;AAAA,cACnB,MAAQ,CAAC,UAAU,QAAQ;AAAA,YAC7B;AAAA,YACA,cAAgB;AAAA,cACd,MAAQ;AAAA,cACR,YAAc;AAAA,gBACZ,OAAS;AAAA,kBACP,MAAQ;AAAA,gBACV;AAAA,gBACA,MAAQ;AAAA,kBACN,MAAQ;AAAA,kBACR,OAAS;AAAA,oBACP,MAAQ;AAAA,kBACV;AAAA,gBACF;AAAA,gBACA,kBAAoB;AAAA,kBAClB,MAAQ;AAAA,gBACV;AAAA,gBACA,kBAAoB;AAAA,kBAClB,MAAQ;AAAA,gBACV;AAAA,gBACA,QAAU;AAAA,kBACR,MAAQ;AAAA,gBACV;AAAA,gBACA,eAAiB;AAAA,kBACf,MAAQ;AAAA,gBACV;AAAA,gBACA,eAAiB;AAAA,kBACf,MAAQ;AAAA,gBACV;AAAA,gBACA,wBAA0B;AAAA,kBACxB,MAAQ;AAAA,gBACV;AAAA,gBACA,wBAA0B;AAAA,kBACxB,MAAQ;AAAA,gBACV;AAAA,gBACA,WAAa;AAAA,kBACX,MAAQ;AAAA,gBACV;AAAA,gBACA,WAAa;AAAA,kBACX,MAAQ;AAAA,gBACV;AAAA,gBACA,SAAW;AAAA,kBACT,MAAQ;AAAA,gBACV;AAAA,gBACA,SAAW;AAAA,kBACT,MAAQ;AAAA,gBACV;AAAA,gBACA,KAAO;AAAA,kBACL,MAAQ;AAAA,gBACV;AAAA,gBACA,SAAW;AAAA,kBACT,MAAQ;AAAA,gBACV;AAAA,gBACA,MAAQ;AAAA,kBACN,MAAQ;AAAA,gBACV;AAAA,gBACA,UAAY;AAAA,kBACV,MAAQ;AAAA,gBACV;AAAA,gBACA,OAAS;AAAA,kBACP,MAAQ;AAAA,gBACV;AAAA,cACF;AAAA,YACF;AAAA,YACA,mBAAqB;AAAA,cACnB,MAAQ;AAAA,cACR,YAAc;AAAA,gBACZ,OAAS;AAAA,kBACP,MAAQ;AAAA,gBACV;AAAA,gBACA,MAAQ;AAAA,kBACN,MAAQ;AAAA,kBACR,OAAS;AAAA,oBACP,MAAQ;AAAA,kBACV;AAAA,gBACF;AAAA,gBACA,kBAAoB;AAAA,kBAClB,MAAQ;AAAA,gBACV;AAAA,gBACA,kBAAoB;AAAA,kBAClB,MAAQ;AAAA,gBACV;AAAA,gBACA,QAAU;AAAA,kBACR,MAAQ;AAAA,gBACV;AAAA,gBACA,eAAiB;AAAA,kBACf,MAAQ;AAAA,gBACV;AAAA,gBACA,eAAiB;AAAA,kBACf,MAAQ;AAAA,gBACV;AAAA,gBACA,wBAA0B;AAAA,kBACxB,MAAQ;AAAA,gBACV;AAAA,gBACA,wBAA0B;AAAA,kBACxB,MAAQ;AAAA,gBACV;AAAA,gBACA,WAAa;AAAA,kBACX,MAAQ;AAAA,gBACV;AAAA,gBACA,WAAa;AAAA,kBACX,MAAQ;AAAA,gBACV;AAAA,gBACA,SAAW;AAAA,kBACT,MAAQ;AAAA,gBACV;AAAA,gBACA,SAAW;AAAA,kBACT,MAAQ;AAAA,gBACV;AAAA,gBACA,KAAO;AAAA,kBACL,MAAQ;AAAA,gBACV;AAAA,gBACA,SAAW;AAAA,kBACT,MAAQ;AAAA,gBACV;AAAA,gBACA,MAAQ;AAAA,kBACN,MAAQ;AAAA,gBACV;AAAA,gBACA,UAAY;AAAA,kBACV,MAAQ;AAAA,gBACV;AAAA,gBACA,OAAS;AAAA,kBACP,MAAQ;AAAA,gBACV;AAAA,cACF;AAAA,cACA,UAAY,CAAC,MAAM;AAAA,YACrB;AAAA,YACA,eAAiB;AAAA,cACf,MAAQ;AAAA,cACR,YAAc;AAAA,gBACZ,UAAY;AAAA,kBACV,MAAQ;AAAA,kBACR,OAAS;AAAA,oBACP,MAAQ;AAAA,kBACV;AAAA,gBACF;AAAA,gBACA,WAAa;AAAA,kBACX,MAAQ;AAAA,gBACV;AAAA,cACF;AAAA,cACA,UAAY,CAAC,YAAY,WAAW;AAAA,YACtC;AAAA,YACA,gCAAkC;AAAA,cAChC,MAAQ;AAAA,YACV;AAAA,YACA,oBAAsB;AAAA,cACpB,OAAS;AAAA,gBACP;AAAA,kBACE,MAAQ;AAAA,kBACR,YAAc;AAAA,oBACZ,kCAAoC;AAAA,sBAClC,MAAQ;AAAA,oBACV;AAAA,oBACA,wBAA0B;AAAA,sBACxB,OAAS;AAAA,wBACP;AAAA,0BACE,MAAQ;AAAA,wBACV;AAAA,wBACA;AAAA,0BACE,MAAQ;AAAA,wBACV;AAAA,sBACF;AAAA,oBACF;AAAA,oBACA,QAAU;AAAA,sBACR,OAAS;AAAA,wBACP;AAAA,0BACE,MAAQ;AAAA,wBACV;AAAA,wBACA;AAAA,0BACE,MAAQ;AAAA,wBACV;AAAA,sBACF;AAAA,oBACF;AAAA,oBACA,0BAA4B;AAAA,sBAC1B,OAAS;AAAA,wBACP;AAAA,0BACE,MAAQ;AAAA,0BACR,OAAS;AAAA,4BACP,MAAQ;AAAA,0BACV;AAAA,wBACF;AAAA,wBACA;AAAA,0BACE,MAAQ;AAAA,wBACV;AAAA,sBACF;AAAA,oBACF;AAAA,oBACA,kBAAoB;AAAA,sBAClB,OAAS;AAAA,wBACP;AAAA,0BACE,MAAQ;AAAA,0BACR,OAAS;AAAA,4BACP,MAAQ;AAAA,0BACV;AAAA,wBACF;AAAA,wBACA;AAAA,0BACE,MAAQ;AAAA,wBACV;AAAA,sBACF;AAAA,oBACF;AAAA,oBACA,yBAA2B;AAAA,sBACzB,OAAS;AAAA,wBACP;AAAA,0BACE,MAAQ;AAAA,0BACR,OAAS;AAAA,4BACP,MAAQ;AAAA,0BACV;AAAA,wBACF;AAAA,wBACA;AAAA,0BACE,MAAQ;AAAA,wBACV;AAAA,sBACF;AAAA,oBACF;AAAA,oBACA,uCAAyC;AAAA,sBACvC,OAAS;AAAA,wBACP;AAAA,0BACE,MAAQ;AAAA,0BACR,OAAS;AAAA,4BACP,MAAQ;AAAA,0BACV;AAAA,wBACF;AAAA,wBACA;AAAA,0BACE,MAAQ;AAAA,wBACV;AAAA,sBACF;AAAA,oBACF;AAAA,oBACA,6CAA+C;AAAA,sBAC7C,OAAS;AAAA,wBACP;AAAA,0BACE,MAAQ;AAAA,0BACR,OAAS;AAAA,4BACP,MAAQ;AAAA,0BACV;AAAA,wBACF;AAAA,wBACA;AAAA,0BACE,MAAQ;AAAA,wBACV;AAAA,sBACF;AAAA,oBACF;AAAA,oBACA,gCAAkC;AAAA,sBAChC,MAAQ;AAAA,sBACR,OAAS;AAAA,wBACP,MAAQ;AAAA,sBACV;AAAA,oBACF;AAAA,oBACA,gBAAkB;AAAA,sBAChB,MAAQ;AAAA,oBACV;AAAA,oBACA,mBAAqB;AAAA,sBACnB,MAAQ;AAAA,oBACV;AAAA,oBACA,UAAY;AAAA,sBACV,MAAQ;AAAA,oBACV;AAAA,oBACA,uBAAyB;AAAA,sBACvB,MAAQ;AAAA,oBACV;AAAA,oBACA,0BAA4B;AAAA,sBAC1B,OAAS;AAAA,wBACP;AAAA,0BACE,MAAQ;AAAA,0BACR,OAAS;AAAA,4BACP,MAAQ;AAAA,0BACV;AAAA,wBACF;AAAA,wBACA;AAAA,0BACE,MAAQ;AAAA,wBACV;AAAA,sBACF;AAAA,oBACF;AAAA,oBACA,uBAAyB;AAAA,sBACvB,OAAS;AAAA,wBACP;AAAA,0BACE,MAAQ;AAAA,0BACR,OAAS;AAAA,4BACP,MAAQ;AAAA,0BACV;AAAA,wBACF;AAAA,wBACA;AAAA,0BACE,MAAQ;AAAA,wBACV;AAAA,sBACF;AAAA,oBACF;AAAA,oBACA,sBAAwB;AAAA,sBACtB,OAAS;AAAA,wBACP;AAAA,0BACE,MAAQ;AAAA,0BACR,OAAS;AAAA,4BACP,MAAQ;AAAA,0BACV;AAAA,wBACF;AAAA,wBACA;AAAA,0BACE,MAAQ;AAAA,wBACV;AAAA,sBACF;AAAA,oBACF;AAAA,oBACA,0CAA4C;AAAA,sBAC1C,OAAS;AAAA,wBACP;AAAA,0BACE,MAAQ;AAAA,0BACR,OAAS;AAAA,4BACP,MAAQ;AAAA,0BACV;AAAA,wBACF;AAAA,wBACA;AAAA,0BACE,MAAQ;AAAA,wBACV;AAAA,sBACF;AAAA,oBACF;AAAA,oBACA,0CAA4C;AAAA,sBAC1C,OAAS;AAAA,wBACP;AAAA,0BACE,MAAQ;AAAA,0BACR,OAAS;AAAA,4BACP,MAAQ;AAAA,0BACV;AAAA,wBACF;AAAA,wBACA;AAAA,0BACE,MAAQ;AAAA,wBACV;AAAA,sBACF;AAAA,sBACA,aAAe;AAAA,oBACjB;AAAA,oBACA,uCAAyC;AAAA,sBACvC,OAAS;AAAA,wBACP;AAAA,0BACE,MAAQ;AAAA,0BACR,OAAS;AAAA,4BACP,MAAQ;AAAA,0BACV;AAAA,wBACF;AAAA,wBACA;AAAA,0BACE,MAAQ;AAAA,wBACV;AAAA,sBACF;AAAA,oBACF;AAAA,oBACA,0CAA4C;AAAA,sBAC1C,OAAS;AAAA,wBACP;AAAA,0BACE,MAAQ;AAAA,0BACR,OAAS;AAAA,4BACP,MAAQ;AAAA,0BACV;AAAA,wBACF;AAAA,wBACA;AAAA,0BACE,MAAQ;AAAA,wBACV;AAAA,sBACF;AAAA,oBACF;AAAA,oBACA,0CAA4C;AAAA,sBAC1C,OAAS;AAAA,wBACP;AAAA,0BACE,MAAQ;AAAA,0BACR,OAAS;AAAA,4BACP,MAAQ;AAAA,0BACV;AAAA,wBACF;AAAA,wBACA;AAAA,0BACE,MAAQ;AAAA,wBACV;AAAA,sBACF;AAAA,sBACA,aAAe;AAAA,oBACjB;AAAA,oBACA,gDAAkD;AAAA,sBAChD,OAAS;AAAA,wBACP;AAAA,0BACE,MAAQ;AAAA,0BACR,OAAS;AAAA,4BACP,MAAQ;AAAA,0BACV;AAAA,wBACF;AAAA,wBACA;AAAA,0BACE,MAAQ;AAAA,wBACV;AAAA,sBACF;AAAA,oBACF;AAAA,oBACA,gDAAkD;AAAA,sBAChD,OAAS;AAAA,wBACP;AAAA,0BACE,MAAQ;AAAA,0BACR,OAAS;AAAA,4BACP,MAAQ;AAAA,0BACV;AAAA,wBACF;AAAA,wBACA;AAAA,0BACE,MAAQ;AAAA,wBACV;AAAA,sBACF;AAAA,sBACA,aAAe;AAAA,oBACjB;AAAA,oBACA,uCAAyC;AAAA,sBACvC,OAAS;AAAA,wBACP;AAAA,0BACE,MAAQ;AAAA,0BACR,OAAS;AAAA,4BACP,MAAQ;AAAA,0BACV;AAAA,wBACF;AAAA,wBACA;AAAA,0BACE,MAAQ;AAAA,wBACV;AAAA,sBACF;AAAA,oBACF;AAAA,oBACA,kDAAoD;AAAA,sBAClD,OAAS;AAAA,wBACP;AAAA,0BACE,MAAQ;AAAA,0BACR,OAAS;AAAA,4BACP,MAAQ;AAAA,0BACV;AAAA,wBACF;AAAA,wBACA;AAAA,0BACE,MAAQ;AAAA,wBACV;AAAA,sBACF;AAAA,oBACF;AAAA,oBACA,0BAA4B;AAAA,sBAC1B,OAAS;AAAA,wBACP;AAAA,0BACE,MAAQ;AAAA,0BACR,OAAS,CAAC;AAAA,wBACZ;AAAA,wBACA,CAAC;AAAA,sBACH;AAAA,sBACA,aAAe;AAAA,oBACjB;AAAA,oBACA,uBAAyB;AAAA,sBACvB,OAAS;AAAA,wBACP;AAAA,0BACE,MAAQ;AAAA,0BACR,OAAS;AAAA,4BACP,MAAQ;AAAA,0BACV;AAAA,wBACF;AAAA,wBACA;AAAA,0BACE,MAAQ;AAAA,wBACV;AAAA,sBACF;AAAA,sBACA,aAAe;AAAA,oBACjB;AAAA,oBACA,kBAAoB;AAAA,sBAClB,OAAS;AAAA,wBACP;AAAA,0BACE,MAAQ;AAAA,0BACR,OAAS;AAAA,4BACP,MAAQ;AAAA,0BACV;AAAA,wBACF;AAAA,wBACA;AAAA,0BACE,MAAQ;AAAA,wBACV;AAAA,sBACF;AAAA,sBACA,aAAe;AAAA,oBACjB;AAAA,oBACA,uBAAyB;AAAA,sBACvB,MAAQ;AAAA,oBACV;AAAA,oBACA,0BAA4B;AAAA,sBAC1B,OAAS;AAAA,wBACP;AAAA,0BACE,MAAQ;AAAA,0BACR,OAAS;AAAA,4BACP,MAAQ;AAAA,0BACV;AAAA,wBACF;AAAA,wBACA;AAAA,0BACE,MAAQ;AAAA,wBACV;AAAA,sBACF;AAAA,oBACF;AAAA,oBACA,sBAAwB;AAAA,sBACtB,OAAS;AAAA,wBACP;AAAA,0BACE,MAAQ;AAAA,0BACR,OAAS;AAAA,4BACP,MAAQ;AAAA,0BACV;AAAA,wBACF;AAAA,wBACA;AAAA,0BACE,MAAQ;AAAA,wBACV;AAAA,sBACF;AAAA,oBACF;AAAA,oBACA,4BAA8B;AAAA,sBAC5B,MAAQ;AAAA,oBACV;AAAA,oBACA,6BAA+B;AAAA,sBAC7B,MAAQ;AAAA,oBACV;AAAA,oBACA,iCAAmC;AAAA,sBACjC,MAAQ;AAAA,oBACV;AAAA,oBACA,kCAAoC;AAAA,sBAClC,MAAQ;AAAA,oBACV;AAAA,oBACA,eAAiB;AAAA,sBACf,MAAQ;AAAA,oBACV;AAAA,oBACA,YAAc;AAAA,sBACZ,MAAQ;AAAA,oBACV;AAAA,oBACA,WAAa;AAAA,sBACX,MAAQ;AAAA,oBACV;AAAA,oBACA,eAAiB;AAAA,sBACf,MAAQ;AAAA,sBACR,OAAS;AAAA,wBACP,MAAQ;AAAA,sBACV;AAAA,oBACF;AAAA,oBACA,aAAe;AAAA,sBACb,MAAQ;AAAA,oBACV;AAAA,oBACA,4BAA8B;AAAA,sBAC5B,MAAQ;AAAA,oBACV;AAAA,oBACA,kBAAoB;AAAA,sBAClB,MAAQ;AAAA,oBACV;AAAA,oBACA,gBAAkB;AAAA,sBAChB,MAAQ;AAAA,oBACV;AAAA,oBACA,aAAe;AAAA,sBACb,MAAQ;AAAA,oBACV;AAAA,oBACA,YAAc;AAAA,sBACZ,MAAQ;AAAA,oBACV;AAAA,kBACF;AAAA,gBACF;AAAA,gBACA;AAAA,kBACE,MAAQ;AAAA,kBACR,YAAc;AAAA,oBACZ,kCAAoC;AAAA,sBAClC,MAAQ;AAAA,oBACV;AAAA,oBACA,wBAA0B;AAAA,sBACxB,OAAS;AAAA,wBACP;AAAA,0BACE,MAAQ;AAAA,wBACV;AAAA,wBACA;AAAA,0BACE,MAAQ;AAAA,wBACV;AAAA,sBACF;AAAA,oBACF;AAAA,oBACA,QAAU;AAAA,sBACR,OAAS;AAAA,wBACP;AAAA,0BACE,MAAQ;AAAA,wBACV;AAAA,wBACA;AAAA,0BACE,MAAQ;AAAA,wBACV;AAAA,sBACF;AAAA,oBACF;AAAA,oBACA,0BAA4B;AAAA,sBAC1B,OAAS;AAAA,wBACP;AAAA,0BACE,MAAQ;AAAA,0BACR,OAAS;AAAA,4BACP,MAAQ;AAAA,0BACV;AAAA,wBACF;AAAA,wBACA;AAAA,0BACE,MAAQ;AAAA,wBACV;AAAA,sBACF;AAAA,oBACF;AAAA,oBACA,kBAAoB;AAAA,sBAClB,OAAS;AAAA,wBACP;AAAA,0BACE,MAAQ;AAAA,0BACR,OAAS;AAAA,4BACP,MAAQ;AAAA,0BACV;AAAA,wBACF;AAAA,wBACA;AAAA,0BACE,MAAQ;AAAA,wBACV;AAAA,sBACF;AAAA,oBACF;AAAA,oBACA,yBAA2B;AAAA,sBACzB,OAAS;AAAA,wBACP;AAAA,0BACE,MAAQ;AAAA,0BACR,OAAS;AAAA,4BACP,MAAQ;AAAA,0BACV;AAAA,wBACF;AAAA,wBACA;AAAA,0BACE,MAAQ;AAAA,wBACV;AAAA,sBACF;AAAA,oBACF;AAAA,oBACA,uCAAyC;AAAA,sBACvC,OAAS;AAAA,wBACP;AAAA,0BACE,MAAQ;AAAA,0BACR,OAAS;AAAA,4BACP,MAAQ;AAAA,0BACV;AAAA,wBACF;AAAA,wBACA;AAAA,0BACE,MAAQ;AAAA,wBACV;AAAA,sBACF;AAAA,oBACF;AAAA,oBACA,6CAA+C;AAAA,sBAC7C,OAAS;AAAA,wBACP;AAAA,0BACE,MAAQ;AAAA,0BACR,OAAS;AAAA,4BACP,MAAQ;AAAA,0BACV;AAAA,wBACF;AAAA,wBACA;AAAA,0BACE,MAAQ;AAAA,wBACV;AAAA,sBACF;AAAA,oBACF;AAAA,oBACA,gCAAkC;AAAA,sBAChC,MAAQ;AAAA,sBACR,OAAS;AAAA,wBACP,MAAQ;AAAA,sBACV;AAAA,oBACF;AAAA,oBACA,gBAAkB;AAAA,sBAChB,MAAQ;AAAA,oBACV;AAAA,oBACA,mBAAqB;AAAA,sBACnB,MAAQ;AAAA,oBACV;AAAA,oBACA,UAAY;AAAA,sBACV,MAAQ;AAAA,oBACV;AAAA,oBACA,uBAAyB;AAAA,sBACvB,MAAQ;AAAA,oBACV;AAAA,oBACA,0BAA4B;AAAA,sBAC1B,OAAS;AAAA,wBACP;AAAA,0BACE,MAAQ;AAAA,0BACR,OAAS;AAAA,4BACP,MAAQ;AAAA,0BACV;AAAA,wBACF;AAAA,wBACA;AAAA,0BACE,MAAQ;AAAA,wBACV;AAAA,sBACF;AAAA,oBACF;AAAA,oBACA,uBAAyB;AAAA,sBACvB,OAAS;AAAA,wBACP;AAAA,0BACE,MAAQ;AAAA,0BACR,OAAS;AAAA,4BACP,MAAQ;AAAA,0BACV;AAAA,wBACF;AAAA,wBACA;AAAA,0BACE,MAAQ;AAAA,wBACV;AAAA,sBACF;AAAA,oBACF;AAAA,oBACA,sBAAwB;AAAA,sBACtB,OAAS;AAAA,wBACP;AAAA,0BACE,MAAQ;AAAA,0BACR,OAAS;AAAA,4BACP,MAAQ;AAAA,0BACV;AAAA,wBACF;AAAA,wBACA;AAAA,0BACE,MAAQ;AAAA,wBACV;AAAA,sBACF;AAAA,oBACF;AAAA,oBACA,0CAA4C;AAAA,sBAC1C,OAAS;AAAA,wBACP;AAAA,0BACE,MAAQ;AAAA,0BACR,OAAS;AAAA,4BACP,MAAQ;AAAA,0BACV;AAAA,wBACF;AAAA,wBACA;AAAA,0BACE,MAAQ;AAAA,wBACV;AAAA,sBACF;AAAA,oBACF;AAAA,oBACA,0CAA4C;AAAA,sBAC1C,OAAS;AAAA,wBACP;AAAA,0BACE,MAAQ;AAAA,0BACR,OAAS;AAAA,4BACP,MAAQ;AAAA,0BACV;AAAA,wBACF;AAAA,wBACA;AAAA,0BACE,MAAQ;AAAA,wBACV;AAAA,sBACF;AAAA,sBACA,aAAe;AAAA,oBACjB;AAAA,oBACA,uCAAyC;AAAA,sBACvC,OAAS;AAAA,wBACP;AAAA,0BACE,MAAQ;AAAA,0BACR,OAAS;AAAA,4BACP,MAAQ;AAAA,0BACV;AAAA,wBACF;AAAA,wBACA;AAAA,0BACE,MAAQ;AAAA,wBACV;AAAA,sBACF;AAAA,oBACF;AAAA,oBACA,0CAA4C;AAAA,sBAC1C,OAAS;AAAA,wBACP;AAAA,0BACE,MAAQ;AAAA,0BACR,OAAS;AAAA,4BACP,MAAQ;AAAA,0BACV;AAAA,wBACF;AAAA,wBACA;AAAA,0BACE,MAAQ;AAAA,wBACV;AAAA,sBACF;AAAA,oBACF;AAAA,oBACA,0CAA4C;AAAA,sBAC1C,OAAS;AAAA,wBACP;AAAA,0BACE,MAAQ;AAAA,0BACR,OAAS;AAAA,4BACP,MAAQ;AAAA,0BACV;AAAA,wBACF;AAAA,wBACA;AAAA,0BACE,MAAQ;AAAA,wBACV;AAAA,sBACF;AAAA,sBACA,aAAe;AAAA,oBACjB;AAAA,oBACA,gDAAkD;AAAA,sBAChD,OAAS;AAAA,wBACP;AAAA,0BACE,MAAQ;AAAA,0BACR,OAAS;AAAA,4BACP,MAAQ;AAAA,0BACV;AAAA,wBACF;AAAA,wBACA;AAAA,0BACE,MAAQ;AAAA,wBACV;AAAA,sBACF;AAAA,oBACF;AAAA,oBACA,gDAAkD;AAAA,sBAChD,OAAS;AAAA,wBACP;AAAA,0BACE,MAAQ;AAAA,0BACR,OAAS;AAAA,4BACP,MAAQ;AAAA,0BACV;AAAA,wBACF;AAAA,wBACA;AAAA,0BACE,MAAQ;AAAA,wBACV;AAAA,sBACF;AAAA,sBACA,aAAe;AAAA,oBACjB;AAAA,oBACA,uCAAyC;AAAA,sBACvC,OAAS;AAAA,wBACP;AAAA,0BACE,MAAQ;AAAA,0BACR,OAAS;AAAA,4BACP,MAAQ;AAAA,0BACV;AAAA,wBACF;AAAA,wBACA;AAAA,0BACE,MAAQ;AAAA,wBACV;AAAA,sBACF;AAAA,oBACF;AAAA,oBACA,kDAAoD;AAAA,sBAClD,OAAS;AAAA,wBACP;AAAA,0BACE,MAAQ;AAAA,0BACR,OAAS;AAAA,4BACP,MAAQ;AAAA,0BACV;AAAA,wBACF;AAAA,wBACA;AAAA,0BACE,MAAQ;AAAA,wBACV;AAAA,sBACF;AAAA,oBACF;AAAA,oBACA,0BAA4B;AAAA,sBAC1B,OAAS;AAAA,wBACP;AAAA,0BACE,MAAQ;AAAA,0BACR,OAAS,CAAC;AAAA,wBACZ;AAAA,wBACA,CAAC;AAAA,sBACH;AAAA,sBACA,aAAe;AAAA,oBACjB;AAAA,oBACA,uBAAyB;AAAA,sBACvB,OAAS;AAAA,wBACP;AAAA,0BACE,MAAQ;AAAA,0BACR,OAAS;AAAA,4BACP,MAAQ;AAAA,0BACV;AAAA,wBACF;AAAA,wBACA;AAAA,0BACE,MAAQ;AAAA,wBACV;AAAA,sBACF;AAAA,sBACA,aAAe;AAAA,oBACjB;AAAA,oBACA,kBAAoB;AAAA,sBAClB,OAAS;AAAA,wBACP;AAAA,0BACE,MAAQ;AAAA,0BACR,OAAS;AAAA,4BACP,MAAQ;AAAA,