@sphereon/ssi-sdk.siopv2-oid4vp-rp-auth 0.34.1-feature.DIIPv4.257 → 0.34.1-feature.DIIPv4.270

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (7) hide show
  1. package/dist/index.cjs +26 -12
  2. package/dist/index.cjs.map +1 -1
  3. package/dist/index.js +26 -12
  4. package/dist/index.js.map +1 -1
  5. package/package.json +17 -17
  6. package/src/RPInstance.ts +4 -2
  7. package/src/agent/SIOPv2RP.ts +33 -21
package/dist/index.cjs CHANGED
@@ -633,7 +633,7 @@ var RPInstance = class {
633
633
  return this._presentationOptions;
634
634
  }
635
635
  async createAuthorizationRequestURI(createArgs, context) {
636
- const { correlationId, queryId, claims, requestByReferenceURI, responseURI, responseURIType, callback } = createArgs;
636
+ const { correlationId, queryId, claims, requestByReferenceURI, responseURI, responseURIType, callback, responseRedirectURI } = createArgs;
637
637
  const nonce = createArgs.nonce ?? (0, import_uuid2.v4)();
638
638
  const state = createArgs.state ?? correlationId;
639
639
  let jwtIssuer;
@@ -669,11 +669,12 @@ var RPInstance = class {
669
669
  responseURI,
670
670
  responseURIType,
671
671
  jwtIssuer,
672
- callback
672
+ callback,
673
+ responseRedirectURI
673
674
  }));
674
675
  }
675
676
  async createAuthorizationRequest(createArgs, context) {
676
- const { correlationId, claims, requestByReferenceURI, responseURI, responseURIType } = createArgs;
677
+ const { correlationId, claims, requestByReferenceURI, responseURI, responseURIType, responseRedirectURI } = createArgs;
677
678
  const nonce = createArgs.nonce ?? (0, import_uuid2.v4)();
678
679
  const state = createArgs.state ?? correlationId;
679
680
  const idOpts = this.rpOptions.identifierOpts.idOpts;
@@ -704,7 +705,8 @@ var RPInstance = class {
704
705
  requestByReferenceURI,
705
706
  responseURIType,
706
707
  responseURI,
707
- jwtIssuer
708
+ jwtIssuer,
709
+ responseRedirectURI
708
710
  }));
709
711
  }
710
712
  };
@@ -790,9 +792,21 @@ var SIOPv2RP = class _SIOPv2RP {
790
792
  }
791
793
  const vpToken = responseState.response.payload.vp_token && JSON.parse(responseState.response.payload.vp_token);
792
794
  const claims = [];
793
- for (const [key, value] of Object.entries(vpToken)) {
795
+ for (const [credentialQueryId, presentationValue] of Object.entries(vpToken)) {
796
+ let singleVP;
797
+ if (Array.isArray(presentationValue)) {
798
+ if (presentationValue.length === 0) {
799
+ throw Error(`DCQL query '${credentialQueryId}' has empty array of presentations`);
800
+ }
801
+ if (presentationValue.length > 1) {
802
+ throw Error(`DCQL query '${credentialQueryId}' has multiple presentations (${presentationValue.length}), but only one is supported atm`);
803
+ }
804
+ singleVP = presentationValue[0];
805
+ } else {
806
+ singleVP = presentationValue;
807
+ }
794
808
  const presentationDecoded = import_ssi_types2.CredentialMapper.decodeVerifiablePresentation(
795
- value,
809
+ singleVP,
796
810
  //todo: later we want to conditionally pass in options for mdl-mdoc here
797
811
  hasher
798
812
  );
@@ -816,20 +830,20 @@ var SIOPv2RP = class _SIOPv2RP {
816
830
  if (!("id" in allClaims)) {
817
831
  allClaims["id"] = credentialSubject.id;
818
832
  }
819
- Object.entries(credentialSubject).forEach(([key2, value2]) => {
820
- if (!(key2 in allClaims)) {
821
- allClaims[key2] = value2;
833
+ Object.entries(credentialSubject).forEach(([key, value]) => {
834
+ if (!(key in allClaims)) {
835
+ allClaims[key] = value;
822
836
  }
823
837
  });
824
838
  claims.push({
825
- id: key,
839
+ id: credentialQueryId,
826
840
  type: vc.type[0],
827
841
  claims: allClaims
828
842
  });
829
843
  }
830
844
  } else {
831
845
  claims.push({
832
- id: key,
846
+ id: credentialQueryId,
833
847
  type: presentationDecoded.decodedPayload.vct,
834
848
  claims: presentationOrClaims
835
849
  });
@@ -912,7 +926,7 @@ var SIOPv2RP = class _SIOPv2RP {
912
926
  const rpInstance = this.instances.get(instanceId);
913
927
  if (rpInstance !== void 0) {
914
928
  const rp = await rpInstance.get(context);
915
- return rp.getResponseRedirectUri({
929
+ return await rp.getResponseRedirectUri({
916
930
  correlation_id: args.correlationId,
917
931
  correlationId: args.correlationId,
918
932
  ...args.state && {
package/dist/index.cjs.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"sources":["../src/index.ts","../plugin.schema.json","../src/agent/SIOPv2RP.ts","../src/functions.ts","../src/RPInstance.ts"],"sourcesContent":["/**\n * @public\n */\nimport schema from '../plugin.schema.json'\nexport { schema }\nexport { SIOPv2RP } from './agent/SIOPv2RP'\nexport * from './types/ISIOPv2RP'\n","{\n \"IDidAuthSiopOpAuthenticator\": {\n \"components\": {\n \"schemas\": {\n \"IGetSiopSessionArgs\": {\n \"type\": \"object\",\n \"properties\": {\n \"sessionId\": {\n \"type\": \"string\"\n },\n \"additionalProperties\": false\n },\n \"required\": [\"sessionId\"],\n \"description\": \"Arguments needed for {@link DidAuthSiopOpAuthenticator.getSessionForSiop } \"\n },\n \"IRegisterSiopSessionArgs\": {\n \"type\": \"object\",\n \"properties\": {\n \"identifier\": {\n \"type\": \"object\",\n \"properties\": {\n \"did\": {\n \"type\": \"string\"\n },\n \"alias\": {\n \"type\": \"string\"\n },\n \"provider\": {\n \"type\": \"string\"\n },\n \"controllerKeyId\": {\n \"type\": \"string\"\n },\n \"keys\": {\n \"type\": \"array\",\n \"items\": {\n \"type\": \"object\",\n \"properties\": {\n \"additionalProperties\": true\n }\n }\n },\n \"services\": {\n \"type\": \"array\",\n \"items\": {\n \"type\": \"object\",\n \"properties\": {\n \"additionalProperties\": true\n }\n }\n }\n },\n \"additionalProperties\": false,\n \"required\": [\"did\", \"provider\", \"keys\", \"services\"]\n },\n \"sessionId\": {\n \"type\": \"string\"\n },\n \"expiresIn\": {\n \"type\": \"number\"\n },\n \"additionalProperties\": false\n },\n \"required\": [\"identifier\"],\n \"description\": \"Arguments needed for {@link DidAuthSiopOpAuthenticator.registerSessionForSiop } \"\n },\n \"IRemoveSiopSessionArgs\": {\n \"type\": \"object\",\n \"properties\": {\n \"sessionId\": {\n \"type\": \"string\"\n },\n \"additionalProperties\": false\n },\n \"required\": [\"sessionId\"],\n \"description\": \"Arguments needed for {@link DidAuthSiopOpAuthenticator.removeSessionForSiop } \"\n },\n \"IAuthenticateWithSiopArgs\": {\n \"type\": \"object\",\n \"properties\": {\n \"sessionId\": {\n \"type\": \"string\"\n },\n \"stateId\": {\n \"type\": \"string\"\n },\n \"redirectUrl\": {\n \"type\": \"string\"\n },\n \"additionalProperties\": false\n },\n \"required\": [\"sessionId\", \"stateId\", \"redirectUrl\"],\n \"description\": \"Arguments needed for {@link DidAuthSiopOpAuthenticator.authenticateWithSiop } \"\n },\n \"IResponse\": {\n \"type\": \"object\",\n \"properties\": {\n \"status\": {\n \"type\": \"number\"\n },\n \"additionalProperties\": true\n },\n \"required\": [\"status\"],\n \"description\": \"Result of {@link DidAuthSiopOpAuthenticator.authenticateWithSiop & DidAuthSiopOpAuthenticator.sendSiopAuthenticationResponse } \"\n },\n \"IGetSiopAuthenticationRequestFromRpArgs\": {\n \"type\": \"object\",\n \"properties\": {\n \"sessionId\": {\n \"type\": \"string\"\n },\n \"stateId\": {\n \"type\": \"string\"\n },\n \"redirectUrl\": {\n \"type\": \"string\"\n },\n \"additionalProperties\": false\n },\n \"required\": [\"sessionId\", \"stateId\", \"redirectUrl\"],\n \"description\": \"Arguments needed for {@link DidAuthSiopOpAuthenticator.getSiopAuthenticationRequestFromRP } \"\n },\n \"ParsedAuthenticationRequestURI\": {\n \"type\": \"object\",\n \"properties\": {\n \"jwt\": {\n \"type\": \"string\"\n },\n \"requestPayload\": {\n \"type\": \"object\",\n \"properties\": {\n \"additionalProperties\": true\n }\n },\n \"registration\": {\n \"type\": \"object\",\n \"properties\": {\n \"additionalProperties\": true\n }\n },\n \"additionalProperties\": false\n },\n \"required\": [\"jwt\", \"requestPayload\", \"registration\"],\n \"description\": \"Result of {@link DidAuthSiopOpAuthenticator.getSiopAuthenticationRequestFromRP } \"\n },\n \"IGetSiopAuthenticationRequestDetailsArgs\": {\n \"type\": \"object\",\n \"properties\": {\n \"sessionId\": {\n \"type\": \"string\"\n },\n \"verifiedAuthenticationRequest\": {\n \"type\": \"object\",\n \"properties\": {\n \"additionalProperties\": true\n }\n },\n \"credentialFilter\": {\n \"type\": \"object\",\n \"properties\": {\n \"additionalProperties\": true\n }\n },\n \"additionalProperties\": false\n },\n \"required\": [\"sessionId\", \"verifiedAuthenticationRequest\"],\n \"description\": \"Arguments needed for {@link DidAuthSiopOpAuthenticator.getSiopAuthenticationRequestDetails } \"\n },\n \"IAuthRequestDetails\": {\n \"type\": \"object\",\n \"properties\": {\n \"id\": {\n \"type\": \"string\"\n },\n \"alsoKnownAs\": {\n \"type\": \"array\",\n \"items\": {\n \"type\": \"string\"\n }\n },\n \"vpResponseOpts\": {\n \"type\": \"object\",\n \"properties\": {\n \"additionalProperties\": true\n }\n },\n \"additionalProperties\": false\n },\n \"required\": [\"id\", \"vpResponseOpts\"],\n \"description\": \"Result of {@link DidAuthSiopOpAuthenticator.getSiopAuthenticationRequestDetails } \"\n },\n \"IVerifySiopAuthenticationRequestUriArgs\": {\n \"type\": \"object\",\n \"properties\": {\n \"sessionId\": {\n \"type\": \"string\"\n },\n \"ParsedAuthenticationRequestURI\": {\n \"type\": \"object\",\n \"properties\": {\n \"additionalProperties\": true\n }\n },\n \"additionalProperties\": false\n },\n \"required\": [\"sessionId\", \"ParsedAuthenticationRequestURI\"],\n \"description\": \"Arguments needed for {@link DidAuthSiopOpAuthenticator.verifySiopAuthenticationRequestURI } \"\n },\n \"VerifiedAuthorizationRequest\": {\n \"type\": \"object\",\n \"properties\": {\n \"payload\": {\n \"type\": \"object\",\n \"properties\": {\n \"additionalProperties\": true\n }\n },\n \"presentationDefinitions\": {\n \"type\": \"object\",\n \"properties\": {\n \"additionalProperties\": true\n }\n },\n \"verifyOpts\": {\n \"type\": \"object\",\n \"properties\": {\n \"additionalProperties\": true\n }\n },\n \"additionalProperties\": false\n },\n \"required\": [\"payload\", \"verifyOpts\"],\n \"description\": \"Result of {@link DidAuthSiopOpAuthenticator.verifySiopAuthenticationRequestURI } \"\n },\n \"ISendSiopAuthenticationResponseArgs\": {\n \"type\": \"object\",\n \"properties\": {\n \"sessionId\": {\n \"type\": \"string\"\n },\n \"verifiedAuthenticationRequest\": {\n \"type\": \"object\",\n \"properties\": {\n \"additionalProperties\": true\n }\n },\n \"verifiablePresentationResponse\": {\n \"type\": \"object\",\n \"properties\": {\n \"additionalProperties\": true\n }\n },\n \"additionalProperties\": false\n },\n \"required\": [\"sessionId\", \"verifiedAuthenticationRequest\"],\n \"description\": \"Arguments needed for {@link DidAuthSiopOpAuthenticator.sendSiopAuthenticationResponse } \"\n }\n },\n \"methods\": {\n \"getSessionForSiop\": {\n \"description\": \"Get SIOP session\",\n \"arguments\": {\n \"$ref\": \"#/components/schemas/IGetSiopSessionArgs\"\n },\n \"returnType\": \"object\"\n },\n \"registerSessionForSiop\": {\n \"description\": \"Register SIOP session\",\n \"arguments\": {\n \"$ref\": \"#/components/schemas/IRegisterSiopSessionArgs\"\n },\n \"returnType\": \"object\"\n },\n \"removeSessionForSiop\": {\n \"description\": \"Remove SIOP session\",\n \"arguments\": {\n \"$ref\": \"#/components/schemas/IRemoveSiopSessionArgs\"\n },\n \"returnType\": \"boolean\"\n },\n \"authenticateWithSiop\": {\n \"description\": \"Authenticate using DID Auth SIOP\",\n \"arguments\": {\n \"$ref\": \"#/components/schemas/IAuthenticateWithSiopArgs\"\n },\n \"returnType\": {\n \"$ref\": \"#/components/schemas/Response\"\n }\n },\n \"getSiopAuthenticationRequestFromRP\": {\n \"description\": \"Get authentication request from RP\",\n \"arguments\": {\n \"$ref\": \"#/components/schemas/IGetSiopAuthenticationRequestFromRpArgs\"\n },\n \"returnType\": {\n \"$ref\": \"#/components/schemas/ParsedAuthenticationRequestURI\"\n }\n },\n \"getSiopAuthenticationRequestDetails\": {\n \"description\": \"Get authentication request details\",\n \"arguments\": {\n \"$ref\": \"#/components/schemas/IGetSiopAuthenticationRequestDetailsArgs\"\n },\n \"returnType\": {\n \"$ref\": \"#/components/schemas/IAuthRequestDetails\"\n }\n },\n \"verifySiopAuthenticationRequestURI\": {\n \"description\": \"Verify authentication request URI\",\n \"arguments\": {\n \"$ref\": \"#/components/schemas/IVerifySiopAuthenticationRequestUriArgs\"\n },\n \"returnType\": {\n \"$ref\": \"#/components/schemas/VerifiedAuthorizationRequest\"\n }\n },\n \"sendSiopAuthenticationResponse\": {\n \"description\": \"Send authentication response\",\n \"arguments\": {\n \"$ref\": \"#/components/schemas/ISendSiopAuthenticationResponseArgs\"\n },\n \"returnType\": {\n \"$ref\": \"#/components/schemas/IRequiredContext\"\n }\n }\n }\n }\n }\n}\n","import {\n AuthorizationRequestState,\n AuthorizationResponsePayload,\n AuthorizationResponseState,\n AuthorizationResponseStateStatus,\n AuthorizationResponseStateWithVerifiedData,\n decodeUriAsJson,\n EncodedDcqlPresentationVpToken,\n VerifiedAuthorizationResponse\n} from '@sphereon/did-auth-siop'\nimport { getAgentResolver } from '@sphereon/ssi-sdk-ext.did-utils'\nimport { shaHasher as defaultHasher } from '@sphereon/ssi-sdk.core'\nimport { validate as isValidUUID } from 'uuid'\nimport type { ImportDcqlQueryItem } from '@sphereon/ssi-sdk.pd-manager'\nimport {\n AdditionalClaims,\n CredentialMapper,\n HasherSync,\n ICredentialSubject,\n IPresentation,\n IVerifiableCredential,\n IVerifiablePresentation,\n JwtDecodedVerifiablePresentation,\n MdocDeviceResponse,\n MdocOid4vpMdocVpToken,\n OriginalVerifiablePresentation,\n SdJwtDecodedVerifiableCredential\n} from '@sphereon/ssi-types'\nimport { IAgentPlugin } from '@veramo/core'\nimport { DcqlQuery } from 'dcql'\nimport {\n IAuthorizationRequestPayloads,\n ICreateAuthRequestArgs,\n IGetAuthRequestStateArgs,\n IGetAuthResponseStateArgs,\n IGetRedirectUriArgs,\n ImportDefinitionsArgs,\n IPEXInstanceOptions,\n IRequiredContext,\n IRPDefaultOpts,\n IRPOptions,\n ISiopRPInstanceArgs,\n ISiopv2RPOpts,\n IUpdateRequestStateArgs,\n IVerifyAuthResponseStateArgs,\n schema\n} from '../index'\nimport { RPInstance } from '../RPInstance'\nimport { ISIOPv2RP } from '../types/ISIOPv2RP'\n\nexport class SIOPv2RP implements IAgentPlugin {\n private readonly opts: ISiopv2RPOpts\n private static readonly _DEFAULT_OPTS_KEY = '_default'\n private readonly instances: Map<string, RPInstance> = new Map()\n readonly schema = schema.IDidAuthSiopOpAuthenticator\n\n readonly methods: ISIOPv2RP = {\n siopCreateAuthRequestURI: this.createAuthorizationRequestURI.bind(this),\n siopCreateAuthRequestPayloads: this.createAuthorizationRequestPayloads.bind(this),\n siopGetAuthRequestState: this.siopGetRequestState.bind(this),\n siopGetAuthResponseState: this.siopGetResponseState.bind(this),\n siopUpdateAuthRequestState: this.siopUpdateRequestState.bind(this),\n siopDeleteAuthState: this.siopDeleteState.bind(this),\n siopVerifyAuthResponse: this.siopVerifyAuthResponse.bind(this),\n siopImportDefinitions: this.siopImportDefinitions.bind(this),\n siopGetRedirectURI: this.siopGetRedirectURI.bind(this),\n }\n\n constructor(opts: ISiopv2RPOpts) {\n this.opts = opts\n }\n\n public setDefaultOpts(rpDefaultOpts: IRPDefaultOpts, context: IRequiredContext) {\n // We allow setting default options later, because in some cases you might want to query the agent for defaults. This cannot happen when the agent is being build (this is when the constructor is being called)\n this.opts.defaultOpts = rpDefaultOpts\n // We however do require the agent to be responsible for resolution, otherwise people might encounter strange errors, that are very hard to track down\n if (\n !this.opts.defaultOpts.identifierOpts.resolveOpts?.resolver ||\n typeof this.opts.defaultOpts.identifierOpts.resolveOpts.resolver.resolve !== 'function'\n ) {\n this.opts.defaultOpts.identifierOpts.resolveOpts = {\n ...this.opts.defaultOpts.identifierOpts.resolveOpts,\n resolver: getAgentResolver(context, { uniresolverResolution: true, resolverResolution: true, localResolution: true }),\n }\n }\n }\n\n private async createAuthorizationRequestURI(createArgs: ICreateAuthRequestArgs, context: IRequiredContext): Promise<string> {\n return await this.getRPInstance(\n {\n createWhenNotPresent: true,\n responseRedirectURI: createArgs.responseRedirectURI,\n ...(createArgs.useQueryIdInstance === true && { queryId: createArgs.queryId } ),\n },\n context,\n )\n .then((rp) => rp.createAuthorizationRequestURI(createArgs, context))\n .then((URI) => URI.encodedUri)\n }\n\n private async createAuthorizationRequestPayloads(\n createArgs: ICreateAuthRequestArgs,\n context: IRequiredContext,\n ): Promise<IAuthorizationRequestPayloads> {\n return await this.getRPInstance({ createWhenNotPresent: true, queryId: createArgs.queryId }, context)\n .then((rp) => rp.createAuthorizationRequest(createArgs, context))\n .then(async (request) => {\n const authRequest: IAuthorizationRequestPayloads = {\n authorizationRequest: request.payload,\n requestObject: await request.requestObjectJwt(),\n requestObjectDecoded: request.requestObject?.getPayload(),\n }\n return authRequest\n })\n }\n\n private async siopGetRequestState(args: IGetAuthRequestStateArgs, context: IRequiredContext): Promise<AuthorizationRequestState | undefined> {\n return await this.getRPInstance({ createWhenNotPresent: false, queryId: args.queryId }, context).then((rp) =>\n rp.get(context).then((rp) =>\n rp.sessionManager.getRequestStateByCorrelationId(args.correlationId, args.errorOnNotFound)\n ),\n )\n }\n\n private async siopGetResponseState(\n args: IGetAuthResponseStateArgs,\n context: IRequiredContext,\n ): Promise<AuthorizationResponseStateWithVerifiedData | undefined> {\n const rpInstance: RPInstance = await this.getRPInstance({ createWhenNotPresent: false, queryId: args.queryId }, context)\n const authorizationResponseState: AuthorizationResponseState | undefined = await rpInstance\n .get(context)\n .then((rp) => rp.sessionManager.getResponseStateByCorrelationId(args.correlationId, args.errorOnNotFound))\n if (authorizationResponseState === undefined) {\n return undefined\n }\n\n const responseState = authorizationResponseState as AuthorizationResponseStateWithVerifiedData\n if (responseState.status === AuthorizationResponseStateStatus.VERIFIED) {\n let hasher: HasherSync | undefined\n if (\n CredentialMapper.isSdJwtEncoded(responseState.response.payload.vp_token as OriginalVerifiablePresentation) &&\n (!rpInstance.rpOptions.credentialOpts?.hasher || typeof rpInstance.rpOptions.credentialOpts?.hasher !== 'function')\n ) {\n hasher = defaultHasher\n }\n\n // FIXME SSISDK-64 currently assuming that all vp tokens are or type EncodedDcqlPresentationVpToken as we only work with DCQL now. But the types still indicate it can be another type of vp token\n const vpToken = responseState.response.payload.vp_token && JSON.parse(responseState.response.payload.vp_token as EncodedDcqlPresentationVpToken)\n const claims = []\n for (const [key, value] of Object.entries(vpToken)) {\n // todo this should also include mdl-mdoc\n const presentationDecoded = CredentialMapper.decodeVerifiablePresentation(\n value as OriginalVerifiablePresentation,\n //todo: later we want to conditionally pass in options for mdl-mdoc here\n hasher,\n )\n console.log(`presentationDecoded: ${JSON.stringify(presentationDecoded)}`)\n\n const allClaims: AdditionalClaims = {}\n const presentationOrClaims = this.presentationOrClaimsFrom(presentationDecoded)\n if ('verifiableCredential' in presentationOrClaims) {\n for (const credential of presentationOrClaims.verifiableCredential) {\n const vc = credential as IVerifiableCredential\n const schemaValidationResult = await context.agent.cvVerifySchema({\n credential,\n hasher,\n validationPolicy: rpInstance.rpOptions.verificationPolicies?.schemaValidation,\n })\n if (!schemaValidationResult.result) {\n responseState.status = AuthorizationResponseStateStatus.ERROR\n responseState.error = new Error(schemaValidationResult.error)\n return responseState\n }\n\n const credentialSubject = vc.credentialSubject as ICredentialSubject & AdditionalClaims\n if (!('id' in allClaims)) {\n allClaims['id'] = credentialSubject.id\n }\n\n Object.entries(credentialSubject).forEach(([key, value]) => {\n if (!(key in allClaims)) {\n allClaims[key] = value\n }\n })\n\n claims.push({\n id: key,\n type: vc.type[0],\n claims: allClaims\n })\n }\n } else {\n claims.push({\n id: key,\n type: (presentationDecoded as SdJwtDecodedVerifiableCredential).decodedPayload.vct,\n claims: presentationOrClaims\n })\n }\n }\n\n responseState.verifiedData = {\n ...(responseState.response.payload.vp_token && {\n authorization_response: {\n vp_token: typeof responseState.response.payload.vp_token === 'string'\n ? JSON.parse(responseState.response.payload.vp_token)\n : responseState.response.payload.vp_token\n }\n }),\n ...(claims.length > 0 && { credential_claims: claims })\n }\n }\n\n return responseState\n }\n\n private presentationOrClaimsFrom = (\n presentationDecoded:\n | JwtDecodedVerifiablePresentation\n | IVerifiablePresentation\n | SdJwtDecodedVerifiableCredential\n | MdocOid4vpMdocVpToken\n | MdocDeviceResponse\n ): AdditionalClaims | IPresentation => {\n return CredentialMapper.isSdJwtDecodedCredential(presentationDecoded)\n ? presentationDecoded.decodedPayload\n : CredentialMapper.toUniformPresentation(presentationDecoded as OriginalVerifiablePresentation)\n }\n\n private async siopUpdateRequestState(args: IUpdateRequestStateArgs, context: IRequiredContext): Promise<AuthorizationRequestState> {\n if (args.state !== 'authorization_request_created') {\n throw Error(`Only 'authorization_request_created' status is supported for this method at this point`)\n }\n return await this.getRPInstance({ createWhenNotPresent: false, queryId: args.queryId }, context)\n // todo: In the SIOP library we need to update the signal method to be more like this method\n .then((rp) =>\n rp.get(context).then(async (rp) => {\n await rp.signalAuthRequestRetrieved({\n correlationId: args.correlationId,\n error: args.error ? new Error(args.error) : undefined,\n })\n return (await rp.sessionManager.getRequestStateByCorrelationId(args.correlationId, true)) as AuthorizationRequestState\n }),\n )\n }\n\n private async siopDeleteState(args: IGetAuthResponseStateArgs, context: IRequiredContext): Promise<boolean> {\n return await this.getRPInstance({ createWhenNotPresent: false, queryId: args.queryId }, context)\n .then((rp) => rp.get(context).then((rp) => rp.sessionManager.deleteStateForCorrelationId(args.correlationId)))\n .then(() => true)\n }\n\n private async siopVerifyAuthResponse(args: IVerifyAuthResponseStateArgs, context: IRequiredContext): Promise<VerifiedAuthorizationResponse> {\n if (!args.authorizationResponse) {\n throw Error('No SIOPv2 Authorization Response received')\n }\n const authResponse =\n typeof args.authorizationResponse === 'string'\n ? (decodeUriAsJson(args.authorizationResponse) as AuthorizationResponsePayload)\n : args.authorizationResponse\n return await this.getRPInstance({ createWhenNotPresent: false, queryId: args.queryId }, context).then((rp) =>\n rp.get(context).then((rp) =>\n rp.verifyAuthorizationResponse(authResponse, {\n correlationId: args.correlationId,\n ...(args.dcqlQuery && { dcqlQuery: args.dcqlQuery }),\n audience: args.audience,\n }),\n ),\n )\n }\n\n private async siopImportDefinitions(args: ImportDefinitionsArgs, context: IRequiredContext): Promise<void> {\n const { importItems, tenantId, version, versionControlMode } = args\n await Promise.all(\n importItems.map(async (importItem: ImportDcqlQueryItem) => {\n DcqlQuery.validate(importItem.query)\n console.log(`persisting DCQL definition ${importItem.queryId} with versionControlMode ${versionControlMode}`)\n\n return context.agent.pdmPersistDefinition({\n definitionItem: {\n queryId: importItem.queryId!,\n tenantId: tenantId,\n version: version,\n query: importItem.query,\n },\n opts: { versionControlMode: versionControlMode },\n })\n }),\n )\n }\n\n private async siopGetRedirectURI(args: IGetRedirectUriArgs, context: IRequiredContext): Promise<string | undefined> {\n const instanceId = args.queryId ?? SIOPv2RP._DEFAULT_OPTS_KEY\n if (this.instances.has(instanceId)) {\n const rpInstance = this.instances.get(instanceId)\n if (rpInstance !== undefined) {\n const rp = await rpInstance.get(context)\n return rp.getResponseRedirectUri({\n correlation_id: args.correlationId,\n correlationId: args.correlationId,\n ...(args.state && { state: args.state }),\n })\n }\n }\n return undefined\n }\n\n async getRPInstance({ createWhenNotPresent, queryId, responseRedirectURI }: ISiopRPInstanceArgs, context: IRequiredContext): Promise<RPInstance> {\n let rpInstanceId: string = SIOPv2RP._DEFAULT_OPTS_KEY\n let rpInstance: RPInstance | undefined\n if (queryId) {\n if (this.instances.has(queryId)) {\n rpInstanceId = queryId\n rpInstance = this.instances.get(rpInstanceId)!\n } else if (isValidUUID(queryId)) {\n try {\n // Check whether queryId is actually the PD item id\n const pd = await context.agent.pdmGetDefinition({ itemId: queryId })\n if (this.instances.has(pd.queryId)) {\n rpInstanceId = pd.queryId\n rpInstance = this.instances.get(rpInstanceId)!\n }\n } catch (ignore) {}\n }\n if (createWhenNotPresent) {\n rpInstanceId = queryId\n } else {\n rpInstance = this.instances.get(rpInstanceId)\n }\n } else {\n rpInstance = this.instances.get(rpInstanceId)\n }\n\n if (!rpInstance) {\n if (!createWhenNotPresent) {\n return Promise.reject(`No RP instance found for key ${rpInstanceId}`)\n }\n const instanceOpts = this.getInstanceOpts(queryId)\n const rpOpts = await this.getRPOptions(context, { queryId, responseRedirectURI: responseRedirectURI })\n if (!rpOpts.identifierOpts.resolveOpts?.resolver || typeof rpOpts.identifierOpts.resolveOpts.resolver.resolve !== 'function') {\n if (!rpOpts.identifierOpts?.resolveOpts) {\n rpOpts.identifierOpts = { ...rpOpts.identifierOpts }\n rpOpts.identifierOpts.resolveOpts = { ...rpOpts.identifierOpts.resolveOpts }\n }\n console.log('Using agent DID resolver for RP instance with definition id ' + queryId)\n rpOpts.identifierOpts.resolveOpts.resolver = getAgentResolver(context, {\n uniresolverResolution: true,\n localResolution: true,\n resolverResolution: true,\n })\n }\n rpInstance = new RPInstance({ rpOpts, pexOpts: instanceOpts })\n this.instances.set(rpInstanceId, rpInstance)\n }\n if (responseRedirectURI) {\n rpInstance.rpOptions.responseRedirectUri = responseRedirectURI\n }\n return rpInstance\n }\n\n async getRPOptions(context: IRequiredContext, opts: { queryId?: string; responseRedirectURI?: string }): Promise<IRPOptions> {\n const { queryId, responseRedirectURI: responseRedirectURI } = opts\n const options = this.getInstanceOpts(queryId)?.rpOpts ?? this.opts.defaultOpts\n if (!options) {\n throw Error(`Could not get specific nor default options for definition ${queryId}`)\n }\n if (this.opts.defaultOpts) {\n if (!options.identifierOpts) {\n options.identifierOpts = this.opts.defaultOpts?.identifierOpts\n } else {\n if (!options.identifierOpts.idOpts) {\n options.identifierOpts.idOpts = this.opts.defaultOpts.identifierOpts.idOpts\n }\n if (!options.identifierOpts.supportedDIDMethods) {\n options.identifierOpts.supportedDIDMethods = this.opts.defaultOpts.identifierOpts.supportedDIDMethods\n }\n if (!options.supportedVersions) {\n options.supportedVersions = this.opts.defaultOpts.supportedVersions\n }\n }\n if (!options.identifierOpts.resolveOpts || typeof options.identifierOpts.resolveOpts.resolver?.resolve !== 'function') {\n options.identifierOpts.resolveOpts = {\n ...this.opts.defaultOpts.identifierOpts.resolveOpts,\n resolver:\n this.opts.defaultOpts.identifierOpts?.resolveOpts?.resolver ??\n getAgentResolver(context, { localResolution: true, resolverResolution: true, uniresolverResolution: true }),\n }\n }\n }\n if (responseRedirectURI !== undefined && responseRedirectURI !== options.responseRedirectUri) {\n options.responseRedirectUri = responseRedirectURI\n }\n return options\n }\n\n getInstanceOpts(queryId?: string): IPEXInstanceOptions | undefined {\n if (!this.opts.instanceOpts) return undefined\n\n const instanceOpt = queryId ? this.opts.instanceOpts.find((i) => i.queryId === queryId) : undefined\n\n return instanceOpt ?? this.getDefaultOptions(queryId)\n }\n\n private getDefaultOptions(queryId: string | undefined) {\n if (!this.opts.instanceOpts) return undefined\n\n const defaultOptions = this.opts.instanceOpts.find((i) => i.queryId === 'default')\n if (defaultOptions) {\n const clonedOptions = { ...defaultOptions }\n if (queryId !== undefined) {\n clonedOptions.queryId = queryId\n }\n return clonedOptions\n }\n\n return undefined\n }\n}\n","import {\n ClientIdentifierPrefix,\n ClientMetadataOpts,\n DcqlQueryLookupCallback,\n InMemoryRPSessionManager,\n PassBy,\n PresentationVerificationCallback,\n PresentationVerificationResult,\n PropertyTarget,\n ResponseMode,\n ResponseType,\n RevocationVerification,\n RP,\n RPBuilder,\n Scope,\n SubjectType,\n SupportedVersion,\n VerifyJwtCallback,\n} from '@sphereon/did-auth-siop'\nimport { CreateJwtCallback, JwtHeader, JwtIssuer, JwtPayload, SigningAlgo } from '@sphereon/oid4vc-common'\nimport { IPresentationDefinition } from '@sphereon/pex'\nimport { getAgentDIDMethods, getAgentResolver } from '@sphereon/ssi-sdk-ext.did-utils'\nimport {\n isExternalIdentifierOIDFEntityIdOpts,\n isManagedIdentifierDidOpts,\n isManagedIdentifierDidResult,\n isManagedIdentifierX5cOpts,\n ManagedIdentifierOptsOrResult,\n} from '@sphereon/ssi-sdk-ext.identifier-resolution'\nimport { JwtCompactResult } from '@sphereon/ssi-sdk-ext.jwt-service'\nimport { IVerifySdJwtPresentationResult } from '@sphereon/ssi-sdk.sd-jwt'\nimport { CredentialMapper, HasherSync, OriginalVerifiableCredential, PresentationSubmission } from '@sphereon/ssi-types'\nimport { IVerifyCallbackArgs, IVerifyCredentialResult, VerifyCallback } from '@sphereon/wellknown-dids-client'\nimport { TKeyType } from '@veramo/core'\nimport { JWTVerifyOptions } from 'did-jwt'\nimport { Resolvable } from 'did-resolver'\nimport { EventEmitter } from 'events'\nimport { validate as isValidUUID } from 'uuid'\nimport { IRequiredContext, IRPOptions, ISIOPIdentifierOptions } from './types/ISIOPv2RP'\nimport { DcqlQuery } from 'dcql'\nimport { defaultHasher } from '@sphereon/ssi-sdk.core'\n\nexport function getRequestVersion(rpOptions: IRPOptions): SupportedVersion {\n if (Array.isArray(rpOptions.supportedVersions) && rpOptions.supportedVersions.length > 0) {\n return rpOptions.supportedVersions[0]\n }\n return SupportedVersion.OID4VP_v1\n}\n\nfunction getWellKnownDIDVerifyCallback(siopIdentifierOpts: ISIOPIdentifierOptions, context: IRequiredContext) {\n return siopIdentifierOpts.wellknownDIDVerifyCallback\n ? siopIdentifierOpts.wellknownDIDVerifyCallback\n : async (args: IVerifyCallbackArgs): Promise<IVerifyCredentialResult> => {\n const result = await context.agent.cvVerifyCredential({\n credential: args.credential as OriginalVerifiableCredential,\n fetchRemoteContexts: true,\n })\n return { verified: result.result }\n }\n}\n\nexport function getDcqlQueryLookupCallback(context: IRequiredContext): DcqlQueryLookupCallback {\n async function dcqlQueryLookup(queryId: string, version?: string, tenantId?: string): Promise<DcqlQuery> {\n // TODO Add caching?\n const result = await context.agent.pdmGetDefinitions({\n filter: [\n {\n queryId,\n ...(tenantId && { tenantId }),\n ...(version && { version }),\n },\n ...(isValidUUID(queryId) ? [{ id: queryId }] : []),\n ],\n })\n if (result && result.length > 0) {\n return result[0].query\n }\n\n return Promise.reject(Error(`No dcql query found for queryId ${queryId}`))\n }\n\n return dcqlQueryLookup\n}\n\nexport function getPresentationVerificationCallback(\n idOpts: ManagedIdentifierOptsOrResult,\n context: IRequiredContext,\n): PresentationVerificationCallback {\n async function presentationVerificationCallback(\n args: any, // FIXME any\n presentationSubmission?: PresentationSubmission,\n ): Promise<PresentationVerificationResult> {\n if (CredentialMapper.isSdJwtEncoded(args)) {\n const result: IVerifySdJwtPresentationResult = await context.agent.verifySdJwtPresentation({\n presentation: args,\n })\n // fixme: investigate the correct way to handle this\n return { verified: !!result.payload }\n }\n\n if (CredentialMapper.isMsoMdocOid4VPEncoded(args)) {\n // TODO Funke reevaluate\n if (context.agent.mdocOid4vpRPVerify === undefined) {\n return Promise.reject('ImDLMdoc agent plugin must be enabled to support MsoMdoc types')\n }\n if (presentationSubmission !== undefined && presentationSubmission !== null) {\n const verifyResult = await context.agent.mdocOid4vpRPVerify({\n vp_token: args,\n presentation_submission: presentationSubmission,\n })\n return { verified: !verifyResult.error }\n }\n throw Error(`mdocOid4vpRPVerify(...) method requires a presentation submission`)\n }\n\n const result = await context.agent.verifyPresentation({\n presentation: args,\n fetchRemoteContexts: true,\n domain: (await context.agent.identifierManagedGet(idOpts)).kid?.split('#')[0],\n })\n return { verified: result.verified }\n }\n\n return presentationVerificationCallback\n}\n\nexport async function createRPBuilder(args: {\n rpOpts: IRPOptions\n definition?: IPresentationDefinition\n context: IRequiredContext\n}): Promise<RPBuilder> {\n const { rpOpts, context } = args\n const { identifierOpts } = rpOpts\n\n const didMethods = identifierOpts.supportedDIDMethods ?? (await getAgentDIDMethods(context))\n const eventEmitter = rpOpts.eventEmitter ?? new EventEmitter()\n\n const defaultClientMetadata: ClientMetadataOpts = {\n // FIXME: All of the below should be configurable. Some should come from builder, some should be determined by the agent.\n // For now it is either preconfigured or everything passed in as a single object\n idTokenSigningAlgValuesSupported: [SigningAlgo.EDDSA, SigningAlgo.ES256, SigningAlgo.ES256K], // added newly\n requestObjectSigningAlgValuesSupported: [SigningAlgo.EDDSA, SigningAlgo.ES256, SigningAlgo.ES256K], // added newly\n responseTypesSupported: [ResponseType.ID_TOKEN], // added newly\n client_name: 'Sphereon',\n vpFormatsSupported: {\n jwt_vc: { alg: ['EdDSA', 'ES256K'] },\n jwt_vp: { alg: ['ES256K', 'EdDSA'] },\n },\n scopesSupported: [Scope.OPENID_DIDAUTHN],\n subjectTypesSupported: [SubjectType.PAIRWISE],\n subject_syntax_types_supported: didMethods.map((method) => `did:${method}`),\n passBy: PassBy.VALUE,\n }\n\n const resolver =\n rpOpts.identifierOpts.resolveOpts?.resolver ??\n getAgentResolver(context, {\n resolverResolution: true,\n localResolution: true,\n uniresolverResolution: rpOpts.identifierOpts.resolveOpts?.noUniversalResolverFallback !== true,\n })\n //todo: probably wise to first look and see if we actually need the hasher to begin with\n let hasher: HasherSync | undefined = rpOpts.credentialOpts?.hasher\n if (!rpOpts.credentialOpts?.hasher || typeof rpOpts.credentialOpts?.hasher !