@sphereon/ssi-sdk.oid4vci-issuer 0.34.1-fix.80 → 0.34.1-next.278

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (9) hide show
  1. package/dist/index.cjs +7 -2
  2. package/dist/index.cjs.map +1 -1
  3. package/dist/index.d.cts +3 -1
  4. package/dist/index.d.ts +3 -1
  5. package/dist/index.js +7 -2
  6. package/dist/index.js.map +1 -1
  7. package/package.json +20 -19
  8. package/src/functions.ts +9 -4
  9. package/src/types/IOID4VCIIssuer.ts +3 -1
package/dist/index.cjs CHANGED
@@ -390,16 +390,16 @@ var import_oid4vci_client = require("@sphereon/oid4vci-client");
390
390
  var import_ssi_sdk_ext3 = require("@sphereon/ssi-sdk-ext.did-utils");
391
391
 
392
392
  // src/functions.ts
393
+ var import_did_auth_siop = require("@sphereon/did-auth-siop");
393
394
  var import_oid4vci_issuer = require("@sphereon/oid4vci-issuer");
394
395
  var import_ssi_sdk_ext = require("@sphereon/ssi-sdk-ext.did-utils");
395
396
  var import_ssi_sdk_ext2 = require("@sphereon/ssi-sdk-ext.identifier-resolution");
396
397
  var import_ssi_sdk = require("@sphereon/ssi-sdk.agent-config");
397
398
  var import_ssi_types = require("@sphereon/ssi-types");
398
399
  var import_utils = require("@veramo/utils");
400
+ var import_cross_fetch = __toESM(require("cross-fetch"), 1);
399
401
  var import_did_jwt = require("did-jwt");
400
402
  var import_jwt_decode = require("jwt-decode");
401
- var import_cross_fetch = __toESM(require("cross-fetch"), 1);
402
- var import_did_auth_siop = require("@sphereon/did-auth-siop");
403
403
  function getJwtVerifyCallback({ verifyOpts }, _context) {
404
404
  return async (args) => {
405
405
  const resolver = (0, import_ssi_sdk_ext.getAgentResolver)(_context, {
@@ -649,6 +649,11 @@ async function createVciIssuerBuilder(args, context) {
649
649
  builder.withIssuerMetadata(issuerMetadata);
650
650
  builder.withAuthorizationMetadata(authorizationServerMetadata);
651
651
  builder.withCredentialSignerCallback(await getCredentialSignerCallback(idOpts, context));
652
+ if (issuerOpts.nonceEndpoint) {
653
+ builder.withNonceEndpoint(issuerOpts.nonceEndpoint);
654
+ } else if (issuerMetadata.nonce_endpoint) {
655
+ builder.withNonceEndpoint(issuerOpts.nonceEndpoint ?? issuerMetadata.nonce_endpoint);
656
+ }
652
657
  if (issuerOpts.asClientOpts) {
653
658
  builder.withASClientMetadata(issuerOpts.asClientOpts);
654
659
  }
package/dist/index.cjs.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"sources":["../plugin.schema.json","../src/index.ts","../src/agent/OID4VCIIssuer.ts","../src/functions.ts","../src/IssuerInstance.ts"],"sourcesContent":["{\n \"IDidAuthSiopOpAuthenticator\": {\n \"components\": {\n \"schemas\": {\n \"IGetSiopSessionArgs\": {\n \"type\": \"object\",\n \"properties\": {\n \"sessionId\": {\n \"type\": \"string\"\n },\n \"additionalProperties\": false\n },\n \"required\": [\"sessionId\"],\n \"description\": \"Arguments needed for {@link DidAuthSiopOpAuthenticator.getSessionForSiop } \"\n },\n \"IRegisterSiopSessionArgs\": {\n \"type\": \"object\",\n \"properties\": {\n \"identifier\": {\n \"type\": \"object\",\n \"properties\": {\n \"did\": {\n \"type\": \"string\"\n },\n \"alias\": {\n \"type\": \"string\"\n },\n \"provider\": {\n \"type\": \"string\"\n },\n \"controllerKeyId\": {\n \"type\": \"string\"\n },\n \"keys\": {\n \"type\": \"array\",\n \"items\": {\n \"type\": \"object\",\n \"properties\": {\n \"additionalProperties\": true\n }\n }\n },\n \"services\": {\n \"type\": \"array\",\n \"items\": {\n \"type\": \"object\",\n \"properties\": {\n \"additionalProperties\": true\n }\n }\n }\n },\n \"additionalProperties\": false,\n \"required\": [\"did\", \"provider\", \"keys\", \"services\"]\n },\n \"sessionId\": {\n \"type\": \"string\"\n },\n \"expiresIn\": {\n \"type\": \"number\"\n },\n \"additionalProperties\": false\n },\n \"required\": [\"identifier\"],\n \"description\": \"Arguments needed for {@link DidAuthSiopOpAuthenticator.registerSessionForSiop } \"\n },\n \"IRemoveSiopSessionArgs\": {\n \"type\": \"object\",\n \"properties\": {\n \"sessionId\": {\n \"type\": \"string\"\n },\n \"additionalProperties\": false\n },\n \"required\": [\"sessionId\"],\n \"description\": \"Arguments needed for {@link DidAuthSiopOpAuthenticator.removeSessionForSiop } \"\n },\n \"IAuthenticateWithSiopArgs\": {\n \"type\": \"object\",\n \"properties\": {\n \"sessionId\": {\n \"type\": \"string\"\n },\n \"stateId\": {\n \"type\": \"string\"\n },\n \"redirectUrl\": {\n \"type\": \"string\"\n },\n \"additionalProperties\": false\n },\n \"required\": [\"sessionId\", \"stateId\", \"redirectUrl\"],\n \"description\": \"Arguments needed for {@link DidAuthSiopOpAuthenticator.authenticateWithSiop } \"\n },\n \"IResponse\": {\n \"type\": \"object\",\n \"properties\": {\n \"status\": {\n \"type\": \"number\"\n },\n \"additionalProperties\": true\n },\n \"required\": [\"status\"],\n \"description\": \"Result of {@link DidAuthSiopOpAuthenticator.authenticateWithSiop & DidAuthSiopOpAuthenticator.sendSiopAuthenticationResponse } \"\n },\n \"IGetSiopAuthenticationRequestFromRpArgs\": {\n \"type\": \"object\",\n \"properties\": {\n \"sessionId\": {\n \"type\": \"string\"\n },\n \"stateId\": {\n \"type\": \"string\"\n },\n \"redirectUrl\": {\n \"type\": \"string\"\n },\n \"additionalProperties\": false\n },\n \"required\": [\"sessionId\", \"stateId\", \"redirectUrl\"],\n \"description\": \"Arguments needed for {@link DidAuthSiopOpAuthenticator.getSiopAuthenticationRequestFromRP } \"\n },\n \"ParsedAuthenticationRequestURI\": {\n \"type\": \"object\",\n \"properties\": {\n \"jwt\": {\n \"type\": \"string\"\n },\n \"requestPayload\": {\n \"type\": \"object\",\n \"properties\": {\n \"additionalProperties\": true\n }\n },\n \"registration\": {\n \"type\": \"object\",\n \"properties\": {\n \"additionalProperties\": true\n }\n },\n \"additionalProperties\": false\n },\n \"required\": [\"jwt\", \"requestPayload\", \"registration\"],\n \"description\": \"Result of {@link DidAuthSiopOpAuthenticator.getSiopAuthenticationRequestFromRP } \"\n },\n \"IGetSiopAuthenticationRequestDetailsArgs\": {\n \"type\": \"object\",\n \"properties\": {\n \"sessionId\": {\n \"type\": \"string\"\n },\n \"verifiedAuthenticationRequest\": {\n \"type\": \"object\",\n \"properties\": {\n \"additionalProperties\": true\n }\n },\n \"credentialFilter\": {\n \"type\": \"object\",\n \"properties\": {\n \"additionalProperties\": true\n }\n },\n \"additionalProperties\": false\n },\n \"required\": [\"sessionId\", \"verifiedAuthenticationRequest\"],\n \"description\": \"Arguments needed for {@link DidAuthSiopOpAuthenticator.getSiopAuthenticationRequestDetails } \"\n },\n \"IAuthRequestDetails\": {\n \"type\": \"object\",\n \"properties\": {\n \"id\": {\n \"type\": \"string\"\n },\n \"alsoKnownAs\": {\n \"type\": \"array\",\n \"items\": {\n \"type\": \"string\"\n }\n },\n \"vpResponseOpts\": {\n \"type\": \"object\",\n \"properties\": {\n \"additionalProperties\": true\n }\n },\n \"additionalProperties\": false\n },\n \"required\": [\"id\", \"vpResponseOpts\"],\n \"description\": \"Result of {@link DidAuthSiopOpAuthenticator.getSiopAuthenticationRequestDetails } \"\n },\n \"IVerifySiopAuthenticationRequestUriArgs\": {\n \"type\": \"object\",\n \"properties\": {\n \"sessionId\": {\n \"type\": \"string\"\n },\n \"ParsedAuthenticationRequestURI\": {\n \"type\": \"object\",\n \"properties\": {\n \"additionalProperties\": true\n }\n },\n \"additionalProperties\": false\n },\n \"required\": [\"sessionId\", \"ParsedAuthenticationRequestURI\"],\n \"description\": \"Arguments needed for {@link DidAuthSiopOpAuthenticator.verifySiopAuthenticationRequestURI } \"\n },\n \"VerifiedAuthorizationRequest\": {\n \"type\": \"object\",\n \"properties\": {\n \"payload\": {\n \"type\": \"object\",\n \"properties\": {\n \"additionalProperties\": true\n }\n },\n \"presentationDefinitions\": {\n \"type\": \"object\",\n \"properties\": {\n \"additionalProperties\": true\n }\n },\n \"verifyOpts\": {\n \"type\": \"object\",\n \"properties\": {\n \"additionalProperties\": true\n }\n },\n \"additionalProperties\": false\n },\n \"required\": [\"payload\", \"verifyOpts\"],\n \"description\": \"Result of {@link DidAuthSiopOpAuthenticator.verifySiopAuthenticationRequestURI } \"\n },\n \"ISendSiopAuthenticationResponseArgs\": {\n \"type\": \"object\",\n \"properties\": {\n \"sessionId\": {\n \"type\": \"string\"\n },\n \"verifiedAuthenticationRequest\": {\n \"type\": \"object\",\n \"properties\": {\n \"additionalProperties\": true\n }\n },\n \"verifiablePresentationResponse\": {\n \"type\": \"object\",\n \"properties\": {\n \"additionalProperties\": true\n }\n },\n \"additionalProperties\": false\n },\n \"required\": [\"sessionId\", \"verifiedAuthenticationRequest\"],\n \"description\": \"Arguments needed for {@link DidAuthSiopOpAuthenticator.sendSiopAuthenticationResponse } \"\n }\n },\n \"methods\": {\n \"getSessionForSiop\": {\n \"description\": \"Get SIOP session\",\n \"arguments\": {\n \"$ref\": \"#/components/schemas/IGetSiopSessionArgs\"\n },\n \"returnType\": \"object\"\n },\n \"registerSessionForSiop\": {\n \"description\": \"Register SIOP session\",\n \"arguments\": {\n \"$ref\": \"#/components/schemas/IRegisterSiopSessionArgs\"\n },\n \"returnType\": \"object\"\n },\n \"removeSessionForSiop\": {\n \"description\": \"Remove SIOP session\",\n \"arguments\": {\n \"$ref\": \"#/components/schemas/IRemoveSiopSessionArgs\"\n },\n \"returnType\": \"boolean\"\n },\n \"authenticateWithSiop\": {\n \"description\": \"Authenticate using DID Auth SIOP\",\n \"arguments\": {\n \"$ref\": \"#/components/schemas/IAuthenticateWithSiopArgs\"\n },\n \"returnType\": {\n \"$ref\": \"#/components/schemas/Response\"\n }\n },\n \"getSiopAuthenticationRequestFromRP\": {\n \"description\": \"Get authentication request from RP\",\n \"arguments\": {\n \"$ref\": \"#/components/schemas/IGetSiopAuthenticationRequestFromRpArgs\"\n },\n \"returnType\": {\n \"$ref\": \"#/components/schemas/ParsedAuthenticationRequestURI\"\n }\n },\n \"getSiopAuthenticationRequestDetails\": {\n \"description\": \"Get authentication request details\",\n \"arguments\": {\n \"$ref\": \"#/components/schemas/IGetSiopAuthenticationRequestDetailsArgs\"\n },\n \"returnType\": {\n \"$ref\": \"#/components/schemas/IAuthRequestDetails\"\n }\n },\n \"verifySiopAuthenticationRequestURI\": {\n \"description\": \"Verify authentication request URI\",\n \"arguments\": {\n \"$ref\": \"#/components/schemas/IVerifySiopAuthenticationRequestUriArgs\"\n },\n \"returnType\": {\n \"$ref\": \"#/components/schemas/VerifiedAuthorizationRequest\"\n }\n },\n \"sendSiopAuthenticationResponse\": {\n \"description\": \"Send authentication response\",\n \"arguments\": {\n \"$ref\": \"#/components/schemas/ISendSiopAuthenticationResponseArgs\"\n },\n \"returnType\": {\n \"$ref\": \"#/components/schemas/IRequiredContext\"\n }\n }\n }\n }\n }\n}\n","/**\n * @public\n */\nconst schema = require('../plugin.schema.json')\nexport { schema }\nexport { OID4VCIIssuer } from './agent/OID4VCIIssuer'\nexport * from './functions'\nexport * from './IssuerInstance'\nexport * from './types/IOID4VCIIssuer'\n","import {\n AccessTokenResponse,\n AuthorizationServerMetadata,\n CredentialResponse,\n IssuerMetadata,\n OpenIDResponse,\n WellKnownEndpoints,\n} from '@sphereon/oid4vci-common'\nimport { assertValidAccessTokenRequest, createAccessTokenResponse, VcIssuer } from '@sphereon/oid4vci-issuer'\nimport { retrieveWellknown } from '@sphereon/oid4vci-client'\nimport { getAgentResolver } from '@sphereon/ssi-sdk-ext.did-utils'\nimport { IMetadataOptions } from '@sphereon/ssi-sdk.oid4vci-issuer-store'\nimport { IAgentPlugin } from '@veramo/core'\nimport { getAccessTokenSignerCallback } from '../functions'\nimport {\n IAssertValidAccessTokenArgs,\n ICreateCredentialOfferURIResult,\n ICreateOfferArgs,\n IIssueCredentialArgs,\n IIssuerInstanceArgs,\n IIssuerOptions,\n IOID4VCIIssuerOpts,\n IRequiredContext,\n schema,\n} from '../index'\nimport { IssuerInstance } from '../IssuerInstance'\n\nimport { IOID4VCIIssuer } from '../types/IOID4VCIIssuer'\n\nexport class OID4VCIIssuer implements IAgentPlugin {\n private static readonly _DEFAULT_OPTS_KEY = '_default'\n private readonly instances: Map<string, IssuerInstance> = new Map()\n readonly schema = schema.IDidAuthSiopOpAuthenticator\n\n readonly methods: IOID4VCIIssuer = {\n oid4vciCreateOfferURI: this.oid4vciCreateOfferURI.bind(this),\n oid4vciIssueCredential: this.oid4vciIssueCredential.bind(this),\n oid4vciCreateAccessTokenResponse: this.oid4vciCreateAccessTokenResponse.bind(this),\n oid4vciGetInstance: this.oid4vciGetInstance.bind(this),\n }\n private _opts: IOID4VCIIssuerOpts\n\n constructor(opts?: IOID4VCIIssuerOpts) {\n this._opts = opts ?? {}\n }\n\n private async oid4vciCreateOfferURI(createArgs: ICreateOfferArgs, context: IRequiredContext): Promise<ICreateCredentialOfferURIResult> {\n return await this.oid4vciGetInstance(createArgs, context)\n .then((instance) => instance.get({ context }))\n .then((issuer: VcIssuer) =>\n issuer.createCredentialOfferURI(createArgs).then((response) => {\n const result: ICreateCredentialOfferURIResult = response\n if (this._opts.returnSessions === false) {\n delete result.session\n }\n return result\n }),\n )\n }\n\n private async oid4vciIssueCredential(issueArgs: IIssueCredentialArgs, context: IRequiredContext): Promise<CredentialResponse> {\n return await this.oid4vciGetInstance(issueArgs, context)\n .then((instance) => instance.get({ context }))\n .then((issuer: VcIssuer) => issuer.issueCredential(issueArgs))\n }\n\n private async oid4vciCreateAccessTokenResponse(\n accessTokenArgs: IAssertValidAccessTokenArgs,\n context: IRequiredContext,\n ): Promise<AccessTokenResponse> {\n return await this.oid4vciGetInstance(accessTokenArgs, context).then(async (instance) => {\n const issuer = await instance.get({ context })\n\n await assertValidAccessTokenRequest(accessTokenArgs.request, {\n credentialOfferSessions: issuer.credentialOfferSessions,\n expirationDuration: accessTokenArgs.expirationDuration,\n })\n const accessTokenIssuer = instance.issuerOptions.idOpts?.issuer ?? instance.issuerOptions.didOpts?.idOpts.identifier.toString() // last part is legacy\n if (!accessTokenIssuer) {\n return Promise.reject(Error(`Could not determine access token issuer`))\n }\n return createAccessTokenResponse(accessTokenArgs.request, {\n accessTokenIssuer,\n tokenExpiresIn: accessTokenArgs.expirationDuration,\n cNonceExpiresIn: accessTokenArgs.expirationDuration,\n cNonces: issuer.cNonces,\n credentialOfferSessions: issuer.credentialOfferSessions,\n accessTokenSignerCallback: await getAccessTokenSignerCallback(instance.issuerOptions, context),\n })\n })\n }\n\n private getExternalAS(issuerMetadata: IssuerMetadata): string | undefined {\n if ('authorization_servers' in issuerMetadata && Array.isArray(issuerMetadata.authorization_servers)) {\n return issuerMetadata.authorization_servers.find((as) => as !== issuerMetadata.credential_issuer)\n }\n return undefined\n }\n\n private async createIssuerInstance(args: IIssuerInstanceArgs, context: IRequiredContext): Promise<IssuerInstance> {\n const credentialIssuer = args.credentialIssuer ?? OID4VCIIssuer._DEFAULT_OPTS_KEY\n //todo: prob doesn't make sense as credentialIssuer is mandatory anyway\n\n const metadataOpts = await this.getMetadataOpts({ ...args, credentialIssuer }, context)\n const issuerMetadata = await this.getIssuerMetadata({ ...args, credentialIssuer }, context)\n const externalAS = this.getExternalAS(issuerMetadata)\n let asMetadataResponse: OpenIDResponse<AuthorizationServerMetadata> | undefined = undefined\n if (externalAS) {\n // Let's try OIDC first and then fallback to OAuth2\n asMetadataResponse = await retrieveWellknown(externalAS, WellKnownEndpoints.OPENID_CONFIGURATION, {\n errorOnNotFound: false,\n })\n if (!asMetadataResponse) {\n asMetadataResponse = await retrieveWellknown(externalAS, WellKnownEndpoints.OAUTH_AS, {\n errorOnNotFound: true,\n })\n }\n }\n const authorizationServerMetadata = asMetadataResponse?.successBody\n ? asMetadataResponse!.successBody\n : await this.getAuthorizationServerMetadataFromStore(\n {\n ...args,\n credentialIssuer,\n },\n context,\n )\n const issuerOpts = await this.getIssuerOptsFromStore({ ...args, credentialIssuer }, context)\n if (!issuerOpts.resolveOpts) {\n issuerOpts.resolveOpts = { ...issuerOpts.didOpts?.resolveOpts, ...this._opts.resolveOpts }\n }\n if (!issuerOpts.resolveOpts?.resolver) {\n issuerOpts.resolveOpts.resolver = getAgentResolver(context)\n }\n this.instances.set(\n credentialIssuer,\n new IssuerInstance({\n issuerOpts,\n metadataOpts,\n issuerMetadata,\n authorizationServerMetadata,\n }),\n )\n return this.oid4vciGetInstance(args, context)\n }\n\n public async oid4vciGetInstance(args: IIssuerInstanceArgs, context: IRequiredContext): Promise<IssuerInstance> {\n const credentialIssuer = args.credentialIssuer ?? OID4VCIIssuer._DEFAULT_OPTS_KEY\n //todo: prob doesn't make sense as credentialIssuer is mandatory anyway\n if (!this.instances.has(credentialIssuer)) {\n await this.createIssuerInstance(args, context)\n }\n return this.instances.get(credentialIssuer)!\n }\n\n private async getIssuerOptsFromStore(\n opts: {\n credentialIssuer: string\n storeId?: string\n namespace?: string\n },\n context: IRequiredContext,\n ): Promise<IIssuerOptions> {\n const credentialIssuer = opts.credentialIssuer\n const storeId = await this.storeId(opts, context)\n const namespace = await this.namespace(opts, context)\n const options = await context.agent.oid4vciStoreGetIssuerOpts({\n metadataType: 'issuer',\n correlationId: credentialIssuer,\n storeId,\n namespace,\n })\n if (!options) {\n throw Error(`Could not get specific nor default options for definition ${credentialIssuer}`)\n }\n return options\n }\n\n private async getMetadataOpts(\n opts: {\n credentialIssuer: string\n storeId?: string\n namespace?: string\n },\n context: IRequiredContext,\n ): Promise<IMetadataOptions> {\n const credentialIssuer = opts.credentialIssuer\n const storeId = await this.storeId(opts, context)\n const storeNamespace = await this.namespace(opts, context)\n return { credentialIssuer, storeId, storeNamespace }\n }\n\n private async getIssuerMetadata(\n opts: {\n credentialIssuer: string\n storeId?: string\n namespace?: string\n },\n context: IRequiredContext,\n ): Promise<IssuerMetadata> {\n const metadataOpts = await this.getMetadataOpts(opts, context)\n const metadata = (await context.agent.oid4vciStoreGetMetadata({\n metadataType: 'issuer',\n correlationId: metadataOpts.credentialIssuer,\n namespace: metadataOpts.storeNamespace,\n storeId: metadataOpts.storeId,\n })) as IssuerMetadata\n if (!metadata) {\n throw Error(`Issuer metadata not found for issuer ${opts.credentialIssuer}, namespace ${opts.namespace} and store ${opts.storeId}`)\n }\n return metadata\n }\n\n private async getAuthorizationServerMetadataFromStore(\n opts: {\n credentialIssuer: string\n storeId?: string\n namespace?: string\n },\n context: IRequiredContext,\n ): Promise<AuthorizationServerMetadata> {\n const metadataOpts = await this.getMetadataOpts(opts, context)\n const metadata = (await context.agent.oid4vciStoreGetMetadata({\n metadataType: 'authorizationServer',\n correlationId: metadataOpts.credentialIssuer,\n namespace: metadataOpts.storeNamespace,\n storeId: metadataOpts.storeId,\n })) as AuthorizationServerMetadata\n if (!metadata) {\n throw Error(\n `Authorization server ${opts.credentialIssuer} metadata not found for namespace ${metadataOpts.storeNamespace} and store ${metadataOpts.storeId}`,\n )\n }\n return metadata\n }\n\n private async storeId(opts?: { storeId?: string }, context?: IRequiredContext): Promise<string> {\n const storeId = opts?.storeId ?? this._opts?.defaultStoreId ?? (await context?.agent.oid4vciStoreDefaultStoreId())\n if (!storeId) {\n throw Error('Please provide a store id a default value, or provide the context for a global default store id')\n }\n return storeId\n }\n\n private async namespace(opts?: { namespace?: string }, context?: IRequiredContext): Promise<string> {\n const namespace = opts?.namespace ?? this._opts?.defaultNamespace ?? (await context?.agent.oid4vciStoreDefaultNamespace())\n if (!namespace) {\n throw Error('Please provide a namespace a default value, or provide the context for a global default namespace')\n }\n return namespace\n }\n}\n","import {\n AuthorizationServerMetadata,\n CredentialRequest,\n IssuerMetadata,\n Jwt,\n JWTHeader,\n JWTPayload,\n JwtVerifyResult,\n type OID4VCICredentialFormat,\n StatusListOpts,\n} from '@sphereon/oid4vci-common'\nimport { CredentialDataSupplier, CredentialIssuanceInput, CredentialSignerCallback, VcIssuer, VcIssuerBuilder } from '@sphereon/oid4vci-issuer'\nimport { getAgentResolver, IDIDOptions } from '@sphereon/ssi-sdk-ext.did-utils'\nimport { legacyKeyRefsToIdentifierOpts, ManagedIdentifierOptsOrResult } from '@sphereon/ssi-sdk-ext.identifier-resolution'\nimport { contextHasPlugin } from '@sphereon/ssi-sdk.agent-config'\nimport { SdJwtVcPayload } from '@sphereon/ssi-sdk.sd-jwt'\nimport { IStatusListPlugin } from '@sphereon/ssi-sdk.vc-status-list'\nimport { CompactSdJwtVc, CredentialMapper, ICredential, W3CVerifiableCredential } from '@sphereon/ssi-types'\nimport { CredentialPayload, ProofFormat } from '@veramo/core'\nimport { bytesToBase64 } from '@veramo/utils'\nimport { createJWT, decodeJWT, JWTVerifyOptions, verifyJWT } from 'did-jwt'\nimport { Resolvable } from 'did-resolver'\nimport { jwtDecode } from 'jwt-decode'\nimport { IIssuerOptions, IRequiredContext } from './types/IOID4VCIIssuer'\nimport fetch from 'cross-fetch'\nimport { AuthorizationResponseStateStatus } from '@sphereon/did-auth-siop'\n\nexport function getJwtVerifyCallback({ verifyOpts }: { verifyOpts?: JWTVerifyOptions }, _context: IRequiredContext) {\n return async (args: { jwt: string; kid?: string }): Promise<JwtVerifyResult> => {\n const resolver = getAgentResolver(_context, {\n resolverResolution: true,\n uniresolverResolution: true,\n localResolution: true,\n })\n verifyOpts = { ...verifyOpts, resolver: verifyOpts?.resolver } // Resolver separately as that is a function\n if (!verifyOpts?.resolver || typeof verifyOpts?.resolver?.resolve !== 'function') {\n verifyOpts.resolver = resolver\n }\n const result = await _context.agent.jwtVerifyJwsSignature({ jws: args.jwt })\n if (!result.error) {\n const identifier = result.jws.signatures[0].identifier\n if (!identifier) {\n return Promise.reject(Error('the jws did not contain a signature with an identifier'))\n }\n const jwkInfo = identifier.jwks[0]\n if (!jwkInfo) {\n return Promise.reject(Error(`the identifier of type ${identifier.method} is missing jwks (ExternalJwkInfo)`))\n }\n const { alg } = jwkInfo.jwk\n const header = jwtDecode<JWTHeader>(args.jwt, { header: true })\n const payload = jwtDecode<JWTPayload>(args.jwt, { header: false })\n const kid = args.kid ?? header.kid\n //const jwk = !kid ? jwkInfo.jwk : undefined // TODO double-check if this is correct\n const jwk = jwkInfo.jwk // FIXME workaround IATAB2B-57\n return {\n alg,\n ...identifier,\n jwt: { header, payload },\n ...(kid && { kid }),\n ...(jwk && { jwk }),\n } as JwtVerifyResult\n }\n\n const decodedJwt = (await decodeJWT(args.jwt)) as Jwt\n const kid = args.kid ?? decodedJwt.header.kid\n\n if (!kid || !kid.startsWith('did:')) {\n // No DID method present in header. We already performed the validation above. So return that\n return {\n alg: decodedJwt.header.alg,\n jwt: decodedJwt,\n } as JwtVerifyResult\n }\n const did = kid.split('#')[0]\n\n const didResult = await verifyJWT(args.jwt, verifyOpts)\n if (!didResult.verified) {\n console.log(`JWT invalid: ${args.jwt}`)\n throw Error('JWT did not verify successfully')\n }\n\n const didResolution = await resolver.resolve(did)\n if (!didResolution || !didResolution.didDocument) {\n throw Error(`Could not resolve did: ${did}, metadata: ${didResolution?.didResolutionMetadata}`)\n }\n\n const alg = decodedJwt.header.alg\n return {\n alg,\n kid,\n did,\n didDocument: didResolution.didDocument,\n jwt: decodedJwt,\n }\n }\n}\n\nexport async function getAccessTokenKeyRef(\n opts: {\n /**\n * Uniform identifier options\n */\n idOpts?: ManagedIdentifierOptsOrResult\n /**\n * @deprecated\n */\n iss?: string\n /**\n * @deprecated\n */\n keyRef?: string\n /**\n * @deprecated\n */\n didOpts?: IDIDOptions\n },\n context: IRequiredContext,\n) {\n let identifier = legacyKeyRefsToIdentifierOpts(opts)\n return await context.agent.identifierManagedGet(identifier)\n}\n\nexport async function getAccessTokenSignerCallback(\n opts: {\n /**\n * Uniform identifier options\n */\n idOpts?: ManagedIdentifierOptsOrResult\n /**\n * @deprecated\n */\n iss?: string\n /**\n * @deprecated\n */\n keyRef?: string\n /**\n * @deprecated\n */\n didOpts?: IDIDOptions\n },\n context: IRequiredContext,\n) {\n const signer = async (data: string | Uint8Array) => {\n let dataString, encoding: 'base64' | undefined\n\n const resolution = await legacyKeyRefsToIdentifierOpts(opts)\n const keyRef = resolution.kmsKeyRef\n if (!keyRef) {\n throw Error('Cannot sign access tokens without a key ref')\n }\n if (typeof data === 'string') {\n dataString = data\n encoding = undefined\n } else {\n dataString = bytesToBase64(data)\n encoding = 'base64'\n }\n return context.agent.keyManagerSign({ keyRef, data: dataString, encoding })\n }\n\n async function accessTokenSignerCallback(jwt: Jwt, kid?: string): Promise<string> {\n const issuer =\n opts.idOpts?.issuer ??\n (typeof opts.idOpts?.identifier === 'string' ? opts.idOpts.identifier : (opts.didOpts?.idOpts?.identifier?.toString() ?? opts?.iss))\n if (!issuer) {\n throw Error('No issuer configured for access tokens')\n }\n\n let kidHeader: string | undefined = jwt?.header?.kid ?? kid\n if (!kidHeader) {\n if (\n opts.idOpts?.method === 'did' ||\n opts.idOpts?.method === 'kid' ||\n (typeof opts.didOpts?.idOpts.identifier === 'string' && opts.didOpts?.idOpts?.identifier?.startsWith('did:'))\n ) {\n // @ts-ignore\n kidHeader = opts.idOpts?.kid ?? opts.didOpts?.idOpts?.kid ?? opts?.didOpts?.identifierOpts?.kid\n }\n }\n return await createJWT(jwt.payload, { signer, issuer }, { ...jwt.header, ...(kidHeader && { kid: kidHeader }), typ: 'JWT' })\n }\n\n return accessTokenSignerCallback\n}\n\nexport async function getCredentialSignerCallback(\n idOpts: ManagedIdentifierOptsOrResult & {\n crypto?: Crypto\n },\n context: IRequiredContext,\n): Promise<CredentialSignerCallback> {\n async function issueVCCallback(args: {\n credentialRequest: CredentialRequest\n credential: CredentialIssuanceInput\n jwtVerifyResult: JwtVerifyResult\n format?: OID4VCICredentialFormat\n statusLists?: Array<StatusListOpts>\n }): Promise<W3CVerifiableCredential | CompactSdJwtVc> {\n const { jwtVerifyResult, format, statusLists } = args\n const credential = args.credential as ICredential // TODO: SDJWT\n let proofFormat: ProofFormat\n\n const resolution = await context.agent.identifierManagedGet(idOpts)\n proofFormat = format?.includes('ld') ? 'lds' : 'jwt'\n const issuer = resolution.issuer ?? resolution.kmsKeyRef\n\n if (CredentialMapper.isW3cCredential(credential)) {\n if (!credential.issuer) {\n credential.issuer = { id: issuer }\n } else if (typeof credential.issuer === 'object' && !credential.issuer.id) {\n credential.issuer.id = issuer\n }\n const subjectIsArray = Array.isArray(credential.credentialSubject)\n let credentialSubjects = Array.isArray(credential.credentialSubject) ? credential.credentialSubject : [credential.credentialSubject]\n credentialSubjects = credentialSubjects.map((subject) => {\n if (!subject.id) {\n subject.id = jwtVerifyResult.did\n }\n return subject\n })\n credential.credentialSubject = subjectIsArray ? credentialSubjects : credentialSubjects[0]\n\n // TODO: We should extend the plugin capabilities of issuance so we do not have to tuck this into the sign callback\n if (contextHasPlugin<IStatusListPlugin>(context, 'slAddStatusToCredential')) {\n // Add status list if enabled (and when the input has a credentialStatus object (can be empty))\n const credentialStatusVC = await context.agent.slAddStatusToCredential({ credential, statusLists })\n if (credential.credentialStatus && !credential.credentialStatus.statusListCredential) {\n credential.credentialStatus = credentialStatusVC.credentialStatus\n // TODO update statusLists somehow?\n }\n }\n\n const result = await context.agent.createVerifiableCredential({\n credential: credential as CredentialPayload,\n proofFormat,\n removeOriginalFields: false,\n fetchRemoteContexts: true,\n domain: typeof credential.issuer === 'object' ? credential.issuer.id : credential.issuer,\n ...(resolution.kid && { header: { kid: resolution.kid } }),\n })\n return (proofFormat === 'jwt' && 'jwt' in result.proof ? result.proof.jwt : result) as W3CVerifiableCredential\n } else if (CredentialMapper.isSdJwtDecodedCredentialPayload(credential)) {\n const sdJwtPayload = credential as SdJwtVcPayload\n if (sdJwtPayload.iss === undefined) {\n sdJwtPayload.iss = issuer\n }\n if (sdJwtPayload.iat === undefined) {\n sdJwtPayload.iat = Math.floor(new Date().getTime() / 1000)\n }\n\n let disclosureFrame\n if ('disclosureFrame' in credential) {\n disclosureFrame = credential['disclosureFrame']\n delete credential['disclosureFrame']\n } else {\n disclosureFrame = {\n _sd: credential['_sd'],\n }\n }\n\n if (contextHasPlugin<IStatusListPlugin>(context, 'slAddStatusToSdJwtCredential')) {\n if ((sdJwtPayload.status && sdJwtPayload.status.status_list) || (statusLists && statusLists.length > 0)) {\n // Add status list if enabled (and when the input has a credentialStatus object (can be empty))\n const sdJwtPayloadWithStatus = await context.agent.slAddStatusToSdJwtCredential({ credential: sdJwtPayload, statusLists })\n if (sdJwtPayload.status?.status_list?.idx) {\n if (!sdJwtPayloadWithStatus.status || !sdJwtPayloadWithStatus.status.status_list) {\n // sdJwtPayload and sdJwtPayloadWithStatus is the same for now, but we should use the result anyway as this could be subject to change\n return Promise.reject(Error('slAddStatusToSdJwtCredential did not return a status_list'))\n }\n\n // Update statusListId & statusListIndex back to the credential session TODO SSISDK-4 This is not a clean way to do this.