@sphereon/ssi-sdk.siopv2-oid4vp-rp-auth 0.34.1-feature.SSISDK.45.93 → 0.34.1-feature.SSISDK.46.40

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (11) hide show
  1. package/dist/index.cjs +35 -30
  2. package/dist/index.cjs.map +1 -1
  3. package/dist/index.d.cts +37 -28
  4. package/dist/index.d.ts +37 -28
  5. package/dist/index.js +35 -30
  6. package/dist/index.js.map +1 -1
  7. package/package.json +18 -18
  8. package/src/RPInstance.ts +3 -3
  9. package/src/agent/SIOPv2RP.ts +29 -27
  10. package/src/functions.ts +2 -2
  11. package/src/types/ISIOPv2RP.ts +37 -24
package/dist/index.cjs CHANGED
@@ -441,11 +441,11 @@ async function createRPBuilder(args) {
441
441
  const { identifierOpts } = rpOpts;
442
442
  let definition = args.definition;
443
443
  let dcqlQuery = args.dcql;
444
- if (!definition && pexOpts && pexOpts.definitionId) {
444
+ if (!definition && pexOpts && pexOpts.queryId) {
445
445
  const presentationDefinitionItems = await context.agent.pdmGetDefinitions({
446
446
  filter: [
447
447
  {
448
- definitionId: pexOpts.definitionId,
448
+ definitionId: pexOpts.queryId,
449
449
  version: pexOpts.version,
450
450
  tenantId: pexOpts.tenantId
451
451
  }
@@ -633,7 +633,7 @@ var RPInstance = class {
633
633
  return this.definitionId !== void 0;
634
634
  }
635
635
  get definitionId() {
636
- return this.pexOptions?.definitionId;
636
+ return this.pexOptions?.queryId;
637
637
  }
638
638
  async getPresentationDefinition(context) {
639
639
  return this.definitionId ? await context.agent.pexStoreGetDefinition({
@@ -755,30 +755,32 @@ var SIOPv2RP = class _SIOPv2RP {
755
755
  }
756
756
  async createAuthorizationRequestURI(createArgs, context) {
757
757
  return await this.getRPInstance({
758
- definitionId: createArgs.definitionId,
759
- responseRedirectURI: createArgs.responseRedirectURI
758
+ responseRedirectURI: createArgs.responseRedirectURI,
759
+ ...createArgs.useQueryIdInstance === true && {
760
+ queryId: createArgs.queryId
761
+ }
760
762
  }, context).then((rp) => rp.createAuthorizationRequestURI(createArgs, context)).then((URI) => URI.encodedUri);
761
763
  }
762
764
  async createAuthorizationRequestPayloads(createArgs, context) {
763
765
  return await this.getRPInstance({
764
- definitionId: createArgs.definitionId
766
+ queryId: createArgs.queryId
765
767
  }, context).then((rp) => rp.createAuthorizationRequest(createArgs, context)).then(async (request) => {
766
768
  const authRequest = {
767
769
  authorizationRequest: request.payload,
768
770
  requestObject: await request.requestObjectJwt(),
769
- requestObjectDecoded: await request.requestObject?.getPayload()
771
+ requestObjectDecoded: request.requestObject?.getPayload()
770
772
  };
771
773
  return authRequest;
772
774
  });
773
775
  }
774
776
  async siopGetRequestState(args, context) {
775
777
  return await this.getRPInstance({
776
- definitionId: args.definitionId
778
+ queryId: args.queryId
777
779
  }, context).then((rp) => rp.get(context).then((rp2) => rp2.sessionManager.getRequestStateByCorrelationId(args.correlationId, args.errorOnNotFound)));
778
780
  }
779
781
  async siopGetResponseState(args, context) {
780
782
  const rpInstance = await this.getRPInstance({
781
- definitionId: args.definitionId
783
+ queryId: args.queryId
782
784
  }, context);
783
785
  const authorizationResponseState = await rpInstance.get(context).then((rp) => rp.sessionManager.getResponseStateByCorrelationId(args.correlationId, args.errorOnNotFound));
784
786
  if (authorizationResponseState === void 0) {
@@ -831,11 +833,11 @@ var SIOPv2RP = class _SIOPv2RP {
831
833
  }
832
834
  presentationOrClaimsFrom = /* @__PURE__ */ __name((presentationDecoded) => import_ssi_types2.CredentialMapper.isSdJwtDecodedCredential(presentationDecoded) ? presentationDecoded.decodedPayload : import_ssi_types2.CredentialMapper.toUniformPresentation(presentationDecoded), "presentationOrClaimsFrom");
833
835
  async siopUpdateRequestState(args, context) {
834
- if (args.state !== "sent") {
835
- throw Error(`Only 'sent' status is supported for this method at this point`);
836
+ if (args.state !== "authorization_request_created") {
837
+ throw Error(`Only 'authorization_request_created' status is supported for this method at this point`);
836
838
  }
837
839
  return await this.getRPInstance({
838
- definitionId: args.definitionId
840
+ queryId: args.queryId
839
841
  }, context).then((rp) => rp.get(context).then(async (rp2) => {
840
842
  await rp2.signalAuthRequestRetrieved({
841
843
  correlationId: args.correlationId,
@@ -846,7 +848,7 @@ var SIOPv2RP = class _SIOPv2RP {
846
848
  }
847
849
  async siopDeleteState(args, context) {
848
850
  return await this.getRPInstance({
849
- definitionId: args.definitionId
851
+ queryId: args.queryId
850
852
  }, context).then((rp) => rp.get(context).then((rp2) => rp2.sessionManager.deleteStateForCorrelationId(args.correlationId))).then(() => true);
851
853
  }
852
854
  async siopVerifyAuthResponse(args, context) {
@@ -855,9 +857,12 @@ var SIOPv2RP = class _SIOPv2RP {
855
857
  }
856
858
  const authResponse = typeof args.authorizationResponse === "string" ? (0, import_did_auth_siop2.decodeUriAsJson)(args.authorizationResponse) : args.authorizationResponse;
857
859
  return await this.getRPInstance({
858
- definitionId: args.definitionId
860
+ queryId: args.queryId
859
861
  }, context).then((rp) => rp.get(context).then((rp2) => rp2.verifyAuthorizationResponse(authResponse, {
860
862
  correlationId: args.correlationId,
863
+ ...args.presentationDefinitions && !args.dcqlQuery ? {
864
+ presentationDefinitions: args.presentationDefinitions
865
+ } : {},
861
866
  ...args.dcqlQuery ? {
862
867
  dcqlQuery: args.dcqlQuery
863
868
  } : {},
@@ -865,8 +870,8 @@ var SIOPv2RP = class _SIOPv2RP {
865
870
  })));
866
871
  }
867
872
  async siopImportDefinitions(args, context) {
868
- const { definitions, tenantId, version, versionControlMode } = args;
869
- await Promise.all(definitions.map(async (definitionPair) => {
873
+ const { queries, tenantId, version, versionControlMode } = args;
874
+ await Promise.all(queries.map(async (definitionPair) => {
870
875
  const definitionPayload = definitionPair.definitionPayload;
871
876
  await context.agent.pexValidateDefinition({
872
877
  definition: definitionPayload
@@ -886,7 +891,7 @@ var SIOPv2RP = class _SIOPv2RP {
886
891
  }));
887
892
  }
888
893
  async siopGetRedirectURI(args, context) {
889
- const instanceId = args.definitionId ?? _SIOPv2RP._DEFAULT_OPTS_KEY;
894
+ const instanceId = args.queryId ?? _SIOPv2RP._DEFAULT_OPTS_KEY;
890
895
  if (this.instances.has(instanceId)) {
891
896
  const rpInstance = this.instances.get(instanceId);
892
897
  if (rpInstance !== void 0) {
@@ -902,12 +907,12 @@ var SIOPv2RP = class _SIOPv2RP {
902
907
  }
903
908
  return void 0;
904
909
  }
905
- async getRPInstance({ definitionId, responseRedirectURI }, context) {
906
- const instanceId = definitionId ?? _SIOPv2RP._DEFAULT_OPTS_KEY;
910
+ async getRPInstance({ queryId, responseRedirectURI }, context) {
911
+ const instanceId = queryId ?? _SIOPv2RP._DEFAULT_OPTS_KEY;
907
912
  if (!this.instances.has(instanceId)) {
908
- const instanceOpts = this.getInstanceOpts(definitionId);
913
+ const instanceOpts = this.getInstanceOpts(queryId);
909
914
  const rpOpts = await this.getRPOptions(context, {
910
- definitionId,
915
+ queryId,
911
916
  responseRedirectURI
912
917
  });
913
918
  if (!rpOpts.identifierOpts.resolveOpts?.resolver || typeof rpOpts.identifierOpts.resolveOpts.resolver.resolve !== "function") {
@@ -919,7 +924,7 @@ var SIOPv2RP = class _SIOPv2RP {
919
924
  ...rpOpts.identifierOpts.resolveOpts
920
925
  };
921
926
  }
922
- console.log("Using agent DID resolver for RP instance with definition id " + definitionId);
927
+ console.log("Using agent DID resolver for RP instance with definition id " + queryId);
923
928
  rpOpts.identifierOpts.resolveOpts.resolver = (0, import_ssi_sdk_ext4.getAgentResolver)(context, {
924
929
  uniresolverResolution: true,
925
930
  localResolution: true,
@@ -938,10 +943,10 @@ var SIOPv2RP = class _SIOPv2RP {
938
943
  return rpInstance;
939
944
  }
940
945
  async getRPOptions(context, opts) {
941
- const { definitionId, responseRedirectURI } = opts;
942
- const options = this.getInstanceOpts(definitionId)?.rpOpts ?? this.opts.defaultOpts;
946
+ const { queryId, responseRedirectURI } = opts;
947
+ const options = this.getInstanceOpts(queryId)?.rpOpts ?? this.opts.defaultOpts;
943
948
  if (!options) {
944
- throw Error(`Could not get specific nor default options for definition ${definitionId}`);
949
+ throw Error(`Could not get specific nor default options for definition ${queryId}`);
945
950
  }
946
951
  if (this.opts.defaultOpts) {
947
952
  if (!options.identifierOpts) {
@@ -975,18 +980,18 @@ var SIOPv2RP = class _SIOPv2RP {
975
980
  }
976
981
  getInstanceOpts(definitionId) {
977
982
  if (!this.opts.instanceOpts) return void 0;
978
- const instanceOpt = definitionId ? this.opts.instanceOpts.find((i) => i.definitionId === definitionId) : void 0;
983
+ const instanceOpt = definitionId ? this.opts.instanceOpts.find((i) => i.queryId === definitionId) : void 0;
979
984
  return instanceOpt ?? this.getDefaultOptions(definitionId);
980
985
  }
981
986
  getDefaultOptions(definitionId) {
982
987
  if (!this.opts.instanceOpts) return void 0;
983
- const defaultOptions = this.opts.instanceOpts.find((i) => i.definitionId === "default");
988
+ const defaultOptions = this.opts.instanceOpts.find((i) => i.queryId === "default");
984
989
  if (defaultOptions) {
985
990
  const clonedOptions = {
986
991
  ...defaultOptions
987
992
  };
988
993
  if (definitionId !== void 0) {
989
- clonedOptions.definitionId = definitionId;
994
+ clonedOptions.queryId = definitionId;
990
995
  }
991
996
  return clonedOptions;
992
997
  }
@@ -995,12 +1000,12 @@ var SIOPv2RP = class _SIOPv2RP {
995
1000
  };
996
1001
 
997
1002
  // src/types/ISIOPv2RP.ts
998
- var VerifiedDataMode = /* @__PURE__ */ function(VerifiedDataMode2) {
1003
+ var VerifiedDataMode = /* @__PURE__ */ (function(VerifiedDataMode2) {
999
1004
  VerifiedDataMode2["NONE"] = "none";
1000
1005
  VerifiedDataMode2["VERIFIED_PRESENTATION"] = "vp";
1001
1006
  VerifiedDataMode2["CREDENTIAL_SUBJECT_FLATTENED"] = "cs-flat";
1002
1007
  return VerifiedDataMode2;
1003
- }({});
1008
+ })({});
1004
1009
 
1005
1010
  // src/index.ts
1006
1011
  var schema = require_plugin_schema();
package/dist/index.cjs.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"sources":["../plugin.schema.json","../src/index.ts","../src/agent/SIOPv2RP.ts","../src/functions.ts","../src/RPInstance.ts","../src/types/ISIOPv2RP.ts"],"sourcesContent":["{\n \"IDidAuthSiopOpAuthenticator\": {\n \"components\": {\n \"schemas\": {\n \"IGetSiopSessionArgs\": {\n \"type\": \"object\",\n \"properties\": {\n \"sessionId\": {\n \"type\": \"string\"\n },\n \"additionalProperties\": false\n },\n \"required\": [\"sessionId\"],\n \"description\": \"Arguments needed for {@link DidAuthSiopOpAuthenticator.getSessionForSiop } \"\n },\n \"IRegisterSiopSessionArgs\": {\n \"type\": \"object\",\n \"properties\": {\n \"identifier\": {\n \"type\": \"object\",\n \"properties\": {\n \"did\": {\n \"type\": \"string\"\n },\n \"alias\": {\n \"type\": \"string\"\n },\n \"provider\": {\n \"type\": \"string\"\n },\n \"controllerKeyId\": {\n \"type\": \"string\"\n },\n \"keys\": {\n \"type\": \"array\",\n \"items\": {\n \"type\": \"object\",\n \"properties\": {\n \"additionalProperties\": true\n }\n }\n },\n \"services\": {\n \"type\": \"array\",\n \"items\": {\n \"type\": \"object\",\n \"properties\": {\n \"additionalProperties\": true\n }\n }\n }\n },\n \"additionalProperties\": false,\n \"required\": [\"did\", \"provider\", \"keys\", \"services\"]\n },\n \"sessionId\": {\n \"type\": \"string\"\n },\n \"expiresIn\": {\n \"type\": \"number\"\n },\n \"additionalProperties\": false\n },\n \"required\": [\"identifier\"],\n \"description\": \"Arguments needed for {@link DidAuthSiopOpAuthenticator.registerSessionForSiop } \"\n },\n \"IRemoveSiopSessionArgs\": {\n \"type\": \"object\",\n \"properties\": {\n \"sessionId\": {\n \"type\": \"string\"\n },\n \"additionalProperties\": false\n },\n \"required\": [\"sessionId\"],\n \"description\": \"Arguments needed for {@link DidAuthSiopOpAuthenticator.removeSessionForSiop } \"\n },\n \"IAuthenticateWithSiopArgs\": {\n \"type\": \"object\",\n \"properties\": {\n \"sessionId\": {\n \"type\": \"string\"\n },\n \"stateId\": {\n \"type\": \"string\"\n },\n \"redirectUrl\": {\n \"type\": \"string\"\n },\n \"additionalProperties\": false\n },\n \"required\": [\"sessionId\", \"stateId\", \"redirectUrl\"],\n \"description\": \"Arguments needed for {@link DidAuthSiopOpAuthenticator.authenticateWithSiop } \"\n },\n \"IResponse\": {\n \"type\": \"object\",\n \"properties\": {\n \"status\": {\n \"type\": \"number\"\n },\n \"additionalProperties\": true\n },\n \"required\": [\"status\"],\n \"description\": \"Result of {@link DidAuthSiopOpAuthenticator.authenticateWithSiop & DidAuthSiopOpAuthenticator.sendSiopAuthenticationResponse } \"\n },\n \"IGetSiopAuthenticationRequestFromRpArgs\": {\n \"type\": \"object\",\n \"properties\": {\n \"sessionId\": {\n \"type\": \"string\"\n },\n \"stateId\": {\n \"type\": \"string\"\n },\n \"redirectUrl\": {\n \"type\": \"string\"\n },\n \"additionalProperties\": false\n },\n \"required\": [\"sessionId\", \"stateId\", \"redirectUrl\"],\n \"description\": \"Arguments needed for {@link DidAuthSiopOpAuthenticator.getSiopAuthenticationRequestFromRP } \"\n },\n \"ParsedAuthenticationRequestURI\": {\n \"type\": \"object\",\n \"properties\": {\n \"jwt\": {\n \"type\": \"string\"\n },\n \"requestPayload\": {\n \"type\": \"object\",\n \"properties\": {\n \"additionalProperties\": true\n }\n },\n \"registration\": {\n \"type\": \"object\",\n \"properties\": {\n \"additionalProperties\": true\n }\n },\n \"additionalProperties\": false\n },\n \"required\": [\"jwt\", \"requestPayload\", \"registration\"],\n \"description\": \"Result of {@link DidAuthSiopOpAuthenticator.getSiopAuthenticationRequestFromRP } \"\n },\n \"IGetSiopAuthenticationRequestDetailsArgs\": {\n \"type\": \"object\",\n \"properties\": {\n \"sessionId\": {\n \"type\": \"string\"\n },\n \"verifiedAuthenticationRequest\": {\n \"type\": \"object\",\n \"properties\": {\n \"additionalProperties\": true\n }\n },\n \"credentialFilter\": {\n \"type\": \"object\",\n \"properties\": {\n \"additionalProperties\": true\n }\n },\n \"additionalProperties\": false\n },\n \"required\": [\"sessionId\", \"verifiedAuthenticationRequest\"],\n \"description\": \"Arguments needed for {@link DidAuthSiopOpAuthenticator.getSiopAuthenticationRequestDetails } \"\n },\n \"IAuthRequestDetails\": {\n \"type\": \"object\",\n \"properties\": {\n \"id\": {\n \"type\": \"string\"\n },\n \"alsoKnownAs\": {\n \"type\": \"array\",\n \"items\": {\n \"type\": \"string\"\n }\n },\n \"vpResponseOpts\": {\n \"type\": \"object\",\n \"properties\": {\n \"additionalProperties\": true\n }\n },\n \"additionalProperties\": false\n },\n \"required\": [\"id\", \"vpResponseOpts\"],\n \"description\": \"Result of {@link DidAuthSiopOpAuthenticator.getSiopAuthenticationRequestDetails } \"\n },\n \"IVerifySiopAuthenticationRequestUriArgs\": {\n \"type\": \"object\",\n \"properties\": {\n \"sessionId\": {\n \"type\": \"string\"\n },\n \"ParsedAuthenticationRequestURI\": {\n \"type\": \"object\",\n \"properties\": {\n \"additionalProperties\": true\n }\n },\n \"additionalProperties\": false\n },\n \"required\": [\"sessionId\", \"ParsedAuthenticationRequestURI\"],\n \"description\": \"Arguments needed for {@link DidAuthSiopOpAuthenticator.verifySiopAuthenticationRequestURI } \"\n },\n \"VerifiedAuthorizationRequest\": {\n \"type\": \"object\",\n \"properties\": {\n \"payload\": {\n \"type\": \"object\",\n \"properties\": {\n \"additionalProperties\": true\n }\n },\n \"presentationDefinitions\": {\n \"type\": \"object\",\n \"properties\": {\n \"additionalProperties\": true\n }\n },\n \"verifyOpts\": {\n \"type\": \"object\",\n \"properties\": {\n \"additionalProperties\": true\n }\n },\n \"additionalProperties\": false\n },\n \"required\": [\"payload\", \"verifyOpts\"],\n \"description\": \"Result of {@link DidAuthSiopOpAuthenticator.verifySiopAuthenticationRequestURI } \"\n },\n \"ISendSiopAuthenticationResponseArgs\": {\n \"type\": \"object\",\n \"properties\": {\n \"sessionId\": {\n \"type\": \"string\"\n },\n \"verifiedAuthenticationRequest\": {\n \"type\": \"object\",\n \"properties\": {\n \"additionalProperties\": true\n }\n },\n \"verifiablePresentationResponse\": {\n \"type\": \"object\",\n \"properties\": {\n \"additionalProperties\": true\n }\n },\n \"additionalProperties\": false\n },\n \"required\": [\"sessionId\", \"verifiedAuthenticationRequest\"],\n \"description\": \"Arguments needed for {@link DidAuthSiopOpAuthenticator.sendSiopAuthenticationResponse } \"\n }\n },\n \"methods\": {\n \"getSessionForSiop\": {\n \"description\": \"Get SIOP session\",\n \"arguments\": {\n \"$ref\": \"#/components/schemas/IGetSiopSessionArgs\"\n },\n \"returnType\": \"object\"\n },\n \"registerSessionForSiop\": {\n \"description\": \"Register SIOP session\",\n \"arguments\": {\n \"$ref\": \"#/components/schemas/IRegisterSiopSessionArgs\"\n },\n \"returnType\": \"object\"\n },\n \"removeSessionForSiop\": {\n \"description\": \"Remove SIOP session\",\n \"arguments\": {\n \"$ref\": \"#/components/schemas/IRemoveSiopSessionArgs\"\n },\n \"returnType\": \"boolean\"\n },\n \"authenticateWithSiop\": {\n \"description\": \"Authenticate using DID Auth SIOP\",\n \"arguments\": {\n \"$ref\": \"#/components/schemas/IAuthenticateWithSiopArgs\"\n },\n \"returnType\": {\n \"$ref\": \"#/components/schemas/Response\"\n }\n },\n \"getSiopAuthenticationRequestFromRP\": {\n \"description\": \"Get authentication request from RP\",\n \"arguments\": {\n \"$ref\": \"#/components/schemas/IGetSiopAuthenticationRequestFromRpArgs\"\n },\n \"returnType\": {\n \"$ref\": \"#/components/schemas/ParsedAuthenticationRequestURI\"\n }\n },\n \"getSiopAuthenticationRequestDetails\": {\n \"description\": \"Get authentication request details\",\n \"arguments\": {\n \"$ref\": \"#/components/schemas/IGetSiopAuthenticationRequestDetailsArgs\"\n },\n \"returnType\": {\n \"$ref\": \"#/components/schemas/IAuthRequestDetails\"\n }\n },\n \"verifySiopAuthenticationRequestURI\": {\n \"description\": \"Verify authentication request URI\",\n \"arguments\": {\n \"$ref\": \"#/components/schemas/IVerifySiopAuthenticationRequestUriArgs\"\n },\n \"returnType\": {\n \"$ref\": \"#/components/schemas/VerifiedAuthorizationRequest\"\n }\n },\n \"sendSiopAuthenticationResponse\": {\n \"description\": \"Send authentication response\",\n \"arguments\": {\n \"$ref\": \"#/components/schemas/ISendSiopAuthenticationResponseArgs\"\n },\n \"returnType\": {\n \"$ref\": \"#/components/schemas/IRequiredContext\"\n }\n }\n }\n }\n }\n}\n","/**\n * @public\n */\nconst schema = require('../plugin.schema.json')\nexport { schema }\nexport { SIOPv2RP } from './agent/SIOPv2RP'\nexport * from './types/ISIOPv2RP'\n","import {\n AuthorizationRequestState,\n AuthorizationResponsePayload,\n AuthorizationResponseState,\n AuthorizationResponseStateStatus,\n decodeUriAsJson,\n VerifiedAuthorizationResponse,\n} from '@sphereon/did-auth-siop'\nimport { getAgentResolver } from '@sphereon/ssi-sdk-ext.did-utils'\nimport {\n AdditionalClaims,\n CredentialMapper,\n HasherSync,\n ICredentialSubject,\n IPresentation,\n IVerifiableCredential,\n IVerifiablePresentation,\n JwtDecodedVerifiablePresentation,\n MdocDeviceResponse,\n MdocOid4vpMdocVpToken,\n OriginalVerifiablePresentation,\n SdJwtDecodedVerifiableCredential,\n} from '@sphereon/ssi-types'\nimport { IAgentPlugin } from '@veramo/core'\nimport {\n AuthorizationResponseStateWithVerifiedData,\n IAuthorizationRequestPayloads,\n ICreateAuthRequestArgs,\n IGetAuthRequestStateArgs,\n IGetAuthResponseStateArgs,\n IGetRedirectUriArgs,\n ImportDefinitionsArgs,\n IPEXInstanceOptions,\n IRequiredContext,\n IRPDefaultOpts,\n IRPOptions,\n ISiopRPInstanceArgs,\n ISiopv2RPOpts,\n IUpdateRequestStateArgs,\n IVerifyAuthResponseStateArgs,\n schema,\n VerifiedDataMode,\n} from '../index'\nimport { RPInstance } from '../RPInstance'\n\nimport { ISIOPv2RP } from '../types/ISIOPv2RP'\nimport { shaHasher as defaultHasher } from '@sphereon/ssi-sdk.core'\nimport { DcqlQuery } from 'dcql'\n\nexport class SIOPv2RP implements IAgentPlugin {\n private readonly opts: ISiopv2RPOpts\n private static readonly _DEFAULT_OPTS_KEY = '_default'\n private readonly instances: Map<string, RPInstance> = new Map()\n readonly schema = schema.IDidAuthSiopOpAuthenticator\n\n readonly methods: ISIOPv2RP = {\n siopCreateAuthRequestURI: this.createAuthorizationRequestURI.bind(this),\n siopCreateAuthRequestPayloads: this.createAuthorizationRequestPayloads.bind(this),\n siopGetAuthRequestState: this.siopGetRequestState.bind(this),\n siopGetAuthResponseState: this.siopGetResponseState.bind(this),\n siopUpdateAuthRequestState: this.siopUpdateRequestState.bind(this),\n siopDeleteAuthState: this.siopDeleteState.bind(this),\n siopVerifyAuthResponse: this.siopVerifyAuthResponse.bind(this),\n siopImportDefinitions: this.siopImportDefinitions.bind(this),\n siopGetRedirectURI: this.siopGetRedirectURI.bind(this),\n }\n\n constructor(opts: ISiopv2RPOpts) {\n this.opts = opts\n }\n\n public setDefaultOpts(rpDefaultOpts: IRPDefaultOpts, context: IRequiredContext) {\n // We allow setting default options later, because in some cases you might want to query the agent for defaults. This cannot happen when the agent is being build (this is when the constructor is being called)\n this.opts.defaultOpts = rpDefaultOpts\n // We however do require the agent to be responsible for resolution, otherwise people might encounter strange errors, that are very hard to track down\n if (\n !this.opts.defaultOpts.identifierOpts.resolveOpts?.resolver ||\n typeof this.opts.defaultOpts.identifierOpts.resolveOpts.resolver.resolve !