diff --git a/CHANGELOG.md b/CHANGELOG.md index 609fdcf..cced08c 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -11,8 +11,21 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 - Support for all transactions relevant from protocol version 7 and onwards. This includes expanding `AccountTransactionPayload` with the necessary variants, and corresponding constructor functions for `AccountTransaction`. -- `WalletConnectSendTransactionParam` and `WalletConnectSignMessageParam` for decoding parameters received with walletconnect requests. +- `BakerKeyPairs.generate` for generating baker keys - `ContractSchema`, `TypeSchema`, and `ModuleSchema` for encoding/decoding data from/to the corresponding JSON representation +- `WalletSeed.encryptionKeys` to get the encryption keys for a credential index +- `decryptAmount` and `combineEncryptedAmounts` to handle encrypted amounts + +#### ID proofs +- `Statement` and `Proof` types for constructing ID statements and their corresponding proofs +- `VerifiablePresentation`, `Web3IdCredential`, and `VerifiableCredentialStatement` types for representing verifiable credentials and constructing + verifiable presentations for these. + - `VerifiablePresentationBuilder` has been added to ease the construction of `VerifiablePresentation`s of a given statement in the context of a verifiable credential. + +#### Walletconnect +- `WalletConnectSendTransactionParam`, `WalletConnectSignMessageParam`, and `WalletConnectRequestVerifiablePresentationParam` for decoding parameters received with walletconnect requests. +- `WalletConnectRequest` represents and decodes walletconnect request variants + #### GRPC client - `NodeClient.status` to query transaction status. diff --git a/Package.resolved b/Package.resolved index 563be78..8dbd53a 100644 --- a/Package.resolved +++ b/Package.resolved @@ -32,8 +32,8 @@ "kind" : "remoteSourceControl", "location" : "https://github.com/Concordium/concordium-wallet-crypto-swift.git", "state" : { - "revision" : "32e4c86bd6ad018ea381b0fffbb39520520e1985", - "version" : "4.1.0" + "revision" : "067a0288c7ed225ed47216c016ded0e1b43c8147", + "version" : "5.0.0" } }, { diff --git a/Package.swift b/Package.swift index b722331..58bd8a8 100644 --- a/Package.swift +++ b/Package.swift @@ -23,7 +23,7 @@ let package = Package( .package(url: "https://github.com/bisgardo/Hextension.git", from: "1.0.1"), overridableCryptoDependency( url: "https://github.com/Concordium/concordium-wallet-crypto-swift.git", - from: "4.1.0" + from: "5.0.0" ), ], targets: [ diff --git a/Sources/Concordium/Domain/Account.swift b/Sources/Concordium/Domain/Account.swift index 8ecfe0b..4b1bedf 100644 --- a/Sources/Concordium/Domain/Account.swift +++ b/Sources/Concordium/Domain/Account.swift @@ -61,7 +61,7 @@ public struct CredentialRegistrationID: Serialize, Deserialize, FromGRPC, ToGRPC /// Get the ``AccountAddress`` corresonding to the credential registration ID. public var accountAddress: AccountAddress { let hash = SHA256.hash(data: value) - return AccountAddress(Data(hash)) + return try! AccountAddress(Data(hash)) } public var hex: String { value.hex } @@ -95,7 +95,7 @@ public typealias SignatureThreshold = UInt8 public typealias RevocationThreshold = UInt8 /// Amount of uCCD. -public typealias MicroCCDAmount = UInt64 +public typealias MicroCCDAmount = ConcordiumWalletCrypto.MicroCCDAmount public typealias EncryptedAmount = Data @@ -171,7 +171,8 @@ public struct AccountAddress: Hashable, Serialize, Deserialize, ToGRPC, FromGRPC } /// Construct address directly from a 32-byte data buffer. - public init(_ data: Data) { + public init(_ data: Data) throws { + guard data.count == Self.SIZE else { throw ExactSizeError(actual: UInt(data.count), expected: UInt(Self.SIZE)) } self.data = data } @@ -187,15 +188,15 @@ public struct AccountAddress: Hashable, Serialize, Deserialize, ToGRPC, FromGRPC if version != Self.base58CheckVersion { throw GRPCError.unexpectedBase58CheckVersion(expected: Self.base58CheckVersion, actual: version) } - self.init(data) // excludes initial version byte + try self.init(data) // excludes initial version byte } public static func deserialize(_ data: inout Cursor) -> AccountAddress? { - data.read(num: SIZE).map { AccountAddress(Data($0)) } + try? data.read(num: SIZE).map { try AccountAddress(Data($0)) } } - static func fromGRPC(_ grpc: GRPC) -> Self { - .init(grpc.value) + static func fromGRPC(_ grpc: GRPC) throws -> Self { + try .init(grpc.value) } public func serializeInto(buffer: inout NIOCore.ByteBuffer) -> Int { @@ -405,7 +406,7 @@ extension VerifyKey: Codable { } } -extension VerifyKey: CustomStringConvertible { +extension ConcordiumWalletCrypto.VerifyKey: Swift.CustomStringConvertible { public var description: String { "\(key.hex)" } } @@ -426,7 +427,7 @@ extension Policy: FromGRPC { let attr = try UInt8(exactly: e.key) .flatMap { AttributeTag(rawValue: $0) } ?! GRPCError.valueOutOfBounds - res["\(attr)"] = String(data: e.value, encoding: .utf8) // TODO: correct to treat attribute value as UTF-8? + res[attr] = String(data: e.value, encoding: .utf8) // TODO: correct to treat attribute value as UTF-8? } ) } @@ -451,7 +452,7 @@ extension Policy: Codable { let createdAtYearMonth = try container.decode(String.self, forKey: .createdAt) let validToYearMonth = try container.decode(String.self, forKey: .validTo) - let revealedAttributes = try container.decode([String: String].self, forKey: .revealedAttributes) + let revealedAttributes = try container.decode([AttributeTag: String].self, forKey: .revealedAttributes) self.init(createdAtYearMonth: createdAtYearMonth, validToYearMonth: validToYearMonth, revealedAttributes: revealedAttributes) } @@ -918,6 +919,9 @@ extension CredentialType: FromGRPC { } } +/// Details of an account creation. These transactions are free, and we only +/// ever get a response for them if the account is created, hence no failure +/// cases. public struct AccountCreationDetails { /// Whether this is an initial or normal account. public let credentialType: CredentialType @@ -932,8 +936,25 @@ extension AccountCreationDetails: FromGRPC { static func fromGRPC(_ g: GRPC) throws -> AccountCreationDetails { let credentialType = try CredentialType.fromGRPC(g.credentialType) - let address = AccountAddress.fromGRPC(g.address) + let address = try AccountAddress.fromGRPC(g.address) let regId = try CredentialRegistrationID.fromGRPC(g.regID) return Self(credentialType: credentialType, address: address, regId: regId) } } + +/// Encryption keypair for an account, used to handle the encrypted amount associated with a specific account. +public typealias EncryptionKeys = ConcordiumWalletCrypto.EncryptionKeys + +/// Decrypt a single encrypted amount using the secret key corresponding to the public key used for the encryption. +public func decryptAmount(encryptedAmount: Data, encryptionSecretKey: Data) throws -> CCD { + let amount = try ConcordiumWalletCrypto.decryptAmount(encryptedAmount: encryptedAmount, encryptionSecretKey: encryptionSecretKey) + return CCD(microCCD: amount) +} + +/// Combine two encrypted amounts into one. +/// +/// This is only meaningful if both encrypted amounts are encrypted with the +/// same public key, otherwise the result is meaningless. +public func combineEncryptedAmounts(left: Data, right: Data) throws -> Data { + try ConcordiumWalletCrypto.combineEncryptedAmounts(left: left, right: right) +} diff --git a/Sources/Concordium/Domain/Events.swift b/Sources/Concordium/Domain/Events.swift index b7857a5..1be8cb2 100644 --- a/Sources/Concordium/Domain/Events.swift +++ b/Sources/Concordium/Domain/Events.swift @@ -17,7 +17,7 @@ extension AccountTransactionDetails: FromGRPC { static func fromGRPC(_ g: GRPC) throws -> AccountTransactionDetails { let cost = try CCD.fromGRPC(g.cost) - let sender = AccountAddress.fromGRPC(g.sender) + let sender = try AccountAddress.fromGRPC(g.sender) let effects = try AccountTransactionEffects.fromGRPC(g.effects) return Self(cost: cost, sender: sender, effects: effects) } @@ -101,7 +101,7 @@ extension AccountTransactionEffects: FromGRPC { case let .transferredWithSchedule(data): let schedule = try data.amount.map { try ScheduledTransfer.fromGRPC($0) } let memo = data.hasMemo ? try Memo.fromGRPC(data.memo) : nil - return .transferredWithSchedule(to: .fromGRPC(data.receiver), schedule: schedule, memo: memo) + return try .transferredWithSchedule(to: .fromGRPC(data.receiver), schedule: schedule, memo: memo) } } } @@ -155,8 +155,8 @@ public struct BakerKeysEvent { extension BakerKeysEvent: FromGRPC { typealias GRPC = Concordium_V2_BakerKeysEvent - static func fromGRPC(_ g: GRPC) -> BakerKeysEvent { - .init(bakerId: g.bakerID.value, account: .fromGRPC(g.account), signKey: g.signKey.value, electionKey: g.electionKey.value, aggregationKey: g.aggregationKey.value) + static func fromGRPC(_ g: GRPC) throws -> BakerKeysEvent { + try .init(bakerId: g.bakerID.value, account: .fromGRPC(g.account), signKey: g.signKey.value, electionKey: g.electionKey.value, aggregationKey: g.aggregationKey.value) } } @@ -192,7 +192,7 @@ extension BakerEvent: FromGRPC { case let .bakerStakeIncreased(data): return try .bakerStakeIncreased(bakerId: data.bakerID.value, newStake: .fromGRPC(data.newStake)) case let .bakerKeysUpdated(keys): - return .bakerSetKeys(.fromGRPC(keys)) + return try .bakerSetKeys(.fromGRPC(keys)) case let .bakerSetBakingRewardCommission(data): return .bakerSetBakingRewardCommission(bakerId: data.bakerID.value, commission: .fromGRPC(data.bakingRewardCommission)) case let .bakerSetFinalizationRewardCommission(data): @@ -371,7 +371,7 @@ extension RejectReason: FromGRPC { case let .duplicateCredIds(v): return try .duplicateCredIDs(contents: v.ids.map { try .fromGRPC($0) }) case let .encryptedAmountSelfTransfer(v): - return .encryptedAmountSelfTransfer(contents: .fromGRPC(v)) + return try .encryptedAmountSelfTransfer(contents: .fromGRPC(v)) case .finalizationRewardCommissionNotInRange: return .finalizationRewardCommissionNotInRange case .firstScheduledReleaseExpired: @@ -383,7 +383,7 @@ extension RejectReason: FromGRPC { case .insufficientDelegationStake: return .insufficientDelegationStake case let .invalidAccountReference(v): - return .invalidAccountReference(contents: .fromGRPC(v)) + return try .invalidAccountReference(contents: .fromGRPC(v)) case .invalidAccountThreshold: return .invalidAccountThreshold case let .invalidContractAddress(v): @@ -423,9 +423,9 @@ extension RejectReason: FromGRPC { case .nonIncreasingSchedule: return .nonIncreasingSchedule case let .notABaker(v): - return .notABaker(contents: .fromGRPC(v)) + return try .notABaker(contents: .fromGRPC(v)) case let .notADelegator(v): - return .notADelegator(contents: .fromGRPC(v)) + return try .notADelegator(contents: .fromGRPC(v)) case .notAllowedMultipleCredentials: return .notAllowedMultipleCredentials case .notAllowedToHandleEncrypted: @@ -447,7 +447,7 @@ extension RejectReason: FromGRPC { case .runtimeFailure: return .runtimeFailure case let .scheduledSelfTransfer(v): - return .scheduledSelfTransfer(contents: .fromGRPC(v)) + return try .scheduledSelfTransfer(contents: .fromGRPC(v)) case .serializationFailure: return .serializationFailure case .stakeOverMaximumThresholdForPool: @@ -535,6 +535,6 @@ extension EncryptedAmountRemovedEvent: FromGRPC { typealias GRPC = Concordium_V2_EncryptedAmountRemovedEvent static func fromGRPC(_ g: GRPC) throws -> EncryptedAmountRemovedEvent { - .init(account: .fromGRPC(g.account), newAmount: g.newAmount.value, inputAmount: g.inputAmount.value, upToIndex: g.upToIndex) + try .init(account: .fromGRPC(g.account), newAmount: g.newAmount.value, inputAmount: g.inputAmount.value, upToIndex: g.upToIndex) } } diff --git a/Sources/Concordium/Domain/Identity.swift b/Sources/Concordium/Domain/Identity.swift index b80fc02..c0c672c 100644 --- a/Sources/Concordium/Domain/Identity.swift +++ b/Sources/Concordium/Domain/Identity.swift @@ -43,7 +43,7 @@ extension AnonymityRevokerInfo: FromGRPC { } } -extension IdentityObject: Decodable { +extension ConcordiumWalletCrypto.IdentityObject: Swift.Decodable { enum CodingKeys: CodingKey { case preIdentityObject case attributeList @@ -60,7 +60,7 @@ extension IdentityObject: Decodable { } } -extension PreIdentityObject: Decodable { +extension ConcordiumWalletCrypto.PreIdentityObject: Swift.Decodable { enum CodingKeys: CodingKey { case idCredPub case ipArData @@ -90,7 +90,7 @@ extension PreIdentityObject: Decodable { } } -extension AnonymityRevokerData: Decodable { +extension ConcordiumWalletCrypto.ArData: Swift.Decodable { enum CodingKeys: CodingKey { case encPrfKeyShare case proofComEncEq @@ -105,7 +105,7 @@ extension AnonymityRevokerData: Decodable { } } -extension ChoiceArParameters: Decodable { +extension ConcordiumWalletCrypto.ChoiceArParameters: Swift.Decodable { enum CodingKeys: CodingKey { case arIdentities case threshold @@ -120,7 +120,7 @@ extension ChoiceArParameters: Decodable { } } -extension AttributeList: Decodable { +extension ConcordiumWalletCrypto.AttributeList: Swift.Decodable { enum CodingKeys: CodingKey { case validTo case createdAt @@ -134,7 +134,7 @@ extension AttributeList: Decodable { validToYearMonth: container.decode(String.self, forKey: .validTo), createdAtYearMonth: container.decode(String.self, forKey: .createdAt), maxAccounts: container.decode(UInt8.self, forKey: .maxAccounts), - chosenAttributes: container.decode([String: String].self, forKey: .chosenAttributes) + chosenAttributes: container.decode([AttributeTag: String].self, forKey: .chosenAttributes) ) } } @@ -145,7 +145,7 @@ extension Description: FromGRPC { } } -extension Description: Decodable { +extension ConcordiumWalletCrypto.Description: Swift.Decodable { /// Fields used in Wallet Proxy response. enum CodingKeys: CodingKey { case name @@ -283,55 +283,40 @@ public struct IdentityRecoveryError: Decodable, Error { /// Use the appropriate initializer of this type to convert it. /// All attribute values are strings of 31 bytes or less. The expected format of the values is documented /// [here](https://docs.google.com/spreadsheets/d/1CxpFvtAoUcylHQyeBtRBaRt1zsibtpmQOVsk7bsHPGA/edit). -public enum AttributeTag: UInt8, CustomStringConvertible, CaseIterable { - /// First name (format: string up to 31 bytes). - case firstName = 0 - /// Last name (format: string up to 31 bytes). - case lastName = 1 - /// Sex (format: ISO/IEC 5218). - case sex = 2 - /// Date of birth (format: ISO8601 YYYYMMDD). - case dateOfBirth = 3 - /// Country of residence (format: ISO3166-1 alpha-2). - case countryOfResidence = 4 - /// Country of nationality (format: ISO3166-1 alpha-2). - case nationality = 5 - /// Identity document type - /// - /// Format: - /// - 0 : na - /// - 1 : passport - /// - 2 : national ID card - /// - 3 : driving license - /// - 4 : immigration card - /// - eID string (see below) - /// - /// eID strings as of Apr 2024: - /// - DK:MITID : Danish MitId - /// - SE:BANKID : Swedish BankID - /// - NO:BANKID : Norwegian BankID - /// - NO:VIPPS : Norwegian Vipps - /// - FI:TRUSTNETWORK : Finnish Trust Network - /// - NL:DIGID : Netherlands DigiD - /// - NL:IDIN : Netherlands iDIN - /// - BE:EID : Belgian eID - /// - ITSME : (Cross-national) ItsME - /// - SOFORT : (Cross-national) Sofort - case idDocType = 6 - /// Identity document number (format: string up to 31 bytes). - case idDocNo = 7 - /// Identity document issuer (format: ISO3166-1 alpha-2 or ISO3166-2 if applicable). - case idDocIssuer = 8 - /// Time from which the ID is valid (format: ISO8601 YYYYMMDD). - case idDocIssuedAt = 9 - /// Time to which the ID is valid (format: ISO8601 YYYYMMDD). - case idDocExpiresAt = 10 - /// National ID number (format: string up to 31 bytes). - case nationalIdNo = 11 - /// Tax ID number (format: string up to 31 bytes). - case taxIdNo = 12 - /// LEI-code - companies only (format: ISO17442). - case legalEntityId = 13 +public typealias AttributeTag = ConcordiumWalletCrypto.AttributeTag + +extension ConcordiumWalletCrypto.AttributeTag: Swift.CustomStringConvertible, Swift.CaseIterable, Swift.CodingKeyRepresentable { + public enum CodingKeys: CodingKey { + case firstName + case lastName + case sex + case dob + case countryOfResidence + case nationality + case idDocType + case idDocNo + case idDocIssuer + case idDocIssuedAt + case idDocExpiresAt + case nationalIdNo + case taxIdNo + case lei + case legalName + case legalCountry + case businessNumber + case registrationAuth + } + + public var codingKey: any CodingKey { + CodingKeys(stringValue: description)! + } + + public init?(codingKey: T) where T: CodingKey { + guard let value = Self(codingKey.stringValue) else { return nil } + self = value + } + + public static var allCases: [AttributeTag] = [.firstName, .lastName, .sex, .dateOfBirth, .countryOfResidence, .nationality, .idDocType, .idDocNo, .idDocIssuer, .idDocIssuedAt, .idDocExpiresAt, .nationalIdNo, .taxIdNo, .legalEntityId, .legalName, .legalCountry, .businessNumber, .registrationAuth] public init?(_ description: String) { switch description { @@ -349,6 +334,34 @@ public enum AttributeTag: UInt8, CustomStringConvertible, CaseIterable { case "nationalIdNo": self = .nationalIdNo case "taxIdNo": self = .taxIdNo case "lei": self = .legalEntityId + case "legalName": self = .legalName + case "legalCountry": self = .legalCountry + case "businessNumber": self = .businessNumber + case "registrationAuth": self = .registrationAuth + default: return nil + } + } + + init?(rawValue: UInt8) { + switch rawValue { + case 0: self = .firstName + case 1: self = .lastName + case 2: self = .sex + case 3: self = .dateOfBirth + case 4: self = .countryOfResidence + case 5: self = .nationality + case 6: self = .idDocType + case 7: self = .idDocNo + case 8: self = .idDocIssuer + case 9: self = .idDocIssuedAt + case 10: self = .idDocExpiresAt + case 11: self = .nationalIdNo + case 12: self = .taxIdNo + case 13: self = .legalEntityId + case 14: self = .legalName + case 15: self = .legalCountry + case 16: self = .businessNumber + case 17: self = .registrationAuth default: return nil } } @@ -369,8 +382,48 @@ public enum AttributeTag: UInt8, CustomStringConvertible, CaseIterable { case .nationalIdNo: return "nationalIdNo" case .taxIdNo: return "taxIdNo" case .legalEntityId: return "lei" + case .legalName: return "legalName" + case .legalCountry: return "legalCountry" + case .businessNumber: return "businessNumber" + case .registrationAuth: return "registrationAuth" } } + + public var rawValue: UInt8 { + switch self { + case .firstName: return 0 + case .lastName: return 1 + case .sex: return 2 + case .dateOfBirth: return 3 + case .countryOfResidence: return 4 + case .nationality: return 5 + case .idDocType: return 6 + case .idDocNo: return 7 + case .idDocIssuer: return 8 + case .idDocIssuedAt: return 9 + case .idDocExpiresAt: return 10 + case .nationalIdNo: return 11 + case .taxIdNo: return 12 + case .legalEntityId: return 13 + case .legalName: return 14 + case .legalCountry: return 15 + case .businessNumber: return 16 + case .registrationAuth: return 17 + } + } +} + +extension AttributeTag: Codable { + public init(from decoder: any Decoder) throws { + let container = try decoder.singleValueContainer() + let value = try container.decode(String.self) + self = try .init(value) ?! DecodingError.dataCorruptedError(in: container, debugDescription: "Unexpected value \(value) when decoding 'AttributeTag'") + } + + public func encode(to encoder: any Encoder) throws { + var container = encoder.singleValueContainer() + try container.encode(description) + } } public typealias AccountCredential = ConcordiumWalletCrypto.AccountCredential diff --git a/Sources/Concordium/Domain/Queries.swift b/Sources/Concordium/Domain/Queries.swift index 188cbf2..6787310 100644 --- a/Sources/Concordium/Domain/Queries.swift +++ b/Sources/Concordium/Domain/Queries.swift @@ -14,6 +14,22 @@ extension CryptographicParameters: FromGRPC { } } +extension ConcordiumWalletCrypto.GlobalContext: Swift.Decodable { + private enum CodingKeys: CodingKey { + case onChainCommitmentKey + case bulletproofGenerators + case genesisString + } + + public init(from decoder: any Decoder) throws { + let container = try decoder.container(keyedBy: CodingKeys.self) + let key = try Data(hex: container.decode(String.self, forKey: .onChainCommitmentKey)) + let gen = try Data(hex: container.decode(String.self, forKey: .bulletproofGenerators)) + let genesisString = try container.decode(String.self, forKey: .genesisString) + self = .init(onChainCommitmentKey: key, bulletproofGenerators: gen, genesisString: genesisString) + } +} + /// Describes the possible status variants of a transaction submitted to a node. public enum TransactionStatus { case received @@ -1002,7 +1018,7 @@ extension Baker: FromGRPC { typealias GRPC = Concordium_V2_ElectionInfo.Baker static func fromGRPC(_ g: GRPC) throws -> Baker { - Self(bakerId: g.baker.value, bakerLotteryPower: g.lotteryPower, bakerAccount: .fromGRPC(g.account)) + try Self(bakerId: g.baker.value, bakerLotteryPower: g.lotteryPower, bakerAccount: .fromGRPC(g.account)) } } diff --git a/Sources/Concordium/Domain/Transaction.swift b/Sources/Concordium/Domain/Transaction.swift index 26cc284..c5af286 100644 --- a/Sources/Concordium/Domain/Transaction.swift +++ b/Sources/Concordium/Domain/Transaction.swift @@ -545,7 +545,7 @@ public struct SecToPubTransferData: Equatable { init(fromCryptoType cryptoType: ConcordiumWalletCrypto.SecToPubTransferData) { remainingAmount = cryptoType.remainingAmount - transferAmount = CCD(microCCD: MicroCCDAmount(cryptoType.transferAmount)!) + transferAmount = CCD(microCCD: cryptoType.transferAmount) index = cryptoType.index proof = cryptoType.proof } diff --git a/Sources/Concordium/Domain/Types.swift b/Sources/Concordium/Domain/Types.swift index cff0a66..58934a0 100644 --- a/Sources/Concordium/Domain/Types.swift +++ b/Sources/Concordium/Domain/Types.swift @@ -2,6 +2,41 @@ import ConcordiumWalletCrypto import Foundation import NIO +/// Describes the official public networks available for the concordium blockchain +public typealias Network = ConcordiumWalletCrypto.Network + +extension ConcordiumWalletCrypto.Network: Swift.Codable { + private enum JSON: String, Codable { + case mainnet + case testnet + } + + public func encode(to encoder: any Encoder) throws { + var container = encoder.singleValueContainer() + switch self { + case .mainnet: try container.encode(JSON.mainnet) + case .testnet: try container.encode(JSON.testnet) + } + } + + public init(from decoder: any Decoder) throws { + var container = try decoder.unkeyedContainer() + let value = try container.decode(JSON.self) + switch value { + case .testnet: self = .testnet + case .mainnet: self = .mainnet + } + } + + public init?(rawValue: String) { + switch rawValue { + case JSON.mainnet.rawValue: self = .mainnet + case JSON.testnet.rawValue: self = .testnet + default: return nil + } + } +} + /// Energy is used to count exact execution cost. /// This cost is then converted to CCD amounts. public typealias Energy = UInt64 @@ -377,15 +412,9 @@ extension ScheduledTransfer: FromGRPC { } /// Represents a contract address on chain -public struct ContractAddress: Serialize, Deserialize, Equatable, FromGRPC, ToGRPC, Codable { - public var index: UInt64 - public var subindex: UInt64 - - public init(index: UInt64, subindex: UInt64) { - self.index = index - self.subindex = subindex - } +public typealias ContractAddress = ConcordiumWalletCrypto.ContractAddress +extension ContractAddress: Serialize, Deserialize, FromGRPC, ToGRPC { public func serializeInto(buffer: inout NIOCore.ByteBuffer) -> Int { buffer.writeInteger(index) + buffer.writeInteger(subindex) } @@ -408,7 +437,24 @@ public struct ContractAddress: Serialize, Deserialize, Equatable, FromGRPC, ToGR } } -extension ContractAddress: CustomStringConvertible { +extension ConcordiumWalletCrypto.ContractAddress: Swift.Codable { + public func encode(to encoder: any Encoder) throws { + try JSON(index: index, subindex: subindex).encode(to: encoder) + } + + public init(from decoder: any Decoder) throws { + let container = try decoder.singleValueContainer() + let value = try container.decode(JSON.self) + self = .init(index: value.index, subindex: value.subindex) + } + + struct JSON: Codable { + var index: UInt64 + var subindex: UInt64 + } +} + +extension ConcordiumWalletCrypto.ContractAddress: Swift.CustomStringConvertible { public var description: String { "<\(index),\(subindex)>" } @@ -540,6 +586,7 @@ extension CredentialDeploymentInfo: Codable { } } +/// Represents a set of baker key pairs needed to bake blocks public typealias BakerKeyPairs = ConcordiumWalletCrypto.BakerKeyPairs public extension BakerKeyPairs { @@ -549,6 +596,42 @@ public extension BakerKeyPairs { } } +extension BakerKeyPairs: Codable { + private struct JSON: Codable { + let signatureSignKey: String + let signatureVerifyKey: String + let electionPrivateKey: String + let electionVerifyKey: String + let aggregationSignKey: String + let aggregationVerifyKey: String + } + + public func encode(to encoder: any Encoder) throws { + var container = encoder.singleValueContainer() + try container.encode(JSON( + signatureSignKey: signatureSign.hex, + signatureVerifyKey: signatureVerify.hex, + electionPrivateKey: electionSign.hex, + electionVerifyKey: electionVerify.hex, + aggregationSignKey: aggregationSign.hex, + aggregationVerifyKey: aggregationVerify.hex + )) + } + + public init(from decoder: any Decoder) throws { + let container = try decoder.singleValueContainer() + let json = try container.decode(JSON.self) + self = try .init( + signatureSign: Data(hex: json.signatureSignKey), + signatureVerify: Data(hex: json.signatureSignKey), + electionSign: Data(hex: json.signatureSignKey), + electionVerify: Data(hex: json.signatureSignKey), + aggregationSign: Data(hex: json.signatureSignKey), + aggregationVerify: Data(hex: json.signatureSignKey) + ) + } +} + /// Represents a protocol version of a Concordium blockchain public enum ProtocolVersion: FromGRPC { case p1 // = 0 @@ -581,14 +664,20 @@ public enum ProtocolVersion: FromGRPC { } } +/// Represents a chain slot in which a block can be included public typealias Slot = UInt64 +/// Represents a chain round public typealias Round = UInt64 +/// Represents a chain epoch public typealias Epoch = UInt64 +/// Represents a genesis index, i.e. the number of protocol updates (re-gensisis') that has happened since the start of the chain public typealias GenesisIndex = UInt32 /// Represents either an account or contract address public enum Address { + /// An account address case account(_ address: AccountAddress) + /// A contract address case contract(_ address: ContractAddress) } @@ -598,7 +687,7 @@ extension Address: FromGRPC, ToGRPC { static func fromGRPC(_ g: GRPC) throws -> Address { let address = try g.type ?! GRPCError.missingRequiredValue("type") switch address { - case let .account(v): return .account(.fromGRPC(v)) + case let .account(v): return try .account(.fromGRPC(v)) case let .contract(v): return .contract(.fromGRPC(v)) } } @@ -614,3 +703,41 @@ extension Address: FromGRPC, ToGRPC { return g } } + +/// Represents arbitrary versioned values +public struct Versioned { + /// The version of the value + public var version: UInt32 + /// The inner value + public var value: V + + private enum CodingKeys: CodingKey { + case v + case value + } + + public init(version: UInt32, value: V) { + self.version = version + self.value = value + } +} + +extension Versioned: Equatable where V: Equatable {} + +extension Versioned: Decodable where V: Decodable { + public init(from decoder: Decoder) throws { + let container = try decoder.container(keyedBy: CodingKeys.self) + try self.init( + version: container.decode(UInt32.self, forKey: .v), + value: container.decode(V.self, forKey: .value) + ) + } +} + +extension Versioned: Encodable where V: Encodable { + public func encode(to encoder: any Encoder) throws { + var container = encoder.container(keyedBy: CodingKeys.self) + try container.encode(version, forKey: .v) + try container.encode(value, forKey: .value) + } +} diff --git a/Sources/Concordium/Domain/Versioned.swift b/Sources/Concordium/Domain/Versioned.swift deleted file mode 100644 index 0754d3c..0000000 --- a/Sources/Concordium/Domain/Versioned.swift +++ /dev/null @@ -1,26 +0,0 @@ -import Foundation - -public struct Versioned { - public var version: UInt32 - public var value: V - - public init(version: UInt32, value: V) { - self.version = version - self.value = value - } -} - -extension Versioned: Decodable where V: Decodable { - enum CodingKeys: CodingKey { - case v - case value - } - - public init(from decoder: Decoder) throws { - let container = try decoder.container(keyedBy: CodingKeys.self) - try self.init( - version: container.decode(UInt32.self, forKey: .v), - value: container.decode(V.self, forKey: .value) - ) - } -} diff --git a/Sources/Concordium/GRPC/NodeClient.swift b/Sources/Concordium/GRPC/NodeClient.swift index f646aa4..7a18101 100644 --- a/Sources/Concordium/GRPC/NodeClient.swift +++ b/Sources/Concordium/GRPC/NodeClient.swift @@ -40,9 +40,9 @@ public protocol NodeClient { func anonymityRevokers(block: BlockIdentifier) -> AsyncThrowingStream /// Get the next account sequence number for the account func nextAccountSequenceNumber(address: AccountAddress) async throws -> NextAccountSequenceNumber - /// Get the account info for an account + /// Get the ``AccountInfo`` for an account func info(account: AccountIdentifier, block: BlockIdentifier) async throws -> AccountInfo - /// Get the account info for a block + /// Get the ``BlockInfo`` for a block func info(block: BlockIdentifier) async throws -> BlockInfo /// Submit a transaction to the node func send(transaction: SignedAccountTransaction) async throws -> SubmittedTransaction diff --git a/Sources/Concordium/Integration/WalletConnect.swift b/Sources/Concordium/Integration/WalletConnect.swift index 6a95522..14b9d6d 100644 --- a/Sources/Concordium/Integration/WalletConnect.swift +++ b/Sources/Concordium/Integration/WalletConnect.swift @@ -172,27 +172,130 @@ extension WalletConnectSendTransactionParam: Decodable { /// Describes parameter supplied to a walletconnect "sign_message" request /// as produced by the NPM package `@concordium/wallet-connectors` -public enum WalletConnectSignMessageParam { +public enum WalletConnectSignMessageParam: Equatable { case string(message: String) - case binary(message: Data, schema: Data) + case binary(data: Data, schema: Data) } extension WalletConnectSignMessageParam: Decodable { private enum CodingKeys: String, CodingKey { case message - case schema + } + + private struct DataJSON: Decodable { + /// Hex + let data: String + /// Hex + let schema: String } public init(from decoder: any Decoder) throws { let container = try decoder.container(keyedBy: Self.CodingKeys.self) - let message = try container.decode(String.self, forKey: .message) - let schema = try container.decodeIfPresent(String.self, forKey: .schema).map { try Data(hex: $0) } - - if let schema = schema { - let binaryMessage = try Data(hex: message) ?! DecodingError.dataCorruptedError(forKey: Self.CodingKeys.message, in: container, debugDescription: "Expected message to be a hex string") - self = .binary(message: binaryMessage, schema: schema) - } else { + if let message = try? container.decode(String.self, forKey: .message) { self = .string(message: message) + return + } + + let message = try container.decode(DataJSON.self, forKey: .message) ?! DecodingError.dataCorruptedError(forKey: .message, in: container, debugDescription: "Expected either 'String' or '{data: String, schema: String}'") + self = try .binary(data: Data(hex: message.data), schema: Data(hex: message.schema)) + } +} + +/// Describes parameter supplied to a walletconnect "sign_message" request +/// as produced by the NPM package `@concordium/wallet-connectors` +public struct WalletConnectRequestVerifiablePresentationParam: Decodable, Equatable { + /// The challenge to use for the ``VerifiablePresentation`` + public let challenge: Data + /// The list of statements to prove + public let credentialStatements: [CredentialStatement] + + private struct JSON: Decodable { + /// Hex + let challenge: String + let credentialStatements: [CredentialStatement] + } + + /// The statements to prove with associated issuer restrictions + public enum CredentialStatement: Equatable { + /// An account statement request + case account(issuers: [UInt32], statement: [AtomicIdentityStatement]) + /// A Web3 ID statement request + case web3id(issuers: [ContractAddress], statement: [AtomicWeb3IdStatement]) + } + + init(challenge: Data, credentialStatements: [CredentialStatement]) { + self.challenge = challenge + self.credentialStatements = credentialStatements + } + + public init(from decoder: any Decoder) throws { + let container = try decoder.singleValueContainer() + let json = try container.decode(JSON.self) + + self = try .init(challenge: Data(hex: json.challenge), credentialStatements: json.credentialStatements) + } +} + +extension WalletConnectRequestVerifiablePresentationParam.CredentialStatement: Decodable { + private enum TypeValue: String, Codable { + case sci + case cred + } + + private enum NestedKeys: CodingKey { + case type + case issuers + } + + private enum CodingKeys: CodingKey { + case idQualifier + case statement + } + + public init(from decoder: any Decoder) throws { + let container = try decoder.container(keyedBy: CodingKeys.self) + let nested = try container.nestedContainer(keyedBy: NestedKeys.self, forKey: .idQualifier) + let type = try nested.decode(TypeValue.self, forKey: .type) + switch type { + case .cred: + let issuers = try nested.decode([UInt32].self, forKey: .issuers) + let statement = try container.decode([AtomicIdentityStatement].self, forKey: .statement) + self = .account(issuers: issuers, statement: statement) + case .sci: + let issuers = try nested.decode([ContractAddress].self, forKey: .issuers) + let statement = try container.decode([AtomicWeb3IdStatement].self, forKey: .statement) + self = .web3id(issuers: issuers, statement: statement) + } + } +} + +/// Describes wallet connect requests commonly supported +/// as produced by the NPM package `@concordium/wallet-connectors` +public enum WalletConnectRequest: Equatable { + case signMessage(param: WalletConnectSignMessageParam) + case sendTransaction(param: WalletConnectSendTransactionParam) + case requestVerifiableCredential(param: WalletConnectRequestVerifiablePresentationParam) +} + +extension WalletConnectRequest: Decodable { + public enum Method: String, Codable { + case signAndSendTransaction = "sign_and_send_transaction" + case signMessage = "sign_message" + case requestVerifiablePresentation = "request_verifiable_presentation" + } + + private enum CodingKeys: CodingKey { + case method + case params + } + + public init(from decoder: any Decoder) throws { + let container = try decoder.container(keyedBy: CodingKeys.self) + let method = try container.decode(Method.self, forKey: .method) + switch method { + case .signMessage: self = try .signMessage(param: container.decode(WalletConnectSignMessageParam.self, forKey: .params)) + case .signAndSendTransaction: self = try .sendTransaction(param: container.decode(WalletConnectSendTransactionParam.self, forKey: .params)) + case .requestVerifiablePresentation: self = try .requestVerifiableCredential(param: container.decode(WalletConnectRequestVerifiablePresentationParam.self, forKey: .params)) } } } diff --git a/Sources/Concordium/Proofs/Id.swift b/Sources/Concordium/Proofs/Id.swift new file mode 100644 index 0000000..ff3c19b --- /dev/null +++ b/Sources/Concordium/Proofs/Id.swift @@ -0,0 +1,384 @@ +import ConcordiumWalletCrypto +import Foundation + +/// This is only used internally to deduplicate `Codable` implementations +enum AtomicStatement: Equatable { + /// For the case where the verifier wants the user to show the value of an + /// attribute and prove that it is indeed the value inside the on-chain + /// commitment. Since the verifier does not know the attribute value before + /// seing the proof, the value is not present here. + case revealAttribute(attributeTag: Tag) + /// For the case where the verifier wants the user to prove that an attribute is + /// in a set of attributes. + case attributeInSet(attributeTag: Tag, set: [Value]) + /// For the case where the verifier wants the user to prove that an attribute is + /// not in a set of attributes. + case attributeNotInSet(attributeTag: Tag, set: [Value]) + /// For the case where the verifier wants the user to prove that an attribute is + /// in a range. The statement is that the attribute value lies in `[lower, + /// upper)` in the scalar field. + case attributeInRange(attributeTag: Tag, lower: Value, upper: Value) +} + +extension AtomicStatement: Codable where Tag: Codable, Value: Codable { + enum TypeValue: String { + case revealAttribute = "RevealAttribute" + case attributeInSet = "AttributeInSet" + case attributeNotInSet = "AttributeNotInSet" + case attributeInRange = "AttributeInRange" + } + + enum CodingKeys: CodingKey { + case type + case attributeTag + case set + case lower + case upper + } + + var type: String { + switch self { + case .revealAttribute: return TypeValue.revealAttribute.rawValue + case .attributeInSet: return TypeValue.attributeInSet.rawValue + case .attributeNotInSet: return TypeValue.attributeNotInSet.rawValue + case .attributeInRange: return TypeValue.attributeInRange.rawValue + } + } + + init(from decoder: any Decoder) throws { + let container = try decoder.container(keyedBy: CodingKeys.self) + let type = try container.decode(String.self, forKey: .type) + let attributeTag = try container.decode(Tag.self, forKey: .attributeTag) + + switch type { + case TypeValue.revealAttribute.rawValue: + self = .revealAttribute(attributeTag: attributeTag) + case TypeValue.attributeInSet.rawValue: + let set = try container.decode([Value].self, forKey: .set) + self = .attributeInSet(attributeTag: attributeTag, set: set) + case TypeValue.attributeNotInSet.rawValue: + let set = try container.decode([Value].self, forKey: .set) + self = .attributeNotInSet(attributeTag: attributeTag, set: set) + case TypeValue.attributeInRange.rawValue: + let lower = try container.decode(Value.self, forKey: .lower) + let upper = try container.decode(Value.self, forKey: .upper) + self = .attributeInRange(attributeTag: attributeTag, lower: lower, upper: upper) + default: + throw DecodingError.typeMismatch(String.self, DecodingError.Context(codingPath: decoder.codingPath, debugDescription: "Unexpected value found for 'type'")) + } + } + + func encode(to encoder: any Encoder) throws { + var container = encoder.container(keyedBy: CodingKeys.self) + try container.encode(type, forKey: .type) + + switch self { + case let .revealAttribute(attributeTag): + try container.encode(attributeTag, forKey: .attributeTag) + case let .attributeInSet(attributeTag, set): + try container.encode(attributeTag, forKey: .attributeTag) + try container.encode(set, forKey: .set) + case let .attributeNotInSet(attributeTag, set): + try container.encode(attributeTag, forKey: .attributeTag) + try container.encode(set, forKey: .set) + case let .attributeInRange(attributeTag, lower, upper): + try container.encode(attributeTag, forKey: .attributeTag) + try container.encode(lower, forKey: .lower) + try container.encode(upper, forKey: .upper) + } + } +} + +/** + * For the case where the verifier wants the user to show the value of an + * attribute and prove that it is indeed the value inside the on-chain + * commitment. Since the verifier does not know the attribute value before + * seing the proof, the value is not present here. + */ +public typealias RevealAttributeIdentityStatement = ConcordiumWalletCrypto.RevealAttributeIdentityStatement +/** + * For the case where the verifier wants the user to prove that an attribute is + * in a set of attributes. + */ +public typealias AttributeInSetIdentityStatement = ConcordiumWalletCrypto.AttributeInSetIdentityStatement +/** + * For the case where the verifier wants the user to prove that an attribute is + * not in a set of attributes. + */ +public typealias AttributeNotInSetIdentityStatement = ConcordiumWalletCrypto.AttributeNotInSetIdentityStatement +/** + * For the case where the verifier wants the user to prove that an attribute is + * in a range. The statement is that the attribute value lies in `[lower, + * upper)` in the scalar field. + */ +public typealias AttributeInRangeIdentityStatement = ConcordiumWalletCrypto.AttributeInRangeIdentityStatement +/// Statements are composed of one or more atomic statements. +/// This type defines the different types of atomic statements. +public typealias AtomicIdentityStatement = ConcordiumWalletCrypto.AtomicIdentityStatement + +extension AtomicIdentityStatement { + /// Used internally to convert from SDK type to crypto lib input + init(sdkType: AtomicStatement) { + switch sdkType { + case let .revealAttribute(attributeTag): + self = .revealAttribute(statement: RevealAttributeIdentityStatement(attributeTag: attributeTag)) + case let .attributeInSet(attributeTag, set): + self = .attributeInSet(statement: AttributeInSetIdentityStatement(attributeTag: attributeTag, set: set)) + case let .attributeNotInSet(attributeTag, set): + self = .attributeNotInSet(statement: AttributeNotInSetIdentityStatement(attributeTag: attributeTag, set: set)) + case let .attributeInRange(attributeTag, lower, upper): + self = .attributeInRange(statement: AttributeInRangeIdentityStatement(attributeTag: attributeTag, lower: lower, upper: upper)) + } + } + + /// Used internally to convert from crypto lib outpub type to SDK type + func toSDK() -> AtomicStatement { + switch self { + case let .revealAttribute(statement): return .revealAttribute(attributeTag: statement.attributeTag) + case let .attributeInSet(statement): return .attributeInSet(attributeTag: statement.attributeTag, set: statement.set) + case let .attributeNotInSet(statement): return .attributeNotInSet(attributeTag: statement.attributeTag, set: statement.set) + case let .attributeInRange(statement): return .attributeInRange(attributeTag: statement.attributeTag, lower: statement.lower, upper: statement.upper) + } + } + + /// The attribute tag the statement describes + public var attributeTag: AttributeTag { + switch self { + case let .revealAttribute(statement): return statement.attributeTag + case let .attributeInSet(statement): return statement.attributeTag + case let .attributeNotInSet(statement): return statement.attributeTag + case let .attributeInRange(statement): return statement.attributeTag + } + } + + /// Checks that a value can be proven for the atomic statement. + public func checkValue(value: String) -> Bool { + switch self { + case .revealAttribute: return true + case let .attributeInSet(statement): return statement.set.contains(value) + case let .attributeNotInSet(statement): return !statement.set.contains(value) + case let .attributeInRange(statement): return statement.lower <= value && value < statement.upper + } + } +} + +extension ConcordiumWalletCrypto.AtomicIdentityStatement: Swift.Codable { + public func encode(to encoder: any Encoder) throws { + var container = encoder.singleValueContainer() + try container.encode(toSDK()) + } + + public init(from decoder: any Decoder) throws { + let container = try decoder.singleValueContainer() + self = try .init(sdkType: container.decode(AtomicStatement.self)) + } +} + +/** + * A statement is a list of atomic statements. + */ +public typealias IdentityStatement = ConcordiumWalletCrypto.IdentityStatement + +public extension IdentityStatement { + /// Construct a proof corresponding to the statement for the identity in the given context + /// - Parameters: + /// - wallet: The wallet to use when constructing the proof + /// - global: The cryptographic parameters of the chain + /// - credentialIndices: The indices used in the wallet seed for the credential used for the for the proof of identity + /// - identityObject: The identity object corresponding to the identity the statement should be proven for + /// - challenge: A challenge used, which is needed when verifying the proof + /// + /// - Throws: If the proof could not be successfully constructed given the context + /// - Returns: A (versioned) proof of the statement for the identity in the given context + func prove( + wallet: WalletSeed, + global: CryptographicParameters, + credentialIndices: AccountCredentialSeedIndexes, + identityObject: IdentityObject, + challenge: Data + ) throws -> VersionedIdentityProof { + try proveIdentityStatement( + seed: wallet.seed, + net: wallet.network, + globalContext: global, + ipIndex: credentialIndices.identity.providerID, + identityIndex: credentialIndices.identity.index, + credentialIndex: credentialIndices.counter, + identityObject: identityObject, + statement: self, + challenge: challenge + ) + } +} + +extension IdentityStatement: Codable { + private typealias JSON = [AtomicIdentityStatement] + + public init(from decoder: any Decoder) throws { + let container = try decoder.singleValueContainer() + let statements = try container.decode(JSON.self) + self = Self(statements: statements) + } + + public func encode(to encoder: any Encoder) throws { + var container = encoder.singleValueContainer() + try container.encode(statements) + } +} + +/// This is only used internally to deduplicate `Codable` implementations +enum AtomicProof: Equatable { + /// Revealing an attribute and a proof that it equals the attribute value + /// inside the attribute commitment. + case revealAttribute(attribute: Value, proof: Data) + /// A proof that an attribute is in a set + case attributeInSet(proof: Data) + /// A proof that an attribute is not in a set + case attributeNotInSet(proof: Data) + /// A proof that an attribute is in a range + case attributeInRange(proof: Data) +} + +extension AtomicProof: Codable where Value: Codable { + enum TypeValue: String { + case revealAttribute = "RevealAttribute" + case attributeInSet = "AttributeInSet" + case attributeNotInSet = "AttributeNotInSet" + case attributeInRange = "AttributeInRange" + } + + enum CodingKeys: CodingKey { + case type + case attribute + case proof + } + + var type: String { + switch self { + case .revealAttribute: return TypeValue.revealAttribute.rawValue + case .attributeInSet: return TypeValue.attributeInSet.rawValue + case .attributeNotInSet: return TypeValue.attributeNotInSet.rawValue + case .attributeInRange: return TypeValue.attributeInRange.rawValue + } + } + + init(from decoder: any Decoder) throws { + let container = try decoder.container(keyedBy: CodingKeys.self) + let type = try container.decode(String.self, forKey: .type) + let proof = try Data(hex: container.decode(String.self, forKey: .proof)) + + switch type { + case TypeValue.revealAttribute.rawValue: + let attribute = try container.decode(Value.self, forKey: .attribute) + self = .revealAttribute(attribute: attribute, proof: proof) + case TypeValue.attributeInSet.rawValue: + self = .attributeInSet(proof: proof) + case TypeValue.attributeNotInSet.rawValue: + self = .attributeNotInSet(proof: proof) + case TypeValue.attributeInRange.rawValue: + self = .attributeInRange(proof: proof) + default: + throw DecodingError.typeMismatch(String.self, DecodingError.Context(codingPath: decoder.codingPath, debugDescription: "Unexpected value found for 'type'")) + } + } + + func encode(to encoder: any Encoder) throws { + var container = encoder.container(keyedBy: CodingKeys.self) + try container.encode(type, forKey: .type) + + switch self { + case let .revealAttribute(attribute, proof): + try container.encode(attribute, forKey: .attribute) + try container.encode(proof.hex, forKey: .proof) + case let .attributeInSet(proof): + try container.encode(proof.hex, forKey: .proof) + case let .attributeNotInSet(proof): + try container.encode(proof.hex, forKey: .proof) + case let .attributeInRange(proof): + try container.encode(proof.hex, forKey: .proof) + } + } +} + +/// The different types of proofs, corresponding to the statements above. +public typealias AtomicIdentityProof = ConcordiumWalletCrypto.AtomicIdentityProof + +extension AtomicIdentityProof { + /// Used internally to convert from SDK type to crypto lib input + init(sdkType: AtomicProof) { + switch sdkType { + case let .revealAttribute(attribute, proof): + self = .revealAttribute(attribute: attribute, proof: proof) + case let .attributeInSet(proof): + self = .attributeInSet(proof: proof) + case let .attributeNotInSet(proof): + self = .attributeNotInSet(proof: proof) + case let .attributeInRange(proof): + self = .attributeInRange(proof: proof) + } + } + + /// Used internally to convert from crypto lib outpub type to SDK type + func toSDK() -> AtomicProof { + switch self { + case let .revealAttribute(attribute, proof): return .revealAttribute(attribute: attribute, proof: proof) + case let .attributeInSet(proof): return .attributeInSet(proof: proof) + case let .attributeNotInSet(proof): return .attributeNotInSet(proof: proof) + case let .attributeInRange(proof): return .attributeInRange(proof: proof) + } + } +} + +extension ConcordiumWalletCrypto.AtomicIdentityProof: Swift.Codable { + public func encode(to encoder: any Encoder) throws { + var container = encoder.singleValueContainer() + try container.encode(toSDK()) + } + + public init(from decoder: any Decoder) throws { + let container = try decoder.singleValueContainer() + self = try .init(sdkType: container.decode(AtomicProof.self)) + } +} + +/** + * A proof of a statement, composed of one or more atomic proofs. + */ +public typealias IdentityProof = ConcordiumWalletCrypto.IdentityProof + +extension ConcordiumWalletCrypto.IdentityProof: Swift.Codable { + private struct JSON: Codable { + let proofs: [AtomicIdentityProof] + } + + public func encode(to encoder: any Encoder) throws { + var container = encoder.singleValueContainer() + try container.encode(JSON(proofs: proofs)) + } + + public init(from decoder: any Decoder) throws { + let container = try decoder.singleValueContainer() + let value = try container.decode(JSON.self) + self = .init(proofs: value.proofs) + } +} + +/** + * A versioned variant of `IdentityProof` + */ +public typealias VersionedIdentityProof = ConcordiumWalletCrypto.VersionedIdentityProof + +extension ConcordiumWalletCrypto.VersionedIdentityProof: Swift.Codable { + private typealias JSON = Versioned + + public func encode(to encoder: any Encoder) throws { + var container = encoder.singleValueContainer() + try container.encode(JSON(version: version, value: value)) + } + + public init(from decoder: any Decoder) throws { + let container = try decoder.singleValueContainer() + let value = try container.decode(JSON.self) + self = .init(version: value.version, value: value.value) + } +} diff --git a/Sources/Concordium/Proofs/Web3Id.swift b/Sources/Concordium/Proofs/Web3Id.swift new file mode 100644 index 0000000..2a5a032 --- /dev/null +++ b/Sources/Concordium/Proofs/Web3Id.swift @@ -0,0 +1,811 @@ +import ConcordiumWalletCrypto +import CryptoKit +import Foundation + +/// A value of an attribute. This is the low-level representation. The +/// different variants are present to enable different representations in JSON, +/// and different embeddings as field elements when constructing and verifying +/// proofs. +public typealias Web3IdAttribute = ConcordiumWalletCrypto.Web3IdAttribute + +extension ConcordiumWalletCrypto.Web3IdAttribute: Swift.Codable { + private enum AttributeType: String, Codable { + case dateTime = "date-time" + } + + private struct TimestampJSON: Codable { + let type: AttributeType + let timestamp: String + + init(_ timestamp: Date) { + type = .dateTime + self.timestamp = getDateFormatter().string(from: timestamp) + } + } + + public func encode(to encoder: any Encoder) throws { + var container = encoder.singleValueContainer() + switch self { + case let .string(value): try container.encode(value) + case let .numeric(value): try container.encode(value) + case let .timestamp(value): + try container.encode(TimestampJSON(value)) + } + } + + public init(from decoder: any Decoder) throws { + let container = try decoder.singleValueContainer() + if let value = try? container.decode(String.self) { + self = .string(value: value) + return + } + if let value = try? container.decode(UInt64.self) { + self = .numeric(value: value) + return + } + let value = try container.decode(TimestampJSON.self) ?! DecodingError.dataCorruptedError(in: container, debugDescription: "Failed to decode 'Web3IdAttribute'") + self = try .timestamp(value: getDateFormatter().date(from: value.timestamp) ?! DecodingError.dataCorruptedError(in: container, debugDescription: "Dates must be represented in ISO8601 format")) + } +} + +/** + * For the case where the verifier wants the user to show the value of an + * attribute and prove that it is indeed the value inside the on-chain + * commitment. Since the verifier does not know the attribute value before + * seing the proof, the value is not present here. + */ +public typealias RevealAttributeWeb3IdStatement = ConcordiumWalletCrypto.RevealAttributeWeb3IdStatement +/** + * For the case where the verifier wants the user to prove that an attribute is + * in a set of attributes. + */ +public typealias AttributeInSetWeb3IdStatement = ConcordiumWalletCrypto.AttributeInSetWeb3IdStatement +/** + * For the case where the verifier wants the user to prove that an attribute is + * not in a set of attributes. + */ +public typealias AttributeNotInSetWeb3IdStatement = ConcordiumWalletCrypto.AttributeNotInSetWeb3IdStatement +/** + * For the case where the verifier wants the user to prove that an attribute is + * in a range. The statement is that the attribute value lies in `[lower, + * upper)` in the scalar field. + */ +public typealias AttributeInRangeWeb3IdStatement = ConcordiumWalletCrypto.AttributeInRangeWeb3IdStatement +/// Statements are composed of one or more atomic statements. +/// This type defines the different types of atomic statements. +public typealias AtomicWeb3IdStatement = ConcordiumWalletCrypto.AtomicWeb3IdStatement + +extension AtomicWeb3IdStatement { + /// Used internally to convert from SDK type to crypto lib input + init(sdkType: AtomicStatement) { + switch sdkType { + case let .revealAttribute(attributeTag): + self = .revealAttribute(statement: RevealAttributeWeb3IdStatement(attributeTag: attributeTag)) + case let .attributeInSet(attributeTag, set): + self = .attributeInSet(statement: AttributeInSetWeb3IdStatement(attributeTag: attributeTag, set: set)) + case let .attributeNotInSet(attributeTag, set): + self = .attributeNotInSet(statement: AttributeNotInSetWeb3IdStatement(attributeTag: attributeTag, set: set)) + case let .attributeInRange(attributeTag, lower, upper): + self = .attributeInRange(statement: AttributeInRangeWeb3IdStatement(attributeTag: attributeTag, lower: lower, upper: upper)) + } + } + + /// Used internally to convert from crypto lib outpub type to SDK type + func toSDK() -> AtomicStatement { + switch self { + case let .revealAttribute(statement): return .revealAttribute(attributeTag: statement.attributeTag) + case let .attributeInSet(statement): return .attributeInSet(attributeTag: statement.attributeTag, set: statement.set) + case let .attributeNotInSet(statement): return .attributeNotInSet(attributeTag: statement.attributeTag, set: statement.set) + case let .attributeInRange(statement): return .attributeInRange(attributeTag: statement.attributeTag, lower: statement.lower, upper: statement.upper) + } + } + + public var attributeTag: String { + switch self { + case let .revealAttribute(statement): return statement.attributeTag + case let .attributeInSet(statement): return statement.attributeTag + case let .attributeNotInSet(statement): return statement.attributeTag + case let .attributeInRange(statement): return statement.attributeTag + } + } + + /// Checks that a value can be proven for the atomic statement. + /// This assumes that all values in the statement are comparable with the given value. If not, false is also returned. + public func checkValue(value: Web3IdAttribute) -> Bool { + switch self { + case .revealAttribute: return true + case let .attributeInSet(statement): return statement.set.contains(value) + case let .attributeNotInSet(statement): return !statement.set.contains(value) + case let .attributeInRange(statement): + switch (statement.lower, statement.upper, value) { + case let (.string(lower), .string(upper), .string(value)): + return lower <= value && value < upper + case let (.numeric(lower), .numeric(upper), .numeric(value)): + return lower <= value && value < upper + case let (.timestamp(lower), .timestamp(upper), .timestamp(value)): + return lower <= value && value < upper + default: return false + } + } + } +} + +extension ConcordiumWalletCrypto.AtomicWeb3IdStatement: Swift.Codable { + public func encode(to encoder: any Encoder) throws { + var container = encoder.singleValueContainer() + try container.encode(toSDK()) + } + + public init(from decoder: any Decoder) throws { + let container = try decoder.singleValueContainer() + self = try .init(sdkType: container.decode(AtomicStatement.self)) + } +} + +/// A statement about a single credential, either an identity credential or a +/// Web3 credential. +public typealias VerifiableCredentialStatement = ConcordiumWalletCrypto.VerifiableCredentialStatement + +/// A request for a proof. This is the statement and challenge. The secret data +/// comes separately. +public typealias VerifiablePresentationRequest = ConcordiumWalletCrypto.VerifiablePresentationRequest + +/// The additional inputs, additional to the `VerifiablePresentationRequest` that are needed to +/// produce a `VerifablePresentation`. +public typealias VerifiableCredentialCommitmentInputs = ConcordiumWalletCrypto.VerifiableCredentialCommitmentInputs +/// A pair of a statement and a proof. +public typealias AccountStatementWithProof = ConcordiumWalletCrypto.AccountStatementWithProof +/// A pair of a statement and a proof. +public typealias Web3IdStatementWithProof = ConcordiumWalletCrypto.Web3IdStatementWithProof + +/// Commitments signed by the issuer. +public typealias SignedCommitments = ConcordiumWalletCrypto.SignedCommitments + +extension ConcordiumWalletCrypto.SignedCommitments: Swift.Codable { + private struct JSON: Codable { + let signature: String // HexString + let commitments: [String: String] // [String: HexString] + } + + public func encode(to encoder: any Encoder) throws { + var container = encoder.singleValueContainer() + let commitments = commitments.reduce(into: [:]) { acc, pair in + acc[pair.key] = pair.value.hex + } + try container.encode(JSON(signature: signature.hex, commitments: commitments)) + } + + public init(from decoder: any Decoder) throws { + let container = try decoder.singleValueContainer() + let json = try container.decode(JSON.self) + let commitments = try json.commitments.reduce(into: [:]) { acc, pair in + acc[pair.key] = try Data(hex: pair.value) + } + self = try .init(signature: Data(hex: json.signature), commitments: commitments) + } +} + +/// Describes the differnet decentralized identifier variants +public typealias DID = ConcordiumWalletCrypto.Did + +extension ConcordiumWalletCrypto.Did: Swift.Codable { + public init(from decoder: any Decoder) throws { + let container = try decoder.singleValueContainer() + let value = try container.decode(String.self) + self = try parseDidMethod(value: value) + } + + public func encode(to encoder: any Encoder) throws { + var container = encoder.singleValueContainer() + try container.encode(didMethodAsString(did: self)) + } +} + +/// Date formatter used to transform dates to the expected serializable form for verifiable credentials +func getDateFormatter() -> ISO8601DateFormatter { + let dateFormatter = ISO8601DateFormatter() + dateFormatter.formatOptions = [.withInternetDateTime, .withFractionalSeconds] + return dateFormatter +} + +/** + * A proof corresponding to one `VerifiableCredentialStatement`. This contains almost + * all the information needed to verify it, except the issuer's public key in + * case of the `Web3Id` proof, and the public commitments in case of the + * `Account` proof. + */ +public typealias VerifiableCredentialProof = ConcordiumWalletCrypto.VerifiableCredentialProof +extension ConcordiumWalletCrypto.VerifiableCredentialProof: Swift.Codable { + private enum CodingKeys: CodingKey { + case credentialSubject + case type + case issuer + } + + static let CCD_TYPE = ["VerifiableCredential", "ConcordiumVerifiableCredential"] + + public init(from decoder: any Decoder) throws { + let container = try decoder.container(keyedBy: CodingKeys.self) + let issuer = try container.decode(DID.self, forKey: .issuer) + let credType = try container.decode([String].self, forKey: .type).filter { !Self.CCD_TYPE.contains($0) } + + switch issuer.idType { + case let .idp(idpIdentity): + let credSub = try container.decode(CredentialSubjectAccountJSON.self, forKey: .credentialSubject) + + var credId: Data + switch credSub.id.idType { + case let .credential(c): credId = c + default: + throw DecodingError.dataCorruptedError(forKey: .credentialSubject, in: container, debugDescription: "Only valid 'id' for IDP issued subject is .credential") + } + + let statement = credSub.statement + let proof = credSub.proof.proofValue + guard statement.count == proof.count else { + throw DecodingError.dataCorruptedError(forKey: .credentialSubject, in: container, debugDescription: "Expected equal number of statements and proofs in subject") + } + let proofs = zip(statement, proof).reduce(into: []) { acc, pair in + acc.append(AccountStatementWithProof(statement: pair.0, proof: pair.1)) + } + let created = try getDateFormatter().date(from: credSub.proof.created) ?! DecodingError.dataCorruptedError(forKey: .credentialSubject, in: container, debugDescription: "Expected ISO8601 formatted string for 'created' timestamp") + + self = .account(created: created, network: credSub.id.network, credId: credId, issuer: idpIdentity, proofs: proofs) + case let .contractData(address, entrypoint, param): + guard entrypoint == "issuer" else { + throw DecodingError.dataCorruptedError(forKey: .issuer, in: container, debugDescription: "Expected 'issuer' entrypont in smart contract issuer DID") + } + guard param.count == 0 else { + throw DecodingError.dataCorruptedError(forKey: .issuer, in: container, debugDescription: "Expected empty parameter in smart contract issuer DID") + } + let credSub = try container.decode(CredentialSubjectWeb3IdJSON.self, forKey: .credentialSubject) + + let statement = credSub.statement + let proof = credSub.proof.proofValue + guard statement.count == proof.count else { + throw DecodingError.dataCorruptedError(forKey: .credentialSubject, in: container, debugDescription: "Expected equal number of statements and proofs in subject") + } + let proofs = zip(statement, proof).reduce(into: []) { acc, pair in + acc.append(Web3IdStatementWithProof(statement: pair.0, proof: pair.1)) + } + + var holderId: Data + switch credSub.id.idType { + case let .publicKey(key): + holderId = key + default: + throw DecodingError.dataCorruptedError(forKey: .credentialSubject, in: container, debugDescription: "Only valid 'id' for IDP issued subject is .credential") + } + let created = try getDateFormatter().date(from: credSub.proof.created) ?! DecodingError.dataCorruptedError(forKey: .credentialSubject, in: container, debugDescription: "Expected ISO8601 formatted string for 'created' timestamp") + + self = .web3Id(created: created, holderId: holderId, network: credSub.id.network, contract: address, credType: credType, commitments: credSub.proof.commitments, proofs: proofs) + default: + throw DecodingError.dataCorruptedError(forKey: .issuer, in: container, debugDescription: "The only valid variants for 'issuer' of verifiable credential are either .idp or .contractData") + } + } + + public func encode(to encoder: any Encoder) throws { + var container = encoder.singleValueContainer() + switch self { + case let .account(created, network, credId, issuer, proofsWithStatement): + let (statements, proofs) = proofsWithStatement.reduce(into: ([AtomicIdentityStatement](), [AtomicIdentityProof]())) { acc, proof in + acc.0.append(proof.statement) + acc.1.append(proof.proof) + } + let proof = StatementProofAccountJSON(created: created, proofValue: proofs) + let id = DID(network: network, idType: IdentifierType.credential(credId: credId)) + let credSub = CredentialSubjectAccountJSON(id: id, proof: proof, statement: statements) + let issuer = DID(network: network, idType: IdentifierType.idp(idpIdentity: issuer)) + let json = JSON(credentialSubject: credSub, issuer: issuer) + try container.encode(json) + case let .web3Id(created, holderId, network, contract, credType, commitments, proofsWithStatement): + let (statements, proofs) = proofsWithStatement.reduce(into: ([AtomicWeb3IdStatement](), [AtomicWeb3IdProof]())) { acc, proof in + acc.0.append(proof.statement) + acc.1.append(proof.proof) + } + let proof = StatementProofWeb3IdJSON(created: created, proofValue: proofs, commitments: commitments) + let id = DID(network: network, idType: IdentifierType.publicKey(key: holderId)) + let credSub = CredentialSubjectWeb3IdJSON(id: id, proof: proof, statement: statements) + let issuer = DID(network: network, idType: IdentifierType.contractData(address: contract, entrypoint: "issuer", parameter: Data())) + let json = JSON(credentialSubject: credSub, issuer: issuer, additionalType: credType) + try container.encode(json) + } + } + + private struct JSON: Codable { + let credentialSubject: CredentialSubject + let issuer: DID + /// ["VerifiableCredential", "ConcordiumVerifiableCredential", ...] + var type: [String] + + init(credentialSubject: CredentialSubject, issuer: DID, additionalType: [String]? = nil) { + self.credentialSubject = credentialSubject + self.issuer = issuer + type = CCD_TYPE + if let type = additionalType { + self.type.append(contentsOf: type.filter { !CCD_TYPE.contains($0) }) + } + } + } + + private struct CredentialSubjectJSON: Codable { + let id: DID + let proof: Proof + let statement: [Statement] + } + + private struct StatementProofAccountJSON: Codable { + /// ISO8601 + let created: String + let proofValue: [AtomicIdentityProof] + let type: String // "ConcordiumZKProofV3" + + init(created: Date, proofValue: [AtomicIdentityProof]) { + self.created = getDateFormatter().string(from: created) + self.proofValue = proofValue + type = "ConcordiumZKProofV3" + } + } + + private struct StatementProofWeb3IdJSON: Codable { + /// ISO8601 + let created: String + let proofValue: [AtomicWeb3IdProof] + let commitments: SignedCommitments + let type: String // "ConcordiumZKProofV3" + + init(created: Date, proofValue: [AtomicWeb3IdProof], commitments: SignedCommitments) { + self.created = getDateFormatter().string(from: created) + self.proofValue = proofValue + self.commitments = commitments + type = "ConcordiumZKProofV3" + } + } + + private typealias CredentialSubjectAccountJSON = CredentialSubjectJSON + private typealias CredentialSubjectWeb3IdJSON = CredentialSubjectJSON +} + +/// A proof that establishes that the owner of the credential has indeed created +/// the presentation. At present this is a list of signatures. +public typealias LinkingProof = ConcordiumWalletCrypto.LinkingProof + +extension ConcordiumWalletCrypto.LinkingProof: Swift.Codable { + private struct JSON: Codable { + /// Always "ConcordiumWeakLinkingProofV1" + let type: String + /// ISO8601 + let created: String + /// Hex formatted strings + let proofValue: [String] + + init(created: String, proofValue: [String]) { + self.created = created + self.proofValue = proofValue + type = "ConcordiumWeakLinkingProofV1" + } + + init(createdDate: Date, proofValue: [String]) { + self = .init(created: getDateFormatter().string(from: createdDate), proofValue: proofValue) + } + } + + public func encode(to encoder: any Encoder) throws { + var container = encoder.singleValueContainer() + let json = JSON(createdDate: created, proofValue: proofValue.map(\.hex)) + try container.encode(json) + } + + public init(from decoder: any Decoder) throws { + let container = try decoder.singleValueContainer() + let json = try container.decode(JSON.self) + let created = try getDateFormatter().date(from: json.created) ?! DecodingError.dataCorruptedError(in: container, debugDescription: "Expected ISO8601 formatted string for 'created' timestamp") + self = try .init(created: created, proofValue: json.proofValue.map { try Data(hex: $0) }) + } +} + +/// A presentation is the response to a `VerifiableCredentialRequest`. It contains proofs for +/// statements, ownership proof for all Web3 credentials, and a context. The +/// only missing part to verify the proof are the public commitments. +public typealias VerifiablePresentation = ConcordiumWalletCrypto.VerifiablePresentation + +public extension VerifiablePresentation { + /// Creates a verifiable presentation from: + /// + /// - Parameters: + /// - request: a set of verifiable credential statements + challenge (``VerifiablePresentationRequest``) + /// - global: the global context of the blockchain + /// - commitmentInputs: commitment inputs corresponding to the statements + /// + /// - Throws: if the presentation could not be successfully created. + static func create(request: VerifiablePresentationRequest, global: CryptographicParameters, commitmentInputs: [VerifiableCredentialCommitmentInputs]) throws -> Self { + try createVerifiablePresentation(request: request, global: global, commitmentInputs: commitmentInputs) + } +} + +extension ConcordiumWalletCrypto.VerifiablePresentation: Swift.Codable { + private struct JSON: Codable { + /// Always "VerifiablePresentation" + let type: String + /// The challenge used for the presentation, hex formatted + let presentationContext: String + let verifiableCredential: [VerifiableCredentialProof] + let proof: LinkingProof + + init(presentationContext: Data, verifiableCredential: [VerifiableCredentialProof], proof: LinkingProof) { + type = "VerifiablePresentation" + self.presentationContext = presentationContext.hex + self.verifiableCredential = verifiableCredential + self.proof = proof + } + } + + public func encode(to encoder: any Encoder) throws { + var container = encoder.singleValueContainer() + let json = JSON(presentationContext: presentationContext, verifiableCredential: verifiableCredential, proof: linkingProof) + try container.encode(json) + } + + public init(from decoder: any Decoder) throws { + let container = try decoder.singleValueContainer() + let json = try container.decode(JSON.self) + self = try .init(presentationContext: Data(hex: json.presentationContext), verifiableCredential: json.verifiableCredential, linkingProof: json.proof) + } +} + +/// A full verifiable credential for Web3 ID credentials, including secrets. +public typealias Web3IdCredential = ConcordiumWalletCrypto.Web3IdCredential + +extension Web3IdCredential: Codable { + private struct JSON: Codable { + let credentialSchema: CredentialSchema + let credentialSubject: CredentialSubject + let id: DID // .contractData + let issuer: DID // .contractData + let proof: Proof + let randomness: [String: String] // [String: Hex] + let type: [String] + let validFrom: String // ISO8601 date + let validUntil: String? // ISO8601 date + + struct CredentialSchema: Codable { + let id: String + let type: String // "JsonSchema2023" + + init(id: String) { + self.id = id + type = "JsonSchema2023" + } + } + + struct CredentialSubject: Codable { + let attributes: [String: Web3IdAttribute] + let id: DID // .publickKey + } + + struct Proof: Codable { + let proofPurpose: String // "assertionMethod" + /// Hex encoded ``Data`` + let proofValue: String + let type: String // "Ed25519Signature2020" + let verificationMethod: DID // .publicKey + + init(proofValue: Data, verificationMethod: DID) { + proofPurpose = "assertionMethod" + self.proofValue = proofValue.hex + type = "Ed25519Signature2020" + self.verificationMethod = verificationMethod + } + } + } + + public func encode(to encoder: any Encoder) throws { + var container = encoder.singleValueContainer() + let dateFormatter = getDateFormatter() + + let schema = JSON.CredentialSchema(id: credentialSchema) + let subject = JSON.CredentialSubject(attributes: values, id: DID(network: network, idType: IdentifierType.publicKey(key: holderId))) + let id = DID(network: network, idType: .contractData(address: registry, entrypoint: "credentialEntry", parameter: holderId)) + let issuer = DID(network: network, idType: .contractData(address: registry, entrypoint: "issuer", parameter: Data())) + let proof = JSON.Proof(proofValue: signature, verificationMethod: DID(network: network, idType: .publicKey(key: issuerKey))) + let json = JSON( + credentialSchema: schema, + credentialSubject: subject, + id: id, + issuer: issuer, + proof: proof, + randomness: randomness.mapValues(\.hex), + type: credentialType, + validFrom: dateFormatter.string(from: validFrom), + validUntil: validUntil.map { dateFormatter.string(from: $0) } + ) + try container.encode(json) + } + + public init(from decoder: any Decoder) throws { + let container = try decoder.singleValueContainer() + let json = try container.decode(JSON.self) + let dateFormatter = getDateFormatter() + + let validFrom = try dateFormatter.date(from: json.validFrom) ?! DecodingError.dataCorruptedError(in: container, debugDescription: "Expected 'validFrom' to contain ISO8601 formatted date") + let validUntil = try json.validUntil.map { + try dateFormatter.date(from: $0) ?! DecodingError.dataCorruptedError(in: container, debugDescription: "Expected 'validFrom' to contain ISO8601 formatted date") + } + let signature = try Data(hex: json.proof.proofValue) + + guard [json.id.network, json.credentialSubject.id.network, json.issuer.network, json.proof.verificationMethod.network].allSatisfy({ $0 == json.id.network }) else { + throw DecodingError.dataCorruptedError(in: container, debugDescription: "Network specified in all DID's must match") + } + let network = json.id.network + + let holderId: Data + switch json.credentialSubject.id.idType { + case let .publicKey(key): holderId = key + default: + throw DecodingError.dataCorruptedError(in: container, debugDescription: "Field 'id' must be smart contract DID with entrypoint 'credentialEntry'") + } + + let issuerKey: Data + switch json.proof.verificationMethod.idType { + case let .publicKey(key): issuerKey = key + default: + throw DecodingError.dataCorruptedError(in: container, debugDescription: "Field 'id' must be smart contract DID with entrypoint 'credentialEntry'") + } + + let registry: ContractAddress + switch json.id.idType { + case .contractData(let address, entrypoint: "credentialEntry", let parameter): + guard parameter == holderId else { + throw DecodingError.dataCorruptedError(in: container, debugDescription: "Field 'id' parameter substring must contain match the public key of the 'credentialSubject'") + } + registry = address + default: + throw DecodingError.dataCorruptedError(in: container, debugDescription: "Field 'id' must be smart contract DID with entrypoint 'credentialEntry'") + } + + switch json.issuer.idType { + case .contractData(let address, entrypoint: "issuer", parameter: Data()): + guard address == registry else { + throw DecodingError.dataCorruptedError(in: container, debugDescription: "Field 'issuer' must be smart contract DID with an address that matches the address specififed in the DID of the 'id' field") + } + default: + throw DecodingError.dataCorruptedError(in: container, debugDescription: "Field 'issuer' must be smart contract DID with entrypoint 'issuer' and an empty parameter") + } + + let randomness = try json.randomness.mapValues { try Data(hex: $0) } + + self = .init( + holderId: holderId, + network: network, + registry: registry, + credentialType: json.type, + credentialSchema: json.credentialSchema.id, + issuerKey: issuerKey, + validFrom: validFrom, + validUntil: validUntil, + values: json.credentialSubject.attributes, + randomness: randomness, + signature: signature + ) + } +} + +/// Can be used to ease the construction of ``Verifiable Presentation``s +public struct VerifiablePresentationBuilder { + /// The challenge used to construct the ``VerifiablePresentation`` + public let challenge: Data + /// The network the verifiable credentials are created for + public let network: Network + private var statements: Set = Set() + + public init(challenge: Data, network: Network) { + self.challenge = challenge + self.network = network + } + + /// Represents errors happening while building a ``VerifiablePresentation`` utilizing the ``VerifiablePresentationBuilder`` + public enum BuilderError: Error { + /// A attribute value is missing for the attribute found in the statement provided + case missingValue(tag: String) + /// A randomness value is missing for the attribute found in the statement provided + case missingRandomness(tag: String) + } + + public struct IdStatementCheckError: Error, Equatable { + /// The attributes that failed the check for a statement + let attributes: [AttributeTag] + } + + public struct Web3IdStatementCheckError: Error, Equatable { + /// The attributes that failed the check for a statement + let attributes: [String] + } + + private struct PresentationInput: Equatable, Hashable { + let statement: VerifiableCredentialStatement + let commitmentInputs: VerifiableCredentialCommitmentInputs + + public func hash(into hasher: inout Hasher) { + switch statement { + case let .account(network, _, statement): + hasher.combine(network) + hasher.combine(statement) + case let .web3Id(_, network, _, _, statement): + hasher.combine(network) + hasher.combine(statement) + } + } + + // Implement Equatable protocol (required for Hashable) + static func == (lhs: Self, rhs: Self) -> Bool { + switch (lhs.statement, rhs.statement) { + case let (.account(lNetwork, _, lStatement), .account(rNetwork, _, rStatement)): return lNetwork == rNetwork && lStatement == rStatement + case let (.web3Id(_, lNetwork, _, _, lStatement), .web3Id(_, rNetwork, _, _, rStatement)): return lNetwork == rNetwork && lStatement == rStatement + default: return false + } + } + } + + /// Add a ``VerifiableCredentialProof`` of the supplied statement for the ``IdentityObject`` + /// - Parameters: + /// - statement: the statement to prove + /// - idObject: the identity to prove the `statement` for + /// - cred: the credential and associated randomness to use + /// - issuer: the identity issuer corresponding to the issuer used for the `idObject` + /// - Throws: ``VerifiablePresentationBuilderError`` if the required values were not found for the parameters given + /// - Returns: ``Result.error`` if any value provided does not pass a check for whether it can be proven, i.e. is within the bounds of the statement. + @discardableResult public mutating func verify(_ statement: [AtomicIdentityStatement], for idObject: IdentityObject, cred: AccountCredentialWithRandomness, issuer: UInt32) throws -> Result { + try verify(statement, values: idObject.attributeList.chosenAttributes, randomness: cred.randomness.attributesRand, credId: CredentialRegistrationID(cred.credential.credId), issuer: issuer) + } + + /// Add a ``VerifiableCredentialProof`` of the supplied statement for the ``IdentityObject`` + /// - Parameters: + /// - statement: the statement to prove + /// - idObject: the identity to prove the `statement` for + /// - credId: the credential registration ID to use + /// - cred: the randomness corresponding to the credential + /// - issuer: the identity issuer corresponding to the issuer used for the `idObject` + /// - Throws: ``VerifiablePresentationBuilderError`` if the required values were not found for the parameters given + /// - Returns: ``Result.error`` if any value provided does not pass a check for whether it can be proven, i.e. is within the bounds of the statement. + @discardableResult public mutating func verify(_ statement: [AtomicIdentityStatement], for idObject: IdentityObject, credId: CredentialRegistrationID, randomness: Randomness, issuer: UInt32) throws -> Result { + try verify(statement, values: idObject.attributeList.chosenAttributes, randomness: randomness.attributesRand, credId: credId, issuer: issuer) + } + + /// Add a ``VerifiableCredentialProof`` of the supplied statement for the supplied attribute values + /// - Parameters: + /// - statement: the statement to prove + /// - values: the attribute values to use for the proof + /// - wallet: the wallet to derive values from + /// - credIndices: the credential indices used to derive values + /// - global: the cryptographic parameters of the chain + /// - Throws: ``VerifiablePresentationBuilderError`` if the required values were not found for the parameters given + /// - Returns: ``Result.error`` if any value provided does not pass a check for whether it can be proven, i.e. is within the bounds of the statement. + @discardableResult public mutating func verify(_ statement: [AtomicIdentityStatement], for values: [AttributeTag: String], wallet: WalletSeed, credIndices: AccountCredentialSeedIndexes, global: CryptographicParameters) throws -> Result { + let attributes = statement.map(\.attributeTag) + let randomness = try attributes.reduce(into: [AttributeTag: Data]()) { acc, tag in + acc[tag] = try wallet.attributeCommitmentRandomness(accountCredentialIndexes: credIndices, attribute: tag.rawValue) + } + let credId = try wallet.id(accountCredentialIndexes: credIndices, commitmentKey: global.onChainCommitmentKey) + return try verify(statement, values: values, randomness: randomness, credId: credId, issuer: credIndices.identity.providerID) + } + + /// Add a ``VerifiableCredentialProof`` of the supplied statement for the supplied attribute values + /// - Parameters: + /// - statement: the statement to prove + /// - values: the attribute values to use for the proof + /// - randomness: the attribute randomness to use for the proof + /// - credId: the credential registration ID to use for the proof + /// - issuer: the identity issuer corresponding to the issuer for the credentials underlying identity + /// - Throws: ``VerifiablePresentationBuilderError`` if the required values were not found for the parameters given + /// - Returns: ``Result.error`` if any value provided does not pass a check for whether it can be proven, i.e. is within the bounds of the statement. + @discardableResult public mutating func verify(_ statement: [AtomicIdentityStatement], values: [AttributeTag: String], randomness: [AttributeTag: Data], credId: CredentialRegistrationID, issuer: UInt32) throws -> Result { + let attributes = statement.map(\.attributeTag) + let (values, randomness) = try attributes.reduce(into: ([AttributeTag: String](), [AttributeTag: Data]())) { acc, tag in + acc.0[tag] = try values[tag] ?! BuilderError.missingValue(tag: tag.description) + acc.1[tag] = try randomness[tag] ?! BuilderError.missingRandomness(tag: tag.description) + } + + let rejectedAttributes = statement.filter { !$0.checkValue(value: values[$0.attributeTag]!) } + .map(\.attributeTag) + if !rejectedAttributes.isEmpty { + return .failure(IdStatementCheckError(attributes: rejectedAttributes)) + } + + let verifiableStatement = VerifiableCredentialStatement.account(network: network, credId: credId.value, statement: statement) + let commitmentInputs = VerifiableCredentialCommitmentInputs.account(issuer: issuer, values: values, randomness: randomness) + statements.update(with: PresentationInput(statement: verifiableStatement, commitmentInputs: commitmentInputs)) + return .success(()) + } + + /// Add a ``VerifiableCredentialProof`` of the supplied statement for the supplied ``Web3IdCredential`` + /// - Parameters: + /// - statement: the statement to prove + /// - cred: the credential to prove the statement for + /// - wallet: the wallet to derive the signing key of the credential + /// - credIndex: the credential index of the ``Web3IdCredential`` + /// - Throws: ``VerifiablePresentationBuilderError`` if the required values were not found for the parameters given + /// - Returns: ``Result.error`` if any value provided does not pass a check for whether it can be proven, i.e. is within the bounds of the statement. + @discardableResult public mutating func verify(_ statement: [AtomicWeb3IdStatement], for cred: Web3IdCredential, wallet: WalletSeed, credIndex: UInt32) throws -> Result { + let signer: Curve25519.Signing.PrivateKey = try wallet.signingKey(verifiableCredentialIndexes: VerifiableCredentialSeedIndexes(issuer: IssuerSeedIndexes(index: cred.registry.index, subindex: cred.registry.subindex), index: credIndex)) + return try verify(statement, for: cred, signer: signer) + } + + /// Add a ``VerifiableCredentialProof`` of the supplied statement for the supplied ``Web3IdCredential`` + /// - Parameters: + /// - statement: the statement to prove + /// - cred: the credential to prove the statement for + /// - signer: the signing key for the credential + /// - Throws: ``VerifiablePresentationBuilderError`` if the required values were not found for the parameters given + /// - Returns: ``Result.error`` if any value provided does not pass a check for whether it can be proven, i.e. is within the bounds of the statement. + @discardableResult public mutating func verify(_ statement: [AtomicWeb3IdStatement], for cred: Web3IdCredential, signer: Curve25519.Signing.PrivateKey) throws -> Result { + let attributes = statement.map(\.attributeTag) + let (values, randomness) = try attributes.reduce(into: ([String: Web3IdAttribute](), [String: Data]())) { acc, tag in + acc.0[tag] = try cred.values[tag] ?! BuilderError.missingValue(tag: tag.description) + acc.1[tag] = try cred.randomness[tag] ?! BuilderError.missingRandomness(tag: tag.description) + } + let rejectedAttributes = statement.filter { !$0.checkValue(value: values[$0.attributeTag]!) } + .map(\.attributeTag) + if !rejectedAttributes.isEmpty { + return .failure(Web3IdStatementCheckError(attributes: rejectedAttributes)) + } + + let verifiableStatement = VerifiableCredentialStatement.web3Id(credType: cred.credentialType, network: network, contract: cred.registry, holderId: cred.holderId, statement: statement) + let commitmentInputs = VerifiableCredentialCommitmentInputs.web3Issuer(signature: cred.signature, signer: signer.rawRepresentation, values: values, randomness: randomness) + statements.update(with: PresentationInput(statement: verifiableStatement, commitmentInputs: commitmentInputs)) + return .success(()) + } + + /// Finalize the ``VerifiablePresentation`` from the added verification rows + /// - Parameter global: the cryptographic parameters of the chain + /// - Throws: if the presentation could not be constructed + /// - Returns: a ``VerifiablePresentation`` of the ``VerifiableCredentialStatement``s built in the context of the associated credentials and the global context of the associated chain. + public func finalize(global: CryptographicParameters) throws -> VerifiablePresentation { + let (statements, commitmentInputs) = self.statements.reduce(into: ([VerifiableCredentialStatement](), [VerifiableCredentialCommitmentInputs]())) { acc, row in + acc.0.append(row.statement) + acc.1.append(row.commitmentInputs) + } + let request = VerifiablePresentationRequest(challenge: challenge, statements: statements) + return try VerifiablePresentation.create(request: request, global: global, commitmentInputs: commitmentInputs) + } +} + +/// The different types of proofs, corresponding to the statements above. +public typealias AtomicWeb3IdProof = ConcordiumWalletCrypto.AtomicWeb3IdProof + +extension AtomicWeb3IdProof { + /// Used internally to convert from SDK type to crypto lib input + init(sdkType: AtomicProof) { + switch sdkType { + case let .revealAttribute(attribute, proof): + self = .revealAttribute(attribute: attribute, proof: proof) + case let .attributeInSet(proof): + self = .attributeInSet(proof: proof) + case let .attributeNotInSet(proof): + self = .attributeNotInSet(proof: proof) + case let .attributeInRange(proof): + self = .attributeInRange(proof: proof) + } + } + + /// Used internally to convert from crypto lib outpub type to SDK type + func toSDK() -> AtomicProof { + switch self { + case let .revealAttribute(attribute, proof): return .revealAttribute(attribute: attribute, proof: proof) + case let .attributeInSet(proof): return .attributeInSet(proof: proof) + case let .attributeNotInSet(proof): return .attributeNotInSet(proof: proof) + case let .attributeInRange(proof): return .attributeInRange(proof: proof) + } + } +} + +extension ConcordiumWalletCrypto.AtomicWeb3IdProof: Swift.Codable { + public func encode(to encoder: any Encoder) throws { + var container = encoder.singleValueContainer() + try container.encode(toSDK()) + } + + public init(from decoder: any Decoder) throws { + let container = try decoder.singleValueContainer() + self = try .init(sdkType: container.decode(AtomicProof.self)) + } +} diff --git a/Sources/Concordium/Wallet/WalletSeed.swift b/Sources/Concordium/Wallet/WalletSeed.swift index 78eacf6..748b89b 100644 --- a/Sources/Concordium/Wallet/WalletSeed.swift +++ b/Sources/Concordium/Wallet/WalletSeed.swift @@ -2,19 +2,22 @@ import ConcordiumWalletCrypto import CryptoKit import Foundation +/// Represents an index for an identity under an identity provider public typealias IdentityIndex = UInt32 +/// Represents an index for a credential on an identity public typealias CredentialCounter = UInt8 +/// Represents an index Web3 ID issuer public typealias IssuerIndex = UInt64 +/// Represents an subindex Web3 ID issuer under an `IssuerIndex` public typealias IssuerSubindex = UInt64 +/// Represents an index for a Web3 ID credential under the indices specifying a Web3 ID issuer public typealias VerifiableCredentialIndex = UInt32 -public enum Network: String { - case mainnet = "Mainnet" - case testnet = "Testnet" -} - +/// Represents the seed indices for deriving cryptographic values for a specific identity public struct IdentitySeedIndexes { + /// The identity provider index, specifying the innermost part of the derivation path public var providerID: IdentityProviderID + /// The identity index, specifying the second part of the derivation path public var index: IdentityIndex public init(providerID: IdentityProviderID, index: IdentityIndex) { @@ -23,8 +26,11 @@ public struct IdentitySeedIndexes { } } +/// Represents the seed indices for deriving cryptographic values for a specific credential for an identity public struct AccountCredentialSeedIndexes { + /// Specifies the identity the credential values are derived for (first + second part of the derivation path) public var identity: IdentitySeedIndexes + /// The credential index, specifying the third part of the derivation path public var counter: CredentialCounter public init(identity: IdentitySeedIndexes, counter: CredentialCounter) { @@ -33,20 +39,37 @@ public struct AccountCredentialSeedIndexes { } } +/// Represents the seed indices for deriving cryptographic values for a specific web3 ID issuer public struct IssuerSeedIndexes { + /// The (smart contract) index, specifying the innermost part of the derivation path public var index: IssuerIndex + /// The (smart contract) subindex, specifying the second part of the derivation path public var subindex: IssuerSubindex + /// Initialize from a contract address + public init(contractAddress: ContractAddress) { + self = .init(index: contractAddress.index, subindex: contractAddress.subindex) + } + public init(index: IssuerIndex, subindex: IssuerSubindex) { self.index = index self.subindex = subindex } } +/// Represents the seed indices for deriving cryptographic values for a specific web3 ID credential public struct VerifiableCredentialSeedIndexes { + /// Specifies the issuer the credential values are derived for (first + second part of the derivation path) public var issuer: IssuerSeedIndexes + /// The credential index for the specific issuer, specifying the third part of the derivation path public var index: VerifiableCredentialIndex + /// Initialize from a contract address + credential index + public init(contractAddress: ContractAddress, index: VerifiableCredentialIndex) { + issuer = .init(contractAddress: contractAddress) + self.index = index + } + public init(issuer: IssuerSeedIndexes, index: VerifiableCredentialIndex) { self.issuer = issuer self.index = index @@ -55,8 +78,8 @@ public struct VerifiableCredentialSeedIndexes { /// Class for deterministically deriving cryptographic values related to credentials from a seed. public class WalletSeed { - private let seed: Data - private let network: Network + let seed: Data + let network: Network public init(seed: Data, network: Network) { self.seed = seed @@ -68,57 +91,74 @@ public class WalletSeed { self.network = network } + /// Compute the IDCredSec for the identity indices public func credSec(identityIndexes: IdentitySeedIndexes) throws -> Data { try identityCredSec( seed: seed, - network: network.rawValue, + network: network, identityProviderId: identityIndexes.providerID, identityIndex: identityIndexes.index ) } + /// Compute the PRF key for the identity indices public func prfKey(identityIndexes: IdentitySeedIndexes) throws -> Data { try identityPrfKey( seed: seed, - network: network.rawValue, + network: network, identityProviderId: identityIndexes.providerID, identityIndex: identityIndexes.index ) } + /// Compute the signature blinding randomnessfor the identity indices. public func signatureBlindingRandomness(identityIndexes: IdentitySeedIndexes) throws -> Data { try identityAttributesSignatureBlindingRandomness( seed: seed, - network: network.rawValue, + network: network, identityProviderId: identityIndexes.providerID, identityIndex: identityIndexes.index ) } - public func signingKey(accountCredentialIndexes: AccountCredentialSeedIndexes) throws -> Data { + /// Compute the signing key for the account credential corresponding to the account credential indices + func signingKey(accountCredentialIndexes: AccountCredentialSeedIndexes) throws -> Data { try accountCredentialSigningKey( seed: seed, - network: network.rawValue, + network: network, identityProviderId: accountCredentialIndexes.identity.providerID, identityIndex: accountCredentialIndexes.identity.index, credentialCounter: accountCredentialIndexes.counter ) } - public func publicKey(accountCredentialIndexes: AccountCredentialSeedIndexes) throws -> Data { + /// Compute the signing key for the account credential corresponding to the account credential indices + public func signingKey(accountCredentialIndexes: AccountCredentialSeedIndexes) throws -> Curve25519.Signing.PrivateKey { + try Curve25519.Signing.PrivateKey(rawRepresentation: signingKey(accountCredentialIndexes: accountCredentialIndexes)) + } + + /// Compute the public key for the account credential corresponding to the account credential indices + func publicKey(accountCredentialIndexes: AccountCredentialSeedIndexes) throws -> Data { try accountCredentialPublicKey( seed: seed, - network: network.rawValue, + network: network, identityProviderId: accountCredentialIndexes.identity.providerID, identityIndex: accountCredentialIndexes.identity.index, credentialCounter: accountCredentialIndexes.counter ) } + /// Compute the encryption keys for the credential corresponding to the account credential indices with the chain context + public func encryptionKeys(globalContext: CryptographicParameters, accountCredentialIndexes: AccountCredentialSeedIndexes) throws -> EncryptionKeys { + let prfKey = try prfKey(identityIndexes: accountCredentialIndexes.identity) + return try getEncryptionKeys(globalContext: globalContext, prfKey: prfKey, credentialIndex: accountCredentialIndexes.counter) + } + + /// Compute the account credential registration ID for the credential corresponding to the account credential indices public func id(accountCredentialIndexes: AccountCredentialSeedIndexes, commitmentKey: Data) throws -> CredentialRegistrationID { let data = try accountCredentialId( seed: seed, - network: network.rawValue, + network: network, identityProviderId: accountCredentialIndexes.identity.providerID, identityIndex: accountCredentialIndexes.identity.index, credentialCounter: accountCredentialIndexes.counter, @@ -127,10 +167,11 @@ public class WalletSeed { return try CredentialRegistrationID(data) } - public func attributeCommitmentRandomness(accountCredentialIndexes: AccountCredentialSeedIndexes, attribute: UInt8) throws -> Data { + /// Compute the attribute commitment randomness for the identity attribute corresponding to the numeric value supplied. + func attributeCommitmentRandomness(accountCredentialIndexes: AccountCredentialSeedIndexes, attribute: UInt8) throws -> Data { try accountCredentialAttributeCommitmentRandomness( seed: seed, - network: network.rawValue, + network: network, identityProviderId: accountCredentialIndexes.identity.providerID, identityIndex: accountCredentialIndexes.identity.index, credentialCounter: accountCredentialIndexes.counter, @@ -138,40 +179,68 @@ public class WalletSeed { ) } - public func signingKey(verifiableCredentialIndexes: VerifiableCredentialSeedIndexes) throws -> Data { + /// Compute the attribute commitment randomness for the identity attribute + func attributeCommitmentRandomness(accountCredentialIndexes: AccountCredentialSeedIndexes, attribute: AttributeTag) throws -> Data { + try attributeCommitmentRandomness(accountCredentialIndexes: accountCredentialIndexes, attribute: attribute.rawValue) + } + + /// Compute the attribute commitment randomness for the list of identity attributes + public func attributeCommitmentRandomness(accountCredentialIndexes: AccountCredentialSeedIndexes, attributes: [AttributeTag]) throws -> [AttributeTag: Data] { + try attributes.reduce(into: [:]) { acc, attr in + acc[attr] = try attributeCommitmentRandomness(accountCredentialIndexes: accountCredentialIndexes, attribute: attr.rawValue) + } + } + + /// Compute the signing key for the Web3 ID credential corresponding to the credential indices + func signingKey(verifiableCredentialIndexes: VerifiableCredentialSeedIndexes) throws -> Data { try verifiableCredentialSigningKey( seed: seed, - network: network.rawValue, + network: network, issuerIndex: verifiableCredentialIndexes.issuer.index, issuerSubindex: verifiableCredentialIndexes.issuer.subindex, verifiableCredentialIndex: verifiableCredentialIndexes.index ) } - public func publicKey(verifiableCredentialIndexes: VerifiableCredentialSeedIndexes) throws -> Data { + /// Compute the signing key for the Web3 ID credential corresponding to the credential indices + public func signingKey(verifiableCredentialIndexes: VerifiableCredentialSeedIndexes) throws -> Curve25519.Signing.PrivateKey { + try Curve25519.Signing.PrivateKey(rawRepresentation: signingKey(verifiableCredentialIndexes: verifiableCredentialIndexes)) + } + + /// Compute the public key for the Web3 ID credential corresponding to the credential indices + func publicKey(verifiableCredentialIndexes: VerifiableCredentialSeedIndexes) throws -> Data { try verifiableCredentialPublicKey( seed: seed, - network: network.rawValue, + network: network, issuerIndex: verifiableCredentialIndexes.issuer.index, issuerSubindex: verifiableCredentialIndexes.issuer.subindex, verifiableCredentialIndex: verifiableCredentialIndexes.index ) } - public func verifiableCredentialBackupEncryptionKey() throws -> Data { + /// Compute the verifiable credential backup key for the wallet seed + func verifiableCredentialBackupEncryptionKey() throws -> Data { try ConcordiumWalletCrypto.verifiableCredentialBackupEncryptionKey( seed: seed, - network: network.rawValue + network: network ) } + + /// Compute the verifiable credential backup key for the wallet seed + public func verifiableCredentialBackupEncryptionKey() throws -> Curve25519.Signing.PrivateKey { + try Curve25519.Signing.PrivateKey(rawRepresentation: verifiableCredentialBackupEncryptionKey()) + } } public enum AccountDerivationError: Error { case noCredentials } +/// A collection of functionality for account derivation for a wallet seed and a set of cryptographic parameters public class SeedBasedAccountDerivation { + /// The wallet seed public let seed: WalletSeed + /// The cryptographic parameters of the chain private let cryptoParams: CryptographicParameters public init(seed: WalletSeed, cryptoParams: CryptographicParameters) { @@ -179,19 +248,26 @@ public class SeedBasedAccountDerivation { self.cryptoParams = cryptoParams } + /// Derive an account credential and the corresponding randomness values for the specified identity object + /// - Parameters: + /// - seedIndexes: The account credential index to derive credentials for + /// - identity: The identity object corresponding to the identity specified in the credential indices + /// - provider: The identity provider data corresponding to the identity provider specified in the credential indices + /// - revealedAttributes: A set of attributes to reveal for the credential. Defaults to `[]` + /// - threshold: The minimum number of signatures on a credential that need to sign any transaction coming from an associated account. Defaults to `1` public func deriveCredential( seedIndexes: AccountCredentialSeedIndexes, identity: IdentityObject, provider: IdentityProvider, - revealedAttributes: [UInt8] = [], - threshold: SignatureThreshold - ) throws -> AccountCredential { + revealedAttributes: [AttributeTag] = [], + threshold: SignatureThreshold = 1 + ) throws -> AccountCredentialWithRandomness { let anonymityRevokers = provider.anonymityRevokers let idCredSec = try seed.credSec(identityIndexes: seedIndexes.identity) let prfKey = try seed.prfKey(identityIndexes: seedIndexes.identity) let blindingRandomness = try seed.signatureBlindingRandomness(identityIndexes: seedIndexes.identity) let attributeRandomness = try AttributeTag.allCases.reduce(into: [:]) { res, attr in - res["\(attr)"] = try seed.attributeCommitmentRandomness( + res[attr] = try seed.attributeCommitmentRandomness( accountCredentialIndexes: seedIndexes, attribute: attr.rawValue ) @@ -201,7 +277,7 @@ public class SeedBasedAccountDerivation { keys: [KeyIndex(0): VerifyKey(ed25519Key: key)], threshold: threshold ) - let res = try accountCredential( + return try accountCredential( params: AccountCredentialParameters( ipInfo: provider.info, globalContext: cryptoParams, @@ -216,9 +292,10 @@ public class SeedBasedAccountDerivation { credentialPublicKeys: credentialPublicKeys ) ) - return res.credential } + /// Derive an account an account from the list of account credential indices, using the first credential to derive the account address and all credentials + /// for corresponding signing keys public func deriveAccount(credentials: [AccountCredentialSeedIndexes]) throws -> Account { guard let firstCred = credentials.first else { throw AccountDerivationError.noCredentials @@ -229,16 +306,18 @@ public class SeedBasedAccountDerivation { ) } + /// Derive an account address for the account credential indices public func deriveAccountAddress(firstCredential: AccountCredentialSeedIndexes) throws -> AccountAddress { let id = try seed.id(accountCredentialIndexes: firstCredential, commitmentKey: cryptoParams.onChainCommitmentKey) return id.accountAddress } + /// Derive the signing keys corresponding to the list of account credential indices. public func deriveKeys(credentials: [AccountCredentialSeedIndexes]) throws -> AccountKeysCurve25519 { try AccountKeysCurve25519( Dictionary( uniqueKeysWithValues: credentials.enumerated().map { idx, cred in - let key = try Curve25519.Signing.PrivateKey(rawRepresentation: seed.signingKey(accountCredentialIndexes: cred)) + let key: Curve25519.Signing.PrivateKey = try seed.signingKey(accountCredentialIndexes: cred) return (CredentialIndex(idx), [KeyIndex(0): key]) } ) @@ -246,6 +325,7 @@ public class SeedBasedAccountDerivation { } } +/// Can be used to construct requests to identity providers public class SeedBasedIdentityRequestBuilder { private let seed: WalletSeed private let cryptoParams: CryptographicParameters @@ -255,7 +335,12 @@ public class SeedBasedIdentityRequestBuilder { self.cryptoParams = cryptoParams } - public func recoveryRequestJSON(provider: IdentityProviderInfo, index: IdentityIndex, time: Date) throws -> String { + /// Construct a recovery request for the identity provider and identity + /// - Parameters: + /// - provider: the identity provider to construct the request for + /// - index: the identity index to use + /// - time: the timestamp of the recovery. Defaults to `Date.now` + public func recoveryRequestJSON(provider: IdentityProviderInfo, index: IdentityIndex, time: Date = Date(timeIntervalSinceNow: 0)) throws -> String { let identityIdxs = IdentitySeedIndexes(providerID: provider.identity, index: index) let idCredSec = try seed.credSec(identityIndexes: identityIdxs) return try identityRecoveryRequestJson( @@ -268,6 +353,11 @@ public class SeedBasedIdentityRequestBuilder { ) } + /// Construct an identity issuance request for the given identity provider + /// - Parameters: + /// - provider: the identity provider to construct the request for + /// - index: the identity index to use + /// - anonymityRevocationThreshold: the anonymity revocation threshold public func issuanceRequestJSON(provider: IdentityProvider, index: IdentityIndex, anonymityRevocationThreshold: RevocationThreshold) throws -> String { let identityIdxs = IdentitySeedIndexes(providerID: provider.info.identity, index: index) let prfKey = try seed.prfKey(identityIndexes: identityIdxs) diff --git a/Tests/ConcordiumTests/Integration/WalletConnectTest.swift b/Tests/ConcordiumTests/Integration/WalletConnectTest.swift index 95d985c..eada790 100644 --- a/Tests/ConcordiumTests/Integration/WalletConnectTest.swift +++ b/Tests/ConcordiumTests/Integration/WalletConnectTest.swift @@ -139,4 +139,103 @@ final class WalletConnectTest: XCTestCase { let expected = makeExpectedPayload(type: type, transactionPayload: tExpected) XCTAssertEqual(decoded, expected) } + + func testWalletConnectRequestDecode() throws { + let decoder = JSONDecoder() + + var json = """ + { + "method": "request_verifiable_presentation", + "params": { + "challenge": "010203", + "credentialStatements": [{ + "idQualifier": {"type": "cred", "issuers": [0]}, + "statement": [ + {"type": "RevealAttribute", "attributeTag": "firstName"}, + ] + }] + } + } + """.data(using: .utf8)! + let _ = try decoder.decode(WalletConnectRequest.self, from: json) + + json = """ + { + "method": "sign_message", + "params": { + "message": "This is the message" + } + } + """.data(using: .utf8)! + let _ = try decoder.decode(WalletConnectRequest.self, from: json) + + json = """ + { + "method": "sign_message", + "params": { + "message": {"schema": "0103", "data": "02020202"} + } + } + """.data(using: .utf8)! + let _ = try decoder.decode(WalletConnectRequest.self, from: json) + + json = """ + { + "method": "sign_and_send_transaction", + "params": { + "type": "\(TransactionTypeString.registerData)", + "sender": "\(account)", + "payload": {"data":"010203"}, + } + } + """.data(using: .utf8)! + let _ = try decoder.decode(WalletConnectRequest.self, from: json) + } + + func testRequestVerifiablePresentationDecode() throws { + let decoder = JSONDecoder() + + let json = """ + { + "challenge": "010203", + "credentialStatements": [{ + "idQualifier": {"type": "cred", "issuers": [0,1,2]}, + "statement": [ + {"type": "RevealAttribute", "attributeTag": "firstName"}, + {"type": "AttributeInSet", "attributeTag": "nationality", "set": ["DK", "NO"]} + ] + },{ + "idQualifier": {"type": "sci", "issuers": [{"index": 1, "subindex": 0}, {"index": 42, "subindex": 1337}]}, + "statement": [ + {"type": "RevealAttribute", "attributeTag": "something"}, + {"type": "AttributeInSet", "attributeTag": "arbitrary", "set": ["first", "second"]}, + {"type": "AttributeNotInSet", "attributeTag": "another", "set": [1, 3]}, + {"type": "AttributeInRange", "attributeTag": "time", "lower": {"type": "date-time", "timestamp": "2022-10-03T08:38:18.738Z"}, "upper": {"type": "date-time", "timestamp": "2024-10-03T08:38:18.738Z"}} + ] + }] + } + """.data(using: .utf8)! + let formatter = ISO8601DateFormatter() + formatter.formatOptions = [.withInternetDateTime, .withFractionalSeconds] + + let value = try decoder.decode(WalletConnectRequestVerifiablePresentationParam.self, from: json) + let expected = try WalletConnectRequestVerifiablePresentationParam(challenge: Data(hex: "010203"), credentialStatements: [ + .account(issuers: [0, 1, 2], statement: [ + .revealAttribute(statement: RevealAttributeIdentityStatement(attributeTag: .firstName)), + .attributeInSet(statement: AttributeInSetIdentityStatement(attributeTag: .nationality, set: ["DK", "NO"])), + ]), + .web3id(issuers: [ContractAddress(index: 1, subindex: 0), ContractAddress(index: 42, subindex: 1337)], statement: [ + .revealAttribute(statement: RevealAttributeWeb3IdStatement(attributeTag: "something")), + .attributeInSet(statement: AttributeInSetWeb3IdStatement(attributeTag: "arbitrary", set: [.string(value: "first"), .string(value: "second")])), + .attributeNotInSet(statement: AttributeNotInSetWeb3IdStatement(attributeTag: "another", set: [.numeric(value: 1), .numeric(value: 3)])), + .attributeInRange(statement: AttributeInRangeWeb3IdStatement( + attributeTag: "time", + lower: .timestamp(value: formatter.date(from: "2022-10-03T08:38:18.738Z")!), + upper: .timestamp(value: formatter.date(from: "2024-10-03T08:38:18.738Z")!) + ) + ), + ]), + ]) + XCTAssertEqual(value, expected) + } } diff --git a/Tests/ConcordiumTests/Proofs/IdTest.swift b/Tests/ConcordiumTests/Proofs/IdTest.swift new file mode 100644 index 0000000..c090900 --- /dev/null +++ b/Tests/ConcordiumTests/Proofs/IdTest.swift @@ -0,0 +1,93 @@ +@testable import Concordium +import XCTest + +private let GLOBAL = CryptographicParameters( + onChainCommitmentKey: try! Data(hex: "b14cbfe44a02c6b1f78711176d5f437295367aa4f2a8c2551ee10d25a03adc69d61a332a058971919dad7312e1fc94c5a8d45e64b6f917c540eee16c970c3d4b7f3caf48a7746284878e2ace21c82ea44bf84609834625be1f309988ac523fac"), + bulletproofGenerators: try! Data(hex: "0000010098855a650637f2086157d32536f646b758a3c45a2f299a4dad7ea3dbd1c4cfb4ba42aca5461f8e45aab9112984572cdf8ba9381c58d98d196b1c03e149ec0c8de86098f25d23d32288c695dc7ae015f6506b1c74c218f080aaadaf25bb8f31539510c87e8fed74e784b63b88afba4953cacc94bceb060f2ad22e555cffe6f0131c027429826dd3a4358fd75a06e8f7c5878791f70384a7f3a90f4b7afa45fae6e0fa7153b840f6fc37aed121d6c51225c56d1ce6bbc88096aa3f86e6b3517daa90baffc69b9eb27aaebf87f04ed091412547ec94aa7bf0c8dd826e3cdd621e11dfef6fc667c53a5abc82c163efa51435b3be74f47073511db07c1af7229c78ec38554a3f7e9fa38499201d4fe6c80e867df75f2c540e57d2e15f9f5e18f73c0a804567494aba85653f57f5f990111d680400bdbee2d0678271ce93a119c107458b8d4e557fc870de9cf0ccce6d34a216a6ffbec9581349366706377b436261200834fb2654ad5cd34f5bfe3f3658ae94838ed38033886844008143d823f7e49db43017655c53b983a883948d7401f26ed14daef0dc46da30f57e187ca8e027063174a412cbfc8a7b606b41fcf7f75b698ce9115afe5124e8d72f4b34ce839742a46885ed60af26f24f8d10d46621d78b5772b0314311ed3bb627e93bac47e7eda5ff4d2ef5f98ef7265677a382a1f7b8f9a43d1e563b66b6de94c52c3c87169bd19b6e884c6a28dd6f51ba64bc36ac07926a8d91a64e88a4e19b4c0fe0db8b76c9c99bfcddc05fd5630c54bff85c041fea34a630ffe1e6313bf039477994696db0596f9e2522e04ffdb530147780099d918ee47031db2870c00b25ba6d201b00ef2459e73f6a8219d7a7ff96833bd1c8a3c24285d93b85a321d1b6e175f2d9ef111a7304438b5f5874f064539d27bf8bc46d8e2473d458f957fa206bc417ab5b8ca4dd5f0595e21063c1bbae14f07bec6f12d95a05166b90896f33aa941e0a057989dcc1ed77430a3e6f93ab16f62598b9816dc203db6ecc7fd7989d2763d4ef72abae3c4aa1e1b9c9965f8772a1be640a18486dc0804a2efdd7175316af3220a6c10db0ac0e2913de42c44f2f54a20687d2b22c9636e0ba8d09747f2229ee6ba0fa49c4a328f2ffcc5ff462ddca0de8b1d13cf85ad590183767a9ae4179b3c617ed776cf14abad1964d362747492547359c4b65e78f6dfb452d5a559ac0c24b8affdf13256e43d3213bdda0c056172771cda382f3f31fecb82ee8dc81a48fe74467665c4e34e07b1954cae4ee97270b94a336779d27646348ffa0eb52663aa60bd8b7fb9311d38a7fc1f0f2842081cb81b594dfcdefb44db1caeeac7527c5a48e8a8ecb83de0514ef184f2a82c4110f9f64ea655fb42218f95e27c81a0adb3fa7b441b71cb15113aef7c318d73f911688d34111928fdff181dbc014be35cc7e3e5bd75bf767686933931bab272eac577558b1314206d97611152ae82c1bd56ab92a4378dbe73e76a9fbd90154bd1a8c73c681f70298d15f1574d7038521b4e9b9cfc0d900c2d74cad594b68923607a1b913cb9484e093ab8ef2020ddbbd77d041581487f41e2dea13832e566325f4fb0f9934df94ee068c676e475251659770b93e0e32c7739d3c430db581308817ba091c56a5087c6248ee79baddc3c233e77b3fdbbd73f1a4298a8277055ee32a96b7e83f76e0070ea65c4a1784e9e281fa70fd9771c762a91c7ea014f60c87d09687768c9d0c8277d84e8af2eee505fda2967631a999619dc332d98bd45d40458923de655769aac754bf9081dbe9318b4880bd325e6be713f3aafb65d8e44b9143acdc7f2ba7f15290c84225c77111e0629d0f82f2f367d2641d0c3658fd54e538286787d379252876f71ec4a96ca72fdf8b156059ec50131317b9243eb71c5e84ab6791303ee0ebacd790bb27767701083afa616413b1d5bf0347cc4199943c938d74eda87660dd40405aedafbaf54b1e177117f632deeb6a9bd5227d9b8ba5693625ac68ed7d1604ccffe73e97a45411b99c666dd5eaa90cd021d05f12f84acf60bafe0c98e8ae213fa65c189256c79afb4b3eba970a8ad4e94374dd6f9d258b8c86335f36481affdcc9eb074f1ace01fae937a7d1a92279bdfb1081e029103e48877e4442199593c1b946aaed494885b0bd9d67fb7abc6f41c0f7574c3cc007d29a4ddc0a966270f5432a47e3e5563061b158eedef8bae522cb1f800c6d5f0a85a4e24a68a9bddb99e408d204e56cd994796bd004cdc5871798df2bf068ac48271290a2b3b1f0eba346f8746c79ce2389ed3ced67bb962fcb50876b7a32afca94216adadc0aed990dfd2b558aa5d8f35aa773e710f14f1641ff7eaa9ecab43ca3dbf32e846a90c8a3771d378aeb9277ef864377f7ca79ec7bc9e4b373ac890cbcbcf7c33df157e0cab0fcc7fc4daa2599177bd9d6bfc4be694a8e834be081bc7fccee530fbf6bac5be0cd1656b4c79ba6e121c39640cda83f81d17324da795da00f9a05317224ba827cecea6cbba1459df4a5bf6b84cd009d5864d44e747e3f30866a7c261004f861359e717c414a699461086e9136e29f9973e5b3f008a77fedb184e6835bc50934178b4bbd8bc9ecbb10865789d063ee7781fb2dc7b9b641b73fb172c3aba915c420c1c72cdc999d1fd224bf4d3d8a5ce26fa36100533682964abc2e99368402b0c518df1b6af245837eadb31a5616884c5474d25f57a228ed2bbef64d5a80e37cb20385a0283072a3b7a11b68bef323ea4804608c0eed5ea213caf6feb183558d56666f472a9abd10ddbf49650c5318109f9c5ed8fac7847644e153638e29e5f45dd00da06c9b9aab4af18eda0d0bfdc48ae42efe79d4e7196ef07c4319efdf042724d9aeb2c13b089b1fde77467c32cdf778749370e2c3b84a466bdfd1aa00ca8ac85c0eb29f1ccba6953a8bf877802ca3e3c31ceba8f9ff0a8684b3b118ab11a27182b033847baa372fb6b4c88e9177b8b131cd69f6ff5ec347db17215fb9890fab1c4d265d405ca74e249fafda004f86f2a5c3fbec7cae6afe6c507e089bb2d47a9e421512c016b99cb1cb15a3b8e75f2d8ff4866731585c686871691b5ca89a1351f6a79b159530fb5825f87131b0bcee2573d3932d223a358fcf08c8d4bae92f26d7fe35255c7486484bcb26693174ec2688abf39db5f091c8c09ad804f4ae42ca8b645200f27629ece81c6b5d94ef7646cbbc4b62a716ac6d2ad21f5a7e2297ebed15f2e085859a1002a9e7658b0d0249446ce9e769caba71536b9329a5fea3a15d52344d42d868b0d92a423fa44f8a6c4aebf50fb496c62d03598de39f1fbdb29e098c6a2e2ca59cbb5e37eb021594463a72471683117b957890f8307828168b1a8f2066a5e5f2c6822589272f259b012822b8be2b15c004a2a69b66c2f5ee5d81aa9a7bbdd44d059587bea89d021c734f62828382c9f13210185482694f8b30b46111d426927ec5f10b155f825d852fd995b9c7ff27861f7fee8dd2b654473198504cdcb53154b29f323ac1adde8510beabb8cef6d1a927f2dc844f746edeef9b256ace54dd8e3219b265ae958ced6593ea154b8188bf58b72ff05c036630b6d55141c4ac227a4d966fde1d0ff1ed9748c66127feec86e7839d77c1c56b46e29d2033a7871b4b0e3c53b3cc4ac49dc8eacd0555b338265be1234b81259b3746eae71600c16b7f4bc692f0a1d3dc2ed855c9fb11b2ff5fd9e6361a82d42bd4ba00635d974fa1214aa8da9180cb158347608e0c44bb5b77397d8b233df7be91e7047d28d18ee66472b98c78091eb95760c5b381d6050779ce65fd1508af8df81a3385f185f7941f0b7aa9bcd6023c6e4db7ac3045aee58f3b2d307a5be14e2b59d05333949d9e8dafbe15b671034b7c629c1de1bf560415cf72761d4d7abcbe3b762d9a66b1b630b75c2af751f6a5d37b43e84139aeb418e0b10dec012a32095cf7305bda79bb3853c3cb1fb3c8447ee4306923b6b693020880bb11df8c78f3411f176b2393776d0b9b3ea7eb0cecfaadbcd8112c4c4ad9960001f4d4df210860470a4c89a0fb9a07229ec3476e1221f490ff80314da398ffbefac3a376c53c0db82d6785bc3d3b0cf3ce4bb54cb9b6fdc29b01bca2894debb7de518a61cc953d4f92a9c52d427e2858db633d042ca14028ef771d9c8c62014676a30ed9d5f9f51036a823a388ed0f72321a13dad31bb28fe383e456361159490942382ed3e49f1c420968877a42b7bbd8c3c9e78723017400dd178f0f89065072d7ef5f5e9baffafb2ce55fe7b35a7865957260b1789e3fddc5bebdfc3301e79b5077a92f6048121c557099c329bb270cb90ad47818398bbdddefdfa6b9d9256b8194f51b45c69176d5d7deb6440c9a81bc5ad0c8b2f31720f071a8ddb7907fb161ed658f890540ac56c506b7b98df3a45f6fc062698bc86d3cc1150db00d702b2d1e3c8eae552eab55a7afd5a5a3be2610867cfff07545c8227dd26c502039240cf00ce2e91b7bd7ed6495980639eaf919635c82c5073acdc21aa275ba87cb7280d0c6321c6a4021b1f0ae7bce23c32238b3f486ce27434721df436446f9ddfb9c66bb1f4b2337803850b2606d8954268eaa0ae060f8a6da2a0e7cc315c1f8cdad4e11bdf5165a2d72ad34f976bfc41000afff158f31e9632b898f2e9886b8b92c81bf916861c62f07ea326e94ddc4ff9af51fc0420b0d3c57fe0d14109ec90a72de74147d8ae1eeebe6b565c4ed81ac01d49b0e6a9551e9fdb7a9e040b4bcbad61fe627983462106e1c0b59ce762ce89b4b1100444048e2fe84850db19d63522d83993067cf025ddaf796e2f11d76da5a2b6ef4a409720ac4e97f7c75973584d935ab0e723f415a5622b03ece90173ea58da495f402f5ecc33526d251da5d2eb5558cbabc1634e8aced49d7c3bfb514c20f7284e8a902855b2296ae90ffb84bd0ea96aac846b6c9dd8ce92c0f9d457ab44a381046e7cd50b4958bf4b854bff340be4d41452ae1e3e19c82b99908c0a45968e580823450ffcc67561dfcdf446a57ed8d032ca94ec3e8dc0a181b9faf478275fc353ba104d5c31cb7338cc4c2cd445ffed7025f576ae84e9b08311b77490b6111dacd7e3afa920193cded42246276cb999d5d85f594352592002efa2d34c387fa1901cc0f63c0f6ed141c7d2a48d5bed031a204cca98c4e26ab7210d4ca5ba3e20df6d1b0e1daa69216b3e1ed98f20ad9f527efe75a0e7e2067c85383b7a614945669b442e1f0d7ee07160902ba9ac292fa0e9c62bc1b0e848856aa680898c4769d965441a16cec21ffc2eff717267cf0f9d4e7139b764c72826309e8e0ce8965c6c96953c3ebedb4ab4c9b35c32b7b59f8715f7c790afe8a3c7a09965192baa75262a16650cfa1706f4cdb4d34043ad1d6a53898164d049647dba7be95b7c620c750e3146155f57ccaeb283936ba6b9fe6a6c6fc5fec11b59b2d12da76075e022a2308fea5865ab5cbc12a4898de2204bb218cb6757d1d3d380b488a22e4dca9c9b1d1e2d01e7a9e707a6c09c323973dd639c7d48f25e4b5b5e95b4394a1221484d337a032b34cf77998acf78efe6d7c8c1ca4f83970bd62c0a790f38e405827a71baf31a9c89892f6745e2d29bc13b5b2873c0581df064a96bf64eecdec5504a75c7e03369662e0ad9f6c2d38c4da79b82f62aeebb69392a78a2cf6fe5a1ea8627b77d5ec828f4d445fbf3a51987023218ce4f944f03041d01976a2780fe632238a828414364b8b98aa8d709bab9c2202b144f9edaab822c33d5d8ec5f62517567711cf25c890036700b7f39b130335b4b8d14d4e9ebdb6c4fc015027907b931fe5cd99ad87976e8181fa284a53185f1e982ae24842abf28f23de420376b205222e5067a2ec53814d659485327eec748b821d70f114fae08ba181f320717dc462c88a15370cf8acba5516c093e13102d92c681bda73f3ab192976179dea08875abdc054e389b309d62a9737e05edd489469f63497da850450e1f299aea08649a9ed1982a4f8a3b251fb8cfb4737ce650d125199d07f7acbbd50dd65ab973be9684ee248269ff200e2f36118cb0eb9104b94149f9c91ebb76f9d46ef5c11b4b78bf6331116110dbe6bebb7169d3c637839bcf89b114ed9d765cd6211405e2dbbe78a4ad608a960a051097a65dc0620a3d1143439c4e04cc6eb1453e43904dc9f9db084d52b2d251dcb1d476141b74c627fbff849eda5a0abc85416b97d9888dd3cd88d33104e8f0fe03ade560dbe4baee030af797fe68e45196a2137d79de2ced8e6c2771d6b16a74b2c1044e9d381a0107adb870af01329c413c0a29b88d92b3a3c4a117424e613704917bb2aeb343dc22d96b0831db78b63063f10527cafc6731b32d50e4b6e39f45595cabd413f62117244ffc1d69122b5b1c9bd864303c46cdaa1e76a97448ba5ed266859a744411e29d1ce4b78a037d99d337a7b2f74907b591da8103613a19bfa6cc1f87b9698912b85ddb0ad0d86569f813ed4dfd3a9edfc0803427c648ef49724149e49aaaa98279b2ea7d25e3463be263b6cf518e9bfc456e993c2a3806335f13deaecd3c052e8604a08c045175d044f7544291dd4acce9db398fef80ffd0fc75b28886903d2d39c133a1869b8429c9ec58069384d8639e6d268849bc02f863f431f574ca988b84ae59427e446891cdcbed74a72e2b60601ba707b2c839d85b33320a32c1b1f7514510f70d08c474a7b6155a0ed004a23fee27c6aad072c0c751474948a1397ced8f04c5b50b4be2001f4f52ada7731781b69ed93b7602441344dedcc359c385a897532f3475764e0ed3c80959cd95d47f958d237f39694cdad607b966b0d2b690844646b614fa9fd4f169fb4de7c2ff3b4805402e4408c5ba5be95cff6bb68c79104a58c11aac0f999ec307a230eba3869f9078c453af1539a9cf5f07dd18a10c2f2104a2007d52d55b8ba7e24d97002c461c2f21796055179f403a012554b2eb503bd7f62aa3542df13ce9b520c81f364b7bea0deda55e430ff52e0f7408e43e4f7289d93b2431ef21d80e04ca57538dc17b6a7b2f1729cd52ccf7f8b4d58fb2fbaef5c9b3cb38b34b179742e686b9fcb884286cbb9b35d70083d8dc6e6e9f374d473a79ffddf8547bcfc05d5da6250ff982c8692b51e6b219406d9eb1b39dd2adc8de3dd86510da7c383041ed1e87e5104d33478bb8bd7891e16c72eb23029dfb8b90c98c15377d0928a36a65b01b4e83e5c93e5a804a37513447ca0e64a945c0807ffb5f2ff06f270e9080eb0fe471b4241a9f66235b8066d425ef09e6d46e19717747d80f5a16964690b949b335b4c20d3d15a7eabd7e815856f3463565654eaa243f7a4c619289212014d1e1effd99390d1feb0d9a9a0b101a298aefbfa703582c5c2f6470c673a180cd6bd9adab2e6d044ba3f130e47b7340ba9a358b0600d1a8862a9c330e6ef1782ef1c912a4a60db9522cd3f1b941832abdce920a6bebc950d29e057d6a71e75f9056d601079109bbbb3b7bbc46b413934b902ea7bd0ed115553de7c51ce60ca100272221a880d3d2bb0b49f5b36a246df30b7fcfa3e924b5e0db2c55038289b1e266f91d504c14cc3722881721f46d864c9f5ca7c736ade9d7196c9fc59a4740d59d0bc1cc3845ab33c8ee7e539f2bcd8d7295e88803b1a66552fbe133a585962edc24ef8b8b3ee88d005c5817c9e65249c554a678b71fa1e6dabdea92b1ffcd004e16f289ff1758a491a2ebed7c070423b4dbbd61141d3357ee08bb9be71663d0d2ea59f4322ee39348fe8af117fb424ac49e362ccdeec78e99f7f2eef955f7454ce38c8dd963bc6a43bcf476514a5951637c64a71dcb65351b05c557d7485494cbbd0c206acc04002ca1545d1ad3f70cff600aeffa021fcc63d46b5128d466c87475a6b420af9e4648b3218449886a5f3448d2993609e7055566430b2e3f3d09a22633e19a1dd0418be9f99cee8be8336f575d3a55dc090deabc6786fd0d210b7e9577d69ef79beafbb541f96c6a01c9344653d7f84cef645989c9928b1738b4fb901dc9b9c29f4e0940fadc8403262e953ed8f6d772f1040b6ed52df64f7bddcab26bd6f5575e325fc81ede2c931f46c8cac6beb889961d6b2395d711261f9ddfd6be95e17f1aafa506e7d14bddb132b0821e7b06cc8597c8133878ca983bedabf66d0d2abadf4dfa38015d3e0afe9323c792dfccda5544c17624162ef0554b5cc6d77362208018717a53f44c2bffec644467d6b2bdddfd1ac55973d05edebd6e24c41223b8beceef1ea63410eed001c947429b115b864d785de238fa0e68411e9c5de226bfee699ab981ea86a67935faeb6f571f04d6dd1b73920a4afacea51c89a5561532cdb94a08da8e0bce1da552da943efdaf4a9549984337f0f5c4b42fd81a4f545e00d86f41ac6d54eb554efeba20896f3e1234f41c285636524b666b69a21bf19318a618c95a05bd4754318f696e0671662e9b37cd2393fb709e687a8ff171155d71e6ba436857d522aad38d34382c5b9f2c8e5b94464156cfbbefb3e390a935dfce72b9dbd2197e241b68cd9ef87de8165eb0515ecf534d5bdcd2b6a1540c092e26d99985085a95e31cff50452e89a3de519a0bc9494c66e77434242ef17bb0f4719b65b10cdead9b2e9072c59d334cb43827482fb92876e6fdb66dded5245e0f4a8aa6ac7bea417f3feddba61ee20b092fda1502551fe6cd0f14023fefe4d08767a0eaae297faf7352badf5ff9e58cf4d1fecb857ac3b9e83c90d19345474f82c074da1600172969606801ec567df6dbaa2df8a4380d3d500570b8461b2cc8511e5d3a45495b3bbe014440846892b11c3248decfa722419cd30aa94d9209872872820ad1b02b8abbce3b26e31aae5bcc816795d0bb3810c1e4f6ad22ff0a00ad709f93c3f63a9dafc2eb7cc6c8d986808e165b25dbed2af7ff5620ab09b3aae0928ea163fab6315b7885448f5579c40c35ed50340bef058ab56186940cb5fadc5b1d093c1a82ddd172a4d5cf3efd5c5297db8dba62e1a302127b7faac192a1de5f8225c49607768a7561dc138b0c4d9888fe68a5e38c125dcf23c7d9066c34c7536226cf68e8106c9eecf4925e48c6fb8286c5e4d48c136550d179a30daf27017aaa890abdcab582f67f4b7117257ffefc0bb8a8b6bab8c68894955bc13c185b64b5e790483145915881643222c50fc024002a7c619ac5561bb72704c2d46745ca5ee77311a3c22750ee8cadcc77dd037db697b939ce0e8be03f83c82948d491b38289483c8da893ebd9384f83f1ce0148a43065ea4e041c22aaac15a1a82dc6688c3f73f86f97c97ca7e259cf588f8ddf2de829970a0cc527df4d9514032a4161e3175c34dc46065c3a1f4c70a07734fa9bf76a3744d2764df6fb49dd8a97d85c62890d6cc094862a34ca78558c47c263fdeb1dd5dfa9b6c0ae2b3cc43b5fb742049ab38e87f9d50ef256fe3187506f8b462ac07b85f2395089291336d8233db5631cb1afc311f6b1bda3a2b8cbeecdf46085c5f9c0727f40c64681ff0adadfbc742a8a70d717a00080277f8fb67074c98ab4cdd2dba5b9a6d3defa9b6024bb7c452f19b74dc8363cc33b62ff9d5653f7f069723f1d6d7f7fdc38980bcd01d1867c2060dbc75a615933c2830e5a39885185d74f980c733afd19a830b12dadd006530b1514b5ef61de8b5b27ca58b9471029edf360e8bc4cc962d6ab28a1dc2083c5b98510f4c22f4577b9c416b4072f36b298ee1ce8dd8111c254340123e19509c179e4b71cb268381af7290196666e055a7de2715e6cc173bfa5af642a3fa942c85b07fac2f9970bacfa03e09d36da2f80b4f1a379e8e5b43d9e2890d551e6f37df150fe561212a3b0b714d13b46765dcbbac3f6ea01c976cd366da0de6bf601eb17230e6f3032f9a476ceb75d7d25ceab9f65bf93102daed84af1c7e336daf571bae47f98f74214d93403f55adb50693c9cdc1a2144f1544bcd1e441a34a8d2a2f48387130e569a9f3053d510e2bf379df90ed2064ebd503b44a2a729a19ae1af257508dee6133bc8cb0af76690be0b41248f3f447adb4679cbc91e93532513a9cac6dd4a587ffef01c202f6e46c3129567c833b5db32fb36054cef0ed13530c48cd3bb887137f41902fde6e4e472bd6e38f6a0992d363a0470a1f8f98ee17d528a0b4b187d6b0a931f2a0b123d50827d6b50797da8029a868f97e144f7586afb6b394dec7ca89d85be8a0ecec25863eb9215704eaafab2e277c3256dffadc6a99fb3bc94b4483a3fce40f29ecbe39c223a9d99adab90973c65ec64b9b9ba9f1d68ca967d87df7793323d898fd09065da2c6051308cd4e535634e235e6284fdb3697bd285eae40d57b976d7ac690e6a96b193a9c3ab3dfd771efce5cfaf12d48abd69023d7773ae998e7433600924435bc89163b7a18f7bada60f52ced09e50dd8401198fd48ad6741f545fa1b53ddd0b55e71baa55112e01f42731148ad13f696b63e307f3f9878c74bf513fb03b3bbcedd2234f8d299286add8e0f7aa4c7511b9cd080e293b0067b4bed86869a814fe4b2a5b5f2a9eb543795c7139211a61de2d5dad8c61969a0a460552589867d544b3561b8234e7d16ef4fe6590d141e3b29a77e967caaa25bfd1eed4537e5d57372e621f4f99825f99ff7016193038ad5f975fa64497d20f2d05ba4fd2d015ce6ae8d65d536584157d0a4269f5421c308818415235d15c2063bdd645329e270c4c6e180575ba5b20e98812520a41d415df1b7acbaa29d6600b797160d9e4b7f96cffbadc623456aaf9aeaad3fbdfebaed9b7725f4c5027d7acbdf36c3aa77ba6d2f834b5b45b2e7f1538cfc109a4817c913846a4d5a479d5f29e9b377144bb76265d1747644dda7465b498b3ebc4d361ac8817071b60ee23d0803d19a9da55619b430997ebc41c59d8feda62b9e1f287634b1b8b22f415c89444c01af938c50e0fc828996a044d5dc514479fde095d6e91c2e75e74af4dadd159e4e84d9dfb8e6e4e3fffd7f9a1dfebeb14816857dd1b6e197fe33d03f1835f91d2764d3cf8eea43ed03e9d4486cf3dc90f34a4f4e7f1e6b62dec4936284054322904ec54c8e3d618b4c8fea8c5985624b3625b01a904512da4cf3a5bb5d23d99fc6f72f636e08c23d435de96b0d52f16b68932e2a03b0ae8de987e2b9a324c3c1028236ffbbc85399dd8e441ce740ab549ed1547591469251aebad65b00fd4d60abf9e3072213e3ab5ecfa9ea0c1dd98141b6f58d244a6979af521e1d1c04b2de3db33a15b7e4845046a4f749b9a08fac86c32b958079a48a13743777aa000581a58151b3bd18f5b397a786d3323bce206a91013fa451a2e8c0c56cd428497e959b728e88a9707a80230850f82388c5f653adcedfee27ef1d045703dfa12