\n if (statusLists && statusLists.length > 0) {\n const statusList = statusLists[0]\n statusList.statusListId = sdJwtPayloadWithStatus.status.status_list.uri\n statusList.statusListIndex = sdJwtPayloadWithStatus.status.status_list.idx\n }\n sdJwtPayload.status.status_list.idx = sdJwtPayloadWithStatus.status.status_list.idx\n }\n }\n }\n\n const result = await context.agent.createSdJwtVc({\n credentialPayload: sdJwtPayload,\n disclosureFrame: disclosureFrame,\n resolution,\n })\n return result.credential\n } /*else if (CredentialMapper.isMsoMdocDecodedCredential(credential)) {\n TODO\n }*/\n return Promise.reject('VC issuance failed, an incorrect or unsupported credential was supplied')\n }\n\n return issueVCCallback\n}\n\nexport async function createVciIssuerBuilder(\n args: {\n issuerOpts: IIssuerOptions\n issuerMetadata: IssuerMetadata\n authorizationServerMetadata: AuthorizationServerMetadata\n resolver?: Resolvable\n credentialDataSupplier?: CredentialDataSupplier\n },\n context: IRequiredContext,\n): Promise<VcIssuerBuilder> {\n const { issuerOpts, issuerMetadata, authorizationServerMetadata } = args\n\n const builder = new VcIssuerBuilder()\n // @ts-ignore\n const resolver =\n args.resolver ??\n args?.issuerOpts?.didOpts?.resolveOpts?.resolver ??\n args.issuerOpts?.didOpts?.resolveOpts?.jwtVerifyOpts?.resolver ??\n getAgentResolver(context)\n if (!resolver) {\n throw Error('A Resolver is necessary to verify DID JWTs')\n }\n const idOpts = legacyKeyRefsToIdentifierOpts({ didOpts: issuerOpts.didOpts, idOpts: issuerOpts.idOpts })\n const jwtVerifyOpts: JWTVerifyOptions = {\n ...issuerOpts?.didOpts?.resolveOpts?.jwtVerifyOpts,\n ...args?.issuerOpts?.resolveOpts?.jwtVerifyOpts,\n resolver,\n audience: issuerMetadata.credential_issuer as string, // FIXME legacy version had {display: NameAndLocale | NameAndLocale[]} as credential_issuer\n }\n builder.withIssuerMetadata(issuerMetadata)\n builder.withAuthorizationMetadata(authorizationServerMetadata)\n // builder.withUserPinRequired(issuerOpts.userPinRequired ?? false) was removed from implementers draft v1\n builder.withCredentialSignerCallback(await getCredentialSignerCallback(idOpts, context))\n\n if (issuerOpts.asClientOpts) {\n builder.withASClientMetadata(issuerOpts.asClientOpts)\n // @ts-ignore\n // const authorizationServer = issuerMetadata.authorization_servers[0] as string\n // Set the OIDC verifier\n // builder.withJWTVerifyCallback(oidcAccessTokenVerifyCallback({clientMetadata: issuerOpts.asClientOpts, credentialIssuer: issuerMetadata.credential_issuer as string, authorizationServer}))\n }\n // Do not use it when asClient is used\n builder.withJWTVerifyCallback(getJwtVerifyCallback({ verifyOpts: jwtVerifyOpts }, context))\n\n if (args.credentialDataSupplier) {\n builder.withCredentialDataSupplier(args.credentialDataSupplier)\n }\n builder.withInMemoryCNonceState()\n builder.withInMemoryCredentialOfferState()\n builder.withInMemoryCredentialOfferURIState()\n\n return builder\n}\n\nexport async function createVciIssuer(\n {\n issuerOpts,\n issuerMetadata,\n authorizationServerMetadata,\n credentialDataSupplier,\n }: {\n issuerOpts: IIssuerOptions\n issuerMetadata: IssuerMetadata\n authorizationServerMetadata: AuthorizationServerMetadata\n credentialDataSupplier?: CredentialDataSupplier\n },\n context: IRequiredContext,\n): Promise<VcIssuer> {\n return (\n await createVciIssuerBuilder(\n {\n issuerOpts,\n issuerMetadata,\n authorizationServerMetadata,\n credentialDataSupplier,\n },\n context,\n )\n ).build()\n}\n\nexport async function createAuthRequestUriCallback(opts: { path: string; presentationDefinitionId: string }): Promise<() => Promise<string>> {\n async function authRequestUriCallback(): Promise<string> {\n const path = opts.path.replace(':definitionId', opts.presentationDefinitionId)\n return fetch(path, {\n method: 'POST',\n headers: {\n 'Content-Type': 'application/json',\n },\n }).then(async (response): Promise<string> => {\n if (response.status >= 400) {\n return Promise.reject(Error(await response.text()))\n } else {\n const responseData = await response.json()\n\n if (!responseData.authRequestURI) {\n return Promise.reject(Error('Missing auth request uri in response body'))\n }\n\n return responseData.authRequestURI\n }\n })\n }\n\n return authRequestUriCallback\n}\n\nexport async function createVerifyAuthResponseCallback(opts: {\n path: string\n presentationDefinitionId: string\n}): Promise<(correlationId: string) => Promise<boolean>> {\n async function verifyAuthResponseCallback(correlationId: string): Promise<boolean> {\n return fetch(opts.path, {\n method: 'POST',\n headers: {\n 'Content-Type': 'application/json',\n },\n body: JSON.stringify({ definitionId: opts.presentationDefinitionId, correlationId }),\n }).then(async (response): Promise<boolean> => {\n if (response.status >= 400) {\n return Promise.reject(Error(await response.text()))\n } else {\n const responseData = await response.json()\n\n if (!responseData.status) {\n return Promise.reject(Error('Missing status in response body'))\n }\n\n return responseData.status === AuthorizationResponseStateStatus.VERIFIED\n }\n })\n }\n\n return verifyAuthResponseCallback\n}\n","import { CredentialDataSupplier, VcIssuer } from '@sphereon/oid4vci-issuer'\nimport { createVciIssuerBuilder } from './functions'\nimport { AuthorizationServerMetadata, IssuerMetadata } from '@sphereon/oid4vci-common'\nimport { IIssuerOptions, IMetadataOptions, IRequiredContext } from './types/IOID4VCIIssuer'\n\nexport class IssuerInstance {\n private _issuer: VcIssuer | undefined\n private readonly _metadataOptions: IMetadataOptions\n private readonly _issuerOptions: IIssuerOptions\n private _issuerMetadata: IssuerMetadata\n private readonly _authorizationServerMetadata: AuthorizationServerMetadata\n\n public constructor({\n issuerOpts,\n metadataOpts,\n issuerMetadata,\n authorizationServerMetadata,\n }: {\n issuerOpts: IIssuerOptions\n metadataOpts: IMetadataOptions\n issuerMetadata: IssuerMetadata\n authorizationServerMetadata: AuthorizationServerMetadata\n }) {\n this._issuerOptions = issuerOpts\n this._metadataOptions = metadataOpts\n this._issuerMetadata = issuerMetadata\n this._authorizationServerMetadata = authorizationServerMetadata\n }\n\n public async get(opts: { context: IRequiredContext; credentialDataSupplier?: CredentialDataSupplier }): Promise<VcIssuer> {\n if (!this._issuer) {\n const builder = await createVciIssuerBuilder(\n {\n issuerOpts: this.issuerOptions,\n issuerMetadata: this.issuerMetadata,\n authorizationServerMetadata: this.authorizationServerMetadata,\n credentialDataSupplier: opts?.credentialDataSupplier,\n },\n opts.context,\n )\n this._issuer = builder.build()\n }\n return this._issuer\n }\n\n get issuerOptions() {\n return this._issuerOptions\n }\n\n get metadataOptions() {\n return this._metadataOptions\n }\n\n get issuerMetadata() {\n return this._issuerMetadata\n }\n\n set issuerMetadata(value: IssuerMetadata) {\n this._issuerMetadata = value\n }\n\n get authorizationServerMetadata() {\n return this._authorizationServerMetadata\n }\n}\n"],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAAA;AAAA,gCAAAA,SAAA;AAAA,IAAAA,QAAA;AAAA,MACE,6BAA+B;AAAA,QAC7B,YAAc;AAAA,UACZ,SAAW;AAAA,YACT,qBAAuB;AAAA,cACrB,MAAQ;AAAA,cACR,YAAc;AAAA,gBACZ,WAAa;AAAA,kBACX,MAAQ;AAAA,gBACV;AAAA,gBACA,sBAAwB;AAAA,cAC1B;AAAA,cACA,UAAY,CAAC,WAAW;AAAA,cACxB,aAAe;AAAA,YACjB;AAAA,YACA,0BAA4B;AAAA,cAC1B,MAAQ;AAAA,cACR,YAAc;AAAA,gBACZ,YAAc;AAAA,kBACZ,MAAQ;AAAA,kBACR,YAAc;AAAA,oBACZ,KAAO;AAAA,sBACL,MAAQ;AAAA,oBACV;AAAA,oBACA,OAAS;AAAA,sBACP,MAAQ;AAAA,oBACV;AAAA,oBACA,UAAY;AAAA,sBACV,MAAQ;AAAA,oBACV;AAAA,oBACA,iBAAmB;AAAA,sBACjB,MAAQ;AAAA,oBACV;AAAA,oBACA,MAAQ;AAAA,sBACN,MAAQ;AAAA,sBACR,OAAS;AAAA,wBACP,MAAQ;AAAA,wBACR,YAAc;AAAA,0BACZ,sBAAwB;AAAA,wBAC1B;AAAA,sBACF;AAAA,oBACF;AAAA,oBACA,UAAY;AAAA,sBACV,MAAQ;AAAA,sBACR,OAAS;AAAA,wBACP,MAAQ;AAAA,wBACR,YAAc;AAAA,0BACZ,sBAAwB;AAAA,wBAC1B;AAAA,sBACF;AAAA,oBACF;AAAA,kBACF;AAAA,kBACA,sBAAwB;AAAA,kBACxB,UAAY,CAAC,OAAO,YAAY,QAAQ,UAAU;AAAA,gBACpD;AAAA,gBACA,WAAa;AAAA,kBACX,MAAQ;AAAA,gBACV;AAAA,gBACA,WAAa;AAAA,kBACX,MAAQ;AAAA,gBACV;AAAA,gBACA,sBAAwB;AAAA,cAC1B;AAAA,cACA,UAAY,CAAC,YAAY;AAAA,cACzB,aAAe;AAAA,YACjB;AAAA,YACA,wBAA0B;AAAA,cACxB,MAAQ;AAAA,cACR,YAAc;AAAA,gBACZ,WAAa;AAAA,kBACX,MAAQ;AAAA,gBACV;AAAA,gBACA,sBAAwB;AAAA,cAC1B;AAAA,cACA,UAAY,CAAC,WAAW;AAAA,cACxB,aAAe;AAAA,YACjB;AAAA,YACA,2BAA6B;AAAA,cAC3B,MAAQ;AAAA,cACR,YAAc;AAAA,gBACZ,WAAa;AAAA,kBACX,MAAQ;AAAA,gBACV;AAAA,gBACA,SAAW;AAAA,kBACT,MAAQ;AAAA,gBACV;AAAA,gBACA,aAAe;AAAA,kBACb,MAAQ;AAAA,gBACV;AAAA,gBACA,sBAAwB;AAAA,cAC1B;AAAA,cACA,UAAY,CAAC,aAAa,WAAW,aAAa;AAAA,cAClD,aAAe;AAAA,YACjB;AAAA,YACA,WAAa;AAAA,cACX,MAAQ;AAAA,cACR,YAAc;AAAA,gBACZ,QAAU;AAAA,kBACR,MAAQ;AAAA,gBACV;AAAA,gBACA,sBAAwB;AAAA,cAC1B;AAAA,cACA,UAAY,CAAC,QAAQ;AAAA,cACrB,aAAe;AAAA,YACjB;AAAA,YACA,yCAA2C;AAAA,cACzC,MAAQ;AAAA,cACR,YAAc;AAAA,gBACZ,WAAa;AAAA,kBACX,MAAQ;AAAA,gBACV;AAAA,gBACA,SAAW;AAAA,kBACT,MAAQ;AAAA,gBACV;AAAA,gBACA,aAAe;AAAA,kBACb,MAAQ;AAAA,gBACV;AAAA,gBACA,sBAAwB;AAAA,cAC1B;AAAA,cACA,UAAY,CAAC,aAAa,WAAW,aAAa;AAAA,cAClD,aAAe;AAAA,YACjB;AAAA,YACA,gCAAkC;AAAA,cAChC,MAAQ;AAAA,cACR,YAAc;AAAA,gBACZ,KAAO;AAAA,kBACL,MAAQ;AAAA,gBACV;AAAA,gBACA,gBAAkB;AAAA,kBAChB,MAAQ;AAAA,kBACR,YAAc;AAAA,oBACZ,sBAAwB;AAAA,kBAC1B;AAAA,gBACF;AAAA,gBACA,cAAgB;AAAA,kBACd,MAAQ;AAAA,kBACR,YAAc;AAAA,oBACZ,sBAAwB;AAAA,kBAC1B;AAAA,gBACF;AAAA,gBACA,sBAAwB;AAAA,cAC1B;AAAA,cACA,UAAY,CAAC,OAAO,kBAAkB,cAAc;AAAA,cACpD,aAAe;AAAA,YACjB;AAAA,YACA,0CAA4C;AAAA,cAC1C,MAAQ;AAAA,cACR,YAAc;AAAA,gBACZ,WAAa;AAAA,kBACX,MAAQ;AAAA,gBACV;AAAA,gBACA,+BAAiC;AAAA,kBAC/B,MAAQ;AAAA,kBACR,YAAc;AAAA,oBACZ,sBAAwB;AAAA,kBAC1B;AAAA,gBACF;AAAA,gBACA,kBAAoB;AAAA,kBAClB,MAAQ;AAAA,kBACR,YAAc;AAAA,oBACZ,sBAAwB;AAAA,kBAC1B;AAAA,gBACF;AAAA,gBACA,sBAAwB;AAAA,cAC1B;AAAA,cACA,UAAY,CAAC,aAAa,+BAA+B;AAAA,cACzD,aAAe;AAAA,YACjB;AAAA,YACA,qBAAuB;AAAA,cACrB,MAAQ;AAAA,cACR,YAAc;AAAA,gBACZ,IAAM;AAAA,kBACJ,MAAQ;AAAA,gBACV;AAAA,gBACA,aAAe;AAAA,kBACb,MAAQ;AAAA,kBACR,OAAS;AAAA,oBACP,MAAQ;AAAA,kBACV;AAAA,gBACF;AAAA,gBACA,gBAAkB;AAAA,kBAChB,MAAQ;AAAA,kBACR,YAAc;AAAA,oBACZ,sBAAwB;AAAA,kBAC1B;AAAA,gBACF;AAAA,gBACA,sBAAwB;AAAA,cAC1B;AAAA,cACA,UAAY,CAAC,MAAM,gBAAgB;AAAA,cACnC,aAAe;AAAA,YACjB;AAAA,YACA,yCAA2C;AAAA,cACzC,MAAQ;AAAA,cACR,YAAc;AAAA,gBACZ,WAAa;AAAA,kBACX,MAAQ;AAAA,gBACV;AAAA,gBACA,gCAAkC;AAAA,kBAChC,MAAQ;AAAA,kBACR,YAAc;AAAA,oBACZ,sBAAwB;AAAA,kBAC1B;AAAA,gBACF;AAAA,gBACA,sBAAwB;AAAA,cAC1B;AAAA,cACA,UAAY,CAAC,aAAa,gCAAgC;AAAA,cAC1D,aAAe;AAAA,YACjB;AAAA,YACA,8BAAgC;AAAA,cAC9B,MAAQ;AAAA,cACR,YAAc;AAAA,gBACZ,SAAW;AAAA,kBACT,MAAQ;AAAA,kBACR,YAAc;AAAA,oBACZ,sBAAwB;AAAA,kBAC1B;AAAA,gBACF;AAAA,gBACA,yBAA2B;AAAA,kBACzB,MAAQ;AAAA,kBACR,YAAc;AAAA,oBACZ,sBAAwB;AAAA,kBAC1B;AAAA,gBACF;AAAA,gBACA,YAAc;AAAA,kBACZ,MAAQ;AAAA,kBACR,YAAc;AAAA,oBACZ,sBAAwB;AAAA,kBAC1B;AAAA,gBACF;AAAA,gBACA,sBAAwB;AAAA,cAC1B;AAAA,cACA,UAAY,CAAC,WAAW,YAAY;AAAA,cACpC,aAAe;AAAA,YACjB;AAAA,YACA,qCAAuC;AAAA,cACrC,MAAQ;AAAA,cACR,YAAc;AAAA,gBACZ,WAAa;AAAA,kBACX,MAAQ;AAAA,gBACV;AAAA,gBACA,+BAAiC;AAAA,kBAC/B,MAAQ;AAAA,kBACR,YAAc;AAAA,oBACZ,sBAAwB;AAAA,kBAC1B;AAAA,gBACF;AAAA,gBACA,gCAAkC;AAAA,kBAChC,MAAQ;AAAA,kBACR,YAAc;AAAA,oBACZ,sBAAwB;AAAA,kBAC1B;AAAA,gBACF;AAAA,gBACA,sBAAwB;AAAA,cAC1B;AAAA,cACA,UAAY,CAAC,aAAa,+BAA+B;AAAA,cACzD,aAAe;AAAA,YACjB;AAAA,UACF;AAAA,UACA,SAAW;AAAA,YACT,mBAAqB;AAAA,cACnB,aAAe;AAAA,cACf,WAAa;AAAA,gBACX,MAAQ;AAAA,cACV;AAAA,cACA,YAAc;AAAA,YAChB;AAAA,YACA,wBAA0B;AAAA,cACxB,aAAe;AAAA,cACf,WAAa;AAAA,gBACX,MAAQ;AAAA,cACV;AAAA,cACA,YAAc;AAAA,YAChB;AAAA,YACA,sBAAwB;AAAA,cACtB,aAAe;AAAA,cACf,WAAa;AAAA,gBACX,MAAQ;AAAA,cACV;AAAA,cACA,YAAc;AAAA,YAChB;AAAA,YACA,sBAAwB;AAAA,cACtB,aAAe;AAAA,cACf,WAAa;AAAA,gBACX,MAAQ;AAAA,cACV;AAAA,cACA,YAAc;AAAA,gBACZ,MAAQ;AAAA,cACV;AAAA,YACF;AAAA,YACA,oCAAsC;AAAA,cACpC,aAAe;AAAA,cACf,WAAa;AAAA,gBACX,MAAQ;AAAA,cACV;AAAA,cACA,YAAc;AAAA,gBACZ,MAAQ;AAAA,cACV;AAAA,YACF;AAAA,YACA,qCAAuC;AAAA,cACrC,aAAe;AAAA,cACf,WAAa;AAAA,gBACX,MAAQ;AAAA,cACV;AAAA,cACA,YAAc;AAAA,gBACZ,MAAQ;AAAA,cACV;AAAA,YACF;AAAA,YACA,oCAAsC;AAAA,cACpC,aAAe;AAAA,cACf,WAAa;AAAA,gBACX,MAAQ;AAAA,cACV;AAAA,cACA,YAAc;AAAA,gBACZ,MAAQ;AAAA,cACV;AAAA,YACF;AAAA,YACA,gCAAkC;AAAA,cAChC,aAAe;AAAA,cACf,WAAa;AAAA,gBACX,MAAQ;AAAA,cACV;AAAA,cACA,YAAc;AAAA,gBACZ,MAAQ;AAAA,cACV;AAAA,YACF;AAAA,UACF;AAAA,QACF;AAAA,MACF;AAAA,IACF;AAAA;AAAA;;;ACxUA;;;;;;;;;;;;;;;;;ACAA,4BAOO;AACP,IAAAC,yBAAmF;AACnF,4BAAkC;AAClC,IAAAC,sBAAiC;;;ACCjC,4BAAqH;AACrH,yBAA8C;AAC9C,IAAAC,sBAA6E;AAC7E,qBAAiC;AAGjC,uBAAuF;AAEvF,mBAA8B;AAC9B,qBAAkE;AAElE,wBAA0B;AAE1B,yBAAkB;AAClB,2BAAiD;AAE1C,SAASC,qBAAqB,EAAEC,WAAU,GAAuCC,UAA0B;AAChH,SAAO,OAAOC,SAAAA;AACZ,UAAMC,eAAWC,qCAAiBH,UAAU;MAC1CI,oBAAoB;MACpBC,uBAAuB;MACvBC,iBAAiB;IACnB,CAAA;AACAP,iBAAa;MAAE,GAAGA;MAAYG,UAAUH,YAAYG;IAAS;AAC7D,QAAI,CAACH,YAAYG,YAAY,OAAOH,YAAYG,UAAUK,YAAY,YAAY;AAChFR,iBAAWG,WAAWA;IACxB;AACA,UAAMM,SAAS,MAAMR,SAASS,MAAMC,sBAAsB;MAAEC,KAAKV,KAAKW;IAAI,CAAA;AAC1E,QAAI,CAACJ,OAAOK,OAAO;AACjB,YAAMC,aAAaN,OAAOG,IAAII,WAAW,CAAA,EAAGD;AAC5C,UAAI,CAACA,YAAY;AACf,eAAOE,QAAQC,OAAOC,MAAM,wDAAA,CAAA;MAC9B;AACA,YAAMC,UAAUL,WAAWM,KAAK,CAAA;AAChC,UAAI,CAACD,SAAS;AACZ,eAAOH,QAAQC,OAAOC,MAAM,0BAA0BJ,WAAWO,MAAM,oCAAoC,CAAA;MAC7G;AACA,YAAM,EAAEC,KAAAA,KAAG,IAAKH,QAAQI;AACxB,YAAMC,aAASC,6BAAqBxB,KAAKW,KAAK;QAAEY,QAAQ;MAAK,CAAA;AAC7D,YAAME,cAAUD,6BAAsBxB,KAAKW,KAAK;QAAEY,QAAQ;MAAM,CAAA;AAChE,YAAMG,OAAM1B,KAAK0B,OAAOH,OAAOG;AAE/B,YAAMJ,MAAMJ,QAAQI;AACpB,aAAO;QACLD,KAAAA;QACA,GAAGR;QACHF,KAAK;UAAEY;UAAQE;QAAQ;QACvB,GAAIC,QAAO;UAAEA,KAAAA;QAAI;QACjB,GAAIJ,OAAO;UAAEA;QAAI;MACnB;IACF;AAEA,UAAMK,aAAc,UAAMC,0BAAU5B,KAAKW,GAAG;AAC5C,UAAMe,MAAM1B,KAAK0B,OAAOC,WAAWJ,OAAOG;AAE1C,QAAI,CAACA,OAAO,CAACA,IAAIG,WAAW,MAAA,GAAS;AAEnC,aAAO;QACLR,KAAKM,WAAWJ,OAAOF;QACvBV,KAAKgB;MACP;IACF;AACA,UAAMG,MAAMJ,IAAIK,MAAM,GAAA,EAAK,CAAA;AAE3B,UAAMC,YAAY,UAAMC,0BAAUjC,KAAKW,KAAKb,UAAAA;AAC5C,QAAI,CAACkC,UAAUE,UAAU;AACvBC,cAAQC,IAAI,gBAAgBpC,KAAKW,GAAG,EAAE;AACtC,YAAMM,MAAM,iCAAA;IACd;AAEA,UAAMoB,gBAAgB,MAAMpC,SAASK,QAAQwB,GAAAA;AAC7C,QAAI,CAACO,iBAAiB,CAACA,cAAcC,aAAa;AAChD,YAAMrB,MAAM,0BAA0Ba,GAAAA,eAAkBO,eAAeE,qBAAAA,EAAuB;IAChG;AAEA,UAAMlB,MAAMM,WAAWJ,OAAOF;AAC9B,WAAO;MACLA;MACAK;MACAI;MACAQ,aAAaD,cAAcC;MAC3B3B,KAAKgB;IACP;EACF;AACF;AApEgB9B;AAsEhB,eAAsB2C,qBACpBC,MAkBAC,SAAyB;AAEzB,MAAI7B,iBAAa8B,mDAA8BF,IAAAA;AAC/C,SAAO,MAAMC,QAAQlC,MAAMoC,qBAAqB/B,UAAAA;AAClD;AAvBsB2B;AAyBtB,eAAsBK,6BACpBJ,MAkBAC,SAAyB;AAEzB,QAAMI,SAAS,8BAAOC,SAAAA;AACpB,QAAIC,YAAYC;AAEhB,UAAMC,aAAa,UAAMP,mDAA8BF,IAAAA;AACvD,UAAMU,SAASD,WAAWE;AAC1B,QAAI,CAACD,QAAQ;AACX,YAAMlC,MAAM,6CAAA;IACd;AACA,QAAI,OAAO8B,SAAS,UAAU;AAC5BC,mBAAaD;AACbE,iBAAWI;IACb,OAAO;AACLL,uBAAaM,4BAAcP,IAAAA;AAC3BE,iBAAW;IACb;AACA,WAAOP,QAAQlC,MAAM+C,eAAe;MAAEJ;MAAQJ,MAAMC;MAAYC;IAAS,CAAA;EAC3E,GAhBe;AAkBf,iBAAeO,0BAA0B7C,KAAUe,KAAY;AAC7D,UAAM+B,SACJhB,KAAKiB,QAAQD,WACZ,OAAOhB,KAAKiB,QAAQ7C,eAAe,WAAW4B,KAAKiB,OAAO7C,aAAc4B,KAAKkB,SAASD,QAAQ7C,YAAY+C,SAAAA,KAAcnB,MAAMoB;AACjI,QAAI,CAACJ,QAAQ;AACX,YAAMxC,MAAM,wCAAA;IACd;AAEA,QAAI6C,YAAgCnD,KAAKY,QAAQG,OAAOA;AACxD,QAAI,CAACoC,WAAW;AACd,UACErB,KAAKiB,QAAQtC,WAAW,SACxBqB,KAAKiB,QAAQtC,WAAW,SACvB,OAAOqB,KAAKkB,SAASD,OAAO7C,eAAe,YAAY4B,KAAKkB,SAASD,QAAQ7C,YAAYgB,WAAW,MAAA,GACrG;AAEAiC,oBAAYrB,KAAKiB,QAAQhC,OAAOe,KAAKkB,SAASD,QAAQhC,OAAOe,MAAMkB,SAASI,gBAAgBrC;MAC9F;IACF;AACA,WAAO,UAAMsC,0BAAUrD,IAAIc,SAAS;MAAEqB;MAAQW;IAAO,GAAG;MAAE,GAAG9C,IAAIY;MAAQ,GAAIuC,aAAa;QAAEpC,KAAKoC;MAAU;MAAIG,KAAK;IAAM,CAAA;EAC5H;AApBeT;AAsBf,SAAOA;AACT;AA9DsBX;AAgEtB,eAAsBqB,4BACpBR,QAGAhB,SAAyB;AAEzB,iBAAeyB,gBAAgBnE,MAM9B;AACC,UAAM,EAAEoE,iBAAiBC,QAAQC,YAAW,IAAKtE;AACjD,UAAMuE,aAAavE,KAAKuE;AACxB,QAAIC;AAEJ,UAAMtB,aAAa,MAAMR,QAAQlC,MAAMoC,qBAAqBc,MAAAA;AAC5Dc,kBAAcH,QAAQI,SAAS,IAAA,IAAQ,QAAQ;AAC/C,UAAMhB,SAASP,WAAWO,UAAUP,WAAWE;AAE/C,QAAIsB,kCAAiBC,gBAAgBJ,UAAAA,GAAa;AAChD,UAAI,CAACA,WAAWd,QAAQ;AACtBc,mBAAWd,SAAS;UAAEmB,IAAInB;QAAO;MACnC,WAAW,OAAOc,WAAWd,WAAW,YAAY,CAACc,WAAWd,OAAOmB,IAAI;AACzEL,mBAAWd,OAAOmB,KAAKnB;MACzB;AACA,YAAMoB,iBAAiBC,MAAMC,QAAQR,WAAWS,iBAAiB;AACjE,UAAIC,qBAAqBH,MAAMC,QAAQR,WAAWS,iBAAiB,IAAIT,WAAWS,oBAAoB;QAACT,WAAWS;;AAClHC,2BAAqBA,mBAAmBC,IAAI,CAACC,YAAAA;AAC3C,YAAI,CAACA,QAAQP,IAAI;AACfO,kBAAQP,KAAKR,gBAAgBtC;QAC/B;AACA,eAAOqD;MACT,CAAA;AACAZ,iBAAWS,oBAAoBH,iBAAiBI,qBAAqBA,mBAAmB,CAAA;AAGxF,cAAIG,iCAAoC1C,SAAS,yBAAA,GAA4B;AAE3E,cAAM2C,qBAAqB,MAAM3C,QAAQlC,MAAM8E,wBAAwB;UAAEf;UAAYD;QAAY,CAAA;AACjG,YAAIC,WAAWgB,oBAAoB,CAAChB,WAAWgB,iBAAiBC,sBAAsB;AACpFjB,qBAAWgB,mBAAmBF,mBAAmBE;QAEnD;MACF;AAEA,YAAMhF,SAAS,MAAMmC,QAAQlC,MAAMiF,2BAA2B;QAC5DlB;QACAC;QACAkB,sBAAsB;QACtBC,qBAAqB;QACrBC,QAAQ,OAAOrB,WAAWd,WAAW,WAAWc,WAAWd,OAAOmB,KAAKL,WAAWd;QAClF,GAAIP,WAAWxB,OAAO;UAAEH,QAAQ;YAAEG,KAAKwB,WAAWxB;UAAI;QAAE;MAC1D,CAAA;AACA,aAAQ8C,gBAAgB,SAAS,SAASjE,OAAOsF,QAAQtF,OAAOsF,MAAMlF,MAAMJ;IAC9E,WAAWmE,kCAAiBoB,gCAAgCvB,UAAAA,GAAa;AACvE,YAAMwB,eAAexB;AACrB,UAAIwB,aAAalC,QAAQR,QAAW;AAClC0C,qBAAalC,MAAMJ;MACrB;AACA,UAAIsC,aAAaC,QAAQ3C,QAAW;AAClC0C,qBAAaC,MAAMC,KAAKC,OAAM,oBAAIC,KAAAA,GAAOC,QAAO,IAAK,GAAA;MACvD;AAEA,UAAIC;AACJ,UAAI,qBAAqB9B,YAAY;AACnC8B,0BAAkB9B,WAAW,iBAAA;AAC7B,eAAOA,WAAW,iBAAA;MACpB,OAAO;AACL8B,0BAAkB;UAChBC,KAAK/B,WAAW,KAAA;QAClB;MACF;AAEA,cAAIa,iCAAoC1C,SAAS,8BAAA,GAAiC;AAChF,YAAKqD,aAAaQ,UAAUR,aAAaQ,OAAOC,eAAiBlC,eAAeA,YAAYmC,SAAS,GAAI;AAEvG,gBAAMC,yBAAyB,MAAMhE,QAAQlC,MAAMmG,6BAA6B;YAAEpC,YAAYwB;YAAczB;UAAY,CAAA;AACxH,cAAIyB,aAAaQ,QAAQC,aAAaI,KAAK;AACzC,gBAAI,CAACF,uBAAuBH,UAAU,CAACG,uBAAuBH,OAAOC,aAAa;AAEhF,qBAAOzF,QAAQC,OAAOC,MAAM,2DAAA,CAAA;YAC9B;AAGA,gBAAIqD,eAAeA,YAAYmC,SAAS,GAAG;AACzC,oBAAMI,aAAavC,YAAY,CAAA;AAC/BuC,yBAAWC,eAAeJ,uBAAuBH,OAAOC,YAAYO;AACpEF,yBAAWG,kBAAkBN,uBAAuBH,OAAOC,YAAYI;YACzE;AACAb,yBAAaQ,OAAOC,YAAYI,MAAMF,uBAAuBH,OAAOC,YAAYI;UAClF;QACF;MACF;AAEA,YAAMrG,SAAS,MAAMmC,QAAQlC,MAAMyG,cAAc;QAC/CC,mBAAmBnB;QACnBM;QACAnD;MACF,CAAA;AACA,aAAO3C,OAAOgE;IAChB;AAGA,WAAOxD,QAAQC,OAAO,yEAAA;EACxB;AApGemD;AAsGf,SAAOA;AACT;AA7GsBD;AA+GtB,eAAsBiD,uBACpBnH,MAOA0C,SAAyB;AAEzB,QAAM,EAAE0E,YAAYC,gBAAgBC,4BAA2B,IAAKtH;AAEpE,QAAMuH,UAAU,IAAIC,sCAAAA;AAEpB,QAAMvH,WACJD,KAAKC,YACLD,MAAMoH,YAAYzD,SAAS8D,aAAaxH,YACxCD,KAAKoH,YAAYzD,SAAS8D,aAAaC,eAAezH,gBACtDC,qCAAiBwC,OAAAA;AACnB,MAAI,CAACzC,UAAU;AACb,UAAMgB,MAAM,4CAAA;EACd;AACA,QAAMyC,aAASf,mDAA8B;IAAEgB,SAASyD,WAAWzD;IAASD,QAAQ0D,WAAW1D;EAAO,CAAA;AACtG,QAAMgE,gBAAkC;IACtC,GAAGN,YAAYzD,SAAS8D,aAAaC;IACrC,GAAG1H,MAAMoH,YAAYK,aAAaC;IAClCzH;IACA0H,UAAUN,eAAeO;EAC3B;AACAL,UAAQM,mBAAmBR,cAAAA;AAC3BE,UAAQO,0BAA0BR,2BAAAA;AAElCC,UAAQQ,6BAA6B,MAAM7D,4BAA4BR,QAAQhB,OAAAA,CAAAA;AAE/E,MAAI0E,WAAWY,cAAc;AAC3BT,YAAQU,qBAAqBb,WAAWY,YAAY;EAKtD;AAEAT,UAAQW,sBAAsBrI,qBAAqB;IAAEC,YAAY4H;EAAc,GAAGhF,OAAAA,CAAAA;AAElF,MAAI1C,KAAKmI,wBAAwB;AAC/BZ,YAAQa,2BAA2BpI,KAAKmI,sBAAsB;EAChE;AACAZ,UAAQc,wBAAuB;AAC/Bd,UAAQe,iCAAgC;AACxCf,UAAQgB,oCAAmC;AAE3C,SAAOhB;AACT;AApDsBJ;AAsDtB,eAAsBqB,gBACpB,EACEpB,YACAC,gBACAC,6BACAa,uBAAsB,GAOxBzF,SAAyB;AAEzB,UACE,MAAMyE,uBACJ;IACEC;IACAC;IACAC;IACAa;EACF,GACAzF,OAAAA,GAEF+F,MAAK;AACT;AAzBsBD;AA2BtB,eAAsBE,6BAA6BjG,MAAwD;AACzG,iBAAekG,yBAAAA;AACb,UAAMC,OAAOnG,KAAKmG,KAAKC,QAAQ,iBAAiBpG,KAAKqG,wBAAwB;AAC7E,eAAOC,mBAAAA,SAAMH,MAAM;MACjBxH,QAAQ;MACR4H,SAAS;QACP,gBAAgB;MAClB;IACF,CAAA,EAAGC,KAAK,OAAOC,aAAAA;AACb,UAAIA,SAAS3C,UAAU,KAAK;AAC1B,eAAOxF,QAAQC,OAAOC,MAAM,MAAMiI,SAASC,KAAI,CAAA,CAAA;MACjD,OAAO;AACL,cAAMC,eAAe,MAAMF,SAASG,KAAI;AAExC,YAAI,CAACD,aAAaE,gBAAgB;AAChC,iBAAOvI,QAAQC,OAAOC,MAAM,2CAAA,CAAA;QAC9B;AAEA,eAAOmI,aAAaE;MACtB;IACF,CAAA;EACF;AApBeX;AAsBf,SAAOA;AACT;AAxBsBD;AA0BtB,eAAsBa,iCAAiC9G,MAGtD;AACC,iBAAe+G,2BAA2BC,eAAqB;AAC7D,eAAOV,mBAAAA,SAAMtG,KAAKmG,MAAM;MACtBxH,QAAQ;MACR4H,SAAS;QACP,gBAAgB;MAClB;MACAU,MAAMC,KAAKC,UAAU;QAAEC,cAAcpH,KAAKqG;QAA0BW;MAAc,CAAA;IACpF,CAAA,EAAGR,KAAK,OAAOC,aAAAA;AACb,UAAIA,SAAS3C,UAAU,KAAK;AAC1B,eAAOxF,QAAQC,OAAOC,MAAM,MAAMiI,SAASC,KAAI,CAAA,CAAA;MACjD,OAAO;AACL,cAAMC,eAAe,MAAMF,SAASG,KAAI;AAExC,YAAI,CAACD,aAAa7C,QAAQ;AACxB,iBAAOxF,QAAQC,OAAOC,MAAM,iCAAA,CAAA;QAC9B;AAEA,eAAOmI,aAAa7C,WAAWuD,sDAAiCC;MAClE;IACF,CAAA;EACF;AApBeP;AAsBf,SAAOA;AACT;AA3BsBD;;;AC/Yf,IAAMS,iBAAN,MAAMA;EAJb,OAIaA;;;EACHC;EACSC;EACAC;EACTC;EACSC;EAEjB,YAAmB,EACjBC,YACAC,cACAC,gBACAC,4BAA2B,GAM1B;AACD,SAAKN,iBAAiBG;AACtB,SAAKJ,mBAAmBK;AACxB,SAAKH,kBAAkBI;AACvB,SAAKH,+BAA+BI;EACtC;EAEA,MAAaC,IAAIC,MAAyG;AACxH,QAAI,CAAC,KAAKV,SAAS;AACjB,YAAMW,UAAU,MAAMC,uBACpB;QACEP,YAAY,KAAKQ;QACjBN,gBAAgB,KAAKA;QACrBC,6BAA6B,KAAKA;QAClCM,wBAAwBJ,MAAMI;MAChC,GACAJ,KAAKK,OAAO;AAEd,WAAKf,UAAUW,QAAQK,MAAK;IAC9B;AACA,WAAO,KAAKhB;EACd;EAEA,IAAIa,gBAAgB;AAClB,WAAO,KAAKX;EACd;EAEA,IAAIe,kBAAkB;AACpB,WAAO,KAAKhB;EACd;EAEA,IAAIM,iBAAiB;AACnB,WAAO,KAAKJ;EACd;EAEA,IAAII,eAAeW,OAAuB;AACxC,SAAKf,kBAAkBe;EACzB;EAEA,IAAIV,8BAA8B;AAChC,WAAO,KAAKJ;EACd;AACF;;;AFnCO,IAAMe,gBAAN,MAAMA,eAAAA;EA7Bb,OA6BaA;;;EACX,OAAwBC,oBAAoB;EAC3BC,YAAyC,oBAAIC,IAAAA;EACrDC,SAASA,OAAOC;EAEhBC,UAA0B;IACjCC,uBAAuB,KAAKA,sBAAsBC,KAAK,IAAI;IAC3DC,wBAAwB,KAAKA,uBAAuBD,KAAK,IAAI;IAC7DE,kCAAkC,KAAKA,iCAAiCF,KAAK,IAAI;IACjFG,oBAAoB,KAAKA,mBAAmBH,KAAK,IAAI;EACvD;EACQI;EAERC,YAAYC,MAA2B;AACrC,SAAKF,QAAQE,QAAQ,CAAC;EACxB;EAEA,MAAcP,sBAAsBQ,YAA8BC,SAAqE;AACrI,WAAO,MAAM,KAAKL,mBAAmBI,YAAYC,OAAAA,EAC9CC,KAAK,CAACC,aAAaA,SAASC,IAAI;MAAEH;IAAQ,CAAA,CAAA,EAC1CC,KAAK,CAACG,WACLA,OAAOC,yBAAyBN,UAAAA,EAAYE,KAAK,CAACK,aAAAA;AAChD,YAAMC,SAA0CD;AAChD,UAAI,KAAKV,MAAMY,mBAAmB,OAAO;AACvC,eAAOD,OAAOE;MAChB;AACA,aAAOF;IACT,CAAA,CAAA;EAEN;EAEA,MAAcd,uBAAuBiB,WAAiCV,SAAwD;AAC5H,WAAO,MAAM,KAAKL,mBAAmBe,WAAWV,OAAAA,EAC7CC,KAAK,CAACC,aAAaA,SAASC,IAAI;MAAEH;IAAQ,CAAA,CAAA,EAC1CC,KAAK,CAACG,WAAqBA,OAAOO,gBAAgBD,SAAAA,CAAAA;EACvD;EAEA,MAAchB,iCACZkB,iBACAZ,SAC8B;AAC9B,WAAO,MAAM,KAAKL,mBAAmBiB,iBAAiBZ,OAAAA,EAASC,KAAK,OAAOC,aAAAA;AACzE,YAAME,SAAS,MAAMF,SAASC,IAAI;QAAEH;MAAQ,CAAA;AAE5C,gBAAMa,sDAA8BD,gBAAgBE,SAAS;QAC3DC,yBAAyBX,OAAOW;QAChCC,oBAAoBJ,gBAAgBI;MACtC,CAAA;AACA,YAAMC,oBAAoBf,SAASgB,cAAcC,QAAQf,UAAUF,SAASgB,cAAcE,SAASD,OAAOE,WAAWC,SAAAA;AACrH,UAAI,CAACL,mBAAmB;AACtB,eAAOM,QAAQC,OAAOC,MAAM,yCAAyC,CAAA;MACvE;AACA,iBAAOC,kDAA0Bd,gBAAgBE,SAAS;QACxDG;QACAU,gBAAgBf,gBAAgBI;QAChCY,iBAAiBhB,gBAAgBI;QACjCa,SAASzB,OAAOyB;QAChBd,yBAAyBX,OAAOW;QAChCe,2BAA2B,MAAMC,6BAA6B7B,SAASgB,eAAelB,OAAAA;MACxF,CAAA;IACF,CAAA;EACF;EAEQgC,cAAcC,gBAAoD;AACxE,QAAI,2BAA2BA,kBAAkBC,MAAMC,QAAQF,eAAeG,qBAAqB,GAAG;AACpG,aAAOH,eAAeG,sBAAsBC,KAAK,CAACC,OAAOA,OAAOL,eAAeM,iBAAiB;IAClG;AACA,WAAOC;EACT;EAEA,MAAcC,qBAAqBC,MAA2B1C,SAAoD;AAChH,UAAM2C,mBAAmBD,KAAKC,oBAAoB3D,eAAcC;AAGhE,UAAM2D,eAAe,MAAM,KAAKC,gBAAgB;MAAE,GAAGH;MAAMC;IAAiB,GAAG3C,OAAAA;AAC/E,UAAMiC,iBAAiB,MAAM,KAAKa,kBAAkB;MAAE,GAAGJ;MAAMC;IAAiB,GAAG3C,OAAAA;AACnF,UAAM+C,aAAa,KAAKf,cAAcC,cAAAA;AACtC,QAAIe,qBAA8ER;AAClF,QAAIO,YAAY;AAEdC,2BAAqB,UAAMC,yCAAkBF,YAAYG,yCAAmBC,sBAAsB;QAChGC,iBAAiB;MACnB,CAAA;AACA,UAAI,CAACJ,oBAAoB;AACvBA,6BAAqB,UAAMC,yCAAkBF,YAAYG,yCAAmBG,UAAU;UACpFD,iBAAiB;QACnB,CAAA;MACF;IACF;AACA,UAAME,8BAA8BN,oBAAoBO,cACpDP,mBAAoBO,cACpB,MAAM,KAAKC,wCACT;MACE,GAAGd;MACHC;IACF,GACA3C,OAAAA;AAEN,UAAMyD,aAAa,MAAM,KAAKC,uBAAuB;MAAE,GAAGhB;MAAMC;IAAiB,GAAG3C,OAAAA;AACpF,QAAI,CAACyD,WAAWE,aAAa;AAC3BF,iBAAWE,cAAc;QAAE,GAAGF,WAAWrC,SAASuC;QAAa,GAAG,KAAK/D,MAAM+D;MAAY;IAC3F;AACA,QAAI,CAACF,WAAWE,aAAaC,UAAU;AACrCH,iBAAWE,YAAYC,eAAWC,sCAAiB7D,OAAAA;IACrD;AACA,SAAKd,UAAU4E,IACbnB,kBACA,IAAIoB,eAAe;MACjBN;MACAb;MACAX;MACAqB;IACF,CAAA,CAAA;AAEF,WAAO,KAAK3D,mBAAmB+C,MAAM1C,OAAAA;EACvC;EAEA,MAAaL,mBAAmB+C,MAA2B1C,SAAoD;AAC7G,UAAM2C,mBAAmBD,KAAKC,oBAAoB3D,eAAcC;AAEhE,QAAI,CAAC,KAAKC,UAAU8E,IAAIrB,gBAAAA,GAAmB;AACzC,YAAM,KAAKF,qBAAqBC,MAAM1C,OAAAA;IACxC;AACA,WAAO,KAAKd,UAAUiB,IAAIwC,gBAAAA;EAC5B;EAEA,MAAce,uBACZ5D,MAKAE,SACyB;AACzB,UAAM2C,mBAAmB7C,KAAK6C;AAC9B,UAAMsB,UAAU,MAAM,KAAKA,QAAQnE,MAAME,OAAAA;AACzC,UAAMkE,YAAY,MAAM,KAAKA,UAAUpE,MAAME,OAAAA;AAC7C,UAAMmE,UAAU,MAAMnE,QAAQoE,MAAMC,0BAA0B;MAC5DC,cAAc;MACdC,eAAe5B;MACfsB;MACAC;IACF,CAAA;AACA,QAAI,CAACC,SAAS;AACZ,YAAM1C,MAAM,6DAA6DkB,gBAAAA,EAAkB;IAC7F;AACA,WAAOwB;EACT;EAEA,MAActB,gBACZ/C,MAKAE,SAC2B;AAC3B,UAAM2C,mBAAmB7C,KAAK6C;AAC9B,UAAMsB,UAAU,MAAM,KAAKA,QAAQnE,MAAME,OAAAA;AACzC,UAAMwE,iBAAiB,MAAM,KAAKN,UAAUpE,MAAME,OAAAA;AAClD,WAAO;MAAE2C;MAAkBsB;MAASO;IAAe;EACrD;EAEA,MAAc1B,kBACZhD,MAKAE,SACyB;AACzB,UAAM4C,eAAe,MAAM,KAAKC,gBAAgB/C,MAAME,OAAAA;AACtD,UAAMyE,WAAY,MAAMzE,QAAQoE,MAAMM,wBAAwB;MAC5DJ,cAAc;MACdC,eAAe3B,aAAaD;MAC5BuB,WAAWtB,aAAa4B;MACxBP,SAASrB,aAAaqB;IACxB,CAAA;AACA,QAAI,CAACQ,UAAU;AACb,YAAMhD,MAAM,wCAAwC3B,KAAK6C,gBAAgB,eAAe7C,KAAKoE,SAAS,cAAcpE,KAAKmE,OAAO,EAAE;IACpI;AACA,WAAOQ;EACT;EAEA,MAAcjB,wCACZ1D,MAKAE,SACsC;AACtC,UAAM4C,eAAe,MAAM,KAAKC,gBAAgB/C,MAAME,OAAAA;AACtD,UAAMyE,WAAY,MAAMzE,QAAQoE,MAAMM,wBAAwB;MAC5DJ,cAAc;MACdC,eAAe3B,aAAaD;MAC5BuB,WAAWtB,aAAa4B;MACxBP,SAASrB,aAAaqB;IACxB,CAAA;AACA,QAAI,CAACQ,UAAU;AACb,YAAMhD,MACJ,wBAAwB3B,KAAK6C,gBAAgB,sCAAsCC,aAAa4B,cAAc,cAAc5B,aAAaqB,OAAO,EAAE;IAEtJ;AACA,WAAOQ;EACT;EAEA,MAAcR,QAAQnE,MAA6BE,SAA6C;AAC9F,UAAMiE,UAAUnE,MAAMmE,WAAW,KAAKrE,OAAO+E,kBAAmB,MAAM3E,SAASoE,MAAMQ,2BAAAA;AACrF,QAAI,CAACX,SAAS;AACZ,YAAMxC,MAAM,iGAAA;IACd;AACA,WAAOwC;EACT;EAEA,MAAcC,UAAUpE,MAA+BE,SAA6C;AAClG,UAAMkE,YAAYpE,MAAMoE,aAAa,KAAKtE,OAAOiF,oBAAqB,MAAM7E,SAASoE,MAAMU,6BAAAA;AAC3F,QAAI,CAACZ,WAAW;AACd,YAAMzC,MAAM,mGAAA;IACd;AACA,WAAOyC;EACT;AACF;;;ADxPA,IAAMa,SAASC;","names":["module","import_oid4vci_issuer","import_ssi_sdk_ext","import_ssi_sdk_ext","getJwtVerifyCallback","verifyOpts","_context","args","resolver","getAgentResolver","resolverResolution","uniresolverResolution","localResolution","resolve","result","agent","jwtVerifyJwsSignature","jws","jwt","error","identifier","signatures","Promise","reject","Error","jwkInfo","jwks","method","alg","jwk","header","jwtDecode","payload","kid","decodedJwt","decodeJWT","startsWith","did","split","didResult","verifyJWT","verified","console","log","didResolution","didDocument","didResolutionMetadata","getAccessTokenKeyRef","opts","context","legacyKeyRefsToIdentifierOpts","identifierManagedGet","getAccessTokenSignerCallback","signer","data","dataString","encoding","resolution","keyRef","kmsKeyRef","undefined","bytesToBase64","keyManagerSign","accessTokenSignerCallback","issuer","idOpts","didOpts","toString","iss","kidHeader","identifierOpts","createJWT","typ","getCredentialSignerCallback","issueVCCallback","jwtVerifyResult","format","statusLists","credential","proofFormat","includes","CredentialMapper","isW3cCredential","id","subjectIsArray","Array","isArray","credentialSubject","credentialSubjects","map","subject","contextHasPlugin","credentialStatusVC","slAddStatusToCredential","credentialStatus","statusListCredential","createVerifiableCredential","removeOriginalFields","fetchRemoteContexts","domain","proof","isSdJwtDecodedCredentialPayload","sdJwtPayload","iat","Math","floor","Date","getTime","disclosureFrame","_sd","status","status_list","length","sdJwtPayloadWithStatus","slAddStatusToSdJwtCredential","idx","statusList","statusListId","uri","statusListIndex","createSdJwtVc","credentialPayload","createVciIssuerBuilder","issuerOpts","issuerMetadata","authorizationServerMetadata","builder","VcIssuerBuilder","resolveOpts","jwtVerifyOpts","audience","credential_issuer","withIssuerMetadata","withAuthorizationMetadata","withCredentialSignerCallback","asClientOpts","withASClientMetadata","withJWTVerifyCallback","credentialDataSupplier","withCredentialDataSupplier","withInMemoryCNonceState","withInMemoryCredentialOfferState","withInMemoryCredentialOfferURIState","createVciIssuer","build","createAuthRequestUriCallback","authRequestUriCallback","path","replace","presentationDefinitionId","fetch","headers","then","response","text","responseData","json","authRequestURI","createVerifyAuthResponseCallback","verifyAuthResponseCallback","correlationId","body","JSON","stringify","definitionId","AuthorizationResponseStateStatus","VERIFIED","IssuerInstance","_issuer","_metadataOptions","_issuerOptions","_issuerMetadata","_authorizationServerMetadata","issuerOpts","metadataOpts","issuerMetadata","authorizationServerMetadata","get","opts","builder","createVciIssuerBuilder","issuerOptions","credentialDataSupplier","context","build","metadataOptions","value","OID4VCIIssuer","_DEFAULT_OPTS_KEY","instances","Map","schema","IDidAuthSiopOpAuthenticator","methods","oid4vciCreateOfferURI","bind","oid4vciIssueCredential","oid4vciCreateAccessTokenResponse","oid4vciGetInstance","_opts","constructor","opts","createArgs","context","then","instance","get","issuer","createCredentialOfferURI","response","result","returnSessions","session","issueArgs","issueCredential","accessTokenArgs","assertValidAccessTokenRequest","request","credentialOfferSessions","expirationDuration","accessTokenIssuer","issuerOptions","idOpts","didOpts","identifier","toString","Promise","reject","Error","createAccessTokenResponse","tokenExpiresIn","cNonceExpiresIn","cNonces","accessTokenSignerCallback","getAccessTokenSignerCallback","getExternalAS","issuerMetadata","Array","isArray","authorization_servers","find","as","credential_issuer","undefined","createIssuerInstance","args","credentialIssuer","metadataOpts","getMetadataOpts","getIssuerMetadata","externalAS","asMetadataResponse","retrieveWellknown","WellKnownEndpoints","OPENID_CONFIGURATION","errorOnNotFound","OAUTH_AS","authorizationServerMetadata","successBody","getAuthorizationServerMetadataFromStore","issuerOpts","getIssuerOptsFromStore","resolveOpts","resolver","getAgentResolver","set","IssuerInstance","has","storeId","namespace","options","agent","oid4vciStoreGetIssuerOpts","metadataType","correlationId","storeNamespace","metadata","oid4vciStoreGetMetadata","defaultStoreId","oid4vciStoreDefaultStoreId","defaultNamespace","oid4vciStoreDefaultNamespace","schema","require"]}
1