0BACV;AAAA,wBACF;AAAA,wBACA;AAAA,0BACE,MAAQ;AAAA,wBACV;AAAA,sBACF;AAAA,sBACA,aAAe;AAAA,oBACjB;AAAA,oBACA,uBAAyB;AAAA,sBACvB,MAAQ;AAAA,oBACV;AAAA,oBACA,0BAA4B;AAAA,sBAC1B,OAAS;AAAA,wBACP;AAAA,0BACE,MAAQ;AAAA,0BACR,OAAS;AAAA,4BACP,MAAQ;AAAA,0BACV;AAAA,wBACF;AAAA,wBACA;AAAA,0BACE,MAAQ;AAAA,wBACV;AAAA,sBACF;AAAA,oBACF;AAAA,oBACA,sBAAwB;AAAA,sBACtB,OAAS;AAAA,wBACP;AAAA,0BACE,MAAQ;AAAA,0BACR,OAAS;AAAA,4BACP,MAAQ;AAAA,0BACV;AAAA,wBACF;AAAA,wBACA;AAAA,0BACE,MAAQ;AAAA,wBACV;AAAA,sBACF;AAAA,oBACF;AAAA,oBACA,4BAA8B;AAAA,sBAC5B,MAAQ;AAAA,oBACV;AAAA,oBACA,6BAA+B;AAAA,sBAC7B,MAAQ;AAAA,oBACV;AAAA,oBACA,iCAAmC;AAAA,sBACjC,MAAQ;AAAA,oBACV;AAAA,oBACA,kCAAoC;AAAA,sBAClC,MAAQ;AAAA,oBACV;AAAA,oBACA,eAAiB;AAAA,sBACf,MAAQ;AAAA,oBACV;AAAA,oBACA,YAAc;AAAA,sBACZ,MAAQ;AAAA,oBACV;AAAA,oBACA,WAAa;AAAA,sBACX,MAAQ;AAAA,oBACV;AAAA,oBACA,eAAiB;AAAA,sBACf,MAAQ;AAAA,sBACR,OAAS;AAAA,wBACP,MAAQ;AAAA,sBACV;AAAA,oBACF;AAAA,oBACA,aAAe;AAAA,sBACb,MAAQ;AAAA,oBACV;AAAA,oBACA,4BAA8B;AAAA,sBAC5B,MAAQ;AAAA,oBACV;AAAA,oBACA,kBAAoB;AAAA,sBAClB,MAAQ;AAAA,oBACV;AAAA,oBACA,gBAAkB;AAAA,sBAChB,MAAQ;AAAA,oBACV;AAAA,oBACA,aAAe;AAAA,sBACb,MAAQ;AAAA,oBACV;AAAA,oBACA,YAAc;AAAA,sBACZ,MAAQ;AAAA,oBACV;AAAA,oBACA,UAAY;AAAA,sBACV,MAAQ;AAAA,oBACV;AAAA,oBACA,gBAAkB;AAAA,sBAChB,MAAQ;AAAA,oBACV;AAAA,kBACF;AAAA,gBACF;AAAA,gBACA;AAAA,kBACE,MAAQ;AAAA,kBACR,YAAc;AAAA,oBACZ,kCAAoC;AAAA,sBAClC,MAAQ;AAAA,oBACV;AAAA,oBACA,wBAA0B;AAAA,sBACxB,OAAS;AAAA,wBACP;AAAA,0BACE,MAAQ;AAAA,wBACV;AAAA,wBACA;AAAA,0BACE,MAAQ;AAAA,wBACV;AAAA,sBACF;AAAA,oBACF;AAAA,oBACA,QAAU;AAAA,sBACR,OAAS;AAAA,wBACP;AAAA,0BACE,MAAQ;AAAA,wBACV;AAAA,wBACA;AAAA,0BACE,MAAQ;AAAA,wBACV;AAAA,sBACF;AAAA,oBACF;AAAA,oBACA,0BAA4B;AAAA,sBAC1B,OAAS;AAAA,wBACP;AAAA,0BACE,MAAQ;AAAA,0BACR,OAAS;AAAA,4BACP,MAAQ;AAAA,0BACV;AAAA,wBACF;AAAA,wBACA;AAAA,0BACE,MAAQ;AAAA,wBACV;AAAA,sBACF;AAAA,oBACF;AAAA,oBACA,kBAAoB;AAAA,sBAClB,OAAS;AAAA,wBACP;AAAA,0BACE,MAAQ;AAAA,0BACR,OAAS;AAAA,4BACP,MAAQ;AAAA,0BACV;AAAA,wBACF;AAAA,wBACA;AAAA,0BACE,MAAQ;AAAA,wBACV;AAAA,sBACF;AAAA,oBACF;AAAA,oBACA,yBAA2B;AAAA,sBACzB,OAAS;AAAA,wBACP;AAAA,0BACE,MAAQ;AAAA,0BACR,OAAS;AAAA,4BACP,MAAQ;AAAA,0BACV;AAAA,wBACF;AAAA,wBACA;AAAA,0BACE,MAAQ;AAAA,wBACV;AAAA,sBACF;AAAA,oBACF;AAAA,oBACA,uCAAyC;AAAA,sBACvC,OAAS;AAAA,wBACP;AAAA,0BACE,MAAQ;AAAA,0BACR,OAAS;AAAA,4BACP,MAAQ;AAAA,0BACV;AAAA,wBACF;AAAA,wBACA;AAAA,0BACE,MAAQ;AAAA,wBACV;AAAA,sBACF;AAAA,oBACF;AAAA,oBACA,6CAA+C;AAAA,sBAC7C,OAAS;AAAA,wBACP;AAAA,0BACE,MAAQ;AAAA,0BACR,OAAS;AAAA,4BACP,MAAQ;AAAA,0BACV;AAAA,wBACF;AAAA,wBACA;AAAA,0BACE,MAAQ;AAAA,wBACV;AAAA,sBACF;AAAA,oBACF;AAAA,oBACA,gCAAkC;AAAA,sBAChC,MAAQ;AAAA,sBACR,OAAS;AAAA,wBACP,MAAQ;AAAA,sBACV;AAAA,oBACF;AAAA,oBACA,gBAAkB;AAAA,sBAChB,MAAQ;AAAA,oBACV;AAAA,oBACA,mBAAqB;AAAA,sBACnB,MAAQ;AAAA,oBACV;AAAA,oBACA,UAAY;AAAA,sBACV,MAAQ;AAAA,oBACV;AAAA,oBACA,uBAAyB;AAAA,sBACvB,MAAQ;AAAA,oBACV;AAAA,oBACA,0BAA4B;AAAA,sBAC1B,OAAS;AAAA,wBACP;AAAA,0BACE,MAAQ;AAAA,0BACR,OAAS;AAAA,4BACP,MAAQ;AAAA,0BACV;AAAA,wBACF;AAAA,wBACA;AAAA,0BACE,MAAQ;AAAA,wBACV;AAAA,sBACF;AAAA,oBACF;AAAA,oBACA,uBAAyB;AAAA,sBACvB,OAAS;AAAA,wBACP;AAAA,0BACE,MAAQ;AAAA,0BACR,OAAS;AAAA,4BACP,MAAQ;AAAA,0BACV;AAAA,wBACF;AAAA,wBACA;AAAA,0BACE,MAAQ;AAAA,wBACV;AAAA,sBACF;AAAA,oBACF;AAAA,oBACA,sBAAwB;AAAA,sBACtB,OAAS;AAAA,wBACP;AAAA,0BACE,MAAQ;AAAA,0BACR,OAAS;AAAA,4BACP,MAAQ;AAAA,0BACV;AAAA,wBACF;AAAA,wBACA;AAAA,0BACE,MAAQ;AAAA,wBACV;AAAA,sBACF;AAAA,oBACF;AAAA,oBACA,0CAA4C;AAAA,sBAC1C,OAAS;AAAA,wBACP;AAAA,0BACE,MAAQ;AAAA,0BACR,OAAS;AAAA,4BACP,MAAQ;AAAA,0BACV;AAAA,wBACF;AAAA,wBACA;AAAA,0BACE,MAAQ;AAAA,wBACV;AAAA,sBACF;AAAA,oBACF;AAAA,oBACA,0CAA4C;AAAA,sBAC1C,OAAS;AAAA,wBACP;AAAA,0BACE,MAAQ;AAAA,0BACR,OAAS;AAAA,4BACP,MAAQ;AAAA,0BACV;AAAA,wBACF;AAAA,wBACA;AAAA,0BACE,MAAQ;AAAA,wBACV;AAAA,sBACF;AAAA,sBACA,aAAe;AAAA,oBACjB;AAAA,oBACA,uCAAyC;AAAA,sBACvC,OAAS;AAAA,wBACP;AAAA,0BACE,MAAQ;AAAA,0BACR,OAAS;AAAA,4BACP,MAAQ;AAAA,0BACV;AAAA,wBACF;AAAA,wBACA;AAAA,0BACE,MAAQ;AAAA,wBACV;AAAA,sBACF;AAAA,oBACF;AAAA,oBACA,0CAA4C;AAAA,sBAC1C,OAAS;AAAA,wBACP;AAAA,0BACE,MAAQ;AAAA,0BACR,OAAS;AAAA,4BACP,MAAQ;AAAA,0BACV;AAAA,wBACF;AAAA,wBACA;AAAA,0BACE,MAAQ;AAAA,wBACV;AAAA,sBACF;AAAA,oBACF;AAAA,oBACA,0CAA4C;AAAA,sBAC1C,OAAS;AAAA,wBACP;AAAA,0BACE,MAAQ;AAAA,0BACR,OAAS;AAAA,4BACP,MAAQ;AAAA,0BACV;AAAA,wBACF;AAAA,wBACA;AAAA,0BACE,MAAQ;AAAA,wBACV;AAAA,sBACF;AAAA,sBACA,aAAe;AAAA,oBACjB;AAAA,oBACA,gDAAkD;AAAA,sBAChD,OAAS;AAAA,wBACP;AAAA,0BACE,MAAQ;AAAA,0BACR,OAAS;AAAA,4BACP,MAAQ;AAAA,0BACV;AAAA,wBACF;AAAA,wBACA;AAAA,0BACE,MAAQ;AAAA,wBACV;AAAA,sBACF;AAAA,oBACF;AAAA,oBACA,gDAAkD;AAAA,sBAChD,OAAS;AAAA,wBACP;AAAA,0BACE,MAAQ;AAAA,0BACR,OAAS;AAAA,4BACP,MAAQ;AAAA,0BACV;AAAA,wBACF;AAAA,wBACA;AAAA,0BACE,MAAQ;AAAA,wBACV;AAAA,sBACF;AAAA,sBACA,aAAe;AAAA,oBACjB;AAAA,oBACA,uCAAyC;AAAA,sBACvC,OAAS;AAAA,wBACP;AAAA,0BACE,MAAQ;AAAA,0BACR,OAAS;AAAA,4BACP,MAAQ;AAAA,0BACV;AAAA,wBACF;AAAA,wBACA;AAAA,0BACE,MAAQ;AAAA,wBACV;AAAA,sBACF;AAAA,oBACF;AAAA,oBACA,kDAAoD;AAAA,sBAClD,OAAS;AAAA,wBACP;AAAA,0BACE,MAAQ;AAAA,0BACR,OAAS;AAAA,4BACP,MAAQ;AAAA,0BACV;AAAA,wBACF;AAAA,wBACA;AAAA,0BACE,MAAQ;AAAA,wBACV;AAAA,sBACF;AAAA,oBACF;AAAA,oBACA,0BAA4B;AAAA,sBAC1B,OAAS;AAAA,wBACP;AAAA,0BACE,MAAQ;AAAA,0BACR,OAAS,CAAC;AAAA,wBACZ;AAAA,wBACA,CAAC;AAAA,sBACH;AAAA,sBACA,aAAe;AAAA,oBACjB;AAAA,oBACA,uBAAyB;AAAA,sBACvB,OAAS;AAAA,wBACP;AAAA,0BACE,MAAQ;AAAA,0BACR,OAAS;AAAA,4BACP,MAAQ;AAAA,0BACV;AAAA,wBACF;AAAA,wBACA;AAAA,0BACE,MAAQ;AAAA,wBACV;AAAA,sBACF;AAAA,sBACA,aAAe;AAAA,oBACjB;AAAA,oBACA,kBAAoB;AAAA,sBAClB,OAAS;AAAA,wBACP;AAAA,0BACE,MAAQ;AAAA,0BACR,OAAS;AAAA,4BACP,MAAQ;AAAA,0BACV;AAAA,wBACF;AAAA,wBACA;AAAA,0BACE,MAAQ;AAAA,wBACV;AAAA,sBACF;AAAA,sBACA,aAAe;AAAA,oBACjB;AAAA,oBACA,uBAAyB;AAAA,sBACvB,MAAQ;AAAA,oBACV;AAAA,oBACA,0BAA4B;AAAA,sBAC1B,OAAS;AAAA,wBACP;AAAA,0BACE,MAAQ;AAAA,0BACR,OAAS;AAAA,4BACP,MAAQ;AAAA,0BACV;AAAA,wBACF;AAAA,wBACA;AAAA,0BACE,MAAQ;AAAA,wBACV;AAAA,sBACF;AAAA,oBACF;AAAA,oBACA,sBAAwB;AAAA,sBACtB,OAAS;AAAA,wBACP;AAAA,0BACE,MAAQ;AAAA,0BACR,OAAS;AAAA,4BACP