@sphereon/ssi-sdk.siopv2-oid4vp-rp-auth 0.34.1-fix.226 → 0.34.1-fix.247

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (6) hide show
  1. package/dist/index.cjs +11 -8
  2. package/dist/index.cjs.map +1 -1
  3. package/dist/index.js +8 -5
  4. package/dist/index.js.map +1 -1
  5. package/package.json +17 -17
  6. package/src/functions.ts +2 -3
package/dist/index.cjs CHANGED
@@ -361,7 +361,7 @@ var plugin_schema_default = {
361
361
  var import_did_auth_siop2 = require("@sphereon/did-auth-siop");
362
362
  var import_ssi_sdk_ext4 = require("@sphereon/ssi-sdk-ext.did-utils");
363
363
  var import_ssi_sdk2 = require("@sphereon/ssi-sdk.core");
364
- var import_uuid2 = require("uuid");
364
+ var import_uuid3 = require("uuid");
365
365
  var import_ssi_types2 = require("@sphereon/ssi-types");
366
366
  var import_dcql = require("dcql");
367
367
 
@@ -372,6 +372,7 @@ var import_ssi_sdk_ext = require("@sphereon/ssi-sdk-ext.did-utils");
372
372
  var import_ssi_sdk_ext2 = require("@sphereon/ssi-sdk-ext.identifier-resolution");
373
373
  var import_ssi_types = require("@sphereon/ssi-types");
374
374
  var import_events = require("events");
375
+ var import_uuid = require("uuid");
375
376
  var import_ssi_sdk = require("@sphereon/ssi-sdk.core");
376
377
  function getRequestVersion(rpOptions) {
377
378
  if (Array.isArray(rpOptions.supportedVersions) && rpOptions.supportedVersions.length > 0) {
@@ -405,9 +406,11 @@ function getDcqlQueryLookupCallback(context) {
405
406
  version
406
407
  }
407
408
  },
408
- {
409
- id: queryId
410
- }
409
+ ...(0, import_uuid.validate)(queryId) ? [
410
+ {
411
+ id: queryId
412
+ }
413
+ ] : []
411
414
  ]
412
415
  });
413
416
  if (result && result.length > 0) {
@@ -600,7 +603,7 @@ function prefixClientId(clientId) {
600
603
  __name(prefixClientId, "prefixClientId");
601
604
 
602
605
  // src/RPInstance.ts
603
- var import_uuid = require("uuid");
606
+ var import_uuid2 = require("uuid");
604
607
  var import_ssi_sdk_ext3 = require("@sphereon/ssi-sdk-ext.identifier-resolution");
605
608
  var RPInstance = class {
606
609
  static {
@@ -631,7 +634,7 @@ var RPInstance = class {
631
634
  }
632
635
  async createAuthorizationRequestURI(createArgs, context) {
633
636
  const { correlationId, queryId, claims, requestByReferenceURI, responseURI, responseURIType, callback } = createArgs;
634
- const nonce = createArgs.nonce ?? (0, import_uuid.v4)();
637
+ const nonce = createArgs.nonce ?? (0, import_uuid2.v4)();
635
638
  const state = createArgs.state ?? correlationId;
636
639
  let jwtIssuer;
637
640
  const idOpts = this.rpOptions.identifierOpts.idOpts;
@@ -671,7 +674,7 @@ var RPInstance = class {
671
674
  }
672
675
  async createAuthorizationRequest(createArgs, context) {
673
676
  const { correlationId, claims, requestByReferenceURI, responseURI, responseURIType } = createArgs;
674
- const nonce = createArgs.nonce ?? (0, import_uuid.v4)();
677
+ const nonce = createArgs.nonce ?? (0, import_uuid2.v4)();
675
678
  const state = createArgs.state ?? correlationId;
676
679
  const idOpts = this.rpOptions.identifierOpts.idOpts;
677
680
  const resolution = await (0, import_ssi_sdk_ext3.ensureManagedIdentifierResult)(idOpts, context);
@@ -927,7 +930,7 @@ var SIOPv2RP = class _SIOPv2RP {
927
930
  if (this.instances.has(queryId)) {
928
931
  rpInstanceId = queryId;
929
932
  rpInstance = this.instances.get(rpInstanceId);
930
- } else if ((0, import_uuid2.validate)(queryId)) {
933
+ } else if ((0, import_uuid3.validate)(queryId)) {
931
934
  try {
932
935
  const pd = await context.agent.pdmGetDefinition({
933
936
  itemId: queryId
package/dist/index.cjs.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"sources":["../src/index.ts","../plugin.schema.json","../src/agent/SIOPv2RP.ts","../src/functions.ts","../src/RPInstance.ts"],"sourcesContent":["/**\n * @public\n */\nimport schema from '../plugin.schema.json'\nexport { schema }\nexport { SIOPv2RP } from './agent/SIOPv2RP'\nexport * from './types/ISIOPv2RP'\n","{\n \"IDidAuthSiopOpAuthenticator\": {\n \"components\": {\n \"schemas\": {\n \"IGetSiopSessionArgs\": {\n \"type\": \"object\",\n \"properties\": {\n \"sessionId\": {\n \"type\": \"string\"\n },\n \"additionalProperties\": false\n },\n \"required\": [\"sessionId\"],\n \"description\": \"Arguments needed for {@link DidAuthSiopOpAuthenticator.getSessionForSiop } \"\n },\n \"IRegisterSiopSessionArgs\": {\n \"type\": \"object\",\n \"properties\": {\n \"identifier\": {\n \"type\": \"object\",\n \"properties\": {\n \"did\": {\n \"type\": \"string\"\n },\n \"alias\": {\n \"type\": \"string\"\n },\n \"provider\": {\n \"type\": \"string\"\n },\n \"controllerKeyId\": {\n \"type\": \"string\"\n },\n \"keys\": {\n \"type\": \"array\",\n \"items\": {\n \"type\": \"object\",\n \"properties\": {\n \"additionalProperties\": true\n }\n }\n },\n \"services\": {\n \"type\": \"array\",\n \"items\": {\n \"type\": \"object\",\n \"properties\": {\n \"additionalProperties\": true\n }\n }\n }\n },\n \"additionalProperties\": false,\n \"required\": [\"did\", \"provider\", \"keys\", \"services\"]\n },\n \"sessionId\": {\n \"type\": \"string\"\n },\n \"expiresIn\": {\n \"type\": \"number\"\n },\n \"additionalProperties\": false\n },\n \"required\": [\"identifier\"],\n \"description\": \"Arguments needed for {@link DidAuthSiopOpAuthenticator.registerSessionForSiop } \"\n },\n \"IRemoveSiopSessionArgs\": {\n \"type\": \"object\",\n \"properties\": {\n \"sessionId\": {\n \"type\": \"string\"\n },\n \"additionalProperties\": false\n },\n \"required\": [\"sessionId\"],\n \"description\": \"Arguments needed for {@link DidAuthSiopOpAuthenticator.removeSessionForSiop } \"\n },\n \"IAuthenticateWithSiopArgs\": {\n \"type\": \"object\",\n \"properties\": {\n \"sessionId\": {\n \"type\": \"string\"\n },\n \"stateId\": {\n \"type\": \"string\"\n },\n \"redirectUrl\": {\n \"type\": \"string\"\n },\n \"additionalProperties\": false\n },\n \"required\": [\"sessionId\", \"stateId\", \"redirectUrl\"],\n \"description\": \"Arguments needed for {@link DidAuthSiopOpAuthenticator.authenticateWithSiop } \"\n },\n \"IResponse\": {\n \"type\": \"object\",\n \"properties\": {\n \"status\": {\n \"type\": \"number\"\n },\n \"additionalProperties\": true\n },\n \"required\": [\"status\"],\n \"description\": \"Result of {@link DidAuthSiopOpAuthenticator.authenticateWithSiop & DidAuthSiopOpAuthenticator.sendSiopAuthenticationResponse } \"\n },\n \"IGetSiopAuthenticationRequestFromRpArgs\": {\n \"type\": \"object\",\n \"properties\": {\n \"sessionId\": {\n \"type\": \"string\"\n },\n \"stateId\": {\n \"type\": \"string\"\n },\n \"redirectUrl\": {\n \"type\": \"string\"\n },\n \"additionalProperties\": false\n },\n \"required\": [\"sessionId\", \"stateId\", \"redirectUrl\"],\n \"description\": \"Arguments needed for {@link DidAuthSiopOpAuthenticator.getSiopAuthenticationRequestFromRP } \"\n },\n \"ParsedAuthenticationRequestURI\": {\n \"type\": \"object\",\n \"properties\": {\n \"jwt\": {\n \"type\": \"string\"\n },\n \"requestPayload\": {\n \"type\": \"object\",\n \"properties\": {\n \"additionalProperties\": true\n }\n },\n \"registration\": {\n \"type\": \"object\",\n \"properties\": {\n \"additionalProperties\": true\n }\n },\n \"additionalProperties\": false\n },\n \"required\": [\"jwt\", \"requestPayload\", \"registration\"],\n \"description\": \"Result of {@link DidAuthSiopOpAuthenticator.getSiopAuthenticationRequestFromRP } \"\n },\n \"IGetSiopAuthenticationRequestDetailsArgs\": {\n \"type\": \"object\",\n \"properties\": {\n \"sessionId\": {\n \"type\": \"string\"\n },\n \"verifiedAuthenticationRequest\": {\n \"type\": \"object\",\n \"properties\": {\n \"additionalProperties\": true\n }\n },\n \"credentialFilter\": {\n \"type\": \"object\",\n \"properties\": {\n \"additionalProperties\": true\n }\n },\n \"additionalProperties\": false\n },\n \"required\": [\"sessionId\", \"verifiedAuthenticationRequest\"],\n \"description\": \"Arguments needed for {@link DidAuthSiopOpAuthenticator.getSiopAuthenticationRequestDetails } \"\n },\n \"IAuthRequestDetails\": {\n \"type\": \"object\",\n \"properties\": {\n \"id\": {\n \"type\": \"string\"\n },\n \"alsoKnownAs\": {\n \"type\": \"array\",\n \"items\": {\n \"type\": \"string\"\n }\n },\n \"vpResponseOpts\": {\n \"type\": \"object\",\n \"properties\": {\n \"additionalProperties\": true\n }\n },\n \"additionalProperties\": false\n },\n \"required\": [\"id\", \"vpResponseOpts\"],\n \"description\": \"Result of {@link DidAuthSiopOpAuthenticator.getSiopAuthenticationRequestDetails } \"\n },\n \"IVerifySiopAuthenticationRequestUriArgs\": {\n \"type\": \"object\",\n \"properties\": {\n \"sessionId\": {\n \"type\": \"string\"\n },\n \"ParsedAuthenticationRequestURI\": {\n \"type\": \"object\",\n \"properties\": {\n \"additionalProperties\": true\n }\n },\n \"additionalProperties\": false\n },\n \"required\": [\"sessionId\", \"ParsedAuthenticationRequestURI\"],\n \"description\": \"Arguments needed for {@link DidAuthSiopOpAuthenticator.verifySiopAuthenticationRequestURI } \"\n },\n \"VerifiedAuthorizationRequest\": {\n \"type\": \"object\",\n \"properties\": {\n \"payload\": {\n \"type\": \"object\",\n \"properties\": {\n \"additionalProperties\": true\n }\n },\n \"presentationDefinitions\": {\n \"type\": \"object\",\n \"properties\": {\n \"additionalProperties\": true\n }\n },\n \"verifyOpts\": {\n \"type\": \"object\",\n \"properties\": {\n \"additionalProperties\": true\n }\n },\n \"additionalProperties\": false\n },\n \"required\": [\"payload\", \"verifyOpts\"],\n \"description\": \"Result of {@link DidAuthSiopOpAuthenticator.verifySiopAuthenticationRequestURI } \"\n },\n \"ISendSiopAuthenticationResponseArgs\": {\n \"type\": \"object\",\n \"properties\": {\n \"sessionId\": {\n \"type\": \"string\"\n },\n \"verifiedAuthenticationRequest\": {\n \"type\": \"object\",\n \"properties\": {\n \"additionalProperties\": true\n }\n },\n \"verifiablePresentationResponse\": {\n \"type\": \"object\",\n \"properties\": {\n \"additionalProperties\": true\n }\n },\n \"additionalProperties\": false\n },\n \"required\": [\"sessionId\", \"verifiedAuthenticationRequest\"],\n \"description\": \"Arguments needed for {@link DidAuthSiopOpAuthenticator.sendSiopAuthenticationResponse } \"\n }\n },\n \"methods\": {\n \"getSessionForSiop\": {\n \"description\": \"Get SIOP session\",\n \"arguments\": {\n \"$ref\": \"#/components/schemas/IGetSiopSessionArgs\"\n },\n \"returnType\": \"object\"\n },\n \"registerSessionForSiop\": {\n \"description\": \"Register SIOP session\",\n \"arguments\": {\n \"$ref\": \"#/components/schemas/IRegisterSiopSessionArgs\"\n },\n \"returnType\": \"object\"\n },\n \"removeSessionForSiop\": {\n \"description\": \"Remove SIOP session\",\n \"arguments\": {\n \"$ref\": \"#/components/schemas/IRemoveSiopSessionArgs\"\n },\n \"returnType\": \"boolean\"\n },\n \"authenticateWithSiop\": {\n \"description\": \"Authenticate using DID Auth SIOP\",\n \"arguments\": {\n \"$ref\": \"#/components/schemas/IAuthenticateWithSiopArgs\"\n },\n \"returnType\": {\n \"$ref\": \"#/components/schemas/Response\"\n }\n },\n \"getSiopAuthenticationRequestFromRP\": {\n \"description\": \"Get authentication request from RP\",\n \"arguments\": {\n \"$ref\": \"#/components/schemas/IGetSiopAuthenticationRequestFromRpArgs\"\n },\n \"returnType\": {\n \"$ref\": \"#/components/schemas/ParsedAuthenticationRequestURI\"\n }\n },\n \"getSiopAuthenticationRequestDetails\": {\n \"description\": \"Get authentication request details\",\n \"arguments\": {\n \"$ref\": \"#/components/schemas/IGetSiopAuthenticationRequestDetailsArgs\"\n },\n \"returnType\": {\n \"$ref\": \"#/components/schemas/IAuthRequestDetails\"\n }\n },\n \"verifySiopAuthenticationRequestURI\": {\n \"description\": \"Verify authentication request URI\",\n \"arguments\": {\n \"$ref\": \"#/components/schemas/IVerifySiopAuthenticationRequestUriArgs\"\n },\n \"returnType\": {\n \"$ref\": \"#/components/schemas/VerifiedAuthorizationRequest\"\n }\n },\n \"sendSiopAuthenticationResponse\": {\n \"description\": \"Send authentication response\",\n \"arguments\": {\n \"$ref\": \"#/components/schemas/ISendSiopAuthenticationResponseArgs\"\n },\n \"returnType\": {\n \"$ref\": \"#/components/schemas/IRequiredContext\"\n }\n }\n }\n }\n }\n}\n","import {\n AuthorizationRequestState,\n AuthorizationResponsePayload,\n AuthorizationResponseState,\n AuthorizationResponseStateStatus,\n AuthorizationResponseStateWithVerifiedData,\n decodeUriAsJson,\n EncodedDcqlPresentationVpToken,\n VerifiedAuthorizationResponse\n} from '@sphereon/did-auth-siop'\nimport { getAgentResolver } from '@sphereon/ssi-sdk-ext.did-utils'\nimport { shaHasher as defaultHasher } from '@sphereon/ssi-sdk.core'\nimport { validate as isValidUUID } from 'uuid'\nimport type { ImportDcqlQueryItem } from '@sphereon/ssi-sdk.pd-manager'\nimport {\n AdditionalClaims,\n CredentialMapper,\n HasherSync,\n ICredentialSubject,\n IPresentation,\n IVerifiableCredential,\n IVerifiablePresentation,\n JwtDecodedVerifiablePresentation,\n MdocDeviceResponse,\n MdocOid4vpMdocVpToken,\n OriginalVerifiablePresentation,\n SdJwtDecodedVerifiableCredential\n} from '@sphereon/ssi-types'\nimport { IAgentPlugin } from '@veramo/core'\nimport { DcqlQuery } from 'dcql'\nimport {\n IAuthorizationRequestPayloads,\n ICreateAuthRequestArgs,\n IGetAuthRequestStateArgs,\n IGetAuthResponseStateArgs,\n IGetRedirectUriArgs,\n ImportDefinitionsArgs,\n IPEXInstanceOptions,\n IRequiredContext,\n IRPDefaultOpts,\n IRPOptions,\n ISiopRPInstanceArgs,\n ISiopv2RPOpts,\n IUpdateRequestStateArgs,\n IVerifyAuthResponseStateArgs,\n schema\n} from '../index'\nimport { RPInstance } from '../RPInstance'\nimport { ISIOPv2RP } from '../types/ISIOPv2RP'\n\nexport class SIOPv2RP implements IAgentPlugin {\n private readonly opts: ISiopv2RPOpts\n private static readonly _DEFAULT_OPTS_KEY = '_default'\n private readonly instances: Map<string, RPInstance> = new Map()\n readonly schema = schema.IDidAuthSiopOpAuthenticator\n\n readonly methods: ISIOPv2RP = {\n siopCreateAuthRequestURI: this.createAuthorizationRequestURI.bind(this),\n siopCreateAuthRequestPayloads: this.createAuthorizationRequestPayloads.bind(this),\n siopGetAuthRequestState: this.siopGetRequestState.bind(this),\n siopGetAuthResponseState: this.siopGetResponseState.bind(this),\n siopUpdateAuthRequestState: this.siopUpdateRequestState.bind(this),\n siopDeleteAuthState: this.siopDeleteState.bind(this),\n siopVerifyAuthResponse: this.siopVerifyAuthResponse.bind(this),\n siopImportDefinitions: this.siopImportDefinitions.bind(this),\n siopGetRedirectURI: this.siopGetRedirectURI.bind(this),\n }\n\n constructor(opts: ISiopv2RPOpts) {\n this.opts = opts\n }\n\n public setDefaultOpts(rpDefaultOpts: IRPDefaultOpts, context: IRequiredContext) {\n // We allow setting default options later, because in some cases you might want to query the agent for defaults. This cannot happen when the agent is being build (this is when the constructor is being called)\n this.opts.defaultOpts = rpDefaultOpts\n // We however do require the agent to be responsible for resolution, otherwise people might encounter strange errors, that are very hard to track down\n if (\n !this.opts.defaultOpts.identifierOpts.resolveOpts?.resolver ||\n typeof this.opts.defaultOpts.identifierOpts.resolveOpts.resolver.resolve !== 'function'\n ) {\n this.opts.defaultOpts.identifierOpts.resolveOpts = {\n ...this.opts.defaultOpts.identifierOpts.resolveOpts,\n resolver: getAgentResolver(context, { uniresolverResolution: true, resolverResolution: true, localResolution: true }),\n }\n }\n }\n\n private async createAuthorizationRequestURI(createArgs: ICreateAuthRequestArgs, context: IRequiredContext): Promise<string> {\n return await this.getRPInstance(\n {\n createWhenNotPresent: true,\n responseRedirectURI: createArgs.responseRedirectURI,\n ...(createArgs.useQueryIdInstance === true && { queryId: createArgs.queryId } ),\n },\n context,\n )\n .then((rp) => rp.createAuthorizationRequestURI(createArgs, context))\n .then((URI) => URI.encodedUri)\n }\n\n private async createAuthorizationRequestPayloads(\n createArgs: ICreateAuthRequestArgs,\n context: IRequiredContext,\n ): Promise<IAuthorizationRequestPayloads> {\n return await this.getRPInstance({ createWhenNotPresent: true, queryId: createArgs.queryId }, context)\n .then((rp) => rp.createAuthorizationRequest(createArgs, context))\n .then(async (request) => {\n const authRequest: IAuthorizationRequestPayloads = {\n authorizationRequest: request.payload,\n requestObject: await request.requestObjectJwt(),\n requestObjectDecoded: request.requestObject?.getPayload(),\n }\n return authRequest\n })\n }\n\n private async siopGetRequestState(args: IGetAuthRequestStateArgs, context: IRequiredContext): Promise<AuthorizationRequestState | undefined> {\n return await this.getRPInstance({ createWhenNotPresent: false, queryId: args.queryId }, context).then((rp) =>\n rp.get(context).then((rp) =>\n rp.sessionManager.getRequestStateByCorrelationId(args.correlationId, args.errorOnNotFound)\n ),\n )\n }\n\n private async siopGetResponseState(\n args: IGetAuthResponseStateArgs,\n context: IRequiredContext,\n ): Promise<AuthorizationResponseStateWithVerifiedData | undefined> {\n const rpInstance: RPInstance = await this.getRPInstance({ createWhenNotPresent: false, queryId: args.queryId }, context)\n const authorizationResponseState: AuthorizationResponseState | undefined = await rpInstance\n .get(context)\n .then((rp) => rp.sessionManager.getResponseStateByCorrelationId(args.correlationId, args.errorOnNotFound))\n if (authorizationResponseState === undefined) {\n return undefined\n }\n\n const responseState = authorizationResponseState as AuthorizationResponseStateWithVerifiedData\n if (responseState.status === AuthorizationResponseStateStatus.VERIFIED) {\n let hasher: HasherSync | undefined\n if (\n CredentialMapper.isSdJwtEncoded(responseState.response.payload.vp_token as OriginalVerifiablePresentation) &&\n (!rpInstance.rpOptions.credentialOpts?.hasher || typeof rpInstance.rpOptions.credentialOpts?.hasher !== 'function')\n ) {\n hasher = defaultHasher\n }\n\n // FIXME SSISDK-64 currently assuming that all vp tokens are or type EncodedDcqlPresentationVpToken as we only work with DCQL now. But the types still indicate it can be another type of vp token\n const vpToken = responseState.response.payload.vp_token && JSON.parse(responseState.response.payload.vp_token as EncodedDcqlPresentationVpToken)\n const claims = []\n for (const [key, value] of Object.entries(vpToken)) {\n // todo this should also include mdl-mdoc\n const presentationDecoded = CredentialMapper.decodeVerifiablePresentation(\n value as OriginalVerifiablePresentation,\n //todo: later we want to conditionally pass in options for mdl-mdoc here\n hasher,\n )\n console.log(`presentationDecoded: ${JSON.stringify(presentationDecoded)}`)\n\n const allClaims: AdditionalClaims = {}\n const presentationOrClaims = this.presentationOrClaimsFrom(presentationDecoded)\n if ('verifiableCredential' in presentationOrClaims) {\n for (const credential of presentationOrClaims.verifiableCredential) {\n const vc = credential as IVerifiableCredential\n const schemaValidationResult = await context.agent.cvVerifySchema({\n credential,\n hasher,\n validationPolicy: rpInstance.rpOptions.verificationPolicies?.schemaValidation,\n })\n if (!schemaValidationResult.result) {\n responseState.status = AuthorizationResponseStateStatus.ERROR\n responseState.error = new Error(schemaValidationResult.error)\n return responseState\n }\n\n const credentialSubject = vc.credentialSubject as ICredentialSubject & AdditionalClaims\n if (!('id' in allClaims)) {\n allClaims['id'] = credentialSubject.id\n }\n\n Object.entries(credentialSubject).forEach(([key, value]) => {\n if (!(key in allClaims)) {\n allClaims[key] = value\n }\n })\n\n claims.push({\n id: key,\n type: vc.type[0],\n claims: allClaims\n })\n }\n } else {\n claims.push({\n id: key,\n type: (presentationDecoded as SdJwtDecodedVerifiableCredential).decodedPayload.vct,\n claims: presentationOrClaims\n })\n }\n }\n\n responseState.verifiedData = {\n ...(responseState.response.payload.vp_token && {\n authorization_response: {\n vp_token: typeof responseState.response.payload.vp_token === 'string'\n ? JSON.parse(responseState.response.payload.vp_token)\n : responseState.response.payload.vp_token\n }\n }),\n ...(claims.length > 0 && { credential_claims: claims })\n }\n }\n\n return responseState\n }\n\n private presentationOrClaimsFrom = (\n presentationDecoded:\n | JwtDecodedVerifiablePresentation\n | IVerifiablePresentation\n | SdJwtDecodedVerifiableCredential\n | MdocOid4vpMdocVpToken\n | MdocDeviceResponse\n ): AdditionalClaims | IPresentation => {\n return CredentialMapper.isSdJwtDecodedCredential(presentationDecoded)\n ? presentationDecoded.decodedPayload\n : CredentialMapper.toUniformPresentation(presentationDecoded as OriginalVerifiablePresentation)\n }\n\n private async siopUpdateRequestState(args: IUpdateRequestStateArgs, context: IRequiredContext): Promise<AuthorizationRequestState> {\n if (args.state !== 'authorization_request_created') {\n throw Error(`Only 'authorization_request_created' status is supported for this method at this point`)\n }\n return await this.getRPInstance({ createWhenNotPresent: false, queryId: args.queryId }, context)\n // todo: In the SIOP library we need to update the signal method to be more like this method\n .then((rp) =>\n rp.get(context).then(async (rp) => {\n await rp.signalAuthRequestRetrieved({\n correlationId: args.correlationId,\n error: args.error ? new Error(args.error) : undefined,\n })\n return (await rp.sessionManager.getRequestStateByCorrelationId(args.correlationId, true)) as AuthorizationRequestState\n }),\n )\n }\n\n private async siopDeleteState(args: IGetAuthResponseStateArgs, context: IRequiredContext): Promise<boolean> {\n return await this.getRPInstance({ createWhenNotPresent: false, queryId: args.queryId }, context)\n .then((rp) => rp.get(context).then((rp) => rp.sessionManager.deleteStateForCorrelationId(args.correlationId)))\n .then(() => true)\n }\n\n private async siopVerifyAuthResponse(args: IVerifyAuthResponseStateArgs, context: IRequiredContext): Promise<VerifiedAuthorizationResponse> {\n if (!args.authorizationResponse) {\n throw Error('No SIOPv2 Authorization Response received')\n }\n const authResponse =\n typeof args.authorizationResponse === 'string'\n ? (decodeUriAsJson(args.authorizationResponse) as AuthorizationResponsePayload)\n : args.authorizationResponse\n return await this.getRPInstance({ createWhenNotPresent: false, queryId: args.queryId }, context).then((rp) =>\n rp.get(context).then((rp) =>\n rp.verifyAuthorizationResponse(authResponse, {\n correlationId: args.correlationId,\n ...(args.dcqlQuery && { dcqlQuery: args.dcqlQuery }),\n audience: args.audience,\n }),\n ),\n )\n }\n\n private async siopImportDefinitions(args: ImportDefinitionsArgs, context: IRequiredContext): Promise<void> {\n const { importItems, tenantId, version, versionControlMode } = args\n await Promise.all(\n importItems.map(async (importItem: ImportDcqlQueryItem) => {\n DcqlQuery.validate(importItem.query)\n console.log(`persisting DCQL definition ${importItem.queryId} with versionControlMode ${versionControlMode}`)\n\n return context.agent.pdmPersistDefinition({\n definitionItem: {\n queryId: importItem.queryId!,\n tenantId: tenantId,\n version: version,\n query: importItem.query,\n },\n opts: { versionControlMode: versionControlMode },\n })\n }),\n )\n }\n\n private async siopGetRedirectURI(args: IGetRedirectUriArgs, context: IRequiredContext): Promise<string | undefined> {\n const instanceId = args.queryId ?? SIOPv2RP._DEFAULT_OPTS_KEY\n if (this.instances.has(instanceId)) {\n const rpInstance = this.instances.get(instanceId)\n if (rpInstance !== undefined) {\n const rp = await rpInstance.get(context)\n return rp.getResponseRedirectUri({\n correlation_id: args.correlationId,\n correlationId: args.correlationId,\n ...(args.state && { state: args.state }),\n })\n }\n }\n return undefined\n }\n\n async getRPInstance({ createWhenNotPresent, queryId, responseRedirectURI }: ISiopRPInstanceArgs, context: IRequiredContext): Promise<RPInstance> {\n let rpInstanceId: string = SIOPv2RP._DEFAULT_OPTS_KEY\n let rpInstance: RPInstance | undefined\n if (queryId) {\n if (this.instances.has(queryId)) {\n rpInstanceId = queryId\n rpInstance = this.instances.get(rpInstanceId)!\n } else if (isValidUUID(queryId)) {\n try {\n // Check whether queryId is actually the PD item id\n const pd = await context.agent.pdmGetDefinition({ itemId: queryId })\n if (this.instances.has(pd.queryId)) {\n rpInstanceId = pd.queryId\n rpInstance = this.instances.get(rpInstanceId)!\n }\n } catch (ignore) {}\n }\n if (createWhenNotPresent) {\n rpInstanceId = queryId\n } else {\n rpInstance = this.instances.get(rpInstanceId)\n }\n } else {\n rpInstance = this.instances.get(rpInstanceId)\n }\n\n if (!rpInstance) {\n if (!createWhenNotPresent) {\n return Promise.reject(`No RP instance found for key ${rpInstanceId}`)\n }\n const instanceOpts = this.getInstanceOpts(queryId)\n const rpOpts = await this.getRPOptions(context, { queryId, responseRedirectURI: responseRedirectURI })\n if (!rpOpts.identifierOpts.resolveOpts?.resolver || typeof rpOpts.identifierOpts.resolveOpts.resolver.resolve !== 'function') {\n if (!rpOpts.identifierOpts?.resolveOpts) {\n rpOpts.identifierOpts = { ...rpOpts.identifierOpts }\n rpOpts.identifierOpts.resolveOpts = { ...rpOpts.identifierOpts.resolveOpts }\n }\n console.log('Using agent DID resolver for RP instance with definition id ' + queryId)\n rpOpts.identifierOpts.resolveOpts.resolver = getAgentResolver(context, {\n uniresolverResolution: true,\n localResolution: true,\n resolverResolution: true,\n })\n }\n rpInstance = new RPInstance({ rpOpts, pexOpts: instanceOpts })\n this.instances.set(rpInstanceId, rpInstance)\n }\n if (responseRedirectURI) {\n rpInstance.rpOptions.responseRedirectUri = responseRedirectURI\n }\n return rpInstance\n }\n\n async getRPOptions(context: IRequiredContext, opts: { queryId?: string; responseRedirectURI?: string }): Promise<IRPOptions> {\n const { queryId, responseRedirectURI: responseRedirectURI } = opts\n const options = this.getInstanceOpts(queryId)?.rpOpts ?? this.opts.defaultOpts\n if (!options) {\n throw Error(`Could not get specific nor default options for definition ${queryId}`)\n }\n if (this.opts.defaultOpts) {\n if (!options.identifierOpts) {\n options.identifierOpts = this.opts.defaultOpts?.identifierOpts\n } else {\n if (!options.identifierOpts.idOpts) {\n options.identifierOpts.idOpts = this.opts.defaultOpts.identifierOpts.idOpts\n }\n if (!options.identifierOpts.supportedDIDMethods) {\n options.identifierOpts.supportedDIDMethods = this.opts.defaultOpts.identifierOpts.supportedDIDMethods\n }\n if (!options.supportedVersions) {\n options.supportedVersions = this.opts.defaultOpts.supportedVersions\n }\n }\n if (!options.identifierOpts.resolveOpts || typeof options.identifierOpts.resolveOpts.resolver?.resolve !== 'function') {\n options.identifierOpts.resolveOpts = {\n ...this.opts.defaultOpts.identifierOpts.resolveOpts,\n resolver:\n this.opts.defaultOpts.identifierOpts?.resolveOpts?.resolver ??\n getAgentResolver(context, { localResolution: true, resolverResolution: true, uniresolverResolution: true }),\n }\n }\n }\n if (responseRedirectURI !== undefined && responseRedirectURI !== options.responseRedirectUri) {\n options.responseRedirectUri = responseRedirectURI\n }\n return options\n }\n\n getInstanceOpts(queryId?: string): IPEXInstanceOptions | undefined {\n if (!this.opts.instanceOpts) return undefined\n\n const instanceOpt = queryId ? this.opts.instanceOpts.find((i) => i.queryId === queryId) : undefined\n\n return instanceOpt ?? this.getDefaultOptions(queryId)\n }\n\n private getDefaultOptions(queryId: string | undefined) {\n if (!this.opts.instanceOpts) return undefined\n\n const defaultOptions = this.opts.instanceOpts.find((i) => i.queryId === 'default')\n if (defaultOptions) {\n const clonedOptions = { ...defaultOptions }\n if (queryId !== undefined) {\n clonedOptions.queryId = queryId\n }\n return clonedOptions\n }\n\n return undefined\n }\n}\n","import {\n ClientIdentifierPrefix,\n ClientMetadataOpts,\n DcqlQueryLookupCallback,\n InMemoryRPSessionManager,\n PassBy,\n PresentationVerificationCallback,\n PresentationVerificationResult,\n PropertyTarget,\n ResponseMode,\n ResponseType,\n RevocationVerification,\n RP,\n RPBuilder,\n Scope,\n SubjectType,\n SupportedVersion,\n VerifyJwtCallback,\n} from '@sphereon/did-auth-siop'\nimport { CreateJwtCallback, JwtHeader, JwtIssuer, JwtPayload, SigningAlgo } from '@sphereon/oid4vc-common'\nimport { IPresentationDefinition } from '@sphereon/pex'\nimport { getAgentDIDMethods, getAgentResolver } from '@sphereon/ssi-sdk-ext.did-utils'\nimport {\n isExternalIdentifierOIDFEntityIdOpts,\n isManagedIdentifierDidOpts,\n isManagedIdentifierDidResult,\n isManagedIdentifierX5cOpts,\n ManagedIdentifierOptsOrResult,\n} from '@sphereon/ssi-sdk-ext.identifier-resolution'\nimport { JwtCompactResult } from '@sphereon/ssi-sdk-ext.jwt-service'\nimport { IVerifySdJwtPresentationResult } from '@sphereon/ssi-sdk.sd-jwt'\nimport { CredentialMapper, HasherSync, OriginalVerifiableCredential, PresentationSubmission } from '@sphereon/ssi-types'\nimport { IVerifyCallbackArgs, IVerifyCredentialResult, VerifyCallback } from '@sphereon/wellknown-dids-client'\nimport { TKeyType } from '@veramo/core'\nimport { JWTVerifyOptions } from 'did-jwt'\nimport { Resolvable } from 'did-resolver'\nimport { EventEmitter } from 'events'\nimport { IRequiredContext, IRPOptions, ISIOPIdentifierOptions } from './types/ISIOPv2RP'\nimport { DcqlQuery } from 'dcql'\nimport { defaultHasher } from '@sphereon/ssi-sdk.core'\n\nexport function getRequestVersion(rpOptions: IRPOptions): SupportedVersion {\n if (Array.isArray(rpOptions.supportedVersions) && rpOptions.supportedVersions.length > 0) {\n return rpOptions.supportedVersions[0]\n }\n return SupportedVersion.OID4VP_v1\n}\n\nfunction getWellKnownDIDVerifyCallback(siopIdentifierOpts: ISIOPIdentifierOptions, context: IRequiredContext) {\n return siopIdentifierOpts.wellknownDIDVerifyCallback\n ? siopIdentifierOpts.wellknownDIDVerifyCallback\n : async (args: IVerifyCallbackArgs): Promise<IVerifyCredentialResult> => {\n const result = await context.agent.cvVerifyCredential({\n credential: args.credential as OriginalVerifiableCredential,\n fetchRemoteContexts: true,\n })\n return { verified: result.result }\n }\n}\n\nexport function getDcqlQueryLookupCallback(context: IRequiredContext): DcqlQueryLookupCallback {\n async function dcqlQueryLookup(queryId: string, version?: string, tenantId?: string): Promise<DcqlQuery> {\n // TODO Add caching?\n const result = await context.agent.pdmGetDefinitions({\n filter: [\n {\n queryId,\n ...(tenantId && { tenantId }),\n ...(version && { version }),\n },\n {\n id: queryId,\n },\n ],\n })\n if (result && result.length > 0) {\n return result[0].query\n }\n\n return Promise.reject(Error(`No dcql query found for queryId ${queryId}`))\n }\n\n return dcqlQueryLookup\n}\n\nexport function getPresentationVerificationCallback(\n idOpts: ManagedIdentifierOptsOrResult,\n context: IRequiredContext,\n): PresentationVerificationCallback {\n async function presentationVerificationCallback(\n args: any, // FIXME any\n presentationSubmission?: PresentationSubmission,\n ): Promise<PresentationVerificationResult> {\n if (CredentialMapper.isSdJwtEncoded(args)) {\n const result: IVerifySdJwtPresentationResult = await context.agent.verifySdJwtPresentation({\n presentation: args,\n })\n // fixme: investigate the correct way to handle this\n return { verified: !!result.payload }\n }\n\n if (CredentialMapper.isMsoMdocOid4VPEncoded(args)) {\n // TODO Funke reevaluate\n if (context.agent.mdocOid4vpRPVerify === undefined) {\n return Promise.reject('ImDLMdoc agent plugin must be enabled to support MsoMdoc types')\n }\n if (presentationSubmission !== undefined && presentationSubmission !== null) {\n const verifyResult = await context.agent.mdocOid4vpRPVerify({\n vp_token: args,\n presentation_submission: presentationSubmission,\n })\n return { verified: !verifyResult.error }\n }\n throw Error(`mdocOid4vpRPVerify(...) method requires a presentation submission`)\n }\n\n const result = await context.agent.verifyPresentation({\n presentation: args,\n fetchRemoteContexts: true,\n domain: (await context.agent.identifierManagedGet(idOpts)).kid?.split('#')[0],\n })\n return { verified: result.verified }\n }\n\n return presentationVerificationCallback\n}\n\nexport async function createRPBuilder(args: {\n rpOpts: IRPOptions\n definition?: IPresentationDefinition\n context: IRequiredContext\n}): Promise<RPBuilder> {\n const { rpOpts, context } = args\n const { identifierOpts } = rpOpts\n\n const didMethods = identifierOpts.supportedDIDMethods ?? (await getAgentDIDMethods(context))\n const eventEmitter = rpOpts.eventEmitter ?? new EventEmitter()\n\n const defaultClientMetadata: ClientMetadataOpts = {\n // FIXME: All of the below should be configurable. Some should come from builder, some should be determined by the agent.\n // For now it is either preconfigured or everything passed in as a single object\n idTokenSigningAlgValuesSupported: [SigningAlgo.EDDSA, SigningAlgo.ES256, SigningAlgo.ES256K], // added newly\n requestObjectSigningAlgValuesSupported: [SigningAlgo.EDDSA, SigningAlgo.ES256, SigningAlgo.ES256K], // added newly\n responseTypesSupported: [ResponseType.ID_TOKEN], // added newly\n client_name: 'Sphereon',\n vpFormatsSupported: {\n jwt_vc: { alg: ['EdDSA', 'ES256K'] },\n jwt_vp: { alg: ['ES256K', 'EdDSA'] },\n },\n scopesSupported: [Scope.OPENID_DIDAUTHN],\n subjectTypesSupported: [SubjectType.PAIRWISE],\n subject_syntax_types_supported: didMethods.map((method) => `did:${method}`),\n passBy: PassBy.VALUE,\n }\n\n const resolver =\n rpOpts.identifierOpts.resolveOpts?.resolver ??\n getAgentResolver(context, {\n resolverResolution: true,\n localResolution: true,\n uniresolverResolution: rpOpts.identifierOpts.resolveOpts?.noUniversalResolverFallback !== true,\n })\n //todo: probably wise to first look and see if we actually need the hasher to begin with\n let hasher: HasherSync | undefined = rpOpts.credentialOpts?.hasher\n if (!rpOpts.credentialOpts?.hasher || typeof rpOpts.credentialOpts?.hasher !