== 'function') {\n hasher = defaultHasher\n }\n\n const builder = RP.builder({ requestVersion: getRequestVersion(rpOpts) })\n .withScope('openid', PropertyTarget.REQUEST_OBJECT)\n .withResponseMode(rpOpts.responseMode ?? ResponseMode.POST)\n .withResponseType(ResponseType.VP_TOKEN, PropertyTarget.REQUEST_OBJECT)\n // todo: move to options fill/correct method\n .withSupportedVersions(rpOpts.supportedVersions ?? [SupportedVersion.OID4VP_v1, SupportedVersion.SIOPv2_OID4VP_D28])\n\n .withEventEmitter(eventEmitter)\n .withSessionManager(rpOpts.sessionManager ?? new InMemoryRPSessionManager(eventEmitter))\n .withClientMetadata(rpOpts.clientMetadataOpts ?? defaultClientMetadata, PropertyTarget.REQUEST_OBJECT)\n .withVerifyJwtCallback(\n rpOpts.verifyJwtCallback\n ? rpOpts.verifyJwtCallback\n : getVerifyJwtCallback(\n {\n resolver,\n verifyOpts: {\n wellknownDIDVerifyCallback: getWellKnownDIDVerifyCallback(rpOpts.identifierOpts, context),\n checkLinkedDomain: 'if_present',\n },\n },\n context,\n ),\n )\n .withDcqlQueryLookup(getDcqlQueryLookupCallback(context))\n .withRevocationVerification(RevocationVerification.NEVER)\n .withPresentationVerification(getPresentationVerificationCallback(identifierOpts.idOpts, context))\n\n const oidfOpts = identifierOpts.oidfOpts\n if (oidfOpts && isExternalIdentifierOIDFEntityIdOpts(oidfOpts)) {\n builder.withEntityId(oidfOpts.identifier, PropertyTarget.REQUEST_OBJECT)\n } else {\n const resolution = await context.agent.identifierManagedGet(identifierOpts.idOpts)\n const clientId: string =\n rpOpts.clientMetadataOpts?.client_id ??\n resolution.issuer ??\n (isManagedIdentifierDidResult(resolution) ? resolution.did : resolution.jwkThumbprint)\n const clientIdPrefixed = prefixClientId(clientId)\n builder.withClientId(clientIdPrefixed, PropertyTarget.REQUEST_OBJECT)\n }\n\n if (hasher) {\n builder.withHasher(hasher)\n }\n //fixme: this has been removed in the new version of did-auth-siop\n /*if (!rpOpts.clientMetadataOpts?.subjectTypesSupported) {\n // Do not update in case it is already provided via client metadata opts\n didMethods.forEach((method) => builder.addDidMethod(method))\n }*/\n //fixme: this has been removed in the new version of did-auth-siop\n // builder.withWellknownDIDVerifyCallback(getWellKnownDIDVerifyCallback(didOpts, context))\n\n if (rpOpts.responseRedirectUri) {\n builder.withResponseRedirectUri(rpOpts.responseRedirectUri)\n }\n\n //const key = resolution.key\n //fixme: this has been removed in the new version of did-auth-siop\n //builder.withSuppliedSignature(SuppliedSigner(key, context, getSigningAlgo(key.type) as unknown as KeyAlgo), did, kid, getSigningAlgo(key.type))\n\n /*if (isManagedIdentifierDidResult(resolution)) {\n //fixme: only accepts dids in version used. New SIOP lib also accepts other types\n builder.withSuppliedSignature(\n SuppliedSigner(key, context, getSigningAlgo(key.type) as unknown as KeyAlgo),\n resolution.did,\n resolution.kid,\n getSigningAlgo(key.type),\n )\n }*/\n //fixme: signcallback and it's return type are not totally compatible with our CreateJwtCallbackBase\n const createJwtCallback = signCallback(rpOpts.identifierOpts.idOpts, context)\n builder.withCreateJwtCallback(createJwtCallback satisfies CreateJwtCallback<any>)\n return builder\n}\n\nexport function signCallback(\n idOpts: ManagedIdentifierOptsOrResult,\n context: IRequiredContext,\n): (jwtIssuer: JwtIssuer, jwt: { header: JwtHeader; payload: JwtPayload }, kid?: string) => Promise<string> {\n return async (jwtIssuer: JwtIssuer, jwt: { header: JwtHeader; payload: JwtPayload }, kid?: string) => {\n if (!(isManagedIdentifierDidOpts(idOpts) || isManagedIdentifierX5cOpts(idOpts))) {\n return Promise.reject(Error(`JWT issuer method ${jwtIssuer.method} not yet supported`))\n }\n const result: JwtCompactResult = await context.agent.jwtCreateJwsCompactSignature({\n // FIXME fix cose-key inference\n // @ts-ignore\n issuer: { identifier: idOpts.identifier, kmsKeyRef: idOpts.kmsKeyRef, noIdentifierInHeader: false },\n // FIXME fix JWK key_ops\n // @ts-ignore\n protectedHeader: jwt.header,\n payload: jwt.payload,\n })\n return result.jwt\n }\n}\n\nfunction getVerifyJwtCallback(\n _opts: {\n resolver?: Resolvable\n verifyOpts?: JWTVerifyOptions & {\n checkLinkedDomain: 'never' | 'if_present' | 'always'\n wellknownDIDVerifyCallback?: VerifyCallback\n }\n },\n context: IRequiredContext,\n): VerifyJwtCallback {\n return async (_jwtVerifier, jwt) => {\n const result = await context.agent.jwtVerifyJwsSignature({ jws: jwt.raw })\n console.log(result.message)\n return !result.error\n }\n}\n\nexport async function createRP({ rpOptions, context }: { rpOptions: IRPOptions; context: IRequiredContext }): Promise<RP> {\n return (await createRPBuilder({ rpOpts: rpOptions, context })).build()\n}\n\nexport function getSigningAlgo(type: TKeyType): SigningAlgo {\n switch (type) {\n case 'Ed25519':\n return SigningAlgo.EDDSA\n case 'Secp256k1':\n return SigningAlgo.ES256K\n case 'Secp256r1':\n return SigningAlgo.ES256\n // @ts-ignore\n case 'RSA':\n return SigningAlgo.RS256\n default:\n throw Error('Key type not yet supported')\n }\n}\n\nexport function prefixClientId(clientId: string): string {\n // FIXME SSISDK-60\n if (clientId.startsWith('did:')) {\n return `${ClientIdentifierPrefix.DECENTRALIZED_IDENTIFIER}:${clientId}`\n }\n\n return clientId\n}\n","import { AuthorizationRequest, RP, URI } from '@sphereon/did-auth-siop'\nimport { ICreateAuthRequestArgs, IPresentationOptions, IRequiredContext, IRPOptions } from './types/ISIOPv2RP'\nimport { createRPBuilder, getRequestVersion, getSigningAlgo } from './functions'\nimport { v4 as uuidv4 } from 'uuid'\nimport { JwtIssuer } from '@sphereon/oid4vc-common'\nimport {\n ensureManagedIdentifierResult,\n isManagedIdentifierDidResult,\n isManagedIdentifierX5cResult,\n} from '@sphereon/ssi-sdk-ext.identifier-resolution'\n\nexport class RPInstance {\n private _rp: RP | undefined\n private readonly _presentationOptions: IPresentationOptions | undefined\n private readonly _rpOptions: IRPOptions\n\n public constructor({ rpOpts, pexOpts }: { rpOpts: IRPOptions; pexOpts?: IPresentationOptions }) {\n this._rpOptions = rpOpts\n this._presentationOptions = pexOpts\n }\n\n public async get(context: IRequiredContext): Promise<RP> {\n if (!this._rp) {\n const builder = await createRPBuilder({\n rpOpts: this._rpOptions,\n context,\n })\n this._rp = builder.build()\n }\n return this._rp!\n }\n\n get rpOptions() {\n return this._rpOptions\n }\n\n get presentationOptions() {\n return this._presentationOptions\n }\n\n public async createAuthorizationRequestURI(createArgs: ICreateAuthRequestArgs, context: IRequiredContext): Promise<URI> {\n const { correlationId, queryId, claims, requestByReferenceURI, responseURI, responseURIType, callback } = createArgs\n const nonce = createArgs.nonce ?? uuidv4()\n const state = createArgs.state ?? correlationId\n let jwtIssuer: JwtIssuer\n const idOpts = this.rpOptions.identifierOpts.idOpts\n const resolution = await ensureManagedIdentifierResult(idOpts, context)\n if (isManagedIdentifierDidResult(resolution)) {\n jwtIssuer = { didUrl: resolution.kid, method: 'did', alg: getSigningAlgo(resolution.key.type) }\n } else if (isManagedIdentifierX5cResult(resolution)) {\n if (!resolution.issuer) {\n return Promise.reject('missing issuer in idOpts')\n }\n jwtIssuer = {\n issuer: resolution.issuer,\n x5c: resolution.x5c,\n method: 'x5c',\n alg: getSigningAlgo(resolution.key.type),\n }\n } else {\n return Promise.reject(Error(`JWT issuer method ${resolution.method} not yet supported`))\n }\n\n return await this.get(context).then((rp) =>\n rp.createAuthorizationRequestURI({\n version: getRequestVersion(this.rpOptions),\n correlationId,\n queryId,\n nonce,\n state,\n claims,\n requestByReferenceURI,\n responseURI,\n responseURIType,\n jwtIssuer,\n callback,\n }),\n )\n }\n\n public async createAuthorizationRequest(\n createArgs: Omit<ICreateAuthRequestArgs, 'queryId'>,\n context: IRequiredContext,\n ): Promise<AuthorizationRequest> {\n const { correlationId, claims, requestByReferenceURI, responseURI, responseURIType } = createArgs\n const nonce = createArgs.nonce ?? uuidv4()\n const state = createArgs.state ?? correlationId\n const idOpts = this.rpOptions.identifierOpts.idOpts\n const resolution = await ensureManagedIdentifierResult(idOpts, context)\n\n let jwtIssuer: JwtIssuer\n if (isManagedIdentifierX5cResult(resolution) && resolution.issuer) {\n jwtIssuer = {\n method: resolution.method,\n alg: getSigningAlgo(resolution.key.type),\n x5c: resolution.x5c,\n issuer: resolution.issuer,\n }\n } else if (isManagedIdentifierDidResult(resolution)) {\n jwtIssuer = {\n method: resolution.method,\n alg: getSigningAlgo(resolution.key.type),\n didUrl: resolution.did,\n }\n } else {\n return Promise.reject(Error('Only did & x5c supported at present'))\n }\n\n return await this.get(context).then((rp) =>\n rp.createAuthorizationRequest({\n version: getRequestVersion(this.rpOptions),\n correlationId,\n nonce,\n state,\n claims,\n requestByReferenceURI,\n responseURIType,\n responseURI,\n jwtIssuer,\n }),\n )\n }\n}\n"],"mappings":";;;;;;;;;;;;;;;;;;;;;AAAA;;;;;;;;ACAA;AAAA,EACE,6BAA+B;AAAA,IAC7B,YAAc;AAAA,MACZ,SAAW;AAAA,QACT,qBAAuB;AAAA,UACrB,MAAQ;AAAA,UACR,YAAc;AAAA,YACZ,WAAa;AAAA,cACX,MAAQ;AAAA,YACV;AAAA,YACA,sBAAwB;AAAA,UAC1B;AAAA,UACA,UAAY,CAAC,WAAW;AAAA,UACxB,aAAe;AAAA,QACjB;AAAA,QACA,0BAA4B;AAAA,UAC1B,MAAQ;AAAA,UACR,YAAc;AAAA,YACZ,YAAc;AAAA,cACZ,MAAQ;AAAA,cACR,YAAc;AAAA,gBACZ,KAAO;AAAA,kBACL,MAAQ;AAAA,gBACV;AAAA,gBACA,OAAS;AAAA,kBACP,MAAQ;AAAA,gBACV;AAAA,gBACA,UAAY;AAAA,kBACV,MAAQ;AAAA,gBACV;AAAA,gBACA,iBAAmB;AAAA,kBACjB,MAAQ;AAAA,gBACV;AAAA,gBACA,MAAQ;AAAA,kBACN,MAAQ;AAAA,kBACR,OAAS;AAAA,oBACP,MAAQ;AAAA,oBACR,YAAc;AAAA,sBACZ,sBAAwB;AAAA,oBAC1B;AAAA,kBACF;AAAA,gBACF;AAAA,gBACA,UAAY;AAAA,kBACV,MAAQ;AAAA,kBACR,OAAS;AAAA,oBACP,MAAQ;AAAA,oBACR,YAAc;AAAA,sBACZ,sBAAwB;AAAA,oBAC1B;AAAA,kBACF;AAAA,gBACF;AAAA,cACF;AAAA,cACA,sBAAwB;AAAA,cACxB,UAAY,CAAC,OAAO,YAAY,QAAQ,UAAU;AAAA,YACpD;AAAA,YACA,WAAa;AAAA,cACX,MAAQ;AAAA,YACV;AAAA,YACA,WAAa;AAAA,cACX,MAAQ;AAAA,YACV;AAAA,YACA,sBAAwB;AAAA,UAC1B;AAAA,UACA,UAAY,CAAC,YAAY;AAAA,UACzB,aAAe;AAAA,QACjB;AAAA,QACA,wBAA0B;AAAA,UACxB,MAAQ;AAAA,UACR,YAAc;AAAA,YACZ,WAAa;AAAA,cACX,MAAQ;AAAA,YACV;AAAA,YACA,sBAAwB;AAAA,UAC1B;AAAA,UACA,UAAY,CAAC,WAAW;AAAA,UACxB,aAAe;AAAA,QACjB;AAAA,QACA,2BAA6B;AAAA,UAC3B,MAAQ;AAAA,UACR,YAAc;AAAA,YACZ,WAAa;AAAA,cACX,MAAQ;AAAA,YACV;AAAA,YACA,SAAW;AAAA,cACT,MAAQ;AAAA,YACV;AAAA,YACA,aAAe;AAAA,cACb,MAAQ;AAAA,YACV;AAAA,YACA,sBAAwB;AAAA,UAC1B;AAAA,UACA,UAAY,CAAC,aAAa,WAAW,aAAa;AAAA,UAClD,aAAe;AAAA,QACjB;AAAA,QACA,WAAa;AAAA,UACX,MAAQ;AAAA,UACR,YAAc;AAAA,YACZ,QAAU;AAAA,cACR,MAAQ;AAAA,YACV;AAAA,YACA,sBAAwB;AAAA,UAC1B;AAAA,UACA,UAAY,CAAC,QAAQ;AAAA,UACrB,aAAe;AAAA,QACjB;AAAA,QACA,yCAA2C;AAAA,UACzC,MAAQ;AAAA,UACR,YAAc;AAAA,YACZ,WAAa;AAAA,cACX,MAAQ;AAAA,YACV;AAAA,YACA,SAAW;AAAA,cACT,MAAQ;AAAA,YACV;AAAA,YACA,aAAe;AAAA,cACb,MAAQ;AAAA,YACV;AAAA,YACA,sBAAwB;AAAA,UAC1B;AAAA,UACA,UAAY,CAAC,aAAa,WAAW,aAAa;AAAA,UAClD,aAAe;AAAA,QACjB;AAAA,QACA,gCAAkC;AAAA,UAChC,MAAQ;AAAA,UACR,YAAc;AAAA,YACZ,KAAO;AAAA,cACL,MAAQ;AAAA,YACV;AAAA,YACA,gBAAkB;AAAA,cAChB,MAAQ;AAAA,cACR,YAAc;AAAA,gBACZ,sBAAwB;AAAA,cAC1B;AAAA,YACF;AAAA,YACA,cAAgB;AAAA,cACd,MAAQ;AAAA,cACR,YAAc;AAAA,gBACZ,sBAAwB;AAAA,cAC1B;AAAA,YACF;AAAA,YACA,sBAAwB;AAAA,UAC1B;AAAA,UACA,UAAY,CAAC,OAAO,kBAAkB,cAAc;AAAA,UACpD,aAAe;AAAA,QACjB;AAAA,QACA,0CAA4C;AAAA,UAC1C,MAAQ;AAAA,UACR,YAAc;AAAA,YACZ,WAAa;AAAA,cACX,MAAQ;AAAA,YACV;AAAA,YACA,+BAAiC;AAAA,cAC/B,MAAQ;AAAA,cACR,YAAc;AAAA,gBACZ,sBAAwB;AAAA,cAC1B;AAAA,YACF;AAAA,YACA,kBAAoB;AAAA,cAClB,MAAQ;AAAA,cACR,YAAc;AAAA,gBACZ,sBAAwB;AAAA,cAC1B;AAAA,YACF;AAAA,YACA,sBAAwB;AAAA,UAC1B;AAAA,UACA,UAAY,CAAC,aAAa,+BAA+B;AAAA,UACzD,aAAe;AAAA,QACjB;AAAA,QACA,qBAAuB;AAAA,UACrB,MAAQ;AAAA,UACR,YAAc;AAAA,YACZ,IAAM;AAAA,cACJ,MAAQ;AAAA,YACV;AAAA,YACA,aAAe;AAAA,cACb,MAAQ;AAAA,cACR,OAAS;AAAA,gBACP,MAAQ;AAAA,cACV;AAAA,YACF;AAAA,YACA,gBAAkB;AAAA,cAChB,MAAQ;AAAA,cACR,YAAc;AAAA,gBACZ,sBAAwB;AAAA,cAC1B;AAAA,YACF;AAAA,YACA,sBAAwB;AAAA,UAC1B;AAAA,UACA,UAAY,CAAC,MAAM,gBAAgB;AAAA,UACnC,aAAe;AAAA,QACjB;AAAA,QACA,yCAA2C;AAAA,UACzC,MAAQ;AAAA,UACR,YAAc;AAAA,YACZ,WAAa;AAAA,cACX,MAAQ;AAAA,YACV;AAAA,YACA,gCAAkC;AAAA,cAChC,MAAQ;AAAA,cACR,YAAc;AAAA,gBACZ,sBAAwB;AAAA,cAC1B;AAAA,YACF;AAAA,YACA,sBAAwB;AAAA,UAC1B;AAAA,UACA,UAAY,CAAC,aAAa,gCAAgC;AAAA,UAC1D,aAAe;AAAA,QACjB;AAAA,QACA,8BAAgC;AAAA,UAC9B,MAAQ;AAAA,UACR,YAAc;AAAA,YACZ,SAAW;AAAA,cACT,MAAQ;AAAA,cACR,YAAc;AAAA,gBACZ,sBAAwB;AAAA,cAC1B;AAAA,YACF;AAAA,YACA,yBAA2B;AAAA,cACzB,MAAQ;AAAA,cACR,YAAc;AAAA,gBACZ,sBAAwB;AAAA,cAC1B;AAAA,YACF;AAAA,YACA,YAAc;AAAA,cACZ,MAAQ;AAAA,cACR,YAAc;AAAA,gBACZ,sBAAwB;AAAA,cAC1B;AAAA,YACF;AAAA,YACA,sBAAwB;AAAA,UAC1B;AAAA,UACA,UAAY,CAAC,WAAW,YAAY;AAAA,UACpC,aAAe;AAAA,QACjB;AAAA,QACA,qCAAuC;AAAA,UACrC,MAAQ;AAAA,UACR,YAAc;AAAA,YACZ,WAAa;AAAA,cACX,MAAQ;AAAA,YACV;AAAA,YACA,+BAAiC;AAAA,cAC/B,MAAQ;AAAA,cACR,YAAc;AAAA,gBACZ,sBAAwB;AAAA,cAC1B;AAAA,YACF;AAAA,YACA,gCAAkC;AAAA,cAChC,MAAQ;AAAA,cACR,YAAc;AAAA,gBACZ,sBAAwB;AAAA,cAC1B;AAAA,YACF;AAAA,YACA,sBAAwB;AAAA,UAC1B;AAAA,UACA,UAAY,CAAC,aAAa,+BAA+B;AAAA,UACzD,aAAe;AAAA,QACjB;AAAA,MACF;AAAA,MACA,SAAW;AAAA,QACT,mBAAqB;AAAA,UACnB,aAAe;AAAA,UACf,WAAa;AAAA,YACX,MAAQ;AAAA,UACV;AAAA,UACA,YAAc;AAAA,QAChB;AAAA,QACA,wBAA0B;AAAA,UACxB,aAAe;AAAA,UACf,WAAa;AAAA,YACX,MAAQ;AAAA,UACV;AAAA,UACA,YAAc;AAAA,QAChB;AAAA,QACA,sBAAwB;AAAA,UACtB,aAAe;AAAA,UACf,WAAa;AAAA,YACX,MAAQ;AAAA,UACV;AAAA,UACA,YAAc;AAAA,QAChB;AAAA,QACA,sBAAwB;AAAA,UACtB,aAAe;AAAA,UACf,WAAa;AAAA,YACX,MAAQ;AAAA,UACV;AAAA,UACA,YAAc;AAAA,YACZ,MAAQ;AAAA,UACV;AAAA,QACF;AAAA,QACA,oCAAsC;AAAA,UACpC,aAAe;AAAA,UACf,WAAa;AAAA,YACX,MAAQ;AAAA,UACV;AAAA,UACA,YAAc;AAAA,YACZ,MAAQ;AAAA,UACV;AAAA,QACF;AAAA,QACA,qCAAuC;AAAA,UACrC,aAAe;AAAA,UACf,WAAa;AAAA,YACX,MAAQ;AAAA,UACV;AAAA,UACA,YAAc;AAAA,YACZ,MAAQ;AAAA,UACV;AAAA,QACF;AAAA,QACA,oCAAsC;AAAA,UACpC,aAAe;AAAA,UACf,WAAa;AAAA,YACX,MAAQ;AAAA,UACV;AAAA,UACA,YAAc;AAAA,YACZ,MAAQ;AAAA,UACV;AAAA,QACF;AAAA,QACA,gCAAkC;AAAA,UAChC,aAAe;AAAA,UACf,WAAa;AAAA,YACX,MAAQ;AAAA,UACV;AAAA,UACA,YAAc;AAAA,YACZ,MAAQ;AAAA,UACV;AAAA,QACF;AAAA,MACF;AAAA,IACF;AAAA,EACF;AACF;;;ACxUA,IAAAA,wBASO;AACP,IAAAC,sBAAiC;AACjC,IAAAC,kBAA2C;AAC3C,IAAAC,eAAwC;AAExC,IAAAC,oBAaO;AAEP,kBAA0B;;;AC7B1B,2BAkBO;AACP,2BAAiF;AAEjF,yBAAqD;AACrD,IAAAC,sBAMO;AAGP,uBAAmG;AAKnG,oBAA6B;AAC7B,kBAAwC;AAGxC,qBAA8B;AAEvB,SAASC,kBAAkBC,WAAqB;AACrD,MAAIC,MAAMC,QAAQF,UAAUG,iBAAiB,KAAKH,UAAUG,kBAAkBC,SAAS,GAAG;AACxF,WAAOJ,UAAUG,kBAAkB,CAAA;EACrC;AACA,SAAOE,sCAAiBC;AAC1B;AALgBP;AAOhB,SAASQ,8BAA8BC,oBAA4CC,SAAyB;AAC1G,SAAOD,mBAAmBE,6BACtBF,mBAAmBE,6BACnB,OAAOC,SAAAA;AACL,UAAMC,SAAS,MAAMH,QAAQI,MAAMC,mBAAmB;MACpDC,YAAYJ,KAAKI;MACjBC,qBAAqB;IACvB,CAAA;AACA,WAAO;MAAEC,UAAUL,OAAOA;IAAO;EACnC;AACN;AAVSL;AAYF,SAASW,2BAA2BT,SAAyB;AAClE,iBAAeU,gBAAgBC,SAAiBC,SAAkBC,UAAiB;AAEjF,UAAMV,SAAS,MAAMH,QAAQI,MAAMU,kBAAkB;MACnDC,QAAQ;QACN;UACEJ;UACA,GAAIE,YAAY;YAAEA;UAAS;UAC3B,GAAID,WAAW;YAAEA;UAAQ;QAC3B;eACII,YAAAA,UAAYL,OAAAA,IAAW;UAAC;YAAEM,IAAIN;UAAQ;YAAK,CAAA;;IAEnD,CAAA;AACA,QAAIR,UAAUA,OAAOR,SAAS,GAAG;AAC/B,aAAOQ,OAAO,CAAA,EAAGe;IACnB;AAEA,WAAOC,QAAQC,OAAOC,MAAM,mCAAmCV,OAAAA,EAAS,CAAA;EAC1E;AAjBeD;AAmBf,SAAOA;AACT;AArBgBD;AAuBT,SAASa,oCACdC,QACAvB,SAAyB;AAEzB,iBAAewB,iCACbtB,MACAuB,wBAA+C;AAE/C,QAAIC,kCAAiBC,eAAezB,IAAAA,GAAO;AACzC,YAAMC,UAAyC,MAAMH,QAAQI,MAAMwB,wBAAwB;QACzFC,cAAc3B;MAChB,CAAA;AAEA,aAAO;QAAEM,UAAU,CAAC,CAACL,QAAO2B;MAAQ;IACtC;AAEA,QAAIJ,kCAAiBK,uBAAuB7B,IAAAA,GAAO;AAEjD,UAAIF,QAAQI,MAAM4B,uBAAuBC,QAAW;AAClD,eAAOd,QAAQC,OAAO,gEAAA;MACxB;AACA,UAAIK,2BAA2BQ,UAAaR,2BAA2B,MAAM;AAC3E,cAAMS,eAAe,MAAMlC,QAAQI,MAAM4B,mBAAmB;UAC1DG,UAAUjC;UACVkC,yBAAyBX;QAC3B,CAAA;AACA,eAAO;UAAEjB,UAAU,CAAC0B,aAAaG;QAAM;MACzC;AACA,YAAMhB,MAAM,mEAAmE;IACjF;AAEA,UAAMlB,SAAS,MAAMH,QAAQI,MAAMkC,mBAAmB;MACpDT,cAAc3B;MACdK,qBAAqB;MACrBgC,SAAS,MAAMvC,QAAQI,MAAMoC,qBAAqBjB,MAAAA,GAASkB,KAAKC,MAAM,GAAA,EAAK,CAAA;IAC7E,CAAA;AACA,WAAO;MAAElC,UAAUL,OAAOK;IAAS;EACrC;AAjCegB;AAmCf,SAAOA;AACT;AAxCgBF;AA0ChB,eAAsBqB,gBAAgBzC,MAIrC;AACC,QAAM,EAAE0C,QAAQ5C,QAAO,IAAKE;AAC5B,QAAM,EAAE2C,eAAc,IAAKD;AAE3B,QAAME,aAAaD,eAAeE,uBAAwB,UAAMC,uCAAmBhD,OAAAA;AACnF,QAAMiD,eAAeL,OAAOK,gBAAgB,IAAIC,2BAAAA;AAEhD,QAAMC,wBAA4C;;;IAGhDC,kCAAkC;MAACC,iCAAYC;MAAOD,iCAAYE;MAAOF,iCAAYG;;IACrFC,wCAAwC;MAACJ,iCAAYC;MAAOD,iCAAYE;MAAOF,iCAAYG;;IAC3FE,wBAAwB;MAACC,kCAAaC;;IACtCC,aAAa;IACbC,oBAAoB;MAClBC,QAAQ;QAAEC,KAAK;UAAC;UAAS;;MAAU;MACnCC,QAAQ;QAAED,KAAK;UAAC;UAAU;;MAAS;IACrC;IACAE,iBAAiB;MAACC,2BAAMC;;IACxBC,uBAAuB;MAACC,iCAAYC;;IACpCC,gCAAgC1B,WAAW2B,IAAI,CAACC,WAAW,OAAOA,MAAAA,EAAQ;IAC1EC,QAAQC,4BAAOC;EACjB;AAEA,QAAMC,WACJlC,OAAOC,eAAekC,aAAaD,gBACnCE,qCAAiBhF,SAAS;IACxBiF,oBAAoB;IACpBC,iBAAiB;IACjBC,uBAAuBvC,OAAOC,eAAekC,aAAaK,gCAAgC;EAC5F,CAAA;AAEF,MAAIC,SAAiCzC,OAAO0C,gBAAgBD;AAC5D,MAAI,CAACzC,OAAO0C,gBAAgBD,UAAU,OAAOzC,OAAO0C,gBAAgBD,WAAW,YAAY;AACzFA,aAASE;EACX;AAEA,QAAMC,UAAUC,wBAAGD,QAAQ;IAAEE,gBAAgBpG,kBAAkBsD,MAAAA;EAAQ,CAAA,EACpE+C,UAAU,UAAUC,oCAAeC,cAAc,EACjDC,iBAAiBlD,OAAOmD,gBAAgBC,kCAAaC,IAAI,EACzDC,iBAAiBvC,kCAAawC,UAAUP,oCAAeC,cAAc,EAErEO,sBAAsBxD,OAAOlD,qBAAqB;IAACE,sCAAiBC;IAAWD,sCAAiByG;GAAkB,EAElHC,iBAAiBrD,YAAAA,EACjBsD,mBAAmB3D,OAAO4D,kBAAkB,IAAIC,8CAAyBxD,YAAAA,CAAAA,EACzEyD,mBAAmB9D,OAAO+D,sBAAsBxD,uBAAuByC,oCAAeC,cAAc,EACpGe,sBACChE,OAAOiE,oBACHjE,OAAOiE,oBACPC,qBACE;IACEhC;IACAiC,YAAY;MACV9G,4BAA4BH,8BAA8B8C,OAAOC,gBAAgB7C,OAAAA;MACjFgH,mBAAmB;IACrB;EACF,GACAhH,OAAAA,CAAAA,EAGPiH,oBAAoBxG,2BAA2BT,OAAAA,CAAAA,EAC/CkH,2BAA2BC,4CAAuBC,KAAK,EACvDC,6BAA6B/F,oCAAoCuB,eAAetB,QAAQvB,OAAAA,CAAAA;AAE3F,QAAMsH,WAAWzE,eAAeyE;AAChC,MAAIA,gBAAYC,0DAAqCD,QAAAA,GAAW;AAC9D9B,YAAQgC,aAAaF,SAASG,YAAY7B,oCAAeC,cAAc;EACzE,OAAO;AACL,UAAM6B,aAAa,MAAM1H,QAAQI,MAAMoC,qBAAqBK,eAAetB,MAAM;AACjF,UAAMoG,WACJ/E,OAAO+D,oBAAoBiB,aAC3BF,WAAWG,eACVC,kDAA6BJ,UAAAA,IAAcA,WAAWK,MAAML,WAAWM;AAC1E,UAAMC,mBAAmBC,eAAeP,QAAAA;AACxCnC,YAAQ2C,aAAaF,kBAAkBrC,oCAAeC,cAAc;EACtE;AAEA,MAAIR,QAAQ;AACVG,YAAQ4C,WAAW/C,MAAAA;EACrB;AASA,MAAIzC,OAAOyF,qBAAqB;AAC9B7C,YAAQ8C,wBAAwB1F,OAAOyF,mBAAmB;EAC5D;AAgBA,QAAME,oBAAoBC,aAAa5F,OAAOC,eAAetB,QAAQvB,OAAAA;AACrEwF,UAAQiD,sBAAsBF,iBAAAA;AAC9B,SAAO/C;AACT;AAlHsB7C;AAoHf,SAAS6F,aACdjH,QACAvB,SAAyB;AAEzB,SAAO,OAAO0I,WAAsBC,KAAiDlG,QAAAA;AACnF,QAAI,MAAEmG,gDAA2BrH,MAAAA,SAAWsH,gDAA2BtH,MAAAA,IAAU;AAC/E,aAAOJ,QAAQC,OAAOC,MAAM,qBAAqBqH,UAAUhE,MAAM,oBAAoB,CAAA;IACvF;AACA,UAAMvE,SAA2B,MAAMH,QAAQI,MAAM0I,6BAA6B;;;MAGhFjB,QAAQ;QAAEJ,YAAYlG,OAAOkG;QAAYsB,WAAWxH,OAAOwH;QAAWC,sBAAsB;MAAM;;;MAGlGC,iBAAiBN,IAAIO;MACrBpH,SAAS6G,IAAI7G;IACf,CAAA;AACA,WAAO3B,OAAOwI;EAChB;AACF;AAnBgBH;AAqBhB,SAAS1B,qBACPqC,OAOAnJ,SAAyB;AAEzB,SAAO,OAAOoJ,cAAcT,QAAAA;AAC1B,UAAMxI,SAAS,MAAMH,QAAQI,MAAMiJ,sBAAsB;MAAEC,KAAKX,IAAIY;IAAI,CAAA;AACxEC,YAAQC,IAAItJ,OAAOuJ,OAAO;AAC1B,WAAO,CAACvJ,OAAOkC;EACjB;AACF;AAfSyE;AAqBF,SAAS6C,eAAeC,MAAc;AAC3C,UAAQA,MAAAA;IACN,KAAK;AACH,aAAOC,iCAAYC;IACrB,KAAK;AACH,aAAOD,iCAAYE;IACrB,KAAK;AACH,aAAOF,iCAAYG;;IAErB,KAAK;AACH,aAAOH,iCAAYI;IACrB;AACE,YAAMC,MAAM,4BAAA;EAChB;AACF;AAdgBP;AAgBT,SAASQ,eAAeC,UAAgB;AAE7C,MAAIA,SAASC,WAAW,MAAA,GAAS;AAC/B,WAAO,GAAGC,4CAAuBC,wBAAwB,IAAIH,QAAAA;EAC/D;AAEA,SAAOA;AACT;AAPgBD;;;ACzShB,IAAAK,eAA6B;AAE7B,IAAAC,sBAIO;AAEA,IAAMC,aAAN,MAAMA;EATb,OASaA;;;EACHC;EACSC;EACAC;EAEjB,YAAmB,EAAEC,QAAQC,QAAO,GAA4D;AAC9F,SAAKF,aAAaC;AAClB,SAAKF,uBAAuBG;EAC9B;EAEA,MAAaC,IAAIC,SAAwC;AACvD,QAAI,CAAC,KAAKN,KAAK;AACb,YAAMO,UAAU,MAAMC,gBAAgB;QACpCL,QAAQ,KAAKD;QACbI;MACF,CAAA;AACA,WAAKN,MAAMO,QAAQE,MAAK;IAC1B;AACA,WAAO,KAAKT;EACd;EAEA,IAAIU,YAAY;AACd,WAAO,KAAKR;EACd;EAEA,IAAIS,sBAAsB;AACxB,WAAO,KAAKV;EACd;EAEA,MAAaW,8BAA8BC,YAAoCP,SAAyC;AACtH,UAAM,EAAEQ,eAAeC,SAASC,QAAQC,uBAAuBC,aAAaC,iBAAiBC,SAAQ,IAAKP;AAC1G,UAAMQ,QAAQR,WAAWQ,aAASC,aAAAA,IAAAA;AAClC,UAAMC,QAAQV,WAAWU,SAAST;AAClC,QAAIU;AACJ,UAAMC,SAAS,KAAKf,UAAUgB,eAAeD;AAC7C,UAAME,aAAa,UAAMC,mDAA8BH,QAAQnB,OAAAA;AAC/D,YAAIuB,kDAA6BF,UAAAA,GAAa;AAC5CH,kBAAY;QAAEM,QAAQH,WAAWI;QAAKC,QAAQ;QAAOC,KAAKC,eAAeP,WAAWQ,IAAIC,IAAI;MAAE;IAChG,eAAWC,kDAA6BV,UAAAA,GAAa;AACnD,UAAI,CAACA,WAAWW,QAAQ;AACtB,eAAOC,QAAQC,OAAO,0BAAA;MACxB;AACAhB,kBAAY;QACVc,QAAQX,WAAWW;QACnBG,KAAKd,WAAWc;QAChBT,QAAQ;QACRC,KAAKC,eAAeP,WAAWQ,IAAIC,IAAI;MACzC;IACF,OAAO;AACL,aAAOG,QAAQC,OAAOE,MAAM,qBAAqBf,WAAWK,MAAM,oBAAoB,CAAA;IACxF;AAEA,WAAO,MAAM,KAAK3B,IAAIC,OAAAA,EAASqC,KAAK,CAACC,OACnCA,GAAGhC,8BAA8B;MAC/BiC,SAASC,kBAAkB,KAAKpC,SAAS;MACzCI;MACAC;MACAM;MACAE;MACAP;MACAC;MACAC;MACAC;MACAK;MACAJ;IACF,CAAA,CAAA;EAEJ;EAEA,MAAa2B,2BACXlC,YACAP,SAC+B;AAC/B,UAAM,EAAEQ,eAAeE,QAAQC,uBAAuBC,aAAaC,gBAAe,IAAKN;AACvF,UAAMQ,QAAQR,WAAWQ,aAASC,aAAAA,IAAAA;AAClC,UAAMC,QAAQV,WAAWU,SAAST;AAClC,UAAMW,SAAS,KAAKf,UAAUgB,eAAeD;AAC7C,UAAME,aAAa,UAAMC,mDAA8BH,QAAQnB,OAAAA;AAE/D,QAAIkB;AACJ,YAAIa,kDAA6BV,UAAAA,KAAeA,WAAWW,QAAQ;AACjEd,kBAAY;QACVQ,QAAQL,WAAWK;QACnBC,KAAKC,eAAeP,WAAWQ,IAAIC,IAAI;QACvCK,KAAKd,WAAWc;QAChBH,QAAQX,WAAWW;MACrB;IACF,eAAWT,kDAA6BF,UAAAA,GAAa;AACnDH,kBAAY;QACVQ,QAAQL,WAAWK;QACnBC,KAAKC,eAAeP,WAAWQ,IAAIC,IAAI;QACvCN,QAAQH,WAAWqB;MACrB;IACF,OAAO;AACL,aAAOT,QAAQC,OAAOE,MAAM,qCAAA,CAAA;IAC9B;AAEA,WAAO,MAAM,KAAKrC,IAAIC,OAAAA,EAASqC,KAAK,CAACC,OACnCA,GAAGG,2BAA2B;MAC5BF,SAASC,kBAAkB,KAAKpC,SAAS;MACzCI;MACAO;MACAE;MACAP;MACAC;MACAE;MACAD;MACAM;IACF,CAAA,CAAA;EAEJ;AACF;;;AFxEO,IAAMyB,WAAN,MAAMA,UAAAA;EAlDb,OAkDaA;;;EACMC;EACjB,OAAwBC,oBAAoB;EAC3BC,YAAqC,oBAAIC,IAAAA;EACjDC,SAASA,sBAAOC;EAEhBC,UAAqB;IAC5BC,0BAA0B,KAAKC,8BAA8BC,KAAK,IAAI;IACtEC,+BAA+B,KAAKC,mCAAmCF,KAAK,IAAI;IAChFG,yBAAyB,KAAKC,oBAAoBJ,KAAK,IAAI;IAC3DK,0BAA0B,KAAKC,qBAAqBN,KAAK,IAAI;IAC7DO,4BAA4B,KAAKC,uBAAuBR,KAAK,IAAI;IACjES,qBAAqB,KAAKC,gBAAgBV,KAAK,IAAI;IACnDW,wBAAwB,KAAKA,uBAAuBX,KAAK,IAAI;IAC7DY,uBAAuB,KAAKA,sBAAsBZ,KAAK,IAAI;IAC3Da,oBAAoB,KAAKA,mBAAmBb,KAAK,IAAI;EACvD;EAEA,YAAYT,MAAqB;AAC/B,SAAKA,OAAOA;EACd;EAEOuB,eAAeC,eAA+BC,SAA2B;AAE9E,SAAKzB,KAAK0B,cAAcF;AAExB,QACE,CAAC,KAAKxB,KAAK0B,YAAYC,eAAeC,aAAaC,YACnD,OAAO,KAAK7B,KAAK0B,YAAYC,eAAeC,YAAYC,SAASC,YAAY,YAC7E;AACA,WAAK9B,KAAK0B,YAAYC,eAAeC,cAAc;QACjD,GAAG,KAAK5B,KAAK0B,YAAYC,eAAeC;QACxCC,cAAUE,sCAAiBN,SAAS;UAAEO,uBAAuB;UAAMC,oBAAoB;UAAMC,iBAAiB;QAAK,CAAA;MACrH;IACF;EACF;EAEA,MAAc1B,8BAA8B2B,YAAoCV,SAA4C;AAC1H,WAAO,MAAM,KAAKW,cAChB;MACEC,sBAAsB;MACtBC,qBAAqBH,WAAWG;MAChC,GAAIH,WAAWI,uBAAuB,QAAQ;QAAEC,SAASL,WAAWK;MAAQ;IAC9E,GACAf,OAAAA,EAECgB,KAAK,CAACC,OAAOA,GAAGlC,8BAA8B2B,YAAYV,OAAAA,CAAAA,EAC1DgB,KAAK,CAACE,QAAQA,IAAIC,UAAU;EACjC;EAEA,MAAcjC,mCACZwB,YACAV,SACwC;AACxC,WAAO,MAAM,KAAKW,cAAc;MAAEC,sBAAsB;MAAMG,SAASL,WAAWK;IAAQ,GAAGf,OAAAA,EAC1FgB,KAAK,CAACC,OAAOA,GAAGG,2BAA2BV,YAAYV,OAAAA,CAAAA,EACvDgB,KAAK,OAAOK,YAAAA;AACX,YAAMC,cAA6C;QACjDC,sBAAsBF,QAAQG;QAC9BC,eAAe,MAAMJ,QAAQK,iBAAgB;QAC7CC,sBAAsBN,QAAQI,eAAeG,WAAAA;MAC/C;AACA,aAAON;IACT,CAAA;EACJ;EAEA,MAAclC,oBAAoByC,MAAgC7B,SAA2E;AAC3I,WAAO,MAAM,KAAKW,cAAc;MAAEC,sBAAsB;MAAOG,SAASc,KAAKd;IAAQ,GAAGf,OAAAA,EAASgB,KAAK,CAACC,OACrGA,GAAGa,IAAI9B,OAAAA,EAASgB,KAAK,CAACC,QACpBA,IAAGc,eAAeC,+BAA+BH,KAAKI,eAAeJ,KAAKK,eAAe,CAAA,CAAA;EAG/F;EAEA,MAAc5C,qBACZuC,MACA7B,SACiE;AACjE,UAAMmC,aAAyB,MAAM,KAAKxB,cAAc;MAAEC,sBAAsB;MAAOG,SAASc,KAAKd;IAAQ,GAAGf,OAAAA;AAChH,UAAMoC,6BAAqE,MAAMD,WAC9EL,IAAI9B,OAAAA,EACJgB,KAAK,CAACC,OAAOA,GAAGc,eAAeM,gCAAgCR,KAAKI,eAAeJ,KAAKK,eAAe,CAAA;AAC1G,QAAIE,+BAA+BE,QAAW;AAC5C,aAAOA;IACT;AAEA,UAAMC,gBAAgBH;AACtB,QAAIG,cAAcC,WAAWC,uDAAiCC,UAAU;AACtE,UAAIC;AACJ,UACEC,mCAAiBC,eAAeN,cAAcO,SAAStB,QAAQuB,QAAQ,MACtE,CAACZ,WAAWa,UAAUC,gBAAgBN,UAAU,OAAOR,WAAWa,UAAUC,gBAAgBN,WAAW,aACxG;AACAA,iBAASO,gBAAAA;MACX;AAGA,YAAMC,UAAUZ,cAAcO,SAAStB,QAAQuB,YAAYK,KAAKC,MAAMd,cAAcO,SAAStB,QAAQuB,QAAQ;AAC7G,YAAMO,SAAS,CAAA;AACf,iBAAW,CAACC,KAAKC,KAAAA,KAAUC,OAAOC,QAAQP,OAAAA,GAAU;AAElD,cAAMQ,sBAAsBf,mCAAiBgB;UAC3CJ;;UAEAb;QAAAA;AAEFkB,gBAAQC,IAAI,wBAAwBV,KAAKW,UAAUJ,mBAAAA,CAAAA,EAAsB;AAEzE,cAAMK,YAA8B,CAAC;AACrC,cAAMC,uBAAuB,KAAKC,yBAAyBP,mBAAAA;AAC3D,YAAI,0BAA0BM,sBAAsB;AAClD,qBAAWE,cAAcF,qBAAqBG,sBAAsB;AAClE,kBAAMC,KAAKF;AACX,kBAAMG,yBAAyB,MAAMtE,QAAQuE,MAAMC,eAAe;cAChEL;cACAxB;cACA8B,kBAAkBtC,WAAWa,UAAU0B,sBAAsBC;YAC/D,CAAA;AACA,gBAAI,CAACL,uBAAuBM,QAAQ;AAClCrC,4BAAcC,SAASC,uDAAiCoC;AACxDtC,4BAAcuC,QAAQ,IAAIC,MAAMT,uBAAuBQ,KAAK;AAC5D,qBAAOvC;YACT;AAEA,kBAAMyC,oBAAoBX,GAAGW;AAC7B,gBAAI,EAAE,QAAQhB,YAAY;AACxBA,wBAAU,IAAA,IAAQgB,kBAAkBC;YACtC;AAEAxB,mBAAOC,QAAQsB,iBAAAA,EAAmBE,QAAQ,CAAC,CAAC3B,MAAKC,MAAAA,MAAM;AACrD,kBAAI,EAAED,QAAOS,YAAY;AACvBA,0BAAUT,IAAAA,IAAOC;cACnB;YACF,CAAA;AAEAF,mBAAO6B,KAAK;cACVF,IAAI1B;cACJ6B,MAAMf,GAAGe,KAAK,CAAA;cACd9B,QAAQU;YACV,CAAA;UACF;QACF,OAAO;AACLV,iBAAO6B,KAAK;YACVF,IAAI1B;YACJ6B,MAAOzB,oBAAyD0B,eAAeC;YAC/EhC,QAAQW;UACV,CAAA;QACF;MACF;AAEA1B,oBAAcgD,eAAe;QAC3B,GAAIhD,cAAcO,SAAStB,QAAQuB,YAAY;UAC7CyC,wBAAwB;YACtBzC,UAAU,OAAOR,cAAcO,SAAStB,QAAQuB,aAAa,WACvDK,KAAKC,MAAMd,cAAcO,SAAStB,QAAQuB,QAAQ,IAClDR,cAAcO,SAAStB,QAAQuB;UACvC;QACF;QACA,GAAIO,OAAOmC,SAAS,KAAK;UAAEC,mBAAmBpC;QAAO;MACvD;IACF;AAEA,WAAOf;EACT;EAEQ2B,2BAA2B,wBACjCP,wBAAAA;AAOA,WAAOf,mCAAiB+C,yBAAyBhC,mBAAAA,IAC7CA,oBAAoB0B,iBACpBzC,mCAAiBgD,sBAAsBjC,mBAAAA;EAC7C,GAXmC;EAanC,MAAcnE,uBAAuBqC,MAA+B7B,SAA+D;AACjI,QAAI6B,KAAKgE,UAAU,iCAAiC;AAClD,YAAMd,MAAM,wFAAwF;IACtG;AACA,WAAO,MAAM,KAAKpE,cAAc;MAAEC,sBAAsB;MAAOG,SAASc,KAAKd;IAAQ,GAAGf,OAAAA,EAErFgB,KAAK,CAACC,OACLA,GAAGa,IAAI9B,OAAAA,EAASgB,KAAK,OAAOC,QAAAA;AAC1B,YAAMA,IAAG6E,2BAA2B;QAClC7D,eAAeJ,KAAKI;QACpB6C,OAAOjD,KAAKiD,QAAQ,IAAIC,MAAMlD,KAAKiD,KAAK,IAAIxC;MAC9C,CAAA;AACA,aAAQ,MAAMrB,IAAGc,eAAeC,+BAA+BH,KAAKI,eAAe,IAAA;IACrF,CAAA,CAAA;EAEN;EAEA,MAAcvC,gBAAgBmC,MAAiC7B,SAA6C;AAC1G,WAAO,MAAM,KAAKW,cAAc;MAAEC,sBAAsB;MAAOG,SAASc,KAAKd;IAAQ,GAAGf,OAAAA,EACrFgB,KAAK,CAACC,OAAOA,GAAGa,IAAI9B,OAAAA,EAASgB,KAAK,CAACC,QAAOA,IAAGc,eAAegE,4BAA4BlE,KAAKI,aAAa,CAAA,CAAA,EAC1GjB,KAAK,MAAM,IAAA;EAChB;EAEA,MAAcrB,uBAAuBkC,MAAoC7B,SAAmE;AAC1I,QAAI,CAAC6B,KAAKmE,uBAAuB;AAC/B,YAAMjB,MAAM,2CAAA;IACd;AACA,UAAMkB,eACJ,OAAOpE,KAAKmE,0BAA0B,eACjCE,uCAAgBrE,KAAKmE,qBAAqB,IAC3CnE,KAAKmE;AACX,WAAO,MAAM,KAAKrF,cAAc;MAAEC,sBAAsB;MAAOG,SAASc,KAAKd;IAAQ,GAAGf,OAAAA,EAASgB,KAAK,CAACC,OACrGA,GAAGa,IAAI9B,OAAAA,EAASgB,KAAK,CAACC,QACpBA,IAAGkF,4BAA4BF,cAAc;MAC3ChE,eAAeJ,KAAKI;MAClB,GAAIJ,KAAKuE,aAAa;QAAEA,WAAWvE,KAAKuE;MAAU;MAClDC,UAAUxE,KAAKwE;IACnB,CAAA,CAAA,CAAA;EAGN;EAEA,MAAczG,sBAAsBiC,MAA6B7B,SAA0C;AACzG,UAAM,EAAEsG,aAAaC,UAAUC,SAASC,mBAAkB,IAAK5E;AAC/D,UAAM6E,QAAQC,IACZL,YAAYM,IAAI,OAAOC,eAAAA;AACrBC,4BAAUC,SAASF,WAAWG,KAAK;AACnCnD,cAAQC,IAAI,8BAA8B+C,WAAW9F,OAAO,4BAA4B0F,kBAAAA,EAAoB;AAE5G,aAAOzG,QAAQuE,MAAM0C,qBAAqB;QACxCC,gBAAgB;UACdnG,SAAS8F,WAAW9F;UACpBwF;UACAC;UACAQ,OAAOH,WAAWG;QACpB;QACAzI,MAAM;UAAEkI;QAAuC;MACjD,CAAA;IACF,CAAA,CAAA;EAEJ;EAEA,MAAc5G,mBAAmBgC,MAA2B7B,SAAwD;AAClH,UAAMmH,aAAatF,KAAKd,WAAWzC,UAASE;AAC5C,QAAI,KAAKC,UAAU2I,IAAID,UAAAA,GAAa;AAClC,YAAMhF,aAAa,KAAK1D,UAAUqD,IAAIqF,UAAAA;AACtC,UAAIhF,eAAeG,QAAW;AAC5B,cAAMrB,KAAK,MAAMkB,WAAWL,IAAI9B,OAAAA;AAChC,eAAOiB,GAAGoG,uBAAuB;UAC/BC,gBAAgBzF,KAAKI;UACrBA,eAAeJ,KAAKI;UACpB,GAAIJ,KAAKgE,SAAS;YAAEA,OAAOhE,KAAKgE;UAAM;QACxC,CAAA;MACF;IACF;AACA,WAAOvD;EACT;EAEA,MAAM3B,cAAc,EAAEC,sBAAsBG,SAASF,oBAAmB,GAAyBb,SAAgD;AAC/I,QAAIuH,eAAuBjJ,UAASE;AACpC,QAAI2D;AACJ,QAAIpB,SAAS;AACX,UAAI,KAAKtC,UAAU2I,IAAIrG,OAAAA,GAAU;AAC/BwG,uBAAexG;AACfoB,qBAAa,KAAK1D,UAAUqD,IAAIyF,YAAAA;MAClC,eAAWC,aAAAA,UAAYzG,OAAAA,GAAU;AAC/B,YAAI;AAEF,gBAAM0G,KAAK,MAAMzH,QAAQuE,MAAMmD,iBAAiB;YAAEC,QAAQ5G;UAAQ,CAAA;AAClE,cAAI,KAAKtC,UAAU2I,IAAIK,GAAG1G,OAAO,GAAG;AAClCwG,2BAAeE,GAAG1G;AAClBoB,yBAAa,KAAK1D,UAAUqD,IAAIyF,YAAAA;UAClC;QACF,SAASK,QAAQ;QAAC;MACpB;AACA,UAAIhH,sBAAsB;AACxB2G,uBAAexG;MACjB,OAAO;AACLoB,qBAAa,KAAK1D,UAAUqD,IAAIyF,YAAAA;MAClC;IACF,OAAO;AACLpF,mBAAa,KAAK1D,UAAUqD,IAAIyF,YAAAA;IAClC;AAEA,QAAI,CAACpF,YAAY;AACf,UAAI,CAACvB,sBAAsB;AACzB,eAAO8F,QAAQmB,OAAO,gCAAgCN,YAAAA,EAAc;MACtE;AACA,YAAMO,eAAe,KAAKC,gBAAgBhH,OAAAA;AAC1C,YAAMiH,SAAS,MAAM,KAAKC,aAAajI,SAAS;QAAEe;QAASF;MAAyC,CAAA;AACpG,UAAI,CAACmH,OAAO9H,eAAeC,aAAaC,YAAY,OAAO4H,OAAO9H,eAAeC,YAAYC,SAASC,YAAY,YAAY;AAC5H,YAAI,CAAC2H,OAAO9H,gBAAgBC,aAAa;AACvC6H,iBAAO9H,iBAAiB;YAAE,GAAG8H,OAAO9H;UAAe;AACnD8H,iBAAO9H,eAAeC,cAAc;YAAE,GAAG6H,OAAO9H,eAAeC;UAAY;QAC7E;AACA0D,gBAAQC,IAAI,iEAAiE/C,OAAAA;AAC7EiH,eAAO9H,eAAeC,YAAYC,eAAWE,sCAAiBN,SAAS;UACrEO,uBAAuB;UACvBE,iBAAiB;UACjBD,oBAAoB;QACtB,CAAA;MACF;AACA2B,mBAAa,IAAI+F,WAAW;QAAEF;QAAQG,SAASL;MAAa,CAAA;AAC5D,WAAKrJ,UAAU2J,IAAIb,cAAcpF,UAAAA;IACnC;AACA,QAAItB,qBAAqB;AACvBsB,iBAAWa,UAAUqF,sBAAsBxH;IAC7C;AACA,WAAOsB;EACT;EAEA,MAAM8F,aAAajI,SAA2BzB,MAA+E;AAC3H,UAAM,EAAEwC,SAASF,oBAAwC,IAAKtC;AAC9D,UAAM+J,UAAU,KAAKP,gBAAgBhH,OAAAA,GAAUiH,UAAU,KAAKzJ,KAAK0B;AACnE,QAAI,CAACqI,SAAS;AACZ,YAAMvD,MAAM,6DAA6DhE,OAAAA,EAAS;IACpF;AACA,QAAI,KAAKxC,KAAK0B,aAAa;AACzB,UAAI,CAACqI,QAAQpI,gBAAgB;AAC3BoI,gBAAQpI,iBAAiB,KAAK3B,KAAK0B,aAAaC;MAClD,OAAO;AACL,YAAI,CAACoI,QAAQpI,eAAeqI,QAAQ;AAClCD,kBAAQpI,eAAeqI,SAAS,KAAKhK,KAAK0B,YAAYC,eAAeqI;QACvE;AACA,YAAI,CAACD,QAAQpI,eAAesI,qBAAqB;AAC/CF,kBAAQpI,eAAesI,sBAAsB,KAAKjK,KAAK0B,YAAYC,eAAesI;QACpF;AACA,YAAI,CAACF,QAAQG,mBAAmB;AAC9BH,kBAAQG,oBAAoB,KAAKlK,KAAK0B,YAAYwI;QACpD;MACF;AACA,UAAI,CAACH,QAAQpI,eAAeC,eAAe,OAAOmI,QAAQpI,eAAeC,YAAYC,UAAUC,YAAY,YAAY;AACrHiI,gBAAQpI,eAAeC,cAAc;UACnC,GAAG,KAAK5B,KAAK0B,YAAYC,eAAeC;UACxCC,UACE,KAAK7B,KAAK0B,YAAYC,gBAAgBC,aAAaC,gBACnDE,sCAAiBN,SAAS;YAAES,iBAAiB;YAAMD,oBAAoB;YAAMD,uBAAuB;UAAK,CAAA;QAC7G;MACF;IACF;AACA,QAAIM,wBAAwByB,UAAazB,wBAAwByH,QAAQD,qBAAqB;AAC5FC,cAAQD,sBAAsBxH;IAChC;AACA,WAAOyH;EACT;EAEAP,gBAAgBhH,SAAmD;AACjE,QAAI,CAAC,KAAKxC,KAAKuJ,aAAc,QAAOxF;AAEpC,UAAMoG,cAAc3H,UAAU,KAAKxC,KAAKuJ,aAAaa,KAAK,CAACC,MAAMA,EAAE7H,YAAYA,OAAAA,IAAWuB;AAE1F,WAAOoG,eAAe,KAAKG,kBAAkB9H,OAAAA;EAC/C;EAEQ8H,kBAAkB9H,SAA6B;AACrD,QAAI,CAAC,KAAKxC,KAAKuJ,aAAc,QAAOxF;AAEpC,UAAMwG,iBAAiB,KAAKvK,KAAKuJ,aAAaa,KAAK,CAACC,MAAMA,EAAE7H,YAAY,SAAA;AACxE,QAAI+H,gBAAgB;AAClB,YAAMC,gBAAgB;QAAE,GAAGD;MAAe;AAC1C,UAAI/H,YAAYuB,QAAW;AACzByG,sBAAchI,UAAUA;MAC1B;AACA,aAAOgI;IACT;AAEA,WAAOzG;EACT;AACF;","names":["import_did_auth_siop","import_ssi_sdk_ext","import_ssi_sdk","import_uuid","import_ssi_types","import_ssi_sdk_ext","getRequestVersion","rpOptions","Array","isArray","supportedVersions","length","SupportedVersion","OID4VP_v1","getWellKnownDIDVerifyCallback","siopIdentifierOpts","context","wellknownDIDVerifyCallback","args","result","agent","cvVerifyCredential","credential","fetchRemoteContexts","verified","getDcqlQueryLookupCallback","dcqlQueryLookup","queryId","version","tenantId","pdmGetDefinitions","filter","isValidUUID","id","query","Promise","reject","Error","getPresentationVerificationCallback","idOpts","presentationVerificationCallback","presentationSubmission","CredentialMapper","isSdJwtEncoded","verifySdJwtPresentation","presentation","payload","isMsoMdocOid4VPEncoded","mdocOid4vpRPVerify","undefined","verifyResult","vp_token","presentation_submission","error","verifyPresentation","domain","identifierManagedGet","kid","split","createRPBuilder","rpOpts","identifierOpts","didMethods","supportedDIDMethods","getAgentDIDMethods","eventEmitter","EventEmitter","defaultClientMetadata","idTokenSigningAlgValuesSupported","SigningAlgo","EDDSA","ES256","ES256K","requestObjectSigningAlgValuesSupported","responseTypesSupported","ResponseType","ID_TOKEN","client_name","vpFormatsSupported","jwt_vc","alg","jwt_vp","scopesSupported","Scope","OPENID_DIDAUTHN","subjectTypesSupported","SubjectType","PAIRWISE","subject_syntax_types_supported","map","method","passBy","PassBy","VALUE","resolver","resolveOpts","getAgentResolver","resolverResolution","localResolution","uniresolverResolution","noUniversalResolverFallback","hasher","credentialOpts","defaultHasher","builder","RP","requestVersion","withScope","PropertyTarget","REQUEST_OBJECT","withResponseMode","responseMode","ResponseMode","POST","withResponseType","VP_TOKEN","withSupportedVersions","SIOPv2_OID4VP_D28","withEventEmitter","withSessionManager","sessionManager","InMemoryRPSessionManager","withClientMetadata","clientMetadataOpts","withVerifyJwtCallback","verifyJwtCallback","getVerifyJwtCallback","verifyOpts","checkLinkedDomain","withDcqlQueryLookup","withRevocationVerification","RevocationVerification","NEVER","withPresentationVerification","oidfOpts","isExternalIdentifierOIDFEntityIdOpts","withEntityId","identifier","resolution","clientId","client_id","issuer","isManagedIdentifierDidResult","did","jwkThumbprint","clientIdPrefixed","prefixClientId","withClientId","withHasher","responseRedirectUri","withResponseRedirectUri","createJwtCallback","signCallback","withCreateJwtCallback","jwtIssuer","jwt","isManagedIdentifierDidOpts","isManagedIdentifierX5cOpts","jwtCreateJwsCompactSignature","kmsKeyRef","noIdentifierInHeader","protectedHeader","header","_opts","_jwtVerifier","jwtVerifyJwsSignature","jws","raw","console","log","message","getSigningAlgo","type","SigningAlgo","EDDSA","ES256K","ES256","RS256","Error","prefixClientId","clientId","startsWith","ClientIdentifierPrefix","DECENTRALIZED_IDENTIFIER","import_uuid","import_ssi_sdk_ext","RPInstance","_rp","_presentationOptions","_rpOptions","rpOpts","pexOpts","get","context","builder","createRPBuilder","build","rpOptions","presentationOptions","createAuthorizationRequestURI","createArgs","correlationId","queryId","claims","requestByReferenceURI","responseURI","responseURIType","callback","nonce","uuidv4","state","jwtIssuer","idOpts","identifierOpts","resolution","ensureManagedIdentifierResult","isManagedIdentifierDidResult","didUrl","kid","method","alg","getSigningAlgo","key","type","isManagedIdentifierX5cResult","issuer","Promise","reject","x5c","Error","then","rp","version","getRequestVersion","createAuthorizationRequest","did","SIOPv2RP","opts","_DEFAULT_OPTS_KEY","instances","Map","schema","IDidAuthSiopOpAuthenticator","methods","siopCreateAuthRequestURI","createAuthorizationRequestURI","bind","siopCreateAuthRequestPayloads","createAuthorizationRequestPayloads","siopGetAuthRequestState","siopGetRequestState","siopGetAuthResponseState","siopGetResponseState","siopUpdateAuthRequestState","siopUpdateRequestState","siopDeleteAuthState","siopDeleteState","siopVerifyAuthResponse","siopImportDefinitions","siopGetRedirectURI","setDefaultOpts","rpDefaultOpts","context","defaultOpts","identifierOpts","resolveOpts","resolver","resolve","getAgentResolver","uniresolverResolution","resolverResolution","localResolution","createArgs","getRPInstance","createWhenNotPresent","responseRedirectURI","useQueryIdInstance","queryId","then","rp","URI","encodedUri","createAuthorizationRequest","request","authRequest","authorizationRequest","payload","requestObject","requestObjectJwt","requestObjectDecoded","getPayload","args","get","sessionManager","getRequestStateByCorrelationId","correlationId","errorOnNotFound","rpInstance","authorizationResponseState","getResponseStateByCorrelationId","undefined","responseState","status","AuthorizationResponseStateStatus","VERIFIED","hasher","CredentialMapper","isSdJwtEncoded","response","vp_token","rpOptions","credentialOpts","defaultHasher","vpToken","JSON","parse","claims","key","value","Object","entries","presentationDecoded","decodeVerifiablePresentation","console","log","stringify","allClaims","presentationOrClaims","presentationOrClaimsFrom","credential","verifiableCredential","vc","schemaValidationResult","agent","cvVerifySchema","validationPolicy","verificationPolicies","schemaValidation","result","ERROR","error","Error","credentialSubject","id","forEach","push","type","decodedPayload","vct","verifiedData","authorization_response","length","credential_claims","isSdJwtDecodedCredential","toUniformPresentation","state","signalAuthRequestRetrieved","deleteStateForCorrelationId","authorizationResponse","authResponse","decodeUriAsJson","verifyAuthorizationResponse","dcqlQuery","audience","importItems","tenantId","version","versionControlMode","Promise","all","map","importItem","DcqlQuery","validate","query","pdmPersistDefinition","definitionItem","instanceId","has","getResponseRedirectUri","correlation_id","rpInstanceId","isValidUUID","pd","pdmGetDefinition","itemId","ignore","reject","instanceOpts","getInstanceOpts","rpOpts","getRPOptions","RPInstance","pexOpts","set","responseRedirectUri","options","idOpts","supportedDIDMethods","supportedVersions","instanceOpt","find","i","getDefaultOptions","defaultOptions","clonedOptions"]}
1
