@sphereon/ssi-sdk.oid4vci-issuer 0.36.1-next.39 → 0.36.1-next.47
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/index.cjs +20 -1
- package/dist/index.cjs.map +1 -1
- package/dist/index.d.cts +6 -1
- package/dist/index.d.ts +6 -1
- package/dist/index.js +20 -1
- package/dist/index.js.map +1 -1
- package/package.json +16 -16
- package/src/agent/OID4VCIIssuer.ts +20 -2
- package/src/index.ts +1 -1
- package/src/types/IOID4VCIIssuer.ts +4 -0
package/dist/index.cjs
CHANGED
|
@@ -379,6 +379,7 @@ __export(index_exports, {
|
|
|
379
379
|
getAccessTokenSignerCallback: () => getAccessTokenSignerCallback,
|
|
380
380
|
getCredentialSignerCallback: () => getCredentialSignerCallback,
|
|
381
381
|
getJwtVerifyCallback: () => getJwtVerifyCallback,
|
|
382
|
+
oid4vciIssuerMethods: () => oid4vciIssuerMethods,
|
|
382
383
|
schema: () => schema
|
|
383
384
|
});
|
|
384
385
|
module.exports = __toCommonJS(index_exports);
|
|
@@ -782,6 +783,13 @@ var IssuerInstance = class {
|
|
|
782
783
|
};
|
|
783
784
|
|
|
784
785
|
// src/agent/OID4VCIIssuer.ts
|
|
786
|
+
var oid4vciIssuerMethods = [
|
|
787
|
+
"oid4vciCreateOfferURI",
|
|
788
|
+
"oid4vciIssueCredential",
|
|
789
|
+
"oid4vciCreateAccessTokenResponse",
|
|
790
|
+
"oid4vciGetInstance",
|
|
791
|
+
"oid4vciRefreshInstanceMetadata"
|
|
792
|
+
];
|
|
785
793
|
var OID4VCIIssuer = class _OID4VCIIssuer {
|
|
786
794
|
static {
|
|
787
795
|
__name(this, "OID4VCIIssuer");
|
|
@@ -793,7 +801,8 @@ var OID4VCIIssuer = class _OID4VCIIssuer {
|
|
|
793
801
|
oid4vciCreateOfferURI: this.oid4vciCreateOfferURI.bind(this),
|
|
794
802
|
oid4vciIssueCredential: this.oid4vciIssueCredential.bind(this),
|
|
795
803
|
oid4vciCreateAccessTokenResponse: this.oid4vciCreateAccessTokenResponse.bind(this),
|
|
796
|
-
oid4vciGetInstance: this.oid4vciGetInstance.bind(this)
|
|
804
|
+
oid4vciGetInstance: this.oid4vciGetInstance.bind(this),
|
|
805
|
+
oid4vciRefreshInstanceMetadata: this.oid4vciRefreshInstanceMetadata.bind(this)
|
|
797
806
|
};
|
|
798
807
|
_opts;
|
|
799
808
|
constructor(opts) {
|
|
@@ -891,6 +900,16 @@ var OID4VCIIssuer = class _OID4VCIIssuer {
|
|
|
891
900
|
}));
|
|
892
901
|
return this.oid4vciGetInstance(args, context);
|
|
893
902
|
}
|
|
903
|
+
// TODO SSISDK-87 create proper solution to update issuer metadata
|
|
904
|
+
async oid4vciRefreshInstanceMetadata(args, context) {
|
|
905
|
+
const instance = this.instances.get(args.credentialIssuer);
|
|
906
|
+
if (instance) {
|
|
907
|
+
const metadata = await this.getIssuerMetadata({
|
|
908
|
+
...args
|
|
909
|
+
}, context);
|
|
910
|
+
instance.issuerMetadata = metadata;
|
|
911
|
+
}
|
|
912
|
+
}
|
|
894
913
|
async oid4vciGetInstance(args, context) {
|
|
895
914
|
const credentialIssuer = args.credentialIssuer ?? _OID4VCIIssuer._DEFAULT_OPTS_KEY;
|
|
896
915
|
if (!this.instances.has(credentialIssuer)) {
|
package/dist/index.cjs.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"sources":["../plugin.schema.json","../src/index.ts","../src/agent/OID4VCIIssuer.ts","../src/functions.ts","../src/IssuerInstance.ts"],"sourcesContent":["{\n \"IDidAuthSiopOpAuthenticator\": {\n \"components\": {\n \"schemas\": {\n \"IGetSiopSessionArgs\": {\n \"type\": \"object\",\n \"properties\": {\n \"sessionId\": {\n \"type\": \"string\"\n },\n \"additionalProperties\": false\n },\n \"required\": [\"sessionId\"],\n \"description\": \"Arguments needed for {@link DidAuthSiopOpAuthenticator.getSessionForSiop } \"\n },\n \"IRegisterSiopSessionArgs\": {\n \"type\": \"object\",\n \"properties\": {\n \"identifier\": {\n \"type\": \"object\",\n \"properties\": {\n \"did\": {\n \"type\": \"string\"\n },\n \"alias\": {\n \"type\": \"string\"\n },\n \"provider\": {\n \"type\": \"string\"\n },\n \"controllerKeyId\": {\n \"type\": \"string\"\n },\n \"keys\": {\n \"type\": \"array\",\n \"items\": {\n \"type\": \"object\",\n \"properties\": {\n \"additionalProperties\": true\n }\n }\n },\n \"services\": {\n \"type\": \"array\",\n \"items\": {\n \"type\": \"object\",\n \"properties\": {\n \"additionalProperties\": true\n }\n }\n }\n },\n \"additionalProperties\": false,\n \"required\": [\"did\", \"provider\", \"keys\", \"services\"]\n },\n \"sessionId\": {\n \"type\": \"string\"\n },\n \"expiresIn\": {\n \"type\": \"number\"\n },\n \"additionalProperties\": false\n },\n \"required\": [\"identifier\"],\n \"description\": \"Arguments needed for {@link DidAuthSiopOpAuthenticator.registerSessionForSiop } \"\n },\n \"IRemoveSiopSessionArgs\": {\n \"type\": \"object\",\n \"properties\": {\n \"sessionId\": {\n \"type\": \"string\"\n },\n \"additionalProperties\": false\n },\n \"required\": [\"sessionId\"],\n \"description\": \"Arguments needed for {@link DidAuthSiopOpAuthenticator.removeSessionForSiop } \"\n },\n \"IAuthenticateWithSiopArgs\": {\n \"type\": \"object\",\n \"properties\": {\n \"sessionId\": {\n \"type\": \"string\"\n },\n \"stateId\": {\n \"type\": \"string\"\n },\n \"redirectUrl\": {\n \"type\": \"string\"\n },\n \"additionalProperties\": false\n },\n \"required\": [\"sessionId\", \"stateId\", \"redirectUrl\"],\n \"description\": \"Arguments needed for {@link DidAuthSiopOpAuthenticator.authenticateWithSiop } \"\n },\n \"IResponse\": {\n \"type\": \"object\",\n \"properties\": {\n \"status\": {\n \"type\": \"number\"\n },\n \"additionalProperties\": true\n },\n \"required\": [\"status\"],\n \"description\": \"Result of {@link DidAuthSiopOpAuthenticator.authenticateWithSiop & DidAuthSiopOpAuthenticator.sendSiopAuthenticationResponse } \"\n },\n \"IGetSiopAuthenticationRequestFromRpArgs\": {\n \"type\": \"object\",\n \"properties\": {\n \"sessionId\": {\n \"type\": \"string\"\n },\n \"stateId\": {\n \"type\": \"string\"\n },\n \"redirectUrl\": {\n \"type\": \"string\"\n },\n \"additionalProperties\": false\n },\n \"required\": [\"sessionId\", \"stateId\", \"redirectUrl\"],\n \"description\": \"Arguments needed for {@link DidAuthSiopOpAuthenticator.getSiopAuthenticationRequestFromRP } \"\n },\n \"ParsedAuthenticationRequestURI\": {\n \"type\": \"object\",\n \"properties\": {\n \"jwt\": {\n \"type\": \"string\"\n },\n \"requestPayload\": {\n \"type\": \"object\",\n \"properties\": {\n \"additionalProperties\": true\n }\n },\n \"registration\": {\n \"type\": \"object\",\n \"properties\": {\n \"additionalProperties\": true\n }\n },\n \"additionalProperties\": false\n },\n \"required\": [\"jwt\", \"requestPayload\", \"registration\"],\n \"description\": \"Result of {@link DidAuthSiopOpAuthenticator.getSiopAuthenticationRequestFromRP } \"\n },\n \"IGetSiopAuthenticationRequestDetailsArgs\": {\n \"type\": \"object\",\n \"properties\": {\n \"sessionId\": {\n \"type\": \"string\"\n },\n \"verifiedAuthenticationRequest\": {\n \"type\": \"object\",\n \"properties\": {\n \"additionalProperties\": true\n }\n },\n \"credentialFilter\": {\n \"type\": \"object\",\n \"properties\": {\n \"additionalProperties\": true\n }\n },\n \"additionalProperties\": false\n },\n \"required\": [\"sessionId\", \"verifiedAuthenticationRequest\"],\n \"description\": \"Arguments needed for {@link DidAuthSiopOpAuthenticator.getSiopAuthenticationRequestDetails } \"\n },\n \"IAuthRequestDetails\": {\n \"type\": \"object\",\n \"properties\": {\n \"id\": {\n \"type\": \"string\"\n },\n \"alsoKnownAs\": {\n \"type\": \"array\",\n \"items\": {\n \"type\": \"string\"\n }\n },\n \"vpResponseOpts\": {\n \"type\": \"object\",\n \"properties\": {\n \"additionalProperties\": true\n }\n },\n \"additionalProperties\": false\n },\n \"required\": [\"id\", \"vpResponseOpts\"],\n \"description\": \"Result of {@link DidAuthSiopOpAuthenticator.getSiopAuthenticationRequestDetails } \"\n },\n \"IVerifySiopAuthenticationRequestUriArgs\": {\n \"type\": \"object\",\n \"properties\": {\n \"sessionId\": {\n \"type\": \"string\"\n },\n \"ParsedAuthenticationRequestURI\": {\n \"type\": \"object\",\n \"properties\": {\n \"additionalProperties\": true\n }\n },\n \"additionalProperties\": false\n },\n \"required\": [\"sessionId\", \"ParsedAuthenticationRequestURI\"],\n \"description\": \"Arguments needed for {@link DidAuthSiopOpAuthenticator.verifySiopAuthenticationRequestURI } \"\n },\n \"VerifiedAuthorizationRequest\": {\n \"type\": \"object\",\n \"properties\": {\n \"payload\": {\n \"type\": \"object\",\n \"properties\": {\n \"additionalProperties\": true\n }\n },\n \"presentationDefinitions\": {\n \"type\": \"object\",\n \"properties\": {\n \"additionalProperties\": true\n }\n },\n \"verifyOpts\": {\n \"type\": \"object\",\n \"properties\": {\n \"additionalProperties\": true\n }\n },\n \"additionalProperties\": false\n },\n \"required\": [\"payload\", \"verifyOpts\"],\n \"description\": \"Result of {@link DidAuthSiopOpAuthenticator.verifySiopAuthenticationRequestURI } \"\n },\n \"ISendSiopAuthenticationResponseArgs\": {\n \"type\": \"object\",\n \"properties\": {\n \"sessionId\": {\n \"type\": \"string\"\n },\n \"verifiedAuthenticationRequest\": {\n \"type\": \"object\",\n \"properties\": {\n \"additionalProperties\": true\n }\n },\n \"verifiablePresentationResponse\": {\n \"type\": \"object\",\n \"properties\": {\n \"additionalProperties\": true\n }\n },\n \"additionalProperties\": false\n },\n \"required\": [\"sessionId\", \"verifiedAuthenticationRequest\"],\n \"description\": \"Arguments needed for {@link DidAuthSiopOpAuthenticator.sendSiopAuthenticationResponse } \"\n }\n },\n \"methods\": {\n \"getSessionForSiop\": {\n \"description\": \"Get SIOP session\",\n \"arguments\": {\n \"$ref\": \"#/components/schemas/IGetSiopSessionArgs\"\n },\n \"returnType\": \"object\"\n },\n \"registerSessionForSiop\": {\n \"description\": \"Register SIOP session\",\n \"arguments\": {\n \"$ref\": \"#/components/schemas/IRegisterSiopSessionArgs\"\n },\n \"returnType\": \"object\"\n },\n \"removeSessionForSiop\": {\n \"description\": \"Remove SIOP session\",\n \"arguments\": {\n \"$ref\": \"#/components/schemas/IRemoveSiopSessionArgs\"\n },\n \"returnType\": \"boolean\"\n },\n \"authenticateWithSiop\": {\n \"description\": \"Authenticate using DID Auth SIOP\",\n \"arguments\": {\n \"$ref\": \"#/components/schemas/IAuthenticateWithSiopArgs\"\n },\n \"returnType\": {\n \"$ref\": \"#/components/schemas/Response\"\n }\n },\n \"getSiopAuthenticationRequestFromRP\": {\n \"description\": \"Get authentication request from RP\",\n \"arguments\": {\n \"$ref\": \"#/components/schemas/IGetSiopAuthenticationRequestFromRpArgs\"\n },\n \"returnType\": {\n \"$ref\": \"#/components/schemas/ParsedAuthenticationRequestURI\"\n }\n },\n \"getSiopAuthenticationRequestDetails\": {\n \"description\": \"Get authentication request details\",\n \"arguments\": {\n \"$ref\": \"#/components/schemas/IGetSiopAuthenticationRequestDetailsArgs\"\n },\n \"returnType\": {\n \"$ref\": \"#/components/schemas/IAuthRequestDetails\"\n }\n },\n \"verifySiopAuthenticationRequestURI\": {\n \"description\": \"Verify authentication request URI\",\n \"arguments\": {\n \"$ref\": \"#/components/schemas/IVerifySiopAuthenticationRequestUriArgs\"\n },\n \"returnType\": {\n \"$ref\": \"#/components/schemas/VerifiedAuthorizationRequest\"\n }\n },\n \"sendSiopAuthenticationResponse\": {\n \"description\": \"Send authentication response\",\n \"arguments\": {\n \"$ref\": \"#/components/schemas/ISendSiopAuthenticationResponseArgs\"\n },\n \"returnType\": {\n \"$ref\": \"#/components/schemas/IRequiredContext\"\n }\n }\n }\n }\n }\n}\n","/**\n * @public\n */\nconst schema = require('../plugin.schema.json')\nexport { schema }\nexport { OID4VCIIssuer } from './agent/OID4VCIIssuer'\nexport * from './functions'\nexport * from './IssuerInstance'\nexport * from './types/IOID4VCIIssuer'\n","import {\n AccessTokenResponse,\n AuthorizationServerMetadata,\n CredentialResponse,\n IssuerMetadata,\n OpenIDResponse,\n WellKnownEndpoints,\n} from '@sphereon/oid4vci-common'\nimport { assertValidAccessTokenRequest, createAccessTokenResponse, VcIssuer } from '@sphereon/oid4vci-issuer'\nimport { retrieveWellknown } from '@sphereon/oid4vci-client'\nimport { getAgentResolver } from '@sphereon/ssi-sdk-ext.did-utils'\nimport { IMetadataOptions } from '@sphereon/ssi-sdk.oid4vci-issuer-store'\nimport { IAgentPlugin } from '@veramo/core'\nimport { getAccessTokenSignerCallback } from '../functions'\nimport {\n IAssertValidAccessTokenArgs,\n ICreateCredentialOfferURIResult,\n ICreateOfferArgs,\n IIssueCredentialArgs,\n IIssuerInstanceArgs,\n IIssuerOptions,\n IOID4VCIIssuerOpts,\n IRequiredContext,\n schema,\n} from '../index'\nimport { IssuerInstance } from '../IssuerInstance'\n\nimport { IOID4VCIIssuer } from '../types/IOID4VCIIssuer'\n\nexport class OID4VCIIssuer implements IAgentPlugin {\n private static readonly _DEFAULT_OPTS_KEY = '_default'\n private readonly instances: Map<string, IssuerInstance> = new Map()\n readonly schema = schema.IDidAuthSiopOpAuthenticator\n\n readonly methods: IOID4VCIIssuer = {\n oid4vciCreateOfferURI: this.oid4vciCreateOfferURI.bind(this),\n oid4vciIssueCredential: this.oid4vciIssueCredential.bind(this),\n oid4vciCreateAccessTokenResponse: this.oid4vciCreateAccessTokenResponse.bind(this),\n oid4vciGetInstance: this.oid4vciGetInstance.bind(this),\n }\n private _opts: IOID4VCIIssuerOpts\n\n constructor(opts?: IOID4VCIIssuerOpts) {\n this._opts = opts ?? {}\n }\n\n private async oid4vciCreateOfferURI(createArgs: ICreateOfferArgs, context: IRequiredContext): Promise<ICreateCredentialOfferURIResult> {\n return await this.oid4vciGetInstance(createArgs, context)\n .then((instance) => instance.get({ context }))\n .then((issuer: VcIssuer) =>\n issuer.createCredentialOfferURI(createArgs).then((response) => {\n const result: ICreateCredentialOfferURIResult = response\n if (this._opts.returnSessions === false) {\n delete result.session\n }\n return result\n }),\n )\n }\n\n private async oid4vciIssueCredential(issueArgs: IIssueCredentialArgs, context: IRequiredContext): Promise<CredentialResponse> {\n return await this.oid4vciGetInstance(issueArgs, context)\n .then((instance) => instance.get({ context }))\n .then((issuer: VcIssuer) => issuer.issueCredential(issueArgs))\n }\n\n private async oid4vciCreateAccessTokenResponse(\n accessTokenArgs: IAssertValidAccessTokenArgs,\n context: IRequiredContext,\n ): Promise<AccessTokenResponse> {\n return await this.oid4vciGetInstance(accessTokenArgs, context).then(async (instance) => {\n const issuer = await instance.get({ context })\n\n await assertValidAccessTokenRequest(accessTokenArgs.request, {\n credentialOfferSessions: issuer.credentialOfferSessions,\n expirationDuration: accessTokenArgs.expirationDuration,\n })\n const accessTokenIssuer = instance.issuerOptions.idOpts?.issuer ?? instance.issuerOptions.didOpts?.idOpts.identifier.toString() // last part is legacy\n if (!accessTokenIssuer) {\n return Promise.reject(Error(`Could not determine access token issuer`))\n }\n return createAccessTokenResponse(accessTokenArgs.request, {\n accessTokenIssuer,\n tokenExpiresIn: accessTokenArgs.expirationDuration,\n cNonceExpiresIn: accessTokenArgs.expirationDuration,\n cNonces: issuer.cNonces,\n credentialOfferSessions: issuer.credentialOfferSessions,\n accessTokenSignerCallback: await getAccessTokenSignerCallback(instance.issuerOptions, context),\n })\n })\n }\n\n private getExternalAS(issuerMetadata: IssuerMetadata): string | undefined {\n if ('authorization_servers' in issuerMetadata && Array.isArray(issuerMetadata.authorization_servers)) {\n return issuerMetadata.authorization_servers.find((as) => as !== issuerMetadata.credential_issuer)\n }\n return undefined\n }\n\n private async createIssuerInstance(args: IIssuerInstanceArgs, context: IRequiredContext): Promise<IssuerInstance> {\n const credentialIssuer = args.credentialIssuer ?? OID4VCIIssuer._DEFAULT_OPTS_KEY\n //todo: prob doesn't make sense as credentialIssuer is mandatory anyway\n\n const metadataOpts = await this.getMetadataOpts({ ...args, credentialIssuer }, context)\n const issuerMetadata = await this.getIssuerMetadata({ ...args, credentialIssuer }, context)\n const externalAS = this.getExternalAS(issuerMetadata)\n let asMetadataResponse: OpenIDResponse<AuthorizationServerMetadata> | undefined = undefined\n if (externalAS) {\n // Let's try OIDC first and then fallback to OAuth2\n asMetadataResponse = await retrieveWellknown(externalAS, WellKnownEndpoints.OPENID_CONFIGURATION, {\n errorOnNotFound: false,\n })\n if (!asMetadataResponse) {\n asMetadataResponse = await retrieveWellknown(externalAS, WellKnownEndpoints.OAUTH_AS, {\n errorOnNotFound: true,\n })\n }\n }\n const authorizationServerMetadata = asMetadataResponse?.successBody\n ? asMetadataResponse!.successBody\n : await this.getAuthorizationServerMetadataFromStore(\n {\n ...args,\n credentialIssuer,\n },\n context,\n )\n const issuerOpts = await this.getIssuerOptsFromStore({ ...args, credentialIssuer }, context)\n if (!issuerOpts.resolveOpts) {\n issuerOpts.resolveOpts = { ...issuerOpts.didOpts?.resolveOpts, ...this._opts.resolveOpts }\n }\n if (!issuerOpts.resolveOpts?.resolver) {\n issuerOpts.resolveOpts.resolver = getAgentResolver(context)\n }\n\n this.instances.set(\n credentialIssuer,\n new IssuerInstance({\n issuerOpts,\n metadataOpts,\n issuerMetadata,\n authorizationServerMetadata,\n }),\n )\n\n return this.oid4vciGetInstance(args, context)\n }\n\n public async oid4vciGetInstance(args: IIssuerInstanceArgs, context: IRequiredContext): Promise<IssuerInstance> {\n const credentialIssuer = args.credentialIssuer ?? OID4VCIIssuer._DEFAULT_OPTS_KEY\n //todo: prob doesn't make sense as credentialIssuer is mandatory anyway\n if (!this.instances.has(credentialIssuer)) {\n await this.createIssuerInstance(args, context)\n }\n return this.instances.get(credentialIssuer)!\n }\n\n private async getIssuerOptsFromStore(\n opts: {\n credentialIssuer: string\n storeId?: string\n namespace?: string\n },\n context: IRequiredContext,\n ): Promise<IIssuerOptions> {\n const credentialIssuer = opts.credentialIssuer\n const storeId = await this.storeId(opts, context)\n const namespace = await this.namespace(opts, context)\n const options = await context.agent.oid4vciStoreGetIssuerOpts({\n metadataType: 'issuer',\n correlationId: credentialIssuer,\n storeId,\n namespace,\n })\n if (!options) {\n throw Error(`Could not get specific nor default options for definition ${credentialIssuer}`)\n }\n return options\n }\n\n private async getMetadataOpts(\n opts: {\n credentialIssuer: string\n storeId?: string\n namespace?: string\n },\n context: IRequiredContext,\n ): Promise<IMetadataOptions> {\n const credentialIssuer = opts.credentialIssuer\n const storeId = await this.storeId(opts, context)\n const storeNamespace = await this.namespace(opts, context)\n return { credentialIssuer, storeId, storeNamespace }\n }\n\n private async getIssuerMetadata(\n opts: {\n credentialIssuer: string\n storeId?: string\n namespace?: string\n },\n context: IRequiredContext,\n ): Promise<IssuerMetadata> {\n const metadataOpts = await this.getMetadataOpts(opts, context)\n const metadata = (await context.agent.oid4vciStoreGetMetadata({\n metadataType: 'issuer',\n correlationId: metadataOpts.credentialIssuer,\n namespace: metadataOpts.storeNamespace,\n storeId: metadataOpts.storeId,\n })) as IssuerMetadata\n if (!metadata) {\n throw Error(`Issuer metadata not found for issuer ${opts.credentialIssuer}, namespace ${opts.namespace} and store ${opts.storeId}`)\n }\n return metadata\n }\n\n private async getAuthorizationServerMetadataFromStore(\n opts: {\n credentialIssuer: string\n storeId?: string\n namespace?: string\n },\n context: IRequiredContext,\n ): Promise<AuthorizationServerMetadata> {\n const metadataOpts = await this.getMetadataOpts(opts, context)\n const metadata = (await context.agent.oid4vciStoreGetMetadata({\n metadataType: 'authorizationServer',\n correlationId: metadataOpts.credentialIssuer,\n namespace: metadataOpts.storeNamespace,\n storeId: metadataOpts.storeId,\n })) as AuthorizationServerMetadata\n if (!metadata) {\n throw Error(\n `Authorization server ${opts.credentialIssuer} metadata not found for namespace ${metadataOpts.storeNamespace} and store ${metadataOpts.storeId}`,\n )\n }\n return metadata\n }\n\n private async storeId(opts?: { storeId?: string }, context?: IRequiredContext): Promise<string> {\n const storeId = opts?.storeId ?? this._opts?.defaultStoreId ?? (await context?.agent.oid4vciStoreDefaultStoreId())\n if (!storeId) {\n throw Error('Please provide a store id a default value, or provide the context for a global default store id')\n }\n return storeId\n }\n\n private async namespace(opts?: { namespace?: string }, context?: IRequiredContext): Promise<string> {\n const namespace = opts?.namespace ?? this._opts?.defaultNamespace ?? (await context?.agent.oid4vciStoreDefaultNamespace())\n if (!namespace) {\n throw Error('Please provide a namespace a default value, or provide the context for a global default namespace')\n }\n return namespace\n }\n}\n","import { AuthorizationResponseStateStatus } from '@sphereon/did-auth-siop'\nimport {\n AuthorizationServerMetadata,\n CredentialRequestV1_0_15,\n IssuerMetadata,\n Jwt,\n JWTHeader,\n JWTPayload,\n JwtVerifyResult,\n type OID4VCICredentialFormat,\n StatusListOpts,\n} from '@sphereon/oid4vci-common'\nimport { CredentialDataSupplier, CredentialIssuanceInput, CredentialSignerCallback, VcIssuer, VcIssuerBuilder } from '@sphereon/oid4vci-issuer'\nimport { getAgentResolver, IDIDOptions } from '@sphereon/ssi-sdk-ext.did-utils'\nimport { legacyKeyRefsToIdentifierOpts, ManagedIdentifierOptsOrResult } from '@sphereon/ssi-sdk-ext.identifier-resolution'\nimport { contextHasPlugin } from '@sphereon/ssi-sdk.agent-config'\nimport { SdJwtVcPayload } from '@sphereon/ssi-sdk.sd-jwt'\nimport { IStatusListPlugin } from '@sphereon/ssi-sdk.vc-status-list'\nimport { CompactSdJwtVc, CredentialMapper, ICredential, W3CVerifiableCredential } from '@sphereon/ssi-types'\nimport { CredentialPayload, ProofFormat } from '@veramo/core'\nimport { bytesToBase64 } from '@veramo/utils'\nimport fetch from 'cross-fetch'\nimport { createJWT, decodeJWT, JWTVerifyOptions, verifyJWT } from 'did-jwt'\nimport { Resolvable } from 'did-resolver'\nimport { jwtDecode } from 'jwt-decode'\nimport { IIssuerOptions, IRequiredContext } from './types/IOID4VCIIssuer'\n\nexport function getJwtVerifyCallback({ verifyOpts }: { verifyOpts?: JWTVerifyOptions }, _context: IRequiredContext) {\n return async (args: { jwt: string; kid?: string }): Promise<JwtVerifyResult> => {\n const resolver = getAgentResolver(_context, {\n resolverResolution: true,\n uniresolverResolution: true,\n localResolution: true,\n })\n verifyOpts = { ...verifyOpts, resolver: verifyOpts?.resolver } // Resolver separately as that is a function\n if (!verifyOpts?.resolver || typeof verifyOpts?.resolver?.resolve !== 'function') {\n verifyOpts.resolver = resolver\n }\n const result = await _context.agent.jwtVerifyJwsSignature({ jws: args.jwt })\n if (!result.error) {\n const identifier = result.jws.signatures[0].identifier\n if (!identifier) {\n return Promise.reject(Error('the jws did not contain a signature with an identifier'))\n }\n const jwkInfo = identifier.jwks[0]\n if (!jwkInfo) {\n return Promise.reject(Error(`the identifier of type ${identifier.method} is missing jwks (ExternalJwkInfo)`))\n }\n const { alg } = jwkInfo.jwk\n const header = jwtDecode<JWTHeader>(args.jwt, { header: true })\n const payload = jwtDecode<JWTPayload>(args.jwt, { header: false })\n const kid = args.kid ?? header.kid\n //const jwk = !kid ? jwkInfo.jwk : undefined // TODO double-check if this is correct\n const jwk = jwkInfo.jwk // FIXME workaround IATAB2B-57\n return {\n alg,\n ...identifier,\n jwt: { header, payload },\n ...(kid && { kid }),\n ...(jwk && { jwk }),\n } as JwtVerifyResult\n }\n\n const decodedJwt = (await decodeJWT(args.jwt)) as Jwt\n const kid = args.kid ?? decodedJwt.header.kid\n\n if (!kid || !kid.startsWith('did:')) {\n // No DID method present in header. We already performed the validation above. So return that\n return {\n alg: decodedJwt.header.alg,\n jwt: decodedJwt,\n } as JwtVerifyResult\n }\n const did = kid.split('#')[0]\n\n const didResult = await verifyJWT(args.jwt, verifyOpts)\n if (!didResult.verified) {\n console.log(`JWT invalid: ${args.jwt}`)\n throw Error('JWT did not verify successfully')\n }\n\n const didResolution = await resolver.resolve(did)\n if (!didResolution || !didResolution.didDocument) {\n throw Error(`Could not resolve did: ${did}, metadata: ${didResolution?.didResolutionMetadata}`)\n }\n\n const alg = decodedJwt.header.alg\n return {\n alg,\n kid,\n did,\n didDocument: didResolution.didDocument,\n jwt: decodedJwt,\n }\n }\n}\n\nexport async function getAccessTokenKeyRef(\n opts: {\n /**\n * Uniform identifier options\n */\n idOpts?: ManagedIdentifierOptsOrResult\n /**\n * @deprecated\n */\n iss?: string\n /**\n * @deprecated\n */\n keyRef?: string\n /**\n * @deprecated\n */\n didOpts?: IDIDOptions\n },\n context: IRequiredContext,\n) {\n let identifier = legacyKeyRefsToIdentifierOpts(opts)\n return await context.agent.identifierManagedGet(identifier)\n}\n\nexport async function getAccessTokenSignerCallback(\n opts: {\n /**\n * Uniform identifier options\n */\n idOpts?: ManagedIdentifierOptsOrResult\n /**\n * @deprecated\n */\n iss?: string\n /**\n * @deprecated\n */\n keyRef?: string\n /**\n * @deprecated\n */\n didOpts?: IDIDOptions\n },\n context: IRequiredContext,\n) {\n const signer = async (data: string | Uint8Array) => {\n let dataString, encoding: 'base64' | undefined\n\n const resolution = await legacyKeyRefsToIdentifierOpts(opts)\n const keyRef = resolution.kmsKeyRef\n if (!keyRef) {\n throw Error('Cannot sign access tokens without a key ref')\n }\n if (typeof data === 'string') {\n dataString = data\n encoding = undefined\n } else {\n dataString = bytesToBase64(data)\n encoding = 'base64'\n }\n return context.agent.keyManagerSign({ keyRef, data: dataString, encoding })\n }\n\n async function accessTokenSignerCallback(jwt: Jwt, kid?: string): Promise<string> {\n const issuer =\n opts.idOpts?.issuer ??\n (typeof opts.idOpts?.identifier === 'string' ? opts.idOpts.identifier : (opts.didOpts?.idOpts?.identifier?.toString() ?? opts?.iss))\n if (!issuer) {\n throw Error('No issuer configured for access tokens')\n }\n\n let kidHeader: string | undefined = jwt?.header?.kid ?? kid\n if (!kidHeader) {\n if (\n opts.idOpts?.method === 'did' ||\n opts.idOpts?.method === 'kid' ||\n (typeof opts.didOpts?.idOpts.identifier === 'string' && opts.didOpts?.idOpts?.identifier?.startsWith('did:'))\n ) {\n // @ts-ignore\n kidHeader = opts.idOpts?.kid ?? opts.didOpts?.idOpts?.kid ?? opts?.didOpts?.identifierOpts?.kid\n }\n }\n return await createJWT(jwt.payload, { signer, issuer }, { ...jwt.header, ...(kidHeader && { kid: kidHeader }), typ: 'JWT' })\n }\n\n return accessTokenSignerCallback\n}\n\nexport async function getCredentialSignerCallback(\n idOpts: ManagedIdentifierOptsOrResult & {\n crypto?: Crypto\n },\n context: IRequiredContext,\n): Promise<CredentialSignerCallback> {\n async function issueVCCallback(args: {\n credentialRequest: CredentialRequestV1_0_15\n credential: CredentialIssuanceInput\n jwtVerifyResult: JwtVerifyResult\n format?: OID4VCICredentialFormat\n statusLists?: Array<StatusListOpts>\n }): Promise<W3CVerifiableCredential | CompactSdJwtVc> {\n const { jwtVerifyResult, format, statusLists } = args\n const credential = args.credential as ICredential // TODO: SDJWT\n let proofFormat: ProofFormat\n\n const resolution = await context.agent.identifierManagedGet(idOpts)\n proofFormat = format?.includes('ld') ? 'lds' : 'jwt'\n const issuer = resolution.issuer ?? resolution.kmsKeyRef\n\n if (CredentialMapper.isW3cCredential(credential)) {\n if (!credential.issuer) {\n credential.issuer = { id: issuer }\n } else if (typeof credential.issuer === 'object' && !credential.issuer.id) {\n credential.issuer.id = issuer\n }\n const subjectIsArray = Array.isArray(credential.credentialSubject)\n let credentialSubjects = Array.isArray(credential.credentialSubject) ? credential.credentialSubject : [credential.credentialSubject]\n credentialSubjects = credentialSubjects.map((subject) => {\n if (!subject.id) {\n subject.id = jwtVerifyResult.did\n }\n return subject\n })\n credential.credentialSubject = subjectIsArray ? credentialSubjects : credentialSubjects[0]\n\n // TODO: We should extend the plugin capabilities of issuance so we do not have to tuck this into the sign callback\n if (contextHasPlugin<IStatusListPlugin>(context, 'slAddStatusToCredential')) {\n // Add status list if enabled (and when the input has a credentialStatus object (can be empty))\n const credentialStatusVC = await context.agent.slAddStatusToCredential({ credential, statusLists })\n if (credential.credentialStatus && !credential.credentialStatus.statusListCredential) {\n credential.credentialStatus = credentialStatusVC.credentialStatus\n }\n }\n\n const result = await context.agent.createVerifiableCredential({\n credential: credential as CredentialPayload,\n proofFormat,\n removeOriginalFields: false,\n fetchRemoteContexts: true,\n domain: typeof credential.issuer === 'object' ? credential.issuer.id : credential.issuer,\n ...(resolution.kid && { header: { kid: resolution.kid } }),\n })\n return (proofFormat === 'jwt' && 'jwt' in result.proof ? result.proof.jwt : result) as W3CVerifiableCredential\n } else if (CredentialMapper.isSdJwtDecodedCredentialPayload(credential)) {\n const sdJwtPayload = credential as SdJwtVcPayload\n if (sdJwtPayload.iss === undefined) {\n sdJwtPayload.iss = issuer\n }\n if (sdJwtPayload.iat === undefined) {\n sdJwtPayload.iat = Math.floor(new Date().getTime() / 1000)\n }\n\n let disclosureFrame\n if ('disclosureFrame' in credential) {\n disclosureFrame = credential['disclosureFrame']\n delete credential['disclosureFrame']\n } else {\n disclosureFrame = {\n _sd: credential['_sd'],\n }\n }\n\n if (contextHasPlugin<IStatusListPlugin>(context, 'slAddStatusToSdJwtCredential')) {\n if ((sdJwtPayload.status && sdJwtPayload.status.status_list) || (statusLists && statusLists.length > 0)) {\n // Add status list if enabled (and when the input has a credentialStatus object (can be empty))\n const sdJwtPayloadWithStatus = await context.agent.slAddStatusToSdJwtCredential({ credential: sdJwtPayload, statusLists })\n if (sdJwtPayload.status?.status_list?.idx) {\n if (!sdJwtPayloadWithStatus.status || !sdJwtPayloadWithStatus.status.status_list) {\n // sdJwtPayload and sdJwtPayloadWithStatus is the same for now, but we should use the result anyway as this could be subject to change\n return Promise.reject(Error('slAddStatusToSdJwtCredential did not return a status_list'))\n }\n\n // Update statusListId & statusListIndex back to the credential session TODO SSISDK-4 This is not a clean way to do this.