== 'function'\n ) {\n this.opts.defaultOpts.identifierOpts.resolveOpts = {\n ...this.opts.defaultOpts.identifierOpts.resolveOpts,\n resolver: getAgentResolver(context, { uniresolverResolution: true, resolverResolution: true, localResolution: true }),\n }\n }\n }\n\n private async createAuthorizationRequestURI(createArgs: ICreateAuthRequestArgs, context: IRequiredContext): Promise<string> {\n return await this.getRPInstance({ definitionId: createArgs.definitionId, responseRedirectURI: createArgs.responseRedirectURI }, context)\n .then((rp) => rp.createAuthorizationRequestURI(createArgs, context))\n .then((URI) => URI.encodedUri)\n }\n\n private async createAuthorizationRequestPayloads(\n createArgs: ICreateAuthRequestArgs,\n context: IRequiredContext,\n ): Promise<IAuthorizationRequestPayloads> {\n return await this.getRPInstance({ definitionId: createArgs.definitionId }, context)\n .then((rp) => rp.createAuthorizationRequest(createArgs, context))\n .then(async (request) => {\n const authRequest: IAuthorizationRequestPayloads = {\n authorizationRequest: request.payload,\n requestObject: await request.requestObjectJwt(),\n requestObjectDecoded: await request.requestObject?.getPayload(),\n }\n return authRequest\n })\n }\n\n private async siopGetRequestState(args: IGetAuthRequestStateArgs, context: IRequiredContext): Promise<AuthorizationRequestState | undefined> {\n return await this.getRPInstance({ definitionId: args.definitionId }, context).then((rp) =>\n rp.get(context).then((rp) => rp.sessionManager.getRequestStateByCorrelationId(args.correlationId, args.errorOnNotFound)),\n )\n }\n\n private async siopGetResponseState(\n args: IGetAuthResponseStateArgs,\n context: IRequiredContext,\n ): Promise<AuthorizationResponseStateWithVerifiedData | undefined> {\n const rpInstance: RPInstance = await this.getRPInstance({ definitionId: args.definitionId }, context)\n const authorizationResponseState: AuthorizationResponseState | undefined = await rpInstance\n .get(context)\n .then((rp) => rp.sessionManager.getResponseStateByCorrelationId(args.correlationId, args.errorOnNotFound))\n if (authorizationResponseState === undefined) {\n return undefined\n }\n\n const responseState = authorizationResponseState as AuthorizationResponseStateWithVerifiedData\n if (\n responseState.status === AuthorizationResponseStateStatus.VERIFIED &&\n args.includeVerifiedData &&\n args.includeVerifiedData !== VerifiedDataMode.NONE\n ) {\n let hasher: HasherSync | undefined\n if (\n CredentialMapper.isSdJwtEncoded(responseState.response.payload.vp_token as OriginalVerifiablePresentation) &&\n (!rpInstance.rpOptions.credentialOpts?.hasher || typeof rpInstance.rpOptions.credentialOpts?.hasher !== 'function')\n ) {\n hasher = defaultHasher\n }\n // todo this should also include mdl-mdoc\n const presentationDecoded = CredentialMapper.decodeVerifiablePresentation(\n responseState.response.payload.vp_token as OriginalVerifiablePresentation,\n //todo: later we want to conditionally pass in options for mdl-mdoc here\n hasher,\n )\n switch (args.includeVerifiedData) {\n case VerifiedDataMode.VERIFIED_PRESENTATION:\n responseState.response.payload.verifiedData = this.presentationOrClaimsFrom(presentationDecoded)\n break\n case VerifiedDataMode.CREDENTIAL_SUBJECT_FLATTENED: // TODO debug cs-flat for SD-JWT\n const allClaims: AdditionalClaims = {}\n for (const credential of this.presentationOrClaimsFrom(presentationDecoded).verifiableCredential || []) {\n const vc = credential as IVerifiableCredential\n const schemaValidationResult = await context.agent.cvVerifySchema({\n credential,\n hasher,\n validationPolicy: rpInstance.rpOptions.verificationPolicies?.schemaValidation,\n })\n if (!schemaValidationResult.result) {\n responseState.status = AuthorizationResponseStateStatus.ERROR\n responseState.error = new Error(schemaValidationResult.error)\n return responseState\n }\n\n const credentialSubject = vc.credentialSubject as ICredentialSubject & AdditionalClaims\n if (!('id' in allClaims)) {\n allClaims['id'] = credentialSubject.id\n }\n\n Object.entries(credentialSubject).forEach(([key, value]) => {\n if (!(key in allClaims)) {\n allClaims[key] = value\n }\n })\n }\n responseState.verifiedData = allClaims\n break\n }\n }\n return responseState\n }\n\n private presentationOrClaimsFrom = (\n presentationDecoded:\n | JwtDecodedVerifiablePresentation\n | IVerifiablePresentation\n | SdJwtDecodedVerifiableCredential\n | MdocOid4vpMdocVpToken\n | MdocDeviceResponse,\n ): AdditionalClaims | IPresentation =>\n CredentialMapper.isSdJwtDecodedCredential(presentationDecoded)\n ? presentationDecoded.decodedPayload\n : CredentialMapper.toUniformPresentation(presentationDecoded as OriginalVerifiablePresentation)\n\n private async siopUpdateRequestState(args: IUpdateRequestStateArgs, context: IRequiredContext): Promise<AuthorizationRequestState> {\n if (args.state !== 'sent') {\n throw Error(`Only 'sent' status is supported for this method at this point`)\n }\n return await this.getRPInstance({ definitionId: args.definitionId }, context)\n // todo: In the SIOP library we need to update the signal method to be more like this method\n .then((rp) =>\n rp.get(context).then(async (rp) => {\n await rp.signalAuthRequestRetrieved({\n correlationId: args.correlationId,\n error: args.error ? new Error(args.error) : undefined,\n })\n return (await rp.sessionManager.getRequestStateByCorrelationId(args.correlationId, true)) as AuthorizationRequestState\n }),\n )\n }\n\n private async siopDeleteState(args: IGetAuthResponseStateArgs, context: IRequiredContext): Promise<boolean> {\n return await this.getRPInstance({ definitionId: args.definitionId }, context)\n .then((rp) => rp.get(context).then((rp) => rp.sessionManager.deleteStateForCorrelationId(args.correlationId)))\n .then(() => true)\n }\n\n private async siopVerifyAuthResponse(args: IVerifyAuthResponseStateArgs, context: IRequiredContext): Promise<VerifiedAuthorizationResponse> {\n if (!args.authorizationResponse) {\n throw Error('No SIOPv2 Authorization Response received')\n }\n const authResponse =\n typeof args.authorizationResponse === 'string'\n ? (decodeUriAsJson(args.authorizationResponse) as AuthorizationResponsePayload)\n : args.authorizationResponse\n return await this.getRPInstance({ definitionId: args.definitionId }, context).then((rp) =>\n rp.get(context).then((rp) =>\n rp.verifyAuthorizationResponse(authResponse, {\n correlationId: args.correlationId,\n ...(args.dcqlQuery ? { dcqlQuery: args.dcqlQuery as DcqlQuery } : {}), // TODO BEFORE PR, check compatibility and whether we can remove local type\n audience: args.audience,\n }),\n ),\n )\n }\n\n private async siopImportDefinitions(args: ImportDefinitionsArgs, context: IRequiredContext): Promise<void> {\n const { definitions, tenantId, version, versionControlMode } = args\n await Promise.all(\n definitions.map(async (definitionPair) => {\n const definitionPayload = definitionPair.definitionPayload\n await context.agent.pexValidateDefinition({ definition: definitionPayload })\n\n console.log(`persisting definition ${definitionPayload.id} / ${definitionPayload.name} with versionControlMode ${versionControlMode}`)\n return context.agent.pdmPersistDefinition({\n definitionItem: {\n tenantId: tenantId,\n version: version,\n definitionPayload,\n dcqlPayload: definitionPair.dcqlPayload,\n },\n opts: { versionControlMode: versionControlMode },\n })\n }),\n )\n }\n\n private async siopGetRedirectURI(args: IGetRedirectUriArgs, context: IRequiredContext): Promise<string | undefined> {\n const instanceId = args.definitionId ?? SIOPv2RP._DEFAULT_OPTS_KEY\n if (this.instances.has(instanceId)) {\n const rpInstance = this.instances.get(instanceId)\n if (rpInstance !== undefined) {\n const rp = await rpInstance.get(context)\n return rp.getResponseRedirectUri({\n correlation_id: args.correlationId,\n correlationId: args.correlationId,\n ...(args.state && { state: args.state }),\n })\n }\n }\n return undefined\n }\n\n async getRPInstance({ definitionId, responseRedirectURI }: ISiopRPInstanceArgs, context: IRequiredContext): Promise<RPInstance> {\n const instanceId = definitionId ?? SIOPv2RP._DEFAULT_OPTS_KEY\n if (!this.instances.has(instanceId)) {\n const instanceOpts = this.getInstanceOpts(definitionId)\n const rpOpts = await this.getRPOptions(context, { definitionId, responseRedirectURI: responseRedirectURI })\n if (!rpOpts.identifierOpts.resolveOpts?.resolver || typeof rpOpts.identifierOpts.resolveOpts.resolver.resolve !== 'function') {\n if (!rpOpts.identifierOpts?.resolveOpts) {\n rpOpts.identifierOpts = { ...rpOpts.identifierOpts }\n rpOpts.identifierOpts.resolveOpts = { ...rpOpts.identifierOpts.resolveOpts }\n }\n console.log('Using agent DID resolver for RP instance with definition id ' + definitionId)\n rpOpts.identifierOpts.resolveOpts.resolver = getAgentResolver(context, {\n uniresolverResolution: true,\n localResolution: true,\n resolverResolution: true,\n })\n }\n this.instances.set(instanceId, new RPInstance({ rpOpts, pexOpts: instanceOpts }))\n }\n const rpInstance = this.instances.get(instanceId)!\n if (responseRedirectURI) {\n rpInstance.rpOptions.responseRedirectUri = responseRedirectURI\n }\n return rpInstance\n }\n\n async getRPOptions(context: IRequiredContext, opts: { definitionId?: string; responseRedirectURI?: string }): Promise<IRPOptions> {\n const { definitionId, responseRedirectURI: responseRedirectURI } = opts\n const options = this.getInstanceOpts(definitionId)?.rpOpts ?? this.opts.defaultOpts\n if (!options) {\n throw Error(`Could not get specific nor default options for definition ${definitionId}`)\n }\n if (this.opts.defaultOpts) {\n if (!options.identifierOpts) {\n options.identifierOpts = this.opts.defaultOpts?.identifierOpts\n } else {\n if (!options.identifierOpts.idOpts) {\n options.identifierOpts.idOpts = this.opts.defaultOpts.identifierOpts.idOpts\n }\n if (!options.identifierOpts.supportedDIDMethods) {\n options.identifierOpts.supportedDIDMethods = this.opts.defaultOpts.identifierOpts.supportedDIDMethods\n }\n if (!options.supportedVersions) {\n options.supportedVersions = this.opts.defaultOpts.supportedVersions\n }\n }\n if (!options.identifierOpts.resolveOpts || typeof options.identifierOpts.resolveOpts.resolver?.resolve !== 'function') {\n options.identifierOpts.resolveOpts = {\n ...this.opts.defaultOpts.identifierOpts.resolveOpts,\n resolver:\n this.opts.defaultOpts.identifierOpts?.resolveOpts?.resolver ??\n getAgentResolver(context, { localResolution: true, resolverResolution: true, uniresolverResolution: true }),\n }\n }\n }\n if (responseRedirectURI !== undefined && responseRedirectURI !== options.responseRedirectUri) {\n options.responseRedirectUri = responseRedirectURI\n }\n return options\n }\n\n getInstanceOpts(definitionId?: string): IPEXInstanceOptions | undefined {\n if (!this.opts.instanceOpts) return undefined\n\n const instanceOpt = definitionId ? this.opts.instanceOpts.find((i) => i.definitionId === definitionId) : undefined\n\n return instanceOpt ?? this.getDefaultOptions(definitionId)\n }\n\n private getDefaultOptions(definitionId: string | undefined) {\n if (!this.opts.instanceOpts) return undefined\n\n const defaultOptions = this.opts.instanceOpts.find((i) => i.definitionId === 'default')\n if (defaultOptions) {\n const clonedOptions = { ...defaultOptions }\n if (definitionId !== undefined) {\n clonedOptions.definitionId = definitionId\n }\n return clonedOptions\n }\n\n return undefined\n }\n}\n","import {\n ClientIdScheme,\n ClientMetadataOpts,\n InMemoryRPSessionManager,\n PassBy,\n PresentationVerificationCallback,\n PresentationVerificationResult,\n PropertyTarget,\n ResponseMode,\n ResponseType,\n RevocationVerification,\n RP,\n RPBuilder,\n Scope,\n SubjectType,\n SupportedVersion,\n VerifyJwtCallback,\n} from '@sphereon/did-auth-siop'\nimport { CreateJwtCallback, JwtHeader, JwtIssuer, JwtPayload, SigningAlgo } from '@sphereon/oid4vc-common'\nimport { IPresentationDefinition } from '@sphereon/pex'\nimport { getAgentDIDMethods, getAgentResolver } from '@sphereon/ssi-sdk-ext.did-utils'\nimport {\n isExternalIdentifierOIDFEntityIdOpts,\n isManagedIdentifierDidOpts,\n isManagedIdentifierDidResult,\n isManagedIdentifierX5cOpts,\n ManagedIdentifierOptsOrResult,\n} from '@sphereon/ssi-sdk-ext.identifier-resolution'\nimport { JwtCompactResult } from '@sphereon/ssi-sdk-ext.jwt-service'\nimport { IVerifySdJwtPresentationResult } from '@sphereon/ssi-sdk.sd-jwt'\nimport { CredentialMapper, Hasher, OriginalVerifiableCredential, PresentationSubmission } from '@sphereon/ssi-types'\nimport { IVerifyCallbackArgs, IVerifyCredentialResult, VerifyCallback } from '@sphereon/wellknown-dids-client'\n// import { KeyAlgo, SuppliedSigner } from '@sphereon/ssi-sdk.core'\nimport { TKeyType } from '@veramo/core'\nimport { JWTVerifyOptions } from 'did-jwt'\nimport { Resolvable } from 'did-resolver'\nimport { EventEmitter } from 'events'\nimport { IPEXOptions, IRequiredContext, IRPOptions, ISIOPIdentifierOptions } from './types/ISIOPv2RP'\nimport { DcqlQuery } from 'dcql'\nimport { defaultHasher } from '@sphereon/ssi-sdk.core'\n\nexport function getRequestVersion(rpOptions: IRPOptions): SupportedVersion {\n if (Array.isArray(rpOptions.supportedVersions) && rpOptions.supportedVersions.length > 0) {\n return rpOptions.supportedVersions[0]\n }\n return SupportedVersion.JWT_VC_PRESENTATION_PROFILE_v1\n}\n\nfunction getWellKnownDIDVerifyCallback(siopIdentifierOpts: ISIOPIdentifierOptions, context: IRequiredContext) {\n return siopIdentifierOpts.wellknownDIDVerifyCallback\n ? siopIdentifierOpts.wellknownDIDVerifyCallback\n : async (args: IVerifyCallbackArgs): Promise<IVerifyCredentialResult> => {\n const result = await context.agent.cvVerifyCredential({\n credential: args.credential as OriginalVerifiableCredential,\n fetchRemoteContexts: true,\n })\n return { verified: result.result }\n }\n}\n\nexport function getPresentationVerificationCallback(\n idOpts: ManagedIdentifierOptsOrResult,\n context: IRequiredContext,\n): PresentationVerificationCallback {\n async function presentationVerificationCallback(\n args: any, // FIXME any\n presentationSubmission?: PresentationSubmission,\n ): Promise<PresentationVerificationResult> {\n if (CredentialMapper.isSdJwtEncoded(args)) {\n const result: IVerifySdJwtPresentationResult = await context.agent.verifySdJwtPresentation({\n presentation: args,\n kb: true,\n })\n // fixme: investigate the correct way to handle this\n return { verified: !!result.payload }\n }\n\n if (CredentialMapper.isMsoMdocOid4VPEncoded(args)) {\n // TODO Funke reevaluate\n if (context.agent.mdocOid4vpRPVerify === undefined) {\n return Promise.reject('ImDLMdoc agent plugin must be enabled to support MsoMdoc types')\n }\n if (presentationSubmission !== undefined && presentationSubmission !== null) {\n const verifyResult = await context.agent.mdocOid4vpRPVerify({\n vp_token: args,\n presentation_submission: presentationSubmission,\n })\n return { verified: !verifyResult.error }\n }\n throw Error(`mdocOid4vpRPVerify(...) method requires a presentation submission`)\n }\n\n const result = await context.agent.verifyPresentation({\n presentation: args,\n fetchRemoteContexts: true,\n domain: (await context.agent.identifierManagedGet(idOpts)).kid?.split('#')[0],\n })\n return { verified: result.verified }\n }\n\n return presentationVerificationCallback\n}\n\nexport async function createRPBuilder(args: {\n rpOpts: IRPOptions\n pexOpts?: IPEXOptions | undefined\n definition?: IPresentationDefinition\n dcql?: DcqlQuery\n context: IRequiredContext\n}): Promise<RPBuilder> {\n const { rpOpts, pexOpts, context } = args\n const { identifierOpts } = rpOpts\n let definition: IPresentationDefinition | undefined = args.definition\n let dcqlQuery: DcqlQuery | undefined = args.dcql\n\n if (!definition && pexOpts && pexOpts.definitionId) {\n const presentationDefinitionItems = await context.agent.pdmGetDefinitions({\n filter: [\n {\n definitionId: pexOpts.definitionId,\n version: pexOpts.version,\n tenantId: pexOpts.tenantId,\n },\n ],\n })\n\n if (presentationDefinitionItems.length > 0) {\n const presentationDefinitionItem = presentationDefinitionItems[0]\n definition = presentationDefinitionItem.definitionPayload\n if (!dcqlQuery && presentationDefinitionItem.dcqlPayload) {\n dcqlQuery = presentationDefinitionItem.dcqlPayload as DcqlQuery // cast from DcqlQueryREST back to valibot DcqlQuery\n }\n }\n }\n\n const didMethods = identifierOpts.supportedDIDMethods ?? (await getAgentDIDMethods(context))\n const eventEmitter = rpOpts.eventEmitter ?? new EventEmitter()\n\n const defaultClientMetadata: ClientMetadataOpts = {\n // FIXME: All of the below should be configurable. Some should come from builder, some should be determined by the agent.