@sphereon/ssi-sdk.oid4vci-issuer 0.36.1-next.11 → 0.36.1-next.115

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (11) hide show
  1. package/dist/index.cjs +51 -10
  2. package/dist/index.cjs.map +1 -1
  3. package/dist/index.d.cts +9 -4
  4. package/dist/index.d.ts +9 -4
  5. package/dist/index.js +51 -10
  6. package/dist/index.js.map +1 -1
  7. package/package.json +20 -20
  8. package/src/agent/OID4VCIIssuer.ts +42 -23
  9. package/src/functions.ts +34 -10
  10. package/src/index.ts +1 -1
  11. package/src/types/IOID4VCIIssuer.ts +5 -1
package/dist/index.js CHANGED
@@ -341,9 +341,9 @@ var require_plugin_schema = __commonJS({
341
341
  });
342
342
 
343
343
  // src/agent/OID4VCIIssuer.ts
344
+ import { retrieveWellknown } from "@sphereon/oid4vci-client";
344
345
  import { WellKnownEndpoints } from "@sphereon/oid4vci-common";
345
346
  import { assertValidAccessTokenRequest, createAccessTokenResponse } from "@sphereon/oid4vci-issuer";
346
- import { retrieveWellknown } from "@sphereon/oid4vci-client";
347
347
  import { getAgentResolver as getAgentResolver2 } from "@sphereon/ssi-sdk-ext.did-utils";
348
348
 
349
349
  // src/functions.ts
@@ -357,6 +357,7 @@ import { bytesToBase64 } from "@veramo/utils";
357
357
  import fetch from "cross-fetch";
358
358
  import { createJWT, decodeJWT, verifyJWT } from "did-jwt";
359
359
  import { jwtDecode } from "jwt-decode";
360
+ var CLOCK_SKEW_ISSUANCE = 2;
360
361
  function getJwtVerifyCallback({ verifyOpts }, _context) {
361
362
  return async (args) => {
362
363
  const resolver = getAgentResolver(_context, {
@@ -442,13 +443,17 @@ async function getAccessTokenKeyRef(opts, context) {
442
443
  }
443
444
  __name(getAccessTokenKeyRef, "getAccessTokenKeyRef");
444
445
  async function getAccessTokenSignerCallback(opts, context) {
446
+ const resolution = legacyKeyRefsToIdentifierOpts(opts);
447
+ const identifier = await context.agent.identifierManagedGet({
448
+ identifier: resolution.identifier,
449
+ vmRelationship: "authentication"
450
+ });
451
+ const keyRef = identifier.kmsKeyRef;
452
+ if (!keyRef) {
453
+ throw Error("Cannot sign access tokens without a key ref");
454
+ }
445
455
  const signer = /* @__PURE__ */ __name(async (data) => {
446
456
  let dataString, encoding;
447
- const resolution = await legacyKeyRefsToIdentifierOpts(opts);
448
- const keyRef = resolution.kmsKeyRef;
449
- if (!keyRef) {
450
- throw Error("Cannot sign access tokens without a key ref");
451
- }
452
457
  if (typeof data === "string") {
453
458
  dataString = data;
454
459
  encoding = void 0;
@@ -468,11 +473,18 @@ async function getAccessTokenSignerCallback(opts, context) {
468
473
  throw Error("No issuer configured for access tokens");
469
474
  }
470
475
  let kidHeader = jwt?.header?.kid ?? kid;
476
+ if (!kidHeader && identifier.kid) {
477
+ kidHeader = identifier.kid;
478
+ }
471
479
  if (!kidHeader) {
472
480
  if (opts.idOpts?.method === "did" || opts.idOpts?.method === "kid" || typeof opts.didOpts?.idOpts.identifier === "string" && opts.didOpts?.idOpts?.identifier?.startsWith("did:")) {
473
481
  kidHeader = opts.idOpts?.kid ?? opts.didOpts?.idOpts?.kid ?? opts?.didOpts?.identifierOpts?.kid;
474
482
  }
475
483
  }
484
+ const alg = identifier.jwk?.alg;
485
+ if (!alg) {
486
+ return Promise.reject(Error("No algorithm found in identifier JWK"));
487
+ }
476
488
  return await createJWT(jwt.payload, {
477
489
  signer,
478
490
  issuer
@@ -481,7 +493,8 @@ async function getAccessTokenSignerCallback(opts, context) {
481
493
  ...kidHeader && {
482
494
  kid: kidHeader
483
495
  },
484
- typ: "JWT"
496
+ typ: "JWT",
497
+ alg
485
498
  });
486
499
  }
487
500
  __name(accessTokenSignerCallback, "accessTokenSignerCallback");
@@ -493,7 +506,15 @@ async function getCredentialSignerCallback(idOpts, context) {
493
506
  const { jwtVerifyResult, format, statusLists } = args;
494
507
  const credential = args.credential;
495
508
  let proofFormat;
496
- const resolution = await context.agent.identifierManagedGet(idOpts);
509
+ let resolution;
510
+ if (typeof idOpts.identifier !== "string") {
511
+ resolution = idOpts;
512
+ } else {
513
+ resolution = await context.agent.identifierManagedGet({
514
+ identifier: idOpts.identifier,
515
+ vmRelationship: "assertionMethod"
516
+ });
517
+ }
497
518
  proofFormat = format?.includes("ld") ? "lds" : "jwt";
498
519
  const issuer = resolution.issuer ?? resolution.kmsKeyRef;
499
520
  if (CredentialMapper.isW3cCredential(credential)) {
@@ -543,7 +564,7 @@ async function getCredentialSignerCallback(idOpts, context) {
543
564
  sdJwtPayload.iss = issuer;
544
565
  }
545
566
  if (sdJwtPayload.iat === void 0) {
546
- sdJwtPayload.iat = Math.floor((/* @__PURE__ */ new Date()).getTime() / 1e3);
567
+ sdJwtPayload.iat = Math.floor((/* @__PURE__ */ new Date()).getTime() / 1e3) - CLOCK_SKEW_ISSUANCE;
547
568
  }
548
569
  let disclosureFrame;
549
570
  if ("disclosureFrame" in credential) {
@@ -739,6 +760,13 @@ var IssuerInstance = class {
739
760
  };
740
761
 
741
762
  // src/agent/OID4VCIIssuer.ts
763
+ var oid4vciIssuerMethods = [
764
+ "oid4vciCreateOfferURI",
765
+ "oid4vciIssueCredential",
766
+ "oid4vciCreateAccessTokenResponse",
767
+ "oid4vciGetInstance",
768
+ "oid4vciRefreshInstanceMetadata"
769
+ ];
742
770
  var OID4VCIIssuer = class _OID4VCIIssuer {
743
771
  static {
744
772
  __name(this, "OID4VCIIssuer");
@@ -750,7 +778,8 @@ var OID4VCIIssuer = class _OID4VCIIssuer {
750
778
  oid4vciCreateOfferURI: this.oid4vciCreateOfferURI.bind(this),
751
779
  oid4vciIssueCredential: this.oid4vciIssueCredential.bind(this),
752
780
  oid4vciCreateAccessTokenResponse: this.oid4vciCreateAccessTokenResponse.bind(this),
753
- oid4vciGetInstance: this.oid4vciGetInstance.bind(this)
781
+ oid4vciGetInstance: this.oid4vciGetInstance.bind(this),
782
+ oid4vciRefreshInstanceMetadata: this.oid4vciRefreshInstanceMetadata.bind(this)
754
783
  };
755
784
  _opts;
756
785
  constructor(opts) {
@@ -848,6 +877,17 @@ var OID4VCIIssuer = class _OID4VCIIssuer {
848
877
  }));
849
878
  return this.oid4vciGetInstance(args, context);
850
879
  }
880
+ // TODO SSISDK-87 create proper solution to update issuer metadata
881
+ async oid4vciRefreshInstanceMetadata(args, context) {
882
+ const instance = this.instances.get(args.credentialIssuer);
883
+ if (instance) {
884
+ instance.issuerMetadata = await this.getIssuerMetadata({
885
+ ...args
886
+ }, context);
887
+ return true;
888
+ }
889
+ return false;
890
+ }
851
891
  async oid4vciGetInstance(args, context) {
852
892
  const credentialIssuer = args.credentialIssuer ?? _OID4VCIIssuer._DEFAULT_OPTS_KEY;
853
893
  if (!this.instances.has(credentialIssuer)) {
@@ -935,6 +975,7 @@ export {
935
975
  getAccessTokenSignerCallback,
936
976
  getCredentialSignerCallback,
937
977
  getJwtVerifyCallback,
978
+ oid4vciIssuerMethods,
938
979
  schema
939
980
  };
940
981
  //# sourceMappingURL=index.js.map
package/dist/index.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"sources":["../plugin.schema.json","../src/agent/OID4VCIIssuer.ts","../src/functions.ts","../src/IssuerInstance.ts","../src/index.ts"],"sourcesContent":["{\n \"IDidAuthSiopOpAuthenticator\": {\n \"components\": {\n \"schemas\": {\n \"IGetSiopSessionArgs\": {\n \"type\": \"object\",\n \"properties\": {\n \"sessionId\": {\n \"type\": \"string\"\n },\n \"additionalProperties\": false\n },\n \"required\": [\"sessionId\"],\n \"description\": \"Arguments needed for {@link DidAuthSiopOpAuthenticator.getSessionForSiop } \"\n },\n \"IRegisterSiopSessionArgs\": {\n \"type\": \"object\",\n \"properties\": {\n \"identifier\": {\n \"type\": \"object\",\n \"properties\": {\n \"did\": {\n \"type\": \"string\"\n },\n \"alias\": {\n \"type\": \"string\"\n },\n \"provider\": {\n \"type\": \"string\"\n },\n \"controllerKeyId\": {\n \"type\": \"string\"\n },\n \"keys\": {\n \"type\": \"array\",\n \"items\": {\n \"type\": \"object\",\n \"properties\": {\n \"additionalProperties\": true\n }\n }\n },\n \"services\": {\n \"type\": \"array\",\n \"items\": {\n \"type\": \"object\",\n \"properties\": {\n \"additionalProperties\": true\n }\n }\n }\n },\n \"additionalProperties\": false,\n \"required\": [\"did\", \"provider\", \"keys\", \"services\"]\n },\n \"sessionId\": {\n \"type\": \"string\"\n },\n \"expiresIn\": {\n \"type\": \"number\"\n },\n \"additionalProperties\": false\n },\n \"required\": [\"identifier\"],\n \"description\": \"Arguments needed for {@link DidAuthSiopOpAuthenticator.registerSessionForSiop } \"\n },\n \"IRemoveSiopSessionArgs\": {\n \"type\": \"object\",\n \"properties\": {\n \"sessionId\": {\n \"type\": \"string\"\n },\n \"additionalProperties\": false\n },\n \"required\": [\"sessionId\"],\n \"description\": \"Arguments needed for {@link DidAuthSiopOpAuthenticator.removeSessionForSiop } \"\n },\n \"IAuthenticateWithSiopArgs\": {\n \"type\": \"object\",\n \"properties\": {\n \"sessionId\": {\n \"type\": \"string\"\n },\n \"stateId\": {\n \"type\": \"string\"\n },\n \"redirectUrl\": {\n \"type\": \"string\"\n },\n \"additionalProperties\": false\n },\n \"required\": [\"sessionId\", \"stateId\", \"redirectUrl\"],\n \"description\": \"Arguments needed for {@link DidAuthSiopOpAuthenticator.authenticateWithSiop } \"\n },\n \"IResponse\": {\n \"type\": \"object\",\n \"properties\": {\n \"status\": {\n \"type\": \"number\"\n },\n \"additionalProperties\": true\n },\n \"required\": [\"status\"],\n \"description\": \"Result of {@link DidAuthSiopOpAuthenticator.authenticateWithSiop & DidAuthSiopOpAuthenticator.sendSiopAuthenticationResponse } \"\n },\n \"IGetSiopAuthenticationRequestFromRpArgs\": {\n \"type\": \"object\",\n \"properties\": {\n \"sessionId\": {\n \"type\": \"string\"\n },\n \"stateId\": {\n \"type\": \"string\"\n },\n \"redirectUrl\": {\n \"type\": \"string\"\n },\n \"additionalProperties\": false\n },\n \"required\": [\"sessionId\", \"stateId\", \"redirectUrl\"],\n \"description\": \"Arguments needed for {@link DidAuthSiopOpAuthenticator.getSiopAuthenticationRequestFromRP } \"\n },\n \"ParsedAuthenticationRequestURI\": {\n \"type\": \"object\",\n \"properties\": {\n \"jwt\": {\n \"type\": \"string\"\n },\n \"requestPayload\": {\n \"type\": \"object\",\n \"properties\": {\n \"additionalProperties\": true\n }\n },\n \"registration\": {\n \"type\": \"object\",\n \"properties\": {\n \"additionalProperties\": true\n }\n },\n \"additionalProperties\": false\n },\n \"required\": [\"jwt\", \"requestPayload\", \"registration\"],\n \"description\": \"Result of {@link DidAuthSiopOpAuthenticator.getSiopAuthenticationRequestFromRP } \"\n },\n \"IGetSiopAuthenticationRequestDetailsArgs\": {\n \"type\": \"object\",\n \"properties\": {\n \"sessionId\": {\n \"type\": \"string\"\n },\n \"verifiedAuthenticationRequest\": {\n \"type\": \"object\",\n \"properties\": {\n \"additionalProperties\": true\n }\n },\n \"credentialFilter\": {\n \"type\": \"object\",\n \"properties\": {\n \"additionalProperties\": true\n }\n },\n \"additionalProperties\": false\n },\n \"required\": [\"sessionId\", \"verifiedAuthenticationRequest\"],\n \"description\": \"Arguments needed for {@link DidAuthSiopOpAuthenticator.getSiopAuthenticationRequestDetails } \"\n },\n \"IAuthRequestDetails\": {\n \"type\": \"object\",\n \"properties\": {\n \"id\": {\n \"type\": \"string\"\n },\n \"alsoKnownAs\": {\n \"type\": \"array\",\n \"items\": {\n \"type\": \"string\"\n }\n },\n \"vpResponseOpts\": {\n \"type\": \"object\",\n \"properties\": {\n \"additionalProperties\": true\n }\n },\n \"additionalProperties\": false\n },\n \"required\": [\"id\", \"vpResponseOpts\"],\n \"description\": \"Result of {@link DidAuthSiopOpAuthenticator.getSiopAuthenticationRequestDetails } \"\n },\n \"IVerifySiopAuthenticationRequestUriArgs\": {\n \"type\": \"object\",\n \"properties\": {\n \"sessionId\": {\n \"type\": \"string\"\n },\n \"ParsedAuthenticationRequestURI\": {\n \"type\": \"object\",\n \"properties\": {\n \"additionalProperties\": true\n }\n },\n \"additionalProperties\": false\n },\n \"required\": [\"sessionId\", \"ParsedAuthenticationRequestURI\"],\n \"description\": \"Arguments needed for {@link DidAuthSiopOpAuthenticator.verifySiopAuthenticationRequestURI } \"\n },\n \"VerifiedAuthorizationRequest\": {\n \"type\": \"object\",\n \"properties\": {\n \"payload\": {\n \"type\": \"object\",\n \"properties\": {\n \"additionalProperties\": true\n }\n },\n \"presentationDefinitions\": {\n \"type\": \"object\",\n \"properties\": {\n \"additionalProperties\": true\n }\n },\n \"verifyOpts\": {\n \"type\": \"object\",\n \"properties\": {\n \"additionalProperties\": true\n }\n },\n \"additionalProperties\": false\n },\n \"required\": [\"payload\", \"verifyOpts\"],\n \"description\": \"Result of {@link DidAuthSiopOpAuthenticator.verifySiopAuthenticationRequestURI } \"\n },\n \"ISendSiopAuthenticationResponseArgs\": {\n \"type\": \"object\",\n \"properties\": {\n \"sessionId\": {\n \"type\": \"string\"\n },\n \"verifiedAuthenticationRequest\": {\n \"type\": \"object\",\n \"properties\": {\n \"additionalProperties\": true\n }\n },\n \"verifiablePresentationResponse\": {\n \"type\": \"object\",\n \"properties\": {\n \"additionalProperties\": true\n }\n },\n \"additionalProperties\": false\n },\n \"required\": [\"sessionId\", \"verifiedAuthenticationRequest\"],\n \"description\": \"Arguments needed for {@link DidAuthSiopOpAuthenticator.sendSiopAuthenticationResponse } \"\n }\n },\n \"methods\": {\n \"getSessionForSiop\": {\n \"description\": \"Get SIOP session\",\n \"arguments\": {\n \"$ref\": \"#/components/schemas/IGetSiopSessionArgs\"\n },\n \"returnType\": \"object\"\n },\n \"registerSessionForSiop\": {\n \"description\": \"Register SIOP session\",\n \"arguments\": {\n \"$ref\": \"#/components/schemas/IRegisterSiopSessionArgs\"\n },\n \"returnType\": \"object\"\n },\n \"removeSessionForSiop\": {\n \"description\": \"Remove SIOP session\",\n \"arguments\": {\n \"$ref\": \"#/components/schemas/IRemoveSiopSessionArgs\"\n },\n \"returnType\": \"boolean\"\n },\n \"authenticateWithSiop\": {\n \"description\": \"Authenticate using DID Auth SIOP\",\n \"arguments\": {\n \"$ref\": \"#/components/schemas/IAuthenticateWithSiopArgs\"\n },\n \"returnType\": {\n \"$ref\": \"#/components/schemas/Response\"\n }\n },\n \"getSiopAuthenticationRequestFromRP\": {\n \"description\": \"Get authentication request from RP\",\n \"arguments\": {\n \"$ref\": \"#/components/schemas/IGetSiopAuthenticationRequestFromRpArgs\"\n },\n \"returnType\": {\n \"$ref\": \"#/components/schemas/ParsedAuthenticationRequestURI\"\n }\n },\n \"getSiopAuthenticationRequestDetails\": {\n \"description\": \"Get authentication request details\",\n \"arguments\": {\n \"$ref\": \"#/components/schemas/IGetSiopAuthenticationRequestDetailsArgs\"\n },\n \"returnType\": {\n \"$ref\": \"#/components/schemas/IAuthRequestDetails\"\n }\n },\n \"verifySiopAuthenticationRequestURI\": {\n \"description\": \"Verify authentication request URI\",\n \"arguments\": {\n \"$ref\": \"#/components/schemas/IVerifySiopAuthenticationRequestUriArgs\"\n },\n \"returnType\": {\n \"$ref\": \"#/components/schemas/VerifiedAuthorizationRequest\"\n }\n },\n \"sendSiopAuthenticationResponse\": {\n \"description\": \"Send authentication response\",\n \"arguments\": {\n \"$ref\": \"#/components/schemas/ISendSiopAuthenticationResponseArgs\"\n },\n \"returnType\": {\n \"$ref\": \"#/components/schemas/IRequiredContext\"\n }\n }\n }\n }\n }\n}\n","import {\n AccessTokenResponse,\n AuthorizationServerMetadata,\n CredentialResponse,\n IssuerMetadata,\n OpenIDResponse,\n WellKnownEndpoints,\n} from '@sphereon/oid4vci-common'\nimport { assertValidAccessTokenRequest, createAccessTokenResponse, VcIssuer } from '@sphereon/oid4vci-issuer'\nimport { retrieveWellknown } from '@sphereon/oid4vci-client'\nimport { getAgentResolver } from '@sphereon/ssi-sdk-ext.did-utils'\nimport { IMetadataOptions } from '@sphereon/ssi-sdk.oid4vci-issuer-store'\nimport { IAgentPlugin } from '@veramo/core'\nimport { getAccessTokenSignerCallback } from '../functions'\nimport {\n