,MAAQ;AAAA,0BACV;AAAA,wBACF;AAAA,wBACA;AAAA,0BACE,MAAQ;AAAA,wBACV;AAAA,sBACF;AAAA,oBACF;AAAA,oBACA,4BAA8B;AAAA,sBAC5B,MAAQ;AAAA,oBACV;AAAA,oBACA,6BAA+B;AAAA,sBAC7B,MAAQ;AAAA,oBACV;AAAA,oBACA,iCAAmC;AAAA,sBACjC,MAAQ;AAAA,oBACV;AAAA,oBACA,kCAAoC;AAAA,sBAClC,MAAQ;AAAA,oBACV;AAAA,oBACA,eAAiB;AAAA,sBACf,MAAQ;AAAA,oBACV;AAAA,oBACA,YAAc;AAAA,sBACZ,MAAQ;AAAA,oBACV;AAAA,oBACA,0BAA4B;AAAA,sBAC1B,OAAS;AAAA,wBACP;AAAA,0BACE,MAAQ;AAAA,0BACR,OAAS;AAAA,4BACP,MAAQ;AAAA,0BACV;AAAA,wBACF;AAAA,wBACA;AAAA,0BACE,MAAQ;AAAA,wBACV;AAAA,sBACF;AAAA,oBACF;AAAA,oBACA,sBAAwB;AAAA,sBACtB,MAAQ;AAAA,oBACV;AAAA,kBACF;AAAA,gBACF;AAAA,cACF;AAAA,YACF;AAAA,YACA,QAAU;AAAA,cACR,MAAQ;AAAA,cACR,MAAQ,CAAC,WAAW,YAAY;AAAA,YAClC;AAAA,YACA,aAAe;AAAA,cACb,MAAQ;AAAA,cACR,MAAQ,CAAC,0BAA0B,6BAA6B,qCAAqC;AAAA,YACvG;AAAA,YACA,cAAgB;AAAA,cACd,MAAQ;AAAA,cACR,MAAQ,CAAC,YAAY,UAAU;AAAA,YACjC;AAAA,YACA,OAAS;AAAA,cACP,MAAQ;AAAA,cACR,MAAQ,CAAC,UAAU,oBAAoB,WAAW,SAAS,WAAW,OAAO;AAAA,YAC/E;AAAA,YACA,aAAe;AAAA,cACb,MAAQ;AAAA,cACR,MAAQ,CAAC,UAAU,UAAU;AAAA,YAC/B;AAAA,YACA,aAAe;AAAA,cACb,MAAQ;AAAA,cACR,MAAQ,CAAC,SAAS,SAAS,SAAS,SAAS,QAAQ;AAAA,YACvD;AAAA,YACA,cAAgB;AAAA,cACd,MAAQ;AAAA,cACR,MAAQ,CAAC,YAAY,aAAa,QAAQ,eAAe,OAAO;AAAA,YAClE;AAAA,YACA,WAAa;AAAA,cACX,MAAQ;AAAA,cACR,MAAQ,CAAC,sBAAsB,UAAU;AAAA,YAC3C;AAAA,YACA,iCAAmC;AAAA,cACjC,MAAQ;AAAA,cACR,MAAQ,CAAC,OAAO,MAAM;AAAA,YACxB;AAAA,YACA,yBAA2B;AAAA,cACzB,MAAQ;AAAA,cACR,MAAQ,CAAC,sBAAsB,uBAAuB,qBAAqB,iBAAiB;AAAA,YAC9F;AAAA,YACA,WAAa;AAAA,cACX,MAAQ;AAAA,cACR,MAAQ,CAAC,UAAU,cAAc,aAAa;AAAA,YAChD;AAAA,YACA,aAAe;AAAA,cACb,MAAQ;AAAA,cACR,MAAQ,CAAC,kBAAkB,iBAAiB;AAAA,YAC9C;AAAA,UACF;AAAA,UACA,SAAW;AAAA,YACT,oBAAsB;AAAA,cACpB,aAAe;AAAA,cACf,WAAa;AAAA,gBACX,MAAQ;AAAA,cACV;AAAA,cACA,YAAc;AAAA,gBACZ,MAAQ;AAAA,cACV;AAAA,YACF;AAAA,YACA,6BAA+B;AAAA,cAC7B,aAAe;AAAA,cACf,WAAa;AAAA,gBACX,MAAQ;AAAA,cACV;AAAA,cACA,YAAc;AAAA,gBACZ,MAAQ;AAAA,cACV;AAAA,YACF;AAAA,YACA,+BAAiC;AAAA,cAC/B,aAAe;AAAA,cACf,WAAa;AAAA,gBACX,MAAQ;AAAA,cACV;AAAA,cACA,YAAc;AAAA,gBACZ,MAAQ;AAAA,cACV;AAAA,YACF;AAAA,YACA,uBAAyB;AAAA,cACvB,aAAe;AAAA,cACf,WAAa;AAAA,gBACX,MAAQ;AAAA,cACV;AAAA,cACA,YAAc;AAAA,gBACZ,MAAQ;AAAA,cACV;AAAA,YACF;AAAA,UACF;AAAA,QACF;AAAA,MACF;AAAA,IACF;AAAA;AAAA;;;AC7+DA;;;;;mCAAAC;EAAA;uBAAAC;EAAA;;iBAAAC;EAAA;;;;;;;;;;;;AAAA,uBAAwB;;;ACAxB,IAAAC,wBAAoB;AAEpB,IAAAC,sBAAuC;AACvC,IAAAA,sBAAqG;;;ACHrG,2BAAoB;AAIpB,yBAAyE;AACzE,IAAAC,sBAQO;AAEP,aAAwB;AACxB,mBAAqD;AAErD,yBAA2B;AAE3B,uBAAwC;AAnBxC,IAAM,EAAEC,IAAG,IAAKC,qBAAAA;AAyBhB,IAAMC,4BAA4BF,IAAIG,SAASC,OAAOF;AAMtD,IAAMG,UAAUJ,qBAAAA,QAAQD,IAAIG,SAASC,OAAOC;AAE5C,IAAMC,gBAAgBL,qBAAAA,QAAQD,IAAIG,SAASI,IAAID;AAE/C,IAAME,qBAAqBP,qBAAAA,QAAQD,IAAIG,SAASC,OAAOK,QAAQD;AAC/D,IAAME,mBAAmBT,qBAAAA,QAAQD,IAAIG,SAASC,OAAOM;AAGrD,SAASC,KAAKC,OAAc;AAC1B,MAAIA,iBAAiBC,WAAY,QAAOD;AACxC,MAAIE,YAAYC,OAAOH,KAAAA,GAAQ;AAC7B,UAAMI,IAAIJ;AACV,WAAO,IAAIC,WAAWG,EAAEC,QAAQD,EAAEE,YAAYF,EAAEG,UAAU;EAC5D;AACA,MAAIC,MAAMC,QAAQT,KAAAA,EAAQ,QAAOC,WAAWS,KAAMV,MAAmBW,IAAI,CAACC,MAAMA,IAAI,GAAA,CAAA;AACpF,QAAM,IAAIC,MAAM,4BAAA;AAClB;AARSd;AAST,SAASe,0BAA0BC,UAAiB;AAClD,QAAMC,KAAKjB,KAAKgB,QAAAA;AAChB,MAAIE,MAAM;AACV,QAAMC,WAAW,6BAAA;AACf,UAAMN,IAAII,GAAGC,KAAAA;AACb,UAAME,KAAKP,KAAK;AAChB,UAAMQ,OAAOR,IAAI;AACjB,QAAIS;AACJ,QAAID,OAAO,GAAIC,OAAMD;aACZA,SAAS,IAAI;AACpBC,YAAML,GAAGC,GAAAA;AACTA,aAAO;IACT,WAAWG,SAAS,IAAI;AACtBC,YAAOL,GAAGC,GAAAA,KAAQ,IAAKD,GAAGC,MAAM,CAAA;AAChCA,aAAO;IACT,WAAWG,SAAS,IAAI;AACtBC,YAAML,GAAGC,GAAAA,IAAO,YAAaD,GAAGC,MAAM,CAAA,KAAM,OAAOD,GAAGC,MAAM,CAAA,KAAM,KAAKD,GAAGC,MAAM,CAAA;AAChFA,aAAO;IACT,MAAO,OAAM,IAAIJ,MAAM,kCAAkCO,IAAAA;AACzD,WAAO;MAAED;MAAIE;IAAI;EACnB,GAjBiB;AAkBjB,QAAMC,OAAO,6BAAA;AACX,UAAMC,IAAIL,SAAAA;AACV,YAAQK,EAAEJ,IAAE;MACV,KAAK;MACL,KAAK;MACL,KAAK;AACH;MACF,KAAK;MACL,KAAK;AACHF,eAAOM,EAAEF;AACT;MACF,KAAK;AACH,iBAASG,IAAI,GAAGA,IAAID,EAAEF,KAAKG,IAAKF,MAAAA;AAChC;MACF,KAAK;AACH,iBAASE,IAAI,GAAGA,IAAID,EAAEF,MAAM,GAAGG,IAAKF,MAAAA;AACpC;MACF,KAAK;AACHA,aAAAA;AACA;IACJ;EACF,GArBa;AAsBb,QAAMG,WAAW,6BAAA;AACf,UAAMF,IAAIL,SAAAA;AACV,QAAIK,EAAEJ,OAAO,EAAG,OAAM,IAAIN,MAAM,2BAA2BU,EAAEJ,EAAE;AAC/D,UAAMO,MAAMV,GAAGW,MAAMV,KAAKA,MAAMM,EAAEF,GAAG;AACrCJ,WAAOM,EAAEF;AACT,WAAOK;EACT,GANiB;AAOjB,QAAME,WAAW,6BAAA;AACf,UAAML,IAAIL,SAAAA;AACV,QAAIK,EAAEJ,OAAO,EAAG,OAAM,IAAIN,MAAM,2BAA2BU,EAAEJ,EAAE;AAC/D,UAAMO,MAAM,IAAIG,YAAAA,EAAcC,OAAOd,GAAGW,MAAMV,KAAKA,MAAMM,EAAEF,GAAG,CAAA;AAC9DJ,WAAOM,EAAEF;AACT,WAAOK;EACT,GANiB;AAOjB,QAAMK,QAAQb,SAAAA;AACd,MAAIa,MAAMZ,OAAO,EAAG,QAAOa;AAC3B,WAASR,IAAI,GAAGA,IAAIO,MAAMV,KAAKG,KAAK;AAClC,UAAMS,MAAML,SAAAA;AACZ,QAAIK,QAAQ,cAAc;AACxB,YAAMC,MAAMhB,SAAAA;AACZ,UAAIgB,IAAIf,OAAO,KAAKe,IAAIb,QAAQ,EAAG,OAAM,IAAIR,MAAM,qCAAA;AACnD,YAAMsB,iBAAiBV,SAAAA;AACvBH,WAAAA;AACA,YAAMc,eAAeX,SAAAA;AACrB,aAAO;QAAEU;QAAgBC;MAAa;IACxC;AACAd,SAAAA;EACF;AACA,SAAOU;AACT;AAxESlB;AAyET,SAASuB,iBAAiBhB,KAAW;AACnC,MAAIA,MAAM,GAAI,QAAO,IAAIpB,WAAW;IAAC,KAAOoB;GAAI;AAChD,MAAIA,MAAM,IAAO,QAAO,IAAIpB,WAAW;IAAC;IAAMoB;GAAI;AAClD,MAAIA,MAAM,MAAS,QAAO,IAAIpB,WAAW;IAAC;IAAOoB,OAAO,IAAK;IAAMA,MAAM;GAAK;AAC9E,SAAO,IAAIpB,WAAW;IAAC;IAAOoB,QAAQ,KAAM;IAAOA,OAAO,KAAM;IAAOA,OAAO,IAAK;IAAMA,MAAM;GAAK;AACtG;AALSgB;AAMT,SAASC,SAASC,OAAmB;AACnC,MAAIC,QAAQ;AACZ,aAAWC,KAAKF,MAAOC,UAASC,EAAEC;AAClC,QAAMhB,MAAM,IAAIzB,WAAWuC,KAAAA;AAC3B,MAAIG,MAAM;AACV,aAAWF,KAAKF,OAAO;AACrBb,QAAIkB,IAAIH,GAAGE,GAAAA;AACXA,WAAOF,EAAEC;EACX;AACA,SAAOhB;AACT;AAVSY;AAWT,SAASO,mBAAmBV,gBAA4BC,cAAwB;AAC9E,QAAMU,YAAY,IAAI7C,WAAW;IAAC;IAAM;IAAM;IAAM;IAAM;IAAM;IAAM;IAAM;IAAM;IAAM;IAAM;GAAK;AACnG,SAAOqC,SAAS;IACd,IAAIrC,WAAW;MAAC;KAAK;IACrB6C;IACAT,iBAAiBF,eAAeO,MAAM;IACtCP;IACA,IAAIlC,WAAW;MAAC;KAAK;IACrBoC,iBAAiBD,aAAaM,MAAM;IACpCN;GACD;AACH;AAXSS;AAeT,SAASE,cAAcC,KAAiBC,WAAiB;AACvD,MAAIC,SAAS;AACb,MAAIF,IAAIE,QAAAA,MAAc,GAAM,OAAM,IAAIrC,MAAM,mDAAA;AAC5C,MAAIsC,SAASH,IAAIE,QAAAA;AACjB,MAAIC,SAAS,KAAM;AACjB,UAAMC,WAAWD,SAAS;AAC1BA,aAAS;AACT,aAAS3B,IAAI,GAAGA,IAAI4B,UAAU5B,IAAK2B,UAAUA,UAAU,IAAKH,IAAIE,QAAAA;EAClE;AACA,QAAMG,UAAU,6BAAA;AACd,QAAIL,IAAIE,QAAAA,MAAc,EAAM,OAAM,IAAIrC,MAAM,kDAAA;AAC5C,UAAMQ,MAAM2B,IAAIE,QAAAA;AAChB,QAAII,MAAMN,IAAIrB,MAAMuB,QAAQA,SAAS7B,GAAAA;AACrC6B,cAAU7B;AACV,QAAIkC,QAAQ;AACZ,WAAOA,QAAQD,IAAIZ,SAAS,KAAKY,IAAIC,KAAAA,MAAW,EAAMA;AACtDD,UAAMA,IAAI3B,MAAM4B,KAAAA;AAChB,QAAID,IAAIZ,SAASO,UAAW,OAAM,IAAIpC,MAAM,yCAAyCyC,IAAIZ,MAAM,aAAaO,SAAAA,EAAW;AACvH,UAAMvB,MAAM,IAAIzB,WAAWgD,SAAAA;AAC3BvB,QAAIkB,IAAIU,KAAKL,YAAYK,IAAIZ,MAAM;AACnC,WAAOhB;EACT,GAZgB;AAahB,QAAM8B,IAAIH,QAAAA;AACV,QAAMI,IAAIJ,QAAAA;AACV,SAAOf,SAAS;IAACkB;IAAGC;GAAE;AACxB;AAzBSV;AA6BT,SAASW,wBAAwBC,WAAmBV,WAAiB;AACnE,QAAMW,aAAaD,UAAUE,KAAI,EAAGC,QAAQ,QAAQ,EAAA,EAAIA,QAAQ,OAAO,GAAA,EAAKA,QAAQ,OAAO,GAAA,EAAKA,QAAQ,QAAQ,EAAA;AAChH,QAAM9D,YAAQ+D,+BAAWH,YAAY,WAAA;AACrC,MAAI5D,MAAM0C,SAASO,YAAY,KAAKjD,MAAM,CAAA,MAAO,IAAM;AACrD,WAAO+C,cAAc/C,OAAOiD,SAAAA;EAC9B;AACA,SAAOjD;AACT;AAPS0D;AAUT,SAASM,WAAWC,KAAiBtB,KAAW;AAC9C,QAAMuB,KAAKD,IAAItB,GAAAA;AACf,QAAMwB,QAAQD,MAAM;AACpB,QAAME,KAAKF,KAAK;AAChB,MAAIE,KAAK,GAAI,QAAO;IAAED;IAAOE,WAAW;IAAGC,UAAUF;EAAG;AACxD,MAAIA,OAAO,GAAI,QAAO;IAAED;IAAOE,WAAW;IAAGC,UAAUL,IAAItB,MAAM,CAAA;EAAG;AACpE,MAAIyB,OAAO,GAAI,QAAO;IAAED;IAAOE,WAAW;IAAGC,UAAWL,IAAItB,MAAM,CAAA,KAAM,IAAKsB,IAAItB,MAAM,CAAA;EAAG;AAC1F,MAAIyB,OAAO,GAAI,QAAO;IAAED;IAAOE,WAAW;IAAGC,UAAUL,IAAItB,MAAM,CAAA,IAAK,YAAasB,IAAItB,MAAM,CAAA,KAAM,OAAOsB,IAAItB,MAAM,CAAA,KAAM,KAAKsB,IAAItB,MAAM,CAAA;EAAG;AAC5I,MAAIyB,OAAO,IAAI;AACb,QAAIhE,IAAI;AACR,aAASoB,IAAI,GAAGA,KAAK,GAAGA,IAAKpB,KAAIA,IAAI,MAAM6D,IAAItB,MAAMnB,CAAAA;AACrD,WAAO;MAAE2C;MAAOE,WAAW;MAAGC,UAAUlE;IAAE;EAC5C;AACA,QAAM,IAAIS,MAAM,oCAAoCuD,EAAAA,cAAgBzB,GAAAA,EAAK;AAC3E;AAdSqB;AAgBT,SAASO,YAAYN,KAAiBtB,KAAW;AAC/C,QAAMpB,IAAIyC,WAAWC,KAAKtB,GAAAA;AAC1B,MAAIH,QAAQjB,EAAE8C;AACd,UAAQ9C,EAAE4C,OAAK;IACb,KAAK;IACL,KAAK;IACL,KAAK;AACH;IACF,KAAK;IACL,KAAK;AACH3B,eAASjB,EAAE+C;AACX;IACF,KAAK;AACH,eAAS9C,IAAI,GAAGA,IAAID,EAAE+C,UAAU9C,IAAKgB,UAAS+B,YAAYN,KAAKtB,MAAMH,KAAAA;AACrE;IACF,KAAK;AACH,eAAShB,IAAI,GAAGA,IAAID,EAAE+C,WAAW,GAAG9C,IAAKgB,UAAS+B,YAAYN,KAAKtB,MAAMH,KAAAA;AACzE;IACF,KAAK;AACHA,eAAS+B,YAAYN,KAAKtB,MAAMH,KAAAA;AAChC;IACF;AACE,YAAM,IAAI3B,MAAM,+BAA+BU,EAAE4C,KAAK,EAAE;EAC5D;AACA,SAAO3B;AACT;AAzBS+B;AAkCT,SAASC,sCAAsCC,KAAe;AAC5D,MAAIA,IAAI,CAAA,MAAO,IAAM,QAAOA;AAC5B,MAAI9B,MAAM;AACVA,SAAO4B,YAAYE,KAAK9B,GAAAA;AACxBA,SAAO4B,YAAYE,KAAK9B,GAAAA;AACxBA,SAAO4B,YAAYE,KAAK9B,GAAAA;AACxB,QAAM+B,eAAe/B;AACrB,QAAMgC,KAAKX,WAAWS,KAAKC,YAAAA;AAC3B,MAAIC,GAAGR,UAAU,EAAG,QAAOM;AAC3B,QAAMG,UAAUF,eAAeC,GAAGN;AAClC,QAAMQ,KAAKJ,IAAIK,SAASF,SAASA,UAAUD,GAAGL,QAAQ;AACtD,MAAIO,GAAG,CAAA,MAAO,IAAM,QAAOJ;AAC3B,MAAIM,IAAI;AACRA,OAAKR,YAAYM,IAAIE,CAAAA;AACrBA,OAAKR,YAAYM,IAAIE,CAAAA;AACrBA,OAAKR,YAAYM,IAAIE,CAAAA;AACrB,QAAMC,KAAKH,GAAGC,SAASC,GAAGA,IAAIR,YAAYM,IAAIE,CAAAA,CAAAA;AAC9C,QAAME,WAAW3C,SAAS;IAAC,IAAIrC,WAAW;MAAC;MAAM;KAAK;IAAGoC,iBAAiB2C,GAAGtC,MAAM;IAAGsC;GAAG;AACzF,QAAME,cAAc5C,SAAS;IAACuC,GAAGC,SAAS,GAAGC,CAAAA;IAAIE;GAAS;AAC1D,QAAME,kBAAkB7C,SAAS;IAAC,IAAIrC,WAAW;MAAC;MAAM;KAAK;IAAGoC,iBAAiB6C,YAAYxC,MAAM;IAAGwC;GAAY;AAClH,QAAME,aAAa9C,SAAS;IAACD,iBAAiB8C,gBAAgBzC,MAAM;IAAGyC;GAAgB;AACvF,SAAO7C,SAAS;IAACmC,IAAIK,SAAS,GAAGJ,YAAAA;IAAeU;GAAW;AAC7D;AAtBSZ;AAwBF,IAAMa,oBAAN,MAAMA;EA3Qb,OA2QaA;;;;EACX,YAAoBC,SAA4B;SAA5BA,UAAAA;EAA6B;EAEjDC,WAAWD,SAA2B;AACpC,SAAKA,UAAUA;EACjB;EAEA,MAAME,UAAUC,OAAuBC,gBAAuD;AAC5F,QAAI,CAAC,KAAKJ,SAAS;AACjB,YAAMzE,MAAM,yFAAA;IACd;AACA,UAAM,EAAE8E,SAASC,KAAKC,MAAK,IAAKJ;AAGhC,QAAIK,aAAyB/F,KAAK8F,KAAAA;AAClC,QAAI;AACFC,mBAAatB,sCAAsCsB,UAAAA;IACrD,SAASC,GAAQ;AACfC,cAAQC,IAAI,qFAAqFF,GAAGG,OAAAA,EAAS;IAC/G;AAGA,QAAI;AACF,UAAIC,MAAM;AACV,eAAS3E,IAAI,GAAGA,IAAIsE,WAAWpD,QAAQlB,IAAK2E,SAAQL,WAAWtE,CAAAA,IAAK,KAAM4E,SAAS,EAAA,EAAIC,SAAS,GAAG,GAAA;AACnGL,cAAQC,IAAI,kCAAkCH,WAAWpD,MAAM,QAAQyD,GAAAA,EAAK;IAC9E,SAASJ,GAAQ;AACfC,cAAQC,IAAI,0CAA0CF,GAAGG,OAAAA,EAAS;IACpE;AACA,QAAII,YAAYX,QAAQW,aAAatE;AAIrC,UAAMuE,kBAAiC,CAAA;AACvC,QAAI,CAACD,WAAW;AACd,YAAMrE,MAAM0D,QAAQ1D;AACpB,UAAIA,OAAO,MAAM;AACf,eAAOuE,QAAQC,OAAO5F,MAAM,2EAAA,CAAA;MAC9B;AACA,YAAM6F,kBAAkBtH,IAAIG,SAASC,OAAOmH,gBAAgBC,OAAOC,YAAYlB,SAAS1D,GAAAA;AACxF,YAAM6E,aAA+DxH,0BAA0ByH,qBAAqBL,eAAAA;AAEpH,YAAMM,iBAAaC,2CAAuB;QAAEC,KAAKJ,WAAW7E,IAAIkF,UAAS;MAAG,CAAA;AAC5E,YAAMC,MAAMN,WAAWM,OAAOJ,cAAcF,WAAW7E,IAAIoF,eAAe,IAAA;AAC1E,UAAI,CAACD,KAAK;AACR,eAAOZ,QAAQC,OAAO5F,MAAM,2CAAA,CAAA;MAC9B;AACAyF,kBAAYc;AACZ,UAAIJ,cAAcA,eAAeI,KAAK;AACpCb,wBAAgBe,KAAKN,UAAAA;MACvB;IACF;AACA,UAAMO,SAAS,wBAACC,WACd,KAAKlC,QAASmC,MAAMC,eAAe;MACjCC,WAAW/B,IAAIgC,KAAO/B;;;;MAItBgC,UAAMC,iBAAAA,UAAYhC,YAAY,QAAA;MAC9BiC,UAAU;MACVP;IACF,CAAA,GATa;AAUf,QAAIQ;AACJ,QAAI;AACFA,eAAS,MAAMT,OAAOjB,SAAAA;IACxB,SAAS2B,OAAO;AACd,UAAIC;AACJ,iBAAWC,OAAO5B,iBAAiB;AACjC,YAAI;AACF2B,mBAAS,MAAMX,OAAOY,GAAAA;AACtB;QACF,QAAQ;QAER;MACF;AACA,UAAID,WAAWlG,QAAW;AACxB,cAAMiG;MACR;AACAD,eAASE;IACX;AAIA,UAAME,UAAUxC,IAAIgC,MAAM/B;AAC1B,UAAM5C,YAAYmF,YAAY,UAAU,KAAKA,YAAY,UAAU,KAAK;AACxE,UAAMC,MAAM3E,wBAAwBsE,QAAQ/E,SAAAA;AAC5C+C,YAAQC,IAAI,0CAA0CmC,OAAAA,gBAAuBJ,OAAOtF,MAAM,YAAY2F,IAAI3F,MAAM,cAAcO,YAAY,CAAA,GAAI;AAC9I,WAAOqF,UAAU5H,KAAK2H,GAAAA;EACxB;EAEA,MAAME,aACJ9C,OACAE,SACAD,gBACmF;AACnF,UAAM8C,gBAAgB,8BACpBC,SAAAA;AAKA,UAAI/C,mBAAmB,CAAC+C,QAAOA,KAAI/F,WAAW,IAAI;AAEhD,eAAO8D,QAAQC,OAAO,IAAI5F,MAAM,iDAAiD,CAAA;MACnF;AAEA6H,mBAAaD,WAAME,+CAA0BF,KAAI,CAAA,CAAE,IAAIzG;AACvD,UAAI4G;AACJ,UAAIF,YAAY;AACd,cAAMtH,OAAO,UAAMyH,wCAAmBH,UAAAA;AACtCE,oBAAYxH,KAAK0H;MACnB;AACA,aAAO;QAAEJ;QAAYE;MAAU;IACjC,GAlBsB;AAoBtB,UAAMG,cAAczJ,0BAA0B0J,cAAcrD,OAAAA;AAE5D,QAAIoD,aAAa9G,KAAK8C,GAAG;AACvB,YAAMlE,MAAM,oCAAA;IACd,WAAW,CAAC4E,MAAMwD,SAASpD,OAAO;AAChC,aAAOW,QAAQC,OAAO5F,MAAM,oDAAA,CAAA;IAC9B;AACA,UAAMqI,YAAYzD,MAAM0D,OAAM;AAC9B,UAAMC,UAAUF,UAAUG,gBAAgBzD;AAC1C,QAAI,CAACwD,SAAS;AACZ,aAAO5C,QAAQC,OAAO5F,MAAM,iCAAA,CAAA;IAC9B;AAEA,QAAI6H;AACJ,QAAIY;AACJ,QAAIlC,MAAM2B,aAAa3B,OAAO8B,UAAUG,gBAAgBjC,OAAO8B,UAAUK,mBAAmBnC;AAE5F,UAAMqB,MAAMM,aAAa9G,