@sphereon/ssi-sdk.siopv2-oid4vp-rp-auth 0.34.1-fix.147 → 0.34.1-fix.161

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (11) hide show
  1. package/dist/index.cjs +35 -30
  2. package/dist/index.cjs.map +1 -1
  3. package/dist/index.d.cts +19 -20
  4. package/dist/index.d.ts +19 -20
  5. package/dist/index.js +35 -30
  6. package/dist/index.js.map +1 -1
  7. package/package.json +17 -17
  8. package/src/RPInstance.ts +6 -4
  9. package/src/agent/SIOPv2RP.ts +29 -27
  10. package/src/functions.ts +5 -4
  11. package/src/types/ISIOPv2RP.ts +15 -17
package/dist/index.cjs CHANGED
@@ -435,11 +435,11 @@ async function createRPBuilder(args) {
435
435
  const { identifierOpts } = rpOpts;
436
436
  let definition = args.definition;
437
437
  let dcqlQuery = args.dcql;
438
- if (!definition && pexOpts && pexOpts.definitionId) {
438
+ if (!definition && pexOpts && pexOpts.queryId) {
439
439
  const presentationDefinitionItems = await context.agent.pdmGetDefinitions({
440
440
  filter: [
441
441
  {
442
- definitionId: pexOpts.definitionId,
442
+ definitionId: pexOpts.queryId,
443
443
  version: pexOpts.version,
444
444
  tenantId: pexOpts.tenantId
445
445
  }
@@ -522,7 +522,8 @@ async function createRPBuilder(args) {
522
522
  } else {
523
523
  const resolution = await context.agent.identifierManagedGet(identifierOpts.idOpts);
524
524
  const clientId = rpOpts.clientMetadataOpts?.client_id ?? resolution.issuer ?? ((0, import_ssi_sdk_ext2.isManagedIdentifierDidResult)(resolution) ? resolution.did : resolution.jwkThumbprint);
525
- builder.withClientId(prefixClientId(clientId), import_did_auth_siop.PropertyTarget.REQUEST_OBJECT);
525
+ const clientIdPrefixed = prefixClientId(clientId);
526
+ builder.withClientId(clientIdPrefixed, import_did_auth_siop.PropertyTarget.REQUEST_OBJECT);
526
527
  }
527
528
  if (hasher) {
528
529
  builder.withHasher(hasher);
@@ -629,7 +630,7 @@ var RPInstance = class {
629
630
  return this.definitionId !== void 0;
630
631
  }
631
632
  get definitionId() {
632
- return this.pexOptions?.definitionId;
633
+ return this.pexOptions?.queryId;
633
634
  }
634
635
  async getPresentationDefinition(context) {
635
636
  return this.definitionId ? await context.agent.pexStoreGetDefinition({
@@ -638,7 +639,7 @@ var RPInstance = class {
638
639
  }) : void 0;
639
640
  }
640
641
  async createAuthorizationRequestURI(createArgs, context) {
641
- const { correlationId, claims, requestByReferenceURI, responseURI, responseURIType } = createArgs;
642
+ const { correlationId, queryId, claims, requestByReferenceURI, responseURI, responseURIType, callback } = createArgs;
642
643
  const nonce = createArgs.nonce ?? (0, import_uuid.v4)();
643
644
  const state = createArgs.state ?? correlationId;
644
645
  let jwtIssuer;
@@ -666,13 +667,15 @@ var RPInstance = class {
666
667
  return await this.get(context).then((rp) => rp.createAuthorizationRequestURI({
667
668
  version: getRequestVersion(this.rpOptions),
668
669
  correlationId,
670
+ queryId,
669
671
  nonce,
670
672
  state,
671
673
  claims,
672
674
  requestByReferenceURI,
673
675
  responseURI,
674
676
  responseURIType,
675
- jwtIssuer
677
+ jwtIssuer,
678
+ callback
676
679
  }));
677
680
  }
678
681
  async createAuthorizationRequest(createArgs, context) {
@@ -750,13 +753,15 @@ var SIOPv2RP = class _SIOPv2RP {
750
753
  }
751
754
  async createAuthorizationRequestURI(createArgs, context) {
752
755
  return await this.getRPInstance({
753
- definitionId: createArgs.definitionId,
754
- responseRedirectURI: createArgs.responseRedirectURI
756
+ responseRedirectURI: createArgs.responseRedirectURI,
757
+ ...createArgs.useQueryIdInstance === true && {
758
+ queryId: createArgs.queryId
759
+ }
755
760
  }, context).then((rp) => rp.createAuthorizationRequestURI(createArgs, context)).then((URI) => URI.encodedUri);
756
761
  }
757
762
  async createAuthorizationRequestPayloads(createArgs, context) {
758
763
  return await this.getRPInstance({
759
- definitionId: createArgs.definitionId
764
+ queryId: createArgs.queryId
760
765
  }, context).then((rp) => rp.createAuthorizationRequest(createArgs, context)).then(async (request) => {
761
766
  const authRequest = {
762
767
  authorizationRequest: request.payload,
@@ -768,12 +773,12 @@ var SIOPv2RP = class _SIOPv2RP {
768
773
  }
769
774
  async siopGetRequestState(args, context) {
770
775
  return await this.getRPInstance({
771
- definitionId: args.definitionId
776
+ queryId: args.queryId
772
777
  }, context).then((rp) => rp.get(context).then((rp2) => rp2.sessionManager.getRequestStateByCorrelationId(args.correlationId, args.errorOnNotFound)));
773
778
  }
774
779
  async siopGetResponseState(args, context) {
775
780
  const rpInstance = await this.getRPInstance({
776
- definitionId: args.definitionId
781
+ queryId: args.queryId
777
782
  }, context);
778
783
  const authorizationResponseState = await rpInstance.get(context).then((rp) => rp.sessionManager.getResponseStateByCorrelationId(args.correlationId, args.errorOnNotFound));
779
784
  if (authorizationResponseState === void 0) {
@@ -826,11 +831,11 @@ var SIOPv2RP = class _SIOPv2RP {
826
831
  }
827
832
  presentationOrClaimsFrom = /* @__PURE__ */ __name((presentationDecoded) => import_ssi_types2.CredentialMapper.isSdJwtDecodedCredential(presentationDecoded) ? presentationDecoded.decodedPayload : import_ssi_types2.CredentialMapper.toUniformPresentation(presentationDecoded), "presentationOrClaimsFrom");
828
833
  async siopUpdateRequestState(args, context) {
829
- if (args.state !== "sent") {
830
- throw Error(`Only 'sent' status is supported for this method at this point`);
834
+ if (args.state !== "authorization_request_created") {
835
+ throw Error(`Only 'authorization_request_created' status is supported for this method at this point`);
831
836
  }
832
837
  return await this.getRPInstance({
833
- definitionId: args.definitionId
838
+ queryId: args.queryId
834
839
  }, context).then((rp) => rp.get(context).then(async (rp2) => {
835
840
  await rp2.signalAuthRequestRetrieved({
836
841
  correlationId: args.correlationId,
@@ -841,7 +846,7 @@ var SIOPv2RP = class _SIOPv2RP {
841
846
  }
842
847
  async siopDeleteState(args, context) {
843
848
  return await this.getRPInstance({
844
- definitionId: args.definitionId
849
+ queryId: args.queryId
845
850
  }, context).then((rp) => rp.get(context).then((rp2) => rp2.sessionManager.deleteStateForCorrelationId(args.correlationId))).then(() => true);
846
851
  }
847
852
  async siopVerifyAuthResponse(args, context) {
@@ -850,7 +855,7 @@ var SIOPv2RP = class _SIOPv2RP {
850
855
  }
851
856
  const authResponse = typeof args.authorizationResponse === "string" ? (0, import_did_auth_siop2.decodeUriAsJson)(args.authorizationResponse) : args.authorizationResponse;
852
857
  return await this.getRPInstance({
853
- definitionId: args.definitionId
858
+ queryId: args.queryId
854
859
  }, context).then((rp) => rp.get(context).then((rp2) => rp2.verifyAuthorizationResponse(authResponse, {
855
860
  correlationId: args.correlationId,
856
861
  ...args.dcqlQueryPayload ? {
@@ -860,8 +865,8 @@ var SIOPv2RP = class _SIOPv2RP {
860
865
  })));
861
866
  }
862
867
  async siopImportDefinitions(args, context) {
863
- const { definitions, tenantId, version, versionControlMode } = args;
864
- await Promise.all(definitions.map(async (definitionPair) => {
868
+ const { queries, tenantId, version, versionControlMode } = args;
869
+ await Promise.all(queries.map(async (definitionPair) => {
865
870
  const definitionPayload = definitionPair.definitionPayload;
866
871
  if (!definitionPayload && !definitionPair.dcqlPayload) {
867
872
  return Promise.reject(Error("Either dcqlPayload or definitionPayload must be suppplied"));
@@ -894,7 +899,7 @@ var SIOPv2RP = class _SIOPv2RP {
894
899
  }));
895
900
  }
896
901
  async siopGetRedirectURI(args, context) {
897
- const instanceId = args.definitionId ?? _SIOPv2RP._DEFAULT_OPTS_KEY;
902
+ const instanceId = args.queryId ?? _SIOPv2RP._DEFAULT_OPTS_KEY;
898
903
  if (this.instances.has(instanceId)) {
899
904
  const rpInstance = this.instances.get(instanceId);
900
905
  if (rpInstance !== void 0) {
@@ -910,12 +915,12 @@ var SIOPv2RP = class _SIOPv2RP {
910
915
  }
911
916
  return void 0;
912
917
  }
913
- async getRPInstance({ definitionId, responseRedirectURI }, context) {
914
- const instanceId = definitionId ?? _SIOPv2RP._DEFAULT_OPTS_KEY;
918
+ async getRPInstance({ queryId, responseRedirectURI }, context) {
919
+ const instanceId = queryId ?? _SIOPv2RP._DEFAULT_OPTS_KEY;
915
920
  if (!this.instances.has(instanceId)) {
916
- const instanceOpts = this.getInstanceOpts(definitionId);
921
+ const instanceOpts = this.getInstanceOpts(queryId);
917
922
  const rpOpts = await this.getRPOptions(context, {
918
- definitionId,
923
+ queryId,
919
924
  responseRedirectURI
920
925
  });
921
926
  if (!rpOpts.identifierOpts.resolveOpts?.resolver || typeof rpOpts.identifierOpts.resolveOpts.resolver.resolve !== "function") {
@@ -927,7 +932,7 @@ var SIOPv2RP = class _SIOPv2RP {
927
932
  ...rpOpts.identifierOpts.resolveOpts
928
933
  };
929
934
  }
930
- console.log("Using agent DID resolver for RP instance with definition id " + definitionId);
935
+ console.log("Using agent DID resolver for RP instance with definition id " + queryId);
931
936
  rpOpts.identifierOpts.resolveOpts.resolver = (0, import_ssi_sdk_ext4.getAgentResolver)(context, {
932
937
  uniresolverResolution: true,
933
938
  localResolution: true,
@@ -946,10 +951,10 @@ var SIOPv2RP = class _SIOPv2RP {
946
951
  return rpInstance;
947
952
  }
948
953
  async getRPOptions(context, opts) {
949
- const { definitionId, responseRedirectURI } = opts;
950
- const options = this.getInstanceOpts(definitionId)?.rpOpts ?? this.opts.defaultOpts;
954
+ const { queryId, responseRedirectURI } = opts;
955
+ const options = this.getInstanceOpts(queryId)?.rpOpts ?? this.opts.defaultOpts;
951
956
  if (!options) {
952
- throw Error(`Could not get specific nor default options for definition ${definitionId}`);
957
+ throw Error(`Could not get specific nor default options for definition ${queryId}`);
953
958
  }
954
959
  if (this.opts.defaultOpts) {
955
960
  if (!options.identifierOpts) {
@@ -983,18 +988,18 @@ var SIOPv2RP = class _SIOPv2RP {
983
988
  }
984
989
  getInstanceOpts(definitionId) {
985
990
  if (!this.opts.instanceOpts) return void 0;
986
- const instanceOpt = definitionId ? this.opts.instanceOpts.find((i) => i.definitionId === definitionId) : void 0;
991
+ const instanceOpt = definitionId ? this.opts.instanceOpts.find((i) => i.queryId === definitionId) : void 0;
987
992
  return instanceOpt ?? this.getDefaultOptions(definitionId);
988
993
  }
989
994
  getDefaultOptions(definitionId) {
990
995
  if (!this.opts.instanceOpts) return void 0;
991
- const defaultOptions = this.opts.instanceOpts.find((i) => i.definitionId === "default");
996
+ const defaultOptions = this.opts.instanceOpts.find((i) => i.queryId === "default");
992
997
  if (defaultOptions) {
993
998
  const clonedOptions = {
994
999
  ...defaultOptions
995
1000
  };
996
1001
  if (definitionId !== void 0) {
997
- clonedOptions.definitionId = definitionId;
1002
+ clonedOptions.queryId = definitionId;
998
1003
  }
999
1004
  return clonedOptions;
1000
1005
  }
package/dist/index.cjs.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"sources":["../src/index.ts","../plugin.schema.json","../src/agent/SIOPv2RP.ts","../src/functions.ts","../src/RPInstance.ts","../src/types/ISIOPv2RP.ts"],"sourcesContent":["/**\n * @public\n */\nimport schema from '../plugin.schema.json'\nexport { schema }\nexport { SIOPv2RP } from './agent/SIOPv2RP'\nexport * from './types/ISIOPv2RP'\n","{\n \"IDidAuthSiopOpAuthenticator\": {\n \"components\": {\n \"schemas\": {\n \"IGetSiopSessionArgs\": {\n \"type\": \"object\",\n \"properties\": {\n \"sessionId\": {\n \"type\": \"string\"\n },\n \"additionalProperties\": false\n },\n \"required\": [\"sessionId\"],\n \"description\": \"Arguments needed for {@link DidAuthSiopOpAuthenticator.getSessionForSiop } \"\n },\n \"IRegisterSiopSessionArgs\": {\n \"type\": \"object\",\n \"properties\": {\n \"identifier\": {\n \"type\": \"object\",\n \"properties\": {\n \"did\": {\n \"type\": \"string\"\n },\n \"alias\": {\n \"type\": \"string\"\n },\n \"provider\": {\n \"type\": \"string\"\n },\n \"controllerKeyId\": {\n \"type\": \"string\"\n },\n \"keys\": {\n \"type\": \"array\",\n \"items\": {\n \"type\": \"object\",\n \"properties\": {\n \"additionalProperties\": true\n }\n }\n },\n \"services\": {\n \"type\": \"array\",\n \"items\": {\n \"type\": \"object\",\n \"properties\": {\n \"additionalProperties\": true\n }\n }\n }\n },\n \"additionalProperties\": false,\n \"required\": [\"did\", \"provider\", \"keys\", \"services\"]\n },\n \"sessionId\": {\n \"type\": \"string\"\n },\n \"expiresIn\": {\n \"type\": \"number\"\n },\n \"additionalProperties\": false\n },\n \"required\": [\"identifier\"],\n \"description\": \"Arguments needed for {@link DidAuthSiopOpAuthenticator.registerSessionForSiop } \"\n },\n \"IRemoveSiopSessionArgs\": {\n \"type\": \"object\",\n \"properties\": {\n \"sessionId\": {\n \"type\": \"string\"\n },\n \"additionalProperties\": false\n },\n \"required\": [\"sessionId\"],\n \"description\": \"Arguments needed for {@link DidAuthSiopOpAuthenticator.removeSessionForSiop } \"\n },\n \"IAuthenticateWithSiopArgs\": {\n \"type\": \"object\",\n \"properties\": {\n \"sessionId\": {\n \"type\": \"string\"\n },\n \"stateId\": {\n \"type\": \"string\"\n },\n \"redirectUrl\": {\n \"type\": \"string\"\n },\n \"additionalProperties\": false\n },\n \"required\": [\"sessionId\", \"stateId\", \"redirectUrl\"],\n \"description\": \"Arguments needed for {@link DidAuthSiopOpAuthenticator.authenticateWithSiop } \"\n },\n \"IResponse\": {\n \"type\": \"object\",\n \"properties\": {\n \"status\": {\n \"type\": \"number\"\n },\n \"additionalProperties\": true\n },\n \"required\": [\"status\"],\n \"description\": \"Result of {@link DidAuthSiopOpAuthenticator.authenticateWithSiop & DidAuthSiopOpAuthenticator.sendSiopAuthenticationResponse } \"\n },\n \"IGetSiopAuthenticationRequestFromRpArgs\": {\n \"type\": \"object\",\n \"properties\": {\n \"sessionId\": {\n \"type\": \"string\"\n },\n \"stateId\": {\n \"type\": \"string\"\n },\n \"redirectUrl\": {\n \"type\": \"string\"\n },\n \"additionalProperties\": false\n },\n \"required\": [\"sessionId\", \"stateId\", \"redirectUrl\"],\n \"description\": \"Arguments needed for {@link DidAuthSiopOpAuthenticator.getSiopAuthenticationRequestFromRP } \"\n },\n \"ParsedAuthenticationRequestURI\": {\n \"type\": \"object\",\n \"properties\": {\n \"jwt\": {\n \"type\": \"string\"\n },\n \"requestPayload\": {\n \"type\": \"object\",\n \"properties\": {\n \"additionalProperties\": true\n }\n },\n \"registration\": {\n \"type\": \"object\",\n \"properties\": {\n \"additionalProperties\": true\n }\n },\n \"additionalProperties\": false\n },\n \"required\": [\"jwt\", \"requestPayload\", \"registration\"],\n \"description\": \"Result of {@link DidAuthSiopOpAuthenticator.getSiopAuthenticationRequestFromRP } \"\n },\n \"IGetSiopAuthenticationRequestDetailsArgs\": {\n \"type\": \"object\",\n \"properties\": {\n \"sessionId\": {\n \"type\": \"string\"\n },\n \"verifiedAuthenticationRequest\": {\n \"type\": \"object\",\n \"properties\": {\n \"additionalProperties\": true\n }\n },\n \"credentialFilter\": {\n \"type\": \"object\",\n \"properties\": {\n \"additionalProperties\": true\n }\n },\n \"additionalProperties\": false\n },\n \"required\": [\"sessionId\", \"verifiedAuthenticationRequest\"],\n \"description\": \"Arguments needed for {@link DidAuthSiopOpAuthenticator.getSiopAuthenticationRequestDetails } \"\n },\n \"IAuthRequestDetails\": {\n \"type\": \"object\",\n \"properties\": {\n \"id\": {\n \"type\": \"string\"\n },\n \"alsoKnownAs\": {\n \"type\": \"array\",\n \"items\": {\n \"type\": \"string\"\n }\n },\n \"vpResponseOpts\": {\n \"type\": \"object\",\n \"properties\": {\n \"additionalProperties\": true\n }\n },\n \"additionalProperties\": false\n },\n \"required\": [\"id\", \"vpResponseOpts\"],\n \"description\": \"Result of {@link DidAuthSiopOpAuthenticator.getSiopAuthenticationRequestDetails } \"\n },\n \"IVerifySiopAuthenticationRequestUriArgs\": {\n \"type\": \"object\",\n \"properties\": {\n \"sessionId\": {\n \"type\": \"string\"\n },\n \"ParsedAuthenticationRequestURI\": {\n \"type\": \"object\",\n \"properties\": {\n \"additionalProperties\": true\n }\n },\n \"additionalProperties\": false\n },\n \"required\": [\"sessionId\", \"ParsedAuthenticationRequestURI\"],\n \"description\": \"Arguments needed for {@link DidAuthSiopOpAuthenticator.verifySiopAuthenticationRequestURI } \"\n },\n \"VerifiedAuthorizationRequest\": {\n \"type\": \"object\",\n \"properties\": {\n \"payload\": {\n \"type\": \"object\",\n \"properties\": {\n \"additionalProperties\": true\n }\n },\n \"presentationDefinitions\": {\n \"type\": \"object\",\n \"properties\": {\n \"additionalProperties\": true\n }\n },\n \"verifyOpts\": {\n \"type\": \"object\",\n \"properties\": {\n \"additionalProperties\": true\n }\n },\n \"additionalProperties\": false\n },\n \"required\": [\"payload\", \"verifyOpts\"],\n \"description\": \"Result of {@link DidAuthSiopOpAuthenticator.verifySiopAuthenticationRequestURI } \"\n },\n \"ISendSiopAuthenticationResponseArgs\": {\n \"type\": \"object\",\n \"properties\": {\n \"sessionId\": {\n \"type\": \"string\"\n },\n \"verifiedAuthenticationRequest\": {\n \"type\": \"object\",\n \"properties\": {\n \"additionalProperties\": true\n }\n },\n \"verifiablePresentationResponse\": {\n \"type\": \"object\",\n \"properties\": {\n \"additionalProperties\": true\n }\n },\n \"additionalProperties\": false\n },\n \"required\": [\"sessionId\", \"verifiedAuthenticationRequest\"],\n \"description\": \"Arguments needed for {@link DidAuthSiopOpAuthenticator.sendSiopAuthenticationResponse } \"\n }\n },\n \"methods\": {\n \"getSessionForSiop\": {\n \"description\": \"Get SIOP session\",\n \"arguments\": {\n \"$ref\": \"#/components/schemas/IGetSiopSessionArgs\"\n },\n \"returnType\": \"object\"\n },\n \"registerSessionForSiop\": {\n \"description\": \"Register SIOP session\",\n \"arguments\": {\n \"$ref\": \"#/components/schemas/IRegisterSiopSessionArgs\"\n },\n \"returnType\": \"object\"\n },\n \"removeSessionForSiop\": {\n \"description\": \"Remove SIOP session\",\n \"arguments\": {\n \"$ref\": \"#/components/schemas/IRemoveSiopSessionArgs\"\n },\n \"returnType\": \"boolean\"\n },\n \"authenticateWithSiop\": {\n \"description\": \"Authenticate using DID Auth SIOP\",\n \"arguments\": {\n \"$ref\": \"#/components/schemas/IAuthenticateWithSiopArgs\"\n },\n \"returnType\": {\n \"$ref\": \"#/components/schemas/Response\"\n }\n },\n \"getSiopAuthenticationRequestFromRP\": {\n \"description\": \"Get authentication request from RP\",\n \"arguments\": {\n \"$ref\": \"#/components/schemas/IGetSiopAuthenticationRequestFromRpArgs\"\n },\n \"returnType\": {\n \"$ref\": \"#/components/schemas/ParsedAuthenticationRequestURI\"\n }\n },\n \"getSiopAuthenticationRequestDetails\": {\n \"description\": \"Get authentication request details\",\n \"arguments\": {\n \"$ref\": \"#/components/schemas/IGetSiopAuthenticationRequestDetailsArgs\"\n },\n \"returnType\": {\n \"$ref\": \"#/components/schemas/IAuthRequestDetails\"\n }\n },\n \"verifySiopAuthenticationRequestURI\": {\n \"description\": \"Verify authentication request URI\",\n \"arguments\": {\n \"$ref\": \"#/components/schemas/IVerifySiopAuthenticationRequestUriArgs\"\n },\n \"returnType\": {\n \"$ref\": \"#/components/schemas/VerifiedAuthorizationRequest\"\n }\n },\n \"sendSiopAuthenticationResponse\": {\n \"description\": \"Send authentication response\",\n \"arguments\": {\n \"$ref\": \"#/components/schemas/ISendSiopAuthenticationResponseArgs\"\n },\n \"returnType\": {\n \"$ref\": \"#/components/schemas/IRequiredContext\"\n }\n }\n }\n }\n }\n}\n","import {\n AuthorizationRequestState,\n AuthorizationResponsePayload,\n AuthorizationResponseState,\n AuthorizationResponseStateStatus,\n decodeUriAsJson,\n VerifiedAuthorizationResponse,\n} from '@sphereon/did-auth-siop'\nimport { getAgentResolver } from '@sphereon/ssi-sdk-ext.did-utils'\nimport { shaHasher as defaultHasher } from '@sphereon/ssi-sdk.core'\nimport {\n AdditionalClaims,\n CredentialMapper,\n HasherSync,\n ICredentialSubject,\n IPresentation,\n IVerifiableCredential,\n IVerifiablePresentation,\n JwtDecodedVerifiablePresentation,\n MdocDeviceResponse,\n MdocOid4vpMdocVpToken,\n OriginalVerifiablePresentation,\n SdJwtDecodedVerifiableCredential,\n} from '@sphereon/ssi-types'\nimport { IAgentPlugin } from '@veramo/core'\nimport { DcqlQuery } from 'dcql'\nimport {\n AuthorizationResponseStateWithVerifiedData,\n IAuthorizationRequestPayloads,\n ICreateAuthRequestArgs,\n IGetAuthRequestStateArgs,\n IGetAuthResponseStateArgs,\n IGetRedirectUriArgs,\n ImportDefinitionsArgs,\n IPEXInstanceOptions,\n IRequiredContext,\n IRPDefaultOpts,\n IRPOptions,\n ISiopRPInstanceArgs,\n ISiopv2RPOpts,\n IUpdateRequestStateArgs,\n IVerifyAuthResponseStateArgs,\n schema,\n VerifiedDataMode,\n} from '../index'\nimport { RPInstance } from '../RPInstance'\nimport { ISIOPv2RP } from '../types/ISIOPv2RP'\n\nexport class SIOPv2RP implements IAgentPlugin {\n private readonly opts: ISiopv2RPOpts\n private static readonly _DEFAULT_OPTS_KEY = '_default'\n private readonly instances: Map<string, RPInstance> = new Map()\n readonly schema = schema.IDidAuthSiopOpAuthenticator\n\n readonly methods: ISIOPv2RP = {\n siopCreateAuthRequestURI: this.createAuthorizationRequestURI.bind(this),\n siopCreateAuthRequestPayloads: this.createAuthorizationRequestPayloads.bind(this),\n siopGetAuthRequestState: this.siopGetRequestState.bind(this),\n siopGetAuthResponseState: this.siopGetResponseState.bind(this),\n siopUpdateAuthRequestState: this.siopUpdateRequestState.bind(this),\n siopDeleteAuthState: this.siopDeleteState.bind(this),\n siopVerifyAuthResponse: this.siopVerifyAuthResponse.bind(this),\n siopImportDefinitions: this.siopImportDefinitions.bind(this),\n siopGetRedirectURI: this.siopGetRedirectURI.bind(this),\n }\n\n constructor(opts: ISiopv2RPOpts) {\n this.opts = opts\n }\n\n public setDefaultOpts(rpDefaultOpts: IRPDefaultOpts, context: IRequiredContext) {\n // We allow setting default options later, because in some cases you might want to query the agent for defaults. This cannot happen when the agent is being build (this is when the constructor is being called)\n this.opts.defaultOpts = rpDefaultOpts\n // We however do require the agent to be responsible for resolution, otherwise people might encounter strange errors, that are very hard to track down\n if (\n !this.opts.defaultOpts.identifierOpts.resolveOpts?.resolver ||\n typeof this.opts.defaultOpts.identifierOpts.resolveOpts.resolver.resolve !== 'function'\n ) {\n this.opts.defaultOpts.identifierOpts.resolveOpts = {\n ...this.opts.defaultOpts.identifierOpts.resolveOpts,\n resolver: getAgentResolver(context, { uniresolverResolution: true, resolverResolution: true, localResolution: true }),\n }\n }\n }\n\n private async createAuthorizationRequestURI(createArgs: ICreateAuthRequestArgs, context: IRequiredContext): Promise<string> {\n return await this.getRPInstance({ definitionId: createArgs.definitionId, responseRedirectURI: createArgs.responseRedirectURI }, context)\n .then((rp) => rp.createAuthorizationRequestURI(createArgs, context))\n .then((URI) => URI.encodedUri)\n }\n\n private async createAuthorizationRequestPayloads(\n createArgs: ICreateAuthRequestArgs,\n context: IRequiredContext,\n ): Promise<IAuthorizationRequestPayloads> {\n return await this.getRPInstance({ definitionId: createArgs.definitionId }, context)\n .then((rp) => rp.createAuthorizationRequest(createArgs, context))\n .then(async (request) => {\n const authRequest: IAuthorizationRequestPayloads = {\n authorizationRequest: request.payload,\n requestObject: await request.requestObjectJwt(),\n requestObjectDecoded: request.requestObject?.getPayload(),\n }\n return authRequest\n })\n }\n\n private async siopGetRequestState(args: IGetAuthRequestStateArgs, context: IRequiredContext): Promise<AuthorizationRequestState | undefined> {\n return await this.getRPInstance({ definitionId: args.definitionId }, context).then((rp) =>\n rp.get(context).then((rp) => rp.sessionManager.getRequestStateByCorrelationId(args.correlationId, args.errorOnNotFound)),\n )\n }\n\n private async siopGetResponseState(\n args: IGetAuthResponseStateArgs,\n context: IRequiredContext,\n ): Promise<AuthorizationResponseStateWithVerifiedData | undefined> {\n const rpInstance: RPInstance = await this.getRPInstance({ definitionId: args.definitionId }, context)\n const authorizationResponseState: AuthorizationResponseState | undefined = await rpInstance\n .get(context)\n .then((rp) => rp.sessionManager.getResponseStateByCorrelationId(args.correlationId, args.errorOnNotFound))\n if (authorizationResponseState === undefined) {\n return undefined\n }\n\n const responseState = authorizationResponseState as AuthorizationResponseStateWithVerifiedData\n if (\n responseState.status === AuthorizationResponseStateStatus.VERIFIED &&\n args.includeVerifiedData &&\n args.includeVerifiedData !== VerifiedDataMode.NONE\n ) {\n let hasher: HasherSync | undefined\n if (\n CredentialMapper.isSdJwtEncoded(responseState.response.payload.vp_token as OriginalVerifiablePresentation) &&\n (!rpInstance.rpOptions.credentialOpts?.hasher || typeof rpInstance.rpOptions.credentialOpts?.hasher !== 'function')\n ) {\n hasher = defaultHasher\n }\n // todo this should also include mdl-mdoc\n const presentationDecoded = CredentialMapper.decodeVerifiablePresentation(\n responseState.response.payload.vp_token as OriginalVerifiablePresentation,\n //todo: later we want to conditionally pass in options for mdl-mdoc here\n hasher,\n )\n switch (args.includeVerifiedData) {\n case VerifiedDataMode.VERIFIED_PRESENTATION:\n responseState.response.payload.verifiedData = this.presentationOrClaimsFrom(presentationDecoded)\n break\n case VerifiedDataMode.CREDENTIAL_SUBJECT_FLATTENED: // TODO debug cs-flat for SD-JWT\n const allClaims: AdditionalClaims = {}\n for (const credential of this.presentationOrClaimsFrom(presentationDecoded).verifiableCredential || []) {\n const vc = credential as IVerifiableCredential\n const schemaValidationResult = await context.agent.cvVerifySchema({\n credential,\n hasher,\n validationPolicy: rpInstance.rpOptions.verificationPolicies?.schemaValidation,\n })\n if (!schemaValidationResult.result) {\n responseState.status = AuthorizationResponseStateStatus.ERROR\n responseState.error = new Error(schemaValidationResult.error)\n return responseState\n }\n\n const credentialSubject = vc.credentialSubject as ICredentialSubject & AdditionalClaims\n if (!('id' in allClaims)) {\n allClaims['id'] = credentialSubject.id\n }\n\n Object.entries(credentialSubject).forEach(([key, value]) => {\n if (!(key in allClaims)) {\n allClaims[key] = value\n }\n })\n }\n responseState.verifiedData = allClaims\n break\n }\n }\n return responseState\n }\n\n private presentationOrClaimsFrom = (\n presentationDecoded:\n | JwtDecodedVerifiablePresentation\n | IVerifiablePresentation\n | SdJwtDecodedVerifiableCredential\n | MdocOid4vpMdocVpToken\n | MdocDeviceResponse,\n ): AdditionalClaims | IPresentation =>\n CredentialMapper.isSdJwtDecodedCredential(presentationDecoded)\n ? presentationDecoded.decodedPayload\n : CredentialMapper.toUniformPresentation(presentationDecoded as OriginalVerifiablePresentation)\n\n private async siopUpdateRequestState(args: IUpdateRequestStateArgs, context: IRequiredContext): Promise<AuthorizationRequestState> {\n if (args.state !== 'sent') {\n throw Error(`Only 'sent' status is supported for this method at this point`)\n }\n return await this.getRPInstance({ definitionId: args.definitionId }, context)\n // todo: In the SIOP library we need to update the signal method to be more like this method\n .then((rp) =>\n rp.get(context).then(async (rp) => {\n await rp.signalAuthRequestRetrieved({\n correlationId: args.correlationId,\n error: args.error ? new Error(args.error) : undefined,\n })\n return (await rp.sessionManager.getRequestStateByCorrelationId(args.correlationId, true)) as AuthorizationRequestState\n }),\n )\n }\n\n private async siopDeleteState(args: IGetAuthResponseStateArgs, context: IRequiredContext): Promise<boolean> {\n return await this.getRPInstance({ definitionId: args.definitionId }, context)\n .then((rp) => rp.get(context).then((rp) => rp.sessionManager.deleteStateForCorrelationId(args.correlationId)))\n .then(() => true)\n }\n\n private async siopVerifyAuthResponse(args: IVerifyAuthResponseStateArgs, context: IRequiredContext): Promise<VerifiedAuthorizationResponse> {\n if (!args.authorizationResponse) {\n throw Error('No SIOPv2 Authorization Response received')\n }\n const authResponse =\n typeof args.authorizationResponse === 'string'\n ? (decodeUriAsJson(args.authorizationResponse) as AuthorizationResponsePayload)\n : args.authorizationResponse\n return await this.getRPInstance({ definitionId: args.definitionId }, context).then((rp) =>\n rp.get(context).then((rp) =>\n rp.verifyAuthorizationResponse(authResponse, {\n correlationId: args.correlationId,\n ...(args.dcqlQueryPayload ? { dcqlQuery: args.dcqlQueryPayload.dcqlQuery } : {}),\n audience: args.audience,\n }),\n ),\n )\n }\n\n private async siopImportDefinitions(args: ImportDefinitionsArgs, context: IRequiredContext): Promise<void> {\n const { definitions, tenantId, version, versionControlMode } = args\n await Promise.all(\n definitions.map(async (definitionPair) => {\n const definitionPayload = definitionPair.definitionPayload\n if (!definitionPayload && !definitionPair.dcqlPayload) {\n return Promise.reject(Error('Either dcqlPayload or definitionPayload must be suppplied'))\n }\n\n let definitionId: string\n if (definitionPair.dcqlPayload) {\n DcqlQuery.validate(definitionPair.dcqlPayload.dcqlQuery)\n console.log(`persisting DCQL definition ${definitionPair.dcqlPayload.queryId} with versionControlMode ${versionControlMode}`)\n definitionId = definitionPair.dcqlPayload.queryId\n }\n if (definitionPayload) {\n await context.agent.pexValidateDefinition({ definition: definitionPayload })\n console.log(`persisting PEX definition ${definitionPayload.id} / ${definitionPayload.name} with versionControlMode ${versionControlMode}`)\n definitionId = definitionPayload.id\n }\n\n return context.agent.pdmPersistDefinition({\n definitionItem: {\n definitionId: definitionId!,\n tenantId: tenantId,\n version: version,\n definitionPayload,\n dcqlPayload: definitionPair.dcqlPayload,\n },\n opts: { versionControlMode: versionControlMode },\n })\n }),\n )\n }\n\n private async siopGetRedirectURI(args: IGetRedirectUriArgs, context: IRequiredContext): Promise<string | undefined> {\n const instanceId = args.definitionId ?? SIOPv2RP._DEFAULT_OPTS_KEY\n if (this.instances.has(instanceId)) {\n const rpInstance = this.instances.get(instanceId)\n if (rpInstance !== undefined) {\n const rp = await rpInstance.get(context)\n return rp.getResponseRedirectUri({\n correlation_id: args.correlationId,\n correlationId: args.correlationId,\n ...(args.state && { state: args.state }),\n })\n }\n }\n return undefined\n }\n\n async getRPInstance({ definitionId, responseRedirectURI }: ISiopRPInstanceArgs, context: IRequiredContext): Promise<RPInstance> {\n const instanceId = definitionId ?? SIOPv2RP._DEFAULT_OPTS_KEY\n if (!this.instances.has(instanceId)) {\n const instanceOpts = this.getInstanceOpts(definitionId)\n const rpOpts = await this.getRPOptions(context, { definitionId, responseRedirectURI: responseRedirectURI })\n if (!rpOpts.identifierOpts.resolveOpts?.resolver || typeof rpOpts.identifierOpts.resolveOpts.resolver.resolve !== 'function') {\n if (!rpOpts.identifierOpts?.resolveOpts) {\n rpOpts.identifierOpts = { ...rpOpts.identifierOpts }\n rpOpts.identifierOpts.resolveOpts = { ...rpOpts.identifierOpts.resolveOpts }\n }\n console.log('Using agent DID resolver for RP instance with definition id ' + definitionId)\n rpOpts.identifierOpts.resolveOpts.resolver = getAgentResolver(context, {\n uniresolverResolution: true,\n localResolution: true,\n resolverResolution: true,\n })\n }\n this.instances.set(instanceId, new RPInstance({ rpOpts, pexOpts: instanceOpts }))\n }\n const rpInstance = this.instances.get(instanceId)!\n if (responseRedirectURI) {\n rpInstance.rpOptions.responseRedirectUri = responseRedirectURI\n }\n return rpInstance\n }\n\n async getRPOptions(context: IRequiredContext, opts: { definitionId?: string; responseRedirectURI?: string }): Promise<IRPOptions> {\n const { definitionId, responseRedirectURI: responseRedirectURI } = opts\n const options = this.getInstanceOpts(definitionId)?.rpOpts ?? this.opts.defaultOpts\n if (!options) {\n throw Error(`Could not get specific nor default options for definition ${definitionId}`)\n }\n if (this.opts.defaultOpts) {\n if (!options.identifierOpts) {\n options.identifierOpts = this.opts.defaultOpts?.identifierOpts\n } else {\n if (!options.identifierOpts.idOpts) {\n options.identifierOpts.idOpts = this.opts.defaultOpts.identifierOpts.idOpts\n }\n if (!options.identifierOpts.supportedDIDMethods) {\n options.identifierOpts.supportedDIDMethods = this.opts.defaultOpts.identifierOpts.supportedDIDMethods\n }\n if (!options.supportedVersions) {\n options.supportedVersions = this.opts.defaultOpts.supportedVersions\n }\n }\n if (!options.identifierOpts.resolveOpts || typeof options.identifierOpts.resolveOpts.resolver?.resolve !== 'function') {\n options.identifierOpts.resolveOpts = {\n ...this.opts.defaultOpts.identifierOpts.resolveOpts,\n resolver:\n this.opts.defaultOpts.identifierOpts?.resolveOpts?.resolver ??\n getAgentResolver(context, { localResolution: true, resolverResolution: true, uniresolverResolution: true }),\n }\n }\n }\n if (responseRedirectURI !== undefined && responseRedirectURI !== options.responseRedirectUri) {\n options.responseRedirectUri = responseRedirectURI\n }\n return options\n }\n\n getInstanceOpts(definitionId?: string): IPEXInstanceOptions | undefined {\n if (!this.opts.instanceOpts) return undefined\n\n const instanceOpt = definitionId ? this.opts.instanceOpts.find((i) => i.definitionId === definitionId) : undefined\n\n return instanceOpt ?? this.getDefaultOptions(definitionId)\n }\n\n private getDefaultOptions(definitionId: string | undefined) {\n if (!this.opts.instanceOpts) return undefined\n\n const defaultOptions = this.opts.instanceOpts.find((i) => i.definitionId === 'default')\n if (defaultOptions) {\n const clonedOptions = { ...defaultOptions }\n if (definitionId !== undefined) {\n clonedOptions.definitionId = definitionId\n }\n return clonedOptions\n }\n\n return undefined\n }\n}\n","import {\n ClientIdentifierPrefix,\n ClientMetadataOpts,\n InMemoryRPSessionManager,\n PassBy,\n PresentationVerificationCallback,\n PresentationVerificationResult,\n PropertyTarget,\n ResponseMode,\n ResponseType,\n RevocationVerification,\n RP,\n RPBuilder,\n Scope,\n SubjectType,\n SupportedVersion,\n VerifyJwtCallback\n} from '@sphereon/did-auth-siop'\nimport { CreateJwtCallback, JwtHeader, JwtIssuer, JwtPayload, SigningAlgo } from '@sphereon/oid4vc-common'\nimport { IPresentationDefinition } from '@sphereon/pex'\nimport { getAgentDIDMethods, getAgentResolver } from '@sphereon/ssi-sdk-ext.did-utils'\nimport {\n isExternalIdentifierOIDFEntityIdOpts,\n isManagedIdentifierDidOpts,\n isManagedIdentifierDidResult,\n isManagedIdentifierX5cOpts,\n ManagedIdentifierOptsOrResult,\n} from '@sphereon/ssi-sdk-ext.identifier-resolution'\nimport { JwtCompactResult } from '@sphereon/ssi-sdk-ext.jwt-service'\nimport { IVerifySdJwtPresentationResult } from '@sphereon/ssi-sdk.sd-jwt'\nimport {\n CredentialMapper,\n HasherSync,\n OriginalVerifiableCredential,\n PresentationSubmission\n} from '@sphereon/ssi-types'\nimport { IVerifyCallbackArgs, IVerifyCredentialResult, VerifyCallback } from '@sphereon/wellknown-dids-client'\nimport { TKeyType } from '@veramo/core'\nimport { JWTVerifyOptions } from 'did-jwt'\nimport { Resolvable } from 'did-resolver'\nimport { EventEmitter } from 'events'\nimport { IPEXOptions, IRequiredContext, IRPOptions, ISIOPIdentifierOptions } from './types/ISIOPv2RP'\nimport { DcqlQuery } from 'dcql'\nimport { defaultHasher } from '@sphereon/ssi-sdk.core'\n\nexport function getRequestVersion(rpOptions: IRPOptions): SupportedVersion {\n if (Array.isArray(rpOptions.supportedVersions) && rpOptions.supportedVersions.length > 0) {\n return rpOptions.supportedVersions[0]\n }\n return SupportedVersion.JWT_VC_PRESENTATION_PROFILE_v1\n}\n\nfunction getWellKnownDIDVerifyCallback(siopIdentifierOpts: ISIOPIdentifierOptions, context: IRequiredContext) {\n return siopIdentifierOpts.wellknownDIDVerifyCallback\n ? siopIdentifierOpts.wellknownDIDVerifyCallback\n : async (args: IVerifyCallbackArgs): Promise<IVerifyCredentialResult> => {\n const result = await context.agent.cvVerifyCredential({\n credential: args.credential as OriginalVerifiableCredential,\n fetchRemoteContexts: true,\n })\n return { verified: result.result }\n }\n}\n\nexport function getPresentationVerificationCallback(\n idOpts: ManagedIdentifierOptsOrResult,\n context: IRequiredContext,\n): PresentationVerificationCallback {\n async function presentationVerificationCallback(\n args: any, // FIXME any\n presentationSubmission?: PresentationSubmission,\n ): Promise<PresentationVerificationResult> {\n if (CredentialMapper.isSdJwtEncoded(args)) {\n const result: IVerifySdJwtPresentationResult = await context.agent.verifySdJwtPresentation({\n presentation: args\n })\n // fixme: investigate the correct way to handle this\n return { verified: !!result.payload }\n }\n\n if (CredentialMapper.isMsoMdocOid4VPEncoded(args)) {\n // TODO Funke reevaluate\n if (context.agent.mdocOid4vpRPVerify === undefined) {\n return Promise.reject('ImDLMdoc agent plugin must be enabled to support MsoMdoc types')\n }\n if (presentationSubmission !== undefined && presentationSubmission !