{"version":3,"sources":["../plugin.schema.json","../src/index.ts","../src/agent/OID4VCIIssuer.ts","../src/functions.ts","../src/IssuerInstance.ts"],"sourcesContent":["{\n  \"IDidAuthSiopOpAuthenticator\": {\n    \"components\": {\n      \"schemas\": {\n        \"IGetSiopSessionArgs\": {\n          \"type\": \"object\",\n          \"properties\": {\n            \"sessionId\": {\n              \"type\": \"string\"\n            },\n            \"additionalProperties\": false\n          },\n          \"required\": [\"sessionId\"],\n          \"description\": \"Arguments needed for {@link DidAuthSiopOpAuthenticator.getSessionForSiop } \"\n        },\n        \"IRegisterSiopSessionArgs\": {\n          \"type\": \"object\",\n          \"properties\": {\n            \"identifier\": {\n              \"type\": \"object\",\n              \"properties\": {\n                \"did\": {\n                  \"type\": \"string\"\n                },\n                \"alias\": {\n                  \"type\": \"string\"\n                },\n                \"provider\": {\n                  \"type\": \"string\"\n                },\n                \"controllerKeyId\": {\n                  \"type\": \"string\"\n                },\n                \"keys\": {\n                  \"type\": \"array\",\n                  \"items\": {\n                    \"type\": \"object\",\n                    \"properties\": {\n                      \"additionalProperties\": true\n                    }\n                  }\n                },\n                \"services\": {\n                  \"type\": \"array\",\n                  \"items\": {\n                    \"type\": \"object\",\n                    \"properties\": {\n                      \"additionalProperties\": true\n                    }\n                  }\n                }\n              },\n              \"additionalProperties\": false,\n              \"required\": [\"did\", \"provider\", \"keys\", \"services\"]\n            },\n            \"sessionId\": {\n              \"type\": \"string\"\n            },\n            \"expiresIn\": {\n              \"type\": \"number\"\n            },\n            \"additionalProperties\": false\n          },\n          \"required\": [\"identifier\"],\n          \"description\": \"Arguments needed for {@link DidAuthSiopOpAuthenticator.registerSessionForSiop } \"\n        },\n        \"IRemoveSiopSessionArgs\": {\n          \"type\": \"object\",\n          \"properties\": {\n            \"sessionId\": {\n              \"type\": \"string\"\n            },\n            \"additionalProperties\": false\n          },\n          \"required\": [\"sessionId\"],\n          \"description\": \"Arguments needed for {@link DidAuthSiopOpAuthenticator.removeSessionForSiop } \"\n        },\n        \"IAuthenticateWithSiopArgs\": {\n          \"type\": \"object\",\n          \"properties\": {\n            \"sessionId\": {\n              \"type\": \"string\"\n            },\n            \"stateId\": {\n              \"type\": \"string\"\n            },\n            \"redirectUrl\": {\n              \"type\": \"string\"\n            },\n            \"additionalProperties\": false\n          },\n          \"required\": [\"sessionId\", \"stateId\", \"redirectUrl\"],\n          \"description\": \"Arguments needed for {@link DidAuthSiopOpAuthenticator.authenticateWithSiop } \"\n        },\n        \"IResponse\": {\n          \"type\": \"object\",\n          \"properties\": {\n            \"status\": {\n              \"type\": \"number\"\n            },\n            \"additionalProperties\": true\n          },\n          \"required\": [\"status\"],\n          \"description\": \"Result of {@link DidAuthSiopOpAuthenticator.authenticateWithSiop & DidAuthSiopOpAuthenticator.sendSiopAuthenticationResponse } \"\n        },\n        \"IGetSiopAuthenticationRequestFromRpArgs\": {\n          \"type\": \"object\",\n          \"properties\": {\n            \"sessionId\": {\n              \"type\": \"string\"\n            },\n            \"stateId\": {\n              \"type\": \"string\"\n            },\n            \"redirectUrl\": {\n              \"type\": \"string\"\n            },\n            \"additionalProperties\": false\n          },\n          \"required\": [\"sessionId\", \"stateId\", \"redirectUrl\"],\n          \"description\": \"Arguments needed for {@link DidAuthSiopOpAuthenticator.getSiopAuthenticationRequestFromRP } \"\n        },\n        \"ParsedAuthenticationRequestURI\": {\n          \"type\": \"object\",\n          \"properties\": {\n            \"jwt\": {\n              \"type\": \"string\"\n            },\n            \"requestPayload\": {\n              \"type\": \"object\",\n              \"properties\": {\n                \"additionalProperties\": true\n              }\n            },\n            \"registration\": {\n              \"type\": \"object\",\n              \"properties\": {\n                \"additionalProperties\": true\n              }\n            },\n            \"additionalProperties\": false\n          },\n          \"required\": [\"jwt\", \"requestPayload\", \"registration\"],\n          \"description\": \"Result of {@link DidAuthSiopOpAuthenticator.getSiopAuthenticationRequestFromRP } \"\n        },\n        \"IGetSiopAuthenticationRequestDetailsArgs\": {\n          \"type\": \"object\",\n          \"properties\": {\n            \"sessionId\": {\n              \"type\": \"string\"\n            },\n            \"verifiedAuthenticationRequest\": {\n              \"type\": \"object\",\n              \"properties\": {\n                \"additionalProperties\": true\n              }\n            },\n            \"credentialFilter\": {\n              \"type\": \"object\",\n              \"properties\": {\n                \"additionalProperties\": true\n              }\n            },\n            \"additionalProperties\": false\n          },\n          \"required\": [\"sessionId\", \"verifiedAuthenticationRequest\"],\n          \"description\": \"Arguments needed for {@link DidAuthSiopOpAuthenticator.getSiopAuthenticationRequestDetails } \"\n        },\n        \"IAuthRequestDetails\": {\n          \"type\": \"object\",\n          \"properties\": {\n            \"id\": {\n              \"type\": \"string\"\n            },\n            \"alsoKnownAs\": {\n              \"type\": \"array\",\n              \"items\": {\n                \"type\": \"string\"\n              }\n            },\n            \"vpResponseOpts\": {\n              \"type\": \"object\",\n              \"properties\": {\n                \"additionalProperties\": true\n              }\n            },\n            \"additionalProperties\": false\n          },\n          \"required\": [\"id\", \"vpResponseOpts\"],\n          \"description\": \"Result of {@link DidAuthSiopOpAuthenticator.getSiopAuthenticationRequestDetails } \"\n        },\n        \"IVerifySiopAuthenticationRequestUriArgs\": {\n          \"type\": \"object\",\n          \"properties\": {\n            \"sessionId\": {\n              \"type\": \"string\"\n            },\n            \"ParsedAuthenticationRequestURI\": {\n              \"type\": \"object\",\n              \"properties\": {\n                \"additionalProperties\": true\n              }\n            },\n            \"additionalProperties\": false\n          },\n          \"required\": [\"sessionId\", \"ParsedAuthenticationRequestURI\"],\n          \"description\": \"Arguments needed for {@link DidAuthSiopOpAuthenticator.verifySiopAuthenticationRequestURI } \"\n        },\n        \"VerifiedAuthorizationRequest\": {\n          \"type\": \"object\",\n          \"properties\": {\n            \"payload\": {\n              \"type\": \"object\",\n              \"properties\": {\n                \"additionalProperties\": true\n              }\n            },\n            \"presentationDefinitions\": {\n              \"type\": \"object\",\n              \"properties\": {\n                \"additionalProperties\": true\n              }\n            },\n            \"verifyOpts\": {\n              \"type\": \"object\",\n              \"properties\": {\n                \"additionalProperties\": true\n              }\n            },\n            \"additionalProperties\": false\n          },\n          \"required\": [\"payload\", \"verifyOpts\"],\n          \"description\": \"Result of {@link DidAuthSiopOpAuthenticator.verifySiopAuthenticationRequestURI } \"\n        },\n        \"ISendSiopAuthenticationResponseArgs\": {\n          \"type\": \"object\",\n          \"properties\": {\n            \"sessionId\": {\n              \"type\": \"string\"\n            },\n            \"verifiedAuthenticationRequest\": {\n              \"type\": \"object\",\n              \"properties\": {\n                \"additionalProperties\": true\n              }\n            },\n            \"verifiablePresentationResponse\": {\n              \"type\": \"object\",\n              \"properties\": {\n                \"additionalProperties\": true\n              }\n            },\n            \"additionalProperties\": false\n          },\n          \"required\": [\"sessionId\", \"verifiedAuthenticationRequest\"],\n          \"description\": \"Arguments needed for {@link DidAuthSiopOpAuthenticator.sendSiopAuthenticationResponse } \"\n        }\n      },\n      \"methods\": {\n        \"getSessionForSiop\": {\n          \"description\": \"Get SIOP session\",\n          \"arguments\": {\n            \"$ref\": \"#/components/schemas/IGetSiopSessionArgs\"\n          },\n          \"returnType\": \"object\"\n        },\n        \"registerSessionForSiop\": {\n          \"description\": \"Register SIOP session\",\n          \"arguments\": {\n            \"$ref\": \"#/components/schemas/IRegisterSiopSessionArgs\"\n          },\n          \"returnType\": \"object\"\n        },\n        \"removeSessionForSiop\": {\n          \"description\": \"Remove SIOP session\",\n          \"arguments\": {\n            \"$ref\": \"#/components/schemas/IRemoveSiopSessionArgs\"\n          },\n          \"returnType\": \"boolean\"\n        },\n        \"authenticateWithSiop\": {\n          \"description\": \"Authenticate using DID Auth SIOP\",\n          \"arguments\": {\n            \"$ref\": \"#/components/schemas/IAuthenticateWithSiopArgs\"\n          },\n          \"returnType\": {\n            \"$ref\": \"#/components/schemas/Response\"\n          }\n        },\n        \"getSiopAuthenticationRequestFromRP\": {\n          \"description\": \"Get authentication request from RP\",\n          \"arguments\": {\n            \"$ref\": \"#/components/schemas/IGetSiopAuthenticationRequestFromRpArgs\"\n          },\n          \"returnType\": {\n            \"$ref\": \"#/components/schemas/ParsedAuthenticationRequestURI\"\n          }\n        },\n        \"getSiopAuthenticationRequestDetails\": {\n          \"description\": \"Get authentication request details\",\n          \"arguments\": {\n            \"$ref\": \"#/components/schemas/IGetSiopAuthenticationRequestDetailsArgs\"\n          },\n          \"returnType\": {\n            \"$ref\": \"#/components/schemas/IAuthRequestDetails\"\n          }\n        },\n        \"verifySiopAuthenticationRequestURI\": {\n          \"description\": \"Verify authentication request URI\",\n          \"arguments\": {\n            \"$ref\": \"#/components/schemas/IVerifySiopAuthenticationRequestUriArgs\"\n          },\n          \"returnType\": {\n            \"$ref\": \"#/components/schemas/VerifiedAuthorizationRequest\"\n          }\n        },\n        \"sendSiopAuthenticationResponse\": {\n          \"description\": \"Send authentication response\",\n          \"arguments\": {\n            \"$ref\": \"#/components/schemas/ISendSiopAuthenticationResponseArgs\"\n          },\n          \"returnType\": {\n            \"$ref\": \"#/components/schemas/IRequiredContext\"\n          }\n        }\n      }\n    }\n  }\n}\n","/**\n * @public\n */\nconst schema = require('../plugin.schema.json')\nexport { schema }\nexport { OID4VCIIssuer } from './agent/OID4VCIIssuer'\nexport * from './functions'\nexport * from './IssuerInstance'\nexport * from './types/IOID4VCIIssuer'\n","import {\n  AccessTokenResponse,\n  AuthorizationServerMetadata,\n  CredentialResponse,\n  IssuerMetadata,\n  OpenIDResponse,\n  WellKnownEndpoints,\n} from '@sphereon/oid4vci-common'\nimport { assertValidAccessTokenRequest, createAccessTokenResponse, VcIssuer } from '@sphereon/oid4vci-issuer'\nimport { retrieveWellknown } from '@sphereon/oid4vci-client'\nimport { getAgentResolver } from '@sphereon/ssi-sdk-ext.did-utils'\nimport { IMetadataOptions } from '@sphereon/ssi-sdk.oid4vci-issuer-store'\nimport { IAgentPlugin } from '@veramo/core'\nimport { getAccessTokenSignerCallback } from '../functions'\nimport {\n  IAssertValidAccessTokenArgs,\n  ICreateCredentialOfferURIResult,\n  ICreateOfferArgs,\n  IIssueCredentialArgs,\n  IIssuerInstanceArgs,\n  IIssuerOptions,\n  IOID4VCIIssuerOpts,\n  IRequiredContext,\n  schema,\n} from '../index'\nimport { IssuerInstance } from '../IssuerInstance'\n\nimport { IOID4VCIIssuer } from '../types/IOID4VCIIssuer'\n\nexport class OID4VCIIssuer implements IAgentPlugin {\n  private static readonly _DEFAULT_OPTS_KEY = '_default'\n  private readonly instances: Map<string, IssuerInstance> = new Map()\n  readonly schema = schema.IDidAuthSiopOpAuthenticator\n\n  readonly methods: IOID4VCIIssuer = {\n    oid4vciCreateOfferURI: this.oid4vciCreateOfferURI.bind(this),\n    oid4vciIssueCredential: this.oid4vciIssueCredential.bind(this),\n    oid4vciCreateAccessTokenResponse: this.oid4vciCreateAccessTokenResponse.bind(this),\n    oid4vciGetInstance: this.oid4vciGetInstance.bind(this),\n  }\n  private _opts: IOID4VCIIssuerOpts\n\n  constructor(opts?: IOID4VCIIssuerOpts) {\n    this._opts = opts ?? {}\n  }\n\n  private async oid4vciCreateOfferURI(createArgs: ICreateOfferArgs, context: IRequiredContext): Promise<ICreateCredentialOfferURIResult> {\n    return await this.oid4vciGetInstance(createArgs, context)\n      .then((instance) => instance.get({ context }))\n      .then((issuer: VcIssuer) =>\n        issuer.createCredentialOfferURI(createArgs).then((response) => {\n          const result: ICreateCredentialOfferURIResult = response\n          if (this._opts.returnSessions === false) {\n            delete result.session\n          }\n          return result\n        }),\n      )\n  }\n\n  private async oid4vciIssueCredential(issueArgs: IIssueCredentialArgs, context: IRequiredContext): Promise<CredentialResponse> {\n    return await this.oid4vciGetInstance(issueArgs, context)\n      .then((instance) => instance.get({ context }))\n      .then((issuer: VcIssuer) => issuer.issueCredential(issueArgs))\n  }\n\n  private async oid4vciCreateAccessTokenResponse(\n    accessTokenArgs: IAssertValidAccessTokenArgs,\n    context: IRequiredContext,\n  ): Promise<AccessTokenResponse> {\n    return await this.oid4vciGetInstance(accessTokenArgs, context).then(async (instance) => {\n      const issuer = await instance.get({ context })\n\n      await assertValidAccessTokenRequest(accessTokenArgs.request, {\n        credentialOfferSessions: issuer.credentialOfferSessions,\n        expirationDuration: accessTokenArgs.expirationDuration,\n      })\n      const accessTokenIssuer = instance.issuerOptions.idOpts?.issuer ?? instance.issuerOptions.didOpts?.idOpts.identifier.toString() // last part is legacy\n      if (!accessTokenIssuer) {\n        return Promise.reject(Error(`Could not determine access token issuer`))\n      }\n      return createAccessTokenResponse(accessTokenArgs.request, {\n        accessTokenIssuer,\n        tokenExpiresIn: accessTokenArgs.expirationDuration,\n        cNonceExpiresIn: accessTokenArgs.expirationDuration,\n        cNonces: issuer.cNonces,\n        credentialOfferSessions: issuer.credentialOfferSessions,\n        accessTokenSignerCallback: await getAccessTokenSignerCallback(instance.issuerOptions, context),\n      })\n    })\n  }\n\n  private getExternalAS(issuerMetadata: IssuerMetadata): string | undefined {\n    if ('authorization_servers' in issuerMetadata && Array.isArray(issuerMetadata.authorization_servers)) {\n      return issuerMetadata.authorization_servers.find((as) => as !