+ {"version":3,"sources":["../src/index.ts","../plugin.schema.json","../src/agent/SIOPv2RP.ts","../src/functions.ts","../src/RPInstance.ts"],"sourcesContent":["/**\n * @public\n */\nimport schema from '../plugin.schema.json'\nexport { schema }\nexport { SIOPv2RP } from './agent/SIOPv2RP'\nexport * from './types/ISIOPv2RP'\n","{\n \"IDidAuthSiopOpAuthenticator\": {\n \"components\": {\n \"schemas\": {\n \"IGetSiopSessionArgs\": {\n \"type\": \"object\",\n \"properties\": {\n \"sessionId\": {\n \"type\": \"string\"\n },\n \"additionalProperties\": false\n },\n \"required\": [\"sessionId\"],\n \"description\": \"Arguments needed for {@link DidAuthSiopOpAuthenticator.getSessionForSiop } \"\n },\n \"IRegisterSiopSessionArgs\": {\n \"type\": \"object\",\n \"properties\": {\n \"identifier\": {\n \"type\": \"object\",\n \"properties\": {\n \"did\": {\n \"type\": \"string\"\n },\n \"alias\": {\n \"type\": \"string\"\n },\n \"provider\": {\n \"type\": \"string\"\n },\n \"controllerKeyId\": {\n \"type\": \"string\"\n },\n \"keys\": {\n \"type\": \"array\",\n \"items\": {\n \"type\": \"object\",\n \"properties\": {\n \"additionalProperties\": true\n }\n }\n },\n \"services\": {\n \"type\": \"array\",\n \"items\": {\n \"type\": \"object\",\n \"properties\": {\n \"additionalProperties\": true\n }\n }\n }\n },\n \"additionalProperties\": false,\n \"required\": [\"did\", \"provider\", \"keys\", \"services\"]\n },\n \"sessionId\": {\n \"type\": \"string\"\n },\n \"expiresIn\": {\n \"type\": \"number\"\n },\n \"additionalProperties\": false\n },\n \"required\": [\"identifier\"],\n \"description\": \"Arguments needed for {@link DidAuthSiopOpAuthenticator.registerSessionForSiop } \"\n },\n \"IRemoveSiopSessionArgs\": {\n \"type\": \"object\",\n \"properties\": {\n \"sessionId\": {\n \"type\": \"string\"\n },\n \"additionalProperties\": false\n },\n \"required\": [\"sessionId\"],\n \"description\": \"Arguments needed for {@link DidAuthSiopOpAuthenticator.removeSessionForSiop } \"\n },\n \"IAuthenticateWithSiopArgs\": {\n \"type\": \"object\",\n \"properties\": {\n \"sessionId\": {\n \"type\": \"string\"\n },\n \"stateId\": {\n \"type\": \"string\"\n },\n \"redirectUrl\": {\n \"type\": \"string\"\n },\n \"additionalProperties\": false\n },\n \"required\": [\"sessionId\", \"stateId\", \"redirectUrl\"],\n \"description\": \"Arguments needed for {@link DidAuthSiopOpAuthenticator.authenticateWithSiop } \"\n },\n \"IResponse\": {\n \"type\": \"object\",\n \"properties\": {\n \"status\": {\n \"type\": \"number\"\n },\n \"additionalProperties\": true\n },\n \"required\": [\"status\"],\n \"description\": \"Result of {@link DidAuthSiopOpAuthenticator.authenticateWithSiop & DidAuthSiopOpAuthenticator.sendSiopAuthenticationResponse } \"\n },\n \"IGetSiopAuthenticationRequestFromRpArgs\": {\n \"type\": \"object\",\n \"properties\": {\n \"sessionId\": {\n \"type\": \"string\"\n },\n \"stateId\": {\n \"type\": \"string\"\n },\n \"redirectUrl\": {\n \"type\": \"string\"\n },\n \"additionalProperties\": false\n },\n \"required\": [\"sessionId\", \"stateId\", \"redirectUrl\"],\n \"description\": \"Arguments needed for {@link DidAuthSiopOpAuthenticator.getSiopAuthenticationRequestFromRP } \"\n },\n \"ParsedAuthenticationRequestURI\": {\n \"type\": \"object\",\n \"properties\": {\n \"jwt\": {\n \"type\": \"string\"\n },\n \"requestPayload\": {\n \"type\": \"object\",\n \"properties\": {\n \"additionalProperties\": true\n }\n },\n \"registration\": {\n \"type\": \"object\",\n \"properties\": {\n \"additionalProperties\": true\n }\n },\n \"additionalProperties\": false\n },\n \"required\": [\"jwt\", \"requestPayload\", \"registration\"],\n \"description\": \"Result of {@link DidAuthSiopOpAuthenticator.getSiopAuthenticationRequestFromRP } \"\n },\n \"IGetSiopAuthenticationRequestDetailsArgs\": {\n \"type\": \"object\",\n \"properties\": {\n \"sessionId\": {\n \"type\": \"string\"\n },\n \"verifiedAuthenticationRequest\": {\n \"type\": \"object\",\n \"properties\": {\n \"additionalProperties\": true\n }\n },\n \"credentialFilter\": {\n \"type\": \"object\",\n \"properties\": {\n \"additionalProperties\": true\n }\n },\n \"additionalProperties\": false\n },\n \"required\": [\"sessionId\", \"verifiedAuthenticationRequest\"],\n \"description\": \"Arguments needed for {@link DidAuthSiopOpAuthenticator.getSiopAuthenticationRequestDetails } \"\n },\n \"IAuthRequestDetails\": {\n \"type\": \"object\",\n \"properties\": {\n \"id\": {\n \"type\": \"string\"\n },\n \"alsoKnownAs\": {\n \"type\": \"array\",\n \"items\": {\n \"type\": \"string\"\n }\n },\n \"vpResponseOpts\": {\n \"type\": \"object\",\n \"properties\": {\n \"additionalProperties\": true\n }\n },\n \"additionalProperties\": false\n },\n \"required\": [\"id\", \"vpResponseOpts\"],\n \"description\": \"Result of {@link DidAuthSiopOpAuthenticator.getSiopAuthenticationRequestDetails } \"\n },\n \"IVerifySiopAuthenticationRequestUriArgs\": {\n \"type\": \"object\",\n \"properties\": {\n \"sessionId\": {\n \"type\": \"string\"\n },\n \"ParsedAuthenticationRequestURI\": {\n \"type\": \"object\",\n \"properties\": {\n \"additionalProperties\": true\n }\n },\n \"additionalProperties\": false\n },\n \"required\": [\"sessionId\", \"ParsedAuthenticationRequestURI\"],\n \"description\": \"Arguments needed for {@link DidAuthSiopOpAuthenticator.verifySiopAuthenticationRequestURI } \"\n },\n \"VerifiedAuthorizationRequest\": {\n \"type\": \"object\",\n \"properties\": {\n \"payload\": {\n \"type\": \"object\",\n \"properties\": {\n \"additionalProperties\": true\n }\n },\n \"presentationDefinitions\": {\n \"type\": \"object\",\n \"properties\": {\n \"additionalProperties\": true\n }\n },\n \"verifyOpts\": {\n \"type\": \"object\",\n \"properties\": {\n \"additionalProperties\": true\n }\n },\n \"additionalProperties\": false\n },\n \"required\": [\"payload\", \"verifyOpts\"],\n \"description\": \"Result of {@link DidAuthSiopOpAuthenticator.verifySiopAuthenticationRequestURI } \"\n },\n \"ISendSiopAuthenticationResponseArgs\": {\n \"type\": \"object\",\n \"properties\": {\n \"sessionId\": {\n \"type\": \"string\"\n },\n \"verifiedAuthenticationRequest\": {\n \"type\": \"object\",\n \"properties\": {\n \"additionalProperties\": true\n }\n },\n \"verifiablePresentationResponse\": {\n \"type\": \"object\",\n \"properties\": {\n \"additionalProperties\": true\n }\n },\n \"additionalProperties\": false\n },\n \"required\": [\"sessionId\", \"verifiedAuthenticationRequest\"],\n \"description\": \"Arguments needed for {@link DidAuthSiopOpAuthenticator.sendSiopAuthenticationResponse } \"\n }\n },\n \"methods\": {\n \"getSessionForSiop\": {\n \"description\": \"Get SIOP session\",\n \"arguments\": {\n \"$ref\": \"#/components/schemas/IGetSiopSessionArgs\"\n },\n \"returnType\": \"object\"\n },\n \"registerSessionForSiop\": {\n \"description\": \"Register SIOP session\",\n \"arguments\": {\n \"$ref\": \"#/components/schemas/IRegisterSiopSessionArgs\"\n },\n \"returnType\": \"object\"\n },\n \"removeSessionForSiop\": {\n \"description\": \"Remove SIOP session\",\n \"arguments\": {\n \"$ref\": \"#/components/schemas/IRemoveSiopSessionArgs\"\n },\n \"returnType\": \"boolean\"\n },\n \"authenticateWithSiop\": {\n \"description\": \"Authenticate using DID Auth SIOP\",\n \"arguments\": {\n \"$ref\": \"#/components/schemas/IAuthenticateWithSiopArgs\"\n },\n \"returnType\": {\n \"$ref\": \"#/components/schemas/Response\"\n }\n },\n \"getSiopAuthenticationRequestFromRP\": {\n \"description\": \"Get authentication request from RP\",\n \"arguments\": {\n \"$ref\": \"#/components/schemas/IGetSiopAuthenticationRequestFromRpArgs\"\n },\n \"returnType\": {\n \"$ref\": \"#/components/schemas/ParsedAuthenticationRequestURI\"\n }\n },\n \"getSiopAuthenticationRequestDetails\": {\n \"description\": \"Get authentication request details\",\n \"arguments\": {\n \"$ref\": \"#/components/schemas/IGetSiopAuthenticationRequestDetailsArgs\"\n },\n \"returnType\": {\n \"$ref\": \"#/components/schemas/IAuthRequestDetails\"\n }\n },\n \"verifySiopAuthenticationRequestURI\": {\n \"description\": \"Verify authentication request URI\",\n \"arguments\": {\n \"$ref\": \"#/components/schemas/IVerifySiopAuthenticationRequestUriArgs\"\n },\n \"returnType\": {\n \"$ref\": \"#/components/schemas/VerifiedAuthorizationRequest\"\n }\n },\n \"sendSiopAuthenticationResponse\": {\n \"description\": \"Send authentication response\",\n \"arguments\": {\n \"$ref\": \"#/components/schemas/ISendSiopAuthenticationResponseArgs\"\n },\n \"returnType\": {\n \"$ref\": \"#/components/schemas/IRequiredContext\"\n }\n }\n }\n }\n }\n}\n","import {\n AuthorizationRequestState,\n AuthorizationResponsePayload,\n AuthorizationResponseState,\n AuthorizationResponseStateStatus,\n AuthorizationResponseStateWithVerifiedData,\n decodeUriAsJson,\n EncodedDcqlPresentationVpToken,\n VerifiedAuthorizationResponse,\n} from '@sphereon/did-auth-siop'\nimport { getAgentResolver } from '@sphereon/ssi-sdk-ext.did-utils'\nimport { shaHasher as defaultHasher } from '@sphereon/ssi-sdk.core'\nimport { validate as isValidUUID } from 'uuid'\nimport type { ImportDcqlQueryItem } from '@sphereon/ssi-sdk.pd-manager'\nimport {\n AdditionalClaims,\n CredentialMapper,\n HasherSync,\n ICredentialSubject,\n IPresentation,\n IVerifiableCredential,\n IVerifiablePresentation,\n JwtDecodedVerifiablePresentation,\n MdocDeviceResponse,\n MdocOid4vpMdocVpToken,\n OriginalVerifiablePresentation,\n SdJwtDecodedVerifiableCredential,\n} from '@sphereon/ssi-types'\nimport { IAgentPlugin } from '@veramo/core'\nimport { DcqlQuery } from 'dcql'\nimport {\n IAuthorizationRequestPayloads,\n ICreateAuthRequestArgs,\n IGetAuthRequestStateArgs,\n IGetAuthResponseStateArgs,\n IGetRedirectUriArgs,\n ImportDefinitionsArgs,\n IPEXInstanceOptions,\n IRequiredContext,\n IRPDefaultOpts,\n IRPOptions,\n ISiopRPInstanceArgs,\n ISiopv2RPOpts,\n IUpdateRequestStateArgs,\n IVerifyAuthResponseStateArgs,\n schema,\n} from '../index'\nimport { RPInstance } from '../RPInstance'\nimport { ISIOPv2RP } from '../types/ISIOPv2RP'\n\nexport class SIOPv2RP implements IAgentPlugin {\n private readonly opts: ISiopv2RPOpts\n private static readonly _DEFAULT_OPTS_KEY = '_default'\n private readonly instances: Map<string, RPInstance> = new Map()\n readonly schema = schema.IDidAuthSiopOpAuthenticator\n\n readonly methods: ISIOPv2RP = {\n siopCreateAuthRequestURI: this.createAuthorizationRequestURI.bind(this),\n siopCreateAuthRequestPayloads: this.createAuthorizationRequestPayloads.bind(this),\n siopGetAuthRequestState: this.siopGetRequestState.bind(this),\n siopGetAuthResponseState: this.siopGetResponseState.bind(this),\n siopUpdateAuthRequestState: this.siopUpdateRequestState.bind(this),\n siopDeleteAuthState: this.siopDeleteState.bind(this),\n siopVerifyAuthResponse: this.siopVerifyAuthResponse.bind(this),\n siopImportDefinitions: this.siopImportDefinitions.bind(this),\n siopGetRedirectURI: this.siopGetRedirectURI.bind(this),\n }\n\n constructor(opts: ISiopv2RPOpts) {\n this.opts = opts\n }\n\n public setDefaultOpts(rpDefaultOpts: IRPDefaultOpts, context: IRequiredContext) {\n // We allow setting default options later, because in some cases you might want to query the agent for defaults. This cannot happen when the agent is being build (this is when the constructor is being called)\n this.opts.defaultOpts = rpDefaultOpts\n // We however do require the agent to be responsible for resolution, otherwise people might encounter strange errors, that are very hard to track down\n if (\n !this.opts.defaultOpts.identifierOpts.resolveOpts?.resolver ||\n typeof this.opts.defaultOpts.identifierOpts.resolveOpts.resolver.resolve !== 'function'\n ) {\n this.opts.defaultOpts.identifierOpts.resolveOpts = {\n ...this.opts.defaultOpts.identifierOpts.resolveOpts,\n resolver: getAgentResolver(context, { uniresolverResolution: true, resolverResolution: true, localResolution: true }),\n }\n }\n }\n\n private async createAuthorizationRequestURI(createArgs: ICreateAuthRequestArgs, context: IRequiredContext): Promise<string> {\n return await this.getRPInstance(\n {\n createWhenNotPresent: true,\n responseRedirectURI: createArgs.responseRedirectURI,\n ...(createArgs.useQueryIdInstance === true && { queryId: createArgs.queryId }),\n },\n context,\n )\n .then((rp) => rp.createAuthorizationRequestURI(createArgs, context))\n .then((URI) => URI.encodedUri)\n }\n\n private async createAuthorizationRequestPayloads(\n createArgs: ICreateAuthRequestArgs,\n context: IRequiredContext,\n ): Promise<IAuthorizationRequestPayloads> {\n return await this.getRPInstance({ createWhenNotPresent: true, queryId: createArgs.queryId }, context)\n .then((rp) => rp.createAuthorizationRequest(createArgs, context))\n .then(async (request) => {\n const authRequest: IAuthorizationRequestPayloads = {\n authorizationRequest: request.payload,\n requestObject: await request.requestObjectJwt(),\n requestObjectDecoded: request.requestObject?.getPayload(),\n }\n return authRequest\n })\n }\n\n private async siopGetRequestState(args: IGetAuthRequestStateArgs, context: IRequiredContext): Promise<AuthorizationRequestState | undefined> {\n return await this.getRPInstance({ createWhenNotPresent: false, queryId: args.queryId }, context).then((rp) =>\n rp.get(context).then((rp) => rp.sessionManager.getRequestStateByCorrelationId(args.correlationId, args.errorOnNotFound)),\n )\n }\n\n private async siopGetResponseState(\n args: IGetAuthResponseStateArgs,\n context: IRequiredContext,\n ): Promise<AuthorizationResponseStateWithVerifiedData | undefined> {\n const rpInstance: RPInstance = await this.getRPInstance({ createWhenNotPresent: false, queryId: args.queryId }, context)\n const authorizationResponseState: AuthorizationResponseState | undefined = await rpInstance\n .get(context)\n .then((rp) => rp.sessionManager.getResponseStateByCorrelationId(args.correlationId, args.errorOnNotFound))\n if (authorizationResponseState === undefined) {\n return undefined\n }\n\n const responseState = authorizationResponseState as AuthorizationResponseStateWithVerifiedData\n if (responseState.status === AuthorizationResponseStateStatus.VERIFIED) {\n let hasher: HasherSync | undefined\n if (\n CredentialMapper.isSdJwtEncoded(responseState.response.payload.vp_token as OriginalVerifiablePresentation) &&\n (!rpInstance.rpOptions.credentialOpts?.hasher || typeof rpInstance.rpOptions.credentialOpts?.hasher !== 'function')\n ) {\n hasher = defaultHasher\n }\n\n // FIXME SSISDK-64 currently assuming that all vp tokens are or type EncodedDcqlPresentationVpToken as we only work with DCQL now. But the types still indicate it can be another type of vp token\n const vpToken = responseState.response.payload.vp_token && JSON.parse(responseState.response.payload.vp_token as EncodedDcqlPresentationVpToken)\n const claims = []\n for (const [credentialQueryId, presentationValue] of Object.entries(vpToken)) {\n let singleVP: OriginalVerifiablePresentation\n if (Array.isArray(presentationValue)) {\n if (presentationValue.length === 0) {\n throw Error(`DCQL query '${credentialQueryId}' has empty array of presentations`)\n }\n if (presentationValue.length > 1) {\n throw Error(`DCQL query '${credentialQueryId}' has multiple presentations (${presentationValue.length}), but only one is supported atm`)\n }\n singleVP = presentationValue[0] as OriginalVerifiablePresentation\n } else {\n singleVP = presentationValue as OriginalVerifiablePresentation\n }\n\n // todo this should also include mdl-mdoc\n const presentationDecoded = CredentialMapper.decodeVerifiablePresentation(\n singleVP as OriginalVerifiablePresentation,\n //todo: later we want to conditionally pass in options for mdl-mdoc here\n hasher,\n )\n console.log(`presentationDecoded: ${JSON.stringify(presentationDecoded)}`)\n\n const allClaims: AdditionalClaims = {}\n const presentationOrClaims = this.presentationOrClaimsFrom(presentationDecoded)\n if ('verifiableCredential' in presentationOrClaims) {\n for (const credential of presentationOrClaims.verifiableCredential) {\n const vc = credential as IVerifiableCredential\n const schemaValidationResult = await context.agent.cvVerifySchema({\n credential,\n hasher,\n validationPolicy: rpInstance.rpOptions.verificationPolicies?.schemaValidation,\n })\n if (!schemaValidationResult.result) {\n responseState.status = AuthorizationResponseStateStatus.ERROR\n responseState.error = new Error(schemaValidationResult.error)\n return responseState\n }\n\n const credentialSubject = vc.credentialSubject as ICredentialSubject & AdditionalClaims\n if (!('id' in allClaims)) {\n allClaims['id'] = credentialSubject.id\n }\n\n Object.entries(credentialSubject).forEach(([key, value]) => {\n if (!(key in allClaims)) {\n allClaims[key] = value\n }\n })\n\n claims.push({\n id: credentialQueryId,\n type: vc.type[0],\n claims: allClaims,\n })\n }\n } else {\n claims.push({\n id: credentialQueryId,\n type: (presentationDecoded as SdJwtDecodedVerifiableCredential).decodedPayload.vct,\n claims: presentationOrClaims,\n })\n }\n }\n\n responseState.verifiedData = {\n ...(responseState.response.payload.vp_token && {\n authorization_response: {\n vp_token:\n typeof responseState.response.payload.vp_token === 'string'\n ? JSON.parse(responseState.response.payload.vp_token)\n : responseState.response.payload.vp_token,\n },\n }),\n ...(claims.length > 0 && { credential_claims: claims }),\n }\n }\n\n return responseState\n }\n\n private presentationOrClaimsFrom = (\n presentationDecoded:\n | JwtDecodedVerifiablePresentation\n | IVerifiablePresentation\n | SdJwtDecodedVerifiableCredential\n | MdocOid4vpMdocVpToken\n | MdocDeviceResponse,\n ): AdditionalClaims | IPresentation => {\n return CredentialMapper.isSdJwtDecodedCredential(presentationDecoded)\n ? presentationDecoded.decodedPayload\n : CredentialMapper.toUniformPresentation(presentationDecoded as OriginalVerifiablePresentation)\n }\n\n private async siopUpdateRequestState(args: IUpdateRequestStateArgs, context: IRequiredContext): Promise<AuthorizationRequestState> {\n if (args.state !== 'authorization_request_created') {\n throw Error(`Only 'authorization_request_created' status is supported for this method at this point`)\n }\n return await this.getRPInstance({ createWhenNotPresent: false, queryId: args.queryId }, context)\n // todo: In the SIOP library we need to update the signal method to be more like this method\n .then((rp) =>\n rp.get(context).then(async (rp) => {\n await rp.signalAuthRequestRetrieved({\n correlationId: args.correlationId,\n error: args.error ? new Error(args.error) : undefined,\n })\n return (await rp.sessionManager.getRequestStateByCorrelationId(args.correlationId, true)) as AuthorizationRequestState\n }),\n )\n }\n\n private async siopDeleteState(args: IGetAuthResponseStateArgs, context: IRequiredContext): Promise<boolean> {\n return await this.getRPInstance({ createWhenNotPresent: false, queryId: args.queryId }, context)\n .then((rp) => rp.get(context).then((rp) => rp.sessionManager.deleteStateForCorrelationId(args.correlationId)))\n .then(() => true)\n }\n\n private async siopVerifyAuthResponse(args: IVerifyAuthResponseStateArgs, context: IRequiredContext): Promise<VerifiedAuthorizationResponse> {\n if (!args.authorizationResponse) {\n throw Error('No SIOPv2 Authorization Response received')\n }\n const authResponse =\n typeof args.authorizationResponse === 'string'\n ? (decodeUriAsJson(args.authorizationResponse) as AuthorizationResponsePayload)\n : args.authorizationResponse\n return await this.getRPInstance({ createWhenNotPresent: false, queryId: args.queryId }, context).then((rp) =>\n rp.get(context).then((rp) =>\n rp.verifyAuthorizationResponse(authResponse, {\n correlationId: args.correlationId,\n ...(args.dcqlQuery && { dcqlQuery: args.dcqlQuery }),\n audience: args.audience,\n }),\n ),\n )\n }\n\n private async siopImportDefinitions(args: ImportDefinitionsArgs, context: IRequiredContext): Promise<void> {\n const { importItems, tenantId, version, versionControlMode } = args\n await Promise.all(\n importItems.map(async (importItem: ImportDcqlQueryItem) => {\n DcqlQuery.validate(importItem.query)\n console.log(`persisting DCQL definition ${importItem.queryId} with versionControlMode ${versionControlMode}`)\n\n return context.agent.pdmPersistDefinition({\n definitionItem: {\n queryId: importItem.queryId!,\n tenantId: tenantId,\n version: version,\n query: importItem.query,\n },\n opts: { versionControlMode: versionControlMode },\n })\n }),\n )\n }\n\n private async siopGetRedirectURI(args: IGetRedirectUriArgs, context: IRequiredContext): Promise<string | undefined> {\n const instanceId = args.queryId ?? SIOPv2RP._DEFAULT_OPTS_KEY\n if (this.instances.has(instanceId)) {\n const rpInstance = this.instances.get(instanceId)\n if (rpInstance !== undefined) {\n const rp = await rpInstance.get(context)\n return await rp.getResponseRedirectUri({\n correlation_id: args.correlationId,\n correlationId: args.correlationId,\n ...(args.state && { state: args.state }),\n })\n }\n }\n return undefined\n }\n\n async getRPInstance({ createWhenNotPresent, queryId, responseRedirectURI }: ISiopRPInstanceArgs, context: IRequiredContext): Promise<RPInstance> {\n let rpInstanceId: string = SIOPv2RP._DEFAULT_OPTS_KEY\n let rpInstance: RPInstance | undefined\n if (queryId) {\n if (this.instances.has(queryId)) {\n rpInstanceId = queryId\n rpInstance = this.instances.get(rpInstanceId)!\n } else if (isValidUUID(queryId)) {\n try {\n // Check whether queryId is actually the PD item id\n const pd = await context.agent.pdmGetDefinition({ itemId: queryId })\n if (this.instances.has(pd.queryId)) {\n rpInstanceId = pd.queryId\n rpInstance = this.instances.get(rpInstanceId)!\n }\n } catch (ignore) {}\n }\n if (createWhenNotPresent) {\n rpInstanceId = queryId\n } else {\n rpInstance = this.instances.get(rpInstanceId)\n }\n } else {\n rpInstance = this.instances.get(rpInstanceId)\n }\n\n if (!rpInstance) {\n if (!createWhenNotPresent) {\n return Promise.reject(`No RP instance found for key ${rpInstanceId}`)\n }\n const instanceOpts = this.getInstanceOpts(queryId)\n const rpOpts = await this.getRPOptions(context, { queryId, responseRedirectURI: responseRedirectURI })\n if (!rpOpts.identifierOpts.resolveOpts?.resolver || typeof rpOpts.identifierOpts.resolveOpts.resolver.resolve !== 'function') {\n if (!rpOpts.identifierOpts?.resolveOpts) {\n rpOpts.identifierOpts = { ...rpOpts.identifierOpts }\n rpOpts.identifierOpts.resolveOpts = { ...rpOpts.identifierOpts.resolveOpts }\n }\n console.log('Using agent DID resolver for RP instance with definition id ' + queryId)\n rpOpts.identifierOpts.resolveOpts.resolver = getAgentResolver(context, {\n uniresolverResolution: true,\n localResolution: true,\n resolverResolution: true,\n })\n }\n rpInstance = new RPInstance({ rpOpts, pexOpts: instanceOpts })\n this.instances.set(rpInstanceId, rpInstance)\n }\n if (responseRedirectURI) {\n rpInstance.rpOptions.responseRedirectUri = responseRedirectURI\n }\n return rpInstance\n }\n\n async getRPOptions(context: IRequiredContext, opts: { queryId?: string; responseRedirectURI?: string }): Promise<IRPOptions> {\n const { queryId, responseRedirectURI: responseRedirectURI } = opts\n const options = this.getInstanceOpts(queryId)?.rpOpts ?? this.opts.defaultOpts\n if (!options) {\n throw Error(`Could not get specific nor default options for definition ${queryId}`)\n }\n if (this.opts.defaultOpts) {\n if (!options.identifierOpts) {\n options.identifierOpts = this.opts.defaultOpts?.identifierOpts\n } else {\n if (!options.identifierOpts.idOpts) {\n options.identifierOpts.idOpts = this.opts.defaultOpts.identifierOpts.idOpts\n }\n if (!options.identifierOpts.supportedDIDMethods) {\n options.identifierOpts.supportedDIDMethods = this.opts.defaultOpts.identifierOpts.supportedDIDMethods\n }\n if (!options.supportedVersions) {\n options.supportedVersions = this.opts.defaultOpts.supportedVersions\n }\n }\n if (!options.identifierOpts.resolveOpts || typeof options.identifierOpts.resolveOpts.resolver?.resolve !== 'function') {\n options.identifierOpts.resolveOpts = {\n ...this.opts.defaultOpts.identifierOpts.resolveOpts,\n resolver:\n this.opts.defaultOpts.identifierOpts?.resolveOpts?.resolver ??\n getAgentResolver(context, { localResolution: true, resolverResolution: true, uniresolverResolution: true }),\n }\n }\n }\n if (responseRedirectURI !== undefined && responseRedirectURI !== options.responseRedirectUri) {\n options.responseRedirectUri = responseRedirectURI\n }\n return options\n }\n\n getInstanceOpts(queryId?: string): IPEXInstanceOptions | undefined {\n if (!this.opts.instanceOpts) return undefined\n\n const instanceOpt = queryId ? this.opts.instanceOpts.find((i) => i.queryId === queryId) : undefined\n\n return instanceOpt ?? this.getDefaultOptions(queryId)\n }\n\n private getDefaultOptions(queryId: string | undefined) {\n if (!this.opts.instanceOpts) return undefined\n\n const defaultOptions = this.opts.instanceOpts.find((i) => i.queryId === 'default')\n if (defaultOptions) {\n const clonedOptions = { ...defaultOptions }\n if (queryId !== undefined) {\n clonedOptions.queryId = queryId\n }\n return clonedOptions\n }\n\n return undefined\n }\n}\n","import {\n ClientIdentifierPrefix,\n ClientMetadataOpts,\n DcqlQueryLookupCallback,\n InMemoryRPSessionManager,\n PassBy,\n PresentationVerificationCallback,\n PresentationVerificationResult,\n PropertyTarget,\n ResponseMode,\n ResponseType,\n RevocationVerification,\n RP,\n RPBuilder,\n Scope,\n SubjectType,\n SupportedVersion,\n VerifyJwtCallback,\n} from '@sphereon/did-auth-siop'\nimport { CreateJwtCallback, JwtHeader, JwtIssuer, JwtPayload, SigningAlgo } from '@sphereon/oid4vc-common'\nimport { IPresentationDefinition } from '@sphereon/pex'\nimport { getAgentDIDMethods, getAgentResolver } from '@sphereon/ssi-sdk-ext.did-utils'\nimport {\n isExternalIdentifierOIDFEntityIdOpts,\n isManagedIdentifierDidOpts,\n isManagedIdentifierDidResult,\n isManagedIdentifierX5cOpts,\n ManagedIdentifierOptsOrResult,\n} from '@sphereon/ssi-sdk-ext.identifier-resolution'\nimport { JwtCompactResult } from '@sphereon/ssi-sdk-ext.jwt-service'\nimport { IVerifySdJwtPresentationResult } from '@sphereon/ssi-sdk.sd-jwt'\nimport { CredentialMapper, HasherSync, OriginalVerifiableCredential, PresentationSubmission } from '@sphereon/ssi-types'\nimport { IVerifyCallbackArgs, IVerifyCredentialResult, VerifyCallback } from '@sphereon/wellknown-dids-client'\nimport { TKeyType } from '@veramo/core'\nimport { JWTVerifyOptions } from 'did-jwt'\nimport { Resolvable } from 'did-resolver'\nimport { EventEmitter } from 'events'\nimport { validate as isValidUUID } from 'uuid'\nimport { IRequiredContext, IRPOptions, ISIOPIdentifierOptions } from './types/ISIOPv2RP'\nimport { DcqlQuery } from 'dcql'\nimport { defaultHasher } from '@sphereon/ssi-sdk.core'\n\nexport function getRequestVersion(rpOptions: IRPOptions): SupportedVersion {\n if (Array.isArray(rpOptions.supportedVersions) && rpOptions.supportedVersions.length > 0) {\n return rpOptions.supportedVersions[0]\n }\n return SupportedVersion.OID4VP_v1\n}\n\nfunction getWellKnownDIDVerifyCallback(siopIdentifierOpts: ISIOPIdentifierOptions, context: IRequiredContext) {\n return siopIdentifierOpts.wellknownDIDVerifyCallback\n ? siopIdentifierOpts.wellknownDIDVerifyCallback\n : async (args: IVerifyCallbackArgs): Promise<IVerifyCredentialResult> => {\n const result = await context.agent.cvVerifyCredential({\n credential: args.credential as OriginalVerifiableCredential,\n fetchRemoteContexts: true,\n })\n return { verified: result.result }\n }\n}\n\nexport function getDcqlQueryLookupCallback(context: IRequiredContext): DcqlQueryLookupCallback {\n async function dcqlQueryLookup(queryId: string, version?: string, tenantId?: string): Promise<DcqlQuery> {\n // TODO Add caching?\n const result = await context.agent.pdmGetDefinitions({\n filter: [\n {\n queryId,\n ...(tenantId && { tenantId }),\n ...(version && { version }),\n },\n ...(isValidUUID(queryId) ? [{ id: queryId }] : []),\n ],\n })\n if (result && result.length > 0) {\n return result[0].query\n }\n\n return Promise.reject(Error(`No dcql query found for queryId ${queryId}`))\n }\n\n return dcqlQueryLookup\n}\n\nexport function getPresentationVerificationCallback(\n idOpts: ManagedIdentifierOptsOrResult,\n context: IRequiredContext,\n): PresentationVerificationCallback {\n async function presentationVerificationCallback(\n args: any, // FIXME any\n presentationSubmission?: PresentationSubmission,\n ): Promise<PresentationVerificationResult> {\n if (CredentialMapper.isSdJwtEncoded(args)) {\n const result: IVerifySdJwtPresentationResult = await context.agent.verifySdJwtPresentation({\n presentation: args,\n })\n // fixme: investigate the correct way to handle this\n return { verified: !!result.payload }\n }\n\n if (CredentialMapper.isMsoMdocOid4VPEncoded(args)) {\n // TODO Funke reevaluate\n if (context.agent.mdocOid4vpRPVerify === undefined) {\n return Promise.reject('ImDLMdoc agent plugin must be enabled to support MsoMdoc types')\n }\n if (presentationSubmission !== undefined && presentationSubmission !== null) {\n const verifyResult = await context.agent.mdocOid4vpRPVerify({\n vp_token: args,\n presentation_submission: presentationSubmission,\n })\n return { verified: !verifyResult.error }\n }\n throw Error(`mdocOid4vpRPVerify(...) method requires a presentation submission`)\n }\n\n const result = await context.agent.verifyPresentation({\n presentation: args,\n fetchRemoteContexts: true,\n domain: (await context.agent.identifierManagedGet(idOpts)).kid?.split('#')[0],\n })\n return { verified: result.verified }\n }\n\n return presentationVerificationCallback\n}\n\nexport async function createRPBuilder(args: {\n rpOpts: IRPOptions\n definition?: IPresentationDefinition\n context: IRequiredContext\n}): Promise<RPBuilder> {\n const { rpOpts, context } = args\n const { identifierOpts } = rpOpts\n\n const didMethods = identifierOpts.supportedDIDMethods ?? (await getAgentDIDMethods(context))\n const eventEmitter = rpOpts.eventEmitter ?? new EventEmitter()\n\n const defaultClientMetadata: ClientMetadataOpts = {\n // FIXME: All of the below should be configurable. Some should come from builder, some should be determined by the agent.\n // For now it is either preconfigured or everything passed in as a single object\n idTokenSigningAlgValuesSupported: [SigningAlgo.EDDSA, SigningAlgo.ES256, SigningAlgo.ES256K], // added newly\n requestObjectSigningAlgValuesSupported: [SigningAlgo.EDDSA, SigningAlgo.ES256, SigningAlgo.ES256K], // added newly\n responseTypesSupported: [ResponseType.ID_TOKEN], // added newly\n client_name: 'Sphereon',\n vpFormatsSupported: {\n jwt_vc: { alg: ['EdDSA', 'ES256K'] },\n jwt_vp: { alg: ['ES256K', 'EdDSA'] },\n },\n scopesSupported: [Scope.OPENID_DIDAUTHN],\n subjectTypesSupported: [SubjectType.PAIRWISE],\n subject_syntax_types_supported: didMethods.map((method) => `did:${method}`),\n passBy: PassBy.VALUE,\n }\n\n const resolver =\n rpOpts.identifierOpts.resolveOpts?.resolver ??\n getAgentResolver(context, {\n resolverResolution: true,\n localResolution: true,\n uniresolverResolution: rpOpts.identifierOpts.resolveOpts?.noUniversalResolverFallback !== true,\n })\n //todo: probably wise to first look and see if we actually need the hasher to begin with\n let hasher: HasherSync | undefined = rpOpts.credentialOpts?.hasher\n if (!rpOpts.credentialOpts?.hasher || typeof rpOpts.credentialOpts?.hasher !== 'function') {\n hasher = defaultHasher\n }\n\n const builder = RP.builder({ requestVersion: getRequestVersion(rpOpts) })\n .withScope('openid', PropertyTarget.REQUEST_OBJECT)\n .withResponseMode(rpOpts.responseMode ?? ResponseMode.POST)\n .withResponseType(ResponseType.VP_TOKEN, PropertyTarget.REQUEST_OBJECT)\n // todo: move to options fill/correct method\n .withSupportedVersions(rpOpts.supportedVersions ?? [SupportedVersion.OID4VP_v1, SupportedVersion.SIOPv2_OID4VP_D28])\n\n .withEventEmitter(eventEmitter)\n .withSessionManager(rpOpts.sessionManager ?? new InMemoryRPSessionManager(eventEmitter))\n .withClientMetadata(rpOpts.clientMetadataOpts ?? defaultClientMetadata, PropertyTarget.REQUEST_OBJECT)\n .withVerifyJwtCallback(\n rpOpts.verifyJwtCallback\n ? rpOpts.verifyJwtCallback\n : getVerifyJwtCallback(\n {\n resolver,\n verifyOpts: {\n wellknownDIDVerifyCallback: getWellKnownDIDVerifyCallback(rpOpts.identifierOpts, context),\n checkLinkedDomain: 'if_present',\n },\n },\n context,\n ),\n )\n .withDcqlQueryLookup(getDcqlQueryLookupCallback(context))\n .withRevocationVerification(RevocationVerification.NEVER)\n .withPresentationVerification(getPresentationVerificationCallback(identifierOpts.idOpts, context))\n\n const oidfOpts = identifierOpts.oidfOpts\n if (oidfOpts && isExternalIdentifierOIDFEntityIdOpts(oidfOpts)) {\n builder.withEntityId(oidfOpts.identifier, PropertyTarget.REQUEST_OBJECT)\n } else {\n const resolution = await context.agent.identifierManagedGet(identifierOpts.idOpts)\n const clientId: string =\n rpOpts.clientMetadataOpts?.client_id ??\n resolution.issuer ??\n (isManagedIdentifierDidResult(resolution) ? resolution.did : resolution.jwkThumbprint)\n const clientIdPrefixed = prefixClientId(clientId)\n builder.withClientId(clientIdPrefixed, PropertyTarget.REQUEST_OBJECT)\n }\n\n if (hasher) {\n builder.withHasher(hasher)\n }\n //fixme: this has been removed in the new version of did-auth-siop\n /*if (!rpOpts.clientMetadataOpts?.subjectTypesSupported) {\n // Do not update in case it is already provided via client metadata opts\n didMethods.forEach((method) => builder.addDidMethod(method))\n }*/\n //fixme: this has been removed in the new version of did-auth-siop\n // builder.withWellknownDIDVerifyCallback(getWellKnownDIDVerifyCallback(didOpts, context))\n\n if (rpOpts.responseRedirectUri) {\n builder.withResponseRedirectUri(rpOpts.responseRedirectUri)\n }\n\n //const key = resolution.key\n //fixme: this has been removed in the new version of did-auth-siop\n //builder.withSuppliedSignature(SuppliedSigner(key, context, getSigningAlgo(key.type) as unknown as KeyAlgo), did, kid, getSigningAlgo(key.type))\n\n /*if (isManagedIdentifierDidResult(resolution)) {\n //fixme: only accepts dids in version used. New SIOP lib also accepts other types\n builder.withSuppliedSignature(\n SuppliedSigner(key, context, getSigningAlgo(key.type) as unknown as KeyAlgo),\n resolution.did,\n resolution.kid,\n getSigningAlgo(key.type),\n )\n }*/\n //fixme: signcallback and it's return type are not totally compatible with our CreateJwtCallbackBase\n const createJwtCallback = signCallback(rpOpts.identifierOpts.idOpts, context)\n builder.withCreateJwtCallback(createJwtCallback satisfies CreateJwtCallback<any>)\n return builder\n}\n\nexport function signCallback(\n idOpts: ManagedIdentifierOptsOrResult,\n context: IRequiredContext,\n): (jwtIssuer: JwtIssuer, jwt: { header: JwtHeader; payload: JwtPayload }, kid?: string) => Promise<string> {\n return async (jwtIssuer: JwtIssuer, jwt: { header: JwtHeader; payload: JwtPayload }, kid?: string) => {\n if (!(isManagedIdentifierDidOpts(idOpts) || isManagedIdentifierX5cOpts(idOpts))) {\n return Promise.reject(Error(`JWT issuer method ${jwtIssuer.method} not yet supported`))\n }\n const result: JwtCompactResult = await context.agent.jwtCreateJwsCompactSignature({\n // FIXME fix cose-key inference\n // @ts-ignore\n issuer: { identifier: idOpts.identifier, kmsKeyRef: idOpts.kmsKeyRef, noIdentifierInHeader: false },\n // FIXME fix JWK key_ops\n // @ts-ignore\n protectedHeader: jwt.header,\n payload: jwt.payload,\n })\n return result.jwt\n }\n}\n\nfunction getVerifyJwtCallback(\n _opts: {\n resolver?: Resolvable\n verifyOpts?: JWTVerifyOptions & {\n checkLinkedDomain: 'never' | 'if_present' | 'always'\n wellknownDIDVerifyCallback?: VerifyCallback\n }\n },\n context: IRequiredContext,\n): VerifyJwtCallback {\n return async (_jwtVerifier, jwt) => {\n const result = await context.agent.jwtVerifyJwsSignature({ jws: jwt.raw })\n console.log(result.message)\n return !result.error\n }\n}\n\nexport async function createRP({ rpOptions, context }: { rpOptions: IRPOptions; context: IRequiredContext }): Promise<RP> {\n return (await createRPBuilder({ rpOpts: rpOptions, context })).build()\n}\n\nexport function getSigningAlgo(type: TKeyType): SigningAlgo {\n switch (type) {\n case 'Ed25519':\n return SigningAlgo.EDDSA\n case 'Secp256k1':\n return SigningAlgo.ES256K\n case 'Secp256r1':\n return SigningAlgo.ES256\n // @ts-ignore\n case 'RSA':\n return SigningAlgo.RS256\n default:\n throw Error('Key type not yet supported')\n }\n}\n\nexport function prefixClientId(clientId: string): string {\n // FIXME SSISDK-60\n if (clientId.startsWith('did:')) {\n return `${ClientIdentifierPrefix.DECENTRALIZED_IDENTIFIER}:${clientId}`\n }\n\n return clientId\n}\n","import { AuthorizationRequest, RP, URI } from '@sphereon/did-auth-siop'\nimport { ICreateAuthRequestArgs, IPresentationOptions, IRequiredContext, IRPOptions } from './types/ISIOPv2RP'\nimport { createRPBuilder, getRequestVersion, getSigningAlgo } from './functions'\nimport { v4 as uuidv4 } from 'uuid'\nimport { JwtIssuer } from '@sphereon/oid4vc-common'\nimport {\n ensureManagedIdentifierResult,\n isManagedIdentifierDidResult,\n isManagedIdentifierX5cResult,\n} from '@sphereon/ssi-sdk-ext.identifier-resolution'\n\nexport class RPInstance {\n private _rp: RP | undefined\n private readonly _presentationOptions: IPresentationOptions | undefined\n private readonly _rpOptions: IRPOptions\n\n public constructor({ rpOpts, pexOpts }: { rpOpts: IRPOptions; pexOpts?: IPresentationOptions }) {\n this._rpOptions = rpOpts\n this._presentationOptions = pexOpts\n }\n\n public async get(context: IRequiredContext): Promise<RP> {\n if (!this._rp) {\n const builder = await createRPBuilder({\n rpOpts: this._rpOptions,\n context,\n })\n this._rp = builder.build()\n }\n return this._rp!\n }\n\n get rpOptions() {\n return this._rpOptions\n }\n\n get presentationOptions() {\n return this._presentationOptions\n }\n\n public async createAuthorizationRequestURI(createArgs: ICreateAuthRequestArgs, context: IRequiredContext): Promise<URI> {\n const { correlationId, queryId, claims, requestByReferenceURI, responseURI, responseURIType, callback, responseRedirectURI } = createArgs\n const nonce = createArgs.nonce ?? uuidv4()\n const state = createArgs.state ?? correlationId\n let jwtIssuer: JwtIssuer\n const idOpts = this.rpOptions.identifierOpts.idOpts\n const resolution = await ensureManagedIdentifierResult(idOpts, context)\n if (isManagedIdentifierDidResult(resolution)) {\n jwtIssuer = { didUrl: resolution.kid, method: 'did', alg: getSigningAlgo(resolution.key.type) }\n } else if (isManagedIdentifierX5cResult(resolution)) {\n if (!resolution.issuer) {\n return Promise.reject('missing issuer in idOpts')\n }\n jwtIssuer = {\n issuer: resolution.issuer,\n x5c: resolution.x5c,\n method: 'x5c',\n alg: getSigningAlgo(resolution.key.type),\n }\n } else {\n return Promise.reject(Error(`JWT issuer method ${resolution.method} not yet supported`))\n }\n\n return await this.get(context).then((rp) =>\n rp.createAuthorizationRequestURI({\n version: getRequestVersion(this.rpOptions),\n correlationId,\n queryId,\n nonce,\n state,\n claims,\n requestByReferenceURI,\n responseURI,\n responseURIType,\n jwtIssuer,\n callback,\n responseRedirectURI,\n }),\n )\n }\n\n public async createAuthorizationRequest(\n createArgs: Omit<ICreateAuthRequestArgs, 'queryId'>,\n context: IRequiredContext,\n ): Promise<AuthorizationRequest> {\n const { correlationId, claims, requestByReferenceURI, responseURI, responseURIType, responseRedirectURI } = createArgs\n const nonce = createArgs.nonce ?? uuidv4()\n const state = createArgs.state ?? correlationId\n const idOpts = this.rpOptions.identifierOpts.idOpts\n const resolution = await ensureManagedIdentifierResult(idOpts, context)\n\n let jwtIssuer: JwtIssuer\n if (isManagedIdentifierX5cResult(resolution) && resolution.issuer) {\n jwtIssuer = {\n method: resolution.method,\n alg: getSigningAlgo(resolution.key.type),\n x5c: resolution.x5c,\n issuer: resolution.issuer,\n }\n } else if (isManagedIdentifierDidResult(resolution)) {\n jwtIssuer = {\n method: resolution.method,\n alg: getSigningAlgo(resolution.key.type),\n didUrl: resolution.did,\n }\n } else {\n return Promise.reject(Error('Only did & x5c supported at present'))\n }\n\n return await this.get(context).then((rp) =>\n rp.createAuthorizationRequest({\n version: getRequestVersion(this.rpOptions),\n correlationId,\n nonce,\n state,\n claims,\n requestByReferenceURI,\n responseURIType,\n responseURI,\n jwtIssuer,\n responseRedirectURI,\n }),\n )\n }\n}\n"],"mappings":";;;;;;;;;;;;;;;;;;;;;AAAA;;;;;;;;ACAA;AAAA,EACE,6BAA+B;AAAA,IAC7B,YAAc;AAAA,MACZ,SAAW;AAAA,QACT,qBAAuB;AAAA,UACrB,MAAQ;AAAA,UACR,YAAc;AAAA,YACZ,WAAa;AAAA,cACX,MAAQ;AAAA,YACV;AAAA,YACA,sBAAwB;AAAA,UAC1B;AAAA,UACA,UAAY,CAAC,WAAW;AAAA,UACxB,aAAe;AAAA,QACjB;AAAA,QACA,0BAA4B;AAAA,UAC1B,MAAQ;AAAA,UACR,YAAc;AAAA,YACZ,YAAc;AAAA,cACZ,MAAQ;AAAA,cACR,YAAc;AAAA,gBACZ,KAAO;AAAA,kBACL,MAAQ;AAAA,gBACV;AAAA,gBACA,OAAS;AAAA,kBACP,MAAQ;AAAA,gBACV;AAAA,gBACA,UAAY;AAAA,kBACV,MAAQ;AAAA,gBACV;AAAA,gBACA,iBAAmB;AAAA,kBACjB,MAAQ;AAAA,gBACV;AAAA,gBACA,MAAQ;AAAA,kBACN,MAAQ;AAAA,kBACR,OAAS;AAAA,oBACP,MAAQ;AAAA,oBACR,YAAc;AAAA,sBACZ,sBAAwB;AAAA,oBAC1B;AAAA,kBACF;AAAA,gBACF;AAAA,gBACA,UAAY;AAAA,kBACV,MAAQ;AAAA,kBACR,OAAS;AAAA,oBACP,MAAQ;AAAA,oBACR,YAAc;AAAA,sBACZ,sBAAwB;AAAA,oBAC1B;AAAA,kBACF;AAAA,gBACF;AAAA,cACF;AAAA,cACA,sBAAwB;AAAA,cACxB,UAAY,CAAC,OAAO,YAAY,QAAQ,UAAU;AAAA,YACpD;AAAA,YACA,WAAa;AAAA,cACX,MAAQ;AAAA,YACV;AAAA,YACA,WAAa;AAAA,cACX,MAAQ;AAAA,YACV;AAAA,YACA,sBAAwB;AAAA,UAC1B;AAAA,UACA,UAAY,CAAC,YAAY;AAAA,UACzB,aAAe;AAAA,QACjB;AAAA,QACA,wBAA0B;AAAA,UACxB,MAAQ;AAAA,UACR,YAAc;AAAA,YACZ,WAAa;AAAA,cACX,MAAQ;AAAA,YACV;AAAA,YACA,sBAAwB;AAAA,UAC1B;AAAA,UACA,UAAY,CAAC,WAAW;AAAA,UACxB,aAAe;AAAA,QACjB;AAAA,QACA,2BAA6B;AAAA,UAC3B,MAAQ;AAAA,UACR,YAAc;AAAA,YACZ,WAAa;AAAA,cACX,MAAQ;AAAA,YACV;AAAA,YACA,SAAW;AAAA,cACT,MAAQ;AAAA,YACV;AAAA,YACA,aAAe;AAAA,cACb,MAAQ;AAAA,YACV;AAAA,YACA,sBAAwB;AAAA,UAC1B;AAAA,UACA,UAAY,CAAC,aAAa,WAAW,aAAa;AAAA,UAClD,aAAe;AAAA,QACjB;AAAA,QACA,WAAa;AAAA,UACX,MAAQ;AAAA,UACR,YAAc;AAAA,YACZ,QAAU;AAAA,cACR,MAAQ;AAAA,YACV;AAAA,YACA,sBAAwB;AAAA,UAC1B;AAAA,UACA,UAAY,CAAC,QAAQ;AAAA,UACrB,aAAe;AAAA,QACjB;AAAA,QACA,yCAA2C;AAAA,UACzC,MAAQ;AAAA,UACR,YAAc;AAAA,YACZ,WAAa;AAAA,cACX,MAAQ;AAAA,YACV;AAAA,YACA,SAAW;AAAA,cACT,MAAQ;AAAA,YACV;AAAA,YACA,aAAe;AAAA,cACb,MAAQ;AAAA,YACV;AAAA,YACA,sBAAwB;AAAA,UAC1B;AAAA,UACA,UAAY,CAAC,aAAa,WAAW,aAAa;AAAA,UAClD,aAAe;AAAA,QACjB;AAAA,QACA,gCAAkC;AAAA,UAChC,MAAQ;AAAA,UACR,YAAc;AAAA,YACZ,KAAO;AAAA,cACL,MAAQ;AAAA,YACV;AAAA,YACA,gBAAkB;AAAA,cAChB,MAAQ;AAAA,cACR,YAAc;AAAA,gBACZ,sBAAwB;AAAA,cAC1B;AAAA,YACF;AAAA,YACA,cAAgB;AAAA,cACd,MAAQ;AAAA,cACR,YAAc;AAAA,gBACZ,sBAAwB;AAAA,cAC1B;AAAA,YACF;AAAA,YACA,sBAAwB;AAAA,UAC1B;AAAA,UACA,UAAY,CAAC,OAAO,kBAAkB,cAAc;AAAA,UACpD,aAAe;AAAA,QACjB;AAAA,QACA,0CAA4C;AAAA,UAC1C,MAAQ;AAAA,UACR,YAAc;AAAA,YACZ,WAAa;AAAA,cACX,MAAQ;AAAA,YACV;AAAA,YACA,+BAAiC;AAAA,cAC/B,MAAQ;AAAA,cACR,YAAc;AAAA,gBACZ,sBAAwB;AAAA,cAC1B;AAAA,YACF;AAAA,YACA,kBAAoB;AAAA,cAClB,MAAQ;AAAA,cACR,YAAc;AAAA,gBACZ,sBAAwB;AAAA,cAC1B;AAAA,YACF;AAAA,YACA,sBAAwB;AAAA,UAC1B;AAAA,UACA,UAAY,CAAC,aAAa,+BAA+B;AAAA,UACzD,aAAe;AAAA,QACjB;AAAA,QACA,qBAAuB;AAAA,UACrB,MAAQ;AAAA,UACR,YAAc;AAAA,YACZ,IAAM;AAAA,cACJ,MAAQ;AAAA,YACV;AAAA,YACA,aAAe;AAAA,cACb,MAAQ;AAAA,cACR,OAAS;AAAA,gBACP,MAAQ;AAAA,cACV;AAAA,YACF;AAAA,YACA,gBAAkB;AAAA,cAChB,MAAQ;AAAA,cACR,YAAc;AAAA,gBACZ,sBAAwB;AAAA,cAC1B;AAAA,YACF;AAAA,YACA,sBAAwB;AAAA,UAC1B;AAAA,UACA,UAAY,CAAC,MAAM,gBAAgB;AAAA,UACnC,aAAe;AAAA,QACjB;AAAA,QACA,yCAA2C;AAAA,UACzC,MAAQ;AAAA,UACR,YAAc;AAAA,YACZ,WAAa;AAAA,cACX,MAAQ;AAAA,YACV;AAAA,YACA,gCAAkC;AAAA,cAChC,MAAQ;AAAA,cACR,YAAc;AAAA,gBACZ,sBAAwB;AAAA,cAC1B;AAAA,YACF;AAAA,YACA,sBAAwB;AAAA,UAC1B;AAAA,UACA,UAAY,CAAC,aAAa,gCAAgC;AAAA,UAC1D,aAAe;AAAA,QACjB;AAAA,QACA,8BAAgC;AAAA,UAC9B,MAAQ;AAAA,UACR,YAAc;AAAA,YACZ,SAAW;AAAA,cACT,MAAQ;AAAA,cACR,YAAc;AAAA,gBACZ,sBAAwB;AAAA,cAC1B;AAAA,YACF;AAAA,YACA,yBAA2B;AAAA,cACzB,MAAQ;AAAA,cACR,YAAc;AAAA,gBACZ,sBAAwB;AAAA,cAC1B;AAAA,YACF;AAAA,YACA,YAAc;AAAA,cACZ,MAAQ;AAAA,cACR,YAAc;AAAA,gBACZ,sBAAwB;AAAA,cAC1B;AAAA,YACF;AAAA,YACA,sBAAwB;AAAA,UAC1B;AAAA,UACA,UAAY,CAAC,WAAW,YAAY;AAAA,UACpC,aAAe;AAAA,QACjB;AAAA,QACA,qCAAuC;AAAA,UACrC,MAAQ;AAAA,UACR,YAAc;AAAA,YACZ,WAAa;AAAA,cACX,MAAQ;AAAA,YACV;AAAA,YACA,+BAAiC;AAAA,cAC/B,MAAQ;AAAA,cACR,YAAc;AAAA,gBACZ,sBAAwB;AAAA,cAC1B;AAAA,YACF;AAAA,YACA,gCAAkC;AAAA,cAChC,MAAQ;AAAA,cACR,YAAc;AAAA,gBACZ,sBAAwB;AAAA,cAC1B;AAAA,YACF;AAAA,YACA,sBAAwB;AAAA,UAC1B;AAAA,UACA,UAAY,CAAC,aAAa,+BAA+B;AAAA,UACzD,aAAe;AAAA,QACjB;AAAA,MACF;AAAA,MACA,SAAW;AAAA,QACT,mBAAqB;AAAA,UACnB,aAAe;AAAA,UACf,WAAa;AAAA,YACX,MAAQ;AAAA,UACV;AAAA,UACA,YAAc;AAAA,QAChB;AAAA,QACA,wBAA0B;AAAA,UACxB,aAAe;AAAA,UACf,WAAa;AAAA,YACX,MAAQ;AAAA,UACV;AAAA,UACA,YAAc;AAAA,QAChB;AAAA,QACA,sBAAwB;AAAA,UACtB,aAAe;AAAA,UACf,WAAa;AAAA,YACX,MAAQ;AAAA,UACV;AAAA,UACA,YAAc;AAAA,QAChB;AAAA,QACA,sBAAwB;AAAA,UACtB,aAAe;AAAA,UACf,WAAa;AAAA,YACX,MAAQ;AAAA,UACV;AAAA,UACA,YAAc;AAAA,YACZ,MAAQ;AAAA,UACV;AAAA,QACF;AAAA,QACA,oCAAsC;AAAA,UACpC,aAAe;AAAA,UACf,WAAa;AAAA,YACX,MAAQ;AAAA,UACV;AAAA,UACA,YAAc;AAAA,YACZ,MAAQ;AAAA,UACV;AAAA,QACF;AAAA,QACA,qCAAuC;AAAA,UACrC,aAAe;AAAA,UACf,WAAa;AAAA,YACX,MAAQ;AAAA,UACV;AAAA,UACA,YAAc;AAAA,YACZ,MAAQ;AAAA,UACV;AAAA,QACF;AAAA,QACA,oCAAsC;AAAA,UACpC,aAAe;AAAA,UACf,WAAa;AAAA,YACX,MAAQ;AAAA,UACV;AAAA,UACA,YAAc;AAAA,YACZ,MAAQ;AAAA,UACV;AAAA,QACF;AAAA,QACA,gCAAkC;AAAA,UAChC,aAAe;AAAA,UACf,WAAa;AAAA,YACX,MAAQ;AAAA,UACV;AAAA,UACA,YAAc;AAAA,YACZ,MAAQ;AAAA,UACV;AAAA,QACF;AAAA,MACF;AAAA,IACF;AAAA,EACF;AACF;;;ACxUA,IAAAA,wBASO;AACP,IAAAC,sBAAiC;AACjC,IAAAC,kBAA2C;AAC3C,IAAAC,eAAwC;AAExC,IAAAC,oBAaO;AAEP,kBAA0B;;;AC7B1B,2BAkBO;AACP,2BAAiF;AAEjF,yBAAqD;AACrD,IAAAC,sBAMO;AAGP,uBAAmG;AAKnG,oBAA6B;AAC7B,kBAAwC;AAGxC,qBAA8B;AAEvB,SAASC,kBAAkBC,WAAqB;AACrD,MAAIC,MAAMC,QAAQF,UAAUG,iBAAiB,KAAKH,UAAUG,kBAAkBC,SAAS,GAAG;AACxF,WAAOJ,UAAUG,kBAAkB,CAAA;EACrC;AACA,SAAOE,sCAAiBC;AAC1B;AALgBP;AAOhB,SAASQ,8BAA8BC,oBAA4CC,SAAyB;AAC1G,SAAOD,mBAAmBE,6BACtBF,mBAAmBE,6BACnB,OAAOC,SAAAA;AACL,UAAMC,SAAS,MAAMH,QAAQI,MAAMC,mBAAmB;MACpDC,YAAYJ,KAAKI;MACjBC,qBAAqB;IACvB,CAAA;AACA,WAAO;MAAEC,UAAUL,OAAOA;IAAO;EACnC;AACN;AAVSL;AAYF,SAASW,2BAA2BT,SAAyB;AAClE,iBAAeU,gBAAgBC,SAAiBC,SAAkBC,UAAiB;AAEjF,UAAMV,SAAS,MAAMH,QAAQI,MAAMU,kBAAkB;MACnDC,QAAQ;QACN;UACEJ;UACA,GAAIE,YAAY;YAAEA;UAAS;UAC3B,GAAID,WAAW;YAAEA;UAAQ;QAC3B;eACII,YAAAA,UAAYL,OAAAA,IAAW;UAAC;YAAEM,IAAIN;UAAQ;YAAK,CAAA;;IAEnD,CAAA;AACA,QAAIR,UAAUA,OAAOR,SAAS,GAAG;AAC/B,aAAOQ,OAAO,CAAA,EAAGe;IACnB;AAEA,WAAOC,QAAQC,OAAOC,MAAM,mCAAmCV,OAAAA,EAAS,CAAA;EAC1E;AAjBeD;AAmBf,SAAOA;AACT;AArBgBD;AAuBT,SAASa,oCACdC,QACAvB,SAAyB;AAEzB,iBAAewB,iCACbtB,MACAuB,wBAA+C;AAE/C,QAAIC,kCAAiBC,eAAezB,IAAAA,GAAO;AACzC,YAAMC,UAAyC,MAAMH,QAAQI,MAAMwB,wBAAwB;QACzFC,cAAc3B;MAChB,CAAA;AAEA,aAAO;QAAEM,UAAU,CAAC,CAACL,QAAO2B;MAAQ;IACtC;AAEA,QAAIJ,kCAAiBK,uBAAuB7B,IAAAA,GAAO;AAEjD,UAAIF,QAAQI,MAAM4B,uBAAuBC,QAAW;AAClD,eAAOd,QAAQC,OAAO,gEAAA;MACxB;AACA,UAAIK,2BAA2BQ,UAAaR,2BAA2B,MAAM;AAC3E,cAAMS,eAAe,MAAMlC,QAAQI,MAAM4B,mBAAmB;UAC1DG,UAAUjC;UACVkC,yBAAyBX;QAC3B,CAAA;AACA,eAAO;UAAEjB,UAAU,CAAC0B,aAAaG;QAAM;MACzC;AACA,YAAMhB,MAAM,mEAAmE;IACjF;AAEA,UAAMlB,SAAS,MAAMH,QAAQI,MAAMkC,mBAAmB;MACpDT,cAAc3B;MACdK,qBAAqB;MACrBgC,SAAS,MAAMvC,QAAQI,MAAMoC,qBAAqBjB,MAAAA,GAASkB,KAAKC,MAAM,GAAA,EAAK,CAAA;IAC7E,CAAA;AACA,WAAO;MAAElC,UAAUL,OAAOK;IAAS;EACrC;AAjCegB;AAmCf,SAAOA;AACT;AAxCgBF;AA0ChB,eAAsBqB,gBAAgBzC,MAIrC;AACC,QAAM,EAAE0C,QAAQ5C,QAAO,IAAKE;AAC5B,QAAM,EAAE2C,eAAc,IAAKD;AAE3B,QAAME,aAAaD,eAAeE,uBAAwB,UAAMC,uCAAmBhD,OAAAA;AACnF,QAAMiD,eAAeL,OAAOK,gBAAgB,IAAIC,2BAAAA;AAEhD,QAAMC,wBAA4C;;;IAGhDC,kCAAkC;MAACC,iCAAYC;MAAOD,iCAAYE;MAAOF,iCAAYG;;IACrFC,wCAAwC;MAACJ,iCAAYC;MAAOD,iCAAYE;MAAOF,iCAAYG;;IAC3FE,wBAAwB;MAACC,kCAAaC;;IACtCC,aAAa;IACbC,oBAAoB;MAClBC,QAAQ;QAAEC,KAAK;UAAC;UAAS;;MAAU;MACnCC,QAAQ;QAAED,KAAK;UAAC;UAAU;;MAAS;IACrC;IACAE,iBAAiB;MAACC,2BAAMC;;IACxBC,uBAAuB;MAACC,iCAAYC;;IACpCC,gCAAgC1B,WAAW2B,IAAI,CAACC,WAAW,OAAOA,MAAAA,EAAQ;IAC1EC,QAAQC,4BAAOC;EACjB;AAEA,QAAMC,WACJlC,OAAOC,eAAekC,aAAaD,gBACnCE,qCAAiBhF,SAAS;IACxBiF,oBAAoB;IACpBC,iBAAiB;IACjBC,uBAAuBvC,OAAOC,eAAekC,aAAaK,gCAAgC;EAC5F,CAAA;AAEF,MAAIC,SAAiCzC,OAAO0C,gBAAgBD;AAC5D,MAAI,CAACzC,OAAO0C,gBAAgBD,UAAU,OAAOzC,OAAO0C,gBAAgBD,WAAW,YAAY;AACzFA,aAASE;EACX;AAEA,QAAMC,UAAUC,wBAAGD,QAAQ;IAAEE,gBAAgBpG,kBAAkBsD,MAAAA;EAAQ,CAAA,EACpE+C,UAAU,UAAUC,oCAAeC,cAAc,EACjDC,iBAAiBlD,OAAOmD,gBAAgBC,kCAAaC,IAAI,EACzDC,iBAAiBvC,kCAAawC,UAAUP,oCAAeC,cAAc,EAErEO,sBAAsBxD,OAAOlD,qBAAqB;IAACE,sCAAiBC;IAAWD,sCAAiByG;GAAkB,EAElHC,iBAAiBrD,YAAAA,EACjBsD,mBAAmB3D,OAAO4D,kBAAkB,IAAIC,8CAAyBxD,YAAAA,CAAAA,EACzEyD,mBAAmB9D,OAAO+D,sBAAsBxD,uBAAuByC,oCAAeC,cAAc,EACpGe,sBACChE,OAAOiE,oBACHjE,OAAOiE,oBACPC,qBACE;IACEhC;IACAiC,YAAY;MACV9G,4BAA4BH,8BAA8B8C,OAAOC,gBAAgB7C,OAAAA;MACjFgH,mBAAmB;IACrB;EACF,GACAhH,OAAAA,CAAAA,EAGPiH,oBAAoBxG,2BAA2BT,OAAAA,CAAAA,EAC/CkH,2BAA2BC,4CAAuBC,KAAK,EACvDC,6BAA6B/F,oCAAoCuB,eAAetB,QAAQvB,OAAAA,CAAAA;AAE3F,QAAMsH,WAAWzE,eAAeyE;AAChC,MAAIA,gBAAYC,0DAAqCD,QAAAA,GAAW;AAC9D9B,YAAQgC,aAAaF,SAASG,YAAY7B,oCAAeC,cAAc;EACzE,OAAO;AACL,UAAM6B,aAAa,MAAM1H,QAAQI,MAAMoC,qBAAqBK,eAAetB,MAAM;AACjF,UAAMoG,WACJ/E,OAAO+D,oBAAoBiB,aAC3BF,WAAWG,eACVC,kDAA6BJ,UAAAA,IAAcA,WAAWK,MAAML,WAAWM;AAC1E,UAAMC,mBAAmBC,eAAeP,QAAAA;AACxCnC,YAAQ2C,aAAaF,kBAAkBrC,oCAAeC,cAAc;EACtE;AAEA,MAAIR,QAAQ;AACVG,YAAQ4C,WAAW/C,MAAAA;EACrB;AASA,MAAIzC,OAAOyF,qBAAqB;AAC9B7C,YAAQ8C,wBAAwB1F,OAAOyF,mBAAmB;EAC5D;AAgBA,QAAME,oBAAoBC,aAAa5F,OAAOC,eAAetB,QAAQvB,OAAAA;AACrEwF,UAAQiD,sBAAsBF,iBAAAA;AAC9B,SAAO/C;AACT;AAlHsB7C;AAoHf,SAAS6F,aACdjH,QACAvB,SAAyB;AAEzB,SAAO,OAAO0I,WAAsBC,KAAiDlG,QAAAA;AACnF,QAAI,MAAEmG,gDAA2BrH,MAAAA,SAAWsH,gDAA2BtH,MAAAA,IAAU;AAC/E,aAAOJ,QAAQC,OAAOC,MAAM,qBAAqBqH,UAAUhE,MAAM,oBAAoB,CAAA;IACvF;AACA,UAAMvE,SAA2B,MAAMH,QAAQI,MAAM0I,6BAA6B;;;MAGhFjB,QAAQ;QAAEJ,YAAYlG,OAAOkG;QAAYsB,WAAWxH,OAAOwH;QAAWC,sBAAsB;MAAM;;;MAGlGC,iBAAiBN,IAAIO;MACrBpH,SAAS6G,IAAI7G;IACf,CAAA;AACA,WAAO3B,OAAOwI;EAChB;AACF;AAnBgBH;AAqBhB,SAAS1B,qBACPqC,OAOAnJ,SAAyB;AAEzB,SAAO,OAAOoJ,cAAcT,QAAAA;AAC1B,UAAMxI,SAAS,MAAMH,QAAQI,MAAMiJ,sBAAsB;MAAEC,KAAKX,IAAIY;IAAI,CAAA;AACxEC,YAAQC,IAAItJ,OAAOuJ,OAAO;AAC1B,WAAO,CAACvJ,OAAOkC;EACjB;AACF;AAfSyE;AAqBF,SAAS6C,eAAeC,MAAc;AAC3C,UAAQA,MAAAA;IACN,KAAK;AACH,aAAOC,iCAAYC;IACrB,KAAK;AACH,aAAOD,iCAAYE;IACrB,KAAK;AACH,aAAOF,iCAAYG;;IAErB,KAAK;AACH,aAAOH,iCAAYI;IACrB;AACE,YAAMC,MAAM,4BAAA;EAChB;AACF;AAdgBP;AAgBT,SAASQ,eAAeC,UAAgB;AAE7C,MAAIA,SAASC,WAAW,MAAA,GAAS;AAC/B,WAAO,GAAGC,4CAAuBC,wBAAwB,IAAIH,QAAAA;EAC/D;AAEA,SAAOA;AACT;AAPgBD;;;ACzShB,IAAAK,eAA6B;AAE7B,IAAAC,sBAIO;AAEA,IAAMC,aAAN,MAAMA;EATb,OASaA;;;EACHC;EACSC;EACAC;EAEjB,YAAmB,EAAEC,QAAQC,QAAO,GAA4D;AAC9F,SAAKF,aAAaC;AAClB,SAAKF,uBAAuBG;EAC9B;EAEA,MAAaC,IAAIC,SAAwC;AACvD,QAAI,CAAC,KAAKN,KAAK;AACb,YAAMO,UAAU,MAAMC,gBAAgB;QACpCL,QAAQ,KAAKD;QACbI;MACF,CAAA;AACA,WAAKN,MAAMO,QAAQE,MAAK;IAC1B;AACA,WAAO,KAAKT;EACd;EAEA,IAAIU,YAAY;AACd,WAAO,KAAKR;EACd;EAEA,IAAIS,sBAAsB;AACxB,WAAO,KAAKV;EACd;EAEA,MAAaW,8BAA8BC,YAAoCP,SAAyC;AACtH,UAAM,EAAEQ,eAAeC,SAASC,QAAQC,uBAAuBC,aAAaC,iBAAiBC,UAAUC,oBAAmB,IAAKR;AAC/H,UAAMS,QAAQT,WAAWS,aAASC,aAAAA,IAAAA;AAClC,UAAMC,QAAQX,WAAWW,SAASV;AAClC,QAAIW;AACJ,UAAMC,SAAS,KAAKhB,UAAUiB,eAAeD;AAC7C,UAAME,aAAa,UAAMC,mDAA8BH,QAAQpB,OAAAA;AAC/D,YAAIwB,kDAA6BF,UAAAA,GAAa;AAC5CH,kBAAY;QAAEM,QAAQH,WAAWI;QAAKC,QAAQ;QAAOC,KAAKC,eAAeP,WAAWQ,IAAIC,IAAI;MAAE;IAChG,eAAWC,kDAA6BV,UAAAA,GAAa;AACnD,UAAI,CAACA,WAAWW,QAAQ;AACtB,eAAOC,QAAQC,OAAO,0BAAA;MACxB;AACAhB,kBAAY;QACVc,QAAQX,WAAWW;QACnBG,KAAKd,WAAWc;QAChBT,QAAQ;QACRC,KAAKC,eAAeP,WAAWQ,IAAIC,IAAI;MACzC;IACF,OAAO;AACL,aAAOG,QAAQC,OAAOE,MAAM,qBAAqBf,WAAWK,MAAM,oBAAoB,CAAA;IACxF;AAEA,WAAO,MAAM,KAAK5B,IAAIC,OAAAA,EAASsC,KAAK,CAACC,OACnCA,GAAGjC,8BAA8B;MAC/BkC,SAASC,kBAAkB,KAAKrC,SAAS;MACzCI;MACAC;MACAO;MACAE;MACAR;MACAC;MACAC;MACAC;MACAM;MACAL;MACAC;IACF,CAAA,CAAA;EAEJ;EAEA,MAAa2B,2BACXnC,YACAP,SAC+B;AAC/B,UAAM,EAAEQ,eAAeE,QAAQC,uBAAuBC,aAAaC,iBAAiBE,oBAAmB,IAAKR;AAC5G,UAAMS,QAAQT,WAAWS,aAASC,aAAAA,IAAAA;AAClC,UAAMC,QAAQX,WAAWW,SAASV;AAClC,UAAMY,SAAS,KAAKhB,UAAUiB,eAAeD;AAC7C,UAAME,aAAa,UAAMC,mDAA8BH,QAAQpB,OAAAA;AAE/D,QAAImB;AACJ,YAAIa,kDAA6BV,UAAAA,KAAeA,WAAWW,QAAQ;AACjEd,kBAAY;QACVQ,QAAQL,WAAWK;QACnBC,KAAKC,eAAeP,WAAWQ,IAAIC,IAAI;QACvCK,KAAKd,WAAWc;QAChBH,QAAQX,WAAWW;MACrB;IACF,eAAWT,kDAA6BF,UAAAA,GAAa;AACnDH,kBAAY;QACVQ,QAAQL,WAAWK;QACnBC,KAAKC,eAAeP,WAAWQ,IAAIC,IAAI;QACvCN,QAAQH,WAAWqB;MACrB;IACF,OAAO;AACL,aAAOT,QAAQC,OAAOE,MAAM,qCAAA,CAAA;IAC9B;AAEA,WAAO,MAAM,KAAKtC,IAAIC,OAAAA,EAASsC,KAAK,CAACC,OACnCA,GAAGG,2BAA2B;MAC5BF,SAASC,kBAAkB,KAAKrC,SAAS;MACzCI;MACAQ;MACAE;MACAR;MACAC;MACAE;MACAD;MACAO;MACAJ;IACF,CAAA,CAAA;EAEJ;AACF;;;AF1EO,IAAM6B,WAAN,MAAMA,UAAAA;EAlDb,OAkDaA;;;EACMC;EACjB,OAAwBC,oBAAoB;EAC3BC,YAAqC,oBAAIC,IAAAA;EACjDC,SAASA,sBAAOC;EAEhBC,UAAqB;IAC5BC,0BAA0B,KAAKC,8BAA8BC,KAAK,IAAI;IACtEC,+BAA+B,KAAKC,mCAAmCF,KAAK,IAAI;IAChFG,yBAAyB,KAAKC,oBAAoBJ,KAAK,IAAI;IAC3DK,0BAA0B,KAAKC,qBAAqBN,KAAK,IAAI;IAC7DO,4BAA4B,KAAKC,uBAAuBR,KAAK,IAAI;IACjES,qBAAqB,KAAKC,gBAAgBV,KAAK,IAAI;IACnDW,wBAAwB,KAAKA,uBAAuBX,KAAK,IAAI;IAC7DY,uBAAuB,KAAKA,sBAAsBZ,KAAK,IAAI;IAC3Da,oBAAoB,KAAKA,mBAAmBb,KAAK,IAAI;EACvD;EAEA,YAAYT,MAAqB;AAC/B,SAAKA,OAAOA;EACd;EAEOuB,eAAeC,eAA+BC,SAA2B;AAE9E,SAAKzB,KAAK0B,cAAcF;AAExB,QACE,CAAC,KAAKxB,KAAK0B,YAAYC,eAAeC,aAAaC,YACnD,OAAO,KAAK7B,KAAK0B,YAAYC,eAAeC,YAAYC,SAASC,YAAY,YAC7E;AACA,WAAK9B,KAAK0B,YAAYC,eAAeC,cAAc;QACjD,GAAG,KAAK5B,KAAK0B,YAAYC,eAAeC;QACxCC,cAAUE,sCAAiBN,SAAS;UAAEO,uBAAuB;UAAMC,oBAAoB;UAAMC,iBAAiB;QAAK,CAAA;MACrH;IACF;EACF;EAEA,MAAc1B,8BAA8B2B,YAAoCV,SAA4C;AAC1H,WAAO,MAAM,KAAKW,cAChB;MACEC,sBAAsB;MACtBC,qBAAqBH,WAAWG;MAChC,GAAIH,WAAWI,uBAAuB,QAAQ;QAAEC,SAASL,WAAWK;MAAQ;IAC9E,GACAf,OAAAA,EAECgB,KAAK,CAACC,OAAOA,GAAGlC,8BAA8B2B,YAAYV,OAAAA,CAAAA,EAC1DgB,KAAK,CAACE,QAAQA,IAAIC,UAAU;EACjC;EAEA,MAAcjC,mCACZwB,YACAV,SACwC;AACxC,WAAO,MAAM,KAAKW,cAAc;MAAEC,sBAAsB;MAAMG,SAASL,WAAWK;IAAQ,GAAGf,OAAAA,EAC1FgB,KAAK,CAACC,OAAOA,GAAGG,2BAA2BV,YAAYV,OAAAA,CAAAA,EACvDgB,KAAK,OAAOK,YAAAA;AACX,YAAMC,cAA6C;QACjDC,sBAAsBF,QAAQG;QAC9BC,eAAe,MAAMJ,QAAQK,iBAAgB;QAC7CC,sBAAsBN,QAAQI,eAAeG,WAAAA;MAC/C;AACA,aAAON;IACT,CAAA;EACJ;EAEA,MAAclC,oBAAoByC,MAAgC7B,SAA2E;AAC3I,WAAO,MAAM,KAAKW,cAAc;MAAEC,sBAAsB;MAAOG,SAASc,KAAKd;IAAQ,GAAGf,OAAAA,EAASgB,KAAK,CAACC,OACrGA,GAAGa,IAAI9B,OAAAA,EAASgB,KAAK,CAACC,QAAOA,IAAGc,eAAeC,+BAA+BH,KAAKI,eAAeJ,KAAKK,eAAe,CAAA,CAAA;EAE1H;EAEA,MAAc5C,qBACZuC,MACA7B,SACiE;AACjE,UAAMmC,aAAyB,MAAM,KAAKxB,cAAc;MAAEC,sBAAsB;MAAOG,SAASc,KAAKd;IAAQ,GAAGf,OAAAA;AAChH,UAAMoC,6BAAqE,MAAMD,WAC9EL,IAAI9B,OAAAA,EACJgB,KAAK,CAACC,OAAOA,GAAGc,eAAeM,gCAAgCR,KAAKI,eAAeJ,KAAKK,eAAe,CAAA;AAC1G,QAAIE,+BAA+BE,QAAW;AAC5C,aAAOA;IACT;AAEA,UAAMC,gBAAgBH;AACtB,QAAIG,cAAcC,WAAWC,uDAAiCC,UAAU;AACtE,UAAIC;AACJ,UACEC,mCAAiBC,eAAeN,cAAcO,SAAStB,QAAQuB,QAAQ,MACtE,CAACZ,WAAWa,UAAUC,gBAAgBN,UAAU,OAAOR,WAAWa,UAAUC,gBAAgBN,WAAW,aACxG;AACAA,iBAASO,gBAAAA;MACX;AAGA,YAAMC,UAAUZ,cAAcO,SAAStB,QAAQuB,YAAYK,KAAKC,MAAMd,cAAcO,SAAStB,QAAQuB,QAAQ;AAC7G,YAAMO,SAAS,CAAA;AACf,iBAAW,CAACC,mBAAmBC,iBAAAA,KAAsBC,OAAOC,QAAQP,OAAAA,GAAU;AAC5E,YAAIQ;AACJ,YAAIC,MAAMC,QAAQL,iBAAAA,GAAoB;AACpC,cAAIA,kBAAkBM,WAAW,GAAG;AAClC,kBAAMC,MAAM,eAAeR,iBAAAA,oCAAqD;UAClF;AACA,cAAIC,kBAAkBM,SAAS,GAAG;AAChC,kBAAMC,MAAM,eAAeR,iBAAAA,iCAAkDC,kBAAkBM,MAAM,kCAAkC;UACzI;AACAH,qBAAWH,kBAAkB,CAAA;QAC/B,OAAO;AACLG,qBAAWH;QACb;AAGA,cAAMQ,sBAAsBpB,mCAAiBqB;UAC3CN;;UAEAhB;QAAAA;AAEFuB,gBAAQC,IAAI,wBAAwBf,KAAKgB,UAAUJ,mBAAAA,CAAAA,EAAsB;AAEzE,cAAMK,YAA8B,CAAC;AACrC,cAAMC,uBAAuB,KAAKC,yBAAyBP,mBAAAA;AAC3D,YAAI,0BAA0BM,sBAAsB;AAClD,qBAAWE,cAAcF,qBAAqBG,sBAAsB;AAClE,kBAAMC,KAAKF;AACX,kBAAMG,yBAAyB,MAAM3E,QAAQ4E,MAAMC,eAAe;cAChEL;cACA7B;cACAmC,kBAAkB3C,WAAWa,UAAU+B,sBAAsBC;YAC/D,CAAA;AACA,gBAAI,CAACL,uBAAuBM,QAAQ;AAClC1C,4BAAcC,SAASC,uDAAiCyC;AACxD3C,4BAAc4C,QAAQ,IAAIpB,MAAMY,uBAAuBQ,KAAK;AAC5D,qBAAO5C;YACT;AAEA,kBAAM6C,oBAAoBV,GAAGU;AAC7B,gBAAI,EAAE,QAAQf,YAAY;AACxBA,wBAAU,IAAA,IAAQe,kBAAkBC;YACtC;AAEA5B,mBAAOC,QAAQ0B,iBAAAA,EAAmBE,QAAQ,CAAC,CAACC,KAAKC,KAAAA,MAAM;AACrD,kBAAI,EAAED,OAAOlB,YAAY;AACvBA,0BAAUkB,GAAAA,IAAOC;cACnB;YACF,CAAA;AAEAlC,mBAAOmC,KAAK;cACVJ,IAAI9B;cACJmC,MAAMhB,GAAGgB,KAAK,CAAA;cACdpC,QAAQe;YACV,CAAA;UACF;QACF,OAAO;AACLf,iBAAOmC,KAAK;YACVJ,IAAI9B;YACJmC,MAAO1B,oBAAyD2B,eAAeC;YAC/EtC,QAAQgB;UACV,CAAA;QACF;MACF;AAEA/B,oBAAcsD,eAAe;QAC3B,GAAItD,cAAcO,SAAStB,QAAQuB,YAAY;UAC7C+C,wBAAwB;YACtB/C,UACE,OAAOR,cAAcO,SAAStB,QAAQuB,aAAa,WAC/CK,KAAKC,MAAMd,cAAcO,SAAStB,QAAQuB,QAAQ,IAClDR,cAAcO,SAAStB,QAAQuB;UACvC;QACF;QACA,GAAIO,OAAOQ,SAAS,KAAK;UAAEiC,mBAAmBzC;QAAO;MACvD;IACF;AAEA,WAAOf;EACT;EAEQgC,2BAA2B,wBACjCP,wBAAAA;AAOA,WAAOpB,mCAAiBoD,yBAAyBhC,mBAAAA,IAC7CA,oBAAoB2B,iBACpB/C,mCAAiBqD,sBAAsBjC,mBAAAA;EAC7C,GAXmC;EAanC,MAAcxE,uBAAuBqC,MAA+B7B,SAA+D;AACjI,QAAI6B,KAAKqE,UAAU,iCAAiC;AAClD,YAAMnC,MAAM,wFAAwF;IACtG;AACA,WAAO,MAAM,KAAKpD,cAAc;MAAEC,sBAAsB;MAAOG,SAASc,KAAKd;IAAQ,GAAGf,OAAAA,EAErFgB,KAAK,CAACC,OACLA,GAAGa,IAAI9B,OAAAA,EAASgB,KAAK,OAAOC,QAAAA;AAC1B,YAAMA,IAAGkF,2BAA2B;QAClClE,eAAeJ,KAAKI;QACpBkD,OAAOtD,KAAKsD,QAAQ,IAAIpB,MAAMlC,KAAKsD,KAAK,IAAI7C;MAC9C,CAAA;AACA,aAAQ,MAAMrB,IAAGc,eAAeC,+BAA+BH,KAAKI,eAAe,IAAA;IACrF,CAAA,CAAA;EAEN;EAEA,MAAcvC,gBAAgBmC,MAAiC7B,SAA6C;AAC1G,WAAO,MAAM,KAAKW,cAAc;MAAEC,sBAAsB;MAAOG,SAASc,KAAKd;IAAQ,GAAGf,OAAAA,EACrFgB,KAAK,CAACC,OAAOA,GAAGa,IAAI9B,OAAAA,EAASgB,KAAK,CAACC,QAAOA,IAAGc,eAAeqE,4BAA4BvE,KAAKI,aAAa,CAAA,CAAA,EAC1GjB,KAAK,MAAM,IAAA;EAChB;EAEA,MAAcrB,uBAAuBkC,MAAoC7B,SAAmE;AAC1I,QAAI,CAAC6B,KAAKwE,uBAAuB;AAC/B,YAAMtC,MAAM,2CAAA;IACd;AACA,UAAMuC,eACJ,OAAOzE,KAAKwE,0BAA0B,eACjCE,uCAAgB1E,KAAKwE,qBAAqB,IAC3CxE,KAAKwE;AACX,WAAO,MAAM,KAAK1F,cAAc;MAAEC,sBAAsB;MAAOG,SAASc,KAAKd;IAAQ,GAAGf,OAAAA,EAASgB,KAAK,CAACC,OACrGA,GAAGa,IAAI9B,OAAAA,EAASgB,KAAK,CAACC,QACpBA,IAAGuF,4BAA4BF,cAAc;MAC3CrE,eAAeJ,KAAKI;MACpB,GAAIJ,KAAK4E,aAAa;QAAEA,WAAW5E,KAAK4E;MAAU;MAClDC,UAAU7E,KAAK6E;IACjB,CAAA,CAAA,CAAA;EAGN;EAEA,MAAc9G,sBAAsBiC,MAA6B7B,SAA0C;AACzG,UAAM,EAAE2G,aAAaC,UAAUC,SAASC,mBAAkB,IAAKjF;AAC/D,UAAMkF,QAAQC,IACZL,YAAYM,IAAI,OAAOC,eAAAA;AACrBC,4BAAUC,SAASF,WAAWG,KAAK;AACnCnD,cAAQC,IAAI,8BAA8B+C,WAAWnG,OAAO,4BAA4B+F,kBAAAA,EAAoB;AAE5G,aAAO9G,QAAQ4E,MAAM0C,qBAAqB;QACxCC,gBAAgB;UACdxG,SAASmG,WAAWnG;UACpB6F;UACAC;UACAQ,OAAOH,WAAWG;QACpB;QACA9I,MAAM;UAAEuI;QAAuC;MACjD,CAAA;IACF,CAAA,CAAA;EAEJ;EAEA,MAAcjH,mBAAmBgC,MAA2B7B,SAAwD;AAClH,UAAMwH,aAAa3F,KAAKd,WAAWzC,UAASE;AAC5C,QAAI,KAAKC,UAAUgJ,IAAID,UAAAA,GAAa;AAClC,YAAMrF,aAAa,KAAK1D,UAAUqD,IAAI0F,UAAAA;AACtC,UAAIrF,eAAeG,QAAW;AAC5B,cAAMrB,KAAK,MAAMkB,WAAWL,IAAI9B,OAAAA;AAChC,eAAO,MAAMiB,GAAGyG,uBAAuB;UACrCC,gBAAgB9F,KAAKI;UACrBA,eAAeJ,KAAKI;UACpB,GAAIJ,KAAKqE,SAAS;YAAEA,OAAOrE,KAAKqE;UAAM;QACxC,CAAA;MACF;IACF;AACA,WAAO5D;EACT;EAEA,MAAM3B,cAAc,EAAEC,sBAAsBG,SAASF,oBAAmB,GAAyBb,SAAgD;AAC/I,QAAI4H,eAAuBtJ,UAASE;AACpC,QAAI2D;AACJ,QAAIpB,SAAS;AACX,UAAI,KAAKtC,UAAUgJ,IAAI1G,OAAAA,GAAU;AAC/B6G,uBAAe7G;AACfoB,qBAAa,KAAK1D,UAAUqD,IAAI8F,YAAAA;MAClC,eAAWC,aAAAA,UAAY9G,OAAAA,GAAU;AAC/B,YAAI;AAEF,gBAAM+G,KAAK,MAAM9H,QAAQ4E,MAAMmD,iBAAiB;YAAEC,QAAQjH;UAAQ,CAAA;AAClE,cAAI,KAAKtC,UAAUgJ,IAAIK,GAAG/G,OAAO,GAAG;AAClC6G,2BAAeE,GAAG/G;AAClBoB,yBAAa,KAAK1D,UAAUqD,IAAI8F,YAAAA;UAClC;QACF,SAASK,QAAQ;QAAC;MACpB;AACA,UAAIrH,sBAAsB;AACxBgH,uBAAe7G;MACjB,OAAO;AACLoB,qBAAa,KAAK1D,UAAUqD,IAAI8F,YAAAA;MAClC;IACF,OAAO;AACLzF,mBAAa,KAAK1D,UAAUqD,IAAI8F,YAAAA;IAClC;AAEA,QAAI,CAACzF,YAAY;AACf,UAAI,CAACvB,sBAAsB;AACzB,eAAOmG,QAAQmB,OAAO,gCAAgCN,YAAAA,EAAc;MACtE;AACA,YAAMO,eAAe,KAAKC,gBAAgBrH,OAAAA;AAC1C,YAAMsH,SAAS,MAAM,KAAKC,aAAatI,SAAS;QAAEe;QAASF;MAAyC,CAAA;AACpG,UAAI,CAACwH,OAAOnI,eAAeC,aAAaC,YAAY,OAAOiI,OAAOnI,eAAeC,YAAYC,SAASC,YAAY,YAAY;AAC5H,YAAI,CAACgI,OAAOnI,gBAAgBC,aAAa;AACvCkI,iBAAOnI,iBAAiB;YAAE,GAAGmI,OAAOnI;UAAe;AACnDmI,iBAAOnI,eAAeC,cAAc;YAAE,GAAGkI,OAAOnI,eAAeC;UAAY;QAC7E;AACA+D,gBAAQC,IAAI,iEAAiEpD,OAAAA;AAC7EsH,eAAOnI,eAAeC,YAAYC,eAAWE,sCAAiBN,SAAS;UACrEO,uBAAuB;UACvBE,iBAAiB;UACjBD,oBAAoB;QACtB,CAAA;MACF;AACA2B,mBAAa,IAAIoG,WAAW;QAAEF;QAAQG,SAASL;MAAa,CAAA;AAC5D,WAAK1J,UAAUgK,IAAIb,cAAczF,UAAAA;IACnC;AACA,QAAItB,qBAAqB;AACvBsB,iBAAWa,UAAU0F,sBAAsB7H;IAC7C;AACA,WAAOsB;EACT;EAEA,MAAMmG,aAAatI,SAA2BzB,MAA+E;AAC3H,UAAM,EAAEwC,SAASF,oBAAwC,IAAKtC;AAC9D,UAAMoK,UAAU,KAAKP,gBAAgBrH,OAAAA,GAAUsH,UAAU,KAAK9J,KAAK0B;AACnE,QAAI,CAAC0I,SAAS;AACZ,YAAM5E,MAAM,6DAA6DhD,OAAAA,EAAS;IACpF;AACA,QAAI,KAAKxC,KAAK0B,aAAa;AACzB,UAAI,CAAC0I,QAAQzI,gBAAgB;AAC3ByI,gBAAQzI,iBAAiB,KAAK3B,KAAK0B,aAAaC;MAClD,OAAO;AACL,YAAI,CAACyI,QAAQzI,eAAe0I,QAAQ;AAClCD,kBAAQzI,eAAe0I,SAAS,KAAKrK,KAAK0B,YAAYC,eAAe0I;QACvE;AACA,YAAI,CAACD,QAAQzI,eAAe2I,qBAAqB;AAC/CF,kBAAQzI,eAAe2I,sBAAsB,KAAKtK,KAAK0B,YAAYC,eAAe2I;QACpF;AACA,YAAI,CAACF,QAAQG,mBAAmB;AAC9BH,kBAAQG,oBAAoB,KAAKvK,KAAK0B,YAAY6I;QACpD;MACF;AACA,UAAI,CAACH,QAAQzI,eAAeC,eAAe,OAAOwI,QAAQzI,eAAeC,YAAYC,UAAUC,YAAY,YAAY;AACrHsI,gBAAQzI,eAAeC,cAAc;UACnC,GAAG,KAAK5B,KAAK0B,YAAYC,eAAeC;UACxCC,UACE,KAAK7B,KAAK0B,YAAYC,gBAAgBC,aAAaC,gBACnDE,sCAAiBN,SAAS;YAAES,iBAAiB;YAAMD,oBAAoB;YAAMD,uBAAuB;UAAK,CAAA;QAC7G;MACF;IACF;AACA,QAAIM,wBAAwByB,UAAazB,wBAAwB8H,QAAQD,qBAAqB;AAC5FC,cAAQD,sBAAsB7H;IAChC;AACA,WAAO8H;EACT;EAEAP,gBAAgBrH,SAAmD;AACjE,QAAI,CAAC,KAAKxC,KAAK4J,aAAc,QAAO7F;AAEpC,UAAMyG,cAAchI,UAAU,KAAKxC,KAAK4J,aAAaa,KAAK,CAACC,MAAMA,EAAElI,YAAYA,OAAAA,IAAWuB;AAE1F,WAAOyG,eAAe,KAAKG,kBAAkBnI,OAAAA;EAC/C;EAEQmI,kBAAkBnI,SAA6B;AACrD,QAAI,CAAC,KAAKxC,KAAK4J,aAAc,QAAO7F;AAEpC,UAAM6G,iBAAiB,KAAK5K,KAAK4J,aAAaa,KAAK,CAACC,MAAMA,EAAElI,YAAY,SAAA;AACxE,QAAIoI,gBAAgB;AAClB,YAAMC,gBAAgB;QAAE,GAAGD;MAAe;AAC1C,UAAIpI,YAAYuB,QAAW;AACzB8G,sBAAcrI,UAAUA;MAC1B;AACA,aAAOqI;IACT;AAEA,WAAO9G;EACT;AACF;","names":["import_did_auth_siop","import_ssi_sdk_ext","import_ssi_sdk","import_uuid","import_ssi_types","import_ssi_sdk_ext","getRequestVersion","rpOptions","Array","isArray","supportedVersions","length","SupportedVersion","OID4VP_v1","getWellKnownDIDVerifyCallback","siopIdentifierOpts","context","wellknownDIDVerifyCallback","args","result","agent","cvVerifyCredential","credential","fetchRemoteContexts","verified","getDcqlQueryLookupCallback","dcqlQueryLookup","queryId","version","tenantId","pdmGetDefinitions","filter","isValidUUID","id","query","Promise","reject","Error","getPresentationVerificationCallback","idOpts","presentationVerificationCallback","presentationSubmission","CredentialMapper","isSdJwtEncoded","verifySdJwtPresentation","presentation","payload","isMsoMdocOid4VPEncoded","mdocOid4vpRPVerify","undefined","verifyResult","vp_token","presentation_submission","error","verifyPresentation","domain","identifierManagedGet","kid","split","createRPBuilder","rpOpts","identifierOpts","didMethods","supportedDIDMethods","getAgentDIDMethods","eventEmitter","EventEmitter","defaultClientMetadata","idTokenSigningAlgValuesSupported","SigningAlgo","EDDSA","ES256","ES256K","requestObjectSigningAlgValuesSupported","responseTypesSupported","ResponseType","ID_TOKEN","client_name","vpFormatsSupported","jwt_vc","alg","jwt_vp","scopesSupported","Scope","OPENID_DIDAUTHN","subjectTypesSupported","SubjectType","PAIRWISE","subject_syntax_types_supported","map","method","passBy","PassBy","VALUE","resolver","resolveOpts","getAgentResolver","resolverResolution","localResolution","uniresolverResolution","noUniversalResolverFallback","hasher","credentialOpts","defaultHasher","builder","RP","requestVersion","withScope","PropertyTarget","REQUEST_OBJECT","withResponseMode","responseMode","ResponseMode","POST","withResponseType","VP_TOKEN","withSupportedVersions","SIOPv2_OID4VP_D28","withEventEmitter","withSessionManager","sessionManager","InMemoryRPSessionManager","withClientMetadata","clientMetadataOpts","withVerifyJwtCallback","verifyJwtCallback","getVerifyJwtCallback","verifyOpts","checkLinkedDomain","withDcqlQueryLookup","withRevocationVerification","RevocationVerification","NEVER","withPresentationVerification","oidfOpts","isExternalIdentifierOIDFEntityIdOpts","withEntityId","identifier","resolution","clientId","client_id","issuer","isManagedIdentifierDidResult","did","jwkThumbprint","clientIdPrefixed","prefixClientId","withClientId","withHasher","responseRedirectUri","withResponseRedirectUri","createJwtCallback","signCallback","withCreateJwtCallback","jwtIssuer","jwt","isManagedIdentifierDidOpts","isManagedIdentifierX5cOpts","jwtCreateJwsCompactSignature","kmsKeyRef","noIdentifierInHeader","protectedHeader","header","_opts","_jwtVerifier","jwtVerifyJwsSignature","jws","raw","console","log","message","getSigningAlgo","type","SigningAlgo","EDDSA","ES256K","ES256","RS256","Error","prefixClientId","clientId","startsWith","ClientIdentifierPrefix","DECENTRALIZED_IDENTIFIER","import_uuid","import_ssi_sdk_ext","RPInstance","_rp","_presentationOptions","_rpOptions","rpOpts","pexOpts","get","context","builder","createRPBuilder","build","rpOptions","presentationOptions","createAuthorizationRequestURI","createArgs","correlationId","queryId","claims","requestByReferenceURI","responseURI","responseURIType","callback","responseRedirectURI","nonce","uuidv4","state","jwtIssuer","idOpts","identifierOpts","resolution","ensureManagedIdentifierResult","isManagedIdentifierDidResult","didUrl","kid","method","alg","getSigningAlgo","key","type","isManagedIdentifierX5cResult","issuer","Promise","reject","x5c","Error","then","rp","version","getRequestVersion","createAuthorizationRequest","did","SIOPv2RP","opts","_DEFAULT_OPTS_KEY","instances","Map","schema","IDidAuthSiopOpAuthenticator","methods","siopCreateAuthRequestURI","createAuthorizationRequestURI","bind","siopCreateAuthRequestPayloads","createAuthorizationRequestPayloads","siopGetAuthRequestState","siopGetRequestState","siopGetAuthResponseState","siopGetResponseState","siopUpdateAuthRequestState","siopUpdateRequestState","siopDeleteAuthState","siopDeleteState","siopVerifyAuthResponse","siopImportDefinitions","siopGetRedirectURI","setDefaultOpts","rpDefaultOpts","context","defaultOpts","identifierOpts","resolveOpts","resolver","resolve","getAgentResolver","uniresolverResolution","resolverResolution","localResolution","createArgs","getRPInstance","createWhenNotPresent","responseRedirectURI","useQueryIdInstance","queryId","then","rp","URI","encodedUri","createAuthorizationRequest","request","authRequest","authorizationRequest","payload","requestObject","requestObjectJwt","requestObjectDecoded","getPayload","args","get","sessionManager","getRequestStateByCorrelationId","correlationId","errorOnNotFound","rpInstance","authorizationResponseState","getResponseStateByCorrelationId","undefined","responseState","status","AuthorizationResponseStateStatus","VERIFIED","hasher","CredentialMapper","isSdJwtEncoded","response","vp_token","rpOptions","credentialOpts","defaultHasher","vpToken","JSON","parse","claims","credentialQueryId","presentationValue","Object","entries","singleVP","Array","isArray","length","Error","presentationDecoded","decodeVerifiablePresentation","console","log","stringify","allClaims","presentationOrClaims","presentationOrClaimsFrom","credential","verifiableCredential","vc","schemaValidationResult","agent","cvVerifySchema","validationPolicy","verificationPolicies","schemaValidation","result","ERROR","error","credentialSubject","id","forEach","key","value","push","type","decodedPayload","vct","verifiedData","authorization_response","credential_claims","isSdJwtDecodedCredential","toUniformPresentation","state","signalAuthRequestRetrieved","deleteStateForCorrelationId","authorizationResponse","authResponse","decodeUriAsJson","verifyAuthorizationResponse","dcqlQuery","audience","importItems","tenantId","version","versionControlMode","Promise","all","map","importItem","DcqlQuery","validate","query","pdmPersistDefinition","definitionItem","instanceId","has","getResponseRedirectUri","correlation_id","rpInstanceId","isValidUUID","pd","pdmGetDefinition","itemId","ignore","reject","instanceOpts","getInstanceOpts","rpOpts","getRPOptions","RPInstance","pexOpts","set","responseRedirectUri","options","idOpts","supportedDIDMethods","supportedVersions","instanceOpt","find","i","getDefaultOptions","defaultOptions","clonedOptions"]}
package/dist/index.js CHANGED
@@ -608,7 +608,7 @@ var RPInstance = class {
608
608
  return this._presentationOptions;
609
609
  }
610
610
  async createAuthorizationRequestURI(createArgs, context) {
611
- const { correlationId, queryId, claims, requestByReferenceURI, responseURI, responseURIType, callback } = createArgs;
611
+ const { correlationId, queryId, claims, requestByReferenceURI, responseURI, responseURIType, callback, responseRedirectURI } = createArgs;
612
612
  const nonce = createArgs.nonce ?? uuidv4();
613
613
  const state = createArgs.state ?? correlationId;
614
614
  let jwtIssuer;
@@ -644,11 +644,12 @@ var RPInstance = class {
644
644
  responseURI,
645
645
  responseURIType,
646
646
  jwtIssuer,
647
- callback
647
+ callback,
648
+ responseRedirectURI
648
649
  }));
649
650
  }
650
651
  async createAuthorizationRequest(createArgs, context) {
651
- const { correlationId, claims, requestByReferenceURI, responseURI, responseURIType } = createArgs;
652
+ const { correlationId, claims, requestByReferenceURI, responseURI, responseURIType, responseRedirectURI } = createArgs;
652
653
  const nonce = createArgs.nonce ?? uuidv4();
653
654
  const state = createArgs.state ?? correlationId;
654
655
  const idOpts = this.rpOptions.identifierOpts.idOpts;
@@ -679,7 +680,8 @@ var RPInstance = class {
679
680
  requestByReferenceURI,
680
681
  responseURIType,
681
682
  responseURI,
682
- jwtIssuer
683
+ jwtIssuer,
684
+ responseRedirectURI
683
685
  }));
684
686
  }
685
687
  };
@@ -765,9 +767,21 @@ var SIOPv2RP = class _SIOPv2RP {
765
767
  }
766
768
  const vpToken = responseState.response.payload.vp_token && JSON.parse(responseState.response.payload.vp_token);
767
769
  const claims = [];
768
- for (const [key, value] of Object.entries(vpToken)) {
770
+ for (const [credentialQueryId, presentationValue] of Object.entries(vpToken)) {
771
+ let singleVP;
772
+ if (Array.isArray(presentationValue)) {
773
+ if (presentationValue.length === 0) {
774
+ throw Error(`DCQL query '${credentialQueryId}' has empty array of presentations`);
775
+ }
776
+ if (presentationValue.length > 1) {
777
+ throw Error(`DCQL query '${credentialQueryId}' has multiple presentations (${presentationValue.length}), but only one is supported atm`);
778
+ }
779
+ singleVP = presentationValue[0];
780
+ } else {
781
+ singleVP = presentationValue;
782
+ }
769
783
  const presentationDecoded = CredentialMapper2.decodeVerifiablePresentation(
770
- value,
784
+ singleVP,
771
785
  //todo: later we want to conditionally pass in options for mdl-mdoc here
772
786
  hasher
773
787
  );
@@ -791,20 +805,20 @@ var SIOPv2RP = class _SIOPv2RP {
791
805
  if (!("id" in allClaims)) {
792
806
  allClaims["id"] = credentialSubject.id;
793
807
  }
794
- Object.entries(credentialSubject).forEach(([key2, value2]) => {
795
- if (!(key2 in allClaims)) {
796
- allClaims[key2] = value2;
808
+ Object.entries(credentialSubject).forEach(([key, value]) => {
809
+ if (!(key in allClaims)) {
810
+ allClaims[key] = value;
797
811
  }
798
812
  });
799
813
  claims.push({
800
- id: key,
814
+ id: credentialQueryId,
801
815
  type: vc.type[0],
802
816
  claims: allClaims
803
817
  });
804
818
  }
805
819
  } else {
806
820
  claims.push({
807
- id: key,
821
+ id: credentialQueryId,
808
822
  type: presentationDecoded.decodedPayload.vct,
809
823
  claims: presentationOrClaims
810
824
  });
@@ -887,7 +901,7 @@ var SIOPv2RP = class _SIOPv2RP {
887
901
  const rpInstance = this.instances.get(instanceId);
888
902
  if (rpInstance !== void 0) {
889
903
  const rp = await rpInstance.get(context);
890
- return rp.getResponseRedirectUri({
904
+ return await rp.getResponseRedirectUri({
891
905
  correlation_id: args.correlationId,
892
906
  correlationId: args.correlationId,
893
907
  ...args.state && {
