From aa9b70483cbc5084cd8277b2d44fb9d830bb982e Mon Sep 17 00:00:00 2001 From: Juanra Dikal Date: Tue, 30 Nov 2021 23:25:07 +0100 Subject: [PATCH] added missing files --- .gitignore | 3 + .vscode/settings.json | 3 + CODE_OF_CONDUCT.md | 134 ++ build/rollup-plugin-dts.js | 42 + dist/bundles/esm.js | 2130 ++++++++++++++++++++++++++++++++ dist/bundles/esm.min.js | 1 + dist/bundles/iife.js | 1 + dist/bundles/umd.js | 1 + docs/interfaces/PoO.md | 64 + docs/interfaces/PoR.md | 58 + types/createProofs.d.ts | 43 + types/createProofs.d.ts.map | 1 + types/index.d.ts | 13 + types/index.d.ts.map | 1 + types/proofInterfaces.d.ts | 62 + types/proofInterfaces.d.ts.map | 1 + types/sha.d.ts | 4 + types/sha.d.ts.map | 1 + types/validateProofs.d.ts | 32 + types/validateProofs.d.ts.map | 1 + 20 files changed, 2596 insertions(+) create mode 100644 .vscode/settings.json create mode 100644 CODE_OF_CONDUCT.md create mode 100644 build/rollup-plugin-dts.js create mode 100644 dist/bundles/esm.js create mode 100644 dist/bundles/esm.min.js create mode 100644 dist/bundles/iife.js create mode 100644 dist/bundles/umd.js create mode 100644 docs/interfaces/PoO.md create mode 100644 docs/interfaces/PoR.md create mode 100644 types/createProofs.d.ts create mode 100644 types/createProofs.d.ts.map create mode 100644 types/index.d.ts create mode 100644 types/index.d.ts.map create mode 100644 types/proofInterfaces.d.ts create mode 100644 types/proofInterfaces.d.ts.map create mode 100644 types/sha.d.ts create mode 100644 types/sha.d.ts.map create mode 100644 types/validateProofs.d.ts create mode 100644 types/validateProofs.d.ts.map diff --git a/.gitignore b/.gitignore index f9daa2f..31e08cb 100644 --- a/.gitignore +++ b/.gitignore @@ -15,3 +15,6 @@ coverage # Test temporal files .mocha-ts + +# docs temporal files +.nojekyll diff --git a/.vscode/settings.json b/.vscode/settings.json new file mode 100644 index 0000000..3662b37 --- /dev/null +++ b/.vscode/settings.json @@ -0,0 +1,3 @@ +{ + "typescript.tsdk": "node_modules/typescript/lib" +} \ No newline at end of file diff --git a/CODE_OF_CONDUCT.md b/CODE_OF_CONDUCT.md new file mode 100644 index 0000000..d33878e --- /dev/null +++ b/CODE_OF_CONDUCT.md @@ -0,0 +1,134 @@ + +# Contributor Covenant Code of Conduct + +## Our Pledge + +We as members, contributors, and leaders pledge to make participation in our +community a harassment-free experience for everyone, regardless of age, body +size, visible or invisible disability, ethnicity, sex characteristics, gender +identity and expression, level of experience, education, socio-economic status, +nationality, personal appearance, race, caste, color, religion, or sexual +identity and orientation. + +We pledge to act and interact in ways that contribute to an open, welcoming, +diverse, inclusive, and healthy community. + +## Our Standards + +Examples of behavior that contributes to a positive environment for our +community include: + +* Demonstrating empathy and kindness toward other people +* Being respectful of differing opinions, viewpoints, and experiences +* Giving and gracefully accepting constructive feedback +* Accepting responsibility and apologizing to those affected by our mistakes, + and learning from the experience +* Focusing on what is best not just for us as individuals, but for the overall + community + +Examples of unacceptable behavior include: + +* The use of sexualized language or imagery, and sexual attention or advances of + any kind +* Trolling, insulting or derogatory comments, and personal or political attacks +* Public or private harassment +* Publishing others' private information, such as a physical or email address, + without their explicit permission +* Other conduct which could reasonably be considered inappropriate in a + professional setting + +## Enforcement Responsibilities + +Community leaders are responsible for clarifying and enforcing our standards of +acceptable behavior and will take appropriate and fair corrective action in +response to any behavior that they deem inappropriate, threatening, offensive, +or harmful. + +Community leaders have the right and responsibility to remove, edit, or reject +comments, commits, code, wiki edits, issues, and other contributions that are +not aligned to this Code of Conduct, and will communicate reasons for moderation +decisions when appropriate. + +## Scope + +This Code of Conduct applies within all community spaces, and also applies when +an individual is officially representing the community in public spaces. +Examples of representing our community include using an official e-mail address, +posting via an official social media account, or acting as an appointed +representative at an online or offline event. + +## Enforcement + +Instances of abusive, harassing, or otherwise unacceptable behavior may be +reported to the community leaders responsible for enforcement at +[INSERT CONTACT METHOD]. +All complaints will be reviewed and investigated promptly and fairly. + +All community leaders are obligated to respect the privacy and security of the +reporter of any incident. + +## Enforcement Guidelines + +Community leaders will follow these Community Impact Guidelines in determining +the consequences for any action they deem in violation of this Code of Conduct: + +### 1. Correction + +**Community Impact**: Use of inappropriate language or other behavior deemed +unprofessional or unwelcome in the community. + +**Consequence**: A private, written warning from community leaders, providing +clarity around the nature of the violation and an explanation of why the +behavior was inappropriate. A public apology may be requested. + +### 2. Warning + +**Community Impact**: A violation through a single incident or series of +actions. + +**Consequence**: A warning with consequences for continued behavior. No +interaction with the people involved, including unsolicited interaction with +those enforcing the Code of Conduct, for a specified period of time. This +includes avoiding interactions in community spaces as well as external channels +like social media. Violating these terms may lead to a temporary or permanent +ban. + +### 3. Temporary Ban + +**Community Impact**: A serious violation of community standards, including +sustained inappropriate behavior. + +**Consequence**: A temporary ban from any sort of interaction or public +communication with the community for a specified period of time. No public or +private interaction with the people involved, including unsolicited interaction +with those enforcing the Code of Conduct, is allowed during this period. +Violating these terms may lead to a permanent ban. + +### 4. Permanent Ban + +**Community Impact**: Demonstrating a pattern of violation of community +standards, including sustained inappropriate behavior, harassment of an +individual, or aggression toward or disparagement of classes of individuals. + +**Consequence**: A permanent ban from any sort of public interaction within the +community. + +## Attribution + +This Code of Conduct is adapted from the [Contributor Covenant][homepage], +version 2.1, available at +[https://www.contributor-covenant.org/version/2/1/code_of_conduct.html][v2.1]. + +Community Impact Guidelines were inspired by +[Mozilla's code of conduct enforcement ladder][Mozilla CoC]. + +For answers to common questions about this code of conduct, see the FAQ at +[https://www.contributor-covenant.org/faq][FAQ]. Translations are available at +[https://www.contributor-covenant.org/translations][translations]. + +[homepage]: https://www.contributor-covenant.org +[v2.1]: https://www.contributor-covenant.org/version/2/1/code_of_conduct.html +[Mozilla CoC]: https://github.com/mozilla/diversity +[FAQ]: https://www.contributor-covenant.org/faq +[translations]: https://www.contributor-covenant.org/translations + diff --git a/build/rollup-plugin-dts.js b/build/rollup-plugin-dts.js new file mode 100644 index 0000000..e9583cf --- /dev/null +++ b/build/rollup-plugin-dts.js @@ -0,0 +1,42 @@ +import { mkdirSync, readFileSync, writeFileSync } from 'fs' +import ts from 'typescript' +import { join, dirname } from 'path' +import { sync } from 'rimraf' + +const { readJsonConfigFile, sys, parseJsonSourceFileConfigFileContent, createCompilerHost, createProgram } = ts + +const rootDir = join(__dirname, '..') +const pkgJson = JSON.parse(readFileSync(join(rootDir, 'package.json'))) +const srcFile = join(rootDir, 'src/ts/index.ts') +const outDir = dirname(join(rootDir, pkgJson.types)) + +const tsConfigPath = join(rootDir, 'tsconfig.json') + +const configFile = readJsonConfigFile(tsConfigPath, (file) => { + return sys.readFile(file) +}) + +const tsConfig = parseJsonSourceFileConfigFileContent(configFile, sys, dirname(tsConfigPath)) + +const compilerOptions = { + ...tsConfig.options, + declaration: true, + declarationMap: true, + emitDeclarationOnly: true, + outDir +} + +const host = createCompilerHost(compilerOptions) + +host.writeFile = (fileName, contents) => { + mkdirSync(dirname(fileName), { recursive: true }) + writeFileSync(fileName, contents) +} + +export const compile = () => { + // Clear the types dir + sync(outDir) + // Prepare and emit the d.ts files + const program = createProgram([srcFile], compilerOptions, host) + program.emit() +} diff --git a/dist/bundles/esm.js b/dist/bundles/esm.js new file mode 100644 index 0000000..160cb2b --- /dev/null +++ b/dist/bundles/esm.js @@ -0,0 +1,2130 @@ +const encoder = new TextEncoder(); +const decoder = new TextDecoder(); +const MAX_INT32 = 2 ** 32; +function concat(...buffers) { + const size = buffers.reduce((acc, { length }) => acc + length, 0); + const buf = new Uint8Array(size); + let i = 0; + buffers.forEach((buffer) => { + buf.set(buffer, i); + i += buffer.length; + }); + return buf; +} +function p2s(alg, p2sInput) { + return concat(encoder.encode(alg), new Uint8Array([0]), p2sInput); +} +function writeUInt32BE(buf, value, offset) { + if (value < 0 || value >= MAX_INT32) { + throw new RangeError(`value must be >= 0 and <= ${MAX_INT32 - 1}. Received ${value}`); + } + buf.set([value >>> 24, value >>> 16, value >>> 8, value & 0xff], offset); +} +function uint64be(value) { + const high = Math.floor(value / MAX_INT32); + const low = value % MAX_INT32; + const buf = new Uint8Array(8); + writeUInt32BE(buf, high, 0); + writeUInt32BE(buf, low, 4); + return buf; +} +function uint32be(value) { + const buf = new Uint8Array(4); + writeUInt32BE(buf, value); + return buf; +} +function lengthAndInput(input) { + return concat(uint32be(input.length), input); +} +async function concatKdf(digest, secret, bits, value) { + const iterations = Math.ceil((bits >> 3) / 32); + let res; + for (let iter = 1; iter <= iterations; iter++) { + const buf = new Uint8Array(4 + secret.length + value.length); + buf.set(uint32be(iter)); + buf.set(secret, 4); + buf.set(value, 4 + secret.length); + if (!res) { + res = await digest('sha256', buf); + } + else { + res = concat(res, await digest('sha256', buf)); + } + } + res = res.slice(0, bits >> 3); + return res; +} + +const encodeBase64 = (input) => { + let unencoded = input; + if (typeof unencoded === 'string') { + unencoded = encoder.encode(unencoded); + } + const CHUNK_SIZE = 0x8000; + const arr = []; + for (let i = 0; i < unencoded.length; i += CHUNK_SIZE) { + arr.push(String.fromCharCode.apply(null, unencoded.subarray(i, i + CHUNK_SIZE))); + } + return btoa(arr.join('')); +}; +const encode = (input) => { + return encodeBase64(input).replace(/=/g, '').replace(/\+/g, '-').replace(/\//g, '_'); +}; +const decodeBase64 = (encoded) => { + return new Uint8Array(atob(encoded) + .split('') + .map((c) => c.charCodeAt(0))); +}; +const decode = (input) => { + let encoded = input; + if (encoded instanceof Uint8Array) { + encoded = decoder.decode(encoded); + } + encoded = encoded.replace(/-/g, '+').replace(/_/g, '/').replace(/\s/g, ''); + try { + return decodeBase64(encoded); + } + catch (_a) { + throw new TypeError('The input to be decoded is not correctly encoded.'); + } +}; + +class JOSEError extends Error { + constructor(message) { + var _a; + super(message); + this.code = 'ERR_JOSE_GENERIC'; + this.name = this.constructor.name; + (_a = Error.captureStackTrace) === null || _a === void 0 ? void 0 : _a.call(Error, this, this.constructor); + } + static get code() { + return 'ERR_JOSE_GENERIC'; + } +} +class JOSEAlgNotAllowed extends JOSEError { + constructor() { + super(...arguments); + this.code = 'ERR_JOSE_ALG_NOT_ALLOWED'; + } + static get code() { + return 'ERR_JOSE_ALG_NOT_ALLOWED'; + } +} +class JOSENotSupported extends JOSEError { + constructor() { + super(...arguments); + this.code = 'ERR_JOSE_NOT_SUPPORTED'; + } + static get code() { + return 'ERR_JOSE_NOT_SUPPORTED'; + } +} +class JWEDecryptionFailed extends JOSEError { + constructor() { + super(...arguments); + this.code = 'ERR_JWE_DECRYPTION_FAILED'; + this.message = 'decryption operation failed'; + } + static get code() { + return 'ERR_JWE_DECRYPTION_FAILED'; + } +} +class JWEInvalid extends JOSEError { + constructor() { + super(...arguments); + this.code = 'ERR_JWE_INVALID'; + } + static get code() { + return 'ERR_JWE_INVALID'; + } +} +class JWSInvalid extends JOSEError { + constructor() { + super(...arguments); + this.code = 'ERR_JWS_INVALID'; + } + static get code() { + return 'ERR_JWS_INVALID'; + } +} +class JWKInvalid extends JOSEError { + constructor() { + super(...arguments); + this.code = 'ERR_JWK_INVALID'; + } + static get code() { + return 'ERR_JWK_INVALID'; + } +} +class JWSSignatureVerificationFailed extends JOSEError { + constructor() { + super(...arguments); + this.code = 'ERR_JWS_SIGNATURE_VERIFICATION_FAILED'; + this.message = 'signature verification failed'; + } + static get code() { + return 'ERR_JWS_SIGNATURE_VERIFICATION_FAILED'; + } +} + +var crypto$1 = crypto; +function isCryptoKey(key) { + try { + return (key != null && + typeof key.extractable === 'boolean' && + typeof key.algorithm.name === 'string' && + typeof key.type === 'string'); + } + catch (_a) { + return false; + } +} + +var random = crypto$1.getRandomValues.bind(crypto$1); + +function bitLength$1(alg) { + switch (alg) { + case 'A128GCM': + case 'A128GCMKW': + case 'A192GCM': + case 'A192GCMKW': + case 'A256GCM': + case 'A256GCMKW': + return 96; + case 'A128CBC-HS256': + case 'A192CBC-HS384': + case 'A256CBC-HS512': + return 128; + default: + throw new JOSENotSupported(`Unsupported JWE Algorithm: ${alg}`); + } +} +var generateIv = (alg) => random(new Uint8Array(bitLength$1(alg) >> 3)); + +const checkIvLength = (enc, iv) => { + if (iv.length << 3 !== bitLength$1(enc)) { + throw new JWEInvalid('Invalid Initialization Vector length'); + } +}; + +const checkCekLength = (cek, expected) => { + if (cek.length << 3 !== expected) { + throw new JWEInvalid('Invalid Content Encryption Key length'); + } +}; + +const timingSafeEqual = (a, b) => { + if (!(a instanceof Uint8Array)) { + throw new TypeError('First argument must be a buffer'); + } + if (!(b instanceof Uint8Array)) { + throw new TypeError('Second argument must be a buffer'); + } + if (a.length !== b.length) { + throw new TypeError('Input buffers must have the same length'); + } + const len = a.length; + let out = 0; + let i = -1; + while (++i < len) { + out |= a[i] ^ b[i]; + } + return out === 0; +}; + +function isCloudflareWorkers() { + return typeof WebSocketPair === 'function'; +} +function isNodeJs() { + try { + return process.versions.node !== undefined; + } + catch (_a) { + return false; + } +} + +function unusable(name, prop = 'algorithm.name') { + return new TypeError(`CryptoKey does not support this operation, its ${prop} must be ${name}`); +} +function isAlgorithm(algorithm, name) { + return algorithm.name === name; +} +function getHashLength(hash) { + return parseInt(hash.name.substr(4), 10); +} +function getNamedCurve(alg) { + switch (alg) { + case 'ES256': + return 'P-256'; + case 'ES384': + return 'P-384'; + case 'ES512': + return 'P-521'; + default: + throw new Error('unreachable'); + } +} +function checkUsage(key, usages) { + if (usages.length && !usages.some((expected) => key.usages.includes(expected))) { + let msg = 'CryptoKey does not support this operation, its usages must include '; + if (usages.length > 2) { + const last = usages.pop(); + msg += `one of ${usages.join(', ')}, or ${last}.`; + } + else if (usages.length === 2) { + msg += `one of ${usages[0]} or ${usages[1]}.`; + } + else { + msg += `${usages[0]}.`; + } + throw new TypeError(msg); + } +} +function checkSigCryptoKey(key, alg, ...usages) { + switch (alg) { + case 'HS256': + case 'HS384': + case 'HS512': { + if (!isAlgorithm(key.algorithm, 'HMAC')) + throw unusable('HMAC'); + const expected = parseInt(alg.substr(2), 10); + const actual = getHashLength(key.algorithm.hash); + if (actual !== expected) + throw unusable(`SHA-${expected}`, 'algorithm.hash'); + break; + } + case 'RS256': + case 'RS384': + case 'RS512': { + if (!isAlgorithm(key.algorithm, 'RSASSA-PKCS1-v1_5')) + throw unusable('RSASSA-PKCS1-v1_5'); + const expected = parseInt(alg.substr(2), 10); + const actual = getHashLength(key.algorithm.hash); + if (actual !== expected) + throw unusable(`SHA-${expected}`, 'algorithm.hash'); + break; + } + case 'PS256': + case 'PS384': + case 'PS512': { + if (!isAlgorithm(key.algorithm, 'RSA-PSS')) + throw unusable('RSA-PSS'); + const expected = parseInt(alg.substr(2), 10); + const actual = getHashLength(key.algorithm.hash); + if (actual !== expected) + throw unusable(`SHA-${expected}`, 'algorithm.hash'); + break; + } + case isNodeJs() && 'EdDSA': { + if (key.algorithm.name !== 'NODE-ED25519' && key.algorithm.name !== 'NODE-ED448') + throw unusable('NODE-ED25519 or NODE-ED448'); + break; + } + case isCloudflareWorkers() && 'EdDSA': { + if (!isAlgorithm(key.algorithm, 'NODE-ED25519')) + throw unusable('NODE-ED25519'); + break; + } + case 'ES256': + case 'ES384': + case 'ES512': { + if (!isAlgorithm(key.algorithm, 'ECDSA')) + throw unusable('ECDSA'); + const expected = getNamedCurve(alg); + const actual = key.algorithm.namedCurve; + if (actual !== expected) + throw unusable(expected, 'algorithm.namedCurve'); + break; + } + default: + throw new TypeError('CryptoKey does not support this operation'); + } + checkUsage(key, usages); +} +function checkEncCryptoKey(key, alg, ...usages) { + switch (alg) { + case 'A128GCM': + case 'A192GCM': + case 'A256GCM': { + if (!isAlgorithm(key.algorithm, 'AES-GCM')) + throw unusable('AES-GCM'); + const expected = parseInt(alg.substr(1, 3), 10); + const actual = key.algorithm.length; + if (actual !== expected) + throw unusable(expected, 'algorithm.length'); + break; + } + case 'A128KW': + case 'A192KW': + case 'A256KW': { + if (!isAlgorithm(key.algorithm, 'AES-KW')) + throw unusable('AES-KW'); + const expected = parseInt(alg.substr(1, 3), 10); + const actual = key.algorithm.length; + if (actual !== expected) + throw unusable(expected, 'algorithm.length'); + break; + } + case 'ECDH-ES': + if (!isAlgorithm(key.algorithm, 'ECDH')) + throw unusable('ECDH'); + break; + case 'PBES2-HS256+A128KW': + case 'PBES2-HS384+A192KW': + case 'PBES2-HS512+A256KW': + if (!isAlgorithm(key.algorithm, 'PBKDF2')) + throw unusable('PBKDF2'); + break; + case 'RSA-OAEP': + case 'RSA-OAEP-256': + case 'RSA-OAEP-384': + case 'RSA-OAEP-512': { + if (!isAlgorithm(key.algorithm, 'RSA-OAEP')) + throw unusable('RSA-OAEP'); + const expected = parseInt(alg.substr(9), 10) || 1; + const actual = getHashLength(key.algorithm.hash); + if (actual !== expected) + throw unusable(`SHA-${expected}`, 'algorithm.hash'); + break; + } + default: + throw new TypeError('CryptoKey does not support this operation'); + } + checkUsage(key, usages); +} + +var invalidKeyInput = (actual, ...types) => { + let msg = 'Key must be '; + if (types.length > 2) { + const last = types.pop(); + msg += `one of type ${types.join(', ')}, or ${last}.`; + } + else if (types.length === 2) { + msg += `one of type ${types[0]} or ${types[1]}.`; + } + else { + msg += `of type ${types[0]}.`; + } + if (actual == null) { + msg += ` Received ${actual}`; + } + else if (typeof actual === 'function' && actual.name) { + msg += ` Received function ${actual.name}`; + } + else if (typeof actual === 'object' && actual != null) { + if (actual.constructor && actual.constructor.name) { + msg += ` Received an instance of ${actual.constructor.name}`; + } + } + return msg; +}; + +var isKeyLike = (key) => { + return isCryptoKey(key); +}; +const types = ['CryptoKey']; + +async function cbcDecrypt(enc, cek, ciphertext, iv, tag, aad) { + if (!