\n if (statusLists && statusLists.length > 0) {\n const statusList = statusLists[0]\n statusList.statusListId = sdJwtPayloadWithStatus.status.status_list.uri\n statusList.statusListIndex = sdJwtPayloadWithStatus.status.status_list.idx\n }\n sdJwtPayload.status.status_list.idx = sdJwtPayloadWithStatus.status.status_list.idx\n }\n }\n }\n\n const result = await context.agent.createSdJwtVc({\n credentialPayload: sdJwtPayload,\n disclosureFrame: disclosureFrame,\n resolution,\n })\n return result.credential\n } /*else if (CredentialMapper.isMsoMdocDecodedCredential(credential)) {\n TODO\n }*/\n return Promise.reject('VC issuance failed, an incorrect or unsupported credential was supplied')\n }\n\n return issueVCCallback\n}\n\nexport async function createVciIssuerBuilder(\n args: {\n issuerOpts: IIssuerOptions\n issuerMetadata: IssuerMetadata\n authorizationServerMetadata: AuthorizationServerMetadata\n resolver?: Resolvable\n credentialDataSupplier?: CredentialDataSupplier\n },\n context: IRequiredContext,\n): Promise<VcIssuerBuilder> {\n const { issuerOpts, issuerMetadata, authorizationServerMetadata } = args\n\n const builder = new VcIssuerBuilder()\n // @ts-ignore\n const resolver =\n args.resolver ??\n args?.issuerOpts?.didOpts?.resolveOpts?.resolver ??\n args.issuerOpts?.didOpts?.resolveOpts?.jwtVerifyOpts?.resolver ??\n getAgentResolver(context)\n if (!resolver) {\n throw Error('A Resolver is necessary to verify DID JWTs')\n }\n const idOpts = legacyKeyRefsToIdentifierOpts({ didOpts: issuerOpts.didOpts, idOpts: issuerOpts.idOpts })\n const jwtVerifyOpts: JWTVerifyOptions = {\n ...issuerOpts?.didOpts?.resolveOpts?.jwtVerifyOpts,\n ...args?.issuerOpts?.resolveOpts?.jwtVerifyOpts,\n resolver,\n audience: issuerMetadata.credential_issuer as string, // FIXME legacy version had {display: NameAndLocale | NameAndLocale[]} as credential_issuer\n }\n builder.withIssuerMetadata(issuerMetadata)\n builder.withAuthorizationMetadata(authorizationServerMetadata)\n // builder.withUserPinRequired(issuerOpts.userPinRequired ?? false) was removed from implementers draft v1\n builder.withCredentialSignerCallback(await getCredentialSignerCallback(idOpts, context))\n if (issuerOpts.nonceEndpoint) {\n builder.withNonceEndpoint(issuerOpts.nonceEndpoint)\n } else if (issuerMetadata.nonce_endpoint) {\n builder.withNonceEndpoint(issuerOpts.nonceEndpoint ?? issuerMetadata.nonce_endpoint)\n }\n\n if (issuerOpts.asClientOpts) {\n builder.withASClientMetadata(issuerOpts.asClientOpts)\n // @ts-ignore\n // const authorizationServer = issuerMetadata.authorization_servers[0] as string\n // Set the OIDC verifier\n // builder.withJWTVerifyCallback(oidcAccessTokenVerifyCallback({clientMetadata: issuerOpts.asClientOpts, credentialIssuer: issuerMetadata.credential_issuer as string, authorizationServer}))\n }\n // Do not use it when asClient is used\n builder.withJWTVerifyCallback(getJwtVerifyCallback({ verifyOpts: jwtVerifyOpts }, context))\n\n if (args.credentialDataSupplier) {\n builder.withCredentialDataSupplier(args.credentialDataSupplier)\n }\n builder.withInMemoryCNonceState()\n builder.withInMemoryCredentialOfferState()\n builder.withInMemoryCredentialOfferURIState()\n\n return builder\n}\n\nexport async function createVciIssuer(\n {\n issuerOpts,\n issuerMetadata,\n authorizationServerMetadata,\n credentialDataSupplier,\n }: {\n issuerOpts: IIssuerOptions\n issuerMetadata: IssuerMetadata\n authorizationServerMetadata: AuthorizationServerMetadata\n credentialDataSupplier?: CredentialDataSupplier\n },\n context: IRequiredContext,\n): Promise<VcIssuer> {\n return (\n await createVciIssuerBuilder(\n {\n issuerOpts,\n issuerMetadata,\n authorizationServerMetadata,\n credentialDataSupplier,\n },\n context,\n )\n ).build()\n}\n\nexport async function createAuthRequestUriCallback(opts: { path: string; presentationDefinitionId: string }): Promise<() => Promise<string>> {\n async function authRequestUriCallback(): Promise<string> {\n const path = opts.path.replace(':definitionId', opts.presentationDefinitionId)\n return fetch(path, {\n method: 'POST',\n headers: {\n 'Content-Type': 'application/json',\n },\n }).then(async (response): Promise<string> => {\n if (response.status >= 400) {\n return Promise.reject(Error(await response.text()))\n } else {\n const responseData = await response.json()\n\n if (!responseData.authRequestURI) {\n return Promise.reject(Error('Missing auth request uri in response body'))\n }\n\n return responseData.authRequestURI\n }\n })\n }\n\n return authRequestUriCallback\n}\n\nexport async function createVerifyAuthResponseCallback(opts: {\n path: string\n presentationDefinitionId: string\n}): Promise<(correlationId: string) => Promise<boolean>> {\n async function verifyAuthResponseCallback(correlationId: string): Promise<boolean> {\n return fetch(opts.path, {\n method: 'POST',\n headers: {\n 'Content-Type': 'application/json',\n },\n body: JSON.stringify({ definitionId: opts.presentationDefinitionId, correlationId }),\n }).then(async (response): Promise<boolean> => {\n if (response.status >= 400) {\n return Promise.reject(Error(await response.text()))\n } else {\n const responseData = await response.json()\n\n if (!responseData.status) {\n return Promise.reject(Error('Missing status in response body'))\n }\n\n return responseData.status === AuthorizationResponseStateStatus.VERIFIED\n }\n })\n }\n\n return verifyAuthResponseCallback\n}\n","import { CredentialDataSupplier, VcIssuer } from '@sphereon/oid4vci-issuer'\nimport { createVciIssuerBuilder } from './functions'\nimport { AuthorizationServerMetadata, IssuerMetadata } from '@sphereon/oid4vci-common'\nimport { IIssuerOptions, IMetadataOptions, IRequiredContext } from './types/IOID4VCIIssuer'\n\nexport class IssuerInstance {\n private _issuer: VcIssuer | undefined\n private readonly _metadataOptions: IMetadataOptions\n private readonly _issuerOptions: IIssuerOptions\n private _issuerMetadata: IssuerMetadata\n private readonly _authorizationServerMetadata: AuthorizationServerMetadata\n\n public constructor({\n issuerOpts,\n metadataOpts,\n issuerMetadata,\n authorizationServerMetadata,\n }: {\n issuerOpts: IIssuerOptions\n metadataOpts: IMetadataOptions\n issuerMetadata: IssuerMetadata\n authorizationServerMetadata: AuthorizationServerMetadata\n }) {\n this._issuerOptions = issuerOpts\n this._metadataOptions = metadataOpts\n this._issuerMetadata = issuerMetadata\n this._authorizationServerMetadata = authorizationServerMetadata\n }\n\n public async get(opts: { context: IRequiredContext; credentialDataSupplier?: CredentialDataSupplier }): Promise<VcIssuer> {\n if (!this._issuer) {\n const builder = await createVciIssuerBuilder(\n {\n issuerOpts: this.issuerOptions,\n issuerMetadata: this.issuerMetadata,\n authorizationServerMetadata: this.authorizationServerMetadata,\n credentialDataSupplier: opts?.credentialDataSupplier,\n },\n opts.context,\n )\n this._issuer = builder.build()\n }\n return this._issuer\n }\n\n get issuerOptions() {\n return this._issuerOptions\n }\n\n get metadataOptions() {\n return this._metadataOptions\n }\n\n get issuerMetadata() {\n return this._issuerMetadata\n }\n\n set issuerMetadata(value: IssuerMetadata) {\n // TODO SSISDK-87 create proper solution to update issuer metadata\n if (this._issuer?.issuerMetadata) {\n this._issuer.issuerMetadata = {\n ...this._issuer?.issuerMetadata,\n credential_configurations_supported: value.credential_configurations_supported\n }\n }\n\n this._issuerMetadata = value\n }\n\n get authorizationServerMetadata() {\n return this._authorizationServerMetadata\n }\n}\n"],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAAA;AAAA,gCAAAA,SAAA;AAAA,IAAAA,QAAA;AAAA,MACE,6BAA+B;AAAA,QAC7B,YAAc;AAAA,UACZ,SAAW;AAAA,YACT,qBAAuB;AAAA,cACrB,MAAQ;AAAA,cACR,YAAc;AAAA,gBACZ,WAAa;AAAA,kBACX,MAAQ;AAAA,gBACV;AAAA,gBACA,sBAAwB;AAAA,cAC1B;AAAA,cACA,UAAY,CAAC,WAAW;AAAA,cACxB,aAAe;AAAA,YACjB;AAAA,YACA,0BAA4B;AAAA,cAC1B,MAAQ;AAAA,cACR,YAAc;AAAA,gBACZ,YAAc;AAAA,kBACZ,MAAQ;AAAA,kBACR,YAAc;AAAA,oBACZ,KAAO;AAAA,sBACL,MAAQ;AAAA,oBACV;AAAA,oBACA,OAAS;AAAA,sBACP,MAAQ;AAAA,oBACV;AAAA,oBACA,UAAY;AAAA,sBACV,MAAQ;AAAA,oBACV;AAAA,oBACA,iBAAmB;AAAA,sBACjB,MAAQ;AAAA,oBACV;AAAA,oBACA,MAAQ;AAAA,sBACN,MAAQ;AAAA,sBACR,OAAS;AAAA,wBACP,MAAQ;AAAA,wBACR,YAAc;AAAA,0BACZ,sBAAwB;AAAA,wBAC1B;AAAA,sBACF;AAAA,oBACF;AAAA,oBACA,UAAY;AAAA,sBACV,MAAQ;AAAA,sBACR,OAAS;AAAA,wBACP,MAAQ;AAAA,wBACR,YAAc;AAAA,0BACZ,sBAAwB;AAAA,wBAC1B;AAAA,sBACF;AAAA,oBACF;AAAA,kBACF;AAAA,kBACA,sBAAwB;AAAA,kBACxB,UAAY,CAAC,OAAO,YAAY,QAAQ,UAAU;AAAA,gBACpD;AAAA,gBACA,WAAa;AAAA,kBACX,MAAQ;AAAA,gBACV;AAAA,gBACA,WAAa;AAAA,kBACX,MAAQ;AAAA,gBACV;AAAA,gBACA,sBAAwB;AAAA,cAC1B;AAAA,cACA,UAAY,CAAC,YAAY;AAAA,cACzB,aAAe;AAAA,YACjB;AAAA,YACA,wBAA0B;AAAA,cACxB,MAAQ;AAAA,cACR,YAAc;AAAA,gBACZ,WAAa;AAAA,kBACX,MAAQ;AAAA,gBACV;AAAA,gBACA,sBAAwB;AAAA,cAC1B;AAAA,cACA,UAAY,CAAC,WAAW;AAAA,cACxB,aAAe;AAAA,YACjB;AAAA,YACA,2BAA6B;AAAA,cAC3B,MAAQ;AAAA,cACR,YAAc;AAAA,gBACZ,WAAa;AAAA,kBACX,MAAQ;AAAA,gBACV;AAAA,gBACA,SAAW;AAAA,kBACT,MAAQ;AAAA,gBACV;AAAA,gBACA,aAAe;AAAA,kBACb,MAAQ;AAAA,gBACV;AAAA,gBACA,sBAAwB;AAAA,cAC1B;AAAA,cACA,UAAY,CAAC,aAAa,WAAW,aAAa;AAAA,cAClD,aAAe;AAAA,YACjB;AAAA,YACA,WAAa;AAAA,cACX,MAAQ;AAAA,cACR,YAAc;AAAA,gBACZ,QAAU;AAAA,kBACR,MAAQ;AAAA,gBACV;AAAA,gBACA,sBAAwB;AAAA,cAC1B;AAAA,cACA,UAAY,CAAC,QAAQ;AAAA,cACrB,aAAe;AAAA,YACjB;AAAA,YACA,yCAA2C;AAAA,cACzC,MAAQ;AAAA,cACR,YAAc;AAAA,gBACZ,WAAa;AAAA,kBACX,MAAQ;AAAA,gBACV;AAAA,gBACA,SAAW;AAAA,kBACT,MAAQ;AAAA,gBACV;AAAA,gBACA,aAAe;AAAA,kBACb,MAAQ;AAAA,gBACV;AAAA,gBACA,sBAAwB;AAAA,cAC1B;AAAA,cACA,UAAY,CAAC,aAAa,WAAW,aAAa;AAAA,cAClD,aAAe;AAAA,YACjB;AAAA,YACA,gCAAkC;AAAA,cAChC,MAAQ;AAAA,cACR,YAAc;AAAA,gBACZ,KAAO;AAAA,kBACL,MAAQ;AAAA,gBACV;AAAA,gBACA,gBAAkB;AAAA,kBAChB,MAAQ;AAAA,kBACR,YAAc;AAAA,oBACZ,sBAAwB;AAAA,kBAC1B;AAAA,gBACF;AAAA,gBACA,cAAgB;AAAA,kBACd,MAAQ;AAAA,kBACR,YAAc;AAAA,oBACZ,sBAAwB;AAAA,kBAC1B;AAAA,gBACF;AAAA,gBACA,sBAAwB;AAAA,cAC1B;AAAA,cACA,UAAY,CAAC,OAAO,kBAAkB,cAAc;AAAA,cACpD,aAAe;AAAA,YACjB;AAAA,YACA,0CAA4C;AAAA,cAC1C,MAAQ;AAAA,cACR,YAAc;AAAA,gBACZ,WAAa;AAAA,kBACX,MAAQ;AAAA,gBACV;AAAA,gBACA,+BAAiC;AAAA,kBAC/B,MAAQ;AAAA,kBACR,YAAc;AAAA,oBACZ,sBAAwB;AAAA,kBAC1B;AAAA,gBACF;AAAA,gBACA,kBAAoB;AAAA,kBAClB,MAAQ;AAAA,kBACR,YAAc;AAAA,oBACZ,sBAAwB;AAAA,kBAC1B;AAAA,gBACF;AAAA,gBACA,sBAAwB;AAAA,cAC1B;AAAA,cACA,UAAY,CAAC,aAAa,+BAA+B;AAAA,cACzD,aAAe;AAAA,YACjB;AAAA,YACA,qBAAuB;AAAA,cACrB,MAAQ;AAAA,cACR,YAAc;AAAA,gBACZ,IAAM;AAAA,kBACJ,MAAQ;AAAA,gBACV;AAAA,gBACA,aAAe;AAAA,kBACb,MAAQ;AAAA,kBACR,OAAS;AAAA,oBACP,MAAQ;AAAA,kBACV;AAAA,gBACF;AAAA,gBACA,gBAAkB;AAAA,kBAChB,MAAQ;AAAA,kBACR,YAAc;AAAA,oBACZ,sBAAwB;AAAA,kBAC1B;AAAA,gBACF;AAAA,gBACA,sBAAwB;AAAA,cAC1B;AAAA,cACA,UAAY,CAAC,MAAM,gBAAgB;AAAA,cACnC,aAAe;AAAA,YACjB;AAAA,YACA,yCAA2C;AAAA,cACzC,MAAQ;AAAA,cACR,YAAc;AAAA,gBACZ,WAAa;AAAA,kBACX,MAAQ;AAAA,gBACV;AAAA,gBACA,gCAAkC;AAAA,kBAChC,MAAQ;AAAA,kBACR,YAAc;AAAA,oBACZ,sBAAwB;AAAA,kBAC1B;AAAA,gBACF;AAAA,gBACA,sBAAwB;AAAA,cAC1B;AAAA,cACA,UAAY,CAAC,aAAa,gCAAgC;AAAA,cAC1D,aAAe;AAAA,YACjB;AAAA,YACA,8BAAgC;AAAA,cAC9B,MAAQ;AAAA,cACR,YAAc;AAAA,gBACZ,SAAW;AAAA,kBACT,MAAQ;AAAA,kBACR,YAAc;AAAA,oBACZ,sBAAwB;AAAA,kBAC1B;AAAA,gBACF;AAAA,gBACA,yBAA2B;AAAA,kBACzB,MAAQ;AAAA,kBACR,YAAc;AAAA,oBACZ,sBAAwB;AAAA,kBAC1B;AAAA,gBACF;AAAA,gBACA,YAAc;AAAA,kBACZ,MAAQ;AAAA,kBACR,YAAc;AAAA,oBACZ,sBAAwB;AAAA,kBAC1B;AAAA,gBACF;AAAA,gBACA,sBAAwB;AAAA,cAC1B;AAAA,cACA,UAAY,CAAC,WAAW,YAAY;AAAA,cACpC,aAAe;AAAA,YACjB;AAAA,YACA,qCAAuC;AAAA,cACrC,MAAQ;AAAA,cACR,YAAc;AAAA,gBACZ,WAAa;AAAA,kBACX,MAAQ;AAAA,gBACV;AAAA,gBACA,+BAAiC;AAAA,kBAC/B,MAAQ;AAAA,kBACR,YAAc;AAAA,oBACZ,sBAAwB;AAAA,kBAC1B;AAAA,gBACF;AAAA,gBACA,gCAAkC;AAAA,kBAChC,MAAQ;AAAA,kBACR,YAAc;AAAA,oBACZ,sBAAwB;AAAA,kBAC1B;AAAA,gBACF;AAAA,gBACA,sBAAwB;AAAA,cAC1B;AAAA,cACA,UAAY,CAAC,aAAa,+BAA+B;AAAA,cACzD,aAAe;AAAA,YACjB;AAAA,UACF;AAAA,UACA,SAAW;AAAA,YACT,mBAAqB;AAAA,cACnB,aAAe;AAAA,cACf,WAAa;AAAA,gBACX,MAAQ;AAAA,cACV;AAAA,cACA,YAAc;AAAA,YAChB;AAAA,YACA,wBAA0B;AAAA,cACxB,aAAe;AAAA,cACf,WAAa;AAAA,gBACX,MAAQ;AAAA,cACV;AAAA,cACA,YAAc;AAAA,YAChB;AAAA,YACA,sBAAwB;AAAA,cACtB,aAAe;AAAA,cACf,WAAa;AAAA,gBACX,MAAQ;AAAA,cACV;AAAA,cACA,YAAc;AAAA,YAChB;AAAA,YACA,sBAAwB;AAAA,cACtB,aAAe;AAAA,cACf,WAAa;AAAA,gBACX,MAAQ;AAAA,cACV;AAAA,cACA,YAAc;AAAA,gBACZ,MAAQ;AAAA,cACV;AAAA,YACF;AAAA,YACA,oCAAsC;AAAA,cACpC,aAAe;AAAA,cACf,WAAa;AAAA,gBACX,MAAQ;AAAA,cACV;AAAA,cACA,YAAc;AAAA,gBACZ,MAAQ;AAAA,cACV;AAAA,YACF;AAAA,YACA,qCAAuC;AAAA,cACrC,aAAe;AAAA,cACf,WAAa;AAAA,gBACX,MAAQ;AAAA,cACV;AAAA,cACA,YAAc;AAAA,gBACZ,MAAQ;AAAA,cACV;AAAA,YACF;AAAA,YACA,oCAAsC;AAAA,cACpC,aAAe;AAAA,cACf,WAAa;AAAA,gBACX,MAAQ;AAAA,cACV;AAAA,cACA,YAAc;AAAA,gBACZ,MAAQ;AAAA,cACV;AAAA,YACF;AAAA,YACA,gCAAkC;AAAA,cAChC,aAAe;AAAA,cACf,WAAa;AAAA,gBACX,MAAQ;AAAA,cACV;AAAA,cACA,YAAc;AAAA,gBACZ,MAAQ;AAAA,cACV;AAAA,YACF;AAAA,UACF;AAAA,QACF;AAAA,MACF;AAAA,IACF;AAAA;AAAA;;;ACxUA;;;;;;;;;;;;;;;;;ACAA,4BAOO;AACP,IAAAC,yBAAmF;AACnF,4BAAkC;AAClC,IAAAC,sBAAiC;;;ACVjC,2BAAiD;AAYjD,4BAAqH;AACrH,yBAA8C;AAC9C,IAAAC,sBAA6E;AAC7E,qBAAiC;AAGjC,uBAAuF;AAEvF,mBAA8B;AAC9B,yBAAkB;AAClB,qBAAkE;AAElE,wBAA0B;AAGnB,SAASC,qBAAqB,EAAEC,WAAU,GAAuCC,UAA0B;AAChH,SAAO,OAAOC,SAAAA;AACZ,UAAMC,eAAWC,qCAAiBH,UAAU;MAC1CI,oBAAoB;MACpBC,uBAAuB;MACvBC,iBAAiB;IACnB,CAAA;AACAP,iBAAa;MAAE,GAAGA;MAAYG,UAAUH,YAAYG;IAAS;AAC7D,QAAI,CAACH,YAAYG,YAAY,OAAOH,YAAYG,UAAUK,YAAY,YAAY;AAChFR,iBAAWG,WAAWA;IACxB;AACA,UAAMM,SAAS,MAAMR,SAASS,MAAMC,sBAAsB;MAAEC,KAAKV,KAAKW;IAAI,CAAA;AAC1E,QAAI,CAACJ,OAAOK,OAAO;AACjB,YAAMC,aAAaN,OAAOG,IAAII,WAAW,CAAA,EAAGD;AAC5C,UAAI,CAACA,YAAY;AACf,eAAOE,QAAQC,OAAOC,MAAM,wDAAA,CAAA;MAC9B;AACA,YAAMC,UAAUL,WAAWM,KAAK,CAAA;AAChC,UAAI,CAACD,SAAS;AACZ,eAAOH,QAAQC,OAAOC,MAAM,0BAA0BJ,WAAWO,MAAM,oCAAoC,CAAA;MAC7G;AACA,YAAM,EAAEC,KAAAA,KAAG,IAAKH,QAAQI;AACxB,YAAMC,aAASC,6BAAqBxB,KAAKW,KAAK;QAAEY,QAAQ;MAAK,CAAA;AAC7D,YAAME,cAAUD,6BAAsBxB,KAAKW,KAAK;QAAEY,QAAQ;MAAM,CAAA;AAChE,YAAMG,OAAM1B,KAAK0B,OAAOH,OAAOG;AAE/B,YAAMJ,MAAMJ,QAAQI;AACpB,aAAO;QACLD,KAAAA;QACA,GAAGR;QACHF,KAAK;UAAEY;UAAQE;QAAQ;QACvB,GAAIC,QAAO;UAAEA,KAAAA;QAAI;QACjB,GAAIJ,OAAO;UAAEA;QAAI;MACnB;IACF;AAEA,UAAMK,aAAc,UAAMC,0BAAU5B,KAAKW,GAAG;AAC5C,UAAMe,MAAM1B,KAAK0B,OAAOC,WAAWJ,OAAOG;AAE1C,QAAI,CAACA,OAAO,CAACA,IAAIG,WAAW,MAAA,GAAS;AAEnC,aAAO;QACLR,KAAKM,WAAWJ,OAAOF;QACvBV,KAAKgB;MACP;IACF;AACA,UAAMG,MAAMJ,IAAIK,MAAM,GAAA,EAAK,CAAA;AAE3B,UAAMC,YAAY,UAAMC,0BAAUjC,KAAKW,KAAKb,UAAAA;AAC5C,QAAI,CAACkC,UAAUE,UAAU;AACvBC,cAAQC,IAAI,gBAAgBpC,KAAKW,GAAG,EAAE;AACtC,YAAMM,MAAM,iCAAA;IACd;AAEA,UAAMoB,gBAAgB,MAAMpC,SAASK,QAAQwB,GAAAA;AAC7C,QAAI,CAACO,iBAAiB,CAACA,cAAcC,aAAa;AAChD,YAAMrB,MAAM,0BAA0Ba,GAAAA,eAAkBO,eAAeE,qBAAAA,EAAuB;IAChG;AAEA,UAAMlB,MAAMM,WAAWJ,OAAOF;AAC9B,WAAO;MACLA;MACAK;MACAI;MACAQ,aAAaD,cAAcC;MAC3B3B,KAAKgB;IACP;EACF;AACF;AApEgB9B;AAsEhB,eAAsB2C,qBACpBC,MAkBAC,SAAyB;AAEzB,MAAI7B,iBAAa8B,mDAA8BF,IAAAA;AAC/C,SAAO,MAAMC,QAAQlC,MAAMoC,qBAAqB/B,UAAAA;AAClD;AAvBsB2B;AAyBtB,eAAsBK,6BACpBJ,MAkBAC,SAAyB;AAEzB,QAAMI,SAAS,8BAAOC,SAAAA;AACpB,QAAIC,YAAYC;AAEhB,UAAMC,aAAa,UAAMP,mDAA8BF,IAAAA;AACvD,UAAMU,SAASD,WAAWE;AAC1B,QAAI,CAACD,QAAQ;AACX,YAAMlC,MAAM,6CAAA;IACd;AACA,QAAI,OAAO8B,SAAS,UAAU;AAC5BC,mBAAaD;AACbE,iBAAWI;IACb,OAAO;AACLL,uBAAaM,4BAAcP,IAAAA;AAC3BE,iBAAW;IACb;AACA,WAAOP,QAAQlC,MAAM+C,eAAe;MAAEJ;MAAQJ,MAAMC;MAAYC;IAAS,CAAA;EAC3E,GAhBe;AAkBf,iBAAeO,0BAA0B7C,KAAUe,KAAY;AAC7D,UAAM+B,SACJhB,KAAKiB,QAAQD,WACZ,OAAOhB,KAAKiB,QAAQ7C,eAAe,WAAW4B,KAAKiB,OAAO7C,aAAc4B,KAAKkB,SAASD,QAAQ7C,YAAY+C,SAAAA,KAAcnB,MAAMoB;AACjI,QAAI,CAACJ,QAAQ;AACX,YAAMxC,MAAM,wCAAA;IACd;AAEA,QAAI6C,YAAgCnD,KAAKY,QAAQG,OAAOA;AACxD,QAAI,CAACoC,WAAW;AACd,UACErB,KAAKiB,QAAQtC,WAAW,SACxBqB,KAAKiB,QAAQtC,WAAW,SACvB,OAAOqB,KAAKkB,SAASD,OAAO7C,eAAe,YAAY4B,KAAKkB,SAASD,QAAQ7C,YAAYgB,WAAW,MAAA,GACrG;AAEAiC,oBAAYrB,KAAKiB,QAAQhC,OAAOe,KAAKkB,SAASD,QAAQhC,OAAOe,MAAMkB,SAASI,gBAAgBrC;MAC9F;IACF;AACA,WAAO,UAAMsC,0BAAUrD,IAAIc,SAAS;MAAEqB;MAAQW;IAAO,GAAG;MAAE,GAAG9C,IAAIY;MAAQ,GAAIuC,aAAa;QAAEpC,KAAKoC;MAAU;MAAIG,KAAK;IAAM,CAAA;EAC5H;AApBeT;AAsBf,SAAOA;AACT;AA9DsBX;AAgEtB,eAAsBqB,4BACpBR,QAGAhB,SAAyB;AAEzB,iBAAeyB,gBAAgBnE,MAM9B;AACC,UAAM,EAAEoE,iBAAiBC,QAAQC,YAAW,IAAKtE;AACjD,UAAMuE,aAAavE,KAAKuE;AACxB,QAAIC;AAEJ,UAAMtB,aAAa,MAAMR,QAAQlC,MAAMoC,qBAAqBc,MAAAA;AAC5Dc,kBAAcH,QAAQI,SAAS,IAAA,IAAQ,QAAQ;AAC/C,UAAMhB,SAASP,WAAWO,UAAUP,WAAWE;AAE/C,QAAIsB,kCAAiBC,gBAAgBJ,UAAAA,GAAa;AAChD,UAAI,CAACA,WAAWd,QAAQ;AACtBc,mBAAWd,SAAS;UAAEmB,IAAInB;QAAO;MACnC,WAAW,OAAOc,WAAWd,WAAW,YAAY,CAACc,WAAWd,OAAOmB,IAAI;AACzEL,mBAAWd,OAAOmB,KAAKnB;MACzB;AACA,YAAMoB,iBAAiBC,MAAMC,QAAQR,WAAWS,iBAAiB;AACjE,UAAIC,qBAAqBH,MAAMC,QAAQR,WAAWS,iBAAiB,IAAIT,WAAWS,oBAAoB;QAACT,WAAWS;;AAClHC,2BAAqBA,mBAAmBC,IAAI,CAACC,YAAAA;AAC3C,YAAI,CAACA,QAAQP,IAAI;AACfO,kBAAQP,KAAKR,gBAAgBtC;QAC/B;AACA,eAAOqD;MACT,CAAA;AACAZ,iBAAWS,oBAAoBH,iBAAiBI,qBAAqBA,mBAAmB,CAAA;AAGxF,cAAIG,iCAAoC1C,SAAS,yBAAA,GAA4B;AAE3E,cAAM2C,qBAAqB,MAAM3C,QAAQlC,MAAM8E,wBAAwB;UAAEf;UAAYD;QAAY,CAAA;AACjG,YAAIC,WAAWgB,oBAAoB,CAAChB,WAAWgB,iBAAiBC,sBAAsB;AACpFjB,qBAAWgB,mBAAmBF,mBAAmBE;QACnD;MACF;AAEA,YAAMhF,SAAS,MAAMmC,QAAQlC,MAAMiF,2BAA2B;QAC5DlB;QACAC;QACAkB,sBAAsB;QACtBC,qBAAqB;QACrBC,QAAQ,OAAOrB,WAAWd,WAAW,WAAWc,WAAWd,OAAOmB,KAAKL,WAAWd;QAClF,GAAIP,WAAWxB,OAAO;UAAEH,QAAQ;YAAEG,KAAKwB,WAAWxB;UAAI;QAAE;MAC1D,CAAA;AACA,aAAQ8C,gBAAgB,SAAS,SAASjE,OAAOsF,QAAQtF,OAAOsF,MAAMlF,MAAMJ;IAC9E,WAAWmE,kCAAiBoB,gCAAgCvB,UAAAA,GAAa;AACvE,YAAMwB,eAAexB;AACrB,UAAIwB,aAAalC,QAAQR,QAAW;AAClC0C,qBAAalC,MAAMJ;MACrB;AACA,UAAIsC,aAAaC,QAAQ3C,QAAW;AAClC0C,qBAAaC,MAAMC,KAAKC,OAAM,oBAAIC,KAAAA,GAAOC,QAAO,IAAK,GAAA;MACvD;AAEA,UAAIC;AACJ,UAAI,qBAAqB9B,YAAY;AACnC8B,0BAAkB9B,WAAW,iBAAA;AAC7B,eAAOA,WAAW,iBAAA;MACpB,OAAO;AACL8B,0BAAkB;UAChBC,KAAK/B,WAAW,KAAA;QAClB;MACF;AAEA,cAAIa,iCAAoC1C,SAAS,8BAAA,GAAiC;AAChF,YAAKqD,aAAaQ,UAAUR,aAAaQ,OAAOC,eAAiBlC,eAAeA,YAAYmC,SAAS,GAAI;AAEvG,gBAAMC,yBAAyB,MAAMhE,QAAQlC,MAAMmG,6BAA6B;YAAEpC,YAAYwB;YAAczB;UAAY,CAAA;AACxH,cAAIyB,aAAaQ,QAAQC,aAAaI,KAAK;AACzC,gBAAI,CAACF,uBAAuBH,UAAU,CAACG,uBAAuBH,OAAOC,aAAa;AAEhF,qBAAOzF,QAAQC,OAAOC,MAAM,2DAAA,CAAA;YAC9B;AAGA,gBAAIqD,eAAeA,YAAYmC,SAAS,GAAG;AACzC,oBAAMI,aAAavC,YAAY,CAAA;AAC/BuC,yBAAWC,eAAeJ,uBAAuBH,OAAOC,YAAYO;AACpEF,yBAAWG,kBAAkBN,uBAAuBH,OAAOC,YAAYI;YACzE;AACAb,yBAAaQ,OAAOC,YAAYI,MAAMF,uBAAuBH,OAAOC,YAAYI;UAClF;QACF;MACF;AAEA,YAAMrG,SAAS,MAAMmC,QAAQlC,MAAMyG,cAAc;QAC/CC,mBAAmBnB;QACnBM;QACAnD;MACF,CAAA;AACA,aAAO3C,OAAOgE;IAChB;AAGA,WAAOxD,QAAQC,OAAO,yEAAA;EACxB;AAnGemD;AAqGf,SAAOA;AACT;AA5GsBD;AA8GtB,eAAsBiD,uBACpBnH,MAOA0C,SAAyB;AAEzB,QAAM,EAAE0E,YAAYC,gBAAgBC,4BAA2B,IAAKtH;AAEpE,QAAMuH,UAAU,IAAIC,sCAAAA;AAEpB,QAAMvH,WACJD,KAAKC,YACLD,MAAMoH,YAAYzD,SAAS8D,aAAaxH,YACxCD,KAAKoH,YAAYzD,SAAS8D,aAAaC,eAAezH,gBACtDC,qCAAiBwC,OAAAA;AACnB,MAAI,CAACzC,UAAU;AACb,UAAMgB,MAAM,4CAAA;EACd;AACA,QAAMyC,aAASf,mDAA8B;IAAEgB,SAASyD,WAAWzD;IAASD,QAAQ0D,WAAW1D;EAAO,CAAA;AACtG,QAAMgE,gBAAkC;IACtC,GAAGN,YAAYzD,SAAS8D,aAAaC;IACrC,GAAG1H,MAAMoH,YAAYK,aAAaC;IAClCzH;IACA0H,UAAUN,eAAeO;EAC3B;AACAL,UAAQM,mBAAmBR,cAAAA;AAC3BE,UAAQO,0BAA0BR,2BAAAA;AAElCC,UAAQQ,6BAA6B,MAAM7D,4BAA4BR,QAAQhB,OAAAA,CAAAA;AAC/E,MAAI0E,WAAWY,eAAe;AAC5BT,YAAQU,kBAAkBb,WAAWY,aAAa;EACpD,WAAWX,eAAea,gBAAgB;AACxCX,YAAQU,kBAAkBb,WAAWY,iBAAiBX,eAAea,cAAc;EACrF;AAEA,MAAId,WAAWe,cAAc;AAC3BZ,YAAQa,qBAAqBhB,WAAWe,YAAY;EAKtD;AAEAZ,UAAQc,sBAAsBxI,qBAAqB;IAAEC,YAAY4H;EAAc,GAAGhF,OAAAA,CAAAA;AAElF,MAAI1C,KAAKsI,wBAAwB;AAC/Bf,YAAQgB,2BAA2BvI,KAAKsI,sBAAsB;EAChE;AACAf,UAAQiB,wBAAuB;AAC/BjB,UAAQkB,iCAAgC;AACxClB,UAAQmB,oCAAmC;AAE3C,SAAOnB;AACT;AAzDsBJ;AA2DtB,eAAsBwB,gBACpB,EACEvB,YACAC,gBACAC,6BACAgB,uBAAsB,GAOxB5F,SAAyB;AAEzB,UACE,MAAMyE,uBACJ;IACEC;IACAC;IACAC;IACAgB;EACF,GACA5F,OAAAA,GAEFkG,MAAK;AACT;AAzBsBD;AA2BtB,eAAsBE,6BAA6BpG,MAAwD;AACzG,iBAAeqG,yBAAAA;AACb,UAAMC,OAAOtG,KAAKsG,KAAKC,QAAQ,iBAAiBvG,KAAKwG,wBAAwB;AAC7E,eAAOC,mBAAAA,SAAMH,MAAM;MACjB3H,QAAQ;MACR+H,SAAS;QACP,gBAAgB;MAClB;IACF,CAAA,EAAGC,KAAK,OAAOC,aAAAA;AACb,UAAIA,SAAS9C,UAAU,KAAK;AAC1B,eAAOxF,QAAQC,OAAOC,MAAM,MAAMoI,SAASC,KAAI,CAAA,CAAA;MACjD,OAAO;AACL,cAAMC,eAAe,MAAMF,SAASG,KAAI;AAExC,YAAI,CAACD,aAAaE,gBAAgB;AAChC,iBAAO1I,QAAQC,OAAOC,MAAM,2CAAA,CAAA;QAC9B;AAEA,eAAOsI,aAAaE;MACtB;IACF,CAAA;EACF;AApBeX;AAsBf,SAAOA;AACT;AAxBsBD;AA0BtB,eAAsBa,iCAAiCjH,MAGtD;AACC,iBAAekH,2BAA2BC,eAAqB;AAC7D,eAAOV,mBAAAA,SAAMzG,KAAKsG,MAAM;MACtB3H,QAAQ;MACR+H,SAAS;QACP,gBAAgB;MAClB;MACAU,MAAMC,KAAKC,UAAU;QAAEC,cAAcvH,KAAKwG;QAA0BW;MAAc,CAAA;IACpF,CAAA,EAAGR,KAAK,OAAOC,aAAAA;AACb,UAAIA,SAAS9C,UAAU,KAAK;AAC1B,eAAOxF,QAAQC,OAAOC,MAAM,MAAMoI,SAASC,KAAI,CAAA,CAAA;MACjD,OAAO;AACL,cAAMC,eAAe,MAAMF,SAASG,KAAI;AAExC,YAAI,CAACD,aAAahD,QAAQ;AACxB,iBAAOxF,QAAQC,OAAOC,MAAM,iCAAA,CAAA;QAC9B;AAEA,eAAOsI,aAAahD,WAAW0D,sDAAiCC;MAClE;IACF,CAAA;EACF;AApBeP;AAsBf,SAAOA;AACT;AA3BsBD;;;ACnZf,IAAMS,iBAAN,MAAMA;EAJb,OAIaA;;;EACHC;EACSC;EACAC;EACTC;EACSC;EAEjB,YAAmB,EACjBC,YACAC,cACAC,gBACAC,4BAA2B,GAM1B;AACD,SAAKN,iBAAiBG;AACtB,SAAKJ,mBAAmBK;AACxB,SAAKH,kBAAkBI;AACvB,SAAKH,+BAA+BI;EACtC;EAEA,MAAaC,IAAIC,MAAyG;AACxH,QAAI,CAAC,KAAKV,SAAS;AACjB,YAAMW,UAAU,MAAMC,uBACpB;QACEP,YAAY,KAAKQ;QACjBN,gBAAgB,KAAKA;QACrBC,6BAA6B,KAAKA;QAClCM,wBAAwBJ,MAAMI;MAChC,GACAJ,KAAKK,OAAO;AAEd,WAAKf,UAAUW,QAAQK,MAAK;IAC9B;AACA,WAAO,KAAKhB;EACd;EAEA,IAAIa,gBAAgB;AAClB,WAAO,KAAKX;EACd;EAEA,IAAIe,kBAAkB;AACpB,WAAO,KAAKhB;EACd;EAEA,IAAIM,iBAAiB;AACnB,WAAO,KAAKJ;EACd;EAEA,IAAII,eAAeW,OAAuB;AAExC,QAAI,KAAKlB,SAASO,gBAAgB;AAChC,WAAKP,QAAQO,iBAAiB;QAC5B,GAAG,KAAKP,SAASO;QACjBY,qCAAqCD,MAAMC;MAC7C;IACF;AAEA,SAAKhB,kBAAkBe;EACzB;EAEA,IAAIV,8BAA8B;AAChC,WAAO,KAAKJ;EACd;AACF;;;AF3CO,IAAMgB,gBAAN,MAAMA,eAAAA;EA7Bb,OA6BaA;;;EACX,OAAwBC,oBAAoB;EAC3BC,YAAyC,oBAAIC,IAAAA;EACrDC,SAASA,OAAOC;EAEhBC,UAA0B;IACjCC,uBAAuB,KAAKA,sBAAsBC,KAAK,IAAI;IAC3DC,wBAAwB,KAAKA,uBAAuBD,KAAK,IAAI;IAC7DE,kCAAkC,KAAKA,iCAAiCF,KAAK,IAAI;IACjFG,oBAAoB,KAAKA,mBAAmBH,KAAK,IAAI;EACvD;EACQI;EAER,YAAYC,MAA2B;AACrC,SAAKD,QAAQC,QAAQ,CAAC;EACxB;EAEA,MAAcN,sBAAsBO,YAA8BC,SAAqE;AACrI,WAAO,MAAM,KAAKJ,mBAAmBG,YAAYC,OAAAA,EAC9CC,KAAK,CAACC,aAAaA,SAASC,IAAI;MAAEH;IAAQ,CAAA,CAAA,EAC1CC,KAAK,CAACG,WACLA,OAAOC,yBAAyBN,UAAAA,EAAYE,KAAK,CAACK,aAAAA;AAChD,YAAMC,SAA0CD;AAChD,UAAI,KAAKT,MAAMW,mBAAmB,OAAO;AACvC,eAAOD,OAAOE;MAChB;AACA,aAAOF;IACT,CAAA,CAAA;EAEN;EAEA,MAAcb,uBAAuBgB,WAAiCV,SAAwD;AAC5H,WAAO,MAAM,KAAKJ,mBAAmBc,WAAWV,OAAAA,EAC7CC,KAAK,CAACC,aAAaA,SAASC,IAAI;MAAEH;IAAQ,CAAA,CAAA,EAC1CC,KAAK,CAACG,WAAqBA,OAAOO,gBAAgBD,SAAAA,CAAAA;EACvD;EAEA,MAAcf,iCACZiB,iBACAZ,SAC8B;AAC9B,WAAO,MAAM,KAAKJ,mBAAmBgB,iBAAiBZ,OAAAA,EAASC,KAAK,OAAOC,aAAAA;AACzE,YAAME,SAAS,MAAMF,SAASC,IAAI;QAAEH;MAAQ,CAAA;AAE5C,gBAAMa,sDAA8BD,gBAAgBE,SAAS;QAC3DC,yBAAyBX,OAAOW;QAChCC,oBAAoBJ,gBAAgBI;MACtC,CAAA;AACA,YAAMC,oBAAoBf,SAASgB,cAAcC,QAAQf,UAAUF,SAASgB,cAAcE,SAASD,OAAOE,WAAWC,SAAAA;AACrH,UAAI,CAACL,mBAAmB;AACtB,eAAOM,QAAQC,OAAOC,MAAM,yCAAyC,CAAA;MACvE;AACA,iBAAOC,kDAA0Bd,gBAAgBE,SAAS;QACxDG;QACAU,gBAAgBf,gBAAgBI;QAChCY,iBAAiBhB,gBAAgBI;QACjCa,SAASzB,OAAOyB;QAChBd,yBAAyBX,OAAOW;QAChCe,2BAA2B,MAAMC,6BAA6B7B,SAASgB,eAAelB,OAAAA;MACxF,CAAA;IACF,CAAA;EACF;EAEQgC,cAAcC,gBAAoD;AACxE,QAAI,2BAA2BA,kBAAkBC,MAAMC,QAAQF,eAAeG,qBAAqB,GAAG;AACpG,aAAOH,eAAeG,sBAAsBC,KAAK,CAACC,OAAOA,OAAOL,eAAeM,iBAAiB;IAClG;AACA,WAAOC;EACT;EAEA,MAAcC,qBAAqBC,MAA2B1C,SAAoD;AAChH,UAAM2C,mBAAmBD,KAAKC,oBAAoB1D,eAAcC;AAGhE,UAAM0D,eAAe,MAAM,KAAKC,gBAAgB;MAAE,GAAGH;MAAMC;IAAiB,GAAG3C,OAAAA;AAC/E,UAAMiC,iBAAiB,MAAM,KAAKa,kBAAkB;MAAE,GAAGJ;MAAMC;IAAiB,GAAG3C,OAAAA;AACnF,UAAM+C,aAAa,KAAKf,cAAcC,cAAAA;AACtC,QAAIe,qBAA8ER;AAClF,QAAIO,YAAY;AAEdC,2BAAqB,UAAMC,yCAAkBF,YAAYG,yCAAmBC,sBAAsB;QAChGC,iBAAiB;MACnB,CAAA;AACA,UAAI,CAACJ,oBAAoB;AACvBA,6BAAqB,UAAMC,yCAAkBF,YAAYG,yCAAmBG,UAAU;UACpFD,iBAAiB;QACnB,CAAA;MACF;IACF;AACA,UAAME,8BAA8BN,oBAAoBO,cACpDP,mBAAoBO,cACpB,MAAM,KAAKC,wCACT;MACE,GAAGd;MACHC;IACF,GACA3C,OAAAA;AAEN,UAAMyD,aAAa,MAAM,KAAKC,uBAAuB;MAAE,GAAGhB;MAAMC;IAAiB,GAAG3C,OAAAA;AACpF,QAAI,CAACyD,WAAWE,aAAa;AAC3BF,iBAAWE,cAAc;QAAE,GAAGF,WAAWrC,SAASuC;QAAa,GAAG,KAAK9D,MAAM8D;MAAY;IAC3F;AACA,QAAI,CAACF,WAAWE,aAAaC,UAAU;AACrCH,iBAAWE,YAAYC,eAAWC,sCAAiB7D,OAAAA;IACrD;AAEA,SAAKb,UAAU2E,IACbnB,kBACA,IAAIoB,eAAe;MACjBN;MACAb;MACAX;MACAqB;IACF,CAAA,CAAA;AAGF,WAAO,KAAK1D,mBAAmB8C,MAAM1C,OAAAA;EACvC;EAEA,MAAaJ,mBAAmB8C,MAA2B1C,SAAoD;AAC7G,UAAM2C,mBAAmBD,KAAKC,oBAAoB1D,eAAcC;AAEhE,QAAI,CAAC,KAAKC,UAAU6E,IAAIrB,gBAAAA,GAAmB;AACzC,YAAM,KAAKF,qBAAqBC,MAAM1C,OAAAA;IACxC;AACA,WAAO,KAAKb,UAAUgB,IAAIwC,gBAAAA;EAC5B;EAEA,MAAce,uBACZ5D,MAKAE,SACyB;AACzB,UAAM2C,mBAAmB7C,KAAK6C;AAC9B,UAAMsB,UAAU,MAAM,KAAKA,QAAQnE,MAAME,OAAAA;AACzC,UAAMkE,YAAY,MAAM,KAAKA,UAAUpE,MAAME,OAAAA;AAC7C,UAAMmE,UAAU,MAAMnE,QAAQoE,MAAMC,0BAA0B;MAC5DC,cAAc;MACdC,eAAe5B;MACfsB;MACAC;IACF,CAAA;AACA,QAAI,CAACC,SAAS;AACZ,YAAM1C,MAAM,6DAA6DkB,gBAAAA,EAAkB;IAC7F;AACA,WAAOwB;EACT;EAEA,MAActB,gBACZ/C,MAKAE,SAC2B;AAC3B,UAAM2C,mBAAmB7C,KAAK6C;AAC9B,UAAMsB,UAAU,MAAM,KAAKA,QAAQnE,MAAME,OAAAA;AACzC,UAAMwE,iBAAiB,MAAM,KAAKN,UAAUpE,MAAME,OAAAA;AAClD,WAAO;MAAE2C;MAAkBsB;MAASO;IAAe;EACrD;EAEA,MAAc1B,kBACZhD,MAKAE,SACyB;AACzB,UAAM4C,eAAe,MAAM,KAAKC,gBAAgB/C,MAAME,OAAAA;AACtD,UAAMyE,WAAY,MAAMzE,QAAQoE,MAAMM,wBAAwB;MAC5DJ,cAAc;MACdC,eAAe3B,aAAaD;MAC5BuB,WAAWtB,aAAa4B;MACxBP,SAASrB,aAAaqB;IACxB,CAAA;AACA,QAAI,CAACQ,UAAU;AACb,YAAMhD,MAAM,wCAAwC3B,KAAK6C,gBAAgB,eAAe7C,KAAKoE,SAAS,cAAcpE,KAAKmE,OAAO,EAAE;IACpI;AACA,WAAOQ;EACT;EAEA,MAAcjB,wCACZ1D,MAKAE,SACsC;AACtC,UAAM4C,eAAe,MAAM,KAAKC,gBAAgB/C,MAAME,OAAAA;AACtD,UAAMyE,WAAY,MAAMzE,QAAQoE,MAAMM,wBAAwB;MAC5DJ,cAAc;MACdC,eAAe3B,aAAaD;MAC5BuB,WAAWtB,aAAa4B;MACxBP,SAASrB,aAAaqB;IACxB,CAAA;AACA,QAAI,CAACQ,UAAU;AACb,YAAMhD,MACJ,wBAAwB3B,KAAK6C,gBAAgB,sCAAsCC,aAAa4B,cAAc,cAAc5B,aAAaqB,OAAO,EAAE;IAEtJ;AACA,WAAOQ;EACT;EAEA,MAAcR,QAAQnE,MAA6BE,SAA6C;AAC9F,UAAMiE,UAAUnE,MAAMmE,WAAW,KAAKpE,OAAO8E,kBAAmB,MAAM3E,SAASoE,MAAMQ,2BAAAA;AACrF,QAAI,CAACX,SAAS;AACZ,YAAMxC,MAAM,iGAAA;IACd;AACA,WAAOwC;EACT;EAEA,MAAcC,UAAUpE,MAA+BE,SAA6C;AAClG,UAAMkE,YAAYpE,MAAMoE,aAAa,KAAKrE,OAAOgF,oBAAqB,MAAM7E,SAASoE,MAAMU,6BAAAA;AAC3F,QAAI,CAACZ,WAAW;AACd,YAAMzC,MAAM,mGAAA;IACd;AACA,WAAOyC;EACT;AACF;;;AD1PA,IAAMa,SAASC;","names":["module","import_oid4vci_issuer","import_ssi_sdk_ext","import_ssi_sdk_ext","getJwtVerifyCallback","verifyOpts","_context","args","resolver","getAgentResolver","resolverResolution","uniresolverResolution","localResolution","resolve","result","agent","jwtVerifyJwsSignature","jws","jwt","error","identifier","signatures","Promise","reject","Error","jwkInfo","jwks","method","alg","jwk","header","jwtDecode","payload","kid","decodedJwt","decodeJWT","startsWith","did","split","didResult","verifyJWT","verified","console","log","didResolution","didDocument","didResolutionMetadata","getAccessTokenKeyRef","opts","context","legacyKeyRefsToIdentifierOpts","identifierManagedGet","getAccessTokenSignerCallback","signer","data","dataString","encoding","resolution","keyRef","kmsKeyRef","undefined","bytesToBase64","keyManagerSign","accessTokenSignerCallback","issuer","idOpts","didOpts","toString","iss","kidHeader","identifierOpts","createJWT","typ","getCredentialSignerCallback","issueVCCallback","jwtVerifyResult","format","statusLists","credential","proofFormat","includes","CredentialMapper","isW3cCredential","id","subjectIsArray","Array","isArray","credentialSubject","credentialSubjects","map","subject","contextHasPlugin","credentialStatusVC","slAddStatusToCredential","credentialStatus","statusListCredential","createVerifiableCredential","removeOriginalFields","fetchRemoteContexts","domain","proof","isSdJwtDecodedCredentialPayload","sdJwtPayload","iat","Math","floor","Date","getTime","disclosureFrame","_sd","status","status_list","length","sdJwtPayloadWithStatus","slAddStatusToSdJwtCredential","idx","statusList","statusListId","uri","statusListIndex","createSdJwtVc","credentialPayload","createVciIssuerBuilder","issuerOpts","issuerMetadata","authorizationServerMetadata","builder","VcIssuerBuilder","resolveOpts","jwtVerifyOpts","audience","credential_issuer","withIssuerMetadata","withAuthorizationMetadata","withCredentialSignerCallback","nonceEndpoint","withNonceEndpoint","nonce_endpoint","asClientOpts","withASClientMetadata","withJWTVerifyCallback","credentialDataSupplier","withCredentialDataSupplier","withInMemoryCNonceState","withInMemoryCredentialOfferState","withInMemoryCredentialOfferURIState","createVciIssuer","build","createAuthRequestUriCallback","authRequestUriCallback","path","replace","presentationDefinitionId","fetch","headers","then","response","text","responseData","json","authRequestURI","createVerifyAuthResponseCallback","verifyAuthResponseCallback","correlationId","body","JSON","stringify","definitionId","AuthorizationResponseStateStatus","VERIFIED","IssuerInstance","_issuer","_metadataOptions","_issuerOptions","_issuerMetadata","_authorizationServerMetadata","issuerOpts","metadataOpts","issuerMetadata","authorizationServerMetadata","get","opts","builder","createVciIssuerBuilder","issuerOptions","credentialDataSupplier","context","build","metadataOptions","value","credential_configurations_supported","OID4VCIIssuer","_DEFAULT_OPTS_KEY","instances","Map","schema","IDidAuthSiopOpAuthenticator","methods","oid4vciCreateOfferURI","bind","oid4vciIssueCredential","oid4vciCreateAccessTokenResponse","oid4vciGetInstance","_opts","opts","createArgs","context","then","instance","get","issuer","createCredentialOfferURI","response","result","returnSessions","session","issueArgs","issueCredential","accessTokenArgs","assertValidAccessTokenRequest","request","credentialOfferSessions","expirationDuration","accessTokenIssuer","issuerOptions","idOpts","didOpts","identifier","toString","Promise","reject","Error","createAccessTokenResponse","tokenExpiresIn","cNonceExpiresIn","cNonces","accessTokenSignerCallback","getAccessTokenSignerCallback","getExternalAS","issuerMetadata","Array","isArray","authorization_servers","find","as","credential_issuer","undefined","createIssuerInstance","args","credentialIssuer","metadataOpts","getMetadataOpts","getIssuerMetadata","externalAS","asMetadataResponse","retrieveWellknown","WellKnownEndpoints","OPENID_CONFIGURATION","errorOnNotFound","OAUTH_AS","authorizationServerMetadata","successBody","getAuthorizationServerMetadataFromStore","issuerOpts","getIssuerOptsFromStore","resolveOpts","resolver","getAgentResolver","set","IssuerInstance","has","storeId","namespace","options","agent","oid4vciStoreGetIssuerOpts","metadataType","correlationId","storeNamespace","metadata","oid4vciStoreGetMetadata","defaultStoreId","oid4vciStoreDefaultStoreId","defaultNamespace","oid4vciStoreDefaultNamespace","schema","require"]}
|
|
1
|
+