+ {"version":3,"sources":["../plugin.schema.json","../src/index.ts","../src/agent/OID4VCIIssuer.ts","../src/functions.ts","../src/IssuerInstance.ts"],"sourcesContent":["{\n \"IDidAuthSiopOpAuthenticator\": {\n \"components\": {\n \"schemas\": {\n \"IGetSiopSessionArgs\": {\n \"type\": \"object\",\n \"properties\": {\n \"sessionId\": {\n \"type\": \"string\"\n },\n \"additionalProperties\": false\n },\n \"required\": [\"sessionId\"],\n \"description\": \"Arguments needed for {@link DidAuthSiopOpAuthenticator.getSessionForSiop } \"\n },\n \"IRegisterSiopSessionArgs\": {\n \"type\": \"object\",\n \"properties\": {\n \"identifier\": {\n \"type\": \"object\",\n \"properties\": {\n \"did\": {\n \"type\": \"string\"\n },\n \"alias\": {\n \"type\": \"string\"\n },\n \"provider\": {\n \"type\": \"string\"\n },\n \"controllerKeyId\": {\n \"type\": \"string\"\n },\n \"keys\": {\n \"type\": \"array\",\n \"items\": {\n \"type\": \"object\",\n \"properties\": {\n \"additionalProperties\": true\n }\n }\n },\n \"services\": {\n \"type\": \"array\",\n \"items\": {\n \"type\": \"object\",\n \"properties\": {\n \"additionalProperties\": true\n }\n }\n }\n },\n \"additionalProperties\": false,\n \"required\": [\"did\", \"provider\", \"keys\", \"services\"]\n },\n \"sessionId\": {\n \"type\": \"string\"\n },\n \"expiresIn\": {\n \"type\": \"number\"\n },\n \"additionalProperties\": false\n },\n \"required\": [\"identifier\"],\n \"description\": \"Arguments needed for {@link DidAuthSiopOpAuthenticator.registerSessionForSiop } \"\n },\n \"IRemoveSiopSessionArgs\": {\n \"type\": \"object\",\n \"properties\": {\n \"sessionId\": {\n \"type\": \"string\"\n },\n \"additionalProperties\": false\n },\n \"required\": [\"sessionId\"],\n \"description\": \"Arguments needed for {@link DidAuthSiopOpAuthenticator.removeSessionForSiop } \"\n },\n \"IAuthenticateWithSiopArgs\": {\n \"type\": \"object\",\n \"properties\": {\n \"sessionId\": {\n \"type\": \"string\"\n },\n \"stateId\": {\n \"type\": \"string\"\n },\n \"redirectUrl\": {\n \"type\": \"string\"\n },\n \"additionalProperties\": false\n },\n \"required\": [\"sessionId\", \"stateId\", \"redirectUrl\"],\n \"description\": \"Arguments needed for {@link DidAuthSiopOpAuthenticator.authenticateWithSiop } \"\n },\n \"IResponse\": {\n \"type\": \"object\",\n \"properties\": {\n \"status\": {\n \"type\": \"number\"\n },\n \"additionalProperties\": true\n },\n \"required\": [\"status\"],\n \"description\": \"Result of {@link DidAuthSiopOpAuthenticator.authenticateWithSiop & DidAuthSiopOpAuthenticator.sendSiopAuthenticationResponse } \"\n },\n \"IGetSiopAuthenticationRequestFromRpArgs\": {\n \"type\": \"object\",\n \"properties\": {\n \"sessionId\": {\n \"type\": \"string\"\n },\n \"stateId\": {\n \"type\": \"string\"\n },\n \"redirectUrl\": {\n \"type\": \"string\"\n },\n \"additionalProperties\": false\n },\n \"required\": [\"sessionId\", \"stateId\", \"redirectUrl\"],\n \"description\": \"Arguments needed for {@link DidAuthSiopOpAuthenticator.getSiopAuthenticationRequestFromRP } \"\n },\n \"ParsedAuthenticationRequestURI\": {\n \"type\": \"object\",\n \"properties\": {\n \"jwt\": {\n \"type\": \"string\"\n },\n \"requestPayload\": {\n \"type\": \"object\",\n \"properties\": {\n \"additionalProperties\": true\n }\n },\n \"registration\": {\n \"type\": \"object\",\n \"properties\": {\n \"additionalProperties\": true\n }\n },\n \"additionalProperties\": false\n },\n \"required\": [\"jwt\", \"requestPayload\", \"registration\"],\n \"description\": \"Result of {@link DidAuthSiopOpAuthenticator.getSiopAuthenticationRequestFromRP } \"\n },\n \"IGetSiopAuthenticationRequestDetailsArgs\": {\n \"type\": \"object\",\n \"properties\": {\n \"sessionId\": {\n \"type\": \"string\"\n },\n \"verifiedAuthenticationRequest\": {\n \"type\": \"object\",\n \"properties\": {\n \"additionalProperties\": true\n }\n },\n \"credentialFilter\": {\n \"type\": \"object\",\n \"properties\": {\n \"additionalProperties\": true\n }\n },\n \"additionalProperties\": false\n },\n \"required\": [\"sessionId\", \"verifiedAuthenticationRequest\"],\n \"description\": \"Arguments needed for {@link DidAuthSiopOpAuthenticator.getSiopAuthenticationRequestDetails } \"\n },\n \"IAuthRequestDetails\": {\n \"type\": \"object\",\n \"properties\": {\n \"id\": {\n \"type\": \"string\"\n },\n \"alsoKnownAs\": {\n \"type\": \"array\",\n \"items\": {\n \"type\": \"string\"\n }\n },\n \"vpResponseOpts\": {\n \"type\": \"object\",\n \"properties\": {\n \"additionalProperties\": true\n }\n },\n \"additionalProperties\": false\n },\n \"required\": [\"id\", \"vpResponseOpts\"],\n \"description\": \"Result of {@link DidAuthSiopOpAuthenticator.getSiopAuthenticationRequestDetails } \"\n },\n \"IVerifySiopAuthenticationRequestUriArgs\": {\n \"type\": \"object\",\n \"properties\": {\n \"sessionId\": {\n \"type\": \"string\"\n },\n \"ParsedAuthenticationRequestURI\": {\n \"type\": \"object\",\n \"properties\": {\n \"additionalProperties\": true\n }\n },\n \"additionalProperties\": false\n },\n \"required\": [\"sessionId\", \"ParsedAuthenticationRequestURI\"],\n \"description\": \"Arguments needed for {@link DidAuthSiopOpAuthenticator.verifySiopAuthenticationRequestURI } \"\n },\n \"VerifiedAuthorizationRequest\": {\n \"type\": \"object\",\n \"properties\": {\n \"payload\": {\n \"type\": \"object\",\n \"properties\": {\n \"additionalProperties\": true\n }\n },\n \"presentationDefinitions\": {\n \"type\": \"object\",\n \"properties\": {\n \"additionalProperties\": true\n }\n },\n \"verifyOpts\": {\n \"type\": \"object\",\n \"properties\": {\n \"additionalProperties\": true\n }\n },\n \"additionalProperties\": false\n },\n \"required\": [\"payload\", \"verifyOpts\"],\n \"description\": \"Result of {@link DidAuthSiopOpAuthenticator.verifySiopAuthenticationRequestURI } \"\n },\n \"ISendSiopAuthenticationResponseArgs\": {\n \"type\": \"object\",\n \"properties\": {\n \"sessionId\": {\n \"type\": \"string\"\n },\n \"verifiedAuthenticationRequest\": {\n \"type\": \"object\",\n \"properties\": {\n \"additionalProperties\": true\n }\n },\n \"verifiablePresentationResponse\": {\n \"type\": \"object\",\n \"properties\": {\n \"additionalProperties\": true\n }\n },\n \"additionalProperties\": false\n },\n \"required\": [\"sessionId\", \"verifiedAuthenticationRequest\"],\n \"description\": \"Arguments needed for {@link DidAuthSiopOpAuthenticator.sendSiopAuthenticationResponse } \"\n }\n },\n \"methods\": {\n \"getSessionForSiop\": {\n \"description\": \"Get SIOP session\",\n \"arguments\": {\n \"$ref\": \"#/components/schemas/IGetSiopSessionArgs\"\n },\n \"returnType\": \"object\"\n },\n \"registerSessionForSiop\": {\n \"description\": \"Register SIOP session\",\n \"arguments\": {\n \"$ref\": \"#/components/schemas/IRegisterSiopSessionArgs\"\n },\n \"returnType\": \"object\"\n },\n \"removeSessionForSiop\": {\n \"description\": \"Remove SIOP session\",\n \"arguments\": {\n \"$ref\": \"#/components/schemas/IRemoveSiopSessionArgs\"\n },\n \"returnType\": \"boolean\"\n },\n \"authenticateWithSiop\": {\n \"description\": \"Authenticate using DID Auth SIOP\",\n \"arguments\": {\n \"$ref\": \"#/components/schemas/IAuthenticateWithSiopArgs\"\n },\n \"returnType\": {\n \"$ref\": \"#/components/schemas/Response\"\n }\n },\n \"getSiopAuthenticationRequestFromRP\": {\n \"description\": \"Get authentication request from RP\",\n \"arguments\": {\n \"$ref\": \"#/components/schemas/IGetSiopAuthenticationRequestFromRpArgs\"\n },\n \"returnType\": {\n \"$ref\": \"#/components/schemas/ParsedAuthenticationRequestURI\"\n }\n },\n \"getSiopAuthenticationRequestDetails\": {\n \"description\": \"Get authentication request details\",\n \"arguments\": {\n \"$ref\": \"#/components/schemas/IGetSiopAuthenticationRequestDetailsArgs\"\n },\n \"returnType\": {\n \"$ref\": \"#/components/schemas/IAuthRequestDetails\"\n }\n },\n \"verifySiopAuthenticationRequestURI\": {\n \"description\": \"Verify authentication request URI\",\n \"arguments\": {\n \"$ref\": \"#/components/schemas/IVerifySiopAuthenticationRequestUriArgs\"\n },\n \"returnType\": {\n \"$ref\": \"#/components/schemas/VerifiedAuthorizationRequest\"\n }\n },\n \"sendSiopAuthenticationResponse\": {\n \"description\": \"Send authentication response\",\n \"arguments\": {\n \"$ref\": \"#/components/schemas/ISendSiopAuthenticationResponseArgs\"\n },\n \"returnType\": {\n \"$ref\": \"#/components/schemas/IRequiredContext\"\n }\n }\n }\n }\n }\n}\n","/**\n * @public\n */\nconst schema = require('../plugin.schema.json')\nexport { schema }\nexport { OID4VCIIssuer } from './agent/OID4VCIIssuer'\nexport * from './functions'\nexport * from './IssuerInstance'\nexport * from './types/IOID4VCIIssuer'\n","import {\n AccessTokenResponse,\n AuthorizationServerMetadata,\n CredentialResponse,\n IssuerMetadata,\n OpenIDResponse,\n WellKnownEndpoints,\n} from '@sphereon/oid4vci-common'\nimport { assertValidAccessTokenRequest, createAccessTokenResponse, VcIssuer } from '@sphereon/oid4vci-issuer'\nimport { retrieveWellknown } from '@sphereon/oid4vci-client'\nimport { getAgentResolver } from '@sphereon/ssi-sdk-ext.did-utils'\nimport { IMetadataOptions } from '@sphereon/ssi-sdk.oid4vci-issuer-store'\nimport { IAgentPlugin } from '@veramo/core'\nimport { getAccessTokenSignerCallback } from '../functions'\nimport {\n IAssertValidAccessTokenArgs,\n ICreateCredentialOfferURIResult,\n ICreateOfferArgs,\n IIssueCredentialArgs,\n IIssuerInstanceArgs,\n IIssuerOptions,\n IOID4VCIIssuerOpts,\n IRequiredContext,\n schema,\n} from '../index'\nimport { IssuerInstance } from '../IssuerInstance'\n\nimport { IOID4VCIIssuer } from '../types/IOID4VCIIssuer'\n\nexport class OID4VCIIssuer implements IAgentPlugin {\n private static readonly _DEFAULT_OPTS_KEY = '_default'\n private readonly instances: Map<string, IssuerInstance> = new Map()\n readonly schema = schema.IDidAuthSiopOpAuthenticator\n\n readonly methods: IOID4VCIIssuer = {\n oid4vciCreateOfferURI: this.oid4vciCreateOfferURI.bind(this),\n oid4vciIssueCredential: this.oid4vciIssueCredential.bind(this),\n oid4vciCreateAccessTokenResponse: this.oid4vciCreateAccessTokenResponse.bind(this),\n oid4vciGetInstance: this.oid4vciGetInstance.bind(this),\n }\n private _opts: IOID4VCIIssuerOpts\n\n constructor(opts?: IOID4VCIIssuerOpts) {\n this._opts = opts ?? {}\n }\n\n private async oid4vciCreateOfferURI(createArgs: ICreateOfferArgs, context: IRequiredContext): Promise<ICreateCredentialOfferURIResult> {\n return await this.oid4vciGetInstance(createArgs, context)\n .then((instance) => instance.get({ context }))\n .then((issuer: VcIssuer) =>\n issuer.createCredentialOfferURI(createArgs).then((response) => {\n const result: ICreateCredentialOfferURIResult = response\n if (this._opts.returnSessions === false) {\n delete result.session\n }\n return result\n }),\n )\n }\n\n private async oid4vciIssueCredential(issueArgs: IIssueCredentialArgs, context: IRequiredContext): Promise<CredentialResponse> {\n return await this.oid4vciGetInstance(issueArgs, context)\n .then((instance) => instance.get({ context }))\n .then((issuer: VcIssuer) => issuer.issueCredential(issueArgs))\n }\n\n private async oid4vciCreateAccessTokenResponse(\n accessTokenArgs: IAssertValidAccessTokenArgs,\n context: IRequiredContext,\n ): Promise<AccessTokenResponse> {\n return await this.oid4vciGetInstance(accessTokenArgs, context).then(async (instance) => {\n const issuer = await instance.get({ context })\n\n await assertValidAccessTokenRequest(accessTokenArgs.request, {\n credentialOfferSessions: issuer.credentialOfferSessions,\n expirationDuration: accessTokenArgs.expirationDuration,\n })\n const accessTokenIssuer = instance.issuerOptions.idOpts?.issuer ?? instance.issuerOptions.didOpts?.idOpts.identifier.toString() // last part is legacy\n if (!accessTokenIssuer) {\n return Promise.reject(Error(`Could not determine access token issuer`))\n }\n return createAccessTokenResponse(accessTokenArgs.request, {\n accessTokenIssuer,\n tokenExpiresIn: accessTokenArgs.expirationDuration,\n cNonceExpiresIn: accessTokenArgs.expirationDuration,\n cNonces: issuer.cNonces,\n credentialOfferSessions: issuer.credentialOfferSessions,\n accessTokenSignerCallback: await getAccessTokenSignerCallback(instance.issuerOptions, context),\n })\n })\n }\n\n private getExternalAS(issuerMetadata: IssuerMetadata): string | undefined {\n if ('authorization_servers' in issuerMetadata && Array.isArray(issuerMetadata.authorization_servers)) {\n return issuerMetadata.authorization_servers.find((as) => as !== issuerMetadata.credential_issuer)\n }\n return undefined\n }\n\n private async createIssuerInstance(args: IIssuerInstanceArgs, context: IRequiredContext): Promise<IssuerInstance> {\n const credentialIssuer = args.credentialIssuer ?? OID4VCIIssuer._DEFAULT_OPTS_KEY\n //todo: prob doesn't make sense as credentialIssuer is mandatory anyway\n\n const metadataOpts = await this.getMetadataOpts({ ...args, credentialIssuer }, context)\n const issuerMetadata = await this.getIssuerMetadata({ ...args, credentialIssuer }, context)\n const externalAS = this.getExternalAS(issuerMetadata)\n let asMetadataResponse: OpenIDResponse<AuthorizationServerMetadata> | undefined = undefined\n if (externalAS) {\n // Let's try OIDC first and then fallback to OAuth2\n asMetadataResponse = await retrieveWellknown(externalAS, WellKnownEndpoints.OPENID_CONFIGURATION, {\n errorOnNotFound: false,\n })\n if (!asMetadataResponse) {\n asMetadataResponse = await retrieveWellknown(externalAS, WellKnownEndpoints.OAUTH_AS, {\n errorOnNotFound: true,\n })\n }\n }\n const authorizationServerMetadata = asMetadataResponse?.successBody\n ? asMetadataResponse!.successBody\n : await this.getAuthorizationServerMetadataFromStore(\n {\n ...args,\n credentialIssuer,\n },\n context,\n )\n const issuerOpts = await this.getIssuerOptsFromStore({ ...args, credentialIssuer }, context)\n if (!issuerOpts.resolveOpts) {\n issuerOpts.resolveOpts = { ...issuerOpts.didOpts?.resolveOpts, ...this._opts.resolveOpts }\n }\n if (!issuerOpts.resolveOpts?.resolver) {\n issuerOpts.resolveOpts.resolver = getAgentResolver(context)\n }\n this.instances.set(\n credentialIssuer,\n new IssuerInstance({\n issuerOpts,\n metadataOpts,\n issuerMetadata,\n authorizationServerMetadata,\n }),\n )\n return this.oid4vciGetInstance(args, context)\n }\n\n public async oid4vciGetInstance(args: IIssuerInstanceArgs, context: IRequiredContext): Promise<IssuerInstance> {\n const credentialIssuer = args.credentialIssuer ?? OID4VCIIssuer._DEFAULT_OPTS_KEY\n //todo: prob doesn't make sense as credentialIssuer is mandatory anyway\n if (!this.instances.has(credentialIssuer)) {\n await this.createIssuerInstance(args, context)\n }\n return this.instances.get(credentialIssuer)!\n }\n\n private async getIssuerOptsFromStore(\n opts: {\n credentialIssuer: string\n storeId?: string\n namespace?: string\n },\n context: IRequiredContext,\n ): Promise<IIssuerOptions> {\n const credentialIssuer = opts.credentialIssuer\n const storeId = await this.storeId(opts, context)\n const namespace = await this.namespace(opts, context)\n const options = await context.agent.oid4vciStoreGetIssuerOpts({\n metadataType: 'issuer',\n correlationId: credentialIssuer,\n storeId,\n namespace,\n })\n if (!options) {\n throw Error(`Could not get specific nor default options for definition ${credentialIssuer}`)\n }\n return options\n }\n\n private async getMetadataOpts(\n opts: {\n credentialIssuer: string\n storeId?: string\n namespace?: string\n },\n context: IRequiredContext,\n ): Promise<IMetadataOptions> {\n const credentialIssuer = opts.credentialIssuer\n const storeId = await this.storeId(opts, context)\n const storeNamespace = await this.namespace(opts, context)\n return { credentialIssuer, storeId, storeNamespace }\n }\n\n private async getIssuerMetadata(\n opts: {\n credentialIssuer: string\n storeId?: string\n namespace?: string\n },\n context: IRequiredContext,\n ): Promise<IssuerMetadata> {\n const metadataOpts = await this.getMetadataOpts(opts, context)\n const metadata = (await context.agent.oid4vciStoreGetMetadata({\n metadataType: 'issuer',\n correlationId: metadataOpts.credentialIssuer,\n namespace: metadataOpts.storeNamespace,\n storeId: metadataOpts.storeId,\n })) as IssuerMetadata\n if (!metadata) {\n throw Error(`Issuer metadata not found for issuer ${opts.credentialIssuer}, namespace ${opts.namespace} and store ${opts.storeId}`)\n }\n return metadata\n }\n\n private async getAuthorizationServerMetadataFromStore(\n opts: {\n credentialIssuer: string\n storeId?: string\n namespace?: string\n },\n context: IRequiredContext,\n ): Promise<AuthorizationServerMetadata> {\n const metadataOpts = await this.getMetadataOpts(opts, context)\n const metadata = (await context.agent.oid4vciStoreGetMetadata({\n metadataType: 'authorizationServer',\n correlationId: metadataOpts.credentialIssuer,\n namespace: metadataOpts.storeNamespace,\n storeId: metadataOpts.storeId,\n })) as AuthorizationServerMetadata\n if (!metadata) {\n throw Error(\n `Authorization server ${opts.credentialIssuer} metadata not found for namespace ${metadataOpts.storeNamespace} and store ${metadataOpts.storeId}`,\n )\n }\n return metadata\n }\n\n private async storeId(opts?: { storeId?: string }, context?: IRequiredContext): Promise<string> {\n const storeId = opts?.storeId ?? this._opts?.defaultStoreId ?? (await context?.agent.oid4vciStoreDefaultStoreId())\n if (!storeId) {\n throw Error('Please provide a store id a default value, or provide the context for a global default store id')\n }\n return storeId\n }\n\n private async namespace(opts?: { namespace?: string }, context?: IRequiredContext): Promise<string> {\n const namespace = opts?.namespace ?? this._opts?.defaultNamespace ?? (await context?.agent.oid4vciStoreDefaultNamespace())\n if (!namespace) {\n throw Error('Please provide a namespace a default value, or provide the context for a global default namespace')\n }\n return namespace\n }\n}\n","import { AuthorizationResponseStateStatus } from '@sphereon/did-auth-siop'\nimport {\n AuthorizationServerMetadata,\n CredentialRequestV1_0_15,\n IssuerMetadata,\n Jwt,\n JWTHeader,\n JWTPayload,\n JwtVerifyResult,\n type OID4VCICredentialFormat,\n StatusListOpts,\n} from '@sphereon/oid4vci-common'\nimport { CredentialDataSupplier, CredentialIssuanceInput, CredentialSignerCallback, VcIssuer, VcIssuerBuilder } from '@sphereon/oid4vci-issuer'\nimport { getAgentResolver, IDIDOptions } from '@sphereon/ssi-sdk-ext.did-utils'\nimport { legacyKeyRefsToIdentifierOpts, ManagedIdentifierOptsOrResult } from '@sphereon/ssi-sdk-ext.identifier-resolution'\nimport { contextHasPlugin } from '@sphereon/ssi-sdk.agent-config'\nimport { SdJwtVcPayload } from '@sphereon/ssi-sdk.sd-jwt'\nimport { IStatusListPlugin } from '@sphereon/ssi-sdk.vc-status-list'\nimport { CompactSdJwtVc, CredentialMapper, ICredential, W3CVerifiableCredential } from '@sphereon/ssi-types'\nimport { CredentialPayload, ProofFormat } from '@veramo/core'\nimport { bytesToBase64 } from '@veramo/utils'\nimport fetch from 'cross-fetch'\nimport { createJWT, decodeJWT, JWTVerifyOptions, verifyJWT } from 'did-jwt'\nimport { Resolvable } from 'did-resolver'\nimport { jwtDecode } from 'jwt-decode'\nimport { IIssuerOptions, IRequiredContext } from './types/IOID4VCIIssuer'\n\nexport function getJwtVerifyCallback({ verifyOpts }: { verifyOpts?: JWTVerifyOptions }, _context: IRequiredContext) {\n return async (args: { jwt: string; kid?: string }): Promise<JwtVerifyResult> => {\n const resolver = getAgentResolver(_context, {\n resolverResolution: true,\n uniresolverResolution: true,\n localResolution: true,\n })\n verifyOpts = { ...verifyOpts, resolver: verifyOpts?.resolver } // Resolver separately as that is a function\n if (!verifyOpts?.resolver || typeof verifyOpts?.resolver?.resolve !== 'function') {\n verifyOpts.resolver = resolver\n }\n const result = await _context.agent.jwtVerifyJwsSignature({ jws: args.jwt })\n if (!result.error) {\n const identifier = result.jws.signatures[0].identifier\n if (!identifier) {\n return Promise.reject(Error('the jws did not contain a signature with an identifier'))\n }\n const jwkInfo = identifier.jwks[0]\n if (!jwkInfo) {\n return Promise.reject(Error(`the identifier of type ${identifier.method} is missing jwks (ExternalJwkInfo)`))\n }\n const { alg } = jwkInfo.jwk\n const header = jwtDecode<JWTHeader>(args.jwt, { header: true })\n const payload = jwtDecode<JWTPayload>(args.jwt, { header: false })\n const kid = args.kid ?? header.kid\n //const jwk = !kid ? jwkInfo.jwk : undefined // TODO double-check if this is correct\n const jwk = jwkInfo.jwk // FIXME workaround IATAB2B-57\n return {\n alg,\n ...identifier,\n jwt: { header, payload },\n ...(kid && { kid }),\n ...(jwk && { jwk }),\n } as JwtVerifyResult\n }\n\n const decodedJwt = (await decodeJWT(args.jwt)) as Jwt\n const kid = args.kid ?? decodedJwt.header.kid\n\n if (!kid || !kid.startsWith('did:')) {\n // No DID method present in header. We already performed the validation above. So return that\n return {\n alg: decodedJwt.header.alg,\n jwt: decodedJwt,\n } as JwtVerifyResult\n }\n const did = kid.split('#')[0]\n\n const didResult = await verifyJWT(args.jwt, verifyOpts)\n if (!didResult.verified) {\n console.log(`JWT invalid: ${args.jwt}`)\n throw Error('JWT did not verify successfully')\n }\n\n const didResolution = await resolver.resolve(did)\n if (!didResolution || !didResolution.didDocument) {\n throw Error(`Could not resolve did: ${did}, metadata: ${didResolution?.didResolutionMetadata}`)\n }\n\n const alg = decodedJwt.header.alg\n return {\n alg,\n kid,\n did,\n didDocument: didResolution.didDocument,\n jwt: decodedJwt,\n }\n }\n}\n\nexport async function getAccessTokenKeyRef(\n opts: {\n /**\n * Uniform identifier options\n */\n idOpts?: ManagedIdentifierOptsOrResult\n /**\n * @deprecated\n */\n iss?: string\n /**\n * @deprecated\n */\n keyRef?: string\n /**\n * @deprecated\n */\n didOpts?: IDIDOptions\n },\n context: IRequiredContext,\n) {\n let identifier = legacyKeyRefsToIdentifierOpts(opts)\n return await context.agent.identifierManagedGet(identifier)\n}\n\nexport async function getAccessTokenSignerCallback(\n opts: {\n /**\n * Uniform identifier options\n */\n idOpts?: ManagedIdentifierOptsOrResult\n /**\n * @deprecated\n */\n iss?: string\n /**\n * @deprecated\n */\n keyRef?: string\n /**\n * @deprecated\n */\n didOpts?: IDIDOptions\n },\n context: IRequiredContext,\n) {\n const signer = async (data: string | Uint8Array) => {\n let dataString, encoding: 'base64' | undefined\n\n const resolution = await legacyKeyRefsToIdentifierOpts(opts)\n const keyRef = resolution.kmsKeyRef\n if (!keyRef) {\n throw Error('Cannot sign access tokens without a key ref')\n }\n if (typeof data === 'string') {\n dataString = data\n encoding = undefined\n } else {\n dataString = bytesToBase64(data)\n encoding = 'base64'\n }\n return context.agent.keyManagerSign({ keyRef, data: dataString, encoding })\n }\n\n async function accessTokenSignerCallback(jwt: Jwt, kid?: string): Promise<string> {\n const issuer =\n opts.idOpts?.issuer ??\n (typeof opts.idOpts?.identifier === 'string' ? opts.idOpts.identifier : (opts.didOpts?.idOpts?.identifier?.toString() ?? opts?.iss))\n if (!issuer) {\n throw Error('No issuer configured for access tokens')\n }\n\n let kidHeader: string | undefined = jwt?.header?.kid ?? kid\n if (!kidHeader) {\n if (\n opts.idOpts?.method === 'did' ||\n opts.idOpts?.method === 'kid' ||\n (typeof opts.didOpts?.idOpts.identifier === 'string' && opts.didOpts?.idOpts?.identifier?.startsWith('did:'))\n ) {\n // @ts-ignore\n kidHeader = opts.idOpts?.kid ?? opts.didOpts?.idOpts?.kid ?? opts?.didOpts?.identifierOpts?.kid\n }\n }\n return await createJWT(jwt.payload, { signer, issuer }, { ...jwt.header, ...(kidHeader && { kid: kidHeader }), typ: 'JWT' })\n }\n\n return accessTokenSignerCallback\n}\n\nexport async function getCredentialSignerCallback(\n idOpts: ManagedIdentifierOptsOrResult & {\n crypto?: Crypto\n },\n context: IRequiredContext,\n): Promise<CredentialSignerCallback> {\n async function issueVCCallback(args: {\n credentialRequest: CredentialRequestV1_0_15\n credential: CredentialIssuanceInput\n jwtVerifyResult: JwtVerifyResult\n format?: OID4VCICredentialFormat\n statusLists?: Array<StatusListOpts>\n }): Promise<W3CVerifiableCredential | CompactSdJwtVc> {\n const { jwtVerifyResult, format, statusLists } = args\n const credential = args.credential as ICredential // TODO: SDJWT\n let proofFormat: ProofFormat\n\n const resolution = await context.agent.identifierManagedGet(idOpts)\n proofFormat = format?.includes('ld') ? 'lds' : 'jwt'\n const issuer = resolution.issuer ?? resolution.kmsKeyRef\n\n if (CredentialMapper.isW3cCredential(credential)) {\n if (!credential.issuer) {\n credential.issuer = { id: issuer }\n } else if (typeof credential.issuer === 'object' && !credential.issuer.id) {\n credential.issuer.id = issuer\n }\n const subjectIsArray = Array.isArray(credential.credentialSubject)\n let credentialSubjects = Array.isArray(credential.credentialSubject) ? credential.credentialSubject : [credential.credentialSubject]\n credentialSubjects = credentialSubjects.map((subject) => {\n if (!subject.id) {\n subject.id = jwtVerifyResult.did\n }\n return subject\n })\n credential.credentialSubject = subjectIsArray ? credentialSubjects : credentialSubjects[0]\n\n // TODO: We should extend the plugin capabilities of issuance so we do not have to tuck this into the sign callback\n if (contextHasPlugin<IStatusListPlugin>(context, 'slAddStatusToCredential')) {\n // Add status list if enabled (and when the input has a credentialStatus object (can be empty))\n const credentialStatusVC = await context.agent.slAddStatusToCredential({ credential, statusLists })\n if (credential.credentialStatus && !credential.credentialStatus.statusListCredential) {\n credential.credentialStatus = credentialStatusVC.credentialStatus\n // TODO update statusLists somehow?\n }\n }\n\n const result = await context.agent.createVerifiableCredential({\n credential: credential as CredentialPayload,\n proofFormat,\n removeOriginalFields: false,\n fetchRemoteContexts: true,\n domain: typeof credential.issuer === 'object' ? credential.issuer.id : credential.issuer,\n ...(resolution.kid && { header: { kid: resolution.kid } }),\n })\n return (proofFormat === 'jwt' && 'jwt' in result.proof ? result.proof.jwt : result) as W3CVerifiableCredential\n } else if (CredentialMapper.isSdJwtDecodedCredentialPayload(credential)) {\n const sdJwtPayload = credential as SdJwtVcPayload\n if (sdJwtPayload.iss === undefined) {\n sdJwtPayload.iss = issuer\n }\n if (sdJwtPayload.iat === undefined) {\n sdJwtPayload.iat = Math.floor(new Date().getTime() / 1000)\n }\n\n let disclosureFrame\n if ('disclosureFrame' in credential) {\n disclosureFrame = credential['disclosureFrame']\n delete credential['disclosureFrame']\n } else {\n disclosureFrame = {\n _sd: credential['_sd'],\n }\n }\n\n if (contextHasPlugin<IStatusListPlugin>(context, 'slAddStatusToSdJwtCredential')) {\n if ((sdJwtPayload.status && sdJwtPayload.status.status_list) || (statusLists && statusLists.length > 0)) {\n // Add status list if enabled (and when the input has a credentialStatus object (can be empty))\n const sdJwtPayloadWithStatus = await context.agent.slAddStatusToSdJwtCredential({ credential: sdJwtPayload, statusLists })\n if (sdJwtPayload.status?.status_list?.idx) {\n if (!sdJwtPayloadWithStatus.status || !sdJwtPayloadWithStatus.status.status_list) {\n // sdJwtPayload and sdJwtPayloadWithStatus is the same for now, but we should use the result anyway as this could be subject to change\n return Promise.reject(Error('slAddStatusToSdJwtCredential did not return a status_list'))\n }\n\n // Update statusListId & statusListIndex back to the credential session TODO SSISDK-4 This is not a clean way to do this.\n if (statusLists && statusLists.length > 0) {\n const statusList = statusLists[0]\n statusList.statusListId = sdJwtPayloadWithStatus.status.status_list.uri\n statusList.statusListIndex = sdJwtPayloadWithStatus.status.status_list.idx\n }\n sdJwtPayload.status.status_list.idx = sdJwtPayloadWithStatus.status.status_list.idx\n }\n }\n }\n\n const result = await context.agent.createSdJwtVc({\n credentialPayload: sdJwtPayload,\n disclosureFrame: disclosureFrame,\n resolution,\n })\n return result.credential\n } /*else if (CredentialMapper.isMsoMdocDecodedCredential(credential)) {\n TODO\n }*/\n return Promise.reject('VC issuance failed, an incorrect or unsupported credential was supplied')\n }\n\n return issueVCCallback\n}\n\nexport async function createVciIssuerBuilder(\n args: {\n issuerOpts: IIssuerOptions\n issuerMetadata: IssuerMetadata\n authorizationServerMetadata: AuthorizationServerMetadata\n resolver?: Resolvable\n credentialDataSupplier?: CredentialDataSupplier\n },\n context: IRequiredContext,\n): Promise<VcIssuerBuilder> {\n const { issuerOpts, issuerMetadata, authorizationServerMetadata } = args\n\n const builder = new VcIssuerBuilder()\n // @ts-ignore\n const resolver =\n args.resolver ??\n args?.issuerOpts?.didOpts?.resolveOpts?.resolver ??\n args.issuerOpts?.didOpts?.resolveOpts?.jwtVerifyOpts?.resolver ??