== issuerMetadata.credential_issuer)\n    }\n    return undefined\n  }\n\n  private async createIssuerInstance(args: IIssuerInstanceArgs, context: IRequiredContext): Promise<IssuerInstance> {\n    const credentialIssuer = args.credentialIssuer ?? OID4VCIIssuer._DEFAULT_OPTS_KEY\n    //todo: prob doesn't make sense as credentialIssuer is mandatory anyway\n\n    const metadataOpts = await this.getMetadataOpts({ ...args, credentialIssuer }, context)\n    const issuerMetadata = await this.getIssuerMetadata({ ...args, credentialIssuer }, context)\n    const externalAS = this.getExternalAS(issuerMetadata)\n    let asMetadataResponse: OpenIDResponse<AuthorizationServerMetadata> | undefined = undefined\n    if (externalAS) {\n      // Let's try OIDC first and then fallback to OAuth2\n      asMetadataResponse = await retrieveWellknown(externalAS, WellKnownEndpoints.OPENID_CONFIGURATION, {\n        errorOnNotFound: false,\n      })\n      if (!asMetadataResponse) {\n        asMetadataResponse = await retrieveWellknown(externalAS, WellKnownEndpoints.OAUTH_AS, {\n          errorOnNotFound: true,\n        })\n      }\n    }\n    const authorizationServerMetadata = asMetadataResponse?.successBody\n      ? asMetadataResponse!.successBody\n      : await this.getAuthorizationServerMetadataFromStore(\n          {\n            ...args,\n            credentialIssuer,\n          },\n          context,\n        )\n    const issuerOpts = await this.getIssuerOptsFromStore({ ...args, credentialIssuer }, context)\n    if (!issuerOpts.resolveOpts) {\n      issuerOpts.resolveOpts = { ...issuerOpts.didOpts?.resolveOpts, ...this._opts.resolveOpts }\n    }\n    if (!issuerOpts.resolveOpts?.resolver) {\n      issuerOpts.resolveOpts.resolver = getAgentResolver(context)\n    }\n    this.instances.set(\n      credentialIssuer,\n      new IssuerInstance({\n        issuerOpts,\n        metadataOpts,\n        issuerMetadata,\n        authorizationServerMetadata,\n      }),\n    )\n    return this.oid4vciGetInstance(args, context)\n  }\n\n  public async oid4vciGetInstance(args: IIssuerInstanceArgs, context: IRequiredContext): Promise<IssuerInstance> {\n    const credentialIssuer = args.credentialIssuer ?? OID4VCIIssuer._DEFAULT_OPTS_KEY\n    //todo: prob doesn't make sense as credentialIssuer is mandatory anyway\n    if (!this.instances.has(credentialIssuer)) {\n      await this.createIssuerInstance(args, context)\n    }\n    return this.instances.get(credentialIssuer)!\n  }\n\n  private async getIssuerOptsFromStore(\n    opts: {\n      credentialIssuer: string\n      storeId?: string\n      namespace?: string\n    },\n    context: IRequiredContext,\n  ): Promise<IIssuerOptions> {\n    const credentialIssuer = opts.credentialIssuer\n    const storeId = await this.storeId(opts, context)\n    const namespace = await this.namespace(opts, context)\n    const options = await context.agent.oid4vciStoreGetIssuerOpts({\n      metadataType: 'issuer',\n      correlationId: credentialIssuer,\n      storeId,\n      namespace,\n    })\n    if (!options) {\n      throw Error(`Could not get specific nor default options for definition ${credentialIssuer}`)\n    }\n    return options\n  }\n\n  private async getMetadataOpts(\n    opts: {\n      credentialIssuer: string\n      storeId?: string\n      namespace?: string\n    },\n    context: IRequiredContext,\n  ): Promise<IMetadataOptions> {\n    const credentialIssuer = opts.credentialIssuer\n    const storeId = await this.storeId(opts, context)\n    const storeNamespace = await this.namespace(opts, context)\n    return { credentialIssuer, storeId, storeNamespace }\n  }\n\n  private async getIssuerMetadata(\n    opts: {\n      credentialIssuer: string\n      storeId?: string\n      namespace?: string\n    },\n    context: IRequiredContext,\n  ): Promise<IssuerMetadata> {\n    const metadataOpts = await this.getMetadataOpts(opts, context)\n    const metadata = (await context.agent.oid4vciStoreGetMetadata({\n      metadataType: 'issuer',\n      correlationId: metadataOpts.credentialIssuer,\n      namespace: metadataOpts.storeNamespace,\n      storeId: metadataOpts.storeId,\n    })) as IssuerMetadata\n    if (!metadata) {\n      throw Error(`Issuer metadata not found for issuer ${opts.credentialIssuer}, namespace ${opts.namespace} and store ${opts.storeId}`)\n    }\n    return metadata\n  }\n\n  private async getAuthorizationServerMetadataFromStore(\n    opts: {\n      credentialIssuer: string\n      storeId?: string\n      namespace?: string\n    },\n    context: IRequiredContext,\n  ): Promise<AuthorizationServerMetadata> {\n    const metadataOpts = await this.getMetadataOpts(opts, context)\n    const metadata = (await context.agent.oid4vciStoreGetMetadata({\n      metadataType: 'authorizationServer',\n      correlationId: metadataOpts.credentialIssuer,\n      namespace: metadataOpts.storeNamespace,\n      storeId: metadataOpts.storeId,\n    })) as AuthorizationServerMetadata\n    if (!metadata) {\n      throw Error(\n        `Authorization server ${opts.credentialIssuer} metadata  not found for namespace ${metadataOpts.storeNamespace} and store ${metadataOpts.storeId}`,\n      )\n    }\n    return metadata\n  }\n\n  private async storeId(opts?: { storeId?: string }, context?: IRequiredContext): Promise<string> {\n    const storeId = opts?.storeId ?? this._opts?.defaultStoreId ?? (await context?.agent.oid4vciStoreDefaultStoreId())\n    if (!storeId) {\n      throw Error('Please provide a store id a default value, or provide the context for a global default store id')\n    }\n    return storeId\n  }\n\n  private async namespace(opts?: { namespace?: string }, context?: IRequiredContext): Promise<string> {\n    const namespace = opts?.namespace ?? this._opts?.defaultNamespace ?? (await context?.agent.oid4vciStoreDefaultNamespace())\n    if (!namespace) {\n      throw Error('Please provide a namespace a default value, or provide the context for a global default namespace')\n    }\n    return namespace\n  }\n}\n","import {\n  AuthorizationServerMetadata,\n  CredentialRequest,\n  IssuerMetadata,\n  Jwt,\n  JWTHeader,\n  JWTPayload,\n  JwtVerifyResult,\n  type OID4VCICredentialFormat,\n  StatusListOpts,\n} from '@sphereon/oid4vci-common'\nimport { CredentialDataSupplier, CredentialIssuanceInput, CredentialSignerCallback, VcIssuer, VcIssuerBuilder } from '@sphereon/oid4vci-issuer'\nimport { getAgentResolver, IDIDOptions } from '@sphereon/ssi-sdk-ext.did-utils'\nimport { legacyKeyRefsToIdentifierOpts, ManagedIdentifierOptsOrResult } from '@sphereon/ssi-sdk-ext.identifier-resolution'\nimport { contextHasPlugin } from '@sphereon/ssi-sdk.agent-config'\nimport { SdJwtVcPayload } from '@sphereon/ssi-sdk.sd-jwt'\nimport { IStatusListPlugin } from '@sphereon/ssi-sdk.vc-status-list'\nimport { CompactSdJwtVc, CredentialMapper, ICredential, W3CVerifiableCredential } from '@sphereon/ssi-types'\nimport { CredentialPayload, ProofFormat } from '@veramo/core'\nimport { bytesToBase64 } from '@veramo/utils'\nimport { createJWT, decodeJWT, JWTVerifyOptions, verifyJWT } from 'did-jwt'\nimport { Resolvable } from 'did-resolver'\nimport { jwtDecode } from 'jwt-decode'\nimport { IIssuerOptions, IRequiredContext } from './types/IOID4VCIIssuer'\nimport fetch from 'cross-fetch'\nimport { AuthorizationResponseStateStatus } from '@sphereon/did-auth-siop'\n\nexport function getJwtVerifyCallback({ verifyOpts }: { verifyOpts?: JWTVerifyOptions }, _context: IRequiredContext) {\n  return async (args: { jwt: string; kid?: string }): Promise<JwtVerifyResult> => {\n    const resolver = getAgentResolver(_context, {\n      resolverResolution: true,\n      uniresolverResolution: true,\n      localResolution: true,\n    })\n    verifyOpts = { ...verifyOpts, resolver: verifyOpts?.resolver } // Resolver separately as that is a function\n    if (!verifyOpts?.resolver || typeof verifyOpts?.resolver?.resolve !