== 'function') {\n hasher = defaultHasher\n }\n\n const builder = RP.builder({ requestVersion: getRequestVersion(rpOpts) })\n .withScope('openid', PropertyTarget.REQUEST_OBJECT)\n .withResponseMode(rpOpts.responseMode ?? ResponseMode.POST)\n .withResponseType(ResponseType.VP_TOKEN, PropertyTarget.REQUEST_OBJECT)\n // todo: move to options fill/correct method\n .withSupportedVersions(rpOpts.supportedVersions ?? [SupportedVersion.OID4VP_v1, SupportedVersion.SIOPv2_OID4VP_D28])\n\n .withEventEmitter(eventEmitter)\n .withSessionManager(rpOpts.sessionManager ?? new InMemoryRPSessionManager(eventEmitter))\n .withClientMetadata(rpOpts.clientMetadataOpts ?? defaultClientMetadata, PropertyTarget.REQUEST_OBJECT)\n .withVerifyJwtCallback(\n rpOpts.verifyJwtCallback\n ? rpOpts.verifyJwtCallback\n : getVerifyJwtCallback(\n {\n resolver,\n verifyOpts: {\n wellknownDIDVerifyCallback: getWellKnownDIDVerifyCallback(rpOpts.identifierOpts, context),\n checkLinkedDomain: 'if_present',\n },\n },\n context,\n ),\n )\n .withDcqlQueryLookup(getDcqlQueryLookupCallback(context))\n .withRevocationVerification(RevocationVerification.NEVER)\n .withPresentationVerification(getPresentationVerificationCallback(identifierOpts.idOpts, context))\n\n const oidfOpts = identifierOpts.oidfOpts\n if (oidfOpts && isExternalIdentifierOIDFEntityIdOpts(oidfOpts)) {\n builder.withEntityId(oidfOpts.identifier, PropertyTarget.REQUEST_OBJECT)\n } else {\n const resolution = await context.agent.identifierManagedGet(identifierOpts.idOpts)\n const clientId: string =\n rpOpts.clientMetadataOpts?.client_id ??\n resolution.issuer ??\n (isManagedIdentifierDidResult(resolution) ? resolution.did : resolution.jwkThumbprint)\n const clientIdPrefixed = prefixClientId(clientId)\n builder.withClientId(clientIdPrefixed, PropertyTarget.REQUEST_OBJECT)\n }\n\n if (hasher) {\n builder.withHasher(hasher)\n }\n //fixme: this has been removed in the new version of did-auth-siop\n /*if (!rpOpts.clientMetadataOpts?.subjectTypesSupported) {\n // Do not update in case it is already provided via client metadata opts\n didMethods.forEach((method) => builder.addDidMethod(method))\n }*/\n //fixme: this has been removed in the new version of did-auth-siop\n // builder.withWellknownDIDVerifyCallback(getWellKnownDIDVerifyCallback(didOpts, context))\n\n if (rpOpts.responseRedirectUri) {\n builder.withResponseRedirectUri(rpOpts.responseRedirectUri)\n }\n\n //const key = resolution.key\n //fixme: this has been removed in the new version of did-auth-siop\n //builder.withSuppliedSignature(SuppliedSigner(key, context, getSigningAlgo(key.type) as unknown as KeyAlgo), did, kid, getSigningAlgo(key.type))\n\n /*if (isManagedIdentifierDidResult(resolution)) {\n //fixme: only accepts dids in version used. New SIOP lib also accepts other types\n builder.withSuppliedSignature(\n SuppliedSigner(key, context, getSigningAlgo(key.type) as unknown as KeyAlgo),\n resolution.did,\n resolution.kid,\n getSigningAlgo(key.type),\n )\n }*/\n //fixme: signcallback and it's return type are not totally compatible with our CreateJwtCallbackBase\n const createJwtCallback = signCallback(rpOpts.identifierOpts.idOpts, context)\n builder.withCreateJwtCallback(createJwtCallback satisfies CreateJwtCallback<any>)\n return builder\n}\n\nexport function signCallback(\n idOpts: ManagedIdentifierOptsOrResult,\n context: IRequiredContext,\n): (jwtIssuer: JwtIssuer, jwt: { header: JwtHeader; payload: JwtPayload }, kid?: string) => Promise<string> {\n return async (jwtIssuer: JwtIssuer, jwt: { header: JwtHeader; payload: JwtPayload }, kid?: string) => {\n if (!(isManagedIdentifierDidOpts(idOpts) || isManagedIdentifierX5cOpts(idOpts))) {\n return Promise.reject(Error(`JWT issuer method ${jwtIssuer.method} not yet supported`))\n }\n const result: JwtCompactResult = await context.agent.jwtCreateJwsCompactSignature({\n // FIXME fix cose-key inference\n // @ts-ignore\n issuer: { identifier: idOpts.identifier, kmsKeyRef: idOpts.kmsKeyRef, noIdentifierInHeader: false },\n // FIXME fix JWK key_ops\n // @ts-ignore\n protectedHeader: jwt.header,\n payload: jwt.payload,\n })\n return result.jwt\n }\n}\n\nfunction getVerifyJwtCallback(\n _opts: {\n resolver?: Resolvable\n verifyOpts?: JWTVerifyOptions & {\n checkLinkedDomain: 'never' | 'if_present' | 'always'\n wellknownDIDVerifyCallback?: VerifyCallback\n }\n },\n context: IRequiredContext,\n): VerifyJwtCallback {\n return async (_jwtVerifier, jwt) => {\n const result = await context.agent.jwtVerifyJwsSignature({ jws: jwt.raw })\n console.log(result.message)\n return !result.error\n }\n}\n\nexport async function createRP({ rpOptions, context }: { rpOptions: IRPOptions; context: IRequiredContext }): Promise<RP> {\n return (await createRPBuilder({ rpOpts: rpOptions, context })).build()\n}\n\nexport function getSigningAlgo(type: TKeyType): SigningAlgo {\n switch (type) {\n case 'Ed25519':\n return SigningAlgo.EDDSA\n case 'Secp256k1':\n return SigningAlgo.ES256K\n case 'Secp256r1':\n return SigningAlgo.ES256\n // @ts-ignore\n case 'RSA':\n return SigningAlgo.RS256\n default:\n throw Error('Key type not yet supported')\n }\n}\n\nexport function prefixClientId(clientId: string): string {\n // FIXME SSISDK-60\n if (clientId.startsWith('did:')) {\n return `${ClientIdentifierPrefix.DECENTRALIZED_IDENTIFIER}:${clientId}`\n }\n\n return clientId\n}\n","import { AuthorizationRequest, RP, URI } from '@sphereon/did-auth-siop'\nimport { ICreateAuthRequestArgs, IPresentationOptions, IRequiredContext, IRPOptions } from './types/ISIOPv2RP'\nimport { createRPBuilder, getRequestVersion, getSigningAlgo } from './functions'\nimport { v4 as uuidv4 } from 'uuid'\nimport { JwtIssuer } from '@sphereon/oid4vc-common'\nimport {\n ensureManagedIdentifierResult,\n isManagedIdentifierDidResult,\n isManagedIdentifierX5cResult,\n} from '@sphereon/ssi-sdk-ext.identifier-resolution'\n\nexport class RPInstance {\n private _rp: RP | undefined\n private readonly _presentationOptions: IPresentationOptions | undefined\n private readonly _rpOptions: IRPOptions\n\n public constructor({ rpOpts, pexOpts }: { rpOpts: IRPOptions; pexOpts?: IPresentationOptions }) {\n this._rpOptions = rpOpts\n this._presentationOptions = pexOpts\n }\n\n public async get(context: IRequiredContext): Promise<RP> {\n if (!this._rp) {\n const builder = await createRPBuilder({\n rpOpts: this._rpOptions,\n context,\n })\n this._rp = builder.build()\n }\n return this._rp!\n }\n\n get rpOptions() {\n return this._rpOptions\n }\n\n get presentationOptions() {\n return this._presentationOptions\n }\n\n public async createAuthorizationRequestURI(createArgs: ICreateAuthRequestArgs, context: IRequiredContext): Promise<URI> {\n const { correlationId, queryId, claims, requestByReferenceURI, responseURI, responseURIType, callback } = createArgs\n const nonce = createArgs.nonce ?? uuidv4()\n const state = createArgs.state ?? correlationId\n let jwtIssuer: JwtIssuer\n const idOpts = this.rpOptions.identifierOpts.idOpts\n const resolution = await ensureManagedIdentifierResult(idOpts, context)\n if (isManagedIdentifierDidResult(resolution)) {\n jwtIssuer = { didUrl: resolution.kid, method: 'did', alg: getSigningAlgo(resolution.key.type) }\n } else if (isManagedIdentifierX5cResult(resolution)) {\n if (!resolution.issuer) {\n return Promise.reject('missing issuer in idOpts')\n }\n jwtIssuer = {\n issuer: resolution.issuer,\n x5c: resolution.x5c,\n method: 'x5c',\n alg: getSigningAlgo(resolution.key.type),\n }\n } else {\n return Promise.reject(Error(`JWT issuer method ${resolution.method} not yet supported`))\n }\n\n return await this.get(context).then((rp) =>\n rp.createAuthorizationRequestURI({\n version: getRequestVersion(this.rpOptions),\n correlationId,\n queryId,\n nonce,\n state,\n claims,\n requestByReferenceURI,\n responseURI,\n responseURIType,\n jwtIssuer,\n callback,\n }),\n )\n }\n\n public async createAuthorizationRequest(\n createArgs: Omit<ICreateAuthRequestArgs, 'queryId'>,\n context: IRequiredContext,\n ): Promise<AuthorizationRequest> {\n const { correlationId, claims, requestByReferenceURI, responseURI, responseURIType } = createArgs\n const nonce = createArgs.nonce ?? uuidv4()\n const state = createArgs.state ?? correlationId\n const idOpts = this.rpOptions.identifierOpts.idOpts\n const resolution = await ensureManagedIdentifierResult(idOpts, context)\n\n let jwtIssuer: JwtIssuer\n if (isManagedIdentifierX5cResult(resolution) && resolution.issuer) {\n jwtIssuer = {\n method: resolution.method,\n alg: getSigningAlgo(resolution.key.type),\n x5c: resolution.x5c,\n issuer: resolution.issuer,\n }\n } else if (isManagedIdentifierDidResult(resolution)) {\n jwtIssuer = {\n method: resolution.method,\n alg: getSigningAlgo(resolution.key.type),\n didUrl: resolution.did,\n }\n } else {\n return Promise.reject(Error('Only did & x5c supported at present'))\n }\n\n return await this.get(context).then((rp) =>\n rp.createAuthorizationRequest({\n version: getRequestVersion(this.rpOptions),\n correlationId,\n nonce,\n state,\n claims,\n requestByReferenceURI,\n responseURIType,\n responseURI,\n jwtIssuer,\n }),\n )\n }\n}\n"],"mappings":";;;;;;;;;;;;;;;;;;;;;AAAA;;;;;;;;ACAA;AAAA,EACE,6BAA+B;AAAA,IAC7B,YAAc;AAAA,MACZ,SAAW;AAAA,QACT,qBAAuB;AAAA,UACrB,MAAQ;AAAA,UACR,YAAc;AAAA,YACZ,WAAa;AAAA,cACX,MAAQ;AAAA,YACV;AAAA,YACA,sBAAwB;AAAA,UAC1B;AAAA,UACA,UAAY,CAAC,WAAW;AAAA,UACxB,aAAe;AAAA,QACjB;AAAA,QACA,0BAA4B;AAAA,UAC1B,MAAQ;AAAA,UACR,YAAc;AAAA,YACZ,YAAc;AAAA,cACZ,MAAQ;AAAA,cACR,YAAc;AAAA,gBACZ,KAAO;AAAA,kBACL,MAAQ;AAAA,gBACV;AAAA,gBACA,OAAS;AAAA,kBACP,MAAQ;AAAA,gBACV;AAAA,gBACA,UAAY;AAAA,kBACV,MAAQ;AAAA,gBACV;AAAA,gBACA,iBAAmB;AAAA,kBACjB,MAAQ;AAAA,gBACV;AAAA,gBACA,MAAQ;AAAA,kBACN,MAAQ;AAAA,kBACR,OAAS;AAAA,oBACP,MAAQ;AAAA,oBACR,YAAc;AAAA,sBACZ,sBAAwB;AAAA,oBAC1B;AAAA,kBACF;AAAA,gBACF;AAAA,gBACA,UAAY;AAAA,kBACV,MAAQ;AAAA,kBACR,OAAS;AAAA,oBACP,MAAQ;AAAA,oBACR,YAAc;AAAA,sBACZ,sBAAwB;AAAA,oBAC1B;AAAA,kBACF;AAAA,gBACF;AAAA,cACF;AAAA,cACA,sBAAwB;AAAA,cACxB,UAAY,CAAC,OAAO,YAAY,QAAQ,UAAU;AAAA,YACpD;AAAA,YACA,WAAa;AAAA,cACX,MAAQ;AAAA,YACV;AAAA,YACA,WAAa;AAAA,cACX,MAAQ;AAAA,YACV;AAAA,YACA,sBAAwB;AAAA,UAC1B;AAAA,UACA,UAAY,CAAC,YAAY;AAAA,UACzB,aAAe;AAAA,QACjB;AAAA,QACA,wBAA0B;AAAA,UACxB,MAAQ;AAAA,UACR,YAAc;AAAA,YACZ,WAAa;AAAA,cACX,MAAQ;AAAA,YACV;AAAA,YACA,sBAAwB;AAAA,UAC1B;AAAA,UACA,UAAY,CAAC,WAAW;AAAA,UACxB,aAAe;AAAA,QACjB;AAAA,QACA,2BAA6B;AAAA,UAC3B,MAAQ;AAAA,UACR,YAAc;AAAA,YACZ,WAAa;AAAA,cACX,MAAQ;AAAA,YACV;AAAA,YACA,SAAW;AAAA,cACT,MAAQ;AAAA,YACV;AAAA,YACA,aAAe;AAAA,cACb,MAAQ;AAAA,YACV;AAAA,YACA,sBAAwB;AAAA,UAC1B;AAAA,UACA,UAAY,CAAC,aAAa,WAAW,aAAa;AAAA,UAClD,aAAe;AAAA,QACjB;AAAA,QACA,WAAa;AAAA,UACX,MAAQ;AAAA,UACR,YAAc;AAAA,YACZ,QAAU;AAAA,cACR,MAAQ;AAAA,YACV;AAAA,YACA,sBAAwB;AAAA,UAC1B;AAAA,UACA,UAAY,CAAC,QAAQ;AAAA,UACrB,aAAe;AAAA,QACjB;AAAA,QACA,yCAA2C;AAAA,UACzC,MAAQ;AAAA,UACR,YAAc;AAAA,YACZ,WAAa;AAAA,cACX,MAAQ;AAAA,YACV;AAAA,YACA,SAAW;AAAA,cACT,MAAQ;AAAA,YACV;AAAA,YACA,aAAe;AAAA,cACb,MAAQ;AAAA,YACV;AAAA,YACA,sBAAwB;AAAA,UAC1B;AAAA,UACA,UAAY,CAAC,aAAa,WAAW,aAAa;AAAA,UAClD,aAAe;AAAA,QACjB;AAAA,QACA,gCAAkC;AAAA,UAChC,MAAQ;AAAA,UACR,YAAc;AAAA,YACZ,KAAO;AAAA,cACL,MAAQ;AAAA,YACV;AAAA,YACA,gBAAkB;AAAA,cAChB,MAAQ;AAAA,cACR,YAAc;AAAA,gBACZ,sBAAwB;AAAA,cAC1B;AAAA,YACF;AAAA,YACA,cAAgB;AAAA,cACd,MAAQ;AAAA,cACR,YAAc;AAAA,gBACZ,sBAAwB;AAAA,cAC1B;AAAA,YACF;AAAA,YACA,sBAAwB;AAAA,UAC1B;AAAA,UACA,UAAY,CAAC,OAAO,kBAAkB,cAAc;AAAA,UACpD,aAAe;AAAA,QACjB;AAAA,QACA,0CAA4C;AAAA,UAC1C,MAAQ;AAAA,UACR,YAAc;AAAA,YACZ,WAAa;AAAA,cACX,MAAQ;AAAA,YACV;AAAA,YACA,+BAAiC;AAAA,cAC/B,MAAQ;AAAA,cACR,YAAc;AAAA,gBACZ,sBAAwB;AAAA,cAC1B;AAAA,YACF;AAAA,YACA,kBAAoB;AAAA,cAClB,MAAQ;AAAA,cACR,YAAc;AAAA,gBACZ,sBAAwB;AAAA,cAC1B;AAAA,YACF;AAAA,YACA,sBAAwB;AAAA,UAC1B;AAAA,UACA,UAAY,CAAC,aAAa,+BAA+B;AAAA,UACzD,aAAe;AAAA,QACjB;AAAA,QACA,qBAAuB;AAAA,UACrB,MAAQ;AAAA,UACR,YAAc;AAAA,YACZ,IAAM;AAAA,cACJ,MAAQ;AAAA,YACV;AAAA,YACA,aAAe;AAAA,cACb,MAAQ;AAAA,cACR,OAAS;AAAA,gBACP,MAAQ;AAAA,cACV;AAAA,YACF;AAAA,YACA,gBAAkB;AAAA,cAChB,MAAQ;AAAA,cACR,YAAc;AAAA,gBACZ,sBAAwB;AAAA,cAC1B;AAAA,YACF;AAAA,YACA,sBAAwB;AAAA,UAC1B;AAAA,UACA,UAAY,CAAC,MAAM,gBAAgB;AAAA,UACnC,aAAe;AAAA,QACjB;AAAA,QACA,yCAA2C;AAAA,UACzC,MAAQ;AAAA,UACR,YAAc;AAAA,YACZ,WAAa;AAAA,cACX,MAAQ;AAAA,YACV;AAAA,YACA,gCAAkC;AAAA,cAChC,MAAQ;AAAA,cACR,YAAc;AAAA,gBACZ,sBAAwB;AAAA,cAC1B;AAAA,YACF;AAAA,YACA,sBAAwB;AAAA,UAC1B;AAAA,UACA,UAAY,CAAC,aAAa,gCAAgC;AAAA,UAC1D,aAAe;AAAA,QACjB;AAAA,QACA,8BAAgC;AAAA,UAC9B,MAAQ;AAAA,UACR,YAAc;AAAA,YACZ,SAAW;AAAA,cACT,MAAQ;AAAA,cACR,YAAc;AAAA,gBACZ,sBAAwB;AAAA,cAC1B;AAAA,YACF;AAAA,YACA,yBAA2B;AAAA,cACzB,MAAQ;AAAA,cACR,YAAc;AAAA,gBACZ,sBAAwB;AAAA,cAC1B;AAAA,YACF;AAAA,YACA,YAAc;AAAA,cACZ,MAAQ;AAAA,cACR,YAAc;AAAA,gBACZ,sBAAwB;AAAA,cAC1B;AAAA,YACF;AAAA,YACA,sBAAwB;AAAA,UAC1B;AAAA,UACA,UAAY,CAAC,WAAW,YAAY;AAAA,UACpC,aAAe;AAAA,QACjB;AAAA,QACA,qCAAuC;AAAA,UACrC,MAAQ;AAAA,UACR,YAAc;AAAA,YACZ,WAAa;AAAA,cACX,MAAQ;AAAA,YACV;AAAA,YACA,+BAAiC;AAAA,cAC/B,MAAQ;AAAA,cACR,YAAc;AAAA,gBACZ,sBAAwB;AAAA,cAC1B;AAAA,YACF;AAAA,YACA,gCAAkC;AAAA,cAChC,MAAQ;AAAA,cACR,YAAc;AAAA,gBACZ,sBAAwB;AAAA,cAC1B;AAAA,YACF;AAAA,YACA,sBAAwB;AAAA,UAC1B;AAAA,UACA,UAAY,CAAC,aAAa,+BAA+B;AAAA,UACzD,aAAe;AAAA,QACjB;AAAA,MACF;AAAA,MACA,SAAW;AAAA,QACT,mBAAqB;AAAA,UACnB,aAAe;AAAA,UACf,WAAa;AAAA,YACX,MAAQ;AAAA,UACV;AAAA,UACA,YAAc;AAAA,QAChB;AAAA,QACA,wBAA0B;AAAA,UACxB,aAAe;AAAA,UACf,WAAa;AAAA,YACX,MAAQ;AAAA,UACV;AAAA,UACA,YAAc;AAAA,QAChB;AAAA,QACA,sBAAwB;AAAA,UACtB,aAAe;AAAA,UACf,WAAa;AAAA,YACX,MAAQ;AAAA,UACV;AAAA,UACA,YAAc;AAAA,QAChB;AAAA,QACA,sBAAwB;AAAA,UACtB,aAAe;AAAA,UACf,WAAa;AAAA,YACX,MAAQ;AAAA,UACV;AAAA,UACA,YAAc;AAAA,YACZ,MAAQ;AAAA,UACV;AAAA,QACF;AAAA,QACA,oCAAsC;AAAA,UACpC,aAAe;AAAA,UACf,WAAa;AAAA,YACX,MAAQ;AAAA,UACV;AAAA,UACA,YAAc;AAAA,YACZ,MAAQ;AAAA,UACV;AAAA,QACF;AAAA,QACA,qCAAuC;AAAA,UACrC,aAAe;AAAA,UACf,WAAa;AAAA,YACX,MAAQ;AAAA,UACV;AAAA,UACA,YAAc;AAAA,YACZ,MAAQ;AAAA,UACV;AAAA,QACF;AAAA,QACA,oCAAsC;AAAA,UACpC,aAAe;AAAA,UACf,WAAa;AAAA,YACX,MAAQ;AAAA,UACV;AAAA,UACA,YAAc;AAAA,YACZ,MAAQ;AAAA,UACV;AAAA,QACF;AAAA,QACA,gCAAkC;AAAA,UAChC,aAAe;AAAA,UACf,WAAa;AAAA,YACX,MAAQ;AAAA,UACV;AAAA,UACA,YAAc;AAAA,YACZ,MAAQ;AAAA,UACV;AAAA,QACF;AAAA,MACF;AAAA,IACF;AAAA,EACF;AACF;;;ACxUA,IAAAA,wBASO;AACP,IAAAC,sBAAiC;AACjC,IAAAC,kBAA2C;AAC3C,IAAAC,eAAwC;AAExC,IAAAC,oBAaO;AAEP,kBAA0B;;;AC7B1B,2BAkBO;AACP,2BAAiF;AAEjF,yBAAqD;AACrD,IAAAC,sBAMO;AAGP,uBAAmG;AAKnG,oBAA6B;AAG7B,qBAA8B;AAEvB,SAASC,kBAAkBC,WAAqB;AACrD,MAAIC,MAAMC,QAAQF,UAAUG,iBAAiB,KAAKH,UAAUG,kBAAkBC,SAAS,GAAG;AACxF,WAAOJ,UAAUG,kBAAkB,CAAA;EACrC;AACA,SAAOE,sCAAiBC;AAC1B;AALgBP;AAOhB,SAASQ,8BAA8BC,oBAA4CC,SAAyB;AAC1G,SAAOD,mBAAmBE,6BACtBF,mBAAmBE,6BACnB,OAAOC,SAAAA;AACL,UAAMC,SAAS,MAAMH,QAAQI,MAAMC,mBAAmB;MACpDC,YAAYJ,KAAKI;MACjBC,qBAAqB;IACvB,CAAA;AACA,WAAO;MAAEC,UAAUL,OAAOA;IAAO;EACnC;AACN;AAVSL;AAYF,SAASW,2BAA2BT,SAAyB;AAClE,iBAAeU,gBAAgBC,SAAiBC,SAAkBC,UAAiB;AAEjF,UAAMV,SAAS,MAAMH,QAAQI,MAAMU,kBAAkB;MACnDC,QAAQ;QACN;UACEJ;UACA,GAAIE,YAAY;YAAEA;UAAS;UAC3B,GAAID,WAAW;YAAEA;UAAQ;QAC3B;QACA;UACEI,IAAIL;QACN;;IAEJ,CAAA;AACA,QAAIR,UAAUA,OAAOR,SAAS,GAAG;AAC/B,aAAOQ,OAAO,CAAA,EAAGc;IACnB;AAEA,WAAOC,QAAQC,OAAOC,MAAM,mCAAmCT,OAAAA,EAAS,CAAA;EAC1E;AAnBeD;AAqBf,SAAOA;AACT;AAvBgBD;AAyBT,SAASY,oCACdC,QACAtB,SAAyB;AAEzB,iBAAeuB,iCACbrB,MACAsB,wBAA+C;AAE/C,QAAIC,kCAAiBC,eAAexB,IAAAA,GAAO;AACzC,YAAMC,UAAyC,MAAMH,QAAQI,MAAMuB,wBAAwB;QACzFC,cAAc1B;MAChB,CAAA;AAEA,aAAO;QAAEM,UAAU,CAAC,CAACL,QAAO0B;MAAQ;IACtC;AAEA,QAAIJ,kCAAiBK,uBAAuB5B,IAAAA,GAAO;AAEjD,UAAIF,QAAQI,MAAM2B,uBAAuBC,QAAW;AAClD,eAAOd,QAAQC,OAAO,gEAAA;MACxB;AACA,UAAIK,2BAA2BQ,UAAaR,2BAA2B,MAAM;AAC3E,cAAMS,eAAe,MAAMjC,QAAQI,MAAM2B,mBAAmB;UAC1DG,UAAUhC;UACViC,yBAAyBX;QAC3B,CAAA;AACA,eAAO;UAAEhB,UAAU,CAACyB,aAAaG;QAAM;MACzC;AACA,YAAMhB,MAAM,mEAAmE;IACjF;AAEA,UAAMjB,SAAS,MAAMH,QAAQI,MAAMiC,mBAAmB;MACpDT,cAAc1B;MACdK,qBAAqB;MACrB+B,SAAS,MAAMtC,QAAQI,MAAMmC,qBAAqBjB,MAAAA,GAASkB,KAAKC,MAAM,GAAA,EAAK,CAAA;IAC7E,CAAA;AACA,WAAO;MAAEjC,UAAUL,OAAOK;IAAS;EACrC;AAjCee;AAmCf,SAAOA;AACT;AAxCgBF;AA0ChB,eAAsBqB,gBAAgBxC,MAIrC;AACC,QAAM,EAAEyC,QAAQ3C,QAAO,IAAKE;AAC5B,QAAM,EAAE0C,eAAc,IAAKD;AAE3B,QAAME,aAAaD,eAAeE,uBAAwB,UAAMC,uCAAmB/C,OAAAA;AACnF,QAAMgD,eAAeL,OAAOK,gBAAgB,IAAIC,2BAAAA;AAEhD,QAAMC,wBAA4C;;;IAGhDC,kCAAkC;MAACC,iCAAYC;MAAOD,iCAAYE;MAAOF,iCAAYG;;IACrFC,wCAAwC;MAACJ,iCAAYC;MAAOD,iCAAYE;MAAOF,iCAAYG;;IAC3FE,wBAAwB;MAACC,kCAAaC;;IACtCC,aAAa;IACbC,oBAAoB;MAClBC,QAAQ;QAAEC,KAAK;UAAC;UAAS;;MAAU;MACnCC,QAAQ;QAAED,KAAK;UAAC;UAAU;;MAAS;IACrC;IACAE,iBAAiB;MAACC,2BAAMC;;IACxBC,uBAAuB;MAACC,iCAAYC;;IACpCC,gCAAgC1B,WAAW2B,IAAI,CAACC,WAAW,OAAOA,MAAAA,EAAQ;IAC1EC,QAAQC,4BAAOC;EACjB;AAEA,QAAMC,WACJlC,OAAOC,eAAekC,aAAaD,gBACnCE,qCAAiB/E,SAAS;IACxBgF,oBAAoB;IACpBC,iBAAiB;IACjBC,uBAAuBvC,OAAOC,eAAekC,aAAaK,gCAAgC;EAC5F,CAAA;AAEF,MAAIC,SAAiCzC,OAAO0C,gBAAgBD;AAC5D,MAAI,CAACzC,OAAO0C,gBAAgBD,UAAU,OAAOzC,OAAO0C,gBAAgBD,WAAW,YAAY;AACzFA,aAASE;EACX;AAEA,QAAMC,UAAUC,wBAAGD,QAAQ;IAAEE,gBAAgBnG,kBAAkBqD,MAAAA;EAAQ,CAAA,EACpE+C,UAAU,UAAUC,oCAAeC,cAAc,EACjDC,iBAAiBlD,OAAOmD,gBAAgBC,kCAAaC,IAAI,EACzDC,iBAAiBvC,kCAAawC,UAAUP,oCAAeC,cAAc,EAErEO,sBAAsBxD,OAAOjD,qBAAqB;IAACE,sCAAiBC;IAAWD,sCAAiBwG;GAAkB,EAElHC,iBAAiBrD,YAAAA,EACjBsD,mBAAmB3D,OAAO4D,kBAAkB,IAAIC,8CAAyBxD,YAAAA,CAAAA,EACzEyD,mBAAmB9D,OAAO+D,sBAAsBxD,uBAAuByC,oCAAeC,cAAc,EACpGe,sBACChE,OAAOiE,oBACHjE,OAAOiE,oBACPC,qBACE;IACEhC;IACAiC,YAAY;MACV7G,4BAA4BH,8BAA8B6C,OAAOC,gBAAgB5C,OAAAA;MACjF+G,mBAAmB;IACrB;EACF,GACA/G,OAAAA,CAAAA,EAGPgH,oBAAoBvG,2BAA2BT,OAAAA,CAAAA,EAC/CiH,2BAA2BC,4CAAuBC,KAAK,EACvDC,6BAA6B/F,oCAAoCuB,eAAetB,QAAQtB,OAAAA,CAAAA;AAE3F,QAAMqH,WAAWzE,eAAeyE;AAChC,MAAIA,gBAAYC,0DAAqCD,QAAAA,GAAW;AAC9D9B,YAAQgC,aAAaF,SAASG,YAAY7B,oCAAeC,cAAc;EACzE,OAAO;AACL,UAAM6B,aAAa,MAAMzH,QAAQI,MAAMmC,qBAAqBK,eAAetB,MAAM;AACjF,UAAMoG,WACJ/E,OAAO+D,oBAAoBiB,aAC3BF,WAAWG,eACVC,kDAA6BJ,UAAAA,IAAcA,WAAWK,MAAML,WAAWM;AAC1E,UAAMC,mBAAmBC,eAAeP,QAAAA;AACxCnC,YAAQ2C,aAAaF,kBAAkBrC,oCAAeC,cAAc;EACtE;AAEA,MAAIR,QAAQ;AACVG,YAAQ4C,WAAW/C,MAAAA;EACrB;AASA,MAAIzC,OAAOyF,qBAAqB;AAC9B7C,YAAQ8C,wBAAwB1F,OAAOyF,mBAAmB;EAC5D;AAgBA,QAAME,oBAAoBC,aAAa5F,OAAOC,eAAetB,QAAQtB,OAAAA;AACrEuF,UAAQiD,sBAAsBF,iBAAAA;AAC9B,SAAO/C;AACT;AAlHsB7C;AAoHf,SAAS6F,aACdjH,QACAtB,SAAyB;AAEzB,SAAO,OAAOyI,WAAsBC,KAAiDlG,QAAAA;AACnF,QAAI,MAAEmG,gDAA2BrH,MAAAA,SAAWsH,gDAA2BtH,MAAAA,IAAU;AAC/E,aAAOJ,QAAQC,OAAOC,MAAM,qBAAqBqH,UAAUhE,MAAM,oBAAoB,CAAA;IACvF;AACA,UAAMtE,SAA2B,MAAMH,QAAQI,MAAMyI,6BAA6B;;;MAGhFjB,QAAQ;QAAEJ,YAAYlG,OAAOkG;QAAYsB,WAAWxH,OAAOwH;QAAWC,sBAAsB;MAAM;;;MAGlGC,iBAAiBN,IAAIO;MACrBpH,SAAS6G,IAAI7G;IACf,CAAA;AACA,WAAO1B,OAAOuI;EAChB;AACF;AAnBgBH;AAqBhB,SAAS1B,qBACPqC,OAOAlJ,SAAyB;AAEzB,SAAO,OAAOmJ,cAAcT,QAAAA;AAC1B,UAAMvI,SAAS,MAAMH,QAAQI,MAAMgJ,sBAAsB;MAAEC,KAAKX,IAAIY;IAAI,CAAA;AACxEC,YAAQC,IAAIrJ,OAAOsJ,OAAO;AAC1B,WAAO,CAACtJ,OAAOiC;EACjB;AACF;AAfSyE;AAqBF,SAAS6C,eAAeC,MAAc;AAC3C,UAAQA,MAAAA;IACN,KAAK;AACH,aAAOC,iCAAYC;IACrB,KAAK;AACH,aAAOD,iCAAYE;IACrB,KAAK;AACH,aAAOF,iCAAYG;;IAErB,KAAK;AACH,aAAOH,iCAAYI;IACrB;AACE,YAAMC,MAAM,4BAAA;EAChB;AACF;AAdgBP;AAgBT,SAASQ,eAAeC,UAAgB;AAE7C,MAAIA,SAASC,WAAW,MAAA,GAAS;AAC/B,WAAO,GAAGC,4CAAuBC,wBAAwB,IAAIH,QAAAA;EAC/D;AAEA,SAAOA;AACT;AAPgBD;;;AC1ShB,kBAA6B;AAE7B,IAAAK,sBAIO;AAEA,IAAMC,aAAN,MAAMA;EATb,OASaA;;;EACHC;EACSC;EACAC;EAEjB,YAAmB,EAAEC,QAAQC,QAAO,GAA4D;AAC9F,SAAKF,aAAaC;AAClB,SAAKF,uBAAuBG;EAC9B;EAEA,MAAaC,IAAIC,SAAwC;AACvD,QAAI,CAAC,KAAKN,KAAK;AACb,YAAMO,UAAU,MAAMC,gBAAgB;QACpCL,QAAQ,KAAKD;QACbI;MACF,CAAA;AACA,WAAKN,MAAMO,QAAQE,MAAK;IAC1B;AACA,WAAO,KAAKT;EACd;EAEA,IAAIU,YAAY;AACd,WAAO,KAAKR;EACd;EAEA,IAAIS,sBAAsB;AACxB,WAAO,KAAKV;EACd;EAEA,MAAaW,8BAA8BC,YAAoCP,SAAyC;AACtH,UAAM,EAAEQ,eAAeC,SAASC,QAAQC,uBAAuBC,aAAaC,iBAAiBC,SAAQ,IAAKP;AAC1G,UAAMQ,QAAQR,WAAWQ,aAASC,YAAAA,IAAAA;AAClC,UAAMC,QAAQV,WAAWU,SAAST;AAClC,QAAIU;AACJ,UAAMC,SAAS,KAAKf,UAAUgB,eAAeD;AAC7C,UAAME,aAAa,UAAMC,mDAA8BH,QAAQnB,OAAAA;AAC/D,YAAIuB,kDAA6BF,UAAAA,GAAa;AAC5CH,kBAAY;QAAEM,QAAQH,WAAWI;QAAKC,QAAQ;QAAOC,KAAKC,eAAeP,WAAWQ,IAAIC,IAAI;MAAE;IAChG,eAAWC,kDAA6BV,UAAAA,GAAa;AACnD,UAAI,CAACA,WAAWW,QAAQ;AACtB,eAAOC,QAAQC,OAAO,0BAAA;MACxB;AACAhB,kBAAY;QACVc,QAAQX,WAAWW;QACnBG,KAAKd,WAAWc;QAChBT,QAAQ;QACRC,KAAKC,eAAeP,WAAWQ,IAAIC,IAAI;MACzC;IACF,OAAO;AACL,aAAOG,QAAQC,OAAOE,MAAM,qBAAqBf,WAAWK,MAAM,oBAAoB,CAAA;IACxF;AAEA,WAAO,MAAM,KAAK3B,IAAIC,OAAAA,EAASqC,KAAK,CAACC,OACnCA,GAAGhC,8BAA8B;MAC/BiC,SAASC,kBAAkB,KAAKpC,SAAS;MACzCI;MACAC;MACAM;MACAE;MACAP;MACAC;MACAC;MACAC;MACAK;MACAJ;IACF,CAAA,CAAA;EAEJ;EAEA,MAAa2B,2BACXlC,YACAP,SAC+B;AAC/B,UAAM,EAAEQ,eAAeE,QAAQC,uBAAuBC,aAAaC,gBAAe,IAAKN;AACvF,UAAMQ,QAAQR,WAAWQ,aAASC,YAAAA,IAAAA;AAClC,UAAMC,QAAQV,WAAWU,SAAST;AAClC,UAAMW,SAAS,KAAKf,UAAUgB,eAAeD;AAC7C,UAAME,aAAa,UAAMC,mDAA8BH,QAAQnB,OAAAA;AAE/D,QAAIkB;AACJ,YAAIa,kDAA6BV,UAAAA,KAAeA,WAAWW,QAAQ;AACjEd,kBAAY;QACVQ,QAAQL,WAAWK;QACnBC,KAAKC,eAAeP,WAAWQ,IAAIC,IAAI;QACvCK,KAAKd,WAAWc;QAChBH,QAAQX,WAAWW;MACrB;IACF,eAAWT,kDAA6BF,UAAAA,GAAa;AACnDH,kBAAY;QACVQ,QAAQL,WAAWK;QACnBC,KAAKC,eAAeP,WAAWQ,IAAIC,IAAI;QACvCN,QAAQH,WAAWqB;MACrB;IACF,OAAO;AACL,aAAOT,QAAQC,OAAOE,MAAM,qCAAA,CAAA;IAC9B;AAEA,WAAO,MAAM,KAAKrC,IAAIC,OAAAA,EAASqC,KAAK,CAACC,OACnCA,GAAGG,2BAA2B;MAC5BF,SAASC,kBAAkB,KAAKpC,SAAS;MACzCI;MACAO;MACAE;MACAP;MACAC;MACAE;MACAD;MACAM;IACF,CAAA,CAAA;EAEJ;AACF;;;AFxEO,IAAMyB,WAAN,MAAMA,UAAAA;EAlDb,OAkDaA;;;EACMC;EACjB,OAAwBC,oBAAoB;EAC3BC,YAAqC,oBAAIC,IAAAA;EACjDC,SAASA,sBAAOC;EAEhBC,UAAqB;IAC5BC,0BAA0B,KAAKC,8BAA8BC,KAAK,IAAI;IACtEC,+BAA+B,KAAKC,mCAAmCF,KAAK,IAAI;IAChFG,yBAAyB,KAAKC,oBAAoBJ,KAAK,IAAI;IAC3DK,0BAA0B,KAAKC,qBAAqBN,KAAK,IAAI;IAC7DO,4BAA4B,KAAKC,uBAAuBR,KAAK,IAAI;IACjES,qBAAqB,KAAKC,gBAAgBV,KAAK,IAAI;IACnDW,wBAAwB,KAAKA,uBAAuBX,KAAK,IAAI;IAC7DY,uBAAuB,KAAKA,sBAAsBZ,KAAK,IAAI;IAC3Da,oBAAoB,KAAKA,mBAAmBb,KAAK,IAAI;EACvD;EAEA,YAAYT,MAAqB;AAC/B,SAAKA,OAAOA;EACd;EAEOuB,eAAeC,eAA+BC,SAA2B;AAE9E,SAAKzB,KAAK0B,cAAcF;AAExB,QACE,CAAC,KAAKxB,KAAK0B,YAAYC,eAAeC,aAAaC,YACnD,OAAO,KAAK7B,KAAK0B,YAAYC,eAAeC,YAAYC,SAASC,YAAY,YAC7E;AACA,WAAK9B,KAAK0B,YAAYC,eAAeC,cAAc;QACjD,GAAG,KAAK5B,KAAK0B,YAAYC,eAAeC;QACxCC,cAAUE,sCAAiBN,SAAS;UAAEO,uBAAuB;UAAMC,oBAAoB;UAAMC,iBAAiB;QAAK,CAAA;MACrH;IACF;EACF;EAEA,MAAc1B,8BAA8B2B,YAAoCV,SAA4C;AAC1H,WAAO,MAAM,KAAKW,cAChB;MACEC,sBAAsB;MACtBC,qBAAqBH,WAAWG;MAChC,GAAIH,WAAWI,uBAAuB,QAAQ;QAAEC,SAASL,WAAWK;MAAQ;IAC9E,GACAf,OAAAA,EAECgB,KAAK,CAACC,OAAOA,GAAGlC,8BAA8B2B,YAAYV,OAAAA,CAAAA,EAC1DgB,KAAK,CAACE,QAAQA,IAAIC,UAAU;EACjC;EAEA,MAAcjC,mCACZwB,YACAV,SACwC;AACxC,WAAO,MAAM,KAAKW,cAAc;MAAEC,sBAAsB;MAAMG,SAASL,WAAWK;IAAQ,GAAGf,OAAAA,EAC1FgB,KAAK,CAACC,OAAOA,GAAGG,2BAA2BV,YAAYV,OAAAA,CAAAA,EACvDgB,KAAK,OAAOK,YAAAA;AACX,YAAMC,cAA6C;QACjDC,sBAAsBF,QAAQG;QAC9BC,eAAe,MAAMJ,QAAQK,iBAAgB;QAC7CC,sBAAsBN,QAAQI,eAAeG,WAAAA;MAC/C;AACA,aAAON;IACT,CAAA;EACJ;EAEA,MAAclC,oBAAoByC,MAAgC7B,SAA2E;AAC3I,WAAO,MAAM,KAAKW,cAAc;MAAEC,sBAAsB;MAAOG,SAASc,KAAKd;IAAQ,GAAGf,OAAAA,EAASgB,KAAK,CAACC,OACrGA,GAAGa,IAAI9B,OAAAA,EAASgB,KAAK,CAACC,QACpBA,IAAGc,eAAeC,+BAA+BH,KAAKI,eAAeJ,KAAKK,eAAe,CAAA,CAAA;EAG/F;EAEA,MAAc5C,qBACZuC,MACA7B,SACiE;AACjE,UAAMmC,aAAyB,MAAM,KAAKxB,cAAc;MAAEC,sBAAsB;MAAOG,SAASc,KAAKd;IAAQ,GAAGf,OAAAA;AAChH,UAAMoC,6BAAqE,MAAMD,WAC9EL,IAAI9B,OAAAA,EACJgB,KAAK,CAACC,OAAOA,GAAGc,eAAeM,gCAAgCR,KAAKI,eAAeJ,KAAKK,eAAe,CAAA;AAC1G,QAAIE,+BAA+BE,QAAW;AAC5C,aAAOA;IACT;AAEA,UAAMC,gBAAgBH;AACtB,QAAIG,cAAcC,WAAWC,uDAAiCC,UAAU;AACtE,UAAIC;AACJ,UACEC,mCAAiBC,eAAeN,cAAcO,SAAStB,QAAQuB,QAAQ,MACtE,CAACZ,WAAWa,UAAUC,gBAAgBN,UAAU,OAAOR,WAAWa,UAAUC,gBAAgBN,WAAW,aACxG;AACAA,iBAASO,gBAAAA;MACX;AAGA,YAAMC,UAAUZ,cAAcO,SAAStB,QAAQuB,YAAYK,KAAKC,MAAMd,cAAcO,SAAStB,QAAQuB,QAAQ;AAC7G,YAAMO,SAAS,CAAA;AACf,iBAAW,CAACC,KAAKC,KAAAA,KAAUC,OAAOC,QAAQP,OAAAA,GAAU;AAElD,cAAMQ,sBAAsBf,mCAAiBgB;UAC3CJ;;UAEAb;QAAAA;AAEFkB,gBAAQC,IAAI,wBAAwBV,KAAKW,UAAUJ,mBAAAA,CAAAA,EAAsB;AAEzE,cAAMK,YAA8B,CAAC;AACrC,cAAMC,uBAAuB,KAAKC,yBAAyBP,mBAAAA;AAC3D,YAAI,0BAA0BM,sBAAsB;AAClD,qBAAWE,cAAcF,qBAAqBG,sBAAsB;AAClE,kBAAMC,KAAKF;AACX,kBAAMG,yBAAyB,MAAMtE,QAAQuE,MAAMC,eAAe;cAChEL;cACAxB;cACA8B,kBAAkBtC,WAAWa,UAAU0B,sBAAsBC;YAC/D,CAAA;AACA,gBAAI,CAACL,uBAAuBM,QAAQ;AAClCrC,4BAAcC,SAASC,uDAAiCoC;AACxDtC,4BAAcuC,QAAQ,IAAIC,MAAMT,uBAAuBQ,KAAK;AAC5D,qBAAOvC;YACT;AAEA,kBAAMyC,oBAAoBX,GAAGW;AAC7B,gBAAI,EAAE,QAAQhB,YAAY;AACxBA,wBAAU,IAAA,IAAQgB,kBAAkBC;YACtC;AAEAxB,mBAAOC,QAAQsB,iBAAAA,EAAmBE,QAAQ,CAAC,CAAC3B,MAAKC,MAAAA,MAAM;AACrD,kBAAI,EAAED,QAAOS,YAAY;AACvBA,0BAAUT,IAAAA,IAAOC;cACnB;YACF,CAAA;AAEAF,mBAAO6B,KAAK;cACVF,IAAI1B;cACJ6B,MAAMf,GAAGe,KAAK,CAAA;cACd9B,QAAQU;YACV,CAAA;UACF;QACF,OAAO;AACLV,iBAAO6B,KAAK;YACVF,IAAI1B;YACJ6B,MAAOzB,oBAAyD0B,eAAeC;YAC/EhC,QAAQW;UACV,CAAA;QACF;MACF;AAEA1B,oBAAcgD,eAAe;QAC3B,GAAIhD,cAAcO,SAAStB,QAAQuB,YAAY;UAC7CyC,wBAAwB;YACtBzC,UAAU,OAAOR,cAAcO,SAAStB,QAAQuB,aAAa,WACvDK,KAAKC,MAAMd,cAAcO,SAAStB,QAAQuB,QAAQ,IAClDR,cAAcO,SAAStB,QAAQuB;UACvC;QACF;QACA,GAAIO,OAAOmC,SAAS,KAAK;UAAEC,mBAAmBpC;QAAO;MACvD;IACF;AAEA,WAAOf;EACT;EAEQ2B,2BAA2B,wBACjCP,wBAAAA;AAOA,WAAOf,mCAAiB+C,yBAAyBhC,mBAAAA,IAC7CA,oBAAoB0B,iBACpBzC,mCAAiBgD,sBAAsBjC,mBAAAA;EAC7C,GAXmC;EAanC,MAAcnE,uBAAuBqC,MAA+B7B,SAA+D;AACjI,QAAI6B,KAAKgE,UAAU,iCAAiC;AAClD,YAAMd,MAAM,wFAAwF;IACtG;AACA,WAAO,MAAM,KAAKpE,cAAc;MAAEC,sBAAsB;MAAOG,SAASc,KAAKd;IAAQ,GAAGf,OAAAA,EAErFgB,KAAK,CAACC,OACLA,GAAGa,IAAI9B,OAAAA,EAASgB,KAAK,OAAOC,QAAAA;AAC1B,YAAMA,IAAG6E,2BAA2B;QAClC7D,eAAeJ,KAAKI;QACpB6C,OAAOjD,KAAKiD,QAAQ,IAAIC,MAAMlD,KAAKiD,KAAK,IAAIxC;MAC9C,CAAA;AACA,aAAQ,MAAMrB,IAAGc,eAAeC,+BAA+BH,KAAKI,eAAe,IAAA;IACrF,CAAA,CAAA;EAEN;EAEA,MAAcvC,gBAAgBmC,MAAiC7B,SAA6C;AAC1G,WAAO,MAAM,KAAKW,cAAc;MAAEC,sBAAsB;MAAOG,SAASc,KAAKd;IAAQ,GAAGf,OAAAA,EACrFgB,KAAK,CAACC,OAAOA,GAAGa,IAAI9B,OAAAA,EAASgB,KAAK,CAACC,QAAOA,IAAGc,eAAegE,4BAA4BlE,KAAKI,aAAa,CAAA,CAAA,EAC1GjB,KAAK,MAAM,IAAA;EAChB;EAEA,MAAcrB,uBAAuBkC,MAAoC7B,SAAmE;AAC1I,QAAI,CAAC6B,KAAKmE,uBAAuB;AAC/B,YAAMjB,MAAM,2CAAA;IACd;AACA,UAAMkB,eACJ,OAAOpE,KAAKmE,0BAA0B,eACjCE,uCAAgBrE,KAAKmE,qBAAqB,IAC3CnE,KAAKmE;AACX,WAAO,MAAM,KAAKrF,cAAc;MAAEC,sBAAsB;MAAOG,SAASc,KAAKd;IAAQ,GAAGf,OAAAA,EAASgB,KAAK,CAACC,OACrGA,GAAGa,IAAI9B,OAAAA,EAASgB,KAAK,CAACC,QACpBA,IAAGkF,4BAA4BF,cAAc;MAC3ChE,eAAeJ,KAAKI;MAClB,GAAIJ,KAAKuE,aAAa;QAAEA,WAAWvE,KAAKuE;MAAU;MAClDC,UAAUxE,KAAKwE;IACnB,CAAA,CAAA,CAAA;EAGN;EAEA,MAAczG,sBAAsBiC,MAA6B7B,SAA0C;AACzG,UAAM,EAAEsG,aAAaC,UAAUC,SAASC,mBAAkB,IAAK5E;AAC/D,UAAM6E,QAAQC,IACZL,YAAYM,IAAI,OAAOC,eAAAA;AACrBC,4BAAUC,SAASF,WAAWG,KAAK;AACnCnD,cAAQC,IAAI,8BAA8B+C,WAAW9F,OAAO,4BAA4B0F,kBAAAA,EAAoB;AAE5G,aAAOzG,QAAQuE,MAAM0C,qBAAqB;QACxCC,gBAAgB;UACdnG,SAAS8F,WAAW9F;UACpBwF;UACAC;UACAQ,OAAOH,WAAWG;QACpB;QACAzI,MAAM;UAAEkI;QAAuC;MACjD,CAAA;IACF,CAAA,CAAA;EAEJ;EAEA,MAAc5G,mBAAmBgC,MAA2B7B,SAAwD;AAClH,UAAMmH,aAAatF,KAAKd,WAAWzC,UAASE;AAC5C,QAAI,KAAKC,UAAU2I,IAAID,UAAAA,GAAa;AAClC,YAAMhF,aAAa,KAAK1D,UAAUqD,IAAIqF,UAAAA;AACtC,UAAIhF,eAAeG,QAAW;AAC5B,cAAMrB,KAAK,MAAMkB,WAAWL,IAAI9B,OAAAA;AAChC,eAAOiB,GAAGoG,uBAAuB;UAC/BC,gBAAgBzF,KAAKI;UACrBA,eAAeJ,KAAKI;UACpB,GAAIJ,KAAKgE,SAAS;YAAEA,OAAOhE,KAAKgE;UAAM;QACxC,CAAA;MACF;IACF;AACA,WAAOvD;EACT;EAEA,MAAM3B,cAAc,EAAEC,sBAAsBG,SAASF,oBAAmB,GAAyBb,SAAgD;AAC/I,QAAIuH,eAAuBjJ,UAASE;AACpC,QAAI2D;AACJ,QAAIpB,SAAS;AACX,UAAI,KAAKtC,UAAU2I,IAAIrG,OAAAA,GAAU;AAC/BwG,uBAAexG;AACfoB,qBAAa,KAAK1D,UAAUqD,IAAIyF,YAAAA;MAClC,eAAWC,aAAAA,UAAYzG,OAAAA,GAAU;AAC/B,YAAI;AAEF,gBAAM0G,KAAK,MAAMzH,QAAQuE,MAAMmD,iBAAiB;YAAEC,QAAQ5G;UAAQ,CAAA;AAClE,cAAI,KAAKtC,UAAU2I,IAAIK,GAAG1G,OAAO,GAAG;AAClCwG,2BAAeE,GAAG1G;AAClBoB,yBAAa,KAAK1D,UAAUqD,IAAIyF,YAAAA;UAClC;QACF,SAASK,QAAQ;QAAC;MACpB;AACA,UAAIhH,sBAAsB;AACxB2G,uBAAexG;MACjB,OAAO;AACLoB,qBAAa,KAAK1D,UAAUqD,IAAIyF,YAAAA;MAClC;IACF,OAAO;AACLpF,mBAAa,KAAK1D,UAAUqD,IAAIyF,YAAAA;IAClC;AAEA,QAAI,CAACpF,YAAY;AACf,UAAI,CAACvB,sBAAsB;AACzB,eAAO8F,QAAQmB,OAAO,gCAAgCN,YAAAA,EAAc;MACtE;AACA,YAAMO,eAAe,KAAKC,gBAAgBhH,OAAAA;AAC1C,YAAMiH,SAAS,MAAM,KAAKC,aAAajI,SAAS;QAAEe;QAASF;MAAyC,CAAA;AACpG,UAAI,CAACmH,OAAO9H,eAAeC,aAAaC,YAAY,OAAO4H,OAAO9H,eAAeC,YAAYC,SAASC,YAAY,YAAY;AAC5H,YAAI,CAAC2H,OAAO9H,gBAAgBC,aAAa;AACvC6H,iBAAO9H,iBAAiB;YAAE,GAAG8H,OAAO9H;UAAe;AACnD8H,iBAAO9H,eAAeC,cAAc;YAAE,GAAG6H,OAAO9H,eAAeC;UAAY;QAC7E;AACA0D,gBAAQC,IAAI,iEAAiE/C,OAAAA;AAC7EiH,eAAO9H,eAAeC,YAAYC,eAAWE,sCAAiBN,SAAS;UACrEO,uBAAuB;UACvBE,iBAAiB;UACjBD,oBAAoB;QACtB,CAAA;MACF;AACA2B,mBAAa,IAAI+F,WAAW;QAAEF;QAAQG,SAASL;MAAa,CAAA;AAC5D,WAAKrJ,UAAU2J,IAAIb,cAAcpF,UAAAA;IACnC;AACA,QAAItB,qBAAqB;AACvBsB,iBAAWa,UAAUqF,sBAAsBxH;IAC7C;AACA,WAAOsB;EACT;EAEA,MAAM8F,aAAajI,SAA2BzB,MAA+E;AAC3H,UAAM,EAAEwC,SAASF,oBAAwC,IAAKtC;AAC9D,UAAM+J,UAAU,KAAKP,gBAAgBhH,OAAAA,GAAUiH,UAAU,KAAKzJ,KAAK0B;AACnE,QAAI,CAACqI,SAAS;AACZ,YAAMvD,MAAM,6DAA6DhE,OAAAA,EAAS;IACpF;AACA,QAAI,KAAKxC,KAAK0B,aAAa;AACzB,UAAI,CAACqI,QAAQpI,gBAAgB;AAC3BoI,gBAAQpI,iBAAiB,KAAK3B,KAAK0B,aAAaC;MAClD,OAAO;AACL,YAAI,CAACoI,QAAQpI,eAAeqI,QAAQ;AAClCD,kBAAQpI,eAAeqI,SAAS,KAAKhK,KAAK0B,YAAYC,eAAeqI;QACvE;AACA,YAAI,CAACD,QAAQpI,eAAesI,qBAAqB;AAC/CF,kBAAQpI,eAAesI,sBAAsB,KAAKjK,KAAK0B,YAAYC,eAAesI;QACpF;AACA,YAAI,CAACF,QAAQG,mBAAmB;AAC9BH,kBAAQG,oBAAoB,KAAKlK,KAAK0B,YAAYwI;QACpD;MACF;AACA,UAAI,CAACH,QAAQpI,eAAeC,eAAe,OAAOmI,QAAQpI,eAAeC,YAAYC,UAAUC,YAAY,YAAY;AACrHiI,gBAAQpI,eAAeC,cAAc;UACnC,GAAG,KAAK5B,KAAK0B,YAAYC,eAAeC;UACxCC,UACE,KAAK7B,KAAK0B,YAAYC,gBAAgBC,aAAaC,gBACnDE,sCAAiBN,SAAS;YAAES,iBAAiB;YAAMD,oBAAoB;YAAMD,uBAAuB;UAAK,CAAA;QAC7G;MACF;IACF;AACA,QAAIM,wBAAwByB,UAAazB,wBAAwByH,QAAQD,qBAAqB;AAC5FC,cAAQD,sBAAsBxH;IAChC;AACA,WAAOyH;EACT;EAEAP,gBAAgBhH,SAAmD;AACjE,QAAI,CAAC,KAAKxC,KAAKuJ,aAAc,QAAOxF;AAEpC,UAAMoG,cAAc3H,UAAU,KAAKxC,KAAKuJ,aAAaa,KAAK,CAACC,MAAMA,EAAE7H,YAAYA,OAAAA,IAAWuB;AAE1F,WAAOoG,eAAe,KAAKG,kBAAkB9H,OAAAA;EAC/C;EAEQ8H,kBAAkB9H,SAA6B;AACrD,QAAI,CAAC,KAAKxC,KAAKuJ,aAAc,QAAOxF;AAEpC,UAAMwG,iBAAiB,KAAKvK,KAAKuJ,aAAaa,KAAK,CAACC,MAAMA,EAAE7H,YAAY,SAAA;AACxE,QAAI+H,gBAAgB;AAClB,YAAMC,gBAAgB;QAAE,GAAGD;MAAe;AAC1C,UAAI/H,YAAYuB,QAAW;AACzByG,sBAAchI,UAAUA;MAC1B;AACA,aAAOgI;IACT;AAEA,WAAOzG;EACT;AACF;","names":["import_did_auth_siop","import_ssi_sdk_ext","import_ssi_sdk","import_uuid","import_ssi_types","import_ssi_sdk_ext","getRequestVersion","rpOptions","Array","isArray","supportedVersions","length","SupportedVersion","OID4VP_v1","getWellKnownDIDVerifyCallback","siopIdentifierOpts","context","wellknownDIDVerifyCallback","args","result","agent","cvVerifyCredential","credential","fetchRemoteContexts","verified","getDcqlQueryLookupCallback","dcqlQueryLookup","queryId","version","tenantId","pdmGetDefinitions","filter","id","query","Promise","reject","Error","getPresentationVerificationCallback","idOpts","presentationVerificationCallback","presentationSubmission","CredentialMapper","isSdJwtEncoded","verifySdJwtPresentation","presentation","payload","isMsoMdocOid4VPEncoded","mdocOid4vpRPVerify","undefined","verifyResult","vp_token","presentation_submission","error","verifyPresentation","domain","identifierManagedGet","kid","split","createRPBuilder","rpOpts","identifierOpts","didMethods","supportedDIDMethods","getAgentDIDMethods","eventEmitter","EventEmitter","defaultClientMetadata","idTokenSigningAlgValuesSupported","SigningAlgo","EDDSA","ES256","ES256K","requestObjectSigningAlgValuesSupported","responseTypesSupported","ResponseType","ID_TOKEN","client_name","vpFormatsSupported","jwt_vc","alg","jwt_vp","scopesSupported","Scope","OPENID_DIDAUTHN","subjectTypesSupported","SubjectType","PAIRWISE","subject_syntax_types_supported","map","method","passBy","PassBy","VALUE","resolver","resolveOpts","getAgentResolver","resolverResolution","localResolution","uniresolverResolution","noUniversalResolverFallback","hasher","credentialOpts","defaultHasher","builder","RP","requestVersion","withScope","PropertyTarget","REQUEST_OBJECT","withResponseMode","responseMode","ResponseMode","POST","withResponseType","VP_TOKEN","withSupportedVersions","SIOPv2_OID4VP_D28","withEventEmitter","withSessionManager","sessionManager","InMemoryRPSessionManager","withClientMetadata","clientMetadataOpts","withVerifyJwtCallback","verifyJwtCallback","getVerifyJwtCallback","verifyOpts","checkLinkedDomain","withDcqlQueryLookup","withRevocationVerification","RevocationVerification","NEVER","withPresentationVerification","oidfOpts","isExternalIdentifierOIDFEntityIdOpts","withEntityId","identifier","resolution","clientId","client_id","issuer","isManagedIdentifierDidResult","did","jwkThumbprint","clientIdPrefixed","prefixClientId","withClientId","withHasher","responseRedirectUri","withResponseRedirectUri","createJwtCallback","signCallback","withCreateJwtCallback","jwtIssuer","jwt","isManagedIdentifierDidOpts","isManagedIdentifierX5cOpts","jwtCreateJwsCompactSignature","kmsKeyRef","noIdentifierInHeader","protectedHeader","header","_opts","_jwtVerifier","jwtVerifyJwsSignature","jws","raw","console","log","message","getSigningAlgo","type","SigningAlgo","EDDSA","ES256K","ES256","RS256","Error","prefixClientId","clientId","startsWith","ClientIdentifierPrefix","DECENTRALIZED_IDENTIFIER","import_ssi_sdk_ext","RPInstance","_rp","_presentationOptions","_rpOptions","rpOpts","pexOpts","get","context","builder","createRPBuilder","build","rpOptions","presentationOptions","createAuthorizationRequestURI","createArgs","correlationId","queryId","claims","requestByReferenceURI","responseURI","responseURIType","callback","nonce","uuidv4","state","jwtIssuer","idOpts","identifierOpts","resolution","ensureManagedIdentifierResult","isManagedIdentifierDidResult","didUrl","kid","method","alg","getSigningAlgo","key","type","isManagedIdentifierX5cResult","issuer","Promise","reject","x5c","Error","then","rp","version","getRequestVersion","createAuthorizationRequest","did","SIOPv2RP","opts","_DEFAULT_OPTS_KEY","instances","Map","schema","IDidAuthSiopOpAuthenticator","methods","siopCreateAuthRequestURI","createAuthorizationRequestURI","bind","siopCreateAuthRequestPayloads","createAuthorizationRequestPayloads","siopGetAuthRequestState","siopGetRequestState","siopGetAuthResponseState","siopGetResponseState","siopUpdateAuthRequestState","siopUpdateRequestState","siopDeleteAuthState","siopDeleteState","siopVerifyAuthResponse","siopImportDefinitions","siopGetRedirectURI","setDefaultOpts","rpDefaultOpts","context","defaultOpts","identifierOpts","resolveOpts","resolver","resolve","getAgentResolver","uniresolverResolution","resolverResolution","localResolution","createArgs","getRPInstance","createWhenNotPresent","responseRedirectURI","useQueryIdInstance","queryId","then","rp","URI","encodedUri","createAuthorizationRequest","request","authRequest","authorizationRequest","payload","requestObject","requestObjectJwt","requestObjectDecoded","getPayload","args","get","sessionManager","getRequestStateByCorrelationId","correlationId","errorOnNotFound","rpInstance","authorizationResponseState","getResponseStateByCorrelationId","undefined","responseState","status","AuthorizationResponseStateStatus","VERIFIED","hasher","CredentialMapper","isSdJwtEncoded","response","vp_token","rpOptions","credentialOpts","defaultHasher","vpToken","JSON","parse","claims","key","value","Object","entries","presentationDecoded","decodeVerifiablePresentation","console","log","stringify","allClaims","presentationOrClaims","presentationOrClaimsFrom","credential","verifiableCredential","vc","schemaValidationResult","agent","cvVerifySchema","validationPolicy","verificationPolicies","schemaValidation","result","ERROR","error","Error","credentialSubject","id","forEach","push","type","decodedPayload","vct","verifiedData","authorization_response","length","credential_claims","isSdJwtDecodedCredential","toUniformPresentation","state","signalAuthRequestRetrieved","deleteStateForCorrelationId","authorizationResponse","authResponse","decodeUriAsJson","verifyAuthorizationResponse","dcqlQuery","audience","importItems","tenantId","version","versionControlMode","Promise","all","map","importItem","DcqlQuery","validate","query","pdmPersistDefinition","definitionItem","instanceId","has","getResponseRedirectUri","correlation_id","rpInstanceId","isValidUUID","pd","pdmGetDefinition","itemId","ignore","reject","instanceOpts","getInstanceOpts","rpOpts","getRPOptions","RPInstance","pexOpts","set","responseRedirectUri","options","idOpts","supportedDIDMethods","supportedVersions","instanceOpt","find","i","getDefaultOptions","defaultOptions","clonedOptions"]}