952f9ab8859c610f3a9eddcfa6f3c470b7ec1cad5c06f69a65fa5e8641eff14a5378fdb63099cffdecb4816f5fe8fe64f715b432301523d2280be3e3bb2ff3374c5fe07f1342a37fef2b46a2726d308f9e678246448528a219ddde24baf73cbf4459791f564d9fc06b22635a0580b3ff21c9d5f6ec4433fac3eaddb055714aaceb48ac87af41f00fe3482a9888afa7a0811cbecbe64b264197ae22c1e17baae62116e79948771731bce85068dfa4016f3978e39ddb6373b398939642824f763dbbfdc002af17846352ea59cffbb3b07fd526936f313a9f36c818b9c8935d3535e05a7f8ad66541a202b3770e7b5b9ee000fc03f87a67ec1668c270bb6dbb46e1f58e999887cdaf5bfd08a899afbd1b1712a474fe6bdc0e3c6540072ede5b4fd2eb4da9b93bbda506a634eae7f9b0855c40609011911e765c5bf92c7ef9876d3898d1b9f74ae44dd10de3cc31b5056f219ccb522f6c48d8e32893118f6fdef1441251f5f1ec351b2ee7b95a2ae8d08edc4ce2d5749b2f07321ea546805fc4d46c27392fb66ec9ee04c41c8f77d4920dcbe5937cb5507795210b0acb300b3a9625fc4edb076cfd36c5f8f0dd519025af2eaccbc13747e1c7a848a5deafa9caddd682356e21d7d24d7b3458f8c2351c20a864a152fffa4d049b331de77b2de9490bbede98488158108571cb80c5e3eff895ba2a31a1d70aa1bc3b38cdf5610495f432a9f9369b9ceacbf45da63cf533e42df66df7c7e108146bd107fd890e32252e5e1125db9e5e938fc86a3ad8547951fcaacb69789e99bff56fb9e0350ec742665cae725faba2dd08de44a16d5779fd5c0a3624db0bd265d933494020efe58b64b6da26b0a78377fe8d55a2576e245791efbd9c2811c66374f1d95121ba4ee1b85b637fcbad348cc8b089936520a1c19391ec9186429689919c0692b665e95450bb37c8e88306f1d367cdde245b2174277da0cd799788d6ee9ae8453adcfccc3a5dc9832cdc59946ffbce28be4a4c0630691f5e9bb4f9277df568182fe478a4eac8b6576909c6780a7bcb0ce8f7d60f89e2d76d1fbff45d6390c1ac743129754aa2b7320101e0e7da7327d6c5e545feb5a0c48c6cacaf245503f87d7b7ad7ddb24522df40f94cea9a9044ee7de7216d533e16823ee8599181975253e5841c4a88f71b04d9465eee909c6b1e220d11da5bcfd01ab009ddda154828467adfa4c49cde3991a2062e10e74da1a6535ced9fed0b6d9f4c4f507d711d8879b883c43e7c3588dfc02a3218925feabe7dfc619d110bd5455cb79ad9cea0cbb5d2220c5d83c9a2169af546b260c4eb936a74db8d1538470c73fba41010963314b1ab662230d2bf126102eca5a8e02cf3fc9c3e406110d44c483b5a1770c0c97657b251ebfc59d2db5eac1cb2715aa3c5b65c1f4eae95b700bc4815b663b61d0cc7b5bc2b8270d7cd558edfbe3086cac8eff197ed25b4ca98546735f433db5ccf9d0b01f56400f9eae1656bfdaf81137c306211011e09b15dfbae35c8df774a3bba8e40cd3d4fb00a6880e445324f26d61a612acbdd0737cae1179bf26bc29b7cb0b23a907ea011402947c0cebd8aaa82620a36ab9b6d281470d6f05a42c99b87981f7c45adcd01b2b47026eac614e0930976ba5b0ca56e81fc5277d80a9c7ab49d670ed03dd760af98a47e495a3fe92c0f97c4138958044faf55c5f4ab7833f1db1245522924609028ce1c234bae58d99e377eb82856c7a8fbfc6a21f3f2c21001badd0aab473cfdecd9a89d230ff477d43739debadf3c7d03de3987d4715ac54ccfbc271ef5796428faee43cb46feea3a73ca2acd73685d6be66e86a958a8f29ddf8a7d3f9f444b399dfab5a6e46aff3d3ae8d25a4c737e4c2bd1660b0302d2381ee4dc9980fe75e39da89af19310d61a4042f56d22fa2eab5499eb2865197ef07226c05600fd904f67feabb07a7b6f5fcd31302755a19c28f3fd8fb34849afc27a79c226e91645642229a0415ecb6279770561ea342e043baf8907a6e6a31914bfd8295ba6926bf4cfa11a369e10895d5d4ced4c426b69f6084a304804083020e812d01b0b6e6591dea9145ae40fe4fc0e820c2a3dc813bd6b1e960adb54628f1fc5b66df7e33cc9cfefcefaf14a510ecc1ee5a7bd5656a34b14d3bbd6e20034b421233e24d7d8d80b51aab12a1d55408e3679bb3c68997729b2488594ba5d8ac0deab6b93fc38ee6db89eaa263d34822bc71ca45234db23ec5a6826540781358a9f9f360b863204e81d07046a093dcb0c9bc3c0415b7c45722eee2ac88627823b78421d11f0be2d32590c2380f32d355229e34e33e44ea3ad47be9021aa521b3832b8edde4a37368ee10cc09141822d5dba7c5b50705b4af3e94e3f9ca32840146fd4f5f6910de5004fd23c3089556a0fa92e2645b9a3b9f4ac9e850a3d3e7b5b8d32fc8bd9ebd30d9d5230b04c9f21073dec23366748560c6fc67d741a822c54ebe373e676e515959056a805f09852a111a6beedec8c1ed6d8133e24d04fafeab7b877b71bd107db03e7a47219111a98d8967405396fa2a12e30e5c02b0235d6ab4c414d14393e6bafe123ba93f1c24fa303313ecd123af3c816a898e8c015c977550012256d83c8f96da6129de1b2bd857afee09a2122c264f5535ee17207e07250e756051b665c5130945b98cba09141f4175a1dbfc6fc3440f6a2692f0141a980b856131e75a7f0072305c0065b5b0b32d0a8a406f136a67d8bb51974a46cc1fcaebeede69c8f76e9cddc5c040ef380555ade3492dde6f9caa0d4c18d02106389c3334dd85e21e5d1198bd95e32a97fcb59c85de999cb078d9d2982408cae15ae6fe9fa95b4b5443e8d6effcf4b3e903f021f42644d1605bd52861a520f413bcf9c5fba40195bd534ced9088357fc3155c7606ec5b857eed52106d4472dfd4220c46c88a2e444b0f0ffee688cd472ff90304853bacbe594e7e9eec897b6f6fb0757a658f76ac8a36f995f228db232ff365c842a95ce4dedeccc7d6adcc66f9723b413de9f410bb3a62b338b3bae5e9115fa66d581a5d459ec0bcb09a013e63303e89073cb8473896915f1593c9a62c060a64c8d164cae46388ce6751a7d11e1246af906e1fac401016bc7b8ba49be563af3fe509c1efc2771bb2fab8827c60cb79de9a1ad7485cbf6f145c4117a93b2f476300c403a1fbc48af19666556697857a6422675ee39868e4d694b538a5d90a741829ea1eb7f16a4cb74dd92eb71cfa84b5ed5eef1f5a52232b53d8791b48fb98cb0bf41a881f11d0d202a40d5031ac03961c345750b8d0846f28f76e663b931c0aed8b5dab097d144826ebe16b8e4362868b4b105ae28e4c458982b0861c0c5ee362ca4a714dff9ce082629e21c612546e4cc50fc78dec5ff9bb6cfb7477499e90b3d799fcd26bc460448ae038f4d7dfae99e1ff63d34285a15592955e50691548ec56edf4493f54e90abe856c933b365953c683767622c31bd2b18c50eab5e1e8ae29cba3dbad2199a4fedeac65f4fcb0094524ef23a1d0001147cf902c092e82eb5e2b80340ca64adda9d479af18673875eb661b3f085a016b7fd21bee7789755ddb38555338d36bf6277947fc8debe80d3ca65934882e6b03ae5426dcbfb40efe0de27d5dd33ffe91d8151327b8d49232495a021c7d52b1a70810d270f473b9c0a9481744b0b51ba5a3b7f1f8f86c2f23da41f61c2bb60b545bafb0f7294aa9867e2d1c2c5a1b4bcad31373e8fcd29118f455d0334c9db169a438fc9ef021aac8d8efcedd2fa51750706d4a4fb95d7bb5d91e86d6b8b10b87bd82aaa18c2074e54f9ebfd46c1659a988015c86b7ce187b83fa89e27ba3e91b6e1c1bad902723f0f1a05a9d016e0e6b587ac9b3f1c9985d1ab1975a5427bf34b812e87130b44812cd2e4c5dffc0752c13c523bfc86baaf12a256141f12f33a727abe44c948d58aa76f91df64f063c36b9a6d04dcdf7201dd7c3ffa1d45eaee5ed72b85dc589bf8147ef5fef4ae4b949c2f9add64cc0b45b05723ee3701165b4a5eb8a442dc0af576512b0272338702afaaf13c3fdcaf4854a010733c4c56d1abfabb061cc40b0dab4b6c5861fffe5e3b8294d393a368c38196036b257f70d227b32140708516a1b97c9c50ddba5ab246eaacb193129cff1a51ba69b4744b712ad3477c6fe36a940b6aa5ced1615fd0f9e25ae89812eb682b8a7a376c1e8d08e589cd9e3d29b25ac51e3e8e3ce7d4b3f8b7fe1ac105c7ee26e3f467cddfd77a5da729943a14ce537cf7f54170293996834a4206521a03da2e14bf28ff11ec8288912d13a08631e01278eb5fd631c7ed1f2a2c72f22f7d7b96cb27c27da9ee304f70753287d4e288e53b2781b8dc405379154da26904290850422ff4b396a1352ebe08c7136efe738fe6a38d39b4275127b9f230f437cea7df223b3b31bbd88aeaae1f7ab5e93d39b7f4efc5f2bcb6fafa8ab485f9c121cf9526fca23f3213c5ac138190c9458236557618eb79c0227678f9fa5557a9c214530bf6b858cdb46cb259092425ce63de420298a7ec7ee62b8b5eb61a3df4a479b68e0ccf7ae1cf4908c0b5ff2f34383fbf155c94288614ae02b8f1c4d30fe332ac7a87d45bf55c9fe2fd593d6160b92795ce24cebac2ee6c2803087515b8d44c9a5953bcef88124af2e82f01e66a2ed8e3d68260ab9dfa887036954d3bb9d9b43860bd482a5c8ef96aac05909de00e73d96063256dc875c08327725ae2c71259001b49acb348cc3e2db38372a67cb2fbcb136be5597a6207e801b08430bb5c33e9d1880621a7508960cd3df0c36ccfc9d0bf417fb43239a72490b1d536beb736ee74d37e4745d15b1a860c7c43532c51621414ea153daf68fb09f0eeb8915f0e973013dffdba60c8d7bc807651ec4227c0aa4fab2b04001fa8d27b3743a75e91579551d1c45d1b47994783e5b9b79eba1245f2c779e856343fb34b15b9ef2bc2fc7db25df53f0880184b6afbd88813ca38930d58c6bc371e1e0c6729baff00def2818eaa51ba356d6baddab556c59f198695d58621ca609d187d9937bd4dbaf0a55dfe855d2c6f42df4906eec6565c283684b51f36d642cfc88841292b899f4ffbe6c7bbed34db11ba1646de299d752cfaf3ffb98c163ba8affa22b4b96221991b48a9e51dd5135042e2e90298088da604b8cf7756f6c9904a55ab157f508a028de1cfb65e81ea8065f20b7ed44c15a8687351bdf200aceeadd5542e9e33dd85079a46b54ee44712d8cdf2b7a672d1607171a9c00221cb04c256f0a355d7c98cecc9035ad45032fa6a053333e419250f4b57a026d72b341fd90c4ee43808c70569058a7f391962f39158d84d0c684fa4213551d76fca21d56836a64eb638b1a1b8b9f9d22b2bcaf3bafd6d4ac633dff5556f622ee96f4512aade6f336de2ceafa3efe78d20a4e5a66549a503a44fcc91704b5e865f451fafd8ecddda1d09315f2f2938df845c1f4bbc55615f1d3fff74cd263b6a60b5ca1ed8fdc3e1d69f792ed688d95cd679873ce958458990f2aff5dc86292744cb698d93a37da64965572f663cd4b2203a80685bfb55936bba99b9a6c2e0d6cad1e84b6b62632110dce3b4995f481cdb308b9b9c13f2cee0c92f552b148eb2493c63ff3c8520c4b6660522f7d314f6e5615b81e97c4febd1ddd66df9617814b0f84324d683dbfd082d803ae2e6fbd76ef66fd9a24f1e63c3f3335a2f61554f8be4dd0cc888afa85645372da0ee6d6730d32e5b5c7637564e7590d73f3a86d5a7cfc3fb0079faec67f8f6891d70936993d0b3dd6a385c98b45830b3ec76864347b3fbacc90779cc5fde43af74b5c327502fc6e2f0c4e0533d4d30aeca71273a54aeb815699d38781fdb6871992591104a2617fe6dfb5c628d95d1f6caa29194305f5fe15cfc76d1d18509fba3a09c208aada3edb8fbfadcec634f30866727260bdbd3bfd751700bf9f78a3e896ad23db343877e7ca7b8f0af80cd97ce764ef93c8f5eeae86cbfc196c4137bd0d5134888ec2247e62297928ffe4105c1e40d865264d1d046ae2e785dc369daa550c4861ef870913916694bd0baf4257662b413356ea72cfba8872eb522c6e1f7db5604916d6ecf9d4c8f74999f45af1b486a886c8cf6cc7b8cb8de8b6f9a7e1a6d445a1a0cd69cc3047f4a49a78cb9f0af584d2508c1708c912de3e9567c2d93a5dfa595199aeea8e9600e9193bec7f61b7bc5032b59c653f654b1a2385b5f11266ae2b7cc9ee7154a2ec5b82be245f37aa82b7af41d11e827f965f7819937d2cfafb34e2d67f8afcd63a49c68c2882937378e7d5b1d89bb72f4eb341ba6feac61fab677d42feb8899f763db4c1dba15014c852edeae1ebb9218b36fc465a4f29d6bad08821f7838777559953dfb9b80a164de1f0b757f193be8a8572231c799bffa981a89afde411e7789a567a462d7d0fcd351695f09bbbc46fd96fe4b875135110c740062992867616e920a078148dee0d87a47161c84de9b4061480cf6c184bdfd8b2dfc0d668287d7206b52ea84abe8692c9bda5318fddcc59555cc856fa88795cf981f987fe6a2ec5382bc9bfd9e5c61a9bd29d6c30b72509911980ed85e5f1a2baf1d630b59ed80eae8b7bb8811c1fb43115bf0255a5608345e00a401b82938c5def0a553b921d4a33998dab73aef8dcc94a84629876be7ca1222bb03623c2a684f95acd7cf0829ecd1cb1323a3c2837476b9563f9d3deef4898bc50b48d062eb55f77fba9b929805a612b004e4d67ed7dc3db2de2ff23e696b525334e3645015e3a5926ba734e3a615c037d5795d180fe269ede800d6d505c92b08a35331e49d8e91fd41fadad67480489a1fc165ff593700bab7b98daaf6f47dae85c36e267e8517f7992517da7f35c4a741128b08484d34d9468fe66977bfd06500e286cf246d65a8121be3a6392ea1c011f110882c2c2b6ea8ac13858864fb1d8ec8d3b00238bdf7f17b0e1719b13642424337a35e188503dc4a5439876e201158a082c2035e2c39cac23abf0966a44c659bff7580e063fc565db8d0b319afc7e16062b3bf5f840cbaa07b589d0a68dfcfe75b78d67b2a76e97dcd72a5450dad5ee69b61e4e7717afe68e92d03f0d992a3568590d028d1b4382644b383756541dd7562216671b936ba8fcb01243f03ed4b540fd2a3ab2834583419899b72f5912b4a77e39b638db313eac03b17de82f4576f1578762b83948a7f86ec118a1cfb545d3bbeb33b9f54e2171b880fa9f4a312b721cea7d58b8626cf3ec13c1f1e9d0ad59682400d18beb96b512e5f6d5564926565afe7586162180f6dffbce79600eeb81cfc7465c5820d40993e3b1cc69cb79ee6342dde0c93b89a4b0b57e907ecbcef47f5332fc0fe265d7f4a813cde04f2e32f24b541f6d0f28ba53d632a9317bca045afb660ff41986b421ec5693a0b8c78279f636118e618f192330ecf34f533d3af8f6529bcf5919cb2d4222e45b546ad303f27f655f4d93a867fd929cba132a460b7063146633826809f051392d0c9362408c6e21182108e72538a04b6bf8c80745b3d1446e15b80c26cd25fca5a2f06e2afa0b73041d5e020d8114aed6dcfa8f3692aa08fae2cdc0fa49630bc4520b1c70dc4ff22b9ab64d589a1c8b9d9b15a87c8e1514f7f328db92b0ff5b1b56a95c136b0302697309bc92a0dde9f69db9527ee1d5b42aa2ae05d31d5f84ae266219c8ad8de036bec43d3b65b326645430abf28f3a578167c2b2abe0f20eaad0cc78735bfc0159598070ec2ee2a448a52492bedc6f5743cdaac00a5e0b493a82f16ded5a7760b4ba7db565a96aaa2629caed538d23999286b0395a59b6a32419413b3e3ef5e52c504faae2f54f3801389ff2aba485af2c46cd1218d94814d46dc6733590be1e559da9e71f45a60faffa607d39b790a4c14545b18f6aa9f38f9149451273ddf464501dfd67a55c0f95b9bcb7d378d523c52d80b1066ef5e51baa34bc5575589586ff31c8beec4473cf78072ad7bbb3191abc15c701d3d8f390e91dd0d99d02dcc7129358895ef6b31544fa071e56b8f9bbd74e023b6358f4c7452bc6c22400029f53fff4819f986c287fc4f26c8f071565faa3e1da2b6438745512949996c88b54e39c0dc72f389f7aac0e69158e10906f9ad41db237c507b8e7b0f24f1815c23ed0a9b2da7618196b0b6f50bf8a9b941112b2264709ed2797791d63ac0ea0257aa37a8e3353a2dfb0e90000ea384459a465b6cff2f0671046bac98042c3b9ea9f4432808c6354ab0adf0063448e7d9cc9bdc53963d183411dbfb7209b4ece4b6250a5861364347b4f4bad8de949d5413dd4651071db6eb77c6fa730d312754f3541ccd81c29f24464cc4d370fc6504e6710902538eb75fbad327d6e74c90b2b346dfeb9234522f5e4735259222088b92e1402b4b9e9a2d5ddbd6aab5e47c8abd3f7905d52a832d701e44f8c03b85410206cb5432fdc6b925182f119663f312ec175806c6ade1fa07ae9a43cfa2f7495775ca947d66c3faa0a087620f78cbeaff99955f762e8d82a2ec20c2a5282a87f716c96a5d6a5de2043713e197399bfcaafdaa75d5579ec6514708e60cd6c7a52b9ff57efbe70ab973a5a5ddb7e23cbf19906de5ece03fd1b7c58436ae574bb51b467ac65a0b5684c4d625a3776b10590fac1a9ce8fbabac4bbc369f58492a4734bc57644fb4ff3bdf090fd4db40afb5fd39d8419b3db20b090e766ef4d24fd28a698e12bd94c1961a6d0d26404865e920b5a08dcbb9dda04391b4bb9c4262522139195ace73343bcd2ab056167ed0ff0b98299dec424970d87d325a2bf52cd3ad2641e3459996dcfa0003dd17de89f1c457dac80e3beed0ce574491848762e1163e6d3fc7e876f0209fe6cd101e45b99f7943cab69f6186d9bf6d8e520d7539763f5aa2fb4e43491e6c2142608dbed4c91fc1db473b3576b8e3c1fff7432112e99988ca7a6831a9242eb3b411f03d215e1748b4d15d8188a7e631acc38d59c3d144c1335816a22e0cb5ba99d7be75310a893bb59dff8fc1689c64088723aebe4da7da792ac20e8ff5d4dad89a5ad69f29f596c73bc3a4313eb3bc25312e255f4c895ace26cca38bdf7afa9698ad4a410dadfa286aeb8d5f10c467b6df332127c682b989308b9ac6d77866cf9c9cab9c7148338a4ce3b9e39ebc4d7e1dd5abcd5ecdbb25dcd41a74eb40afa638f6ee1ebbaa31598d5e533147dbed0f4121b9759f32444935800ff21b23f1a4f53daf22d45e680637bc82eaff186540ffbd82831965377fc5374ecc057fab5b606d45df49d1e46b7ea15c42b77740348d3deba6eb02784f09443e251be7beec1728db61c8e6b7a46d9f61c25854c8cc8262afd14a20a37de4cd8bfec05d5a3d603b3f0665c5fa21be03054cd70773fe92364fbc2776b591a279fe000bc52ff0de9b5995ffefa0ab11324ecb4d7848761bf855fd8149a896c9ba8263cc27a90ebcd2f9480cba5ff5d4726cacbbb55562692c74645a2df6e0c965bcc907a7a243e5e6699af637fb252ad071c47e2d5f5538c4d4301c9c176bff0abea559b6c42bf1d0ce04873b99350605bad00e0577967414820a8e5f5b2316d868c9dd5cfd40b2ef35ca7bfec53aeb32a94dd9341b8d629200518776874aae6c8e3281196458645fd97f223da99034b4b3324bcd1a4c51538d363eb2f3b46713831f58fc5411939b6bfde6e0cdc72417090fb4e0905831ba58fd8ea4ea0b9039757e5c83bf635977770bdc802554b54ecdca275dbd921aeeefc84c934f19960f7125a926ef85e30f87b045c2faa23639860a5611d3b4b88deb464d8ae37d53c0125892e226024fb7b1282819f282531dd36ba9f1d6abdba037acf1f43a3fc65f793a858991289a2d00417f8b09fec15c7c0a3d863e583069b93a5b0789150ecaa8be5d54cb88625487eda5dc5996a95c2e15a46fe4ac3ffaee66c0cdb16bbc7ef90894bc427aedc5beb2144c02f6fa9ed8d42a51229eabab54ba7792dadbc0f11b73c18fe5a15610f4530e54610104d7b8ccc14108b8fc4a19a0573250200b070f41a8e5fea8826f0173d8965adcbe90d3810e2e35e9ab038f2631bbcc18af94177a0f1c0af02566971af4ffd6f5bff94a3d5548f9fd9ed9bdee151a4a3f6202a9271fcb4635dd915e0a512df7ca7d60047cb6dc5c128df391875ef3b09701ce7165c9798f2604fd25eb078f2992ce671cadd4313054d80462090290e1a62164dc5ac96f45c0f12654c797f6269a37b12ec4e3b1e5e4d9e5dd17f5262ab1a7ebb873f035aa268ef9e374d6521aae6d7af2d6d65d836e79d6461c5aafe2c91ec35374a038b9ec89748c1693122ac6028d391d6f5143b74b842f53493d5bf6956d26a33c63c9b10994034a36001ddde26e5b8b6c1b8ee76bb94748b1fbe8d2e08fcfc31e2fc459f518282a609c1f97296185ae280c4318137bc411b8d097c40af0a11c2685e1ea3b37f425bb4c78766a235d219531d2cacfc12404ce3de0ddd4712f84671acae9bb139816bbcffedc1a6c273f4d86457af7aff6132e94cb4165e90b16491df1e67ffc0fca1c227a10be9c46447cfd0005a0153fb3b535858ee2cce73ec76ee4aecb5b73cfe4565a1a0ed1f5d582b1e7d244a413e93f5ada361a58443fbe0edc99c1ee3368c7583b70c21bab896491c86aea126b6779294ad1b36fa07ea2b780d4a19c5b0ecef284d444537bbe741c4cfd6987ce20f6c6765ee90d38fc7f2d587d3a40cfd79f312ac44ac734adcd418741d2bb793a468ae43c854ba982e9f5667a488e40b4aeba0eaf81e17b0fd0c76a3326591ce94be7290f30bb23307dc78d6b69975455d6cd925b09bfcbb43a591f9b509508138f6f04aa7680111ea6a280195cf3af9ca06958cc7954db0c53545f473207520acf19153c1219c25b14bd52d9e8ef2efe8fd44716de55f4f3316970ce80076bbc4ca37b93ae358389c5b72f0eaaabd6b500ce63e26fea094dc76e4e7efc0adac93388f5b501f572b9b482d6586a9f9a678fd5f90491eb94dc7359bcb27308b74bfd4541e13c76c29ed6b425beb4a2b68ceeb49503fc4226e980d0fdc1dcaa97f962b2dae3fa4628e1161be82d56b87234ed079daf0cdb95b8eff084f5dc693ab6bc906befb0323eac3974cea284647cf84c3398d1289a4c798daf996d8a1a77b0e326c8241fdc35aae4112f0d306691b533fea134585d93f86239d4aec0907c0476779b9f0255f7ba0c48463c0728904f3f49da65745ba82c6d43a1f69fe0a3939a9dbd0a1a326c8f122467f7a474a1f34db3eae662385e671c45d9d764ee7480f9951044ba58d7202bc749b80f7560df0636cb567dde48d4a40e05b06a02492da43408c7eee67e830692bd56dfa83f2a83925fab3341fd88abc0bc5c912ffd3e989a4809410bc7a88a586a81bf6b7790acd86b4afb10c88cbadcde886424d5bea51773cdd5e3e5cd4b48e61f50fff2d9633fb0ab1dd76df3de572066b9659b18c94c682993a1b63577a8591032e346201c08c821c1515ca4521bdbaf1be924092eadeeb685fec9b2e94e5e7a8129068000c508d07d1059ecb2c44cbc0b5c35e209d04ebde92d82388a6a40bfa63e6d9e185c09857aa0d56047e118771a7801f72d31d91b2a9213d9211a49b49273ce519ac51236030d485f42f08ac720bc1c29c97648784d183cd4cba06b51f55eff0bed608b9a9c05f21e9c6243ef9f294fb23b41028bb9e41fc3e9564916659b5f890ef7a3e49f22981e008a83210566c9a1b6d29a341a12d947601bbbe20e8a2ff2f4bfbb0b7856b4a330eeea7e24643a853884ffeaa0c104d27a4b31f9082506eccfa428d821731e2e62f7af51165e0665b07e26048e6fcbe046bded2bf5d295b29d3b59f119d4b16a8aaa926fa044a9c4caf678041708cf383e5c494f9285471a32e0ec1eb9d363305d9b6645f719d6209d1a7cbb8facb0e40f305ba618c4d36a07289a0e44c957ae861fca29399d576c3a35c1e587381078a7b1ef99155dfd7f981d352b88ccb039d344f5d04f0cec3e14906aa1fed6c5a05853ea70c1dd06aa50266b8f687478e1e2e68a029024fa4a8072a586e336f9b47b947d7594c284a42daa1b2da26091c61f80cb82f7f22b3aaeff341999d1b8af2dc496bb674de530041925e34b039a70a5bd4df33e99cafed534296c8bfc593cd48eaa757e57fb8483e42d98335571272fd84eb0bdd4dc77e4e78d631b7b61c769809bbaba76bc6d5f38884569b2fa542b71054a3f4e5ae1808e8022c1f02024c6144a890b9c37aca0905745d2cd0ac292cf0f91dc20e81dea89a8be98bdde3e2898c02e52fcf8d6193b9a3c7ce2b311a4e764e3980a902f016a1a4fb41267ddc2966f82b8324f967f0b2a3cdca7835491360c23deeae74171489e78ca496d04235576266b834e5971b9fcf2c2cba6bd4803caa4675d6efe7811a90233012d1078c5f7f037e403770ab5d7e4f3171f299547cc45ad7a02c453314f5f2cc40519895f0b4d9bd6bfb70d6a69609979435c41d7dc816d9a8ef9b1ae1ac7f27a281cc93ab680cb6ccb9bef638381308afb37be762f2da5229025f2746abc1dd54732bd8b831994c669ec07b3110ec7cbc00753ed4e40fd0c7284842092aa1636963cad046c97ebc5dd3d732dc94a30b3c3ebcfe9bdf40e550cbd1d229b1907d49832d5d321903db8037743da1ac98e6357f8b65d1add1c2c37573c5ee8843fdac1a938565609f3bd5a76c92bb8dd1418fa12f74048bf1495007a60b1f015a469bbc47bfabd1fe65e6c67459a6a1aa218b747b52c3bf8b51b582332f2004875c7a0357a87b0a04ad01678b107f9a2b9f3039801e7d204462df86096aef837f6d71f9ab6a08d17e91c05de652507879b27e7dc6870c2618b4227aa50f2c3efb8c1568610e179bf578c13a162e54a59cff0e08157198b56957a89e421e9dfba696b3f42ed0b9ebf0cc70608463cc4c376120087bfae5900a5d3c9ddb097aad563b5af2f6abd112323b349d89702c313b0e4002df7a3664c188821c8c7f0571007570c6215c9bd603c53435a77da0b228642d30eb6e84eeb3d0e4564764544edafa987a78def852d72bf838b244a29c1065bf24afdf69f683ea11c7127efd9635a1aa05cc6970f9d312287950a6c4d2117cc2ae844642ffe1d2b004cdf93f2da62081f3957be5995dcd97b590a997b9a093f64db2f861659dbc80c8587044db8247ed16db8eda9bc32fe068d20790725412c66ab95ea879a373a607e9cdb5a62a693c01f7a0a4031ad8de040d28ca5448cc9982fe7304cdf6c6deb9b4782b3cdff0f8cdc00ef05bf3c6ed3258eb90b01e6ab32652c35f8133223755d7ebd73c24989e225aaa168afcde29289b4771596e885005b3d6d65c73a5509202b68f96fedfec2121326488ef60b101e8e60d149d69ede2b08782be1c7aaa9e0c5255dfcab36e5459a25d8f447f868ebfc9ce939471fc807b77eb5a00c653331872c774fb68c212c343a8bd3fc9bc52f2ecbbde2fb2ea9605c0fe6a7dc02b5cdd0f84974cade1832939d2dc0f383626e1bcc3d9193d96d8fec338617ae0c5ad75466d9050a4a7730dd61a87ca62a2143926d7ae8cef2333268d2274155e297d499f7730685c2fd9c863b97c7a3dd01fc18fc3bf42354fe6246d6b78987dcfbd06269081f8975c515d351b1cb8cbfa6c43925d51666a279ce13bc79b6136f195cddc998a18d1f0ad5c9997dbf8c0643280a775a829e7138b5051207e1b2e57f680f82cb3a3484bdf7626dd3267bde824c3ee7995f6f8cff35e71de6c612a06dbe344fc8745adee861dd7959c2b5b3aed5fbc22e65bba308932dc5ee90071ad7b920c5698683fbe7de1e980303df957881b54f1b750654ea3f00aad73efd82b6084dbc646f38b2ac19269d213a0444584e7bd49a30f011f5a2f6bc158c4ffb52aba4e34b212c01368e2ceb565df8cae2dd4b2e1a30cd06e019807104d08238b53ad30e231c4f8d1440e14c21c842ff709648e78b3ea80a29f726113a19918f1f74e39f5052d63d98e66005341688f57ec438b7c6cb90d21a2a86e695ffd48f242e6f642b55194a40fbafd0198f8914c6fe5930fd152d0286ae1bd23848e27fe3446836b2d76b960caa119421fe7f4e7df092e00a7019cd58301882e878600a3970c970c33118d43d13c33af57ddb66085dbf02a9ef4d09b5acd5c6e9eb48fa140713b7987ede4fff7ee835263d99db9df706abad165ff5c56debeb5791cd5b0bb1e0477d139c24d66944093d2a5743fd72b8960b4d602836c536a942ca45a2fbd29ab9d8bd7ae7d65e64f292f26fc96d7088909420db9b303ac963c427a4d05681c4006afb48aac617368da5661c5278a30cfa002268cb3195505b2ace8c8cae1f1fd5b34186798f56ecababaf0b790781e04d08eddd1da8af98950ced6dfee3caa49a78b16ca7049ae0e378da7c9ccd216a06f98cec591879d8ef1ce2ea2d1fd01f55eb92f606a70baf40c999583829a895d74645255202e2daaa498c77f193c06e563a9b3561db8983448cd6d0c9d06a148ceb58082e362864290f38139c148c3d802a3aff13a2e9b9cd5486d89f68478ad22eb6c68f199726e4788cfc2d3ef9d4ede892a99989b5d06b31bc9b76b9374e8ba0b46723ca16bc42097b1666cb762af7d04d78547d7cc036bc211a3ac9b1ea706a2946730b67b50a34fcd135bde01515004b70a7c5c7b588bddb0984b2ba516add041585d78328cf8bc39d081727dd794b7460002fe136f0f2c4005d70a0ea40f11a74857ea18b78dc79a04552d7929b1a4a279aa6ff8cfaf1dbed8c2417f4f86adb54707366df2185f97e5b58ef83bbfa513f0dc53da5cda1b83d8449e3c7868b9a194f962a99b567743ed416fc4eeb390b729ce72db98b7e37690a4ef0578aad7d3975d57e4c982f74e2f1c7902096d2fb31f58512acbfbd480dce54b1d7b5ea1b2493d610f03d3bff2153dbf2a2a4887eb6bd335192cfaa6c3f48a6a83044dc24ca5c3324197bb0ef6c126e4ef9129b6113758c075a0e9afca077e8c92940836b71c1ab34f35a4345b96f437d735be8aef40f202f281e6bc178c65b38aa65da2e8ca183d14aef4c86cc88cb6d506882cbde320ae5a77547f52ef997c3a40f173464e1060380e5a4900e29d081cc34191945c1a7dc69a40e55ede68636c6673752e3adf9e5a217384dd240af5d1cf28b37c7559b964d41ecbdb6e70b9f209fe818c9cbee404298e4863ce600dab3716abf797ad951fa831df1a85a3752e31ec7a1cc1115732e7d537990ba7ac238d14862dc7c256d21e1af90009479a93c28c86d3077931118be2d5bd79640187ac12722e0da3e0582e86efa6e2f5f7b463049311fa0af24b043167b4ac57cc6d0e4058d5e46d7533be851c397c646fa0cde2220235c305ca8729affb67ef3dc3c5a7a1e0dc58e2cc5ed92e4da36072cd55244ea5a2ca061ffb1ecc83b0953fc527c2321acc14df92f9f650c581152315728da425b6e117a3f089897482a5394d363a9943e1160bf113652a510381e9c194bf52fb1986a098e17d8b8594a923b2f7beaa095ecb50ae11d94591f4f4e2332dd85695e588d1fa66611c7cc47202605027fb2512f587355f78e193332ff6b98af8b48a30ed56b498c2676e06921ec6bd322d00064e5d2417fe5f7af871773a80ce8234b5a2b178be151bc79776191bab61a480874edd3740945fc8da656cbfd22d5bae2ca28cedc420876445dc02d3d5d987e7389a972ae7a8aad24c77e97bda20aee0ef68b1014afc1533422728108eb6c21417784ff97bf88493404aa3d485d4d738ccbf5f99188b4723b13739ca1b158341cc62a222e1e5e7fa225ad60dd8152ae44975642622aa4ed6c5615bd309d4e2c793dcfe5a089b58045307fef21892b76244db2e788693899e21348de1c7262ad54a6e9acc2308b71457b725507f175da4497be1b835d3f483eff576d8ec13aa3c57b7b11a0afd8a477b270813eea4600f6c919162e2aa2764f13335b917e13e85f71d4b5aa672389caba88cb547cc81e7cc8c31e88a64038534027af918723e9ae5e7ec32c5b68b8fe6a803b19775648faaeba5d36e7486b9c68041485e8598701748201b31e8245bddb180b17e2230954cef73d3815afabf991dfab9071fadbdfb2b153f75ce519f8f7b479e752790c64d18f32ec7ca29359c994a75206a5c23d5f341d784c1dd6bb6df3caa4ec39dee34e8b65dab6cf22e599bd08b72f686a91807284a7976ca613b5f3969ae4236027b0cc2f34018bb0485bf2222b5ee8cd9b74d60b9e4923e151e29f208268ca9b22514e8e2f8cdd1f1957d68056def464f63fb35836688bb3c444afea76c355639f3b43c0f14832b5313892bcd073da802b1c58433aff0d6d8712e375f6f9c6defc9a6d7d26e66d066809924ab0fc3ad227af43acd3f67fb9a2aab0c2a0a6399154bc988a3fe4983e841b9c79d89ad26c6a3abf912b43c16c58e23d84798856d5e802c4fadaabd41b7084d2d20a7e8a775b5b41f27f9fa7318129957b4e3b6261812c0db74f8ab21f9a810f2c2f979147c31d310b502893ea9bf3e62ad2bd6b088ae4cd3d268883918ff230a958cfb6009fde57defa7745d156795063b92a27aa598efd559db04d336414fcf059876b389ae2a9843e91f22b181dfb2c31f76fd3acdd15d3050ea7e91d4e2978899d0cb53689f687f2a2eef9191e55de8d397b21f9dcbabc170b5cf930b192780b07cbe27720dc2cb66773dd467b7715cb278beb1e3c7392fa3801248a1e848ae3136a371a172d6db3c5e4221492b011c336c47654d0923448d1905661944d58d83fcf968e6b7e09d28f957f6a7ab52b7554d938440a4107a272186f4679d31b1c1d8656f07cb452a2fec1abbd28a3efdb5bc25945563958d6f38faab7dbc0a54b44ba71db2169316f1642f111e69aa0d7126851f264a85c0451f799d8ab080b3528cdd9c1ebebd987e2d660f845313faf4e493b74d93b9839a556bfdbbc2346906e766a5465a8307f232ac0040a56dc969abc2e7519c86815a6d2481944d77175f8f8f6f666f82504f99b5a3368884d07cddc4c92e81ba68ec91ad05f3b9ed1aae4506e3974018c95665ad249f21c6882048854973c71090afb6f8222df5175952b9eaed98f90886b43d36bae4bfc9c8060786309a5cb1c5a47ac26e78f9cabdd84d870041ed102553e8331c06e81fc6646c851d60fbfc4f4df5be47347ee07d3257f923b02331ef9602c566bc2e008b6bc48d9586ce9cf9d3adde5e67cda07655822e00f66b95c32676e22d0ba262d04045a3e6cfa9e2336af3301cc5e23def47e595355271d08650389c4dc7cc25993a84c62b6a95cc700f0eb83231af1bafca03da774c0d8cd4531ee4e3e4a5ef11a5c4819eac5a00fe960da5e4f50c5a9bfc92ad7686ea7d652c3ea9643bfb829bc2932c255b87171d9d3198ed794cb2887291913ae84bc27b5142ca6a2de9eb3a302ff3d8f817d8d7dc2bc9f6bca071599446cfc78cdb58837119f200d44cd16160b4afed472139c34ab8d8f76df4070bf1c520019de28f486e5516fcbb9af1a1d015987fbceae835c0fc165e35b73b9d9608963c0cdd0808cf7ff680ca3bffd60ecdc63ad7e345263253c01df836540bba7319dafcef0f63431899f1c7f58ea4b37ea3d8d4e9a5698c5437a391220707e34af9017e37867bc1ec766c6a24108ef4dbf67130d23eec4f3299a127be649f5d48b478a83d8c81ab29e91e1157327a3f6d2f36957ee21a1f6207a586f3d5a463974967c13e5a219f6d3d3e688587eb8b4d8d914cbf341378d0f25c681026c39fe65403d8d78c764458334141c46098a899d565ab8c8ab1a7464039f72beeb4f0d3b43a69ee063f31881917167fe6e884b681bfe7cc8c03f916b0bbb345ac36c1fc924decfa8ad613bcb3579fa1515ad96495625e259119149aecae93661d32db0d26b051a1cec2e16d984373c5b83ce79b28bb431097894ce01537dbb30c4ad642b7e817b4d4736321504967b70f5c4c8e74fb9c483822668362650dc143325123ce4701502e550fc9c5141534b23240e092287ced7dacac60cd97c01f2d71516c22845b39a943b11264a4f98ac5864ed4e05da850f9336eaa8aab668bce4beef982358d24edb6639d6baeb68c1c37534dcadec3666b18c8440f6eda6cd3045b7f068c193be24b54372a97391a3f143f4b96fbe4a19acb20694c3bc69c2814abe2ffac3514ab6e7371c22025fee43add653981c9fa37af6bb30f27821e4dabdd6d847dff803decc77febda719cdbc1abd4f1002b81db9eb3494f20c1c561100d6babf1e29127a681474a8deb6c44db25bd82fbe9565a1c53918545e07c12e1e9cde07243d5d6e0336134d216dd5b29709cab0057549133fb6a9e95fcdbebe08eeaa5486275870c09a205ca5c32eb7322b20b9bb81a2064ad4d9c8f14c723c97968e319b844a47e81944fcb682cd8edf1d597a4b98a3aeeb029249772b9bb57d5156acb1d1036b3ed700c9495ea285ae5a82d5c788b172eee610a6a1cddb31d9c27a77614b8939f9e014b017580cd6857531bb6d1099e2f171e4a52c3d119addb6816cef1a05f4ec5d9a662dc3d3147effe9391cfe59bda97baa89abd69ad986edf4eaed759ec0913972558a840a9b4fb87dfc5148d26340b61039c1741f87a5e4f858f03c316ac6d5a24e9e42841410adf128d25503a9c3334086a1263eed865c50b7336fdd52f76d72e2a07fec314b353af032bffea9d6a8b74a7b1d3a943c5ffb733dee16bbc179f5192264b5fcd5424a10c3c3e2fc281cca8084b9572c48c8d93e312e3806dd6e7652eb6d2a2a615c34fd018876287aefa6d40f06d321f0b0fa476f31f327a2d80e28162b14e49059b8e6b77577778f61cd60e57099e2629bfda09b44aaa624e9e85e9ce8f2bc9a8b85db28ad19c890f630ca358e4882a1485b0564ccde5028573bb92180ee736ad0fb66e5d02785564c817845bb4dca29444fd7a3b162bfd3bc01b658df1eb35bc8aaa13dd7eff92d4c66a7bebffbae5e7b52331631c0eac829d3b7722949011fa7398d973cf1e6bd863851452a7663ab3da869f6daea5b15973226a4f23daab4d66235078366a3532a1b4285c93c2d072bf1e9ad9b256a3e4bebf2ce55b46c885e78a6c9342e5cb19307b51b5428633300aaf7949570fa37aec730fb0d8e7aea7bfee1d54e13370c9da2e51d7a81c67556a9221175a975dca9728668573e1bf6f519554def0d12cb3a1495f36320cdeacf75cd9f6321c963e372b5b65e7650f158488dfbbd40dcd438d824fdd1ef62318614b64480a822c21197080d90be39520d1b5b59ca1f555d683174371776d7ee08a99679ef2f2a55af7d4e77e08b701ea0c9faf28ebb801067cbc708e951f2621385762f00df797e802f14366ed9aabbed3b5ee3ec0b2b74b566803619a6282de0bb0dbfa16faa4113f90d317ef331f2be8baebc5cc7f301068ed1e7a32f514948c9219618797004b89b4aace04714072ab0e5d57f0a9d06bdd6211811eaa2bbbf76d4ee6200a8afab8c5dd92d331c123b8839cf39cc7cf457f0bf04e35928533145c0a39c562b52f0fdf8abcbffb8bfeb8215fa58f797c0348c8868c876552aa3894eb34807bc62accd2b3f30758b081298bc4c3d4c9ff927efedb828bc629ef622e2edbe178ad70532d081833ab8686f4b5a3e2f6046725d33adc021060962a6be6e410d6e651f75ae03b870a609200c11a549233164ee4b5782c1c6c88ecf8d7a96ef581a4a0c0580cc5c441962ba84ebe9a415f159aef0f78574ec2fb5f0ab295b792b89aeac2df77b3c743c62584b9a119afe81d960c43711436eda67435288f1581727586a29d9c1c98ea945c64626aa7122fc420dc9ecc80d5e36fc8d71f8311b25acd3d11d7bedfa85796d4f02a5e9476845c8806ceb18900902fba4cb1caf338330e465c966120258486c4b3e0aa32b78e88e9502b7da265e804f1f881f81fd948209ca06554af60b631991cf8225759d84d453be06e479a0f8d13186ab504e4de94986f469b97fee6cccbbb54e68336177fdbe678ba93b5bb503516474cb98e4827d20b60266439bcc65b70ed829b45b05b0d7d60da7b099dfdc3cfe5236794c2365e1f655c5e7eb736f761eaa671371687f99e213616a0445dc53ec49144a26cf8041a9ae74772089090fb27e0349b5bce7cb9d9f054e9d5e72a8d1d4581edfecca0dbbdaa3a1cc8fee8b2fb90e25467ec448fa6df4b05fdfd427825fba29d4c718203593f9259c0c593c71a00b901ab3675402f096a748b2d6d66d3b642a9c9f12691108578ea4360001376315c56b99a87f1f7d9401537052532e5b4ba0778aa98f8fe599c4aee56f9e5b882d64e33f101488e10f5502ddeb7f0bd6cdcc6be6c72412ba4e28920bd20cf3d72b805c76b6bff2895bd13150b163587a152c1e1664ec2db9956a87ddbd4471a3c1bb83583b2f93ab7e8eaae739663e45b2354d127346c08191f006b1e67d1b5a7f6714c5abc4bc3a22c5fa11d892a7f1d5fd12655145478c42216c66401172a196bf689181cf37439f738cdf0cbd738b03b7be21966a8a95626eef8de15ed1c6490392090eecfe9930c247eec4ef964d4686ba58a401dd97d1ec2a23b02919a8772acad453c899cbfb88182df74c91b6cdb5265b96b2f4c7ef9ab0635f57803b2b5dbea2d3592c70b2c4fa88a9127c780845d0e7d930565dff12e9eee8094dec44d0b7af5b4e841d5f1da0be424993eac8d405159c1168fb98fef0928ef4a94806661d37e16417de158ce9f52282af51791e78e8c2e0e935fe5151b508a612720eeabe36bfdf7c04c34bf1bd35331088697e53e6b554dc080a1739d55faec48ab7430901c5a37b5c61ab189fe3deb0f2c781d231eb57dfe457b280a2aaac141a27841a4e43973050538062513f15edf39deccb4d6c87791f0475092bd3c5e91384984a0ebedc37daf8e79c727c2f8bf8ef9a79a0c8144dfce77336ad85750e54e9e71bd7cba0ed50866c1d3bedeff85f7b1262be6d8cb2045ce905861dc5fb3b5a113b4253dcff5e9b44f94bbf79af7c82fcf096fe1ccc48a6b96cd5e7fdd3796b87f14c0a55f05e04cf890fbfd4a6388e54d97c622dcd7dd84dd9c1ca288a3fc1654f7d33d192b464c9ed3edb1610bbc7ec142f861c925ba05dbb3e1808320a66553ea320368ec8bdc5f757aa890825673e9d0e80b6b60a0eefad5bdcee3c03ee70db608d24f5e0eb1c64b6ba92f10b58be246655b984b58bf5268504801b4c1cd40c633503d87b907452c332ea16d7be122fdfcf5ffc2fbc950afe5c65f9fad7db166ea7dfe250aef83f2a4da341aead9f40d780fa4562e3e06a47a1b271027add92ffd595638952d101332245d0b94d1ca6bd726d29ae1b495f01868fb79e8505e1caeb7f8379e689add14e2f5efbc750688f4b2f76245efb8addd2458a7957f3829f87138e61370cde7ee72eeee9a0e76cfa79e6d869c3f2e33ad0ef7f6945af98c8659c936ad10c9f66a639c33965a25eb68289e473243c4a8b58132eeecf7fca073b341c6f8e51d88e955ea4b59c5993d57c0d52929d03d7d24504aa6a8865d3766ca9fb619bceac8214c4c6b9bf464493c534c5eef688bcf9538860cf14fc83c4471baf632eb4f8f7ed163fe80966de5f5e7598c495a0d62849ff611a6f308aa6e787752dafe0ea3df7826488ef9040d0b4f05c199ef9e7e2bc39740830cec27e59925a2922f89ebe65089eca31c1f366e300cbc6c239871d7df51975b91a4330850dbde552ef715793df19e8875eb8b9427ee44527a2fb8da0aa347d4305549866d16ff7c608e63781d80e5ab607ff8472bc9d315b8ec6ef1d3e027b9a177a3ff565d21eaa9931aec272136a3c70dbd2335b1bc735f93fc29dd3bba5c5d32f4868f9296436d057756530db0a65b632ed0cb64da888454c5322db6aea62ab1441c8c21bf406782e5b95ba75b6d8e2ceb6cd6c23b9a75de6936a6c3afaddddb0309ea7713a5be55522aacfbf7e07cb5f2e45081f5bf4869fcad36f09a4cd2643a0145972276f7b017c3ea656cb3263c73da1c1ea1c3908ace4a8a0f630a73f0e0fb8db2de4b85c650d9c36edc0d893a0f0bd3c354bba131bafeb8898ba1ec24974d0d5d75b82dcb02fb2f29359fb37d57fed7a9114bdde0e4ece9ee73d4317faef53babfe386399555e41f7dbb19f1b1d076a4373506414e254fd6f2985026ede5774425f82749765337f9cbb20d034778484e0f99cb08abffda6a779adf6097c61ec22ed7a2c1d028ecebf4894db684804ff822fd4efbcdaf5dbf276061faca150e8b9947bb7bd849c10fa8181551706b21421f5acda536144c6b8daf2d3e7ec8c3b5b2b858915b7fae0e188e7df5e6e90d5bdc8cfce90987e01b2bd945c8b2770beca31eb77f393bd6a334ac7a40eaae47e0a675036e591c873fd2b8a78332faead69673db15307e7e23b6eaa55b444571fd402d873e445983c501e9638039fc8c5a7368e7aac86c75fc0396a559e563e733fab6301059931aaed3d97a22000c30ea9323a9d7f000de74d1e578204ccd73f26762def3a8edfff9b5c631ae52a37f4a96346be9ffc2f2da8a9a2ac20fa7509d005a633fd76b7512194a4b8a5076b2f01809ee0543678015475ee4144772b8d2b920f52eeafccd2a7aa8e9b6a6584fe2ceb571abb8f0c9ff0117e6a3e322024718ff2b73f501c4520f1a43820e8b3ee29332275ef68aa602da6a5cc127870a773217642d56cfa1e90e433ce8f30c173f20893c005cae2e2c6e1985974cedd7ef6c07622a0a1d92bf6c1ac7cca43a0c25aeee2f17e3f99d275c6cf7c510bd34cc6a20f0273e3a89a98ebb23322d7fd1ef2c6bd3fc8e4b4e6b130b38c7b343009750608bda2ceef3f764a28fa2f00576b41d2e79d34ed312fbc5351df796f79e7625066cff9a4b1b739df8cacfa7df141ee7086b64dc342808b77f4bfa4f5f20aa1726d085cabe5c2a76a6c000118ea867928e07418600087b0c7a8765a8cf0aa1c844ca5adf6a109cbc8c33502a03b2e339a87473862c09b749af5e83bae5eb411f33b3558072891bac0ab41a2ca027ec82c00d71bab18a2f0b4c53bac438b48f6ed0084516e21bc9497adae3415d180c25b6e9286e58f8697cb83540b3f3cea1ab20159d3c5b0d4f69b888562096639e4483971c5d46631939de3320892ad2e28f567d84cb7127cb2ac86e2cbf80dfbce06b8df580d28c574a4eb82f5de6778cdd8fbc7bb79c4a3bac618c0b0abb1ead50221572d9a60333a26"), + genesisString: "Genesis description" +) + +private let IDENTITY_OBJECT = """ +{ + "attributeList": { + "chosenAttributes": { + "countryOfResidence": "DK", + "dob": "19700101", + "firstName": "John", + "idDocExpiresAt": "20211231", + "idDocIssuedAt": "20200101", + "idDocIssuer": "DK", + "idDocNo": "12345", + "idDocType": "1", + "lastName": "Doe", + "nationalIdNo": "N-1234", + "nationality": "DK", + "sex": "0", + "taxIdNo": "T-1234" + }, + "createdAt": "202208", + "maxAccounts": 200, + "validTo": "202308" + }, + "preIdentityObject": { + "choiceArData": { + "arIdentities": [1, 2, 3], + "threshold": 1 + }, + "idCredPub": "86bdc35aa086f3407e89220ebd4ea89840a53f37a8cdb26d917779984a751919ef7e4d2d98798038f441265c398a703e", + "idCredSecCommitment": "971637bd25c2cfeb8b0f7eaf321a72ada6fff1c6180d459120c0c331c56097f0d3acfe42dd314f7e3fb6ac657d37ed8d", + "ipArData": { + "1": { + "encPrfKeyShare": "b8c0e1131b1fb3d1a608384ac7df8108f0af82a701c00dcfc435916963deb0edc030e8ddefd9dcf07a783ceae29810e1b70bbc88e343bb49a19fda60ea6b1177a8782f9d0835deff0a722b67680b7023b07a248d3a932a13001851bb36e9ef239540d9fcd1d10d0373cf965e44d8f6f396107816c9c9643b49308f58aa357cb11126cd3c156a8ff8308b73d7ebf0fc7b8e0ac2c86b9acc3e3f06b4dc4856c9bb46754efe6beafe688dab5e857958c61d748599d635cf179163bee878d8ca10aea5cf0db530e64836a169aac4fd1e70b8551f2044cf0a7106487908b3135e65571e7ef1a2967496a9d78028f61d7c87bfab6ca1880f8f17e27c863fb15fae48127768f7a1ca1ce5b5041c57ab4bc8f52e19ea152e639930f04a22b11ff54bb0f9b1c60fdd20aaea9ec6af7a2f257e1597b29398436f2bf63088d7088c64daab9ad6b5c4ff833b7f7439cf27db9bc87b5c8a5678712bdc8e43a85efd0c8e6c72c4090d595c6c53e7461b78e5c81b168bbff9326bc2cb9030e91ecd12ff360c7cdb958571fe1395046c7575f5ec4819f4dca6ea189ab8822700212c7c28df8b1d582cf512847182b85b5335363d7293c5d294354971a6f5472dbe8007ba281c5976206cd51c28ac267bb03551723ad27bb2ff98a835802b18987e09363f6cbe2a8aa7f184f9aad6edf0e0fedfb3358a51a53b5331887fe8bd2f7ee9ded244d0a39a20650b0dc1e0d29f4ae83ff88c3a1240b2f8173a728c4cc835ad2141a14e47dd58c10bf2756042b005ebf5d06e1c0a6f13d6ec0148be09e0f3aff477a6509ccc84892523ac88688dd057c5801b3e85613a73cc1e3f2e19c8af921c6107ab1ab5765ca835454c76e24aa95a038cbce92e911abd2dafc4a48b776b7bb1291e20157c2f40c93360a577c12fcd703ecd98ef7a47f4bc246942990e98e152bc965182a853b67405c3e4a864a2932ae4bd2c03e02beceb138442e3f888f27a947cbf75bf77663d78893ba5acbaf517a6480928b043ca1024b553cca7eb1f184d15cea22c859d359b7ca4266505a362997a29f55ff9b986129b3a58ec6d881453118b8c", + "proofComEncEq": "4854f537c2e050b1951dde8c1200cf9fe8d12729bd6119d9181e6a2d7718071f0f126589462379d22f16785b75d8006266e78677cce00dca23b564fa32b8c890702af22dff95de8e5657c120488839e2ac9bee6ce7fcbab1480661dbfd6d8519" + }, + "2": { + "encPrfKeyShare": "a8a6324b0573f190498989fa002cc295076fa08950bbba609b04a76bce2bc163cd1c0c677a2c3c19bfd3f3ac89b5b05b824cd8b1b218b103f8cf82075f172b5da2ad93b5f0203c95c780c317b601eacb653dc985d9d4002b594aca8e809f2f7bafcf2e107aec433eb5c29341653b92975eaac637fd5c1551f72574d765a8251f62b33dc0630aecb19f42cef80c2215efafc5c33233262fc1bbdb35e81bfd719bcdf5bb3f27e3bc8e73e9ad2c790b247d5ce1ab359210a2763727480ded96c890b19de1e423e588de7ce1c32edc24b23cb5fef5e20badce79ab6cb5c6d3ede0e285820df028dd142073d772cace33847d862504796fabc2e10716bf383fdb1c3834dab182b182ffc570b056d8483b175fa2af4ecb225db3f72a4494a4231f1de6a006bd23fe0414c8434dbacda740213f21568ef43803fa966f7ce9193d11530994651983911790585539cf38ae568d569882d4352abb5a263f019d7e03d734e7725c60cadab4f72c436601e16292771c52cd4bf89f9ea16ad85cfcc32620e57c90830de15f6e7b3013af8832ccf9c9029ffdfed4b7b41cd4685cf6d5e99dd4c76a1c81a2b6664f0bfffe603edb413f0b8faa5d2659e6b282c00d693c3bb1bbe5a38c08009433bfa4efa4b2591b032c77bb0d69260cefe03d42dbb0d91a6620dea488cb7d92d844957e2519ac984ad78ce312ebfca1e07806c71cae189923e9291babbeaf540692701bae207488541a68b81203cce9bd3b4f62cec70af972746bf40f31043694ad8feb4789050f501873f95d482ab8bdb6e27ee624a5d1c5b47aa14b6c0738bb2a89b041f038818b39a391efdc7de04be31a971bb8a331cf50e8b998e61e2e330a4087241440a9dbf566870a0cfc61abe183fc797981480af89f6676c9a4a13f9c191ed861c59687068b6b41217b80e8cdc70e4967525288fc2ba916b51ed57fd2a476f6087e4e43f3688cd3d8621bb9c076a7e021c9c7faae35266264394cb830d69e954d00285e5760a666b904d77035b676d7c81674c6cb12fc241f7c4147756c4dfd9cb808429adf81087dd1289b3afa638e894aa0279740", + "proofComEncEq": "1700b45adbb0ef8679d6c0500a890bbabcd8691fde7f74641760220130195891506af09003fd1c8ff3ba0a44750fd1d93fcf2ebbf4bf40bdfba160d375bb954034a3ef03a0598b7018a2d80e2637ccbb51714efd9688842842431d2f01ab489e" + }, + "3": { + "encPrfKeyShare": "aced178c5a3ecd4cbb80a60761f21fbf3174309641815ab2af0557274026db47377af74a11e2ab2a2808f8b92353e18ba15f062ecbce8066510c477ec27a84bab1d5c2b7b2d81222119dbba27d3174158d34c3f3fdf04cfbe55f027b22780c74a8b1a1794be16e0ef2bf2468d4035054c95c42d65c4ac204714a632283b47e6d04f3d7bd9b13a220778345c1646053bdb305e75d8d1f1e3d0c6c0a06860fcf8e990de681ab698f9758618c4922631d07aca57b7d00ef9cd822f1797bf3fa9075b38873ab2f3e8de346176eb73f17b2131c5990299bb5cda19f1ea91a0f27d68670e2580f928ac427830787a8f6a1d8dc964b1c1ea4554df35d8807a795171ed216944194b38b1b7cbc608c254bd9be5ee39e96b0f7469ea596497ae330e4d9fa8f0ebc75c2ddc69f5f35e1bc7977bc3c643cbf2f7ea8bfadeca7bee6ddeaccc8c0d40f9be53382cb5e8b06151be0854f8935ce37c25448b13a3fd7abf5505fd3a608d7b78f37456357d17b8bb2d643c5841724df1b210d884627603d90a8e40c935bacf3ec1fc7dfc46c6962960d12852697cab088eec5a9c36eb2890be20394c9a65c26b58c67f976765b7ac67468019100e50344083d7315f0d65b56cef4fa3088a82dea3961a18e848de02dc1c9252188cc02707caee1ee794b4769a223d894a7599f6e3ebe28766c3ad488289c8c839a9a16aab8e0df8944a0a99241f83b89f6918541065b49bae46e65999183988a5d1084e276262b5673810616a0983d21083a01e9423f1793ee5ca9240fe8f33c09176156a398c2e8d51af49807a550ab2d42f5dd4a82cc5b8e134fd89b4866d564ca82c4005cf07fca195ba51893f575a47ac8b2ddeb6cd189c31ee258ef3a86b66df847ea4b70a8bd35c85f9d5a77b96f32a421e489f44d8fc2aff5d9dfb3a363ec44319b0f202b6b448ae831f59e9780dded5403d108167a506a7ca1312ec377b4b2d02461c05bbaf7109afb816d3dec1c8834230f8e056c4b20b63fce2aaac95f0bdf49b24f61265a660fcddd6b217590195638d6d28f8129da978f6d1ce7fd9530a2ccef4195ef9c06abce1a0a", + "proofComEncEq": "729c7e53986746acbbba2d9a262ffb8dd1ad4e02cc58e877514f1fb7b776cb7707101dde4136b20c94e33d812702871e36f1012ca4d708eb598fb5d2ba7ee8623828d001559b227f5f01a6e4c3eaba5c6607bf9c008ec7738aa4801d06a0e4e9" + } + }, + "prfKeyCommitmentWithIP": "80eee95dd029f4077e4de5b7c469fea70a0e20ae05f60ab6784a227b5cd277381ef96cff3565816f5fe226c3866161ed", + "prfKeySharingCoeffCommitments": [ + "a146057e158d734526b6f438403991e60f46a0035cfb95a2e94d052c1dbc576a28c40d952d531d22949c68cbb9b6801e" + ], + "proofsOfKnowledge": "2870ecb6ce1c4e129baa76ab195fe4a1d0805da7bafa8a060d372615ef46b6102e7c020fd49a3b418687314a738424d8d2befc823e36b465f3eb6996274450bd35326037538f7f468d5fd8100d4b3afa245a3df6fd7d2ec829e24023acb7ca0d5b4eb756133722770cf984acda9c641e778869f3a589e061a9c9095429c946924986032647257485aed2f6bbf976063510f4d9d665b52cbde5a6ba64895b48544ec4e04f937a788bd33f4b58ed125971abcf3ca06155440ecc0a61792becaf593cea6e338be7159c5742c3489376ce40878d95cfe058757aa49097bc23bd39c10000000000000003b662981ae0b14982db58eef3bbd05bdd33bdbed9fac29dbd46b4fb54211613c613026e08d8f0e1f82137770669ce4f528d0adb346c3f9d391c4b4f4c9740c8409e8486846404b305f98ecc4d07919fe89bc93bf091c8f7cec78428665152a52da66402ae5fd7b3626e6e2def9f46f77372a47d161a339368e08900c0d04290ba590b649a69371e2a74e5332d80a4b81e819e81643db327028deb236ef388c2265f63fce236a64eb4702a48b4ed579f15df721e3206c0a9dfe34f1232d20290fa6e7db531a4476f48186656dfc77d4d0fce25086198d26a7fdd42a7007275d75a0679d7a39ecae3f8ba5142f5b73d0c9f535cb3add6d44eb411a38f9c60e4bb761ad1eb2a4ddb50fe72af7ae54ecc80a58d5b43d04cbb0a727040c41262c0fa13000000088fcb41f45d5209bbc45774b13971bb1dc558a011fac0a433042eff86fd67d837b00cff2776cdf80d2f222b2a636be8658df78844ae1e04a1a27ef369d3d40f02e97cb65660d70a8dcd4e928f576d7d7902f42afaf9b5d88110c392b031d64125a5a32b588cf32a26f97a36459864b57620a92a0d9540dae0d541ee40fae0e5be2714cadc1ac09982b53f0961fc54a02d8be1e471502f1f2c1cc909a6104b451099f72cb7ef6a180f22be59192bf8df679cca7a8cad0646a188d26255cf06b7c6ae2d393427df1adcefa1483177928eb453be356f30d9e60eeac6513cea9733fca04e0cd6530b4523a0cdfe84ac558e73b642a4c1d01982dd0ba35e449655b5244e820fd2d53f1d7bcde75e8f20bdc967e296f1ef239d0ab97859bf56bfc8a2d9832ccdc70d7e05710a916e29f10e3dbb71f5232749cd06c32c23718d04c52bb58623e09931c0201fdce1f5f21c18c64aa4c634446185925271ec9c334eac4dfc5f56bf791a336ab4688ae3a7ee9160d372818bc4b70d0953768e1519d6fd813ba5bee23702a81160f0f4d630ccd45f15859f61e7303a343ba86f73b3ea4a03c8a642e91de4b9e17d209cd05edc753a35a26f845712949a257b534f762216c76d8d8007f36392f5c716498c99719ca9afe70c9db60084e5f1cc6b2f0434885e24ac7013096ab113ebcb9d1874260dedcec15e5689cd50f298d079dcfeb2f8c24243b828786b8f3c3ef38a43e22ef26fdd88b5b80595c97fb9c6db4d93729b88d70f7a1294b3f9f50d80f8a962ba1283afeb270c429580dcca094dc67f4a564ebbb6e007ad25eddbe84f801d7f1fc8d3dd24266769bcfc6318f9fadf3c3ec8c3b3c2638351488a2fa0bb2ebc0a7d30edea9487c41bba352262427cccf0692f96ca6e73d1164da3f5a4b82e17f67d291b75ca1e1f0fdb758858acd7e4d1902d5b9888184bf4ed0425aa17098eea167f8d1c5f2c7e87158a85bb455d4bf9b5e262a9c82cd94157a701d870783d4c5075359ca63d1ed71c596df46f1f5ae9b4c2b9b2d702b2a300508986be4905d298ed0787045c4d444981fa44c3687ed64a0eefcc3834c5c52fb60cd973a7e3a41f7500d2adbaddfa6d29c83bbf0e7c5299eae45d128efe868cde0faa4dff4782fca9e296eccf1e5de079cd0ec999449c37c27a9da152b157a3dce9def3eaa50b30d6b526e16eec99fc7549fe62e08c58ac559e421a7d2bcad91b23038833aad21764fde7b1a13446b254c2457963cd3be7881b2953022868c266e85b6ba6d30aaa3112d35c58075d1dbef0dcce17813d203220718793f4361e6a32c3100f517ec71dd652fa608ec907cf7088778288938fa5053b9ad07fef029ca8b3ed0da24575b251c9807ead7fdf7b45f1b59aed03cdff45c9872a1b7d22b2892dc505ffa639c8a3f79793dcf488ac3c8feaf90b7719061396536ebc576492f4aec4ccf1ee79899de97f29dde294a05540eee80adbc74eb32f32af94524953390d46cf8299436ade6efbb149344aa55cf1a494ca6811b42fc80ae64a86a3ebab380e056eb9bd471042678d21faf33438599a501f0c6a698b5b00000008b518c5117e704c0dc391a868d0edd1a9f46e2edcf6eeed52c436d99b547d2d22e8f0a3f8b404895f881145cd5cd761c6a354f379d514e1cd883eb57ea67ae13fbc41e502dfeeb75910271cd7525fb8eb1a05ad9723dca4021330d38d13ab5656a60a362062af95df90027f1aaa79d42dffcb98cfa60e5068bfea1e51d0688328f1ebede7083fe68abdad38c11c9d9f7793f5b64bbe8ca9f4f1e2aed5759c5d239aafe211b8bbd4c1583ae2346d01089c230089aea5b3b774df69ce2758a8c151aaec9ad782917315c8033329b702a0610d6f37e4b541d0970d47dbda0b395a9a860510512434549056d219b1d3526dbb81c04d2f0e2e353bc5b7ecf98df448f9891ad5e72a809c29e0faa25722f66926f9bd61eca67d71ad35b02f54467aa85d8a72421130f6907a12a1a4449f6a020c20d0d80970c6751ed66dd6654a1863bd3429aa0936ee13e1d7479e9f2413df4f89b3d6ad4ac7576f30deb9b24e9f770cbca1d381595d54916347307df61b57825779fed1d6e601d47611edc48deb2bbc8785d06a2df7e045af541979cc8a8d1d988b1c80e00ae503fdeafc0eefbbf33c03ecb12e96f438505bf85a3ec16129aeb4149b98f828bc9dda74101c9ce101a0b39a722f0723e19e863f087d8915ea13184fcd99d5f2d6908006ac1247883dbca72dcb66ec816987f5b719174297c97ff93f036a5841dab4a7234de9c3589a3a75205b997df6a439e402b1d2ce8180db89989b3bdf77eee93ee3920ed7120d62d05f53bf24980db20914983ac34d475a1ed88090f3fbc35374a4d9417503197295324eab24bf2cb0d368eaec2edcec5726757f18f7ac2c0b48b545fefb1e42e7a9372feb3cdb546bb41283d50bf88bb6994074e02c3e19b2e9769c3a854b503c15fa0de79fbb680c809d279b429f8dea3d232711807cde212b63735538a38590936df61fc406f67eee35432c595a596545f9889968de8321e25f6e6374b0bc76a652970076d1d0a7fa53e943a0be443f882bf65e19200f379c2ea03cdb17f20c99b4a0b8d8094ea8f3b238af176a9f2398b9482c9c4b1c10e5caba2ed8f12c6263a1c771bb3120c0f8c107d43acde378e9d22aa5f4efbe2ab38a4130c5795c1b6f959a3b902b8a1780c2fcef8fa5b45c6ae4a35c7ae26bc1c678394ada08f391a0b8bc6fb74408e3bd2b0f1b7f111e8672019fffb8cbe7e93c79750e4f5e83709f7d19cc21bd91752e7f197e4b294c25b2fa6f62739220861d820ef5cad15172f5b3bd6f278e5799eaf029b4b7a50e2f4a103043bc24221fbb480ae849d9432398263caf2375bd5354a74b81375d16d6f926b66408815a3e357832c19035dc5405fc8a66be6476697a88b58ef7b13a98a384c284578369e56046414b61b17cf417d81497dda0c863842491e474c678cb1cf4684dc1f3b49852b254da93b74574191b50100dab3c0f74c5c5203832b56030918280c72b8dab33ce5872136f734d253928d0c8ff00f0010db0ae4ff67679c87b2b57633ad7c69ac3ad744cf8218c11062f058ea9d00744ec14e4e632be9cc98eeb58991e9a00bb373b7852b53b1b00000008a193f17a557298ebe18b2a0e13048aea185522f506948f0bc269bc4f46c4ea506df698f0b35a0a04fb64f10ba038ac948064b3932ea4e0c1cc7d57b857f19fa0f43a10f1bb6b3e67ac8406626b0162da78965f6a3cf31b37ca311a8c4b62480b8efc320711da568f8c6aa04de44add0680eb9da0a0e6724d2728ed01fb8422d4107ee530340999f3eb4a14af4b449c488ada1f02445787aeed6bd6b91ecee7f0357b3968c804f1445af64b0657b77140d4183b1509dc203287716ba5d412500e926fb46d826a3f1dce9cea11bcfd6722fab6e4ad63b9af64ece36589fe65945afcd7e2f41a480a51480e91c3d714a05c8348cf6a83c2aba1dc6ddb3d790eeb063845f18c540f53ecdec27362850389b23003f27b2ed3fd109d9df7660963a146af787b8b47f006913760a16655ba32198144ace981650cd47f52627b6455d5fb21445b1e6723aec1a1512a02d369058db60b2d79b5c34ab14b6d4e719bcf1bddd89f49c338260460c918d736a5d8d28b5a777e7460cb593230206a76a7e01f42ac0d3b954e9e5e73455f2c1e753ca3c96d2250989daf7333deee1c295fa35d4540a37a4bbec67254db5444a1848125d4a353ffc74f1b0f2a76d315a400da55ca1060de08e978c41ac23199fbe2b3d3da182ea6fd008e21543374e1af80a43da6b26bcd67d524c0a816108312bc709291f4ff3726af131efc81f8f632a45eb5c0128a688935828fa638bad9935684ed548f30cd5ebdbbfe80b67ea75a160200abe746ee19f4f9437d75b72679f909ca9ea6f28f32ecc421715211f9f16c475c7e9134bb5b70a5f96f385a6b10d4e440bf9f14aad9efb99076b306c8c31798a4130aee5b4eb52b9a710f36aa8fa5e08307a19bbd996d1892015a664cc2003102847bf9c4c56738e25dea985c99af1a53d84b4b222361a4095c969ea3b30f340db6a43926121f63f57b439b70bbabb90d9ca91c1a92ce8910a5c33ee2435dd190b604ee1c78ef451c5b08efb8864109ff328af2b2666a1cc2bdb47b739cfb687721492be730f6a9c96f4d62041329ade6cc1e29dd533565d680e909b248831774782bd73fc2825aa3213ed278cf4d96438ab710257a1f0c27fbf2b9021f842af62970e441177ee8dd15eacd2ab843183e07ff8fd01850bed7e5b232f1a8a0e3ba2a" + }, + "signature": "828e17e41937bacb9e7a1bbc3a7e5178cd49abf2e5255479037671d0b2db03bb717bd67a8e873f593622e4f2acd3defba6389bc67b7559ee8d7fac54e22f110251089f0ba6ccd02e0a625b6225b6eb256d8643c647e6389bfcf305a1eb0289e5" +} +""".data(using: .utf8)! + +private let WALLET = try! WalletSeed(seedHex: "efa5e27326f8fa0902e647b52449bf335b7b605adc387015ec903f41d95080eb71361cbc7fb78721dcd4f3926a337340aa1406df83332c44c1cdcfe100603860", network: Network.testnet) +private let CRED_INDICES = AccountCredentialSeedIndexes(identity: IdentitySeedIndexes(providerID: 0, index: 0), counter: 1) + +final class IdTest: XCTestCase { + func testProveStatement() throws { + let json = """ + [ + {"attributeTag":"countryOfResidence","type":"AttributeInSet","set":["LT","FI","SI","RO","CZ","BG","FR","GR","LU","IE","NL","SE","AT","DE"," LV","DK","BE","PT","CY","HR","SK","ES","EE","IT","HU","PL","MT"]}, + {"type":"AttributeInSet","attributeTag":"nationality","set":["BE","LU","FR","DE","NL","AT","CZ","BG","DK","SE","SK","PL","ES","MT","IT","GR","IE","RO","LT","EE","CY","SI","HU","HR","LV","PT","FI"]}, + {"upper":"20060924","type":"AttributeInRange","attributeTag":"dob","lower":"18000101"},{"type":"AttributeInRange","upper":"99990101","lower":"20200101","attributeTag":"idDocExpiresAt"}, + {"type":"AttributeInSet","set":["1"],"attributeTag":"idDocType"} + ] + """.data(using: .utf8)! + + let decoder = JSONDecoder() + let encoder = JSONEncoder() + + let identityObject = try decoder.decode(IdentityObject.self, from: IDENTITY_OBJECT) + + // Test that we encode/decode statements properly + let value = try decoder.decode(IdentityStatement.self, from: json) + let _ = try decoder.decode(IdentityStatement.self, from: encoder.encode(value)) + + // Test that constructing the proof succeeds + let challenge = try Data(hex: "aabbcc") + let proof = try value.prove(wallet: WALLET, global: GLOBAL, credentialIndices: CRED_INDICES, identityObject: identityObject, challenge: challenge).value + + // Test that we can properly encode/decode proofs + XCTAssertEqual(try decoder.decode(IdentityProof.self, from: encoder.encode(proof)), proof) + } +} diff --git a/Tests/ConcordiumTests/Proofs/Web3IdTest.swift b/Tests/ConcordiumTests/Proofs/Web3IdTest.swift new file mode 100644 index 0000000..bfc5f31 --- /dev/null +++ b/Tests/ConcordiumTests/Proofs/Web3IdTest.swift @@ -0,0 +1,355 @@ +@testable import Concordium +import CryptoKit +import XCTest + +private let GLOBAL = CryptographicParameters( + onChainCommitmentKey: try! Data(hex: "b14cbfe44a02c6b1f78711176d5f437295367aa4f2a8c2551ee10d25a03adc69d61a332a058971919dad7312e1fc94c5a8d45e64b6f917c540eee16c970c3d4b7f3caf48a7746284878e2ace21c82ea44bf84609834625be1f309988ac523fac"), + bulletproofGenerators: try! Data(hex: "0000010098855a650637f2086157d32536f646b758a3c45a2f299a4dad7ea3dbd1c4cfb4ba42aca5461f8e45aab9112984572cdf8ba9381c58d98d196b1c03e149ec0c8de86098f25d23d32288c695dc7ae015f6506b1c74c218f080aaadaf25bb8f31539510c87e8fed74e784b63b88afba4953cacc94bceb060f2ad22e555cffe6f0131c027429826dd3a4358fd75a06e8f7c5878791f70384a7f3a90f4b7afa45fae6e0fa7153b840f6fc37aed121d6c51225c56d1ce6bbc88096aa3f86e6b3517daa90baffc69b9eb27aaebf87f04ed091412547ec94aa7bf0c8dd826e3cdd621e11dfef6fc667c53a5abc82c163efa51435b3be74f47073511db07c1af7229c78ec38554a3f7e9fa38499201d4fe6c80e867df75f2c540e57d2e15f9f5e18f73c0a804567494aba85653f57f5f990111d680400bdbee2d0678271ce93a119c107458b8d4e557fc870de9cf0ccce6d34a216a6ffbec9581349366706377b436261200834fb2654ad5cd34f5bfe3f3658ae94838ed38033886844008143d823f7e49db43017655c53b983a883948d7401f26ed14daef0dc46da30f57e187ca8e027063174a412cbfc8a7b606b41fcf7f75b698ce9115afe5124e8d72f4b34ce839742a46885ed60af26f24f8d10d46621d78b5772b0314311ed3bb627e93bac47e7eda5ff4d2ef5f98ef7265677a382a1f7b8f9a43d1e563b66b6de94c52c3c87169bd19b6e884c6a28dd6f51ba64bc36ac07926a8d91a64e88a4e19b4c0fe0db8b76c9c99bfcddc05fd5630c54bff85c041fea34a630ffe1e6313bf039477994696db0596f9e2522e04ffdb530147780099d918ee47031db2870c00b25ba6d201b00ef2459e73f6a8219d7a7ff96833bd1c8a3c24285d93b85a321d1b6e175f2d9ef111a7304438b5f5874f064539d27bf8bc46d8e2473d458f957fa206bc417ab5b8ca4dd5f0595e21063c1bbae14f07bec6f12d95a05166b90896f33aa941e0a057989dcc1ed77430a3e6f93ab16f62598b9816dc203db6ecc7fd7989d2763d4ef72abae3c4aa1e1b9c9965f8772a1be640a18486dc0804a2efdd7175316af3220a6c10db0ac0e2913de42c44f2f54a20687d2b22c9636e0ba8d09747f2229ee6ba0fa49c4a328f2ffcc5ff462ddca0de8b1d13cf85ad590183767a9ae4179b3c617ed776cf14abad1964d362747492547359c4b65e78f6dfb452d5a559ac0c24b8affdf13256e43d3213bdda0c056172771cda382f3f31fecb82ee8dc81a48fe74467665c4e34e07b1954cae4ee97270b94a336779d27646348ffa0eb52663aa60bd8b7fb9311d38a7fc1f0f2842081cb81b594dfcdefb44db1caeeac7527c5a48e8a8ecb83de0514ef184f2a82c4110f9f64ea655fb42218f95e27c81a0adb3fa7b441b71cb15113aef7c318d73f911688d34111928fdff181dbc014be35cc7e3e5bd75bf767686933931bab272eac577558b1314206d97611152ae82c1bd56ab92a4378dbe73e76a9fbd90154bd1a8c73c681f70298d15f1574d7038521b4e9b9cfc0d900c2d74cad594b68923607a1b913cb9484e093ab8ef2020ddbbd77d041581487f41e2dea13832e566325f4fb0f9934df94ee068c676e475251659770b93e0e32c7739d3c430db581308817ba091c56a5087c6248ee79baddc3c233e77b3fdbbd73f1a4298a8277055ee32a96b7e83f76e0070ea65c4a1784e9e281fa70fd9771c762a91c7ea014f60c87d09687768c9d0c8277d84e8af2eee505fda2967631a999619dc332d98bd45d40458923de655769aac754bf9081dbe9318b4880bd325e6be713f3aafb65d8e44b9143acdc7f2ba7f15290c84225c77111e0629d0f82f2f367d2641d0c3658fd54e538286787d379252876f71ec4a96ca72fdf8b156059ec50131317b9243eb71c5e84ab6791303ee0ebacd790bb27767701083afa616413b1d5bf0347cc4199943c938d74eda87660dd40405aedafbaf54b1e177117f632deeb6a9bd5227d9b8ba5693625ac68ed7d1604ccffe73e97a45411b99c666dd5eaa90cd021d05f12f84acf60bafe0c98e8ae213fa65c189256c79afb4b3eba970a8ad4e94374dd6f9d258b8c86335f36481affdcc9eb074f1ace01fae937a7d1a92279bdfb1081e029103e48877e4442199593c1b946aaed494885b0bd9d67fb7abc6f41c0f7574c3cc007d29a4ddc0a966270f5432a47e3e5563061b158eedef8bae522cb1f800c6d5f0a85a4e24a68a9bddb99e408d204e56cd994796bd004cdc5871798df2bf068ac48271290a2b3b1f0eba346f8746c79ce2389ed3ced67bb962fcb50876b7a32afca94216adadc0aed990dfd2b558aa5d8f35aa773e710f14f1641ff7eaa9ecab43ca3dbf32e846a90c8a3771d378aeb9277ef864377f7ca79ec7bc9e4b373ac890cbcbcf7c33df157e0cab0fcc7fc4daa2599177bd9d6bfc4be694a8e834be081bc7fccee530fbf6bac5be0cd1656b4c79ba6e121c39640cda83f81d17324da795da00f9a05317224ba827cecea6cbba1459df4a5bf6b84cd009d5864d44e747e3f30866a7c261004f861359e717c414a699461086e9136e29f9973e5b3f008a77fedb184e6835bc50934178b4bbd8bc9ecbb10865789d063ee7781fb2dc7b9b641b73fb172c3aba915c420c1c72cdc999d1fd224bf4d3d8a5ce26fa36100533682964abc2e99368402b0c518df1b6af245837eadb31a5616884c5474d25f57a228ed2bbef64d5a80e37cb20385a0283072a3b7a11b68bef323ea4804608c0eed5ea213caf6feb183558d56666f472a9abd10ddbf49650c5318109f9c5ed8fac7847644e153638e29e5f45dd00da06c9b9aab4af18eda0d0bfdc48ae42efe79d4e7196ef07c4319efdf042724d9aeb2c13b089b1fde77467c32cdf778749370e2c3b84a466bdfd1aa00ca8ac85c0eb29f1ccba6953a8bf877802ca3e3c31ceba8f9ff0a8684b3b118ab11a27182b033847baa372fb6b4c88e9177b8b131cd69f6ff5ec347db17215fb9890fab1c4d265d405ca74e249fafda004f86f2a5c3fbec7cae6afe6c507e089bb2d47a9e421512c016b99cb1cb15a3b8e75f2d8ff4866731585c686871691b5ca89a1351f6a79b159530fb5825f87131b0bcee2573d3932d223a358fcf08c8d4bae92f26d7fe35255c7486484bcb26693174ec2688abf39db5f091c8c09ad804f4ae42ca8b645200f27629ece81c6b5d94ef7646cbbc4b62a716ac6d2ad21f5a7e2297ebed15f2e085859a1002a9e7658b0d0249446ce9e769caba71536b9329a5fea3a15d52344d42d868b0d92a423fa44f8a6c4aebf50fb496c62d03598de39f1fbdb29e098c6a2e2ca59cbb5e37eb021594463a72471683117b957890f8307828168b1a8f2066a5e5f2c6822589272f259b012822b8be2b15c004a2a69b66c2f5ee5d81aa9a7bbdd44d059587bea89d021c734f62828382c9f13210185482694f8b30b46111d426927ec5f10b155f825d852fd995b9c7ff27861f7fee8dd2b654473198504cdcb53154b29f323ac1adde8510beabb8cef6d1a927f2dc844f746edeef9b256ace54dd8e3219b265ae958ced6593ea154b8188bf58b72ff05c036630b6d55141c4ac227a4d966fde1d0ff1ed9748c66127feec86e7839d77c1c56b46e29d2033a7871b4b0e3c53b3cc4ac49dc8eacd0555b338265be1234b81259b3746eae71600c16b7f4bc692f0a1d3dc2ed855c9fb11b2ff5fd9e6361a82d42bd4ba00635d974fa1214aa8da9180cb158347608e0c44bb5b77397d8b233df7be91e7047d28d18ee66472b98c78091eb95760c5b381d6050779ce65fd1508af8df81a3385f185f7941f0b7aa9bcd6023c6e4db7ac3045aee58f3b2d307a5be14e2b59d05333949d9e8dafbe15b671034b7c629c1de1bf560415cf72761d4d7abcbe3b762d9a66b1b630b75c2af751f6a5d37b43e84139aeb418e0b10dec012a32095cf7305bda79bb3853c3cb1fb3c8447ee4306923b6b693020880bb11df8c78f3411f176b2393776d0b9b3ea7eb0cecfaadbcd8112c4c4ad9960001f4d4df210860470a4c89a0fb9a07229ec3476e1221f490ff80314da398ffbefac3a376c53c0db82d6785bc3d3b0cf3ce4bb54cb9b6fdc29b01bca2894debb7de518a61cc953d4f92a9c52d427e2858db633d042ca14028ef771d9c8c62014676a30ed9d5f9f51036a823a388ed0f72321a13dad31bb28fe383e456361159490942382ed3e49f1c420968877a42b7bbd8c3c9e78723017400dd178f0f89065072d7ef5f5e9baffafb2ce55fe7b35a7865957260b1789e3fddc5bebdfc3301e79b5077a92f6048121c557099c329bb270cb90ad47818398bbdddefdfa6b9d9256b8194f51b45c69176d5d7deb6440c9a81bc5ad0c8b2f31720f071a8ddb7907fb161ed658f890540ac56c506b7b98df3a45f6fc062698bc86d3cc1150db00d702b2d1e3c8eae552eab55a7afd5a5a3be2610867cfff07545c8227dd26c502039240cf00ce2e91b7bd7ed6495980639eaf919635c82c5073acdc21aa275ba87cb7280d0c6321c6a4021b1f0ae7bce23c32238b3f486ce27434721df436446f9ddfb9c66bb1f4b2337803850b2606d8954268eaa0ae060f8a6da2a0e7cc315c1f8cdad4e11bdf5165a2d72ad34f976bfc41000afff158f31e9632b898f2e9886b8b92c81bf916861c62f07ea326e94ddc4ff9af51fc0420b0d3c57fe0d14109ec90a72de74147d8ae1eeebe6b565c4ed81ac01d49b0e6a9551e9fdb7a9e040b4bcbad61fe627983462106e1c0b59ce762ce89b4b1100444048e2fe84850db19d63522d83993067cf025ddaf796e2f11d76da5a2b6ef4a409720ac4e97f7c75973584d935ab0e723f415a5622b03ece90173ea58da495f402f5ecc33526d251da5d2eb5558cbabc1634e8aced49d7c3bfb514c20f7284e8a902855b2296ae90ffb84bd0ea96aac846b6c9dd8ce92c0f9d457ab44a381046e7cd50b4958bf4b854bff340be4d41452ae1e3e19c82b99908c0a45968e580823450ffcc67561dfcdf446a57ed8d032ca94ec3e8dc0a181b9faf478275fc353ba104d5c31cb7338cc4c2cd445ffed7025f576ae84e9b08311b77490b6111dacd7e3afa920193cded42246276cb999d5d85f594352592002efa2d34c387fa1901cc0f63c0f6ed141c7d2a48d5bed031a204cca98c4e26ab7210d4ca5ba3e20df6d1b0e1daa69216b3e1ed98f20ad9f527efe75a0e7e2067c85383b7a614945669b442e1f0d7ee07160902ba9ac292fa0e9c62bc1b0e848856aa680898c4769d965441a16cec21ffc2eff717267cf0f9d4e7139b764c72826309e8e0ce8965c6c96953c3ebedb4ab4c9b35c32b7b59f8715f7c790afe8a3c7a09965192baa75262a16650cfa1706f4cdb4d34043ad1d6a53898164d049647dba7be95b7c620c750e3146155f57ccaeb283936ba6b9fe6a6c6fc5fec11b59b2d12da76075e022a2308fea5865ab5cbc12a4898de2204bb218cb6757d1d3d380b488a22e4dca9c9b1d1e2d01e7a9e707a6c09c323973dd639c7d48f25e4b5b5e95b4394a1221484d337a032b34cf77998acf78efe6d7c8c1ca4f83970bd62c0a790f38e405827a71baf31a9c89892f6745e2d29bc13b5b2873c0581df064a96bf64eecdec5504a75c7e03369662e0ad9f6c2d38c4da79b82f62aeebb69392a78a2cf6fe5a1ea8627b77d5ec828f4d445fbf3a51987023218ce4f944f03041d01976a2780fe632238a828414364b8b98aa8d709bab9c2202b144f9edaab822c33d5d8ec5f62517567711cf25c890036700b7f39b130335b4b8d14d4e9ebdb6c4fc015027907b931fe5cd99ad87976e8181fa284a53185f1e982ae24842abf28f23de420376b205222e5067a2ec53814d659485327eec748b821d70f114fae08ba181f320717dc462c88a15370cf8acba5516c093e13102d92c681bda73f3ab192976179dea08875abdc054e389b309d62a9737e05edd489469f63497da850450e1f299aea08649a9ed1982a4f8a3b251fb8cfb4737ce650d125199d07f7acbbd50dd65ab973be9684ee248269ff200e2f36118cb0eb9104b94149f9c91ebb76f9d46ef5c11b4b78bf6331116110dbe6bebb7169d3c637839bcf89b114ed9d765cd6211405e2dbbe78a4ad608a960a051097a65dc0620a3d1143439c4e04cc6eb1453e43904dc9f9db084d52b2d251dcb1d476141b74c627fbff849eda5a0abc85416b97d9888dd3cd88d33104e8f0fe03ade560dbe4baee030af797fe68e45196a2137d79de2ced8e6c2771d6b16a74b2c1044e9d381a0107adb870af01329c413c0a29b88d92b3a3c4a117424e613704917bb2aeb343dc22d96b0831db78b63063f10527cafc6731b32d50e4b6e39f45595cabd413f62117244ffc1d69122b5b1c9bd864303c46cdaa1e76a97448ba5ed266859a744411e29d1ce4b78a037d99d337a7b2f74907b591da8103613a19bfa6cc1f87b9698912b85ddb0ad0d86569f813ed4dfd3a9edfc0803427c648ef49724149e49aaaa98279b2ea7d25e3463be263b6cf518e9bfc456e993c2a3806335f13deaecd3c052e8604a08c045175d044f7544291dd4acce9db398fef80ffd0fc75b28886903d2d39c133a1869b8429c9ec58069384d8639e6d268849bc02f863f431f574ca988b84ae59427e446891cdcbed74a72e2b60601ba707b2c839d85b33320a32c1b1f7514510f70d08c474a7b6155a0ed004a23fee27c6aad072c0c751474948a1397ced8f04c5b50b4be2001f4f52ada7731781b69ed93b7602441344dedcc359c385a897532f3475764e0ed3c80959cd95d47f958d237f39694cdad607b966b0d2b690844646b614fa9fd4f169fb4de7c2ff3b4805402e4408c5ba5be95cff6bb68c79104a58c11aac0f999ec307a230eba3869f9078c453af1539a9cf5f07dd18a10c2f2104a2007d52d55b8ba7e24d97002c461c2f21796055179f403a012554b2eb503bd7f62aa3542df13ce9b520c81f364b7bea0deda55e430ff52e0f7408e43e4f7289d93b2431ef21d80e04ca57538dc17b6a7b2f1729cd52ccf7f8b4d58fb2fbaef5c9b3cb38b34b179742e686b9fcb884286cbb9b35d70083d8dc6e6e9f374d473a79ffddf8547bcfc05d5da6250ff982c8692b51e6b219406d9eb1b39dd2adc8de3dd86510da7c383041ed1e87e5104d33478bb8bd7891e16c72eb23029dfb8b90c98c15377d0928a36a65b01b4e83e5c93e5a804a37513447ca0e64a945c0807ffb5f2ff06f270e9080eb0fe471b4241a9f66235b8066d425ef09e6d46e19717747d80f5a16964690b949b335b4c20d3d15a7eabd7e815856f3463565654eaa243f7a4c619289212014d1e1effd99390d1feb0d9a9a0b101a298aefbfa703582c5c2f6470c673a180cd6bd9adab2e6d044ba3f130e47b7340ba9a358b0600d1a8862a9c330e6ef1782ef1c912a4a60db9522cd3f1b941832abdce920a6bebc950d29e057d6a71e75f9056d601079109bbbb3b7bbc46b413934b902ea7bd0ed115553de7c51ce60ca100272221a880d3d2bb0b49f5b36a246df30b7fcfa3e924b5e0db2c55038289b1e266f91d504c14cc3722881721f46d864c9f5ca7c736ade9d7196c9fc59a4740d59d0bc1cc3845ab33c8ee7e539f2bcd8d7295e88803b1a66552fbe133a585962edc24ef8b8b3ee88d005c5817c9e65249c554a678b71fa1e6dabdea92b1ffcd004e16f289ff1758a491a2ebed7c070423b4dbbd61141d3357ee08bb9be71663d0d2ea59f4322ee39348fe8af117fb424ac49e362ccdeec78e99f7f2eef955f7454ce38c8dd963bc6a43bcf476514a5951637c64a71dcb65351b05c557d7485494cbbd0c206acc04002ca1545d1ad3f70cff600aeffa021fcc63d46b5128d466c87475a6b420af9e4648b3218449886a5f3448d2993609e7055566430b2e3f3d09a22633e19a1dd0418be9f99cee8be8336f575d3a55dc090deabc6786fd0d210b7e9577d69ef79beafbb541f96c6a01c9344653d7f84cef645989c9928b1738b4fb901dc9b9c29f4e0940fadc8403262e953ed8f6d772f1040b6ed52df64f7bddcab26bd6f5575e325fc81ede2c931f46c8cac6beb889961d6b2395d711261f9ddfd6be95e17f1aafa506e7d14bddb132b0821e7b06cc8597c8133878ca983bedabf66d0d2abadf4dfa38015d3e0afe9323c792dfccda5544c17624162ef0554b5cc6d77362208018717a53f44c2bffec644467d6b2bdddfd1ac55973d05edebd6e24c41223b8beceef1ea63410eed001c947429b115b864d785de238fa0e68411e9c5de226bfee699ab981ea86a67935faeb6f571f04d6dd1b73920a4afacea51c89a5561532cdb94a08da8e0bce1da552da943efdaf4a9549984337f0f5c4b42fd81a4f545e00d86f41ac6d54eb554efeba20896f3e1234f41c285636524b666b69a21bf19318a618c95a05bd4754318f696e0671662e9b37cd2393fb709e687a8ff171155d71e6ba436857d522aad38d34382c5b9f2c8e5b94464156cfbbefb3e390a935dfce72b9dbd2197e241b68cd9ef87de8165eb0515ecf534d5bdcd2b6a1540c092e26d99985085a95e31cff50452e89a3de519a0bc9494c66e77434242ef17bb0f4719b65b10cdead9b2e9072c59d334cb43827482fb92876e6fdb66dded5245e0f4a8aa6ac7bea417f3feddba61ee20b092fda1502551fe6cd0f14023fefe4d08767a0eaae297faf7352badf5ff9e58cf4d1fecb857ac3b9e83c90d19345474f82c074da1600172969606801ec567df6dbaa2df8a4380d3d500570b8461b2cc8511e5d3a45495b3bbe014440846892b11c3248decfa722419cd30aa94d9209872872820ad1b02b8abbce3b26e31aae5bcc816795d0bb3810c1e4f6ad22ff0a00ad709f93c3f63a9dafc2eb7cc6c8d986808e165b25dbed2af7ff5620ab09b3aae0928ea163fab6315b7885448f5579c40c35ed50340bef058ab56186940cb5fadc5b1d093c1a82ddd172a4d5cf3efd5c5297db8dba62e1a302127b7faac192a1de5f8225c49607768a7561dc138b0c4d9888fe68a5e38c125dcf23c7d9066c34c7536226cf68e8106c9eecf4925e48c6fb8286c5e4d48c136550d179a30daf27017aaa890abdcab582f67f4b7117257ffefc0bb8a8b6bab8c68894955bc13c185b64b5e790483145915881643222c50fc024002a7c619ac5561bb72704c2d46745ca5ee77311a3c22750ee8cadcc77dd037db697b939ce0e8be03f83c82948d491b38289483c8da893ebd9384f83f1ce0148a43065ea4e041c22aaac15a1a82dc6688c3f73f86f97c97ca7e259cf588f8ddf2de829970a0cc527df4d9514032a4161e3175c34dc46065c3a1f4c70a07734fa9bf76a3744d2764df6fb49dd8a97d85c62890d6cc094862a34ca78558c47c263fdeb1dd5dfa9b6c0ae2b3cc43b5fb742049ab38e87f9d50ef256fe3187506f8b462ac07b85f2395089291336d8233db5631cb1afc311f6b1bda3a2b8cbeecdf46085c5f9c0727f40c64681ff0adadfbc742a8a70d717a00080277f8fb67074c98ab4cdd2dba5b9a6d3defa9b6024bb7c452f19b74dc8363cc33b62ff9d5653f7f069723f1d6d7f7fdc38980bcd01d1867c2060dbc75a615933c2830e5a39885185d74f980c733afd19a830b12dadd006530b1514b5ef61de8b5b27ca58b9471029edf360e8bc4cc962d6ab