npm - @sphereon/ssi-sdk.sd-jwt - Versions diffs - 0.33.1-feature.vcdm2.tsup.32 → 0.33.1-next.3 - Mend

@sphereon/ssi-sdk.sd-jwt 0.33.1-feature.vcdm2.tsup.32 → 0.33.1-next.3

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (34) hide show

package/dist/action-handler.d.ts +89 -0
package/dist/action-handler.d.ts.map +1 -0
package/dist/action-handler.js +397 -0
package/dist/action-handler.js.map +1 -0
package/dist/defaultCallbacks.d.ts +6 -0
package/dist/defaultCallbacks.d.ts.map +1 -0
package/dist/defaultCallbacks.js +55 -0
package/dist/defaultCallbacks.js.map +1 -0
package/dist/index.d.ts +4 -334
package/dist/index.d.ts.map +1 -0
package/dist/index.js +20 -562
package/dist/index.js.map +1 -1
package/dist/trustAnchors.d.ts +3 -0
package/dist/trustAnchors.d.ts.map +1 -0
package/dist/trustAnchors.js +20 -0
package/dist/trustAnchors.js.map +1 -0
package/dist/types.d.ts +234 -0
package/dist/types.d.ts.map +1 -0
package/dist/types.js +10 -0
package/dist/types.js.map +1 -0
package/dist/utils.d.ts +18 -0
package/dist/utils.d.ts.map +1 -0
package/dist/utils.js +85 -0
package/dist/utils.js.map +1 -0
package/package.json +24 -35
package/src/__tests__/sd-jwt-integrity.test.ts +1 -1
package/src/__tests__/sd-jwt.test.ts +1 -2
package/src/action-handler.ts +2 -2
package/src/defaultCallbacks.ts +3 -4
package/src/types.ts +1 -1
package/src/utils.ts +4 -4
package/dist/index.cjs +0 -595
package/dist/index.cjs.map +0 -1
package/dist/index.d.cts +0 -334

package/dist/action-handler.d.ts ADDED Viewed

@@ -0,0 +1,89 @@
+import { SDJwtVcInstance } from '@sd-jwt/sd-jwt-vc';
+import { Signer } from '@sd-jwt/types';
+import { X509CertificateChainValidationOpts } from '@sphereon/ssi-sdk-ext.x509-utils';
+import { SdJwtTypeMetadata } from '@sphereon/ssi-types';
+import { IAgentPlugin } from '@veramo/core';
+import { FetchSdJwtTypeMetadataFromVctUrlArgs, ICreateSdJwtPresentationArgs, ICreateSdJwtPresentationResult, ICreateSdJwtVcArgs, ICreateSdJwtVcResult, IRequiredContext, ISDJwtPlugin, IVerifySdJwtPresentationArgs, IVerifySdJwtPresentationResult, IVerifySdJwtVcArgs, IVerifySdJwtVcResult, SdJWTImplementation, SignKeyArgs, SignKeyResult } from './types';
+/**
+ * @beta
+ * SD-JWT plugin
+ */
+export declare class SDJwtPlugin implements IAgentPlugin {
+    private readonly trustAnchorsInPEM;
+    private readonly registeredImplementations;
+    private _signers;
+    private _defaultSigner?;
+    constructor(registeredImplementations?: SdJWTImplementation & {
+        signers?: Record<string, Signer>;
+        defaultSigner?: Signer;
+    }, trustAnchorsInPEM?: string[]);
+    readonly methods: ISDJwtPlugin;
+    private getSignerForIdentifier;
+    /**
+     * Create a signed SD-JWT credential.
+     * @param args - Arguments necessary for the creation of a SD-JWT credential.
+     * @param context - This reserved param is automatically added and handled by the framework, *do not override*
+     * @returns A signed SD-JWT credential.
+     */
+    createSdJwtVc(args: ICreateSdJwtVcArgs, context: IRequiredContext): Promise<ICreateSdJwtVcResult>;
+    /**
+     * Get the key to sign the SD-JWT
+     * @param args - consists of twp arguments: identifier like a did and other forms of identifiers and vmRelationship which represents the purpose of the key
+     * @param context - agent instance
+     * @returns the key to sign the SD-JWT
+     */
+    getSignKey(args: SignKeyArgs, context: IRequiredContext): Promise<SignKeyResult>;
+    /**
+     * Create a signed SD-JWT presentation.
+     * @param args - Arguments necessary for the creation of a SD-JWT presentation.
+     * @param context - This reserved param is automatically added and handled by the framework, *do not override*
+     * @returns A signed SD-JWT presentation.
+     */
+    createSdJwtPresentation(args: ICreateSdJwtPresentationArgs, context: IRequiredContext): Promise<ICreateSdJwtPresentationResult>;
+    /**
+     * Verify a signed SD-JWT credential.
+     * @param args - Arguments necessary for the verify a SD-JWT credential.
+     * @param context - This reserved param is automatically added and handled by the framework, *do not override*
+     * @returns
+     */
+    verifySdJwtVc(args: IVerifySdJwtVcArgs, context: IRequiredContext): Promise<IVerifySdJwtVcResult>;
+    /**
+     * Verify the key binding of a SD-JWT by validating the signature of the key bound to the SD-JWT
+     * @param sdjwt - SD-JWT instance
+     * @param context - This reserved param is automatically added and handled by the framework, *do not override*
+     * @param data - signed data
+     * @param signature - The signature
+     * @param payload - The payload of the SD-JWT
+     * @returns
+     */
+    private verifyKb;
+    /**
+     * Validates the signature of a SD-JWT
+     * @param sdjwt - SD-JWT instance
+     * @param context - This reserved param is automatically added and handled by the framework, *do not override*
+     * @param data - signed data
+     * @param signature - The signature
+     * @returns
+     */
+    verify(sdjwt: SDJwtVcInstance, context: IRequiredContext, data: string, signature: string, opts?: {
+        x5cValidation?: X509CertificateChainValidationOpts;
+    }): Promise<boolean>;
+    /**
+     * Verify a signed SD-JWT presentation.
+     * @param args - Arguments necessary for the verify a SD-JWT presentation.
+     * @param context - This reserved param is automatically added and handled by the framework, *do not override*
+     * @returns
+     */
+    verifySdJwtPresentation(args: IVerifySdJwtPresentationArgs, context: IRequiredContext): Promise<IVerifySdJwtPresentationResult>;
+    /**
+     * Fetch and validate Type Metadata.
+     * @param args - Arguments necessary for fetching and validating the type metadata.
+     * @param context - This reserved param is automatically added and handled by the framework, *do not override*
+     * @returns
+     */
+    fetchSdJwtTypeMetadataFromVctUrl(args: FetchSdJwtTypeMetadataFromVctUrlArgs, context: IRequiredContext): Promise<SdJwtTypeMetadata>;
+    private verifySignatureCallback;
+    private getJwk;
+    private extractBase64FromDIDJwk;
+}
+//# sourceMappingURL=action-handler.d.ts.map

package/dist/action-handler.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"action-handler.d.ts","sourceRoot":"","sources":["../src/action-handler.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,eAAe,EAAkB,MAAM,mBAAmB,CAAA;AACnE,OAAO,EAAsE,MAAM,EAAY,MAAM,eAAe,CAAA;AAEpH,OAAO,EAAE,kCAAkC,EAAE,MAAM,kCAAkC,CAAA;AACrF,OAAO,EAAmB,iBAAiB,EAAE,MAAM,qBAAqB,CAAA;AACxE,OAAO,EAAE,YAAY,EAAE,MAAM,cAAc,CAAA;AAM3C,OAAO,EAEL,oCAAoC,EAGpC,4BAA4B,EAC5B,8BAA8B,EAC9B,kBAAkB,EAClB,oBAAoB,EACpB,gBAAgB,EAChB,YAAY,EACZ,4BAA4B,EAC5B,8BAA8B,EAC9B,kBAAkB,EAClB,oBAAoB,EACpB,mBAAmB,EAEnB,WAAW,EACX,aAAa,EACd,MAAM,SAAS,CAAA;AAIhB;;;GAGG;AACH,qBAAa,WAAY,YAAW,YAAY;IAE9C,OAAO,CAAC,QAAQ,CAAC,iBAAiB,CAAU;IAC5C,OAAO,CAAC,QAAQ,CAAC,yBAAyB,CAAqB;IAC/D,OAAO,CAAC,QAAQ,CAAwB;IACxC,OAAO,CAAC,cAAc,CAAC,CAAQ;gBAG7B,yBAAyB,CAAC,EAAE,mBAAmB,GAAG;QAChD,OAAO,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAA;QAChC,aAAa,CAAC,EAAE,MAAM,CAAA;KACvB,EACD,iBAAiB,CAAC,EAAE,MAAM,EAAE;IAoB9B,QAAQ,CAAC,OAAO,EAAE,YAAY,CAM7B;YAEa,sBAAsB;IAiBpC;;;;;OAKG;IACG,aAAa,CAAC,IAAI,EAAE,kBAAkB,EAAE,OAAO,EAAE,gBAAgB,GAAG,OAAO,CAAC,oBAAoB,CAAC;IAwBvG;;;;;OAKG;IACG,UAAU,CAAC,IAAI,EAAE,WAAW,EAAE,OAAO,EAAE,gBAAgB,GAAG,OAAO,CAAC,aAAa,CAAC;IA8CtF;;;;;OAKG;IACG,uBAAuB,CAAC,IAAI,EAAE,4BAA4B,EAAE,OAAO,EAAE,gBAAgB,GAAG,OAAO,CAAC,8BAA8B,CAAC;IA8BrI;;;;;OAKG;IACG,aAAa,CAAC,IAAI,EAAE,kBAAkB,EAAE,OAAO,EAAE,gBAAgB,GAAG,OAAO,CAAC,oBAAoB,CAAC;IASvG;;;;;;;;OAQG;IACH,OAAO,CAAC,QAAQ;IAOhB;;;;;;;OAOG;IACG,MAAM,CACV,KAAK,EAAE,eAAe,EACtB,OAAO,EAAE,gBAAgB,EACzB,IAAI,EAAE,MAAM,EACZ,SAAS,EAAE,MAAM,EACjB,IAAI,CAAC,EAAE;QAAE,aAAa,CAAC,EAAE,kCAAkC,CAAA;KAAE,GAC5D,OAAO,CAAC,OAAO,CAAC;IAgEnB;;;;;OAKG;IACG,uBAAuB,CAAC,IAAI,EAAE,4BAA4B,EAAE,OAAO,EAAE,gBAAgB,GAAG,OAAO,CAAC,8BAA8B,CAAC;IAcrI;;;;;OAKG;IACG,gCAAgC,CAAC,IAAI,EAAE,oCAAoC,EAAE,OAAO,EAAE,gBAAgB,GAAG,OAAO,CAAC,iBAAiB,CAAC;IAiDzI,OAAO,CAAC,uBAAuB;IAQ/B,OAAO,CAAC,MAAM;IAcd,OAAO,CAAC,uBAAuB;CAOhC"}