(cek instanceof Uint8Array)) { + throw new TypeError(invalidKeyInput(cek, 'Uint8Array')); + } + const keySize = parseInt(enc.substr(1, 3), 10); + const encKey = await crypto$1.subtle.importKey('raw', cek.subarray(keySize >> 3), 'AES-CBC', false, ['decrypt']); + const macKey = await crypto$1.subtle.importKey('raw', cek.subarray(0, keySize >> 3), { + hash: `SHA-${keySize << 1}`, + name: 'HMAC', + }, false, ['sign']); + const macData = concat(aad, iv, ciphertext, uint64be(aad.length << 3)); + const expectedTag = new Uint8Array((await crypto$1.subtle.sign('HMAC', macKey, macData)).slice(0, keySize >> 3)); + let macCheckPassed; + try { + macCheckPassed = timingSafeEqual(tag, expectedTag); + } + catch (_a) { + } + if (!macCheckPassed) { + throw new JWEDecryptionFailed(); + } + let plaintext; + try { + plaintext = new Uint8Array(await crypto$1.subtle.decrypt({ iv, name: 'AES-CBC' }, encKey, ciphertext)); + } + catch (_b) { + } + if (!plaintext) { + throw new JWEDecryptionFailed(); + } + return plaintext; +} +async function gcmDecrypt(enc, cek, ciphertext, iv, tag, aad) { + let encKey; + if (cek instanceof Uint8Array) { + encKey = await crypto$1.subtle.importKey('raw', cek, 'AES-GCM', false, ['decrypt']); + } + else { + checkEncCryptoKey(cek, enc, 'decrypt'); + encKey = cek; + } + try { + return new Uint8Array(await crypto$1.subtle.decrypt({ + additionalData: aad, + iv, + name: 'AES-GCM', + tagLength: 128, + }, encKey, concat(ciphertext, tag))); + } + catch (_a) { + throw new JWEDecryptionFailed(); + } +} +const decrypt$2 = async (enc, cek, ciphertext, iv, tag, aad) => { + if (!isCryptoKey(cek) && !(cek instanceof Uint8Array)) { + throw new TypeError(invalidKeyInput(cek, ...types, 'Uint8Array')); + } + checkIvLength(enc, iv); + switch (enc) { + case 'A128CBC-HS256': + case 'A192CBC-HS384': + case 'A256CBC-HS512': + if (cek instanceof Uint8Array) + checkCekLength(cek, parseInt(enc.substr(-3), 10)); + return cbcDecrypt(enc, cek, ciphertext, iv, tag, aad); + case 'A128GCM': + case 'A192GCM': + case 'A256GCM': + if (cek instanceof Uint8Array) + checkCekLength(cek, parseInt(enc.substr(1, 3), 10)); + return gcmDecrypt(enc, cek, ciphertext, iv, tag, aad); + default: + throw new JOSENotSupported('Unsupported JWE Content Encryption Algorithm'); + } +}; + +const inflate = async () => { + throw new JOSENotSupported('JWE "zip" (Compression Algorithm) Header Parameter is not supported by your javascript runtime. You need to use the `inflateRaw` decrypt option to provide Inflate Raw implementation.'); +}; +const deflate = async () => { + throw new JOSENotSupported('JWE "zip" (Compression Algorithm) Header Parameter is not supported by your javascript runtime. You need to use the `deflateRaw` encrypt option to provide Deflate Raw implementation.'); +}; + +const isDisjoint = (...headers) => { + const sources = headers.filter(Boolean); + if (sources.length === 0 || sources.length === 1) { + return true; + } + let acc; + for (const header of sources) { + const parameters = Object.keys(header); + if (!acc || acc.size === 0) { + acc = new Set(parameters); + continue; + } + for (const parameter of parameters) { + if (acc.has(parameter)) { + return false; + } + acc.add(parameter); + } + } + return true; +}; + +function isObjectLike(value) { + return typeof value === 'object' && value !== null; +} +function isObject(input) { + if (!isObjectLike(input) || Object.prototype.toString.call(input) !== '[object Object]') { + return false; + } + if (Object.getPrototypeOf(input) === null) { + return true; + } + let proto = input; + while (Object.getPrototypeOf(proto) !== null) { + proto = Object.getPrototypeOf(proto); + } + return Object.getPrototypeOf(input) === proto; +} + +const bogusWebCrypto = [ + { hash: 'SHA-256', name: 'HMAC' }, + true, + ['sign'], +]; + +function checkKeySize(key, alg) { + if (key.algorithm.length !== parseInt(alg.substr(1, 3), 10)) { + throw new TypeError(`Invalid key size for alg: ${alg}`); + } +} +function getCryptoKey$2(key, alg, usage) { + if (isCryptoKey(key)) { + checkEncCryptoKey(key, alg, usage); + return key; + } + if (key instanceof Uint8Array) { + return crypto$1.subtle.importKey('raw', key, 'AES-KW', true, [usage]); + } + throw new TypeError(invalidKeyInput(key, ...types, 'Uint8Array')); +} +const wrap$1 = async (alg, key, cek) => { + const cryptoKey = await getCryptoKey$2(key, alg, 'wrapKey'); + checkKeySize(cryptoKey, alg); + const cryptoKeyCek = await crypto$1.subtle.importKey('raw', cek, ...bogusWebCrypto); + return new Uint8Array(await crypto$1.subtle.wrapKey('raw', cryptoKeyCek, cryptoKey, 'AES-KW')); +}; +const unwrap$1 = async (alg, key, encryptedKey) => { + const cryptoKey = await getCryptoKey$2(key, alg, 'unwrapKey'); + checkKeySize(cryptoKey, alg); + const cryptoKeyCek = await crypto$1.subtle.unwrapKey('raw', encryptedKey, cryptoKey, 'AES-KW', ...bogusWebCrypto); + return new Uint8Array(await crypto$1.subtle.exportKey('raw', cryptoKeyCek)); +}; + +const digest = async (algorithm, data) => { + const subtleDigest = `SHA-${algorithm.substr(-3)}`; + return new Uint8Array(await crypto$1.subtle.digest(subtleDigest, data)); +}; + +const deriveKey$1 = async (publicKey, privateKey, algorithm, keyLength, apu = new Uint8Array(0), apv = new Uint8Array(0)) => { + if (!isCryptoKey(publicKey)) { + throw new TypeError(invalidKeyInput(publicKey, ...types)); + } + checkEncCryptoKey(publicKey, 'ECDH-ES'); + if (!isCryptoKey(privateKey)) { + throw new TypeError(invalidKeyInput(privateKey, ...types)); + } + checkEncCryptoKey(privateKey, 'ECDH-ES', 'deriveBits', 'deriveKey'); + const value = concat(lengthAndInput(encoder.encode(algorithm)), lengthAndInput(apu), lengthAndInput(apv), uint32be(keyLength)); + if (!privateKey.usages.includes('deriveBits')) { + throw new TypeError('ECDH-ES private key "usages" must include "deriveBits"'); + } + const sharedSecret = new Uint8Array(await crypto$1.subtle.deriveBits({ + name: 'ECDH', + public: publicKey, + }, privateKey, Math.ceil(parseInt(privateKey.algorithm.namedCurve.substr(-3), 10) / 8) << + 3)); + return concatKdf(digest, sharedSecret, keyLength, value); +}; +const generateEpk = async (key) => { + if (!isCryptoKey(key)) { + throw new TypeError(invalidKeyInput(key, ...types)); + } + return (await crypto$1.subtle.generateKey({ name: 'ECDH', namedCurve: key.algorithm.namedCurve }, true, ['deriveBits'])).privateKey; +}; +const ecdhAllowed = (key) => { + if (!isCryptoKey(key)) { + throw new TypeError(invalidKeyInput(key, ...types)); + } + return ['P-256', 'P-384', 'P-521'].includes(key.algorithm.namedCurve); +}; + +function checkP2s(p2s) { + if (!(p2s instanceof Uint8Array) || p2s.length < 8) { + throw new JWEInvalid('PBES2 Salt Input must be 8 or more octets'); + } +} + +function getCryptoKey$1(key, alg) { + if (key instanceof Uint8Array) { + return crypto$1.subtle.importKey('raw', key, 'PBKDF2', false, ['deriveBits']); + } + if (isCryptoKey(key)) { + checkEncCryptoKey(key, alg, 'deriveBits', 'deriveKey'); + return key; + } + throw new TypeError(invalidKeyInput(key, ...types, 'Uint8Array')); +} +async function deriveKey(p2s$1, alg, p2c, key) { + checkP2s(p2s$1); + const salt = p2s(alg, p2s$1); + const keylen = parseInt(alg.substr(13, 3), 10); + const subtleAlg = { + hash: `SHA-${alg.substr(8, 3)}`, + iterations: p2c, + name: 'PBKDF2', + salt, + }; + const wrapAlg = { + length: keylen, + name: 'AES-KW', + }; + const cryptoKey = await getCryptoKey$1(key, alg); + if (cryptoKey.usages.includes('deriveBits')) { + return new Uint8Array(await crypto$1.subtle.deriveBits(subtleAlg, cryptoKey, keylen)); + } + if (cryptoKey.usages.includes('deriveKey')) { + return crypto$1.subtle.deriveKey(subtleAlg, cryptoKey, wrapAlg, false, ['wrapKey', 'unwrapKey']); + } + throw new TypeError('PBKDF2 key "usages" must include "deriveBits" or "deriveKey"'); +} +const encrypt$2 = async (alg, key, cek, p2c = Math.floor(Math.random() * 2049) + 2048, p2s = random(new Uint8Array(16))) => { + const derived = await deriveKey(p2s, alg, p2c, key); + const encryptedKey = await wrap$1(alg.substr(-6), derived, cek); + return { encryptedKey, p2c, p2s: encode(p2s) }; +}; +const decrypt$1 = async (alg, key, encryptedKey, p2c, p2s) => { + const derived = await deriveKey(p2s, alg, p2c, key); + return unwrap$1(alg.substr(-6), derived, encryptedKey); +}; + +function subtleRsaEs(alg) { + switch (alg) { + case 'RSA-OAEP': + case 'RSA-OAEP-256': + case 'RSA-OAEP-384': + case 'RSA-OAEP-512': + return 'RSA-OAEP'; + default: + throw new JOSENotSupported(`alg ${alg} is not supported either by JOSE or your javascript runtime`); + } +} + +var checkKeyLength = (alg, key) => { + if (alg.startsWith('RS') || alg.startsWith('PS')) { + const { modulusLength } = key.algorithm; + if (typeof modulusLength !== 'number' || modulusLength < 2048) { + throw new TypeError(`${alg} requires key modulusLength to be 2048 bits or larger`); + } + } +}; + +const encrypt$1 = async (alg, key, cek) => { + if (!isCryptoKey(key)) { + throw new TypeError(invalidKeyInput(key, ...types)); + } + checkEncCryptoKey(key, alg, 'encrypt', 'wrapKey'); + checkKeyLength(alg, key); + if (key.usages.includes('encrypt')) { + return new Uint8Array(await crypto$1.subtle.encrypt(subtleRsaEs(alg), key, cek)); + } + if (key.usages.includes('wrapKey')) { + const cryptoKeyCek = await crypto$1.subtle.importKey('raw', cek, ...bogusWebCrypto); + return new Uint8Array(await crypto$1.subtle.wrapKey('raw', cryptoKeyCek, key, subtleRsaEs(alg))); + } + throw new TypeError('RSA-OAEP key "usages" must include "encrypt" or "wrapKey" for this operation'); +}; +const decrypt = async (alg, key, encryptedKey) => { + if (!isCryptoKey(key)) { + throw new TypeError(invalidKeyInput(key, ...types)); + } + checkEncCryptoKey(key, alg, 'decrypt', 'unwrapKey'); + checkKeyLength(alg, key); + if (key.usages.includes('decrypt')) { + return new Uint8Array(await crypto$1.subtle.decrypt(subtleRsaEs(alg), key, encryptedKey)); + } + if (key.usages.includes('unwrapKey')) { + const cryptoKeyCek = await crypto$1.subtle.unwrapKey('raw', encryptedKey, key, subtleRsaEs(alg), ...bogusWebCrypto); + return new Uint8Array(await crypto$1.subtle.exportKey('raw', cryptoKeyCek)); + } + throw new TypeError('RSA-OAEP key "usages" must include "decrypt" or "unwrapKey" for this operation'); +}; + +function bitLength(alg) { + switch (alg) { + case 'A128GCM': + return 128; + case 'A192GCM': + return 192; + case 'A256GCM': + case 'A128CBC-HS256': + return 256; + case 'A192CBC-HS384': + return 384; + case 'A256CBC-HS512': + return 512; + default: + throw new JOSENotSupported(`Unsupported JWE Algorithm: ${alg}`); + } +} +var generateCek = (alg) => random(new Uint8Array(bitLength(alg) >> 3)); + +function subtleMapping(jwk) { + let algorithm; + let keyUsages; + switch (jwk.kty) { + case 'oct': { + switch (jwk.alg) { + case 'HS256': + case 'HS384': + case 'HS512': + algorithm = { name: 'HMAC', hash: `SHA-${jwk.alg.substr(-3)}` }; + keyUsages = ['sign', 'verify']; + break; + case 'A128CBC-HS256': + case 'A192CBC-HS384': + case 'A256CBC-HS512': + throw new JOSENotSupported(`${jwk.alg} keys cannot be imported as CryptoKey instances`); + case 'A128GCM': + case 'A192GCM': + case 'A256GCM': + case 'A128GCMKW': + case 'A192GCMKW': + case 'A256GCMKW': + algorithm = { name: 'AES-GCM' }; + keyUsages = ['encrypt', 'decrypt']; + break; + case 'A128KW': + case 'A192KW': + case 'A256KW': + algorithm = { name: 'AES-KW' }; + keyUsages = ['wrapKey', 'unwrapKey']; + break; + case 'PBES2-HS256+A128KW': + case 'PBES2-HS384+A192KW': + case 'PBES2-HS512+A256KW': + algorithm = { name: 'PBKDF2' }; + keyUsages = ['deriveBits']; + break; + default: + throw new JOSENotSupported('Invalid or unsupported JWK "alg" (Algorithm) Parameter value'); + } + break; + } + case 'RSA': { + switch (jwk.alg) { + case 'PS256': + case 'PS384': + case 'PS512': + algorithm = { name: 'RSA-PSS', hash: `SHA-${jwk.alg.substr(-3)}` }; + keyUsages = jwk.d ? ['sign'] : ['verify']; + break; + case 'RS256': + case 'RS384': + case 'RS512': + algorithm = { name: 'RSASSA-PKCS1-v1_5', hash: `SHA-${jwk.alg.substr(-3)}` }; + keyUsages = jwk.d ? ['sign'] : ['verify']; + break; + case 'RSA-OAEP': + case 'RSA-OAEP-256': + case 'RSA-OAEP-384': + case 'RSA-OAEP-512': + algorithm = { + name: 'RSA-OAEP', + hash: `SHA-${parseInt(jwk.alg.substr(-3), 10) || 1}`, + }; + keyUsages = jwk.d ? ['decrypt', 'unwrapKey'] : ['encrypt', 'wrapKey']; + break; + default: + throw new JOSENotSupported('Invalid or unsupported JWK "alg" (Algorithm) Parameter value'); + } + break; + } + case 'EC': { + switch (jwk.alg) { + case 'ES256': + algorithm = { name: 'ECDSA', namedCurve: 'P-256' }; + keyUsages = jwk.d ? ['sign'] : ['verify']; + break; + case 'ES384': + algorithm = { name: 'ECDSA', namedCurve: 'P-384' }; + keyUsages = jwk.d ? ['sign'] : ['verify']; + break; + case 'ES512': + algorithm = { name: 'ECDSA', namedCurve: 'P-521' }; + keyUsages = jwk.d ? ['sign'] : ['verify']; + break; + case 'ECDH-ES': + case 'ECDH-ES+A128KW': + case 'ECDH-ES+A192KW': + case 'ECDH-ES+A256KW': + algorithm = { name: 'ECDH', namedCurve: jwk.crv }; + keyUsages = jwk.d ? ['deriveBits'] : []; + break; + default: + throw new JOSENotSupported('Invalid or unsupported JWK "alg" (Algorithm) Parameter value'); + } + break; + } + case (isCloudflareWorkers() || isNodeJs()) && 'OKP': + if (jwk.alg !== 'EdDSA') { + throw new JOSENotSupported('Invalid or unsupported JWK "alg" (Algorithm) Parameter value'); + } + switch (jwk.crv) { + case 'Ed25519': + algorithm = { name: 'NODE-ED25519', namedCurve: 'NODE-ED25519' }; + keyUsages = jwk.d ? ['sign'] : ['verify']; + break; + case isNodeJs() && 'Ed448': + algorithm = { name: 'NODE-ED448', namedCurve: 'NODE-ED448' }; + keyUsages = jwk.d ? ['sign'] : ['verify']; + break; + default: + throw new JOSENotSupported('Invalid or unsupported JWK "crv" (Subtype of Key Pair) Parameter value'); + } + break; + default: + throw new JOSENotSupported('Invalid or unsupported JWK "kty" (Key Type) Parameter value'); + } + return { algorithm, keyUsages }; +} +const parse = async (jwk) => { + var _a, _b; + const { algorithm, keyUsages } = subtleMapping(jwk); + const rest = [ + algorithm, + (_a = jwk.ext) !== null && _a !== void 0 ? _a : false, + (_b = jwk.key_ops) !== null && _b !== void 0 ? _b : keyUsages, + ]; + if (algorithm.name === 'PBKDF2') { + return crypto$1.subtle.importKey('raw', decode(jwk.k), ...rest); + } + const keyData = { ...jwk }; + delete keyData.alg; + return crypto$1.subtle.importKey('jwk', keyData, ...rest); +}; +var asKeyObject = parse; + +async function importJWK(jwk, alg, octAsKeyObject) { + if (!isObject(jwk)) { + throw new TypeError('JWK must be an object'); + } + alg || (alg = jwk.alg); + if (typeof alg !== 'string' || !alg) { + throw new TypeError('"alg" argument is required when "jwk.alg" is not present'); + } + switch (jwk.kty) { + case 'oct': + if (typeof jwk.k !== 'string' || !jwk.k) { + throw new TypeError('missing "k" (Key Value) Parameter value'); + } + octAsKeyObject !== null && octAsKeyObject !== void 0 ? octAsKeyObject : (octAsKeyObject = jwk.ext !== true); + if (octAsKeyObject) { + return asKeyObject({ ...jwk, alg, ext: false }); + } + return decode(jwk.k); + case 'RSA': + if (jwk.oth !== undefined) { + throw new JOSENotSupported('RSA JWK "oth" (Other Primes Info) Parameter value is not supported'); + } + case 'EC': + case 'OKP': + return asKeyObject({ ...jwk, alg }); + default: + throw new JOSENotSupported('Unsupported "kty" (Key Type) Parameter value'); + } +} + +const symmetricTypeCheck = (key) => { + if (key instanceof Uint8Array) + return; + if (!isKeyLike(key)) { + throw new TypeError(invalidKeyInput(key, ...types, 'Uint8Array')); + } + if (key.type !== 'secret') { + throw new TypeError(`${types.join(' or ')} instances for symmetric algorithms must be of type "secret"`); + } +}; +const asymmetricTypeCheck = (key, usage) => { + if (!isKeyLike(key)) { + throw new TypeError(invalidKeyInput(key, ...types)); + } + if (key.type === 'secret') { + throw new TypeError(`${types.join(' or ')} instances for asymmetric algorithms must not be of type "secret"`); + } + if (usage === 'sign' && key.type === 'public') { + throw new TypeError(`${types.join(' or ')} instances for asymmetric algorithm signing must be of type "private"`); + } + if (usage === 'decrypt' && key.type === 'public') { + throw new TypeError(`${types.join(' or ')} instances for asymmetric algorithm decryption must be of type "private"`); + } + if (key.algorithm && usage === 'verify' && key.type === 'private') { + throw new TypeError(`${types.join(' or ')} instances for asymmetric algorithm verifying must be of type "public"`); + } + if (key.algorithm && usage === 'encrypt' && key.type === 'private') { + throw new TypeError(`${types.join(' or ')} instances for asymmetric algorithm encryption must be of type "public"`); + } +}; +const checkKeyType = (alg, key, usage) => { + const symmetric = alg.startsWith('HS') || + alg === 'dir' || + alg.startsWith('PBES2') || + /^A\d{3}(?:GCM)?KW$/.test(alg); + if (symmetric) { + symmetricTypeCheck(key); + } + else { + asymmetricTypeCheck(key, usage); + } +}; + +async function cbcEncrypt(enc, plaintext, cek, iv, aad) { + if (!(cek instanceof Uint8Array)) { + throw new TypeError(invalidKeyInput(cek, 'Uint8Array')); + } + const keySize = parseInt(enc.substr(1, 3), 10); + const encKey = await crypto$1.subtle.importKey('raw', cek.subarray(keySize >> 3), 'AES-CBC', false, ['encrypt']); + const macKey = await crypto$1.subtle.importKey('raw', cek.subarray(0, keySize >> 3), { + hash: `SHA-${keySize << 1}`, + name: 'HMAC', + }, false, ['sign']); + const ciphertext = new Uint8Array(await crypto$1.subtle.encrypt({ + iv, + name: 'AES-CBC', + }, encKey, plaintext)); + const macData = concat(aad, iv, ciphertext, uint64be(aad.length << 3)); + const tag = new Uint8Array((await crypto$1.subtle.sign('HMAC', macKey, macData)).slice(0, keySize >> 3)); + return { ciphertext, tag }; +} +async function gcmEncrypt(enc, plaintext, cek, iv, aad) { + let encKey; + if (cek instanceof Uint8Array) { + encKey = await crypto$1.subtle.importKey('raw', cek, 'AES-GCM', false, ['encrypt']); + } + else { + checkEncCryptoKey(cek, enc, 'encrypt'); + encKey = cek; + } + const encrypted = new Uint8Array(await crypto$1.subtle.encrypt({ + additionalData: aad, + iv, + name: 'AES-GCM', + tagLength: 128, + }, encKey, plaintext)); + const tag = encrypted.slice(-16); + const ciphertext = encrypted.slice(0, -16); + return { ciphertext, tag }; +} +const encrypt = async (enc, plaintext, cek, iv, aad) => { + if (!isCryptoKey(cek) && !(cek instanceof Uint8Array)) { + throw new TypeError(invalidKeyInput(cek, ...types, 'Uint8Array')); + } + checkIvLength(enc, iv); + switch (enc) { + case 'A128CBC-HS256': + case 'A192CBC-HS384': + case 'A256CBC-HS512': + if (cek instanceof Uint8Array) + checkCekLength(cek, parseInt(enc.substr(-3), 10)); + return cbcEncrypt(enc, plaintext, cek, iv, aad); + case 'A128GCM': + case 'A192GCM': + case 'A256GCM': + if (cek instanceof Uint8Array) + checkCekLength(cek, parseInt(enc.substr(1, 3), 10)); + return gcmEncrypt(enc, plaintext, cek, iv, aad); + default: + throw new JOSENotSupported('Unsupported JWE Content Encryption Algorithm'); + } +}; + +async function wrap(alg, key, cek, iv) { + const jweAlgorithm = alg.substr(0, 7); + iv || (iv = generateIv(jweAlgorithm)); + const { ciphertext: encryptedKey, tag } = await encrypt(jweAlgorithm, cek, key, iv, new Uint8Array(0)); + return { encryptedKey, iv: encode(iv), tag: encode(tag) }; +} +async function unwrap(alg, key, encryptedKey, iv, tag) { + const jweAlgorithm = alg.substr(0, 7); + return decrypt$2(jweAlgorithm, key, encryptedKey, iv, tag, new Uint8Array(0)); +} + +async function decryptKeyManagement(alg, key, encryptedKey, joseHeader) { + checkKeyType(alg, key, 'decrypt'); + switch (alg) { + case 'dir': { + if (encryptedKey !== undefined) + throw new JWEInvalid('Encountered unexpected JWE Encrypted Key'); + return key; + } + case 'ECDH-ES': + if (encryptedKey !