package/dist/index.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"sources":["../plugin.schema.json","../src/agent/SIOPv2RP.ts","../src/functions.ts","../src/RPInstance.ts"],"sourcesContent":["{\n \"IDidAuthSiopOpAuthenticator\": {\n \"components\": {\n \"schemas\": {\n \"IGetSiopSessionArgs\": {\n \"type\": \"object\",\n \"properties\": {\n \"sessionId\": {\n \"type\": \"string\"\n },\n \"additionalProperties\": false\n },\n \"required\": [\"sessionId\"],\n \"description\": \"Arguments needed for {@link DidAuthSiopOpAuthenticator.getSessionForSiop } \"\n },\n \"IRegisterSiopSessionArgs\": {\n \"type\": \"object\",\n \"properties\": {\n \"identifier\": {\n \"type\": \"object\",\n \"properties\": {\n \"did\": {\n \"type\": \"string\"\n },\n \"alias\": {\n \"type\": \"string\"\n },\n \"provider\": {\n \"type\": \"string\"\n },\n \"controllerKeyId\": {\n \"type\": \"string\"\n },\n \"keys\": {\n \"type\": \"array\",\n \"items\": {\n \"type\": \"object\",\n \"properties\": {\n \"additionalProperties\": true\n }\n }\n },\n \"services\": {\n \"type\": \"array\",\n \"items\": {\n \"type\": \"object\",\n \"properties\": {\n \"additionalProperties\": true\n }\n }\n }\n },\n \"additionalProperties\": false,\n \"required\": [\"did\", \"provider\", \"keys\", \"services\"]\n },\n \"sessionId\": {\n \"type\": \"string\"\n },\n \"expiresIn\": {\n \"type\": \"number\"\n },\n \"additionalProperties\": false\n },\n \"required\": [\"identifier\"],\n \"description\": \"Arguments needed for {@link DidAuthSiopOpAuthenticator.registerSessionForSiop } \"\n },\n \"IRemoveSiopSessionArgs\": {\n \"type\": \"object\",\n \"properties\": {\n \"sessionId\": {\n \"type\": \"string\"\n },\n \"additionalProperties\": false\n },\n \"required\": [\"sessionId\"],\n \"description\": \"Arguments needed for {@link DidAuthSiopOpAuthenticator.removeSessionForSiop } \"\n },\n \"IAuthenticateWithSiopArgs\": {\n \"type\": \"object\",\n \"properties\": {\n \"sessionId\": {\n \"type\": \"string\"\n },\n \"stateId\": {\n \"type\": \"string\"\n },\n \"redirectUrl\": {\n \"type\": \"string\"\n },\n \"additionalProperties\": false\n },\n \"required\": [\"sessionId\", \"stateId\", \"redirectUrl\"],\n \"description\": \"Arguments needed for {@link DidAuthSiopOpAuthenticator.authenticateWithSiop } \"\n },\n \"IResponse\": {\n \"type\": \"object\",\n \"properties\": {\n \"status\": {\n \"type\": \"number\"\n },\n \"additionalProperties\": true\n },\n \"required\": [\"status\"],\n \"description\": \"Result of {@link DidAuthSiopOpAuthenticator.authenticateWithSiop & DidAuthSiopOpAuthenticator.sendSiopAuthenticationResponse } \"\n },\n \"IGetSiopAuthenticationRequestFromRpArgs\": {\n \"type\": \"object\",\n \"properties\": {\n \"sessionId\": {\n \"type\": \"string\"\n },\n \"stateId\": {\n \"type\": \"string\"\n },\n \"redirectUrl\": {\n \"type\": \"string\"\n },\n \"additionalProperties\": false\n },\n \"required\": [\"sessionId\", \"stateId\", \"redirectUrl\"],\n \"description\": \"Arguments needed for {@link DidAuthSiopOpAuthenticator.getSiopAuthenticationRequestFromRP } \"\n },\n \"ParsedAuthenticationRequestURI\": {\n \"type\": \"object\",\n \"properties\": {\n \"jwt\": {\n \"type\": \"string\"\n },\n \"requestPayload\": {\n \"type\": \"object\",\n \"properties\": {\n \"additionalProperties\": true\n }\n },\n \"registration\": {\n \"type\": \"object\",\n \"properties\": {\n \"additionalProperties\": true\n }\n },\n \"additionalProperties\": false\n },\n \"required\": [\"jwt\", \"requestPayload\", \"registration\"],\n \"description\": \"Result of {@link DidAuthSiopOpAuthenticator.getSiopAuthenticationRequestFromRP } \"\n },\n \"IGetSiopAuthenticationRequestDetailsArgs\": {\n \"type\": \"object\",\n \"properties\": {\n \"sessionId\": {\n \"type\": \"string\"\n },\n \"verifiedAuthenticationRequest\": {\n \"type\": \"object\",\n \"properties\": {\n \"additionalProperties\": true\n }\n },\n \"credentialFilter\": {\n \"type\": \"object\",\n \"properties\": {\n \"additionalProperties\": true\n }\n },\n \"additionalProperties\": false\n },\n \"required\": [\"sessionId\", \"verifiedAuthenticationRequest\"],\n \"description\": \"Arguments needed for {@link DidAuthSiopOpAuthenticator.getSiopAuthenticationRequestDetails } \"\n },\n \"IAuthRequestDetails\": {\n \"type\": \"object\",\n \"properties\": {\n \"id\": {\n \"type\": \"string\"\n },\n \"alsoKnownAs\": {\n \"type\": \"array\",\n \"items\": {\n \"type\": \"string\"\n }\n },\n \"vpResponseOpts\": {\n \"type\": \"object\",\n \"properties\": {\n \"additionalProperties\": true\n }\n },\n \"additionalProperties\": false\n },\n \"required\": [\"id\", \"vpResponseOpts\"],\n \"description\": \"Result of {@link DidAuthSiopOpAuthenticator.getSiopAuthenticationRequestDetails } \"\n },\n \"IVerifySiopAuthenticationRequestUriArgs\": {\n \"type\": \"object\",\n \"properties\": {\n \"sessionId\": {\n \"type\": \"string\"\n },\n \"ParsedAuthenticationRequestURI\": {\n \"type\": \"object\",\n \"properties\": {\n \"additionalProperties\": true\n }\n },\n \"additionalProperties\": false\n },\n \"required\": [\"sessionId\", \"ParsedAuthenticationRequestURI\"],\n \"description\": \"Arguments needed for {@link DidAuthSiopOpAuthenticator.verifySiopAuthenticationRequestURI } \"\n },\n \"VerifiedAuthorizationRequest\": {\n \"type\": \"object\",\n \"properties\": {\n \"payload\": {\n \"type\": \"object\",\n \"properties\": {\n \"additionalProperties\": true\n }\n },\n \"presentationDefinitions\": {\n \"type\": \"object\",\n \"properties\": {\n \"additionalProperties\": true\n }\n },\n \"verifyOpts\": {\n \"type\": \"object\",\n \"properties\": {\n \"additionalProperties\": true\n }\n },\n \"additionalProperties\": false\n },\n \"required\": [\"payload\", \"verifyOpts\"],\n \"description\": \"Result of {@link DidAuthSiopOpAuthenticator.verifySiopAuthenticationRequestURI } \"\n },\n \"ISendSiopAuthenticationResponseArgs\": {\n \"type\": \"object\",\n \"properties\": {\n \"sessionId\": {\n \"type\": \"string\"\n },\n \"verifiedAuthenticationRequest\": {\n \"type\": \"object\",\n \"properties\": {\n \"additionalProperties\": true\n }\n },\n \"verifiablePresentationResponse\": {\n \"type\": \"object\",\n \"properties\": {\n \"additionalProperties\": true\n }\n },\n \"additionalProperties\": false\n },\n \"required\": [\"sessionId\", \"verifiedAuthenticationRequest\"],\n \"description\": \"Arguments needed for {@link DidAuthSiopOpAuthenticator.sendSiopAuthenticationResponse } \"\n }\n },\n \"methods\": {\n \"getSessionForSiop\": {\n \"description\": \"Get SIOP session\",\n \"arguments\": {\n \"$ref\": \"#/components/schemas/IGetSiopSessionArgs\"\n },\n \"returnType\": \"object\"\n },\n \"registerSessionForSiop\": {\n \"description\": \"Register SIOP session\",\n \"arguments\": {\n \"$ref\": \"#/components/schemas/IRegisterSiopSessionArgs\"\n },\n \"returnType\": \"object\"\n },\n \"removeSessionForSiop\": {\n \"description\": \"Remove SIOP session\",\n \"arguments\": {\n \"$ref\": \"#/components/schemas/IRemoveSiopSessionArgs\"\n },\n \"returnType\": \"boolean\"\n },\n \"authenticateWithSiop\": {\n \"description\": \"Authenticate using DID Auth SIOP\",\n \"arguments\": {\n \"$ref\": \"#/components/schemas/IAuthenticateWithSiopArgs\"\n },\n \"returnType\": {\n \"$ref\": \"#/components/schemas/Response\"\n }\n },\n \"getSiopAuthenticationRequestFromRP\": {\n \"description\": \"Get authentication request from RP\",\n \"arguments\": {\n \"$ref\": \"#/components/schemas/IGetSiopAuthenticationRequestFromRpArgs\"\n },\n \"returnType\": {\n \"$ref\": \"#/components/schemas/ParsedAuthenticationRequestURI\"\n }\n },\n \"getSiopAuthenticationRequestDetails\": {\n \"description\": \"Get authentication request details\",\n \"arguments\": {\n \"$ref\": \"#/components/schemas/IGetSiopAuthenticationRequestDetailsArgs\"\n },\n \"returnType\": {\n \"$ref\": \"#/components/schemas/IAuthRequestDetails\"\n }\n },\n \"verifySiopAuthenticationRequestURI\": {\n \"description\": \"Verify authentication request URI\",\n \"arguments\": {\n \"$ref\": \"#/components/schemas/IVerifySiopAuthenticationRequestUriArgs\"\n },\n \"returnType\": {\n \"$ref\": \"#/components/schemas/VerifiedAuthorizationRequest\"\n }\n },\n \"sendSiopAuthenticationResponse\": {\n \"description\": \"Send authentication response\",\n \"arguments\": {\n \"$ref\": \"#/components/schemas/ISendSiopAuthenticationResponseArgs\"\n },\n \"returnType\": {\n \"$ref\": \"#/components/schemas/IRequiredContext\"\n }\n }\n }\n }\n }\n}\n","import {\n AuthorizationRequestState,\n AuthorizationResponsePayload,\n AuthorizationResponseState,\n AuthorizationResponseStateStatus,\n AuthorizationResponseStateWithVerifiedData,\n decodeUriAsJson,\n EncodedDcqlPresentationVpToken,\n VerifiedAuthorizationResponse\n} from '@sphereon/did-auth-siop'\nimport { getAgentResolver } from '@sphereon/ssi-sdk-ext.did-utils'\nimport { shaHasher as defaultHasher } from '@sphereon/ssi-sdk.core'\nimport { validate as isValidUUID } from 'uuid'\nimport type { ImportDcqlQueryItem } from '@sphereon/ssi-sdk.pd-manager'\nimport {\n AdditionalClaims,\n CredentialMapper,\n HasherSync,\n ICredentialSubject,\n IPresentation,\n IVerifiableCredential,\n IVerifiablePresentation,\n JwtDecodedVerifiablePresentation,\n MdocDeviceResponse,\n MdocOid4vpMdocVpToken,\n OriginalVerifiablePresentation,\n SdJwtDecodedVerifiableCredential\n} from '@sphereon/ssi-types'\nimport { IAgentPlugin } from '@veramo/core'\nimport { DcqlQuery } from 'dcql'\nimport {\n IAuthorizationRequestPayloads,\n ICreateAuthRequestArgs,\n IGetAuthRequestStateArgs,\n IGetAuthResponseStateArgs,\n IGetRedirectUriArgs,\n ImportDefinitionsArgs,\n IPEXInstanceOptions,\n IRequiredContext,\n IRPDefaultOpts,\n IRPOptions,\n ISiopRPInstanceArgs,\n ISiopv2RPOpts,\n IUpdateRequestStateArgs,\n IVerifyAuthResponseStateArgs,\n schema\n} from '../index'\nimport { RPInstance } from '../RPInstance'\nimport { ISIOPv2RP } from '../types/ISIOPv2RP'\n\nexport class SIOPv2RP implements IAgentPlugin {\n private readonly opts: ISiopv2RPOpts\n private static readonly _DEFAULT_OPTS_KEY = '_default'\n private readonly instances: Map<string, RPInstance> = new Map()\n readonly schema = schema.IDidAuthSiopOpAuthenticator\n\n readonly methods: ISIOPv2RP = {\n siopCreateAuthRequestURI: this.createAuthorizationRequestURI.bind(this),\n siopCreateAuthRequestPayloads: this.createAuthorizationRequestPayloads.bind(this),\n siopGetAuthRequestState: this.siopGetRequestState.bind(this),\n siopGetAuthResponseState: this.siopGetResponseState.bind(this),\n siopUpdateAuthRequestState: this.siopUpdateRequestState.bind(this),\n siopDeleteAuthState: this.siopDeleteState.bind(this),\n siopVerifyAuthResponse: this.siopVerifyAuthResponse.bind(this),\n siopImportDefinitions: this.siopImportDefinitions.bind(this),\n siopGetRedirectURI: this.siopGetRedirectURI.bind(this),\n }\n\n constructor(opts: ISiopv2RPOpts) {\n this.opts = opts\n }\n\n public setDefaultOpts(rpDefaultOpts: IRPDefaultOpts, context: IRequiredContext) {\n // We allow setting default options later, because in some cases you might want to query the agent for defaults. This cannot happen when the agent is being build (this is when the constructor is being called)\n this.opts.defaultOpts = rpDefaultOpts\n // We however do require the agent to be responsible for resolution, otherwise people might encounter strange errors, that are very hard to track down\n if (\n !this.opts.defaultOpts.identifierOpts.resolveOpts?.resolver ||\n typeof this.opts.defaultOpts.identifierOpts.resolveOpts.resolver.resolve !== 'function'\n ) {\n this.opts.defaultOpts.identifierOpts.resolveOpts = {\n ...this.opts.defaultOpts.identifierOpts.resolveOpts,\n resolver: getAgentResolver(context, { uniresolverResolution: true, resolverResolution: true, localResolution: true }),\n }\n }\n }\n\n private async createAuthorizationRequestURI(createArgs: ICreateAuthRequestArgs, context: IRequiredContext): Promise<string> {\n return await this.getRPInstance(\n {\n createWhenNotPresent: true,\n responseRedirectURI: createArgs.responseRedirectURI,\n ...(createArgs.useQueryIdInstance === true && { queryId: createArgs.queryId } ),\n },\n context,\n )\n .then((rp) => rp.createAuthorizationRequestURI(createArgs, context))\n .then((URI) => URI.encodedUri)\n }\n\n private async createAuthorizationRequestPayloads(\n createArgs: ICreateAuthRequestArgs,\n context: IRequiredContext,\n ): Promise<IAuthorizationRequestPayloads> {\n return await this.getRPInstance({ createWhenNotPresent: true, queryId: createArgs.queryId }, context)\n .then((rp) => rp.createAuthorizationRequest(createArgs, context))\n .then(async (request) => {\n const authRequest: IAuthorizationRequestPayloads = {\n authorizationRequest: request.payload,\n requestObject: await request.requestObjectJwt(),\n requestObjectDecoded: request.requestObject?.getPayload(),\n }\n return authRequest\n })\n }\n\n private async siopGetRequestState(args: IGetAuthRequestStateArgs, context: IRequiredContext): Promise<AuthorizationRequestState | undefined> {\n return await this.getRPInstance({ createWhenNotPresent: false, queryId: args.queryId }, context).then((rp) =>\n rp.get(context).then((rp) =>\n rp.sessionManager.getRequestStateByCorrelationId(args.correlationId, args.errorOnNotFound)\n ),\n )\n }\n\n private async siopGetResponseState(\n args: IGetAuthResponseStateArgs,\n context: IRequiredContext,\n ): Promise<AuthorizationResponseStateWithVerifiedData | undefined> {\n const rpInstance: RPInstance = await this.getRPInstance({ createWhenNotPresent: false, queryId: args.queryId }, context)\n const authorizationResponseState: AuthorizationResponseState | undefined = await rpInstance\n .get(context)\n .then((rp) => rp.sessionManager.getResponseStateByCorrelationId(args.correlationId, args.errorOnNotFound))\n if (authorizationResponseState === undefined) {\n return undefined\n }\n\n const responseState = authorizationResponseState as AuthorizationResponseStateWithVerifiedData\n if (responseState.status === AuthorizationResponseStateStatus.VERIFIED) {\n let hasher: HasherSync | undefined\n if (\n CredentialMapper.isSdJwtEncoded(responseState.response.payload.vp_token as OriginalVerifiablePresentation) &&\n (!rpInstance.rpOptions.credentialOpts?.hasher || typeof rpInstance.rpOptions.credentialOpts?.hasher !== 'function')\n ) {\n hasher = defaultHasher\n }\n\n // FIXME SSISDK-64 currently assuming that all vp tokens are or type EncodedDcqlPresentationVpToken as we only work with DCQL now. But the types still indicate it can be another type of vp token\n const vpToken = responseState.response.payload.vp_token && JSON.parse(responseState.response.payload.vp_token as EncodedDcqlPresentationVpToken)\n const claims = []\n for (const [key, value] of Object.entries(vpToken)) {\n // todo this should also include mdl-mdoc\n const presentationDecoded = CredentialMapper.decodeVerifiablePresentation(\n value as OriginalVerifiablePresentation,\n //todo: later we want to conditionally pass in options for mdl-mdoc here\n hasher,\n )\n console.log(`presentationDecoded: ${JSON.stringify(presentationDecoded)}`)\n\n const allClaims: AdditionalClaims = {}\n const presentationOrClaims = this.presentationOrClaimsFrom(presentationDecoded)\n if ('verifiableCredential' in presentationOrClaims) {\n for (const credential of presentationOrClaims.verifiableCredential) {\n const vc = credential as IVerifiableCredential\n const schemaValidationResult = await context.agent.cvVerifySchema({\n credential,\n hasher,\n validationPolicy: rpInstance.rpOptions.verificationPolicies?.schemaValidation,\n })\n if (!schemaValidationResult.result) {\n responseState.status = AuthorizationResponseStateStatus.ERROR\n responseState.error = new Error(schemaValidationResult.error)\n return responseState\n }\n\n const credentialSubject = vc.credentialSubject as ICredentialSubject & AdditionalClaims\n if (!('id' in allClaims)) {\n allClaims['id'] = credentialSubject.id\n }\n\n Object.entries(credentialSubject).forEach(([key, value]) => {\n if (!(key in allClaims)) {\n allClaims[key] = value\n }\n })\n\n claims.push({\n id: key,\n type: vc.type[0],\n claims: allClaims\n })\n }\n } else {\n claims.push({\n id: key,\n type: (presentationDecoded as SdJwtDecodedVerifiableCredential).decodedPayload.vct,\n claims: presentationOrClaims\n })\n }\n }\n\n responseState.verifiedData = {\n ...(responseState.response.payload.vp_token && {\n authorization_response: {\n vp_token: typeof responseState.response.payload.vp_token === 'string'\n ? JSON.parse(responseState.response.payload.vp_token)\n : responseState.response.payload.vp_token\n }\n }),\n ...(claims.length > 0 && { credential_claims: claims })\n }\n }\n\n return responseState\n }\n\n private presentationOrClaimsFrom = (\n presentationDecoded:\n | JwtDecodedVerifiablePresentation\n | IVerifiablePresentation\n | SdJwtDecodedVerifiableCredential\n | MdocOid4vpMdocVpToken\n | MdocDeviceResponse\n ): AdditionalClaims | IPresentation => {\n return CredentialMapper.isSdJwtDecodedCredential(presentationDecoded)\n ? presentationDecoded.decodedPayload\n : CredentialMapper.toUniformPresentation(presentationDecoded as OriginalVerifiablePresentation)\n }\n\n private async siopUpdateRequestState(args: IUpdateRequestStateArgs, context: IRequiredContext): Promise<AuthorizationRequestState> {\n if (args.state !== 'authorization_request_created') {\n throw Error(`Only 'authorization_request_created' status is supported for this method at this point`)\n }\n return await this.getRPInstance({ createWhenNotPresent: false, queryId: args.queryId }, context)\n // todo: In the SIOP library we need to update the signal method to be more like this method\n .then((rp) =>\n rp.get(context).then(async (rp) => {\n await rp.signalAuthRequestRetrieved({\n correlationId: args.correlationId,\n error: args.error ? new Error(args.error) : undefined,\n })\n return (await rp.sessionManager.getRequestStateByCorrelationId(args.correlationId, true)) as AuthorizationRequestState\n }),\n )\n }\n\n private async siopDeleteState(args: IGetAuthResponseStateArgs, context: IRequiredContext): Promise<boolean> {\n return await this.getRPInstance({ createWhenNotPresent: false, queryId: args.queryId }, context)\n .then((rp) => rp.get(context).then((rp) => rp.sessionManager.deleteStateForCorrelationId(args.correlationId)))\n .then(() => true)\n }\n\n private async siopVerifyAuthResponse(args: IVerifyAuthResponseStateArgs, context: IRequiredContext): Promise<VerifiedAuthorizationResponse> {\n if (!args.authorizationResponse) {\n throw Error('No SIOPv2 Authorization Response received')\n }\n const authResponse =\n typeof args.authorizationResponse === 'string'\n ? (decodeUriAsJson(args.authorizationResponse) as AuthorizationResponsePayload)\n : args.authorizationResponse\n return await this.getRPInstance({ createWhenNotPresent: false, queryId: args.queryId }, context).then((rp) =>\n rp.get(context).then((rp) =>\n rp.verifyAuthorizationResponse(authResponse, {\n correlationId: args.correlationId,\n ...(args.dcqlQuery && { dcqlQuery: args.dcqlQuery }),\n audience: args.audience,\n }),\n ),\n )\n }\n\n private async siopImportDefinitions(args: ImportDefinitionsArgs, context: IRequiredContext): Promise<void> {\n const { importItems, tenantId, version, versionControlMode } = args\n await Promise.all(\n importItems.map(async (importItem: ImportDcqlQueryItem) => {\n DcqlQuery.validate(importItem.query)\n console.log(`persisting DCQL definition ${importItem.queryId} with versionControlMode ${versionControlMode}`)\n\n return context.agent.pdmPersistDefinition({\n definitionItem: {\n queryId: importItem.queryId!,\n tenantId: tenantId,\n version: version,\n query: importItem.query,\n },\n opts: { versionControlMode: versionControlMode },\n })\n }),\n )\n }\n\n private async siopGetRedirectURI(args: IGetRedirectUriArgs, context: IRequiredContext): Promise<string | undefined> {\n const instanceId = args.queryId ?? SIOPv2RP._DEFAULT_OPTS_KEY\n if (this.instances.has(instanceId)) {\n const rpInstance = this.instances.get(instanceId)\n if (rpInstance !== undefined) {\n const rp = await rpInstance.get(context)\n return rp.getResponseRedirectUri({\n correlation_id: args.correlationId,\n correlationId: args.correlationId,\n ...(args.state && { state: args.state }),\n })\n }\n }\n return undefined\n }\n\n async getRPInstance({ createWhenNotPresent, queryId, responseRedirectURI }: ISiopRPInstanceArgs, context: IRequiredContext): Promise<RPInstance> {\n let rpInstanceId: string = SIOPv2RP._DEFAULT_OPTS_KEY\n let rpInstance: RPInstance | undefined\n if (queryId) {\n if (this.instances.has(queryId)) {\n rpInstanceId = queryId\n rpInstance = this.instances.get(rpInstanceId)!\n } else if (isValidUUID(queryId)) {\n try {\n // Check whether queryId is actually the PD item id\n const pd = await context.agent.pdmGetDefinition({ itemId: queryId })\n if (this.instances.has(pd.queryId)) {\n rpInstanceId = pd.queryId\n rpInstance = this.instances.get(rpInstanceId)!\n }\n } catch (ignore) {}\n }\n if (createWhenNotPresent) {\n rpInstanceId = queryId\n } else {\n rpInstance = this.instances.get(rpInstanceId)\n }\n } else {\n rpInstance = this.instances.get(rpInstanceId)\n }\n\n if (!rpInstance) {\n if (!createWhenNotPresent) {\n return Promise.reject(`No RP instance found for key ${rpInstanceId}`)\n }\n const instanceOpts = this.getInstanceOpts(queryId)\n const rpOpts = await this.getRPOptions(context, { queryId, responseRedirectURI: responseRedirectURI })\n if (!rpOpts.identifierOpts.resolveOpts?.resolver || typeof rpOpts.identifierOpts.resolveOpts.resolver.resolve !== 'function') {\n if (!rpOpts.identifierOpts?.resolveOpts) {\n rpOpts.identifierOpts = { ...rpOpts.identifierOpts }\n rpOpts.identifierOpts.resolveOpts = { ...rpOpts.identifierOpts.resolveOpts }\n }\n console.log('Using agent DID resolver for RP instance with definition id ' + queryId)\n rpOpts.identifierOpts.resolveOpts.resolver = getAgentResolver(context, {\n uniresolverResolution: true,\n localResolution: true,\n resolverResolution: true,\n })\n }\n rpInstance = new RPInstance({ rpOpts, pexOpts: instanceOpts })\n this.instances.set(rpInstanceId, rpInstance)\n }\n if (responseRedirectURI) {\n rpInstance.rpOptions.responseRedirectUri = responseRedirectURI\n }\n return rpInstance\n }\n\n async getRPOptions(context: IRequiredContext, opts: { queryId?: string; responseRedirectURI?: string }): Promise<IRPOptions> {\n const { queryId, responseRedirectURI: responseRedirectURI } = opts\n const options = this.getInstanceOpts(queryId)?.rpOpts ?? this.opts.defaultOpts\n if (!options) {\n throw Error(`Could not get specific nor default options for definition ${queryId}`)\n }\n if (this.opts.defaultOpts) {\n if (!options.identifierOpts) {\n options.identifierOpts = this.opts.defaultOpts?.identifierOpts\n } else {\n if (!options.identifierOpts.idOpts) {\n options.identifierOpts.idOpts = this.opts.defaultOpts.identifierOpts.idOpts\n }\n if (!options.identifierOpts.supportedDIDMethods) {\n options.identifierOpts.supportedDIDMethods = this.opts.defaultOpts.identifierOpts.supportedDIDMethods\n }\n if (!options.supportedVersions) {\n options.supportedVersions = this.opts.defaultOpts.supportedVersions\n }\n }\n if (!options.identifierOpts.resolveOpts || typeof options.identifierOpts.resolveOpts.resolver?.resolve !== 'function') {\n options.identifierOpts.resolveOpts = {\n ...this.opts.defaultOpts.identifierOpts.resolveOpts,\n resolver:\n this.opts.defaultOpts.identifierOpts?.resolveOpts?.resolver ??\n getAgentResolver(context, { localResolution: true, resolverResolution: true, uniresolverResolution: true }),\n }\n }\n }\n if (responseRedirectURI !== undefined && responseRedirectURI !== options.responseRedirectUri) {\n options.responseRedirectUri = responseRedirectURI\n }\n return options\n }\n\n getInstanceOpts(queryId?: string): IPEXInstanceOptions | undefined {\n if (!this.opts.instanceOpts) return undefined\n\n const instanceOpt = queryId ? this.opts.instanceOpts.find((i) => i.queryId === queryId) : undefined\n\n return instanceOpt ?? this.getDefaultOptions(queryId)\n }\n\n private getDefaultOptions(queryId: string | undefined) {\n if (!this.opts.instanceOpts) return undefined\n\n const defaultOptions = this.opts.instanceOpts.find((i) => i.queryId === 'default')\n if (defaultOptions) {\n const clonedOptions = { ...defaultOptions }\n if (queryId !== undefined) {\n clonedOptions.queryId = queryId\n }\n return clonedOptions\n }\n\n return undefined\n }\n}\n","import {\n ClientIdentifierPrefix,\n ClientMetadataOpts,\n DcqlQueryLookupCallback,\n InMemoryRPSessionManager,\n PassBy,\n PresentationVerificationCallback,\n PresentationVerificationResult,\n PropertyTarget,\n ResponseMode,\n ResponseType,\n RevocationVerification,\n RP,\n RPBuilder,\n Scope,\n SubjectType,\n SupportedVersion,\n VerifyJwtCallback,\n} from '@sphereon/did-auth-siop'\nimport { CreateJwtCallback, JwtHeader, JwtIssuer, JwtPayload, SigningAlgo } from '@sphereon/oid4vc-common'\nimport { IPresentationDefinition } from '@sphereon/pex'\nimport { getAgentDIDMethods, getAgentResolver } from '@sphereon/ssi-sdk-ext.did-utils'\nimport {\n isExternalIdentifierOIDFEntityIdOpts,\n isManagedIdentifierDidOpts,\n isManagedIdentifierDidResult,\n isManagedIdentifierX5cOpts,\n ManagedIdentifierOptsOrResult,\n} from '@sphereon/ssi-sdk-ext.identifier-resolution'\nimport { JwtCompactResult } from '@sphereon/ssi-sdk-ext.jwt-service'\nimport { IVerifySdJwtPresentationResult } from '@sphereon/ssi-sdk.sd-jwt'\nimport { CredentialMapper, HasherSync, OriginalVerifiableCredential, PresentationSubmission } from '@sphereon/ssi-types'\nimport { IVerifyCallbackArgs, IVerifyCredentialResult, VerifyCallback } from '@sphereon/wellknown-dids-client'\nimport { TKeyType } from '@veramo/core'\nimport { JWTVerifyOptions } from 'did-jwt'\nimport { Resolvable } from 'did-resolver'\nimport { EventEmitter } from 'events'\nimport { validate as isValidUUID } from 'uuid'\nimport { IRequiredContext, IRPOptions, ISIOPIdentifierOptions } from './types/ISIOPv2RP'\nimport { DcqlQuery } from 'dcql'\nimport { defaultHasher } from '@sphereon/ssi-sdk.core'\n\nexport function getRequestVersion(rpOptions: IRPOptions): SupportedVersion {\n if (Array.isArray(rpOptions.supportedVersions) && rpOptions.supportedVersions.length > 0) {\n return rpOptions.supportedVersions[0]\n }\n return SupportedVersion.OID4VP_v1\n}\n\nfunction getWellKnownDIDVerifyCallback(siopIdentifierOpts: ISIOPIdentifierOptions, context: IRequiredContext) {\n return siopIdentifierOpts.wellknownDIDVerifyCallback\n ? siopIdentifierOpts.wellknownDIDVerifyCallback\n : async (args: IVerifyCallbackArgs): Promise<IVerifyCredentialResult> => {\n const result = await context.agent.cvVerifyCredential({\n credential: args.credential as OriginalVerifiableCredential,\n fetchRemoteContexts: true,\n })\n return { verified: result.result }\n }\n}\n\nexport function getDcqlQueryLookupCallback(context: IRequiredContext): DcqlQueryLookupCallback {\n async function dcqlQueryLookup(queryId: string, version?: string, tenantId?: string): Promise<DcqlQuery> {\n // TODO Add caching?\n const result = await context.agent.pdmGetDefinitions({\n filter: [\n {\n queryId,\n ...(tenantId && { tenantId }),\n ...(version && { version }),\n },\n ...(isValidUUID(queryId) ? [{ id: queryId }] : []),\n ],\n })\n if (result && result.length > 0) {\n return result[0].query\n }\n\n return Promise.reject(Error(`No dcql query found for queryId ${queryId}`))\n }\n\n return dcqlQueryLookup\n}\n\nexport function getPresentationVerificationCallback(\n idOpts: ManagedIdentifierOptsOrResult,\n context: IRequiredContext,\n): PresentationVerificationCallback {\n async function presentationVerificationCallback(\n args: any, // FIXME any\n presentationSubmission?: PresentationSubmission,\n ): Promise<PresentationVerificationResult> {\n if (CredentialMapper.isSdJwtEncoded(args)) {\n const result: IVerifySdJwtPresentationResult = await context.agent.verifySdJwtPresentation({\n presentation: args,\n })\n // fixme: investigate the correct way to handle this\n return { verified: !!result.payload }\n }\n\n if (CredentialMapper.isMsoMdocOid4VPEncoded(args)) {\n // TODO Funke reevaluate\n if (context.agent.mdocOid4vpRPVerify === undefined) {\n return Promise.reject('ImDLMdoc agent plugin must be enabled to support MsoMdoc types')\n }\n if (presentationSubmission !== undefined && presentationSubmission !== null) {\n const verifyResult = await context.agent.mdocOid4vpRPVerify({\n vp_token: args,\n presentation_submission: presentationSubmission,\n })\n return { verified: !verifyResult.error }\n }\n throw Error(`mdocOid4vpRPVerify(...) method requires a presentation submission`)\n }\n\n const result = await context.agent.verifyPresentation({\n presentation: args,\n fetchRemoteContexts: true,\n domain: (await context.agent.identifierManagedGet(idOpts)).kid?.split('#')[0],\n })\n return { verified: result.verified }\n }\n\n return presentationVerificationCallback\n}\n\nexport async function createRPBuilder(args: {\n rpOpts: IRPOptions\n definition?: IPresentationDefinition\n context: IRequiredContext\n}): Promise<RPBuilder> {\n const { rpOpts, context } = args\n const { identifierOpts } = rpOpts\n\n const didMethods = identifierOpts.supportedDIDMethods ?? (await getAgentDIDMethods(context))\n const eventEmitter = rpOpts.eventEmitter ?? new EventEmitter()\n\n const defaultClientMetadata: ClientMetadataOpts = {\n // FIXME: All of the below should be configurable. Some should come from builder, some should be determined by the agent.\n // For now it is either preconfigured or everything passed in as a single object\n idTokenSigningAlgValuesSupported: [SigningAlgo.EDDSA, SigningAlgo.ES256, SigningAlgo.ES256K], // added newly\n requestObjectSigningAlgValuesSupported: [SigningAlgo.EDDSA, SigningAlgo.ES256, SigningAlgo.ES256K], // added newly\n responseTypesSupported: [ResponseType.ID_TOKEN], // added newly\n client_name: 'Sphereon',\n vpFormatsSupported: {\n jwt_vc: { alg: ['EdDSA', 'ES256K'] },\n jwt_vp: { alg: ['ES256K', 'EdDSA'] },\n },\n scopesSupported: [Scope.OPENID_DIDAUTHN],\n subjectTypesSupported: [SubjectType.PAIRWISE],\n subject_syntax_types_supported: didMethods.map((method) => `did:${method}`),\n passBy: PassBy.VALUE,\n }\n\n const resolver =\n rpOpts.identifierOpts.resolveOpts?.resolver ??\n getAgentResolver(context, {\n resolverResolution: true,\n localResolution: true,\n uniresolverResolution: rpOpts.identifierOpts.resolveOpts?.noUniversalResolverFallback !== true,\n })\n //todo: probably wise to first look and see if we actually need the hasher to begin with\n let hasher: HasherSync | undefined = rpOpts.credentialOpts?.hasher\n if (!rpOpts.credentialOpts?.hasher || typeof rpOpts.credentialOpts?.hasher !== 'function') {\n hasher = defaultHasher\n }\n\n const builder = RP.builder({ requestVersion: getRequestVersion(rpOpts) })\n .withScope('openid', PropertyTarget.REQUEST_OBJECT)\n .withResponseMode(rpOpts.responseMode ?? ResponseMode.POST)\n .withResponseType(ResponseType.VP_TOKEN, PropertyTarget.REQUEST_OBJECT)\n // todo: move to options fill/correct method\n .withSupportedVersions(rpOpts.supportedVersions ?? [SupportedVersion.OID4VP_v1, SupportedVersion.SIOPv2_OID4VP_D28])\n\n .withEventEmitter(eventEmitter)\n .withSessionManager(rpOpts.sessionManager ?? new InMemoryRPSessionManager(eventEmitter))\n .withClientMetadata(rpOpts.clientMetadataOpts ?? defaultClientMetadata, PropertyTarget.REQUEST_OBJECT)\n .withVerifyJwtCallback(\n rpOpts.verifyJwtCallback\n ? rpOpts.verifyJwtCallback\n : getVerifyJwtCallback(\n {\n resolver,\n verifyOpts: {\n wellknownDIDVerifyCallback: getWellKnownDIDVerifyCallback(rpOpts.identifierOpts, context),\n checkLinkedDomain: 'if_present',\n },\n },\n context,\n ),\n )\n .withDcqlQueryLookup(getDcqlQueryLookupCallback(context))\n .withRevocationVerification(RevocationVerification.NEVER)\n .withPresentationVerification(getPresentationVerificationCallback(identifierOpts.idOpts, context))\n\n const oidfOpts = identifierOpts.oidfOpts\n if (oidfOpts && isExternalIdentifierOIDFEntityIdOpts(oidfOpts)) {\n builder.withEntityId(oidfOpts.identifier, PropertyTarget.REQUEST_OBJECT)\n } else {\n const resolution = await context.agent.identifierManagedGet(identifierOpts.idOpts)\n const clientId: string =\n rpOpts.clientMetadataOpts?.client_id ??\n resolution.issuer ??\n (isManagedIdentifierDidResult(resolution) ? resolution.did : resolution.jwkThumbprint)\n const clientIdPrefixed = prefixClientId(clientId)\n builder.withClientId(clientIdPrefixed, PropertyTarget.REQUEST_OBJECT)\n }\n\n if (hasher) {\n builder.withHasher(hasher)\n }\n //fixme: this has been removed in the new version of did-auth-siop\n /*if (!rpOpts.clientMetadataOpts?.subjectTypesSupported) {\n // Do not update in case it is already provided via client metadata opts\n didMethods.forEach((method) => builder.addDidMethod(method))\n }*/\n //fixme: this has been removed in the new version of did-auth-siop\n // builder.withWellknownDIDVerifyCallback(getWellKnownDIDVerifyCallback(didOpts, context))\n\n if (rpOpts.responseRedirectUri) {\n builder.withResponseRedirectUri(rpOpts.responseRedirectUri)\n }\n\n //const key = resolution.key\n //fixme: this has been removed in the new version of did-auth-siop\n //builder.withSuppliedSignature(SuppliedSigner(key, context, getSigningAlgo(key.type) as unknown as KeyAlgo), did, kid, getSigningAlgo(key.type))\n\n /*if (isManagedIdentifierDidResult(resolution)) {\n //fixme: only accepts dids in version used. New SIOP lib also accepts other types\n builder.withSuppliedSignature(\n SuppliedSigner(key, context, getSigningAlgo(key.type) as unknown as KeyAlgo),\n resolution.did,\n resolution.kid,\n getSigningAlgo(key.type),\n )\n }*/\n //fixme: signcallback and it's return type are not totally compatible with our CreateJwtCallbackBase\n const createJwtCallback = signCallback(rpOpts.identifierOpts.idOpts, context)\n builder.withCreateJwtCallback(createJwtCallback satisfies CreateJwtCallback<any>)\n return builder\n}\n\nexport function signCallback(\n idOpts: ManagedIdentifierOptsOrResult,\n context: IRequiredContext,\n): (jwtIssuer: JwtIssuer, jwt: { header: JwtHeader; payload: JwtPayload }, kid?: string) => Promise<string> {\n return async (jwtIssuer: JwtIssuer, jwt: { header: JwtHeader; payload: JwtPayload }, kid?: string) => {\n if (!(isManagedIdentifierDidOpts(idOpts) || isManagedIdentifierX5cOpts(idOpts))) {\n return Promise.reject(Error(`JWT issuer method ${jwtIssuer.method} not yet supported`))\n }\n const result: JwtCompactResult = await context.agent.jwtCreateJwsCompactSignature({\n // FIXME fix cose-key inference\n // @ts-ignore\n issuer: { identifier: idOpts.identifier, kmsKeyRef: idOpts.kmsKeyRef, noIdentifierInHeader: false },\n // FIXME fix JWK key_ops\n // @ts-ignore\n protectedHeader: jwt.header,\n payload: jwt.payload,\n })\n return result.jwt\n }\n}\n\nfunction getVerifyJwtCallback(\n _opts: {\n resolver?: Resolvable\n verifyOpts?: JWTVerifyOptions & {\n checkLinkedDomain: 'never' | 'if_present' | 'always'\n wellknownDIDVerifyCallback?: VerifyCallback\n }\n },\n context: IRequiredContext,\n): VerifyJwtCallback {\n return async (_jwtVerifier, jwt) => {\n const result = await context.agent.jwtVerifyJwsSignature({ jws: jwt.raw })\n console.log(result.message)\n return !result.error\n }\n}\n\nexport async function createRP({ rpOptions, context }: { rpOptions: IRPOptions; context: IRequiredContext }): Promise<RP> {\n return (await createRPBuilder({ rpOpts: rpOptions, context })).build()\n}\n\nexport function getSigningAlgo(type: TKeyType): SigningAlgo {\n switch (type) {\n case 'Ed25519':\n return SigningAlgo.EDDSA\n case 'Secp256k1':\n return SigningAlgo.ES256K\n case 'Secp256r1':\n return SigningAlgo.ES256\n // @ts-ignore\n case 'RSA':\n return SigningAlgo.RS256\n default:\n throw Error('Key type not yet supported')\n }\n}\n\nexport function prefixClientId(clientId: string): string {\n // FIXME SSISDK-60\n if (clientId.startsWith('did:')) {\n return `${ClientIdentifierPrefix.DECENTRALIZED_IDENTIFIER}:${clientId}`\n }\n\n return clientId\n}\n","import { AuthorizationRequest, RP, URI } from '@sphereon/did-auth-siop'\nimport { ICreateAuthRequestArgs, IPresentationOptions, IRequiredContext, IRPOptions } from './types/ISIOPv2RP'\nimport { createRPBuilder, getRequestVersion, getSigningAlgo } from './functions'\nimport { v4 as uuidv4 } from 'uuid'\nimport { JwtIssuer } from '@sphereon/oid4vc-common'\nimport {\n ensureManagedIdentifierResult,\n isManagedIdentifierDidResult,\n isManagedIdentifierX5cResult,\n} from '@sphereon/ssi-sdk-ext.identifier-resolution'\n\nexport class RPInstance {\n private _rp: RP | undefined\n private readonly _presentationOptions: IPresentationOptions | undefined\n private readonly _rpOptions: IRPOptions\n\n public constructor({ rpOpts, pexOpts }: { rpOpts: IRPOptions; pexOpts?: IPresentationOptions }) {\n this._rpOptions = rpOpts\n this._presentationOptions = pexOpts\n }\n\n public async get(context: IRequiredContext): Promise<RP> {\n if (!this._rp) {\n const builder = await createRPBuilder({\n rpOpts: this._rpOptions,\n context,\n })\n this._rp = builder.build()\n }\n return this._rp!