KAAKuH,wBAAAA,KAA6BN,UAAUG,iBAAiBI,WAAWP,UAAUK,mBAAmBE;AAC9H,QAAI,CAACV,eAAe,CAACA,aAAa9G,OAAO8G,aAAa9G,KAAKwH,SAAS;AAClE,YAAMC,aAAa,MAAMlB,cAAcC,GAAAA;AACvCa,sBAAgBI,WAAWd,YAAYtJ,0BAA0BqK,UAAUD,WAAWd,SAAS,IAAI5G;AACnG0G,mBAAagB,WAAWhB;IAC1B;AACA,QAAI,CAACY,eAAe;AAClB,UAAI,CAACP,aAAa9G,KAAK;AACrB,eAAOuE,QAAQC,OAAO5F,MAAM,wFAAwF,CAAA;MACtH;AACA,UAAIuG,QAAQ,MAAM;AAChBA,cAAM2B,YAAY9G,IAAIoF,eAAe,KAAA;MACvC;AACAiC,sBAAgBlK,IAAIG,SAASC,OAAOoK,KAAKC,YAAYjD,OAAOkD,QAAQf,YAAY9G,GAAG;IACrF;AAEA,UAAM8H,oBAAoB,IAAItK,QAC5B2H,KACAkC,eACAP,YAAYiB,MACZjB,YAAYkB,eACZX,cAAcY,sBAAqB,KAAMnB,YAAYoB,oBACrD1B,KACAM,YAAYzC,WACZyC,YAAYqB,KACZrB,YAAYsB,WAAWf,cAAcgB,OAAM,CAAA;AAE7C,UAAMC,yBAAyB9E,MAAM+E,eAAeT,mBAAmBnK,mBAAmBgH,OAAO6D,SAASrB,OAAAA,CAAAA;AAC1G,UAAMnH,MAAM3C,0BAA0BoL,UAAUX,kBAAkB9H,GAAG,EAAGkF,UAAS;AACjF,QAAIU,WAAO9D,+BAAWwG,uBAAuBI,gBAAgB,WAAA;AAC7D,UAAMC,qBAAiB7G,+BAAWmF,UAAUvF,WAAW,WAAA;AAMvD,UAAMkH,eAAgBC,WAAqEC;AAC3F,QAAIF,cAAc;AAChB,UAAI;AACF,cAAMG,YAAYlK,0BAA0B+J,YAAAA;AAC5C,YAAIG,WAAW;AACbnD,iBAAOhF,mBAAmBmI,UAAU7I,gBAAgB6I,UAAU5I,YAAY;QAC5E;MACF,SAAS2D,GAAG;AACVC,gBAAQiF,KAAK,6FAA8FlF,EAAYG,OAAO;MAChI;IACF;AACA,UAAMgF,QAAQ,UAAMC,uCAAmB;MACrCtD;MACAlE,WAAWiH;MACX3I;IACF,CAAA;AAEA,WAAO;MACLmJ,MAAM;MACNC,UAAU;MACVpD,OAAO,CAACiD;MACRhF,SAAS,iBAAiBwC,iBAAa4C,kCAAa5C,UAAAA,EAAY6C,KAAKnE,GAAAA,SAAY8D,QAAQ,KAAK,IAAA;MAC9FvF,SAASoE;IACX;EACF;EAEAyB,sBACE7F,SAC2D;AAC3D,QAAIA,QAAQ1D,KAAK;AACf,aAAOuE,QAAQiF,QAAQnM,0BAA0BoM,kBAAkB/F,SAASA,QAAQ1D,GAAG,CAAA;IACzF;AACA,WAAOuE,QAAQC,OAAO5F,MAAM,iGAAA,CAAA;EAC9B;AACF;AASO,IAAM8K,sBAAN,MAAMA;EA9db,OA8daA;;;EACHC;EAER,YAAYC,cAA8B;AACxC,SAAKC,gBAAgBD,YAAAA;EACvB;;;;;;;EAQA,MAAME,uBAAuB,EAC3BC,OACAC,eAAe,KAAKC,gBAAe,GACnCC,kBACAnC,KAAI,GACwD;AAC5D,WAAO,UAAMoC,kDAA6B;MACxCJ;MACAC;MACAE;MACAnC;IACF,CAAA;EACF;;;;EAKA,MAAMqC,yBACJC,UACAC,UACAV,cACAW,qBACAL,kBACuE;AACvE,UAAMM,iBAAiBN,oBAAoBzM,cAAckH,OAAO8F,QAAQC,cAAa;AACrF,QAAIX,QAAoC,CAAA;AACxC,QAAIM,YAAYA,SAAS5J,SAAS,GAAG;AACnCsJ,cAAQM,SAAS3L,IAAI,CAACqC,QAAQ/C,WAAWS,KAAKsC,GAAAA,CAAAA;IAChD;AACA,QAAIuJ,YAAYA,SAAS7J,SAAS,GAAG;AACnCsJ,eAASA,SAAS,CAAA,GAAIY,OAAOL,QAAAA;IAC/B;AACA,UAAMvE,SAAS,UAAMoE,kDAA6B;MAChDJ;MACAC,cAAcJ,gBAAgB,KAAKK,gBAAe;MAClDC,kBAAkB,IAAIU,KAAKJ,eAAeK,eAAc,EAAGC,QAAO,IAAK,GAAA;MACvE/C,MAAM;QAAEgD,wBAAwB;MAAK;IACvC,CAAA;AAEA,UAAMC,OAAoCjF,OAAOkF,mBAAmBlF,OAAOkF,iBAAiBlF,OAAOkF,iBAAiBxK,SAAS,CAAA,IAAKV;AAElI,WAAO;MACLmL,WAAWF,MAAMnE;MACjBsE,oBAAoBH,MAAMnE,cAAclD;MACxCwF,MAAM;MACNC,UAAUrD,OAAOqD;MACjBnF,SAAS8B,OAAO9B;MAChB+B,OAAOD,OAAOC;MACdkE,kBAAkBM;IACpB;EACF;EAEAX,kBAAkB,wBAACuB,sBAAAA;AACjB,SAAKzB,gBAAgByB,mBAAmB1M,IAAI,CAACsM,SAAAA;AAC3C,UAAIA,KAAKK,SAAS,aAAA,GAAgB;AAEhC,eAAOL;MACT;AACA,iBAAOM,8BAASN,IAAAA;IAClB,CAAA;EACF,GARkB;EAUlBf,kBAAkB,6BAAM,KAAKN,eAAX;AACpB;AAEA,IAAM4B,sBAAsB,6BAAA;AAE1B,MAAI,OAAOC,SAAS,aAAa;AAE/B,QAAI,YAAYA,MAAM;AACpB,UAAIC,aAAa;AAEjB,UAAI,kBAAkBD,KAAKjO,QAAQ;AACjCkO,qBAAa;MACf;AAEAC,kCAAUD,YAAY,IAAIE,0BAAa;QAAExC,MAAMsC;QAAYlO;MAAe,CAAA,CAAA;IAC5E;EACF,WAAW,OAAOA,WAAW,eAAe,eAAeA,QAAQ;AACjE,UAAM4L,OAAO;AACb,UAAMyC,aAAoBC;AAE1BH,gCAAUvC,MAAM,IAAIwC,0BAAa;MAAExC;MAAM5L,QAAQqO;IAAW,CAAA,CAAA;EAC9D,OAAO;AAEL,UAAMzC,OAAO;AACbuC,gCAAUvC,MAAM,IAAIwC,0BAAa;MAAExC;MAAM5L,YAAQuO,iCAAa,KAAA;IAAO,CAAA,CAAA;EACvE;AACF,GAvB4B;AAyB5BP,oBAAAA;AAGA1N,iBAAiBkO,qBAAqB,IAAI3I,kBAAAA,CAAAA;AAC1CvF,iBAAiBmO,eAAe,IAAItC,oBAAAA,CAAAA;;;ACzkBpC,IAAAuC,wBAAoB;AACpB,IAAM,EAAEC,KAAAA,KAAG,IAAKC,sBAAAA;AAeT,IAAMC,iBAAiBF,KAAIG,SAASC,KAAKF;AACzC,IAAMG,cAAcL,KAAIG,SAASG,OAAOC,KAAKF;AAC7C,IAAMG,sBAAsBR,KAAIG,SAASG,OAAOE;AAChD,IAAMC,6BAA4BT,KAAIG,SAASG,OAAOG;AACtD,IAAMC,WAAUV,KAAIG,SAASG,OAAOI;AACpC,IAAMC,iBAAgBX,KAAIG,SAASS,IAAID;AACvC,IAAME,aAAab,KAAIG,SAASS,IAAIC;AACpC,IAAMC,WAAWd,KAAIG,SAASS,IAAIE;AAClC,IAAMC,WAAWf,KAAIG,SAASS,IAAIG;AAClC,IAAMC,kBAAkBhB,KAAIG,SAASc,KAAKC,KAAKF;AAC/C,IAAMG,oBAAoBnB,KAAIG,SAASc,KAAKG,OAAOC;AACnD,IAAMC,MAAMtB,KAAIG,SAASG,OAAOiB,KAAKD;AAGrC,IAAME,+BAA+BxB,KAAIG,SAASc,KAAKG,OAAOI;;;AF7BrE,IAAM,EAAEC,KAAAA,KAAG,IAAKC,sBAAAA;AA+BT,IAAMC,qBAAoC;EAC/C;EACA;EACA;EACA;EACA;;AAQK,IAAMC,UAAN,MAAMA;EA7Cb,OA6CaA;;;EACFC,SAASA,OAAOC;EAChBC,UAAoB;IAC3BC,4BAA4B,KAAKA,2BAA2BC,KAAK,IAAI;IACrEC,wBAAwB,KAAKA,uBAAuBD,KAAK,IAAI;IAC7DE,wBAAwB,KAAKA,uBAAuBF,KAAK,IAAI;IAC7DG,yBAAyB,KAAKA,wBAAwBH,KAAK,IAAI;IAC/DI,oBAAoB,KAAKA,mBAAmBJ,KAAK,IAAI;EACvD;EACiBK;EACAC;EACAC;EACTC;EAMR,YAAYC,MAeT;AACD,SAAKJ,qBAAqBI,MAAMC,gBAAgB,CAAA;AAChD,SAAKJ,sBAAsBG,MAAMH;AACjC,SAAKC,+BAA+BE,MAAMF;AAC1C,SAAKC,OAAOC,MAAMD,QAAQ;MAAEG,wBAAwB;IAAK;EAC3D;;EAGA,IAAYD,eAAyB;AACnC,WAAO;SAAI,KAAKL;SAAwB,KAAKC,sBAAmB,KAAQ,CAAA;;EAC1E;EAEA,IAAYM,iCAA2C;AACrD,WAAO;SAAK,KAAKJ,KAAKK,yBAAyB,CAAA;SAAS,KAAKN,+BAA4B,KAAQ,CAAA;;EACnG;;;;;;;;EASA,MAAcJ,wBAAwBM,MAA6BK,UAAiE;AAClI,UAAM,EAAEC,OAAOC,wBAAwBN,cAAcO,eAAeC,iBAAiBC,2BAA2BC,aAAaC,SAAQ,IAAKZ;AAE1I,UAAMa,gBAAgB,IAAIC,kBAAAA;AAE1B,UAAMC,WAAW,8BAAOC,SAAAA;AACtB,UAAI;AACF,cAAMC,SAAS,MAAMC,gBAAgBC,kBACnCH,MACA,MACAf,gBAAgB,KAAKA,cACrBmB,eAAcC,OAAOC,QAAQC,eAAef,eAAegB,kBAAkBC,QAAAA,KAAaC,KAAKC,IAAG,KAAM,GAAA,GACxGnB,eAAeoB,qBAAAA;AAEjB,YAAIX,OAAOY,OAAO;AAChBC,kBAAQC,IAAIC,KAAKC,UAAUhB,QAAQ,MAAM,CAAA,CAAA;QAC3C;AACA,eAAOA;MACT,SAASiB,GAAG;AACVJ,gBAAQC,IAAIG,CAAAA;AACZ,eAAO;UACLL,OAAO;UACPrB,eAAe;YACb;cACE2B,MAAM;cACNN,OAAO;cACPO,UAAU;cACVC,SAASH,EAAEG;YACb;;QAEJ;MACF;IACF,GA3BiB;AA6BjB,UAAMC,aAA8CzB,cAAc0B,6BAChE9B,iBACAH,OACAC,sBAAAA;AAEF,UAAMiC,qBAAsD,CAAA;AAC5D,QAAIC,YAA2HC;AAC/H,aAASC,SAASL,YAAY;AAC5B,UAAIK,MAAMC,UAAU;AAClB,cAAM3B,SAAS,MAAMF,SAAS4B,MAAMC,QAAQ;AAC5C,YAAI,CAAC3B,OAAOY,SAASlB,YAAYkC,SAAS,YAAA,GAAe;AAEvD,cAAI;AAKF,kBAAMC,qBAA2BH,MAAcI;AAC/C,kBAAMC,sBAA2BF,sBAAsB7B,OAAOgC;AAC9DnB,oBAAQC,IACN,2DAA2D,CAAC,CAACe,kBAAAA,qCAAuD,CAAC,CAACA,oBAAoBI,GAAAA,4BAC9G,CAAC,CAACjC,OAAOgC,OAAO,gCAAgC,CAAC,CAAChC,OAAOgC,SAASC,GAAAA,YAAeJ,qBAAqB,wBAAwB,gBAAA,EAAkB;AAE9K,kBAAMK,UAAUH,qBAAqBE,MAAME,YAAY/B,OAAOgC,QAAQL,oBAAoBE,GAAG,IAAIR;AACjG,gBAAI,CAACS,SAAS;AAGZ,oBAAMG,MACJ,4MACE;YAEN;AACA,gBAAIC,MAAMC,2BAA0BC,UAAUN,OAAAA,EAASO,UAAS;AAChE,gBAAI,CAACV,qBAAqBW,WAAW;AACnC,oBAAMV,UAAUD;AAChB,oBAAMY,iBAAaC,4CAAuB;gBAAEN;cAAS,CAAA;AACrD,oBAAMO,MAAMP,IAAIO,OAAOF;AACvB9B,sBAAQC,IAAI,8DAA8DwB,IAAIO,GAAG,gBAAgBF,UAAAA,EAAY;AAI7G,kBAAIV;AACJ,kBAAI;AACFA,sBAAM,MAAM7C,SAAS0D,MAAMC,cAAc;kBAAEF;gBAAI,CAAA;cACjD,SAAS5B,GAAG;AACVJ,wBAAQC,IACN,qDAAqD+B,GAAAA,aAAiB5B,GAAWG,OAAAA,8BAAqCuB,UAAAA,GAAa;AAErIV,sBAAM,MAAM7C,SAAS0D,MAAMC,cAAc;kBAAEF,KAAKF;gBAAW,CAAA;cAC7D;AACA,oBAAMK,MAAMf,IAAIe;AAChB,oBAAMN,YAAYT,IAAIgB,MAAMP,aAAaT,IAAIY;AAC7ChC,sBAAQC,IAAI,6DAA6DkC,GAAAA,eAAkBN,SAAAA,EAAW;AACtG,oBAAMQ,gBAAgBhB,QAAQiB,KAAK,OAAOjB,QAAQkB,KAAKlB,QAAQW,OAAO,IAAIQ,eAAeC,WAAWT,KAAKU,SAASC,IAAI,CAAA,CAAA;AACtH,oBAAM1B,gBAAgB2B,SAAQrD,OAAOgC,QAAQJ,OAAAA,EAASmB,KACpDN,KACAK,eACAlB,QAAQlD,MACRkD,QAAQ0B,eACR1B,QAAQ2B,oBACR3B,QAAQ4B,KACRlB,WACAM,GAAAA;AAEF,oBAAMa,cAAcnC,MAAMyB,KAAKzB,MAAMoC,iBAAiBpC,MAAMC,UAAUD,MAAMqC,eAAejC,aAAAA;AAC3FJ,sBAAQmC;YACV;UACF,SAAS5C,GAAQ;AACfJ,oBAAQC,IAAI,gFAAgFG,EAAEG,OAAO,IAAIH,CAAAA;UAC3G;AAEAM,6BAAmByC,KAAKtC,KAAAA;QAC1B,WAAW1B,OAAOY,OAAO;AACvBY,sBAAYxB;QACd;MACF;IACF;AACA,QAAIuB,mBAAmB0C,WAAW,GAAG;AACnC,UAAIzC,WAAW;AACb,eAAO0C,QAAQC,OAAO9B,MAAMb,UAAUjC,cAAc,CAAA,EAAG6B,WAAW,6BAAA,CAAA;MACpE;AACA,aAAO8C,QAAQC,OAAO9B,MAAM,6BAAA,CAAA;IAC9B;AAEA,QAAI;AACFxB,cAAQC,IACN,4CAA4CnB,QAAAA,iBAAyBD,WAAAA,+BAA0CD,yBAAAA,cAAuC8B,mBAAmB0C,MAAM,EAAE;AAEnL,UAAI;AACFpD,gBAAQC,IAAI,oDAAoDC,KAAKC,UAAU1B,sBAAAA,CAAAA,EAAyB;MAC1G,SAAS2B,GAAQ;AACfJ,gBAAQC,IAAI,sEAAsEG,GAAGG,OAAAA,EAAS;MAChG;AACAG,yBAAmB6C,QAAQ,CAACC,GAAQC,QAAAA;AAClC,cAAMC,KAAUF,GAAGvC;AACnB,YAAI0C,UAAe/C;AACnB,YAAI;AACF+C,oBAAUH,GAAG1C,UAAU6C,SAASC,SAASJ,GAAG1C,UAAU+C,KAAKD,OAAOD,SAASC,SAASJ,GAAG1C,UAAUgD,aAAAA;QACnG,QAAQ;QAER;AACA9D,gBAAQC,IACN,iCAAiCwD,GAAAA,yBAA4BD,GAAGP,iBAAiBc,IAAIH,SAASJ,GAAGP,iBAAiBc,EAAAA,aAAeJ,OAAAA,sBAC3G,CAAC,CAACH,GAAG1C,QAAAA,2BAAmC,CAAC,CAAC0C,GAAGN,aAAAA,2BACxC,CAAC,CAACQ,EAAAA,+BAAiC,CAAC,CAACA,IAAItC,GAAAA,uBAA0BsC,IAAI1B,GAAAA,eAAkB0B,IAAI7B,SAAAA,SAAkB6B,IAAIvB,GAAAA,wBACtHuB,IAAIZ,kBAAAA,iBAAmC,CAAC,CAACY,IAAIX,GAAAA,EAAK;AAE5E,YAAI;AACF,gBAAMiB,SAASN,IAAIO,SAASP,GAAGO,OAAM,IAAKP;AAC1C1D,kBAAQC,IAAI,iCAAiCwD,GAAAA,mBAAsBvD,KAAKC,UAAU6D,MAAAA,CAAAA,EAAS;QAC7F,SAAS5D,GAAQ;AACfJ,kBAAQC,IAAI,iCAAiCwD,GAAAA,qCAAwCrD,GAAGG,OAAAA,EAAS;QACnG;AACA,YAAI;AACF,gBAAM2D,UAAUR,IAAItC,KAAK6C,SAASP,GAAGtC,IAAI6C,OAAM,IAAKP,IAAItC;AACxDpB,kBAAQC,IAAI,iCAAiCwD,GAAAA,uBAA0BvD,KAAKC,UAAU+D,OAAAA,CAAAA,EAAU;QAClG,SAAS9D,GAAQ;AACfJ,kBAAQC,IAAI,iCAAiCwD,GAAAA,yCAA4CrD,GAAGG,OAAAA,EAAS;QACvG;MACF,CAAA;IACF,SAASH,GAAQ;AACfJ,cAAQC,IAAI,sDAAsDG,GAAGG,OAAAA,EAAS;IAChF;AAEA,QAAI4D;AACJ,QAAI;AACFA,uBAAiB,MAAMpF,cAAcqF,qBACnC1D,oBACAjC,wBACAK,UACAD,aACAD,yBAAAA;IAEJ,SAASwB,GAAQ;AACfJ,cAAQC,IAAI,0DAA0DG,GAAGG,OAAAA,EAAS;AAClFP,cAAQC,IAAI,oCAAoCG,GAAGiE,KAAAA,EAAO;AAC1D,YAAMjE;IACR;AAGA,QAAI;AACFJ,cAAQC,IAAI,oEAAoE,CAAC,CAACkE,cAAAA,UAAwB,OAAOA,cAAAA,EAAgB;AACjI,YAAMG,KAAUH;AAChB,UAAI;AACF,cAAMI,OAAOD,IAAIE,aAAaF,IAAIG,SAAS7D;AAC3CZ,gBAAQC,IACN,4DAA4D,CAAC,CAACqE,IAAII,OAAAA,oBAA2BJ,IAAIK,UAAU,IAAA,uBACpF,CAAC,CAACJ,IAAAA,oBAAwBA,MAAMnB,UAAUmB,MAAMK,QAAQ,KAAA,EAAO;MAE1F,SAASxE,GAAQ;AACfJ,gBAAQC,IAAI,oEAAoEG,GAAGG,OAAAA,EAAS;MAC9F;IACF,QAAQ;IAER;AAEA,QAAIsE;AACJ,QAAI;AACF,YAAMC,UAAUX,eAAeY,WAAU;AACzC/E,cAAQC,IAAI,oDAAoD6E,SAAS1B,MAAAA,EAAQ;AACjFyB,iBAAWG,SAASF,SAASpC,SAASuC,SAAS;IACjD,SAAS7E,GAAQ;AACfJ,cAAQC,IAAI,gDAAgDG,GAAGG,OAAAA,EAAS;AACxEP,cAAQC,IAAI,+CAA+CG,GAAGiE,KAAAA,EAAO;AACrE,YAAMjE;IACR;AAEA,QAAI8E;AACJ,QAAI;AACFA,gCAA0BC,6BAA6B5F,OAAO6F,2BAC5D3G,sBAAAA;IAEJ,SAAS2B,GAAQ;AACfJ,cAAQC,IAAI,gEAAgEG,GAAGG,OAAAA,EAAS;AACxFP,cAAQC,IAAI,+DAA+DG,GAAGiE,KAAAA,EAAO;AACrF,YAAMjE;IACR;AACA,WAAO;MAAEyE;MAAUK;IAAwB;EAC7C;;;;;;;;;EAUA,MAAcrH,mBAAmBK,MAA8BK,UAA+D;AAC5H,UAAM,EAAEsG,UAAUK,yBAAyB/G,aAAY,IAAKD;AAC5D,UAAMiG,iBAAiBlH,KAAIoI,SAASnG,KAAKoG,KAAKC,OAAOC,mBAAmBjG,OAAOkG,WAAWhD,WAAWoC,UAAUnC,SAASuC,SAAS,CAAA;AACjI,QAAI,CAACd,eAAeK,WAAW;AAC7B,aAAOnB,QAAQC,OAAO9B,MAAM,gCAAgC,CAAA;IAC9D;AACA,QAAIzB,QAAQ;AACZ,UAAMyE,YAAY,MAAMnB,QAAQqC,IAC9BvB,eAAeK,UAAUmB,IAAI,OAAO7E,aAAAA;AAClC,UAAI;AACF,cAAM8E,cAAc,MAAMxG,gBAAgBC,kBAAkByB,UAAU,MAAM3C,gBAAgB,KAAKA,YAAY;AAC7G,YAAI,CAACyH,eAAeA,YAAY7F,OAAO;AACrCA,kBAAQ;QACV;AACA,YAAImF,wBAAwBW,eAAeC,KAAK,CAACC,MAAMA,EAAEhC,OAAOjD,SAAS6C,QAAQC,KAAK,MAAM,MAAM;AAChG7D,kBAAQ;AACR6F,sBAAYlH,cAAcyE,KAAK;YAC7B9C,MAAM;YACNN;YACAO,UAAUP;YACVQ,SAAS,2CAA2CO,SAAS6C,QAAQC,KAAK;UAC5E,CAAA;QACF;AACA,eAAO;UAAE9C,UAAUA,SAASmD,OAAM;UAAI2B;QAAY;MACpD,SAASxF,GAAG;AACVL,gBAAQ;AACR,eAAO;UACLe,UAAUA,SAASmD,OAAM;UACzB2B,aAAa;YACX7F,OAAO;YACPrB,eAAe;cACb;gBACE2B,MAAM;gBACNN;gBACAO,UAAU;gBACVC,SAASH,EAAEG;cACb;;UAEJ;QACF;MACF;IACF,CAAA,CAAA;AAEF,QAAIR,OAAO;AACTC,cAAQC,IAAIC,KAAKC,UAAUqE,WAAW,MAAM,CAAA,CAAA;IAC9C;AACA,WAAO;MAAEzE;MAAOyE;MAAWU;IAAwB;EACrD;;;;;;;;EASA,MAAcvH,uBAAuBO,MAAkC8H,SAAqE;AAC1I,UAAM,EAAEC,OAAO9E,SAAS+E,eAAc,IAAKhI;AAC3C,UAAMiI,cAAchF,WAAWO,2BAA0B0E,cAAcjF,OAAAA;AACvE,UAAMkF,eAAe,MAAM,IAAIC,oBAAoB,IAAIC,kBAAkBP,OAAAA,CAAAA,EAAUQ,QACjFvJ,KAAIoI,SAASoB,OAAOC,KAAKC,cAAcpH,OAAOgC,QAAQ0E,KAAAA,EAAOW,OAAM,GACnET,aACAD,cAAAA;AAEF,WAAO;MAAE,GAAGG;MAAclF;IAAiB;EAC7C;;;;;;;;;EAUA,MAAc3D,2BAA2BU,MAAkCK,UAA2D;AACpI,UAAMsI,gBAA0B;SAAI,KAAK1I;SAAkBD,KAAKC,gBAAgB,CAAA;;AAChF,UAAMA,eAAe,IAAI2I,IAAYD,aAAAA;AACrC,UAAME,mBAAmB,MAAM,IAAIC,oBAAoBC,MAAMC,KAAKL,aAAAA,CAAAA,EAAgBM,uBAAuB;MACvG,GAAGjJ;MACHC,cAAc8I,MAAMC,KAAK/I,YAAAA;MACzBF,MAAM;QAAE,GAAGC,MAAMD;QAAM,GAAG,KAAKA;QAAMK,uBAAuB,KAAKD;MAA+B;IAClG,CAAA;AACA2B,YAAQC,IACN,uBAAuB8G,iBAAiBhH,QAAQ,UAAU,SAAA,cAAuBgH,iBAAiBxG,OAAO,cAAcwG,iBAAiBK,aAAa,EAAE;AAEzJ,WAAOL;EACT;;;;;;;;;;;EAYA,MAAcrJ,uBAAuBQ,MAAkC8H,SAAuD;AAC5H,UAAMqB,eAAenJ,KAAKmJ,aAAa1B,IAAI,CAAC2B,aAASC,+CAA0BD,IAAAA,CAAAA;AAC/E,WAAO,MAAMjE,QAAQqC,IAAI2B,aAAa1B,IAAI,CAAC2B,aAASE,wCAAmBF,MAAMpJ,KAAKuJ,iBAAiB;MAAEA,eAAevJ,KAAKuJ;IAAc,CAAA,CAAA,CAAA;EACzI;AACF;;;ADxaO,IAAMC,SAASC,yBAAQC,QAAQC,IAAI,eAAA;AAC1C,IAAMC,SAASC;","names":["module","CoseJoseKeyMappingService","DateTimeUtils","KeyInfo","import_kmp_mdoc_core","import_ssi_sdk_ext","import_ssi_sdk_ext","com","mdocPkg","CoseJoseKeyMappingService","sphereon","crypto","KeyInfo","DateTimeUtils","kmp","SignatureAlgorithm","generic","DefaultCallbacks","toU8","bytes","Uint8Array","ArrayBuffer","isView","v","buffer","byteOffset","byteLength","Array","isArray","from","map","b","Error","extractIssuerAuthRawParts","rawInput","u8","pos","readHead","mt","info","len","skip","h","i","readBstr","out","slice","readTstr","TextDecoder","decode","outer","undefined","key","arr","protectedBytes","payloadBytes","encodeBstrHeader","concatU8","parts","total","p","length","off","set","buildSig1Structure","sig1Label","derEcdsaToRaw","der","coordSize","offset","seqLen","numBytes","readInt","val","start","r","s","decodeKmsSignatureToRaw","signature","normalized","trim","replace","fromString","cborHeader","buf","ib","major","ai","headerLen","argument","cborItemLen","reconstructMdocDeviceAuthSigStructure","sig","payloadStart","ph","daStart","da","subarray","d","e4","e4Tagged","daCorrected","deviceAuthBytes","newPayload","CoseCryptoService","context","setContext","signAsync","input","requireX5Chain","keyInfo","alg","value","toBeSigned","e","console","log","message","hex","toString","padStart","kmsKeyRef","fallbackKeyRefs","Promise","reject","resolvedKeyInfo","ResolvedKeyInfo","Static","fromKeyInfo","jwkKeyInfo","toResolvedJwkKeyInfo","thumbprint","calculateJwkThumbprint","jwk","toJsonDTO","kid","getKidAsString","push","doSign","keyRef","agent","keyManagerSign","algorithm","jose","data","u8aToString","encoding","result","error","signed","ref","joseAlg","raw","Int8Array","verify1Async","getCertAndKey","x5c","issuerCert","pemOrDerToX509Certificate","issuerJwk","getCertificateInfo","publicKeyJWK","coseKeyInfo","toCoseKeyInfo","payload","sign1Json","toJson","coseAlg","protectedHeader","issuerCoseKey","unprotectedHeader","getX509CertificateChain","x5chain","certAndKey","toCoseKey","cose","CoseKeyCbor","fromDTO","issuerCoseKeyInfo","opts","keyVisibility","getSignatureAlgorithm","signatureAlgorithm","kms","keyType","getKty","recalculatedToBeSigned","toBeSignedJson","fromCose","toJoseJwk","base64UrlValue","signatureBytes","rawMdocBytes","globalThis","__sphereon_mdoc_raw_bytes","extracted","warn","valid","verifyRawSignature","name","critical","getSubjectDN","DN","resolvePublicKeyAsync","resolve","toResolvedKeyInfo","X509CallbackService","_trustedCerts","trustedCerts","setTrustedCerts","verifyCertificateChain","chain","trustAnchors","getTrustedCerts","verificationTime","validateX509CertificateChain","verifyCertificateChainJS","chainDER","chainPEM","verificationProfile","verificationAt","DEFAULT","dateTimeLocal","concat","Date","toEpochSeconds","toULong","trustRootWhenNoAnchors","cert","certificateChain","publicKey","publicKeyAlgorithm","trustedCertsInPEM","includes","derToPEM","defaultCryptoEngine","self","engineName","setEngine","CryptoEngine","nodeCrypto","webcrypto","globalCrypto","setCoseCryptoDefault","setX509Default","import_kmp_mdoc_core","com","mdocPkg","CborByteString","sphereon","cbor","CoseKeyCbor","crypto","cose","CoseCryptoServiceJS","CoseJoseKeyMappingService","KeyInfo","DateTimeUtils","kmp","decodeFrom","encodeTo","Encoding","MdocValidations","mdoc","data","MdocOid4vpService","oid4vp","MdocOid4vpServiceJs","Jwk","jose","Oid4VPPresentationSubmission","com","mdocPkg","mdocSupportMethods","MDLMdoc","schema","IMDLMdoc","methods","x509VerifyCertificateChain","bind","x509GetCertificateInfo","mdocVerifyIssuerSigned","mdocOid4vpHolderPresent","mdocOid4vpRPVerify","staticTrustAnchors","trustAnchorProvider","blindlyTrustedAnchorProvider","opts","args","trustAnchors","trustRootWhenNoAnchors","effectiveBlindlyTrustedAnchors","blindlyTrustedAnchors","_context","mdocs","presentationDefinition","verifications","mdocHolderNonce","authorizationRequestNonce","responseUri","clientId","oid4vpService","MdocOid4vpService","validate","mdoc","result","MdocValidations","fromDocumentAsync","DateTimeUtils","Static","DEFAULT","dateTimeLocal","verificationTime","getTime","Date","now","allowExpiredDocuments","error","console","log","JSON","stringify","e","name","critical","message","allMatches","matchDocumentsAndDescriptors","docsAndDescriptors","lastError","undefined","match","document","includes","matchDeviceKeyInfo","deviceKeyInfo","deviceKeyInfoSource","keyInfo","key","cborKey","CoseKeyCbor","fromDTO","Error","jwk","CoseJoseKeyMappingService","toJoseJwk","toJsonDTO","kmsKeyRef","thumbprint","calculateJwkThumbprint","kid","agent","keyManagerGet","kms","meta","updateCborKey","copy","kty","CborByteString","decodeFrom","Encoding","UTF8","KeyInfo","keyVisibility","signatureAlgorithm","x5c","updateMatch","inputDescriptor","documentError","push","length","Promise","reject","forEach","d","idx","dk","docType","value","MSO","getDocType","id","dkJson","toJson","keyJson","deviceResponse","createDeviceResponse","stack","dr","docs","documents","b3p_1","version","status","size","vp_token","encoded","cborEncode","encodeTo","BASE64URL","presentation_submission","Oid4VPPresentationSubmission","fromPresentationDefinition","sphereon","data","device","DeviceResponseCbor","cborDecode","all","map","validations","descriptor_map","find","m","context","input","requireX5Chain","coseKeyInfo","toCoseKeyInfo","verification","CoseCryptoServiceJS","CoseCryptoService","verify1","crypto","cose","CoseSign1Json","toCbor","mergedAnchors","Set","validationResult","X509CallbackService","Array","from","verifyCertificateChain","detailMessage","certificates","cert","pemOrDerToX509Certificate","getCertificateInfo","sanTypeFilter","logger","Loggers","DEFAULT","get","schema","require"]}