1
+ {"version":3,"sources":["../src/index.ts","../plugin.schema.json","../src/agent/SIOPv2RP.ts","../src/functions.ts","../src/RPInstance.ts"],"sourcesContent":["/**\n * @public\n */\nimport schema from '../plugin.schema.json'\nexport { schema }\nexport { SIOPv2RP } from './agent/SIOPv2RP'\nexport * from './types/ISIOPv2RP'\n","{\n \"IDidAuthSiopOpAuthenticator\": {\n \"components\": {\n \"schemas\": {\n \"IGetSiopSessionArgs\": {\n \"type\": \"object\",\n \"properties\": {\n \"sessionId\": {\n \"type\": \"string\"\n },\n \"additionalProperties\": false\n },\n \"required\": [\"sessionId\"],\n \"description\": \"Arguments needed for {@link DidAuthSiopOpAuthenticator.getSessionForSiop } \"\n },\n \"IRegisterSiopSessionArgs\": {\n \"type\": \"object\",\n \"properties\": {\n \"identifier\": {\n \"type\": \"object\",\n \"properties\": {\n \"did\": {\n \"type\": \"string\"\n },\n \"alias\": {\n \"type\": \"string\"\n },\n \"provider\": {\n \"type\": \"string\"\n },\n \"controllerKeyId\": {\n \"type\": \"string\"\n },\n \"keys\": {\n \"type\": \"array\",\n \"items\": {\n \"type\": \"object\",\n \"properties\": {\n \"additionalProperties\": true\n }\n }\n },\n \"services\": {\n \"type\": \"array\",\n \"items\": {\n \"type\": \"object\",\n \"properties\": {\n \"additionalProperties\": true\n }\n }\n }\n },\n \"additionalProperties\": false,\n \"required\": [\"did\", \"provider\", \"keys\", \"services\"]\n },\n \"sessionId\": {\n \"type\": \"string\"\n },\n \"expiresIn\": {\n \"type\": \"number\"\n },\n \"additionalProperties\": false\n },\n \"required\": [\"identifier\"],\n \"description\": \"Arguments needed for {@link DidAuthSiopOpAuthenticator.registerSessionForSiop } \"\n },\n \"IRemoveSiopSessionArgs\": {\n \"type\": \"object\",\n \"properties\": {\n \"sessionId\": {\n \"type\": \"string\"\n },\n \"additionalProperties\": false\n },\n \"required\": [\"sessionId\"],\n \"description\": \"Arguments needed for {@link DidAuthSiopOpAuthenticator.removeSessionForSiop } \"\n },\n \"IAuthenticateWithSiopArgs\": {\n \"type\": \"object\",\n \"properties\": {\n \"sessionId\": {\n \"type\": \"string\"\n },\n \"stateId\": {\n \"type\": \"string\"\n },\n \"redirectUrl\": {\n \"type\": \"string\"\n },\n \"additionalProperties\": false\n },\n \"required\": [\"sessionId\", \"stateId\", \"redirectUrl\"],\n \"description\": \"Arguments needed for {@link DidAuthSiopOpAuthenticator.authenticateWithSiop } \"\n },\n \"IResponse\": {\n \"type\": \"object\",\n \"properties\": {\n \"status\": {\n \"type\": \"number\"\n },\n \"additionalProperties\": true\n },\n \"required\": [\"status\"],\n \"description\": \"Result of {@link DidAuthSiopOpAuthenticator.authenticateWithSiop & DidAuthSiopOpAuthenticator.sendSiopAuthenticationResponse } \"\n },\n \"IGetSiopAuthenticationRequestFromRpArgs\": {\n \"type\": \"object\",\n \"properties\": {\n \"sessionId\": {\n \"type\": \"string\"\n },\n \"stateId\": {\n \"type\": \"string\"\n },\n \"redirectUrl\": {\n \"type\": \"string\"\n },\n \"additionalProperties\": false\n },\n \"required\": [\"sessionId\", \"stateId\", \"redirectUrl\"],\n \"description\": \"Arguments needed for {@link DidAuthSiopOpAuthenticator.getSiopAuthenticationRequestFromRP } \"\n },\n \"ParsedAuthenticationRequestURI\": {\n \"type\": \"object\",\n \"properties\": {\n \"jwt\": {\n \"type\": \"string\"\n },\n \"requestPayload\": {\n \"type\": \"object\",\n \"properties\": {\n \"additionalProperties\": true\n }\n },\n \"registration\": {\n \"type\": \"object\",\n \"properties\": {\n \"additionalProperties\": true\n }\n },\n \"additionalProperties\": false\n },\n \"required\": [\"jwt\", \"requestPayload\", \"registration\"],\n \"description\": \"Result of {@link DidAuthSiopOpAuthenticator.getSiopAuthenticationRequestFromRP } \"\n },\n \"IGetSiopAuthenticationRequestDetailsArgs\": {\n \"type\": \"object\",\n \"properties\": {\n \"sessionId\": {\n \"type\": \"string\"\n },\n \"verifiedAuthenticationRequest\": {\n \"type\": \"object\",\n \"properties\": {\n \"additionalProperties\": true\n }\n },\n \"credentialFilter\": {\n \"type\": \"object\",\n \"properties\": {\n \"additionalProperties\": true\n }\n },\n \"additionalProperties\": false\n },\n \"required\": [\"sessionId\", \"verifiedAuthenticationRequest\"],\n \"description\": \"Arguments needed for {@link DidAuthSiopOpAuthenticator.getSiopAuthenticationRequestDetails } \"\n },\n \"IAuthRequestDetails\": {\n \"type\": \"object\",\n \"properties\": {\n \"id\": {\n \"type\": \"string\"\n },\n \"alsoKnownAs\": {\n \"type\": \"array\",\n \"items\": {\n \"type\": \"string\"\n }\n },\n \"vpResponseOpts\": {\n \"type\": \"object\",\n \"properties\": {\n \"additionalProperties\": true\n }\n },\n \"additionalProperties\": false\n },\n \"required\": [\"id\", \"vpResponseOpts\"],\n \"description\": \"Result of {@link DidAuthSiopOpAuthenticator.getSiopAuthenticationRequestDetails } \"\n },\n \"IVerifySiopAuthenticationRequestUriArgs\": {\n \"type\": \"object\",\n \"properties\": {\n \"sessionId\": {\n \"type\": \"string\"\n },\n \"ParsedAuthenticationRequestURI\": {\n \"type\": \"object\",\n \"properties\": {\n \"additionalProperties\": true\n }\n },\n \"additionalProperties\": false\n },\n \"required\": [\"sessionId\", \"ParsedAuthenticationRequestURI\"],\n \"description\": \"Arguments needed for {@link DidAuthSiopOpAuthenticator.verifySiopAuthenticationRequestURI } \"\n },\n \"VerifiedAuthorizationRequest\": {\n \"type\": \"object\",\n \"properties\": {\n \"payload\": {\n \"type\": \"object\",\n \"properties\": {\n \"additionalProperties\": true\n }\n },\n \"presentationDefinitions\": {\n \"type\": \"object\",\n \"properties\": {\n \"additionalProperties\": true\n }\n },\n \"verifyOpts\": {\n \"type\": \"object\",\n \"properties\": {\n \"additionalProperties\": true\n }\n },\n \"additionalProperties\": false\n },\n \"required\": [\"payload\", \"verifyOpts\"],\n \"description\": \"Result of {@link DidAuthSiopOpAuthenticator.verifySiopAuthenticationRequestURI } \"\n },\n \"ISendSiopAuthenticationResponseArgs\": {\n \"type\": \"object\",\n \"properties\": {\n \"sessionId\": {\n \"type\": \"string\"\n },\n \"verifiedAuthenticationRequest\": {\n \"type\": \"object\",\n \"properties\": {\n \"additionalProperties\": true\n }\n },\n \"verifiablePresentationResponse\": {\n \"type\": \"object\",\n \"properties\": {\n \"additionalProperties\": true\n }\n },\n \"additionalProperties\": false\n },\n \"required\": [\"sessionId\", \"verifiedAuthenticationRequest\"],\n \"description\": \"Arguments needed for {@link DidAuthSiopOpAuthenticator.sendSiopAuthenticationResponse } \"\n }\n },\n \"methods\": {\n \"getSessionForSiop\": {\n \"description\": \"Get SIOP session\",\n \"arguments\": {\n \"$ref\": \"#/components/schemas/IGetSiopSessionArgs\"\n },\n \"returnType\": \"object\"\n },\n \"registerSessionForSiop\": {\n \"description\": \"Register SIOP session\",\n \"arguments\": {\n \"$ref\": \"#/components/schemas/IRegisterSiopSessionArgs\"\n },\n \"returnType\": \"object\"\n },\n \"removeSessionForSiop\": {\n \"description\": \"Remove SIOP session\",\n \"arguments\": {\n \"$ref\": \"#/components/schemas/IRemoveSiopSessionArgs\"\n },\n \"returnType\": \"boolean\"\n },\n \"authenticateWithSiop\": {\n \"description\": \"Authenticate using DID Auth SIOP\",\n \"arguments\": {\n \"$ref\": \"#/components/schemas/IAuthenticateWithSiopArgs\"\n },\n \"returnType\": {\n \"$ref\": \"#/components/schemas/Response\"\n }\n },\n \"getSiopAuthenticationRequestFromRP\": {\n \"description\": \"Get authentication request from RP\",\n \"arguments\": {\n \"$ref\": \"#/components/schemas/IGetSiopAuthenticationRequestFromRpArgs\"\n },\n \"returnType\": {\n \"$ref\": \"#/components/schemas/ParsedAuthenticationRequestURI\"\n }\n },\n \"getSiopAuthenticationRequestDetails\": {\n \"description\": \"Get authentication request details\",\n \"arguments\": {\n \"$ref\": \"#/components/schemas/IGetSiopAuthenticationRequestDetailsArgs\"\n },\n \"returnType\": {\n \"$ref\": \"#/components/schemas/IAuthRequestDetails\"\n }\n },\n \"verifySiopAuthenticationRequestURI\": {\n \"description\": \"Verify authentication request URI\",\n \"arguments\": {\n \"$ref\": \"#/components/schemas/IVerifySiopAuthenticationRequestUriArgs\"\n },\n \"returnType\": {\n \"$ref\": \"#/components/schemas/VerifiedAuthorizationRequest\"\n }\n },\n \"sendSiopAuthenticationResponse\": {\n \"description\": \"Send authentication response\",\n \"arguments\": {\n \"$ref\": \"#/components/schemas/ISendSiopAuthenticationResponseArgs\"\n },\n \"returnType\": {\n \"$ref\": \"#/components/schemas/IRequiredContext\"\n }\n }\n }\n }\n }\n}\n","import {\n AuthorizationRequestState,\n AuthorizationResponsePayload,\n AuthorizationResponseState,\n AuthorizationResponseStateStatus,\n AuthorizationResponseStateWithVerifiedData,\n decodeUriAsJson,\n EncodedDcqlPresentationVpToken,\n VerifiedAuthorizationResponse\n} from '@sphereon/did-auth-siop'\nimport { getAgentResolver } from '@sphereon/ssi-sdk-ext.did-utils'\nimport { shaHasher as defaultHasher } from '@sphereon/ssi-sdk.core'\nimport { validate as isValidUUID } from 'uuid'\nimport type { ImportDcqlQueryItem } from '@sphereon/ssi-sdk.pd-manager'\nimport {\n AdditionalClaims,\n CredentialMapper,\n HasherSync,\n ICredentialSubject,\n IPresentation,\n IVerifiableCredential,\n IVerifiablePresentation,\n JwtDecodedVerifiablePresentation,\n MdocDeviceResponse,\n MdocOid4vpMdocVpToken,\n OriginalVerifiablePresentation,\n SdJwtDecodedVerifiableCredential\n} from '@sphereon/ssi-types'\nimport { IAgentPlugin } from '@veramo/core'\nimport { DcqlQuery } from 'dcql'\nimport {\n IAuthorizationRequestPayloads,\n ICreateAuthRequestArgs,\n IGetAuthRequestStateArgs,\n IGetAuthResponseStateArgs,\n IGetRedirectUriArgs,\n ImportDefinitionsArgs,\n IPEXInstanceOptions,\n IRequiredContext,\n IRPDefaultOpts,\n IRPOptions,\n ISiopRPInstanceArgs,\n ISiopv2RPOpts,\n IUpdateRequestStateArgs,\n IVerifyAuthResponseStateArgs,\n schema\n} from '../index'\nimport { RPInstance } from '../RPInstance'\nimport { ISIOPv2RP } from '../types/ISIOPv2RP'\n\nexport class SIOPv2RP implements IAgentPlugin {\n private readonly opts: ISiopv2RPOpts\n private static readonly _DEFAULT_OPTS_KEY = '_default'\n private readonly instances: Map<string, RPInstance> = new Map()\n readonly schema = schema.IDidAuthSiopOpAuthenticator\n\n readonly methods: ISIOPv2RP = {\n siopCreateAuthRequestURI: this.createAuthorizationRequestURI.bind(this),\n siopCreateAuthRequestPayloads: this.createAuthorizationRequestPayloads.bind(this),\n siopGetAuthRequestState: this.siopGetRequestState.bind(this),\n siopGetAuthResponseState: this.siopGetResponseState.bind(this),\n siopUpdateAuthRequestState: this.siopUpdateRequestState.bind(this),\n siopDeleteAuthState: this.siopDeleteState.bind(this),\n siopVerifyAuthResponse: this.siopVerifyAuthResponse.bind(this),\n siopImportDefinitions: this.siopImportDefinitions.bind(this),\n siopGetRedirectURI: this.siopGetRedirectURI.bind(this),\n }\n\n constructor(opts: ISiopv2RPOpts) {\n this.opts = opts\n }\n\n public setDefaultOpts(rpDefaultOpts: IRPDefaultOpts, context: IRequiredContext) {\n // We allow setting default options later, because in some cases you might want to query the agent for defaults. This cannot happen when the agent is being build (this is when the constructor is being called)\n this.opts.defaultOpts = rpDefaultOpts\n // We however do require the agent to be responsible for resolution, otherwise people might encounter strange errors, that are very hard to track down\n if (\n !this.opts.defaultOpts.identifierOpts.resolveOpts?.resolver ||\n typeof this.opts.defaultOpts.identifierOpts.resolveOpts.resolver.resolve !== 'function'\n ) {\n this.opts.defaultOpts.identifierOpts.resolveOpts = {\n ...this.opts.defaultOpts.identifierOpts.resolveOpts,\n resolver: getAgentResolver(context, { uniresolverResolution: true, resolverResolution: true, localResolution: true }),\n }\n }\n }\n\n private async createAuthorizationRequestURI(createArgs: ICreateAuthRequestArgs, context: IRequiredContext): Promise<string> {\n return await this.getRPInstance(\n {\n createWhenNotPresent: true,\n responseRedirectURI: createArgs.responseRedirectURI,\n ...(createArgs.useQueryIdInstance === true && { queryId: createArgs.queryId } ),\n },\n context,\n )\n .then((rp) => rp.createAuthorizationRequestURI(createArgs, context))\n .then((URI) => URI.encodedUri)\n }\n\n private async createAuthorizationRequestPayloads(\n createArgs: ICreateAuthRequestArgs,\n context: IRequiredContext,\n ): Promise<IAuthorizationRequestPayloads> {\n return await this.getRPInstance({ createWhenNotPresent: true, queryId: createArgs.queryId }, context)\n .then((rp) => rp.createAuthorizationRequest(createArgs, context))\n .then(async (request) => {\n const authRequest: IAuthorizationRequestPayloads = {\n authorizationRequest: request.payload,\n requestObject: await request.requestObjectJwt(),\n requestObjectDecoded: request.requestObject?.getPayload(),\n }\n return authRequest\n })\n }\n\n private async siopGetRequestState(args: IGetAuthRequestStateArgs, context: IRequiredContext): Promise<AuthorizationRequestState | undefined> {\n return await this.getRPInstance({ createWhenNotPresent: false, queryId: args.queryId }, context).then((rp) =>\n rp.get(context).then((rp) =>\n rp.sessionManager.getRequestStateByCorrelationId(args.correlationId, args.errorOnNotFound)\n ),\n )\n }\n\n private async siopGetResponseState(\n args: IGetAuthResponseStateArgs,\n context: IRequiredContext,\n ): Promise<AuthorizationResponseStateWithVerifiedData | undefined> {\n const rpInstance: RPInstance = await this.getRPInstance({ createWhenNotPresent: false, queryId: args.queryId }, context)\n const authorizationResponseState: AuthorizationResponseState | undefined = await rpInstance\n .get(context)\n .then((rp) => rp.sessionManager.getResponseStateByCorrelationId(args.correlationId, args.errorOnNotFound))\n if (authorizationResponseState === undefined) {\n return undefined\n }\n\n const responseState = authorizationResponseState as AuthorizationResponseStateWithVerifiedData\n if (responseState.status === AuthorizationResponseStateStatus.VERIFIED) {\n let hasher: HasherSync | undefined\n if (\n CredentialMapper.isSdJwtEncoded(responseState.response.payload.vp_token as OriginalVerifiablePresentation) &&\n (!rpInstance.rpOptions.credentialOpts?.hasher || typeof rpInstance.rpOptions.credentialOpts?.hasher !== 'function')\n ) {\n hasher = defaultHasher\n }\n\n // FIXME SSISDK-64 currently assuming that all vp tokens are or type EncodedDcqlPresentationVpToken as we only work with DCQL now. But the types still indicate it can be another type of vp token\n const vpToken = responseState.response.payload.vp_token && JSON.parse(responseState.response.payload.vp_token as EncodedDcqlPresentationVpToken)\n const claims = []\n for (const [key, value] of Object.entries(vpToken)) {\n // todo this should also include mdl-mdoc\n const presentationDecoded = CredentialMapper.decodeVerifiablePresentation(\n value as OriginalVerifiablePresentation,\n //todo: later we want to conditionally pass in options for mdl-mdoc here\n hasher,\n )\n console.log(`presentationDecoded: ${JSON.stringify(presentationDecoded)}`)\n\n const allClaims: AdditionalClaims = {}\n const presentationOrClaims = this.presentationOrClaimsFrom(presentationDecoded)\n if ('verifiableCredential' in presentationOrClaims) {\n for (const credential of presentationOrClaims.verifiableCredential) {\n const vc = credential as IVerifiableCredential\n const schemaValidationResult = await context.agent.cvVerifySchema({\n credential,\n hasher,\n validationPolicy: rpInstance.rpOptions.verificationPolicies?.schemaValidation,\n })\n if (!schemaValidationResult.result) {\n responseState.status = AuthorizationResponseStateStatus.ERROR\n responseState.error = new Error(schemaValidationResult.error)\n return responseState\n }\n\n const credentialSubject = vc.credentialSubject as ICredentialSubject & AdditionalClaims\n if (!('id' in allClaims)) {\n allClaims['id'] = credentialSubject.id\n }\n\n Object.entries(credentialSubject).forEach(([key, value]) => {\n if (!(key in allClaims)) {\n allClaims[key] = value\n }\n })\n\n claims.push({\n id: key,\n type: vc.type[0],\n claims: allClaims\n })\n }\n } else {\n claims.push({\n id: key,\n type: (presentationDecoded as SdJwtDecodedVerifiableCredential).decodedPayload.vct,\n claims: presentationOrClaims\n })\n }\n }\n\n responseState.verifiedData = {\n ...(responseState.response.payload.vp_token && {\n authorization_response: {\n vp_token: typeof responseState.response.payload.vp_token === 'string'\n ? JSON.parse(responseState.response.payload.vp_token)\n : responseState.response.payload.vp_token\n }\n }),\n ...(claims.length > 0 && { credential_claims: claims })\n }\n }\n\n return responseState\n }\n\n private presentationOrClaimsFrom = (\n presentationDecoded:\n | JwtDecodedVerifiablePresentation\n | IVerifiablePresentation\n | SdJwtDecodedVerifiableCredential\n | MdocOid4vpMdocVpToken\n | MdocDeviceResponse\n ): AdditionalClaims | IPresentation => {\n return CredentialMapper.isSdJwtDecodedCredential(presentationDecoded)\n ? presentationDecoded.decodedPayload\n : CredentialMapper.toUniformPresentation(presentationDecoded as OriginalVerifiablePresentation)\n }\n\n private async siopUpdateRequestState(args: IUpdateRequestStateArgs, context: IRequiredContext): Promise<AuthorizationRequestState> {\n if (args.state !== 'authorization_request_created') {\n throw Error(`Only 'authorization_request_created' status is supported for this method at this point`)\n }\n return await this.getRPInstance({ createWhenNotPresent: false, queryId: args.queryId }, context)\n // todo: In the SIOP library we need to update the signal method to be more like this method\n .then((rp) =>\n rp.get(context).then(async (rp) => {\n await rp.signalAuthRequestRetrieved({\n correlationId: args.correlationId,\n error: args.error ? new Error(args.error) : undefined,\n })\n return (await rp.sessionManager.getRequestStateByCorrelationId(args.correlationId, true)) as AuthorizationRequestState\n }),\n )\n }\n\n private async siopDeleteState(args: IGetAuthResponseStateArgs, context: IRequiredContext): Promise<boolean> {\n return await this.getRPInstance({ createWhenNotPresent: false, queryId: args.queryId }, context)\n .then((rp) => rp.get(context).then((rp) => rp.sessionManager.deleteStateForCorrelationId(args.correlationId)))\n .then(() => true)\n }\n\n private async siopVerifyAuthResponse(args: IVerifyAuthResponseStateArgs, context: IRequiredContext): Promise<VerifiedAuthorizationResponse> {\n if (!args.authorizationResponse) {\n throw Error('No SIOPv2 Authorization Response received')\n }\n const authResponse =\n typeof args.authorizationResponse === 'string'\n ? (decodeUriAsJson(args.authorizationResponse) as AuthorizationResponsePayload)\n : args.authorizationResponse\n return await this.getRPInstance({ createWhenNotPresent: false, queryId: args.queryId }, context).then((rp) =>\n rp.get(context).then((rp) =>\n rp.verifyAuthorizationResponse(authResponse, {\n correlationId: args.correlationId,\n ...(args.dcqlQuery && { dcqlQuery: args.dcqlQuery }),\n audience: args.audience,\n }),\n ),\n )\n }\n\n private async siopImportDefinitions(args: ImportDefinitionsArgs, context: IRequiredContext): Promise<void> {\n const { importItems, tenantId, version, versionControlMode } = args\n await Promise.all(\n importItems.map(async (importItem: ImportDcqlQueryItem) => {\n DcqlQuery.validate(importItem.query)\n console.log(`persisting DCQL definition ${importItem.queryId} with versionControlMode ${versionControlMode}`)\n\n return context.agent.pdmPersistDefinition({\n definitionItem: {\n queryId: importItem.queryId!,\n tenantId: tenantId,\n version: version,\n query: importItem.query,\n },\n opts: { versionControlMode: versionControlMode },\n })\n }),\n )\n }\n\n private async siopGetRedirectURI(args: IGetRedirectUriArgs, context: IRequiredContext): Promise<string | undefined> {\n const instanceId = args.queryId ?? SIOPv2RP._DEFAULT_OPTS_KEY\n if (this.instances.has(instanceId)) {\n const rpInstance = this.instances.get(instanceId)\n if (rpInstance !== undefined) {\n const rp = await rpInstance.get(context)\n return rp.getResponseRedirectUri({\n correlation_id: args.correlationId,\n correlationId: args.correlationId,\n ...(args.state && { state: args.state }),\n })\n }\n }\n return undefined\n }\n\n async getRPInstance({ createWhenNotPresent, queryId, responseRedirectURI }: ISiopRPInstanceArgs, context: IRequiredContext): Promise<RPInstance> {\n let rpInstanceId: string = SIOPv2RP._DEFAULT_OPTS_KEY\n let rpInstance: RPInstance | undefined\n if (queryId) {\n if (this.instances.has(queryId)) {\n rpInstanceId = queryId\n rpInstance = this.instances.get(rpInstanceId)!\n } else if (isValidUUID(queryId)) {\n try {\n // Check whether queryId is actually the PD item id\n const pd = await context.agent.pdmGetDefinition({ itemId: queryId })\n if (this.instances.has(pd.queryId)) {\n rpInstanceId = pd.queryId\n rpInstance = this.instances.get(rpInstanceId)!\n }\n } catch (ignore) {}\n }\n if (createWhenNotPresent) {\n rpInstanceId = queryId\n } else {\n rpInstance = this.instances.get(rpInstanceId)\n }\n } else {\n rpInstance = this.instances.get(rpInstanceId)\n }\n\n if (!rpInstance) {\n if (!createWhenNotPresent) {\n return Promise.reject(`No RP instance found for key ${rpInstanceId}`)\n }\n const instanceOpts = this.getInstanceOpts(queryId)\n const rpOpts = await this.getRPOptions(context, { queryId, responseRedirectURI: responseRedirectURI })\n if (!rpOpts.identifierOpts.resolveOpts?.resolver || typeof rpOpts.identifierOpts.resolveOpts.resolver.resolve !== 'function') {\n if (!rpOpts.identifierOpts?.resolveOpts) {\n rpOpts.identifierOpts = { ...rpOpts.identifierOpts }\n rpOpts.identifierOpts.resolveOpts = { ...rpOpts.identifierOpts.resolveOpts }\n }\n console.log('Using agent DID resolver for RP instance with definition id ' + queryId)\n rpOpts.identifierOpts.resolveOpts.resolver = getAgentResolver(context, {\n uniresolverResolution: true,\n localResolution: true,\n resolverResolution: true,\n })\n }\n rpInstance = new RPInstance({ rpOpts, pexOpts: instanceOpts })\n this.instances.set(rpInstanceId, rpInstance)\n }\n if (responseRedirectURI) {\n rpInstance.rpOptions.responseRedirectUri = responseRedirectURI\n }\n return rpInstance\n }\n\n async getRPOptions(context: IRequiredContext, opts: { queryId?: string; responseRedirectURI?: string }): Promise<IRPOptions> {\n const { queryId, responseRedirectURI: responseRedirectURI } = opts\n const options = this.getInstanceOpts(queryId)?.rpOpts ?? this.opts.defaultOpts\n if (!options) {\n throw Error(`Could not get specific nor default options for definition ${queryId}`)\n }\n if (this.opts.defaultOpts) {\n if (!options.identifierOpts) {\n options.identifierOpts = this.opts.defaultOpts?.identifierOpts\n } else {\n if (!options.identifierOpts.idOpts) {\n options.identifierOpts.idOpts = this.opts.defaultOpts.identifierOpts.idOpts\n }\n if (!options.identifierOpts.supportedDIDMethods) {\n options.identifierOpts.supportedDIDMethods = this.opts.defaultOpts.identifierOpts.supportedDIDMethods\n }\n if (!options.supportedVersions) {\n options.supportedVersions = this.opts.defaultOpts.supportedVersions\n }\n }\n if (!options.identifierOpts.resolveOpts || typeof options.identifierOpts.resolveOpts.resolver?.resolve !== 'function') {\n options.identifierOpts.resolveOpts = {\n ...this.opts.defaultOpts.identifierOpts.resolveOpts,\n resolver:\n this.opts.defaultOpts.identifierOpts?.resolveOpts?.resolver ??\n getAgentResolver(context, { localResolution: true, resolverResolution: true, uniresolverResolution: true }),\n }\n }\n }\n if (responseRedirectURI !== undefined && responseRedirectURI !== options.responseRedirectUri) {\n options.responseRedirectUri = responseRedirectURI\n }\n return options\n }\n\n getInstanceOpts(queryId?: string): IPEXInstanceOptions | undefined {\n if (!this.opts.instanceOpts) return undefined\n\n const instanceOpt = queryId ? this.opts.instanceOpts.find((i) => i.queryId === queryId) : undefined\n\n return instanceOpt ?? this.getDefaultOptions(queryId)\n }\n\n private getDefaultOptions(queryId: string | undefined) {\n if (!this.opts.instanceOpts) return undefined\n\n const defaultOptions = this.opts.instanceOpts.find((i) => i.queryId === 'default')\n if (defaultOptions) {\n const clonedOptions = { ...defaultOptions }\n if (queryId !== undefined) {\n clonedOptions.queryId = queryId\n }\n return clonedOptions\n }\n\n return undefined\n }\n}\n","import {\n ClientIdentifierPrefix,\n ClientMetadataOpts,\n DcqlQueryLookupCallback,\n InMemoryRPSessionManager,\n PassBy,\n PresentationVerificationCallback,\n PresentationVerificationResult,\n PropertyTarget,\n ResponseMode,\n ResponseType,\n RevocationVerification,\n RP,\n RPBuilder,\n Scope,\n SubjectType,\n SupportedVersion,\n VerifyJwtCallback,\n} from '@sphereon/did-auth-siop'\nimport { CreateJwtCallback, JwtHeader, JwtIssuer, JwtPayload, SigningAlgo } from '@sphereon/oid4vc-common'\nimport { IPresentationDefinition } from '@sphereon/pex'\nimport { getAgentDIDMethods, getAgentResolver } from '@sphereon/ssi-sdk-ext.did-utils'\nimport {\n isExternalIdentifierOIDFEntityIdOpts,\n isManagedIdentifierDidOpts,\n isManagedIdentifierDidResult,\n isManagedIdentifierX5cOpts,\n ManagedIdentifierOptsOrResult,\n} from '@sphereon/ssi-sdk-ext.identifier-resolution'\nimport { JwtCompactResult } from '@sphereon/ssi-sdk-ext.jwt-service'\nimport { IVerifySdJwtPresentationResult } from '@sphereon/ssi-sdk.sd-jwt'\nimport { CredentialMapper, HasherSync, OriginalVerifiableCredential, PresentationSubmission } from '@sphereon/ssi-types'\nimport { IVerifyCallbackArgs, IVerifyCredentialResult, VerifyCallback } from '@sphereon/wellknown-dids-client'\nimport { TKeyType } from '@veramo/core'\nimport { JWTVerifyOptions } from 'did-jwt'\nimport { Resolvable } from 'did-resolver'\nimport { EventEmitter } from 'events'\nimport { validate as isValidUUID } from 'uuid'\nimport { IRequiredContext, IRPOptions, ISIOPIdentifierOptions } from './types/ISIOPv2RP'\nimport { DcqlQuery } from 'dcql'\nimport { defaultHasher } from '@sphereon/ssi-sdk.core'\n\nexport function getRequestVersion(rpOptions: IRPOptions): SupportedVersion {\n if (Array.isArray(rpOptions.supportedVersions) && rpOptions.supportedVersions.length > 0) {\n return rpOptions.supportedVersions[0]\n }\n return SupportedVersion.OID4VP_v1\n}\n\nfunction getWellKnownDIDVerifyCallback(siopIdentifierOpts: ISIOPIdentifierOptions, context: IRequiredContext) {\n return siopIdentifierOpts.wellknownDIDVerifyCallback\n ? siopIdentifierOpts.wellknownDIDVerifyCallback\n : async (args: IVerifyCallbackArgs): Promise<IVerifyCredentialResult> => {\n const result = await context.agent.cvVerifyCredential({\n credential: args.credential as OriginalVerifiableCredential,\n fetchRemoteContexts: true,\n })\n return { verified: result.result }\n }\n}\n\nexport function getDcqlQueryLookupCallback(context: IRequiredContext): DcqlQueryLookupCallback {\n async function dcqlQueryLookup(queryId: string, version?: string, tenantId?: string): Promise<DcqlQuery> {\n // TODO Add caching?\n const result = await context.agent.pdmGetDefinitions({\n filter: [\n {\n queryId,\n ...(tenantId && { tenantId }),\n ...(version && { version }),\n },\n ...(isValidUUID(queryId) ? [{ id: queryId }] : []),\n ],\n })\n if (result && result.length > 0) {\n return result[0].query\n }\n\n return Promise.reject(Error(`No dcql query found for queryId ${queryId}`))\n }\n\n return dcqlQueryLookup\n}\n\nexport function getPresentationVerificationCallback(\n idOpts: ManagedIdentifierOptsOrResult,\n context: IRequiredContext,\n): PresentationVerificationCallback {\n async function presentationVerificationCallback(\n args: any, // FIXME any\n presentationSubmission?: PresentationSubmission,\n ): Promise<PresentationVerificationResult> {\n if (CredentialMapper.isSdJwtEncoded(args)) {\n const result: IVerifySdJwtPresentationResult = await context.agent.verifySdJwtPresentation({\n presentation: args,\n })\n // fixme: investigate the correct way to handle this\n return { verified: !!result.payload }\n }\n\n if (CredentialMapper.isMsoMdocOid4VPEncoded(args)) {\n // TODO Funke reevaluate\n if (context.agent.mdocOid4vpRPVerify === undefined) {\n return Promise.reject('ImDLMdoc agent plugin must be enabled to support MsoMdoc types')\n }\n if (presentationSubmission !== undefined && presentationSubmission !== null) {\n const verifyResult = await context.agent.mdocOid4vpRPVerify({\n vp_token: args,\n presentation_submission: presentationSubmission,\n })\n return { verified: !verifyResult.error }\n }\n throw Error(`mdocOid4vpRPVerify(...) method requires a presentation submission`)\n }\n\n const result = await context.agent.verifyPresentation({\n presentation: args,\n fetchRemoteContexts: true,\n domain: (await context.agent.identifierManagedGet(idOpts)).kid?.split('#')[0],\n })\n return { verified: result.verified }\n }\n\n return presentationVerificationCallback\n}\n\nexport async function createRPBuilder(args: {\n rpOpts: IRPOptions\n definition?: IPresentationDefinition\n context: IRequiredContext\n}): Promise<RPBuilder> {\n const { rpOpts, context } = args\n const { identifierOpts } = rpOpts\n\n const didMethods = identifierOpts.supportedDIDMethods ?? (await getAgentDIDMethods(context))\n const eventEmitter = rpOpts.eventEmitter ?? new EventEmitter()\n\n const defaultClientMetadata: ClientMetadataOpts = {\n // FIXME: All of the below should be configurable. Some should come from builder, some should be determined by the agent.\n // For now it is either preconfigured or everything passed in as a single object\n idTokenSigningAlgValuesSupported: [SigningAlgo.EDDSA, SigningAlgo.ES256, SigningAlgo.ES256K], // added newly\n requestObjectSigningAlgValuesSupported: [SigningAlgo.EDDSA, SigningAlgo.ES256, SigningAlgo.ES256K], // added newly\n responseTypesSupported: [ResponseType.ID_TOKEN], // added newly\n client_name: 'Sphereon',\n vpFormatsSupported: {\n jwt_vc: { alg: ['EdDSA', 'ES256K'] },\n jwt_vp: { alg: ['ES256K', 'EdDSA'] },\n },\n scopesSupported: [Scope.OPENID_DIDAUTHN],\n subjectTypesSupported: [SubjectType.PAIRWISE],\n subject_syntax_types_supported: didMethods.map((method) => `did:${method}`),\n passBy: PassBy.VALUE,\n }\n\n const resolver =\n rpOpts.identifierOpts.resolveOpts?.resolver ??\n getAgentResolver(context, {\n resolverResolution: true,\n localResolution: true,\n uniresolverResolution: rpOpts.identifierOpts.resolveOpts?.noUniversalResolverFallback !== true,\n })\n //todo: probably wise to first look and see if we actually need the hasher to begin with\n let hasher: HasherSync | undefined = rpOpts.credentialOpts?.hasher\n if (!rpOpts.credentialOpts?.hasher || typeof rpOpts.credentialOpts?.hasher !== 'function') {\n hasher = defaultHasher\n }\n\n const builder = RP.builder({ requestVersion: getRequestVersion(rpOpts) })\n .withScope('openid', PropertyTarget.REQUEST_OBJECT)\n .withResponseMode(rpOpts.responseMode ?? ResponseMode.POST)\n .withResponseType(ResponseType.VP_TOKEN, PropertyTarget.REQUEST_OBJECT)\n // todo: move to options fill/correct method\n .withSupportedVersions(rpOpts.supportedVersions ?? [SupportedVersion.OID4VP_v1, SupportedVersion.SIOPv2_OID4VP_D28])\n\n .withEventEmitter(eventEmitter)\n .withSessionManager(rpOpts.sessionManager ?? new InMemoryRPSessionManager(eventEmitter))\n .withClientMetadata(rpOpts.clientMetadataOpts ?? defaultClientMetadata, PropertyTarget.REQUEST_OBJECT)\n .withVerifyJwtCallback(\n rpOpts.verifyJwtCallback\n ? rpOpts.verifyJwtCallback\n : getVerifyJwtCallback(\n {\n resolver,\n verifyOpts: {\n wellknownDIDVerifyCallback: getWellKnownDIDVerifyCallback(rpOpts.identifierOpts, context),\n checkLinkedDomain: 'if_present',\n },\n },\n context,\n ),\n )\n .withDcqlQueryLookup(getDcqlQueryLookupCallback(context))\n .withRevocationVerification(RevocationVerification.NEVER)\n .withPresentationVerification(getPresentationVerificationCallback(identifierOpts.idOpts, context))\n\n const oidfOpts = identifierOpts.oidfOpts\n if (oidfOpts && isExternalIdentifierOIDFEntityIdOpts(oidfOpts)) {\n builder.withEntityId(oidfOpts.identifier, PropertyTarget.REQUEST_OBJECT)\n } else {\n const resolution = await context.agent.identifierManagedGet(identifierOpts.idOpts)\n const clientId: string =\n rpOpts.clientMetadataOpts?.client_id ??\n resolution.issuer ??