\n // For now it is either preconfigured or everything passed in as a single object\n idTokenSigningAlgValuesSupported: [SigningAlgo.EDDSA, SigningAlgo.ES256, SigningAlgo.ES256K], // added newly\n requestObjectSigningAlgValuesSupported: [SigningAlgo.EDDSA, SigningAlgo.ES256, SigningAlgo.ES256K], // added newly\n responseTypesSupported: [ResponseType.ID_TOKEN], // added newly\n client_name: 'Sphereon',\n vpFormatsSupported: {\n jwt_vc: { alg: ['EdDSA', 'ES256K'] },\n jwt_vp: { alg: ['ES256K', 'EdDSA'] },\n },\n scopesSupported: [Scope.OPENID_DIDAUTHN],\n subjectTypesSupported: [SubjectType.PAIRWISE],\n subject_syntax_types_supported: didMethods.map((method) => `did:${method}`),\n passBy: PassBy.VALUE,\n }\n\n const resolver =\n rpOpts.identifierOpts.resolveOpts?.resolver ??\n getAgentResolver(context, {\n resolverResolution: true,\n localResolution: true,\n uniresolverResolution: rpOpts.identifierOpts.resolveOpts?.noUniversalResolverFallback !== true,\n })\n //todo: probably wise to first look and see if we actually need the hasher to begin with\n let hasher: Hasher | undefined = rpOpts.credentialOpts?.hasher\n if (!rpOpts.credentialOpts?.hasher || typeof rpOpts.credentialOpts?.hasher !== 'function') {\n hasher = defaultHasher\n }\n\n const builder = RP.builder({ requestVersion: getRequestVersion(rpOpts) })\n .withScope('openid', PropertyTarget.REQUEST_OBJECT)\n .withResponseMode(rpOpts.responseMode ?? ResponseMode.POST)\n .withResponseType(ResponseType.VP_TOKEN, PropertyTarget.REQUEST_OBJECT)\n // todo: move to options fill/correct method\n .withSupportedVersions(\n rpOpts.supportedVersions ?? [SupportedVersion.JWT_VC_PRESENTATION_PROFILE_v1, SupportedVersion.SIOPv2_ID1, SupportedVersion.SIOPv2_D11],\n )\n\n .withEventEmitter(eventEmitter)\n .withSessionManager(rpOpts.sessionManager ?? new InMemoryRPSessionManager(eventEmitter))\n .withClientMetadata(rpOpts.clientMetadataOpts ?? defaultClientMetadata, PropertyTarget.REQUEST_OBJECT)\n .withVerifyJwtCallback(\n rpOpts.verifyJwtCallback\n ? rpOpts.verifyJwtCallback\n : getVerifyJwtCallback(\n {\n resolver,\n verifyOpts: {\n wellknownDIDVerifyCallback: getWellKnownDIDVerifyCallback(rpOpts.identifierOpts, context),\n checkLinkedDomain: 'if_present',\n },\n },\n context,\n ),\n )\n .withRevocationVerification(RevocationVerification.NEVER)\n .withPresentationVerification(getPresentationVerificationCallback(identifierOpts.idOpts, context))\n\n const oidfOpts = identifierOpts.oidfOpts\n if (oidfOpts && isExternalIdentifierOIDFEntityIdOpts(oidfOpts)) {\n builder.withEntityId(oidfOpts.identifier, PropertyTarget.REQUEST_OBJECT).withClientIdScheme('entity_id', PropertyTarget.REQUEST_OBJECT)\n } else {\n const resolution = await context.agent.identifierManagedGet(identifierOpts.idOpts)\n builder\n .withClientId(\n resolution.issuer ?? (isManagedIdentifierDidResult(resolution) ? resolution.did : resolution.jwkThumbprint),\n PropertyTarget.REQUEST_OBJECT,\n )\n .withClientIdScheme(\n (resolution.clientIdScheme as ClientIdScheme) ?? (identifierOpts.idOpts.clientIdScheme as ClientIdScheme),\n PropertyTarget.REQUEST_OBJECT,\n )\n }\n\n if (hasher) {\n builder.withHasher(hasher)\n }\n //fixme: this has been removed in the new version of did-auth-siop\n /*if (!rpOpts.clientMetadataOpts?.subjectTypesSupported) {\n // Do not update in case it is already provided via client metadata opts\n didMethods.forEach((method) => builder.addDidMethod(method))\n }*/\n //fixme: this has been removed in the new version of did-auth-siop\n // builder.withWellknownDIDVerifyCallback(getWellKnownDIDVerifyCallback(didOpts, context))\n\n if (definition) {\n builder.withPresentationDefinition({ definition }, PropertyTarget.REQUEST_OBJECT)\n }\n if (dcqlQuery) {\n builder.withDcqlQuery(dcqlQuery)\n }\n\n if (rpOpts.responseRedirectUri) {\n builder.withResponseRedirectUri(rpOpts.responseRedirectUri)\n }\n\n //const key = resolution.key\n //fixme: this has been removed in the new version of did-auth-siop\n //builder.withSuppliedSignature(SuppliedSigner(key, context, getSigningAlgo(key.type) as unknown as KeyAlgo), did, kid, getSigningAlgo(key.type))\n\n /*if (isManagedIdentifierDidResult(resolution)) {\n //fixme: only accepts dids in version used. New SIOP lib also accepts other types\n builder.withSuppliedSignature(\n SuppliedSigner(key, context, getSigningAlgo(key.type) as unknown as KeyAlgo),\n resolution.did,\n resolution.kid,\n getSigningAlgo(key.type),\n )\n }*/\n //fixme: signcallback and it's return type are not totally compatible with our CreateJwtCallbackBase\n const createJwtCallback = signCallback(rpOpts.identifierOpts.idOpts, context)\n builder.withCreateJwtCallback(createJwtCallback satisfies CreateJwtCallback<any>)\n return builder\n}\n\nexport function signCallback(\n idOpts: ManagedIdentifierOptsOrResult,\n context: IRequiredContext,\n): (jwtIssuer: JwtIssuer, jwt: { header: JwtHeader; payload: JwtPayload }, kid?: string) => Promise<string> {\n return async (jwtIssuer: JwtIssuer, jwt: { header: JwtHeader; payload: JwtPayload }, kid?: string) => {\n if (!(isManagedIdentifierDidOpts(idOpts) || isManagedIdentifierX5cOpts(idOpts))) {\n return Promise.reject(Error(`JWT issuer method ${jwtIssuer.method} not yet supported`))\n }\n const result: JwtCompactResult = await context.agent.jwtCreateJwsCompactSignature({\n // FIXME fix cose-key inference\n // @ts-ignore\n issuer: { identifier: idOpts.identifier, kmsKeyRef: idOpts.kmsKeyRef, noIdentifierInHeader: false },\n // FIXME fix JWK key_ops\n // @ts-ignore\n protectedHeader: jwt.header,\n payload: jwt.payload,\n })\n return result.jwt\n }\n}\n\nfunction getVerifyJwtCallback(\n _opts: {\n resolver?: Resolvable\n verifyOpts?: JWTVerifyOptions & {\n checkLinkedDomain: 'never' | 'if_present' | 'always'\n wellknownDIDVerifyCallback?: VerifyCallback\n }\n },\n context: IRequiredContext,\n): VerifyJwtCallback {\n return async (_jwtVerifier, jwt) => {\n const result = await context.agent.jwtVerifyJwsSignature({ jws: jwt.raw })\n console.log(result.message)\n return !result.error\n }\n}\n\nexport async function createRP({ rpOptions, context }: { rpOptions: IRPOptions; context: IRequiredContext }): Promise<RP> {\n return (await createRPBuilder({ rpOpts: rpOptions, context })).build()\n}\n\nexport function getSigningAlgo(type: TKeyType): SigningAlgo {\n switch (type) {\n case 'Ed25519':\n return SigningAlgo.EDDSA\n case 'Secp256k1':\n return SigningAlgo.ES256K\n case 'Secp256r1':\n return SigningAlgo.ES256\n // @ts-ignore\n case 'RSA':\n return SigningAlgo.RS256\n default:\n throw Error('Key type not yet supported')\n }\n}\n","import { AuthorizationRequest, RP, URI } from '@sphereon/did-auth-siop'\nimport { ICreateAuthRequestArgs, IPEXOptions, IRequiredContext, IRPOptions } from './types/ISIOPv2RP'\nimport { IPresentationDefinition } from '@sphereon/pex'\nimport { createRPBuilder, getRequestVersion, getSigningAlgo } from './functions'\nimport { v4 as uuidv4 } from 'uuid'\nimport { JwtIssuer } from '@sphereon/oid4vc-common'\nimport {\n ensureManagedIdentifierResult,\n isManagedIdentifierDidResult,\n isManagedIdentifierX5cResult,\n} from '@sphereon/ssi-sdk-ext.identifier-resolution'\n\nexport class RPInstance {\n private _rp: RP | undefined\n private readonly _pexOptions: IPEXOptions | undefined\n private readonly _rpOptions: IRPOptions\n\n public constructor({ rpOpts, pexOpts }: { rpOpts: IRPOptions; pexOpts?: IPEXOptions }) {\n this._rpOptions = rpOpts\n this._pexOptions = pexOpts\n }\n\n public async get(context: IRequiredContext): Promise<RP> {\n if (!this._rp) {\n const builder = await createRPBuilder({\n rpOpts: this._rpOptions,\n pexOpts: this._pexOptions,\n context,\n })\n this._rp = builder.build()\n }\n return this._rp!\n }\n\n get rpOptions() {\n return this._rpOptions\n }\n\n get pexOptions() {\n return this._pexOptions\n }\n\n public hasDefinition(): boolean {\n return this.definitionId !== undefined\n }\n\n get definitionId(): string | undefined {\n return this.pexOptions?.definitionId\n }\n\n public async getPresentationDefinition(context: IRequiredContext): Promise<IPresentationDefinition | undefined> {\n return this.definitionId\n ? await context.agent.pexStoreGetDefinition({\n definitionId: this.definitionId,\n tenantId: this.pexOptions?.tenantId,\n })\n : undefined\n }\n\n public async createAuthorizationRequestURI(createArgs: Omit<ICreateAuthRequestArgs, 'definitionId'>, context: IRequiredContext): Promise<URI> {\n const { correlationId, claims, requestByReferenceURI, responseURI, responseURIType } = createArgs\n const nonce = createArgs.nonce ?? uuidv4()\n const state = createArgs.state ?? correlationId\n let jwtIssuer: JwtIssuer\n const idOpts = this.rpOptions.identifierOpts.idOpts\n const resolution = await ensureManagedIdentifierResult(idOpts, context)\n if (isManagedIdentifierDidResult(resolution)) {\n jwtIssuer = { didUrl: resolution.kid, method: 'did', alg: getSigningAlgo(resolution.key.type) }\n } else if (isManagedIdentifierX5cResult(resolution)) {\n if (!resolution.issuer) {\n return Promise.reject('missing issuer in idOpts')\n }\n jwtIssuer = {\n issuer: resolution.issuer,\n x5c: resolution.x5c,\n method: 'x5c',\n alg: getSigningAlgo(resolution.key.type),\n }\n } else {\n return Promise.reject(Error(`JWT issuer method ${resolution.method} not yet supported`))\n }\n\n return await this.get(context).then((rp) =>\n rp.createAuthorizationRequestURI({\n version: getRequestVersion(this.rpOptions),\n correlationId,\n nonce,\n state,\n claims,\n requestByReferenceURI,\n responseURI,\n responseURIType,\n jwtIssuer,\n }),\n )\n }\n\n public async createAuthorizationRequest(\n createArgs: Omit<ICreateAuthRequestArgs, 'definitionId'>,\n context: IRequiredContext,\n ): Promise<AuthorizationRequest> {\n const { correlationId, claims, requestByReferenceURI, responseURI, responseURIType } = createArgs\n const nonce = createArgs.nonce ?? uuidv4()\n const state = createArgs.state ?? correlationId\n const idOpts = this.rpOptions.identifierOpts.idOpts\n const resolution = await ensureManagedIdentifierResult(idOpts, context)\n\n let jwtIssuer: JwtIssuer\n if (isManagedIdentifierX5cResult(resolution) && resolution.issuer) {\n jwtIssuer = {\n method: resolution.method,\n alg: getSigningAlgo(resolution.key.type),\n x5c: resolution.x5c,\n issuer: resolution.issuer,\n }\n } else if (isManagedIdentifierDidResult(resolution)) {\n jwtIssuer = {\n method: resolution.method,\n alg: getSigningAlgo(resolution.key.type),\n didUrl: resolution.did,\n }\n } else {\n return Promise.reject(Error('Only did & x5c supported at present'))\n }\n\n return await this.get(context).then((rp) =>\n rp.createAuthorizationRequest({\n version: getRequestVersion(this.rpOptions),\n correlationId,\n nonce,\n state,\n claims,\n requestByReferenceURI,\n responseURIType,\n responseURI,\n jwtIssuer,\n }),\n )\n }\n}\n","import {\n AuthorizationRequestPayload,\n AuthorizationRequestState,\n AuthorizationResponsePayload,\n AuthorizationResponseState,\n ClaimPayloadCommonOpts,\n ClientMetadataOpts,\n IRPSessionManager,\n PresentationVerificationCallback,\n RequestObjectPayload,\n ResponseMode,\n ResponseURIType,\n SupportedVersion,\n VerifiedAuthorizationResponse,\n VerifyJwtCallback,\n} from '@sphereon/did-auth-siop'\nimport { CheckLinkedDomain } from '@sphereon/did-auth-siop-adapter'\nimport { DIDDocument } from '@sphereon/did-uni-client'\nimport { JwtIssuer } from '@sphereon/oid4vc-common'\nimport { IPresentationDefinition } from '@sphereon/pex'\nimport { IDIDOptions } from '@sphereon/ssi-sdk-ext.did-utils'\nimport { ExternalIdentifierOIDFEntityIdOpts, IIdentifierResolution, ManagedIdentifierOptsOrResult } from '@sphereon/ssi-sdk-ext.identifier-resolution'\nimport { IJwtService } from '@sphereon/ssi-sdk-ext.jwt-service'\nimport { ICredentialValidation, SchemaValidation } from '@sphereon/ssi-sdk.credential-validation'\nimport { ImDLMdoc } from '@sphereon/ssi-sdk.mdl-mdoc'\nimport { IPDManager, VersionControlMode } from '@sphereon/ssi-sdk.pd-manager'\nimport { IPresentationExchange } from '@sphereon/ssi-sdk.presentation-exchange'\nimport { ISDJwtPlugin } from '@sphereon/ssi-sdk.sd-jwt'\nimport { AuthorizationRequestStateStatus } from '@sphereon/ssi-sdk.siopv2-oid4vp-common'\nimport { AdditionalClaims, DcqlQueryREST, HasherSync } from '@sphereon/ssi-types'\nimport { VerifyCallback } from '@sphereon/wellknown-dids-client'\nimport { IAgentContext, ICredentialIssuer, ICredentialVerifier, IDIDManager, IKeyManager, IPluginMethodMap, IResolver } from '@veramo/core'\n\nimport { Resolvable } from 'did-resolver'\nimport { EventEmitter } from 'events'\n\nexport enum VerifiedDataMode {\n NONE = 'none',\n VERIFIED_PRESENTATION = 'vp',\n CREDENTIAL_SUBJECT_FLATTENED = 'cs-flat',\n}\n\nexport interface ISIOPv2RP extends IPluginMethodMap {\n siopCreateAuthRequestURI(createArgs: ICreateAuthRequestArgs, context: IRequiredContext): Promise<string>\n siopCreateAuthRequestPayloads(createArgs: ICreateAuthRequestArgs, context: IRequiredContext): Promise<IAuthorizationRequestPayloads>\n siopGetAuthRequestState(args: IGetAuthRequestStateArgs, context: IRequiredContext): Promise<AuthorizationRequestState | undefined>\n siopGetAuthResponseState(\n args: IGetAuthResponseStateArgs,\n context: IRequiredContext,\n ): Promise<AuthorizationResponseStateWithVerifiedData | undefined>\n siopUpdateAuthRequestState(args: IUpdateRequestStateArgs, context: IRequiredContext): Promise<AuthorizationRequestState>\n siopDeleteAuthState(args: IDeleteAuthStateArgs, context: IRequiredContext): Promise<boolean>\n siopVerifyAuthResponse(args: IVerifyAuthResponseStateArgs, context: IRequiredContext): Promise<VerifiedAuthorizationResponse>\n siopImportDefinitions(args: ImportDefinitionsArgs, context: IRequiredContext): Promise<void>\n\n siopGetRedirectURI(args: IGetRedirectUriArgs, context: IRequiredContext): Promise<string | undefined>\n}\n\nexport interface ISiopv2RPOpts {\n defaultOpts?: IRPDefaultOpts\n instanceOpts?: IPEXInstanceOptions[]\n}\n\nexport interface IRPDefaultOpts extends IRPOptions {}\n\nexport interface ICreateAuthRequestArgs {\n definitionId: string\n correlationId: string\n responseURIType: ResponseURIType\n responseURI: string\n responseRedirectURI?: string\n jwtIssuer?: JwtIssuer\n requestByReferenceURI?: string\n nonce?: string\n state?: string\n claims?: ClaimPayloadCommonOpts\n}\n\nexport interface IGetAuthRequestStateArgs {\n correlationId: string\n definitionId: string\n errorOnNotFound?: boolean\n}\n\nexport interface IGetAuthResponseStateArgs {\n correlationId: string\n definitionId: string\n errorOnNotFound?: boolean\n progressRequestStateTo?: AuthorizationRequestStateStatus\n includeVerifiedData?: VerifiedDataMode\n}\n\nexport interface IUpdateRequestStateArgs {\n definitionId: string\n correlationId: string\n state: AuthorizationRequestStateStatus\n error?: string\n}\n\nexport interface IDeleteAuthStateArgs {\n correlationId: string\n definitionId: string\n}\n\nexport interface IVerifyAuthResponseStateArgs {\n authorizationResponse: string | AuthorizationResponsePayload\n definitionId?: string\n correlationId: string\n audience?: string\n dcqlQuery?: DcqlQueryREST\n}\n\nexport interface IDefinitionPair {\n definitionPayload: IPresentationDefinition\n dcqlPayload?: DcqlQueryREST\n}\n\nexport interface ImportDefinitionsArgs {\n definitions: Array<IDefinitionPair>\n tenantId?: string\n version?: string\n versionControlMode?: VersionControlMode\n}\n\nexport interface IGetRedirectUriArgs {\n correlationId: string\n definitionId?: string\n state?: string\n}\n\nexport interface IAuthorizationRequestPayloads {\n authorizationRequest: AuthorizationRequestPayload\n requestObject?: string\n requestObjectDecoded?: RequestObjectPayload\n}\n\nexport interface IPEXDefinitionPersistArgs extends IPEXInstanceOptions {\n definition: IPresentationDefinition\n ttl?: number\n}\n\nexport interface ISiopRPInstanceArgs {\n definitionId?: string\n responseRedirectURI?: string\n}\n\nexport interface IPEXInstanceOptions extends IPEXOptions {\n rpOpts?: IRPOptions\n}\n\nexport interface IRPOptions {\n responseMode?: ResponseMode\n supportedVersions?: SupportedVersion[] // The supported version by the RP. The first version will be the default version\n sessionManager?: IRPSessionManager\n clientMetadataOpts?: ClientMetadataOpts\n expiresIn?: number\n eventEmitter?: EventEmitter\n credentialOpts?: CredentialOpts\n verificationPolicies?: VerificationPolicies\n identifierOpts: ISIOPIdentifierOptions\n verifyJwtCallback?: VerifyJwtCallback\n responseRedirectUri?: string\n}\n\nexport interface IPEXOptions {\n presentationVerifyCallback?: PresentationVerificationCallback\n // definition?: IPresentationDefinition\n definitionId: string\n version?: string\n tenantId?: string\n}\n\nexport type VerificationPolicies = {\n schemaValidation: SchemaValidation\n}\n\nexport interface PerDidResolver {\n didMethod: string\n resolver: Resolvable\n}\n\nexport interface IAuthRequestDetails {\n rpDIDDocument?: DIDDocument\n id: string\n alsoKnownAs?: string[]\n}\n\nexport interface ISIOPIdentifierOptions extends Omit<IDIDOptions, 'idOpts'> {\n // we replace the legacy idOpts with the Managed Identifier opts from the identifier resolution module\n idOpts: ManagedIdentifierOptsOrResult\n oidfOpts?: ExternalIdentifierOIDFEntityIdOpts\n checkLinkedDomains?: CheckLinkedDomain\n wellknownDIDVerifyCallback?: VerifyCallback\n}\n\n// todo make the necessary changes for mdl-mdoc types\nexport type CredentialOpts = {\n hasher?: HasherSync\n}\n\nexport interface AuthorizationResponseStateWithVerifiedData extends AuthorizationResponseState {\n verifiedData?: AdditionalClaims\n}\n\nexport type IRequiredContext = IAgentContext<\n IResolver &\n IDIDManager &\n IKeyManager &\n IIdentifierResolution &\n ICredentialIssuer &\n ICredentialValidation &\n ICredentialVerifier &\n IPresentationExchange &\n IPDManager &\n ISDJwtPlugin &\n IJwtService &\n