\n }\n\n get rpOptions() {\n return this._rpOptions\n }\n\n get presentationOptions() {\n return this._presentationOptions\n }\n\n public async createAuthorizationRequestURI(createArgs: ICreateAuthRequestArgs, context: IRequiredContext): Promise<URI> {\n const { correlationId, queryId, claims, requestByReferenceURI, responseURI, responseURIType, callback } = createArgs\n const nonce = createArgs.nonce ?? uuidv4()\n const state = createArgs.state ?? correlationId\n let jwtIssuer: JwtIssuer\n const idOpts = this.rpOptions.identifierOpts.idOpts\n const resolution = await ensureManagedIdentifierResult(idOpts, context)\n if (isManagedIdentifierDidResult(resolution)) {\n jwtIssuer = { didUrl: resolution.kid, method: 'did', alg: getSigningAlgo(resolution.key.type) }\n } else if (isManagedIdentifierX5cResult(resolution)) {\n if (!resolution.issuer) {\n return Promise.reject('missing issuer in idOpts')\n }\n jwtIssuer = {\n issuer: resolution.issuer,\n x5c: resolution.x5c,\n method: 'x5c',\n alg: getSigningAlgo(resolution.key.type),\n }\n } else {\n return Promise.reject(Error(`JWT issuer method ${resolution.method} not yet supported`))\n }\n\n return await this.get(context).then((rp) =>\n rp.createAuthorizationRequestURI({\n version: getRequestVersion(this.rpOptions),\n correlationId,\n queryId,\n nonce,\n state,\n claims,\n requestByReferenceURI,\n responseURI,\n responseURIType,\n jwtIssuer,\n callback,\n }),\n )\n }\n\n public async createAuthorizationRequest(\n createArgs: Omit<ICreateAuthRequestArgs, 'queryId'>,\n context: IRequiredContext,\n ): Promise<AuthorizationRequest> {\n const { correlationId, claims, requestByReferenceURI, responseURI, responseURIType } = createArgs\n const nonce = createArgs.nonce ?? uuidv4()\n const state = createArgs.state ?? correlationId\n const idOpts = this.rpOptions.identifierOpts.idOpts\n const resolution = await ensureManagedIdentifierResult(idOpts, context)\n\n let jwtIssuer: JwtIssuer\n if (isManagedIdentifierX5cResult(resolution) && resolution.issuer) {\n jwtIssuer = {\n method: resolution.method,\n alg: getSigningAlgo(resolution.key.type),\n x5c: resolution.x5c,\n issuer: resolution.issuer,\n }\n } else if (isManagedIdentifierDidResult(resolution)) {\n jwtIssuer = {\n method: resolution.method,\n alg: getSigningAlgo(resolution.key.type),\n didUrl: resolution.did,\n }\n } else {\n return Promise.reject(Error('Only did & x5c supported at present'))\n }\n\n return await this.get(context).then((rp) =>\n rp.createAuthorizationRequest({\n version: getRequestVersion(this.rpOptions),\n correlationId,\n nonce,\n state,\n claims,\n requestByReferenceURI,\n responseURIType,\n responseURI,\n jwtIssuer,\n }),\n )\n }\n}\n"],"mappings":";;;;AAAA;AAAA,EACE,6BAA+B;AAAA,IAC7B,YAAc;AAAA,MACZ,SAAW;AAAA,QACT,qBAAuB;AAAA,UACrB,MAAQ;AAAA,UACR,YAAc;AAAA,YACZ,WAAa;AAAA,cACX,MAAQ;AAAA,YACV;AAAA,YACA,sBAAwB;AAAA,UAC1B;AAAA,UACA,UAAY,CAAC,WAAW;AAAA,UACxB,aAAe;AAAA,QACjB;AAAA,QACA,0BAA4B;AAAA,UAC1B,MAAQ;AAAA,UACR,YAAc;AAAA,YACZ,YAAc;AAAA,cACZ,MAAQ;AAAA,cACR,YAAc;AAAA,gBACZ,KAAO;AAAA,kBACL,MAAQ;AAAA,gBACV;AAAA,gBACA,OAAS;AAAA,kBACP,MAAQ;AAAA,gBACV;AAAA,gBACA,UAAY;AAAA,kBACV,MAAQ;AAAA,gBACV;AAAA,gBACA,iBAAmB;AAAA,kBACjB,MAAQ;AAAA,gBACV;AAAA,gBACA,MAAQ;AAAA,kBACN,MAAQ;AAAA,kBACR,OAAS;AAAA,oBACP,MAAQ;AAAA,oBACR,YAAc;AAAA,sBACZ,sBAAwB;AAAA,oBAC1B;AAAA,kBACF;AAAA,gBACF;AAAA,gBACA,UAAY;AAAA,kBACV,MAAQ;AAAA,kBACR,OAAS;AAAA,oBACP,MAAQ;AAAA,oBACR,YAAc;AAAA,sBACZ,sBAAwB;AAAA,oBAC1B;AAAA,kBACF;AAAA,gBACF;AAAA,cACF;AAAA,cACA,sBAAwB;AAAA,cACxB,UAAY,CAAC,OAAO,YAAY,QAAQ,UAAU;AAAA,YACpD;AAAA,YACA,WAAa;AAAA,cACX,MAAQ;AAAA,YACV;AAAA,YACA,WAAa;AAAA,cACX,MAAQ;AAAA,YACV;AAAA,YACA,sBAAwB;AAAA,UAC1B;AAAA,UACA,UAAY,CAAC,YAAY;AAAA,UACzB,aAAe;AAAA,QACjB;AAAA,QACA,wBAA0B;AAAA,UACxB,MAAQ;AAAA,UACR,YAAc;AAAA,YACZ,WAAa;AAAA,cACX,MAAQ;AAAA,YACV;AAAA,YACA,sBAAwB;AAAA,UAC1B;AAAA,UACA,UAAY,CAAC,WAAW;AAAA,UACxB,aAAe;AAAA,QACjB;AAAA,QACA,2BAA6B;AAAA,UAC3B,MAAQ;AAAA,UACR,YAAc;AAAA,YACZ,WAAa;AAAA,cACX,MAAQ;AAAA,YACV;AAAA,YACA,SAAW;AAAA,cACT,MAAQ;AAAA,YACV;AAAA,YACA,aAAe;AAAA,cACb,MAAQ;AAAA,YACV;AAAA,YACA,sBAAwB;AAAA,UAC1B;AAAA,UACA,UAAY,CAAC,aAAa,WAAW,aAAa;AAAA,UAClD,aAAe;AAAA,QACjB;AAAA,QACA,WAAa;AAAA,UACX,MAAQ;AAAA,UACR,YAAc;AAAA,YACZ,QAAU;AAAA,cACR,MAAQ;AAAA,YACV;AAAA,YACA,sBAAwB;AAAA,UAC1B;AAAA,UACA,UAAY,CAAC,QAAQ;AAAA,UACrB,aAAe;AAAA,QACjB;AAAA,QACA,yCAA2C;AAAA,UACzC,MAAQ;AAAA,UACR,YAAc;AAAA,YACZ,WAAa;AAAA,cACX,MAAQ;AAAA,YACV;AAAA,YACA,SAAW;AAAA,cACT,MAAQ;AAAA,YACV;AAAA,YACA,aAAe;AAAA,cACb,MAAQ;AAAA,YACV;AAAA,YACA,sBAAwB;AAAA,UAC1B;AAAA,UACA,UAAY,CAAC,aAAa,WAAW,aAAa;AAAA,UAClD,aAAe;AAAA,QACjB;AAAA,QACA,gCAAkC;AAAA,UAChC,MAAQ;AAAA,UACR,YAAc;AAAA,YACZ,KAAO;AAAA,cACL,MAAQ;AAAA,YACV;AAAA,YACA,gBAAkB;AAAA,cAChB,MAAQ;AAAA,cACR,YAAc;AAAA,gBACZ,sBAAwB;AAAA,cAC1B;AAAA,YACF;AAAA,YACA,cAAgB;AAAA,cACd,MAAQ;AAAA,cACR,YAAc;AAAA,gBACZ,sBAAwB;AAAA,cAC1B;AAAA,YACF;AAAA,YACA,sBAAwB;AAAA,UAC1B;AAAA,UACA,UAAY,CAAC,OAAO,kBAAkB,cAAc;AAAA,UACpD,aAAe;AAAA,QACjB;AAAA,QACA,0CAA4C;AAAA,UAC1C,MAAQ;AAAA,UACR,YAAc;AAAA,YACZ,WAAa;AAAA,cACX,MAAQ;AAAA,YACV;AAAA,YACA,+BAAiC;AAAA,cAC/B,MAAQ;AAAA,cACR,YAAc;AAAA,gBACZ,sBAAwB;AAAA,cAC1B;AAAA,YACF;AAAA,YACA,kBAAoB;AAAA,cAClB,MAAQ;AAAA,cACR,YAAc;AAAA,gBACZ,sBAAwB;AAAA,cAC1B;AAAA,YACF;AAAA,YACA,sBAAwB;AAAA,UAC1B;AAAA,UACA,UAAY,CAAC,aAAa,+BAA+B;AAAA,UACzD,aAAe;AAAA,QACjB;AAAA,QACA,qBAAuB;AAAA,UACrB,MAAQ;AAAA,UACR,YAAc;AAAA,YACZ,IAAM;AAAA,cACJ,MAAQ;AAAA,YACV;AAAA,YACA,aAAe;AAAA,cACb,MAAQ;AAAA,cACR,OAAS;AAAA,gBACP,MAAQ;AAAA,cACV;AAAA,YACF;AAAA,YACA,gBAAkB;AAAA,cAChB,MAAQ;AAAA,cACR,YAAc;AAAA,gBACZ,sBAAwB;AAAA,cAC1B;AAAA,YACF;AAAA,YACA,sBAAwB;AAAA,UAC1B;AAAA,UACA,UAAY,CAAC,MAAM,gBAAgB;AAAA,UACnC,aAAe;AAAA,QACjB;AAAA,QACA,yCAA2C;AAAA,UACzC,MAAQ;AAAA,UACR,YAAc;AAAA,YACZ,WAAa;AAAA,cACX,MAAQ;AAAA,YACV;AAAA,YACA,gCAAkC;AAAA,cAChC,MAAQ;AAAA,cACR,YAAc;AAAA,gBACZ,sBAAwB;AAAA,cAC1B;AAAA,YACF;AAAA,YACA,sBAAwB;AAAA,UAC1B;AAAA,UACA,UAAY,CAAC,aAAa,gCAAgC;AAAA,UAC1D,aAAe;AAAA,QACjB;AAAA,QACA,8BAAgC;AAAA,UAC9B,MAAQ;AAAA,UACR,YAAc;AAAA,YACZ,SAAW;AAAA,cACT,MAAQ;AAAA,cACR,YAAc;AAAA,gBACZ,sBAAwB;AAAA,cAC1B;AAAA,YACF;AAAA,YACA,yBAA2B;AAAA,cACzB,MAAQ;AAAA,cACR,YAAc;AAAA,gBACZ,sBAAwB;AAAA,cAC1B;AAAA,YACF;AAAA,YACA,YAAc;AAAA,cACZ,MAAQ;AAAA,cACR,YAAc;AAAA,gBACZ,sBAAwB;AAAA,cAC1B;AAAA,YACF;AAAA,YACA,sBAAwB;AAAA,UAC1B;AAAA,UACA,UAAY,CAAC,WAAW,YAAY;AAAA,UACpC,aAAe;AAAA,QACjB;AAAA,QACA,qCAAuC;AAAA,UACrC,MAAQ;AAAA,UACR,YAAc;AAAA,YACZ,WAAa;AAAA,cACX,MAAQ;AAAA,YACV;AAAA,YACA,+BAAiC;AAAA,cAC/B,MAAQ;AAAA,cACR,YAAc;AAAA,gBACZ,sBAAwB;AAAA,cAC1B;AAAA,YACF;AAAA,YACA,gCAAkC;AAAA,cAChC,MAAQ;AAAA,cACR,YAAc;AAAA,gBACZ,sBAAwB;AAAA,cAC1B;AAAA,YACF;AAAA,YACA,sBAAwB;AAAA,UAC1B;AAAA,UACA,UAAY,CAAC,aAAa,+BAA+B;AAAA,UACzD,aAAe;AAAA,QACjB;AAAA,MACF;AAAA,MACA,SAAW;AAAA,QACT,mBAAqB;AAAA,UACnB,aAAe;AAAA,UACf,WAAa;AAAA,YACX,MAAQ;AAAA,UACV;AAAA,UACA,YAAc;AAAA,QAChB;AAAA,QACA,wBAA0B;AAAA,UACxB,aAAe;AAAA,UACf,WAAa;AAAA,YACX,MAAQ;AAAA,UACV;AAAA,UACA,YAAc;AAAA,QAChB;AAAA,QACA,sBAAwB;AAAA,UACtB,aAAe;AAAA,UACf,WAAa;AAAA,YACX,MAAQ;AAAA,UACV;AAAA,UACA,YAAc;AAAA,QAChB;AAAA,QACA,sBAAwB;AAAA,UACtB,aAAe;AAAA,UACf,WAAa;AAAA,YACX,MAAQ;AAAA,UACV;AAAA,UACA,YAAc;AAAA,YACZ,MAAQ;AAAA,UACV;AAAA,QACF;AAAA,QACA,oCAAsC;AAAA,UACpC,aAAe;AAAA,UACf,WAAa;AAAA,YACX,MAAQ;AAAA,UACV;AAAA,UACA,YAAc;AAAA,YACZ,MAAQ;AAAA,UACV;AAAA,QACF;AAAA,QACA,qCAAuC;AAAA,UACrC,aAAe;AAAA,UACf,WAAa;AAAA,YACX,MAAQ;AAAA,UACV;AAAA,UACA,YAAc;AAAA,YACZ,MAAQ;AAAA,UACV;AAAA,QACF;AAAA,QACA,oCAAsC;AAAA,UACpC,aAAe;AAAA,UACf,WAAa;AAAA,YACX,MAAQ;AAAA,UACV;AAAA,UACA,YAAc;AAAA,YACZ,MAAQ;AAAA,UACV;AAAA,QACF;AAAA,QACA,gCAAkC;AAAA,UAChC,aAAe;AAAA,UACf,WAAa;AAAA,YACX,MAAQ;AAAA,UACV;AAAA,UACA,YAAc;AAAA,YACZ,MAAQ;AAAA,UACV;AAAA,QACF;AAAA,MACF;AAAA,IACF;AAAA,EACF;AACF;;;ACxUA,SAIEA,kCAEAC,uBAGK;AACP,SAASC,oBAAAA,yBAAwB;AACjC,SAASC,aAAaC,sBAAqB;AAC3C,SAASC,YAAYC,oBAAmB;AAExC,SAEEC,oBAAAA,yBAWK;AAEP,SAASC,iBAAiB;;;AC7B1B,SACEC,wBAGAC,0BACAC,QAGAC,gBACAC,cACAC,cACAC,wBACAC,IAEAC,OACAC,aACAC,wBAEK;AACP,SAA8DC,mBAAmB;AAEjF,SAASC,oBAAoBC,wBAAwB;AACrD,SACEC,sCACAC,4BACAC,8BACAC,kCAEK;AAGP,SAASC,wBAA0F;AAKnG,SAASC,oBAAoB;AAC7B,SAASC,YAAYC,mBAAmB;AAGxC,SAASC,qBAAqB;AAEvB,SAASC,kBAAkBC,WAAqB;AACrD,MAAIC,MAAMC,QAAQF,UAAUG,iBAAiB,KAAKH,UAAUG,kBAAkBC,SAAS,GAAG;AACxF,WAAOJ,UAAUG,kBAAkB,CAAA;EACrC;AACA,SAAOE,iBAAiBC;AAC1B;AALgBP;AAOhB,SAASQ,8BAA8BC,oBAA4CC,SAAyB;AAC1G,SAAOD,mBAAmBE,6BACtBF,mBAAmBE,6BACnB,OAAOC,SAAAA;AACL,UAAMC,SAAS,MAAMH,QAAQI,MAAMC,mBAAmB;MACpDC,YAAYJ,KAAKI;MACjBC,qBAAqB;IACvB,CAAA;AACA,WAAO;MAAEC,UAAUL,OAAOA;IAAO;EACnC;AACN;AAVSL;AAYF,SAASW,2BAA2BT,SAAyB;AAClE,iBAAeU,gBAAgBC,SAAiBC,SAAkBC,UAAiB;AAEjF,UAAMV,SAAS,MAAMH,QAAQI,MAAMU,kBAAkB;MACnDC,QAAQ;QACN;UACEJ;UACA,GAAIE,YAAY;YAAEA;UAAS;UAC3B,GAAID,WAAW;YAAEA;UAAQ;QAC3B;WACII,YAAYL,OAAAA,IAAW;UAAC;YAAEM,IAAIN;UAAQ;YAAK,CAAA;;IAEnD,CAAA;AACA,QAAIR,UAAUA,OAAOR,SAAS,GAAG;AAC/B,aAAOQ,OAAO,CAAA,EAAGe;IACnB;AAEA,WAAOC,QAAQC,OAAOC,MAAM,mCAAmCV,OAAAA,EAAS,CAAA;EAC1E;AAjBeD;AAmBf,SAAOA;AACT;AArBgBD;AAuBT,SAASa,oCACdC,QACAvB,SAAyB;AAEzB,iBAAewB,iCACbtB,MACAuB,wBAA+C;AAE/C,QAAIC,iBAAiBC,eAAezB,IAAAA,GAAO;AACzC,YAAMC,UAAyC,MAAMH,QAAQI,MAAMwB,wBAAwB;QACzFC,cAAc3B;MAChB,CAAA;AAEA,aAAO;QAAEM,UAAU,CAAC,CAACL,QAAO2B;MAAQ;IACtC;AAEA,QAAIJ,iBAAiBK,uBAAuB7B,IAAAA,GAAO;AAEjD,UAAIF,QAAQI,MAAM4B,uBAAuBC,QAAW;AAClD,eAAOd,QAAQC,OAAO,gEAAA;MACxB;AACA,UAAIK,2BAA2BQ,UAAaR,2BAA2B,MAAM;AAC3E,cAAMS,eAAe,MAAMlC,QAAQI,MAAM4B,mBAAmB;UAC1DG,UAAUjC;UACVkC,yBAAyBX;QAC3B,CAAA;AACA,eAAO;UAAEjB,UAAU,CAAC0B,aAAaG;QAAM;MACzC;AACA,YAAMhB,MAAM,mEAAmE;IACjF;AAEA,UAAMlB,SAAS,MAAMH,QAAQI,MAAMkC,mBAAmB;MACpDT,cAAc3B;MACdK,qBAAqB;MACrBgC,SAAS,MAAMvC,QAAQI,MAAMoC,qBAAqBjB,MAAAA,GAASkB,KAAKC,MAAM,GAAA,EAAK,CAAA;IAC7E,CAAA;AACA,WAAO;MAAElC,UAAUL,OAAOK;IAAS;EACrC;AAjCegB;AAmCf,SAAOA;AACT;AAxCgBF;AA0ChB,eAAsBqB,gBAAgBzC,MAIrC;AACC,QAAM,EAAE0C,QAAQ5C,QAAO,IAAKE;AAC5B,QAAM,EAAE2C,eAAc,IAAKD;AAE3B,QAAME,aAAaD,eAAeE,uBAAwB,MAAMC,mBAAmBhD,OAAAA;AACnF,QAAMiD,eAAeL,OAAOK,gBAAgB,IAAIC,aAAAA;AAEhD,QAAMC,wBAA4C;;;IAGhDC,kCAAkC;MAACC,YAAYC;MAAOD,YAAYE;MAAOF,YAAYG;;IACrFC,wCAAwC;MAACJ,YAAYC;MAAOD,YAAYE;MAAOF,YAAYG;;IAC3FE,wBAAwB;MAACC,aAAaC;;IACtCC,aAAa;IACbC,oBAAoB;MAClBC,QAAQ;QAAEC,KAAK;UAAC;UAAS;;MAAU;MACnCC,QAAQ;QAAED,KAAK;UAAC;UAAU;;MAAS;IACrC;IACAE,iBAAiB;MAACC,MAAMC;;IACxBC,uBAAuB;MAACC,YAAYC;;IACpCC,gCAAgC1B,WAAW2B,IAAI,CAACC,WAAW,OAAOA,MAAAA,EAAQ;IAC1EC,QAAQC,OAAOC;EACjB;AAEA,QAAMC,WACJlC,OAAOC,eAAekC,aAAaD,YACnCE,iBAAiBhF,SAAS;IACxBiF,oBAAoB;IACpBC,iBAAiB;IACjBC,uBAAuBvC,OAAOC,eAAekC,aAAaK,gCAAgC;EAC5F,CAAA;AAEF,MAAIC,SAAiCzC,OAAO0C,gBAAgBD;AAC5D,MAAI,CAACzC,OAAO0C,gBAAgBD,UAAU,OAAOzC,OAAO0C,gBAAgBD,WAAW,YAAY;AACzFA,aAASE;EACX;AAEA,QAAMC,UAAUC,GAAGD,QAAQ;IAAEE,gBAAgBpG,kBAAkBsD,MAAAA;EAAQ,CAAA,EACpE+C,UAAU,UAAUC,eAAeC,cAAc,EACjDC,iBAAiBlD,OAAOmD,gBAAgBC,aAAaC,IAAI,EACzDC,iBAAiBvC,aAAawC,UAAUP,eAAeC,cAAc,EAErEO,sBAAsBxD,OAAOlD,qBAAqB;IAACE,iBAAiBC;IAAWD,iBAAiByG;GAAkB,EAElHC,iBAAiBrD,YAAAA,EACjBsD,mBAAmB3D,OAAO4D,kBAAkB,IAAIC,yBAAyBxD,YAAAA,CAAAA,EACzEyD,mBAAmB9D,OAAO+D,sBAAsBxD,uBAAuByC,eAAeC,cAAc,EACpGe,sBACChE,OAAOiE,oBACHjE,OAAOiE,oBACPC,qBACE;IACEhC;IACAiC,YAAY;MACV9G,4BAA4BH,8BAA8B8C,OAAOC,gBAAgB7C,OAAAA;MACjFgH,mBAAmB;IACrB;EACF,GACAhH,OAAAA,CAAAA,EAGPiH,oBAAoBxG,2BAA2BT,OAAAA,CAAAA,EAC/CkH,2BAA2BC,uBAAuBC,KAAK,EACvDC,6BAA6B/F,oCAAoCuB,eAAetB,QAAQvB,OAAAA,CAAAA;AAE3F,QAAMsH,WAAWzE,eAAeyE;AAChC,MAAIA,YAAYC,qCAAqCD,QAAAA,GAAW;AAC9D9B,YAAQgC,aAAaF,SAASG,YAAY7B,eAAeC,cAAc;EACzE,OAAO;AACL,UAAM6B,aAAa,MAAM1H,QAAQI,MAAMoC,qBAAqBK,eAAetB,MAAM;AACjF,UAAMoG,WACJ/E,OAAO+D,oBAAoBiB,aAC3BF,WAAWG,WACVC,6BAA6BJ,UAAAA,IAAcA,WAAWK,MAAML,WAAWM;AAC1E,UAAMC,mBAAmBC,eAAeP,QAAAA;AACxCnC,YAAQ2C,aAAaF,kBAAkBrC,eAAeC,cAAc;EACtE;AAEA,MAAIR,QAAQ;AACVG,YAAQ4C,WAAW/C,MAAAA;EACrB;AASA,MAAIzC,OAAOyF,qBAAqB;AAC9B7C,YAAQ8C,wBAAwB1F,OAAOyF,mBAAmB;EAC5D;AAgBA,QAAME,oBAAoBC,aAAa5F,OAAOC,eAAetB,QAAQvB,OAAAA;AACrEwF,UAAQiD,sBAAsBF,iBAAAA;AAC9B,SAAO/C;AACT;AAlHsB7C;AAoHf,SAAS6F,aACdjH,QACAvB,SAAyB;AAEzB,SAAO,OAAO0I,WAAsBC,KAAiDlG,QAAAA;AACnF,QAAI,EAAEmG,2BAA2BrH,MAAAA,KAAWsH,2BAA2BtH,MAAAA,IAAU;AAC/E,aAAOJ,QAAQC,OAAOC,MAAM,qBAAqBqH,UAAUhE,MAAM,oBAAoB,CAAA;IACvF;AACA,UAAMvE,SAA2B,MAAMH,QAAQI,MAAM0I,6BAA6B;;;MAGhFjB,QAAQ;QAAEJ,YAAYlG,OAAOkG;QAAYsB,WAAWxH,OAAOwH;QAAWC,sBAAsB;MAAM;;;MAGlGC,iBAAiBN,IAAIO;MACrBpH,SAAS6G,IAAI7G;IACf,CAAA;AACA,WAAO3B,OAAOwI;EAChB;AACF;AAnBgBH;AAqBhB,SAAS1B,qBACPqC,OAOAnJ,SAAyB;AAEzB,SAAO,OAAOoJ,cAAcT,QAAAA;AAC1B,UAAMxI,SAAS,MAAMH,QAAQI,MAAMiJ,sBAAsB;MAAEC,KAAKX,IAAIY;IAAI,CAAA;AACxEC,YAAQC,IAAItJ,OAAOuJ,OAAO;AAC1B,WAAO,CAACvJ,OAAOkC;EACjB;AACF;AAfSyE;AAqBF,SAAS6C,eAAeC,MAAc;AAC3C,UAAQA,MAAAA;IACN,KAAK;AACH,aAAOC,YAAYC;IACrB,KAAK;AACH,aAAOD,YAAYE;IACrB,KAAK;AACH,aAAOF,YAAYG;;IAErB,KAAK;AACH,aAAOH,YAAYI;IACrB;AACE,YAAMC,MAAM,4BAAA;EAChB;AACF;AAdgBP;AAgBT,SAASQ,eAAeC,UAAgB;AAE7C,MAAIA,SAASC,WAAW,MAAA,GAAS;AAC/B,WAAO,GAAGC,uBAAuBC,wBAAwB,IAAIH,QAAAA;EAC/D;AAEA,SAAOA;AACT;AAPgBD;;;ACzShB,SAASK,MAAMC,cAAc;AAE7B,SACEC,+BACAC,gCAAAA,+BACAC,oCACK;AAEA,IAAMC,aAAN,MAAMA;EATb,OASaA;;;EACHC;EACSC;EACAC;EAEjB,YAAmB,EAAEC,QAAQC,QAAO,GAA4D;AAC9F,SAAKF,aAAaC;AAClB,SAAKF,uBAAuBG;EAC9B;EAEA,MAAaC,IAAIC,SAAwC;AACvD,QAAI,CAAC,KAAKN,KAAK;AACb,YAAMO,UAAU,MAAMC,gBAAgB;QACpCL,QAAQ,KAAKD;QACbI;MACF,CAAA;AACA,WAAKN,MAAMO,QAAQE,MAAK;IAC1B;AACA,WAAO,KAAKT;EACd;EAEA,IAAIU,YAAY;AACd,WAAO,KAAKR;EACd;EAEA,IAAIS,sBAAsB;AACxB,WAAO,KAAKV;EACd;EAEA,MAAaW,8BAA8BC,YAAoCP,SAAyC;AACtH,UAAM,EAAEQ,eAAeC,SAASC,QAAQC,uBAAuBC,aAAaC,iBAAiBC,SAAQ,IAAKP;AAC1G,UAAMQ,QAAQR,WAAWQ,SAASC,OAAAA;AAClC,UAAMC,QAAQV,WAAWU,SAAST;AAClC,QAAIU;AACJ,UAAMC,SAAS,KAAKf,UAAUgB,eAAeD;AAC7C,UAAME,aAAa,MAAMC,8BAA8BH,QAAQnB,OAAAA;AAC/D,QAAIuB,8BAA6BF,UAAAA,GAAa;AAC5CH,kBAAY;QAAEM,QAAQH,WAAWI;QAAKC,QAAQ;QAAOC,KAAKC,eAAeP,WAAWQ,IAAIC,IAAI;MAAE;IAChG,WAAWC,6BAA6BV,UAAAA,GAAa;AACnD,UAAI,CAACA,WAAWW,QAAQ;AACtB,eAAOC,QAAQC,OAAO,0BAAA;MACxB;AACAhB,kBAAY;QACVc,QAAQX,WAAWW;QACnBG,KAAKd,WAAWc;QAChBT,QAAQ;QACRC,KAAKC,eAAeP,WAAWQ,IAAIC,IAAI;MACzC;IACF,OAAO;AACL,aAAOG,QAAQC,OAAOE,MAAM,qBAAqBf,WAAWK,MAAM,oBAAoB,CAAA;IACxF;AAEA,WAAO,MAAM,KAAK3B,IAAIC,OAAAA,EAASqC,KAAK,CAACC,OACnCA,GAAGhC,8BAA8B;MAC/BiC,SAASC,kBAAkB,KAAKpC,SAAS;MACzCI;MACAC;MACAM;MACAE;MACAP;MACAC;MACAC;MACAC;MACAK;MACAJ;IACF,CAAA,CAAA;EAEJ;EAEA,MAAa2B,2BACXlC,YACAP,SAC+B;AAC/B,UAAM,EAAEQ,eAAeE,QAAQC,uBAAuBC,aAAaC,gBAAe,IAAKN;AACvF,UAAMQ,QAAQR,WAAWQ,SAASC,OAAAA;AAClC,UAAMC,QAAQV,WAAWU,SAAST;AAClC,UAAMW,SAAS,KAAKf,UAAUgB,eAAeD;AAC7C,UAAME,aAAa,MAAMC,8BAA8BH,QAAQnB,OAAAA;AAE/D,QAAIkB;AACJ,QAAIa,6BAA6BV,UAAAA,KAAeA,WAAWW,QAAQ;AACjEd,kBAAY;QACVQ,QAAQL,WAAWK;QACnBC,KAAKC,eAAeP,WAAWQ,IAAIC,IAAI;QACvCK,KAAKd,WAAWc;QAChBH,QAAQX,WAAWW;MACrB;IACF,WAAWT,8BAA6BF,UAAAA,GAAa;AACnDH,kBAAY;QACVQ,QAAQL,WAAWK;QACnBC,KAAKC,eAAeP,WAAWQ,IAAIC,IAAI;QACvCN,QAAQH,WAAWqB;MACrB;IACF,OAAO;AACL,aAAOT,QAAQC,OAAOE,MAAM,qCAAA,CAAA;IAC9B;AAEA,WAAO,MAAM,KAAKrC,IAAIC,OAAAA,EAASqC,KAAK,CAACC,OACnCA,GAAGG,2BAA2B;MAC5BF,SAASC,kBAAkB,KAAKpC,SAAS;MACzCI;MACAO;MACAE;MACAP;MACAC;MACAE;MACAD;MACAM;IACF,CAAA,CAAA;EAEJ;AACF;;;AFxEO,IAAMyB,WAAN,MAAMA,UAAAA;EAlDb,OAkDaA;;;EACMC;EACjB,OAAwBC,oBAAoB;EAC3BC,YAAqC,oBAAIC,IAAAA;EACjDC,SAASA,sBAAOC;EAEhBC,UAAqB;IAC5BC,0BAA0B,KAAKC,8BAA8BC,KAAK,IAAI;IACtEC,+BAA+B,KAAKC,mCAAmCF,KAAK,IAAI;IAChFG,yBAAyB,KAAKC,oBAAoBJ,KAAK,IAAI;IAC3DK,0BAA0B,KAAKC,qBAAqBN,KAAK,IAAI;IAC7DO,4BAA4B,KAAKC,uBAAuBR,KAAK,IAAI;IACjES,qBAAqB,KAAKC,gBAAgBV,KAAK,IAAI;IACnDW,wBAAwB,KAAKA,uBAAuBX,KAAK,IAAI;IAC7DY,uBAAuB,KAAKA,sBAAsBZ,KAAK,IAAI;IAC3Da,oBAAoB,KAAKA,mBAAmBb,KAAK,IAAI;EACvD;EAEA,YAAYT,MAAqB;AAC/B,SAAKA,OAAOA;EACd;EAEOuB,eAAeC,eAA+BC,SAA2B;AAE9E,SAAKzB,KAAK0B,cAAcF;AAExB,QACE,CAAC,KAAKxB,KAAK0B,YAAYC,eAAeC,aAAaC,YACnD,OAAO,KAAK7B,KAAK0B,YAAYC,eAAeC,YAAYC,SAASC,YAAY,YAC7E;AACA,WAAK9B,KAAK0B,YAAYC,eAAeC,cAAc;QACjD,GAAG,KAAK5B,KAAK0B,YAAYC,eAAeC;QACxCC,UAAUE,kBAAiBN,SAAS;UAAEO,uBAAuB;UAAMC,oBAAoB;UAAMC,iBAAiB;QAAK,CAAA;MACrH;IACF;EACF;EAEA,MAAc1B,8BAA8B2B,YAAoCV,SAA4C;AAC1H,WAAO,MAAM,KAAKW,cAChB;MACEC,sBAAsB;MACtBC,qBAAqBH,WAAWG;MAChC,GAAIH,WAAWI,uBAAuB,QAAQ;QAAEC,SAASL,WAAWK;MAAQ;IAC9E,GACAf,OAAAA,EAECgB,KAAK,CAACC,OAAOA,GAAGlC,8BAA8B2B,YAAYV,OAAAA,CAAAA,EAC1DgB,KAAK,CAACE,QAAQA,IAAIC,UAAU;EACjC;EAEA,MAAcjC,mCACZwB,YACAV,SACwC;AACxC,WAAO,MAAM,KAAKW,cAAc;MAAEC,sBAAsB;MAAMG,SAASL,WAAWK;IAAQ,GAAGf,OAAAA,EAC1FgB,KAAK,CAACC,OAAOA,GAAGG,2BAA2BV,YAAYV,OAAAA,CAAAA,EACvDgB,KAAK,OAAOK,YAAAA;AACX,YAAMC,cAA6C;QACjDC,sBAAsBF,QAAQG;QAC9BC,eAAe,MAAMJ,QAAQK,iBAAgB;QAC7CC,sBAAsBN,QAAQI,eAAeG,WAAAA;MAC/C;AACA,aAAON;IACT,CAAA;EACJ;EAEA,MAAclC,oBAAoByC,MAAgC7B,SAA2E;AAC3I,WAAO,MAAM,KAAKW,cAAc;MAAEC,sBAAsB;MAAOG,SAASc,KAAKd;IAAQ,GAAGf,OAAAA,EAASgB,KAAK,CAACC,OACrGA,GAAGa,IAAI9B,OAAAA,EAASgB,KAAK,CAACC,QACpBA,IAAGc,eAAeC,+BAA+BH,KAAKI,eAAeJ,KAAKK,eAAe,CAAA,CAAA;EAG/F;EAEA,MAAc5C,qBACZuC,MACA7B,SACiE;AACjE,UAAMmC,aAAyB,MAAM,KAAKxB,cAAc;MAAEC,sBAAsB;MAAOG,SAASc,KAAKd;IAAQ,GAAGf,OAAAA;AAChH,UAAMoC,6BAAqE,MAAMD,WAC9EL,IAAI9B,OAAAA,EACJgB,KAAK,CAACC,OAAOA,GAAGc,eAAeM,gCAAgCR,KAAKI,eAAeJ,KAAKK,eAAe,CAAA;AAC1G,QAAIE,+BAA+BE,QAAW;AAC5C,aAAOA;IACT;AAEA,UAAMC,gBAAgBH;AACtB,QAAIG,cAAcC,WAAWC,iCAAiCC,UAAU;AACtE,UAAIC;AACJ,UACEC,kBAAiBC,eAAeN,cAAcO,SAAStB,QAAQuB,QAAQ,MACtE,CAACZ,WAAWa,UAAUC,gBAAgBN,UAAU,OAAOR,WAAWa,UAAUC,gBAAgBN,WAAW,aACxG;AACAA,iBAASO;MACX;AAGA,YAAMC,UAAUZ,cAAcO,SAAStB,QAAQuB,YAAYK,KAAKC,MAAMd,cAAcO,SAAStB,QAAQuB,QAAQ;AAC7G,YAAMO,SAAS,CAAA;AACf,iBAAW,CAACC,KAAKC,KAAAA,KAAUC,OAAOC,QAAQP,OAAAA,GAAU;AAElD,cAAMQ,sBAAsBf,kBAAiBgB;UAC3CJ;;UAEAb;QAAAA;AAEFkB,gBAAQC,IAAI,wBAAwBV,KAAKW,UAAUJ,mBAAAA,CAAAA,EAAsB;AAEzE,cAAMK,YAA8B,CAAC;AACrC,cAAMC,uBAAuB,KAAKC,yBAAyBP,mBAAAA;AAC3D,YAAI,0BAA0BM,sBAAsB;AAClD,qBAAWE,cAAcF,qBAAqBG,sBAAsB;AAClE,kBAAMC,KAAKF;AACX,kBAAMG,yBAAyB,MAAMtE,QAAQuE,MAAMC,eAAe;cAChEL;cACAxB;cACA8B,kBAAkBtC,WAAWa,UAAU0B,sBAAsBC;YAC/D,CAAA;AACA,gBAAI,CAACL,uBAAuBM,QAAQ;AAClCrC,4BAAcC,SAASC,iCAAiCoC;AACxDtC,4BAAcuC,QAAQ,IAAIC,MAAMT,uBAAuBQ,KAAK;AAC5D,qBAAOvC;YACT;AAEA,kBAAMyC,oBAAoBX,GAAGW;AAC7B,gBAAI,EAAE,QAAQhB,YAAY;AACxBA,wBAAU,IAAA,IAAQgB,kBAAkBC;YACtC;AAEAxB,mBAAOC,QAAQsB,iBAAAA,EAAmBE,QAAQ,CAAC,CAAC3B,MAAKC,MAAAA,MAAM;AACrD,kBAAI,EAAED,QAAOS,YAAY;AACvBA,0BAAUT,IAAAA,IAAOC;cACnB;YACF,CAAA;AAEAF,mBAAO6B,KAAK;cACVF,IAAI1B;cACJ6B,MAAMf,GAAGe,KAAK,CAAA;cACd9B,QAAQU;YACV,CAAA;UACF;QACF,OAAO;AACLV,iBAAO6B,KAAK;YACVF,IAAI1B;YACJ6B,MAAOzB,oBAAyD0B,eAAeC;YAC/EhC,QAAQW;UACV,CAAA;QACF;MACF;AAEA1B,oBAAcgD,eAAe;QAC3B,GAAIhD,cAAcO,SAAStB,QAAQuB,YAAY;UAC7CyC,wBAAwB;YACtBzC,UAAU,OAAOR,cAAcO,SAAStB,QAAQuB,aAAa,WACvDK,KAAKC,MAAMd,cAAcO,SAAStB,QAAQuB,QAAQ,IAClDR,cAAcO,SAAStB,QAAQuB;UACvC;QACF;QACA,GAAIO,OAAOmC,SAAS,KAAK;UAAEC,mBAAmBpC;QAAO;MACvD;IACF;AAEA,WAAOf;EACT;EAEQ2B,2BAA2B,wBACjCP,wBAAAA;AAOA,WAAOf,kBAAiB+C,yBAAyBhC,mBAAAA,IAC7CA,oBAAoB0B,iBACpBzC,kBAAiBgD,sBAAsBjC,mBAAAA;EAC7C,GAXmC;EAanC,MAAcnE,uBAAuBqC,MAA+B7B,SAA+D;AACjI,QAAI6B,KAAKgE,UAAU,iCAAiC;AAClD,YAAMd,MAAM,wFAAwF;IACtG;AACA,WAAO,MAAM,KAAKpE,cAAc;MAAEC,sBAAsB;MAAOG,SAASc,KAAKd;IAAQ,GAAGf,OAAAA,EAErFgB,KAAK,CAACC,OACLA,GAAGa,IAAI9B,OAAAA,EAASgB,KAAK,OAAOC,QAAAA;AAC1B,YAAMA,IAAG6E,2BAA2B;QAClC7D,eAAeJ,KAAKI;QACpB6C,OAAOjD,KAAKiD,QAAQ,IAAIC,MAAMlD,KAAKiD,KAAK,IAAIxC;MAC9C,CAAA;AACA,aAAQ,MAAMrB,IAAGc,eAAeC,+BAA+BH,KAAKI,eAAe,IAAA;IACrF,CAAA,CAAA;EAEN;EAEA,MAAcvC,gBAAgBmC,MAAiC7B,SAA6C;AAC1G,WAAO,MAAM,KAAKW,cAAc;MAAEC,sBAAsB;MAAOG,SAASc,KAAKd;IAAQ,GAAGf,OAAAA,EACrFgB,KAAK,CAACC,OAAOA,GAAGa,IAAI9B,OAAAA,EAASgB,KAAK,CAACC,QAAOA,IAAGc,eAAegE,4BAA4BlE,KAAKI,aAAa,CAAA,CAAA,EAC1GjB,KAAK,MAAM,IAAA;EAChB;EAEA,MAAcrB,uBAAuBkC,MAAoC7B,SAAmE;AAC1I,QAAI,CAAC6B,KAAKmE,uBAAuB;AAC/B,YAAMjB,MAAM,2CAAA;IACd;AACA,UAAMkB,eACJ,OAAOpE,KAAKmE,0BAA0B,WACjCE,gBAAgBrE,KAAKmE,qBAAqB,IAC3CnE,KAAKmE;AACX,WAAO,MAAM,KAAKrF,cAAc;MAAEC,sBAAsB;MAAOG,SAASc,KAAKd;IAAQ,GAAGf,OAAAA,EAASgB,KAAK,CAACC,OACrGA,GAAGa,IAAI9B,OAAAA,EAASgB,KAAK,CAACC,QACpBA,IAAGkF,4BAA4BF,cAAc;MAC3ChE,eAAeJ,KAAKI;MAClB,GAAIJ,KAAKuE,aAAa;QAAEA,WAAWvE,KAAKuE;MAAU;MAClDC,UAAUxE,KAAKwE;IACnB,CAAA,CAAA,CAAA;EAGN;EAEA,MAAczG,sBAAsBiC,MAA6B7B,SAA0C;AACzG,UAAM,EAAEsG,aAAaC,UAAUC,SAASC,mBAAkB,IAAK5E;AAC/D,UAAM6E,QAAQC,IACZL,YAAYM,IAAI,OAAOC,eAAAA;AACrBC,gBAAUC,SAASF,WAAWG,KAAK;AACnCnD,cAAQC,IAAI,8BAA8B+C,WAAW9F,OAAO,4BAA4B0F,kBAAAA,EAAoB;AAE5G,aAAOzG,QAAQuE,MAAM0C,qBAAqB;QACxCC,gBAAgB;UACdnG,SAAS8F,WAAW9F;UACpBwF;UACAC;UACAQ,OAAOH,WAAWG;QACpB;QACAzI,MAAM;UAAEkI;QAAuC;MACjD,CAAA;IACF,CAAA,CAAA;EAEJ;EAEA,MAAc5G,mBAAmBgC,MAA2B7B,SAAwD;AAClH,UAAMmH,aAAatF,KAAKd,WAAWzC,UAASE;AAC5C,QAAI,KAAKC,UAAU2I,IAAID,UAAAA,GAAa;AAClC,YAAMhF,aAAa,KAAK1D,UAAUqD,IAAIqF,UAAAA;AACtC,UAAIhF,eAAeG,QAAW;AAC5B,cAAMrB,KAAK,MAAMkB,WAAWL,IAAI9B,OAAAA;AAChC,eAAOiB,GAAGoG,uBAAuB;UAC/BC,gBAAgBzF,KAAKI;UACrBA,eAAeJ,KAAKI;UACpB,GAAIJ,KAAKgE,SAAS;YAAEA,OAAOhE,KAAKgE;UAAM;QACxC,CAAA;MACF;IACF;AACA,WAAOvD;EACT;EAEA,MAAM3B,cAAc,EAAEC,sBAAsBG,SAASF,oBAAmB,GAAyBb,SAAgD;AAC/I,QAAIuH,eAAuBjJ,UAASE;AACpC,QAAI2D;AACJ,QAAIpB,SAAS;AACX,UAAI,KAAKtC,UAAU2I,IAAIrG,OAAAA,GAAU;AAC/BwG,uBAAexG;AACfoB,qBAAa,KAAK1D,UAAUqD,IAAIyF,YAAAA;MAClC,WAAWC,aAAYzG,OAAAA,GAAU;AAC/B,YAAI;AAEF,gBAAM0G,KAAK,MAAMzH,QAAQuE,MAAMmD,iBAAiB;YAAEC,QAAQ5G;UAAQ,CAAA;AAClE,cAAI,KAAKtC,UAAU2I,IAAIK,GAAG1G,OAAO,GAAG;AAClCwG,2BAAeE,GAAG1G;AAClBoB,yBAAa,KAAK1D,UAAUqD,IAAIyF,YAAAA;UAClC;QACF,SAASK,QAAQ;QAAC;MACpB;AACA,UAAIhH,sBAAsB;AACxB2G,uBAAexG;MACjB,OAAO;AACLoB,qBAAa,KAAK1D,UAAUqD,IAAIyF,YAAAA;MAClC;IACF,OAAO;AACLpF,mBAAa,KAAK1D,UAAUqD,IAAIyF,YAAAA;IAClC;AAEA,QAAI,CAACpF,YAAY;AACf,UAAI,CAACvB,sBAAsB;AACzB,eAAO8F,QAAQmB,OAAO,gCAAgCN,YAAAA,EAAc;MACtE;AACA,YAAMO,eAAe,KAAKC,gBAAgBhH,OAAAA;AAC1C,YAAMiH,SAAS,MAAM,KAAKC,aAAajI,SAAS;QAAEe;QAASF;MAAyC,CAAA;AACpG,UAAI,CAACmH,OAAO9H,eAAeC,aAAaC,YAAY,OAAO4H,OAAO9H,eAAeC,YAAYC,SAASC,YAAY,YAAY;AAC5H,YAAI,CAAC2H,OAAO9H,gBAAgBC,aAAa;AACvC6H,iBAAO9H,iBAAiB;YAAE,GAAG8H,OAAO9H;UAAe;AACnD8H,iBAAO9H,eAAeC,cAAc;YAAE,GAAG6H,OAAO9H,eAAeC;UAAY;QAC7E;AACA0D,gBAAQC,IAAI,iEAAiE/C,OAAAA;AAC7EiH,eAAO9H,eAAeC,YAAYC,WAAWE,kBAAiBN,SAAS;UACrEO,uBAAuB;UACvBE,iBAAiB;UACjBD,oBAAoB;QACtB,CAAA;MACF;AACA2B,mBAAa,IAAI+F,WAAW;QAAEF;QAAQG,SAASL;MAAa,CAAA;AAC5D,WAAKrJ,UAAU2J,IAAIb,cAAcpF,UAAAA;IACnC;AACA,QAAItB,qBAAqB;AACvBsB,iBAAWa,UAAUqF,sBAAsBxH;IAC7C;AACA,WAAOsB;EACT;EAEA,MAAM8F,aAAajI,SAA2BzB,MAA+E;AAC3H,UAAM,EAAEwC,SAASF,oBAAwC,IAAKtC;AAC9D,UAAM+J,UAAU,KAAKP,gBAAgBhH,OAAAA,GAAUiH,UAAU,KAAKzJ,KAAK0B;AACnE,QAAI,CAACqI,SAAS;AACZ,YAAMvD,MAAM,6DAA6DhE,OAAAA,EAAS;IACpF;AACA,QAAI,KAAKxC,KAAK0B,aAAa;AACzB,UAAI,CAACqI,QAAQpI,gBAAgB;AAC3BoI,gBAAQpI,iBAAiB,KAAK3B,KAAK0B,aAAaC;MAClD,OAAO;AACL,YAAI,CAACoI,QAAQpI,eAAeqI,QAAQ;AAClCD,kBAAQpI,eAAeqI,SAAS,KAAKhK,KAAK0B,YAAYC,eAAeqI;QACvE;AACA,YAAI,CAACD,QAAQpI,eAAesI,qBAAqB;AAC/CF,kBAAQpI,eAAesI,sBAAsB,KAAKjK,KAAK0B,YAAYC,eAAesI;QACpF;AACA,YAAI,CAACF,QAAQG,mBAAmB;AAC9BH,kBAAQG,oBAAoB,KAAKlK,KAAK0B,YAAYwI;QACpD;MACF;AACA,UAAI,CAACH,QAAQpI,eAAeC,eAAe,OAAOmI,QAAQpI,eAAeC,YAAYC,UAAUC,YAAY,YAAY;AACrHiI,gBAAQpI,eAAeC,cAAc;UACnC,GAAG,KAAK5B,KAAK0B,YAAYC,eAAeC;UACxCC,UACE,KAAK7B,KAAK0B,YAAYC,gBAAgBC,aAAaC,YACnDE,kBAAiBN,SAAS;YAAES,iBAAiB;YAAMD,oBAAoB;YAAMD,uBAAuB;UAAK,CAAA;QAC7G;MACF;IACF;AACA,QAAIM,wBAAwByB,UAAazB,wBAAwByH,QAAQD,qBAAqB;AAC5FC,cAAQD,sBAAsBxH;IAChC;AACA,WAAOyH;EACT;EAEAP,gBAAgBhH,SAAmD;AACjE,QAAI,CAAC,KAAKxC,KAAKuJ,aAAc,QAAOxF;AAEpC,UAAMoG,cAAc3H,UAAU,KAAKxC,KAAKuJ,aAAaa,KAAK,CAACC,MAAMA,EAAE7H,YAAYA,OAAAA,IAAWuB;AAE1F,WAAOoG,eAAe,KAAKG,kBAAkB9H,OAAAA;EAC/C;EAEQ8H,kBAAkB9H,SAA6B;AACrD,QAAI,CAAC,KAAKxC,KAAKuJ,aAAc,QAAOxF;AAEpC,UAAMwG,iBAAiB,KAAKvK,KAAKuJ,aAAaa,KAAK,CAACC,MAAMA,EAAE7H,YAAY,SAAA;AACxE,QAAI+H,gBAAgB;AAClB,YAAMC,gBAAgB;QAAE,GAAGD;MAAe;AAC1C,UAAI/H,YAAYuB,QAAW;AACzByG,sBAAchI,UAAUA;MAC1B;AACA,aAAOgI;IACT;AAEA,WAAOzG;EACT;AACF;","names":["AuthorizationResponseStateStatus","decodeUriAsJson","getAgentResolver","shaHasher","defaultHasher","validate","isValidUUID","CredentialMapper","DcqlQuery","ClientIdentifierPrefix","InMemoryRPSessionManager","PassBy","PropertyTarget","ResponseMode","ResponseType","RevocationVerification","RP","Scope","SubjectType","SupportedVersion","SigningAlgo","getAgentDIDMethods","getAgentResolver","isExternalIdentifierOIDFEntityIdOpts","isManagedIdentifierDidOpts","isManagedIdentifierDidResult","isManagedIdentifierX5cOpts","CredentialMapper","EventEmitter","validate","isValidUUID","defaultHasher","getRequestVersion","rpOptions","Array","isArray","supportedVersions","length","SupportedVersion","OID4VP_v1","getWellKnownDIDVerifyCallback","siopIdentifierOpts","context","wellknownDIDVerifyCallback","args","result","agent","cvVerifyCredential","credential","fetchRemoteContexts","verified","getDcqlQueryLookupCallback","dcqlQueryLookup","queryId","version","tenantId","pdmGetDefinitions","filter","isValidUUID","id","query","Promise","reject","Error","getPresentationVerificationCallback","idOpts","presentationVerificationCallback","presentationSubmission","CredentialMapper","isSdJwtEncoded","verifySdJwtPresentation","presentation","payload","isMsoMdocOid4VPEncoded","mdocOid4vpRPVerify","undefined","verifyResult","vp_token","presentation_submission","error","verifyPresentation","domain","identifierManagedGet","kid","split","createRPBuilder","rpOpts","identifierOpts","didMethods","supportedDIDMethods","getAgentDIDMethods","eventEmitter","EventEmitter","defaultClientMetadata","idTokenSigningAlgValuesSupported","SigningAlgo","EDDSA","ES256","ES256K","requestObjectSigningAlgValuesSupported","responseTypesSupported","ResponseType","ID_TOKEN","client_name","vpFormatsSupported","jwt_vc","alg","jwt_vp","scopesSupported","Scope","OPENID_DIDAUTHN","subjectTypesSupported","SubjectType","PAIRWISE","subject_syntax_types_supported","map","method","passBy","PassBy","VALUE","resolver","resolveOpts","getAgentResolver","resolverResolution","localResolution","uniresolverResolution","noUniversalResolverFallback","hasher","credentialOpts","defaultHasher","builder","RP","requestVersion","withScope","PropertyTarget","REQUEST_OBJECT","withResponseMode","responseMode","ResponseMode","POST","withResponseType","VP_TOKEN","withSupportedVersions","SIOPv2_OID4VP_D28","withEventEmitter","withSessionManager","sessionManager","InMemoryRPSessionManager","withClientMetadata","clientMetadataOpts","withVerifyJwtCallback","verifyJwtCallback","getVerifyJwtCallback","verifyOpts","checkLinkedDomain","withDcqlQueryLookup","withRevocationVerification","RevocationVerification","NEVER","withPresentationVerification","oidfOpts","isExternalIdentifierOIDFEntityIdOpts","withEntityId","identifier","resolution","clientId","client_id","issuer","isManagedIdentifierDidResult","did","jwkThumbprint","clientIdPrefixed","prefixClientId","withClientId","withHasher","responseRedirectUri","withResponseRedirectUri","createJwtCallback","signCallback","withCreateJwtCallback","jwtIssuer","jwt","isManagedIdentifierDidOpts","isManagedIdentifierX5cOpts","jwtCreateJwsCompactSignature","kmsKeyRef","noIdentifierInHeader","protectedHeader","header","_opts","_jwtVerifier","jwtVerifyJwsSignature","jws","raw","console","log","message","getSigningAlgo","type","SigningAlgo","EDDSA","ES256K","ES256","RS256","Error","prefixClientId","clientId","startsWith","ClientIdentifierPrefix","DECENTRALIZED_IDENTIFIER","v4","uuidv4","ensureManagedIdentifierResult","isManagedIdentifierDidResult","isManagedIdentifierX5cResult","RPInstance","_rp","_presentationOptions","_rpOptions","rpOpts","pexOpts","get","context","builder","createRPBuilder","build","rpOptions","presentationOptions","createAuthorizationRequestURI","createArgs","correlationId","queryId","claims","requestByReferenceURI","responseURI","responseURIType","callback","nonce","uuidv4","state","jwtIssuer","idOpts","identifierOpts","resolution","ensureManagedIdentifierResult","isManagedIdentifierDidResult","didUrl","kid","method","alg","getSigningAlgo","key","type","isManagedIdentifierX5cResult","issuer","Promise","reject","x5c","Error","then","rp","version","getRequestVersion","createAuthorizationRequest","did","SIOPv2RP","opts","_DEFAULT_OPTS_KEY","instances","Map","schema","IDidAuthSiopOpAuthenticator","methods","siopCreateAuthRequestURI","createAuthorizationRequestURI","bind","siopCreateAuthRequestPayloads","createAuthorizationRequestPayloads","siopGetAuthRequestState","siopGetRequestState","siopGetAuthResponseState","siopGetResponseState","siopUpdateAuthRequestState","siopUpdateRequestState","siopDeleteAuthState","siopDeleteState","siopVerifyAuthResponse","siopImportDefinitions","siopGetRedirectURI","setDefaultOpts","rpDefaultOpts","context","defaultOpts","identifierOpts","resolveOpts","resolver","resolve","getAgentResolver","uniresolverResolution","resolverResolution","localResolution","createArgs","getRPInstance","createWhenNotPresent","responseRedirectURI","useQueryIdInstance","queryId","then","rp","URI","encodedUri","createAuthorizationRequest","request","authRequest","authorizationRequest","payload","requestObject","requestObjectJwt","requestObjectDecoded","getPayload","args","get","sessionManager","getRequestStateByCorrelationId","correlationId","errorOnNotFound","rpInstance","authorizationResponseState","getResponseStateByCorrelationId","undefined","responseState","status","AuthorizationResponseStateStatus","VERIFIED","hasher","CredentialMapper","isSdJwtEncoded","response","vp_token","rpOptions","credentialOpts","defaultHasher","vpToken","JSON","parse","claims","key","value","Object","entries","presentationDecoded","decodeVerifiablePresentation","console","log","stringify","allClaims","presentationOrClaims","presentationOrClaimsFrom","credential","verifiableCredential","vc","schemaValidationResult","agent","cvVerifySchema","validationPolicy","verificationPolicies","schemaValidation","result","ERROR","error","Error","credentialSubject","id","forEach","push","type","decodedPayload","vct","verifiedData","authorization_response","length","credential_claims","isSdJwtDecodedCredential","toUniformPresentation","state","signalAuthRequestRetrieved","deleteStateForCorrelationId","authorizationResponse","authResponse","decodeUriAsJson","verifyAuthorizationResponse","dcqlQuery","audience","importItems","tenantId","version","versionControlMode","Promise","all","map","importItem","DcqlQuery","validate","query","pdmPersistDefinition","definitionItem","instanceId","has","getResponseRedirectUri","correlation_id","rpInstanceId","isValidUUID","pd","pdmGetDefinition","itemId","ignore","reject","instanceOpts","getInstanceOpts","rpOpts","getRPOptions","RPInstance","pexOpts","set","responseRedirectUri","options","idOpts","supportedDIDMethods","supportedVersions","instanceOpt","find","i","getDefaultOptions","defaultOptions","clonedOptions"]}
1
+ {"version":3,"sources":["../plugin.schema.json","../src/agent/SIOPv2RP.ts","../src/functions.ts","../src/RPInstance.ts"],"sourcesContent":["{\n \"IDidAuthSiopOpAuthenticator\": {\n \"components\": {\n \"schemas\": {\n \"IGetSiopSessionArgs\": {\n \"type\": \"object\",\n \"properties\": {\n \"sessionId\": {\n \"type\": \"string\"\n },\n \"additionalProperties\": false\n },\n \"required\": [\"sessionId\"],\n \"description\": \"Arguments needed for {@link DidAuthSiopOpAuthenticator.getSessionForSiop } \"\n },\n \"IRegisterSiopSessionArgs\": {\n \"type\": \"object\",\n \"properties\": {\n \"identifier\": {\n \"type\": \"object\",\n \"properties\": {\n \"did\": {\n \"type\": \"string\"\n },\n \"alias\": {\n \"type\": \"string\"\n },\n \"provider\": {\n \"type\": \"string\"\n },\n \"controllerKeyId\": {\n \"type\": \"string\"\n },\n \"keys\": {\n \"type\": \"array\",\n \"items\": {\n \"type\": \"object\",\n \"properties\": {\n \"additionalProperties\": true\n }\n }\n },\n \"services\": {\n \"type\": \"array\",\n \"items\": {\n \"type\": \"object\",\n \"properties\": {\n \"additionalProperties\": true\n }\n }\n }\n },\n \"additionalProperties\": false,\n \"required\": [\"did\", \"provider\", \"keys\", \"services\"]\n },\n \"sessionId\": {\n \"type\": \"string\"\n },\n \"expiresIn\": {\n \"type\": \"number\"\n },\n \"additionalProperties\": false\n },\n \"required\": [\"identifier\"],\n \"description\": \"Arguments needed for {@link DidAuthSiopOpAuthenticator.registerSessionForSiop } \"\n },\n \"IRemoveSiopSessionArgs\": {\n \"type\": \"object\",\n \"properties\": {\n \"sessionId\": {\n \"type\": \"string\"\n },\n \"additionalProperties\": false\n },\n \"required\": [\"sessionId\"],\n \"description\": \"Arguments needed for {@link DidAuthSiopOpAuthenticator.removeSessionForSiop } \"\n },\n \"IAuthenticateWithSiopArgs\": {\n \"type\": \"object\",\n \"properties\": {\n \"sessionId\": {\n \"type\": \"string\"\n },\n \"stateId\": {\n \"type\": \"string\"\n },\n \"redirectUrl\": {\n \"type\": \"string\"\n },\n \"additionalProperties\": false\n },\n \"required\": [\"sessionId\", \"stateId\", \"redirectUrl\"],\n \"description\": \"Arguments needed for {@link DidAuthSiopOpAuthenticator.authenticateWithSiop } \"\n },\n \"IResponse\": {\n \"type\": \"object\",\n \"properties\": {\n \"status\": {\n \"type\": \"number\"\n },\n \"additionalProperties\": true\n },\n \"required\": [\"status\"],\n \"description\": \"Result of {@link DidAuthSiopOpAuthenticator.authenticateWithSiop & DidAuthSiopOpAuthenticator.sendSiopAuthenticationResponse } \"\n },\n \"IGetSiopAuthenticationRequestFromRpArgs\": {\n \"type\": \"object\",\n \"properties\": {\n \"sessionId\": {\n \"type\": \"string\"\n },\n \"stateId\": {\n \"type\": \"string\"\n },\n \"redirectUrl\": {\n \"type\": \"string\"\n },\n \"additionalProperties\": false\n },\n \"required\": [\"sessionId\", \"stateId\", \"redirectUrl\"],\n \"description\": \"Arguments needed for {@link DidAuthSiopOpAuthenticator.getSiopAuthenticationRequestFromRP } \"\n },\n \"ParsedAuthenticationRequestURI\": {\n \"type\": \"object\",\n \"properties\": {\n \"jwt\": {\n \"type\": \"string\"\n },\n \"requestPayload\": {\n \"type\": \"object\",\n \"properties\": {\n \"additionalProperties\": true\n }\n },\n \"registration\": {\n \"type\": \"object\",\n \"properties\": {\n \"additionalProperties\": true\n }\n },\n \"additionalProperties\": false\n },\n \"required\": [\"jwt\", \"requestPayload\", \"registration\"],\n \"description\": \"Result of {@link DidAuthSiopOpAuthenticator.getSiopAuthenticationRequestFromRP } \"\n },\n \"IGetSiopAuthenticationRequestDetailsArgs\": {\n \"type\": \"object\",\n \"properties\": {\n \"sessionId\": {\n \"type\": \"string\"\n },\n \"verifiedAuthenticationRequest\": {\n \"type\": \"object\",\n \"properties\": {\n \"additionalProperties\": true\n }\n },\n \"credentialFilter\": {\n \"type\": \"object\",\n \"properties\": {\n \"additionalProperties\": true\n }\n },\n \"additionalProperties\": false\n },\n \"required\": [\"sessionId\", \"verifiedAuthenticationRequest\"],\n \"description\": \"Arguments needed for {@link DidAuthSiopOpAuthenticator.getSiopAuthenticationRequestDetails } \"\n },\n \"IAuthRequestDetails\": {\n \"type\": \"object\",\n \"properties\": {\n \"id\": {\n \"type\": \"string\"\n },\n \"alsoKnownAs\": {\n \"type\": \"array\",\n \"items\": {\n \"type\": \"string\"\n }\n },\n \"vpResponseOpts\": {\n \"type\": \"object\",\n \"properties\": {\n \"additionalProperties\": true\n }\n },\n \"additionalProperties\": false\n },\n \"required\": [\"id\", \"vpResponseOpts\"],\n \"description\": \"Result of {@link DidAuthSiopOpAuthenticator.getSiopAuthenticationRequestDetails } \"\n },\n \"IVerifySiopAuthenticationRequestUriArgs\": {\n \"type\": \"object\",\n \"properties\": {\n \"sessionId\": {\n \"type\": \"string\"\n },\n \"ParsedAuthenticationRequestURI\": {\n \"type\": \"object\",\n \"properties\": {\n \"additionalProperties\": true\n }\n },\n \"additionalProperties\": false\n },\n \"required\": [\"sessionId\", \"ParsedAuthenticationRequestURI\"],\n \"description\": \"Arguments needed for {@link DidAuthSiopOpAuthenticator.verifySiopAuthenticationRequestURI } \"\n },\n \"VerifiedAuthorizationRequest\": {\n \"type\": \"object\",\n \"properties\": {\n \"payload\": {\n \"type\": \"object\",\n \"properties\": {\n \"additionalProperties\": true\n }\n },\n \"presentationDefinitions\": {\n \"type\": \"object\",\n \"properties\": {\n \"additionalProperties\": true\n }\n },\n \"verifyOpts\": {\n \"type\": \"object\",\n \"properties\": {\n \"additionalProperties\": true\n }\n },\n \"additionalProperties\": false\n },\n \"required\": [\"payload\", \"verifyOpts\"],\n \"description\": \"Result of {@link DidAuthSiopOpAuthenticator.verifySiopAuthenticationRequestURI } \"\n },\n \"ISendSiopAuthenticationResponseArgs\": {\n \"type\": \"object\",\n \"properties\": {\n \"sessionId\": {\n \"type\": \"string\"\n },\n \"verifiedAuthenticationRequest\": {\n \"type\": \"object\",\n \"properties\": {\n \"additionalProperties\": true\n }\n },\n \"verifiablePresentationResponse\": {\n \"type\": \"object\",\n \"properties\": {\n \"additionalProperties\": true\n }\n },\n \"additionalProperties\": false\n },\n \"required\": [\"sessionId\", \"verifiedAuthenticationRequest\"],\n \"description\": \"Arguments needed for {@link DidAuthSiopOpAuthenticator.sendSiopAuthenticationResponse } \"\n }\n },\n \"methods\": {\n \"getSessionForSiop\": {\n \"description\": \"Get SIOP session\",\n \"arguments\": {\n \"$ref\": \"#/components/schemas/IGetSiopSessionArgs\"\n },\n \"returnType\": \"object\"\n },\n \"registerSessionForSiop\": {\n \"description\": \"Register SIOP session\",\n \"arguments\": {\n \"$ref\": \"#/components/schemas/IRegisterSiopSessionArgs\"\n },\n \"returnType\": \"object\"\n },\n \"removeSessionForSiop\": {\n \"description\": \"Remove SIOP session\",\n \"arguments\": {\n \"$ref\": \"#/components/schemas/IRemoveSiopSessionArgs\"\n },\n \"returnType\": \"boolean\"\n },\n \"authenticateWithSiop\": {\n \"description\": \"Authenticate using DID Auth SIOP\",\n \"arguments\": {\n \"$ref\": \"#/components/schemas/IAuthenticateWithSiopArgs\"\n },\n \"returnType\": {\n \"$ref\": \"#/components/schemas/Response\"\n }\n },\n \"getSiopAuthenticationRequestFromRP\": {\n \"description\": \"Get authentication request from RP\",\n \"arguments\": {\n \"$ref\": \"#/components/schemas/IGetSiopAuthenticationRequestFromRpArgs\"\n },\n \"returnType\": {\n \"$ref\": \"#/components/schemas/ParsedAuthenticationRequestURI\"\n }\n },\n \"getSiopAuthenticationRequestDetails\": {\n \"description\": \"Get authentication request details\",\n \"arguments\": {\n \"$ref\": \"#/components/schemas/IGetSiopAuthenticationRequestDetailsArgs\"\n },\n \"returnType\": {\n \"$ref\": \"#/components/schemas/IAuthRequestDetails\"\n }\n },\n \"verifySiopAuthenticationRequestURI\": {\n \"description\": \"Verify authentication request URI\",\n \"arguments\": {\n \"$ref\": \"#/components/schemas/IVerifySiopAuthenticationRequestUriArgs\"\n },\n \"returnType\": {\n \"$ref\": \"#/components/schemas/VerifiedAuthorizationRequest\"\n }\n },\n \"sendSiopAuthenticationResponse\": {\n \"description\": \"Send authentication response\",\n \"arguments\": {\n \"$ref\": \"#/components/schemas/ISendSiopAuthenticationResponseArgs\"\n },\n \"returnType\": {\n \"$ref\": \"#/components/schemas/IRequiredContext\"\n }\n }\n }\n }\n }\n}\n","import {\n AuthorizationRequestState,\n AuthorizationResponsePayload,\n AuthorizationResponseState,\n AuthorizationResponseStateStatus,\n AuthorizationResponseStateWithVerifiedData,\n decodeUriAsJson,\n EncodedDcqlPresentationVpToken,\n VerifiedAuthorizationResponse,\n} from '@sphereon/did-auth-siop'\nimport { getAgentResolver } from '@sphereon/ssi-sdk-ext.did-utils'\nimport { shaHasher as defaultHasher } from '@sphereon/ssi-sdk.core'\nimport { validate as isValidUUID } from 'uuid'\nimport type { ImportDcqlQueryItem } from '@sphereon/ssi-sdk.pd-manager'\nimport {\n AdditionalClaims,\n CredentialMapper,\n HasherSync,\n ICredentialSubject,\n IPresentation,\n IVerifiableCredential,\n IVerifiablePresentation,\n JwtDecodedVerifiablePresentation,\n MdocDeviceResponse,\n MdocOid4vpMdocVpToken,\n OriginalVerifiablePresentation,\n SdJwtDecodedVerifiableCredential,\n} from '@sphereon/ssi-types'\nimport { IAgentPlugin } from '@veramo/core'\nimport { DcqlQuery } from 'dcql'\nimport {\n IAuthorizationRequestPayloads,\n ICreateAuthRequestArgs,\n IGetAuthRequestStateArgs,\n IGetAuthResponseStateArgs,\n IGetRedirectUriArgs,\n ImportDefinitionsArgs,\n IPEXInstanceOptions,\n IRequiredContext,\n IRPDefaultOpts,\n IRPOptions,\n ISiopRPInstanceArgs,\n ISiopv2RPOpts,\n IUpdateRequestStateArgs,\n IVerifyAuthResponseStateArgs,\n schema,\n} from '../index'\nimport { RPInstance } from '../RPInstance'\nimport { ISIOPv2RP } from '../types/ISIOPv2RP'\n\nexport class SIOPv2RP implements IAgentPlugin {\n private readonly opts: ISiopv2RPOpts\n private static readonly _DEFAULT_OPTS_KEY = '_default'\n private readonly instances: Map<string, RPInstance> = new Map()\n readonly schema = schema.IDidAuthSiopOpAuthenticator\n\n readonly methods: ISIOPv2RP = {\n siopCreateAuthRequestURI: this.createAuthorizationRequestURI.bind(this),\n siopCreateAuthRequestPayloads: this.createAuthorizationRequestPayloads.bind(this),\n siopGetAuthRequestState: this.siopGetRequestState.bind(this),\n siopGetAuthResponseState: this.siopGetResponseState.bind(this),\n siopUpdateAuthRequestState: this.siopUpdateRequestState.bind(this),\n siopDeleteAuthState: this.siopDeleteState.bind(this),\n siopVerifyAuthResponse: this.siopVerifyAuthResponse.bind(this),\n siopImportDefinitions: this.siopImportDefinitions.bind(this),\n siopGetRedirectURI: this.siopGetRedirectURI.bind(this),\n }\n\n constructor(opts: ISiopv2RPOpts) {\n this.opts = opts\n }\n\n public setDefaultOpts(rpDefaultOpts: IRPDefaultOpts, context: IRequiredContext) {\n // We allow setting default options later, because in some cases you might want to query the agent for defaults. This cannot happen when the agent is being build (this is when the constructor is being called)\n this.opts.defaultOpts = rpDefaultOpts\n // We however do require the agent to be responsible for resolution, otherwise people might encounter strange errors, that are very hard to track down\n if (\n !this.opts.defaultOpts.identifierOpts.resolveOpts?.resolver ||\n typeof this.opts.defaultOpts.identifierOpts.resolveOpts.resolver.resolve !