package/dist/action-handler.js ADDED Viewed

@@ -0,0 +1,397 @@
+"use strict";
+var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) {
+    function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }
+    return new (P || (P = Promise))(function (resolve, reject) {
+        function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } }
+        function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } }
+        function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); }
+        step((generator = generator.apply(thisArg, _arguments || [])).next());
+    });
+};
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.SDJwtPlugin = void 0;
+const core_1 = require("@sd-jwt/core");
+const sd_jwt_vc_1 = require("@sd-jwt/sd-jwt-vc");
+const ssi_sdk_ext_key_utils_1 = require("@sphereon/ssi-sdk-ext.key-utils");
+const utils_1 = require("@veramo/utils");
+const debug_1 = __importDefault(require("debug"));
+const defaultCallbacks_1 = require("./defaultCallbacks");
+const trustAnchors_1 = require("./trustAnchors");
+const utils_2 = require("./utils");
+const debug = (0, debug_1.default)('@sphereon/ssi-sdk.sd-jwt');
+/**
+ * @beta
+ * SD-JWT plugin
+ */
+class SDJwtPlugin {
+    constructor(registeredImplementations, trustAnchorsInPEM) {
+        var _a;
+        // map the methods your plugin is declaring to their implementation
+        this.methods = {
+            createSdJwtVc: this.createSdJwtVc.bind(this),
+            createSdJwtPresentation: this.createSdJwtPresentation.bind(this),
+            verifySdJwtVc: this.verifySdJwtVc.bind(this),
+            verifySdJwtPresentation: this.verifySdJwtPresentation.bind(this),
+            fetchSdJwtTypeMetadataFromVctUrl: this.fetchSdJwtTypeMetadataFromVctUrl.bind(this),
+        };
+        this.trustAnchorsInPEM = trustAnchorsInPEM !== null && trustAnchorsInPEM !== void 0 ? trustAnchorsInPEM : [];
+        if (!registeredImplementations) {
+            registeredImplementations = {};
+        }
+        if (typeof (registeredImplementations === null || registeredImplementations === void 0 ? void 0 : registeredImplementations.hasher) !== 'function') {
+            registeredImplementations.hasher = defaultCallbacks_1.defaultGenerateDigest;
+        }
+        if (typeof (registeredImplementations === null || registeredImplementations === void 0 ? void 0 : registeredImplementations.saltGenerator) !== 'function') {
+            registeredImplementations.saltGenerator = defaultCallbacks_1.defaultGenerateSalt;
+        }
+        this.registeredImplementations = registeredImplementations;
+        this._signers = (_a = registeredImplementations === null || registeredImplementations === void 0 ? void 0 : registeredImplementations.signers) !== null && _a !== void 0 ? _a : {};
+        this._defaultSigner = registeredImplementations === null || registeredImplementations === void 0 ? void 0 : registeredImplementations.defaultSigner;
+        // Verify signature default is used below in the methods if not provided here, as it needs the context of the agent
+    }
+    getSignerForIdentifier(args, context) {
+        return __awaiter(this, void 0, void 0, function* () {
+            const { identifier, resolution } = args;
+            if (Object.keys(this._signers).includes(identifier) && typeof this._signers[identifier] === 'function') {
+                return { signer: this._signers[identifier] };
+            }
+            else if (typeof this._defaultSigner === 'function') {
+                return { signer: this._defaultSigner };
+            }
+            const signingKey = yield this.getSignKey({ identifier, vmRelationship: 'assertionMethod', resolution }, context);
+            const { key, alg } = signingKey;
+            const signer = (data) => __awaiter(this, void 0, void 0, function* () {
+                return context.agent.keyManagerSign({ keyRef: key.kmsKeyRef, data });
+            });
+            return { signer, alg, signingKey };
+        });
+    }
+    /**
+     * Create a signed SD-JWT credential.
+     * @param args - Arguments necessary for the creation of a SD-JWT credential.
+     * @param context - This reserved param is automatically added and handled by the framework, *do not override*
+     * @returns A signed SD-JWT credential.
+     */
+    createSdJwtVc(args, context) {
+        return __awaiter(this, void 0, void 0, function* () {
+            const issuer = args.credentialPayload.iss;
+            if (!issuer) {
+                throw new Error('credential.issuer must not be empty');
+            }
+            const { alg, signer, signingKey } = yield this.getSignerForIdentifier({ identifier: issuer, resolution: args.resolution }, context);
+            const sdjwt = new sd_jwt_vc_1.SDJwtVcInstance({
+                signer,
+                hasher: this.registeredImplementations.hasher,
+                saltGenerator: this.registeredImplementations.saltGenerator,
+                signAlg: alg !== null && alg !== void 0 ? alg : 'ES256',
+                hashAlg: 'sha-256',
+            });
+            const credential = yield sdjwt.issue(args.credentialPayload, args.disclosureFrame, {
+                header: Object.assign(Object.assign({}, ((signingKey === null || signingKey === void 0 ? void 0 : signingKey.key.kid) !== undefined && { kid: signingKey.key.kid })), ((signingKey === null || signingKey === void 0 ? void 0 : signingKey.key.x5c) !== undefined && { x5c: signingKey.key.x5c })),
+            });
+            return { credential };
+        });
+    }
+    /**
+     * Get the key to sign the SD-JWT
+     * @param args - consists of twp arguments: identifier like a did and other forms of identifiers and vmRelationship which represents the purpose of the key
+     * @param context - agent instance
+     * @returns the key to sign the SD-JWT
+     */
+    getSignKey(args, context) {
+        return __awaiter(this, void 0, void 0, function* () {
+            var _a, _b, _c, _d;
+            // TODO Using identifierManagedGetByDid now (new managed identifier resolution). Evaluate of we need to implement more identifier types here
+            const { identifier, resolution } = Object.assign({}, args);
+            if (resolution) {
+                const key = resolution.key;
+                const alg = yield (0, ssi_sdk_ext_key_utils_1.signatureAlgorithmFromKey)({ key });
+                switch (resolution.method) {
+                    case 'did':
+                        debug(`Signing key ${key.publicKeyHex} found for identifier ${identifier}`);
+                        return { alg, key: Object.assign(Object.assign({}, key), { kmsKeyRef: resolution.kmsKeyRef, kid: resolution.kid }) };
+                    default:
+                        if (((_a = key.meta) === null || _a === void 0 ? void 0 : _a.x509) && key.meta.x509.x5c) {
+                            return { alg, key: { kid: resolution.kid, kmsKeyRef: resolution.kmsKeyRef, x5c: key.meta.x509.x5c } };
+                        }
+                        else if ((_b = key.meta) === null || _b === void 0 ? void 0 : _b.jwkThumbprint) {
+                            return { alg, key: { kid: resolution.kid, kmsKeyRef: resolution.kmsKeyRef, jwkThumbprint: key.meta.jwkThumbprint } };
+                        }
+                        else {
+                            return { alg, key: { kid: resolution.kid, kmsKeyRef: resolution.kmsKeyRef } };
+                        }
+                }
+            }
+            else if (identifier.startsWith('did:')) {
+                const didIdentifier = yield context.agent.identifierManagedGetByDid({ identifier });
+                if (!didIdentifier) {
+                    throw new Error(`No identifier found with the given did: ${identifier}`);
+                }
+                const key = didIdentifier.key;
+                const alg = yield (0, ssi_sdk_ext_key_utils_1.signatureAlgorithmFromKey)({ key });
+                debug(`Signing key ${key.publicKeyHex} found for identifier ${identifier}`);
+                return { alg, key: Object.assign(Object.assign({}, key), { kmsKeyRef: didIdentifier.kmsKeyRef, kid: didIdentifier.kid }) };
+            }
+            else {
+                const kidIdentifier = yield context.agent.identifierManagedGetByKid({ identifier });
+                if (!kidIdentifier) {
+                    throw new Error(`No identifier found with the given kid: ${identifier}`);
+                }
+                const key = kidIdentifier.key;
+                const alg = yield (0, ssi_sdk_ext_key_utils_1.signatureAlgorithmFromKey)({ key });
+                if (((_c = key.meta) === null || _c === void 0 ? void 0 : _c.x509) && key.meta.x509.x5c) {
+                    return { alg, key: { kid: kidIdentifier.kid, kmsKeyRef: kidIdentifier.kmsKeyRef, x5c: key.meta.x509.x5c } };
+                }
+                else if ((_d = key.meta) === null || _d === void 0 ? void 0 : _d.jwkThumbprint) {
+                    return { alg, key: { kid: kidIdentifier.kid, kmsKeyRef: kidIdentifier.kmsKeyRef, jwkThumbprint: key.meta.jwkThumbprint } };
+                }
+                else {
+                    return { alg, key: { kid: kidIdentifier.kid, kmsKeyRef: kidIdentifier.kmsKeyRef } };
+                }
+            }
+        });
+    }
+    /**
+     * Create a signed SD-JWT presentation.
+     * @param args - Arguments necessary for the creation of a SD-JWT presentation.
+     * @param context - This reserved param is automatically added and handled by the framework, *do not override*
+     * @returns A signed SD-JWT presentation.
+     */
+    createSdJwtPresentation(args, context) {
+        return __awaiter(this, void 0, void 0, function* () {
+            var _a, _b, _c, _d;
+            const cred = yield core_1.SDJwt.fromEncode(args.presentation, this.registeredImplementations.hasher);
+            const claims = yield cred.getClaims(this.registeredImplementations.hasher);
+            let holder;
+            // we primarly look for a cnf field, if it's not there we look for a sub field. If this is also not given, we throw an error since we can not sign it.
+            if (args.holder) {
+                holder = args.holder;
+            }
+            else if ((_a = claims.cnf) === null || _a === void 0 ? void 0 : _a.jwk) {
+                const jwk = claims.cnf.jwk;
+                holder = (0, ssi_sdk_ext_key_utils_1.calculateJwkThumbprint)({ jwk: jwk });
+            }
+            else if ((_b = claims.cnf) === null || _b === void 0 ? void 0 : _b.kid) {
+                holder = (_c = claims.cnf) === null || _c === void 0 ? void 0 : _c.kid;
+            }
+            else if (claims.sub) {
+                holder = claims.sub;
+            }
+            else {
+                throw new Error('invalid_argument: credential does not include a holder reference');
+            }
+            const { alg, signer } = yield this.getSignerForIdentifier({ identifier: holder }, context);
+            const sdjwt = new sd_jwt_vc_1.SDJwtVcInstance({
+                hasher: (_d = this.registeredImplementations.hasher) !== null && _d !== void 0 ? _d : defaultCallbacks_1.defaultGenerateDigest,
+                saltGenerator: this.registeredImplementations.saltGenerator,
+                kbSigner: signer,
+                kbSignAlg: alg !== null && alg !== void 0 ? alg : 'ES256',
+            });
+            const presentation = yield sdjwt.present(args.presentation, args.presentationFrame, { kb: args.kb });
+            return { presentation };
+        });
+    }
+    /**
+     * Verify a signed SD-JWT credential.
+     * @param args - Arguments necessary for the verify a SD-JWT credential.