\n getAgentResolver(context)\n if (!resolver) {\n throw Error('A Resolver is necessary to verify DID JWTs')\n }\n const idOpts = legacyKeyRefsToIdentifierOpts({ didOpts: issuerOpts.didOpts, idOpts: issuerOpts.idOpts })\n const jwtVerifyOpts: JWTVerifyOptions = {\n ...issuerOpts?.didOpts?.resolveOpts?.jwtVerifyOpts,\n ...args?.issuerOpts?.resolveOpts?.jwtVerifyOpts,\n resolver,\n audience: issuerMetadata.credential_issuer as string, // FIXME legacy version had {display: NameAndLocale | NameAndLocale[]} as credential_issuer\n }\n builder.withIssuerMetadata(issuerMetadata)\n builder.withAuthorizationMetadata(authorizationServerMetadata)\n // builder.withUserPinRequired(issuerOpts.userPinRequired ?? false) was removed from implementers draft v1\n builder.withCredentialSignerCallback(await getCredentialSignerCallback(idOpts, context))\n if (issuerOpts.nonceEndpoint) {\n builder.withNonceEndpoint(issuerOpts.nonceEndpoint)\n } else if (issuerMetadata.nonce_endpoint) {\n builder.withNonceEndpoint(issuerOpts.nonceEndpoint ?? issuerMetadata.nonce_endpoint)\n }\n\n if (issuerOpts.asClientOpts) {\n builder.withASClientMetadata(issuerOpts.asClientOpts)\n // @ts-ignore\n // const authorizationServer = issuerMetadata.authorization_servers[0] as string\n // Set the OIDC verifier\n // builder.withJWTVerifyCallback(oidcAccessTokenVerifyCallback({clientMetadata: issuerOpts.asClientOpts, credentialIssuer: issuerMetadata.credential_issuer as string, authorizationServer}))\n }\n // Do not use it when asClient is used\n builder.withJWTVerifyCallback(getJwtVerifyCallback({ verifyOpts: jwtVerifyOpts }, context))\n\n if (args.credentialDataSupplier) {\n builder.withCredentialDataSupplier(args.credentialDataSupplier)\n }\n builder.withInMemoryCNonceState()\n builder.withInMemoryCredentialOfferState()\n builder.withInMemoryCredentialOfferURIState()\n\n return builder\n}\n\nexport async function createVciIssuer(\n {\n issuerOpts,\n issuerMetadata,\n authorizationServerMetadata,\n credentialDataSupplier,\n }: {\n issuerOpts: IIssuerOptions\n issuerMetadata: IssuerMetadata\n authorizationServerMetadata: AuthorizationServerMetadata\n credentialDataSupplier?: CredentialDataSupplier\n },\n context: IRequiredContext,\n): Promise<VcIssuer> {\n return (\n await createVciIssuerBuilder(\n {\n issuerOpts,\n issuerMetadata,\n authorizationServerMetadata,\n credentialDataSupplier,\n },\n context,\n )\n ).build()\n}\n\nexport async function createAuthRequestUriCallback(opts: { path: string; presentationDefinitionId: string }): Promise<() => Promise<string>> {\n async function authRequestUriCallback(): Promise<string> {\n const path = opts.path.replace(':definitionId', opts.presentationDefinitionId)\n return fetch(path, {\n method: 'POST',\n headers: {\n 'Content-Type': 'application/json',\n },\n }).then(async (response): Promise<string> => {\n if (response.status >= 400) {\n return Promise.reject(Error(await response.text()))\n } else {\n const responseData = await response.json()\n\n if (!responseData.authRequestURI) {\n return Promise.reject(Error('Missing auth request uri in response body'))\n }\n\n return responseData.authRequestURI\n }\n })\n }\n\n return authRequestUriCallback\n}\n\nexport async function createVerifyAuthResponseCallback(opts: {\n path: string\n presentationDefinitionId: string\n}): Promise<(correlationId: string) => Promise<boolean>> {\n async function verifyAuthResponseCallback(correlationId: string): Promise<boolean> {\n return fetch(opts.path, {\n method: 'POST',\n headers: {\n 'Content-Type': 'application/json',\n },\n body: JSON.stringify({ definitionId: opts.presentationDefinitionId, correlationId }),\n }).then(async (response): Promise<boolean> => {\n if (response.status >= 400) {\n return Promise.reject(Error(await response.text()))\n } else {\n const responseData = await response.json()\n\n if (!responseData.status) {\n return Promise.reject(Error('Missing status in response body'))\n }\n\n return responseData.status === AuthorizationResponseStateStatus.VERIFIED\n }\n })\n }\n\n return verifyAuthResponseCallback\n}\n","import { CredentialDataSupplier, VcIssuer } from '@sphereon/oid4vci-issuer'\nimport { createVciIssuerBuilder } from './functions'\nimport { AuthorizationServerMetadata, IssuerMetadata } from '@sphereon/oid4vci-common'\nimport { IIssuerOptions, IMetadataOptions, IRequiredContext } from './types/IOID4VCIIssuer'\n\nexport class IssuerInstance {\n private _issuer: VcIssuer | undefined\n private readonly _metadataOptions: IMetadataOptions\n private readonly _issuerOptions: IIssuerOptions\n private _issuerMetadata: IssuerMetadata\n private readonly _authorizationServerMetadata: AuthorizationServerMetadata\n\n public constructor({\n issuerOpts,\n metadataOpts,\n issuerMetadata,\n authorizationServerMetadata,\n }: {\n issuerOpts: IIssuerOptions\n metadataOpts: IMetadataOptions\n issuerMetadata: IssuerMetadata\n authorizationServerMetadata: AuthorizationServerMetadata\n }) {\n this._issuerOptions = issuerOpts\n this._metadataOptions = metadataOpts\n this._issuerMetadata = issuerMetadata\n this._authorizationServerMetadata = authorizationServerMetadata\n }\n\n public async get(opts: { context: IRequiredContext; credentialDataSupplier?: CredentialDataSupplier }): Promise<VcIssuer> {\n if (!this._issuer) {\n const builder = await createVciIssuerBuilder(\n {\n issuerOpts: this.issuerOptions,\n issuerMetadata: this.issuerMetadata,\n authorizationServerMetadata: this.authorizationServerMetadata,\n credentialDataSupplier: opts?.credentialDataSupplier,\n },\n opts.context,\n )\n this._issuer = builder.build()\n }\n return this._issuer\n }\n\n get issuerOptions() {\n return this._issuerOptions\n }\n\n get metadataOptions() {\n return this._metadataOptions\n }\n\n get issuerMetadata() {\n return this._issuerMetadata\n }\n\n set issuerMetadata(value: IssuerMetadata) {\n this._issuerMetadata = value\n }\n\n get authorizationServerMetadata() {\n return this._authorizationServerMetadata\n }\n}\n"],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAAA;AAAA,gCAAAA,SAAA;AAAA,IAAAA,QAAA;AAAA,MACE,6BAA+B;AAAA,QAC7B,YAAc;AAAA,UACZ,SAAW;AAAA,YACT,qBAAuB;AAAA,cACrB,MAAQ;AAAA,cACR,YAAc;AAAA,gBACZ,WAAa;AAAA,kBACX,MAAQ;AAAA,gBACV;AAAA,gBACA,sBAAwB;AAAA,cAC1B;AAAA,cACA,UAAY,CAAC,WAAW;AAAA,cACxB,aAAe;AAAA,YACjB;AAAA,YACA,0BAA4B;AAAA,cAC1B,MAAQ;AAAA,cACR,YAAc;AAAA,gBACZ,YAAc;AAAA,kBACZ,MAAQ;AAAA,kBACR,YAAc;AAAA,oBACZ,KAAO;AAAA,sBACL,MAAQ;AAAA,oBACV;AAAA,oBACA,OAAS;AAAA,sBACP,MAAQ;AAAA,oBACV;AAAA,oBACA,UAAY;AAAA,sBACV,MAAQ;AAAA,oBACV;AAAA,oBACA,iBAAmB;AAAA,sBACjB,MAAQ;AAAA,oBACV;AAAA,oBACA,MAAQ;AAAA,sBACN,MAAQ;AAAA,sBACR,OAAS;AAAA,wBACP,MAAQ;AAAA,wBACR,YAAc;AAAA,0BACZ,sBAAwB;AAAA,wBAC1B;AAAA,sBACF;AAAA,oBACF;AAAA,oBACA,UAAY;AAAA,sBACV,MAAQ;AAAA,sBACR,OAAS;AAAA,wBACP,MAAQ;AAAA,wBACR,YAAc;AAAA,0BACZ,sBAAwB;AAAA,wBAC1B;AAAA,sBACF;AAAA,oBACF;AAAA,kBACF;AAAA,kBACA,sBAAwB;AAAA,kBACxB,UAAY,CAAC,OAAO,YAAY,QAAQ,UAAU;AAAA,gBACpD;AAAA,gBACA,WAAa;AAAA,kBACX,MAAQ;AAAA,gBACV;AAAA,gBACA,WAAa;AAAA,kBACX,MAAQ;AAAA,gBACV;AAAA,gBACA,sBAAwB;AAAA,cAC1B;AAAA,cACA,UAAY,CAAC,YAAY;AAAA,cACzB,aAAe;AAAA,YACjB;AAAA,YACA,wBAA0B;AAAA,cACxB,MAAQ;AAAA,cACR,YAAc;AAAA,gBACZ,WAAa;AAAA,kBACX,MAAQ;AAAA,gBACV;AAAA,gBACA,sBAAwB;AAAA,cAC1B;AAAA,cACA,UAAY,CAAC,WAAW;AAAA,cACxB,aAAe;AAAA,YACjB;AAAA,YACA,2BAA6B;AAAA,cAC3B,MAAQ;AAAA,cACR,YAAc;AAAA,gBACZ,WAAa;AAAA,kBACX,MAAQ;AAAA,gBACV;AAAA,gBACA,SAAW;AAAA,kBACT,MAAQ;AAAA,gBACV;AAAA,gBACA,aAAe;AAAA,kBACb,MAAQ;AAAA,gBACV;AAAA,gBACA,sBAAwB;AAAA,cAC1B;AAAA,cACA,UAAY,CAAC,aAAa,WAAW,aAAa;AAAA,cAClD,aAAe;AAAA,YACjB;AAAA,YACA,WAAa;AAAA,cACX,MAAQ;AAAA,cACR,YAAc;AAAA,gBACZ,QAAU;AAAA,kBACR,MAAQ;AAAA,gBACV;AAAA,gBACA,sBAAwB;AAAA,cAC1B;AAAA,cACA,UAAY,CAAC,QAAQ;AAAA,cACrB,aAAe;AAAA,YACjB;AAAA,YACA,yCAA2C;AAAA,cACzC,MAAQ;AAAA,cACR,YAAc;AAAA,gBACZ,WAAa;AAAA,kBACX,MAAQ;AAAA,gBACV;AAAA,gBACA,SAAW;AAAA,kBACT,MAAQ;AAAA,gBACV;AAAA,gBACA,aAAe;AAAA,kBACb,MAAQ;AAAA,gBACV;AAAA,gBACA,sBAAwB;AAAA,cAC1B;AAAA,cACA,UAAY,CAAC,aAAa,WAAW,aAAa;AAAA,cAClD,aAAe;AAAA,YACjB;AAAA,YACA,gCAAkC;AAAA,cAChC,MAAQ;AAAA,cACR,YAAc;AAAA,gBACZ,KAAO;AAAA,kBACL,MAAQ;AAAA,gBACV;AAAA,gBACA,gBAAkB;AAAA,kBAChB,MAAQ;AAAA,kBACR,YAAc;AAAA,oBACZ,sBAAwB;AAAA,kBAC1B;AAAA,gBACF;AAAA,gBACA,cAAgB;AAAA,kBACd,MAAQ;AAAA,kBACR,YAAc;AAAA,oBACZ,sBAAwB;AAAA,kBAC1B;AAAA,gBACF;AAAA,gBACA,sBAAwB;AAAA,cAC1B;AAAA,cACA,UAAY,CAAC,OAAO,kBAAkB,cAAc;AAAA,cACpD,aAAe;AAAA,YACjB;AAAA,YACA,0CAA4C;AAAA,cAC1C,MAAQ;AAAA,cACR,YAAc;AAAA,gBACZ,WAAa;AAAA,kBACX,MAAQ;AAAA,gBACV;AAAA,gBACA,+BAAiC;AAAA,kBAC/B,MAAQ;AAAA,kBACR,YAAc;AAAA,oBACZ,sBAAwB;AAAA,kBAC1B;AAAA,gBACF;AAAA,gBACA,kBAAoB;AAAA,kBAClB,MAAQ;AAAA,kBACR,YAAc;AAAA,oBACZ,sBAAwB;AAAA,kBAC1B;AAAA,gBACF;AAAA,gBACA,sBAAwB;AAAA,cAC1B;AAAA,cACA,UAAY,CAAC,aAAa,+BAA+B;AAAA,cACzD,aAAe;AAAA,YACjB;AAAA,YACA,qBAAuB;AAAA,cACrB,MAAQ;AAAA,cACR,YAAc;AAAA,gBACZ,IAAM;AAAA,kBACJ,MAAQ;AAAA,gBACV;AAAA,gBACA,aAAe;AAAA,kBACb,MAAQ;AAAA,kBACR,OAAS;AAAA,oBACP,MAAQ;AAAA,kBACV;AAAA,gBACF;AAAA,gBACA,gBAAkB;AAAA,kBAChB,MAAQ;AAAA,kBACR,YAAc;AAAA,oBACZ,sBAAwB;AAAA,kBAC1B;AAAA,gBACF;AAAA,gBACA,sBAAwB;AAAA,cAC1B;AAAA,cACA,UAAY,CAAC,MAAM,gBAAgB;AAAA,cACnC,aAAe;AAAA,YACjB;AAAA,YACA,yCAA2C;AAAA,cACzC,MAAQ;AAAA,cACR,YAAc;AAAA,gBACZ,WAAa;AAAA,kBACX,MAAQ;AAAA,gBACV;AAAA,gBACA,gCAAkC;AAAA,kBAChC,MAAQ;AAAA,kBACR,YAAc;AAAA,oBACZ,sBAAwB;AAAA,kBAC1B;AAAA,gBACF;AAAA,gBACA,sBAAwB;AAAA,cAC1B;AAAA,cACA,UAAY,CAAC,aAAa,gCAAgC;AAAA,cAC1D,aAAe;AAAA,YACjB;AAAA,YACA,8BAAgC;AAAA,cAC9B,MAAQ;AAAA,cACR,YAAc;AAAA,gBACZ,SAAW;AAAA,kBACT,MAAQ;AAAA,kBACR,YAAc;AAAA,oBACZ,sBAAwB;AAAA,kBAC1B;AAAA,gBACF;AAAA,gBACA,yBAA2B;AAAA,kBACzB,MAAQ;AAAA,kBACR,YAAc;AAAA,oBACZ,sBAAwB;AAAA,kBAC1B;AAAA,gBACF;AAAA,gBACA,YAAc;AAAA,kBACZ,MAAQ;AAAA,kBACR,YAAc;AAAA,oBACZ,sBAAwB;AAAA,kBAC1B;AAAA,gBACF;AAAA,gBACA,sBAAwB;AAAA,cAC1B;AAAA,cACA,UAAY,CAAC,WAAW,YAAY;AAAA,cACpC,aAAe;AAAA,YACjB;AAAA,YACA,qCAAuC;AAAA,cACrC,MAAQ;AAAA,cACR,YAAc;AAAA,gBACZ,WAAa;AAAA,kBACX,MAAQ;AAAA,gBACV;AAAA,gBACA,+BAAiC;AAAA,kBAC/B,MAAQ;AAAA,kBACR,YAAc;AAAA,oBACZ,sBAAwB;AAAA,kBAC1B;AAAA,gBACF;AAAA,gBACA,gCAAkC;AAAA,kBAChC,MAAQ;AAAA,kBACR,YAAc;AAAA,oBACZ,sBAAwB;AAAA,kBAC1B;AAAA,gBACF;AAAA,gBACA,sBAAwB;AAAA,cAC1B;AAAA,cACA,UAAY,CAAC,aAAa,+BAA+B;AAAA,cACzD,aAAe;AAAA,YACjB;AAAA,UACF;AAAA,UACA,SAAW;AAAA,YACT,mBAAqB;AAAA,cACnB,aAAe;AAAA,cACf,WAAa;AAAA,gBACX,MAAQ;AAAA,cACV;AAAA,cACA,YAAc;AAAA,YAChB;AAAA,YACA,wBAA0B;AAAA,cACxB,aAAe;AAAA,cACf,WAAa;AAAA,gBACX,MAAQ;AAAA,cACV;AAAA,cACA,YAAc;AAAA,YAChB;AAAA,YACA,sBAAwB;AAAA,cACtB,aAAe;AAAA,cACf,WAAa;AAAA,gBACX,MAAQ;AAAA,cACV;AAAA,cACA,YAAc;AAAA,YAChB;AAAA,YACA,sBAAwB;AAAA,cACtB,aAAe;AAAA,cACf,WAAa;AAAA,gBACX,MAAQ;AAAA,cACV;AAAA,cACA,YAAc;AAAA,gBACZ,MAAQ;AAAA,cACV;AAAA,YACF;AAAA,YACA,oCAAsC;AAAA,cACpC,aAAe;AAAA,cACf,WAAa;AAAA,gBACX,MAAQ;AAAA,cACV;AAAA,cACA,YAAc;AAAA,gBACZ,MAAQ;AAAA,cACV;AAAA,YACF;AAAA,YACA,qCAAuC;AAAA,cACrC,aAAe;AAAA,cACf,WAAa;AAAA,gBACX,MAAQ;AAAA,cACV;AAAA,cACA,YAAc;AAAA,gBACZ,MAAQ;AAAA,cACV;AAAA,YACF;AAAA,YACA,oCAAsC;AAAA,cACpC,aAAe;AAAA,cACf,WAAa;AAAA,gBACX,MAAQ;AAAA,cACV;AAAA,cACA,YAAc;AAAA,gBACZ,MAAQ;AAAA,cACV;AAAA,YACF;AAAA,YACA,gCAAkC;AAAA,cAChC,aAAe;AAAA,cACf,WAAa;AAAA,gBACX,MAAQ;AAAA,cACV;AAAA,cACA,YAAc;AAAA,gBACZ,MAAQ;AAAA,cACV;AAAA,YACF;AAAA,UACF;AAAA,QACF;AAAA,MACF;AAAA,IACF;AAAA;AAAA;;;ACxUA;;;;;;;;;;;;;;;;;ACAA,4BAOO;AACP,IAAAC,yBAAmF;AACnF,4BAAkC;AAClC,IAAAC,sBAAiC;;;ACVjC,2BAAiD;AAYjD,4BAAqH;AACrH,yBAA8C;AAC9C,IAAAC,sBAA6E;AAC7E,qBAAiC;AAGjC,uBAAuF;AAEvF,mBAA8B;AAC9B,yBAAkB;AAClB,qBAAkE;AAElE,wBAA0B;AAGnB,SAASC,qBAAqB,EAAEC,WAAU,GAAuCC,UAA0B;AAChH,SAAO,OAAOC,SAAAA;AACZ,UAAMC,eAAWC,qCAAiBH,UAAU;MAC1CI,oBAAoB;MACpBC,uBAAuB;MACvBC,iBAAiB;IACnB,CAAA;AACAP,iBAAa;MAAE,GAAGA;MAAYG,UAAUH,YAAYG;IAAS;AAC7D,QAAI,CAACH,YAAYG,YAAY,OAAOH,YAAYG,UAAUK,YAAY,YAAY;AAChFR,iBAAWG,WAAWA;IACxB;AACA,UAAMM,SAAS,MAAMR,SAASS,MAAMC,sBAAsB;MAAEC,KAAKV,KAAKW;IAAI,CAAA;AAC1E,QAAI,CAACJ,OAAOK,OAAO;AACjB,YAAMC,aAAaN,OAAOG,IAAII,WAAW,CAAA,EAAGD;AAC5C,UAAI,CAACA,YAAY;AACf,eAAOE,QAAQC,OAAOC,MAAM,wDAAA,CAAA;MAC9B;AACA,YAAMC,UAAUL,WAAWM,KAAK,CAAA;AAChC,UAAI,CAACD,SAAS;AACZ,eAAOH,QAAQC,OAAOC,MAAM,0BAA0BJ,WAAWO,MAAM,oCAAoC,CAAA;MAC7G;AACA,YAAM,EAAEC,KAAAA,KAAG,IAAKH,QAAQI;AACxB,YAAMC,aAASC,6BAAqBxB,KAAKW,KAAK;QAAEY,QAAQ;MAAK,CAAA;AAC7D,YAAME,cAAUD,6BAAsBxB,KAAKW,KAAK;QAAEY,QAAQ;MAAM,CAAA;AAChE,YAAMG,OAAM1B,KAAK0B,OAAOH,OAAOG;AAE/B,YAAMJ,MAAMJ,QAAQI;AACpB,aAAO;QACLD,KAAAA;QACA,GAAGR;QACHF,KAAK;UAAEY;UAAQE;QAAQ;QACvB,GAAIC,QAAO;UAAEA,KAAAA;QAAI;QACjB,GAAIJ,OAAO;UAAEA;QAAI;MACnB;IACF;AAEA,UAAMK,aAAc,UAAMC,0BAAU5B,KAAKW,GAAG;AAC5C,UAAMe,MAAM1B,KAAK0B,OAAOC,WAAWJ,OAAOG;AAE1C,QAAI,CAACA,OAAO,CAACA,IAAIG,WAAW,MAAA,GAAS;AAEnC,aAAO;QACLR,KAAKM,WAAWJ,OAAOF;QACvBV,KAAKgB;MACP;IACF;AACA,UAAMG,MAAMJ,IAAIK,MAAM,GAAA,EAAK,CAAA;AAE3B,UAAMC,YAAY,UAAMC,0BAAUjC,KAAKW,KAAKb,UAAAA;AAC5C,QAAI,CAACkC,UAAUE,UAAU;AACvBC,cAAQC,IAAI,gBAAgBpC,KAAKW,GAAG,EAAE;AACtC,YAAMM,MAAM,iCAAA;IACd;AAEA,UAAMoB,gBAAgB,MAAMpC,SAASK,QAAQwB,GAAAA;AAC7C,QAAI,CAACO,iBAAiB,CAACA,cAAcC,aAAa;AAChD,YAAMrB,MAAM,0BAA0Ba,GAAAA,eAAkBO,eAAeE,qBAAAA,EAAuB;IAChG;AAEA,UAAMlB,MAAMM,WAAWJ,OAAOF;AAC9B,WAAO;MACLA;MACAK;MACAI;MACAQ,aAAaD,cAAcC;MAC3B3B,KAAKgB;IACP;EACF;AACF;AApEgB9B;AAsEhB,eAAsB2C,qBACpBC,MAkBAC,SAAyB;AAEzB,MAAI7B,iBAAa8B,mDAA8BF,IAAAA;AAC/C,SAAO,MAAMC,QAAQlC,MAAMoC,qBAAqB/B,UAAAA;AAClD;AAvBsB2B;AAyBtB,eAAsBK,6BACpBJ,MAkBAC,SAAyB;AAEzB,QAAMI,SAAS,8BAAOC,SAAAA;AACpB,QAAIC,YAAYC;AAEhB,UAAMC,aAAa,UAAMP,mDAA8BF,IAAAA;AACvD,UAAMU,SAASD,WAAWE;AAC1B,QAAI,CAACD,QAAQ;AACX,YAAMlC,MAAM,6CAAA;IACd;AACA,QAAI,OAAO8B,SAAS,UAAU;AAC5BC,mBAAaD;AACbE,iBAAWI;IACb,OAAO;AACLL,uBAAaM,4BAAcP,IAAAA;AAC3BE,iBAAW;IACb;AACA,WAAOP,QAAQlC,MAAM+C,eAAe;MAAEJ;MAAQJ,MAAMC;MAAYC;IAAS,CAAA;EAC3E,GAhBe;AAkBf,iBAAeO,0BAA0B7C,KAAUe,KAAY;AAC7D,UAAM+B,SACJhB,KAAKiB,QAAQD,WACZ,OAAOhB,KAAKiB,QAAQ7C,eAAe,WAAW4B,KAAKiB,OAAO7C,aAAc4B,KAAKkB,SAASD,QAAQ7C,YAAY+C,SAAAA,KAAcnB,MAAMoB;AACjI,QAAI,CAACJ,QAAQ;AACX,YAAMxC,MAAM,wCAAA;IACd;AAEA,QAAI6C,YAAgCnD,KAAKY,QAAQG,OAAOA;AACxD,QAAI,CAACoC,WAAW;AACd,UACErB,KAAKiB,QAAQtC,WAAW,SACxBqB,KAAKiB,QAAQtC,WAAW,SACvB,OAAOqB,KAAKkB,SAASD,OAAO7C,eAAe,YAAY4B,KAAKkB,SAASD,QAAQ7C,YAAYgB,WAAW,MAAA,GACrG;AAEAiC,oBAAYrB,KAAKiB,QAAQhC,OAAOe,KAAKkB,SAASD,QAAQhC,OAAOe,MAAMkB,SAASI,gBAAgBrC;MAC9F;IACF;AACA,WAAO,UAAMsC,0BAAUrD,IAAIc,SAAS;MAAEqB;MAAQW;IAAO,GAAG;MAAE,GAAG9C,IAAIY;MAAQ,GAAIuC,aAAa;QAAEpC,KAAKoC;MAAU;MAAIG,KAAK;IAAM,CAAA;EAC5H;AApBeT;AAsBf,SAAOA;AACT;AA9DsBX;AAgEtB,eAAsBqB,4BACpBR,QAGAhB,SAAyB;AAEzB,iBAAeyB,gBAAgBnE,MAM9B;AACC,UAAM,EAAEoE,iBAAiBC,QAAQC,YAAW,IAAKtE;AACjD,UAAMuE,aAAavE,KAAKuE;AACxB,QAAIC;AAEJ,UAAMtB,aAAa,MAAMR,QAAQlC,MAAMoC,qBAAqBc,MAAAA;AAC5Dc,kBAAcH,QAAQI,SAAS,IAAA,IAAQ,QAAQ;AAC/C,UAAMhB,SAASP,WAAWO,UAAUP,WAAWE;AAE/C,QAAIsB,kCAAiBC,gBAAgBJ,UAAAA,GAAa;AAChD,UAAI,CAACA,WAAWd,QAAQ;AACtBc,mBAAWd,SAAS;UAAEmB,IAAInB;QAAO;MACnC,WAAW,OAAOc,WAAWd,WAAW,YAAY,CAACc,WAAWd,OAAOmB,IAAI;AACzEL,mBAAWd,OAAOmB,KAAKnB;MACzB;AACA,YAAMoB,iBAAiBC,MAAMC,QAAQR,WAAWS,iBAAiB;AACjE,UAAIC,qBAAqBH,MAAMC,QAAQR,WAAWS,iBAAiB,IAAIT,WAAWS,oBAAoB;QAACT,WAAWS;;AAClHC,2BAAqBA,mBAAmBC,IAAI,CAACC,YAAAA;AAC3C,YAAI,CAACA,QAAQP,IAAI;AACfO,kBAAQP,KAAKR,gBAAgBtC;QAC/B;AACA,eAAOqD;MACT,CAAA;AACAZ,iBAAWS,oBAAoBH,iBAAiBI,qBAAqBA,mBAAmB,CAAA;AAGxF,cAAIG,iCAAoC1C,SAAS,yBAAA,GAA4B;AAE3E,cAAM2C,qBAAqB,MAAM3C,QAAQlC,MAAM8E,wBAAwB;UAAEf;UAAYD;QAAY,CAAA;AACjG,YAAIC,WAAWgB,oBAAoB,CAAChB,WAAWgB,iBAAiBC,sBAAsB;AACpFjB,qBAAWgB,mBAAmBF,mBAAmBE;QAEnD;MACF;AAEA,YAAMhF,SAAS,MAAMmC,QAAQlC,MAAMiF,2BAA2B;QAC5DlB;QACAC;QACAkB,sBAAsB;QACtBC,qBAAqB;QACrBC,QAAQ,OAAOrB,WAAWd,WAAW,WAAWc,WAAWd,OAAOmB,KAAKL,WAAWd;QAClF,GAAIP,WAAWxB,OAAO;UAAEH,QAAQ;YAAEG,KAAKwB,WAAWxB;UAAI;QAAE;MAC1D,CAAA;AACA,aAAQ8C,gBAAgB,SAAS,SAASjE,OAAOsF,QAAQtF,OAAOsF,MAAMlF,MAAMJ;IAC9E,WAAWmE,kCAAiBoB,gCAAgCvB,UAAAA,GAAa;AACvE,YAAMwB,eAAexB;AACrB,UAAIwB,aAAalC,QAAQR,QAAW;AAClC0C,qBAAalC,MAAMJ;MACrB;AACA,UAAIsC,aAAaC,QAAQ3C,QAAW;AAClC0C,qBAAaC,MAAMC,KAAKC,OAAM,oBAAIC,KAAAA,GAAOC,QAAO,IAAK,GAAA;MACvD;AAEA,UAAIC;AACJ,UAAI,qBAAqB9B,YAAY;AACnC8B,0BAAkB9B,WAAW,iBAAA;AAC7B,eAAOA,WAAW,iBAAA;MACpB,OAAO;AACL8B,0BAAkB;UAChBC,KAAK/B,WAAW,KAAA;QAClB;MACF;AAEA,cAAIa,iCAAoC1C,SAAS,8BAAA,GAAiC;AAChF,YAAKqD,aAAaQ,UAAUR,aAAaQ,OAAOC,eAAiBlC,eAAeA,YAAYmC,SAAS,GAAI;AAEvG,gBAAMC,yBAAyB,MAAMhE,QAAQlC,MAAMmG,6BAA6B;YAAEpC,YAAYwB;YAAczB;UAAY,CAAA;AACxH,cAAIyB,aAAaQ,QAAQC,aAAaI,KAAK;AACzC,gBAAI,CAACF,uBAAuBH,UAAU,CAACG,uBAAuBH,OAAOC,aAAa;AAEhF,qBAAOzF,QAAQC,OAAOC,MAAM,2DAAA,CAAA;YAC9B;AAGA,gBAAIqD,eAAeA,YAAYmC,SAAS,GAAG;AACzC,oBAAMI,aAAavC,YAAY,CAAA;AAC/BuC,yBAAWC,eAAeJ,uBAAuBH,OAAOC,YAAYO;AACpEF,yBAAWG,kBAAkBN,uBAAuBH,OAAOC,YAAYI;YACzE;AACAb,yBAAaQ,OAAOC,YAAYI,MAAMF,uBAAuBH,OAAOC,YAAYI;UAClF;QACF;MACF;AAEA,YAAMrG,SAAS,MAAMmC,QAAQlC,MAAMyG,cAAc;QAC/CC,mBAAmBnB;QACnBM;QACAnD;MACF,CAAA;AACA,aAAO3C,OAAOgE;IAChB;AAGA,WAAOxD,QAAQC,OAAO,yEAAA;EACxB;AApGemD;AAsGf,SAAOA;AACT;AA7GsBD;AA+GtB,eAAsBiD,uBACpBnH,MAOA0C,SAAyB;AAEzB,QAAM,EAAE0E,YAAYC,gBAAgBC,4BAA2B,IAAKtH;AAEpE,QAAMuH,UAAU,IAAIC,sCAAAA;AAEpB,QAAMvH,WACJD,KAAKC,YACLD,MAAMoH,YAAYzD,SAAS8D,aAAaxH,YACxCD,KAAKoH,YAAYzD,SAAS8D,aAAaC,eAAezH,gBACtDC,qCAAiBwC,OAAAA;AACnB,MAAI,CAACzC,UAAU;AACb,UAAMgB,MAAM,4CAAA;EACd;AACA,QAAMyC,aAASf,mDAA8B;IAAEgB,SAASyD,WAAWzD;IAASD,QAAQ0D,WAAW1D;EAAO,CAAA;AACtG,QAAMgE,gBAAkC;IACtC,GAAGN,YAAYzD,SAAS8D,aAAaC;IACrC,GAAG1H,MAAMoH,YAAYK,aAAaC;IAClCzH;IACA0H,UAAUN,eAAeO;EAC3B;AACAL,UAAQM,mBAAmBR,cAAAA;AAC3BE,UAAQO,0BAA0BR,2BAAAA;AAElCC,UAAQQ,6BAA6B,MAAM7D,4BAA4BR,QAAQhB,OAAAA,CAAAA;AAC/E,MAAI0E,WAAWY,eAAe;AAC5BT,YAAQU,kBAAkBb,WAAWY,aAAa;EACpD,WAAWX,eAAea,gBAAgB;AACxCX,YAAQU,kBAAkBb,WAAWY,iBAAiBX,eAAea,cAAc;EACrF;AAEA,MAAId,WAAWe,cAAc;AAC3BZ,YAAQa,qBAAqBhB,WAAWe,YAAY;EAKtD;AAEAZ,UAAQc,sBAAsBxI,qBAAqB;IAAEC,YAAY4H;EAAc,GAAGhF,OAAAA,CAAAA;AAElF,MAAI1C,KAAKsI,wBAAwB;AAC/Bf,YAAQgB,2BAA2BvI,KAAKsI,sBAAsB;EAChE;AACAf,UAAQiB,wBAAuB;AAC/BjB,UAAQkB,iCAAgC;AACxClB,UAAQmB,oCAAmC;AAE3C,SAAOnB;AACT;AAzDsBJ;AA2DtB,eAAsBwB,gBACpB,EACEvB,YACAC,gBACAC,6BACAgB,uBAAsB,GAOxB5F,SAAyB;AAEzB,UACE,MAAMyE,uBACJ;IACEC;IACAC;IACAC;IACAgB;EACF,GACA5F,OAAAA,GAEFkG,MAAK;AACT;AAzBsBD;AA2BtB,eAAsBE,6BAA6BpG,MAAwD;AACzG,iBAAeqG,yBAAAA;AACb,UAAMC,OAAOtG,KAAKsG,KAAKC,QAAQ,iBAAiBvG,KAAKwG,wBAAwB;AAC7E,eAAOC,mBAAAA,SAAMH,MAAM;MACjB3H,QAAQ;MACR+H,SAAS;QACP,gBAAgB;MAClB;IACF,CAAA,EAAGC,KAAK,OAAOC,aAAAA;AACb,UAAIA,SAAS9C,UAAU,KAAK;AAC1B,eAAOxF,QAAQC,OAAOC,MAAM,MAAMoI,SAASC,KAAI,CAAA,CAAA;MACjD,OAAO;AACL,cAAMC,eAAe,MAAMF,SAASG,KAAI;AAExC,YAAI,CAACD,aAAaE,gBAAgB;AAChC,iBAAO1I,QAAQC,OAAOC,MAAM,2CAAA,CAAA;QAC9B;AAEA,eAAOsI,aAAaE;MACtB;IACF,CAAA;EACF;AApBeX;AAsBf,SAAOA;AACT;AAxBsBD;AA0BtB,eAAsBa,iCAAiCjH,MAGtD;AACC,iBAAekH,2BAA2BC,eAAqB;AAC7D,eAAOV,mBAAAA,SAAMzG,KAAKsG,MAAM;MACtB3H,QAAQ;MACR+H,SAAS;QACP,gBAAgB;MAClB;MACAU,MAAMC,KAAKC,UAAU;QAAEC,cAAcvH,KAAKwG;QAA0BW;MAAc,CAAA;IACpF,CAAA,EAAGR,KAAK,OAAOC,aAAAA;AACb,UAAIA,SAAS9C,UAAU,KAAK;AAC1B,eAAOxF,QAAQC,OAAOC,MAAM,MAAMoI,SAASC,KAAI,CAAA,CAAA;MACjD,OAAO;AACL,cAAMC,eAAe,MAAMF,SAASG,KAAI;AAExC,YAAI,CAACD,aAAahD,QAAQ;AACxB,iBAAOxF,QAAQC,OAAOC,MAAM,iCAAA,CAAA;QAC9B;AAEA,eAAOsI,aAAahD,WAAW0D,sDAAiCC;MAClE;IACF,CAAA;EACF;AApBeP;AAsBf,SAAOA;AACT;AA3BsBD;;;ACpZf,IAAMS,iBAAN,MAAMA;EAJb,OAIaA;;;EACHC;EACSC;EACAC;EACTC;EACSC;EAEjB,YAAmB,EACjBC,YACAC,cACAC,gBACAC,4BAA2B,GAM1B;AACD,SAAKN,iBAAiBG;AACtB,SAAKJ,mBAAmBK;AACxB,SAAKH,kBAAkBI;AACvB,SAAKH,+BAA+BI;EACtC;EAEA,MAAaC,IAAIC,MAAyG;AACxH,QAAI,CAAC,KAAKV,SAAS;AACjB,YAAMW,UAAU,MAAMC,uBACpB;QACEP,YAAY,KAAKQ;QACjBN,gBAAgB,KAAKA;QACrBC,6BAA6B,KAAKA;QAClCM,wBAAwBJ,MAAMI;MAChC,GACAJ,KAAKK,OAAO;AAEd,WAAKf,UAAUW,QAAQK,MAAK;IAC9B;AACA,WAAO,KAAKhB;EACd;EAEA,IAAIa,gBAAgB;AAClB,WAAO,KAAKX;EACd;EAEA,IAAIe,kBAAkB;AACpB,WAAO,KAAKhB;EACd;EAEA,IAAIM,iBAAiB;AACnB,WAAO,KAAKJ;EACd;EAEA,IAAII,eAAeW,OAAuB;AACxC,SAAKf,kBAAkBe;EACzB;EAEA,IAAIV,8BAA8B;AAChC,WAAO,KAAKJ;EACd;AACF;;;AFnCO,IAAMe,gBAAN,MAAMA,eAAAA;EA7Bb,OA6BaA;;;EACX,OAAwBC,oBAAoB;EAC3BC,YAAyC,oBAAIC,IAAAA;EACrDC,SAASA,OAAOC;EAEhBC,UAA0B;IACjCC,uBAAuB,KAAKA,sBAAsBC,KAAK,IAAI;IAC3DC,wBAAwB,KAAKA,uBAAuBD,KAAK,IAAI;IAC7DE,kCAAkC,KAAKA,iCAAiCF,KAAK,IAAI;IACjFG,oBAAoB,KAAKA,mBAAmBH,KAAK,IAAI;EACvD;EACQI;EAER,YAAYC,MAA2B;AACrC,SAAKD,QAAQC,QAAQ,CAAC;EACxB;EAEA,MAAcN,sBAAsBO,YAA8BC,SAAqE;AACrI,WAAO,MAAM,KAAKJ,mBAAmBG,YAAYC,OAAAA,EAC9CC,KAAK,CAACC,aAAaA,SAASC,IAAI;MAAEH;IAAQ,CAAA,CAAA,EAC1CC,KAAK,CAACG,WACLA,OAAOC,yBAAyBN,UAAAA,EAAYE,KAAK,CAACK,aAAAA;AAChD,YAAMC,SAA0CD;AAChD,UAAI,KAAKT,MAAMW,mBAAmB,OAAO;AACvC,eAAOD,OAAOE;MAChB;AACA,aAAOF;IACT,CAAA,CAAA;EAEN;EAEA,MAAcb,uBAAuBgB,WAAiCV,SAAwD;AAC5H,WAAO,MAAM,KAAKJ,mBAAmBc,WAAWV,OAAAA,EAC7CC,KAAK,CAACC,aAAaA,SAASC,IAAI;MAAEH;IAAQ,CAAA,CAAA,EAC1CC,KAAK,CAACG,WAAqBA,OAAOO,gBAAgBD,SAAAA,CAAAA;EACvD;EAEA,MAAcf,iCACZiB,iBACAZ,SAC8B;AAC9B,WAAO,MAAM,KAAKJ,mBAAmBgB,iBAAiBZ,OAAAA,EAASC,KAAK,OAAOC,aAAAA;AACzE,YAAME,SAAS,MAAMF,SAASC,IAAI;QAAEH;MAAQ,CAAA;AAE5C,gBAAMa,sDAA8BD,gBAAgBE,SAAS;QAC3DC,yBAAyBX,OAAOW;QAChCC,oBAAoBJ,gBAAgBI;MACtC,CAAA;AACA,YAAMC,oBAAoBf,SAASgB,cAAcC,QAAQf,UAAUF,SAASgB,cAAcE,SAASD,OAAOE,WAAWC,SAAAA;AACrH,UAAI,CAACL,mBAAmB;AACtB,eAAOM,QAAQC,OAAOC,MAAM,yCAAyC,CAAA;MACvE;AACA,iBAAOC,kDAA0Bd,gBAAgBE,SAAS;QACxDG;QACAU,gBAAgBf,gBAAgBI;QAChCY,iBAAiBhB,gBAAgBI;QACjCa,SAASzB,OAAOyB;QAChBd,yBAAyBX,OAAOW;QAChCe,2BAA2B,MAAMC,6BAA6B7B,SAASgB,eAAelB,OAAAA;MACxF,CAAA;IACF,CAAA;EACF;EAEQgC,cAAcC,gBAAoD;AACxE,QAAI,2BAA2BA,kBAAkBC,MAAMC,QAAQF,eAAeG,qBAAqB,GAAG;AACpG,aAAOH,eAAeG,sBAAsBC,KAAK,CAACC,OAAOA,OAAOL,eAAeM,iBAAiB;IAClG;AACA,WAAOC;EACT;EAEA,MAAcC,qBAAqBC,MAA2B1C,SAAoD;AAChH,UAAM2C,mBAAmBD,KAAKC,oBAAoB1D,eAAcC;AAGhE,UAAM0D,eAAe,MAAM,KAAKC,gBAAgB;MAAE,GAAGH;MAAMC;IAAiB,GAAG3C,OAAAA;AAC/E,UAAMiC,iBAAiB,MAAM,KAAKa,kBAAkB;MAAE,GAAGJ;MAAMC;IAAiB,GAAG3C,OAAAA;AACnF,UAAM+C,aAAa,KAAKf,cAAcC,cAAAA;AACtC,QAAIe,qBAA8ER;AAClF,QAAIO,YAAY;AAEdC,2BAAqB,UAAMC,yCAAkBF,YAAYG,yCAAmBC,sBAAsB;QAChGC,iBAAiB;MACnB,CAAA;AACA,UAAI,CAACJ,oBAAoB;AACvBA,6BAAqB,UAAMC,yCAAkBF,YAAYG,yCAAmBG,UAAU;UACpFD,iBAAiB;QACnB,CAAA;MACF;IACF;AACA,UAAME,8BAA8BN,oBAAoBO,cACpDP,mBAAoBO,cACpB,MAAM,KAAKC,wCACT;MACE,GAAGd;MACHC;IACF,GACA3C,OAAAA;AAEN,UAAMyD,aAAa,MAAM,KAAKC,uBAAuB;MAAE,GAAGhB;MAAMC;IAAiB,GAAG3C,OAAAA;AACpF,QAAI,CAACyD,WAAWE,aAAa;AAC3BF,iBAAWE,cAAc;QAAE,GAAGF,WAAWrC,SAASuC;QAAa,GAAG,KAAK9D,MAAM8D;MAAY;IAC3F;AACA,QAAI,CAACF,WAAWE,aAAaC,UAAU;AACrCH,iBAAWE,YAAYC,eAAWC,sCAAiB7D,OAAAA;IACrD;AACA,SAAKb,UAAU2E,IACbnB,kBACA,IAAIoB,eAAe;MACjBN;MACAb;MACAX;MACAqB;IACF,CAAA,CAAA;AAEF,WAAO,KAAK1D,mBAAmB8C,MAAM1C,OAAAA;EACvC;EAEA,MAAaJ,mBAAmB8C,MAA2B1C,SAAoD;AAC7G,UAAM2C,mBAAmBD,KAAKC,oBAAoB1D,eAAcC;AAEhE,QAAI,CAAC,KAAKC,UAAU6E,IAAIrB,gBAAAA,GAAmB;AACzC,YAAM,KAAKF,qBAAqBC,MAAM1C,OAAAA;IACxC;AACA,WAAO,KAAKb,UAAUgB,IAAIwC,gBAAAA;EAC5B;EAEA,MAAce,uBACZ5D,MAKAE,SACyB;AACzB,UAAM2C,mBAAmB7C,KAAK6C;AAC9B,UAAMsB,UAAU,MAAM,KAAKA,QAAQnE,MAAME,OAAAA;AACzC,UAAMkE,YAAY,MAAM,KAAKA,UAAUpE,MAAME,OAAAA;AAC7C,UAAMmE,UAAU,MAAMnE,QAAQoE,MAAMC,0BAA0B;MAC5DC,cAAc;MACdC,eAAe5B;MACfsB;MACAC;IACF,CAAA;AACA,QAAI,CAACC,SAAS;AACZ,YAAM1C,MAAM,6DAA6DkB,gBAAAA,EAAkB;IAC7F;AACA,WAAOwB;EACT;EAEA,MAActB,gBACZ/C,MAKAE,SAC2B;AAC3B,UAAM2C,mBAAmB7C,KAAK6C;AAC9B,UAAMsB,UAAU,MAAM,KAAKA,QAAQnE,MAAME,OAAAA;AACzC,UAAMwE,iBAAiB,MAAM,KAAKN,UAAUpE,MAAME,OAAAA;AAClD,WAAO;MAAE2C;MAAkBsB;MAASO;IAAe;EACrD;EAEA,MAAc1B,kBACZhD,MAKAE,SACyB;AACzB,UAAM4C,eAAe,MAAM,KAAKC,gBAAgB/C,MAAME,OAAAA;AACtD,UAAMyE,WAAY,MAAMzE,QAAQoE,MAAMM,wBAAwB;MAC5DJ,cAAc;MACdC,eAAe3B,aAAaD;MAC5BuB,WAAWtB,aAAa4B;MACxBP,SAASrB,aAAaqB;IACxB,CAAA;AACA,QAAI,CAACQ,UAAU;AACb,YAAMhD,MAAM,wCAAwC3B,KAAK6C,gBAAgB,eAAe7C,KAAKoE,SAAS,cAAcpE,KAAKmE,OAAO,EAAE;IACpI;AACA,WAAOQ;EACT;EAEA,MAAcjB,wCACZ1D,MAKAE,SACsC;AACtC,UAAM4C,eAAe,MAAM,KAAKC,gBAAgB/C,MAAME,OAAAA;AACtD,UAAMyE,WAAY,MAAMzE,QAAQoE,MAAMM,wBAAwB;MAC5DJ,cAAc;MACdC,eAAe3B,aAAaD;MAC5BuB,WAAWtB,aAAa4B;MACxBP,SAASrB,aAAaqB;IACxB,CAAA;AACA,QAAI,CAACQ,UAAU;AACb,YAAMhD,MACJ,wBAAwB3B,KAAK6C,gBAAgB,sCAAsCC,aAAa4B,cAAc,cAAc5B,aAAaqB,OAAO,EAAE;IAEtJ;AACA,WAAOQ;EACT;EAEA,MAAcR,QAAQnE,MAA6BE,SAA6C;AAC9F,UAAMiE,UAAUnE,MAAMmE,WAAW,KAAKpE,OAAO8E,kBAAmB,MAAM3E,SAASoE,MAAMQ,2BAAAA;AACrF,QAAI,CAACX,SAAS;AACZ,YAAMxC,MAAM,iGAAA;IACd;AACA,WAAOwC;EACT;EAEA,MAAcC,UAAUpE,MAA+BE,SAA6C;AAClG,UAAMkE,YAAYpE,MAAMoE,aAAa,KAAKrE,OAAOgF,oBAAqB,MAAM7E,SAASoE,MAAMU,6BAAAA;AAC3F,QAAI,CAACZ,WAAW;AACd,YAAMzC,MAAM,mGAAA;IACd;AACA,WAAOyC;EACT;AACF;;;ADxPA,IAAMa,SAASC;","names":["module","import_oid4vci_issuer","import_ssi_sdk_ext","import_ssi_sdk_ext","getJwtVerifyCallback","verifyOpts","_context","args","resolver","getAgentResolver","resolverResolution","uniresolverResolution","localResolution","resolve","result","agent","jwtVerifyJwsSignature","jws","jwt","error","identifier","signatures","Promise","reject","Error","jwkInfo","jwks","method","alg","jwk","header","jwtDecode","payload","kid","decodedJwt","decodeJWT","startsWith","did","split","didResult","verifyJWT","verified","console","log","didResolution","didDocument","didResolutionMetadata","getAccessTokenKeyRef","opts","context","legacyKeyRefsToIdentifierOpts","identifierManagedGet","getAccessTokenSignerCallback","signer","data","dataString","encoding","resolution","keyRef","kmsKeyRef","undefined","bytesToBase64","keyManagerSign","accessTokenSignerCallback","issuer","idOpts","didOpts","toString","iss","kidHeader","identifierOpts","createJWT","typ","getCredentialSignerCallback","issueVCCallback","jwtVerifyResult","format","statusLists","credential","proofFormat","includes","CredentialMapper","isW3cCredential","id","subjectIsArray","Array","isArray","credentialSubject","credentialSubjects","map","subject","contextHasPlugin","credentialStatusVC","slAddStatusToCredential","credentialStatus","statusListCredential","createVerifiableCredential","removeOriginalFields","fetchRemoteContexts","domain","proof","isSdJwtDecodedCredentialPayload","sdJwtPayload","iat","Math","floor","Date","getTime","disclosureFrame","_sd","status","status_list","length","sdJwtPayloadWithStatus","slAddStatusToSdJwtCredential","idx","statusList","statusListId","uri","statusListIndex","createSdJwtVc","credentialPayload","createVciIssuerBuilder","issuerOpts","issuerMetadata","authorizationServerMetadata","builder","VcIssuerBuilder","resolveOpts","jwtVerifyOpts","audience","credential_issuer","withIssuerMetadata","withAuthorizationMetadata","withCredentialSignerCallback","nonceEndpoint","withNonceEndpoint","nonce_endpoint","asClientOpts","withASClientMetadata","withJWTVerifyCallback","credentialDataSupplier","withCredentialDataSupplier","withInMemoryCNonceState","withInMemoryCredentialOfferState","withInMemoryCredentialOfferURIState","createVciIssuer","build","createAuthRequestUriCallback","authRequestUriCallback","path","replace","presentationDefinitionId","fetch","headers","then","response","text","responseData","json","authRequestURI","createVerifyAuthResponseCallback","verifyAuthResponseCallback","correlationId","body","JSON","stringify","definitionId","AuthorizationResponseStateStatus","VERIFIED","IssuerInstance","_issuer","_metadataOptions","_issuerOptions","_issuerMetadata","_authorizationServerMetadata","issuerOpts","metadataOpts","issuerMetadata","authorizationServerMetadata","get","opts","builder","createVciIssuerBuilder","issuerOptions","credentialDataSupplier","context","build","metadataOptions","value","OID4VCIIssuer","_DEFAULT_OPTS_KEY","instances","Map","schema","IDidAuthSiopOpAuthenticator","methods","oid4vciCreateOfferURI","bind","oid4vciIssueCredential","oid4vciCreateAccessTokenResponse","oid4vciGetInstance","_opts","opts","createArgs","context","then","instance","get","issuer","createCredentialOfferURI","response","result","returnSessions","session","issueArgs","issueCredential","accessTokenArgs","assertValidAccessTokenRequest","request","credentialOfferSessions","expirationDuration","accessTokenIssuer","issuerOptions","idOpts","didOpts","identifier","toString","Promise","reject","Error","createAccessTokenResponse","tokenExpiresIn","cNonceExpiresIn","cNonces","accessTokenSignerCallback","getAccessTokenSignerCallback","getExternalAS","issuerMetadata","Array","isArray","authorization_servers","find","as","credential_issuer","undefined","createIssuerInstance","args","credentialIssuer","metadataOpts","getMetadataOpts","getIssuerMetadata","externalAS","asMetadataResponse","retrieveWellknown","WellKnownEndpoints","OPENID_CONFIGURATION","errorOnNotFound","OAUTH_AS","authorizationServerMetadata","successBody","getAuthorizationServerMetadataFromStore","issuerOpts","getIssuerOptsFromStore","resolveOpts","resolver","getAgentResolver","set","IssuerInstance","has","storeId","namespace","options","agent","oid4vciStoreGetIssuerOpts","metadataType","correlationId","storeNamespace","metadata","oid4vciStoreGetMetadata","defaultStoreId","oid4vciStoreDefaultStoreId","defaultNamespace","oid4vciStoreDefaultNamespace","schema","require"]}
package/dist/index.d.cts CHANGED
@@ -1,5 +1,5 @@
1
1
  import { IPluginMethodMap, IAgentContext, IDIDManager, IResolver, IKeyManager, ICredentialIssuer, IAgentPlugin } from '@veramo/core';
2
- import { CredentialDataSupplier, VcIssuer, CredentialSignerCallback, VcIssuerBuilder } from '@sphereon/oid4vci-issuer';
2
+ import { IssuerCorrelation, CredentialDataSupplier, VcIssuer, CredentialSignerCallback, VcIssuerBuilder } from '@sphereon/oid4vci-issuer';
3
3
  import { Grant, CredentialConfigurationSupported, JsonLdIssuerCredentialDefinition, CredentialDataSupplierInput, QRCodeOpts, StatusListOpts, CredentialOfferMode, CredentialOfferSession, CredentialRequest, CredentialResponse, AccessTokenRequest, AccessTokenResponse, ClientMetadata, CredentialIssuerMetadataOpts, IssuerMetadata, AuthorizationServerMetadata, JwtVerifyResult, Jwt } from '@sphereon/oid4vci-common';
4
4
  import { ResolveOpts, IDIDOptions } from '@sphereon/ssi-sdk-ext.did-utils';
5
5
  import * as _sphereon_ssi_sdk_ext_identifier_resolution from '@sphereon/ssi-sdk-ext.identifier-resolution';
@@ -42,6 +42,7 @@ interface ICreateOfferArgs extends IIssuerInstanceArgs {
42
42
  }
43
43
  interface IIssueCredentialArgs extends IIssuerInstanceArgs {
44
44
  credentialRequest: CredentialRequest;
45
+ issuerCorrelation: IssuerCorrelation;
45
46
  credential?: ICredential;
46
47
  credentialDataSupplier?: CredentialDataSupplier;
47
48
  credentialDataSupplierInput?: CredentialDataSupplierInput;
@@ -72,6 +73,7 @@ interface IIssuerOptions {
72
73
  */
73
74
  didOpts?: IDIDOptions;
74
75
  userPinRequired?: boolean;
76
+ nonceEndpoint?: string;
75
77
  cNonceExpiresIn?: number;
76
78
  /**
77
79
  * Used in the callbacks for the first party flow
package/dist/index.d.ts CHANGED
@@ -1,5 +1,5 @@
1
1
  import { IPluginMethodMap, IAgentContext, IDIDManager, IResolver, IKeyManager, ICredentialIssuer, IAgentPlugin } from '@veramo/core';
2
- import { CredentialDataSupplier, VcIssuer, CredentialSignerCallback, VcIssuerBuilder } from '@sphereon/oid4vci-issuer';
2
+ import { IssuerCorrelation, CredentialDataSupplier, VcIssuer, CredentialSignerCallback, VcIssuerBuilder } from '@sphereon/oid4vci-issuer';
3
3
  import { Grant, CredentialConfigurationSupported, JsonLdIssuerCredentialDefinition, CredentialDataSupplierInput, QRCodeOpts, StatusListOpts, CredentialOfferMode, CredentialOfferSession, CredentialRequest, CredentialResponse, AccessTokenRequest, AccessTokenResponse, ClientMetadata, CredentialIssuerMetadataOpts, IssuerMetadata, AuthorizationServerMetadata, JwtVerifyResult, Jwt } from '@sphereon/oid4vci-common';
4
4
  import { ResolveOpts, IDIDOptions } from '@sphereon/ssi-sdk-ext.did-utils';
5
5
  import * as _sphereon_ssi_sdk_ext_identifier_resolution from '@sphereon/ssi-sdk-ext.identifier-resolution';
@@ -42,6 +42,7 @@ interface ICreateOfferArgs extends IIssuerInstanceArgs {
42
42
  }
43
43
  interface IIssueCredentialArgs extends IIssuerInstanceArgs {
44
44
  credentialRequest: CredentialRequest;
45
+ issuerCorrelation: IssuerCorrelation;
45
46
  credential?: ICredential;
46
47
  credentialDataSupplier?: CredentialDataSupplier;
47
48
  credentialDataSupplierInput?: CredentialDataSupplierInput;
@@ -72,6 +73,7 @@ interface IIssuerOptions {
72
73
  */
73
74
  didOpts?: IDIDOptions;
74
75
  userPinRequired?: boolean;
76
+ nonceEndpoint?: string;
75
77
  cNonceExpiresIn?: number;
76
78
  /**
77
79
  * Used in the callbacks for the first party flow
package/dist/index.js CHANGED
@@ -347,16 +347,16 @@ import { retrieveWellknown } from "@sphereon/oid4vci-client";
347
347
  import { getAgentResolver as getAgentResolver2 } from "@sphereon/ssi-sdk-ext.did-utils";
348
348
 
349
349
  // src/functions.ts
350
+ import { AuthorizationResponseStateStatus } from "@sphereon/did-auth-siop";
350
351
  import { VcIssuerBuilder } from "@sphereon/oid4vci-issuer";
351
352
  import { getAgentResolver } from "@sphereon/ssi-sdk-ext.did-utils";
352
353
  import { legacyKeyRefsToIdentifierOpts } from "@sphereon/ssi-sdk-ext.identifier-resolution";
353
354
  import { contextHasPlugin } from "@sphereon/ssi-sdk.agent-config";
354
355
  import { CredentialMapper } from "@sphereon/ssi-types";
355
356
  import { bytesToBase64 } from "@veramo/utils";
357
+ import fetch from "cross-fetch";
356
358
  import { createJWT, decodeJWT, verifyJWT } from "did-jwt";
357
359
  import { jwtDecode } from "jwt-decode";
358
- import fetch from "cross-fetch";
359
- import { AuthorizationResponseStateStatus } from "@sphereon/did-auth-siop";
360
360
  function getJwtVerifyCallback({ verifyOpts }, _context) {
361
361
  return async (args) => {
362
362
  const resolver = getAgentResolver(_context, {
@@ -606,6 +606,11 @@ async function createVciIssuerBuilder(args, context) {
606
606
  builder.withIssuerMetadata(issuerMetadata);
607
607
  builder.withAuthorizationMetadata(authorizationServerMetadata);
608
608
  builder.withCredentialSignerCallback(await getCredentialSignerCallback(idOpts, context));
609
+ if (issuerOpts.nonceEndpoint) {
610
+ builder.withNonceEndpoint(issuerOpts.nonceEndpoint);
611
+ } else if (issuerMetadata.nonce_endpoint) {
612