{"version":3,"sources":["../plugin.schema.json","../src/index.ts","../src/agent/OID4VCIIssuer.ts","../src/functions.ts","../src/IssuerInstance.ts"],"sourcesContent":["{\n \"IDidAuthSiopOpAuthenticator\": {\n \"components\": {\n \"schemas\": {\n \"IGetSiopSessionArgs\": {\n \"type\": \"object\",\n \"properties\": {\n \"sessionId\": {\n \"type\": \"string\"\n },\n \"additionalProperties\": false\n },\n \"required\": [\"sessionId\"],\n \"description\": \"Arguments needed for {@link DidAuthSiopOpAuthenticator.getSessionForSiop } \"\n },\n \"IRegisterSiopSessionArgs\": {\n \"type\": \"object\",\n \"properties\": {\n \"identifier\": {\n \"type\": \"object\",\n \"properties\": {\n \"did\": {\n \"type\": \"string\"\n },\n \"alias\": {\n \"type\": \"string\"\n },\n \"provider\": {\n \"type\": \"string\"\n },\n \"controllerKeyId\": {\n \"type\": \"string\"\n },\n \"keys\": {\n \"type\": \"array\",\n \"items\": {\n \"type\": \"object\",\n \"properties\": {\n \"additionalProperties\": true\n }\n }\n },\n \"services\": {\n \"type\": \"array\",\n \"items\": {\n \"type\": \"object\",\n \"properties\": {\n \"additionalProperties\": true\n }\n }\n }\n },\n \"additionalProperties\": false,\n \"required\": [\"did\", \"provider\", \"keys\", \"services\"]\n },\n \"sessionId\": {\n \"type\": \"string\"\n },\n \"expiresIn\": {\n \"type\": \"number\"\n },\n \"additionalProperties\": false\n },\n \"required\": [\"identifier\"],\n \"description\": \"Arguments needed for {@link DidAuthSiopOpAuthenticator.registerSessionForSiop } \"\n },\n \"IRemoveSiopSessionArgs\": {\n \"type\": \"object\",\n \"properties\": {\n \"sessionId\": {\n \"type\": \"string\"\n },\n \"additionalProperties\": false\n },\n \"required\": [\"sessionId\"],\n \"description\": \"Arguments needed for {@link DidAuthSiopOpAuthenticator.removeSessionForSiop } \"\n },\n \"IAuthenticateWithSiopArgs\": {\n \"type\": \"object\",\n \"properties\": {\n \"sessionId\": {\n \"type\": \"string\"\n },\n \"stateId\": {\n \"type\": \"string\"\n },\n \"redirectUrl\": {\n \"type\": \"string\"\n },\n \"additionalProperties\": false\n },\n \"required\": [\"sessionId\", \"stateId\", \"redirectUrl\"],\n \"description\": \"Arguments needed for {@link DidAuthSiopOpAuthenticator.authenticateWithSiop } \"\n },\n \"IResponse\": {\n \"type\": \"object\",\n \"properties\": {\n \"status\": {\n \"type\": \"number\"\n },\n \"additionalProperties\": true\n },\n \"required\": [\"status\"],\n \"description\": \"Result of {@link DidAuthSiopOpAuthenticator.authenticateWithSiop & DidAuthSiopOpAuthenticator.sendSiopAuthenticationResponse } \"\n },\n \"IGetSiopAuthenticationRequestFromRpArgs\": {\n \"type\": \"object\",\n \"properties\": {\n \"sessionId\": {\n \"type\": \"string\"\n },\n \"stateId\": {\n \"type\": \"string\"\n },\n \"redirectUrl\": {\n \"type\": \"string\"\n },\n \"additionalProperties\": false\n },\n \"required\": [\"sessionId\", \"stateId\", \"redirectUrl\"],\n \"description\": \"Arguments needed for {@link DidAuthSiopOpAuthenticator.getSiopAuthenticationRequestFromRP } \"\n },\n \"ParsedAuthenticationRequestURI\": {\n \"type\": \"object\",\n \"properties\": {\n \"jwt\": {\n \"type\": \"string\"\n },\n \"requestPayload\": {\n \"type\": \"object\",\n \"properties\": {\n \"additionalProperties\": true\n }\n },\n \"registration\": {\n \"type\": \"object\",\n \"properties\": {\n \"additionalProperties\": true\n }\n },\n \"additionalProperties\": false\n },\n \"required\": [\"jwt\", \"requestPayload\", \"registration\"],\n \"description\": \"Result of {@link DidAuthSiopOpAuthenticator.getSiopAuthenticationRequestFromRP } \"\n },\n \"IGetSiopAuthenticationRequestDetailsArgs\": {\n \"type\": \"object\",\n \"properties\": {\n \"sessionId\": {\n \"type\": \"string\"\n },\n \"verifiedAuthenticationRequest\": {\n \"type\": \"object\",\n \"properties\": {\n \"additionalProperties\": true\n }\n },\n \"credentialFilter\": {\n \"type\": \"object\",\n \"properties\": {\n \"additionalProperties\": true\n }\n },\n \"additionalProperties\": false\n },\n \"required\": [\"sessionId\", \"verifiedAuthenticationRequest\"],\n \"description\": \"Arguments needed for {@link DidAuthSiopOpAuthenticator.getSiopAuthenticationRequestDetails } \"\n },\n \"IAuthRequestDetails\": {\n \"type\": \"object\",\n \"properties\": {\n \"id\": {\n \"type\": \"string\"\n },\n \"alsoKnownAs\": {\n \"type\": \"array\",\n \"items\": {\n \"type\": \"string\"\n }\n },\n \"vpResponseOpts\": {\n \"type\": \"object\",\n \"properties\": {\n \"additionalProperties\": true\n }\n },\n \"additionalProperties\": false\n },\n \"required\": [\"id\", \"vpResponseOpts\"],\n \"description\": \"Result of {@link DidAuthSiopOpAuthenticator.getSiopAuthenticationRequestDetails } \"\n },\n \"IVerifySiopAuthenticationRequestUriArgs\": {\n \"type\": \"object\",\n \"properties\": {\n \"sessionId\": {\n \"type\": \"string\"\n },\n \"ParsedAuthenticationRequestURI\": {\n \"type\": \"object\",\n \"properties\": {\n \"additionalProperties\": true\n }\n },\n \"additionalProperties\": false\n },\n \"required\": [\"sessionId\", \"ParsedAuthenticationRequestURI\"],\n \"description\": \"Arguments needed for {@link DidAuthSiopOpAuthenticator.verifySiopAuthenticationRequestURI } \"\n },\n \"VerifiedAuthorizationRequest\": {\n \"type\": \"object\",\n \"properties\": {\n \"payload\": {\n \"type\": \"object\",\n \"properties\": {\n \"additionalProperties\": true\n }\n },\n \"presentationDefinitions\": {\n \"type\": \"object\",\n \"properties\": {\n \"additionalProperties\": true\n }\n },\n \"verifyOpts\": {\n \"type\": \"object\",\n \"properties\": {\n \"additionalProperties\": true\n }\n },\n \"additionalProperties\": false\n },\n \"required\": [\"payload\", \"verifyOpts\"],\n \"description\": \"Result of {@link DidAuthSiopOpAuthenticator.verifySiopAuthenticationRequestURI } \"\n },\n \"ISendSiopAuthenticationResponseArgs\": {\n \"type\": \"object\",\n \"properties\": {\n \"sessionId\": {\n \"type\": \"string\"\n },\n \"verifiedAuthenticationRequest\": {\n \"type\": \"object\",\n \"properties\": {\n \"additionalProperties\": true\n }\n },\n \"verifiablePresentationResponse\": {\n \"type\": \"object\",\n \"properties\": {\n \"additionalProperties\": true\n }\n },\n \"additionalProperties\": false\n },\n \"required\": [\"sessionId\", \"verifiedAuthenticationRequest\"],\n \"description\": \"Arguments needed for {@link DidAuthSiopOpAuthenticator.sendSiopAuthenticationResponse } \"\n }\n },\n \"methods\": {\n \"getSessionForSiop\": {\n \"description\": \"Get SIOP session\",\n \"arguments\": {\n \"$ref\": \"#/components/schemas/IGetSiopSessionArgs\"\n },\n \"returnType\": \"object\"\n },\n \"registerSessionForSiop\": {\n \"description\": \"Register SIOP session\",\n \"arguments\": {\n \"$ref\": \"#/components/schemas/IRegisterSiopSessionArgs\"\n },\n \"returnType\": \"object\"\n },\n \"removeSessionForSiop\": {\n \"description\": \"Remove SIOP session\",\n \"arguments\": {\n \"$ref\": \"#/components/schemas/IRemoveSiopSessionArgs\"\n },\n \"returnType\": \"boolean\"\n },\n \"authenticateWithSiop\": {\n \"description\": \"Authenticate using DID Auth SIOP\",\n \"arguments\": {\n \"$ref\": \"#/components/schemas/IAuthenticateWithSiopArgs\"\n },\n \"returnType\": {\n \"$ref\": \"#/components/schemas/Response\"\n }\n },\n \"getSiopAuthenticationRequestFromRP\": {\n \"description\": \"Get authentication request from RP\",\n \"arguments\": {\n \"$ref\": \"#/components/schemas/IGetSiopAuthenticationRequestFromRpArgs\"\n },\n \"returnType\": {\n \"$ref\": \"#/components/schemas/ParsedAuthenticationRequestURI\"\n }\n },\n \"getSiopAuthenticationRequestDetails\": {\n \"description\": \"Get authentication request details\",\n \"arguments\": {\n \"$ref\": \"#/components/schemas/IGetSiopAuthenticationRequestDetailsArgs\"\n },\n \"returnType\": {\n \"$ref\": \"#/components/schemas/IAuthRequestDetails\"\n }\n },\n \"verifySiopAuthenticationRequestURI\": {\n \"description\": \"Verify authentication request URI\",\n \"arguments\": {\n \"$ref\": \"#/components/schemas/IVerifySiopAuthenticationRequestUriArgs\"\n },\n \"returnType\": {\n \"$ref\": \"#/components/schemas/VerifiedAuthorizationRequest\"\n }\n },\n \"sendSiopAuthenticationResponse\": {\n \"description\": \"Send authentication response\",\n \"arguments\": {\n \"$ref\": \"#/components/schemas/ISendSiopAuthenticationResponseArgs\"\n },\n \"returnType\": {\n \"$ref\": \"#/components/schemas/IRequiredContext\"\n }\n }\n }\n }\n }\n}\n","/**\n * @public\n */\nconst schema = require('../plugin.schema.json')\nexport { schema }\nexport { OID4VCIIssuer, oid4vciIssuerMethods } from './agent/OID4VCIIssuer'\nexport * from './functions'\nexport * from './IssuerInstance'\nexport * from './types/IOID4VCIIssuer'\n","import {\n AccessTokenResponse,\n AuthorizationServerMetadata,\n CredentialResponse,\n IssuerMetadata,\n OpenIDResponse,\n WellKnownEndpoints,\n} from '@sphereon/oid4vci-common'\nimport { assertValidAccessTokenRequest, createAccessTokenResponse, VcIssuer } from '@sphereon/oid4vci-issuer'\nimport { retrieveWellknown } from '@sphereon/oid4vci-client'\nimport { getAgentResolver } from '@sphereon/ssi-sdk-ext.did-utils'\nimport { IMetadataOptions } from '@sphereon/ssi-sdk.oid4vci-issuer-store'\nimport { IAgentPlugin } from '@veramo/core'\nimport { getAccessTokenSignerCallback } from '../functions'\nimport {\n IAssertValidAccessTokenArgs,\n ICreateCredentialOfferURIResult,\n ICreateOfferArgs,\n IIssueCredentialArgs,\n IIssuerInstanceArgs,\n IIssuerOptions,\n IOID4VCIIssuerOpts,\n IRefreshInstanceMetadata,\n IRequiredContext,\n schema\n} from '../index'\nimport { IssuerInstance } from '../IssuerInstance'\nimport { IOID4VCIIssuer } from '../types/IOID4VCIIssuer'\n\nexport const oid4vciIssuerMethods: Array<string> = [\n 'oid4vciCreateOfferURI',\n 'oid4vciIssueCredential',\n 'oid4vciCreateAccessTokenResponse',\n 'oid4vciGetInstance',\n 'oid4vciRefreshInstanceMetadata'\n]\n\nexport class OID4VCIIssuer implements IAgentPlugin {\n private static readonly _DEFAULT_OPTS_KEY = '_default'\n private readonly instances: Map<string, IssuerInstance> = new Map()\n readonly schema = schema.IDidAuthSiopOpAuthenticator\n\n readonly methods: IOID4VCIIssuer = {\n oid4vciCreateOfferURI: this.oid4vciCreateOfferURI.bind(this),\n oid4vciIssueCredential: this.oid4vciIssueCredential.bind(this),\n oid4vciCreateAccessTokenResponse: this.oid4vciCreateAccessTokenResponse.bind(this),\n oid4vciGetInstance: this.oid4vciGetInstance.bind(this),\n oid4vciRefreshInstanceMetadata: this.oid4vciRefreshInstanceMetadata.bind(this),\n }\n private _opts: IOID4VCIIssuerOpts\n\n constructor(opts?: IOID4VCIIssuerOpts) {\n this._opts = opts ?? {}\n }\n\n private async oid4vciCreateOfferURI(createArgs: ICreateOfferArgs, context: IRequiredContext): Promise<ICreateCredentialOfferURIResult> {\n return await this.oid4vciGetInstance(createArgs, context)\n .then((instance) => instance.get({ context }))\n .then((issuer: VcIssuer) =>\n issuer.createCredentialOfferURI(createArgs).then((response) => {\n const result: ICreateCredentialOfferURIResult = response\n if (this._opts.returnSessions === false) {\n delete result.session\n }\n return result\n }),\n )\n }\n\n private async oid4vciIssueCredential(issueArgs: IIssueCredentialArgs, context: IRequiredContext): Promise<CredentialResponse> {\n return await this.oid4vciGetInstance(issueArgs, context)\n .then((instance) => instance.get({ context }))\n .then((issuer: VcIssuer) => issuer.issueCredential(issueArgs))\n }\n\n private async oid4vciCreateAccessTokenResponse(\n accessTokenArgs: IAssertValidAccessTokenArgs,\n context: IRequiredContext,\n ): Promise<AccessTokenResponse> {\n return await this.oid4vciGetInstance(accessTokenArgs, context).then(async (instance) => {\n const issuer = await instance.get({ context })\n\n await assertValidAccessTokenRequest(accessTokenArgs.request, {\n credentialOfferSessions: issuer.credentialOfferSessions,\n expirationDuration: accessTokenArgs.expirationDuration,\n })\n const accessTokenIssuer = instance.issuerOptions.idOpts?.issuer ?? instance.issuerOptions.didOpts?.idOpts.identifier.toString() // last part is legacy\n if (!accessTokenIssuer) {\n return Promise.reject(Error(`Could not determine access token issuer`))\n }\n return createAccessTokenResponse(accessTokenArgs.request, {\n accessTokenIssuer,\n tokenExpiresIn: accessTokenArgs.expirationDuration,\n cNonceExpiresIn: accessTokenArgs.expirationDuration,\n cNonces: issuer.cNonces,\n credentialOfferSessions: issuer.credentialOfferSessions,\n accessTokenSignerCallback: await getAccessTokenSignerCallback(instance.issuerOptions, context),\n })\n })\n }\n\n private getExternalAS(issuerMetadata: IssuerMetadata): string | undefined {\n if ('authorization_servers' in issuerMetadata && Array.isArray(issuerMetadata.authorization_servers)) {\n return issuerMetadata.authorization_servers.find((as) => as !== issuerMetadata.credential_issuer)\n }\n return undefined\n }\n\n private async createIssuerInstance(args: IIssuerInstanceArgs, context: IRequiredContext): Promise<IssuerInstance> {\n const credentialIssuer = args.credentialIssuer ?? OID4VCIIssuer._DEFAULT_OPTS_KEY\n //todo: prob doesn't make sense as credentialIssuer is mandatory anyway\n\n const metadataOpts = await this.getMetadataOpts({ ...args, credentialIssuer }, context)\n const issuerMetadata = await this.getIssuerMetadata({ ...args, credentialIssuer }, context)\n const externalAS = this.getExternalAS(issuerMetadata)\n let asMetadataResponse: OpenIDResponse<AuthorizationServerMetadata> | undefined = undefined\n if (externalAS) {\n // Let's try OIDC first and then fallback to OAuth2\n asMetadataResponse = await retrieveWellknown(externalAS, WellKnownEndpoints.OPENID_CONFIGURATION, {\n errorOnNotFound: false,\n })\n if (!asMetadataResponse) {\n asMetadataResponse = await retrieveWellknown(externalAS, WellKnownEndpoints.OAUTH_AS, {\n errorOnNotFound: true,\n })\n }\n }\n const authorizationServerMetadata = asMetadataResponse?.successBody\n ? asMetadataResponse!.successBody\n : await this.getAuthorizationServerMetadataFromStore(\n {\n ...args,\n credentialIssuer,\n },\n context,\n )\n const issuerOpts = await this.getIssuerOptsFromStore({ ...args, credentialIssuer }, context)\n if (!issuerOpts.resolveOpts) {\n issuerOpts.resolveOpts = { ...issuerOpts.didOpts?.resolveOpts, ...this._opts.resolveOpts }\n }\n if (!issuerOpts.resolveOpts?.resolver) {\n issuerOpts.resolveOpts.resolver = getAgentResolver(context)\n }\n\n this.instances.set(\n credentialIssuer,\n new IssuerInstance({\n issuerOpts,\n metadataOpts,\n issuerMetadata,\n authorizationServerMetadata,\n }),\n )\n\n return this.oid4vciGetInstance(args, context)\n }\n\n // TODO SSISDK-87 create proper solution to update issuer metadata\n public async oid4vciRefreshInstanceMetadata(args: IRefreshInstanceMetadata, context: IRequiredContext): Promise<void> {\n const instance = this.instances.get(args.credentialIssuer)\n if (instance) {\n const metadata = await this.getIssuerMetadata({ ...args }, context);\n instance.issuerMetadata = metadata;\n }\n }\n\n public async oid4vciGetInstance(args: IIssuerInstanceArgs, context: IRequiredContext): Promise<IssuerInstance> {\n const credentialIssuer = args.credentialIssuer ?? OID4VCIIssuer._DEFAULT_OPTS_KEY\n //todo: prob doesn't make sense as credentialIssuer is mandatory anyway\n if (!this.instances.has(credentialIssuer)) {\n await this.createIssuerInstance(args, context)\n }\n return this.instances.get(credentialIssuer)!\n }\n\n private async getIssuerOptsFromStore(\n opts: {\n credentialIssuer: string\n storeId?: string\n namespace?: string\n },\n context: IRequiredContext,\n ): Promise<IIssuerOptions> {\n const credentialIssuer = opts.credentialIssuer\n const storeId = await this.storeId(opts, context)\n const namespace = await this.namespace(opts, context)\n const options = await context.agent.oid4vciStoreGetIssuerOpts({\n metadataType: 'issuer',\n correlationId: credentialIssuer,\n storeId,\n namespace,\n })\n if (!options) {\n throw Error(`Could not get specific nor default options for definition ${credentialIssuer}`)\n }\n return options\n }\n\n private async getMetadataOpts(\n opts: {\n credentialIssuer: string\n storeId?: string\n namespace?: string\n },\n context: IRequiredContext,\n ): Promise<IMetadataOptions> {\n const credentialIssuer = opts.credentialIssuer\n const storeId = await this.storeId(opts, context)\n const storeNamespace = await this.namespace(opts, context)\n return { credentialIssuer, storeId, storeNamespace }\n }\n\n private async getIssuerMetadata(\n opts: {\n credentialIssuer: string\n storeId?: string\n namespace?: string\n },\n context: IRequiredContext,\n ): Promise<IssuerMetadata> {\n const metadataOpts = await this.getMetadataOpts(opts, context)\n const metadata = (await context.agent.oid4vciStoreGetMetadata({\n metadataType: 'issuer',\n correlationId: metadataOpts.credentialIssuer,\n namespace: metadataOpts.storeNamespace,\n storeId: metadataOpts.storeId,\n })) as IssuerMetadata\n if (!metadata) {\n throw Error(`Issuer metadata not found for issuer ${opts.credentialIssuer}, namespace ${opts.namespace} and store ${opts.storeId}`)\n }\n return metadata\n }\n\n private async getAuthorizationServerMetadataFromStore(\n opts: {\n credentialIssuer: string\n storeId?: string\n namespace?: string\n },\n context: IRequiredContext,\n ): Promise<AuthorizationServerMetadata> {\n const metadataOpts = await this.getMetadataOpts(opts, context)\n const metadata = (await context.agent.oid4vciStoreGetMetadata({\n metadataType: 'authorizationServer',\n correlationId: metadataOpts.credentialIssuer,\n namespace: metadataOpts.storeNamespace,\n storeId: metadataOpts.storeId,\n })) as AuthorizationServerMetadata\n if (!metadata) {\n throw Error(\n `Authorization server ${opts.credentialIssuer} metadata not found for namespace ${metadataOpts.storeNamespace} and store ${metadataOpts.storeId}`,\n )\n }\n return metadata\n }\n\n private async storeId(opts?: { storeId?: string }, context?: IRequiredContext): Promise<string> {\n const storeId = opts?.storeId ?? this._opts?.defaultStoreId ?? (await context?.agent.oid4vciStoreDefaultStoreId())\n if (!storeId) {\n throw Error('Please provide a store id a default value, or provide the context for a global default store id')\n }\n return storeId\n }\n\n private async namespace(opts?: { namespace?: string }, context?: IRequiredContext): Promise<string> {\n const namespace = opts?.namespace ?? this._opts?.defaultNamespace ?? (await context?.agent.oid4vciStoreDefaultNamespace())\n if (!namespace) {\n throw Error('Please provide a namespace a default value, or provide the context for a global default namespace')\n }\n return namespace\n }\n}\n","import { AuthorizationResponseStateStatus } from '@sphereon/did-auth-siop'\nimport {\n AuthorizationServerMetadata,\n CredentialRequestV1_0_15,\n IssuerMetadata,\n Jwt,\n JWTHeader,\n JWTPayload,\n JwtVerifyResult,\n type OID4VCICredentialFormat,\n StatusListOpts,\n} from '@sphereon/oid4vci-common'\nimport { CredentialDataSupplier, CredentialIssuanceInput, CredentialSignerCallback, VcIssuer, VcIssuerBuilder } from '@sphereon/oid4vci-issuer'\nimport { getAgentResolver, IDIDOptions } from '@sphereon/ssi-sdk-ext.did-utils'\nimport { legacyKeyRefsToIdentifierOpts, ManagedIdentifierOptsOrResult } from '@sphereon/ssi-sdk-ext.identifier-resolution'\nimport { contextHasPlugin } from '@sphereon/ssi-sdk.agent-config'\nimport { SdJwtVcPayload } from '@sphereon/ssi-sdk.sd-jwt'\nimport { IStatusListPlugin } from '@sphereon/ssi-sdk.vc-status-list'\nimport { CompactSdJwtVc, CredentialMapper, ICredential, W3CVerifiableCredential } from '@sphereon/ssi-types'\nimport { CredentialPayload, ProofFormat } from '@veramo/core'\nimport { bytesToBase64 } from '@veramo/utils'\nimport fetch from 'cross-fetch'\nimport { createJWT, decodeJWT, JWTVerifyOptions, verifyJWT } from 'did-jwt'\nimport { Resolvable } from 'did-resolver'\nimport { jwtDecode } from 'jwt-decode'\nimport { IIssuerOptions, IRequiredContext } from './types/IOID4VCIIssuer'\n\nexport function getJwtVerifyCallback({ verifyOpts }: { verifyOpts?: JWTVerifyOptions }, _context: IRequiredContext) {\n return async (args: { jwt: string; kid?: string }): Promise<JwtVerifyResult> => {\n const resolver = getAgentResolver(_context, {\n resolverResolution: true,\n uniresolverResolution: true,\n localResolution: true,\n })\n verifyOpts = { ...verifyOpts, resolver: verifyOpts?.resolver } // Resolver separately as that is a function\n if (!verifyOpts?.resolver || typeof verifyOpts?.resolver?.resolve !== 'function') {\n verifyOpts.resolver = resolver\n }\n const result = await _context.agent.jwtVerifyJwsSignature({ jws: args.jwt })\n if (!result.error) {\n const identifier = result.jws.signatures[0].identifier\n if (!identifier) {\n return Promise.reject(Error('the jws did not contain a signature with an identifier'))\n }\n const jwkInfo = identifier.jwks[0]\n if (!jwkInfo) {\n return Promise.reject(Error(`the identifier of type ${identifier.method} is missing jwks (ExternalJwkInfo)`))\n }\n const { alg } = jwkInfo.jwk\n const header = jwtDecode<JWTHeader>(args.jwt, { header: true })\n const payload = jwtDecode<JWTPayload>(args.jwt, { header: false })\n const kid = args.kid ?? header.kid\n //const jwk = !kid ? jwkInfo.jwk : undefined // TODO double-check if this is correct\n const jwk = jwkInfo.jwk // FIXME workaround IATAB2B-57\n return {\n alg,\n ...identifier,\n jwt: { header, payload },\n ...(kid && { kid }),\n ...(jwk && { jwk }),\n } as JwtVerifyResult\n }\n\n const decodedJwt = (await decodeJWT(args.jwt)) as Jwt\n const kid = args.kid ?? decodedJwt.header.kid\n\n if (!kid || !kid.startsWith('did:')) {\n // No DID method present in header. We already performed the validation above. So return that\n return {\n alg: decodedJwt.header.alg,\n jwt: decodedJwt,\n } as JwtVerifyResult\n }\n const did = kid.split('#')[0]\n\n const didResult = await verifyJWT(args.jwt, verifyOpts)\n if (!didResult.verified) {\n console.log(`JWT invalid: ${args.jwt}`)\n throw Error('JWT did not verify successfully')\n }\n\n const didResolution = await resolver.resolve(did)\n if (!didResolution || !didResolution.didDocument) {\n throw Error(`Could not resolve did: ${did}, metadata: ${didResolution?.didResolutionMetadata}`)\n }\n\n const alg = decodedJwt.header.alg\n return {\n alg,\n kid,\n did,\n didDocument: didResolution.didDocument,\n jwt: decodedJwt,\n }\n }\n}\n\nexport async function getAccessTokenKeyRef(\n opts: {\n /**\n * Uniform identifier options\n */\n idOpts?: ManagedIdentifierOptsOrResult\n /**\n * @deprecated\n */\n iss?: string\n /**\n * @deprecated\n */\n keyRef?: string\n /**\n * @deprecated\n */\n didOpts?: IDIDOptions\n },\n context: IRequiredContext,\n) {\n let identifier = legacyKeyRefsToIdentifierOpts(opts)\n return await context.agent.identifierManagedGet(identifier)\n}\n\nexport async function getAccessTokenSignerCallback(\n opts: {\n /**\n * Uniform identifier options\n */\n idOpts?: ManagedIdentifierOptsOrResult\n /**\n * @deprecated\n */\n iss?: string\n /**\n * @deprecated\n */\n keyRef?: string\n /**\n * @deprecated\n */\n didOpts?: IDIDOptions\n },\n context: IRequiredContext,\n) {\n const signer = async (data: string | Uint8Array) => {\n let dataString, encoding: 'base64' | undefined\n\n const resolution = await legacyKeyRefsToIdentifierOpts(opts)\n const keyRef = resolution.kmsKeyRef\n if (!keyRef) {\n throw Error('Cannot sign access tokens without a key ref')\n }\n if (typeof data === 'string') {\n dataString = data\n encoding = undefined\n } else {\n dataString = bytesToBase64(data)\n encoding = 'base64'\n }\n return context.agent.keyManagerSign({ keyRef, data: dataString, encoding })\n }\n\n async function accessTokenSignerCallback(jwt: Jwt, kid?: string): Promise<string> {\n const issuer =\n opts.idOpts?.issuer ??\n (typeof opts.idOpts?.identifier === 'string' ? opts.idOpts.identifier : (opts.didOpts?.idOpts?.identifier?.toString() ?? opts?.iss))\n if (!issuer) {\n throw Error('No issuer configured for access tokens')\n }\n\n let kidHeader: string | undefined = jwt?.header?.kid ?? kid\n if (!kidHeader) {\n if (\n opts.idOpts?.method === 'did' ||\n opts.idOpts?.method === 'kid' ||\n (typeof opts.didOpts?.idOpts.identifier === 'string' && opts.didOpts?.idOpts?.identifier?.startsWith('did:'))\n ) {\n // @ts-ignore\n kidHeader = opts.idOpts?.kid ?? opts.didOpts?.idOpts?.kid ?? opts?.didOpts?.identifierOpts?.kid\n }\n }\n return await createJWT(jwt.payload, { signer, issuer }, { ...jwt.header, ...(kidHeader && { kid: kidHeader }), typ: 'JWT' })\n }\n\n return accessTokenSignerCallback\n}\n\nexport async function getCredentialSignerCallback(\n idOpts: ManagedIdentifierOptsOrResult & {\n crypto?: Crypto\n },\n context: IRequiredContext,\n): Promise<CredentialSignerCallback> {\n async function issueVCCallback(args: {\n credentialRequest: CredentialRequestV1_0_15\n credential: CredentialIssuanceInput\n jwtVerifyResult: JwtVerifyResult\n format?: OID4VCICredentialFormat\n statusLists?: Array<StatusListOpts>\n }): Promise<W3CVerifiableCredential | CompactSdJwtVc> {\n const { jwtVerifyResult, format, statusLists } = args\n const credential = args.credential as ICredential // TODO: SDJWT\n let proofFormat: ProofFormat\n\n const resolution = await context.agent.identifierManagedGet(idOpts)\n proofFormat = format?.includes('ld') ? 'lds' : 'jwt'\n const issuer = resolution.issuer ?? resolution.kmsKeyRef\n\n if (CredentialMapper.isW3cCredential(credential)) {\n if (!credential.issuer) {\n credential.issuer = { id: issuer }\n } else if (typeof credential.issuer === 'object' && !credential.issuer.id) {\n credential.issuer.id = issuer\n }\n const subjectIsArray = Array.isArray(credential.credentialSubject)\n let credentialSubjects = Array.isArray(credential.credentialSubject) ? credential.credentialSubject : [credential.credentialSubject]\n credentialSubjects = credentialSubjects.map((subject) => {\n if (!subject.id) {\n subject.id = jwtVerifyResult.did\n }\n return subject\n })\n credential.credentialSubject = subjectIsArray ? credentialSubjects : credentialSubjects[0]\n\n // TODO: We should extend the plugin capabilities of issuance so we do not have to tuck this into the sign callback\n if (contextHasPlugin<IStatusListPlugin>(context, 'slAddStatusToCredential')) {\n // Add status list if enabled (and when the input has a credentialStatus object (can be empty))\n const credentialStatusVC = await context.agent.slAddStatusToCredential({ credential, statusLists })\n if (credential.credentialStatus && !credential.credentialStatus.statusListCredential) {\n credential.credentialStatus = credentialStatusVC.credentialStatus\n }\n }\n\n const result = await context.agent.createVerifiableCredential({\n credential: credential as CredentialPayload,\n proofFormat,\n removeOriginalFields: false,\n fetchRemoteContexts: true,\n domain: typeof credential.issuer === 'object' ? credential.issuer.id : credential.issuer,\n ...(resolution.kid && { header: { kid: resolution.kid } }),\n })\n return (proofFormat === 'jwt' && 'jwt' in result.proof ? result.proof.jwt : result) as W3CVerifiableCredential\n } else if (CredentialMapper.isSdJwtDecodedCredentialPayload(credential)) {\n const sdJwtPayload = credential as SdJwtVcPayload\n if (sdJwtPayload.iss === undefined) {\n sdJwtPayload.iss = issuer\n }\n if (sdJwtPayload.iat === undefined) {\n sdJwtPayload.iat = Math.floor(new Date().getTime() / 1000)\n }\n\n let disclosureFrame\n if ('disclosureFrame' in credential) {\n disclosureFrame = credential['disclosureFrame']\n delete credential['disclosureFrame']\n } else {\n disclosureFrame = {\n _sd: credential['_sd'],\n }\n }\n\n if (contextHasPlugin<IStatusListPlugin>(context, 'slAddStatusToSdJwtCredential')) {\n if ((sdJwtPayload.status && sdJwtPayload.status.status_list) || (statusLists && statusLists.length > 0)) {\n // Add status list if enabled (and when the input has a credentialStatus object (can be empty))\n const sdJwtPayloadWithStatus = await context.agent.slAddStatusToSdJwtCredential({ credential: sdJwtPayload, statusLists })\n if (sdJwtPayload.status?.status_list?.idx) {\n if (!sdJwtPayloadWithStatus.status || !sdJwtPayloadWithStatus.status.status_list) {\n // sdJwtPayload and sdJwtPayloadWithStatus is the same for now, but we should use the result anyway as this could be subject to change\n return Promise.reject(Error('slAddStatusToSdJwtCredential did not return a status_list'))\n }\n\n // Update statusListId & statusListIndex back to the credential session TODO SSISDK-4 This is not a clean way to do this.\n if (statusLists && statusLists.length > 0) {\n const statusList = statusLists[0]\n statusList.statusListId = sdJwtPayloadWithStatus.status.status_list.uri\n statusList.statusListIndex = sdJwtPayloadWithStatus.status.status_list.idx\n }\n sdJwtPayload.status.status_list.idx = sdJwtPayloadWithStatus.status.status_list.idx\n }\n }\n }\n\n const result = await context.agent.createSdJwtVc({\n credentialPayload: sdJwtPayload,\n disclosureFrame: disclosureFrame,\n resolution,\n })\n return result.credential\n } /*else if (CredentialMapper.isMsoMdocDecodedCredential(credential)) {\n TODO\n }*/\n return Promise.reject('VC issuance failed, an incorrect or unsupported credential was supplied')\n }\n\n return issueVCCallback\n}\n\nexport async function createVciIssuerBuilder(\n args: {\n issuerOpts: IIssuerOptions\n issuerMetadata: IssuerMetadata\n authorizationServerMetadata: AuthorizationServerMetadata\n resolver?: Resolvable\n credentialDataSupplier?: CredentialDataSupplier\n },\n context: IRequiredContext,\n): Promise<VcIssuerBuilder> {\n const { issuerOpts, issuerMetadata, authorizationServerMetadata } = args\n\n const builder = new VcIssuerBuilder()\n // @ts-ignore\n const resolver =\n args.resolver ??\n args?.issuerOpts?.didOpts?.resolveOpts?.resolver ??\n args.issuerOpts?.didOpts?.resolveOpts?.jwtVerifyOpts?.resolver ??