== undefined) + throw new JWEInvalid('Encountered unexpected JWE Encrypted Key'); + case 'ECDH-ES+A128KW': + case 'ECDH-ES+A192KW': + case 'ECDH-ES+A256KW': { + if (!isObject(joseHeader.epk)) + throw new JWEInvalid(`JOSE Header "epk" (Ephemeral Public Key) missing or invalid`); + if (!ecdhAllowed(key)) + throw new JOSENotSupported('ECDH-ES with the provided key is not allowed or not supported by your javascript runtime'); + const epk = await importJWK(joseHeader.epk, alg); + let partyUInfo; + let partyVInfo; + if (joseHeader.apu !== undefined) { + if (typeof joseHeader.apu !== 'string') + throw new JWEInvalid(`JOSE Header "apu" (Agreement PartyUInfo) invalid`); + partyUInfo = decode(joseHeader.apu); + } + if (joseHeader.apv !== undefined) { + if (typeof joseHeader.apv !== 'string') + throw new JWEInvalid(`JOSE Header "apv" (Agreement PartyVInfo) invalid`); + partyVInfo = decode(joseHeader.apv); + } + const sharedSecret = await deriveKey$1(epk, key, alg === 'ECDH-ES' ? joseHeader.enc : alg, alg === 'ECDH-ES' ? bitLength(joseHeader.enc) : parseInt(alg.substr(-5, 3), 10), partyUInfo, partyVInfo); + if (alg === 'ECDH-ES') + return sharedSecret; + if (encryptedKey === undefined) + throw new JWEInvalid('JWE Encrypted Key missing'); + return unwrap$1(alg.substr(-6), sharedSecret, encryptedKey); + } + case 'RSA1_5': + case 'RSA-OAEP': + case 'RSA-OAEP-256': + case 'RSA-OAEP-384': + case 'RSA-OAEP-512': { + if (encryptedKey === undefined) + throw new JWEInvalid('JWE Encrypted Key missing'); + return decrypt(alg, key, encryptedKey); + } + case 'PBES2-HS256+A128KW': + case 'PBES2-HS384+A192KW': + case 'PBES2-HS512+A256KW': { + if (encryptedKey === undefined) + throw new JWEInvalid('JWE Encrypted Key missing'); + if (typeof joseHeader.p2c !== 'number') + throw new JWEInvalid(`JOSE Header "p2c" (PBES2 Count) missing or invalid`); + if (typeof joseHeader.p2s !== 'string') + throw new JWEInvalid(`JOSE Header "p2s" (PBES2 Salt) missing or invalid`); + return decrypt$1(alg, key, encryptedKey, joseHeader.p2c, decode(joseHeader.p2s)); + } + case 'A128KW': + case 'A192KW': + case 'A256KW': { + if (encryptedKey === undefined) + throw new JWEInvalid('JWE Encrypted Key missing'); + return unwrap$1(alg, key, encryptedKey); + } + case 'A128GCMKW': + case 'A192GCMKW': + case 'A256GCMKW': { + if (encryptedKey === undefined) + throw new JWEInvalid('JWE Encrypted Key missing'); + if (typeof joseHeader.iv !== 'string') + throw new JWEInvalid(`JOSE Header "iv" (Initialization Vector) missing or invalid`); + if (typeof joseHeader.tag !== 'string') + throw new JWEInvalid(`JOSE Header "tag" (Authentication Tag) missing or invalid`); + const iv = decode(joseHeader.iv); + const tag = decode(joseHeader.tag); + return unwrap(alg, key, encryptedKey, iv, tag); + } + default: { + throw new JOSENotSupported('Invalid or unsupported "alg" (JWE Algorithm) header value'); + } + } +} + +function validateCrit(Err, recognizedDefault, recognizedOption, protectedHeader, joseHeader) { + if (joseHeader.crit !== undefined && protectedHeader.crit === undefined) { + throw new Err('"crit" (Critical) Header Parameter MUST be integrity protected'); + } + if (!protectedHeader || protectedHeader.crit === undefined) { + return new Set(); + } + if (!Array.isArray(protectedHeader.crit) || + protectedHeader.crit.length === 0 || + protectedHeader.crit.some((input) => typeof input !== 'string' || input.length === 0)) { + throw new Err('"crit" (Critical) Header Parameter MUST be an array of non-empty strings when present'); + } + let recognized; + if (recognizedOption !== undefined) { + recognized = new Map([...Object.entries(recognizedOption), ...recognizedDefault.entries()]); + } + else { + recognized = recognizedDefault; + } + for (const parameter of protectedHeader.crit) { + if (!recognized.has(parameter)) { + throw new JOSENotSupported(`Extension Header Parameter "${parameter}" is not recognized`); + } + if (joseHeader[parameter] === undefined) { + throw new Err(`Extension Header Parameter "${parameter}" is missing`); + } + else if (recognized.get(parameter) && protectedHeader[parameter] === undefined) { + throw new Err(`Extension Header Parameter "${parameter}" MUST be integrity protected`); + } + } + return new Set(protectedHeader.crit); +} + +const validateAlgorithms = (option, algorithms) => { + if (algorithms !== undefined && + (!Array.isArray(algorithms) || algorithms.some((s) => typeof s !== 'string'))) { + throw new TypeError(`"${option}" option must be an array of strings`); + } + if (!algorithms) { + return undefined; + } + return new Set(algorithms); +}; + +async function flattenedDecrypt(jwe, key, options) { + var _a; + if (!isObject(jwe)) { + throw new JWEInvalid('Flattened JWE must be an object'); + } + if (jwe.protected === undefined && jwe.header === undefined && jwe.unprotected === undefined) { + throw new JWEInvalid('JOSE Header missing'); + } + if (typeof jwe.iv !== 'string') { + throw new JWEInvalid('JWE Initialization Vector missing or incorrect type'); + } + if (typeof jwe.ciphertext !== 'string') { + throw new JWEInvalid('JWE Ciphertext missing or incorrect type'); + } + if (typeof jwe.tag !== 'string') { + throw new JWEInvalid('JWE Authentication Tag missing or incorrect type'); + } + if (jwe.protected !== undefined && typeof jwe.protected !== 'string') { + throw new JWEInvalid('JWE Protected Header incorrect type'); + } + if (jwe.encrypted_key !== undefined && typeof jwe.encrypted_key !== 'string') { + throw new JWEInvalid('JWE Encrypted Key incorrect type'); + } + if (jwe.aad !== undefined && typeof jwe.aad !== 'string') { + throw new JWEInvalid('JWE AAD incorrect type'); + } + if (jwe.header !== undefined && !isObject(jwe.header)) { + throw new JWEInvalid('JWE Shared Unprotected Header incorrect type'); + } + if (jwe.unprotected !== undefined && !isObject(jwe.unprotected)) { + throw new JWEInvalid('JWE Per-Recipient Unprotected Header incorrect type'); + } + let parsedProt; + if (jwe.protected) { + const protectedHeader = decode(jwe.protected); + try { + parsedProt = JSON.parse(decoder.decode(protectedHeader)); + } + catch (_b) { + throw new JWEInvalid('JWE Protected Header is invalid'); + } + } + if (!isDisjoint(parsedProt, jwe.header, jwe.unprotected)) { + throw new JWEInvalid('JWE Protected, JWE Unprotected Header, and JWE Per-Recipient Unprotected Header Parameter names must be disjoint'); + } + const joseHeader = { + ...parsedProt, + ...jwe.header, + ...jwe.unprotected, + }; + validateCrit(JWEInvalid, new Map(), options === null || options === void 0 ? void 0 : options.crit, parsedProt, joseHeader); + if (joseHeader.zip !== undefined) { + if (!parsedProt || !parsedProt.zip) { + throw new JWEInvalid('JWE "zip" (Compression Algorithm) Header MUST be integrity protected'); + } + if (joseHeader.zip !== 'DEF') { + throw new JOSENotSupported('Unsupported JWE "zip" (Compression Algorithm) Header Parameter value'); + } + } + const { alg, enc } = joseHeader; + if (typeof alg !== 'string' || !alg) { + throw new JWEInvalid('missing JWE Algorithm (alg) in JWE Header'); + } + if (typeof enc !== 'string' || !enc) { + throw new JWEInvalid('missing JWE Encryption Algorithm (enc) in JWE Header'); + } + const keyManagementAlgorithms = options && validateAlgorithms('keyManagementAlgorithms', options.keyManagementAlgorithms); + const contentEncryptionAlgorithms = options && + validateAlgorithms('contentEncryptionAlgorithms', options.contentEncryptionAlgorithms); + if (keyManagementAlgorithms && !keyManagementAlgorithms.has(alg)) { + throw new JOSEAlgNotAllowed('"alg" (Algorithm) Header Parameter not allowed'); + } + if (contentEncryptionAlgorithms && !contentEncryptionAlgorithms.has(enc)) { + throw new JOSEAlgNotAllowed('"enc" (Encryption Algorithm) Header Parameter not allowed'); + } + let encryptedKey; + if (jwe.encrypted_key !== undefined) { + encryptedKey = decode(jwe.encrypted_key); + } + let resolvedKey = false; + if (typeof key === 'function') { + key = await key(parsedProt, jwe); + resolvedKey = true; + } + let cek; + try { + cek = await decryptKeyManagement(alg, key, encryptedKey, joseHeader); + } + catch (err) { + if (err instanceof TypeError) { + throw err; + } + cek = generateCek(enc); + } + const iv = decode(jwe.iv); + const tag = decode(jwe.tag); + const protectedHeader = encoder.encode((_a = jwe.protected) !== null && _a !== void 0 ? _a : ''); + let additionalData; + if (jwe.aad !== undefined) { + additionalData = concat(protectedHeader, encoder.encode('.'), encoder.encode(jwe.aad)); + } + else { + additionalData = protectedHeader; + } + let plaintext = await decrypt$2(enc, cek, decode(jwe.ciphertext), iv, tag, additionalData); + if (joseHeader.zip === 'DEF') { + plaintext = await ((options === null || options === void 0 ? void 0 : options.inflateRaw) || inflate)(plaintext); + } + const result = { plaintext }; + if (jwe.protected !== undefined) { + result.protectedHeader = parsedProt; + } + if (jwe.aad !== undefined) { + result.additionalAuthenticatedData = decode(jwe.aad); + } + if (jwe.unprotected !== undefined) { + result.sharedUnprotectedHeader = jwe.unprotected; + } + if (jwe.header !== undefined) { + result.unprotectedHeader = jwe.header; + } + if (resolvedKey) { + return { ...result, key }; + } + return result; +} + +async function compactDecrypt(jwe, key, options) { + if (jwe instanceof Uint8Array) { + jwe = decoder.decode(jwe); + } + if (typeof jwe !== 'string') { + throw new JWEInvalid('Compact JWE must be a string or Uint8Array'); + } + const { 0: protectedHeader, 1: encryptedKey, 2: iv, 3: ciphertext, 4: tag, length, } = jwe.split('.'); + if (length !== 5) { + throw new JWEInvalid('Invalid Compact JWE'); + } + const decrypted = await flattenedDecrypt({ + ciphertext: (ciphertext || undefined), + iv: (iv || undefined), + protected: protectedHeader || undefined, + tag: (tag || undefined), + encrypted_key: encryptedKey || undefined, + }, key, options); + const result = { plaintext: decrypted.plaintext, protectedHeader: decrypted.protectedHeader }; + if (typeof key === 'function') { + return { ...result, key: decrypted.key }; + } + return result; +} + +const keyToJWK = async (key) => { + if (key instanceof Uint8Array) { + return { + kty: 'oct', + k: encode(key), + }; + } + if (!isCryptoKey(key)) { + throw new TypeError(invalidKeyInput(key, ...types, 'Uint8Array')); + } + if (!key.extractable) { + throw new TypeError('non-extractable CryptoKey cannot be exported as a JWK'); + } + const { ext, key_ops, alg, use, ...jwk } = await crypto$1.subtle.exportKey('jwk', key); + return jwk; +}; +var keyToJWK$1 = keyToJWK; + +async function exportJWK(key) { + return keyToJWK$1(key); +} + +async function encryptKeyManagement(alg, enc, key, providedCek, providedParameters = {}) { + let encryptedKey; + let parameters; + let cek; + checkKeyType(alg, key, 'encrypt'); + switch (alg) { + case 'dir': { + cek = key; + break; + } + case 'ECDH-ES': + case 'ECDH-ES+A128KW': + case 'ECDH-ES+A192KW': + case 'ECDH-ES+A256KW': { + if (!ecdhAllowed(key)) { + throw new JOSENotSupported('ECDH-ES with the provided key is not allowed or not supported by your javascript runtime'); + } + const { apu, apv } = providedParameters; + let { epk: ephemeralKey } = providedParameters; + ephemeralKey || (ephemeralKey = await generateEpk(key)); + const { x, y, crv, kty } = await exportJWK(ephemeralKey); + const sharedSecret = await deriveKey$1(key, ephemeralKey, alg === 'ECDH-ES' ? enc : alg, alg === 'ECDH-ES' ? bitLength(enc) : parseInt(alg.substr(-5, 3), 10), apu, apv); + parameters = { epk: { x, y, crv, kty } }; + if (apu) + parameters.apu = encode(apu); + if (apv) + parameters.apv = encode(apv); + if (alg === 'ECDH-ES') { + cek = sharedSecret; + break; + } + cek = providedCek || generateCek(enc); + const kwAlg = alg.substr(-6); + encryptedKey = await wrap$1(kwAlg, sharedSecret, cek); + break; + } + case 'RSA1_5': + case 'RSA-OAEP': + case 'RSA-OAEP-256': + case 'RSA-OAEP-384': + case 'RSA-OAEP-512': { + cek = providedCek || generateCek(enc); + encryptedKey = await encrypt$1(alg, key, cek); + break; + } + case 'PBES2-HS256+A128KW': + case 'PBES2-HS384+A192KW': + case 'PBES2-HS512+A256KW': { + cek = providedCek || generateCek(enc); + const { p2c, p2s } = providedParameters; + ({ encryptedKey, ...parameters } = await encrypt$2(alg, key, cek, p2c, p2s)); + break; + } + case 'A128KW': + case 'A192KW': + case 'A256KW': { + cek = providedCek || generateCek(enc); + encryptedKey = await wrap$1(alg, key, cek); + break; + } + case 'A128GCMKW': + case 'A192GCMKW': + case 'A256GCMKW': { + cek = providedCek || generateCek(enc); + const { iv } = providedParameters; + ({ encryptedKey, ...parameters } = await wrap(alg, key, cek, iv)); + break; + } + default: { + throw new JOSENotSupported('Invalid or unsupported "alg" (JWE Algorithm) header value'); + } + } + return { cek, encryptedKey, parameters }; +} + +const unprotected = Symbol(); +class FlattenedEncrypt { + constructor(plaintext) { + if (!(plaintext instanceof Uint8Array)) { + throw new TypeError('plaintext must be an instance of Uint8Array'); + } + this._plaintext = plaintext; + } + setKeyManagementParameters(parameters) { + if (this._keyManagementParameters) { + throw new TypeError('setKeyManagementParameters can only be called once'); + } + this._keyManagementParameters = parameters; + return this; + } + setProtectedHeader(protectedHeader) { + if (this._protectedHeader) { + throw new TypeError('setProtectedHeader can only be called once'); + } + this._protectedHeader = protectedHeader; + return this; + } + setSharedUnprotectedHeader(sharedUnprotectedHeader) { + if (this._sharedUnprotectedHeader) { + throw new TypeError('setSharedUnprotectedHeader can only be called once'); + } + this._sharedUnprotectedHeader = sharedUnprotectedHeader; + return this; + } + setUnprotectedHeader(unprotectedHeader) { + if (this._unprotectedHeader) { + throw new TypeError('setUnprotectedHeader can only be called once'); + } + this._unprotectedHeader = unprotectedHeader; + return this; + } + setAdditionalAuthenticatedData(aad) { + this._aad = aad; + return this; + } + setContentEncryptionKey(cek) { + if (this._cek) { + throw new TypeError('setContentEncryptionKey can only be called once'); + } + this._cek = cek; + return this; + } + setInitializationVector(iv) { + if (this._iv) { + throw new TypeError('setInitializationVector can only be called once'); + } + this._iv = iv; + return this; + } + async encrypt(key, options) { + if (!this._protectedHeader && !this._unprotectedHeader && !this._sharedUnprotectedHeader) { + throw new JWEInvalid('either setProtectedHeader, setUnprotectedHeader, or sharedUnprotectedHeader must be called before #encrypt()'); + } + if (!isDisjoint(this._protectedHeader, this._unprotectedHeader, this._sharedUnprotectedHeader)) { + throw new JWEInvalid('JWE Protected, JWE Shared Unprotected and JWE Per-Recipient Header Parameter names must be disjoint'); + } + const joseHeader = { + ...this._protectedHeader, + ...this._unprotectedHeader, + ...this._sharedUnprotectedHeader, + }; + validateCrit(JWEInvalid, new Map(), options === null || options === void 0 ? void 0 : options.crit, this._protectedHeader, joseHeader); + if (joseHeader.zip !== undefined) { + if (!this._protectedHeader || !this._protectedHeader.zip) { + throw new JWEInvalid('JWE "zip" (Compression Algorithm) Header MUST be integrity protected'); + } + if (joseHeader.zip !== 'DEF') { + throw new JOSENotSupported('Unsupported JWE "zip" (Compression Algorithm) Header Parameter value'); + } + } + const { alg, enc } = joseHeader; + if (typeof alg !== 'string' || !alg) { + throw new JWEInvalid('JWE "alg" (Algorithm) Header Parameter missing or invalid'); + } + if (typeof enc !== 'string' || !enc) { + throw new JWEInvalid('JWE "enc" (Encryption Algorithm) Header Parameter missing or invalid'); + } + let encryptedKey; + if (alg === 'dir') { + if (this._cek) { + throw new TypeError('setContentEncryptionKey cannot be called when using Direct Encryption'); + } + } + else if (alg === 'ECDH-ES') { + if (this._cek) { + throw new TypeError('setContentEncryptionKey cannot be called when using Direct Key Agreement'); + } + } + let cek; + { + let parameters; + ({ cek, encryptedKey, parameters } = await encryptKeyManagement(alg, enc, key, this._cek, this._keyManagementParameters)); + if (parameters) { + if (options && unprotected in options) { + if (!this._unprotectedHeader) { + this.setUnprotectedHeader(parameters); + } + else { + this._unprotectedHeader = { ...this._unprotectedHeader, ...parameters }; + } + } + else { + if (!this._protectedHeader) { + this.setProtectedHeader(parameters); + } + else { + this._protectedHeader = { ...this._protectedHeader, ...parameters }; + } + } + } + } + this._iv || (this._iv = generateIv(enc)); + let additionalData; + let protectedHeader; + let aadMember; + if (this._protectedHeader) { + protectedHeader = encoder.encode(encode(JSON.stringify(this._protectedHeader))); + } + else { + protectedHeader = encoder.encode(''); + } + if (this._aad) { + aadMember = encode(this._aad); + additionalData = concat(protectedHeader, encoder.encode('.'), encoder.encode(aadMember)); + } + else { + additionalData = protectedHeader; + } + let ciphertext; + let tag; + if (joseHeader.zip === 'DEF') { + const deflated = await ((options === null || options === void 0 ? void 0 : options.deflateRaw) || deflate)(this._plaintext); + ({ ciphertext, tag } = await encrypt(enc, deflated, cek, this._iv, additionalData)); + } + else { + ({ ciphertext, tag } = await encrypt(enc, this._plaintext, cek, this._iv, additionalData)); + } + const jwe = { + ciphertext: encode(ciphertext), + iv: encode(this._iv), + tag: encode(tag), + }; + if (encryptedKey) { + jwe.encrypted_key = encode(encryptedKey); + } + if (aadMember) { + jwe.aad = aadMember; + } + if (this._protectedHeader) { + jwe.protected = decoder.decode(protectedHeader); + } + if (this._sharedUnprotectedHeader) { + jwe.unprotected = this._sharedUnprotectedHeader; + } + if (this._unprotectedHeader) { + jwe.header = this._unprotectedHeader; + } + return jwe; + } +} + +function subtleDsa(alg, namedCurve) { + const length = parseInt(alg.substr(-3), 10); + switch (alg) { + case 'HS256': + case 'HS384': + case 'HS512': + return { hash: `SHA-${length}`, name: 'HMAC' }; + case 'PS256': + case 'PS384': + case 'PS512': + return { hash: `SHA-${length}`, name: 'RSA-PSS', saltLength: length >> 3 }; + case 'RS256': + case 'RS384': + case 'RS512': + return { hash: `SHA-${length}`, name: 'RSASSA-PKCS1-v1_5' }; + case 'ES256': + case 'ES384': + case 'ES512': + return { hash: `SHA-${length}`, name: 'ECDSA', namedCurve }; + case (isCloudflareWorkers() || isNodeJs()) && 'EdDSA': + return { name: namedCurve, namedCurve }; + default: + throw new JOSENotSupported(`alg ${alg} is not supported either by JOSE or your javascript runtime`); + } +} + +function getCryptoKey(alg, key, usage) { + if (isCryptoKey(key)) { + checkSigCryptoKey(key, alg, usage); + return key; + } + if (key instanceof Uint8Array) { + if (!alg.startsWith('HS')) { + throw new TypeError(invalidKeyInput(key, ...types)); + } + return crypto$1.subtle.importKey('raw', key, { hash: `SHA-${alg.substr(-3)}`, name: 'HMAC' }, false, [usage]); + } + throw new TypeError(invalidKeyInput(key, ...types, 'Uint8Array')); +} + +const verify = async (alg, key, signature, data) => { + const cryptoKey = await getCryptoKey(alg, key, 'verify'); + checkKeyLength(alg, cryptoKey); + const algorithm = subtleDsa(alg, cryptoKey.algorithm.namedCurve); + try { + return await crypto$1.subtle.verify(algorithm, cryptoKey, signature, data); + } + catch (_a) { + return false; + } +}; + +async function flattenedVerify(jws, key, options) { + var _a; + if (!isObject(jws)) { + throw new JWSInvalid('Flattened JWS must be an object'); + } + if (jws.protected === undefined && jws.header === undefined) { + throw new JWSInvalid('Flattened JWS must have either of the "protected" or "header" members'); + } + if (jws.protected !== undefined && typeof jws.protected !== 'string') { + throw new JWSInvalid('JWS Protected Header incorrect type'); + } + if (jws.payload === undefined) { + throw new JWSInvalid('JWS Payload missing'); + } + if (typeof jws.signature !== 'string') { + throw new JWSInvalid('JWS Signature missing or incorrect type'); + } + if (jws.header !