+ builder.withNonceEndpoint(issuerOpts.nonceEndpoint ?? issuerMetadata.nonce_endpoint);
613
+ }
609
614
  if (issuerOpts.asClientOpts) {
610
615
  builder.withASClientMetadata(issuerOpts.asClientOpts);
611
616
  }
package/dist/index.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"sources":["../plugin.schema.json","../src/agent/OID4VCIIssuer.ts","../src/functions.ts","../src/IssuerInstance.ts","../src/index.ts"],"sourcesContent":["{\n \"IDidAuthSiopOpAuthenticator\": {\n \"components\": {\n \"schemas\": {\n \"IGetSiopSessionArgs\": {\n \"type\": \"object\",\n \"properties\": {\n \"sessionId\": {\n \"type\": \"string\"\n },\n \"additionalProperties\": false\n },\n \"required\": [\"sessionId\"],\n \"description\": \"Arguments needed for {@link DidAuthSiopOpAuthenticator.getSessionForSiop } \"\n },\n \"IRegisterSiopSessionArgs\": {\n \"type\": \"object\",\n \"properties\": {\n \"identifier\": {\n \"type\": \"object\",\n \"properties\": {\n \"did\": {\n \"type\": \"string\"\n },\n \"alias\": {\n \"type\": \"string\"\n },\n \"provider\": {\n \"type\": \"string\"\n },\n \"controllerKeyId\": {\n \"type\": \"string\"\n },\n \"keys\": {\n \"type\": \"array\",\n \"items\": {\n \"type\": \"object\",\n \"properties\": {\n \"additionalProperties\": true\n }\n }\n },\n \"services\": {\n \"type\": \"array\",\n \"items\": {\n \"type\": \"object\",\n \"properties\": {\n \"additionalProperties\": true\n }\n }\n }\n },\n \"additionalProperties\": false,\n \"required\": [\"did\", \"provider\", \"keys\", \"services\"]\n },\n \"sessionId\": {\n \"type\": \"string\"\n },\n \"expiresIn\": {\n \"type\": \"number\"\n },\n \"additionalProperties\": false\n },\n \"required\": [\"identifier\"],\n \"description\": \"Arguments needed for {@link DidAuthSiopOpAuthenticator.registerSessionForSiop } \"\n },\n \"IRemoveSiopSessionArgs\": {\n \"type\": \"object\",\n \"properties\": {\n \"sessionId\": {\n \"type\": \"string\"\n },\n \"additionalProperties\": false\n },\n \"required\": [\"sessionId\"],\n \"description\": \"Arguments needed for {@link DidAuthSiopOpAuthenticator.removeSessionForSiop } \"\n },\n \"IAuthenticateWithSiopArgs\": {\n \"type\": \"object\",\n \"properties\": {\n \"sessionId\": {\n \"type\": \"string\"\n },\n \"stateId\": {\n \"type\": \"string\"\n },\n \"redirectUrl\": {\n \"type\": \"string\"\n },\n \"additionalProperties\": false\n },\n \"required\": [\"sessionId\", \"stateId\", \"redirectUrl\"],\n \"description\": \"Arguments needed for {@link DidAuthSiopOpAuthenticator.authenticateWithSiop } \"\n },\n \"IResponse\": {\n \"type\": \"object\",\n \"properties\": {\n \"status\": {\n \"type\": \"number\"\n },\n \"additionalProperties\": true\n },\n \"required\": [\"status\"],\n \"description\": \"Result of {@link DidAuthSiopOpAuthenticator.authenticateWithSiop & DidAuthSiopOpAuthenticator.sendSiopAuthenticationResponse } \"\n },\n \"IGetSiopAuthenticationRequestFromRpArgs\": {\n \"type\": \"object\",\n \"properties\": {\n \"sessionId\": {\n \"type\": \"string\"\n },\n \"stateId\": {\n \"type\": \"string\"\n },\n \"redirectUrl\": {\n \"type\": \"string\"\n },\n \"additionalProperties\": false\n },\n \"required\": [\"sessionId\", \"stateId\", \"redirectUrl\"],\n \"description\": \"Arguments needed for {@link DidAuthSiopOpAuthenticator.getSiopAuthenticationRequestFromRP } \"\n },\n \"ParsedAuthenticationRequestURI\": {\n \"type\": \"object\",\n \"properties\": {\n \"jwt\": {\n \"type\": \"string\"\n },\n \"requestPayload\": {\n \"type\": \"object\",\n \"properties\": {\n \"additionalProperties\": true\n }\n },\n \"registration\": {\n \"type\": \"object\",\n \"properties\": {\n \"additionalProperties\": true\n }\n },\n \"additionalProperties\": false\n },\n \"required\": [\"jwt\", \"requestPayload\", \"registration\"],\n \"description\": \"Result of {@link DidAuthSiopOpAuthenticator.getSiopAuthenticationRequestFromRP } \"\n },\n \"IGetSiopAuthenticationRequestDetailsArgs\": {\n \"type\": \"object\",\n \"properties\": {\n \"sessionId\": {\n \"type\": \"string\"\n },\n \"verifiedAuthenticationRequest\": {\n \"type\": \"object\",\n \"properties\": {\n \"additionalProperties\": true\n }\n },\n \"credentialFilter\": {\n \"type\": \"object\",\n \"properties\": {\n \"additionalProperties\": true\n }\n },\n \"additionalProperties\": false\n },\n \"required\": [\"sessionId\", \"verifiedAuthenticationRequest\"],\n \"description\": \"Arguments needed for {@link DidAuthSiopOpAuthenticator.getSiopAuthenticationRequestDetails } \"\n },\n \"IAuthRequestDetails\": {\n \"type\": \"object\",\n \"properties\": {\n \"id\": {\n \"type\": \"string\"\n },\n \"alsoKnownAs\": {\n \"type\": \"array\",\n \"items\": {\n \"type\": \"string\"\n }\n },\n \"vpResponseOpts\": {\n \"type\": \"object\",\n \"properties\": {\n \"additionalProperties\": true\n }\n },\n \"additionalProperties\": false\n },\n \"required\": [\"id\", \"vpResponseOpts\"],\n \"description\": \"Result of {@link DidAuthSiopOpAuthenticator.getSiopAuthenticationRequestDetails } \"\n },\n \"IVerifySiopAuthenticationRequestUriArgs\": {\n \"type\": \"object\",\n \"properties\": {\n \"sessionId\": {\n \"type\": \"string\"\n },\n \"ParsedAuthenticationRequestURI\": {\n \"type\": \"object\",\n \"properties\": {\n \"additionalProperties\": true\n }\n },\n \"additionalProperties\": false\n },\n \"required\": [\"sessionId\", \"ParsedAuthenticationRequestURI\"],\n \"description\": \"Arguments needed for {@link DidAuthSiopOpAuthenticator.verifySiopAuthenticationRequestURI } \"\n },\n \"VerifiedAuthorizationRequest\": {\n \"type\": \"object\",\n \"properties\": {\n \"payload\": {\n \"type\": \"object\",\n \"properties\": {\n \"additionalProperties\": true\n }\n },\n \"presentationDefinitions\": {\n \"type\": \"object\",\n \"properties\": {\n \"additionalProperties\": true\n }\n },\n \"verifyOpts\": {\n \"type\": \"object\",\n \"properties\": {\n \"additionalProperties\": true\n }\n },\n \"additionalProperties\": false\n },\n \"required\": [\"payload\", \"verifyOpts\"],\n \"description\": \"Result of {@link DidAuthSiopOpAuthenticator.verifySiopAuthenticationRequestURI } \"\n },\n \"ISendSiopAuthenticationResponseArgs\": {\n \"type\": \"object\",\n \"properties\": {\n \"sessionId\": {\n \"type\": \"string\"\n },\n \"verifiedAuthenticationRequest\": {\n \"type\": \"object\",\n \"properties\": {\n \"additionalProperties\": true\n }\n },\n \"verifiablePresentationResponse\": {\n \"type\": \"object\",\n \"properties\": {\n \"additionalProperties\": true\n }\n },\n \"additionalProperties\": false\n },\n \"required\": [\"sessionId\", \"verifiedAuthenticationRequest\"],\n \"description\": \"Arguments needed for {@link DidAuthSiopOpAuthenticator.sendSiopAuthenticationResponse } \"\n }\n },\n \"methods\": {\n \"getSessionForSiop\": {\n \"description\": \"Get SIOP session\",\n \"arguments\": {\n \"$ref\": \"#/components/schemas/IGetSiopSessionArgs\"\n },\n \"returnType\": \"object\"\n },\n \"registerSessionForSiop\": {\n \"description\": \"Register SIOP session\",\n \"arguments\": {\n \"$ref\": \"#/components/schemas/IRegisterSiopSessionArgs\"\n },\n \"returnType\": \"object\"\n },\n \"removeSessionForSiop\": {\n \"description\": \"Remove SIOP session\",\n \"arguments\": {\n \"$ref\": \"#/components/schemas/IRemoveSiopSessionArgs\"\n },\n \"returnType\": \"boolean\"\n },\n \"authenticateWithSiop\": {\n \"description\": \"Authenticate using DID Auth SIOP\",\n \"arguments\": {\n \"$ref\": \"#/components/schemas/IAuthenticateWithSiopArgs\"\n },\n \"returnType\": {\n \"$ref\": \"#/components/schemas/Response\"\n }\n },\n \"getSiopAuthenticationRequestFromRP\": {\n \"description\": \"Get authentication request from RP\",\n \"arguments\": {\n \"$ref\": \"#/components/schemas/IGetSiopAuthenticationRequestFromRpArgs\"\n },\n \"returnType\": {\n \"$ref\": \"#/components/schemas/ParsedAuthenticationRequestURI\"\n }\n },\n \"getSiopAuthenticationRequestDetails\": {\n \"description\": \"Get authentication request details\",\n \"arguments\": {\n \"$ref\": \"#/components/schemas/IGetSiopAuthenticationRequestDetailsArgs\"\n },\n \"returnType\": {\n \"$ref\": \"#/components/schemas/IAuthRequestDetails\"\n }\n },\n \"verifySiopAuthenticationRequestURI\": {\n \"description\": \"Verify authentication request URI\",\n \"arguments\": {\n \"$ref\": \"#/components/schemas/IVerifySiopAuthenticationRequestUriArgs\"\n },\n \"returnType\": {\n \"$ref\": \"#/components/schemas/VerifiedAuthorizationRequest\"\n }\n },\n \"sendSiopAuthenticationResponse\": {\n \"description\": \"Send authentication response\",\n \"arguments\": {\n \"$ref\": \"#/components/schemas/ISendSiopAuthenticationResponseArgs\"\n },\n \"returnType\": {\n \"$ref\": \"#/components/schemas/IRequiredContext\"\n }\n }\n }\n }\n }\n}\n","import {\n AccessTokenResponse,\n AuthorizationServerMetadata,\n CredentialResponse,\n IssuerMetadata,\n OpenIDResponse,\n WellKnownEndpoints,\n} from '@sphereon/oid4vci-common'\nimport { assertValidAccessTokenRequest, createAccessTokenResponse, VcIssuer } from '@sphereon/oid4vci-issuer'\nimport { retrieveWellknown } from '@sphereon/oid4vci-client'\nimport { getAgentResolver } from '@sphereon/ssi-sdk-ext.did-utils'\nimport { IMetadataOptions } from '@sphereon/ssi-sdk.oid4vci-issuer-store'\nimport { IAgentPlugin } from '@veramo/core'\nimport { getAccessTokenSignerCallback } from '../functions'\nimport {\n IAssertValidAccessTokenArgs,\n ICreateCredentialOfferURIResult,\n ICreateOfferArgs,\n IIssueCredentialArgs,\n IIssuerInstanceArgs,\n IIssuerOptions,\n IOID4VCIIssuerOpts,\n IRequiredContext,\n schema,\n} from '../index'\nimport { IssuerInstance } from '../IssuerInstance'\n\nimport { IOID4VCIIssuer } from '../types/IOID4VCIIssuer'\n\nexport class OID4VCIIssuer implements IAgentPlugin {\n private static readonly _DEFAULT_OPTS_KEY = '_default'\n private readonly instances: Map<string, IssuerInstance> = new Map()\n readonly schema = schema.IDidAuthSiopOpAuthenticator\n\n readonly methods: IOID4VCIIssuer = {\n oid4vciCreateOfferURI: this.oid4vciCreateOfferURI.bind(this),\n oid4vciIssueCredential: this.oid4vciIssueCredential.bind(this),\n oid4vciCreateAccessTokenResponse: this.oid4vciCreateAccessTokenResponse.bind(this),\n oid4vciGetInstance: this.oid4vciGetInstance.bind(this),\n }\n private _opts: IOID4VCIIssuerOpts\n\n constructor(opts?: IOID4VCIIssuerOpts) {\n this._opts = opts ?? {}\n }\n\n private async oid4vciCreateOfferURI(createArgs: ICreateOfferArgs, context: IRequiredContext): Promise<ICreateCredentialOfferURIResult> {\n return await this.oid4vciGetInstance(createArgs, context)\n .then((instance) => instance.get({ context }))\n .then((issuer: VcIssuer) =>\n issuer.createCredentialOfferURI(createArgs).then((response) => {\n const result: ICreateCredentialOfferURIResult = response\n if (this._opts.returnSessions === false) {\n delete result.session\n }\n return result\n }),\n )\n }\n\n private async oid4vciIssueCredential(issueArgs: IIssueCredentialArgs, context: IRequiredContext): Promise<CredentialResponse> {\n return await this.oid4vciGetInstance(issueArgs, context)\n .then((instance) => instance.get({ context }))\n .then((issuer: VcIssuer) => issuer.issueCredential(issueArgs))\n }\n\n private async oid4vciCreateAccessTokenResponse(\n accessTokenArgs: IAssertValidAccessTokenArgs,\n context: IRequiredContext,\n ): Promise<AccessTokenResponse> {\n return await this.oid4vciGetInstance(accessTokenArgs, context).then(async (instance) => {\n const issuer = await instance.get({ context })\n\n await assertValidAccessTokenRequest(accessTokenArgs.request, {\n credentialOfferSessions: issuer.credentialOfferSessions,\n expirationDuration: accessTokenArgs.expirationDuration,\n })\n const accessTokenIssuer = instance.issuerOptions.idOpts?.issuer ?? instance.issuerOptions.didOpts?.idOpts.identifier.toString() // last part is legacy\n if (!accessTokenIssuer) {\n return Promise.reject(Error(`Could not determine access token issuer`))\n }\n return createAccessTokenResponse(accessTokenArgs.request, {\n accessTokenIssuer,\n tokenExpiresIn: accessTokenArgs.expirationDuration,\n cNonceExpiresIn: accessTokenArgs.expirationDuration,\n cNonces: issuer.cNonces,\n credentialOfferSessions: issuer.credentialOfferSessions,\n accessTokenSignerCallback: await getAccessTokenSignerCallback(instance.issuerOptions, context),\n })\n })\n }\n\n private getExternalAS(issuerMetadata: IssuerMetadata): string | undefined {\n if ('authorization_servers' in issuerMetadata && Array.isArray(issuerMetadata.authorization_servers)) {\n return issuerMetadata.authorization_servers.find((as) => as !== issuerMetadata.credential_issuer)\n }\n return undefined\n }\n\n private async createIssuerInstance(args: IIssuerInstanceArgs, context: IRequiredContext): Promise<IssuerInstance> {\n const credentialIssuer = args.credentialIssuer ?? OID4VCIIssuer._DEFAULT_OPTS_KEY\n //todo: prob doesn't make sense as credentialIssuer is mandatory anyway\n\n const metadataOpts = await this.getMetadataOpts({ ...args, credentialIssuer }, context)\n const issuerMetadata = await this.getIssuerMetadata({ ...args, credentialIssuer }, context)\n const externalAS = this.getExternalAS(issuerMetadata)\n let asMetadataResponse: OpenIDResponse<AuthorizationServerMetadata> | undefined = undefined\n if (externalAS) {\n // Let's try OIDC first and then fallback to OAuth2\n asMetadataResponse = await retrieveWellknown(externalAS, WellKnownEndpoints.OPENID_CONFIGURATION, {\n errorOnNotFound: false,\n })\n if (!asMetadataResponse) {\n asMetadataResponse = await retrieveWellknown(externalAS, WellKnownEndpoints.OAUTH_AS, {\n errorOnNotFound: true,\n })\n }\n }\n const authorizationServerMetadata = asMetadataResponse?.successBody\n ? asMetadataResponse!.successBody\n : await this.getAuthorizationServerMetadataFromStore(\n {\n ...args,\n credentialIssuer,\n },\n context,\n )\n const issuerOpts = await this.getIssuerOptsFromStore({ ...args, credentialIssuer }, context)\n if (!issuerOpts.resolveOpts) {\n issuerOpts.resolveOpts = { ...issuerOpts.didOpts?.resolveOpts, ...this._opts.resolveOpts }\n }\n if (!issuerOpts.resolveOpts?.resolver) {\n issuerOpts.resolveOpts.resolver = getAgentResolver(context)\n }\n this.instances.set(\n credentialIssuer,\n new IssuerInstance({\n issuerOpts,\n metadataOpts,\n issuerMetadata,\n authorizationServerMetadata,\n }),\n )\n return this.oid4vciGetInstance(args, context)\n }\n\n public async oid4vciGetInstance(args: IIssuerInstanceArgs, context: IRequiredContext): Promise<IssuerInstance> {\n const credentialIssuer = args.credentialIssuer ?? OID4VCIIssuer._DEFAULT_OPTS_KEY\n //todo: prob doesn't make sense as credentialIssuer is mandatory anyway\n if (!this.instances.has(credentialIssuer)) {\n await this.createIssuerInstance(args, context)\n }\n return this.instances.get(credentialIssuer)!\n }\n\n private async getIssuerOptsFromStore(\n opts: {\n credentialIssuer: string\n storeId?: string\n namespace?: string\n },\n context: IRequiredContext,\n ): Promise<IIssuerOptions> {\n const credentialIssuer = opts.credentialIssuer\n const storeId = await this.storeId(opts, context)\n const namespace = await this.namespace(opts, context)\n const options = await context.agent.oid4vciStoreGetIssuerOpts({\n metadataType: 'issuer',\n correlationId: credentialIssuer,\n storeId,\n namespace,\n })\n if (!options) {\n throw Error(`Could not get specific nor default options for definition ${credentialIssuer}`)\n }\n return options\n }\n\n private async getMetadataOpts(\n opts: {\n credentialIssuer: string\n storeId?: string\n namespace?: string\n },\n context: IRequiredContext,\n ): Promise<IMetadataOptions> {\n const credentialIssuer = opts.credentialIssuer\n const storeId = await this.storeId(opts, context)\n const storeNamespace = await this.namespace(opts, context)\n return { credentialIssuer, storeId, storeNamespace }\n }\n\n private async getIssuerMetadata(\n opts: {\n credentialIssuer: string\n storeId?: string\n namespace?: string\n },\n context: IRequiredContext,\n ): Promise<IssuerMetadata> {\n const metadataOpts = await this.getMetadataOpts(opts, context)\n const metadata = (await context.agent.oid4vciStoreGetMetadata({\n metadataType: 'issuer',\n correlationId: metadataOpts.credentialIssuer,\n namespace: metadataOpts.storeNamespace,\n storeId: metadataOpts.storeId,\n })) as IssuerMetadata\n if (!metadata) {\n throw Error(`Issuer metadata not found for issuer ${opts.credentialIssuer}, namespace ${opts.namespace} and store ${opts.storeId}`)\n }\n return metadata\n }\n\n private async getAuthorizationServerMetadataFromStore(\n opts: {\n credentialIssuer: string\n storeId?: string\n namespace?: string\n },\n context: IRequiredContext,\n ): Promise<AuthorizationServerMetadata> {\n const metadataOpts = await this.getMetadataOpts(opts, context)\n const metadata = (await context.agent.oid4vciStoreGetMetadata({\n metadataType: 'authorizationServer',\n correlationId: metadataOpts.credentialIssuer,\n namespace: metadataOpts.storeNamespace,\n storeId: metadataOpts.storeId,\n })) as AuthorizationServerMetadata\n if (!metadata) {\n throw Error(\n `Authorization server ${opts.credentialIssuer} metadata not found for namespace ${metadataOpts.storeNamespace} and store ${metadataOpts.storeId}`,\n )\n }\n return metadata\n }\n\n private async storeId(opts?: { storeId?: string }, context?: IRequiredContext): Promise<string> {\n const storeId = opts?.storeId ?? this._opts?.defaultStoreId ?? (await context?.agent.oid4vciStoreDefaultStoreId())\n if (!storeId) {\n throw Error('Please provide a store id a default value, or provide the context for a global default store id')\n }\n return storeId\n }\n\n private async namespace(opts?: { namespace?: string }, context?: IRequiredContext): Promise<string> {\n const namespace = opts?.namespace ?? this._opts?.defaultNamespace ?? (await context?.agent.oid4vciStoreDefaultNamespace())\n if (!namespace) {\n throw Error('Please provide a namespace a default value, or provide the context for a global default namespace')\n }\n return namespace\n }\n}\n","import {\n AuthorizationServerMetadata,\n CredentialRequest,\n IssuerMetadata,\n Jwt,\n JWTHeader,\n JWTPayload,\n JwtVerifyResult,\n type OID4VCICredentialFormat,\n StatusListOpts,\n} from '@sphereon/oid4vci-common'\nimport { CredentialDataSupplier, CredentialIssuanceInput, CredentialSignerCallback, VcIssuer, VcIssuerBuilder } from '@sphereon/oid4vci-issuer'\nimport { getAgentResolver, IDIDOptions } from '@sphereon/ssi-sdk-ext.did-utils'\nimport { legacyKeyRefsToIdentifierOpts, ManagedIdentifierOptsOrResult } from '@sphereon/ssi-sdk-ext.identifier-resolution'\nimport { contextHasPlugin } from '@sphereon/ssi-sdk.agent-config'\nimport { SdJwtVcPayload } from '@sphereon/ssi-sdk.sd-jwt'\nimport { IStatusListPlugin } from '@sphereon/ssi-sdk.vc-status-list'\nimport { CompactSdJwtVc, CredentialMapper, ICredential, W3CVerifiableCredential } from '@sphereon/ssi-types'\nimport { CredentialPayload, ProofFormat } from '@veramo/core'\nimport { bytesToBase64 } from '@veramo/utils'\nimport { createJWT, decodeJWT, JWTVerifyOptions, verifyJWT } from 'did-jwt'\nimport { Resolvable } from 'did-resolver'\nimport { jwtDecode } from 'jwt-decode'\nimport { IIssuerOptions, IRequiredContext } from './types/IOID4VCIIssuer'\nimport fetch from 'cross-fetch'\nimport { AuthorizationResponseStateStatus } from '@sphereon/did-auth-siop'\n\nexport function getJwtVerifyCallback({ verifyOpts }: { verifyOpts?: JWTVerifyOptions }, _context: IRequiredContext) {\n return async (args: { jwt: string; kid?: string }): Promise<JwtVerifyResult> => {\n const resolver = getAgentResolver(_context, {\n resolverResolution: true,\n uniresolverResolution: true,\n localResolution: true,\n })\n verifyOpts = { ...verifyOpts, resolver: verifyOpts?.resolver } // Resolver separately as that is a function\n if (!verifyOpts?.resolver || typeof verifyOpts?.resolver?.resolve !== 'function') {\n verifyOpts.resolver = resolver\n }\n const result = await _context.agent.jwtVerifyJwsSignature({ jws: args.jwt })\n if (!result.error) {\n const identifier = result.jws.signatures[0].identifier\n if (!identifier) {\n return Promise.reject(Error('the jws did not contain a signature with an identifier'))\n }\n const jwkInfo = identifier.jwks[0]\n if (!jwkInfo) {\n return Promise.reject(Error(`the identifier of type ${identifier.method} is missing jwks (ExternalJwkInfo)`))\n }\n const { alg } = jwkInfo.jwk\n const header = jwtDecode<JWTHeader>(args.jwt, { header: true })\n const payload = jwtDecode<JWTPayload>(args.jwt, { header: false })\n const kid = args.kid ?? header.kid\n //const jwk = !kid ? jwkInfo.jwk : undefined // TODO double-check if this is correct\n const jwk = jwkInfo.jwk // FIXME workaround IATAB2B-57\n return {\n alg,\n ...identifier,\n jwt: { header, payload },\n ...(kid && { kid }),\n ...(jwk && { jwk }),\n } as JwtVerifyResult\n }\n\n const decodedJwt = (await decodeJWT(args.jwt)) as Jwt\n const kid = args.kid ?? decodedJwt.header.kid\n\n if (!kid || !kid.startsWith('did:')) {\n // No DID method present in header. We already performed the validation above. So return that\n return {\n alg: decodedJwt.header.alg,\n jwt: decodedJwt,\n } as JwtVerifyResult\n }\n const did = kid.split('#')[0]\n\n const didResult = await verifyJWT(args.jwt, verifyOpts)\n if (!didResult.verified) {\n console.log(`JWT invalid: ${args.jwt}`)\n throw Error('JWT did not verify successfully')\n }\n\n const didResolution = await resolver.resolve(did)\n if (!didResolution || !didResolution.didDocument) {\n throw Error(`Could not resolve did: ${did}, metadata: ${didResolution?.didResolutionMetadata}`)\n }\n\n const alg = decodedJwt.header.alg\n return {\n alg,\n kid,\n did,\n didDocument: didResolution.didDocument,\n jwt: decodedJwt,\n }\n }\n}\n\nexport async function getAccessTokenKeyRef(\n opts: {\n /**\n * Uniform identifier options\n */\n idOpts?: ManagedIdentifierOptsOrResult\n /**\n * @deprecated\n */\n iss?: string\n /**\n * @deprecated\n */\n keyRef?: string\n /**\n * @deprecated\n */\n didOpts?: IDIDOptions\n },\n context: IRequiredContext,\n) {\n let identifier = legacyKeyRefsToIdentifierOpts(opts)\n return await context.agent.identifierManagedGet(identifier)\n}\n\nexport async function getAccessTokenSignerCallback(\n opts: {\n /**\n * Uniform identifier options\n */\n idOpts?: ManagedIdentifierOptsOrResult\n /**\n * @deprecated\n */\n iss?: string\n /**\n * @deprecated\n */\n keyRef?: string\n /**\n * @deprecated\n */\n didOpts?: IDIDOptions\n },\n context: IRequiredContext,\n) {\n const signer = async (data: string | Uint8Array) => {\n let dataString, encoding: 'base64' | undefined\n\n const resolution = await legacyKeyRefsToIdentifierOpts(opts)\n const keyRef = resolution.kmsKeyRef\n if (!keyRef) {\n throw Error('Cannot sign access tokens without a key ref')\n }\n if (typeof data === 'string') {\n dataString = data\n encoding = undefined\n } else {\n dataString = bytesToBase64(data)\n encoding = 'base64'\n }\n return context.agent.keyManagerSign({ keyRef, data: dataString, encoding })\n }\n\n async function accessTokenSignerCallback(jwt: Jwt, kid?: string): Promise<string> {\n const issuer =\n opts.idOpts?.issuer ??\n (typeof opts.idOpts?.identifier === 'string' ? opts.idOpts.identifier : (opts.didOpts?.idOpts?.identifier?.toString() ?? opts?.iss))\n if (!issuer) {\n throw Error('No issuer configured for access tokens')\n }\n\n let kidHeader: string | undefined = jwt?.header?.kid ?? kid\n if (!kidHeader) {\n if (\n opts.idOpts?.method === 'did' ||\n opts.idOpts?.method === 'kid' ||\n (typeof opts.didOpts?.idOpts.identifier === 'string' && opts.didOpts?.idOpts?.identifier?.startsWith('did:'))\n ) {\n // @ts-ignore\n kidHeader = opts.idOpts?.kid ?? opts.didOpts?.idOpts?.kid ?? opts?.didOpts?.identifierOpts?.kid\n }\n }\n return await createJWT(jwt.payload, { signer, issuer }, { ...jwt.header, ...(kidHeader && { kid: kidHeader }), typ: 'JWT' })\n }\n\n return accessTokenSignerCallback\n}\n\nexport async function getCredentialSignerCallback(\n idOpts: ManagedIdentifierOptsOrResult & {\n crypto?: Crypto\n },\n context: IRequiredContext,\n): Promise<CredentialSignerCallback> {\n async function issueVCCallback(args: {\n credentialRequest: CredentialRequest\n credential: CredentialIssuanceInput\n jwtVerifyResult: JwtVerifyResult\n format?: OID4VCICredentialFormat\n statusLists?: Array<StatusListOpts>\n }): Promise<W3CVerifiableCredential | CompactSdJwtVc> {\n const { jwtVerifyResult, format, statusLists } = args\n const credential = args.credential as ICredential // TODO: SDJWT\n let proofFormat: ProofFormat\n\n const resolution = await context.agent.identifierManagedGet(idOpts)\n proofFormat = format?.includes('ld') ? 'lds' : 'jwt'\n const issuer = resolution.issuer ?? resolution.kmsKeyRef\n\n if (CredentialMapper.isW3cCredential(credential)) {\n if (!credential.issuer) {\n credential.issuer = { id: issuer }\n } else if (typeof credential.issuer === 'object' && !credential.issuer.id) {\n credential.issuer.id = issuer\n }\n const subjectIsArray = Array.isArray(credential.credentialSubject)\n let credentialSubjects = Array.isArray(credential.credentialSubject) ? credential.credentialSubject : [credential.credentialSubject]\n credentialSubjects = credentialSubjects.map((subject) => {\n if (!subject.id) {\n subject.id = jwtVerifyResult.did\n }\n return subject\n })\n credential.credentialSubject = subjectIsArray ? credentialSubjects : credentialSubjects[0]\n\n // TODO: We should extend the plugin capabilities of issuance so we do not have to tuck this into the sign callback\n if (contextHasPlugin<IStatusListPlugin>(context, 'slAddStatusToCredential')) {\n // Add status list if enabled (and when the input has a credentialStatus object (can be empty))\n const credentialStatusVC = await context.agent.slAddStatusToCredential({ credential, statusLists })\n if (credential.credentialStatus && !credential.credentialStatus.statusListCredential) {\n credential.credentialStatus = credentialStatusVC.credentialStatus\n // TODO update statusLists somehow?\n }\n }\n\n const result = await context.agent.createVerifiableCredential({\n credential: credential as CredentialPayload,\n proofFormat,\n removeOriginalFields: false,\n fetchRemoteContexts: true,\n domain: typeof credential.issuer === 'object' ? credential.issuer.id : credential.issuer,\n ...(resolution.kid && { header: { kid: resolution.kid } }),\n })\n return (proofFormat === 'jwt' && 'jwt' in result.proof ? result.proof.jwt : result) as W3CVerifiableCredential\n } else if (CredentialMapper.isSdJwtDecodedCredentialPayload(credential)) {\n const sdJwtPayload = credential as SdJwtVcPayload\n if (sdJwtPayload.iss === undefined) {\n sdJwtPayload.iss = issuer\n }\n if (sdJwtPayload.iat === undefined) {\n sdJwtPayload.iat = Math.floor(new Date().getTime() / 1000)\n }\n\n let disclosureFrame\n if ('disclosureFrame' in credential) {\n disclosureFrame = credential['disclosureFrame']\n delete credential['disclosureFrame']\n } else {\n disclosureFrame = {\n _sd: credential['_sd'],\n }\n }\n\n if (contextHasPlugin<IStatusListPlugin>(context, 'slAddStatusToSdJwtCredential')) {\n if ((sdJwtPayload.status && sdJwtPayload.status.status_list) || (statusLists && statusLists.length > 0)) {\n // Add status list if enabled (and when the input has a credentialStatus object (can be empty))\n const sdJwtPayloadWithStatus = await context.agent.slAddStatusToSdJwtCredential({ credential: sdJwtPayload, statusLists })\n if (sdJwtPayload.status?.status_list?.idx) {\n if (!sdJwtPayloadWithStatus.status || !sdJwtPayloadWithStatus.status.status_list) {\n // sdJwtPayload and sdJwtPayloadWithStatus is the same for now, but we should use the result anyway as this could be subject to change\n return Promise.reject(Error('slAddStatusToSdJwtCredential did not return a status_list'))\n }\n\n // Update statusListId & statusListIndex back to the credential session TODO SSISDK-4 This is not a clean way to do this.\n if (statusLists && statusLists.length > 0) {\n const statusList = statusLists[0]\n statusList.statusListId = sdJwtPayloadWithStatus.status.status_list.uri\n statusList.statusListIndex = sdJwtPayloadWithStatus.status.status_list.idx\n }\n sdJwtPayload.status.status_list.idx = sdJwtPayloadWithStatus.status.status_list.idx\n }\n }\n }\n\n const result = await context.agent.createSdJwtVc({\n credentialPayload: sdJwtPayload,\n disclosureFrame: disclosureFrame,\n resolution,\n })\n return result.credential\n } /*else if (CredentialMapper.isMsoMdocDecodedCredential(credential)) {\n TODO\n }*/\n return Promise.reject('VC issuance failed, an incorrect or unsupported credential was supplied')\n }\n\n return issueVCCallback\n}\n\nexport async function createVciIssuerBuilder(\n args: {\n issuerOpts: IIssuerOptions\n issuerMetadata: IssuerMetadata\n authorizationServerMetadata: AuthorizationServerMetadata\n resolver?: Resolvable\n credentialDataSupplier?: CredentialDataSupplier\n },\n context: IRequiredContext,\n): Promise<VcIssuerBuilder> {\n const { issuerOpts, issuerMetadata, authorizationServerMetadata } = args\n\n const builder = new VcIssuerBuilder()\n // @ts-ignore\n const resolver =\n args.resolver ??\n args?.issuerOpts?.didOpts?.resolveOpts?.resolver ??\n args.issuerOpts?.didOpts?.resolveOpts?.jwtVerifyOpts?.resolver ??