IAssertValidAccessTokenArgs,\n ICreateCredentialOfferURIResult,\n ICreateOfferArgs,\n IIssueCredentialArgs,\n IIssuerInstanceArgs,\n IIssuerOptions,\n IOID4VCIIssuerOpts,\n IRequiredContext,\n schema,\n} from '../index'\nimport { IssuerInstance } from '../IssuerInstance'\n\nimport { IOID4VCIIssuer } from '../types/IOID4VCIIssuer'\n\nexport class OID4VCIIssuer implements IAgentPlugin {\n private static readonly _DEFAULT_OPTS_KEY = '_default'\n private readonly instances: Map<string, IssuerInstance> = new Map()\n readonly schema = schema.IDidAuthSiopOpAuthenticator\n\n readonly methods: IOID4VCIIssuer = {\n oid4vciCreateOfferURI: this.oid4vciCreateOfferURI.bind(this),\n oid4vciIssueCredential: this.oid4vciIssueCredential.bind(this),\n oid4vciCreateAccessTokenResponse: this.oid4vciCreateAccessTokenResponse.bind(this),\n oid4vciGetInstance: this.oid4vciGetInstance.bind(this),\n }\n private _opts: IOID4VCIIssuerOpts\n\n constructor(opts?: IOID4VCIIssuerOpts) {\n this._opts = opts ?? {}\n }\n\n private async oid4vciCreateOfferURI(createArgs: ICreateOfferArgs, context: IRequiredContext): Promise<ICreateCredentialOfferURIResult> {\n return await this.oid4vciGetInstance(createArgs, context)\n .then((instance) => instance.get({ context }))\n .then((issuer: VcIssuer) =>\n issuer.createCredentialOfferURI(createArgs).then((response) => {\n const result: ICreateCredentialOfferURIResult = response\n if (this._opts.returnSessions === false) {\n delete result.session\n }\n return result\n }),\n )\n }\n\n private async oid4vciIssueCredential(issueArgs: IIssueCredentialArgs, context: IRequiredContext): Promise<CredentialResponse> {\n return await this.oid4vciGetInstance(issueArgs, context)\n .then((instance) => instance.get({ context }))\n .then((issuer: VcIssuer) => issuer.issueCredential(issueArgs))\n }\n\n private async oid4vciCreateAccessTokenResponse(\n accessTokenArgs: IAssertValidAccessTokenArgs,\n context: IRequiredContext,\n ): Promise<AccessTokenResponse> {\n return await this.oid4vciGetInstance(accessTokenArgs, context).then(async (instance) => {\n const issuer = await instance.get({ context })\n\n await assertValidAccessTokenRequest(accessTokenArgs.request, {\n credentialOfferSessions: issuer.credentialOfferSessions,\n expirationDuration: accessTokenArgs.expirationDuration,\n })\n const accessTokenIssuer = instance.issuerOptions.idOpts?.issuer ?? instance.issuerOptions.didOpts?.idOpts.identifier.toString() // last part is legacy\n if (!accessTokenIssuer) {\n return Promise.reject(Error(`Could not determine access token issuer`))\n }\n return createAccessTokenResponse(accessTokenArgs.request, {\n accessTokenIssuer,\n tokenExpiresIn: accessTokenArgs.expirationDuration,\n cNonceExpiresIn: accessTokenArgs.expirationDuration,\n cNonces: issuer.cNonces,\n credentialOfferSessions: issuer.credentialOfferSessions,\n accessTokenSignerCallback: await getAccessTokenSignerCallback(instance.issuerOptions, context),\n })\n })\n }\n\n private getExternalAS(issuerMetadata: IssuerMetadata): string | undefined {\n if ('authorization_servers' in issuerMetadata && Array.isArray(issuerMetadata.authorization_servers)) {\n return issuerMetadata.authorization_servers.find((as) => as !== issuerMetadata.credential_issuer)\n }\n return undefined\n }\n\n private async createIssuerInstance(args: IIssuerInstanceArgs, context: IRequiredContext): Promise<IssuerInstance> {\n const credentialIssuer = args.credentialIssuer ?? OID4VCIIssuer._DEFAULT_OPTS_KEY\n //todo: prob doesn't make sense as credentialIssuer is mandatory anyway\n\n const metadataOpts = await this.getMetadataOpts({ ...args, credentialIssuer }, context)\n const issuerMetadata = await this.getIssuerMetadata({ ...args, credentialIssuer }, context)\n const externalAS = this.getExternalAS(issuerMetadata)\n let asMetadataResponse: OpenIDResponse<AuthorizationServerMetadata> | undefined = undefined\n if (externalAS) {\n // Let's try OIDC first and then fallback to OAuth2\n asMetadataResponse = await retrieveWellknown(externalAS, WellKnownEndpoints.OPENID_CONFIGURATION, {\n errorOnNotFound: false,\n })\n if (!asMetadataResponse) {\n asMetadataResponse = await retrieveWellknown(externalAS, WellKnownEndpoints.OAUTH_AS, {\n errorOnNotFound: true,\n })\n }\n }\n const authorizationServerMetadata = asMetadataResponse?.successBody\n ? asMetadataResponse!.successBody\n : await this.getAuthorizationServerMetadataFromStore(\n {\n ...args,\n credentialIssuer,\n },\n context,\n )\n const issuerOpts = await this.getIssuerOptsFromStore({ ...args, credentialIssuer }, context)\n if (!issuerOpts.resolveOpts) {\n issuerOpts.resolveOpts = { ...issuerOpts.didOpts?.resolveOpts, ...this._opts.resolveOpts }\n }\n if (!issuerOpts.resolveOpts?.resolver) {\n issuerOpts.resolveOpts.resolver = getAgentResolver(context)\n }\n\n this.instances.set(\n credentialIssuer,\n new IssuerInstance({\n issuerOpts,\n metadataOpts,\n issuerMetadata,\n authorizationServerMetadata,\n }),\n )\n\n return this.oid4vciGetInstance(args, context)\n }\n\n public async oid4vciGetInstance(args: IIssuerInstanceArgs, context: IRequiredContext): Promise<IssuerInstance> {\n const credentialIssuer = args.credentialIssuer ?? OID4VCIIssuer._DEFAULT_OPTS_KEY\n //todo: prob doesn't make sense as credentialIssuer is mandatory anyway\n if (!this.instances.has(credentialIssuer)) {\n await this.createIssuerInstance(args, context)\n }\n return this.instances.get(credentialIssuer)!\n }\n\n private async getIssuerOptsFromStore(\n opts: {\n credentialIssuer: string\n storeId?: string\n namespace?: string\n },\n context: IRequiredContext,\n ): Promise<IIssuerOptions> {\n const credentialIssuer = opts.credentialIssuer\n const storeId = await this.storeId(opts, context)\n const namespace = await this.namespace(opts, context)\n const options = await context.agent.oid4vciStoreGetIssuerOpts({\n metadataType: 'issuer',\n correlationId: credentialIssuer,\n storeId,\n namespace,\n })\n if (!options) {\n throw Error(`Could not get specific nor default options for definition ${credentialIssuer}`)\n }\n return options\n }\n\n private async getMetadataOpts(\n opts: {\n credentialIssuer: string\n storeId?: string\n namespace?: string\n },\n context: IRequiredContext,\n ): Promise<IMetadataOptions> {\n const credentialIssuer = opts.credentialIssuer\n const storeId = await this.storeId(opts, context)\n const storeNamespace = await this.namespace(opts, context)\n return { credentialIssuer, storeId, storeNamespace }\n }\n\n private async getIssuerMetadata(\n opts: {\n credentialIssuer: string\n storeId?: string\n namespace?: string\n },\n context: IRequiredContext,\n ): Promise<IssuerMetadata> {\n const metadataOpts = await this.getMetadataOpts(opts, context)\n const metadata = (await context.agent.oid4vciStoreGetMetadata({\n metadataType: 'issuer',\n correlationId: metadataOpts.credentialIssuer,\n namespace: metadataOpts.storeNamespace,\n storeId: metadataOpts.storeId,\n })) as IssuerMetadata\n if (!metadata) {\n throw Error(`Issuer metadata not found for issuer ${opts.credentialIssuer}, namespace ${opts.namespace} and store ${opts.storeId}`)\n }\n return metadata\n }\n\n private async getAuthorizationServerMetadataFromStore(\n opts: {\n credentialIssuer: string\n storeId?: string\n namespace?: string\n },\n context: IRequiredContext,\n ): Promise<AuthorizationServerMetadata> {\n const metadataOpts = await this.getMetadataOpts(opts, context)\n const metadata = (await context.agent.oid4vciStoreGetMetadata({\n metadataType: 'authorizationServer',\n correlationId: metadataOpts.credentialIssuer,\n namespace: metadataOpts.storeNamespace,\n storeId: metadataOpts.storeId,\n })) as AuthorizationServerMetadata\n if (!metadata) {\n throw Error(\n `Authorization server ${opts.credentialIssuer} metadata not found for namespace ${metadataOpts.storeNamespace} and store ${metadataOpts.storeId}`,\n )\n }\n return metadata\n }\n\n private async storeId(opts?: { storeId?: string }, context?: IRequiredContext): Promise<string> {\n const storeId = opts?.storeId ?? this._opts?.defaultStoreId ?? (await context?.agent.oid4vciStoreDefaultStoreId())\n if (!storeId) {\n throw Error('Please provide a store id a default value, or provide the context for a global default store id')\n }\n return storeId\n }\n\n private async namespace(opts?: { namespace?: string }, context?: IRequiredContext): Promise<string> {\n const namespace = opts?.namespace ?? this._opts?.defaultNamespace ?? (await context?.agent.oid4vciStoreDefaultNamespace())\n if (!namespace) {\n throw Error('Please provide a namespace a default value, or provide the context for a global default namespace')\n }\n return namespace\n }\n}\n","import { AuthorizationResponseStateStatus } from '@sphereon/did-auth-siop'\nimport {\n AuthorizationServerMetadata,\n CredentialRequestV1_0_15,\n IssuerMetadata,\n Jwt,\n JWTHeader,\n JWTPayload,\n JwtVerifyResult,\n type OID4VCICredentialFormat,\n StatusListOpts,\n} from '@sphereon/oid4vci-common'\nimport { CredentialDataSupplier, CredentialIssuanceInput, CredentialSignerCallback, VcIssuer, VcIssuerBuilder } from '@sphereon/oid4vci-issuer'\nimport { getAgentResolver, IDIDOptions } from '@sphereon/ssi-sdk-ext.did-utils'\nimport { legacyKeyRefsToIdentifierOpts, ManagedIdentifierOptsOrResult } from '@sphereon/ssi-sdk-ext.identifier-resolution'\nimport { contextHasPlugin } from '@sphereon/ssi-sdk.agent-config'\nimport { SdJwtVcPayload } from '@sphereon/ssi-sdk.sd-jwt'\nimport { IStatusListPlugin } from '@sphereon/ssi-sdk.vc-status-list'\nimport { CompactSdJwtVc, CredentialMapper, ICredential, W3CVerifiableCredential } from '@sphereon/ssi-types'\nimport { CredentialPayload, ProofFormat } from '@veramo/core'\nimport { bytesToBase64 } from '@veramo/utils'\nimport fetch from 'cross-fetch'\nimport { createJWT, decodeJWT, JWTVerifyOptions, verifyJWT } from 'did-jwt'\nimport { Resolvable } from 'did-resolver'\nimport { jwtDecode } from 'jwt-decode'\nimport { IIssuerOptions, IRequiredContext } from './types/IOID4VCIIssuer'\n\nexport function getJwtVerifyCallback({ verifyOpts }: { verifyOpts?: JWTVerifyOptions }, _context: IRequiredContext) {\n return async (args: { jwt: string; kid?: string }): Promise<JwtVerifyResult> => {\n const resolver = getAgentResolver(_context, {\n resolverResolution: true,\n uniresolverResolution: true,\n localResolution: true,\n })\n verifyOpts = { ...verifyOpts, resolver: verifyOpts?.resolver } // Resolver separately as that is a function\n if (!verifyOpts?.resolver || typeof verifyOpts?.resolver?.resolve !== 'function') {\n verifyOpts.resolver = resolver\n }\n const result = await _context.agent.jwtVerifyJwsSignature({ jws: args.jwt })\n if (!result.error) {\n const identifier = result.jws.signatures[0].identifier\n if (!identifier) {\n return Promise.reject(Error('the jws did not contain a signature with an identifier'))\n }\n const jwkInfo = identifier.jwks[0]\n if (!jwkInfo) {\n return Promise.reject(Error(`the identifier of type ${identifier.method} is missing jwks (ExternalJwkInfo)`))\n }\n const { alg } = jwkInfo.jwk\n const header = jwtDecode<JWTHeader>(args.jwt, { header: true })\n const payload = jwtDecode<JWTPayload>(args.jwt, { header: false })\n const kid = args.kid ?? header.kid\n //const jwk = !kid ? jwkInfo.jwk : undefined // TODO double-check if this is correct\n const jwk = jwkInfo.jwk // FIXME workaround IATAB2B-57\n return {\n alg,\n ...identifier,\n jwt: { header, payload },\n ...(kid && { kid }),\n ...(jwk && { jwk }),\n } as JwtVerifyResult\n }\n\n const decodedJwt = (await decodeJWT(args.jwt)) as Jwt\n const kid = args.kid ?? decodedJwt.header.kid\n\n if (!kid || !kid.startsWith('did:')) {\n // No DID method present in header. We already performed the validation above. So return that\n return {\n alg: decodedJwt.header.alg,\n jwt: decodedJwt,\n } as JwtVerifyResult\n }\n const did = kid.split('#')[0]\n\n const didResult = await verifyJWT(args.jwt, verifyOpts)\n if (!didResult.verified) {\n console.log(`JWT invalid: ${args.jwt}`)\n throw Error('JWT did not verify successfully')\n }\n\n const didResolution = await resolver.resolve(did)\n if (!didResolution || !didResolution.didDocument) {\n throw Error(`Could not resolve did: ${did}, metadata: ${didResolution?.didResolutionMetadata}`)\n }\n\n const alg = decodedJwt.header.alg\n return {\n alg,\n kid,\n did,\n didDocument: didResolution.didDocument,\n jwt: decodedJwt,\n }\n }\n}\n\nexport async function getAccessTokenKeyRef(\n opts: {\n /**\n * Uniform identifier options\n */\n idOpts?: ManagedIdentifierOptsOrResult\n /**\n * @deprecated\n */\n iss?: string\n /**\n * @deprecated\n */\n keyRef?: string\n /**\n * @deprecated\n */\n didOpts?: IDIDOptions\n },\n context: IRequiredContext,\n) {\n let identifier = legacyKeyRefsToIdentifierOpts(opts)\n return await context.agent.identifierManagedGet(identifier)\n}\n\nexport async function getAccessTokenSignerCallback(\n opts: {\n /**\n * Uniform identifier options\n */\n idOpts?: ManagedIdentifierOptsOrResult\n /**\n * @deprecated\n */\n iss?: string\n /**\n * @deprecated\n */\n keyRef?: string\n /**\n * @deprecated\n */\n didOpts?: IDIDOptions\n },\n context: IRequiredContext,\n) {\n const signer = async (data: string | Uint8Array) => {\n let dataString, encoding: 'base64' | undefined\n\n const resolution = await legacyKeyRefsToIdentifierOpts(opts)\n const keyRef = resolution.kmsKeyRef\n if (!keyRef) {\n throw Error('Cannot sign access tokens without a key ref')\n }\n if (typeof data === 'string') {\n dataString = data\n encoding = undefined\n } else {\n dataString = bytesToBase64(data)\n encoding = 'base64'\n }\n return context.agent.keyManagerSign({ keyRef, data: dataString, encoding })\n }\n\n async function accessTokenSignerCallback(jwt: Jwt, kid?: string): Promise<string> {\n const issuer =\n opts.idOpts?.issuer ??\n (typeof opts.idOpts?.identifier === 'string' ? opts.idOpts.identifier : (opts.didOpts?.idOpts?.identifier?.toString() ?? opts?.iss))\n if (!issuer) {\n throw Error('No issuer configured for access tokens')\n }\n\n let kidHeader: string | undefined = jwt?.header?.kid ?? kid\n if (!kidHeader) {\n if (\n opts.idOpts?.method === 'did' ||\n opts.idOpts?.method === 'kid' ||\n (typeof opts.didOpts?.idOpts.identifier === 'string' && opts.didOpts?.idOpts?.identifier?.startsWith('did:'))\n ) {\n // @ts-ignore\n kidHeader = opts.idOpts?.kid ?? opts.didOpts?.idOpts?.kid ?? opts?.didOpts?.identifierOpts?.kid\n }\n }\n return await createJWT(jwt.payload, { signer, issuer }, { ...jwt.header, ...(kidHeader && { kid: kidHeader }), typ: 'JWT' })\n }\n\n return accessTokenSignerCallback\n}\n\nexport async function getCredentialSignerCallback(\n idOpts: ManagedIdentifierOptsOrResult & {\n crypto?: Crypto\n },\n context: IRequiredContext,\n): Promise<CredentialSignerCallback> {\n async function issueVCCallback(args: {\n credentialRequest: CredentialRequestV1_0_15\n credential: CredentialIssuanceInput\n jwtVerifyResult: JwtVerifyResult\n format?: OID4VCICredentialFormat\n statusLists?: Array<StatusListOpts>\n }): Promise<W3CVerifiableCredential | CompactSdJwtVc> {\n const { jwtVerifyResult, format, statusLists } = args\n const credential = args.credential as ICredential // TODO: SDJWT\n let proofFormat: ProofFormat\n\n const resolution = await context.agent.identifierManagedGet(idOpts)\n proofFormat = format?.includes('ld') ? 'lds' : 'jwt'\n const issuer = resolution.issuer ?? resolution.kmsKeyRef\n\n if (CredentialMapper.isW3cCredential(credential)) {\n if (!credential.issuer) {\n credential.issuer = { id: issuer }\n } else if (typeof credential.issuer === 'object' && !credential.issuer.id) {\n credential.issuer.id = issuer\n }\n const subjectIsArray = Array.isArray(credential.credentialSubject)\n let credentialSubjects = Array.isArray(credential.credentialSubject) ? credential.credentialSubject : [credential.credentialSubject]\n credentialSubjects = credentialSubjects.map((subject) => {\n if (!subject.id) {\n subject.id = jwtVerifyResult.did\n }\n return subject\n })\n credential.credentialSubject = subjectIsArray ? credentialSubjects : credentialSubjects[0]\n\n // TODO: We should extend the plugin capabilities of issuance so we do not have to tuck this into the sign callback\n if (contextHasPlugin<IStatusListPlugin>(context, 'slAddStatusToCredential')) {\n // Add status list if enabled (and when the input has a credentialStatus object (can be empty))\n const credentialStatusVC = await context.agent.slAddStatusToCredential({ credential, statusLists })\n if (credential.credentialStatus && !credential.credentialStatus.statusListCredential) {\n credential.credentialStatus = credentialStatusVC.credentialStatus\n // TODO update statusLists somehow?