+     * @param context - This reserved param is automatically added and handled by the framework, *do not override*
+     * @returns
+     */
+    verifySdJwtVc(args, context) {
+        return __awaiter(this, void 0, void 0, function* () {
+            var _a;
+            // callback
+            const verifier = (data, signature) => __awaiter(this, void 0, void 0, function* () { return this.verify(sdjwt, context, data, signature); });
+            const sdjwt = new sd_jwt_vc_1.SDJwtVcInstance({ verifier, hasher: (_a = this.registeredImplementations.hasher) !== null && _a !== void 0 ? _a : defaultCallbacks_1.defaultGenerateDigest });
+            const { header = {}, payload, kb } = yield sdjwt.verify(args.credential);
+            return { header, payload: payload, kb };
+        });
+    }
+    /**
+     * Verify the key binding of a SD-JWT by validating the signature of the key bound to the SD-JWT
+     * @param sdjwt - SD-JWT instance
+     * @param context - This reserved param is automatically added and handled by the framework, *do not override*
+     * @param data - signed data
+     * @param signature - The signature
+     * @param payload - The payload of the SD-JWT
+     * @returns
+     */
+    verifyKb(sdjwt, context, data, signature, payload) {
+        if (!payload.cnf) {
+            throw Error('other method than cnf is not supported yet');
+        }
+        return this.verifySignatureCallback(context)(data, signature, this.getJwk(payload));
+    }
+    /**
+     * Validates the signature of a SD-JWT
+     * @param sdjwt - SD-JWT instance
+     * @param context - This reserved param is automatically added and handled by the framework, *do not override*
+     * @param data - signed data
+     * @param signature - The signature
+     * @returns
+     */
+    verify(sdjwt, context, data, signature, opts) {
+        return __awaiter(this, void 0, void 0, function* () {
+            var _a, _b, _c, _d, _e, _f;
+            const decodedVC = yield sdjwt.decode(`${data}.${signature}`);
+            const issuer = decodedVC.jwt.payload.iss;
+            const header = decodedVC.jwt.header;
+            const x5c = header === null || header === void 0 ? void 0 : header.x5c;
+            let jwk = header.jwk;
+            if (x5c) {
+                const trustAnchors = new Set([...this.trustAnchorsInPEM]);
+                if (trustAnchors.size === 0) {
+                    trustAnchors.add(trustAnchors_1.sphereonCA);
+                    trustAnchors.add(trustAnchors_1.funkeTestCA);
+                }
+                const certificateValidationResult = yield context.agent.x509VerifyCertificateChain({
+                    chain: x5c,
+                    trustAnchors: Array.from(trustAnchors),
+                    // TODO: Defaults to allowing untrusted certs! Fine for now, not when wallets go mainstream
+                    opts: (_a = opts === null || opts === void 0 ? void 0 : opts.x5cValidation) !== null && _a !== void 0 ? _a : { trustRootWhenNoAnchors: true, allowNoTrustAnchorsFound: true },
+                });
+                if (certificateValidationResult.error || !(certificateValidationResult === null || certificateValidationResult === void 0 ? void 0 : certificateValidationResult.certificateChain)) {
+                    return Promise.reject(Error(`Certificate chain validation failed. ${certificateValidationResult.message}`));
+                }
+                const certInfo = certificateValidationResult.certificateChain[0];
+                jwk = certInfo.publicKeyJWK;
+            }
+            if (!jwk && ((_b = header.kid) === null || _b === void 0 ? void 0 : _b.includes('did:'))) {
+                const didDoc = yield context.agent.resolveDid({ didUrl: header.kid });
+                if (!didDoc) {
+                    throw new Error('invalid_issuer: issuer did not resolve to a did document');
+                }
+                //TODO SDK-20: This should be checking for an assertionMethod and not just an verificationMethod with an id
+                const didDocumentKey = (_d = (_c = didDoc.didDocument) === null || _c === void 0 ? void 0 : _c.verificationMethod) === null || _d === void 0 ? void 0 : _d.find((key) => key.id);
+                if (!didDocumentKey) {
+                    throw new Error('invalid_issuer: issuer did document does not include referenced key');
+                }
+                //FIXME SDK-21: in case it's another did method, the value of the key can be also encoded as a base64url
+                // needs more checks. some DID methods do not expose the keys as publicKeyJwk
+                jwk = didDocumentKey.publicKeyJwk;
+            }
+            if (!jwk && issuer.includes('did:')) {
+                // TODO refactor
+                const didDoc = yield context.agent.resolveDid({ didUrl: issuer });
+                if (!didDoc) {
+                    throw new Error('invalid_issuer: issuer did not resolve to a did document');
+                }
+                //TODO SDK-20: This should be checking for an assertionMethod and not just an verificationMethod with an id
+                const didDocumentKey = (_f = (_e = didDoc.didDocument) === null || _e === void 0 ? void 0 : _e.verificationMethod) === null || _f === void 0 ? void 0 : _f.find((key) => key.id);
+                if (!didDocumentKey) {
+                    throw new Error('invalid_issuer: issuer did document does not include referenced key');
+                }
+                //FIXME SDK-21: in case it's another did method, the value of the key can be also encoded as a base64url
+                // needs more checks. some DID methods do not expose the keys as publicKeyJwk
+                jwk = didDocumentKey.publicKeyJwk;
+            }
+            if (!jwk) {
+                throw new Error('No valid public key found for signature verification');
+            }
+            return this.verifySignatureCallback(context)(data, signature, jwk);
+        });
+    }
+    /**
+     * Verify a signed SD-JWT presentation.
+     * @param args - Arguments necessary for the verify a SD-JWT presentation.
+     * @param context - This reserved param is automatically added and handled by the framework, *do not override*
+     * @returns
+     */
+    verifySdJwtPresentation(args, context) {
+        return __awaiter(this, void 0, void 0, function* () {
+            let sdjwt;
+            const verifier = (data, signature) => __awaiter(this, void 0, void 0, function* () { return this.verify(sdjwt, context, data, signature); });
+            const verifierKb = (data, signature, payload) => __awaiter(this, void 0, void 0, function* () { return this.verifyKb(sdjwt, context, data, signature, payload); });
+            sdjwt = new sd_jwt_vc_1.SDJwtVcInstance({
+                verifier,
+                hasher: this.registeredImplementations.hasher,
+                kbVerifier: verifierKb,
+            });
+            return sdjwt.verify(args.presentation, args.requiredClaimKeys, args.kb);
+        });
+    }
+    /**
+     * Fetch and validate Type Metadata.
+     * @param args - Arguments necessary for fetching and validating the type metadata.
+     * @param context - This reserved param is automatically added and handled by the framework, *do not override*
+     * @returns
+     */
+    fetchSdJwtTypeMetadataFromVctUrl(args, context) {
+        return __awaiter(this, void 0, void 0, function* () {
+            var _a, _b, _c;
+            const { vct, vctIntegrity, opts } = args;
+            const url = new URL(vct);
+            const response = yield (0, utils_2.fetchUrlWithErrorHandling)(url.toString());
+            const metadata = yield response.json();
+            (0, utils_2.assertValidTypeMetadata)(metadata, vct);
+            const validate = (vct, input, integrityValue, hasher) => __awaiter(this, void 0, void 0, function* () {
+                if (hasher && integrityValue) {
+                    const validation = yield (0, utils_2.validateIntegrity)({ integrityValue, input, hasher });
+                    if (!validation) {
+                        return Promise.reject(Error(`Integrity check failed for vct: ${vct}, extends: ${metadata.extends}, integrity: ${integrityValue}}`));
+                    }
+                }
+            });
+            const hasher = ((_b = (_a = opts === null || opts === void 0 ? void 0 : opts.hasher) !== null && _a !== void 0 ? _a : this.registeredImplementations.hasher) !== null && _b !== void 0 ? _b : defaultCallbacks_1.defaultGenerateDigest);
+            if (hasher) {
+                if (vctIntegrity) {
+                    yield validate(vct, metadata, vctIntegrity, hasher);
+                    const vctValidation = yield (0, utils_2.validateIntegrity)({ integrityValue: vctIntegrity, input: metadata, hasher });
+                    if (!vctValidation) {
+                        return Promise.reject(Error(`Integrity check failed for vct: ${vct}, integrity: ${vctIntegrity}`));
+                    }
+                }
+                if (metadata['extends#integrity']) {
+                    const extendsMetadata = yield this.fetchSdJwtTypeMetadataFromVctUrl({ vct: metadata['extends#integrity'], opts }, context);
+                    yield validate(vct, extendsMetadata, metadata['extends#integrity'], hasher);
+                }
+                if (metadata['schema_uri#integrity']) {
+                    const schemaResponse = yield (0, utils_2.fetchUrlWithErrorHandling)(metadata.schema_uri);
+                    const schema = yield schemaResponse.json();
+                    yield validate(vct, schema, metadata['schema_uri#integrity'], hasher);
+                }
+                (_c = metadata.display) === null || _c === void 0 ? void 0 : _c.forEach((display) => {
+                    var _a, _b, _c;
+                    const simpleLogoIntegrity = (_c = (_b = (_a = display.rendering) === null || _a === void 0 ? void 0 : _a.simple) === null || _b === void 0 ? void 0 : _b.logo) === null || _c === void 0 ? void 0 : _c['uri#integrity'];
+                    if (simpleLogoIntegrity) {
+                        console.log('TODO: Logo integrity check');
+                    }
+                });
+            }
+            return metadata;
+        });
+    }
+    verifySignatureCallback(context) {
+        if (typeof this.registeredImplementations.verifySignature === 'function') {
+            return this.registeredImplementations.verifySignature;
+        }
+        return (0, defaultCallbacks_1.defaultVerifySignature)(context);
+    }
+    getJwk(payload) {
+        var _a;
+        if (((_a = payload.cnf) === null || _a === void 0 ? void 0 : _a.jwk) !== undefined) {
+            return payload.cnf.jwk;
+        }
+        else if (payload.cnf !== undefined && 'kid' in payload.cnf && typeof payload.cnf.kid === 'string' && payload.cnf.kid.startsWith('did:jwk:')) {
+            // extract JWK from kid FIXME isn't there a did function for this already? Otherwise create one
+            // FIXME this is a quick-fix to make verification but we need a real solution
+            const encoded = this.extractBase64FromDIDJwk(payload.cnf.kid);
+            const decoded = (0, utils_1.decodeBase64url)(encoded);
+            const jwt = JSON.parse(decoded);
+            return jwt;
+        }
+        throw Error('Unable to extract JWK from SD-JWT payload');
+    }
+    extractBase64FromDIDJwk(did) {
+        const parts = did.split(':');
+        if (parts.length < 3) {
+            throw new Error('Invalid DID format');
+        }
+        return parts[2].split('#')[0];
+    }
+}
+exports.SDJwtPlugin = SDJwtPlugin;
+//# sourceMappingURL=action-handler.js.map