ImDLMdoc\n>\n"],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;AAAA;AAAA,gCAAAA,SAAA;AAAA,IAAAA,QAAA;AAAA,MACE,6BAA+B;AAAA,QAC7B,YAAc;AAAA,UACZ,SAAW;AAAA,YACT,qBAAuB;AAAA,cACrB,MAAQ;AAAA,cACR,YAAc;AAAA,gBACZ,WAAa;AAAA,kBACX,MAAQ;AAAA,gBACV;AAAA,gBACA,sBAAwB;AAAA,cAC1B;AAAA,cACA,UAAY,CAAC,WAAW;AAAA,cACxB,aAAe;AAAA,YACjB;AAAA,YACA,0BAA4B;AAAA,cAC1B,MAAQ;AAAA,cACR,YAAc;AAAA,gBACZ,YAAc;AAAA,kBACZ,MAAQ;AAAA,kBACR,YAAc;AAAA,oBACZ,KAAO;AAAA,sBACL,MAAQ;AAAA,oBACV;AAAA,oBACA,OAAS;AAAA,sBACP,MAAQ;AAAA,oBACV;AAAA,oBACA,UAAY;AAAA,sBACV,MAAQ;AAAA,oBACV;AAAA,oBACA,iBAAmB;AAAA,sBACjB,MAAQ;AAAA,oBACV;AAAA,oBACA,MAAQ;AAAA,sBACN,MAAQ;AAAA,sBACR,OAAS;AAAA,wBACP,MAAQ;AAAA,wBACR,YAAc;AAAA,0BACZ,sBAAwB;AAAA,wBAC1B;AAAA,sBACF;AAAA,oBACF;AAAA,oBACA,UAAY;AAAA,sBACV,MAAQ;AAAA,sBACR,OAAS;AAAA,wBACP,MAAQ;AAAA,wBACR,YAAc;AAAA,0BACZ,sBAAwB;AAAA,wBAC1B;AAAA,sBACF;AAAA,oBACF;AAAA,kBACF;AAAA,kBACA,sBAAwB;AAAA,kBACxB,UAAY,CAAC,OAAO,YAAY,QAAQ,UAAU;AAAA,gBACpD;AAAA,gBACA,WAAa;AAAA,kBACX,MAAQ;AAAA,gBACV;AAAA,gBACA,WAAa;AAAA,kBACX,MAAQ;AAAA,gBACV;AAAA,gBACA,sBAAwB;AAAA,cAC1B;AAAA,cACA,UAAY,CAAC,YAAY;AAAA,cACzB,aAAe;AAAA,YACjB;AAAA,YACA,wBAA0B;AAAA,cACxB,MAAQ;AAAA,cACR,YAAc;AAAA,gBACZ,WAAa;AAAA,kBACX,MAAQ;AAAA,gBACV;AAAA,gBACA,sBAAwB;AAAA,cAC1B;AAAA,cACA,UAAY,CAAC,WAAW;AAAA,cACxB,aAAe;AAAA,YACjB;AAAA,YACA,2BAA6B;AAAA,cAC3B,MAAQ;AAAA,cACR,YAAc;AAAA,gBACZ,WAAa;AAAA,kBACX,MAAQ;AAAA,gBACV;AAAA,gBACA,SAAW;AAAA,kBACT,MAAQ;AAAA,gBACV;AAAA,gBACA,aAAe;AAAA,kBACb,MAAQ;AAAA,gBACV;AAAA,gBACA,sBAAwB;AAAA,cAC1B;AAAA,cACA,UAAY,CAAC,aAAa,WAAW,aAAa;AAAA,cAClD,aAAe;AAAA,YACjB;AAAA,YACA,WAAa;AAAA,cACX,MAAQ;AAAA,cACR,YAAc;AAAA,gBACZ,QAAU;AAAA,kBACR,MAAQ;AAAA,gBACV;AAAA,gBACA,sBAAwB;AAAA,cAC1B;AAAA,cACA,UAAY,CAAC,QAAQ;AAAA,cACrB,aAAe;AAAA,YACjB;AAAA,YACA,yCAA2C;AAAA,cACzC,MAAQ;AAAA,cACR,YAAc;AAAA,gBACZ,WAAa;AAAA,kBACX,MAAQ;AAAA,gBACV;AAAA,gBACA,SAAW;AAAA,kBACT,MAAQ;AAAA,gBACV;AAAA,gBACA,aAAe;AAAA,kBACb,MAAQ;AAAA,gBACV;AAAA,gBACA,sBAAwB;AAAA,cAC1B;AAAA,cACA,UAAY,CAAC,aAAa,WAAW,aAAa;AAAA,cAClD,aAAe;AAAA,YACjB;AAAA,YACA,gCAAkC;AAAA,cAChC,MAAQ;AAAA,cACR,YAAc;AAAA,gBACZ,KAAO;AAAA,kBACL,MAAQ;AAAA,gBACV;AAAA,gBACA,gBAAkB;AAAA,kBAChB,MAAQ;AAAA,kBACR,YAAc;AAAA,oBACZ,sBAAwB;AAAA,kBAC1B;AAAA,gBACF;AAAA,gBACA,cAAgB;AAAA,kBACd,MAAQ;AAAA,kBACR,YAAc;AAAA,oBACZ,sBAAwB;AAAA,kBAC1B;AAAA,gBACF;AAAA,gBACA,sBAAwB;AAAA,cAC1B;AAAA,cACA,UAAY,CAAC,OAAO,kBAAkB,cAAc;AAAA,cACpD,aAAe;AAAA,YACjB;AAAA,YACA,0CAA4C;AAAA,cAC1C,MAAQ;AAAA,cACR,YAAc;AAAA,gBACZ,WAAa;AAAA,kBACX,MAAQ;AAAA,gBACV;AAAA,gBACA,+BAAiC;AAAA,kBAC/B,MAAQ;AAAA,kBACR,YAAc;AAAA,oBACZ,sBAAwB;AAAA,kBAC1B;AAAA,gBACF;AAAA,gBACA,kBAAoB;AAAA,kBAClB,MAAQ;AAAA,kBACR,YAAc;AAAA,oBACZ,sBAAwB;AAAA,kBAC1B;AAAA,gBACF;AAAA,gBACA,sBAAwB;AAAA,cAC1B;AAAA,cACA,UAAY,CAAC,aAAa,+BAA+B;AAAA,cACzD,aAAe;AAAA,YACjB;AAAA,YACA,qBAAuB;AAAA,cACrB,MAAQ;AAAA,cACR,YAAc;AAAA,gBACZ,IAAM;AAAA,kBACJ,MAAQ;AAAA,gBACV;AAAA,gBACA,aAAe;AAAA,kBACb,MAAQ;AAAA,kBACR,OAAS;AAAA,oBACP,MAAQ;AAAA,kBACV;AAAA,gBACF;AAAA,gBACA,gBAAkB;AAAA,kBAChB,MAAQ;AAAA,kBACR,YAAc;AAAA,oBACZ,sBAAwB;AAAA,kBAC1B;AAAA,gBACF;AAAA,gBACA,sBAAwB;AAAA,cAC1B;AAAA,cACA,UAAY,CAAC,MAAM,gBAAgB;AAAA,cACnC,aAAe;AAAA,YACjB;AAAA,YACA,yCAA2C;AAAA,cACzC,MAAQ;AAAA,cACR,YAAc;AAAA,gBACZ,WAAa;AAAA,kBACX,MAAQ;AAAA,gBACV;AAAA,gBACA,gCAAkC;AAAA,kBAChC,MAAQ;AAAA,kBACR,YAAc;AAAA,oBACZ,sBAAwB;AAAA,kBAC1B;AAAA,gBACF;AAAA,gBACA,sBAAwB;AAAA,cAC1B;AAAA,cACA,UAAY,CAAC,aAAa,gCAAgC;AAAA,cAC1D,aAAe;AAAA,YACjB;AAAA,YACA,8BAAgC;AAAA,cAC9B,MAAQ;AAAA,cACR,YAAc;AAAA,gBACZ,SAAW;AAAA,kBACT,MAAQ;AAAA,kBACR,YAAc;AAAA,oBACZ,sBAAwB;AAAA,kBAC1B;AAAA,gBACF;AAAA,gBACA,yBAA2B;AAAA,kBACzB,MAAQ;AAAA,kBACR,YAAc;AAAA,oBACZ,sBAAwB;AAAA,kBAC1B;AAAA,gBACF;AAAA,gBACA,YAAc;AAAA,kBACZ,MAAQ;AAAA,kBACR,YAAc;AAAA,oBACZ,sBAAwB;AAAA,kBAC1B;AAAA,gBACF;AAAA,gBACA,sBAAwB;AAAA,cAC1B;AAAA,cACA,UAAY,CAAC,WAAW,YAAY;AAAA,cACpC,aAAe;AAAA,YACjB;AAAA,YACA,qCAAuC;AAAA,cACrC,MAAQ;AAAA,cACR,YAAc;AAAA,gBACZ,WAAa;AAAA,kBACX,MAAQ;AAAA,gBACV;AAAA,gBACA,+BAAiC;AAAA,kBAC/B,MAAQ;AAAA,kBACR,YAAc;AAAA,oBACZ,sBAAwB;AAAA,kBAC1B;AAAA,gBACF;AAAA,gBACA,gCAAkC;AAAA,kBAChC,MAAQ;AAAA,kBACR,YAAc;AAAA,oBACZ,sBAAwB;AAAA,kBAC1B;AAAA,gBACF;AAAA,gBACA,sBAAwB;AAAA,cAC1B;AAAA,cACA,UAAY,CAAC,aAAa,+BAA+B;AAAA,cACzD,aAAe;AAAA,YACjB;AAAA,UACF;AAAA,UACA,SAAW;AAAA,YACT,mBAAqB;AAAA,cACnB,aAAe;AAAA,cACf,WAAa;AAAA,gBACX,MAAQ;AAAA,cACV;AAAA,cACA,YAAc;AAAA,YAChB;AAAA,YACA,wBAA0B;AAAA,cACxB,aAAe;AAAA,cACf,WAAa;AAAA,gBACX,MAAQ;AAAA,cACV;AAAA,cACA,YAAc;AAAA,YAChB;AAAA,YACA,sBAAwB;AAAA,cACtB,aAAe;AAAA,cACf,WAAa;AAAA,gBACX,MAAQ;AAAA,cACV;AAAA,cACA,YAAc;AAAA,YAChB;AAAA,YACA,sBAAwB;AAAA,cACtB,aAAe;AAAA,cACf,WAAa;AAAA,gBACX,MAAQ;AAAA,cACV;AAAA,cACA,YAAc;AAAA,gBACZ,MAAQ;AAAA,cACV;AAAA,YACF;AAAA,YACA,oCAAsC;AAAA,cACpC,aAAe;AAAA,cACf,WAAa;AAAA,gBACX,MAAQ;AAAA,cACV;AAAA,cACA,YAAc;AAAA,gBACZ,MAAQ;AAAA,cACV;AAAA,YACF;AAAA,YACA,qCAAuC;AAAA,cACrC,aAAe;AAAA,cACf,WAAa;AAAA,gBACX,MAAQ;AAAA,cACV;AAAA,cACA,YAAc;AAAA,gBACZ,MAAQ;AAAA,cACV;AAAA,YACF;AAAA,YACA,oCAAsC;AAAA,cACpC,aAAe;AAAA,cACf,WAAa;AAAA,gBACX,MAAQ;AAAA,cACV;AAAA,cACA,YAAc;AAAA,gBACZ,MAAQ;AAAA,cACV;AAAA,YACF;AAAA,YACA,gCAAkC;AAAA,cAChC,aAAe;AAAA,cACf,WAAa;AAAA,gBACX,MAAQ;AAAA,cACV;AAAA,cACA,YAAc;AAAA,gBACZ,MAAQ;AAAA,cACV;AAAA,YACF;AAAA,UACF;AAAA,QACF;AAAA,MACF;AAAA,IACF;AAAA;AAAA;;;ACxUA;;;;;;;;;ACAA,IAAAC,wBAOO;AACP,IAAAC,sBAAiC;AACjC,IAAAC,oBAaO;;;ACtBP,2BAiBO;AACP,2BAAiF;AAEjF,yBAAqD;AACrD,IAAAC,sBAMO;AAGP,uBAA+F;AAM/F,oBAA6B;AAG7B,qBAA8B;AAEvB,SAASC,kBAAkBC,WAAqB;AACrD,MAAIC,MAAMC,QAAQF,UAAUG,iBAAiB,KAAKH,UAAUG,kBAAkBC,SAAS,GAAG;AACxF,WAAOJ,UAAUG,kBAAkB,CAAA;EACrC;AACA,SAAOE,sCAAiBC;AAC1B;AALgBP;AAOhB,SAASQ,8BAA8BC,oBAA4CC,SAAyB;AAC1G,SAAOD,mBAAmBE,6BACtBF,mBAAmBE,6BACnB,OAAOC,SAAAA;AACL,UAAMC,SAAS,MAAMH,QAAQI,MAAMC,mBAAmB;MACpDC,YAAYJ,KAAKI;MACjBC,qBAAqB;IACvB,CAAA;AACA,WAAO;MAAEC,UAAUL,OAAOA;IAAO;EACnC;AACN;AAVSL;AAYF,SAASW,oCACdC,QACAV,SAAyB;AAEzB,iBAAeW,iCACbT,MACAU,wBAA+C;AAE/C,QAAIC,kCAAiBC,eAAeZ,IAAAA,GAAO;AACzC,YAAMC,UAAyC,MAAMH,QAAQI,MAAMW,wBAAwB;QACzFC,cAAcd;QACde,IAAI;MACN,CAAA;AAEA,aAAO;QAAET,UAAU,CAAC,CAACL,QAAOe;MAAQ;IACtC;AAEA,QAAIL,kCAAiBM,uBAAuBjB,IAAAA,GAAO;AAEjD,UAAIF,QAAQI,MAAMgB,uBAAuBC,QAAW;AAClD,eAAOC,QAAQC,OAAO,gEAAA;MACxB;AACA,UAAIX,2BAA2BS,UAAaT,2BAA2B,MAAM;AAC3E,cAAMY,eAAe,MAAMxB,QAAQI,MAAMgB,mBAAmB;UAC1DK,UAAUvB;UACVwB,yBAAyBd;QAC3B,CAAA;AACA,eAAO;UAAEJ,UAAU,CAACgB,aAAaG;QAAM;MACzC;AACA,YAAMC,MAAM,mEAAmE;IACjF;AAEA,UAAMzB,SAAS,MAAMH,QAAQI,MAAMyB,mBAAmB;MACpDb,cAAcd;MACdK,qBAAqB;MACrBuB,SAAS,MAAM9B,QAAQI,MAAM2B,qBAAqBrB,MAAAA,GAASsB,KAAKC,MAAM,GAAA,EAAK,CAAA;IAC7E,CAAA;AACA,WAAO;MAAEzB,UAAUL,OAAOK;IAAS;EACrC;AAlCeG;AAoCf,SAAOA;AACT;AAzCgBF;AA2ChB,eAAsByB,gBAAgBhC,MAMrC;AACC,QAAM,EAAEiC,QAAQC,SAASpC,QAAO,IAAKE;AACrC,QAAM,EAAEmC,eAAc,IAAKF;AAC3B,MAAIG,aAAkDpC,KAAKoC;AAC3D,MAAIC,YAAmCrC,KAAKsC;AAE5C,MAAI,CAACF,cAAcF,WAAWA,QAAQK,cAAc;AAClD,UAAMC,8BAA8B,MAAM1C,QAAQI,MAAMuC,kBAAkB;MACxEC,QAAQ;QACN;UACEH,cAAcL,QAAQK;UACtBI,SAAST,QAAQS;UACjBC,UAAUV,QAAQU;QACpB;;IAEJ,CAAA;AAEA,QAAIJ,4BAA4B/C,SAAS,GAAG;AAC1C,YAAMoD,6BAA6BL,4BAA4B,CAAA;AAC/DJ,mBAAaS,2BAA2BC;AACxC,UAAI,CAACT,aAAaQ,2BAA2BE,aAAa;AACxDV,oBAAYQ,2BAA2BE;MACzC;IACF;EACF;AAEA,QAAMC,aAAab,eAAec,uBAAwB,UAAMC,uCAAmBpD,OAAAA;AACnF,QAAMqD,eAAelB,OAAOkB,gBAAgB,IAAIC,2BAAAA;AAEhD,QAAMC,wBAA4C;;;IAGhDC,kCAAkC;MAACC,iCAAYC;MAAOD,iCAAYE;MAAOF,iCAAYG;;IACrFC,wCAAwC;MAACJ,iCAAYC;MAAOD,iCAAYE;MAAOF,iCAAYG;;IAC3FE,wBAAwB;MAACC,kCAAaC;;IACtCC,aAAa;IACbC,oBAAoB;MAClBC,QAAQ;QAAEC,KAAK;UAAC;UAAS;;MAAU;MACnCC,QAAQ;QAAED,KAAK;UAAC;UAAU;;MAAS;IACrC;IACAE,iBAAiB;MAACC,2BAAMC;;IACxBC,uBAAuB;MAACC,iCAAYC;;IACpCC,gCAAgC1B,WAAW2B,IAAI,CAACC,WAAW,OAAOA,MAAAA,EAAQ;IAC1EC,QAAQC,4BAAOC;EACjB;AAEA,QAAMC,WACJ/C,OAAOE,eAAe8C,aAAaD,gBACnCE,qCAAiBpF,SAAS;IACxBqF,oBAAoB;IACpBC,iBAAiB;IACjBC,uBAAuBpD,OAAOE,eAAe8C,aAAaK,gCAAgC;EAC5F,CAAA;AAEF,MAAIC,SAA6BtD,OAAOuD,gBAAgBD;AACxD,MAAI,CAACtD,OAAOuD,gBAAgBD,UAAU,OAAOtD,OAAOuD,gBAAgBD,WAAW,YAAY;AACzFA,aAASE;EACX;AAEA,QAAMC,UAAUC,wBAAGD,QAAQ;IAAEE,gBAAgBxG,kBAAkB6C,MAAAA;EAAQ,CAAA,EACpE4D,UAAU,UAAUC,oCAAeC,cAAc,EACjDC,iBAAiB/D,OAAOgE,gBAAgBC,kCAAaC,IAAI,EACzDC,iBAAiBvC,kCAAawC,UAAUP,oCAAeC,cAAc,EAErEO,sBACCrE,OAAOzC,qBAAqB;IAACE,sCAAiBC;IAAgCD,sCAAiB6G;IAAY7G,sCAAiB8G;GAAW,EAGxIC,iBAAiBtD,YAAAA,EACjBuD,mBAAmBzE,OAAO0E,kBAAkB,IAAIC,8CAAyBzD,YAAAA,CAAAA,EACzE0D,mBAAmB5E,OAAO6E,sBAAsBzD,uBAAuByC,oCAAeC,cAAc,EACpGgB,sBACC9E,OAAO+E,oBACH/E,OAAO+E,oBACPC,qBACE;IACEjC;IACAkC,YAAY;MACVnH,4BAA4BH,8BAA8BqC,OAAOE,gBAAgBrC,OAAAA;MACjFqH,mBAAmB;IACrB;EACF,GACArH,OAAAA,CAAAA,EAGPsH,2BAA2BC,4CAAuBC,KAAK,EACvDC,6BAA6BhH,oCAAoC4B,eAAe3B,QAAQV,OAAAA,CAAAA;AAE3F,QAAM0H,WAAWrF,eAAeqF;AAChC,MAAIA,gBAAYC,0DAAqCD,QAAAA,GAAW;AAC9D9B,YAAQgC,aAAaF,SAASG,YAAY7B,oCAAeC,cAAc,EAAE6B,mBAAmB,aAAa9B,oCAAeC,cAAc;EACxI,OAAO;AACL,UAAM8B,aAAa,MAAM/H,QAAQI,MAAM2B,qBAAqBM,eAAe3B,MAAM;AACjFkF,YACGoC,aACCD,WAAWE,eAAWC,kDAA6BH,UAAAA,IAAcA,WAAWI,MAAMJ,WAAWK,gBAC7FpC,oCAAeC,cAAc,EAE9B6B,mBACEC,WAAWM,kBAAsChG,eAAe3B,OAAO2H,gBACxErC,oCAAeC,cAAc;EAEnC;AAEA,MAAIR,QAAQ;AACVG,YAAQ0C,WAAW7C,MAAAA;EACrB;AASA,MAAInD,YAAY;AACdsD,YAAQ2C,2BAA2B;MAAEjG;IAAW,GAAG0D,oCAAeC,cAAc;EAClF;AACA,MAAI1D,WAAW;AACbqD,YAAQ4C,cAAcjG,SAAAA;EACxB;AAEA,MAAIJ,OAAOsG,qBAAqB;AAC9B7C,YAAQ8C,wBAAwBvG,OAAOsG,mBAAmB;EAC5D;AAgBA,QAAME,oBAAoBC,aAAazG,OAAOE,eAAe3B,QAAQV,OAAAA;AACrE4F,UAAQiD,sBAAsBF,iBAAAA;AAC9B,SAAO/C;AACT;AArJsB1D;AAuJf,SAAS0G,aACdlI,QACAV,SAAyB;AAEzB,SAAO,OAAO8I,WAAsBC,KAAiD/G,QAAAA;AACnF,QAAI,MAAEgH,gDAA2BtI,MAAAA,SAAWuI,gDAA2BvI,MAAAA,IAAU;AAC/E,aAAOY,QAAQC,OAAOK,MAAM,qBAAqBkH,UAAUhE,MAAM,oBAAoB,CAAA;IACvF;AACA,UAAM3E,SAA2B,MAAMH,QAAQI,MAAM8I,6BAA6B;;;MAGhFjB,QAAQ;QAAEJ,YAAYnH,OAAOmH;QAAYsB,WAAWzI,OAAOyI;QAAWC,sBAAsB;MAAM;;;MAGlGC,iBAAiBN,IAAIO;MACrBpI,SAAS6H,IAAI7H;IACf,CAAA;AACA,WAAOf,OAAO4I;EAChB;AACF;AAnBgBH;AAqBhB,SAASzB,qBACPoC,OAOAvJ,SAAyB;AAEzB,SAAO,OAAOwJ,cAAcT,QAAAA;AAC1B,UAAM5I,SAAS,MAAMH,QAAQI,MAAMqJ,sBAAsB;MAAEC,KAAKX,IAAIY;IAAI,CAAA;AACxEC,YAAQC,IAAI1J,OAAO2J,OAAO;AAC1B,WAAO,CAAC3J,OAAOwB;EACjB;AACF;AAfSwF;AAqBF,SAAS4C,eAAeC,MAAc;AAC3C,UAAQA,MAAAA;IACN,KAAK;AACH,aAAOC,iCAAYC;IACrB,KAAK;AACH,aAAOD,iCAAYE;IACrB,KAAK;AACH,aAAOF,iCAAYG;;IAErB,KAAK;AACH,aAAOH,iCAAYI;IACrB;AACE,YAAMC,MAAM,4BAAA;EAChB;AACF;AAdgBP;;;ACpShB,kBAA6B;AAE7B,IAAAQ,sBAIO;AAEA,IAAMC,aAAN,MAAMA;EATb,OASaA;;;EACHC;EACSC;EACAC;EAEjB,YAAmB,EAAEC,QAAQC,QAAO,GAAmD;AACrF,SAAKF,aAAaC;AAClB,SAAKF,cAAcG;EACrB;EAEA,MAAaC,IAAIC,SAAwC;AACvD,QAAI,CAAC,KAAKN,KAAK;AACb,YAAMO,UAAU,MAAMC,gBAAgB;QACpCL,QAAQ,KAAKD;QACbE,SAAS,KAAKH;QACdK;MACF,CAAA;AACA,WAAKN,MAAMO,QAAQE,MAAK;IAC1B;AACA,WAAO,KAAKT;EACd;EAEA,IAAIU,YAAY;AACd,WAAO,KAAKR;EACd;EAEA,IAAIS,aAAa;AACf,WAAO,KAAKV;EACd;EAEOW,gBAAyB;AAC9B,WAAO,KAAKC,iBAAiBC;EAC/B;EAEA,IAAID,eAAmC;AACrC,WAAO,KAAKF,YAAYE;EAC1B;EAEA,MAAaE,0BAA0BT,SAAyE;AAC9G,WAAO,KAAKO,eACR,MAAMP,QAAQU,MAAMC,sBAAsB;MACxCJ,cAAc,KAAKA;MACnBK,UAAU,KAAKP,YAAYO;IAC7B,CAAA,IACAJ;EACN;EAEA,MAAaK,8BAA8BC,YAA0Dd,SAAyC;AAC5I,UAAM,EAAEe,eAAeC,QAAQC,uBAAuBC,aAAaC,gBAAe,IAAKL;AACvF,UAAMM,QAAQN,WAAWM,aAASC,YAAAA,IAAAA;AAClC,UAAMC,QAAQR,WAAWQ,SAASP;AAClC,QAAIQ;AACJ,UAAMC,SAAS,KAAKpB,UAAUqB,eAAeD;AAC7C,UAAME,aAAa,UAAMC,mDAA8BH,QAAQxB,OAAAA;AAC/D,YAAI4B,kDAA6BF,UAAAA,GAAa;AAC5CH,kBAAY;QAAEM,QAAQH,WAAWI;QAAKC,QAAQ;QAAOC,KAAKC,eAAeP,WAAWQ,IAAIC,IAAI;MAAE;IAChG,eAAWC,kDAA6BV,UAAAA,GAAa;AACnD,UAAI,CAACA,WAAWW,QAAQ;AACtB,eAAOC,QAAQC,OAAO,0BAAA;MACxB;AACAhB,kBAAY;QACVc,QAAQX,WAAWW;QACnBG,KAAKd,WAAWc;QAChBT,QAAQ;QACRC,KAAKC,eAAeP,WAAWQ,IAAIC,IAAI;MACzC;IACF,OAAO;AACL,aAAOG,QAAQC,OAAOE,MAAM,qBAAqBf,WAAWK,MAAM,oBAAoB,CAAA;IACxF;AAEA,WAAO,MAAM,KAAKhC,IAAIC,OAAAA,EAAS0C,KAAK,CAACC,OACnCA,GAAG9B,8BAA8B;MAC/B+B,SAASC,kBAAkB,KAAKzC,SAAS;MACzCW;MACAK;MACAE;MACAN;MACAC;MACAC;MACAC;MACAI;IACF,CAAA,CAAA;EAEJ;EAEA,MAAauB,2BACXhC,YACAd,SAC+B;AAC/B,UAAM,EAAEe,eAAeC,QAAQC,uBAAuBC,aAAaC,gBAAe,IAAKL;AACvF,UAAMM,QAAQN,WAAWM,aAASC,YAAAA,IAAAA;AAClC,UAAMC,QAAQR,WAAWQ,SAASP;AAClC,UAAMS,SAAS,KAAKpB,UAAUqB,eAAeD;AAC7C,UAAME,aAAa,UAAMC,mDAA8BH,QAAQxB,OAAAA;AAE/D,QAAIuB;AACJ,YAAIa,kDAA6BV,UAAAA,KAAeA,WAAWW,QAAQ;AACjEd,kBAAY;QACVQ,QAAQL,WAAWK;QACnBC,KAAKC,eAAeP,WAAWQ,IAAIC,IAAI;QACvCK,KAAKd,WAAWc;QAChBH,QAAQX,WAAWW;MACrB;IACF,eAAWT,kDAA6BF,UAAAA,GAAa;AACnDH,kBAAY;QACVQ,QAAQL,WAAWK;QACnBC,KAAKC,eAAeP,WAAWQ,IAAIC,IAAI;QACvCN,QAAQH,WAAWqB;MACrB;IACF,OAAO;AACL,aAAOT,QAAQC,OAAOE,MAAM,qCAAA,CAAA;IAC9B;AAEA,WAAO,MAAM,KAAK1C,IAAIC,OAAAA,EAAS0C,KAAK,CAACC,OACnCA,GAAGG,2BAA2B;MAC5BF,SAASC,kBAAkB,KAAKzC,SAAS;MACzCW;MACAK;MACAE;MACAN;MACAC;MACAE;MACAD;MACAK;IACF,CAAA,CAAA;EAEJ;AACF;;;AF7FA,IAAAyB,kBAA2C;AAGpC,IAAMC,WAAN,MAAMA,UAAAA;EAjDb,OAiDaA;;;EACMC;EACjB,OAAwBC,oBAAoB;EAC3BC,YAAqC,oBAAIC,IAAAA;EACjDC,SAASA,OAAOC;EAEhBC,UAAqB;IAC5BC,0BAA0B,KAAKC,8BAA8BC,KAAK,IAAI;IACtEC,+BAA+B,KAAKC,mCAAmCF,KAAK,IAAI;IAChFG,yBAAyB,KAAKC,oBAAoBJ,KAAK,IAAI;IAC3DK,0BAA0B,KAAKC,qBAAqBN,KAAK,IAAI;IAC7DO,4BAA4B,KAAKC,uBAAuBR,KAAK,IAAI;IACjES,qBAAqB,KAAKC,gBAAgBV,KAAK,IAAI;IACnDW,wBAAwB,KAAKA,uBAAuBX,KAAK,IAAI;IAC7DY,uBAAuB,KAAKA,sBAAsBZ,KAAK,IAAI;IAC3Da,oBAAoB,KAAKA,mBAAmBb,KAAK,IAAI;EACvD;EAEAc,YAAYvB,MAAqB;AAC/B,SAAKA,OAAOA;EACd;EAEOwB,eAAeC,eAA+BC,SAA2B;AAE9E,SAAK1B,KAAK2B,cAAcF;AAExB,QACE,CAAC,KAAKzB,KAAK2B,YAAYC,eAAeC,aAAaC,YACnD,OAAO,KAAK9B,KAAK2B,YAAYC,eAAeC,YAAYC,SAASC,YAAY,YAC7E;AACA,WAAK/B,KAAK2B,YAAYC,eAAeC,cAAc;QACjD,GAAG,KAAK7B,KAAK2B,YAAYC,eAAeC;QACxCC,cAAUE,sCAAiBN,SAAS;UAAEO,uBAAuB;UAAMC,oBAAoB;UAAMC,iBAAiB;QAAK,CAAA;MACrH;IACF;EACF;EAEA,MAAc3B,8BAA8B4B,YAAoCV,SAA4C;AAC1H,WAAO,MAAM,KAAKW,cAAc;MAAEC,cAAcF,WAAWE;MAAcC,qBAAqBH,WAAWG;IAAoB,GAAGb,OAAAA,EAC7Hc,KAAK,CAACC,OAAOA,GAAGjC,8BAA8B4B,YAAYV,OAAAA,CAAAA,EAC1Dc,KAAK,CAACE,QAAQA,IAAIC,UAAU;EACjC;EAEA,MAAchC,mCACZyB,YACAV,SACwC;AACxC,WAAO,MAAM,KAAKW,cAAc;MAAEC,cAAcF,WAAWE;IAAa,GAAGZ,OAAAA,EACxEc,KAAK,CAACC,OAAOA,GAAGG,2BAA2BR,YAAYV,OAAAA,CAAAA,EACvDc,KAAK,OAAOK,YAAAA;AACX,YAAMC,cAA6C;QACjDC,sBAAsBF,QAAQG;QAC9BC,eAAe,MAAMJ,QAAQK,iBAAgB;QAC7CC,sBAAsB,MAAMN,QAAQI,eAAeG,WAAAA;MACrD;AACA,aAAON;IACT,CAAA;EACJ;EAEA,MAAcjC,oBAAoBwC,MAAgC3B,SAA2E;AAC3I,WAAO,MAAM,KAAKW,cAAc;MAAEC,cAAce,KAAKf;IAAa,GAAGZ,OAAAA,EAASc,KAAK,CAACC,OAClFA,GAAGa,IAAI5B,OAAAA,EAASc,KAAK,CAACC,QAAOA,IAAGc,eAAeC,+BAA+BH,KAAKI,eAAeJ,KAAKK,eAAe,CAAA,CAAA;EAE1H;EAEA,MAAc3C,qBACZsC,MACA3B,SACiE;AACjE,UAAMiC,aAAyB,MAAM,KAAKtB,cAAc;MAAEC,cAAce,KAAKf;IAAa,GAAGZ,OAAAA;AAC7F,UAAMkC,6BAAqE,MAAMD,WAC9EL,IAAI5B,OAAAA,EACJc,KAAK,CAACC,OAAOA,GAAGc,eAAeM,gCAAgCR,KAAKI,eAAeJ,KAAKK,eAAe,CAAA;AAC1G,QAAIE,+BAA+BE,QAAW;AAC5C,aAAOA;IACT;AAEA,UAAMC,gBAAgBH;AACtB,QACEG,cAAcC,WAAWC,uDAAiCC,YAC1Db,KAAKc,uBACLd,KAAKc,wBAAwBC,iBAAiBC,MAC9C;AACA,UAAIC;AACJ,UACEC,mCAAiBC,eAAeT,cAAcU,SAASzB,QAAQ0B,QAAQ,MACtE,CAACf,WAAWgB,UAAUC,gBAAgBN,UAAU,OAAOX,WAAWgB,UAAUC,gBAAgBN,WAAW,aACxG;AACAA,iBAASO,gBAAAA;MACX;AAEA,YAAMC,sBAAsBP,mCAAiBQ;QAC3ChB,cAAcU,SAASzB,QAAQ0B;;QAE/BJ;MAAAA;AAEF,cAAQjB,KAAKc,qBAAmB;QAC9B,KAAKC,iBAAiBY;AACpBjB,wBAAcU,SAASzB,QAAQiC,eAAe,KAAKC,yBAAyBJ,mBAAAA;AAC5E;QACF,KAAKV,iBAAiBe;AACpB,gBAAMC,YAA8B,CAAC;AACrC,qBAAWC,cAAc,KAAKH,yBAAyBJ,mBAAAA,EAAqBQ,wBAAwB,CAAA,GAAI;AACtG,kBAAMC,KAAKF;AACX,kBAAMG,yBAAyB,MAAM9D,QAAQ+D,MAAMC,eAAe;cAChEL;cACAf;cACAqB,kBAAkBhC,WAAWgB,UAAUiB,sBAAsBC;YAC/D,CAAA;AACA,gBAAI,CAACL,uBAAuBM,QAAQ;AAClC/B,4BAAcC,SAASC,uDAAiC8B;AACxDhC,4BAAciC,QAAQ,IAAIC,MAAMT,uBAAuBQ,KAAK;AAC5D,qBAAOjC;YACT;AAEA,kBAAMmC,oBAAoBX,GAAGW;AAC7B,gBAAI,EAAE,QAAQd,YAAY;AACxBA,wBAAU,IAAA,IAAQc,kBAAkBC;YACtC;AAEAC,mBAAOC,QAAQH,iBAAAA,EAAmBI,QAAQ,CAAC,CAACC,KAAKC,KAAAA,MAAM;AACrD,kBAAI,EAAED,OAAOnB,YAAY;AACvBA,0BAAUmB,GAAAA,IAAOC;cACnB;YACF,CAAA;UACF;AACAzC,wBAAckB,eAAeG;AAC7B;MACJ;IACF;AACA,WAAOrB;EACT;EAEQmB,2BAA2B,wBACjCJ,wBAOAP,mCAAiBkC,yBAAyB3B,mBAAAA,IACtCA,oBAAoB4B,iBACpBnC,mCAAiBoC,sBAAsB7B,mBAAAA,GAVV;EAYnC,MAAc7D,uBAAuBoC,MAA+B3B,SAA+D;AACjI,QAAI2B,KAAKuD,UAAU,QAAQ;AACzB,YAAMX,MAAM,+DAA+D;IAC7E;AACA,WAAO,MAAM,KAAK5D,cAAc;MAAEC,cAAce,KAAKf;IAAa,GAAGZ,OAAAA,EAElEc,KAAK,CAACC,OACLA,GAAGa,IAAI5B,OAAAA,EAASc,KAAK,OAAOC,QAAAA;AAC1B,YAAMA,IAAGoE,2BAA2B;QAClCpD,eAAeJ,KAAKI;QACpBuC,OAAO3C,KAAK2C,QAAQ,IAAIC,MAAM5C,KAAK2C,KAAK,IAAIlC;MAC9C,CAAA;AACA,aAAQ,MAAMrB,IAAGc,eAAeC,+BAA+BH,KAAKI,eAAe,IAAA;IACrF,CAAA,CAAA;EAEN;EAEA,MAActC,gBAAgBkC,MAAiC3B,SAA6C;AAC1G,WAAO,MAAM,KAAKW,cAAc;MAAEC,cAAce,KAAKf;IAAa,GAAGZ,OAAAA,EAClEc,KAAK,CAACC,OAAOA,GAAGa,IAAI5B,OAAAA,EAASc,KAAK,CAACC,QAAOA,IAAGc,eAAeuD,4BAA4BzD,KAAKI,aAAa,CAAA,CAAA,EAC1GjB,KAAK,MAAM,IAAA;EAChB;EAEA,MAAcpB,uBAAuBiC,MAAoC3B,SAAmE;AAC1I,QAAI,CAAC2B,KAAK0D,uBAAuB;AAC/B,YAAMd,MAAM,2CAAA;IACd;AACA,UAAMe,eACJ,OAAO3D,KAAK0D,0BAA0B,eACjCE,uCAAgB5D,KAAK0D,qBAAqB,IAC3C1D,KAAK0D;AACX,WAAO,MAAM,KAAK1E,cAAc;MAAEC,cAAce,KAAKf;IAAa,GAAGZ,OAAAA,EAASc,KAAK,CAACC,OAClFA,GAAGa,IAAI5B,OAAAA,EAASc,KAAK,CAACC,QACpBA,IAAGyE,4BAA4BF,cAAc;MAC3CvD,eAAeJ,KAAKI;MACpB,GAAIJ,KAAK8D,YAAY;QAAEA,WAAW9D,KAAK8D;MAAuB,IAAI,CAAC;MACnEC,UAAU/D,KAAK+D;IACjB,CAAA,CAAA,CAAA;EAGN;EAEA,MAAc/F,sBAAsBgC,MAA6B3B,SAA0C;AACzG,UAAM,EAAE2F,aAAaC,UAAUC,SAASC,mBAAkB,IAAKnE;AAC/D,UAAMoE,QAAQC,IACZL,YAAYM,IAAI,OAAOC,mBAAAA;AACrB,YAAMC,oBAAoBD,eAAeC;AACzC,YAAMnG,QAAQ+D,MAAMqC,sBAAsB;QAAEC,YAAYF;MAAkB,CAAA;AAE1EG,cAAQC,IAAI,yBAAyBJ,kBAAkB1B,EAAE,MAAM0B,kBAAkBK,IAAI,4BAA4BV,kBAAAA,EAAoB;AACrI,aAAO9F,QAAQ+D,MAAM0C,qBAAqB;QACxCC,gBAAgB;UACdd;UACAC;UACAM;UACAQ,aAAaT,eAAeS;QAC9B;QACArI,MAAM;UAAEwH;QAAuC;MACjD,CAAA;IACF,CAAA,CAAA;EAEJ;EAEA,MAAclG,mBAAmB+B,MAA2B3B,SAAwD;AAClH,UAAM4G,aAAajF,KAAKf,gBAAgBvC,UAASE;AACjD,QAAI,KAAKC,UAAUqI,IAAID,UAAAA,GAAa;AAClC,YAAM3E,aAAa,KAAKzD,UAAUoD,IAAIgF,UAAAA;AACtC,UAAI3E,eAAeG,QAAW;AAC5B,cAAMrB,KAAK,MAAMkB,WAAWL,IAAI5B,OAAAA;AAChC,eAAOe,GAAG+F,uBAAuB;UAC/BC,gBAAgBpF,KAAKI;UACrBA,eAAeJ,KAAKI;UACpB,GAAIJ,KAAKuD,SAAS;YAAEA,OAAOvD,KAAKuD;UAAM;QACxC,CAAA;MACF;IACF;AACA,WAAO9C;EACT;EAEA,MAAMzB,cAAc,EAAEC,cAAcC,oBAAmB,GAAyBb,SAAgD;AAC9H,UAAM4G,aAAahG,gBAAgBvC,UAASE;AAC5C,QAAI,CAAC,KAAKC,UAAUqI,IAAID,UAAAA,GAAa;AACnC,YAAMI,eAAe,KAAKC,gBAAgBrG,YAAAA;AAC1C,YAAMsG,SAAS,MAAM,KAAKC,aAAanH,SAAS;QAAEY;QAAcC;MAAyC,CAAA;AACzG,UAAI,CAACqG,OAAOhH,eAAeC,aAAaC,YAAY,OAAO8G,OAAOhH,eAAeC,YAAYC,SAASC,YAAY,YAAY;AAC5H,YAAI,CAAC6G,OAAOhH,gBAAgBC,aAAa;AACvC+G,iBAAOhH,iBAAiB;YAAE,GAAGgH,OAAOhH;UAAe;AACnDgH,iBAAOhH,eAAeC,cAAc;YAAE,GAAG+G,OAAOhH,eAAeC;UAAY;QAC7E;AACAmG,gBAAQC,IAAI,iEAAiE3F,YAAAA;AAC7EsG,eAAOhH,eAAeC,YAAYC,eAAWE,sCAAiBN,SAAS;UACrEO,uBAAuB;UACvBE,iBAAiB;UACjBD,oBAAoB;QACtB,CAAA;MACF;AACA,WAAKhC,UAAU4I,IAAIR,YAAY,IAAIS,WAAW;QAAEH;QAAQI,SAASN;MAAa,CAAA,CAAA;IAChF;AACA,UAAM/E,aAAa,KAAKzD,UAAUoD,IAAIgF,UAAAA;AACtC,QAAI/F,qBAAqB;AACvBoB,iBAAWgB,UAAUsE,sBAAsB1G;IAC7C;AACA,WAAOoB;EACT;EAEA,MAAMkF,aAAanH,SAA2B1B,MAAoF;AAChI,UAAM,EAAEsC,cAAcC,oBAAwC,IAAKvC;AACnE,UAAMkJ,UAAU,KAAKP,gBAAgBrG,YAAAA,GAAesG,UAAU,KAAK5I,KAAK2B;AACxE,QAAI,CAACuH,SAAS;AACZ,YAAMjD,MAAM,6DAA6D3D,YAAAA,EAAc;IACzF;AACA,QAAI,KAAKtC,KAAK2B,aAAa;AACzB,UAAI,CAACuH,QAAQtH,gBAAgB;AAC3BsH,gBAAQtH,iBAAiB,KAAK5B,KAAK2B,aAAaC;MAClD,OAAO;AACL,YAAI,CAACsH,QAAQtH,eAAeuH,QAAQ;AAClCD,kBAAQtH,eAAeuH,SAAS,KAAKnJ,KAAK2B,YAAYC,eAAeuH;QACvE;AACA,YAAI,CAACD,QAAQtH,eAAewH,qBAAqB;AAC/CF,kBAAQtH,eAAewH,sBAAsB,KAAKpJ,KAAK2B,YAAYC,eAAewH;QACpF;AACA,YAAI,CAACF,QAAQG,mBAAmB;AAC9BH,kBAAQG,oBAAoB,KAAKrJ,KAAK2B,YAAY0H;QACpD;MACF;AACA,UAAI,CAACH,QAAQtH,eAAeC,eAAe,OAAOqH,QAAQtH,eAAeC,YAAYC,UAAUC,YAAY,YAAY;AACrHmH,gBAAQtH,eAAeC,cAAc;UACnC,GAAG,KAAK7B,KAAK2B,YAAYC,eAAeC;UACxCC,UACE,KAAK9B,KAAK2B,YAAYC,gBAAgBC,aAAaC,gBACnDE,sCAAiBN,SAAS;YAAES,iBAAiB;YAAMD,oBAAoB;YAAMD,uBAAuB;UAAK,CAAA;QAC7G;MACF;IACF;AACA,QAAIM,wBAAwBuB,UAAavB,wBAAwB2G,QAAQD,qBAAqB;AAC5FC,cAAQD,sBAAsB1G;IAChC;AACA,WAAO2G;EACT;EAEAP,gBAAgBrG,cAAwD;AACtE,QAAI,CAAC,KAAKtC,KAAK0I,aAAc,QAAO5E;AAEpC,UAAMwF,cAAchH,eAAe,KAAKtC,KAAK0I,aAAaa,KAAK,CAACC,MAAMA,EAAElH,iBAAiBA,YAAAA,IAAgBwB;AAEzG,WAAOwF,eAAe,KAAKG,kBAAkBnH,YAAAA;EAC/C;EAEQmH,kBAAkBnH,cAAkC;AAC1D,QAAI,CAAC,KAAKtC,KAAK0I,aAAc,QAAO5E;AAEpC,UAAM4F,iBAAiB,KAAK1J,KAAK0I,aAAaa,KAAK,CAACC,MAAMA,EAAElH,iBAAiB,SAAA;AAC7E,QAAIoH,gBAAgB;AAClB,YAAMC,gBAAgB;QAAE,GAAGD;MAAe;AAC1C,UAAIpH,iBAAiBwB,QAAW;AAC9B6F,sBAAcrH,eAAeA;MAC/B;AACA,aAAOqH;IACT;AAEA,WAAO7F;EACT;AACF;;;AGhUO,IAAK8F,mBAAAA,yBAAAA,mBAAAA;;;;SAAAA;;;;AJjCZ,IAAMC,SAASC;","names":["module","import_did_auth_siop","import_ssi_sdk_ext","import_ssi_types","import_ssi_sdk_ext","getRequestVersion","rpOptions","Array","isArray","supportedVersions","length","SupportedVersion","JWT_VC_PRESENTATION_PROFILE_v1","getWellKnownDIDVerifyCallback","siopIdentifierOpts","context","wellknownDIDVerifyCallback","args","result","agent","cvVerifyCredential","credential","fetchRemoteContexts","verified","getPresentationVerificationCallback","idOpts","presentationVerificationCallback","presentationSubmission","CredentialMapper","isSdJwtEncoded","verifySdJwtPresentation","presentation","kb","payload","isMsoMdocOid4VPEncoded","mdocOid4vpRPVerify","undefined","Promise","reject","verifyResult","vp_token","presentation_submission","error","Error","verifyPresentation","domain","identifierManagedGet","kid","split","createRPBuilder","rpOpts","pexOpts","identifierOpts","definition","dcqlQuery","dcql","definitionId","presentationDefinitionItems","pdmGetDefinitions","filter","version","tenantId","presentationDefinitionItem","definitionPayload","dcqlPayload","didMethods","supportedDIDMethods","getAgentDIDMethods","eventEmitter","EventEmitter","defaultClientMetadata","idTokenSigningAlgValuesSupported","SigningAlgo","EDDSA","ES256","ES256K","requestObjectSigningAlgValuesSupported","responseTypesSupported","ResponseType","ID_TOKEN","client_name","vpFormatsSupported","jwt_vc","alg","jwt_vp","scopesSupported","Scope","OPENID_DIDAUTHN","subjectTypesSupported","SubjectType","PAIRWISE","subject_syntax_types_supported","map","method","passBy","PassBy","VALUE","resolver","resolveOpts","getAgentResolver","resolverResolution","localResolution","uniresolverResolution","noUniversalResolverFallback","hasher","credentialOpts","defaultHasher","builder","RP","requestVersion","withScope","PropertyTarget","REQUEST_OBJECT","withResponseMode","responseMode","ResponseMode","POST","withResponseType","VP_TOKEN","withSupportedVersions","SIOPv2_ID1","SIOPv2_D11","withEventEmitter","withSessionManager","sessionManager","InMemoryRPSessionManager","withClientMetadata","clientMetadataOpts","withVerifyJwtCallback","verifyJwtCallback","getVerifyJwtCallback","verifyOpts","checkLinkedDomain","withRevocationVerification","RevocationVerification","NEVER","withPresentationVerification","oidfOpts","isExternalIdentifierOIDFEntityIdOpts","withEntityId","identifier","withClientIdScheme","resolution","withClientId","issuer","isManagedIdentifierDidResult","did","jwkThumbprint","clientIdScheme","withHasher","withPresentationDefinition","withDcqlQuery","responseRedirectUri","withResponseRedirectUri","createJwtCallback","signCallback","withCreateJwtCallback","jwtIssuer","jwt","isManagedIdentifierDidOpts","isManagedIdentifierX5cOpts","jwtCreateJwsCompactSignature","kmsKeyRef","noIdentifierInHeader","protectedHeader","header","_opts","_jwtVerifier","jwtVerifyJwsSignature","jws","raw","console","log","message","getSigningAlgo","type","SigningAlgo","EDDSA","ES256K","ES256","RS256","Error","import_ssi_sdk_ext","RPInstance","_rp","_pexOptions","_rpOptions","rpOpts","pexOpts","get","context","builder","createRPBuilder","build","rpOptions","pexOptions","hasDefinition","definitionId","undefined","getPresentationDefinition","agent","pexStoreGetDefinition","tenantId","createAuthorizationRequestURI","createArgs","correlationId","claims","requestByReferenceURI","responseURI","responseURIType","nonce","uuidv4","state","jwtIssuer","idOpts","identifierOpts","resolution","ensureManagedIdentifierResult","isManagedIdentifierDidResult","didUrl","kid","method","alg","getSigningAlgo","key","type","isManagedIdentifierX5cResult","issuer","Promise","reject","x5c","Error","then","rp","version","getRequestVersion","createAuthorizationRequest","did","import_ssi_sdk","SIOPv2RP","opts","_DEFAULT_OPTS_KEY","instances","Map","schema","IDidAuthSiopOpAuthenticator","methods","siopCreateAuthRequestURI","createAuthorizationRequestURI","bind","siopCreateAuthRequestPayloads","createAuthorizationRequestPayloads","siopGetAuthRequestState","siopGetRequestState","siopGetAuthResponseState","siopGetResponseState","siopUpdateAuthRequestState","siopUpdateRequestState","siopDeleteAuthState","siopDeleteState","siopVerifyAuthResponse","siopImportDefinitions","siopGetRedirectURI","constructor","setDefaultOpts","rpDefaultOpts","context","defaultOpts","identifierOpts","resolveOpts","resolver","resolve","getAgentResolver","uniresolverResolution","resolverResolution","localResolution","createArgs","getRPInstance","definitionId","responseRedirectURI","then","rp","URI","encodedUri","createAuthorizationRequest","request","authRequest","authorizationRequest","payload","requestObject","requestObjectJwt","requestObjectDecoded","getPayload","args","get","sessionManager","getRequestStateByCorrelationId","correlationId","errorOnNotFound","rpInstance","authorizationResponseState","getResponseStateByCorrelationId","undefined","responseState","status","AuthorizationResponseStateStatus","VERIFIED","includeVerifiedData","VerifiedDataMode","NONE","hasher","CredentialMapper","isSdJwtEncoded","response","vp_token","rpOptions","credentialOpts","defaultHasher","presentationDecoded","decodeVerifiablePresentation","VERIFIED_PRESENTATION","verifiedData","presentationOrClaimsFrom","CREDENTIAL_SUBJECT_FLATTENED","allClaims","credential","verifiableCredential","vc","schemaValidationResult","agent","cvVerifySchema","validationPolicy","verificationPolicies","schemaValidation","result","ERROR","error","Error","credentialSubject","id","Object","entries","forEach","key","value","isSdJwtDecodedCredential","decodedPayload","toUniformPresentation","state","signalAuthRequestRetrieved","deleteStateForCorrelationId","authorizationResponse","authResponse","decodeUriAsJson","verifyAuthorizationResponse","dcqlQuery","audience","definitions","tenantId","version","versionControlMode","Promise","all","map","definitionPair","definitionPayload","pexValidateDefinition","definition","console","log","name","pdmPersistDefinition","definitionItem","dcqlPayload","instanceId","has","getResponseRedirectUri","correlation_id","instanceOpts","getInstanceOpts","rpOpts","getRPOptions","set","RPInstance","pexOpts","responseRedirectUri","options","idOpts","supportedDIDMethods","supportedVersions","instanceOpt","find","i","getDefaultOptions","defaultOptions","clonedOptions","VerifiedDataMode","schema","require"]}
1
+ {"version":3,"sources":["../plugin.schema.json","../src/index.ts","../src/agent/SIOPv2RP.ts","../src/functions.ts","../src/RPInstance.ts","../src/types/ISIOPv2RP.ts"],"sourcesContent":["{\n \"IDidAuthSiopOpAuthenticator\": {\n \"components\": {\n \"schemas\": {\n \"IGetSiopSessionArgs\": {\n \"type\": \"object\",\n \"properties\": {\n \"sessionId\": {\n \"type\": \"string\"\n },\n \"additionalProperties\": false\n },\n \"required\": [\"sessionId\"],\n \"description\": \"Arguments needed for {@link DidAuthSiopOpAuthenticator.getSessionForSiop } \"\n },\n \"IRegisterSiopSessionArgs\": {\n \"type\": \"object\",\n \"properties\": {\n \"identifier\": {\n \"type\": \"object\",\n \"properties\": {\n \"did\": {\n \"type\": \"string\"\n },\n \"alias\": {\n \"type\": \"string\"\n },\n \"provider\": {\n \"type\": \"string\"\n },\n \"controllerKeyId\": {\n \"type\": \"string\"\n },\n \"keys\": {\n \"type\": \"array\",\n \"items\": {\n \"type\": \"object\",\n \"properties\": {\n \"additionalProperties\": true\n }\n }\n },\n \"services\": {\n \"type\": \"array\",\n \"items\": {\n \"type\": \"object\",\n \"properties\": {\n \"additionalProperties\": true\n }\n }\n }\n },\n \"additionalProperties\": false,\n \"required\": [\"did\", \"provider\", \"keys\", \"services\"]\n },\n \"sessionId\": {\n \"type\": \"string\"\n },\n \"expiresIn\": {\n \"type\": \"number\"\n },\n \"additionalProperties\": false\n },\n \"required\": [\"identifier\"],\n \"description\": \"Arguments needed for {@link DidAuthSiopOpAuthenticator.registerSessionForSiop } \"\n },\n \"IRemoveSiopSessionArgs\": {\n \"type\": \"object\",\n \"properties\": {\n \"sessionId\": {\n \"type\": \"string\"\n },\n \"additionalProperties\": false\n },\n \"required\": [\"sessionId\"],\n \"description\": \"Arguments needed for {@link DidAuthSiopOpAuthenticator.removeSessionForSiop } \"\n },\n \"IAuthenticateWithSiopArgs\": {\n \"type\": \"object\",\n \"properties\": {\n \"sessionId\": {\n \"type\": \"string\"\n },\n \"stateId\": {\n \"type\": \"string\"\n },\n \"redirectUrl\": {\n \"type\": \"string\"\n },\n \"additionalProperties\": false\n },\n \"required\": [\"sessionId\", \"stateId\", \"redirectUrl\"],\n \"description\": \"Arguments needed for {@link DidAuthSiopOpAuthenticator.authenticateWithSiop } \"\n },\n \"IResponse\": {\n \"type\": \"object\",\n \"properties\": {\n \"status\": {\n \"type\": \"number\"\n },\n \"additionalProperties\": true\n },\n \"required\": [\"status\"],\n \"description\": \"Result of {@link DidAuthSiopOpAuthenticator.authenticateWithSiop & DidAuthSiopOpAuthenticator.sendSiopAuthenticationResponse } \"\n },\n \"IGetSiopAuthenticationRequestFromRpArgs\": {\n \"type\": \"object\",\n \"properties\": {\n \"sessionId\": {\n \"type\": \"string\"\n },\n \"stateId\": {\n \"type\": \"string\"\n },\n \"redirectUrl\": {\n \"type\": \"string\"\n },\n \"additionalProperties\": false\n },\n \"required\": [\"sessionId\", \"stateId\", \"redirectUrl\"],\n \"description\": \"Arguments needed for {@link DidAuthSiopOpAuthenticator.getSiopAuthenticationRequestFromRP } \"\n },\n \"ParsedAuthenticationRequestURI\": {\n \"type\": \"object\",\n \"properties\": {\n \"jwt\": {\n \"type\": \"string\"\n },\n \"requestPayload\": {\n \"type\": \"object\",\n \"properties\": {\n \"additionalProperties\": true\n }\n },\n \"registration\": {\n \"type\": \"object\",\n \"properties\": {\n \"additionalProperties\": true\n }\n },\n \"additionalProperties\": false\n },\n \"required\": [\"jwt\", \"requestPayload\", \"registration\"],\n \"description\": \"Result of {@link DidAuthSiopOpAuthenticator.getSiopAuthenticationRequestFromRP } \"\n },\n \"IGetSiopAuthenticationRequestDetailsArgs\": {\n \"type\": \"object\",\n \"properties\": {\n \"sessionId\": {\n \"type\": \"string\"\n },\n \"verifiedAuthenticationRequest\": {\n \"type\": \"object\",\n \"properties\": {\n \"additionalProperties\": true\n }\n },\n \"credentialFilter\": {\n \"type\": \"object\",\n \"properties\": {\n \"additionalProperties\": true\n }\n },\n \"additionalProperties\": false\n },\n \"required\": [\"sessionId\", \"verifiedAuthenticationRequest\"],\n \"description\": \"Arguments needed for {@link DidAuthSiopOpAuthenticator.getSiopAuthenticationRequestDetails } \"\n },\n \"IAuthRequestDetails\": {\n \"type\": \"object\",\n \"properties\": {\n \"id\": {\n \"type\": \"string\"\n },\n \"alsoKnownAs\": {\n \"type\": \"array\",\n \"items\": {\n \"type\": \"string\"\n }\n },\n \"vpResponseOpts\": {\n \"type\": \"object\",\n \"properties\": {\n \"additionalProperties\": true\n }\n },\n \"additionalProperties\": false\n },\n \"required\": [\"id\", \"vpResponseOpts\"],\n \"description\": \"Result of {@link DidAuthSiopOpAuthenticator.getSiopAuthenticationRequestDetails } \"\n },\n \"IVerifySiopAuthenticationRequestUriArgs\": {\n \"type\": \"object\",\n \"properties\": {\n \"sessionId\": {\n \"type\": \"string\"\n },\n \"ParsedAuthenticationRequestURI\": {\n \"type\": \"object\",\n \"properties\": {\n \"additionalProperties\": true\n }\n },\n \"additionalProperties\": false\n },\n \"required\": [\"sessionId\", \"ParsedAuthenticationRequestURI\"],\n \"description\": \"Arguments needed for {@link DidAuthSiopOpAuthenticator.verifySiopAuthenticationRequestURI } \"\n },\n \"VerifiedAuthorizationRequest\": {\n \"type\": \"object\",\n \"properties\": {\n \"payload\": {\n \"type\": \"object\",\n \"properties\": {\n \"additionalProperties\": true\n }\n },\n \"presentationDefinitions\": {\n \"type\": \"object\",\n \"properties\": {\n \"additionalProperties\": true\n }\n },\n \"verifyOpts\": {\n \"type\": \"object\",\n \"properties\": {\n \"additionalProperties\": true\n }\n },\n \"additionalProperties\": false\n },\n \"required\": [\"payload\", \"verifyOpts\"],\n \"description\": \"Result of {@link DidAuthSiopOpAuthenticator.verifySiopAuthenticationRequestURI } \"\n },\n \"ISendSiopAuthenticationResponseArgs\": {\n \"type\": \"object\",\n \"properties\": {\n \"sessionId\": {\n \"type\": \"string\"\n },\n \"verifiedAuthenticationRequest\": {\n \"type\": \"object\",\n \"properties\": {\n \"additionalProperties\": true\n }\n },\n \"verifiablePresentationResponse\": {\n \"type\": \"object\",\n \"properties\": {\n \"additionalProperties\": true\n }\n },\n \"additionalProperties\": false\n },\n \"required\": [\"sessionId\", \"verifiedAuthenticationRequest\"],\n \"description\": \"Arguments needed for {@link DidAuthSiopOpAuthenticator.sendSiopAuthenticationResponse } \"\n }\n },\n \"methods\": {\n \"getSessionForSiop\": {\n \"description\": \"Get SIOP session\",\n \"arguments\": {\n \"$ref\": \"#/components/schemas/IGetSiopSessionArgs\"\n },\n \"returnType\": \"object\"\n },\n \"registerSessionForSiop\": {\n \"description\": \"Register SIOP session\",\n \"arguments\": {\n \"$ref\": \"#/components/schemas/IRegisterSiopSessionArgs\"\n },\n \"returnType\": \"object\"\n },\n \"removeSessionForSiop\": {\n \"description\": \"Remove SIOP session\",\n \"arguments\": {\n \"$ref\": \"#/components/schemas/IRemoveSiopSessionArgs\"\n },\n \"returnType\": \"boolean\"\n },\n \"authenticateWithSiop\": {\n \"description\": \"Authenticate using DID Auth SIOP\",\n \"arguments\": {\n \"$ref\": \"#/components/schemas/IAuthenticateWithSiopArgs\"\n },\n \"returnType\": {\n \"$ref\": \"#/components/schemas/Response\"\n }\n },\n \"getSiopAuthenticationRequestFromRP\": {\n \"description\": \"Get authentication request from RP\",\n \"arguments\": {\n \"$ref\": \"#/components/schemas/IGetSiopAuthenticationRequestFromRpArgs\"\n },\n \"returnType\": {\n \"$ref\": \"#/components/schemas/ParsedAuthenticationRequestURI\"\n }\n },\n \"getSiopAuthenticationRequestDetails\": {\n \"description\": \"Get authentication request details\",\n \"arguments\": {\n \"$ref\": \"#/components/schemas/IGetSiopAuthenticationRequestDetailsArgs\"\n },\n \"returnType\": {\n \"$ref\": \"#/components/schemas/IAuthRequestDetails\"\n }\n },\n \"verifySiopAuthenticationRequestURI\": {\n \"description\": \"Verify authentication request URI\",\n \"arguments\": {\n \"$ref\": \"#/components/schemas/IVerifySiopAuthenticationRequestUriArgs\"\n },\n \"returnType\": {\n \"$ref\": \"#/components/schemas/VerifiedAuthorizationRequest\"\n }\n },\n \"sendSiopAuthenticationResponse\": {\n \"description\": \"Send authentication response\",\n \"arguments\": {\n \"$ref\": \"#/components/schemas/ISendSiopAuthenticationResponseArgs\"\n },\n \"returnType\": {\n \"$ref\": \"#/components/schemas/IRequiredContext\"\n }\n }\n }\n }\n }\n}\n","/**\n * @public\n */\nconst schema = require('../plugin.schema.json')\nexport { schema }\nexport { SIOPv2RP } from './agent/SIOPv2RP'\nexport * from './types/ISIOPv2RP'\n","import {\n AuthorizationRequestState,\n AuthorizationResponsePayload,\n AuthorizationResponseState,\n AuthorizationResponseStateStatus,\n decodeUriAsJson,\n VerifiedAuthorizationResponse,\n} from '@sphereon/did-auth-siop'\nimport { getAgentResolver } from '@sphereon/ssi-sdk-ext.did-utils'\nimport {\n AdditionalClaims,\n CredentialMapper,\n HasherSync,\n ICredentialSubject,\n IPresentation,\n IVerifiableCredential,\n IVerifiablePresentation,\n JwtDecodedVerifiablePresentation,\n MdocDeviceResponse,\n MdocOid4vpMdocVpToken,\n OriginalVerifiablePresentation,\n SdJwtDecodedVerifiableCredential,\n} from '@sphereon/ssi-types'\nimport { IAgentPlugin } from '@veramo/core'\nimport {\n AuthorizationResponseStateWithVerifiedData,\n IAuthorizationRequestPayloads,\n ICreateAuthRequestArgs,\n IGetAuthRequestStateArgs,\n IGetAuthResponseStateArgs,\n IGetRedirectUriArgs,\n ImportDefinitionsArgs,\n IPEXInstanceOptions,\n IRequiredContext,\n IRPDefaultOpts,\n IRPOptions,\n ISiopRPInstanceArgs,\n ISiopv2RPOpts,\n IUpdateRequestStateArgs,\n IVerifyAuthResponseStateArgs,\n schema,\n VerifiedDataMode,\n} from '../index'\nimport { RPInstance } from '../RPInstance'\nimport { ISIOPv2RP } from '../types/ISIOPv2RP'\nimport { shaHasher as defaultHasher } from '@sphereon/ssi-sdk.core'\nimport { DcqlQuery } from 'dcql'\n\nexport class SIOPv2RP implements IAgentPlugin {\n private readonly opts: ISiopv2RPOpts\n private static readonly _DEFAULT_OPTS_KEY = '_default'\n private readonly instances: Map<string, RPInstance> = new Map()\n readonly schema = schema.IDidAuthSiopOpAuthenticator\n\n readonly methods: ISIOPv2RP = {\n siopCreateAuthRequestURI: this.createAuthorizationRequestURI.bind(this),\n siopCreateAuthRequestPayloads: this.createAuthorizationRequestPayloads.bind(this),\n siopGetAuthRequestState: this.siopGetRequestState.bind(this),\n siopGetAuthResponseState: this.siopGetResponseState.bind(this),\n siopUpdateAuthRequestState: this.siopUpdateRequestState.bind(this),\n siopDeleteAuthState: this.siopDeleteState.bind(this),\n siopVerifyAuthResponse: this.siopVerifyAuthResponse.bind(this),\n siopImportDefinitions: this.siopImportDefinitions.bind(this),\n siopGetRedirectURI: this.siopGetRedirectURI.bind(this),\n }\n\n constructor(opts: ISiopv2RPOpts) {\n this.opts = opts\n }\n\n public setDefaultOpts(rpDefaultOpts: IRPDefaultOpts, context: IRequiredContext) {\n // We allow setting default options later, because in some cases you might want to query the agent for defaults. This cannot happen when the agent is being build (this is when the constructor is being called)\n this.opts.defaultOpts = rpDefaultOpts\n // We however do require the agent to be responsible for resolution, otherwise people might encounter strange errors, that are very hard to track down\n if (\n !this.opts.defaultOpts.identifierOpts.resolveOpts?.resolver ||\n typeof this.opts.defaultOpts.identifierOpts.resolveOpts.resolver.resolve !== 'function'\n ) {\n this.opts.defaultOpts.identifierOpts.resolveOpts = {\n ...this.opts.defaultOpts.identifierOpts.resolveOpts,\n resolver: getAgentResolver(context, { uniresolverResolution: true, resolverResolution: true, localResolution: true }),\n }\n }\n }\n\n private async createAuthorizationRequestURI(createArgs: ICreateAuthRequestArgs, context: IRequiredContext): Promise<string> {\n return await this.getRPInstance({ responseRedirectURI: createArgs.responseRedirectURI, ...(createArgs.useQueryIdInstance === true && { queryId: createArgs.queryId } ) }, context)\n .then((rp) => rp.createAuthorizationRequestURI(createArgs, context))\n .then((URI) => URI.encodedUri)\n }\n\n private async createAuthorizationRequestPayloads(\n createArgs: ICreateAuthRequestArgs,\n context: IRequiredContext,\n ): Promise<IAuthorizationRequestPayloads> {\n return await this.getRPInstance({ queryId: createArgs.queryId }, context)\n .then((rp) => rp.createAuthorizationRequest(createArgs, context))\n .then(async (request) => {\n const authRequest: IAuthorizationRequestPayloads = {\n authorizationRequest: request.payload,\n requestObject: await request.requestObjectJwt(),\n requestObjectDecoded: request.requestObject?.getPayload(),\n }\n return authRequest\n })\n }\n\n private async siopGetRequestState(args: IGetAuthRequestStateArgs, context: IRequiredContext): Promise<AuthorizationRequestState | undefined> {\n return await this.getRPInstance({ queryId: args.queryId }, context).then((rp) =>\n rp.get(context).then((rp) =>\n rp.sessionManager.getRequestStateByCorrelationId(args.correlationId, args.errorOnNotFound)\n ),\n )\n }\n\n private async siopGetResponseState(\n args: IGetAuthResponseStateArgs,\n context: IRequiredContext,\n ): Promise<AuthorizationResponseStateWithVerifiedData | undefined> {\n const rpInstance: RPInstance = await this.getRPInstance({ queryId: args.queryId }, context)\n const authorizationResponseState: AuthorizationResponseState | undefined = await rpInstance\n .get(context)\n .then((rp) => rp.sessionManager.getResponseStateByCorrelationId(args.correlationId, args.errorOnNotFound))\n if (authorizationResponseState === undefined) {\n return undefined\n }\n\n const responseState = authorizationResponseState as AuthorizationResponseStateWithVerifiedData\n if (\n responseState.status === AuthorizationResponseStateStatus.VERIFIED &&\n args.includeVerifiedData &&\n args.includeVerifiedData !== VerifiedDataMode.NONE\n ) {\n let hasher: HasherSync | undefined\n if (\n CredentialMapper.isSdJwtEncoded(responseState.response.payload.vp_token as OriginalVerifiablePresentation) &&\n (!rpInstance.rpOptions.credentialOpts?.hasher || typeof rpInstance.rpOptions.credentialOpts?.hasher !