\n (isManagedIdentifierDidResult(resolution) ? resolution.did : resolution.jwkThumbprint)\n const clientIdPrefixed = prefixClientId(clientId)\n builder.withClientId(clientIdPrefixed, PropertyTarget.REQUEST_OBJECT)\n }\n\n if (hasher) {\n builder.withHasher(hasher)\n }\n //fixme: this has been removed in the new version of did-auth-siop\n /*if (!rpOpts.clientMetadataOpts?.subjectTypesSupported) {\n // Do not update in case it is already provided via client metadata opts\n didMethods.forEach((method) => builder.addDidMethod(method))\n }*/\n //fixme: this has been removed in the new version of did-auth-siop\n // builder.withWellknownDIDVerifyCallback(getWellKnownDIDVerifyCallback(didOpts, context))\n\n if (rpOpts.responseRedirectUri) {\n builder.withResponseRedirectUri(rpOpts.responseRedirectUri)\n }\n\n //const key = resolution.key\n //fixme: this has been removed in the new version of did-auth-siop\n //builder.withSuppliedSignature(SuppliedSigner(key, context, getSigningAlgo(key.type) as unknown as KeyAlgo), did, kid, getSigningAlgo(key.type))\n\n /*if (isManagedIdentifierDidResult(resolution)) {\n //fixme: only accepts dids in version used. New SIOP lib also accepts other types\n builder.withSuppliedSignature(\n SuppliedSigner(key, context, getSigningAlgo(key.type) as unknown as KeyAlgo),\n resolution.did,\n resolution.kid,\n getSigningAlgo(key.type),\n )\n }*/\n //fixme: signcallback and it's return type are not totally compatible with our CreateJwtCallbackBase\n const createJwtCallback = signCallback(rpOpts.identifierOpts.idOpts, context)\n builder.withCreateJwtCallback(createJwtCallback satisfies CreateJwtCallback<any>)\n return builder\n}\n\nexport function signCallback(\n idOpts: ManagedIdentifierOptsOrResult,\n context: IRequiredContext,\n): (jwtIssuer: JwtIssuer, jwt: { header: JwtHeader; payload: JwtPayload }, kid?: string) => Promise<string> {\n return async (jwtIssuer: JwtIssuer, jwt: { header: JwtHeader; payload: JwtPayload }, kid?: string) => {\n if (!(isManagedIdentifierDidOpts(idOpts) || isManagedIdentifierX5cOpts(idOpts))) {\n return Promise.reject(Error(`JWT issuer method ${jwtIssuer.method} not yet supported`))\n }\n const result: JwtCompactResult = await context.agent.jwtCreateJwsCompactSignature({\n // FIXME fix cose-key inference\n // @ts-ignore\n issuer: { identifier: idOpts.identifier, kmsKeyRef: idOpts.kmsKeyRef, noIdentifierInHeader: false },\n // FIXME fix JWK key_ops\n // @ts-ignore\n protectedHeader: jwt.header,\n payload: jwt.payload,\n })\n return result.jwt\n }\n}\n\nfunction getVerifyJwtCallback(\n _opts: {\n resolver?: Resolvable\n verifyOpts?: JWTVerifyOptions & {\n checkLinkedDomain: 'never' | 'if_present' | 'always'\n wellknownDIDVerifyCallback?: VerifyCallback\n }\n },\n context: IRequiredContext,\n): VerifyJwtCallback {\n return async (_jwtVerifier, jwt) => {\n const result = await context.agent.jwtVerifyJwsSignature({ jws: jwt.raw })\n console.log(result.message)\n return !result.error\n }\n}\n\nexport async function createRP({ rpOptions, context }: { rpOptions: IRPOptions; context: IRequiredContext }): Promise<RP> {\n return (await createRPBuilder({ rpOpts: rpOptions, context })).build()\n}\n\nexport function getSigningAlgo(type: TKeyType): SigningAlgo {\n switch (type) {\n case 'Ed25519':\n return SigningAlgo.EDDSA\n case 'Secp256k1':\n return SigningAlgo.ES256K\n case 'Secp256r1':\n return SigningAlgo.ES256\n // @ts-ignore\n case 'RSA':\n return SigningAlgo.RS256\n default:\n throw Error('Key type not yet supported')\n }\n}\n\nexport function prefixClientId(clientId: string): string {\n // FIXME SSISDK-60\n if (clientId.startsWith('did:')) {\n return `${ClientIdentifierPrefix.DECENTRALIZED_IDENTIFIER}:${clientId}`\n }\n\n return clientId\n}\n","import { AuthorizationRequest, RP, URI } from '@sphereon/did-auth-siop'\nimport { ICreateAuthRequestArgs, IPresentationOptions, IRequiredContext, IRPOptions } from './types/ISIOPv2RP'\nimport { createRPBuilder, getRequestVersion, getSigningAlgo } from './functions'\nimport { v4 as uuidv4 } from 'uuid'\nimport { JwtIssuer } from '@sphereon/oid4vc-common'\nimport {\n ensureManagedIdentifierResult,\n isManagedIdentifierDidResult,\n isManagedIdentifierX5cResult,\n} from '@sphereon/ssi-sdk-ext.identifier-resolution'\n\nexport class RPInstance {\n private _rp: RP | undefined\n private readonly _presentationOptions: IPresentationOptions | undefined\n private readonly _rpOptions: IRPOptions\n\n public constructor({ rpOpts, pexOpts }: { rpOpts: IRPOptions; pexOpts?: IPresentationOptions }) {\n this._rpOptions = rpOpts\n this._presentationOptions = pexOpts\n }\n\n public async get(context: IRequiredContext): Promise<RP> {\n if (!this._rp) {\n const builder = await createRPBuilder({\n rpOpts: this._rpOptions,\n context,\n })\n this._rp = builder.build()\n }\n return this._rp!\n }\n\n get rpOptions() {\n return this._rpOptions\n }\n\n get presentationOptions() {\n return this._presentationOptions\n }\n\n public async createAuthorizationRequestURI(createArgs: ICreateAuthRequestArgs, context: IRequiredContext): Promise<URI> {\n const { correlationId, queryId, claims, requestByReferenceURI, responseURI, responseURIType, callback } = createArgs\n const nonce = createArgs.nonce ?? uuidv4()\n const state = createArgs.state ?? correlationId\n let jwtIssuer: JwtIssuer\n const idOpts = this.rpOptions.identifierOpts.idOpts\n const resolution = await ensureManagedIdentifierResult(idOpts, context)\n if (isManagedIdentifierDidResult(resolution)) {\n jwtIssuer = { didUrl: resolution.kid, method: 'did', alg: getSigningAlgo(resolution.key.type) }\n } else if (isManagedIdentifierX5cResult(resolution)) {\n if (!resolution.issuer) {\n return Promise.reject('missing issuer in idOpts')\n }\n jwtIssuer = {\n issuer: resolution.issuer,\n x5c: resolution.x5c,\n method: 'x5c',\n alg: getSigningAlgo(resolution.key.type),\n }\n } else {\n return Promise.reject(Error(`JWT issuer method ${resolution.method} not yet supported`))\n }\n\n return await this.get(context).then((rp) =>\n rp.createAuthorizationRequestURI({\n version: getRequestVersion(this.rpOptions),\n correlationId,\n queryId,\n nonce,\n state,\n claims,\n requestByReferenceURI,\n responseURI,\n responseURIType,\n jwtIssuer,\n callback,\n }),\n )\n }\n\n public async createAuthorizationRequest(\n createArgs: Omit<ICreateAuthRequestArgs, 'queryId'>,\n context: IRequiredContext,\n ): Promise<AuthorizationRequest> {\n const { correlationId, claims, requestByReferenceURI, responseURI, responseURIType } = createArgs\n const nonce = createArgs.nonce ?? uuidv4()\n const state = createArgs.state ?? correlationId\n const idOpts = this.rpOptions.identifierOpts.idOpts\n const resolution = await ensureManagedIdentifierResult(idOpts, context)\n\n let jwtIssuer: JwtIssuer\n if (isManagedIdentifierX5cResult(resolution) && resolution.issuer) {\n jwtIssuer = {\n method: resolution.method,\n alg: getSigningAlgo(resolution.key.type),\n x5c: resolution.x5c,\n issuer: resolution.issuer,\n }\n } else if (isManagedIdentifierDidResult(resolution)) {\n jwtIssuer = {\n method: resolution.method,\n alg: getSigningAlgo(resolution.key.type),\n didUrl: resolution.did,\n }\n } else {\n return Promise.reject(Error('Only did & x5c supported at present'))\n }\n\n return await this.get(context).then((rp) =>\n rp.createAuthorizationRequest({\n version: getRequestVersion(this.rpOptions),\n correlationId,\n nonce,\n state,\n claims,\n requestByReferenceURI,\n responseURIType,\n responseURI,\n jwtIssuer,\n }),\n )\n }\n}\n"],"mappings":";;;;;;;;;;;;;;;;;;;;;AAAA;;;;;;;;ACAA;AAAA,EACE,6BAA+B;AAAA,IAC7B,YAAc;AAAA,MACZ,SAAW;AAAA,QACT,qBAAuB;AAAA,UACrB,MAAQ;AAAA,UACR,YAAc;AAAA,YACZ,WAAa;AAAA,cACX,MAAQ;AAAA,YACV;AAAA,YACA,sBAAwB;AAAA,UAC1B;AAAA,UACA,UAAY,CAAC,WAAW;AAAA,UACxB,aAAe;AAAA,QACjB;AAAA,QACA,0BAA4B;AAAA,UAC1B,MAAQ;AAAA,UACR,YAAc;AAAA,YACZ,YAAc;AAAA,cACZ,MAAQ;AAAA,cACR,YAAc;AAAA,gBACZ,KAAO;AAAA,kBACL,MAAQ;AAAA,gBACV;AAAA,gBACA,OAAS;AAAA,kBACP,MAAQ;AAAA,gBACV;AAAA,gBACA,UAAY;AAAA,kBACV,MAAQ;AAAA,gBACV;AAAA,gBACA,iBAAmB;AAAA,kBACjB,MAAQ;AAAA,gBACV;AAAA,gBACA,MAAQ;AAAA,kBACN,MAAQ;AAAA,kBACR,OAAS;AAAA,oBACP,MAAQ;AAAA,oBACR,YAAc;AAAA,sBACZ,sBAAwB;AAAA,oBAC1B;AAAA,kBACF;AAAA,gBACF;AAAA,gBACA,UAAY;AAAA,kBACV,MAAQ;AAAA,kBACR,OAAS;AAAA,oBACP,MAAQ;AAAA,oBACR,YAAc;AAAA,sBACZ,sBAAwB;AAAA,oBAC1B;AAAA,kBACF;AAAA,gBACF;AAAA,cACF;AAAA,cACA,sBAAwB;AAAA,cACxB,UAAY,CAAC,OAAO,YAAY,QAAQ,UAAU;AAAA,YACpD;AAAA,YACA,WAAa;AAAA,cACX,MAAQ;AAAA,YACV;AAAA,YACA,WAAa;AAAA,cACX,MAAQ;AAAA,YACV;AAAA,YACA,sBAAwB;AAAA,UAC1B;AAAA,UACA,UAAY,CAAC,YAAY;AAAA,UACzB,aAAe;AAAA,QACjB;AAAA,QACA,wBAA0B;AAAA,UACxB,MAAQ;AAAA,UACR,YAAc;AAAA,YACZ,WAAa;AAAA,cACX,MAAQ;AAAA,YACV;AAAA,YACA,sBAAwB;AAAA,UAC1B;AAAA,UACA,UAAY,CAAC,WAAW;AAAA,UACxB,aAAe;AAAA,QACjB;AAAA,QACA,2BAA6B;AAAA,UAC3B,MAAQ;AAAA,UACR,YAAc;AAAA,YACZ,WAAa;AAAA,cACX,MAAQ;AAAA,YACV;AAAA,YACA,SAAW;AAAA,cACT,MAAQ;AAAA,YACV;AAAA,YACA,aAAe;AAAA,cACb,MAAQ;AAAA,YACV;AAAA,YACA,sBAAwB;AAAA,UAC1B;AAAA,UACA,UAAY,CAAC,aAAa,WAAW,aAAa;AAAA,UAClD,aAAe;AAAA,QACjB;AAAA,QACA,WAAa;AAAA,UACX,MAAQ;AAAA,UACR,YAAc;AAAA,YACZ,QAAU;AAAA,cACR,MAAQ;AAAA,YACV;AAAA,YACA,sBAAwB;AAAA,UAC1B;AAAA,UACA,UAAY,CAAC,QAAQ;AAAA,UACrB,aAAe;AAAA,QACjB;AAAA,QACA,yCAA2C;AAAA,UACzC,MAAQ;AAAA,UACR,YAAc;AAAA,YACZ,WAAa;AAAA,cACX,MAAQ;AAAA,YACV;AAAA,YACA,SAAW;AAAA,cACT,MAAQ;AAAA,YACV;AAAA,YACA,aAAe;AAAA,cACb,MAAQ;AAAA,YACV;AAAA,YACA,sBAAwB;AAAA,UAC1B;AAAA,UACA,UAAY,CAAC,aAAa,WAAW,aAAa;AAAA,UAClD,aAAe;AAAA,QACjB;AAAA,QACA,gCAAkC;AAAA,UAChC,MAAQ;AAAA,UACR,YAAc;AAAA,YACZ,KAAO;AAAA,cACL,MAAQ;AAAA,YACV;AAAA,YACA,gBAAkB;AAAA,cAChB,MAAQ;AAAA,cACR,YAAc;AAAA,gBACZ,sBAAwB;AAAA,cAC1B;AAAA,YACF;AAAA,YACA,cAAgB;AAAA,cACd,MAAQ;AAAA,cACR,YAAc;AAAA,gBACZ,sBAAwB;AAAA,cAC1B;AAAA,YACF;AAAA,YACA,sBAAwB;AAAA,UAC1B;AAAA,UACA,UAAY,CAAC,OAAO,kBAAkB,cAAc;AAAA,UACpD,aAAe;AAAA,QACjB;AAAA,QACA,0CAA4C;AAAA,UAC1C,MAAQ;AAAA,UACR,YAAc;AAAA,YACZ,WAAa;AAAA,cACX,MAAQ;AAAA,YACV;AAAA,YACA,+BAAiC;AAAA,cAC/B,MAAQ;AAAA,cACR,YAAc;AAAA,gBACZ,sBAAwB;AAAA,cAC1B;AAAA,YACF;AAAA,YACA,kBAAoB;AAAA,cAClB,MAAQ;AAAA,cACR,YAAc;AAAA,gBACZ,sBAAwB;AAAA,cAC1B;AAAA,YACF;AAAA,YACA,sBAAwB;AAAA,UAC1B;AAAA,UACA,UAAY,CAAC,aAAa,+BAA+B;AAAA,UACzD,aAAe;AAAA,QACjB;AAAA,QACA,qBAAuB;AAAA,UACrB,MAAQ;AAAA,UACR,YAAc;AAAA,YACZ,IAAM;AAAA,cACJ,MAAQ;AAAA,YACV;AAAA,YACA,aAAe;AAAA,cACb,MAAQ;AAAA,cACR,OAAS;AAAA,gBACP,MAAQ;AAAA,cACV;AAAA,YACF;AAAA,YACA,gBAAkB;AAAA,cAChB,MAAQ;AAAA,cACR,YAAc;AAAA,gBACZ,sBAAwB;AAAA,cAC1B;AAAA,YACF;AAAA,YACA,sBAAwB;AAAA,UAC1B;AAAA,UACA,UAAY,CAAC,MAAM,gBAAgB;AAAA,UACnC,aAAe;AAAA,QACjB;AAAA,QACA,yCAA2C;AAAA,UACzC,MAAQ;AAAA,UACR,YAAc;AAAA,YACZ,WAAa;AAAA,cACX,MAAQ;AAAA,YACV;AAAA,YACA,gCAAkC;AAAA,cAChC,MAAQ;AAAA,cACR,YAAc;AAAA,gBACZ,sBAAwB;AAAA,cAC1B;AAAA,YACF;AAAA,YACA,sBAAwB;AAAA,UAC1B;AAAA,UACA,UAAY,CAAC,aAAa,gCAAgC;AAAA,UAC1D,aAAe;AAAA,QACjB;AAAA,QACA,8BAAgC;AAAA,UAC9B,MAAQ;AAAA,UACR,YAAc;AAAA,YACZ,SAAW;AAAA,cACT,MAAQ;AAAA,cACR,YAAc;AAAA,gBACZ,sBAAwB;AAAA,cAC1B;AAAA,YACF;AAAA,YACA,yBAA2B;AAAA,cACzB,MAAQ;AAAA,cACR,YAAc;AAAA,gBACZ,sBAAwB;AAAA,cAC1B;AAAA,YACF;AAAA,YACA,YAAc;AAAA,cACZ,MAAQ;AAAA,cACR,YAAc;AAAA,gBACZ,sBAAwB;AAAA,cAC1B;AAAA,YACF;AAAA,YACA,sBAAwB;AAAA,UAC1B;AAAA,UACA,UAAY,CAAC,WAAW,YAAY;AAAA,UACpC,aAAe;AAAA,QACjB;AAAA,QACA,qCAAuC;AAAA,UACrC,MAAQ;AAAA,UACR,YAAc;AAAA,YACZ,WAAa;AAAA,cACX,MAAQ;AAAA,YACV;AAAA,YACA,+BAAiC;AAAA,cAC/B,MAAQ;AAAA,cACR,YAAc;AAAA,gBACZ,sBAAwB;AAAA,cAC1B;AAAA,YACF;AAAA,YACA,gCAAkC;AAAA,cAChC,MAAQ;AAAA,cACR,YAAc;AAAA,gBACZ,sBAAwB;AAAA,cAC1B;AAAA,YACF;AAAA,YACA,sBAAwB;AAAA,UAC1B;AAAA,UACA,UAAY,CAAC,aAAa,+BAA+B;AAAA,UACzD,aAAe;AAAA,QACjB;AAAA,MACF;AAAA,MACA,SAAW;AAAA,QACT,mBAAqB;AAAA,UACnB,aAAe;AAAA,UACf,WAAa;AAAA,YACX,MAAQ;AAAA,UACV;AAAA,UACA,YAAc;AAAA,QAChB;AAAA,QACA,wBAA0B;AAAA,UACxB,aAAe;AAAA,UACf,WAAa;AAAA,YACX,MAAQ;AAAA,UACV;AAAA,UACA,YAAc;AAAA,QAChB;AAAA,QACA,sBAAwB;AAAA,UACtB,aAAe;AAAA,UACf,WAAa;AAAA,YACX,MAAQ;AAAA,UACV;AAAA,UACA,YAAc;AAAA,QAChB;AAAA,QACA,sBAAwB;AAAA,UACtB,aAAe;AAAA,UACf,WAAa;AAAA,YACX,MAAQ;AAAA,UACV;AAAA,UACA,YAAc;AAAA,YACZ,MAAQ;AAAA,UACV;AAAA,QACF;AAAA,QACA,oCAAsC;AAAA,UACpC,aAAe;AAAA,UACf,WAAa;AAAA,YACX,MAAQ;AAAA,UACV;AAAA,UACA,YAAc;AAAA,YACZ,MAAQ;AAAA,UACV;AAAA,QACF;AAAA,QACA,qCAAuC;AAAA,UACrC,aAAe;AAAA,UACf,WAAa;AAAA,YACX,MAAQ;AAAA,UACV;AAAA,UACA,YAAc;AAAA,YACZ,MAAQ;AAAA,UACV;AAAA,QACF;AAAA,QACA,oCAAsC;AAAA,UACpC,aAAe;AAAA,UACf,WAAa;AAAA,YACX,MAAQ;AAAA,UACV;AAAA,UACA,YAAc;AAAA,YACZ,MAAQ;AAAA,UACV;AAAA,QACF;AAAA,QACA,gCAAkC;AAAA,UAChC,aAAe;AAAA,UACf,WAAa;AAAA,YACX,MAAQ;AAAA,UACV;AAAA,UACA,YAAc;AAAA,YACZ,MAAQ;AAAA,UACV;AAAA,QACF;AAAA,MACF;AAAA,IACF;AAAA,EACF;AACF;;;ACxUA,IAAAA,wBASO;AACP,IAAAC,sBAAiC;AACjC,IAAAC,kBAA2C;AAC3C,IAAAC,eAAwC;AAExC,IAAAC,oBAaO;AAEP,kBAA0B;;;AC7B1B,2BAkBO;AACP,2BAAiF;AAEjF,yBAAqD;AACrD,IAAAC,sBAMO;AAGP,uBAAmG;AAKnG,oBAA6B;AAC7B,kBAAwC;AAGxC,qBAA8B;AAEvB,SAASC,kBAAkBC,WAAqB;AACrD,MAAIC,MAAMC,QAAQF,UAAUG,iBAAiB,KAAKH,UAAUG,kBAAkBC,SAAS,GAAG;AACxF,WAAOJ,UAAUG,kBAAkB,CAAA;EACrC;AACA,SAAOE,sCAAiBC;AAC1B;AALgBP;AAOhB,SAASQ,8BAA8BC,oBAA4CC,SAAyB;AAC1G,SAAOD,mBAAmBE,6BACtBF,mBAAmBE,6BACnB,OAAOC,SAAAA;AACL,UAAMC,SAAS,MAAMH,QAAQI,MAAMC,mBAAmB;MACpDC,YAAYJ,KAAKI;MACjBC,qBAAqB;IACvB,CAAA;AACA,WAAO;MAAEC,UAAUL,OAAOA;IAAO;EACnC;AACN;AAVSL;AAYF,SAASW,2BAA2BT,SAAyB;AAClE,iBAAeU,gBAAgBC,SAAiBC,SAAkBC,UAAiB;AAEjF,UAAMV,SAAS,MAAMH,QAAQI,MAAMU,kBAAkB;MACnDC,QAAQ;QACN;UACEJ;UACA,GAAIE,YAAY;YAAEA;UAAS;UAC3B,GAAID,WAAW;YAAEA;UAAQ;QAC3B;eACII,YAAAA,UAAYL,OAAAA,IAAW;UAAC;YAAEM,IAAIN;UAAQ;YAAK,CAAA;;IAEnD,CAAA;AACA,QAAIR,UAAUA,OAAOR,SAAS,GAAG;AAC/B,aAAOQ,OAAO,CAAA,EAAGe;IACnB;AAEA,WAAOC,QAAQC,OAAOC,MAAM,mCAAmCV,OAAAA,EAAS,CAAA;EAC1E;AAjBeD;AAmBf,SAAOA;AACT;AArBgBD;AAuBT,SAASa,oCACdC,QACAvB,SAAyB;AAEzB,iBAAewB,iCACbtB,MACAuB,wBAA+C;AAE/C,QAAIC,kCAAiBC,eAAezB,IAAAA,GAAO;AACzC,YAAMC,UAAyC,MAAMH,QAAQI,MAAMwB,wBAAwB;QACzFC,cAAc3B;MAChB,CAAA;AAEA,aAAO;QAAEM,UAAU,CAAC,CAACL,QAAO2B;MAAQ;IACtC;AAEA,QAAIJ,kCAAiBK,uBAAuB7B,IAAAA,GAAO;AAEjD,UAAIF,QAAQI,MAAM4B,uBAAuBC,QAAW;AAClD,eAAOd,QAAQC,OAAO,gEAAA;MACxB;AACA,UAAIK,2BAA2BQ,UAAaR,2BAA2B,MAAM;AAC3E,cAAMS,eAAe,MAAMlC,QAAQI,MAAM4B,mBAAmB;UAC1DG,UAAUjC;UACVkC,yBAAyBX;QAC3B,CAAA;AACA,eAAO;UAAEjB,UAAU,CAAC0B,aAAaG;QAAM;MACzC;AACA,YAAMhB,MAAM,mEAAmE;IACjF;AAEA,UAAMlB,SAAS,MAAMH,QAAQI,MAAMkC,mBAAmB;MACpDT,cAAc3B;MACdK,qBAAqB;MACrBgC,SAAS,MAAMvC,QAAQI,MAAMoC,qBAAqBjB,MAAAA,GAASkB,KAAKC,MAAM,GAAA,EAAK,CAAA;IAC7E,CAAA;AACA,WAAO;MAAElC,UAAUL,OAAOK;IAAS;EACrC;AAjCegB;AAmCf,SAAOA;AACT;AAxCgBF;AA0ChB,eAAsBqB,gBAAgBzC,MAIrC;AACC,QAAM,EAAE0C,QAAQ5C,QAAO,IAAKE;AAC5B,QAAM,EAAE2C,eAAc,IAAKD;AAE3B,QAAME,aAAaD,eAAeE,uBAAwB,UAAMC,uCAAmBhD,OAAAA;AACnF,QAAMiD,eAAeL,OAAOK,gBAAgB,IAAIC,2BAAAA;AAEhD,QAAMC,wBAA4C;;;IAGhDC,kCAAkC;MAACC,iCAAYC;MAAOD,iCAAYE;MAAOF,iCAAYG;;IACrFC,wCAAwC;MAACJ,iCAAYC;MAAOD,iCAAYE;MAAOF,iCAAYG;;IAC3FE,wBAAwB;MAACC,kCAAaC;;IACtCC,aAAa;IACbC,oBAAoB;MAClBC,QAAQ;QAAEC,KAAK;UAAC;UAAS;;MAAU;MACnCC,QAAQ;QAAED,KAAK;UAAC;UAAU;;MAAS;IACrC;IACAE,iBAAiB;MAACC,2BAAMC;;IACxBC,uBAAuB;MAACC,iCAAYC;;IACpCC,gCAAgC1B,WAAW2B,IAAI,CAACC,WAAW,OAAOA,MAAAA,EAAQ;IAC1EC,QAAQC,4BAAOC;EACjB;AAEA,QAAMC,WACJlC,OAAOC,eAAekC,aAAaD,gBACnCE,qCAAiBhF,SAAS;IACxBiF,oBAAoB;IACpBC,iBAAiB;IACjBC,uBAAuBvC,OAAOC,eAAekC,aAAaK,gCAAgC;EAC5F,CAAA;AAEF,MAAIC,SAAiCzC,OAAO0C,gBAAgBD;AAC5D,MAAI,CAACzC,OAAO0C,gBAAgBD,UAAU,OAAOzC,OAAO0C,gBAAgBD,WAAW,YAAY;AACzFA,aAASE;EACX;AAEA,QAAMC,UAAUC,wBAAGD,QAAQ;IAAEE,gBAAgBpG,kBAAkBsD,MAAAA;EAAQ,CAAA,EACpE+C,UAAU,UAAUC,oCAAeC,cAAc,EACjDC,iBAAiBlD,OAAOmD,gBAAgBC,kCAAaC,IAAI,EACzDC,iBAAiBvC,kCAAawC,UAAUP,oCAAeC,cAAc,EAErEO,sBAAsBxD,OAAOlD,qBAAqB;IAACE,sCAAiBC;IAAWD,sCAAiByG;GAAkB,EAElHC,iBAAiBrD,YAAAA,EACjBsD,mBAAmB3D,OAAO4D,kBAAkB,IAAIC,8CAAyBxD,YAAAA,CAAAA,EACzEyD,mBAAmB9D,OAAO+D,sBAAsBxD,uBAAuByC,oCAAeC,cAAc,EACpGe,sBACChE,OAAOiE,oBACHjE,OAAOiE,oBACPC,qBACE;IACEhC;IACAiC,YAAY;MACV9G,4BAA4BH,8BAA8B8C,OAAOC,gBAAgB7C,OAAAA;MACjFgH,mBAAmB;IACrB;EACF,GACAhH,OAAAA,CAAAA,EAGPiH,oBAAoBxG,2BAA2BT,OAAAA,CAAAA,EAC/CkH,2BAA2BC,4CAAuBC,KAAK,EACvDC,6BAA6B/F,oCAAoCuB,eAAetB,QAAQvB,OAAAA,CAAAA;AAE3F,QAAMsH,WAAWzE,eAAeyE;AAChC,MAAIA,gBAAYC,0DAAqCD,QAAAA,GAAW;AAC9D9B,YAAQgC,aAAaF,SAASG,YAAY7B,oCAAeC,cAAc;EACzE,OAAO;AACL,UAAM6B,aAAa,MAAM1H,QAAQI,MAAMoC,qBAAqBK,eAAetB,MAAM;AACjF,UAAMoG,WACJ/E,OAAO+D,oBAAoBiB,aAC3BF,WAAWG,eACVC,kDAA6BJ,UAAAA,IAAcA,WAAWK,MAAML,WAAWM;AAC1E,UAAMC,mBAAmBC,eAAeP,QAAAA;AACxCnC,YAAQ2C,aAAaF,kBAAkBrC,oCAAeC,cAAc;EACtE;AAEA,MAAIR,QAAQ;AACVG,YAAQ4C,WAAW/C,MAAAA;EACrB;AASA,MAAIzC,OAAOyF,qBAAqB;AAC9B7C,YAAQ8C,wBAAwB1F,OAAOyF,mBAAmB;EAC5D;AAgBA,QAAME,oBAAoBC,aAAa5F,OAAOC,eAAetB,QAAQvB,OAAAA;AACrEwF,UAAQiD,sBAAsBF,iBAAAA;AAC9B,SAAO/C;AACT;AAlHsB7C;AAoHf,SAAS6F,aACdjH,QACAvB,SAAyB;AAEzB,SAAO,OAAO0I,WAAsBC,KAAiDlG,QAAAA;AACnF,QAAI,MAAEmG,gDAA2BrH,MAAAA,SAAWsH,gDAA2BtH,MAAAA,IAAU;AAC/E,aAAOJ,QAAQC,OAAOC,MAAM,qBAAqBqH,UAAUhE,MAAM,oBAAoB,CAAA;IACvF;AACA,UAAMvE,SAA2B,MAAMH,QAAQI,MAAM0I,6BAA6B;;;MAGhFjB,QAAQ;QAAEJ,YAAYlG,OAAOkG;QAAYsB,WAAWxH,OAAOwH;QAAWC,sBAAsB;MAAM;;;MAGlGC,iBAAiBN,IAAIO;MACrBpH,SAAS6G,IAAI7G;IACf,CAAA;AACA,WAAO3B,OAAOwI;EAChB;AACF;AAnBgBH;AAqBhB,SAAS1B,qBACPqC,OAOAnJ,SAAyB;AAEzB,SAAO,OAAOoJ,cAAcT,QAAAA;AAC1B,UAAMxI,SAAS,MAAMH,QAAQI,MAAMiJ,sBAAsB;MAAEC,KAAKX,IAAIY;IAAI,CAAA;AACxEC,YAAQC,IAAItJ,OAAOuJ,OAAO;AAC1B,WAAO,CAACvJ,OAAOkC;EACjB;AACF;AAfSyE;AAqBF,SAAS6C,eAAeC,MAAc;AAC3C,UAAQA,MAAAA;IACN,KAAK;AACH,aAAOC,iCAAYC;IACrB,KAAK;AACH,aAAOD,iCAAYE;IACrB,KAAK;AACH,aAAOF,iCAAYG;;IAErB,KAAK;AACH,aAAOH,iCAAYI;IACrB;AACE,YAAMC,MAAM,4BAAA;EAChB;AACF;AAdgBP;AAgBT,SAASQ,eAAeC,UAAgB;AAE7C,MAAIA,SAASC,WAAW,MAAA,GAAS;AAC/B,WAAO,GAAGC,4CAAuBC,wBAAwB,IAAIH,QAAAA;EAC/D;AAEA,SAAOA;AACT;AAPgBD;;;ACzShB,IAAAK,eAA6B;AAE7B,IAAAC,sBAIO;AAEA,IAAMC,aAAN,MAAMA;EATb,OASaA;;;EACHC;EACSC;EACAC;EAEjB,YAAmB,EAAEC,QAAQC,QAAO,GAA4D;AAC9F,SAAKF,aAAaC;AAClB,SAAKF,uBAAuBG;EAC9B;EAEA,MAAaC,IAAIC,SAAwC;AACvD,QAAI,CAAC,KAAKN,KAAK;AACb,YAAMO,UAAU,MAAMC,gBAAgB;QACpCL,QAAQ,KAAKD;QACbI;MACF,CAAA;AACA,WAAKN,MAAMO,QAAQE,MAAK;IAC1B;AACA,WAAO,KAAKT;EACd;EAEA,IAAIU,YAAY;AACd,WAAO,KAAKR;EACd;EAEA,IAAIS,sBAAsB;AACxB,WAAO,KAAKV;EACd;EAEA,MAAaW,8BAA8BC,YAAoCP,SAAyC;AACtH,UAAM,EAAEQ,eAAeC,SAASC,QAAQC,uBAAuBC,aAAaC,iBAAiBC,SAAQ,IAAKP;AAC1G,UAAMQ,QAAQR,WAAWQ,aAASC,aAAAA,IAAAA;AAClC,UAAMC,QAAQV,WAAWU,SAAST;AAClC,QAAIU;AACJ,UAAMC,SAAS,KAAKf,UAAUgB,eAAeD;AAC7C,UAAME,aAAa,UAAMC,mDAA8BH,QAAQnB,OAAAA;AAC/D,YAAIuB,kDAA6BF,UAAAA,GAAa;AAC5CH,kBAAY;QAAEM,QAAQH,WAAWI;QAAKC,QAAQ;QAAOC,KAAKC,eAAeP,WAAWQ,IAAIC,IAAI;MAAE;IAChG,eAAWC,kDAA6BV,UAAAA,GAAa;AACnD,UAAI,CAACA,WAAWW,QAAQ;AACtB,eAAOC,QAAQC,OAAO,0BAAA;MACxB;AACAhB,kBAAY;QACVc,QAAQX,WAAWW;QACnBG,KAAKd,WAAWc;QAChBT,QAAQ;QACRC,KAAKC,eAAeP,WAAWQ,IAAIC,IAAI;MACzC;IACF,OAAO;AACL,aAAOG,QAAQC,OAAOE,MAAM,qBAAqBf,WAAWK,MAAM,oBAAoB,CAAA;IACxF;AAEA,WAAO,MAAM,KAAK3B,IAAIC,OAAAA,EAASqC,KAAK,CAACC,OACnCA,GAAGhC,8BAA8B;MAC/BiC,SAASC,kBAAkB,KAAKpC,SAAS;MACzCI;MACAC;MACAM;MACAE;MACAP;MACAC;MACAC;MACAC;MACAK;MACAJ;IACF,CAAA,CAAA;EAEJ;EAEA,MAAa2B,2BACXlC,YACAP,SAC+B;AAC/B,UAAM,EAAEQ,eAAeE,QAAQC,uBAAuBC,aAAaC,gBAAe,IAAKN;AACvF,UAAMQ,QAAQR,WAAWQ,aAASC,aAAAA,IAAAA;AAClC,UAAMC,QAAQV,WAAWU,SAAST;AAClC,UAAMW,SAAS,KAAKf,UAAUgB,eAAeD;AAC7C,UAAME,aAAa,UAAMC,mDAA8BH,QAAQnB,OAAAA;AAE/D,QAAIkB;AACJ,YAAIa,kDAA6BV,UAAAA,KAAeA,WAAWW,QAAQ;AACjEd,kBAAY;QACVQ,QAAQL,WAAWK;QACnBC,KAAKC,eAAeP,WAAWQ,IAAIC,IAAI;QACvCK,KAAKd,WAAWc;QAChBH,QAAQX,WAAWW;MACrB;IACF,eAAWT,kDAA6BF,UAAAA,GAAa;AACnDH,kBAAY;QACVQ,QAAQL,WAAWK;QACnBC,KAAKC,eAAeP,WAAWQ,IAAIC,IAAI;QACvCN,QAAQH,WAAWqB;MACrB;IACF,OAAO;AACL,aAAOT,QAAQC,OAAOE,MAAM,qCAAA,CAAA;IAC9B;AAEA,WAAO,MAAM,KAAKrC,IAAIC,OAAAA,EAASqC,KAAK,CAACC,OACnCA,GAAGG,2BAA2B;MAC5BF,SAASC,kBAAkB,KAAKpC,SAAS;MACzCI;MACAO;MACAE;MACAP;MACAC;MACAE;MACAD;MACAM;IACF,CAAA,CAAA;EAEJ;AACF;;;AFxEO,IAAMyB,WAAN,MAAMA,UAAAA;EAlDb,OAkDaA;;;EACMC;EACjB,OAAwBC,oBAAoB;EAC3BC,YAAqC,oBAAIC,IAAAA;EACjDC,SAASA,sBAAOC;EAEhBC,UAAqB;IAC5BC,0BAA0B,KAAKC,8BAA8BC,KAAK,IAAI;IACtEC,+BAA+B,KAAKC,mCAAmCF,KAAK,IAAI;IAChFG,yBAAyB,KAAKC,oBAAoBJ,KAAK,IAAI;IAC3DK,0BAA0B,KAAKC,qBAAqBN,KAAK,IAAI;IAC7DO,4BAA4B,KAAKC,uBAAuBR,KAAK,IAAI;IACjES,qBAAqB,KAAKC,gBAAgBV,KAAK,IAAI;IACnDW,wBAAwB,KAAKA,uBAAuBX,KAAK,IAAI;IAC7DY,uBAAuB,KAAKA,sBAAsBZ,KAAK,IAAI;IAC3Da,oBAAoB,KAAKA,mBAAmBb,KAAK,IAAI;EACvD;EAEA,YAAYT,MAAqB;AAC/B,SAAKA,OAAOA;EACd;EAEOuB,eAAeC,eAA+BC,SAA2B;AAE9E,SAAKzB,KAAK0B,cAAcF;AAExB,QACE,CAAC,KAAKxB,KAAK0B,YAAYC,eAAeC,aAAaC,YACnD,OAAO,KAAK7B,KAAK0B,YAAYC,eAAeC,YAAYC,SAASC,YAAY,YAC7E;AACA,WAAK9B,KAAK0B,YAAYC,eAAeC,cAAc;QACjD,GAAG,KAAK5B,KAAK0B,YAAYC,eAAeC;QACxCC,cAAUE,sCAAiBN,SAAS;UAAEO,uBAAuB;UAAMC,oBAAoB;UAAMC,iBAAiB;QAAK,CAAA;MACrH;IACF;EACF;EAEA,MAAc1B,8BAA8B2B,YAAoCV,SAA4C;AAC1H,WAAO,MAAM,KAAKW,cAChB;MACEC,sBAAsB;MACtBC,qBAAqBH,WAAWG;MAChC,GAAIH,WAAWI,uBAAuB,QAAQ;QAAEC,SAASL,WAAWK;MAAQ;IAC9E,GACAf,OAAAA,EAECgB,KAAK,CAACC,OAAOA,GAAGlC,8BAA8B2B,YAAYV,OAAAA,CAAAA,EAC1DgB,KAAK,CAACE,QAAQA,IAAIC,UAAU;EACjC;EAEA,MAAcjC,mCACZwB,YACAV,SACwC;AACxC,WAAO,MAAM,KAAKW,cAAc;MAAEC,sBAAsB;MAAMG,SAASL,WAAWK;IAAQ,GAAGf,OAAAA,EAC1FgB,KAAK,CAACC,OAAOA,GAAGG,2BAA2BV,YAAYV,OAAAA,CAAAA,EACvDgB,KAAK,OAAOK,YAAAA;AACX,YAAMC,cAA6C;QACjDC,sBAAsBF,QAAQG;QAC9BC,eAAe,MAAMJ,QAAQK,iBAAgB;QAC7CC,sBAAsBN,QAAQI,eAAeG,WAAAA;MAC/C;AACA,aAAON;IACT,CAAA;EACJ;EAEA,MAAclC,oBAAoByC,MAAgC7B,SAA2E;AAC3I,WAAO,MAAM,KAAKW,cAAc;MAAEC,sBAAsB;MAAOG,SAASc,KAAKd;IAAQ,GAAGf,OAAAA,EAASgB,KAAK,CAACC,OACrGA,GAAGa,IAAI9B,OAAAA,EAASgB,KAAK,CAACC,QACpBA,IAAGc,eAAeC,+BAA+BH,KAAKI,eAAeJ,KAAKK,eAAe,CAAA,CAAA;EAG/F;EAEA,MAAc5C,qBACZuC,MACA7B,SACiE;AACjE,UAAMmC,aAAyB,MAAM,KAAKxB,cAAc;MAAEC,sBAAsB;MAAOG,SAASc,KAAKd;IAAQ,GAAGf,OAAAA;AAChH,UAAMoC,6BAAqE,MAAMD,WAC9EL,IAAI9B,OAAAA,EACJgB,KAAK,CAACC,OAAOA,GAAGc,eAAeM,gCAAgCR,KAAKI,eAAeJ,KAAKK,eAAe,CAAA;AAC1G,QAAIE,+BAA+BE,QAAW;AAC5C,aAAOA;IACT;AAEA,UAAMC,gBAAgBH;AACtB,QAAIG,cAAcC,WAAWC,uDAAiCC,UAAU;AACtE,UAAIC;AACJ,UACEC,mCAAiBC,eAAeN,cAAcO,SAAStB,QAAQuB,QAAQ,MACtE,CAACZ,WAAWa,UAAUC,gBAAgBN,UAAU,OAAOR,WAAWa,UAAUC,gBAAgBN,WAAW,aACxG;AACAA,iBAASO,gBAAAA;MACX;AAGA,YAAMC,UAAUZ,cAAcO,SAAStB,QAAQuB,YAAYK,KAAKC,MAAMd,cAAcO,SAAStB,QAAQuB,QAAQ;AAC7G,YAAMO,SAAS,CAAA;AACf,iBAAW,CAACC,KAAKC,KAAAA,KAAUC,OAAOC,QAAQP,OAAAA,GAAU;AAElD,cAAMQ,sBAAsBf,mCAAiBgB;UAC3CJ;;UAEAb;QAAAA;AAEFkB,gBAAQC,IAAI,wBAAwBV,KAAKW,UAAUJ,mBAAAA,CAAAA,EAAsB;AAEzE,cAAMK,YAA8B,CAAC;AACrC,cAAMC,uBAAuB,KAAKC,yBAAyBP,mBAAAA;AAC3D,YAAI,0BAA0BM,sBAAsB;AAClD,qBAAWE,cAAcF,qBAAqBG,sBAAsB;AAClE,kBAAMC,KAAKF;AACX,kBAAMG,yBAAyB,MAAMtE,QAAQuE,MAAMC,eAAe;cAChEL;cACAxB;cACA8B,kBAAkBtC,WAAWa,UAAU0B,sBAAsBC;YAC/D,CAAA;AACA,gBAAI,CAACL,uBAAuBM,QAAQ;AAClCrC,4BAAcC,SAASC,uDAAiCoC;AACxDtC,4BAAcuC,QAAQ,IAAIC,MAAMT,uBAAuBQ,KAAK;AAC5D,qBAAOvC;YACT;AAEA,kBAAMyC,oBAAoBX,GAAGW;AAC7B,gBAAI,EAAE,QAAQhB,YAAY;AACxBA,wBAAU,IAAA,IAAQgB,kBAAkBC;YACtC;AAEAxB,mBAAOC,QAAQsB,iBAAAA,EAAmBE,QAAQ,CAAC,CAAC3B,MAAKC,MAAAA,MAAM;AACrD,kBAAI,EAAED,QAAOS,YAAY;AACvBA,0BAAUT,IAAAA,IAAOC;cACnB;YACF,CAAA;AAEAF,mBAAO6B,KAAK;cACVF,IAAI1B;cACJ6B,MAAMf,GAAGe,KAAK,CAAA;cACd9B,QAAQU;YACV,CAAA;UACF;QACF,OAAO;AACLV,iBAAO6B,KAAK;YACVF,IAAI1B;YACJ6B,MAAOzB,oBAAyD0B,eAAeC;YAC/EhC,QAAQW;UACV,CAAA;QACF;MACF;AAEA1B,oBAAcgD,eAAe;QAC3B,GAAIhD,cAAcO,SAAStB,QAAQuB,YAAY;UAC7CyC,wBAAwB;YACtBzC,UAAU,OAAOR,cAAcO,SAAStB,QAAQuB,aAAa,WACvDK,KAAKC,MAAMd,cAAcO,SAAStB,QAAQuB,QAAQ,IAClDR,cAAcO,SAAStB,QAAQuB;UACvC;QACF;QACA,GAAIO,OAAOmC,SAAS,KAAK;UAAEC,mBAAmBpC;QAAO;MACvD;IACF;AAEA,WAAOf;EACT;EAEQ2B,2BAA2B,wBACjCP,wBAAAA;AAOA,WAAOf,mCAAiB+C,yBAAyBhC,mBAAAA,IAC7CA,oBAAoB0B,iBACpBzC,mCAAiBgD,sBAAsBjC,mBAAAA;EAC7C,GAXmC;EAanC,MAAcnE,uBAAuBqC,MAA+B7B,SAA+D;AACjI,QAAI6B,KAAKgE,UAAU,iCAAiC;AAClD,YAAMd,MAAM,wFAAwF;IACtG;AACA,WAAO,MAAM,KAAKpE,cAAc;MAAEC,sBAAsB;MAAOG,SAASc,KAAKd;IAAQ,GAAGf,OAAAA,EAErFgB,KAAK,CAACC,OACLA,GAAGa,IAAI9B,OAAAA,EAASgB,KAAK,OAAOC,QAAAA;AAC1B,YAAMA,IAAG6E,2BAA2B;QAClC7D,eAAeJ,KAAKI;QACpB6C,OAAOjD,KAAKiD,QAAQ,IAAIC,MAAMlD,KAAKiD,KAAK,IAAIxC;MAC9C,CAAA;AACA,aAAQ,MAAMrB,IAAGc,eAAeC,+BAA+BH,KAAKI,eAAe,IAAA;IACrF,CAAA,CAAA;EAEN;EAEA,MAAcvC,gBAAgBmC,MAAiC7B,SAA6C;AAC1G,WAAO,MAAM,KAAKW,cAAc;MAAEC,sBAAsB;MAAOG,SAASc,KAAKd;IAAQ,GAAGf,OAAAA,EACrFgB,KAAK,CAACC,OAAOA,GAAGa,IAAI9B,OAAAA,EAASgB,KAAK,CAACC,QAAOA,IAAGc,eAAegE,4BAA4BlE,KAAKI,aAAa,CAAA,CAAA,EAC1GjB,KAAK,MAAM,IAAA;EAChB;EAEA,MAAcrB,uBAAuBkC,MAAoC7B,SAAmE;AAC1I,QAAI,CAAC6B,KAAKmE,uBAAuB;AAC/B,YAAMjB,MAAM,2CAAA;IACd;AACA,UAAMkB,eACJ,OAAOpE,KAAKmE,0BAA0B,eACjCE,uCAAgBrE,KAAKmE,qBAAqB,IAC3CnE,KAAKmE;AACX,WAAO,MAAM,KAAKrF,cAAc;MAAEC,sBAAsB;MAAOG,SAASc,KAAKd;IAAQ,GAAGf,OAAAA,EAASgB,KAAK,CAACC,OACrGA,GAAGa,IAAI9B,OAAAA,EAASgB,KAAK,CAACC,QACpBA,IAAGkF,4BAA4BF,cAAc;MAC3ChE,eAAeJ,KAAKI;MAClB,GAAIJ,KAAKuE,aAAa;QAAEA,WAAWvE,KAAKuE;MAAU;MAClDC,UAAUxE,KAAKwE;IACnB,CAAA,CAAA,CAAA;EAGN;EAEA,MAAczG,sBAAsBiC,MAA6B7B,SAA0C;AACzG,UAAM,EAAEsG,aAAaC,UAAUC,SAASC,mBAAkB,IAAK5E;AAC/D,UAAM6E,QAAQC,IACZL,YAAYM,IAAI,OAAOC,eAAAA;AACrBC,4BAAUC,SAASF,WAAWG,KAAK;AACnCnD,cAAQC,IAAI,8BAA8B+C,WAAW9F,OAAO,4BAA4B0F,kBAAAA,EAAoB;AAE5G,aAAOzG,QAAQuE,MAAM0C,qBAAqB;QACxCC,gBAAgB;UACdnG,SAAS8F,WAAW9F;UACpBwF;UACAC;UACAQ,OAAOH,WAAWG;QACpB;QACAzI,MAAM;UAAEkI;QAAuC;MACjD,CAAA;IACF,CAAA,CAAA;EAEJ;EAEA,MAAc5G,mBAAmBgC,MAA2B7B,SAAwD;AAClH,UAAMmH,aAAatF,KAAKd,WAAWzC,UAASE;AAC5C,QAAI,KAAKC,UAAU2I,IAAID,UAAAA,GAAa;AAClC,YAAMhF,aAAa,KAAK1D,UAAUqD,IAAIqF,UAAAA;AACtC,UAAIhF,eAAeG,QAAW;AAC5B,cAAMrB,KAAK,MAAMkB,WAAWL,IAAI9B,OAAAA;AAChC,eAAOiB,GAAGoG,uBAAuB;UAC/BC,gBAAgBzF,KAAKI;UACrBA,eAAeJ,KAAKI;UACpB,GAAIJ,KAAKgE,SAAS;YAAEA,OAAOhE,KAAKgE;UAAM;QACxC,CAAA;MACF;IACF;AACA,WAAOvD;EACT;EAEA,MAAM3B,cAAc,EAAEC,sBAAsBG,SAASF,oBAAmB,GAAyBb,SAAgD;AAC/I,QAAIuH,eAAuBjJ,UAASE;AACpC,QAAI2D;AACJ,QAAIpB,SAAS;AACX,UAAI,KAAKtC,UAAU2I,IAAIrG,OAAAA,GAAU;AAC/BwG,uBAAexG;AACfoB,qBAAa,KAAK1D,UAAUqD,IAAIyF,YAAAA;MAClC,eAAWC,aAAAA,UAAYzG,OAAAA,GAAU;AAC/B,YAAI;AAEF,gBAAM0G,KAAK,MAAMzH,QAAQuE,MAAMmD,iBAAiB;YAAEC,QAAQ5G;UAAQ,CAAA;AAClE,cAAI,KAAKtC,UAAU2I,IAAIK,GAAG1G,OAAO,GAAG;AAClCwG,2BAAeE,GAAG1G;AAClBoB,yBAAa,KAAK1D,UAAUqD,IAAIyF,YAAAA;UAClC;QACF,SAASK,QAAQ;QAAC;MACpB;AACA,UAAIhH,sBAAsB;AACxB2G,uBAAexG;MACjB,OAAO;AACLoB,qBAAa,KAAK1D,UAAUqD,IAAIyF,YAAAA;MAClC;IACF,OAAO;AACLpF,mBAAa,KAAK1D,UAAUqD,IAAIyF,YAAAA;IAClC;AAEA,QAAI,CAACpF,YAAY;AACf,UAAI,CAACvB,sBAAsB;AACzB,eAAO8F,QAAQmB,OAAO,gCAAgCN,YAAAA,EAAc;MACtE;AACA,YAAMO,eAAe,KAAKC,gBAAgBhH,OAAAA;AAC1C,YAAMiH,SAAS,MAAM,KAAKC,aAAajI,SAAS;QAAEe;QAASF;MAAyC,CAAA;AACpG,UAAI,CAACmH,OAAO9H,eAAeC,aAAaC,YAAY,OAAO4H,OAAO9H,eAAeC,YAAYC,SAASC,YAAY,YAAY;AAC5H,YAAI,CAAC2H,OAAO9H,gBAAgBC,aAAa;AACvC6H,iBAAO9H,iBAAiB;YAAE,GAAG8H,OAAO9H;UAAe;AACnD8H,iBAAO9H,eAAeC,cAAc;YAAE,GAAG6H,OAAO9H,eAAeC;UAAY;QAC7E;AACA0D,gBAAQC,IAAI,iEAAiE/C,OAAAA;AAC7EiH,eAAO9H,eAAeC,YAAYC,eAAWE,sCAAiBN,SAAS;UACrEO,uBAAuB;UACvBE,iBAAiB;UACjBD,oBAAoB;QACtB,CAAA;MACF;AACA2B,mBAAa,IAAI+F,WAAW;QAAEF;QAAQG,SAASL;MAAa,CAAA;AAC5D,WAAKrJ,UAAU2J,IAAIb,cAAcpF,UAAAA;IACnC;AACA,QAAItB,qBAAqB;AACvBsB,iBAAWa,UAAUqF,sBAAsBxH;IAC7C;AACA,WAAOsB;EACT;EAEA,MAAM8F,aAAajI,SAA2BzB,MAA+E;AAC3H,UAAM,EAAEwC,SAASF,oBAAwC,IAAKtC;AAC9D,UAAM+J,UAAU,KAAKP,gBAAgBhH,OAAAA,GAAUiH,UAAU,KAAKzJ,KAAK0B;AACnE,QAAI,CAACqI,SAAS;AACZ,YAAMvD,MAAM,6DAA6DhE,OAAAA,EAAS;IACpF;AACA,QAAI,KAAKxC,KAAK0B,aAAa;AACzB,UAAI,CAACqI,QAAQpI,gBAAgB;AAC3BoI,gBAAQpI,iBAAiB,KAAK3B,KAAK0B,aAAaC;MAClD,OAAO;AACL,YAAI,CAACoI,QAAQpI,eAAeqI,QAAQ;AAClCD,kBAAQpI,eAAeqI,SAAS,KAAKhK,KAAK0B,YAAYC,eAAeqI;QACvE;AACA,YAAI,CAACD,QAAQpI,eAAesI,qBAAqB;AAC/CF,kBAAQpI,eAAesI,sBAAsB,KAAKjK,KAAK0B,YAAYC,eAAesI;QACpF;AACA,YAAI,CAACF,QAAQG,mBAAmB;AAC9BH,kBAAQG,oBAAoB,KAAKlK,KAAK0B,YAAYwI;QACpD;MACF;AACA,UAAI,CAACH,QAAQpI,eAAeC,eAAe,OAAOmI,QAAQpI,eAAeC,YAAYC,UAAUC,YAAY,YAAY;AACrHiI,gBAAQpI,eAAeC,cAAc;UACnC,GAAG,KAAK5B,KAAK0B,YAAYC,eAAeC;UACxCC,UACE,KAAK7B,KAAK0B,YAAYC,gBAAgBC,aAAaC,gBACnDE,sCAAiBN,SAAS;YAAES,iBAAiB;YAAMD,oBAAoB;YAAMD,uBAAuB;UAAK,CAAA;QAC7G;MACF;IACF;AACA,QAAIM,wBAAwByB,UAAazB,wBAAwByH,QAAQD,qBAAqB;AAC5FC,cAAQD,sBAAsBxH;IAChC;AACA,WAAOyH;EACT;EAEAP,gBAAgBhH,SAAmD;AACjE,QAAI,CAAC,KAAKxC,KAAKuJ,aAAc,QAAOxF;AAEpC,UAAMoG,cAAc3H,UAAU,KAAKxC,KAAKuJ,aAAaa,KAAK,CAACC,MAAMA,EAAE7H,YAAYA,OAAAA,IAAWuB;AAE1F,WAAOoG,eAAe,KAAKG,kBAAkB9H,OAAAA;EAC/C;EAEQ8H,kBAAkB9H,SAA6B;AACrD,QAAI,CAAC,KAAKxC,KAAKuJ,aAAc,QAAOxF;AAEpC,UAAMwG,iBAAiB,KAAKvK,KAAKuJ,aAAaa,KAAK,CAACC,MAAMA,EAAE7H,YAAY,SAAA;AACxE,QAAI+H,gBAAgB;AAClB,YAAMC,gBAAgB;QAAE,GAAGD;MAAe;AAC1C,UAAI/H,YAAYuB,QAAW;AACzByG,sBAAchI,UAAUA;MAC1B;AACA,aAAOgI;IACT;AAEA,WAAOzG;EACT;AACF;","names":["import_did_auth_siop","import_ssi_sdk_ext","import_ssi_sdk","import_uuid","import_ssi_types","import_ssi_sdk_ext","getRequestVersion","rpOptions","Array","isArray","supportedVersions","length","SupportedVersion","OID4VP_v1","getWellKnownDIDVerifyCallback","siopIdentifierOpts","context","wellknownDIDVerifyCallback","args","result","agent","cvVerifyCredential","credential","fetchRemoteContexts","verified","getDcqlQueryLookupCallback","dcqlQueryLookup","queryId","version","tenantId","pdmGetDefinitions","filter","isValidUUID","id","query","Promise","reject","Error","getPresentationVerificationCallback","idOpts","presentationVerificationCallback","presentationSubmission","CredentialMapper","isSdJwtEncoded","verifySdJwtPresentation","presentation","payload","isMsoMdocOid4VPEncoded","mdocOid4vpRPVerify","undefined","verifyResult","vp_token","presentation_submission","error","verifyPresentation","domain","identifierManagedGet","kid","split","createRPBuilder","rpOpts","identifierOpts","didMethods","supportedDIDMethods","getAgentDIDMethods","eventEmitter","EventEmitter","defaultClientMetadata","idTokenSigningAlgValuesSupported","SigningAlgo","EDDSA","ES256","ES256K","requestObjectSigningAlgValuesSupported","responseTypesSupported","ResponseType","ID_TOKEN","client_name","vpFormatsSupported","jwt_vc","alg","jwt_vp","scopesSupported","Scope","OPENID_DIDAUTHN","subjectTypesSupported","SubjectType","PAIRWISE","subject_syntax_types_supported","map","method","passBy","PassBy","VALUE","resolver","resolveOpts","getAgentResolver","resolverResolution","localResolution","uniresolverResolution","noUniversalResolverFallback","hasher","credentialOpts","defaultHasher","builder","RP","requestVersion","withScope","PropertyTarget","REQUEST_OBJECT","withResponseMode","responseMode","ResponseMode","POST","withResponseType","VP_TOKEN","withSupportedVersions","SIOPv2_OID4VP_D28","withEventEmitter","withSessionManager","sessionManager","InMemoryRPSessionManager","withClientMetadata","clientMetadataOpts","withVerifyJwtCallback","verifyJwtCallback","getVerifyJwtCallback","verifyOpts","checkLinkedDomain","withDcqlQueryLookup","withRevocationVerification","RevocationVerification","NEVER","withPresentationVerification","oidfOpts","isExternalIdentifierOIDFEntityIdOpts","withEntityId","identifier","resolution","clientId","client_id","issuer","isManagedIdentifierDidResult","did","jwkThumbprint","clientIdPrefixed","prefixClientId","withClientId","withHasher","responseRedirectUri","withResponseRedirectUri","createJwtCallback","signCallback","withCreateJwtCallback","jwtIssuer","jwt","isManagedIdentifierDidOpts","isManagedIdentifierX5cOpts","jwtCreateJwsCompactSignature","kmsKeyRef","noIdentifierInHeader","protectedHeader","header","_opts","_jwtVerifier","jwtVerifyJwsSignature","jws","raw","console","log","message","getSigningAlgo","type","SigningAlgo","EDDSA","ES256K","ES256","RS256","Error","prefixClientId","clientId","startsWith","ClientIdentifierPrefix","DECENTRALIZED_IDENTIFIER","import_uuid","import_ssi_sdk_ext","RPInstance","_rp","_presentationOptions","_rpOptions","rpOpts","pexOpts","get","context","builder","createRPBuilder","build","rpOptions","presentationOptions","createAuthorizationRequestURI","createArgs","correlationId","queryId","claims","requestByReferenceURI","responseURI","responseURIType","callback","nonce","uuidv4","state","jwtIssuer","idOpts","identifierOpts","resolution","ensureManagedIdentifierResult","isManagedIdentifierDidResult","didUrl","kid","method","alg","getSigningAlgo","key","type","isManagedIdentifierX5cResult","issuer","Promise","reject","x5c","Error","then","rp","version","getRequestVersion","createAuthorizationRequest","did","SIOPv2RP","opts","_DEFAULT_OPTS_KEY","instances","Map","schema","IDidAuthSiopOpAuthenticator","methods","siopCreateAuthRequestURI","createAuthorizationRequestURI","bind","siopCreateAuthRequestPayloads","createAuthorizationRequestPayloads","siopGetAuthRequestState","siopGetRequestState","siopGetAuthResponseState","siopGetResponseState","siopUpdateAuthRequestState","siopUpdateRequestState","siopDeleteAuthState","siopDeleteState","siopVerifyAuthResponse","siopImportDefinitions","siopGetRedirectURI","setDefaultOpts","rpDefaultOpts","context","defaultOpts","identifierOpts","resolveOpts","resolver","resolve","getAgentResolver","uniresolverResolution","resolverResolution","localResolution","createArgs","getRPInstance","createWhenNotPresent","responseRedirectURI","useQueryIdInstance","queryId","then","rp","URI","encodedUri","createAuthorizationRequest","request","authRequest","authorizationRequest","payload","requestObject","requestObjectJwt","requestObjectDecoded","getPayload","args","get","sessionManager","getRequestStateByCorrelationId","correlationId","errorOnNotFound","rpInstance","authorizationResponseState","getResponseStateByCorrelationId","undefined","responseState","status","AuthorizationResponseStateStatus","VERIFIED","hasher","CredentialMapper","isSdJwtEncoded","response","vp_token","rpOptions","credentialOpts","defaultHasher","vpToken","JSON","parse","claims","key","value","Object","entries","presentationDecoded","decodeVerifiablePresentation","console","log","stringify","allClaims","presentationOrClaims","presentationOrClaimsFrom","credential","verifiableCredential","vc","schemaValidationResult","agent","cvVerifySchema","validationPolicy","verificationPolicies","schemaValidation","result","ERROR","error","Error","credentialSubject","id","forEach","push","type","decodedPayload","vct","verifiedData","authorization_response","length","credential_claims","isSdJwtDecodedCredential","toUniformPresentation","state","signalAuthRequestRetrieved","deleteStateForCorrelationId","authorizationResponse","authResponse","decodeUriAsJson","verifyAuthorizationResponse","dcqlQuery","audience","importItems","tenantId","version","versionControlMode","Promise","all","map","importItem","DcqlQuery","validate","query","pdmPersistDefinition","definitionItem","instanceId","has","getResponseRedirectUri","correlation_id","rpInstanceId","isValidUUID","pd","pdmGetDefinition","itemId","ignore","reject","instanceOpts","getInstanceOpts","rpOpts","getRPOptions","RPInstance","pexOpts","set","responseRedirectUri","options","idOpts","supportedDIDMethods","supportedVersions","instanceOpt","find","i","getDefaultOptions","defaultOptions","clonedOptions"]}
package/dist/index.js CHANGED
@@ -336,7 +336,7 @@ var plugin_schema_default = {
336
336
  import { AuthorizationResponseStateStatus, decodeUriAsJson } from "@sphereon/did-auth-siop";
337
337
  import { getAgentResolver as getAgentResolver2 } from "@sphereon/ssi-sdk-ext.did-utils";
338
338
  import { shaHasher as defaultHasher2 } from "@sphereon/ssi-sdk.core";
339
- import { validate as isValidUUID } from "uuid";
339
+ import { validate as isValidUUID2 } from "uuid";
340
340
  import { CredentialMapper as CredentialMapper2 } from "@sphereon/ssi-types";
341
341
  import { DcqlQuery } from "dcql";
342
342
 
@@ -347,6 +347,7 @@ import { getAgentDIDMethods, getAgentResolver } from "@sphereon/ssi-sdk-ext.did-
347
347
  import { isExternalIdentifierOIDFEntityIdOpts, isManagedIdentifierDidOpts, isManagedIdentifierDidResult, isManagedIdentifierX5cOpts } from "@sphereon/ssi-sdk-ext.identifier-resolution";
348
348
  import { CredentialMapper } from "@sphereon/ssi-types";
349
349
  import { EventEmitter } from "events";
350
+ import { validate as isValidUUID } from "uuid";
350
351
  import { defaultHasher } from "@sphereon/ssi-sdk.core";
351
352
  function getRequestVersion(rpOptions) {
352
353
  if (Array.isArray(rpOptions.supportedVersions) && rpOptions.supportedVersions.length > 0) {
@@ -380,9 +381,11 @@ function getDcqlQueryLookupCallback(context) {
380
381
  version
381
382
  }
382
383
  },
383
- {
384
- id: queryId
385
- }
384