== undefined && !isObject(jws.header)) { + throw new JWSInvalid('JWS Unprotected Header incorrect type'); + } + let parsedProt = {}; + if (jws.protected) { + const protectedHeader = decode(jws.protected); + try { + parsedProt = JSON.parse(decoder.decode(protectedHeader)); + } + catch (_b) { + throw new JWSInvalid('JWS Protected Header is invalid'); + } + } + if (!isDisjoint(parsedProt, jws.header)) { + throw new JWSInvalid('JWS Protected and JWS Unprotected Header Parameter names must be disjoint'); + } + const joseHeader = { + ...parsedProt, + ...jws.header, + }; + const extensions = validateCrit(JWSInvalid, new Map([['b64', true]]), options === null || options === void 0 ? void 0 : options.crit, parsedProt, joseHeader); + let b64 = true; + if (extensions.has('b64')) { + b64 = parsedProt.b64; + if (typeof b64 !== 'boolean') { + throw new JWSInvalid('The "b64" (base64url-encode payload) Header Parameter must be a boolean'); + } + } + const { alg } = joseHeader; + if (typeof alg !== 'string' || !alg) { + throw new JWSInvalid('JWS "alg" (Algorithm) Header Parameter missing or invalid'); + } + const algorithms = options && validateAlgorithms('algorithms', options.algorithms); + if (algorithms && !algorithms.has(alg)) { + throw new JOSEAlgNotAllowed('"alg" (Algorithm) Header Parameter not allowed'); + } + if (b64) { + if (typeof jws.payload !== 'string') { + throw new JWSInvalid('JWS Payload must be a string'); + } + } + else if (typeof jws.payload !== 'string' && !(jws.payload instanceof Uint8Array)) { + throw new JWSInvalid('JWS Payload must be a string or an Uint8Array instance'); + } + let resolvedKey = false; + if (typeof key === 'function') { + key = await key(parsedProt, jws); + resolvedKey = true; + } + checkKeyType(alg, key, 'verify'); + const data = concat(encoder.encode((_a = jws.protected) !== null && _a !== void 0 ? _a : ''), encoder.encode('.'), typeof jws.payload === 'string' ? encoder.encode(jws.payload) : jws.payload); + const signature = decode(jws.signature); + const verified = await verify(alg, key, signature, data); + if (!verified) { + throw new JWSSignatureVerificationFailed(); + } + let payload; + if (b64) { + payload = decode(jws.payload); + } + else if (typeof jws.payload === 'string') { + payload = encoder.encode(jws.payload); + } + else { + payload = jws.payload; + } + const result = { payload }; + if (jws.protected !== undefined) { + result.protectedHeader = parsedProt; + } + if (jws.header !== undefined) { + result.unprotectedHeader = jws.header; + } + if (resolvedKey) { + return { ...result, key }; + } + return result; +} + +async function compactVerify(jws, key, options) { + if (jws instanceof Uint8Array) { + jws = decoder.decode(jws); + } + if (typeof jws !== 'string') { + throw new JWSInvalid('Compact JWS must be a string or Uint8Array'); + } + const { 0: protectedHeader, 1: payload, 2: signature, length } = jws.split('.'); + if (length !== 3) { + throw new JWSInvalid('Invalid Compact JWS'); + } + const verified = await flattenedVerify({ payload, protected: protectedHeader, signature }, key, options); + const result = { payload: verified.payload, protectedHeader: verified.protectedHeader }; + if (typeof key === 'function') { + return { ...result, key: verified.key }; + } + return result; +} + +class CompactEncrypt { + constructor(plaintext) { + this._flattened = new FlattenedEncrypt(plaintext); + } + setContentEncryptionKey(cek) { + this._flattened.setContentEncryptionKey(cek); + return this; + } + setInitializationVector(iv) { + this._flattened.setInitializationVector(iv); + return this; + } + setProtectedHeader(protectedHeader) { + this._flattened.setProtectedHeader(protectedHeader); + return this; + } + setKeyManagementParameters(parameters) { + this._flattened.setKeyManagementParameters(parameters); + return this; + } + async encrypt(key, options) { + const jwe = await this._flattened.encrypt(key, options); + return [jwe.protected, jwe.encrypted_key, jwe.iv, jwe.ciphertext, jwe.tag].join('.'); + } +} + +const sign = async (alg, key, data) => { + const cryptoKey = await getCryptoKey(alg, key, 'sign'); + checkKeyLength(alg, cryptoKey); + const signature = await crypto$1.subtle.sign(subtleDsa(alg, cryptoKey.algorithm.namedCurve), cryptoKey, data); + return new Uint8Array(signature); +}; + +class FlattenedSign { + constructor(payload) { + if (!(payload instanceof Uint8Array)) { + throw new TypeError('payload must be an instance of Uint8Array'); + } + this._payload = payload; + } + setProtectedHeader(protectedHeader) { + if (this._protectedHeader) { + throw new TypeError('setProtectedHeader can only be called once'); + } + this._protectedHeader = protectedHeader; + return this; + } + setUnprotectedHeader(unprotectedHeader) { + if (this._unprotectedHeader) { + throw new TypeError('setUnprotectedHeader can only be called once'); + } + this._unprotectedHeader = unprotectedHeader; + return this; + } + async sign(key, options) { + if (!this._protectedHeader && !this._unprotectedHeader) { + throw new JWSInvalid('either setProtectedHeader or setUnprotectedHeader must be called before #sign()'); + } + if (!isDisjoint(this._protectedHeader, this._unprotectedHeader)) { + throw new JWSInvalid('JWS Protected and JWS Unprotected Header Parameter names must be disjoint'); + } + const joseHeader = { + ...this._protectedHeader, + ...this._unprotectedHeader, + }; + const extensions = validateCrit(JWSInvalid, new Map([['b64', true]]), options === null || options === void 0 ? void 0 : options.crit, this._protectedHeader, joseHeader); + let b64 = true; + if (extensions.has('b64')) { + b64 = this._protectedHeader.b64; + if (typeof b64 !== 'boolean') { + throw new JWSInvalid('The "b64" (base64url-encode payload) Header Parameter must be a boolean'); + } + } + const { alg } = joseHeader; + if (typeof alg !== 'string' || !alg) { + throw new JWSInvalid('JWS "alg" (Algorithm) Header Parameter missing or invalid'); + } + checkKeyType(alg, key, 'sign'); + let payload = this._payload; + if (b64) { + payload = encoder.encode(encode(payload)); + } + let protectedHeader; + if (this._protectedHeader) { + protectedHeader = encoder.encode(encode(JSON.stringify(this._protectedHeader))); + } + else { + protectedHeader = encoder.encode(''); + } + const data = concat(protectedHeader, encoder.encode('.'), payload); + const signature = await sign(alg, key, data); + const jws = { + signature: encode(signature), + payload: '', + }; + if (b64) { + jws.payload = decoder.decode(payload); + } + if (this._unprotectedHeader) { + jws.header = this._unprotectedHeader; + } + if (this._protectedHeader) { + jws.protected = decoder.decode(protectedHeader); + } + return jws; + } +} + +class CompactSign { + constructor(payload) { + this._flattened = new FlattenedSign(payload); + } + setProtectedHeader(protectedHeader) { + this._flattened.setProtectedHeader(protectedHeader); + return this; + } + async sign(key, options) { + const jws = await this._flattened.sign(key, options); + if (jws.payload === undefined) { + throw new TypeError('use the flattened module for creating JWS with b64: false'); + } + return `${jws.protected}.${jws.payload}.${jws.signature}`; + } +} + +const check = (value, description) => { + if (typeof value !== 'string' || !value) { + throw new JWKInvalid(`${description} missing or invalid`); + } +}; +async function calculateJwkThumbprint(jwk, digestAlgorithm = 'sha256') { + if (!isObject(jwk)) { + throw new TypeError('JWK must be an object'); + } + let components; + switch (jwk.kty) { + case 'EC': + check(jwk.crv, '"crv" (Curve) Parameter'); + check(jwk.x, '"x" (X Coordinate) Parameter'); + check(jwk.y, '"y" (Y Coordinate) Parameter'); + components = { crv: jwk.crv, kty: jwk.kty, x: jwk.x, y: jwk.y }; + break; + case 'OKP': + check(jwk.crv, '"crv" (Subtype of Key Pair) Parameter'); + check(jwk.x, '"x" (Public Key) Parameter'); + components = { crv: jwk.crv, kty: jwk.kty, x: jwk.x }; + break; + case 'RSA': + check(jwk.e, '"e" (Exponent) Parameter'); + check(jwk.n, '"n" (Modulus) Parameter'); + components = { e: jwk.e, kty: jwk.kty, n: jwk.n }; + break; + case 'oct': + check(jwk.k, '"k" (Key Value) Parameter'); + components = { k: jwk.k, kty: jwk.kty }; + break; + default: + throw new JOSENotSupported('"kty" (Key Type) Parameter missing or unsupported'); + } + const data = encoder.encode(JSON.stringify(components)); + return encode(await digest(digestAlgorithm, data)); +} + +const sha = async function (input, algorithm = 'SHA-256') { + const algorithms = ['SHA-1', 'SHA-256', 'SHA-384', 'SHA-512']; + if (!algorithms.includes(algorithm)) { + throw new RangeError(`Valid hash algorith values are any of ${JSON.stringify(algorithms)}`); + } + const encoder = new TextEncoder(); + const hashInput = (typeof input === 'string') ? encoder.encode(input).buffer : input; + let digest = ''; + { + const buf = await crypto.subtle.digest(algorithm, hashInput); + const h = '0123456789abcdef'; + (new Uint8Array(buf)).forEach((v) => { + digest += h[v >> 4] + h[v & 15]; + }); + } + return digest; +}; + +// TODO decide a fixed delay for the protocol +const IAT_DELAY = 5000; +/** + * Validate Proof or Request using the Provider Public Key + */ +const validatePoR = async (publicKey, poR, poO) => { + const poRpayload = await decodePor(publicKey, poR); + const hashPooDgst = await sha(poO); + if (hashPooDgst !== poRpayload.exchange.poo_dgst) { + throw new Error('the hashed proof of origin received does not correspond to the poo_dgst parameter in the proof of origin'); + } + else if (Date.now() - poRpayload.iat > IAT_DELAY) { + throw new Error('timestamp error'); + } + else { + return true; + } +}; +/** + * Decode Proof of Reception with Consumer public key + */ +const decodePor = async (publicKey, poR) => { + const { payload } = await compactVerify(poR, publicKey).catch((e) => { + throw new Error(`PoR: ${String(e)}`); + }); + const decodedPoOPayload = JSON.parse(new TextDecoder().decode(payload).toString()); + return decodedPoOPayload; +}; +/** + * Validate Proof or Origin using the Consumer Public Key + */ +const validatePoO = async (publicKey, poO, cipherblock) => { + const poOpayload = await decodePoo(publicKey, poO); + const hashedCipherBlock = await sha(cipherblock); + if (poOpayload.exchange.cipherblock_dgst !== hashedCipherBlock) { + throw new Error('the cipherblock_dgst parameter in the proof of origin does not correspond to hash of the cipherblock received by the provider'); + } + else if (Date.now() - poOpayload.iat > IAT_DELAY) { + throw new Error('timestamp error'); + } + else { + return true; + } +}; +/** + * Decode Proof of Origin with Provider public key + */ +const decodePoo = async (publicKey, poO) => { + const { payload } = await compactVerify(poO, publicKey).catch((e) => { + throw new Error('PoO ' + String(e)); + }); + const decodedPoOPayload = JSON.parse(new TextDecoder().decode(payload).toString()); + return decodedPoOPayload; +}; +/** + * Validate Proof of Publication using the Backplain Public Key + */ +const validatePoP = (publicKeyBackplain, publicKeyProvider, poP, jwk, poO) => { + return new Promise((resolve, reject) => { + compactVerify(poP, publicKeyBackplain).catch((e) => { + reject(new Error('PoP ' + String(e))); + }); + decodePoo(publicKeyProvider, poO) + .then((poOPayload) => { + sha(JSON.stringify(jwk)) + .then(hashedJwk => { + if (poOPayload.exchange.key_commitment === hashedJwk) { + resolve(true); + } + else { + reject(new Error('hashed key not correspond to poO key_commitment parameter')); + } + }) + .catch(reason => reject(reason)); + }) + .catch(reason => reject(reason)); + }); +}; +/** + * Decrypt the cipherblock received + */ +const decryptCipherblock = async (chiperblock, jwk) => { + const decoder = new TextDecoder(); + const key = await importJWK(jwk, 'A256GCM'); // TODO: ENC_ALG + const { plaintext } = await compactDecrypt(chiperblock, key); + return decoder.decode(plaintext); +}; +/** + * Validate the cipherblock + */ +const validateCipherblock = async (publicKey, chiperblock, jwk, poO) => { + const decodedCipherBlock = await decryptCipherblock(chiperblock, jwk); + const hashedDecodedCipherBlock = await sha(decodedCipherBlock); + if (hashedDecodedCipherBlock === poO.exchange.block_commitment) { + // TODO check also block_description + return true; + } + else { + throw new Error('hashed CipherBlock not correspond to block_commitment parameter included in the proof of origin'); + } +}; + +const SIGNING_ALG = 'ES256'; +const ENC_ALG = 'AES-GCM'; +const ENC_ALG_KEY_LENGTH = 256; +/** + * + * Create Proof of Origin and sign with Provider private key + * + * @param privateKey - private key of the signer/issuer + * @param block - the blocks asdfsdfsd + * @param providerId + * @param consumerId + * @param exchangeId + * @param blockId + * @param jwk + * @returns + */ +const createPoO = async (privateKey, block, providerId, consumerId, exchangeId, blockId, jwk) => { + const input = (typeof block === 'string') ? (new TextEncoder()).encode(block) : new Uint8Array(block); + const key = await importJWK(jwk); + const cipherblock = await new CompactEncrypt(input) + .setProtectedHeader({ alg: 'dir', enc: 'A256GCM' }) + .encrypt(key); + const hashCipherblock = await sha(cipherblock); + const hashBlock = await sha(input); + const hashKey = await sha(JSON.stringify(jwk)); + const proof = { + iss: providerId, + sub: consumerId, + iat: Date.now(), + exchange: { + id: exchangeId, + orig: providerId, + dest: consumerId, + block_id: blockId, + block_desc: 'description', + hash_alg: 'sha256', + cipherblock_dgst: hashCipherblock, + block_commitment: hashBlock, + key_commitment: hashKey + } + }; + const signedProof = await signProof(privateKey, proof); + return { cipherblock: cipherblock, poO: signedProof }; +}; +/** + * Create a random (high entropy) symmetric JWK secret + * + * @returns a promise that resolves to a JWK + */ +const createJwk = async () => { + let key; + { + key = await window.crypto.subtle.generateKey({ + name: ENC_ALG, + length: ENC_ALG_KEY_LENGTH + }, true, ['encrypt', 'decrypt']); + } + const jwk = await exportJWK(key); + const thumbprint = await calculateJwkThumbprint(jwk); + jwk.kid = thumbprint; + jwk.alg = 'A256GCM'; + return jwk; +}; +/** + * Sign a proof with private key + */ +const signProof = async (privateKey, proof) => { + const jwt = new TextEncoder().encode(JSON.stringify(proof)); + const jws = await new CompactSign(jwt) + .setProtectedHeader({ alg: SIGNING_ALG }) + .sign(privateKey); + return jws; +}; +/** + * Create Proof of Receipt and sign with Consumer private key + */ +const createPoR = async (privateKey, poO, providerId, consumerId, exchangeId) => { + const hashPooDgst = await sha(poO); + const proof = { + iss: providerId, + sub: consumerId, + iat: Date.now(), + exchange: { + poo_dgst: hashPooDgst, + hash_alg: 'sha256', + exchangeId: exchangeId + } + }; + const signedProof = await signProof(privateKey, proof); + return signedProof; +}; +/** + * + * Prepare block to be send to the Backplain API + */ +const createBlockchainProof = async (publicKey, poO, poR, jwk) => { + const decodedPoO = await decodePoo(publicKey, poO); + const privateStorage = { + availability: 'privateStorage', + permissions: { + view: [decodedPoO.exchange.orig, decodedPoO.exchange.dest] + }, + type: 'dict', + id: decodedPoO.exchange.id, + content: { [decodedPoO.exchange.block_id]: { poO: poO, poR: poR } } + }; + const blockchain = { + availability: 'blockchain', + type: 'jwk', + content: { [jwk.kid]: jwk } // eslint-disable-line + }; + return { privateStorage, blockchain }; +}; + +export { SIGNING_ALG, createBlockchainProof, createJwk, createPoO, createPoR, decodePoo, decodePor, decryptCipherblock, sha, signProof, validateCipherblock, validatePoO, validatePoP, validatePoR }; +//# sourceMappingURL=data:application/json;charset=utf-8;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiZXNtLmpzIiwic291cmNlcyI6WyIuLi8uLi9ub2RlX21vZHVsZXMvam9zZS9kaXN0L2Jyb3dzZXIvbGliL2J1ZmZlcl91dGlscy5qcyIsIi4uLy4uL25vZGVfbW9kdWxlcy9qb3NlL2Rpc3QvYnJvd3Nlci9ydW50aW1lL2Jhc2U2NHVybC5qcyIsIi4uLy4uL25vZGVfbW9kdWxlcy9qb3NlL2Rpc3QvYnJvd3Nlci91dGlsL2Vycm9ycy5qcyIsIi4uLy4uL25vZGVfbW9kdWxlcy9qb3NlL2Rpc3QvYnJvd3Nlci9ydW50aW1lL3dlYmNyeXB0by5qcyIsIi4uLy4uL25vZGVfbW9kdWxlcy9qb3NlL2Rpc3QvYnJvd3Nlci9ydW50aW1lL3JhbmRvbS5qcyIsIi4uLy4uL25vZGVfbW9kdWxlcy9qb3NlL2Rpc3QvYnJvd3Nlci9saWIvaXYuanMiLCIuLi8uLi9ub2RlX21vZHVsZXMvam9zZS9kaXN0L2Jyb3dzZXIvbGliL2NoZWNrX2l2X2xlbmd0aC5qcyIsIi4uLy4uL25vZGVfbW9kdWxlcy9qb3NlL2Rpc3QvYnJvd3Nlci9ydW50aW1lL2NoZWNrX2Nla19sZW5ndGguanMiLCIuLi8uLi9ub2RlX21vZHVsZXMvam9zZS9kaXN0L2Jyb3dzZXIvcnVudGltZS90aW1pbmdfc2FmZV9lcXVhbC5qcyIsIi4uLy4uL25vZGVfbW9kdWxlcy9qb3NlL2Rpc3QvYnJvd3Nlci9ydW50aW1lL2Vudi5qcyIsIi4uLy4uL25vZGVfbW9kdWxlcy9qb3NlL2Rpc3QvYnJvd3Nlci9saWIvY3J5cHRvX2tleS5qcyIsIi4uLy4uL25vZGVfbW9kdWxlcy9qb3NlL2Rpc3QvYnJvd3Nlci9saWIvaW52YWxpZF9rZXlfaW5wdXQuanMiLCIuLi8uLi9ub2RlX21vZHVsZXMvam9zZS9kaXN0L2Jyb3dzZXIvcnVudGltZS9pc19rZXlfbGlrZS5qcyIsIi4uLy4uL25vZGVfbW9kdWxlcy9qb3NlL2Rpc3QvYnJvd3Nlci9ydW50aW1lL2RlY3J5cHQuanMiLCIuLi8uLi9ub2RlX21vZHVsZXMvam9zZS9kaXN0L2Jyb3dzZXIvcnVudGltZS96bGliLmpzIiwiLi4vLi4vbm9kZV9tb2R1bGVzL2pvc2UvZGlzdC9icm93c2VyL2xpYi9pc19kaXNqb2ludC5qcyIsIi4uLy4uL25vZGVfbW9kdWxlcy9qb3NlL2Rpc3QvYnJvd3Nlci9saWIvaXNfb2JqZWN0LmpzIiwiLi4vLi4vbm9kZV9tb2R1bGVzL2pvc2UvZGlzdC9icm93c2VyL3J1bnRpbWUvYm9ndXMuanMiLCIuLi8uLi9ub2RlX21vZHVsZXMvam9zZS9kaXN0L2Jyb3dzZXIvcnVudGltZS9hZXNrdy5qcyIsIi4uLy4uL25vZGVfbW9kdWxlcy9qb3NlL2Rpc3QvYnJvd3Nlci9ydW50aW1lL2RpZ2VzdC5qcyIsIi4uLy4uL25vZGVfbW9kdWxlcy9qb3NlL2Rpc3QvYnJvd3Nlci9ydW50aW1lL2VjZGhlcy5qcyIsIi4uLy4uL25vZGVfbW9kdWxlcy9qb3NlL2Rpc3QvYnJvd3Nlci9saWIvY2hlY2tfcDJzLmpzIiwiLi4vLi4vbm9kZV9tb2R1bGVzL2pvc2UvZGlzdC9icm93c2VyL3J1bnRpbWUvcGJlczJrdy5qcyIsIi4uLy4uL25vZGVfbW9kdWxlcy9qb3NlL2Rpc3QvYnJvd3Nlci9ydW50aW1lL3N1YnRsZV9yc2Flcy5qcyIsIi4uLy4uL25vZGVfbW9kdWxlcy9qb3NlL2Rpc3QvYnJvd3Nlci9ydW50aW1lL2NoZWNrX2tleV9sZW5ndGguanMiLCIuLi8uLi9ub2RlX21vZHVsZXMvam9zZS9kaXN0L2Jyb3dzZXIvcnVudGltZS9yc2Flcy5qcyIsIi4uLy4uL25vZGVfbW9kdWxlcy9qb3NlL2Rpc3QvYnJvd3Nlci9saWIvY2VrLmpzIiwiLi4vLi4vbm9kZV9tb2R1bGVzL2pvc2UvZGlzdC9icm93c2VyL3J1bnRpbWUvandrX3RvX2tleS5qcyIsIi4uLy4uL25vZGVfbW9kdWxlcy9qb3NlL2Rpc3QvYnJvd3Nlci9rZXkvaW1wb3J0LmpzIiwiLi4vLi4vbm9kZV9tb2R1bGVzL2pvc2UvZGlzdC9icm93c2VyL2xpYi9jaGVja19rZXlfdHlwZS5qcyIsIi4uLy4uL25vZGVfbW9kdWxlcy9qb3NlL2Rpc3QvYnJvd3Nlci9ydW50aW1lL2VuY3J5cHQuanMiLCIuLi8uLi9ub2RlX21vZHVsZXMvam9zZS9kaXN0L2Jyb3dzZXIvbGliL2Flc2djbWt3LmpzIiwiLi4vLi4vbm9kZV9tb2R1bGVzL2pvc2UvZGlzdC9icm93c2VyL2xpYi9kZWNyeXB0X2tleV9tYW5hZ2VtZW50LmpzIiwiLi4vLi4vbm9kZV9tb2R1bGVzL2pvc2UvZGlzdC9icm93c2VyL2xpYi92YWxpZGF0ZV9jcml0LmpzIiwiLi4vLi4vbm9kZV9tb2R1bGVzL2pvc2UvZGlzdC9icm93c2VyL2xpYi92YWxpZGF0ZV9hbGdvcml0aG1zLmpzIiwiLi4vLi4vbm9kZV9tb2R1bGVzL2pvc2UvZGlzdC9icm93c2VyL2p3ZS9mbGF0dGVuZWQvZGVjcnlwdC5qcyIsIi4uLy4uL25vZGVfbW9kdWxlcy9qb3NlL2Rpc3QvYnJvd3Nlci9qd2UvY29tcGFjdC9kZWNyeXB0LmpzIiwiLi4vLi4vbm9kZV9tb2R1bGVzL2pvc2UvZGlzdC9icm93c2VyL3J1bnRpbWUva2V5X3RvX2p3ay5qcyIsIi4uLy4uL25vZGVfbW9kdWxlcy9qb3NlL2Rpc3QvYnJvd3Nlci9rZXkvZXhwb3J0LmpzIiwiLi4vLi4vbm9kZV9tb2R1bGVzL2pvc2UvZGlzdC9icm93c2VyL2xpYi9lbmNyeXB0X2tleV9tYW5hZ2VtZW50LmpzIiwiLi4vLi4vbm9kZV9tb2R1bGVzL2pvc2UvZGlzdC9icm93c2VyL2p3ZS9mbGF0dGVuZWQvZW5jcnlwdC5qcyIsIi4uLy4uL25vZGVfbW9kdWxlcy9qb3NlL2Rpc3QvYnJvd3Nlci9ydW50aW1lL3N1YnRsZV9kc2EuanMiLCIuLi8uLi9ub2RlX21vZHVsZXMvam9zZS9kaXN0L2Jyb3dzZXIvcnVudGltZS9nZXRfc2lnbl92ZXJpZnlfa2V5LmpzIiwiLi4vLi4vbm9kZV9tb2R1bGVzL2pvc2UvZGlzdC9icm93c2VyL3J1bnRpbWUvdmVyaWZ5LmpzIiwiLi4vLi4vbm9kZV9tb2R1bGVzL2pvc2UvZGlzdC9icm93c2VyL2p3cy9mbGF0dGVuZWQvdmVyaWZ5LmpzIiwiLi4vLi4vbm9kZV9tb2R1bGVzL2pvc2UvZGlzdC9icm93c2VyL2p3cy9jb21wYWN0L3ZlcmlmeS5qcyIsIi4uLy4uL25vZGVfbW9kdWxlcy9qb3NlL2Rpc3QvYnJvd3Nlci9qd2UvY29tcGFjdC9lbmNyeXB0LmpzIiwiLi4vLi4vbm9kZV9tb2R1bGVzL2pvc2UvZGlzdC9icm93c2VyL3J1bnRpbWUvc2lnbi5qcyIsIi4uLy4uL25vZGVfbW9kdWxlcy9qb3NlL2Rpc3QvYnJvd3Nlci9qd3MvZmxhdHRlbmVkL3NpZ24uanMiLCIuLi8uLi9ub2RlX21vZHVsZXMvam9zZS9kaXN0L2Jyb3dzZXIvandzL2NvbXBhY3Qvc2lnbi5qcyIsIi4uLy4uL25vZGVfbW9kdWxlcy9qb3NlL2Rpc3QvYnJvd3Nlci9qd2svdGh1bWJwcmludC5qcyIsIi4uLy4uL3NyYy90cy9zaGEudHMiLCIuLi8uLi9zcmMvdHMvdmFsaWRhdGVQcm9vZnMudHMiLCIuLi8uLi9zcmMvdHMvY3JlYXRlUHJvb2ZzLnRzIl0sInNvdXJjZXNDb250ZW50IjpudWxsLCJuYW1lcyI6WyJjcnlwdG8iLCJiaXRMZW5ndGgiLCJkZWNyeXB0IiwiZ2V0Q3J5cHRvS2V5Iiwid3JhcCIsInVud3JhcCIsImRlcml2ZUtleSIsInAycyIsImNvbmNhdFNhbHQiLCJlbmNyeXB0IiwiYmFzZTY0dXJsIiwic3VidGxlQWxnb3JpdGhtIiwiZGVjb2RlQmFzZTY0VVJMIiwiRUNESC5lY2RoQWxsb3dlZCIsIkVDREguZGVyaXZlS2V5IiwiY2VrTGVuZ3RoIiwiYWVzS3