package/dist/action-handler.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"action-handler.js","sourceRoot":"","sources":["../src/action-handler.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;AAAA,uCAAyC;AACzC,iDAAmE;AAEnE,2EAAmG;AAInG,yCAA+C;AAC/C,kDAAyB;AACzB,yDAAuG;AACvG,iDAAwD;AACxD,mCAA+F;AAsB/F,MAAM,KAAK,GAAG,IAAA,eAAK,EAAC,0BAA0B,CAAC,CAAA;AAE/C;;;GAGG;AACH,MAAa,WAAW;IAOtB,YACE,yBAGC,EACD,iBAA4B;;QAmB9B,mEAAmE;QAC1D,YAAO,GAAiB;YAC/B,aAAa,EAAE,IAAI,CAAC,aAAa,CAAC,IAAI,CAAC,IAAI,CAAC;YAC5C,uBAAuB,EAAE,IAAI,CAAC,uBAAuB,CAAC,IAAI,CAAC,IAAI,CAAC;YAChE,aAAa,EAAE,IAAI,CAAC,aAAa,CAAC,IAAI,CAAC,IAAI,CAAC;YAC5C,uBAAuB,EAAE,IAAI,CAAC,uBAAuB,CAAC,IAAI,CAAC,IAAI,CAAC;YAChE,gCAAgC,EAAE,IAAI,CAAC,gCAAgC,CAAC,IAAI,CAAC,IAAI,CAAC;SACnF,CAAA;QAxBC,IAAI,CAAC,iBAAiB,GAAG,iBAAiB,aAAjB,iBAAiB,cAAjB,iBAAiB,GAAI,EAAE,CAAA;QAChD,IAAI,CAAC,yBAAyB,EAAE,CAAC;YAC/B,yBAAyB,GAAG,EAAE,CAAA;QAChC,CAAC;QACD,IAAI,OAAO,CAAA,yBAAyB,aAAzB,yBAAyB,uBAAzB,yBAAyB,CAAE,MAAM,CAAA,KAAK,UAAU,EAAE,CAAC;YAC5D,yBAAyB,CAAC,MAAM,GAAG,wCAAqB,CAAA;QAC1D,CAAC;QACD,IAAI,OAAO,CAAA,yBAAyB,aAAzB,yBAAyB,uBAAzB,yBAAyB,CAAE,aAAa,CAAA,KAAK,UAAU,EAAE,CAAC;YACnE,yBAAyB,CAAC,aAAa,GAAG,sCAAmB,CAAA;QAC/D,CAAC;QACD,IAAI,CAAC,yBAAyB,GAAG,yBAAyB,CAAA;QAC1D,IAAI,CAAC,QAAQ,GAAG,MAAA,yBAAyB,aAAzB,yBAAyB,uBAAzB,yBAAyB,CAAE,OAAO,mCAAI,EAAE,CAAA;QACxD,IAAI,CAAC,cAAc,GAAG,yBAAyB,aAAzB,yBAAyB,uBAAzB,yBAAyB,CAAE,aAAa,CAAA;QAE9D,mHAAmH;IACrH,CAAC;IAWa,sBAAsB,CAAC,IAAgC,EAAE,OAAyB;;YAC9F,MAAM,EAAE,UAAU,EAAE,UAAU,EAAE,GAAG,IAAI,CAAA;YACvC,IAAI,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC,QAAQ,CAAC,UAAU,CAAC,IAAI,OAAO,IAAI,CAAC,QAAQ,CAAC,UAAU,CAAC,KAAK,UAAU,EAAE,CAAC;gBACvG,OAAO,EAAE,MAAM,EAAE,IAAI,CAAC,QAAQ,CAAC,UAAU,CAAC,EAAE,CAAA;YAC9C,CAAC;iBAAM,IAAI,OAAO,IAAI,CAAC,cAAc,KAAK,UAAU,EAAE,CAAC;gBACrD,OAAO,EAAE,MAAM,EAAE,IAAI,CAAC,cAAc,EAAE,CAAA;YACxC,CAAC;YACD,MAAM,UAAU,GAAG,MAAM,IAAI,CAAC,UAAU,CAAC,EAAE,UAAU,EAAE,cAAc,EAAE,iBAAiB,EAAE,UAAU,EAAE,EAAE,OAAO,CAAC,CAAA;YAChH,MAAM,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,UAAU,CAAA;YAE/B,MAAM,MAAM,GAAW,CAAO,IAAY,EAAmB,EAAE;gBAC7D,OAAO,OAAO,CAAC,KAAK,CAAC,cAAc,CAAC,EAAE,MAAM,EAAE,GAAG,CAAC,SAAS,EAAE,IAAI,EAAE,CAAC,CAAA;YACtE,CAAC,CAAA,CAAA;YAED,OAAO,EAAE,MAAM,EAAE,GAAG,EAAE,UAAU,EAAE,CAAA;QACpC,CAAC;KAAA;IAED;;;;;OAKG;IACG,aAAa,CAAC,IAAwB,EAAE,OAAyB;;YACrE,MAAM,MAAM,GAAG,IAAI,CAAC,iBAAiB,CAAC,GAAG,CAAA;YACzC,IAAI,CAAC,MAAM,EAAE,CAAC;gBACZ,MAAM,IAAI,KAAK,CAAC,qCAAqC,CAAC,CAAA;YACxD,CAAC;YACD,MAAM,EAAE,GAAG,EAAE,MAAM,EAAE,UAAU,EAAE,GAAG,MAAM,IAAI,CAAC,sBAAsB,CAAC,EAAE,UAAU,EAAE,MAAM,EAAE,UAAU,EAAE,IAAI,CAAC,UAAU,EAAE,EAAE,OAAO,CAAC,CAAA;YACnI,MAAM,KAAK,GAAG,IAAI,2BAAe,CAAC;gBAChC,MAAM;gBACN,MAAM,EAAE,IAAI,CAAC,yBAAyB,CAAC,MAAM;gBAC7C,aAAa,EAAE,IAAI,CAAC,yBAAyB,CAAC,aAAa;gBAC3D,OAAO,EAAE,GAAG,aAAH,GAAG,cAAH,GAAG,GAAI,OAAO;gBACvB,OAAO,EAAE,SAAS;aACnB,CAAC,CAAA;YAEF,MAAM,UAAU,GAAG,MAAM,KAAK,CAAC,KAAK,CAAC,IAAI,CAAC,iBAAiB,EAAE,IAAI,CAAC,eAAiE,EAAE;gBACnI,MAAM,kCACD,CAAC,CAAA,UAAU,aAAV,UAAU,uBAAV,UAAU,CAAE,GAAG,CAAC,GAAG,MAAK,SAAS,IAAI,EAAE,GAAG,EAAE,UAAU,CAAC,GAAG,CAAC,GAAG,EAAE,CAAC,GAClE,CAAC,CAAA,UAAU,aAAV,UAAU,uBAAV,UAAU,CAAE,GAAG,CAAC,GAAG,MAAK,SAAS,IAAI,EAAE,GAAG,EAAE,UAAU,CAAC,GAAG,CAAC,GAAG,EAAE,CAAC,CACtE;aACF,CAAC,CAAA;YAEF,OAAO,EAAE,UAAU,EAAE,CAAA;QACvB,CAAC;KAAA;IAED;;;;;OAKG;IACG,UAAU,CAAC,IAAiB,EAAE,OAAyB;;;YAC3D,4IAA4I;YAC5I,MAAM,EAAE,UAAU,EAAE,UAAU,EAAE,qBAAQ,IAAI,CAAE,CAAA;YAC9C,IAAI,UAAU,EAAE,CAAC;gBACf,MAAM,GAAG,GAAG,UAAU,CAAC,GAAG,CAAA;gBAC1B,MAAM,GAAG,GAAG,MAAM,IAAA,iDAAyB,EAAC,EAAE,GAAG,EAAE,CAAC,CAAA;gBACpD,QAAQ,UAAU,CAAC,MAAM,EAAE,CAAC;oBAC1B,KAAK,KAAK;wBACR,KAAK,CAAC,eAAe,GAAG,CAAC,YAAY,yBAAyB,UAAU,EAAE,CAAC,CAAA;wBAC3E,OAAO,EAAE,GAAG,EAAE,GAAG,kCAAO,GAAG,KAAE,SAAS,EAAE,UAAU,CAAC,SAAS,EAAE,GAAG,EAAE,UAAU,CAAC,GAAG,GAAE,EAAE,CAAA;oBACvF;wBACE,IAAI,CAAA,MAAA,GAAG,CAAC,IAAI,0CAAE,IAAI,KAAI,GAAG,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE,CAAC;4BACxC,OAAO,EAAE,GAAG,EAAE,GAAG,EAAE,EAAE,GAAG,EAAE,UAAU,CAAC,GAAG,EAAE,SAAS,EAAE,UAAU,CAAC,SAAS,EAAE,GAAG,EAAE,GAAG,CAAC,IAAI,CAAC,IAAI,CAAC,GAAe,EAAE,EAAE,CAAA;wBACnH,CAAC;6BAAM,IAAI,MAAA,GAAG,CAAC,IAAI,0CAAE,aAAa,EAAE,CAAC;4BACnC,OAAO,EAAE,GAAG,EAAE,GAAG,EAAE,EAAE,GAAG,EAAE,UAAU,CAAC,GAAG,EAAE,SAAS,EAAE,UAAU,CAAC,SAAS,EAAE,aAAa,EAAE,GAAG,CAAC,IAAI,CAAC,aAAa,EAAE,EAAE,CAAA;wBACtH,CAAC;6BAAM,CAAC;4BACN,OAAO,EAAE,GAAG,EAAE,GAAG,EAAE,EAAE,GAAG,EAAE,UAAU,CAAC,GAAG,EAAE,SAAS,EAAE,UAAU,CAAC,SAAS,EAAE,EAAE,CAAA;wBAC/E,CAAC;gBACL,CAAC;YACH,CAAC;iBAAM,IAAI,UAAU,CAAC,UAAU,CAAC,MAAM,CAAC,EAAE,CAAC;gBACzC,MAAM,aAAa,GAAG,MAAM,OAAO,CAAC,KAAK,CAAC,yBAAyB,CAAC,EAAE,UAAU,EAAE,CAAC,CAAA;gBACnF,IAAI,CAAC,aAAa,EAAE,CAAC;oBACnB,MAAM,IAAI,KAAK,CAAC,2CAA2C,UAAU,EAAE,CAAC,CAAA;gBAC1E,CAAC;gBACD,MAAM,GAAG,GAAG,aAAa,CAAC,GAAG,CAAA;gBAC7B,MAAM,GAAG,GAAG,MAAM,IAAA,iDAAyB,EAAC,EAAE,GAAG,EAAE,CAAC,CAAA;gBACpD,KAAK,CAAC,eAAe,GAAG,CAAC,YAAY,yBAAyB,UAAU,EAAE,CAAC,CAAA;gBAE3E,OAAO,EAAE,GAAG,EAAE,GAAG,kCAAO,GAAG,KAAE,SAAS,EAAE,aAAa,CAAC,SAAS,EAAE,GAAG,EAAE,aAAa,CAAC,GAAG,GAAE,EAAE,CAAA;YAC7F,CAAC;iBAAM,CAAC;gBACN,MAAM,aAAa,GAAG,MAAM,OAAO,CAAC,KAAK,CAAC,yBAAyB,CAAC,EAAE,UAAU,EAAE,CAAC,CAAA;gBACnF,IAAI,CAAC,aAAa,EAAE,CAAC;oBACnB,MAAM,IAAI,KAAK,CAAC,2CAA2C,UAAU,EAAE,CAAC,CAAA;gBAC1E,CAAC;gBACD,MAAM,GAAG,GAAG,aAAa,CAAC,GAAG,CAAA;gBAC7B,MAAM,GAAG,GAAG,MAAM,IAAA,iDAAyB,EAAC,EAAE,GAAG,EAAE,CAAC,CAAA;gBACpD,IAAI,CAAA,MAAA,GAAG,CAAC,IAAI,0CAAE,IAAI,KAAI,GAAG,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE,CAAC;oBACxC,OAAO,EAAE,GAAG,EAAE,GAAG,EAAE,EAAE,GAAG,EAAE,aAAa,CAAC,GAAG,EAAE,SAAS,EAAE,aAAa,CAAC,SAAS,EAAE,GAAG,EAAE,GAAG,CAAC,IAAI,CAAC,IAAI,CAAC,GAAe,EAAE,EAAE,CAAA;gBACzH,CAAC;qBAAM,IAAI,MAAA,GAAG,CAAC,IAAI,0CAAE,aAAa,EAAE,CAAC;oBACnC,OAAO,EAAE,GAAG,EAAE,GAAG,EAAE,EAAE,GAAG,EAAE,aAAa,CAAC,GAAG,EAAE,SAAS,EAAE,aAAa,CAAC,SAAS,EAAE,aAAa,EAAE,GAAG,CAAC,IAAI,CAAC,aAAa,EAAE,EAAE,CAAA;gBAC5H,CAAC;qBAAM,CAAC;oBACN,OAAO,EAAE,GAAG,EAAE,GAAG,EAAE,EAAE,GAAG,EAAE,aAAa,CAAC,GAAG,EAAE,SAAS,EAAE,aAAa,CAAC,SAAS,EAAE,EAAE,CAAA;gBACrF,CAAC;YACH,CAAC;QACH,CAAC;KAAA;IAED;;;;;OAKG;IACG,uBAAuB,CAAC,IAAkC,EAAE,OAAyB;;;YACzF,MAAM,IAAI,GAAG,MAAM,YAAK,CAAC,UAAU,CAAC,IAAI,CAAC,YAAY,EAAE,IAAI,CAAC,yBAAyB,CAAC,MAAO,CAAC,CAAA;YAC9F,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,SAAS,CAAS,IAAI,CAAC,yBAAyB,CAAC,MAAO,CAAC,CAAA;YACnF,IAAI,MAAc,CAAA;YAClB,sJAAsJ;YACtJ,IAAI,IAAI,CAAC,MAAM,EAAE,CAAC;gBAChB,MAAM,GAAG,IAAI,CAAC,MAAM,CAAA;YACtB,CAAC;iBAAM,IAAI,MAAA,MAAM,CAAC,GAAG,0CAAE,GAAG,EAAE,CAAC;gBAC3B,MAAM,GAAG,GAAG,MAAM,CAAC,GAAG,CAAC,GAAG,CAAA;gBAC1B,MAAM,GAAG,IAAA,8CAAsB,EAAC,EAAE,GAAG,EAAE,GAAU,EAAE,CAAC,CAAA;YACtD,CAAC;iBAAM,IAAI,MAAA,MAAM,CAAC,GAAG,0CAAE,GAAG,EAAE,CAAC;gBAC3B,MAAM,GAAG,MAAA,MAAM,CAAC,GAAG,0CAAE,GAAG,CAAA;YAC1B,CAAC;iBAAM,IAAI,MAAM,CAAC,GAAG,EAAE,CAAC;gBACtB,MAAM,GAAG,MAAM,CAAC,GAAa,CAAA;YAC/B,CAAC;iBAAM,CAAC;gBACN,MAAM,IAAI,KAAK,CAAC,kEAAkE,CAAC,CAAA;YACrF,CAAC;YACD,MAAM,EAAE,GAAG,EAAE,MAAM,EAAE,GAAG,MAAM,IAAI,CAAC,sBAAsB,CAAC,EAAE,UAAU,EAAE,MAAM,EAAE,EAAE,OAAO,CAAC,CAAA;YAE1F,MAAM,KAAK,GAAG,IAAI,2BAAe,CAAC;gBAChC,MAAM,EAAE,MAAA,IAAI,CAAC,yBAAyB,CAAC,MAAM,mCAAI,wCAAqB;gBACtE,aAAa,EAAE,IAAI,CAAC,yBAAyB,CAAC,aAAa;gBAC3D,QAAQ,EAAE,MAAM;gBAChB,SAAS,EAAE,GAAG,aAAH,GAAG,cAAH,GAAG,GAAI,OAAO;aAC1B,CAAC,CAAA;YACF,MAAM,YAAY,GAAG,MAAM,KAAK,CAAC,OAAO,CAAC,IAAI,CAAC,YAAY,EAAE,IAAI,CAAC,iBAAsD,EAAE,EAAE,EAAE,EAAE,IAAI,CAAC,EAAE,EAAE,CAAC,CAAA;YAEzI,OAAO,EAAE,YAAY,EAAE,CAAA;QACzB,CAAC;KAAA;IAED;;;;;OAKG;IACG,aAAa,CAAC,IAAwB,EAAE,OAAyB;;;YACrE,WAAW;YACX,MAAM,QAAQ,GAAa,CAAO,IAAY,EAAE,SAAiB,EAAE,EAAE,gDAAC,OAAA,IAAI,CAAC,MAAM,CAAC,KAAK,EAAE,OAAO,EAAE,IAAI,EAAE,SAAS,CAAC,CAAA,GAAA,CAAA;YAClH,MAAM,KAAK,GAAG,IAAI,2BAAe,CAAC,EAAE,QAAQ,EAAE,MAAM,EAAE,MAAA,IAAI,CAAC,yBAAyB,CAAC,MAAM,mCAAI,wCAAqB,EAAE,CAAC,CAAA;YACvH,MAAM,EAAE,MAAM,GAAG,EAAE,EAAE,OAAO,EAAE,EAAE,EAAE,GAAG,MAAM,KAAK,CAAC,MAAM,CAAC,IAAI,CAAC,UAAU,CAAC,CAAA;YAExE,OAAO,EAAE,MAAM,EAAE,OAAO,EAAE,OAAyB,EAAE,EAAE,EAAE,CAAA;QAC3D,CAAC;KAAA;IAED;;;;;;;;OAQG;IACK,QAAQ,CAAC,KAAsB,EAAE,OAAyB,EAAE,IAAY,EAAE,SAAiB,EAAE,OAAmB;QACtH,IAAI,CAAC,OAAO,CAAC,GAAG,EAAE,CAAC;YACjB,MAAM,KAAK,CAAC,4CAA4C,CAAC,CAAA;QAC3D,CAAC;QACD,OAAO,IAAI,CAAC,uBAAuB,CAAC,OAAO,CAAC,CAAC,IAAI,EAAE,SAAS,EAAE,IAAI,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC,CAAA;IACrF,CAAC;IAED;;;;;;;OAOG;IACG,MAAM,CACV,KAAsB,EACtB,OAAyB,EACzB,IAAY,EACZ,SAAiB,EACjB,IAA6D;;;YAE7D,MAAM,SAAS,GAAG,MAAM,KAAK,CAAC,MAAM,CAAC,GAAG,IAAI,IAAI,SAAS,EAAE,CAAC,CAAA;YAC5D,MAAM,MAAM,GAAa,SAAS,CAAC,GAAW,CAAC,OAAmC,CAAC,GAAa,CAAA;YAChG,MAAM,MAAM,GAAI,SAAS,CAAC,GAAW,CAAC,MAA6B,CAAA;YACnE,MAAM,GAAG,GAAyB,MAAM,aAAN,MAAM,uBAAN,MAAM,CAAE,GAAe,CAAA;YACzD,IAAI,GAAG,GAAiC,MAAM,CAAC,GAAG,CAAA;YAClD,IAAI,GAAG,EAAE,CAAC;gBACR,MAAM,YAAY,GAAG,IAAI,GAAG,CAAS,CAAC,GAAG,IAAI,CAAC,iBAAiB,CAAC,CAAC,CAAA;gBACjE,IAAI,YAAY,CAAC,IAAI,KAAK,CAAC,EAAE,CAAC;oBAC5B,YAAY,CAAC,GAAG,CAAC,yBAAU,CAAC,CAAA;oBAC5B,YAAY,CAAC,GAAG,CAAC,0BAAW,CAAC,CAAA;gBAC/B,CAAC;gBACD,MAAM,2BAA2B,GAAG,MAAM,OAAO,CAAC,KAAK,CAAC,0BAA0B,CAAC;oBACjF,KAAK,EAAE,GAAG;oBACV,YAAY,EAAE,KAAK,CAAC,IAAI,CAAC,YAAY,CAAC;oBACtC,2FAA2F;oBAC3F,IAAI,EAAE,MAAA,IAAI,aAAJ,IAAI,uBAAJ,IAAI,CAAE,aAAa,mCAAI,EAAE,sBAAsB,EAAE,IAAI,EAAE,wBAAwB,EAAE,IAAI,EAAE;iBAC9F,CAAC,CAAA;gBAEF,IAAI,2BAA2B,CAAC,KAAK,IAAI,CAAC,CAAA,2BAA2B,aAA3B,2BAA2B,uBAA3B,2BAA2B,CAAE,gBAAgB,CAAA,EAAE,CAAC;oBACxF,OAAO,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,wCAAwC,2BAA2B,CAAC,OAAO,EAAE,CAAC,CAAC,CAAA;gBAC7G,CAAC;gBACD,MAAM,QAAQ,GAAG,2BAA2B,CAAC,gBAAgB,CAAC,CAAC,CAAC,CAAA;gBAChE,GAAG,GAAG,QAAQ,CAAC,YAAmB,CAAA;YACpC,CAAC;YAED,IAAI,CAAC,GAAG,KAAI,MAAA,MAAM,CAAC,GAAG,0CAAE,QAAQ,CAAC,MAAM,CAAC,CAAA,EAAE,CAAC;gBACzC,MAAM,MAAM,GAAG,MAAM,OAAO,CAAC,KAAK,CAAC,UAAU,CAAC,EAAE,MAAM,EAAE,MAAM,CAAC,GAAG,EAAE,CAAC,CAAA;gBACrE,IAAI,CAAC,MAAM,EAAE,CAAC;oBACZ,MAAM,IAAI,KAAK,CAAC,0DAA0D,CAAC,CAAA;gBAC7E,CAAC;gBACD,2GAA2G;gBAC3G,MAAM,cAAc,GAAG,MAAA,MAAA,MAAM,CAAC,WAAW,0CAAE,kBAAkB,0CAAE,IAAI,CAAC,CAAC,GAAG,EAAE,EAAE,CAAC,GAAG,CAAC,EAAE,CAAC,CAAA;gBACpF,IAAI,CAAC,cAAc,EAAE,CAAC;oBACpB,MAAM,IAAI,KAAK,CAAC,qEAAqE,CAAC,CAAA;gBACxF,CAAC;gBACD,wGAAwG;gBACxG,6EAA6E;gBAC7E,GAAG,GAAG,cAAc,CAAC,YAA0B,CAAA;YACjD,CAAC;YAED,IAAI,CAAC,GAAG,IAAI,MAAM,CAAC,QAAQ,CAAC,MAAM,CAAC,EAAE,CAAC;gBACpC,gBAAgB;gBAChB,MAAM,MAAM,GAAG,MAAM,OAAO,CAAC,KAAK,CAAC,UAAU,CAAC,EAAE,MAAM,EAAE,MAAM,EAAE,CAAC,CAAA;gBACjE,IAAI,CAAC,MAAM,EAAE,CAAC;oBACZ,MAAM,IAAI,KAAK,CAAC,0DAA0D,CAAC,CAAA;gBAC7E,CAAC;gBACD,2GAA2G;gBAC3G,MAAM,cAAc,GAAG,MAAA,MAAA,MAAM,CAAC,WAAW,0CAAE,kBAAkB,0CAAE,IAAI,CAAC,CAAC,GAAG,EAAE,EAAE,CAAC,GAAG,CAAC,EAAE,CAAC,CAAA;gBACpF,IAAI,CAAC,cAAc,EAAE,CAAC;oBACpB,MAAM,IAAI,KAAK,CAAC,qEAAqE,CAAC,CAAA;gBACxF,CAAC;gBACD,wGAAwG;gBACxG,6EAA6E;gBAC7E,GAAG,GAAG,cAAc,CAAC,YAA0B,CAAA;YACjD,CAAC;YAED,IAAI,CAAC,GAAG,EAAE,CAAC;gBACT,MAAM,IAAI,KAAK,CAAC,sDAAsD,CAAC,CAAA;YACzE,CAAC;YAED,OAAO,IAAI,CAAC,uBAAuB,CAAC,OAAO,CAAC,CAAC,IAAI,EAAE,SAAS,EAAE,GAAG,CAAC,CAAA;QACpE,CAAC;KAAA;IAED;;;;;OAKG;IACG,uBAAuB,CAAC,IAAkC,EAAE,OAAyB;;YACzF,IAAI,KAAsB,CAAA;YAC1B,MAAM,QAAQ,GAAa,CAAO,IAAY,EAAE,SAAiB,EAAE,EAAE,gDAAC,OAAA,IAAI,CAAC,MAAM,CAAC,KAAK,EAAE,OAAO,EAAE,IAAI,EAAE,SAAS,CAAC,CAAA,GAAA,CAAA;YAClH,MAAM,UAAU,GAAe,CAAO,