{"version":3,"file":"DifPresentationExchangeService.mjs","names":["DifPresentationExchangeSubmissionLocation"],"sources":["../../../src/modules/dif-presentation-exchange/DifPresentationExchangeService.ts"],"sourcesContent":["import type { Checked, PresentationSignCallBackParams, Validated, VerifiablePresentationResult } from '@animo-id/pex'\nimport { PEX, Status } from '@animo-id/pex'\nimport { type PartialSdJwtDecodedVerifiableCredential, PEVersion } from '@animo-id/pex/dist/main/lib/index.js'\nimport type { InputDescriptorV2 } from '@sphereon/pex-models'\nimport type {\n SdJwtDecodedVerifiableCredential,\n W3CVerifiablePresentation as SphereonW3cVerifiablePresentation,\n W3CVerifiablePresentation,\n} from '@sphereon/ssi-types'\nimport type { AgentContext } from '../../agent'\nimport { CredoError } from '../../error'\nimport { injectable } from '../../plugins'\nimport type { Query } from '../../storage/StorageService'\nimport { JsonTransformer } from '../../utils'\nimport { uuid } from '../../utils/uuid'\nimport type { VerificationMethod } from '../dids'\nimport { DidsApi, getPublicJwkFromVerificationMethod } from '../dids'\nimport { getJwkHumanDescription } from '../kms'\nimport { MdocApi, MdocRecord, type MdocSessionTranscriptOptions } from '../mdoc'\nimport { MdocDeviceResponse } from '../mdoc/MdocDeviceResponse'\nimport type { SdJwtVcRecord } from '../sd-jwt-vc'\nimport { SdJwtVcApi } from '../sd-jwt-vc'\nimport type { W3cCredentialRecord, W3cJsonPresentation } from '../vc'\nimport {\n ClaimFormat,\n SignatureSuiteRegistry,\n W3cCredentialRepository,\n W3cCredentialService,\n W3cPresentation,\n} from '../vc'\nimport { purposes } from '../vc/data-integrity/libraries/jsonld-signatures'\nimport type { IAnonCredsDataIntegrityService } from '../vc/data-integrity/models/IAnonCredsDataIntegrityService'\nimport {\n ANONCREDS_DATA_INTEGRITY_CRYPTOSUITE,\n AnonCredsDataIntegrityServiceSymbol,\n} from '../vc/data-integrity/models/IAnonCredsDataIntegrityService'\nimport { DifPresentationExchangeError } from './DifPresentationExchangeError'\nimport type {\n DifPexCredentialsForRequest,\n DifPexInputDescriptorToCredentials,\n DifPresentationExchangeDefinition,\n DifPresentationExchangeDefinitionV1,\n DifPresentationExchangeDefinitionV2,\n DifPresentationExchangeSubmission,\n VerifiablePresentation,\n} from './models'\nimport { DifPresentationExchangeSubmissionLocation } from './models'\nimport type { PresentationToCreate } from './utils'\nimport {\n getCredentialsForRequest,\n getPresentationsToCreate,\n getSphereonOriginalVerifiableCredential,\n getSphereonOriginalVerifiablePresentation,\n getVerifiablePresentationFromEncoded,\n} from './utils'\n\n/**\n * @todo create a public api for using dif presentation exchange\n */\n@injectable()\nexport class DifPresentationExchangeService {\n private pex = new PEX()\n\n public constructor(private w3cCredentialService: W3cCredentialService) {}\n\n public async getCredentialsForRequest(\n agentContext: AgentContext,\n presentationDefinition: DifPresentationExchangeDefinition\n ): Promise {\n const credentialRecords = await this.queryCredentialForPresentationDefinition(agentContext, presentationDefinition)\n return getCredentialsForRequest(agentContext, this.pex, presentationDefinition, credentialRecords)\n }\n\n /**\n * Selects the credentials to use based on the output from `getCredentialsForRequest`\n * Use this method if you don't want to manually select the credentials yourself.\n */\n public selectCredentialsForRequest(\n credentialsForRequest: DifPexCredentialsForRequest\n ): DifPexInputDescriptorToCredentials {\n if (!credentialsForRequest.areRequirementsSatisfied) {\n throw new CredoError('Could not find the required credentials for the presentation submission')\n }\n\n const credentials: DifPexInputDescriptorToCredentials = {}\n\n for (const requirement of credentialsForRequest.requirements) {\n // Take needsCount entries from the submission entry\n for (const submission of requirement.submissionEntry.slice(0, requirement.needsCount)) {\n if (!credentials[submission.inputDescriptorId]) {\n credentials[submission.inputDescriptorId] = []\n }\n\n // We pick the first matching VC if we are auto-selecting\n credentials[submission.inputDescriptorId].push(submission.verifiableCredentials[0])\n }\n }\n\n return credentials\n }\n\n public validatePresentationDefinition(presentationDefinition: DifPresentationExchangeDefinition) {\n const validation = PEX.validateDefinition(presentationDefinition)\n const errorMessages = this.formatValidated(validation)\n\n if (errorMessages.length > 0) {\n