+ ...isValidUUID(queryId) ? [
385
+ {
386
+ id: queryId
387
+ }
388
+ ] : []
386
389
  ]
387
390
  });
388
391
  if (result && result.length > 0) {
@@ -902,7 +905,7 @@ var SIOPv2RP = class _SIOPv2RP {
902
905
  if (this.instances.has(queryId)) {
903
906
  rpInstanceId = queryId;
904
907
  rpInstance = this.instances.get(rpInstanceId);
905
- } else if (isValidUUID(queryId)) {
908
+ } else if (isValidUUID2(queryId)) {
906
909
  try {
907
910
  const pd = await context.agent.pdmGetDefinition({
908
911
  itemId: queryId
package/dist/index.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"sources":["../plugin.schema.json","../src/agent/SIOPv2RP.ts","../src/functions.ts","../src/RPInstance.ts"],"sourcesContent":["{\n \"IDidAuthSiopOpAuthenticator\": {\n \"components\": {\n \"schemas\": {\n \"IGetSiopSessionArgs\": {\n \"type\": \"object\",\n \"properties\": {\n \"sessionId\": {\n \"type\": \"string\"\n },\n \"additionalProperties\": false\n },\n \"required\": [\"sessionId\"],\n \"description\": \"Arguments needed for {@link DidAuthSiopOpAuthenticator.getSessionForSiop } \"\n },\n \"IRegisterSiopSessionArgs\": {\n \"type\": \"object\",\n \"properties\": {\n \"identifier\": {\n \"type\": \"object\",\n \"properties\": {\n \"did\": {\n \"type\": \"string\"\n },\n \"alias\": {\n \"type\": \"string\"\n },\n \"provider\": {\n \"type\": \"string\"\n },\n \"controllerKeyId\": {\n \"type\": \"string\"\n },\n \"keys\": {\n \"type\": \"array\",\n \"items\": {\n \"type\": \"object\",\n \"properties\": {\n \"additionalProperties\": true\n }\n }\n },\n \"services\": {\n \"type\": \"array\",\n \"items\": {\n \"type\": \"object\",\n \"properties\": {\n \"additionalProperties\": true\n }\n }\n }\n },\n \"additionalProperties\": false,\n \"required\": [\"did\", \"provider\", \"keys\", \"services\"]\n },\n \"sessionId\": {\n \"type\": \"string\"\n },\n \"expiresIn\": {\n \"type\": \"number\"\n },\n \"additionalProperties\": false\n },\n \"required\": [\"identifier\"],\n \"description\": \"Arguments needed for {@link DidAuthSiopOpAuthenticator.registerSessionForSiop } \"\n },\n \"IRemoveSiopSessionArgs\": {\n \"type\": \"object\",\n \"properties\": {\n \"sessionId\": {\n \"type\": \"string\"\n },\n \"additionalProperties\": false\n },\n \"required\": [\"sessionId\"],\n \"description\": \"Arguments needed for {@link DidAuthSiopOpAuthenticator.removeSessionForSiop } \"\n },\n \"IAuthenticateWithSiopArgs\": {\n \"type\": \"object\",\n \"properties\": {\n \"sessionId\": {\n \"type\": \"string\"\n },\n \"stateId\": {\n \"type\": \"string\"\n },\n \"redirectUrl\": {\n \"type\": \"string\"\n },\n \"additionalProperties\": false\n },\n \"required\": [\"sessionId\", \"stateId\", \"redirectUrl\"],\n \"description\": \"Arguments needed for {@link DidAuthSiopOpAuthenticator.authenticateWithSiop } \"\n },\n \"IResponse\": {\n \"type\": \"object\",\n \"properties\": {\n \"status\": {\n \"type\": \"number\"\n },\n \"additionalProperties\": true\n },\n \"required\": [\"status\"],\n \"description\": \"Result of {@link DidAuthSiopOpAuthenticator.authenticateWithSiop & DidAuthSiopOpAuthenticator.sendSiopAuthenticationResponse } \"\n },\n \"IGetSiopAuthenticationRequestFromRpArgs\": {\n \"type\": \"object\",\n \"properties\": {\n \"sessionId\": {\n \"type\": \"string\"\n },\n \"stateId\": {\n \"type\": \"string\"\n },\n \"redirectUrl\": {\n \"type\": \"string\"\n },\n \"additionalProperties\": false\n },\n \"required\": [\"sessionId\", \"stateId\", \"redirectUrl\"],\n \"description\": \"Arguments needed for {@link DidAuthSiopOpAuthenticator.getSiopAuthenticationRequestFromRP } \"\n },\n \"ParsedAuthenticationRequestURI\": {\n \"type\": \"object\",\n \"properties\": {\n \"jwt\": {\n \"type\": \"string\"\n },\n \"requestPayload\": {\n \"type\": \"object\",\n \"properties\": {\n \"additionalProperties\": true\n }\n },\n \"registration\": {\n \"type\": \"object\",\n \"properties\": {\n \"additionalProperties\": true\n }\n },\n \"additionalProperties\": false\n },\n \"required\": [\"jwt\", \"requestPayload\", \"registration\"],\n \"description\": \"Result of {@link DidAuthSiopOpAuthenticator.getSiopAuthenticationRequestFromRP } \"\n },\n \"IGetSiopAuthenticationRequestDetailsArgs\": {\n \"type\": \"object\",\n \"properties\": {\n \"sessionId\": {\n \"type\": \"string\"\n },\n \"verifiedAuthenticationRequest\": {\n \"type\": \"object\",\n \"properties\": {\n \"additionalProperties\": true\n }\n },\n \"credentialFilter\": {\n \"type\": \"object\",\n \"properties\": {\n \"additionalProperties\": true\n }\n },\n \"additionalProperties\": false\n },\n \"required\": [\"sessionId\", \"verifiedAuthenticationRequest\"],\n \"description\": \"Arguments needed for {@link DidAuthSiopOpAuthenticator.getSiopAuthenticationRequestDetails } \"\n },\n \"IAuthRequestDetails\": {\n \"type\": \"object\",\n \"properties\": {\n \"id\": {\n \"type\": \"string\"\n },\n \"alsoKnownAs\": {\n \"type\": \"array\",\n \"items\": {\n \"type\": \"string\"\n }\n },\n \"vpResponseOpts\": {\n \"type\": \"object\",\n \"properties\": {\n \"additionalProperties\": true\n }\n },\n \"additionalProperties\": false\n },\n \"required\": [\"id\", \"vpResponseOpts\"],\n \"description\": \"Result of {@link DidAuthSiopOpAuthenticator.getSiopAuthenticationRequestDetails } \"\n },\n \"IVerifySiopAuthenticationRequestUriArgs\": {\n \"type\": \"object\",\n \"properties\": {\n \"sessionId\": {\n \"type\": \"string\"\n },\n \"ParsedAuthenticationRequestURI\": {\n \"type\": \"object\",\n \"properties\": {\n \"additionalProperties\": true\n }\n },\n \"additionalProperties\": false\n },\n \"required\": [\"sessionId\", \"ParsedAuthenticationRequestURI\"],\n \"description\": \"Arguments needed for {@link DidAuthSiopOpAuthenticator.verifySiopAuthenticationRequestURI } \"\n },\n \"VerifiedAuthorizationRequest\": {\n \"type\": \"object\",\n \"properties\": {\n \"payload\": {\n \"type\": \"object\",\n \"properties\": {\n \"additionalProperties\": true\n }\n },\n \"presentationDefinitions\": {\n \"type\": \"object\",\n \"properties\": {\n \"additionalProperties\": true\n }\n },\n \"verifyOpts\": {\n \"type\": \"object\",\n \"properties\": {\n \"additionalProperties\": true\n }\n },\n \"additionalProperties\": false\n },\n \"required\": [\"payload\", \"verifyOpts\"],\n \"description\": \"Result of {@link DidAuthSiopOpAuthenticator.verifySiopAuthenticationRequestURI } \"\n },\n \"ISendSiopAuthenticationResponseArgs\": {\n \"type\": \"object\",\n \"properties\": {\n \"sessionId\": {\n \"type\": \"string\"\n },\n \"verifiedAuthenticationRequest\": {\n \"type\": \"object\",\n \"properties\": {\n \"additionalProperties\": true\n }\n },\n \"verifiablePresentationResponse\": {\n \"type\": \"object\",\n \"properties\": {\n \"additionalProperties\": true\n }\n },\n \"additionalProperties\": false\n },\n \"required\": [\"sessionId\", \"verifiedAuthenticationRequest\"],\n \"description\": \"Arguments needed for {@link DidAuthSiopOpAuthenticator.sendSiopAuthenticationResponse } \"\n }\n },\n \"methods\": {\n \"getSessionForSiop\": {\n \"description\": \"Get SIOP session\",\n \"arguments\": {\n \"$ref\": \"#/components/schemas/IGetSiopSessionArgs\"\n },\n \"returnType\": \"object\"\n },\n \"registerSessionForSiop\": {\n \"description\": \"Register SIOP session\",\n \"arguments\": {\n \"$ref\": \"#/components/schemas/IRegisterSiopSessionArgs\"\n },\n \"returnType\": \"object\"\n },\n \"removeSessionForSiop\": {\n \"description\": \"Remove SIOP session\",\n \"arguments\": {\n \"$ref\": \"#/components/schemas/IRemoveSiopSessionArgs\"\n },\n \"returnType\": \"boolean\"\n },\n \"authenticateWithSiop\": {\n \"description\": \"Authenticate using DID Auth SIOP\",\n \"arguments\": {\n \"$ref\": \"#/components/schemas/IAuthenticateWithSiopArgs\"\n },\n \"returnType\": {\n \"$ref\": \"#/components/schemas/Response\"\n }\n },\n \"getSiopAuthenticationRequestFromRP\": {\n \"description\": \"Get authentication request from RP\",\n \"arguments\": {\n \"$ref\": \"#/components/schemas/IGetSiopAuthenticationRequestFromRpArgs\"\n },\n \"returnType\": {\n \"$ref\": \"#/components/schemas/ParsedAuthenticationRequestURI\"\n }\n },\n \"getSiopAuthenticationRequestDetails\": {\n \"description\": \"Get authentication request details\",\n \"arguments\": {\n \"$ref\": \"#/components/schemas/IGetSiopAuthenticationRequestDetailsArgs\"\n },\n \"returnType\": {\n \"$ref\": \"#/components/schemas/IAuthRequestDetails\"\n }\n },\n \"verifySiopAuthenticationRequestURI\": {\n \"description\": \"Verify authentication request URI\",\n \"arguments\": {\n \"$ref\": \"#/components/schemas/IVerifySiopAuthenticationRequestUriArgs\"\n },\n \"returnType\": {\n \"$ref\": \"#/components/schemas/VerifiedAuthorizationRequest\"\n }\n },\n \"sendSiopAuthenticationResponse\": {\n \"description\": \"Send authentication response\",\n \"arguments\": {\n \"$ref\": \"#/components/schemas/ISendSiopAuthenticationResponseArgs\"\n },\n \"returnType\": {\n \"$ref\": \"#/components/schemas/IRequiredContext\"\n }\n }\n }\n }\n }\n}\n","import {\n AuthorizationRequestState,\n AuthorizationResponsePayload,\n AuthorizationResponseState,\n AuthorizationResponseStateStatus,\n AuthorizationResponseStateWithVerifiedData,\n decodeUriAsJson,\n EncodedDcqlPresentationVpToken,\n VerifiedAuthorizationResponse\n} from '@sphereon/did-auth-siop'\nimport { getAgentResolver } from '@sphereon/ssi-sdk-ext.did-utils'\nimport { shaHasher as defaultHasher } from '@sphereon/ssi-sdk.core'\nimport { validate as isValidUUID } from 'uuid'\nimport type { ImportDcqlQueryItem } from '@sphereon/ssi-sdk.pd-manager'\nimport {\n AdditionalClaims,\n CredentialMapper,\n HasherSync,\n ICredentialSubject,\n IPresentation,\n IVerifiableCredential,\n IVerifiablePresentation,\n JwtDecodedVerifiablePresentation,\n MdocDeviceResponse,\n MdocOid4vpMdocVpToken,\n OriginalVerifiablePresentation,\n SdJwtDecodedVerifiableCredential\n} from '@sphereon/ssi-types'\nimport { IAgentPlugin } from '@veramo/core'\nimport { DcqlQuery } from 'dcql'\nimport {\n IAuthorizationRequestPayloads,\n ICreateAuthRequestArgs,\n IGetAuthRequestStateArgs,\n IGetAuthResponseStateArgs,\n IGetRedirectUriArgs,\n ImportDefinitionsArgs,\n IPEXInstanceOptions,\n IRequiredContext,\n IRPDefaultOpts,\n IRPOptions,\n ISiopRPInstanceArgs,\n ISiopv2RPOpts,\n IUpdateRequestStateArgs,\n IVerifyAuthResponseStateArgs,\n schema\n} from '../index'\nimport { RPInstance } from '../RPInstance'\nimport { ISIOPv2RP } from '../types/ISIOPv2RP'\n\nexport class SIOPv2RP implements IAgentPlugin {\n private readonly opts: ISiopv2RPOpts\n private static readonly _DEFAULT_OPTS_KEY = '_default'\n private readonly instances: Map<string, RPInstance> = new Map()\n readonly schema = schema.IDidAuthSiopOpAuthenticator\n\n readonly methods: ISIOPv2RP = {\n siopCreateAuthRequestURI: this.createAuthorizationRequestURI.bind(this),\n siopCreateAuthRequestPayloads: this.createAuthorizationRequestPayloads.bind(this),\n siopGetAuthRequestState: this.siopGetRequestState.bind(this),\n siopGetAuthResponseState: this.siopGetResponseState.bind(this),\n siopUpdateAuthRequestState: this.siopUpdateRequestState.bind(this),\n siopDeleteAuthState: this.siopDeleteState.bind(this),\n siopVerifyAuthResponse: this.siopVerifyAuthResponse.bind(this),\n siopImportDefinitions: this.siopImportDefinitions.bind(this),\n siopGetRedirectURI: this.siopGetRedirectURI.bind(this),\n }\n\n constructor(opts: ISiopv2RPOpts) {\n this.opts = opts\n }\n\n public setDefaultOpts(rpDefaultOpts: IRPDefaultOpts, context: IRequiredContext) {\n // We allow setting default options later, because in some cases you might want to query the agent for defaults. This cannot happen when the agent is being build (this is when the constructor is being called)\n this.opts.defaultOpts = rpDefaultOpts\n // We however do require the agent to be responsible for resolution, otherwise people might encounter strange errors, that are very hard to track down\n if (\n !this.opts.defaultOpts.identifierOpts.resolveOpts?.resolver ||\n typeof this.opts.defaultOpts.identifierOpts.resolveOpts.resolver.resolve !== 'function'\n ) {\n this.opts.defaultOpts.identifierOpts.resolveOpts = {\n ...this.opts.defaultOpts.identifierOpts.resolveOpts,\n resolver: getAgentResolver(context, { uniresolverResolution: true, resolverResolution: true, localResolution: true }),\n }\n }\n }\n\n private async createAuthorizationRequestURI(createArgs: ICreateAuthRequestArgs, context: IRequiredContext): Promise<string> {\n return await this.getRPInstance(\n {\n createWhenNotPresent: true,\n responseRedirectURI: createArgs.responseRedirectURI,\n ...(createArgs.useQueryIdInstance === true && { queryId: createArgs.queryId } ),\n },\n context,\n )\n .then((rp) => rp.createAuthorizationRequestURI(createArgs, context))\n .then((URI) => URI.encodedUri)\n }\n\n private async createAuthorizationRequestPayloads(\n createArgs: ICreateAuthRequestArgs,\n context: IRequiredContext,\n ): Promise<IAuthorizationRequestPayloads> {\n return await this.getRPInstance({ createWhenNotPresent: true, queryId: createArgs.queryId }, context)\n .then((rp) => rp.createAuthorizationRequest(createArgs, context))\n .then(async (request) => {\n const authRequest: IAuthorizationRequestPayloads = {\n authorizationRequest: request.payload,\n requestObject: await request.requestObjectJwt(),\n requestObjectDecoded: request.requestObject?.getPayload(),\n }\n return authRequest\n })\n }\n\n private async siopGetRequestState(args: IGetAuthRequestStateArgs, context: IRequiredContext): Promise<AuthorizationRequestState | undefined> {\n return await this.getRPInstance({ createWhenNotPresent: false, queryId: args.queryId }, context).then((rp) =>\n rp.get(context).then((rp) =>\n rp.sessionManager.getRequestStateByCorrelationId(args.correlationId, args.errorOnNotFound)\n ),\n )\n }\n\n private async siopGetResponseState(\n args: IGetAuthResponseStateArgs,\n context: IRequiredContext,\n ): Promise<AuthorizationResponseStateWithVerifiedData | undefined> {\n const rpInstance: RPInstance = await this.getRPInstance({ createWhenNotPresent: false, queryId: args.queryId }, context)\n const authorizationResponseState: AuthorizationResponseState | undefined = await rpInstance\n .get(context)\n .then((rp) => rp.sessionManager.getResponseStateByCorrelationId(args.correlationId, args.errorOnNotFound))\n if (authorizationResponseState === undefined) {\n return undefined\n }\n\n const responseState = authorizationResponseState as AuthorizationResponseStateWithVerifiedData\n if (responseState.status === AuthorizationResponseStateStatus.VERIFIED) {\n let hasher: HasherSync | undefined\n if (\n CredentialMapper.isSdJwtEncoded(responseState.response.payload.vp_token as OriginalVerifiablePresentation) &&\n (!rpInstance.rpOptions.credentialOpts?.hasher || typeof rpInstance.rpOptions.credentialOpts?.hasher !== 'function')\n ) {\n hasher = defaultHasher\n }\n\n // FIXME SSISDK-64 currently assuming that all vp tokens are or type EncodedDcqlPresentationVpToken as we only work with DCQL now. But the types still indicate it can be another type of vp token\n const vpToken = responseState.response.payload.vp_token && JSON.parse(responseState.response.payload.vp_token as EncodedDcqlPresentationVpToken)\n const claims = []\n for (const [key, value] of Object.entries(vpToken)) {\n // todo this should also include mdl-mdoc\n const presentationDecoded = CredentialMapper.decodeVerifiablePresentation(\n value as OriginalVerifiablePresentation,\n //todo: later we want to conditionally pass in options for mdl-mdoc here\n hasher,\n )\n console.log(`presentationDecoded: ${JSON.stringify(presentationDecoded)}`)\n\n const allClaims: AdditionalClaims = {}\n const presentationOrClaims = this.presentationOrClaimsFrom(presentationDecoded)\n if ('verifiableCredential' in presentationOrClaims) {\n for (const credential of presentationOrClaims.verifiableCredential) {\n const vc = credential as IVerifiableCredential\n const schemaValidationResult = await context.agent.cvVerifySchema({\n credential,\n hasher,\n validationPolicy: rpInstance.rpOptions.verificationPolicies?.schemaValidation,\n })\n if (!schemaValidationResult.result) {\n responseState.status = AuthorizationResponseStateStatus.ERROR\n responseState.error = new Error(schemaValidationResult.error)\n return responseState\n }\n\n const credentialSubject = vc.credentialSubject as ICredentialSubject & AdditionalClaims\n if (!('id' in allClaims)) {\n allClaims['id'] = credentialSubject.id\n }\n\n Object.entries(credentialSubject).forEach(([key, value]) => {\n if (!(key in allClaims)) {\n allClaims[key] = value\n }\n })\n\n claims.push({\n id: key,\n type: vc.type[0],\n claims: allClaims\n })\n }\n } else {\n claims.push({\n id: key,\n type: (presentationDecoded as SdJwtDecodedVerifiableCredential).decodedPayload.vct,\n claims: presentationOrClaims\n })\n }\n }\n\n responseState.verifiedData = {\n ...(responseState.response.payload.vp_token && {\n authorization_response: {\n vp_token: typeof responseState.response.payload.vp_token === 'string'\n ? JSON.parse(responseState.response.payload.vp_token)\n : responseState.response.payload.vp_token\n }\n }),\n ...(claims.length > 0 && { credential_claims: claims })\n }\n }\n\n return responseState\n }\n\n private presentationOrClaimsFrom = (\n presentationDecoded:\n | JwtDecodedVerifiablePresentation\n | IVerifiablePresentation\n | SdJwtDecodedVerifiableCredential\n | MdocOid4vpMdocVpToken\n | MdocDeviceResponse\n ): AdditionalClaims | IPresentation => {\n return CredentialMapper.isSdJwtDecodedCredential(presentationDecoded)\n ? presentationDecoded.decodedPayload\n : CredentialMapper.toUniformPresentation(presentationDecoded as OriginalVerifiablePresentation)\n }\n\n private async siopUpdateRequestState(args: IUpdateRequestStateArgs, context: IRequiredContext): Promise<AuthorizationRequestState> {\n if (args.state !== 'authorization_request_created') {\n throw Error(`Only 'authorization_request_created' status is supported for this method at this point`)\n }\n return await this.getRPInstance({ createWhenNotPresent: false, queryId: args.queryId }, context)\n // todo: In the SIOP library we need to update the signal method to be more like this method\n .then((rp) =>\n rp.get(context).then(async (rp) => {\n await rp.signalAuthRequestRetrieved({\n correlationId: args.correlationId,\n error: args.error ? new Error(args.error) : undefined,\n })\n return (await rp.sessionManager.getRequestStateByCorrelationId(args.correlationId, true)) as AuthorizationRequestState\n }),\n )\n }\n\n private async siopDeleteState(args: IGetAuthResponseStateArgs, context: IRequiredContext): Promise<boolean> {\n return await this.getRPInstance({ createWhenNotPresent: false, queryId: args.queryId }, context)\n .then((rp) => rp.get(context).then((rp) => rp.sessionManager.deleteStateForCorrelationId(args.correlationId)))\n .then(() => true)\n }\n\n private async siopVerifyAuthResponse(args: IVerifyAuthResponseStateArgs, context: IRequiredContext): Promise<VerifiedAuthorizationResponse> {\n if (!args.authorizationResponse) {\n throw Error('No SIOPv2 Authorization Response received')\n }\n const authResponse =\n typeof args.authorizationResponse === 'string'\n ? (decodeUriAsJson(args.authorizationResponse) as AuthorizationResponsePayload)\n : args.authorizationResponse\n return await this.getRPInstance({ createWhenNotPresent: false, queryId: args.queryId }, context).then((rp) =>\n rp.get(context).then((rp) =>\n rp.verifyAuthorizationResponse(authResponse, {\n correlationId: args.correlationId,\n ...(args.dcqlQuery && { dcqlQuery: args.dcqlQuery }),\n audience: args.audience,\n }),\n ),\n )\n }\n\n private async siopImportDefinitions(args: ImportDefinitionsArgs, context: IRequiredContext): Promise<void> {\n const { importItems, tenantId, version, versionControlMode } = args\n await Promise.all(\n importItems.map(async (importItem: ImportDcqlQueryItem) => {\n DcqlQuery.validate(importItem.query)\n console.log(`persisting DCQL definition ${importItem.queryId} with versionControlMode ${versionControlMode}`)\n\n return context.agent.pdmPersistDefinition({\n definitionItem: {\n queryId: importItem.queryId!,\n tenantId: tenantId,\n version: version,\n query: importItem.query,\n },\n opts: { versionControlMode: versionControlMode },\n })\n }),\n )\n }\n\n private async siopGetRedirectURI(args: IGetRedirectUriArgs, context: IRequiredContext): Promise<string | undefined> {\n const instanceId = args.queryId ?? SIOPv2RP._DEFAULT_OPTS_KEY\n if (this.instances.has(instanceId)) {\n const rpInstance = this.instances.get(instanceId)\n if (rpInstance !== undefined) {\n const rp = await rpInstance.get(context)\n return rp.getResponseRedirectUri({\n correlation_id: args.correlationId,\n correlationId: args.correlationId,\n ...(args.state && { state: args.state }),\n })\n }\n }\n return undefined\n }\n\n async getRPInstance({ createWhenNotPresent, queryId, responseRedirectURI }: ISiopRPInstanceArgs, context: IRequiredContext): Promise<RPInstance> {\n let rpInstanceId: string = SIOPv2RP._DEFAULT_OPTS_KEY\n let rpInstance: RPInstance | undefined\n if (queryId) {\n if (this.instances.has(queryId)) {\n rpInstanceId = queryId\n rpInstance = this.instances.get(rpInstanceId)!\n } else if (isValidUUID(queryId)) {\n try {\n // Check whether queryId is actually the PD item id\n const pd = await context.agent.pdmGetDefinition({ itemId: queryId })\n if (this.instances.has(pd.queryId)) {\n rpInstanceId = pd.queryId\n rpInstance = this.instances.get(rpInstanceId)!\n }\n } catch (ignore) {}\n }\n if (createWhenNotPresent) {\n rpInstanceId = queryId\n } else {\n rpInstance = this.instances.get(rpInstanceId)\n }\n } else {\n rpInstance = this.instances.get(rpInstanceId)\n }\n\n if (!rpInstance) {\n if (!createWhenNotPresent) {\n return Promise.reject(`No RP instance found for key ${rpInstanceId}`)\n }\n const instanceOpts = this.getInstanceOpts(queryId)\n const rpOpts = await this.getRPOptions(context, { queryId, responseRedirectURI: responseRedirectURI })\n if (!rpOpts.identifierOpts.resolveOpts?.resolver || typeof rpOpts.identifierOpts.resolveOpts.resolver.resolve !== 'function') {\n if (!rpOpts.identifierOpts?.resolveOpts) {\n rpOpts.identifierOpts = { ...rpOpts.identifierOpts }\n rpOpts.identifierOpts.resolveOpts = { ...rpOpts.identifierOpts.resolveOpts }\n }\n console.log('Using agent DID resolver for RP instance with definition id ' + queryId)\n rpOpts.identifierOpts.resolveOpts.resolver = getAgentResolver(context, {\n uniresolverResolution: true,\n localResolution: true,\n resolverResolution: true,\n })\n }\n rpInstance = new RPInstance({ rpOpts, pexOpts: instanceOpts })\n this.instances.set(rpInstanceId, rpInstance)\n }\n if (responseRedirectURI) {\n rpInstance.rpOptions.responseRedirectUri = responseRedirectURI\n }\n return rpInstance\n }\n\n async getRPOptions(context: IRequiredContext, opts: { queryId?: string; responseRedirectURI?: string }): Promise<IRPOptions> {\n const { queryId, responseRedirectURI: responseRedirectURI } = opts\n const options = this.getInstanceOpts(queryId)?.rpOpts ?? this.opts.defaultOpts\n if (!options) {\n throw Error(`Could not get specific nor default options for definition ${queryId}`)\n }\n if (this.opts.defaultOpts) {\n if (!options.identifierOpts) {\n options.identifierOpts = this.opts.defaultOpts?.identifierOpts\n } else {\n if (!options.identifierOpts.idOpts) {\n options.identifierOpts.idOpts = this.opts.defaultOpts.identifierOpts.idOpts\n }\n if (!options.identifierOpts.supportedDIDMethods) {\n options.identifierOpts.supportedDIDMethods = this.opts.defaultOpts.identifierOpts.supportedDIDMethods\n }\n if (!options.supportedVersions) {\n options.supportedVersions = this.opts.defaultOpts.supportedVersions\n }\n }\n if (!options.identifierOpts.resolveOpts || typeof options.identifierOpts.resolveOpts.resolver?.resolve !== 'function') {\n options.identifierOpts.resolveOpts = {\n ...this.opts.defaultOpts.identifierOpts.resolveOpts,\n resolver:\n this.opts.defaultOpts.identifierOpts?.resolveOpts?.resolver ??\n getAgentResolver(context, { localResolution: true, resolverResolution: true, uniresolverResolution: true }),\n }\n }\n }\n if (responseRedirectURI !== undefined && responseRedirectURI !== options.responseRedirectUri) {\n options.responseRedirectUri = responseRedirectURI\n }\n return options\n }\n\n getInstanceOpts(queryId?: string): IPEXInstanceOptions | undefined {\n if (!this.opts.instanceOpts) return undefined\n\n const instanceOpt = queryId ? this.opts.instanceOpts.find((i) => i.queryId === queryId) : undefined\n\n return instanceOpt ?? this.getDefaultOptions(queryId)\n }\n\n private getDefaultOptions(queryId: string | undefined) {\n if (!this.opts.instanceOpts) return undefined\n\n const defaultOptions = this.opts.instanceOpts.find((i) => i.queryId === 'default')\n if (defaultOptions) {\n const clonedOptions = { ...defaultOptions }\n if (queryId !== undefined) {\n clonedOptions.queryId = queryId\n }\n return clonedOptions\n }\n\n return undefined\n }\n}\n","import {\n ClientIdentifierPrefix,\n ClientMetadataOpts,\n DcqlQueryLookupCallback,\n InMemoryRPSessionManager,\n PassBy,\n PresentationVerificationCallback,\n PresentationVerificationResult,\n PropertyTarget,\n ResponseMode,\n ResponseType,\n RevocationVerification,\n RP,\n RPBuilder,\n Scope,\n SubjectType,\n SupportedVersion,\n VerifyJwtCallback,\n} from '@sphereon/did-auth-siop'\nimport { CreateJwtCallback, JwtHeader, JwtIssuer, JwtPayload, SigningAlgo } from '@sphereon/oid4vc-common'\nimport { IPresentationDefinition } from '@sphereon/pex'\nimport { getAgentDIDMethods, getAgentResolver } from '@sphereon/ssi-sdk-ext.did-utils'\nimport {\n isExternalIdentifierOIDFEntityIdOpts,\n isManagedIdentifierDidOpts,\n isManagedIdentifierDidResult,\n isManagedIdentifierX5cOpts,\n ManagedIdentifierOptsOrResult,\n} from '@sphereon/ssi-sdk-ext.identifier-resolution'\nimport { JwtCompactResult } from '@sphereon/ssi-sdk-ext.jwt-service'\nimport { IVerifySdJwtPresentationResult } from '@sphereon/ssi-sdk.sd-jwt'\nimport { CredentialMapper, HasherSync, OriginalVerifiableCredential, PresentationSubmission } from '@sphereon/ssi-types'\nimport { IVerifyCallbackArgs, IVerifyCredentialResult, VerifyCallback } from '@sphereon/wellknown-dids-client'\nimport { TKeyType } from '@veramo/core'\nimport { JWTVerifyOptions } from 'did-jwt'\nimport { Resolvable } from 'did-resolver'\nimport { EventEmitter } from 'events'\nimport { IRequiredContext, IRPOptions, ISIOPIdentifierOptions } from './types/ISIOPv2RP'\nimport { DcqlQuery } from 'dcql'\nimport { defaultHasher } from '@sphereon/ssi-sdk.core'\n\nexport function getRequestVersion(rpOptions: IRPOptions): SupportedVersion {\n if (Array.isArray(rpOptions.supportedVersions) && rpOptions.supportedVersions.length > 0) {\n return rpOptions.supportedVersions[0]\n }\n return SupportedVersion.OID4VP_v1\n}\n\nfunction getWellKnownDIDVerifyCallback(siopIdentifierOpts: ISIOPIdentifierOptions, context: IRequiredContext) {\n return siopIdentifierOpts.wellknownDIDVerifyCallback\n ? siopIdentifierOpts.wellknownDIDVerifyCallback\n : async (args: IVerifyCallbackArgs): Promise<IVerifyCredentialResult> => {\n const result = await context.agent.cvVerifyCredential({\n credential: args.credential as OriginalVerifiableCredential,\n fetchRemoteContexts: true,\n })\n return { verified: result.result }\n }\n}\n\nexport function getDcqlQueryLookupCallback(context: IRequiredContext): DcqlQueryLookupCallback {\n async function dcqlQueryLookup(queryId: string, version?: string, tenantId?: string): Promise<DcqlQuery> {\n // TODO Add caching?\n const result = await context.agent.pdmGetDefinitions({\n filter: [\n {\n queryId,\n ...(tenantId && { tenantId }),\n ...(version && { version }),\n },\n {\n id: queryId,\n },\n ],\n })\n if (result && result.length > 0) {\n return result[0].query\n }\n\n return Promise.reject(Error(`No dcql query found for queryId ${queryId}`))\n }\n\n return dcqlQueryLookup\n}\n\nexport function getPresentationVerificationCallback(\n idOpts: ManagedIdentifierOptsOrResult,\n context: IRequiredContext,\n): PresentationVerificationCallback {\n async function presentationVerificationCallback(\n args: any, // FIXME any\n presentationSubmission?: PresentationSubmission,\n ): Promise<PresentationVerificationResult> {\n if (CredentialMapper.isSdJwtEncoded(args)) {\n const result: IVerifySdJwtPresentationResult = await context.agent.verifySdJwtPresentation({\n presentation: args,\n })\n // fixme: investigate the correct way to handle this\n return { verified: !!result.payload }\n }\n\n if (CredentialMapper.isMsoMdocOid4VPEncoded(args)) {\n // TODO Funke reevaluate\n if (context.agent.mdocOid4vpRPVerify === undefined) {\n return Promise.reject('ImDLMdoc agent plugin must be enabled to support MsoMdoc types')\n }\n if (presentationSubmission !== undefined && presentationSubmission !== null) {\n const verifyResult = await context.agent.mdocOid4vpRPVerify({\n vp_token: args,\n presentation_submission: presentationSubmission,\n })\n return { verified: !verifyResult.error }\n }\n throw Error(`mdocOid4vpRPVerify(...) method requires a presentation submission`)\n }\n\n const result = await context.agent.verifyPresentation({\n presentation: args,\n fetchRemoteContexts: true,\n domain: (await context.agent.identifierManagedGet(idOpts)).kid?.split('#')[0],\n })\n return { verified: result.verified }\n }\n\n return presentationVerificationCallback\n}\n\nexport async function createRPBuilder(args: {\n rpOpts: IRPOptions\n definition?: IPresentationDefinition\n context: IRequiredContext\n}): Promise<RPBuilder> {\n const { rpOpts, context } = args\n const { identifierOpts } = rpOpts\n\n const didMethods = identifierOpts.supportedDIDMethods ?? (await getAgentDIDMethods(context))\n const eventEmitter = rpOpts.eventEmitter ?? new EventEmitter()\n\n const defaultClientMetadata: ClientMetadataOpts = {\n // FIXME: All of the below should be configurable. Some should come from builder, some should be determined by the agent.\n // For now it is either preconfigured or everything passed in as a single object\n idTokenSigningAlgValuesSupported: [SigningAlgo.EDDSA, SigningAlgo.ES256, SigningAlgo.ES256K], // added newly\n requestObjectSigningAlgValuesSupported: [SigningAlgo.EDDSA, SigningAlgo.ES256, SigningAlgo.ES256K], // added newly\n responseTypesSupported: [ResponseType.ID_TOKEN], // added newly\n client_name: 'Sphereon',\n vpFormatsSupported: {\n jwt_vc: { alg: ['EdDSA', 'ES256K'] },\n jwt_vp: { alg: ['ES256K', 'EdDSA'] },\n },\n scopesSupported: [Scope.OPENID_DIDAUTHN],\n subjectTypesSupported: [SubjectType.PAIRWISE],\n subject_syntax_types_supported: didMethods.map((method) => `did:${method}`),\n passBy: PassBy.VALUE,\n }\n\n const resolver =\n rpOpts.identifierOpts.resolveOpts?.resolver ??\n getAgentResolver(context, {\n resolverResolution: true,\n localResolution: true,\n uniresolverResolution: rpOpts.identifierOpts.resolveOpts?.noUniversalResolverFallback !== true,\n })\n //todo: probably wise to first look and see if we actually need the hasher to begin with\n let hasher: HasherSync | undefined = rpOpts.credentialOpts?.hasher\n if (!rpOpts.credentialOpts?.hasher || typeof rpOpts.credentialOpts?.hasher !== 'function') {\n hasher = defaultHasher\n }\n\n const builder = RP.builder({ requestVersion: getRequestVersion(rpOpts) })\n .withScope('openid', PropertyTarget.REQUEST_OBJECT)\n .withResponseMode(rpOpts.responseMode ?? ResponseMode.POST)\n .withResponseType(ResponseType.VP_TOKEN, PropertyTarget.REQUEST_OBJECT)\n // todo: move to options fill/correct method\n .withSupportedVersions(rpOpts.supportedVersions ?? [SupportedVersion.OID4VP_v1, SupportedVersion.SIOPv2_OID4VP_D28])\n\n .withEventEmitter(eventEmitter)\n .withSessionManager(rpOpts.sessionManager ?? new InMemoryRPSessionManager(eventEmitter))\n .withClientMetadata(rpOpts.clientMetadataOpts ?? defaultClientMetadata, PropertyTarget.REQUEST_OBJECT)\n .withVerifyJwtCallback(\n rpOpts.verifyJwtCallback\n ? rpOpts.verifyJwtCallback\n : getVerifyJwtCallback(\n {\n resolver,\n verifyOpts: {\n wellknownDIDVerifyCallback: getWellKnownDIDVerifyCallback(rpOpts.identifierOpts, context),\n checkLinkedDomain: 'if_present',\n },\n },\n context,\n ),\n )\n .withDcqlQueryLookup(getDcqlQueryLookupCallback(context))\n .withRevocationVerification(RevocationVerification.NEVER)\n .withPresentationVerification(getPresentationVerificationCallback(identifierOpts.idOpts, context))\n\n const oidfOpts = identifierOpts.oidfOpts\n if (oidfOpts && isExternalIdentifierOIDFEntityIdOpts(oidfOpts)) {\n builder.withEntityId(oidfOpts.identifier, PropertyTarget.REQUEST_OBJECT)\n } else {\n const resolution = await context.agent.identifierManagedGet(identifierOpts.idOpts)\n const clientId: string =\n rpOpts.clientMetadataOpts?.client_id ??\n resolution.issuer ??\n (isManagedIdentifierDidResult(resolution) ? resolution.did : resolution.jwkThumbprint)\n const clientIdPrefixed = prefixClientId(clientId)\n builder.withClientId(clientIdPrefixed, PropertyTarget.REQUEST_OBJECT)\n }\n\n if (hasher) {\n builder.withHasher(hasher)\n }\n //fixme: this has been removed in the new version of did-auth-siop\n /*if (!rpOpts.clientMetadataOpts?.subjectTypesSupported) {\n // Do not update in case it is already provided via client metadata opts\n didMethods.forEach((method) => builder.addDidMethod(method))\n }*/\n //fixme: this has been removed in the new version of did-auth-siop\n // builder.withWellknownDIDVerifyCallback(getWellKnownDIDVerifyCallback(didOpts, context))\n\n if (rpOpts.responseRedirectUri) {\n builder.withResponseRedirectUri(rpOpts.responseRedirectUri)\n }\n\n //const key = resolution.key\n //fixme: this has been removed in the new version of did-auth-siop\n //builder.withSuppliedSignature(SuppliedSigner(key, context, getSigningAlgo(key.type) as unknown as KeyAlgo), did, kid, getSigningAlgo(key.type))\n\n /*if (isManagedIdentifierDidResult(resolution)) {\n //fixme: only accepts dids in version used. New SIOP lib also accepts other types\n builder.withSuppliedSignature(\n SuppliedSigner(key, context, getSigningAlgo(key.type) as unknown as KeyAlgo),\n resolution.did,\n resolution.kid,\n getSigningAlgo(key.type),\n )\n }*/\n //fixme: signcallback and it's return type are not totally compatible with our CreateJwtCallbackBase\n const createJwtCallback = signCallback(rpOpts.identifierOpts.idOpts, context)\n builder.withCreateJwtCallback(createJwtCallback satisfies CreateJwtCallback<any>)\n return builder\n}\n\nexport function signCallback(\n idOpts: ManagedIdentifierOptsOrResult,\n context: IRequiredContext,\n): (jwtIssuer: JwtIssuer, jwt: { header: JwtHeader; payload: JwtPayload }, kid?: string) => Promise<string> {\n return async (jwtIssuer: JwtIssuer, jwt: { header: JwtHeader; payload: JwtPayload }, kid?: string) => {\n if (!