== 'function') {\n      verifyOpts.resolver = resolver\n    }\n    const result = await _context.agent.jwtVerifyJwsSignature({ jws: args.jwt })\n    if (!result.error) {\n      const identifier = result.jws.signatures[0].identifier\n      if (!identifier) {\n        return Promise.reject(Error('the jws did not contain a signature with an identifier'))\n      }\n      const jwkInfo = identifier.jwks[0]\n      if (!jwkInfo) {\n        return Promise.reject(Error(`the identifier of type ${identifier.method} is missing jwks (ExternalJwkInfo)`))\n      }\n      const { alg } = jwkInfo.jwk\n      const header = jwtDecode<JWTHeader>(args.jwt, { header: true })\n      const payload = jwtDecode<JWTPayload>(args.jwt, { header: false })\n      const kid = args.kid ?? header.kid\n      //const jwk = !kid ? jwkInfo.jwk : undefined // TODO double-check if this is correct\n      const jwk = jwkInfo.jwk // FIXME workaround IATAB2B-57\n      return {\n        alg,\n        ...identifier,\n        jwt: { header, payload },\n        ...(kid && { kid }),\n        ...(jwk && { jwk }),\n      } as JwtVerifyResult\n    }\n\n    const decodedJwt = (await decodeJWT(args.jwt)) as Jwt\n    const kid = args.kid ?? decodedJwt.header.kid\n\n    if (!kid || !kid.startsWith('did:')) {\n      // No DID method present in header. We already performed the validation above. So return that\n      return {\n        alg: decodedJwt.header.alg,\n        jwt: decodedJwt,\n      } as JwtVerifyResult\n    }\n    const did = kid.split('#')[0]\n\n    const didResult = await verifyJWT(args.jwt, verifyOpts)\n    if (!didResult.verified) {\n      console.log(`JWT invalid: ${args.jwt}`)\n      throw Error('JWT did not verify successfully')\n    }\n\n    const didResolution = await resolver.resolve(did)\n    if (!didResolution || !didResolution.didDocument) {\n      throw Error(`Could not resolve did: ${did}, metadata: ${didResolution?.didResolutionMetadata}`)\n    }\n\n    const alg = decodedJwt.header.alg\n    return {\n      alg,\n      kid,\n      did,\n      didDocument: didResolution.didDocument,\n      jwt: decodedJwt,\n    }\n  }\n}\n\nexport async function getAccessTokenKeyRef(\n  opts: {\n    /**\n     * Uniform identifier options\n     */\n    idOpts?: ManagedIdentifierOptsOrResult\n    /**\n     * @deprecated\n     */\n    iss?: string\n    /**\n     * @deprecated\n     */\n    keyRef?: string\n    /**\n     * @deprecated\n     */\n    didOpts?: IDIDOptions\n  },\n  context: IRequiredContext,\n) {\n  let identifier = legacyKeyRefsToIdentifierOpts(opts)\n  return await context.agent.identifierManagedGet(identifier)\n}\n\nexport async function getAccessTokenSignerCallback(\n  opts: {\n    /**\n     * Uniform identifier options\n     */\n    idOpts?: ManagedIdentifierOptsOrResult\n    /**\n     * @deprecated\n     */\n    iss?: string\n    /**\n     * @deprecated\n     */\n    keyRef?: string\n    /**\n     * @deprecated\n     */\n    didOpts?: IDIDOptions\n  },\n  context: IRequiredContext,\n) {\n  const signer = async (data: string | Uint8Array) => {\n    let dataString, encoding: 'base64' | undefined\n\n    const resolution = await legacyKeyRefsToIdentifierOpts(opts)\n    const keyRef = resolution.kmsKeyRef\n    if (!keyRef) {\n      throw Error('Cannot sign access tokens without a key ref')\n    }\n    if (typeof data === 'string') {\n      dataString = data\n      encoding = undefined\n    } else {\n      dataString = bytesToBase64(data)\n      encoding = 'base64'\n    }\n    return context.agent.keyManagerSign({ keyRef, data: dataString, encoding })\n  }\n\n  async function accessTokenSignerCallback(jwt: Jwt, kid?: string): Promise<string> {\n    const issuer =\n      opts.idOpts?.issuer ??\n      (typeof opts.idOpts?.identifier === 'string' ? opts.idOpts.identifier : (opts.didOpts?.idOpts?.identifier?.toString() ?? opts?.iss))\n    if (!issuer) {\n      throw Error('No issuer configured for access tokens')\n    }\n\n    let kidHeader: string | undefined = jwt?.header?.kid ?? kid\n    if (!kidHeader) {\n      if (\n        opts.idOpts?.method === 'did' ||\n        opts.idOpts?.method === 'kid' ||\n        (typeof opts.didOpts?.idOpts.identifier === 'string' && opts.didOpts?.idOpts?.identifier?.startsWith('did:'))\n      ) {\n        // @ts-ignore\n        kidHeader = opts.idOpts?.kid ?? opts.didOpts?.idOpts?.kid ?? opts?.didOpts?.identifierOpts?.kid\n      }\n    }\n    return await createJWT(jwt.payload, { signer, issuer }, { ...jwt.header, ...(kidHeader && { kid: kidHeader }), typ: 'JWT' })\n  }\n\n  return accessTokenSignerCallback\n}\n\nexport async function getCredentialSignerCallback(\n  idOpts: ManagedIdentifierOptsOrResult & {\n    crypto?: Crypto\n  },\n  context: IRequiredContext,\n): Promise<CredentialSignerCallback> {\n  async function issueVCCallback(args: {\n    credentialRequest: CredentialRequest\n    credential: CredentialIssuanceInput\n    jwtVerifyResult: JwtVerifyResult\n    format?: OID4VCICredentialFormat\n    statusLists?: Array<StatusListOpts>\n  }): Promise<W3CVerifiableCredential | CompactSdJwtVc> {\n    const { jwtVerifyResult, format, statusLists } = args\n    const credential = args.credential as ICredential // TODO: SDJWT\n    let proofFormat: ProofFormat\n\n    const resolution = await context.agent.identifierManagedGet(idOpts)\n    proofFormat = format?.includes('ld') ? 'lds' : 'jwt'\n    const issuer = resolution.issuer ?? resolution.kmsKeyRef\n\n    if (CredentialMapper.isW3cCredential(credential)) {\n      if (!credential.issuer) {\n        credential.issuer = { id: issuer }\n      } else if (typeof credential.issuer === 'object' && !credential.issuer.id) {\n        credential.issuer.id = issuer\n      }\n      const subjectIsArray = Array.isArray(credential.credentialSubject)\n      let credentialSubjects = Array.isArray(credential.credentialSubject) ? credential.credentialSubject : [credential.credentialSubject]\n      credentialSubjects = credentialSubjects.map((subject) => {\n        if (!subject.id) {\n          subject.id = jwtVerifyResult.did\n        }\n        return subject\n      })\n      credential.credentialSubject = subjectIsArray ? credentialSubjects : credentialSubjects[0]\n\n      // TODO: We should extend the plugin capabilities of issuance so we do not have to tuck this into the sign callback\n      if (contextHasPlugin<IStatusListPlugin>(context, 'slAddStatusToCredential')) {\n        // Add status list if enabled (and when the input has a credentialStatus object (can be empty))\n        const credentialStatusVC = await context.agent.slAddStatusToCredential({ credential, statusLists })\n        if (credential.credentialStatus && !credential.credentialStatus.statusListCredential) {\n          credential.credentialStatus = credentialStatusVC.credentialStatus\n          // TODO update statusLists somehow?\n        }\n      }\n\n      const result = await context.agent.createVerifiableCredential({\n        credential: credential as CredentialPayload,\n        proofFormat,\n        removeOriginalFields: false,\n        fetchRemoteContexts: true,\n        domain: typeof credential.issuer === 'object' ? credential.issuer.id : credential.issuer,\n        ...