\n getAgentResolver(context)\n if (!resolver) {\n throw Error('A Resolver is necessary to verify DID JWTs')\n }\n const idOpts = legacyKeyRefsToIdentifierOpts({ didOpts: issuerOpts.didOpts, idOpts: issuerOpts.idOpts })\n const jwtVerifyOpts: JWTVerifyOptions = {\n ...issuerOpts?.didOpts?.resolveOpts?.jwtVerifyOpts,\n ...args?.issuerOpts?.resolveOpts?.jwtVerifyOpts,\n resolver,\n audience: issuerMetadata.credential_issuer as string, // FIXME legacy version had {display: NameAndLocale | NameAndLocale[]} as credential_issuer\n }\n builder.withIssuerMetadata(issuerMetadata)\n builder.withAuthorizationMetadata(authorizationServerMetadata)\n // builder.withUserPinRequired(issuerOpts.userPinRequired ?? false) was removed from implementers draft v1\n builder.withCredentialSignerCallback(await getCredentialSignerCallback(idOpts, context))\n\n if (issuerOpts.asClientOpts) {\n builder.withASClientMetadata(issuerOpts.asClientOpts)\n // @ts-ignore\n // const authorizationServer = issuerMetadata.authorization_servers[0] as string\n // Set the OIDC verifier\n // builder.withJWTVerifyCallback(oidcAccessTokenVerifyCallback({clientMetadata: issuerOpts.asClientOpts, credentialIssuer: issuerMetadata.credential_issuer as string, authorizationServer}))\n }\n // Do not use it when asClient is used\n builder.withJWTVerifyCallback(getJwtVerifyCallback({ verifyOpts: jwtVerifyOpts }, context))\n\n if (args.credentialDataSupplier) {\n builder.withCredentialDataSupplier(args.credentialDataSupplier)\n }\n builder.withInMemoryCNonceState()\n builder.withInMemoryCredentialOfferState()\n builder.withInMemoryCredentialOfferURIState()\n\n return builder\n}\n\nexport async function createVciIssuer(\n {\n issuerOpts,\n issuerMetadata,\n authorizationServerMetadata,\n credentialDataSupplier,\n }: {\n issuerOpts: IIssuerOptions\n issuerMetadata: IssuerMetadata\n authorizationServerMetadata: AuthorizationServerMetadata\n credentialDataSupplier?: CredentialDataSupplier\n },\n context: IRequiredContext,\n): Promise<VcIssuer> {\n return (\n await createVciIssuerBuilder(\n {\n issuerOpts,\n issuerMetadata,\n authorizationServerMetadata,\n credentialDataSupplier,\n },\n context,\n )\n ).build()\n}\n\nexport async function createAuthRequestUriCallback(opts: { path: string; presentationDefinitionId: string }): Promise<() => Promise<string>> {\n async function authRequestUriCallback(): Promise<string> {\n const path = opts.path.replace(':definitionId', opts.presentationDefinitionId)\n return fetch(path, {\n method: 'POST',\n headers: {\n 'Content-Type': 'application/json',\n },\n }).then(async (response): Promise<string> => {\n if (response.status >= 400) {\n return Promise.reject(Error(await response.text()))\n } else {\n const responseData = await response.json()\n\n if (!responseData.authRequestURI) {\n return Promise.reject(Error('Missing auth request uri in response body'))\n }\n\n return responseData.authRequestURI\n }\n })\n }\n\n return authRequestUriCallback\n}\n\nexport async function createVerifyAuthResponseCallback(opts: {\n path: string\n presentationDefinitionId: string\n}): Promise<(correlationId: string) => Promise<boolean>> {\n async function verifyAuthResponseCallback(correlationId: string): Promise<boolean> {\n return fetch(opts.path, {\n method: 'POST',\n headers: {\n 'Content-Type': 'application/json',\n },\n body: JSON.stringify({ definitionId: opts.presentationDefinitionId, correlationId }),\n }).then(async (response): Promise<boolean> => {\n if (response.status >= 400) {\n return Promise.reject(Error(await response.text()))\n } else {\n const responseData = await response.json()\n\n if (!responseData.status) {\n return Promise.reject(Error('Missing status in response body'))\n }\n\n return responseData.status === AuthorizationResponseStateStatus.VERIFIED\n }\n })\n }\n\n return verifyAuthResponseCallback\n}\n","import { CredentialDataSupplier, VcIssuer } from '@sphereon/oid4vci-issuer'\nimport { createVciIssuerBuilder } from './functions'\nimport { AuthorizationServerMetadata, IssuerMetadata } from '@sphereon/oid4vci-common'\nimport { IIssuerOptions, IMetadataOptions, IRequiredContext } from './types/IOID4VCIIssuer'\n\nexport class IssuerInstance {\n private _issuer: VcIssuer | undefined\n private readonly _metadataOptions: IMetadataOptions\n private readonly _issuerOptions: IIssuerOptions\n private _issuerMetadata: IssuerMetadata\n private readonly _authorizationServerMetadata: AuthorizationServerMetadata\n\n public constructor({\n issuerOpts,\n metadataOpts,\n issuerMetadata,\n authorizationServerMetadata,\n }: {\n issuerOpts: IIssuerOptions\n metadataOpts: IMetadataOptions\n issuerMetadata: IssuerMetadata\n authorizationServerMetadata: AuthorizationServerMetadata\n }) {\n this._issuerOptions = issuerOpts\n this._metadataOptions = metadataOpts\n this._issuerMetadata = issuerMetadata\n this._authorizationServerMetadata = authorizationServerMetadata\n }\n\n public async get(opts: { context: IRequiredContext; credentialDataSupplier?: CredentialDataSupplier }): Promise<VcIssuer> {\n if (!this._issuer) {\n const builder = await createVciIssuerBuilder(\n {\n issuerOpts: this.issuerOptions,\n issuerMetadata: this.issuerMetadata,\n authorizationServerMetadata: this.authorizationServerMetadata,\n credentialDataSupplier: opts?.credentialDataSupplier,\n },\n opts.context,\n )\n this._issuer = builder.build()\n }\n return this._issuer\n }\n\n get issuerOptions() {\n return this._issuerOptions\n }\n\n get metadataOptions() {\n return this._metadataOptions\n }\n\n get issuerMetadata() {\n return this._issuerMetadata\n }\n\n set issuerMetadata(value: IssuerMetadata) {\n this._issuerMetadata = value\n }\n\n get authorizationServerMetadata() {\n return this._authorizationServerMetadata\n }\n}\n","/**\n * @public\n */\nconst schema = require('../plugin.schema.json')\nexport { schema }\nexport { OID4VCIIssuer } from './agent/OID4VCIIssuer'\nexport * from './functions'\nexport * from './IssuerInstance'\nexport * from './types/IOID4VCIIssuer'\n"],"mappings":";;;;;;;;AAAA;AAAA;AAAA;AAAA,MACE,6BAA+B;AAAA,QAC7B,YAAc;AAAA,UACZ,SAAW;AAAA,YACT,qBAAuB;AAAA,cACrB,MAAQ;AAAA,cACR,YAAc;AAAA,gBACZ,WAAa;AAAA,kBACX,MAAQ;AAAA,gBACV;AAAA,gBACA,sBAAwB;AAAA,cAC1B;AAAA,cACA,UAAY,CAAC,WAAW;AAAA,cACxB,aAAe;AAAA,YACjB;AAAA,YACA,0BAA4B;AAAA,cAC1B,MAAQ;AAAA,cACR,YAAc;AAAA,gBACZ,YAAc;AAAA,kBACZ,MAAQ;AAAA,kBACR,YAAc;AAAA,oBACZ,KAAO;AAAA,sBACL,MAAQ;AAAA,oBACV;AAAA,oBACA,OAAS;AAAA,sBACP,MAAQ;AAAA,oBACV;AAAA,oBACA,UAAY;AAAA,sBACV,MAAQ;AAAA,oBACV;AAAA,oBACA,iBAAmB;AAAA,sBACjB,MAAQ;AAAA,oBACV;AAAA,oBACA,MAAQ;AAAA,sBACN,MAAQ;AAAA,sBACR,OAAS;AAAA,wBACP,MAAQ;AAAA,wBACR,YAAc;AAAA,0BACZ,sBAAwB;AAAA,wBAC1B;AAAA,sBACF;AAAA,oBACF;AAAA,oBACA,UAAY;AAAA,sBACV,MAAQ;AAAA,sBACR,OAAS;AAAA,wBACP,MAAQ;AAAA,wBACR,YAAc;AAAA,0BACZ,sBAAwB;AAAA,wBAC1B;AAAA,sBACF;AAAA,oBACF;AAAA,kBACF;AAAA,kBACA,sBAAwB;AAAA,kBACxB,UAAY,CAAC,OAAO,YAAY,QAAQ,UAAU;AAAA,gBACpD;AAAA,gBACA,WAAa;AAAA,kBACX,MAAQ;AAAA,gBACV;AAAA,gBACA,WAAa;AAAA,kBACX,MAAQ;AAAA,gBACV;AAAA,gBACA,sBAAwB;AAAA,cAC1B;AAAA,cACA,UAAY,CAAC,YAAY;AAAA,cACzB,aAAe;AAAA,YACjB;AAAA,YACA,wBAA0B;AAAA,cACxB,MAAQ;AAAA,cACR,YAAc;AAAA,gBACZ,WAAa;AAAA,kBACX,MAAQ;AAAA,gBACV;AAAA,gBACA,sBAAwB;AAAA,cAC1B;AAAA,cACA,UAAY,CAAC,WAAW;AAAA,cACxB,aAAe;AAAA,YACjB;AAAA,YACA,2BAA6B;AAAA,cAC3B,MAAQ;AAAA,cACR,YAAc;AAAA,gBACZ,WAAa;AAAA,kBACX,MAAQ;AAAA,gBACV;AAAA,gBACA,SAAW;AAAA,kBACT,MAAQ;AAAA,gBACV;AAAA,gBACA,aAAe;AAAA,kBACb,MAAQ;AAAA,gBACV;AAAA,gBACA,sBAAwB;AAAA,cAC1B;AAAA,cACA,UAAY,CAAC,aAAa,WAAW,aAAa;AAAA,cAClD,aAAe;AAAA,YACjB;AAAA,YACA,WAAa;AAAA,cACX,MAAQ;AAAA,cACR,YAAc;AAAA,gBACZ,QAAU;AAAA,kBACR,MAAQ;AAAA,gBACV;AAAA,gBACA,sBAAwB;AAAA,cAC1B;AAAA,cACA,UAAY,CAAC,QAAQ;AAAA,cACrB,aAAe;AAAA,YACjB;AAAA,YACA,yCAA2C;AAAA,cACzC,MAAQ;AAAA,cACR,YAAc;AAAA,gBACZ,WAAa;AAAA,kBACX,MAAQ;AAAA,gBACV;AAAA,gBACA,SAAW;AAAA,kBACT,MAAQ;AAAA,gBACV;AAAA,gBACA,aAAe;AAAA,kBACb,MAAQ;AAAA,gBACV;AAAA,gBACA,sBAAwB;AAAA,cAC1B;AAAA,cACA,UAAY,CAAC,aAAa,WAAW,aAAa;AAAA,cAClD,aAAe;AAAA,YACjB;AAAA,YACA,gCAAkC;AAAA,cAChC,MAAQ;AAAA,cACR,YAAc;AAAA,gBACZ,KAAO;AAAA,kBACL,MAAQ;AAAA,gBACV;AAAA,gBACA,gBAAkB;AAAA,kBAChB,MAAQ;AAAA,kBACR,YAAc;AAAA,oBACZ,sBAAwB;AAAA,kBAC1B;AAAA,gBACF;AAAA,gBACA,cAAgB;AAAA,kBACd,MAAQ;AAAA,kBACR,YAAc;AAAA,oBACZ,sBAAwB;AAAA,kBAC1B;AAAA,gBACF;AAAA,gBACA,sBAAwB;AAAA,cAC1B;AAAA,cACA,UAAY,CAAC,OAAO,kBAAkB,cAAc;AAAA,cACpD,aAAe;AAAA,YACjB;AAAA,YACA,0CAA4C;AAAA,cAC1C,MAAQ;AAAA,cACR,YAAc;AAAA,gBACZ,WAAa;AAAA,kBACX,MAAQ;AAAA,gBACV;AAAA,gBACA,+BAAiC;AAAA,kBAC/B,MAAQ;AAAA,kBACR,YAAc;AAAA,oBACZ,sBAAwB;AAAA,kBAC1B;AAAA,gBACF;AAAA,gBACA,kBAAoB;AAAA,kBAClB,MAAQ;AAAA,kBACR,YAAc;AAAA,oBACZ,sBAAwB;AAAA,kBAC1B;AAAA,gBACF;AAAA,gBACA,sBAAwB;AAAA,cAC1B;AAAA,cACA,UAAY,CAAC,aAAa,+BAA+B;AAAA,cACzD,aAAe;AAAA,YACjB;AAAA,YACA,qBAAuB;AAAA,cACrB,MAAQ;AAAA,cACR,YAAc;AAAA,gBACZ,IAAM;AAAA,kBACJ,MAAQ;AAAA,gBACV;AAAA,gBACA,aAAe;AAAA,kBACb,MAAQ;AAAA,kBACR,OAAS;AAAA,oBACP,MAAQ;AAAA,kBACV;AAAA,gBACF;AAAA,gBACA,gBAAkB;AAAA,kBAChB,MAAQ;AAAA,kBACR,YAAc;AAAA,oBACZ,sBAAwB;AAAA,kBAC1B;AAAA,gBACF;AAAA,gBACA,sBAAwB;AAAA,cAC1B;AAAA,cACA,UAAY,CAAC,MAAM,gBAAgB;AAAA,cACnC,aAAe;AAAA,YACjB;AAAA,YACA,yCAA2C;AAAA,cACzC,MAAQ;AAAA,cACR,YAAc;AAAA,gBACZ,WAAa;AAAA,kBACX,MAAQ;AAAA,gBACV;AAAA,gBACA,gCAAkC;AAAA,kBAChC,MAAQ;AAAA,kBACR,YAAc;AAAA,oBACZ,sBAAwB;AAAA,kBAC1B;AAAA,gBACF;AAAA,gBACA,sBAAwB;AAAA,cAC1B;AAAA,cACA,UAAY,CAAC,aAAa,gCAAgC;AAAA,cAC1D,aAAe;AAAA,YACjB;AAAA,YACA,8BAAgC;AAAA,cAC9B,MAAQ;AAAA,cACR,YAAc;AAAA,gBACZ,SAAW;AAAA,kBACT,MAAQ;AAAA,kBACR,YAAc;AAAA,oBACZ,sBAAwB;AAAA,kBAC1B;AAAA,gBACF;AAAA,gBACA,yBAA2B;AAAA,kBACzB,MAAQ;AAAA,kBACR,YAAc;AAAA,oBACZ,sBAAwB;AAAA,kBAC1B;AAAA,gBACF;AAAA,gBACA,YAAc;AAAA,kBACZ,MAAQ;AAAA,kBACR,YAAc;AAAA,oBACZ,sBAAwB;AAAA,kBAC1B;AAAA,gBACF;AAAA,gBACA,sBAAwB;AAAA,cAC1B;AAAA,cACA,UAAY,CAAC,WAAW,YAAY;AAAA,cACpC,aAAe;AAAA,YACjB;AAAA,YACA,qCAAuC;AAAA,cACrC,MAAQ;AAAA,cACR,YAAc;AAAA,gBACZ,WAAa;AAAA,kBACX,MAAQ;AAAA,gBACV;AAAA,gBACA,+BAAiC;AAAA,kBAC/B,MAAQ;AAAA,kBACR,YAAc;AAAA,oBACZ,sBAAwB;AAAA,kBAC1B;AAAA,gBACF;AAAA,gBACA,gCAAkC;AAAA,kBAChC,MAAQ;AAAA,kBACR,YAAc;AAAA,oBACZ,sBAAwB;AAAA,kBAC1B;AAAA,gBACF;AAAA,gBACA,sBAAwB;AAAA,cAC1B;AAAA,cACA,UAAY,CAAC,aAAa,+BAA+B;AAAA,cACzD,aAAe;AAAA,YACjB;AAAA,UACF;AAAA,UACA,SAAW;AAAA,YACT,mBAAqB;AAAA,cACnB,aAAe;AAAA,cACf,WAAa;AAAA,gBACX,MAAQ;AAAA,cACV;AAAA,cACA,YAAc;AAAA,YAChB;AAAA,YACA,wBAA0B;AAAA,cACxB,aAAe;AAAA,cACf,WAAa;AAAA,gBACX,MAAQ;AAAA,cACV;AAAA,cACA,YAAc;AAAA,YAChB;AAAA,YACA,sBAAwB;AAAA,cACtB,aAAe;AAAA,cACf,WAAa;AAAA,gBACX,MAAQ;AAAA,cACV;AAAA,cACA,YAAc;AAAA,YAChB;AAAA,YACA,sBAAwB;AAAA,cACtB,aAAe;AAAA,cACf,WAAa;AAAA,gBACX,MAAQ;AAAA,cACV;AAAA,cACA,YAAc;AAAA,gBACZ,MAAQ;AAAA,cACV;AAAA,YACF;AAAA,YACA,oCAAsC;AAAA,cACpC,aAAe;AAAA,cACf,WAAa;AAAA,gBACX,MAAQ;AAAA,cACV;AAAA,cACA,YAAc;AAAA,gBACZ,MAAQ;AAAA,cACV;AAAA,YACF;AAAA,YACA,qCAAuC;AAAA,cACrC,aAAe;AAAA,cACf,WAAa;AAAA,gBACX,MAAQ;AAAA,cACV;AAAA,cACA,YAAc;AAAA,gBACZ,MAAQ;AAAA,cACV;AAAA,YACF;AAAA,YACA,oCAAsC;AAAA,cACpC,aAAe;AAAA,cACf,WAAa;AAAA,gBACX,MAAQ;AAAA,cACV;AAAA,cACA,YAAc;AAAA,gBACZ,MAAQ;AAAA,cACV;AAAA,YACF;AAAA,YACA,gCAAkC;AAAA,cAChC,aAAe;AAAA,cACf,WAAa;AAAA,gBACX,MAAQ;AAAA,cACV;AAAA,cACA,YAAc;AAAA,gBACZ,MAAQ;AAAA,cACV;AAAA,YACF;AAAA,UACF;AAAA,QACF;AAAA,MACF;AAAA,IACF;AAAA;AAAA;;;ACxUA,SAMEA,0BACK;AACP,SAASC,+BAA+BC,iCAA2C;AACnF,SAASC,yBAAyB;AAClC,SAASC,oBAAAA,yBAAwB;;;ACCjC,SAA8FC,uBAAuB;AACrH,SAASC,wBAAqC;AAC9C,SAASC,qCAAoE;AAC7E,SAASC,wBAAwB;AAGjC,SAAyBC,wBAA8D;AAEvF,SAASC,qBAAqB;AAC9B,SAASC,WAAWC,WAA6BC,iBAAiB;AAElE,SAASC,iBAAiB;AAE1B,OAAOC,WAAW;AAClB,SAASC,wCAAwC;AAE1C,SAASC,qBAAqB,EAAEC,WAAU,GAAuCC,UAA0B;AAChH,SAAO,OAAOC,SAAAA;AACZ,UAAMC,WAAWC,iBAAiBH,UAAU;MAC1CI,oBAAoB;MACpBC,uBAAuB;MACvBC,iBAAiB;IACnB,CAAA;AACAP,iBAAa;MAAE,GAAGA;MAAYG,UAAUH,YAAYG;IAAS;AAC7D,QAAI,CAACH,YAAYG,YAAY,OAAOH,YAAYG,UAAUK,YAAY,YAAY;AAChFR,iBAAWG,WAAWA;IACxB;AACA,UAAMM,SAAS,MAAMR,SAASS,MAAMC,sBAAsB;MAAEC,KAAKV,KAAKW;IAAI,CAAA;AAC1E,QAAI,CAACJ,OAAOK,OAAO;AACjB,YAAMC,aAAaN,OAAOG,IAAII,WAAW,CAAA,EAAGD;AAC5C,UAAI,CAACA,YAAY;AACf,eAAOE,QAAQC,OAAOC,MAAM,wDAAA,CAAA;MAC9B;AACA,YAAMC,UAAUL,WAAWM,KAAK,CAAA;AAChC,UAAI,CAACD,SAAS;AACZ,eAAOH,QAAQC,OAAOC,MAAM,0BAA0BJ,WAAWO,MAAM,oCAAoC,CAAA;MAC7G;AACA,YAAM,EAAEC,KAAAA,KAAG,IAAKH,QAAQI;AACxB,YAAMC,SAASC,UAAqBxB,KAAKW,KAAK;QAAEY,QAAQ;MAAK,CAAA;AAC7D,YAAME,UAAUD,UAAsBxB,KAAKW,KAAK;QAAEY,QAAQ;MAAM,CAAA;AAChE,YAAMG,OAAM1B,KAAK0B,OAAOH,OAAOG;AAE/B,YAAMJ,MAAMJ,QAAQI;AACpB,aAAO;QACLD,KAAAA;QACA,GAAGR;QACHF,KAAK;UAAEY;UAAQE;QAAQ;QACvB,GAAIC,QAAO;UAAEA,KAAAA;QAAI;QACjB,GAAIJ,OAAO;UAAEA;QAAI;MACnB;IACF;AAEA,UAAMK,aAAc,MAAMC,UAAU5B,KAAKW,GAAG;AAC5C,UAAMe,MAAM1B,KAAK0B,OAAOC,WAAWJ,OAAOG;AAE1C,QAAI,CAACA,OAAO,CAACA,IAAIG,WAAW,MAAA,GAAS;AAEnC,aAAO;QACLR,KAAKM,WAAWJ,OAAOF;QACvBV,KAAKgB;MACP;IACF;AACA,UAAMG,MAAMJ,IAAIK,MAAM,GAAA,EAAK,CAAA;AAE3B,UAAMC,YAAY,MAAMC,UAAUjC,KAAKW,KAAKb,UAAAA;AAC5C,QAAI,CAACkC,UAAUE,UAAU;AACvBC,cAAQC,IAAI,gBAAgBpC,KAAKW,GAAG,EAAE;AACtC,YAAMM,MAAM,iCAAA;IACd;AAEA,UAAMoB,gBAAgB,MAAMpC,SAASK,QAAQwB,GAAAA;AAC7C,QAAI,CAACO,iBAAiB,CAACA,cAAcC,aAAa;AAChD,YAAMrB,MAAM,0BAA0Ba,GAAAA,eAAkBO,eAAeE,qBAAAA,EAAuB;IAChG;AAEA,UAAMlB,MAAMM,WAAWJ,OAAOF;AAC9B,WAAO;MACLA;MACAK;MACAI;MACAQ,aAAaD,cAAcC;MAC3B3B,KAAKgB;IACP;EACF;AACF;AApEgB9B;AAsEhB,eAAsB2C,qBACpBC,MAkBAC,SAAyB;AAEzB,MAAI7B,aAAa8B,8BAA8BF,IAAAA;AAC/C,SAAO,MAAMC,QAAQlC,MAAMoC,qBAAqB/B,UAAAA;AAClD;AAvBsB2B;AAyBtB,eAAsBK,6BACpBJ,MAkBAC,SAAyB;AAEzB,QAAMI,SAAS,8BAAOC,SAAAA;AACpB,QAAIC,YAAYC;AAEhB,UAAMC,aAAa,MAAMP,8BAA8BF,IAAAA;AACvD,UAAMU,SAASD,WAAWE;AAC1B,QAAI,CAACD,QAAQ;AACX,YAAMlC,MAAM,6CAAA;IACd;AACA,QAAI,OAAO8B,SAAS,UAAU;AAC5BC,mBAAaD;AACbE,iBAAWI;IACb,OAAO;AACLL,mBAAaM,cAAcP,IAAAA;AAC3BE,iBAAW;IACb;AACA,WAAOP,QAAQlC,MAAM+C,eAAe;MAAEJ;MAAQJ,MAAMC;MAAYC;IAAS,CAAA;EAC3E,GAhBe;AAkBf,iBAAeO,0BAA0B7C,KAAUe,KAAY;AAC7D,UAAM+B,SACJhB,KAAKiB,QAAQD,WACZ,OAAOhB,KAAKiB,QAAQ7C,eAAe,WAAW4B,KAAKiB,OAAO7C,aAAc4B,KAAKkB,SAASD,QAAQ7C,YAAY+C,SAAAA,KAAcnB,MAAMoB;AACjI,QAAI,CAACJ,QAAQ;AACX,YAAMxC,MAAM,wCAAA;IACd;AAEA,QAAI6C,YAAgCnD,KAAKY,QAAQG,OAAOA;AACxD,QAAI,CAACoC,WAAW;AACd,UACErB,KAAKiB,QAAQtC,WAAW,SACxBqB,KAAKiB,QAAQtC,WAAW,SACvB,OAAOqB,KAAKkB,SAASD,OAAO7C,eAAe,YAAY4B,KAAKkB,SAASD,QAAQ7C,YAAYgB,WAAW,MAAA,GACrG;AAEAiC,oBAAYrB,KAAKiB,QAAQhC,OAAOe,KAAKkB,SAASD,QAAQhC,OAAOe,MAAMkB,SAASI,gBAAgBrC;MAC9F;IACF;AACA,WAAO,MAAMsC,UAAUrD,IAAIc,SAAS;MAAEqB;MAAQW;IAAO,GAAG;MAAE,GAAG9C,IAAIY;MAAQ,GAAIuC,aAAa;QAAEpC,KAAKoC;MAAU;MAAIG,KAAK;IAAM,CAAA;EAC5H;AApBeT;AAsBf,SAAOA;AACT;AA9DsBX;AAgEtB,eAAsBqB,4BACpBR,QAGAhB,SAAyB;AAEzB,iBAAeyB,gBAAgBnE,MAM9B;AACC,UAAM,EAAEoE,iBAAiBC,QAAQC,YAAW,IAAKtE;AACjD,UAAMuE,aAAavE,KAAKuE;AACxB,QAAIC;AAEJ,UAAMtB,aAAa,MAAMR,QAAQlC,MAAMoC,qBAAqBc,MAAAA;AAC5Dc,kBAAcH,QAAQI,SAAS,IAAA,IAAQ,QAAQ;AAC/C,UAAMhB,SAASP,WAAWO,UAAUP,WAAWE;AAE/C,QAAIsB,iBAAiBC,gBAAgBJ,UAAAA,GAAa;AAChD,UAAI,CAACA,WAAWd,QAAQ;AACtBc,mBAAWd,SAAS;UAAEmB,IAAInB;QAAO;MACnC,WAAW,OAAOc,WAAWd,WAAW,YAAY,CAACc,WAAWd,OAAOmB,IAAI;AACzEL,mBAAWd,OAAOmB,KAAKnB;MACzB;AACA,YAAMoB,iBAAiBC,MAAMC,QAAQR,WAAWS,iBAAiB;AACjE,UAAIC,qBAAqBH,MAAMC,QAAQR,WAAWS,iBAAiB,IAAIT,WAAWS,oBAAoB;QAACT,WAAWS;;AAClHC,2BAAqBA,mBAAmBC,IAAI,CAACC,YAAAA;AAC3C,YAAI,CAACA,QAAQP,IAAI;AACfO,kBAAQP,KAAKR,gBAAgBtC;QAC/B;AACA,eAAOqD;MACT,CAAA;AACAZ,iBAAWS,oBAAoBH,iBAAiBI,qBAAqBA,mBAAmB,CAAA;AAGxF,UAAIG,iBAAoC1C,SAAS,yBAAA,GAA4B;AAE3E,cAAM2C,qBAAqB,MAAM3C,QAAQlC,MAAM8E,wBAAwB;UAAEf;UAAYD;QAAY,CAAA;AACjG,YAAIC,WAAWgB,oBAAoB,CAAChB,WAAWgB,iBAAiBC,sBAAsB;AACpFjB,qBAAWgB,mBAAmBF,mBAAmBE;QAEnD;MACF;AAEA,YAAMhF,SAAS,MAAMmC,QAAQlC,MAAMiF,2BAA2B;QAC5DlB;QACAC;QACAkB,sBAAsB;QACtBC,qBAAqB;QACrBC,QAAQ,OAAOrB,WAAWd,WAAW,WAAWc,WAAWd,OAAOmB,KAAKL,WAAWd;QAClF,GAAIP,WAAWxB,OAAO;UAAEH,QAAQ;YAAEG,KAAKwB,WAAWxB;UAAI;QAAE;MAC1D,CAAA;AACA,aAAQ8C,gBAAgB,SAAS,SAASjE,OAAOsF,QAAQtF,OAAOsF,MAAMlF,MAAMJ;IAC9E,WAAWmE,iBAAiBoB,gCAAgCvB,UAAAA,GAAa;AACvE,YAAMwB,eAAexB;AACrB,UAAIwB,aAAalC,QAAQR,QAAW;AAClC0C,qBAAalC,MAAMJ;MACrB;AACA,UAAIsC,aAAaC,QAAQ3C,QAAW;AAClC0C,qBAAaC,MAAMC,KAAKC,OAAM,oBAAIC,KAAAA,GAAOC,QAAO,IAAK,GAAA;MACvD;AAEA,UAAIC;AACJ,UAAI,qBAAqB9B,YAAY;AACnC8B,0BAAkB9B,WAAW,iBAAA;AAC7B,eAAOA,WAAW,iBAAA;MACpB,OAAO;AACL8B,0BAAkB;UAChBC,KAAK/B,WAAW,KAAA;QAClB;MACF;AAEA,UAAIa,iBAAoC1C,SAAS,8BAAA,GAAiC;AAChF,YAAKqD,aAAaQ,UAAUR,aAAaQ,OAAOC,eAAiBlC,eAAeA,YAAYmC,SAAS,GAAI;AAEvG,gBAAMC,yBAAyB,MAAMhE,QAAQlC,MAAMmG,6BAA6B;YAAEpC,YAAYwB;YAAczB;UAAY,CAAA;AACxH,cAAIyB,aAAaQ,QAAQC,aAAaI,KAAK;AACzC,gBAAI,CAACF,uBAAuBH,UAAU,CAACG,uBAAuBH,OAAOC,aAAa;AAEhF,qBAAOzF,QAAQC,OAAOC,MAAM,2DAAA,CAAA;YAC9B;AAGA,gBAAIqD,eAAeA,YAAYmC,SAAS,GAAG;AACzC,oBAAMI,aAAavC,YAAY,CAAA;AAC/BuC,yBAAWC,eAAeJ,uBAAuBH,OAAOC,YAAYO;AACpEF,yBAAWG,kBAAkBN,uBAAuBH,OAAOC,YAAYI;YACzE;AACAb,yBAAaQ,OAAOC,YAAYI,MAAMF,uBAAuBH,OAAOC,YAAYI;UAClF;QACF;MACF;AAEA,YAAMrG,SAAS,MAAMmC,QAAQlC,MAAMyG,cAAc;QAC/CC,mBAAmBnB;QACnBM;QACAnD;MACF,CAAA;AACA,aAAO3C,OAAOgE;IAChB;AAGA,WAAOxD,QAAQC,OAAO,yEAAA;EACxB;AApGemD;AAsGf,SAAOA;AACT;AA7GsBD;AA+GtB,eAAsBiD,uBACpBnH,MAOA0C,SAAyB;AAEzB,QAAM,EAAE0E,YAAYC,gBAAgBC,4BAA2B,IAAKtH;AAEpE,QAAMuH,UAAU,IAAIC,gBAAAA;AAEpB,QAAMvH,WACJD,KAAKC,YACLD,MAAMoH,YAAYzD,SAAS8D,aAAaxH,YACxCD,KAAKoH,YAAYzD,SAAS8D,aAAaC,eAAezH,YACtDC,iBAAiBwC,OAAAA;AACnB,MAAI,CAACzC,UAAU;AACb,UAAMgB,MAAM,4CAAA;EACd;AACA,QAAMyC,SAASf,8BAA8B;IAAEgB,SAASyD,WAAWzD;IAASD,QAAQ0D,WAAW1D;EAAO,CAAA;AACtG,QAAMgE,gBAAkC;IACtC,GAAGN,YAAYzD,SAAS8D,aAAaC;IACrC,GAAG1H,MAAMoH,YAAYK,aAAaC;IAClCzH;IACA0H,UAAUN,eAAeO;EAC3B;AACAL,UAAQM,mBAAmBR,cAAAA;AAC3BE,UAAQO,0BAA0BR,2BAAAA;AAElCC,UAAQQ,6BAA6B,MAAM7D,4BAA4BR,QAAQhB,OAAAA,CAAAA;AAE/E,MAAI0E,WAAWY,cAAc;AAC3BT,YAAQU,qBAAqBb,WAAWY,YAAY;EAKtD;AAEAT,UAAQW,sBAAsBrI,qBAAqB;IAAEC,YAAY4H;EAAc,GAAGhF,OAAAA,CAAAA;AAElF,MAAI1C,KAAKmI,wBAAwB;AAC/BZ,YAAQa,2BAA2BpI,KAAKmI,sBAAsB;EAChE;AACAZ,UAAQc,wBAAuB;AAC/Bd,UAAQe,iCAAgC;AACxCf,UAAQgB,oCAAmC;AAE3C,SAAOhB;AACT;AApDsBJ;AAsDtB,eAAsBqB,gBACpB,EACEpB,YACAC,gBACAC,6BACAa,uBAAsB,GAOxBzF,SAAyB;AAEzB,UACE,MAAMyE,uBACJ;IACEC;IACAC;IACAC;IACAa;EACF,GACAzF,OAAAA,GAEF+F,MAAK;AACT;AAzBsBD;AA2BtB,eAAsBE,6BAA6BjG,MAAwD;AACzG,iBAAekG,yBAAAA;AACb,UAAMC,OAAOnG,KAAKmG,KAAKC,QAAQ,iBAAiBpG,KAAKqG,wBAAwB;AAC7E,WAAOC,MAAMH,MAAM;MACjBxH,QAAQ;MACR4H,SAAS;QACP,gBAAgB;MAClB;IACF,CAAA,EAAGC,KAAK,OAAOC,aAAAA;AACb,UAAIA,SAAS3C,UAAU,KAAK;AAC1B,eAAOxF,QAAQC,OAAOC,MAAM,MAAMiI,SAASC,KAAI,CAAA,CAAA;MACjD,OAAO;AACL,cAAMC,eAAe,MAAMF,SAASG,KAAI;AAExC,YAAI,CAACD,aAAaE,gBAAgB;AAChC,iBAAOvI,QAAQC,OAAOC,MAAM,2CAAA,CAAA;QAC9B;AAEA,eAAOmI,aAAaE;MACtB;IACF,CAAA;EACF;AApBeX;AAsBf,SAAOA;AACT;AAxBsBD;AA0BtB,eAAsBa,iCAAiC9G,MAGtD;AACC,iBAAe+G,2BAA2BC,eAAqB;AAC7D,WAAOV,MAAMtG,KAAKmG,MAAM;MACtBxH,QAAQ;MACR4H,SAAS;QACP,gBAAgB;MAClB;MACAU,MAAMC,KAAKC,UAAU;QAAEC,cAAcpH,KAAKqG;QAA0BW;MAAc,CAAA;IACpF,CAAA,EAAGR,KAAK,OAAOC,aAAAA;AACb,UAAIA,SAAS3C,UAAU,KAAK;AAC1B,eAAOxF,QAAQC,OAAOC,MAAM,MAAMiI,SAASC,KAAI,CAAA,CAAA;MACjD,OAAO;AACL,cAAMC,eAAe,MAAMF,SAASG,KAAI;AAExC,YAAI,CAACD,aAAa7C,QAAQ;AACxB,iBAAOxF,QAAQC,OAAOC,MAAM,iCAAA,CAAA;QAC9B;AAEA,eAAOmI,aAAa7C,WAAWuD,iCAAiCC;MAClE;IACF,CAAA;EACF;AApBeP;AAsBf,SAAOA;AACT;AA3BsBD;;;AC/Yf,IAAMS,iBAAN,MAAMA;EAJb,OAIaA;;;EACHC;EACSC;EACAC;EACTC;EACSC;EAEjB,YAAmB,EACjBC,YACAC,cACAC,gBACAC,4BAA2B,GAM1B;AACD,SAAKN,iBAAiBG;AACtB,SAAKJ,mBAAmBK;AACxB,SAAKH,kBAAkBI;AACvB,SAAKH,+BAA+BI;EACtC;EAEA,MAAaC,IAAIC,MAAyG;AACxH,QAAI,CAAC,KAAKV,SAAS;AACjB,YAAMW,UAAU,MAAMC,uBACpB;QACEP,YAAY,KAAKQ;QACjBN,gBAAgB,KAAKA;QACrBC,6BAA6B,KAAKA;QAClCM,wBAAwBJ,MAAMI;MAChC,GACAJ,KAAKK,OAAO;AAEd,WAAKf,UAAUW,QAAQK,MAAK;IAC9B;AACA,WAAO,KAAKhB;EACd;EAEA,IAAIa,gBAAgB;AAClB,WAAO,KAAKX;EACd;EAEA,IAAIe,kBAAkB;AACpB,WAAO,KAAKhB;EACd;EAEA,IAAIM,iBAAiB;AACnB,WAAO,KAAKJ;EACd;EAEA,IAAII,eAAeW,OAAuB;AACxC,SAAKf,kBAAkBe;EACzB;EAEA,IAAIV,8BAA8B;AAChC,WAAO,KAAKJ;EACd;AACF;;;AFnCO,IAAMe,gBAAN,MAAMA,eAAAA;EA7Bb,OA6BaA;;;EACX,OAAwBC,oBAAoB;EAC3BC,YAAyC,oBAAIC,IAAAA;EACrDC,SAASA,OAAOC;EAEhBC,UAA0B;IACjCC,uBAAuB,KAAKA,sBAAsBC,KAAK,IAAI;IAC3DC,wBAAwB,KAAKA,uBAAuBD,KAAK,IAAI;IAC7DE,kCAAkC,KAAKA,iCAAiCF,KAAK,IAAI;IACjFG,oBAAoB,KAAKA,mBAAmBH,KAAK,IAAI;EACvD;EACQI;EAERC,YAAYC,MAA2B;AACrC,SAAKF,QAAQE,QAAQ,CAAC;EACxB;EAEA,MAAcP,sBAAsBQ,YAA8BC,SAAqE;AACrI,WAAO,MAAM,KAAKL,mBAAmBI,YAAYC,OAAAA,EAC9CC,KAAK,CAACC,aAAaA,SAASC,IAAI;MAAEH;IAAQ,CAAA,CAAA,EAC1CC,KAAK,CAACG,WACLA,OAAOC,yBAAyBN,UAAAA,EAAYE,KAAK,CAACK,aAAAA;AAChD,YAAMC,SAA0CD;AAChD,UAAI,KAAKV,MAAMY,mBAAmB,OAAO;AACvC,eAAOD,OAAOE;MAChB;AACA,aAAOF;IACT,CAAA,CAAA;EAEN;EAEA,MAAcd,uBAAuBiB,WAAiCV,SAAwD;AAC5H,WAAO,MAAM,KAAKL,mBAAmBe,WAAWV,OAAAA,EAC7CC,KAAK,CAACC,aAAaA,SAASC,IAAI;MAAEH;IAAQ,CAAA,CAAA,EAC1CC,KAAK,CAACG,WAAqBA,OAAOO,gBAAgBD,SAAAA,CAAAA;EACvD;EAEA,MAAchB,iCACZkB,iBACAZ,SAC8B;AAC9B,WAAO,MAAM,KAAKL,mBAAmBiB,iBAAiBZ,OAAAA,EAASC,KAAK,OAAOC,aAAAA;AACzE,YAAME,SAAS,MAAMF,SAASC,IAAI;QAAEH;MAAQ,CAAA;AAE5C,YAAMa,8BAA8BD,gBAAgBE,SAAS;QAC3DC,yBAAyBX,OAAOW;QAChCC,oBAAoBJ,gBAAgBI;MACtC,CAAA;AACA,YAAMC,oBAAoBf,SAASgB,cAAcC,QAAQf,UAAUF,SAASgB,cAAcE,SAASD,OAAOE,WAAWC,SAAAA;AACrH,UAAI,CAACL,mBAAmB;AACtB,eAAOM,QAAQC,OAAOC,MAAM,yCAAyC,CAAA;MACvE;AACA,aAAOC,0BAA0Bd,gBAAgBE,SAAS;QACxDG;QACAU,gBAAgBf,gBAAgBI;QAChCY,iBAAiBhB,gBAAgBI;QACjCa,SAASzB,OAAOyB;QAChBd,yBAAyBX,OAAOW;QAChCe,2BAA2B,MAAMC,6BAA6B7B,SAASgB,eAAelB,OAAAA;MACxF,CAAA;IACF,CAAA;EACF;EAEQgC,cAAcC,gBAAoD;AACxE,QAAI,2BAA2BA,kBAAkBC,MAAMC,QAAQF,eAAeG,qBAAqB,GAAG;AACpG,aAAOH,eAAeG,sBAAsBC,KAAK,CAACC,OAAOA,OAAOL,eAAeM,iBAAiB;IAClG;AACA,WAAOC;EACT;EAEA,MAAcC,qBAAqBC,MAA2B1C,SAAoD;AAChH,UAAM2C,mBAAmBD,KAAKC,oBAAoB3D,eAAcC;AAGhE,UAAM2D,eAAe,MAAM,KAAKC,gBAAgB;MAAE,GAAGH;MAAMC;IAAiB,GAAG3C,OAAAA;AAC/E,UAAMiC,iBAAiB,MAAM,KAAKa,kBAAkB;MAAE,GAAGJ;MAAMC;IAAiB,GAAG3C,OAAAA;AACnF,UAAM+C,aAAa,KAAKf,cAAcC,cAAAA;AACtC,QAAIe,qBAA8ER;AAClF,QAAIO,YAAY;AAEdC,2BAAqB,MAAMC,kBAAkBF,YAAYG,mBAAmBC,sBAAsB;QAChGC,iBAAiB;MACnB,CAAA;AACA,UAAI,CAACJ,oBAAoB;AACvBA,6BAAqB,MAAMC,kBAAkBF,YAAYG,mBAAmBG,UAAU;UACpFD,iBAAiB;QACnB,CAAA;MACF;IACF;AACA,UAAME,8BAA8BN,oBAAoBO,cACpDP,mBAAoBO,cACpB,MAAM,KAAKC,wCACT;MACE,GAAGd;MACHC;IACF,GACA3C,OAAAA;AAEN,UAAMyD,aAAa,MAAM,KAAKC,uBAAuB;MAAE,GAAGhB;MAAMC;IAAiB,GAAG3C,OAAAA;AACpF,QAAI,CAACyD,WAAWE,aAAa;AAC3BF,iBAAWE,cAAc;QAAE,GAAGF,WAAWrC,SAASuC;QAAa,GAAG,KAAK/D,MAAM+D;MAAY;IAC3F;AACA,QAAI,CAACF,WAAWE,aAAaC,UAAU;AACrCH,iBAAWE,YAAYC,WAAWC,kBAAiB7D,OAAAA;IACrD;AACA,SAAKd,UAAU4E,IACbnB,kBACA,IAAIoB,eAAe;MACjBN;MACAb;MACAX;MACAqB;IACF,CAAA,CAAA;AAEF,WAAO,KAAK3D,mBAAmB+C,MAAM1C,OAAAA;EACvC;EAEA,MAAaL,mBAAmB+C,MAA2B1C,SAAoD;AAC7G,UAAM2C,mBAAmBD,KAAKC,oBAAoB3D,eAAcC;AAEhE,QAAI,CAAC,KAAKC,UAAU8E,IAAIrB,gBAAAA,GAAmB;AACzC,YAAM,KAAKF,qBAAqBC,MAAM1C,OAAAA;IACxC;AACA,WAAO,KAAKd,UAAUiB,IAAIwC,gBAAAA;EAC5B;EAEA,MAAce,uBACZ5D,MAKAE,SACyB;AACzB,UAAM2C,mBAAmB7C,KAAK6C;AAC9B,UAAMsB,UAAU,MAAM,KAAKA,QAAQnE,MAAME,OAAAA;AACzC,UAAMkE,YAAY,MAAM,KAAKA,UAAUpE,MAAME,OAAAA;AAC7C,UAAMmE,UAAU,MAAMnE,QAAQoE,MAAMC,0BAA0B;MAC5DC,cAAc;MACdC,eAAe5B;MACfsB;MACAC;IACF,CAAA;AACA,QAAI,CAACC,SAAS;AACZ,YAAM1C,MAAM,6DAA6DkB,gBAAAA,EAAkB;IAC7F;AACA,WAAOwB;EACT;EAEA,MAActB,gBACZ/C,MAKAE,SAC2B;AAC3B,UAAM2C,mBAAmB7C,KAAK6C;AAC9B,UAAMsB,UAAU,MAAM,KAAKA,QAAQnE,MAAME,OAAAA;AACzC,UAAMwE,iBAAiB,MAAM,KAAKN,UAAUpE,MAAME,OAAAA;AAClD,WAAO;MAAE2C;MAAkBsB;MAASO;IAAe;EACrD;EAEA,MAAc1B,kBACZhD,MAKAE,SACyB;AACzB,UAAM4C,eAAe,MAAM,KAAKC,gBAAgB/C,MAAME,OAAAA;AACtD,UAAMyE,WAAY,MAAMzE,QAAQoE,MAAMM,wBAAwB;MAC5DJ,cAAc;MACdC,eAAe3B,aAAaD;MAC5BuB,WAAWtB,aAAa4B;MACxBP,SAASrB,aAAaqB;IACxB,CAAA;AACA,QAAI,CAACQ,UAAU;AACb,YAAMhD,MAAM,wCAAwC3B,KAAK6C,gBAAgB,eAAe7C,KAAKoE,SAAS,cAAcpE,KAAKmE,OAAO,EAAE;IACpI;AACA,WAAOQ;EACT;EAEA,MAAcjB,wCACZ1D,MAKAE,SACsC;AACtC,UAAM4C,eAAe,MAAM,KAAKC,gBAAgB/C,MAAME,OAAAA;AACtD,UAAMyE,WAAY,MAAMzE,QAAQoE,MAAMM,wBAAwB;MAC5DJ,cAAc;MACdC,eAAe3B,aAAaD;MAC5BuB,WAAWtB,aAAa4B;MACxBP,SAASrB,aAAaqB;IACxB,CAAA;AACA,QAAI,CAACQ,UAAU;AACb,YAAMhD,MACJ,wBAAwB3B,KAAK6C,gBAAgB,sCAAsCC,aAAa4B,cAAc,cAAc5B,aAAaqB,OAAO,EAAE;IAEtJ;AACA,WAAOQ;EACT;EAEA,MAAcR,QAAQnE,MAA6BE,SAA6C;AAC9F,UAAMiE,UAAUnE,MAAMmE,WAAW,KAAKrE,OAAO+E,kBAAmB,MAAM3E,SAASoE,MAAMQ,2BAAAA;AACrF,QAAI,CAACX,SAAS;AACZ,YAAMxC,MAAM,iGAAA;IACd;AACA,WAAOwC;EACT;EAEA,MAAcC,UAAUpE,MAA+BE,SAA6C;AAClG,UAAMkE,YAAYpE,MAAMoE,aAAa,KAAKtE,OAAOiF,oBAAqB,MAAM7E,SAASoE,MAAMU,6BAAAA;AAC3F,QAAI,CAACZ,WAAW;AACd,YAAMzC,MAAM,mGAAA;IACd;AACA,WAAOyC;EACT;AACF;;;AGxPA,IAAMa,SAASC;","names":["WellKnownEndpoints","assertValidAccessTokenRequest","createAccessTokenResponse","retrieveWellknown","getAgentResolver","VcIssuerBuilder","getAgentResolver","legacyKeyRefsToIdentifierOpts","contextHasPlugin","CredentialMapper","bytesToBase64","createJWT","decodeJWT","verifyJWT","jwtDecode","fetch","AuthorizationResponseStateStatus","getJwtVerifyCallback","verifyOpts","_context","args","resolver","getAgentResolver","resolverResolution","uniresolverResolution","localResolution","resolve","result","agent","jwtVerifyJwsSignature","jws","jwt","error","identifier","signatures","Promise","reject","Error","jwkInfo","jwks","method","alg","jwk","header","jwtDecode","payload","kid","decodedJwt","decodeJWT","startsWith","did","split","didResult","verifyJWT","verified","console","log","didResolution","didDocument","didResolutionMetadata","getAccessTokenKeyRef","opts","context","legacyKeyRefsToIdentifierOpts","identifierManagedGet","getAccessTokenSignerCallback","signer","data","dataString","encoding","resolution","keyRef","kmsKeyRef","undefined","bytesToBase64","keyManagerSign","accessTokenSignerCallback","issuer","idOpts","didOpts","toString","iss","kidHeader","identifierOpts","createJWT","typ","getCredentialSignerCallback","issueVCCallback","jwtVerifyResult","format","statusLists","credential","proofFormat","includes","CredentialMapper","isW3cCredential","id","subjectIsArray","Array","isArray","credentialSubject","credentialSubjects","map","subject","contextHasPlugin","credentialStatusVC","slAddStatusToCredential","credentialStatus","statusListCredential","createVerifiableCredential","removeOriginalFields","fetchRemoteContexts","domain","proof","isSdJwtDecodedCredentialPayload","sdJwtPayload","iat","Math","floor","Date","getTime","disclosureFrame","_sd","status","status_list","length","sdJwtPayloadWithStatus","slAddStatusToSdJwtCredential","idx","statusList","statusListId","uri","statusListIndex","createSdJwtVc","credentialPayload","createVciIssuerBuilder","issuerOpts","issuerMetadata","authorizationServerMetadata","builder","VcIssuerBuilder","resolveOpts","jwtVerifyOpts","audience","credential_issuer","withIssuerMetadata","withAuthorizationMetadata","withCredentialSignerCallback","asClientOpts","withASClientMetadata","withJWTVerifyCallback","credentialDataSupplier","withCredentialDataSupplier","withInMemoryCNonceState","withInMemoryCredentialOfferState","withInMemoryCredentialOfferURIState","createVciIssuer","build","createAuthRequestUriCallback","authRequestUriCallback","path","replace","presentationDefinitionId","fetch","headers","then","response","text","responseData","json","authRequestURI","createVerifyAuthResponseCallback","verifyAuthResponseCallback","correlationId","body","JSON","stringify","definitionId","AuthorizationResponseStateStatus","VERIFIED","IssuerInstance","_issuer","_metadataOptions","_issuerOptions","_issuerMetadata","_authorizationServerMetadata","issuerOpts","metadataOpts","issuerMetadata","authorizationServerMetadata","get","opts","builder","createVciIssuerBuilder","issuerOptions","credentialDataSupplier","context","build","metadataOptions","value","OID4VCIIssuer","_DEFAULT_OPTS_KEY","instances","Map","schema","IDidAuthSiopOpAuthenticator","methods","oid4vciCreateOfferURI","bind","oid4vciIssueCredential","oid4vciCreateAccessTokenResponse","oid4vciGetInstance","_opts","constructor","opts","createArgs","context","then","instance","get","issuer","createCredentialOfferURI","response","result","returnSessions","session","issueArgs","issueCredential","accessTokenArgs","assertValidAccessTokenRequest","request","credentialOfferSessions","expirationDuration","accessTokenIssuer","issuerOptions","idOpts","didOpts","identifier","toString","Promise","reject","Error","createAccessTokenResponse","tokenExpiresIn","cNonceExpiresIn","cNonces","accessTokenSignerCallback","getAccessTokenSignerCallback","getExternalAS","issuerMetadata","Array","isArray","authorization_servers","find","as","credential_issuer","undefined","createIssuerInstance","args","credentialIssuer","metadataOpts","getMetadataOpts","getIssuerMetadata","externalAS","asMetadataResponse","retrieveWellknown","WellKnownEndpoints","OPENID_CONFIGURATION","errorOnNotFound","OAUTH_AS","authorizationServerMetadata","successBody","getAuthorizationServerMetadataFromStore","issuerOpts","getIssuerOptsFromStore","resolveOpts","resolver","getAgentResolver","set","IssuerInstance","has","storeId","namespace","options","agent","oid4vciStoreGetIssuerOpts","metadataType","correlationId","storeNamespace","metadata","oid4vciStoreGetMetadata","defaultStoreId","oid4vciStoreDefaultStoreId","defaultNamespace","oid4vciStoreDefaultNamespace","schema","require"]}
1