\n getAgentResolver(context)\n if (!resolver) {\n throw Error('A Resolver is necessary to verify DID JWTs')\n }\n const idOpts = legacyKeyRefsToIdentifierOpts({ didOpts: issuerOpts.didOpts, idOpts: issuerOpts.idOpts })\n const jwtVerifyOpts: JWTVerifyOptions = {\n ...issuerOpts?.didOpts?.resolveOpts?.jwtVerifyOpts,\n ...args?.issuerOpts?.resolveOpts?.jwtVerifyOpts,\n resolver,\n audience: issuerMetadata.credential_issuer as string, // FIXME legacy version had {display: NameAndLocale | NameAndLocale[]} as credential_issuer\n }\n builder.withIssuerMetadata(issuerMetadata)\n builder.withAuthorizationMetadata(authorizationServerMetadata)\n // builder.withUserPinRequired(issuerOpts.userPinRequired ?? false) was removed from implementers draft v1\n builder.withCredentialSignerCallback(await getCredentialSignerCallback(idOpts, context))\n if (issuerOpts.nonceEndpoint) {\n builder.withNonceEndpoint(issuerOpts.nonceEndpoint)\n } else if (issuerMetadata.nonce_endpoint) {\n builder.withNonceEndpoint(issuerOpts.nonceEndpoint ?? issuerMetadata.nonce_endpoint)\n }\n\n if (issuerOpts.asClientOpts) {\n builder.withASClientMetadata(issuerOpts.asClientOpts)\n // @ts-ignore\n // const authorizationServer = issuerMetadata.authorization_servers[0] as string\n // Set the OIDC verifier\n // builder.withJWTVerifyCallback(oidcAccessTokenVerifyCallback({clientMetadata: issuerOpts.asClientOpts, credentialIssuer: issuerMetadata.credential_issuer as string, authorizationServer}))\n }\n // Do not use it when asClient is used\n builder.withJWTVerifyCallback(getJwtVerifyCallback({ verifyOpts: jwtVerifyOpts }, context))\n\n if (args.credentialDataSupplier) {\n builder.withCredentialDataSupplier(args.credentialDataSupplier)\n }\n builder.withInMemoryCNonceState()\n builder.withInMemoryCredentialOfferState()\n builder.withInMemoryCredentialOfferURIState()\n\n return builder\n}\n\nexport async function createVciIssuer(\n {\n issuerOpts,\n issuerMetadata,\n authorizationServerMetadata,\n credentialDataSupplier,\n }: {\n issuerOpts: IIssuerOptions\n issuerMetadata: IssuerMetadata\n authorizationServerMetadata: AuthorizationServerMetadata\n credentialDataSupplier?: CredentialDataSupplier\n },\n context: IRequiredContext,\n): Promise<VcIssuer> {\n return (\n await createVciIssuerBuilder(\n {\n issuerOpts,\n issuerMetadata,\n authorizationServerMetadata,\n credentialDataSupplier,\n },\n context,\n )\n ).build()\n}\n\nexport async function createAuthRequestUriCallback(opts: { path: string; presentationDefinitionId: string }): Promise<() => Promise<string>> {\n async function authRequestUriCallback(): Promise<string> {\n const path = opts.path.replace(':definitionId', opts.presentationDefinitionId)\n return fetch(path, {\n method: 'POST',\n headers: {\n 'Content-Type': 'application/json',\n },\n }).then(async (response): Promise<string> => {\n if (response.status >= 400) {\n return Promise.reject(Error(await response.text()))\n } else {\n const responseData = await response.json()\n\n if (!responseData.authRequestURI) {\n return Promise.reject(Error('Missing auth request uri in response body'))\n }\n\n return responseData.authRequestURI\n }\n })\n }\n\n return authRequestUriCallback\n}\n\nexport async function createVerifyAuthResponseCallback(opts: {\n path: string\n presentationDefinitionId: string\n}): Promise<(correlationId: string) => Promise<boolean>> {\n async function verifyAuthResponseCallback(correlationId: string): Promise<boolean> {\n return fetch(opts.path, {\n method: 'POST',\n headers: {\n 'Content-Type': 'application/json',\n },\n body: JSON.stringify({ definitionId: opts.presentationDefinitionId, correlationId }),\n }).then(async (response): Promise<boolean> => {\n if (response.status >= 400) {\n return Promise.reject(Error(await response.text()))\n } else {\n const responseData = await response.json()\n\n if (!responseData.status) {\n return Promise.reject(Error('Missing status in response body'))\n }\n\n return responseData.status === AuthorizationResponseStateStatus.VERIFIED\n }\n })\n }\n\n return verifyAuthResponseCallback\n}\n","import { CredentialDataSupplier, VcIssuer } from '@sphereon/oid4vci-issuer'\nimport { createVciIssuerBuilder } from './functions'\nimport { AuthorizationServerMetadata, IssuerMetadata } from '@sphereon/oid4vci-common'\nimport { IIssuerOptions, IMetadataOptions, IRequiredContext } from './types/IOID4VCIIssuer'\n\nexport class IssuerInstance {\n private _issuer: VcIssuer | undefined\n private readonly _metadataOptions: IMetadataOptions\n private readonly _issuerOptions: IIssuerOptions\n private _issuerMetadata: IssuerMetadata\n private readonly _authorizationServerMetadata: AuthorizationServerMetadata\n\n public constructor({\n issuerOpts,\n metadataOpts,\n issuerMetadata,\n authorizationServerMetadata,\n }: {\n issuerOpts: IIssuerOptions\n metadataOpts: IMetadataOptions\n issuerMetadata: IssuerMetadata\n authorizationServerMetadata: AuthorizationServerMetadata\n }) {\n this._issuerOptions = issuerOpts\n this._metadataOptions = metadataOpts\n this._issuerMetadata = issuerMetadata\n this._authorizationServerMetadata = authorizationServerMetadata\n }\n\n public async get(opts: { context: IRequiredContext; credentialDataSupplier?: CredentialDataSupplier }): Promise<VcIssuer> {\n if (!this._issuer) {\n const builder = await createVciIssuerBuilder(\n {\n issuerOpts: this.issuerOptions,\n issuerMetadata: this.issuerMetadata,\n authorizationServerMetadata: this.authorizationServerMetadata,\n credentialDataSupplier: opts?.credentialDataSupplier,\n },\n opts.context,\n )\n this._issuer = builder.build()\n }\n return this._issuer\n }\n\n get issuerOptions() {\n return this._issuerOptions\n }\n\n get metadataOptions() {\n return this._metadataOptions\n }\n\n get issuerMetadata() {\n return this._issuerMetadata\n }\n\n set issuerMetadata(value: IssuerMetadata) {\n // TODO SSISDK-87 create proper solution to update issuer metadata\n if (this._issuer?.issuerMetadata) {\n this._issuer.issuerMetadata = {\n ...this._issuer?.issuerMetadata,\n credential_configurations_supported: value.credential_configurations_supported\n }\n }\n\n this._issuerMetadata = value\n }\n\n get authorizationServerMetadata() {\n return this._authorizationServerMetadata\n }\n}\n"],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAAA;AAAA,gCAAAA,SAAA;AAAA,IAAAA,QAAA;AAAA,MACE,6BAA+B;AAAA,QAC7B,YAAc;AAAA,UACZ,SAAW;AAAA,YACT,qBAAuB;AAAA,cACrB,MAAQ;AAAA,cACR,YAAc;AAAA,gBACZ,WAAa;AAAA,kBACX,MAAQ;AAAA,gBACV;AAAA,gBACA,sBAAwB;AAAA,cAC1B;AAAA,cACA,UAAY,CAAC,WAAW;AAAA,cACxB,aAAe;AAAA,YACjB;AAAA,YACA,0BAA4B;AAAA,cAC1B,MAAQ;AAAA,cACR,YAAc;AAAA,gBACZ,YAAc;AAAA,kBACZ,MAAQ;AAAA,kBACR,YAAc;AAAA,oBACZ,KAAO;AAAA,sBACL,MAAQ;AAAA,oBACV;AAAA,oBACA,OAAS;AAAA,sBACP,MAAQ;AAAA,oBACV;AAAA,oBACA,UAAY;AAAA,sBACV,MAAQ;AAAA,oBACV;AAAA,oBACA,iBAAmB;AAAA,sBACjB,MAAQ;AAAA,oBACV;AAAA,oBACA,MAAQ;AAAA,sBACN,MAAQ;AAAA,sBACR,OAAS;AAAA,wBACP,MAAQ;AAAA,wBACR,YAAc;AAAA,0BACZ,sBAAwB;AAAA,wBAC1B;AAAA,sBACF;AAAA,oBACF;AAAA,oBACA,UAAY;AAAA,sBACV,MAAQ;AAAA,sBACR,OAAS;AAAA,wBACP,MAAQ;AAAA,wBACR,YAAc;AAAA,0BACZ,sBAAwB;AAAA,wBAC1B;AAAA,sBACF;AAAA,oBACF;AAAA,kBACF;AAAA,kBACA,sBAAwB;AAAA,kBACxB,UAAY,CAAC,OAAO,YAAY,QAAQ,UAAU;AAAA,gBACpD;AAAA,gBACA,WAAa;AAAA,kBACX,MAAQ;AAAA,gBACV;AAAA,gBACA,WAAa;AAAA,kBACX,MAAQ;AAAA,gBACV;AAAA,gBACA,sBAAwB;AAAA,cAC1B;AAAA,cACA,UAAY,CAAC,YAAY;AAAA,cACzB,aAAe;AAAA,YACjB;AAAA,YACA,wBAA0B;AAAA,cACxB,MAAQ;AAAA,cACR,YAAc;AAAA,gBACZ,WAAa;AAAA,kBACX,MAAQ;AAAA,gBACV;AAAA,gBACA,sBAAwB;AAAA,cAC1B;AAAA,cACA,UAAY,CAAC,WAAW;AAAA,cACxB,aAAe;AAAA,YACjB;AAAA,YACA,2BAA6B;AAAA,cAC3B,MAAQ;AAAA,cACR,YAAc;AAAA,gBACZ,WAAa;AAAA,kBACX,MAAQ;AAAA,gBACV;AAAA,gBACA,SAAW;AAAA,kBACT,MAAQ;AAAA,gBACV;AAAA,gBACA,aAAe;AAAA,kBACb,MAAQ;AAAA,gBACV;AAAA,gBACA,sBAAwB;AAAA,cAC1B;AAAA,cACA,UAAY,CAAC,aAAa,WAAW,aAAa;AAAA,cAClD,aAAe;AAAA,YACjB;AAAA,YACA,WAAa;AAAA,cACX,MAAQ;AAAA,cACR,YAAc;AAAA,gBACZ,QAAU;AAAA,kBACR,MAAQ;AAAA,gBACV;AAAA,gBACA,sBAAwB;AAAA,cAC1B;AAAA,cACA,UAAY,CAAC,QAAQ;AAAA,cACrB,aAAe;AAAA,YACjB;AAAA,YACA,yCAA2C;AAAA,cACzC,MAAQ;AAAA,cACR,YAAc;AAAA,gBACZ,WAAa;AAAA,kBACX,MAAQ;AAAA,gBACV;AAAA,gBACA,SAAW;AAAA,kBACT,MAAQ;AAAA,gBACV;AAAA,gBACA,aAAe;AAAA,kBACb,MAAQ;AAAA,gBACV;AAAA,gBACA,sBAAwB;AAAA,cAC1B;AAAA,cACA,UAAY,CAAC,aAAa,WAAW,aAAa;AAAA,cAClD,aAAe;AAAA,YACjB;AAAA,YACA,gCAAkC;AAAA,cAChC,MAAQ;AAAA,cACR,YAAc;AAAA,gBACZ,KAAO;AAAA,kBACL,MAAQ;AAAA,gBACV;AAAA,gBACA,gBAAkB;AAAA,kBAChB,MAAQ;AAAA,kBACR,YAAc;AAAA,oBACZ,sBAAwB;AAAA,kBAC1B;AAAA,gBACF;AAAA,gBACA,cAAgB;AAAA,kBACd,MAAQ;AAAA,kBACR,YAAc;AAAA,oBACZ,sBAAwB;AAAA,kBAC1B;AAAA,gBACF;AAAA,gBACA,sBAAwB;AAAA,cAC1B;AAAA,cACA,UAAY,CAAC,OAAO,kBAAkB,cAAc;AAAA,cACpD,aAAe;AAAA,YACjB;AAAA,YACA,0CAA4C;AAAA,cAC1C,MAAQ;AAAA,cACR,YAAc;AAAA,gBACZ,WAAa;AAAA,kBACX,MAAQ;AAAA,gBACV;AAAA,gBACA,+BAAiC;AAAA,kBAC/B,MAAQ;AAAA,kBACR,YAAc;AAAA,oBACZ,sBAAwB;AAAA,kBAC1B;AAAA,gBACF;AAAA,gBACA,kBAAoB;AAAA,kBAClB,MAAQ;AAAA,kBACR,YAAc;AAAA,oBACZ,sBAAwB;AAAA,kBAC1B;AAAA,gBACF;AAAA,gBACA,sBAAwB;AAAA,cAC1B;AAAA,cACA,UAAY,CAAC,aAAa,+BAA+B;AAAA,cACzD,aAAe;AAAA,YACjB;AAAA,YACA,qBAAuB;AAAA,cACrB,MAAQ;AAAA,cACR,YAAc;AAAA,gBACZ,IAAM;AAAA,kBACJ,MAAQ;AAAA,gBACV;AAAA,gBACA,aAAe;AAAA,kBACb,MAAQ;AAAA,kBACR,OAAS;AAAA,oBACP,MAAQ;AAAA,kBACV;AAAA,gBACF;AAAA,gBACA,gBAAkB;AAAA,kBAChB,MAAQ;AAAA,kBACR,YAAc;AAAA,oBACZ,sBAAwB;AAAA,kBAC1B;AAAA,gBACF;AAAA,gBACA,sBAAwB;AAAA,cAC1B;AAAA,cACA,UAAY,CAAC,MAAM,gBAAgB;AAAA,cACnC,aAAe;AAAA,YACjB;AAAA,YACA,yCAA2C;AAAA,cACzC,MAAQ;AAAA,cACR,YAAc;AAAA,gBACZ,WAAa;AAAA,kBACX,MAAQ;AAAA,gBACV;AAAA,gBACA,gCAAkC;AAAA,kBAChC,MAAQ;AAAA,kBACR,YAAc;AAAA,oBACZ,sBAAwB;AAAA,kBAC1B;AAAA,gBACF;AAAA,gBACA,sBAAwB;AAAA,cAC1B;AAAA,cACA,UAAY,CAAC,aAAa,gCAAgC;AAAA,cAC1D,aAAe;AAAA,YACjB;AAAA,YACA,8BAAgC;AAAA,cAC9B,MAAQ;AAAA,cACR,YAAc;AAAA,gBACZ,SAAW;AAAA,kBACT,MAAQ;AAAA,kBACR,YAAc;AAAA,oBACZ,sBAAwB;AAAA,kBAC1B;AAAA,gBACF;AAAA,gBACA,yBAA2B;AAAA,kBACzB,MAAQ;AAAA,kBACR,YAAc;AAAA,oBACZ,sBAAwB;AAAA,kBAC1B;AAAA,gBACF;AAAA,gBACA,YAAc;AAAA,kBACZ,MAAQ;AAAA,kBACR,YAAc;AAAA,oBACZ,sBAAwB;AAAA,kBAC1B;AAAA,gBACF;AAAA,gBACA,sBAAwB;AAAA,cAC1B;AAAA,cACA,UAAY,CAAC,WAAW,YAAY;AAAA,cACpC,aAAe;AAAA,YACjB;AAAA,YACA,qCAAuC;AAAA,cACrC,MAAQ;AAAA,cACR,YAAc;AAAA,gBACZ,WAAa;AAAA,kBACX,MAAQ;AAAA,gBACV;AAAA,gBACA,+BAAiC;AAAA,kBAC/B,MAAQ;AAAA,kBACR,YAAc;AAAA,oBACZ,sBAAwB;AAAA,kBAC1B;AAAA,gBACF;AAAA,gBACA,gCAAkC;AAAA,kBAChC,MAAQ;AAAA,kBACR,YAAc;AAAA,oBACZ,sBAAwB;AAAA,kBAC1B;AAAA,gBACF;AAAA,gBACA,sBAAwB;AAAA,cAC1B;AAAA,cACA,UAAY,CAAC,aAAa,+BAA+B;AAAA,cACzD,aAAe;AAAA,YACjB;AAAA,UACF;AAAA,UACA,SAAW;AAAA,YACT,mBAAqB;AAAA,cACnB,aAAe;AAAA,cACf,WAAa;AAAA,gBACX,MAAQ;AAAA,cACV;AAAA,cACA,YAAc;AAAA,YAChB;AAAA,YACA,wBAA0B;AAAA,cACxB,aAAe;AAAA,cACf,WAAa;AAAA,gBACX,MAAQ;AAAA,cACV;AAAA,cACA,YAAc;AAAA,YAChB;AAAA,YACA,sBAAwB;AAAA,cACtB,aAAe;AAAA,cACf,WAAa;AAAA,gBACX,MAAQ;AAAA,cACV;AAAA,cACA,YAAc;AAAA,YAChB;AAAA,YACA,sBAAwB;AAAA,cACtB,aAAe;AAAA,cACf,WAAa;AAAA,gBACX,MAAQ;AAAA,cACV;AAAA,cACA,YAAc;AAAA,gBACZ,MAAQ;AAAA,cACV;AAAA,YACF;AAAA,YACA,oCAAsC;AAAA,cACpC,aAAe;AAAA,cACf,WAAa;AAAA,gBACX,MAAQ;AAAA,cACV;AAAA,cACA,YAAc;AAAA,gBACZ,MAAQ;AAAA,cACV;AAAA,YACF;AAAA,YACA,qCAAuC;AAAA,cACrC,aAAe;AAAA,cACf,WAAa;AAAA,gBACX,MAAQ;AAAA,cACV;AAAA,cACA,YAAc;AAAA,gBACZ,MAAQ;AAAA,cACV;AAAA,YACF;AAAA,YACA,oCAAsC;AAAA,cACpC,aAAe;AAAA,cACf,WAAa;AAAA,gBACX,MAAQ;AAAA,cACV;AAAA,cACA,YAAc;AAAA,gBACZ,MAAQ;AAAA,cACV;AAAA,YACF;AAAA,YACA,gCAAkC;AAAA,cAChC,aAAe;AAAA,cACf,WAAa;AAAA,gBACX,MAAQ;AAAA,cACV;AAAA,cACA,YAAc;AAAA,gBACZ,MAAQ;AAAA,cACV;AAAA,YACF;AAAA,UACF;AAAA,QACF;AAAA,MACF;AAAA,IACF;AAAA;AAAA;;;ACxUA;;;;;;;;;;;;;;;;;;ACAA,4BAOO;AACP,IAAAC,yBAAmF;AACnF,4BAAkC;AAClC,IAAAC,sBAAiC;;;ACVjC,2BAAiD;AAYjD,4BAAqH;AACrH,yBAA8C;AAC9C,IAAAC,sBAA6E;AAC7E,qBAAiC;AAGjC,uBAAuF;AAEvF,mBAA8B;AAC9B,yBAAkB;AAClB,qBAAkE;AAElE,wBAA0B;AAGnB,SAASC,qBAAqB,EAAEC,WAAU,GAAuCC,UAA0B;AAChH,SAAO,OAAOC,SAAAA;AACZ,UAAMC,eAAWC,qCAAiBH,UAAU;MAC1CI,oBAAoB;MACpBC,uBAAuB;MACvBC,iBAAiB;IACnB,CAAA;AACAP,iBAAa;MAAE,GAAGA;MAAYG,UAAUH,YAAYG;IAAS;AAC7D,QAAI,CAACH,YAAYG,YAAY,OAAOH,YAAYG,UAAUK,YAAY,YAAY;AAChFR,iBAAWG,WAAWA;IACxB;AACA,UAAMM,SAAS,MAAMR,SAASS,MAAMC,sBAAsB;MAAEC,KAAKV,KAAKW;IAAI,CAAA;AAC1E,QAAI,CAACJ,OAAOK,OAAO;AACjB,YAAMC,aAAaN,OAAOG,IAAII,WAAW,CAAA,EAAGD;AAC5C,UAAI,CAACA,YAAY;AACf,eAAOE,QAAQC,OAAOC,MAAM,wDAAA,CAAA;MAC9B;AACA,YAAMC,UAAUL,WAAWM,KAAK,CAAA;AAChC,UAAI,CAACD,SAAS;AACZ,eAAOH,QAAQC,OAAOC,MAAM,0BAA0BJ,WAAWO,MAAM,oCAAoC,CAAA;MAC7G;AACA,YAAM,EAAEC,KAAAA,KAAG,IAAKH,QAAQI;AACxB,YAAMC,aAASC,6BAAqBxB,KAAKW,KAAK;QAAEY,QAAQ;MAAK,CAAA;AAC7D,YAAME,cAAUD,6BAAsBxB,KAAKW,KAAK;QAAEY,QAAQ;MAAM,CAAA;AAChE,YAAMG,OAAM1B,KAAK0B,OAAOH,OAAOG;AAE/B,YAAMJ,MAAMJ,QAAQI;AACpB,aAAO;QACLD,KAAAA;QACA,GAAGR;QACHF,KAAK;UAAEY;UAAQE;QAAQ;QACvB,GAAIC,QAAO;UAAEA,KAAAA;QAAI;QACjB,GAAIJ,OAAO;UAAEA;QAAI;MACnB;IACF;AAEA,UAAMK,aAAc,UAAMC,0BAAU5B,KAAKW,GAAG;AAC5C,UAAMe,MAAM1B,KAAK0B,OAAOC,WAAWJ,OAAOG;AAE1C,QAAI,CAACA,OAAO,CAACA,IAAIG,WAAW,MAAA,GAAS;AAEnC,aAAO;QACLR,KAAKM,WAAWJ,OAAOF;QACvBV,KAAKgB;MACP;IACF;AACA,UAAMG,MAAMJ,IAAIK,MAAM,GAAA,EAAK,CAAA;AAE3B,UAAMC,YAAY,UAAMC,0BAAUjC,KAAKW,KAAKb,UAAAA;AAC5C,QAAI,CAACkC,UAAUE,UAAU;AACvBC,cAAQC,IAAI,gBAAgBpC,KAAKW,GAAG,EAAE;AACtC,YAAMM,MAAM,iCAAA;IACd;AAEA,UAAMoB,gBAAgB,MAAMpC,SAASK,QAAQwB,GAAAA;AAC7C,QAAI,CAACO,iBAAiB,CAACA,cAAcC,aAAa;AAChD,YAAMrB,MAAM,0BAA0Ba,GAAAA,eAAkBO,eAAeE,qBAAAA,EAAuB;IAChG;AAEA,UAAMlB,MAAMM,WAAWJ,OAAOF;AAC9B,WAAO;MACLA;MACAK;MACAI;MACAQ,aAAaD,cAAcC;MAC3B3B,KAAKgB;IACP;EACF;AACF;AApEgB9B;AAsEhB,eAAsB2C,qBACpBC,MAkBAC,SAAyB;AAEzB,MAAI7B,iBAAa8B,mDAA8BF,IAAAA;AAC/C,SAAO,MAAMC,QAAQlC,MAAMoC,qBAAqB/B,UAAAA;AAClD;AAvBsB2B;AAyBtB,eAAsBK,6BACpBJ,MAkBAC,SAAyB;AAEzB,QAAMI,SAAS,8BAAOC,SAAAA;AACpB,QAAIC,YAAYC;AAEhB,UAAMC,aAAa,UAAMP,mDAA8BF,IAAAA;AACvD,UAAMU,SAASD,WAAWE;AAC1B,QAAI,CAACD,QAAQ;AACX,YAAMlC,MAAM,6CAAA;IACd;AACA,QAAI,OAAO8B,SAAS,UAAU;AAC5BC,mBAAaD;AACbE,iBAAWI;IACb,OAAO;AACLL,uBAAaM,4BAAcP,IAAAA;AAC3BE,iBAAW;IACb;AACA,WAAOP,QAAQlC,MAAM+C,eAAe;MAAEJ;MAAQJ,MAAMC;MAAYC;IAAS,CAAA;EAC3E,GAhBe;AAkBf,iBAAeO,0BAA0B7C,KAAUe,KAAY;AAC7D,UAAM+B,SACJhB,KAAKiB,QAAQD,WACZ,OAAOhB,KAAKiB,QAAQ7C,eAAe,WAAW4B,KAAKiB,OAAO7C,aAAc4B,KAAKkB,SAASD,QAAQ7C,YAAY+C,SAAAA,KAAcnB,MAAMoB;AACjI,QAAI,CAACJ,QAAQ;AACX,YAAMxC,MAAM,wCAAA;IACd;AAEA,QAAI6C,YAAgCnD,KAAKY,QAAQG,OAAOA;AACxD,QAAI,CAACoC,WAAW;AACd,UACErB,KAAKiB,QAAQtC,WAAW,SACxBqB,KAAKiB,QAAQtC,WAAW,SACvB,OAAOqB,KAAKkB,SAASD,OAAO7C,eAAe,YAAY4B,KAAKkB,SAASD,QAAQ7C,YAAYgB,WAAW,MAAA,GACrG;AAEAiC,oBAAYrB,KAAKiB,QAAQhC,OAAOe,KAAKkB,SAASD,QAAQhC,OAAOe,MAAMkB,SAASI,gBAAgBrC;MAC9F;IACF;AACA,WAAO,UAAMsC,0BAAUrD,IAAIc,SAAS;MAAEqB;MAAQW;IAAO,GAAG;MAAE,GAAG9C,IAAIY;MAAQ,GAAIuC,aAAa;QAAEpC,KAAKoC;MAAU;MAAIG,KAAK;IAAM,CAAA;EAC5H;AApBeT;AAsBf,SAAOA;AACT;AA9DsBX;AAgEtB,eAAsBqB,4BACpBR,QAGAhB,SAAyB;AAEzB,iBAAeyB,gBAAgBnE,MAM9B;AACC,UAAM,EAAEoE,iBAAiBC,QAAQC,YAAW,IAAKtE;AACjD,UAAMuE,aAAavE,KAAKuE;AACxB,QAAIC;AAEJ,UAAMtB,aAAa,MAAMR,QAAQlC,MAAMoC,qBAAqBc,MAAAA;AAC5Dc,kBAAcH,QAAQI,SAAS,IAAA,IAAQ,QAAQ;AAC/C,UAAMhB,SAASP,WAAWO,UAAUP,WAAWE;AAE/C,QAAIsB,kCAAiBC,gBAAgBJ,UAAAA,GAAa;AAChD,UAAI,CAACA,WAAWd,QAAQ;AACtBc,mBAAWd,SAAS;UAAEmB,IAAInB;QAAO;MACnC,WAAW,OAAOc,WAAWd,WAAW,YAAY,CAACc,WAAWd,OAAOmB,IAAI;AACzEL,mBAAWd,OAAOmB,KAAKnB;MACzB;AACA,YAAMoB,iBAAiBC,MAAMC,QAAQR,WAAWS,iBAAiB;AACjE,UAAIC,qBAAqBH,MAAMC,QAAQR,WAAWS,iBAAiB,IAAIT,WAAWS,oBAAoB;QAACT,WAAWS;;AAClHC,2BAAqBA,mBAAmBC,IAAI,CAACC,YAAAA;AAC3C,YAAI,CAACA,QAAQP,IAAI;AACfO,kBAAQP,KAAKR,gBAAgBtC;QAC/B;AACA,eAAOqD;MACT,CAAA;AACAZ,iBAAWS,oBAAoBH,iBAAiBI,qBAAqBA,mBAAmB,CAAA;AAGxF,cAAIG,iCAAoC1C,SAAS,yBAAA,GAA4B;AAE3E,cAAM2C,qBAAqB,MAAM3C,QAAQlC,MAAM8E,wBAAwB;UAAEf;UAAYD;QAAY,CAAA;AACjG,YAAIC,WAAWgB,oBAAoB,CAAChB,WAAWgB,iBAAiBC,sBAAsB;AACpFjB,qBAAWgB,mBAAmBF,mBAAmBE;QACnD;MACF;AAEA,YAAMhF,SAAS,MAAMmC,QAAQlC,MAAMiF,2BAA2B;QAC5DlB;QACAC;QACAkB,sBAAsB;QACtBC,qBAAqB;QACrBC,QAAQ,OAAOrB,WAAWd,WAAW,WAAWc,WAAWd,OAAOmB,KAAKL,WAAWd;QAClF,GAAIP,WAAWxB,OAAO;UAAEH,QAAQ;YAAEG,KAAKwB,WAAWxB;UAAI;QAAE;MAC1D,CAAA;AACA,aAAQ8C,gBAAgB,SAAS,SAASjE,OAAOsF,QAAQtF,OAAOsF,MAAMlF,MAAMJ;IAC9E,WAAWmE,kCAAiBoB,gCAAgCvB,UAAAA,GAAa;AACvE,YAAMwB,eAAexB;AACrB,UAAIwB,aAAalC,QAAQR,QAAW;AAClC0C,qBAAalC,MAAMJ;MACrB;AACA,UAAIsC,aAAaC,QAAQ3C,QAAW;AAClC0C,qBAAaC,MAAMC,KAAKC,OAAM,oBAAIC,KAAAA,GAAOC,QAAO,IAAK,GAAA;MACvD;AAEA,UAAIC;AACJ,UAAI,qBAAqB9B,YAAY;AACnC8B,0BAAkB9B,WAAW,iBAAA;AAC7B,eAAOA,WAAW,iBAAA;MACpB,OAAO;AACL8B,0BAAkB;UAChBC,KAAK/B,WAAW,KAAA;QAClB;MACF;AAEA,cAAIa,iCAAoC1C,SAAS,8BAAA,GAAiC;AAChF,YAAKqD,aAAaQ,UAAUR,aAAaQ,OAAOC,eAAiBlC,eAAeA,YAAYmC,SAAS,GAAI;AAEvG,gBAAMC,yBAAyB,MAAMhE,QAAQlC,MAAMmG,6BAA6B;YAAEpC,YAAYwB;YAAczB;UAAY,CAAA;AACxH,cAAIyB,aAAaQ,QAAQC,aAAaI,KAAK;AACzC,gBAAI,CAACF,uBAAuBH,UAAU,CAACG,uBAAuBH,OAAOC,aAAa;AAEhF,qBAAOzF,QAAQC,OAAOC,MAAM,2DAAA,CAAA;YAC9B;AAGA,gBAAIqD,eAAeA,YAAYmC,SAAS,GAAG;AACzC,oBAAMI,aAAavC,YAAY,CAAA;AAC/BuC,yBAAWC,eAAeJ,uBAAuBH,OAAOC,YAAYO;AACpEF,yBAAWG,kBAAkBN,uBAAuBH,OAAOC,YAAYI;YACzE;AACAb,yBAAaQ,OAAOC,YAAYI,MAAMF,uBAAuBH,OAAOC,YAAYI;UAClF;QACF;MACF;AAEA,YAAMrG,SAAS,MAAMmC,QAAQlC,MAAMyG,cAAc;QAC/CC,mBAAmBnB;QACnBM;QACAnD;MACF,CAAA;AACA,aAAO3C,OAAOgE;IAChB;AAGA,WAAOxD,QAAQC,OAAO,yEAAA;EACxB;AAnGemD;AAqGf,SAAOA;AACT;AA5GsBD;AA8GtB,eAAsBiD,uBACpBnH,MAOA0C,SAAyB;AAEzB,QAAM,EAAE0E,YAAYC,gBAAgBC,4BAA2B,IAAKtH;AAEpE,QAAMuH,UAAU,IAAIC,sCAAAA;AAEpB,QAAMvH,WACJD,KAAKC,YACLD,MAAMoH,YAAYzD,SAAS8D,aAAaxH,YACxCD,KAAKoH,YAAYzD,SAAS8D,aAAaC,eAAezH,gBACtDC,qCAAiBwC,OAAAA;AACnB,MAAI,CAACzC,UAAU;AACb,UAAMgB,MAAM,4CAAA;EACd;AACA,QAAMyC,aAASf,mDAA8B;IAAEgB,SAASyD,WAAWzD;IAASD,QAAQ0D,WAAW1D;EAAO,CAAA;AACtG,QAAMgE,gBAAkC;IACtC,GAAGN,YAAYzD,SAAS8D,aAAaC;IACrC,GAAG1H,MAAMoH,YAAYK,aAAaC;IAClCzH;IACA0H,UAAUN,eAAeO;EAC3B;AACAL,UAAQM,mBAAmBR,cAAAA;AAC3BE,UAAQO,0BAA0BR,2BAAAA;AAElCC,UAAQQ,6BAA6B,MAAM7D,4BAA4BR,QAAQhB,OAAAA,CAAAA;AAC/E,MAAI0E,WAAWY,eAAe;AAC5BT,YAAQU,kBAAkBb,WAAWY,aAAa;EACpD,WAAWX,eAAea,gBAAgB;AACxCX,YAAQU,kBAAkBb,WAAWY,iBAAiBX,eAAea,cAAc;EACrF;AAEA,MAAId,WAAWe,cAAc;AAC3BZ,YAAQa,qBAAqBhB,WAAWe,YAAY;EAKtD;AAEAZ,UAAQc,sBAAsBxI,qBAAqB;IAAEC,YAAY4H;EAAc,GAAGhF,OAAAA,CAAAA;AAElF,MAAI1C,KAAKsI,wBAAwB;AAC/Bf,YAAQgB,2BAA2BvI,KAAKsI,sBAAsB;EAChE;AACAf,UAAQiB,wBAAuB;AAC/BjB,UAAQkB,iCAAgC;AACxClB,UAAQmB,oCAAmC;AAE3C,SAAOnB;AACT;AAzDsBJ;AA2DtB,eAAsBwB,gBACpB,EACEvB,YACAC,gBACAC,6BACAgB,uBAAsB,GAOxB5F,SAAyB;AAEzB,UACE,MAAMyE,uBACJ;IACEC;IACAC;IACAC;IACAgB;EACF,GACA5F,OAAAA,GAEFkG,MAAK;AACT;AAzBsBD;AA2BtB,eAAsBE,6BAA6BpG,MAAwD;AACzG,iBAAeqG,yBAAAA;AACb,UAAMC,OAAOtG,KAAKsG,KAAKC,QAAQ,iBAAiBvG,KAAKwG,wBAAwB;AAC7E,eAAOC,mBAAAA,SAAMH,MAAM;MACjB3H,QAAQ;MACR+H,SAAS;QACP,gBAAgB;MAClB;IACF,CAAA,EAAGC,KAAK,OAAOC,aAAAA;AACb,UAAIA,SAAS9C,UAAU,KAAK;AAC1B,eAAOxF,QAAQC,OAAOC,MAAM,MAAMoI,SAASC,KAAI,CAAA,CAAA;MACjD,OAAO;AACL,cAAMC,eAAe,MAAMF,SAASG,KAAI;AAExC,YAAI,CAACD,aAAaE,gBAAgB;AAChC,iBAAO1I,QAAQC,OAAOC,MAAM,2CAAA,CAAA;QAC9B;AAEA,eAAOsI,aAAaE;MACtB;IACF,CAAA;EACF;AApBeX;AAsBf,SAAOA;AACT;AAxBsBD;AA0BtB,eAAsBa,iCAAiCjH,MAGtD;AACC,iBAAekH,2BAA2BC,eAAqB;AAC7D,eAAOV,mBAAAA,SAAMzG,KAAKsG,MAAM;MACtB3H,QAAQ;MACR+H,SAAS;QACP,gBAAgB;MAClB;MACAU,MAAMC,KAAKC,UAAU;QAAEC,cAAcvH,KAAKwG;QAA0BW;MAAc,CAAA;IACpF,CAAA,EAAGR,KAAK,OAAOC,aAAAA;AACb,UAAIA,SAAS9C,UAAU,KAAK;AAC1B,eAAOxF,QAAQC,OAAOC,MAAM,MAAMoI,SAASC,KAAI,CAAA,CAAA;MACjD,OAAO;AACL,cAAMC,eAAe,MAAMF,SAASG,KAAI;AAExC,YAAI,CAACD,aAAahD,QAAQ;AACxB,iBAAOxF,QAAQC,OAAOC,MAAM,iCAAA,CAAA;QAC9B;AAEA,eAAOsI,aAAahD,WAAW0D,sDAAiCC;MAClE;IACF,CAAA;EACF;AApBeP;AAsBf,SAAOA;AACT;AA3BsBD;;;ACnZf,IAAMS,iBAAN,MAAMA;EAJb,OAIaA;;;EACHC;EACSC;EACAC;EACTC;EACSC;EAEjB,YAAmB,EACjBC,YACAC,cACAC,gBACAC,4BAA2B,GAM1B;AACD,SAAKN,iBAAiBG;AACtB,SAAKJ,mBAAmBK;AACxB,SAAKH,kBAAkBI;AACvB,SAAKH,+BAA+BI;EACtC;EAEA,MAAaC,IAAIC,MAAyG;AACxH,QAAI,CAAC,KAAKV,SAAS;AACjB,YAAMW,UAAU,MAAMC,uBACpB;QACEP,YAAY,KAAKQ;QACjBN,gBAAgB,KAAKA;QACrBC,6BAA6B,KAAKA;QAClCM,wBAAwBJ,MAAMI;MAChC,GACAJ,KAAKK,OAAO;AAEd,WAAKf,UAAUW,QAAQK,MAAK;IAC9B;AACA,WAAO,KAAKhB;EACd;EAEA,IAAIa,gBAAgB;AAClB,WAAO,KAAKX;EACd;EAEA,IAAIe,kBAAkB;AACpB,WAAO,KAAKhB;EACd;EAEA,IAAIM,iBAAiB;AACnB,WAAO,KAAKJ;EACd;EAEA,IAAII,eAAeW,OAAuB;AAExC,QAAI,KAAKlB,SAASO,gBAAgB;AAChC,WAAKP,QAAQO,iBAAiB;QAC5B,GAAG,KAAKP,SAASO;QACjBY,qCAAqCD,MAAMC;MAC7C;IACF;AAEA,SAAKhB,kBAAkBe;EACzB;EAEA,IAAIV,8BAA8B;AAChC,WAAO,KAAKJ;EACd;AACF;;;AF3CO,IAAMgB,uBAAsC;EACjD;EACA;EACA;EACA;EACA;;AAGK,IAAMC,gBAAN,MAAMA,eAAAA;EArCb,OAqCaA;;;EACX,OAAwBC,oBAAoB;EAC3BC,YAAyC,oBAAIC,IAAAA;EACrDC,SAASA,OAAOC;EAEhBC,UAA0B;IACjCC,uBAAuB,KAAKA,sBAAsBC,KAAK,IAAI;IAC3DC,wBAAwB,KAAKA,uBAAuBD,KAAK,IAAI;IAC7DE,kCAAkC,KAAKA,iCAAiCF,KAAK,IAAI;IACjFG,oBAAoB,KAAKA,mBAAmBH,KAAK,IAAI;IACrDI,gCAAgC,KAAKA,+BAA+BJ,KAAK,IAAI;EAC/E;EACQK;EAER,YAAYC,MAA2B;AACrC,SAAKD,QAAQC,QAAQ,CAAC;EACxB;EAEA,MAAcP,sBAAsBQ,YAA8BC,SAAqE;AACrI,WAAO,MAAM,KAAKL,mBAAmBI,YAAYC,OAAAA,EAC9CC,KAAK,CAACC,aAAaA,SAASC,IAAI;MAAEH;IAAQ,CAAA,CAAA,EAC1CC,KAAK,CAACG,WACLA,OAAOC,yBAAyBN,UAAAA,EAAYE,KAAK,CAACK,aAAAA;AAChD,YAAMC,SAA0CD;AAChD,UAAI,KAAKT,MAAMW,mBAAmB,OAAO;AACvC,eAAOD,OAAOE;MAChB;AACA,aAAOF;IACT,CAAA,CAAA;EAEN;EAEA,MAAcd,uBAAuBiB,WAAiCV,SAAwD;AAC5H,WAAO,MAAM,KAAKL,mBAAmBe,WAAWV,OAAAA,EAC7CC,KAAK,CAACC,aAAaA,SAASC,IAAI;MAAEH;IAAQ,CAAA,CAAA,EAC1CC,KAAK,CAACG,WAAqBA,OAAOO,gBAAgBD,SAAAA,CAAAA;EACvD;EAEA,MAAchB,iCACZkB,iBACAZ,SAC8B;AAC9B,WAAO,MAAM,KAAKL,mBAAmBiB,iBAAiBZ,OAAAA,EAASC,KAAK,OAAOC,aAAAA;AACzE,YAAME,SAAS,MAAMF,SAASC,IAAI;QAAEH;MAAQ,CAAA;AAE5C,gBAAMa,sDAA8BD,gBAAgBE,SAAS;QAC3DC,yBAAyBX,OAAOW;QAChCC,oBAAoBJ,gBAAgBI;MACtC,CAAA;AACA,YAAMC,oBAAoBf,SAASgB,cAAcC,QAAQf,UAAUF,SAASgB,cAAcE,SAASD,OAAOE,WAAWC,SAAAA;AACrH,UAAI,CAACL,mBAAmB;AACtB,eAAOM,QAAQC,OAAOC,MAAM,yCAAyC,CAAA;MACvE;AACA,iBAAOC,kDAA0Bd,gBAAgBE,SAAS;QACxDG;QACAU,gBAAgBf,gBAAgBI;QAChCY,iBAAiBhB,gBAAgBI;QACjCa,SAASzB,OAAOyB;QAChBd,yBAAyBX,OAAOW;QAChCe,2BAA2B,MAAMC,6BAA6B7B,SAASgB,eAAelB,OAAAA;MACxF,CAAA;IACF,CAAA;EACF;EAEQgC,cAAcC,gBAAoD;AACxE,QAAI,2BAA2BA,kBAAkBC,MAAMC,QAAQF,eAAeG,qBAAqB,GAAG;AACpG,aAAOH,eAAeG,sBAAsBC,KAAK,CAACC,OAAOA,OAAOL,eAAeM,iBAAiB;IAClG;AACA,WAAOC;EACT;EAEA,MAAcC,qBAAqBC,MAA2B1C,SAAoD;AAChH,UAAM2C,mBAAmBD,KAAKC,oBAAoB3D,eAAcC;AAGhE,UAAM2D,eAAe,MAAM,KAAKC,gBAAgB;MAAE,GAAGH;MAAMC;IAAiB,GAAG3C,OAAAA;AAC/E,UAAMiC,iBAAiB,MAAM,KAAKa,kBAAkB;MAAE,GAAGJ;MAAMC;IAAiB,GAAG3C,OAAAA;AACnF,UAAM+C,aAAa,KAAKf,cAAcC,cAAAA;AACtC,QAAIe,qBAA8ER;AAClF,QAAIO,YAAY;AAEdC,2BAAqB,UAAMC,yCAAkBF,YAAYG,yCAAmBC,sBAAsB;QAChGC,iBAAiB;MACnB,CAAA;AACA,UAAI,CAACJ,oBAAoB;AACvBA,6BAAqB,UAAMC,yCAAkBF,YAAYG,yCAAmBG,UAAU;UACpFD,iBAAiB;QACnB,CAAA;MACF;IACF;AACA,UAAME,8BAA8BN,oBAAoBO,cACpDP,mBAAoBO,cACpB,MAAM,KAAKC,wCACT;MACE,GAAGd;MACHC;IACF,GACA3C,OAAAA;AAEN,UAAMyD,aAAa,MAAM,KAAKC,uBAAuB;MAAE,GAAGhB;MAAMC;IAAiB,GAAG3C,OAAAA;AACpF,QAAI,CAACyD,WAAWE,aAAa;AAC3BF,iBAAWE,cAAc;QAAE,GAAGF,WAAWrC,SAASuC;QAAa,GAAG,KAAK9D,MAAM8D;MAAY;IAC3F;AACA,QAAI,CAACF,WAAWE,aAAaC,UAAU;AACrCH,iBAAWE,YAAYC,eAAWC,sCAAiB7D,OAAAA;IACrD;AAEA,SAAKd,UAAU4E,IACbnB,kBACA,IAAIoB,eAAe;MACjBN;MACAb;MACAX;MACAqB;IACF,CAAA,CAAA;AAGF,WAAO,KAAK3D,mBAAmB+C,MAAM1C,OAAAA;EACvC;;EAGA,MAAaJ,+BAA+B8C,MAAgC1C,SAA0C;AACpH,UAAME,WAAW,KAAKhB,UAAUiB,IAAIuC,KAAKC,gBAAgB;AACzD,QAAIzC,UAAU;AACZ,YAAM8D,WAAW,MAAM,KAAKlB,kBAAkB;QAAE,GAAGJ;MAAK,GAAG1C,OAAAA;AAC3DE,eAAS+B,iBAAiB+B;IAC5B;EACF;EAEA,MAAarE,mBAAmB+C,MAA2B1C,SAAoD;AAC7G,UAAM2C,mBAAmBD,KAAKC,oBAAoB3D,eAAcC;AAEhE,QAAI,CAAC,KAAKC,UAAU+E,IAAItB,gBAAAA,GAAmB;AACzC,YAAM,KAAKF,qBAAqBC,MAAM1C,OAAAA;IACxC;AACA,WAAO,KAAKd,UAAUiB,IAAIwC,gBAAAA;EAC5B;EAEA,MAAce,uBACZ5D,MAKAE,SACyB;AACzB,UAAM2C,mBAAmB7C,KAAK6C;AAC9B,UAAMuB,UAAU,MAAM,KAAKA,QAAQpE,MAAME,OAAAA;AACzC,UAAMmE,YAAY,MAAM,KAAKA,UAAUrE,MAAME,OAAAA;AAC7C,UAAMoE,UAAU,MAAMpE,QAAQqE,MAAMC,0BAA0B;MAC5DC,cAAc;MACdC,eAAe7B;MACfuB;MACAC;IACF,CAAA;AACA,QAAI,CAACC,SAAS;AACZ,YAAM3C,MAAM,6DAA6DkB,gBAAAA,EAAkB;IAC7F;AACA,WAAOyB;EACT;EAEA,MAAcvB,gBACZ/C,MAKAE,SAC2B;AAC3B,UAAM2C,mBAAmB7C,KAAK6C;AAC9B,UAAMuB,UAAU,MAAM,KAAKA,QAAQpE,MAAME,OAAAA;AACzC,UAAMyE,iBAAiB,MAAM,KAAKN,UAAUrE,MAAME,OAAAA;AAClD,WAAO;MAAE2C;MAAkBuB;MAASO;IAAe;EACrD;EAEA,MAAc3B,kBACZhD,MAKAE,SACyB;AACzB,UAAM4C,eAAe,MAAM,KAAKC,gBAAgB/C,MAAME,OAAAA;AACtD,UAAMgE,WAAY,MAAMhE,QAAQqE,MAAMK,wBAAwB;MAC5DH,cAAc;MACdC,eAAe5B,aAAaD;MAC5BwB,WAAWvB,aAAa6B;MACxBP,SAAStB,aAAasB;IACxB,CAAA;AACA,QAAI,CAACF,UAAU;AACb,YAAMvC,MAAM,wCAAwC3B,KAAK6C,gBAAgB,eAAe7C,KAAKqE,SAAS,cAAcrE,KAAKoE,OAAO,EAAE;IACpI;AACA,WAAOF;EACT;EAEA,MAAcR,wCACZ1D,MAKAE,SACsC;AACtC,UAAM4C,eAAe,MAAM,KAAKC,gBAAgB/C,MAAME,OAAAA;AACtD,UAAMgE,WAAY,MAAMhE,QAAQqE,MAAMK,wBAAwB;MAC5DH,cAAc;MACdC,eAAe5B,aAAaD;MAC5BwB,WAAWvB,aAAa6B;MACxBP,SAAStB,aAAasB;IACxB,CAAA;AACA,QAAI,CAACF,UAAU;AACb,YAAMvC,MACJ,wBAAwB3B,KAAK6C,gBAAgB,sCAAsCC,aAAa6B,cAAc,cAAc7B,aAAasB,OAAO,EAAE;IAEtJ;AACA,WAAOF;EACT;EAEA,MAAcE,QAAQpE,MAA6BE,SAA6C;AAC9F,UAAMkE,UAAUpE,MAAMoE,WAAW,KAAKrE,OAAO8E,kBAAmB,MAAM3E,SAASqE,MAAMO,2BAAAA;AACrF,QAAI,CAACV,SAAS;AACZ,YAAMzC,MAAM,iGAAA;IACd;AACA,WAAOyC;EACT;EAEA,MAAcC,UAAUrE,MAA+BE,SAA6C;AAClG,UAAMmE,YAAYrE,MAAMqE,aAAa,KAAKtE,OAAOgF,oBAAqB,MAAM7E,SAASqE,MAAMS,6BAAAA;AAC3F,QAAI,CAACX,WAAW;AACd,YAAM1C,MAAM,mGAAA;IACd;AACA,WAAO0C;EACT;AACF;;;AD5QA,IAAMY,SAASC;","names":["module","import_oid4vci_issuer","import_ssi_sdk_ext","import_ssi_sdk_ext","getJwtVerifyCallback","verifyOpts","_context","args","resolver","getAgentResolver","resolverResolution","uniresolverResolution","localResolution","resolve","result","agent","jwtVerifyJwsSignature","jws","jwt","error","identifier","signatures","Promise","reject","Error","jwkInfo","jwks","method","alg","jwk","header","jwtDecode","payload","kid","decodedJwt","decodeJWT","startsWith","did","split","didResult","verifyJWT","verified","console","log","didResolution","didDocument","didResolutionMetadata","getAccessTokenKeyRef","opts","context","legacyKeyRefsToIdentifierOpts","identifierManagedGet","getAccessTokenSignerCallback","signer","data","dataString","encoding","resolution","keyRef","kmsKeyRef","undefined","bytesToBase64","keyManagerSign","accessTokenSignerCallback","issuer","idOpts","didOpts","toString","iss","kidHeader","identifierOpts","createJWT","typ","getCredentialSignerCallback","issueVCCallback","jwtVerifyResult","format","statusLists","credential","proofFormat","includes","CredentialMapper","isW3cCredential","id","subjectIsArray","Array","isArray","credentialSubject","credentialSubjects","map","subject","contextHasPlugin","credentialStatusVC","slAddStatusToCredential","credentialStatus","statusListCredential","createVerifiableCredential","removeOriginalFields","fetchRemoteContexts","domain","proof","isSdJwtDecodedCredentialPayload","sdJwtPayload","iat","Math","floor","Date","getTime","disclosureFrame","_sd","status","status_list","length","sdJwtPayloadWithStatus","slAddStatusToSdJwtCredential","idx","statusList","statusListId","uri","statusListIndex","createSdJwtVc","credentialPayload","createVciIssuerBuilder","issuerOpts","issuerMetadata","authorizationServerMetadata","builder","VcIssuerBuilder","resolveOpts","jwtVerifyOpts","audience","credential_issuer","withIssuerMetadata","withAuthorizationMetadata","withCredentialSignerCallback","nonceEndpoint","withNonceEndpoint","nonce_endpoint","asClientOpts","withASClientMetadata","withJWTVerifyCallback","credentialDataSupplier","withCredentialDataSupplier","withInMemoryCNonceState","withInMemoryCredentialOfferState","withInMemoryCredentialOfferURIState","createVciIssuer","build","createAuthRequestUriCallback","authRequestUriCallback","path","replace","presentationDefinitionId","fetch","headers","then","response","text","responseData","json","authRequestURI","createVerifyAuthResponseCallback","verifyAuthResponseCallback","correlationId","body","JSON","stringify","definitionId","AuthorizationResponseStateStatus","VERIFIED","IssuerInstance","_issuer","_metadataOptions","_issuerOptions","_issuerMetadata","_authorizationServerMetadata","issuerOpts","metadataOpts","issuerMetadata","authorizationServerMetadata","get","opts","builder","createVciIssuerBuilder","issuerOptions","credentialDataSupplier","context","build","metadataOptions","value","credential_configurations_supported","oid4vciIssuerMethods","OID4VCIIssuer","_DEFAULT_OPTS_KEY","instances","Map","schema","IDidAuthSiopOpAuthenticator","methods","oid4vciCreateOfferURI","bind","oid4vciIssueCredential","oid4vciCreateAccessTokenResponse","oid4vciGetInstance","oid4vciRefreshInstanceMetadata","_opts","opts","createArgs","context","then","instance","get","issuer","createCredentialOfferURI","response","result","returnSessions","session","issueArgs","issueCredential","accessTokenArgs","assertValidAccessTokenRequest","request","credentialOfferSessions","expirationDuration","accessTokenIssuer","issuerOptions","idOpts","didOpts","identifier","toString","Promise","reject","Error","createAccessTokenResponse","tokenExpiresIn","cNonceExpiresIn","cNonces","accessTokenSignerCallback","getAccessTokenSignerCallback","getExternalAS","issuerMetadata","Array","isArray","authorization_servers","find","as","credential_issuer","undefined","createIssuerInstance","args","credentialIssuer","metadataOpts","getMetadataOpts","getIssuerMetadata","externalAS","asMetadataResponse","retrieveWellknown","WellKnownEndpoints","OPENID_CONFIGURATION","errorOnNotFound","OAUTH_AS","authorizationServerMetadata","successBody","getAuthorizationServerMetadataFromStore","issuerOpts","getIssuerOptsFromStore","resolveOpts","resolver","getAgentResolver","set","IssuerInstance","metadata","has","storeId","namespace","options","agent","oid4vciStoreGetIssuerOpts","metadataType","correlationId","storeNamespace","oid4vciStoreGetMetadata","defaultStoreId","oid4vciStoreDefaultStoreId","defaultNamespace","oid4vciStoreDefaultNamespace","schema","require"]}
|
package/dist/index.d.cts
CHANGED
|
@@ -60,6 +60,9 @@ interface IIssuerInstanceArgs {
|
|
|
60
60
|
storeId?: string;
|
|
61
61
|
namespace?: string;
|
|
62
62
|
}
|
|
63
|
+
interface IRefreshInstanceMetadata {
|
|
64
|
+
credentialIssuer: string;
|
|
65
|
+
}
|
|
63
66
|
interface IIssuerInstanceOptions extends IMetadataOptions {
|
|
64
67
|
issuerOpts?: IIssuerOptions;
|
|
65
68
|
metadataOpts?: CredentialIssuerMetadataOpts;
|
|
@@ -116,6 +119,7 @@ declare class IssuerInstance {
|
|
|
116
119
|
get authorizationServerMetadata(): AuthorizationServerMetadata;
|
|
117
120
|
}
|
|
118
121
|
|
|
122
|
+
declare const oid4vciIssuerMethods: Array<string>;
|
|
119
123
|
declare class OID4VCIIssuer implements IAgentPlugin {
|
|
120
124
|
private static readonly _DEFAULT_OPTS_KEY;
|
|
121
125
|
private readonly instances;
|
|
@@ -128,6 +132,7 @@ declare class OID4VCIIssuer implements IAgentPlugin {
|
|
|
128
132
|
private oid4vciCreateAccessTokenResponse;
|
|
129
133
|
private getExternalAS;
|
|
130
134
|
private createIssuerInstance;
|
|
135
|
+
oid4vciRefreshInstanceMetadata(args: IRefreshInstanceMetadata, context: IRequiredContext): Promise<void>;
|
|
131
136
|
oid4vciGetInstance(args: IIssuerInstanceArgs, context: IRequiredContext): Promise<IssuerInstance>;
|
|
132
137
|
private getIssuerOptsFromStore;
|
|
133
138
|
private getMetadataOpts;
|
|
@@ -209,4 +214,4 @@ declare function createVerifyAuthResponseCallback(opts: {
|
|
|
209
214
|
*/
|
|
210
215
|
declare const schema: any;
|
|
211
216
|
|
|
212
|
-
export { type IAssertValidAccessTokenArgs, type ICreateCredentialOfferURIResult, type ICreateOfferArgs, type IIssueCredentialArgs, type IIssuerInstanceArgs, type IIssuerInstanceOptions, type IIssuerOptions, type IMetadataOptions, type IOID4VCIIssuer, type IOID4VCIIssuerOpts, type IRequiredContext, type IssuerCredentialDefinition, IssuerInstance, OID4VCIIssuer, createAuthRequestUriCallback, createVciIssuer, createVciIssuerBuilder, createVerifyAuthResponseCallback, getAccessTokenKeyRef, getAccessTokenSignerCallback, getCredentialSignerCallback, getJwtVerifyCallback, schema };
|
|
217
|
+
export { type IAssertValidAccessTokenArgs, type ICreateCredentialOfferURIResult, type ICreateOfferArgs, type IIssueCredentialArgs, type IIssuerInstanceArgs, type IIssuerInstanceOptions, type IIssuerOptions, type IMetadataOptions, type IOID4VCIIssuer, type IOID4VCIIssuerOpts, type IRefreshInstanceMetadata, type IRequiredContext, type IssuerCredentialDefinition, IssuerInstance, OID4VCIIssuer, createAuthRequestUriCallback, createVciIssuer, createVciIssuerBuilder, createVerifyAuthResponseCallback, getAccessTokenKeyRef, getAccessTokenSignerCallback, getCredentialSignerCallback, getJwtVerifyCallback, oid4vciIssuerMethods, schema };
|
package/dist/index.d.ts
CHANGED
|
@@ -60,6 +60,9 @@ interface IIssuerInstanceArgs {
|
|
|
60
60
|
storeId?: string;
|
|
61
61
|
namespace?: string;
|
|
62
62
|
}
|
|
63
|
+
interface IRefreshInstanceMetadata {
|
|
64
|
+
credentialIssuer: string;
|
|
65
|
+
}
|
|
63
66
|
interface IIssuerInstanceOptions extends IMetadataOptions {
|
|
64
67
|
issuerOpts?: IIssuerOptions;
|
|
65
68
|
metadataOpts?: CredentialIssuerMetadataOpts;
|
|
@@ -116,6 +119,7 @@ declare class IssuerInstance {
|
|
|
116
119
|
get authorizationServerMetadata(): AuthorizationServerMetadata;
|
|
117
120
|
}
|
|
118
121
|
|
|
122
|
+
declare const oid4vciIssuerMethods: Array<string>;
|
|
119
123
|
declare class OID4VCIIssuer implements IAgentPlugin {
|
|
120
124
|
private static readonly _DEFAULT_OPTS_KEY;
|
|
121
125
|
private readonly instances;
|
|
@@ -128,6 +132,7 @@ declare class OID4VCIIssuer implements IAgentPlugin {
|
|
|
128
132
|
private oid4vciCreateAccessTokenResponse;
|
|
129
133
|
private getExternalAS;
|
|
130
134
|
private createIssuerInstance;
|
|
135
|
+
oid4vciRefreshInstanceMetadata(args: IRefreshInstanceMetadata, context: IRequiredContext): Promise<void>;
|
|
131
136
|
oid4vciGetInstance(args: IIssuerInstanceArgs, context: IRequiredContext): Promise<IssuerInstance>;
|
|
132
137
|
private getIssuerOptsFromStore;
|
|
133
138
|
private getMetadataOpts;
|
|
@@ -209,4 +214,4 @@ declare function createVerifyAuthResponseCallback(opts: {
|
|
|
209
214
|
*/
|
|
210
215
|
declare const schema: any;
|
|
211
216
|
|
|
212
|
-
export { type IAssertValidAccessTokenArgs, type ICreateCredentialOfferURIResult, type ICreateOfferArgs, type IIssueCredentialArgs, type IIssuerInstanceArgs, type IIssuerInstanceOptions, type IIssuerOptions, type IMetadataOptions, type IOID4VCIIssuer, type IOID4VCIIssuerOpts, type IRequiredContext, type IssuerCredentialDefinition, IssuerInstance, OID4VCIIssuer, createAuthRequestUriCallback, createVciIssuer, createVciIssuerBuilder, createVerifyAuthResponseCallback, getAccessTokenKeyRef, getAccessTokenSignerCallback, getCredentialSignerCallback, getJwtVerifyCallback, schema };
|
|
217
|
+
export { type IAssertValidAccessTokenArgs, type ICreateCredentialOfferURIResult, type ICreateOfferArgs, type IIssueCredentialArgs, type IIssuerInstanceArgs, type IIssuerInstanceOptions, type IIssuerOptions, type IMetadataOptions, type IOID4VCIIssuer, type IOID4VCIIssuerOpts, type IRefreshInstanceMetadata, type IRequiredContext, type IssuerCredentialDefinition, IssuerInstance, OID4VCIIssuer, createAuthRequestUriCallback, createVciIssuer, createVciIssuerBuilder, createVerifyAuthResponseCallback, getAccessTokenKeyRef, getAccessTokenSignerCallback, getCredentialSignerCallback, getJwtVerifyCallback, oid4vciIssuerMethods, schema };
|
package/dist/index.js
CHANGED
|
@@ -739,6 +739,13 @@ var IssuerInstance = class {
|
|
|
739
739
|
};
|