== null) {\n const verifyResult = await context.agent.mdocOid4vpRPVerify({\n vp_token: args,\n presentation_submission: presentationSubmission,\n })\n return { verified: !verifyResult.error }\n }\n throw Error(`mdocOid4vpRPVerify(...) method requires a presentation submission`)\n }\n\n const result = await context.agent.verifyPresentation({\n presentation: args,\n fetchRemoteContexts: true,\n domain: (await context.agent.identifierManagedGet(idOpts)).kid?.split('#')[0],\n })\n return { verified: result.verified }\n }\n\n return presentationVerificationCallback\n}\n\nexport async function createRPBuilder(args: {\n rpOpts: IRPOptions\n pexOpts?: IPEXOptions | undefined\n definition?: IPresentationDefinition\n dcql?: DcqlQuery\n context: IRequiredContext\n}): Promise<RPBuilder> {\n const { rpOpts, pexOpts, context } = args\n const { identifierOpts } = rpOpts\n let definition: IPresentationDefinition | undefined = args.definition\n let dcqlQuery: DcqlQuery | undefined = args.dcql\n\n if (!definition && pexOpts && pexOpts.definitionId) {\n const presentationDefinitionItems = await context.agent.pdmGetDefinitions({\n filter: [\n {\n definitionId: pexOpts.definitionId,\n version: pexOpts.version,\n tenantId: pexOpts.tenantId,\n },\n ],\n })\n\n if (presentationDefinitionItems.length > 0) {\n const presentationDefinitionItem = presentationDefinitionItems[0]\n if (!dcqlQuery && presentationDefinitionItem.dcqlPayload) {\n dcqlQuery = presentationDefinitionItem.dcqlPayload.dcqlQuery as DcqlQuery // cast from DcqlQueryREST back to valibot DcqlQuery\n }\n }\n }\n\n const didMethods = identifierOpts.supportedDIDMethods ?? (await getAgentDIDMethods(context))\n const eventEmitter = rpOpts.eventEmitter ?? new EventEmitter()\n\n const defaultClientMetadata: ClientMetadataOpts = {\n // FIXME: All of the below should be configurable. Some should come from builder, some should be determined by the agent.\n // For now it is either preconfigured or everything passed in as a single object\n idTokenSigningAlgValuesSupported: [SigningAlgo.EDDSA, SigningAlgo.ES256, SigningAlgo.ES256K], // added newly\n requestObjectSigningAlgValuesSupported: [SigningAlgo.EDDSA, SigningAlgo.ES256, SigningAlgo.ES256K], // added newly\n responseTypesSupported: [ResponseType.ID_TOKEN], // added newly\n client_name: 'Sphereon',\n vpFormatsSupported: {\n jwt_vc: { alg: ['EdDSA', 'ES256K'] },\n jwt_vp: { alg: ['ES256K', 'EdDSA'] },\n },\n scopesSupported: [Scope.OPENID_DIDAUTHN],\n subjectTypesSupported: [SubjectType.PAIRWISE],\n subject_syntax_types_supported: didMethods.map((method) => `did:${method}`),\n passBy: PassBy.VALUE,\n }\n\n const resolver =\n rpOpts.identifierOpts.resolveOpts?.resolver ??\n getAgentResolver(context, {\n resolverResolution: true,\n localResolution: true,\n uniresolverResolution: rpOpts.identifierOpts.resolveOpts?.noUniversalResolverFallback !== true,\n })\n //todo: probably wise to first look and see if we actually need the hasher to begin with\n let hasher: HasherSync | undefined = rpOpts.credentialOpts?.hasher\n if (!rpOpts.credentialOpts?.hasher || typeof rpOpts.credentialOpts?.hasher !== 'function') {\n hasher = defaultHasher\n }\n\n const builder = RP.builder({ requestVersion: getRequestVersion(rpOpts) })\n .withScope('openid', PropertyTarget.REQUEST_OBJECT)\n .withResponseMode(rpOpts.responseMode ?? ResponseMode.POST)\n .withResponseType(ResponseType.VP_TOKEN, PropertyTarget.REQUEST_OBJECT)\n // todo: move to options fill/correct method\n .withSupportedVersions(\n rpOpts.supportedVersions ?? [SupportedVersion.JWT_VC_PRESENTATION_PROFILE_v1, SupportedVersion.SIOPv2_ID1, SupportedVersion.SIOPv2_D11],\n )\n\n .withEventEmitter(eventEmitter)\n .withSessionManager(rpOpts.sessionManager ?? new InMemoryRPSessionManager(eventEmitter))\n .withClientMetadata(rpOpts.clientMetadataOpts ?? defaultClientMetadata, PropertyTarget.REQUEST_OBJECT)\n .withVerifyJwtCallback(\n rpOpts.verifyJwtCallback\n ? rpOpts.verifyJwtCallback\n : getVerifyJwtCallback(\n {\n resolver,\n verifyOpts: {\n wellknownDIDVerifyCallback: getWellKnownDIDVerifyCallback(rpOpts.identifierOpts, context),\n checkLinkedDomain: 'if_present',\n },\n },\n context,\n ),\n )\n .withRevocationVerification(RevocationVerification.NEVER)\n .withPresentationVerification(getPresentationVerificationCallback(identifierOpts.idOpts, context))\n\n const oidfOpts = identifierOpts.oidfOpts\n if (oidfOpts && isExternalIdentifierOIDFEntityIdOpts(oidfOpts)) {\n builder.withEntityId(oidfOpts.identifier, PropertyTarget.REQUEST_OBJECT)\n } else {\n const resolution = await context.agent.identifierManagedGet(identifierOpts.idOpts)\n const clientId = rpOpts.clientMetadataOpts?.client_id ?? resolution.issuer ?? (isManagedIdentifierDidResult(resolution) ? resolution.did : resolution.jwkThumbprint)\n builder.withClientId(prefixClientId(clientId), PropertyTarget.REQUEST_OBJECT)\n }\n\n if (hasher) {\n builder.withHasher(hasher)\n }\n //fixme: this has been removed in the new version of did-auth-siop\n /*if (!rpOpts.clientMetadataOpts?.subjectTypesSupported) {\n // Do not update in case it is already provided via client metadata opts\n didMethods.forEach((method) => builder.addDidMethod(method))\n }*/\n //fixme: this has been removed in the new version of did-auth-siop\n // builder.withWellknownDIDVerifyCallback(getWellKnownDIDVerifyCallback(didOpts, context))\n\n if (dcqlQuery) {\n builder.withDcqlQuery(dcqlQuery)\n }\n\n if (rpOpts.responseRedirectUri) {\n builder.withResponseRedirectUri(rpOpts.responseRedirectUri)\n }\n\n //const key = resolution.key\n //fixme: this has been removed in the new version of did-auth-siop\n //builder.withSuppliedSignature(SuppliedSigner(key, context, getSigningAlgo(key.type) as unknown as KeyAlgo), did, kid, getSigningAlgo(key.type))\n\n /*if (isManagedIdentifierDidResult(resolution)) {\n //fixme: only accepts dids in version used. New SIOP lib also accepts other types\n builder.withSuppliedSignature(\n SuppliedSigner(key, context, getSigningAlgo(key.type) as unknown as KeyAlgo),\n resolution.did,\n resolution.kid,\n getSigningAlgo(key.type),\n )\n }*/\n //fixme: signcallback and it's return type are not totally compatible with our CreateJwtCallbackBase\n const createJwtCallback = signCallback(rpOpts.identifierOpts.idOpts, context)\n builder.withCreateJwtCallback(createJwtCallback satisfies CreateJwtCallback<any>)\n return builder\n}\n\nexport function signCallback(\n idOpts: ManagedIdentifierOptsOrResult,\n context: IRequiredContext,\n): (jwtIssuer: JwtIssuer, jwt: { header: JwtHeader; payload: JwtPayload }, kid?: string) => Promise<string> {\n return async (jwtIssuer: JwtIssuer, jwt: { header: JwtHeader; payload: JwtPayload }, kid?: string) => {\n if (!(isManagedIdentifierDidOpts(idOpts) || isManagedIdentifierX5cOpts(idOpts))) {\n return Promise.reject(Error(`JWT issuer method ${jwtIssuer.method} not yet supported`))\n }\n const result: JwtCompactResult = await context.agent.jwtCreateJwsCompactSignature({\n // FIXME fix cose-key inference\n // @ts-ignore\n issuer: { identifier: idOpts.identifier, kmsKeyRef: idOpts.kmsKeyRef, noIdentifierInHeader: false },\n // FIXME fix JWK key_ops\n // @ts-ignore\n protectedHeader: jwt.header,\n payload: jwt.payload,\n })\n return result.jwt\n }\n}\n\nfunction getVerifyJwtCallback(\n _opts: {\n resolver?: Resolvable\n verifyOpts?: JWTVerifyOptions & {\n checkLinkedDomain: 'never' | 'if_present' | 'always'\n wellknownDIDVerifyCallback?: VerifyCallback\n }\n },\n context: IRequiredContext,\n): VerifyJwtCallback {\n return async (_jwtVerifier, jwt) => {\n const result = await context.agent.jwtVerifyJwsSignature({ jws: jwt.raw })\n console.log(result.message)\n return !result.error\n }\n}\n\nexport async function createRP({ rpOptions, context }: { rpOptions: IRPOptions; context: IRequiredContext }): Promise<RP> {\n return (await createRPBuilder({ rpOpts: rpOptions, context })).build()\n}\n\nexport function getSigningAlgo(type: TKeyType): SigningAlgo {\n switch (type) {\n case 'Ed25519':\n return SigningAlgo.EDDSA\n case 'Secp256k1':\n return SigningAlgo.ES256K\n case 'Secp256r1':\n return SigningAlgo.ES256\n // @ts-ignore\n case 'RSA':\n return SigningAlgo.RS256\n default:\n throw Error('Key type not yet supported')\n }\n}\n\nexport function prefixClientId(clientId: string): string {\n // FIXME SSISDK-60\n if (clientId.startsWith('did:')) {\n return `${ClientIdentifierPrefix.DECENTRALIZED_IDENTIFIER}:${clientId}`;\n }\n\n return clientId;\n}\n","import { AuthorizationRequest, RP, URI } from '@sphereon/did-auth-siop'\nimport { ICreateAuthRequestArgs, IPEXOptions, IRequiredContext, IRPOptions } from './types/ISIOPv2RP'\nimport { IPresentationDefinition } from '@sphereon/pex'\nimport { createRPBuilder, getRequestVersion, getSigningAlgo } from './functions'\nimport { v4 as uuidv4 } from 'uuid'\nimport { JwtIssuer } from '@sphereon/oid4vc-common'\nimport {\n ensureManagedIdentifierResult,\n isManagedIdentifierDidResult,\n isManagedIdentifierX5cResult,\n} from '@sphereon/ssi-sdk-ext.identifier-resolution'\n\nexport class RPInstance {\n private _rp: RP | undefined\n private readonly _pexOptions: IPEXOptions | undefined\n private readonly _rpOptions: IRPOptions\n\n public constructor({ rpOpts, pexOpts }: { rpOpts: IRPOptions; pexOpts?: IPEXOptions }) {\n this._rpOptions = rpOpts\n this._pexOptions = pexOpts\n }\n\n public async get(context: IRequiredContext): Promise<RP> {\n if (!this._rp) {\n const builder = await createRPBuilder({\n rpOpts: this._rpOptions,\n pexOpts: this._pexOptions,\n context,\n })\n this._rp = builder.build()\n }\n return this._rp!\n }\n\n get rpOptions() {\n return this._rpOptions\n }\n\n get pexOptions() {\n return this._pexOptions\n }\n\n public hasDefinition(): boolean {\n return this.definitionId !== undefined\n }\n\n get definitionId(): string | undefined {\n return this.pexOptions?.definitionId\n }\n\n public async getPresentationDefinition(context: IRequiredContext): Promise<IPresentationDefinition | undefined> {\n return this.definitionId\n ? await context.agent.pexStoreGetDefinition({\n definitionId: this.definitionId,\n tenantId: this.pexOptions?.tenantId,\n })\n : undefined\n }\n\n public async createAuthorizationRequestURI(createArgs: Omit<ICreateAuthRequestArgs, 'definitionId'>, context: IRequiredContext): Promise<URI> {\n const { correlationId, claims, requestByReferenceURI, responseURI, responseURIType } = createArgs\n const nonce = createArgs.nonce ?? uuidv4()\n const state = createArgs.state ?? correlationId\n let jwtIssuer: JwtIssuer\n const idOpts = this.rpOptions.identifierOpts.idOpts\n const resolution = await ensureManagedIdentifierResult(idOpts, context)\n if (isManagedIdentifierDidResult(resolution)) {\n jwtIssuer = { didUrl: resolution.kid, method: 'did', alg: getSigningAlgo(resolution.key.type) }\n } else if (isManagedIdentifierX5cResult(resolution)) {\n if (!resolution.issuer) {\n return Promise.reject('missing issuer in idOpts')\n }\n jwtIssuer = {\n issuer: resolution.issuer,\n x5c: resolution.x5c,\n method: 'x5c',\n alg: getSigningAlgo(resolution.key.type),\n }\n } else {\n return Promise.reject(Error(`JWT issuer method ${resolution.method} not yet supported`))\n }\n\n return await this.get(context).then((rp) =>\n rp.createAuthorizationRequestURI({\n version: getRequestVersion(this.rpOptions),\n correlationId,\n nonce,\n state,\n claims,\n requestByReferenceURI,\n responseURI,\n responseURIType,\n jwtIssuer,\n }),\n )\n }\n\n public async createAuthorizationRequest(\n createArgs: Omit<ICreateAuthRequestArgs, 'definitionId'>,\n context: IRequiredContext,\n ): Promise<AuthorizationRequest> {\n const { correlationId, claims, requestByReferenceURI, responseURI, responseURIType } = createArgs\n const nonce = createArgs.nonce ?? uuidv4()\n const state = createArgs.state ?? correlationId\n const idOpts = this.rpOptions.identifierOpts.idOpts\n const resolution = await ensureManagedIdentifierResult(idOpts, context)\n\n let jwtIssuer: JwtIssuer\n if (isManagedIdentifierX5cResult(resolution) && resolution.issuer) {\n jwtIssuer = {\n method: resolution.method,\n alg: getSigningAlgo(resolution.key.type),\n x5c: resolution.x5c,\n issuer: resolution.issuer,\n }\n } else if (isManagedIdentifierDidResult(resolution)) {\n jwtIssuer = {\n method: resolution.method,\n alg: getSigningAlgo(resolution.key.type),\n didUrl: resolution.did,\n }\n } else {\n return Promise.reject(Error('Only did & x5c supported at present'))\n }\n\n return await this.get(context).then((rp) =>\n rp.createAuthorizationRequest({\n version: getRequestVersion(this.rpOptions),\n correlationId,\n nonce,\n state,\n claims,\n requestByReferenceURI,\n responseURIType,\n responseURI,\n jwtIssuer,\n }),\n )\n }\n}\n","import {\n AuthorizationRequestPayload,\n AuthorizationRequestState,\n AuthorizationResponsePayload,\n AuthorizationResponseState,\n ClaimPayloadCommonOpts,\n ClientMetadataOpts,\n IRPSessionManager,\n PresentationVerificationCallback,\n RequestObjectPayload,\n ResponseMode,\n ResponseURIType,\n SupportedVersion,\n VerifiedAuthorizationResponse,\n VerifyJwtCallback,\n} from '@sphereon/did-auth-siop'\nimport { CheckLinkedDomain } from '@sphereon/did-auth-siop-adapter'\nimport { DIDDocument } from '@sphereon/did-uni-client'\nimport { JwtIssuer } from '@sphereon/oid4vc-common'\nimport { IPresentationDefinition } from '@sphereon/pex'\nimport { IDIDOptions } from '@sphereon/ssi-sdk-ext.did-utils'\nimport { ExternalIdentifierOIDFEntityIdOpts, IIdentifierResolution, ManagedIdentifierOptsOrResult } from '@sphereon/ssi-sdk-ext.identifier-resolution'\nimport { IJwtService } from '@sphereon/ssi-sdk-ext.jwt-service'\nimport { ICredentialValidation, SchemaValidation } from '@sphereon/ssi-sdk.credential-validation'\nimport { ImDLMdoc } from '@sphereon/ssi-sdk.mdl-mdoc'\nimport { IPDManager, VersionControlMode } from '@sphereon/ssi-sdk.pd-manager'\nimport { IPresentationExchange } from '@sphereon/ssi-sdk.presentation-exchange'\nimport { ISDJwtPlugin } from '@sphereon/ssi-sdk.sd-jwt'\nimport { AuthorizationRequestStateStatus } from '@sphereon/ssi-sdk.siopv2-oid4vp-common'\nimport { AdditionalClaims, DcqlQueryPayload, HasherSync } from '@sphereon/ssi-types'\nimport { VerifyCallback } from '@sphereon/wellknown-dids-client'\nimport { IAgentContext, ICredentialIssuer, ICredentialVerifier, IDIDManager, IKeyManager, IPluginMethodMap, IResolver } from '@veramo/core'\n\nimport { Resolvable } from 'did-resolver'\nimport { EventEmitter } from 'events'\n\nexport enum VerifiedDataMode {\n NONE = 'none',\n VERIFIED_PRESENTATION = 'vp',\n CREDENTIAL_SUBJECT_FLATTENED = 'cs-flat',\n}\n\nexport interface ISIOPv2RP extends IPluginMethodMap {\n siopCreateAuthRequestURI(createArgs: ICreateAuthRequestArgs, context: IRequiredContext): Promise<string>\n siopCreateAuthRequestPayloads(createArgs: ICreateAuthRequestArgs, context: IRequiredContext): Promise<IAuthorizationRequestPayloads>\n siopGetAuthRequestState(args: IGetAuthRequestStateArgs, context: IRequiredContext): Promise<AuthorizationRequestState | undefined>\n siopGetAuthResponseState(\n args: IGetAuthResponseStateArgs,\n context: IRequiredContext,\n ): Promise<AuthorizationResponseStateWithVerifiedData | undefined>\n siopUpdateAuthRequestState(args: IUpdateRequestStateArgs, context: IRequiredContext): Promise<AuthorizationRequestState>\n siopDeleteAuthState(args: IDeleteAuthStateArgs, context: IRequiredContext): Promise<boolean>\n siopVerifyAuthResponse(args: IVerifyAuthResponseStateArgs, context: IRequiredContext): Promise<VerifiedAuthorizationResponse>\n siopImportDefinitions(args: ImportDefinitionsArgs, context: IRequiredContext): Promise<void>\n\n siopGetRedirectURI(args: IGetRedirectUriArgs, context: IRequiredContext): Promise<string | undefined>\n}\n\nexport interface ISiopv2RPOpts {\n defaultOpts?: IRPDefaultOpts\n instanceOpts?: IPEXInstanceOptions[]\n}\n\nexport interface IRPDefaultOpts extends IRPOptions {}\n\nexport interface ICreateAuthRequestArgs {\n definitionId: string\n correlationId: string\n responseURIType: ResponseURIType\n responseURI: string\n responseRedirectURI?: string\n jwtIssuer?: JwtIssuer\n requestByReferenceURI?: string\n nonce?: string\n state?: string\n claims?: ClaimPayloadCommonOpts\n}\n\nexport interface IGetAuthRequestStateArgs {\n correlationId: string\n definitionId: string\n errorOnNotFound?: boolean\n}\n\nexport interface IGetAuthResponseStateArgs {\n correlationId: string\n definitionId: string\n errorOnNotFound?: boolean\n progressRequestStateTo?: AuthorizationRequestStateStatus\n includeVerifiedData?: VerifiedDataMode\n}\n\nexport interface IUpdateRequestStateArgs {\n definitionId: string\n correlationId: string\n state: AuthorizationRequestStateStatus\n error?: string\n}\n\nexport interface IDeleteAuthStateArgs {\n correlationId: string\n definitionId: string\n}\n\nexport interface IVerifyAuthResponseStateArgs {\n authorizationResponse: string | AuthorizationResponsePayload\n definitionId?: string\n correlationId: string\n audience?: string\n dcqlQueryPayload?: DcqlQueryPayload\n}\n\nexport interface IDefinitionPair {\n definitionPayload?: IPresentationDefinition\n dcqlPayload?: DcqlQueryPayload\n}\n\nexport interface ImportDefinitionsArgs {\n definitions: Array<IDefinitionPair>\n tenantId?: string\n version?: string\n versionControlMode?: VersionControlMode\n}\n\nexport interface IGetRedirectUriArgs {\n correlationId: string\n definitionId?: string\n state?: string\n}\n\nexport interface IAuthorizationRequestPayloads {\n authorizationRequest: AuthorizationRequestPayload\n requestObject?: string\n requestObjectDecoded?: RequestObjectPayload\n}\n\nexport interface IPEXDefinitionPersistArgs extends IPEXInstanceOptions {\n definition: IPresentationDefinition\n ttl?: number\n}\n\nexport interface ISiopRPInstanceArgs {\n definitionId?: string\n responseRedirectURI?: string\n}\n\nexport interface IPEXInstanceOptions extends IPEXOptions {\n rpOpts?: IRPOptions\n}\n\nexport interface IRPOptions {\n responseMode?: ResponseMode\n supportedVersions?: SupportedVersion[] // The supported version by the RP. The first version will be the default version\n sessionManager?: IRPSessionManager\n clientMetadataOpts?: ClientMetadataOpts\n expiresIn?: number\n eventEmitter?: EventEmitter\n credentialOpts?: CredentialOpts\n verificationPolicies?: VerificationPolicies\n identifierOpts: ISIOPIdentifierOptions\n verifyJwtCallback?: VerifyJwtCallback\n responseRedirectUri?: string\n}\n\nexport interface IPEXOptions {\n presentationVerifyCallback?: PresentationVerificationCallback\n // definition?: IPresentationDefinition\n definitionId: string\n version?: string\n tenantId?: string\n}\n\nexport type VerificationPolicies = {\n schemaValidation: SchemaValidation\n}\n\nexport interface PerDidResolver {\n didMethod: string\n resolver: Resolvable\n}\n\nexport interface IAuthRequestDetails {\n rpDIDDocument?: DIDDocument\n id: string\n alsoKnownAs?: string[]\n}\n\nexport interface ISIOPIdentifierOptions extends Omit<IDIDOptions, 'idOpts'> {\n // we replace the legacy idOpts with the Managed Identifier opts from the identifier resolution module\n idOpts: ManagedIdentifierOptsOrResult\n oidfOpts?: ExternalIdentifierOIDFEntityIdOpts\n checkLinkedDomains?: CheckLinkedDomain\n wellknownDIDVerifyCallback?: VerifyCallback\n}\n\n// todo make the necessary changes for mdl-mdoc types\nexport type CredentialOpts = {\n hasher?: HasherSync\n}\n\nexport interface AuthorizationResponseStateWithVerifiedData extends AuthorizationResponseState {\n verifiedData?: AdditionalClaims\n}\n\nexport type IRequiredContext = IAgentContext<\n IResolver &\n IDIDManager &\n IKeyManager &\n IIdentifierResolution &\n ICredentialIssuer &\n ICredentialValidation &\n ICredentialVerifier &\n IPresentationExchange &\n IPDManager &\n ISDJwtPlugin &\n IJwtService &\n