(isManagedIdentifierDidOpts(idOpts) || isManagedIdentifierX5cOpts(idOpts))) {\n return Promise.reject(Error(`JWT issuer method ${jwtIssuer.method} not yet supported`))\n }\n const result: JwtCompactResult = await context.agent.jwtCreateJwsCompactSignature({\n // FIXME fix cose-key inference\n // @ts-ignore\n issuer: { identifier: idOpts.identifier, kmsKeyRef: idOpts.kmsKeyRef, noIdentifierInHeader: false },\n // FIXME fix JWK key_ops\n // @ts-ignore\n protectedHeader: jwt.header,\n payload: jwt.payload,\n })\n return result.jwt\n }\n}\n\nfunction getVerifyJwtCallback(\n _opts: {\n resolver?: Resolvable\n verifyOpts?: JWTVerifyOptions & {\n checkLinkedDomain: 'never' | 'if_present' | 'always'\n wellknownDIDVerifyCallback?: VerifyCallback\n }\n },\n context: IRequiredContext,\n): VerifyJwtCallback {\n return async (_jwtVerifier, jwt) => {\n const result = await context.agent.jwtVerifyJwsSignature({ jws: jwt.raw })\n console.log(result.message)\n return !result.error\n }\n}\n\nexport async function createRP({ rpOptions, context }: { rpOptions: IRPOptions; context: IRequiredContext }): Promise<RP> {\n return (await createRPBuilder({ rpOpts: rpOptions, context })).build()\n}\n\nexport function getSigningAlgo(type: TKeyType): SigningAlgo {\n switch (type) {\n case 'Ed25519':\n return SigningAlgo.EDDSA\n case 'Secp256k1':\n return SigningAlgo.ES256K\n case 'Secp256r1':\n return SigningAlgo.ES256\n // @ts-ignore\n case 'RSA':\n return SigningAlgo.RS256\n default:\n throw Error('Key type not yet supported')\n }\n}\n\nexport function prefixClientId(clientId: string): string {\n // FIXME SSISDK-60\n if (clientId.startsWith('did:')) {\n return `${ClientIdentifierPrefix.DECENTRALIZED_IDENTIFIER}:${clientId}`\n }\n\n return clientId\n}\n","import { AuthorizationRequest, RP, URI } from '@sphereon/did-auth-siop'\nimport { ICreateAuthRequestArgs, IPresentationOptions, IRequiredContext, IRPOptions } from './types/ISIOPv2RP'\nimport { createRPBuilder, getRequestVersion, getSigningAlgo } from './functions'\nimport { v4 as uuidv4 } from 'uuid'\nimport { JwtIssuer } from '@sphereon/oid4vc-common'\nimport {\n ensureManagedIdentifierResult,\n isManagedIdentifierDidResult,\n isManagedIdentifierX5cResult,\n} from '@sphereon/ssi-sdk-ext.identifier-resolution'\n\nexport class RPInstance {\n private _rp: RP | undefined\n private readonly _presentationOptions: IPresentationOptions | undefined\n private readonly _rpOptions: IRPOptions\n\n public constructor({ rpOpts, pexOpts }: { rpOpts: IRPOptions; pexOpts?: IPresentationOptions }) {\n this._rpOptions = rpOpts\n this._presentationOptions = pexOpts\n }\n\n public async get(context: IRequiredContext): Promise<RP> {\n if (!this._rp) {\n const builder = await createRPBuilder({\n rpOpts: this._rpOptions,\n context,\n })\n this._rp = builder.build()\n }\n return this._rp!\n }\n\n get rpOptions() {\n return this._rpOptions\n }\n\n get presentationOptions() {\n return this._presentationOptions\n }\n\n public async createAuthorizationRequestURI(createArgs: ICreateAuthRequestArgs, context: IRequiredContext): Promise<URI> {\n const { correlationId, queryId, claims, requestByReferenceURI, responseURI, responseURIType, callback } = createArgs\n const nonce = createArgs.nonce ?? uuidv4()\n const state = createArgs.state ?? correlationId\n let jwtIssuer: JwtIssuer\n const idOpts = this.rpOptions.identifierOpts.idOpts\n const resolution = await ensureManagedIdentifierResult(idOpts, context)\n if (isManagedIdentifierDidResult(resolution)) {\n jwtIssuer = { didUrl: resolution.kid, method: 'did', alg: getSigningAlgo(resolution.key.type) }\n } else if (isManagedIdentifierX5cResult(resolution)) {\n if (!resolution.issuer) {\n return Promise.reject('missing issuer in idOpts')\n }\n jwtIssuer = {\n issuer: resolution.issuer,\n x5c: resolution.x5c,\n method: 'x5c',\n alg: getSigningAlgo(resolution.key.type),\n }\n } else {\n return Promise.reject(Error(`JWT issuer method ${resolution.method} not yet supported`))\n }\n\n return await this.get(context).then((rp) =>\n rp.createAuthorizationRequestURI({\n version: getRequestVersion(this.rpOptions),\n correlationId,\n queryId,\n nonce,\n state,\n claims,\n requestByReferenceURI,\n responseURI,\n responseURIType,\n jwtIssuer,\n callback,\n }),\n )\n }\n\n public async createAuthorizationRequest(\n createArgs: Omit<ICreateAuthRequestArgs, 'queryId'>,\n context: IRequiredContext,\n ): Promise<AuthorizationRequest> {\n const { correlationId, claims, requestByReferenceURI, responseURI, responseURIType } = createArgs\n const nonce = createArgs.nonce ?? uuidv4()\n const state = createArgs.state ?? correlationId\n const idOpts = this.rpOptions.identifierOpts.idOpts\n const resolution = await ensureManagedIdentifierResult(idOpts, context)\n\n let jwtIssuer: JwtIssuer\n if (isManagedIdentifierX5cResult(resolution) && resolution.issuer) {\n jwtIssuer = {\n method: resolution.method,\n alg: getSigningAlgo(resolution.key.type),\n x5c: resolution.x5c,\n issuer: resolution.issuer,\n }\n } else if (isManagedIdentifierDidResult(resolution)) {\n jwtIssuer = {\n method: resolution.method,\n alg: getSigningAlgo(resolution.key.type),\n didUrl: resolution.did,\n }\n } else {\n return Promise.reject(Error('Only did & x5c supported at present'))\n }\n\n return await this.get(context).then((rp) =>\n rp.createAuthorizationRequest({\n version: getRequestVersion(this.rpOptions),\n correlationId,\n nonce,\n state,\n claims,\n requestByReferenceURI,\n responseURIType,\n responseURI,\n jwtIssuer,\n }),\n )\n }\n}\n"],"mappings":";;;;AAAA;AAAA,EACE,6BAA+B;AAAA,IAC7B,YAAc;AAAA,MACZ,SAAW;AAAA,QACT,qBAAuB;AAAA,UACrB,MAAQ;AAAA,UACR,YAAc;AAAA,YACZ,WAAa;AAAA,cACX,MAAQ;AAAA,YACV;AAAA,YACA,sBAAwB;AAAA,UAC1B;AAAA,UACA,UAAY,CAAC,WAAW;AAAA,UACxB,aAAe;AAAA,QACjB;AAAA,QACA,0BAA4B;AAAA,UAC1B,MAAQ;AAAA,UACR,YAAc;AAAA,YACZ,YAAc;AAAA,cACZ,MAAQ;AAAA,cACR,YAAc;AAAA,gBACZ,KAAO;AAAA,kBACL,MAAQ;AAAA,gBACV;AAAA,gBACA,OAAS;AAAA,kBACP,MAAQ;AAAA,gBACV;AAAA,gBACA,UAAY;AAAA,kBACV,MAAQ;AAAA,gBACV;AAAA,gBACA,iBAAmB;AAAA,kBACjB,MAAQ;AAAA,gBACV;AAAA,gBACA,MAAQ;AAAA,kBACN,MAAQ;AAAA,kBACR,OAAS;AAAA,oBACP,MAAQ;AAAA,oBACR,YAAc;AAAA,sBACZ,sBAAwB;AAAA,oBAC1B;AAAA,kBACF;AAAA,gBACF;AAAA,gBACA,UAAY;AAAA,kBACV,MAAQ;AAAA,kBACR,OAAS;AAAA,oBACP,MAAQ;AAAA,oBACR,YAAc;AAAA,sBACZ,sBAAwB;AAAA,oBAC1B;AAAA,kBACF;AAAA,gBACF;AAAA,cACF;AAAA,cACA,sBAAwB;AAAA,cACxB,UAAY,CAAC,OAAO,YAAY,QAAQ,UAAU;AAAA,YACpD;AAAA,YACA,WAAa;AAAA,cACX,MAAQ;AAAA,YACV;AAAA,YACA,WAAa;AAAA,cACX,MAAQ;AAAA,YACV;AAAA,YACA,sBAAwB;AAAA,UAC1B;AAAA,UACA,UAAY,CAAC,YAAY;AAAA,UACzB,aAAe;AAAA,QACjB;AAAA,QACA,wBAA0B;AAAA,UACxB,MAAQ;AAAA,UACR,YAAc;AAAA,YACZ,WAAa;AAAA,cACX,MAAQ;AAAA,YACV;AAAA,YACA,sBAAwB;AAAA,UAC1B;AAAA,UACA,UAAY,CAAC,WAAW;AAAA,UACxB,aAAe;AAAA,QACjB;AAAA,QACA,2BAA6B;AAAA,UAC3B,MAAQ;AAAA,UACR,YAAc;AAAA,YACZ,WAAa;AAAA,cACX,MAAQ;AAAA,YACV;AAAA,YACA,SAAW;AAAA,cACT,MAAQ;AAAA,YACV;AAAA,YACA,aAAe;AAAA,cACb,MAAQ;AAAA,YACV;AAAA,YACA,sBAAwB;AAAA,UAC1B;AAAA,UACA,UAAY,CAAC,aAAa,WAAW,aAAa;AAAA,UAClD,aAAe;AAAA,QACjB;AAAA,QACA,WAAa;AAAA,UACX,MAAQ;AAAA,UACR,YAAc;AAAA,YACZ,QAAU;AAAA,cACR,MAAQ;AAAA,YACV;AAAA,YACA,sBAAwB;AAAA,UAC1B;AAAA,UACA,UAAY,CAAC,QAAQ;AAAA,UACrB,aAAe;AAAA,QACjB;AAAA,QACA,yCAA2C;AAAA,UACzC,MAAQ;AAAA,UACR,YAAc;AAAA,YACZ,WAAa;AAAA,cACX,MAAQ;AAAA,YACV;AAAA,YACA,SAAW;AAAA,cACT,MAAQ;AAAA,YACV;AAAA,YACA,aAAe;AAAA,cACb,MAAQ;AAAA,YACV;AAAA,YACA,sBAAwB;AAAA,UAC1B;AAAA,UACA,UAAY,CAAC,aAAa,WAAW,aAAa;AAAA,UAClD,aAAe;AAAA,QACjB;AAAA,QACA,gCAAkC;AAAA,UAChC,MAAQ;AAAA,UACR,YAAc;AAAA,YACZ,KAAO;AAAA,cACL,MAAQ;AAAA,YACV;AAAA,YACA,gBAAkB;AAAA,cAChB,MAAQ;AAAA,cACR,YAAc;AAAA,gBACZ,sBAAwB;AAAA,cAC1B;AAAA,YACF;AAAA,YACA,cAAgB;AAAA,cACd,MAAQ;AAAA,cACR,YAAc;AAAA,gBACZ,sBAAwB;AAAA,cAC1B;AAAA,YACF;AAAA,YACA,sBAAwB;AAAA,UAC1B;AAAA,UACA,UAAY,CAAC,OAAO,kBAAkB,cAAc;AAAA,UACpD,aAAe;AAAA,QACjB;AAAA,QACA,0CAA4C;AAAA,UAC1C,MAAQ;AAAA,UACR,YAAc;AAAA,YACZ,WAAa;AAAA,cACX,MAAQ;AAAA,YACV;AAAA,YACA,+BAAiC;AAAA,cAC/B,MAAQ;AAAA,cACR,YAAc;AAAA,gBACZ,sBAAwB;AAAA,cAC1B;AAAA,YACF;AAAA,YACA,kBAAoB;AAAA,cAClB,MAAQ;AAAA,cACR,YAAc;AAAA,gBACZ,sBAAwB;AAAA,cAC1B;AAAA,YACF;AAAA,YACA,sBAAwB;AAAA,UAC1B;AAAA,UACA,UAAY,CAAC,aAAa,+BAA+B;AAAA,UACzD,aAAe;AAAA,QACjB;AAAA,QACA,qBAAuB;AAAA,UACrB,MAAQ;AAAA,UACR,YAAc;AAAA,YACZ,IAAM;AAAA,cACJ,MAAQ;AAAA,YACV;AAAA,YACA,aAAe;AAAA,cACb,MAAQ;AAAA,cACR,OAAS;AAAA,gBACP,MAAQ;AAAA,cACV;AAAA,YACF;AAAA,YACA,gBAAkB;AAAA,cAChB,MAAQ;AAAA,cACR,YAAc;AAAA,gBACZ,sBAAwB;AAAA,cAC1B;AAAA,YACF;AAAA,YACA,sBAAwB;AAAA,UAC1B;AAAA,UACA,UAAY,CAAC,MAAM,gBAAgB;AAAA,UACnC,aAAe;AAAA,QACjB;AAAA,QACA,yCAA2C;AAAA,UACzC,MAAQ;AAAA,UACR,YAAc;AAAA,YACZ,WAAa;AAAA,cACX,MAAQ;AAAA,YACV;AAAA,YACA,gCAAkC;AAAA,cAChC,MAAQ;AAAA,cACR,YAAc;AAAA,gBACZ,sBAAwB;AAAA,cAC1B;AAAA,YACF;AAAA,YACA,sBAAwB;AAAA,UAC1B;AAAA,UACA,UAAY,CAAC,aAAa,gCAAgC;AAAA,UAC1D,aAAe;AAAA,QACjB;AAAA,QACA,8BAAgC;AAAA,UAC9B,MAAQ;AAAA,UACR,YAAc;AAAA,YACZ,SAAW;AAAA,cACT,MAAQ;AAAA,cACR,YAAc;AAAA,gBACZ,sBAAwB;AAAA,cAC1B;AAAA,YACF;AAAA,YACA,yBAA2B;AAAA,cACzB,MAAQ;AAAA,cACR,YAAc;AAAA,gBACZ,sBAAwB;AAAA,cAC1B;AAAA,YACF;AAAA,YACA,YAAc;AAAA,cACZ,MAAQ;AAAA,cACR,YAAc;AAAA,gBACZ,sBAAwB;AAAA,cAC1B;AAAA,YACF;AAAA,YACA,sBAAwB;AAAA,UAC1B;AAAA,UACA,UAAY,CAAC,WAAW,YAAY;AAAA,UACpC,aAAe;AAAA,QACjB;AAAA,QACA,qCAAuC;AAAA,UACrC,MAAQ;AAAA,UACR,YAAc;AAAA,YACZ,WAAa;AAAA,cACX,MAAQ;AAAA,YACV;AAAA,YACA,+BAAiC;AAAA,cAC/B,MAAQ;AAAA,cACR,YAAc;AAAA,gBACZ,sBAAwB;AAAA,cAC1B;AAAA,YACF;AAAA,YACA,gCAAkC;AAAA,cAChC,MAAQ;AAAA,cACR,YAAc;AAAA,gBACZ,sBAAwB;AAAA,cAC1B;AAAA,YACF;AAAA,YACA,sBAAwB;AAAA,UAC1B;AAAA,UACA,UAAY,CAAC,aAAa,+BAA+B;AAAA,UACzD,aAAe;AAAA,QACjB;AAAA,MACF;AAAA,MACA,SAAW;AAAA,QACT,mBAAqB;AAAA,UACnB,aAAe;AAAA,UACf,WAAa;AAAA,YACX,MAAQ;AAAA,UACV;AAAA,UACA,YAAc;AAAA,QAChB;AAAA,QACA,wBAA0B;AAAA,UACxB,aAAe;AAAA,UACf,WAAa;AAAA,YACX,MAAQ;AAAA,UACV;AAAA,UACA,YAAc;AAAA,QAChB;AAAA,QACA,sBAAwB;AAAA,UACtB,aAAe;AAAA,UACf,WAAa;AAAA,YACX,MAAQ;AAAA,UACV;AAAA,UACA,YAAc;AAAA,QAChB;AAAA,QACA,sBAAwB;AAAA,UACtB,aAAe;AAAA,UACf,WAAa;AAAA,YACX,MAAQ;AAAA,UACV;AAAA,UACA,YAAc;AAAA,YACZ,MAAQ;AAAA,UACV;AAAA,QACF;AAAA,QACA,oCAAsC;AAAA,UACpC,aAAe;AAAA,UACf,WAAa;AAAA,YACX,MAAQ;AAAA,UACV;AAAA,UACA,YAAc;AAAA,YACZ,MAAQ;AAAA,UACV;AAAA,QACF;AAAA,QACA,qCAAuC;AAAA,UACrC,aAAe;AAAA,UACf,WAAa;AAAA,YACX,MAAQ;AAAA,UACV;AAAA,UACA,YAAc;AAAA,YACZ,MAAQ;AAAA,UACV;AAAA,QACF;AAAA,QACA,oCAAsC;AAAA,UACpC,aAAe;AAAA,UACf,WAAa;AAAA,YACX,MAAQ;AAAA,UACV;AAAA,UACA,YAAc;AAAA,YACZ,MAAQ;AAAA,UACV;AAAA,QACF;AAAA,QACA,gCAAkC;AAAA,UAChC,aAAe;AAAA,UACf,WAAa;AAAA,YACX,MAAQ;AAAA,UACV;AAAA,UACA,YAAc;AAAA,YACZ,MAAQ;AAAA,UACV;AAAA,QACF;AAAA,MACF;AAAA,IACF;AAAA,EACF;AACF;;;ACxUA,SAIEA,kCAEAC,uBAGK;AACP,SAASC,oBAAAA,yBAAwB;AACjC,SAASC,aAAaC,sBAAqB;AAC3C,SAASC,YAAYC,mBAAmB;AAExC,SAEEC,oBAAAA,yBAWK;AAEP,SAASC,iBAAiB;;;AC7B1B,SACEC,wBAGAC,0BACAC,QAGAC,gBACAC,cACAC,cACAC,wBACAC,IAEAC,OACAC,aACAC,wBAEK;AACP,SAA8DC,mBAAmB;AAEjF,SAASC,oBAAoBC,wBAAwB;AACrD,SACEC,sCACAC,4BACAC,8BACAC,kCAEK;AAGP,SAASC,wBAA0F;AAKnG,SAASC,oBAAoB;AAG7B,SAASC,qBAAqB;AAEvB,SAASC,kBAAkBC,WAAqB;AACrD,MAAIC,MAAMC,QAAQF,UAAUG,iBAAiB,KAAKH,UAAUG,kBAAkBC,SAAS,GAAG;AACxF,WAAOJ,UAAUG,kBAAkB,CAAA;EACrC;AACA,SAAOE,iBAAiBC;AAC1B;AALgBP;AAOhB,SAASQ,8BAA8BC,oBAA4CC,SAAyB;AAC1G,SAAOD,mBAAmBE,6BACtBF,mBAAmBE,6BACnB,OAAOC,SAAAA;AACL,UAAMC,SAAS,MAAMH,QAAQI,MAAMC,mBAAmB;MACpDC,YAAYJ,KAAKI;MACjBC,qBAAqB;IACvB,CAAA;AACA,WAAO;MAAEC,UAAUL,OAAOA;IAAO;EACnC;AACN;AAVSL;AAYF,SAASW,2BAA2BT,SAAyB;AAClE,iBAAeU,gBAAgBC,SAAiBC,SAAkBC,UAAiB;AAEjF,UAAMV,SAAS,MAAMH,QAAQI,MAAMU,kBAAkB;MACnDC,QAAQ;QACN;UACEJ;UACA,GAAIE,YAAY;YAAEA;UAAS;UAC3B,GAAID,WAAW;YAAEA;UAAQ;QAC3B;QACA;UACEI,IAAIL;QACN;;IAEJ,CAAA;AACA,QAAIR,UAAUA,OAAOR,SAAS,GAAG;AAC/B,aAAOQ,OAAO,CAAA,EAAGc;IACnB;AAEA,WAAOC,QAAQC,OAAOC,MAAM,mCAAmCT,OAAAA,EAAS,CAAA;EAC1E;AAnBeD;AAqBf,SAAOA;AACT;AAvBgBD;AAyBT,SAASY,oCACdC,QACAtB,SAAyB;AAEzB,iBAAeuB,iCACbrB,MACAsB,wBAA+C;AAE/C,QAAIC,iBAAiBC,eAAexB,IAAAA,GAAO;AACzC,YAAMC,UAAyC,MAAMH,QAAQI,MAAMuB,wBAAwB;QACzFC,cAAc1B;MAChB,CAAA;AAEA,aAAO;QAAEM,UAAU,CAAC,CAACL,QAAO0B;MAAQ;IACtC;AAEA,QAAIJ,iBAAiBK,uBAAuB5B,IAAAA,GAAO;AAEjD,UAAIF,QAAQI,MAAM2B,uBAAuBC,QAAW;AAClD,eAAOd,QAAQC,OAAO,gEAAA;MACxB;AACA,UAAIK,2BAA2BQ,UAAaR,2BAA2B,MAAM;AAC3E,cAAMS,eAAe,MAAMjC,QAAQI,MAAM2B,mBAAmB;UAC1DG,UAAUhC;UACViC,yBAAyBX;QAC3B,CAAA;AACA,eAAO;UAAEhB,UAAU,CAACyB,aAAaG;QAAM;MACzC;AACA,YAAMhB,MAAM,mEAAmE;IACjF;AAEA,UAAMjB,SAAS,MAAMH,QAAQI,MAAMiC,mBAAmB;MACpDT,cAAc1B;MACdK,qBAAqB;MACrB+B,SAAS,MAAMtC,QAAQI,MAAMmC,qBAAqBjB,MAAAA,GAASkB,KAAKC,MAAM,GAAA,EAAK,CAAA;IAC7E,CAAA;AACA,WAAO;MAAEjC,UAAUL,OAAOK;IAAS;EACrC;AAjCee;AAmCf,SAAOA;AACT;AAxCgBF;AA0ChB,eAAsBqB,gBAAgBxC,MAIrC;AACC,QAAM,EAAEyC,QAAQ3C,QAAO,IAAKE;AAC5B,QAAM,EAAE0C,eAAc,IAAKD;AAE3B,QAAME,aAAaD,eAAeE,uBAAwB,MAAMC,mBAAmB/C,OAAAA;AACnF,QAAMgD,eAAeL,OAAOK,gBAAgB,IAAIC,aAAAA;AAEhD,QAAMC,wBAA4C;;;IAGhDC,kCAAkC;MAACC,YAAYC;MAAOD,YAAYE;MAAOF,YAAYG;;IACrFC,wCAAwC;MAACJ,YAAYC;MAAOD,YAAYE;MAAOF,YAAYG;;IAC3FE,wBAAwB;MAACC,aAAaC;;IACtCC,aAAa;IACbC,oBAAoB;MAClBC,QAAQ;QAAEC,KAAK;UAAC;UAAS;;MAAU;MACnCC,QAAQ;QAAED,KAAK;UAAC;UAAU;;MAAS;IACrC;IACAE,iBAAiB;MAACC,MAAMC;;IACxBC,uBAAuB;MAACC,YAAYC;;IACpCC,gCAAgC1B,WAAW2B,IAAI,CAACC,WAAW,OAAOA,MAAAA,EAAQ;IAC1EC,QAAQC,OAAOC;EACjB;AAEA,QAAMC,WACJlC,OAAOC,eAAekC,aAAaD,YACnCE,iBAAiB/E,SAAS;IACxBgF,oBAAoB;IACpBC,iBAAiB;IACjBC,uBAAuBvC,OAAOC,eAAekC,aAAaK,gCAAgC;EAC5F,CAAA;AAEF,MAAIC,SAAiCzC,OAAO0C,gBAAgBD;AAC5D,MAAI,CAACzC,OAAO0C,gBAAgBD,UAAU,OAAOzC,OAAO0C,gBAAgBD,WAAW,YAAY;AACzFA,aAASE;EACX;AAEA,QAAMC,UAAUC,GAAGD,QAAQ;IAAEE,gBAAgBnG,kBAAkBqD,MAAAA;EAAQ,CAAA,EACpE+C,UAAU,UAAUC,eAAeC,cAAc,EACjDC,iBAAiBlD,OAAOmD,gBAAgBC,aAAaC,IAAI,EACzDC,iBAAiBvC,aAAawC,UAAUP,eAAeC,cAAc,EAErEO,sBAAsBxD,OAAOjD,qBAAqB;IAACE,iBAAiBC;IAAWD,iBAAiBwG;GAAkB,EAElHC,iBAAiBrD,YAAAA,EACjBsD,mBAAmB3D,OAAO4D,kBAAkB,IAAIC,yBAAyBxD,YAAAA,CAAAA,EACzEyD,mBAAmB9D,OAAO+D,sBAAsBxD,uBAAuByC,eAAeC,cAAc,EACpGe,sBACChE,OAAOiE,oBACHjE,OAAOiE,oBACPC,qBACE;IACEhC;IACAiC,YAAY;MACV7G,4BAA4BH,8BAA8B6C,OAAOC,gBAAgB5C,OAAAA;MACjF+G,mBAAmB;IACrB;EACF,GACA/G,OAAAA,CAAAA,EAGPgH,oBAAoBvG,2BAA2BT,OAAAA,CAAAA,EAC/CiH,2BAA2BC,uBAAuBC,KAAK,EACvDC,6BAA6B/F,oCAAoCuB,eAAetB,QAAQtB,OAAAA,CAAAA;AAE3F,QAAMqH,WAAWzE,eAAeyE;AAChC,MAAIA,YAAYC,qCAAqCD,QAAAA,GAAW;AAC9D9B,YAAQgC,aAAaF,SAASG,YAAY7B,eAAeC,cAAc;EACzE,OAAO;AACL,UAAM6B,aAAa,MAAMzH,QAAQI,MAAMmC,qBAAqBK,eAAetB,MAAM;AACjF,UAAMoG,WACJ/E,OAAO+D,oBAAoBiB,aAC3BF,WAAWG,WACVC,6BAA6BJ,UAAAA,IAAcA,WAAWK,MAAML,WAAWM;AAC1E,UAAMC,mBAAmBC,eAAeP,QAAAA;AACxCnC,YAAQ2C,aAAaF,kBAAkBrC,eAAeC,cAAc;EACtE;AAEA,MAAIR,QAAQ;AACVG,YAAQ4C,WAAW/C,MAAAA;EACrB;AASA,MAAIzC,OAAOyF,qBAAqB;AAC9B7C,YAAQ8C,wBAAwB1F,OAAOyF,mBAAmB;EAC5D;AAgBA,QAAME,oBAAoBC,aAAa5F,OAAOC,eAAetB,QAAQtB,OAAAA;AACrEuF,UAAQiD,sBAAsBF,iBAAAA;AAC9B,SAAO/C;AACT;AAlHsB7C;AAoHf,SAAS6F,aACdjH,QACAtB,SAAyB;AAEzB,SAAO,OAAOyI,WAAsBC,KAAiDlG,QAAAA;AACnF,QAAI,EAAEmG,2BAA2BrH,MAAAA,KAAWsH,2BAA2BtH,MAAAA,IAAU;AAC/E,aAAOJ,QAAQC,OAAOC,MAAM,qBAAqBqH,UAAUhE,MAAM,oBAAoB,CAAA;IACvF;AACA,UAAMtE,SAA2B,MAAMH,QAAQI,MAAMyI,6BAA6B;;;MAGhFjB,QAAQ;QAAEJ,YAAYlG,OAAOkG;QAAYsB,WAAWxH,OAAOwH;QAAWC,sBAAsB;MAAM;;;MAGlGC,iBAAiBN,IAAIO;MACrBpH,SAAS6G,IAAI7G;IACf,CAAA;AACA,WAAO1B,OAAOuI;EAChB;AACF;AAnBgBH;AAqBhB,SAAS1B,qBACPqC,OAOAlJ,SAAyB;AAEzB,SAAO,OAAOmJ,cAAcT,QAAAA;AAC1B,UAAMvI,SAAS,MAAMH,QAAQI,MAAMgJ,sBAAsB;MAAEC,KAAKX,IAAIY;IAAI,CAAA;AACxEC,YAAQC,IAAIrJ,OAAOsJ,OAAO;AAC1B,WAAO,CAACtJ,OAAOiC;EACjB;AACF;AAfSyE;AAqBF,SAAS6C,eAAeC,MAAc;AAC3C,UAAQA,MAAAA;IACN,KAAK;AACH,aAAOC,YAAYC;IACrB,KAAK;AACH,aAAOD,YAAYE;IACrB,KAAK;AACH,aAAOF,YAAYG;;IAErB,KAAK;AACH,aAAOH,YAAYI;IACrB;AACE,YAAMC,MAAM,4BAAA;EAChB;AACF;AAdgBP;AAgBT,SAASQ,eAAeC,UAAgB;AAE7C,MAAIA,SAASC,WAAW,MAAA,GAAS;AAC/B,WAAO,GAAGC,uBAAuBC,wBAAwB,IAAIH,QAAAA;EAC/D;AAEA,SAAOA;AACT;AAPgBD;;;AC1ShB,SAASK,MAAMC,cAAc;AAE7B,SACEC,+BACAC,gCAAAA,+BACAC,oCACK;AAEA,IAAMC,aAAN,MAAMA;EATb,OASaA;;;EACHC;EACSC;EACAC;EAEjB,YAAmB,EAAEC,QAAQC,QAAO,GAA4D;AAC9F,SAAKF,aAAaC;AAClB,SAAKF,uBAAuBG;EAC9B;EAEA,MAAaC,IAAIC,SAAwC;AACvD,QAAI,CAAC,KAAKN,KAAK;AACb,YAAMO,UAAU,MAAMC,gBAAgB;QACpCL,QAAQ,KAAKD;QACbI;MACF,CAAA;AACA,WAAKN,MAAMO,QAAQE,MAAK;IAC1B;AACA,WAAO,KAAKT;EACd;EAEA,IAAIU,YAAY;AACd,WAAO,KAAKR;EACd;EAEA,IAAIS,sBAAsB;AACxB,WAAO,KAAKV;EACd;EAEA,MAAaW,8BAA8BC,YAAoCP,SAAyC;AACtH,UAAM,EAAEQ,eAAeC,SAASC,QAAQC,uBAAuBC,aAAaC,iBAAiBC,SAAQ,IAAKP;AAC1G,UAAMQ,QAAQR,WAAWQ,SAASC,OAAAA;AAClC,UAAMC,QAAQV,WAAWU,SAAST;AAClC,QAAIU;AACJ,UAAMC,SAAS,KAAKf,UAAUgB,eAAeD;AAC7C,UAAME,aAAa,MAAMC,8BAA8BH,QAAQnB,OAAAA;AAC/D,QAAIuB,8BAA6BF,UAAAA,GAAa;AAC5CH,kBAAY;QAAEM,QAAQH,WAAWI;QAAKC,QAAQ;QAAOC,KAAKC,eAAeP,WAAWQ,IAAIC,IAAI;MAAE;IAChG,WAAWC,6BAA6BV,UAAAA,GAAa;AACnD,UAAI,CAACA,WAAWW,QAAQ;AACtB,eAAOC,QAAQC,OAAO,0BAAA;MACxB;AACAhB,kBAAY;QACVc,QAAQX,WAAWW;QACnBG,KAAKd,WAAWc;QAChBT,QAAQ;QACRC,KAAKC,eAAeP,WAAWQ,IAAIC,IAAI;MACzC;IACF,OAAO;AACL,aAAOG,QAAQC,OAAOE,MAAM,qBAAqBf,WAAWK,MAAM,oBAAoB,CAAA;IACxF;AAEA,WAAO,MAAM,KAAK3B,IAAIC,OAAAA,EAASqC,KAAK,CAACC,OACnCA,GAAGhC,8BAA8B;MAC/BiC,SAASC,kBAAkB,KAAKpC,SAAS;MACzCI;MACAC;MACAM;MACAE;MACAP;MACAC;MACAC;MACAC;MACAK;MACAJ;IACF,CAAA,CAAA;EAEJ;EAEA,MAAa2B,2BACXlC,YACAP,SAC+B;AAC/B,UAAM,EAAEQ,eAAeE,QAAQC,uBAAuBC,aAAaC,gBAAe,IAAKN;AACvF,UAAMQ,QAAQR,WAAWQ,SAASC,OAAAA;AAClC,UAAMC,QAAQV,WAAWU,SAAST;AAClC,UAAMW,SAAS,KAAKf,UAAUgB,eAAeD;AAC7C,UAAME,aAAa,MAAMC,8BAA8BH,QAAQnB,OAAAA;AAE/D,QAAIkB;AACJ,QAAIa,6BAA6BV,UAAAA,KAAeA,WAAWW,QAAQ;AACjEd,kBAAY;QACVQ,QAAQL,WAAWK;QACnBC,KAAKC,eAAeP,WAAWQ,IAAIC,IAAI;QACvCK,KAAKd,WAAWc;QAChBH,QAAQX,WAAWW;MACrB;IACF,WAAWT,8BAA6BF,UAAAA,GAAa;AACnDH,kBAAY;QACVQ,QAAQL,WAAWK;QACnBC,KAAKC,eAAeP,WAAWQ,IAAIC,IAAI;QACvCN,QAAQH,WAAWqB;MACrB;IACF,OAAO;AACL,aAAOT,QAAQC,OAAOE,MAAM,qCAAA,CAAA;IAC9B;AAEA,WAAO,MAAM,KAAKrC,IAAIC,OAAAA,EAASqC,KAAK,CAACC,OACnCA,GAAGG,2BAA2B;MAC5BF,SAASC,kBAAkB,KAAKpC,SAAS;MACzCI;MACAO;MACAE;MACAP;MACAC;MACAE;MACAD;MACAM;IACF,CAAA,CAAA;EAEJ;AACF;;;AFxEO,IAAMyB,WAAN,MAAMA,UAAAA;EAlDb,OAkDaA;;;EACMC;EACjB,OAAwBC,oBAAoB;EAC3BC,YAAqC,oBAAIC,IAAAA;EACjDC,SAASA,sBAAOC;EAEhBC,UAAqB;IAC5BC,0BAA0B,KAAKC,8BAA8BC,KAAK,IAAI;IACtEC,+BAA+B,KAAKC,mCAAmCF,KAAK,IAAI;IAChFG,yBAAyB,KAAKC,oBAAoBJ,KAAK,IAAI;IAC3DK,0BAA0B,KAAKC,qBAAqBN,KAAK,IAAI;IAC7DO,4BAA4B,KAAKC,uBAAuBR,KAAK,IAAI;IACjES,qBAAqB,KAAKC,gBAAgBV,KAAK,IAAI;IACnDW,wBAAwB,KAAKA,uBAAuBX,KAAK,IAAI;IAC7DY,uBAAuB,KAAKA,sBAAsBZ,KAAK,IAAI;IAC3Da,oBAAoB,KAAKA,mBAAmBb,KAAK,IAAI;EACvD;EAEA,YAAYT,MAAqB;AAC/B,SAAKA,OAAOA;EACd;EAEOuB,eAAeC,eAA+BC,SAA2B;AAE9E,SAAKzB,KAAK0B,cAAcF;AAExB,QACE,CAAC,KAAKxB,KAAK0B,YAAYC,eAAeC,aAAaC,YACnD,OAAO,KAAK7B,KAAK0B,YAAYC,eAAeC,YAAYC,SAASC,YAAY,YAC7E;AACA,WAAK9B,KAAK0B,YAAYC,eAAeC,cAAc;QACjD,GAAG,KAAK5B,KAAK0B,YAAYC,eAAeC;QACxCC,UAAUE,kBAAiBN,SAAS;UAAEO,uBAAuB;UAAMC,oBAAoB;UAAMC,iBAAiB;QAAK,CAAA;MACrH;IACF;EACF;EAEA,MAAc1B,8BAA8B2B,YAAoCV,SAA4C;AAC1H,WAAO,MAAM,KAAKW,cAChB;MACEC,sBAAsB;MACtBC,qBAAqBH,WAAWG;MAChC,GAAIH,WAAWI,uBAAuB,QAAQ;QAAEC,SAASL,WAAWK;MAAQ;IAC9E,GACAf,OAAAA,EAECgB,KAAK,CAACC,OAAOA,GAAGlC,8BAA8B2B,YAAYV,OAAAA,CAAAA,EAC1DgB,KAAK,CAACE,QAAQA,IAAIC,UAAU;EACjC;EAEA,MAAcjC,mCACZwB,YACAV,SACwC;AACxC,WAAO,MAAM,KAAKW,cAAc;MAAEC,sBAAsB;MAAMG,SAASL,WAAWK;IAAQ,GAAGf,OAAAA,EAC1FgB,KAAK,CAACC,OAAOA,GAAGG,2BAA2BV,YAAYV,OAAAA,CAAAA,EACvDgB,KAAK,OAAOK,YAAAA;AACX,YAAMC,cAA6C;QACjDC,sBAAsBF,QAAQG;QAC9BC,eAAe,MAAMJ,QAAQK,iBAAgB;QAC7CC,sBAAsBN,QAAQI,eAAeG,WAAAA;MAC/C;AACA,aAAON;IACT,CAAA;EACJ;EAEA,MAAclC,oBAAoByC,MAAgC7B,SAA2E;AAC3I,WAAO,MAAM,KAAKW,cAAc;MAAEC,sBAAsB;MAAOG,SAASc,KAAKd;IAAQ,GAAGf,OAAAA,EAASgB,KAAK,CAACC,OACrGA,GAAGa,IAAI9B,OAAAA,EAASgB,KAAK,CAACC,QACpBA,IAAGc,eAAeC,+BAA+BH,KAAKI,eAAeJ,KAAKK,eAAe,CAAA,CAAA;EAG/F;EAEA,MAAc5C,qBACZuC,MACA7B,SACiE;AACjE,UAAMmC,aAAyB,MAAM,KAAKxB,cAAc;MAAEC,sBAAsB;MAAOG,SAASc,KAAKd;IAAQ,GAAGf,OAAAA;AAChH,UAAMoC,6BAAqE,MAAMD,WAC9EL,IAAI9B,OAAAA,EACJgB,KAAK,CAACC,OAAOA,GAAGc,eAAeM,gCAAgCR,KAAKI,eAAeJ,KAAKK,eAAe,CAAA;AAC1G,QAAIE,+BAA+BE,QAAW;AAC5C,aAAOA;IACT;AAEA,UAAMC,gBAAgBH;AACtB,QAAIG,cAAcC,WAAWC,iCAAiCC,UAAU;AACtE,UAAIC;AACJ,UACEC,kBAAiBC,eAAeN,cAAcO,SAAStB,QAAQuB,QAAQ,MACtE,CAACZ,WAAWa,UAAUC,gBAAgBN,UAAU,OAAOR,WAAWa,UAAUC,gBAAgBN,WAAW,aACxG;AACAA,iBAASO;MACX;AAGA,YAAMC,UAAUZ,cAAcO,SAAStB,QAAQuB,YAAYK,KAAKC,MAAMd,cAAcO,SAAStB,QAAQuB,QAAQ;AAC7G,YAAMO,SAAS,CAAA;AACf,iBAAW,CAACC,KAAKC,KAAAA,KAAUC,OAAOC,QAAQP,OAAAA,GAAU;AAElD,cAAMQ,sBAAsBf,kBAAiBgB;UAC3CJ;;UAEAb;QAAAA;AAEFkB,gBAAQC,IAAI,wBAAwBV,KAAKW,UAAUJ,mBAAAA,CAAAA,EAAsB;AAEzE,cAAMK,YAA8B,CAAC;AACrC,cAAMC,uBAAuB,KAAKC,yBAAyBP,mBAAAA;AAC3D,YAAI,0BAA0BM,sBAAsB;AAClD,qBAAWE,cAAcF,qBAAqBG,sBAAsB;AAClE,kBAAMC,KAAKF;AACX,kBAAMG,yBAAyB,MAAMtE,QAAQuE,MAAMC,eAAe;cAChEL;cACAxB;cACA8B,kBAAkBtC,WAAWa,UAAU0B,sBAAsBC;YAC/D,CAAA;AACA,gBAAI,CAACL,uBAAuBM,QAAQ;AAClCrC,4BAAcC,SAASC,iCAAiCoC;AACxDtC,4BAAcuC,QAAQ,IAAIC,MAAMT,uBAAuBQ,KAAK;AAC5D,qBAAOvC;YACT;AAEA,kBAAMyC,oBAAoBX,GAAGW;AAC7B,gBAAI,EAAE,QAAQhB,YAAY;AACxBA,wBAAU,IAAA,IAAQgB,kBAAkBC;YACtC;AAEAxB,mBAAOC,QAAQsB,iBAAAA,EAAmBE,QAAQ,CAAC,CAAC3B,MAAKC,MAAAA,MAAM;AACrD,kBAAI,EAAED,QAAOS,YAAY;AACvBA,0BAAUT,IAAAA,IAAOC;cACnB;YACF,CAAA;AAEAF,mBAAO6B,KAAK;cACVF,IAAI1B;cACJ6B,MAAMf,GAAGe,KAAK,CAAA;cACd9B,QAAQU;YACV,CAAA;UACF;QACF,OAAO;AACLV,iBAAO6B,KAAK;YACVF,IAAI1B;YACJ6B,MAAOzB,oBAAyD0B,eAAeC;YAC/EhC,QAAQW;UACV,CAAA;QACF;MACF;AAEA1B,oBAAcgD,eAAe;QAC3B,GAAIhD,cAAcO,SAAStB,QAAQuB,YAAY;UAC7CyC,wBAAwB;YACtBzC,UAAU,OAAOR,cAAcO,SAAStB,QAAQuB,aAAa,WACvDK,KAAKC,MAAMd,cAAcO,SAAStB,QAAQuB,QAAQ,IAClDR,cAAcO,SAAStB,QAAQuB;UACvC;QACF;QACA,GAAIO,OAAOmC,SAAS,KAAK;UAAEC,mBAAmBpC;QAAO;MACvD;IACF;AAEA,WAAOf;EACT;EAEQ2B,2BAA2B,wBACjCP,wBAAAA;AAOA,WAAOf,kBAAiB+C,yBAAyBhC,mBAAAA,IAC7CA,oBAAoB0B,iBACpBzC,kBAAiBgD,sBAAsBjC,mBAAAA;EAC7C,GAXmC;EAanC,MAAcnE,uBAAuBqC,MAA+B7B,SAA+D;AACjI,QAAI6B,KAAKgE,UAAU,iCAAiC;AAClD,YAAMd,MAAM,wFAAwF;IACtG;AACA,WAAO,MAAM,KAAKpE,cAAc;MAAEC,sBAAsB;MAAOG,SAASc,KAAKd;IAAQ,GAAGf,OAAAA,EAErFgB,KAAK,CAACC,OACLA,GAAGa,IAAI9B,OAAAA,EAASgB,KAAK,OAAOC,QAAAA;AAC1B,YAAMA,IAAG6E,2BAA2B;QAClC7D,eAAeJ,KAAKI;QACpB6C,OAAOjD,KAAKiD,QAAQ,IAAIC,MAAMlD,KAAKiD,KAAK,IAAIxC;MAC9C,CAAA;AACA,aAAQ,MAAMrB,IAAGc,eAAeC,+BAA+BH,KAAKI,eAAe,IAAA;IACrF,CAAA,CAAA;EAEN;EAEA,MAAcvC,gBAAgBmC,MAAiC7B,SAA6C;AAC1G,WAAO,MAAM,KAAKW,cAAc;MAAEC,sBAAsB;MAAOG,SAASc,KAAKd;IAAQ,GAAGf,OAAAA,EACrFgB,KAAK,CAACC,OAAOA,GAAGa,IAAI9B,OAAAA,EAASgB,KAAK,CAACC,QAAOA,IAAGc,eAAegE,4BAA4BlE,KAAKI,aAAa,CAAA,CAAA,EAC1GjB,KAAK,MAAM,IAAA;EAChB;EAEA,MAAcrB,uBAAuBkC,MAAoC7B,SAAmE;AAC1I,QAAI,CAAC6B,KAAKmE,uBAAuB;AAC/B,YAAMjB,MAAM,2CAAA;IACd;AACA,UAAMkB,eACJ,OAAOpE,KAAKmE,0BAA0B,WACjCE,gBAAgBrE,KAAKmE,qBAAqB,IAC3CnE,KAAKmE;AACX,WAAO,MAAM,KAAKrF,cAAc;MAAEC,sBAAsB;MAAOG,SAASc,KAAKd;IAAQ,GAAGf,OAAAA,EAASgB,KAAK,CAACC,OACrGA,GAAGa,IAAI9B,OAAAA,EAASgB,KAAK,CAACC,QACpBA,IAAGkF,4BAA4BF,cAAc;MAC3ChE,eAAeJ,KAAKI;MAClB,GAAIJ,KAAKuE,aAAa;QAAEA,WAAWvE,KAAKuE;MAAU;MAClDC,UAAUxE,KAAKwE;IACnB,CAAA,CAAA,CAAA;EAGN;EAEA,MAAczG,sBAAsBiC,MAA6B7B,SAA0C;AACzG,UAAM,EAAEsG,aAAaC,UAAUC,SAASC,mBAAkB,IAAK5E;AAC/D,UAAM6E,QAAQC,IACZL,YAAYM,IAAI,OAAOC,eAAAA;AACrBC,gBAAUC,SAASF,WAAWG,KAAK;AACnCnD,cAAQC,IAAI,8BAA8B+C,WAAW9F,OAAO,4BAA4B0F,kBAAAA,EAAoB;AAE5G,aAAOzG,QAAQuE,MAAM0C,qBAAqB;QACxCC,gBAAgB;UACdnG,SAAS8F,WAAW9F;UACpBwF;UACAC;UACAQ,OAAOH,WAAWG;QACpB;QACAzI,MAAM;UAAEkI;QAAuC;MACjD,CAAA;IACF,CAAA,CAAA;EAEJ;EAEA,MAAc5G,mBAAmBgC,MAA2B7B,SAAwD;AAClH,UAAMmH,aAAatF,KAAKd,WAAWzC,UAASE;AAC5C,QAAI,KAAKC,UAAU2I,IAAID,UAAAA,GAAa;AAClC,YAAMhF,aAAa,KAAK1D,UAAUqD,IAAIqF,UAAAA;AACtC,UAAIhF,eAAeG,QAAW;AAC5B,cAAMrB,KAAK,MAAMkB,WAAWL,IAAI9B,OAAAA;AAChC,eAAOiB,GAAGoG,uBAAuB;UAC/BC,gBAAgBzF,KAAKI;UACrBA,eAAeJ,KAAKI;UACpB,GAAIJ,KAAKgE,SAAS;YAAEA,OAAOhE,KAAKgE;UAAM;QACxC,CAAA;MACF;IACF;AACA,WAAOvD;EACT;EAEA,MAAM3B,cAAc,EAAEC,sBAAsBG,SAASF,oBAAmB,GAAyBb,SAAgD;AAC/I,QAAIuH,eAAuBjJ,UAASE;AACpC,QAAI2D;AACJ,QAAIpB,SAAS;AACX,UAAI,KAAKtC,UAAU2I,IAAIrG,OAAAA,GAAU;AAC/BwG,uBAAexG;AACfoB,qBAAa,KAAK1D,UAAUqD,IAAIyF,YAAAA;MAClC,WAAWC,YAAYzG,OAAAA,GAAU;AAC/B,YAAI;AAEF,gBAAM0G,KAAK,MAAMzH,QAAQuE,MAAMmD,iBAAiB;YAAEC,QAAQ5G;UAAQ,CAAA;AAClE,cAAI,KAAKtC,UAAU2I,IAAIK,GAAG1G,OAAO,GAAG;AAClCwG,2BAAeE,GAAG1G;AAClBoB,yBAAa,KAAK1D,UAAUqD,IAAIyF,YAAAA;UAClC;QACF,SAASK,QAAQ;QAAC;MACpB;AACA,UAAIhH,sBAAsB;AACxB2G,uBAAexG;MACjB,OAAO;AACLoB,qBAAa,KAAK1D,UAAUqD,IAAIyF,YAAAA;MAClC;IACF,OAAO;AACLpF,mBAAa,KAAK1D,UAAUqD,IAAIyF,YAAAA;IAClC;AAEA,QAAI,CAACpF,YAAY;AACf,UAAI,CAACvB,sBAAsB;AACzB,eAAO8F,QAAQmB,OAAO,gCAAgCN,YAAAA,EAAc;MACtE;AACA,YAAMO,eAAe,KAAKC,gBAAgBhH,OAAAA;AAC1C,YAAMiH,SAAS,MAAM,KAAKC,aAAajI,SAAS;QAAEe;QAASF;MAAyC,CAAA;AACpG,UAAI,CAACmH,OAAO9H,eAAeC,aAAaC,YAAY,OAAO4H,OAAO9H,eAAeC,YAAYC,SAASC,YAAY,YAAY;AAC5H,YAAI,CAAC2H,OAAO9H,gBAAgBC,aAAa;AACvC6H,iBAAO9H,iBAAiB;YAAE,GAAG8H,OAAO9H;UAAe;AACnD8H,iBAAO9H,eAAeC,cAAc;YAAE,GAAG6H,OAAO9H,eAAeC;UAAY;QAC7E;AACA0D,gBAAQC,IAAI,iEAAiE/C,OAAAA;AAC7EiH,eAAO9H,eAAeC,YAAYC,WAAWE,kBAAiBN,SAAS;UACrEO,uBAAuB;UACvBE,iBAAiB;UACjBD,oBAAoB;QACtB,CAAA;MACF;AACA2B,mBAAa,IAAI+F,WAAW;QAAEF;QAAQG,SAASL;MAAa,CAAA;AAC5D,WAAKrJ,UAAU2J,IAAIb,cAAcpF,UAAAA;IACnC;AACA,QAAItB,qBAAqB;AACvBsB,iBAAWa,UAAUqF,sBAAsBxH;IAC7C;AACA,WAAOsB;EACT;EAEA,MAAM8F,aAAajI,SAA2BzB,MAA+E;AAC3H,UAAM,EAAEwC,SAASF,oBAAwC,IAAKtC;AAC9D,UAAM+J,UAAU,KAAKP,gBAAgBhH,OAAAA,GAAUiH,UAAU,KAAKzJ,KAAK0B;AACnE,QAAI,CAACqI,SAAS;AACZ,YAAMvD,MAAM,6DAA6DhE,OAAAA,EAAS;IACpF;AACA,QAAI,KAAKxC,KAAK0B,aAAa;AACzB,UAAI,CAACqI,QAAQpI,gBAAgB;AAC3BoI,gBAAQpI,iBAAiB,KAAK3B,KAAK0B,aAAaC;MAClD,OAAO;AACL,YAAI,CAACoI,QAAQpI,eAAeqI,QAAQ;AAClCD,kBAAQpI,eAAeqI,SAAS,KAAKhK,KAAK0B,YAAYC,eAAeqI;QACvE;AACA,YAAI,CAACD,QAAQpI,eAAesI,qBAAqB;AAC/CF,kBAAQpI,eAAesI,sBAAsB,KAAKjK,KAAK0B,YAAYC,eAAesI;QACpF;AACA,YAAI,CAACF,QAAQG,mBAAmB;AAC9BH,kBAAQG,oBAAoB,KAAKlK,KAAK0B,YAAYwI;QACpD;MACF;AACA,UAAI,CAACH,QAAQpI,eAAeC,eAAe,OAAOmI,QAAQpI,eAAeC,YAAYC,UAAUC,YAAY,YAAY;AACrHiI,gBAAQpI,eAAeC,cAAc;UACnC,GAAG,KAAK5B,KAAK0B,YAAYC,eAAeC;UACxCC,UACE,KAAK7B,KAAK0B,YAAYC,gBAAgBC,aAAaC,YACnDE,kBAAiBN,SAAS;YAAES,iBAAiB;YAAMD,oBAAoB;YAAMD,uBAAuB;UAAK,CAAA;QAC7G;MACF;IACF;AACA,QAAIM,wBAAwByB,UAAazB,wBAAwByH,QAAQD,qBAAqB;AAC5FC,cAAQD,sBAAsBxH;IAChC;AACA,WAAOyH;EACT;EAEAP,gBAAgBhH,SAAmD;AACjE,QAAI,CAAC,KAAKxC,KAAKuJ,aAAc,QAAOxF;AAEpC,UAAMoG,cAAc3H,UAAU,KAAKxC,KAAKuJ,aAAaa,KAAK,CAACC,MAAMA,EAAE7H,YAAYA,OAAAA,IAAWuB;AAE1F,WAAOoG,eAAe,KAAKG,kBAAkB9H,OAAAA;EAC/C;EAEQ8H,kBAAkB9H,SAA6B;AACrD,QAAI,CAAC,KAAKxC,KAAKuJ,aAAc,QAAOxF;AAEpC,UAAMwG,iBAAiB,KAAKvK,KAAKuJ,aAAaa,KAAK,CAACC,MAAMA,EAAE7H,YAAY,SAAA;AACxE,QAAI+H,gBAAgB;AAClB,YAAMC,gBAAgB;QAAE,GAAGD;MAAe;AAC1C,UAAI/H,YAAYuB,QAAW;AACzByG,sBAAchI,UAAUA;MAC1B;AACA,aAAOgI;IACT;AAEA,WAAOzG;EACT;AACF;","names":["AuthorizationResponseStateStatus","decodeUriAsJson","getAgentResolver","shaHasher","defaultHasher","validate","isValidUUID","CredentialMapper","DcqlQuery","ClientIdentifierPrefix","InMemoryRPSessionManager","PassBy","PropertyTarget","ResponseMode","ResponseType","RevocationVerification","RP","Scope","SubjectType","SupportedVersion","SigningAlgo","getAgentDIDMethods","getAgentResolver","isExternalIdentifierOIDFEntityIdOpts","isManagedIdentifierDidOpts","isManagedIdentifierDidResult","isManagedIdentifierX5cOpts","CredentialMapper","EventEmitter","defaultHasher","getRequestVersion","rpOptions","Array","isArray","supportedVersions","length","SupportedVersion","OID4VP_v1","getWellKnownDIDVerifyCallback","siopIdentifierOpts","context","wellknownDIDVerifyCallback","args","result","agent","cvVerifyCredential","credential","fetchRemoteContexts","verified","getDcqlQueryLookupCallback","dcqlQueryLookup","queryId","version","tenantId","pdmGetDefinitions","filter","id","query","Promise","reject","Error","getPresentationVerificationCallback","idOpts","presentationVerificationCallback","presentationSubmission","CredentialMapper","isSdJwtEncoded","verifySdJwtPresentation","presentation","payload","isMsoMdocOid4VPEncoded","mdocOid4vpRPVerify","undefined","verifyResult","vp_token","presentation_submission","error","verifyPresentation","domain","identifierManagedGet","kid","split","createRPBuilder","rpOpts","identifierOpts","didMethods","supportedDIDMethods","getAgentDIDMethods","eventEmitter","EventEmitter","defaultClientMetadata","idTokenSigningAlgValuesSupported","SigningAlgo","EDDSA","ES256","ES256K","requestObjectSigningAlgValuesSupported","responseTypesSupported","ResponseType","ID_TOKEN","client_name","vpFormatsSupported","jwt_vc","alg","jwt_vp","scopesSupported","Scope","OPENID_DIDAUTHN","subjectTypesSupported","SubjectType","PAIRWISE","subject_syntax_types_supported","map","method","passBy","PassBy","VALUE","resolver","resolveOpts","getAgentResolver","resolverResolution","localResolution","uniresolverResolution","noUniversalResolverFallback","hasher","credentialOpts","defaultHasher","builder","RP","requestVersion","withScope","PropertyTarget","REQUEST_OBJECT","withResponseMode","responseMode","ResponseMode","POST","withResponseType","VP_TOKEN","withSupportedVersions","SIOPv2_OID4VP_D28","withEventEmitter","withSessionManager","sessionManager","InMemoryRPSessionManager","withClientMetadata","clientMetadataOpts","withVerifyJwtCallback","verifyJwtCallback","getVerifyJwtCallback","verifyOpts","checkLinkedDomain","withDcqlQueryLookup","withRevocationVerification","RevocationVerification","NEVER","withPresentationVerification","oidfOpts","isExternalIdentifierOIDFEntityIdOpts","withEntityId","identifier","resolution","clientId","client_id","issuer","isManagedIdentifierDidResult","did","jwkThumbprint","clientIdPrefixed","prefixClientId","withClientId","withHasher","responseRedirectUri","withResponseRedirectUri","createJwtCallback","signCallback","withCreateJwtCallback","jwtIssuer","jwt","isManagedIdentifierDidOpts","isManagedIdentifierX5cOpts","jwtCreateJwsCompactSignature","kmsKeyRef","noIdentifierInHeader","protectedHeader","header","_opts","_jwtVerifier","jwtVerifyJwsSignature","jws","raw","console","log","message","getSigningAlgo","type","SigningAlgo","EDDSA","ES256K","ES256","RS256","Error","prefixClientId","clientId","startsWith","ClientIdentifierPrefix","DECENTRALIZED_IDENTIFIER","v4","uuidv4","ensureManagedIdentifierResult","isManagedIdentifierDidResult","isManagedIdentifierX5cResult","RPInstance","_rp","_presentationOptions","_rpOptions","rpOpts","pexOpts","get","context","builder","createRPBuilder","build","rpOptions","presentationOptions","createAuthorizationRequestURI","createArgs","correlationId","queryId","claims","requestByReferenceURI","responseURI","responseURIType","callback","nonce","uuidv4","state","jwtIssuer","idOpts","identifierOpts","resolution","ensureManagedIdentifierResult","isManagedIdentifierDidResult","didUrl","kid","method","alg","getSigningAlgo","key","type","isManagedIdentifierX5cResult","issuer","Promise","reject","x5c","Error","then","rp","version","getRequestVersion","createAuthorizationRequest","did","SIOPv2RP","opts","_DEFAULT_OPTS_KEY","instances","Map","schema","IDidAuthSiopOpAuthenticator","methods","siopCreateAuthRequestURI","createAuthorizationRequestURI","bind","siopCreateAuthRequestPayloads","createAuthorizationRequestPayloads","siopGetAuthRequestState","siopGetRequestState","siopGetAuthResponseState","siopGetResponseState","siopUpdateAuthRequestState","siopUpdateRequestState","siopDeleteAuthState","siopDeleteState","siopVerifyAuthResponse","siopImportDefinitions","siopGetRedirectURI","setDefaultOpts","rpDefaultOpts","context","defaultOpts","identifierOpts","resolveOpts","resolver","resolve","getAgentResolver","uniresolverResolution","resolverResolution","localResolution","createArgs","getRPInstance","createWhenNotPresent","responseRedirectURI","useQueryIdInstance","queryId","then","rp","URI","encodedUri","createAuthorizationRequest","request","authRequest","authorizationRequest","payload","requestObject","requestObjectJwt","requestObjectDecoded","getPayload","args","get","sessionManager","getRequestStateByCorrelationId","correlationId","errorOnNotFound","rpInstance","authorizationResponseState","getResponseStateByCorrelationId","undefined","responseState","status","AuthorizationResponseStateStatus","VERIFIED","hasher","CredentialMapper","isSdJwtEncoded","response","vp_token","rpOptions","credentialOpts","defaultHasher","vpToken","JSON","parse","claims","key","value","Object","entries","presentationDecoded","decodeVerifiablePresentation","console","log","stringify","allClaims","presentationOrClaims","presentationOrClaimsFrom","credential","verifiableCredential","vc","schemaValidationResult","agent","cvVerifySchema","validationPolicy","verificationPolicies","schemaValidation","result","ERROR","error","Error","credentialSubject","id","forEach","push","type","decodedPayload","vct","verifiedData","authorization_response","length","credential_claims","isSdJwtDecodedCredential","toUniformPresentation","state","signalAuthRequestRetrieved","deleteStateForCorrelationId","authorizationResponse","authResponse","decodeUriAsJson","verifyAuthorizationResponse","dcqlQuery","audience","importItems","tenantId","version","versionControlMode","Promise","all","map","importItem","DcqlQuery","validate","query","pdmPersistDefinition","definitionItem","instanceId","has","getResponseRedirectUri","correlation_id","rpInstanceId","isValidUUID","pd","pdmGetDefinition","itemId","ignore","reject","instanceOpts","getInstanceOpts","rpOpts","getRPOptions","RPInstance","pexOpts","set","responseRedirectUri","options","idOpts","supportedDIDMethods","supportedVersions","instanceOpt","find","i","getDefaultOptions","defaultOptions","clonedOptions"]}
1