|
740
740
|
|
|
741
741
|
// src/agent/OID4VCIIssuer.ts
|
|
742
|
+
var oid4vciIssuerMethods = [
|
|
743
|
+
"oid4vciCreateOfferURI",
|
|
744
|
+
"oid4vciIssueCredential",
|
|
745
|
+
"oid4vciCreateAccessTokenResponse",
|
|
746
|
+
"oid4vciGetInstance",
|
|
747
|
+
"oid4vciRefreshInstanceMetadata"
|
|
748
|
+
];
|
|
742
749
|
var OID4VCIIssuer = class _OID4VCIIssuer {
|
|
743
750
|
static {
|
|
744
751
|
__name(this, "OID4VCIIssuer");
|
|
@@ -750,7 +757,8 @@ var OID4VCIIssuer = class _OID4VCIIssuer {
|
|
|
750
757
|
oid4vciCreateOfferURI: this.oid4vciCreateOfferURI.bind(this),
|
|
751
758
|
oid4vciIssueCredential: this.oid4vciIssueCredential.bind(this),
|
|
752
759
|
oid4vciCreateAccessTokenResponse: this.oid4vciCreateAccessTokenResponse.bind(this),
|
|
753
|
-
oid4vciGetInstance: this.oid4vciGetInstance.bind(this)
|
|
760
|
+
oid4vciGetInstance: this.oid4vciGetInstance.bind(this),
|
|
761
|
+
oid4vciRefreshInstanceMetadata: this.oid4vciRefreshInstanceMetadata.bind(this)
|
|
754
762
|
};
|
|
755
763
|
_opts;
|
|
756
764
|
constructor(opts) {
|
|
@@ -848,6 +856,16 @@ var OID4VCIIssuer = class _OID4VCIIssuer {
|
|
|
848
856
|
}));
|
|
849
857
|
return this.oid4vciGetInstance(args, context);
|
|
850
858
|
}
|
|
859
|
+
// TODO SSISDK-87 create proper solution to update issuer metadata
|
|
860
|
+
async oid4vciRefreshInstanceMetadata(args, context) {
|
|
861
|
+
const instance = this.instances.get(args.credentialIssuer);
|
|
862
|
+
if (instance) {
|
|
863
|
+
const metadata = await this.getIssuerMetadata({
|
|
864
|
+
...args
|
|
865
|
+
}, context);
|
|
866
|
+
instance.issuerMetadata = metadata;
|
|
867
|
+
}
|
|
868
|
+
}
|
|
851
869
|
async oid4vciGetInstance(args, context) {
|
|
852
870
|
const credentialIssuer = args.credentialIssuer ?? _OID4VCIIssuer._DEFAULT_OPTS_KEY;
|
|
853
871
|
if (!this.instances.has(credentialIssuer)) {
|
|
@@ -935,6 +953,7 @@ export {
|
|
|
935
953
|
getAccessTokenSignerCallback,
|
|
936
954
|
getCredentialSignerCallback,
|
|
937
955
|
getJwtVerifyCallback,
|
|
956
|
+
oid4vciIssuerMethods,
|
|
938
957
|
schema
|
|
939
958
|
};
|
|
940
959
|
//# sourceMappingURL=index.js.map
|
package/dist/index.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"sources":["../plugin.schema.json","../src/agent/OID4VCIIssuer.ts","../src/functions.ts","../src/IssuerInstance.ts","../src/index.ts"],"sourcesContent":["{\n \"IDidAuthSiopOpAuthenticator\": {\n \"components\": {\n \"schemas\": {\n \"IGetSiopSessionArgs\": {\n \"type\": \"object\",\n \"properties\": {\n \"sessionId\": {\n \"type\": \"string\"\n },\n \"additionalProperties\": false\n },\n \"required\": [\"sessionId\"],\n \"description\": \"Arguments needed for {@link DidAuthSiopOpAuthenticator.getSessionForSiop } \"\n },\n \"IRegisterSiopSessionArgs\": {\n \"type\": \"object\",\n \"properties\": {\n \"identifier\": {\n \"type\": \"object\",\n \"properties\": {\n \"did\": {\n \"type\": \"string\"\n },\n \"alias\": {\n \"type\": \"string\"\n },\n \"provider\": {\n \"type\": \"string\"\n },\n \"controllerKeyId\": {\n \"type\": \"string\"\n },\n \"keys\": {\n \"type\": \"array\",\n \"items\": {\n \"type\": \"object\",\n \"properties\": {\n \"additionalProperties\": true\n }\n }\n },\n \"services\": {\n \"type\": \"array\",\n \"items\": {\n \"type\": \"object\",\n \"properties\": {\n \"additionalProperties\": true\n }\n }\n }\n },\n \"additionalProperties\": false,\n \"required\": [\"did\", \"provider\", \"keys\", \"services\"]\n },\n \"sessionId\": {\n \"type\": \"string\"\n },\n \"expiresIn\": {\n \"type\": \"number\"\n },\n \"additionalProperties\": false\n },\n \"required\": [\"identifier\"],\n \"description\": \"Arguments needed for {@link DidAuthSiopOpAuthenticator.registerSessionForSiop } \"\n },\n \"IRemoveSiopSessionArgs\": {\n \"type\": \"object\",\n \"properties\": {\n \"sessionId\": {\n \"type\": \"string\"\n },\n \"additionalProperties\": false\n },\n \"required\": [\"sessionId\"],\n \"description\": \"Arguments needed for {@link DidAuthSiopOpAuthenticator.removeSessionForSiop } \"\n },\n \"IAuthenticateWithSiopArgs\": {\n \"type\": \"object\",\n \"properties\": {\n \"sessionId\": {\n \"type\": \"string\"\n },\n \"stateId\": {\n \"type\": \"string\"\n },\n \"redirectUrl\": {\n \"type\": \"string\"\n },\n \"additionalProperties\": false\n },\n \"required\": [\"sessionId\", \"stateId\", \"redirectUrl\"],\n \"description\": \"Arguments needed for {@link DidAuthSiopOpAuthenticator.authenticateWithSiop } \"\n },\n \"IResponse\": {\n \"type\": \"object\",\n \"properties\": {\n \"status\": {\n \"type\": \"number\"\n },\n \"additionalProperties\": true\n },\n \"required\": [\"status\"],\n \"description\": \"Result of {@link DidAuthSiopOpAuthenticator.authenticateWithSiop & DidAuthSiopOpAuthenticator.sendSiopAuthenticationResponse } \"\n },\n \"IGetSiopAuthenticationRequestFromRpArgs\": {\n \"type\": \"object\",\n \"properties\": {\n \"sessionId\": {\n \"type\": \"string\"\n },\n \"stateId\": {\n \"type\": \"string\"\n },\n \"redirectUrl\": {\n \"type\": \"string\"\n },\n \"additionalProperties\": false\n },\n \"required\": [\"sessionId\", \"stateId\", \"redirectUrl\"],\n \"description\": \"Arguments needed for {@link DidAuthSiopOpAuthenticator.getSiopAuthenticationRequestFromRP } \"\n },\n \"ParsedAuthenticationRequestURI\": {\n \"type\": \"object\",\n \"properties\": {\n \"jwt\": {\n \"type\": \"string\"\n },\n \"requestPayload\": {\n \"type\": \"object\",\n \"properties\": {\n \"additionalProperties\": true\n }\n },\n \"registration\": {\n \"type\": \"object\",\n \"properties\": {\n \"additionalProperties\": true\n }\n },\n \"additionalProperties\": false\n },\n \"required\": [\"jwt\", \"requestPayload\", \"registration\"],\n \"description\": \"Result of {@link DidAuthSiopOpAuthenticator.getSiopAuthenticationRequestFromRP } \"\n },\n \"IGetSiopAuthenticationRequestDetailsArgs\": {\n \"type\": \"object\",\n \"properties\": {\n \"sessionId\": {\n \"type\": \"string\"\n },\n \"verifiedAuthenticationRequest\": {\n \"type\": \"object\",\n \"properties\": {\n \"additionalProperties\": true\n }\n },\n \"credentialFilter\": {\n \"type\": \"object\",\n \"properties\": {\n \"additionalProperties\": true\n }\n },\n \"additionalProperties\": false\n },\n \"required\": [\"sessionId\", \"verifiedAuthenticationRequest\"],\n \"description\": \"Arguments needed for {@link DidAuthSiopOpAuthenticator.getSiopAuthenticationRequestDetails } \"\n },\n \"IAuthRequestDetails\": {\n \"type\": \"object\",\n \"properties\": {\n \"id\": {\n \"type\": \"string\"\n },\n \"alsoKnownAs\": {\n \"type\": \"array\",\n \"items\": {\n \"type\": \"string\"\n }\n },\n \"vpResponseOpts\": {\n \"type\": \"object\",\n \"properties\": {\n \"additionalProperties\": true\n }\n },\n \"additionalProperties\": false\n },\n \"required\": [\"id\", \"vpResponseOpts\"],\n \"description\": \"Result of {@link DidAuthSiopOpAuthenticator.getSiopAuthenticationRequestDetails } \"\n },\n \"IVerifySiopAuthenticationRequestUriArgs\": {\n \"type\": \"object\",\n \"properties\": {\n \"sessionId\": {\n \"type\": \"string\"\n },\n \"ParsedAuthenticationRequestURI\": {\n \"type\": \"object\",\n \"properties\": {\n \"additionalProperties\": true\n }\n },\n \"additionalProperties\": false\n },\n \"required\": [\"sessionId\", \"ParsedAuthenticationRequestURI\"],\n \"description\": \"Arguments needed for {@link DidAuthSiopOpAuthenticator.verifySiopAuthenticationRequestURI } \"\n },\n \"VerifiedAuthorizationRequest\": {\n \"type\": \"object\",\n \"properties\": {\n \"payload\": {\n \"type\": \"object\",\n \"properties\": {\n \"additionalProperties\": true\n }\n },\n \"presentationDefinitions\": {\n \"type\": \"object\",\n \"properties\": {\n \"additionalProperties\": true\n }\n },\n \"verifyOpts\": {\n \"type\": \"object\",\n \"properties\": {\n \"additionalProperties\": true\n }\n },\n \"additionalProperties\": false\n },\n \"required\": [\"payload\", \"verifyOpts\"],\n \"description\": \"Result of {@link DidAuthSiopOpAuthenticator.verifySiopAuthenticationRequestURI } \"\n },\n \"ISendSiopAuthenticationResponseArgs\": {\n \"type\": \"object\",\n \"properties\": {\n \"sessionId\": {\n \"type\": \"string\"\n },\n \"verifiedAuthenticationRequest\": {\n \"type\": \"object\",\n \"properties\": {\n \"additionalProperties\": true\n }\n },\n \"verifiablePresentationResponse\": {\n \"type\": \"object\",\n \"properties\": {\n \"additionalProperties\": true\n }\n },\n \"additionalProperties\": false\n },\n \"required\": [\"sessionId\", \"verifiedAuthenticationRequest\"],\n \"description\": \"Arguments needed for {@link DidAuthSiopOpAuthenticator.sendSiopAuthenticationResponse } \"\n }\n },\n \"methods\": {\n \"getSessionForSiop\": {\n \"description\": \"Get SIOP session\",\n \"arguments\": {\n \"$ref\": \"#/components/schemas/IGetSiopSessionArgs\"\n },\n \"returnType\": \"object\"\n },\n \"registerSessionForSiop\": {\n \"description\": \"Register SIOP session\",\n \"arguments\": {\n \"$ref\": \"#/components/schemas/IRegisterSiopSessionArgs\"\n },\n \"returnType\": \"object\"\n },\n \"removeSessionForSiop\": {\n \"description\": \"Remove SIOP session\",\n \"arguments\": {\n \"$ref\": \"#/components/schemas/IRemoveSiopSessionArgs\"\n },\n \"returnType\": \"boolean\"\n },\n \"authenticateWithSiop\": {\n \"description\": \"Authenticate using DID Auth SIOP\",\n \"arguments\": {\n \"$ref\": \"#/components/schemas/IAuthenticateWithSiopArgs\"\n },\n \"returnType\": {\n \"$ref\": \"#/components/schemas/Response\"\n }\n },\n \"getSiopAuthenticationRequestFromRP\": {\n \"description\": \"Get authentication request from RP\",\n \"arguments\": {\n \"$ref\": \"#/components/schemas/IGetSiopAuthenticationRequestFromRpArgs\"\n },\n \"returnType\": {\n \"$ref\": \"#/components/schemas/ParsedAuthenticationRequestURI\"\n }\n },\n \"getSiopAuthenticationRequestDetails\": {\n \"description\": \"Get authentication request details\",\n \"arguments\": {\n \"$ref\": \"#/components/schemas/IGetSiopAuthenticationRequestDetailsArgs\"\n },\n \"returnType\": {\n \"$ref\": \"#/components/schemas/IAuthRequestDetails\"\n }\n },\n \"verifySiopAuthenticationRequestURI\": {\n \"description\": \"Verify authentication request URI\",\n \"arguments\": {\n \"$ref\": \"#/components/schemas/IVerifySiopAuthenticationRequestUriArgs\"\n },\n \"returnType\": {\n \"$ref\": \"#/components/schemas/VerifiedAuthorizationRequest\"\n }\n },\n \"sendSiopAuthenticationResponse\": {\n \"description\": \"Send authentication response\",\n \"arguments\": {\n \"$ref\": \"#/components/schemas/ISendSiopAuthenticationResponseArgs\"\n },\n \"returnType\": {\n \"$ref\": \"#/components/schemas/IRequiredContext\"\n }\n }\n }\n }\n }\n}\n","import {\n AccessTokenResponse,\n AuthorizationServerMetadata,\n CredentialResponse,\n IssuerMetadata,\n OpenIDResponse,\n WellKnownEndpoints,\n} from '@sphereon/oid4vci-common'\nimport { assertValidAccessTokenRequest, createAccessTokenResponse, VcIssuer } from '@sphereon/oid4vci-issuer'\nimport { retrieveWellknown } from '@sphereon/oid4vci-client'\nimport { getAgentResolver } from '@sphereon/ssi-sdk-ext.did-utils'\nimport { IMetadataOptions } from '@sphereon/ssi-sdk.oid4vci-issuer-store'\nimport { IAgentPlugin } from '@veramo/core'\nimport { getAccessTokenSignerCallback } from '../functions'\nimport {\n IAssertValidAccessTokenArgs,\n ICreateCredentialOfferURIResult,\n ICreateOfferArgs,\n IIssueCredentialArgs,\n IIssuerInstanceArgs,\n IIssuerOptions,\n IOID4VCIIssuerOpts,\n IRequiredContext,\n schema,\n} from '../index'\nimport { IssuerInstance } from '../IssuerInstance'\n\nimport { IOID4VCIIssuer } from '../types/IOID4VCIIssuer'\n\nexport class OID4VCIIssuer implements IAgentPlugin {\n private static readonly _DEFAULT_OPTS_KEY = '_default'\n private readonly instances: Map<string, IssuerInstance> = new Map()\n readonly schema = schema.IDidAuthSiopOpAuthenticator\n\n readonly methods: IOID4VCIIssuer = {\n oid4vciCreateOfferURI: this.oid4vciCreateOfferURI.bind(this),\n oid4vciIssueCredential: this.oid4vciIssueCredential.bind(this),\n oid4vciCreateAccessTokenResponse: this.oid4vciCreateAccessTokenResponse.bind(this),\n oid4vciGetInstance: this.oid4vciGetInstance.bind(this),\n }\n private _opts: IOID4VCIIssuerOpts\n\n constructor(opts?: IOID4VCIIssuerOpts) {\n this._opts = opts ?? {}\n }\n\n private async oid4vciCreateOfferURI(createArgs: ICreateOfferArgs, context: IRequiredContext): Promise<ICreateCredentialOfferURIResult> {\n return await this.oid4vciGetInstance(createArgs, context)\n .then((instance) => instance.get({ context }))\n .then((issuer: VcIssuer) =>\n issuer.createCredentialOfferURI(createArgs).then((response) => {\n const result: ICreateCredentialOfferURIResult = response\n if (this._opts.returnSessions === false) {\n delete result.session\n }\n return result\n }),\n )\n }\n\n private async oid4vciIssueCredential(issueArgs: IIssueCredentialArgs, context: IRequiredContext): Promise<CredentialResponse> {\n return await this.oid4vciGetInstance(issueArgs, context)\n .then((instance) => instance.get({ context }))\n .then((issuer: VcIssuer) => issuer.issueCredential(issueArgs))\n }\n\n private async oid4vciCreateAccessTokenResponse(\n accessTokenArgs: IAssertValidAccessTokenArgs,\n context: IRequiredContext,\n ): Promise<AccessTokenResponse> {\n return await this.oid4vciGetInstance(accessTokenArgs, context).then(async (instance) => {\n const issuer = await instance.get({ context })\n\n await assertValidAccessTokenRequest(accessTokenArgs.request, {\n credentialOfferSessions: issuer.credentialOfferSessions,\n expirationDuration: accessTokenArgs.expirationDuration,\n })\n const accessTokenIssuer = instance.issuerOptions.idOpts?.issuer ?? instance.issuerOptions.didOpts?.idOpts.identifier.toString() // last part is legacy\n if (!accessTokenIssuer) {\n return Promise.reject(Error(`Could not determine access token issuer`))\n }\n return createAccessTokenResponse(accessTokenArgs.request, {\n accessTokenIssuer,\n tokenExpiresIn: accessTokenArgs.expirationDuration,\n cNonceExpiresIn: accessTokenArgs.expirationDuration,\n cNonces: issuer.cNonces,\n credentialOfferSessions: issuer.credentialOfferSessions,\n accessTokenSignerCallback: await getAccessTokenSignerCallback(instance.issuerOptions, context),\n })\n })\n }\n\n private getExternalAS(issuerMetadata: IssuerMetadata): string | undefined {\n if ('authorization_servers' in issuerMetadata && Array.isArray(issuerMetadata.authorization_servers)) {\n return issuerMetadata.authorization_servers.find((as) => as !== issuerMetadata.credential_issuer)\n }\n return undefined\n }\n\n private async createIssuerInstance(args: IIssuerInstanceArgs, context: IRequiredContext): Promise<IssuerInstance> {\n const credentialIssuer = args.credentialIssuer ?? OID4VCIIssuer._DEFAULT_OPTS_KEY\n //todo: prob doesn't make sense as credentialIssuer is mandatory anyway\n\n const metadataOpts = await this.getMetadataOpts({ ...args, credentialIssuer }, context)\n const issuerMetadata = await this.getIssuerMetadata({ ...args, credentialIssuer }, context)\n const externalAS = this.getExternalAS(issuerMetadata)\n let asMetadataResponse: OpenIDResponse<AuthorizationServerMetadata> | undefined = undefined\n if (externalAS) {\n // Let's try OIDC first and then fallback to OAuth2\n asMetadataResponse = await retrieveWellknown(externalAS, WellKnownEndpoints.OPENID_CONFIGURATION, {\n errorOnNotFound: false,\n })\n if (!asMetadataResponse) {\n asMetadataResponse = await retrieveWellknown(externalAS, WellKnownEndpoints.OAUTH_AS, {\n errorOnNotFound: true,\n })\n }\n }\n const authorizationServerMetadata = asMetadataResponse?.successBody\n ? asMetadataResponse!.successBody\n : await this.getAuthorizationServerMetadataFromStore(\n {\n ...args,\n credentialIssuer,\n },\n context,\n )\n const issuerOpts = await this.getIssuerOptsFromStore({ ...args, credentialIssuer }, context)\n if (!issuerOpts.resolveOpts) {\n issuerOpts.resolveOpts = { ...issuerOpts.didOpts?.resolveOpts, ...this._opts.resolveOpts }\n }\n if (!issuerOpts.resolveOpts?.resolver) {\n issuerOpts.resolveOpts.resolver = getAgentResolver(context)\n }\n\n this.instances.set(\n credentialIssuer,\n new IssuerInstance({\n issuerOpts,\n metadataOpts,\n issuerMetadata,\n authorizationServerMetadata,\n }),\n )\n\n return this.oid4vciGetInstance(args, context)\n }\n\n public async oid4vciGetInstance(args: IIssuerInstanceArgs, context: IRequiredContext): Promise<IssuerInstance> {\n const credentialIssuer = args.credentialIssuer ?? OID4VCIIssuer._DEFAULT_OPTS_KEY\n //todo: prob doesn't make sense as credentialIssuer is mandatory anyway\n if (!this.instances.has(credentialIssuer)) {\n await this.createIssuerInstance(args, context)\n }\n return this.instances.get(credentialIssuer)!\n }\n\n private async getIssuerOptsFromStore(\n opts: {\n credentialIssuer: string\n storeId?: string\n namespace?: string\n },\n context: IRequiredContext,\n ): Promise<IIssuerOptions> {\n const credentialIssuer = opts.credentialIssuer\n const storeId = await this.storeId(opts, context)\n const namespace = await this.namespace(opts, context)\n const options = await context.agent.oid4vciStoreGetIssuerOpts({\n metadataType: 'issuer',\n correlationId: credentialIssuer,\n storeId,\n namespace,\n })\n if (!options) {\n throw Error(`Could not get specific nor default options for definition ${credentialIssuer}`)\n }\n return options\n }\n\n private async getMetadataOpts(\n opts: {\n credentialIssuer: string\n storeId?: string\n namespace?: string\n },\n context: IRequiredContext,\n ): Promise<IMetadataOptions> {\n const credentialIssuer = opts.credentialIssuer\n const storeId = await this.storeId(opts, context)\n const storeNamespace = await this.namespace(opts, context)\n return { credentialIssuer, storeId, storeNamespace }\n }\n\n private async getIssuerMetadata(\n opts: {\n credentialIssuer: string\n storeId?: string\n namespace?: string\n },\n context: IRequiredContext,\n ): Promise<IssuerMetadata> {\n const metadataOpts = await this.getMetadataOpts(opts, context)\n const metadata = (await context.agent.oid4vciStoreGetMetadata({\n metadataType: 'issuer',\n correlationId: metadataOpts.credentialIssuer,\n namespace: metadataOpts.storeNamespace,\n storeId: metadataOpts.storeId,\n })) as IssuerMetadata\n if (!metadata) {\n throw Error(`Issuer metadata not found for issuer ${opts.credentialIssuer}, namespace ${opts.namespace} and store ${opts.storeId}`)\n }\n return metadata\n }\n\n private async getAuthorizationServerMetadataFromStore(\n opts: {\n credentialIssuer: string\n storeId?: string\n namespace?: string\n },\n context: IRequiredContext,\n ): Promise<AuthorizationServerMetadata> {\n const metadataOpts = await this.getMetadataOpts(opts, context)\n const metadata = (await context.agent.oid4vciStoreGetMetadata({\n metadataType: 'authorizationServer',\n correlationId: metadataOpts.credentialIssuer,\n namespace: metadataOpts.storeNamespace,\n storeId: metadataOpts.storeId,\n })) as AuthorizationServerMetadata\n if (!metadata) {\n throw Error(\n `Authorization server ${opts.credentialIssuer} metadata not found for namespace ${metadataOpts.storeNamespace} and store ${metadataOpts.storeId}`,\n )\n }\n return metadata\n }\n\n private async storeId(opts?: { storeId?: string }, context?: IRequiredContext): Promise<string> {\n const storeId = opts?.storeId ?? this._opts?.defaultStoreId ?? (await context?.agent.oid4vciStoreDefaultStoreId())\n if (!storeId) {\n throw Error('Please provide a store id a default value, or provide the context for a global default store id')\n }\n return storeId\n }\n\n private async namespace(opts?: { namespace?: string }, context?: IRequiredContext): Promise<string> {\n const namespace = opts?.namespace ?? this._opts?.defaultNamespace ?? (await context?.agent.oid4vciStoreDefaultNamespace())\n if (!namespace) {\n throw Error('Please provide a namespace a default value, or provide the context for a global default namespace')\n }\n return namespace\n }\n}\n","import { AuthorizationResponseStateStatus } from '@sphereon/did-auth-siop'\nimport {\n AuthorizationServerMetadata,\n CredentialRequestV1_0_15,\n IssuerMetadata,\n Jwt,\n JWTHeader,\n JWTPayload,\n JwtVerifyResult,\n type OID4VCICredentialFormat,\n StatusListOpts,\n} from '@sphereon/oid4vci-common'\nimport { CredentialDataSupplier, CredentialIssuanceInput, CredentialSignerCallback, VcIssuer, VcIssuerBuilder } from '@sphereon/oid4vci-issuer'\nimport { getAgentResolver, IDIDOptions } from '@sphereon/ssi-sdk-ext.did-utils'\nimport { legacyKeyRefsToIdentifierOpts, ManagedIdentifierOptsOrResult } from '@sphereon/ssi-sdk-ext.identifier-resolution'\nimport { contextHasPlugin } from '@sphereon/ssi-sdk.agent-config'\nimport { SdJwtVcPayload } from '@sphereon/ssi-sdk.sd-jwt'\nimport { IStatusListPlugin } from '@sphereon/ssi-sdk.vc-status-list'\nimport { CompactSdJwtVc, CredentialMapper, ICredential, W3CVerifiableCredential } from '@sphereon/ssi-types'\nimport { CredentialPayload, ProofFormat } from '@veramo/core'\nimport { bytesToBase64 } from '@veramo/utils'\nimport fetch from 'cross-fetch'\nimport { createJWT, decodeJWT, JWTVerifyOptions, verifyJWT } from 'did-jwt'\nimport { Resolvable } from 'did-resolver'\nimport { jwtDecode } from 'jwt-decode'\nimport { IIssuerOptions, IRequiredContext } from './types/IOID4VCIIssuer'\n\nexport function getJwtVerifyCallback({ verifyOpts }: { verifyOpts?: JWTVerifyOptions }, _context: IRequiredContext) {\n return async (args: { jwt: string; kid?: string }): Promise<JwtVerifyResult> => {\n const resolver = getAgentResolver(_context, {\n resolverResolution: true,\n uniresolverResolution: true,\n localResolution: true,\n })\n verifyOpts = { ...verifyOpts, resolver: verifyOpts?.resolver } // Resolver separately as that is a function\n if (!verifyOpts?.resolver || typeof verifyOpts?.resolver?.resolve !== 'function') {\n verifyOpts.resolver = resolver\n }\n const result = await _context.agent.jwtVerifyJwsSignature({ jws: args.jwt })\n if (!result.error) {\n const identifier = result.jws.signatures[0].identifier\n if (!identifier) {\n return Promise.reject(Error('the jws did not contain a signature with an identifier'))\n }\n const jwkInfo = identifier.jwks[0]\n if (!jwkInfo) {\n return Promise.reject(Error(`the identifier of type ${identifier.method} is missing jwks (ExternalJwkInfo)`))\n }\n const { alg } = jwkInfo.jwk\n const header = jwtDecode<JWTHeader>(args.jwt, { header: true })\n const payload = jwtDecode<JWTPayload>(args.jwt, { header: false })\n const kid = args.kid ?? header.kid\n //const jwk = !kid ? jwkInfo.jwk : undefined // TODO double-check if this is correct\n const jwk = jwkInfo.jwk // FIXME workaround IATAB2B-57\n return {\n alg,\n ...identifier,\n jwt: { header, payload },\n ...(kid && { kid }),\n ...(jwk && { jwk }),\n } as JwtVerifyResult\n }\n\n const decodedJwt = (await decodeJWT(args.jwt)) as Jwt\n const kid = args.kid ?? decodedJwt.header.kid\n\n if (!kid || !kid.startsWith('did:')) {\n // No DID method present in header. We already performed the validation above. So return that\n return {\n alg: decodedJwt.header.alg,\n jwt: decodedJwt,\n } as JwtVerifyResult\n }\n const did = kid.split('#')[0]\n\n const didResult = await verifyJWT(args.jwt, verifyOpts)\n if (!didResult.verified) {\n console.log(`JWT invalid: ${args.jwt}`)\n throw Error('JWT did not verify successfully')\n }\n\n const didResolution = await resolver.resolve(did)\n if (!didResolution || !didResolution.didDocument) {\n throw Error(`Could not resolve did: ${did}, metadata: ${didResolution?.didResolutionMetadata}`)\n }\n\n const alg = decodedJwt.header.alg\n return {\n alg,\n kid,\n did,\n didDocument: didResolution.didDocument,\n jwt: decodedJwt,\n }\n }\n}\n\nexport async function getAccessTokenKeyRef(\n opts: {\n /**\n * Uniform identifier options\n */\n idOpts?: ManagedIdentifierOptsOrResult\n /**\n * @deprecated\n */\n iss?: string\n /**\n * @deprecated\n */\n keyRef?: string\n /**\n * @deprecated\n */\n didOpts?: IDIDOptions\n },\n context: IRequiredContext,\n) {\n let identifier = legacyKeyRefsToIdentifierOpts(opts)\n return await context.agent.identifierManagedGet(identifier)\n}\n\nexport async function getAccessTokenSignerCallback(\n opts: {\n /**\n * Uniform identifier options\n */\n idOpts?: ManagedIdentifierOptsOrResult\n /**\n * @deprecated\n */\n iss?: string\n /**\n * @deprecated\n */\n keyRef?: string\n /**\n * @deprecated\n */\n didOpts?: IDIDOptions\n },\n context: IRequiredContext,\n) {\n const signer = async (data: string | Uint8Array) => {\n let dataString, encoding: 'base64' | undefined\n\n const resolution = await legacyKeyRefsToIdentifierOpts(opts)\n const keyRef = resolution.kmsKeyRef\n if (!keyRef) {\n throw Error('Cannot sign access tokens without a key ref')\n }\n if (typeof data === 'string') {\n dataString = data\n encoding = undefined\n } else {\n dataString = bytesToBase64(data)\n encoding = 'base64'\n }\n return context.agent.keyManagerSign({ keyRef, data: dataString, encoding })\n }\n\n async function accessTokenSignerCallback(jwt: Jwt, kid?: string): Promise<string> {\n const issuer =\n opts.idOpts?.issuer ??\n (typeof opts.idOpts?.identifier === 'string' ? opts.idOpts.identifier : (opts.didOpts?.idOpts?.identifier?.toString() ?? opts?.iss))\n if (!issuer) {\n throw Error('No issuer configured for access tokens')\n }\n\n let kidHeader: string | undefined = jwt?.header?.kid ?? kid\n if (!kidHeader) {\n if (\n opts.idOpts?.method === 'did' ||\n opts.idOpts?.method === 'kid' ||\n (typeof opts.didOpts?.idOpts.identifier === 'string' && opts.didOpts?.idOpts?.identifier?.startsWith('did:'))\n ) {\n // @ts-ignore\n kidHeader = opts.idOpts?.kid ?? opts.didOpts?.idOpts?.kid ?? opts?.didOpts?.identifierOpts?.kid\n }\n }\n return await createJWT(jwt.payload, { signer, issuer }, { ...jwt.header, ...(kidHeader && { kid: kidHeader }), typ: 'JWT' })\n }\n\n return accessTokenSignerCallback\n}\n\nexport async function getCredentialSignerCallback(\n idOpts: ManagedIdentifierOptsOrResult & {\n crypto?: Crypto\n },\n context: IRequiredContext,\n): Promise<CredentialSignerCallback> {\n async function issueVCCallback(args: {\n credentialRequest: CredentialRequestV1_0_15\n credential: CredentialIssuanceInput\n jwtVerifyResult: JwtVerifyResult\n format?: OID4VCICredentialFormat\n statusLists?: Array<StatusListOpts>\n }): Promise<W3CVerifiableCredential | CompactSdJwtVc> {\n const { jwtVerifyResult, format, statusLists } = args\n const credential = args.credential as ICredential // TODO: SDJWT\n let proofFormat: ProofFormat\n\n const resolution = await context.agent.identifierManagedGet(idOpts)\n proofFormat = format?.includes('ld') ? 'lds' : 'jwt'\n const issuer = resolution.issuer ?? resolution.kmsKeyRef\n\n if (CredentialMapper.isW3cCredential(credential)) {\n if (!credential.issuer) {\n credential.issuer = { id: issuer }\n } else if (typeof credential.issuer === 'object' && !credential.issuer.id) {\n credential.issuer.id = issuer\n }\n const subjectIsArray = Array.isArray(credential.credentialSubject)\n let credentialSubjects = Array.isArray(credential.credentialSubject) ? credential.credentialSubject : [credential.credentialSubject]\n credentialSubjects = credentialSubjects.map((subject) => {\n if (!subject.id) {\n subject.id = jwtVerifyResult.did\n }\n return subject\n })\n credential.credentialSubject = subjectIsArray ? credentialSubjects : credentialSubjects[0]\n\n // TODO: We should extend the plugin capabilities of issuance so we do not have to tuck this into the sign callback\n if (contextHasPlugin<IStatusListPlugin>(context, 'slAddStatusToCredential')) {\n // Add status list if enabled (and when the input has a credentialStatus object (can be empty))\n const credentialStatusVC = await context.agent.slAddStatusToCredential({ credential, statusLists })\n if (credential.credentialStatus && !credential.credentialStatus.statusListCredential) {\n credential.credentialStatus = credentialStatusVC.credentialStatus\n }\n }\n\n const result = await context.agent.createVerifiableCredential({\n credential: credential as CredentialPayload,\n proofFormat,\n removeOriginalFields: false,\n fetchRemoteContexts: true,\n domain: typeof credential.issuer === 'object' ? credential.issuer.id : credential.issuer,\n ...(resolution.kid && { header: { kid: resolution.kid } }),\n })\n return (proofFormat === 'jwt' && 'jwt' in result.proof ? result.proof.jwt : result) as W3CVerifiableCredential\n } else if (CredentialMapper.isSdJwtDecodedCredentialPayload(credential)) {\n const sdJwtPayload = credential as SdJwtVcPayload\n if (sdJwtPayload.iss === undefined) {\n sdJwtPayload.iss = issuer\n }\n if (sdJwtPayload.iat === undefined) {\n sdJwtPayload.iat = Math.floor(new Date().getTime() / 1000)\n }\n\n let disclosureFrame\n if ('disclosureFrame' in credential) {\n disclosureFrame = credential['disclosureFrame']\n delete credential['disclosureFrame']\n } else {\n disclosureFrame = {\n _sd: credential['_sd'],\n }\n }\n\n if (contextHasPlugin<IStatusListPlugin>(context, 'slAddStatusToSdJwtCredential')) {\n if ((sdJwtPayload.status && sdJwtPayload.status.status_list) || (statusLists && statusLists.length > 0)) {\n // Add status list if enabled (and when the input has a credentialStatus object (can be empty))\n const sdJwtPayloadWithStatus = await context.agent.slAddStatusToSdJwtCredential({ credential: sdJwtPayload, statusLists })\n if (sdJwtPayload.status?.status_list?.idx) {\n if (!sdJwtPayloadWithStatus.status || !sdJwtPayloadWithStatus.status.status_list) {\n // sdJwtPayload and sdJwtPayloadWithStatus is the same for now, but we should use the result anyway as this could be subject to change\n return Promise.reject(Error('slAddStatusToSdJwtCredential did not return a status_list'))\n }\n\n // Update statusListId & statusListIndex back to the credential session TODO SSISDK-4 This is not a clean way to do this.\n if (statusLists && statusLists.length > 0) {\n const statusList = statusLists[0]\n statusList.statusListId = sdJwtPayloadWithStatus.status.status_list.uri\n statusList.statusListIndex = sdJwtPayloadWithStatus.status.status_list.idx\n }\n sdJwtPayload.status.status_list.idx = sdJwtPayloadWithStatus.status.status_list.idx\n }\n }\n }\n\n const result = await context.agent.createSdJwtVc({\n credentialPayload: sdJwtPayload,\n disclosureFrame: disclosureFrame,\n resolution,\n })\n return result.credential\n } /*else if (CredentialMapper.isMsoMdocDecodedCredential(credential)) {\n TODO\n }*/\n return Promise.reject('VC issuance failed, an incorrect or unsupported credential was supplied')\n }\n\n return issueVCCallback\n}\n\nexport async function createVciIssuerBuilder(\n args: {\n issuerOpts: IIssuerOptions\n issuerMetadata: IssuerMetadata\n authorizationServerMetadata: AuthorizationServerMetadata\n resolver?: Resolvable\n credentialDataSupplier?: CredentialDataSupplier\n },\n context: IRequiredContext,\n): Promise<VcIssuerBuilder> {\n const { issuerOpts, issuerMetadata, authorizationServerMetadata } = args\n\n const builder = new VcIssuerBuilder()\n // @ts-ignore\n const resolver =\n args.resolver ??\n args?.issuerOpts?.didOpts?.resolveOpts?.resolver ??\n args.issuerOpts?.didOpts?.resolveOpts?.jwtVerifyOpts?.resolver ??