== 'function')\n ) {\n hasher = defaultHasher\n }\n // todo this should also include mdl-mdoc\n const presentationDecoded = CredentialMapper.decodeVerifiablePresentation(\n responseState.response.payload.vp_token as OriginalVerifiablePresentation,\n //todo: later we want to conditionally pass in options for mdl-mdoc here\n hasher,\n )\n switch (args.includeVerifiedData) {\n case VerifiedDataMode.VERIFIED_PRESENTATION:\n responseState.response.payload.verifiedData = this.presentationOrClaimsFrom(presentationDecoded)\n break\n case VerifiedDataMode.CREDENTIAL_SUBJECT_FLATTENED: // TODO debug cs-flat for SD-JWT\n const allClaims: AdditionalClaims = {}\n for (const credential of this.presentationOrClaimsFrom(presentationDecoded).verifiableCredential || []) {\n const vc = credential as IVerifiableCredential\n const schemaValidationResult = await context.agent.cvVerifySchema({\n credential,\n hasher,\n validationPolicy: rpInstance.rpOptions.verificationPolicies?.schemaValidation,\n })\n if (!schemaValidationResult.result) {\n responseState.status = AuthorizationResponseStateStatus.ERROR\n responseState.error = new Error(schemaValidationResult.error)\n return responseState\n }\n\n const credentialSubject = vc.credentialSubject as ICredentialSubject & AdditionalClaims\n if (!('id' in allClaims)) {\n allClaims['id'] = credentialSubject.id\n }\n\n Object.entries(credentialSubject).forEach(([key, value]) => {\n if (!(key in allClaims)) {\n allClaims[key] = value\n }\n })\n }\n responseState.verifiedData = allClaims\n break\n }\n }\n return responseState\n }\n\n private presentationOrClaimsFrom = (\n presentationDecoded:\n | JwtDecodedVerifiablePresentation\n | IVerifiablePresentation\n | SdJwtDecodedVerifiableCredential\n | MdocOid4vpMdocVpToken\n | MdocDeviceResponse,\n ): AdditionalClaims | IPresentation =>\n CredentialMapper.isSdJwtDecodedCredential(presentationDecoded)\n ? presentationDecoded.decodedPayload\n : CredentialMapper.toUniformPresentation(presentationDecoded as OriginalVerifiablePresentation)\n\n private async siopUpdateRequestState(args: IUpdateRequestStateArgs, context: IRequiredContext): Promise<AuthorizationRequestState> {\n if (args.state !== 'authorization_request_created') {\n throw Error(`Only 'authorization_request_created' status is supported for this method at this point`)\n }\n return await this.getRPInstance({ queryId: args.queryId }, context)\n // todo: In the SIOP library we need to update the signal method to be more like this method\n .then((rp) =>\n rp.get(context).then(async (rp) => {\n await rp.signalAuthRequestRetrieved({\n correlationId: args.correlationId,\n error: args.error ? new Error(args.error) : undefined,\n })\n return (await rp.sessionManager.getRequestStateByCorrelationId(args.correlationId, true)) as AuthorizationRequestState\n }),\n )\n }\n\n private async siopDeleteState(args: IGetAuthResponseStateArgs, context: IRequiredContext): Promise<boolean> {\n return await this.getRPInstance({ queryId: args.queryId }, context)\n .then((rp) => rp.get(context).then((rp) => rp.sessionManager.deleteStateForCorrelationId(args.correlationId)))\n .then(() => true)\n }\n\n private async siopVerifyAuthResponse(args: IVerifyAuthResponseStateArgs, context: IRequiredContext): Promise<VerifiedAuthorizationResponse> {\n if (!args.authorizationResponse) {\n throw Error('No SIOPv2 Authorization Response received')\n }\n const authResponse =\n typeof args.authorizationResponse === 'string'\n ? (decodeUriAsJson(args.authorizationResponse) as AuthorizationResponsePayload)\n : args.authorizationResponse\n return await this.getRPInstance({ queryId: args.queryId }, context).then((rp) =>\n rp.get(context).then((rp) =>\n rp.verifyAuthorizationResponse(authResponse, {\n correlationId: args.correlationId,\n ...(args.presentationDefinitions && !args.dcqlQuery ? { presentationDefinitions: args.presentationDefinitions } : {}),\n ...(args.dcqlQuery ? { dcqlQuery: args.dcqlQuery as DcqlQuery } : {}), // TODO BEFORE PR, check compatibility and whether we can remove local type\n audience: args.audience,\n }),\n ),\n )\n }\n\n private async siopImportDefinitions(args: ImportDefinitionsArgs, context: IRequiredContext): Promise<void> {\n const { queries, tenantId, version, versionControlMode } = args\n await Promise.all(\n queries.map(async (definitionPair) => {\n const definitionPayload = definitionPair.definitionPayload\n await context.agent.pexValidateDefinition({ definition: definitionPayload })\n\n console.log(`persisting definition ${definitionPayload.id} / ${definitionPayload.name} with versionControlMode ${versionControlMode}`)\n return context.agent.pdmPersistDefinition({\n definitionItem: {\n tenantId: tenantId,\n version: version,\n definitionPayload,\n dcqlPayload: definitionPair.dcqlPayload,\n },\n opts: { versionControlMode: versionControlMode },\n })\n }),\n )\n }\n\n private async siopGetRedirectURI(args: IGetRedirectUriArgs, context: IRequiredContext): Promise<string | undefined> {\n const instanceId = args.queryId ?? SIOPv2RP._DEFAULT_OPTS_KEY\n if (this.instances.has(instanceId)) {\n const rpInstance = this.instances.get(instanceId)\n if (rpInstance !== undefined) {\n const rp = await rpInstance.get(context)\n return rp.getResponseRedirectUri({\n correlation_id: args.correlationId,\n correlationId: args.correlationId,\n ...(args.state && { state: args.state }),\n })\n }\n }\n return undefined\n }\n\n async getRPInstance({ queryId, responseRedirectURI }: ISiopRPInstanceArgs, context: IRequiredContext): Promise<RPInstance> {\n const instanceId = queryId ?? SIOPv2RP._DEFAULT_OPTS_KEY\n if (!this.instances.has(instanceId)) {\n const instanceOpts = this.getInstanceOpts(queryId)\n const rpOpts = await this.getRPOptions(context, { queryId, responseRedirectURI: responseRedirectURI })\n if (!rpOpts.identifierOpts.resolveOpts?.resolver || typeof rpOpts.identifierOpts.resolveOpts.resolver.resolve !== 'function') {\n if (!rpOpts.identifierOpts?.resolveOpts) {\n rpOpts.identifierOpts = { ...rpOpts.identifierOpts }\n rpOpts.identifierOpts.resolveOpts = { ...rpOpts.identifierOpts.resolveOpts }\n }\n console.log('Using agent DID resolver for RP instance with definition id ' + queryId)\n rpOpts.identifierOpts.resolveOpts.resolver = getAgentResolver(context, {\n uniresolverResolution: true,\n localResolution: true,\n resolverResolution: true,\n })\n }\n this.instances.set(instanceId, new RPInstance({ rpOpts, pexOpts: instanceOpts }))\n }\n const rpInstance = this.instances.get(instanceId)!\n if (responseRedirectURI) {\n rpInstance.rpOptions.responseRedirectUri = responseRedirectURI\n }\n return rpInstance\n }\n\n async getRPOptions(context: IRequiredContext, opts: { queryId?: string; responseRedirectURI?: string }): Promise<IRPOptions> {\n const { queryId, responseRedirectURI: responseRedirectURI } = opts\n const options = this.getInstanceOpts(queryId)?.rpOpts ?? this.opts.defaultOpts\n if (!options) {\n throw Error(`Could not get specific nor default options for definition ${queryId}`)\n }\n if (this.opts.defaultOpts) {\n if (!options.identifierOpts) {\n options.identifierOpts = this.opts.defaultOpts?.identifierOpts\n } else {\n if (!options.identifierOpts.idOpts) {\n options.identifierOpts.idOpts = this.opts.defaultOpts.identifierOpts.idOpts\n }\n if (!options.identifierOpts.supportedDIDMethods) {\n options.identifierOpts.supportedDIDMethods = this.opts.defaultOpts.identifierOpts.supportedDIDMethods\n }\n if (!options.supportedVersions) {\n options.supportedVersions = this.opts.defaultOpts.supportedVersions\n }\n }\n if (!options.identifierOpts.resolveOpts || typeof options.identifierOpts.resolveOpts.resolver?.resolve !== 'function') {\n options.identifierOpts.resolveOpts = {\n ...this.opts.defaultOpts.identifierOpts.resolveOpts,\n resolver:\n this.opts.defaultOpts.identifierOpts?.resolveOpts?.resolver ??\n getAgentResolver(context, { localResolution: true, resolverResolution: true, uniresolverResolution: true }),\n }\n }\n }\n if (responseRedirectURI !== undefined && responseRedirectURI !== options.responseRedirectUri) {\n options.responseRedirectUri = responseRedirectURI\n }\n return options\n }\n\n getInstanceOpts(definitionId?: string): IPEXInstanceOptions | undefined {\n if (!this.opts.instanceOpts) return undefined\n\n const instanceOpt = definitionId ? this.opts.instanceOpts.find((i) => i.queryId === definitionId) : undefined\n\n return instanceOpt ?? this.getDefaultOptions(definitionId)\n }\n\n private getDefaultOptions(definitionId: string | undefined) {\n if (!this.opts.instanceOpts) return undefined\n\n const defaultOptions = this.opts.instanceOpts.find((i) => i.queryId === 'default')\n if (defaultOptions) {\n const clonedOptions = { ...defaultOptions }\n if (definitionId !== undefined) {\n clonedOptions.queryId = definitionId\n }\n return clonedOptions\n }\n\n return undefined\n }\n}\n","import {\n ClientIdScheme,\n ClientMetadataOpts,\n InMemoryRPSessionManager,\n PassBy,\n PresentationVerificationCallback,\n PresentationVerificationResult,\n PropertyTarget,\n ResponseMode,\n ResponseType,\n RevocationVerification,\n RP,\n RPBuilder,\n Scope,\n SubjectType,\n SupportedVersion,\n VerifyJwtCallback,\n} from '@sphereon/did-auth-siop'\nimport { CreateJwtCallback, JwtHeader, JwtIssuer, JwtPayload, SigningAlgo } from '@sphereon/oid4vc-common'\nimport { IPresentationDefinition } from '@sphereon/pex'\nimport { getAgentDIDMethods, getAgentResolver } from '@sphereon/ssi-sdk-ext.did-utils'\nimport {\n isExternalIdentifierOIDFEntityIdOpts,\n isManagedIdentifierDidOpts,\n isManagedIdentifierDidResult,\n isManagedIdentifierX5cOpts,\n ManagedIdentifierOptsOrResult,\n} from '@sphereon/ssi-sdk-ext.identifier-resolution'\nimport { JwtCompactResult } from '@sphereon/ssi-sdk-ext.jwt-service'\nimport { IVerifySdJwtPresentationResult } from '@sphereon/ssi-sdk.sd-jwt'\nimport { CredentialMapper, Hasher, OriginalVerifiableCredential, PresentationSubmission } from '@sphereon/ssi-types'\nimport { IVerifyCallbackArgs, IVerifyCredentialResult, VerifyCallback } from '@sphereon/wellknown-dids-client'\n// import { KeyAlgo, SuppliedSigner } from '@sphereon/ssi-sdk.core'\nimport { TKeyType } from '@veramo/core'\nimport { JWTVerifyOptions } from 'did-jwt'\nimport { Resolvable } from 'did-resolver'\nimport { EventEmitter } from 'events'\nimport { IPEXOptions, IRequiredContext, IRPOptions, ISIOPIdentifierOptions } from './types/ISIOPv2RP'\nimport { DcqlQuery } from 'dcql'\nimport { defaultHasher } from '@sphereon/ssi-sdk.core'\n\nexport function getRequestVersion(rpOptions: IRPOptions): SupportedVersion {\n if (Array.isArray(rpOptions.supportedVersions) && rpOptions.supportedVersions.length > 0) {\n return rpOptions.supportedVersions[0]\n }\n return SupportedVersion.JWT_VC_PRESENTATION_PROFILE_v1\n}\n\nfunction getWellKnownDIDVerifyCallback(siopIdentifierOpts: ISIOPIdentifierOptions, context: IRequiredContext) {\n return siopIdentifierOpts.wellknownDIDVerifyCallback\n ? siopIdentifierOpts.wellknownDIDVerifyCallback\n : async (args: IVerifyCallbackArgs): Promise<IVerifyCredentialResult> => {\n const result = await context.agent.cvVerifyCredential({\n credential: args.credential as OriginalVerifiableCredential,\n fetchRemoteContexts: true,\n })\n return { verified: result.result }\n }\n}\n\nexport function getPresentationVerificationCallback(\n idOpts: ManagedIdentifierOptsOrResult,\n context: IRequiredContext,\n): PresentationVerificationCallback {\n async function presentationVerificationCallback(\n args: any, // FIXME any\n presentationSubmission?: PresentationSubmission,\n ): Promise<PresentationVerificationResult> {\n if (CredentialMapper.isSdJwtEncoded(args)) {\n const result: IVerifySdJwtPresentationResult = await context.agent.verifySdJwtPresentation({\n presentation: args,\n kb: true,\n })\n // fixme: investigate the correct way to handle this\n return { verified: !!result.payload }\n }\n\n if (CredentialMapper.isMsoMdocOid4VPEncoded(args)) {\n // TODO Funke reevaluate\n if (context.agent.mdocOid4vpRPVerify === undefined) {\n return Promise.reject('ImDLMdoc agent plugin must be enabled to support MsoMdoc types')\n }\n if (presentationSubmission !== undefined && presentationSubmission !== null) {\n const verifyResult = await context.agent.mdocOid4vpRPVerify({\n vp_token: args,\n presentation_submission: presentationSubmission,\n })\n return { verified: !verifyResult.error }\n }\n throw Error(`mdocOid4vpRPVerify(...) method requires a presentation submission`)\n }\n\n const result = await context.agent.verifyPresentation({\n presentation: args,\n fetchRemoteContexts: true,\n domain: (await context.agent.identifierManagedGet(idOpts)).kid?.split('#')[0],\n })\n return { verified: result.verified }\n }\n\n return presentationVerificationCallback\n}\n\nexport async function createRPBuilder(args: {\n rpOpts: IRPOptions\n pexOpts?: IPEXOptions | undefined\n definition?: IPresentationDefinition\n dcql?: DcqlQuery\n context: IRequiredContext\n}): Promise<RPBuilder> {\n const { rpOpts, pexOpts, context } = args\n const { identifierOpts } = rpOpts\n let definition: IPresentationDefinition | undefined = args.definition\n let dcqlQuery: DcqlQuery | undefined = args.dcql\n\n if (!definition && pexOpts && pexOpts.queryId) {\n const presentationDefinitionItems = await context.agent.pdmGetDefinitions({\n filter: [\n {\n definitionId: pexOpts.queryId,\n version: pexOpts.version,\n tenantId: pexOpts.tenantId,\n },\n ],\n })\n\n if (presentationDefinitionItems.length > 0) {\n const presentationDefinitionItem = presentationDefinitionItems[0]\n definition = presentationDefinitionItem.definitionPayload\n if (!dcqlQuery && presentationDefinitionItem.dcqlPayload) {\n dcqlQuery = presentationDefinitionItem.dcqlPayload as DcqlQuery // cast from DcqlQueryREST back to valibot DcqlQuery\n }\n }\n }\n\n const didMethods = identifierOpts.supportedDIDMethods ?? (await getAgentDIDMethods(context))\n const eventEmitter = rpOpts.eventEmitter ?? new EventEmitter()\n\n const defaultClientMetadata: ClientMetadataOpts = {\n // FIXME: All of the below should be configurable. Some should come from builder, some should be determined by the agent.\n // For now it is either preconfigured or everything passed in as a single object\n idTokenSigningAlgValuesSupported: [SigningAlgo.EDDSA, SigningAlgo.ES256, SigningAlgo.ES256K], // added newly\n requestObjectSigningAlgValuesSupported: [SigningAlgo.EDDSA, SigningAlgo.ES256, SigningAlgo.ES256K], // added newly\n responseTypesSupported: [ResponseType.ID_TOKEN], // added newly\n client_name: 'Sphereon',\n vpFormatsSupported: {\n jwt_vc: { alg: ['EdDSA', 'ES256K'] },\n jwt_vp: { alg: ['ES256K', 'EdDSA'] },\n },\n scopesSupported: [Scope.OPENID_DIDAUTHN],\n subjectTypesSupported: [SubjectType.PAIRWISE],\n subject_syntax_types_supported: didMethods.map((method) => `did:${method}`),\n passBy: PassBy.VALUE,\n }\n\n const resolver =\n rpOpts.identifierOpts.resolveOpts?.resolver ??\n getAgentResolver(context, {\n resolverResolution: true,\n localResolution: true,\n uniresolverResolution: rpOpts.identifierOpts.resolveOpts?.noUniversalResolverFallback !== true,\n })\n //todo: probably wise to first look and see if we actually need the hasher to begin with\n let hasher: Hasher | undefined = rpOpts.credentialOpts?.hasher\n if (!rpOpts.credentialOpts?.hasher || typeof rpOpts.credentialOpts?.hasher !== 'function') {\n hasher = defaultHasher\n }\n\n const builder = RP.builder({ requestVersion: getRequestVersion(rpOpts) })\n .withScope('openid', PropertyTarget.REQUEST_OBJECT)\n .withResponseMode(rpOpts.responseMode ?? ResponseMode.POST)\n .withResponseType(ResponseType.VP_TOKEN, PropertyTarget.REQUEST_OBJECT)\n // todo: move to options fill/correct method\n .withSupportedVersions(\n rpOpts.supportedVersions ?? [SupportedVersion.JWT_VC_PRESENTATION_PROFILE_v1, SupportedVersion.SIOPv2_ID1, SupportedVersion.SIOPv2_D11],\n )\n\n .withEventEmitter(eventEmitter)\n .withSessionManager(rpOpts.sessionManager ?? new InMemoryRPSessionManager(eventEmitter))\n .withClientMetadata(rpOpts.clientMetadataOpts ?? defaultClientMetadata, PropertyTarget.REQUEST_OBJECT)\n .withVerifyJwtCallback(\n rpOpts.verifyJwtCallback\n ? rpOpts.verifyJwtCallback\n : getVerifyJwtCallback(\n {\n resolver,\n verifyOpts: {\n wellknownDIDVerifyCallback: getWellKnownDIDVerifyCallback(rpOpts.identifierOpts, context),\n checkLinkedDomain: 'if_present',\n },\n },\n context,\n ),\n )\n .withRevocationVerification(RevocationVerification.NEVER)\n .withPresentationVerification(getPresentationVerificationCallback(identifierOpts.idOpts, context))\n\n const oidfOpts = identifierOpts.oidfOpts\n if (oidfOpts && isExternalIdentifierOIDFEntityIdOpts(oidfOpts)) {\n builder.withEntityId(oidfOpts.identifier, PropertyTarget.REQUEST_OBJECT).withClientIdScheme('entity_id', PropertyTarget.REQUEST_OBJECT)\n } else {\n const resolution = await context.agent.identifierManagedGet(identifierOpts.idOpts)\n builder\n .withClientId(\n resolution.issuer ?? (isManagedIdentifierDidResult(resolution) ? resolution.did : resolution.jwkThumbprint),\n PropertyTarget.REQUEST_OBJECT,\n )\n .withClientIdScheme(\n (resolution.clientIdScheme as ClientIdScheme) ?? (identifierOpts.idOpts.clientIdScheme as ClientIdScheme),\n PropertyTarget.REQUEST_OBJECT,\n )\n }\n\n if (hasher) {\n builder.withHasher(hasher)\n }\n //fixme: this has been removed in the new version of did-auth-siop\n /*if (!rpOpts.clientMetadataOpts?.subjectTypesSupported) {\n // Do not update in case it is already provided via client metadata opts\n didMethods.forEach((method) => builder.addDidMethod(method))\n }*/\n //fixme: this has been removed in the new version of did-auth-siop\n // builder.withWellknownDIDVerifyCallback(getWellKnownDIDVerifyCallback(didOpts, context))\n\n if (definition) {\n builder.withPresentationDefinition({ definition }, PropertyTarget.REQUEST_OBJECT)\n }\n if (dcqlQuery) {\n builder.withDcqlQuery(dcqlQuery)\n }\n\n if (rpOpts.responseRedirectUri) {\n builder.withResponseRedirectUri(rpOpts.responseRedirectUri)\n }\n\n //const key = resolution.key\n //fixme: this has been removed in the new version of did-auth-siop\n //builder.withSuppliedSignature(SuppliedSigner(key, context, getSigningAlgo(key.type) as unknown as KeyAlgo), did, kid, getSigningAlgo(key.type))\n\n /*if (isManagedIdentifierDidResult(resolution)) {\n //fixme: only accepts dids in version used. New SIOP lib also accepts other types\n builder.withSuppliedSignature(\n SuppliedSigner(key, context, getSigningAlgo(key.type) as unknown as KeyAlgo),\n resolution.did,\n resolution.kid,\n getSigningAlgo(key.type),\n )\n }*/\n //fixme: signcallback and it's return type are not totally compatible with our CreateJwtCallbackBase\n const createJwtCallback = signCallback(rpOpts.identifierOpts.idOpts, context)\n builder.withCreateJwtCallback(createJwtCallback satisfies CreateJwtCallback<any>)\n return builder\n}\n\nexport function signCallback(\n idOpts: ManagedIdentifierOptsOrResult,\n context: IRequiredContext,\n): (jwtIssuer: JwtIssuer, jwt: { header: JwtHeader; payload: JwtPayload }, kid?: string) => Promise<string> {\n return async (jwtIssuer: JwtIssuer, jwt: { header: JwtHeader; payload: JwtPayload }, kid?: string) => {\n if (!