throw new DifPresentationExchangeError('Invalid presentation definition', { additionalMessages: errorMessages })\n }\n }\n\n public validatePresentationSubmission(presentationSubmission: DifPresentationExchangeSubmission) {\n const validation = PEX.validateSubmission(presentationSubmission)\n const errorMessages = this.formatValidated(validation)\n if (errorMessages.length > 0) {\n throw new DifPresentationExchangeError('Invalid presentation submission', { additionalMessages: errorMessages })\n }\n }\n\n public validatePresentation(\n presentationDefinition: DifPresentationExchangeDefinition,\n presentations: VerifiablePresentation | VerifiablePresentation[],\n presentationSubmission?: DifPresentationExchangeSubmission\n ) {\n const result = this.pex.evaluatePresentation(\n presentationDefinition,\n Array.isArray(presentations)\n ? presentations.map(getSphereonOriginalVerifiablePresentation)\n : getSphereonOriginalVerifiablePresentation(presentations),\n {\n limitDisclosureSignatureSuites: ['DataIntegrityProof.anoncreds-2023'],\n presentationSubmission,\n }\n )\n\n if (result.areRequiredCredentialsPresent === Status.ERROR) {\n const errorMessages = this.formatValidated(result.errors)\n throw new DifPresentationExchangeError('Invalid presentation', { additionalMessages: errorMessages })\n }\n }\n\n private formatValidated(v?: Checked[] | Validated) {\n const validated = Array.isArray(v) ? v : v ? [v] : []\n return validated\n .filter((r) => r.status === Status.ERROR)\n .map((r) => r.message)\n .filter((r): r is string => Boolean(r))\n }\n\n public async createPresentation(\n agentContext: AgentContext,\n options: {\n credentialsForInputDescriptor: DifPexInputDescriptorToCredentials\n presentationDefinition: DifPresentationExchangeDefinition\n /**\n * Defaults to {@link DifPresentationExchangeSubmissionLocation.PRESENTATION}\n */\n presentationSubmissionLocation?: DifPresentationExchangeSubmissionLocation\n /**\n * Also known as `nonce`\n */\n challenge: string\n\n /**\n * Also known as `audience`\n */\n domain?: string\n\n /**\n * Mdoc openid4vp specific options\n */\n mdocSessionTranscript?: MdocSessionTranscriptOptions\n }\n ) {\n const { presentationDefinition, domain, challenge, mdocSessionTranscript } = options\n const presentationSubmissionLocation =\n options.presentationSubmissionLocation ?? DifPresentationExchangeSubmissionLocation.PRESENTATION\n\n const verifiablePresentationResultsWithFormat: Array<{\n verifiablePresentationResult: VerifiablePresentationResult\n claimFormat: PresentationToCreate['claimFormat']\n }> = []\n\n const presentationsToCreate = getPresentationsToCreate(options.credentialsForInputDescriptor)\n for (const presentationToCreate of presentationsToCreate) {\n // We create a presentation for each subject\n // Thus for each subject we need to filter all the related input descriptors and credentials\n const inputDescriptorIds = presentationToCreate.verifiableCredentials.map((c) => c.inputDescriptorId)\n const inputDescriptorsForPresentation = (\n presentationDefinition as DifPresentationExchangeDefinitionV1\n ).input_descriptors.filter((inputDescriptor) => inputDescriptorIds.includes(inputDescriptor.id))\n\n const presentationDefinitionForSubject: DifPresentationExchangeDefinition = {\n ...presentationDefinition,\n input_descriptors: inputDescriptorsForPresentation,\n\n // We remove the submission requirements, as it will otherwise fail to create the VP\n submission_requirements: undefined,\n }\n\n if (presentationToCreate.claimFormat === ClaimFormat.MsoMdoc) {\n if (presentationToCreate.verifiableCredentials.length !== 1) {\n throw new DifPresentationExchangeError(\n 'Currently a Mdoc presentation can only be created from a single credential'\n )\n }\n\n if (!mdocSessionTranscript) {\n throw new DifPresentationExchangeError(\n 'Missing mdoc session transcript options for creating MDOC presentation.'\n )\n }\n\n const { credential, inputDescriptorId } = presentationToCreate.verifiableCredentials[0]\n\n const deviceResponse = await MdocDeviceResponse.createDeviceResponseWithPresentationDefinition(agentContext, {\n mdocs: [credential.firstCredential],\n presentationDefinition,\n sessionTranscriptOptions: mdocSessionTranscript,\n })\n\n if (presentationSubmissionLocation !