IAAY,EAAE,SAAiB,EAAE,OAAmB,EAAE,EAAE,gDAC5F,OAAA,IAAI,CAAC,QAAQ,CAAC,KAAK,EAAE,OAAO,EAAE,IAAI,EAAE,SAAS,EAAE,OAAO,CAAC,CAAA,GAAA,CAAA;YACzD,KAAK,GAAG,IAAI,2BAAe,CAAC;gBAC1B,QAAQ;gBACR,MAAM,EAAE,IAAI,CAAC,yBAAyB,CAAC,MAAM;gBAC7C,UAAU,EAAE,UAAU;aACvB,CAAC,CAAA;YAEF,OAAO,KAAK,CAAC,MAAM,CAAC,IAAI,CAAC,YAAY,EAAE,IAAI,CAAC,iBAAiB,EAAE,IAAI,CAAC,EAAE,CAAC,CAAA;QACzE,CAAC;KAAA;IAED;;;;;OAKG;IACG,gCAAgC,CAAC,IAA0C,EAAE,OAAyB;;;YAC1G,MAAM,EAAE,GAAG,EAAE,YAAY,EAAE,IAAI,EAAE,GAAG,IAAI,CAAA;YACxC,MAAM,GAAG,GAAG,IAAI,GAAG,CAAC,GAAG,CAAC,CAAA;YAExB,MAAM,QAAQ,GAAG,MAAM,IAAA,iCAAyB,EAAC,GAAG,CAAC,QAAQ,EAAE,CAAC,CAAA;YAChE,MAAM,QAAQ,GAAsB,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAA;YACzD,IAAA,+BAAuB,EAAC,QAAQ,EAAE,GAAG,CAAC,CAAA;YAEtC,MAAM,QAAQ,GAAG,CAAO,GAAW,EAAE,KAAc,EAAE,cAAuB,EAAE,MAA4B,EAAE,EAAE;gBAC5G,IAAI,MAAM,IAAI,cAAc,EAAE,CAAC;oBAC7B,MAAM,UAAU,GAAG,MAAM,IAAA,yBAAiB,EAAC,EAAE,cAAc,EAAE,KAAK,EAAE,MAAM,EAAE,CAAC,CAAA;oBAC7E,IAAI,CAAC,UAAU,EAAE,CAAC;wBAChB,OAAO,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,mCAAmC,GAAG,cAAc,QAAQ,CAAC,OAAO,gBAAgB,cAAc,GAAG,CAAC,CAAC,CAAA;oBACrI,CAAC;gBACH,CAAC;YACH,CAAC,CAAA,CAAA;YAED,MAAM,MAAM,GAAG,CAAC,MAAA,MAAA,IAAI,aAAJ,IAAI,uBAAJ,IAAI,CAAE,MAAM,mCAAI,IAAI,CAAC,yBAAyB,CAAC,MAAM,mCAAI,wCAAqB,CAAoC,CAAA;YAClI,IAAI,MAAM,EAAE,CAAC;gBACX,IAAI,YAAY,EAAE,CAAC;oBACjB,MAAM,QAAQ,CAAC,GAAG,EAAE,QAAQ,EAAE,YAAY,EAAE,MAAM,CAAC,CAAA;oBACnD,MAAM,aAAa,GAAG,MAAM,IAAA,yBAAiB,EAAC,EAAE,cAAc,EAAE,YAAY,EAAE,KAAK,EAAE,QAAQ,EAAE,MAAM,EAAE,CAAC,CAAA;oBACxG,IAAI,CAAC,aAAa,EAAE,CAAC;wBACnB,OAAO,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,mCAAmC,GAAG,gBAAgB,YAAY,EAAE,CAAC,CAAC,CAAA;oBACpG,CAAC;gBACH,CAAC;gBAED,IAAI,QAAQ,CAAC,mBAAmB,CAAC,EAAE,CAAC;oBAClC,MAAM,eAAe,GAAG,MAAM,IAAI,CAAC,gCAAgC,CAAC,EAAE,GAAG,EAAE,QAAQ,CAAC,mBAAmB,CAAC,EAAE,IAAI,EAAE,EAAE,OAAO,CAAC,CAAA;oBAC1H,MAAM,QAAQ,CAAC,GAAG,EAAE,eAAe,EAAE,QAAQ,CAAC,mBAAmB,CAAC,EAAE,MAAM,CAAC,CAAA;gBAC7E,CAAC;gBAED,IAAI,QAAQ,CAAC,sBAAsB,CAAC,EAAE,CAAC;oBACrC,MAAM,cAAc,GAAG,MAAM,IAAA,iCAAyB,EAAC,QAAQ,CAAC,UAAW,CAAC,CAAA;oBAC5E,MAAM,MAAM,GAAG,MAAM,cAAc,CAAC,IAAI,EAAE,CAAA;oBAC1C,MAAM,QAAQ,CAAC,GAAG,EAAE,MAAM,EAAE,QAAQ,CAAC,sBAAsB,CAAC,EAAE,MAAM,CAAC,CAAA;gBACvE,CAAC;gBAED,MAAA,QAAQ,CAAC,OAAO,0CAAE,OAAO,CAAC,CAAC,OAAO,EAAE,EAAE;;oBACpC,MAAM,mBAAmB,GAAG,MAAA,MAAA,MAAA,OAAO,CAAC,SAAS,0CAAE,MAAM,0CAAE,IAAI,0CAAG,eAAe,CAAC,CAAA;oBAC9E,IAAI,mBAAmB,EAAE,CAAC;wBACxB,OAAO,CAAC,GAAG,CAAC,4BAA4B,CAAC,CAAA;oBAC3C,CAAC;gBACH,CAAC,CAAC,CAAA;YACJ,CAAC;YAED,OAAO,QAAQ,CAAA;QACjB,CAAC;KAAA;IAEO,uBAAuB,CAAC,OAAyB;QACvD,IAAI,OAAO,IAAI,CAAC,yBAAyB,CAAC,eAAe,KAAK,UAAU,EAAE,CAAC;YACzE,OAAO,IAAI,CAAC,yBAAyB,CAAC,eAAe,CAAA;QACvD,CAAC;QAED,OAAO,IAAA,yCAAsB,EAAC,OAAO,CAAC,CAAA;IACxC,CAAC;IAEO,MAAM,CAAC,OAAmB;;QAChC,IAAI,CAAA,MAAA,OAAO,CAAC,GAAG,0CAAE,GAAG,MAAK,SAAS,EAAE,CAAC;YACnC,OAAO,OAAO,CAAC,GAAG,CAAC,GAAiB,CAAA;QACtC,CAAC;aAAM,IAAI,OAAO,CAAC,GAAG,KAAK,SAAS,IAAI,KAAK,IAAI,OAAO,CAAC,GAAG,IAAI,OAAO,OAAO,CAAC,GAAG,CAAC,GAAG,KAAK,QAAQ,IAAI,OAAO,CAAC,GAAG,CAAC,GAAG,CAAC,UAAU,CAAC,UAAU,CAAC,EAAE,CAAC;YAC9I,+FAA+F;YAC/F,6EAA6E;YAC7E,MAAM,OAAO,GAAG,IAAI,CAAC,uBAAuB,CAAC,OAAO,CAAC,GAAG,CAAC,GAAG,CAAC,CAAA;YAC7D,MAAM,OAAO,GAAG,IAAA,uBAAe,EAAC,OAAO,CAAC,CAAA;YACxC,MAAM,GAAG,GAAG,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,CAAA;YAC/B,OAAO,GAAiB,CAAA;QAC1B,CAAC;QACD,MAAM,KAAK,CAAC,2CAA2C,CAAC,CAAA;IAC1D,CAAC;IAEO,uBAAuB,CAAC,GAAW;QACzC,MAAM,KAAK,GAAG,GAAG,CAAC,KAAK,CAAC,GAAG,CAAC,CAAA;QAC5B,IAAI,KAAK,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YACrB,MAAM,IAAI,KAAK,CAAC,oBAAoB,CAAC,CAAA;QACvC,CAAC;QACD,OAAO,KAAK,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAA;IAC/B,CAAC;CACF;AApYD,kCAoYC"}