ImDLMdoc\n>\n"],"mappings":";;;;;;;;;;;;;;;;;;;;;AAAA;;;;;;;;;ACAA;AAAA,EACE,6BAA+B;AAAA,IAC7B,YAAc;AAAA,MACZ,SAAW;AAAA,QACT,qBAAuB;AAAA,UACrB,MAAQ;AAAA,UACR,YAAc;AAAA,YACZ,WAAa;AAAA,cACX,MAAQ;AAAA,YACV;AAAA,YACA,sBAAwB;AAAA,UAC1B;AAAA,UACA,UAAY,CAAC,WAAW;AAAA,UACxB,aAAe;AAAA,QACjB;AAAA,QACA,0BAA4B;AAAA,UAC1B,MAAQ;AAAA,UACR,YAAc;AAAA,YACZ,YAAc;AAAA,cACZ,MAAQ;AAAA,cACR,YAAc;AAAA,gBACZ,KAAO;AAAA,kBACL,MAAQ;AAAA,gBACV;AAAA,gBACA,OAAS;AAAA,kBACP,MAAQ;AAAA,gBACV;AAAA,gBACA,UAAY;AAAA,kBACV,MAAQ;AAAA,gBACV;AAAA,gBACA,iBAAmB;AAAA,kBACjB,MAAQ;AAAA,gBACV;AAAA,gBACA,MAAQ;AAAA,kBACN,MAAQ;AAAA,kBACR,OAAS;AAAA,oBACP,MAAQ;AAAA,oBACR,YAAc;AAAA,sBACZ,sBAAwB;AAAA,oBAC1B;AAAA,kBACF;AAAA,gBACF;AAAA,gBACA,UAAY;AAAA,kBACV,MAAQ;AAAA,kBACR,OAAS;AAAA,oBACP,MAAQ;AAAA,oBACR,YAAc;AAAA,sBACZ,sBAAwB;AAAA,oBAC1B;AAAA,kBACF;AAAA,gBACF;AAAA,cACF;AAAA,cACA,sBAAwB;AAAA,cACxB,UAAY,CAAC,OAAO,YAAY,QAAQ,UAAU;AAAA,YACpD;AAAA,YACA,WAAa;AAAA,cACX,MAAQ;AAAA,YACV;AAAA,YACA,WAAa;AAAA,cACX,MAAQ;AAAA,YACV;AAAA,YACA,sBAAwB;AAAA,UAC1B;AAAA,UACA,UAAY,CAAC,YAAY;AAAA,UACzB,aAAe;AAAA,QACjB;AAAA,QACA,wBAA0B;AAAA,UACxB,MAAQ;AAAA,UACR,YAAc;AAAA,YACZ,WAAa;AAAA,cACX,MAAQ;AAAA,YACV;AAAA,YACA,sBAAwB;AAAA,UAC1B;AAAA,UACA,UAAY,CAAC,WAAW;AAAA,UACxB,aAAe;AAAA,QACjB;AAAA,QACA,2BAA6B;AAAA,UAC3B,MAAQ;AAAA,UACR,YAAc;AAAA,YACZ,WAAa;AAAA,cACX,MAAQ;AAAA,YACV;AAAA,YACA,SAAW;AAAA,cACT,MAAQ;AAAA,YACV;AAAA,YACA,aAAe;AAAA,cACb,MAAQ;AAAA,YACV;AAAA,YACA,sBAAwB;AAAA,UAC1B;AAAA,UACA,UAAY,CAAC,aAAa,WAAW,aAAa;AAAA,UAClD,aAAe;AAAA,QACjB;AAAA,QACA,WAAa;AAAA,UACX,MAAQ;AAAA,UACR,YAAc;AAAA,YACZ,QAAU;AAAA,cACR,MAAQ;AAAA,YACV;AAAA,YACA,sBAAwB;AAAA,UAC1B;AAAA,UACA,UAAY,CAAC,QAAQ;AAAA,UACrB,aAAe;AAAA,QACjB;AAAA,QACA,yCAA2C;AAAA,UACzC,MAAQ;AAAA,UACR,YAAc;AAAA,YACZ,WAAa;AAAA,cACX,MAAQ;AAAA,YACV;AAAA,YACA,SAAW;AAAA,cACT,MAAQ;AAAA,YACV;AAAA,YACA,aAAe;AAAA,cACb,MAAQ;AAAA,YACV;AAAA,YACA,sBAAwB;AAAA,UAC1B;AAAA,UACA,UAAY,CAAC,aAAa,WAAW,aAAa;AAAA,UAClD,aAAe;AAAA,QACjB;AAAA,QACA,gCAAkC;AAAA,UAChC,MAAQ;AAAA,UACR,YAAc;AAAA,YACZ,KAAO;AAAA,cACL,MAAQ;AAAA,YACV;AAAA,YACA,gBAAkB;AAAA,cAChB,MAAQ;AAAA,cACR,YAAc;AAAA,gBACZ,sBAAwB;AAAA,cAC1B;AAAA,YACF;AAAA,YACA,cAAgB;AAAA,cACd,MAAQ;AAAA,cACR,YAAc;AAAA,gBACZ,sBAAwB;AAAA,cAC1B;AAAA,YACF;AAAA,YACA,sBAAwB;AAAA,UAC1B;AAAA,UACA,UAAY,CAAC,OAAO,kBAAkB,cAAc;AAAA,UACpD,aAAe;AAAA,QACjB;AAAA,QACA,0CAA4C;AAAA,UAC1C,MAAQ;AAAA,UACR,YAAc;AAAA,YACZ,WAAa;AAAA,cACX,MAAQ;AAAA,YACV;AAAA,YACA,+BAAiC;AAAA,cAC/B,MAAQ;AAAA,cACR,YAAc;AAAA,gBACZ,sBAAwB;AAAA,cAC1B;AAAA,YACF;AAAA,YACA,kBAAoB;AAAA,cAClB,MAAQ;AAAA,cACR,YAAc;AAAA,gBACZ,sBAAwB;AAAA,cAC1B;AAAA,YACF;AAAA,YACA,sBAAwB;AAAA,UAC1B;AAAA,UACA,UAAY,CAAC,aAAa,+BAA+B;AAAA,UACzD,aAAe;AAAA,QACjB;AAAA,QACA,qBAAuB;AAAA,UACrB,MAAQ;AAAA,UACR,YAAc;AAAA,YACZ,IAAM;AAAA,cACJ,MAAQ;AAAA,YACV;AAAA,YACA,aAAe;AAAA,cACb,MAAQ;AAAA,cACR,OAAS;AAAA,gBACP,MAAQ;AAAA,cACV;AAAA,YACF;AAAA,YACA,gBAAkB;AAAA,cAChB,MAAQ;AAAA,cACR,YAAc;AAAA,gBACZ,sBAAwB;AAAA,cAC1B;AAAA,YACF;AAAA,YACA,sBAAwB;AAAA,UAC1B;AAAA,UACA,UAAY,CAAC,MAAM,gBAAgB;AAAA,UACnC,aAAe;AAAA,QACjB;AAAA,QACA,yCAA2C;AAAA,UACzC,MAAQ;AAAA,UACR,YAAc;AAAA,YACZ,WAAa;AAAA,cACX,MAAQ;AAAA,YACV;AAAA,YACA,gCAAkC;AAAA,cAChC,MAAQ;AAAA,cACR,YAAc;AAAA,gBACZ,sBAAwB;AAAA,cAC1B;AAAA,YACF;AAAA,YACA,sBAAwB;AAAA,UAC1B;AAAA,UACA,UAAY,CAAC,aAAa,gCAAgC;AAAA,UAC1D,aAAe;AAAA,QACjB;AAAA,QACA,8BAAgC;AAAA,UAC9B,MAAQ;AAAA,UACR,YAAc;AAAA,YACZ,SAAW;AAAA,cACT,MAAQ;AAAA,cACR,YAAc;AAAA,gBACZ,sBAAwB;AAAA,cAC1B;AAAA,YACF;AAAA,YACA,yBAA2B;AAAA,cACzB,MAAQ;AAAA,cACR,YAAc;AAAA,gBACZ,sBAAwB;AAAA,cAC1B;AAAA,YACF;AAAA,YACA,YAAc;AAAA,cACZ,MAAQ;AAAA,cACR,YAAc;AAAA,gBACZ,sBAAwB;AAAA,cAC1B;AAAA,YACF;AAAA,YACA,sBAAwB;AAAA,UAC1B;AAAA,UACA,UAAY,CAAC,WAAW,YAAY;AAAA,UACpC,aAAe;AAAA,QACjB;AAAA,QACA,qCAAuC;AAAA,UACrC,MAAQ;AAAA,UACR,YAAc;AAAA,YACZ,WAAa;AAAA,cACX,MAAQ;AAAA,YACV;AAAA,YACA,+BAAiC;AAAA,cAC/B,MAAQ;AAAA,cACR,YAAc;AAAA,gBACZ,sBAAwB;AAAA,cAC1B;AAAA,YACF;AAAA,YACA,gCAAkC;AAAA,cAChC,MAAQ;AAAA,cACR,YAAc;AAAA,gBACZ,sBAAwB;AAAA,cAC1B;AAAA,YACF;AAAA,YACA,sBAAwB;AAAA,UAC1B;AAAA,UACA,UAAY,CAAC,aAAa,+BAA+B;AAAA,UACzD,aAAe;AAAA,QACjB;AAAA,MACF;AAAA,MACA,SAAW;AAAA,QACT,mBAAqB;AAAA,UACnB,aAAe;AAAA,UACf,WAAa;AAAA,YACX,MAAQ;AAAA,UACV;AAAA,UACA,YAAc;AAAA,QAChB;AAAA,QACA,wBAA0B;AAAA,UACxB,aAAe;AAAA,UACf,WAAa;AAAA,YACX,MAAQ;AAAA,UACV;AAAA,UACA,YAAc;AAAA,QAChB;AAAA,QACA,sBAAwB;AAAA,UACtB,aAAe;AAAA,UACf,WAAa;AAAA,YACX,MAAQ;AAAA,UACV;AAAA,UACA,YAAc;AAAA,QAChB;AAAA,QACA,sBAAwB;AAAA,UACtB,aAAe;AAAA,UACf,WAAa;AAAA,YACX,MAAQ;AAAA,UACV;AAAA,UACA,YAAc;AAAA,YACZ,MAAQ;AAAA,UACV;AAAA,QACF;AAAA,QACA,oCAAsC;AAAA,UACpC,aAAe;AAAA,UACf,WAAa;AAAA,YACX,MAAQ;AAAA,UACV;AAAA,UACA,YAAc;AAAA,YACZ,MAAQ;AAAA,UACV;AAAA,QACF;AAAA,QACA,qCAAuC;AAAA,UACrC,aAAe;AAAA,UACf,WAAa;AAAA,YACX,MAAQ;AAAA,UACV;AAAA,UACA,YAAc;AAAA,YACZ,MAAQ;AAAA,UACV;AAAA,QACF;AAAA,QACA,oCAAsC;AAAA,UACpC,aAAe;AAAA,UACf,WAAa;AAAA,YACX,MAAQ;AAAA,UACV;AAAA,UACA,YAAc;AAAA,YACZ,MAAQ;AAAA,UACV;AAAA,QACF;AAAA,QACA,gCAAkC;AAAA,UAChC,aAAe;AAAA,UACf,WAAa;AAAA,YACX,MAAQ;AAAA,UACV;AAAA,UACA,YAAc;AAAA,YACZ,MAAQ;AAAA,UACV;AAAA,QACF;AAAA,MACF;AAAA,IACF;AAAA,EACF;AACF;;;ACxUA,IAAAA,wBAOO;AACP,IAAAC,sBAAiC;AACjC,IAAAC,kBAA2C;AAC3C,IAAAC,oBAaO;AAEP,kBAA0B;;;ACzB1B,2BAiBO;AACP,2BAAiF;AAEjF,yBAAqD;AACrD,IAAAC,sBAMO;AAGP,uBAKO;AAKP,oBAA6B;AAG7B,qBAA8B;AAEvB,SAASC,kBAAkBC,WAAqB;AACrD,MAAIC,MAAMC,QAAQF,UAAUG,iBAAiB,KAAKH,UAAUG,kBAAkBC,SAAS,GAAG;AACxF,WAAOJ,UAAUG,kBAAkB,CAAA;EACrC;AACA,SAAOE,sCAAiBC;AAC1B;AALgBP;AAOhB,SAASQ,8BAA8BC,oBAA4CC,SAAyB;AAC1G,SAAOD,mBAAmBE,6BACtBF,mBAAmBE,6BACnB,OAAOC,SAAAA;AACL,UAAMC,SAAS,MAAMH,QAAQI,MAAMC,mBAAmB;MACpDC,YAAYJ,KAAKI;MACjBC,qBAAqB;IACvB,CAAA;AACA,WAAO;MAAEC,UAAUL,OAAOA;IAAO;EACnC;AACN;AAVSL;AAYF,SAASW,oCACdC,QACAV,SAAyB;AAEzB,iBAAeW,iCACbT,MACAU,wBAA+C;AAE/C,QAAIC,kCAAiBC,eAAeZ,IAAAA,GAAO;AACzC,YAAMC,UAAyC,MAAMH,QAAQI,MAAMW,wBAAwB;QACzFC,cAAcd;MAChB,CAAA;AAEA,aAAO;QAAEM,UAAU,CAAC,CAACL,QAAOc;MAAQ;IACtC;AAEA,QAAIJ,kCAAiBK,uBAAuBhB,IAAAA,GAAO;AAEjD,UAAIF,QAAQI,MAAMe,uBAAuBC,QAAW;AAClD,eAAOC,QAAQC,OAAO,gEAAA;MACxB;AACA,UAAIV,2BAA2BQ,UAAaR,2BAA2B,MAAM;AAC3E,cAAMW,eAAe,MAAMvB,QAAQI,MAAMe,mBAAmB;UAC1DK,UAAUtB;UACVuB,yBAAyBb;QAC3B,CAAA;AACA,eAAO;UAAEJ,UAAU,CAACe,aAAaG;QAAM;MACzC;AACA,YAAMC,MAAM,mEAAmE;IACjF;AAEA,UAAMxB,SAAS,MAAMH,QAAQI,MAAMwB,mBAAmB;MACpDZ,cAAcd;MACdK,qBAAqB;MACrBsB,SAAS,MAAM7B,QAAQI,MAAM0B,qBAAqBpB,MAAAA,GAASqB,KAAKC,MAAM,GAAA,EAAK,CAAA;IAC7E,CAAA;AACA,WAAO;MAAExB,UAAUL,OAAOK;IAAS;EACrC;AAjCeG;AAmCf,SAAOA;AACT;AAxCgBF;AA0ChB,eAAsBwB,gBAAgB/B,MAMrC;AACC,QAAM,EAAEgC,QAAQC,SAASnC,QAAO,IAAKE;AACrC,QAAM,EAAEkC,eAAc,IAAKF;AAC3B,MAAIG,aAAkDnC,KAAKmC;AAC3D,MAAIC,YAAmCpC,KAAKqC;AAE5C,MAAI,CAACF,cAAcF,WAAWA,QAAQK,cAAc;AAClD,UAAMC,8BAA8B,MAAMzC,QAAQI,MAAMsC,kBAAkB;MACxEC,QAAQ;QACN;UACEH,cAAcL,QAAQK;UACtBI,SAAST,QAAQS;UACjBC,UAAUV,QAAQU;QACpB;;IAEJ,CAAA;AAEA,QAAIJ,4BAA4B9C,SAAS,GAAG;AAC1C,YAAMmD,6BAA6BL,4BAA4B,CAAA;AAC/D,UAAI,CAACH,aAAaQ,2BAA2BC,aAAa;AACxDT,oBAAYQ,2BAA2BC,YAAYT;MACrD;IACF;EACF;AAEA,QAAMU,aAAaZ,eAAea,uBAAwB,UAAMC,uCAAmBlD,OAAAA;AACnF,QAAMmD,eAAejB,OAAOiB,gBAAgB,IAAIC,2BAAAA;AAEhD,QAAMC,wBAA4C;;;IAGhDC,kCAAkC;MAACC,iCAAYC;MAAOD,iCAAYE;MAAOF,iCAAYG;;IACrFC,wCAAwC;MAACJ,iCAAYC;MAAOD,iCAAYE;MAAOF,iCAAYG;;IAC3FE,wBAAwB;MAACC,kCAAaC;;IACtCC,aAAa;IACbC,oBAAoB;MAClBC,QAAQ;QAAEC,KAAK;UAAC;UAAS;;MAAU;MACnCC,QAAQ;QAAED,KAAK;UAAC;UAAU;;MAAS;IACrC;IACAE,iBAAiB;MAACC,2BAAMC;;IACxBC,uBAAuB;MAACC,iCAAYC;;IACpCC,gCAAgC1B,WAAW2B,IAAI,CAACC,WAAW,OAAOA,MAAAA,EAAQ;IAC1EC,QAAQC,4BAAOC;EACjB;AAEA,QAAMC,WACJ9C,OAAOE,eAAe6C,aAAaD,gBACnCE,qCAAiBlF,SAAS;IACxBmF,oBAAoB;IACpBC,iBAAiB;IACjBC,uBAAuBnD,OAAOE,eAAe6C,aAAaK,gCAAgC;EAC5F,CAAA;AAEF,MAAIC,SAAiCrD,OAAOsD,gBAAgBD;AAC5D,MAAI,CAACrD,OAAOsD,gBAAgBD,UAAU,OAAOrD,OAAOsD,gBAAgBD,WAAW,YAAY;AACzFA,aAASE;EACX;AAEA,QAAMC,UAAUC,wBAAGD,QAAQ;IAAEE,gBAAgBtG,kBAAkB4C,MAAAA;EAAQ,CAAA,EACpE2D,UAAU,UAAUC,oCAAeC,cAAc,EACjDC,iBAAiB9D,OAAO+D,gBAAgBC,kCAAaC,IAAI,EACzDC,iBAAiBvC,kCAAawC,UAAUP,oCAAeC,cAAc,EAErEO,sBACCpE,OAAOxC,qBAAqB;IAACE,sCAAiBC;IAAgCD,sCAAiB2G;IAAY3G,sCAAiB4G;GAAW,EAGxIC,iBAAiBtD,YAAAA,EACjBuD,mBAAmBxE,OAAOyE,kBAAkB,IAAIC,8CAAyBzD,YAAAA,CAAAA,EACzE0D,mBAAmB3E,OAAO4E,sBAAsBzD,uBAAuByC,oCAAeC,cAAc,EACpGgB,sBACC7E,OAAO8E,oBACH9E,OAAO8E,oBACPC,qBACE;IACEjC;IACAkC,YAAY;MACVjH,4BAA4BH,8BAA8BoC,OAAOE,gBAAgBpC,OAAAA;MACjFmH,mBAAmB;IACrB;EACF,GACAnH,OAAAA,CAAAA,EAGPoH,2BAA2BC,4CAAuBC,KAAK,EACvDC,6BAA6B9G,oCAAoC2B,eAAe1B,QAAQV,OAAAA,CAAAA;AAE3F,QAAMwH,WAAWpF,eAAeoF;AAChC,MAAIA,gBAAYC,0DAAqCD,QAAAA,GAAW;AAC9D9B,YAAQgC,aAAaF,SAASG,YAAY7B,oCAAeC,cAAc;EACzE,OAAO;AACL,UAAM6B,aAAa,MAAM5H,QAAQI,MAAM0B,qBAAqBM,eAAe1B,MAAM;AACjF,UAAMmH,WAAW3F,OAAO4E,oBAAoBgB,aAAaF,WAAWG,eAAWC,kDAA6BJ,UAAAA,IAAcA,WAAWK,MAAML,WAAWM;AACtJxC,YAAQyC,aAAaC,eAAeP,QAAAA,GAAW/B,oCAAeC,cAAc;EAC9E;AAEA,MAAIR,QAAQ;AACVG,YAAQ2C,WAAW9C,MAAAA;EACrB;AASA,MAAIjD,WAAW;AACboD,YAAQ4C,cAAchG,SAAAA;EACxB;AAEA,MAAIJ,OAAOqG,qBAAqB;AAC9B7C,YAAQ8C,wBAAwBtG,OAAOqG,mBAAmB;EAC5D;AAgBA,QAAME,oBAAoBC,aAAaxG,OAAOE,eAAe1B,QAAQV,OAAAA;AACrE0F,UAAQiD,sBAAsBF,iBAAAA;AAC9B,SAAO/C;AACT;AA1IsBzD;AA4If,SAASyG,aACdhI,QACAV,SAAyB;AAEzB,SAAO,OAAO4I,WAAsBC,KAAiD9G,QAAAA;AACnF,QAAI,MAAE+G,gDAA2BpI,MAAAA,SAAWqI,gDAA2BrI,MAAAA,IAAU;AAC/E,aAAOW,QAAQC,OAAOK,MAAM,qBAAqBiH,UAAUhE,MAAM,oBAAoB,CAAA;IACvF;AACA,UAAMzE,SAA2B,MAAMH,QAAQI,MAAM4I,6BAA6B;;;MAGhFjB,QAAQ;QAAEJ,YAAYjH,OAAOiH;QAAYsB,WAAWvI,OAAOuI;QAAWC,sBAAsB;MAAM;;;MAGlGC,iBAAiBN,IAAIO;MACrBnI,SAAS4H,IAAI5H;IACf,CAAA;AACA,WAAOd,OAAO0I;EAChB;AACF;AAnBgBH;AAqBhB,SAASzB,qBACPoC,OAOArJ,SAAyB;AAEzB,SAAO,OAAOsJ,cAAcT,QAAAA;AAC1B,UAAM1I,SAAS,MAAMH,QAAQI,MAAMmJ,sBAAsB;MAAEC,KAAKX,IAAIY;IAAI,CAAA;AACxEC,YAAQC,IAAIxJ,OAAOyJ,OAAO;AAC1B,WAAO,CAACzJ,OAAOuB;EACjB;AACF;AAfSuF;AAqBF,SAAS4C,eAAeC,MAAc;AAC3C,UAAQA,MAAAA;IACN,KAAK;AACH,aAAOC,iCAAYC;IACrB,KAAK;AACH,aAAOD,iCAAYE;IACrB,KAAK;AACH,aAAOF,iCAAYG;;IAErB,KAAK;AACH,aAAOH,iCAAYI;IACrB;AACE,YAAMC,MAAM,4BAAA;EAChB;AACF;AAdgBP;AAgBT,SAASQ,eAAeC,UAAgB;AAE7C,MAAIA,SAASC,WAAW,MAAA,GAAS;AAC/B,WAAO,GAAGC,4CAAuBC,wBAAwB,IAAIH,QAAAA;EAC/D;AAEA,SAAOA;AACT;AAPgBD;;;AC5ShB,kBAA6B;AAE7B,IAAAK,sBAIO;AAEA,IAAMC,aAAN,MAAMA;EATb,OASaA;;;EACHC;EACSC;EACAC;EAEjB,YAAmB,EAAEC,QAAQC,QAAO,GAAmD;AACrF,SAAKF,aAAaC;AAClB,SAAKF,cAAcG;EACrB;EAEA,MAAaC,IAAIC,SAAwC;AACvD,QAAI,CAAC,KAAKN,KAAK;AACb,YAAMO,UAAU,MAAMC,gBAAgB;QACpCL,QAAQ,KAAKD;QACbE,SAAS,KAAKH;QACdK;MACF,CAAA;AACA,WAAKN,MAAMO,QAAQE,MAAK;IAC1B;AACA,WAAO,KAAKT;EACd;EAEA,IAAIU,YAAY;AACd,WAAO,KAAKR;EACd;EAEA,IAAIS,aAAa;AACf,WAAO,KAAKV;EACd;EAEOW,gBAAyB;AAC9B,WAAO,KAAKC,iBAAiBC;EAC/B;EAEA,IAAID,eAAmC;AACrC,WAAO,KAAKF,YAAYE;EAC1B;EAEA,MAAaE,0BAA0BT,SAAyE;AAC9G,WAAO,KAAKO,eACR,MAAMP,QAAQU,MAAMC,sBAAsB;MACxCJ,cAAc,KAAKA;MACnBK,UAAU,KAAKP,YAAYO;IAC7B,CAAA,IACAJ;EACN;EAEA,MAAaK,8BAA8BC,YAA0Dd,SAAyC;AAC5I,UAAM,EAAEe,eAAeC,QAAQC,uBAAuBC,aAAaC,gBAAe,IAAKL;AACvF,UAAMM,QAAQN,WAAWM,aAASC,YAAAA,IAAAA;AAClC,UAAMC,QAAQR,WAAWQ,SAASP;AAClC,QAAIQ;AACJ,UAAMC,SAAS,KAAKpB,UAAUqB,eAAeD;AAC7C,UAAME,aAAa,UAAMC,mDAA8BH,QAAQxB,OAAAA;AAC/D,YAAI4B,kDAA6BF,UAAAA,GAAa;AAC5CH,kBAAY;QAAEM,QAAQH,WAAWI;QAAKC,QAAQ;QAAOC,KAAKC,eAAeP,WAAWQ,IAAIC,IAAI;MAAE;IAChG,eAAWC,kDAA6BV,UAAAA,GAAa;AACnD,UAAI,CAACA,WAAWW,QAAQ;AACtB,eAAOC,QAAQC,OAAO,0BAAA;MACxB;AACAhB,kBAAY;QACVc,QAAQX,WAAWW;QACnBG,KAAKd,WAAWc;QAChBT,QAAQ;QACRC,KAAKC,eAAeP,WAAWQ,IAAIC,IAAI;MACzC;IACF,OAAO;AACL,aAAOG,QAAQC,OAAOE,MAAM,qBAAqBf,WAAWK,MAAM,oBAAoB,CAAA;IACxF;AAEA,WAAO,MAAM,KAAKhC,IAAIC,OAAAA,EAAS0C,KAAK,CAACC,OACnCA,GAAG9B,8BAA8B;MAC/B+B,SAASC,kBAAkB,KAAKzC,SAAS;MACzCW;MACAK;MACAE;MACAN;MACAC;MACAC;MACAC;MACAI;IACF,CAAA,CAAA;EAEJ;EAEA,MAAauB,2BACXhC,YACAd,SAC+B;AAC/B,UAAM,EAAEe,eAAeC,QAAQC,uBAAuBC,aAAaC,gBAAe,IAAKL;AACvF,UAAMM,QAAQN,WAAWM,aAASC,YAAAA,IAAAA;AAClC,UAAMC,QAAQR,WAAWQ,SAASP;AAClC,UAAMS,SAAS,KAAKpB,UAAUqB,eAAeD;AAC7C,UAAME,aAAa,UAAMC,mDAA8BH,QAAQxB,OAAAA;AAE/D,QAAIuB;AACJ,YAAIa,kDAA6BV,UAAAA,KAAeA,WAAWW,QAAQ;AACjEd,kBAAY;QACVQ,QAAQL,WAAWK;QACnBC,KAAKC,eAAeP,WAAWQ,IAAIC,IAAI;QACvCK,KAAKd,WAAWc;QAChBH,QAAQX,WAAWW;MACrB;IACF,eAAWT,kDAA6BF,UAAAA,GAAa;AACnDH,kBAAY;QACVQ,QAAQL,WAAWK;QACnBC,KAAKC,eAAeP,WAAWQ,IAAIC,IAAI;QACvCN,QAAQH,WAAWqB;MACrB;IACF,OAAO;AACL,aAAOT,QAAQC,OAAOE,MAAM,qCAAA,CAAA;IAC9B;AAEA,WAAO,MAAM,KAAK1C,IAAIC,OAAAA,EAAS0C,KAAK,CAACC,OACnCA,GAAGG,2BAA2B;MAC5BF,SAASC,kBAAkB,KAAKzC,SAAS;MACzCW;MACAK;MACAE;MACAN;MACAC;MACAE;MACAD;MACAK;IACF,CAAA,CAAA;EAEJ;AACF;;;AF3FO,IAAMyB,WAAN,MAAMA,UAAAA;EAhDb,OAgDaA;;;EACMC;EACjB,OAAwBC,oBAAoB;EAC3BC,YAAqC,oBAAIC,IAAAA;EACjDC,SAASA,sBAAOC;EAEhBC,UAAqB;IAC5BC,0BAA0B,KAAKC,8BAA8BC,KAAK,IAAI;IACtEC,+BAA+B,KAAKC,mCAAmCF,KAAK,IAAI;IAChFG,yBAAyB,KAAKC,oBAAoBJ,KAAK,IAAI;IAC3DK,0BAA0B,KAAKC,qBAAqBN,KAAK,IAAI;IAC7DO,4BAA4B,KAAKC,uBAAuBR,KAAK,IAAI;IACjES,qBAAqB,KAAKC,gBAAgBV,KAAK,IAAI;IACnDW,wBAAwB,KAAKA,uBAAuBX,KAAK,IAAI;IAC7DY,uBAAuB,KAAKA,sBAAsBZ,KAAK,IAAI;IAC3Da,oBAAoB,KAAKA,mBAAmBb,KAAK,IAAI;EACvD;EAEA,YAAYT,MAAqB;AAC/B,SAAKA,OAAOA;EACd;EAEOuB,eAAeC,eAA+BC,SAA2B;AAE9E,SAAKzB,KAAK0B,cAAcF;AAExB,QACE,CAAC,KAAKxB,KAAK0B,YAAYC,eAAeC,aAAaC,YACnD,OAAO,KAAK7B,KAAK0B,YAAYC,eAAeC,YAAYC,SAASC,YAAY,YAC7E;AACA,WAAK9B,KAAK0B,YAAYC,eAAeC,cAAc;QACjD,GAAG,KAAK5B,KAAK0B,YAAYC,eAAeC;QACxCC,cAAUE,sCAAiBN,SAAS;UAAEO,uBAAuB;UAAMC,oBAAoB;UAAMC,iBAAiB;QAAK,CAAA;MACrH;IACF;EACF;EAEA,MAAc1B,8BAA8B2B,YAAoCV,SAA4C;AAC1H,WAAO,MAAM,KAAKW,cAAc;MAAEC,cAAcF,WAAWE;MAAcC,qBAAqBH,WAAWG;IAAoB,GAAGb,OAAAA,EAC7Hc,KAAK,CAACC,OAAOA,GAAGhC,8BAA8B2B,YAAYV,OAAAA,CAAAA,EAC1Dc,KAAK,CAACE,QAAQA,IAAIC,UAAU;EACjC;EAEA,MAAc/B,mCACZwB,YACAV,SACwC;AACxC,WAAO,MAAM,KAAKW,cAAc;MAAEC,cAAcF,WAAWE;IAAa,GAAGZ,OAAAA,EACxEc,KAAK,CAACC,OAAOA,GAAGG,2BAA2BR,YAAYV,OAAAA,CAAAA,EACvDc,KAAK,OAAOK,YAAAA;AACX,YAAMC,cAA6C;QACjDC,sBAAsBF,QAAQG;QAC9BC,eAAe,MAAMJ,QAAQK,iBAAgB;QAC7CC,sBAAsBN,QAAQI,eAAeG,WAAAA;MAC/C;AACA,aAAON;IACT,CAAA;EACJ;EAEA,MAAchC,oBAAoBuC,MAAgC3B,SAA2E;AAC3I,WAAO,MAAM,KAAKW,cAAc;MAAEC,cAAce,KAAKf;IAAa,GAAGZ,OAAAA,EAASc,KAAK,CAACC,OAClFA,GAAGa,IAAI5B,OAAAA,EAASc,KAAK,CAACC,QAAOA,IAAGc,eAAeC,+BAA+BH,KAAKI,eAAeJ,KAAKK,eAAe,CAAA,CAAA;EAE1H;EAEA,MAAc1C,qBACZqC,MACA3B,SACiE;AACjE,UAAMiC,aAAyB,MAAM,KAAKtB,cAAc;MAAEC,cAAce,KAAKf;IAAa,GAAGZ,OAAAA;AAC7F,UAAMkC,6BAAqE,MAAMD,WAC9EL,IAAI5B,OAAAA,EACJc,KAAK,CAACC,OAAOA,GAAGc,eAAeM,gCAAgCR,KAAKI,eAAeJ,KAAKK,eAAe,CAAA;AAC1G,QAAIE,+BAA+BE,QAAW;AAC5C,aAAOA;IACT;AAEA,UAAMC,gBAAgBH;AACtB,QACEG,cAAcC,WAAWC,uDAAiCC,YAC1Db,KAAKc,uBACLd,KAAKc,wBAAwBC,iBAAiBC,MAC9C;AACA,UAAIC;AACJ,UACEC,mCAAiBC,eAAeT,cAAcU,SAASzB,QAAQ0B,QAAQ,MACtE,CAACf,WAAWgB,UAAUC,gBAAgBN,UAAU,OAAOX,WAAWgB,UAAUC,gBAAgBN,WAAW,aACxG;AACAA,iBAASO,gBAAAA;MACX;AAEA,YAAMC,sBAAsBP,mCAAiBQ;QAC3ChB,cAAcU,SAASzB,QAAQ0B;;QAE/BJ;MAAAA;AAEF,cAAQjB,KAAKc,qBAAmB;QAC9B,KAAKC,iBAAiBY;AACpBjB,wBAAcU,SAASzB,QAAQiC,eAAe,KAAKC,yBAAyBJ,mBAAAA;AAC5E;QACF,KAAKV,iBAAiBe;AACpB,gBAAMC,YAA8B,CAAC;AACrC,qBAAWC,cAAc,KAAKH,yBAAyBJ,mBAAAA,EAAqBQ,wBAAwB,CAAA,GAAI;AACtG,kBAAMC,KAAKF;AACX,kBAAMG,yBAAyB,MAAM9D,QAAQ+D,MAAMC,eAAe;cAChEL;cACAf;cACAqB,kBAAkBhC,WAAWgB,UAAUiB,sBAAsBC;YAC/D,CAAA;AACA,gBAAI,CAACL,uBAAuBM,QAAQ;AAClC/B,4BAAcC,SAASC,uDAAiC8B;AACxDhC,4BAAciC,QAAQ,IAAIC,MAAMT,uBAAuBQ,KAAK;AAC5D,qBAAOjC;YACT;AAEA,kBAAMmC,oBAAoBX,GAAGW;AAC7B,gBAAI,EAAE,QAAQd,YAAY;AACxBA,wBAAU,IAAA,IAAQc,kBAAkBC;YACtC;AAEAC,mBAAOC,QAAQH,iBAAAA,EAAmBI,QAAQ,CAAC,CAACC,KAAKC,KAAAA,MAAM;AACrD,kBAAI,EAAED,OAAOnB,YAAY;AACvBA,0BAAUmB,GAAAA,IAAOC;cACnB;YACF,CAAA;UACF;AACAzC,wBAAckB,eAAeG;AAC7B;MACJ;IACF;AACA,WAAOrB;EACT;EAEQmB,2BAA2B,wBACjCJ,wBAOAP,mCAAiBkC,yBAAyB3B,mBAAAA,IACtCA,oBAAoB4B,iBACpBnC,mCAAiBoC,sBAAsB7B,mBAAAA,GAVV;EAYnC,MAAc5D,uBAAuBmC,MAA+B3B,SAA+D;AACjI,QAAI2B,KAAKuD,UAAU,QAAQ;AACzB,YAAMX,MAAM,+DAA+D;IAC7E;AACA,WAAO,MAAM,KAAK5D,cAAc;MAAEC,cAAce,KAAKf;IAAa,GAAGZ,OAAAA,EAElEc,KAAK,CAACC,OACLA,GAAGa,IAAI5B,OAAAA,EAASc,KAAK,OAAOC,QAAAA;AAC1B,YAAMA,IAAGoE,2BAA2B;QAClCpD,eAAeJ,KAAKI;QACpBuC,OAAO3C,KAAK2C,QAAQ,IAAIC,MAAM5C,KAAK2C,KAAK,IAAIlC;MAC9C,CAAA;AACA,aAAQ,MAAMrB,IAAGc,eAAeC,+BAA+BH,KAAKI,eAAe,IAAA;IACrF,CAAA,CAAA;EAEN;EAEA,MAAcrC,gBAAgBiC,MAAiC3B,SAA6C;AAC1G,WAAO,MAAM,KAAKW,cAAc;MAAEC,cAAce,KAAKf;IAAa,GAAGZ,OAAAA,EAClEc,KAAK,CAACC,OAAOA,GAAGa,IAAI5B,OAAAA,EAASc,KAAK,CAACC,QAAOA,IAAGc,eAAeuD,4BAA4BzD,KAAKI,aAAa,CAAA,CAAA,EAC1GjB,KAAK,MAAM,IAAA;EAChB;EAEA,MAAcnB,uBAAuBgC,MAAoC3B,SAAmE;AAC1I,QAAI,CAAC2B,KAAK0D,uBAAuB;AAC/B,YAAMd,MAAM,2CAAA;IACd;AACA,UAAMe,eACJ,OAAO3D,KAAK0D,0BAA0B,eACjCE,uCAAgB5D,KAAK0D,qBAAqB,IAC3C1D,KAAK0D;AACX,WAAO,MAAM,KAAK1E,cAAc;MAAEC,cAAce,KAAKf;IAAa,GAAGZ,OAAAA,EAASc,KAAK,CAACC,OAClFA,GAAGa,IAAI5B,OAAAA,EAASc,KAAK,CAACC,QACpBA,IAAGyE,4BAA4BF,cAAc;MAC3CvD,eAAeJ,KAAKI;MACpB,GAAIJ,KAAK8D,mBAAmB;QAAEC,WAAW/D,KAAK8D,iBAAiBC;MAAU,IAAI,CAAC;MAC9EC,UAAUhE,KAAKgE;IACjB,CAAA,CAAA,CAAA;EAGN;EAEA,MAAc/F,sBAAsB+B,MAA6B3B,SAA0C;AACzG,UAAM,EAAE4F,aAAaC,UAAUC,SAASC,mBAAkB,IAAKpE;AAC/D,UAAMqE,QAAQC,IACZL,YAAYM,IAAI,OAAOC,mBAAAA;AACrB,YAAMC,oBAAoBD,eAAeC;AACzC,UAAI,CAACA,qBAAqB,CAACD,eAAeE,aAAa;AACrD,eAAOL,QAAQM,OAAO/B,MAAM,2DAAA,CAAA;MAC9B;AAEA,UAAI3D;AACJ,UAAIuF,eAAeE,aAAa;AAC9BE,8BAAUC,SAASL,eAAeE,YAAYX,SAAS;AACvDe,gBAAQC,IAAI,8BAA8BP,eAAeE,YAAYM,OAAO,4BAA4BZ,kBAAAA,EAAoB;AAC5HnF,uBAAeuF,eAAeE,YAAYM;MAC5C;AACA,UAAIP,mBAAmB;AACrB,cAAMpG,QAAQ+D,MAAM6C,sBAAsB;UAAEC,YAAYT;QAAkB,CAAA;AAC1EK,gBAAQC,IAAI,6BAA6BN,kBAAkB3B,EAAE,MAAM2B,kBAAkBU,IAAI,4BAA4Bf,kBAAAA,EAAoB;AACzInF,uBAAewF,kBAAkB3B;MACnC;AAEA,aAAOzE,QAAQ+D,MAAMgD,qBAAqB;QACxCC,gBAAgB;UACdpG;UACAiF;UACAC;UACAM;UACAC,aAAaF,eAAeE;QAC9B;QACA9H,MAAM;UAAEwH;QAAuC;MACjD,CAAA;IACF,CAAA,CAAA;EAEJ;EAEA,MAAclG,mBAAmB8B,MAA2B3B,SAAwD;AAClH,UAAMiH,aAAatF,KAAKf,gBAAgBtC,UAASE;AACjD,QAAI,KAAKC,UAAUyI,IAAID,UAAAA,GAAa;AAClC,YAAMhF,aAAa,KAAKxD,UAAUmD,IAAIqF,UAAAA;AACtC,UAAIhF,eAAeG,QAAW;AAC5B,cAAMrB,KAAK,MAAMkB,WAAWL,IAAI5B,OAAAA;AAChC,eAAOe,GAAGoG,uBAAuB;UAC/BC,gBAAgBzF,KAAKI;UACrBA,eAAeJ,KAAKI;UACpB,GAAIJ,KAAKuD,SAAS;YAAEA,OAAOvD,KAAKuD;UAAM;QACxC,CAAA;MACF;IACF;AACA,WAAO9C;EACT;EAEA,MAAMzB,cAAc,EAAEC,cAAcC,oBAAmB,GAAyBb,SAAgD;AAC9H,UAAMiH,aAAarG,gBAAgBtC,UAASE;AAC5C,QAAI,CAAC,KAAKC,UAAUyI,IAAID,UAAAA,GAAa;AACnC,YAAMI,eAAe,KAAKC,gBAAgB1G,YAAAA;AAC1C,YAAM2G,SAAS,MAAM,KAAKC,aAAaxH,SAAS;QAAEY;QAAcC;MAAyC,CAAA;AACzG,UAAI,CAAC0G,OAAOrH,eAAeC,aAAaC,YAAY,OAAOmH,OAAOrH,eAAeC,YAAYC,SAASC,YAAY,YAAY;AAC5H,YAAI,CAACkH,OAAOrH,gBAAgBC,aAAa;AACvCoH,iBAAOrH,iBAAiB;YAAE,GAAGqH,OAAOrH;UAAe;AACnDqH,iBAAOrH,eAAeC,cAAc;YAAE,GAAGoH,OAAOrH,eAAeC;UAAY;QAC7E;AACAsG,gBAAQC,IAAI,iEAAiE9F,YAAAA;AAC7E2G,eAAOrH,eAAeC,YAAYC,eAAWE,sCAAiBN,SAAS;UACrEO,uBAAuB;UACvBE,iBAAiB;UACjBD,oBAAoB;QACtB,CAAA;MACF;AACA,WAAK/B,UAAUgJ,IAAIR,YAAY,IAAIS,WAAW;QAAEH;QAAQI,SAASN;MAAa,CAAA,CAAA;IAChF;AACA,UAAMpF,aAAa,KAAKxD,UAAUmD,IAAIqF,UAAAA;AACtC,QAAIpG,qBAAqB;AACvBoB,iBAAWgB,UAAU2E,sBAAsB/G;IAC7C;AACA,WAAOoB;EACT;EAEA,MAAMuF,aAAaxH,SAA2BzB,MAAoF;AAChI,UAAM,EAAEqC,cAAcC,oBAAwC,IAAKtC;AACnE,UAAMsJ,UAAU,KAAKP,gBAAgB1G,YAAAA,GAAe2G,UAAU,KAAKhJ,KAAK0B;AACxE,QAAI,CAAC4H,SAAS;AACZ,YAAMtD,MAAM,6DAA6D3D,YAAAA,EAAc;IACzF;AACA,QAAI,KAAKrC,KAAK0B,aAAa;AACzB,UAAI,CAAC4H,QAAQ3H,gBAAgB;AAC3B2H,gBAAQ3H,iBAAiB,KAAK3B,KAAK0B,aAAaC;MAClD,OAAO;AACL,YAAI,CAAC2H,QAAQ3H,eAAe4H,QAAQ;AAClCD,kBAAQ3H,eAAe4H,SAAS,KAAKvJ,KAAK0B,YAAYC,eAAe4H;QACvE;AACA,YAAI,CAACD,QAAQ3H,eAAe6H,qBAAqB;AAC/CF,kBAAQ3H,eAAe6H,sBAAsB,KAAKxJ,KAAK0B,YAAYC,eAAe6H;QACpF;AACA,YAAI,CAACF,QAAQG,mBAAmB;AAC9BH,kBAAQG,oBAAoB,KAAKzJ,KAAK0B,YAAY+H;QACpD;MACF;AACA,UAAI,CAACH,QAAQ3H,eAAeC,eAAe,OAAO0H,QAAQ3H,eAAeC,YAAYC,UAAUC,YAAY,YAAY;AACrHwH,gBAAQ3H,eAAeC,cAAc;UACnC,GAAG,KAAK5B,KAAK0B,YAAYC,eAAeC;UACxCC,UACE,KAAK7B,KAAK0B,YAAYC,gBAAgBC,aAAaC,gBACnDE,sCAAiBN,SAAS;YAAES,iBAAiB;YAAMD,oBAAoB;YAAMD,uBAAuB;UAAK,CAAA;QAC7G;MACF;IACF;AACA,QAAIM,wBAAwBuB,UAAavB,wBAAwBgH,QAAQD,qBAAqB;AAC5FC,cAAQD,sBAAsB/G;IAChC;AACA,WAAOgH;EACT;EAEAP,gBAAgB1G,cAAwD;AACtE,QAAI,CAAC,KAAKrC,KAAK8I,aAAc,QAAOjF;AAEpC,UAAM6F,cAAcrH,eAAe,KAAKrC,KAAK8I,aAAaa,KAAK,CAACC,MAAMA,EAAEvH,iBAAiBA,YAAAA,IAAgBwB;AAEzG,WAAO6F,eAAe,KAAKG,kBAAkBxH,YAAAA;EAC/C;EAEQwH,kBAAkBxH,cAAkC;AAC1D,QAAI,CAAC,KAAKrC,KAAK8I,aAAc,QAAOjF;AAEpC,UAAMiG,iBAAiB,KAAK9J,KAAK8I,aAAaa,KAAK,CAACC,MAAMA,EAAEvH,iBAAiB,SAAA;AAC7E,QAAIyH,gBAAgB;AAClB,YAAMC,gBAAgB;QAAE,GAAGD;MAAe;AAC1C,UAAIzH,iBAAiBwB,QAAW;AAC9BkG,sBAAc1H,eAAeA;MAC/B;AACA,aAAO0H;IACT;AAEA,WAAOlG;EACT;AACF;;;AG7UO,IAAKmG,mBAAAA,0BAAAA,mBAAAA;;;;SAAAA;;","names":["import_did_auth_siop","import_ssi_sdk_ext","import_ssi_sdk","import_ssi_types","import_ssi_sdk_ext","getRequestVersion","rpOptions","Array","isArray","supportedVersions","length","SupportedVersion","JWT_VC_PRESENTATION_PROFILE_v1","getWellKnownDIDVerifyCallback","siopIdentifierOpts","context","wellknownDIDVerifyCallback","args","result","agent","cvVerifyCredential","credential","fetchRemoteContexts","verified","getPresentationVerificationCallback","idOpts","presentationVerificationCallback","presentationSubmission","CredentialMapper","isSdJwtEncoded","verifySdJwtPresentation","presentation","payload","isMsoMdocOid4VPEncoded","mdocOid4vpRPVerify","undefined","Promise","reject","verifyResult","vp_token","presentation_submission","error","Error","verifyPresentation