== DifPresentationExchangeSubmissionLocation.EXTERNAL) {\n throw new DifPresentationExchangeError(\n 'Only EXTERNAL DifPresentationExchangeSubmissionLocation supported for mdoc presentations'\n )\n }\n\n verifiablePresentationResultsWithFormat.push({\n verifiablePresentationResult: {\n presentationSubmission: {\n id: `MdocPresentationSubmission ${uuid()}`,\n definition_id: presentationDefinition.id,\n descriptor_map: [\n {\n id: inputDescriptorId,\n format: 'mso_mdoc',\n path: '$',\n },\n ],\n },\n verifiablePresentations: [deviceResponse.encoded],\n presentationSubmissionLocation,\n },\n claimFormat: presentationToCreate.claimFormat,\n })\n } else {\n // Get all the credentials for the presentation\n const credentialsForPresentation = presentationToCreate.verifiableCredentials.map((c) =>\n getSphereonOriginalVerifiableCredential(c.credential)\n )\n\n const extraProofOptions = this.shouldSignUsingAnonCredsDataIntegrity(presentationToCreate)\n ? {\n typeSupportsSelectiveDisclosure: true,\n type: `DataIntegrityProof.${ANONCREDS_DATA_INTEGRITY_CRYPTOSUITE}`,\n }\n : {}\n\n const verifiablePresentationResult = await this.pex.verifiablePresentationFrom(\n presentationDefinitionForSubject,\n credentialsForPresentation,\n this.getPresentationSignCallback(agentContext, presentationToCreate),\n {\n proofOptions: {\n challenge,\n domain,\n\n ...extraProofOptions,\n },\n presentationSubmissionLocation,\n }\n )\n\n verifiablePresentationResultsWithFormat.push({\n verifiablePresentationResult,\n claimFormat: presentationToCreate.claimFormat,\n })\n }\n }\n\n if (verifiablePresentationResultsWithFormat.length === 0) {\n throw new DifPresentationExchangeError('No verifiable presentations created')\n }\n\n if (presentationsToCreate.length !== verifiablePresentationResultsWithFormat.length) {\n throw new DifPresentationExchangeError('Invalid amount of verifiable presentations created')\n }\n\n const presentationSubmission: DifPresentationExchangeSubmission = {\n id: verifiablePresentationResultsWithFormat[0].verifiablePresentationResult.presentationSubmission.id,\n definition_id:\n verifiablePresentationResultsWithFormat[0].verifiablePresentationResult.presentationSubmission.definition_id,\n descriptor_map: [],\n }\n\n verifiablePresentationResultsWithFormat.forEach(({ verifiablePresentationResult }, index) => {\n const descriptorMap = verifiablePresentationResult.presentationSubmission.descriptor_map.map((d) => {\n const descriptor = { ...d }\n\n // when multiple presentations are submitted, path should be $[0], $[1]\n // FIXME: this should be addressed in the PEX/OID4VP lib.\n // See https://github.com/Sphereon-Opensource/SIOP-OID4VP/issues/62\n if (\n presentationSubmissionLocation === DifPresentationExchangeSubmissionLocation.EXTERNAL &&\n verifiablePresentationResultsWithFormat.length > 1\n ) {\n descriptor.path = `$[${index}]`\n }\n\n return descriptor\n })\n\n presentationSubmission.descriptor_map.push(...descriptorMap)\n })\n\n return {\n verifiablePresentations: verifiablePresentationResultsWithFormat.flatMap((resultWithFormat) =>\n resultWithFormat.verifiablePresentationResult.verifiablePresentations.map((vp) =>\n getVerifiablePresentationFromEncoded(agentContext, vp)\n )\n ),\n encodedVerifiablePresentations: verifiablePresentationResultsWithFormat.flatMap(\n (resultWithFormat) =>\n resultWithFormat.verifiablePresentationResult.verifiablePresentations as unknown as (\n | string\n | W3cJsonPresentation\n )[]\n ),\n presentationSubmission,\n presentationSubmissionLocation:\n verifiablePresentationResultsWithFormat[0].verifiablePresentationResult.presentationSubmissionLocation,\n }\n }\n\n private getSigningAlgorithmFromVerificationMethod(\n verificationMethod: VerificationMethod,\n suitableAlgorithms?: Array\n ) {\n const publicJwk = getPublicJwkFromVerificationMethod(verificationMethod)\n\n if (suitableAlgorithms) {\n const possibleAlgorithms = publicJwk.supportedSignatureAlgorithms.filter((alg) =>\n suitableAlgorithms?.includes(alg)\n )\n if (!possibleAlgorithms || possibleAlgorithms.length === 0) {\n throw new DifPresentationExchangeError(\n [\n 'Found no suitable signing algorithm.',\n `Algorithms supported by Verification method: ${publicJwk.supportedSignatureAlgorithms.join(', ')}`,\n `Suitable algorithms: ${suitableAlgorithms.join(', ')}`,\n ].join('\\n')\n )\n }\n\n return possibleAlgorithms[0]\n }\n\n return publicJwk.signatureAlgorithm\n }\n\n private getSigningAlgorithmsForPresentationDefinitionAndInputDescriptors(\n algorithmsSatisfyingDefinition: Array,\n inputDescriptorAlgorithms: Array>\n ) {\n const allDescriptorAlgorithms = inputDescriptorAlgorithms.flat()\n const algorithmsSatisfyingDescriptors = allDescriptorAlgorithms.filter((alg) =>\n inputDescriptorAlgorithms.every((descriptorAlgorithmSet) => descriptorAlgorithmSet.includes(alg))\n )\n\n const algorithmsSatisfyingPdAndDescriptorRestrictions = algorithmsSatisfyingDefinition.filter((alg) =>\n