ciLCJyc2FFcyIsInBiZXMyS3ciLCJhZXNHY21LdyIsImtleVRvSldLIiwiRUNESC5nZW5lcmF0ZUVwayIsImdldFZlcmlmeUtleSIsImdldFNpZ25LZXkiXSwibWFwcGluZ3MiOiJBQUFPLE1BQU0sT0FBTyxHQUFHLElBQUksV0FBVyxFQUFFLENBQUM7QUFDbEMsTUFBTSxPQUFPLEdBQUcsSUFBSSxXQUFXLEVBQUUsQ0FBQztBQUN6QyxNQUFNLFNBQVMsR0FBRyxDQUFDLElBQUksRUFBRSxDQUFDO0FBQ25CLFNBQVMsTUFBTSxDQUFDLEdBQUcsT0FBTyxFQUFFO0FBQ25DLElBQUksTUFBTSxJQUFJLEdBQUcsT0FBTyxDQUFDLE1BQU0sQ0FBQyxDQUFDLEdBQUcsRUFBRSxFQUFFLE1BQU0sRUFBRSxLQUFLLEdBQUcsR0FBRyxNQUFNLEVBQUUsQ0FBQyxDQUFDLENBQUM7QUFDdEUsSUFBSSxNQUFNLEdBQUcsR0FBRyxJQUFJLFVBQVUsQ0FBQyxJQUFJLENBQUMsQ0FBQztBQUNyQyxJQUFJLElBQUksQ0FBQyxHQUFHLENBQUMsQ0FBQztBQUNkLElBQUksT0FBTyxDQUFDLE9BQU8sQ0FBQyxDQUFDLE1BQU0sS0FBSztBQUNoQyxRQUFRLEdBQUcsQ0FBQyxHQUFHLENBQUMsTUFBTSxFQUFFLENBQUMsQ0FBQyxDQUFDO0FBQzNCLFFBQVEsQ0FBQyxJQUFJLE1BQU0sQ0FBQyxNQUFNLENBQUM7QUFDM0IsS0FBSyxDQUFDLENBQUM7QUFDUCxJQUFJLE9BQU8sR0FBRyxDQUFDO0FBQ2YsQ0FBQztBQUNNLFNBQVMsR0FBRyxDQUFDLEdBQUcsRUFBRSxRQUFRLEVBQUU7QUFDbkMsSUFBSSxPQUFPLE1BQU0sQ0FBQyxPQUFPLENBQUMsTUFBTSxDQUFDLEdBQUcsQ0FBQyxFQUFFLElBQUksVUFBVSxDQUFDLENBQUMsQ0FBQyxDQUFDLENBQUMsRUFBRSxRQUFRLENBQUMsQ0FBQztBQUN0RSxDQUFDO0FBQ0QsU0FBUyxhQUFhLENBQUMsR0FBRyxFQUFFLEtBQUssRUFBRSxNQUFNLEVBQUU7QUFDM0MsSUFBSSxJQUFJLEtBQUssR0FBRyxDQUFDLElBQUksS0FBSyxJQUFJLFNBQVMsRUFBRTtBQUN6QyxRQUFRLE1BQU0sSUFBSSxVQUFVLENBQUMsQ0FBQywwQkFBMEIsRUFBRSxTQUFTLEdBQUcsQ0FBQyxDQUFDLFdBQVcsRUFBRSxLQUFLLENBQUMsQ0FBQyxDQUFDLENBQUM7QUFDOUYsS0FBSztBQUNMLElBQUksR0FBRyxDQUFDLEdBQUcsQ0FBQyxDQUFDLEtBQUssS0FBSyxFQUFFLEVBQUUsS0FBSyxLQUFLLEVBQUUsRUFBRSxLQUFLLEtBQUssQ0FBQyxFQUFFLEtBQUssR0FBRyxJQUFJLENBQUMsRUFBRSxNQUFNLENBQUMsQ0FBQztBQUM3RSxDQUFDO0FBQ00sU0FBUyxRQUFRLENBQUMsS0FBSyxFQUFFO0FBQ2hDLElBQUksTUFBTSxJQUFJLEdBQUcsSUFBSSxDQUFDLEtBQUssQ0FBQyxLQUFLLEdBQUcsU0FBUyxDQUFDLENBQUM7QUFDL0MsSUFBSSxNQUFNLEdBQUcsR0FBRyxLQUFLLEdBQUcsU0FBUyxDQUFDO0FBQ2xDLElBQUksTUFBTSxHQUFHLEdBQUcsSUFBSSxVQUFVLENBQUMsQ0FBQyxDQUFDLENBQUM7QUFDbEMsSUFBSSxhQUFhLENBQUMsR0FBRyxFQUFFLElBQUksRUFBRSxDQUFDLENBQUMsQ0FBQztBQUNoQyxJQUFJLGFBQWEsQ0FBQyxHQUFHLEVBQUUsR0FBRyxFQUFFLENBQUMsQ0FBQyxDQUFDO0FBQy9CLElBQUksT0FBTyxHQUFHLENBQUM7QUFDZixDQUFDO0FBQ00sU0FBUyxRQUFRLENBQUMsS0FBSyxFQUFFO0FBQ2hDLElBQUksTUFBTSxHQUFHLEdBQUcsSUFBSSxVQUFVLENBQUMsQ0FBQyxDQUFDLENBQUM7QUFDbEMsSUFBSSxhQUFhLENBQUMsR0FBRyxFQUFFLEtBQUssQ0FBQyxDQUFDO0FBQzlCLElBQUksT0FBTyxHQUFHLENBQUM7QUFDZixDQUFDO0FBQ00sU0FBUyxjQUFjLENBQUMsS0FBSyxFQUFFO0FBQ3RDLElBQUksT0FBTyxNQUFNLENBQUMsUUFBUSxDQUFDLEtBQUssQ0FBQyxNQUFNLENBQUMsRUFBRSxLQUFLLENBQUMsQ0FBQztBQUNqRCxDQUFDO0FBQ00sZUFBZSxTQUFTLENBQUMsTUFBTSxFQUFFLE1BQU0sRUFBRSxJQUFJLEVBQUUsS0FBSyxFQUFFO0FBQzdELElBQUksTUFBTSxVQUFVLEdBQUcsSUFBSSxDQUFDLElBQUksQ0FBQyxDQUFDLElBQUksSUFBSSxDQUFDLElBQUksRUFBRSxDQUFDLENBQUM7QUFDbkQsSUFBSSxJQUFJLEdBQUcsQ0FBQztBQUNaLElBQUksS0FBSyxJQUFJLElBQUksR0FBRyxDQUFDLEVBQUUsSUFBSSxJQUFJLFVBQVUsRUFBRSxJQUFJLEVBQUUsRUFBRTtBQUNuRCxRQUFRLE1BQU0sR0FBRyxHQUFHLElBQUksVUFBVSxDQUFDLENBQUMsR0FBRyxNQUFNLENBQUMsTUFBTSxHQUFHLEtBQUssQ0FBQyxNQUFNLENBQUMsQ0FBQztBQUNyRSxRQUFRLEdBQUcsQ0FBQyxHQUFHLENBQUMsUUFBUSxDQUFDLElBQUksQ0FBQyxDQUFDLENBQUM7QUFDaEMsUUFBUSxHQUFHLENBQUMsR0FBRyxDQUFDLE1BQU0sRUFBRSxDQUFDLENBQUMsQ0FBQztBQUMzQixRQUFRLEdBQUcsQ0FBQyxHQUFHLENBQUMsS0FBSyxFQUFFLENBQUMsR0FBRyxNQUFNLENBQUMsTUFBTSxDQUFDLENBQUM7QUFDMUMsUUFBUSxJQUFJLENBQUMsR0FBRyxFQUFFO0FBQ2xCLFlBQVksR0FBRyxHQUFHLE1BQU0sTUFBTSxDQUFDLFFBQVEsRUFBRSxHQUFHLENBQUMsQ0FBQztBQUM5QyxTQUFTO0FBQ1QsYUFBYTtBQUNiLFlBQVksR0FBRyxHQUFHLE1BQU0sQ0FBQyxHQUFHLEVBQUUsTUFBTSxNQUFNLENBQUMsUUFBUSxFQUFFLEdBQUcsQ0FBQyxDQUFDLENBQUM7QUFDM0QsU0FBUztBQUNULEtBQUs7QUFDTCxJQUFJLEdBQUcsR0FBRyxHQUFHLENBQUMsS0FBSyxDQUFDLENBQUMsRUFBRSxJQUFJLElBQUksQ0FBQyxDQUFDLENBQUM7QUFDbEMsSUFBSSxPQUFPLEdBQUcsQ0FBQztBQUNmOztBQ3RETyxNQUFNLFlBQVksR0FBRyxDQUFDLEtBQUssS0FBSztBQUN2QyxJQUFJLElBQUksU0FBUyxHQUFHLEtBQUssQ0FBQztBQUMxQixJQUFJLElBQUksT0FBTyxTQUFTLEtBQUssUUFBUSxFQUFFO0FBQ3ZDLFFBQVEsU0FBUyxHQUFHLE9BQU8sQ0FBQyxNQUFNLENBQUMsU0FBUyxDQUFDLENBQUM7QUFDOUMsS0FBSztBQUNMLElBQUksTUFBTSxVQUFVLEdBQUcsTUFBTSxDQUFDO0FBQzlCLElBQUksTUFBTSxHQUFHLEdBQUcsRUFBRSxDQUFDO0FBQ25CLElBQUksS0FBSyxJQUFJLENBQUMsR0FBRyxDQUFDLEVBQUUsQ0FBQyxHQUFHLFNBQVMsQ0FBQyxNQUFNLEVBQUUsQ0FBQyxJQUFJLFVBQVUsRUFBRTtBQUMzRCxRQUFRLEdBQUcsQ0FBQyxJQUFJLENBQUMsTUFBTSxDQUFDLFlBQVksQ0FBQyxLQUFLLENBQUMsSUFBSSxFQUFFLFNBQVMsQ0FBQyxRQUFRLENBQUMsQ0FBQyxFQUFFLENBQUMsR0FBRyxVQUFVLENBQUMsQ0FBQyxDQUFDLENBQUM7QUFDekYsS0FBSztBQUNMLElBQUksT0FBTyxJQUFJLENBQUMsR0FBRyxDQUFDLElBQUksQ0FBQyxFQUFFLENBQUMsQ0FBQyxDQUFDO0FBQzlCLENBQUMsQ0FBQztBQUNLLE1BQU0sTUFBTSxHQUFHLENBQUMsS0FBSyxLQUFLO0FBQ2pDLElBQUksT0FBTyxZQUFZLENBQUMsS0FBSyxDQUFDLENBQUMsT0FBTyxDQUFDLElBQUksRUFBRSxFQUFFLENBQUMsQ0FBQyxPQUFPLENBQUMsS0FBSyxFQUFFLEdBQUcsQ0FBQyxDQUFDLE9BQU8sQ0FBQyxLQUFLLEVBQUUsR0FBRyxDQUFDLENBQUM7QUFDekYsQ0FBQyxDQUFDO0FBQ0ssTUFBTSxZQUFZLEdBQUcsQ0FBQyxPQUFPLEtBQUs7QUFDekMsSUFBSSxPQUFPLElBQUksVUFBVSxDQUFDLElBQUksQ0FBQyxPQUFPLENBQUM7QUFDdkMsU0FBUyxLQUFLLENBQUMsRUFBRSxDQUFDO0FBQ2xCLFNBQVMsR0FBRyxDQUFDLENBQUMsQ0FBQyxLQUFLLENBQUMsQ0FBQyxVQUFVLENBQUMsQ0FBQyxDQUFDLENBQUMsQ0FBQyxDQUFDO0FBQ3RDLENBQUMsQ0FBQztBQUNLLE1BQU0sTUFBTSxHQUFHLENBQUMsS0FBSyxLQUFLO0FBQ2pDLElBQUksSUFBSSxPQUFPLEdBQUcsS0FBSyxDQUFDO0FBQ3hCLElBQUksSUFBSSxPQUFPLFlBQVksVUFBVSxFQUFFO0FBQ3ZDLFFBQVEsT0FBTyxHQUFHLE9BQU8sQ0FBQyxNQUFNLENBQUMsT0FBTyxDQUFDLENBQUM7QUFDMUMsS0FBSztBQUNMLElBQUksT0FBTyxHQUFHLE9BQU8sQ0FBQyxPQUFPLENBQUMsSUFBSSxFQUFFLEdBQUcsQ0FBQyxDQUFDLE9BQU8sQ0FBQyxJQUFJLEVBQUUsR0FBRyxDQUFDLENBQUMsT0FBTyxDQUFDLEtBQUssRUFBRSxFQUFFLENBQUMsQ0FBQztBQUMvRSxJQUFJLElBQUk7QUFDUixRQUFRLE9BQU8sWUFBWSxDQUFDLE9BQU8sQ0FBQyxDQUFDO0FBQ3JDLEtBQUs7QUFDTCxJQUFJLE9BQU8sRUFBRSxFQUFFO0FBQ2YsUUFBUSxNQUFNLElBQUksU0FBUyxDQUFDLG1EQUFtRCxDQUFDLENBQUM7QUFDakYsS0FBSztBQUNMLENBQUM7O0FDakNNLE1BQU0sU0FBUyxTQUFTLEtBQUssQ0FBQztBQUNyQyxJQUFJLFdBQVcsQ0FBQyxPQUFPLEVBQUU7QUFDekIsUUFBUSxJQUFJLEVBQUUsQ0FBQztBQUNmLFFBQVEsS0FBSyxDQUFDLE9BQU8sQ0FBQyxDQUFDO0FBQ3ZCLFFBQVEsSUFBSSxDQUFDLElBQUksR0FBRyxrQkFBa0IsQ0FBQztBQUN2QyxRQUFRLElBQUksQ0FBQyxJQUFJLEdBQUcsSUFBSSxDQUFDLFdBQVcsQ0FBQyxJQUFJLENBQUM7QUFDMUMsUUFBUSxDQUFDLEVBQUUsR0FBRyxLQUFLLENBQUMsaUJBQWlCLE1BQU0sSUFBSSxJQUFJLEVBQUUsS0FBSyxLQUFLLENBQUMsR0FBRyxLQUFLLENBQUMsR0FBRyxFQUFFLENBQUMsSUFBSSxDQUFDLEtBQUssRUFBRSxJQUFJLEVBQUUsSUFBSSxDQUFDLFdBQVcsQ0FBQyxDQUFDO0FBQ25ILEtBQUs7QUFDTCxJQUFJLFdBQVcsSUFBSSxHQUFHO0FBQ3RCLFFBQVEsT0FBTyxrQkFBa0IsQ0FBQztBQUNsQyxLQUFLO0FBQ0wsQ0FBQztBQXVCTSxNQUFNLGlCQUFpQixTQUFTLFNBQVMsQ0FBQztBQUNqRCxJQUFJLFdBQVcsR0FBRztBQUNsQixRQUFRLEtBQUssQ0FBQyxHQUFHLFNBQVMsQ0FBQyxDQUFDO0FBQzVCLFFBQVEsSUFBSSxDQUFDLElBQUksR0FBRywwQkFBMEIsQ0FBQztBQUMvQyxLQUFLO0FBQ0wsSUFBSSxXQUFXLElBQUksR0FBRztBQUN0QixRQUFRLE9BQU8sMEJBQTBCLENBQUM7QUFDMUMsS0FBSztBQUNMLENBQUM7QUFDTSxNQUFNLGdCQUFnQixTQUFTLFNBQVMsQ0FBQztBQUNoRCxJQUFJLFdBQVcsR0FBRztBQUNsQixRQUFRLEtBQUssQ0FBQyxHQUFHLFNBQVMsQ0FBQyxDQUFDO0FBQzVCLFFBQVEsSUFBSSxDQUFDLElBQUksR0FBRyx3QkFBd0IsQ0FBQztBQUM3QyxLQUFLO0FBQ0wsSUFBSSxXQUFXLElBQUksR0FBRztBQUN0QixRQUFRLE9BQU8sd0JBQXdCLENBQUM7QUFDeEMsS0FBSztBQUNMLENBQUM7QUFDTSxNQUFNLG1CQUFtQixTQUFTLFNBQVMsQ0FBQztBQUNuRCxJQUFJLFdBQVcsR0FBRztBQUNsQixRQUFRLEtBQUssQ0FBQyxHQUFHLFNBQVMsQ0FBQyxDQUFDO0FBQzVCLFFBQVEsSUFBSSxDQUFDLElBQUksR0FBRywyQkFBMkIsQ0FBQztBQUNoRCxRQUFRLElBQUksQ0FBQyxPQUFPLEdBQUcsNkJBQTZCLENBQUM7QUFDckQsS0FBSztBQUNMLElBQUksV0FBVyxJQUFJLEdBQUc7QUFDdEIsUUFBUSxPQUFPLDJCQUEyQixDQUFDO0FBQzNDLEtBQUs7QUFDTCxDQUFDO0FBQ00sTUFBTSxVQUFVLFNBQVMsU0FBUyxDQUFDO0FBQzFDLElBQUksV0FBVyxHQUFHO0FBQ2xCLFFBQVEsS0FBSyxDQUFDLEdBQUcsU0FBUyxDQUFDLENBQUM7QUFDNUIsUUFBUSxJQUFJLENBQUMsSUFBSSxHQUFHLGlCQUFpQixDQUFDO0FBQ3RDLEtBQUs7QUFDTCxJQUFJLFdBQVcsSUFBSSxHQUFHO0FBQ3RCLFFBQVEsT0FBTyxpQkFBaUIsQ0FBQztBQUNqQyxLQUFLO0FBQ0wsQ0FBQztBQUNNLE1BQU0sVUFBVSxTQUFTLFNBQVMsQ0FBQztBQUMxQyxJQUFJLFdBQVcsR0FBRztBQUNsQixRQUFRLEtBQUssQ0FBQyxHQUFHLFNBQVMsQ0FBQyxDQUFDO0FBQzVCLFFBQVEsSUFBSSxDQUFDLElBQUksR0FBRyxpQkFBaUIsQ0FBQztBQUN0QyxLQUFLO0FBQ0wsSUFBSSxXQUFXLElBQUksR0FBRztBQUN0QixRQUFRLE9BQU8saUJBQWlCLENBQUM7QUFDakMsS0FBSztBQUNMLENBQUM7QUFVTSxNQUFNLFVBQVUsU0FBUyxTQUFTLENBQUM7QUFDMUMsSUFBSSxXQUFXLEdBQUc7QUFDbEIsUUFBUSxLQUFLLENBQUMsR0FBRyxTQUFTLENBQUMsQ0FBQztBQUM1QixRQUFRLElBQUksQ0FBQyxJQUFJLEdBQUcsaUJBQWlCLENBQUM7QUFDdEMsS0FBSztBQUNMLElBQUksV0FBVyxJQUFJLEdBQUc7QUFDdEIsUUFBUSxPQUFPLGlCQUFpQixDQUFDO0FBQ2pDLEtBQUs7QUFDTCxDQUFDO0FBd0NNLE1BQU0sOEJBQThCLFNBQVMsU0FBUyxDQUFDO0FBQzlELElBQUksV0FBVyxHQUFHO0FBQ2xCLFFBQVEsS0FBSyxDQUFDLEdBQUcsU0FBUyxDQUFDLENBQUM7QUFDNUIsUUFBUSxJQUFJLENBQUMsSUFBSSxHQUFHLHVDQUF1QyxDQUFDO0FBQzVELFFBQVEsSUFBSSxDQUFDLE9BQU8sR0FBRywrQkFBK0IsQ0FBQztBQUN2RCxLQUFLO0FBQ0wsSUFBSSxXQUFXLElBQUksR0FBRztBQUN0QixRQUFRLE9BQU8sdUNBQXVDLENBQUM7QUFDdkQsS0FBSztBQUNMOztBQ2xKQSxlQUFlLE1BQU0sQ0FBQztBQUNmLFNBQVMsV0FBVyxDQUFDLEdBQUcsRUFBRTtBQUNqQyxJQUFJLElBQUk7QUFDUixRQUFRLFFBQVEsR0FBRyxJQUFJLElBQUk7QUFDM0IsWUFBWSxPQUFPLEdBQUcsQ0FBQyxXQUFXLEtBQUssU0FBUztBQUNoRCxZQUFZLE9BQU8sR0FBRyxDQUFDLFNBQVMsQ0FBQyxJQUFJLEtBQUssUUFBUTtBQUNsRCxZQUFZLE9BQU8sR0FBRyxDQUFDLElBQUksS0FBSyxRQUFRLEVBQUU7QUFDMUMsS0FBSztBQUNMLElBQUksT0FBTyxFQUFFLEVBQUU7QUFDZixRQUFRLE9BQU8sS0FBSyxDQUFDO0FBQ3JCLEtBQUs7QUFDTDs7QUNWQSxhQUFlQSxRQUFNLENBQUMsZUFBZSxDQUFDLElBQUksQ0FBQ0EsUUFBTSxDQUFDOztBQ0MzQyxTQUFTQyxXQUFTLENBQUMsR0FBRyxFQUFFO0FBQy9CLElBQUksUUFBUSxHQUFHO0FBQ2YsUUFBUSxLQUFLLFNBQVMsQ0FBQztBQUN2QixRQUFRLEtBQUssV0FBVyxDQUFDO0FBQ3pCLFFBQVEsS0FBSyxTQUFTLENBQUM7QUFDdkIsUUFBUSxLQUFLLFdBQVcsQ0FBQztBQUN6QixRQUFRLEtBQUssU0FBUyxDQUFDO0FBQ3ZCLFFBQVEsS0FBSyxXQUFXO0FBQ3hCLFlBQVksT0FBTyxFQUFFLENBQUM7QUFDdEIsUUFBUSxLQUFLLGVBQWUsQ0FBQztBQUM3QixRQUFRLEtBQUssZUFBZSxDQUFDO0FBQzdCLFFBQVEsS0FBSyxlQUFlO0FBQzVCLFlBQVksT0FBTyxHQUFHLENBQUM7QUFDdkIsUUFBUTtBQUNSLFlBQVksTUFBTSxJQUFJLGdCQUFnQixDQUFDLENBQUMsMkJBQTJCLEVBQUUsR0FBRyxDQUFDLENBQUMsQ0FBQyxDQUFDO0FBQzVFLEtBQUs7QUFDTCxDQUFDO0FBQ0QsaUJBQWUsQ0FBQyxHQUFHLEtBQUssTUFBTSxDQUFDLElBQUksVUFBVSxDQUFDQSxXQUFTLENBQUMsR0FBRyxDQUFDLElBQUksQ0FBQyxDQUFDLENBQUM7O0FDakJuRSxNQUFNLGFBQWEsR0FBRyxDQUFDLEdBQUcsRUFBRSxFQUFFLEtBQUs7QUFDbkMsSUFBSSxJQUFJLEVBQUUsQ0FBQyxNQUFNLElBQUksQ0FBQyxLQUFLQSxXQUFTLENBQUMsR0FBRyxDQUFDLEVBQUU7QUFDM0MsUUFBUSxNQUFNLElBQUksVUFBVSxDQUFDLHNDQUFzQyxDQUFDLENBQUM7QUFDckUsS0FBSztBQUNMLENBQUM7O0FDTEQsTUFBTSxjQUFjLEdBQUcsQ0FBQyxHQUFHLEVBQUUsUUFBUSxLQUFLO0FBQzFDLElBQUksSUFBSSxHQUFHLENBQUMsTUFBTSxJQUFJLENBQUMsS0FBSyxRQUFRLEVBQUU7QUFDdEMsUUFBUSxNQUFNLElBQUksVUFBVSxDQUFDLHVDQUF1QyxDQUFDLENBQUM7QUFDdEUsS0FBSztBQUNMLENBQUM7O0FDTEQsTUFBTSxlQUFlLEdBQUcsQ0FBQyxDQUFDLEVBQUUsQ0FBQyxLQUFLO0FBQ2xDLElBQUksSUFBSSxFQUFFLENBQUMsWUFBWSxVQUFVLENBQUMsRUFBRTtBQUNwQyxRQUFRLE1BQU0sSUFBSSxTQUFTLENBQUMsaUNBQWlDLENBQUMsQ0FBQztBQUMvRCxLQUFLO0FBQ0wsSUFBSSxJQUFJLEVBQUUsQ0FBQyxZQUFZLFVBQVUsQ0FBQyxFQUFFO0FBQ3BDLFFBQVEsTUFBTSxJQUFJLFNBQVMsQ0FBQyxrQ0FBa0MsQ0FBQyxDQUFDO0FBQ2hFLEtBQUs7QUFDTCxJQUFJLElBQUksQ0FBQyxDQUFDLE1BQU0sS0FBSyxDQUFDLENBQUMsTUFBTSxFQUFFO0FBQy9CLFFBQVEsTUFBTSxJQUFJLFNBQVMsQ0FBQyx5Q0FBeUMsQ0FBQyxDQUFDO0FBQ3ZFLEtBQUs7QUFDTCxJQUFJLE1BQU0sR0FBRyxHQUFHLENBQUMsQ0FBQyxNQUFNLENBQUM7QUFDekIsSUFBSSxJQUFJLEdBQUcsR0FBRyxDQUFDLENBQUM7QUFDaEIsSUFBSSxJQUFJLENBQUMsR0FBRyxDQUFDLENBQUMsQ0FBQztBQUNmLElBQUksT0FBTyxFQUFFLENBQUMsR0FBRyxHQUFHLEVBQUU7QUFDdEIsUUFBUSxHQUFHLElBQUksQ0FBQyxDQUFDLENBQUMsQ0FBQyxHQUFHLENBQUMsQ0FBQyxDQUFDLENBQUMsQ0FBQztBQUMzQixLQUFLO0FBQ0wsSUFBSSxPQUFPLEdBQUcsS0FBSyxDQUFDLENBQUM7QUFDckIsQ0FBQzs7QUNqQk0sU0FBUyxtQkFBbUIsR0FBRztBQUN0QyxJQUFJLE9BQU8sT0FBTyxhQUFhLEtBQUssVUFBVSxDQUFDO0FBQy9DLENBQUM7QUFDTSxTQUFTLFFBQVEsR0FBRztBQUMzQixJQUFJLElBQUk7QUFDUixRQUFRLE9BQU8sT0FBTyxDQUFDLFFBQVEsQ0FBQyxJQUFJLEtBQUssU0FBUyxDQUFDO0FBQ25ELEtBQUs7QUFDTCxJQUFJLE9BQU8sRUFBRSxFQUFFO0FBQ2YsUUFBUSxPQUFPLEtBQUssQ0FBQztBQUNyQixLQUFLO0FBQ0w7O0FDVEEsU0FBUyxRQUFRLENBQUMsSUFBSSxFQUFFLElBQUksR0FBRyxnQkFBZ0IsRUFBRTtBQUNqRCxJQUFJLE9BQU8sSUFBSSxTQUFTLENBQUMsQ0FBQywrQ0FBK0MsRUFBRSxJQUFJLENBQUMsU0FBUyxFQUFFLElBQUksQ0FBQyxDQUFDLENBQUMsQ0FBQztBQUNuRyxDQUFDO0FBQ0QsU0FBUyxXQUFXLENBQUMsU0FBUyxFQUFFLElBQUksRUFBRTtBQUN0QyxJQUFJLE9BQU8sU0FBUyxDQUFDLElBQUksS0FBSyxJQUFJLENBQUM7QUFDbkMsQ0FBQztBQUNELFNBQVMsYUFBYSxDQUFDLElBQUksRUFBRTtBQUM3QixJQUFJLE9BQU8sUUFBUSxDQUFDLElBQUksQ0FBQyxJQUFJLENBQUMsTUFBTSxDQUFDLENBQUMsQ0FBQyxFQUFFLEVBQUUsQ0FBQyxDQUFDO0FBQzdDLENBQUM7QUFDRCxTQUFTLGFBQWEsQ0FBQyxHQUFHLEVBQUU7QUFDNUIsSUFBSSxRQUFRLEdBQUc7QUFDZixRQUFRLEtBQUssT0FBTztBQUNwQixZQUFZLE9BQU8sT0FBTyxDQUFDO0FBQzNCLFFBQVEsS0FBSyxPQUFPO0FBQ3BCLFlBQVksT0FBTyxPQUFPLENBQUM7QUFDM0IsUUFBUSxLQUFLLE9BQU87QUFDcEIsWUFBWSxPQUFPLE9BQU8sQ0FBQztBQUMzQixRQUFRO0FBQ1IsWUFBWSxNQUFNLElBQUksS0FBSyxDQUFDLGFBQWEsQ0FBQyxDQUFDO0FBQzNDLEtBQUs7QUFDTCxDQUFDO0FBQ0QsU0FBUyxVQUFVLENBQUMsR0FBRyxFQUFFLE1BQU0sRUFBRTtBQUNqQyxJQUFJLElBQUksTUFBTSxDQUFDLE1BQU0sSUFBSSxDQUFDLE1BQU0sQ0FBQyxJQUFJLENBQUMsQ0FBQyxRQUFRLEtBQUssR0FBRyxDQUFDLE1BQU0sQ0FBQyxRQUFRLENBQUMsUUFBUSxDQUFDLENBQUMsRUFBRTtBQUNwRixRQUFRLElBQUksR0FBRyxHQUFHLHFFQUFxRSxDQUFDO0FBQ3hGLFFBQVEsSUFBSSxNQUFNLENBQUMsTUFBTSxHQUFHLENBQUMsRUFBRTtBQUMvQixZQUFZLE1BQU0sSUFBSSxHQUFHLE1BQU0sQ0FBQyxHQUFHLEVBQUUsQ0FBQztBQUN0QyxZQUFZLEdBQUcsSUFBSSxDQUFDLE9BQU8sRUFBRSxNQUFNLENBQUMsSUFBSSxDQUFDLElBQUksQ0FBQyxDQUFDLEtBQUssRUFBRSxJQUFJLENBQUMsQ0FBQyxDQUFDLENBQUM7QUFDOUQsU0FBUztBQUNULGFBQWEsSUFBSSxNQUFNLENBQUMsTUFBTSxLQUFLLENBQUMsRUFBRTtBQUN0QyxZQUFZLEdBQUcsSUFBSSxDQUFDLE9BQU8sRUFBRSxNQUFNLENBQUMsQ0FBQyxDQUFDLENBQUMsSUFBSSxFQUFFLE1BQU0sQ0FBQyxDQUFDLENBQUMsQ0FBQyxDQUFDLENBQUMsQ0FBQztBQUMxRCxTQUFTO0FBQ1QsYUFBYTtBQUNiLFlBQVksR0FBRyxJQUFJLENBQUMsRUFBRSxNQUFNLENBQUMsQ0FBQyxDQUFDLENBQUMsQ0FBQyxDQUFDLENBQUM7QUFDbkMsU0FBUztBQUNULFFBQVEsTUFBTSxJQUFJLFNBQVMsQ0FBQyxHQUFHLENBQUMsQ0FBQztBQUNqQyxLQUFLO0FBQ0wsQ0FBQztBQUNNLFNBQVMsaUJBQWlCLENBQUMsR0FBRyxFQUFFLEdBQUcsRUFBRSxHQUFHLE1BQU0sRUFBRTtBQUN2RCxJQUFJLFFBQVEsR0FBRztBQUNmLFFBQVEsS0FBSyxPQUFPLENBQUM7QUFDckIsUUFBUSxLQUFLLE9BQU8sQ0FBQztBQUNyQixRQUFRLEtBQUssT0FBTyxFQUFFO0FBQ3RCLFlBQVksSUFBSSxDQUFDLFdBQVcsQ0FBQyxHQUFHLENBQUMsU0FBUyxFQUFFLE1BQU0sQ0FBQztBQUNuRCxnQkFBZ0IsTUFBTSxRQUFRLENBQUMsTUFBTSxDQUFDLENBQUM7QUFDdkMsWUFBWSxNQUFNLFFBQVEsR0FBRyxRQUFRLENBQUMsR0FBRyxDQUFDLE1BQU0sQ0FBQyxDQUFDLENBQUMsRUFBRSxFQUFFLENBQUMsQ0FBQztBQUN6RCxZQUFZLE1BQU0sTUFBTSxHQUFHLGFBQWEsQ0FBQyxHQUFHLENBQUMsU0FBUyxDQUFDLElBQUksQ0FBQyxDQUFDO0FBQzdELFlBQVksSUFBSSxNQUFNLEtBQUssUUFBUTtBQUNuQyxnQkFBZ0IsTUFBTSxRQUFRLENBQUMsQ0FBQyxJQUFJLEVBQUUsUUFBUSxDQUFDLENBQUMsRUFBRSxnQkFBZ0IsQ0FBQyxDQUFDO0FBQ3BFLFlBQVksTUFBTTtBQUNsQixTQUFTO0FBQ1QsUUFBUSxLQUFLLE9BQU8sQ0FBQztBQUNyQixRQUFRLEtBQUssT0FBTyxDQUFDO0FBQ3JCLFFBQVEsS0FBSyxPQUFPLEVBQUU7QUFDdEIsWUFBWSxJQUFJLENBQUMsV0FBVyxDQUFDLEdBQUcsQ0FBQyxTQUFTLEVBQUUsbUJBQW1CLENBQUM7QUFDaEUsZ0JBQWdCLE1BQU0sUUFBUSxDQUFDLG1CQUFtQixDQUFDLENBQUM7QUFDcEQsWUFBWSxNQUFNLFFBQVEsR0FBRyxRQUFRLENBQUMsR0FBRyxDQUFDLE1BQU0sQ0FBQyxDQUFDLENBQUMsRUFBRSxFQUFFLENBQUMsQ0FBQztBQUN6RCxZQUFZLE1BQU0sTUFBTSxHQUFHLGFBQWEsQ0FBQyxHQUFHLENBQUMsU0FBUyxDQUFDLElBQUksQ0FBQyxDQUFDO0FBQzdELFlBQVksSUFBSSxNQUFNLEtBQUssUUFBUTtBQUNuQyxnQkFBZ0IsTUFBTSxRQUFRLENBQUMsQ0FBQyxJQUFJLEVBQUUsUUFBUSxDQUFDLENBQUMsRUFBRSxnQkFBZ0IsQ0FBQyxDQUFDO0FBQ3BFLFlBQVksTUFBTTtBQUNsQixTQUFTO0FBQ1QsUUFBUSxLQUFLLE9BQU8sQ0FBQztBQUNyQixRQUFRLEtBQUssT0FBTyxDQUFDO0FBQ3JCLFFBQVEsS0FBSyxPQUFPLEVBQUU7QUFDdEIsWUFBWSxJQUFJLENBQUMsV0FBVyxDQUFDLEdBQUcsQ0FBQyxTQUFTLEVBQUUsU0FBUyxDQUFDO0FBQ3RELGdCQUFnQixNQUFNLFFBQVEsQ0FBQyxTQUFTLENBQUMsQ0FBQztBQUMxQyxZQUFZLE1BQU0sUUFBUSxHQUFHLFFBQVEsQ0FBQyxHQUFHLENBQUMsTUFBTSxDQUFDLENBQUMsQ0FBQyxFQUFFLEVBQUUsQ0FBQyxDQUFDO0FBQ3pELFlBQVksTUFBTSxNQUFNLEdBQUcsYUFBYSxDQUFDLEdBQUcsQ0FBQyxTQUFTLENBQUMsSUFBSSxDQUFDLENBQUM7QUFDN0QsWUFBWSxJQUFJLE1BQU0sS0FBSyxRQUFRO0FBQ25DLGdCQUFnQixNQUFNLFFBQVEsQ0FBQyxDQUFDLElBQUksRUFBRSxRQUFRLENBQUMsQ0FBQyxFQUFFLGdCQUFnQixDQUFDLENBQUM7QUFDcEUsWUFBWSxNQUFNO0FBQ2xCLFNBQVM7QUFDVCxRQUFRLEtBQUssUUFBUSxFQUFFLElBQUksT0FBTyxFQUFFO0FBQ3BDLFlBQVksSUFBSSxHQUFHLENBQUMsU0FBUyxDQUFDLElBQUksS0FBSyxjQUFjLElBQUksR0FBRyxDQUFDLFNBQVMsQ0FBQyxJQUFJLEtBQUssWUFBWTtBQUM1RixnQkFBZ0IsTUFBTSxRQUFRLENBQUMsNEJBQTRCLENBQUMsQ0FBQztBQUM3RCxZQUFZLE1BQU07QUFDbEIsU0FBUztBQUNULFFBQVEsS0FBSyxtQkFBbUIsRUFBRSxJQUFJLE9BQU8sRUFBRTtBQUMvQyxZQUFZLElBQUksQ0FBQyxXQUFXLENBQUMsR0FBRyxDQUFDLFNBQVMsRUFBRSxjQUFjLENBQUM7QUFDM0QsZ0JBQWdCLE1BQU0sUUFBUSxDQUFDLGNBQWMsQ0FBQyxDQUFDO0FBQy9DLFlBQVksTUFBTTtBQUNsQixTQUFTO0FBQ1QsUUFBUSxLQUFLLE9BQU8sQ0FBQztBQUNyQixRQUFRLEtBQUssT0FBTyxDQUFDO0FBQ3JCLFFBQVEsS0FBSyxPQUFPLEVBQUU7QUFDdEIsWUFBWSxJQUFJLENBQUMsV0FBVyxDQUFDLEdBQUcsQ0FBQyxTQUFTLEVBQUUsT0FBTyxDQUFDO0FBQ3BELGdCQUFnQixNQUFNLFFBQVEsQ0FBQyxPQUFPLENBQUMsQ0FBQztBQUN4QyxZQUFZLE1BQU0sUUFBUSxHQUFHLGFBQWEsQ0FBQyxHQUFHLENBQUMsQ0FBQztBQUNoRCxZQUFZLE1BQU0sTUFBTSxHQUFHLEdBQUcsQ0FBQyxTQUFTLENBQUMsVUFBVSxDQUFDO0FBQ3BELFlBQVksSUFBSSxNQUFNLEtBQUssUUFBUTtBQUNuQyxnQkFBZ0IsTUFBTSxRQUFRLENBQUMsUUFBUSxFQUFFLHNCQUFzQixDQUFDLENBQUM7QUFDakUsWUFBWSxNQUFNO0FBQ2xCLFNBQVM7QUFDVCxRQUFRO0FBQ1IsWUFBWSxNQUFNLElBQUksU0FBUyxDQUFDLDJDQUEyQyxDQUFDLENBQUM7QUFDN0UsS0FBSztBQUNMLElBQUksVUFBVSxDQUFDLEdBQUcsRUFBRSxNQUFNLENBQUMsQ0FBQztBQUM1QixDQUFDO0FBQ00sU0FBUyxpQkFBaUIsQ0FBQyxHQUFHLEVBQUUsR0FBRyxFQUFFLEdBQUcsTUFBTSxFQUFFO0FBQ3ZELElBQUksUUFBUSxHQUFHO0FBQ2YsUUFBUSxLQUFLLFNBQVMsQ0FBQztBQUN2QixRQUFRLEtBQUssU0FBUyxDQUFDO0FBQ3ZCLFFBQVEsS0FBSyxTQUFTLEVBQUU7QUFDeEIsWUFBWSxJQUFJLENBQUMsV0FBVyxDQUFDLEdBQUcsQ0FBQyxTQUFTLEVBQUUsU0FBUyxDQUFDO0FBQ3RELGdCQUFnQixNQUFNLFFBQVEsQ0FBQyxTQUFTLENBQUMsQ0FBQztBQUMxQyxZQUFZLE1BQU0sUUFBUSxHQUFHLFFBQVEsQ0FBQyxHQUFHLENBQUMsTUFBTSxDQUFDLENBQUMsRUFBRSxDQUFDLENBQUMsRUFBRSxFQUFFLENBQUMsQ0FBQztBQUM1RCxZQUFZLE1BQU0sTUFBTSxHQUFHLEdBQUcsQ0FBQyxTQUFTLENBQUMsTUFBTSxDQUFDO0FBQ2hELFlBQVksSUFBSSxNQUFNLEtBQUssUUFBUTtBQUNuQyxnQkFBZ0IsTUFBTSxRQUFRLENBQUMsUUFBUSxFQUFFLGtCQUFrQixDQUFDLENBQUM7QUFDN0QsWUFBWSxNQUFNO0FBQ2xCLFNBQVM7QUFDVCxRQUFRLEtBQUssUUFBUSxDQUFDO0FBQ3RCLFFBQVEsS0FBSyxRQUFRLENBQUM7QUFDdEIsUUFBUSxLQUFLLFFBQVEsRUFBRTtBQUN2QixZQUFZLElBQUksQ0FBQyxXQUFXLENBQUMsR0FBRyxDQUFDLFNBQVMsRUFBRSxRQUFRLENBQUM7QUFDckQsZ0JBQWdCLE1BQU0sUUFBUSxDQUFDLFFBQVEsQ0FBQyxDQUFDO0FBQ3pDLFlBQVksTUFBTSxRQUFRLEdBQUcsUUFBUSxDQUFDLEdBQUcsQ0FBQyxNQUFNLENBQUMsQ0FBQyxFQUFFLENBQUMsQ0FBQyxFQUFFLEVBQUUsQ0FBQyxDQUFDO0FBQzVELFlBQVksTUFBTSxNQUFNLEdBQUcsR0FBRyxDQUFDLFNBQVMsQ0FBQyxNQUFNLENBQUM7QUFDaEQsWUFBWSxJQUFJLE1BQU0sS0FBSyxRQUFRO0FBQ25DLGdCQUFnQixNQUFNLFFBQVEsQ0FBQyxRQUFRLEVBQUUsa0JBQWtCLENBQUMsQ0FBQztBQUM3RCxZQUFZLE1BQU07QUFDbEIsU0FBUztBQUNULFFBQVEsS0FBSyxTQUFTO0FBQ3RCLFlBQVksSUFBSSxDQUFDLFdBQVcsQ0FBQyxHQUFHLENBQUMsU0FBUyxFQUFFLE1BQU0sQ0FBQztBQUNuRCxnQkFBZ0IsTUFBTSxRQUFRLENBQUMsTUFBTSxDQUFDLENBQUM7QUFDdkMsWUFBWSxNQUFNO0FBQ2xCLFFBQVEsS0FBSyxvQkFBb0IsQ0FBQztBQUNsQyxRQUFRLEtBQUssb0JBQW9CLENBQUM7QUFDbEMsUUFBUSxLQUFLLG9CQUFvQjtBQUNqQyxZQUFZLElBQUksQ0FBQyxXQUFXLENBQUMsR0FBRyxDQUFDLFNBQVMsRUFBRSxRQUFRLENBQUM7QUFDckQsZ0JBQWdCLE1BQU0sUUFBUSxDQUFDLFFBQVEsQ0FBQyxDQUFDO0FBQ3pDLFlBQVksTUFBTTtBQUNsQixRQUFRLEtBQUssVUFBVSxDQUFDO0FBQ3hCLFFBQVEsS0FBSyxjQUFjLENBQUM7QUFDNUIsUUFBUSxLQUFLLGNBQWMsQ0FBQztBQUM1QixRQUFRLEtBQUssY0FBYyxFQUFFO0FBQzdCLFlBQVksSUFBSSxDQUFDLFdBQVcsQ0FBQyxHQUFHLENBQUMsU0FBUyxFQUFFLFVBQVUsQ0FBQztBQUN2RCxnQkFBZ0IsTUFBTSxRQUFRLENBQUMsVUFBVSxDQUFDLENBQUM7QUFDM0MsWUFBWSxNQUFNLFFBQVEsR0FBRyxRQUFRLENBQUMsR0FBRyxDQUFDLE1BQU0sQ0FBQyxDQUFDLENBQUMsRUFBRSxFQUFFLENBQUMsSUFBSSxDQUFDLENBQUM7QUFDOUQsWUFBWSxNQUFNLE1BQU0sR0FBRyxhQUFhLENBQUMsR0FBRyxDQUFDLFNBQVMsQ0FBQyxJQUFJLENBQUMsQ0FBQztBQUM3RCxZQUFZLElBQUksTUFBTSxLQUFLLFFBQVE7QUFDbkMsZ0JBQWdCLE1BQU0sUUFBUSxDQUFDLENBQUMsSUFBSSxFQUFFLFFBQVEsQ0FBQyxDQUFDLEVBQUUsZ0JBQWdCLENBQUMsQ0FBQztBQUNwRSxZQUFZLE1BQU07QUFDbEIsU0FBUztBQUNULFFBQVE7QUFDUixZQUFZLE1BQU0sSUFBSSxTQUFTLENBQUMsMkNBQTJDLENBQUMsQ0FBQztBQUM3RSxLQUFLO0FBQ0wsSUFBSSxVQUFVLENBQUMsR0FBRyxFQUFFLE1BQU0sQ0FBQyxDQUFDO0FBQzVCOztBQ3JKQSxzQkFBZSxDQUFDLE1BQU0sRUFBRSxHQUFHLEtBQUssS0FBSztBQUNyQyxJQUFJLElBQUksR0FBRyxHQUFHLGNBQWMsQ0FBQztBQUM3QixJQUFJLElBQUksS0FBSyxDQUFDLE1BQU0sR0FBRyxDQUFDLEVBQUU7QUFDMUIsUUFBUSxNQUFNLElBQUksR0FBRyxLQUFLLENBQUMsR0FBRyxFQUFFLENBQUM7QUFDakMsUUFBUSxHQUFHLElBQUksQ0FBQyxZQUFZLEVBQUUsS0FBSyxDQUFDLElBQUksQ0FBQyxJQUFJLENBQUMsQ0FBQyxLQUFLLEVBQUUsSUFBSSxDQUFDLENBQUMsQ0FBQyxDQUFDO0FBQzlELEtBQUs7QUFDTCxTQUFTLElBQUksS0FBSyxDQUFDLE1BQU0sS0FBSyxDQUFDLEVBQUU7QUFDakMsUUFBUSxHQUFHLElBQUksQ0FBQyxZQUFZLEVBQUUsS0FBSyxDQUFDLENBQUMsQ0FBQyxDQUFDLElBQUksRUFBRSxLQUFLLENBQUMsQ0FBQyxDQUFDLENBQUMsQ0FBQyxDQUFDLENBQUM7QUFDekQsS0FBSztBQUNMLFNBQVM7QUFDVCxRQUFRLEdBQUcsSUFBSSxDQUFDLFFBQVEsRUFBRSxLQUFLLENBQUMsQ0FBQyxDQUFDLENBQUMsQ0FBQyxDQUFDLENBQUM7QUFDdEMsS0FBSztBQUNMLElBQUksSUFBSSxNQUFNLElBQUksSUFBSSxFQUFFO0FBQ3hCLFFBQVEsR0FBRyxJQUFJLENBQUMsVUFBVSxFQUFFLE1BQU0sQ0FBQyxDQUFDLENBQUM7QUFDckMsS0FBSztBQUNMLFNBQVMsSUFBSSxPQUFPLE1BQU0sS0FBSyxVQUFVLElBQUksTUFBTSxDQUFDLElBQUksRUFBRTtBQUMxRCxRQUFRLEdBQUcsSUFBSSxDQUFDLG1CQUFtQixFQUFFLE1BQU0sQ0FBQyxJQUFJLENBQUMsQ0FBQyxDQUFDO0FBQ25ELEtBQUs7QUFDTCxTQUFTLElBQUksT0FBTyxNQUFNLEtBQUssUUFBUSxJQUFJLE1BQU0sSUFBSSxJQUFJLEVBQUU7QUFDM0QsUUFBUSxJQUFJLE1BQU0sQ0FBQyxXQUFXLElBQUksTUFBTSxDQUFDLFdBQVcsQ0FBQyxJQUFJLEVBQUU7QUFDM0QsWUFBWSxHQUFHLElBQUksQ0FBQyx5QkFBeUIsRUFBRSxNQUFNLENBQUMsV0FBVyxDQUFDLElBQUksQ0FBQyxDQUFDLENBQUM7QUFDekUsU0FBUztBQUNULEtBQUs7QUFDTCxJQUFJLE9BQU8sR0FBRyxDQUFDO0FBQ2YsQ0FBQzs7QUN2QkQsZ0JBQWUsQ0FBQyxHQUFHLEtBQUs7QUFDeEIsSUFBSSxPQUFPLFdBQVcsQ0FBQyxHQUFHLENBQUMsQ0FBQztBQUM1QixDQUFDLENBQUM7QUFDSyxNQUFNLEtBQUssR0FBRyxDQUFDLFdBQVcsQ0FBQzs7QUNLbEMsZUFBZSxVQUFVLENBQUMsR0FBRyxFQUFFLEdBQUcsRUFBRSxVQUFVLEVBQUUsRUFBRSxFQUFFLEdBQUcsRUFBRSxHQUFHLEVBQUU7QUFDOUQsSUFBSSxJQUFJLEVBQUUsR0FBRyxZQUFZLFVBQVUsQ0FBQyxFQUFFO0FBQ3RDLFFBQVEsTUFBTSxJQUFJLFNBQVMsQ0FBQyxlQUFlLENBQUMsR0FBRyxFQUFFLFlBQVksQ0FBQyxDQUFDLENBQUM7QUFDaEUsS0FBSztBQUNMLElBQUksTUFBTSxPQUFPLEdBQUcsUUFBUSxDQUFDLEdBQUcsQ0FBQyxNQUFNLENBQUMsQ0FBQyxFQUFFLENBQUMsQ0FBQyxFQUFFLEVBQUUsQ0FBQyxDQUFDO0FBQ25ELElBQUksTUFBTSxNQUFNLEdBQUcsTUFBTUQsUUFBTSxDQUFDLE1BQU0sQ0FBQyxTQUFTLENBQUMsS0FBSyxFQUFFLEdBQUcsQ0FBQyxRQUFRLENBQUMsT0FBTyxJQUFJLENBQUMsQ0FBQyxFQUFFLFNBQVMsRUFBRSxLQUFLLEVBQUUsQ0FBQyxTQUFTLENBQUMsQ0FBQyxDQUFDO0FBQ25ILElBQUksTUFBTSxNQUFNLEdBQUcsTUFBTUEsUUFBTSxDQUFDLE1BQU0sQ0FBQyxTQUFTLENBQUMsS0FBSyxFQUFFLEdBQUcsQ0FBQyxRQUFRLENBQUMsQ0FBQyxFQUFFLE9BQU8sSUFBSSxDQUFDLENBQUMsRUFBRTtBQUN2RixRQUFRLElBQUksRUFBRSxDQUFDLElBQUksRUFBRSxPQUFPLElBQUksQ0FBQyxDQUFDLENBQUM7QUFDbkMsUUFBUSxJQUFJLEVBQUUsTUFBTTtBQUNwQixLQUFLLEVBQUUsS0FBSyxFQUFFLENBQUMsTUFBTSxDQUFDLENBQUMsQ0FBQztBQUN4QixJQUFJLE1BQU0sT0FBTyxHQUFHLE1BQU0sQ0FBQyxHQUFHLEVBQUUsRUFBRSxFQUFFLFVBQVUsRUFBRSxRQUFRLENBQUMsR0FBRyxDQUFDLE1BQU0sSUFBSSxDQUFDLENBQUMsQ0FBQyxDQUFDO0FBQzNFLElBQUksTUFBTSxXQUFXLEdBQUcsSUFBSSxVQUFVLENBQUMsQ0FBQyxNQUFNQSxRQUFNLENBQUMsTUFBTSxDQUFDLElBQUksQ0FBQyxNQUFNLEVBQUUsTUFBTSxFQUFFLE9BQU8sQ0FBQyxFQUFFLEtBQUssQ0FBQyxDQUFDLEVBQUUsT0FBTyxJQUFJLENBQUMsQ0FBQyxDQUFDLENBQUM7QUFDbkgsSUFBSSxJQUFJLGNBQWMsQ0FBQztBQUN2QixJQUFJLElBQUk7QUFDUixRQUFRLGNBQWMsR0FBRyxlQUFlLENBQUMsR0FBRyxFQUFFLFdBQVcsQ0FBQyxDQUFDO0FBQzNELEtBQUs7QUFDTCxJQUFJLE9BQU8sRUFBRSxFQUFFO0FBQ2YsS0FBSztBQUNMLElBQUksSUFBSSxDQUFDLGNBQWMsRUFBRTtBQUN6QixRQUFRLE1BQU0sSUFBSSxtQkFBbUIsRUFBRSxDQUFDO0FBQ3hDLEtBQUs7QUFDTCxJQUFJLElBQUksU0FBUyxDQUFDO0FBQ2xCLElBQUksSUFBSTtBQUNSLFFBQVEsU0FBUyxHQUFHLElBQUksVUFBVSxDQUFDLE1BQU1BLFFBQU0sQ0FBQyxNQUFNLENBQUMsT0FBTyxDQUFDLEVBQUUsRUFBRSxFQUFFLElBQUksRUFBRSxTQUFTLEVBQUUsRUFBRSxNQUFNLEVBQUUsVUFBVSxDQUFDLENBQUMsQ0FBQztBQUM3RyxLQUFLO0FBQ0wsSUFBSSxPQUFPLEVBQUUsRUFBRTtBQUNmLEtBQUs7QUFDTCxJQUFJLElBQUksQ0FBQyxTQUFTLEVBQUU7QUFDcEIsUUFBUSxNQUFNLElBQUksbUJBQW1CLEVBQUUsQ0FBQztBQUN4QyxLQUFLO0FBQ0wsSUFBSSxPQUFPLFNBQVMsQ0FBQztBQUNyQixDQUFDO0FBQ0QsZUFBZSxVQUFVLENBQUMsR0FBRyxFQUFFLEdBQUcsRUFBRSxVQUFVLEVBQUUsRUFBRSxFQUFFLEdBQUcsRUFBRSxHQUFHLEVBQUU7QUFDOUQsSUFBSSxJQUFJLE1BQU0sQ0FBQztBQUNmLElBQUksSUFBSSxHQUFHLFlBQVksVUFBVSxFQUFFO0FBQ25DLFFBQVEsTUFBTSxHQUFHLE1BQU1BLFFBQU0sQ0FBQyxNQUFNLENBQUMsU0FBUyxDQUFDLEtBQUssRUFBRSxHQUFHLEVBQUUsU0FBUyxFQUFFLEtBQUssRUFBRSxDQUFDLFNBQVMsQ0FBQyxDQUFDLENBQUM7QUFDMUYsS0FBSztBQUNMLFNBQVM7QUFDVCxRQUFRLGlCQUFpQixDQUFDLEdBQUcsRUFBRSxHQUFHLEVBQUUsU0FBUyxDQUFDLENBQUM7QUFDL0MsUUFBUSxNQUFNLEdBQUcsR0FBRyxDQUFDO0FBQ3JCLEtBQUs7QUFDTCxJQUFJLElBQUk7QUFDUixRQUFRLE9BQU8sSUFBSSxVQUFVLENBQUMsTUFBTUEsUUFBTSxDQUFDLE1BQU0sQ0FBQyxPQUFPLENBQUM7QUFDMUQsWUFBWSxjQUFjLEVBQUUsR0FBRztBQUMvQixZQUFZLEVBQUU7QUFDZCxZQUFZLElBQUksRUFBRSxTQUFTO0FBQzNCLFlBQVksU0FBUyxFQUFFLEdBQUc7QUFDMUIsU0FBUyxFQUFFLE1BQU0sRUFBRSxNQUFNLENBQUMsVUFBVSxFQUFFLEdBQUcsQ0FBQyxDQUFDLENBQUMsQ0FBQztBQUM3QyxLQUFLO0FBQ0wsSUFBSSxPQUFPLEVBQUUsRUFBRTtBQUNmLFFBQVEsTUFBTSxJQUFJLG1CQUFtQixFQUFFLENBQUM7QUFDeEMsS0FBSztBQUNMLENBQUM7QUFDRCxNQUFNRSxTQUFPLEdBQUcsT0FBTyxHQUFHLEVBQUUsR0FBRyxFQUFFLFVBQVUsRUFBRSxFQUFFLEVBQUUsR0FBRyxFQUFFLEdBQUcsS0FBSztBQUM5RCxJQUFJLElBQUksQ0FBQyxXQUFXLENBQUMsR0FBRyxDQUFDLElBQUksRUFBRSxHQUFHLFlBQVksVUFBVSxDQUFDLEVBQUU7QUFDM0QsUUFBUSxNQUFNLElBQUksU0FBUyxDQUFDLGVBQWUsQ0FBQyxHQUFHLEVBQUUsR0FBRyxLQUFLLEVBQUUsWUFBWSxDQUFDLENBQUMsQ0FBQztBQUMxRSxLQUFLO0FBQ0wsSUFBSSxhQUFhLENBQUMsR0FBRyxFQUFFLEVBQUUsQ0FBQyxDQUFDO0FBQzNCLElBQUksUUFBUSxHQUFHO0FBQ2YsUUFBUSxLQUFLLGVBQWUsQ0FBQztBQUM3QixRQUFRLEtBQUssZUFBZSxDQUFDO0FBQzdCLFFBQVEsS0FBSyxlQUFlO0FBQzVCLFlBQVksSUFBSSxHQUFHLFlBQVksVUFBVTtBQUN6QyxnQkFBZ0IsY0FBYyxDQUFDLEdBQUcsRUFBRSxRQUFRLENBQUMsR0FBRyxDQUFDLE1BQU0sQ0FBQyxDQUFDLENBQUMsQ0FBQyxFQUFFLEVBQUUsQ0FBQyxDQUFDLENBQUM7QUFDbEUsWUFBWSxPQUFPLFVBQVUsQ0FBQyxHQUFHLEVBQUUsR0FBRyxFQUFFLFVBQVUsRUFBRSxFQUFFLEVBQUUsR0FBRyxFQUFFLEdBQUcsQ0FBQyxDQUFDO0FBQ2xFLFFBQVEsS0FBSyxTQUFTLENBQUM7QUFDdkIsUUFBUSxLQUFLLFNBQVMsQ0FBQztBQUN2QixRQUFRLEtBQUssU0FBUztBQUN0QixZQUFZLElBQUksR0FBRyxZQUFZLFVBQVU7QUFDekMsZ0JBQWdCLGNBQWMsQ0FBQyxHQUFHLEVBQUUsUUFBUSxDQUFDLEdBQUcsQ0FBQyxNQUFNLENBQUMsQ0FBQyxFQUFFLENBQUMsQ0FBQyxFQUFFLEVBQUUsQ0FBQyxDQUFDLENBQUM7QUFDcEUsWUFBWSxPQUFPLFVBQVUsQ0FBQyxHQUFHLEVBQUUsR0FBRyxFQUFFLFVBQVUsRUFBRSxFQUFFLEVBQUUsR0FBRyxFQUFFLEdBQUcsQ0FBQyxDQUFDO0FBQ2xFLFFBQVE7QUFDUixZQUFZLE1BQU0sSUFBSSxnQkFBZ0IsQ0FBQyw4Q0FBOEMsQ0FBQyxDQUFDO0FBQ3ZGLEtBQUs7QUFDTCxDQUFDOztBQ2xGTSxNQUFNLE9BQU8sR0FBRyxZQUFZO0FBQ25DLElBQUksTUFBTSxJQUFJLGdCQUFnQixDQUFDLHdMQUF3TCxDQUFDLENBQUM7QUFDek4sQ0FBQyxDQUFDO0FBQ0ssTUFBTSxPQUFPLEdBQUcsWUFBWTtBQUNuQyxJQUFJLE1BQU0sSUFBSSxnQkFBZ0IsQ0FBQyx3TEFBd0wsQ0FBQyxDQUFDO0FBQ3pOLENBQUM7O0FDTkQsTUFBTSxVQUFVLEdBQUcsQ0FBQyxHQUFHLE9BQU8sS0FBSztBQUNuQyxJQUFJLE1BQU0sT0FBTyxHQUFHLE9BQU8sQ0FBQyxNQUFNLENBQUMsT0FBTyxDQUFDLENBQUM7QUFDNUMsSUFBSSxJQUFJLE9BQU8sQ0FBQyxNQUFNLEtBQUssQ0FBQyxJQUFJLE9BQU8sQ0FBQyxNQUFNLEtBQUssQ0FBQyxFQUFFO0FBQ3RELFFBQVEsT0FBTyxJQUFJLENBQUM7QUFDcEIsS0FBSztBQUNMLElBQUksSUFBSSxHQUFHLENBQUM7QUFDWixJQUFJLEtBQUssTUFBTSxNQUFNLElBQUksT0FBTyxFQUFFO0FBQ2xDLFFBQVEsTUFBTSxVQUFVLEdBQUcsTUFBTSxDQUFDLElBQUksQ0FBQyxNQUFNLENBQUMsQ0FBQztBQUMvQyxRQUFRLElBQUksQ0FBQyxHQUFHLElBQUksR0FBRyxDQUFDLElBQUksS0FBSyxDQUFDLEVBQUU7QUFDcEMsWUFBWSxHQUFHLEdBQUcsSUFBSSxHQUFHLENBQUMsVUFBVSxDQUFDLENBQUM7QUFDdEMsWUFBWSxTQUFTO0FBQ3JCLFNBQVM7QUFDVCxRQUFRLEtBQUssTUFBTSxTQUFTLElBQUksVUFBVSxFQUFFO0FBQzVDLFlBQVksSUFBSSxHQUFHLENBQUMsR0FBRyxDQUFDLFNBQVMsQ0FBQyxFQUFFO0FBQ3BDLGdCQUFnQixPQUFPLEtBQUssQ0FBQztBQUM3QixhQUFhO0FBQ2IsWUFBWSxHQUFHLENBQUMsR0FBRyxDQUFDLFNBQVMsQ0FBQyxDQUFDO0FBQy9CLFNBQVM7QUFDVCxLQUFLO0FBQ0wsSUFBSSxPQUFPLElBQUksQ0FBQztBQUNoQixDQUFDOztBQ3BCRCxTQUFTLFlBQVksQ0FBQyxLQUFLLEVBQUU7QUFDN0IsSUFBSSxPQUFPLE9BQU8sS0FBSyxLQUFLLFFBQVEsSUFBSSxLQUFLLEtBQUssSUFBSSxDQUFDO0FBQ3ZELENBQUM7QUFDYyxTQUFTLFFBQVEsQ0FBQyxLQUFLLEVBQUU7QUFDeEMsSUFBSSxJQUFJLENBQUMsWUFBWSxDQUFDLEtBQUssQ0FBQyxJQUFJLE1BQU0sQ0FBQyxTQUFTLENBQUMsUUFBUSxDQUFDLElBQUksQ0FBQyxLQUFLLENBQUMsS0FBSyxpQkFBaUIsRUFBRTtBQUM3RixRQUFRLE9BQU8sS0FBSyxDQUFDO0FBQ3JCLEtBQUs7QUFDTCxJQUFJLElBQUksTUFBTSxDQUFDLGNBQWMsQ0FBQyxLQUFLLENBQUMsS0FBSyxJQUFJLEVBQUU7QUFDL0MsUUFBUSxPQUFPLElBQUksQ0FBQztBQUNwQixLQUFLO0FBQ0wsSUFBSSxJQUFJLEtBQUssR0FBRyxLQUFLLENBQUM7QUFDdEIsSUFBSSxPQUFPLE1BQU0sQ0FBQyxjQUFjLENBQUMsS0FBSyxDQUFDLEtBQUssSUFBSSxFQUFFO0FBQ2xELFFBQVEsS0FBSyxHQUFHLE1BQU0sQ0FBQyxjQUFjLENBQUMsS0FBSyxDQUFDLENBQUM7QUFDN0MsS0FBSztBQUNMLElBQUksT0FBTyxNQUFNLENBQUMsY0FBYyxDQUFDLEtBQUssQ0FBQyxLQUFLLEtBQUssQ0FBQztBQUNsRDs7QUNmQSxNQUFNLGNBQWMsR0FBRztBQUN2QixJQUFJLEVBQUUsSUFBSSxFQUFFLFNBQVMsRUFBRSxJQUFJLEVBQUUsTUFBTSxFQUFFO0FBQ3JDLElBQUksSUFBSTtBQUNSLElBQUksQ0FBQyxNQUFNLENBQUM7QUFDWixDQUFDOztBQ0NELFNBQVMsWUFBWSxDQUFDLEdBQUcsRUFBRSxHQUFHLEVBQUU7QUFDaEMsSUFBSSxJQUFJLEdBQUcsQ0FBQyxTQUFTLENBQUMsTUFBTSxLQUFLLFFBQVEsQ0FBQyxHQUFHLENBQUMsTUFBTSxDQUFDLENBQUMsRUFBRSxDQUFDLENBQUMsRUFBRSxFQUFFLENBQUMsRUFBRTtBQUNqRSxRQUFRLE1BQU0sSUFBSSxTQUFTLENBQUMsQ0FBQywwQkFBMEIsRUFBRSxHQUFHLENBQUMsQ0FBQyxDQUFDLENBQUM7QUFDaEUsS0FBSztBQUNMLENBQUM7QUFDRCxTQUFTQyxjQUFZLENBQUMsR0FBRyxFQUFFLEdBQUcsRUFBRSxLQUFLLEVBQUU7QUFDdkMsSUFBSSxJQUFJLFdBQVcsQ0FBQyxHQUFHLENBQUMsRUFBRTtBQUMxQixRQUFRLGlCQUFpQixDQUFDLEdBQUcsRUFBRSxHQUFHLEVBQUUsS0FBSyxDQUFDLENBQUM7QUFDM0MsUUFBUSxPQUFPLEdBQUcsQ0FBQztBQUNuQixLQUFLO0FBQ0wsSUFBSSxJQUFJLEdBQUcsWUFBWSxVQUFVLEVBQUU7QUFDbkMsUUFBUSxPQUFPSCxRQUFNLENBQUMsTUFBTSxDQUFDLFNBQVMsQ0FBQyxLQUFLLEVBQUUsR0FBRyxFQUFFLFFBQVEsRUFBRSxJQUFJLEVBQUUsQ0FBQyxLQUFLLENBQUMsQ0FBQyxDQUFDO0FBQzVFLEtBQUs7QUFDTCxJQUFJLE1BQU0sSUFBSSxTQUFTLENBQUMsZUFBZSxDQUFDLEdBQUcsRUFBRSxHQUFHLEtBQUssRUFBRSxZQUFZLENBQUMsQ0FBQyxDQUFDO0FBQ3RFLENBQUM7QUFDTSxNQUFNSSxNQUFJLEdBQUcsT0FBTyxHQUFHLEVBQUUsR0FBRyxFQUFFLEdBQUcsS0FBSztBQUM3QyxJQUFJLE1BQU0sU0FBUyxHQUFHLE1BQU1ELGNBQVksQ0FBQyxHQUFHLEVBQUUsR0FBRyxFQUFFLFNBQVMsQ0FBQyxDQUFDO0FBQzlELElBQUksWUFBWSxDQUFDLFNBQVMsRUFBRSxHQUFHLENBQUMsQ0FBQztBQUNqQyxJQUFJLE1BQU0sWUFBWSxHQUFHLE1BQU1ILFFBQU0sQ0FBQyxNQUFNLENBQUMsU0FBUyxDQUFDLEtBQUssRUFBRSxHQUFHLEVBQUUsR0FBRyxjQUFjLENBQUMsQ0FBQztBQUN0RixJQUFJLE9BQU8sSUFBSSxVQUFVLENBQUMsTUFBTUEsUUFBTSxDQUFDLE1BQU0sQ0FBQyxPQUFPLENBQUMsS0FBSyxFQUFFLFlBQVksRUFBRSxTQUFTLEVBQUUsUUFBUSxDQUFDLENBQUMsQ0FBQztBQUNqRyxDQUFDLENBQUM7QUFDSyxNQUFNSyxRQUFNLEdBQUcsT0FBTyxHQUFHLEVBQUUsR0FBRyxFQUFFLFlBQVksS0FBSztBQUN4RCxJQUFJLE1BQU0sU0FBUyxHQUFHLE1BQU1GLGNBQVksQ0FBQyxHQUFHLEVBQUUsR0FBRyxFQUFFLFdBQVcsQ0FBQyxDQUFDO0FBQ2hFLElBQUksWUFBWSxDQUFDLFNBQVMsRUFBRSxHQUFHLENBQUMsQ0FBQztBQUNqQyxJQUFJLE1BQU0sWUFBWSxHQUFHLE1BQU1ILFFBQU0sQ0FBQyxNQUFNLENBQUMsU0FBUyxDQUFDLEtBQUssRUFBRSxZQUFZLEVBQUUsU0FBUyxFQUFFLFFBQVEsRUFBRSxHQUFHLGNBQWMsQ0FBQyxDQUFDO0FBQ3BILElBQUksT0FBTyxJQUFJLFVBQVUsQ0FBQyxNQUFNQSxRQUFNLENBQUMsTUFBTSxDQUFDLFNBQVMsQ0FBQyxLQUFLLEVBQUUsWUFBWSxDQUFDLENBQUMsQ0FBQztBQUM5RSxDQUFDOztBQzlCRCxNQUFNLE1BQU0sR0FBRyxPQUFPLFNBQVMsRUFBRSxJQUFJLEtBQUs7QUFDMUMsSUFBSSxNQUFNLFlBQVksR0FBRyxDQUFDLElBQUksRUFBRSxTQUFTLENBQUMsTUFBTSxDQUFDLENBQUMsQ0FBQyxDQUFDLENBQUMsQ0FBQyxDQUFDO0FBQ3ZELElBQUksT0FBTyxJQUFJLFVBQVUsQ0FBQyxNQUFNQSxRQUFNLENBQUMsTUFBTSxDQUFDLE1BQU0sQ0FBQyxZQUFZLEVBQUUsSUFBSSxDQUFDLENBQUMsQ0FBQztBQUMxRSxDQUFDOztBQ0VNLE1BQU1NLFdBQVMsR0FBRyxPQUFPLFNBQVMsRUFBRSxVQUFVLEVBQUUsU0FBUyxFQUFFLFNBQVMsRUFBRSxHQUFHLEdBQUcsSUFBSSxVQUFVLENBQUMsQ0FBQyxDQUFDLEVBQUUsR0FBRyxHQUFHLElBQUksVUFBVSxDQUFDLENBQUMsQ0FBQyxLQUFLO0FBQ2xJLElBQUksSUFBSSxDQUFDLFdBQVcsQ0FBQyxTQUFTLENBQUMsRUFBRTtBQUNqQyxRQUFRLE1BQU0sSUFBSSxTQUFTLENBQUMsZUFBZSxDQUFDLFNBQVMsRUFBRSxHQUFHLEtBQUssQ0FBQyxDQUFDLENBQUM7QUFDbEUsS0FBSztBQUNMLElBQUksaUJBQWlCLENBQUMsU0FBUyxFQUFFLFNBQVMsQ0FBQyxDQUFDO0FBQzVDLElBQUksSUFBSSxDQUFDLFdBQVcsQ0FBQyxVQUFVLENBQUMsRUFBRTtBQUNsQyxRQUFRLE1BQU0sSUFBSSxTQUFTLENBQUMsZUFBZSxDQUFDLFVBQVUsRUFBRSxHQUFHLEtBQUssQ0FBQyxDQUFDLENBQUM7QUFDbkUsS0FBSztBQUNMLElBQUksaUJBQWlCLENBQUMsVUFBVSxFQUFFLFNBQVMsRUFBRSxZQUFZLEVBQUUsV0FBVyxDQUFDLENBQUM7QUFDeEUsSUFBSSxNQUFNLEtBQUssR0FBRyxNQUFNLENBQUMsY0FBYyxDQUFDLE9BQU8sQ0FBQyxNQUFNLENBQUMsU0FBUyxDQUFDLENBQUMsRUFBRSxjQUFjLENBQUMsR0FBRyxDQUFDLEVBQUUsY0FBYyxDQUFDLEdBQUcsQ0FBQyxFQUFFLFFBQVEsQ0FBQyxTQUFTLENBQUMsQ0FBQyxDQUFDO0FBQ25JLElBQUksSUFBSSxDQUFDLFVBQVUsQ0FBQyxNQUFNLENBQUMsUUFBUSxDQUFDLFlBQVksQ0FBQyxFQUFFO0FBQ25ELFFBQVEsTUFBTSxJQUFJLFNBQVMsQ0FBQyx3REFBd0QsQ0FBQyxDQUFDO0FBQ3RGLEtBQUs7QUFDTCxJQUFJLE1BQU0sWUFBWSxHQUFHLElBQUksVUFBVSxDQUFDLE1BQU1OLFFBQU0sQ0FBQyxNQUFNLENBQUMsVUFBVSxDQUFDO0FBQ3ZFLFFBQVEsSUFBSSxFQUFFLE1BQU07QUFDcEIsUUFBUSxNQUFNLEVBQUUsU0FBUztBQUN6QixLQUFLLEVBQUUsVUFBVSxFQUFFLElBQUksQ0FBQyxJQUFJLENBQUMsUUFBUSxDQUFDLFVBQVUsQ0FBQyxTQUFTLENBQUMsVUFBVSxDQUFDLE1BQU0sQ0FBQyxDQUFDLENBQUMsQ0FBQyxFQUFFLEVBQUUsQ0FBQyxHQUFHLENBQUMsQ0FBQztBQUMxRixRQUFRLENBQUMsQ0FBQyxDQUFDLENBQUM7QUFDWixJQUFJLE9BQU8sU0FBUyxDQUFDLE1BQU0sRUFBRSxZQUFZLEVBQUUsU0FBUyxFQUFFLEtBQUssQ0FBQyxDQUFDO0FBQzdELENBQUMsQ0FBQztBQUNLLE1BQU0sV0FBVyxHQUFHLE9BQU8sR0FBRyxLQUFLO0FBQzFDLElBQUksSUFBSSxDQUFDLFdBQVcsQ0FBQyxHQUFHLENBQUMsRUFBRTtBQUMzQixRQUFRLE1BQU0sSUFBSSxTQUFTLENBQUMsZUFBZSxDQUFDLEdBQUcsRUFBRSxHQUFHLEtBQUssQ0FBQyxDQUFDLENBQUM7QUFDNUQsS0FBSztBQUNMLElBQUksT0FBTyxDQUFDLE1BQU1BLFFBQU0sQ0FBQyxNQUFNLENBQUMsV0FBVyxDQUFDLEVBQUUsSUFBSSxFQUFFLE1BQU0sRUFBRSxVQUFVLEVBQUUsR0FBRyxDQUFDLFNBQVMsQ0FBQyxVQUFVLEVBQUUsRUFBRSxJQUFJLEVBQUUsQ0FBQyxZQUFZLENBQUMsQ0FBQyxFQUFFLFVBQVUsQ0FBQztBQUN0SSxDQUFDLENBQUM7QUFDSyxNQUFNLFdBQVcsR0FBRyxDQUFDLEdBQUcsS0FBSztBQUNwQyxJQUFJLElBQUksQ0FBQyxXQUFXLENBQUMsR0FBRyxDQUFDLEVBQUU7QUFDM0IsUUFBUSxNQUFNLElBQUksU0FBUyxDQUFDLGVBQWUsQ0FBQyxHQUFHLEVBQUUsR0FBRyxLQUFLLENBQUMsQ0FBQyxDQUFDO0FBQzVELEtBQUs7QUFDTCxJQUFJLE9BQU8sQ0FBQyxPQUFPLEVBQUUsT0FBTyxFQUFFLE9BQU8sQ0FBQyxDQUFDLFFBQVEsQ0FBQyxHQUFHLENBQUMsU0FBUyxDQUFDLFVBQVUsQ0FBQyxDQUFDO0FBQzFFLENBQUM7O0FDcENjLFNBQVMsUUFBUSxDQUFDLEdBQUcsRUFBRTtBQUN0QyxJQUFJLElBQUksRUFBRSxHQUFHLFlBQVksVUFBVSxDQUFDLElBQUksR0FBRyxDQUFDLE1BQU0sR0FBRyxDQUFDLEVBQUU7QUFDeEQsUUFBUSxNQUFNLElBQUksVUFBVSxDQUFDLDJDQUEyQyxDQUFDLENBQUM7QUFDMUUsS0FBSztBQUNMOztBQ0lBLFNBQVNHLGNBQVksQ0FBQyxHQUFHLEVBQUUsR0FBRyxFQUFFO0FBQ2hDLElBQUksSUFBSSxHQUFHLFlBQVksVUFBVSxFQUFFO0FBQ25DLFFBQVEsT0FBT0gsUUFBTSxDQUFDLE1BQU0sQ0FBQyxTQUFTLENBQUMsS0FBSyxFQUFFLEdBQUcsRUFBRSxRQUFRLEVBQUUsS0FBSyxFQUFFLENBQUMsWUFBWSxDQUFDLENBQUMsQ0FBQztBQUNwRixLQUFLO0FBQ0wsSUFBSSxJQUFJLFdBQVcsQ0FBQyxHQUFHLENBQUMsRUFBRTtBQUMxQixRQUFRLGlCQUFpQixDQUFDLEdBQUcsRUFBRSxHQUFHLEVBQUUsWUFBWSxFQUFFLFdBQVcsQ0FBQyxDQUFDO0FBQy9ELFFBQVEsT0FBTyxHQUFHLENBQUM7QUFDbkIsS0FBSztBQUNMLElBQUksTUFBTSxJQUFJLFNBQVMsQ0FBQyxlQUFlLENBQUMsR0FBRyxFQUFFLEdBQUcsS0FBSyxFQUFFLFlBQVksQ0FBQyxDQUFDLENBQUM7QUFDdEUsQ0FBQztBQUNELGVBQWUsU0FBUyxDQUFDTyxLQUFHLEVBQUUsR0FBRyxFQUFFLEdBQUcsRUFBRSxHQUFHLEVBQUU7QUFDN0MsSUFBSSxRQUFRLENBQUNBLEtBQUcsQ0FBQyxDQUFDO0FBQ2xCLElBQUksTUFBTSxJQUFJLEdBQUdDLEdBQVUsQ0FBQyxHQUFHLEVBQUVELEtBQUcsQ0FBQyxDQUFDO0FBQ3RDLElBQUksTUFBTSxNQUFNLEdBQUcsUUFBUSxDQUFDLEdBQUcsQ0FBQyxNQUFNLENBQUMsRUFBRSxFQUFFLENBQUMsQ0FBQyxFQUFFLEVBQUUsQ0FBQyxDQUFDO0FBQ25ELElBQUksTUFBTSxTQUFTLEdBQUc7QUFDdEIsUUFBUSxJQUFJLEVBQUUsQ0FBQyxJQUFJLEVBQUUsR0FBRyxDQUFDLE1BQU0sQ0FBQyxDQUFDLEVBQUUsQ0FBQyxDQUFDLENBQUMsQ0FBQztBQUN2QyxRQUFRLFVBQVUsRUFBRSxHQUFHO0FBQ3ZCLFFBQVEsSUFBSSxFQUFFLFFBQVE7QUFDdEIsUUFBUSxJQUFJO0FBQ1osS0FBSyxDQUFDO0FBQ04sSUFBSSxNQUFNLE9BQU8sR0FBRztBQUNwQixRQUFRLE1BQU0sRUFBRSxNQUFNO0FBQ3RCLFFBQVEsSUFBSSxFQUFFLFFBQVE7QUFDdEIsS0FBSyxDQUFDO0FBQ04sSUFBSSxNQUFNLFNBQVMsR0FBRyxNQUFNSixjQUFZLENBQUMsR0FBRyxFQUFFLEdBQUcsQ0FBQyxDQUFDO0FBQ25ELElBQUksSUFBSSxTQUFTLENBQUMsTUFBTSxDQUFDLFFBQVEsQ0FBQyxZQUFZLENBQUMsRUFBRTtBQUNqRCxRQUFRLE9BQU8sSUFBSSxVQUFVLENBQUMsTUFBTUgsUUFBTSxDQUFDLE1BQU0sQ0FBQyxVQUFVLENBQUMsU0FBUyxFQUFFLFNBQVMsRUFBRSxNQUFNLENBQUMsQ0FBQyxDQUFDO0FBQzVGLEtBQUs7QUFDTCxJQUFJLElBQUksU0FBUyxDQUFDLE1BQU0sQ0FBQyxRQUFRLENBQUMsV0FBVyxDQUFDLEVBQUU7QUFDaEQsUUFBUSxPQUFPQSxRQUFNLENBQUMsTUFBTSxDQUFDLFNBQVMsQ0FBQyxTQUFTLEVBQUUsU0FBUyxFQUFFLE9BQU8sRUFBRSxLQUFLLEVBQUUsQ0FBQyxTQUFTLEVBQUUsV0FBVyxDQUFDLENBQUMsQ0FBQztBQUN2RyxLQUFLO0FBQ0wsSUFBSSxNQUFNLElBQUksU0FBUyxDQUFDLDhEQUE4RCxDQUFDLENBQUM7QUFDeEYsQ0FBQztBQUNNLE1BQU1TLFNBQU8sR0FBRyxPQUFPLEdBQUcsRUFBRSxHQUFHLEVBQUUsR0FBRyxFQUFFLEdBQUcsR0FBRyxJQUFJLENBQUMsS0FBSyxDQUFDLElBQUksQ0FBQyxNQUFNLEVBQUUsR0FBRyxJQUFJLENBQUMsR0FBRyxJQUFJLEVBQUUsR0FBRyxHQUFHLE1BQU0sQ0FBQyxJQUFJLFVBQVUsQ0FBQyxFQUFFLENBQUMsQ0FBQyxLQUFLO0FBQ2pJLElBQUksTUFBTSxPQUFPLEdBQUcsTUFBTSxTQUFTLENBQUMsR0FBRyxFQUFFLEdBQUcsRUFBRSxHQUFHLEVBQUUsR0FBRyxDQUFDLENBQUM7QUFDeEQsSUFBSSxNQUFNLFlBQVksR0FBRyxNQUFNTCxNQUFJLENBQUMsR0FBRyxDQUFDLE1BQU0sQ0FBQyxDQUFDLENBQUMsQ0FBQyxFQUFFLE9BQU8sRUFBRSxHQUFHLENBQUMsQ0FBQztBQUNsRSxJQUFJLE9BQU8sRUFBRSxZQUFZLEVBQUUsR0FBRyxFQUFFLEdBQUcsRUFBRU0sTUFBUyxDQUFDLEdBQUcsQ0FBQyxFQUFFLENBQUM7QUFDdEQsQ0FBQyxDQUFDO0FBQ0ssTUFBTVIsU0FBTyxHQUFHLE9BQU8sR0FBRyxFQUFFLEdBQUcsRUFBRSxZQUFZLEVBQUUsR0FBRyxFQUFFLEdBQUcsS0FBSztBQUNuRSxJQUFJLE1BQU0sT0FBTyxHQUFHLE1BQU0sU0FBUyxDQUFDLEdBQUcsRUFBRSxHQUFHLEVBQUUsR0FBRyxFQUFFLEdBQUcsQ0FBQyxDQUFDO0FBQ3hELElBQUksT0FBT0csUUFBTSxDQUFDLEdBQUcsQ0FBQyxNQUFNLENBQUMsQ0FBQyxDQUFDLENBQUMsRUFBRSxPQUFPLEVBQUUsWUFBWSxDQUFDLENBQUM7QUFDekQsQ0FBQzs7QUNqRGMsU0FBUyxXQUFXLENBQUMsR0FBRyxFQUFFO0FBQ3pDLElBQUksUUFBUSxHQUFHO0FBQ2YsUUFBUSxLQUFLLFVBQVUsQ0FBQztBQUN4QixRQUFRLEtBQUssY0FBYyxDQUFDO0FBQzVCLFFBQVEsS0FBSyxjQUFjLENBQUM7QUFDNUIsUUFBUSxLQUFLLGNBQWM7QUFDM0IsWUFBWSxPQUFPLFVBQVUsQ0FBQztBQUM5QixRQUFRO0FBQ1IsWUFBWSxNQUFNLElBQUksZ0JBQWdCLENBQUMsQ0FBQyxJQUFJLEVBQUUsR0FBRyxDQUFDLDJEQUEyRCxDQUFDLENBQUMsQ0FBQztBQUNoSCxLQUFLO0FBQ0w7O0FDWEEscUJBQWUsQ0FBQyxHQUFHLEVBQUUsR0FBRyxLQUFLO0FBQzdCLElBQUksSUFBSSxHQUFHLENBQUMsVUFBVSxDQUFDLElBQUksQ0FBQyxJQUFJLEdBQUcsQ0FBQyxVQUFVLENBQUMsSUFBSSxDQUFDLEVBQUU7QUFDdEQsUUFBUSxNQUFNLEVBQUUsYUFBYSxFQUFFLEdBQUcsR0FBRyxDQUFDLFNBQVMsQ0FBQztBQUNoRCxRQUFRLElBQUksT0FBTyxhQUFhLEtBQUssUUFBUSxJQUFJLGFBQWEsR0FBRyxJQUFJLEVBQUU7QUFDdkUsWUFBWSxNQUFNLElBQUksU0FBUyxDQUFDLENBQUMsRUFBRSxHQUFHLENBQUMscURBQXFELENBQUMsQ0FBQyxDQUFDO0FBQy9GLFNBQVM7QUFDVCxLQUFLO0FBQ0wsQ0FBQzs7QUNBTSxNQUFNSSxTQUFPLEdBQUcsT0FBTyxHQUFHLEVBQUUsR0FBRyxFQUFFLEdBQUcsS0FBSztBQUNoRCxJQUFJLElBQUksQ0FBQyxXQUFXLENBQUMsR0FBRyxDQUFDLEVBQUU7QUFDM0IsUUFBUSxNQUFNLElBQUksU0FBUyxDQUFDLGVBQWUsQ0FBQyxHQUFHLEVBQUUsR0FBRyxLQUFLLENBQUMsQ0FBQyxDQUFDO0FBQzVELEtBQUs7QUFDTCxJQUFJLGlCQUFpQixDQUFDLEdBQUcsRUFBRSxHQUFHLEVBQUUsU0FBUyxFQUFFLFNBQVMsQ0FBQyxDQUFDO0FBQ3RELElBQUksY0FBYyxDQUFDLEdBQUcsRUFBRSxHQUFHLENBQUMsQ0FBQztBQUM3QixJQUFJLElBQUksR0FBRyxDQUFDLE1BQU0sQ0FBQyxRQUFRLENBQUMsU0FBUyxDQUFDLEVBQUU7QUFDeEMsUUFBUSxPQUFPLElBQUksVUFBVSxDQUFDLE1BQU1ULFFBQU0sQ0FBQyxNQUFNLENBQUMsT0FBTyxDQUFDVyxXQUFlLENBQUMsR0FBRyxDQUFDLEVBQUUsR0FBRyxFQUFFLEdBQUcsQ0FBQyxDQUFDLENBQUM7QUFDM0YsS0FBSztBQUNMLElBQUksSUFBSSxHQUFHLENBQUMsTUFBTSxDQUFDLFFBQVEsQ0FBQyxTQUFTLENBQUMsRUFBRTtBQUN4QyxRQUFRLE1BQU0sWUFBWSxHQUFHLE1BQU1YLFFBQU0sQ0FBQyxNQUFNLENBQUMsU0FBUyxDQUFDLEtBQUssRUFBRSxHQUFHLEVBQUUsR0FBRyxjQUFjLENBQUMsQ0FBQztBQUMxRixRQUFRLE9BQU8sSUFBSSxVQUFVLENBQUMsTUFBTUEsUUFBTSxDQUFDLE1BQU0sQ0FBQyxPQUFPLENBQUMsS0FBSyxFQUFFLFlBQVksRUFBRSxHQUFHLEVBQUVXLFdBQWUsQ0FBQyxHQUFHLENBQUMsQ0FBQyxDQUFDLENBQUM7QUFDM0csS0FBSztBQUNMLElBQUksTUFBTSxJQUFJLFNBQVMsQ0FBQyw4RUFBOEUsQ0FBQyxDQUFDO0FBQ3hHLENBQUMsQ0FBQztBQUNLLE1BQU0sT0FBTyxHQUFHLE9BQU8sR0FBRyxFQUFFLEdBQUcsRUFBRSxZQUFZLEtBQUs7QUFDekQsSUFBSSxJQUFJLENBQUMsV0FBVyxDQUFDLEdBQUcsQ0FBQyxFQUFFO0FBQzNCLFFBQVEsTUFBTSxJQUFJLFNBQVMsQ0FBQyxlQUFlLENBQUMsR0FBRyxFQUFFLEdBQUcsS0FBSyxDQUFDLENBQUMsQ0FBQztBQUM1RCxLQUFLO0FBQ0wsSUFBSSxpQkFBaUIsQ0FBQyxHQUFHLEVBQUUsR0FBRyxFQUFFLFNBQVMsRUFBRSxXQUFXLENBQUMsQ0FBQztBQUN4RCxJQUFJLGNBQWMsQ0FBQyxHQUFHLEVBQUUsR0FBRyxDQUFDLENBQUM7QUFDN0IsSUFBSSxJQUFJLEdBQUcsQ0FBQyxNQUFNLENBQUMsUUFBUSxDQUFDLFNBQVMsQ0FBQyxFQUFFO0FBQ3hDLFFBQVEsT0FBTyxJQUFJLFVBQVUsQ0FBQyxNQUFNWCxRQUFNLENBQUMsTUFBTSxDQUFDLE9BQU8sQ0FBQ1csV0FBZSxDQUFDLEdBQUcsQ0FBQyxFQUFFLEdBQUcsRUFBRSxZQUFZLENBQUMsQ0FBQyxDQUFDO0FBQ3BHLEtBQUs7QUFDTCxJQUFJLElBQUksR0FBRyxDQUFDLE1BQU0sQ0FBQyxRQUFRLENBQUMsV0FBVyxDQUFDLEVBQUU7QUFDMUMsUUFBUSxNQUFNLFlBQVksR0FBRyxNQUFNWCxRQUFNLENBQUMsTUFBTSxDQUFDLFNBQVMsQ0FBQyxLQUFLLEVBQUUsWUFBWSxFQUFFLEdBQUcsRUFBRVcsV0FBZSxDQUFDLEdBQUcsQ0FBQyxFQUFFLEdBQUcsY0FBYyxDQUFDLENBQUM7QUFDOUgsUUFBUSxPQUFPLElBQUksVUFBVSxDQUFDLE1BQU1YLFFBQU0sQ0FBQyxNQUFNLENBQUMsU0FBUyxDQUFDLEtBQUssRUFBRSxZQUFZLENBQUMsQ0FBQyxDQUFDO0FBQ2xGLEtBQUs7QUFDTCxJQUFJLE1BQU0sSUFBSSxTQUFTLENBQUMsZ0ZBQWdGLENBQUMsQ0FBQztBQUMxRyxDQUFDOztBQ2xDTSxTQUFTLFNBQVMsQ0FBQyxHQUFHLEVBQUU7QUFDL0IsSUFBSSxRQUFRLEdBQUc7QUFDZixRQUFRLEtBQUssU0FBUztBQUN0QixZQUFZLE9BQU8sR0FBRyxDQUFDO0FBQ3ZCLFFBQVEsS0FBSyxTQUFTO0FBQ3RCLFlBQVksT0FBTyxHQUFHLENBQUM7QUFDdkIsUUFBUSxLQUFLLFNBQVMsQ0FBQztBQUN2QixRQUFRLEtBQUssZUFBZTtBQUM1QixZQUFZLE9BQU8sR0FBRyxDQUFDO0FBQ3ZCLFFBQVEsS0FBSyxlQUFlO0FBQzVCLFlBQVksT0FBTyxHQUFHLENBQUM7QUFDdkIsUUFBUSxLQUFLLGVBQWU7QUFDNUIsWUFBWSxPQUFPLEdBQUcsQ0FBQztBQUN2QixRQUFRO0FBQ1IsWUFBWSxNQUFNLElBQUksZ0JBQWdCLENBQUMsQ0FBQywyQkFBMkIsRUFBRSxHQUFHLENBQUMsQ0FBQyxDQUFDLENBQUM7QUFDNUUsS0FBSztBQUNMLENBQUM7QUFDRCxrQkFBZSxDQUFDLEdBQUcsS0FBSyxNQUFNLENBQUMsSUFBSSxVQUFVLENBQUMsU0FBUyxDQUFDLEdBQUcsQ0FBQyxJQUFJLENBQUMsQ0FBQyxDQUFDOztBQ2ZuRSxTQUFTLGFBQWEsQ0FBQyxHQUFHLEVBQUU7QUFDNUIsSUFBSSxJQUFJLFNBQVMsQ0FBQztBQUNsQixJQUFJLElBQUksU0FBUyxDQUFDO0FBQ2xCLElBQUksUUFBUSxHQUFHLENBQUMsR0FBRztBQUNuQixRQUFRLEtBQUssS0FBSyxFQUFFO0FBQ3BCLFlBQVksUUFBUSxHQUFHLENBQUMsR0FBRztBQUMzQixnQkFBZ0IsS0FBSyxPQUFPLENBQUM7QUFDN0IsZ0JBQWdCLEtBQUssT0FBTyxDQUFDO0FBQzdCLGdCQUFnQixLQUFLLE9BQU87QUFDNUIsb0JBQW9CLFNBQVMsR0FBRyxFQUFFLElBQUksRUFBRSxNQUFNLEVBQUUsSUFBSSxFQUFFLENBQUMsSUFBSSxFQUFFLEdBQUcsQ0FBQyxHQUFHLENBQUMsTUFBTSxDQUFDLENBQUMsQ0FBQyxDQUFDLENBQUMsQ0FBQyxFQUFFLENBQUM7QUFDcEYsb0JBQW9CLFNBQVMsR0FBRyxDQUFDLE1BQU0sRUFBRSxRQUFRLENBQUMsQ0FBQztBQUNuRCxvQkFBb0IsTUFBTTtBQUMxQixnQkFBZ0IsS0FBSyxlQUFlLENBQUM7QUFDckMsZ0JBQWdCLEtBQUssZUFBZSxDQUFDO0FBQ3JDLGdCQUFnQixLQUFLLGVBQWU7QUFDcEMsb0JBQW9CLE1BQU0sSUFBSSxnQkFBZ0IsQ0FBQyxDQUFDLEVBQUUsR0FBRyxDQUFDLEdBQUcsQ0FBQywrQ0FBK0MsQ0FBQyxDQUFDLENBQUM7QUFDNUcsZ0JBQWdCLEtBQUssU0FBUyxDQUFDO0FBQy9CLGdCQUFnQixLQUFLLFNBQVMsQ0FBQztBQUMvQixnQkFBZ0IsS0FBSyxTQUFTLENBQUM7QUFDL0IsZ0JBQWdCLEtBQUssV0FBVyxDQUFDO0FBQ2pDLGdCQUFnQixLQUFLLFdBQVcsQ0FBQztBQUNqQyxnQkFBZ0IsS0FBSyxXQUFXO0FBQ2hDLG9CQUFvQixTQUFTLEdBQUcsRUFBRSxJQUFJLEVBQUUsU0FBUyxFQUFFLENBQUM7QUFDcEQsb0JBQW9CLFNBQVMsR0FBRyxDQUFDLFNBQVMsRUFBRSxTQUFTLENBQUMsQ0FBQztBQUN2RCxvQkFBb0IsTUFBTTtBQUMxQixnQkFBZ0IsS0FBSyxRQUFRLENBQUM7QUFDOUIsZ0JBQWdCLEtBQUssUUFBUSxDQUFDO0FBQzlCLGdCQUFnQixLQUFLLFFBQVE7QUFDN0Isb0JBQW9CLFNBQVMsR0FBRyxFQUFFLElBQUksRUFBRSxRQUFRLEVBQUUsQ0FBQztBQUNuRCxvQkFBb0IsU0FBUyxHQUFHLENBQUMsU0FBUyxFQUFFLFdBQVcsQ0FBQyxDQUFDO0FBQ3pELG9CQUFvQixNQUFNO0FBQzFCLGdCQUFnQixLQUFLLG9CQUFvQixDQUFDO0FBQzFDLGdCQUFnQixLQUFLLG9CQUFvQixDQUFDO0FBQzFDLGdCQUFnQixLQUFLLG9CQUFvQjtBQUN6QyxvQkFBb0IsU0FBUyxHQUFHLEVBQUUsSUFBSSxFQUFFLFFBQVEsRUFBRSxDQUFDO0FBQ25ELG9CQUFvQixTQUFTLEdBQUcsQ0FBQyxZQUFZLENBQUMsQ0FBQztBQUMvQyxvQkFBb0IsTUFBTTtBQUMxQixnQkFBZ0