\n }\n }\n\n const result = await context.agent.createVerifiableCredential({\n credential: credential as CredentialPayload,\n proofFormat,\n removeOriginalFields: false,\n fetchRemoteContexts: true,\n domain: typeof credential.issuer === 'object' ? credential.issuer.id : credential.issuer,\n ...(resolution.kid && { header: { kid: resolution.kid } }),\n })\n return (proofFormat === 'jwt' && 'jwt' in result.proof ? result.proof.jwt : result) as W3CVerifiableCredential\n } else if (CredentialMapper.isSdJwtDecodedCredentialPayload(credential)) {\n const sdJwtPayload = credential as SdJwtVcPayload\n if (sdJwtPayload.iss === undefined) {\n sdJwtPayload.iss = issuer\n }\n if (sdJwtPayload.iat === undefined) {\n sdJwtPayload.iat = Math.floor(new Date().getTime() / 1000)\n }\n\n let disclosureFrame\n if ('disclosureFrame' in credential) {\n disclosureFrame = credential['disclosureFrame']\n delete credential['disclosureFrame']\n } else {\n disclosureFrame = {\n _sd: credential['_sd'],\n }\n }\n\n if (contextHasPlugin<IStatusListPlugin>(context, 'slAddStatusToSdJwtCredential')) {\n if ((sdJwtPayload.status && sdJwtPayload.status.status_list) || (statusLists && statusLists.length > 0)) {\n // Add status list if enabled (and when the input has a credentialStatus object (can be empty))\n const sdJwtPayloadWithStatus = await context.agent.slAddStatusToSdJwtCredential({ credential: sdJwtPayload, statusLists })\n if (sdJwtPayload.status?.status_list?.idx) {\n if (!sdJwtPayloadWithStatus.status || !sdJwtPayloadWithStatus.status.status_list) {\n // sdJwtPayload and sdJwtPayloadWithStatus is the same for now, but we should use the result anyway as this could be subject to change\n return Promise.reject(Error('slAddStatusToSdJwtCredential did not return a status_list'))\n }\n\n // Update statusListId & statusListIndex back to the credential session TODO SSISDK-4 This is not a clean way to do this.\n if (statusLists && statusLists.length > 0) {\n const statusList = statusLists[0]\n statusList.statusListId = sdJwtPayloadWithStatus.status.status_list.uri\n statusList.statusListIndex = sdJwtPayloadWithStatus.status.status_list.idx\n }\n sdJwtPayload.status.status_list.idx = sdJwtPayloadWithStatus.status.status_list.idx\n }\n }\n }\n\n const result = await context.agent.createSdJwtVc({\n credentialPayload: sdJwtPayload,\n disclosureFrame: disclosureFrame,\n resolution,\n })\n return result.credential\n } /*else if (CredentialMapper.isMsoMdocDecodedCredential(credential)) {\n TODO\n }*/\n return Promise.reject('VC issuance failed, an incorrect or unsupported credential was supplied')\n }\n\n return issueVCCallback\n}\n\nexport async function createVciIssuerBuilder(\n args: {\n issuerOpts: IIssuerOptions\n issuerMetadata: IssuerMetadata\n authorizationServerMetadata: AuthorizationServerMetadata\n resolver?: Resolvable\n credentialDataSupplier?: CredentialDataSupplier\n },\n context: IRequiredContext,\n): Promise<VcIssuerBuilder> {\n const { issuerOpts, issuerMetadata, authorizationServerMetadata } = args\n\n const builder = new VcIssuerBuilder()\n // @ts-ignore\n const resolver =\n args.resolver ??\n args?.issuerOpts?.didOpts?.resolveOpts?.resolver ??\n args.issuerOpts?.didOpts?.resolveOpts?.jwtVerifyOpts?.resolver ??\n getAgentResolver(context)\n if (!resolver) {\n throw Error('A Resolver is necessary to verify DID JWTs')\n }\n const idOpts = legacyKeyRefsToIdentifierOpts({ didOpts: issuerOpts.didOpts, idOpts: issuerOpts.idOpts })\n const jwtVerifyOpts: JWTVerifyOptions = {\n ...issuerOpts?.didOpts?.resolveOpts?.jwtVerifyOpts,\n ...args?.issuerOpts?.resolveOpts?.jwtVerifyOpts,\n resolver,\n audience: issuerMetadata.credential_issuer as string, // FIXME legacy version had {display: NameAndLocale | NameAndLocale[]} as credential_issuer\n }\n builder.withIssuerMetadata(issuerMetadata)\n builder.withAuthorizationMetadata(authorizationServerMetadata)\n // builder.withUserPinRequired(issuerOpts.userPinRequired ?? false) was removed from implementers draft v1\n builder.withCredentialSignerCallback(await getCredentialSignerCallback(idOpts, context))\n if (issuerOpts.nonceEndpoint) {\n builder.withNonceEndpoint(issuerOpts.nonceEndpoint)\n } else if (issuerMetadata.nonce_endpoint) {\n builder.withNonceEndpoint(issuerOpts.nonceEndpoint ?? issuerMetadata.nonce_endpoint)\n }\n\n if (issuerOpts.asClientOpts) {\n builder.withASClientMetadata(issuerOpts.asClientOpts)\n // @ts-ignore\n // const authorizationServer = issuerMetadata.authorization_servers[0] as string\n // Set the OIDC verifier\n // builder.withJWTVerifyCallback(oidcAccessTokenVerifyCallback({clientMetadata: issuerOpts.asClientOpts, credentialIssuer: issuerMetadata.credential_issuer as string, authorizationServer}))\n }\n // Do not use it when asClient is used\n builder.withJWTVerifyCallback(getJwtVerifyCallback({ verifyOpts: jwtVerifyOpts }, context))\n\n if (args.credentialDataSupplier) {\n builder.withCredentialDataSupplier(args.credentialDataSupplier)\n }\n builder.withInMemoryCNonceState()\n builder.withInMemoryCredentialOfferState()\n builder.withInMemoryCredentialOfferURIState()\n\n return builder\n}\n\nexport async function createVciIssuer(\n {\n issuerOpts,\n issuerMetadata,\n authorizationServerMetadata,\n credentialDataSupplier,\n }: {\n issuerOpts: IIssuerOptions\n issuerMetadata: IssuerMetadata\n authorizationServerMetadata: AuthorizationServerMetadata\n credentialDataSupplier?: CredentialDataSupplier\n },\n context: IRequiredContext,\n): Promise<VcIssuer> {\n return (\n await createVciIssuerBuilder(\n {\n issuerOpts,\n issuerMetadata,\n authorizationServerMetadata,\n credentialDataSupplier,\n },\n context,\n )\n ).build()\n}\n\nexport async function createAuthRequestUriCallback(opts: { path: string; presentationDefinitionId: string }): Promise<() => Promise<string>> {\n async function authRequestUriCallback(): Promise<string> {\n const path = opts.path.replace(':definitionId', opts.presentationDefinitionId)\n return fetch(path, {\n method: 'POST',\n headers: {\n 'Content-Type': 'application/json',\n },\n }).then(async (response): Promise<string> => {\n if (response.status >= 400) {\n return Promise.reject(Error(await response.text()))\n } else {\n const responseData = await response.json()\n\n if (!responseData.authRequestURI) {\n return Promise.reject(Error('Missing auth request uri in response body'))\n }\n\n return responseData.authRequestURI\n }\n })\n }\n\n return authRequestUriCallback\n}\n\nexport async function createVerifyAuthResponseCallback(opts: {\n path: string\n presentationDefinitionId: string\n}): Promise<(correlationId: string) => Promise<boolean>> {\n async function verifyAuthResponseCallback(correlationId: string): Promise<boolean> {\n return fetch(opts.path, {\n method: 'POST',\n headers: {\n 'Content-Type': 'application/json',\n },\n body: JSON.stringify({ definitionId: opts.presentationDefinitionId, correlationId }),\n }).then(async (response): Promise<boolean> => {\n if (response.status >= 400) {\n return Promise.reject(Error(await response.text()))\n } else {\n const responseData = await response.json()\n\n if (!responseData.status) {\n return Promise.reject(Error('Missing status in response body'))\n }\n\n return responseData.status === AuthorizationResponseStateStatus.VERIFIED\n }\n })\n }\n\n return verifyAuthResponseCallback\n}\n","import { CredentialDataSupplier, VcIssuer } from '@sphereon/oid4vci-issuer'\nimport { createVciIssuerBuilder } from './functions'\nimport { AuthorizationServerMetadata, IssuerMetadata } from '@sphereon/oid4vci-common'\nimport { IIssuerOptions, IMetadataOptions, IRequiredContext } from './types/IOID4VCIIssuer'\n\nexport class IssuerInstance {\n private _issuer: VcIssuer | undefined\n private readonly _metadataOptions: IMetadataOptions\n private readonly _issuerOptions: IIssuerOptions\n private _issuerMetadata: IssuerMetadata\n private readonly _authorizationServerMetadata: AuthorizationServerMetadata\n\n public constructor({\n issuerOpts,\n metadataOpts,\n issuerMetadata,\n authorizationServerMetadata,\n }: {\n issuerOpts: IIssuerOptions\n metadataOpts: IMetadataOptions\n issuerMetadata: IssuerMetadata\n authorizationServerMetadata: AuthorizationServerMetadata\n }) {\n this._issuerOptions = issuerOpts\n this._metadataOptions = metadataOpts\n this._issuerMetadata = issuerMetadata\n this._authorizationServerMetadata = authorizationServerMetadata\n }\n\n public async get(opts: { context: IRequiredContext; credentialDataSupplier?: CredentialDataSupplier }): Promise<VcIssuer> {\n if (!this._issuer) {\n const builder = await createVciIssuerBuilder(\n {\n issuerOpts: this.issuerOptions,\n issuerMetadata: this.issuerMetadata,\n authorizationServerMetadata: this.authorizationServerMetadata,\n credentialDataSupplier: opts?.credentialDataSupplier,\n },\n opts.context,\n )\n this._issuer = builder.build()\n }\n return this._issuer\n }\n\n get issuerOptions() {\n return this._issuerOptions\n }\n\n get metadataOptions() {\n return this._metadataOptions\n }\n\n get issuerMetadata() {\n return this._issuerMetadata\n }\n\n set issuerMetadata(value: IssuerMetadata) {\n // TODO SSISDK-87 create proper solution to update issuer metadata\n if (this._issuer?.issuerMetadata) {\n this._issuer.issuerMetadata = {\n ...this._issuer?.issuerMetadata,\n credential_configurations_supported: value.credential_configurations_supported\n }\n }\n\n this._issuerMetadata = value\n }\n\n get authorizationServerMetadata() {\n return this._authorizationServerMetadata\n }\n}\n","/**\n * @public\n */\nconst schema = require('../plugin.schema.json')\nexport { schema }\nexport { OID4VCIIssuer } from './agent/OID4VCIIssuer'\nexport * from './functions'\nexport * from './IssuerInstance'\nexport * from './types/IOID4VCIIssuer'\n"],"mappings":";;;;;;;;AAAA;AAAA;AAAA;AAAA,MACE,6BAA+B;AAAA,QAC7B,YAAc;AAAA,UACZ,SAAW;AAAA,YACT,qBAAuB;AAAA,cACrB,MAAQ;AAAA,cACR,YAAc;AAAA,gBACZ,WAAa;AAAA,kBACX,MAAQ;AAAA,gBACV;AAAA,gBACA,sBAAwB;AAAA,cAC1B;AAAA,cACA,UAAY,CAAC,WAAW;AAAA,cACxB,aAAe;AAAA,YACjB;AAAA,YACA,0BAA4B;AAAA,cAC1B,MAAQ;AAAA,cACR,YAAc;AAAA,gBACZ,YAAc;AAAA,kBACZ,MAAQ;AAAA,kBACR,YAAc;AAAA,oBACZ,KAAO;AAAA,sBACL,MAAQ;AAAA,oBACV;AAAA,oBACA,OAAS;AAAA,sBACP,MAAQ;AAAA,oBACV;AAAA,oBACA,UAAY;AAAA,sBACV,MAAQ;AAAA,oBACV;AAAA,oBACA,iBAAmB;AAAA,sBACjB,MAAQ;AAAA,oBACV;AAAA,oBACA,MAAQ;AAAA,sBACN,MAAQ;AAAA,sBACR,OAAS;AAAA,wBACP,MAAQ;AAAA,wBACR,YAAc;AAAA,0BACZ,sBAAwB;AAAA,wBAC1B;AAAA,sBACF;AAAA,oBACF;AAAA,oBACA,UAAY;AAAA,sBACV,MAAQ;AAAA,sBACR,OAAS;AAAA,wBACP,MAAQ;AAAA,wBACR,YAAc;AAAA,0BACZ,sBAAwB;AAAA,wBAC1B;AAAA,sBACF;AAAA,oBACF;AAAA,kBACF;AAAA,kBACA,sBAAwB;AAAA,kBACxB,UAAY,CAAC,OAAO,YAAY,QAAQ,UAAU;AAAA,gBACpD;AAAA,gBACA,WAAa;AAAA,kBACX,MAAQ;AAAA,gBACV;AAAA,gBACA,WAAa;AAAA,kBACX,MAAQ;AAAA,gBACV;AAAA,gBACA,sBAAwB;AAAA,cAC1B;AAAA,cACA,UAAY,CAAC,YAAY;AAAA,cACzB,aAAe;AAAA,YACjB;AAAA,YACA,wBAA0B;AAAA,cACxB,MAAQ;AAAA,cACR,YAAc;AAAA,gBACZ,WAAa;AAAA,kBACX,MAAQ;AAAA,gBACV;AAAA,gBACA,sBAAwB;AAAA,cAC1B;AAAA,cACA,UAAY,CAAC,WAAW;AAAA,cACxB,aAAe;AAAA,YACjB;AAAA,YACA,2BAA6B;AAAA,cAC3B,MAAQ;AAAA,cACR,YAAc;AAAA,gBACZ,WAAa;AAAA,kBACX,MAAQ;AAAA,gBACV;AAAA,gBACA,SAAW;AAAA,kBACT,MAAQ;AAAA,gBACV;AAAA,gBACA,aAAe;AAAA,kBACb,MAAQ;AAAA,gBACV;AAAA,gBACA,sBAAwB;AAAA,cAC1B;AAAA,cACA,UAAY,CAAC,aAAa,WAAW,aAAa;AAAA,cAClD,aAAe;AAAA,YACjB;AAAA,YACA,WAAa;AAAA,cACX,MAAQ;AAAA,cACR,YAAc;AAAA,gBACZ,QAAU;AAAA,kBACR,MAAQ;AAAA,gBACV;AAAA,gBACA,sBAAwB;AAAA,cAC1B;AAAA,cACA,UAAY,CAAC,QAAQ;AAAA,cACrB,aAAe;AAAA,YACjB;AAAA,YACA,yCAA2C;AAAA,cACzC,MAAQ;AAAA,cACR,YAAc;AAAA,gBACZ,WAAa;AAAA,kBACX,MAAQ;AAAA,gBACV;AAAA,gBACA,SAAW;AAAA,kBACT,MAAQ;AAAA,gBACV;AAAA,gBACA,aAAe;AAAA,kBACb,MAAQ;AAAA,gBACV;AAAA,gBACA,sBAAwB;AAAA,cAC1B;AAAA,cACA,UAAY,CAAC,aAAa,WAAW,aAAa;AAAA,cAClD,aAAe;AAAA,YACjB;AAAA,YACA,gCAAkC;AAAA,cAChC,MAAQ;AAAA,cACR,YAAc;AAAA,gBACZ,KAAO;AAAA,kBACL,MAAQ;AAAA,gBACV;AAAA,gBACA,gBAAkB;AAAA,kBAChB,MAAQ;AAAA,kBACR,YAAc;AAAA,oBACZ,sBAAwB;AAAA,kBAC1B;AAAA,gBACF;AAAA,gBACA,cAAgB;AAAA,kBACd,MAAQ;AAAA,kBACR,YAAc;AAAA,oBACZ,sBAAwB;AAAA,kBAC1B;AAAA,gBACF;AAAA,gBACA,sBAAwB;AAAA,cAC1B;AAAA,cACA,UAAY,CAAC,OAAO,kBAAkB,cAAc;AAAA,cACpD,aAAe;AAAA,YACjB;AAAA,YACA,0CAA4C;AAAA,cAC1C,MAAQ;AAAA,cACR,YAAc;AAAA,gBACZ,WAAa;AAAA,kBACX,MAAQ;AAAA,gBACV;AAAA,gBACA,+BAAiC;AAAA,kBAC/B,MAAQ;AAAA,kBACR,YAAc;AAAA,oBACZ,sBAAwB;AAAA,kBAC1B;AAAA,gBACF;AAAA,gBACA,kBAAoB;AAAA,kBAClB,MAAQ;AAAA,kBACR,YAAc;AAAA,oBACZ,sBAAwB;AAAA,kBAC1B;AAAA,gBACF;AAAA,gBACA,sBAAwB;AAAA,cAC1B;AAAA,cACA,UAAY,CAAC,aAAa,+BAA+B;AAAA,cACzD,aAAe;AAAA,YACjB;AAAA,YACA,qBAAuB;AAAA,cACrB,MAAQ;AAAA,cACR,YAAc;AAAA,gBACZ,IAAM;AAAA,kBACJ,MAAQ;AAAA,gBACV;AAAA,gBACA,aAAe;AAAA,kBACb,MAAQ;AAAA,kBACR,OAAS;AAAA,oBACP,MAAQ;AAAA,kBACV;AAAA,gBACF;AAAA,gBACA,gBAAkB;AAAA,kBAChB,MAAQ;AAAA,kBACR,YAAc;AAAA,oBACZ,sBAAwB;AAAA,kBAC1B;AAAA,gBACF;AAAA,gBACA,sBAAwB;AAAA,cAC1B;AAAA,cACA,UAAY,CAAC,MAAM,gBAAgB;AAAA,cACnC,aAAe;AAAA,YACjB;AAAA,YACA,yCAA2C;AAAA,cACzC,MAAQ;AAAA,cACR,YAAc;AAAA,gBACZ,WAAa;AAAA,kBACX,MAAQ;AAAA,gBACV;AAAA,gBACA,gCAAkC;AAAA,kBAChC,MAAQ;AAAA,kBACR,YAAc;AAAA,oBACZ,sBAAwB;AAAA,kBAC1B;AAAA,gBACF;AAAA,gBACA,sBAAwB;AAAA,cAC1B;AAAA,cACA,UAAY,CAAC,aAAa,gCAAgC;AAAA,cAC1D,aAAe;AAAA,YACjB;AAAA,YACA,8BAAgC;AAAA,cAC9B,MAAQ;AAAA,cACR,YAAc;AAAA,gBACZ,SAAW;AAAA,kBACT,MAAQ;AAAA,kBACR,YAAc;AAAA,oBACZ,sBAAwB;AAAA,kBAC1B;AAAA,gBACF;AAAA,gBACA,yBAA2B;AAAA,kBACzB,MAAQ;AAAA,kBACR,YAAc;AAAA,oBACZ,sBAAwB;AAAA,kBAC1B;AAAA,gBACF;AAAA,gBACA,YAAc;AAAA,kBACZ,MAAQ;AAAA,kBACR,YAAc;AAAA,oBACZ,sBAAwB;AAAA,kBAC1B;AAAA,gBACF;AAAA,gBACA,sBAAwB;AAAA,cAC1B;AAAA,cACA,UAAY,CAAC,WAAW,YAAY;AAAA,cACpC,aAAe;AAAA,YACjB;AAAA,YACA,qCAAuC;AAAA,cACrC,MAAQ;AAAA,cACR,YAAc;AAAA,gBACZ,WAAa;AAAA,kBACX,MAAQ;AAAA,gBACV;AAAA,gBACA,+BAAiC;AAAA,kBAC/B,MAAQ;AAAA,kBACR,YAAc;AAAA,oBACZ,sBAAwB;AAAA,kBAC1B;AAAA,gBACF;AAAA,gBACA,gCAAkC;AAAA,kBAChC,MAAQ;AAAA,kBACR,YAAc;AAAA,oBACZ,sBAAwB;AAAA,kBAC1B;AAAA,gBACF;AAAA,gBACA,sBAAwB;AAAA,cAC1B;AAAA,cACA,UAAY,CAAC,aAAa,+BAA+B;AAAA,cACzD,aAAe;AAAA,YACjB;AAAA,UACF;AAAA,UACA,SAAW;AAAA,YACT,mBAAqB;AAAA,cACnB,aAAe;AAAA,cACf,WAAa;AAAA,gBACX,MAAQ;AAAA,cACV;AAAA,cACA,YAAc;AAAA,YAChB;AAAA,YACA,wBAA0B;AAAA,cACxB,aAAe;AAAA,cACf,WAAa;AAAA,gBACX,MAAQ;AAAA,cACV;AAAA,cACA,YAAc;AAAA,YAChB;AAAA,YACA,sBAAwB;AAAA,cACtB,aAAe;AAAA,cACf,WAAa;AAAA,gBACX,MAAQ;AAAA,cACV;AAAA,cACA,YAAc;AAAA,YAChB;AAAA,YACA,sBAAwB;AAAA,cACtB,aAAe;AAAA,cACf,WAAa;AAAA,gBACX,MAAQ;AAAA,cACV;AAAA,cACA,YAAc;AAAA,gBACZ,MAAQ;AAAA,cACV;AAAA,YACF;AAAA,YACA,oCAAsC;AAAA,cACpC,aAAe;AAAA,cACf,WAAa;AAAA,gBACX,MAAQ;AAAA,cACV;AAAA,cACA,YAAc;AAAA,gBACZ,MAAQ;AAAA,cACV;AAAA,YACF;AAAA,YACA,qCAAuC;AAAA,cACrC,aAAe;AAAA,cACf,WAAa;AAAA,gBACX,MAAQ;AAAA,cACV;AAAA,cACA,YAAc;AAAA,gBACZ,MAAQ;AAAA,cACV;AAAA,YACF;AAAA,YACA,oCAAsC;AAAA,cACpC,aAAe;AAAA,cACf,WAAa;AAAA,gBACX,MAAQ;AAAA,cACV;AAAA,cACA,YAAc;AAAA,gBACZ,MAAQ;AAAA,cACV;AAAA,YACF;AAAA,YACA,gCAAkC;AAAA,cAChC,aAAe;AAAA,cACf,WAAa;AAAA,gBACX,MAAQ;AAAA,cACV;AAAA,cACA,YAAc;AAAA,gBACZ,MAAQ;AAAA,cACV;AAAA,YACF;AAAA,UACF;AAAA,QACF;AAAA,MACF;AAAA,IACF;AAAA;AAAA;;;ACxUA,SAMEA,0BACK;AACP,SAASC,+BAA+BC,iCAA2C;AACnF,SAASC,yBAAyB;AAClC,SAASC,oBAAAA,yBAAwB;;;ACVjC,SAASC,wCAAwC;AAYjD,SAA8FC,uBAAuB;AACrH,SAASC,wBAAqC;AAC9C,SAASC,qCAAoE;AAC7E,SAASC,wBAAwB;AAGjC,SAAyBC,wBAA8D;AAEvF,SAASC,qBAAqB;AAC9B,OAAOC,WAAW;AAClB,SAASC,WAAWC,WAA6BC,iBAAiB;AAElE,SAASC,iBAAiB;AAGnB,SAASC,qBAAqB,EAAEC,WAAU,GAAuCC,UAA0B;AAChH,SAAO,OAAOC,SAAAA;AACZ,UAAMC,WAAWC,iBAAiBH,UAAU;MAC1CI,oBAAoB;MACpBC,uBAAuB;MACvBC,iBAAiB;IACnB,CAAA;AACAP,iBAAa;MAAE,GAAGA;MAAYG,UAAUH,YAAYG;IAAS;AAC7D,QAAI,CAACH,YAAYG,YAAY,OAAOH,YAAYG,UAAUK,YAAY,YAAY;AAChFR,iBAAWG,WAAWA;IACxB;AACA,UAAMM,SAAS,MAAMR,SAASS,MAAMC,sBAAsB;MAAEC,KAAKV,KAAKW;IAAI,CAAA;AAC1E,QAAI,CAACJ,OAAOK,OAAO;AACjB,YAAMC,aAAaN,OAAOG,IAAII,WAAW,CAAA,EAAGD;AAC5C,UAAI,CAACA,YAAY;AACf,eAAOE,QAAQC,OAAOC,MAAM,wDAAA,CAAA;MAC9B;AACA,YAAMC,UAAUL,WAAWM,KAAK,CAAA;AAChC,UAAI,CAACD,SAAS;AACZ,eAAOH,QAAQC,OAAOC,MAAM,0BAA0BJ,WAAWO,MAAM,oCAAoC,CAAA;MAC7G;AACA,YAAM,EAAEC,KAAAA,KAAG,IAAKH,QAAQI;AACxB,YAAMC,SAASC,UAAqBxB,KAAKW,KAAK;QAAEY,QAAQ;MAAK,CAAA;AAC7D,YAAME,UAAUD,UAAsBxB,KAAKW,KAAK;QAAEY,QAAQ;MAAM,CAAA;AAChE,YAAMG,OAAM1B,KAAK0B,OAAOH,OAAOG;AAE/B,YAAMJ,MAAMJ,QAAQI;AACpB,aAAO;QACLD,KAAAA;QACA,GAAGR;QACHF,KAAK;UAAEY;UAAQE;QAAQ;QACvB,GAAIC,QAAO;UAAEA,KAAAA;QAAI;QACjB,GAAIJ,OAAO;UAAEA;QAAI;MACnB;IACF;AAEA,UAAMK,aAAc,MAAMC,UAAU5B,KAAKW,GAAG;AAC5C,UAAMe,MAAM1B,KAAK0B,OAAOC,WAAWJ,OAAOG;AAE1C,QAAI,CAACA,OAAO,CAACA,IAAIG,WAAW,MAAA,GAAS;AAEnC,aAAO;QACLR,KAAKM,WAAWJ,OAAOF;QACvBV,KAAKgB;MACP;IACF;AACA,UAAMG,MAAMJ,IAAIK,MAAM,GAAA,EAAK,CAAA;AAE3B,UAAMC,YAAY,MAAMC,UAAUjC,KAAKW,KAAKb,UAAAA;AAC5C,QAAI,CAACkC,UAAUE,UAAU;AACvBC,cAAQC,IAAI,gBAAgBpC,KAAKW,GAAG,EAAE;AACtC,YAAMM,MAAM,iCAAA;IACd;AAEA,UAAMoB,gBAAgB,MAAMpC,SAASK,QAAQwB,GAAAA;AAC7C,QAAI,CAACO,iBAAiB,CAACA,cAAcC,aAAa;AAChD,YAAMrB,MAAM,0BAA0Ba,GAAAA,eAAkBO,eAAeE,qBAAAA,EAAuB;IAChG;AAEA,UAAMlB,MAAMM,WAAWJ,OAAOF;AAC9B,WAAO;MACLA;MACAK;MACAI;MACAQ,aAAaD,cAAcC;MAC3B3B,KAAKgB;IACP;EACF;AACF;AApEgB9B;AAsEhB,eAAsB2C,qBACpBC,MAkBAC,SAAyB;AAEzB,MAAI7B,aAAa8B,8BAA8BF,IAAAA;AAC/C,SAAO,MAAMC,QAAQlC,MAAMoC,qBAAqB/B,UAAAA;AAClD;AAvBsB2B;AAyBtB,eAAsBK,6BACpBJ,MAkBAC,SAAyB;AAEzB,QAAMI,SAAS,8BAAOC,SAAAA;AACpB,QAAIC,YAAYC;AAEhB,UAAMC,aAAa,MAAMP,8BAA8BF,IAAAA;AACvD,UAAMU,SAASD,WAAWE;AAC1B,QAAI,CAACD,QAAQ;AACX,YAAMlC,MAAM,6CAAA;IACd;AACA,QAAI,OAAO8B,SAAS,UAAU;AAC5BC,mBAAaD;AACbE,iBAAWI;IACb,OAAO;AACLL,mBAAaM,cAAcP,IAAAA;AAC3BE,iBAAW;IACb;AACA,WAAOP,QAAQlC,MAAM+C,eAAe;MAAEJ;MAAQJ,MAAMC;MAAYC;IAAS,CAAA;EAC3E,GAhBe;AAkBf,iBAAeO,0BAA0B7C,KAAUe,KAAY;AAC7D,UAAM+B,SACJhB,KAAKiB,QAAQD,WACZ,OAAOhB,KAAKiB,QAAQ7C,eAAe,WAAW4B,KAAKiB,OAAO7C,aAAc4B,KAAKkB,SAASD,QAAQ7C,YAAY+C,SAAAA,KAAcnB,MAAMoB;AACjI,QAAI,CAACJ,QAAQ;AACX,YAAMxC,MAAM,wCAAA;IACd;AAEA,QAAI6C,YAAgCnD,KAAKY,QAAQG,OAAOA;AACxD,QAAI,CAACoC,WAAW;AACd,UACErB,KAAKiB,QAAQtC,WAAW,SACxBqB,KAAKiB,QAAQtC,WAAW,SACvB,OAAOqB,KAAKkB,SAASD,OAAO7C,eAAe,YAAY4B,KAAKkB,SAASD,QAAQ7C,YAAYgB,WAAW,MAAA,GACrG;AAEAiC,oBAAYrB,KAAKiB,QAAQhC,OAAOe,KAAKkB,SAASD,QAAQhC,OAAOe,MAAMkB,SAASI,gBAAgBrC;MAC9F;IACF;AACA,WAAO,MAAMsC,UAAUrD,IAAIc,SAAS;MAAEqB;MAAQW;IAAO,GAAG;MAAE,GAAG9C,IAAIY;MAAQ,GAAIuC,aAAa;QAAEpC,KAAKoC;MAAU;MAAIG,KAAK;IAAM,CAAA;EAC5H;AApBeT;AAsBf,SAAOA;AACT;AA9DsBX;AAgEtB,eAAsBqB,4BACpBR,QAGAhB,SAAyB;AAEzB,iBAAeyB,gBAAgBnE,MAM9B;AACC,UAAM,EAAEoE,iBAAiBC,QAAQC,YAAW,IAAKtE;AACjD,UAAMuE,aAAavE,KAAKuE;AACxB,QAAIC;AAEJ,UAAMtB,aAAa,MAAMR,QAAQlC,MAAMoC,qBAAqBc,MAAAA;AAC5Dc,kBAAcH,QAAQI,SAAS,IAAA,IAAQ,QAAQ;AAC/C,UAAMhB,SAASP,WAAWO,UAAUP,WAAWE;AAE/C,QAAIsB,iBAAiBC,gBAAgBJ,UAAAA,GAAa;AAChD,UAAI,CAACA,WAAWd,QAAQ;AACtBc,mBAAWd,SAAS;UAAEmB,IAAInB;QAAO;MACnC,WAAW,OAAOc,WAAWd,WAAW,YAAY,CAACc,WAAWd,OAAOmB,IAAI;AACzEL,mBAAWd,OAAOmB,KAAKnB;MACzB;AACA,YAAMoB,iBAAiBC,MAAMC,QAAQR,WAAWS,iBAAiB;AACjE,UAAIC,qBAAqBH,MAAMC,QAAQR,WAAWS,iBAAiB,IAAIT,WAAWS,oBAAoB;QAACT,WAAWS;;AAClHC,2BAAqBA,mBAAmBC,IAAI,CAACC,YAAAA;AAC3C,YAAI,CAACA,QAAQP,IAAI;AACfO,kBAAQP,KAAKR,gBAAgBtC;QAC/B;AACA,eAAOqD;MACT,CAAA;AACAZ,iBAAWS,oBAAoBH,iBAAiBI,qBAAqBA,mBAAmB,CAAA;AAGxF,UAAIG,iBAAoC1C,SAAS,yBAAA,GAA4B;AAE3E,cAAM2C,qBAAqB,MAAM3C,QAAQlC,MAAM8E,wBAAwB;UAAEf;UAAYD;QAAY,CAAA;AACjG,YAAIC,WAAWgB,oBAAoB,CAAChB,WAAWgB,iBAAiBC,sBAAsB;AACpFjB,qBAAWgB,mBAAmBF,mBAAmBE;QAEnD;MACF;AAEA,YAAMhF,SAAS,MAAMmC,QAAQlC,MAAMiF,2BAA2B;QAC5DlB;QACAC;QACAkB,sBAAsB;QACtBC,qBAAqB;QACrBC,QAAQ,OAAOrB,WAAWd,WAAW,WAAWc,WAAWd,OAAOmB,KAAKL,WAAWd;QAClF,GAAIP,WAAWxB,OAAO;UAAEH,QAAQ;YAAEG,KAAKwB,WAAWxB;UAAI;QAAE;MAC1D,CAAA;AACA,aAAQ8C,gBAAgB,SAAS,SAASjE,OAAOsF,QAAQtF,OAAOsF,MAAMlF,MAAMJ;IAC9E,WAAWmE,iBAAiBoB,gCAAgCvB,UAAAA,GAAa;AACvE,YAAMwB,eAAexB;AACrB,UAAIwB,aAAalC,QAAQR,QAAW;AAClC0C,qBAAalC,MAAMJ;MACrB;AACA,UAAIsC,aAAaC,QAAQ3C,QAAW;AAClC0C,qBAAaC,MAAMC,KAAKC,OAAM,oBAAIC,KAAAA,GAAOC,QAAO,IAAK,GAAA;MACvD;AAEA,UAAIC;AACJ,UAAI,qBAAqB9B,YAAY;AACnC8B,0BAAkB9B,WAAW,iBAAA;AAC7B,eAAOA,WAAW,iBAAA;MACpB,OAAO;AACL8B,0BAAkB;UAChBC,KAAK/B,WAAW,KAAA;QAClB;MACF;AAEA,UAAIa,iBAAoC1C,SAAS,8BAAA,GAAiC;AAChF,YAAKqD,aAAaQ,UAAUR,aAAaQ,OAAOC,eAAiBlC,eAAeA,YAAYmC,SAAS,GAAI;AAEvG,gBAAMC,yBAAyB,MAAMhE,QAAQlC,MAAMmG,6BAA6B;YAAEpC,YAAYwB;YAAczB;UAAY,CAAA;AACxH,cAAIyB,aAAaQ,QAAQC,aAAaI,KAAK;AACzC,gBAAI,CAACF,uBAAuBH,UAAU,CAACG,uBAAuBH,OAAOC,aAAa;AAEhF,qBAAOzF,QAAQC,OAAOC,MAAM,2DAAA,CAAA;YAC9B;AAGA,gBAAIqD,eAAeA,YAAYmC,SAAS,GAAG;AACzC,oBAAMI,aAAavC,YAAY,CAAA;AAC/BuC,yBAAWC,eAAeJ,uBAAuBH,OAAOC,YAAYO;AACpEF,yBAAWG,kBAAkBN,uBAAuBH,OAAOC,YAAYI;YACzE;AACAb,yBAAaQ,OAAOC,YAAYI,MAAMF,uBAAuBH,OAAOC,YAAYI;UAClF;QACF;MACF;AAEA,YAAMrG,SAAS,MAAMmC,QAAQlC,MAAMyG,cAAc;QAC/CC,mBAAmBnB;QACnBM;QACAnD;MACF,CAAA;AACA,aAAO3C,OAAOgE;IAChB;AAGA,WAAOxD,QAAQC,OAAO,yEAAA;EACxB;AApGemD;AAsGf,SAAOA;AACT;AA7GsBD;AA+GtB,eAAsBiD,uBACpBnH,MAOA0C,SAAyB;AAEzB,QAAM,EAAE0E,YAAYC,gBAAgBC,4BAA2B,IAAKtH;AAEpE,QAAMuH,UAAU,IAAIC,gBAAAA;AAEpB,QAAMvH,WACJD,KAAKC,YACLD,MAAMoH,YAAYzD,SAAS8D,aAAaxH,YACxCD,KAAKoH,YAAYzD,SAAS8D,aAAaC,eAAezH,YACtDC,iBAAiBwC,OAAAA;AACnB,MAAI,CAACzC,UAAU;AACb,UAAMgB,MAAM,4CAAA;EACd;AACA,QAAMyC,SAASf,8BAA8B;IAAEgB,SAASyD,WAAWzD;IAASD,QAAQ0D,WAAW1D;EAAO,CAAA;AACtG,QAAMgE,gBAAkC;IACtC,GAAGN,YAAYzD,SAAS8D,aAAaC;IACrC,GAAG1H,MAAMoH,YAAYK,aAAaC;IAClCzH;IACA0H,UAAUN,eAAeO;EAC3B;AACAL,UAAQM,mBAAmBR,cAAAA;AAC3BE,UAAQO,0BAA0BR,2BAAAA;AAElCC,UAAQQ,6BAA6B,MAAM7D,4BAA4BR,QAAQhB,OAAAA,CAAAA;AAC/E,MAAI0E,WAAWY,eAAe;AAC5BT,YAAQU,kBAAkBb,WAAWY,aAAa;EACpD,WAAWX,eAAea,gBAAgB;AACxCX,YAAQU,kBAAkBb,WAAWY,iBAAiBX,eAAea,cAAc;EACrF;AAEA,MAAId,WAAWe,cAAc;AAC3BZ,YAAQa,qBAAqBhB,WAAWe,YAAY;EAKtD;AAEAZ,UAAQc,sBAAsBxI,qBAAqB;IAAEC,YAAY4H;EAAc,GAAGhF,OAAAA,CAAAA;AAElF,MAAI1C,KAAKsI,wBAAwB;AAC/Bf,YAAQgB,2BAA2BvI,KAAKsI,sBAAsB;EAChE;AACAf,UAAQiB,wBAAuB;AAC/BjB,UAAQkB,iCAAgC;AACxClB,UAAQmB,oCAAmC;AAE3C,SAAOnB;AACT;AAzDsBJ;AA2DtB,eAAsBwB,gBACpB,EACEvB,YACAC,gBACAC,6BACAgB,uBAAsB,GAOxB5F,SAAyB;AAEzB,UACE,MAAMyE,uBACJ;IACEC;IACAC;IACAC;IACAgB;EACF,GACA5F,OAAAA,GAEFkG,MAAK;AACT;AAzBsBD;AA2BtB,eAAsBE,6BAA6BpG,MAAwD;AACzG,iBAAeqG,yBAAAA;AACb,UAAMC,OAAOtG,KAAKsG,KAAKC,QAAQ,iBAAiBvG,KAAKwG,wBAAwB;AAC7E,WAAOC,MAAMH,MAAM;MACjB3H,QAAQ;MACR+H,SAAS;QACP,gBAAgB;MAClB;IACF,CAAA,EAAGC,KAAK,OAAOC,aAAAA;AACb,UAAIA,SAAS9C,UAAU,KAAK;AAC1B,eAAOxF,QAAQC,OAAOC,MAAM,MAAMoI,SAASC,KAAI,CAAA,CAAA;MACjD,OAAO;AACL,cAAMC,eAAe,MAAMF,SAASG,KAAI;AAExC,YAAI,CAACD,aAAaE,gBAAgB;AAChC,iBAAO1I,QAAQC,OAAOC,MAAM,2CAAA,CAAA;QAC9B;AAEA,eAAOsI,aAAaE;MACtB;IACF,CAAA;EACF;AApBeX;AAsBf,SAAOA;AACT;AAxBsBD;AA0BtB,eAAsBa,iCAAiCjH,MAGtD;AACC,iBAAekH,2BAA2BC,eAAqB;AAC7D,WAAOV,MAAMzG,KAAKsG,MAAM;MACtB3H,QAAQ;MACR+H,SAAS;QACP,gBAAgB;MAClB;MACAU,MAAMC,KAAKC,UAAU;QAAEC,cAAcvH,KAAKwG;QAA0BW;MAAc,CAAA;IACpF,CAAA,EAAGR,KAAK,OAAOC,aAAAA;AACb,UAAIA,SAAS9C,UAAU,KAAK;AAC1B,eAAOxF,QAAQC,OAAOC,MAAM,MAAMoI,SAASC,KAAI,CAAA,CAAA;MACjD,OAAO;AACL,cAAMC,eAAe,MAAMF,SAASG,KAAI;AAExC,YAAI,CAACD,aAAahD,QAAQ;AACxB,iBAAOxF,QAAQC,OAAOC,MAAM,iCAAA,CAAA;QAC9B;AAEA,eAAOsI,aAAahD,WAAW0D,iCAAiCC;MAClE;IACF,CAAA;EACF;AApBeP;AAsBf,SAAOA;AACT;AA3BsBD;;;ACpZf,IAAMS,iBAAN,MAAMA;EAJb,OAIaA;;;EACHC;EACSC;EACAC;EACTC;EACSC;EAEjB,YAAmB,EACjBC,YACAC,cACAC,gBACAC,4BAA2B,GAM1B;AACD,SAAKN,iBAAiBG;AACtB,SAAKJ,mBAAmBK;AACxB,SAAKH,kBAAkBI;AACvB,SAAKH,+BAA+BI;EACtC;EAEA,MAAaC,IAAIC,MAAyG;AACxH,QAAI,CAAC,KAAKV,SAAS;AACjB,YAAMW,UAAU,MAAMC,uBACpB;QACEP,YAAY,KAAKQ;QACjBN,gBAAgB,KAAKA;QACrBC,6BAA6B,KAAKA;QAClCM,wBAAwBJ,MAAMI;MAChC,GACAJ,KAAKK,OAAO;AAEd,WAAKf,UAAUW,QAAQK,MAAK;IAC9B;AACA,WAAO,KAAKhB;EACd;EAEA,IAAIa,gBAAgB;AAClB,WAAO,KAAKX;EACd;EAEA,IAAIe,kBAAkB;AACpB,WAAO,KAAKhB;EACd;EAEA,IAAIM,iBAAiB;AACnB,WAAO,KAAKJ;EACd;EAEA,IAAII,eAAeW,OAAuB;AAExC,QAAI,KAAKlB,SAASO,gBAAgB;AAChC,WAAKP,QAAQO,iBAAiB;QAC5B,GAAG,KAAKP,SAASO;QACjBY,qCAAqCD,MAAMC;MAC7C;IACF;AAEA,SAAKhB,kBAAkBe;EACzB;EAEA,IAAIV,8BAA8B;AAChC,WAAO,KAAKJ;EACd;AACF;;;AF3CO,IAAMgB,gBAAN,MAAMA,eAAAA;EA7Bb,OA6BaA;;;EACX,OAAwBC,oBAAoB;EAC3BC,YAAyC,oBAAIC,IAAAA;EACrDC,SAASA,OAAOC;EAEhBC,UAA0B;IACjCC,uBAAuB,KAAKA,sBAAsBC,KAAK,IAAI;IAC3DC,wBAAwB,KAAKA,uBAAuBD,KAAK,IAAI;IAC7DE,kCAAkC,KAAKA,iCAAiCF,KAAK,IAAI;IACjFG,oBAAoB,KAAKA,mBAAmBH,KAAK,IAAI;EACvD;EACQI;EAER,YAAYC,MAA2B;AACrC,SAAKD,QAAQC,QAAQ,CAAC;EACxB;EAEA,MAAcN,sBAAsBO,YAA8BC,SAAqE;AACrI,WAAO,MAAM,KAAKJ,mBAAmBG,YAAYC,OAAAA,EAC9CC,KAAK,CAACC,aAAaA,SAASC,IAAI;MAAEH;IAAQ,CAAA,CAAA,EAC1CC,KAAK,CAACG,WACLA,OAAOC,yBAAyBN,UAAAA,EAAYE,KAAK,CAACK,aAAAA;AAChD,YAAMC,SAA0CD;AAChD,UAAI,KAAKT,MAAMW,mBAAmB,OAAO;AACvC,eAAOD,OAAOE;MAChB;AACA,aAAOF;IACT,CAAA,CAAA;EAEN;EAEA,MAAcb,uBAAuBgB,WAAiCV,SAAwD;AAC5H,WAAO,MAAM,KAAKJ,mBAAmBc,WAAWV,OAAAA,EAC7CC,KAAK,CAACC,aAAaA,SAASC,IAAI;MAAEH;IAAQ,CAAA,CAAA,EAC1CC,KAAK,CAACG,WAAqBA,OAAOO,gBAAgBD,SAAAA,CAAAA;EACvD;EAEA,MAAcf,iCACZiB,iBACAZ,SAC8B;AAC9B,WAAO,MAAM,KAAKJ,mBAAmBgB,iBAAiBZ,OAAAA,EAASC,KAAK,OAAOC,aAAAA;AACzE,YAAME,SAAS,MAAMF,SAASC,IAAI;QAAEH;MAAQ,CAAA;AAE5C,YAAMa,8BAA8BD,gBAAgBE,SAAS;QAC3DC,yBAAyBX,OAAOW;QAChCC,oBAAoBJ,gBAAgBI;MACtC,CAAA;AACA,YAAMC,oBAAoBf,SAASgB,cAAcC,QAAQf,UAAUF,SAASgB,cAAcE,SAASD,OAAOE,WAAWC,SAAAA;AACrH,UAAI,CAACL,mBAAmB;AACtB,eAAOM,QAAQC,OAAOC,MAAM,yCAAyC,CAAA;MACvE;AACA,aAAOC,0BAA0Bd,gBAAgBE,SAAS;QACxDG;QACAU,gBAAgBf,gBAAgBI;QAChCY,iBAAiBhB,gBAAgBI;QACjCa,SAASzB,OAAOyB;QAChBd,yBAAyBX,OAAOW;QAChCe,2BAA2B,MAAMC,6BAA6B7B,SAASgB,eAAelB,OAAAA;MACxF,CAAA;IACF,CAAA;EACF;EAEQgC,cAAcC,gBAAoD;AACxE,QAAI,2BAA2BA,kBAAkBC,MAAMC,QAAQF,eAAeG,qBAAqB,GAAG;AACpG,aAAOH,eAAeG,sBAAsBC,KAAK,CAACC,OAAOA,OAAOL,eAAeM,iBAAiB;IAClG;AACA,WAAOC;EACT;EAEA,MAAcC,qBAAqBC,MAA2B1C,SAAoD;AAChH,UAAM2C,mBAAmBD,KAAKC,oBAAoB1D,eAAcC;AAGhE,UAAM0D,eAAe,MAAM,KAAKC,gBAAgB;MAAE,GAAGH;MAAMC;IAAiB,GAAG3C,OAAAA;AAC/E,UAAMiC,iBAAiB,MAAM,KAAKa,kBAAkB;MAAE,GAAGJ;MAAMC;IAAiB,GAAG3C,OAAAA;AACnF,UAAM+C,aAAa,KAAKf,cAAcC,cAAAA;AACtC,QAAIe,qBAA8ER;AAClF,QAAIO,YAAY;AAEdC,2BAAqB,MAAMC,kBAAkBF,YAAYG,mBAAmBC,sBAAsB;QAChGC,iBAAiB;MACnB,CAAA;AACA,UAAI,CAACJ,oBAAoB;AACvBA,6BAAqB,MAAMC,kBAAkBF,YAAYG,mBAAmBG,UAAU;UACpFD,iBAAiB;QACnB,CAAA;MACF;IACF;AACA,UAAME,8BAA8BN,oBAAoBO,cACpDP,mBAAoBO,cACpB,MAAM,KAAKC,wCACT;MACE,GAAGd;MACHC;IACF,GACA3C,OAAAA;AAEN,UAAMyD,aAAa,MAAM,KAAKC,uBAAuB;MAAE,GAAGhB;MAAMC;IAAiB,GAAG3C,OAAAA;AACpF,QAAI,CAACyD,WAAWE,aAAa;AAC3BF,iBAAWE,cAAc;QAAE,GAAGF,WAAWrC,SAASuC;QAAa,GAAG,KAAK9D,MAAM8D;MAAY;IAC3F;AACA,QAAI,CAACF,WAAWE,aAAaC,UAAU;AACrCH,iBAAWE,YAAYC,WAAWC,kBAAiB7D,OAAAA;IACrD;AAEA,SAAKb,UAAU2E,IACbnB,kBACA,IAAIoB,eAAe;MACjBN;MACAb;MACAX;MACAqB;IACF,CAAA,CAAA;AAGF,WAAO,KAAK1D,mBAAmB8C,MAAM1C,OAAAA;EACvC;EAEA,MAAaJ,mBAAmB8C,MAA2B1C,SAAoD;AAC7G,UAAM2C,mBAAmBD,KAAKC,oBAAoB1D,eAAcC;AAEhE,QAAI,CAAC,KAAKC,UAAU6E,IAAIrB,gBAAAA,GAAmB;AACzC,YAAM,KAAKF,qBAAqBC,MAAM1C,OAAAA;IACxC;AACA,WAAO,KAAKb,UAAUgB,IAAIwC,gBAAAA;EAC5B;EAEA,MAAce,uBACZ5D,MAKAE,SACyB;AACzB,UAAM2C,mBAAmB7C,KAAK6C;AAC9B,UAAMsB,UAAU,MAAM,KAAKA,QAAQnE,MAAME,OAAAA;AACzC,UAAMkE,YAAY,MAAM,KAAKA,UAAUpE,MAAME,OAAAA;AAC7C,UAAMmE,UAAU,MAAMnE,QAAQoE,MAAMC,0BAA0B;MAC5DC,cAAc;MACdC,eAAe5B;MACfsB;MACAC;IACF,CAAA;AACA,QAAI,CAACC,SAAS;AACZ,YAAM1C,MAAM,6DAA6DkB,gBAAAA,EAAkB;IAC7F;AACA,WAAOwB;EACT;EAEA,MAActB,gBACZ/C,MAKAE,SAC2B;AAC3B,UAAM2C,mBAAmB7C,KAAK6C;AAC9B,UAAMsB,UAAU,MAAM,KAAKA,QAAQnE,MAAME,OAAAA;AACzC,UAAMwE,iBAAiB,MAAM,KAAKN,UAAUpE,MAAME,OAAAA;AAClD,WAAO;MAAE2C;MAAkBsB;MAASO;IAAe;EACrD;EAEA,MAAc1B,kBACZhD,MAKAE,SACyB;AACzB,UAAM4C,eAAe,MAAM,KAAKC,gBAAgB/C,MAAME,OAAAA;AACtD,UAAMyE,WAAY,MAAMzE,QAAQoE,MAAMM,wBAAwB;MAC5DJ,cAAc;MACdC,eAAe3B,aAAaD;MAC5BuB,WAAWtB,aAAa4B;MACxBP,SAASrB,aAAaqB;IACxB,CAAA;AACA,QAAI,CAACQ,UAAU;AACb,YAAMhD,MAAM,wCAAwC3B,KAAK6C,gBAAgB,eAAe7C,KAAKoE,SAAS,cAAcpE,KAAKmE,OAAO,EAAE;IACpI;AACA,WAAOQ;EACT;EAEA,MAAcjB,wCACZ1D,MAKAE,SACsC;AACtC,UAAM4C,eAAe,MAAM,KAAKC,gBAAgB/C,MAAME,OAAAA;AACtD,UAAMyE,WAAY,MAAMzE,QAAQoE,MAAMM,wBAAwB;MAC5DJ,cAAc;MACdC,eAAe3B,aAAaD;MAC5BuB,WAAWtB,aAAa4B;MACxBP,SAASrB,aAAaqB;IACxB,CAAA;AACA,QAAI,CAACQ,UAAU;AACb,YAAMhD,MACJ,wBAAwB3B,KAAK6C,gBAAgB,sCAAsCC,aAAa4B,cAAc,cAAc5B,aAAaqB,OAAO,EAAE;IAEtJ;AACA,WAAOQ;EACT;EAEA,MAAcR,QAAQnE,MAA6BE,SAA6C;AAC9F,UAAMiE,UAAUnE,MAAMmE,WAAW,KAAKpE,OAAO8E,kBAAmB,MAAM3E,SAASoE,MAAMQ,2BAAAA;AACrF,QAAI,CAACX,SAAS;AACZ,YAAMxC,MAAM,iGAAA;IACd;AACA,WAAOwC;EACT;EAEA,MAAcC,UAAUpE,MAA+BE,SAA6C;AAClG,UAAMkE,YAAYpE,MAAMoE,aAAa,KAAKrE,OAAOgF,oBAAqB,MAAM7E,SAASoE,MAAMU,6BAAAA;AAC3F,QAAI,CAACZ,WAAW;AACd,YAAMzC,MAAM,mGAAA;IACd;AACA,WAAOyC;EACT;AACF;;;AG1PA,IAAMa,SAASC;","names":["WellKnownEndpoints","assertValidAccessTokenRequest","createAccessTokenResponse","retrieveWellknown","getAgentResolver","AuthorizationResponseStateStatus","VcIssuerBuilder","getAgentResolver","legacyKeyRefsToIdentifierOpts","contextHasPlugin","CredentialMapper","bytesToBase64","fetch","createJWT","decodeJWT","verifyJWT","jwtDecode","getJwtVerifyCallback","verifyOpts","_context","args","resolver","getAgentResolver","resolverResolution","uniresolverResolution","localResolution","resolve","result","agent","jwtVerifyJwsSignature","jws","jwt","error","identifier","signatures","Promise","reject","Error","jwkInfo","jwks","method","alg","jwk","header","jwtDecode","payload","kid","decodedJwt","decodeJWT","startsWith","did","split","didResult","verifyJWT","verified","console","log","didResolution","didDocument","didResolutionMetadata","getAccessTokenKeyRef","opts","context","legacyKeyRefsToIdentifierOpts","identifierManagedGet","getAccessTokenSignerCallback","signer","data","dataString","encoding","resolution","keyRef","kmsKeyRef","undefined","bytesToBase64","keyManagerSign","accessTokenSignerCallback","issuer","idOpts","didOpts","toString","iss","kidHeader","identifierOpts","createJWT","typ","getCredentialSignerCallback","issueVCCallback","jwtVerifyResult","format","statusLists","credential","proofFormat","includes","CredentialMapper","isW3cCredential","id","subjectIsArray","Array","isArray","credentialSubject","credentialSubjects","map","subject","contextHasPlugin","credentialStatusVC","slAddStatusToCredential","credentialStatus","statusListCredential","createVerifiableCredential","removeOriginalFields","fetchRemoteContexts","domain","proof","isSdJwtDecodedCredentialPayload","sdJwtPayload","iat","Math","floor","Date","getTime","disclosureFrame","_sd","status","status_list","length","sdJwtPayloadWithStatus","slAddStatusToSdJwtCredential","idx","statusList","statusListId","uri","statusListIndex","createSdJwtVc","credentialPayload","createVciIssuerBuilder","issuerOpts","issuerMetadata","authorizationServerMetadata","builder","VcIssuerBuilder","resolveOpts","jwtVerifyOpts","audience","credential_issuer","withIssuerMetadata","withAuthorizationMetadata","withCredentialSignerCallback","nonceEndpoint","withNonceEndpoint","nonce_endpoint","asClientOpts","withASClientMetadata","withJWTVerifyCallback","credentialDataSupplier","withCredentialDataSupplier","withInMemoryCNonceState","withInMemoryCredentialOfferState","withInMemoryCredentialOfferURIState","createVciIssuer","build","createAuthRequestUriCallback","authRequestUriCallback","path","replace","presentationDefinitionId","fetch","headers","then","response","text","responseData","json","authRequestURI","createVerifyAuthResponseCallback","verifyAuthResponseCallback","correlationId","body","JSON","stringify","definitionId","AuthorizationResponseStateStatus","VERIFIED","IssuerInstance","_issuer","_metadataOptions","_issuerOptions","_issuerMetadata","_authorizationServerMetadata","issuerOpts","metadataOpts","issuerMetadata","authorizationServerMetadata","get","opts","builder","createVciIssuerBuilder","issuerOptions","credentialDataSupplier","context","build","metadataOptions","value","credential_configurations_supported","OID4VCIIssuer","_DEFAULT_OPTS_KEY","instances","Map","schema","IDidAuthSiopOpAuthenticator","methods","oid4vciCreateOfferURI","bind","oid4vciIssueCredential","oid4vciCreateAccessTokenResponse","oid4vciGetInstance","_opts","opts","createArgs","context","then","instance","get","issuer","createCredentialOfferURI","response","result","returnSessions","session","issueArgs","issueCredential","accessTokenArgs","assertValidAccessTokenRequest","request","credentialOfferSessions","expirationDuration","accessTokenIssuer","issuerOptions","idOpts","didOpts","identifier","toString","Promise","reject","Error","createAccessTokenResponse","tokenExpiresIn","cNonceExpiresIn","cNonces","accessTokenSignerCallback","getAccessTokenSignerCallback","getExternalAS","issuerMetadata","Array","isArray","authorization_servers","find","as","credential_issuer","undefined","createIssuerInstance","args","credentialIssuer","metadataOpts","getMetadataOpts","getIssuerMetadata","externalAS","asMetadataResponse","retrieveWellknown","WellKnownEndpoints","OPENID_CONFIGURATION","errorOnNotFound","OAUTH_AS","authorizationServerMetadata","successBody","getAuthorizationServerMetadataFromStore","issuerOpts","getIssuerOptsFromStore","resolveOpts","resolver","getAgentResolver","set","IssuerInstance","has","storeId","namespace","options","agent","oid4vciStoreGetIssuerOpts","metadataType","correlationId","storeNamespace","metadata","oid4vciStoreGetMetadata","defaultStoreId","oid4vciStoreDefaultStoreId","defaultNamespace","oid4vciStoreDefaultNamespace","schema","require"]}