algorithmsSatisfyingDescriptors.includes(alg)\n )\n\n if (\n algorithmsSatisfyingDefinition.length > 0 &&\n algorithmsSatisfyingDescriptors.length > 0 &&\n algorithmsSatisfyingPdAndDescriptorRestrictions.length === 0\n ) {\n throw new DifPresentationExchangeError(\n 'No signature algorithm found for satisfying restrictions of the presentation definition and input descriptors'\n )\n }\n\n if (allDescriptorAlgorithms.length > 0 && algorithmsSatisfyingDescriptors.length === 0) {\n throw new DifPresentationExchangeError(\n 'No signature algorithm found for satisfying restrictions of the input descriptors'\n )\n }\n\n let suitableAlgorithms: Array | undefined\n if (algorithmsSatisfyingPdAndDescriptorRestrictions.length > 0) {\n suitableAlgorithms = algorithmsSatisfyingPdAndDescriptorRestrictions\n } else if (algorithmsSatisfyingDescriptors.length > 0) {\n suitableAlgorithms = algorithmsSatisfyingDescriptors\n } else if (algorithmsSatisfyingDefinition.length > 0) {\n suitableAlgorithms = algorithmsSatisfyingDefinition\n }\n\n return suitableAlgorithms\n }\n\n private getSigningAlgorithmForJwtVc(\n presentationDefinition: DifPresentationExchangeDefinitionV1 | DifPresentationExchangeDefinitionV2,\n verificationMethod: VerificationMethod\n ) {\n const algorithmsSatisfyingDefinition = presentationDefinition.format?.jwt_vc?.alg ?? []\n\n const inputDescriptorAlgorithms: Array> = presentationDefinition.input_descriptors\n .map((descriptor) => (descriptor as InputDescriptorV2).format?.jwt_vc?.alg ?? [])\n .filter((alg) => alg.length > 0)\n\n const suitableAlgorithms = this.getSigningAlgorithmsForPresentationDefinitionAndInputDescriptors(\n algorithmsSatisfyingDefinition,\n inputDescriptorAlgorithms\n )\n\n return this.getSigningAlgorithmFromVerificationMethod(verificationMethod, suitableAlgorithms)\n }\n\n private getProofTypeForLdpVc(\n agentContext: AgentContext,\n presentationDefinition: DifPresentationExchangeDefinitionV1 | DifPresentationExchangeDefinitionV2,\n verificationMethod: VerificationMethod\n ) {\n const algorithmsSatisfyingDefinition = presentationDefinition.format?.ldp_vc?.proof_type ?? []\n\n const inputDescriptorAlgorithms: Array> = presentationDefinition.input_descriptors\n .map((descriptor) => (descriptor as InputDescriptorV2).format?.ldp_vc?.proof_type ?? [])\n .filter((alg) => alg.length > 0)\n\n const suitableSignatureSuites = this.getSigningAlgorithmsForPresentationDefinitionAndInputDescriptors(\n algorithmsSatisfyingDefinition,\n inputDescriptorAlgorithms\n )\n\n // For each of the supported algs, find the key types, then find the proof types\n const signatureSuiteRegistry = agentContext.dependencyManager.resolve(SignatureSuiteRegistry)\n\n const publicJwk = getPublicJwkFromVerificationMethod(verificationMethod)\n const supportedSignatureSuites = signatureSuiteRegistry.getAllByPublicJwkType(publicJwk)\n if (supportedSignatureSuites.length === 0) {\n throw new DifPresentationExchangeError(\n `Couldn't find a supported signature suite for the given jwk ${getJwkHumanDescription(publicJwk.toJson())}`\n )\n }\n\n if (suitableSignatureSuites) {\n const foundSignatureSuite = supportedSignatureSuites.find((suite) =>\n suitableSignatureSuites.includes(suite.proofType)\n )\n\n if (!foundSignatureSuite) {\n throw new DifPresentationExchangeError(\n [\n 'No possible signature suite found for the given verification method.',\n `Verification method type: ${verificationMethod.type}`,\n `jwk type: ${getJwkHumanDescription(publicJwk.toJson())}`,\n `SupportedSignatureSuites: '${supportedSignatureSuites.map((s) => s.proofType).join(', ')}'`,\n `SuitableSignatureSuites: ${suitableSignatureSuites.join(', ')}`,\n ].join('\\n')\n )\n }\n\n return foundSignatureSuite.proofType\n }\n\n return supportedSignatureSuites[0].proofType\n }\n\n /**\n * if all submission descriptors have a format of di | ldp,\n * and all credentials have an ANONCREDS_DATA_INTEGRITY proof we default to\n * signing the presentation using the ANONCREDS_DATA_INTEGRITY_CRYPTOSUITE\n */\n private shouldSignUsingAnonCredsDataIntegrity(\n presentationToCreate: PresentationToCreate,\n presentationSubmission?: DifPresentationExchangeSubmission\n ) {\n if (presentationToCreate.claimFormat !== ClaimFormat.LdpVp) return undefined\n\n const validDescriptorFormat =\n !presentationSubmission ||\n presentationSubmission.descriptor_map.every((descriptor) =>\n [ClaimFormat.DiVc, ClaimFormat.DiVp, ClaimFormat.LdpVc, ClaimFormat.LdpVp].includes(\n descriptor.format as ClaimFormat\n )\n )\n\n const credentialAreSignedUsingAnonCredsDataIntegrity = presentationToCreate.verifiableCredentials.every(\n ({ credential }) => {\n const firstCredential = credential.firstCredential\n if (firstCredential.claimFormat !