\n getAgentResolver(context)\n if (!resolver) {\n throw Error('A Resolver is necessary to verify DID JWTs')\n }\n const idOpts = legacyKeyRefsToIdentifierOpts({ didOpts: issuerOpts.didOpts, idOpts: issuerOpts.idOpts })\n const jwtVerifyOpts: JWTVerifyOptions = {\n ...issuerOpts?.didOpts?.resolveOpts?.jwtVerifyOpts,\n ...args?.issuerOpts?.resolveOpts?.jwtVerifyOpts,\n resolver,\n audience: issuerMetadata.credential_issuer as string, // FIXME legacy version had {display: NameAndLocale | NameAndLocale[]} as credential_issuer\n }\n builder.withIssuerMetadata(issuerMetadata)\n builder.withAuthorizationMetadata(authorizationServerMetadata)\n // builder.withUserPinRequired(issuerOpts.userPinRequired ?? false) was removed from implementers draft v1\n builder.withCredentialSignerCallback(await getCredentialSignerCallback(idOpts, context))\n if (issuerOpts.nonceEndpoint) {\n builder.withNonceEndpoint(issuerOpts.nonceEndpoint)\n } else if (issuerMetadata.nonce_endpoint) {\n builder.withNonceEndpoint(issuerOpts.nonceEndpoint ?? issuerMetadata.nonce_endpoint)\n }\n\n if (issuerOpts.asClientOpts) {\n builder.withASClientMetadata(issuerOpts.asClientOpts)\n // @ts-ignore\n // const authorizationServer = issuerMetadata.authorization_servers[0] as string\n // Set the OIDC verifier\n // builder.withJWTVerifyCallback(oidcAccessTokenVerifyCallback({clientMetadata: issuerOpts.asClientOpts, credentialIssuer: issuerMetadata.credential_issuer as string, authorizationServer}))\n }\n // Do not use it when asClient is used\n builder.withJWTVerifyCallback(getJwtVerifyCallback({ verifyOpts: jwtVerifyOpts }, context))\n\n if (args.credentialDataSupplier) {\n builder.withCredentialDataSupplier(args.credentialDataSupplier)\n }\n builder.withInMemoryCNonceState()\n builder.withInMemoryCredentialOfferState()\n builder.withInMemoryCredentialOfferURIState()\n\n return builder\n}\n\nexport async function createVciIssuer(\n {\n issuerOpts,\n issuerMetadata,\n authorizationServerMetadata,\n credentialDataSupplier,\n }: {\n issuerOpts: IIssuerOptions\n issuerMetadata: IssuerMetadata\n authorizationServerMetadata: AuthorizationServerMetadata\n credentialDataSupplier?: CredentialDataSupplier\n },\n context: IRequiredContext,\n): Promise<VcIssuer> {\n return (\n await createVciIssuerBuilder(\n {\n issuerOpts,\n issuerMetadata,\n authorizationServerMetadata,\n credentialDataSupplier,\n },\n context,\n )\n ).build()\n}\n\nexport async function createAuthRequestUriCallback(opts: { path: string; presentationDefinitionId: string }): Promise<() => Promise<string>> {\n async function authRequestUriCallback(): Promise<string> {\n const path = opts.path.replace(':definitionId', opts.presentationDefinitionId)\n return fetch(path, {\n method: 'POST',\n headers: {\n 'Content-Type': 'application/json',\n },\n }).then(async (response): Promise<string> => {\n if (response.status >= 400) {\n return Promise.reject(Error(await response.text()))\n } else {\n const responseData = await response.json()\n\n if (!responseData.authRequestURI) {\n return Promise.reject(Error('Missing auth request uri in response body'))\n }\n\n return responseData.authRequestURI\n }\n })\n }\n\n return authRequestUriCallback\n}\n\nexport async function createVerifyAuthResponseCallback(opts: {\n path: string\n presentationDefinitionId: string\n}): Promise<(correlationId: string) => Promise<boolean>> {\n async function verifyAuthResponseCallback(correlationId: string): Promise<boolean> {\n return fetch(opts.path, {\n method: 'POST',\n headers: {\n 'Content-Type': 'application/json',\n },\n body: JSON.stringify({ definitionId: opts.presentationDefinitionId, correlationId }),\n }).then(async (response): Promise<boolean> => {\n if (response.status >= 400) {\n return Promise.reject(Error(await response.text()))\n } else {\n const responseData = await response.json()\n\n if (!responseData.status) {\n return Promise.reject(Error('Missing status in response body'))\n }\n\n return responseData.status === AuthorizationResponseStateStatus.VERIFIED\n }\n })\n }\n\n return verifyAuthResponseCallback\n}\n","import { CredentialDataSupplier, VcIssuer } from '@sphereon/oid4vci-issuer'\nimport { createVciIssuerBuilder } from './functions'\nimport { AuthorizationServerMetadata, IssuerMetadata } from '@sphereon/oid4vci-common'\nimport { IIssuerOptions, IMetadataOptions, IRequiredContext } from './types/IOID4VCIIssuer'\n\nexport class IssuerInstance {\n private _issuer: VcIssuer | undefined\n private readonly _metadataOptions: IMetadataOptions\n private readonly _issuerOptions: IIssuerOptions\n private _issuerMetadata: IssuerMetadata\n private readonly _authorizationServerMetadata: AuthorizationServerMetadata\n\n public constructor({\n issuerOpts,\n metadataOpts,\n issuerMetadata,\n authorizationServerMetadata,\n }: {\n issuerOpts: IIssuerOptions\n metadataOpts: IMetadataOptions\n issuerMetadata: IssuerMetadata\n authorizationServerMetadata: AuthorizationServerMetadata\n }) {\n this._issuerOptions = issuerOpts\n this._metadataOptions = metadataOpts\n this._issuerMetadata = issuerMetadata\n this._authorizationServerMetadata = authorizationServerMetadata\n }\n\n public async get(opts: { context: IRequiredContext; credentialDataSupplier?: CredentialDataSupplier }): Promise<VcIssuer> {\n if (!this._issuer) {\n const builder = await createVciIssuerBuilder(\n {\n issuerOpts: this.issuerOptions,\n issuerMetadata: this.issuerMetadata,\n authorizationServerMetadata: this.authorizationServerMetadata,\n credentialDataSupplier: opts?.credentialDataSupplier,\n },\n opts.context,\n )\n this._issuer = builder.build()\n }\n return this._issuer\n }\n\n get issuerOptions() {\n return this._issuerOptions\n }\n\n get metadataOptions() {\n return this._metadataOptions\n }\n\n get issuerMetadata() {\n return this._issuerMetadata\n }\n\n set issuerMetadata(value: IssuerMetadata) {\n // TODO SSISDK-87 create proper solution to update issuer metadata\n if (this._issuer?.issuerMetadata) {\n this._issuer.issuerMetadata = {\n ...this._issuer?.issuerMetadata,\n credential_configurations_supported: value.credential_configurations_supported\n }\n }\n\n this._issuerMetadata = value\n }\n\n get authorizationServerMetadata() {\n return this._authorizationServerMetadata\n }\n}\n","/**\n * @public\n */\nconst schema = require('../plugin.schema.json')\nexport { schema }\nexport { OID4VCIIssuer } from './agent/OID4VCIIssuer'\nexport * from './functions'\nexport * from './IssuerInstance'\nexport * from './types/IOID4VCIIssuer'\n"],"mappings":";;;;;;;;AAAA;AAAA;AAAA;AAAA,MACE,6BAA+B;AAAA,QAC7B,YAAc;AAAA,UACZ,SAAW;AAAA,YACT,qBAAuB;AAAA,cACrB,MAAQ;AAAA,cACR,YAAc;AAAA,gBACZ,WAAa;AAAA,kBACX,MAAQ;AAAA,gBACV;AAAA,gBACA,sBAAwB;AAAA,cAC1B;AAAA,cACA,UAAY,CAAC,WAAW;AAAA,cACxB,aAAe;AAAA,YACjB;AAAA,YACA,0BAA4B;AAAA,cAC1B,MAAQ;AAAA,cACR,YAAc;AAAA,gBACZ,YAAc;AAAA,kBACZ,MAAQ;AAAA,kBACR,YAAc;AAAA,oBACZ,KAAO;AAAA,sBACL,MAAQ;AAAA,oBACV;AAAA,oBACA,OAAS;AAAA,sBACP,MAAQ;AAAA,oBACV;AAAA,oBACA,UAAY;AAAA,sBACV,MAAQ;AAAA,oBACV;AAAA,oBACA,iBAAmB;AAAA,sBACjB,MAAQ;AAAA,oBACV;AAAA,oBACA,MAAQ;AAAA,sBACN,MAAQ;AAAA,sBACR,OAAS;AAAA,wBACP,MAAQ;AAAA,wBACR,YAAc;AAAA,0BACZ,sBAAwB;AAAA,wBAC1B;AAAA,sBACF;AAAA,oBACF;AAAA,oBACA,UAAY;AAAA,sBACV,MAAQ;AAAA,sBACR,OAAS;AAAA,wBACP,MAAQ;AAAA,wBACR,YAAc;AAAA,0BACZ,sBAAwB;AAAA,wBAC1B;AAAA,sBACF;AAAA,oBACF;AAAA,kBACF;AAAA,kBACA,sBAAwB;AAAA,kBACxB,UAAY,CAAC,OAAO,YAAY,QAAQ,UAAU;AAAA,gBACpD;AAAA,gBACA,WAAa;AAAA,kBACX,MAAQ;AAAA,gBACV;AAAA,gBACA,WAAa;AAAA,kBACX,MAAQ;AAAA,gBACV;AAAA,gBACA,sBAAwB;AAAA,cAC1B;AAAA,cACA,UAAY,CAAC,YAAY;AAAA,cACzB,aAAe;AAAA,YACjB;AAAA,YACA,wBAA0B;AAAA,cACxB,MAAQ;AAAA,cACR,YAAc;AAAA,gBACZ,WAAa;AAAA,kBACX,MAAQ;AAAA,gBACV;AAAA,gBACA,sBAAwB;AAAA,cAC1B;AAAA,cACA,UAAY,CAAC,WAAW;AAAA,cACxB,aAAe;AAAA,YACjB;AAAA,YACA,2BAA6B;AAAA,cAC3B,MAAQ;AAAA,cACR,YAAc;AAAA,gBACZ,WAAa;AAAA,kBACX,MAAQ;AAAA,gBACV;AAAA,gBACA,SAAW;AAAA,kBACT,MAAQ;AAAA,gBACV;AAAA,gBACA,aAAe;AAAA,kBACb,MAAQ;AAAA,gBACV;AAAA,gBACA,sBAAwB;AAAA,cAC1B;AAAA,cACA,UAAY,CAAC,aAAa,WAAW,aAAa;AAAA,cAClD,aAAe;AAAA,YACjB;AAAA,YACA,WAAa;AAAA,cACX,MAAQ;AAAA,cACR,YAAc;AAAA,gBACZ,QAAU;AAAA,kBACR,MAAQ;AAAA,gBACV;AAAA,gBACA,sBAAwB;AAAA,cAC1B;AAAA,cACA,UAAY,CAAC,QAAQ;AAAA,cACrB,aAAe;AAAA,YACjB;AAAA,YACA,yCAA2C;AAAA,cACzC,MAAQ;AAAA,cACR,YAAc;AAAA,gBACZ,WAAa;AAAA,kBACX,MAAQ;AAAA,gBACV;AAAA,gBACA,SAAW;AAAA,kBACT,MAAQ;AAAA,gBACV;AAAA,gBACA,aAAe;AAAA,kBACb,MAAQ;AAAA,gBACV;AAAA,gBACA,sBAAwB;AAAA,cAC1B;AAAA,cACA,UAAY,CAAC,aAAa,WAAW,aAAa;AAAA,cAClD,aAAe;AAAA,YACjB;AAAA,YACA,gCAAkC;AAAA,cAChC,MAAQ;AAAA,cACR,YAAc;AAAA,gBACZ,KAAO;AAAA,kBACL,MAAQ;AAAA,gBACV;AAAA,gBACA,gBAAkB;AAAA,kBAChB,MAAQ;AAAA,kBACR,YAAc;AAAA,oBACZ,sBAAwB;AAAA,kBAC1B;AAAA,gBACF;AAAA,gBACA,cAAgB;AAAA,kBACd,MAAQ;AAAA,kBACR,YAAc;AAAA,oBACZ,sBAAwB;AAAA,kBAC1B;AAAA,gBACF;AAAA,gBACA,sBAAwB;AAAA,cAC1B;AAAA,cACA,UAAY,CAAC,OAAO,kBAAkB,cAAc;AAAA,cACpD,aAAe;AAAA,YACjB;AAAA,YACA,0CAA4C;AAAA,cAC1C,MAAQ;AAAA,cACR,YAAc;AAAA,gBACZ,WAAa;AAAA,kBACX,MAAQ;AAAA,gBACV;AAAA,gBACA,+BAAiC;AAAA,kBAC/B,MAAQ;AAAA,kBACR,YAAc;AAAA,oBACZ,sBAAwB;AAAA,kBAC1B;AAAA,gBACF;AAAA,gBACA,kBAAoB;AAAA,kBAClB,MAAQ;AAAA,kBACR,YAAc;AAAA,oBACZ,sBAAwB;AAAA,kBAC1B;AAAA,gBACF;AAAA,gBACA,sBAAwB;AAAA,cAC1B;AAAA,cACA,UAAY,CAAC,aAAa,+BAA+B;AAAA,cACzD,aAAe;AAAA,YACjB;AAAA,YACA,qBAAuB;AAAA,cACrB,MAAQ;AAAA,cACR,YAAc;AAAA,gBACZ,IAAM;AAAA,kBACJ,MAAQ;AAAA,gBACV;AAAA,gBACA,aAAe;AAAA,kBACb,MAAQ;AAAA,kBACR,OAAS;AAAA,oBACP,MAAQ;AAAA,kBACV;AAAA,gBACF;AAAA,gBACA,gBAAkB;AAAA,kBAChB,MAAQ;AAAA,kBACR,YAAc;AAAA,oBACZ,sBAAwB;AAAA,kBAC1B;AAAA,gBACF;AAAA,gBACA,sBAAwB;AAAA,cAC1B;AAAA,cACA,UAAY,CAAC,MAAM,gBAAgB;AAAA,cACnC,aAAe;AAAA,YACjB;AAAA,YACA,yCAA2C;AAAA,cACzC,MAAQ;AAAA,cACR,YAAc;AAAA,gBACZ,WAAa;AAAA,kBACX,MAAQ;AAAA,gBACV;AAAA,gBACA,gCAAkC;AAAA,kBAChC,MAAQ;AAAA,kBACR,YAAc;AAAA,oBACZ,sBAAwB;AAAA,kBAC1B;AAAA,gBACF;AAAA,gBACA,sBAAwB;AAAA,cAC1B;AAAA,cACA,UAAY,CAAC,aAAa,gCAAgC;AAAA,cAC1D,aAAe;AAAA,YACjB;AAAA,YACA,8BAAgC;AAAA,cAC9B,MAAQ;AAAA,cACR,YAAc;AAAA,gBACZ,SAAW;AAAA,kBACT,MAAQ;AAAA,kBACR,YAAc;AAAA,oBACZ,sBAAwB;AAAA,kBAC1B;AAAA,gBACF;AAAA,gBACA,yBAA2B;AAAA,kBACzB,MAAQ;AAAA,kBACR,YAAc;AAAA,oBACZ,sBAAwB;AAAA,kBAC1B;AAAA,gBACF;AAAA,gBACA,YAAc;AAAA,kBACZ,MAAQ;AAAA,kBACR,YAAc;AAAA,oBACZ,sBAAwB;AAAA,kBAC1B;AAAA,gBACF;AAAA,gBACA,sBAAwB;AAAA,cAC1B;AAAA,cACA,UAAY,CAAC,WAAW,YAAY;AAAA,cACpC,aAAe;AAAA,YACjB;AAAA,YACA,qCAAuC;AAAA,cACrC,MAAQ;AAAA,cACR,YAAc;AAAA,gBACZ,WAAa;AAAA,kBACX,MAAQ;AAAA,gBACV;AAAA,gBACA,+BAAiC;AAAA,kBAC/B,MAAQ;AAAA,kBACR,YAAc;AAAA,oBACZ,sBAAwB;AAAA,kBAC1B;AAAA,gBACF;AAAA,gBACA,gCAAkC;AAAA,kBAChC,MAAQ;AAAA,kBACR,YAAc;AAAA,oBACZ,sBAAwB;AAAA,kBAC1B;AAAA,gBACF;AAAA,gBACA,sBAAwB;AAAA,cAC1B;AAAA,cACA,UAAY,CAAC,aAAa,+BAA+B;AAAA,cACzD,aAAe;AAAA,YACjB;AAAA,UACF;AAAA,UACA,SAAW;AAAA,YACT,mBAAqB;AAAA,cACnB,aAAe;AAAA,cACf,WAAa;AAAA,gBACX,MAAQ;AAAA,cACV;AAAA,cACA,YAAc;AAAA,YAChB;AAAA,YACA,wBAA0B;AAAA,cACxB,aAAe;AAAA,cACf,WAAa;AAAA,gBACX,MAAQ;AAAA,cACV;AAAA,cACA,YAAc;AAAA,YAChB;AAAA,YACA,sBAAwB;AAAA,cACtB,aAAe;AAAA,cACf,WAAa;AAAA,gBACX,MAAQ;AAAA,cACV;AAAA,cACA,YAAc;AAAA,YAChB;AAAA,YACA,sBAAwB;AAAA,cACtB,aAAe;AAAA,cACf,WAAa;AAAA,gBACX,MAAQ;AAAA,cACV;AAAA,cACA,YAAc;AAAA,gBACZ,MAAQ;AAAA,cACV;AAAA,YACF;AAAA,YACA,oCAAsC;AAAA,cACpC,aAAe;AAAA,cACf,WAAa;AAAA,gBACX,MAAQ;AAAA,cACV;AAAA,cACA,YAAc;AAAA,gBACZ,MAAQ;AAAA,cACV;AAAA,YACF;AAAA,YACA,qCAAuC;AAAA,cACrC,aAAe;AAAA,cACf,WAAa;AAAA,gBACX,MAAQ;AAAA,cACV;AAAA,cACA,YAAc;AAAA,gBACZ,MAAQ;AAAA,cACV;AAAA,YACF;AAAA,YACA,oCAAsC;AAAA,cACpC,aAAe;AAAA,cACf,WAAa;AAAA,gBACX,MAAQ;AAAA,cACV;AAAA,cACA,YAAc;AAAA,gBACZ,MAAQ;AAAA,cACV;AAAA,YACF;AAAA,YACA,gCAAkC;AAAA,cAChC,aAAe;AAAA,cACf,WAAa;AAAA,gBACX,MAAQ;AAAA,cACV;AAAA,cACA,YAAc;AAAA,gBACZ,MAAQ;AAAA,cACV;AAAA,YACF;AAAA,UACF;AAAA,QACF;AAAA,MACF;AAAA,IACF;AAAA;AAAA;;;ACxUA,SAMEA,0BACK;AACP,SAASC,+BAA+BC,iCAA2C;AACnF,SAASC,yBAAyB;AAClC,SAASC,oBAAAA,yBAAwB;;;ACVjC,SAASC,wCAAwC;AAYjD,SAA8FC,uBAAuB;AACrH,SAASC,wBAAqC;AAC9C,SAASC,qCAAoE;AAC7E,SAASC,wBAAwB;AAGjC,SAAyBC,wBAA8D;AAEvF,SAASC,qBAAqB;AAC9B,OAAOC,WAAW;AAClB,SAASC,WAAWC,WAA6BC,iBAAiB;AAElE,SAASC,iBAAiB;AAGnB,SAASC,qBAAqB,EAAEC,WAAU,GAAuCC,UAA0B;AAChH,SAAO,OAAOC,SAAAA;AACZ,UAAMC,WAAWC,iBAAiBH,UAAU;MAC1CI,oBAAoB;MACpBC,uBAAuB;MACvBC,iBAAiB;IACnB,CAAA;AACAP,iBAAa;MAAE,GAAGA;MAAYG,UAAUH,YAAYG;IAAS;AAC7D,QAAI,CAACH,YAAYG,YAAY,OAAOH,YAAYG,UAAUK,YAAY,YAAY;AAChFR,iBAAWG,WAAWA;IACxB;AACA,UAAMM,SAAS,MAAMR,SAASS,MAAMC,sBAAsB;MAAEC,KAAKV,KAAKW;IAAI,CAAA;AAC1E,QAAI,CAACJ,OAAOK,OAAO;AACjB,YAAMC,aAAaN,OAAOG,IAAII,WAAW,CAAA,EAAGD;AAC5C,UAAI,CAACA,YAAY;AACf,eAAOE,QAAQC,OAAOC,MAAM,wDAAA,CAAA;MAC9B;AACA,YAAMC,UAAUL,WAAWM,KAAK,CAAA;AAChC,UAAI,CAACD,SAAS;AACZ,eAAOH,QAAQC,OAAOC,MAAM,0BAA0BJ,WAAWO,MAAM,oCAAoC,CAAA;MAC7G;AACA,YAAM,EAAEC,KAAAA,KAAG,IAAKH,QAAQI;AACxB,YAAMC,SAASC,UAAqBxB,KAAKW,KAAK;QAAEY,QAAQ;MAAK,CAAA;AAC7D,YAAME,UAAUD,UAAsBxB,KAAKW,KAAK;QAAEY,QAAQ;MAAM,CAAA;AAChE,YAAMG,OAAM1B,KAAK0B,OAAOH,OAAOG;AAE/B,YAAMJ,MAAMJ,QAAQI;AACpB,aAAO;QACLD,KAAAA;QACA,GAAGR;QACHF,KAAK;UAAEY;UAAQE;QAAQ;QACvB,GAAIC,QAAO;UAAEA,KAAAA;QAAI;QACjB,GAAIJ,OAAO;UAAEA;QAAI;MACnB;IACF;AAEA,UAAMK,aAAc,MAAMC,UAAU5B,KAAKW,GAAG;AAC5C,UAAMe,MAAM1B,KAAK0B,OAAOC,WAAWJ,OAAOG;AAE1C,QAAI,CAACA,OAAO,CAACA,IAAIG,WAAW,MAAA,GAAS;AAEnC,aAAO;QACLR,KAAKM,WAAWJ,OAAOF;QACvBV,KAAKgB;MACP;IACF;AACA,UAAMG,MAAMJ,IAAIK,MAAM,GAAA,EAAK,CAAA;AAE3B,UAAMC,YAAY,MAAMC,UAAUjC,KAAKW,KAAKb,UAAAA;AAC5C,QAAI,CAACkC,UAAUE,UAAU;AACvBC,cAAQC,IAAI,gBAAgBpC,KAAKW,GAAG,EAAE;AACtC,YAAMM,MAAM,iCAAA;IACd;AAEA,UAAMoB,gBAAgB,MAAMpC,SAASK,QAAQwB,GAAAA;AAC7C,QAAI,CAACO,iBAAiB,CAACA,cAAcC,aAAa;AAChD,YAAMrB,MAAM,0BAA0Ba,GAAAA,eAAkBO,eAAeE,qBAAAA,EAAuB;IAChG;AAEA,UAAMlB,MAAMM,WAAWJ,OAAOF;AAC9B,WAAO;MACLA;MACAK;MACAI;MACAQ,aAAaD,cAAcC;MAC3B3B,KAAKgB;IACP;EACF;AACF;AApEgB9B;AAsEhB,eAAsB2C,qBACpBC,MAkBAC,SAAyB;AAEzB,MAAI7B,aAAa8B,8BAA8BF,IAAAA;AAC/C,SAAO,MAAMC,QAAQlC,MAAMoC,qBAAqB/B,UAAAA;AAClD;AAvBsB2B;AAyBtB,eAAsBK,6BACpBJ,MAkBAC,SAAyB;AAEzB,QAAMI,SAAS,8BAAOC,SAAAA;AACpB,QAAIC,YAAYC;AAEhB,UAAMC,aAAa,MAAMP,8BAA8BF,IAAAA;AACvD,UAAMU,SAASD,WAAWE;AAC1B,QAAI,CAACD,QAAQ;AACX,YAAMlC,MAAM,6CAAA;IACd;AACA,QAAI,OAAO8B,SAAS,UAAU;AAC5BC,mBAAaD;AACbE,iBAAWI;IACb,OAAO;AACLL,mBAAaM,cAAcP,IAAAA;AAC3BE,iBAAW;IACb;AACA,WAAOP,QAAQlC,MAAM+C,eAAe;MAAEJ;MAAQJ,MAAMC;MAAYC;IAAS,CAAA;EAC3E,GAhBe;AAkBf,iBAAeO,0BAA0B7C,KAAUe,KAAY;AAC7D,UAAM+B,SACJhB,KAAKiB,QAAQD,WACZ,OAAOhB,KAAKiB,QAAQ7C,eAAe,WAAW4B,KAAKiB,OAAO7C,aAAc4B,KAAKkB,SAASD,QAAQ7C,YAAY+C,SAAAA,KAAcnB,MAAMoB;AACjI,QAAI,CAACJ,QAAQ;AACX,YAAMxC,MAAM,wCAAA;IACd;AAEA,QAAI6C,YAAgCnD,KAAKY,QAAQG,OAAOA;AACxD,QAAI,CAACoC,WAAW;AACd,UACErB,KAAKiB,QAAQtC,WAAW,SACxBqB,KAAKiB,QAAQtC,WAAW,SACvB,OAAOqB,KAAKkB,SAASD,OAAO7C,eAAe,YAAY4B,KAAKkB,SAASD,QAAQ7C,YAAYgB,WAAW,MAAA,GACrG;AAEAiC,oBAAYrB,KAAKiB,QAAQhC,OAAOe,KAAKkB,SAASD,QAAQhC,OAAOe,MAAMkB,SAASI,gBAAgBrC;MAC9F;IACF;AACA,WAAO,MAAMsC,UAAUrD,IAAIc,SAAS;MAAEqB;MAAQW;IAAO,GAAG;MAAE,GAAG9C,IAAIY;MAAQ,GAAIuC,aAAa;QAAEpC,KAAKoC;MAAU;MAAIG,KAAK;IAAM,CAAA;EAC5H;AApBeT;AAsBf,SAAOA;AACT;AA9DsBX;AAgEtB,eAAsBqB,4BACpBR,QAGAhB,SAAyB;AAEzB,iBAAeyB,gBAAgBnE,MAM9B;AACC,UAAM,EAAEoE,iBAAiBC,QAAQC,YAAW,IAAKtE;AACjD,UAAMuE,aAAavE,KAAKuE;AACxB,QAAIC;AAEJ,UAAMtB,aAAa,MAAMR,QAAQlC,MAAMoC,qBAAqBc,MAAAA;AAC5Dc,kBAAcH,QAAQI,SAAS,IAAA,IAAQ,QAAQ;AAC/C,UAAMhB,SAASP,WAAWO,UAAUP,WAAWE;AAE/C,QAAIsB,iBAAiBC,gBAAgBJ,UAAAA,GAAa;AAChD,UAAI,CAACA,WAAWd,QAAQ;AACtBc,mBAAWd,SAAS;UAAEmB,IAAInB;QAAO;MACnC,WAAW,OAAOc,WAAWd,WAAW,YAAY,CAACc,WAAWd,OAAOmB,IAAI;AACzEL,mBAAWd,OAAOmB,KAAKnB;MACzB;AACA,YAAMoB,iBAAiBC,MAAMC,QAAQR,WAAWS,iBAAiB;AACjE,UAAIC,qBAAqBH,MAAMC,QAAQR,WAAWS,iBAAiB,IAAIT,WAAWS,oBAAoB;QAACT,WAAWS;;AAClHC,2BAAqBA,mBAAmBC,IAAI,CAACC,YAAAA;AAC3C,YAAI,CAACA,QAAQP,IAAI;AACfO,kBAAQP,KAAKR,gBAAgBtC;QAC/B;AACA,eAAOqD;MACT,CAAA;AACAZ,iBAAWS,oBAAoBH,iBAAiBI,qBAAqBA,mBAAmB,CAAA;AAGxF,UAAIG,iBAAoC1C,SAAS,yBAAA,GAA4B;AAE3E,cAAM2C,qBAAqB,MAAM3C,QAAQlC,MAAM8E,wBAAwB;UAAEf;UAAYD;QAAY,CAAA;AACjG,YAAIC,WAAWgB,oBAAoB,CAAChB,WAAWgB,iBAAiBC,sBAAsB;AACpFjB,qBAAWgB,mBAAmBF,mBAAmBE;QACnD;MACF;AAEA,YAAMhF,SAAS,MAAMmC,QAAQlC,MAAMiF,2BAA2B;QAC5DlB;QACAC;QACAkB,sBAAsB;QACtBC,qBAAqB;QACrBC,QAAQ,OAAOrB,WAAWd,WAAW,WAAWc,WAAWd,OAAOmB,KAAKL,WAAWd;QAClF,GAAIP,WAAWxB,OAAO;UAAEH,QAAQ;YAAEG,KAAKwB,WAAWxB;UAAI;QAAE;MAC1D,CAAA;AACA,aAAQ8C,gBAAgB,SAAS,SAASjE,OAAOsF,QAAQtF,OAAOsF,MAAMlF,MAAMJ;IAC9E,WAAWmE,iBAAiBoB,gCAAgCvB,UAAAA,GAAa;AACvE,YAAMwB,eAAexB;AACrB,UAAIwB,aAAalC,QAAQR,QAAW;AAClC0C,qBAAalC,MAAMJ;MACrB;AACA,UAAIsC,aAAaC,QAAQ3C,QAAW;AAClC0C,qBAAaC,MAAMC,KAAKC,OAAM,oBAAIC,KAAAA,GAAOC,QAAO,IAAK,GAAA;MACvD;AAEA,UAAIC;AACJ,UAAI,qBAAqB9B,YAAY;AACnC8B,0BAAkB9B,WAAW,iBAAA;AAC7B,eAAOA,WAAW,iBAAA;MACpB,OAAO;AACL8B,0BAAkB;UAChBC,KAAK/B,WAAW,KAAA;QAClB;MACF;AAEA,UAAIa,iBAAoC1C,SAAS,8BAAA,GAAiC;AAChF,YAAKqD,aAAaQ,UAAUR,aAAaQ,OAAOC,eAAiBlC,eAAeA,YAAYmC,SAAS,GAAI;AAEvG,gBAAMC,yBAAyB,MAAMhE,QAAQlC,MAAMmG,6BAA6B;YAAEpC,YAAYwB;YAAczB;UAAY,CAAA;AACxH,cAAIyB,aAAaQ,QAAQC,aAAaI,KAAK;AACzC,gBAAI,CAACF,uBAAuBH,UAAU,CAACG,uBAAuBH,OAAOC,aAAa;AAEhF,qBAAOzF,QAAQC,OAAOC,MAAM,2DAAA,CAAA;YAC9B;AAGA,gBAAIqD,eAAeA,YAAYmC,SAAS,GAAG;AACzC,oBAAMI,aAAavC,YAAY,CAAA;AAC/BuC,yBAAWC,eAAeJ,uBAAuBH,OAAOC,YAAYO;AACpEF,yBAAWG,kBAAkBN,uBAAuBH,OAAOC,YAAYI;YACzE;AACAb,yBAAaQ,OAAOC,YAAYI,MAAMF,uBAAuBH,OAAOC,YAAYI;UAClF;QACF;MACF;AAEA,YAAMrG,SAAS,MAAMmC,QAAQlC,MAAMyG,cAAc;QAC/CC,mBAAmBnB;QACnBM;QACAnD;MACF,CAAA;AACA,aAAO3C,OAAOgE;IAChB;AAGA,WAAOxD,QAAQC,OAAO,yEAAA;EACxB;AAnGemD;AAqGf,SAAOA;AACT;AA5GsBD;AA8GtB,eAAsBiD,uBACpBnH,MAOA0C,SAAyB;AAEzB,QAAM,EAAE0E,YAAYC,gBAAgBC,4BAA2B,IAAKtH;AAEpE,QAAMuH,UAAU,IAAIC,gBAAAA;AAEpB,QAAMvH,WACJD,KAAKC,YACLD,MAAMoH,YAAYzD,SAAS8D,aAAaxH,YACxCD,KAAKoH,YAAYzD,SAAS8D,aAAaC,eAAezH,YACtDC,iBAAiBwC,OAAAA;AACnB,MAAI,CAACzC,UAAU;AACb,UAAMgB,MAAM,4CAAA;EACd;AACA,QAAMyC,SAASf,8BAA8B;IAAEgB,SAASyD,WAAWzD;IAASD,QAAQ0D,WAAW1D;EAAO,CAAA;AACtG,QAAMgE,gBAAkC;IACtC,GAAGN,YAAYzD,SAAS8D,aAAaC;IACrC,GAAG1H,MAAMoH,YAAYK,aAAaC;IAClCzH;IACA0H,UAAUN,eAAeO;EAC3B;AACAL,UAAQM,mBAAmBR,cAAAA;AAC3BE,UAAQO,0BAA0BR,2BAAAA;AAElCC,UAAQQ,6BAA6B,MAAM7D,4BAA4BR,QAAQhB,OAAAA,CAAAA;AAC/E,MAAI0E,WAAWY,eAAe;AAC5BT,YAAQU,kBAAkBb,WAAWY,aAAa;EACpD,WAAWX,eAAea,gBAAgB;AACxCX,YAAQU,kBAAkBb,WAAWY,iBAAiBX,eAAea,cAAc;EACrF;AAEA,MAAId,WAAWe,cAAc;AAC3BZ,YAAQa,qBAAqBhB,WAAWe,YAAY;EAKtD;AAEAZ,UAAQc,sBAAsBxI,qBAAqB;IAAEC,YAAY4H;EAAc,GAAGhF,OAAAA,CAAAA;AAElF,MAAI1C,KAAKsI,wBAAwB;AAC/Bf,YAAQgB,2BAA2BvI,KAAKsI,sBAAsB;EAChE;AACAf,UAAQiB,wBAAuB;AAC/BjB,UAAQkB,iCAAgC;AACxClB,UAAQmB,oCAAmC;AAE3C,SAAOnB;AACT;AAzDsBJ;AA2DtB,eAAsBwB,gBACpB,EACEvB,YACAC,gBACAC,6BACAgB,uBAAsB,GAOxB5F,SAAyB;AAEzB,UACE,MAAMyE,uBACJ;IACEC;IACAC;IACAC;IACAgB;EACF,GACA5F,OAAAA,GAEFkG,MAAK;AACT;AAzBsBD;AA2BtB,eAAsBE,6BAA6BpG,MAAwD;AACzG,iBAAeqG,yBAAAA;AACb,UAAMC,OAAOtG,KAAKsG,KAAKC,QAAQ,iBAAiBvG,KAAKwG,wBAAwB;AAC7E,WAAOC,MAAMH,MAAM;MACjB3H,QAAQ;MACR+H,SAAS;QACP,gBAAgB;MAClB;IACF,CAAA,EAAGC,KAAK,OAAOC,aAAAA;AACb,UAAIA,SAAS9C,UAAU,KAAK;AAC1B,eAAOxF,QAAQC,OAAOC,MAAM,MAAMoI,SAASC,KAAI,CAAA,CAAA;MACjD,OAAO;AACL,cAAMC,eAAe,MAAMF,SAASG,KAAI;AAExC,YAAI,CAACD,aAAaE,gBAAgB;AAChC,iBAAO1I,QAAQC,OAAOC,MAAM,2CAAA,CAAA;QAC9B;AAEA,eAAOsI,aAAaE;MACtB;IACF,CAAA;EACF;AApBeX;AAsBf,SAAOA;AACT;AAxBsBD;AA0BtB,eAAsBa,iCAAiCjH,MAGtD;AACC,iBAAekH,2BAA2BC,eAAqB;AAC7D,WAAOV,MAAMzG,KAAKsG,MAAM;MACtB3H,QAAQ;MACR+H,SAAS;QACP,gBAAgB;MAClB;MACAU,MAAMC,KAAKC,UAAU;QAAEC,cAAcvH,KAAKwG;QAA0BW;MAAc,CAAA;IACpF,CAAA,EAAGR,KAAK,OAAOC,aAAAA;AACb,UAAIA,SAAS9C,UAAU,KAAK;AAC1B,eAAOxF,QAAQC,OAAOC,MAAM,MAAMoI,SAASC,KAAI,CAAA,CAAA;MACjD,OAAO;AACL,cAAMC,eAAe,MAAMF,SAASG,KAAI;AAExC,YAAI,CAACD,aAAahD,QAAQ;AACxB,iBAAOxF,QAAQC,OAAOC,MAAM,iCAAA,CAAA;QAC9B;AAEA,eAAOsI,aAAahD,WAAW0D,iCAAiCC;MAClE;IACF,CAAA;EACF;AApBeP;AAsBf,SAAOA;AACT;AA3BsBD;;;ACnZf,IAAMS,iBAAN,MAAMA;EAJb,OAIaA;;;EACHC;EACSC;EACAC;EACTC;EACSC;EAEjB,YAAmB,EACjBC,YACAC,cACAC,gBACAC,4BAA2B,GAM1B;AACD,SAAKN,iBAAiBG;AACtB,SAAKJ,mBAAmBK;AACxB,SAAKH,kBAAkBI;AACvB,SAAKH,+BAA+BI;EACtC;EAEA,MAAaC,IAAIC,MAAyG;AACxH,QAAI,CAAC,KAAKV,SAAS;AACjB,YAAMW,UAAU,MAAMC,uBACpB;QACEP,YAAY,KAAKQ;QACjBN,gBAAgB,KAAKA;QACrBC,6BAA6B,KAAKA;QAClCM,wBAAwBJ,MAAMI;MAChC,GACAJ,KAAKK,OAAO;AAEd,WAAKf,UAAUW,QAAQK,MAAK;IAC9B;AACA,WAAO,KAAKhB;EACd;EAEA,IAAIa,gBAAgB;AAClB,WAAO,KAAKX;EACd;EAEA,IAAIe,kBAAkB;AACpB,WAAO,KAAKhB;EACd;EAEA,IAAIM,iBAAiB;AACnB,WAAO,KAAKJ;EACd;EAEA,IAAII,eAAeW,OAAuB;AAExC,QAAI,KAAKlB,SAASO,gBAAgB;AAChC,WAAKP,QAAQO,iBAAiB;QAC5B,GAAG,KAAKP,SAASO;QACjBY,qCAAqCD,MAAMC;MAC7C;IACF;AAEA,SAAKhB,kBAAkBe;EACzB;EAEA,IAAIV,8BAA8B;AAChC,WAAO,KAAKJ;EACd;AACF;;;AF3CO,IAAMgB,gBAAN,MAAMA,eAAAA;EA7Bb,OA6BaA;;;EACX,OAAwBC,oBAAoB;EAC3BC,YAAyC,oBAAIC,IAAAA;EACrDC,SAASA,OAAOC;EAEhBC,UAA0B;IACjCC,uBAAuB,KAAKA,sBAAsBC,KAAK,IAAI;IAC3DC,wBAAwB,KAAKA,uBAAuBD,KAAK,IAAI;IAC7DE,kCAAkC,KAAKA,iCAAiCF,KAAK,IAAI;IACjFG,oBAAoB,KAAKA,mBAAmBH,KAAK,IAAI;EACvD;EACQI;EAER,YAAYC,MAA2B;AACrC,SAAKD,QAAQC,QAAQ,CAAC;EACxB;EAEA,MAAcN,sBAAsBO,YAA8BC,SAAqE;AACrI,WAAO,MAAM,KAAKJ,mBAAmBG,YAAYC,OAAAA,EAC9CC,KAAK,CAACC,aAAaA,SAASC,IAAI;MAAEH;IAAQ,CAAA,CAAA,EAC1CC,KAAK,CAACG,WACLA,OAAOC,yBAAyBN,UAAAA,EAAYE,KAAK,CAACK,aAAAA;AAChD,YAAMC,SAA0CD;AAChD,UAAI,KAAKT,MAAMW,mBAAmB,OAAO;AACvC,eAAOD,OAAOE;MAChB;AACA,aAAOF;IACT,CAAA,CAAA;EAEN;EAEA,MAAcb,uBAAuBgB,WAAiCV,SAAwD;AAC5H,WAAO,MAAM,KAAKJ,mBAAmBc,WAAWV,OAAAA,EAC7CC,KAAK,CAACC,aAAaA,SAASC,IAAI;MAAEH;IAAQ,CAAA,CAAA,EAC1CC,KAAK,CAACG,WAAqBA,OAAOO,gBAAgBD,SAAAA,CAAAA;EACvD;EAEA,MAAcf,iCACZiB,iBACAZ,SAC8B;AAC9B,WAAO,MAAM,KAAKJ,mBAAmBgB,iBAAiBZ,OAAAA,EAASC,KAAK,OAAOC,aAAAA;AACzE,YAAME,SAAS,MAAMF,SAASC,IAAI;QAAEH;MAAQ,CAAA;AAE5C,YAAMa,8BAA8BD,gBAAgBE,SAAS;QAC3DC,yBAAyBX,OAAOW;QAChCC,oBAAoBJ,gBAAgBI;MACtC,CAAA;AACA,YAAMC,oBAAoBf,SAASgB,cAAcC,QAAQf,UAAUF,SAASgB,cAAcE,SAASD,OAAOE,WAAWC,SAAAA;AACrH,UAAI,CAACL,mBAAmB;AACtB,eAAOM,QAAQC,OAAOC,MAAM,yCAAyC,CAAA;MACvE;AACA,aAAOC,0BAA0Bd,gBAAgBE,SAAS;QACxDG;QACAU,gBAAgBf,gBAAgBI;QAChCY,iBAAiBhB,gBAAgBI;QACjCa,SAASzB,OAAOyB;QAChBd,yBAAyBX,OAAOW;QAChCe,2BAA2B,MAAMC,6BAA6B7B,SAASgB,eAAelB,OAAAA;MACxF,CAAA;IACF,CAAA;EACF;EAEQgC,cAAcC,gBAAoD;AACxE,QAAI,2BAA2BA,kBAAkBC,MAAMC,QAAQF,eAAeG,qBAAqB,GAAG;AACpG,aAAOH,eAAeG,sBAAsBC,KAAK,CAACC,OAAOA,OAAOL,eAAeM,iBAAiB;IAClG;AACA,WAAOC;EACT;EAEA,MAAcC,qBAAqBC,MAA2B1C,SAAoD;AAChH,UAAM2C,mBAAmBD,KAAKC,oBAAoB1D,eAAcC;AAGhE,UAAM0D,eAAe,MAAM,KAAKC,gBAAgB;MAAE,GAAGH;MAAMC;IAAiB,GAAG3C,OAAAA;AAC/E,UAAMiC,iBAAiB,MAAM,KAAKa,kBAAkB;MAAE,GAAGJ;MAAMC;IAAiB,GAAG3C,OAAAA;AACnF,UAAM+C,aAAa,KAAKf,cAAcC,cAAAA;AACtC,QAAIe,qBAA8ER;AAClF,QAAIO,YAAY;AAEdC,2BAAqB,MAAMC,kBAAkBF,YAAYG,mBAAmBC,sBAAsB;QAChGC,iBAAiB;MACnB,CAAA;AACA,UAAI,CAACJ,oBAAoB;AACvBA,6BAAqB,MAAMC,kBAAkBF,YAAYG,mBAAmBG,UAAU;UACpFD,iBAAiB;QACnB,CAAA;MACF;IACF;AACA,UAAME,8BAA8BN,oBAAoBO,cACpDP,mBAAoBO,cACpB,MAAM,KAAKC,wCACT;MACE,GAAGd;MACHC;IACF,GACA3C,OAAAA;AAEN,UAAMyD,aAAa,MAAM,KAAKC,uBAAuB;MAAE,GAAGhB;MAAMC;IAAiB,GAAG3C,OAAAA;AACpF,QAAI,CAACyD,WAAWE,aAAa;AAC3BF,iBAAWE,cAAc;QAAE,GAAGF,WAAWrC,SAASuC;QAAa,GAAG,KAAK9D,MAAM8D;MAAY;IAC3F;AACA,QAAI,CAACF,WAAWE,aAAaC,UAAU;AACrCH,iBAAWE,YAAYC,WAAWC,kBAAiB7D,OAAAA;IACrD;AAEA,SAAKb,UAAU2E,IACbnB,kBACA,IAAIoB,eAAe;MACjBN;MACAb;MACAX;MACAqB;IACF,CAAA,CAAA;AAGF,WAAO,KAAK1D,mBAAmB8C,MAAM1C,OAAAA;EACvC;EAEA,MAAaJ,mBAAmB8C,MAA2B1C,SAAoD;AAC7G,UAAM2C,mBAAmBD,KAAKC,oBAAoB1D,eAAcC;AAEhE,QAAI,CAAC,KAAKC,UAAU6E,IAAIrB,gBAAAA,GAAmB;AACzC,YAAM,KAAKF,qBAAqBC,MAAM1C,OAAAA;IACxC;AACA,WAAO,KAAKb,UAAUgB,IAAIwC,gBAAAA;EAC5B;EAEA,MAAce,uBACZ5D,MAKAE,SACyB;AACzB,UAAM2C,mBAAmB7C,KAAK6C;AAC9B,UAAMsB,UAAU,MAAM,KAAKA,QAAQnE,MAAME,OAAAA;AACzC,UAAMkE,YAAY,MAAM,KAAKA,UAAUpE,MAAME,OAAAA;AAC7C,UAAMmE,UAAU,MAAMnE,QAAQoE,MAAMC,0BAA0B;MAC5DC,cAAc;MACdC,eAAe5B;MACfsB;MACAC;IACF,CAAA;AACA,QAAI,CAACC,SAAS;AACZ,YAAM1C,MAAM,6DAA6DkB,gBAAAA,EAAkB;IAC7F;AACA,WAAOwB;EACT;EAEA,MAActB,gBACZ/C,MAKAE,SAC2B;AAC3B,UAAM2C,mBAAmB7C,KAAK6C;AAC9B,UAAMsB,UAAU,MAAM,KAAKA,QAAQnE,MAAME,OAAAA;AACzC,UAAMwE,iBAAiB,MAAM,KAAKN,UAAUpE,MAAME,OAAAA;AAClD,WAAO;MAAE2C;MAAkBsB;MAASO;IAAe;EACrD;EAEA,MAAc1B,kBACZhD,MAKAE,SACyB;AACzB,UAAM4C,eAAe,MAAM,KAAKC,gBAAgB/C,MAAME,OAAAA;AACtD,UAAMyE,WAAY,MAAMzE,QAAQoE,MAAMM,wBAAwB;MAC5DJ,cAAc;MACdC,eAAe3B,aAAaD;MAC5BuB,WAAWtB,aAAa4B;MACxBP,SAASrB,aAAaqB;IACxB,CAAA;AACA,QAAI,CAACQ,UAAU;AACb,YAAMhD,MAAM,wCAAwC3B,KAAK6C,gBAAgB,eAAe7C,KAAKoE,SAAS,cAAcpE,KAAKmE,OAAO,EAAE;IACpI;AACA,WAAOQ;EACT;EAEA,MAAcjB,wCACZ1D,MAKAE,SACsC;AACtC,UAAM4C,eAAe,MAAM,KAAKC,gBAAgB/C,MAAME,OAAAA;AACtD,UAAMyE,WAAY,MAAMzE,QAAQoE,MAAMM,wBAAwB;MAC5DJ,cAAc;MACdC,eAAe3B,aAAaD;MAC5BuB,WAAWtB,aAAa4B;MACxBP,SAASrB,aAAaqB;IACxB,CAAA;AACA,QAAI,CAACQ,UAAU;AACb,YAAMhD,MACJ,wBAAwB3B,KAAK6C,gBAAgB,sCAAsCC,aAAa4B,cAAc,cAAc5B,aAAaqB,OAAO,EAAE;IAEtJ;AACA,WAAOQ;EACT;EAEA,MAAcR,QAAQnE,MAA6BE,SAA6C;AAC9F,UAAMiE,UAAUnE,MAAMmE,WAAW,KAAKpE,OAAO8E,kBAAmB,MAAM3E,SAASoE,MAAMQ,2BAAAA;AACrF,QAAI,CAACX,SAAS;AACZ,YAAMxC,MAAM,iGAAA;IACd;AACA,WAAOwC;EACT;EAEA,MAAcC,UAAUpE,MAA+BE,SAA6C;AAClG,UAAMkE,YAAYpE,MAAMoE,aAAa,KAAKrE,OAAOgF,oBAAqB,MAAM7E,SAASoE,MAAMU,6BAAAA;AAC3F,QAAI,CAACZ,WAAW;AACd,YAAMzC,MAAM,mGAAA;IACd;AACA,WAAOyC;EACT;AACF;;;AG1PA,IAAMa,SAASC;","names":["WellKnownEndpoints","assertValidAccessTokenRequest","createAccessTokenResponse","retrieveWellknown","getAgentResolver","AuthorizationResponseStateStatus","VcIssuerBuilder","getAgentResolver","legacyKeyRefsToIdentifierOpts","contextHasPlugin","CredentialMapper","bytesToBase64","fetch","createJWT","decodeJWT","verifyJWT","jwtDecode","getJwtVerifyCallback","verifyOpts","_context","args","resolver","getAgentResolver","resolverResolution","uniresolverResolution","localResolution","resolve","result","agent","jwtVerifyJwsSignature","jws","jwt","error","identifier","signatures","Promise","reject","Error","jwkInfo","jwks","method","alg","jwk","header","jwtDecode","payload","kid","decodedJwt","decodeJWT","startsWith","did","split","didResult","verifyJWT","verified","console","log","didResolution","didDocument","didResolutionMetadata","getAccessTokenKeyRef","opts","context","legacyKeyRefsToIdentifierOpts","identifierManagedGet","getAccessTokenSignerCallback","signer","data","dataString","encoding","resolution","keyRef","kmsKeyRef","undefined","bytesToBase64","keyManagerSign","accessTokenSignerCallback","issuer","idOpts","didOpts","toString","iss","kidHeader","identifierOpts","createJWT","typ","getCredentialSignerCallback","issueVCCallback","jwtVerifyResult","format","statusLists","credential","proofFormat","includes","CredentialMapper","isW3cCredential","id","subjectIsArray","Array","isArray","credentialSubject","credentialSubjects","map","subject","contextHasPlugin","credentialStatusVC","slAddStatusToCredential","credentialStatus","statusListCredential","createVerifiableCredential","removeOriginalFields","fetchRemoteContexts","domain","proof","isSdJwtDecodedCredentialPayload","sdJwtPayload","iat","Math","floor","Date","getTime","disclosureFrame","_sd","status","status_list","length","sdJwtPayloadWithStatus","slAddStatusToSdJwtCredential","idx","statusList","statusListId","uri","statusListIndex","createSdJwtVc","credentialPayload","createVciIssuerBuilder","issuerOpts","issuerMetadata","authorizationServerMetadata","builder","VcIssuerBuilder","resolveOpts","jwtVerifyOpts","audience","credential_issuer","withIssuerMetadata","withAuthorizationMetadata","withCredentialSignerCallback","nonceEndpoint","withNonceEndpoint","nonce_endpoint","asClientOpts","withASClientMetadata","withJWTVerifyCallback","credentialDataSupplier","withCredentialDataSupplier","withInMemoryCNonceState","withInMemoryCredentialOfferState","withInMemoryCredentialOfferURIState","createVciIssuer","build","createAuthRequestUriCallback","authRequestUriCallback","path","replace","presentationDefinitionId","fetch","headers","then","response","text","responseData","json","authRequestURI","createVerifyAuthResponseCallback","verifyAuthResponseCallback","correlationId","body","JSON","stringify","definitionId","AuthorizationResponseStateStatus","VERIFIED","IssuerInstance","_issuer","_metadataOptions","_issuerOptions","_issuerMetadata","_authorizationServerMetadata","issuerOpts","metadataOpts","issuerMetadata","authorizationServerMetadata","get","opts","builder","createVciIssuerBuilder","issuerOptions","credentialDataSupplier","context","build","metadataOptions","value","credential_configurations_supported","OID4VCIIssuer","_DEFAULT_OPTS_KEY","instances","Map","schema","IDidAuthSiopOpAuthenticator","methods","oid4vciCreateOfferURI","bind","oid4vciIssueCredential","oid4vciCreateAccessTokenResponse","oid4vciGetInstance","_opts","opts","createArgs","context","then","instance","get","issuer","createCredentialOfferURI","response","result","returnSessions","session","issueArgs","issueCredential","accessTokenArgs","assertValidAccessTokenRequest","request","credentialOfferSessions","expirationDuration","accessTokenIssuer","issuerOptions","idOpts","didOpts","identifier","toString","Promise","reject","Error","createAccessTokenResponse","tokenExpiresIn","cNonceExpiresIn","cNonces","accessTokenSignerCallback","getAccessTokenSignerCallback","getExternalAS","issuerMetadata","Array","isArray","authorization_servers","find","as","credential_issuer","undefined","createIssuerInstance","args","credentialIssuer","metadataOpts","getMetadataOpts","getIssuerMetadata","externalAS","asMetadataResponse","retrieveWellknown","WellKnownEndpoints","OPENID_CONFIGURATION","errorOnNotFound","OAUTH_AS","authorizationServerMetadata","successBody","getAuthorizationServerMetadataFromStore","issuerOpts","getIssuerOptsFromStore","resolveOpts","resolver","getAgentResolver","set","IssuerInstance","has","storeId","namespace","options","agent","oid4vciStoreGetIssuerOpts","metadataType","correlationId","storeNamespace","metadata","oid4vciStoreGetMetadata","defaultStoreId","oid4vciStoreDefaultStoreId","defaultNamespace","oid4vciStoreDefaultNamespace","schema","require"]}
|
|
1
|
+