1
+ {"version":3,"sources":["../plugin.schema.json","../src/agent/OID4VCIIssuer.ts","../src/functions.ts","../src/IssuerInstance.ts","../src/index.ts"],"sourcesContent":["{\n \"IDidAuthSiopOpAuthenticator\": {\n \"components\": {\n \"schemas\": {\n \"IGetSiopSessionArgs\": {\n \"type\": \"object\",\n \"properties\": {\n \"sessionId\": {\n \"type\": \"string\"\n },\n \"additionalProperties\": false\n },\n \"required\": [\"sessionId\"],\n \"description\": \"Arguments needed for {@link DidAuthSiopOpAuthenticator.getSessionForSiop } \"\n },\n \"IRegisterSiopSessionArgs\": {\n \"type\": \"object\",\n \"properties\": {\n \"identifier\": {\n \"type\": \"object\",\n \"properties\": {\n \"did\": {\n \"type\": \"string\"\n },\n \"alias\": {\n \"type\": \"string\"\n },\n \"provider\": {\n \"type\": \"string\"\n },\n \"controllerKeyId\": {\n \"type\": \"string\"\n },\n \"keys\": {\n \"type\": \"array\",\n \"items\": {\n \"type\": \"object\",\n \"properties\": {\n \"additionalProperties\": true\n }\n }\n },\n \"services\": {\n \"type\": \"array\",\n \"items\": {\n \"type\": \"object\",\n \"properties\": {\n \"additionalProperties\": true\n }\n }\n }\n },\n \"additionalProperties\": false,\n \"required\": [\"did\", \"provider\", \"keys\", \"services\"]\n },\n \"sessionId\": {\n \"type\": \"string\"\n },\n \"expiresIn\": {\n \"type\": \"number\"\n },\n \"additionalProperties\": false\n },\n \"required\": [\"identifier\"],\n \"description\": \"Arguments needed for {@link DidAuthSiopOpAuthenticator.registerSessionForSiop } \"\n },\n \"IRemoveSiopSessionArgs\": {\n \"type\": \"object\",\n \"properties\": {\n \"sessionId\": {\n \"type\": \"string\"\n },\n \"additionalProperties\": false\n },\n \"required\": [\"sessionId\"],\n \"description\": \"Arguments needed for {@link DidAuthSiopOpAuthenticator.removeSessionForSiop } \"\n },\n \"IAuthenticateWithSiopArgs\": {\n \"type\": \"object\",\n \"properties\": {\n \"sessionId\": {\n \"type\": \"string\"\n },\n \"stateId\": {\n \"type\": \"string\"\n },\n \"redirectUrl\": {\n \"type\": \"string\"\n },\n \"additionalProperties\": false\n },\n \"required\": [\"sessionId\", \"stateId\", \"redirectUrl\"],\n \"description\": \"Arguments needed for {@link DidAuthSiopOpAuthenticator.authenticateWithSiop } \"\n },\n \"IResponse\": {\n \"type\": \"object\",\n \"properties\": {\n \"status\": {\n \"type\": \"number\"\n },\n \"additionalProperties\": true\n },\n \"required\": [\"status\"],\n \"description\": \"Result of {@link DidAuthSiopOpAuthenticator.authenticateWithSiop & DidAuthSiopOpAuthenticator.sendSiopAuthenticationResponse } \"\n },\n \"IGetSiopAuthenticationRequestFromRpArgs\": {\n \"type\": \"object\",\n \"properties\": {\n \"sessionId\": {\n \"type\": \"string\"\n },\n \"stateId\": {\n \"type\": \"string\"\n },\n \"redirectUrl\": {\n \"type\": \"string\"\n },\n \"additionalProperties\": false\n },\n \"required\": [\"sessionId\", \"stateId\", \"redirectUrl\"],\n \"description\": \"Arguments needed for {@link DidAuthSiopOpAuthenticator.getSiopAuthenticationRequestFromRP } \"\n },\n \"ParsedAuthenticationRequestURI\": {\n \"type\": \"object\",\n \"properties\": {\n \"jwt\": {\n \"type\": \"string\"\n },\n \"requestPayload\": {\n \"type\": \"object\",\n \"properties\": {\n \"additionalProperties\": true\n }\n },\n \"registration\": {\n \"type\": \"object\",\n \"properties\": {\n \"additionalProperties\": true\n }\n },\n \"additionalProperties\": false\n },\n \"required\": [\"jwt\", \"requestPayload\", \"registration\"],\n \"description\": \"Result of {@link DidAuthSiopOpAuthenticator.getSiopAuthenticationRequestFromRP } \"\n },\n \"IGetSiopAuthenticationRequestDetailsArgs\": {\n \"type\": \"object\",\n \"properties\": {\n \"sessionId\": {\n \"type\": \"string\"\n },\n \"verifiedAuthenticationRequest\": {\n \"type\": \"object\",\n \"properties\": {\n \"additionalProperties\": true\n }\n },\n \"credentialFilter\": {\n \"type\": \"object\",\n \"properties\": {\n \"additionalProperties\": true\n }\n },\n \"additionalProperties\": false\n },\n \"required\": [\"sessionId\", \"verifiedAuthenticationRequest\"],\n \"description\": \"Arguments needed for {@link DidAuthSiopOpAuthenticator.getSiopAuthenticationRequestDetails } \"\n },\n \"IAuthRequestDetails\": {\n \"type\": \"object\",\n \"properties\": {\n \"id\": {\n \"type\": \"string\"\n },\n \"alsoKnownAs\": {\n \"type\": \"array\",\n \"items\": {\n \"type\": \"string\"\n }\n },\n \"vpResponseOpts\": {\n \"type\": \"object\",\n \"properties\": {\n \"additionalProperties\": true\n }\n },\n \"additionalProperties\": false\n },\n \"required\": [\"id\", \"vpResponseOpts\"],\n \"description\": \"Result of {@link DidAuthSiopOpAuthenticator.getSiopAuthenticationRequestDetails } \"\n },\n \"IVerifySiopAuthenticationRequestUriArgs\": {\n \"type\": \"object\",\n \"properties\": {\n \"sessionId\": {\n \"type\": \"string\"\n },\n \"ParsedAuthenticationRequestURI\": {\n \"type\": \"object\",\n \"properties\": {\n \"additionalProperties\": true\n }\n },\n \"additionalProperties\": false\n },\n \"required\": [\"sessionId\", \"ParsedAuthenticationRequestURI\"],\n \"description\": \"Arguments needed for {@link DidAuthSiopOpAuthenticator.verifySiopAuthenticationRequestURI } \"\n },\n \"VerifiedAuthorizationRequest\": {\n \"type\": \"object\",\n \"properties\": {\n \"payload\": {\n \"type\": \"object\",\n \"properties\": {\n \"additionalProperties\": true\n }\n },\n \"presentationDefinitions\": {\n \"type\": \"object\",\n \"properties\": {\n \"additionalProperties\": true\n }\n },\n \"verifyOpts\": {\n \"type\": \"object\",\n \"properties\": {\n \"additionalProperties\": true\n }\n },\n \"additionalProperties\": false\n },\n \"required\": [\"payload\", \"verifyOpts\"],\n \"description\": \"Result of {@link DidAuthSiopOpAuthenticator.verifySiopAuthenticationRequestURI } \"\n },\n \"ISendSiopAuthenticationResponseArgs\": {\n \"type\": \"object\",\n \"properties\": {\n \"sessionId\": {\n \"type\": \"string\"\n },\n \"verifiedAuthenticationRequest\": {\n \"type\": \"object\",\n \"properties\": {\n \"additionalProperties\": true\n }\n },\n \"verifiablePresentationResponse\": {\n \"type\": \"object\",\n \"properties\": {\n \"additionalProperties\": true\n }\n },\n \"additionalProperties\": false\n },\n \"required\": [\"sessionId\", \"verifiedAuthenticationRequest\"],\n \"description\": \"Arguments needed for {@link DidAuthSiopOpAuthenticator.sendSiopAuthenticationResponse } \"\n }\n },\n \"methods\": {\n \"getSessionForSiop\": {\n \"description\": \"Get SIOP session\",\n \"arguments\": {\n \"$ref\": \"#/components/schemas/IGetSiopSessionArgs\"\n },\n \"returnType\": \"object\"\n },\n \"registerSessionForSiop\": {\n \"description\": \"Register SIOP session\",\n \"arguments\": {\n \"$ref\": \"#/components/schemas/IRegisterSiopSessionArgs\"\n },\n \"returnType\": \"object\"\n },\n \"removeSessionForSiop\": {\n \"description\": \"Remove SIOP session\",\n \"arguments\": {\n \"$ref\": \"#/components/schemas/IRemoveSiopSessionArgs\"\n },\n \"returnType\": \"boolean\"\n },\n \"authenticateWithSiop\": {\n \"description\": \"Authenticate using DID Auth SIOP\",\n \"arguments\": {\n \"$ref\": \"#/components/schemas/IAuthenticateWithSiopArgs\"\n },\n \"returnType\": {\n \"$ref\": \"#/components/schemas/Response\"\n }\n },\n \"getSiopAuthenticationRequestFromRP\": {\n \"description\": \"Get authentication request from RP\",\n \"arguments\": {\n \"$ref\": \"#/components/schemas/IGetSiopAuthenticationRequestFromRpArgs\"\n },\n \"returnType\": {\n \"$ref\": \"#/components/schemas/ParsedAuthenticationRequestURI\"\n }\n },\n \"getSiopAuthenticationRequestDetails\": {\n \"description\": \"Get authentication request details\",\n \"arguments\": {\n \"$ref\": \"#/components/schemas/IGetSiopAuthenticationRequestDetailsArgs\"\n },\n \"returnType\": {\n \"$ref\": \"#/components/schemas/IAuthRequestDetails\"\n }\n },\n \"verifySiopAuthenticationRequestURI\": {\n \"description\": \"Verify authentication request URI\",\n \"arguments\": {\n \"$ref\": \"#/components/schemas/IVerifySiopAuthenticationRequestUriArgs\"\n },\n \"returnType\": {\n \"$ref\": \"#/components/schemas/VerifiedAuthorizationRequest\"\n }\n },\n \"sendSiopAuthenticationResponse\": {\n \"description\": \"Send authentication response\",\n \"arguments\": {\n \"$ref\": \"#/components/schemas/ISendSiopAuthenticationResponseArgs\"\n },\n \"returnType\": {\n \"$ref\": \"#/components/schemas/IRequiredContext\"\n }\n }\n }\n }\n }\n}\n","import {retrieveWellknown} from '@sphereon/oid4vci-client'\nimport {\n AccessTokenResponse,\n AuthorizationServerMetadata,\n CredentialResponse,\n IssuerMetadata,\n OpenIDResponse,\n WellKnownEndpoints,\n} from '@sphereon/oid4vci-common'\nimport {assertValidAccessTokenRequest, createAccessTokenResponse, VcIssuer} from '@sphereon/oid4vci-issuer'\nimport {getAgentResolver} from '@sphereon/ssi-sdk-ext.did-utils'\nimport {IMetadataOptions} from '@sphereon/ssi-sdk.oid4vci-issuer-store'\nimport {IAgentPlugin} from '@veramo/core'\nimport {getAccessTokenSignerCallback} from '../functions'\nimport {\n IAssertValidAccessTokenArgs,\n ICreateCredentialOfferURIResult,\n ICreateOfferArgs,\n IIssueCredentialArgs,\n IIssuerInstanceArgs,\n IIssuerOptions,\n IOID4VCIIssuerOpts,\n IRefreshInstanceMetadata,\n IRequiredContext,\n schema,\n} from '../index'\nimport {IssuerInstance} from '../IssuerInstance'\nimport {IOID4VCIIssuer} from '../types/IOID4VCIIssuer'\n\nexport const oid4vciIssuerMethods: Array<string> = [\n 'oid4vciCreateOfferURI',\n 'oid4vciIssueCredential',\n 'oid4vciCreateAccessTokenResponse',\n 'oid4vciGetInstance',\n 'oid4vciRefreshInstanceMetadata',\n]\n\nexport class OID4VCIIssuer implements IAgentPlugin {\n private static readonly _DEFAULT_OPTS_KEY = '_default'\n private readonly instances: Map<string, IssuerInstance> = new Map()\n readonly schema = schema.IDidAuthSiopOpAuthenticator\n\n readonly methods: IOID4VCIIssuer = {\n oid4vciCreateOfferURI: this.oid4vciCreateOfferURI.bind(this),\n oid4vciIssueCredential: this.oid4vciIssueCredential.bind(this),\n oid4vciCreateAccessTokenResponse: this.oid4vciCreateAccessTokenResponse.bind(this),\n oid4vciGetInstance: this.oid4vciGetInstance.bind(this),\n oid4vciRefreshInstanceMetadata: this.oid4vciRefreshInstanceMetadata.bind(this),\n }\n private _opts: IOID4VCIIssuerOpts\n\n constructor(opts?: IOID4VCIIssuerOpts) {\n this._opts = opts ?? {}\n }\n\n private async oid4vciCreateOfferURI(createArgs: ICreateOfferArgs, context: IRequiredContext): Promise<ICreateCredentialOfferURIResult> {\n return await this.oid4vciGetInstance(createArgs, context)\n .then((instance) => instance.get({ context }))\n .then((issuer: VcIssuer) =>\n issuer.createCredentialOfferURI(createArgs).then((response) => {\n const result: ICreateCredentialOfferURIResult = response\n if (this._opts.returnSessions === false) {\n delete result.session\n }\n return result\n }),\n )\n }\n\n private async oid4vciIssueCredential(issueArgs: IIssueCredentialArgs, context: IRequiredContext): Promise<CredentialResponse> {\n return await this.oid4vciGetInstance(issueArgs, context)\n .then((instance) => instance.get({ context }))\n .then((issuer: VcIssuer) => issuer.issueCredential(issueArgs))\n }\n\n private async oid4vciCreateAccessTokenResponse(\n accessTokenArgs: IAssertValidAccessTokenArgs,\n context: IRequiredContext,\n ): Promise<AccessTokenResponse> {\n return await this.oid4vciGetInstance(accessTokenArgs, context).then(async (instance) => {\n const issuer = await instance.get({ context })\n\n await assertValidAccessTokenRequest(accessTokenArgs.request, {\n credentialOfferSessions: issuer.credentialOfferSessions,\n expirationDuration: accessTokenArgs.expirationDuration,\n })\n const accessTokenIssuer = instance.issuerOptions.idOpts?.issuer ?? instance.issuerOptions.didOpts?.idOpts.identifier.toString() // last part is legacy\n if (!accessTokenIssuer) {\n return Promise.reject(Error(`Could not determine access token issuer`))\n }\n return createAccessTokenResponse(accessTokenArgs.request, {\n accessTokenIssuer,\n tokenExpiresIn: accessTokenArgs.expirationDuration,\n cNonceExpiresIn: accessTokenArgs.expirationDuration,\n cNonces: issuer.cNonces,\n credentialOfferSessions: issuer.credentialOfferSessions,\n accessTokenSignerCallback: await getAccessTokenSignerCallback(instance.issuerOptions, context),\n })\n })\n }\n\n private getExternalAS(issuerMetadata: IssuerMetadata): string | undefined {\n if ('authorization_servers' in issuerMetadata && Array.isArray(issuerMetadata.authorization_servers)) {\n return issuerMetadata.authorization_servers.find((as) => as !== issuerMetadata.credential_issuer)\n }\n return undefined\n }\n\n private async createIssuerInstance(args: IIssuerInstanceArgs, context: IRequiredContext): Promise<IssuerInstance> {\n const credentialIssuer = args.credentialIssuer ?? OID4VCIIssuer._DEFAULT_OPTS_KEY\n //todo: prob doesn't make sense as credentialIssuer is mandatory anyway\n\n const metadataOpts = await this.getMetadataOpts({ ...args, credentialIssuer }, context)\n const issuerMetadata = await this.getIssuerMetadata({ ...args, credentialIssuer }, context)\n const externalAS = this.getExternalAS(issuerMetadata)\n let asMetadataResponse: OpenIDResponse<AuthorizationServerMetadata> | undefined = undefined\n if (externalAS) {\n // Let's try OIDC first and then fallback to OAuth2\n asMetadataResponse = await retrieveWellknown(externalAS, WellKnownEndpoints.OPENID_CONFIGURATION, {\n errorOnNotFound: false,\n })\n if (!asMetadataResponse) {\n asMetadataResponse = await retrieveWellknown(externalAS, WellKnownEndpoints.OAUTH_AS, {\n errorOnNotFound: true,\n })\n }\n }\n const authorizationServerMetadata = asMetadataResponse?.successBody\n ? asMetadataResponse!.successBody\n : await this.getAuthorizationServerMetadataFromStore(\n {\n ...args,\n credentialIssuer,\n },\n context,\n )\n const issuerOpts = await this.getIssuerOptsFromStore({ ...args, credentialIssuer }, context)\n if (!issuerOpts.resolveOpts) {\n issuerOpts.resolveOpts = { ...issuerOpts.didOpts?.resolveOpts, ...this._opts.resolveOpts }\n }\n if (!issuerOpts.resolveOpts?.resolver) {\n issuerOpts.resolveOpts.resolver = getAgentResolver(context)\n }\n\n this.instances.set(\n credentialIssuer,\n new IssuerInstance({\n issuerOpts,\n metadataOpts,\n issuerMetadata,\n authorizationServerMetadata,\n }),\n )\n\n return this.oid4vciGetInstance(args, context)\n }\n\n // TODO SSISDK-87 create proper solution to update issuer metadata\n public async oid4vciRefreshInstanceMetadata(args: IRefreshInstanceMetadata, context: IRequiredContext): Promise<boolean> {\n const instance = this.instances.get(args.credentialIssuer)\n if (instance) {\n instance.issuerMetadata = await this.getIssuerMetadata({ ...args }, context)\n return true\n }\n return false\n }\n\n public async oid4vciGetInstance(args: IIssuerInstanceArgs, context: IRequiredContext): Promise<IssuerInstance> {\n const credentialIssuer = args.credentialIssuer ?? OID4VCIIssuer._DEFAULT_OPTS_KEY\n //todo: prob doesn't make sense as credentialIssuer is mandatory anyway\n if (!this.instances.has(credentialIssuer)) {\n await this.createIssuerInstance(args, context)\n }\n return this.instances.get(credentialIssuer)!