== ClaimFormat.LdpVc) return false\n return firstCredential.dataIntegrityCryptosuites.includes(ANONCREDS_DATA_INTEGRITY_CRYPTOSUITE)\n }\n )\n\n return validDescriptorFormat && credentialAreSignedUsingAnonCredsDataIntegrity\n }\n\n private getPresentationSignCallback(agentContext: AgentContext, presentationToCreate: PresentationToCreate) {\n return async (callBackParams: PresentationSignCallBackParams) => {\n // The created partial proof and presentation, as well as original supplied options\n const {\n presentation: presentationInput,\n options,\n presentationDefinition,\n presentationSubmission,\n } = callBackParams\n const { challenge, domain } = options.proofOptions ?? {}\n\n if (!challenge) {\n throw new CredoError('challenge MUST be provided when signing a Verifiable Presentation')\n }\n\n if (presentationToCreate.claimFormat === ClaimFormat.JwtVp) {\n if (!presentationToCreate.subjectIds) {\n throw new DifPresentationExchangeError('Cannot create presentation for credentials without subject id')\n }\n\n // Determine a suitable verification method for the presentation\n const verificationMethod = await this.getVerificationMethodForSubjectId(\n agentContext,\n presentationToCreate.subjectIds[0]\n )\n\n const w3cPresentation = JsonTransformer.fromJSON(presentationInput, W3cPresentation)\n w3cPresentation.holder = verificationMethod.controller\n\n const signedPresentation = await this.w3cCredentialService.signPresentation(agentContext, {\n format: ClaimFormat.JwtVp,\n alg: this.getSigningAlgorithmForJwtVc(presentationDefinition, verificationMethod),\n verificationMethod: verificationMethod.id,\n presentation: w3cPresentation,\n challenge,\n domain,\n })\n\n return signedPresentation.encoded as W3CVerifiablePresentation\n }\n if (presentationToCreate.claimFormat === ClaimFormat.LdpVp) {\n if (this.shouldSignUsingAnonCredsDataIntegrity(presentationToCreate, presentationSubmission)) {\n // make sure the descriptors format properties are set correctly\n presentationSubmission.descriptor_map = presentationSubmission.descriptor_map.map((descriptor) => ({\n ...descriptor,\n format: 'di_vp',\n }))\n const anoncredsDataIntegrityService = agentContext.dependencyManager.resolve(\n AnonCredsDataIntegrityServiceSymbol\n )\n const presentation = await anoncredsDataIntegrityService.createPresentation(agentContext, {\n presentationDefinition,\n presentationSubmission,\n selectedCredentialRecords: presentationToCreate.verifiableCredentials.map((vc) => vc.credential),\n challenge,\n })\n return {\n ...presentation.toJSON(),\n presentation_submission: presentationSubmission,\n } as unknown as SphereonW3cVerifiablePresentation\n }\n\n if (!presentationToCreate.subjectIds) {\n throw new DifPresentationExchangeError('Cannot create presentation for credentials without subject id')\n }\n // Determine a suitable verification method for the presentation\n const verificationMethod = await this.getVerificationMethodForSubjectId(\n agentContext,\n presentationToCreate.subjectIds[0]\n )\n\n const w3cPresentation = JsonTransformer.fromJSON(presentationInput, W3cPresentation)\n w3cPresentation.holder = verificationMethod.controller\n\n const signedPresentation = await this.w3cCredentialService.signPresentation(agentContext, {\n format: ClaimFormat.LdpVp,\n // TODO: we should move the check for which proof to use for a presentation to earlier\n // as then we know when determining which VPs to submit already if the proof types are supported\n // by the verifier, and we can then just add this to the vpToCreate interface\n proofType: this.getProofTypeForLdpVc(agentContext, presentationDefinition, verificationMethod),\n proofPurpose: new purposes.AuthenticationProofPurpose({ challenge, domain }),\n verificationMethod: verificationMethod.id,\n presentation: w3cPresentation,\n challenge,\n domain,\n })\n\n return signedPresentation.encoded as W3CVerifiablePresentation\n }\n if (presentationToCreate.claimFormat === ClaimFormat.SdJwtDc) {\n const sdJwtInput = presentationInput as\n | SdJwtDecodedVerifiableCredential\n | PartialSdJwtDecodedVerifiableCredential\n\n if (!domain) {\n throw new CredoError(\"Missing 'domain' property, unable to set required 'aud' property in SD-JWT KB-JWT\")\n }\n\n const sdJwtVcApi = this.getSdJwtVcApi(agentContext)\n\n // NOTE: we use the kmsKeyId from the first credential. We don't support the new useMode (for single-use credentials) for PEX\n const originalSdJwtVc = sdJwtVcApi.fromCompact(sdJwtInput.compactSdJwtVc)\n