+ {"version":3,"sources":["../plugin.schema.json","../src/agent/OID4VCIIssuer.ts","../src/functions.ts","../src/IssuerInstance.ts","../src/index.ts"],"sourcesContent":["{\n \"IDidAuthSiopOpAuthenticator\": {\n \"components\": {\n \"schemas\": {\n \"IGetSiopSessionArgs\": {\n \"type\": \"object\",\n \"properties\": {\n \"sessionId\": {\n \"type\": \"string\"\n },\n \"additionalProperties\": false\n },\n \"required\": [\"sessionId\"],\n \"description\": \"Arguments needed for {@link DidAuthSiopOpAuthenticator.getSessionForSiop } \"\n },\n \"IRegisterSiopSessionArgs\": {\n \"type\": \"object\",\n \"properties\": {\n \"identifier\": {\n \"type\": \"object\",\n \"properties\": {\n \"did\": {\n \"type\": \"string\"\n },\n \"alias\": {\n \"type\": \"string\"\n },\n \"provider\": {\n \"type\": \"string\"\n },\n \"controllerKeyId\": {\n \"type\": \"string\"\n },\n \"keys\": {\n \"type\": \"array\",\n \"items\": {\n \"type\": \"object\",\n \"properties\": {\n \"additionalProperties\": true\n }\n }\n },\n \"services\": {\n \"type\": \"array\",\n \"items\": {\n \"type\": \"object\",\n \"properties\": {\n \"additionalProperties\": true\n }\n }\n }\n },\n \"additionalProperties\": false,\n \"required\": [\"did\", \"provider\", \"keys\", \"services\"]\n },\n \"sessionId\": {\n \"type\": \"string\"\n },\n \"expiresIn\": {\n \"type\": \"number\"\n },\n \"additionalProperties\": false\n },\n \"required\": [\"identifier\"],\n \"description\": \"Arguments needed for {@link DidAuthSiopOpAuthenticator.registerSessionForSiop } \"\n },\n \"IRemoveSiopSessionArgs\": {\n \"type\": \"object\",\n \"properties\": {\n \"sessionId\": {\n \"type\": \"string\"\n },\n \"additionalProperties\": false\n },\n \"required\": [\"sessionId\"],\n \"description\": \"Arguments needed for {@link DidAuthSiopOpAuthenticator.removeSessionForSiop } \"\n },\n \"IAuthenticateWithSiopArgs\": {\n \"type\": \"object\",\n \"properties\": {\n \"sessionId\": {\n \"type\": \"string\"\n },\n \"stateId\": {\n \"type\": \"string\"\n },\n \"redirectUrl\": {\n \"type\": \"string\"\n },\n \"additionalProperties\": false\n },\n \"required\": [\"sessionId\", \"stateId\", \"redirectUrl\"],\n \"description\": \"Arguments needed for {@link DidAuthSiopOpAuthenticator.authenticateWithSiop } \"\n },\n \"IResponse\": {\n \"type\": \"object\",\n \"properties\": {\n \"status\": {\n \"type\": \"number\"\n },\n \"additionalProperties\": true\n },\n \"required\": [\"status\"],\n \"description\": \"Result of {@link DidAuthSiopOpAuthenticator.authenticateWithSiop & DidAuthSiopOpAuthenticator.sendSiopAuthenticationResponse } \"\n },\n \"IGetSiopAuthenticationRequestFromRpArgs\": {\n \"type\": \"object\",\n \"properties\": {\n \"sessionId\": {\n \"type\": \"string\"\n },\n \"stateId\": {\n \"type\": \"string\"\n },\n \"redirectUrl\": {\n \"type\": \"string\"\n },\n \"additionalProperties\": false\n },\n \"required\": [\"sessionId\", \"stateId\", \"redirectUrl\"],\n \"description\": \"Arguments needed for {@link DidAuthSiopOpAuthenticator.getSiopAuthenticationRequestFromRP } \"\n },\n \"ParsedAuthenticationRequestURI\": {\n \"type\": \"object\",\n \"properties\": {\n \"jwt\": {\n \"type\": \"string\"\n },\n \"requestPayload\": {\n \"type\": \"object\",\n \"properties\": {\n \"additionalProperties\": true\n }\n },\n \"registration\": {\n \"type\": \"object\",\n \"properties\": {\n \"additionalProperties\": true\n }\n },\n \"additionalProperties\": false\n },\n \"required\": [\"jwt\", \"requestPayload\", \"registration\"],\n \"description\": \"Result of {@link DidAuthSiopOpAuthenticator.getSiopAuthenticationRequestFromRP } \"\n },\n \"IGetSiopAuthenticationRequestDetailsArgs\": {\n \"type\": \"object\",\n \"properties\": {\n \"sessionId\": {\n \"type\": \"string\"\n },\n \"verifiedAuthenticationRequest\": {\n \"type\": \"object\",\n \"properties\": {\n \"additionalProperties\": true\n }\n },\n \"credentialFilter\": {\n \"type\": \"object\",\n \"properties\": {\n \"additionalProperties\": true\n }\n },\n \"additionalProperties\": false\n },\n \"required\": [\"sessionId\", \"verifiedAuthenticationRequest\"],\n \"description\": \"Arguments needed for {@link DidAuthSiopOpAuthenticator.getSiopAuthenticationRequestDetails } \"\n },\n \"IAuthRequestDetails\": {\n \"type\": \"object\",\n \"properties\": {\n \"id\": {\n \"type\": \"string\"\n },\n \"alsoKnownAs\": {\n \"type\": \"array\",\n \"items\": {\n \"type\": \"string\"\n }\n },\n \"vpResponseOpts\": {\n \"type\": \"object\",\n \"properties\": {\n \"additionalProperties\": true\n }\n },\n \"additionalProperties\": false\n },\n \"required\": [\"id\", \"vpResponseOpts\"],\n \"description\": \"Result of {@link DidAuthSiopOpAuthenticator.getSiopAuthenticationRequestDetails } \"\n },\n \"IVerifySiopAuthenticationRequestUriArgs\": {\n \"type\": \"object\",\n \"properties\": {\n \"sessionId\": {\n \"type\": \"string\"\n },\n \"ParsedAuthenticationRequestURI\": {\n \"type\": \"object\",\n \"properties\": {\n \"additionalProperties\": true\n }\n },\n \"additionalProperties\": false\n },\n \"required\": [\"sessionId\", \"ParsedAuthenticationRequestURI\"],\n \"description\": \"Arguments needed for {@link DidAuthSiopOpAuthenticator.verifySiopAuthenticationRequestURI } \"\n },\n \"VerifiedAuthorizationRequest\": {\n \"type\": \"object\",\n \"properties\": {\n \"payload\": {\n \"type\": \"object\",\n \"properties\": {\n \"additionalProperties\": true\n }\n },\n \"presentationDefinitions\": {\n \"type\": \"object\",\n \"properties\": {\n \"additionalProperties\": true\n }\n },\n \"verifyOpts\": {\n \"type\": \"object\",\n \"properties\": {\n \"additionalProperties\": true\n }\n },\n \"additionalProperties\": false\n },\n \"required\": [\"payload\", \"verifyOpts\"],\n \"description\": \"Result of {@link DidAuthSiopOpAuthenticator.verifySiopAuthenticationRequestURI } \"\n },\n \"ISendSiopAuthenticationResponseArgs\": {\n \"type\": \"object\",\n \"properties\": {\n \"sessionId\": {\n \"type\": \"string\"\n },\n \"verifiedAuthenticationRequest\": {\n \"type\": \"object\",\n \"properties\": {\n \"additionalProperties\": true\n }\n },\n \"verifiablePresentationResponse\": {\n \"type\": \"object\",\n \"properties\": {\n \"additionalProperties\": true\n }\n },\n \"additionalProperties\": false\n },\n \"required\": [\"sessionId\", \"verifiedAuthenticationRequest\"],\n \"description\": \"Arguments needed for {@link DidAuthSiopOpAuthenticator.sendSiopAuthenticationResponse } \"\n }\n },\n \"methods\": {\n \"getSessionForSiop\": {\n \"description\": \"Get SIOP session\",\n \"arguments\": {\n \"$ref\": \"#/components/schemas/IGetSiopSessionArgs\"\n },\n \"returnType\": \"object\"\n },\n \"registerSessionForSiop\": {\n \"description\": \"Register SIOP session\",\n \"arguments\": {\n \"$ref\": \"#/components/schemas/IRegisterSiopSessionArgs\"\n },\n \"returnType\": \"object\"\n },\n \"removeSessionForSiop\": {\n \"description\": \"Remove SIOP session\",\n \"arguments\": {\n \"$ref\": \"#/components/schemas/IRemoveSiopSessionArgs\"\n },\n \"returnType\": \"boolean\"\n },\n \"authenticateWithSiop\": {\n \"description\": \"Authenticate using DID Auth SIOP\",\n \"arguments\": {\n \"$ref\": \"#/components/schemas/IAuthenticateWithSiopArgs\"\n },\n \"returnType\": {\n \"$ref\": \"#/components/schemas/Response\"\n }\n },\n \"getSiopAuthenticationRequestFromRP\": {\n \"description\": \"Get authentication request from RP\",\n \"arguments\": {\n \"$ref\": \"#/components/schemas/IGetSiopAuthenticationRequestFromRpArgs\"\n },\n \"returnType\": {\n \"$ref\": \"#/components/schemas/ParsedAuthenticationRequestURI\"\n }\n },\n \"getSiopAuthenticationRequestDetails\": {\n \"description\": \"Get authentication request details\",\n \"arguments\": {\n \"$ref\": \"#/components/schemas/IGetSiopAuthenticationRequestDetailsArgs\"\n },\n \"returnType\": {\n \"$ref\": \"#/components/schemas/IAuthRequestDetails\"\n }\n },\n \"verifySiopAuthenticationRequestURI\": {\n \"description\": \"Verify authentication request URI\",\n \"arguments\": {\n \"$ref\": \"#/components/schemas/IVerifySiopAuthenticationRequestUriArgs\"\n },\n \"returnType\": {\n \"$ref\": \"#/components/schemas/VerifiedAuthorizationRequest\"\n }\n },\n \"sendSiopAuthenticationResponse\": {\n \"description\": \"Send authentication response\",\n \"arguments\": {\n \"$ref\": \"#/components/schemas/ISendSiopAuthenticationResponseArgs\"\n },\n \"returnType\": {\n \"$ref\": \"#/components/schemas/IRequiredContext\"\n }\n }\n }\n }\n }\n}\n","import {\n AccessTokenResponse,\n AuthorizationServerMetadata,\n CredentialResponse,\n IssuerMetadata,\n OpenIDResponse,\n WellKnownEndpoints,\n} from '@sphereon/oid4vci-common'\nimport { assertValidAccessTokenRequest, createAccessTokenResponse, VcIssuer } from '@sphereon/oid4vci-issuer'\nimport { retrieveWellknown } from '@sphereon/oid4vci-client'\nimport { getAgentResolver } from '@sphereon/ssi-sdk-ext.did-utils'\nimport { IMetadataOptions } from '@sphereon/ssi-sdk.oid4vci-issuer-store'\nimport { IAgentPlugin } from '@veramo/core'\nimport { getAccessTokenSignerCallback } from '../functions'\nimport {\n IAssertValidAccessTokenArgs,\n ICreateCredentialOfferURIResult,\n ICreateOfferArgs,\n IIssueCredentialArgs,\n IIssuerInstanceArgs,\n IIssuerOptions,\n IOID4VCIIssuerOpts,\n IRequiredContext,\n schema,\n} from '../index'\nimport { IssuerInstance } from '../IssuerInstance'\n\nimport { IOID4VCIIssuer } from '../types/IOID4VCIIssuer'\n\nexport class OID4VCIIssuer implements IAgentPlugin {\n private static readonly _DEFAULT_OPTS_KEY = '_default'\n private readonly instances: Map<string, IssuerInstance> = new Map()\n readonly schema = schema.IDidAuthSiopOpAuthenticator\n\n readonly methods: IOID4VCIIssuer = {\n oid4vciCreateOfferURI: this.oid4vciCreateOfferURI.bind(this),\n oid4vciIssueCredential: this.oid4vciIssueCredential.bind(this),\n oid4vciCreateAccessTokenResponse: this.oid4vciCreateAccessTokenResponse.bind(this),\n oid4vciGetInstance: this.oid4vciGetInstance.bind(this),\n }\n private _opts: IOID4VCIIssuerOpts\n\n constructor(opts?: IOID4VCIIssuerOpts) {\n this._opts = opts ?? {}\n }\n\n private async oid4vciCreateOfferURI(createArgs: ICreateOfferArgs, context: IRequiredContext): Promise<ICreateCredentialOfferURIResult> {\n return await this.oid4vciGetInstance(createArgs, context)\n .then((instance) => instance.get({ context }))\n .then((issuer: VcIssuer) =>\n issuer.createCredentialOfferURI(createArgs).then((response) => {\n const result: ICreateCredentialOfferURIResult = response\n if (this._opts.returnSessions === false) {\n delete result.session\n }\n return result\n }),\n )\n }\n\n private async oid4vciIssueCredential(issueArgs: IIssueCredentialArgs, context: IRequiredContext): Promise<CredentialResponse> {\n return await this.oid4vciGetInstance(issueArgs, context)\n .then((instance) => instance.get({ context }))\n .then((issuer: VcIssuer) => issuer.issueCredential(issueArgs))\n }\n\n private async oid4vciCreateAccessTokenResponse(\n accessTokenArgs: IAssertValidAccessTokenArgs,\n context: IRequiredContext,\n ): Promise<AccessTokenResponse> {\n return await this.oid4vciGetInstance(accessTokenArgs, context).then(async (instance) => {\n const issuer = await instance.get({ context })\n\n await assertValidAccessTokenRequest(accessTokenArgs.request, {\n credentialOfferSessions: issuer.credentialOfferSessions,\n expirationDuration: accessTokenArgs.expirationDuration,\n })\n const accessTokenIssuer = instance.issuerOptions.idOpts?.issuer ?? instance.issuerOptions.didOpts?.idOpts.identifier.toString() // last part is legacy\n if (!accessTokenIssuer) {\n return Promise.reject(Error(`Could not determine access token issuer`))\n }\n return createAccessTokenResponse(accessTokenArgs.request, {\n accessTokenIssuer,\n tokenExpiresIn: accessTokenArgs.expirationDuration,\n cNonceExpiresIn: accessTokenArgs.expirationDuration,\n cNonces: issuer.cNonces,\n credentialOfferSessions: issuer.credentialOfferSessions,\n accessTokenSignerCallback: await getAccessTokenSignerCallback(instance.issuerOptions, context),\n })\n })\n }\n\n private getExternalAS(issuerMetadata: IssuerMetadata): string | undefined {\n if ('authorization_servers' in issuerMetadata && Array.isArray(issuerMetadata.authorization_servers)) {\n return issuerMetadata.authorization_servers.find((as) => as !== issuerMetadata.credential_issuer)\n }\n return undefined\n }\n\n private async createIssuerInstance(args: IIssuerInstanceArgs, context: IRequiredContext): Promise<IssuerInstance> {\n const credentialIssuer = args.credentialIssuer ?? OID4VCIIssuer._DEFAULT_OPTS_KEY\n //todo: prob doesn't make sense as credentialIssuer is mandatory anyway\n\n const metadataOpts = await this.getMetadataOpts({ ...args, credentialIssuer }, context)\n const issuerMetadata = await this.getIssuerMetadata({ ...args, credentialIssuer }, context)\n const externalAS = this.getExternalAS(issuerMetadata)\n let asMetadataResponse: OpenIDResponse<AuthorizationServerMetadata> | undefined = undefined\n if (externalAS) {\n // Let's try OIDC first and then fallback to OAuth2\n asMetadataResponse = await retrieveWellknown(externalAS, WellKnownEndpoints.OPENID_CONFIGURATION, {\n errorOnNotFound: false,\n })\n if (!asMetadataResponse) {\n asMetadataResponse = await retrieveWellknown(externalAS, WellKnownEndpoints.OAUTH_AS, {\n errorOnNotFound: true,\n })\n }\n }\n const authorizationServerMetadata = asMetadataResponse?.successBody\n ? asMetadataResponse!.successBody\n : await this.getAuthorizationServerMetadataFromStore(\n {\n ...args,\n credentialIssuer,\n },\n context,\n )\n const issuerOpts = await this.getIssuerOptsFromStore({ ...args, credentialIssuer }, context)\n if (!issuerOpts.resolveOpts) {\n issuerOpts.resolveOpts = { ...issuerOpts.didOpts?.resolveOpts, ...this._opts.resolveOpts }\n }\n if (!issuerOpts.resolveOpts?.resolver) {\n issuerOpts.resolveOpts.resolver = getAgentResolver(context)\n }\n this.instances.set(\n credentialIssuer,\n new IssuerInstance({\n issuerOpts,\n metadataOpts,\n issuerMetadata,\n authorizationServerMetadata,\n }),\n )\n return this.oid4vciGetInstance(args, context)\n }\n\n public async oid4vciGetInstance(args: IIssuerInstanceArgs, context: IRequiredContext): Promise<IssuerInstance> {\n const credentialIssuer = args.credentialIssuer ?? OID4VCIIssuer._DEFAULT_OPTS_KEY\n //todo: prob doesn't make sense as credentialIssuer is mandatory anyway\n if (!this.instances.has(credentialIssuer)) {\n await this.createIssuerInstance(args, context)\n }\n return this.instances.get(credentialIssuer)!\n }\n\n private async getIssuerOptsFromStore(\n opts: {\n credentialIssuer: string\n storeId?: string\n namespace?: string\n },\n context: IRequiredContext,\n ): Promise<IIssuerOptions> {\n const credentialIssuer = opts.credentialIssuer\n const storeId = await this.storeId(opts, context)\n const namespace = await this.namespace(opts, context)\n const options = await context.agent.oid4vciStoreGetIssuerOpts({\n metadataType: 'issuer',\n correlationId: credentialIssuer,\n storeId,\n namespace,\n })\n if (!options) {\n throw Error(`Could not get specific nor default options for definition ${credentialIssuer}`)\n }\n return options\n }\n\n private async getMetadataOpts(\n opts: {\n credentialIssuer: string\n storeId?: string\n namespace?: string\n },\n context: IRequiredContext,\n ): Promise<IMetadataOptions> {\n const credentialIssuer = opts.credentialIssuer\n const storeId = await this.storeId(opts, context)\n const storeNamespace = await this.namespace(opts, context)\n return { credentialIssuer, storeId, storeNamespace }\n }\n\n private async getIssuerMetadata(\n opts: {\n credentialIssuer: string\n storeId?: string\n namespace?: string\n },\n context: IRequiredContext,\n ): Promise<IssuerMetadata> {\n const metadataOpts = await this.getMetadataOpts(opts, context)\n const metadata = (await context.agent.oid4vciStoreGetMetadata({\n metadataType: 'issuer',\n correlationId: metadataOpts.credentialIssuer,\n namespace: metadataOpts.storeNamespace,\n storeId: metadataOpts.storeId,\n })) as IssuerMetadata\n if (!metadata) {\n throw Error(`Issuer metadata not found for issuer ${opts.credentialIssuer}, namespace ${opts.namespace} and store ${opts.storeId}`)\n }\n return metadata\n }\n\n private async getAuthorizationServerMetadataFromStore(\n opts: {\n credentialIssuer: string\n storeId?: string\n namespace?: string\n },\n context: IRequiredContext,\n ): Promise<AuthorizationServerMetadata> {\n const metadataOpts = await this.getMetadataOpts(opts, context)\n const metadata = (await context.agent.oid4vciStoreGetMetadata({\n metadataType: 'authorizationServer',\n correlationId: metadataOpts.credentialIssuer,\n namespace: metadataOpts.storeNamespace,\n storeId: metadataOpts.storeId,\n })) as AuthorizationServerMetadata\n if (!metadata) {\n throw Error(\n `Authorization server ${opts.credentialIssuer} metadata not found for namespace ${metadataOpts.storeNamespace} and store ${metadataOpts.storeId}`,\n )\n }\n return metadata\n }\n\n private async storeId(opts?: { storeId?: string }, context?: IRequiredContext): Promise<string> {\n const storeId = opts?.storeId ?? this._opts?.defaultStoreId ?? (await context?.agent.oid4vciStoreDefaultStoreId())\n if (!storeId) {\n throw Error('Please provide a store id a default value, or provide the context for a global default store id')\n }\n return storeId\n }\n\n private async namespace(opts?: { namespace?: string }, context?: IRequiredContext): Promise<string> {\n const namespace = opts?.namespace ?? this._opts?.defaultNamespace ?? (await context?.agent.oid4vciStoreDefaultNamespace())\n if (!namespace) {\n throw Error('Please provide a namespace a default value, or provide the context for a global default namespace')\n }\n return namespace\n }\n}\n","import { AuthorizationResponseStateStatus } from '@sphereon/did-auth-siop'\nimport {\n AuthorizationServerMetadata,\n CredentialRequestV1_0_15,\n IssuerMetadata,\n Jwt,\n JWTHeader,\n JWTPayload,\n JwtVerifyResult,\n type OID4VCICredentialFormat,\n StatusListOpts,\n} from '@sphereon/oid4vci-common'\nimport { CredentialDataSupplier, CredentialIssuanceInput, CredentialSignerCallback, VcIssuer, VcIssuerBuilder } from '@sphereon/oid4vci-issuer'\nimport { getAgentResolver, IDIDOptions } from '@sphereon/ssi-sdk-ext.did-utils'\nimport { legacyKeyRefsToIdentifierOpts, ManagedIdentifierOptsOrResult } from '@sphereon/ssi-sdk-ext.identifier-resolution'\nimport { contextHasPlugin } from '@sphereon/ssi-sdk.agent-config'\nimport { SdJwtVcPayload } from '@sphereon/ssi-sdk.sd-jwt'\nimport { IStatusListPlugin } from '@sphereon/ssi-sdk.vc-status-list'\nimport { CompactSdJwtVc, CredentialMapper, ICredential, W3CVerifiableCredential } from '@sphereon/ssi-types'\nimport { CredentialPayload, ProofFormat } from '@veramo/core'\nimport { bytesToBase64 } from '@veramo/utils'\nimport fetch from 'cross-fetch'\nimport { createJWT, decodeJWT, JWTVerifyOptions, verifyJWT } from 'did-jwt'\nimport { Resolvable } from 'did-resolver'\nimport { jwtDecode } from 'jwt-decode'\nimport { IIssuerOptions, IRequiredContext } from './types/IOID4VCIIssuer'\n\nexport function getJwtVerifyCallback({ verifyOpts }: { verifyOpts?: JWTVerifyOptions }, _context: IRequiredContext) {\n return async (args: { jwt: string; kid?: string }): Promise<JwtVerifyResult> => {\n const resolver = getAgentResolver(_context, {\n resolverResolution: true,\n uniresolverResolution: true,\n localResolution: true,\n })\n verifyOpts = { ...verifyOpts, resolver: verifyOpts?.resolver } // Resolver separately as that is a function\n if (!verifyOpts?.resolver || typeof verifyOpts?.resolver?.resolve !== 'function') {\n verifyOpts.resolver = resolver\n }\n const result = await _context.agent.jwtVerifyJwsSignature({ jws: args.jwt })\n if (!result.error) {\n const identifier = result.jws.signatures[0].identifier\n if (!identifier) {\n return Promise.reject(Error('the jws did not contain a signature with an identifier'))\n }\n const jwkInfo = identifier.jwks[0]\n if (!jwkInfo) {\n return Promise.reject(Error(`the identifier of type ${identifier.method} is missing jwks (ExternalJwkInfo)`))\n }\n const { alg } = jwkInfo.jwk\n const header = jwtDecode<JWTHeader>(args.jwt, { header: true })\n const payload = jwtDecode<JWTPayload>(args.jwt, { header: false })\n const kid = args.kid ?? header.kid\n //const jwk = !kid ? jwkInfo.jwk : undefined // TODO double-check if this is correct\n const jwk = jwkInfo.jwk // FIXME workaround IATAB2B-57\n return {\n alg,\n ...identifier,\n jwt: { header, payload },\n ...(kid && { kid }),\n ...(jwk && { jwk }),\n } as JwtVerifyResult\n }\n\n const decodedJwt = (await decodeJWT(args.jwt)) as Jwt\n const kid = args.kid ?? decodedJwt.header.kid\n\n if (!kid || !kid.startsWith('did:')) {\n // No DID method present in header. We already performed the validation above. So return that\n return {\n alg: decodedJwt.header.alg,\n jwt: decodedJwt,\n } as JwtVerifyResult\n }\n const did = kid.split('#')[0]\n\n const didResult = await verifyJWT(args.jwt, verifyOpts)\n if (!didResult.verified) {\n console.log(`JWT invalid: ${args.jwt}`)\n throw Error('JWT did not verify successfully')\n }\n\n const didResolution = await resolver.resolve(did)\n if (!didResolution || !didResolution.didDocument) {\n throw Error(`Could not resolve did: ${did}, metadata: ${didResolution?.didResolutionMetadata}`)\n }\n\n const alg = decodedJwt.header.alg\n return {\n alg,\n kid,\n did,\n didDocument: didResolution.didDocument,\n jwt: decodedJwt,\n }\n }\n}\n\nexport async function getAccessTokenKeyRef(\n opts: {\n /**\n * Uniform identifier options\n */\n idOpts?: ManagedIdentifierOptsOrResult\n /**\n * @deprecated\n */\n iss?: string\n /**\n * @deprecated\n */\n keyRef?: string\n /**\n * @deprecated\n */\n didOpts?: IDIDOptions\n },\n context: IRequiredContext,\n) {\n let identifier = legacyKeyRefsToIdentifierOpts(opts)\n return await context.agent.identifierManagedGet(identifier)\n}\n\nexport async function getAccessTokenSignerCallback(\n opts: {\n /**\n * Uniform identifier options\n */\n idOpts?: ManagedIdentifierOptsOrResult\n /**\n * @deprecated\n */\n iss?: string\n /**\n * @deprecated\n */\n keyRef?: string\n /**\n * @deprecated\n */\n didOpts?: IDIDOptions\n },\n context: IRequiredContext,\n) {\n const signer = async (data: string | Uint8Array) => {\n let dataString, encoding: 'base64' | undefined\n\n const resolution = await legacyKeyRefsToIdentifierOpts(opts)\n const keyRef = resolution.kmsKeyRef\n if (!keyRef) {\n throw Error('Cannot sign access tokens without a key ref')\n }\n if (typeof data === 'string') {\n dataString = data\n encoding = undefined\n } else {\n dataString = bytesToBase64(data)\n encoding = 'base64'\n }\n return context.agent.keyManagerSign({ keyRef, data: dataString, encoding })\n }\n\n async function accessTokenSignerCallback(jwt: Jwt, kid?: string): Promise<string> {\n const issuer =\n opts.idOpts?.issuer ??\n (typeof opts.idOpts?.identifier === 'string' ? opts.idOpts.identifier : (opts.didOpts?.idOpts?.identifier?.toString() ?? opts?.iss))\n if (!issuer) {\n throw Error('No issuer configured for access tokens')\n }\n\n let kidHeader: string | undefined = jwt?.header?.kid ?? kid\n if (!kidHeader) {\n if (\n opts.idOpts?.method === 'did' ||\n opts.idOpts?.method === 'kid' ||\n (typeof opts.didOpts?.idOpts.identifier === 'string' && opts.didOpts?.idOpts?.identifier?.startsWith('did:'))\n ) {\n // @ts-ignore\n kidHeader = opts.idOpts?.kid ?? opts.didOpts?.idOpts?.kid ?? opts?.didOpts?.identifierOpts?.kid\n }\n }\n return await createJWT(jwt.payload, { signer, issuer }, { ...jwt.header, ...(kidHeader && { kid: kidHeader }), typ: 'JWT' })\n }\n\n return accessTokenSignerCallback\n}\n\nexport async function getCredentialSignerCallback(\n idOpts: ManagedIdentifierOptsOrResult & {\n crypto?: Crypto\n },\n context: IRequiredContext,\n): Promise<CredentialSignerCallback> {\n async function issueVCCallback(args: {\n credentialRequest: CredentialRequestV1_0_15\n credential: CredentialIssuanceInput\n jwtVerifyResult: JwtVerifyResult\n format?: OID4VCICredentialFormat\n statusLists?: Array<StatusListOpts>\n }): Promise<W3CVerifiableCredential | CompactSdJwtVc> {\n const { jwtVerifyResult, format, statusLists } = args\n const credential = args.credential as ICredential // TODO: SDJWT\n let proofFormat: ProofFormat\n\n const resolution = await context.agent.identifierManagedGet(idOpts)\n proofFormat = format?.includes('ld') ? 'lds' : 'jwt'\n const issuer = resolution.issuer ?? resolution.kmsKeyRef\n\n if (CredentialMapper.isW3cCredential(credential)) {\n if (!credential.issuer) {\n credential.issuer = { id: issuer }\n } else if (typeof credential.issuer === 'object' && !credential.issuer.id) {\n credential.issuer.id = issuer\n }\n const subjectIsArray = Array.isArray(credential.credentialSubject)\n let credentialSubjects = Array.isArray(credential.credentialSubject) ? credential.credentialSubject : [credential.credentialSubject]\n credentialSubjects = credentialSubjects.map((subject) => {\n if (!subject.id) {\n subject.id = jwtVerifyResult.did\n }\n return subject\n })\n credential.credentialSubject = subjectIsArray ? credentialSubjects : credentialSubjects[0]\n\n // TODO: We should extend the plugin capabilities of issuance so we do not have to tuck this into the sign callback\n if (contextHasPlugin<IStatusListPlugin>(context, 'slAddStatusToCredential')) {\n // Add status list if enabled (and when the input has a credentialStatus object (can be empty))\n const credentialStatusVC = await context.agent.slAddStatusToCredential({ credential, statusLists })\n if (credential.credentialStatus && !credential.credentialStatus.statusListCredential) {\n credential.credentialStatus = credentialStatusVC.credentialStatus\n // TODO update statusLists somehow?\n }\n }\n\n const result = await context.agent.createVerifiableCredential({\n credential: credential as CredentialPayload,\n proofFormat,\n removeOriginalFields: false,\n fetchRemoteContexts: true,\n domain: typeof credential.issuer === 'object' ? credential.issuer.id : credential.issuer,\n ...(resolution.kid && { header: { kid: resolution.kid } }),\n })\n return (proofFormat === 'jwt' && 'jwt' in result.proof ? result.proof.jwt : result) as W3CVerifiableCredential\n } else if (CredentialMapper.isSdJwtDecodedCredentialPayload(credential)) {\n const sdJwtPayload = credential as SdJwtVcPayload\n if (sdJwtPayload.iss === undefined) {\n sdJwtPayload.iss = issuer\n }\n if (sdJwtPayload.iat === undefined) {\n sdJwtPayload.iat = Math.floor(new Date().getTime() / 1000)\n }\n\n let disclosureFrame\n if ('disclosureFrame' in credential) {\n disclosureFrame = credential['disclosureFrame']\n delete credential['disclosureFrame']\n } else {\n disclosureFrame = {\n _sd: credential['_sd'],\n }\n }\n\n if (contextHasPlugin<IStatusListPlugin>(context, 'slAddStatusToSdJwtCredential')) {\n if ((sdJwtPayload.status && sdJwtPayload.status.status_list) || (statusLists && statusLists.length > 0)) {\n // Add status list if enabled (and when the input has a credentialStatus object (can be empty))\n const sdJwtPayloadWithStatus = await context.agent.slAddStatusToSdJwtCredential({ credential: sdJwtPayload, statusLists })\n if (sdJwtPayload.status?.status_list?.idx) {\n if (!sdJwtPayloadWithStatus.status || !sdJwtPayloadWithStatus.status.status_list) {\n // sdJwtPayload and sdJwtPayloadWithStatus is the same for now, but we should use the result anyway as this could be subject to change\n return Promise.reject(Error('slAddStatusToSdJwtCredential did not return a status_list'))\n }\n\n // Update statusListId & statusListIndex back to the credential session TODO SSISDK-4 This is not a clean way to do this.\n if (statusLists && statusLists.length > 0) {\n const statusList = statusLists[0]\n statusList.statusListId = sdJwtPayloadWithStatus.status.status_list.uri\n statusList.statusListIndex = sdJwtPayloadWithStatus.status.status_list.idx\n }\n sdJwtPayload.status.status_list.idx = sdJwtPayloadWithStatus.status.status_list.idx\n }\n }\n }\n\n const result = await context.agent.createSdJwtVc({\n credentialPayload: sdJwtPayload,\n disclosureFrame: disclosureFrame,\n resolution,\n })\n return result.credential\n } /*else if (CredentialMapper.isMsoMdocDecodedCredential(credential)) {\n TODO\n }*/\n return Promise.reject('VC issuance failed, an incorrect or unsupported credential was supplied')\n }\n\n return issueVCCallback\n}\n\nexport async function createVciIssuerBuilder(\n args: {\n issuerOpts: IIssuerOptions\n issuerMetadata: IssuerMetadata\n authorizationServerMetadata: AuthorizationServerMetadata\n resolver?: Resolvable\n credentialDataSupplier?: CredentialDataSupplier\n },\n context: IRequiredContext,\n): Promise<VcIssuerBuilder> {\n const { issuerOpts, issuerMetadata, authorizationServerMetadata } = args\n\n const builder = new VcIssuerBuilder()\n // @ts-ignore\n const resolver =\n args.resolver ??\n args?.issuerOpts?.didOpts?.resolveOpts?.resolver ??\n args.issuerOpts?.didOpts?.resolveOpts?.jwtVerifyOpts?.resolver ??\n getAgentResolver(context)\n if (!resolver) {\n throw Error('A Resolver is necessary to verify DID JWTs')\n }\n const idOpts = legacyKeyRefsToIdentifierOpts({ didOpts: issuerOpts.didOpts, idOpts: issuerOpts.idOpts })\n const jwtVerifyOpts: JWTVerifyOptions = {\n ...issuerOpts?.didOpts?.resolveOpts?.jwtVerifyOpts,\n ...args?.issuerOpts?.resolveOpts?.jwtVerifyOpts,\n resolver,\n audience: issuerMetadata.credential_issuer as string, // FIXME legacy version had {display: NameAndLocale | NameAndLocale[]} as credential_issuer\n }\n builder.withIssuerMetadata(issuerMetadata)\n builder.withAuthorizationMetadata(authorizationServerMetadata)\n // builder.withUserPinRequired(issuerOpts.userPinRequired ?? false) was removed from implementers draft v1\n builder.withCredentialSignerCallback(await getCredentialSignerCallback(idOpts, context))\n if (issuerOpts.nonceEndpoint) {\n builder.withNonceEndpoint(issuerOpts.nonceEndpoint)\n } else if (issuerMetadata.nonce_endpoint) {\n builder.withNonceEndpoint(issuerOpts.nonceEndpoint ?? issuerMetadata.nonce_endpoint)\n }\n\n if (issuerOpts.asClientOpts) {\n builder.withASClientMetadata(issuerOpts.asClientOpts)\n // @ts-ignore\n // const authorizationServer = issuerMetadata.authorization_servers[0] as string\n // Set the OIDC verifier\n // builder.withJWTVerifyCallback(oidcAccessTokenVerifyCallback({clientMetadata: issuerOpts.asClientOpts, credentialIssuer: issuerMetadata.credential_issuer as string, authorizationServer}))\n }\n // Do not use it when asClient is used\n builder.withJWTVerifyCallback(getJwtVerifyCallback({ verifyOpts: jwtVerifyOpts }, context))\n\n if (args.credentialDataSupplier) {\n builder.withCredentialDataSupplier(args.credentialDataSupplier)\n }\n builder.withInMemoryCNonceState()\n builder.withInMemoryCredentialOfferState()\n builder.withInMemoryCredentialOfferURIState()\n\n return builder\n}\n\nexport async function createVciIssuer(\n {\n issuerOpts,\n issuerMetadata,\n authorizationServerMetadata,\n credentialDataSupplier,\n }: {\n issuerOpts: IIssuerOptions\n issuerMetadata: IssuerMetadata\n authorizationServerMetadata: AuthorizationServerMetadata\n credentialDataSupplier?: CredentialDataSupplier\n },\n context: IRequiredContext,\n): Promise<VcIssuer> {\n return (\n await createVciIssuerBuilder(\n {\n issuerOpts,\n issuerMetadata,\n authorizationServerMetadata,\n credentialDataSupplier,\n },\n context,\n )\n ).build()\n}\n\nexport async function createAuthRequestUriCallback(opts: { path: string; presentationDefinitionId: string }): Promise<() => Promise<string>> {\n async function authRequestUriCallback(): Promise<string> {\n const path = opts.path.replace(':definitionId', opts.presentationDefinitionId)\n return fetch(path, {\n method: 'POST',\n headers: {\n 'Content-Type': 'application/json',\n },\n }).then(async (response): Promise<string> => {\n if (response.status >= 400) {\n return Promise.reject(Error(await response.text()))\n } else {\n const responseData = await response.json()\n\n if (!responseData.authRequestURI) {\n return Promise.reject(Error('Missing auth request uri in response body'))\n }\n\n return responseData.authRequestURI\n }\n })\n }\n\n return authRequestUriCallback\n}\n\nexport async function createVerifyAuthResponseCallback(opts: {\n path: string\n presentationDefinitionId: string\n}): Promise<(correlationId: string) => Promise<boolean>> {\n async function verifyAuthResponseCallback(correlationId: string): Promise<boolean> {\n return fetch(opts.path, {\n method: 'POST',\n headers: {\n 'Content-Type': 'application/json',\n },\n body: JSON.stringify({ definitionId: opts.presentationDefinitionId, correlationId }),\n }).then(async (response): Promise<boolean> => {\n if (response.status >= 400) {\n return Promise.reject(Error(await response.text()))\n } else {\n const responseData = await response.json()\n\n if (!responseData.status) {\n return Promise.reject(Error('Missing status in response body'))\n }\n\n return responseData.status === AuthorizationResponseStateStatus.VERIFIED\n }\n })\n }\n\n return verifyAuthResponseCallback\n}\n","import { CredentialDataSupplier, VcIssuer } from '@sphereon/oid4vci-issuer'\nimport { createVciIssuerBuilder } from './functions'\nimport { AuthorizationServerMetadata, IssuerMetadata } from '@sphereon/oid4vci-common'\nimport { IIssuerOptions, IMetadataOptions, IRequiredContext } from './types/IOID4VCIIssuer'\n\nexport class IssuerInstance {\n private _issuer: VcIssuer | undefined\n private readonly _metadataOptions: IMetadataOptions\n private readonly _issuerOptions: IIssuerOptions\n private _issuerMetadata: IssuerMetadata\n private readonly _authorizationServerMetadata: AuthorizationServerMetadata\n\n public constructor({\n issuerOpts,\n metadataOpts,\n issuerMetadata,\n authorizationServerMetadata,\n }: {\n issuerOpts: IIssuerOptions\n metadataOpts: IMetadataOptions\n issuerMetadata: IssuerMetadata\n authorizationServerMetadata: AuthorizationServerMetadata\n }) {\n