(resolution.kid && { header: { kid: resolution.kid } }),\n      })\n      return (proofFormat === 'jwt' && 'jwt' in result.proof ? result.proof.jwt : result) as W3CVerifiableCredential\n    } else if (CredentialMapper.isSdJwtDecodedCredentialPayload(credential)) {\n      const sdJwtPayload = credential as SdJwtVcPayload\n      if (sdJwtPayload.iss === undefined) {\n        sdJwtPayload.iss = issuer\n      }\n      if (sdJwtPayload.iat === undefined) {\n        sdJwtPayload.iat = Math.floor(new Date().getTime() / 1000)\n      }\n\n      let disclosureFrame\n      if ('disclosureFrame' in credential) {\n        disclosureFrame = credential['disclosureFrame']\n        delete credential['disclosureFrame']\n      } else {\n        disclosureFrame = {\n          _sd: credential['_sd'],\n        }\n      }\n\n      if (contextHasPlugin<IStatusListPlugin>(context, 'slAddStatusToSdJwtCredential')) {\n        if ((sdJwtPayload.status && sdJwtPayload.status.status_list) || (statusLists && statusLists.length > 0)) {\n          // Add status list if enabled (and when the input has a credentialStatus object (can be empty))\n          const sdJwtPayloadWithStatus = await context.agent.slAddStatusToSdJwtCredential({ credential: sdJwtPayload, statusLists })\n          if (sdJwtPayload.status?.status_list?.idx) {\n            if (!sdJwtPayloadWithStatus.status || !sdJwtPayloadWithStatus.status.status_list) {\n              // sdJwtPayload and sdJwtPayloadWithStatus is the same for now, but we should use the result anyway as this could be subject to change\n              return Promise.reject(Error('slAddStatusToSdJwtCredential did not return a status_list'))\n            }\n\n            // Update statusListId & statusListIndex back to the credential session TODO SSISDK-4 This is not a clean way to do this.\n            if (statusLists && statusLists.length > 0) {\n              const statusList = statusLists[0]\n              statusList.statusListId = sdJwtPayloadWithStatus.status.status_list.uri\n              statusList.statusListIndex = sdJwtPayloadWithStatus.status.status_list.idx\n            }\n            sdJwtPayload.status.status_list.idx = sdJwtPayloadWithStatus.status.status_list.idx\n          }\n        }\n      }\n\n      const result = await context.agent.createSdJwtVc({\n        credentialPayload: sdJwtPayload,\n        disclosureFrame: disclosureFrame,\n        resolution,\n      })\n      return result.credential\n    } /*else if (CredentialMapper.isMsoMdocDecodedCredential(credential)) {\n      TODO\n    }*/\n    return Promise.reject('VC issuance failed, an incorrect or unsupported credential was supplied')\n  }\n\n  return issueVCCallback\n}\n\nexport async function createVciIssuerBuilder(\n  args: {\n    issuerOpts: IIssuerOptions\n    issuerMetadata: IssuerMetadata\n    authorizationServerMetadata: AuthorizationServerMetadata\n    resolver?: Resolvable\n    credentialDataSupplier?: CredentialDataSupplier\n  },\n  context: IRequiredContext,\n): Promise<VcIssuerBuilder> {\n  const { issuerOpts, issuerMetadata, authorizationServerMetadata } = args\n\n  const builder = new VcIssuerBuilder()\n  // @ts-ignore\n  const resolver =\n    args.resolver ??\n    args?.issuerOpts?.didOpts?.resolveOpts?.resolver ??\n    args.issuerOpts?.didOpts?.resolveOpts?.jwtVerifyOpts?.resolver ??\n    getAgentResolver(context)\n  if (!resolver) {\n    throw Error('A Resolver is necessary to verify DID JWTs')\n  }\n  const idOpts = legacyKeyRefsToIdentifierOpts({ didOpts: issuerOpts.didOpts, idOpts: issuerOpts.idOpts })\n  const jwtVerifyOpts: JWTVerifyOptions = {\n    ...issuerOpts?.didOpts?.resolveOpts?.jwtVerifyOpts,\n    ...args?.issuerOpts?.resolveOpts?.jwtVerifyOpts,\n    resolver,\n    audience: issuerMetadata.credential_issuer as string, // FIXME legacy version had {display: NameAndLocale | NameAndLocale[]} as credential_issuer\n  }\n  builder.withIssuerMetadata(issuerMetadata)\n  builder.withAuthorizationMetadata(authorizationServerMetadata)\n  // builder.withUserPinRequired(issuerOpts.userPinRequired ?? false) was removed from implementers draft v1\n  builder.withCredentialSignerCallback(await getCredentialSignerCallback(idOpts, context))\n\n  if (issuerOpts.asClientOpts) {\n    builder.withASClientMetadata(issuerOpts.asClientOpts)\n    // @ts-ignore\n    // const authorizationServer = issuerMetadata.authorization_servers[0] as string\n    // Set the OIDC verifier\n    // builder.withJWTVerifyCallback(oidcAccessTokenVerifyCallback({clientMetadata: issuerOpts.asClientOpts, credentialIssuer: issuerMetadata.credential_issuer as string, authorizationServer}))\n  }\n  // Do not use it when asClient is used\n  builder.withJWTVerifyCallback(getJwtVerifyCallback({ verifyOpts: jwtVerifyOpts }, context))\n\n  if (args.credentialDataSupplier) {\n    builder.withCredentialDataSupplier(args.credentialDataSupplier)\n  }\n  builder.withInMemoryCNonceState()\n  builder.withInMemoryCredentialOfferState()\n  builder.withInMemoryCredentialOfferURIState()\n\n  return builder\n}\n\nexport async function createVciIssuer(\n  {\n    issuerOpts,\n    issuerMetadata,\n    authorizationServerMetadata,\n    credentialDataSupplier,\n  }: {\n    issuerOpts: IIssuerOptions\n    issuerMetadata: IssuerMetadata\n    authorizationServerMetadata: AuthorizationServerMetadata\n    credentialDataSupplier?: CredentialDataSupplier\n  },\n  context: IRequiredContext,\n): Promise<VcIssuer> {\n  return (\n    await createVciIssuerBuilder(\n      {\n        issuerOpts,\n        issuerMetadata,\n        authorizationServerMetadata,\n        credentialDataSupplier,\n      },\n      context,\n    )\n  ).build()\n}\n\nexport async function createAuthRequestUriCallback(opts: { path: string; presentationDefinitionId: string }): Promise<() => Promise<string>> {\n  async function authRequestUriCallback(): Promise<string> {\n    const path = opts.path.replace(':definitionId', opts.presentationDefinitionId)\n    return fetch(path, {\n      method: 'POST',\n      headers: {\n        'Content-Type': 'application/json',\n      },\n    }).then(async (response): Promise<string> => {\n      if (response.status >= 400) {\n        return Promise.reject(Error(await response.text()))\n      } else {\n        const responseData = await response.json()\n\n        if (!responseData.authRequestURI) {\n          return Promise.reject(Error('Missing auth request uri in response body'))\n        }\n\n        return responseData.authRequestURI\n      }\n    })\n  }\n\n  return authRequestUriCallback\n}\n\nexport async function createVerifyAuthResponseCallback(opts: {\n  path: string\n  presentationDefinitionId: string\n}): Promise<(correlationId: string) => Promise<boolean>> {\n  async function verifyAuthResponseCallback(correlationId: string): Promise<boolean> {\n    return fetch(opts.path, {\n      method: 'POST',\n      headers: {\n        'Content-Type': 'application/json',\n      },\n      body: JSON.stringify({ definitionId: opts.presentationDefinitionId, correlationId }),\n    }).then(async (response): Promise<boolean> => {\n      if (response.status >= 400) {\n        return Promise.reject(Error(await response.text()))\n      } else {\n        const responseData = await response.json()\n\n        if (!responseData.status) {\n          return Promise.reject(Error('Missing status in response body'))\n        }\n\n        return responseData.status === AuthorizationResponseStateStatus.VERIFIED\n      }\n    })\n  }\n\n  return verifyAuthResponseCallback\n}\n","import { CredentialDataSupplier, VcIssuer } from '@sphereon/oid4vci-issuer'\nimport { createVciIssuerBuilder } from './functions'\nimport { AuthorizationServerMetadata, IssuerMetadata } from '@sphereon/oid4vci-common'\nimport { IIssuerOptions, IMetadataOptions, IRequiredContext } from './types/IOID4VCIIssuer'\n\nexport class IssuerInstance {\n  private _issuer: VcIssuer | undefined\n  private readonly _metadataOptions: IMetadataOptions\n  private readonly _issuerOptions: IIssuerOptions\n  private _issuerMetadata: IssuerMetadata\n  private readonly _authorizationServerMetadata: AuthorizationServerMetadata\n\n  public constructor({\n    issuerOpts,\n    metadataOpts,\n    issuerMetadata,\n    authorizationServerMetadata,\n  }: {\n    issuerOpts: IIssuerOptions\n    metadataOpts: IMetadataOptions\n    issuerMetadata: IssuerMetadata\n    authorizationServerMetadata: AuthorizationServerMetadata\n  }) {\n    this._issuerOptions = issuerOpts\n    this._metadataOptions = metadataOpts\n    this._issuerMetadata = issuerMetadata\n    this._authorizationServerMetadata = authorizationServerMetadata\n  }\n\n  public async get(opts: { context: IRequiredContext; credentialDataSupplier?: CredentialDataSupplier }): Promise<VcIssuer> {\n    if (!this._issuer) {\n      const builder = await createVciIssuerBuilder(\n        {\n          issuerOpts: this.issuerOptions,\n          issuerMetadata: this.issuerMetadata,\n          authorizationServerMetadata: this.authorizationServerMetadata,\n          credentialDataSupplier: opts?.credentialDataSupplier,\n        },\n        opts.context,\n      )\n      this._issuer = builder.build()\n    }\n    return this._issuer\n  }\n\n  get issuerOptions() {\n    return this._issuerOptions\n  }\n\n  get metadataOptions() {\n    return this._metadataOptions\n  }\n\n  get issuerMetadata() {\n    return this._issuerMetadata\n  }\n\n  set issuerMetadata(value: IssuerMetadata) {\n    this._issuerMetadata = value\n  }\n\n  get authorizationServerMetadata() {\n    return this._authorizationServerMetadata\n  }\n}\n"],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAAA;AAAA,gCAAAA,SAAA;AAAA,IAAAA,QAAA;AAAA,MACE,6BAA+B;AAAA,QAC7B,YAAc;AAAA,UACZ,SAAW;AAAA,YACT,qBAAuB;AAAA,cACrB,MAAQ;AAAA,cACR,YAAc;AAAA,gBACZ,WAAa;AAAA,kBACX,MAAQ;AAAA,gBACV;AAAA,gBACA,sBAAwB;AAAA,cAC1B;AAAA,cACA,UAAY,CAAC,WAAW;AAAA,cACxB,aAAe;AAAA,YACjB;AAAA,YACA,0BAA4B;AAAA,cAC1B,MAAQ;AAAA,cACR,YAAc;AAAA,gBACZ,YAAc;AAAA,kBACZ,MAAQ;AAAA,kBACR,YAAc;AAAA,oBACZ,KAAO;AAAA,sBACL,MAAQ;AAAA,oBACV;AAAA,oBACA,OAAS;AAAA,sBACP,MAAQ;AAAA,oBACV;AAAA,oBACA,UAAY;AAAA,sBACV,MAAQ;AAAA,oBACV;AAAA,oBACA,iBAAmB;AAAA,sBACjB,MAAQ;AAAA,oBACV;AAAA,oBACA,MAAQ;AAAA,sBACN,MAAQ;AAAA,sBACR,OAAS;AAAA,wBACP,MAAQ;AAAA,wBACR,YAAc;AAAA,0BACZ,sBAAwB;AAAA,wBAC1B;AAAA,sBACF;AAAA,oBACF;AAAA,oBACA,UAAY;AAAA,sBACV,MAAQ;AAAA,sBACR,OAAS;AAAA,wBACP,MAAQ;AAAA,wBACR,YAAc;AAAA,0BACZ,sBAAwB;AAAA,wBAC1B;AAAA,sBACF;AAAA,oBACF;AAAA,kBACF;AAAA,kBACA,sBAAwB;AAAA,kBACxB,UAAY,CAAC,OAAO,YAAY,QAAQ,UAAU;AAAA,gBACpD;AAAA,gBACA,WAAa;AAAA,kBACX,MAAQ;AAAA,gBACV;AAAA,gBACA,WAAa;AAAA,kBACX,MAAQ;AAAA,gBACV;AAAA,gBACA,sBAAwB;AAAA,cAC1B;AAAA,cACA,UAAY,CAAC,YAAY;AAAA,cACzB,aAAe;AAAA,YACjB;AAAA,YACA,wBAA0B;AAAA,cACxB,MAAQ;AAAA,cACR,YAAc;AAAA,gBACZ,WAAa;AAAA,kBACX,MAAQ;AAAA,gBACV;AAAA,gBACA,sBAAwB;AAAA,cAC1B;AAAA,cACA,UAAY,CAAC,WAAW;AAAA,cACxB,aAAe;AAAA,YACjB;AAAA,YACA,2BAA6B;AAAA,cAC3B,MAAQ;AAAA,cACR,YAAc;AAAA,gBACZ,WAAa;AAAA,kBACX,MAAQ;AAAA,gBACV;AAAA,gBACA,SAAW;AAAA,kBACT,MAAQ;AAAA,gBACV;AAAA,gBACA,aAAe;AAAA,kBACb,MAAQ;AAAA,gBACV;AAAA,gBACA,sBAAwB;AAAA,cAC1B;AAAA,cACA,UAAY,CAAC,aAAa,WAAW,aAAa;AAAA,cAClD,aAAe;AAAA,YACjB;AAAA,YACA,WAAa;AAAA,cACX,MAAQ;AAAA,cACR,YAAc;AAAA,gBACZ,QAAU;AAAA,kBACR,MAAQ;AAAA,gBACV;AAAA,gBACA,sBAAwB;AAAA,cAC1B;AAAA,cACA,UAAY,CAAC,QAAQ;AAAA,cACrB,aAAe;AAAA,YACjB;AAAA,YACA,yCAA2C;AAAA,cACzC,MAAQ;AAAA,cACR,YAAc;AAAA,gBACZ,WAAa;AAAA,kBACX,MAAQ;AAAA,gBACV;AAAA,gBACA,SAAW;AAAA,kBACT,MAAQ;AAAA,gBACV;AAAA,gBACA,aAAe;AAAA,kBACb,MAAQ;AAAA,gBACV;AAAA,gBACA,sBAAwB;AAAA,cAC1B;AAAA,cACA,UAAY,CAAC,aAAa,WAAW,aAAa;AAAA,cAClD,aAAe;AAAA,YACjB;AAAA,YACA,gCAAkC;AAAA,cAChC,MAAQ;AAAA,cACR,YAAc;AAAA,gBACZ,KAAO;AAAA,kBACL,MAAQ;AAAA,gBACV;AAAA,gBACA,gBAAkB;AAAA,kBAChB,MAAQ;AAAA,kBACR,YAAc;AAAA,oBACZ,sBAAwB;AAAA,kBAC1B;AAAA,gBACF;AAAA,gBACA,cAAgB;AAAA,kBACd,MAAQ;AAAA,kBACR,YAAc;AAAA,oBACZ,sBAAwB;AAAA,kBAC1B;AAAA,gBACF;AAAA,gBACA,sBAAwB;AAAA,cAC1B;AAAA,cACA,UAAY,CAAC,OAAO,kBAAkB,cAAc;AAAA,cACpD,aAAe;AAAA,YACjB;AAAA,YACA,0CAA4C;AAAA,cAC1C,MAAQ;AAAA,cACR,YAAc;AAAA,gBACZ,WAAa;AAAA,kBACX,MAAQ;AAAA,gBACV;AAAA,gBACA,+BAAiC;AAAA,kBAC/B,MAAQ;AAAA,kBACR,YAAc;AAAA,oBACZ,sBAAwB;AAAA,kBAC1B;AAAA,gBACF;AAAA,gBACA,kBAAoB;AAAA,kBAClB,MAAQ;AAAA,kBACR,YAAc;AAAA,oBACZ,sBAAwB;AAAA,kBAC1B;AAAA,gBACF;AAAA,gBACA,sBAAwB;AAAA,cAC1B;AAAA,cACA,UAAY,CAAC,aAAa,+BAA+B;AAAA,cACzD,aAAe;AAAA,YACjB;AAAA,YACA,qBAAuB;AAAA,cACrB,MAAQ;AAAA,cACR,YAAc;AAAA,gBACZ,IAAM;AAAA,kBACJ,MAAQ;AAAA,gBACV;AAAA,gBACA,aAAe;AAAA,kBACb,MAAQ;AAAA,kBACR,OAAS;AAAA,oBACP,MAAQ;AAAA,kBACV;AAAA,gBACF;AAAA,gBACA,gBAAkB;AAAA,kBAChB,MAAQ;AAAA,kBACR,YAAc;AAAA,oBACZ,sBAAwB;AAAA,kBAC1B;AAAA,gBACF;AAAA,gBACA,sBAAwB;AAAA,cAC1B;AAAA,cACA,UAAY,CAAC,MAAM,gBAAgB;AAAA,cACnC,aAAe;AAAA,YACjB;AAAA,YACA,yCAA2C;AAAA,cACzC,MAAQ;AAAA,cACR,YAAc;AAAA,gBACZ,WAAa;AAAA,kBACX,MAAQ;AAAA,gBACV;AAAA,gBACA,gCAAkC;AAAA,kBAChC,MAAQ;AAAA,kBACR,YAAc;AAAA,oBACZ,sBAAwB;AAAA,kBAC1B;AAAA,gBACF;AAAA,gBACA,sBAAwB;AAAA,cAC1B;AAAA,cACA,UAAY,CAAC,aAAa,gCAAgC;AAAA,cAC1D,aAAe;AAAA,YACjB;AAAA,YACA,8BAAgC;AAAA,cAC9B,MAAQ;AAAA,cACR,YAAc;AAAA,gBACZ,SAAW;AAAA,kBACT,MAAQ;AAAA,kBACR,YAAc;AAAA,oBACZ,sBAAwB;AAAA,kBAC1B;AAAA,gBACF;AAAA,gBACA,yBAA2B;AAAA,kBACzB,MAAQ;AAAA,kBACR,YAAc;AAAA,oBACZ,sBAAwB;AAAA,kBAC1B;AAAA,gBACF;AAAA,gBACA,YAAc;AAAA,kBACZ,MAAQ;AAAA,kBACR,YAAc;AAAA,oBACZ,sBAAwB;AAAA,kBAC1B;AAAA,gBACF;AAAA,gBACA,sBAAwB;AAAA,cAC1B;AAAA,cACA,UAAY,CAAC,WAAW,YAAY;AAAA,cACpC,aAAe;AAAA,YACjB;AAAA,YACA,qCAAuC;AAAA,cACrC,MAAQ;AAAA,cACR,YAAc;AAAA,gBACZ,WAAa;AAAA,kBACX,MAAQ;AAAA,gBACV;AAAA,gBACA,+BAAiC;AAAA,kBAC/B,MAAQ;AAAA,kBACR,YAAc;AAAA,oBACZ,sBAAwB;AAAA,kBAC1B;AAAA,gBACF;AAAA,gBACA,gCAAkC;AAAA,kBAChC,MAAQ;AAAA,kBACR,YAAc;AAAA,oBACZ,sBAAwB;AAAA,kBAC1B;AAAA,gBACF;AAAA,gBACA,sBAAwB;AAAA,cAC1B;AAAA,cACA,UAAY,CAAC,aAAa,+BAA+B;AAAA,cACzD,aAAe;AAAA,YACjB;AAAA,UACF;AAAA,UACA,SAAW;AAAA,YACT,mBAAqB;AAAA,cACnB,aAAe;AAAA,cACf,WAAa;AAAA,gBACX,MAAQ;AAAA,cACV;AAAA,cACA,YAAc;AAAA,YAChB;AAAA,YACA,wBAA0B;AAAA,cACxB,aAAe;AAAA,cACf,WAAa;AAAA,gBACX,MAAQ;AAAA,cACV;AAAA,cACA,YAAc;AAAA,YAChB;AAAA,YACA,sBAAwB;AAAA,cACtB,aAAe;AAAA,cACf,WAAa;AAAA,gBACX,MAAQ;AAAA,cACV;AAAA,cACA,YAAc;AAAA,YAChB;AAAA,YACA,sBAAwB;AAAA,cACtB,aAAe;AAAA,cACf,WAAa;AAAA,gBACX,MAAQ;AAAA,cACV;AAAA,cACA,YAAc;AAAA,gBACZ,MAAQ;AAAA,cACV;AAAA,YACF;AAAA,YACA,oCAAsC;AAAA,cACpC,aAAe;AAAA,cACf,WAAa;AAAA,gBACX,MAAQ;AAAA,cACV;AAAA,cACA,YAAc;AAAA,gBACZ,MAAQ;AAAA,cACV;AAAA,YACF;AAAA,YACA,qCAAuC;AAAA,cACrC,aAAe;AAAA,cACf,WAAa;AAAA,gBACX,MAAQ;AAAA,cACV;AAAA,cACA,YAAc;AAAA,gBACZ,MAAQ;AAAA,cACV;AAAA,YACF;AAAA,YACA,oCAAsC;AAAA,cACpC,aAAe;AAAA,cACf,WAAa;AAAA,gBACX,MAAQ;AAAA,cACV;AAAA,cACA,YAAc;AAAA,gBACZ,MAAQ;AAAA,cACV;AAAA,YACF;AAAA,YACA,gCAAkC;AAAA,cAChC,aAAe;AAAA,cACf,WAAa;AAAA,gBACX,MAAQ;AAAA,cACV;AAAA,cACA,YAAc;AAAA,gBACZ,MAAQ;AAAA,cACV;AAAA,YACF;AAAA,UACF;AAAA,QACF;AAAA,MACF;AAAA,IACF;AAAA;AAAA;;;ACxUA;;;;;;;;;;;;;;;;;ACAA,4BAOO;AACP,IAAAC,yBAAmF;AACnF,4BAAkC;AAClC,IAAAC,sBAAiC;;;ACCjC,4BAAqH;AACrH,yBAA8C;AAC9C,IAAAC,sBAA6E;AAC7E,qBAAiC;AAGjC,uBAAuF;AAEvF,mBAA8B;AAC9B,qBAAkE;AAElE,wBAA0B;AAE1B,yBAAkB;AAClB,2BAAiD;AAE1C,SAASC,qBAAqB,EAAEC,WAAU,GAAuCC,UAA0B;AAChH,SAAO,OAAOC,SAAAA;AACZ,UAAMC,eAAWC,qCAAiBH,UAAU;MAC1CI,oBAAoB;MACpBC,uBAAuB;MACvBC,iBAAiB;IACnB,CAAA;AACAP,iBAAa;MAAE,GAAGA;MAAYG,UAAUH,YAAYG;IAAS;AAC7D,QAAI,CAACH,YAAYG,YAAY,OAAOH,YAAYG,UAAUK,YAAY,YAAY;AAChFR,iBAAWG,WAAWA;IACxB;AACA,UAAMM,SAAS,MAAMR,SAASS,MAAMC,sBAAsB;MAAEC,KAAKV,KAAKW;IAAI,CAAA;AAC1E,QAAI,CAACJ,OAAOK,OAAO;AACjB,YAAMC,aAAaN,OAAOG,IAAII,WAAW,CAAA,EAAGD;AAC5C,UAAI,CAACA,YAAY;AACf,eAAOE,QAAQC,OAAOC,MAAM,wDAAA,CAAA;MAC9B;AACA,YAAMC,UAAUL,WAAWM,KAAK,CAAA;AAChC,UAAI,CAACD,SAAS;AACZ,eAAOH,QAAQC,OAAOC,MAAM,0BAA0BJ,WAAWO,MAAM,oCAAoC,CAAA;MAC7G;AACA,YAAM,EAAEC,KAAAA,KAAG,IAAKH,QAAQI;AACxB,YAAMC,aAASC,6BAAqBxB,KAAKW,KAAK;QAAEY,QAAQ;MAAK,CAAA;AAC7D,YAAME,cAAUD,6BAAsBxB,KAAKW,KAAK;QAAEY,QAAQ;MAAM,CAAA;AAChE,YAAMG,OAAM1B,KAAK0B,OAAOH,OAAOG;AAE/B,YAAMJ,MAAMJ,QAAQI;AACpB,aAAO;QACLD,KAAAA;QACA,GAAGR;QACHF,KAAK;UAAEY;UAAQE;QAAQ;QACvB,GAAIC,QAAO;UAAEA,KAAAA;