originalSdJwtVc.kmsKeyId =\n presentationToCreate.verifiableCredentials[0].credential.credentialInstances[0].kmsKeyId\n\n const sdJwtVc = await sdJwtVcApi.present({\n sdJwtVc: originalSdJwtVc,\n // SD is already handled by PEX, so we presents all keys\n presentationFrame: undefined,\n verifierMetadata: {\n audience: domain,\n nonce: challenge,\n // TODO: we should make this optional\n issuedAt: Math.floor(Date.now() / 1000),\n },\n additionalPayload: presentationToCreate.verifiableCredentials[0].additionalPayload,\n })\n\n return sdJwtVc\n }\n throw new DifPresentationExchangeError(\n 'Only JWT, SD-JWT-VC, JSONLD credentials are supported for a single presentation'\n )\n }\n }\n\n private async getVerificationMethodForSubjectId(agentContext: AgentContext, subjectId: string) {\n const didsApi = agentContext.dependencyManager.resolve(DidsApi)\n\n if (!subjectId.startsWith('did:')) {\n throw new DifPresentationExchangeError(\n `Only dids are supported as credentialSubject id. ${subjectId} is not a valid did`\n )\n }\n\n const didDocument = await didsApi.resolveDidDocument(subjectId)\n\n if (!didDocument.authentication || didDocument.authentication.length === 0) {\n throw new DifPresentationExchangeError(\n `No authentication verificationMethods found for did ${subjectId} in did document`\n )\n }\n\n // the signature suite to use for the presentation is dependant on the credentials we share.\n // 1. Get the verification method for this given proof purpose in this DID document\n let [verificationMethod] = didDocument.authentication\n if (typeof verificationMethod === 'string') {\n verificationMethod = didDocument.dereferenceKey(verificationMethod, ['authentication'])\n }\n\n return verificationMethod\n }\n\n /**\n * Queries the wallet for credentials that match the given presentation definition. This only does an initial query based on the\n * schema of the input descriptors. It does not do any further filtering based on the constraints in the input descriptors.\n */\n private async queryCredentialForPresentationDefinition(\n agentContext: AgentContext,\n presentationDefinition: DifPresentationExchangeDefinition\n ): Promise> {\n const w3cCredentialRepository = agentContext.dependencyManager.resolve(W3cCredentialRepository)\n const w3cQuery: Array> = []\n const sdJwtVcQuery: Array> = []\n const mdocQuery: Array> = []\n\n const presentationDefinitionVersion = PEX.definitionVersionDiscovery(presentationDefinition)\n\n if (!presentationDefinitionVersion.version) {\n throw new DifPresentationExchangeError(\n 'Unable to determine the Presentation Exchange version from the presentation definition',\n presentationDefinitionVersion.error ? { additionalMessages: [presentationDefinitionVersion.error] } : {}\n )\n }\n\n // FIXME: in the query we should take into account the supported proof types of the verifier\n // this could help enormously in the amount of credentials we have to retrieve from storage.\n if (presentationDefinitionVersion.version === PEVersion.v1) {\n const pd = presentationDefinition as DifPresentationExchangeDefinitionV1\n\n // The schema.uri can contain either an expanded type, or a context uri\n for (const inputDescriptor of pd.input_descriptors) {\n for (const schema of inputDescriptor.schema) {\n sdJwtVcQuery.push({\n vct: schema.uri,\n })\n w3cQuery.push({\n $or: [{ expandedTypes: [schema.uri] }, { contexts: [schema.uri] }, { types: [schema.uri] }],\n })\n mdocQuery.push({\n docType: inputDescriptor.id,\n })\n }\n }\n } else if (presentationDefinitionVersion.version === PEVersion.v2) {\n // FIXME: As PE version 2 does not have the `schema` anymore, we can't query by schema anymore.\n // We probably need\n // to find some way to do initial filtering, hopefully if there's a filter on the `type` field or something.\n } else {\n throw new DifPresentationExchangeError(\n `Unsupported presentation definition version ${presentationDefinitionVersion.version as unknown as string}`\n )\n }\n\n const allRecords: Array = []\n\n // query the wallet ourselves first to avoid the need to query the pex library for all\n // credentials for every proof request\n const w3cCredentialRecords =\n w3cQuery.length > 0\n ? await w3cCredentialRepository.findByQuery(agentContext, { $or: w3cQuery })\n : await w3cCredentialRepository.getAll(agentContext)\n allRecords.push(...w3cCredentialRecords)\n\n const sdJwtVcApi = this.getSdJwtVcApi(agentContext)\n const sdJwtVcRecords =\n sdJwtVcQuery.length > 0 ? await sdJwtVcApi.findAllByQuery({ $or: sdJwtVcQuery }) : await sdJwtVcApi.getAll()\n allRecords.push(...sdJwtVcRecords)\n\n const