","domain","identifierManagedGet","kid","split","createRPBuilder","rpOpts","pexOpts","identifierOpts","definition","dcqlQuery","dcql","definitionId","presentationDefinitionItems","pdmGetDefinitions","filter","version","tenantId","presentationDefinitionItem","dcqlPayload","didMethods","supportedDIDMethods","getAgentDIDMethods","eventEmitter","EventEmitter","defaultClientMetadata","idTokenSigningAlgValuesSupported","SigningAlgo","EDDSA","ES256","ES256K","requestObjectSigningAlgValuesSupported","responseTypesSupported","ResponseType","ID_TOKEN","client_name","vpFormatsSupported","jwt_vc","alg","jwt_vp","scopesSupported","Scope","OPENID_DIDAUTHN","subjectTypesSupported","SubjectType","PAIRWISE","subject_syntax_types_supported","map","method","passBy","PassBy","VALUE","resolver","resolveOpts","getAgentResolver","resolverResolution","localResolution","uniresolverResolution","noUniversalResolverFallback","hasher","credentialOpts","defaultHasher","builder","RP","requestVersion","withScope","PropertyTarget","REQUEST_OBJECT","withResponseMode","responseMode","ResponseMode","POST","withResponseType","VP_TOKEN","withSupportedVersions","SIOPv2_ID1","SIOPv2_D11","withEventEmitter","withSessionManager","sessionManager","InMemoryRPSessionManager","withClientMetadata","clientMetadataOpts","withVerifyJwtCallback","verifyJwtCallback","getVerifyJwtCallback","verifyOpts","checkLinkedDomain","withRevocationVerification","RevocationVerification","NEVER","withPresentationVerification","oidfOpts","isExternalIdentifierOIDFEntityIdOpts","withEntityId","identifier","resolution","clientId","client_id","issuer","isManagedIdentifierDidResult","did","jwkThumbprint","withClientId","prefixClientId","withHasher","withDcqlQuery","responseRedirectUri","withResponseRedirectUri","createJwtCallback","signCallback","withCreateJwtCallback","jwtIssuer","jwt","isManagedIdentifierDidOpts","isManagedIdentifierX5cOpts","jwtCreateJwsCompactSignature","kmsKeyRef","noIdentifierInHeader","protectedHeader","header","_opts","_jwtVerifier","jwtVerifyJwsSignature","jws","raw","console","log","message","getSigningAlgo","type","SigningAlgo","EDDSA","ES256K","ES256","RS256","Error","prefixClientId","clientId","startsWith","ClientIdentifierPrefix","DECENTRALIZED_IDENTIFIER","import_ssi_sdk_ext","RPInstance","_rp","_pexOptions","_rpOptions","rpOpts","pexOpts","get","context","builder","createRPBuilder","build","rpOptions","pexOptions","hasDefinition","definitionId","undefined","getPresentationDefinition","agent","pexStoreGetDefinition","tenantId","createAuthorizationRequestURI","createArgs","correlationId","claims","requestByReferenceURI","responseURI","responseURIType","nonce","uuidv4","state","jwtIssuer","idOpts","identifierOpts","resolution","ensureManagedIdentifierResult","isManagedIdentifierDidResult","didUrl","kid","method","alg","getSigningAlgo","key","type","isManagedIdentifierX5cResult","issuer","Promise","reject","x5c","Error","then","rp","version","getRequestVersion","createAuthorizationRequest","did","SIOPv2RP","opts","_DEFAULT_OPTS_KEY","instances","Map","schema","IDidAuthSiopOpAuthenticator","methods","siopCreateAuthRequestURI","createAuthorizationRequestURI","bind","siopCreateAuthRequestPayloads","createAuthorizationRequestPayloads","siopGetAuthRequestState","siopGetRequestState","siopGetAuthResponseState","siopGetResponseState","siopUpdateAuthRequestState","siopUpdateRequestState","siopDeleteAuthState","siopDeleteState","siopVerifyAuthResponse","siopImportDefinitions","siopGetRedirectURI","setDefaultOpts","rpDefaultOpts","context","defaultOpts","identifierOpts","resolveOpts","resolver","resolve","getAgentResolver","uniresolverResolution","resolverResolution","localResolution","createArgs","getRPInstance","definitionId","responseRedirectURI","then","rp","URI","encodedUri","createAuthorizationRequest","request","authRequest","authorizationRequest","payload","requestObject","requestObjectJwt","requestObjectDecoded","getPayload","args","get","sessionManager","getRequestStateByCorrelationId","correlationId","errorOnNotFound","rpInstance","authorizationResponseState","getResponseStateByCorrelationId","undefined","responseState","status","AuthorizationResponseStateStatus","VERIFIED","includeVerifiedData","VerifiedDataMode","NONE","hasher","CredentialMapper","isSdJwtEncoded","response","vp_token","rpOptions","credentialOpts","defaultHasher","presentationDecoded","decodeVerifiablePresentation","VERIFIED_PRESENTATION","verifiedData","presentationOrClaimsFrom","CREDENTIAL_SUBJECT_FLATTENED","allClaims","credential","verifiableCredential","vc","schemaValidationResult","agent","cvVerifySchema","validationPolicy","verificationPolicies","schemaValidation","result","ERROR","error","Error","credentialSubject","id","Object","entries","forEach","key","value","isSdJwtDecodedCredential","decodedPayload","toUniformPresentation","state","signalAuthRequestRetrieved","deleteStateForCorrelationId","authorizationResponse","authResponse","decodeUriAsJson","verifyAuthorizationResponse","dcqlQueryPayload","dcqlQuery","audience","definitions","tenantId","version","versionControlMode","Promise","all","map","definitionPair","definitionPayload","dcqlPayload","reject","DcqlQuery","validate","console","log","queryId","pexValidateDefinition","definition","name","pdmPersistDefinition","definitionItem","instanceId","has","getResponseRedirectUri","correlation_id","instanceOpts","getInstanceOpts","rpOpts","getRPOptions","set","RPInstance","pexOpts","responseRedirectUri","options","idOpts","supportedDIDMethods","supportedVersions","instanceOpt","find","i","getDefaultOptions","defaultOptions","clonedOptions","VerifiedDataMode"]}
1
+ {"version":3,"sources":["../src/index.ts","../plugin.schema.json","../src/agent/SIOPv2RP.ts","../src/functions.ts","../src/RPInstance.ts","../src/types/ISIOPv2RP.ts"],"sourcesContent":["/**\n * @public\n */\nimport schema from '../plugin.schema.json'\nexport { schema }\nexport { SIOPv2RP } from './agent/SIOPv2RP'\nexport * from './types/ISIOPv2RP'\n","{\n \"IDidAuthSiopOpAuthenticator\": {\n \"components\": {\n \"schemas\": {\n \"IGetSiopSessionArgs\": {\n \"type\": \"object\",\n \"properties\": {\n \"sessionId\": {\n \"type\": \"string\"\n },\n \"additionalProperties\": false\n },\n \"required\": [\"sessionId\"],\n \"description\": \"Arguments needed for {@link DidAuthSiopOpAuthenticator.getSessionForSiop } \"\n },\n \"IRegisterSiopSessionArgs\": {\n \"type\": \"object\",\n \"properties\": {\n \"identifier\": {\n \"type\": \"object\",\n \"properties\": {\n \"did\": {\n \"type\": \"string\"\n },\n \"alias\": {\n \"type\": \"string\"\n },\n \"provider\": {\n \"type\": \"string\"\n },\n \"controllerKeyId\": {\n \"type\": \"string\"\n },\n \"keys\": {\n \"type\": \"array\",\n \"items\": {\n \"type\": \"object\",\n \"properties\": {\n \"additionalProperties\": true\n }\n }\n },\n \"services\": {\n \"type\": \"array\",\n \"items\": {\n \"type\": \"object\",\n \"properties\": {\n \"additionalProperties\": true\n }\n }\n }\n },\n \"additionalProperties\": false,\n \"required\": [\"did\", \"provider\", \"keys\", \"services\"]\n },\n \"sessionId\": {\n \"type\": \"string\"\n },\n \"expiresIn\": {\n \"type\": \"number\"\n },\n \"additionalProperties\": false\n },\n \"required\": [\"identifier\"],\n \"description\": \"Arguments needed for {@link DidAuthSiopOpAuthenticator.registerSessionForSiop } \"\n },\n \"IRemoveSiopSessionArgs\": {\n \"type\": \"object\",\n \"properties\": {\n \"sessionId\": {\n \"type\": \"string\"\n },\n \"additionalProperties\": false\n },\n \"required\": [\"sessionId\"],\n \"description\": \"Arguments needed for {@link DidAuthSiopOpAuthenticator.removeSessionForSiop } \"\n },\n \"IAuthenticateWithSiopArgs\": {\n \"type\": \"object\",\n \"properties\": {\n \"sessionId\": {\n \"type\": \"string\"\n },\n \"stateId\": {\n \"type\": \"string\"\n },\n \"redirectUrl\": {\n \"type\": \"string\"\n },\n \"additionalProperties\": false\n },\n \"required\": [\"sessionId\", \"stateId\", \"redirectUrl\"],\n \"description\": \"Arguments needed for {@link DidAuthSiopOpAuthenticator.authenticateWithSiop } \"\n },\n \"IResponse\": {\n \"type\": \"object\",\n \"properties\": {\n \"status\": {\n \"type\": \"number\"\n },\n \"additionalProperties\": true\n },\n \"required\": [\"status\"],\n \"description\": \"Result of {@link DidAuthSiopOpAuthenticator.authenticateWithSiop & DidAuthSiopOpAuthenticator.sendSiopAuthenticationResponse } \"\n },\n \"IGetSiopAuthenticationRequestFromRpArgs\": {\n \"type\": \"object\",\n \"properties\": {\n \"sessionId\": {\n \"type\": \"string\"\n },\n \"stateId\": {\n \"type\": \"string\"\n },\n \"redirectUrl\": {\n \"type\": \"string\"\n },\n \"additionalProperties\": false\n },\n \"required\": [\"sessionId\", \"stateId\", \"redirectUrl\"],\n \"description\": \"Arguments needed for {@link DidAuthSiopOpAuthenticator.getSiopAuthenticationRequestFromRP } \"\n },\n \"ParsedAuthenticationRequestURI\": {\n \"type\": \"object\",\n \"properties\": {\n \"jwt\": {\n \"type\": \"string\"\n },\n \"requestPayload\": {\n \"type\": \"object\",\n \"properties\": {\n \"additionalProperties\": true\n }\n },\n \"registration\": {\n \"type\": \"object\",\n \"properties\": {\n \"additionalProperties\": true\n }\n },\n \"additionalProperties\": false\n },\n \"required\": [\"jwt\", \"requestPayload\", \"registration\"],\n \"description\": \"Result of {@link DidAuthSiopOpAuthenticator.getSiopAuthenticationRequestFromRP } \"\n },\n \"IGetSiopAuthenticationRequestDetailsArgs\": {\n \"type\": \"object\",\n \"properties\": {\n \"sessionId\": {\n \"type\": \"string\"\n },\n \"verifiedAuthenticationRequest\": {\n \"type\": \"object\",\n \"properties\": {\n \"additionalProperties\": true\n }\n },\n \"credentialFilter\": {\n \"type\": \"object\",\n \"properties\": {\n \"additionalProperties\": true\n }\n },\n \"additionalProperties\": false\n },\n \"required\": [\"sessionId\", \"verifiedAuthenticationRequest\"],\n \"description\": \"Arguments needed for {@link DidAuthSiopOpAuthenticator.getSiopAuthenticationRequestDetails } \"\n },\n \"IAuthRequestDetails\": {\n \"type\": \"object\",\n \"properties\": {\n \"id\": {\n \"type\": \"string\"\n },\n \"alsoKnownAs\": {\n \"type\": \"array\",\n \"items\": {\n \"type\": \"string\"\n }\n },\n \"vpResponseOpts\": {\n \"type\": \"object\",\n \"properties\": {\n \"additionalProperties\": true\n }\n },\n \"additionalProperties\": false\n },\n \"required\": [\"id\", \"vpResponseOpts\"],\n \"description\": \"Result of {@link DidAuthSiopOpAuthenticator.getSiopAuthenticationRequestDetails } \"\n },\n \"IVerifySiopAuthenticationRequestUriArgs\": {\n \"type\": \"object\",\n \"properties\": {\n \"sessionId\": {\n \"type\": \"string\"\n },\n \"ParsedAuthenticationRequestURI\": {\n \"type\": \"object\",\n \"properties\": {\n \"additionalProperties\": true\n }\n },\n \"additionalProperties\": false\n },\n \"required\": [\"sessionId\", \"ParsedAuthenticationRequestURI\"],\n \"description\": \"Arguments needed for {@link DidAuthSiopOpAuthenticator.verifySiopAuthenticationRequestURI } \"\n },\n \"VerifiedAuthorizationRequest\": {\n \"type\": \"object\",\n \"properties\": {\n \"payload\": {\n \"type\": \"object\",\n \"properties\": {\n \"additionalProperties\": true\n }\n },\n \"presentationDefinitions\": {\n \"type\": \"object\",\n \"properties\": {\n \"additionalProperties\": true\n }\n },\n \"verifyOpts\": {\n \"type\": \"object\",\n \"properties\": {\n \"additionalProperties\": true\n }\n },\n \"additionalProperties\": false\n },\n \"required\": [\"payload\", \"verifyOpts\"],\n \"description\": \"Result of {@link DidAuthSiopOpAuthenticator.verifySiopAuthenticationRequestURI } \"\n },\n \"ISendSiopAuthenticationResponseArgs\": {\n \"type\": \"object\",\n \"properties\": {\n \"sessionId\": {\n \"type\": \"string\"\n },\n \"verifiedAuthenticationRequest\": {\n \"type\": \"object\",\n \"properties\": {\n \"additionalProperties\": true\n }\n },\n \"verifiablePresentationResponse\": {\n \"type\": \"object\",\n \"properties\": {\n \"additionalProperties\": true\n }\n },\n \"additionalProperties\": false\n },\n \"required\": [\"sessionId\", \"verifiedAuthenticationRequest\"],\n \"description\": \"Arguments needed for {@link DidAuthSiopOpAuthenticator.sendSiopAuthenticationResponse } \"\n }\n },\n \"methods\": {\n \"getSessionForSiop\": {\n \"description\": \"Get SIOP session\",\n \"arguments\": {\n \"$ref\": \"#/components/schemas/IGetSiopSessionArgs\"\n },\n \"returnType\": \"object\"\n },\n \"registerSessionForSiop\": {\n \"description\": \"Register SIOP session\",\n \"arguments\": {\n \"$ref\": \"#/components/schemas/IRegisterSiopSessionArgs\"\n },\n \"returnType\": \"object\"\n },\n \"removeSessionForSiop\": {\n \"description\": \"Remove SIOP session\",\n \"arguments\": {\n \"$ref\": \"#/components/schemas/IRemoveSiopSessionArgs\"\n },\n \"returnType\": \"boolean\"\n },\n \"authenticateWithSiop\": {\n \"description\": \"Authenticate using DID Auth SIOP\",\n \"arguments\": {\n \"$ref\": \"#/components/schemas/IAuthenticateWithSiopArgs\"\n },\n \"returnType\": {\n \"$ref\": \"#/components/schemas/Response\"\n }\n },\n \"getSiopAuthenticationRequestFromRP\": {\n \"description\": \"Get authentication request from RP\",\n \"arguments\": {\n \"$ref\": \"#/components/schemas/IGetSiopAuthenticationRequestFromRpArgs\"\n },\n \"returnType\": {\n \"$ref\": \"#/components/schemas/ParsedAuthenticationRequestURI\"\n }\n },\n \"getSiopAuthenticationRequestDetails\": {\n \"description\": \"Get authentication request details\",\n \"arguments\": {\n \"$ref\": \"#/components/schemas/IGetSiopAuthenticationRequestDetailsArgs\"\n },\n \"returnType\": {\n \"$ref\": \"#/components/schemas/IAuthRequestDetails\"\n }\n },\n \"verifySiopAuthenticationRequestURI\": {\n \"description\": \"Verify authentication request URI\",\n \"arguments\": {\n \"$ref\": \"#/components/schemas/IVerifySiopAuthenticationRequestUriArgs\"\n },\n \"returnType\": {\n \"$ref\": \"#/components/schemas/VerifiedAuthorizationRequest\"\n }\n },\n \"sendSiopAuthenticationResponse\": {\n \"description\": \"Send authentication response\",\n \"arguments\": {\n \"$ref\": \"#/components/schemas/ISendSiopAuthenticationResponseArgs\"\n },\n \"returnType\": {\n \"$ref\": \"#/components/schemas/IRequiredContext\"\n }\n }\n }\n }\n }\n}\n","import {\n AuthorizationRequestState,\n AuthorizationResponsePayload,\n AuthorizationResponseState,\n AuthorizationResponseStateStatus,\n AuthorizationResponseStateWithVerifiedData,\n decodeUriAsJson,\n VerifiedAuthorizationResponse\n} from '@sphereon/did-auth-siop'\nimport { getAgentResolver } from '@sphereon/ssi-sdk-ext.did-utils'\nimport { shaHasher as defaultHasher } from '@sphereon/ssi-sdk.core'\nimport {\n AdditionalClaims,\n CredentialMapper,\n HasherSync,\n ICredentialSubject,\n IPresentation,\n IVerifiableCredential,\n IVerifiablePresentation,\n JwtDecodedVerifiablePresentation,\n MdocDeviceResponse,\n MdocOid4vpMdocVpToken,\n OriginalVerifiablePresentation,\n SdJwtDecodedVerifiableCredential,\n} from '@sphereon/ssi-types'\nimport { IAgentPlugin } from '@veramo/core'\nimport { DcqlQuery } from 'dcql'\nimport {\n IAuthorizationRequestPayloads,\n ICreateAuthRequestArgs,\n IGetAuthRequestStateArgs,\n IGetAuthResponseStateArgs,\n IGetRedirectUriArgs,\n ImportDefinitionsArgs,\n IPEXInstanceOptions,\n IRequiredContext,\n IRPDefaultOpts,\n IRPOptions,\n ISiopRPInstanceArgs,\n ISiopv2RPOpts,\n IUpdateRequestStateArgs,\n IVerifyAuthResponseStateArgs,\n schema,\n VerifiedDataMode,\n} from '../index'\nimport { RPInstance } from '../RPInstance'\nimport { ISIOPv2RP } from '../types/ISIOPv2RP'\n\nexport class SIOPv2RP implements IAgentPlugin {\n private readonly opts: ISiopv2RPOpts\n private static readonly _DEFAULT_OPTS_KEY = '_default'\n private readonly instances: Map<string, RPInstance> = new Map()\n readonly schema = schema.IDidAuthSiopOpAuthenticator\n\n readonly methods: ISIOPv2RP = {\n siopCreateAuthRequestURI: this.createAuthorizationRequestURI.bind(this),\n siopCreateAuthRequestPayloads: this.createAuthorizationRequestPayloads.bind(this),\n siopGetAuthRequestState: this.siopGetRequestState.bind(this),\n siopGetAuthResponseState: this.siopGetResponseState.bind(this),\n siopUpdateAuthRequestState: this.siopUpdateRequestState.bind(this),\n siopDeleteAuthState: this.siopDeleteState.bind(this),\n siopVerifyAuthResponse: this.siopVerifyAuthResponse.bind(this),\n siopImportDefinitions: this.siopImportDefinitions.bind(this),\n siopGetRedirectURI: this.siopGetRedirectURI.bind(this),\n }\n\n constructor(opts: ISiopv2RPOpts) {\n this.opts = opts\n }\n\n public setDefaultOpts(rpDefaultOpts: IRPDefaultOpts, context: IRequiredContext) {\n // We allow setting default options later, because in some cases you might want to query the agent for defaults. This cannot happen when the agent is being build (this is when the constructor is being called)\n this.opts.defaultOpts = rpDefaultOpts\n // We however do require the agent to be responsible for resolution, otherwise people might encounter strange errors, that are very hard to track down\n if (\n !this.opts.defaultOpts.identifierOpts.resolveOpts?.resolver ||\n typeof this.opts.defaultOpts.identifierOpts.resolveOpts.resolver.resolve !== 'function'\n ) {\n this.opts.defaultOpts.identifierOpts.resolveOpts = {\n ...this.opts.defaultOpts.identifierOpts.resolveOpts,\n resolver: getAgentResolver(context, { uniresolverResolution: true, resolverResolution: true, localResolution: true }),\n }\n }\n }\n\n private async createAuthorizationRequestURI(createArgs: ICreateAuthRequestArgs, context: IRequiredContext): Promise<string> {\n return await this.getRPInstance({ responseRedirectURI: createArgs.responseRedirectURI, ...(createArgs.useQueryIdInstance === true && { queryId: createArgs.queryId } ) }, context)\n .then((rp) => rp.createAuthorizationRequestURI(createArgs, context))\n .then((URI) => URI.encodedUri)\n }\n\n private async createAuthorizationRequestPayloads(\n createArgs: ICreateAuthRequestArgs,\n context: IRequiredContext,\n ): Promise<IAuthorizationRequestPayloads> {\n return await this.getRPInstance({ queryId: createArgs.queryId }, context)\n .then((rp) => rp.createAuthorizationRequest(createArgs, context))\n .then(async (request) => {\n const authRequest: IAuthorizationRequestPayloads = {\n authorizationRequest: request.payload,\n requestObject: await request.requestObjectJwt(),\n requestObjectDecoded: request.requestObject?.getPayload(),\n }\n return authRequest\n })\n }\n\n private async siopGetRequestState(args: IGetAuthRequestStateArgs, context: IRequiredContext): Promise<AuthorizationRequestState | undefined> {\n return await this.getRPInstance({ queryId: args.queryId }, context).then((rp) =>\n rp.get(context).then((rp) =>\n rp.sessionManager.getRequestStateByCorrelationId(args.correlationId, args.errorOnNotFound)\n ),\n )\n }\n\n private async siopGetResponseState(\n args: IGetAuthResponseStateArgs,\n context: IRequiredContext,\n ): Promise<AuthorizationResponseStateWithVerifiedData | undefined> {\n const rpInstance: RPInstance = await this.getRPInstance({ queryId: args.queryId }, context)\n const authorizationResponseState: AuthorizationResponseState | undefined = await rpInstance\n .get(context)\n .then((rp) => rp.sessionManager.getResponseStateByCorrelationId(args.correlationId, args.errorOnNotFound))\n if (authorizationResponseState === undefined) {\n return undefined\n }\n\n const responseState = authorizationResponseState as AuthorizationResponseStateWithVerifiedData\n if (\n responseState.status === AuthorizationResponseStateStatus.VERIFIED &&\n args.includeVerifiedData &&\n args.includeVerifiedData !