QAAI;QACjB,GAAIJ,OAAO;UAAEA;QAAI;MACnB;IACF;AAEA,UAAMK,aAAc,UAAMC,0BAAU5B,KAAKW,GAAG;AAC5C,UAAMe,MAAM1B,KAAK0B,OAAOC,WAAWJ,OAAOG;AAE1C,QAAI,CAACA,OAAO,CAACA,IAAIG,WAAW,MAAA,GAAS;AAEnC,aAAO;QACLR,KAAKM,WAAWJ,OAAOF;QACvBV,KAAKgB;MACP;IACF;AACA,UAAMG,MAAMJ,IAAIK,MAAM,GAAA,EAAK,CAAA;AAE3B,UAAMC,YAAY,UAAMC,0BAAUjC,KAAKW,KAAKb,UAAAA;AAC5C,QAAI,CAACkC,UAAUE,UAAU;AACvBC,cAAQC,IAAI,gBAAgBpC,KAAKW,GAAG,EAAE;AACtC,YAAMM,MAAM,iCAAA;IACd;AAEA,UAAMoB,gBAAgB,MAAMpC,SAASK,QAAQwB,GAAAA;AAC7C,QAAI,CAACO,iBAAiB,CAACA,cAAcC,aAAa;AAChD,YAAMrB,MAAM,0BAA0Ba,GAAAA,eAAkBO,eAAeE,qBAAAA,EAAuB;IAChG;AAEA,UAAMlB,MAAMM,WAAWJ,OAAOF;AAC9B,WAAO;MACLA;MACAK;MACAI;MACAQ,aAAaD,cAAcC;MAC3B3B,KAAKgB;IACP;EACF;AACF;AApEgB9B;AAsEhB,eAAsB2C,qBACpBC,MAkBAC,SAAyB;AAEzB,MAAI7B,iBAAa8B,mDAA8BF,IAAAA;AAC/C,SAAO,MAAMC,QAAQlC,MAAMoC,qBAAqB/B,UAAAA;AAClD;AAvBsB2B;AAyBtB,eAAsBK,6BACpBJ,MAkBAC,SAAyB;AAEzB,QAAMI,SAAS,8BAAOC,SAAAA;AACpB,QAAIC,YAAYC;AAEhB,UAAMC,aAAa,UAAMP,mDAA8BF,IAAAA;AACvD,UAAMU,SAASD,WAAWE;AAC1B,QAAI,CAACD,QAAQ;AACX,YAAMlC,MAAM,6CAAA;IACd;AACA,QAAI,OAAO8B,SAAS,UAAU;AAC5BC,mBAAaD;AACbE,iBAAWI;IACb,OAAO;AACLL,uBAAaM,4BAAcP,IAAAA;AAC3BE,iBAAW;IACb;AACA,WAAOP,QAAQlC,MAAM+C,eAAe;MAAEJ;MAAQJ,MAAMC;MAAYC;IAAS,CAAA;EAC3E,GAhBe;AAkBf,iBAAeO,0BAA0B7C,KAAUe,KAAY;AAC7D,UAAM+B,SACJhB,KAAKiB,QAAQD,WACZ,OAAOhB,KAAKiB,QAAQ7C,eAAe,WAAW4B,KAAKiB,OAAO7C,aAAc4B,KAAKkB,SAASD,QAAQ7C,YAAY+C,SAAAA,KAAcnB,MAAMoB;AACjI,QAAI,CAACJ,QAAQ;AACX,YAAMxC,MAAM,wCAAA;IACd;AAEA,QAAI6C,YAAgCnD,KAAKY,QAAQG,OAAOA;AACxD,QAAI,CAACoC,WAAW;AACd,UACErB,KAAKiB,QAAQtC,WAAW,SACxBqB,KAAKiB,QAAQtC,WAAW,SACvB,OAAOqB,KAAKkB,SAASD,OAAO7C,eAAe,YAAY4B,KAAKkB,SAASD,QAAQ7C,YAAYgB,WAAW,MAAA,GACrG;AAEAiC,oBAAYrB,KAAKiB,QAAQhC,OAAOe,KAAKkB,SAASD,QAAQhC,OAAOe,MAAMkB,SAASI,gBAAgBrC;MAC9F;IACF;AACA,WAAO,UAAMsC,0BAAUrD,IAAIc,SAAS;MAAEqB;MAAQW;IAAO,GAAG;MAAE,GAAG9C,IAAIY;MAAQ,GAAIuC,aAAa;QAAEpC,KAAKoC;MAAU;MAAIG,KAAK;IAAM,CAAA;EAC5H;AApBeT;AAsBf,SAAOA;AACT;AA9DsBX;AAgEtB,eAAsBqB,4BACpBR,QAGAhB,SAAyB;AAEzB,iBAAeyB,gBAAgBnE,MAM9B;AACC,UAAM,EAAEoE,iBAAiBC,QAAQC,YAAW,IAAKtE;AACjD,UAAMuE,aAAavE,KAAKuE;AACxB,QAAIC;AAEJ,UAAMtB,aAAa,MAAMR,QAAQlC,MAAMoC,qBAAqBc,MAAAA;AAC5Dc,kBAAcH,QAAQI,SAAS,IAAA,IAAQ,QAAQ;AAC/C,UAAMhB,SAASP,WAAWO,UAAUP,WAAWE;AAE/C,QAAIsB,kCAAiBC,gBAAgBJ,UAAAA,GAAa;AAChD,UAAI,CAACA,WAAWd,QAAQ;AACtBc,mBAAWd,SAAS;UAAEmB,IAAInB;QAAO;MACnC,WAAW,OAAOc,WAAWd,WAAW,YAAY,CAACc,WAAWd,OAAOmB,IAAI;AACzEL,mBAAWd,OAAOmB,KAAKnB;MACzB;AACA,YAAMoB,iBAAiBC,MAAMC,QAAQR,WAAWS,iBAAiB;AACjE,UAAIC,qBAAqBH,MAAMC,QAAQR,WAAWS,iBAAiB,IAAIT,WAAWS,oBAAoB;QAACT,WAAWS;;AAClHC,2BAAqBA,mBAAmBC,IAAI,CAACC,YAAAA;AAC3C,YAAI,CAACA,QAAQP,IAAI;AACfO,kBAAQP,KAAKR,gBAAgBtC;QAC/B;AACA,eAAOqD;MACT,CAAA;AACAZ,iBAAWS,oBAAoBH,iBAAiBI,qBAAqBA,mBAAmB,CAAA;AAGxF,cAAIG,iCAAoC1C,SAAS,yBAAA,GAA4B;AAE3E,cAAM2C,qBAAqB,MAAM3C,QAAQlC,MAAM8E,wBAAwB;UAAEf;UAAYD;QAAY,CAAA;AACjG,YAAIC,WAAWgB,oBAAoB,CAAChB,WAAWgB,iBAAiBC,sBAAsB;AACpFjB,qBAAWgB,mBAAmBF,mBAAmBE;QAEnD;MACF;AAEA,YAAMhF,SAAS,MAAMmC,QAAQlC,MAAMiF,2BAA2B;QAC5DlB;QACAC;QACAkB,sBAAsB;QACtBC,qBAAqB;QACrBC,QAAQ,OAAOrB,WAAWd,WAAW,WAAWc,WAAWd,OAAOmB,KAAKL,WAAWd;QAClF,GAAIP,WAAWxB,OAAO;UAAEH,QAAQ;YAAEG,KAAKwB,WAAWxB;UAAI;QAAE;MAC1D,CAAA;AACA,aAAQ8C,gBAAgB,SAAS,SAASjE,OAAOsF,QAAQtF,OAAOsF,MAAMlF,MAAMJ;IAC9E,WAAWmE,kCAAiBoB,gCAAgCvB,UAAAA,GAAa;AACvE,YAAMwB,eAAexB;AACrB,UAAIwB,aAAalC,QAAQR,QAAW;AAClC0C,qBAAalC,MAAMJ;MACrB;AACA,UAAIsC,aAAaC,QAAQ3C,QAAW;AAClC0C,qBAAaC,MAAMC,KAAKC,OAAM,oBAAIC,KAAAA,GAAOC,QAAO,IAAK,GAAA;MACvD;AAEA,UAAIC;AACJ,UAAI,qBAAqB9B,YAAY;AACnC8B,0BAAkB9B,WAAW,iBAAA;AAC7B,eAAOA,WAAW,iBAAA;MACpB,OAAO;AACL8B,0BAAkB;UAChBC,KAAK/B,WAAW,KAAA;QAClB;MACF;AAEA,cAAIa,iCAAoC1C,SAAS,8BAAA,GAAiC;AAChF,YAAKqD,aAAaQ,UAAUR,aAAaQ,OAAOC,eAAiBlC,eAAeA,YAAYmC,SAAS,GAAI;AAEvG,gBAAMC,yBAAyB,MAAMhE,QAAQlC,MAAMmG,6BAA6B;YAAEpC,YAAYwB;YAAczB;UAAY,CAAA;AACxH,cAAIyB,aAAaQ,QAAQC,aAAaI,KAAK;AACzC,gBAAI,CAACF,uBAAuBH,UAAU,CAACG,uBAAuBH,OAAOC,aAAa;AAEhF,qBAAOzF,QAAQC,OAAOC,MAAM,2DAAA,CAAA;YAC9B;AAGA,gBAAIqD,eAAeA,YAAYmC,SAAS,GAAG;AACzC,oBAAMI,aAAavC,YAAY,CAAA;AAC/BuC,yBAAWC,eAAeJ,uBAAuBH,OAAOC,YAAYO;AACpEF,yBAAWG,kBAAkBN,uBAAuBH,OAAOC,YAAYI;YACzE;AACAb,yBAAaQ,OAAOC,YAAYI,MAAMF,uBAAuBH,OAAOC,YAAYI;UAClF;QACF;MACF;AAEA,YAAMrG,SAAS,MAAMmC,QAAQlC,MAAMyG,cAAc;QAC/CC,mBAAmBnB;QACnBM;QACAnD;MACF,CAAA;AACA,aAAO3C,OAAOgE;IAChB;AAGA,WAAOxD,QAAQC,OAAO,yEAAA;EACxB;AApGemD;AAsGf,SAAOA;AACT;AA7GsBD;AA+GtB,eAAsBiD,uBACpBnH,MAOA0C,SAAyB;AAEzB,QAAM,EAAE0E,YAAYC,gBAAgBC,4BAA2B,IAAKtH;AAEpE,QAAMuH,UAAU,IAAIC,sCAAAA;AAEpB,QAAMvH,WACJD,KAAKC,YACLD,MAAMoH,YAAYzD,SAAS8D,aAAaxH,YACxCD,KAAKoH,YAAYzD,SAAS8D,aAAaC,eAAezH,gBACtDC,qCAAiBwC,OAAAA;AACnB,MAAI,CAACzC,UAAU;AACb,UAAMgB,MAAM,4CAAA;EACd;AACA,QAAMyC,aAASf,mDAA8B;IAAEgB,SAASyD,WAAWzD;IAASD,QAAQ0D,WAAW1D;EAAO,CAAA;AACtG,QAAMgE,gBAAkC;IACtC,GAAGN,YAAYzD,SAAS8D,aAAaC;IACrC,GAAG1H,MAAMoH,YAAYK,aAAaC;IAClCzH;IACA0H,UAAUN,eAAeO;EAC3B;AACAL,UAAQM,mBAAmBR,cAAAA;AAC3BE,UAAQO,0BAA0BR,2BAAAA;AAElCC,UAAQQ,6BAA6B,MAAM7D,4BAA4BR,QAAQhB,OAAAA,CAAAA;AAE/E,MAAI0E,WAAWY,cAAc;AAC3BT,YAAQU,qBAAqBb,WAAWY,YAAY;EAKtD;AAEAT,UAAQW,sBAAsBrI,qBAAqB;IAAEC,YAAY4H;EAAc,GAAGhF,OAAAA,CAAAA;AAElF,MAAI1C,KAAKmI,wBAAwB;AAC/BZ,YAAQa,2BAA2BpI,KAAKmI,sBAAsB;EAChE;AACAZ,UAAQc,wBAAuB;AAC/Bd,UAAQe,iCAAgC;AACxCf,UAAQgB,oCAAmC;AAE3C,SAAOhB;AACT;AApDsBJ;AAsDtB,eAAsBqB,gBACpB,EACEpB,YACAC,gBACAC,6BACAa,uBAAsB,GAOxBzF,SAAyB;AAEzB,UACE,MAAMyE,uBACJ;IACEC;IACAC;IACAC;IACAa;EACF,GACAzF,OAAAA,GAEF+F,MAAK;AACT;AAzBsBD;AA2BtB,eAAsBE,6BAA6BjG,MAAwD;AACzG,iBAAekG,yBAAAA;AACb,UAAMC,OAAOnG,KAAKmG,KAAKC,QAAQ,iBAAiBpG,KAAKqG,wBAAwB;AAC7E,eAAOC,mBAAAA,SAAMH,MAAM;MACjBxH,QAAQ;MACR4H,SAAS;QACP,gBAAgB;MAClB;IACF,CAAA,EAAGC,KAAK,OAAOC,aAAAA;AACb,UAAIA,SAAS3C,UAAU,KAAK;AAC1B,eAAOxF,QAAQC,OAAOC,MAAM,MAAMiI,SAASC,KAAI,CAAA,CAAA;MACjD,OAAO;AACL,cAAMC,eAAe,MAAMF,SAASG,KAAI;AAExC,YAAI,CAACD,aAAaE,gBAAgB;AAChC,iBAAOvI,QAAQC,OAAOC,MAAM,2CAAA,CAAA;QAC9B;AAEA,eAAOmI,aAAaE;MACtB;IACF,CAAA;EACF;AApBeX;AAsBf,SAAOA;AACT;AAxBsBD;AA0BtB,eAAsBa,iCAAiC9G,MAGtD;AACC,iBAAe+G,2BAA2BC,eAAqB;AAC7D,eAAOV,mBAAAA,SAAMtG,KAAKmG,MAAM;MACtBxH,QAAQ;MACR4H,SAAS;QACP,gBAAgB;MAClB;MACAU,MAAMC,KAAKC,UAAU;QAAEC,cAAcpH,KAAKqG;QAA0BW;MAAc,CAAA;IACpF,CAAA,EAAGR,KAAK,OAAOC,aAAAA;AACb,UAAIA,SAAS3C,UAAU,KAAK;AAC1B,eAAOxF,QAAQC,OAAOC,MAAM,MAAMiI,SAASC,KAAI,CAAA,CAAA;MACjD,OAAO;AACL,cAAMC,eAAe,MAAMF,SAASG,KAAI;AAExC,YAAI,CAACD,aAAa7C,QAAQ;AACxB,iBAAOxF,QAAQC,OAAOC,MAAM,iCAAA,CAAA;QAC9B;AAEA,eAAOmI,aAAa7C,WAAWuD,sDAAiCC;MAClE;IACF,CAAA;EACF;AApBeP;AAsBf,SAAOA;AACT;AA3BsBD;;;AC/Yf,IAAMS,iBAAN,MAAMA;EAJb,OAIaA;;;EACHC;EACSC;EACAC;EACTC;EACSC;EAEjB,YAAmB,EACjBC,YACAC,cACAC,gBACAC,4BAA2B,GAM1B;AACD,SAAKN,iBAAiBG;AACtB,SAAKJ,mBAAmBK;AACxB,SAAKH,kBAAkBI;AACvB,SAAKH,+BAA+BI;EACtC;EAEA,MAAaC,IAAIC,MAAyG;AACxH,QAAI,CAAC,KAAKV,SAAS;AACjB,YAAMW,UAAU,MAAMC,uBACpB;QACEP,YAAY,KAAKQ;QACjBN,gBAAgB,KAAKA;QACrBC,6BAA6B,KAAKA;QAClCM,wBAAwBJ,MAAMI;MAChC,GACAJ,KAAKK,OAAO;AAEd,WAAKf,UAAUW,QAAQK,MAAK;IAC9B;AACA,WAAO,KAAKhB;EACd;EAEA,IAAIa,gBAAgB;AAClB,WAAO,KAAKX;EACd;EAEA,IAAIe,kBAAkB;AACpB,WAAO,KAAKhB;EACd;EAEA,IAAIM,iBAAiB;AACnB,WAAO,KAAKJ;EACd;EAEA,IAAII,eAAeW,OAAuB;AACxC,SAAKf,kBAAkBe;EACzB;EAEA,IAAIV,8BAA8B;AAChC,WAAO,KAAKJ;EACd;AACF;;;AFnCO,IAAMe,gBAAN,MAAMA,eAAAA;EA7Bb,OA6BaA;;;EACX,OAAwBC,oBAAoB;EAC3BC,YAAyC,oBAAIC,IAAAA;EACrDC,SAASA,OAAOC;EAEhBC,UAA0B;IACjCC,uBAAuB,KAAKA,sBAAsBC,KAAK,IAAI;IAC3DC,wBAAwB,KAAKA,uBAAuBD,KAAK,IAAI;IAC7DE,kCAAkC,KAAKA,iCAAiCF,KAAK,IAAI;IACjFG,oBAAoB,KAAKA,mBAAmBH,KAAK,IAAI;EACvD;EACQI;EAERC,YAAYC,MAA2B;AACrC,SAAKF,QAAQE,QAAQ,CAAC;EACxB;EAEA,MAAcP,sBAAsBQ,YAA8BC,SAAqE;AACrI,WAAO,MAAM,KAAKL,mBAAmBI,YAAYC,OAAAA,EAC9CC,KAAK,CAACC,aAAaA,SAASC,IAAI;MAAEH;IAAQ,CAAA,CAAA,EAC1CC,KAAK,CAACG,WACLA,OAAOC,yBAAyBN,UAAAA,EAAYE,KAAK,CAACK,aAAAA;AAChD,YAAMC,SAA0CD;AAChD,UAAI,KAAKV,MAAMY,mBAAmB,OAAO;AACvC,eAAOD,OAAOE;MAChB;AACA,aAAOF;IACT,CAAA,CAAA;EAEN;EAEA,MAAcd,uBAAuBiB,WAAiCV,SAAwD;AAC5H,WAAO,MAAM,KAAKL,mBAAmBe,WAAWV,OAAAA,EAC7CC,KAAK,CAACC,aAAaA,SAASC,IAAI;MAAEH;IAAQ,CAAA,CAAA,EAC1CC,KAAK,CAACG,WAAqBA,OAAOO,gBAAgBD,SAAAA,CAAAA;EACvD;EAEA,MAAchB,iCACZkB,iBACAZ,SAC8B;AAC9B,WAAO,MAAM,KAAKL,mBAAmBiB,iBAAiBZ,OAAAA,EAASC,KAAK,OAAOC,aAAAA;AACzE,YAAME,SAAS,MAAMF,SAASC,IAAI;QAAEH;MAAQ,CAAA;AAE5C,gBAAMa,sDAA8BD,gBAAgBE,SAAS;QAC3DC,yBAAyBX,OAAOW;QAChCC,oBAAoBJ,gBAAgBI;MACtC,CAAA;AACA,YAAMC,oBAAoBf,SAASgB,cAAcC,QAAQf,UAAUF,SAASgB,cAAcE,SAASD,OAAOE,WAAWC,SAAAA;AACrH,UAAI,CAACL,mBAAmB;AACtB,eAAOM,QAAQC,OAAOC,MAAM,yCAAyC,CAAA;MACvE;AACA,iBAAOC,kDAA0Bd,gBAAgBE,SAAS;QACxDG;QACAU,gBAAgBf,gBAAgBI;QAChCY,iBAAiBhB,gBAAgBI;QACjCa,SAASzB,OAAOyB;QAChBd,yBAAyBX,OAAOW;QAChCe,2BAA2B,MAAMC,6BAA6B7B,SAASgB,eAAelB,OAAAA;MACxF,CAAA;IACF,CAAA;EACF;EAEQgC,cAAcC,gBAAoD;AACxE,QAAI,2BAA2BA,kBAAkBC,MAAMC,QAAQF,eAAeG,qBAAqB,GAAG;AACpG,aAAOH,eAAeG,sBAAsBC,KAAK,CAACC,OAAOA,OAAOL,eAAeM,iBAAiB;IAClG;AACA,WAAOC;EACT;EAEA,MAAcC,qBAAqBC,MAA2B1C,SAAoD;AAChH,UAAM2C,mBAAmBD,KAAKC,oBAAoB3D,eAAcC;AAGhE,UAAM2D,eAAe,MAAM,KAAKC,gBAAgB;MAAE,GAAGH;MAAMC;IAAiB,GAAG3C,OAAAA;AAC/E,UAAMiC,iBAAiB,MAAM,KAAKa,kBAAkB;MAAE,GAAGJ;MAAMC;IAAiB,GAAG3C,OAAAA;AACnF,UAAM+C,aAAa,KAAKf,cAAcC,cAAAA;AACtC,QAAIe,qBAA8ER;AAClF,QAAIO,YAAY;AAEdC,2BAAqB,UAAMC,yCAAkBF,YAAYG,yCAAmBC,sBAAsB;QAChGC,iBAAiB;MACnB,CAAA;AACA,UAAI,CAACJ,oBAAoB;AACvBA,6BAAqB,UAAMC,yCAAkBF,YAAYG,yCAAmBG,UAAU;UACpFD,iBAAiB;QACnB,CAAA;MACF;IACF;AACA,UAAME,8BAA8BN,oBAAoBO,cACpDP,mBAAoBO,cACpB,MAAM,KAAKC,wCACT;MACE,GAAGd;MACHC;IACF,GACA3C,OAAAA;AAEN,UAAMyD,aAAa,MAAM,KAAKC,uBAAuB;MAAE,GAAGhB;MAAMC;IAAiB,GAAG3C,OAAAA;AACpF,QAAI,CAACyD,WAAWE,aAAa;AAC3BF,iBAAWE,cAAc;QAAE,GAAGF,WAAWrC,SAASuC;QAAa,GAAG,KAAK/D,MAAM+D;MAAY;IAC3F;AACA,QAAI,CAACF,WAAWE,aAAaC,UAAU;AACrCH,iBAAWE,YAAYC,eAAWC,sCAAiB7D,OAAAA;IACrD;AACA,SAAKd,UAAU4E,IACbnB,kBACA,IAAIoB,eAAe;MACjBN;MACAb;MACAX;MACAqB;IACF,CAAA,CAAA;AAEF,WAAO,KAAK3D,mBAAmB+C,MAAM1C,OAAAA;EACvC;EAEA,MAAaL,mBAAmB+C,MAA2B1C,SAAoD;AAC7G,UAAM2C,mBAAmBD,KAAKC,oBAAoB3D,eAAcC;AAEhE,QAAI,CAAC,KAAKC,UAAU8E,IAAIrB,gBAAAA,GAAmB;AACzC,YAAM,KAAKF,qBAAqBC,MAAM1C,OAAAA;IACxC;AACA,WAAO,KAAKd,UAAUiB,IAAIwC,gBAAAA;EAC5B;EAEA,MAAce,uBACZ5D,MAKAE,SACyB;AACzB,UAAM2C,mBAAmB7C,KAAK6C;AAC9B,UAAMsB,UAAU,MAAM,KAAKA,QAAQnE,MAAME,OAAAA;AACzC,UAAMkE,YAAY,MAAM,KAAKA,UAAUpE,MAAME,OAAAA;AAC7C,UAAMmE,UAAU,MAAMnE,QAAQoE,MAAMC,0BAA0B;MAC5DC,cAAc;MACdC,eAAe5B;MACfsB;MACAC;IACF,CAAA;AACA,QAAI,CAACC,SAAS;AACZ,YAAM1C,MAAM,6DAA6DkB,gBAAAA,EAAkB;IAC7F;AACA,WAAOwB;EACT;EAEA,MAActB,gBACZ/C,MAKAE,SAC2B;AAC3B,UAAM2C,mBAAmB7C,KAAK6C;AAC9B,UAAMsB,UAAU,MAAM,KAAKA,QAAQnE,MAAME,OAAAA;AACzC,UAAMwE,iBAAiB,MAAM,KAAKN,UAAUpE,MAAME,OAAAA;AAClD,WAAO;MAAE2C;MAAkBsB;MAASO;IAAe;EACrD;EAEA,MAAc1B,kBACZhD,MAKAE,SACyB;AACzB,UAAM4C,eAAe,MAAM,KAAKC,gBAAgB/C,MAAME,OAAAA;AACtD,UAAMyE,WAAY,MAAMzE,QAAQoE,MAAMM,wBAAwB;MAC5DJ,cAAc;MACdC,eAAe3B,aAAaD;MAC5BuB,WAAWtB,aAAa4B;MACxBP,SAASrB,aAAaqB;IACxB,CAAA;AACA,QAAI,CAACQ,UAAU;AACb,YAAMhD,MAAM,wCAAwC3B,KAAK6C,gBAAgB,eAAe7C,KAAKoE,SAAS,cAAcpE,KAAKmE,OAAO,EAAE;IACpI;AACA,WAAOQ;EACT;EAEA,MAAcjB,wCACZ1D,MAKAE,SACsC;AACtC,UAAM4C,eAAe,MAAM,KAAKC,gBAAgB/C,MAAME,OAAAA;AACtD,UAAMyE,WAAY,MAAMzE,QAAQoE,MAAMM,wBAAwB;MAC5DJ,cAAc;MACdC,eAAe3B,aAAaD;MAC5BuB,WAAWtB,aAAa4B;MACxBP,SAASrB,aAAaqB;IACxB,CAAA;AACA,QAAI,CAACQ,UAAU;AACb,YAAMhD,MACJ,wBAAwB3B,KAAK6C,gBAAgB,sCAAsCC,aAAa4B,cAAc,cAAc5B,aAAaqB,OAAO,EAAE;IAEtJ;AACA,WAAOQ;EACT;EAEA,MAAcR,QAAQnE,MAA6BE,SAA6C;AAC9F,UAAMiE,UAAUnE,MAAMmE,WAAW,KAAKrE,OAAO+E,kBAAmB,MAAM3E,SAASoE,MAAMQ,2BAAAA;AACrF,QAAI,CAACX,SAAS;AACZ,YAAMxC,MAAM,iGAAA;IACd;AACA,WAAOwC;EACT;EAEA,MAAcC,UAAUpE,MAA+BE,SAA6C;AAClG,UAAMkE,YAAYpE,MAAMoE,aAAa,KAAKtE,OAAOiF,oBAAqB,MAAM7E,SAASoE,MAAMU,6BAAAA;AAC3F,QAAI,CAACZ,WAAW;AACd,YAAMzC,MAAM,mGAAA;IACd;AACA,WAAOyC;EACT;AACF;;;ADxPA,IAAMa,SAASC;","names":["module","import_oid4vci_issuer","import_ssi_sdk_ext","import_ssi_sdk_ext","getJwtVerifyCallback","verifyOpts","_context","args","resolver","getAgentResolver","resolverResolution","uniresolverResolution","localResolution","resolve","result","agent","jwtVerifyJwsSignature","jws","jwt","error","identifier","signatures","Promise","reject","Error","jwkInfo","jwks","method","alg","jwk","header","jwtDecode","payload","kid","decodedJwt","decodeJWT","startsWith","did","split","didResult","verifyJWT","verified","console","log","didResolution","didDocument","didResolutionMetadata","getAccessTokenKeyRef","opts","context","legacyKeyRefsToIdentifierOpts","identifierManagedGet","getAccessTokenSignerCallback","signer","data","dataString","encoding","resolution","keyRef","kmsKeyRef","undefined","bytesToBase64","keyManagerSign","accessTokenSignerCallback","issuer","idOpts","didOpts","toString","iss","kidHeader","identifierOpts","createJWT","typ","getCredentialSignerCallback","issueVCCallback","jwtVerifyResult","format","statusLists","credential","proofFormat","includes","CredentialMapper","isW3cCredential","id","subjectIsArray","Array","isArray","credentialSubject","credentialSubjects","map","subject","contextHasPlugin","credentialStatusVC","slAddStatusToCredential","credentialStatus","statusListCredential","createVerifiableCredential","removeOriginalFields","fetchRemoteContexts","domain","proof","isSdJwtDecodedCredentialPayload","sdJwtPayload","iat","Math","floor","Date","getTime","disclosureFrame","_sd","status","status_list","length","sdJwtPayloadWithStatus","slAddStatusToSdJwtCredential","idx","statusList","statusListId","uri","statusListIndex","createSdJwtVc","credentialPayload","createVciIssuerBuilder","issuerOpts","issuerMetadata","authorizationServerMetadata","builder","VcIssuerBuilder","resolveOpts","jwtVerifyOpts","audience","credential_issuer","withIssuerMetadata","withAuthorizationMetadata","withCredentialSignerCallback","asClientOpts","withASClientMetadata","withJWTVerifyCallback","credentialDataSupplier","withCredentialDataSupplier","withInMemoryCNonceState","withInMemoryCredentialOfferState","withInMemoryCredentialOfferURIState","createVciIssuer","build","createAuthRequestUriCallback","authRequestUriCallback","path","replace","presentationDefinitionId","fetch","headers","then","response","text","responseData","json","authRequestURI","createVerifyAuthResponseCallback","verifyAuthResponseCallback","correlationId","body","JSON","stringify","definitionId","AuthorizationResponseStateStatus","VERIFIED","IssuerInstance","_issuer","_metadataOptions","_issuerOptions","_issuerMetadata","_authorizationServerMetadata","issuerOpts","metadataOpts","issuerMetadata","authorizationServerMetadata","get","opts","builder","createVciIssuerBuilder","issuerOptions","credentialDataSupplier","context","build","metadataOptions","value","OID4VCIIssuer","_DEFAULT_OPTS_KEY","instances","Map","schema","IDidAuthSiopOpAuthenticator","methods","oid4vciCreateOfferURI","bind","oid4vciIssueCredential","oid4vciCreateAccessTokenResponse","oid4vciGetInstance","_opts","constructor","opts","createArgs","context","then","instance","get","issuer","createCredentialOfferURI","response","result","returnSessions","session","issueArgs","issueCredential","accessTokenArgs","assertValidAccessTokenRequest","request","credentialOfferSessions","expirationDuration","accessTokenIssuer","issuerOptions","idOpts","didOpts","identifier","toString","Promise","reject","Error","createAccessTokenResponse","tokenExpiresIn","cNonceExpiresIn","cNonces","accessTokenSignerCallback","getAccessTokenSignerCallback","getExternalAS","issuerMetadata","Array","isArray","authorization_servers","find","as","credential_issuer","undefined","createIssuerInstance","args","credentialIssuer","metadataOpts","getMetadataOpts","getIssuerMetadata","externalAS","asMetadataResponse","retrieveWellknown","WellKnownEndpoints","OPENID_CONFIGURATION","errorOnNotFound","OAUTH_AS","authorizationServerMetadata","successBody","getAuthorizationServerMetadataFromStore","issuerOpts","getIssuerOptsFromStore","resolveOpts","resolver","getAgentResolver","set","IssuerInstance","has","storeId","namespace","options","agent","oid4vciStoreGetIssuerOpts","metadataType","correlationId","storeNamespace","metadata","oid4vciStoreGetMetadata","defaultStoreId","oid4vciStoreDefaultStoreId","defaultNamespace","oid4vciStoreDefaultNamespace","schema","require"]}