+ {"version":3,"sources":["../plugin.schema.json","../src/agent/SIOPv2RP.ts","../src/functions.ts","../src/RPInstance.ts"],"sourcesContent":["{\n \"IDidAuthSiopOpAuthenticator\": {\n \"components\": {\n \"schemas\": {\n \"IGetSiopSessionArgs\": {\n \"type\": \"object\",\n \"properties\": {\n \"sessionId\": {\n \"type\": \"string\"\n },\n \"additionalProperties\": false\n },\n \"required\": [\"sessionId\"],\n \"description\": \"Arguments needed for {@link DidAuthSiopOpAuthenticator.getSessionForSiop } \"\n },\n \"IRegisterSiopSessionArgs\": {\n \"type\": \"object\",\n \"properties\": {\n \"identifier\": {\n \"type\": \"object\",\n \"properties\": {\n \"did\": {\n \"type\": \"string\"\n },\n \"alias\": {\n \"type\": \"string\"\n },\n \"provider\": {\n \"type\": \"string\"\n },\n \"controllerKeyId\": {\n \"type\": \"string\"\n },\n \"keys\": {\n \"type\": \"array\",\n \"items\": {\n \"type\": \"object\",\n \"properties\": {\n \"additionalProperties\": true\n }\n }\n },\n \"services\": {\n \"type\": \"array\",\n \"items\": {\n \"type\": \"object\",\n \"properties\": {\n \"additionalProperties\": true\n }\n }\n }\n },\n \"additionalProperties\": false,\n \"required\": [\"did\", \"provider\", \"keys\", \"services\"]\n },\n \"sessionId\": {\n \"type\": \"string\"\n },\n \"expiresIn\": {\n \"type\": \"number\"\n },\n \"additionalProperties\": false\n },\n \"required\": [\"identifier\"],\n \"description\": \"Arguments needed for {@link DidAuthSiopOpAuthenticator.registerSessionForSiop } \"\n },\n \"IRemoveSiopSessionArgs\": {\n \"type\": \"object\",\n \"properties\": {\n \"sessionId\": {\n \"type\": \"string\"\n },\n \"additionalProperties\": false\n },\n \"required\": [\"sessionId\"],\n \"description\": \"Arguments needed for {@link DidAuthSiopOpAuthenticator.removeSessionForSiop } \"\n },\n \"IAuthenticateWithSiopArgs\": {\n \"type\": \"object\",\n \"properties\": {\n \"sessionId\": {\n \"type\": \"string\"\n },\n \"stateId\": {\n \"type\": \"string\"\n },\n \"redirectUrl\": {\n \"type\": \"string\"\n },\n \"additionalProperties\": false\n },\n \"required\": [\"sessionId\", \"stateId\", \"redirectUrl\"],\n \"description\": \"Arguments needed for {@link DidAuthSiopOpAuthenticator.authenticateWithSiop } \"\n },\n \"IResponse\": {\n \"type\": \"object\",\n \"properties\": {\n \"status\": {\n \"type\": \"number\"\n },\n \"additionalProperties\": true\n },\n \"required\": [\"status\"],\n \"description\": \"Result of {@link DidAuthSiopOpAuthenticator.authenticateWithSiop & DidAuthSiopOpAuthenticator.sendSiopAuthenticationResponse } \"\n },\n \"IGetSiopAuthenticationRequestFromRpArgs\": {\n \"type\": \"object\",\n \"properties\": {\n \"sessionId\": {\n \"type\": \"string\"\n },\n \"stateId\": {\n \"type\": \"string\"\n },\n \"redirectUrl\": {\n \"type\": \"string\"\n },\n \"additionalProperties\": false\n },\n \"required\": [\"sessionId\", \"stateId\", \"redirectUrl\"],\n \"description\": \"Arguments needed for {@link DidAuthSiopOpAuthenticator.getSiopAuthenticationRequestFromRP } \"\n },\n \"ParsedAuthenticationRequestURI\": {\n \"type\": \"object\",\n \"properties\": {\n \"jwt\": {\n \"type\": \"string\"\n },\n \"requestPayload\": {\n \"type\": \"object\",\n \"properties\": {\n \"additionalProperties\": true\n }\n },\n \"registration\": {\n \"type\": \"object\",\n \"properties\": {\n \"additionalProperties\": true\n }\n },\n \"additionalProperties\": false\n },\n \"required\": [\"jwt\", \"requestPayload\", \"registration\"],\n \"description\": \"Result of {@link DidAuthSiopOpAuthenticator.getSiopAuthenticationRequestFromRP } \"\n },\n \"IGetSiopAuthenticationRequestDetailsArgs\": {\n \"type\": \"object\",\n \"properties\": {\n \"sessionId\": {\n \"type\": \"string\"\n },\n \"verifiedAuthenticationRequest\": {\n \"type\": \"object\",\n \"properties\": {\n \"additionalProperties\": true\n }\n },\n \"credentialFilter\": {\n \"type\": \"object\",\n \"properties\": {\n \"additionalProperties\": true\n }\n },\n \"additionalProperties\": false\n },\n \"required\": [\"sessionId\", \"verifiedAuthenticationRequest\"],\n \"description\": \"Arguments needed for {@link DidAuthSiopOpAuthenticator.getSiopAuthenticationRequestDetails } \"\n },\n \"IAuthRequestDetails\": {\n \"type\": \"object\",\n \"properties\": {\n \"id\": {\n \"type\": \"string\"\n },\n \"alsoKnownAs\": {\n \"type\": \"array\",\n \"items\": {\n \"type\": \"string\"\n }\n },\n \"vpResponseOpts\": {\n \"type\": \"object\",\n \"properties\": {\n \"additionalProperties\": true\n }\n },\n \"additionalProperties\": false\n },\n \"required\": [\"id\", \"vpResponseOpts\"],\n \"description\": \"Result of {@link DidAuthSiopOpAuthenticator.getSiopAuthenticationRequestDetails } \"\n },\n \"IVerifySiopAuthenticationRequestUriArgs\": {\n \"type\": \"object\",\n \"properties\": {\n \"sessionId\": {\n \"type\": \"string\"\n },\n \"ParsedAuthenticationRequestURI\": {\n \"type\": \"object\",\n \"properties\": {\n \"additionalProperties\": true\n }\n },\n \"additionalProperties\": false\n },\n \"required\": [\"sessionId\", \"ParsedAuthenticationRequestURI\"],\n \"description\": \"Arguments needed for {@link DidAuthSiopOpAuthenticator.verifySiopAuthenticationRequestURI } \"\n },\n \"VerifiedAuthorizationRequest\": {\n \"type\": \"object\",\n \"properties\": {\n \"payload\": {\n \"type\": \"object\",\n \"properties\": {\n \"additionalProperties\": true\n }\n },\n \"presentationDefinitions\": {\n \"type\": \"object\",\n \"properties\": {\n \"additionalProperties\": true\n }\n },\n \"verifyOpts\": {\n \"type\": \"object\",\n \"properties\": {\n \"additionalProperties\": true\n }\n },\n \"additionalProperties\": false\n },\n \"required\": [\"payload\", \"verifyOpts\"],\n \"description\": \"Result of {@link DidAuthSiopOpAuthenticator.verifySiopAuthenticationRequestURI } \"\n },\n \"ISendSiopAuthenticationResponseArgs\": {\n \"type\": \"object\",\n \"properties\": {\n \"sessionId\": {\n \"type\": \"string\"\n },\n \"verifiedAuthenticationRequest\": {\n \"type\": \"object\",\n \"properties\": {\n \"additionalProperties\": true\n }\n },\n \"verifiablePresentationResponse\": {\n \"type\": \"object\",\n \"properties\": {\n \"additionalProperties\": true\n }\n },\n \"additionalProperties\": false\n },\n \"required\": [\"sessionId\", \"verifiedAuthenticationRequest\"],\n \"description\": \"Arguments needed for {@link DidAuthSiopOpAuthenticator.sendSiopAuthenticationResponse } \"\n }\n },\n \"methods\": {\n \"getSessionForSiop\": {\n \"description\": \"Get SIOP session\",\n \"arguments\": {\n \"$ref\": \"#/components/schemas/IGetSiopSessionArgs\"\n },\n \"returnType\": \"object\"\n },\n \"registerSessionForSiop\": {\n \"description\": \"Register SIOP session\",\n \"arguments\": {\n \"$ref\": \"#/components/schemas/IRegisterSiopSessionArgs\"\n },\n \"returnType\": \"object\"\n },\n \"removeSessionForSiop\": {\n \"description\": \"Remove SIOP session\",\n \"arguments\": {\n \"$ref\": \"#/components/schemas/IRemoveSiopSessionArgs\"\n },\n \"returnType\": \"boolean\"\n },\n \"authenticateWithSiop\": {\n \"description\": \"Authenticate using DID Auth SIOP\",\n \"arguments\": {\n \"$ref\": \"#/components/schemas/IAuthenticateWithSiopArgs\"\n },\n \"returnType\": {\n \"$ref\": \"#/components/schemas/Response\"\n }\n },\n \"getSiopAuthenticationRequestFromRP\": {\n \"description\": \"Get authentication request from RP\",\n \"arguments\": {\n \"$ref\": \"#/components/schemas/IGetSiopAuthenticationRequestFromRpArgs\"\n },\n \"returnType\": {\n \"$ref\": \"#/components/schemas/ParsedAuthenticationRequestURI\"\n }\n },\n \"getSiopAuthenticationRequestDetails\": {\n \"description\": \"Get authentication request details\",\n \"arguments\": {\n \"$ref\": \"#/components/schemas/IGetSiopAuthenticationRequestDetailsArgs\"\n },\n \"returnType\": {\n \"$ref\": \"#/components/schemas/IAuthRequestDetails\"\n }\n },\n \"verifySiopAuthenticationRequestURI\": {\n \"description\": \"Verify authentication request URI\",\n \"arguments\": {\n \"$ref\": \"#/components/schemas/IVerifySiopAuthenticationRequestUriArgs\"\n },\n \"returnType\": {\n \"$ref\": \"#/components/schemas/VerifiedAuthorizationRequest\"\n }\n },\n \"sendSiopAuthenticationResponse\": {\n \"description\": \"Send authentication response\",\n \"arguments\": {\n \"$ref\": \"#/components/schemas/ISendSiopAuthenticationResponseArgs\"\n },\n \"returnType\": {\n \"$ref\": \"#/components/schemas/IRequiredContext\"\n }\n }\n }\n }\n }\n}\n","import {\n AuthorizationRequestState,\n AuthorizationResponsePayload,\n AuthorizationResponseState,\n AuthorizationResponseStateStatus,\n AuthorizationResponseStateWithVerifiedData,\n decodeUriAsJson,\n EncodedDcqlPresentationVpToken,\n VerifiedAuthorizationResponse\n} from '@sphereon/did-auth-siop'\nimport { getAgentResolver } from '@sphereon/ssi-sdk-ext.did-utils'\nimport { shaHasher as defaultHasher } from '@sphereon/ssi-sdk.core'\nimport { validate as isValidUUID } from 'uuid'\nimport type { ImportDcqlQueryItem } from '@sphereon/ssi-sdk.pd-manager'\nimport {\n AdditionalClaims,\n CredentialMapper,\n HasherSync,\n ICredentialSubject,\n IPresentation,\n IVerifiableCredential,\n IVerifiablePresentation,\n JwtDecodedVerifiablePresentation,\n MdocDeviceResponse,\n MdocOid4vpMdocVpToken,\n OriginalVerifiablePresentation,\n SdJwtDecodedVerifiableCredential\n} from '@sphereon/ssi-types'\nimport { IAgentPlugin } from '@veramo/core'\nimport { DcqlQuery } from 'dcql'\nimport {\n IAuthorizationRequestPayloads,\n ICreateAuthRequestArgs,\n IGetAuthRequestStateArgs,\n IGetAuthResponseStateArgs,\n IGetRedirectUriArgs,\n ImportDefinitionsArgs,\n IPEXInstanceOptions,\n IRequiredContext,\n IRPDefaultOpts,\n IRPOptions,\n ISiopRPInstanceArgs,\n ISiopv2RPOpts,\n IUpdateRequestStateArgs,\n IVerifyAuthResponseStateArgs,\n schema\n} from '../index'\nimport { RPInstance } from '../RPInstance'\nimport { ISIOPv2RP } from '../types/ISIOPv2RP'\n\nexport class SIOPv2RP implements IAgentPlugin {\n private readonly opts: ISiopv2RPOpts\n private static readonly _DEFAULT_OPTS_KEY = '_default'\n private readonly instances: Map<string, RPInstance> = new Map()\n readonly schema = schema.IDidAuthSiopOpAuthenticator\n\n readonly methods: ISIOPv2RP = {\n siopCreateAuthRequestURI: this.createAuthorizationRequestURI.bind(this),\n siopCreateAuthRequestPayloads: this.createAuthorizationRequestPayloads.bind(this),\n siopGetAuthRequestState: this.siopGetRequestState.bind(this),\n siopGetAuthResponseState: this.siopGetResponseState.bind(this),\n siopUpdateAuthRequestState: this.siopUpdateRequestState.bind(this),\n siopDeleteAuthState: this.siopDeleteState.bind(this),\n siopVerifyAuthResponse: this.siopVerifyAuthResponse.bind(this),\n siopImportDefinitions: this.siopImportDefinitions.bind(this),\n siopGetRedirectURI: this.siopGetRedirectURI.bind(this),\n }\n\n constructor(opts: ISiopv2RPOpts) {\n this.opts = opts\n }\n\n public setDefaultOpts(rpDefaultOpts: IRPDefaultOpts, context: IRequiredContext) {\n // We allow setting default options later, because in some cases you might want to query the agent for defaults. This cannot happen when the agent is being build (this is when the constructor is being called)\n this.opts.defaultOpts = rpDefaultOpts\n // We however do require the agent to be responsible for resolution, otherwise people might encounter strange errors, that are very hard to track down\n if (\n !this.opts.defaultOpts.identifierOpts.resolveOpts?.resolver ||\n typeof this.opts.defaultOpts.identifierOpts.resolveOpts.resolver.resolve !== 'function'\n ) {\n this.opts.defaultOpts.identifierOpts.resolveOpts = {\n ...this.opts.defaultOpts.identifierOpts.resolveOpts,\n resolver: getAgentResolver(context, { uniresolverResolution: true, resolverResolution: true, localResolution: true }),\n }\n }\n }\n\n private async createAuthorizationRequestURI(createArgs: ICreateAuthRequestArgs, context: IRequiredContext): Promise<string> {\n return await this.getRPInstance(\n {\n createWhenNotPresent: true,\n responseRedirectURI: createArgs.responseRedirectURI,\n ...(createArgs.useQueryIdInstance === true && { queryId: createArgs.queryId } ),\n },\n context,\n )\n .then((rp) => rp.createAuthorizationRequestURI(createArgs, context))\n .then((URI) => URI.encodedUri)\n }\n\n private async createAuthorizationRequestPayloads(\n createArgs: ICreateAuthRequestArgs,\n context: IRequiredContext,\n ): Promise<IAuthorizationRequestPayloads> {\n return await this.getRPInstance({ createWhenNotPresent: true, queryId: createArgs.queryId }, context)\n .then((rp) => rp.createAuthorizationRequest(createArgs, context))\n .then(async (request) => {\n const authRequest: IAuthorizationRequestPayloads = {\n authorizationRequest: request.payload,\n requestObject: await request.requestObjectJwt(),\n requestObjectDecoded: request.requestObject?.getPayload(),\n }\n return authRequest\n })\n }\n\n private async siopGetRequestState(args: IGetAuthRequestStateArgs, context: IRequiredContext): Promise<AuthorizationRequestState | undefined> {\n return await this.getRPInstance({ createWhenNotPresent: false, queryId: args.queryId }, context).then((rp) =>\n rp.get(context).then((rp) =>\n rp.sessionManager.getRequestStateByCorrelationId(args.correlationId, args.errorOnNotFound)\n ),\n )\n }\n\n private async siopGetResponseState(\n args: IGetAuthResponseStateArgs,\n context: IRequiredContext,\n ): Promise<AuthorizationResponseStateWithVerifiedData | undefined> {\n const rpInstance: RPInstance = await this.getRPInstance({ createWhenNotPresent: false, queryId: args.queryId }, context)\n const authorizationResponseState: AuthorizationResponseState | undefined = await rpInstance\n .get(context)\n .then((rp) => rp.sessionManager.getResponseStateByCorrelationId(args.correlationId, args.errorOnNotFound))\n if (authorizationResponseState === undefined) {\n return undefined\n }\n\n const responseState = authorizationResponseState as AuthorizationResponseStateWithVerifiedData\n if (responseState.status === AuthorizationResponseStateStatus.VERIFIED) {\n let hasher: HasherSync | undefined\n if (\n CredentialMapper.isSdJwtEncoded(responseState.response.payload.vp_token as OriginalVerifiablePresentation) &&\n (!rpInstance.rpOptions.credentialOpts?.hasher || typeof rpInstance.rpOptions.credentialOpts?.hasher !== 'function')\n ) {\n hasher = defaultHasher\n }\n\n // FIXME SSISDK-64 currently assuming that all vp tokens are or type EncodedDcqlPresentationVpToken as we only work with DCQL now. But the types still indicate it can be another type of vp token\n const vpToken = responseState.response.payload.vp_token && JSON.parse(responseState.response.payload.vp_token as EncodedDcqlPresentationVpToken)\n const claims = []\n for (const [key, value] of Object.entries(vpToken)) {\n // todo this should also include mdl-mdoc\n const presentationDecoded = CredentialMapper.decodeVerifiablePresentation(\n value as OriginalVerifiablePresentation,\n //todo: later we want to conditionally pass in options for mdl-mdoc here\n hasher,\n )\n console.log(`presentationDecoded: ${JSON.stringify(presentationDecoded)}`)\n\n const allClaims: AdditionalClaims = {}\n const presentationOrClaims = this.presentationOrClaimsFrom(presentationDecoded)\n if ('verifiableCredential' in presentationOrClaims) {\n for (const credential of presentationOrClaims.verifiableCredential) {\n const vc = credential as IVerifiableCredential\n const schemaValidationResult = await context.agent.cvVerifySchema({\n credential,\n hasher,\n validationPolicy: rpInstance.rpOptions.verificationPolicies?.schemaValidation,\n })\n if (!schemaValidationResult.result) {\n responseState.status = AuthorizationResponseStateStatus.ERROR\n responseState.error = new Error(schemaValidationResult.error)\n return responseState\n }\n\n const credentialSubject = vc.credentialSubject as ICredentialSubject & AdditionalClaims\n if (!('id' in allClaims)) {\n allClaims['id'] = credentialSubject.id\n }\n\n Object.entries(credentialSubject).forEach(([key, value]) => {\n if (!(key in allClaims)) {\n allClaims[key] = value\n }\n })\n\n claims.push({\n id: key,\n type: vc.type[0],\n claims: allClaims\n })\n }\n } else {\n claims.push({\n id: key,\n type: (presentationDecoded as SdJwtDecodedVerifiableCredential).decodedPayload.vct,\n claims: presentationOrClaims\n })\n }\n }\n\n responseState.verifiedData = {\n ...(responseState.response.payload.vp_token && {\n authorization_response: {\n vp_token: typeof responseState.response.payload.vp_token === 'string'\n ? JSON.parse(responseState.response.payload.vp_token)\n : responseState.response.payload.vp_token\n }\n }),\n ...(claims.length > 0 && { credential_claims: claims })\n }\n }\n\n return responseState\n }\n\n private presentationOrClaimsFrom = (\n presentationDecoded:\n | JwtDecodedVerifiablePresentation\n | IVerifiablePresentation\n | SdJwtDecodedVerifiableCredential\n | MdocOid4vpMdocVpToken\n | MdocDeviceResponse\n ): AdditionalClaims | IPresentation => {\n return CredentialMapper.isSdJwtDecodedCredential(presentationDecoded)\n ? presentationDecoded.decodedPayload\n : CredentialMapper.toUniformPresentation(presentationDecoded as OriginalVerifiablePresentation)\n }\n\n private async siopUpdateRequestState(args: IUpdateRequestStateArgs, context: IRequiredContext): Promise<AuthorizationRequestState> {\n if (args.state !== 'authorization_request_created') {\n throw Error(`Only 'authorization_request_created' status is supported for this method at this point`)\n }\n return await this.getRPInstance({ createWhenNotPresent: false, queryId: args.queryId }, context)\n // todo: In the SIOP library we need to update the signal method to be more like this method\n .then((rp) =>\n rp.get(context).then(async (rp) => {\n await rp.signalAuthRequestRetrieved({\n correlationId: args.correlationId,\n error: args.error ? new Error(args.error) : undefined,\n })\n return (await rp.sessionManager.getRequestStateByCorrelationId(args.correlationId, true)) as AuthorizationRequestState\n }),\n )\n }\n\n private async siopDeleteState(args: IGetAuthResponseStateArgs, context: IRequiredContext): Promise<boolean> {\n return await this.getRPInstance({ createWhenNotPresent: false, queryId: args.queryId }, context)\n .then((rp) => rp.get(context).then((rp) => rp.sessionManager.deleteStateForCorrelationId(args.correlationId)))\n .then(() => true)\n }\n\n private async siopVerifyAuthResponse(args: IVerifyAuthResponseStateArgs, context: IRequiredContext): Promise<VerifiedAuthorizationResponse> {\n if (!args.authorizationResponse) {\n throw Error('No SIOPv2 Authorization Response received')\n }\n const authResponse =\n typeof args.authorizationResponse === 'string'\n ? (decodeUriAsJson(args.authorizationResponse) as AuthorizationResponsePayload)\n : args.authorizationResponse\n return await this.getRPInstance({ createWhenNotPresent: false, queryId: args.queryId }, context).then((rp) =>\n rp.get(context).then((rp) =>\n rp.verifyAuthorizationResponse(authResponse, {\n correlationId: args.correlationId,\n ...(args.dcqlQuery && { dcqlQuery: args.dcqlQuery }),\n audience: args.audience,\n }),\n ),\n )\n }\n\n private async siopImportDefinitions(args: ImportDefinitionsArgs, context: IRequiredContext): Promise<void> {\n const { importItems, tenantId, version, versionControlMode } = args\n await Promise.all(\n importItems.map(async (importItem: ImportDcqlQueryItem) => {\n DcqlQuery.validate(importItem.query)\n console.log(`persisting DCQL definition ${importItem.queryId} with versionControlMode ${versionControlMode}`)\n\n return context.agent.pdmPersistDefinition({\n definitionItem: {\n queryId: importItem.queryId!,\n tenantId: tenantId,\n version: version,\n query: importItem.query,\n },\n opts: { versionControlMode: versionControlMode },\n })\n }),\n )\n }\n\n private async siopGetRedirectURI(args: IGetRedirectUriArgs, context: IRequiredContext): Promise<string | undefined> {\n const instanceId = args.queryId ?? SIOPv2RP._DEFAULT_OPTS_KEY\n if (this.instances.has(instanceId)) {\n const rpInstance = this.instances.get(instanceId)\n if (rpInstance !== undefined) {\n const rp = await rpInstance.get(context)\n return rp.getResponseRedirectUri({\n correlation_id: args.correlationId,\n correlationId: args.correlationId,\n ...(args.state && { state: args.state }),\n })\n }\n }\n return undefined\n }\n\n async getRPInstance({ createWhenNotPresent, queryId, responseRedirectURI }: ISiopRPInstanceArgs, context: IRequiredContext): Promise<RPInstance> {\n let rpInstanceId: string = SIOPv2RP._DEFAULT_OPTS_KEY\n let rpInstance: RPInstance | undefined\n if (queryId) {\n if (this.instances.has(queryId)) {\n rpInstanceId = queryId\n rpInstance = this.instances.get(rpInstanceId)!\n } else if (isValidUUID(queryId)) {\n try {\n // Check whether queryId is actually the PD item id\n const pd = await context.agent.pdmGetDefinition({ itemId: queryId })\n if (this.instances.has(pd.queryId)) {\n rpInstanceId = pd.queryId\n rpInstance = this.instances.get(rpInstanceId)!\n }\n } catch (ignore) {}\n }\n if (createWhenNotPresent) {\n rpInstanceId = queryId\n } else {\n rpInstance = this.instances.get(rpInstanceId)\n }\n } else {\n rpInstance = this.instances.get(rpInstanceId)\n }\n\n if (!rpInstance) {\n if (!createWhenNotPresent) {\n return Promise.reject(`No RP instance found for key ${rpInstanceId}`)\n }\n const instanceOpts = this.getInstanceOpts(queryId)\n const rpOpts = await this.getRPOptions(context, { queryId, responseRedirectURI: responseRedirectURI })\n if (!rpOpts.identifierOpts.resolveOpts?.resolver || typeof rpOpts.identifierOpts.resolveOpts.resolver.resolve !== 'function') {\n if (!rpOpts.identifierOpts?.resolveOpts) {\n rpOpts.identifierOpts = { ...rpOpts.identifierOpts }\n rpOpts.identifierOpts.resolveOpts = { ...rpOpts.identifierOpts.resolveOpts }\n }\n console.log('Using agent DID resolver for RP instance with definition id ' + queryId)\n rpOpts.identifierOpts.resolveOpts.resolver = getAgentResolver(context, {\n uniresolverResolution: true,\n localResolution: true,\n resolverResolution: true,\n })\n }\n rpInstance = new RPInstance({ rpOpts, pexOpts: instanceOpts })\n this.instances.set(rpInstanceId, rpInstance)\n }\n if (responseRedirectURI) {\n rpInstance.rpOptions.responseRedirectUri = responseRedirectURI\n }\n return rpInstance\n }\n\n async getRPOptions(context: IRequiredContext, opts: { queryId?: string; responseRedirectURI?: string }): Promise<IRPOptions> {\n const { queryId, responseRedirectURI: responseRedirectURI } = opts\n const options = this.getInstanceOpts(queryId)?.rpOpts ?? this.opts.defaultOpts\n if (!options) {\n throw Error(`Could not get specific nor default options for definition ${queryId}`)\n }\n if (this.opts.defaultOpts) {\n if (!options.identifierOpts) {\n options.identifierOpts = this.opts.defaultOpts?.identifierOpts\n } else {\n if (!options.identifierOpts.idOpts) {\n options.identifierOpts.idOpts = this.opts.defaultOpts.identifierOpts.idOpts\n }\n if (!options.identifierOpts.supportedDIDMethods) {\n options.identifierOpts.supportedDIDMethods = this.opts.defaultOpts.identifierOpts.supportedDIDMethods\n }\n if (!options.supportedVersions) {\n options.supportedVersions = this.opts.defaultOpts.supportedVersions\n }\n }\n if (!options.identifierOpts.resolveOpts || typeof options.identifierOpts.resolveOpts.resolver?.resolve !== 'function') {\n options.identifierOpts.resolveOpts = {\n ...this.opts.defaultOpts.identifierOpts.resolveOpts,\n resolver:\n this.opts.defaultOpts.identifierOpts?.resolveOpts?.resolver ??\n getAgentResolver(context, { localResolution: true, resolverResolution: true, uniresolverResolution: true }),\n }\n }\n }\n if (responseRedirectURI !== undefined && responseRedirectURI !== options.responseRedirectUri) {\n options.responseRedirectUri = responseRedirectURI\n }\n return options\n }\n\n getInstanceOpts(queryId?: string): IPEXInstanceOptions | undefined {\n if (!this.opts.instanceOpts) return undefined\n\n const instanceOpt = queryId ? this.opts.instanceOpts.find((i) => i.queryId === queryId) : undefined\n\n return instanceOpt ?? this.getDefaultOptions(queryId)\n }\n\n private getDefaultOptions(queryId: string | undefined) {\n if (!this.opts.instanceOpts) return undefined\n\n const defaultOptions = this.opts.instanceOpts.find((i) => i.queryId === 'default')\n if (defaultOptions) {\n const clonedOptions = { ...defaultOptions }\n if (queryId !== undefined) {\n clonedOptions.queryId = queryId\n }\n return clonedOptions\n }\n\n return undefined\n }\n}\n","import {\n ClientIdentifierPrefix,\n ClientMetadataOpts,\n DcqlQueryLookupCallback,\n InMemoryRPSessionManager,\n PassBy,\n PresentationVerificationCallback,\n PresentationVerificationResult,\n PropertyTarget,\n ResponseMode,\n ResponseType,\n RevocationVerification,\n RP,\n RPBuilder,\n Scope,\n SubjectType,\n SupportedVersion,\n VerifyJwtCallback,\n} from '@sphereon/did-auth-siop'\nimport { CreateJwtCallback, JwtHeader, JwtIssuer, JwtPayload, SigningAlgo } from '@sphereon/oid4vc-common'\nimport { IPresentationDefinition } from '@sphereon/pex'\nimport { getAgentDIDMethods, getAgentResolver } from '@sphereon/ssi-sdk-ext.did-utils'\nimport {\n isExternalIdentifierOIDFEntityIdOpts,\n isManagedIdentifierDidOpts,\n isManagedIdentifierDidResult,\n isManagedIdentifierX5cOpts,\n ManagedIdentifierOptsOrResult,\n} from '@sphereon/ssi-sdk-ext.identifier-resolution'\nimport { JwtCompactResult } from '@sphereon/ssi-sdk-ext.jwt-service'\nimport { IVerifySdJwtPresentationResult } from '@sphereon/ssi-sdk.sd-jwt'\nimport { CredentialMapper, HasherSync, OriginalVerifiableCredential, PresentationSubmission } from '@sphereon/ssi-types'\nimport { IVerifyCallbackArgs, IVerifyCredentialResult, VerifyCallback } from '@sphereon/wellknown-dids-client'\nimport { TKeyType } from '@veramo/core'\nimport { JWTVerifyOptions } from 'did-jwt'\nimport { Resolvable } from 'did-resolver'\nimport { EventEmitter } from 'events'\nimport { validate as isValidUUID } from 'uuid'\nimport { IRequiredContext, IRPOptions, ISIOPIdentifierOptions } from './types/ISIOPv2RP'\nimport { DcqlQuery } from 'dcql'\nimport { defaultHasher } from '@sphereon/ssi-sdk.core'\n\nexport function getRequestVersion(rpOptions: IRPOptions): SupportedVersion {\n if (Array.isArray(rpOptions.supportedVersions) && rpOptions.supportedVersions.length > 0) {\n return rpOptions.supportedVersions[0]\n }\n return SupportedVersion.OID4VP_v1\n}\n\nfunction getWellKnownDIDVerifyCallback(siopIdentifierOpts: ISIOPIdentifierOptions, context: IRequiredContext) {\n return siopIdentifierOpts.wellknownDIDVerifyCallback\n ? siopIdentifierOpts.wellknownDIDVerifyCallback\n : async (args: IVerifyCallbackArgs): Promise<IVerifyCredentialResult> => {\n const result = await context.agent.cvVerifyCredential({\n credential: args.credential as OriginalVerifiableCredential,\n fetchRemoteContexts: true,\n })\n return { verified: result.result }\n }\n}\n\nexport function getDcqlQueryLookupCallback(context: IRequiredContext): DcqlQueryLookupCallback {\n async function dcqlQueryLookup(queryId: string, version?: string, tenantId?: string): Promise<DcqlQuery> {\n // TODO Add caching?\n const result = await context.agent.pdmGetDefinitions({\n filter: [\n {\n queryId,\n ...(tenantId && { tenantId }),\n ...(version && { version }),\n },\n ...(isValidUUID(queryId) ? [{ id: queryId }] : []),\n ],\n })\n if (result && result.length > 0) {\n return result[0].query\n }\n\n return Promise.reject(Error(`No dcql query found for queryId ${queryId}`))\n }\n\n return dcqlQueryLookup\n}\n\nexport function getPresentationVerificationCallback(\n idOpts: ManagedIdentifierOptsOrResult,\n context: IRequiredContext,\n): PresentationVerificationCallback {\n async function presentationVerificationCallback(\n args: any, // FIXME any\n presentationSubmission?: PresentationSubmission,\n ): Promise<PresentationVerificationResult> {\n if (CredentialMapper.isSdJwtEncoded(args)) {\n const result: IVerifySdJwtPresentationResult = await context.agent.verifySdJwtPresentation({\n presentation: args,\n })\n // fixme: investigate the correct way to handle this\n return { verified: !!result.payload }\n }\n\n if (CredentialMapper.isMsoMdocOid4VPEncoded(args)) {\n // TODO Funke reevaluate\n if (context.agent.mdocOid4vpRPVerify === undefined) {\n return Promise.reject('ImDLMdoc agent plugin must be enabled to support MsoMdoc types')\n }\n if (presentationSubmission !== undefined && presentationSubmission !== null) {\n const verifyResult = await context.agent.mdocOid4vpRPVerify({\n vp_token: args,\n presentation_submission: presentationSubmission,\n })\n return { verified: !verifyResult.error }\n }\n throw Error(`mdocOid4vpRPVerify(...) method requires a presentation submission`)\n }\n\n const result = await context.agent.verifyPresentation({\n presentation: args,\n fetchRemoteContexts: true,\n domain: (await context.agent.identifierManagedGet(idOpts)).kid?.split('#')[0],\n })\n return { verified: result.verified }\n }\n\n return presentationVerificationCallback\n}\n\nexport async function createRPBuilder(args: {\n rpOpts: IRPOptions\n definition?: IPresentationDefinition\n context: IRequiredContext\n}): Promise<RPBuilder> {\n const { rpOpts, context } = args\n const { identifierOpts } = rpOpts\n\n const didMethods = identifierOpts.supportedDIDMethods ?? (await getAgentDIDMethods(context))\n const eventEmitter = rpOpts.eventEmitter ?? new EventEmitter()\n\n const defaultClientMetadata: ClientMetadataOpts = {\n // FIXME: All of the below should be configurable. Some should come from builder, some should be determined by the agent.\n // For now it is either preconfigured or everything passed in as a single object\n idTokenSigningAlgValuesSupported: [SigningAlgo.EDDSA, SigningAlgo.ES256, SigningAlgo.ES256K], // added newly\n requestObjectSigningAlgValuesSupported: [SigningAlgo.EDDSA, SigningAlgo.ES256, SigningAlgo.ES256K], // added newly\n responseTypesSupported: [ResponseType.ID_TOKEN], // added newly\n client_name: 'Sphereon',\n vpFormatsSupported: {\n jwt_vc: { alg: ['EdDSA', 'ES256K'] },\n jwt_vp: { alg: ['ES256K', 'EdDSA'] },\n },\n scopesSupported: [Scope.OPENID_DIDAUTHN],\n subjectTypesSupported: [SubjectType.PAIRWISE],\n subject_syntax_types_supported: didMethods.map((method) => `did:${method}`),\n passBy: PassBy.VALUE,\n }\n\n const resolver =\n rpOpts.identifierOpts.resolveOpts?.resolver ??\n getAgentResolver(context, {\n resolverResolution: true,\n localResolution: true,\n uniresolverResolution: rpOpts.identifierOpts.resolveOpts?.noUniversalResolverFallback !== true,\n })\n //todo: probably wise to first look and see if we actually need the hasher to begin with\n let hasher: HasherSync | undefined = rpOpts.credentialOpts?.hasher\n if (!rpOpts.credentialOpts?.hasher || typeof rpOpts.credentialOpts?.hasher !== 'function') {\n hasher = defaultHasher\n }\n\n const builder = RP.builder({ requestVersion: getRequestVersion(rpOpts) })\n .withScope('openid', PropertyTarget.REQUEST_OBJECT)\n .withResponseMode(rpOpts.responseMode ?? ResponseMode.POST)\n .withResponseType(ResponseType.VP_TOKEN, PropertyTarget.REQUEST_OBJECT)\n // todo: move to options fill/correct method\n .withSupportedVersions(rpOpts.supportedVersions ?? [SupportedVersion.OID4VP_v1, SupportedVersion.SIOPv2_OID4VP_D28])\n\n .withEventEmitter(eventEmitter)\n .withSessionManager(rpOpts.sessionManager ?? new InMemoryRPSessionManager(eventEmitter))\n .withClientMetadata(rpOpts.clientMetadataOpts ?? defaultClientMetadata, PropertyTarget.REQUEST_OBJECT)\n .withVerifyJwtCallback(\n rpOpts.verifyJwtCallback\n ? rpOpts.verifyJwtCallback\n : getVerifyJwtCallback(\n {\n resolver,\n verifyOpts: {\n wellknownDIDVerifyCallback: getWellKnownDIDVerifyCallback(rpOpts.identifierOpts, context),\n checkLinkedDomain: 'if_present',\n },\n },\n context,\n ),\n )\n .withDcqlQueryLookup(getDcqlQueryLookupCallback(context))\n .withRevocationVerification(RevocationVerification.NEVER)\n .withPresentationVerification(getPresentationVerificationCallback(identifierOpts.idOpts, context))\n\n const oidfOpts = identifierOpts.oidfOpts\n if (oidfOpts && isExternalIdentifierOIDFEntityIdOpts(oidfOpts)) {\n builder.withEntityId(oidfOpts.identifier, PropertyTarget.REQUEST_OBJECT)\n } else {\n const resolution = await context.agent.identifierManagedGet(identifierOpts.idOpts)\n const clientId: string =\n rpOpts.clientMetadataOpts?.client_id ??\n resolution.issuer ??\n (isManagedIdentifierDidResult(resolution) ? resolution.did : resolution.jwkThumbprint)\n const clientIdPrefixed = prefixClientId(clientId)\n builder.withClientId(clientIdPrefixed, PropertyTarget.REQUEST_OBJECT)\n }\n\n if (hasher) {\n builder.withHasher(hasher)\n }\n //fixme: this has been removed in the new version of did-auth-siop\n /*if (!rpOpts.clientMetadataOpts?.subjectTypesSupported) {\n // Do not update in case it is already provided via client metadata opts\n didMethods.forEach((method) => builder.addDidMethod(method))\n }*/\n //fixme: this has been removed in the new version of did-auth-siop\n // builder.withWellknownDIDVerifyCallback(getWellKnownDIDVerifyCallback(didOpts, context))\n\n if (rpOpts.responseRedirectUri) {\n builder.withResponseRedirectUri(rpOpts.responseRedirectUri)\n }\n\n //const key = resolution.key\n //fixme: this has been removed in the new version of did-auth-siop\n //builder.withSuppliedSignature(SuppliedSigner(key, context, getSigningAlgo(key.type) as unknown as KeyAlgo), did, kid, getSigningAlgo(key.type))\n\n /*if (isManagedIdentifierDidResult(resolution)) {\n //fixme: only accepts dids in version used. New SIOP lib also accepts other types\n builder.withSuppliedSignature(\n SuppliedSigner(key, context, getSigningAlgo(key.type) as unknown as KeyAlgo),\n resolution.did,\n resolution.kid,\n getSigningAlgo(key.type),\n )\n }*/\n //fixme: signcallback and it's return type are not totally compatible with our CreateJwtCallbackBase\n const createJwtCallback = signCallback(rpOpts.identifierOpts.idOpts, context)\n builder.withCreateJwtCallback(createJwtCallback satisfies CreateJwtCallback<any>)\n return builder\n}\n\nexport function signCallback(\n idOpts: ManagedIdentifierOptsOrResult,\n context: IRequiredContext,\n): (jwtIssuer: JwtIssuer, jwt: { header: JwtHeader; payload: JwtPayload }, kid?: string) => Promise<string> {\n return async (jwtIssuer: JwtIssuer, jwt: { header: JwtHeader; payload: JwtPayload }, kid?: string) => {\n if (!(isManagedIdentifierDidOpts(idOpts) || isManagedIdentifierX5cOpts(idOpts))) {\n return Promise.reject(Error(`JWT issuer method ${jwtIssuer.method} not yet supported`))\n }\n const result: JwtCompactResult = await context.agent.jwtCreateJwsCompactSignature({\n // FIXME fix cose-key inference\n // @ts-ignore\n issuer: { identifier: idOpts.identifier, kmsKeyRef: idOpts.kmsKeyRef, noIdentifierInHeader: false },\n // FIXME fix JWK key_ops\n // @ts-ignore\n protectedHeader: jwt.header,\n payload: jwt.payload,\n })\n return result.jwt\n }\n}\n\nfunction getVerifyJwtCallback(\n _opts: {\n resolver?: Resolvable\n verifyOpts?: JWTVerifyOptions & {\n checkLinkedDomain: 'never' | 'if_present' | 'always'\n wellknownDIDVerifyCallback?: VerifyCallback\n }\n },\n context: IRequiredContext,\n): VerifyJwtCallback {\n return async (_jwtVerifier, jwt) => {\n const result = await context.agent.jwtVerifyJwsSignature({ jws: jwt.raw })\n console.log(result.message)\n return !result.error\n }\n}\n\nexport async function createRP({ rpOptions, context }: { rpOptions: IRPOptions; context: IRequiredContext }): Promise<RP> {\n return (await createRPBuilder({ rpOpts: rpOptions, context })).build()\n}\n\nexport function getSigningAlgo(type: TKeyType): SigningAlgo {\n switch (type) {\n case 'Ed25519':\n return SigningAlgo.EDDSA\n case 'Secp256k1':\n return SigningAlgo.ES256K\n case 'Secp256r1':\n return SigningAlgo.ES256\n // @ts-ignore\n case 'RSA':\n return SigningAlgo.RS256\n default:\n throw Error('Key type not yet supported')\n }\n}\n\nexport function prefixClientId(clientId: string): string {\n // FIXME SSISDK-60\n if (clientId.startsWith('did:')) {\n return `${ClientIdentifierPrefix.DECENTRALIZED_IDENTIFIER}:${clientId}`\n }\n\n return clientId\n}\n","import { AuthorizationRequest, RP, URI } from '@sphereon/did-auth-siop'\nimport { ICreateAuthRequestArgs, IPresentationOptions, IRequiredContext, IRPOptions } from './types/ISIOPv2RP'\nimport { createRPBuilder, getRequestVersion, getSigningAlgo } from './functions'\nimport { v4 as uuidv4 } from 'uuid'\nimport { JwtIssuer } from '@sphereon/oid4vc-common'\nimport {\n ensureManagedIdentifierResult,\n isManagedIdentifierDidResult,\n isManagedIdentifierX5cResult,\n} from '@sphereon/ssi-sdk-ext.identifier-resolution'\n\nexport class RPInstance {\n private _rp: RP | undefined\n private readonly _presentationOptions: IPresentationOptions | undefined\n private readonly _rpOptions: IRPOptions\n\n public constructor({ rpOpts, pexOpts }: { rpOpts: IRPOptions; pexOpts?: IPresentationOptions }) {\n this._rpOptions = rpOpts\n this._presentationOptions = pexOpts\n }\n\n public async get(context: IRequiredContext): Promise<RP> {\n if (!this._rp) {\n const builder = await createRPBuilder({\n rpOpts: this._rpOptions,\n context,\n })\n this._rp = builder.build()\n }\n return this._rp!