== 'function'\n ) {\n this.opts.defaultOpts.identifierOpts.resolveOpts = {\n ...this.opts.defaultOpts.identifierOpts.resolveOpts,\n resolver: getAgentResolver(context, { uniresolverResolution: true, resolverResolution: true, localResolution: true }),\n }\n }\n }\n\n private async createAuthorizationRequestURI(createArgs: ICreateAuthRequestArgs, context: IRequiredContext): Promise<string> {\n return await this.getRPInstance(\n {\n createWhenNotPresent: true,\n responseRedirectURI: createArgs.responseRedirectURI,\n ...(createArgs.useQueryIdInstance === true && { queryId: createArgs.queryId }),\n },\n context,\n )\n .then((rp) => rp.createAuthorizationRequestURI(createArgs, context))\n .then((URI) => URI.encodedUri)\n }\n\n private async createAuthorizationRequestPayloads(\n createArgs: ICreateAuthRequestArgs,\n context: IRequiredContext,\n ): Promise<IAuthorizationRequestPayloads> {\n return await this.getRPInstance({ createWhenNotPresent: true, queryId: createArgs.queryId }, context)\n .then((rp) => rp.createAuthorizationRequest(createArgs, context))\n .then(async (request) => {\n const authRequest: IAuthorizationRequestPayloads = {\n authorizationRequest: request.payload,\n requestObject: await request.requestObjectJwt(),\n requestObjectDecoded: request.requestObject?.getPayload(),\n }\n return authRequest\n })\n }\n\n private async siopGetRequestState(args: IGetAuthRequestStateArgs, context: IRequiredContext): Promise<AuthorizationRequestState | undefined> {\n return await this.getRPInstance({ createWhenNotPresent: false, queryId: args.queryId }, context).then((rp) =>\n rp.get(context).then((rp) => rp.sessionManager.getRequestStateByCorrelationId(args.correlationId, args.errorOnNotFound)),\n )\n }\n\n private async siopGetResponseState(\n args: IGetAuthResponseStateArgs,\n context: IRequiredContext,\n ): Promise<AuthorizationResponseStateWithVerifiedData | undefined> {\n const rpInstance: RPInstance = await this.getRPInstance({ createWhenNotPresent: false, queryId: args.queryId }, context)\n const authorizationResponseState: AuthorizationResponseState | undefined = await rpInstance\n .get(context)\n .then((rp) => rp.sessionManager.getResponseStateByCorrelationId(args.correlationId, args.errorOnNotFound))\n if (authorizationResponseState === undefined) {\n return undefined\n }\n\n const responseState = authorizationResponseState as AuthorizationResponseStateWithVerifiedData\n if (responseState.status === AuthorizationResponseStateStatus.VERIFIED) {\n let hasher: HasherSync | undefined\n if (\n CredentialMapper.isSdJwtEncoded(responseState.response.payload.vp_token as OriginalVerifiablePresentation) &&\n (!rpInstance.rpOptions.credentialOpts?.hasher || typeof rpInstance.rpOptions.credentialOpts?.hasher !== 'function')\n ) {\n hasher = defaultHasher\n }\n\n // FIXME SSISDK-64 currently assuming that all vp tokens are or type EncodedDcqlPresentationVpToken as we only work with DCQL now. But the types still indicate it can be another type of vp token\n const vpToken = responseState.response.payload.vp_token && JSON.parse(responseState.response.payload.vp_token as EncodedDcqlPresentationVpToken)\n const claims = []\n for (const [credentialQueryId, presentationValue] of Object.entries(vpToken)) {\n let singleVP: OriginalVerifiablePresentation\n if (Array.isArray(presentationValue)) {\n if (presentationValue.length === 0) {\n throw Error(`DCQL query '${credentialQueryId}' has empty array of presentations`)\n }\n if (presentationValue.length > 1) {\n throw Error(`DCQL query '${credentialQueryId}' has multiple presentations (${presentationValue.length}), but only one is supported atm`)\n }\n singleVP = presentationValue[0] as OriginalVerifiablePresentation\n } else {\n singleVP = presentationValue as OriginalVerifiablePresentation\n }\n\n // todo this should also include mdl-mdoc\n const presentationDecoded = CredentialMapper.decodeVerifiablePresentation(\n singleVP as OriginalVerifiablePresentation,\n //todo: later we want to conditionally pass in options for mdl-mdoc here\n hasher,\n )\n console.log(`presentationDecoded: ${JSON.stringify(presentationDecoded)}`)\n\n const allClaims: AdditionalClaims = {}\n const presentationOrClaims = this.presentationOrClaimsFrom(presentationDecoded)\n if ('verifiableCredential' in presentationOrClaims) {\n for (const credential of presentationOrClaims.verifiableCredential) {\n const vc = credential as IVerifiableCredential\n const schemaValidationResult = await context.agent.cvVerifySchema({\n credential,\n hasher,\n validationPolicy: rpInstance.rpOptions.verificationPolicies?.schemaValidation,\n })\n if (!schemaValidationResult.result) {\n responseState.status = AuthorizationResponseStateStatus.ERROR\n responseState.error = new Error(schemaValidationResult.error)\n return responseState\n }\n\n const credentialSubject = vc.credentialSubject as ICredentialSubject & AdditionalClaims\n if (!('id' in allClaims)) {\n allClaims['id'] = credentialSubject.id\n }\n\n Object.entries(credentialSubject).forEach(([key, value]) => {\n if (!(key in allClaims)) {\n allClaims[key] = value\n }\n })\n\n claims.push({\n id: credentialQueryId,\n type: vc.type[0],\n claims: allClaims,\n })\n }\n } else {\n claims.push({\n id: credentialQueryId,\n type: (presentationDecoded as SdJwtDecodedVerifiableCredential).decodedPayload.vct,\n claims: presentationOrClaims,\n })\n }\n }\n\n responseState.verifiedData = {\n ...(responseState.response.payload.vp_token && {\n authorization_response: {\n vp_token:\n typeof responseState.response.payload.vp_token === 'string'\n ? JSON.parse(responseState.response.payload.vp_token)\n : responseState.response.payload.vp_token,\n },\n }),\n ...(claims.length > 0 && { credential_claims: claims }),\n }\n }\n\n return responseState\n }\n\n private presentationOrClaimsFrom = (\n presentationDecoded:\n | JwtDecodedVerifiablePresentation\n | IVerifiablePresentation\n | SdJwtDecodedVerifiableCredential\n | MdocOid4vpMdocVpToken\n | MdocDeviceResponse,\n ): AdditionalClaims | IPresentation => {\n return CredentialMapper.isSdJwtDecodedCredential(presentationDecoded)\n ? presentationDecoded.decodedPayload\n : CredentialMapper.toUniformPresentation(presentationDecoded as OriginalVerifiablePresentation)\n }\n\n private async siopUpdateRequestState(args: IUpdateRequestStateArgs, context: IRequiredContext): Promise<AuthorizationRequestState> {\n if (args.state !== 'authorization_request_created') {\n throw Error(`Only 'authorization_request_created' status is supported for this method at this point`)\n }\n return await this.getRPInstance({ createWhenNotPresent: false, queryId: args.queryId }, context)\n // todo: In the SIOP library we need to update the signal method to be more like this method\n .then((rp) =>\n rp.get(context).then(async (rp) => {\n await rp.signalAuthRequestRetrieved({\n correlationId: args.correlationId,\n error: args.error ? new Error(args.error) : undefined,\n })\n return (await rp.sessionManager.getRequestStateByCorrelationId(args.correlationId, true)) as AuthorizationRequestState\n }),\n )\n }\n\n private async siopDeleteState(args: IGetAuthResponseStateArgs, context: IRequiredContext): Promise<boolean> {\n return await this.getRPInstance({ createWhenNotPresent: false, queryId: args.queryId }, context)\n .then((rp) => rp.get(context).then((rp) => rp.sessionManager.deleteStateForCorrelationId(args.correlationId)))\n .then(() => true)\n }\n\n private async siopVerifyAuthResponse(args: IVerifyAuthResponseStateArgs, context: IRequiredContext): Promise<VerifiedAuthorizationResponse> {\n if (!args.authorizationResponse) {\n throw Error('No SIOPv2 Authorization Response received')\n }\n const authResponse =\n typeof args.authorizationResponse === 'string'\n ? (decodeUriAsJson(args.authorizationResponse) as AuthorizationResponsePayload)\n : args.authorizationResponse\n return await this.getRPInstance({ createWhenNotPresent: false, queryId: args.queryId }, context).then((rp) =>\n rp.get(context).then((rp) =>\n rp.verifyAuthorizationResponse(authResponse, {\n correlationId: args.correlationId,\n ...(args.dcqlQuery && { dcqlQuery: args.dcqlQuery }),\n audience: args.audience,\n }),\n ),\n )\n }\n\n private async siopImportDefinitions(args: ImportDefinitionsArgs, context: IRequiredContext): Promise<void> {\n const { importItems, tenantId, version, versionControlMode } = args\n await Promise.all(\n importItems.map(async (importItem: ImportDcqlQueryItem) => {\n DcqlQuery.validate(importItem.query)\n console.log(`persisting DCQL definition ${importItem.queryId} with versionControlMode ${versionControlMode}`)\n\n return context.agent.pdmPersistDefinition({\n definitionItem: {\n queryId: importItem.queryId!,\n tenantId: tenantId,\n version: version,\n query: importItem.query,\n },\n opts: { versionControlMode: versionControlMode },\n })\n }),\n )\n }\n\n private async siopGetRedirectURI(args: IGetRedirectUriArgs, context: IRequiredContext): Promise<string | undefined> {\n const instanceId = args.queryId ?? SIOPv2RP._DEFAULT_OPTS_KEY\n if (this.instances.has(instanceId)) {\n const rpInstance = this.instances.get(instanceId)\n if (rpInstance !== undefined) {\n const rp = await rpInstance.get(context)\n return await rp.getResponseRedirectUri({\n correlation_id: args.correlationId,\n correlationId: args.correlationId,\n ...(args.state && { state: args.state }),\n })\n }\n }\n return undefined\n }\n\n async getRPInstance({ createWhenNotPresent, queryId, responseRedirectURI }: ISiopRPInstanceArgs, context: IRequiredContext): Promise<RPInstance> {\n let rpInstanceId: string = SIOPv2RP._DEFAULT_OPTS_KEY\n let rpInstance: RPInstance | undefined\n if (queryId) {\n if (this.instances.has(queryId)) {\n rpInstanceId = queryId\n rpInstance = this.instances.get(rpInstanceId)!\n } else if (isValidUUID(queryId)) {\n try {\n // Check whether queryId is actually the PD item id\n const pd = await context.agent.pdmGetDefinition({ itemId: queryId })\n if (this.instances.has(pd.queryId)) {\n rpInstanceId = pd.queryId\n rpInstance = this.instances.get(rpInstanceId)!\n }\n } catch (ignore) {}\n }\n if (createWhenNotPresent) {\n rpInstanceId = queryId\n } else {\n rpInstance = this.instances.get(rpInstanceId)\n }\n } else {\n rpInstance = this.instances.get(rpInstanceId)\n }\n\n if (!rpInstance) {\n if (!createWhenNotPresent) {\n return Promise.reject(`No RP instance found for key ${rpInstanceId}`)\n }\n const instanceOpts = this.getInstanceOpts(queryId)\n const rpOpts = await this.getRPOptions(context, { queryId, responseRedirectURI: responseRedirectURI })\n if (!rpOpts.identifierOpts.resolveOpts?.resolver || typeof rpOpts.identifierOpts.resolveOpts.resolver.resolve !== 'function') {\n if (!rpOpts.identifierOpts?.resolveOpts) {\n rpOpts.identifierOpts = { ...rpOpts.identifierOpts }\n rpOpts.identifierOpts.resolveOpts = { ...rpOpts.identifierOpts.resolveOpts }\n }\n console.log('Using agent DID resolver for RP instance with definition id ' + queryId)\n rpOpts.identifierOpts.resolveOpts.resolver = getAgentResolver(context, {\n uniresolverResolution: true,\n localResolution: true,\n resolverResolution: true,\n })\n }\n rpInstance = new RPInstance({ rpOpts, pexOpts: instanceOpts })\n this.instances.set(rpInstanceId, rpInstance)\n }\n if (responseRedirectURI) {\n rpInstance.rpOptions.responseRedirectUri = responseRedirectURI\n }\n return rpInstance\n }\n\n async getRPOptions(context: IRequiredContext, opts: { queryId?: string; responseRedirectURI?: string }): Promise<IRPOptions> {\n const { queryId, responseRedirectURI: responseRedirectURI } = opts\n const options = this.getInstanceOpts(queryId)?.rpOpts ?? this.opts.defaultOpts\n if (!options) {\n throw Error(`Could not get specific nor default options for definition ${queryId}`)\n }\n if (this.opts.defaultOpts) {\n if (!options.identifierOpts) {\n options.identifierOpts = this.opts.defaultOpts?.identifierOpts\n } else {\n if (!options.identifierOpts.idOpts) {\n options.identifierOpts.idOpts = this.opts.defaultOpts.identifierOpts.idOpts\n }\n if (!options.identifierOpts.supportedDIDMethods) {\n options.identifierOpts.supportedDIDMethods = this.opts.defaultOpts.identifierOpts.supportedDIDMethods\n }\n if (!options.supportedVersions) {\n options.supportedVersions = this.opts.defaultOpts.supportedVersions\n }\n }\n if (!options.identifierOpts.resolveOpts || typeof options.identifierOpts.resolveOpts.resolver?.resolve !== 'function') {\n options.identifierOpts.resolveOpts = {\n ...this.opts.defaultOpts.identifierOpts.resolveOpts,\n resolver:\n this.opts.defaultOpts.identifierOpts?.resolveOpts?.resolver ??\n getAgentResolver(context, { localResolution: true, resolverResolution: true, uniresolverResolution: true }),\n }\n }\n }\n if (responseRedirectURI !== undefined && responseRedirectURI !== options.responseRedirectUri) {\n options.responseRedirectUri = responseRedirectURI\n }\n return options\n }\n\n getInstanceOpts(queryId?: string): IPEXInstanceOptions | undefined {\n if (!this.opts.instanceOpts) return undefined\n\n const instanceOpt = queryId ? this.opts.instanceOpts.find((i) => i.queryId === queryId) : undefined\n\n return instanceOpt ?? this.getDefaultOptions(queryId)\n }\n\n private getDefaultOptions(queryId: string | undefined) {\n if (!this.opts.instanceOpts) return undefined\n\n const defaultOptions = this.opts.instanceOpts.find((i) => i.queryId === 'default')\n if (defaultOptions) {\n const clonedOptions = { ...defaultOptions }\n if (queryId !== undefined) {\n clonedOptions.queryId = queryId\n }\n return clonedOptions\n }\n\n return undefined\n }\n}\n","import {\n ClientIdentifierPrefix,\n ClientMetadataOpts,\n DcqlQueryLookupCallback,\n InMemoryRPSessionManager,\n PassBy,\n PresentationVerificationCallback,\n PresentationVerificationResult,\n PropertyTarget,\n ResponseMode,\n ResponseType,\n RevocationVerification,\n RP,\n RPBuilder,\n Scope,\n SubjectType,\n SupportedVersion,\n VerifyJwtCallback,\n} from '@sphereon/did-auth-siop'\nimport { CreateJwtCallback, JwtHeader, JwtIssuer, JwtPayload, SigningAlgo } from '@sphereon/oid4vc-common'\nimport { IPresentationDefinition } from '@sphereon/pex'\nimport { getAgentDIDMethods, getAgentResolver } from '@sphereon/ssi-sdk-ext.did-utils'\nimport {\n isExternalIdentifierOIDFEntityIdOpts,\n isManagedIdentifierDidOpts,\n isManagedIdentifierDidResult,\n isManagedIdentifierX5cOpts,\n ManagedIdentifierOptsOrResult,\n} from '@sphereon/ssi-sdk-ext.identifier-resolution'\nimport { JwtCompactResult } from '@sphereon/ssi-sdk-ext.jwt-service'\nimport { IVerifySdJwtPresentationResult } from '@sphereon/ssi-sdk.sd-jwt'\nimport { CredentialMapper, HasherSync, OriginalVerifiableCredential, PresentationSubmission } from '@sphereon/ssi-types'\nimport { IVerifyCallbackArgs, IVerifyCredentialResult, VerifyCallback } from '@sphereon/wellknown-dids-client'\nimport { TKeyType } from '@veramo/core'\nimport { JWTVerifyOptions } from 'did-jwt'\nimport { Resolvable } from 'did-resolver'\nimport { EventEmitter } from 'events'\nimport { validate as isValidUUID } from 'uuid'\nimport { IRequiredContext, IRPOptions, ISIOPIdentifierOptions } from './types/ISIOPv2RP'\nimport { DcqlQuery } from 'dcql'\nimport { defaultHasher } from '@sphereon/ssi-sdk.core'\n\nexport function getRequestVersion(rpOptions: IRPOptions): SupportedVersion {\n if (Array.isArray(rpOptions.supportedVersions) && rpOptions.supportedVersions.length > 0) {\n return rpOptions.supportedVersions[0]\n }\n return SupportedVersion.OID4VP_v1\n}\n\nfunction getWellKnownDIDVerifyCallback(siopIdentifierOpts: ISIOPIdentifierOptions, context: IRequiredContext) {\n return siopIdentifierOpts.wellknownDIDVerifyCallback\n ? siopIdentifierOpts.wellknownDIDVerifyCallback\n : async (args: IVerifyCallbackArgs): Promise<IVerifyCredentialResult> => {\n const result = await context.agent.cvVerifyCredential({\n credential: args.credential as OriginalVerifiableCredential,\n fetchRemoteContexts: true,\n })\n return { verified: result.result }\n }\n}\n\nexport function getDcqlQueryLookupCallback(context: IRequiredContext): DcqlQueryLookupCallback {\n async function dcqlQueryLookup(queryId: string, version?: string, tenantId?: string): Promise<DcqlQuery> {\n // TODO Add caching?\n const result = await context.agent.pdmGetDefinitions({\n filter: [\n {\n queryId,\n ...(tenantId && { tenantId }),\n ...(version && { version }),\n },\n ...(isValidUUID(queryId) ? [{ id: queryId }] : []),\n ],\n })\n if (result && result.length > 0) {\n return result[0].query\n }\n\n return Promise.reject(Error(`No dcql query found for queryId ${queryId}`))\n }\n\n return dcqlQueryLookup\n}\n\nexport function getPresentationVerificationCallback(\n idOpts: ManagedIdentifierOptsOrResult,\n context: IRequiredContext,\n): PresentationVerificationCallback {\n async function presentationVerificationCallback(\n args: any, // FIXME any\n presentationSubmission?: PresentationSubmission,\n ): Promise<PresentationVerificationResult> {\n if (CredentialMapper.isSdJwtEncoded(args)) {\n const result: IVerifySdJwtPresentationResult = await context.agent.verifySdJwtPresentation({\n presentation: args,\n })\n // fixme: investigate the correct way to handle this\n return { verified: !!result.payload }\n }\n\n if (CredentialMapper.isMsoMdocOid4VPEncoded(args)) {\n // TODO Funke reevaluate\n if (context.agent.mdocOid4vpRPVerify === undefined) {\n return Promise.reject('ImDLMdoc agent plugin must be enabled to support MsoMdoc types')\n }\n if (presentationSubmission !== undefined && presentationSubmission !== null) {\n const verifyResult = await context.agent.mdocOid4vpRPVerify({\n vp_token: args,\n presentation_submission: presentationSubmission,\n })\n return { verified: !verifyResult.error }\n }\n throw Error(`mdocOid4vpRPVerify(...) method requires a presentation submission`)\n }\n\n const result = await context.agent.verifyPresentation({\n presentation: args,\n fetchRemoteContexts: true,\n domain: (await context.agent.identifierManagedGet(idOpts)).kid?.split('#')[0],\n })\n return { verified: result.verified }\n }\n\n return presentationVerificationCallback\n}\n\nexport async function createRPBuilder(args: {\n rpOpts: IRPOptions\n definition?: IPresentationDefinition\n context: IRequiredContext\n}): Promise<RPBuilder> {\n const { rpOpts, context } = args\n const { identifierOpts } = rpOpts\n\n const didMethods = identifierOpts.supportedDIDMethods ?? (await getAgentDIDMethods(context))\n const eventEmitter = rpOpts.eventEmitter ?? new EventEmitter()\n\n const defaultClientMetadata: ClientMetadataOpts = {\n // FIXME: All of the below should be configurable. Some should come from builder, some should be determined by the agent.\n // For now it is either preconfigured or everything passed in as a single object\n idTokenSigningAlgValuesSupported: [SigningAlgo.EDDSA, SigningAlgo.ES256, SigningAlgo.ES256K], // added newly\n requestObjectSigningAlgValuesSupported: [SigningAlgo.EDDSA, SigningAlgo.ES256, SigningAlgo.ES256K], // added newly\n responseTypesSupported: [ResponseType.ID_TOKEN], // added newly\n client_name: 'Sphereon',\n vpFormatsSupported: {\n jwt_vc: { alg: ['EdDSA', 'ES256K'] },\n jwt_vp: { alg: ['ES256K', 'EdDSA'] },\n },\n scopesSupported: [Scope.OPENID_DIDAUTHN],\n subjectTypesSupported: [SubjectType.PAIRWISE],\n subject_syntax_types_supported: didMethods.map((method) => `did:${method}`),\n passBy: PassBy.VALUE,\n }\n\n const resolver =\n rpOpts.identifierOpts.resolveOpts?.resolver ??\n getAgentResolver(context, {\n resolverResolution: true,\n localResolution: true,\n uniresolverResolution: rpOpts.identifierOpts.resolveOpts?.noUniversalResolverFallback !== true,\n })\n //todo: probably wise to first look and see if we actually need the hasher to begin with\n let hasher: HasherSync | undefined = rpOpts.credentialOpts?.hasher\n if (!rpOpts.credentialOpts?.hasher || typeof rpOpts.credentialOpts?.hasher !== 'function') {\n hasher = defaultHasher\n }\n\n const builder = RP.builder({ requestVersion: getRequestVersion(rpOpts) })\n .withScope('openid', PropertyTarget.REQUEST_OBJECT)\n .withResponseMode(rpOpts.responseMode ?? ResponseMode.POST)\n .withResponseType(ResponseType.VP_TOKEN, PropertyTarget.REQUEST_OBJECT)\n // todo: move to options fill/correct method\n .withSupportedVersions(rpOpts.supportedVersions ?? [SupportedVersion.OID4VP_v1, SupportedVersion.SIOPv2_OID4VP_D28])\n\n .withEventEmitter(eventEmitter)\n .withSessionManager(rpOpts.sessionManager ?? new InMemoryRPSessionManager(eventEmitter))\n .withClientMetadata(rpOpts.clientMetadataOpts ?? defaultClientMetadata, PropertyTarget.REQUEST_OBJECT)\n .withVerifyJwtCallback(\n rpOpts.verifyJwtCallback\n ? rpOpts.verifyJwtCallback\n : getVerifyJwtCallback(\n {\n resolver,\n verifyOpts: {\n wellknownDIDVerifyCallback: getWellKnownDIDVerifyCallback(rpOpts.identifierOpts, context),\n checkLinkedDomain: 'if_present',\n },\n },\n context,\n ),\n )\n .withDcqlQueryLookup(getDcqlQueryLookupCallback(context))\n .withRevocationVerification(RevocationVerification.NEVER)\n .withPresentationVerification(getPresentationVerificationCallback(identifierOpts.idOpts, context))\n\n const oidfOpts = identifierOpts.oidfOpts\n if (oidfOpts && isExternalIdentifierOIDFEntityIdOpts(oidfOpts)) {\n builder.withEntityId(oidfOpts.identifier, PropertyTarget.REQUEST_OBJECT)\n } else {\n const resolution = await context.agent.identifierManagedGet(identifierOpts.idOpts)\n const clientId: string =\n rpOpts.clientMetadataOpts?.client_id ??\n resolution.issuer ??\n (isManagedIdentifierDidResult(resolution) ? resolution.did : resolution.jwkThumbprint)\n const clientIdPrefixed = prefixClientId(clientId)\n builder.withClientId(clientIdPrefixed, PropertyTarget.REQUEST_OBJECT)\n }\n\n if (hasher) {\n builder.withHasher(hasher)\n }\n //fixme: this has been removed in the new version of did-auth-siop\n /*if (!rpOpts.clientMetadataOpts?.subjectTypesSupported) {\n // Do not update in case it is already provided via client metadata opts\n didMethods.forEach((method) => builder.addDidMethod(method))\n }*/\n //fixme: this has been removed in the new version of did-auth-siop\n // builder.withWellknownDIDVerifyCallback(getWellKnownDIDVerifyCallback(didOpts, context))\n\n if (rpOpts.responseRedirectUri) {\n builder.withResponseRedirectUri(rpOpts.responseRedirectUri)\n }\n\n //const key = resolution.key\n //fixme: this has been removed in the new version of did-auth-siop\n //builder.withSuppliedSignature(SuppliedSigner(key, context, getSigningAlgo(key.type) as unknown as KeyAlgo), did, kid, getSigningAlgo(key.type))\n\n /*if (isManagedIdentifierDidResult(resolution)) {\n //fixme: only accepts dids in version used. New SIOP lib also accepts other types\n builder.withSuppliedSignature(\n SuppliedSigner(key, context, getSigningAlgo(key.type) as unknown as KeyAlgo),\n resolution.did,\n resolution.kid,\n getSigningAlgo(key.type),\n )\n }*/\n //fixme: signcallback and it's return type are not totally compatible with our CreateJwtCallbackBase\n const createJwtCallback = signCallback(rpOpts.identifierOpts.idOpts, context)\n builder.withCreateJwtCallback(createJwtCallback satisfies CreateJwtCallback<any>)\n return builder\n}\n\nexport function signCallback(\n idOpts: ManagedIdentifierOptsOrResult,\n context: IRequiredContext,\n): (jwtIssuer: JwtIssuer, jwt: { header: JwtHeader; payload: JwtPayload }, kid?: string) => Promise<string> {\n return async (jwtIssuer: JwtIssuer, jwt: { header: JwtHeader; payload: JwtPayload }, kid?: string) => {\n if (!(isManagedIdentifierDidOpts(idOpts) || isManagedIdentifierX5cOpts(idOpts))) {\n return Promise.reject(Error(`JWT issuer method ${jwtIssuer.method} not yet supported`))\n }\n const result: JwtCompactResult = await context.agent.jwtCreateJwsCompactSignature({\n // FIXME fix cose-key inference\n // @ts-ignore\n issuer: { identifier: idOpts.identifier, kmsKeyRef: idOpts.kmsKeyRef, noIdentifierInHeader: false },\n // FIXME fix JWK key_ops\n // @ts-ignore\n protectedHeader: jwt.header,\n payload: jwt.payload,\n })\n return result.jwt\n }\n}\n\nfunction getVerifyJwtCallback(\n _opts: {\n resolver?: Resolvable\n verifyOpts?: JWTVerifyOptions & {\n checkLinkedDomain: 'never' | 'if_present' | 'always'\n wellknownDIDVerifyCallback?: VerifyCallback\n }\n },\n context: IRequiredContext,\n): VerifyJwtCallback {\n return async (_jwtVerifier, jwt) => {\n const result = await context.agent.jwtVerifyJwsSignature({ jws: jwt.raw })\n console.log(result.message)\n return !result.error\n }\n}\n\nexport async function createRP({ rpOptions, context }: { rpOptions: IRPOptions; context: IRequiredContext }): Promise<RP> {\n return (await createRPBuilder({ rpOpts: rpOptions, context })).build()\n}\n\nexport function getSigningAlgo(type: TKeyType): SigningAlgo {\n switch (type) {\n case 'Ed25519':\n return SigningAlgo.EDDSA\n case 'Secp256k1':\n return SigningAlgo.ES256K\n case 'Secp256r1':\n return SigningAlgo.ES256\n // @ts-ignore\n case 'RSA':\n return SigningAlgo.RS256\n default:\n throw Error('Key type not yet supported')\n }\n}\n\nexport function prefixClientId(clientId: string): string {\n // FIXME SSISDK-60\n if (clientId.startsWith('did:')) {\n return `${ClientIdentifierPrefix.DECENTRALIZED_IDENTIFIER}:${clientId}`\n }\n\n return clientId\n}\n","import { AuthorizationRequest, RP, URI } from '@sphereon/did-auth-siop'\nimport { ICreateAuthRequestArgs, IPresentationOptions, IRequiredContext, IRPOptions } from './types/ISIOPv2RP'\nimport { createRPBuilder, getRequestVersion, getSigningAlgo } from './functions'\nimport { v4 as uuidv4 } from 'uuid'\nimport { JwtIssuer } from '@sphereon/oid4vc-common'\nimport {\n ensureManagedIdentifierResult,\n isManagedIdentifierDidResult,\n isManagedIdentifierX5cResult,\n} from '@sphereon/ssi-sdk-ext.identifier-resolution'\n\nexport class RPInstance {\n private _rp: RP | undefined\n private readonly _presentationOptions: IPresentationOptions | undefined\n private readonly _rpOptions: IRPOptions\n\n public constructor({ rpOpts, pexOpts }: { rpOpts: IRPOptions; pexOpts?: IPresentationOptions }) {\n this._rpOptions = rpOpts\n this._presentationOptions = pexOpts\n }\n\n public async get(context: IRequiredContext): Promise<RP> {\n if (!this._rp) {\n const builder = await createRPBuilder({\n rpOpts: this._rpOptions,\n context,\n })\n this._rp = builder.build()\n }\n return this._rp!