(isManagedIdentifierDidOpts(idOpts) || isManagedIdentifierX5cOpts(idOpts))) {\n return Promise.reject(Error(`JWT issuer method ${jwtIssuer.method} not yet supported`))\n }\n const result: JwtCompactResult = await context.agent.jwtCreateJwsCompactSignature({\n // FIXME fix cose-key inference\n // @ts-ignore\n issuer: { identifier: idOpts.identifier, kmsKeyRef: idOpts.kmsKeyRef, noIdentifierInHeader: false },\n // FIXME fix JWK key_ops\n // @ts-ignore\n protectedHeader: jwt.header,\n payload: jwt.payload,\n })\n return result.jwt\n }\n}\n\nfunction getVerifyJwtCallback(\n _opts: {\n resolver?: Resolvable\n verifyOpts?: JWTVerifyOptions & {\n checkLinkedDomain: 'never' | 'if_present' | 'always'\n wellknownDIDVerifyCallback?: VerifyCallback\n }\n },\n context: IRequiredContext,\n): VerifyJwtCallback {\n return async (_jwtVerifier, jwt) => {\n const result = await context.agent.jwtVerifyJwsSignature({ jws: jwt.raw })\n console.log(result.message)\n return !result.error\n }\n}\n\nexport async function createRP({ rpOptions, context }: { rpOptions: IRPOptions; context: IRequiredContext }): Promise<RP> {\n return (await createRPBuilder({ rpOpts: rpOptions, context })).build()\n}\n\nexport function getSigningAlgo(type: TKeyType): SigningAlgo {\n switch (type) {\n case 'Ed25519':\n return SigningAlgo.EDDSA\n case 'Secp256k1':\n return SigningAlgo.ES256K\n case 'Secp256r1':\n return SigningAlgo.ES256\n // @ts-ignore\n case 'RSA':\n return SigningAlgo.RS256\n default:\n throw Error('Key type not yet supported')\n }\n}\n","import { AuthorizationRequest, RP, URI } from '@sphereon/did-auth-siop'\nimport { ICreateAuthRequestArgs, IPEXOptions, IRequiredContext, IRPOptions } from './types/ISIOPv2RP'\nimport { IPresentationDefinition } from '@sphereon/pex'\nimport { createRPBuilder, getRequestVersion, getSigningAlgo } from './functions'\nimport { v4 as uuidv4 } from 'uuid'\nimport { JwtIssuer } from '@sphereon/oid4vc-common'\nimport {\n ensureManagedIdentifierResult,\n isManagedIdentifierDidResult,\n isManagedIdentifierX5cResult,\n} from '@sphereon/ssi-sdk-ext.identifier-resolution'\n\nexport class RPInstance {\n private _rp: RP | undefined\n private readonly _pexOptions: IPEXOptions | undefined\n private readonly _rpOptions: IRPOptions\n\n public constructor({ rpOpts, pexOpts }: { rpOpts: IRPOptions; pexOpts?: IPEXOptions }) {\n this._rpOptions = rpOpts\n this._pexOptions = pexOpts\n }\n\n public async get(context: IRequiredContext): Promise<RP> {\n if (!this._rp) {\n const builder = await createRPBuilder({\n rpOpts: this._rpOptions,\n pexOpts: this._pexOptions,\n context,\n })\n this._rp = builder.build()\n }\n return this._rp!\n }\n\n get rpOptions() {\n return this._rpOptions\n }\n\n get pexOptions() {\n return this._pexOptions\n }\n\n public hasDefinition(): boolean {\n return this.definitionId !== undefined\n }\n\n get definitionId(): string | undefined {\n return this.pexOptions?.queryId\n }\n\n public async getPresentationDefinition(context: IRequiredContext): Promise<IPresentationDefinition | undefined> {\n return this.definitionId\n ? await context.agent.pexStoreGetDefinition({\n definitionId: this.definitionId,\n tenantId: this.pexOptions?.tenantId,\n })\n : undefined\n }\n\n public async createAuthorizationRequestURI(createArgs: Omit<ICreateAuthRequestArgs, 'queryId'>, context: IRequiredContext): Promise<URI> {\n const { correlationId, claims, requestByReferenceURI, responseURI, responseURIType } = createArgs\n const nonce = createArgs.nonce ?? uuidv4()\n const state = createArgs.state ?? correlationId\n let jwtIssuer: JwtIssuer\n const idOpts = this.rpOptions.identifierOpts.idOpts\n const resolution = await ensureManagedIdentifierResult(idOpts, context)\n if (isManagedIdentifierDidResult(resolution)) {\n jwtIssuer = { didUrl: resolution.kid, method: 'did', alg: getSigningAlgo(resolution.key.type) }\n } else if (isManagedIdentifierX5cResult(resolution)) {\n if (!resolution.issuer) {\n return Promise.reject('missing issuer in idOpts')\n }\n jwtIssuer = {\n issuer: resolution.issuer,\n x5c: resolution.x5c,\n method: 'x5c',\n alg: getSigningAlgo(resolution.key.type),\n }\n } else {\n return Promise.reject(Error(`JWT issuer method ${resolution.method} not yet supported`))\n }\n\n return await this.get(context).then((rp) =>\n rp.createAuthorizationRequestURI({\n version: getRequestVersion(this.rpOptions),\n correlationId,\n nonce,\n state,\n claims,\n requestByReferenceURI,\n responseURI,\n responseURIType,\n jwtIssuer,\n }),\n )\n }\n\n public async createAuthorizationRequest(\n createArgs: Omit<ICreateAuthRequestArgs, 'queryId'>,\n context: IRequiredContext,\n ): Promise<AuthorizationRequest> {\n const { correlationId, claims, requestByReferenceURI, responseURI, responseURIType } = createArgs\n const nonce = createArgs.nonce ?? uuidv4()\n const state = createArgs.state ?? correlationId\n const idOpts = this.rpOptions.identifierOpts.idOpts\n const resolution = await ensureManagedIdentifierResult(idOpts, context)\n\n let jwtIssuer: JwtIssuer\n if (isManagedIdentifierX5cResult(resolution) && resolution.issuer) {\n jwtIssuer = {\n method: resolution.method,\n alg: getSigningAlgo(resolution.key.type),\n x5c: resolution.x5c,\n issuer: resolution.issuer,\n }\n } else if (isManagedIdentifierDidResult(resolution)) {\n jwtIssuer = {\n method: resolution.method,\n alg: getSigningAlgo(resolution.key.type),\n didUrl: resolution.did,\n }\n } else {\n return Promise.reject(Error('Only did & x5c supported at present'))\n }\n\n return await this.get(context).then((rp) =>\n rp.createAuthorizationRequest({\n version: getRequestVersion(this.rpOptions),\n correlationId,\n nonce,\n state,\n claims,\n requestByReferenceURI,\n responseURIType,\n responseURI,\n jwtIssuer,\n }),\n )\n }\n}\n","import {\n AuthorizationRequestPayload,\n AuthorizationRequestState,\n AuthorizationResponsePayload,\n AuthorizationResponseState,\n ClaimPayloadCommonOpts,\n ClientMetadataOpts,\n IRPSessionManager,\n PresentationDefinitionWithLocation,\n PresentationVerificationCallback,\n RequestObjectPayload,\n ResponseMode,\n ResponseURIType,\n SupportedVersion,\n VerifiablePresentationTypeFormat,\n VerifiedAuthorizationResponse,\n VerifyJwtCallback,\n VPTokenLocation,\n} from '@sphereon/did-auth-siop'\nimport { ExternalIdentifierOIDFEntityIdOpts, IIdentifierResolution, ManagedIdentifierOptsOrResult } from '@sphereon/ssi-sdk-ext.identifier-resolution'\nimport { IAgentContext, ICredentialIssuer, ICredentialVerifier, IDIDManager, IKeyManager, IPluginMethodMap, IResolver } from '@veramo/core'\nimport { AdditionalClaims, DcqlQueryREST, HasherSync, W3CVerifiablePresentation } from '@sphereon/ssi-types'\nimport { Resolvable } from 'did-resolver'\nimport { DIDDocument } from '@sphereon/did-uni-client'\nimport { EventEmitter } from 'events'\nimport { IPresentationDefinition } from '@sphereon/pex'\nimport { IDIDOptions } from '@sphereon/ssi-sdk-ext.did-utils'\nimport { IPresentationExchange } from '@sphereon/ssi-sdk.presentation-exchange'\nimport { VerifyCallback } from '@sphereon/wellknown-dids-client'\nimport { AuthorizationRequestStateStatus } from '@sphereon/ssi-sdk.siopv2-oid4vp-common'\nimport { IPDManager, VersionControlMode } from '@sphereon/ssi-sdk.pd-manager'\nimport { CheckLinkedDomain } from '@sphereon/did-auth-siop-adapter'\nimport { ISDJwtPlugin } from '@sphereon/ssi-sdk.sd-jwt'\nimport { IJwtService } from '@sphereon/ssi-sdk-ext.jwt-service'\nimport { JwtIssuer } from '@sphereon/oid4vc-common'\nimport { ImDLMdoc } from '@sphereon/ssi-sdk.mdl-mdoc'\nimport { ICredentialValidation, SchemaValidation } from '@sphereon/ssi-sdk.credential-validation'\n\nexport enum VerifiedDataMode {\n NONE = 'none',\n VERIFIED_PRESENTATION = 'vp',\n CREDENTIAL_SUBJECT_FLATTENED = 'cs-flat',\n}\n\nexport interface ISIOPv2RP extends IPluginMethodMap {\n siopCreateAuthRequestURI(createArgs: ICreateAuthRequestArgs, context: IRequiredContext): Promise<string>\n siopCreateAuthRequestPayloads(createArgs: ICreateAuthRequestArgs, context: IRequiredContext): Promise<IAuthorizationRequestPayloads>\n siopGetAuthRequestState(args: IGetAuthRequestStateArgs, context: IRequiredContext): Promise<AuthorizationRequestState | undefined>\n siopGetAuthResponseState(\n args: IGetAuthResponseStateArgs,\n context: IRequiredContext,\n ): Promise<AuthorizationResponseStateWithVerifiedData | undefined>\n siopUpdateAuthRequestState(args: IUpdateRequestStateArgs, context: IRequiredContext): Promise<AuthorizationRequestState>\n siopDeleteAuthState(args: IDeleteAuthStateArgs, context: IRequiredContext): Promise<boolean>\n siopVerifyAuthResponse(args: IVerifyAuthResponseStateArgs, context: IRequiredContext): Promise<VerifiedAuthorizationResponse>\n siopImportDefinitions(args: ImportDefinitionsArgs, context: IRequiredContext): Promise<void>\n\n siopGetRedirectURI(args: IGetRedirectUriArgs, context: IRequiredContext): Promise<string | undefined>\n}\n\nexport interface ISiopv2RPOpts {\n defaultOpts?: IRPDefaultOpts\n instanceOpts?: IPEXInstanceOptions[]\n}\n\nexport interface IRPDefaultOpts extends IRPOptions {}\n\nexport interface ICreateAuthRequestArgs {\n queryId: string //definitionId\n correlationId: string\n useQueryIdInstance?: boolean\n responseURIType: ResponseURIType\n responseURI: string\n responseRedirectURI?: string\n jwtIssuer?: JwtIssuer\n requestByReferenceURI?: string\n nonce?: string\n state?: string\n claims?: ClaimPayloadCommonOpts\n\n}\n\nexport interface IGetAuthRequestStateArgs {\n correlationId: string\n queryId?: string\n errorOnNotFound?: boolean\n}\n\nexport interface IGetAuthResponseStateArgs {\n correlationId: string\n queryId?: string\n errorOnNotFound?: boolean\n progressRequestStateTo?: AuthorizationRequestStateStatus\n includeVerifiedData?: VerifiedDataMode\n}\n\nexport interface IUpdateRequestStateArgs {\n queryId: string\n correlationId: string\n state: AuthorizationRequestStateStatus\n error?: string\n}\n\nexport interface IDeleteAuthStateArgs {\n correlationId: string\n queryId?: string\n}\n\nexport interface IVerifyAuthResponseStateArgs {\n authorizationResponse: string | AuthorizationResponsePayload\n queryId?: string\n correlationId: string\n audience?: string\n presentationDefinitions?: PresentationDefinitionWithLocation | PresentationDefinitionWithLocation[]\n dcqlQuery?: DcqlQueryREST\n}\n\nexport interface IDefinitionPair {\n definitionPayload: IPresentationDefinition\n dcqlPayload?: DcqlQueryREST\n}\n\nexport interface ImportDefinitionsArgs {\n queries: Array<IDefinitionPair>\n tenantId?: string\n version?: string\n versionControlMode?: VersionControlMode\n}\n\nexport interface IGetRedirectUriArgs {\n correlationId: string\n queryId?: string\n state?: string\n}\n\nexport interface IAuthorizationRequestPayloads {\n authorizationRequest: AuthorizationRequestPayload\n requestObject?: string\n requestObjectDecoded?: RequestObjectPayload\n}\n\nexport interface IPEXDefinitionPersistArgs extends IPEXInstanceOptions {\n definition: IPresentationDefinition\n ttl?: number\n}\n\nexport interface ISiopRPInstanceArgs {\n queryId?: string\n responseRedirectURI?: string\n}\n\nexport interface IPEXInstanceOptions extends IPEXOptions {\n rpOpts?: IRPOptions\n}\n\nexport interface IRPOptions {\n responseMode?: ResponseMode\n supportedVersions?: SupportedVersion[] // The supported version by the RP. The first version will be the default version\n sessionManager?: IRPSessionManager\n clientMetadataOpts?: ClientMetadataOpts\n expiresIn?: number\n eventEmitter?: EventEmitter\n credentialOpts?: CredentialOpts\n verificationPolicies?: VerificationPolicies\n identifierOpts: ISIOPIdentifierOptions\n verifyJwtCallback?: VerifyJwtCallback\n responseRedirectUri?: string\n}\n\nexport interface IPEXOptions {\n presentationVerifyCallback?: PresentationVerificationCallback\n // definition?: IPresentationDefinition\n queryId: string\n version?: string\n tenantId?: string\n}\n\nexport type VerificationPolicies = {\n schemaValidation: SchemaValidation\n}\n\nexport interface PerDidResolver {\n didMethod: string\n resolver: Resolvable\n}\n\nexport interface IAuthRequestDetails {\n rpDIDDocument?: DIDDocument\n id: string\n verifiablePresentationMatches: IPresentationWithDefinition[]\n alsoKnownAs?: string[]\n}\n\nexport interface IPresentationWithDefinition {\n location: VPTokenLocation\n definition: PresentationDefinitionWithLocation\n format: VerifiablePresentationTypeFormat\n presentation: W3CVerifiablePresentation\n}\n\nexport interface ISIOPIdentifierOptions extends Omit<IDIDOptions, 'idOpts'> {\n // we replace the legacy idOpts with the Managed Identifier opts from the identifier resolution module\n idOpts: ManagedIdentifierOptsOrResult\n oidfOpts?: ExternalIdentifierOIDFEntityIdOpts\n checkLinkedDomains?: CheckLinkedDomain\n wellknownDIDVerifyCallback?: VerifyCallback\n}\n\n// todo make the necessary changes for mdl-mdoc types\nexport type CredentialOpts = {\n hasher?: HasherSync\n}\n\nexport interface AuthorizationResponseStateWithVerifiedData extends AuthorizationResponseState {\n verifiedData?: AdditionalClaims\n}\n\nexport type IRequiredContext = IAgentContext<\n IResolver &\n IDIDManager &\n IKeyManager &\n IIdentifierResolution &\n ICredentialIssuer &\n ICredentialValidation &\n ICredentialVerifier &\n IPresentationExchange &\n IPDManager &\n ISDJwtPlugin &\n IJwtService &\n ImDLMdoc\n>\n"],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;AAAA;AAAA,gCAAAA,SAAA;AAAA,IAAAA,QAAA;AAAA,MACE,6BAA+B;AAAA,QAC7B,YAAc;AAAA,UACZ,SAAW;AAAA,YACT,qBAAuB;AAAA,cACrB,MAAQ;AAAA,cACR,YAAc;AAAA,gBACZ,WAAa;AAAA,kBACX,MAAQ;AAAA,gBACV;AAAA,gBACA,sBAAwB;AAAA,cAC1B;AAAA,cACA,UAAY,CAAC,WAAW;AAAA,cACxB,aAAe;AAAA,YACjB;AAAA,YACA,0BAA4B;AAAA,cAC1B,MAAQ;AAAA,cACR,YAAc;AAAA,gBACZ,YAAc;AAAA,kBACZ,MAAQ;AAAA,kBACR,YAAc;AAAA,oBACZ,KAAO;AAAA,sBACL,MAAQ;AAAA,oBACV;AAAA,oBACA,OAAS;AAAA,sBACP,MAAQ;AAAA,oBACV;AAAA,oBACA,UAAY;AAAA,sBACV,MAAQ;AAAA,oBACV;AAAA,oBACA,iBAAmB;AAAA,sBACjB,MAAQ;AAAA,oBACV;AAAA,oBACA,MAAQ;AAAA,sBACN,MAAQ;AAAA,sBACR,OAAS;AAAA,wBACP,MAAQ;AAAA,wBACR,YAAc;AAAA,0BACZ,sBAAwB;AAAA,wBAC1B;AAAA,sBACF;AAAA,oBACF;AAAA,oBACA,UAAY;AAAA,sBACV,MAAQ;AAAA,sBACR,OAAS;AAAA,wBACP,MAAQ;AAAA,wBACR,YAAc;AAAA,0BACZ,sBAAwB;AAAA,wBAC1B;AAAA,sBACF;AAAA,oBACF;AAAA,kBACF;AAAA,kBACA,sBAAwB;AAAA,kBACxB,UAAY,CAAC,OAAO,YAAY,QAAQ,UAAU;AAAA,gBACpD;AAAA,gBACA,WAAa;AAAA,kBACX,MAAQ;AAAA,gBACV;AAAA,gBACA,WAAa;AAAA,kBACX,MAAQ;AAAA,gBACV;AAAA,gBACA,sBAAwB;AAAA,cAC1B;AAAA,cACA,UAAY,CAAC,YAAY;AAAA,cACzB,aAAe;AAAA,YACjB;AAAA,YACA,wBAA0B;AAAA,cACxB,MAAQ;AAAA,cACR,YAAc;AAAA,gBACZ,WAAa;AAAA,kBACX,MAAQ;AAAA,gBACV;AAAA,gBACA,sBAAwB;AAAA,cAC1B;AAAA,cACA,UAAY,CAAC,WAAW;AAAA,cACxB,aAAe;AAAA,YACjB;AAAA,YACA,2BAA6B;AAAA,cAC3B,MAAQ;AAAA,cACR,YAAc;AAAA,gBACZ,WAAa;AAAA,kBACX,MAAQ;AAAA,gBACV;AAAA,gBACA,SAAW;AAAA,kBACT,MAAQ;AAAA,gBACV;AAAA,gBACA,aAAe;AAAA,kBACb,MAAQ;AAAA,gBACV;AAAA,gBACA,sBAAwB;AAAA,cAC1B;AAAA,cACA,UAAY,CAAC,aAAa,WAAW,aAAa;AAAA,cAClD,aAAe;AAAA,YACjB;AAAA,YACA,WAAa;AAAA,cACX,MAAQ;AAAA,cACR,YAAc;AAAA,gBACZ,QAAU;AAAA,kBACR,MAAQ;AAAA,gBACV;AAAA,gBACA,sBAAwB;AAAA,cAC1B;AAAA,cACA,UAAY,CAAC,QAAQ;AAAA,cACrB,aAAe;AAAA,YACjB;AAAA,YACA,yCAA2C;AAAA,cACzC,MAAQ;AAAA,cACR,YAAc;AAAA,gBACZ,WAAa;AAAA,kBACX,MAAQ;AAAA,gBACV;AAAA,gBACA,SAAW;AAAA,kBACT,MAAQ;AAAA,gBACV;AAAA,gBACA,aAAe;AAAA,kBACb,MAAQ;AAAA,gBACV;AAAA,gBACA,sBAAwB;AAAA,cAC1B;AAAA,cACA,UAAY,CAAC,aAAa,WAAW,aAAa;AAAA,cAClD,aAAe;AAAA,YACjB;AAAA,YACA,gCAAkC;AAAA,cAChC,MAAQ;AAAA,cACR,YAAc;AAAA,gBACZ,KAAO;AAAA,kBACL,MAAQ;AAAA,gBACV;AAAA,gBACA,gBAAkB;AAAA,kBAChB,MAAQ;AAAA,kBACR,YAAc;AAAA,oBACZ,sBAAwB;AAAA,kBAC1B;AAAA,gBACF;AAAA,gBACA,cAAgB;AAAA,kBACd,MAAQ;AAAA,kBACR,YAAc;AAAA,oBACZ,sBAAwB;AAAA,kBAC1B;AAAA,gBACF;AAAA,gBACA,sBAAwB;AAAA,cAC1B;AAAA,cACA,UAAY,CAAC,OAAO,kBAAkB,cAAc;AAAA,cACpD,aAAe;AAAA,YACjB;AAAA,YACA,0CAA4C;AAAA,cAC1C,MAAQ;AAAA,cACR,YAAc;AAAA,gBACZ,WAAa;AAAA,kBACX,MAAQ;AAAA,gBACV;AAAA,gBACA,+BAAiC;AAAA,kBAC/B,MAAQ;AAAA,kBACR,YAAc;AAAA,oBACZ,sBAAwB;AAAA,kBAC1B;AAAA,gBACF;AAAA,gBACA,kBAAoB;AAAA,kBAClB,MAAQ;AAAA,kBACR,YAAc;AAAA,oBACZ,sBAAwB;AAAA,kBAC1B;AAAA,gBACF;AAAA,gBACA,sBAAwB;AAAA,cAC1B;AAAA,cACA,UAAY,CAAC,aAAa,+BAA+B;AAAA,cACzD,aAAe;AAAA,YACjB;AAAA,YACA,qBAAuB;AAAA,cACrB,MAAQ;AAAA,cACR,YAAc;AAAA,gBACZ,IAAM;AAAA,kBACJ,MAAQ;AAAA,gBACV;AAAA,gBACA,aAAe;AAAA,kBACb,MAAQ;AAAA,kBACR,OAAS;AAAA,oBACP,MAAQ;AAAA,kBACV;AAAA,gBACF;AAAA,gBACA,gBAAkB;AAAA,kBAChB,MAAQ;AAAA,kBACR,YAAc;AAAA,oBACZ,sBAAwB;AAAA,kBAC1B;AAAA,gBACF;AAAA,gBACA,sBAAwB;AAAA,cAC1B;AAAA,cACA,UAAY,CAAC,MAAM,gBAAgB;AAAA,cACnC,aAAe;AAAA,YACjB;AAAA,YACA,yCAA2C;AAAA,cACzC,MAAQ;AAAA,cACR,YAAc;AAAA,gBACZ,WAAa;AAAA,kBACX,MAAQ;AAAA,gBACV;AAAA,gBACA,gCAAkC;AAAA,kBAChC,MAAQ;AAAA,kBACR,YAAc;AAAA,oBACZ,sBAAwB;AAAA,kBAC1B;AAAA,gBACF;AAAA,gBACA,sBAAwB;AAAA,cAC1B;AAAA,cACA,UAAY,CAAC,aAAa,gCAAgC;AAAA,cAC1D,aAAe;AAAA,YACjB;AAAA,YACA,8BAAgC;AAAA,cAC9B,MAAQ;AAAA,cACR,YAAc;AAAA,gBACZ,SAAW;AAAA,kBACT,MAAQ;AAAA,kBACR,YAAc;AAAA,oBACZ,sBAAwB;AAAA,kBAC1B;AAAA,gBACF;AAAA,gBACA,yBAA2B;AAAA,kBACzB,MAAQ;AAAA,kBACR,YAAc;AAAA,oBACZ,sBAAwB;AAAA,kBAC1B;AAAA,gBACF;AAAA,gBACA,YAAc;AAAA,kBACZ,MAAQ;AAAA,kBACR,YAAc;AAAA,oBACZ,sBAAwB;AAAA,kBAC1B;AAAA,gBACF;AAAA,gBACA,sBAAwB;AAAA,cAC1B;AAAA,cACA,UAAY,CAAC,WAAW,YAAY;AAAA,cACpC,aAAe;AAAA,YACjB;AAAA,YACA,qCAAuC;AAAA,cACrC,MAAQ;AAAA,cACR,YAAc;AAAA,gBACZ,WAAa;AAAA,kBACX,MAAQ;AAAA,gBACV;AAAA,gBACA,+BAAiC;AAAA,kBAC/B,MAAQ;AAAA,kBACR,YAAc;AAAA,oBACZ,sBAAwB;AAAA,kBAC1B;AAAA,gBACF;AAAA,gBACA,gCAAkC;AAAA,kBAChC,MAAQ;AAAA,kBACR,YAAc;AAAA,oBACZ,sBAAwB;AAAA,kBAC1B;AAAA,gBACF;AAAA,gBACA,sBAAwB;AAAA,cAC1B;AAAA,cACA,UAAY,CAAC,aAAa,+BAA+B;AAAA,cACzD,aAAe;AAAA,YACjB;AAAA,UACF;AAAA,UACA,SAAW;AAAA,YACT,mBAAqB;AAAA,cACnB,aAAe;AAAA,cACf,WAAa;AAAA,gBACX,MAAQ;AAAA,cACV;AAAA,cACA,YAAc;AAAA,YAChB;AAAA,YACA,wBAA0B;AAAA,cACxB,aAAe;AAAA,cACf,WAAa;AAAA,gBACX,MAAQ;AAAA,cACV;AAAA,cACA,YAAc;AAAA,YAChB;AAAA,YACA,sBAAwB;AAAA,cACtB,aAAe;AAAA,cACf,WAAa;AAAA,gBACX,MAAQ;AAAA,cACV;AAAA,cACA,YAAc;AAAA,YAChB;AAAA,YACA,sBAAwB;AAAA,cACtB,aAAe;AAAA,cACf,WAAa;AAAA,gBACX,MAAQ;AAAA,cACV;AAAA,cACA,YAAc;AAAA,gBACZ,MAAQ;AAAA,cACV;AAAA,YACF;AAAA,YACA,oCAAsC;AAAA,cACpC,aAAe;AAAA,cACf,WAAa;AAAA,gBACX,MAAQ;AAAA,cACV;AAAA,cACA,YAAc;AAAA,gBACZ,MAAQ;AAAA,cACV;AAAA,YACF;AAAA,YACA,qCAAuC;AAAA,cACrC,aAAe;AAAA,cACf,WAAa;AAAA,gBACX,MAAQ;AAAA,cACV;AAAA,cACA,YAAc;AAAA,gBACZ,MAAQ;AAAA,cACV;AAAA,YACF;AAAA,YACA,oCAAsC;AAAA,cACpC,aAAe;AAAA,cACf,WAAa;AAAA,gBACX,MAAQ;AAAA,cACV;AAAA,cACA,YAAc;AAAA,gBACZ,MAAQ;AAAA,cACV;AAAA,YACF;AAAA,YACA,gCAAkC;AAAA,cAChC,aAAe;AAAA,cACf,WAAa;AAAA,gBACX,MAAQ;AAAA,cACV;AAAA,cACA,YAAc;AAAA,gBACZ,MAAQ;AAAA,cACV;AAAA,YACF;AAAA,UACF;AAAA,QACF;AAAA,MACF;AAAA,IACF;AAAA;AAAA;;;ACxUA;;;;;;;;;ACAA,IAAAC,wBAOO;AACP,IAAAC,sBAAiC;AACjC,IAAAC,oBAaO;;;ACtBP,2BAiBO;AACP,2BAAiF;AAEjF,yBAAqD;AACrD,IAAAC,sBAMO;AAGP,uBAA+F;AAM/F,oBAA6B;AAG7B,qBAA8B;AAEvB,SAASC,kBAAkBC,WAAqB;AACrD,MAAIC,MAAMC,QAAQF,UAAUG,iBAAiB,KAAKH,UAAUG,kBAAkBC,SAAS,GAAG;AACxF,WAAOJ,UAAUG,kBAAkB,CAAA;EACrC;AACA,SAAOE,sCAAiBC;AAC1B;AALgBP;AAOhB,SAASQ,8BAA8BC,oBAA4CC,SAAyB;AAC1G,SAAOD,mBAAmBE,6BACtBF,mBAAmBE,6BACnB,OAAOC,SAAAA;AACL,UAAMC,SAAS,MAAMH,QAAQI,MAAMC,mBAAmB;MACpDC,YAAYJ,KAAKI;MACjBC,qBAAqB;IACvB,CAAA;AACA,WAAO;MAAEC,UAAUL,OAAOA;IAAO;EACnC;AACN;AAVSL;AAYF,SAASW,oCACdC,QACAV,SAAyB;AAEzB,iBAAeW,iCACbT,MACAU,wBAA+C;AAE/C,QAAIC,kCAAiBC,eAAeZ,IAAAA,GAAO;AACzC,YAAMC,UAAyC,MAAMH,QAAQI,MAAMW,wBAAwB;QACzFC,cAAcd;QACde,IAAI;MACN,CAAA;AAEA,aAAO;QAAET,UAAU,CAAC,CAACL,QAAOe;MAAQ;IACtC;AAEA,QAAIL,kCAAiBM,uBAAuBjB,IAAAA,GAAO;AAEjD,UAAIF,QAAQI,MAAMgB,uBAAuBC,QAAW;AAClD,eAAOC,QAAQC,OAAO,gEAAA;MACxB;AACA,UAAIX,2BAA2BS,UAAaT,2BAA2B,MAAM;AAC3E,cAAMY,eAAe,MAAMxB,QAAQI,MAAMgB,mBAAmB;UAC1DK,UAAUvB;UACVwB,yBAAyBd;QAC3B,CAAA;AACA,eAAO;UAAEJ,UAAU,CAACgB,aAAaG;QAAM;MACzC;AACA,YAAMC,MAAM,mEAAmE;IACjF;AAEA,UAAMzB,SAAS,MAAMH,QAAQI,MAAMyB,mBAAmB;MACpDb,cAAcd;MACdK,qBAAqB;MACrBuB,SAAS,MAAM9B,QAAQI,MAAM2B,qBAAqBrB,MAAAA,GAASsB,KAAKC,MAAM,GAAA,EAAK,CAAA;IAC7E,CAAA;AACA,WAAO;MAAEzB,UAAUL,OAAOK;IAAS;EACrC;AAlCeG;AAoCf,SAAOA;AACT;AAzCgBF;AA2ChB,eAAsByB,gBAAgBhC,MAMrC;AACC,QAAM,EAAEiC,QAAQC,SAASpC,QAAO,IAAKE;AACrC,QAAM,