== VerifiedDataMode.NONE\n ) {\n let hasher: HasherSync | undefined\n if (\n CredentialMapper.isSdJwtEncoded(responseState.response.payload.vp_token as OriginalVerifiablePresentation) &&\n (!rpInstance.rpOptions.credentialOpts?.hasher || typeof rpInstance.rpOptions.credentialOpts?.hasher !== 'function')\n ) {\n hasher = defaultHasher\n }\n // todo this should also include mdl-mdoc\n const presentationDecoded = CredentialMapper.decodeVerifiablePresentation(\n responseState.response.payload.vp_token as OriginalVerifiablePresentation,\n //todo: later we want to conditionally pass in options for mdl-mdoc here\n hasher,\n )\n switch (args.includeVerifiedData) {\n case VerifiedDataMode.VERIFIED_PRESENTATION:\n responseState.response.payload.verifiedData = this.presentationOrClaimsFrom(presentationDecoded)\n break\n case VerifiedDataMode.CREDENTIAL_SUBJECT_FLATTENED: // TODO debug cs-flat for SD-JWT\n const allClaims: AdditionalClaims = {}\n for (const credential of this.presentationOrClaimsFrom(presentationDecoded).verifiableCredential || []) {\n const vc = credential as IVerifiableCredential\n const schemaValidationResult = await context.agent.cvVerifySchema({\n credential,\n hasher,\n validationPolicy: rpInstance.rpOptions.verificationPolicies?.schemaValidation,\n })\n if (!schemaValidationResult.result) {\n responseState.status = AuthorizationResponseStateStatus.ERROR\n responseState.error = new Error(schemaValidationResult.error)\n return responseState\n }\n\n const credentialSubject = vc.credentialSubject as ICredentialSubject & AdditionalClaims\n if (!('id' in allClaims)) {\n allClaims['id'] = credentialSubject.id\n }\n\n Object.entries(credentialSubject).forEach(([key, value]) => {\n if (!(key in allClaims)) {\n allClaims[key] = value\n }\n })\n }\n responseState.verifiedData = allClaims\n break\n }\n }\n return responseState\n }\n\n private presentationOrClaimsFrom = (\n presentationDecoded:\n | JwtDecodedVerifiablePresentation\n | IVerifiablePresentation\n | SdJwtDecodedVerifiableCredential\n | MdocOid4vpMdocVpToken\n | MdocDeviceResponse,\n ): AdditionalClaims | IPresentation =>\n CredentialMapper.isSdJwtDecodedCredential(presentationDecoded)\n ? presentationDecoded.decodedPayload\n : CredentialMapper.toUniformPresentation(presentationDecoded as OriginalVerifiablePresentation)\n\n private async siopUpdateRequestState(args: IUpdateRequestStateArgs, context: IRequiredContext): Promise<AuthorizationRequestState> {\n if (args.state !== 'authorization_request_created') {\n throw Error(`Only 'authorization_request_created' status is supported for this method at this point`)\n }\n return await this.getRPInstance({ queryId: args.queryId }, context)\n // todo: In the SIOP library we need to update the signal method to be more like this method\n .then((rp) =>\n rp.get(context).then(async (rp) => {\n await rp.signalAuthRequestRetrieved({\n correlationId: args.correlationId,\n error: args.error ? new Error(args.error) : undefined,\n })\n return (await rp.sessionManager.getRequestStateByCorrelationId(args.correlationId, true)) as AuthorizationRequestState\n }),\n )\n }\n\n private async siopDeleteState(args: IGetAuthResponseStateArgs, context: IRequiredContext): Promise<boolean> {\n return await this.getRPInstance({ queryId: args.queryId }, context)\n .then((rp) => rp.get(context).then((rp) => rp.sessionManager.deleteStateForCorrelationId(args.correlationId)))\n .then(() => true)\n }\n\n private async siopVerifyAuthResponse(args: IVerifyAuthResponseStateArgs, context: IRequiredContext): Promise<VerifiedAuthorizationResponse> {\n if (!args.authorizationResponse) {\n throw Error('No SIOPv2 Authorization Response received')\n }\n const authResponse =\n typeof args.authorizationResponse === 'string'\n ? (decodeUriAsJson(args.authorizationResponse) as AuthorizationResponsePayload)\n : args.authorizationResponse\n return await this.getRPInstance({ queryId: args.queryId }, context).then((rp) =>\n rp.get(context).then((rp) =>\n rp.verifyAuthorizationResponse(authResponse, {\n correlationId: args.correlationId,\n ...(args.dcqlQueryPayload ? { dcqlQuery: args.dcqlQueryPayload.dcqlQuery } : {}),\n audience: args.audience,\n }),\n ),\n )\n }\n\n private async siopImportDefinitions(args: ImportDefinitionsArgs, context: IRequiredContext): Promise<void> {\n const { queries, tenantId, version, versionControlMode } = args\n await Promise.all(\n queries.map(async (definitionPair) => {\n const definitionPayload = definitionPair.definitionPayload\n if (!definitionPayload && !definitionPair.dcqlPayload) {\n return Promise.reject(Error('Either dcqlPayload or definitionPayload must be suppplied'))\n }\n\n let definitionId: string\n if (definitionPair.dcqlPayload) {\n DcqlQuery.validate(definitionPair.dcqlPayload.dcqlQuery)\n console.log(`persisting DCQL definition ${definitionPair.dcqlPayload.queryId} with versionControlMode ${versionControlMode}`)\n definitionId = definitionPair.dcqlPayload.queryId\n }\n if (definitionPayload) {\n await context.agent.pexValidateDefinition({ definition: definitionPayload })\n console.log(`persisting PEX definition ${definitionPayload.id} / ${definitionPayload.name} with versionControlMode ${versionControlMode}`)\n definitionId = definitionPayload.id\n }\n\n return context.agent.pdmPersistDefinition({\n definitionItem: {\n definitionId: definitionId!,\n tenantId: tenantId,\n version: version,\n definitionPayload,\n dcqlPayload: definitionPair.dcqlPayload,\n },\n opts: { versionControlMode: versionControlMode },\n })\n }),\n )\n }\n\n private async siopGetRedirectURI(args: IGetRedirectUriArgs, context: IRequiredContext): Promise<string | undefined> {\n const instanceId = args.queryId ?? SIOPv2RP._DEFAULT_OPTS_KEY\n if (this.instances.has(instanceId)) {\n const rpInstance = this.instances.get(instanceId)\n if (rpInstance !== undefined) {\n const rp = await rpInstance.get(context)\n return rp.getResponseRedirectUri({\n correlation_id: args.correlationId,\n correlationId: args.correlationId,\n ...(args.state && { state: args.state }),\n })\n }\n }\n return undefined\n }\n\n async getRPInstance({ queryId, responseRedirectURI }: ISiopRPInstanceArgs, context: IRequiredContext): Promise<RPInstance> {\n const instanceId = queryId ?? SIOPv2RP._DEFAULT_OPTS_KEY\n if (!this.instances.has(instanceId)) {\n const instanceOpts = this.getInstanceOpts(queryId)\n const rpOpts = await this.getRPOptions(context, { queryId, responseRedirectURI: responseRedirectURI })\n if (!rpOpts.identifierOpts.resolveOpts?.resolver || typeof rpOpts.identifierOpts.resolveOpts.resolver.resolve !== 'function') {\n if (!rpOpts.identifierOpts?.resolveOpts) {\n rpOpts.identifierOpts = { ...rpOpts.identifierOpts }\n rpOpts.identifierOpts.resolveOpts = { ...rpOpts.identifierOpts.resolveOpts }\n }\n console.log('Using agent DID resolver for RP instance with definition id ' + queryId)\n rpOpts.identifierOpts.resolveOpts.resolver = getAgentResolver(context, {\n uniresolverResolution: true,\n localResolution: true,\n resolverResolution: true,\n })\n }\n this.instances.set(instanceId, new RPInstance({ rpOpts, pexOpts: instanceOpts }))\n }\n const rpInstance = this.instances.get(instanceId)!\n if (responseRedirectURI) {\n rpInstance.rpOptions.responseRedirectUri = responseRedirectURI\n }\n return rpInstance\n }\n\n async getRPOptions(context: IRequiredContext, opts: { queryId?: string; responseRedirectURI?: string }): Promise<IRPOptions> {\n const { queryId, responseRedirectURI: responseRedirectURI } = opts\n const options = this.getInstanceOpts(queryId)?.rpOpts ?? this.opts.defaultOpts\n if (!options) {\n throw Error(`Could not get specific nor default options for definition ${queryId}`)\n }\n if (this.opts.defaultOpts) {\n if (!options.identifierOpts) {\n options.identifierOpts = this.opts.defaultOpts?.identifierOpts\n } else {\n if (!options.identifierOpts.idOpts) {\n options.identifierOpts.idOpts = this.opts.defaultOpts.identifierOpts.idOpts\n }\n if (!options.identifierOpts.supportedDIDMethods) {\n options.identifierOpts.supportedDIDMethods = this.opts.defaultOpts.identifierOpts.supportedDIDMethods\n }\n if (!options.supportedVersions) {\n options.supportedVersions = this.opts.defaultOpts.supportedVersions\n }\n }\n if (!options.identifierOpts.resolveOpts || typeof options.identifierOpts.resolveOpts.resolver?.resolve !== 'function') {\n options.identifierOpts.resolveOpts = {\n ...this.opts.defaultOpts.identifierOpts.resolveOpts,\n resolver:\n this.opts.defaultOpts.identifierOpts?.resolveOpts?.resolver ??\n getAgentResolver(context, { localResolution: true, resolverResolution: true, uniresolverResolution: true }),\n }\n }\n }\n if (responseRedirectURI !== undefined && responseRedirectURI !== options.responseRedirectUri) {\n options.responseRedirectUri = responseRedirectURI\n }\n return options\n }\n\n getInstanceOpts(definitionId?: string): IPEXInstanceOptions | undefined {\n if (!this.opts.instanceOpts) return undefined\n\n const instanceOpt = definitionId ? this.opts.instanceOpts.find((i) => i.queryId === definitionId) : undefined\n\n return instanceOpt ?? this.getDefaultOptions(definitionId)\n }\n\n private getDefaultOptions(definitionId: string | undefined) {\n if (!this.opts.instanceOpts) return undefined\n\n const defaultOptions = this.opts.instanceOpts.find((i) => i.queryId === 'default')\n if (defaultOptions) {\n const clonedOptions = { ...defaultOptions }\n if (definitionId !== undefined) {\n clonedOptions.queryId = definitionId\n }\n return clonedOptions\n }\n\n return undefined\n }\n}\n","import {\n ClientIdentifierPrefix,\n ClientMetadataOpts,\n InMemoryRPSessionManager,\n PassBy,\n PresentationVerificationCallback,\n PresentationVerificationResult,\n PropertyTarget,\n ResponseMode,\n ResponseType,\n RevocationVerification,\n RP,\n RPBuilder,\n Scope,\n SubjectType,\n SupportedVersion,\n VerifyJwtCallback\n} from '@sphereon/did-auth-siop'\nimport { CreateJwtCallback, JwtHeader, JwtIssuer, JwtPayload, SigningAlgo } from '@sphereon/oid4vc-common'\nimport { IPresentationDefinition } from '@sphereon/pex'\nimport { getAgentDIDMethods, getAgentResolver } from '@sphereon/ssi-sdk-ext.did-utils'\nimport {\n isExternalIdentifierOIDFEntityIdOpts,\n isManagedIdentifierDidOpts,\n isManagedIdentifierDidResult,\n isManagedIdentifierX5cOpts,\n ManagedIdentifierOptsOrResult,\n} from '@sphereon/ssi-sdk-ext.identifier-resolution'\nimport { JwtCompactResult } from '@sphereon/ssi-sdk-ext.jwt-service'\nimport { IVerifySdJwtPresentationResult } from '@sphereon/ssi-sdk.sd-jwt'\nimport {\n CredentialMapper,\n HasherSync,\n OriginalVerifiableCredential,\n PresentationSubmission\n} from '@sphereon/ssi-types'\nimport { IVerifyCallbackArgs, IVerifyCredentialResult, VerifyCallback } from '@sphereon/wellknown-dids-client'\nimport { TKeyType } from '@veramo/core'\nimport { JWTVerifyOptions } from 'did-jwt'\nimport { Resolvable } from 'did-resolver'\nimport { EventEmitter } from 'events'\nimport { IPEXOptions, IRequiredContext, IRPOptions, ISIOPIdentifierOptions } from './types/ISIOPv2RP'\nimport { DcqlQuery } from 'dcql'\nimport { defaultHasher } from '@sphereon/ssi-sdk.core'\n\nexport function getRequestVersion(rpOptions: IRPOptions): SupportedVersion {\n if (Array.isArray(rpOptions.supportedVersions) && rpOptions.supportedVersions.length > 0) {\n return rpOptions.supportedVersions[0]\n }\n return SupportedVersion.JWT_VC_PRESENTATION_PROFILE_v1\n}\n\nfunction getWellKnownDIDVerifyCallback(siopIdentifierOpts: ISIOPIdentifierOptions, context: IRequiredContext) {\n return siopIdentifierOpts.wellknownDIDVerifyCallback\n ? siopIdentifierOpts.wellknownDIDVerifyCallback\n : async (args: IVerifyCallbackArgs): Promise<IVerifyCredentialResult> => {\n const result = await context.agent.cvVerifyCredential({\n credential: args.credential as OriginalVerifiableCredential,\n fetchRemoteContexts: true,\n })\n return { verified: result.result }\n }\n}\n\nexport function getPresentationVerificationCallback(\n idOpts: ManagedIdentifierOptsOrResult,\n context: IRequiredContext,\n): PresentationVerificationCallback {\n async function presentationVerificationCallback(\n args: any, // FIXME any\n presentationSubmission?: PresentationSubmission,\n ): Promise<PresentationVerificationResult> {\n if (CredentialMapper.isSdJwtEncoded(args)) {\n const result: IVerifySdJwtPresentationResult = await context.agent.verifySdJwtPresentation({\n presentation: args\n })\n // fixme: investigate the correct way to handle this\n return { verified: !!result.payload }\n }\n\n if (CredentialMapper.isMsoMdocOid4VPEncoded(args)) {\n // TODO Funke reevaluate\n if (context.agent.mdocOid4vpRPVerify === undefined) {\n return Promise.reject('ImDLMdoc agent plugin must be enabled to support MsoMdoc types')\n }\n if (presentationSubmission !== undefined && presentationSubmission !== null) {\n const verifyResult = await context.agent.mdocOid4vpRPVerify({\n vp_token: args,\n presentation_submission: presentationSubmission,\n })\n return { verified: !verifyResult.error }\n }\n throw Error(`mdocOid4vpRPVerify(...) method requires a presentation submission`)\n }\n\n const result = await context.agent.verifyPresentation({\n presentation: args,\n fetchRemoteContexts: true,\n domain: (await context.agent.identifierManagedGet(idOpts)).kid?.split('#')[0],\n })\n return { verified: result.verified }\n }\n\n return presentationVerificationCallback\n}\n\nexport async function createRPBuilder(args: {\n rpOpts: IRPOptions\n pexOpts?: IPEXOptions | undefined\n definition?: IPresentationDefinition\n dcql?: DcqlQuery\n context: IRequiredContext\n}): Promise<RPBuilder> {\n const { rpOpts, pexOpts, context } = args\n const { identifierOpts } = rpOpts\n let definition: IPresentationDefinition | undefined = args.definition\n let dcqlQuery: DcqlQuery | undefined = args.dcql\n\n if (!definition && pexOpts && pexOpts.queryId) {\n const presentationDefinitionItems = await context.agent.pdmGetDefinitions({\n filter: [\n {\n definitionId: pexOpts.queryId,\n version: pexOpts.version,\n tenantId: pexOpts.tenantId,\n },\n ],\n })\n\n if (presentationDefinitionItems.length > 0) {\n const presentationDefinitionItem = presentationDefinitionItems[0]\n if (!dcqlQuery && presentationDefinitionItem.dcqlPayload) {\n dcqlQuery = presentationDefinitionItem.dcqlPayload.dcqlQuery as DcqlQuery // cast from DcqlQueryREST back to valibot DcqlQuery\n }\n }\n }\n\n const didMethods = identifierOpts.supportedDIDMethods ?? (await getAgentDIDMethods(context))\n const eventEmitter = rpOpts.eventEmitter ?? new EventEmitter()\n\n const defaultClientMetadata: ClientMetadataOpts = {\n // FIXME: All of the below should be configurable. Some should come from builder, some should be determined by the agent.\n // For now it is either preconfigured or everything passed in as a single object\n idTokenSigningAlgValuesSupported: [SigningAlgo.EDDSA, SigningAlgo.ES256, SigningAlgo.ES256K], // added newly\n requestObjectSigningAlgValuesSupported: [SigningAlgo.EDDSA, SigningAlgo.ES256, SigningAlgo.ES256K], // added newly\n responseTypesSupported: [ResponseType.ID_TOKEN], // added newly\n client_name: 'Sphereon',\n vpFormatsSupported: {\n jwt_vc: { alg: ['EdDSA', 'ES256K'] },\n jwt_vp: { alg: ['ES256K', 'EdDSA'] },\n },\n scopesSupported: [Scope.OPENID_DIDAUTHN],\n subjectTypesSupported: [SubjectType.PAIRWISE],\n subject_syntax_types_supported: didMethods.map((method) => `did:${method}`),\n passBy: PassBy.VALUE,\n }\n\n const resolver =\n rpOpts.identifierOpts.resolveOpts?.resolver ??\n getAgentResolver(context, {\n resolverResolution: true,\n localResolution: true,\n uniresolverResolution: rpOpts.identifierOpts.resolveOpts?.noUniversalResolverFallback !== true,\n })\n //todo: probably wise to first look and see if we actually need the hasher to begin with\n let hasher: HasherSync | undefined = rpOpts.credentialOpts?.hasher\n if (!rpOpts.credentialOpts?.hasher || typeof rpOpts.credentialOpts?.hasher !== 'function') {\n hasher = defaultHasher\n }\n\n const builder = RP.builder({ requestVersion: getRequestVersion(rpOpts) })\n .withScope('openid', PropertyTarget.REQUEST_OBJECT)\n .withResponseMode(rpOpts.responseMode ?? ResponseMode.POST)\n .withResponseType(ResponseType.VP_TOKEN, PropertyTarget.REQUEST_OBJECT)\n // todo: move to options fill/correct method\n .withSupportedVersions(\n rpOpts.supportedVersions ?? [SupportedVersion.JWT_VC_PRESENTATION_PROFILE_v1, SupportedVersion.SIOPv2_ID1, SupportedVersion.SIOPv2_D11],\n )\n\n .withEventEmitter(eventEmitter)\n .withSessionManager(rpOpts.sessionManager ?? new InMemoryRPSessionManager(eventEmitter))\n .withClientMetadata(rpOpts.clientMetadataOpts ?? defaultClientMetadata, PropertyTarget.REQUEST_OBJECT)\n .withVerifyJwtCallback(\n rpOpts.verifyJwtCallback\n ? rpOpts.verifyJwtCallback\n : getVerifyJwtCallback(\n {\n resolver,\n verifyOpts: {\n wellknownDIDVerifyCallback: getWellKnownDIDVerifyCallback(rpOpts.identifierOpts, context),\n checkLinkedDomain: 'if_present',\n },\n },\n context,\n ),\n )\n .withRevocationVerification(RevocationVerification.NEVER)\n .withPresentationVerification(getPresentationVerificationCallback(identifierOpts.idOpts, context))\n\n const oidfOpts = identifierOpts.oidfOpts\n if (oidfOpts && isExternalIdentifierOIDFEntityIdOpts(oidfOpts)) {\n builder.withEntityId(oidfOpts.identifier, PropertyTarget.REQUEST_OBJECT)\n } else {\n const resolution = await context.agent.identifierManagedGet(identifierOpts.idOpts)\n const clientId: string = rpOpts.clientMetadataOpts?.client_id ?? resolution.issuer ?? (isManagedIdentifierDidResult(resolution) ? resolution.did : resolution.jwkThumbprint)\n const clientIdPrefixed = prefixClientId(clientId)\n builder.withClientId(clientIdPrefixed, PropertyTarget.REQUEST_OBJECT)\n }\n\n if (hasher) {\n builder.withHasher(hasher)\n }\n //fixme: this has been removed in the new version of did-auth-siop\n /*if (!rpOpts.clientMetadataOpts?.subjectTypesSupported) {\n // Do not update in case it is already provided via client metadata opts\n didMethods.forEach((method) => builder.addDidMethod(method))\n }*/\n //fixme: this has been removed in the new version of did-auth-siop\n // builder.withWellknownDIDVerifyCallback(getWellKnownDIDVerifyCallback(didOpts, context))\n\n if (dcqlQuery) {\n builder.withDcqlQuery(dcqlQuery)\n }\n\n if (rpOpts.responseRedirectUri) {\n builder.withResponseRedirectUri(rpOpts.responseRedirectUri)\n }\n\n //const key = resolution.key\n //fixme: this has been removed in the new version of did-auth-siop\n //builder.withSuppliedSignature(SuppliedSigner(key, context, getSigningAlgo(key.type) as unknown as KeyAlgo), did, kid, getSigningAlgo(key.type))\n\n /*if (isManagedIdentifierDidResult(resolution)) {\n //fixme: only accepts dids in version used. New SIOP lib also accepts other types\n builder.withSuppliedSignature(\n SuppliedSigner(key, context, getSigningAlgo(key.type) as unknown as KeyAlgo),\n resolution.did,\n resolution.kid,\n getSigningAlgo(key.type),\n )\n }*/\n //fixme: signcallback and it's return type are not totally compatible with our CreateJwtCallbackBase\n const createJwtCallback = signCallback(rpOpts.identifierOpts.idOpts, context)\n builder.withCreateJwtCallback(createJwtCallback satisfies CreateJwtCallback<any>)\n return builder\n}\n\nexport function signCallback(\n idOpts: ManagedIdentifierOptsOrResult,\n context: IRequiredContext,\n): (jwtIssuer: JwtIssuer, jwt: { header: JwtHeader; payload: JwtPayload }, kid?: string) => Promise<string> {\n return async (jwtIssuer: JwtIssuer, jwt: { header: JwtHeader; payload: JwtPayload }, kid?: string) => {\n if (!