\n }\n\n private async getIssuerOptsFromStore(\n opts: {\n credentialIssuer: string\n storeId?: string\n namespace?: string\n },\n context: IRequiredContext,\n ): Promise<IIssuerOptions> {\n const credentialIssuer = opts.credentialIssuer\n const storeId = await this.storeId(opts, context)\n const namespace = await this.namespace(opts, context)\n const options = await context.agent.oid4vciStoreGetIssuerOpts({\n metadataType: 'issuer',\n correlationId: credentialIssuer,\n storeId,\n namespace,\n })\n if (!options) {\n throw Error(`Could not get specific nor default options for definition ${credentialIssuer}`)\n }\n return options\n }\n\n private async getMetadataOpts(\n opts: {\n credentialIssuer: string\n storeId?: string\n namespace?: string\n },\n context: IRequiredContext,\n ): Promise<IMetadataOptions> {\n const credentialIssuer = opts.credentialIssuer\n const storeId = await this.storeId(opts, context)\n const storeNamespace = await this.namespace(opts, context)\n return { credentialIssuer, storeId, storeNamespace }\n }\n\n private async getIssuerMetadata(\n opts: {\n credentialIssuer: string\n storeId?: string\n namespace?: string\n },\n context: IRequiredContext,\n ): Promise<IssuerMetadata> {\n const metadataOpts = await this.getMetadataOpts(opts, context)\n const metadata = (await context.agent.oid4vciStoreGetMetadata({\n metadataType: 'issuer',\n correlationId: metadataOpts.credentialIssuer,\n namespace: metadataOpts.storeNamespace,\n storeId: metadataOpts.storeId,\n })) as IssuerMetadata\n if (!metadata) {\n throw Error(`Issuer metadata not found for issuer ${opts.credentialIssuer}, namespace ${opts.namespace} and store ${opts.storeId}`)\n }\n return metadata\n }\n\n private async getAuthorizationServerMetadataFromStore(\n opts: {\n credentialIssuer: string\n storeId?: string\n namespace?: string\n },\n context: IRequiredContext,\n ): Promise<AuthorizationServerMetadata> {\n const metadataOpts = await this.getMetadataOpts(opts, context)\n const metadata = (await context.agent.oid4vciStoreGetMetadata({\n metadataType: 'authorizationServer',\n correlationId: metadataOpts.credentialIssuer,\n namespace: metadataOpts.storeNamespace,\n storeId: metadataOpts.storeId,\n })) as AuthorizationServerMetadata\n if (!metadata) {\n throw Error(\n `Authorization server ${opts.credentialIssuer} metadata not found for namespace ${metadataOpts.storeNamespace} and store ${metadataOpts.storeId}`,\n )\n }\n return metadata\n }\n\n private async storeId(opts?: { storeId?: string }, context?: IRequiredContext): Promise<string> {\n const storeId = opts?.storeId ?? this._opts?.defaultStoreId ?? (await context?.agent.oid4vciStoreDefaultStoreId())\n if (!storeId) {\n throw Error('Please provide a store id a default value, or provide the context for a global default store id')\n }\n return storeId\n }\n\n private async namespace(opts?: { namespace?: string }, context?: IRequiredContext): Promise<string> {\n const namespace = opts?.namespace ?? this._opts?.defaultNamespace ?? (await context?.agent.oid4vciStoreDefaultNamespace())\n if (!namespace) {\n throw Error('Please provide a namespace a default value, or provide the context for a global default namespace')\n }\n return namespace\n }\n}\n","import { AuthorizationResponseStateStatus } from '@sphereon/did-auth-siop'\nimport {\n AuthorizationServerMetadata,\n CredentialRequestV1_0_15,\n IssuerMetadata,\n Jwt,\n JWTHeader,\n JWTPayload,\n JwtVerifyResult,\n type OID4VCICredentialFormat,\n StatusListOpts,\n} from '@sphereon/oid4vci-common'\nimport { CredentialDataSupplier, CredentialIssuanceInput, CredentialSignerCallback, VcIssuer, VcIssuerBuilder } from '@sphereon/oid4vci-issuer'\nimport { getAgentResolver, IDIDOptions } from '@sphereon/ssi-sdk-ext.did-utils'\nimport { legacyKeyRefsToIdentifierOpts, ManagedIdentifierOptsOrResult, ManagedIdentifierResult } from '@sphereon/ssi-sdk-ext.identifier-resolution'\nimport { contextHasPlugin } from '@sphereon/ssi-sdk.agent-config'\nimport { SdJwtVcPayload } from '@sphereon/ssi-sdk.sd-jwt'\nimport { IStatusListPlugin } from '@sphereon/ssi-sdk.vc-status-list'\nimport { CompactSdJwtVc, CredentialMapper, ICredential, W3CVerifiableCredential } from '@sphereon/ssi-types'\nimport { CredentialPayload, ProofFormat } from '@veramo/core'\nimport { bytesToBase64 } from '@veramo/utils'\nimport fetch from 'cross-fetch'\nimport { createJWT, decodeJWT, JWTVerifyOptions, verifyJWT } from 'did-jwt'\nimport { Resolvable } from 'did-resolver'\nimport { jwtDecode } from 'jwt-decode'\nimport { IIssuerOptions, IRequiredContext } from './types/IOID4VCIIssuer'\n\nconst CLOCK_SKEW_ISSUANCE = 2 // Clock drift on Android is typically up to 2000ms, so we issue 2 seconds in the past\n\nexport function getJwtVerifyCallback({ verifyOpts }: { verifyOpts?: JWTVerifyOptions }, _context: IRequiredContext) {\n return async (args: { jwt: string; kid?: string }): Promise<JwtVerifyResult> => {\n const resolver = getAgentResolver(_context, {\n resolverResolution: true,\n uniresolverResolution: true,\n localResolution: true,\n })\n verifyOpts = { ...verifyOpts, resolver: verifyOpts?.resolver } // Resolver separately as that is a function\n if (!verifyOpts?.resolver || typeof verifyOpts?.resolver?.resolve !== 'function') {\n verifyOpts.resolver = resolver\n }\n const result = await _context.agent.jwtVerifyJwsSignature({ jws: args.jwt })\n if (!result.error) {\n const identifier = result.jws.signatures[0].identifier\n if (!identifier) {\n return Promise.reject(Error('the jws did not contain a signature with an identifier'))\n }\n const jwkInfo = identifier.jwks[0]\n if (!jwkInfo) {\n return Promise.reject(Error(`the identifier of type ${identifier.method} is missing jwks (ExternalJwkInfo)`))\n }\n const { alg } = jwkInfo.jwk\n const header = jwtDecode<JWTHeader>(args.jwt, { header: true })\n const payload = jwtDecode<JWTPayload>(args.jwt, { header: false })\n const kid = args.kid ?? header.kid\n //const jwk = !kid ? jwkInfo.jwk : undefined // TODO double-check if this is correct\n const jwk = jwkInfo.jwk // FIXME workaround IATAB2B-57\n return {\n alg,\n ...identifier,\n jwt: { header, payload },\n ...(kid && { kid }),\n ...(jwk && { jwk }),\n } as JwtVerifyResult\n }\n\n const decodedJwt = (await decodeJWT(args.jwt)) as Jwt\n const kid = args.kid ?? decodedJwt.header.kid\n\n if (!kid || !kid.startsWith('did:')) {\n // No DID method present in header. We already performed the validation above. So return that\n return {\n alg: decodedJwt.header.alg,\n jwt: decodedJwt,\n } as JwtVerifyResult\n }\n const did = kid.split('#')[0]\n\n const didResult = await verifyJWT(args.jwt, verifyOpts)\n if (!didResult.verified) {\n console.log(`JWT invalid: ${args.jwt}`)\n throw Error('JWT did not verify successfully')\n }\n\n const didResolution = await resolver.resolve(did)\n if (!didResolution || !didResolution.didDocument) {\n throw Error(`Could not resolve did: ${did}, metadata: ${didResolution?.didResolutionMetadata}`)\n }\n\n const alg = decodedJwt.header.alg\n return {\n alg,\n kid,\n did,\n didDocument: didResolution.didDocument,\n jwt: decodedJwt,\n }\n }\n}\n\nexport async function getAccessTokenKeyRef(\n opts: {\n /**\n * Uniform identifier options\n */\n idOpts?: ManagedIdentifierOptsOrResult\n /**\n * @deprecated\n */\n iss?: string\n /**\n * @deprecated\n */\n keyRef?: string\n /**\n * @deprecated\n */\n didOpts?: IDIDOptions\n },\n context: IRequiredContext,\n) {\n let identifier = legacyKeyRefsToIdentifierOpts(opts)\n return await context.agent.identifierManagedGet(identifier)\n}\n\nexport async function getAccessTokenSignerCallback(\n opts: {\n /**\n * Uniform identifier options\n */\n idOpts?: ManagedIdentifierOptsOrResult\n /**\n * @deprecated\n */\n iss?: string\n /**\n * @deprecated\n */\n keyRef?: string\n /**\n * @deprecated\n */\n didOpts?: IDIDOptions\n },\n context: IRequiredContext,\n) {\n const resolution = legacyKeyRefsToIdentifierOpts(opts)\n const identifier = await context.agent.identifierManagedGet({\n identifier: resolution.identifier as string,\n vmRelationship: 'authentication',\n })\n\n const keyRef = identifier.kmsKeyRef\n if (!keyRef) {\n throw Error('Cannot sign access tokens without a key ref')\n }\n\n const signer = async (data: string | Uint8Array) => {\n let dataString, encoding: 'base64' | undefined\n\n if (typeof data === 'string') {\n dataString = data\n encoding = undefined\n } else {\n dataString = bytesToBase64(data)\n encoding = 'base64'\n }\n return context.agent.keyManagerSign({ keyRef, data: dataString, encoding })\n }\n\n async function accessTokenSignerCallback(jwt: Jwt, kid?: string): Promise<string> {\n const issuer =\n opts.idOpts?.issuer ??\n (typeof opts.idOpts?.identifier === 'string' ? opts.idOpts.identifier : (opts.didOpts?.idOpts?.identifier?.toString() ?? opts?.iss))\n if (!issuer) {\n throw Error('No issuer configured for access tokens')\n }\n\n let kidHeader: string | undefined = jwt?.header?.kid ?? kid\n if (!kidHeader && identifier.kid) {\n kidHeader = identifier.kid\n }\n if (!kidHeader) {\n if (\n opts.idOpts?.method === 'did' ||\n opts.idOpts?.method === 'kid' ||\n (typeof opts.didOpts?.idOpts.identifier === 'string' && opts.didOpts?.idOpts?.identifier?.startsWith('did:'))\n ) {\n // @ts-ignore\n kidHeader = opts.idOpts?.kid ?? opts.didOpts?.idOpts?.kid ?? opts?.didOpts?.identifierOpts?.kid\n }\n }\n\n const alg = identifier.jwk?.alg\n if (!alg) {\n return Promise.reject(Error('No algorithm found in identifier JWK'))\n }\n\n return await createJWT(jwt.payload, { signer, issuer }, { ...jwt.header, ...(kidHeader && { kid: kidHeader }), typ: 'JWT', alg })\n }\n\n return accessTokenSignerCallback\n}\n\nexport async function getCredentialSignerCallback(\n idOpts: ManagedIdentifierOptsOrResult & {\n crypto?: Crypto\n },\n context: IRequiredContext,\n): Promise<CredentialSignerCallback> {\n async function issueVCCallback(args: {\n credentialRequest: CredentialRequestV1_0_15\n credential: CredentialIssuanceInput\n jwtVerifyResult: JwtVerifyResult\n format?: OID4VCICredentialFormat\n statusLists?: Array<StatusListOpts>\n }): Promise<W3CVerifiableCredential | CompactSdJwtVc> {\n const { jwtVerifyResult, format, statusLists } = args\n const credential = args.credential as ICredential // TODO: SDJWT\n let proofFormat: ProofFormat\n\n let resolution: ManagedIdentifierResult\n if (typeof idOpts.identifier !== 'string') {\n resolution = idOpts as ManagedIdentifierResult\n } else {\n resolution = await context.agent.identifierManagedGet({\n identifier: idOpts.identifier,\n vmRelationship: 'assertionMethod',\n })\n }\n proofFormat = format?.includes('ld') ? 'lds' : 'jwt'\n const issuer = resolution.issuer ?? resolution.kmsKeyRef\n\n if (CredentialMapper.isW3cCredential(credential)) {\n if (!credential.issuer) {\n credential.issuer = { id: issuer }\n } else if (typeof credential.issuer === 'object' && !credential.issuer.id) {\n credential.issuer.id = issuer\n }\n const subjectIsArray = Array.isArray(credential.credentialSubject)\n let credentialSubjects = Array.isArray(credential.credentialSubject) ? credential.credentialSubject : [credential.credentialSubject]\n credentialSubjects = credentialSubjects.map((subject) => {\n if (!subject.id) {\n subject.id = jwtVerifyResult.did\n }\n return subject\n })\n credential.credentialSubject = subjectIsArray ? credentialSubjects : credentialSubjects[0]\n\n // TODO: We should extend the plugin capabilities of issuance so we do not have to tuck this into the sign callback\n if (contextHasPlugin<IStatusListPlugin>(context, 'slAddStatusToCredential')) {\n // Add status list if enabled (and when the input has a credentialStatus object (can be empty))\n const credentialStatusVC = await context.agent.slAddStatusToCredential({ credential, statusLists })\n if (credential.credentialStatus && !credential.credentialStatus.statusListCredential) {\n credential.credentialStatus = credentialStatusVC.credentialStatus\n }\n }\n\n const result = await context.agent.createVerifiableCredential({\n credential: credential as CredentialPayload,\n proofFormat,\n removeOriginalFields: false,\n fetchRemoteContexts: true,\n domain: typeof credential.issuer === 'object' ? credential.issuer.id : credential.issuer,\n ...(resolution.kid && { header: { kid: resolution.kid } }),\n })\n return (proofFormat === 'jwt' && 'jwt' in result.proof ? result.proof.jwt : result) as W3CVerifiableCredential\n } else if (CredentialMapper.isSdJwtDecodedCredentialPayload(credential)) {\n const sdJwtPayload = credential as SdJwtVcPayload\n if (sdJwtPayload.iss === undefined) {\n sdJwtPayload.iss = issuer\n }\n if (sdJwtPayload.iat === undefined) {\n sdJwtPayload.iat = Math.floor(new Date().getTime() / 1000) - CLOCK_SKEW_ISSUANCE\n }\n\n let disclosureFrame\n if ('disclosureFrame' in credential) {\n disclosureFrame = credential['disclosureFrame']\n delete credential['disclosureFrame']\n } else {\n disclosureFrame = {\n _sd: credential['_sd'],\n }\n }\n\n if (contextHasPlugin<IStatusListPlugin>(context, 'slAddStatusToSdJwtCredential')) {\n if ((sdJwtPayload.status && sdJwtPayload.status.status_list) || (statusLists && statusLists.length > 0)) {\n // Add status list if enabled (and when the input has a credentialStatus object (can be empty))\n const sdJwtPayloadWithStatus = await context.agent.slAddStatusToSdJwtCredential({ credential: sdJwtPayload, statusLists })\n if (sdJwtPayload.status?.status_list?.idx) {\n if (!sdJwtPayloadWithStatus.status || !sdJwtPayloadWithStatus.status.status_list) {\n // sdJwtPayload and sdJwtPayloadWithStatus is the same for now, but we should use the result anyway as this could be subject to change\n return Promise.reject(Error('slAddStatusToSdJwtCredential did not return a status_list'))\n }\n\n // Update statusListId & statusListIndex back to the credential session TODO SSISDK-4 This is not a clean way to do this.\n if (statusLists && statusLists.length > 0) {\n const statusList = statusLists[0]\n statusList.statusListId = sdJwtPayloadWithStatus.status.status_list.uri\n statusList.statusListIndex = sdJwtPayloadWithStatus.status.status_list.idx\n }\n sdJwtPayload.status.status_list.idx = sdJwtPayloadWithStatus.status.status_list.idx\n }\n }\n }\n\n const result = await context.agent.createSdJwtVc({\n credentialPayload: sdJwtPayload,\n disclosureFrame: disclosureFrame,\n resolution,\n })\n return result.credential\n } /*else if (CredentialMapper.isMsoMdocDecodedCredential(credential)) {\n TODO\n }*/\n return Promise.reject('VC issuance failed, an incorrect or unsupported credential was supplied')\n }\n\n return issueVCCallback\n}\n\nexport async function createVciIssuerBuilder(\n args: {\n issuerOpts: IIssuerOptions\n issuerMetadata: IssuerMetadata\n authorizationServerMetadata: AuthorizationServerMetadata\n resolver?: Resolvable\n credentialDataSupplier?: CredentialDataSupplier\n },\n context: IRequiredContext,\n): Promise<VcIssuerBuilder> {\n const { issuerOpts, issuerMetadata, authorizationServerMetadata } = args\n\n const builder = new VcIssuerBuilder()\n // @ts-ignore\n const resolver =\n args.resolver ??\n args?.issuerOpts?.didOpts?.resolveOpts?.resolver ??\n args.issuerOpts?.didOpts?.resolveOpts?.jwtVerifyOpts?.resolver ??