mdocApi = this.getMdocApi(agentContext)\n const mdocRecords = mdocQuery.length > 0 ? await mdocApi.findAllByQuery({ $or: mdocQuery }) : await mdocApi.getAll()\n allRecords.push(...mdocRecords)\n\n return allRecords\n }\n\n private getSdJwtVcApi(agentContext: AgentContext) {\n return agentContext.dependencyManager.resolve(SdJwtVcApi)\n }\n\n private getMdocApi(agentContext: AgentContext) {\n return agentContext.dependencyManager.resolve(MdocApi)\n }\n}\n"],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AA4DO,2CAAM,+BAA+B;CAG1C,AAAO,YAAY,AAAQ,sBAA4C;EAA5C;OAFnB,MAAM,IAAI,KAAK;;CAIvB,MAAa,yBACX,cACA,wBACsC;EACtC,MAAM,oBAAoB,MAAM,KAAK,yCAAyC,cAAc,uBAAuB;AACnH,SAAO,yBAAyB,cAAc,KAAK,KAAK,wBAAwB,kBAAkB;;;;;;CAOpG,AAAO,4BACL,uBACoC;AACpC,MAAI,CAAC,sBAAsB,yBACzB,OAAM,IAAI,WAAW,0EAA0E;EAGjG,MAAM,cAAkD,EAAE;AAE1D,OAAK,MAAM,eAAe,sBAAsB,aAE9C,MAAK,MAAM,cAAc,YAAY,gBAAgB,MAAM,GAAG,YAAY,WAAW,EAAE;AACrF,OAAI,CAAC,YAAY,WAAW,mBAC1B,aAAY,WAAW,qBAAqB,EAAE;AAIhD,eAAY,WAAW,mBAAmB,KAAK,WAAW,sBAAsB,GAAG;;AAIvF,SAAO;;CAGT,AAAO,+BAA+B,wBAA2D;EAC/F,MAAM,aAAa,IAAI,mBAAmB,uBAAuB;EACjE,MAAM,gBAAgB,KAAK,gBAAgB,WAAW;AAEtD,MAAI,cAAc,SAAS,EACzB,OAAM,IAAI,6BAA6B,mCAAmC,EAAE,oBAAoB,eAAe,CAAC;;CAIpH,AAAO,+BAA+B,wBAA2D;EAC/F,MAAM,aAAa,IAAI,mBAAmB,uBAAuB;EACjE,MAAM,gBAAgB,KAAK,gBAAgB,WAAW;AACtD,MAAI,cAAc,SAAS,EACzB,OAAM,IAAI,6BAA6B,mCAAmC,EAAE,oBAAoB,eAAe,CAAC;;CAIpH,AAAO,qBACL,wBACA,eACA,wBACA;EACA,MAAM,SAAS,KAAK,IAAI,qBACtB,wBACA,MAAM,QAAQ,cAAc,GACxB,cAAc,IAAI,0CAA0C,GAC5D,0CAA0C,cAAc,EAC5D;GACE,gCAAgC,CAAC,oCAAoC;GACrE;GACD,CACF;AAED,MAAI,OAAO,kCAAkC,OAAO,MAElD,OAAM,IAAI,6BAA6B,wBAAwB,EAAE,oBAD3C,KAAK,gBAAgB,OAAO,OAAO,EAC2C,CAAC;;CAIzG,AAAQ,gBAAgB,GAA2B;AAEjD,UADkB,MAAM,QAAQ,EAAE,GAAG,IAAI,IAAI,CAAC,EAAE,GAAG,EAAE,EAElD,QAAQ,MAAM,EAAE,WAAW,OAAO,MAAM,CACxC,KAAK,MAAM,EAAE,QAAQ,CACrB,QAAQ,MAAmB,QAAQ,EAAE,CAAC;;CAG3C,MAAa,mBACX,cACA,SAsBA;EACA,MAAM,EAAE,wBAAwB,QAAQ,WAAW,0BAA0B;EAC7E,MAAM,iCACJ,QAAQ,kCAAkCA,+BAA0C;EAEtF,MAAM,0CAGD,EAAE;EAEP,MAAM,wBAAwB,yBAAyB,QAAQ,8BAA8B;AAC7F,OAAK,MAAM,wBAAwB,uBAAuB;GAGxD,MAAM,qBAAqB,qBAAqB,sBAAsB,KAAK,MAAM,EAAE,kBAAkB;GACrG,MAAM,kCACJ,uBACA,kBAAkB,QAAQ,oBAAoB,mBAAmB,SAAS,gBAAgB,GAAG,CAAC;GAEhG,MAAM,mCAAsE;IAC1E,GAAG;IACH,mBAAmB;IAGnB,yBAAyB;IAC1B;AAED,OAAI,qBAAqB,gBAAgB,YAAY,SAAS;AAC5D,QAAI,qBAAqB,sBAAsB,WAAW,EACxD,OAAM,IAAI,6BACR,6EACD;AAGH,QAAI,CAAC,sBACH,OAAM,IAAI,6BACR,0EACD;IAGH,MAAM,EAAE,YAAY,sBAAsB,qBAAqB,sBAAsB;IAErF,MAAM,iBAAiB,MAAM,mBAAmB,+CAA+C,cAAc;KAC3G,OAAO,CAAC,WAAW,gBAAgB;KACnC;KACA,0BAA0B;KAC3B,CAAC;AAEF,QAAI,mCAAmCA,+BAA0C,SAC/E,OAAM,IAAI,6BACR,2FACD;AAGH,4CAAwC,KAAK;KAC3C,8BAA8B;MAC5B,wBAAwB;OACtB,IAAI,8BAA8B,MAAM;OACxC,eAAe,uBAAuB;OACtC,gBAAgB,CACd;QACE,IAAI;QACJ,QAAQ;QACR,MAAM;QACP,CACF;OACF;MACD,yBAAyB,CAAC,eAAe,QAAQ;MACjD;MACD;KACD,aAAa,qBAAqB;KACnC,CAAC;UACG;IAEL,MAAM,6BAA6B,qBAAqB,sBAAsB,KAAK,MACjF,wCAAwC,EAAE,WAAW,CACtD;IAED,MAAM,oBAAoB,KAAK,sCAAsC,qBAAqB,GACtF;KACE,iCAAiC;KACjC,MAAM,sBAAsB;KAC7B,GACD,EAAE;IAEN,MAAM,+BAA+B,MAAM,KAAK,IAAI,2BAClD,kCACA,4BACA,KAAK,4BAA4B,cAAc,qBAAqB,EACpE;KACE,cAAc;MACZ;MACA;MAEA,GAAG;MACJ;KACD;KACD,CACF;AAED,4CAAwC,KAAK;KAC3C;KACA,aAAa,qBAAqB;KACnC,CAAC;;;AAIN,MAAI,wCAAwC,WAAW,EACrD,OAAM,IAAI,6BAA6B,sCAAsC;AAG/E,MAAI,sBAAsB,WAAW,wCAAwC,OAC3E,OAAM,IAAI,6BAA6B,qDAAqD;EAG9F,MAAM,yBAA4D;GAChE,IAAI,wCAAwC,GAAG,6BAA6B,uBAAuB;GACnG,eACE,wCAAwC,GAAG,6BAA6B,uBAAuB;GACjG,gBAAgB,EAAE;GACnB;AAED,0CAAwC,SAAS,EAAE,gCAAgC,UAAU;GAC3F,MAAM,gBAAgB,6BAA6B,uBAAuB,eAAe,KAAK,MAAM;IAClG,MAAM,aAAa,EAAE,GAAG,GAAG;AAK3B,QACE,mCAAmCA,+BAA0C,YAC7E,wCAAwC,SAAS,EAEjD,YAAW,OAAO,KAAK,MAAM;AAG/B,WAAO;KACP;AAEF,0BAAuB,eAAe,KAAK,GAAG,cAAc;IAC5D;AAEF,SAAO;GACL,yBAAyB,wCAAwC,SAAS,qBACxE,iBAAiB,6BAA6B,wBAAwB,KAAK,OACzE,qCAAqC,cAAc,GAAG,CACvD,CACF;GACD,gCAAgC,wCAAwC,SACrE,qBACC,iBAAiB,6BAA6B,wBAIjD;GACD;GACA,gCACE,wCAAwC,GAAG,6BAA6B;GAC3E;;CAGH,AAAQ,0CACN,oBACA,oBACA;EACA,MAAM,YAAY,mCAAmC,mBAAmB;AAExE,MAAI,oBAAoB;GACtB,MAAM,qBAAqB,UAAU,6BAA6B,QAAQ,QACxE,oBAAoB,SAAS,IAAI,CAClC;AACD,OAAI,CAAC,sBAAsB,mBAAmB,WAAW,EACvD,OAAM,IAAI,6BACR;IACE;IACA,gDAAgD,UAAU,6BAA6B,KAAK,KAAK;IACjG,wBAAwB,mBAAmB,KAAK,KAAK;IACtD,CAAC,KAAK,KAAK,CACb;AAGH,UAAO,mBAAmB;;AAG5B,SAAO,UAAU;;CAGnB,AAAQ,iEACN,gCACA,2BACA;EACA,MAAM,0BAA0B,0BAA0B,MAAM;EAChE,MAAM,kCAAkC,wBAAwB,QAAQ,QACtE,0BAA0B,OAAO,2BAA2B,uBAAuB,SAAS,IAAI,CAAC,CAClG;EAED,MAAM,kDAAkD,+BAA+B,QAAQ,QAC7F,gCAAgC,SAAS,IAAI,CAC9C;AAED,MACE,+BAA+B,SAAS,KACxC,gCAAgC,SAAS,KACzC,gDAAgD,WAAW,EAE3D,OAAM,IAAI,6BACR,gHACD;AAGH,MAAI,wBAAwB,SAAS,KAAK,gCAAgC,WAAW,EACnF,OAAM,IAAI,6BACR,oFACD;EAGH,IAAI;AACJ,MAAI,gDAAgD,SAAS,EAC3D,sBAAqB;WACZ,gCAAgC,SAAS,EAClD,sBAAqB;WACZ,+BAA+B,SAAS,EACjD,sBAAqB;AAGvB,SAAO;;CAGT,AAAQ,4BACN,wBACA,oBACA;EACA,MAAM,iCAAiC,uBAAuB,QAAQ,QAAQ,OAAO,EAAE;EAEvF,MAAM,4BAAkD,uBAAuB,kBAC5E,KAAK,eAAgB,WAAiC,QAAQ,QAAQ,OAAO,EAAE,CAAC,CAChF,QAAQ,QAAQ,IAAI,SAAS,EAAE;EAElC,MAAM,qBAAqB,KAAK,iEAC9B,gCACA,0BACD;AAED,SAAO,KAAK,0CAA0C,oBAAoB,mBAAmB;;CAG/F,AAAQ,qBACN,cACA,wBACA,oBACA;EACA,MAAM,iCAAiC,uBAAuB,QAAQ,QAAQ,cAAc,EAAE;EAE9F,MAAM,4BAAkD,uBAAuB,kBAC5E,KAAK,eAAgB,WAAiC,QAAQ,QAAQ,cAAc,EAAE,CAAC,CACvF,QAAQ,QAAQ,IAAI,SAAS,EAAE;EAElC,MAAM,0BAA0B,KAAK,iEACnC,gCACA,0BACD;EAGD,MAAM,yBAAyB,aAAa,kBAAkB,QAAQ,uBAAuB;EAE7F,MAAM,YAAY,mCAAmC,mBAAmB;EACxE,MAAM,2BAA2B,uBAAuB,sBAAsB,UAAU;AACxF,MAAI,yBAAyB,WAAW,EACtC,OAAM,IAAI,6BACR,+DAA+D,uBAAuB,UAAU,QAAQ,CAAC,GAC1G;AAGH,MAAI,yBAAyB;GAC3B,MAAM,sBAAsB,yBAAyB,MAAM,UACzD,wBAAwB,SAAS,MAAM,UAAU,CAClD;AAED,OAAI,CAAC,oBACH,OAAM,IAAI,6BACR;IACE;IACA,6BAA6B,mBAAmB;IAChD,aAAa,uBAAuB,UAAU,QAAQ,CAAC;IACvD,8BAA8B,yBAAyB,KAAK,MAAM,EAAE,UAAU,CAAC,KAAK,KAAK,CAAC;IAC1F,4BAA4B,wBAAwB,KAAK,KAAK;IAC/D,CAAC,KAAK,KAAK,CACb;AAGH,UAAO,oBAAoB;;AAG7B,SAAO,yBAAyB,GAAG;;;;;;;CAQrC,AAAQ,sCACN,sBACA,wBACA;AACA,MAAI,qBAAqB,gBAAgB,YAAY,MAAO,QAAO;EAEnE,MAAM,wBACJ,CAAC,0BACD,uBAAuB,eAAe,OAAO,eAC3C;GAAC,YAAY;GAAM,YAAY;GAAM,YAAY;GAAO,YAAY;GAAM,CAAC,SACzE,WAAW,OACZ,CACF;EAEH,MAAM,iDAAiD,qBAAqB,sBAAsB,OAC/F,EAAE,iBAAiB;GAClB,MAAM,kBAAkB,WAAW;AACnC,OAAI,gBAAgB,gBAAgB,YAAY,MAAO,QAAO;AAC9D,UAAO,gBAAgB,0BAA0B,SAAS,qCAAqC;IAElG;AAED,SAAO,yBAAyB;;CAGlC,AAAQ,4BAA4B,cAA4B,sBAA4C;AAC1G,SAAO,OAAO,mBAAmD;GAE/D,MAAM,EACJ,cAAc,mBACd,SACA,wBACA,2BACE;GACJ,MAAM,EAAE,WAAW,WAAW,QAAQ,gBAAgB,EAAE;AAExD,OAAI,CAAC,UACH,OAAM,IAAI,WAAW,oEAAoE;AAG3F,OAAI,qBAAqB,gBAAgB,YAAY,OAAO;AAC1D,QAAI,CAAC,qBAAqB,WACxB,OAAM,IAAI,6BAA6B,gEAAgE;IAIzG,MAAM,qBAAqB,MAAM,KAAK,kCACpC,cACA,qBAAqB,WAAW,GACjC;IAED,MAAM,kBAAkB,gBAAgB,SAAS,mBAAmB,gBAAgB;AACpF,oBAAgB,SAAS,mBAAmB;AAW5C,YAT2B,MAAM,KAAK,qBAAqB,iBAAoC,cAAc;KAC3G,QAAQ,YAAY;KACpB,KAAK,KAAK,4BAA4B,wBAAwB,mBAAmB;KACjF,oBAAoB,mBAAmB;KACvC,cAAc;KACd;KACA;KACD,CAAC,EAEwB;;AAE5B,OAAI,qBAAqB,gBAAgB,YAAY,OAAO;AAC1D,QAAI,KAAK,sCAAsC,sBAAsB,uBAAuB,EAAE;AAE5F,4BAAuB,iBAAiB,uBAAuB,eAAe,KAAK,gBAAgB;MACjG,GAAG;MACH,QAAQ;MACT,EAAE;AAUH,YAAO;MACL,IAPmB,MAHiB,aAAa,kBAAkB,QACnE,oCACD,CACwD,mBAAmB,cAAc;OACxF;OACA;OACA,2BAA2B,qBAAqB,sBAAsB,KAAK,OAAO,GAAG,WAAW;OAChG;OACD,CAAC,EAEgB,QAAQ;MACxB,yBAAyB;MAC1B;;AAGH,QAAI,CAAC,qBAAqB,WACxB,OAAM,IAAI,6BAA6B,gEAAgE;IAGzG,MAAM,qBAAqB,MAAM,KAAK,kCACpC,cACA,qBAAqB,WAAW,GACjC;IAED,MAAM,kBAAkB,gBAAgB,SAAS,mBAAmB,gBAAgB;AACpF,oBAAgB,SAAS,mBAAmB;AAe5C,YAb2B,MAAM,KAAK,qBAAqB,iBAAiB,cAAc;KACxF,QAAQ,YAAY;KAIpB,WAAW,KAAK,qBAAqB,cAAc,wBAAwB,mBAAmB;KAC9F,cAAc,IAAI,SAAS,2BAA2B;MAAE;MAAW;MAAQ,CAAC;KAC5E,oBAAoB,mBAAmB;KACvC,cAAc;KACd;KACA;KACD,CAAC,EAEwB;;AAE5B,OAAI,qBAAqB,gBAAgB,YAAY,SAAS;IAC5D,MAAM,aAAa;AAInB,QAAI,CAAC,OACH,OAAM,IAAI,WAAW,oFAAoF;IAG3G,MAAM,aAAa,KAAK,cAAc,aAAa;IAGnD,MAAM,kBAAkB,WAAW,YAAY,WAAW,eAAe;AACzE,oBAAgB,WACd,qBAAqB,sBAAsB,GAAG,WAAW,oBAAoB,GAAG;AAelF,WAbgB,MAAM,WAAW,QAAQ;KACvC,SAAS;KAET,mBAAmB;KACnB,kBAAkB;MAChB,UAAU;MACV,OAAO;MAEP,UAAU,KAAK,MAAM,KAAK,KAAK,GAAG,IAAK;MACxC;KACD,mBAAmB,qBAAqB,sBAAsB,GAAG;KAClE,CAAC;;AAIJ,SAAM,IAAI,6BACR,kFACD;;;CAIL,MAAc,kCAAkC,cAA4B,WAAmB;EAC7F,MAAM,UAAU,aAAa,kBAAkB,QAAQ,QAAQ;AAE/D,MAAI,CAAC,UAAU,WAAW,OAAO,CAC/B,OAAM,IAAI,6BACR,oDAAoD,UAAU,qBAC/D;EAGH,MAAM,cAAc,MAAM,QAAQ,mBAAmB,UAAU;AAE/D,MAAI,CAAC,YAAY,kBAAkB,YAAY,eAAe,WAAW,EACvE,OAAM,IAAI,6BACR,uDAAuD,UAAU,kBAClE;EAKH,IAAI,CAAC,sBAAsB,YAAY;AACvC,MAAI,OAAO,uBAAuB,SAChC,sBAAqB,YAAY,eAAe,oBAAoB,CAAC,iBAAiB,CAAC;AAGzF,SAAO;;;;;;CAOT,MAAc,yCACZ,cACA,wBACkE;EAClE,MAAM,0BAA0B,aAAa,kBAAkB,QAAQ,wBAAwB;EAC/F,MAAM,WAA8C,EAAE;EACtD,MAAM,eAA4C,EAAE;EACpD,MAAM,YAAsC,EAAE;EAE9C,MAAM,gCAAgC,IAAI,2BAA2B,uBAAuB;AAE5F,MAAI,CAAC,8BAA8B,QACjC,OAAM,IAAI,6BACR,0FACA,8BAA8B,QAAQ,EAAE,oBAAoB,CAAC,8BAA8B,MAAM,EAAE,GAAG,EAAE,CACzG;AAKH,MAAI,8BAA8B,YAAY,UAAU,IAAI;GAC1D,MAAM,KAAK;AAGX,QAAK,MAAM,mBAAmB,GAAG,kBAC/B,MAAK,MAAM,UAAU,gBAAgB,QAAQ;AAC3C,iBAAa,KAAK,EAChB,KAAK,OAAO,KACb,CAAC;AACF,aAAS,KAAK,EACZ,KAAK;KAAC,EAAE,eAAe,CAAC,OAAO,IAAI,EAAE;KAAE,EAAE,UAAU,CAAC,OAAO,IAAI,EAAE;KAAE,EAAE,OAAO,CAAC,OAAO,IAAI,EAAE;KAAC,EAC5F,CAAC;AACF,cAAU,KAAK,EACb,SAAS,gBAAgB,IAC1B,CAAC;;aAGG,8BAA8B,YAAY,UAAU,IAAI,OAKjE,OAAM,IAAI,6BACR,+CAA+C,8BAA8B,UAC9E;EAGH,MAAM,aAAsE,EAAE;EAI9E,MAAM,uBACJ,SAAS,SAAS,IACd,MAAM,wBAAwB,YAAY,cAAc,EAAE,KAAK,UAAU,CAAC,GAC1E,MAAM,wBAAwB,OAAO,aAAa;AACxD,aAAW,KAAK,GAAG,qBAAqB;EAExC,MAAM,aAAa,KAAK,cAAc,aAAa;EACnD,MAAM,iBACJ,aAAa,SAAS,IAAI,MAAM,WAAW,eAAe,EAAE,KAAK,cAAc,CAAC,GAAG,MAAM,WAAW,QAAQ;AAC9G,aAAW,KAAK,GAAG,eAAe;EAElC,MAAM,UAAU,KAAK,WAAW,aAAa;EAC7C,MAAM,cAAc,UAAU,SAAS,IAAI,MAAM,QAAQ,eAAe,EAAE,KAAK,WAAW,CAAC,GAAG,MAAM,QAAQ,QAAQ;AACpH,aAAW,KAAK,GAAG,YAAY;AAE/B,SAAO;;CAGT,AAAQ,cAAc,cAA4B;AAChD,SAAO,aAAa,kBAAkB,QAAQ,WAAW;;CAG3D,AAAQ,WAAW,cAA4B;AAC7C,SAAO,aAAa,kBAAkB,QAAQ,QAAQ;;;6CA9pBzD,YAAY"}