{"version":3,"sources":["../plugin.schema.json","../src/agent/OID4VCIIssuer.ts","../src/functions.ts","../src/IssuerInstance.ts","../src/index.ts"],"sourcesContent":["{\n \"IDidAuthSiopOpAuthenticator\": {\n \"components\": {\n \"schemas\": {\n \"IGetSiopSessionArgs\": {\n \"type\": \"object\",\n \"properties\": {\n \"sessionId\": {\n \"type\": \"string\"\n },\n \"additionalProperties\": false\n },\n \"required\": [\"sessionId\"],\n \"description\": \"Arguments needed for {@link DidAuthSiopOpAuthenticator.getSessionForSiop } \"\n },\n \"IRegisterSiopSessionArgs\": {\n \"type\": \"object\",\n \"properties\": {\n \"identifier\": {\n \"type\": \"object\",\n \"properties\": {\n \"did\": {\n \"type\": \"string\"\n },\n \"alias\": {\n \"type\": \"string\"\n },\n \"provider\": {\n \"type\": \"string\"\n },\n \"controllerKeyId\": {\n \"type\": \"string\"\n },\n \"keys\": {\n \"type\": \"array\",\n \"items\": {\n \"type\": \"object\",\n \"properties\": {\n \"additionalProperties\": true\n }\n }\n },\n \"services\": {\n \"type\": \"array\",\n \"items\": {\n \"type\": \"object\",\n \"properties\": {\n \"additionalProperties\": true\n }\n }\n }\n },\n \"additionalProperties\": false,\n \"required\": [\"did\", \"provider\", \"keys\", \"services\"]\n },\n \"sessionId\": {\n \"type\": \"string\"\n },\n \"expiresIn\": {\n \"type\": \"number\"\n },\n \"additionalProperties\": false\n },\n \"required\": [\"identifier\"],\n \"description\": \"Arguments needed for {@link DidAuthSiopOpAuthenticator.registerSessionForSiop } \"\n },\n \"IRemoveSiopSessionArgs\": {\n \"type\": \"object\",\n \"properties\": {\n \"sessionId\": {\n \"type\": \"string\"\n },\n \"additionalProperties\": false\n },\n \"required\": [\"sessionId\"],\n \"description\": \"Arguments needed for {@link DidAuthSiopOpAuthenticator.removeSessionForSiop } \"\n },\n \"IAuthenticateWithSiopArgs\": {\n \"type\": \"object\",\n \"properties\": {\n \"sessionId\": {\n \"type\": \"string\"\n },\n \"stateId\": {\n \"type\": \"string\"\n },\n \"redirectUrl\": {\n \"type\": \"string\"\n },\n \"additionalProperties\": false\n },\n \"required\": [\"sessionId\", \"stateId\", \"redirectUrl\"],\n \"description\": \"Arguments needed for {@link DidAuthSiopOpAuthenticator.authenticateWithSiop } \"\n },\n \"IResponse\": {\n \"type\": \"object\",\n \"properties\": {\n \"status\": {\n \"type\": \"number\"\n },\n \"additionalProperties\": true\n },\n \"required\": [\"status\"],\n \"description\": \"Result of {@link DidAuthSiopOpAuthenticator.authenticateWithSiop & DidAuthSiopOpAuthenticator.sendSiopAuthenticationResponse } \"\n },\n \"IGetSiopAuthenticationRequestFromRpArgs\": {\n \"type\": \"object\",\n \"properties\": {\n \"sessionId\": {\n \"type\": \"string\"\n },\n \"stateId\": {\n \"type\": \"string\"\n },\n \"redirectUrl\": {\n \"type\": \"string\"\n },\n \"additionalProperties\": false\n },\n \"required\": [\"sessionId\", \"stateId\", \"redirectUrl\"],\n \"description\": \"Arguments needed for {@link DidAuthSiopOpAuthenticator.getSiopAuthenticationRequestFromRP } \"\n },\n \"ParsedAuthenticationRequestURI\": {\n \"type\": \"object\",\n \"properties\": {\n \"jwt\": {\n \"type\": \"string\"\n },\n \"requestPayload\": {\n \"type\": \"object\",\n \"properties\": {\n \"additionalProperties\": true\n }\n },\n \"registration\": {\n \"type\": \"object\",\n \"properties\": {\n \"additionalProperties\": true\n }\n },\n \"additionalProperties\": false\n },\n \"required\": [\"jwt\", \"requestPayload\", \"registration\"],\n \"description\": \"Result of {@link DidAuthSiopOpAuthenticator.getSiopAuthenticationRequestFromRP } \"\n },\n \"IGetSiopAuthenticationRequestDetailsArgs\": {\n \"type\": \"object\",\n \"properties\": {\n \"sessionId\": {\n \"type\": \"string\"\n },\n \"verifiedAuthenticationRequest\": {\n \"type\": \"object\",\n \"properties\": {\n \"additionalProperties\": true\n }\n },\n \"credentialFilter\": {\n \"type\": \"object\",\n \"properties\": {\n \"additionalProperties\": true\n }\n },\n \"additionalProperties\": false\n },\n \"required\": [\"sessionId\", \"verifiedAuthenticationRequest\"],\n \"description\": \"Arguments needed for {@link DidAuthSiopOpAuthenticator.getSiopAuthenticationRequestDetails } \"\n },\n \"IAuthRequestDetails\": {\n \"type\": \"object\",\n \"properties\": {\n \"id\": {\n \"type\": \"string\"\n },\n \"alsoKnownAs\": {\n \"type\": \"array\",\n \"items\": {\n \"type\": \"string\"\n }\n },\n \"vpResponseOpts\": {\n \"type\": \"object\",\n \"properties\": {\n \"additionalProperties\": true\n }\n },\n \"additionalProperties\": false\n },\n \"required\": [\"id\", \"vpResponseOpts\"],\n \"description\": \"Result of {@link DidAuthSiopOpAuthenticator.getSiopAuthenticationRequestDetails } \"\n },\n \"IVerifySiopAuthenticationRequestUriArgs\": {\n \"type\": \"object\",\n \"properties\": {\n \"sessionId\": {\n \"type\": \"string\"\n },\n \"ParsedAuthenticationRequestURI\": {\n \"type\": \"object\",\n \"properties\": {\n \"additionalProperties\": true\n }\n },\n \"additionalProperties\": false\n },\n \"required\": [\"sessionId\", \"ParsedAuthenticationRequestURI\"],\n \"description\": \"Arguments needed for {@link DidAuthSiopOpAuthenticator.verifySiopAuthenticationRequestURI } \"\n },\n \"VerifiedAuthorizationRequest\": {\n \"type\": \"object\",\n \"properties\": {\n \"payload\": {\n \"type\": \"object\",\n \"properties\": {\n \"additionalProperties\": true\n }\n },\n \"presentationDefinitions\": {\n \"type\": \"object\",\n \"properties\": {\n \"additionalProperties\": true\n }\n },\n \"verifyOpts\": {\n \"type\": \"object\",\n \"properties\": {\n \"additionalProperties\": true\n }\n },\n \"additionalProperties\": false\n },\n \"required\": [\"payload\", \"verifyOpts\"],\n \"description\": \"Result of {@link DidAuthSiopOpAuthenticator.verifySiopAuthenticationRequestURI } \"\n },\n \"ISendSiopAuthenticationResponseArgs\": {\n \"type\": \"object\",\n \"properties\": {\n \"sessionId\": {\n \"type\": \"string\"\n },\n \"verifiedAuthenticationRequest\": {\n \"type\": \"object\",\n \"properties\": {\n \"additionalProperties\": true\n }\n },\n \"verifiablePresentationResponse\": {\n \"type\": \"object\",\n \"properties\": {\n \"additionalProperties\": true\n }\n },\n \"additionalProperties\": false\n },\n \"required\": [\"sessionId\", \"verifiedAuthenticationRequest\"],\n \"description\": \"Arguments needed for {@link DidAuthSiopOpAuthenticator.sendSiopAuthenticationResponse } \"\n }\n },\n \"methods\": {\n \"getSessionForSiop\": {\n \"description\": \"Get SIOP session\",\n \"arguments\": {\n \"$ref\": \"#/components/schemas/IGetSiopSessionArgs\"\n },\n \"returnType\": \"object\"\n },\n \"registerSessionForSiop\": {\n \"description\": \"Register SIOP session\",\n \"arguments\": {\n \"$ref\": \"#/components/schemas/IRegisterSiopSessionArgs\"\n },\n \"returnType\": \"object\"\n },\n \"removeSessionForSiop\": {\n \"description\": \"Remove SIOP session\",\n \"arguments\": {\n \"$ref\": \"#/components/schemas/IRemoveSiopSessionArgs\"\n },\n \"returnType\": \"boolean\"\n },\n \"authenticateWithSiop\": {\n \"description\": \"Authenticate using DID Auth SIOP\",\n \"arguments\": {\n \"$ref\": \"#/components/schemas/IAuthenticateWithSiopArgs\"\n },\n \"returnType\": {\n \"$ref\": \"#/components/schemas/Response\"\n }\n },\n \"getSiopAuthenticationRequestFromRP\": {\n \"description\": \"Get authentication request from RP\",\n \"arguments\": {\n \"$ref\": \"#/components/schemas/IGetSiopAuthenticationRequestFromRpArgs\"\n },\n \"returnType\": {\n \"$ref\": \"#/components/schemas/ParsedAuthenticationRequestURI\"\n }\n },\n \"getSiopAuthenticationRequestDetails\": {\n \"description\": \"Get authentication request details\",\n \"arguments\": {\n \"$ref\": \"#/components/schemas/IGetSiopAuthenticationRequestDetailsArgs\"\n },\n \"returnType\": {\n \"$ref\": \"#/components/schemas/IAuthRequestDetails\"\n }\n },\n \"verifySiopAuthenticationRequestURI\": {\n \"description\": \"Verify authentication request URI\",\n \"arguments\": {\n \"$ref\": \"#/components/schemas/IVerifySiopAuthenticationRequestUriArgs\"\n },\n \"returnType\": {\n \"$ref\": \"#/components/schemas/VerifiedAuthorizationRequest\"\n }\n },\n \"sendSiopAuthenticationResponse\": {\n \"description\": \"Send authentication response\",\n \"arguments\": {\n \"$ref\": \"#/components/schemas/ISendSiopAuthenticationResponseArgs\"\n },\n \"returnType\": {\n \"$ref\": \"#/components/schemas/IRequiredContext\"\n }\n }\n }\n }\n }\n}\n","import {\n AccessTokenResponse,\n AuthorizationServerMetadata,\n CredentialResponse,\n IssuerMetadata,\n OpenIDResponse,\n WellKnownEndpoints,\n} from '@sphereon/oid4vci-common'\nimport { assertValidAccessTokenRequest, createAccessTokenResponse, VcIssuer } from '@sphereon/oid4vci-issuer'\nimport { retrieveWellknown } from '@sphereon/oid4vci-client'\nimport { getAgentResolver } from '@sphereon/ssi-sdk-ext.did-utils'\nimport { IMetadataOptions } from '@sphereon/ssi-sdk.oid4vci-issuer-store'\nimport { IAgentPlugin } from '@veramo/core'\nimport { getAccessTokenSignerCallback } from '../functions'\nimport {\n IAssertValidAccessTokenArgs,\n ICreateCredentialOfferURIResult,\n ICreateOfferArgs,\n IIssueCredentialArgs,\n IIssuerInstanceArgs,\n IIssuerOptions,\n IOID4VCIIssuerOpts,\n IRefreshInstanceMetadata,\n IRequiredContext,\n schema\n} from '../index'\nimport { IssuerInstance } from '../IssuerInstance'\nimport { IOID4VCIIssuer } from '../types/IOID4VCIIssuer'\n\nexport const oid4vciIssuerMethods: Array<string> = [\n 'oid4vciCreateOfferURI',\n 'oid4vciIssueCredential',\n 'oid4vciCreateAccessTokenResponse',\n 'oid4vciGetInstance',\n 'oid4vciRefreshInstanceMetadata'\n]\n\nexport class OID4VCIIssuer implements IAgentPlugin {\n private static readonly _DEFAULT_OPTS_KEY = '_default'\n private readonly instances: Map<string, IssuerInstance> = new Map()\n readonly schema = schema.IDidAuthSiopOpAuthenticator\n\n readonly methods: IOID4VCIIssuer = {\n oid4vciCreateOfferURI: this.oid4vciCreateOfferURI.bind(this),\n oid4vciIssueCredential: this.oid4vciIssueCredential.bind(this),\n oid4vciCreateAccessTokenResponse: this.oid4vciCreateAccessTokenResponse.bind(this),\n oid4vciGetInstance: this.oid4vciGetInstance.bind(this),\n oid4vciRefreshInstanceMetadata: this.oid4vciRefreshInstanceMetadata.bind(this),\n }\n private _opts: IOID4VCIIssuerOpts\n\n constructor(opts?: IOID4VCIIssuerOpts) {\n this._opts = opts ?? {}\n }\n\n private async oid4vciCreateOfferURI(createArgs: ICreateOfferArgs, context: IRequiredContext): Promise<ICreateCredentialOfferURIResult> {\n return await this.oid4vciGetInstance(createArgs, context)\n .then((instance) => instance.get({ context }))\n .then((issuer: VcIssuer) =>\n issuer.createCredentialOfferURI(createArgs).then((response) => {\n const result: ICreateCredentialOfferURIResult = response\n if (this._opts.returnSessions === false) {\n delete result.session\n }\n return result\n }),\n )\n }\n\n private async oid4vciIssueCredential(issueArgs: IIssueCredentialArgs, context: IRequiredContext): Promise<CredentialResponse> {\n return await this.oid4vciGetInstance(issueArgs, context)\n .then((instance) => instance.get({ context }))\n .then((issuer: VcIssuer) => issuer.issueCredential(issueArgs))\n }\n\n private async oid4vciCreateAccessTokenResponse(\n accessTokenArgs: IAssertValidAccessTokenArgs,\n context: IRequiredContext,\n ): Promise<AccessTokenResponse> {\n return await this.oid4vciGetInstance(accessTokenArgs, context).then(async (instance) => {\n const issuer = await instance.get({ context })\n\n await assertValidAccessTokenRequest(accessTokenArgs.request, {\n credentialOfferSessions: issuer.credentialOfferSessions,\n expirationDuration: accessTokenArgs.expirationDuration,\n })\n const accessTokenIssuer = instance.issuerOptions.idOpts?.issuer ?? instance.issuerOptions.didOpts?.idOpts.identifier.toString() // last part is legacy\n if (!accessTokenIssuer) {\n return Promise.reject(Error(`Could not determine access token issuer`))\n }\n return createAccessTokenResponse(accessTokenArgs.request, {\n accessTokenIssuer,\n tokenExpiresIn: accessTokenArgs.expirationDuration,\n cNonceExpiresIn: accessTokenArgs.expirationDuration,\n cNonces: issuer.cNonces,\n credentialOfferSessions: issuer.credentialOfferSessions,\n accessTokenSignerCallback: await getAccessTokenSignerCallback(instance.issuerOptions, context),\n })\n })\n }\n\n private getExternalAS(issuerMetadata: IssuerMetadata): string | undefined {\n if ('authorization_servers' in issuerMetadata && Array.isArray(issuerMetadata.authorization_servers)) {\n return issuerMetadata.authorization_servers.find((as) => as !== issuerMetadata.credential_issuer)\n }\n return undefined\n }\n\n private async createIssuerInstance(args: IIssuerInstanceArgs, context: IRequiredContext): Promise<IssuerInstance> {\n const credentialIssuer = args.credentialIssuer ?? OID4VCIIssuer._DEFAULT_OPTS_KEY\n //todo: prob doesn't make sense as credentialIssuer is mandatory anyway\n\n const metadataOpts = await this.getMetadataOpts({ ...args, credentialIssuer }, context)\n const issuerMetadata = await this.getIssuerMetadata({ ...args, credentialIssuer }, context)\n const externalAS = this.getExternalAS(issuerMetadata)\n let asMetadataResponse: OpenIDResponse<AuthorizationServerMetadata> | undefined = undefined\n if (externalAS) {\n // Let's try OIDC first and then fallback to OAuth2\n asMetadataResponse = await retrieveWellknown(externalAS, WellKnownEndpoints.OPENID_CONFIGURATION, {\n errorOnNotFound: false,\n })\n if (!asMetadataResponse) {\n asMetadataResponse = await retrieveWellknown(externalAS, WellKnownEndpoints.OAUTH_AS, {\n errorOnNotFound: true,\n })\n }\n }\n const authorizationServerMetadata = asMetadataResponse?.successBody\n ? asMetadataResponse!.successBody\n : await this.getAuthorizationServerMetadataFromStore(\n {\n ...args,\n credentialIssuer,\n },\n context,\n )\n const issuerOpts = await this.getIssuerOptsFromStore({ ...args, credentialIssuer }, context)\n if (!issuerOpts.resolveOpts) {\n issuerOpts.resolveOpts = { ...issuerOpts.didOpts?.resolveOpts, ...this._opts.resolveOpts }\n }\n if (!issuerOpts.resolveOpts?.resolver) {\n issuerOpts.resolveOpts.resolver = getAgentResolver(context)\n }\n\n this.instances.set(\n credentialIssuer,\n new IssuerInstance({\n issuerOpts,\n metadataOpts,\n issuerMetadata,\n authorizationServerMetadata,\n }),\n )\n\n return this.oid4vciGetInstance(args, context)\n }\n\n // TODO SSISDK-87 create proper solution to update issuer metadata\n public async oid4vciRefreshInstanceMetadata(args: IRefreshInstanceMetadata, context: IRequiredContext): Promise<void> {\n const instance = this.instances.get(args.credentialIssuer)\n if (instance) {\n const metadata = await this.getIssuerMetadata({ ...args }, context);\n instance.issuerMetadata = metadata;\n }\n }\n\n public async oid4vciGetInstance(args: IIssuerInstanceArgs, context: IRequiredContext): Promise<IssuerInstance> {\n const credentialIssuer = args.credentialIssuer ?? OID4VCIIssuer._DEFAULT_OPTS_KEY\n //todo: prob doesn't make sense as credentialIssuer is mandatory anyway\n if (!this.instances.has(credentialIssuer)) {\n await this.createIssuerInstance(args, context)\n }\n return this.instances.get(credentialIssuer)!\n }\n\n private async getIssuerOptsFromStore(\n opts: {\n credentialIssuer: string\n storeId?: string\n namespace?: string\n },\n context: IRequiredContext,\n ): Promise<IIssuerOptions> {\n const credentialIssuer = opts.credentialIssuer\n const storeId = await this.storeId(opts, context)\n const namespace = await this.namespace(opts, context)\n const options = await context.agent.oid4vciStoreGetIssuerOpts({\n metadataType: 'issuer',\n correlationId: credentialIssuer,\n storeId,\n namespace,\n })\n if (!options) {\n throw Error(`Could not get specific nor default options for definition ${credentialIssuer}`)\n }\n return options\n }\n\n private async getMetadataOpts(\n opts: {\n credentialIssuer: string\n storeId?: string\n namespace?: string\n },\n context: IRequiredContext,\n ): Promise<IMetadataOptions> {\n const credentialIssuer = opts.credentialIssuer\n const storeId = await this.storeId(opts, context)\n const storeNamespace = await this.namespace(opts, context)\n return { credentialIssuer, storeId, storeNamespace }\n }\n\n private async getIssuerMetadata(\n opts: {\n credentialIssuer: string\n storeId?: string\n namespace?: string\n },\n context: IRequiredContext,\n ): Promise<IssuerMetadata> {\n const metadataOpts = await this.getMetadataOpts(opts, context)\n const metadata = (await context.agent.oid4vciStoreGetMetadata({\n metadataType: 'issuer',\n correlationId: metadataOpts.credentialIssuer,\n namespace: metadataOpts.storeNamespace,\n storeId: metadataOpts.storeId,\n })) as IssuerMetadata\n if (!metadata) {\n throw Error(`Issuer metadata not found for issuer ${opts.credentialIssuer}, namespace ${opts.namespace} and store ${opts.storeId}`)\n }\n return metadata\n }\n\n private async getAuthorizationServerMetadataFromStore(\n opts: {\n credentialIssuer: string\n storeId?: string\n namespace?: string\n },\n context: IRequiredContext,\n ): Promise<AuthorizationServerMetadata> {\n const metadataOpts = await this.getMetadataOpts(opts, context)\n const metadata = (await context.agent.oid4vciStoreGetMetadata({\n metadataType: 'authorizationServer',\n correlationId: metadataOpts.credentialIssuer,\n namespace: metadataOpts.storeNamespace,\n storeId: metadataOpts.storeId,\n })) as AuthorizationServerMetadata\n if (!metadata) {\n throw Error(\n `Authorization server ${opts.credentialIssuer} metadata not found for namespace ${metadataOpts.storeNamespace} and store ${metadataOpts.storeId}`,\n )\n }\n return metadata\n }\n\n private async storeId(opts?: { storeId?: string }, context?: IRequiredContext): Promise<string> {\n const storeId = opts?.storeId ?? this._opts?.defaultStoreId ?? (await context?.agent.oid4vciStoreDefaultStoreId())\n if (!storeId) {\n throw Error('Please provide a store id a default value, or provide the context for a global default store id')\n }\n return storeId\n }\n\n private async namespace(opts?: { namespace?: string }, context?: IRequiredContext): Promise<string> {\n const namespace = opts?.namespace ?? this._opts?.defaultNamespace ?? (await context?.agent.oid4vciStoreDefaultNamespace())\n if (!namespace) {\n throw Error('Please provide a namespace a default value, or provide the context for a global default namespace')\n }\n return namespace\n }\n}\n","import { AuthorizationResponseStateStatus } from '@sphereon/did-auth-siop'\nimport {\n AuthorizationServerMetadata,\n CredentialRequestV1_0_15,\n IssuerMetadata,\n Jwt,\n JWTHeader,\n JWTPayload,\n JwtVerifyResult,\n type OID4VCICredentialFormat,\n StatusListOpts,\n} from '@sphereon/oid4vci-common'\nimport { CredentialDataSupplier, CredentialIssuanceInput, CredentialSignerCallback, VcIssuer, VcIssuerBuilder } from '@sphereon/oid4vci-issuer'\nimport { getAgentResolver, IDIDOptions } from '@sphereon/ssi-sdk-ext.did-utils'\nimport { legacyKeyRefsToIdentifierOpts, ManagedIdentifierOptsOrResult } from '@sphereon/ssi-sdk-ext.identifier-resolution'\nimport { contextHasPlugin } from '@sphereon/ssi-sdk.agent-config'\nimport { SdJwtVcPayload } from '@sphereon/ssi-sdk.sd-jwt'\nimport { IStatusListPlugin } from '@sphereon/ssi-sdk.vc-status-list'\nimport { CompactSdJwtVc, CredentialMapper, ICredential, W3CVerifiableCredential } from '@sphereon/ssi-types'\nimport { CredentialPayload, ProofFormat } from '@veramo/core'\nimport { bytesToBase64 } from '@veramo/utils'\nimport fetch from 'cross-fetch'\nimport { createJWT, decodeJWT, JWTVerifyOptions, verifyJWT } from 'did-jwt'\nimport { Resolvable } from 'did-resolver'\nimport { jwtDecode } from 'jwt-decode'\nimport { IIssuerOptions, IRequiredContext } from './types/IOID4VCIIssuer'\n\nexport function getJwtVerifyCallback({ verifyOpts }: { verifyOpts?: JWTVerifyOptions }, _context: IRequiredContext) {\n return async (args: { jwt: string; kid?: string }): Promise<JwtVerifyResult> => {\n const resolver = getAgentResolver(_context, {\n resolverResolution: true,\n uniresolverResolution: true,\n localResolution: true,\n })\n verifyOpts = { ...verifyOpts, resolver: verifyOpts?.resolver } // Resolver separately as that is a function\n if (!verifyOpts?.resolver || typeof verifyOpts?.resolver?.resolve !== 'function') {\n verifyOpts.resolver = resolver\n }\n const result = await _context.agent.jwtVerifyJwsSignature({ jws: args.jwt })\n if (!result.error) {\n const identifier = result.jws.signatures[0].identifier\n if (!identifier) {\n return Promise.reject(Error('the jws did not contain a signature with an identifier'))\n }\n const jwkInfo = identifier.jwks[0]\n if (!jwkInfo) {\n return Promise.reject(Error(`the identifier of type ${identifier.method} is missing jwks (ExternalJwkInfo)`))\n }\n const { alg } = jwkInfo.jwk\n const header = jwtDecode<JWTHeader>(args.jwt, { header: true })\n const payload = jwtDecode<JWTPayload>(args.jwt, { header: false })\n const kid = args.kid ?? header.kid\n //const jwk = !kid ? jwkInfo.jwk : undefined // TODO double-check if this is correct\n const jwk = jwkInfo.jwk // FIXME workaround IATAB2B-57\n return {\n alg,\n ...identifier,\n jwt: { header, payload },\n ...(kid && { kid }),\n ...(jwk && { jwk }),\n } as JwtVerifyResult\n }\n\n const decodedJwt = (await decodeJWT(args.jwt)) as Jwt\n const kid = args.kid ?? decodedJwt.header.kid\n\n if (!kid || !kid.startsWith('did:')) {\n // No DID method present in header. We already performed the validation above. So return that\n return {\n alg: decodedJwt.header.alg,\n jwt: decodedJwt,\n } as JwtVerifyResult\n }\n const did = kid.split('#')[0]\n\n const didResult = await verifyJWT(args.jwt, verifyOpts)\n if (!didResult.verified) {\n console.log(`JWT invalid: ${args.jwt}`)\n throw Error('JWT did not verify successfully')\n }\n\n const didResolution = await resolver.resolve(did)\n if (!didResolution || !didResolution.didDocument) {\n throw Error(`Could not resolve did: ${did}, metadata: ${didResolution?.didResolutionMetadata}`)\n }\n\n const alg = decodedJwt.header.alg\n return {\n alg,\n kid,\n did,\n didDocument: didResolution.didDocument,\n jwt: decodedJwt,\n }\n }\n}\n\nexport async function getAccessTokenKeyRef(\n opts: {\n /**\n * Uniform identifier options\n */\n idOpts?: ManagedIdentifierOptsOrResult\n /**\n * @deprecated\n */\n iss?: string\n /**\n * @deprecated\n */\n keyRef?: string\n /**\n * @deprecated\n */\n didOpts?: IDIDOptions\n },\n context: IRequiredContext,\n) {\n let identifier = legacyKeyRefsToIdentifierOpts(opts)\n return await context.agent.identifierManagedGet(identifier)\n}\n\nexport async function getAccessTokenSignerCallback(\n opts: {\n /**\n * Uniform identifier options\n */\n idOpts?: ManagedIdentifierOptsOrResult\n /**\n * @deprecated\n */\n iss?: string\n /**\n * @deprecated\n */\n keyRef?: string\n /**\n * @deprecated\n */\n didOpts?: IDIDOptions\n },\n context: IRequiredContext,\n) {\n const signer = async (data: string | Uint8Array) => {\n let dataString, encoding: 'base64' | undefined\n\n const resolution = await legacyKeyRefsToIdentifierOpts(opts)\n const keyRef = resolution.kmsKeyRef\n if (!keyRef) {\n throw Error('Cannot sign access tokens without a key ref')\n }\n if (typeof data === 'string') {\n dataString = data\n encoding = undefined\n } else {\n dataString = bytesToBase64(data)\n encoding = 'base64'\n }\n return context.agent.keyManagerSign({ keyRef, data: dataString, encoding })\n }\n\n async function accessTokenSignerCallback(jwt: Jwt, kid?: string): Promise<string> {\n const issuer =\n opts.idOpts?.issuer ??\n (typeof opts.idOpts?.identifier === 'string' ? opts.idOpts.identifier : (opts.didOpts?.idOpts?.identifier?.toString() ?? opts?.iss))\n if (!issuer) {\n throw Error('No issuer configured for access tokens')\n }\n\n let kidHeader: string | undefined = jwt?.header?.kid ?? kid\n if (!kidHeader) {\n if (\n opts.idOpts?.method === 'did' ||\n opts.idOpts?.method === 'kid' ||\n (typeof opts.didOpts?.idOpts.identifier === 'string' && opts.didOpts?.idOpts?.identifier?.startsWith('did:'))\n ) {\n // @ts-ignore\n kidHeader = opts.idOpts?.kid ?? opts.didOpts?.idOpts?.kid ?? opts?.didOpts?.identifierOpts?.kid\n }\n }\n return await createJWT(jwt.payload, { signer, issuer }, { ...jwt.header, ...(kidHeader && { kid: kidHeader }), typ: 'JWT' })\n }\n\n return accessTokenSignerCallback\n}\n\nexport async function getCredentialSignerCallback(\n idOpts: ManagedIdentifierOptsOrResult & {\n crypto?: Crypto\n },\n context: IRequiredContext,\n): Promise<CredentialSignerCallback> {\n async function issueVCCallback(args: {\n credentialRequest: CredentialRequestV1_0_15\n credential: CredentialIssuanceInput\n jwtVerifyResult: JwtVerifyResult\n format?: OID4VCICredentialFormat\n statusLists?: Array<StatusListOpts>\n }): Promise<W3CVerifiableCredential | CompactSdJwtVc> {\n const { jwtVerifyResult, format, statusLists } = args\n const credential = args.credential as ICredential // TODO: SDJWT\n let proofFormat: ProofFormat\n\n const resolution = await context.agent.identifierManagedGet(idOpts)\n proofFormat = format?.includes('ld') ? 'lds' : 'jwt'\n const issuer = resolution.issuer ?? resolution.kmsKeyRef\n\n if (CredentialMapper.isW3cCredential(credential)) {\n if (!credential.issuer) {\n credential.issuer = { id: issuer }\n } else if (typeof credential.issuer === 'object' && !credential.issuer.id) {\n credential.issuer.id = issuer\n }\n const subjectIsArray = Array.isArray(credential.credentialSubject)\n let credentialSubjects = Array.isArray(credential.credentialSubject) ? credential.credentialSubject : [credential.credentialSubject]\n credentialSubjects = credentialSubjects.map((subject) => {\n if (!subject.id) {\n subject.id = jwtVerifyResult.did\n }\n return subject\n })\n credential.credentialSubject = subjectIsArray ? credentialSubjects : credentialSubjects[0]\n\n // TODO: We should extend the plugin capabilities of issuance so we do not have to tuck this into the sign callback\n if (contextHasPlugin<IStatusListPlugin>(context, 'slAddStatusToCredential')) {\n // Add status list if enabled (and when the input has a credentialStatus object (can be empty))\n const credentialStatusVC = await context.agent.slAddStatusToCredential({ credential, statusLists })\n if (credential.credentialStatus && !credential.credentialStatus.statusListCredential) {\n credential.credentialStatus = credentialStatusVC.credentialStatus\n }\n }\n\n const result = await context.agent.createVerifiableCredential({\n credential: credential as CredentialPayload,\n proofFormat,\n removeOriginalFields: false,\n fetchRemoteContexts: true,\n domain: typeof credential.issuer === 'object' ? credential.issuer.id : credential.issuer,\n ...(resolution.kid && { header: { kid: resolution.kid } }),\n })\n return (proofFormat === 'jwt' && 'jwt' in result.proof ? result.proof.jwt : result) as W3CVerifiableCredential\n } else if (CredentialMapper.isSdJwtDecodedCredentialPayload(credential)) {\n const sdJwtPayload = credential as SdJwtVcPayload\n if (sdJwtPayload.iss === undefined) {\n sdJwtPayload.iss = issuer\n }\n if (sdJwtPayload.iat === undefined) {\n sdJwtPayload.iat = Math.floor(new Date().getTime() / 1000)\n }\n\n let disclosureFrame\n if ('disclosureFrame' in credential) {\n disclosureFrame = credential['disclosureFrame']\n delete credential['disclosureFrame']\n } else {\n disclosureFrame = {\n _sd: credential['_sd'],\n }\n }\n\n if (contextHasPlugin<IStatusListPlugin>(context, 'slAddStatusToSdJwtCredential')) {\n if ((sdJwtPayload.status && sdJwtPayload.status.status_list) || (statusLists && statusLists.length > 0)) {\n // Add status list if enabled (and when the input has a credentialStatus object (can be empty))\n const sdJwtPayloadWithStatus = await context.agent.slAddStatusToSdJwtCredential({ credential: sdJwtPayload, statusLists })\n if (sdJwtPayload.status?.status_list?.idx) {\n if (!sdJwtPayloadWithStatus.status || !sdJwtPayloadWithStatus.status.status_list) {\n // sdJwtPayload and sdJwtPayloadWithStatus is the same for now, but we should use the result anyway as this could be subject to change\n return Promise.reject(Error('slAddStatusToSdJwtCredential did not return a status_list'))\n }\n\n // Update statusListId & statusListIndex back to the credential session TODO SSISDK-4 This is not a clean way to do this.\n if (statusLists && statusLists.length > 0) {\n const statusList = statusLists[0]\n statusList.statusListId = sdJwtPayloadWithStatus.status.status_list.uri\n statusList.statusListIndex = sdJwtPayloadWithStatus.status.status_list.idx\n }\n sdJwtPayload.status.status_list.idx = sdJwtPayloadWithStatus.status.status_list.idx\n }\n }\n }\n\n const result = await context.agent.createSdJwtVc({\n credentialPayload: sdJwtPayload,\n disclosureFrame: disclosureFrame,\n resolution,\n })\n return result.credential\n } /*else if (CredentialMapper.isMsoMdocDecodedCredential(credential)) {\n TODO\n }*/\n return Promise.reject('VC issuance failed, an incorrect or unsupported credential was supplied')\n }\n\n return issueVCCallback\n}\n\nexport async function createVciIssuerBuilder(\n args: {\n issuerOpts: IIssuerOptions\n issuerMetadata: IssuerMetadata\n authorizationServerMetadata: AuthorizationServerMetadata\n resolver?: Resolvable\n credentialDataSupplier?: CredentialDataSupplier\n },\n context: IRequiredContext,\n): Promise<VcIssuerBuilder> {\n const { issuerOpts, issuerMetadata, authorizationServerMetadata } = args\n\n const builder = new VcIssuerBuilder()\n // @ts-ignore\n const resolver =\n args.resolver ??\n args?.issuerOpts?.didOpts?.resolveOpts?.resolver ??\n args.issuerOpts?.didOpts?.resolveOpts?.jwtVerifyOpts?.resolver ??