\n getAgentResolver(context)\n if (!resolver) {\n throw Error('A Resolver is necessary to verify DID JWTs')\n }\n const idOpts = legacyKeyRefsToIdentifierOpts({ didOpts: issuerOpts.didOpts, idOpts: issuerOpts.idOpts })\n const jwtVerifyOpts: JWTVerifyOptions = {\n ...issuerOpts?.didOpts?.resolveOpts?.jwtVerifyOpts,\n ...args?.issuerOpts?.resolveOpts?.jwtVerifyOpts,\n resolver,\n audience: issuerMetadata.credential_issuer as string, // FIXME legacy version had {display: NameAndLocale | NameAndLocale[]} as credential_issuer\n }\n builder.withIssuerMetadata(issuerMetadata)\n builder.withAuthorizationMetadata(authorizationServerMetadata)\n // builder.withUserPinRequired(issuerOpts.userPinRequired ?? false) was removed from implementers draft v1\n builder.withCredentialSignerCallback(await getCredentialSignerCallback(idOpts, context))\n if (issuerOpts.nonceEndpoint) {\n builder.withNonceEndpoint(issuerOpts.nonceEndpoint)\n } else if (issuerMetadata.nonce_endpoint) {\n builder.withNonceEndpoint(issuerOpts.nonceEndpoint ?? issuerMetadata.nonce_endpoint)\n }\n\n if (issuerOpts.asClientOpts) {\n builder.withASClientMetadata(issuerOpts.asClientOpts)\n // @ts-ignore\n // const authorizationServer = issuerMetadata.authorization_servers[0] as string\n // Set the OIDC verifier\n // builder.withJWTVerifyCallback(oidcAccessTokenVerifyCallback({clientMetadata: issuerOpts.asClientOpts, credentialIssuer: issuerMetadata.credential_issuer as string, authorizationServer}))\n }\n // Do not use it when asClient is used\n builder.withJWTVerifyCallback(getJwtVerifyCallback({ verifyOpts: jwtVerifyOpts }, context))\n\n if (args.credentialDataSupplier) {\n builder.withCredentialDataSupplier(args.credentialDataSupplier)\n }\n builder.withInMemoryCNonceState()\n builder.withInMemoryCredentialOfferState()\n builder.withInMemoryCredentialOfferURIState()\n\n return builder\n}\n\nexport async function createVciIssuer(\n {\n issuerOpts,\n issuerMetadata,\n authorizationServerMetadata,\n credentialDataSupplier,\n }: {\n issuerOpts: IIssuerOptions\n issuerMetadata: IssuerMetadata\n authorizationServerMetadata: AuthorizationServerMetadata\n credentialDataSupplier?: CredentialDataSupplier\n },\n context: IRequiredContext,\n): Promise<VcIssuer> {\n return (\n await createVciIssuerBuilder(\n {\n issuerOpts,\n issuerMetadata,\n authorizationServerMetadata,\n credentialDataSupplier,\n },\n context,\n )\n ).build()\n}\n\nexport async function createAuthRequestUriCallback(opts: { path: string; presentationDefinitionId: string }): Promise<() => Promise<string>> {\n async function authRequestUriCallback(): Promise<string> {\n const path = opts.path.replace(':definitionId', opts.presentationDefinitionId)\n return fetch(path, {\n method: 'POST',\n headers: {\n 'Content-Type': 'application/json',\n },\n }).then(async (response): Promise<string> => {\n if (response.status >= 400) {\n return Promise.reject(Error(await response.text()))\n } else {\n const responseData = await response.json()\n\n if (!responseData.authRequestURI) {\n return Promise.reject(Error('Missing auth request uri in response body'))\n }\n\n return responseData.authRequestURI\n }\n })\n }\n\n return authRequestUriCallback\n}\n\nexport async function createVerifyAuthResponseCallback(opts: {\n path: string\n presentationDefinitionId: string\n}): Promise<(correlationId: string) => Promise<boolean>> {\n async function verifyAuthResponseCallback(correlationId: string): Promise<boolean> {\n return fetch(opts.path, {\n method: 'POST',\n headers: {\n 'Content-Type': 'application/json',\n },\n body: JSON.stringify({ definitionId: opts.presentationDefinitionId, correlationId }),\n }).then(async (response): Promise<boolean> => {\n if (response.status >= 400) {\n return Promise.reject(Error(await response.text()))\n } else {\n const responseData = await response.json()\n\n if (!responseData.status) {\n return Promise.reject(Error('Missing status in response body'))\n }\n\n return responseData.status === AuthorizationResponseStateStatus.VERIFIED\n }\n })\n }\n\n return verifyAuthResponseCallback\n}\n","import { CredentialDataSupplier, VcIssuer } from '@sphereon/oid4vci-issuer'\nimport { createVciIssuerBuilder } from './functions'\nimport { AuthorizationServerMetadata, IssuerMetadata } from '@sphereon/oid4vci-common'\nimport { IIssuerOptions, IMetadataOptions, IRequiredContext } from './types/IOID4VCIIssuer'\n\nexport class IssuerInstance {\n private _issuer: VcIssuer | undefined\n private readonly _metadataOptions: IMetadataOptions\n private readonly _issuerOptions: IIssuerOptions\n private _issuerMetadata: IssuerMetadata\n private readonly _authorizationServerMetadata: AuthorizationServerMetadata\n\n public constructor({\n issuerOpts,\n metadataOpts,\n issuerMetadata,\n authorizationServerMetadata,\n }: {\n issuerOpts: IIssuerOptions\n metadataOpts: IMetadataOptions\n issuerMetadata: IssuerMetadata\n authorizationServerMetadata: AuthorizationServerMetadata\n }) {\n this._issuerOptions = issuerOpts\n this._metadataOptions = metadataOpts\n this._issuerMetadata = issuerMetadata\n this._authorizationServerMetadata = authorizationServerMetadata\n }\n\n public async get(opts: { context: IRequiredContext; credentialDataSupplier?: CredentialDataSupplier }): Promise<VcIssuer> {\n if (!this._issuer) {\n const builder = await createVciIssuerBuilder(\n {\n issuerOpts: this.issuerOptions,\n issuerMetadata: this.issuerMetadata,\n authorizationServerMetadata: this.authorizationServerMetadata,\n credentialDataSupplier: opts?.credentialDataSupplier,\n },\n opts.context,\n )\n this._issuer = builder.build()\n }\n return this._issuer\n }\n\n get issuerOptions() {\n return this._issuerOptions\n }\n\n get metadataOptions() {\n return this._metadataOptions\n }\n\n get issuerMetadata() {\n return this._issuerMetadata\n }\n\n set issuerMetadata(value: IssuerMetadata) {\n // TODO SSISDK-87 create proper solution to update issuer metadata\n if (this._issuer?.issuerMetadata) {\n this._issuer.issuerMetadata = {\n ...this._issuer?.issuerMetadata,\n credential_configurations_supported: value.credential_configurations_supported\n }\n }\n\n this._issuerMetadata = value\n }\n\n get authorizationServerMetadata() {\n return this._authorizationServerMetadata\n }\n}\n","/**\n * @public\n */\nconst schema = require('../plugin.schema.json')\nexport { schema }\nexport { OID4VCIIssuer, oid4vciIssuerMethods } from './agent/OID4VCIIssuer'\nexport * from './functions'\nexport * from './IssuerInstance'\nexport * from './types/IOID4VCIIssuer'\n"],"mappings":";;;;;;;;AAAA;AAAA;AAAA;AAAA,MACE,6BAA+B;AAAA,QAC7B,YAAc;AAAA,UACZ,SAAW;AAAA,YACT,qBAAuB;AAAA,cACrB,MAAQ;AAAA,cACR,YAAc;AAAA,gBACZ,WAAa;AAAA,kBACX,MAAQ;AAAA,gBACV;AAAA,gBACA,sBAAwB;AAAA,cAC1B;AAAA,cACA,UAAY,CAAC,WAAW;AAAA,cACxB,aAAe;AAAA,YACjB;AAAA,YACA,0BAA4B;AAAA,cAC1B,MAAQ;AAAA,cACR,YAAc;AAAA,gBACZ,YAAc;AAAA,kBACZ,MAAQ;AAAA,kBACR,YAAc;AAAA,oBACZ,KAAO;AAAA,sBACL,MAAQ;AAAA,oBACV;AAAA,oBACA,OAAS;AAAA,sBACP,MAAQ;AAAA,oBACV;AAAA,oBACA,UAAY;AAAA,sBACV,MAAQ;AAAA,oBACV;AAAA,oBACA,iBAAmB;AAAA,sBACjB,MAAQ;AAAA,oBACV;AAAA,oBACA,MAAQ;AAAA,sBACN,MAAQ;AAAA,sBACR,OAAS;AAAA,wBACP,MAAQ;AAAA,wBACR,YAAc;AAAA,0BACZ,sBAAwB;AAAA,wBAC1B;AAAA,sBACF;AAAA,oBACF;AAAA,oBACA,UAAY;AAAA,sBACV,MAAQ;AAAA,sBACR,OAAS;AAAA,wBACP,MAAQ;AAAA,wBACR,YAAc;AAAA,0BACZ,sBAAwB;AAAA,wBAC1B;AAAA,sBACF;AAAA,oBACF;AAAA,kBACF;AAAA,kBACA,sBAAwB;AAAA,kBACxB,UAAY,CAAC,OAAO,YAAY,QAAQ,UAAU;AAAA,gBACpD;AAAA,gBACA,WAAa;AAAA,kBACX,MAAQ;AAAA,gBACV;AAAA,gBACA,WAAa;AAAA,kBACX,MAAQ;AAAA,gBACV;AAAA,gBACA,sBAAwB;AAAA,cAC1B;AAAA,cACA,UAAY,CAAC,YAAY;AAAA,cACzB,aAAe;AAAA,YACjB;AAAA,YACA,wBAA0B;AAAA,cACxB,MAAQ;AAAA,cACR,YAAc;AAAA,gBACZ,WAAa;AAAA,kBACX,MAAQ;AAAA,gBACV;AAAA,gBACA,sBAAwB;AAAA,cAC1B;AAAA,cACA,UAAY,CAAC,WAAW;AAAA,cACxB,aAAe;AAAA,YACjB;AAAA,YACA,2BAA6B;AAAA,cAC3B,MAAQ;AAAA,cACR,YAAc;AAAA,gBACZ,WAAa;AAAA,kBACX,MAAQ;AAAA,gBACV;AAAA,gBACA,SAAW;AAAA,kBACT,MAAQ;AAAA,gBACV;AAAA,gBACA,aAAe;AAAA,kBACb,MAAQ;AAAA,gBACV;AAAA,gBACA,sBAAwB;AAAA,cAC1B;AAAA,cACA,UAAY,CAAC,aAAa,WAAW,aAAa;AAAA,cAClD,aAAe;AAAA,YACjB;AAAA,YACA,WAAa;AAAA,cACX,MAAQ;AAAA,cACR,YAAc;AAAA,gBACZ,QAAU;AAAA,kBACR,MAAQ;AAAA,gBACV;AAAA,gBACA,sBAAwB;AAAA,cAC1B;AAAA,cACA,UAAY,CAAC,QAAQ;AAAA,cACrB,aAAe;AAAA,YACjB;AAAA,YACA,yCAA2C;AAAA,cACzC,MAAQ;AAAA,cACR,YAAc;AAAA,gBACZ,WAAa;AAAA,kBACX,MAAQ;AAAA,gBACV;AAAA,gBACA,SAAW;AAAA,kBACT,MAAQ;AAAA,gBACV;AAAA,gBACA,aAAe;AAAA,kBACb,MAAQ;AAAA,gBACV;AAAA,gBACA,sBAAwB;AAAA,cAC1B;AAAA,cACA,UAAY,CAAC,aAAa,WAAW,aAAa;AAAA,cAClD,aAAe;AAAA,YACjB;AAAA,YACA,gCAAkC;AAAA,cAChC,MAAQ;AAAA,cACR,YAAc;AAAA,gBACZ,KAAO;AAAA,kBACL,MAAQ;AAAA,gBACV;AAAA,gBACA,gBAAkB;AAAA,kBAChB,MAAQ;AAAA,kBACR,YAAc;AAAA,oBACZ,sBAAwB;AAAA,kBAC1B;AAAA,gBACF;AAAA,gBACA,cAAgB;AAAA,kBACd,MAAQ;AAAA,kBACR,YAAc;AAAA,oBACZ,sBAAwB;AAAA,kBAC1B;AAAA,gBACF;AAAA,gBACA,sBAAwB;AAAA,cAC1B;AAAA,cACA,UAAY,CAAC,OAAO,kBAAkB,cAAc;AAAA,cACpD,aAAe;AAAA,YACjB;AAAA,YACA,0CAA4C;AAAA,cAC1C,MAAQ;AAAA,cACR,YAAc;AAAA,gBACZ,WAAa;AAAA,kBACX,MAAQ;AAAA,gBACV;AAAA,gBACA,+BAAiC;AAAA,kBAC/B,MAAQ;AAAA,kBACR,YAAc;AAAA,oBACZ,sBAAwB;AAAA,kBAC1B;AAAA,gBACF;AAAA,gBACA,kBAAoB;AAAA,kBAClB,MAAQ;AAAA,kBACR,YAAc;AAAA,oBACZ,sBAAwB;AAAA,kBAC1B;AAAA,gBACF;AAAA,gBACA,sBAAwB;AAAA,cAC1B;AAAA,cACA,UAAY,CAAC,aAAa,+BAA+B;AAAA,cACzD,aAAe;AAAA,YACjB;AAAA,YACA,qBAAuB;AAAA,cACrB,MAAQ;AAAA,cACR,YAAc;AAAA,gBACZ,IAAM;AAAA,kBACJ,MAAQ;AAAA,gBACV;AAAA,gBACA,aAAe;AAAA,kBACb,MAAQ;AAAA,kBACR,OAAS;AAAA,oBACP,MAAQ;AAAA,kBACV;AAAA,gBACF;AAAA,gBACA,gBAAkB;AAAA,kBAChB,MAAQ;AAAA,kBACR,YAAc;AAAA,oBACZ,sBAAwB;AAAA,kBAC1B;AAAA,gBACF;AAAA,gBACA,sBAAwB;AAAA,cAC1B;AAAA,cACA,UAAY,CAAC,MAAM,gBAAgB;AAAA,cACnC,aAAe;AAAA,YACjB;AAAA,YACA,yCAA2C;AAAA,cACzC,MAAQ;AAAA,cACR,YAAc;AAAA,gBACZ,WAAa;AAAA,kBACX,MAAQ;AAAA,gBACV;AAAA,gBACA,gCAAkC;AAAA,kBAChC,MAAQ;AAAA,kBACR,YAAc;AAAA,oBACZ,sBAAwB;AAAA,kBAC1B;AAAA,gBACF;AAAA,gBACA,sBAAwB;AAAA,cAC1B;AAAA,cACA,UAAY,CAAC,aAAa,gCAAgC;AAAA,cAC1D,aAAe;AAAA,YACjB;AAAA,YACA,8BAAgC;AAAA,cAC9B,MAAQ;AAAA,cACR,YAAc;AAAA,gBACZ,SAAW;AAAA,kBACT,MAAQ;AAAA,kBACR,YAAc;AAAA,oBACZ,sBAAwB;AAAA,kBAC1B;AAAA,gBACF;AAAA,gBACA,yBAA2B;AAAA,kBACzB,MAAQ;AAAA,kBACR,YAAc;AAAA,oBACZ,sBAAwB;AAAA,kBAC1B;AAAA,gBACF;AAAA,gBACA,YAAc;AAAA,kBACZ,MAAQ;AAAA,kBACR,YAAc;AAAA,oBACZ,sBAAwB;AAAA,kBAC1B;AAAA,gBACF;AAAA,gBACA,sBAAwB;AAAA,cAC1B;AAAA,cACA,UAAY,CAAC,WAAW,YAAY;AAAA,cACpC,aAAe;AAAA,YACjB;AAAA,YACA,qCAAuC;AAAA,cACrC,MAAQ;AAAA,cACR,YAAc;AAAA,gBACZ,WAAa;AAAA,kBACX,MAAQ;AAAA,gBACV;AAAA,gBACA,+BAAiC;AAAA,kBAC/B,MAAQ;AAAA,kBACR,YAAc;AAAA,oBACZ,sBAAwB;AAAA,kBAC1B;AAAA,gBACF;AAAA,gBACA,gCAAkC;AAAA,kBAChC,MAAQ;AAAA,kBACR,YAAc;AAAA,oBACZ,sBAAwB;AAAA,kBAC1B;AAAA,gBACF;AAAA,gBACA,sBAAwB;AAAA,cAC1B;AAAA,cACA,UAAY,CAAC,aAAa,+BAA+B;AAAA,cACzD,aAAe;AAAA,YACjB;AAAA,UACF;AAAA,UACA,SAAW;AAAA,YACT,mBAAqB;AAAA,cACnB,aAAe;AAAA,cACf,WAAa;AAAA,gBACX,MAAQ;AAAA,cACV;AAAA,cACA,YAAc;AAAA,YAChB;AAAA,YACA,wBAA0B;AAAA,cACxB,aAAe;AAAA,cACf,WAAa;AAAA,gBACX,MAAQ;AAAA,cACV;AAAA,cACA,YAAc;AAAA,YAChB;AAAA,YACA,sBAAwB;AAAA,cACtB,aAAe;AAAA,cACf,WAAa;AAAA,gBACX,MAAQ;AAAA,cACV;AAAA,cACA,YAAc;AAAA,YAChB;AAAA,YACA,sBAAwB;AAAA,cACtB,aAAe;AAAA,cACf,WAAa;AAAA,gBACX,MAAQ;AAAA,cACV;AAAA,cACA,YAAc;AAAA,gBACZ,MAAQ;AAAA,cACV;AAAA,YACF;AAAA,YACA,oCAAsC;AAAA,cACpC,aAAe;AAAA,cACf,WAAa;AAAA,gBACX,MAAQ;AAAA,cACV;AAAA,cACA,YAAc;AAAA,gBACZ,MAAQ;AAAA,cACV;AAAA,YACF;AAAA,YACA,qCAAuC;AAAA,cACrC,aAAe;AAAA,cACf,WAAa;AAAA,gBACX,MAAQ;AAAA,cACV;AAAA,cACA,YAAc;AAAA,gBACZ,MAAQ;AAAA,cACV;AAAA,YACF;AAAA,YACA,oCAAsC;AAAA,cACpC,aAAe;AAAA,cACf,WAAa;AAAA,gBACX,MAAQ;AAAA,cACV;AAAA,cACA,YAAc;AAAA,gBACZ,MAAQ;AAAA,cACV;AAAA,YACF;AAAA,YACA,gCAAkC;AAAA,cAChC,aAAe;AAAA,cACf,WAAa;AAAA,gBACX,MAAQ;AAAA,cACV;AAAA,cACA,YAAc;AAAA,gBACZ,MAAQ;AAAA,cACV;AAAA,YACF;AAAA,UACF;AAAA,QACF;AAAA,MACF;AAAA,IACF;AAAA;AAAA;;;ACxUA,SAAQA,yBAAwB;AAChC,SAMIC,0BACG;AACP,SAAQC,+BAA+BC,iCAA0C;AACjF,SAAQC,oBAAAA,yBAAuB;;;ACV/B,SAASC,wCAAwC;AAYjD,SAA8FC,uBAAuB;AACrH,SAASC,wBAAqC;AAC9C,SAASC,qCAA6F;AACtG,SAASC,wBAAwB;AAGjC,SAAyBC,wBAA8D;AAEvF,SAASC,qBAAqB;AAC9B,OAAOC,WAAW;AAClB,SAASC,WAAWC,WAA6BC,iBAAiB;AAElE,SAASC,iBAAiB;AAG1B,IAAMC,sBAAsB;AAErB,SAASC,qBAAqB,EAAEC,WAAU,GAAuCC,UAA0B;AAChH,SAAO,OAAOC,SAAAA;AACZ,UAAMC,WAAWC,iBAAiBH,UAAU;MAC1CI,oBAAoB;MACpBC,uBAAuB;MACvBC,iBAAiB;IACnB,CAAA;AACAP,iBAAa;MAAE,GAAGA;MAAYG,UAAUH,YAAYG;IAAS;AAC7D,QAAI,CAACH,YAAYG,YAAY,OAAOH,YAAYG,UAAUK,YAAY,YAAY;AAChFR,iBAAWG,WAAWA;IACxB;AACA,UAAMM,SAAS,MAAMR,SAASS,MAAMC,sBAAsB;MAAEC,KAAKV,KAAKW;IAAI,CAAA;AAC1E,QAAI,CAACJ,OAAOK,OAAO;AACjB,YAAMC,aAAaN,OAAOG,IAAII,WAAW,CAAA,EAAGD;AAC5C,UAAI,CAACA,YAAY;AACf,eAAOE,QAAQC,OAAOC,MAAM,wDAAA,CAAA;MAC9B;AACA,YAAMC,UAAUL,WAAWM,KAAK,CAAA;AAChC,UAAI,CAACD,SAAS;AACZ,eAAOH,QAAQC,OAAOC,MAAM,0BAA0BJ,WAAWO,MAAM,oCAAoC,CAAA;MAC7G;AACA,YAAM,EAAEC,KAAAA,KAAG,IAAKH,QAAQI;AACxB,YAAMC,SAASC,UAAqBxB,KAAKW,KAAK;QAAEY,QAAQ;MAAK,CAAA;AAC7D,YAAME,UAAUD,UAAsBxB,KAAKW,KAAK;QAAEY,QAAQ;MAAM,CAAA;AAChE,YAAMG,OAAM1B,KAAK0B,OAAOH,OAAOG;AAE/B,YAAMJ,MAAMJ,QAAQI;AACpB,aAAO;QACLD,KAAAA;QACA,GAAGR;QACHF,KAAK;UAAEY;UAAQE;QAAQ;QACvB,GAAIC,QAAO;UAAEA,KAAAA;QAAI;QACjB,GAAIJ,OAAO;UAAEA;QAAI;MACnB;IACF;AAEA,UAAMK,aAAc,MAAMC,UAAU5B,KAAKW,GAAG;AAC5C,UAAMe,MAAM1B,KAAK0B,OAAOC,WAAWJ,OAAOG;AAE1C,QAAI,CAACA,OAAO,CAACA,IAAIG,WAAW,MAAA,GAAS;AAEnC,aAAO;QACLR,KAAKM,WAAWJ,OAAOF;QACvBV,KAAKgB;MACP;IACF;AACA,UAAMG,MAAMJ,IAAIK,MAAM,GAAA,EAAK,CAAA;AAE3B,UAAMC,YAAY,MAAMC,UAAUjC,KAAKW,KAAKb,UAAAA;AAC5C,QAAI,CAACkC,UAAUE,UAAU;AACvBC,cAAQC,IAAI,gBAAgBpC,KAAKW,GAAG,EAAE;AACtC,YAAMM,MAAM,iCAAA;IACd;AAEA,UAAMoB,gBAAgB,MAAMpC,SAASK,QAAQwB,GAAAA;AAC7C,QAAI,CAACO,iBAAiB,CAACA,cAAcC,aAAa;AAChD,YAAMrB,MAAM,0BAA0Ba,GAAAA,eAAkBO,eAAeE,qBAAAA,EAAuB;IAChG;AAEA,UAAMlB,MAAMM,WAAWJ,OAAOF;AAC9B,WAAO;MACLA;MACAK;MACAI;MACAQ,aAAaD,cAAcC;MAC3B3B,KAAKgB;IACP;EACF;AACF;AApEgB9B;AAsEhB,eAAsB2C,qBACpBC,MAkBAC,SAAyB;AAEzB,MAAI7B,aAAa8B,8BAA8BF,IAAAA;AAC/C,SAAO,MAAMC,QAAQlC,MAAMoC,qBAAqB/B,UAAAA;AAClD;AAvBsB2B;AAyBtB,eAAsBK,6BACpBJ,MAkBAC,SAAyB;AAEzB,QAAMI,aAAaH,8BAA8BF,IAAAA;AACjD,QAAM5B,aAAa,MAAM6B,QAAQlC,MAAMoC,qBAAqB;IAC1D/B,YAAYiC,WAAWjC;IACvBkC,gBAAgB;EAClB,CAAA;AAEA,QAAMC,SAASnC,WAAWoC;AAC1B,MAAI,CAACD,QAAQ;AACX,UAAM/B,MAAM,6CAAA;EACd;AAEA,QAAMiC,SAAS,8BAAOC,SAAAA;AACpB,QAAIC,YAAYC;AAEhB,QAAI,OAAOF,SAAS,UAAU;AAC5BC,mBAAaD;AACbE,iBAAWC;IACb,OAAO;AACLF,mBAAaG,cAAcJ,IAAAA;AAC3BE,iBAAW;IACb;AACA,WAAOX,QAAQlC,MAAMgD,eAAe;MAAER;MAAQG,MAAMC;MAAYC;IAAS,CAAA;EAC3E,GAXe;AAaf,iBAAeI,0BAA0B9C,KAAUe,KAAY;AAC7D,UAAMgC,SACJjB,KAAKkB,QAAQD,WACZ,OAAOjB,KAAKkB,QAAQ9C,eAAe,WAAW4B,KAAKkB,OAAO9C,aAAc4B,KAAKmB,SAASD,QAAQ9C,YAAYgD,SAAAA,KAAcpB,MAAMqB;AACjI,QAAI,CAACJ,QAAQ;AACX,YAAMzC,MAAM,wCAAA;IACd;AAEA,QAAI8C,YAAgCpD,KAAKY,QAAQG,OAAOA;AACxD,QAAI,CAACqC,aAAalD,WAAWa,KAAK;AAChCqC,kBAAYlD,WAAWa;IACzB;AACA,QAAI,CAACqC,WAAW;AACd,UACEtB,KAAKkB,QAAQvC,WAAW,SACxBqB,KAAKkB,QAAQvC,WAAW,SACvB,OAAOqB,KAAKmB,SAASD,OAAO9C,eAAe,YAAY4B,KAAKmB,SAASD,QAAQ9C,YAAYgB,WAAW,MAAA,GACrG;AAEAkC,oBAAYtB,KAAKkB,QAAQjC,OAAOe,KAAKmB,SAASD,QAAQjC,OAAOe,MAAMmB,SAASI,gBAAgBtC;MAC9F;IACF;AAEA,UAAML,MAAMR,WAAWS,KAAKD;AAC5B,QAAI,CAACA,KAAK;AACR,aAAON,QAAQC,OAAOC,MAAM,sCAAA,CAAA;IAC9B;AAEA,WAAO,MAAMgD,UAAUtD,IAAIc,SAAS;MAAEyB;MAAQQ;IAAO,GAAG;MAAE,GAAG/C,IAAIY;MAAQ,GAAIwC,aAAa;QAAErC,KAAKqC;MAAU;MAAIG,KAAK;MAAO7C;IAAI,CAAA;EACjI;AA7BeoC;AA+Bf,SAAOA;AACT;AA7EsBZ;AA+EtB,eAAsBsB,4BACpBR,QAGAjB,SAAyB;AAEzB,iBAAe0B,gBAAgBpE,MAM9B;AACC,UAAM,EAAEqE,iBAAiBC,QAAQC,YAAW,IAAKvE;AACjD,UAAMwE,aAAaxE,KAAKwE;AACxB,QAAIC;AAEJ,QAAI3B;AACJ,QAAI,OAAOa,OAAO9C,eAAe,UAAU;AACzCiC,mBAAaa;IACf,OAAO;AACLb,mBAAa,MAAMJ,QAAQlC,MAAMoC,qBAAqB;QACpD/B,YAAY8C,OAAO9C;QACnBkC,gBAAgB;MAClB,CAAA;IACF;AACA0B,kBAAcH,QAAQI,SAAS,IAAA,IAAQ,QAAQ;AAC/C,UAAMhB,SAASZ,WAAWY,UAAUZ,WAAWG;AAE/C,QAAI0B,iBAAiBC,gBAAgBJ,UAAAA,GAAa;AAChD,UAAI,CAACA,WAAWd,QAAQ;AACtBc,mBAAWd,SAAS;UAAEmB,IAAInB;QAAO;MACnC,WAAW,OAAOc,WAAWd,WAAW,YAAY,CAACc,WAAWd,OAAOmB,IAAI;AACzEL,mBAAWd,OAAOmB,KAAKnB;MACzB;AACA,YAAMoB,iBAAiBC,MAAMC,QAAQR,WAAWS,iBAAiB;AACjE,UAAIC,qBAAqBH,MAAMC,QAAQR,WAAWS,iBAAiB,IAAIT,WAAWS,oBAAoB;QAACT,WAAWS;;AAClHC,2BAAqBA,mBAAmBC,IAAI,CAACC,YAAAA;AAC3C,YAAI,CAACA,QAAQP,IAAI;AACfO,kBAAQP,KAAKR,gBAAgBvC;QAC/B;AACA,eAAOsD;MACT,CAAA;AACAZ,iBAAWS,oBAAoBH,iBAAiBI,qBAAqBA,mBAAmB,CAAA;AAGxF,UAAIG,iBAAoC3C,SAAS,yBAAA,GAA4B;AAE3E,cAAM4C,qBAAqB,MAAM5C,QAAQlC,MAAM+E,wBAAwB;UAAEf;UAAYD;QAAY,CAAA;AACjG,YAAIC,WAAWgB,oBAAoB,CAAChB,WAAWgB,iBAAiBC,sBAAsB;AACpFjB,qBAAWgB,mBAAmBF,mBAAmBE;QACnD;MACF;AAEA,YAAMjF,SAAS,MAAMmC,QAAQlC,MAAMkF,2BAA2B;QAC5DlB;QACAC;QACAkB,sBAAsB;QACtBC,qBAAqB;QACrBC,QAAQ,OAAOrB,WAAWd,WAAW,WAAWc,WAAWd,OAAOmB,KAAKL,WAAWd;QAClF,GAAIZ,WAAWpB,OAAO;UAAEH,QAAQ;YAAEG,KAAKoB,WAAWpB;UAAI;QAAE;MAC1D,CAAA;AACA,aAAQ+C,gBAAgB,SAAS,SAASlE,OAAOuF,QAAQvF,OAAOuF,MAAMnF,MAAMJ;IAC9E,WAAWoE,iBAAiBoB,gCAAgCvB,UAAAA,GAAa;AACvE,YAAMwB,eAAexB;AACrB,UAAIwB,aAAalC,QAAQR,QAAW;AAClC0C,qBAAalC,MAAMJ;MACrB;AACA,UAAIsC,aAAaC,QAAQ3C,QAAW;AAClC0C,qBAAaC,MAAMC,KAAKC,OAAM,oBAAIC,KAAAA,GAAOC,QAAO,IAAK,GAAA,IAAQzG;MAC/D;AAEA,UAAI0G;AACJ,UAAI,qBAAqB9B,YAAY;AACnC8B,0BAAkB9B,WAAW,iBAAA;AAC7B,eAAOA,WAAW,iBAAA;MACpB,OAAO;AACL8B,0BAAkB;UAChBC,KAAK/B,WAAW,KAAA;QAClB;MACF;AAEA,UAAIa,iBAAoC3C,SAAS,8BAAA,GAAiC;AAChF,YAAKsD,aAAaQ,UAAUR,aAAaQ,OAAOC,eAAiBlC,eAAeA,YAAYmC,SAAS,GAAI;AAEvG,gBAAMC,yBAAyB,MAAMjE,QAAQlC,MAAMoG,6BAA6B;YAAEpC,YAAYwB;YAAczB;UAAY,CAAA;AACxH,cAAIyB,aAAaQ,QAAQC,aAAaI,KAAK;AACzC,gBAAI,CAACF,uBAAuBH,UAAU,CAACG,uBAAuBH,OAAOC,aAAa;AAEhF,qBAAO1F,QAAQC,OAAOC,MAAM,2DAAA,CAAA;YAC9B;AAGA,gBAAIsD,eAAeA,YAAYmC,SAAS,GAAG;AACzC,oBAAMI,aAAavC,YAAY,CAAA;AAC/BuC,yBAAWC,eAAeJ,uBAAuBH,OAAOC,YAAYO;AACpEF,yBAAWG,kBAAkBN,uBAAuBH,OAAOC,YAAYI;YACzE;AACAb,yBAAaQ,OAAOC,YAAYI,MAAMF,uBAAuBH,OAAOC,YAAYI;UAClF;QACF;MACF;AAEA,YAAMtG,SAAS,MAAMmC,QAAQlC,MAAM0G,cAAc;QAC/CC,mBAAmBnB;QACnBM;QACAxD;MACF,CAAA;AACA,aAAOvC,OAAOiE;IAChB;AAGA,WAAOzD,QAAQC,OAAO,yEAAA;EACxB;AA3GeoD;AA6Gf,SAAOA;AACT;AApHsBD;AAsHtB,eAAsBiD,uBACpBpH,MAOA0C,SAAyB;AAEzB,QAAM,EAAE2E,YAAYC,gBAAgBC,4BAA2B,IAAKvH;AAEpE,QAAMwH,UAAU,IAAIC,gBAAAA;AAEpB,QAAMxH,WACJD,KAAKC,YACLD,MAAMqH,YAAYzD,SAAS8D,aAAazH,YACxCD,KAAKqH,YAAYzD,SAAS8D,aAAaC,eAAe1H,YACtDC,iBAAiBwC,OAAAA;AACnB,MAAI,CAACzC,UAAU;AACb,UAAMgB,MAAM,4CAAA;EACd;AACA,QAAM0C,SAAShB,8BAA8B;IAAEiB,SAASyD,WAAWzD;IAASD,QAAQ0D,WAAW1D;EAAO,CAAA;AACtG,QAAMgE,gBAAkC;IACtC,GAAGN,YAAYzD,SAAS8D,aAAaC;IACrC,GAAG3H,MAAMqH,YAAYK,aAAaC;IAClC1H;IACA2H,UAAUN,eAAeO;EAC3B;AACAL,UAAQM,mBAAmBR,cAAAA;AAC3BE,UAAQO,0BAA0BR,2BAAAA;AAElCC,UAAQQ,6BAA6B,MAAM7D,4BAA4BR,QAAQjB,OAAAA,CAAAA;AAC/E,MAAI2E,WAAWY,eAAe;AAC5BT,YAAQU,kBAAkBb,WAAWY,aAAa;EACpD,WAAWX,eAAea,gBAAgB;AACxCX,YAAQU,kBAAkBb,WAAWY,iBAAiBX,eAAea,cAAc;EACrF;AAEA,MAAId,WAAWe,cAAc;AAC3BZ,YAAQa,qBAAqBhB,WAAWe,YAAY;EAKtD;AAEAZ,UAAQc,sBAAsBzI,qBAAqB;IAAEC,YAAY6H;EAAc,GAAGjF,OAAAA,CAAAA;AAElF,MAAI1C,KAAKuI,wBAAwB;AAC/Bf,YAAQgB,2BAA2BxI,KAAKuI,sBAAsB;EAChE;AACAf,UAAQiB,wBAAuB;AAC/BjB,UAAQkB,iCAAgC;AACxClB,UAAQmB,oCAAmC;AAE3C,SAAOnB;AACT;AAzDsBJ;AA2DtB,eAAsBwB,gBACpB,EACEvB,YACAC,gBACAC,6BACAgB,uBAAsB,GAOxB7F,SAAyB;AAEzB,UACE,MAAM0E,uBACJ;IACEC;IACAC;IACAC;IACAgB;EACF,GACA7F,OAAAA,GAEFmG,MAAK;AACT;AAzBsBD;AA2BtB,eAAsBE,6BAA6BrG,MAAwD;AACzG,iBAAesG,yBAAAA;AACb,UAAMC,OAAOvG,KAAKuG,KAAKC,QAAQ,iBAAiBxG,KAAKyG,wBAAwB;AAC7E,WAAOC,MAAMH,MAAM;MACjB5H,QAAQ;MACRgI,SAAS;QACP,gBAAgB;MAClB;IACF,CAAA,EAAGC,KAAK,OAAOC,aAAAA;AACb,UAAIA,SAAS9C,UAAU,KAAK;AAC1B,eAAOzF,QAAQC,OAAOC,MAAM,MAAMqI,SAASC,KAAI,CAAA,CAAA;MACjD,OAAO;AACL,cAAMC,eAAe,MAAMF,SAASG,KAAI;AAExC,YAAI,CAACD,aAAaE,gBAAgB;AAChC,iBAAO3I,QAAQC,OAAOC,MAAM,2CAAA,CAAA;QAC9B;AAEA,eAAOuI,aAAaE;MACtB;IACF,CAAA;EACF;AApBeX;AAsBf,SAAOA;AACT;AAxBsBD;AA0BtB,eAAsBa,iCAAiClH,MAGtD;AACC,iBAAemH,2BAA2BC,eAAqB;AAC7D,WAAOV,MAAM1G,KAAKuG,MAAM;MACtB5H,QAAQ;MACRgI,SAAS;QACP,gBAAgB;MAClB;MACAU,MAAMC,KAAKC,UAAU;QAAEC,cAAcxH,KAAKyG;QAA0BW;MAAc,CAAA;IACpF,CAAA,EAAGR,KAAK,OAAOC,aAAAA;AACb,UAAIA,SAAS9C,UAAU,KAAK;AAC1B,eAAOzF,QAAQC,OAAOC,MAAM,MAAMqI,SAASC,KAAI,CAAA,CAAA;MACjD,OAAO;AACL,cAAMC,eAAe,MAAMF,SAASG,KAAI;AAExC,YAAI,CAACD,aAAahD,QAAQ;AACxB,iBAAOzF,QAAQC,OAAOC,MAAM,iCAAA,CAAA;QAC9B;AAEA,eAAOuI,aAAahD,WAAW0D,iCAAiCC;MAClE;IACF,CAAA;EACF;AApBeP;AAsBf,SAAOA;AACT;AA3BsBD;;;AC5af,IAAMS,iBAAN,MAAMA;EAJb,OAIaA;;;EACHC;EACSC;EACAC;EACTC;EACSC;EAEjB,YAAmB,EACjBC,YACAC,cACAC,gBACAC,4BAA2B,GAM1B;AACD,SAAKN,iBAAiBG;AACtB,SAAKJ,mBAAmBK;AACxB,SAAKH,kBAAkBI;AACvB,SAAKH,+BAA+BI;EACtC;EAEA,MAAaC,IAAIC,MAAyG;AACxH,QAAI,CAAC,KAAKV,SAAS;AACjB,YAAMW,UAAU,MAAMC,uBACpB;QACEP,YAAY,KAAKQ;QACjBN,gBAAgB,KAAKA;QACrBC,6BAA6B,KAAKA;QAClCM,wBAAwBJ,MAAMI;MAChC,GACAJ,KAAKK,OAAO;AAEd,WAAKf,UAAUW,QAAQK,MAAK;IAC9B;AACA,WAAO,KAAKhB;EACd;EAEA,IAAIa,gBAAgB;AAClB,WAAO,KAAKX;EACd;EAEA,IAAIe,kBAAkB;AACpB,WAAO,KAAKhB;EACd;EAEA,IAAIM,iBAAiB;AACnB,WAAO,KAAKJ;EACd;EAEA,IAAII,eAAeW,OAAuB;AAExC,QAAI,KAAKlB,SAASO,gBAAgB;AAChC,WAAKP,QAAQO,iBAAiB;QAC5B,GAAG,KAAKP,SAASO;QACjBY,qCAAqCD,MAAMC;MAC7C;IACF;AAEA,SAAKhB,kBAAkBe;EACzB;EAEA,IAAIV,8BAA8B;AAChC,WAAO,KAAKJ;EACd;AACF;;;AF3CO,IAAMgB,uBAAsC;EACjD;EACA;EACA;EACA;EACA;;AAGK,IAAMC,gBAAN,MAAMA,eAAAA;EArCb,OAqCaA;;;EACX,OAAwBC,oBAAoB;EAC3BC,YAAyC,oBAAIC,IAAAA;EACrDC,SAASA,OAAOC;EAEhBC,UAA0B;IACjCC,uBAAuB,KAAKA,sBAAsBC,KAAK,IAAI;IAC3DC,wBAAwB,KAAKA,uBAAuBD,KAAK,IAAI;IAC7DE,kCAAkC,KAAKA,iCAAiCF,KAAK,IAAI;IACjFG,oBAAoB,KAAKA,mBAAmBH,KAAK,IAAI;IACrDI,gCAAgC,KAAKA,+BAA+BJ,KAAK,IAAI;EAC/E;EACQK;EAER,YAAYC,MAA2B;AACrC,SAAKD,QAAQC,QAAQ,CAAC;EACxB;EAEA,MAAcP,sBAAsBQ,YAA8BC,SAAqE;AACrI,WAAO,MAAM,KAAKL,mBAAmBI,YAAYC,OAAAA,EAC9CC,KAAK,CAACC,aAAaA,SAASC,IAAI;MAAEH;IAAQ,CAAA,CAAA,EAC1CC,KAAK,CAACG,WACLA,OAAOC,yBAAyBN,UAAAA,EAAYE,KAAK,CAACK,aAAAA;AAChD,YAAMC,SAA0CD;AAChD,UAAI,KAAKT,MAAMW,mBAAmB,OAAO;AACvC,eAAOD,OAAOE;MAChB;AACA,aAAOF;IACT,CAAA,CAAA;EAEN;EAEA,MAAcd,uBAAuBiB,WAAiCV,SAAwD;AAC5H,WAAO,MAAM,KAAKL,mBAAmBe,WAAWV,OAAAA,EAC7CC,KAAK,CAACC,aAAaA,SAASC,IAAI;MAAEH;IAAQ,CAAA,CAAA,EAC1CC,KAAK,CAACG,WAAqBA,OAAOO,gBAAgBD,SAAAA,CAAAA;EACvD;EAEA,MAAchB,iCACZkB,iBACAZ,SAC8B;AAC9B,WAAO,MAAM,KAAKL,mBAAmBiB,iBAAiBZ,OAAAA,EAASC,KAAK,OAAOC,aAAAA;AACzE,YAAME,SAAS,MAAMF,SAASC,IAAI;QAAEH;MAAQ,CAAA;AAE5C,YAAMa,8BAA8BD,gBAAgBE,SAAS;QAC3DC,yBAAyBX,OAAOW;QAChCC,oBAAoBJ,gBAAgBI;MACtC,CAAA;AACA,YAAMC,oBAAoBf,SAASgB,cAAcC,QAAQf,UAAUF,SAASgB,cAAcE,SAASD,OAAOE,WAAWC,SAAAA;AACrH,UAAI,CAACL,mBAAmB;AACtB,eAAOM,QAAQC,OAAOC,MAAM,yCAAyC,CAAA;MACvE;AACA,aAAOC,0BAA0Bd,gBAAgBE,SAAS;QACxDG;QACAU,gBAAgBf,gBAAgBI;QAChCY,iBAAiBhB,gBAAgBI;QACjCa,SAASzB,OAAOyB;QAChBd,yBAAyBX,OAAOW;QAChCe,2BAA2B,MAAMC,6BAA6B7B,SAASgB,eAAelB,OAAAA;MACxF,CAAA;IACF,CAAA;EACF;EAEQgC,cAAcC,gBAAoD;AACxE,QAAI,2BAA2BA,kBAAkBC,MAAMC,QAAQF,eAAeG,qBAAqB,GAAG;AACpG,aAAOH,eAAeG,sBAAsBC,KAAK,CAACC,OAAOA,OAAOL,eAAeM,iBAAiB;IAClG;AACA,WAAOC;EACT;EAEA,MAAcC,qBAAqBC,MAA2B1C,SAAoD;AAChH,UAAM2C,mBAAmBD,KAAKC,oBAAoB3D,eAAcC;AAGhE,UAAM2D,eAAe,MAAM,KAAKC,gBAAgB;MAAE,GAAGH;MAAMC;IAAiB,GAAG3C,OAAAA;AAC/E,UAAMiC,iBAAiB,MAAM,KAAKa,kBAAkB;MAAE,GAAGJ;MAAMC;IAAiB,GAAG3C,OAAAA;AACnF,UAAM+C,aAAa,KAAKf,cAAcC,cAAAA;AACtC,QAAIe,qBAA8ER;AAClF,QAAIO,YAAY;AAEdC,2BAAqB,MAAMC,kBAAkBF,YAAYG,mBAAmBC,sBAAsB;QAChGC,iBAAiB;MACnB,CAAA;AACA,UAAI,CAACJ,oBAAoB;AACvBA,6BAAqB,MAAMC,kBAAkBF,YAAYG,mBAAmBG,UAAU;UACpFD,iBAAiB;QACnB,CAAA;MACF;IACF;AACA,UAAME,8BAA8BN,oBAAoBO,cACpDP,mBAAoBO,cACpB,MAAM,KAAKC,wCACT;MACE,GAAGd;MACHC;IACF,GACA3C,OAAAA;AAEN,UAAMyD,aAAa,MAAM,KAAKC,uBAAuB;MAAE,GAAGhB;MAAMC;IAAiB,GAAG3C,OAAAA;AACpF,QAAI,CAACyD,WAAWE,aAAa;AAC3BF,iBAAWE,cAAc;QAAE,GAAGF,WAAWrC,SAASuC;QAAa,GAAG,KAAK9D,MAAM8D;MAAY;IAC3F;AACA,QAAI,CAACF,WAAWE,aAAaC,UAAU;AACrCH,iBAAWE,YAAYC,WAAWC,kBAAiB7D,OAAAA;IACrD;AAEA,SAAKd,UAAU4E,IACbnB,kBACA,IAAIoB,eAAe;MACjBN;MACAb;MACAX;MACAqB;IACF,CAAA,CAAA;AAGF,WAAO,KAAK3D,mBAAmB+C,MAAM1C,OAAAA;EACvC;;EAGA,MAAaJ,+BAA+B8C,MAAgC1C,SAA6C;AACvH,UAAME,WAAW,KAAKhB,UAAUiB,IAAIuC,KAAKC,gBAAgB;AACzD,QAAIzC,UAAU;AACZA,eAAS+B,iBAAiB,MAAM,KAAKa,kBAAkB;QAAE,GAAGJ;MAAK,GAAG1C,OAAAA;AACpE,aAAO;IACT;AACA,WAAO;EACT;EAEA,MAAaL,mBAAmB+C,MAA2B1C,SAAoD;AAC7G,UAAM2C,mBAAmBD,KAAKC,oBAAoB3D,eAAcC;AAEhE,QAAI,CAAC,KAAKC,UAAU8E,IAAIrB,gBAAAA,GAAmB;AACzC,YAAM,KAAKF,qBAAqBC,MAAM1C,OAAAA;IACxC;AACA,WAAO,KAAKd,UAAUiB,IAAIwC,gBAAAA;EAC5B;EAEA,MAAce,uBACZ5D,MAKAE,SACyB;AACzB,UAAM2C,mBAAmB7C,KAAK6C;AAC9B,UAAMsB,UAAU,MAAM,KAAKA,QAAQnE,MAAME,OAAAA;AACzC,UAAMkE,YAAY,MAAM,KAAKA,UAAUpE,MAAME,OAAAA;AAC7C,UAAMmE,UAAU,MAAMnE,QAAQoE,MAAMC,0BAA0B;MAC5DC,cAAc;MACdC,eAAe5B;MACfsB;MACAC;IACF,CAAA;AACA,QAAI,CAACC,SAAS;AACZ,YAAM1C,MAAM,6DAA6DkB,gBAAAA,EAAkB;IAC7F;AACA,WAAOwB;EACT;EAEA,MAActB,gBACZ/C,MAKAE,SAC2B;AAC3B,UAAM2C,mBAAmB7C,KAAK6C;AAC9B,UAAMsB,UAAU,MAAM,KAAKA,QAAQnE,MAAME,OAAAA;AACzC,UAAMwE,iBAAiB,MAAM,KAAKN,UAAUpE,MAAME,OAAAA;AAClD,WAAO;MAAE2C;MAAkBsB;MAASO;IAAe;EACrD;EAEA,MAAc1B,kBACZhD,MAKAE,SACyB;AACzB,UAAM4C,eAAe,MAAM,KAAKC,gBAAgB/C,MAAME,OAAAA;AACtD,UAAMyE,WAAY,MAAMzE,QAAQoE,MAAMM,wBAAwB;MAC5DJ,cAAc;MACdC,eAAe3B,aAAaD;MAC5BuB,WAAWtB,aAAa4B;MACxBP,SAASrB,aAAaqB;IACxB,CAAA;AACA,QAAI,CAACQ,UAAU;AACb,YAAMhD,MAAM,wCAAwC3B,KAAK6C,gBAAgB,eAAe7C,KAAKoE,SAAS,cAAcpE,KAAKmE,OAAO,EAAE;IACpI;AACA,WAAOQ;EACT;EAEA,MAAcjB,wCACZ1D,MAKAE,SACsC;AACtC,UAAM4C,eAAe,MAAM,KAAKC,gBAAgB/C,MAAME,OAAAA;AACtD,UAAMyE,WAAY,MAAMzE,QAAQoE,MAAMM,wBAAwB;MAC5DJ,cAAc;MACdC,eAAe3B,aAAaD;MAC5BuB,WAAWtB,aAAa4B;MACxBP,SAASrB,aAAaqB;IACxB,CAAA;AACA,QAAI,CAACQ,UAAU;AACb,YAAMhD,MACJ,wBAAwB3B,KAAK6C,gBAAgB,sCAAsCC,aAAa4B,cAAc,cAAc5B,aAAaqB,OAAO,EAAE;IAEtJ;AACA,WAAOQ;EACT;EAEA,MAAcR,QAAQnE,MAA6BE,SAA6C;AAC9F,UAAMiE,UAAUnE,MAAMmE,WAAW,KAAKpE,OAAO8E,kBAAmB,MAAM3E,SAASoE,MAAMQ,2BAAAA;AACrF,QAAI,CAACX,SAAS;AACZ,YAAMxC,MAAM,iGAAA;IACd;AACA,WAAOwC;EACT;EAEA,MAAcC,UAAUpE,MAA+BE,SAA6C;AAClG,UAAMkE,YAAYpE,MAAMoE,aAAa,KAAKrE,OAAOgF,oBAAqB,MAAM7E,SAASoE,MAAMU,6BAAAA;AAC3F,QAAI,CAACZ,WAAW;AACd,YAAMzC,MAAM,mGAAA;IACd;AACA,WAAOyC;EACT;AACF;;;AG7QA,IAAMa,SAASC;","names":["retrieveWellknown","WellKnownEndpoints","assertValidAccessTokenRequest","createAccessTokenResponse","getAgentResolver","AuthorizationResponseStateStatus","VcIssuerBuilder","getAgentResolver","legacyKeyRefsToIdentifierOpts","contextHasPlugin","CredentialMapper","bytesToBase64","fetch","createJWT","decodeJWT","verifyJWT","jwtDecode","CLOCK_SKEW_ISSUANCE","getJwtVerifyCallback","verifyOpts","_context","args","resolver","getAgentResolver","resolverResolution","uniresolverResolution","localResolution","resolve","result","agent","jwtVerifyJwsSignature","jws","jwt","error","identifier","signatures","Promise","reject","Error","jwkInfo","jwks","method","alg","jwk","header","jwtDecode","payload","kid","decodedJwt","decodeJWT","startsWith","did","split","didResult","verifyJWT","verified","console","log","didResolution","didDocument","didResolutionMetadata","getAccessTokenKeyRef","opts","context","legacyKeyRefsToIdentifierOpts","identifierManagedGet","getAccessTokenSignerCallback","resolution","vmRelationship","keyRef","kmsKeyRef","signer","data","dataString","encoding","undefined","bytesToBase64","keyManagerSign","accessTokenSignerCallback","issuer","idOpts","didOpts","toString","iss","kidHeader","identifierOpts","createJWT","typ","getCredentialSignerCallback","issueVCCallback","jwtVerifyResult","format","statusLists","credential","proofFormat","includes","CredentialMapper","isW3cCredential","id","subjectIsArray","Array","isArray","credentialSubject","credentialSubjects","map","subject","contextHasPlugin","credentialStatusVC","slAddStatusToCredential","credentialStatus","statusListCredential","createVerifiableCredential","removeOriginalFields","fetchRemoteContexts","domain","proof","isSdJwtDecodedCredentialPayload","sdJwtPayload","iat","Math","floor","Date","getTime","disclosureFrame","_sd","status","status_list","length","sdJwtPayloadWithStatus","slAddStatusToSdJwtCredential","idx","statusList","statusListId","uri","statusListIndex","createSdJwtVc","credentialPayload","createVciIssuerBuilder","issuerOpts","issuerMetadata","authorizationServerMetadata","builder","VcIssuerBuilder","resolveOpts","jwtVerifyOpts","audience","credential_issuer","withIssuerMetadata","withAuthorizationMetadata","withCredentialSignerCallback","nonceEndpoint","withNonceEndpoint","nonce_endpoint","asClientOpts","withASClientMetadata","withJWTVerifyCallback","credentialDataSupplier","withCredentialDataSupplier","withInMemoryCNonceState","withInMemoryCredentialOfferState","withInMemoryCredentialOfferURIState","createVciIssuer","build","createAuthRequestUriCallback","authRequestUriCallback","path","replace","presentationDefinitionId","fetch","headers","then","response","text","responseData","json","authRequestURI","createVerifyAuthResponseCallback","verifyAuthResponseCallback","correlationId","body","JSON","stringify","definitionId","AuthorizationResponseStateStatus","VERIFIED","IssuerInstance","_issuer","_metadataOptions","_issuerOptions","_issuerMetadata","_authorizationServerMetadata","issuerOpts","metadataOpts","issuerMetadata","authorizationServerMetadata","get","opts","builder","createVciIssuerBuilder","issuerOptions","credentialDataSupplier","context","build","metadataOptions","value","credential_configurations_supported","oid4vciIssuerMethods","OID4VCIIssuer","_DEFAULT_OPTS_KEY","instances","Map","schema","IDidAuthSiopOpAuthenticator","methods","oid4vciCreateOfferURI","bind","oid4vciIssueCredential","oid4vciCreateAccessTokenResponse","oid4vciGetInstance","oid4vciRefreshInstanceMetadata","_opts","opts","createArgs","context","then","instance","get","issuer","createCredentialOfferURI","response","result","returnSessions","session","issueArgs","issueCredential","accessTokenArgs","assertValidAccessTokenRequest","request","credentialOfferSessions","expirationDuration","accessTokenIssuer","issuerOptions","idOpts","didOpts","identifier","toString","Promise","reject","Error","createAccessTokenResponse","tokenExpiresIn","cNonceExpiresIn","cNonces","accessTokenSignerCallback","getAccessTokenSignerCallback","getExternalAS","issuerMetadata","Array","isArray","authorization_servers","find","as","credential_issuer","undefined","createIssuerInstance","args","credentialIssuer","metadataOpts","getMetadataOpts","getIssuerMetadata","externalAS","asMetadataResponse","retrieveWellknown","WellKnownEndpoints","OPENID_CONFIGURATION","errorOnNotFound","OAUTH_AS","authorizationServerMetadata","successBody","getAuthorizationServerMetadataFromStore","issuerOpts","getIssuerOptsFromStore","resolveOpts","resolver","getAgentResolver","set","IssuerInstance","has","storeId","namespace","options","agent","oid4vciStoreGetIssuerOpts","metadataType","correlationId","storeNamespace","metadata","oid4vciStoreGetMetadata","defaultStoreId","oid4vciStoreDefaultStoreId","defaultNamespace","oid4vciStoreDefaultNamespace","schema","require"]}
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@sphereon/ssi-sdk.oid4vci-issuer",
3
- "version": "0.36.1-next.11+262d209a",
3
+ "version": "0.36.1-next.115+0fab323a",
4
4
  "source": "./src/index.ts",
5
5
  "type": "module",
6
6
  "main": "./dist/index.cjs",
@@ -26,23 +26,23 @@
26
26
  "build": "tsup --config ../../tsup.config.ts --tsconfig ../../tsconfig.tsup.json"
27
27
  },
28
28
  "dependencies": {
29
- "@sphereon/oid4vci-client": "0.20.1-next.3",
30
- "@sphereon/oid4vci-common": "0.20.1-next.3",
31
- "@sphereon/oid4vci-issuer": "0.20.1-next.3",
32
- "@sphereon/ssi-sdk-ext.did-utils": "0.36.1-next.11+262d209a",
33
- "@sphereon/ssi-sdk-ext.identifier-resolution": "0.36.1-next.11+262d209a",
34
- "@sphereon/ssi-sdk-ext.jwt-service": "0.36.1-next.11+262d209a",
35
- "@sphereon/ssi-sdk.agent-config": "0.36.1-next.11+262d209a",
36
- "@sphereon/ssi-sdk.core": "0.36.1-next.11+262d209a",
37
- "@sphereon/ssi-sdk.data-store": "0.36.1-next.11+262d209a",
38
- "@sphereon/ssi-sdk.data-store-types": "0.36.1-next.11+262d209a",
39
- "@sphereon/ssi-sdk.kv-store-temp": "0.36.1-next.11+262d209a",
40
- "@sphereon/ssi-sdk.mdl-mdoc": "0.36.1-next.11+262d209a",
41
- "@sphereon/ssi-sdk.oid4vci-issuer-store": "0.36.1-next.11+262d209a",
42
- "@sphereon/ssi-sdk.sd-jwt": "0.36.1-next.11+262d209a",
43
- "@sphereon/ssi-sdk.vc-status-list": "0.36.1-next.11+262d209a",
44
- "@sphereon/ssi-sdk.vc-status-list-issuer": "0.36.1-next.11+262d209a",
45
- "@sphereon/ssi-types": "0.36.1-next.11+262d209a",
29
+ "@sphereon/oid4vci-client": "0.20.1-next.8",
30
+ "@sphereon/oid4vci-common": "0.20.1-next.8",
31
+ "@sphereon/oid4vci-issuer": "0.20.1-next.8",
32
+ "@sphereon/ssi-sdk-ext.did-utils": "0.36.1-next.115+0fab323a",
33
+ "@sphereon/ssi-sdk-ext.identifier-resolution": "0.36.1-next.115+0fab323a",
34
+ "@sphereon/ssi-sdk-ext.jwt-service": "0.36.1-next.115+0fab323a",
35
+ "@sphereon/ssi-sdk.agent-config": "0.36.1-next.115+0fab323a",
36
+ "@sphereon/ssi-sdk.core": "0.36.1-next.115+0fab323a",
37
+ "@sphereon/ssi-sdk.data-store": "0.36.1-next.115+0fab323a",
38
+ "@sphereon/ssi-sdk.data-store-types": "0.36.1-next.115+0fab323a",
39
+ "@sphereon/ssi-sdk.kv-store-temp": "0.36.1-next.115+0fab323a",
40
+ "@sphereon/ssi-sdk.mdl-mdoc": "0.36.1-next.115+0fab323a",
41
+ "@sphereon/ssi-sdk.oid4vci-issuer-store": "0.36.1-next.115+0fab323a",
42
+ "@sphereon/ssi-sdk.sd-jwt": "0.36.1-next.115+0fab323a",
43
+ "@sphereon/ssi-sdk.vc-status-list": "0.36.1-next.115+0fab323a",
44
+ "@sphereon/ssi-sdk.vc-status-list-issuer": "0.36.1-next.115+0fab323a",
45
+ "@sphereon/ssi-types": "0.36.1-next.115+0fab323a",
46
46
  "@types/uuid": "^9.0.8",
47
47
  "@veramo/core": "4.2.0",
48
48
  "@veramo/credential-w3c": "4.2.0",
@@ -51,7 +51,7 @@
51
51
  "uuid": "^9.0.1"
52
52
  },
53
53
  "devDependencies": {
54
- "@sphereon/did-auth-siop": "0.20.1-next.3",
54
+ "@sphereon/did-auth-siop": "0.20.1-next.8",
55
55
  "@sphereon/did-uni-client": "^0.6.3",
56
56
  "@veramo/did-provider-key": "4.2.0",
57
57
  "@veramo/did-resolver": "4.2.0",
@@ -85,5 +85,5 @@
85
85
  "OpenID Connect",
86
86
  "Authenticator"
87
87
  ],
88
- "gitHead": "262d209a803fecfba1ad5878724c4f6f91f86cec"
88
+ "gitHead": "0fab323abf92edba332557800ab79493e3681e1f"
89
89
  }