(isManagedIdentifierDidOpts(idOpts) || isManagedIdentifierX5cOpts(idOpts))) {\n return Promise.reject(Error(`JWT issuer method ${jwtIssuer.method} not yet supported`))\n }\n const result: JwtCompactResult = await context.agent.jwtCreateJwsCompactSignature({\n // FIXME fix cose-key inference\n // @ts-ignore\n issuer: { identifier: idOpts.identifier, kmsKeyRef: idOpts.kmsKeyRef, noIdentifierInHeader: false },\n // FIXME fix JWK key_ops\n // @ts-ignore\n protectedHeader: jwt.header,\n payload: jwt.payload,\n })\n return result.jwt\n }\n}\n\nfunction getVerifyJwtCallback(\n _opts: {\n resolver?: Resolvable\n verifyOpts?: JWTVerifyOptions & {\n checkLinkedDomain: 'never' | 'if_present' | 'always'\n wellknownDIDVerifyCallback?: VerifyCallback\n }\n },\n context: IRequiredContext,\n): VerifyJwtCallback {\n return async (_jwtVerifier, jwt) => {\n const result = await context.agent.jwtVerifyJwsSignature({ jws: jwt.raw })\n console.log(result.message)\n return !result.error\n }\n}\n\nexport async function createRP({ rpOptions, context }: { rpOptions: IRPOptions; context: IRequiredContext }): Promise<RP> {\n return (await createRPBuilder({ rpOpts: rpOptions, context })).build()\n}\n\nexport function getSigningAlgo(type: TKeyType): SigningAlgo {\n switch (type) {\n case 'Ed25519':\n return SigningAlgo.EDDSA\n case 'Secp256k1':\n return SigningAlgo.ES256K\n case 'Secp256r1':\n return SigningAlgo.ES256\n // @ts-ignore\n case 'RSA':\n return SigningAlgo.RS256\n default:\n throw Error('Key type not yet supported')\n }\n}\n\nexport function prefixClientId(clientId: string): string {\n // FIXME SSISDK-60\n if (clientId.startsWith('did:')) {\n return `${ClientIdentifierPrefix.DECENTRALIZED_IDENTIFIER}:${clientId}`;\n }\n\n return clientId;\n}\n","import { AuthorizationRequest, RP, URI } from '@sphereon/did-auth-siop'\nimport { ICreateAuthRequestArgs, IPEXOptions, IRequiredContext, IRPOptions } from './types/ISIOPv2RP'\nimport { IPresentationDefinition } from '@sphereon/pex'\nimport { createRPBuilder, getRequestVersion, getSigningAlgo } from './functions'\nimport { v4 as uuidv4 } from 'uuid'\nimport { JwtIssuer } from '@sphereon/oid4vc-common'\nimport {\n ensureManagedIdentifierResult,\n isManagedIdentifierDidResult,\n isManagedIdentifierX5cResult,\n} from '@sphereon/ssi-sdk-ext.identifier-resolution'\n\nexport class RPInstance {\n private _rp: RP | undefined\n private readonly _pexOptions: IPEXOptions | undefined\n private readonly _rpOptions: IRPOptions\n\n public constructor({ rpOpts, pexOpts }: { rpOpts: IRPOptions; pexOpts?: IPEXOptions }) {\n this._rpOptions = rpOpts\n this._pexOptions = pexOpts\n }\n\n public async get(context: IRequiredContext): Promise<RP> {\n if (!this._rp) {\n const builder = await createRPBuilder({\n rpOpts: this._rpOptions,\n pexOpts: this._pexOptions,\n context,\n })\n this._rp = builder.build()\n }\n return this._rp!\n }\n\n get rpOptions() {\n return this._rpOptions\n }\n\n get pexOptions() {\n return this._pexOptions\n }\n\n public hasDefinition(): boolean {\n return this.definitionId !== undefined\n }\n\n get definitionId(): string | undefined {\n return this.pexOptions?.queryId\n }\n\n public async getPresentationDefinition(context: IRequiredContext): Promise<IPresentationDefinition | undefined> {\n return this.definitionId\n ? await context.agent.pexStoreGetDefinition({\n definitionId: this.definitionId,\n tenantId: this.pexOptions?.tenantId,\n })\n : undefined\n }\n\n public async createAuthorizationRequestURI(createArgs: ICreateAuthRequestArgs, context: IRequiredContext): Promise<URI> {\n const { correlationId, queryId, claims, requestByReferenceURI, responseURI, responseURIType, callback } = createArgs\n const nonce = createArgs.nonce ?? uuidv4()\n const state = createArgs.state ?? correlationId\n let jwtIssuer: JwtIssuer\n const idOpts = this.rpOptions.identifierOpts.idOpts\n const resolution = await ensureManagedIdentifierResult(idOpts, context)\n if (isManagedIdentifierDidResult(resolution)) {\n jwtIssuer = { didUrl: resolution.kid, method: 'did', alg: getSigningAlgo(resolution.key.type) }\n } else if (isManagedIdentifierX5cResult(resolution)) {\n if (!resolution.issuer) {\n return Promise.reject('missing issuer in idOpts')\n }\n jwtIssuer = {\n issuer: resolution.issuer,\n x5c: resolution.x5c,\n method: 'x5c',\n alg: getSigningAlgo(resolution.key.type),\n }\n } else {\n return Promise.reject(Error(`JWT issuer method ${resolution.method} not yet supported`))\n }\n\n return await this.get(context).then((rp) =>\n rp.createAuthorizationRequestURI({\n version: getRequestVersion(this.rpOptions),\n correlationId,\n queryId,\n nonce,\n state,\n claims,\n requestByReferenceURI,\n responseURI,\n responseURIType,\n jwtIssuer,\n callback\n }),\n )\n }\n\n public async createAuthorizationRequest(\n createArgs: Omit<ICreateAuthRequestArgs, 'queryId'>,\n context: IRequiredContext,\n ): Promise<AuthorizationRequest> {\n const { correlationId, claims, requestByReferenceURI, responseURI, responseURIType } = createArgs\n const nonce = createArgs.nonce ?? uuidv4()\n const state = createArgs.state ?? correlationId\n const idOpts = this.rpOptions.identifierOpts.idOpts\n const resolution = await ensureManagedIdentifierResult(idOpts, context)\n\n let jwtIssuer: JwtIssuer\n if (isManagedIdentifierX5cResult(resolution) && resolution.issuer) {\n jwtIssuer = {\n method: resolution.method,\n alg: getSigningAlgo(resolution.key.type),\n x5c: resolution.x5c,\n issuer: resolution.issuer,\n }\n } else if (isManagedIdentifierDidResult(resolution)) {\n jwtIssuer = {\n method: resolution.method,\n alg: getSigningAlgo(resolution.key.type),\n didUrl: resolution.did,\n }\n } else {\n return Promise.reject(Error('Only did & x5c supported at present'))\n }\n\n return await this.get(context).then((rp) =>\n rp.createAuthorizationRequest({\n version: getRequestVersion(this.rpOptions),\n correlationId,\n nonce,\n state,\n claims,\n requestByReferenceURI,\n responseURIType,\n responseURI,\n jwtIssuer,\n }),\n )\n }\n}\n","import {\n AuthorizationRequestPayload,\n AuthorizationRequestState,\n AuthorizationResponsePayload,\n AuthorizationResponseStateWithVerifiedData,\n CallbackOpts,\n ClaimPayloadCommonOpts,\n ClientMetadataOpts,\n IRPSessionManager,\n PresentationVerificationCallback,\n RequestObjectPayload,\n ResponseMode,\n ResponseURIType,\n SupportedVersion,\n VerifiedAuthorizationResponse,\n VerifyJwtCallback,\n} from '@sphereon/did-auth-siop'\nimport { CheckLinkedDomain } from '@sphereon/did-auth-siop-adapter'\nimport { DIDDocument } from '@sphereon/did-uni-client'\nimport { JwtIssuer } from '@sphereon/oid4vc-common'\nimport { IPresentationDefinition } from '@sphereon/pex'\nimport { IDIDOptions } from '@sphereon/ssi-sdk-ext.did-utils'\nimport { ExternalIdentifierOIDFEntityIdOpts, IIdentifierResolution, ManagedIdentifierOptsOrResult } from '@sphereon/ssi-sdk-ext.identifier-resolution'\nimport { IJwtService } from '@sphereon/ssi-sdk-ext.jwt-service'\nimport { ICredentialValidation, SchemaValidation } from '@sphereon/ssi-sdk.credential-validation'\nimport { ImDLMdoc } from '@sphereon/ssi-sdk.mdl-mdoc'\nimport { IPDManager, VersionControlMode } from '@sphereon/ssi-sdk.pd-manager'\nimport { IPresentationExchange } from '@sphereon/ssi-sdk.presentation-exchange'\nimport { ISDJwtPlugin } from '@sphereon/ssi-sdk.sd-jwt'\nimport { AuthorizationRequestStateStatus } from '@sphereon/ssi-sdk.siopv2-oid4vp-common'\nimport { DcqlQueryPayload, HasherSync } from '@sphereon/ssi-types'\nimport { VerifyCallback } from '@sphereon/wellknown-dids-client'\nimport { IAgentContext, ICredentialIssuer, ICredentialVerifier, IDIDManager, IKeyManager, IPluginMethodMap, IResolver } from '@veramo/core'\n\nimport { Resolvable } from 'did-resolver'\nimport { EventEmitter } from 'events'\n\nexport enum VerifiedDataMode {\n NONE = 'none',\n VERIFIED_PRESENTATION = 'vp',\n CREDENTIAL_SUBJECT_FLATTENED = 'cs-flat',\n}\n\nexport interface ISIOPv2RP extends IPluginMethodMap {\n siopCreateAuthRequestURI(createArgs: ICreateAuthRequestArgs, context: IRequiredContext): Promise<string>\n siopCreateAuthRequestPayloads(createArgs: ICreateAuthRequestArgs, context: IRequiredContext): Promise<IAuthorizationRequestPayloads>\n siopGetAuthRequestState(args: IGetAuthRequestStateArgs, context: IRequiredContext): Promise<AuthorizationRequestState | undefined>\n siopGetAuthResponseState(\n args: IGetAuthResponseStateArgs,\n context: IRequiredContext,\n ): Promise<AuthorizationResponseStateWithVerifiedData | undefined>\n siopUpdateAuthRequestState(args: IUpdateRequestStateArgs, context: IRequiredContext): Promise<AuthorizationRequestState>\n siopDeleteAuthState(args: IDeleteAuthStateArgs, context: IRequiredContext): Promise<boolean>\n siopVerifyAuthResponse(args: IVerifyAuthResponseStateArgs, context: IRequiredContext): Promise<VerifiedAuthorizationResponse>\n siopImportDefinitions(args: ImportDefinitionsArgs, context: IRequiredContext): Promise<void>\n siopGetRedirectURI(args: IGetRedirectUriArgs, context: IRequiredContext): Promise<string | undefined>\n}\n\nexport interface ISiopv2RPOpts {\n defaultOpts?: IRPDefaultOpts\n instanceOpts?: IPEXInstanceOptions[]\n}\n\nexport interface IRPDefaultOpts extends IRPOptions {}\n\nexport interface ICreateAuthRequestArgs {\n queryId: string\n correlationId: string\n useQueryIdInstance?: boolean\n responseURIType: ResponseURIType\n responseURI: string\n responseRedirectURI?: string\n jwtIssuer?: JwtIssuer\n requestByReferenceURI?: string\n nonce?: string\n state?: string\n claims?: ClaimPayloadCommonOpts\n callback?: CallbackOpts\n}\n\nexport interface IGetAuthRequestStateArgs {\n correlationId: string\n queryId?: string\n errorOnNotFound?: boolean\n}\n\nexport interface IGetAuthResponseStateArgs {\n correlationId: string\n queryId?: string\n errorOnNotFound?: boolean\n progressRequestStateTo?: AuthorizationRequestStateStatus\n includeVerifiedData?: VerifiedDataMode\n}\n\nexport interface IUpdateRequestStateArgs {\n queryId: string\n correlationId: string\n state: AuthorizationRequestStateStatus\n error?: string\n}\n\nexport interface IDeleteAuthStateArgs {\n correlationId: string\n queryId?: string\n}\n\nexport interface IVerifyAuthResponseStateArgs {\n authorizationResponse: string | AuthorizationResponsePayload\n queryId?: string\n correlationId: string\n audience?: string\n dcqlQueryPayload?: DcqlQueryPayload\n}\n\nexport interface IDefinitionPair {\n definitionPayload?: IPresentationDefinition\n dcqlPayload?: DcqlQueryPayload\n}\n\nexport interface ImportDefinitionsArgs {\n queries: Array<IDefinitionPair>\n tenantId?: string\n version?: string\n versionControlMode?: VersionControlMode\n}\n\nexport interface IGetRedirectUriArgs {\n correlationId: string\n queryId?: string\n state?: string\n}\n\nexport interface IAuthorizationRequestPayloads {\n authorizationRequest: AuthorizationRequestPayload\n requestObject?: string\n requestObjectDecoded?: RequestObjectPayload\n}\n\nexport interface IPEXDefinitionPersistArgs extends IPEXInstanceOptions {\n definition: IPresentationDefinition\n ttl?: number\n}\n\nexport interface ISiopRPInstanceArgs {\n queryId?: string\n responseRedirectURI?: string\n}\n\nexport interface IPEXInstanceOptions extends IPEXOptions {\n rpOpts?: IRPOptions\n}\n\nexport interface IRPOptions {\n responseMode?: ResponseMode\n supportedVersions?: SupportedVersion[] // The supported version by the RP. The first version will be the default version\n sessionManager?: IRPSessionManager\n clientMetadataOpts?: ClientMetadataOpts\n expiresIn?: number\n eventEmitter?: EventEmitter\n credentialOpts?: CredentialOpts\n verificationPolicies?: VerificationPolicies\n identifierOpts: ISIOPIdentifierOptions\n verifyJwtCallback?: VerifyJwtCallback\n responseRedirectUri?: string\n}\n\nexport interface IPEXOptions {\n presentationVerifyCallback?: PresentationVerificationCallback\n // definition?: IPresentationDefinition\n queryId: string\n version?: string\n tenantId?: string\n}\n\nexport type VerificationPolicies = {\n schemaValidation: SchemaValidation\n}\n\nexport interface PerDidResolver {\n didMethod: string\n resolver: Resolvable\n}\n\nexport interface IAuthRequestDetails {\n rpDIDDocument?: DIDDocument\n id: string\n alsoKnownAs?: string[]\n}\n\nexport interface ISIOPIdentifierOptions extends Omit<IDIDOptions, 'idOpts'> {\n // we replace the legacy idOpts with the Managed Identifier opts from the identifier resolution module\n idOpts: ManagedIdentifierOptsOrResult\n oidfOpts?: ExternalIdentifierOIDFEntityIdOpts\n checkLinkedDomains?: CheckLinkedDomain\n wellknownDIDVerifyCallback?: VerifyCallback\n}\n\n// todo make the necessary changes for mdl-mdoc types\nexport type CredentialOpts = {\n hasher?: HasherSync\n}\n\nexport type IRequiredContext = IAgentContext<\n IResolver &\n IDIDManager &\n IKeyManager &\n IIdentifierResolution &\n ICredentialIssuer &\n ICredentialValidation &\n ICredentialVerifier &\n IPresentationExchange &\n IPDManager &\n ISDJwtPlugin &\n IJwtService &\n ImDLMdoc\n>\n"],"mappings":";;;;;;;;;;;;;;;;;;;;;AAAA;;;;;;;;;ACAA;AAAA,EACE,6BAA+B;AAAA,IAC7B,YAAc;AAAA,MACZ,SAAW;AAAA,QACT,qBAAuB;AAAA,UACrB,MAAQ;AAAA,UACR,YAAc;AAAA,YACZ,WAAa;AAAA,cACX,MAAQ;AAAA,YACV;AAAA,YACA,sBAAwB;AAAA,UAC1B;AAAA,UACA,UAAY,CAAC,WAAW;AAAA,UACxB,aAAe;AAAA,QACjB;AAAA,QACA,0BAA4B;AAAA,UAC1B,MAAQ;AAAA,UACR,YAAc;AAAA,YACZ,YAAc;AAAA,cACZ,MAAQ;AAAA,cACR,YAAc;AAAA,gBACZ,KAAO;AAAA,kBACL,MAAQ;AAAA,gBACV;AAAA,gBACA,OAAS;AAAA,kBACP,MAAQ;AAAA,gBACV;AAAA,gBACA,UAAY;AAAA,kBACV,MAAQ;AAAA,gBACV;AAAA,gBACA,iBAAmB;AAAA,kBACjB,MAAQ;AAAA,gBACV;AAAA,gBACA,MAAQ;AAAA,kBACN,MAAQ;AAAA,kBACR,OAAS;AAAA,oBACP,MAAQ;AAAA,oBACR,YAAc;AAAA,sBACZ,sBAAwB;AAAA,oBAC1B;AAAA,kBACF;AAAA,gBACF;AAAA,gBACA,UAAY;AAAA,kBACV,MAAQ;AAAA,kBACR,OAAS;AAAA,oBACP,MAAQ;AAAA,oBACR,YAAc;AAAA,sBACZ,sBAAwB;AAAA,oBAC1B;AAAA,kBACF;AAAA,gBACF;AAAA,cACF;AAAA,cACA,sBAAwB;AAAA,cACxB,UAAY,CAAC,OAAO,YAAY,QAAQ,UAAU;AAAA,YACpD;AAAA,YACA,WAAa;AAAA,cACX,MAAQ;AAAA,YACV;AAAA,YACA,WAAa;AAAA,cACX,MAAQ;AAAA,YACV;AAAA,YACA,sBAAwB;AAAA,UAC1B;AAAA,UACA,UAAY,CAAC,YAAY;AAAA,UACzB,aAAe;AAAA,QACjB;AAAA,QACA,wBAA0B;AAAA,UACxB,MAAQ;AAAA,UACR,YAAc;AAAA,YACZ,WAAa;AAAA,cACX,MAAQ;AAAA,YACV;AAAA,YACA,sBAAwB;AAAA,UAC1B;AAAA,UACA,UAAY,CAAC,WAAW;AAAA,UACxB,aAAe;AAAA,QACjB;AAAA,QACA,2BAA6B;AAAA,UAC3B,MAAQ;AAAA,UACR,YAAc;AAAA,YACZ,WAAa;AAAA,cACX,MAAQ;AAAA,YACV;AAAA,YACA,SAAW;AAAA,cACT,MAAQ;AAAA,YACV;AAAA,YACA,aAAe;AAAA,cACb,MAAQ;AAAA,YACV;AAAA,YACA,sBAAwB;AAAA,UAC1B;AAAA,UACA,UAAY,CAAC,aAAa,WAAW,aAAa;AAAA,UAClD,aAAe;AAAA,QACjB;AAAA,QACA,WAAa;AAAA,UACX,MAAQ;AAAA,UACR,YAAc;AAAA,YACZ,QAAU;AAAA,cACR,MAAQ;AAAA,YACV;AAAA,YACA,sBAAwB;AAAA,UAC1B;AAAA,UACA,UAAY,CAAC,QAAQ;AAAA,UACrB,aAAe;AAAA,QACjB;AAAA,QACA,yCAA2C;AAAA,UACzC,MAAQ;AAAA,UACR,YAAc;AAAA,YACZ,WAAa;AAAA,cACX,MAAQ;AAAA,YACV;AAAA,YACA,SAAW;AAAA,cACT,MAAQ;AAAA,YACV;AAAA,YACA,aAAe;AAAA,cACb,MAAQ;AAAA,YACV;AAAA,YACA,sBAAwB;AAAA,UAC1B;AAAA,UACA,UAAY,CAAC,aAAa,WAAW,aAAa;AAAA,UAClD,aAAe;AAAA,QACjB;AAAA,QACA,gCAAkC;AAAA,UAChC,MAAQ;AAAA,UACR,YAAc;AAAA,YACZ,KAAO;AAAA,cACL,MAAQ;AAAA,YACV;AAAA,YACA,gBAAkB;AAAA,cAChB,MAAQ;AAAA,cACR,YAAc;AAAA,gBACZ,sBAAwB;AAAA,cAC1B;AAAA,YACF;AAAA,YACA,cAAgB;AAAA,cACd,MAAQ;AAAA,cACR,YAAc;AAAA,gBACZ,sBAAwB;AAAA,cAC1B;AAAA,YACF;AAAA,YACA,sBAAwB;AAAA,UAC1B;AAAA,UACA,UAAY,CAAC,OAAO,kBAAkB,cAAc;AAAA,UACpD,aAAe;AAAA,QACjB;AAAA,QACA,0CAA4C;AAAA,UAC1C,MAAQ;AAAA,UACR,YAAc;AAAA,YACZ,WAAa;AAAA,cACX,MAAQ;AAAA,YACV;AAAA,YACA,+BAAiC;AAAA,cAC/B,MAAQ;AAAA,cACR,YAAc;AAAA,gBACZ,sBAAwB;AAAA,cAC1B;AAAA,YACF;AAAA,YACA,kBAAoB;AAAA,cAClB,MAAQ;AAAA,cACR,YAAc;AAAA,gBACZ,sBAAwB;AAAA,cAC1B;AAAA,YACF;AAAA,YACA,sBAAwB;AAAA,UAC1B;AAAA,UACA,UAAY,CAAC,aAAa,+BAA+B;AAAA,UACzD,aAAe;AAAA,QACjB;AAAA,QACA,qBAAuB;AAAA,UACrB,MAAQ;AAAA,UACR,YAAc;AAAA,YACZ,IAAM;AAAA,cACJ,MAAQ;AAAA,YACV;AAAA,YACA,aAAe;AAAA,cACb,MAAQ;AAAA,cACR,OAAS;AAAA,gBACP,MAAQ;AAAA,cACV;AAAA,YACF;AAAA,YACA,gBAAkB;AAAA,cAChB,MAAQ;AAAA,cACR,YAAc;AAAA,gBACZ,sBAAwB;AAAA,cAC1B;AAAA,YACF;AAAA,YACA,sBAAwB;AAAA,UAC1B;AAAA,UACA,UAAY,CAAC,MAAM,gBAAgB;AAAA,UACnC,aAAe;AAAA,QACjB;AAAA,QACA,yCAA2C;AAAA,UACzC,MAAQ;AAAA,UACR,YAAc;AAAA,YACZ,WAAa;AAAA,cACX,MAAQ;AAAA,YACV;AAAA,YACA,gCAAkC;AAAA,cAChC,MAAQ;AAAA,cACR,YAAc;AAAA,gBACZ,sBAAwB;AAAA,cAC1B;AAAA,YACF;AAAA,YACA,sBAAwB;AAAA,UAC1B;AAAA,UACA,UAAY,CAAC,aAAa,gCAAgC;AAAA,UAC1D,aAAe;AAAA,QACjB;AAAA,QACA,8BAAgC;AAAA,UAC9B,MAAQ;AAAA,UACR,YAAc;AAAA,YACZ,SAAW;AAAA,cACT,MAAQ;AAAA,cACR,YAAc;AAAA,gBACZ,sBAAwB;AAAA,cAC1B;AAAA,YACF;AAAA,YACA,yBAA2B;AAAA,cACzB,MAAQ;AAAA,cACR,YAAc;AAAA,gBACZ,sBAAwB;AAAA,cAC1B;AAAA,YACF;AAAA,YACA,YAAc;AAAA,cACZ,MAAQ;AAAA,cACR,YAAc;AAAA,gBACZ,sBAAwB;AAAA,cAC1B;AAAA,YACF;AAAA,YACA,sBAAwB;AAAA,UAC1B;AAAA,UACA,UAAY,CAAC,WAAW,YAAY;AAAA,UACpC,aAAe;AAAA,QACjB;AAAA,QACA,qCAAuC;AAAA,UACrC,MAAQ;AAAA,UACR,YAAc;AAAA,YACZ,WAAa;AAAA,cACX,MAAQ;AAAA,YACV;AAAA,YACA,+BAAiC;AAAA,cAC/B,MAAQ;AAAA,cACR,YAAc;AAAA,gBACZ,sBAAwB;AAAA,cAC1B;AAAA,YACF;AAAA,YACA,gCAAkC;AAAA,cAChC,MAAQ;AAAA,cACR,YAAc;AAAA,gBACZ,sBAAwB;AAAA,cAC1B;AAAA,YACF;AAAA,YACA,sBAAwB;AAAA,UAC1B;AAAA,UACA,UAAY,CAAC,aAAa,+BAA+B;AAAA,UACzD,aAAe;AAAA,QACjB;AAAA,MACF;AAAA,MACA,SAAW;AAAA,QACT,mBAAqB;AAAA,UACnB,aAAe;AAAA,UACf,WAAa;AAAA,YACX,MAAQ;AAAA,UACV;AAAA,UACA,YAAc;AAAA,QAChB;AAAA,QACA,wBAA0B;AAAA,UACxB,aAAe;AAAA,UACf,WAAa;AAAA,YACX,MAAQ;AAAA,UACV;AAAA,UACA,YAAc;AAAA,QAChB;AAAA,QACA,sBAAwB;AAAA,UACtB,aAAe;AAAA,UACf,WAAa;AAAA,YACX,MAAQ;AAAA,UACV;AAAA,UACA,YAAc;AAAA,QAChB;AAAA,QACA,sBAAwB;AAAA,UACtB,aAAe;AAAA,UACf,WAAa;AAAA,YACX,MAAQ;AAAA,UACV;AAAA,UACA,YAAc;AAAA,YACZ,MAAQ;AAAA,UACV;AAAA,QACF;AAAA,QACA,oCAAsC;AAAA,UACpC,aAAe;AAAA,UACf,WAAa;AAAA,YACX,MAAQ;AAAA,UACV;AAAA,UACA,YAAc;AAAA,YACZ,MAAQ;AAAA,UACV;AAAA,QACF;AAAA,QACA,qCAAuC;AAAA,UACrC,aAAe;AAAA,UACf,WAAa;AAAA,YACX,MAAQ;AAAA,UACV;AAAA,UACA,YAAc;AAAA,YACZ,MAAQ;AAAA,UACV;AAAA,QACF;AAAA,QACA,oCAAsC;AAAA,UACpC,aAAe;AAAA,UACf,WAAa;AAAA,YACX,MAAQ;AAAA,UACV;AAAA,UACA,YAAc;AAAA,YACZ,MAAQ;AAAA,UACV;AAAA,QACF;AAAA,QACA,gCAAkC;AAAA,UAChC,aAAe;AAAA,UACf,WAAa;AAAA,YACX,MAAQ;AAAA,UACV;AAAA,UACA,YAAc;AAAA,YACZ,MAAQ;AAAA,UACV;AAAA,QACF;AAAA,MACF;AAAA,IACF;AAAA,EACF;AACF;;;ACxUA,IAAAA,wBAQO;AACP,IAAAC,sBAAiC;AACjC,IAAAC,kBAA2C;AAC3C,IAAAC,oBAaO;AAEP,kBAA0B;;;AC1B1B,2BAiBO;AACP,2BAAiF;AAEjF,yBAAqD;AACrD,IAAAC,sBAMO;AAGP,uBAKO;AAKP,oBAA6B;AAG7B,qBAA8B;AAEvB,SAASC,kBAAkBC,WAAqB;AACrD,MAAIC,MAAMC,QAAQF,UAAUG,iBAAiB,KAAKH,UAAUG,kBAAkBC,SAAS,GAAG;AACxF,WAAOJ,UAAUG,kBAAkB,CAAA;EACrC;AACA,SAAOE,sCAAiBC;AAC1B;AALgBP;AAOhB,SAASQ,8BAA8BC,oBAA4CC,SAAyB;AAC1G,SAAOD,mBAAmBE,6BACtBF,mBAAmBE,6BACnB,OAAOC,SAAAA;AACL,UAAMC,SAAS,MAAMH,QAAQI,MAAMC,mBAAmB;MACpDC,YAAYJ,KAAKI;MACjBC,qBAAqB;IACvB,CAAA;AACA,WAAO;MAAEC,UAAUL,OAAOA;IAAO;EACnC;AACN;AAVSL;AAYF,SAASW,oCACdC,QACAV,SAAyB;AAEzB,iBAAeW,iCACbT,MACAU,wBAA+C;AAE/C,QAAIC,kCAAiBC,eAAeZ,IAAAA,GAAO;AACzC,YAAMC,UAAyC,MAAMH,QAAQI,MAAMW,wBAAwB;QACzFC,cAAcd;MAChB,CAAA;AAEA,aAAO;QAAEM,UAAU,CAAC,CAACL,QAAOc;MAAQ;IACtC;AAEA,QAAIJ,kCAAiBK,uBAAuBhB,IAAAA,GAAO;AAEjD,UAAIF,QAAQI,MAAMe,uBAAuBC,QAAW;AAClD,eAAOC,QAAQC,OAAO,gEAAA;MACxB;AACA,UAAIV,2BAA2BQ,UAAaR,2BAA2B,MAAM;AAC3E,cAAMW,eAAe,MAAMvB,QAAQI,MAAMe,mBAAmB;UAC1DK,UAAUtB;UACVuB,yBAAyBb;QAC3B,CAAA;AACA,eAAO;UAAEJ,UAAU,CAACe,aAAaG;QAAM;MACzC;AACA,YAAMC,MAAM,mEAAmE;IACjF;AAEA,UAAMxB,SAAS,MAAMH,QAAQI,MAAMwB,mBAAmB;MACpDZ,cAAcd;MACdK,qBAAqB;MACrBsB,SAAS,MAAM7B,QAAQI,MAAM0B,qBAAqBpB,MAAAA,GAASqB,KAAKC,MAAM,GAAA,EAAK,CAAA;IAC7E,CAAA;AACA,WAAO;MAAExB,UAAUL,OAAOK;IAAS;EACrC;AAjCeG;AAmCf,SAAOA;AACT;AAxCgBF;AA0ChB,eAAsBwB,gBAAgB/B,MAMrC;AACC,QAAM,EAAEgC,QAAQC,SAASnC,QAAO,IAAKE;AACrC,QAAM,EAAEkC,eAAc,IAAKF;AAC3B,MAAIG,aAAkDnC,KAAKmC;AAC3D,MAAIC,YAAmCpC,KAAKqC;AAE5C,MAAI,CAACF,cAAcF,WAAWA,QAAQK,SAAS;AAC7C,UAAMC,8BAA8B,MAAMzC,QAAQI,MAAMsC,kBAAkB;MACxEC,QAAQ;QACN;