this._issuerOptions = issuerOpts\n this._metadataOptions = metadataOpts\n this._issuerMetadata = issuerMetadata\n this._authorizationServerMetadata = authorizationServerMetadata\n }\n\n public async get(opts: { context: IRequiredContext; credentialDataSupplier?: CredentialDataSupplier }): Promise<VcIssuer> {\n if (!this._issuer) {\n const builder = await createVciIssuerBuilder(\n {\n issuerOpts: this.issuerOptions,\n issuerMetadata: this.issuerMetadata,\n authorizationServerMetadata: this.authorizationServerMetadata,\n credentialDataSupplier: opts?.credentialDataSupplier,\n },\n opts.context,\n )\n this._issuer = builder.build()\n }\n return this._issuer\n }\n\n get issuerOptions() {\n return this._issuerOptions\n }\n\n get metadataOptions() {\n return this._metadataOptions\n }\n\n get issuerMetadata() {\n return this._issuerMetadata\n }\n\n set issuerMetadata(value: IssuerMetadata) {\n this._issuerMetadata = value\n }\n\n get authorizationServerMetadata() {\n return this._authorizationServerMetadata\n }\n}\n","/**\n * @public\n */\nconst schema = require('../plugin.schema.json')\nexport { schema }\nexport { OID4VCIIssuer } from './agent/OID4VCIIssuer'\nexport * from './functions'\nexport * from './IssuerInstance'\nexport * from './types/IOID4VCIIssuer'\n"],"mappings":";;;;;;;;AAAA;AAAA;AAAA;AAAA,MACE,6BAA+B;AAAA,QAC7B,YAAc;AAAA,UACZ,SAAW;AAAA,YACT,qBAAuB;AAAA,cACrB,MAAQ;AAAA,cACR,YAAc;AAAA,gBACZ,WAAa;AAAA,kBACX,MAAQ;AAAA,gBACV;AAAA,gBACA,sBAAwB;AAAA,cAC1B;AAAA,cACA,UAAY,CAAC,WAAW;AAAA,cACxB,aAAe;AAAA,YACjB;AAAA,YACA,0BAA4B;AAAA,cAC1B,MAAQ;AAAA,cACR,YAAc;AAAA,gBACZ,YAAc;AAAA,kBACZ,MAAQ;AAAA,kBACR,YAAc;AAAA,oBACZ,KAAO;AAAA,sBACL,MAAQ;AAAA,oBACV;AAAA,oBACA,OAAS;AAAA,sBACP,MAAQ;AAAA,oBACV;AAAA,oBACA,UAAY;AAAA,sBACV,MAAQ;AAAA,oBACV;AAAA,oBACA,iBAAmB;AAAA,sBACjB,MAAQ;AAAA,oBACV;AAAA,oBACA,MAAQ;AAAA,sBACN,MAAQ;AAAA,sBACR,OAAS;AAAA,wBACP,MAAQ;AAAA,wBACR,YAAc;AAAA,0BACZ,sBAAwB;AAAA,wBAC1B;AAAA,sBACF;AAAA,oBACF;AAAA,oBACA,UAAY;AAAA,sBACV,MAAQ;AAAA,sBACR,OAAS;AAAA,wBACP,MAAQ;AAAA,wBACR,YAAc;AAAA,0BACZ,sBAAwB;AAAA,wBAC1B;AAAA,sBACF;AAAA,oBACF;AAAA,kBACF;AAAA,kBACA,sBAAwB;AAAA,kBACxB,UAAY,CAAC,OAAO,YAAY,QAAQ,UAAU;AAAA,gBACpD;AAAA,gBACA,WAAa;AAAA,kBACX,MAAQ;AAAA,gBACV;AAAA,gBACA,WAAa;AAAA,kBACX,MAAQ;AAAA,gBACV;AAAA,gBACA,sBAAwB;AAAA,cAC1B;AAAA,cACA,UAAY,CAAC,YAAY;AAAA,cACzB,aAAe;AAAA,YACjB;AAAA,YACA,wBAA0B;AAAA,cACxB,MAAQ;AAAA,cACR,YAAc;AAAA,gBACZ,WAAa;AAAA,kBACX,MAAQ;AAAA,gBACV;AAAA,gBACA,sBAAwB;AAAA,cAC1B;AAAA,cACA,UAAY,CAAC,WAAW;AAAA,cACxB,aAAe;AAAA,YACjB;AAAA,YACA,2BAA6B;AAAA,cAC3B,MAAQ;AAAA,cACR,YAAc;AAAA,gBACZ,WAAa;AAAA,kBACX,MAAQ;AAAA,gBACV;AAAA,gBACA,SAAW;AAAA,kBACT,MAAQ;AAAA,gBACV;AAAA,gBACA,aAAe;AAAA,kBACb,MAAQ;AAAA,gBACV;AAAA,gBACA,sBAAwB;AAAA,cAC1B;AAAA,cACA,UAAY,CAAC,aAAa,WAAW,aAAa;AAAA,cAClD,aAAe;AAAA,YACjB;AAAA,YACA,WAAa;AAAA,cACX,MAAQ;AAAA,cACR,YAAc;AAAA,gBACZ,QAAU;AAAA,kBACR,MAAQ;AAAA,gBACV;AAAA,gBACA,sBAAwB;AAAA,cAC1B;AAAA,cACA,UAAY,CAAC,QAAQ;AAAA,cACrB,aAAe;AAAA,YACjB;AAAA,YACA,yCAA2C;AAAA,cACzC,MAAQ;AAAA,cACR,YAAc;AAAA,gBACZ,WAAa;AAAA,kBACX,MAAQ;AAAA,gBACV;AAAA,gBACA,SAAW;AAAA,kBACT,MAAQ;AAAA,gBACV;AAAA,gBACA,aAAe;AAAA,kBACb,MAAQ;AAAA,gBACV;AAAA,gBACA,sBAAwB;AAAA,cAC1B;AAAA,cACA,UAAY,CAAC,aAAa,WAAW,aAAa;AAAA,cAClD,aAAe;AAAA,YACjB;AAAA,YACA,gCAAkC;AAAA,cAChC,MAAQ;AAAA,cACR,YAAc;AAAA,gBACZ,KAAO;AAAA,kBACL,MAAQ;AAAA,gBACV;AAAA,gBACA,gBAAkB;AAAA,kBAChB,MAAQ;AAAA,kBACR,YAAc;AAAA,oBACZ,sBAAwB;AAAA,kBAC1B;AAAA,gBACF;AAAA,gBACA,cAAgB;AAAA,kBACd,MAAQ;AAAA,kBACR,YAAc;AAAA,oBACZ,sBAAwB;AAAA,kBAC1B;AAAA,gBACF;AAAA,gBACA,sBAAwB;AAAA,cAC1B;AAAA,cACA,UAAY,CAAC,OAAO,kBAAkB,cAAc;AAAA,cACpD,aAAe;AAAA,YACjB;AAAA,YACA,0CAA4C;AAAA,cAC1C,MAAQ;AAAA,cACR,YAAc;AAAA,gBACZ,WAAa;AAAA,kBACX,MAAQ;AAAA,gBACV;AAAA,gBACA,+BAAiC;AAAA,kBAC/B,MAAQ;AAAA,kBACR,YAAc;AAAA,oBACZ,sBAAwB;AAAA,kBAC1B;AAAA,gBACF;AAAA,gBACA,kBAAoB;AAAA,kBAClB,MAAQ;AAAA,kBACR,YAAc;AAAA,oBACZ,sBAAwB;AAAA,kBAC1B;AAAA,gBACF;AAAA,gBACA,sBAAwB;AAAA,cAC1B;AAAA,cACA,UAAY,CAAC,aAAa,+BAA+B;AAAA,cACzD,aAAe;AAAA,YACjB;AAAA,YACA,qBAAuB;AAAA,cACrB,MAAQ;AAAA,cACR,YAAc;AAAA,gBACZ,IAAM;AAAA,kBACJ,MAAQ;AAAA,gBACV;AAAA,gBACA,aAAe;AAAA,kBACb,MAAQ;AAAA,kBACR,OAAS;AAAA,oBACP,MAAQ;AAAA,kBACV;AAAA,gBACF;AAAA,gBACA,gBAAkB;AAAA,kBAChB,MAAQ;AAAA,kBACR,YAAc;AAAA,oBACZ,sBAAwB;AAAA,kBAC1B;AAAA,gBACF;AAAA,gBACA,sBAAwB;AAAA,cAC1B;AAAA,cACA,UAAY,CAAC,MAAM,gBAAgB;AAAA,cACnC,aAAe;AAAA,YACjB;AAAA,YACA,yCAA2C;AAAA,cACzC,MAAQ;AAAA,cACR,YAAc;AAAA,gBACZ,WAAa;AAAA,kBACX,MAAQ;AAAA,gBACV;AAAA,gBACA,gCAAkC;AAAA,kBAChC,MAAQ;AAAA,kBACR,YAAc;AAAA,oBACZ,sBAAwB;AAAA,kBAC1B;AAAA,gBACF;AAAA,gBACA,sBAAwB;AAAA,cAC1B;AAAA,cACA,UAAY,CAAC,aAAa,gCAAgC;AAAA,cAC1D,aAAe;AAAA,YACjB;AAAA,YACA,8BAAgC;AAAA,cAC9B,MAAQ;AAAA,cACR,YAAc;AAAA,gBACZ,SAAW;AAAA,kBACT,MAAQ;AAAA,kBACR,YAAc;AAAA,oBACZ,sBAAwB;AAAA,kBAC1B;AAAA,gBACF;AAAA,gBACA,yBAA2B;AAAA,kBACzB,MAAQ;AAAA,kBACR,YAAc;AAAA,oBACZ,sBAAwB;AAAA,kBAC1B;AAAA,gBACF;AAAA,gBACA,YAAc;AAAA,kBACZ,MAAQ;AAAA,kBACR,YAAc;AAAA,oBACZ,sBAAwB;AAAA,kBAC1B;AAAA,gBACF;AAAA,gBACA,sBAAwB;AAAA,cAC1B;AAAA,cACA,UAAY,CAAC,WAAW,YAAY;AAAA,cACpC,aAAe;AAAA,YACjB;AAAA,YACA,qCAAuC;AAAA,cACrC,MAAQ;AAAA,cACR,YAAc;AAAA,gBACZ,WAAa;AAAA,kBACX,MAAQ;AAAA,gBACV;AAAA,gBACA,+BAAiC;AAAA,kBAC/B,MAAQ;AAAA,kBACR,YAAc;AAAA,oBACZ,sBAAwB;AAAA,kBAC1B;AAAA,gBACF;AAAA,gBACA,gCAAkC;AAAA,kBAChC,MAAQ;AAAA,kBACR,YAAc;AAAA,oBACZ,sBAAwB;AAAA,kBAC1B;AAAA,gBACF;AAAA,gBACA,sBAAwB;AAAA,cAC1B;AAAA,cACA,UAAY,CAAC,aAAa,+BAA+B;AAAA,cACzD,aAAe;AAAA,YACjB;AAAA,UACF;AAAA,UACA,SAAW;AAAA,YACT,mBAAqB;AAAA,cACnB,aAAe;AAAA,cACf,WAAa;AAAA,gBACX,MAAQ;AAAA,cACV;AAAA,cACA,YAAc;AAAA,YAChB;AAAA,YACA,wBAA0B;AAAA,cACxB,aAAe;AAAA,cACf,WAAa;AAAA,gBACX,MAAQ;AAAA,cACV;AAAA,cACA,YAAc;AAAA,YAChB;AAAA,YACA,sBAAwB;AAAA,cACtB,aAAe;AAAA,cACf,WAAa;AAAA,gBACX,MAAQ;AAAA,cACV;AAAA,cACA,YAAc;AAAA,YAChB;AAAA,YACA,sBAAwB;AAAA,cACtB,aAAe;AAAA,cACf,WAAa;AAAA,gBACX,MAAQ;AAAA,cACV;AAAA,cACA,YAAc;AAAA,gBACZ,MAAQ;AAAA,cACV;AAAA,YACF;AAAA,YACA,oCAAsC;AAAA,cACpC,aAAe;AAAA,cACf,WAAa;AAAA,gBACX,MAAQ;AAAA,cACV;AAAA,cACA,YAAc;AAAA,gBACZ,MAAQ;AAAA,cACV;AAAA,YACF;AAAA,YACA,qCAAuC;AAAA,cACrC,aAAe;AAAA,cACf,WAAa;AAAA,gBACX,MAAQ;AAAA,cACV;AAAA,cACA,YAAc;AAAA,gBACZ,MAAQ;AAAA,cACV;AAAA,YACF;AAAA,YACA,oCAAsC;AAAA,cACpC,aAAe;AAAA,cACf,WAAa;AAAA,gBACX,MAAQ;AAAA,cACV;AAAA,cACA,YAAc;AAAA,gBACZ,MAAQ;AAAA,cACV;AAAA,YACF;AAAA,YACA,gCAAkC;AAAA,cAChC,aAAe;AAAA,cACf,WAAa;AAAA,gBACX,MAAQ;AAAA,cACV;AAAA,cACA,YAAc;AAAA,gBACZ,MAAQ;AAAA,cACV;AAAA,YACF;AAAA,UACF;AAAA,QACF;AAAA,MACF;AAAA,IACF;AAAA;AAAA;;;ACxUA,SAMEA,0BACK;AACP,SAASC,+BAA+BC,iCAA2C;AACnF,SAASC,yBAAyB;AAClC,SAASC,oBAAAA,yBAAwB;;;ACVjC,SAASC,wCAAwC;AAYjD,SAA8FC,uBAAuB;AACrH,SAASC,wBAAqC;AAC9C,SAASC,qCAAoE;AAC7E,SAASC,wBAAwB;AAGjC,SAAyBC,wBAA8D;AAEvF,SAASC,qBAAqB;AAC9B,OAAOC,WAAW;AAClB,SAASC,WAAWC,WAA6BC,iBAAiB;AAElE,SAASC,iBAAiB;AAGnB,SAASC,qBAAqB,EAAEC,WAAU,GAAuCC,UAA0B;AAChH,SAAO,OAAOC,SAAAA;AACZ,UAAMC,WAAWC,iBAAiBH,UAAU;MAC1CI,oBAAoB;MACpBC,uBAAuB;MACvBC,iBAAiB;IACnB,CAAA;AACAP,iBAAa;MAAE,GAAGA;MAAYG,UAAUH,YAAYG;IAAS;AAC7D,QAAI,CAACH,YAAYG,YAAY,OAAOH,YAAYG,UAAUK,YAAY,YAAY;AAChFR,iBAAWG,WAAWA;IACxB;AACA,UAAMM,SAAS,MAAMR,SAASS,MAAMC,sBAAsB;MAAEC,KAAKV,KAAKW;IAAI,CAAA;AAC1E,QAAI,CAACJ,OAAOK,OAAO;AACjB,YAAMC,aAAaN,OAAOG,IAAII,WAAW,CAAA,EAAGD;AAC5C,UAAI,CAACA,YAAY;AACf,eAAOE,QAAQC,OAAOC,MAAM,wDAAA,CAAA;MAC9B;AACA,YAAMC,UAAUL,WAAWM,KAAK,CAAA;AAChC,UAAI,CAACD,SAAS;AACZ,eAAOH,QAAQC,OAAOC,MAAM,0BAA0BJ,WAAWO,MAAM,oCAAoC,CAAA;MAC7G;AACA,YAAM,EAAEC,KAAAA,KAAG,IAAKH,QAAQI;AACxB,YAAMC,SAASC,UAAqBxB,KAAKW,KAAK;QAAEY,QAAQ;MAAK,CAAA;AAC7D,YAAME,UAAUD,UAAsBxB,KAAKW,KAAK;QAAEY,QAAQ;MAAM,CAAA;AAChE,YAAMG,OAAM1B,KAAK0B,OAAOH,OAAOG;AAE/B,YAAMJ,MAAMJ,QAAQI;AACpB,aAAO;QACLD,KAAAA;QACA,GAAGR;QACHF,KAAK;UAAEY;UAAQE;QAAQ;QACvB,GAAIC,QAAO;UAAEA,KAAAA;QAAI;QACjB,GAAIJ,OAAO;UAAEA;QAAI;MACnB;IACF;AAEA,UAAMK,aAAc,MAAMC,UAAU5B,KAAKW,GAAG;AAC5C,UAAMe,MAAM1B,KAAK0B,OAAOC,WAAWJ,OAAOG;AAE1C,QAAI,CAACA,OAAO,CAACA,IAAIG,WAAW,MAAA,GAAS;AAEnC,aAAO;QACLR,KAAKM,WAAWJ,OAAOF;QACvBV,KAAKgB;MACP;IACF;AACA,UAAMG,MAAMJ,IAAIK,MAAM,GAAA,EAAK,CAAA;AAE3B,UAAMC,YAAY,MAAMC,UAAUjC,KAAKW,KAAKb,UAAAA;AAC5C,QAAI,CAACkC,UAAUE,UAAU;AACvBC,cAAQC,IAAI,gBAAgBpC,KAAKW,GAAG,EAAE;AACtC,YAAMM,MAAM,iCAAA;IACd;AAEA,UAAMoB,gBAAgB,MAAMpC,SAASK,QAAQwB,GAAAA;AAC7C,QAAI,CAACO,iBAAiB,CAACA,cAAcC,aAAa;AAChD,YAAMrB,MAAM,0BAA0Ba,GAAAA,eAAkBO,eAAeE,qBAAAA,EAAuB;IAChG;AAEA,UAAMlB,MAAMM,WAAWJ,OAAOF;AAC9B,WAAO;MACLA;MACAK;MACAI;MACAQ,aAAaD,cAAcC;MAC3B3B,KAAKgB;IACP;EACF;AACF;AApEgB9B;AAsEhB,eAAsB2C,qBACpBC,MAkBAC,SAAyB;AAEzB,MAAI7B,aAAa8B,8BAA8BF,IAAAA;AAC/C,SAAO,MAAMC,QAAQlC,MAAMoC,qBAAqB/B,UAAAA;AAClD;AAvBsB2B;AAyBtB,eAAsBK,6BACpBJ,MAkBAC,SAAyB;AAEzB,QAAMI,SAAS,8BAAOC,SAAAA;AACpB,QAAIC,YAAYC;AAEhB,UAAMC,aAAa,MAAMP,8BAA8BF,IAAAA;AACvD,UAAMU,SAASD,WAAWE;AAC1B,QAAI,CAACD,QAAQ;AACX,YAAMlC,MAAM,6CAAA;IACd;AACA,QAAI,OAAO8B,SAAS,UAAU;AAC5BC,mBAAaD;AACbE,iBAAWI;IACb,OAAO;AACLL,mBAAaM,cAAcP,IAAAA;AAC3BE,iBAAW;IACb;AACA,WAAOP,QAAQlC,MAAM+C,eAAe;MAAEJ;MAAQJ,MAAMC;MAAYC;IAAS,CAAA;EAC3E,GAhBe;AAkBf,iBAAeO,0BAA0B7C,KAAUe,KAAY;AAC7D,UAAM+B,SACJhB,KAAKiB,QAAQD,WACZ,OAAOhB,KAAKiB,QAAQ7C,eAAe,WAAW4B,KAAKiB,OAAO7C,aAAc4B,KAAKkB,SAASD,QAAQ7C,YAAY+C,SAAAA,KAAcnB,MAAMoB;AACjI,QAAI,CAACJ,QAAQ;AACX,YAAMxC,MAAM,wCAAA;IACd;AAEA,QAAI6C,YAAgCnD,KAAKY,QAAQG,OAAOA;AACxD,QAAI,CAACoC,WAAW;AACd,UACErB,KAAKiB,QAAQtC,WAAW,SACxBqB,KAAKiB,QAAQtC,WAAW,SACvB,OAAOqB,KAAKkB,SAASD,OAAO7C,eAAe,YAAY4B,KAAKkB,SAASD,QAAQ7C,YAAYgB,WAAW,MAAA,GACrG;AAEAiC,oBAAYrB,KAAKiB,QAAQhC,OAAOe,KAAKkB,SAASD,QAAQhC,OAAOe,MAAMkB,SAASI,gBAAgBrC;MAC9F;IACF;AACA,WAAO,MAAMsC,UAAUrD,IAAIc,SAAS;MAAEqB;MAAQW;IAAO,GAAG;MAAE,GAAG9C,IAAIY;MAAQ,GAAIuC,aAAa;QAAEpC,KAAKoC;MAAU;MAAIG,KAAK;IAAM,CAAA;EAC5H;AApBeT;AAsBf,SAAOA;AACT;AA9DsBX;AAgEtB,eAAsBqB,4BACpBR,QAGAhB,SAAyB;AAEzB,iBAAeyB,gBAAgBnE,MAM9B;AACC,UAAM,EAAEoE,iBAAiBC,QAAQC,YAAW,IAAKtE;AACjD,UAAMuE,aAAavE,KAAKuE;AACxB,QAAIC;AAEJ,UAAMtB,aAAa,MAAMR,QAAQlC,MAAMoC,qBAAqBc,MAAAA;AAC5Dc,kBAAcH,QAAQI,SAAS,IAAA,IAAQ,QAAQ;AAC/C,UAAMhB,SAASP,WAAWO,UAAUP,WAAWE;AAE/C,QAAIsB,iBAAiBC,gBAAgBJ,UAAAA,GAAa;AAChD,UAAI,CAACA,WAAWd,QAAQ;AACtBc,mBAAWd,SAAS;UAAEmB,IAAInB;QAAO;MACnC,WAAW,OAAOc,WAAWd,WAAW,YAAY,CAACc,WAAWd,OAAOmB,IAAI;AACzEL,mBAAWd,OAAOmB,KAAKnB;MACzB;AACA,YAAMoB,iBAAiBC,MAAMC,QAAQR,WAAWS,iBAAiB;AACjE,UAAIC,qBAAqBH,MAAMC,QAAQR,WAAWS,iBAAiB,IAAIT,WAAWS,oBAAoB;QAACT,WAAWS;;AAClHC,2BAAqBA,mBAAmBC,IAAI,CAACC,YAAAA;AAC3C,YAAI,CAACA,QAAQP,IAAI;AACfO,kBAAQP,KAAKR,gBAAgBtC;QAC/B;AACA,eAAOqD;MACT,CAAA;AACAZ,iBAAWS,oBAAoBH,iBAAiBI,qBAAqBA,mBAAmB,CAAA;AAGxF,UAAIG,iBAAoC1C,SAAS,yBAAA,GAA4B;AAE3E,cAAM2C,qBAAqB,MAAM3C,QAAQlC,MAAM8E,wBAAwB;UAAEf;UAAYD;QAAY,CAAA;AACjG,YAAIC,WAAWgB,oBAAoB,CAAChB,WAAWgB,iBAAiBC,sBAAsB;AACpFjB,qBAAWgB,mBAAmBF,mBAAmBE;QAEnD;MACF;AAEA,YAAMhF,SAAS,MAAMmC,QAAQlC,MAAMiF,2BAA2B;QAC5DlB;QACAC;QACAkB,sBAAsB;QACtBC,qBAAqB;QACrBC,QAAQ,OAAOrB,WAAWd,WAAW,WAAWc,WAAWd,OAAOmB,KAAKL,WAAWd;QAClF,GAAIP,WAAWxB,OAAO;UAAEH,QAAQ;YAAEG,KAAKwB,WAAWxB;UAAI;QAAE;MAC1D,CAAA;AACA,aAAQ8C,gBAAgB,SAAS,SAASjE,OAAOsF,QAAQtF,OAAOsF,MAAMlF,MAAMJ;IAC9E,WAAWmE,iBAAiBoB,gCAAgCvB,UAAAA,GAAa;AACvE,YAAMwB,eAAexB;AACrB,UAAIwB,aAAalC,QAAQR,QAAW;AAClC0C,qBAAalC,MAAMJ;MACrB;AACA,UAAIsC,aAAaC,QAAQ3C,QAAW;AAClC0C,qBAAaC,MAAMC,KAAKC,OAAM,oBAAIC,KAAAA,GAAOC,QAAO,IAAK,GAAA;MACvD;AAEA,UAAIC;AACJ,UAAI,qBAAqB9B,YAAY;AACnC8B,0BAAkB9B,WAAW,iBAAA;AAC7B,eAAOA,WAAW,iBAAA;MACpB,OAAO;AACL8B,0BAAkB;UAChBC,KAAK/B,WAAW,KAAA;QAClB;MACF;AAEA,UAAIa,iBAAoC1C,SAAS,8BAAA,GAAiC;AAChF,YAAKqD,aAAaQ,UAAUR,aAAaQ,OAAOC,eAAiBlC,eAAeA,YAAYmC,SAAS,GAAI;AAEvG,gBAAMC,yBAAyB,MAAMhE,QAAQlC,MAAMmG,6BAA6B;YAAEpC,YAAYwB;YAAczB;UAAY,CAAA;AACxH,cAAIyB,aAAaQ,QAAQC,aAAaI,KAAK;AACzC,gBAAI,CAACF,uBAAuBH,UAAU,CAACG,uBAAuBH,OAAOC,aAAa;AAEhF,qBAAOzF,QAAQC,OAAOC,MAAM,2DAAA,CAAA;YAC9B;AAGA,gBAAIqD,eAAeA,YAAYmC,SAAS,GAAG;AACzC,oBAAMI,aAAavC,YAAY,CAAA;AAC/BuC,yBAAWC,eAAeJ,uBAAuBH,OAAOC,YAAYO;AACpEF,yBAAWG,kBAAkBN,uBAAuBH,OAAOC,YAAYI;YACzE;AACAb,yBAAaQ,OAAOC,YAAYI,MAAMF,uBAAuBH,OAAOC,YAAYI;UAClF;QACF;MACF;AAEA,YAAMrG,SAAS,MAAMmC,QAAQlC,MAAMyG,cAAc;QAC/CC,mBAAmBnB;QACnBM;QACAnD;MACF,CAAA;AACA,aAAO3C,OAAOgE;IAChB;AAGA,WAAOxD,QAAQC,OAAO,yEAAA;EACxB;AApGemD;AAsGf,SAAOA;AACT;AA7GsBD;AA+GtB,eAAsBiD,uBACpBnH,MAOA0C,SAAyB;AAEzB,QAAM,EAAE0E,YAAYC,gBAAgBC,4BAA2B,IAAKtH;AAEpE,QAAMuH,UAAU,IAAIC,gBAAAA;AAEpB,QAAMvH,WACJD,KAAKC,YACLD,MAAMoH,YAAYzD,SAAS8D,aAAaxH,YACxCD,KAAKoH,YAAYzD,SAAS8D,aAAaC,eAAezH,YACtDC,iBAAiBwC,OAAAA;AACnB,MAAI,CAACzC,UAAU;AACb,UAAMgB,MAAM,4CAAA;EACd;AACA,QAAMyC,SAASf,8BAA8B;IAAEgB,SAASyD,WAAWzD;IAASD,QAAQ0D,WAAW1D;EAAO,CAAA;AACtG,QAAMgE,gBAAkC;IACtC,GAAGN,YAAYzD,SAAS8D,aAAaC;IACrC,GAAG1H,MAAMoH,YAAYK,aAAaC;IAClCzH;IACA0H,UAAUN,eAAeO;EAC3B;AACAL,UAAQM,mBAAmBR,cAAAA;AAC3BE,UAAQO,0BAA0BR,2BAAAA;AAElCC,UAAQQ,6BAA6B,MAAM7D,4BAA4BR,QAAQhB,OAAAA,CAAAA;AAC/E,MAAI0E,WAAWY,eAAe;AAC5BT,YAAQU,kBAAkBb,WAAWY,aAAa;EACpD,WAAWX,eAAea,gBAAgB;AACxCX,YAAQU,kBAAkBb,WAAWY,iBAAiBX,eAAea,cAAc;EACrF;AAEA,MAAId,WAAWe,cAAc;AAC3BZ,YAAQa,qBAAqBhB,WAAWe,YAAY;EAKtD;AAEAZ,UAAQc,sBAAsBxI,qBAAqB;IAAEC,YAAY4H;EAAc,GAAGhF,OAAAA,CAAAA;AAElF,MAAI1C,KAAKsI,wBAAwB;AAC/Bf,YAAQgB,2BAA2BvI,KAAKsI,sBAAsB;EAChE;AACAf,UAAQiB,wBAAuB;AAC/BjB,UAAQkB,iCAAgC;AACxClB,UAAQmB,oCAAmC;AAE3C,SAAOnB;AACT;AAzDsBJ;AA2DtB,eAAsBwB,gBACpB,EACEvB,YACAC,gBACAC,6BACAgB,uBAAsB,GAOxB5F,SAAyB;AAEzB,UACE,MAAMyE,uBACJ;IACEC;IACAC;IACAC;IACAgB;EACF,GACA5F,OAAAA,GAEFkG,MAAK;AACT;AAzBsBD;AA2BtB,eAAsBE,6BAA6BpG,MAAwD;AACzG,iBAAeqG,yBAAAA;AACb,UAAMC,OAAOtG,KAAKsG,KAAKC,QAAQ,iBAAiBvG,KAAKwG,wBAAwB;AAC7E,WAAOC,MAAMH,MAAM;MACjB3H,QAAQ;MACR+H,SAAS;QACP,gBAAgB;MAClB;IACF,CAAA,EAAGC,KAAK,OAAOC,aAAAA;AACb,UAAIA,SAAS9C,UAAU,KAAK;AAC1B,eAAOxF,QAAQC,OAAOC,MAAM,MAAMoI,SAASC,KAAI,CAAA,CAAA;MACjD,OAAO;AACL,cAAMC,eAAe,MAAMF,SAASG,KAAI;AAExC,YAAI,CAACD,aAAaE,gBAAgB;AAChC,iBAAO1I,QAAQC,OAAOC,MAAM,2CAAA,CAAA;QAC9B;AAEA,eAAOsI,aAAaE;MACtB;IACF,CAAA;EACF;AApBeX;AAsBf,SAAOA;AACT;AAxBsBD;AA0BtB,eAAsBa,iCAAiCjH,MAGtD;AACC,iBAAekH,2BAA2BC,eAAqB;AAC7D,WAAOV,MAAMzG,KAAKsG,MAAM;MACtB3H,QAAQ;MACR+H,SAAS;QACP,gBAAgB;MAClB;MACAU,MAAMC,KAAKC,UAAU;QAAEC,cAAcvH,KAAKwG;QAA0BW;MAAc,CAAA;IACpF,CAAA,EAAGR,KAAK,OAAOC,aAAAA;AACb,UAAIA,SAAS9C,UAAU,KAAK;AAC1B,eAAOxF,QAAQC,OAAOC,MAAM,MAAMoI,SAASC,KAAI,CAAA,CAAA;MACjD,OAAO;AACL,cAAMC,eAAe,MAAMF,SAASG,KAAI;AAExC,YAAI,CAACD,aAAahD,QAAQ;AACxB,iBAAOxF,QAAQC,OAAOC,MAAM,iCAAA,CAAA;QAC9B;AAEA,eAAOsI,aAAahD,WAAW0D,iCAAiCC;MAClE;IACF,CAAA;EACF;AApBeP;AAsBf,SAAOA;AACT;AA3BsBD;;;ACpZf,IAAMS,iBAAN,MAAMA;EAJb,OAIaA;;;EACHC;EACSC;EACAC;EACTC;EACSC;EAEjB,YAAmB,EACjBC,YACAC,cACAC,gBACAC,4BAA2B,GAM1B;AACD,SAAKN,iBAAiBG;AACtB,SAAKJ,mBAAmBK;AACxB,SAAKH,kBAAkBI;AACvB,SAAKH,+BAA+BI;EACtC;EAEA,MAAaC,IAAIC,MAAyG;AACxH,QAAI,CAAC,KAAKV,SAAS;AACjB,YAAMW,UAAU,MAAMC,uBACpB;QACEP,YAAY,KAAKQ;QACjBN,gBAAgB,KAAKA;QACrBC,6BAA6B,KAAKA;QAClCM,wBAAwBJ,MAAMI;MAChC,GACAJ,KAAKK,OAAO;AAEd,WAAKf,UAAUW,QAAQK,MAAK;IAC9B;AACA,WAAO,KAAKhB;EACd;EAEA,IAAIa,gBAAgB;AAClB,WAAO,KAAKX;EACd;EAEA,IAAIe,kBAAkB;AACpB,WAAO,KAAKhB;EACd;EAEA,IAAIM,iBAAiB;AACnB,WAAO,KAAKJ;EACd;EAEA,IAAII,eAAeW,OAAuB;AACxC,SAAKf,kBAAkBe;EACzB;EAEA,IAAIV,8BAA8B;AAChC,WAAO,KAAKJ;EACd;AACF;;;AFnCO,IAAMe,gBAAN,MAAMA,eAAAA;EA7Bb,OA6BaA;;;EACX,OAAwBC,oBAAoB;EAC3BC,YAAyC,oBAAIC,IAAAA;EACrDC,SAASA,OAAOC;EAEhBC,UAA0B;IACjCC,uBAAuB,KAAKA,sBAAsBC,KAAK,IAAI;IAC3DC,wBAAwB,KAAKA,uBAAuBD,KAAK,IAAI;IAC7DE,kCAAkC,KAAKA,iCAAiCF,KAAK,IAAI;IACjFG,oBAAoB,KAAKA,mBAAmBH,KAAK,IAAI;EACvD;EACQI;EAER,YAAYC,MAA2B;AACrC,SAAKD,QAAQC,QAAQ,CAAC;EACxB;EAEA,MAAcN,sBAAsBO,YAA8BC,SAAqE;AACrI,WAAO,MAAM,KAAKJ,mBAAmBG,YAAYC,OAAAA,EAC9CC,KAAK,CAACC,aAAaA,SAASC,IAAI;MAAEH;IAAQ,CAAA,CAAA,EAC1CC,KAAK,CAACG,WACLA,OAAOC,yBAAyBN,UAAAA,EAAYE,KAAK,CAACK,aAAAA;AAChD,YAAMC,SAA0CD;AAChD,UAAI,KAAKT,MAAMW,mBAAmB,OAAO;AACvC,eAAOD,OAAOE;MAChB;AACA,aAAOF;IACT,CAAA,CAAA;EAEN;EAEA,MAAcb,uBAAuBgB,WAAiCV,SAAwD;AAC5H,WAAO,MAAM,KAAKJ,mBAAmBc,WAAWV,OAAAA,EAC7CC,KAAK,CAACC,aAAaA,SAASC,IAAI;MAAEH;IAAQ,CAAA,CAAA,EAC1CC,KAAK,CAACG,WAAqBA,OAAOO,gBAAgBD,SAAAA,CAAAA;EACvD;EAEA,MAAcf,iCACZiB,iBACAZ,SAC8B;AAC9B,WAAO,MAAM,KAAKJ,mBAAmBgB,iBAAiBZ,OAAAA,EAASC,KAAK,OAAOC,aAAAA;AACzE,YAAME,SAAS,MAAMF,SAASC,IAAI;QAAEH;MAAQ,CAAA;AAE5C,YAAMa,8BAA8BD,gBAAgBE,SAAS;QAC3DC,yBAAyBX,OAAOW;QAChCC,oBAAoBJ,gBAAgBI;MACtC,CAAA;AACA,YAAMC,oBAAoBf,SAASgB,cAAcC,QAAQf,UAAUF,SAASgB,cAAcE,SAASD,OAAOE,WAAWC,SAAAA;AACrH,UAAI,CAACL,mBAAmB;AACtB,eAAOM,QAAQC,OAAOC,MAAM,yCAAyC,CAAA;MACvE;AACA,aAAOC,0BAA0Bd,gBAAgBE,SAAS;QACxDG;QACAU,gBAAgBf,gBAAgBI;QAChCY,iBAAiBhB,gBAAgBI;QACjCa,SAASzB,OAAOyB;QAChBd,yBAAyBX,OAAOW;QAChCe,2BAA2B,MAAMC,6BAA6B7B,SAASgB,eAAelB,OAAAA;MACxF,CAAA;IACF,CAAA;EACF;EAEQgC,cAAcC,gBAAoD;AACxE,QAAI,2BAA2BA,kBAAkBC,MAAMC,QAAQF,eAAeG,qBAAqB,GAAG;AACpG,aAAOH,eAAeG,sBAAsBC,KAAK,CAACC,OAAOA,OAAOL,eAAeM,iBAAiB;IAClG;AACA,WAAOC;EACT;EAEA,MAAcC,qBAAqBC,MAA2B1C,SAAoD;AAChH,UAAM2C,mBAAmBD,KAAKC,oBAAoB1D,eAAcC;AAGhE,UAAM0D,eAAe,MAAM,KAAKC,gBAAgB;MAAE,GAAGH;MAAMC;IAAiB,GAAG3C,OAAAA;AAC/E,UAAMiC,iBAAiB,MAAM,KAAKa,kBAAkB;MAAE,GAAGJ;MAAMC;IAAiB,GAAG3C,OAAAA;AACnF,UAAM+C,aAAa,KAAKf,cAAcC,cAAAA;AACtC,QAAIe,qBAA8ER;AAClF,QAAIO,YAAY;AAEdC,2BAAqB,MAAMC,kBAAkBF,YAAYG,mBAAmBC,sBAAsB;QAChGC,iBAAiB;MACnB,CAAA;AACA,UAAI,CAACJ,oBAAoB;AACvBA,6BAAqB,MAAMC,kBAAkBF,YAAYG,mBAAmBG,UAAU;UACpFD,iBAAiB;QACnB,CAAA;MACF;IACF;AACA,UAAME,8BAA8BN,oBAAoBO,cACpDP,mBAAoBO,cACpB,MAAM,KAAKC,wCACT;MACE,GAAGd;MACHC;IACF,GACA3C,OAAAA;AAEN,UAAMyD,aAAa,MAAM,KAAKC,uBAAuB;MAAE,GAAGhB;MAAMC;IAAiB,GAAG3C,OAAAA;AACpF,QAAI,CAACyD,WAAWE,aAAa;AAC3BF,iBAAWE,cAAc;QAAE,GAAGF,WAAWrC,SAASuC;QAAa,GAAG,KAAK9D,MAAM8D;MAAY;IAC3F;AACA,QAAI,CAACF,WAAWE,aAAaC,UAAU;AACrCH,iBAAWE,YAAYC,WAAWC,kBAAiB7D,OAAAA;IACrD;AACA,SAAKb,UAAU2E,IACbnB,kBACA,IAAIoB,eAAe;MACjBN;MACAb;MACAX;MACAqB;IACF,CAAA,CAAA;AAEF,WAAO,KAAK1D,mBAAmB8C,MAAM1C,OAAAA;EACvC;EAEA,MAAaJ,mBAAmB8C,MAA2B1C,SAAoD;AAC7G,UAAM2C,mBAAmBD,KAAKC,oBAAoB1D,eAAcC;AAEhE,QAAI,CAAC,KAAKC,UAAU6E,IAAIrB,gBAAAA,GAAmB;AACzC,YAAM,KAAKF,qBAAqBC,MAAM1C,OAAAA;IACxC;AACA,WAAO,KAAKb,UAAUgB,IAAIwC,gBAAAA;EAC5B;EAEA,MAAce,uBACZ5D,MAKAE,SACyB;AACzB,UAAM2C,mBAAmB7C,KAAK6C;AAC9B,UAAMsB,UAAU,MAAM,KAAKA,QAAQnE,MAAME,OAAAA;AACzC,UAAMkE,YAAY,MAAM,KAAKA,UAAUpE,MAAME,OAAAA;AAC7C,UAAMmE,UAAU,MAAMnE,QAAQoE,MAAMC,0BAA0B;MAC5DC,cAAc;MACdC,eAAe5B;MACfsB;MACAC;IACF,CAAA;AACA,QAAI,CAACC,SAAS;AACZ,YAAM1C,MAAM,6DAA6DkB,gBAAAA,EAAkB;IAC7F;AACA,WAAOwB;EACT;EAEA,MAActB,gBACZ/C,MAKAE,SAC2B;AAC3B,UAAM2C,mBAAmB7C,KAAK6C;AAC9B,UAAMsB,UAAU,MAAM,KAAKA,QAAQnE,MAAME,OAAAA;AACzC,UAAMwE,iBAAiB,MAAM,KAAKN,UAAUpE,MAAME,OAAAA;AAClD,WAAO;MAAE2C;MAAkBsB;MAASO;IAAe;EACrD;EAEA,MAAc1B,kBACZhD,MAKAE,SACyB;AACzB,UAAM4C,eAAe,MAAM,KAAKC,gBAAgB/C,MAAME,OAAAA;AACtD,UAAMyE,WAAY,MAAMzE,QAAQoE,MAAMM,wBAAwB;MAC5DJ,cAAc;MACdC,eAAe3B,aAAaD;MAC5BuB,WAAWtB,aAAa4B;MACxBP,SAASrB,aAAaqB;IACxB,CAAA;AACA,QAAI,CAACQ,UAAU;AACb,YAAMhD,MAAM,wCAAwC3B,KAAK6C,gBAAgB,eAAe7C,KAAKoE,SAAS,cAAcpE,KAAKmE,OAAO,EAAE;IACpI;AACA,WAAOQ;EACT;EAEA,MAAcjB,wCACZ1D,MAKAE,SACsC;AACtC,UAAM4C,eAAe,MAAM,KAAKC,gBAAgB/C,MAAME,OAAAA;AACtD,UAAMyE,WAAY,MAAMzE,QAAQoE,MAAMM,wBAAwB;MAC5DJ,cAAc;MACdC,eAAe3B,aAAaD;MAC5BuB,WAAWtB,aAAa4B;MACxBP,SAASrB,aAAaqB;IACxB,CAAA;AACA,QAAI,CAACQ,UAAU;AACb,YAAMhD,MACJ,wBAAwB3B,KAAK6C,gBAAgB,sCAAsCC,aAAa4B,cAAc,cAAc5B,aAAaqB,OAAO,EAAE;IAEtJ;AACA,WAAOQ;EACT;EAEA,MAAcR,QAAQnE,MAA6BE,SAA6C;AAC9F,UAAMiE,UAAUnE,MAAMmE,WAAW,KAAKpE,OAAO8E,kBAAmB,MAAM3E,SAASoE,MAAMQ,2BAAAA;AACrF,QAAI,CAACX,SAAS;AACZ,YAAMxC,MAAM,iGAAA;IACd;AACA,WAAOwC;EACT;EAEA,MAAcC,UAAUpE,MAA+BE,SAA6C;AAClG,UAAMkE,YAAYpE,MAAMoE,aAAa,KAAKrE,OAAOgF,oBAAqB,MAAM7E,SAASoE,MAAMU,6BAAAA;AAC3F,QAAI,CAACZ,WAAW;AACd,YAAMzC,MAAM,mGAAA;IACd;AACA,WAAOyC;EACT;AACF;;;AGxPA,IAAMa,SAASC;","names":["WellKnownEndpoints","assertValidAccessTokenRequest","createAccessTokenResponse","retrieveWellknown","getAgentResolver","AuthorizationResponseStateStatus","VcIssuerBuilder","getAgentResolver","legacyKeyRefsToIdentifierOpts","contextHasPlugin","CredentialMapper","bytesToBase64","fetch","createJWT","decodeJWT","verifyJWT","jwtDecode","getJwtVerifyCallback","verifyOpts","_context","args","resolver","getAgentResolver","resolverResolution","uniresolverResolution","localResolution","resolve","result","agent","jwtVerifyJwsSignature","jws","jwt","error","identifier","signatures","Promise","reject","Error","jwkInfo","jwks","method","alg","jwk","header","jwtDecode","payload","kid","decodedJwt","decodeJWT","startsWith","did","split","didResult","verifyJWT","verified","console","log","didResolution","didDocument","didResolutionMetadata","getAccessTokenKeyRef","opts","context","legacyKeyRefsToIdentifierOpts","identifierManagedGet","getAccessTokenSignerCallback","signer","data","dataString","encoding","resolution","keyRef","kmsKeyRef","undefined","bytesToBase64","keyManagerSign","accessTokenSignerCallback","issuer","idOpts","didOpts","toString","iss","kidHeader","identifierOpts","createJWT","typ","getCredentialSignerCallback","issueVCCallback","jwtVerifyResult","format","statusLists","credential","proofFormat","includes","CredentialMapper","isW3cCredential","id","subjectIsArray","Array","isArray","credentialSubject","credentialSubjects","map","subject","contextHasPlugin","credentialStatusVC","slAddStatusToCredential","credentialStatus","statusListCredential","createVerifiableCredential","removeOriginalFields","fetchRemoteContexts","domain","proof","isSdJwtDecodedCredentialPayload","sdJwtPayload","iat","Math","floor","Date","getTime","disclosureFrame","_sd","status","status_list","length","sdJwtPayloadWithStatus","slAddStatusToSdJwtCredential","idx","statusList","statusListId","uri","statusListIndex","createSdJwtVc","credentialPayload","createVciIssuerBuilder","issuerOpts","issuerMetadata","authorizationServerMetadata","builder","VcIssuerBuilder","resolveOpts","jwtVerifyOpts","audience","credential_issuer","withIssuerMetadata","withAuthorizationMetadata","withCredentialSignerCallback","nonceEndpoint","withNonceEndpoint","nonce_endpoint","asClientOpts","withASClientMetadata","withJWTVerifyCallback","credentialDataSupplier","withCredentialDataSupplier","withInMemoryCNonceState","withInMemoryCredentialOfferState","withInMemoryCredentialOfferURIState","createVciIssuer","build","createAuthRequestUriCallback","authRequestUriCallback","path","replace","presentationDefinitionId","fetch","headers","then","response","text","responseData","json","authRequestURI","createVerifyAuthResponseCallback","verifyAuthResponseCallback","correlationId","body","JSON","stringify","definitionId","AuthorizationResponseStateStatus","VERIFIED","IssuerInstance","_issuer","_metadataOptions","_issuerOptions","_issuerMetadata","_authorizationServerMetadata","issuerOpts","metadataOpts","issuerMetadata","authorizationServerMetadata","get","opts","builder","createVciIssuerBuilder","issuerOptions","credentialDataSupplier","context","build","metadataOptions","value","OID4VCIIssuer","_DEFAULT_OPTS_KEY","instances","Map","schema","IDidAuthSiopOpAuthenticator","methods","oid4vciCreateOfferURI","bind","oid4vciIssueCredential","oid4vciCreateAccessTokenResponse","oid4vciGetInstance","_opts","opts","createArgs","context","then","instance","get","issuer","createCredentialOfferURI","response","result","returnSessions","session","issueArgs","issueCredential","accessTokenArgs","assertValidAccessTokenRequest","request","credentialOfferSessions","expirationDuration","accessTokenIssuer","issuerOptions","idOpts","didOpts","identifier","toString","Promise","reject","Error","createAccessTokenResponse","tokenExpiresIn","cNonceExpiresIn","cNonces","accessTokenSignerCallback","getAccessTokenSignerCallback","getExternalAS","issuerMetadata","Array","isArray","authorization_servers","find","as","credential_issuer","undefined","createIssuerInstance","args","credentialIssuer","metadataOpts","getMetadataOpts","getIssuerMetadata","externalAS","asMetadataResponse","retrieveWellknown","WellKnownEndpoints","OPENID_CONFIGURATION","errorOnNotFound","OAUTH_AS","authorizationServerMetadata","successBody","getAuthorizationServerMetadataFromStore","issuerOpts","getIssuerOptsFromStore","resolveOpts","resolver","getAgentResolver","set","IssuerInstance","has","storeId","namespace","options","agent","oid4vciStoreGetIssuerOpts","metadataType","correlationId","storeNamespace","metadata","oid4vciStoreGetMetadata","defaultStoreId","oid4vciStoreDefaultStoreId","defaultNamespace","oid4vciStoreDefaultNamespace","schema","require"]}
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@sphereon/ssi-sdk.oid4vci-issuer",
3
- "version": "0.34.1-fix.80+f71b3901",
3
+ "version": "0.34.1-next.278+0eacb25b",
4
4
  "source": "./src/index.ts",
5
5
  "type": "module",
6
6
  "main": "./dist/index.cjs",
@@ -26,22 +26,23 @@
26
26
  "build": "tsup --config ../../tsup.config.ts --tsconfig ../../tsconfig.tsup.json"
27
27
  },
28
28
  "dependencies": {
29
- "@sphereon/oid4vci-client": "0.19.1-feature.DIIPv4.86",
30
- "@sphereon/oid4vci-common": "0.19.1-feature.DIIPv4.86",
31
- "@sphereon/oid4vci-issuer": "0.19.1-feature.DIIPv4.86",
32
- "@sphereon/ssi-sdk-ext.did-utils": "0.34.1-fix.80+f71b3901",
33
- "@sphereon/ssi-sdk-ext.identifier-resolution": "0.34.1-fix.80+f71b3901",
34
- "@sphereon/ssi-sdk-ext.jwt-service": "0.34.1-fix.80+f71b3901",
35
- "@sphereon/ssi-sdk.agent-config": "0.34.1-fix.80+f71b3901",
36
- "@sphereon/ssi-sdk.core": "0.34.1-fix.80+f71b3901",
37
- "@sphereon/ssi-sdk.data-store": "0.34.1-fix.80+f71b3901",
38
- "@sphereon/ssi-sdk.kv-store-temp": "0.34.1-fix.80+f71b3901",
39
- "@sphereon/ssi-sdk.mdl-mdoc": "0.34.1-fix.80+f71b3901",
40
- "@sphereon/ssi-sdk.oid4vci-issuer-store": "0.34.1-fix.80+f71b3901",
41
- "@sphereon/ssi-sdk.sd-jwt": "0.34.1-fix.80+f71b3901",
42
- "@sphereon/ssi-sdk.vc-status-list": "0.34.1-fix.80+f71b3901",
43
- "@sphereon/ssi-sdk.vc-status-list-issuer": "0.34.1-fix.80+f71b3901",
44
- "@sphereon/ssi-types": "0.34.1-fix.80+f71b3901",
29
+ "@sphereon/oid4vci-client": "0.19.1-next.220",
30
+ "@sphereon/oid4vci-common": "0.19.1-next.220",
31
+ "@sphereon/oid4vci-issuer": "0.19.1-next.220",
32
+ "@sphereon/ssi-sdk-ext.did-utils": "0.34.1-next.278+0eacb25b",
33
+ "@sphereon/ssi-sdk-ext.identifier-resolution": "0.34.1-next.278+0eacb25b",
34
+ "@sphereon/ssi-sdk-ext.jwt-service": "0.34.1-next.278+0eacb25b",
35
+ "@sphereon/ssi-sdk.agent-config": "0.34.1-next.278+0eacb25b",
36
+ "@sphereon/ssi-sdk.core": "0.34.1-next.278+0eacb25b",
37
+ "@sphereon/ssi-sdk.data-store": "0.34.1-next.278+0eacb25b",
38
+ "@sphereon/ssi-sdk.data-store-types": "0.34.1-next.278+0eacb25b",
39
+ "@sphereon/ssi-sdk.kv-store-temp": "0.34.1-next.278+0eacb25b",
40
+ "@sphereon/ssi-sdk.mdl-mdoc": "0.34.1-next.278+0eacb25b",
41
+ "@sphereon/ssi-sdk.oid4vci-issuer-store": "0.34.1-next.278+0eacb25b",
42
+ "@sphereon/ssi-sdk.sd-jwt": "0.34.1-next.278+0eacb25b",
43
+ "@sphereon/ssi-sdk.vc-status-list": "0.34.1-next.278+0eacb25b",
44
+ "@sphereon/ssi-sdk.vc-status-list-issuer": "0.34.1-next.278+0eacb25b",
45
+ "@sphereon/ssi-types": "0.34.1-next.278+0eacb25b",
45
46
  "@types/uuid": "^9.0.8",
46
47
  "@veramo/core": "4.2.0",
47
48
  "@veramo/credential-w3c": "4.2.0",
@@ -50,7 +51,7 @@
50
51
  "uuid": "^9.0.1"
51
52
  },
52
53
  "devDependencies": {
53
- "@sphereon/did-auth-siop": "0.19.1-feature.DIIPv4.86",
54
+ "@sphereon/did-auth-siop": "0.19.1-next.220",
54
55
  "@sphereon/did-uni-client": "^0.6.3",
55
56
  "@veramo/did-provider-key": "4.2.0",
56
57
  "@veramo/did-resolver": "4.2.0",
@@ -84,5 +85,5 @@
84
85
  "OpenID Connect",
85
86
  "Authenticator"
86
87
  ],
87
- "gitHead": "f71b39017a0bd9ac33fab56d2d61287d8d5c14f4"
88
+ "gitHead": "0eacb25b6e38cef88d04d696d84e3c2ebcf89ede"
88
89
  }
package/src/functions.ts CHANGED
@@ -1,6 +1,7 @@
1
+ import { AuthorizationResponseStateStatus } from '@sphereon/did-auth-siop'
1
2
  import {
2
3
  AuthorizationServerMetadata,
3
- CredentialRequest,
4
+ CredentialRequestV1_0_15,
4
5
  IssuerMetadata,
5
6
  Jwt,
6
7
  JWTHeader,
@@ -18,12 +19,11 @@ import { IStatusListPlugin } from '@sphereon/ssi-sdk.vc-status-list'
18
19
  import { CompactSdJwtVc, CredentialMapper, ICredential, W3CVerifiableCredential } from '@sphereon/ssi-types'
19
20
  import { CredentialPayload, ProofFormat } from '@veramo/core'
20
21
  import { bytesToBase64 } from '@veramo/utils'
22
+ import fetch from 'cross-fetch'
21
23
  import { createJWT, decodeJWT, JWTVerifyOptions, verifyJWT } from 'did-jwt'
22
24
  import { Resolvable } from 'did-resolver'
23
25
  import { jwtDecode } from 'jwt-decode'
24
26
  import { IIssuerOptions, IRequiredContext } from './types/IOID4VCIIssuer'
25
- import fetch from 'cross-fetch'
26
- import { AuthorizationResponseStateStatus } from '@sphereon/did-auth-siop'
27
27
 
28
28
  export function getJwtVerifyCallback({ verifyOpts }: { verifyOpts?: JWTVerifyOptions }, _context: IRequiredContext) {
29
29
  return async (args: { jwt: string; kid?: string }): Promise<JwtVerifyResult> => {
@@ -191,7 +191,7 @@ export async function getCredentialSignerCallback(
191
191
  context: IRequiredContext,
192
192
  ): Promise<CredentialSignerCallback> {
193
193
  async function issueVCCallback(args: {
194
- credentialRequest: CredentialRequest
194
+ credentialRequest: CredentialRequestV1_0_15
195
195
  credential: CredentialIssuanceInput
196
196
  jwtVerifyResult: JwtVerifyResult
197
197
  format?: OID4VCICredentialFormat
@@ -328,6 +328,11 @@ export async function createVciIssuerBuilder(
328
328
  builder.withAuthorizationMetadata(authorizationServerMetadata)
329
329
  // builder.withUserPinRequired(issuerOpts.userPinRequired ?? false) was removed from implementers draft v1
330
330
  builder.withCredentialSignerCallback(await getCredentialSignerCallback(idOpts, context))
331
+ if (issuerOpts.nonceEndpoint) {
332
+ builder.withNonceEndpoint(issuerOpts.nonceEndpoint)
333
+ } else if (issuerMetadata.nonce_endpoint) {
334
+ builder.withNonceEndpoint(issuerOpts.nonceEndpoint ?? issuerMetadata.nonce_endpoint)
335
+ }
331
336
 
332
337
  if (issuerOpts.asClientOpts) {
333
338
  builder.withASClientMetadata(issuerOpts.asClientOpts)
package/src/types/IOID4VCIIssuer.ts CHANGED
@@ -14,7 +14,7 @@ import {
14
14
  QRCodeOpts,
15
15
  StatusListOpts,
16
16
  } from '@sphereon/oid4vci-common'
17
- import { CredentialDataSupplier } from '@sphereon/oid4vci-issuer'
17
+ import { CredentialDataSupplier, IssuerCorrelation } from '@sphereon/oid4vci-issuer'
18
18
  import { IDIDOptions, ResolveOpts } from '@sphereon/ssi-sdk-ext.did-utils'
19
19
  import { IIdentifierResolution, ManagedIdentifierOptsOrResult } from '@sphereon/ssi-sdk-ext.identifier-resolution'
20
20
  import { IOID4VCIStore } from '@sphereon/ssi-sdk.oid4vci-issuer-store'
@@ -62,6 +62,7 @@ export interface ICreateOfferArgs extends IIssuerInstanceArgs {
62
62
 
63
63
  export interface IIssueCredentialArgs extends IIssuerInstanceArgs {
64
64
  credentialRequest: CredentialRequest
65
+ issuerCorrelation: IssuerCorrelation
65
66
  credential?: ICredential
66
67
  credentialDataSupplier?: CredentialDataSupplier
67
68
  credentialDataSupplierInput?: CredentialDataSupplierInput
@@ -96,6 +97,7 @@ export interface IIssuerOptions {
96
97
  */
97
98
  didOpts?: IDIDOptions
98
99
  userPinRequired?: boolean
100
+ nonceEndpoint?: string
99
101
  cNonceExpiresIn?: number
100
102
 
101
103
  /**