28a1dc2083c5b98510f4c22f4577b9c416b4072f36b298ee1ce8dd8111c254340123e19509c179e4b71cb268381af7290196666e055a7de2715e6cc173bfa5af642a3fa942c85b07fac2f9970bacfa03e09d36da2f80b4f1a379e8e5b43d9e2890d551e6f37df150fe561212a3b0b714d13b46765dcbbac3f6ea01c976cd366da0de6bf601eb17230e6f3032f9a476ceb75d7d25ceab9f65bf93102daed84af1c7e336daf571bae47f98f74214d93403f55adb50693c9cdc1a2144f1544bcd1e441a34a8d2a2f48387130e569a9f3053d510e2bf379df90ed2064ebd503b44a2a729a19ae1af257508dee6133bc8cb0af76690be0b41248f3f447adb4679cbc91e93532513a9cac6dd4a587ffef01c202f6e46c3129567c833b5db32fb36054cef0ed13530c48cd3bb887137f41902fde6e4e472bd6e38f6a0992d363a0470a1f8f98ee17d528a0b4b187d6b0a931f2a0b123d50827d6b50797da8029a868f97e144f7586afb6b394dec7ca89d85be8a0ecec25863eb9215704eaafab2e277c3256dffadc6a99fb3bc94b4483a3fce40f29ecbe39c223a9d99adab90973c65ec64b9b9ba9f1d68ca967d87df7793323d898fd09065da2c6051308cd4e535634e235e6284fdb3697bd285eae40d57b976d7ac690e6a96b193a9c3ab3dfd771efce5cfaf12d48abd69023d7773ae998e7433600924435bc89163b7a18f7bada60f52ced09e50dd8401198fd48ad6741f545fa1b53ddd0b55e71baa55112e01f42731148ad13f696b63e307f3f9878c74bf513fb03b3bbcedd2234f8d299286add8e0f7aa4c7511b9cd080e293b0067b4bed86869a814fe4b2a5b5f2a9eb543795c7139211a61de2d5dad8c61969a0a460552589867d544b3561b8234e7d16ef4fe6590d141e3b29a77e967caaa25bfd1eed4537e5d57372e621f4f99825f99ff7016193038ad5f975fa64497d20f2d05ba4fd2d015ce6ae8d65d536584157d0a4269f5421c308818415235d15c2063bdd645329e270c4c6e180575ba5b20e98812520a41d415df1b7acbaa29d6600b797160d9e4b7f96cffbadc623456aaf9aeaad3fbdfebaed9b7725f4c5027d7acbdf36c3aa77ba6d2f834b5b45b2e7f1538cfc109a4817c913846a4d5a479d5f29e9b377144bb76265d1747644dda7465b498b3ebc4d361ac8817071b60ee23d0803d19a9da55619b430997ebc41c59d8feda62b9e1f287634b1b8b22f415c89444c01af938c50e0fc828996a044d5dc514479fde095d6e91c2e75e74af4dadd159e4e84d9dfb8e6e4e3fffd7f9a1dfebeb14816857dd1b6e197fe33d03f1835f91d2764d3cf8eea43ed03e9d4486cf3dc90f34a4f4e7f1e6b62dec4936284054322904ec54c8e3d618b4c8fea8c5985624b3625b01a904512da4cf3a5bb5d23d99fc6f72f636e08c23d435de96b0d52f16b68932e2a03b0ae8de987e2b9a324c3c1028236ffbbc85399dd8e441ce740ab549ed1547591469251aebad65b00fd4d60abf9e3072213e3ab5ecfa9ea0c1dd98141b6f58d244a6979af521e1d1c04b2de3db33a15b7e4845046a4f749b9a08fac86c32b958079a48a13743777aa000581a58151b3bd18f5b397a786d3323bce206a91013fa451a2e8c0c56cd428497e959b728e88a9707a80230850f82388c5f653adcedfee27ef1d045703dfa12952f9ab8859c610f3a9eddcfa6f3c470b7ec1cad5c06f69a65fa5e8641eff14a5378fdb63099cffdecb4816f5fe8fe64f715b432301523d2280be3e3bb2ff3374c5fe07f1342a37fef2b46a2726d308f9e678246448528a219ddde24baf73cbf4459791f564d9fc06b22635a0580b3ff21c9d5f6ec4433fac3eaddb055714aaceb48ac87af41f00fe3482a9888afa7a0811cbecbe64b264197ae22c1e17baae62116e79948771731bce85068dfa4016f3978e39ddb6373b398939642824f763dbbfdc002af17846352ea59cffbb3b07fd526936f313a9f36c818b9c8935d3535e05a7f8ad66541a202b3770e7b5b9ee000fc03f87a67ec1668c270bb6dbb46e1f58e999887cdaf5bfd08a899afbd1b1712a474fe6bdc0e3c6540072ede5b4fd2eb4da9b93bbda506a634eae7f9b0855c40609011911e765c5bf92c7ef9876d3898d1b9f74ae44dd10de3cc31b5056f219ccb522f6c48d8e32893118f6fdef1441251f5f1ec351b2ee7b95a2ae8d08edc4ce2d5749b2f07321ea546805fc4d46c27392fb66ec9ee04c41c8f77d4920dcbe5937cb5507795210b0acb300b3a9625fc4edb076cfd36c5f8f0dd519025af2eaccbc13747e1c7a848a5deafa9caddd682356e21d7d24d7b3458f8c2351c20a864a152fffa4d049b331de77b2de9490bbede98488158108571cb80c5e3eff895ba2a31a1d70aa1bc3b38cdf5610495f432a9f9369b9ceacbf45da63cf533e42df66df7c7e108146bd107fd890e32252e5e1125db9e5e938fc86a3ad8547951fcaacb69789e99bff56fb9e0350ec742665cae725faba2dd08de44a16d5779fd5c0a3624db0bd265d933494020efe58b64b6da26b0a78377fe8d55a2576e245791efbd9c2811c66374f1d95121ba4ee1b85b637fcbad348cc8b089936520a1c19391ec9186429689919c0692b665e95450bb37c8e88306f1d367cdde245b2174277da0cd799788d6ee9ae8453adcfccc3a5dc9832cdc59946ffbce28be4a4c0630691f5e9bb4f9277df568182fe478a4eac8b6576909c6780a7bcb0ce8f7d60f89e2d76d1fbff45d6390c1ac743129754aa2b7320101e0e7da7327d6c5e545feb5a0c48c6cacaf245503f87d7b7ad7ddb24522df40f94cea9a9044ee7de7216d533e16823ee8599181975253e5841c4a88f71b04d9465eee909c6b1e220d11da5bcfd01ab009ddda154828467adfa4c49cde3991a2062e10e74da1a6535ced9fed0b6d9f4c4f507d711d8879b883c43e7c3588dfc02a3218925feabe7dfc619d110bd5455cb79ad9cea0cbb5d2220c5d83c9a2169af546b260c4eb936a74db8d1538470c73fba41010963314b1ab662230d2bf126102eca5a8e02cf3fc9c3e406110d44c483b5a1770c0c97657b251ebfc59d2db5eac1cb2715aa3c5b65c1f4eae95b700bc4815b663b61d0cc7b5bc2b8270d7cd558edfbe3086cac8eff197ed25b4ca98546735f433db5ccf9d0b01f56400f9eae1656bfdaf81137c306211011e09b15dfbae35c8df774a3bba8e40cd3d4fb00a6880e445324f26d61a612acbdd0737cae1179bf26bc29b7cb0b23a907ea011402947c0cebd8aaa82620a36ab9b6d281470d6f05a42c99b87981f7c45adcd01b2b47026eac614e0930976ba5b0ca56e81fc5277d80a9c7ab49d670ed03dd760af98a47e495a3fe92c0f97c4138958044faf55c5f4ab7833f1db1245522924609028ce1c234bae58d99e377eb82856c7a8fbfc6a21f3f2c21001badd0aab473cfdecd9a89d230ff477d43739debadf3c7d03de3987d4715ac54ccfbc271ef5796428faee43cb46feea3a73ca2acd73685d6be66e86a958a8f29ddf8a7d3f9f444b399dfab5a6e46aff3d3ae8d25a4c737e4c2bd1660b0302d2381ee4dc9980fe75e39da89af19310d61a4042f56d22fa2eab5499eb2865197ef07226c05600fd904f67feabb07a7b6f5fcd31302755a19c28f3fd8fb34849afc27a79c226e91645642229a0415ecb6279770561ea342e043baf8907a6e6a31914bfd8295ba6926bf4cfa11a369e10895d5d4ced4c426b69f6084a304804083020e812d01b0b6e6591dea9145ae40fe4fc0e820c2a3dc813bd6b1e960adb54628f1fc5b66df7e33cc9cfefcefaf14a510ecc1ee5a7bd5656a34b14d3bbd6e20034b421233e24d7d8d80b51aab12a1d55408e3679bb3c68997729b2488594ba5d8ac0deab6b93fc38ee6db89eaa263d34822bc71ca45234db23ec5a6826540781358a9f9f360b863204e81d07046a093dcb0c9bc3c0415b7c45722eee2ac88627823b78421d11f0be2d32590c2380f32d355229e34e33e44ea3ad47be9021aa521b3832b8edde4a37368ee10cc09141822d5dba7c5b50705b4af3e94e3f9ca32840146fd4f5f6910de5004fd23c3089556a0fa92e2645b9a3b9f4ac9e850a3d3e7b5b8d32fc8bd9ebd30d9d5230b04c9f21073dec23366748560c6fc67d741a822c54ebe373e676e515959056a805f09852a111a6beedec8c1ed6d8133e24d04fafeab7b877b71bd107db03e7a47219111a98d8967405396fa2a12e30e5c02b0235d6ab4c414d14393e6bafe123ba93f1c24fa303313ecd123af3c816a898e8c015c977550012256d83c8f96da6129de1b2bd857afee09a2122c264f5535ee17207e07250e756051b665c5130945b98cba09141f4175a1dbfc6fc3440f6a2692f0141a980b856131e75a7f0072305c0065b5b0b32d0a8a406f136a67d8bb51974a46cc1fcaebeede69c8f76e9cddc5c040ef380555ade3492dde6f9caa0d4c18d02106389c3334dd85e21e5d1198bd95e32a97fcb59c85de999cb078d9d2982408cae15ae6fe9fa95b4b5443e8d6effcf4b3e903f021f42644d1605bd52861a520f413bcf9c5fba40195bd534ced9088357fc3155c7606ec5b857eed52106d4472dfd4220c46c88a2e444b0f0ffee688cd472ff90304853bacbe594e7e9eec897b6f6fb0757a658f76ac8a36f995f228db232ff365c842a95ce4dedeccc7d6adcc66f9723b413de9f410bb3a62b338b3bae5e9115fa66d581a5d459ec0bcb09a013e63303e89073cb8473896915f1593c9a62c060a64c8d164cae46388ce6751a7d11e1246af906e1fac401016bc7b8ba49be563af3fe509c1efc2771bb2fab8827c60cb79de9a1ad7485cbf6f145c4117a93b2f476300c403a1fbc48af19666556697857a6422675ee39868e4d694b538a5d90a741829ea1eb7f16a4cb74dd92eb71cfa84b5ed5eef1f5a52232b53d8791b48fb98cb0bf41a881f11d0d202a40d5031ac03961c345750b8d0846f28f76e663b931c0aed8b5dab097d144826ebe16b8e4362868b4b105ae28e4c458982b0861c0c5ee362ca4a714dff9ce082629e21c612546e4cc50fc78dec5ff9bb6cfb7477499e90b3d799fcd26bc460448ae038f4d7dfae99e1ff63d34285a15592955e50691548ec56edf4493f54e90abe856c933b365953c683767622c31bd2b18c50eab5e1e8ae29cba3dbad2199a4fedeac65f4fcb0094524ef23a1d0001147cf902c092e82eb5e2b80340ca64adda9d479af18673875eb661b3f085a016b7fd21bee7789755ddb38555338d36bf6277947fc8debe80d3ca65934882e6b03ae5426dcbfb40efe0de27d5dd33ffe91d8151327b8d49232495a021c7d52b1a70810d270f473b9c0a9481744b0b51ba5a3b7f1f8f86c2f23da41f61c2bb60b545bafb0f7294aa9867e2d1c2c5a1b4bcad31373e8fcd29118f455d0334c9db169a438fc9ef021aac8d8efcedd2fa51750706d4a4fb95d7bb5d91e86d6b8b10b87bd82aaa18c2074e54f9ebfd46c1659a988015c86b7ce187b83fa89e27ba3e91b6e1c1bad902723f0f1a05a9d016e0e6b587ac9b3f1c9985d1ab1975a5427bf34b812e87130b44812cd2e4c5dffc0752c13c523bfc86baaf12a256141f12f33a727abe44c948d58aa76f91df64f063c36b9a6d04dcdf7201dd7c3ffa1d45eaee5ed72b85dc589bf8147ef5fef4ae4b949c2f9add64cc0b45b05723ee3701165b4a5eb8a442dc0af576512b0272338702afaaf13c3fdcaf4854a010733c4c56d1abfabb061cc40b0dab4b6c5861fffe5e3b8294d393a368c38196036b257f70d227b32140708516a1b97c9c50ddba5ab246eaacb193129cff1a51ba69b4744b712ad3477c6fe36a940b6aa5ced1615fd0f9e25ae89812eb682b8a7a376c1e8d08e589cd9e3d29b25ac51e3e8e3ce7d4b3f8b7fe1ac105c7ee26e3f467cddfd77a5da729943a14ce537cf7f54170293996834a4206521a03da2e14bf28ff11ec8288912d13a08631e01278eb5fd631c7ed1f2a2c72f22f7d7b96cb27c27da9ee304f70753287d4e288e53b2781b8dc405379154da26904290850422ff4b396a1352ebe08c7136efe738fe6a38d39b4275127b9f230f437cea7df223b3b31bbd88aeaae1f7ab5e93d39b7f4efc5f2bcb6fafa8ab485f9c121cf9526fca23f3213c5ac138190c9458236557618eb79c0227678f9fa5557a9c214530bf6b858cdb46cb259092425ce63de420298a7ec7ee62b8b5eb61a3df4a479b68e0ccf7ae1cf4908c0b5ff2f34383fbf155c94288614ae02b8f1c4d30fe332ac7a87d45bf55c9fe2fd593d6160b92795ce24cebac2ee6c2803087515b8d44c9a5953bcef88124af2e82f01e66a2ed8e3d68260ab9dfa887036954d3bb9d9b43860bd482a5c8ef96aac05909de00e73d96063256dc875c08327725ae2c71259001b49acb348cc3e2db38372a67cb2fbcb136be5597a6207e801b08430bb5c33e9d1880621a7508960cd3df0c36ccfc9d0bf417fb43239a72490b1d536beb736ee74d37e4745d15b1a860c7c43532c51621414ea153daf68fb09f0eeb8915f0e973013dffdba60c8d7bc807651ec4227c0aa4fab2b04001fa8d27b3743a75e91579551d1c45d1b47994783e5b9b79eba1245f2c779e856343fb34b15b9ef2bc2fc7db25df53f0880184b6afbd88813ca38930d58c6bc371e1e0c6729baff00def2818eaa51ba356d6baddab556c59f198695d58621ca609d187d9937bd4dbaf0a55dfe855d2c6f42df4906eec6565c283684b51f36d642cfc88841292b899f4ffbe6c7bbed34db11ba1646de299d752cfaf3ffb98c163ba8affa22b4b96221991b48a9e51dd5135042e2e90298088da604b8cf7756f6c9904a55ab157f508a028de1cfb65e81ea8065f20b7ed44c15a8687351bdf200aceeadd5542e9e33dd85079a46b54ee44712d8cdf2b7a672d1607171a9c00221cb04c256f0a355d7c98cecc9035ad45032fa6a053333e419250f4b57a026d72b341fd90c4ee43808c70569058a7f391962f39158d84d0c684fa4213551d76fca21d56836a64eb638b1a1b8b9f9d22b2bcaf3bafd6d4ac633dff5556f622ee96f4512aade6f336de2ceafa3efe78d20a4e5a66549a503a44fcc91704b5e865f451fafd8ecddda1d09315f2f2938df845c1f4bbc55615f1d3fff74cd263b6a60b5ca1ed8fdc3e1d69f792ed688d95cd679873ce958458990f2aff5dc86292744cb698d93a37da64965572f663cd4b2203a80685bfb55936bba99b9a6c2e0d6cad1e84b6b62632110dce3b4995f481cdb308b9b9c13f2cee0c92f552b148eb2493c63ff3c8520c4b6660522f7d314f6e5615b81e97c4febd1ddd66df9617814b0f84324d683dbfd082d803ae2e6fbd76ef66fd9a24f1e63c3f3335a2f61554f8be4dd0cc888afa85645372da0ee6d6730d32e5b5c7637564e7590d73f3a86d5a7cfc3fb0079faec67f8f6891d70936993d0b3dd6a385c98b45830b3ec76864347b3fbacc90779cc5fde43af74b5c327502fc6e2f0c4e0533d4d30aeca71273a54aeb815699d38781fdb6871992591104a2617fe6dfb5c628d95d1f6caa29194305f5fe15cfc76d1d18509fba3a09c208aada3edb8fbfadcec634f30866727260bdbd3bfd751700bf9f78a3e896ad23db343877e7ca7b8f0af80cd97ce764ef93c8f5eeae86cbfc196c4137bd0d5134888ec2247e62297928ffe4105c1e40d865264d1d046ae2e785dc369daa550c4861ef870913916694bd0baf4257662b413356ea72cfba8872eb522c6e1f7db5604916d6ecf9d4c8f74999f45af1b486a886c8cf6cc7b8cb8de8b6f9a7e1a6d445a1a0cd69cc3047f4a49a78cb9f0af584d2508c1708c912de3e9567c2d93a5dfa595199aeea8e9600e9193bec7f61b7bc5032b59c653f654b1a2385b5f11266ae2b7cc9ee7154a2ec5b82be245f37aa82b7af41d11e827f965f7819937d2cfafb34e2d67f8afcd63a49c68c2882937378e7d5b1d89bb72f4eb341ba6feac61fab677d42feb8899f763db4c1dba15014c852edeae1ebb9218b36fc465a4f29d6bad08821f7838777559953dfb9b80a164de1f0b757f193be8a8572231c799bffa981a89afde411e7789a567a462d7d0fcd351695f09bbbc46fd96fe4b875135110c740062992867616e920a078148dee0d87a47161c84de9b4061480cf6c184bdfd8b2dfc0d668287d7206b52ea84abe8692c9bda5318fddcc59555cc856fa88795cf981f987fe6a2ec5382bc9bfd9e5c61a9bd29d6c30b72509911980ed85e5f1a2baf1d630b59ed80eae8b7bb8811c1fb43115bf0255a5608345e00a401b82938c5def0a553b921d4a33998dab73aef8dcc94a84629876be7ca1222bb03623c2a684f95acd7cf0829ecd1cb1323a3c2837476b9563f9d3deef4898bc50b48d062eb55f77fba9b929805a612b004e4d67ed7dc3db2de2ff23e696b525334e3645015e3a5926ba734e3a615c037d5795d180fe269ede800d6d505c92b08a35331e49d8e91fd41fadad67480489a1fc165ff593700bab7b98daaf6f47dae85c36e267e8517f7992517da7f35c4a741128b08484d34d9468fe66977bfd06500e286cf246d65a8121be3a6392ea1c011f110882c2c2b6ea8ac13858864fb1d8ec8d3b00238bdf7f17b0e1719b13642424337a35e188503dc4a5439876e201158a082c2035e2c39cac23abf0966a44c659bff7580e063fc565db8d0b319afc7e16062b3bf5f840cbaa07b589d0a68dfcfe75b78d67b2a76e97dcd72a5450dad5ee69b61e4e7717afe68e92d03f0d992a3568590d028d1b4382644b383756541dd7562216671b936ba8fcb01243f03ed4b540fd2a3ab2834583419899b72f5912b4a77e39b638db313eac03b17de82f4576f1578762b83948a7f86ec118a1cfb545d3bbeb33b9f54e2171b880fa9f4a312b721cea7d58b8626cf3ec13c1f1e9d0ad59682400d18beb96b512e5f6d5564926565afe7586162180f6dffbce79600eeb81cfc7465c5820d40993e3b1cc69cb79ee6342dde0c93b89a4b0b57e907ecbcef47f5332fc0fe265d7f4a813cde04f2e32f24b541f6d0f28ba53d632a9317bca045afb660ff41986b421ec5693a0b8c78279f636118e618f192330ecf34f533d3af8f6529bcf5919cb2d4222e45b546ad303f27f655f4d93a867fd929cba132a460b7063146633826809f051392d0c9362408c6e21182108e72538a04b6bf8c80745b3d1446e15b80c26cd25fca5a2f06e2afa0b73041d5e020d8114aed6dcfa8f3692aa08fae2cdc0fa49630bc4520b1c70dc4ff22b9ab64d589a1c8b9d9b15a87c8e1514f7f328db92b0ff5b1b56a95c136b0302697309bc92a0dde9f69db9527ee1d5b42aa2ae05d31d5f84ae266219c8ad8de036bec43d3b65b326645430abf28f3a578167c2b2abe0f20eaad0cc78735bfc0159598070ec2ee2a448a52492bedc6f5743cdaac00a5e0b493a82f16ded5a7760b4ba7db565a96aaa2629caed538d23999286b0395a59b6a32419413b3e3ef5e52c504faae2f54f3801389ff2aba485af2c46cd1218d94814d46dc6733590be1e559da9e71f45a60faffa607d39b790a4c14545b18f6aa9f38f9149451273ddf464501dfd67a55c0f95b9bcb7d378d523c52d80b1066ef5e51baa34bc5575589586ff31c8beec4473cf78072ad7bbb3191abc15c701d3d8f390e91dd0d99d02dcc7129358895ef6b31544fa071e56b8f9bbd74e023b6358f4c7452bc6c22400029f53fff4819f986c287fc4f26c8f071565faa3e1da2b6438745512949996c88b54e39c0dc72f389f7aac0e69158e10906f9ad41db237c507b8e7b0f24f1815c23ed0a9b2da7618196b0b6f50bf8a9b941112b2264709ed2797791d63ac0ea0257aa37a8e3353a2dfb0e90000ea384459a465b6cff2f0671046bac98042c3b9ea9f4432808c6354ab0adf0063448e7d9cc9bdc53963d183411dbfb7209b4ece4b6250a5861364347b4f4bad8de949d5413dd4651071db6eb77c6fa730d312754f3541ccd81c29f24464cc4d370fc6504e6710902538eb75fbad327d6e74c90b2b346dfeb9234522f5e4735259222088b92e1402b4b9e9a2d5ddbd6aab5e47c8abd3f7905d52a832d701e44f8c03b85410206cb5432fdc6b925182f119663f312ec175806c6ade1fa07ae9a43cfa2f7495775ca947d66c3faa0a087620f78cbeaff99955f762e8d82a2ec20c2a5282a87f716c96a5d6a5de2043713e197399bfcaafdaa75d5579ec6514708e60cd6c7a52b9ff57efbe70ab973a5a5ddb7e23cbf19906de5ece03fd1b7c58436ae574bb51b467ac65a0b5684c4d625a3776b10590fac1a9ce8fbabac4bbc369f58492a4734bc57644fb4ff3bdf090fd4db40afb5fd39d8419b3db20b090e766ef4d24fd28a698e12bd94c1961a6d0d26404865e920b5a08dcbb9dda04391b4bb9c4262522139195ace73343bcd2ab056167ed0ff0b98299dec424970d87d325a2bf52cd3ad2641e3459996dcfa0003dd17de89f1c457dac80e3beed0ce574491848762e1163e6d3fc7e876f0209fe6cd101e45b99f7943cab69f6186d9bf6d8e520d7539763f5aa2fb4e43491e6c2142608dbed4c91fc1db473b3576b8e3c1fff7432112e99988ca7a6831a9242eb3b411f03d215e1748b4d15d8188a7e631acc38d59c3d144c1335816a22e0cb5ba99d7be75310a893bb59dff8fc1689c64088723aebe4da7da792ac20e8ff5d4dad89a5ad69f29f596c73bc3a4313eb3bc25312e255f4c895ace26cca38bdf7afa9698ad4a410dadfa286aeb8d5f10c467b6df332127c682b989308b9ac6d77866cf9c9cab9c7148338a4ce3b9e39ebc4d7e1dd5abcd5ecdbb25dcd41a74eb40afa638f6ee1ebbaa31598d5e533147dbed0f4121b9759f32444935800ff21b23f1a4f53daf22d45e680637bc82eaff186540ffbd82831965377fc5374ecc057fab5b606d45df49d1e46b7ea15c42b77740348d3deba6eb02784f09443e251be7beec1728db61c8e6b7a46d9f61c25854c8cc8262afd14a20a37de4cd8bfec05d5a3d603b3f0665c5fa21be03054cd70773fe92364fbc2776b591a279fe000bc52ff0de9b5995ffefa0ab11324ecb4d7848761bf855fd8149a896c9ba8263cc27a90ebcd2f9480cba5ff5d4726cacbbb55562692c74645a2df6e0c965bcc907a7a243e5e6699af637fb252ad071c47e2d5f5538c4d4301c9c176bff0abea559b6c42bf1d0ce04873b99350605bad00e0577967414820a8e5f5b2316d868c9dd5cfd40b2ef35ca7bfec53aeb32a94dd9341b8d629200518776874aae6c8e3281196458645fd97f223da99034b4b3324bcd1a4c51538d363eb2f3b46713831f58fc5411939b6bfde6e0cdc72417090fb4e0905831ba58fd8ea4ea0b9039757e5c83bf635977770bdc802554b54ecdca275dbd921aeeefc84c934f19960f7125a926ef85e30f87b045c2faa23639860a5611d3b4b88deb464d8ae37d53c0125892e226024fb7b1282819f282531dd36ba9f1d6abdba037acf1f43a3fc65f793a858991289a2d00417f8b09fec15c7c0a3d863e583069b93a5b0789150ecaa8be5d54cb88625487eda5dc5996a95c2e15a46fe4ac3ffaee66c0cdb16bbc7ef90894bc427aedc5beb2144c02f6fa9ed8d42a51229eabab54ba7792dadbc0f11b73c18fe5a15610f4530e54610104d7b8ccc14108b8fc4a19a0573250200b070f41a8e5fea8826f0173d8965adcbe90d3810e2e35e9ab038f2631bbcc18af94177a0f1c0af02566971af4ffd6f5bff94a3d5548f9fd9ed9bdee151a4a3f6202a9271fcb4635dd915e0a512df7ca7d60047cb6dc5c128df391875ef3b09701ce7165c9798f2604fd25eb078f2992ce671cadd4313054d80462090290e1a62164dc5ac96f45c0f12654c797f6269a37b12ec4e3b1e5e4d9e5dd17f5262ab1a7ebb873f035aa268ef9e374d6521aae6d7af2d6d65d836e79d6461c5aafe2c91ec35374a038b9ec89748c1693122ac6028d391d6f5143b74b842f53493d5bf6956d26a33c63c9b10994034a36001ddde26e5b8b6c1b8ee76bb94748b1fbe8d2e08fcfc31e2fc459f518282a609c1f97296185ae280c4318137bc411b8d097c40af0a11c2685e1ea3b37f425bb4c78766a235d219531d2cacfc12404ce3de0ddd4712f84671acae9bb139816bbcffedc1a6c273f4d86457af7aff6132e94cb4165e90b16491df1e67ffc0fca1c227a10be9c46447cfd0005a0153fb3b535858ee2cce73ec76ee4aecb5b73cfe4565a1a0ed1f5d582b1e7d244a413e93f5ada361a58443fbe0edc99c1ee3368c7583b70c21bab896491c86aea126b6779294ad1b36fa07ea2b780d4a19c5b0ecef284d444537bbe741c4cfd6987ce20f6c6765ee90d38fc7f2d587d3a40cfd79f312ac44ac734adcd418741d2bb793a468ae43c854ba982e9f5667a488e40b4aeba0eaf81e17b0fd0c76a3326591ce94be7290f30bb23307dc78d6b69975455d6cd925b09bfcbb43a591f9b509508138f6f04aa7680111ea6a280195cf3af9ca06958cc7954db0c53545f473207520acf19153c1219c25b14bd52d9e8ef2efe8fd44716de55f4f3316970ce80076bbc4ca37b93ae358389c5b72f0eaaabd6b500ce63e26fea094dc76e4e7efc0adac93388f5b501f572b9b482d6586a9f9a678fd5f90491eb94dc7359bcb27308b74bfd4541e13c76c29ed6b425beb4a2b68ceeb49503fc4226e980d0fdc1dcaa97f962b2dae3fa4628e1161be82d56b87234ed079daf0cdb95b8eff084f5dc693ab6bc906befb0323eac3974cea284647cf84c3398d1289a4c798daf996d8a1a77b0e326c8241fdc35aae4112f0d306691b533fea134585d93f86239d4aec0907c0476779b9f0255f7ba0c48463c0728904f3f49da65745ba82c6d43a1f69fe0a3939a9dbd0a1a326c8f122467f7a474a1f34db3eae662385e671c45d9d764ee7480f9951044ba58d7202bc749b80f7560df0636cb567dde48d4a40e05b06a02492da43408c7eee67e830692bd56dfa83f2a83925fab3341fd88abc0bc5c912ffd3e989a4809410bc7a88a586a81bf6b7790acd86b4afb10c88cbadcde886424d5bea51773cdd5e3e5cd4b48e61f50fff2d9633fb0ab1dd76df3de572066b9659b18c94c682993a1b63577a8591032e346201c08c821c1515ca4521bdbaf1be924092eadeeb685fec9b2e94e5e7a8129068000c508d07d1059ecb2c44cbc0b5c35e209d04ebde92d82388a6a40bfa63e6d9e185c09857aa0d56047e118771a7801f72d31d91b2a9213d9211a49b49273ce519ac51236030d485f42f08ac720bc1c29c97648784d183cd4cba06b51f55eff0bed608b9a9c05f21e9c6243ef9f294fb23b41028bb9e41fc3e9564916659b5f890ef7a3e49f22981e008a83210566c9a1b6d29a341a12d947601bbbe20e8a2ff2f4bfbb0b7856b4a330eeea7e24643a853884ffeaa0c104d27a4b31f9082506eccfa428d821731e2e62f7af51165e0665b07e26048e6fcbe046bded2bf5d295b29d3b59f119d4b16a8aaa926fa044a9c4caf678041708cf383e5c494f9285471a32e0ec1eb9d363305d9b6645f719d6209d1a7cbb8facb0e40f305ba618c4d36a07289a0e44c957ae861fca29399d576c3a35c1e587381078a7b1ef99155dfd7f981d352b88ccb039d344f5d04f0cec3e14906aa1fed6c5a05853ea70c1dd06aa50266b8f687478e1e2e68a029024fa4a8072a586e336f9b47b947d7594c284a42daa1b2da26091c61f80cb82f7f22b3aaeff341999d1b8af2dc496bb674de530041925e34b039a70a5bd4df33e99cafed534296c8bfc593cd48eaa757e57fb8483e42d98335571272fd84eb0bdd4dc77e4e78d631b7b61c769809bbaba76bc6d5f38884569b2fa542b71054a3f4e5ae1808e8022c1f02024c6144a890b9c37aca0905745d2cd0ac292cf0f91dc20e81dea89a8be98bdde3e2898c02e52fcf8d6193b9a3c7ce2b311a4e764e3980a902f016a1a4fb41267ddc2966f82b8324f967f0b2a3cdca7835491360c23deeae74171489e78ca496d04235576266b834e5971b9fcf2c2cba6bd4803caa4675d6efe7811a90233012d1078c5f7f037e403770ab5d7e4f3171f299547cc45ad7a02c453314f5f2cc40519895f0b4d9bd6bfb70d6a69609979435c41d7dc816d9a8ef9b1ae1ac7f27a281cc93ab680cb6ccb9bef638381308afb37be762f2da5229025f2746abc1dd54732bd8b831994c669ec07b3110ec7cbc00753ed4e40fd0c7284842092aa1636963cad046c97ebc5dd3d732dc94a30b3c3ebcfe9bdf40e550cbd1d229b1907d49832d5d321903db8037743da1ac98e6357f8b65d1add1c2c37573c5ee8843fdac1a938565609f3bd5a76c92bb8dd1418fa12f74048bf1495007a60b1f015a469bbc47bfabd1fe65e6c67459a6a1aa218b747b52c3bf8b51b582332f2004875c7a0357a87b0a04ad01678b107f9a2b9f3039801e7d204462df86096aef837f6d71f9ab6a08d17e91c05de652507879b27e7dc6870c2618b4227aa50f2c3efb8c1568610e179bf578c13a162e54a59cff0e08157198b56957a89e421e9dfba696b3f42ed0b9ebf0cc70608463cc4c376120087bfae5900a5d3c9ddb097aad563b5af2f6abd112323b349d89702c313b0e4002df7a3664c188821c8c7f0571007570c6215c9bd603c53435a77da0b228642d30eb6e84eeb3d0e4564764544edafa987a78def852d72bf838b244a29c1065bf24afdf69f683ea11c7127efd9635a1aa05cc6970f9d312287950a6c4d2117cc2ae844642ffe1d2b004cdf93f2da62081f3957be5995dcd97b590a997b9a093f64db2f861659dbc80c8587044db8247ed16db8eda9bc32fe068d20790725412c66ab95ea879a373a607e9cdb5a62a693c01f7a0a4031ad8de040d28ca5448cc9982fe7304cdf6c6deb9b4782b3cdff0f8cdc00ef05bf3c6ed3258eb90b01e6ab32652c35f8133223755d7ebd73c24989e225aaa168afcde29289b4771596e885005b3d6d65c73a5509202b68f96fedfec2121326488ef60b101e8e60d149d69ede2b08782be1c7aaa9e0c5255dfcab36e5459a25d8f447f868ebfc9ce939471fc807b77eb5a00c653331872c774fb68c212c343a8bd3fc9bc52f2ecbbde2fb2ea9605c0fe6a7dc02b5cdd0f84974cade1832939d2dc0f383626e1bcc3d9193d96d8fec338617ae0c5ad75466d9050a4a7730dd61a87ca62a2143926d7ae8cef2333268d2274155e297d499f7730685c2fd9c863b97c7a3dd01fc18fc3bf42354fe6246d6b78987dcfbd06269081f8975c515d351b1cb8cbfa6c43925d51666a279ce13bc79b6136f195cddc998a18d1f0ad5c9997dbf8c0643280a775a829e7138b5051207e1b2e57f680f82cb3a3484bdf7626dd3267bde824c3ee7995f6f8cff35e71de6c612a06dbe344fc8745adee861dd7959c2b5b3aed5fbc22e65bba308932dc5ee90071ad7b920c5698683fbe7de1e980303df957881b54f1b750654ea3f00aad73efd82b6084dbc646f38b2ac19269d213a0444584e7bd49a30f011f5a2f6bc158c4ffb52aba4e34b212c01368e2ceb565df8cae2dd4b2e1a30cd06e019807104d08238b53ad30e231c4f8d1440e14c21c842ff709648e78b3ea80a29f726113a19918f1f74e39f5052d63d98e66005341688f57ec438b7c6cb90d21a2a86e695ffd48f242e6f642b55194a40fbafd0198f8914c6fe5930fd152d0286ae1bd23848e27fe3446836b2d76b960caa119421fe7f4e7df092e00a7019cd58301882e878600a3970c970c33118d43d13c33af57ddb66085dbf02a9ef4d09b5acd5c6e9eb48fa140713b7987ede4fff7ee835263d99db9df706abad165ff5c56debeb5791cd5b0bb1e0477d139c24d66944093d2a5743fd72b8960b4d602836c536a942ca45a2fbd29ab9d8bd7ae7d65e64f292f26fc96d7088909420db9b303ac963c427a4d05681c4006afb48aac617368da5661c5278a30cfa002268cb3195505b2ace8c8cae1f1fd5b34186798f56ecababaf0b790781e04d08eddd1da8af98950ced6dfee3caa49a78b16ca7049ae0e378da7c9ccd216a06f98cec591879d8ef1ce2ea2d1fd01f55eb92f606a70baf40c999583829a895d74645255202e2daaa498c77f193c06e563a9b3561db8983448cd6d0c9d06a148ceb58082e362864290f38139c148c3d802a3aff13a2e9b9cd5486d89f68478ad22eb6c68f199726e4788cfc2d3ef9d4ede892a99989b5d06b31bc9b76b9374e8ba0b46723ca16bc42097b1666cb762af7d04d78547d7cc036bc211a3ac9b1ea706a2946730b67b50a34fcd135bde01515004b70a7c5c7b588bddb0984b2ba516add041585d78328cf8bc39d081727dd794b7460002fe136f0f2c4005d70a0ea40f11a74857ea18b78dc79a04552d7929b1a4a279aa6ff8cfaf1dbed8c2417f4f86adb54707366df2185f97e5b58ef83bbfa513f0dc53da5cda1b83d8449e3c7868b9a194f962a99b567743ed416fc4eeb390b729ce72db98b7e37690a4ef0578aad7d3975d57e4c982f74e2f1c7902096d2fb31f58512acbfbd480dce54b1d7b5ea1b2493d610f03d3bff2153dbf2a2a4887eb6bd335192cfaa6c3f48a6a83044dc24ca5c3324197bb0ef6c126e4ef9129b6113758c075a0e9afca077e8c92940836b71c1ab34f35a4345b96f437d735be8aef40f202f281e6bc178c65b38aa65da2e8ca183d14aef4c86cc88cb6d506882cbde320ae5a77547f52ef997c3a40f173464e1060380e5a4900e29d081cc34191945c1a7dc69a40e55ede68636c6673752e3adf9e5a217384dd240af5d1cf28b37c7559b964d41ecbdb6e70b9f209fe818c9cbee404298e4863ce600dab3716abf797ad951fa831df1a85a3752e31ec7a1cc1115732e7d537990ba7ac238d14862dc7c256d21e1af90009479a93c28c86d3077931118be2d5bd79640187ac12722e0da3e0582e86efa6e2f5f7b463049311fa0af24b043167b4ac57cc6d0e4058d5e46d7533be851c397c646fa0cde2220235c305ca8729affb67ef3dc3c5a7a1e0dc58e2cc5ed92e4da36072cd55244ea5a2ca061ffb1ecc83b0953fc527c2321acc14df92f9f650c581152315728da425b6e117a3f089897482a5394d363a9943e1160bf113652a510381e9c194bf52fb1986a098e17d8b8594a923b2f7beaa095ecb50ae11d94591f4f4e2332dd85695e588d1fa66611c7cc47202605027fb2512f587355f78e193332ff6b98af8b48a30ed56b498c2676e06921ec6bd322d00064e5d2417fe5f7af871773a80ce8234b5a2b178be151bc79776191bab61a480874edd3740945fc8da656cbfd22d5bae2ca28cedc420876445dc02d3d5d987e7389a972ae7a8aad24c77e97bda20aee0ef68b1014afc1533422728108eb6c21417784ff97bf88493404aa3d485d4d738ccbf5f99188b4723b13739ca1b158341cc62a222e1e5e7fa225ad60dd8152ae44975642622aa4ed6c5615bd309d4e2c793dcfe5a089b58045307fef21892b76244db2e788693899e21348de1c7262ad54a6e9acc2308b71457b725507f175da4497be1b835d3f483eff576d8ec13aa3c57b7b11a0afd8a477b270813eea4600f6c919162e2aa2764f13335b917e13e85f71d4b5aa672389caba88cb547cc81e7cc8c31e88a64038534027af918723e9ae5e7ec32c5b68b8fe6a803b19775648faaeba5d36e7486b9c68041485e8598701748201b31e8245bddb180b17e2230954cef73d3815afabf991dfab9071fadbdfb2b153f75ce519f8f7b479e752790c64d18f32ec7ca29359c994a75206a5c23d5f341d784c1dd6bb6df3caa4ec39dee34e8b65dab6cf22e599bd08b72f686a91807284a7976ca613b5f3969ae4236027b0cc2f34018bb0485bf2222b5ee8cd9b74d60b9e4923e151e29f208268ca9b22514e8e2f8cdd1f1957d68056def464f63fb35836688bb3c444afea76c355639f3b43c0f14832b5313892bcd073da802b1c58433aff0d6d8712e375f6f9c6defc9a6d7d26e66d066809924ab0fc3ad227af43acd3f67fb9a2aab0c2a0a6399154bc988a3fe4983e841b9c79d89ad26c6a3abf912b43c16c58e23d84798856d5e802c4fadaabd41b7084d2d20a7e8a775b5b41f27f9fa7318129957b4e3b6261812c0db74f8ab21f9a810f2c2f979147c31d310b502893ea9bf3e62ad2bd6b088ae4cd3d268883918ff230a958cfb6009fde57defa7745d156795063b92a27aa598efd559db04d336414fcf059876b389ae2a9843e91f22b181dfb2c31f76fd3acdd15d3050ea7e91d4e2978899d0cb53689f687f2a2eef9191e55de8d397b21f9dcbabc170b5cf930b192780b07cbe27720dc2cb66773dd467b7715cb278beb1e3c7392fa3801248a1e848ae3136a371a172d6db3c5e4221492b011c336c47654d0923448d1905661944d58d83fcf968e6b7e09d28f957f6a7ab52b7554d938440a4107a272186f4679d31b1c1d8656f07cb452a2fec1abbd28a3efdb5bc25945563958d6f38faab7dbc0a54b44ba71db2169316f1642f111e69aa0d7126851f264a85c0451f799d8ab080b3528cdd9c1ebebd987e2d660f845313faf4e493b74d93b9839a556bfdbbc2346906e766a5465a8307f232ac0040a56dc969abc2e7519c86815a6d2481944d77175f8f8f6f666f82504f99b5a3368884d07cddc4c92e81ba68ec91ad05f3b9ed1aae4506e3974018c95665ad249f21c6882048854973c71090afb6f8222df5175952b9eaed98f90886b43d36bae4bfc9c8060786309a5cb1c5a47ac26e78f9cabdd84d870041ed102553e8331c06e81fc6646c851d60fbfc4f4df5be47347ee07d3257f923b02331ef9602c566bc2e008b6bc48d9586ce9cf9d3adde5e67cda07655822e00f66b95c32676e22d0ba262d04045a3e6cfa9e2336af3301cc5e23def47e595355271d08650389c4dc7cc25993a84c62b6a95cc700f0eb83231af1bafca03da774c0d8cd4531ee4e3e4a5ef11a5c4819eac5a00fe960da5e4f50c5a9bfc92ad7686ea7d652c3ea9643bfb829bc2932c255b87171d9d3198ed794cb2887291913ae84bc27b5142ca6a2de9eb3a302ff3d8f817d8d7dc2bc9f6bca071599446cfc78cdb58837119f200d44cd16160b4afed472139c34ab8d8f76df4070bf1c520019de28f486e5516fcbb9af1a1d015987fbceae835c0fc165e35b73b9d9608963c0cdd0808cf7ff680ca3bffd60ecdc63ad7e345263253c01df836540bba7319dafcef0f63431899f1c7f58ea4b37ea3d8d4e9a5698c5437a391220707e34af9017e37867bc1ec766c6a24108ef4dbf67130d23eec4f3299a127be649f5d48b478a83d8c81ab29e91e1157327a3f6d2f36957ee21a1f6207a586f3d5a463974967c13e5a219f6d3d3e688587eb8b4d8d914cbf341378d0f25c681026c39fe65403d8d78c764458334141c46098a899d565ab8c8ab1a7464039f72beeb4f0d3b43a69ee063f31881917167fe6e884b681bfe7cc8c03f916b0bbb345ac36c1fc924decfa8ad613bcb3579fa1515ad96495625e259119149aecae93661d32db0d26b051a1cec2e16d984373c5b83ce79b28bb431097894ce01537dbb30c4ad642b7e817b4d4736321504967b70f5c4c8e74fb9c483822668362650dc143325123ce4701502e550fc9c5141534b23240e092287ced7dacac60cd97c01f2d71516c22845b39a943b11264a4f98ac5864ed4e05da850f9336eaa8aab668bce4beef982358d24edb6639d6baeb68c1c37534dcadec3666b18c8440f6eda6cd3045b7f068c193be24b54372a97391a3f143f4b96fbe4a19acb20694c3bc69c2814abe2ffac3514ab6e7371c22025fee43add653981c9fa37af6bb30f27821e4dabdd6d847dff803decc77febda719cdbc1abd4f1002b81db9eb3494f20c1c561100d6babf1e29127a681474a8deb6c44db25bd82fbe9565a1c53918545e07c12e1e9cde07243d5d6e0336134d216dd5b29709cab0057549133fb6a9e95fcdbebe08eeaa5486275870c09a205ca5c32eb7322b20b9bb81a2064ad4d9c8f14c723c97968e319b844a47e81944fcb682cd8edf1d597a4b98a3aeeb029249772b9bb57d5156acb1d1036b3ed700c9495ea285ae5a82d5c788b172eee610a6a1cddb31d9c27a77614b8939f9e014b017580cd6857531bb6d1099e2f171e4a52c3d119addb6816cef1a05f4ec5d9a662dc3d3147effe9391cfe59bda97baa89abd69ad986edf4eaed759ec0913972558a840a9b4fb87dfc5148d26340b61039c1741f87a5e4f858f03c316ac6d5a24e9e42841410adf128d25503a9c3334086a1263eed865c50b7336fdd52f76d72e2a07fec314b353af032bffea9d6a8b74a7b1d3a943c5ffb733dee16bbc179f5192264b5fcd5424a10c3c3e2fc281cca8084b9572c48c8d93e312e3806dd6e7652eb6d2a2a615c34fd018876287aefa6d40f06d321f0b0fa476f31f327a2d80e28162b14e49059b8e6b77577778f61cd60e57099e2629bfda09b44aaa624e9e85e9ce8f2bc9a8b85db28ad19c890f630ca358e4882a1485b0564ccde5028573bb92180ee736ad0fb66e5d02785564c817845bb4dca29444fd7a3b162bfd3bc01b658df1eb35bc8aaa13dd7eff92d4c66a7bebffbae5e7b52331631c0eac829d3b7722949011fa7398d973cf1e6bd863851452a7663ab3da869f6daea5b15973226a4f23daab4d66235078366a3532a1b4285c93c2d072bf1e9ad9b256a3e4bebf2ce55b46c885e78a6c9342e5cb19307b51b5428633300aaf7949570fa37aec730fb0d8e7aea7bfee1d54e13370c9da2e51d7a81c67556a9221175a975dca9728668573e1bf6f519554def0d12cb3a1495f36320cdeacf75cd9f6321c963e372b5b65e7650f158488dfbbd40dcd438d824fdd1ef62318614b64480a822c21197080d90be39520d1b5b59ca1f555d683174371776d7ee08a99679ef2f2a55af7d4e77e08b701ea0c9faf28ebb801067cbc708e951f2621385762f00df797e802f14366ed9aabbed3b5ee3ec0b2b74b566803619a6282de0bb0dbfa16faa4113f90d317ef331f2be8baebc5cc7f301068ed1e7a32f514948c9219618797004b89b4aace04714072ab0e5d57f0a9d06bdd6211811eaa2bbbf76d4ee6200a8afab8c5dd92d331c123b8839cf39cc7cf457f0bf04e35928533145c0a39c562b52f0fdf8abcbffb8bfeb8215fa58f797c0348c8868c876552aa3894eb34807bc62accd2b3f30758b081298bc4c3d4c9ff927efedb828bc629ef622e2edbe178ad70532d081833ab8686f4b5a3e2f6046725d33adc021060962a6be6e410d6e651f75ae03b870a609200c11a549233164ee4b5782c1c6c88ecf8d7a96ef581a4a0c0580cc5c441962ba84ebe9a415f159aef0f78574ec2fb5f0ab295b792b89aeac2df77b3c743c62584b9a119afe81d960c43711436eda67435288f1581727586a29d9c1c98ea945c64626aa7122fc420dc9ecc80d5e36fc8d71f8311b25acd3d11d7bedfa85796d4f02a5e9476845c8806ceb18900902fba4cb1caf338330e465c966120258486c4b3e0aa32b78e88e9502b7da265e804f1f881f81fd948209ca06554af60b631991cf8225759d84d453be06e479a0f8d13186ab504e4de94986f469b97fee6cccbbb54e68336177fdbe678ba93b5bb503516474cb98e4827d20b60266439bcc65b70ed829b45b05b0d7d60da7b099dfdc3cfe5236794c2365e1f655c5e7eb736f761eaa671371687f99e213616a0445dc53ec49144a26cf8041a9ae74772089090fb27e0349b5bce7cb9d9f054e9d5e72a8d1d4581edfecca0dbbdaa3a1cc8fee8b2fb90e25467ec448fa6df4b05fdfd427825fba29d4c718203593f9259c0c593c71a00b901ab3675402f096a748b2d6d66d3b642a9c9f12691108578ea4360001376315c56b99a87f1f7d9401537052532e5b4ba0778aa98f8fe599c4aee56f9e5b882d64e33f101488e10f5502ddeb7f0bd6cdcc6be6c72412ba4e28920bd20cf3d72b805c76b6bff2895bd13150b163587a152c1e1664ec2db9956a87ddbd4471a3c1bb83583b2f93ab7e8eaae739663e45b2354d127346c08191f006b1e67d1b5a7f6714c5abc4bc3a22c5fa11d892a7f1d5fd12655145478c42216c66401172a196bf689181cf37439f738cdf0cbd738b03b7be21966a8a95626eef8de15ed1c6490392090eecfe9930c247eec4ef964d4686ba58a401dd97d1ec2a23b02919a8772acad453c899cbfb88182df74c91b6cdb5265b96b2f4c7ef9ab0635f57803b2b5dbea2d3592c70b2c4fa88a9127c780845d0e7d930565dff12e9eee8094dec44d0b7af5b4e841d5f1da0be424993eac8d405159c1168fb98fef0928ef4a94806661d37e16417de158ce9f52282af51791e78e8c2e0e935fe5151b508a612720eeabe36bfdf7c04c34bf1bd35331088697e53e6b554dc080a1739d55faec48ab7430901c5a37b5c61ab189fe3deb0f2c781d231eb57dfe457b280a2aaac141a27841a4e43973050538062513f15edf39deccb4d6c87791f0475092bd3c5e91384984a0ebedc37daf8e79c727c2f8bf8ef9a79a0c8144dfce77336ad85750e54e9e71bd7cba0ed50866c1d3bedeff85f7b1262be6d8cb2045ce905861dc5fb3b5a113b4253dcff5e9b44f94bbf79af7c82fcf096fe1ccc48a6b96cd5e7fdd3796b87f14c0a55f05e04cf890fbfd4a6388e54d97c622dcd7dd84dd9c1ca288a3fc1654f7d33d192b464c9ed3edb1610bbc7ec142f861c925ba05dbb3e1808320a66553ea320368ec8bdc5f757aa890825673e9d0e80b6b60a0eefad5bdcee3c03ee70db608d24f5e0eb1c64b6ba92f10b58be246655b984b58bf5268504801b4c1cd40c633503d87b907452c332ea16d7be122fdfcf5ffc2fbc950afe5c65f9fad7db166ea7dfe250aef83f2a4da341aead9f40d780fa4562e3e06a47a1b271027add92ffd595638952d101332245d0b94d1ca6bd726d29ae1b495f01868fb79e8505e1caeb7f8379e689add14e2f5efbc750688f4b2f76245efb8addd2458a7957f3829f87138e61370cde7ee72eeee9a0e76cfa79e6d869c3f2e33ad0ef7f6945af98c8659c936ad10c9f66a639c33965a25eb68289e473243c4a8b58132eeecf7fca073b341c6f8e51d88e955ea4b59c5993d57c0d52929d03d7d24504aa6a8865d3766ca9fb619bceac8214c4c6b9bf464493c534c5eef688bcf9538860cf14fc83c4471baf632eb4f8f7ed163fe80966de5f5e7598c495a0d62849ff611a6f308aa6e787752dafe0ea3df7826488ef9040d0b4f05c199ef9e7e2bc39740830cec27e59925a2922f89ebe65089eca31c1f366e300cbc6c239871d7df51975b91a4330850dbde552ef715793df19e8875eb8b9427ee44527a2fb8da0aa347d4305549866d16ff7c608e63781d80e5ab607ff8472bc9d315b8ec6ef1d3e027b9a177a3ff565d21eaa9931aec272136a3c70dbd2335b1bc735f93fc29dd3bba5c5d32f4868f9296436d057756530db0a65b632ed0cb64da888454c5322db6aea62ab1441c8c21bf406782e5b95ba75b6d8e2ceb6cd6c23b9a75de6936a6c3afaddddb0309ea7713a5be55522aacfbf7e07cb5f2e45081f5bf4869fcad36f09a4cd2643a0145972276f7b017c3ea656cb3263c73da1c1ea1c3908ace4a8a0f630a73f0e0fb8db2de4b85c650d9c36edc0d893a0f0bd3c354bba131bafeb8898ba1ec24974d0d5d75b82dcb02fb2f29359fb37d57fed7a9114bdde0e4ece9ee73d4317faef53babfe386399555e41f7dbb19f1b1d076a4373506414e254fd6f2985026ede5774425f82749765337f9cbb20d034778484e0f99cb08abffda6a779adf6097c61ec22ed7a2c1d028ecebf4894db684804ff822fd4efbcdaf5dbf276061faca150e8b9947bb7bd849c10fa8181551706b21421f5acda536144c6b8daf2d3e7ec8c3b5b2b858915b7fae0e188e7df5e6e90d5bdc8cfce90987e01b2bd945c8b2770beca31eb77f393bd6a334ac7a40eaae47e0a675036e591c873fd2b8a78332faead69673db15307e7e23b6eaa55b444571fd402d873e445983c501e9638039fc8c5a7368e7aac86c75fc0396a559e563e733fab6301059931aaed3d97a22000c30ea9323a9d7f000de74d1e578204ccd73f26762def3a8edfff9b5c631ae52a37f4a96346be9ffc2f2da8a9a2ac20fa7509d005a633fd76b7512194a4b8a5076b2f01809ee0543678015475ee4144772b8d2b920f52eeafccd2a7aa8e9b6a6584fe2ceb571abb8f0c9ff0117e6a3e322024718ff2b73f501c4520f1a43820e8b3ee29332275ef68aa602da6a5cc127870a773217642d56cfa1e90e433ce8f30c173f20893c005cae2e2c6e1985974cedd7ef6c07622a0a1d92bf6c1ac7cca43a0c25aeee2f17e3f99d275c6cf7c510bd34cc6a20f0273e3a89a98ebb23322d7fd1ef2c6bd3fc8e4b4e6b130b38c7b343009750608bda2ceef3f764a28fa2f00576b41d2e79d34ed312fbc5351df796f79e7625066cff9a4b1b739df8cacfa7df141ee7086b64dc342808b77f4bfa4f5f20aa1726d085cabe5c2a76a6c000118ea867928e07418600087b0c7a8765a8cf0aa1c844ca5adf6a109cbc8c33502a03b2e339a87473862c09b749af5e83bae5eb411f33b3558072891bac0ab41a2ca027ec82c00d71bab18a2f0b4c53bac438b48f6ed0084516e21bc9497adae3415d180c25b6e9286e58f8697cb83540b3f3cea1ab20159d3c5b0d4f69b888562096639e4483971c5d46631939de3320892ad2e28f567d84cb7127cb2ac86e2cbf80dfbce06b8df580d28c574a4eb82f5de6778cdd8fbc7bb79c4a3bac618c0b0abb1ead50221572d9a60333a26"), + genesisString: "Genesis description" +) + +final class Web3IdTest: XCTestCase { + func testProveAccountStatement() throws { + let statements = try [ + VerifiableCredentialStatement.account( + network: .testnet, + credId: Data(hex: "94d3e85bbc8ff0091e562ad8ef6c30d57f29b19f17c98ce155df2a30100df4cac5e161fb81aebe3a04300e63f086d0d8"), + statement: [ + .attributeInRange(statement: AttributeInRangeIdentityStatement(attributeTag: .dateOfBirth, lower: "81", upper: "1231")), + .revealAttribute(statement: RevealAttributeIdentityStatement(attributeTag: .firstName)), + ] + ), + ] + let challenge = try Data(hex: "94d3e85bbc8ff0091e562ad8ef6c30d57f29b19f17c98ce155df2a30100dAAAA") + let request = VerifiablePresentationRequest(challenge: challenge, statements: statements) + + let commitmentInputs = try [ + VerifiableCredentialCommitmentInputs.account( + issuer: 1, + values: [.dateOfBirth: "0", .firstName: "a"], + randomness: [ + .dateOfBirth: Data(hex: "575851a4e0558d589a57544a4a9f5ad1bd8467126c1b6767d32f633ea03380e6"), + .firstName: Data(hex: "575851a4e0558d589a57544a4a9f5ad1bd8467126c1b6767d32f633ea03380e6"), + ] + ), + ] + let _ = try VerifiablePresentation.create(request: request, global: GLOBAL, commitmentInputs: commitmentInputs) + } + + func testProveWeb3IdStatement() throws { + let wallet = try WalletSeed(seedHex: "efa5e27326f8fa0902e647b52449bf335b7b605adc387015ec903f41d95080eb71361cbc7fb78721dcd4f3926a337340aa1406df83332c44c1cdcfe100603860", network: Network.testnet) + let signer: Curve25519.Signing.PrivateKey = try wallet.signingKey(verifiableCredentialIndexes: VerifiableCredentialSeedIndexes(issuer: IssuerSeedIndexes(index: 1, subindex: 0), index: 1)) + + let challenge = try Data(hex: "94d3e85bbc8ff0091e562ad8ef6c30d57f29b19f17c98ce155df2a30100dAAAA") + let statements = [ + VerifiableCredentialStatement.web3Id( + credType: [], + network: Network.testnet, + contract: ContractAddress(index: 1, subindex: 0), + holderId: signer.publicKey.rawRepresentation, + statement: [ + AtomicWeb3IdStatement.attributeInSet(statement: AttributeInSetWeb3IdStatement(attributeTag: "degreeType", set: [Web3IdAttribute.string(value: "BachelorDegree"), Web3IdAttribute.string(value: "MasterDegree")])), + AtomicWeb3IdStatement.revealAttribute(statement: RevealAttributeWeb3IdStatement(attributeTag: "degreeName")), + ] + ), + ] + let request = VerifiablePresentationRequest(challenge: challenge, statements: statements) + + let commitmentInputs = try [VerifiableCredentialCommitmentInputs.web3Issuer( + signature: Data(hex: "40ced1f01109c7a307fffabdbea7eb37ac015226939eddc05562b7e8a29d4a2cf32ab33b2f76dd879ce69fab7ff3752a73800c9ce41da6d38b189dccffa45906"), + signer: signer.rawRepresentation, + values: [ + "degreeName": Web3IdAttribute.string(value: "Bachelor of Science and Arts"), + "degreeType": Web3IdAttribute.string(value: "BachelorDegree"), + "graduationDate": Web3IdAttribute.string(value: "2010-06-01T00:00:00Z"), + ], + randomness: [ + "degreeName": Data(hex: "3917917065f8178e99c954017886f83984247ca16a22b065286de89b54d04610"), + "degreeType": Data(hex: "53573aac0039a54affd939be0ad0c49df6e5a854ce448a73abb2b0534a0a62ba"), + "graduationDate": Data(hex: "0f5a299aeba0cdc16fbaa98f21cab57cfa6dd50f0a2b039393686df7c7ae1561"), + ] + )] + + let _ = try VerifiablePresentation.create(request: request, global: GLOBAL, commitmentInputs: commitmentInputs) + } + + func testEncodeVerifiablePresentation() throws { + let encoder = JSONEncoder() + encoder.outputFormatting = [.withoutEscapingSlashes] + let decoder = JSONDecoder() + + /// Generated with the rust SDK + var json = """ + { + "presentationContext": "94d3e85bbc8ff0091e562ad8ef6c30d57f29b19f17c98ce155df2a30100daaaa", + "proof": { + "created": "2024-10-01T05:05:15.786503Z", + "proofValue": [], + "type": "ConcordiumWeakLinkingProofV1" + }, + "type": "VerifiablePresentation", + "verifiableCredential": [ + { + "credentialSubject": { + "id": "did:ccd:testnet:cred:94d3e85bbc8ff0091e562ad8ef6c30d57f29b19f17c98ce155df2a30100df4cac5e161fb81aebe3a04300e63f086d0d8", + "proof": { + "created": "2024-10-01T05:05:15.783619Z", + "proofValue": [ + { + "proof": "b294994efb5e0fd35f5f267734f37a3bed2a04f2da67d0bd81901fab905cb35105f26a3f1a858634e091c85cf82762c5a32eb059d1478c694bd1ec8f6548e166a748b22f98ab4709b081bfcbd7479e7ac63b262c861d0e4bfd68356b7eca8ff28ea515412d8c0f2c453ff638e495ab7e45d13d75c9f0cd11a2a979dc589744e7553f8c8dffd1b7dcdfd4ececed5cee9daaa29a5cf3a06db257356e21a53fdd3ec9994d9da230614c594cb87aa83719efcebbbe5bcedeb2a02fd6cc528891f94b6ce85f49841f3949822138a5731d20224a9beab8883c1a055af2e7850da614a125606a483e6c2c2cb35babe02ecdbdd8d965d312d461b06fa78d8b7938e282636abb6692df973ef849c20effeb353a1be2f4fd5add86aa76158471b8a06125d400000007b9ee6ed1a14893bbbb32e219db572d3d53165d0e72e71ce5084ecfa4d82a3cc0acc50a55132facda0a13acab23a6942a938567120f313dcb2e4fbff0d399b4164330759a9cb87135bf9772d2b72f0163aa26faa3b5288e4bdf4f1c54a23012a582965b39b7ae830f74dcc63d4b2f6a4c7e222cdc36f1dac111583ec2c7260805ad280e8f30cdcf2beb4398df97821228ac6342dfa2e1ff606c8c61d84b2bf0316a9ee82934578ecab7048211b5008762309caafcf949db8770deb33ffa4515659613ea36afad8afa92b4fadc752670738eb844864ef461d939fa2c6b317f5401cef261fcfcf136e4c41a72ee2fbf7feb993531701c69c943d97eac9149f9b63255b16bf6035b8debf7776e44b41246a31debb085db6b62bdf7b2b34e2820f25fb685d13f34fc76b9fa3a66d2b4dccffedb6a86a6c700b8df2c12fdf775994864e3e37598b7d7500f26c877ecb80d51bbad80385d67cb8d4207bcdf4bbde54d7b45846314330752f19f7c4484a32bc043fb7b588e98b7d4158bb224c5789a861591c7f4819fb1fe8bf3a37bfcff7d9dcf7be5fb152bd2a3c5df3cf5983688075ae4de003efdf3563884a5902774e378a099075ae953eaf7ac3f0d563bf1134789bc277f7436e314bcf8bd61726cfbaa46f0de7f02641c747dfe314e73971a096aa3ceb68b4e67ecf76bd51d3c66d9f6d5c39e58e70c7c1e14283707374de2d7a24002708a597cfe536e2996ade9f6570b81239b107cdfa996c058e9cf027fbadd696313ad67046022fae50b58b761895cf301a52f8604b52623e575cb438941d5ab3ed51aba37952bc8da69dadfe932a9e191badcbdf45077f7a22d9268fa655d31d4f0357c4a7ba991b2732f4c1d94d280ccd6eab0b6d1cc3dd5e6e9cd3d09f06bd06173d80910b20deb0a8e228461090a46aabc249e70f2f887f6c2776bd8ee078929976468f1df2f593240c413632976ea1432479b21ff3c1b5328731716847226fa06877415033b4632bb3295418f3bd16a301ed518ac104e25b54de1579e", + "type": "AttributeInRange" + } + ], + "type": "ConcordiumZKProofV3" + }, + "statement": [ + { + "attributeTag": "dob", + "lower": "21", + "type": "AttributeInRange", + "upper": "1234" + } + ] + }, + "issuer": "did:ccd:testnet:idp:1", + "type": [ + "VerifiableCredential", + "ConcordiumVerifiableCredential" + ] + } + ] + } + """.data(using: .utf8)! + var value = try decoder.decode(VerifiablePresentation.self, from: json) + var idCheck = try decoder.decode(VerifiablePresentation.self, from: encoder.encode(value)) + XCTAssertEqual(value, idCheck) + + /// Generated with the rust SDK + json = """ + { + "presentationContext": "94d3e85bbc8ff0091e562ad8ef6c30d57f29b19f17c98ce155df2a30100daaaa", + "proof": { + "created": "2024-10-01T05:05:14.664181Z", + "proofValue": [ + "bdabcf32b8612414fb1fda69ec95fdd9450987c36e9c3b0ae55a1a905bd98cfdff3b564cafcc7a9e5fb602b7f6e712d4a5d37367ca3a922d2e620cf613249a0e" + ], + "type": "ConcordiumWeakLinkingProofV1" + }, + "type": "VerifiablePresentation", + "verifiableCredential": [ + { + "credentialSubject": { + "id": "did:ccd:testnet:pkc:3ea04bafe5227cb26e4e9ff388e6d83ece3f7de558a242e2a84015f4fa36f859", + "proof": { + "commitments": { + "commitments": { + "degreeName": "b5d07c5d26a633a68aaec6b80abf3d4f1fdee584ea87df52bc7edf27ba01d216b1b7cb54382065221e2b79c7a2a61741", + "degreeType": "8c181a29f1c3c8c0a0cfb19ec5f3bb0a78f458e51a8f53ad2dedfd9f692b0b6e4fed58039d98d1485474630927714ee4", + "graduationDate": "adf10d054991179de3ada93be95b524afe2f2e42d06868634189a0c4acadbe501629989b89c7f0ad32820b482cc0d745" + }, + "signature": "40ced1f01109c7a307fffabdbea7eb37ac015226939eddc05562b7e8a29d4a2cf32ab33b2f76dd879ce69fab7ff3752a73800c9ce41da6d38b189dccffa45906" + }, + "created": "2024-10-01T05:05:14.662394Z", + "proofValue": [ + { + "proof": "94f10953d7b9fb2c14e5605a0a8498e7f054fda16f0f4562585a736a793766cb00677244dd6f2cbb318f7eb77d9b35deaf6070d2aeb3361838a2ceae65026caee972978b535cf4607cde745ad1a32db980608c28a7df0342f0852f92dab64fd5a01f36f427b3f9941a74e84e5310015ec971b90231e213cc4b67816792a1412ea55b259607063644b06274d0a58a36619672c1835a99d2a82380f88aa8c16399c6e7fd48dbe900a78eaaf5d5e68c06cdecfef3006fad71fca6d6de033f2526cb5844279123b6b9d2d4d57798ae847475a60dbce654aa137c9fd16a41366540635d32e959f7241981e881cbbd98d339e525c673cc834c37518073729c63dc94040a313d1ae94221b90e778a8cdb50ddb9e098f7853538b7c0a13c66886141ea7000000001ac92a79747b8655e4f3286c7ccd850394d44d84e708a68c5feb9da7c2b5cbdc26b8610dbf2d237da159961d6a150196e8e76c06d9ac444ba0c2a53dcd7c52a27af1f47bf8fc9264af7fa17df4125ca867ec0fc68dfd2824e33b59b78f192ecc42c91d4eeece5cee35590ca21b988addfe5d27f6c7a186dd3906bd29687a101d805022be5a2d0e9559409ba430228ca0859c47d3039fba34dbd9abfedbc9b7667", + "type": "AttributeInSet" + }, + { + "attribute": "Bachelor of Science and Arts", + "proof": "a6ea150141b417bee97dadf211f1347fa4511241dadfa516b9a42a0bb17f46345dfcf5bf6ccdbe94f4dcafbb1e28c0ad70460f5e1cea4c7ccd2ee3fb40cf8ae9", + "type": "RevealAttribute" + } + ], + "type": "ConcordiumZKProofV3" + }, + "statement": [ + { + "attributeTag": "degreeType", + "set": [ + "BachelorDegree", + "MasterDegree" + ], + "type": "AttributeInSet" + }, + { + "attributeTag": "degreeName", + "type": "RevealAttribute" + } + ] + }, + "issuer": "did:ccd:testnet:sci:1:0/issuer", + "type": [] + } + ] + } + """.data(using: .utf8)! + value = try decoder.decode(VerifiablePresentation.self, from: json) + idCheck = try decoder.decode(VerifiablePresentation.self, from: encoder.encode(value)) + XCTAssertEqual(value, idCheck) + } + + /// Test that ``Web3IdCredential`` properly encodes/decodes as a verifiable credential + func testEncodeWeb3IdCredential() throws { + let json = """ + { + "credentialSchema": { + "id": "http://link/to/schema", + "type": "JsonSchema2023" + }, + "credentialSubject": { + "attributes": { + "0": 1234, + "17": "World", + "3": "Hello" + }, + "id": "did:ccd:testnet:pkc:9438069e56e05e04adcb3dba21f0092548c2e149ff772df4f89c481993014251" + }, + "id": "did:ccd:testnet:sci:3:17/credentialEntry/9438069e56e05e04adcb3dba21f0092548c2e149ff772df4f89c481993014251", + "issuer": "did:ccd:testnet:sci:3:17/issuer/", + "proof": { + "proofPurpose": "assertionMethod", + "proofValue": "4a37728ac1140235e96fd4cd1e6fcd1294275aa962a3f2b1475fb6ac6b5747a5e92e380a1d2e77a19f66175c5af38e0db2427d562fe2b7111267b7fac4260001", + "type": "Ed25519Signature2020", + "verificationMethod": "did:ccd:testnet:pkc:53004b70adfac05ce33776e59ef2248d5b6af911f90b1cf03d2667dbdb146b8f" + }, + "randomness": { + "0": "489e66684cc66a7a11a42fb59716e2d193d33cdce61b98c28085994a785cbac8", + "17": "372a9230b7e27621dd82f0bce8671657e6640e877d3c1581d59abcde87198656", + "3": "457856263e6ad7968ed02a11c272b96a98e372679acfdc10677bed3b54fc006f" + }, + "type": [ + "ConcordiumVerifiableCredential", + "UniversityDegreeCredential", + "VerifiableCredential" + ], + "validFrom": "1970-01-01T00:00:00.017Z", + "validUntil": "1970-01-01T00:00:12.345Z" + } + """.data(using: .utf8)! + let decoder = JSONDecoder() + let encoder = JSONEncoder() + + let parsed = try decoder.decode(Web3IdCredential.self, from: json) + XCTAssertEqual(parsed, try decoder.decode(Web3IdCredential.self, from: encoder.encode(parsed))) + } + + func testRejectsInvalidValues() throws { + let network = Network.testnet + let challenge = try Data(hex: "94d3e85bbc8ff0091e562ad8ef6c30d57f29b19f17c98ce155df2a30100dAAAA") + + let accountStatements = [ + AtomicIdentityStatement.attributeInSet(statement: AttributeInSetIdentityStatement(attributeTag: .nationality, set: ["NO", "SE", "FI"])), + AtomicIdentityStatement.attributeInRange(statement: AttributeInRangeIdentityStatement(attributeTag: .dateOfBirth, lower: "19000101", upper: "20000101")), + ] + let web3IdStatements = [ + AtomicWeb3IdStatement.attributeNotInSet(statement: AttributeNotInSetWeb3IdStatement(attributeTag: "tag", set: [.numeric(value: 0), .numeric(value: 1), .numeric(value: 2)])), + AtomicWeb3IdStatement.attributeInRange(statement: AttributeInRangeWeb3IdStatement(attributeTag: "other", lower: .timestamp(value: .init(timeIntervalSince1970: 1_000_000_000)), upper: .timestamp(value: .init(timeIntervalSince1970: 1_727_870_991)))), + ] + + let idValues: [AttributeTag: String] = [ + .nationality: "DK", + .dateOfBirth: "18000101", + ] + let idRand: [AttributeTag: Data] = try [ + .dateOfBirth: Data(hex: "237205f67b5dd0b87a3f45bea51e55de0dda64af6082dceafc43855a317249d6"), + .nationality: Data(hex: "25de8bfad4a90ca67d7c0be368355b3401f24dc2172f05b610001299d3c84898"), + ] + let credId = try CredentialRegistrationID(Data(hex: "94b55cf320993917927c77c1e8037b868e279ca7a97905115516c8366d8ad1fc27bbe5fd9c87e1ac27d7166216f6afbc")) + let issuer = UInt32(17) + + let web3Values: [String: Web3IdAttribute] = [ + "tag": .numeric(value: 2), + "other": .timestamp(value: .init(timeIntervalSince1970: 927_870_891)), + ] + let web3Rand: [String: Data] = try [ + "other": Data(hex: "2a989b5b483bcb7adcf070617c83c8daea8536282946b616bb78db179ed606aa"), + "tag": Data(hex: "6a0951d214b82be6a26f6f5abadff0f22788f6b5bf5c08f1799d65addcc464e4"), + ] + + let web3IdCred = try Web3IdCredential( + holderId: Data(hex: "1dce1025acbc8002ee9403f635073b49f1b93cb43cf9509fefc43d14bedb6834"), + network: Network.testnet, + registry: ContractAddress(index: 1337, subindex: 42), + credentialType: ["VerifiableCredential", "TestCredential", "ConcordiumVerifiableCredential"], + credentialSchema: "N/A", + issuerKey: Data(hex: "c954ee1e182b2ff7cdefd25bfab25437d184e45c20df0a94b9e8f60143929575"), + validFrom: Date(), + validUntil: nil, + values: web3Values, + randomness: web3Rand, + signature: Data(hex: "7013df1d6d7a260b2a6c4a2eabe62ab2595cf01a65be0a846cf54d0f24464ad181d47f41ebe1f3fb3b7d78208ba4dc56b8930d0b6218d35d608ddc0a773dbf0c") + ) + let signer = try Curve25519.Signing.PrivateKey(rawRepresentation: Data(hex: "cfd166ecd740d2aefab053c1dca27e01ad55d3c4a730bced4e3a8ed476ff2fbc")) + + var builder = VerifiablePresentationBuilder(challenge: challenge, network: network) + let accRes = try builder.verify(accountStatements, values: idValues, randomness: idRand, credId: credId, issuer: issuer) + let web3Res = try builder.verify(web3IdStatements, for: web3IdCred, signer: signer) + + switch accRes { + case .success(): XCTFail() + case let .failure(err): + XCTAssertEqual(err, VerifiablePresentationBuilder.IdStatementCheckError(attributes: [.nationality, .dateOfBirth])) + } + switch web3Res { + case .success(): XCTFail() + case let .failure(err): + XCTAssertEqual(err, VerifiablePresentationBuilder.Web3IdStatementCheckError(attributes: ["tag", "other"])) + } + } + + // Cryptographic values have been generated with the rust SDK. + func testProveStatement() throws { + let network = Network.testnet + let challenge = try Data(hex: "94d3e85bbc8ff0091e562ad8ef6c30d57f29b19f17c98ce155df2a30100dAAAA") + + let accountStatements = [ + AtomicIdentityStatement.attributeInSet(statement: AttributeInSetIdentityStatement(attributeTag: .nationality, set: ["DK", "NO", "SE", "FI"])), + AtomicIdentityStatement.attributeInRange(statement: AttributeInRangeIdentityStatement(attributeTag: .dateOfBirth, lower: "16000101", upper: "20000101")), + ] + let web3IdStatements = [ + AtomicWeb3IdStatement.attributeNotInSet(statement: AttributeNotInSetWeb3IdStatement(attributeTag: "tag", set: [.numeric(value: 0), .numeric(value: 1), .numeric(value: 2)])), + AtomicWeb3IdStatement.attributeInRange(statement: AttributeInRangeWeb3IdStatement(attributeTag: "other", lower: .timestamp(value: .init(timeIntervalSince1970: 1_000_000_000)), upper: .timestamp(value: .init(timeIntervalSince1970: 1_727_870_991)))), + ] + + let idValues: [AttributeTag: String] = [ + .nationality: "DK", + .dateOfBirth: "18000101", + ] + let idRand: [AttributeTag: Data] = try [ + .dateOfBirth: Data(hex: "237205f67b5dd0b87a3f45bea51e55de0dda64af6082dceafc43855a317249d6"), + .nationality: Data(hex: "25de8bfad4a90ca67d7c0be368355b3401f24dc2172f05b610001299d3c84898"), + ] + let credId = try CredentialRegistrationID(Data(hex: "94b55cf320993917927c77c1e8037b868e279ca7a97905115516c8366d8ad1fc27bbe5fd9c87e1ac27d7166216f6afbc")) + let issuer = UInt32(17) + + let web3Values: [String: Web3IdAttribute] = [ + "tag": .numeric(value: 3), + "other": .timestamp(value: .init(timeIntervalSince1970: 1_727_870_891)), + ] + let web3Rand: [String: Data] = try [ + "other": Data(hex: "2a989b5b483bcb7adcf070617c83c8daea8536282946b616bb78db179ed606aa"), + "tag": Data(hex: "6a0951d214b82be6a26f6f5abadff0f22788f6b5bf5c08f1799d65addcc464e4"), + ] + + let web3IdCred = try Web3IdCredential( + holderId: Data(hex: "1dce1025acbc8002ee9403f635073b49f1b93cb43cf9509fefc43d14bedb6834"), + network: Network.testnet, + registry: ContractAddress(index: 1337, subindex: 42), + credentialType: ["VerifiableCredential", "TestCredential", "ConcordiumVerifiableCredential"], + credentialSchema: "N/A", + issuerKey: Data(hex: "c954ee1e182b2ff7cdefd25bfab25437d184e45c20df0a94b9e8f60143929575"), + validFrom: Date(), + validUntil: nil, + values: web3Values, + randomness: web3Rand, + signature: Data(hex: "7013df1d6d7a260b2a6c4a2eabe62ab2595cf01a65be0a846cf54d0f24464ad181d47f41ebe1f3fb3b7d78208ba4dc56b8930d0b6218d35d608ddc0a773dbf0c") + ) + let signer = try Curve25519.Signing.PrivateKey(rawRepresentation: Data(hex: "cfd166ecd740d2aefab053c1dca27e01ad55d3c4a730bced4e3a8ed476ff2fbc")) + + var builder = VerifiablePresentationBuilder(challenge: challenge, network: network) + try builder.verify(accountStatements, values: idValues, randomness: idRand, credId: credId, issuer: issuer) + try builder.verify(web3IdStatements, for: web3IdCred, signer: signer) + let _ = try builder.finalize(global: GLOBAL) + } +} diff --git a/Tests/ConcordiumTests/Wallet/WalletSeedTest.swift b/Tests/ConcordiumTests/Wallet/WalletSeedTest.swift index 9eabc2e..1ee0230 100644 --- a/Tests/ConcordiumTests/Wallet/WalletSeedTest.swift +++ b/Tests/ConcordiumTests/Wallet/WalletSeedTest.swift @@ -63,7 +63,7 @@ final class WalletSeedTest: XCTestCase { func testMainnetAccountCredentialPublicAndSigningKeyMatch() throws { let seed = try WalletSeed(seedHex: TEST_SEED, network: .mainnet) - let privateKey = try seed.signingKey( + let privateKey: Data = try seed.signingKey( accountCredentialIndexes: AccountCredentialSeedIndexes( identity: IdentitySeedIndexes(providerID: 0, index: 0), counter: 0 @@ -171,7 +171,7 @@ final class WalletSeedTest: XCTestCase { func testTestnetAccountCredentialPublicAndSigningKeyMatch() throws { let seed = try WalletSeed(seedHex: TEST_SEED, network: .testnet) - let privateKey = try seed.signingKey( + let privateKey: Data = try seed.signingKey( accountCredentialIndexes: AccountCredentialSeedIndexes( identity: IdentitySeedIndexes(providerID: 0, index: 0), counter: 0 diff --git a/examples/CLI/Package.resolved b/examples/CLI/Package.resolved index 4997020..f2a51df 100644 --- a/examples/CLI/Package.resolved +++ b/examples/CLI/Package.resolved @@ -50,8 +50,8 @@ "kind" : "remoteSourceControl", "location" : "https://github.com/Concordium/concordium-wallet-crypto-swift.git", "state" : { - "revision" : "32e4c86bd6ad018ea381b0fffbb39520520e1985", - "version" : "4.1.0" + "revision" : "067a0288c7ed225ed47216c016ded0e1b43c8147", + "version" : "5.0.0" } }, { diff --git a/examples/CLI/Sources/ConcordiumExampleClient/commands.swift b/examples/CLI/Sources/ConcordiumExampleClient/commands.swift index 8faf6ef..e2e0722 100644 --- a/examples/CLI/Sources/ConcordiumExampleClient/commands.swift +++ b/examples/CLI/Sources/ConcordiumExampleClient/commands.swift @@ -30,7 +30,7 @@ struct WalletProxyOptions: ParsableArguments { } } -extension BlockIdentifier: ExpressibleByArgument { +extension Concordium.BlockIdentifier: ArgumentParser.ExpressibleByArgument { public init?(argument: String) { do { self = try .hash(BlockHash(fromHex: argument)) @@ -40,7 +40,7 @@ extension BlockIdentifier: ExpressibleByArgument { } } -extension AccountAddress: ExpressibleByArgument { +extension Concordium.AccountAddress: ArgumentParser.ExpressibleByArgument { public init?(argument: String) { do { try self.init(base58Check: argument) @@ -50,7 +50,7 @@ extension AccountAddress: ExpressibleByArgument { } } -extension ModuleReference: ExpressibleByArgument { +extension Concordium.ModuleReference: ArgumentParser.ExpressibleByArgument { public init?(argument: String) { do { try self.init(Data(hex: argument)) @@ -60,7 +60,7 @@ extension ModuleReference: ExpressibleByArgument { } } -extension ReceiveName: ExpressibleByArgument { +extension Concordium.ReceiveName: ArgumentParser.ExpressibleByArgument { public init?(argument: String) { do { try self.init(argument) @@ -70,7 +70,7 @@ extension ReceiveName: ExpressibleByArgument { } } -extension CCD: ExpressibleByArgument { +extension Concordium.CCD: ArgumentParser.ExpressibleByArgument { public init?(argument: String) { do { try self.init(argument, decimalSeparator: ".") @@ -726,7 +726,7 @@ struct Root: AsyncParsableCommand { print("Deriving account.") let account = try accountDerivation.deriveAccount(credentials: [idxs]) print("Signing credential deployment.") - let signedTx = try account.keys.sign(deployment: credential, expiry: expiry) + let signedTx = try account.keys.sign(deployment: credential.credential, expiry: expiry) print("Serializing credential deployment.") let serializedTx = try signedTx.serialize() print("Sending credential deployment.") @@ -915,17 +915,18 @@ func makeIdentityRecoveryRequest( func withGRPCClient(_ opts: GRPCOptions, _ f: (GRPCNodeClient) async throws -> T) async throws -> T { let group = PlatformSupport.makeEventLoopGroup(loopCount: 1) - defer { - try! group.syncShutdownGracefully() - } // Flip comment to use TLS (required for the official gRPC endpoints "grpc.testnet.concordium.com" etc.). let builder = opts.insecure ? ClientConnection.insecure(group: group) : ClientConnection.usingPlatformAppropriateTLS(for: group) let connection = builder.connect(host: opts.host, port: opts.port) - defer { - try! connection.close().wait() - } let client = GRPCNodeClient(channel: connection) - return try await f(client) + + let res = try await f(client) + + // cleanup + try! await connection.close().get() + try! await group.shutdownGracefully() + + return res } diff --git a/examples/DocSnippets/Package.resolved b/examples/DocSnippets/Package.resolved index 057d002..650f92e 100644 --- a/examples/DocSnippets/Package.resolved +++ b/examples/DocSnippets/Package.resolved @@ -32,8 +32,8 @@ "kind" : "remoteSourceControl", "location" : "https://github.com/Concordium/concordium-wallet-crypto-swift.git", "state" : { - "revision" : "32e4c86bd6ad018ea381b0fffbb39520520e1985", - "version" : "4.1.0" + "revision" : "067a0288c7ed225ed47216c016ded0e1b43c8147", + "version" : "5.0.0" } }, { diff --git a/examples/DocSnippets/Sources/Common/GRPC.swift b/examples/DocSnippets/Sources/Common/GRPC.swift index 1929eaa..ac8cf76 100644 --- a/examples/DocSnippets/Sources/Common/GRPC.swift +++ b/examples/DocSnippets/Sources/Common/GRPC.swift @@ -4,18 +4,18 @@ import NIOPosix public func withGRPCClient(host: String, port: Int, useTLS: Bool = false, _ f: (GRPCNodeClient) async throws -> T) async throws -> T { let group = PlatformSupport.makeEventLoopGroup(loopCount: 1) - defer { - try! group.syncShutdownGracefully() - } var builder = ClientConnection.insecure(group: group) if useTLS { // Configure TLS (required for the official gRPC endpoints "grpc.testnet.concordium.com" etc.). builder = ClientConnection.usingPlatformAppropriateTLS(for: group) } let connection = builder.connect(host: host, port: port) - defer { - try! connection.close().wait() - } let client = GRPCNodeClient(channel: connection) - return try await f(client) + + let res = try await f(client) + + try! await connection.close().get() + try! await group.shutdownGracefully() + + return res } diff --git a/examples/DocSnippets/Sources/CreateAccount/main.swift b/examples/DocSnippets/Sources/CreateAccount/main.swift index 1a51cb5..438de46 100644 --- a/examples/DocSnippets/Sources/CreateAccount/main.swift +++ b/examples/DocSnippets/Sources/CreateAccount/main.swift @@ -13,7 +13,7 @@ let expiry = TransactionTime(9_999_999_999) /// Perform account creation (on recovered identity) based on the inputs above. func createAccount(client: NodeClient) async throws { - let seed = try decodeSeed(seedPhrase, network) + let seed = try await decodeSeed(seedPhrase, network) let walletProxy = WalletProxy(baseURL: walletProxyBaseURL) let identityProvider = try await findIdentityProvider(walletProxy, identityProviderID)! @@ -46,7 +46,7 @@ func createAccount(client: NodeClient) async throws { let account = try accountDerivation.deriveAccount(credentials: [seedIndexes]) // Construct, sign, and send deployment transaction. - let signedTx = try account.keys.sign(deployment: credential, expiry: expiry) + let signedTx = try account.keys.sign(deployment: credential.credential, expiry: expiry) let serializedTx = try signedTx.serialize() let submittedTx = try await client.send(deployment: serializedTx) print("Transaction with hash '\(submittedTx.hash.hex)' successfully submitted.") diff --git a/examples/DocSnippets/Sources/CreateIdentity/main.swift b/examples/DocSnippets/Sources/CreateIdentity/main.swift index 105cae5..8c1372c 100644 --- a/examples/DocSnippets/Sources/CreateIdentity/main.swift +++ b/examples/DocSnippets/Sources/CreateIdentity/main.swift @@ -12,7 +12,7 @@ let anonymityRevocationThreshold = RevocationThreshold(2) /// Perform an identity creation based on the inputs above. func createIdentity(client: NodeClient) async throws { - let seed = try decodeSeed(seedPhrase, network) + let seed = try await decodeSeed(seedPhrase, network) let walletProxy = WalletProxy(baseURL: walletProxyBaseURL) let identityProvider = try await findIdentityProvider(walletProxy, identityProviderID)! diff --git a/examples/DocSnippets/Sources/RecoverIdentity/main.swift b/examples/DocSnippets/Sources/RecoverIdentity/main.swift index 59e6922..c2619f2 100644 --- a/examples/DocSnippets/Sources/RecoverIdentity/main.swift +++ b/examples/DocSnippets/Sources/RecoverIdentity/main.swift @@ -12,7 +12,7 @@ let anonymityRevocationThreshold = RevocationThreshold(2) /// Perform identity recovery based on the inputs above. func recoverIdentity(client: NodeClient) async throws { - let seed = try decodeSeed(seedPhrase, network) + let seed = try await decodeSeed(seedPhrase, network) let walletProxy = WalletProxy(baseURL: walletProxyBaseURL) let identityProvider = try await findIdentityProvider(walletProxy, identityProviderID)! diff --git a/examples/DocSnippets/Sources/SignAndSendTransfer/main.swift b/examples/DocSnippets/Sources/SignAndSendTransfer/main.swift index b0cdb2a..d14c36f 100644 --- a/examples/DocSnippets/Sources/SignAndSendTransfer/main.swift +++ b/examples/DocSnippets/Sources/SignAndSendTransfer/main.swift @@ -13,7 +13,7 @@ let expiry = TransactionTime(9_999_999_999) /// Perform a transfer based on the inputs above. func transfer(client: NodeClient) async throws { - let seed = try decodeSeed(seedPhrase, network) + let seed = try await decodeSeed(seedPhrase, network) // Derive seed based account from the given coordinates of the given seed. let cryptoParams = try await client.cryptographicParameters(block: .lastFinal) @@ -26,7 +26,7 @@ func transfer(client: NodeClient) async throws { // Construct, sign, and send transfer transaction. let nextSeq = try await client.nextAccountSequenceNumber(address: account.address) - let signed = try makeTransfer(account, amount, receiver, nextSeq.sequenceNumber, expiry) + let signed = try await makeTransfer(account, amount, receiver, nextSeq.sequenceNumber, expiry) let submitted = try await client.send(transaction: signed) print("Transaction with hash '\(submitted.hash.hex)' successfully submitted.") }