package/dist/defaultCallbacks.d.ts ADDED Viewed

@@ -0,0 +1,6 @@
+import { HasherSync } from '@sphereon/ssi-types';
+import { IRequiredContext, SdJwtVerifySignature } from './types';
+export declare const defaultGenerateDigest: HasherSync;
+export declare const defaultGenerateSalt: () => string;
+export declare const defaultVerifySignature: (context: IRequiredContext) => SdJwtVerifySignature;
+//# sourceMappingURL=defaultCallbacks.d.ts.map

package/dist/defaultCallbacks.d.ts.map ADDED Viewed

	@@ -0,0 +1 @@
1	+ {"version":3,"file":"defaultCallbacks.d.ts","sourceRoot":"","sources":["../src/defaultCallbacks.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,UAAU,EAAgB,MAAM,qBAAqB,CAAA;AAG9D,OAAO,EAAE,gBAAgB,EAAE,oBAAoB,EAAE,MAAM,SAAS,CAAA;AAEhE,eAAO,MAAM,qBAAqB,EAAE,UAInC,CAAA;AAED,eAAO,MAAM,mBAAmB,QAAO,MAEtC,CAAA;AAED,eAAO,MAAM,sBAAsB,YACvB,gBAAgB,KAAG,oBAM5B,CAAA"}

package/dist/defaultCallbacks.js ADDED Viewed

@@ -0,0 +1,55 @@
+"use strict";
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
+    Object.defineProperty(o, "default", { enumerable: true, value: v });
+}) : function(o, v) {
+    o["default"] = v;
+});
+var __importStar = (this && this.__importStar) || function (mod) {
+    if (mod && mod.__esModule) return mod;
+    var result = {};
+    if (mod != null) for (var k in mod) if (k !== "default" && Object.prototype.hasOwnProperty.call(mod, k)) __createBinding(result, mod, k);
+    __setModuleDefault(result, mod);
+    return result;
+};
+var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) {
+    function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }
+    return new (P || (P = Promise))(function (resolve, reject) {
+        function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } }
+        function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } }
+        function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); }
+        step((generator = generator.apply(thisArg, _arguments || [])).next());
+    });
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.defaultVerifySignature = exports.defaultGenerateSalt = exports.defaultGenerateDigest = void 0;
+const ssi_sdk_ext_key_utils_1 = require("@sphereon/ssi-sdk-ext.key-utils");
+const ssi_types_1 = require("@sphereon/ssi-types");
+const uuid_1 = require("uuid");
+const u8a = __importStar(require("uint8arrays"));
+const defaultGenerateDigest = (data, alg) => {
+    return (0, ssi_sdk_ext_key_utils_1.digestMethodParams)(alg.includes('256') ? 'SHA-256' : 'SHA-512').hash(typeof data === 'string' ? u8a.fromString(data, 'utf-8') : new Uint8Array(data));
+};
+exports.defaultGenerateDigest = defaultGenerateDigest;
+const defaultGenerateSalt = () => {
+    return (0, uuid_1.v4)();
+};
+exports.defaultGenerateSalt = defaultGenerateSalt;
+const defaultVerifySignature = (context) => (data, signature, publicKey) => __awaiter(void 0, void 0, void 0, function* () {
+    // The data and signature from the sd-jwt lib are a jwt header.payload and signature, so let's recombine into a compact jwt
+    const result = yield context.agent.jwtVerifyJwsSignature({ jws: `${data}.${signature}`, jwk: publicKey });
+    ssi_types_1.Loggers.DEFAULT.get('sd-jwt').info(`SD-JWT signature verified. Result: ${result.message}`);
+    return !result.error;
+});
+exports.defaultVerifySignature = defaultVerifySignature;
+//# sourceMappingURL=defaultCallbacks.js.map

package/dist/defaultCallbacks.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"defaultCallbacks.js","sourceRoot":"","sources":["../src/defaultCallbacks.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAAA,2EAAoE;AACpE,mDAA8D;AAC9D,+BAAyB;AACzB,iDAAkC;AAG3B,MAAM,qBAAqB,GAAe,CAAC,IAA0B,EAAE,GAAW,EAAc,EAAE;IACvG,OAAO,IAAA,0CAAkB,EAAC,GAAG,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,IAAI,CACzE,OAAO,IAAI,KAAK,QAAQ,CAAC,CAAC,CAAC,GAAG,CAAC,UAAU,CAAC,IAAI,EAAE,OAAO,CAAC,CAAC,CAAC,CAAC,IAAI,UAAU,CAAC,IAAI,CAAC,CAChF,CAAA;AACH,CAAC,CAAA;AAJY,QAAA,qBAAqB,yBAIjC;AAEM,MAAM,mBAAmB,GAAG,GAAW,EAAE;IAC9C,OAAO,IAAA,SAAE,GAAE,CAAA;AACb,CAAC,CAAA;AAFY,QAAA,mBAAmB,uBAE/B;AAEM,MAAM,sBAAsB,GACjC,CAAC,OAAyB,EAAwB,EAAE,CACpD,CAAO,IAAY,EAAE,SAAiB,EAAE,SAAqB,EAAoB,EAAE;IACjF,2HAA2H;IAC3H,MAAM,MAAM,GAAG,MAAM,OAAO,CAAC,KAAK,CAAC,qBAAqB,CAAC,EAAE,GAAG,EAAE,GAAG,IAAI,IAAI,SAAS,EAAE,EAAE,GAAG,EAAE,SAAgB,EAAE,CAAC,CAAA;IAChH,mBAAO,CAAC,OAAO,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC,IAAI,CAAC,sCAAsC,MAAM,CAAC,OAAO,EAAE,CAAC,CAAA;IAC1F,OAAO,CAAC,MAAM,CAAC,KAAK,CAAA;AACtB,CAAC,CAAA,CAAA;AAPU,QAAA,sBAAsB,0BAOhC"}