UACEC,cAAcT,QAAQK;UACtBK,SAASV,QAAQU;UACjBC,UAAUX,QAAQW;QACpB;;IAEJ,CAAA;AAEA,QAAIL,4BAA4B9C,SAAS,GAAG;AAC1C,YAAMoD,6BAA6BN,4BAA4B,CAAA;AAC/D,UAAI,CAACH,aAAaS,2BAA2BC,aAAa;AACxDV,oBAAYS,2BAA2BC,YAAYV;MACrD;IACF;EACF;AAEA,QAAMW,aAAab,eAAec,uBAAwB,UAAMC,uCAAmBnD,OAAAA;AACnF,QAAMoD,eAAelB,OAAOkB,gBAAgB,IAAIC,2BAAAA;AAEhD,QAAMC,wBAA4C;;;IAGhDC,kCAAkC;MAACC,iCAAYC;MAAOD,iCAAYE;MAAOF,iCAAYG;;IACrFC,wCAAwC;MAACJ,iCAAYC;MAAOD,iCAAYE;MAAOF,iCAAYG;;IAC3FE,wBAAwB;MAACC,kCAAaC;;IACtCC,aAAa;IACbC,oBAAoB;MAClBC,QAAQ;QAAEC,KAAK;UAAC;UAAS;;MAAU;MACnCC,QAAQ;QAAED,KAAK;UAAC;UAAU;;MAAS;IACrC;IACAE,iBAAiB;MAACC,2BAAMC;;IACxBC,uBAAuB;MAACC,iCAAYC;;IACpCC,gCAAgC1B,WAAW2B,IAAI,CAACC,WAAW,OAAOA,MAAAA,EAAQ;IAC1EC,QAAQC,4BAAOC;EACjB;AAEA,QAAMC,WACJ/C,OAAOE,eAAe8C,aAAaD,gBACnCE,qCAAiBnF,SAAS;IACxBoF,oBAAoB;IACpBC,iBAAiB;IACjBC,uBAAuBpD,OAAOE,eAAe8C,aAAaK,gCAAgC;EAC5F,CAAA;AAEF,MAAIC,SAAiCtD,OAAOuD,gBAAgBD;AAC5D,MAAI,CAACtD,OAAOuD,gBAAgBD,UAAU,OAAOtD,OAAOuD,gBAAgBD,WAAW,YAAY;AACzFA,aAASE;EACX;AAEA,QAAMC,UAAUC,wBAAGD,QAAQ;IAAEE,gBAAgBvG,kBAAkB4C,MAAAA;EAAQ,CAAA,EACpE4D,UAAU,UAAUC,oCAAeC,cAAc,EACjDC,iBAAiB/D,OAAOgE,gBAAgBC,kCAAaC,IAAI,EACzDC,iBAAiBvC,kCAAawC,UAAUP,oCAAeC,cAAc,EAErEO,sBACCrE,OAAOxC,qBAAqB;IAACE,sCAAiBC;IAAgCD,sCAAiB4G;IAAY5G,sCAAiB6G;GAAW,EAGxIC,iBAAiBtD,YAAAA,EACjBuD,mBAAmBzE,OAAO0E,kBAAkB,IAAIC,8CAAyBzD,YAAAA,CAAAA,EACzE0D,mBAAmB5E,OAAO6E,sBAAsBzD,uBAAuByC,oCAAeC,cAAc,EACpGgB,sBACC9E,OAAO+E,oBACH/E,OAAO+E,oBACPC,qBACE;IACEjC;IACAkC,YAAY;MACVlH,4BAA4BH,8BAA8BoC,OAAOE,gBAAgBpC,OAAAA;MACjFoH,mBAAmB;IACrB;EACF,GACApH,OAAAA,CAAAA,EAGPqH,2BAA2BC,4CAAuBC,KAAK,EACvDC,6BAA6B/G,oCAAoC2B,eAAe1B,QAAQV,OAAAA,CAAAA;AAE3F,QAAMyH,WAAWrF,eAAeqF;AAChC,MAAIA,gBAAYC,0DAAqCD,QAAAA,GAAW;AAC9D9B,YAAQgC,aAAaF,SAASG,YAAY7B,oCAAeC,cAAc;EACzE,OAAO;AACL,UAAM6B,aAAa,MAAM7H,QAAQI,MAAM0B,qBAAqBM,eAAe1B,MAAM;AACjF,UAAMoH,WAAmB5F,OAAO6E,oBAAoBgB,aAAaF,WAAWG,eAAWC,kDAA6BJ,UAAAA,IAAcA,WAAWK,MAAML,WAAWM;AAC9J,UAAMC,mBAAmBC,eAAeP,QAAAA;AACxCnC,YAAQ2C,aAAaF,kBAAkBrC,oCAAeC,cAAc;EACtE;AAEA,MAAIR,QAAQ;AACVG,YAAQ4C,WAAW/C,MAAAA;EACrB;AASA,MAAIlD,WAAW;AACbqD,YAAQ6C,cAAclG,SAAAA;EACxB;AAEA,MAAIJ,OAAOuG,qBAAqB;AAC9B9C,YAAQ+C,wBAAwBxG,OAAOuG,mBAAmB;EAC5D;AAgBA,QAAME,oBAAoBC,aAAa1G,OAAOE,eAAe1B,QAAQV,OAAAA;AACrE2F,UAAQkD,sBAAsBF,iBAAAA;AAC9B,SAAOhD;AACT;AA3IsB1D;AA6If,SAAS2G,aACdlI,QACAV,SAAyB;AAEzB,SAAO,OAAO8I,WAAsBC,KAAiDhH,QAAAA;AACnF,QAAI,MAAEiH,gDAA2BtI,MAAAA,SAAWuI,gDAA2BvI,MAAAA,IAAU;AAC/E,aAAOW,QAAQC,OAAOK,MAAM,qBAAqBmH,UAAUjE,MAAM,oBAAoB,CAAA;IACvF;AACA,UAAM1E,SAA2B,MAAMH,QAAQI,MAAM8I,6BAA6B;;;MAGhFlB,QAAQ;QAAEJ,YAAYlH,OAAOkH;QAAYuB,WAAWzI,OAAOyI;QAAWC,sBAAsB;MAAM;;;MAGlGC,iBAAiBN,IAAIO;MACrBrI,SAAS8H,IAAI9H;IACf,CAAA;AACA,WAAOd,OAAO4I;EAChB;AACF;AAnBgBH;AAqBhB,SAAS1B,qBACPqC,OAOAvJ,SAAyB;AAEzB,SAAO,OAAOwJ,cAAcT,QAAAA;AAC1B,UAAM5I,SAAS,MAAMH,QAAQI,MAAMqJ,sBAAsB;MAAEC,KAAKX,IAAIY;IAAI,CAAA;AACxEC,YAAQC,IAAI1J,OAAO2J,OAAO;AAC1B,WAAO,CAAC3J,OAAOuB;EACjB;AACF;AAfSwF;AAqBF,SAAS6C,eAAeC,MAAc;AAC3C,UAAQA,MAAAA;IACN,KAAK;AACH,aAAOC,iCAAYC;IACrB,KAAK;AACH,aAAOD,iCAAYE;IACrB,KAAK;AACH,aAAOF,iCAAYG;;IAErB,KAAK;AACH,aAAOH,iCAAYI;IACrB;AACE,YAAMC,MAAM,4BAAA;EAChB;AACF;AAdgBP;AAgBT,SAASQ,eAAeC,UAAgB;AAE7C,MAAIA,SAASC,WAAW,MAAA,GAAS;AAC/B,WAAO,GAAGC,4CAAuBC,wBAAwB,IAAIH,QAAAA;EAC/D;AAEA,SAAOA;AACT;AAPgBD;;;AC7ShB,kBAA6B;AAE7B,IAAAK,sBAIO;AAEA,IAAMC,aAAN,MAAMA;EATb,OASaA;;;EACHC;EACSC;EACAC;EAEjB,YAAmB,EAAEC,QAAQC,QAAO,GAAmD;AACrF,SAAKF,aAAaC;AAClB,SAAKF,cAAcG;EACrB;EAEA,MAAaC,IAAIC,SAAwC;AACvD,QAAI,CAAC,KAAKN,KAAK;AACb,YAAMO,UAAU,MAAMC,gBAAgB;QACpCL,QAAQ,KAAKD;QACbE,SAAS,KAAKH;QACdK;MACF,CAAA;AACA,WAAKN,MAAMO,QAAQE,MAAK;IAC1B;AACA,WAAO,KAAKT;EACd;EAEA,IAAIU,YAAY;AACd,WAAO,KAAKR;EACd;EAEA,IAAIS,aAAa;AACf,WAAO,KAAKV;EACd;EAEOW,gBAAyB;AAC9B,WAAO,KAAKC,iBAAiBC;EAC/B;EAEA,IAAID,eAAmC;AACrC,WAAO,KAAKF,YAAYI;EAC1B;EAEA,MAAaC,0BAA0BV,SAAyE;AAC9G,WAAO,KAAKO,eACR,MAAMP,QAAQW,MAAMC,sBAAsB;MACxCL,cAAc,KAAKA;MACnBM,UAAU,KAAKR,YAAYQ;IAC7B,CAAA,IACAL;EACN;EAEA,MAAaM,8BAA8BC,YAAoCf,SAAyC;AACtH,UAAM,EAAEgB,eAAeP,SAASQ,QAAQC,uBAAuBC,aAAaC,iBAAiBC,SAAQ,IAAKN;AAC1G,UAAMO,QAAQP,WAAWO,aAASC,YAAAA,IAAAA;AAClC,UAAMC,QAAQT,WAAWS,SAASR;AAClC,QAAIS;AACJ,UAAMC,SAAS,KAAKtB,UAAUuB,eAAeD;AAC7C,UAAME,aAAa,UAAMC,mDAA8BH,QAAQ1B,OAAAA;AAC/D,YAAI8B,kDAA6BF,UAAAA,GAAa;AAC5CH,kBAAY;QAAEM,QAAQH,WAAWI;QAAKC,QAAQ;QAAOC,KAAKC,eAAeP,WAAWQ,IAAIC,IAAI;MAAE;IAChG,eAAWC,kDAA6BV,UAAAA,GAAa;AACnD,UAAI,CAACA,WAAWW,QAAQ;AACtB,eAAOC,QAAQC,OAAO,0BAAA;MACxB;AACAhB,kBAAY;QACVc,QAAQX,WAAWW;QACnBG,KAAKd,WAAWc;QAChBT,QAAQ;QACRC,KAAKC,eAAeP,WAAWQ,IAAIC,IAAI;MACzC;IACF,OAAO;AACL,aAAOG,QAAQC,OAAOE,MAAM,qBAAqBf,WAAWK,MAAM,oBAAoB,CAAA;IACxF;AAEA,WAAO,MAAM,KAAKlC,IAAIC,OAAAA,EAAS4C,KAAK,CAACC,OACnCA,GAAG/B,8BAA8B;MAC/BgC,SAASC,kBAAkB,KAAK3C,SAAS;MACzCY;MACAP;MACAa;MACAE;MACAP;MACAC;MACAC;MACAC;MACAK;MACAJ;IACF,CAAA,CAAA;EAEJ;EAEA,MAAa2B,2BACXjC,YACAf,SAC+B;AAC/B,UAAM,EAAEgB,eAAeC,QAAQC,uBAAuBC,aAAaC,gBAAe,IAAKL;AACvF,UAAMO,QAAQP,WAAWO,aAASC,YAAAA,IAAAA;AAClC,UAAMC,QAAQT,WAAWS,SAASR;AAClC,UAAMU,SAAS,KAAKtB,UAAUuB,eAAeD;AAC7C,UAAME,aAAa,UAAMC,mDAA8BH,QAAQ1B,OAAAA;AAE/D,QAAIyB;AACJ,YAAIa,kDAA6BV,UAAAA,KAAeA,WAAWW,QAAQ;AACjEd,kBAAY;QACVQ,QAAQL,WAAWK;QACnBC,KAAKC,eAAeP,WAAWQ,IAAIC,IAAI;QACvCK,KAAKd,WAAWc;QAChBH,QAAQX,WAAWW;MACrB;IACF,eAAWT,kDAA6BF,UAAAA,GAAa;AACnDH,kBAAY;QACVQ,QAAQL,WAAWK;QACnBC,KAAKC,eAAeP,WAAWQ,IAAIC,IAAI;QACvCN,QAAQH,WAAWqB;MACrB;IACF,OAAO;AACL,aAAOT,QAAQC,OAAOE,MAAM,qCAAA,CAAA;IAC9B;AAEA,WAAO,MAAM,KAAK5C,IAAIC,OAAAA,EAAS4C,KAAK,CAACC,OACnCA,GAAGG,2BAA2B;MAC5BF,SAASC,kBAAkB,KAAK3C,SAAS;MACzCY;MACAM;MACAE;MACAP;MACAC;MACAE;MACAD;MACAM;IACF,CAAA,CAAA;EAEJ;AACF;;;AF7FO,IAAMyB,WAAN,MAAMA,UAAAA;EAhDb,OAgDaA;;;EACMC;EACjB,OAAwBC,oBAAoB;EAC3BC,YAAqC,oBAAIC,IAAAA;EACjDC,SAASA,sBAAOC;EAEhBC,UAAqB;IAC5BC,0BAA0B,KAAKC,8BAA8BC,KAAK,IAAI;IACtEC,+BAA+B,KAAKC,mCAAmCF,KAAK,IAAI;IAChFG,yBAAyB,KAAKC,oBAAoBJ,KAAK,IAAI;IAC3DK,0BAA0B,KAAKC,qBAAqBN,KAAK,IAAI;IAC7DO,4BAA4B,KAAKC,uBAAuBR,KAAK,IAAI;IACjES,qBAAqB,KAAKC,gBAAgBV,KAAK,IAAI;IACnDW,wBAAwB,KAAKA,uBAAuBX,KAAK,IAAI;IAC7DY,uBAAuB,KAAKA,sBAAsBZ,KAAK,IAAI;IAC3Da,oBAAoB,KAAKA,mBAAmBb,KAAK,IAAI;EACvD;EAEA,YAAYT,MAAqB;AAC/B,SAAKA,OAAOA;EACd;EAEOuB,eAAeC,eAA+BC,SAA2B;AAE9E,SAAKzB,KAAK0B,cAAcF;AAExB,QACE,CAAC,KAAKxB,KAAK0B,YAAYC,eAAeC,aAAaC,YACnD,OAAO,KAAK7B,KAAK0B,YAAYC,eAAeC,YAAYC,SAASC,YAAY,YAC7E;AACA,WAAK9B,KAAK0B,YAAYC,eAAeC,cAAc;QACjD,GAAG,KAAK5B,KAAK0B,YAAYC,eAAeC;QACxCC,cAAUE,sCAAiBN,SAAS;UAAEO,uBAAuB;UAAMC,oBAAoB;UAAMC,iBAAiB;QAAK,CAAA;MACrH;IACF;EACF;EAEA,MAAc1B,8BAA8B2B,YAAoCV,SAA4C;AAC1H,WAAO,MAAM,KAAKW,cAAc;MAAEC,qBAAqBF,WAAWE;MAAqB,GAAIF,WAAWG,uBAAuB,QAAQ;QAAEC,SAASJ,WAAWI;MAAQ;IAAI,GAAGd,OAAAA,EACvKe,KAAK,CAACC,OAAOA,GAAGjC,8BAA8B2B,YAAYV,OAAAA,CAAAA,EAC1De,KAAK,CAACE,QAAQA,IAAIC,UAAU;EACjC;EAEA,MAAchC,mCACZwB,YACAV,SACwC;AACxC,WAAO,MAAM,KAAKW,cAAc;MAAEG,SAASJ,WAAWI;IAAQ,GAAGd,OAAAA,EAC9De,KAAK,CAACC,OAAOA,GAAGG,2BAA2BT,YAAYV,OAAAA,CAAAA,EACvDe,KAAK,OAAOK,YAAAA;AACX,YAAMC,cAA6C;QACjDC,sBAAsBF,QAAQG;QAC9BC,eAAe,MAAMJ,QAAQK,iBAAgB;QAC7CC,sBAAsBN,QAAQI,eAAeG,WAAAA;MAC/C;AACA,aAAON;IACT,CAAA;EACJ;EAEA,MAAcjC,oBAAoBwC,MAAgC5B,SAA2E;AAC3I,WAAO,MAAM,KAAKW,cAAc;MAAEG,SAASc,KAAKd;IAAQ,GAAGd,OAAAA,EAASe,KAAK,CAACC,OACxEA,GAAGa,IAAI7B,OAAAA,EAASe,KAAK,CAACC,QACpBA,IAAGc,eAAeC,+BAA+BH,KAAKI,eAAeJ,KAAKK,eAAe,CAAA,CAAA;EAG/F;EAEA,MAAc3C,qBACZsC,MACA5B,SACiE;AACjE,UAAMkC,aAAyB,MAAM,KAAKvB,cAAc;MAAEG,SAASc,KAAKd;IAAQ,GAAGd,OAAAA;AACnF,UAAMmC,6BAAqE,MAAMD,WAC9EL,IAAI7B,OAAAA,EACJe,KAAK,CAACC,OAAOA,GAAGc,eAAeM,gCAAgCR,KAAKI,eAAeJ,KAAKK,eAAe,CAAA;AAC1G,QAAIE,+BAA+BE,QAAW;AAC5C,aAAOA;IACT;AAEA,UAAMC,gBAAgBH;AACtB,QACEG,cAAcC,WAAWC,uDAAiCC,YAC1Db,KAAKc,uBACLd,KAAKc,wBAAwBC,iBAAiBC,MAC9C;AACA,UAAIC;AACJ,UACEC,mCAAiBC,eAAeT,cAAcU,SAASzB,QAAQ0B,QAAQ,MACtE,CAACf,WAAWgB,UAAUC,gBAAgBN,UAAU,OAAOX,WAAWgB,UAAUC,gBAAgBN,WAAW,aACxG;AACAA,iBAASO,gBAAAA;MACX;AAEA,YAAMC,sBAAsBP,mCAAiBQ;QAC3ChB,cAAcU,SAASzB,QAAQ0B;;QAE/BJ;MAAAA;AAEF,cAAQjB,KAAKc,qBAAmB;QAC9B,KAAKC,iBAAiBY;AACpBjB,wBAAcU,SAASzB,QAAQiC,eAAe,KAAKC,yBAAyBJ,mBAAAA;AAC5E;QACF,KAAKV,iBAAiBe;AACpB,gBAAMC,YAA8B,CAAC;AACrC,qBAAWC,cAAc,KAAKH,yBAAyBJ,mBAAAA,EAAqBQ,wBAAwB,CAAA,GAAI;AACtG,kBAAMC,KAAKF;AACX,kBAAMG,yBAAyB,MAAM/D,QAAQgE,MAAMC,eAAe;cAChEL;cACAf;cACAqB,kBAAkBhC,WAAWgB,UAAUiB,sBAAsBC;YAC/D,CAAA;AACA,gBAAI,CAACL,uBAAuBM,QAAQ;AAClC/B,4BAAcC,SAASC,uDAAiC8B;AACxDhC,4BAAciC,QAAQ,IAAIC,MAAMT,uBAAuBQ,KAAK;AAC5D,qBAAOjC;YACT;AAEA,kBAAMmC,oBAAoBX,GAAGW;AAC7B,gBAAI,EAAE,QAAQd,YAAY;AACxBA,wBAAU,IAAA,IAAQc,kBAAkBC;YACtC;AAEAC,mBAAOC,QAAQH,iBAAAA,EAAmBI,QAAQ,CAAC,CAACC,KAAKC,KAAAA,MAAM;AACrD,kBAAI,EAAED,OAAOnB,YAAY;AACvBA,0BAAUmB,GAAAA,IAAOC;cACnB;YACF,CAAA;UACF;AACAzC,wBAAckB,eAAeG;AAC7B;MACJ;IACF;AACA,WAAOrB;EACT;EAEQmB,2BAA2B,wBACjCJ,wBAOAP,mCAAiBkC,yBAAyB3B,mBAAAA,IACtCA,oBAAoB4B,iBACpBnC,mCAAiBoC,sBAAsB7B,mBAAAA,GAVV;EAYnC,MAAc7D,uBAAuBoC,MAA+B5B,SAA+D;AACjI,QAAI4B,KAAKuD,UAAU,iCAAiC;AAClD,YAAMX,MAAM,wFAAwF;IACtG;AACA,WAAO,MAAM,KAAK7D,cAAc;MAAEG,SAASc,KAAKd;IAAQ,GAAGd,OAAAA,EAExDe,KAAK,CAACC,OACLA,GAAGa,IAAI7B,OAAAA,EAASe,KAAK,OAAOC,QAAAA;AAC1B,YAAMA,IAAGoE,2BAA2B;QAClCpD,eAAeJ,KAAKI;QACpBuC,OAAO3C,KAAK2C,QAAQ,IAAIC,MAAM5C,KAAK2C,KAAK,IAAIlC;MAC9C,CAAA;AACA,aAAQ,MAAMrB,IAAGc,eAAeC,+BAA+BH,KAAKI,eAAe,IAAA;IACrF,CAAA,CAAA;EAEN;EAEA,MAActC,gBAAgBkC,MAAiC5B,SAA6C;AAC1G,WAAO,MAAM,KAAKW,cAAc;MAAEG,SAASc,KAAKd;IAAQ,GAAGd,OAAAA,EACxDe,KAAK,CAACC,OAAOA,GAAGa,IAAI7B,OAAAA,EAASe,KAAK,CAACC,QAAOA,IAAGc,eAAeuD,4BAA4BzD,KAAKI,aAAa,CAAA,CAAA,EAC1GjB,KAAK,MAAM,IAAA;EAChB;EAEA,MAAcpB,uBAAuBiC,MAAoC5B,SAAmE;AAC1I,QAAI,CAAC4B,KAAK0D,uBAAuB;AAC/B,YAAMd,MAAM,2CAAA;IACd;AACA,UAAMe,eACJ,OAAO3D,KAAK0D,0BAA0B,eACjCE,uCAAgB5D,KAAK0D,qBAAqB,IAC3C1D,KAAK0D;AACX,WAAO,MAAM,KAAK3E,cAAc;MAAEG,SAASc,KAAKd;IAAQ,GAAGd,OAAAA,EAASe,KAAK,CAACC,OACxEA,GAAGa,IAAI7B,OAAAA,EAASe,KAAK,CAACC,QACpBA,IAAGyE,4BAA4BF,cAAc;MAC3CvD,eAAeJ,KAAKI;MACpB,GAAIJ,KAAK8D,mBAAmB;QAAEC,WAAW/D,KAAK8D,iBAAiBC;MAAU,IAAI,CAAC;MAC9EC,UAAUhE,KAAKgE;IACjB,CAAA,CAAA,CAAA;EAGN;EAEA,MAAchG,sBAAsBgC,MAA6B5B,SAA0C;AACzG,UAAM,EAAE6F,SAASC,UAAUC,SAASC,mBAAkB,IAAKpE;AAC3D,UAAMqE,QAAQC,IACZL,QAAQM,IAAI,OAAOC,mBAAAA;AACjB,YAAMC,oBAAoBD,eAAeC;AACzC,UAAI,CAACA,qBAAqB,CAACD,eAAeE,aAAa;AACrD,eAAOL,QAAQM,OAAO/B,MAAM,2DAAA,CAAA;MAC9B;AAEA,UAAIgC;AACJ,UAAIJ,eAAeE,aAAa;AAC9BG,8BAAUC,SAASN,eAAeE,YAAYX,SAAS;AACvDgB,gBAAQC,IAAI,8BAA8BR,eAAeE,YAAYxF,OAAO,4BAA4BkF,kBAAAA,EAAoB;AAC5HQ,uBAAeJ,eAAeE,YAAYxF;MAC5C;AACA,UAAIuF,mBAAmB;AACrB,cAAMrG,QAAQgE,MAAM6C,sBAAsB;UAAEC,YAAYT;QAAkB,CAAA;AAC1EM,gBAAQC,IAAI,6BAA6BP,kBAAkB3B,EAAE,MAAM2B,kBAAkBU,IAAI,4BAA4Bf,kBAAAA,EAAoB;AACzIQ,uBAAeH,kBAAkB3B;MACnC;AAEA,aAAO1E,QAAQgE,MAAMgD,qBAAqB;QACxCC,gBAAgB;UACdT;UACAV;UACAC;UACAM;UACAC,aAAaF,eAAeE;QAC9B;QACA/H,MAAM;UAAEyH;QAAuC;MACjD,CAAA;IACF,CAAA,CAAA;EAEJ;EAEA,MAAcnG,mBAAmB+B,MAA2B5B,SAAwD;AAClH,UAAMkH,aAAatF,KAAKd,WAAWxC,UAASE;AAC5C,QAAI,KAAKC,UAAU0I,IAAID,UAAAA,GAAa;AAClC,YAAMhF,aAAa,KAAKzD,UAAUoD,IAAIqF,UAAAA;AACtC,UAAIhF,eAAeG,QAAW;AAC5B,cAAMrB,KAAK,MAAMkB,WAAWL,IAAI7B,OAAAA;AAChC,eAAOgB,GAAGoG,uBAAuB;UAC/BC,gBAAgBzF,KAAKI;UACrBA,eAAeJ,KAAKI;UACpB,GAAIJ,KAAKuD,SAAS;YAAEA,OAAOvD,KAAKuD;UAAM;QACxC,CAAA;MACF;IACF;AACA,WAAO9C;EACT;EAEA,MAAM1B,cAAc,EAAEG,SAASF,oBAAmB,GAAyBZ,SAAgD;AACzH,UAAMkH,aAAapG,WAAWxC,UAASE;AACvC,QAAI,CAAC,KAAKC,UAAU0I,IAAID,UAAAA,GAAa;AACnC,YAAMI,eAAe,KAAKC,gBAAgBzG,OAAAA;AAC1C,YAAM0G,SAAS,MAAM,KAAKC,aAAazH,SAAS;QAAEc;QAASF;MAAyC,CAAA;AACpG,UAAI,CAAC4G,OAAOtH,eAAeC,aAAaC,YAAY,OAAOoH,OAAOtH,eAAeC,YAAYC,SAASC,YAAY,YAAY;AAC5H,YAAI,CAACmH,OAAOtH,gBAAgBC,aAAa;AACvCqH,iBAAOtH,iBAAiB;YAAE,GAAGsH,OAAOtH;UAAe;AACnDsH,iBAAOtH,eAAeC,cAAc;YAAE,GAAGqH,OAAOtH,eAAeC;UAAY;QAC7E;AACAwG,gBAAQC,IAAI,iEAAiE9F,OAAAA;AAC7E0G,eAAOtH,eAAeC,YAAYC,eAAWE,sCAAiBN,SAAS;UACrEO,uBAAuB;UACvBE,iBAAiB;UACjBD,oBAAoB;QACtB,CAAA;MACF;AACA,WAAK/B,UAAUiJ,IAAIR,YAAY,IAAIS,WAAW;QAAEH;QAAQI,SAASN;MAAa,CAAA,CAAA;IAChF;AACA,UAAMpF,aAAa,KAAKzD,UAAUoD,IAAIqF,UAAAA;AACtC,QAAItG,qBAAqB;AACvBsB,iBAAWgB,UAAU2E,sBAAsBjH;IAC7C;AACA,WAAOsB;EACT;EAEA,MAAMuF,aAAazH,SAA2BzB,MAA+E;AAC3H,UAAM,EAAEuC,SAASF,oBAAwC,IAAKrC;AAC9D,UAAMuJ,UAAU,KAAKP,gBAAgBzG,OAAAA,GAAU0G,UAAU,KAAKjJ,KAAK0B;AACnE,QAAI,CAAC6H,SAAS;AACZ,YAAMtD,MAAM,6DAA6D1D,OAAAA,EAAS;IACpF;AACA,QAAI,KAAKvC,KAAK0B,aAAa;AACzB,UAAI,CAAC6H,QAAQ5H,gBAAgB;AAC3B4H,gBAAQ5H,iBAAiB,KAAK3B,KAAK0B,aAAaC;MAClD,OAAO;AACL,YAAI,CAAC4H,QAAQ5H,eAAe6H,QAAQ;AAClCD,kBAAQ5H,eAAe6H,SAAS,KAAKxJ,KAAK0B,YAAYC,eAAe6H;QACvE;AACA,YAAI,CAACD,QAAQ5H,eAAe8H,qBAAqB;AAC/CF,kBAAQ5H,eAAe8H,sBAAsB,KAAKzJ,KAAK0B,YAAYC,eAAe8H;QACpF;AACA,YAAI,CAACF,QAAQG,mBAAmB;AAC9BH,kBAAQG,oBAAoB,KAAK1J,KAAK0B,YAAYgI;QACpD;MACF;AACA,UAAI,CAACH,QAAQ5H,eAAeC,eAAe,OAAO2H,QAAQ5H,eAAeC,YAAYC,UAAUC,YAAY,YAAY;AACrHyH,gBAAQ5H,eAAeC,cAAc;UACnC,GAAG,KAAK5B,KAAK0B,YAAYC,eAAeC;UACxCC,UACE,KAAK7B,KAAK0B,YAAYC,gBAAgBC,aAAaC,gBACnDE,sCAAiBN,SAAS;YAAES,iBAAiB;YAAMD,oBAAoB;YAAMD,uBAAuB;UAAK,CAAA;QAC7G;MACF;IACF;AACA,QAAIK,wBAAwByB,UAAazB,wBAAwBkH,QAAQD,qBAAqB;AAC5FC,cAAQD,sBAAsBjH;IAChC;AACA,WAAOkH;EACT;EAEAP,gBAAgBf,cAAwD;AACtE,QAAI,CAAC,KAAKjI,KAAK+I,aAAc,QAAOjF;AAEpC,UAAM6F,cAAc1B,eAAe,KAAKjI,KAAK+I,aAAaa,KAAK,CAACC,MAAMA,EAAEtH,YAAY0F,YAAAA,IAAgBnE;AAEpG,WAAO6F,eAAe,KAAKG,kBAAkB7B,YAAAA;EAC/C;EAEQ6B,kBAAkB7B,cAAkC;AAC1D,QAAI,CAAC,KAAKjI,KAAK+I,aAAc,QAAOjF;AAEpC,UAAMiG,iBAAiB,KAAK/J,KAAK+I,aAAaa,KAAK,CAACC,MAAMA,EAAEtH,YAAY,SAAA;AACxE,QAAIwH,gBAAgB;AAClB,YAAMC,gBAAgB;QAAE,GAAGD;MAAe;AAC1C,UAAI9B,iBAAiBnE,QAAW;AAC9BkG,sBAAczH,UAAU0F;MAC1B;AACA,aAAO+B;IACT;AAEA,WAAOlG;EACT;AACF;;;AG9UO,IAAKmG,mBAAAA,0BAAAA,mBAAAA;;;;SAAAA;;","names":["import_did_auth_siop","import_ssi_sdk_ext","import_ssi_sdk","import_ssi_types","import_ssi_sdk_ext","getRequestVersion","rpOptions","Array","isArray","supportedVersions","length","SupportedVersion","JWT_VC_PRESENTATION_PROFILE_v1","getWellKnownDIDVerifyCallback","siopIdentifierOpts","context","wellknownDIDVerifyCallback","args","result","agent","cvVerifyCredential","credential","fetchRemoteContexts","verified","getPresentationVerificationCallback","idOpts","presentationVerificationCallback","presentationSubmission","CredentialMapper","isSdJwtEncoded","verifySdJwtPresentation","presentation","payload","isMsoMdocOid4VPEncoded","mdocOid4vpRPVerify","undefined","Promise","reject","verifyResult","vp_token","presentation_submission","error","Error","verifyPresentation","domain","identifierManagedGet","kid","split","createRPBuilder","rpOpts","pexOpts","identifierOpts","definition","dcqlQuery","dcql","queryId","presentationDefinitionItems","pdmGetDefinitions","filter","definitionId","version","tenantId","presentationDefinitionItem","dcqlPayload","didMethods","supportedDIDMethods","getAgentDIDMethods","eventEmitter","EventEmitter","defaultClientMetadata","idTokenSigningAlgValuesSupported","SigningAlgo","EDDSA","ES256","ES256K","requestObjectSigningAlgValuesSupported","responseTypesSupported","ResponseType","ID_TOKEN","client_name","vpFormatsSupported","jwt_vc","alg","jwt_vp","scopesSupported","Scope","OPENID_DIDAUTHN","subjectTypesSupported","SubjectType","PAIRWISE","subject_syntax_types_supported","map","method","passBy","PassBy","VALUE","resolver","resolveOpts","getAgentResolver","resolverResolution","localResolution","uniresolverResolution","noUniversalResolverFallback","hasher","credentialOpts","defaultHasher","builder","RP","requestVersion","withScope","PropertyTarget","REQUEST_OBJECT","withResponseMode","responseMode","ResponseMode","POST","withResponseType","VP_TOKEN","withSupportedVersions","SIOPv2_ID1","SIOPv2_D11","withEventEmitter","withSessionManager","sessionManager","InMemoryRPSessionManager","withClientMetadata","clientMetadataOpts","withVerifyJwtCallback","verifyJwtCallback","getVerifyJwtCallback","verifyOpts","checkLinkedDomain","withRevocationVerification","RevocationVerification","NEVER","withPresentationVerification","oidfOpts","isExternalIdentifierOIDFEntityIdOpts","withEntityId","identifier","resolution","clientId","client_id","issuer","isManagedIdentifierDidResult","did","jwkThumbprint","clientIdPrefixed","prefixClientId","withClientId","withHasher","withDcqlQuery","responseRedirectUri","withResponseRedirectUri","createJwtCallback","signCallback","withCreateJwtCallback","jwtIssuer","jwt","isManagedIdentifierDidOpts","isManagedIdentifierX5cOpts","jwtCreateJwsCompactSignature","kmsKeyRef","noIdentifierInHeader","protectedHeader","header","_opts","_jwtVerifier","jwtVerifyJwsSignature","jws","raw","console","log","message","getSigningAlgo","type","SigningAlgo","EDDSA","ES256K","ES256","RS256","Error","prefixClientId","clientId","startsWith","ClientIdentifierPrefix","DECENTRALIZED_IDENTIFIER","import_ssi_sdk_ext","RPInstance","_rp","_pexOptions","_rpOptions","rpOpts","pexOpts","get","context","builder","createRPBuilder","build","rpOptions","pexOptions","hasDefinition","definitionId","undefined","queryId","getPresentationDefinition","agent","pexStoreGetDefinition","tenantId","createAuthorizationRequestURI","createArgs","correlationId","claims","requestByReferenceURI","responseURI","responseURIType","callback","nonce","uuidv4","state","jwtIssuer","idOpts","identifierOpts","resolution","ensureManagedIdentifierResult","isManagedIdentifierDidResult","didUrl","kid","method","alg","getSigningAlgo","key","type","isManagedIdentifierX5cResult","issuer","Promise","reject","x5c","Error","then","rp","version","getRequestVersion","createAuthorizationRequest","did","SIOPv2RP","opts","_DEFAULT_OPTS_KEY","instances","Map","schema","IDidAuthSiopOpAuthenticator","methods","siopCreateAuthRequestURI","createAuthorizationRequestURI","bind","siopCreateAuthRequestPayloads","createAuthorizationRequestPayloads","siopGetAuthRequestState","siopGetRequestState","siopGetAuthResponseState","siopGetResponseState","siopUpdateAuthRequestState","siopUpdateRequestState","siopDeleteAuthState","siopDeleteState","siopVerifyAuthResponse","siopImportDefinitions","siopGetRedirectURI","setDefaultOpts","rpDefaultOpts","context","defaultOpts","identifierOpts","resolveOpts","resolver","resolve","getAgentResolver","uniresolverResolution","resolverResolution","localResolution","createArgs","getRPInstance","responseRedirectURI","useQueryIdInstance","queryId","then","rp","URI","encodedUri","createAuthorizationRequest","request","authRequest","authorizationRequest","payload","requestObject","requestObjectJwt","requestObjectDecoded","getPayload","args","get","sessionManager","getRequestStateByCorrelationId","correlationId","errorOnNotFound","rpInstance","authorizationResponseState","getResponseStateByCorrelationId","undefined","responseState","status","AuthorizationResponseStateStatus","VERIFIED","includeVerifiedData","VerifiedDataMode","NONE","hasher","CredentialMapper","isSdJwtEncoded","response","vp_token","rpOptions","credentialOpts","defaultHasher","presentationDecoded","decodeVerifiablePresentation","VERIFIED_PRESENTATION","verifiedData","presentationOrClaimsFrom","CREDENTIAL_SUBJECT_FLATTENED","allClaims","credential","verifiableCredential","vc","schemaValidationResult","agent","cvVerifySchema","validationPolicy","verificationPolicies","schemaValidation","result","ERROR","error","Error","credentialSubject","id","Object","entries","forEach","key","value","isSdJwtDecodedCredential","decodedPayload","toUniformPresentation","state","signalAuthRequestRetrieved","deleteStateForCorrelationId","authorizationResponse","authResponse","decodeUriAsJson","verifyAuthorizationResponse","dcqlQueryPayload","dcqlQuery","audience","queries","tenantId","version","versionControlMode","Promise","all","map","definitionPair","definitionPayload","dcqlPayload","reject","definitionId","DcqlQuery","validate","console","log","pexValidateDefinition","definition","name","pdmPersistDefinition","definitionItem","instanceId","has","getResponseRedirectUri","correlation_id","instanceOpts","getInstanceOpts","rpOpts","getRPOptions","set","RPInstance","pexOpts","responseRedirectUri","options","idOpts","supportedDIDMethods","supportedVersions","instanceOpt","find","i","getDefaultOptions","defaultOptions","clonedOptions","VerifiedDataMode"]}