\n }\n\n get rpOptions() {\n return this._rpOptions\n }\n\n get presentationOptions() {\n return this._presentationOptions\n }\n\n public async createAuthorizationRequestURI(createArgs: ICreateAuthRequestArgs, context: IRequiredContext): Promise<URI> {\n const { correlationId, queryId, claims, requestByReferenceURI, responseURI, responseURIType, callback, responseRedirectURI } = createArgs\n const nonce = createArgs.nonce ?? uuidv4()\n const state = createArgs.state ?? correlationId\n let jwtIssuer: JwtIssuer\n const idOpts = this.rpOptions.identifierOpts.idOpts\n const resolution = await ensureManagedIdentifierResult(idOpts, context)\n if (isManagedIdentifierDidResult(resolution)) {\n jwtIssuer = { didUrl: resolution.kid, method: 'did', alg: getSigningAlgo(resolution.key.type) }\n } else if (isManagedIdentifierX5cResult(resolution)) {\n if (!resolution.issuer) {\n return Promise.reject('missing issuer in idOpts')\n }\n jwtIssuer = {\n issuer: resolution.issuer,\n x5c: resolution.x5c,\n method: 'x5c',\n alg: getSigningAlgo(resolution.key.type),\n }\n } else {\n return Promise.reject(Error(`JWT issuer method ${resolution.method} not yet supported`))\n }\n\n return await this.get(context).then((rp) =>\n rp.createAuthorizationRequestURI({\n version: getRequestVersion(this.rpOptions),\n correlationId,\n queryId,\n nonce,\n state,\n claims,\n requestByReferenceURI,\n responseURI,\n responseURIType,\n jwtIssuer,\n callback,\n responseRedirectURI,\n }),\n )\n }\n\n public async createAuthorizationRequest(\n createArgs: Omit<ICreateAuthRequestArgs, 'queryId'>,\n context: IRequiredContext,\n ): Promise<AuthorizationRequest> {\n const { correlationId, claims, requestByReferenceURI, responseURI, responseURIType, responseRedirectURI } = createArgs\n const nonce = createArgs.nonce ?? uuidv4()\n const state = createArgs.state ?? correlationId\n const idOpts = this.rpOptions.identifierOpts.idOpts\n const resolution = await ensureManagedIdentifierResult(idOpts, context)\n\n let jwtIssuer: JwtIssuer\n if (isManagedIdentifierX5cResult(resolution) && resolution.issuer) {\n jwtIssuer = {\n method: resolution.method,\n alg: getSigningAlgo(resolution.key.type),\n x5c: resolution.x5c,\n issuer: resolution.issuer,\n }\n } else if (isManagedIdentifierDidResult(resolution)) {\n jwtIssuer = {\n method: resolution.method,\n alg: getSigningAlgo(resolution.key.type),\n didUrl: resolution.did,\n }\n } else {\n return Promise.reject(Error('Only did & x5c supported at present'))\n }\n\n return await this.get(context).then((rp) =>\n rp.createAuthorizationRequest({\n version: getRequestVersion(this.rpOptions),\n correlationId,\n nonce,\n state,\n claims,\n requestByReferenceURI,\n responseURIType,\n responseURI,\n jwtIssuer,\n responseRedirectURI,\n }),\n )\n }\n}\n"],"mappings":";;;;AAAA;AAAA,EACE,6BAA+B;AAAA,IAC7B,YAAc;AAAA,MACZ,SAAW;AAAA,QACT,qBAAuB;AAAA,UACrB,MAAQ;AAAA,UACR,YAAc;AAAA,YACZ,WAAa;AAAA,cACX,MAAQ;AAAA,YACV;AAAA,YACA,sBAAwB;AAAA,UAC1B;AAAA,UACA,UAAY,CAAC,WAAW;AAAA,UACxB,aAAe;AAAA,QACjB;AAAA,QACA,0BAA4B;AAAA,UAC1B,MAAQ;AAAA,UACR,YAAc;AAAA,YACZ,YAAc;AAAA,cACZ,MAAQ;AAAA,cACR,YAAc;AAAA,gBACZ,KAAO;AAAA,kBACL,MAAQ;AAAA,gBACV;AAAA,gBACA,OAAS;AAAA,kBACP,MAAQ;AAAA,gBACV;AAAA,gBACA,UAAY;AAAA,kBACV,MAAQ;AAAA,gBACV;AAAA,gBACA,iBAAmB;AAAA,kBACjB,MAAQ;AAAA,gBACV;AAAA,gBACA,MAAQ;AAAA,kBACN,MAAQ;AAAA,kBACR,OAAS;AAAA,oBACP,MAAQ;AAAA,oBACR,YAAc;AAAA,sBACZ,sBAAwB;AAAA,oBAC1B;AAAA,kBACF;AAAA,gBACF;AAAA,gBACA,UAAY;AAAA,kBACV,MAAQ;AAAA,kBACR,OAAS;AAAA,oBACP,MAAQ;AAAA,oBACR,YAAc;AAAA,sBACZ,sBAAwB;AAAA,oBAC1B;AAAA,kBACF;AAAA,gBACF;AAAA,cACF;AAAA,cACA,sBAAwB;AAAA,cACxB,UAAY,CAAC,OAAO,YAAY,QAAQ,UAAU;AAAA,YACpD;AAAA,YACA,WAAa;AAAA,cACX,MAAQ;AAAA,YACV;AAAA,YACA,WAAa;AAAA,cACX,MAAQ;AAAA,YACV;AAAA,YACA,sBAAwB;AAAA,UAC1B;AAAA,UACA,UAAY,CAAC,YAAY;AAAA,UACzB,aAAe;AAAA,QACjB;AAAA,QACA,wBAA0B;AAAA,UACxB,MAAQ;AAAA,UACR,YAAc;AAAA,YACZ,WAAa;AAAA,cACX,MAAQ;AAAA,YACV;AAAA,YACA,sBAAwB;AAAA,UAC1B;AAAA,UACA,UAAY,CAAC,WAAW;AAAA,UACxB,aAAe;AAAA,QACjB;AAAA,QACA,2BAA6B;AAAA,UAC3B,MAAQ;AAAA,UACR,YAAc;AAAA,YACZ,WAAa;AAAA,cACX,MAAQ;AAAA,YACV;AAAA,YACA,SAAW;AAAA,cACT,MAAQ;AAAA,YACV;AAAA,YACA,aAAe;AAAA,cACb,MAAQ;AAAA,YACV;AAAA,YACA,sBAAwB;AAAA,UAC1B;AAAA,UACA,UAAY,CAAC,aAAa,WAAW,aAAa;AAAA,UAClD,aAAe;AAAA,QACjB;AAAA,QACA,WAAa;AAAA,UACX,MAAQ;AAAA,UACR,YAAc;AAAA,YACZ,QAAU;AAAA,cACR,MAAQ;AAAA,YACV;AAAA,YACA,sBAAwB;AAAA,UAC1B;AAAA,UACA,UAAY,CAAC,QAAQ;AAAA,UACrB,aAAe;AAAA,QACjB;AAAA,QACA,yCAA2C;AAAA,UACzC,MAAQ;AAAA,UACR,YAAc;AAAA,YACZ,WAAa;AAAA,cACX,MAAQ;AAAA,YACV;AAAA,YACA,SAAW;AAAA,cACT,MAAQ;AAAA,YACV;AAAA,YACA,aAAe;AAAA,cACb,MAAQ;AAAA,YACV;AAAA,YACA,sBAAwB;AAAA,UAC1B;AAAA,UACA,UAAY,CAAC,aAAa,WAAW,aAAa;AAAA,UAClD,aAAe;AAAA,QACjB;AAAA,QACA,gCAAkC;AAAA,UAChC,MAAQ;AAAA,UACR,YAAc;AAAA,YACZ,KAAO;AAAA,cACL,MAAQ;AAAA,YACV;AAAA,YACA,gBAAkB;AAAA,cAChB,MAAQ;AAAA,cACR,YAAc;AAAA,gBACZ,sBAAwB;AAAA,cAC1B;AAAA,YACF;AAAA,YACA,cAAgB;AAAA,cACd,MAAQ;AAAA,cACR,YAAc;AAAA,gBACZ,sBAAwB;AAAA,cAC1B;AAAA,YACF;AAAA,YACA,sBAAwB;AAAA,UAC1B;AAAA,UACA,UAAY,CAAC,OAAO,kBAAkB,cAAc;AAAA,UACpD,aAAe;AAAA,QACjB;AAAA,QACA,0CAA4C;AAAA,UAC1C,MAAQ;AAAA,UACR,YAAc;AAAA,YACZ,WAAa;AAAA,cACX,MAAQ;AAAA,YACV;AAAA,YACA,+BAAiC;AAAA,cAC/B,MAAQ;AAAA,cACR,YAAc;AAAA,gBACZ,sBAAwB;AAAA,cAC1B;AAAA,YACF;AAAA,YACA,kBAAoB;AAAA,cAClB,MAAQ;AAAA,cACR,YAAc;AAAA,gBACZ,sBAAwB;AAAA,cAC1B;AAAA,YACF;AAAA,YACA,sBAAwB;AAAA,UAC1B;AAAA,UACA,UAAY,CAAC,aAAa,+BAA+B;AAAA,UACzD,aAAe;AAAA,QACjB;AAAA,QACA,qBAAuB;AAAA,UACrB,MAAQ;AAAA,UACR,YAAc;AAAA,YACZ,IAAM;AAAA,cACJ,MAAQ;AAAA,YACV;AAAA,YACA,aAAe;AAAA,cACb,MAAQ;AAAA,cACR,OAAS;AAAA,gBACP,MAAQ;AAAA,cACV;AAAA,YACF;AAAA,YACA,gBAAkB;AAAA,cAChB,MAAQ;AAAA,cACR,YAAc;AAAA,gBACZ,sBAAwB;AAAA,cAC1B;AAAA,YACF;AAAA,YACA,sBAAwB;AAAA,UAC1B;AAAA,UACA,UAAY,CAAC,MAAM,gBAAgB;AAAA,UACnC,aAAe;AAAA,QACjB;AAAA,QACA,yCAA2C;AAAA,UACzC,MAAQ;AAAA,UACR,YAAc;AAAA,YACZ,WAAa;AAAA,cACX,MAAQ;AAAA,YACV;AAAA,YACA,gCAAkC;AAAA,cAChC,MAAQ;AAAA,cACR,YAAc;AAAA,gBACZ,sBAAwB;AAAA,cAC1B;AAAA,YACF;AAAA,YACA,sBAAwB;AAAA,UAC1B;AAAA,UACA,UAAY,CAAC,aAAa,gCAAgC;AAAA,UAC1D,aAAe;AAAA,QACjB;AAAA,QACA,8BAAgC;AAAA,UAC9B,MAAQ;AAAA,UACR,YAAc;AAAA,YACZ,SAAW;AAAA,cACT,MAAQ;AAAA,cACR,YAAc;AAAA,gBACZ,sBAAwB;AAAA,cAC1B;AAAA,YACF;AAAA,YACA,yBAA2B;AAAA,cACzB,MAAQ;AAAA,cACR,YAAc;AAAA,gBACZ,sBAAwB;AAAA,cAC1B;AAAA,YACF;AAAA,YACA,YAAc;AAAA,cACZ,MAAQ;AAAA,cACR,YAAc;AAAA,gBACZ,sBAAwB;AAAA,cAC1B;AAAA,YACF;AAAA,YACA,sBAAwB;AAAA,UAC1B;AAAA,UACA,UAAY,CAAC,WAAW,YAAY;AAAA,UACpC,aAAe;AAAA,QACjB;AAAA,QACA,qCAAuC;AAAA,UACrC,MAAQ;AAAA,UACR,YAAc;AAAA,YACZ,WAAa;AAAA,cACX,MAAQ;AAAA,YACV;AAAA,YACA,+BAAiC;AAAA,cAC/B,MAAQ;AAAA,cACR,YAAc;AAAA,gBACZ,sBAAwB;AAAA,cAC1B;AAAA,YACF;AAAA,YACA,gCAAkC;AAAA,cAChC,MAAQ;AAAA,cACR,YAAc;AAAA,gBACZ,sBAAwB;AAAA,cAC1B;AAAA,YACF;AAAA,YACA,sBAAwB;AAAA,UAC1B;AAAA,UACA,UAAY,CAAC,aAAa,+BAA+B;AAAA,UACzD,aAAe;AAAA,QACjB;AAAA,MACF;AAAA,MACA,SAAW;AAAA,QACT,mBAAqB;AAAA,UACnB,aAAe;AAAA,UACf,WAAa;AAAA,YACX,MAAQ;AAAA,UACV;AAAA,UACA,YAAc;AAAA,QAChB;AAAA,QACA,wBAA0B;AAAA,UACxB,aAAe;AAAA,UACf,WAAa;AAAA,YACX,MAAQ;AAAA,UACV;AAAA,UACA,YAAc;AAAA,QAChB;AAAA,QACA,sBAAwB;AAAA,UACtB,aAAe;AAAA,UACf,WAAa;AAAA,YACX,MAAQ;AAAA,UACV;AAAA,UACA,YAAc;AAAA,QAChB;AAAA,QACA,sBAAwB;AAAA,UACtB,aAAe;AAAA,UACf,WAAa;AAAA,YACX,MAAQ;AAAA,UACV;AAAA,UACA,YAAc;AAAA,YACZ,MAAQ;AAAA,UACV;AAAA,QACF;AAAA,QACA,oCAAsC;AAAA,UACpC,aAAe;AAAA,UACf,WAAa;AAAA,YACX,MAAQ;AAAA,UACV;AAAA,UACA,YAAc;AAAA,YACZ,MAAQ;AAAA,UACV;AAAA,QACF;AAAA,QACA,qCAAuC;AAAA,UACrC,aAAe;AAAA,UACf,WAAa;AAAA,YACX,MAAQ;AAAA,UACV;AAAA,UACA,YAAc;AAAA,YACZ,MAAQ;AAAA,UACV;AAAA,QACF;AAAA,QACA,oCAAsC;AAAA,UACpC,aAAe;AAAA,UACf,WAAa;AAAA,YACX,MAAQ;AAAA,UACV;AAAA,UACA,YAAc;AAAA,YACZ,MAAQ;AAAA,UACV;AAAA,QACF;AAAA,QACA,gCAAkC;AAAA,UAChC,aAAe;AAAA,UACf,WAAa;AAAA,YACX,MAAQ;AAAA,UACV;AAAA,UACA,YAAc;AAAA,YACZ,MAAQ;AAAA,UACV;AAAA,QACF;AAAA,MACF;AAAA,IACF;AAAA,EACF;AACF;;;ACxUA,SAIEA,kCAEAC,uBAGK;AACP,SAASC,oBAAAA,yBAAwB;AACjC,SAASC,aAAaC,sBAAqB;AAC3C,SAASC,YAAYC,oBAAmB;AAExC,SAEEC,oBAAAA,yBAWK;AAEP,SAASC,iBAAiB;;;AC7B1B,SACEC,wBAGAC,0BACAC,QAGAC,gBACAC,cACAC,cACAC,wBACAC,IAEAC,OACAC,aACAC,wBAEK;AACP,SAA8DC,mBAAmB;AAEjF,SAASC,oBAAoBC,wBAAwB;AACrD,SACEC,sCACAC,4BACAC,8BACAC,kCAEK;AAGP,SAASC,wBAA0F;AAKnG,SAASC,oBAAoB;AAC7B,SAASC,YAAYC,mBAAmB;AAGxC,SAASC,qBAAqB;AAEvB,SAASC,kBAAkBC,WAAqB;AACrD,MAAIC,MAAMC,QAAQF,UAAUG,iBAAiB,KAAKH,UAAUG,kBAAkBC,SAAS,GAAG;AACxF,WAAOJ,UAAUG,kBAAkB,CAAA;EACrC;AACA,SAAOE,iBAAiBC;AAC1B;AALgBP;AAOhB,SAASQ,8BAA8BC,oBAA4CC,SAAyB;AAC1G,SAAOD,mBAAmBE,6BACtBF,mBAAmBE,6BACnB,OAAOC,SAAAA;AACL,UAAMC,SAAS,MAAMH,QAAQI,MAAMC,mBAAmB;MACpDC,YAAYJ,KAAKI;MACjBC,qBAAqB;IACvB,CAAA;AACA,WAAO;MAAEC,UAAUL,OAAOA;IAAO;EACnC;AACN;AAVSL;AAYF,SAASW,2BAA2BT,SAAyB;AAClE,iBAAeU,gBAAgBC,SAAiBC,SAAkBC,UAAiB;AAEjF,UAAMV,SAAS,MAAMH,QAAQI,MAAMU,kBAAkB;MACnDC,QAAQ;QACN;UACEJ;UACA,GAAIE,YAAY;YAAEA;UAAS;UAC3B,GAAID,WAAW;YAAEA;UAAQ;QAC3B;WACII,YAAYL,OAAAA,IAAW;UAAC;YAAEM,IAAIN;UAAQ;YAAK,CAAA;;IAEnD,CAAA;AACA,QAAIR,UAAUA,OAAOR,SAAS,GAAG;AAC/B,aAAOQ,OAAO,CAAA,EAAGe;IACnB;AAEA,WAAOC,QAAQC,OAAOC,MAAM,mCAAmCV,OAAAA,EAAS,CAAA;EAC1E;AAjBeD;AAmBf,SAAOA;AACT;AArBgBD;AAuBT,SAASa,oCACdC,QACAvB,SAAyB;AAEzB,iBAAewB,iCACbtB,MACAuB,wBAA+C;AAE/C,QAAIC,iBAAiBC,eAAezB,IAAAA,GAAO;AACzC,YAAMC,UAAyC,MAAMH,QAAQI,MAAMwB,wBAAwB;QACzFC,cAAc3B;MAChB,CAAA;AAEA,aAAO;QAAEM,UAAU,CAAC,CAACL,QAAO2B;MAAQ;IACtC;AAEA,QAAIJ,iBAAiBK,uBAAuB7B,IAAAA,GAAO;AAEjD,UAAIF,QAAQI,MAAM4B,uBAAuBC,QAAW;AAClD,eAAOd,QAAQC,OAAO,gEAAA;MACxB;AACA,UAAIK,2BAA2BQ,UAAaR,2BAA2B,MAAM;AAC3E,cAAMS,eAAe,MAAMlC,QAAQI,MAAM4B,mBAAmB;UAC1DG,UAAUjC;UACVkC,yBAAyBX;QAC3B,CAAA;AACA,eAAO;UAAEjB,UAAU,CAAC0B,aAAaG;QAAM;MACzC;AACA,YAAMhB,MAAM,mEAAmE;IACjF;AAEA,UAAMlB,SAAS,MAAMH,QAAQI,MAAMkC,mBAAmB;MACpDT,cAAc3B;MACdK,qBAAqB;MACrBgC,SAAS,MAAMvC,QAAQI,MAAMoC,qBAAqBjB,MAAAA,GAASkB,KAAKC,MAAM,GAAA,EAAK,CAAA;IAC7E,CAAA;AACA,WAAO;MAAElC,UAAUL,OAAOK;IAAS;EACrC;AAjCegB;AAmCf,SAAOA;AACT;AAxCgBF;AA0ChB,eAAsBqB,gBAAgBzC,MAIrC;AACC,QAAM,EAAE0C,QAAQ5C,QAAO,IAAKE;AAC5B,QAAM,EAAE2C,eAAc,IAAKD;AAE3B,QAAME,aAAaD,eAAeE,uBAAwB,MAAMC,mBAAmBhD,OAAAA;AACnF,QAAMiD,eAAeL,OAAOK,gBAAgB,IAAIC,aAAAA;AAEhD,QAAMC,wBAA4C;;;IAGhDC,kCAAkC;MAACC,YAAYC;MAAOD,YAAYE;MAAOF,YAAYG;;IACrFC,wCAAwC;MAACJ,YAAYC;MAAOD,YAAYE;MAAOF,YAAYG;;IAC3FE,wBAAwB;MAACC,aAAaC;;IACtCC,aAAa;IACbC,oBAAoB;MAClBC,QAAQ;QAAEC,KAAK;UAAC;UAAS;;MAAU;MACnCC,QAAQ;QAAED,KAAK;UAAC;UAAU;;MAAS;IACrC;IACAE,iBAAiB;MAACC,MAAMC;;IACxBC,uBAAuB;MAACC,YAAYC;;IACpCC,gCAAgC1B,WAAW2B,IAAI,CAACC,WAAW,OAAOA,MAAAA,EAAQ;IAC1EC,QAAQC,OAAOC;EACjB;AAEA,QAAMC,WACJlC,OAAOC,eAAekC,aAAaD,YACnCE,iBAAiBhF,SAAS;IACxBiF,oBAAoB;IACpBC,iBAAiB;IACjBC,uBAAuBvC,OAAOC,eAAekC,aAAaK,gCAAgC;EAC5F,CAAA;AAEF,MAAIC,SAAiCzC,OAAO0C,gBAAgBD;AAC5D,MAAI,CAACzC,OAAO0C,gBAAgBD,UAAU,OAAOzC,OAAO0C,gBAAgBD,WAAW,YAAY;AACzFA,aAASE;EACX;AAEA,QAAMC,UAAUC,GAAGD,QAAQ;IAAEE,gBAAgBpG,kBAAkBsD,MAAAA;EAAQ,CAAA,EACpE+C,UAAU,UAAUC,eAAeC,cAAc,EACjDC,iBAAiBlD,OAAOmD,gBAAgBC,aAAaC,IAAI,EACzDC,iBAAiBvC,aAAawC,UAAUP,eAAeC,cAAc,EAErEO,sBAAsBxD,OAAOlD,qBAAqB;IAACE,iBAAiBC;IAAWD,iBAAiByG;GAAkB,EAElHC,iBAAiBrD,YAAAA,EACjBsD,mBAAmB3D,OAAO4D,kBAAkB,IAAIC,yBAAyBxD,YAAAA,CAAAA,EACzEyD,mBAAmB9D,OAAO+D,sBAAsBxD,uBAAuByC,eAAeC,cAAc,EACpGe,sBACChE,OAAOiE,oBACHjE,OAAOiE,oBACPC,qBACE;IACEhC;IACAiC,YAAY;MACV9G,4BAA4BH,8BAA8B8C,OAAOC,gBAAgB7C,OAAAA;MACjFgH,mBAAmB;IACrB;EACF,GACAhH,OAAAA,CAAAA,EAGPiH,oBAAoBxG,2BAA2BT,OAAAA,CAAAA,EAC/CkH,2BAA2BC,uBAAuBC,KAAK,EACvDC,6BAA6B/F,oCAAoCuB,eAAetB,QAAQvB,OAAAA,CAAAA;AAE3F,QAAMsH,WAAWzE,eAAeyE;AAChC,MAAIA,YAAYC,qCAAqCD,QAAAA,GAAW;AAC9D9B,YAAQgC,aAAaF,SAASG,YAAY7B,eAAeC,cAAc;EACzE,OAAO;AACL,UAAM6B,aAAa,MAAM1H,QAAQI,MAAMoC,qBAAqBK,eAAetB,MAAM;AACjF,UAAMoG,WACJ/E,OAAO+D,oBAAoBiB,aAC3BF,WAAWG,WACVC,6BAA6BJ,UAAAA,IAAcA,WAAWK,MAAML,WAAWM;AAC1E,UAAMC,mBAAmBC,eAAeP,QAAAA;AACxCnC,YAAQ2C,aAAaF,kBAAkBrC,eAAeC,cAAc;EACtE;AAEA,MAAIR,QAAQ;AACVG,YAAQ4C,WAAW/C,MAAAA;EACrB;AASA,MAAIzC,OAAOyF,qBAAqB;AAC9B7C,YAAQ8C,wBAAwB1F,OAAOyF,mBAAmB;EAC5D;AAgBA,QAAME,oBAAoBC,aAAa5F,OAAOC,eAAetB,QAAQvB,OAAAA;AACrEwF,UAAQiD,sBAAsBF,iBAAAA;AAC9B,SAAO/C;AACT;AAlHsB7C;AAoHf,SAAS6F,aACdjH,QACAvB,SAAyB;AAEzB,SAAO,OAAO0I,WAAsBC,KAAiDlG,QAAAA;AACnF,QAAI,EAAEmG,2BAA2BrH,MAAAA,KAAWsH,2BAA2BtH,MAAAA,IAAU;AAC/E,aAAOJ,QAAQC,OAAOC,MAAM,qBAAqBqH,UAAUhE,MAAM,oBAAoB,CAAA;IACvF;AACA,UAAMvE,SAA2B,MAAMH,QAAQI,MAAM0I,6BAA6B;;;MAGhFjB,QAAQ;QAAEJ,YAAYlG,OAAOkG;QAAYsB,WAAWxH,OAAOwH;QAAWC,sBAAsB;MAAM;;;MAGlGC,iBAAiBN,IAAIO;MACrBpH,SAAS6G,IAAI7G;IACf,CAAA;AACA,WAAO3B,OAAOwI;EAChB;AACF;AAnBgBH;AAqBhB,SAAS1B,qBACPqC,OAOAnJ,SAAyB;AAEzB,SAAO,OAAOoJ,cAAcT,QAAAA;AAC1B,UAAMxI,SAAS,MAAMH,QAAQI,MAAMiJ,sBAAsB;MAAEC,KAAKX,IAAIY;IAAI,CAAA;AACxEC,YAAQC,IAAItJ,OAAOuJ,OAAO;AAC1B,WAAO,CAACvJ,OAAOkC;EACjB;AACF;AAfSyE;AAqBF,SAAS6C,eAAeC,MAAc;AAC3C,UAAQA,MAAAA;IACN,KAAK;AACH,aAAOC,YAAYC;IACrB,KAAK;AACH,aAAOD,YAAYE;IACrB,KAAK;AACH,aAAOF,YAAYG;;IAErB,KAAK;AACH,aAAOH,YAAYI;IACrB;AACE,YAAMC,MAAM,4BAAA;EAChB;AACF;AAdgBP;AAgBT,SAASQ,eAAeC,UAAgB;AAE7C,MAAIA,SAASC,WAAW,MAAA,GAAS;AAC/B,WAAO,GAAGC,uBAAuBC,wBAAwB,IAAIH,QAAAA;EAC/D;AAEA,SAAOA;AACT;AAPgBD;;;ACzShB,SAASK,MAAMC,cAAc;AAE7B,SACEC,+BACAC,gCAAAA,+BACAC,oCACK;AAEA,IAAMC,aAAN,MAAMA;EATb,OASaA;;;EACHC;EACSC;EACAC;EAEjB,YAAmB,EAAEC,QAAQC,QAAO,GAA4D;AAC9F,SAAKF,aAAaC;AAClB,SAAKF,uBAAuBG;EAC9B;EAEA,MAAaC,IAAIC,SAAwC;AACvD,QAAI,CAAC,KAAKN,KAAK;AACb,YAAMO,UAAU,MAAMC,gBAAgB;QACpCL,QAAQ,KAAKD;QACbI;MACF,CAAA;AACA,WAAKN,MAAMO,QAAQE,MAAK;IAC1B;AACA,WAAO,KAAKT;EACd;EAEA,IAAIU,YAAY;AACd,WAAO,KAAKR;EACd;EAEA,IAAIS,sBAAsB;AACxB,WAAO,KAAKV;EACd;EAEA,MAAaW,8BAA8BC,YAAoCP,SAAyC;AACtH,UAAM,EAAEQ,eAAeC,SAASC,QAAQC,uBAAuBC,aAAaC,iBAAiBC,UAAUC,oBAAmB,IAAKR;AAC/H,UAAMS,QAAQT,WAAWS,SAASC,OAAAA;AAClC,UAAMC,QAAQX,WAAWW,SAASV;AAClC,QAAIW;AACJ,UAAMC,SAAS,KAAKhB,UAAUiB,eAAeD;AAC7C,UAAME,aAAa,MAAMC,8BAA8BH,QAAQpB,OAAAA;AAC/D,QAAIwB,8BAA6BF,UAAAA,GAAa;AAC5CH,kBAAY;QAAEM,QAAQH,WAAWI;QAAKC,QAAQ;QAAOC,KAAKC,eAAeP,WAAWQ,IAAIC,IAAI;MAAE;IAChG,WAAWC,6BAA6BV,UAAAA,GAAa;AACnD,UAAI,CAACA,WAAWW,QAAQ;AACtB,eAAOC,QAAQC,OAAO,0BAAA;MACxB;AACAhB,kBAAY;QACVc,QAAQX,WAAWW;QACnBG,KAAKd,WAAWc;QAChBT,QAAQ;QACRC,KAAKC,eAAeP,WAAWQ,IAAIC,IAAI;MACzC;IACF,OAAO;AACL,aAAOG,QAAQC,OAAOE,MAAM,qBAAqBf,WAAWK,MAAM,oBAAoB,CAAA;IACxF;AAEA,WAAO,MAAM,KAAK5B,IAAIC,OAAAA,EAASsC,KAAK,CAACC,OACnCA,GAAGjC,8BAA8B;MAC/BkC,SAASC,kBAAkB,KAAKrC,SAAS;MACzCI;MACAC;MACAO;MACAE;MACAR;MACAC;MACAC;MACAC;MACAM;MACAL;MACAC;IACF,CAAA,CAAA;EAEJ;EAEA,MAAa2B,2BACXnC,YACAP,SAC+B;AAC/B,UAAM,EAAEQ,eAAeE,QAAQC,uBAAuBC,aAAaC,iBAAiBE,oBAAmB,IAAKR;AAC5G,UAAMS,QAAQT,WAAWS,SAASC,OAAAA;AAClC,UAAMC,QAAQX,WAAWW,SAASV;AAClC,UAAMY,SAAS,KAAKhB,UAAUiB,eAAeD;AAC7C,UAAME,aAAa,MAAMC,8BAA8BH,QAAQpB,OAAAA;AAE/D,QAAImB;AACJ,QAAIa,6BAA6BV,UAAAA,KAAeA,WAAWW,QAAQ;AACjEd,kBAAY;QACVQ,QAAQL,WAAWK;QACnBC,KAAKC,eAAeP,WAAWQ,IAAIC,IAAI;QACvCK,KAAKd,WAAWc;QAChBH,QAAQX,WAAWW;MACrB;IACF,WAAWT,8BAA6BF,UAAAA,GAAa;AACnDH,kBAAY;QACVQ,QAAQL,WAAWK;QACnBC,KAAKC,eAAeP,WAAWQ,IAAIC,IAAI;QACvCN,QAAQH,WAAWqB;MACrB;IACF,OAAO;AACL,aAAOT,QAAQC,OAAOE,MAAM,qCAAA,CAAA;IAC9B;AAEA,WAAO,MAAM,KAAKtC,IAAIC,OAAAA,EAASsC,KAAK,CAACC,OACnCA,GAAGG,2BAA2B;MAC5BF,SAASC,kBAAkB,KAAKrC,SAAS;MACzCI;MACAQ;MACAE;MACAR;MACAC;MACAE;MACAD;MACAO;MACAJ;IACF,CAAA,CAAA;EAEJ;AACF;;;AF1EO,IAAM6B,WAAN,MAAMA,UAAAA;EAlDb,OAkDaA;;;EACMC;EACjB,OAAwBC,oBAAoB;EAC3BC,YAAqC,oBAAIC,IAAAA;EACjDC,SAASA,sBAAOC;EAEhBC,UAAqB;IAC5BC,0BAA0B,KAAKC,8BAA8BC,KAAK,IAAI;IACtEC,+BAA+B,KAAKC,mCAAmCF,KAAK,IAAI;IAChFG,yBAAyB,KAAKC,oBAAoBJ,KAAK,IAAI;IAC3DK,0BAA0B,KAAKC,qBAAqBN,KAAK,IAAI;IAC7DO,4BAA4B,KAAKC,uBAAuBR,KAAK,IAAI;IACjES,qBAAqB,KAAKC,gBAAgBV,KAAK,IAAI;IACnDW,wBAAwB,KAAKA,uBAAuBX,KAAK,IAAI;IAC7DY,uBAAuB,KAAKA,sBAAsBZ,KAAK,IAAI;IAC3Da,oBAAoB,KAAKA,mBAAmBb,KAAK,IAAI;EACvD;EAEA,YAAYT,MAAqB;AAC/B,SAAKA,OAAOA;EACd;EAEOuB,eAAeC,eAA+BC,SAA2B;AAE9E,SAAKzB,KAAK0B,cAAcF;AAExB,QACE,CAAC,KAAKxB,KAAK0B,YAAYC,eAAeC,aAAaC,YACnD,OAAO,KAAK7B,KAAK0B,YAAYC,eAAeC,YAAYC,SAASC,YAAY,YAC7E;AACA,WAAK9B,KAAK0B,YAAYC,eAAeC,cAAc;QACjD,GAAG,KAAK5B,KAAK0B,YAAYC,eAAeC;QACxCC,UAAUE,kBAAiBN,SAAS;UAAEO,uBAAuB;UAAMC,oBAAoB;UAAMC,iBAAiB;QAAK,CAAA;MACrH;IACF;EACF;EAEA,MAAc1B,8BAA8B2B,YAAoCV,SAA4C;AAC1H,WAAO,MAAM,KAAKW,cAChB;MACEC,sBAAsB;MACtBC,qBAAqBH,WAAWG;MAChC,GAAIH,WAAWI,uBAAuB,QAAQ;QAAEC,SAASL,WAAWK;MAAQ;IAC9E,GACAf,OAAAA,EAECgB,KAAK,CAACC,OAAOA,GAAGlC,8BAA8B2B,YAAYV,OAAAA,CAAAA,EAC1DgB,KAAK,CAACE,QAAQA,IAAIC,UAAU;EACjC;EAEA,MAAcjC,mCACZwB,YACAV,SACwC;AACxC,WAAO,MAAM,KAAKW,cAAc;MAAEC,sBAAsB;MAAMG,SAASL,WAAWK;IAAQ,GAAGf,OAAAA,EAC1FgB,KAAK,CAACC,OAAOA,GAAGG,2BAA2BV,YAAYV,OAAAA,CAAAA,EACvDgB,KAAK,OAAOK,YAAAA;AACX,YAAMC,cAA6C;QACjDC,sBAAsBF,QAAQG;QAC9BC,eAAe,MAAMJ,QAAQK,iBAAgB;QAC7CC,sBAAsBN,QAAQI,eAAeG,WAAAA;MAC/C;AACA,aAAON;IACT,CAAA;EACJ;EAEA,MAAclC,oBAAoByC,MAAgC7B,SAA2E;AAC3I,WAAO,MAAM,KAAKW,cAAc;MAAEC,sBAAsB;MAAOG,SAASc,KAAKd;IAAQ,GAAGf,OAAAA,EAASgB,KAAK,CAACC,OACrGA,GAAGa,IAAI9B,OAAAA,EAASgB,KAAK,CAACC,QAAOA,IAAGc,eAAeC,+BAA+BH,KAAKI,eAAeJ,KAAKK,eAAe,CAAA,CAAA;EAE1H;EAEA,MAAc5C,qBACZuC,MACA7B,SACiE;AACjE,UAAMmC,aAAyB,MAAM,KAAKxB,cAAc;MAAEC,sBAAsB;MAAOG,SAASc,KAAKd;IAAQ,GAAGf,OAAAA;AAChH,UAAMoC,6BAAqE,MAAMD,WAC9EL,IAAI9B,OAAAA,EACJgB,KAAK,CAACC,OAAOA,GAAGc,eAAeM,gCAAgCR,KAAKI,eAAeJ,KAAKK,eAAe,CAAA;AAC1G,QAAIE,+BAA+BE,QAAW;AAC5C,aAAOA;IACT;AAEA,UAAMC,gBAAgBH;AACtB,QAAIG,cAAcC,WAAWC,iCAAiCC,UAAU;AACtE,UAAIC;AACJ,UACEC,kBAAiBC,eAAeN,cAAcO,SAAStB,QAAQuB,QAAQ,MACtE,CAACZ,WAAWa,UAAUC,gBAAgBN,UAAU,OAAOR,WAAWa,UAAUC,gBAAgBN,WAAW,aACxG;AACAA,iBAASO;MACX;AAGA,YAAMC,UAAUZ,cAAcO,SAAStB,QAAQuB,YAAYK,KAAKC,MAAMd,cAAcO,SAAStB,QAAQuB,QAAQ;AAC7G,YAAMO,SAAS,CAAA;AACf,iBAAW,CAACC,mBAAmBC,iBAAAA,KAAsBC,OAAOC,QAAQP,OAAAA,GAAU;AAC5E,YAAIQ;AACJ,YAAIC,MAAMC,QAAQL,iBAAAA,GAAoB;AACpC,cAAIA,kBAAkBM,WAAW,GAAG;AAClC,kBAAMC,MAAM,eAAeR,iBAAAA,oCAAqD;UAClF;AACA,cAAIC,kBAAkBM,SAAS,GAAG;AAChC,kBAAMC,MAAM,eAAeR,iBAAAA,iCAAkDC,kBAAkBM,MAAM,kCAAkC;UACzI;AACAH,qBAAWH,kBAAkB,CAAA;QAC/B,OAAO;AACLG,qBAAWH;QACb;AAGA,cAAMQ,sBAAsBpB,kBAAiBqB;UAC3CN;;UAEAhB;QAAAA;AAEFuB,gBAAQC,IAAI,wBAAwBf,KAAKgB,UAAUJ,mBAAAA,CAAAA,EAAsB;AAEzE,cAAMK,YAA8B,CAAC;AACrC,cAAMC,uBAAuB,KAAKC,yBAAyBP,mBAAAA;AAC3D,YAAI,0BAA0BM,sBAAsB;AAClD,qBAAWE,cAAcF,qBAAqBG,sBAAsB;AAClE,kBAAMC,KAAKF;AACX,kBAAMG,yBAAyB,MAAM3E,QAAQ4E,MAAMC,eAAe;cAChEL;cACA7B;cACAmC,kBAAkB3C,WAAWa,UAAU+B,sBAAsBC;YAC/D,CAAA;AACA,gBAAI,CAACL,uBAAuBM,QAAQ;AAClC1C,4BAAcC,SAASC,iCAAiCyC;AACxD3C,4BAAc4C,QAAQ,IAAIpB,MAAMY,uBAAuBQ,KAAK;AAC5D,qBAAO5C;YACT;AAEA,kBAAM6C,oBAAoBV,GAAGU;AAC7B,gBAAI,EAAE,QAAQf,YAAY;AACxBA,wBAAU,IAAA,IAAQe,kBAAkBC;YACtC;AAEA5B,mBAAOC,QAAQ0B,iBAAAA,EAAmBE,QAAQ,CAAC,CAACC,KAAKC,KAAAA,MAAM;AACrD,kBAAI,EAAED,OAAOlB,YAAY;AACvBA,0BAAUkB,GAAAA,IAAOC;cACnB;YACF,CAAA;AAEAlC,mBAAOmC,KAAK;cACVJ,IAAI9B;cACJmC,MAAMhB,GAAGgB,KAAK,CAAA;cACdpC,QAAQe;YACV,CAAA;UACF;QACF,OAAO;AACLf,iBAAOmC,KAAK;YACVJ,IAAI9B;YACJmC,MAAO1B,oBAAyD2B,eAAeC;YAC/EtC,QAAQgB;UACV,CAAA;QACF;MACF;AAEA/B,oBAAcsD,eAAe;QAC3B,GAAItD,cAAcO,SAAStB,QAAQuB,YAAY;UAC7C+C,wBAAwB;YACtB/C,UACE,OAAOR,cAAcO,SAAStB,QAAQuB,aAAa,WAC/CK,KAAKC,MAAMd,cAAcO,SAAStB,QAAQuB,QAAQ,IAClDR,cAAcO,SAAStB,QAAQuB;UACvC;QACF;QACA,GAAIO,OAAOQ,SAAS,KAAK;UAAEiC,mBAAmBzC;QAAO;MACvD;IACF;AAEA,WAAOf;EACT;EAEQgC,2BAA2B,wBACjCP,wBAAAA;AAOA,WAAOpB,kBAAiBoD,yBAAyBhC,mBAAAA,IAC7CA,oBAAoB2B,iBACpB/C,kBAAiBqD,sBAAsBjC,mBAAAA;EAC7C,GAXmC;EAanC,MAAcxE,uBAAuBqC,MAA+B7B,SAA+D;AACjI,QAAI6B,KAAKqE,UAAU,iCAAiC;AAClD,YAAMnC,MAAM,wFAAwF;IACtG;AACA,WAAO,MAAM,KAAKpD,cAAc;MAAEC,sBAAsB;MAAOG,SAASc,KAAKd;IAAQ,GAAGf,OAAAA,EAErFgB,KAAK,CAACC,OACLA,GAAGa,IAAI9B,OAAAA,EAASgB,KAAK,OAAOC,QAAAA;AAC1B,YAAMA,IAAGkF,2BAA2B;QAClClE,eAAeJ,KAAKI;QACpBkD,OAAOtD,KAAKsD,QAAQ,IAAIpB,MAAMlC,KAAKsD,KAAK,IAAI7C;MAC9C,CAAA;AACA,aAAQ,MAAMrB,IAAGc,eAAeC,+BAA+BH,KAAKI,eAAe,IAAA;IACrF,CAAA,CAAA;EAEN;EAEA,MAAcvC,gBAAgBmC,MAAiC7B,SAA6C;AAC1G,WAAO,MAAM,KAAKW,cAAc;MAAEC,sBAAsB;MAAOG,SAASc,KAAKd;IAAQ,GAAGf,OAAAA,EACrFgB,KAAK,CAACC,OAAOA,GAAGa,IAAI9B,OAAAA,EAASgB,KAAK,CAACC,QAAOA,IAAGc,eAAeqE,4BAA4BvE,KAAKI,aAAa,CAAA,CAAA,EAC1GjB,KAAK,MAAM,IAAA;EAChB;EAEA,MAAcrB,uBAAuBkC,MAAoC7B,SAAmE;AAC1I,QAAI,CAAC6B,KAAKwE,uBAAuB;AAC/B,YAAMtC,MAAM,2CAAA;IACd;AACA,UAAMuC,eACJ,OAAOzE,KAAKwE,0BAA0B,WACjCE,gBAAgB1E,KAAKwE,qBAAqB,IAC3CxE,KAAKwE;AACX,WAAO,MAAM,KAAK1F,cAAc;MAAEC,sBAAsB;MAAOG,SAASc,KAAKd;IAAQ,GAAGf,OAAAA,EAASgB,KAAK,CAACC,OACrGA,GAAGa,IAAI9B,OAAAA,EAASgB,KAAK,CAACC,QACpBA,IAAGuF,4BAA4BF,cAAc;MAC3CrE,eAAeJ,KAAKI;MACpB,GAAIJ,KAAK4E,aAAa;QAAEA,WAAW5E,KAAK4E;MAAU;MAClDC,UAAU7E,KAAK6E;IACjB,CAAA,CAAA,CAAA;EAGN;EAEA,MAAc9G,sBAAsBiC,MAA6B7B,SAA0C;AACzG,UAAM,EAAE2G,aAAaC,UAAUC,SAASC,mBAAkB,IAAKjF;AAC/D,UAAMkF,QAAQC,IACZL,YAAYM,IAAI,OAAOC,eAAAA;AACrBC,gBAAUC,SAASF,WAAWG,KAAK;AACnCnD,cAAQC,IAAI,8BAA8B+C,WAAWnG,OAAO,4BAA4B+F,kBAAAA,EAAoB;AAE5G,aAAO9G,QAAQ4E,MAAM0C,qBAAqB;QACxCC,gBAAgB;UACdxG,SAASmG,WAAWnG;UACpB6F;UACAC;UACAQ,OAAOH,WAAWG;QACpB;QACA9I,MAAM;UAAEuI;QAAuC;MACjD,CAAA;IACF,CAAA,CAAA;EAEJ;EAEA,MAAcjH,mBAAmBgC,MAA2B7B,SAAwD;AAClH,UAAMwH,aAAa3F,KAAKd,WAAWzC,UAASE;AAC5C,QAAI,KAAKC,UAAUgJ,IAAID,UAAAA,GAAa;AAClC,YAAMrF,aAAa,KAAK1D,UAAUqD,IAAI0F,UAAAA;AACtC,UAAIrF,eAAeG,QAAW;AAC5B,cAAMrB,KAAK,MAAMkB,WAAWL,IAAI9B,OAAAA;AAChC,eAAO,MAAMiB,GAAGyG,uBAAuB;UACrCC,gBAAgB9F,KAAKI;UACrBA,eAAeJ,KAAKI;UACpB,GAAIJ,KAAKqE,SAAS;YAAEA,OAAOrE,KAAKqE;UAAM;QACxC,CAAA;MACF;IACF;AACA,WAAO5D;EACT;EAEA,MAAM3B,cAAc,EAAEC,sBAAsBG,SAASF,oBAAmB,GAAyBb,SAAgD;AAC/I,QAAI4H,eAAuBtJ,UAASE;AACpC,QAAI2D;AACJ,QAAIpB,SAAS;AACX,UAAI,KAAKtC,UAAUgJ,IAAI1G,OAAAA,GAAU;AAC/B6G,uBAAe7G;AACfoB,qBAAa,KAAK1D,UAAUqD,IAAI8F,YAAAA;MAClC,WAAWC,aAAY9G,OAAAA,GAAU;AAC/B,YAAI;AAEF,gBAAM+G,KAAK,MAAM9H,QAAQ4E,MAAMmD,iBAAiB;YAAEC,QAAQjH;UAAQ,CAAA;AAClE,cAAI,KAAKtC,UAAUgJ,IAAIK,GAAG/G,OAAO,GAAG;AAClC6G,2BAAeE,GAAG/G;AAClBoB,yBAAa,KAAK1D,UAAUqD,IAAI8F,YAAAA;UAClC;QACF,SAASK,QAAQ;QAAC;MACpB;AACA,UAAIrH,sBAAsB;AACxBgH,uBAAe7G;MACjB,OAAO;AACLoB,qBAAa,KAAK1D,UAAUqD,IAAI8F,YAAAA;MAClC;IACF,OAAO;AACLzF,mBAAa,KAAK1D,UAAUqD,IAAI8F,YAAAA;IAClC;AAEA,QAAI,CAACzF,YAAY;AACf,UAAI,CAACvB,sBAAsB;AACzB,eAAOmG,QAAQmB,OAAO,gCAAgCN,YAAAA,EAAc;MACtE;AACA,YAAMO,eAAe,KAAKC,gBAAgBrH,OAAAA;AAC1C,YAAMsH,SAAS,MAAM,KAAKC,aAAatI,SAAS;QAAEe;QAASF;MAAyC,CAAA;AACpG,UAAI,CAACwH,OAAOnI,eAAeC,aAAaC,YAAY,OAAOiI,OAAOnI,eAAeC,YAAYC,SAASC,YAAY,YAAY;AAC5H,YAAI,CAACgI,OAAOnI,gBAAgBC,aAAa;AACvCkI,iBAAOnI,iBAAiB;YAAE,GAAGmI,OAAOnI;UAAe;AACnDmI,iBAAOnI,eAAeC,cAAc;YAAE,GAAGkI,OAAOnI,eAAeC;UAAY;QAC7E;AACA+D,gBAAQC,IAAI,iEAAiEpD,OAAAA;AAC7EsH,eAAOnI,eAAeC,YAAYC,WAAWE,kBAAiBN,SAAS;UACrEO,uBAAuB;UACvBE,iBAAiB;UACjBD,oBAAoB;QACtB,CAAA;MACF;AACA2B,mBAAa,IAAIoG,WAAW;QAAEF;QAAQG,SAASL;MAAa,CAAA;AAC5D,WAAK1J,UAAUgK,IAAIb,cAAczF,UAAAA;IACnC;AACA,QAAItB,qBAAqB;AACvBsB,iBAAWa,UAAU0F,sBAAsB7H;IAC7C;AACA,WAAOsB;EACT;EAEA,MAAMmG,aAAatI,SAA2BzB,MAA+E;AAC3H,UAAM,EAAEwC,SAASF,oBAAwC,IAAKtC;AAC9D,UAAMoK,UAAU,KAAKP,gBAAgBrH,OAAAA,GAAUsH,UAAU,KAAK9J,KAAK0B;AACnE,QAAI,CAAC0I,SAAS;AACZ,YAAM5E,MAAM,6DAA6DhD,OAAAA,EAAS;IACpF;AACA,QAAI,KAAKxC,KAAK0B,aAAa;AACzB,UAAI,CAAC0I,QAAQzI,gBAAgB;AAC3ByI,gBAAQzI,iBAAiB,KAAK3B,KAAK0B,aAAaC;MAClD,OAAO;AACL,YAAI,CAACyI,QAAQzI,eAAe0I,QAAQ;AAClCD,kBAAQzI,eAAe0I,SAAS,KAAKrK,KAAK0B,YAAYC,eAAe0I;QACvE;AACA,YAAI,CAACD,QAAQzI,eAAe2I,qBAAqB;AAC/CF,kBAAQzI,eAAe2I,sBAAsB,KAAKtK,KAAK0B,YAAYC,eAAe2I;QACpF;AACA,YAAI,CAACF,QAAQG,mBAAmB;AAC9BH,kBAAQG,oBAAoB,KAAKvK,KAAK0B,YAAY6I;QACpD;MACF;AACA,UAAI,CAACH,QAAQzI,eAAeC,eAAe,OAAOwI,QAAQzI,eAAeC,YAAYC,UAAUC,YAAY,YAAY;AACrHsI,gBAAQzI,eAAeC,cAAc;UACnC,GAAG,KAAK5B,KAAK0B,YAAYC,eAAeC;UACxCC,UACE,KAAK7B,KAAK0B,YAAYC,gBAAgBC,aAAaC,YACnDE,kBAAiBN,SAAS;YAAES,iBAAiB;YAAMD,oBAAoB;YAAMD,uBAAuB;UAAK,CAAA;QAC7G;MACF;IACF;AACA,QAAIM,wBAAwByB,UAAazB,wBAAwB8H,QAAQD,qBAAqB;AAC5FC,cAAQD,sBAAsB7H;IAChC;AACA,WAAO8H;EACT;EAEAP,gBAAgBrH,SAAmD;AACjE,QAAI,CAAC,KAAKxC,KAAK4J,aAAc,QAAO7F;AAEpC,UAAMyG,cAAchI,UAAU,KAAKxC,KAAK4J,aAAaa,KAAK,CAACC,MAAMA,EAAElI,YAAYA,OAAAA,IAAWuB;AAE1F,WAAOyG,eAAe,KAAKG,kBAAkBnI,OAAAA;EAC/C;EAEQmI,kBAAkBnI,SAA6B;AACrD,QAAI,CAAC,KAAKxC,KAAK4J,aAAc,QAAO7F;AAEpC,UAAM6G,iBAAiB,KAAK5K,KAAK4J,aAAaa,KAAK,CAACC,MAAMA,EAAElI,YAAY,SAAA;AACxE,QAAIoI,gBAAgB;AAClB,YAAMC,gBAAgB;QAAE,GAAGD;MAAe;AAC1C,UAAIpI,YAAYuB,QAAW;AACzB8G,sBAAcrI,UAAUA;MAC1B;AACA,aAAOqI;IACT;AAEA,WAAO9G;EACT;AACF;","names":["AuthorizationResponseStateStatus","decodeUriAsJson","getAgentResolver","shaHasher","defaultHasher","validate","isValidUUID","CredentialMapper","DcqlQuery","ClientIdentifierPrefix","InMemoryRPSessionManager","PassBy","PropertyTarget","ResponseMode","ResponseType","RevocationVerification","RP","Scope","SubjectType","SupportedVersion","SigningAlgo","getAgentDIDMethods","getAgentResolver","isExternalIdentifierOIDFEntityIdOpts","isManagedIdentifierDidOpts","isManagedIdentifierDidResult","isManagedIdentifierX5cOpts","CredentialMapper","EventEmitter","validate","isValidUUID","defaultHasher","getRequestVersion","rpOptions","Array","isArray","supportedVersions","length","SupportedVersion","OID4VP_v1","getWellKnownDIDVerifyCallback","siopIdentifierOpts","context","wellknownDIDVerifyCallback","args","result","agent","cvVerifyCredential","credential","fetchRemoteContexts","verified","getDcqlQueryLookupCallback","dcqlQueryLookup","queryId","version","tenantId","pdmGetDefinitions","filter","isValidUUID","id","query","Promise","reject","Error","getPresentationVerificationCallback","idOpts","presentationVerificationCallback","presentationSubmission","CredentialMapper","isSdJwtEncoded","verifySdJwtPresentation","presentation","payload","isMsoMdocOid4VPEncoded","mdocOid4vpRPVerify","undefined","verifyResult","vp_token","presentation_submission","error","verifyPresentation","domain","identifierManagedGet","kid","split","createRPBuilder","rpOpts","identifierOpts","didMethods","supportedDIDMethods","getAgentDIDMethods","eventEmitter","EventEmitter","defaultClientMetadata","idTokenSigningAlgValuesSupported","SigningAlgo","EDDSA","ES256","ES256K","requestObjectSigningAlgValuesSupported","responseTypesSupported","ResponseType","ID_TOKEN","client_name","vpFormatsSupported","jwt_vc","alg","jwt_vp","scopesSupported","Scope","OPENID_DIDAUTHN","subjectTypesSupported","SubjectType","PAIRWISE","subject_syntax_types_supported","map","method","passBy","PassBy","VALUE","resolver","resolveOpts","getAgentResolver","resolverResolution","localResolution","uniresolverResolution","noUniversalResolverFallback","hasher","credentialOpts","defaultHasher","builder","RP","requestVersion","withScope","PropertyTarget","REQUEST_OBJECT","withResponseMode","responseMode","ResponseMode","POST","withResponseType","VP_TOKEN","withSupportedVersions","SIOPv2_OID4VP_D28","withEventEmitter","withSessionManager","sessionManager","InMemoryRPSessionManager","withClientMetadata","clientMetadataOpts","withVerifyJwtCallback","verifyJwtCallback","getVerifyJwtCallback","verifyOpts","checkLinkedDomain","withDcqlQueryLookup","withRevocationVerification","RevocationVerification","NEVER","withPresentationVerification","oidfOpts","isExternalIdentifierOIDFEntityIdOpts","withEntityId","identifier","resolution","clientId","client_id","issuer","isManagedIdentifierDidResult","did","jwkThumbprint","clientIdPrefixed","prefixClientId","withClientId","withHasher","responseRedirectUri","withResponseRedirectUri","createJwtCallback","signCallback","withCreateJwtCallback","jwtIssuer","jwt","isManagedIdentifierDidOpts","isManagedIdentifierX5cOpts","jwtCreateJwsCompactSignature","kmsKeyRef","noIdentifierInHeader","protectedHeader","header","_opts","_jwtVerifier","jwtVerifyJwsSignature","jws","raw","console","log","message","getSigningAlgo","type","SigningAlgo","EDDSA","ES256K","ES256","RS256","Error","prefixClientId","clientId","startsWith","ClientIdentifierPrefix","DECENTRALIZED_IDENTIFIER","v4","uuidv4","ensureManagedIdentifierResult","isManagedIdentifierDidResult","isManagedIdentifierX5cResult","RPInstance","_rp","_presentationOptions","_rpOptions","rpOpts","pexOpts","get","context","builder","createRPBuilder","build","rpOptions","presentationOptions","createAuthorizationRequestURI","createArgs","correlationId","queryId","claims","requestByReferenceURI","responseURI","responseURIType","callback","responseRedirectURI","nonce","uuidv4","state","jwtIssuer","idOpts","identifierOpts","resolution","ensureManagedIdentifierResult","isManagedIdentifierDidResult","didUrl","kid","method","alg","getSigningAlgo","key","type","isManagedIdentifierX5cResult","issuer","Promise","reject","x5c","Error","then","rp","version","getRequestVersion","createAuthorizationRequest","did","SIOPv2RP","opts","_DEFAULT_OPTS_KEY","instances","Map","schema","IDidAuthSiopOpAuthenticator","methods","siopCreateAuthRequestURI","createAuthorizationRequestURI","bind","siopCreateAuthRequestPayloads","createAuthorizationRequestPayloads","siopGetAuthRequestState","siopGetRequestState","siopGetAuthResponseState","siopGetResponseState","siopUpdateAuthRequestState","siopUpdateRequestState","siopDeleteAuthState","siopDeleteState","siopVerifyAuthResponse","siopImportDefinitions","siopGetRedirectURI","setDefaultOpts","rpDefaultOpts","context","defaultOpts","identifierOpts","resolveOpts","resolver","resolve","getAgentResolver","uniresolverResolution","resolverResolution","localResolution","createArgs","getRPInstance","createWhenNotPresent","responseRedirectURI","useQueryIdInstance","queryId","then","rp","URI","encodedUri","createAuthorizationRequest","request","authRequest","authorizationRequest","payload","requestObject","requestObjectJwt","requestObjectDecoded","getPayload","args","get","sessionManager","getRequestStateByCorrelationId","correlationId","errorOnNotFound","rpInstance","authorizationResponseState","getResponseStateByCorrelationId","undefined","responseState","status","AuthorizationResponseStateStatus","VERIFIED","hasher","CredentialMapper","isSdJwtEncoded","response","vp_token","rpOptions","credentialOpts","defaultHasher","vpToken","JSON","parse","claims","credentialQueryId","presentationValue","Object","entries","singleVP","Array","isArray","length","Error","presentationDecoded","decodeVerifiablePresentation","console","log","stringify","allClaims","presentationOrClaims","presentationOrClaimsFrom","credential","verifiableCredential","vc","schemaValidationResult","agent","cvVerifySchema","validationPolicy","verificationPolicies","schemaValidation","result","ERROR","error","credentialSubject","id","forEach","key","value","push","type","decodedPayload","vct","verifiedData","authorization_response","credential_claims","isSdJwtDecodedCredential","toUniformPresentation","state","signalAuthRequestRetrieved","deleteStateForCorrelationId","authorizationResponse","authResponse","decodeUriAsJson","verifyAuthorizationResponse","dcqlQuery","audience","importItems","tenantId","version","versionControlMode","Promise","all","map","importItem","DcqlQuery","validate","query","pdmPersistDefinition","definitionItem","instanceId","has","getResponseRedirectUri","correlation_id","rpInstanceId","isValidUUID","pd","pdmGetDefinition","itemId","ignore","reject","instanceOpts","getInstanceOpts","rpOpts","getRPOptions","RPInstance","pexOpts","set","responseRedirectUri","options","idOpts","supportedDIDMethods","supportedVersions","instanceOpt","find","i","getDefaultOptions","defaultOptions","clonedOptions"]}
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@sphereon/ssi-sdk.siopv2-oid4vp-rp-auth",
3
- "version": "0.34.1-feature.DIIPv4.257+5c063f91",
3
+ "version": "0.34.1-feature.DIIPv4.270+73b14ab3",
4
4
  "source": "src/index.ts",
5
5
  "type": "module",
6
6
  "main": "./dist/index.cjs",
@@ -26,22 +26,22 @@
26
26
  "build": "tsup --config ../../tsup.config.ts --tsconfig ../../tsconfig.tsup.json"
27
27
  },
28
28
  "dependencies": {
29
- "@sphereon/did-auth-siop": "0.19.1-feature.DIIPv4.184",
30
- "@sphereon/did-auth-siop-adapter": "0.19.1-feature.DIIPv4.184",
31
- "@sphereon/oid4vc-common": "0.19.1-feature.DIIPv4.184",
29
+ "@sphereon/did-auth-siop": "0.19.1-feature.SSISDK.73.dcql.array.fix.211",
30
+ "@sphereon/did-auth-siop-adapter": "0.19.1-feature.SSISDK.73.dcql.array.fix.211",
31
+ "@sphereon/oid4vc-common": "0.19.1-feature.SSISDK.73.dcql.array.fix.211",
32
32
  "@sphereon/pex": "5.0.0-unstable.28",
33
- "@sphereon/ssi-sdk-ext.did-utils": "0.34.1-feature.DIIPv4.257+5c063f91",
34
- "@sphereon/ssi-sdk-ext.identifier-resolution": "0.34.1-feature.DIIPv4.257+5c063f91",
35
- "@sphereon/ssi-sdk-ext.jwt-service": "0.34.1-feature.DIIPv4.257+5c063f91",
36
- "@sphereon/ssi-sdk.core": "0.34.1-feature.DIIPv4.257+5c063f91",
37
- "@sphereon/ssi-sdk.credential-validation": "0.34.1-feature.DIIPv4.257+5c063f91",
38
- "@sphereon/ssi-sdk.kv-store-temp": "0.34.1-feature.DIIPv4.257+5c063f91",
39
- "@sphereon/ssi-sdk.mdl-mdoc": "0.34.1-feature.DIIPv4.257+5c063f91",
40
- "@sphereon/ssi-sdk.pd-manager": "0.34.1-feature.DIIPv4.257+5c063f91",
41
- "@sphereon/ssi-sdk.presentation-exchange": "0.34.1-feature.DIIPv4.257+5c063f91",
42
- "@sphereon/ssi-sdk.sd-jwt": "0.34.1-feature.DIIPv4.257+5c063f91",
43
- "@sphereon/ssi-sdk.siopv2-oid4vp-common": "0.34.1-feature.DIIPv4.257+5c063f91",
44
- "@sphereon/ssi-types": "0.34.1-feature.DIIPv4.257+5c063f91",
33
+ "@sphereon/ssi-sdk-ext.did-utils": "0.34.1-feature.DIIPv4.270+73b14ab3",
34
+ "@sphereon/ssi-sdk-ext.identifier-resolution": "0.34.1-feature.DIIPv4.270+73b14ab3",
35
+ "@sphereon/ssi-sdk-ext.jwt-service": "0.34.1-feature.DIIPv4.270+73b14ab3",
36
+ "@sphereon/ssi-sdk.core": "0.34.1-feature.DIIPv4.270+73b14ab3",
37
+ "@sphereon/ssi-sdk.credential-validation": "0.34.1-feature.DIIPv4.270+73b14ab3",
38
+ "@sphereon/ssi-sdk.kv-store-temp": "0.34.1-feature.DIIPv4.270+73b14ab3",
39
+ "@sphereon/ssi-sdk.mdl-mdoc": "0.34.1-feature.DIIPv4.270+73b14ab3",
40
+ "@sphereon/ssi-sdk.pd-manager": "0.34.1-feature.DIIPv4.270+73b14ab3",
41
+ "@sphereon/ssi-sdk.presentation-exchange": "0.34.1-feature.DIIPv4.270+73b14ab3",
42
+ "@sphereon/ssi-sdk.sd-jwt": "0.34.1-feature.DIIPv4.270+73b14ab3",
43
+ "@sphereon/ssi-sdk.siopv2-oid4vp-common": "0.34.1-feature.DIIPv4.270+73b14ab3",
44
+ "@sphereon/ssi-types": "0.34.1-feature.DIIPv4.270+73b14ab3",
45
45
  "@sphereon/wellknown-dids-client": "^0.1.3",
46
46
  "@veramo/core": "4.2.0",
47
47
  "@veramo/credential-w3c": "4.2.0",
@@ -84,5 +84,5 @@
84
84
  "OpenID Connect",
85
85
  "Authenticator"
86
86
  ],
87
- "gitHead": "5c063f91960f4954aca5d08bfc22b72a75fdc5cd"
87
+ "gitHead": "73b14ab36d96c39cdb449366da5511bdd7cff0ba"
88
88
  }
package/src/RPInstance.ts CHANGED
@@ -39,7 +39,7 @@ export class RPInstance {
39
39
  }
40
40
 
41
41
  public async createAuthorizationRequestURI(createArgs: ICreateAuthRequestArgs, context: IRequiredContext): Promise<URI> {
42
- const { correlationId, queryId, claims, requestByReferenceURI, responseURI, responseURIType, callback } = createArgs
42
+ const { correlationId, queryId, claims, requestByReferenceURI, responseURI, responseURIType, callback, responseRedirectURI } = createArgs
43
43
  const nonce = createArgs.nonce ?? uuidv4()
44
44
  const state = createArgs.state ?? correlationId
45
45
  let jwtIssuer: JwtIssuer
@@ -74,6 +74,7 @@ export class RPInstance {
74
74
  responseURIType,
75
75
  jwtIssuer,
76
76
  callback,
77
+ responseRedirectURI,
77
78
  }),
78
79
  )
79
80
  }
@@ -82,7 +83,7 @@ export class RPInstance {
82
83
  createArgs: Omit<ICreateAuthRequestArgs, 'queryId'>,
83
84
  context: IRequiredContext,
84
85
  ): Promise<AuthorizationRequest> {
85
- const { correlationId, claims, requestByReferenceURI, responseURI, responseURIType } = createArgs
86
+ const { correlationId, claims, requestByReferenceURI, responseURI, responseURIType, responseRedirectURI } = createArgs
86
87
  const nonce = createArgs.nonce ?? uuidv4()
87
88
  const state = createArgs.state ?? correlationId
88
89
  const idOpts = this.rpOptions.identifierOpts.idOpts
@@ -117,6 +118,7 @@ export class RPInstance {
117
118
  responseURIType,
118
119
  responseURI,
119
120
  jwtIssuer,
121
+ responseRedirectURI,
120
122
  }),
121
123
  )
122
124
  }
package/src/agent/SIOPv2RP.ts CHANGED
@@ -6,7 +6,7 @@ import {
6
6
  AuthorizationResponseStateWithVerifiedData,
7
7
  decodeUriAsJson,
8
8
  EncodedDcqlPresentationVpToken,
9
- VerifiedAuthorizationResponse
9
+ VerifiedAuthorizationResponse,
10
10
  } from '@sphereon/did-auth-siop'
11
11
  import { getAgentResolver } from '@sphereon/ssi-sdk-ext.did-utils'
12
12
  import { shaHasher as defaultHasher } from '@sphereon/ssi-sdk.core'
@@ -24,7 +24,7 @@ import {
24
24
  MdocDeviceResponse,
25
25
  MdocOid4vpMdocVpToken,
26
26
  OriginalVerifiablePresentation,
27
- SdJwtDecodedVerifiableCredential
27
+ SdJwtDecodedVerifiableCredential,
28
28
  } from '@sphereon/ssi-types'
29
29
  import { IAgentPlugin } from '@veramo/core'
30
30
  import { DcqlQuery } from 'dcql'
@@ -43,7 +43,7 @@ import {
43
43
  ISiopv2RPOpts,
44
44
  IUpdateRequestStateArgs,
45
45
  IVerifyAuthResponseStateArgs,
46
- schema
46
+ schema,
47
47
  } from '../index'
48
48
  import { RPInstance } from '../RPInstance'
49
49
  import { ISIOPv2RP } from '../types/ISIOPv2RP'
@@ -90,7 +90,7 @@ export class SIOPv2RP implements IAgentPlugin {
90
90
  {
91
91
  createWhenNotPresent: true,
92
92
  responseRedirectURI: createArgs.responseRedirectURI,
93
- ...(createArgs.useQueryIdInstance === true && { queryId: createArgs.queryId } ),
93
+ ...(createArgs.useQueryIdInstance === true && { queryId: createArgs.queryId }),
94
94
  },
95
95
  context,
96
96
  )
@@ -116,9 +116,7 @@ export class SIOPv2RP implements IAgentPlugin {
116
116
 
117
117
  private async siopGetRequestState(args: IGetAuthRequestStateArgs, context: IRequiredContext): Promise<AuthorizationRequestState | undefined> {
118
118
  return await this.getRPInstance({ createWhenNotPresent: false, queryId: args.queryId }, context).then((rp) =>
119
- rp.get(context).then((rp) =>
120
- rp.sessionManager.getRequestStateByCorrelationId(args.correlationId, args.errorOnNotFound)
121
- ),
119
+ rp.get(context).then((rp) => rp.sessionManager.getRequestStateByCorrelationId(args.correlationId, args.errorOnNotFound)),
122
120
  )
123
121
  }
124
122
 
@@ -147,10 +145,23 @@ export class SIOPv2RP implements IAgentPlugin {
147
145
  // FIXME SSISDK-64 currently assuming that all vp tokens are or type EncodedDcqlPresentationVpToken as we only work with DCQL now. But the types still indicate it can be another type of vp token
148
146
  const vpToken = responseState.response.payload.vp_token && JSON.parse(responseState.response.payload.vp_token as EncodedDcqlPresentationVpToken)
149
147
  const claims = []
150
- for (const [key, value] of Object.entries(vpToken)) {
148
+ for (const [credentialQueryId, presentationValue] of Object.entries(vpToken)) {
149
+ let singleVP: OriginalVerifiablePresentation
150
+ if (Array.isArray(presentationValue)) {
151
+ if (presentationValue.length === 0) {
152
+ throw Error(`DCQL query '${credentialQueryId}' has empty array of presentations`)
153
+ }
154
+ if (presentationValue.length > 1) {
155
+ throw Error(`DCQL query '${credentialQueryId}' has multiple presentations (${presentationValue.length}), but only one is supported atm`)
156
+ }
157
+ singleVP = presentationValue[0] as OriginalVerifiablePresentation
158
+ } else {
159
+ singleVP = presentationValue as OriginalVerifiablePresentation
160
+ }
161
+
151
162
  // todo this should also include mdl-mdoc
152
163
  const presentationDecoded = CredentialMapper.decodeVerifiablePresentation(
153
- value as OriginalVerifiablePresentation,
164
+ singleVP as OriginalVerifiablePresentation,
154
165
  //todo: later we want to conditionally pass in options for mdl-mdoc here
155
166
  hasher,
156
167
  )
@@ -184,16 +195,16 @@ export class SIOPv2RP implements IAgentPlugin {
184
195
  })
185
196
 
186
197
  claims.push({
187
- id: key,
198
+ id: credentialQueryId,
188
199
  type: vc.type[0],
189
- claims: allClaims
200
+ claims: allClaims,
190
201
  })
191
202
  }
192
203
  } else {
193
204
  claims.push({
194
- id: key,
205
+ id: credentialQueryId,
195
206
  type: (presentationDecoded as SdJwtDecodedVerifiableCredential).decodedPayload.vct,
196
- claims: presentationOrClaims
207
+ claims: presentationOrClaims,
197
208
  })
198
209
  }
199
210
  }
@@ -201,12 +212,13 @@ export class SIOPv2RP implements IAgentPlugin {
201
212
  responseState.verifiedData = {
202
213
  ...(responseState.response.payload.vp_token && {
203
214
  authorization_response: {
204
- vp_token: typeof responseState.response.payload.vp_token === 'string'
215
+ vp_token:
216
+ typeof responseState.response.payload.vp_token === 'string'
205
217
  ? JSON.parse(responseState.response.payload.vp_token)
206
- : responseState.response.payload.vp_token
207
- }
218
+ : responseState.response.payload.vp_token,
219
+ },
208
220
  }),
209
- ...(claims.length > 0 && { credential_claims: claims })
221
+ ...(claims.length > 0 && { credential_claims: claims }),
210
222
  }
211
223
  }
212
224
 
@@ -219,7 +231,7 @@ export class SIOPv2RP implements IAgentPlugin {
219
231
  | IVerifiablePresentation
220
232
  | SdJwtDecodedVerifiableCredential
221
233
  | MdocOid4vpMdocVpToken
222
- | MdocDeviceResponse
234
+ | MdocDeviceResponse,
223
235
  ): AdditionalClaims | IPresentation => {
224
236
  return CredentialMapper.isSdJwtDecodedCredential(presentationDecoded)
225
237
  ? presentationDecoded.decodedPayload
@@ -261,8 +273,8 @@ export class SIOPv2RP implements IAgentPlugin {
261
273
  rp.get(context).then((rp) =>
262
274
  rp.verifyAuthorizationResponse(authResponse, {
263
275
  correlationId: args.correlationId,
264
- ...(args.dcqlQuery && { dcqlQuery: args.dcqlQuery }),
265
- audience: args.audience,
276
+ ...(args.dcqlQuery && { dcqlQuery: args.dcqlQuery }),
277
+ audience: args.audience,
266
278
  }),
267
279
  ),
268
280
  )
@@ -294,7 +306,7 @@ export class SIOPv2RP implements IAgentPlugin {
294
306
  const rpInstance = this.instances.get(instanceId)
295
307
  if (rpInstance !== undefined) {
296
308
  const rp = await rpInstance.get(context)
297
- return rp.getResponseRedirectUri({
309
+ return await rp.getResponseRedirectUri({
298
310
  correlation_id: args.correlationId,
299
311
  correlationId: args.correlationId,
300
312
  ...(args.state && { state: args.state }),