EAAEmC,eAAc,IAAKF;AAC3B,MAAIG,aAAkDpC,KAAKoC;AAC3D,MAAIC,YAAmCrC,KAAKsC;AAE5C,MAAI,CAACF,cAAcF,WAAWA,QAAQK,SAAS;AAC7C,UAAMC,8BAA8B,MAAM1C,QAAQI,MAAMuC,kBAAkB;MACxEC,QAAQ;QACN;UACEC,cAAcT,QAAQK;UACtBK,SAASV,QAAQU;UACjBC,UAAUX,QAAQW;QACpB;;IAEJ,CAAA;AAEA,QAAIL,4BAA4B/C,SAAS,GAAG;AAC1C,YAAMqD,6BAA6BN,4BAA4B,CAAA;AAC/DJ,mBAAaU,2BAA2BC;AACxC,UAAI,CAACV,aAAaS,2BAA2BE,aAAa;AACxDX,oBAAYS,2BAA2BE;MACzC;IACF;EACF;AAEA,QAAMC,aAAad,eAAee,uBAAwB,UAAMC,uCAAmBrD,OAAAA;AACnF,QAAMsD,eAAenB,OAAOmB,gBAAgB,IAAIC,2BAAAA;AAEhD,QAAMC,wBAA4C;;;IAGhDC,kCAAkC;MAACC,iCAAYC;MAAOD,iCAAYE;MAAOF,iCAAYG;;IACrFC,wCAAwC;MAACJ,iCAAYC;MAAOD,iCAAYE;MAAOF,iCAAYG;;IAC3FE,wBAAwB;MAACC,kCAAaC;;IACtCC,aAAa;IACbC,oBAAoB;MAClBC,QAAQ;QAAEC,KAAK;UAAC;UAAS;;MAAU;MACnCC,QAAQ;QAAED,KAAK;UAAC;UAAU;;MAAS;IACrC;IACAE,iBAAiB;MAACC,2BAAMC;;IACxBC,uBAAuB;MAACC,iCAAYC;;IACpCC,gCAAgC1B,WAAW2B,IAAI,CAACC,WAAW,OAAOA,MAAAA,EAAQ;IAC1EC,QAAQC,4BAAOC;EACjB;AAEA,QAAMC,WACJhD,OAAOE,eAAe+C,aAAaD,gBACnCE,qCAAiBrF,SAAS;IACxBsF,oBAAoB;IACpBC,iBAAiB;IACjBC,uBAAuBrD,OAAOE,eAAe+C,aAAaK,gCAAgC;EAC5F,CAAA;AAEF,MAAIC,SAA6BvD,OAAOwD,gBAAgBD;AACxD,MAAI,CAACvD,OAAOwD,gBAAgBD,UAAU,OAAOvD,OAAOwD,gBAAgBD,WAAW,YAAY;AACzFA,aAASE;EACX;AAEA,QAAMC,UAAUC,wBAAGD,QAAQ;IAAEE,gBAAgBzG,kBAAkB6C,MAAAA;EAAQ,CAAA,EACpE6D,UAAU,UAAUC,oCAAeC,cAAc,EACjDC,iBAAiBhE,OAAOiE,gBAAgBC,kCAAaC,IAAI,EACzDC,iBAAiBvC,kCAAawC,UAAUP,oCAAeC,cAAc,EAErEO,sBACCtE,OAAOzC,qBAAqB;IAACE,sCAAiBC;IAAgCD,sCAAiB8G;IAAY9G,sCAAiB+G;GAAW,EAGxIC,iBAAiBtD,YAAAA,EACjBuD,mBAAmB1E,OAAO2E,kBAAkB,IAAIC,8CAAyBzD,YAAAA,CAAAA,EACzE0D,mBAAmB7E,OAAO8E,sBAAsBzD,uBAAuByC,oCAAeC,cAAc,EACpGgB,sBACC/E,OAAOgF,oBACHhF,OAAOgF,oBACPC,qBACE;IACEjC;IACAkC,YAAY;MACVpH,4BAA4BH,8BAA8BqC,OAAOE,gBAAgBrC,OAAAA;MACjFsH,mBAAmB;IACrB;EACF,GACAtH,OAAAA,CAAAA,EAGPuH,2BAA2BC,4CAAuBC,KAAK,EACvDC,6BAA6BjH,oCAAoC4B,eAAe3B,QAAQV,OAAAA,CAAAA;AAE3F,QAAM2H,WAAWtF,eAAesF;AAChC,MAAIA,gBAAYC,0DAAqCD,QAAAA,GAAW;AAC9D9B,YAAQgC,aAAaF,SAASG,YAAY7B,oCAAeC,cAAc,EAAE6B,mBAAmB,aAAa9B,oCAAeC,cAAc;EACxI,OAAO;AACL,UAAM8B,aAAa,MAAMhI,QAAQI,MAAM2B,qBAAqBM,eAAe3B,MAAM;AACjFmF,YACGoC,aACCD,WAAWE,eAAWC,kDAA6BH,UAAAA,IAAcA,WAAWI,MAAMJ,WAAWK,gBAC7FpC,oCAAeC,cAAc,EAE9B6B,mBACEC,WAAWM,kBAAsCjG,eAAe3B,OAAO4H,gBACxErC,oCAAeC,cAAc;EAEnC;AAEA,MAAIR,QAAQ;AACVG,YAAQ0C,WAAW7C,MAAAA;EACrB;AASA,MAAIpD,YAAY;AACduD,YAAQ2C,2BAA2B;MAAElG;IAAW,GAAG2D,oCAAeC,cAAc;EAClF;AACA,MAAI3D,WAAW;AACbsD,YAAQ4C,cAAclG,SAAAA;EACxB;AAEA,MAAIJ,OAAOuG,qBAAqB;AAC9B7C,YAAQ8C,wBAAwBxG,OAAOuG,mBAAmB;EAC5D;AAgBA,QAAME,oBAAoBC,aAAa1G,OAAOE,eAAe3B,QAAQV,OAAAA;AACrE6F,UAAQiD,sBAAsBF,iBAAAA;AAC9B,SAAO/C;AACT;AArJsB3D;AAuJf,SAAS2G,aACdnI,QACAV,SAAyB;AAEzB,SAAO,OAAO+I,WAAsBC,KAAiDhH,QAAAA;AACnF,QAAI,MAAEiH,gDAA2BvI,MAAAA,SAAWwI,gDAA2BxI,MAAAA,IAAU;AAC/E,aAAOY,QAAQC,OAAOK,MAAM,qBAAqBmH,UAAUhE,MAAM,oBAAoB,CAAA;IACvF;AACA,UAAM5E,SAA2B,MAAMH,QAAQI,MAAM+I,6BAA6B;;;MAGhFjB,QAAQ;QAAEJ,YAAYpH,OAAOoH;QAAYsB,WAAW1I,OAAO0I;QAAWC,sBAAsB;MAAM;;;MAGlGC,iBAAiBN,IAAIO;MACrBrI,SAAS8H,IAAI9H;IACf,CAAA;AACA,WAAOf,OAAO6I;EAChB;AACF;AAnBgBH;AAqBhB,SAASzB,qBACPoC,OAOAxJ,SAAyB;AAEzB,SAAO,OAAOyJ,cAAcT,QAAAA;AAC1B,UAAM7I,SAAS,MAAMH,QAAQI,MAAMsJ,sBAAsB;MAAEC,KAAKX,IAAIY;IAAI,CAAA;AACxEC,YAAQC,IAAI3J,OAAO4J,OAAO;AAC1B,WAAO,CAAC5J,OAAOwB;EACjB;AACF;AAfSyF;AAqBF,SAAS4C,eAAeC,MAAc;AAC3C,UAAQA,MAAAA;IACN,KAAK;AACH,aAAOC,iCAAYC;IACrB,KAAK;AACH,aAAOD,iCAAYE;IACrB,KAAK;AACH,aAAOF,iCAAYG;;IAErB,KAAK;AACH,aAAOH,iCAAYI;IACrB;AACE,YAAMC,MAAM,4BAAA;EAChB;AACF;AAdgBP;;;ACpShB,kBAA6B;AAE7B,IAAAQ,sBAIO;AAEA,IAAMC,aAAN,MAAMA;EATb,OASaA;;;EACHC;EACSC;EACAC;EAEjB,YAAmB,EAAEC,QAAQC,QAAO,GAAmD;AACrF,SAAKF,aAAaC;AAClB,SAAKF,cAAcG;EACrB;EAEA,MAAaC,IAAIC,SAAwC;AACvD,QAAI,CAAC,KAAKN,KAAK;AACb,YAAMO,UAAU,MAAMC,gBAAgB;QACpCL,QAAQ,KAAKD;QACbE,SAAS,KAAKH;QACdK;MACF,CAAA;AACA,WAAKN,MAAMO,QAAQE,MAAK;IAC1B;AACA,WAAO,KAAKT;EACd;EAEA,IAAIU,YAAY;AACd,WAAO,KAAKR;EACd;EAEA,IAAIS,aAAa;AACf,WAAO,KAAKV;EACd;EAEOW,gBAAyB;AAC9B,WAAO,KAAKC,iBAAiBC;EAC/B;EAEA,IAAID,eAAmC;AACrC,WAAO,KAAKF,YAAYI;EAC1B;EAEA,MAAaC,0BAA0BV,SAAyE;AAC9G,WAAO,KAAKO,eACR,MAAMP,QAAQW,MAAMC,sBAAsB;MACxCL,cAAc,KAAKA;MACnBM,UAAU,KAAKR,YAAYQ;IAC7B,CAAA,IACAL;EACN;EAEA,MAAaM,8BAA8BC,YAAqDf,SAAyC;AACvI,UAAM,EAAEgB,eAAeC,QAAQC,uBAAuBC,aAAaC,gBAAe,IAAKL;AACvF,UAAMM,QAAQN,WAAWM,aAASC,YAAAA,IAAAA;AAClC,UAAMC,QAAQR,WAAWQ,SAASP;AAClC,QAAIQ;AACJ,UAAMC,SAAS,KAAKrB,UAAUsB,eAAeD;AAC7C,UAAME,aAAa,UAAMC,mDAA8BH,QAAQzB,OAAAA;AAC/D,YAAI6B,kDAA6BF,UAAAA,GAAa;AAC5CH,kBAAY;QAAEM,QAAQH,WAAWI;QAAKC,QAAQ;QAAOC,KAAKC,eAAeP,WAAWQ,IAAIC,IAAI;MAAE;IAChG,eAAWC,kDAA6BV,UAAAA,GAAa;AACnD,UAAI,CAACA,WAAWW,QAAQ;AACtB,eAAOC,QAAQC,OAAO,0BAAA;MACxB;AACAhB,kBAAY;QACVc,QAAQX,WAAWW;QACnBG,KAAKd,WAAWc;QAChBT,QAAQ;QACRC,KAAKC,eAAeP,WAAWQ,IAAIC,IAAI;MACzC;IACF,OAAO;AACL,aAAOG,QAAQC,OAAOE,MAAM,qBAAqBf,WAAWK,MAAM,oBAAoB,CAAA;IACxF;AAEA,WAAO,MAAM,KAAKjC,IAAIC,OAAAA,EAAS2C,KAAK,CAACC,OACnCA,GAAG9B,8BAA8B;MAC/B+B,SAASC,kBAAkB,KAAK1C,SAAS;MACzCY;MACAK;MACAE;MACAN;MACAC;MACAC;MACAC;MACAI;IACF,CAAA,CAAA;EAEJ;EAEA,MAAauB,2BACXhC,YACAf,SAC+B;AAC/B,UAAM,EAAEgB,eAAeC,QAAQC,uBAAuBC,aAAaC,gBAAe,IAAKL;AACvF,UAAMM,QAAQN,WAAWM,aAASC,YAAAA,IAAAA;AAClC,UAAMC,QAAQR,WAAWQ,SAASP;AAClC,UAAMS,SAAS,KAAKrB,UAAUsB,eAAeD;AAC7C,UAAME,aAAa,UAAMC,mDAA8BH,QAAQzB,OAAAA;AAE/D,QAAIwB;AACJ,YAAIa,kDAA6BV,UAAAA,KAAeA,WAAWW,QAAQ;AACjEd,kBAAY;QACVQ,QAAQL,WAAWK;QACnBC,KAAKC,eAAeP,WAAWQ,IAAIC,IAAI;QACvCK,KAAKd,WAAWc;QAChBH,QAAQX,WAAWW;MACrB;IACF,eAAWT,kDAA6BF,UAAAA,GAAa;AACnDH,kBAAY;QACVQ,QAAQL,WAAWK;QACnBC,KAAKC,eAAeP,WAAWQ,IAAIC,IAAI;QACvCN,QAAQH,WAAWqB;MACrB;IACF,OAAO;AACL,aAAOT,QAAQC,OAAOE,MAAM,qCAAA,CAAA;IAC9B;AAEA,WAAO,MAAM,KAAK3C,IAAIC,OAAAA,EAAS2C,KAAK,CAACC,OACnCA,GAAGG,2BAA2B;MAC5BF,SAASC,kBAAkB,KAAK1C,SAAS;MACzCY;MACAK;MACAE;MACAN;MACAC;MACAE;MACAD;MACAK;IACF,CAAA,CAAA;EAEJ;AACF;;;AF9FA,IAAAyB,kBAA2C;AAGpC,IAAMC,WAAN,MAAMA,UAAAA;EAhDb,OAgDaA;;;EACMC;EACjB,OAAwBC,oBAAoB;EAC3BC,YAAqC,oBAAIC,IAAAA;EACjDC,SAASA,OAAOC;EAEhBC,UAAqB;IAC5BC,0BAA0B,KAAKC,8BAA8BC,KAAK,IAAI;IACtEC,+BAA+B,KAAKC,mCAAmCF,KAAK,IAAI;IAChFG,yBAAyB,KAAKC,oBAAoBJ,KAAK,IAAI;IAC3DK,0BAA0B,KAAKC,qBAAqBN,KAAK,IAAI;IAC7DO,4BAA4B,KAAKC,uBAAuBR,KAAK,IAAI;IACjES,qBAAqB,KAAKC,gBAAgBV,KAAK,IAAI;IACnDW,wBAAwB,KAAKA,uBAAuBX,KAAK,IAAI;IAC7DY,uBAAuB,KAAKA,sBAAsBZ,KAAK,IAAI;IAC3Da,oBAAoB,KAAKA,mBAAmBb,KAAK,IAAI;EACvD;EAEA,YAAYT,MAAqB;AAC/B,SAAKA,OAAOA;EACd;EAEOuB,eAAeC,eAA+BC,SAA2B;AAE9E,SAAKzB,KAAK0B,cAAcF;AAExB,QACE,CAAC,KAAKxB,KAAK0B,YAAYC,eAAeC,aAAaC,YACnD,OAAO,KAAK7B,KAAK0B,YAAYC,eAAeC,YAAYC,SAASC,YAAY,YAC7E;AACA,WAAK9B,KAAK0B,YAAYC,eAAeC,cAAc;QACjD,GAAG,KAAK5B,KAAK0B,YAAYC,eAAeC;QACxCC,cAAUE,sCAAiBN,SAAS;UAAEO,uBAAuB;UAAMC,oBAAoB;UAAMC,iBAAiB;QAAK,CAAA;MACrH;IACF;EACF;EAEA,MAAc1B,8BAA8B2B,YAAoCV,SAA4C;AAC1H,WAAO,MAAM,KAAKW,cAAc;MAAEC,qBAAqBF,WAAWE;MAAqB,GAAIF,WAAWG,uBAAuB,QAAQ;QAAEC,SAASJ,WAAWI;MAAQ;IAAI,GAAGd,OAAAA,EACvKe,KAAK,CAACC,OAAOA,GAAGjC,8BAA8B2B,YAAYV,OAAAA,CAAAA,EAC1De,KAAK,CAACE,QAAQA,IAAIC,UAAU;EACjC;EAEA,MAAchC,mCACZwB,YACAV,SACwC;AACxC,WAAO,MAAM,KAAKW,cAAc;MAAEG,SAASJ,WAAWI;IAAQ,GAAGd,OAAAA,EAC9De,KAAK,CAACC,OAAOA,GAAGG,2BAA2BT,YAAYV,OAAAA,CAAAA,EACvDe,KAAK,OAAOK,YAAAA;AACX,YAAMC,cAA6C;QACjDC,sBAAsBF,QAAQG;QAC9BC,eAAe,MAAMJ,QAAQK,iBAAgB;QAC7CC,sBAAsBN,QAAQI,eAAeG,WAAAA;MAC/C;AACA,aAAON;IACT,CAAA;EACJ;EAEA,MAAcjC,oBAAoBwC,MAAgC5B,SAA2E;AAC3I,WAAO,MAAM,KAAKW,cAAc;MAAEG,SAASc,KAAKd;IAAQ,GAAGd,OAAAA,EAASe,KAAK,CAACC,OACxEA,GAAGa,IAAI7B,OAAAA,EAASe,KAAK,CAACC,QACpBA,IAAGc,eAAeC,+BAA+BH,KAAKI,eAAeJ,KAAKK,eAAe,CAAA,CAAA;EAG/F;EAEA,MAAc3C,qBACZsC,MACA5B,SACiE;AACjE,UAAMkC,aAAyB,MAAM,KAAKvB,cAAc;MAAEG,SAASc,KAAKd;IAAQ,GAAGd,OAAAA;AACnF,UAAMmC,6BAAqE,MAAMD,WAC9EL,IAAI7B,OAAAA,EACJe,KAAK,CAACC,OAAOA,GAAGc,eAAeM,gCAAgCR,KAAKI,eAAeJ,KAAKK,eAAe,CAAA;AAC1G,QAAIE,+BAA+BE,QAAW;AAC5C,aAAOA;IACT;AAEA,UAAMC,gBAAgBH;AACtB,QACEG,cAAcC,WAAWC,uDAAiCC,YAC1Db,KAAKc,uBACLd,KAAKc,wBAAwBC,iBAAiBC,MAC9C;AACA,UAAIC;AACJ,UACEC,mCAAiBC,eAAeT,cAAcU,SAASzB,QAAQ0B,QAAQ,MACtE,CAACf,WAAWgB,UAAUC,gBAAgBN,UAAU,OAAOX,WAAWgB,UAAUC,gBAAgBN,WAAW,aACxG;AACAA,iBAASO,gBAAAA;MACX;AAEA,YAAMC,sBAAsBP,mCAAiBQ;QAC3ChB,cAAcU,SAASzB,QAAQ0B;;QAE/BJ;MAAAA;AAEF,cAAQjB,KAAKc,qBAAmB;QAC9B,KAAKC,iBAAiBY;AACpBjB,wBAAcU,SAASzB,QAAQiC,eAAe,KAAKC,yBAAyBJ,mBAAAA;AAC5E;QACF,KAAKV,iBAAiBe;AACpB,gBAAMC,YAA8B,CAAC;AACrC,qBAAWC,cAAc,KAAKH,yBAAyBJ,mBAAAA,EAAqBQ,wBAAwB,CAAA,GAAI;AACtG,kBAAMC,KAAKF;AACX,kBAAMG,yBAAyB,MAAM/D,QAAQgE,MAAMC,eAAe;cAChEL;cACAf;cACAqB,kBAAkBhC,WAAWgB,UAAUiB,sBAAsBC;YAC/D,CAAA;AACA,gBAAI,CAACL,uBAAuBM,QAAQ;AAClC/B,4BAAcC,SAASC,uDAAiC8B;AACxDhC,4BAAciC,QAAQ,IAAIC,MAAMT,uBAAuBQ,KAAK;AAC5D,qBAAOjC;YACT;AAEA,kBAAMmC,oBAAoBX,GAAGW;AAC7B,gBAAI,EAAE,QAAQd,YAAY;AACxBA,wBAAU,IAAA,IAAQc,kBAAkBC;YACtC;AAEAC,mBAAOC,QAAQH,iBAAAA,EAAmBI,QAAQ,CAAC,CAACC,KAAKC,KAAAA,MAAM;AACrD,kBAAI,EAAED,OAAOnB,YAAY;AACvBA,0BAAUmB,GAAAA,IAAOC;cACnB;YACF,CAAA;UACF;AACAzC,wBAAckB,eAAeG;AAC7B;MACJ;IACF;AACA,WAAOrB;EACT;EAEQmB,2BAA2B,wBACjCJ,wBAOAP,mCAAiBkC,yBAAyB3B,mBAAAA,IACtCA,oBAAoB4B,iBACpBnC,mCAAiBoC,sBAAsB7B,mBAAAA,GAVV;EAYnC,MAAc7D,uBAAuBoC,MAA+B5B,SAA+D;AACjI,QAAI4B,KAAKuD,UAAU,iCAAiC;AAClD,YAAMX,MAAM,wFAAwF;IACtG;AACA,WAAO,MAAM,KAAK7D,cAAc;MAAEG,SAASc,KAAKd;IAAQ,GAAGd,OAAAA,EAExDe,KAAK,CAACC,OACLA,GAAGa,IAAI7B,OAAAA,EAASe,KAAK,OAAOC,QAAAA;AAC1B,YAAMA,IAAGoE,2BAA2B;QAClCpD,eAAeJ,KAAKI;QACpBuC,OAAO3C,KAAK2C,QAAQ,IAAIC,MAAM5C,KAAK2C,KAAK,IAAIlC;MAC9C,CAAA;AACA,aAAQ,MAAMrB,IAAGc,eAAeC,+BAA+BH,KAAKI,eAAe,IAAA;IACrF,CAAA,CAAA;EAEN;EAEA,MAActC,gBAAgBkC,MAAiC5B,SAA6C;AAC1G,WAAO,MAAM,KAAKW,cAAc;MAAEG,SAASc,KAAKd;IAAQ,GAAGd,OAAAA,EACxDe,KAAK,CAACC,OAAOA,GAAGa,IAAI7B,OAAAA,EAASe,KAAK,CAACC,QAAOA,IAAGc,eAAeuD,4BAA4BzD,KAAKI,aAAa,CAAA,CAAA,EAC1GjB,KAAK,MAAM,IAAA;EAChB;EAEA,MAAcpB,uBAAuBiC,MAAoC5B,SAAmE;AAC1I,QAAI,CAAC4B,KAAK0D,uBAAuB;AAC/B,YAAMd,MAAM,2CAAA;IACd;AACA,UAAMe,eACJ,OAAO3D,KAAK0D,0BAA0B,eACjCE,uCAAgB5D,KAAK0D,qBAAqB,IAC3C1D,KAAK0D;AACX,WAAO,MAAM,KAAK3E,cAAc;MAAEG,SAASc,KAAKd;IAAQ,GAAGd,OAAAA,EAASe,KAAK,CAACC,OACxEA,GAAGa,IAAI7B,OAAAA,EAASe,KAAK,CAACC,QACpBA,IAAGyE,4BAA4BF,cAAc;MAC3CvD,eAAeJ,KAAKI;MACpB,GAAIJ,KAAK8D,2BAA2B,CAAC9D,KAAK+D,YAAY;QAAED,yBAAyB9D,KAAK8D;MAAwB,IAAI,CAAC;MACnH,GAAI9D,KAAK+D,YAAY;QAAEA,WAAW/D,KAAK+D;MAAuB,IAAI,CAAC;MACnEC,UAAUhE,KAAKgE;IACjB,CAAA,CAAA,CAAA;EAGN;EAEA,MAAchG,sBAAsBgC,MAA6B5B,SAA0C;AACzG,UAAM,EAAE6F,SAASC,UAAUC,SAASC,mBAAkB,IAAKpE;AAC3D,UAAMqE,QAAQC,IACZL,QAAQM,IAAI,OAAOC,mBAAAA;AACjB,YAAMC,oBAAoBD,eAAeC;AACzC,YAAMrG,QAAQgE,MAAMsC,sBAAsB;QAAEC,YAAYF;MAAkB,CAAA;AAE1EG,cAAQC,IAAI,yBAAyBJ,kBAAkB3B,EAAE,MAAM2B,kBAAkBK,IAAI,4BAA4BV,kBAAAA,EAAoB;AACrI,aAAOhG,QAAQgE,MAAM2C,qBAAqB;QACxCC,gBAAgB;UACdd;UACAC;UACAM;UACAQ,aAAaT,eAAeS;QAC9B;QACAtI,MAAM;UAAEyH;QAAuC;MACjD,CAAA;IACF,CAAA,CAAA;EAEJ;EAEA,MAAcnG,mBAAmB+B,MAA2B5B,SAAwD;AAClH,UAAM8G,aAAalF,KAAKd,WAAWxC,UAASE;AAC5C,QAAI,KAAKC,UAAUsI,IAAID,UAAAA,GAAa;AAClC,YAAM5E,aAAa,KAAKzD,UAAUoD,IAAIiF,UAAAA;AACtC,UAAI5E,eAAeG,QAAW;AAC5B,cAAMrB,KAAK,MAAMkB,WAAWL,IAAI7B,OAAAA;AAChC,eAAOgB,GAAGgG,uBAAuB;UAC/BC,gBAAgBrF,KAAKI;UACrBA,eAAeJ,KAAKI;UACpB,GAAIJ,KAAKuD,SAAS;YAAEA,OAAOvD,KAAKuD;UAAM;QACxC,CAAA;MACF;IACF;AACA,WAAO9C;EACT;EAEA,MAAM1B,cAAc,EAAEG,SAASF,oBAAmB,GAAyBZ,SAAgD;AACzH,UAAM8G,aAAahG,WAAWxC,UAASE;AACvC,QAAI,CAAC,KAAKC,UAAUsI,IAAID,UAAAA,GAAa;AACnC,YAAMI,eAAe,KAAKC,gBAAgBrG,OAAAA;AAC1C,YAAMsG,SAAS,MAAM,KAAKC,aAAarH,SAAS;QAAEc;QAASF;MAAyC,CAAA;AACpG,UAAI,CAACwG,OAAOlH,eAAeC,aAAaC,YAAY,OAAOgH,OAAOlH,eAAeC,YAAYC,SAASC,YAAY,YAAY;AAC5H,YAAI,CAAC+G,OAAOlH,gBAAgBC,aAAa;AACvCiH,iBAAOlH,iBAAiB;YAAE,GAAGkH,OAAOlH;UAAe;AACnDkH,iBAAOlH,eAAeC,cAAc;YAAE,GAAGiH,OAAOlH,eAAeC;UAAY;QAC7E;AACAqG,gBAAQC,IAAI,iEAAiE3F,OAAAA;AAC7EsG,eAAOlH,eAAeC,YAAYC,eAAWE,sCAAiBN,SAAS;UACrEO,uBAAuB;UACvBE,iBAAiB;UACjBD,oBAAoB;QACtB,CAAA;MACF;AACA,WAAK/B,UAAU6I,IAAIR,YAAY,IAAIS,WAAW;QAAEH;QAAQI,SAASN;MAAa,CAAA,CAAA;IAChF;AACA,UAAMhF,aAAa,KAAKzD,UAAUoD,IAAIiF,UAAAA;AACtC,QAAIlG,qBAAqB;AACvBsB,iBAAWgB,UAAUuE,sBAAsB7G;IAC7C;AACA,WAAOsB;EACT;EAEA,MAAMmF,aAAarH,SAA2BzB,MAA+E;AAC3H,UAAM,EAAEuC,SAASF,oBAAwC,IAAKrC;AAC9D,UAAMmJ,UAAU,KAAKP,gBAAgBrG,OAAAA,GAAUsG,UAAU,KAAK7I,KAAK0B;AACnE,QAAI,CAACyH,SAAS;AACZ,YAAMlD,MAAM,6DAA6D1D,OAAAA,EAAS;IACpF;AACA,QAAI,KAAKvC,KAAK0B,aAAa;AACzB,UAAI,CAACyH,QAAQxH,gBAAgB;AAC3BwH,gBAAQxH,iBAAiB,KAAK3B,KAAK0B,aAAaC;MAClD,OAAO;AACL,YAAI,CAACwH,QAAQxH,eAAeyH,QAAQ;AAClCD,kBAAQxH,eAAeyH,SAAS,KAAKpJ,KAAK0B,YAAYC,eAAeyH;QACvE;AACA,YAAI,CAACD,QAAQxH,eAAe0H,qBAAqB;AAC/CF,kBAAQxH,eAAe0H,sBAAsB,KAAKrJ,KAAK0B,YAAYC,eAAe0H;QACpF;AACA,YAAI,CAACF,QAAQG,mBAAmB;AAC9BH,kBAAQG,oBAAoB,KAAKtJ,KAAK0B,YAAY4H;QACpD;MACF;AACA,UAAI,CAACH,QAAQxH,eAAeC,eAAe,OAAOuH,QAAQxH,eAAeC,YAAYC,UAAUC,YAAY,YAAY;AACrHqH,gBAAQxH,eAAeC,cAAc;UACnC,GAAG,KAAK5B,KAAK0B,YAAYC,eAAeC;UACxCC,UACE,KAAK7B,KAAK0B,YAAYC,gBAAgBC,aAAaC,gBACnDE,sCAAiBN,SAAS;YAAES,iBAAiB;YAAMD,oBAAoB;YAAMD,uBAAuB;UAAK,CAAA;QAC7G;MACF;IACF;AACA,QAAIK,wBAAwByB,UAAazB,wBAAwB8G,QAAQD,qBAAqB;AAC5FC,cAAQD,sBAAsB7G;IAChC;AACA,WAAO8G;EACT;EAEAP,gBAAgBW,cAAwD;AACtE,QAAI,CAAC,KAAKvJ,KAAK2I,aAAc,QAAO7E;AAEpC,UAAM0F,cAAcD,eAAe,KAAKvJ,KAAK2I,aAAac,KAAK,CAACC,MAAMA,EAAEnH,YAAYgH,YAAAA,IAAgBzF;AAEpG,WAAO0F,eAAe,KAAKG,kBAAkBJ,YAAAA;EAC/C;EAEQI,kBAAkBJ,cAAkC;AAC1D,QAAI,CAAC,KAAKvJ,KAAK2I,aAAc,QAAO7E;AAEpC,UAAM8F,iBAAiB,KAAK5J,KAAK2I,aAAac,KAAK,CAACC,MAAMA,EAAEnH,YAAY,SAAA;AACxE,QAAIqH,gBAAgB;AAClB,YAAMC,gBAAgB;QAAE,GAAGD;MAAe;AAC1C,UAAIL,iBAAiBzF,QAAW;AAC9B+F,sBAActH,UAAUgH;MAC1B;AACA,aAAOM;IACT;AAEA,WAAO/F;EACT;AACF;;;AGhUO,IAAKgG,mBAAAA,0BAAAA,mBAAAA;;;;SAAAA;;;;AJnCZ,IAAMC,SAASC;","names":["module","import_did_auth_siop","import_ssi_sdk_ext","import_ssi_types","import_ssi_sdk_ext","getRequestVersion","rpOptions","Array","isArray","supportedVersions","length","SupportedVersion","JWT_VC_PRESENTATION_PROFILE_v1","getWellKnownDIDVerifyCallback","siopIdentifierOpts","context","wellknownDIDVerifyCallback","args","result","agent","cvVerifyCredential","credential","fetchRemoteContexts","verified","getPresentationVerificationCallback","idOpts","presentationVerificationCallback","presentationSubmission","CredentialMapper","isSdJwtEncoded","verifySdJwtPresentation","presentation","kb","payload","isMsoMdocOid4VPEncoded","mdocOid4vpRPVerify","undefined","Promise","reject","verifyResult","vp_token","presentation_submission","error","Error","verifyPresentation","domain","identifierManagedGet","kid","split","createRPBuilder","rpOpts","pexOpts","identifierOpts","definition","dcqlQuery","dcql","queryId","presentationDefinitionItems","pdmGetDefinitions","filter","definitionId","version","tenantId","presentationDefinitionItem","definitionPayload","dcqlPayload","didMethods","supportedDIDMethods","getAgentDIDMethods","eventEmitter","EventEmitter","defaultClientMetadata","idTokenSigningAlgValuesSupported","SigningAlgo","EDDSA","ES256","ES256K","requestObjectSigningAlgValuesSupported","responseTypesSupported","ResponseType","ID_TOKEN","client_name","vpFormatsSupported","jwt_vc","alg","jwt_vp","scopesSupported","Scope","OPENID_DIDAUTHN","subjectTypesSupported","SubjectType","PAIRWISE","subject_syntax_types_supported","map","method","passBy","PassBy","VALUE","resolver","resolveOpts","getAgentResolver","resolverResolution","localResolution","uniresolverResolution","noUniversalResolverFallback","hasher","credentialOpts","defaultHasher","builder","RP","requestVersion","withScope","PropertyTarget","REQUEST_OBJECT","withResponseMode","responseMode","ResponseMode","POST","withResponseType","VP_TOKEN","withSupportedVersions","SIOPv2_ID1","SIOPv2_D11","withEventEmitter","withSessionManager","sessionManager","InMemoryRPSessionManager","withClientMetadata","clientMetadataOpts","withVerifyJwtCallback","verifyJwtCallback","getVerifyJwtCallback","verifyOpts","checkLinkedDomain","withRevocationVerification","RevocationVerification","NEVER","withPresentationVerification","oidfOpts","isExternalIdentifierOIDFEntityIdOpts","withEntityId","identifier","withClientIdScheme","resolution","withClientId","issuer","isManagedIdentifierDidResult","did","jwkThumbprint","clientIdScheme","withHasher","withPresentationDefinition","withDcqlQuery","responseRedirectUri","withResponseRedirectUri","createJwtCallback","signCallback","withCreateJwtCallback","jwtIssuer","jwt","isManagedIdentifierDidOpts","isManagedIdentifierX5cOpts","jwtCreateJwsCompactSignature","kmsKeyRef","noIdentifierInHeader","protectedHeader","header","_opts","_jwtVerifier","jwtVerifyJwsSignature","jws","raw","console","log","message","getSigningAlgo","type","SigningAlgo","EDDSA","ES256K","ES256","RS256","Error","import_ssi_sdk_ext","RPInstance","_rp","_pexOptions","_rpOptions","rpOpts","pexOpts","get","context","builder","createRPBuilder","build","rpOptions","pexOptions","hasDefinition","definitionId","undefined","queryId","getPresentationDefinition","agent","pexStoreGetDefinition","tenantId","createAuthorizationRequestURI","createArgs","correlationId","claims","requestByReferenceURI","responseURI","responseURIType","nonce","uuidv4","state","jwtIssuer","idOpts","identifierOpts","resolution","ensureManagedIdentifierResult","isManagedIdentifierDidResult","didUrl","kid","method","alg","getSigningAlgo","key","type","isManagedIdentifierX5cResult","issuer","Promise","reject","x5c","Error","then","rp","version","getRequestVersion","createAuthorizationRequest","did","import_ssi_sdk","SIOPv2RP","opts","_DEFAULT_OPTS_KEY","instances","Map","schema","IDidAuthSiopOpAuthenticator","methods","siopCreateAuthRequestURI","createAuthorizationRequestURI","bind","siopCreateAuthRequestPayloads","createAuthorizationRequestPayloads","siopGetAuthRequestState","siopGetRequestState","siopGetAuthResponseState","siopGetResponseState","siopUpdateAuthRequestState","siopUpdateRequestState","siopDeleteAuthState","siopDeleteState","siopVerifyAuthResponse","siopImportDefinitions","siopGetRedirectURI","setDefaultOpts","rpDefaultOpts","context","defaultOpts","identifierOpts","resolveOpts","resolver","resolve","getAgentResolver","uniresolverResolution","resolverResolution","localResolution","createArgs","getRPInstance","responseRedirectURI","useQueryIdInstance","queryId","then","rp","URI","encodedUri","createAuthorizationRequest","request","authRequest","authorizationRequest","payload","requestObject","requestObjectJwt","requestObjectDecoded","getPayload","args","get","sessionManager","getRequestStateByCorrelationId","correlationId","errorOnNotFound","rpInstance","authorizationResponseState","getResponseStateByCorrelationId","undefined","responseState","status","AuthorizationResponseStateStatus","VERIFIED","includeVerifiedData","VerifiedDataMode","NONE","hasher","CredentialMapper","isSdJwtEncoded","response","vp_token","rpOptions","credentialOpts","defaultHasher","presentationDecoded","decodeVerifiablePresentation","VERIFIED_PRESENTATION","verifiedData","presentationOrClaimsFrom","CREDENTIAL_SUBJECT_FLATTENED","allClaims","credential","verifiableCredential","vc","schemaValidationResult","agent","cvVerifySchema","validationPolicy","verificationPolicies","schemaValidation","result","ERROR","error","Error","credentialSubject","id","Object","entries","forEach","key","value","isSdJwtDecodedCredential","decodedPayload","toUniformPresentation","state","signalAuthRequestRetrieved","deleteStateForCorrelationId","authorizationResponse","authResponse","decodeUriAsJson","verifyAuthorizationResponse","presentationDefinitions","dcqlQuery","audience","queries","tenantId","version","versionControlMode","Promise","all","map","definitionPair","definitionPayload","pexValidateDefinition","definition","console","log","name","pdmPersistDefinition","definitionItem","dcqlPayload","instanceId","has","getResponseRedirectUri","correlation_id","instanceOpts","getInstanceOpts","rpOpts","getRPOptions","set","RPInstance","pexOpts","responseRedirectUri","options","idOpts","supportedDIDMethods","supportedVersions","definitionId","instanceOpt","find","i","getDefaultOptions","defaultOptions","clonedOptions","VerifiedDataMode","schema","require"]}