\n getAgentResolver(context)\n if (!resolver) {\n throw Error('A Resolver is necessary to verify DID JWTs')\n }\n const idOpts = legacyKeyRefsToIdentifierOpts({ didOpts: issuerOpts.didOpts, idOpts: issuerOpts.idOpts })\n const jwtVerifyOpts: JWTVerifyOptions = {\n ...issuerOpts?.didOpts?.resolveOpts?.jwtVerifyOpts,\n ...args?.issuerOpts?.resolveOpts?.jwtVerifyOpts,\n resolver,\n audience: issuerMetadata.credential_issuer as string, // FIXME legacy version had {display: NameAndLocale | NameAndLocale[]} as credential_issuer\n }\n builder.withIssuerMetadata(issuerMetadata)\n builder.withAuthorizationMetadata(authorizationServerMetadata)\n // builder.withUserPinRequired(issuerOpts.userPinRequired ?? false) was removed from implementers draft v1\n builder.withCredentialSignerCallback(await getCredentialSignerCallback(idOpts, context))\n if (issuerOpts.nonceEndpoint) {\n builder.withNonceEndpoint(issuerOpts.nonceEndpoint)\n } else if (issuerMetadata.nonce_endpoint) {\n builder.withNonceEndpoint(issuerOpts.nonceEndpoint ?? issuerMetadata.nonce_endpoint)\n }\n\n if (issuerOpts.asClientOpts) {\n builder.withASClientMetadata(issuerOpts.asClientOpts)\n // @ts-ignore\n // const authorizationServer = issuerMetadata.authorization_servers[0] as string\n // Set the OIDC verifier\n // builder.withJWTVerifyCallback(oidcAccessTokenVerifyCallback({clientMetadata: issuerOpts.asClientOpts, credentialIssuer: issuerMetadata.credential_issuer as string, authorizationServer}))\n }\n // Do not use it when asClient is used\n builder.withJWTVerifyCallback(getJwtVerifyCallback({ verifyOpts: jwtVerifyOpts }, context))\n\n if (args.credentialDataSupplier) {\n builder.withCredentialDataSupplier(args.credentialDataSupplier)\n }\n builder.withInMemoryCNonceState()\n builder.withInMemoryCredentialOfferState()\n builder.withInMemoryCredentialOfferURIState()\n\n return builder\n}\n\nexport async function createVciIssuer(\n {\n issuerOpts,\n issuerMetadata,\n authorizationServerMetadata,\n credentialDataSupplier,\n }: {\n issuerOpts: IIssuerOptions\n issuerMetadata: IssuerMetadata\n authorizationServerMetadata: AuthorizationServerMetadata\n credentialDataSupplier?: CredentialDataSupplier\n },\n context: IRequiredContext,\n): Promise<VcIssuer> {\n return (\n await createVciIssuerBuilder(\n {\n issuerOpts,\n issuerMetadata,\n authorizationServerMetadata,\n credentialDataSupplier,\n },\n context,\n )\n ).build()\n}\n\nexport async function createAuthRequestUriCallback(opts: { path: string; presentationDefinitionId: string }): Promise<() => Promise<string>> {\n async function authRequestUriCallback(): Promise<string> {\n const path = opts.path.replace(':definitionId', opts.presentationDefinitionId)\n return fetch(path, {\n method: 'POST',\n headers: {\n 'Content-Type': 'application/json',\n },\n }).then(async (response): Promise<string> => {\n if (response.status >= 400) {\n return Promise.reject(Error(await response.text()))\n } else {\n const responseData = await response.json()\n\n if (!responseData.authRequestURI) {\n return Promise.reject(Error('Missing auth request uri in response body'))\n }\n\n return responseData.authRequestURI\n }\n })\n }\n\n return authRequestUriCallback\n}\n\nexport async function createVerifyAuthResponseCallback(opts: {\n path: string\n presentationDefinitionId: string\n}): Promise<(correlationId: string) => Promise<boolean>> {\n async function verifyAuthResponseCallback(correlationId: string): Promise<boolean> {\n return fetch(opts.path, {\n method: 'POST',\n headers: {\n 'Content-Type': 'application/json',\n },\n body: JSON.stringify({ definitionId: opts.presentationDefinitionId, correlationId }),\n }).then(async (response): Promise<boolean> => {\n if (response.status >= 400) {\n return Promise.reject(Error(await response.text()))\n } else {\n const responseData = await response.json()\n\n if (!responseData.status) {\n return Promise.reject(Error('Missing status in response body'))\n }\n\n return responseData.status === AuthorizationResponseStateStatus.VERIFIED\n }\n })\n }\n\n return verifyAuthResponseCallback\n}\n","import { CredentialDataSupplier, VcIssuer } from '@sphereon/oid4vci-issuer'\nimport { createVciIssuerBuilder } from './functions'\nimport { AuthorizationServerMetadata, IssuerMetadata } from '@sphereon/oid4vci-common'\nimport { IIssuerOptions, IMetadataOptions, IRequiredContext } from './types/IOID4VCIIssuer'\n\nexport class IssuerInstance {\n private _issuer: VcIssuer | undefined\n private readonly _metadataOptions: IMetadataOptions\n private readonly _issuerOptions: IIssuerOptions\n private _issuerMetadata: IssuerMetadata\n private readonly _authorizationServerMetadata: AuthorizationServerMetadata\n\n public constructor({\n issuerOpts,\n metadataOpts,\n issuerMetadata,\n authorizationServerMetadata,\n }: {\n issuerOpts: IIssuerOptions\n metadataOpts: IMetadataOptions\n issuerMetadata: IssuerMetadata\n authorizationServerMetadata: AuthorizationServerMetadata\n }) {\n this._issuerOptions = issuerOpts\n this._metadataOptions = metadataOpts\n this._issuerMetadata = issuerMetadata\n this._authorizationServerMetadata = authorizationServerMetadata\n }\n\n public async get(opts: { context: IRequiredContext; credentialDataSupplier?: CredentialDataSupplier }): Promise<VcIssuer> {\n if (!this._issuer) {\n const builder = await createVciIssuerBuilder(\n {\n issuerOpts: this.issuerOptions,\n issuerMetadata: this.issuerMetadata,\n authorizationServerMetadata: this.authorizationServerMetadata,\n credentialDataSupplier: opts?.credentialDataSupplier,\n },\n opts.context,\n )\n this._issuer = builder.build()\n }\n return this._issuer\n }\n\n get issuerOptions() {\n return this._issuerOptions\n }\n\n get metadataOptions() {\n return this._metadataOptions\n }\n\n get issuerMetadata() {\n return this._issuerMetadata\n }\n\n set issuerMetadata(value: IssuerMetadata) {\n // TODO SSISDK-87 create proper solution to update issuer metadata\n if (this._issuer?.issuerMetadata) {\n this._issuer.issuerMetadata = {\n ...this._issuer?.issuerMetadata,\n credential_configurations_supported: value.credential_configurations_supported\n }\n }\n\n this._issuerMetadata = value\n }\n\n get authorizationServerMetadata() {\n return this._authorizationServerMetadata\n }\n}\n","/**\n * @public\n */\nconst schema = require('../plugin.schema.json')\nexport { schema }\nexport { OID4VCIIssuer, oid4vciIssuerMethods } from './agent/OID4VCIIssuer'\nexport * from './functions'\nexport * from './IssuerInstance'\nexport * from './types/IOID4VCIIssuer'\n"],"mappings":";;;;;;;;AAAA;AAAA;AAAA;AAAA,MACE,6BAA+B;AAAA,QAC7B,YAAc;AAAA,UACZ,SAAW;AAAA,YACT,qBAAuB;AAAA,cACrB,MAAQ;AAAA,cACR,YAAc;AAAA,gBACZ,WAAa;AAAA,kBACX,MAAQ;AAAA,gBACV;AAAA,gBACA,sBAAwB;AAAA,cAC1B;AAAA,cACA,UAAY,CAAC,WAAW;AAAA,cACxB,aAAe;AAAA,YACjB;AAAA,YACA,0BAA4B;AAAA,cAC1B,MAAQ;AAAA,cACR,YAAc;AAAA,gBACZ,YAAc;AAAA,kBACZ,MAAQ;AAAA,kBACR,YAAc;AAAA,oBACZ,KAAO;AAAA,sBACL,MAAQ;AAAA,oBACV;AAAA,oBACA,OAAS;AAAA,sBACP,MAAQ;AAAA,oBACV;AAAA,oBACA,UAAY;AAAA,sBACV,MAAQ;AAAA,oBACV;AAAA,oBACA,iBAAmB;AAAA,sBACjB,MAAQ;AAAA,oBACV;AAAA,oBACA,MAAQ;AAAA,sBACN,MAAQ;AAAA,sBACR,OAAS;AAAA,wBACP,MAAQ;AAAA,wBACR,YAAc;AAAA,0BACZ,sBAAwB;AAAA,wBAC1B;AAAA,sBACF;AAAA,oBACF;AAAA,oBACA,UAAY;AAAA,sBACV,MAAQ;AAAA,sBACR,OAAS;AAAA,wBACP,MAAQ;AAAA,wBACR,YAAc;AAAA,0BACZ,sBAAwB;AAAA,wBAC1B;AAAA,sBACF;AAAA,oBACF;AAAA,kBACF;AAAA,kBACA,sBAAwB;AAAA,kBACxB,UAAY,CAAC,OAAO,YAAY,QAAQ,UAAU;AAAA,gBACpD;AAAA,gBACA,WAAa;AAAA,kBACX,MAAQ;AAAA,gBACV;AAAA,gBACA,WAAa;AAAA,kBACX,MAAQ;AAAA,gBACV;AAAA,gBACA,sBAAwB;AAAA,cAC1B;AAAA,cACA,UAAY,CAAC,YAAY;AAAA,cACzB,aAAe;AAAA,YACjB;AAAA,YACA,wBAA0B;AAAA,cACxB,MAAQ;AAAA,cACR,YAAc;AAAA,gBACZ,WAAa;AAAA,kBACX,MAAQ;AAAA,gBACV;AAAA,gBACA,sBAAwB;AAAA,cAC1B;AAAA,cACA,UAAY,CAAC,WAAW;AAAA,cACxB,aAAe;AAAA,YACjB;AAAA,YACA,2BAA6B;AAAA,cAC3B,MAAQ;AAAA,cACR,YAAc;AAAA,gBACZ,WAAa;AAAA,kBACX,MAAQ;AAAA,gBACV;AAAA,gBACA,SAAW;AAAA,kBACT,MAAQ;AAAA,gBACV;AAAA,gBACA,aAAe;AAAA,kBACb,MAAQ;AAAA,gBACV;AAAA,gBACA,sBAAwB;AAAA,cAC1B;AAAA,cACA,UAAY,CAAC,aAAa,WAAW,aAAa;AAAA,cAClD,aAAe;AAAA,YACjB;AAAA,YACA,WAAa;AAAA,cACX,MAAQ;AAAA,cACR,YAAc;AAAA,gBACZ,QAAU;AAAA,kBACR,MAAQ;AAAA,gBACV;AAAA,gBACA,sBAAwB;AAAA,cAC1B;AAAA,cACA,UAAY,CAAC,QAAQ;AAAA,cACrB,aAAe;AAAA,YACjB;AAAA,YACA,yCAA2C;AAAA,cACzC,MAAQ;AAAA,cACR,YAAc;AAAA,gBACZ,WAAa;AAAA,kBACX,MAAQ;AAAA,gBACV;AAAA,gBACA,SAAW;AAAA,kBACT,MAAQ;AAAA,gBACV;AAAA,gBACA,aAAe;AAAA,kBACb,MAAQ;AAAA,gBACV;AAAA,gBACA,sBAAwB;AAAA,cAC1B;AAAA,cACA,UAAY,CAAC,aAAa,WAAW,aAAa;AAAA,cAClD,aAAe;AAAA,YACjB;AAAA,YACA,gCAAkC;AAAA,cAChC,MAAQ;AAAA,cACR,YAAc;AAAA,gBACZ,KAAO;AAAA,kBACL,MAAQ;AAAA,gBACV;AAAA,gBACA,gBAAkB;AAAA,kBAChB,MAAQ;AAAA,kBACR,YAAc;AAAA,oBACZ,sBAAwB;AAAA,kBAC1B;AAAA,gBACF;AAAA,gBACA,cAAgB;AAAA,kBACd,MAAQ;AAAA,kBACR,YAAc;AAAA,oBACZ,sBAAwB;AAAA,kBAC1B;AAAA,gBACF;AAAA,gBACA,sBAAwB;AAAA,cAC1B;AAAA,cACA,UAAY,CAAC,OAAO,kBAAkB,cAAc;AAAA,cACpD,aAAe;AAAA,YACjB;AAAA,YACA,0CAA4C;AAAA,cAC1C,MAAQ;AAAA,cACR,YAAc;AAAA,gBACZ,WAAa;AAAA,kBACX,MAAQ;AAAA,gBACV;AAAA,gBACA,+BAAiC;AAAA,kBAC/B,MAAQ;AAAA,kBACR,YAAc;AAAA,oBACZ,sBAAwB;AAAA,kBAC1B;AAAA,gBACF;AAAA,gBACA,kBAAoB;AAAA,kBAClB,MAAQ;AAAA,kBACR,YAAc;AAAA,oBACZ,sBAAwB;AAAA,kBAC1B;AAAA,gBACF;AAAA,gBACA,sBAAwB;AAAA,cAC1B;AAAA,cACA,UAAY,CAAC,aAAa,+BAA+B;AAAA,cACzD,aAAe;AAAA,YACjB;AAAA,YACA,qBAAuB;AAAA,cACrB,MAAQ;AAAA,cACR,YAAc;AAAA,gBACZ,IAAM;AAAA,kBACJ,MAAQ;AAAA,gBACV;AAAA,gBACA,aAAe;AAAA,kBACb,MAAQ;AAAA,kBACR,OAAS;AAAA,oBACP,MAAQ;AAAA,kBACV;AAAA,gBACF;AAAA,gBACA,gBAAkB;AAAA,kBAChB,MAAQ;AAAA,kBACR,YAAc;AAAA,oBACZ,sBAAwB;AAAA,kBAC1B;AAAA,gBACF;AAAA,gBACA,sBAAwB;AAAA,cAC1B;AAAA,cACA,UAAY,CAAC,MAAM,gBAAgB;AAAA,cACnC,aAAe;AAAA,YACjB;AAAA,YACA,yCAA2C;AAAA,cACzC,MAAQ;AAAA,cACR,YAAc;AAAA,gBACZ,WAAa;AAAA,kBACX,MAAQ;AAAA,gBACV;AAAA,gBACA,gCAAkC;AAAA,kBAChC,MAAQ;AAAA,kBACR,YAAc;AAAA,oBACZ,sBAAwB;AAAA,kBAC1B;AAAA,gBACF;AAAA,gBACA,sBAAwB;AAAA,cAC1B;AAAA,cACA,UAAY,CAAC,aAAa,gCAAgC;AAAA,cAC1D,aAAe;AAAA,YACjB;AAAA,YACA,8BAAgC;AAAA,cAC9B,MAAQ;AAAA,cACR,YAAc;AAAA,gBACZ,SAAW;AAAA,kBACT,MAAQ;AAAA,kBACR,YAAc;AAAA,oBACZ,sBAAwB;AAAA,kBAC1B;AAAA,gBACF;AAAA,gBACA,yBAA2B;AAAA,kBACzB,MAAQ;AAAA,kBACR,YAAc;AAAA,oBACZ,sBAAwB;AAAA,kBAC1B;AAAA,gBACF;AAAA,gBACA,YAAc;AAAA,kBACZ,MAAQ;AAAA,kBACR,YAAc;AAAA,oBACZ,sBAAwB;AAAA,kBAC1B;AAAA,gBACF;AAAA,gBACA,sBAAwB;AAAA,cAC1B;AAAA,cACA,UAAY,CAAC,WAAW,YAAY;AAAA,cACpC,aAAe;AAAA,YACjB;AAAA,YACA,qCAAuC;AAAA,cACrC,MAAQ;AAAA,cACR,YAAc;AAAA,gBACZ,WAAa;AAAA,kBACX,MAAQ;AAAA,gBACV;AAAA,gBACA,+BAAiC;AAAA,kBAC/B,MAAQ;AAAA,kBACR,YAAc;AAAA,oBACZ,sBAAwB;AAAA,kBAC1B;AAAA,gBACF;AAAA,gBACA,gCAAkC;AAAA,kBAChC,MAAQ;AAAA,kBACR,YAAc;AAAA,oBACZ,sBAAwB;AAAA,kBAC1B;AAAA,gBACF;AAAA,gBACA,sBAAwB;AAAA,cAC1B;AAAA,cACA,UAAY,CAAC,aAAa,+BAA+B;AAAA,cACzD,aAAe;AAAA,YACjB;AAAA,UACF;AAAA,UACA,SAAW;AAAA,YACT,mBAAqB;AAAA,cACnB,aAAe;AAAA,cACf,WAAa;AAAA,gBACX,MAAQ;AAAA,cACV;AAAA,cACA,YAAc;AAAA,YAChB;AAAA,YACA,wBAA0B;AAAA,cACxB,aAAe;AAAA,cACf,WAAa;AAAA,gBACX,MAAQ;AAAA,cACV;AAAA,cACA,YAAc;AAAA,YAChB;AAAA,YACA,sBAAwB;AAAA,cACtB,aAAe;AAAA,cACf,WAAa;AAAA,gBACX,MAAQ;AAAA,cACV;AAAA,cACA,YAAc;AAAA,YAChB;AAAA,YACA,sBAAwB;AAAA,cACtB,aAAe;AAAA,cACf,WAAa;AAAA,gBACX,MAAQ;AAAA,cACV;AAAA,cACA,YAAc;AAAA,gBACZ,MAAQ;AAAA,cACV;AAAA,YACF;AAAA,YACA,oCAAsC;AAAA,cACpC,aAAe;AAAA,cACf,WAAa;AAAA,gBACX,MAAQ;AAAA,cACV;AAAA,cACA,YAAc;AAAA,gBACZ,MAAQ;AAAA,cACV;AAAA,YACF;AAAA,YACA,qCAAuC;AAAA,cACrC,aAAe;AAAA,cACf,WAAa;AAAA,gBACX,MAAQ;AAAA,cACV;AAAA,cACA,YAAc;AAAA,gBACZ,MAAQ;AAAA,cACV;AAAA,YACF;AAAA,YACA,oCAAsC;AAAA,cACpC,aAAe;AAAA,cACf,WAAa;AAAA,gBACX,MAAQ;AAAA,cACV;AAAA,cACA,YAAc;AAAA,gBACZ,MAAQ;AAAA,cACV;AAAA,YACF;AAAA,YACA,gCAAkC;AAAA,cAChC,aAAe;AAAA,cACf,WAAa;AAAA,gBACX,MAAQ;AAAA,cACV;AAAA,cACA,YAAc;AAAA,gBACZ,MAAQ;AAAA,cACV;AAAA,YACF;AAAA,UACF;AAAA,QACF;AAAA,MACF;AAAA,IACF;AAAA;AAAA;;;ACxUA,SAMEA,0BACK;AACP,SAASC,+BAA+BC,iCAA2C;AACnF,SAASC,yBAAyB;AAClC,SAASC,oBAAAA,yBAAwB;;;ACVjC,SAASC,wCAAwC;AAYjD,SAA8FC,uBAAuB;AACrH,SAASC,wBAAqC;AAC9C,SAASC,qCAAoE;AAC7E,SAASC,wBAAwB;AAGjC,SAAyBC,wBAA8D;AAEvF,SAASC,qBAAqB;AAC9B,OAAOC,WAAW;AAClB,SAASC,WAAWC,WAA6BC,iBAAiB;AAElE,SAASC,iBAAiB;AAGnB,SAASC,qBAAqB,EAAEC,WAAU,GAAuCC,UAA0B;AAChH,SAAO,OAAOC,SAAAA;AACZ,UAAMC,WAAWC,iBAAiBH,UAAU;MAC1CI,oBAAoB;MACpBC,uBAAuB;MACvBC,iBAAiB;IACnB,CAAA;AACAP,iBAAa;MAAE,GAAGA;MAAYG,UAAUH,YAAYG;IAAS;AAC7D,QAAI,CAACH,YAAYG,YAAY,OAAOH,YAAYG,UAAUK,YAAY,YAAY;AAChFR,iBAAWG,WAAWA;IACxB;AACA,UAAMM,SAAS,MAAMR,SAASS,MAAMC,sBAAsB;MAAEC,KAAKV,KAAKW;IAAI,CAAA;AAC1E,QAAI,CAACJ,OAAOK,OAAO;AACjB,YAAMC,aAAaN,OAAOG,IAAII,WAAW,CAAA,EAAGD;AAC5C,UAAI,CAACA,YAAY;AACf,eAAOE,QAAQC,OAAOC,MAAM,wDAAA,CAAA;MAC9B;AACA,YAAMC,UAAUL,WAAWM,KAAK,CAAA;AAChC,UAAI,CAACD,SAAS;AACZ,eAAOH,QAAQC,OAAOC,MAAM,0BAA0BJ,WAAWO,MAAM,oCAAoC,CAAA;MAC7G;AACA,YAAM,EAAEC,KAAAA,KAAG,IAAKH,QAAQI;AACxB,YAAMC,SAASC,UAAqBxB,KAAKW,KAAK;QAAEY,QAAQ;MAAK,CAAA;AAC7D,YAAME,UAAUD,UAAsBxB,KAAKW,KAAK;QAAEY,QAAQ;MAAM,CAAA;AAChE,YAAMG,OAAM1B,KAAK0B,OAAOH,OAAOG;AAE/B,YAAMJ,MAAMJ,QAAQI;AACpB,aAAO;QACLD,KAAAA;QACA,GAAGR;QACHF,KAAK;UAAEY;UAAQE;QAAQ;QACvB,GAAIC,QAAO;UAAEA,KAAAA;QAAI;QACjB,GAAIJ,OAAO;UAAEA;QAAI;MACnB;IACF;AAEA,UAAMK,aAAc,MAAMC,UAAU5B,KAAKW,GAAG;AAC5C,UAAMe,MAAM1B,KAAK0B,OAAOC,WAAWJ,OAAOG;AAE1C,QAAI,CAACA,OAAO,CAACA,IAAIG,WAAW,MAAA,GAAS;AAEnC,aAAO;QACLR,KAAKM,WAAWJ,OAAOF;QACvBV,KAAKgB;MACP;IACF;AACA,UAAMG,MAAMJ,IAAIK,MAAM,GAAA,EAAK,CAAA;AAE3B,UAAMC,YAAY,MAAMC,UAAUjC,KAAKW,KAAKb,UAAAA;AAC5C,QAAI,CAACkC,UAAUE,UAAU;AACvBC,cAAQC,IAAI,gBAAgBpC,KAAKW,GAAG,EAAE;AACtC,YAAMM,MAAM,iCAAA;IACd;AAEA,UAAMoB,gBAAgB,MAAMpC,SAASK,QAAQwB,GAAAA;AAC7C,QAAI,CAACO,iBAAiB,CAACA,cAAcC,aAAa;AAChD,YAAMrB,MAAM,0BAA0Ba,GAAAA,eAAkBO,eAAeE,qBAAAA,EAAuB;IAChG;AAEA,UAAMlB,MAAMM,WAAWJ,OAAOF;AAC9B,WAAO;MACLA;MACAK;MACAI;MACAQ,aAAaD,cAAcC;MAC3B3B,KAAKgB;IACP;EACF;AACF;AApEgB9B;AAsEhB,eAAsB2C,qBACpBC,MAkBAC,SAAyB;AAEzB,MAAI7B,aAAa8B,8BAA8BF,IAAAA;AAC/C,SAAO,MAAMC,QAAQlC,MAAMoC,qBAAqB/B,UAAAA;AAClD;AAvBsB2B;AAyBtB,eAAsBK,6BACpBJ,MAkBAC,SAAyB;AAEzB,QAAMI,SAAS,8BAAOC,SAAAA;AACpB,QAAIC,YAAYC;AAEhB,UAAMC,aAAa,MAAMP,8BAA8BF,IAAAA;AACvD,UAAMU,SAASD,WAAWE;AAC1B,QAAI,CAACD,QAAQ;AACX,YAAMlC,MAAM,6CAAA;IACd;AACA,QAAI,OAAO8B,SAAS,UAAU;AAC5BC,mBAAaD;AACbE,iBAAWI;IACb,OAAO;AACLL,mBAAaM,cAAcP,IAAAA;AAC3BE,iBAAW;IACb;AACA,WAAOP,QAAQlC,MAAM+C,eAAe;MAAEJ;MAAQJ,MAAMC;MAAYC;IAAS,CAAA;EAC3E,GAhBe;AAkBf,iBAAeO,0BAA0B7C,KAAUe,KAAY;AAC7D,UAAM+B,SACJhB,KAAKiB,QAAQD,WACZ,OAAOhB,KAAKiB,QAAQ7C,eAAe,WAAW4B,KAAKiB,OAAO7C,aAAc4B,KAAKkB,SAASD,QAAQ7C,YAAY+C,SAAAA,KAAcnB,MAAMoB;AACjI,QAAI,CAACJ,QAAQ;AACX,YAAMxC,MAAM,wCAAA;IACd;AAEA,QAAI6C,YAAgCnD,KAAKY,QAAQG,OAAOA;AACxD,QAAI,CAACoC,WAAW;AACd,UACErB,KAAKiB,QAAQtC,WAAW,SACxBqB,KAAKiB,QAAQtC,WAAW,SACvB,OAAOqB,KAAKkB,SAASD,OAAO7C,eAAe,YAAY4B,KAAKkB,SAASD,QAAQ7C,YAAYgB,WAAW,MAAA,GACrG;AAEAiC,oBAAYrB,KAAKiB,QAAQhC,OAAOe,KAAKkB,SAASD,QAAQhC,OAAOe,MAAMkB,SAASI,gBAAgBrC;MAC9F;IACF;AACA,WAAO,MAAMsC,UAAUrD,IAAIc,SAAS;MAAEqB;MAAQW;IAAO,GAAG;MAAE,GAAG9C,IAAIY;MAAQ,GAAIuC,aAAa;QAAEpC,KAAKoC;MAAU;MAAIG,KAAK;IAAM,CAAA;EAC5H;AApBeT;AAsBf,SAAOA;AACT;AA9DsBX;AAgEtB,eAAsBqB,4BACpBR,QAGAhB,SAAyB;AAEzB,iBAAeyB,gBAAgBnE,MAM9B;AACC,UAAM,EAAEoE,iBAAiBC,QAAQC,YAAW,IAAKtE;AACjD,UAAMuE,aAAavE,KAAKuE;AACxB,QAAIC;AAEJ,UAAMtB,aAAa,MAAMR,QAAQlC,MAAMoC,qBAAqBc,MAAAA;AAC5Dc,kBAAcH,QAAQI,SAAS,IAAA,IAAQ,QAAQ;AAC/C,UAAMhB,SAASP,WAAWO,UAAUP,WAAWE;AAE/C,QAAIsB,iBAAiBC,gBAAgBJ,UAAAA,GAAa;AAChD,UAAI,CAACA,WAAWd,QAAQ;AACtBc,mBAAWd,SAAS;UAAEmB,IAAInB;QAAO;MACnC,WAAW,OAAOc,WAAWd,WAAW,YAAY,CAACc,WAAWd,OAAOmB,IAAI;AACzEL,mBAAWd,OAAOmB,KAAKnB;MACzB;AACA,YAAMoB,iBAAiBC,MAAMC,QAAQR,WAAWS,iBAAiB;AACjE,UAAIC,qBAAqBH,MAAMC,QAAQR,WAAWS,iBAAiB,IAAIT,WAAWS,oBAAoB;QAACT,WAAWS;;AAClHC,2BAAqBA,mBAAmBC,IAAI,CAACC,YAAAA;AAC3C,YAAI,CAACA,QAAQP,IAAI;AACfO,kBAAQP,KAAKR,gBAAgBtC;QAC/B;AACA,eAAOqD;MACT,CAAA;AACAZ,iBAAWS,oBAAoBH,iBAAiBI,qBAAqBA,mBAAmB,CAAA;AAGxF,UAAIG,iBAAoC1C,SAAS,yBAAA,GAA4B;AAE3E,cAAM2C,qBAAqB,MAAM3C,QAAQlC,MAAM8E,wBAAwB;UAAEf;UAAYD;QAAY,CAAA;AACjG,YAAIC,WAAWgB,oBAAoB,CAAChB,WAAWgB,iBAAiBC,sBAAsB;AACpFjB,qBAAWgB,mBAAmBF,mBAAmBE;QACnD;MACF;AAEA,YAAMhF,SAAS,MAAMmC,QAAQlC,MAAMiF,2BAA2B;QAC5DlB;QACAC;QACAkB,sBAAsB;QACtBC,qBAAqB;QACrBC,QAAQ,OAAOrB,WAAWd,WAAW,WAAWc,WAAWd,OAAOmB,KAAKL,WAAWd;QAClF,GAAIP,WAAWxB,OAAO;UAAEH,QAAQ;YAAEG,KAAKwB,WAAWxB;UAAI;QAAE;MAC1D,CAAA;AACA,aAAQ8C,gBAAgB,SAAS,SAASjE,OAAOsF,QAAQtF,OAAOsF,MAAMlF,MAAMJ;IAC9E,WAAWmE,iBAAiBoB,gCAAgCvB,UAAAA,GAAa;AACvE,YAAMwB,eAAexB;AACrB,UAAIwB,aAAalC,QAAQR,QAAW;AAClC0C,qBAAalC,MAAMJ;MACrB;AACA,UAAIsC,aAAaC,QAAQ3C,QAAW;AAClC0C,qBAAaC,MAAMC,KAAKC,OAAM,oBAAIC,KAAAA,GAAOC,QAAO,IAAK,GAAA;MACvD;AAEA,UAAIC;AACJ,UAAI,qBAAqB9B,YAAY;AACnC8B,0BAAkB9B,WAAW,iBAAA;AAC7B,eAAOA,WAAW,iBAAA;MACpB,OAAO;AACL8B,0BAAkB;UAChBC,KAAK/B,WAAW,KAAA;QAClB;MACF;AAEA,UAAIa,iBAAoC1C,SAAS,8BAAA,GAAiC;AAChF,YAAKqD,aAAaQ,UAAUR,aAAaQ,OAAOC,eAAiBlC,eAAeA,YAAYmC,SAAS,GAAI;AAEvG,gBAAMC,yBAAyB,MAAMhE,QAAQlC,MAAMmG,6BAA6B;YAAEpC,YAAYwB;YAAczB;UAAY,CAAA;AACxH,cAAIyB,aAAaQ,QAAQC,aAAaI,KAAK;AACzC,gBAAI,CAACF,uBAAuBH,UAAU,CAACG,uBAAuBH,OAAOC,aAAa;AAEhF,qBAAOzF,QAAQC,OAAOC,MAAM,2DAAA,CAAA;YAC9B;AAGA,gBAAIqD,eAAeA,YAAYmC,SAAS,GAAG;AACzC,oBAAMI,aAAavC,YAAY,CAAA;AAC/BuC,yBAAWC,eAAeJ,uBAAuBH,OAAOC,YAAYO;AACpEF,yBAAWG,kBAAkBN,uBAAuBH,OAAOC,YAAYI;YACzE;AACAb,yBAAaQ,OAAOC,YAAYI,MAAMF,uBAAuBH,OAAOC,YAAYI;UAClF;QACF;MACF;AAEA,YAAMrG,SAAS,MAAMmC,QAAQlC,MAAMyG,cAAc;QAC/CC,mBAAmBnB;QACnBM;QACAnD;MACF,CAAA;AACA,aAAO3C,OAAOgE;IAChB;AAGA,WAAOxD,QAAQC,OAAO,yEAAA;EACxB;AAnGemD;AAqGf,SAAOA;AACT;AA5GsBD;AA8GtB,eAAsBiD,uBACpBnH,MAOA0C,SAAyB;AAEzB,QAAM,EAAE0E,YAAYC,gBAAgBC,4BAA2B,IAAKtH;AAEpE,QAAMuH,UAAU,IAAIC,gBAAAA;AAEpB,QAAMvH,WACJD,KAAKC,YACLD,MAAMoH,YAAYzD,SAAS8D,aAAaxH,YACxCD,KAAKoH,YAAYzD,SAAS8D,aAAaC,eAAezH,YACtDC,iBAAiBwC,OAAAA;AACnB,MAAI,CAACzC,UAAU;AACb,UAAMgB,MAAM,4CAAA;EACd;AACA,QAAMyC,SAASf,8BAA8B;IAAEgB,SAASyD,WAAWzD;IAASD,QAAQ0D,WAAW1D;EAAO,CAAA;AACtG,QAAMgE,gBAAkC;IACtC,GAAGN,YAAYzD,SAAS8D,aAAaC;IACrC,GAAG1H,MAAMoH,YAAYK,aAAaC;IAClCzH;IACA0H,UAAUN,eAAeO;EAC3B;AACAL,UAAQM,mBAAmBR,cAAAA;AAC3BE,UAAQO,0BAA0BR,2BAAAA;AAElCC,UAAQQ,6BAA6B,MAAM7D,4BAA4BR,QAAQhB,OAAAA,CAAAA;AAC/E,MAAI0E,WAAWY,eAAe;AAC5BT,YAAQU,kBAAkBb,WAAWY,aAAa;EACpD,WAAWX,eAAea,gBAAgB;AACxCX,YAAQU,kBAAkBb,WAAWY,iBAAiBX,eAAea,cAAc;EACrF;AAEA,MAAId,WAAWe,cAAc;AAC3BZ,YAAQa,qBAAqBhB,WAAWe,YAAY;EAKtD;AAEAZ,UAAQc,sBAAsBxI,qBAAqB;IAAEC,YAAY4H;EAAc,GAAGhF,OAAAA,CAAAA;AAElF,MAAI1C,KAAKsI,wBAAwB;AAC/Bf,YAAQgB,2BAA2BvI,KAAKsI,sBAAsB;EAChE;AACAf,UAAQiB,wBAAuB;AAC/BjB,UAAQkB,iCAAgC;AACxClB,UAAQmB,oCAAmC;AAE3C,SAAOnB;AACT;AAzDsBJ;AA2DtB,eAAsBwB,gBACpB,EACEvB,YACAC,gBACAC,6BACAgB,uBAAsB,GAOxB5F,SAAyB;AAEzB,UACE,MAAMyE,uBACJ;IACEC;IACAC;IACAC;IACAgB;EACF,GACA5F,OAAAA,GAEFkG,MAAK;AACT;AAzBsBD;AA2BtB,eAAsBE,6BAA6BpG,MAAwD;AACzG,iBAAeqG,yBAAAA;AACb,UAAMC,OAAOtG,KAAKsG,KAAKC,QAAQ,iBAAiBvG,KAAKwG,wBAAwB;AAC7E,WAAOC,MAAMH,MAAM;MACjB3H,QAAQ;MACR+H,SAAS;QACP,gBAAgB;MAClB;IACF,CAAA,EAAGC,KAAK,OAAOC,aAAAA;AACb,UAAIA,SAAS9C,UAAU,KAAK;AAC1B,eAAOxF,QAAQC,OAAOC,MAAM,MAAMoI,SAASC,KAAI,CAAA,CAAA;MACjD,OAAO;AACL,cAAMC,eAAe,MAAMF,SAASG,KAAI;AAExC,YAAI,CAACD,aAAaE,gBAAgB;AAChC,iBAAO1I,QAAQC,OAAOC,MAAM,2CAAA,CAAA;QAC9B;AAEA,eAAOsI,aAAaE;MACtB;IACF,CAAA;EACF;AApBeX;AAsBf,SAAOA;AACT;AAxBsBD;AA0BtB,eAAsBa,iCAAiCjH,MAGtD;AACC,iBAAekH,2BAA2BC,eAAqB;AAC7D,WAAOV,MAAMzG,KAAKsG,MAAM;MACtB3H,QAAQ;MACR+H,SAAS;QACP,gBAAgB;MAClB;MACAU,MAAMC,KAAKC,UAAU;QAAEC,cAAcvH,KAAKwG;QAA0BW;MAAc,CAAA;IACpF,CAAA,EAAGR,KAAK,OAAOC,aAAAA;AACb,UAAIA,SAAS9C,UAAU,KAAK;AAC1B,eAAOxF,QAAQC,OAAOC,MAAM,MAAMoI,SAASC,KAAI,CAAA,CAAA;MACjD,OAAO;AACL,cAAMC,eAAe,MAAMF,SAASG,KAAI;AAExC,YAAI,CAACD,aAAahD,QAAQ;AACxB,iBAAOxF,QAAQC,OAAOC,MAAM,iCAAA,CAAA;QAC9B;AAEA,eAAOsI,aAAahD,WAAW0D,iCAAiCC;MAClE;IACF,CAAA;EACF;AApBeP;AAsBf,SAAOA;AACT;AA3BsBD;;;ACnZf,IAAMS,iBAAN,MAAMA;EAJb,OAIaA;;;EACHC;EACSC;EACAC;EACTC;EACSC;EAEjB,YAAmB,EACjBC,YACAC,cACAC,gBACAC,4BAA2B,GAM1B;AACD,SAAKN,iBAAiBG;AACtB,SAAKJ,mBAAmBK;AACxB,SAAKH,kBAAkBI;AACvB,SAAKH,+BAA+BI;EACtC;EAEA,MAAaC,IAAIC,MAAyG;AACxH,QAAI,CAAC,KAAKV,SAAS;AACjB,YAAMW,UAAU,MAAMC,uBACpB;QACEP,YAAY,KAAKQ;QACjBN,gBAAgB,KAAKA;QACrBC,6BAA6B,KAAKA;QAClCM,wBAAwBJ,MAAMI;MAChC,GACAJ,KAAKK,OAAO;AAEd,WAAKf,UAAUW,QAAQK,MAAK;IAC9B;AACA,WAAO,KAAKhB;EACd;EAEA,IAAIa,gBAAgB;AAClB,WAAO,KAAKX;EACd;EAEA,IAAIe,kBAAkB;AACpB,WAAO,KAAKhB;EACd;EAEA,IAAIM,iBAAiB;AACnB,WAAO,KAAKJ;EACd;EAEA,IAAII,eAAeW,OAAuB;AAExC,QAAI,KAAKlB,SAASO,gBAAgB;AAChC,WAAKP,QAAQO,iBAAiB;QAC5B,GAAG,KAAKP,SAASO;QACjBY,qCAAqCD,MAAMC;MAC7C;IACF;AAEA,SAAKhB,kBAAkBe;EACzB;EAEA,IAAIV,8BAA8B;AAChC,WAAO,KAAKJ;EACd;AACF;;;AF3CO,IAAMgB,uBAAsC;EACjD;EACA;EACA;EACA;EACA;;AAGK,IAAMC,gBAAN,MAAMA,eAAAA;EArCb,OAqCaA;;;EACX,OAAwBC,oBAAoB;EAC3BC,YAAyC,oBAAIC,IAAAA;EACrDC,SAASA,OAAOC;EAEhBC,UAA0B;IACjCC,uBAAuB,KAAKA,sBAAsBC,KAAK,IAAI;IAC3DC,wBAAwB,KAAKA,uBAAuBD,KAAK,IAAI;IAC7DE,kCAAkC,KAAKA,iCAAiCF,KAAK,IAAI;IACjFG,oBAAoB,KAAKA,mBAAmBH,KAAK,IAAI;IACrDI,gCAAgC,KAAKA,+BAA+BJ,KAAK,IAAI;EAC/E;EACQK;EAER,YAAYC,MAA2B;AACrC,SAAKD,QAAQC,QAAQ,CAAC;EACxB;EAEA,MAAcP,sBAAsBQ,YAA8BC,SAAqE;AACrI,WAAO,MAAM,KAAKL,mBAAmBI,YAAYC,OAAAA,EAC9CC,KAAK,CAACC,aAAaA,SAASC,IAAI;MAAEH;IAAQ,CAAA,CAAA,EAC1CC,KAAK,CAACG,WACLA,OAAOC,yBAAyBN,UAAAA,EAAYE,KAAK,CAACK,aAAAA;AAChD,YAAMC,SAA0CD;AAChD,UAAI,KAAKT,MAAMW,mBAAmB,OAAO;AACvC,eAAOD,OAAOE;MAChB;AACA,aAAOF;IACT,CAAA,CAAA;EAEN;EAEA,MAAcd,uBAAuBiB,WAAiCV,SAAwD;AAC5H,WAAO,MAAM,KAAKL,mBAAmBe,WAAWV,OAAAA,EAC7CC,KAAK,CAACC,aAAaA,SAASC,IAAI;MAAEH;IAAQ,CAAA,CAAA,EAC1CC,KAAK,CAACG,WAAqBA,OAAOO,gBAAgBD,SAAAA,CAAAA;EACvD;EAEA,MAAchB,iCACZkB,iBACAZ,SAC8B;AAC9B,WAAO,MAAM,KAAKL,mBAAmBiB,iBAAiBZ,OAAAA,EAASC,KAAK,OAAOC,aAAAA;AACzE,YAAME,SAAS,MAAMF,SAASC,IAAI;QAAEH;MAAQ,CAAA;AAE5C,YAAMa,8BAA8BD,gBAAgBE,SAAS;QAC3DC,yBAAyBX,OAAOW;QAChCC,oBAAoBJ,gBAAgBI;MACtC,CAAA;AACA,YAAMC,oBAAoBf,SAASgB,cAAcC,QAAQf,UAAUF,SAASgB,cAAcE,SAASD,OAAOE,WAAWC,SAAAA;AACrH,UAAI,CAACL,mBAAmB;AACtB,eAAOM,QAAQC,OAAOC,MAAM,yCAAyC,CAAA;MACvE;AACA,aAAOC,0BAA0Bd,gBAAgBE,SAAS;QACxDG;QACAU,gBAAgBf,gBAAgBI;QAChCY,iBAAiBhB,gBAAgBI;QACjCa,SAASzB,OAAOyB;QAChBd,yBAAyBX,OAAOW;QAChCe,2BAA2B,MAAMC,6BAA6B7B,SAASgB,eAAelB,OAAAA;MACxF,CAAA;IACF,CAAA;EACF;EAEQgC,cAAcC,gBAAoD;AACxE,QAAI,2BAA2BA,kBAAkBC,MAAMC,QAAQF,eAAeG,qBAAqB,GAAG;AACpG,aAAOH,eAAeG,sBAAsBC,KAAK,CAACC,OAAOA,OAAOL,eAAeM,iBAAiB;IAClG;AACA,WAAOC;EACT;EAEA,MAAcC,qBAAqBC,MAA2B1C,SAAoD;AAChH,UAAM2C,mBAAmBD,KAAKC,oBAAoB3D,eAAcC;AAGhE,UAAM2D,eAAe,MAAM,KAAKC,gBAAgB;MAAE,GAAGH;MAAMC;IAAiB,GAAG3C,OAAAA;AAC/E,UAAMiC,iBAAiB,MAAM,KAAKa,kBAAkB;MAAE,GAAGJ;MAAMC;IAAiB,GAAG3C,OAAAA;AACnF,UAAM+C,aAAa,KAAKf,cAAcC,cAAAA;AACtC,QAAIe,qBAA8ER;AAClF,QAAIO,YAAY;AAEdC,2BAAqB,MAAMC,kBAAkBF,YAAYG,mBAAmBC,sBAAsB;QAChGC,iBAAiB;MACnB,CAAA;AACA,UAAI,CAACJ,oBAAoB;AACvBA,6BAAqB,MAAMC,kBAAkBF,YAAYG,mBAAmBG,UAAU;UACpFD,iBAAiB;QACnB,CAAA;MACF;IACF;AACA,UAAME,8BAA8BN,oBAAoBO,cACpDP,mBAAoBO,cACpB,MAAM,KAAKC,wCACT;MACE,GAAGd;MACHC;IACF,GACA3C,OAAAA;AAEN,UAAMyD,aAAa,MAAM,KAAKC,uBAAuB;MAAE,GAAGhB;MAAMC;IAAiB,GAAG3C,OAAAA;AACpF,QAAI,CAACyD,WAAWE,aAAa;AAC3BF,iBAAWE,cAAc;QAAE,GAAGF,WAAWrC,SAASuC;QAAa,GAAG,KAAK9D,MAAM8D;MAAY;IAC3F;AACA,QAAI,CAACF,WAAWE,aAAaC,UAAU;AACrCH,iBAAWE,YAAYC,WAAWC,kBAAiB7D,OAAAA;IACrD;AAEA,SAAKd,UAAU4E,IACbnB,kBACA,IAAIoB,eAAe;MACjBN;MACAb;MACAX;MACAqB;IACF,CAAA,CAAA;AAGF,WAAO,KAAK3D,mBAAmB+C,MAAM1C,OAAAA;EACvC;;EAGA,MAAaJ,+BAA+B8C,MAAgC1C,SAA0C;AACpH,UAAME,WAAW,KAAKhB,UAAUiB,IAAIuC,KAAKC,gBAAgB;AACzD,QAAIzC,UAAU;AACZ,YAAM8D,WAAW,MAAM,KAAKlB,kBAAkB;QAAE,GAAGJ;MAAK,GAAG1C,OAAAA;AAC3DE,eAAS+B,iBAAiB+B;IAC5B;EACF;EAEA,MAAarE,mBAAmB+C,MAA2B1C,SAAoD;AAC7G,UAAM2C,mBAAmBD,KAAKC,oBAAoB3D,eAAcC;AAEhE,QAAI,CAAC,KAAKC,UAAU+E,IAAItB,gBAAAA,GAAmB;AACzC,YAAM,KAAKF,qBAAqBC,MAAM1C,OAAAA;IACxC;AACA,WAAO,KAAKd,UAAUiB,IAAIwC,gBAAAA;EAC5B;EAEA,MAAce,uBACZ5D,MAKAE,SACyB;AACzB,UAAM2C,mBAAmB7C,KAAK6C;AAC9B,UAAMuB,UAAU,MAAM,KAAKA,QAAQpE,MAAME,OAAAA;AACzC,UAAMmE,YAAY,MAAM,KAAKA,UAAUrE,MAAME,OAAAA;AAC7C,UAAMoE,UAAU,MAAMpE,QAAQqE,MAAMC,0BAA0B;MAC5DC,cAAc;MACdC,eAAe7B;MACfuB;MACAC;IACF,CAAA;AACA,QAAI,CAACC,SAAS;AACZ,YAAM3C,MAAM,6DAA6DkB,gBAAAA,EAAkB;IAC7F;AACA,WAAOyB;EACT;EAEA,MAAcvB,gBACZ/C,MAKAE,SAC2B;AAC3B,UAAM2C,mBAAmB7C,KAAK6C;AAC9B,UAAMuB,UAAU,MAAM,KAAKA,QAAQpE,MAAME,OAAAA;AACzC,UAAMyE,iBAAiB,MAAM,KAAKN,UAAUrE,MAAME,OAAAA;AAClD,WAAO;MAAE2C;MAAkBuB;MAASO;IAAe;EACrD;EAEA,MAAc3B,kBACZhD,MAKAE,SACyB;AACzB,UAAM4C,eAAe,MAAM,KAAKC,gBAAgB/C,MAAME,OAAAA;AACtD,UAAMgE,WAAY,MAAMhE,QAAQqE,MAAMK,wBAAwB;MAC5DH,cAAc;MACdC,eAAe5B,aAAaD;MAC5BwB,WAAWvB,aAAa6B;MACxBP,SAAStB,aAAasB;IACxB,CAAA;AACA,QAAI,CAACF,UAAU;AACb,YAAMvC,MAAM,wCAAwC3B,KAAK6C,gBAAgB,eAAe7C,KAAKqE,SAAS,cAAcrE,KAAKoE,OAAO,EAAE;IACpI;AACA,WAAOF;EACT;EAEA,MAAcR,wCACZ1D,MAKAE,SACsC;AACtC,UAAM4C,eAAe,MAAM,KAAKC,gBAAgB/C,MAAME,OAAAA;AACtD,UAAMgE,WAAY,MAAMhE,QAAQqE,MAAMK,wBAAwB;MAC5DH,cAAc;MACdC,eAAe5B,aAAaD;MAC5BwB,WAAWvB,aAAa6B;MACxBP,SAAStB,aAAasB;IACxB,CAAA;AACA,QAAI,CAACF,UAAU;AACb,YAAMvC,MACJ,wBAAwB3B,KAAK6C,gBAAgB,sCAAsCC,aAAa6B,cAAc,cAAc7B,aAAasB,OAAO,EAAE;IAEtJ;AACA,WAAOF;EACT;EAEA,MAAcE,QAAQpE,MAA6BE,SAA6C;AAC9F,UAAMkE,UAAUpE,MAAMoE,WAAW,KAAKrE,OAAO8E,kBAAmB,MAAM3E,SAASqE,MAAMO,2BAAAA;AACrF,QAAI,CAACV,SAAS;AACZ,YAAMzC,MAAM,iGAAA;IACd;AACA,WAAOyC;EACT;EAEA,MAAcC,UAAUrE,MAA+BE,SAA6C;AAClG,UAAMmE,YAAYrE,MAAMqE,aAAa,KAAKtE,OAAOgF,oBAAqB,MAAM7E,SAASqE,MAAMS,6BAAAA;AAC3F,QAAI,CAACX,WAAW;AACd,YAAM1C,MAAM,mGAAA;IACd;AACA,WAAO0C;EACT;AACF;;;AG5QA,IAAMY,SAASC;","names":["WellKnownEndpoints","assertValidAccessTokenRequest","createAccessTokenResponse","retrieveWellknown","getAgentResolver","AuthorizationResponseStateStatus","VcIssuerBuilder","getAgentResolver","legacyKeyRefsToIdentifierOpts","contextHasPlugin","CredentialMapper","bytesToBase64","fetch","createJWT","decodeJWT","verifyJWT","jwtDecode","getJwtVerifyCallback","verifyOpts","_context","args","resolver","getAgentResolver","resolverResolution","uniresolverResolution","localResolution","resolve","result","agent","jwtVerifyJwsSignature","jws","jwt","error","identifier","signatures","Promise","reject","Error","jwkInfo","jwks","method","alg","jwk","header","jwtDecode","payload","kid","decodedJwt","decodeJWT","startsWith","did","split","didResult","verifyJWT","verified","console","log","didResolution","didDocument","didResolutionMetadata","getAccessTokenKeyRef","opts","context","legacyKeyRefsToIdentifierOpts","identifierManagedGet","getAccessTokenSignerCallback","signer","data","dataString","encoding","resolution","keyRef","kmsKeyRef","undefined","bytesToBase64","keyManagerSign","accessTokenSignerCallback","issuer","idOpts","didOpts","toString","iss","kidHeader","identifierOpts","createJWT","typ","getCredentialSignerCallback","issueVCCallback","jwtVerifyResult","format","statusLists","credential","proofFormat","includes","CredentialMapper","isW3cCredential","id","subjectIsArray","Array","isArray","credentialSubject","credentialSubjects","map","subject","contextHasPlugin","credentialStatusVC","slAddStatusToCredential","credentialStatus","statusListCredential","createVerifiableCredential","removeOriginalFields","fetchRemoteContexts","domain","proof","isSdJwtDecodedCredentialPayload","sdJwtPayload","iat","Math","floor","Date","getTime","disclosureFrame","_sd","status","status_list","length","sdJwtPayloadWithStatus","slAddStatusToSdJwtCredential","idx","statusList","statusListId","uri","statusListIndex","createSdJwtVc","credentialPayload","createVciIssuerBuilder","issuerOpts","issuerMetadata","authorizationServerMetadata","builder","VcIssuerBuilder","resolveOpts","jwtVerifyOpts","audience","credential_issuer","withIssuerMetadata","withAuthorizationMetadata","withCredentialSignerCallback","nonceEndpoint","withNonceEndpoint","nonce_endpoint","asClientOpts","withASClientMetadata","withJWTVerifyCallback","credentialDataSupplier","withCredentialDataSupplier","withInMemoryCNonceState","withInMemoryCredentialOfferState","withInMemoryCredentialOfferURIState","createVciIssuer","build","createAuthRequestUriCallback","authRequestUriCallback","path","replace","presentationDefinitionId","fetch","headers","then","response","text","responseData","json","authRequestURI","createVerifyAuthResponseCallback","verifyAuthResponseCallback","correlationId","body","JSON","stringify","definitionId","AuthorizationResponseStateStatus","VERIFIED","IssuerInstance","_issuer","_metadataOptions","_issuerOptions","_issuerMetadata","_authorizationServerMetadata","issuerOpts","metadataOpts","issuerMetadata","authorizationServerMetadata","get","opts","builder","createVciIssuerBuilder","issuerOptions","credentialDataSupplier","context","build","metadataOptions","value","credential_configurations_supported","oid4vciIssuerMethods","OID4VCIIssuer","_DEFAULT_OPTS_KEY","instances","Map","schema","IDidAuthSiopOpAuthenticator","methods","oid4vciCreateOfferURI","bind","oid4vciIssueCredential","oid4vciCreateAccessTokenResponse","oid4vciGetInstance","oid4vciRefreshInstanceMetadata","_opts","opts","createArgs","context","then","instance","get","issuer","createCredentialOfferURI","response","result","returnSessions","session","issueArgs","issueCredential","accessTokenArgs","assertValidAccessTokenRequest","request","credentialOfferSessions","expirationDuration","accessTokenIssuer","issuerOptions","idOpts","didOpts","identifier","toString","Promise","reject","Error","createAccessTokenResponse","tokenExpiresIn","cNonceExpiresIn","cNonces","accessTokenSignerCallback","getAccessTokenSignerCallback","getExternalAS","issuerMetadata","Array","isArray","authorization_servers","find","as","credential_issuer","undefined","createIssuerInstance","args","credentialIssuer","metadataOpts","getMetadataOpts","getIssuerMetadata","externalAS","asMetadataResponse","retrieveWellknown","WellKnownEndpoints","OPENID_CONFIGURATION","errorOnNotFound","OAUTH_AS","authorizationServerMetadata","successBody","getAuthorizationServerMetadataFromStore","issuerOpts","getIssuerOptsFromStore","resolveOpts","resolver","getAgentResolver","set","IssuerInstance","metadata","has","storeId","namespace","options","agent","oid4vciStoreGetIssuerOpts","metadataType","correlationId","storeNamespace","oid4vciStoreGetMetadata","defaultStoreId","oid4vciStoreDefaultStoreId","defaultNamespace","oid4vciStoreDefaultNamespace","schema","require"]}
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@sphereon/ssi-sdk.oid4vci-issuer",
|
|
3
|
-
"version": "0.36.1-next.
|
|
3
|
+
"version": "0.36.1-next.47+31fe4eef",
|
|
4
4
|
"source": "./src/index.ts",
|
|
5
5
|
"type": "module",
|
|
6
6
|
"main": "./dist/index.cjs",
|
|
@@ -29,20 +29,20 @@
|
|
|
29
29
|
"@sphereon/oid4vci-client": "0.20.1-next.3",
|
|
30
30
|
"@sphereon/oid4vci-common": "0.20.1-next.3",
|
|
31
31
|
"@sphereon/oid4vci-issuer": "0.20.1-next.3",
|
|
32
|
-
"@sphereon/ssi-sdk-ext.did-utils": "0.36.1-next.
|
|
33
|
-
"@sphereon/ssi-sdk-ext.identifier-resolution": "0.36.1-next.
|
|
34
|
-
"@sphereon/ssi-sdk-ext.jwt-service": "0.36.1-next.
|
|
35
|
-
"@sphereon/ssi-sdk.agent-config": "0.36.1-next.
|
|
36
|
-
"@sphereon/ssi-sdk.core": "0.36.1-next.
|
|
37
|
-
"@sphereon/ssi-sdk.data-store": "0.36.1-next.
|
|
38
|
-
"@sphereon/ssi-sdk.data-store-types": "0.36.1-next.
|
|
39
|
-
"@sphereon/ssi-sdk.kv-store-temp": "0.36.1-next.
|
|
40
|
-
"@sphereon/ssi-sdk.mdl-mdoc": "0.36.1-next.
|
|
41
|
-
"@sphereon/ssi-sdk.oid4vci-issuer-store": "0.36.1-next.
|
|
42
|
-
"@sphereon/ssi-sdk.sd-jwt": "0.36.1-next.
|
|
43
|
-
"@sphereon/ssi-sdk.vc-status-list": "0.36.1-next.
|
|
44
|
-
"@sphereon/ssi-sdk.vc-status-list-issuer": "0.36.1-next.
|
|
45
|
-
"@sphereon/ssi-types": "0.36.1-next.
|
|
32
|
+
"@sphereon/ssi-sdk-ext.did-utils": "0.36.1-next.47+31fe4eef",
|
|
33
|
+
"@sphereon/ssi-sdk-ext.identifier-resolution": "0.36.1-next.47+31fe4eef",
|
|
34
|
+
"@sphereon/ssi-sdk-ext.jwt-service": "0.36.1-next.47+31fe4eef",
|
|
35
|
+
"@sphereon/ssi-sdk.agent-config": "0.36.1-next.47+31fe4eef",
|
|
36
|
+
"@sphereon/ssi-sdk.core": "0.36.1-next.47+31fe4eef",
|
|
37
|
+
"@sphereon/ssi-sdk.data-store": "0.36.1-next.47+31fe4eef",
|
|
38
|
+
"@sphereon/ssi-sdk.data-store-types": "0.36.1-next.47+31fe4eef",
|
|
39
|
+
"@sphereon/ssi-sdk.kv-store-temp": "0.36.1-next.47+31fe4eef",
|
|
40
|
+
"@sphereon/ssi-sdk.mdl-mdoc": "0.36.1-next.47+31fe4eef",
|
|
41
|
+
"@sphereon/ssi-sdk.oid4vci-issuer-store": "0.36.1-next.47+31fe4eef",
|
|
42
|
+
"@sphereon/ssi-sdk.sd-jwt": "0.36.1-next.47+31fe4eef",
|
|
43
|
+
"@sphereon/ssi-sdk.vc-status-list": "0.36.1-next.47+31fe4eef",
|
|
44
|
+
"@sphereon/ssi-sdk.vc-status-list-issuer": "0.36.1-next.47+31fe4eef",
|
|
45
|
+
"@sphereon/ssi-types": "0.36.1-next.47+31fe4eef",
|
|
46
46
|
"@types/uuid": "^9.0.8",
|
|
47
47
|
"@veramo/core": "4.2.0",
|
|
48
48
|
"@veramo/credential-w3c": "4.2.0",
|
|
@@ -85,5 +85,5 @@
|
|
|
85
85
|
"OpenID Connect",
|
|
86
86
|
"Authenticator"
|
|
87
87
|
],
|
|
88
|
-
"gitHead": "
|
|
88
|
+
"gitHead": "31fe4eeffb4312dae114c805734a037118411ad3"
|
|
89
89
|
}
|
|
@@ -20,13 +20,21 @@ import {
|
|
|
20
20
|
IIssuerInstanceArgs,
|
|
21
21
|
IIssuerOptions,
|
|
22
22
|
IOID4VCIIssuerOpts,
|
|
23
|
+
IRefreshInstanceMetadata,
|
|
23
24
|
IRequiredContext,
|
|
24
|
-
schema
|
|
25
|
+
schema
|
|
25
26
|
} from '../index'
|
|
26
27
|
import { IssuerInstance } from '../IssuerInstance'
|
|
27
|
-
|
|
28
28
|
import { IOID4VCIIssuer } from '../types/IOID4VCIIssuer'
|
|
29
29
|
|
|
30
|
+
export const oid4vciIssuerMethods: Array<string> = [
|
|
31
|
+
'oid4vciCreateOfferURI',
|
|
32
|
+
'oid4vciIssueCredential',
|
|
33
|
+
'oid4vciCreateAccessTokenResponse',
|
|
34
|
+
'oid4vciGetInstance',
|
|
35
|
+
'oid4vciRefreshInstanceMetadata'
|
|
36
|
+
]
|
|
37
|
+
|
|
30
38
|
export class OID4VCIIssuer implements IAgentPlugin {
|
|
31
39
|
private static readonly _DEFAULT_OPTS_KEY = '_default'
|
|
32
40
|
private readonly instances: Map<string, IssuerInstance> = new Map()
|
|
@@ -37,6 +45,7 @@ export class OID4VCIIssuer implements IAgentPlugin {
|
|
|
37
45
|
oid4vciIssueCredential: this.oid4vciIssueCredential.bind(this),
|
|
38
46
|
oid4vciCreateAccessTokenResponse: this.oid4vciCreateAccessTokenResponse.bind(this),
|
|
39
47
|
oid4vciGetInstance: this.oid4vciGetInstance.bind(this),
|
|
48
|
+
oid4vciRefreshInstanceMetadata: this.oid4vciRefreshInstanceMetadata.bind(this),
|
|
40
49
|
}
|
|
41
50
|
private _opts: IOID4VCIIssuerOpts
|
|
42
51
|
|
|
@@ -146,6 +155,15 @@ export class OID4VCIIssuer implements IAgentPlugin {
|
|
|
146
155
|
return this.oid4vciGetInstance(args, context)
|
|
147
156
|
}
|
|
148
157
|
|
|
158
|
+
// TODO SSISDK-87 create proper solution to update issuer metadata
|
|
159
|
+
public async oid4vciRefreshInstanceMetadata(args: IRefreshInstanceMetadata, context: IRequiredContext): Promise<void> {
|
|
160
|
+
const instance = this.instances.get(args.credentialIssuer)
|
|
161
|
+
if (instance) {
|
|
162
|
+
const metadata = await this.getIssuerMetadata({ ...args }, context);
|
|
163
|
+
instance.issuerMetadata = metadata;
|
|
164
|
+
}
|
|
165
|
+
}
|
|
166
|
+
|
|
149
167
|
public async oid4vciGetInstance(args: IIssuerInstanceArgs, context: IRequiredContext): Promise<IssuerInstance> {
|
|
150
168
|
const credentialIssuer = args.credentialIssuer ?? OID4VCIIssuer._DEFAULT_OPTS_KEY
|
|
151
169
|
//todo: prob doesn't make sense as credentialIssuer is mandatory anyway
|
package/src/index.ts
CHANGED
|
@@ -3,7 +3,7 @@
|
|
|
3
3
|
*/
|
|
4
4
|
const schema = require('../plugin.schema.json')
|
|
5
5
|
export { schema }
|
|
6
|
-
export { OID4VCIIssuer } from './agent/OID4VCIIssuer'
|
|
6
|
+
export { OID4VCIIssuer, oid4vciIssuerMethods } from './agent/OID4VCIIssuer'
|
|
7
7
|
export * from './functions'
|
|
8
8
|
export * from './IssuerInstance'
|
|
9
9
|
export * from './types/IOID4VCIIssuer'
|
|
@@ -83,6 +83,10 @@ export interface IIssuerInstanceArgs {
|
|
|
83
83
|
namespace?: string
|
|
84
84
|
}
|
|
85
85
|
|
|
86
|
+
export interface IRefreshInstanceMetadata {
|
|
87
|
+
credentialIssuer: string
|
|
88
|
+
}
|
|
89
|
+
|
|
86
90
|
export interface IIssuerInstanceOptions extends IMetadataOptions {
|
|
87
91
|
issuerOpts?: IIssuerOptions
|
|
88
92
|
metadataOpts?: CredentialIssuerMetadataOpts
|