\n }\n\n get rpOptions() {\n return this._rpOptions\n }\n\n get presentationOptions() {\n return this._presentationOptions\n }\n\n public async createAuthorizationRequestURI(createArgs: ICreateAuthRequestArgs, context: IRequiredContext): Promise<URI> {\n const { correlationId, queryId, claims, requestByReferenceURI, responseURI, responseURIType, callback } = createArgs\n const nonce = createArgs.nonce ?? uuidv4()\n const state = createArgs.state ?? correlationId\n let jwtIssuer: JwtIssuer\n const idOpts = this.rpOptions.identifierOpts.idOpts\n const resolution = await ensureManagedIdentifierResult(idOpts, context)\n if (isManagedIdentifierDidResult(resolution)) {\n jwtIssuer = { didUrl: resolution.kid, method: 'did', alg: getSigningAlgo(resolution.key.type) }\n } else if (isManagedIdentifierX5cResult(resolution)) {\n if (!resolution.issuer) {\n return Promise.reject('missing issuer in idOpts')\n }\n jwtIssuer = {\n issuer: resolution.issuer,\n x5c: resolution.x5c,\n method: 'x5c',\n alg: getSigningAlgo(resolution.key.type),\n }\n } else {\n return Promise.reject(Error(`JWT issuer method ${resolution.method} not yet supported`))\n }\n\n return await this.get(context).then((rp) =>\n rp.createAuthorizationRequestURI({\n version: getRequestVersion(this.rpOptions),\n correlationId,\n queryId,\n nonce,\n state,\n claims,\n requestByReferenceURI,\n responseURI,\n responseURIType,\n jwtIssuer,\n callback,\n }),\n )\n }\n\n public async createAuthorizationRequest(\n createArgs: Omit<ICreateAuthRequestArgs, 'queryId'>,\n context: IRequiredContext,\n ): Promise<AuthorizationRequest> {\n const { correlationId, claims, requestByReferenceURI, responseURI, responseURIType } = createArgs\n const nonce = createArgs.nonce ?? uuidv4()\n const state = createArgs.state ?? correlationId\n const idOpts = this.rpOptions.identifierOpts.idOpts\n const resolution = await ensureManagedIdentifierResult(idOpts, context)\n\n let jwtIssuer: JwtIssuer\n if (isManagedIdentifierX5cResult(resolution) && resolution.issuer) {\n jwtIssuer = {\n method: resolution.method,\n alg: getSigningAlgo(resolution.key.type),\n x5c: resolution.x5c,\n issuer: resolution.issuer,\n }\n } else if (isManagedIdentifierDidResult(resolution)) {\n jwtIssuer = {\n method: resolution.method,\n alg: getSigningAlgo(resolution.key.type),\n didUrl: resolution.did,\n }\n } else {\n return Promise.reject(Error('Only did & x5c supported at present'))\n }\n\n return await this.get(context).then((rp) =>\n rp.createAuthorizationRequest({\n version: getRequestVersion(this.rpOptions),\n correlationId,\n nonce,\n state,\n claims,\n requestByReferenceURI,\n responseURIType,\n responseURI,\n jwtIssuer,\n }),\n )\n }\n}\n"],"mappings":";;;;AAAA;AAAA,EACE,6BAA+B;AAAA,IAC7B,YAAc;AAAA,MACZ,SAAW;AAAA,QACT,qBAAuB;AAAA,UACrB,MAAQ;AAAA,UACR,YAAc;AAAA,YACZ,WAAa;AAAA,cACX,MAAQ;AAAA,YACV;AAAA,YACA,sBAAwB;AAAA,UAC1B;AAAA,UACA,UAAY,CAAC,WAAW;AAAA,UACxB,aAAe;AAAA,QACjB;AAAA,QACA,0BAA4B;AAAA,UAC1B,MAAQ;AAAA,UACR,YAAc;AAAA,YACZ,YAAc;AAAA,cACZ,MAAQ;AAAA,cACR,YAAc;AAAA,gBACZ,KAAO;AAAA,kBACL,MAAQ;AAAA,gBACV;AAAA,gBACA,OAAS;AAAA,kBACP,MAAQ;AAAA,gBACV;AAAA,gBACA,UAAY;AAAA,kBACV,MAAQ;AAAA,gBACV;AAAA,gBACA,iBAAmB;AAAA,kBACjB,MAAQ;AAAA,gBACV;AAAA,gBACA,MAAQ;AAAA,kBACN,MAAQ;AAAA,kBACR,OAAS;AAAA,oBACP,MAAQ;AAAA,oBACR,YAAc;AAAA,sBACZ,sBAAwB;AAAA,oBAC1B;AAAA,kBACF;AAAA,gBACF;AAAA,gBACA,UAAY;AAAA,kBACV,MAAQ;AAAA,kBACR,OAAS;AAAA,oBACP,MAAQ;AAAA,oBACR,YAAc;AAAA,sBACZ,sBAAwB;AAAA,oBAC1B;AAAA,kBACF;AAAA,gBACF;AAAA,cACF;AAAA,cACA,sBAAwB;AAAA,cACxB,UAAY,CAAC,OAAO,YAAY,QAAQ,UAAU;AAAA,YACpD;AAAA,YACA,WAAa;AAAA,cACX,MAAQ;AAAA,YACV;AAAA,YACA,WAAa;AAAA,cACX,MAAQ;AAAA,YACV;AAAA,YACA,sBAAwB;AAAA,UAC1B;AAAA,UACA,UAAY,CAAC,YAAY;AAAA,UACzB,aAAe;AAAA,QACjB;AAAA,QACA,wBAA0B;AAAA,UACxB,MAAQ;AAAA,UACR,YAAc;AAAA,YACZ,WAAa;AAAA,cACX,MAAQ;AAAA,YACV;AAAA,YACA,sBAAwB;AAAA,UAC1B;AAAA,UACA,UAAY,CAAC,WAAW;AAAA,UACxB,aAAe;AAAA,QACjB;AAAA,QACA,2BAA6B;AAAA,UAC3B,MAAQ;AAAA,UACR,YAAc;AAAA,YACZ,WAAa;AAAA,cACX,MAAQ;AAAA,YACV;AAAA,YACA,SAAW;AAAA,cACT,MAAQ;AAAA,YACV;AAAA,YACA,aAAe;AAAA,cACb,MAAQ;AAAA,YACV;AAAA,YACA,sBAAwB;AAAA,UAC1B;AAAA,UACA,UAAY,CAAC,aAAa,WAAW,aAAa;AAAA,UAClD,aAAe;AAAA,QACjB;AAAA,QACA,WAAa;AAAA,UACX,MAAQ;AAAA,UACR,YAAc;AAAA,YACZ,QAAU;AAAA,cACR,MAAQ;AAAA,YACV;AAAA,YACA,sBAAwB;AAAA,UAC1B;AAAA,UACA,UAAY,CAAC,QAAQ;AAAA,UACrB,aAAe;AAAA,QACjB;AAAA,QACA,yCAA2C;AAAA,UACzC,MAAQ;AAAA,UACR,YAAc;AAAA,YACZ,WAAa;AAAA,cACX,MAAQ;AAAA,YACV;AAAA,YACA,SAAW;AAAA,cACT,MAAQ;AAAA,YACV;AAAA,YACA,aAAe;AAAA,cACb,MAAQ;AAAA,YACV;AAAA,YACA,sBAAwB;AAAA,UAC1B;AAAA,UACA,UAAY,CAAC,aAAa,WAAW,aAAa;AAAA,UAClD,aAAe;AAAA,QACjB;AAAA,QACA,gCAAkC;AAAA,UAChC,MAAQ;AAAA,UACR,YAAc;AAAA,YACZ,KAAO;AAAA,cACL,MAAQ;AAAA,YACV;AAAA,YACA,gBAAkB;AAAA,cAChB,MAAQ;AAAA,cACR,YAAc;AAAA,gBACZ,sBAAwB;AAAA,cAC1B;AAAA,YACF;AAAA,YACA,cAAgB;AAAA,cACd,MAAQ;AAAA,cACR,YAAc;AAAA,gBACZ,sBAAwB;AAAA,cAC1B;AAAA,YACF;AAAA,YACA,sBAAwB;AAAA,UAC1B;AAAA,UACA,UAAY,CAAC,OAAO,kBAAkB,cAAc;AAAA,UACpD,aAAe;AAAA,QACjB;AAAA,QACA,0CAA4C;AAAA,UAC1C,MAAQ;AAAA,UACR,YAAc;AAAA,YACZ,WAAa;AAAA,cACX,MAAQ;AAAA,YACV;AAAA,YACA,+BAAiC;AAAA,cAC/B,MAAQ;AAAA,cACR,YAAc;AAAA,gBACZ,sBAAwB;AAAA,cAC1B;AAAA,YACF;AAAA,YACA,kBAAoB;AAAA,cAClB,MAAQ;AAAA,cACR,YAAc;AAAA,gBACZ,sBAAwB;AAAA,cAC1B;AAAA,YACF;AAAA,YACA,sBAAwB;AAAA,UAC1B;AAAA,UACA,UAAY,CAAC,aAAa,+BAA+B;AAAA,UACzD,aAAe;AAAA,QACjB;AAAA,QACA,qBAAuB;AAAA,UACrB,MAAQ;AAAA,UACR,YAAc;AAAA,YACZ,IAAM;AAAA,cACJ,MAAQ;AAAA,YACV;AAAA,YACA,aAAe;AAAA,cACb,MAAQ;AAAA,cACR,OAAS;AAAA,gBACP,MAAQ;AAAA,cACV;AAAA,YACF;AAAA,YACA,gBAAkB;AAAA,cAChB,MAAQ;AAAA,cACR,YAAc;AAAA,gBACZ,sBAAwB;AAAA,cAC1B;AAAA,YACF;AAAA,YACA,sBAAwB;AAAA,UAC1B;AAAA,UACA,UAAY,CAAC,MAAM,gBAAgB;AAAA,UACnC,aAAe;AAAA,QACjB;AAAA,QACA,yCAA2C;AAAA,UACzC,MAAQ;AAAA,UACR,YAAc;AAAA,YACZ,WAAa;AAAA,cACX,MAAQ;AAAA,YACV;AAAA,YACA,gCAAkC;AAAA,cAChC,MAAQ;AAAA,cACR,YAAc;AAAA,gBACZ,sBAAwB;AAAA,cAC1B;AAAA,YACF;AAAA,YACA,sBAAwB;AAAA,UAC1B;AAAA,UACA,UAAY,CAAC,aAAa,gCAAgC;AAAA,UAC1D,aAAe;AAAA,QACjB;AAAA,QACA,8BAAgC;AAAA,UAC9B,MAAQ;AAAA,UACR,YAAc;AAAA,YACZ,SAAW;AAAA,cACT,MAAQ;AAAA,cACR,YAAc;AAAA,gBACZ,sBAAwB;AAAA,cAC1B;AAAA,YACF;AAAA,YACA,yBAA2B;AAAA,cACzB,MAAQ;AAAA,cACR,YAAc;AAAA,gBACZ,sBAAwB;AAAA,cAC1B;AAAA,YACF;AAAA,YACA,YAAc;AAAA,cACZ,MAAQ;AAAA,cACR,YAAc;AAAA,gBACZ,sBAAwB;AAAA,cAC1B;AAAA,YACF;AAAA,YACA,sBAAwB;AAAA,UAC1B;AAAA,UACA,UAAY,CAAC,WAAW,YAAY;AAAA,UACpC,aAAe;AAAA,QACjB;AAAA,QACA,qCAAuC;AAAA,UACrC,MAAQ;AAAA,UACR,YAAc;AAAA,YACZ,WAAa;AAAA,cACX,MAAQ;AAAA,YACV;AAAA,YACA,+BAAiC;AAAA,cAC/B,MAAQ;AAAA,cACR,YAAc;AAAA,gBACZ,sBAAwB;AAAA,cAC1B;AAAA,YACF;AAAA,YACA,gCAAkC;AAAA,cAChC,MAAQ;AAAA,cACR,YAAc;AAAA,gBACZ,sBAAwB;AAAA,cAC1B;AAAA,YACF;AAAA,YACA,sBAAwB;AAAA,UAC1B;AAAA,UACA,UAAY,CAAC,aAAa,+BAA+B;AAAA,UACzD,aAAe;AAAA,QACjB;AAAA,MACF;AAAA,MACA,SAAW;AAAA,QACT,mBAAqB;AAAA,UACnB,aAAe;AAAA,UACf,WAAa;AAAA,YACX,MAAQ;AAAA,UACV;AAAA,UACA,YAAc;AAAA,QAChB;AAAA,QACA,wBAA0B;AAAA,UACxB,aAAe;AAAA,UACf,WAAa;AAAA,YACX,MAAQ;AAAA,UACV;AAAA,UACA,YAAc;AAAA,QAChB;AAAA,QACA,sBAAwB;AAAA,UACtB,aAAe;AAAA,UACf,WAAa;AAAA,YACX,MAAQ;AAAA,UACV;AAAA,UACA,YAAc;AAAA,QAChB;AAAA,QACA,sBAAwB;AAAA,UACtB,aAAe;AAAA,UACf,WAAa;AAAA,YACX,MAAQ;AAAA,UACV;AAAA,UACA,YAAc;AAAA,YACZ,MAAQ;AAAA,UACV;AAAA,QACF;AAAA,QACA,oCAAsC;AAAA,UACpC,aAAe;AAAA,UACf,WAAa;AAAA,YACX,MAAQ;AAAA,UACV;AAAA,UACA,YAAc;AAAA,YACZ,MAAQ;AAAA,UACV;AAAA,QACF;AAAA,QACA,qCAAuC;AAAA,UACrC,aAAe;AAAA,UACf,WAAa;AAAA,YACX,MAAQ;AAAA,UACV;AAAA,UACA,YAAc;AAAA,YACZ,MAAQ;AAAA,UACV;AAAA,QACF;AAAA,QACA,oCAAsC;AAAA,UACpC,aAAe;AAAA,UACf,WAAa;AAAA,YACX,MAAQ;AAAA,UACV;AAAA,UACA,YAAc;AAAA,YACZ,MAAQ;AAAA,UACV;AAAA,QACF;AAAA,QACA,gCAAkC;AAAA,UAChC,aAAe;AAAA,UACf,WAAa;AAAA,YACX,MAAQ;AAAA,UACV;AAAA,UACA,YAAc;AAAA,YACZ,MAAQ;AAAA,UACV;AAAA,QACF;AAAA,MACF;AAAA,IACF;AAAA,EACF;AACF;;;ACxUA,SAIEA,kCAEAC,uBAGK;AACP,SAASC,oBAAAA,yBAAwB;AACjC,SAASC,aAAaC,sBAAqB;AAC3C,SAASC,YAAYC,oBAAmB;AAExC,SAEEC,oBAAAA,yBAWK;AAEP,SAASC,iBAAiB;;;AC7B1B,SACEC,wBAGAC,0BACAC,QAGAC,gBACAC,cACAC,cACAC,wBACAC,IAEAC,OACAC,aACAC,wBAEK;AACP,SAA8DC,mBAAmB;AAEjF,SAASC,oBAAoBC,wBAAwB;AACrD,SACEC,sCACAC,4BACAC,8BACAC,kCAEK;AAGP,SAASC,wBAA0F;AAKnG,SAASC,oBAAoB;AAC7B,SAASC,YAAYC,mBAAmB;AAGxC,SAASC,qBAAqB;AAEvB,SAASC,kBAAkBC,WAAqB;AACrD,MAAIC,MAAMC,QAAQF,UAAUG,iBAAiB,KAAKH,UAAUG,kBAAkBC,SAAS,GAAG;AACxF,WAAOJ,UAAUG,kBAAkB,CAAA;EACrC;AACA,SAAOE,iBAAiBC;AAC1B;AALgBP;AAOhB,SAASQ,8BAA8BC,oBAA4CC,SAAyB;AAC1G,SAAOD,mBAAmBE,6BACtBF,mBAAmBE,6BACnB,OAAOC,SAAAA;AACL,UAAMC,SAAS,MAAMH,QAAQI,MAAMC,mBAAmB;MACpDC,YAAYJ,KAAKI;MACjBC,qBAAqB;IACvB,CAAA;AACA,WAAO;MAAEC,UAAUL,OAAOA;IAAO;EACnC;AACN;AAVSL;AAYF,SAASW,2BAA2BT,SAAyB;AAClE,iBAAeU,gBAAgBC,SAAiBC,SAAkBC,UAAiB;AAEjF,UAAMV,SAAS,MAAMH,QAAQI,MAAMU,kBAAkB;MACnDC,QAAQ;QACN;UACEJ;UACA,GAAIE,YAAY;YAAEA;UAAS;UAC3B,GAAID,WAAW;YAAEA;UAAQ;QAC3B;WACII,YAAYL,OAAAA,IAAW;UAAC;YAAEM,IAAIN;UAAQ;YAAK,CAAA;;IAEnD,CAAA;AACA,QAAIR,UAAUA,OAAOR,SAAS,GAAG;AAC/B,aAAOQ,OAAO,CAAA,EAAGe;IACnB;AAEA,WAAOC,QAAQC,OAAOC,MAAM,mCAAmCV,OAAAA,EAAS,CAAA;EAC1E;AAjBeD;AAmBf,SAAOA;AACT;AArBgBD;AAuBT,SAASa,oCACdC,QACAvB,SAAyB;AAEzB,iBAAewB,iCACbtB,MACAuB,wBAA+C;AAE/C,QAAIC,iBAAiBC,eAAezB,IAAAA,GAAO;AACzC,YAAMC,UAAyC,MAAMH,QAAQI,MAAMwB,wBAAwB;QACzFC,cAAc3B;MAChB,CAAA;AAEA,aAAO;QAAEM,UAAU,CAAC,CAACL,QAAO2B;MAAQ;IACtC;AAEA,QAAIJ,iBAAiBK,uBAAuB7B,IAAAA,GAAO;AAEjD,UAAIF,QAAQI,MAAM4B,uBAAuBC,QAAW;AAClD,eAAOd,QAAQC,OAAO,gEAAA;MACxB;AACA,UAAIK,2BAA2BQ,UAAaR,2BAA2B,MAAM;AAC3E,cAAMS,eAAe,MAAMlC,QAAQI,MAAM4B,mBAAmB;UAC1DG,UAAUjC;UACVkC,yBAAyBX;QAC3B,CAAA;AACA,eAAO;UAAEjB,UAAU,CAAC0B,aAAaG;QAAM;MACzC;AACA,YAAMhB,MAAM,mEAAmE;IACjF;AAEA,UAAMlB,SAAS,MAAMH,QAAQI,MAAMkC,mBAAmB;MACpDT,cAAc3B;MACdK,qBAAqB;MACrBgC,SAAS,MAAMvC,QAAQI,MAAMoC,qBAAqBjB,MAAAA,GAASkB,KAAKC,MAAM,GAAA,EAAK,CAAA;IAC7E,CAAA;AACA,WAAO;MAAElC,UAAUL,OAAOK;IAAS;EACrC;AAjCegB;AAmCf,SAAOA;AACT;AAxCgBF;AA0ChB,eAAsBqB,gBAAgBzC,MAIrC;AACC,QAAM,EAAE0C,QAAQ5C,QAAO,IAAKE;AAC5B,QAAM,EAAE2C,eAAc,IAAKD;AAE3B,QAAME,aAAaD,eAAeE,uBAAwB,MAAMC,mBAAmBhD,OAAAA;AACnF,QAAMiD,eAAeL,OAAOK,gBAAgB,IAAIC,aAAAA;AAEhD,QAAMC,wBAA4C;;;IAGhDC,kCAAkC;MAACC,YAAYC;MAAOD,YAAYE;MAAOF,YAAYG;;IACrFC,wCAAwC;MAACJ,YAAYC;MAAOD,YAAYE;MAAOF,YAAYG;;IAC3FE,wBAAwB;MAACC,aAAaC;;IACtCC,aAAa;IACbC,oBAAoB;MAClBC,QAAQ;QAAEC,KAAK;UAAC;UAAS;;MAAU;MACnCC,QAAQ;QAAED,KAAK;UAAC;UAAU;;MAAS;IACrC;IACAE,iBAAiB;MAACC,MAAMC;;IACxBC,uBAAuB;MAACC,YAAYC;;IACpCC,gCAAgC1B,WAAW2B,IAAI,CAACC,WAAW,OAAOA,MAAAA,EAAQ;IAC1EC,QAAQC,OAAOC;EACjB;AAEA,QAAMC,WACJlC,OAAOC,eAAekC,aAAaD,YACnCE,iBAAiBhF,SAAS;IACxBiF,oBAAoB;IACpBC,iBAAiB;IACjBC,uBAAuBvC,OAAOC,eAAekC,aAAaK,gCAAgC;EAC5F,CAAA;AAEF,MAAIC,SAAiCzC,OAAO0C,gBAAgBD;AAC5D,MAAI,CAACzC,OAAO0C,gBAAgBD,UAAU,OAAOzC,OAAO0C,gBAAgBD,WAAW,YAAY;AACzFA,aAASE;EACX;AAEA,QAAMC,UAAUC,GAAGD,QAAQ;IAAEE,gBAAgBpG,kBAAkBsD,MAAAA;EAAQ,CAAA,EACpE+C,UAAU,UAAUC,eAAeC,cAAc,EACjDC,iBAAiBlD,OAAOmD,gBAAgBC,aAAaC,IAAI,EACzDC,iBAAiBvC,aAAawC,UAAUP,eAAeC,cAAc,EAErEO,sBAAsBxD,OAAOlD,qBAAqB;IAACE,iBAAiBC;IAAWD,iBAAiByG;GAAkB,EAElHC,iBAAiBrD,YAAAA,EACjBsD,mBAAmB3D,OAAO4D,kBAAkB,IAAIC,yBAAyBxD,YAAAA,CAAAA,EACzEyD,mBAAmB9D,OAAO+D,sBAAsBxD,uBAAuByC,eAAeC,cAAc,EACpGe,sBACChE,OAAOiE,oBACHjE,OAAOiE,oBACPC,qBACE;IACEhC;IACAiC,YAAY;MACV9G,4BAA4BH,8BAA8B8C,OAAOC,gBAAgB7C,OAAAA;MACjFgH,mBAAmB;IACrB;EACF,GACAhH,OAAAA,CAAAA,EAGPiH,oBAAoBxG,2BAA2BT,OAAAA,CAAAA,EAC/CkH,2BAA2BC,uBAAuBC,KAAK,EACvDC,6BAA6B/F,oCAAoCuB,eAAetB,QAAQvB,OAAAA,CAAAA;AAE3F,QAAMsH,WAAWzE,eAAeyE;AAChC,MAAIA,YAAYC,qCAAqCD,QAAAA,GAAW;AAC9D9B,YAAQgC,aAAaF,SAASG,YAAY7B,eAAeC,cAAc;EACzE,OAAO;AACL,UAAM6B,aAAa,MAAM1H,QAAQI,MAAMoC,qBAAqBK,eAAetB,MAAM;AACjF,UAAMoG,WACJ/E,OAAO+D,oBAAoBiB,aAC3BF,WAAWG,WACVC,6BAA6BJ,UAAAA,IAAcA,WAAWK,MAAML,WAAWM;AAC1E,UAAMC,mBAAmBC,eAAeP,QAAAA;AACxCnC,YAAQ2C,aAAaF,kBAAkBrC,eAAeC,cAAc;EACtE;AAEA,MAAIR,QAAQ;AACVG,YAAQ4C,WAAW/C,MAAAA;EACrB;AASA,MAAIzC,OAAOyF,qBAAqB;AAC9B7C,YAAQ8C,wBAAwB1F,OAAOyF,mBAAmB;EAC5D;AAgBA,QAAME,oBAAoBC,aAAa5F,OAAOC,eAAetB,QAAQvB,OAAAA;AACrEwF,UAAQiD,sBAAsBF,iBAAAA;AAC9B,SAAO/C;AACT;AAlHsB7C;AAoHf,SAAS6F,aACdjH,QACAvB,SAAyB;AAEzB,SAAO,OAAO0I,WAAsBC,KAAiDlG,QAAAA;AACnF,QAAI,EAAEmG,2BAA2BrH,MAAAA,KAAWsH,2BAA2BtH,MAAAA,IAAU;AAC/E,aAAOJ,QAAQC,OAAOC,MAAM,qBAAqBqH,UAAUhE,MAAM,oBAAoB,CAAA;IACvF;AACA,UAAMvE,SAA2B,MAAMH,QAAQI,MAAM0I,6BAA6B;;;MAGhFjB,QAAQ;QAAEJ,YAAYlG,OAAOkG;QAAYsB,WAAWxH,OAAOwH;QAAWC,sBAAsB;MAAM;;;MAGlGC,iBAAiBN,IAAIO;MACrBpH,SAAS6G,IAAI7G;IACf,CAAA;AACA,WAAO3B,OAAOwI;EAChB;AACF;AAnBgBH;AAqBhB,SAAS1B,qBACPqC,OAOAnJ,SAAyB;AAEzB,SAAO,OAAOoJ,cAAcT,QAAAA;AAC1B,UAAMxI,SAAS,MAAMH,QAAQI,MAAMiJ,sBAAsB;MAAEC,KAAKX,IAAIY;IAAI,CAAA;AACxEC,YAAQC,IAAItJ,OAAOuJ,OAAO;AAC1B,WAAO,CAACvJ,OAAOkC;EACjB;AACF;AAfSyE;AAqBF,SAAS6C,eAAeC,MAAc;AAC3C,UAAQA,MAAAA;IACN,KAAK;AACH,aAAOC,YAAYC;IACrB,KAAK;AACH,aAAOD,YAAYE;IACrB,KAAK;AACH,aAAOF,YAAYG;;IAErB,KAAK;AACH,aAAOH,YAAYI;IACrB;AACE,YAAMC,MAAM,4BAAA;EAChB;AACF;AAdgBP;AAgBT,SAASQ,eAAeC,UAAgB;AAE7C,MAAIA,SAASC,WAAW,MAAA,GAAS;AAC/B,WAAO,GAAGC,uBAAuBC,wBAAwB,IAAIH,QAAAA;EAC/D;AAEA,SAAOA;AACT;AAPgBD;;;ACzShB,SAASK,MAAMC,cAAc;AAE7B,SACEC,+BACAC,gCAAAA,+BACAC,oCACK;AAEA,IAAMC,aAAN,MAAMA;EATb,OASaA;;;EACHC;EACSC;EACAC;EAEjB,YAAmB,EAAEC,QAAQC,QAAO,GAA4D;AAC9F,SAAKF,aAAaC;AAClB,SAAKF,uBAAuBG;EAC9B;EAEA,MAAaC,IAAIC,SAAwC;AACvD,QAAI,CAAC,KAAKN,KAAK;AACb,YAAMO,UAAU,MAAMC,gBAAgB;QACpCL,QAAQ,KAAKD;QACbI;MACF,CAAA;AACA,WAAKN,MAAMO,QAAQE,MAAK;IAC1B;AACA,WAAO,KAAKT;EACd;EAEA,IAAIU,YAAY;AACd,WAAO,KAAKR;EACd;EAEA,IAAIS,sBAAsB;AACxB,WAAO,KAAKV;EACd;EAEA,MAAaW,8BAA8BC,YAAoCP,SAAyC;AACtH,UAAM,EAAEQ,eAAeC,SAASC,QAAQC,uBAAuBC,aAAaC,iBAAiBC,SAAQ,IAAKP;AAC1G,UAAMQ,QAAQR,WAAWQ,SAASC,OAAAA;AAClC,UAAMC,QAAQV,WAAWU,SAAST;AAClC,QAAIU;AACJ,UAAMC,SAAS,KAAKf,UAAUgB,eAAeD;AAC7C,UAAME,aAAa,MAAMC,8BAA8BH,QAAQnB,OAAAA;AAC/D,QAAIuB,8BAA6BF,UAAAA,GAAa;AAC5CH,kBAAY;QAAEM,QAAQH,WAAWI;QAAKC,QAAQ;QAAOC,KAAKC,eAAeP,WAAWQ,IAAIC,IAAI;MAAE;IAChG,WAAWC,6BAA6BV,UAAAA,GAAa;AACnD,UAAI,CAACA,WAAWW,QAAQ;AACtB,eAAOC,QAAQC,OAAO,0BAAA;MACxB;AACAhB,kBAAY;QACVc,QAAQX,WAAWW;QACnBG,KAAKd,WAAWc;QAChBT,QAAQ;QACRC,KAAKC,eAAeP,WAAWQ,IAAIC,IAAI;MACzC;IACF,OAAO;AACL,aAAOG,QAAQC,OAAOE,MAAM,qBAAqBf,WAAWK,MAAM,oBAAoB,CAAA;IACxF;AAEA,WAAO,MAAM,KAAK3B,IAAIC,OAAAA,EAASqC,KAAK,CAACC,OACnCA,GAAGhC,8BAA8B;MAC/BiC,SAASC,kBAAkB,KAAKpC,SAAS;MACzCI;MACAC;MACAM;MACAE;MACAP;MACAC;MACAC;MACAC;MACAK;MACAJ;IACF,CAAA,CAAA;EAEJ;EAEA,MAAa2B,2BACXlC,YACAP,SAC+B;AAC/B,UAAM,EAAEQ,eAAeE,QAAQC,uBAAuBC,aAAaC,gBAAe,IAAKN;AACvF,UAAMQ,QAAQR,WAAWQ,SAASC,OAAAA;AAClC,UAAMC,QAAQV,WAAWU,SAAST;AAClC,UAAMW,SAAS,KAAKf,UAAUgB,eAAeD;AAC7C,UAAME,aAAa,MAAMC,8BAA8BH,QAAQnB,OAAAA;AAE/D,QAAIkB;AACJ,QAAIa,6BAA6BV,UAAAA,KAAeA,WAAWW,QAAQ;AACjEd,kBAAY;QACVQ,QAAQL,WAAWK;QACnBC,KAAKC,eAAeP,WAAWQ,IAAIC,IAAI;QACvCK,KAAKd,WAAWc;QAChBH,QAAQX,WAAWW;MACrB;IACF,WAAWT,8BAA6BF,UAAAA,GAAa;AACnDH,kBAAY;QACVQ,QAAQL,WAAWK;QACnBC,KAAKC,eAAeP,WAAWQ,IAAIC,IAAI;QACvCN,QAAQH,WAAWqB;MACrB;IACF,OAAO;AACL,aAAOT,QAAQC,OAAOE,MAAM,qCAAA,CAAA;IAC9B;AAEA,WAAO,MAAM,KAAKrC,IAAIC,OAAAA,EAASqC,KAAK,CAACC,OACnCA,GAAGG,2BAA2B;MAC5BF,SAASC,kBAAkB,KAAKpC,SAAS;MACzCI;MACAO;MACAE;MACAP;MACAC;MACAE;MACAD;MACAM;IACF,CAAA,CAAA;EAEJ;AACF;;;AFxEO,IAAMyB,WAAN,MAAMA,UAAAA;EAlDb,OAkDaA;;;EACMC;EACjB,OAAwBC,oBAAoB;EAC3BC,YAAqC,oBAAIC,IAAAA;EACjDC,SAASA,sBAAOC;EAEhBC,UAAqB;IAC5BC,0BAA0B,KAAKC,8BAA8BC,KAAK,IAAI;IACtEC,+BAA+B,KAAKC,mCAAmCF,KAAK,IAAI;IAChFG,yBAAyB,KAAKC,oBAAoBJ,KAAK,IAAI;IAC3DK,0BAA0B,KAAKC,qBAAqBN,KAAK,IAAI;IAC7DO,4BAA4B,KAAKC,uBAAuBR,KAAK,IAAI;IACjES,qBAAqB,KAAKC,gBAAgBV,KAAK,IAAI;IACnDW,wBAAwB,KAAKA,uBAAuBX,KAAK,IAAI;IAC7DY,uBAAuB,KAAKA,sBAAsBZ,KAAK,IAAI;IAC3Da,oBAAoB,KAAKA,mBAAmBb,KAAK,IAAI;EACvD;EAEA,YAAYT,MAAqB;AAC/B,SAAKA,OAAOA;EACd;EAEOuB,eAAeC,eAA+BC,SAA2B;AAE9E,SAAKzB,KAAK0B,cAAcF;AAExB,QACE,CAAC,KAAKxB,KAAK0B,YAAYC,eAAeC,aAAaC,YACnD,OAAO,KAAK7B,KAAK0B,YAAYC,eAAeC,YAAYC,SAASC,YAAY,YAC7E;AACA,WAAK9B,KAAK0B,YAAYC,eAAeC,cAAc;QACjD,GAAG,KAAK5B,KAAK0B,YAAYC,eAAeC;QACxCC,UAAUE,kBAAiBN,SAAS;UAAEO,uBAAuB;UAAMC,oBAAoB;UAAMC,iBAAiB;QAAK,CAAA;MACrH;IACF;EACF;EAEA,MAAc1B,8BAA8B2B,YAAoCV,SAA4C;AAC1H,WAAO,MAAM,KAAKW,cAChB;MACEC,sBAAsB;MACtBC,qBAAqBH,WAAWG;MAChC,GAAIH,WAAWI,uBAAuB,QAAQ;QAAEC,SAASL,WAAWK;MAAQ;IAC9E,GACAf,OAAAA,EAECgB,KAAK,CAACC,OAAOA,GAAGlC,8BAA8B2B,YAAYV,OAAAA,CAAAA,EAC1DgB,KAAK,CAACE,QAAQA,IAAIC,UAAU;EACjC;EAEA,MAAcjC,mCACZwB,YACAV,SACwC;AACxC,WAAO,MAAM,KAAKW,cAAc;MAAEC,sBAAsB;MAAMG,SAASL,WAAWK;IAAQ,GAAGf,OAAAA,EAC1FgB,KAAK,CAACC,OAAOA,GAAGG,2BAA2BV,YAAYV,OAAAA,CAAAA,EACvDgB,KAAK,OAAOK,YAAAA;AACX,YAAMC,cAA6C;QACjDC,sBAAsBF,QAAQG;QAC9BC,eAAe,MAAMJ,QAAQK,iBAAgB;QAC7CC,sBAAsBN,QAAQI,eAAeG,WAAAA;MAC/C;AACA,aAAON;IACT,CAAA;EACJ;EAEA,MAAclC,oBAAoByC,MAAgC7B,SAA2E;AAC3I,WAAO,MAAM,KAAKW,cAAc;MAAEC,sBAAsB;MAAOG,SAASc,KAAKd;IAAQ,GAAGf,OAAAA,EAASgB,KAAK,CAACC,OACrGA,GAAGa,IAAI9B,OAAAA,EAASgB,KAAK,CAACC,QACpBA,IAAGc,eAAeC,+BAA+BH,KAAKI,eAAeJ,KAAKK,eAAe,CAAA,CAAA;EAG/F;EAEA,MAAc5C,qBACZuC,MACA7B,SACiE;AACjE,UAAMmC,aAAyB,MAAM,KAAKxB,cAAc;MAAEC,sBAAsB;MAAOG,SAASc,KAAKd;IAAQ,GAAGf,OAAAA;AAChH,UAAMoC,6BAAqE,MAAMD,WAC9EL,IAAI9B,OAAAA,EACJgB,KAAK,CAACC,OAAOA,GAAGc,eAAeM,gCAAgCR,KAAKI,eAAeJ,KAAKK,eAAe,CAAA;AAC1G,QAAIE,+BAA+BE,QAAW;AAC5C,aAAOA;IACT;AAEA,UAAMC,gBAAgBH;AACtB,QAAIG,cAAcC,WAAWC,iCAAiCC,UAAU;AACtE,UAAIC;AACJ,UACEC,kBAAiBC,eAAeN,cAAcO,SAAStB,QAAQuB,QAAQ,MACtE,CAACZ,WAAWa,UAAUC,gBAAgBN,UAAU,OAAOR,WAAWa,UAAUC,gBAAgBN,WAAW,aACxG;AACAA,iBAASO;MACX;AAGA,YAAMC,UAAUZ,cAAcO,SAAStB,QAAQuB,YAAYK,KAAKC,MAAMd,cAAcO,SAAStB,QAAQuB,QAAQ;AAC7G,YAAMO,SAAS,CAAA;AACf,iBAAW,CAACC,KAAKC,KAAAA,KAAUC,OAAOC,QAAQP,OAAAA,GAAU;AAElD,cAAMQ,sBAAsBf,kBAAiBgB;UAC3CJ;;UAEAb;QAAAA;AAEFkB,gBAAQC,IAAI,wBAAwBV,KAAKW,UAAUJ,mBAAAA,CAAAA,EAAsB;AAEzE,cAAMK,YAA8B,CAAC;AACrC,cAAMC,uBAAuB,KAAKC,yBAAyBP,mBAAAA;AAC3D,YAAI,0BAA0BM,sBAAsB;AAClD,qBAAWE,cAAcF,qBAAqBG,sBAAsB;AAClE,kBAAMC,KAAKF;AACX,kBAAMG,yBAAyB,MAAMtE,QAAQuE,MAAMC,eAAe;cAChEL;cACAxB;cACA8B,kBAAkBtC,WAAWa,UAAU0B,sBAAsBC;YAC/D,CAAA;AACA,gBAAI,CAACL,uBAAuBM,QAAQ;AAClCrC,4BAAcC,SAASC,iCAAiCoC;AACxDtC,4BAAcuC,QAAQ,IAAIC,MAAMT,uBAAuBQ,KAAK;AAC5D,qBAAOvC;YACT;AAEA,kBAAMyC,oBAAoBX,GAAGW;AAC7B,gBAAI,EAAE,QAAQhB,YAAY;AACxBA,wBAAU,IAAA,IAAQgB,kBAAkBC;YACtC;AAEAxB,mBAAOC,QAAQsB,iBAAAA,EAAmBE,QAAQ,CAAC,CAAC3B,MAAKC,MAAAA,MAAM;AACrD,kBAAI,EAAED,QAAOS,YAAY;AACvBA,0BAAUT,IAAAA,IAAOC;cACnB;YACF,CAAA;AAEAF,mBAAO6B,KAAK;cACVF,IAAI1B;cACJ6B,MAAMf,GAAGe,KAAK,CAAA;cACd9B,QAAQU;YACV,CAAA;UACF;QACF,OAAO;AACLV,iBAAO6B,KAAK;YACVF,IAAI1B;YACJ6B,MAAOzB,oBAAyD0B,eAAeC;YAC/EhC,QAAQW;UACV,CAAA;QACF;MACF;AAEA1B,oBAAcgD,eAAe;QAC3B,GAAIhD,cAAcO,SAAStB,QAAQuB,YAAY;UAC7CyC,wBAAwB;YACtBzC,UAAU,OAAOR,cAAcO,SAAStB,QAAQuB,aAAa,WACvDK,KAAKC,MAAMd,cAAcO,SAAStB,QAAQuB,QAAQ,IAClDR,cAAcO,SAAStB,QAAQuB;UACvC;QACF;QACA,GAAIO,OAAOmC,SAAS,KAAK;UAAEC,mBAAmBpC;QAAO;MACvD;IACF;AAEA,WAAOf;EACT;EAEQ2B,2BAA2B,wBACjCP,wBAAAA;AAOA,WAAOf,kBAAiB+C,yBAAyBhC,mBAAAA,IAC7CA,oBAAoB0B,iBACpBzC,kBAAiBgD,sBAAsBjC,mBAAAA;EAC7C,GAXmC;EAanC,MAAcnE,uBAAuBqC,MAA+B7B,SAA+D;AACjI,QAAI6B,KAAKgE,UAAU,iCAAiC;AAClD,YAAMd,MAAM,wFAAwF;IACtG;AACA,WAAO,MAAM,KAAKpE,cAAc;MAAEC,sBAAsB;MAAOG,SAASc,KAAKd;IAAQ,GAAGf,OAAAA,EAErFgB,KAAK,CAACC,OACLA,GAAGa,IAAI9B,OAAAA,EAASgB,KAAK,OAAOC,QAAAA;AAC1B,YAAMA,IAAG6E,2BAA2B;QAClC7D,eAAeJ,KAAKI;QACpB6C,OAAOjD,KAAKiD,QAAQ,IAAIC,MAAMlD,KAAKiD,KAAK,IAAIxC;MAC9C,CAAA;AACA,aAAQ,MAAMrB,IAAGc,eAAeC,+BAA+BH,KAAKI,eAAe,IAAA;IACrF,CAAA,CAAA;EAEN;EAEA,MAAcvC,gBAAgBmC,MAAiC7B,SAA6C;AAC1G,WAAO,MAAM,KAAKW,cAAc;MAAEC,sBAAsB;MAAOG,SAASc,KAAKd;IAAQ,GAAGf,OAAAA,EACrFgB,KAAK,CAACC,OAAOA,GAAGa,IAAI9B,OAAAA,EAASgB,KAAK,CAACC,QAAOA,IAAGc,eAAegE,4BAA4BlE,KAAKI,aAAa,CAAA,CAAA,EAC1GjB,KAAK,MAAM,IAAA;EAChB;EAEA,MAAcrB,uBAAuBkC,MAAoC7B,SAAmE;AAC1I,QAAI,CAAC6B,KAAKmE,uBAAuB;AAC/B,YAAMjB,MAAM,2CAAA;IACd;AACA,UAAMkB,eACJ,OAAOpE,KAAKmE,0BAA0B,WACjCE,gBAAgBrE,KAAKmE,qBAAqB,IAC3CnE,KAAKmE;AACX,WAAO,MAAM,KAAKrF,cAAc;MAAEC,sBAAsB;MAAOG,SAASc,KAAKd;IAAQ,GAAGf,OAAAA,EAASgB,KAAK,CAACC,OACrGA,GAAGa,IAAI9B,OAAAA,EAASgB,KAAK,CAACC,QACpBA,IAAGkF,4BAA4BF,cAAc;MAC3ChE,eAAeJ,KAAKI;MAClB,GAAIJ,KAAKuE,aAAa;QAAEA,WAAWvE,KAAKuE;MAAU;MAClDC,UAAUxE,KAAKwE;IACnB,CAAA,CAAA,CAAA;EAGN;EAEA,MAAczG,sBAAsBiC,MAA6B7B,SAA0C;AACzG,UAAM,EAAEsG,aAAaC,UAAUC,SAASC,mBAAkB,IAAK5E;AAC/D,UAAM6E,QAAQC,IACZL,YAAYM,IAAI,OAAOC,eAAAA;AACrBC,gBAAUC,SAASF,WAAWG,KAAK;AACnCnD,cAAQC,IAAI,8BAA8B+C,WAAW9F,OAAO,4BAA4B0F,kBAAAA,EAAoB;AAE5G,aAAOzG,QAAQuE,MAAM0C,qBAAqB;QACxCC,gBAAgB;UACdnG,SAAS8F,WAAW9F;UACpBwF;UACAC;UACAQ,OAAOH,WAAWG;QACpB;QACAzI,MAAM;UAAEkI;QAAuC;MACjD,CAAA;IACF,CAAA,CAAA;EAEJ;EAEA,MAAc5G,mBAAmBgC,MAA2B7B,SAAwD;AAClH,UAAMmH,aAAatF,KAAKd,WAAWzC,UAASE;AAC5C,QAAI,KAAKC,UAAU2I,IAAID,UAAAA,GAAa;AAClC,YAAMhF,aAAa,KAAK1D,UAAUqD,IAAIqF,UAAAA;AACtC,UAAIhF,eAAeG,QAAW;AAC5B,cAAMrB,KAAK,MAAMkB,WAAWL,IAAI9B,OAAAA;AAChC,eAAOiB,GAAGoG,uBAAuB;UAC/BC,gBAAgBzF,KAAKI;UACrBA,eAAeJ,KAAKI;UACpB,GAAIJ,KAAKgE,SAAS;YAAEA,OAAOhE,KAAKgE;UAAM;QACxC,CAAA;MACF;IACF;AACA,WAAOvD;EACT;EAEA,MAAM3B,cAAc,EAAEC,sBAAsBG,SAASF,oBAAmB,GAAyBb,SAAgD;AAC/I,QAAIuH,eAAuBjJ,UAASE;AACpC,QAAI2D;AACJ,QAAIpB,SAAS;AACX,UAAI,KAAKtC,UAAU2I,IAAIrG,OAAAA,GAAU;AAC/BwG,uBAAexG;AACfoB,qBAAa,KAAK1D,UAAUqD,IAAIyF,YAAAA;MAClC,WAAWC,aAAYzG,OAAAA,GAAU;AAC/B,YAAI;AAEF,gBAAM0G,KAAK,MAAMzH,QAAQuE,MAAMmD,iBAAiB;YAAEC,QAAQ5G;UAAQ,CAAA;AAClE,cAAI,KAAKtC,UAAU2I,IAAIK,GAAG1G,OAAO,GAAG;AAClCwG,2BAAeE,GAAG1G;AAClBoB,yBAAa,KAAK1D,UAAUqD,IAAIyF,YAAAA;UAClC;QACF,SAASK,QAAQ;QAAC;MACpB;AACA,UAAIhH,sBAAsB;AACxB2G,uBAAexG;MACjB,OAAO;AACLoB,qBAAa,KAAK1D,UAAUqD,IAAIyF,YAAAA;MAClC;IACF,OAAO;AACLpF,mBAAa,KAAK1D,UAAUqD,IAAIyF,YAAAA;IAClC;AAEA,QAAI,CAACpF,YAAY;AACf,UAAI,CAACvB,sBAAsB;AACzB,eAAO8F,QAAQmB,OAAO,gCAAgCN,YAAAA,EAAc;MACtE;AACA,YAAMO,eAAe,KAAKC,gBAAgBhH,OAAAA;AAC1C,YAAMiH,SAAS,MAAM,KAAKC,aAAajI,SAAS;QAAEe;QAASF;MAAyC,CAAA;AACpG,UAAI,CAACmH,OAAO9H,eAAeC,aAAaC,YAAY,OAAO4H,OAAO9H,eAAeC,YAAYC,SAASC,YAAY,YAAY;AAC5H,YAAI,CAAC2H,OAAO9H,gBAAgBC,aAAa;AACvC6H,iBAAO9H,iBAAiB;YAAE,GAAG8H,OAAO9H;UAAe;AACnD8H,iBAAO9H,eAAeC,cAAc;YAAE,GAAG6H,OAAO9H,eAAeC;UAAY;QAC7E;AACA0D,gBAAQC,IAAI,iEAAiE/C,OAAAA;AAC7EiH,eAAO9H,eAAeC,YAAYC,WAAWE,kBAAiBN,SAAS;UACrEO,uBAAuB;UACvBE,iBAAiB;UACjBD,oBAAoB;QACtB,CAAA;MACF;AACA2B,mBAAa,IAAI+F,WAAW;QAAEF;QAAQG,SAASL;MAAa,CAAA;AAC5D,WAAKrJ,UAAU2J,IAAIb,cAAcpF,UAAAA;IACnC;AACA,QAAItB,qBAAqB;AACvBsB,iBAAWa,UAAUqF,sBAAsBxH;IAC7C;AACA,WAAOsB;EACT;EAEA,MAAM8F,aAAajI,SAA2BzB,MAA+E;AAC3H,UAAM,EAAEwC,SAASF,oBAAwC,IAAKtC;AAC9D,UAAM+J,UAAU,KAAKP,gBAAgBhH,OAAAA,GAAUiH,UAAU,KAAKzJ,KAAK0B;AACnE,QAAI,CAACqI,SAAS;AACZ,YAAMvD,MAAM,6DAA6DhE,OAAAA,EAAS;IACpF;AACA,QAAI,KAAKxC,KAAK0B,aAAa;AACzB,UAAI,CAACqI,QAAQpI,gBAAgB;AAC3BoI,gBAAQpI,iBAAiB,KAAK3B,KAAK0B,aAAaC;MAClD,OAAO;AACL,YAAI,CAACoI,QAAQpI,eAAeqI,QAAQ;AAClCD,kBAAQpI,eAAeqI,SAAS,KAAKhK,KAAK0B,YAAYC,eAAeqI;QACvE;AACA,YAAI,CAACD,QAAQpI,eAAesI,qBAAqB;AAC/CF,kBAAQpI,eAAesI,sBAAsB,KAAKjK,KAAK0B,YAAYC,eAAesI;QACpF;AACA,YAAI,CAACF,QAAQG,mBAAmB;AAC9BH,kBAAQG,oBAAoB,KAAKlK,KAAK0B,YAAYwI;QACpD;MACF;AACA,UAAI,CAACH,QAAQpI,eAAeC,eAAe,OAAOmI,QAAQpI,eAAeC,YAAYC,UAAUC,YAAY,YAAY;AACrHiI,gBAAQpI,eAAeC,cAAc;UACnC,GAAG,KAAK5B,KAAK0B,YAAYC,eAAeC;UACxCC,UACE,KAAK7B,KAAK0B,YAAYC,gBAAgBC,aAAaC,YACnDE,kBAAiBN,SAAS;YAAES,iBAAiB;YAAMD,oBAAoB;YAAMD,uBAAuB;UAAK,CAAA;QAC7G;MACF;IACF;AACA,QAAIM,wBAAwByB,UAAazB,wBAAwByH,QAAQD,qBAAqB;AAC5FC,cAAQD,sBAAsBxH;IAChC;AACA,WAAOyH;EACT;EAEAP,gBAAgBhH,SAAmD;AACjE,QAAI,CAAC,KAAKxC,KAAKuJ,aAAc,QAAOxF;AAEpC,UAAMoG,cAAc3H,UAAU,KAAKxC,KAAKuJ,aAAaa,KAAK,CAACC,MAAMA,EAAE7H,YAAYA,OAAAA,IAAWuB;AAE1F,WAAOoG,eAAe,KAAKG,kBAAkB9H,OAAAA;EAC/C;EAEQ8H,kBAAkB9H,SAA6B;AACrD,QAAI,CAAC,KAAKxC,KAAKuJ,aAAc,QAAOxF;AAEpC,UAAMwG,iBAAiB,KAAKvK,KAAKuJ,aAAaa,KAAK,CAACC,MAAMA,EAAE7H,YAAY,SAAA;AACxE,QAAI+H,gBAAgB;AAClB,YAAMC,gBAAgB;QAAE,GAAGD;MAAe;AAC1C,UAAI/H,YAAYuB,QAAW;AACzByG,sBAAchI,UAAUA;MAC1B;AACA,aAAOgI;IACT;AAEA,WAAOzG;EACT;AACF;","names":["AuthorizationResponseStateStatus","decodeUriAsJson","getAgentResolver","shaHasher","defaultHasher","validate","isValidUUID","CredentialMapper","DcqlQuery","ClientIdentifierPrefix","InMemoryRPSessionManager","PassBy","PropertyTarget","ResponseMode","ResponseType","RevocationVerification","RP","Scope","SubjectType","SupportedVersion","SigningAlgo","getAgentDIDMethods","getAgentResolver","isExternalIdentifierOIDFEntityIdOpts","isManagedIdentifierDidOpts","isManagedIdentifierDidResult","isManagedIdentifierX5cOpts","CredentialMapper","EventEmitter","validate","isValidUUID","defaultHasher","getRequestVersion","rpOptions","Array","isArray","supportedVersions","length","SupportedVersion","OID4VP_v1","getWellKnownDIDVerifyCallback","siopIdentifierOpts","context","wellknownDIDVerifyCallback","args","result","agent","cvVerifyCredential","credential","fetchRemoteContexts","verified","getDcqlQueryLookupCallback","dcqlQueryLookup","queryId","version","tenantId","pdmGetDefinitions","filter","isValidUUID","id","query","Promise","reject","Error","getPresentationVerificationCallback","idOpts","presentationVerificationCallback","presentationSubmission","CredentialMapper","isSdJwtEncoded","verifySdJwtPresentation","presentation","payload","isMsoMdocOid4VPEncoded","mdocOid4vpRPVerify","undefined","verifyResult","vp_token","presentation_submission","error","verifyPresentation","domain","identifierManagedGet","kid","split","createRPBuilder","rpOpts","identifierOpts","didMethods","supportedDIDMethods","getAgentDIDMethods","eventEmitter","EventEmitter","defaultClientMetadata","idTokenSigningAlgValuesSupported","SigningAlgo","EDDSA","ES256","ES256K","requestObjectSigningAlgValuesSupported","responseTypesSupported","ResponseType","ID_TOKEN","client_name","vpFormatsSupported","jwt_vc","alg","jwt_vp","scopesSupported","Scope","OPENID_DIDAUTHN","subjectTypesSupported","SubjectType","PAIRWISE","subject_syntax_types_supported","map","method","passBy","PassBy","VALUE","resolver","resolveOpts","getAgentResolver","resolverResolution","localResolution","uniresolverResolution","noUniversalResolverFallback","hasher","credentialOpts","defaultHasher","builder","RP","requestVersion","withScope","PropertyTarget","REQUEST_OBJECT","withResponseMode","responseMode","ResponseMode","POST","withResponseType","VP_TOKEN","withSupportedVersions","SIOPv2_OID4VP_D28","withEventEmitter","withSessionManager","sessionManager","InMemoryRPSessionManager","withClientMetadata","clientMetadataOpts","withVerifyJwtCallback","verifyJwtCallback","getVerifyJwtCallback","verifyOpts","checkLinkedDomain","withDcqlQueryLookup","withRevocationVerification","RevocationVerification","NEVER","withPresentationVerification","oidfOpts","isExternalIdentifierOIDFEntityIdOpts","withEntityId","identifier","resolution","clientId","client_id","issuer","isManagedIdentifierDidResult","did","jwkThumbprint","clientIdPrefixed","prefixClientId","withClientId","withHasher","responseRedirectUri","withResponseRedirectUri","createJwtCallback","signCallback","withCreateJwtCallback","jwtIssuer","jwt","isManagedIdentifierDidOpts","isManagedIdentifierX5cOpts","jwtCreateJwsCompactSignature","kmsKeyRef","noIdentifierInHeader","protectedHeader","header","_opts","_jwtVerifier","jwtVerifyJwsSignature","jws","raw","console","log","message","getSigningAlgo","type","SigningAlgo","EDDSA","ES256K","ES256","RS256","Error","prefixClientId","clientId","startsWith","ClientIdentifierPrefix","DECENTRALIZED_IDENTIFIER","v4","uuidv4","ensureManagedIdentifierResult","isManagedIdentifierDidResult","isManagedIdentifierX5cResult","RPInstance","_rp","_presentationOptions","_rpOptions","rpOpts","pexOpts","get","context","builder","createRPBuilder","build","rpOptions","presentationOptions","createAuthorizationRequestURI","createArgs","correlationId","queryId","claims","requestByReferenceURI","responseURI","responseURIType","callback","nonce","uuidv4","state","jwtIssuer","idOpts","identifierOpts","resolution","ensureManagedIdentifierResult","isManagedIdentifierDidResult","didUrl","kid","method","alg","getSigningAlgo","key","type","isManagedIdentifierX5cResult","issuer","Promise","reject","x5c","Error","then","rp","version","getRequestVersion","createAuthorizationRequest","did","SIOPv2RP","opts","_DEFAULT_OPTS_KEY","instances","Map","schema","IDidAuthSiopOpAuthenticator","methods","siopCreateAuthRequestURI","createAuthorizationRequestURI","bind","siopCreateAuthRequestPayloads","createAuthorizationRequestPayloads","siopGetAuthRequestState","siopGetRequestState","siopGetAuthResponseState","siopGetResponseState","siopUpdateAuthRequestState","siopUpdateRequestState","siopDeleteAuthState","siopDeleteState","siopVerifyAuthResponse","siopImportDefinitions","siopGetRedirectURI","setDefaultOpts","rpDefaultOpts","context","defaultOpts","identifierOpts","resolveOpts","resolver","resolve","getAgentResolver","uniresolverResolution","resolverResolution","localResolution","createArgs","getRPInstance","createWhenNotPresent","responseRedirectURI","useQueryIdInstance","queryId","then","rp","URI","encodedUri","createAuthorizationRequest","request","authRequest","authorizationRequest","payload","requestObject","requestObjectJwt","requestObjectDecoded","getPayload","args","get","sessionManager","getRequestStateByCorrelationId","correlationId","errorOnNotFound","rpInstance","authorizationResponseState","getResponseStateByCorrelationId","undefined","responseState","status","AuthorizationResponseStateStatus","VERIFIED","hasher","CredentialMapper","isSdJwtEncoded","response","vp_token","rpOptions","credentialOpts","defaultHasher","vpToken","JSON","parse","claims","key","value","Object","entries","presentationDecoded","decodeVerifiablePresentation","console","log","stringify","allClaims","presentationOrClaims","presentationOrClaimsFrom","credential","verifiableCredential","vc","schemaValidationResult","agent","cvVerifySchema","validationPolicy","verificationPolicies","schemaValidation","result","ERROR","error","Error","credentialSubject","id","forEach","push","type","decodedPayload","vct","verifiedData","authorization_response","length","credential_claims","isSdJwtDecodedCredential","toUniformPresentation","state","signalAuthRequestRetrieved","deleteStateForCorrelationId","authorizationResponse","authResponse","decodeUriAsJson","verifyAuthorizationResponse","dcqlQuery","audience","importItems","tenantId","version","versionControlMode","Promise","all","map","importItem","DcqlQuery","validate","query","pdmPersistDefinition","definitionItem","instanceId","has","getResponseRedirectUri","correlation_id","rpInstanceId","isValidUUID","pd","pdmGetDefinition","itemId","ignore","reject","instanceOpts","getInstanceOpts","rpOpts","getRPOptions","RPInstance","pexOpts","set","responseRedirectUri","options","idOpts","supportedDIDMethods","supportedVersions","instanceOpt","find","i","getDefaultOptions","defaultOptions","clonedOptions"]}
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@sphereon/ssi-sdk.siopv2-oid4vp-rp-auth",
3
- "version": "0.34.1-fix.226+0b5294f9",
3
+ "version": "0.34.1-fix.247+6c4b1882",
4
4
  "source": "src/index.ts",
5
5
  "type": "module",
6
6
  "main": "./dist/index.cjs",
@@ -26,22 +26,22 @@
26
26
  "build": "tsup --config ../../tsup.config.ts --tsconfig ../../tsconfig.tsup.json"
27
27
  },
28
28
  "dependencies": {
29
- "@sphereon/did-auth-siop": "0.19.1-feature.DIIPv4.170",
30
- "@sphereon/did-auth-siop-adapter": "0.19.1-feature.DIIPv4.170",
31
- "@sphereon/oid4vc-common": "0.19.1-feature.DIIPv4.170",
29
+ "@sphereon/did-auth-siop": "0.19.1-feature.DIIPv4.173",
30
+ "@sphereon/did-auth-siop-adapter": "0.19.1-feature.DIIPv4.173",
31
+ "@sphereon/oid4vc-common": "0.19.1-feature.DIIPv4.173",
32
32
  "@sphereon/pex": "5.0.0-unstable.28",
33
- "@sphereon/ssi-sdk-ext.did-utils": "0.34.1-fix.226+0b5294f9",
34
- "@sphereon/ssi-sdk-ext.identifier-resolution": "0.34.1-fix.226+0b5294f9",
35
- "@sphereon/ssi-sdk-ext.jwt-service": "0.34.1-fix.226+0b5294f9",
36
- "@sphereon/ssi-sdk.core": "0.34.1-fix.226+0b5294f9",
37
- "@sphereon/ssi-sdk.credential-validation": "0.34.1-fix.226+0b5294f9",
38
- "@sphereon/ssi-sdk.kv-store-temp": "0.34.1-fix.226+0b5294f9",
39
- "@sphereon/ssi-sdk.mdl-mdoc": "0.34.1-fix.226+0b5294f9",
40
- "@sphereon/ssi-sdk.pd-manager": "0.34.1-fix.226+0b5294f9",
41
- "@sphereon/ssi-sdk.presentation-exchange": "0.34.1-fix.226+0b5294f9",
42
- "@sphereon/ssi-sdk.sd-jwt": "0.34.1-fix.226+0b5294f9",
43
- "@sphereon/ssi-sdk.siopv2-oid4vp-common": "0.34.1-fix.226+0b5294f9",
44
- "@sphereon/ssi-types": "0.34.1-fix.226+0b5294f9",
33
+ "@sphereon/ssi-sdk-ext.did-utils": "0.34.1-fix.247+6c4b1882",
34
+ "@sphereon/ssi-sdk-ext.identifier-resolution": "0.34.1-fix.247+6c4b1882",
35
+ "@sphereon/ssi-sdk-ext.jwt-service": "0.34.1-fix.247+6c4b1882",
36
+ "@sphereon/ssi-sdk.core": "0.34.1-fix.247+6c4b1882",
37
+ "@sphereon/ssi-sdk.credential-validation": "0.34.1-fix.247+6c4b1882",
38
+ "@sphereon/ssi-sdk.kv-store-temp": "0.34.1-fix.247+6c4b1882",
39
+ "@sphereon/ssi-sdk.mdl-mdoc": "0.34.1-fix.247+6c4b1882",
40
+ "@sphereon/ssi-sdk.pd-manager": "0.34.1-fix.247+6c4b1882",
41
+ "@sphereon/ssi-sdk.presentation-exchange": "0.34.1-fix.247+6c4b1882",
42
+ "@sphereon/ssi-sdk.sd-jwt": "0.34.1-fix.247+6c4b1882",
43
+ "@sphereon/ssi-sdk.siopv2-oid4vp-common": "0.34.1-fix.247+6c4b1882",
44
+ "@sphereon/ssi-types": "0.34.1-fix.247+6c4b1882",
45
45
  "@sphereon/wellknown-dids-client": "^0.1.3",
46
46
  "@veramo/core": "4.2.0",
47
47
  "@veramo/credential-w3c": "4.2.0",
@@ -84,5 +84,5 @@
84
84
  "OpenID Connect",
85
85
  "Authenticator"
86
86
  ],
87
- "gitHead": "0b5294f9513532c0bf553b1faf38363c5754b5af"
87
+ "gitHead": "6c4b188290980043b16a2aecce8bb0670d6e8ef2"
88
88
  }
package/src/functions.ts CHANGED
@@ -35,6 +35,7 @@ import { TKeyType } from '@veramo/core'
35
35
  import { JWTVerifyOptions } from 'did-jwt'
36
36
  import { Resolvable } from 'did-resolver'
37
37
  import { EventEmitter } from 'events'
38
+ import { validate as isValidUUID } from 'uuid'
38
39
  import { IRequiredContext, IRPOptions, ISIOPIdentifierOptions } from './types/ISIOPv2RP'
39
40
  import { DcqlQuery } from 'dcql'
40
41
  import { defaultHasher } from '@sphereon/ssi-sdk.core'
@@ -68,9 +69,7 @@ export function getDcqlQueryLookupCallback(context: IRequiredContext): DcqlQuery
68
69
  ...(tenantId && { tenantId }),
69
70
  ...(version && { version }),
70
71
  },
71
- {
72
- id: queryId,
73
- },
72
+ ...(isValidUUID(queryId) ? [{ id: queryId }] : []),
74
73
  ],
75
74
  })
76
75
  if (result && result.length > 0) {