I7QUFDaEIsb0JBQW9CLE1BQU0sSUFBSSxnQkFBZ0IsQ0FBQyw4REFBOEQsQ0FBQyxDQUFDO0FBQy9HLGFBQWE7QUFDYixZQUFZLE1BQU07QUFDbEIsU0FBUztBQUNULFFBQVEsS0FBSyxLQUFLLEVBQUU7QUFDcEIsWUFBWSxRQUFRLEdBQUcsQ0FBQyxHQUFHO0FBQzNCLGdCQUFnQixLQUFLLE9BQU8sQ0FBQztBQUM3QixnQkFBZ0IsS0FBSyxPQUFPLENBQUM7QUFDN0IsZ0JBQWdCLEtBQUssT0FBTztBQUM1QixvQkFBb0IsU0FBUyxHQUFHLEVBQUUsSUFBSSxFQUFFLFNBQVMsRUFBRSxJQUFJLEVBQUUsQ0FBQyxJQUFJLEVBQUUsR0FBRyxDQUFDLEdBQUcsQ0FBQyxNQUFNLENBQUMsQ0FBQyxDQUFDLENBQUMsQ0FBQyxDQUFDLEVBQUUsQ0FBQztBQUN2RixvQkFBb0IsU0FBUyxHQUFHLEdBQUcsQ0FBQyxDQUFDLEdBQUcsQ0FBQyxNQUFNLENBQUMsR0FBRyxDQUFDLFFBQVEsQ0FBQyxDQUFDO0FBQzlELG9CQUFvQixNQUFNO0FBQzFCLGdCQUFnQixLQUFLLE9BQU8sQ0FBQztBQUM3QixnQkFBZ0IsS0FBSyxPQUFPLENBQUM7QUFDN0IsZ0JBQWdCLEtBQUssT0FBTztBQUM1QixvQkFBb0IsU0FBUyxHQUFHLEVBQUUsSUFBSSxFQUFFLG1CQUFtQixFQUFFLElBQUksRUFBRSxDQUFDLElBQUksRUFBRSxHQUFHLENBQUMsR0FBRyxDQUFDLE1BQU0sQ0FBQyxDQUFDLENBQUMsQ0FBQyxDQUFDLENBQUMsRUFBRSxDQUFDO0FBQ2pHLG9CQUFvQixTQUFTLEdBQUcsR0FBRyxDQUFDLENBQUMsR0FBRyxDQUFDLE1BQU0sQ0FBQyxHQUFHLENBQUMsUUFBUSxDQUFDLENBQUM7QUFDOUQsb0JBQW9CLE1BQU07QUFDMUIsZ0JBQWdCLEtBQUssVUFBVSxDQUFDO0FBQ2hDLGdCQUFnQixLQUFLLGNBQWMsQ0FBQztBQUNwQyxnQkFBZ0IsS0FBSyxjQUFjLENBQUM7QUFDcEMsZ0JBQWdCLEtBQUssY0FBYztBQUNuQyxvQkFBb0IsU0FBUyxHQUFHO0FBQ2hDLHdCQUF3QixJQUFJLEVBQUUsVUFBVTtBQUN4Qyx3QkFBd0IsSUFBSSxFQUFFLENBQUMsSUFBSSxFQUFFLFFBQVEsQ0FBQyxHQUFHLENBQUMsR0FBRyxDQUFDLE1BQU0sQ0FBQyxDQUFDLENBQUMsQ0FBQyxFQUFFLEVBQUUsQ0FBQyxJQUFJLENBQUMsQ0FBQyxDQUFDO0FBQzVFLHFCQUFxQixDQUFDO0FBQ3RCLG9CQUFvQixTQUFTLEdBQUcsR0FBRyxDQUFDLENBQUMsR0FBRyxDQUFDLFNBQVMsRUFBRSxXQUFXLENBQUMsR0FBRyxDQUFDLFNBQVMsRUFBRSxTQUFTLENBQUMsQ0FBQztBQUMxRixvQkFBb0IsTUFBTTtBQUMxQixnQkFBZ0I7QUFDaEIsb0JBQW9CLE1BQU0sSUFBSSxnQkFBZ0IsQ0FBQyw4REFBOEQsQ0FBQyxDQUFDO0FBQy9HLGFBQWE7QUFDYixZQUFZLE1BQU07QUFDbEIsU0FBUztBQUNULFFBQVEsS0FBSyxJQUFJLEVBQUU7QUFDbkIsWUFBWSxRQUFRLEdBQUcsQ0FBQyxHQUFHO0FBQzNCLGdCQUFnQixLQUFLLE9BQU87QUFDNUIsb0JBQW9CLFNBQVMsR0FBRyxFQUFFLElBQUksRUFBRSxPQUFPLEVBQUUsVUFBVSxFQUFFLE9BQU8sRUFBRSxDQUFDO0FBQ3ZFLG9CQUFvQixTQUFTLEdBQUcsR0FBRyxDQUFDLENBQUMsR0FBRyxDQUFDLE1BQU0sQ0FBQyxHQUFHLENBQUMsUUFBUSxDQUFDLENBQUM7QUFDOUQsb0JBQW9CLE1BQU07QUFDMUIsZ0JBQWdCLEtBQUssT0FBTztBQUM1QixvQkFBb0IsU0FBUyxHQUFHLEVBQUUsSUFBSSxFQUFFLE9BQU8sRUFBRSxVQUFVLEVBQUUsT0FBTyxFQUFFLENBQUM7QUFDdkUsb0JBQW9CLFNBQVMsR0FBRyxHQUFHLENBQUMsQ0FBQyxHQUFHLENBQUMsTUFBTSxDQUFDLEdBQUcsQ0FBQyxRQUFRLENBQUMsQ0FBQztBQUM5RCxvQkFBb0IsTUFBTTtBQUMxQixnQkFBZ0IsS0FBSyxPQUFPO0FBQzVCLG9CQUFvQixTQUFTLEdBQUcsRUFBRSxJQUFJLEVBQUUsT0FBTyxFQUFFLFVBQVUsRUFBRSxPQUFPLEVBQUUsQ0FBQztBQUN2RSxvQkFBb0IsU0FBUyxHQUFHLEdBQUcsQ0FBQyxDQUFDLEdBQUcsQ0FBQyxNQUFNLENBQUMsR0FBRyxDQUFDLFFBQVEsQ0FBQyxDQUFDO0FBQzlELG9CQUFvQixNQUFNO0FBQzFCLGdCQUFnQixLQUFLLFNBQVMsQ0FBQztBQUMvQixnQkFBZ0IsS0FBSyxnQkFBZ0IsQ0FBQztBQUN0QyxnQkFBZ0IsS0FBSyxnQkFBZ0IsQ0FBQztBQUN0QyxnQkFBZ0IsS0FBSyxnQkFBZ0I7QUFDckMsb0JBQW9CLFNBQVMsR0FBRyxFQUFFLElBQUksRUFBRSxNQUFNLEVBQUUsVUFBVSxFQUFFLEdBQUcsQ0FBQyxHQUFHLEVBQUUsQ0FBQztBQUN0RSxvQkFBb0IsU0FBUyxHQUFHLEdBQUcsQ0FBQyxDQUFDLEdBQUcsQ0FBQyxZQUFZLENBQUMsR0FBRyxFQUFFLENBQUM7QUFDNUQsb0JBQW9CLE1BQU07QUFDMUIsZ0JBQWdCO0FBQ2hCLG9CQUFvQixNQUFNLElBQUksZ0JBQWdCLENBQUMsOERBQThELENBQUMsQ0FBQztBQUMvRyxhQUFhO0FBQ2IsWUFBWSxNQUFNO0FBQ2xCLFNBQVM7QUFDVCxRQUFRLEtBQUssQ0FBQyxtQkFBbUIsRUFBRSxJQUFJLFFBQVEsRUFBRSxLQUFLLEtBQUs7QUFDM0QsWUFBWSxJQUFJLEdBQUcsQ0FBQyxHQUFHLEtBQUssT0FBTyxFQUFFO0FBQ3JDLGdCQUFnQixNQUFNLElBQUksZ0JBQWdCLENBQUMsOERBQThELENBQUMsQ0FBQztBQUMzRyxhQUFhO0FBQ2IsWUFBWSxRQUFRLEdBQUcsQ0FBQyxHQUFHO0FBQzNCLGdCQUFnQixLQUFLLFNBQVM7QUFDOUIsb0JBQW9CLFNBQVMsR0FBRyxFQUFFLElBQUksRUFBRSxjQUFjLEVBQUUsVUFBVSxFQUFFLGNBQWMsRUFBRSxDQUFDO0FBQ3JGLG9CQUFvQixTQUFTLEdBQUcsR0FBRyxDQUFDLENBQUMsR0FBRyxDQUFDLE1BQU0sQ0FBQyxHQUFHLENBQUMsUUFBUSxDQUFDLENBQUM7QUFDOUQsb0JBQW9CLE1BQU07QUFDMUIsZ0JBQWdCLEtBQUssUUFBUSxFQUFFLElBQUksT0FBTztBQUMxQyxvQkFBb0IsU0FBUyxHQUFHLEVBQUUsSUFBSSxFQUFFLFlBQVksRUFBRSxVQUFVLEVBQUUsWUFBWSxFQUFFLENBQUM7QUFDakYsb0JBQW9CLFNBQVMsR0FBRyxHQUFHLENBQUMsQ0FBQyxHQUFHLENBQUMsTUFBTSxDQUFDLEdBQUcsQ0FBQyxRQUFRLENBQUMsQ0FBQztBQUM5RCxvQkFBb0IsTUFBTTtBQUMxQixnQkFBZ0I7QUFDaEIsb0JBQW9CLE1BQU0sSUFBSSxnQkFBZ0IsQ0FBQyx3RUFBd0UsQ0FBQyxDQUFDO0FBQ3pILGFBQWE7QUFDYixZQUFZLE1BQU07QUFDbEIsUUFBUTtBQUNSLFlBQVksTUFBTSxJQUFJLGdCQUFnQixDQUFDLDZEQUE2RCxDQUFDLENBQUM7QUFDdEcsS0FBSztBQUNMLElBQUksT0FBTyxFQUFFLFNBQVMsRUFBRSxTQUFTLEVBQUUsQ0FBQztBQUNwQyxDQUFDO0FBQ0QsTUFBTSxLQUFLLEdBQUcsT0FBTyxHQUFHLEtBQUs7QUFDN0IsSUFBSSxJQUFJLEVBQUUsRUFBRSxFQUFFLENBQUM7QUFDZixJQUFJLE1BQU0sRUFBRSxTQUFTLEVBQUUsU0FBUyxFQUFFLEdBQUcsYUFBYSxDQUFDLEdBQUcsQ0FBQyxDQUFDO0FBQ3hELElBQUksTUFBTSxJQUFJLEdBQUc7QUFDakIsUUFBUSxTQUFTO0FBQ2pCLFFBQVEsQ0FBQyxFQUFFLEdBQUcsR0FBRyxDQUFDLEdBQUcsTUFBTSxJQUFJLElBQUksRUFBRSxLQUFLLEtBQUssQ0FBQyxHQUFHLEVBQUUsR0FBRyxLQUFLO0FBQzdELFFBQVEsQ0FBQyxFQUFFLEdBQUcsR0FBRyxDQUFDLE9BQU8sTUFBTSxJQUFJLElBQUksRUFBRSxLQUFLLEtBQUssQ0FBQyxHQUFHLEVBQUUsR0FBRyxTQUFTO0FBQ3JFLEtBQUssQ0FBQztBQUNOLElBQUksSUFBSSxTQUFTLENBQUMsSUFBSSxLQUFLLFFBQVEsRUFBRTtBQUNyQyxRQUFRLE9BQU9BLFFBQU0sQ0FBQyxNQUFNLENBQUMsU0FBUyxDQUFDLEtBQUssRUFBRVUsTUFBUyxDQUFDLEdBQUcsQ0FBQyxDQUFDLENBQUMsRUFBRSxHQUFHLElBQUksQ0FBQyxDQUFDO0FBQ3pFLEtBQUs7QUFDTCxJQUFJLE1BQU0sT0FBTyxHQUFHLEVBQUUsR0FBRyxHQUFHLEVBQUUsQ0FBQztBQUMvQixJQUFJLE9BQU8sT0FBTyxDQUFDLEdBQUcsQ0FBQztBQUN2QixJQUFJLE9BQU9WLFFBQU0sQ0FBQyxNQUFNLENBQUMsU0FBUyxDQUFDLEtBQUssRUFBRSxPQUFPLEVBQUUsR0FBRyxJQUFJLENBQUMsQ0FBQztBQUM1RCxDQUFDLENBQUM7QUFDRixrQkFBZSxLQUFLOztBQy9DYixlQUFlLFNBQVMsQ0FBQyxHQUFHLEVBQUUsR0FBRyxFQUFFLGNBQWMsRUFBRTtBQUMxRCxJQUFJLElBQUksQ0FBQyxRQUFRLENBQUMsR0FBRyxDQUFDLEVBQUU7QUFDeEIsUUFBUSxNQUFNLElBQUksU0FBUyxDQUFDLHVCQUF1QixDQUFDLENBQUM7QUFDckQsS0FBSztBQUNMLElBQUksR0FBRyxLQUFLLEdBQUcsR0FBRyxHQUFHLENBQUMsR0FBRyxDQUFDLENBQUM7QUFDM0IsSUFBSSxJQUFJLE9BQU8sR0FBRyxLQUFLLFFBQVEsSUFBSSxDQUFDLEdBQUcsRUFBRTtBQUN6QyxRQUFRLE1BQU0sSUFBSSxTQUFTLENBQUMsMERBQTBELENBQUMsQ0FBQztBQUN4RixLQUFLO0FBQ0wsSUFBSSxRQUFRLEdBQUcsQ0FBQyxHQUFHO0FBQ25CLFFBQVEsS0FBSyxLQUFLO0FBQ2xCLFlBQVksSUFBSSxPQUFPLEdBQUcsQ0FBQyxDQUFDLEtBQUssUUFBUSxJQUFJLENBQUMsR0FBRyxDQUFDLENBQUMsRUFBRTtBQUNyRCxnQkFBZ0IsTUFBTSxJQUFJLFNBQVMsQ0FBQyx5Q0FBeUMsQ0FBQyxDQUFDO0FBQy9FLGFBQWE7QUFDYixZQUFZLGNBQWMsS0FBSyxJQUFJLElBQUksY0FBYyxLQUFLLEtBQUssQ0FBQyxHQUFHLGNBQWMsSUFBSSxjQUFjLEdBQUcsR0FBRyxDQUFDLEdBQUcsS0FBSyxJQUFJLENBQUMsQ0FBQztBQUN4SCxZQUFZLElBQUksY0FBYyxFQUFFO0FBQ2hDLGdCQUFnQixPQUFPLFdBQVcsQ0FBQyxFQUFFLEdBQUcsR0FBRyxFQUFFLEdBQUcsRUFBRSxHQUFHLEVBQUUsS0FBSyxFQUFFLENBQUMsQ0FBQztBQUNoRSxhQUFhO0FBQ2IsWUFBWSxPQUFPWSxNQUFlLENBQUMsR0FBRyxDQUFDLENBQUMsQ0FBQyxDQUFDO0FBQzFDLFFBQVEsS0FBSyxLQUFLO0FBQ2xCLFlBQVksSUFBSSxHQUFHLENBQUMsR0FBRyxLQUFLLFNBQVMsRUFBRTtBQUN2QyxnQkFBZ0IsTUFBTSxJQUFJLGdCQUFnQixDQUFDLG9FQUFvRSxDQUFDLENBQUM7QUFDakgsYUFBYTtBQUNiLFFBQVEsS0FBSyxJQUFJLENBQUM7QUFDbEIsUUFBUSxLQUFLLEtBQUs7QUFDbEIsWUFBWSxPQUFPLFdBQVcsQ0FBQyxFQUFFLEdBQUcsR0FBRyxFQUFFLEdBQUcsRUFBRSxDQUFDLENBQUM7QUFDaEQsUUFBUTtBQUNSLFlBQVksTUFBTSxJQUFJLGdCQUFnQixDQUFDLDhDQUE4QyxDQUFDLENBQUM7QUFDdkYsS0FBSztBQUNMOztBQ3JIQSxNQUFNLGtCQUFrQixHQUFHLENBQUMsR0FBRyxLQUFLO0FBQ3BDLElBQUksSUFBSSxHQUFHLFlBQVksVUFBVTtBQUNqQyxRQUFRLE9BQU87QUFDZixJQUFJLElBQUksQ0FBQyxTQUFTLENBQUMsR0FBRyxDQUFDLEVBQUU7QUFDekIsUUFBUSxNQUFNLElBQUksU0FBUyxDQUFDLGVBQWUsQ0FBQyxHQUFHLEVBQUUsR0FBRyxLQUFLLEVBQUUsWUFBWSxDQUFDLENBQUMsQ0FBQztBQUMxRSxLQUFLO0FBQ0wsSUFBSSxJQUFJLEdBQUcsQ0FBQyxJQUFJLEtBQUssUUFBUSxFQUFFO0FBQy9CLFFBQVEsTUFBTSxJQUFJLFNBQVMsQ0FBQyxDQUFDLEVBQUUsS0FBSyxDQUFDLElBQUksQ0FBQyxNQUFNLENBQUMsQ0FBQyw0REFBNEQsQ0FBQyxDQUFDLENBQUM7QUFDakgsS0FBSztBQUNMLENBQUMsQ0FBQztBQUNGLE1BQU0sbUJBQW1CLEdBQUcsQ0FBQyxHQUFHLEVBQUUsS0FBSyxLQUFLO0FBQzVDLElBQUksSUFBSSxDQUFDLFNBQVMsQ0FBQyxHQUFHLENBQUMsRUFBRTtBQUN6QixRQUFRLE1BQU0sSUFBSSxTQUFTLENBQUMsZUFBZSxDQUFDLEdBQUcsRUFBRSxHQUFHLEtBQUssQ0FBQyxDQUFDLENBQUM7QUFDNUQsS0FBSztBQUNMLElBQUksSUFBSSxHQUFHLENBQUMsSUFBSSxLQUFLLFFBQVEsRUFBRTtBQUMvQixRQUFRLE1BQU0sSUFBSSxTQUFTLENBQUMsQ0FBQyxFQUFFLEtBQUssQ0FBQyxJQUFJLENBQUMsTUFBTSxDQUFDLENBQUMsaUVBQWlFLENBQUMsQ0FBQyxDQUFDO0FBQ3RILEtBQUs7QUFDTCxJQUFJLElBQUksS0FBSyxLQUFLLE1BQU0sSUFBSSxHQUFHLENBQUMsSUFBSSxLQUFLLFFBQVEsRUFBRTtBQUNuRCxRQUFRLE1BQU0sSUFBSSxTQUFTLENBQUMsQ0FBQyxFQUFFLEtBQUssQ0FBQyxJQUFJLENBQUMsTUFBTSxDQUFDLENBQUMscUVBQXFFLENBQUMsQ0FBQyxDQUFDO0FBQzFILEtBQUs7QUFDTCxJQUFJLElBQUksS0FBSyxLQUFLLFNBQVMsSUFBSSxHQUFHLENBQUMsSUFBSSxLQUFLLFFBQVEsRUFBRTtBQUN0RCxRQUFRLE1BQU0sSUFBSSxTQUFTLENBQUMsQ0FBQyxFQUFFLEtBQUssQ0FBQyxJQUFJLENBQUMsTUFBTSxDQUFDLENBQUMsd0VBQXdFLENBQUMsQ0FBQyxDQUFDO0FBQzdILEtBQUs7QUFDTCxJQUFJLElBQUksR0FBRyxDQUFDLFNBQVMsSUFBSSxLQUFLLEtBQUssUUFBUSxJQUFJLEdBQUcsQ0FBQyxJQUFJLEtBQUssU0FBUyxFQUFFO0FBQ3ZFLFFBQVEsTUFBTSxJQUFJLFNBQVMsQ0FBQyxDQUFDLEVBQUUsS0FBSyxDQUFDLElBQUksQ0FBQyxNQUFNLENBQUMsQ0FBQyxzRUFBc0UsQ0FBQyxDQUFDLENBQUM7QUFDM0gsS0FBSztBQUNMLElBQUksSUFBSSxHQUFHLENBQUMsU0FBUyxJQUFJLEtBQUssS0FBSyxTQUFTLElBQUksR0FBRyxDQUFDLElBQUksS0FBSyxTQUFTLEVBQUU7QUFDeEUsUUFBUSxNQUFNLElBQUksU0FBUyxDQUFDLENBQUMsRUFBRSxLQUFLLENBQUMsSUFBSSxDQUFDLE1BQU0sQ0FBQyxDQUFDLHVFQUF1RSxDQUFDLENBQUMsQ0FBQztBQUM1SCxLQUFLO0FBQ0wsQ0FBQyxDQUFDO0FBQ0YsTUFBTSxZQUFZLEdBQUcsQ0FBQyxHQUFHLEVBQUUsR0FBRyxFQUFFLEtBQUssS0FBSztBQUMxQyxJQUFJLE1BQU0sU0FBUyxHQUFHLEdBQUcsQ0FBQyxVQUFVLENBQUMsSUFBSSxDQUFDO0FBQzFDLFFBQVEsR0FBRyxLQUFLLEtBQUs7QUFDckIsUUFBUSxHQUFHLENBQUMsVUFBVSxDQUFDLE9BQU8sQ0FBQztBQUMvQixRQUFRLG9CQUFvQixDQUFDLElBQUksQ0FBQyxHQUFHLENBQUMsQ0FBQztBQUN2QyxJQUFJLElBQUksU0FBUyxFQUFFO0FBQ25CLFFBQVEsa0JBQWtCLENBQUMsR0FBRyxDQUFDLENBQUM7QUFDaEMsS0FBSztBQUNMLFNBQVM7QUFDVCxRQUFRLG1CQUFtQixDQUFDLEdBQUcsRUFBRSxLQUFLLENBQUMsQ0FBQztBQUN4QyxLQUFLO0FBQ0wsQ0FBQzs7QUNuQ0QsZUFBZSxVQUFVLENBQUMsR0FBRyxFQUFFLFNBQVMsRUFBRSxHQUFHLEVBQUUsRUFBRSxFQUFFLEdBQUcsRUFBRTtBQUN4RCxJQUFJLElBQUksRUFBRSxHQUFHLFlBQVksVUFBVSxDQUFDLEVBQUU7QUFDdEMsUUFBUSxNQUFNLElBQUksU0FBUyxDQUFDLGVBQWUsQ0FBQyxHQUFHLEVBQUUsWUFBWSxDQUFDLENBQUMsQ0FBQztBQUNoRSxLQUFLO0FBQ0wsSUFBSSxNQUFNLE9BQU8sR0FBRyxRQUFRLENBQUMsR0FBRyxDQUFDLE1BQU0sQ0FBQyxDQUFDLEVBQUUsQ0FBQyxDQUFDLEVBQUUsRUFBRSxDQUFDLENBQUM7QUFDbkQsSUFBSSxNQUFNLE1BQU0sR0FBRyxNQUFNWixRQUFNLENBQUMsTUFBTSxDQUFDLFNBQVMsQ0FBQyxLQUFLLEVBQUUsR0FBRyxDQUFDLFFBQVEsQ0FBQyxPQUFPLElBQUksQ0FBQyxDQUFDLEVBQUUsU0FBUyxFQUFFLEtBQUssRUFBRSxDQUFDLFNBQVMsQ0FBQyxDQUFDLENBQUM7QUFDbkgsSUFBSSxNQUFNLE1BQU0sR0FBRyxNQUFNQSxRQUFNLENBQUMsTUFBTSxDQUFDLFNBQVMsQ0FBQyxLQUFLLEVBQUUsR0FBRyxDQUFDLFFBQVEsQ0FBQyxDQUFDLEVBQUUsT0FBTyxJQUFJLENBQUMsQ0FBQyxFQUFFO0FBQ3ZGLFFBQVEsSUFBSSxFQUFFLENBQUMsSUFBSSxFQUFFLE9BQU8sSUFBSSxDQUFDLENBQUMsQ0FBQztBQUNuQyxRQUFRLElBQUksRUFBRSxNQUFNO0FBQ3BCLEtBQUssRUFBRSxLQUFLLEVBQUUsQ0FBQyxNQUFNLENBQUMsQ0FBQyxDQUFDO0FBQ3hCLElBQUksTUFBTSxVQUFVLEdBQUcsSUFBSSxVQUFVLENBQUMsTUFBTUEsUUFBTSxDQUFDLE1BQU0sQ0FBQyxPQUFPLENBQUM7QUFDbEUsUUFBUSxFQUFFO0FBQ1YsUUFBUSxJQUFJLEVBQUUsU0FBUztBQUN2QixLQUFLLEVBQUUsTUFBTSxFQUFFLFNBQVMsQ0FBQyxDQUFDLENBQUM7QUFDM0IsSUFBSSxNQUFNLE9BQU8sR0FBRyxNQUFNLENBQUMsR0FBRyxFQUFFLEVBQUUsRUFBRSxVQUFVLEVBQUUsUUFBUSxDQUFDLEdBQUcsQ0FBQyxNQUFNLElBQUksQ0FBQyxDQUFDLENBQUMsQ0FBQztBQUMzRSxJQUFJLE1BQU0sR0FBRyxHQUFHLElBQUksVUFBVSxDQUFDLENBQUMsTUFBTUEsUUFBTSxDQUFDLE1BQU0sQ0FBQyxJQUFJLENBQUMsTUFBTSxFQUFFLE1BQU0sRUFBRSxPQUFPLENBQUMsRUFBRSxLQUFLLENBQUMsQ0FBQyxFQUFFLE9BQU8sSUFBSSxDQUFDLENBQUMsQ0FBQyxDQUFDO0FBQzNHLElBQUksT0FBTyxFQUFFLFVBQVUsRUFBRSxHQUFHLEVBQUUsQ0FBQztBQUMvQixDQUFDO0FBQ0QsZUFBZSxVQUFVLENBQUMsR0FBRyxFQUFFLFNBQVMsRUFBRSxHQUFHLEVBQUUsRUFBRSxFQUFFLEdBQUcsRUFBRTtBQUN4RCxJQUFJLElBQUksTUFBTSxDQUFDO0FBQ2YsSUFBSSxJQUFJLEdBQUcsWUFBWSxVQUFVLEVBQUU7QUFDbkMsUUFBUSxNQUFNLEdBQUcsTUFBTUEsUUFBTSxDQUFDLE1BQU0sQ0FBQyxTQUFTLENBQUMsS0FBSyxFQUFFLEdBQUcsRUFBRSxTQUFTLEVBQUUsS0FBSyxFQUFFLENBQUMsU0FBUyxDQUFDLENBQUMsQ0FBQztBQUMxRixLQUFLO0FBQ0wsU0FBUztBQUNULFFBQVEsaUJBQWlCLENBQUMsR0FBRyxFQUFFLEdBQUcsRUFBRSxTQUFTLENBQUMsQ0FBQztBQUMvQyxRQUFRLE1BQU0sR0FBRyxHQUFHLENBQUM7QUFDckIsS0FBSztBQUNMLElBQUksTUFBTSxTQUFTLEdBQUcsSUFBSSxVQUFVLENBQUMsTUFBTUEsUUFBTSxDQUFDLE1BQU0sQ0FBQyxPQUFPLENBQUM7QUFDakUsUUFBUSxjQUFjLEVBQUUsR0FBRztBQUMzQixRQUFRLEVBQUU7QUFDVixRQUFRLElBQUksRUFBRSxTQUFTO0FBQ3ZCLFFBQVEsU0FBUyxFQUFFLEdBQUc7QUFDdEIsS0FBSyxFQUFFLE1BQU0sRUFBRSxTQUFTLENBQUMsQ0FBQyxDQUFDO0FBQzNCLElBQUksTUFBTSxHQUFHLEdBQUcsU0FBUyxDQUFDLEtBQUssQ0FBQyxDQUFDLEVBQUUsQ0FBQyxDQUFDO0FBQ3JDLElBQUksTUFBTSxVQUFVLEdBQUcsU0FBUyxDQUFDLEtBQUssQ0FBQyxDQUFDLEVBQUUsQ0FBQyxFQUFFLENBQUMsQ0FBQztBQUMvQyxJQUFJLE9BQU8sRUFBRSxVQUFVLEVBQUUsR0FBRyxFQUFFLENBQUM7QUFDL0IsQ0FBQztBQUNELE1BQU0sT0FBTyxHQUFHLE9BQU8sR0FBRyxFQUFFLFNBQVMsRUFBRSxHQUFHLEVBQUUsRUFBRSxFQUFFLEdBQUcsS0FBSztBQUN4RCxJQUFJLElBQUksQ0FBQyxXQUFXLENBQUMsR0FBRyxDQUFDLElBQUksRUFBRSxHQUFHLFlBQVksVUFBVSxDQUFDLEVBQUU7QUFDM0QsUUFBUSxNQUFNLElBQUksU0FBUyxDQUFDLGVBQWUsQ0FBQyxHQUFHLEVBQUUsR0FBRyxLQUFLLEVBQUUsWUFBWSxDQUFDLENBQUMsQ0FBQztBQUMxRSxLQUFLO0FBQ0wsSUFBSSxhQUFhLENBQUMsR0FBRyxFQUFFLEVBQUUsQ0FBQyxDQUFDO0FBQzNCLElBQUksUUFBUSxHQUFHO0FBQ2YsUUFBUSxLQUFLLGVBQWUsQ0FBQztBQUM3QixRQUFRLEtBQUssZUFBZSxDQUFDO0FBQzdCLFFBQVEsS0FBSyxlQUFlO0FBQzVCLFlBQVksSUFBSSxHQUFHLFlBQVksVUFBVTtBQUN6QyxnQkFBZ0IsY0FBYyxDQUFDLEdBQUcsRUFBRSxRQUFRLENBQUMsR0FBRyxDQUFDLE1BQU0sQ0FBQyxDQUFDLENBQUMsQ0FBQyxFQUFFLEVBQUUsQ0FBQyxDQUFDLENBQUM7QUFDbEUsWUFBWSxPQUFPLFVBQVUsQ0FBQyxHQUFHLEVBQUUsU0FBUyxFQUFFLEdBQUcsRUFBRSxFQUFFLEVBQUUsR0FBRyxDQUFDLENBQUM7QUFDNUQsUUFBUSxLQUFLLFNBQVMsQ0FBQztBQUN2QixRQUFRLEtBQUssU0FBUyxDQUFDO0FBQ3ZCLFFBQVEsS0FBSyxTQUFTO0FBQ3RCLFlBQVksSUFBSSxHQUFHLFlBQVksVUFBVTtBQUN6QyxnQkFBZ0IsY0FBYyxDQUFDLEdBQUcsRUFBRSxRQUFRLENBQUMsR0FBRyxDQUFDLE1BQU0sQ0FBQyxDQUFDLEVBQUUsQ0FBQyxDQUFDLEVBQUUsRUFBRSxDQUFDLENBQUMsQ0FBQztBQUNwRSxZQUFZLE9BQU8sVUFBVSxDQUFDLEdBQUcsRUFBRSxTQUFTLEVBQUUsR0FBRyxFQUFFLEVBQUUsRUFBRSxHQUFHLENBQUMsQ0FBQztBQUM1RCxRQUFRO0FBQ1IsWUFBWSxNQUFNLElBQUksZ0JBQWdCLENBQUMsOENBQThDLENBQUMsQ0FBQztBQUN2RixLQUFLO0FBQ0wsQ0FBQzs7QUM5RE0sZUFBZSxJQUFJLENBQUMsR0FBRyxFQUFFLEdBQUcsRUFBRSxHQUFHLEVBQUUsRUFBRSxFQUFFO0FBQzlDLElBQUksTUFBTSxZQUFZLEdBQUcsR0FBRyxDQUFDLE1BQU0sQ0FBQyxDQUFDLEVBQUUsQ0FBQyxDQUFDLENBQUM7QUFDMUMsSUFBSSxFQUFFLEtBQUssRUFBRSxHQUFHLFVBQVUsQ0FBQyxZQUFZLENBQUMsQ0FBQyxDQUFDO0FBQzFDLElBQUksTUFBTSxFQUFFLFVBQVUsRUFBRSxZQUFZLEVBQUUsR0FBRyxFQUFFLEdBQUcsTUFBTSxPQUFPLENBQUMsWUFBWSxFQUFFLEdBQUcsRUFBRSxHQUFHLEVBQUUsRUFBRSxFQUFFLElBQUksVUFBVSxDQUFDLENBQUMsQ0FBQyxDQUFDLENBQUM7QUFDM0csSUFBSSxPQUFPLEVBQUUsWUFBWSxFQUFFLEVBQUUsRUFBRVUsTUFBUyxDQUFDLEVBQUUsQ0FBQyxFQUFFLEdBQUcsRUFBRUEsTUFBUyxDQUFDLEdBQUcsQ0FBQyxFQUFFLENBQUM7QUFDcEUsQ0FBQztBQUNNLGVBQWUsTUFBTSxDQUFDLEdBQUcsRUFBRSxHQUFHLEVBQUUsWUFBWSxFQUFFLEVBQUUsRUFBRSxHQUFHLEVBQUU7QUFDOUQsSUFBSSxNQUFNLFlBQVksR0FBRyxHQUFHLENBQUMsTUFBTSxDQUFDLENBQUMsRUFBRSxDQUFDLENBQUMsQ0FBQztBQUMxQyxJQUFJLE9BQU9SLFNBQU8sQ0FBQyxZQUFZLEVBQUUsR0FBRyxFQUFFLFlBQVksRUFBRSxFQUFFLEVBQUUsR0FBRyxFQUFFLElBQUksVUFBVSxDQUFDLENBQUMsQ0FBQyxDQUFDLENBQUM7QUFDaEY7O0FDRkEsZUFBZSxvQkFBb0IsQ0FBQyxHQUFHLEVBQUUsR0FBRyxFQUFFLFlBQVksRUFBRSxVQUFVLEVBQUU7QUFDeEUsSUFBSSxZQUFZLENBQUMsR0FBRyxFQUFFLEdBQUcsRUFBRSxTQUFTLENBQUMsQ0FBQztBQUN0QyxJQUFJLFFBQVEsR0FBRztBQUNmLFFBQVEsS0FBSyxLQUFLLEVBQUU7QUFDcEIsWUFBWSxJQUFJLFlBQVksS0FBSyxTQUFTO0FBQzFDLGdCQUFnQixNQUFNLElBQUksVUFBVSxDQUFDLDBDQUEwQyxDQUFDLENBQUM7QUFDakYsWUFBWSxPQUFPLEdBQUcsQ0FBQztBQUN2QixTQUFTO0FBQ1QsUUFBUSxLQUFLLFNBQVM7QUFDdEIsWUFBWSxJQUFJLFlBQVksS0FBSyxTQUFTO0FBQzFDLGdCQUFnQixNQUFNLElBQUksVUFBVSxDQUFDLDBDQUEwQyxDQUFDLENBQUM7QUFDakYsUUFBUSxLQUFLLGdCQUFnQixDQUFDO0FBQzlCLFFBQVEsS0FBSyxnQkFBZ0IsQ0FBQztBQUM5QixRQUFRLEtBQUssZ0JBQWdCLEVBQUU7QUFDL0IsWUFBWSxJQUFJLENBQUMsUUFBUSxDQUFDLFVBQVUsQ0FBQyxHQUFHLENBQUM7QUFDekMsZ0JBQWdCLE1BQU0sSUFBSSxVQUFVLENBQUMsQ0FBQywyREFBMkQsQ0FBQyxDQUFDLENBQUM7QUFDcEcsWUFBWSxJQUFJLENBQUNXLFdBQWdCLENBQUMsR0FBRyxDQUFDO0FBQ3RDLGdCQUFnQixNQUFNLElBQUksZ0JBQWdCLENBQUMsMEZBQTBGLENBQUMsQ0FBQztBQUN2SSxZQUFZLE1BQU0sR0FBRyxHQUFHLE1BQU0sU0FBUyxDQUFDLFVBQVUsQ0FBQyxHQUFHLEVBQUUsR0FBRyxDQUFDLENBQUM7QUFDN0QsWUFBWSxJQUFJLFVBQVUsQ0FBQztBQUMzQixZQUFZLElBQUksVUFBVSxDQUFDO0FBQzNCLFlBQVksSUFBSSxVQUFVLENBQUMsR0FBRyxLQUFLLFNBQVMsRUFBRTtBQUM5QyxnQkFBZ0IsSUFBSSxPQUFPLFVBQVUsQ0FBQyxHQUFHLEtBQUssUUFBUTtBQUN0RCxvQkFBb0IsTUFBTSxJQUFJLFVBQVUsQ0FBQyxDQUFDLGdEQUFnRCxDQUFDLENBQUMsQ0FBQztBQUM3RixnQkFBZ0IsVUFBVSxHQUFHSCxNQUFTLENBQUMsVUFBVSxDQUFDLEdBQUcsQ0FBQyxDQUFDO0FBQ3ZELGFBQWE7QUFDYixZQUFZLElBQUksVUFBVSxDQUFDLEdBQUcsS0FBSyxTQUFTLEVBQUU7QUFDOUMsZ0JBQWdCLElBQUksT0FBTyxVQUFVLENBQUMsR0FBRyxLQUFLLFFBQVE7QUFDdEQsb0JBQW9CLE1BQU0sSUFBSSxVQUFVLENBQUMsQ0FBQyxnREFBZ0QsQ0FBQyxDQUFDLENBQUM7QUFDN0YsZ0JBQWdCLFVBQVUsR0FBR0EsTUFBUyxDQUFDLFVBQVUsQ0FBQyxHQUFHLENBQUMsQ0FBQztBQUN2RCxhQUFhO0FBQ2IsWUFBWSxNQUFNLFlBQVksR0FBRyxNQUFNSSxXQUFjLENBQUMsR0FBRyxFQUFFLEdBQUcsRUFBRSxHQUFHLEtBQUssU0FBUyxHQUFHLFVBQVUsQ0FBQyxHQUFHLEdBQUcsR0FBRyxFQUFFLEdBQUcsS0FBSyxTQUFTLEdBQUdDLFNBQVMsQ0FBQyxVQUFVLENBQUMsR0FBRyxDQUFDLEdBQUcsUUFBUSxDQUFDLEdBQUcsQ0FBQyxNQUFNLENBQUMsQ0FBQyxDQUFDLEVBQUUsQ0FBQyxDQUFDLEVBQUUsRUFBRSxDQUFDLEVBQUUsVUFBVSxFQUFFLFVBQVUsQ0FBQyxDQUFDO0FBQ25OLFlBQVksSUFBSSxHQUFHLEtBQUssU0FBUztBQUNqQyxnQkFBZ0IsT0FBTyxZQUFZLENBQUM7QUFDcEMsWUFBWSxJQUFJLFlBQVksS0FBSyxTQUFTO0FBQzFDLGdCQUFnQixNQUFNLElBQUksVUFBVSxDQUFDLDJCQUEyQixDQUFDLENBQUM7QUFDbEUsWUFBWSxPQUFPQyxRQUFLLENBQUMsR0FBRyxDQUFDLE1BQU0sQ0FBQyxDQUFDLENBQUMsQ0FBQyxFQUFFLFlBQVksRUFBRSxZQUFZLENBQUMsQ0FBQztBQUNyRSxTQUFTO0FBQ1QsUUFBUSxLQUFLLFFBQVEsQ0FBQztBQUN0QixRQUFRLEtBQUssVUFBVSxDQUFDO0FBQ3hCLFFBQVEsS0FBSyxjQUFjLENBQUM7QUFDNUIsUUFBUSxLQUFLLGNBQWMsQ0FBQztBQUM1QixRQUFRLEtBQUssY0FBYyxFQUFFO0FBQzdCLFlBQVksSUFBSSxZQUFZLEtBQUssU0FBUztBQUMxQyxnQkFBZ0IsTUFBTSxJQUFJLFVBQVUsQ0FBQywyQkFBMkIsQ0FBQyxDQUFDO0FBQ2xFLFlBQVksT0FBT0MsT0FBSyxDQUFDLEdBQUcsRUFBRSxHQUFHLEVBQUUsWUFBWSxDQUFDLENBQUM7QUFDakQsU0FBUztBQUNULFFBQVEsS0FBSyxvQkFBb0IsQ0FBQztBQUNsQyxRQUFRLEtBQUssb0JBQW9CLENBQUM7QUFDbEMsUUFBUSxLQUFLLG9CQUFvQixFQUFFO0FBQ25DLFlBQVksSUFBSSxZQUFZLEtBQUssU0FBUztBQUMxQyxnQkFBZ0IsTUFBTSxJQUFJLFVBQVUsQ0FBQywyQkFBMkIsQ0FBQyxDQUFDO0FBQ2xFLFlBQVksSUFBSSxPQUFPLFVBQVUsQ0FBQyxHQUFHLEtBQUssUUFBUTtBQUNsRCxnQkFBZ0IsTUFBTSxJQUFJLFVBQVUsQ0FBQyxDQUFDLGtEQUFrRCxDQUFDLENBQUMsQ0FBQztBQUMzRixZQUFZLElBQUksT0FBTyxVQUFVLENBQUMsR0FBRyxLQUFLLFFBQVE7QUFDbEQsZ0JBQWdCLE1BQU0sSUFBSSxVQUFVLENBQUMsQ0FBQyxpREFBaUQsQ0FBQyxDQUFDLENBQUM7QUFDMUYsWUFBWSxPQUFPQyxTQUFPLENBQUMsR0FBRyxFQUFFLEdBQUcsRUFBRSxZQUFZLEVBQUUsVUFBVSxDQUFDLEdBQUcsRUFBRVIsTUFBUyxDQUFDLFVBQVUsQ0FBQyxHQUFHLENBQUMsQ0FBQyxDQUFDO0FBQzlGLFNBQVM7QUFDVCxRQUFRLEtBQUssUUFBUSxDQUFDO0FBQ3RCLFFBQVEsS0FBSyxRQUFRLENBQUM7QUFDdEIsUUFBUSxLQUFLLFFBQVEsRUFBRTtBQUN2QixZQUFZLElBQUksWUFBWSxLQUFLLFNBQVM7QUFDMUMsZ0JBQWdCLE1BQU0sSUFBSSxVQUFVLENBQUMsMkJBQTJCLENBQUMsQ0FBQztBQUNsRSxZQUFZLE9BQU9NLFFBQUssQ0FBQyxHQUFHLEVBQUUsR0FBRyxFQUFFLFlBQVksQ0FBQyxDQUFDO0FBQ2pELFNBQVM7QUFDVCxRQUFRLEtBQUssV0FBVyxDQUFDO0FBQ3pCLFFBQVEsS0FBSyxXQUFXLENBQUM7QUFDekIsUUFBUSxLQUFLLFdBQVcsRUFBRTtBQUMxQixZQUFZLElBQUksWUFBWSxLQUFLLFNBQVM7QUFDMUMsZ0JBQWdCLE1BQU0sSUFBSSxVQUFVLENBQUMsMkJBQTJCLENBQUMsQ0FBQztBQUNsRSxZQUFZLElBQUksT0FBTyxVQUFVLENBQUMsRUFBRSxLQUFLLFFBQVE7QUFDakQsZ0JBQWdCLE1BQU0sSUFBSSxVQUFVLENBQUMsQ0FBQywyREFBMkQsQ0FBQyxDQUFDLENBQUM7QUFDcEcsWUFBWSxJQUFJLE9BQU8sVUFBVSxDQUFDLEdBQUcsS0FBSyxRQUFRO0FBQ2xELGdCQUFnQixNQUFNLElBQUksVUFBVSxDQUFDLENBQUMseURBQXlELENBQUMsQ0FBQyxDQUFDO0FBQ2xHLFlBQVksTUFBTSxFQUFFLEdBQUdOLE1BQVMsQ0FBQyxVQUFVLENBQUMsRUFBRSxDQUFDLENBQUM7QUFDaEQsWUFBWSxNQUFNLEdBQUcsR0FBR0EsTUFBUyxDQUFDLFVBQVUsQ0FBQyxHQUFHLENBQUMsQ0FBQztBQUNsRCxZQUFZLE9BQU9TLE1BQVEsQ0FBQyxHQUFHLEVBQUUsR0FBRyxFQUFFLFlBQVksRUFBRSxFQUFFLEVBQUUsR0FBRyxDQUFDLENBQUM7QUFDN0QsU0FBUztBQUNULFFBQVEsU0FBUztBQUNqQixZQUFZLE1BQU0sSUFBSSxnQkFBZ0IsQ0FBQywyREFBMkQsQ0FBQyxDQUFDO0FBQ3BHLFNBQVM7QUFDVCxLQUFLO0FBQ0w7O0FDNUZBLFNBQVMsWUFBWSxDQUFDLEdBQUcsRUFBRSxpQkFBaUIsRUFBRSxnQkFBZ0IsRUFBRSxlQUFlLEVBQUUsVUFBVSxFQUFFO0FBQzdGLElBQUksSUFBSSxVQUFVLENBQUMsSUFBSSxLQUFLLFNBQVMsSUFBSSxlQUFlLENBQUMsSUFBSSxLQUFLLFNBQVMsRUFBRTtBQUM3RSxRQUFRLE1BQU0sSUFBSSxHQUFHLENBQUMsZ0VBQWdFLENBQUMsQ0FBQztBQUN4RixLQUFLO0FBQ0wsSUFBSSxJQUFJLENBQUMsZUFBZSxJQUFJLGVBQWUsQ0FBQyxJQUFJLEtBQUssU0FBUyxFQUFFO0FBQ2hFLFFBQVEsT0FBTyxJQUFJLEdBQUcsRUFBRSxDQUFDO0FBQ3pCLEtBQUs7QUFDTCxJQUFJLElBQUksQ0FBQyxLQUFLLENBQUMsT0FBTyxDQUFDLGVBQWUsQ0FBQyxJQUFJLENBQUM7QUFDNUMsUUFBUSxlQUFlLENBQUMsSUFBSSxDQUFDLE1BQU0sS0FBSyxDQUFDO0FBQ3pDLFFBQVEsZUFBZSxDQUFDLElBQUksQ0FBQyxJQUFJLENBQUMsQ0FBQyxLQUFLLEtBQUssT0FBTyxLQUFLLEtBQUssUUFBUSxJQUFJLEtBQUssQ0FBQyxNQUFNLEtBQUssQ0FBQyxDQUFDLEVBQUU7QUFDL0YsUUFBUSxNQUFNLElBQUksR0FBRyxDQUFDLHVGQUF1RixDQUFDLENBQUM7QUFDL0csS0FBSztBQUNMLElBQUksSUFBSSxVQUFVLENBQUM7QUFDbkIsSUFBSSxJQUFJLGdCQUFnQixLQUFLLFNBQVMsRUFBRTtBQUN4QyxRQUFRLFVBQVUsR0FBRyxJQUFJLEdBQUcsQ0FBQyxDQUFDLEdBQUcsTUFBTSxDQUFDLE9BQU8sQ0FBQyxnQkFBZ0IsQ0FBQyxFQUFFLEdBQUcsaUJBQWlCLENBQUMsT0FBTyxFQUFFLENBQUMsQ0FBQyxDQUFDO0FBQ3BHLEtBQUs7QUFDTCxTQUFTO0FBQ1QsUUFBUSxVQUFVLEdBQUcsaUJBQWlCLENBQUM7QUFDdkMsS0FBSztBQUNMLElBQUksS0FBSyxNQUFNLFNBQVMsSUFBSSxlQUFlLENBQUMsSUFBSSxFQUFFO0FBQ2xELFFBQVEsSUFBSSxDQUFDLFVBQVUsQ0FBQyxHQUFHLENBQUMsU0FBUyxDQUFDLEVBQUU7QUFDeEMsWUFBWSxNQUFNLElBQUksZ0JBQWdCLENBQUMsQ0FBQyw0QkFBNEIsRUFBRSxTQUFTLENBQUMsbUJBQW1CLENBQUMsQ0FBQyxDQUFDO0FBQ3RHLFNBQVM7QUFDVCxRQUFRLElBQUksVUFBVSxDQUFDLFNBQVMsQ0FBQyxLQUFLLFNBQVMsRUFBRTtBQUNqRCxZQUFZLE1BQU0sSUFBSSxHQUFHLENBQUMsQ0FBQyw0QkFBNEIsRUFBRSxTQUFTLENBQUMsWUFBWSxDQUFDLENBQUMsQ0FBQztBQUNsRixTQUFTO0FBQ1QsYUFBYSxJQUFJLFVBQVUsQ0FBQyxHQUFHLENBQUMsU0FBUyxDQUFDLElBQUksZUFBZSxDQUFDLFNBQVMsQ0FBQyxLQUFLLFNBQVMsRUFBRTtBQUN4RixZQUFZLE1BQU0sSUFBSSxHQUFHLENBQUMsQ0FBQyw0QkFBNEIsRUFBRSxTQUFTLENBQUMsNkJBQTZCLENBQUMsQ0FBQyxDQUFDO0FBQ25HLFNBQVM7QUFDVCxLQUFLO0FBQ0wsSUFBSSxPQUFPLElBQUksR0FBRyxDQUFDLGVBQWUsQ0FBQyxJQUFJLENBQUMsQ0FBQztBQUN6Qzs7QUNoQ0EsTUFBTSxrQkFBa0IsR0FBRyxDQUFDLE1BQU0sRUFBRSxVQUFVLEtBQUs7QUFDbkQsSUFBSSxJQUFJLFVBQVUsS0FBSyxTQUFTO0FBQ2hDLFNBQVMsQ0FBQyxLQUFLLENBQUMsT0FBTyxDQUFDLFVBQVUsQ0FBQyxJQUFJLFVBQVUsQ0FBQyxJQUFJLENBQUMsQ0FBQyxDQUFDLEtBQUssT0FBTyxDQUFDLEtBQUssUUFBUSxDQUFDLENBQUMsRUFBRTtBQUN2RixRQUFRLE1BQU0sSUFBSSxTQUFTLENBQUMsQ0FBQyxDQUFDLEVBQUUsTUFBTSxDQUFDLG9DQUFvQyxDQUFDLENBQUMsQ0FBQztBQUM5RSxLQUFLO0FBQ0wsSUFBSSxJQUFJLENBQUMsVUFBVSxFQUFFO0FBQ3JCLFFBQVEsT0FBTyxTQUFTLENBQUM7QUFDekIsS0FBSztBQUNMLElBQUksT0FBTyxJQUFJLEdBQUcsQ0FBQyxVQUFVLENBQUMsQ0FBQztBQUMvQixDQUFDOztBQ0VNLGVBQWUsZ0JBQWdCLENBQUMsR0FBRyxFQUFFLEdBQUcsRUFBRSxPQUFPLEVBQUU7QUFDMUQsSUFBSSxJQUFJLEVBQUUsQ0FBQztBQUNYLElBQUksSUFBSSxDQUFDLFFBQVEsQ0FBQyxHQUFHLENBQUMsRUFBRTtBQUN4QixRQUFRLE1BQU0sSUFBSSxVQUFVLENBQUMsaUNBQWlDLENBQUMsQ0FBQztBQUNoRSxLQUFLO0FBQ0wsSUFBSSxJQUFJLEdBQUcsQ0FBQyxTQUFTLEtBQUssU0FBUyxJQUFJLEdBQUcsQ0FBQyxNQUFNLEtBQUssU0FBUyxJQUFJLEdBQUcsQ0FBQyxXQUFXLEtBQUssU0FBUyxFQUFFO0FBQ2xHLFFBQVEsTUFBTSxJQUFJLFVBQVUsQ0FBQyxxQkFBcUIsQ0FBQyxDQUFDO0FBQ3BELEtBQUs7QUFDTCxJQUFJLElBQUksT0FBTyxHQUFHLENBQUMsRUFBRSxLQUFLLFFBQVEsRUFBRTtBQUNwQyxRQUFRLE1BQU0sSUFBSSxVQUFVLENBQUMscURBQXFELENBQUMsQ0FBQztBQUNwRixLQUFLO0FBQ0wsSUFBSSxJQUFJLE9BQU8sR0FBRyxDQUFDLFVBQVUsS0FBSyxRQUFRLEVBQUU7QUFDNUMsUUFBUSxNQUFNLElBQUksVUFBVSxDQUFDLDBDQUEwQyxDQUFDLENBQUM7QUFDekUsS0FBSztBQUNMLElBQUksSUFBSSxPQUFPLEdBQUcsQ0FBQyxHQUFHLEtBQUssUUFBUSxFQUFFO0FBQ3JDLFFBQVEsTUFBTSxJQUFJLFVBQVUsQ0FBQyxrREFBa0QsQ0FBQyxDQUFDO0FBQ2pGLEtBQUs7QUFDTCxJQUFJLElBQUksR0FBRyxDQUFDLFNBQVMsS0FBSyxTQUFTLElBQUksT0FBTyxHQUFHLENBQUMsU0FBUyxLQUFLLFFBQVEsRUFBRTtBQUMxRSxRQUFRLE1BQU0sSUFBSSxVQUFVLENBQUMscUNBQXFDLENBQUMsQ0FBQztBQUNwRSxLQUFLO0FBQ0wsSUFBSSxJQUFJLEdBQUcsQ0FBQyxhQUFhLEtBQUssU0FBUyxJQUFJLE9BQU8sR0FBRyxDQUFDLGFBQWEsS0FBSyxRQUFRLEVBQUU7QUFDbEYsUUFBUSxNQUFNLElBQUksVUFBVSxDQUFDLGtDQUFrQyxDQUFDLENBQUM7QUFDakUsS0FBSztBQUNMLElBQUksSUFBSSxHQUFHLENBQUMsR0FBRyxLQUFLLFNBQVMsSUFBSSxPQUFPLEdBQUcsQ0FBQyxHQUFHLEtBQUssUUFBUSxFQUFFO0FBQzlELFFBQVEsTUFBTSxJQUFJLFVBQVUsQ0FBQyx3QkFBd0IsQ0FBQyxDQUFDO0FBQ3ZELEtBQUs7QUFDTCxJQUFJLElBQUksR0FBRyxDQUFDLE1BQU0sS0FBSyxTQUFTLElBQUksQ0FBQyxRQUFRLENBQUMsR0FBRyxDQUFDLE1BQU0sQ0FBQyxFQUFFO0FBQzNELFFBQVEsTUFBTSxJQUFJLFVBQVUsQ0FBQyw4Q0FBOEMsQ0FBQyxDQUFDO0FBQzdFLEtBQUs7QUFDTCxJQUFJLElBQUksR0FBRyxDQUFDLFdBQVcsS0FBSyxTQUFTLElBQUksQ0FBQyxRQUFRLENBQUMsR0FBRyxDQUFDLFdBQVcsQ0FBQyxFQUFFO0FBQ3JFLFFBQVEsTUFBTSxJQUFJLFVBQVUsQ0FBQyxxREFBcUQsQ0FBQyxDQUFDO0FBQ3BGLEtBQUs7QUFDTCxJQUFJLElBQUksVUFBVSxDQUFDO0FBQ25CLElBQUksSUFBSSxHQUFHLENBQUMsU0FBUyxFQUFFO0FBQ3ZCLFFBQVEsTUFBTSxlQUFlLEdBQUdULE1BQVMsQ0FBQyxHQUFHLENBQUMsU0FBUyxDQUFDLENBQUM7QUFDekQsUUFBUSxJQUFJO0FBQ1osWUFBWSxVQUFVLEdBQUcsSUFBSSxDQUFDLEtBQUssQ0FBQyxPQUFPLENBQUMsTUFBTSxDQUFDLGVBQWUsQ0FBQyxDQUFDLENBQUM7QUFDckUsU0FBUztBQUNULFFBQVEsT0FBTyxFQUFFLEVBQUU7QUFDbkIsWUFBWSxNQUFNLElBQUksVUFBVSxDQUFDLGlDQUFpQyxDQUFDLENBQUM7QUFDcEUsU0FBUztBQUNULEtBQUs7QUFDTCxJQUFJLElBQUksQ0FBQyxVQUFVLENBQUMsVUFBVSxFQUFFLEdBQUcsQ0FBQyxNQUFNLEVBQUUsR0FBRyxDQUFDLFdBQVcsQ0FBQyxFQUFFO0FBQzlELFFBQVEsTUFBTSxJQUFJLFVBQVUsQ0FBQyxrSEFBa0gsQ0FBQyxDQUFDO0FBQ2pKLEtBQUs7QUFDTCxJQUFJLE1BQU0sVUFBVSxHQUFHO0FBQ3ZCLFFBQVEsR0FBRyxVQUFVO0FBQ3JCLFFBQVEsR0FBRyxHQUFHLENBQUMsTUFBTTtBQUNyQixRQUFRLEdBQUcsR0FBRyxDQUFDLFdBQVc7QUFDMUIsS0FBSyxDQUFDO0FBQ04sSUFBSSxZQUFZLENBQUMsVUFBVSxFQUFFLElBQUksR0FBRyxFQUFFLEVBQUUsT0FBTyxLQUFLLElBQUksSUFBSSxPQUFPLEtBQUssS0FBSyxDQUFDLEdBQUcsS0FBSyxDQUFDLEdBQUcsT0FBTyxDQUFDLElBQUksRUFBRSxVQUFVLEVBQUUsVUFBVSxDQUFDLENBQUM7QUFDaEksSUFBSSxJQUFJLFVBQVUsQ0FBQyxHQUFHLEtBQUssU0FBUyxFQUFFO0FBQ3RDLFFBQVEsSUFBSSxDQUFDLFVBQVUsSUFBSSxDQUFDLFVBQVUsQ0FBQyxHQUFHLEVBQUU7QUFDNUMsWUFBWSxNQUFNLElBQUksVUFBVSxDQUFDLHNFQUFzRSxDQUFDLENBQUM7QUFDekcsU0FBUztBQUNULFFBQVEsSUFBSSxVQUFVLENBQUMsR0FBRyxLQUFLLEtBQUssRUFBRTtBQUN0QyxZQUFZLE1BQU0sSUFBSSxnQkFBZ0IsQ0FBQyxzRUFBc0UsQ0FBQyxDQUFDO0FBQy9HLFNBQVM7QUFDVCxLQUFLO0FBQ0wsSUFBSSxNQUFNLEVBQUUsR0FBRyxFQUFFLEdBQUcsRUFBRSxHQUFHLFVBQVUsQ0FBQztBQUNwQyxJQUFJLElBQUksT0FBTyxHQUFHLEtBQUssUUFBUSxJQUFJLENBQUMsR0FBRyxFQUFFO0FBQ3pDLFFBQVEsTUFBTSxJQUFJLFVBQVUsQ0FBQywyQ0FBMkMsQ0FBQyxDQUFDO0FBQzFFLEtBQUs7QUFDTCxJQUFJLElBQUksT0FBTyxHQUFHLEtBQUssUUFBUSxJQUFJLENBQUMsR0FBRyxFQUFFO0FBQ3pDLFFBQVEsTUFBTSxJQUFJLFVBQVUsQ0FBQyxzREFBc0QsQ0FBQyxDQUFDO0FBQ3JGLEtBQUs7QUFDTCxJQUFJLE1BQU0sdUJBQXVCLEdBQUcsT0FBTyxJQUFJLGtCQUFrQixDQUFDLHlCQUF5QixFQUFFLE9BQU8sQ0FBQyx1QkFBdUIsQ0FBQyxDQUFDO0FBQzlILElBQUksTUFBTSwyQkFBMkIsR0FBRyxPQUFPO0FBQy9DLFFBQVEsa0JBQWtCLENBQUMsNkJBQTZCLEVBQUUsT0FBTyxDQUFDLDJCQUEyQixDQUFDLENBQUM7QUFDL0YsSUFBSSxJQUFJLHVCQUF1QixJQUFJLENBQUMsdUJBQXVCLENBQUMsR0FBRyxDQUFDLEdBQUcsQ0FBQyxFQUFFO0FBQ3RFLFFBQVEsTUFBTSxJQUFJLGlCQUFpQixDQUFDLGdEQUFnRCxDQUFDLENBQUM7QUFDdEYsS0FBSztBQUNMLElBQUksSUFBSSwyQkFBMkIsSUFBSSxDQUFDLDJCQUEyQixDQUFDLEdBQUcsQ0FBQyxHQUFHLENBQUMsRUFBRTtBQUM5RSxRQUFRLE1BQU0sSUFBSSxpQkFBaUIsQ0FBQywyREFBMkQsQ0FBQyxDQUFDO0FBQ2pHLEtBQUs7QUFDTCxJQUFJLElBQUksWUFBWSxDQUFDO0FBQ3JCLElBQUksSUFBSSxHQUFHLENBQUMsYUFBYSxLQUFLLFNBQVMsRUFBRTtBQUN6QyxRQUFRLFlBQVksR0FBR0EsTUFBUyxDQUFDLEdBQUcsQ0FBQyxhQUFhLENBQUMsQ0FBQztBQUNwRCxLQUFLO0FBQ0wsSUFBSSxJQUFJLFdBQVcsR0FBRyxLQUFLLENBQUM7QUFDNUIsSUFBSSxJQUFJLE9BQU8sR0FBRyxLQUFLLFVBQVUsRUFBRTtBQUNuQyxRQUFRLEdBQUcsR0FBRyxNQUFNLEdBQUcsQ0FBQyxVQUFVLEVBQUUsR0FBRyxDQUFDLENBQUM7QUFDekMsUUFBUSxXQUFXLEdBQUcsSUFBSSxDQUFDO0FBQzNCLEtBQUs7QUFDTCxJQUFJLElBQUksR0FBRyxDQUFDO0FBQ1osSUFBSSxJQUFJO0FBQ1IsUUFBUSxHQUFHLEdBQUcsTUFBTSxvQkFBb0IsQ0FBQyxHQUFHLEVBQUUsR0FBRyxFQUFFLFlBQVksRUFBRSxVQUFVLENBQUMsQ0FBQztBQUM3RSxLQUFLO0FBQ0wsSUFBSSxPQUFPLEdBQUcsRUFBRTtBQUNoQixRQUFRLElBQUksR0FBRyxZQUFZLFNBQVMsRUFBRTtBQUN0QyxZQUFZLE1BQU0sR0FBRyxDQUFDO0FBQ3RCLFNBQVM7QUFDVCxRQUFRLEdBQUcsR0FBRyxXQUFXLENBQUMsR0FBRyxDQUFDLENBQUM7QUFDL0IsS0FBSztBQUNMLElBQUksTUFBTSxFQUFFLEdBQUdBLE1BQVMsQ0FBQyxHQUFHLENBQUMsRUFBRSxDQUFDLENBQUM7QUFDakMsSUFBSSxNQUFNLEdBQUcsR0FBR0EsTUFBUyxDQUFDLEdBQUcsQ0FBQyxHQUFHLENBQUMsQ0FBQztBQUNuQyxJQUFJLE1BQU0sZUFBZSxHQUFHLE9BQU8sQ0FBQyxNQUFNLENBQUMsQ0FBQyxFQUFFLEdBQUcsR0FBRyxDQUFDLFNBQVMsTUFBTSxJQUFJLElBQUksRUFBRSxLQUFLLEtBQUssQ0FBQyxHQUFHLEVBQUUsR0FBRyxFQUFFLENBQUMsQ0FBQztBQUNyRyxJQUFJLElBQUksY0FBYyxDQUFDO0FBQ3ZCLElBQUksSUFBSSxHQUFHLENBQUMsR0FBRyxLQUFLLFNBQVMsRUFBRTtBQUMvQixRQUFRLGNBQWMsR0FBRyxNQUFNLENBQUMsZUFBZSxFQUFFLE9BQU8sQ0FBQyxNQUFNLENBQUMsR0FBRyxDQUFDLEVBQUUsT0FBTyxDQUFDLE1BQU0sQ0FBQyxHQUFHLENBQUMsR0FBRyxDQUFDLENBQUMsQ0FBQztBQUMvRixLQUFLO0FBQ0wsU0FBUztBQUNULFFBQVEsY0FBYyxHQUFHLGVBQWUsQ0FBQztBQUN6QyxLQUFLO0FBQ0wsSUFBSSxJQUFJLFNBQVMsR0FBRyxNQUFNUixTQUFPLENBQUMsR0FBRyxFQUFFLEdBQUcsRUFBRVEsTUFBUyxDQUFDLEdBQUcsQ0FBQyxVQUFVLENBQUMsRUFBRSxFQUFFLEVBQUUsR0FBRyxFQUFFLGNBQWMsQ0FBQyxDQUFDO0FBQ2hHLElBQUksSUFBSSxVQUFVLENBQUMsR0FBRyxLQUFLLEtBQUssRUFBRTtBQUNsQyxRQUFRLFNBQVMsR0FBRyxNQUFNLENBQUMsQ0FBQyxPQUFPLEtBQUssSUFBSSxJQUFJLE9BQU8sS0FBSyxLQUFLLENBQUMsR0FBRyxLQUFLLENBQUMsR0FBRyxPQUFPLENBQUMsVUFBVSxLQUFLLE9BQU8sRUFBRSxTQUFTLENBQUMsQ0FBQztBQUN6SCxLQUFLO0FBQ0wsSUFBSSxNQUFNLE1BQU0sR0FBRyxFQUFFLFNBQVMsRUFBRSxDQUFDO0FBQ2pDLElBQUksSUFBSSxHQUFHLENBQUMsU0FBUyxLQUFLLFNBQVMsRUFBRTtBQUNyQyxRQUFRLE1BQU0sQ0FBQyxlQUFlLEdBQUcsVUFBVSxDQUFDO0FBQzVDLEtBQUs7QUFDTCxJQUFJLElBQUksR0FBRyxDQUFDLEdBQUcsS0FBSyxTQUFTLEVBQUU7QUFDL0IsUUFBUSxNQUFNLENBQUMsMkJBQTJCLEdBQUdBLE1BQVMsQ0FBQyxHQUFHLENBQUMsR0FBRyxDQUFDLENBQUM7QUFDaEUsS0FBSztBQUNMLElBQUksSUFBSSxHQUFHLENBQUMsV0FBVyxLQUFLLFNBQVMsRUFBRTtBQUN2QyxRQUFRLE1BQU0sQ0FBQyx1QkFBdUIsR0FBRyxHQUFHLENBQUMsV0FBVyxDQUFDO0FBQ3pELEtBQUs7QUFDTCxJQUFJLElBQUksR0FBRyxDQUFDLE1BQU0sS0FBSyxTQUFTLEVBQUU7QUFDbEMsUUFBUSxNQUFNLENBQUMsaUJBQWlCLEdBQUcsR0FBRyxDQUFDLE1BQU0sQ0FBQztBQUM5QyxLQUFLO0FBQ0wsSUFBSSxJQUFJLFdBQVcsRUFBRTtBQUNyQixRQUFRLE9BQU8sRUFBRSxHQUFHLE1BQU0sRUFBRSxHQUFHLEVBQUUsQ0FBQztBQUNsQyxLQUFLO0FBQ0wsSUFBSSxPQUFPLE1BQU0sQ0FBQztBQUNsQjs7QUNySU8sZUFBZSxjQUFjLENBQUMsR0FBRyxFQUFFLEdBQUcsRUFBRSxPQUFPLEVBQUU7QUFDeEQsSUFBSSxJQUFJLEdBQUcsWUFBWSxVQUFVLEVBQUU7QUFDbkMsUUFBUSxHQUFHLEdBQUcsT0FBTyxDQUFDLE1BQU0sQ0FBQyxHQUFHLENBQUMsQ0FBQztBQUNsQyxLQUFLO0FBQ0wsSUFBSSxJQUFJLE9BQU8sR0FBRyxLQUFLLFFBQVEsRUFBRTtBQUNqQyxRQUFRLE1BQU0sSUFBSSxVQUFVLENBQUMsNENBQTRDLENBQUMsQ0FBQztBQUMzRSxLQUFLO0FBQ0wsSUFBSSxNQUFNLEVBQUUsQ0FBQyxFQUFFLGVBQWUsRUFBRSxDQUFDLEVBQUUsWUFBWSxFQUFFLENBQUMsRUFBRSxFQUFFLEVBQUUsQ0FBQyxFQUFFLFVBQVUsRUFBRSxDQUFDLEVBQUUsR0FBRyxFQUFFLE1BQU0sR0FBRyxHQUFHLEdBQUcsQ0FBQyxLQUFLLENBQUMsR0FBRyxDQUFDLENBQUM7QUFDMUcsSUFBSSxJQUFJLE1BQU0sS0FBSyxDQUFDLEVBQUU7QUFDdEIsUUFBUSxNQUFNLElBQUksVUFBVSxDQUFDLHFCQUFxQixDQUFDLENBQUM7QUFDcEQsS0FBSztBQUNMLElBQUksTUFBTSxTQUFTLEdBQUcsTUFBTSxnQkFBZ0IsQ0FBQztBQUM3QyxRQUFRLFVBQVUsR0FBRyxVQUFVLElBQUksU0FBUyxDQUFDO0FBQzdDLFFBQVEsRUFBRSxHQUFHLEVBQUUsSUFBSSxTQUFTLENBQUM7QUFDN0IsUUFBUSxTQUFTLEVBQUUsZUFBZSxJQUFJLFNBQVM7QUFDL0MsUUFBUSxHQUFHLEdBQUcsR0FBRyxJQUFJLFNBQVMsQ0FBQztBQUMvQixRQUFRLGFBQWEsRUFBRSxZQUFZLElBQUksU0FBUztBQUNoRCxLQUFLLEVBQUUsR0FBRyxFQUFFLE9BQU8sQ0FBQyxDQUFDO0FBQ3JCLElBQUksTUFBTSxNQUFNLEdBQUcsRUFBRSxTQUFTLEVBQUUsU0FBUyxDQUFDLFNBQVMsRUFBRSxlQUFlLEVBQUUsU0FBUyxDQUFDLGVBQWUsRUFBRSxDQUFDO0FBQ2xHLElBQUksSUFBSSxPQUFPLEdBQUcsS0FBSyxVQUFVLEVBQUU7QUFDbkMsUUFBUSxPQUFPLEVBQUUsR0FBRyxNQUFNLEVBQUUsR0FBRyxFQUFFLFNBQVMsQ0FBQyxHQUFHLEVBQUUsQ0FBQztBQUNqRCxLQUFLO0FBQ0wsSUFBSSxPQUFPLE1BQU0sQ0FBQztBQUNsQjs7QUN0QkEsTUFBTSxRQUFRLEdBQUcsT0FBTyxHQUFHLEtBQUs7QUFDaEMsSUFBSSxJQUFJLEdBQUcsWUFBWSxVQUFVLEVBQUU7QUFDbkMsUUFBUSxPQUFPO0FBQ2YsWUFBWSxHQUFHLEVBQUUsS0FBSztBQUN0QixZQUFZLENBQUMsRUFBRUEsTUFBUyxDQUFDLEdBQUcsQ0FBQztBQUM3QixTQUFTLENBQUM7QUFDVixLQUFLO0FBQ0wsSUFBSSxJQUFJLENBQUMsV0FBVyxDQUFDLEdBQUcsQ0FBQyxFQUFFO0FBQzNCLFFBQVEsTUFBTSxJQUFJLFNBQVMsQ0FBQyxlQUFlLENBQUMsR0FBRyxFQUFFLEdBQUcsS0FBSyxFQUFFLFlBQVksQ0FBQyxDQUFDLENBQUM7QUFDMUUsS0FBSztBQUNMLElBQUksSUFBSSxDQUFDLEdBQUcsQ0FBQyxXQUFXLEVBQUU7QUFDMUIsUUFBUSxNQUFNLElBQUksU0FBUyxDQUFDLHVEQUF1RCxDQUFDLENBQUM7QUFDckYsS0FBSztBQUNMLElBQUksTUFBTSxFQUFFLEdBQUcsRUFBRSxPQUFPLEVBQUUsR0FBRyxFQUFFLEdBQUcsRUFBRSxHQUFHLEdBQUcsRUFBRSxHQUFHLE1BQU1WLFFBQU0sQ0FBQyxNQUFNLENBQUMsU0FBUyxDQUFDLEtBQUssRUFBRSxHQUFHLENBQUMsQ0FBQztBQUN6RixJQUFJLE9BQU8sR0FBRyxDQUFDO0FBQ2YsQ0FBQyxDQUFDO0FBQ0YsaUJBQWUsUUFBUTs7QUNYaEIsZUFBZSxTQUFTLENBQUMsR0FBRyxFQUFFO0FBQ3JDLElBQUksT0FBT29CLFVBQVEsQ0FBQyxHQUFHLENBQUMsQ0FBQztBQUN6Qjs7QUNEQSxlQUFlLG9CQUFvQixDQUFDLEdBQUcsRUFBRSxHQUFHLEVBQUUsR0FBRyxFQUFFLFdBQVcsRUFBRSxrQkFBa0IsR0FBRyxFQUFFLEVBQUU7QUFDekYsSUFBSSxJQUFJLFlBQVksQ0FBQztBQUNyQixJQUFJLElBQUksVUFBVSxDQUFDO0FBQ25CLElBQUksSUFBSSxHQUFHLENBQUM7QUFDWixJQUFJLFlBQVksQ0FBQyxHQUFHLEVBQUUsR0FBRyxFQUFFLFNBQVMsQ0FBQyxDQUFDO0FBQ3RDLElBQUksUUFBUSxHQUFHO0FBQ2YsUUFBUSxLQUFLLEtBQUssRUFBRTtBQUNwQixZQUFZLEdBQUcsR0FBRyxHQUFHLENBQUM7QUFDdEIsWUFBWSxNQUFNO0FBQ2xCLFNBQVM7QUFDVCxRQUFRLEtBQUssU0FBUyxDQUFDO0FBQ3ZCLFFBQVEsS0FBSyxnQkFBZ0IsQ0FBQztBQUM5QixRQUFRLEtBQUssZ0JBQWdCLENBQUM7QUFDOUIsUUFBUSxLQUFLLGdCQUFnQixFQUFFO0FBQy9CLFlBQVksSUFBSSxDQUFDUCxXQUFnQixDQUFDLEdBQUcsQ0FBQyxFQUFFO0FBQ3hDLGdCQUFnQixNQUFNLElBQUksZ0JBQWdCLENBQUMsMEZBQTBGLENBQUMsQ0FBQztBQUN2SSxhQUFhO0FBQ2IsWUFBWSxNQUFNLEVBQUUsR0FBRyxFQUFFLEdBQUcsRUFBRSxHQUFHLGtCQUFrQixDQUFDO0FBQ3BELFlBQVksSUFBSSxFQUFFLEdBQUcsRUFBRSxZQUFZLEVBQUUsR0FBRyxrQkFBa0IsQ0FBQztBQUMzRCxZQUFZLFlBQVksS0FBSyxZQUFZLEdBQUcsTUFBTVEsV0FBZ0IsQ0FBQyxHQUFHLENBQUMsQ0FBQyxDQUFDO0FBQ3pFLFlBQVksTUFBTSxFQUFFLENBQUMsRUFBRSxDQUFDLEVBQUUsR0FBRyxFQUFFLEdBQUcsRUFBRSxHQUFHLE1BQU0sU0FBUyxDQUFDLFlBQVksQ0FBQyxDQUFDO0FBQ3JFLFlBQVksTUFBTSxZQUFZLEdBQUcsTUFBTVAsV0FBYyxDQUFDLEdBQUcsRUFBRSxZQUFZLEVBQUUsR0FBRyxLQUFLLFNBQVMsR0FBRyxHQUFHLEdBQUcsR0FBRyxFQUFFLEdBQUcsS0FBSyxTQUFTLEdBQUdDLFNBQVMsQ0FBQyxHQUFHLENBQUMsR0FBRyxRQUFRLENBQUMsR0FBRyxDQUFDLE1BQU0sQ0FBQyxDQUFDLENBQUMsRUFBRSxDQUFDLENBQUMsRUFBRSxFQUFFLENBQUMsRUFBRSxHQUFHLEVBQUUsR0FBRyxDQUFDLENBQUM7QUFDeEwsWUFBWSxVQUFVLEdBQUcsRUFBRSxHQUFHLEVBQUUsRUFBRSxDQUFDLEVBQUUsQ0FBQyxFQUFFLEdBQUcsRUFBRSxHQUFHLEVBQUUsRUFBRSxDQUFDO0FBQ3JELFlBQVksSUFBSSxHQUFHO0FBQ25CLGdCQUFnQixVQUFVLENBQUMsR0FBRyxHQUFHTCxNQUFTLENBQUMsR0FBRyxDQUFDLENBQUM7QUFDaEQsWUFBWSxJQUFJLEdBQUc7QUFDbkIsZ0JBQWdCLFVBQVUsQ0FBQyxHQUFHLEdBQUdBLE1BQVMsQ0FBQyxHQUFHLENBQUMsQ0FBQztBQUNoRCxZQUFZLElBQUksR0FBRyxLQUFLLFNBQVMsRUFBRTtBQUNuQyxnQkFBZ0IsR0FBRyxHQUFHLFlBQVksQ0FBQztBQUNuQyxnQkFBZ0IsTUFBTTtBQUN0QixhQUFhO0FBQ2IsWUFBWSxHQUFHLEdBQUcsV0FBVyxJQUFJLFdBQVcsQ0FBQyxHQUFHLENBQUMsQ0FBQztBQUNsRCxZQUFZLE1BQU0sS0FBSyxHQUFHLEdBQUcsQ0FBQyxNQUFNLENBQUMsQ0FBQyxDQUFDLENBQUMsQ0FBQztBQUN6QyxZQUFZLFlBQVksR0FBRyxNQUFNTSxNQUFLLENBQUMsS0FBSyxFQUFFLFlBQVksRUFBRSxHQUFHLENBQUMsQ0FBQztBQUNqRSxZQUFZLE1BQU07QUFDbEIsU0FBUztBQUNULFFBQVEsS0FBSyxRQUFRLENBQUM7QUFDdEIsUUFBUSxLQUFLLFVBQVUsQ0FBQztBQUN4QixRQUFRLEtBQUssY0FBYyxDQUFDO0FBQzVCLFFBQVEsS0FBSyxjQUFjLENBQUM7QUFDNUIsUUFBUSxLQUFLLGNBQWMsRUFBRTtBQUM3QixZQUFZLEdBQUcsR0FBRyxXQUFXLElBQUksV0FBVyxDQUFDLEdBQUcsQ0FBQyxDQUFDO0FBQ2xELFlBQVksWUFBWSxHQUFHLE1BQU1DLFNBQUssQ0FBQyxHQUFHLEVBQUUsR0FBRyxFQUFFLEdBQUcsQ0FBQyxDQUFDO0FBQ3RELFlBQVksTUFBTTtBQUNsQixTQUFTO0FBQ1QsUUFBUSxLQUFLLG9CQUFvQixDQUFDO0FBQ2xDLFFBQVEsS0FBSyxvQkFBb0IsQ0FBQztBQUNsQyxRQUFRLEtBQUssb0JBQW9CLEVBQUU7QUFDbkMsWUFBWSxHQUFHLEdBQUcsV0FBVyxJQUFJLFdBQVcsQ0FBQyxHQUFHLENBQUMsQ0FBQztBQUNsRCxZQUFZLE1BQU0sRUFBRSxHQUFHLEVBQUUsR0FBRyxFQUFFLEdBQUcsa0JBQWtCLENBQUM7QUFDcEQsWUFBWSxDQUFDLEVBQUUsWUFBWSxFQUFFLEdBQUcsVUFBVSxFQUFFLEdBQUcsTUFBTUMsU0FBTyxDQUFDLEdBQUcsRUFBRSxHQUFHLEVBQUUsR0FBRyxFQUFFLEdBQUcsRUFBRSxHQUFHLENBQUMsRUFBRTtBQUN2RixZQUFZLE1BQU07QUFDbEIsU0FBUztBQUNULFFBQVEsS0FBSyxRQUFRLENBQUM7QUFDdEIsUUFBUSxLQUFLLFFBQVEsQ0FBQztBQUN0QixRQUFRLEtBQUssUUFBUSxFQUFFO0FBQ3ZCLFlBQVksR0FBRyxHQUFHLFdBQVcsSUFBSSxXQUFXLENBQUMsR0FBRyxDQUFDLENBQUM7QUFDbEQsWUFBWSxZQUFZLEdBQUcsTUFBTUYsTUFBSyxDQUFDLEdBQUcsRUFBRSxHQUFHLEVBQUUsR0FBRyxDQUFDLENBQUM7QUFDdEQsWUFBWSxNQUFNO0FBQ2xCLFNBQVM7QUFDVCxRQUFRLEtBQUssV0FBVyxDQUFDO0FBQ3pCLFFBQVEsS0FBSyxXQUFXLENBQUM7QUFDekIsUUFBUSxLQUFLLFdBQVcsRUFBRTtBQUMxQixZQUFZLEdBQUcsR0FBRyxXQUFXLElBQUksV0FBVyxDQUFDLEdBQUcsQ0FBQyxDQUFDO0FBQ2xELFlBQVksTUFBTSxFQUFFLEVBQUUsRUFBRSxHQUFHLGtCQUFrQixDQUFDO0FBQzlDLFlBQVksQ0FBQyxFQUFFLFlBQVksRUFBRSxHQUFHLFVBQVUsRUFBRSxHQUFHLE1BQU1HLElBQVEsQ0FBQyxHQUFHLEVBQUUsR0FBRyxFQUFFLEdBQUcsRUFBRSxFQUFFLENBQUMsRUFBRTtBQUNsRixZQUFZLE1BQU07QUFDbEIsU0FBUztBQUNULFFBQVEsU0FBUztBQUNqQixZQUFZLE1BQU0sSUFBSSxnQkFBZ0IsQ0FBQywyREFBMkQsQ0FBQyxDQUFDO0FBQ3BHLFNBQVM7QUFDVCxLQUFLO0FBQ0wsSUFBSSxPQUFPLEVBQUUsR0FBRyxFQUFFLFlBQVksRUFBRSxVQUFVLEVBQUUsQ0FBQztBQUM3Qzs7QUMxRU8sTUFBTSxXQUFXLEdBQUcsTUFBTSxFQUFFLENBQUM7QUFDN0IsTUFBTSxnQkFBZ0IsQ0FBQztBQUM5QixJQUFJLFdBQVcsQ0FBQyxTQUFTLEVBQUU7QUFDM0IsUUFBUSxJQUFJLEVBQUUsU0FBUyxZQUFZLFVBQVUsQ0FBQyxFQUFFO0FBQ2hELFlBQVksTUFBTSxJQUFJLFNBQVMsQ0FBQyw2Q0FBNkMsQ0FBQyxDQUFDO0FBQy9FLFNBQVM7QUFDVCxRQUFRLElBQUksQ0FBQyxVQUFVLEdBQUcsU0FBUyxDQUFDO0FBQ3BDLEtBQUs7QUFDTCxJQUFJLDBCQUEwQixDQUFDLFVBQVUsRUFBRTtBQUMzQyxRQUFRLElBQUksSUFBSSxDQUFDLHdCQUF3QixFQUFFO0FBQzNDLFlBQVksTUFBTSxJQUFJLFNBQVMsQ0FBQyxvREFBb0QsQ0FBQyxDQUFDO0FBQ3RGLFNBQVM7QUFDVCxRQUFRLElBQUksQ0FBQyx3QkFBd0IsR0FBRyxVQUFVLENBQUM7QUFDbkQsUUFBUSxPQUFPLElBQUksQ0FBQztBQUNwQixLQUFLO0FBQ0wsSUFBSSxrQkFBa0IsQ0FBQyxlQUFlLEVBQUU7QUFDeEMsUUFBUSxJQUFJLElBQUksQ0FBQyxnQkFBZ0IsRUFBRTtBQUNuQyxZQUFZLE1BQU0sSUFBSSxTQUFTLENBQUMsNENBQTRDLENBQUMsQ0FBQztBQUM5RSxTQUFTO0FBQ1QsUUFBUSxJQUFJLENBQUMsZ0JBQWdCLEdBQUcsZUFBZSxDQUFDO0FBQ2hELFFBQVEsT0FBTyxJQUFJLENBQUM7QUFDcEIsS0FBSztBQUNMLElBQUksMEJBQTBCLENBQUMsdUJBQXVCLEVBQUU7QUFDeEQsUUFBUSxJQUFJLElBQUksQ0FBQyx3QkFBd0IsRUFBRTtBQUMzQyxZQUFZLE1BQU0sSUFBSSxTQUFTLENBQUMsb0RBQW9ELENBQUMsQ0FBQztBQUN0RixTQUFTO0FBQ1QsUUFBUSxJQUFJLENBQUMsd0JBQXdCLEdBQUcsdUJBQXVCLENBQUM7QUFDaEUsUUFBUSxPQUFPLElBQUksQ0FBQztBQUNwQixLQUFLO0FBQ0wsSUFBSSxvQkFBb0IsQ0FBQyxpQkFBaUIsRUFBRTtBQUM1QyxRQUFRLElBQUksSUFBSSxDQUFDLGtCQUFrQixFQUFFO0FBQ3JDLFlBQVksTUFBTSxJQUFJLFNBQVMsQ0FBQyw4Q0FBOEMsQ0FBQyxDQUFDO0FBQ2hGLFNBQVM7QUFDVCxRQUFRLElBQUksQ0FBQyxrQkFBa0IsR0FBRyxpQkFBaUIsQ0FBQztBQUNwRCxRQUFRLE9BQU8sSUFBSSxDQUFDO0FBQ3BCLEtBQUs7QUFDTCxJQUFJLDhCQUE4QixDQUFDLEdBQUcsRUFBRTtBQUN4QyxRQUFRLElBQUksQ0FBQyxJQUFJLEdBQUcsR0FBRyxDQUFDO0FBQ3hCLFFBQVEsT0FBTyxJQUFJLENBQUM7QUFDcEIsS0FBSztBQUNMLElBQUksdUJBQXVCLENBQUMsR0FBRyxFQUFFO0FBQ2pDLFFBQVEsSUFBSSxJQUFJLENBQUMsSUFBSSxFQUFFO0FBQ3ZCLFlBQVksTUFBTSxJQUFJLFNBQVMsQ0FBQyxpREFBaUQsQ0FBQyxDQUFDO0FBQ25GLFNBQVM7QUFDVCxRQUFRLElBQUksQ0FBQyxJQUFJLEdBQUcsR0FBRyxDQUFDO0FBQ3hCLFFBQVEsT0FBTyxJQUFJLENBQUM7QUFDcEIsS0FBSztBQUNMLElBQUksdUJBQXVCLENBQUMsRUFBRSxFQUFFO0FBQ2hDLFFBQVEsSUFBSSxJQUFJLENBQUMsR0FBRyxFQUFFO0FBQ3RCLFlBQVksTUFBTSxJQUFJLFNBQVMsQ0FBQyxpREFBaUQsQ0FBQyxDQUFDO0FBQ25GLFNBQVM7QUFDVCxRQUFRLElBQUksQ0FBQyxHQUFHLEdBQUcsRUFBRSxDQUFDO0FBQ3RCLFFBQVEsT0FBTyxJQUFJLENBQUM7QUFDcEIsS0FBSztBQUNMLElBQUksTUFBTSxPQUFPLENBQUMsR0FBRyxFQUFFLE9BQU8sRUFBRTtBQUNoQyxRQUFRLElBQUksQ0FBQyxJQUFJLENBQUMsZ0JBQWdCLElBQUksQ0FBQyxJQUFJLENBQUMsa0JBQWtCLElBQUksQ0FBQyxJQUFJLENBQUMsd0JBQXdCLEVBQUU7QUFDbEcsWUFBWSxNQUFNLElBQUksVUFBVSxDQUFDLDhHQUE4RyxDQUFDLENBQUM7QUFDakosU0FBUztBQUNULFFBQVEsSUFBSSxDQUFDLFVBQVUsQ0FBQyxJQUFJLENBQUMsZ0JBQWdCLEVBQUUsSUFBSSxDQUFDLGtCQUFrQixFQUFFLElBQUksQ0FBQyx3QkFBd0IsQ0FBQyxFQUFFO0FBQ3hHLFlBQVksTUFBTSxJQUFJLFVBQVUsQ0FBQyxxR0FBcUcsQ0FBQyxDQUFDO0FBQ3hJLFNBQVM7QUFDVCxRQUFRLE1BQU0sVUFBVSxHQUFHO0FBQzNCLFlBQVksR0FBRyxJQUFJLENBQUMsZ0JBQWdCO0FBQ3BDLFlBQVksR0FBRyxJQUFJLENBQUMsa0JBQWtCO0FBQ3RDLFlBQVksR0FBRyxJQUFJLENBQUMsd0JBQXdCO0FBQzVDLFNBQVMsQ0FBQztBQUNWLFFBQVEsWUFBWSxDQUFDLFVBQVUsRUFBRSxJQUFJLEdBQUcsRUFBRSxFQUFFLE9BQU8sS0FBSyxJQUFJLElBQUksT0FBTyxLQUFLLEtBQUssQ0FBQyxHQUFHLEtBQUssQ0FBQyxHQUFHLE9BQU8sQ0FBQyxJQUFJLEVBQUUsSUFBSSxDQUFDLGdCQUFnQixFQUFFLFVBQVUsQ0FBQyxDQUFDO0FBQy9JLFFBQVEsSUFBSSxVQUFVLENBQUMsR0FBRyxLQUFLLFNBQVMsRUFBRTtBQUMxQyxZQUFZLElBQUksQ0FBQyxJQUFJLENBQUMsZ0JBQWdCLElBQUksQ0FBQyxJQUFJLENBQUMsZ0JBQWdCLENBQUMsR0FBRyxFQUFFO0FBQ3RFLGdCQUFnQixNQUFNLElBQUksVUFBVSxDQUFDLHNFQUFzRSxDQUFDLENBQUM7QUFDN0csYUFBYTtBQUNiLFlBQVksSUFBSSxVQUFVLENBQUMsR0FBRyxLQUFLLEtBQUssRUFBRTtBQUMxQyxnQkFBZ0IsTUFBTSxJQUFJLGdCQUFnQixDQUFDLHNFQUFzRSxDQUFDLENBQUM7QUFDbkgsYUFBYTtBQUNiLFNBQVM7QUFDVCxRQUFRLE1BQU0sRUFBRSxHQUFHLEVBQUUsR0FBRyxFQUFFLEdBQUcsVUFBVSxDQUFDO0FBQ3hDLFFBQVEsSUFBSSxPQUFPLEdBQUcsS0FBSyxRQUFRLElBQUksQ0FBQyxHQUFHLEVBQUU7QUFDN0MsWUFBWSxNQUFNLElBQUksVUFBVSxDQUFDLDJEQUEyRCxDQUFDLENBQUM7QUFDOUYsU0FBUztBQUNULFFBQVEsSUFBSSxPQUFPLEdBQUcsS0FBSyxRQUFRLElBQUksQ0FBQyxHQUFHLEVBQUU7QUFDN0MsWUFBWSxNQUFNLElBQUksVUFBVSxDQUFDLHNFQUFzRSxDQUFDLENBQUM7QUFDekcsU0FBUztBQUNULFFBQVEsSUFBSSxZQUFZLENBQUM7QUFDekIsUUFBUSxJQUFJLEdBQUcsS0FBSyxLQUFLLEVBQUU7QUFDM0IsWUFBWSxJQUFJLElBQUksQ0FBQyxJQUFJLEVBQUU7QUFDM0IsZ0JBQWdCLE1BQU0sSUFBSSxTQUFTLENBQUMsdUVBQXVFLENBQUMsQ0FBQztBQUM3RyxhQUFhO0FBQ2IsU0FBUztBQUNULGFBQWEsSUFBSSxHQUFHLEtBQUssU0FBUyxFQUFFO0FBQ3BDLFlBQVksSUFBSSxJQUFJLENBQUMsSUFBSSxFQUFFO0FBQzNCLGdCQUFnQixNQUFNLElBQUksU0FBUyxDQUFDLDBFQUEwRSxDQUFDLENBQUM7QUFDaEgsYUFBYTtBQUNiLFNBQVM7QUFDVCxRQUFRLElBQUksR0FBRyxDQUFDO0FBQ2hCLFFBQVE7QUFDUixZQUFZLElBQUksVUFBVSxDQUFDO0FBQzNCLFlBQVksQ0FBQyxFQUFFLEdBQUcsRUFBRSxZQUFZLEVBQUUsVUFBVSxFQUFFLEdBQUcsTUFBTSxvQkFBb0IsQ0FBQyxHQUFHLEVBQUUsR0FBRyxFQUFFLEdBQUcsRUFBRSxJQUFJLENBQUMsSUFBSSxFQUFFLElBQUksQ0FBQyx3QkFBd0IsQ0FBQyxFQUFFO0FBQ3RJLFlBQVksSUFBSSxVQUFVLEVBQUU7QUFDNUIsZ0JBQWdCLElBQUksT0FBTyxJQUFJLFdBQVcsSUFBSSxPQUFPLEVBQUU7QUFDdkQsb0JBQW9CLElBQUksQ0FBQyxJQUFJLENBQUMsa0JBQWtCLEVBQUU7QUFDbEQsd0JBQXdCLElBQUksQ0FBQyxvQkFBb0IsQ0FBQyxVQUFVLENBQUMsQ0FBQztBQUM5RCxxQkFBcUI7QUFDckIseUJBQXlCO0FBQ3pCLHdCQUF3QixJQUFJLENBQUMsa0JBQWtCLEdBQUcsRUFBRSxHQUFHLElBQUksQ0FBQyxrQkFBa0IsRUFBRSxHQUFHLFVBQVUsRUFBRSxDQUFDO0FBQ2hHLHFCQUFxQjtBQUNyQixpQkFBaUI7QUFDakIscUJBQXFCO0FBQ3JCLG9CQUFvQixJQUFJLENBQUMsSUFBSSxDQUFDLGdCQUFnQixFQUFFO0FBQ2hELHdCQUF3QixJQUFJLENBQUMsa0JBQWtCLENBQUMsVUFBVSxDQUFDLENBQUM7QUFDNUQscUJBQXFCO0FBQ3JCLHlCQUF5QjtBQUN6Qix3QkFBd0IsSUFBSSxDQUFDLGdCQUFnQixHQUFHLEVBQUUsR0FBRyxJQUFJLENBQUMsZ0JBQWdCLEVBQUUsR0FBRyxVQUFVLEVBQUUsQ0FBQztBQUM1RixxQkFBcUI7QUFDckIsaUJBQWlCO0FBQ2pCLGFBQWE7QUFDYixTQUFTO0FBQ1QsUUFBUSxJQUFJLENBQUMsR0FBRyxLQUFLLElBQUksQ0FBQyxHQUFHLEdBQUcsVUFBVSxDQUFDLEdBQUcsQ0FBQyxDQUFDLENBQUM7QUFDakQsUUFBUSxJQUFJLGNBQWMsQ0FBQztBQUMzQixRQUFRLElBQUksZUFBZSxDQUFDO0FBQzVCLFFBQVEsSUFBSSxTQUFTLENBQUM7QUFDdEIsUUFBUSxJQUFJLElBQUksQ0FBQyxnQkFBZ0IsRUFBRTtBQUNuQyxZQUFZLGVBQWUsR0FBRyxPQUFPLENBQUMsTUFBTSxDQUFDVCxNQUFTLENBQUMsSUFBSSxDQUFDLFNBQVMsQ0FBQyxJQUFJLENBQUMsZ0JBQWdCLENBQUMsQ0FBQyxDQUFDLENBQUM7QUFDL0YsU0FBUztBQUNULGFBQWE7QUFDYixZQUFZLGVBQWUsR0FBRyxPQUFPLENBQUMsTUFBTSxDQUFDLEVBQUUsQ0FBQyxDQUFDO0FBQ2pELFNBQVM7QUFDVCxRQUFRLElBQUksSUFBSSxDQUFDLElBQUksRUFBRTtBQUN2QixZQUFZLFNBQVMsR0FBR0EsTUFBUyxDQUFDLElBQUksQ0FBQyxJQUFJLENBQUMsQ0FBQztBQUM3QyxZQUFZLGNBQWMsR0FBRyxNQUFNLENBQUMsZUFBZSxFQUFFLE9BQU8sQ0FBQyxNQUFNLENBQUMsR0FBRyxDQUFDLEVBQUUsT0FBTyxDQUFDLE1BQU0sQ0FBQyxTQUFTLENBQUMsQ0FBQyxDQUFDO0FBQ3JHLFNBQVM7QUFDVCxhQUFhO0FBQ2IsWUFBWSxjQUFjLEdBQUcsZUFBZSxDQUFDO0FBQzdDLFNBQVM7QUFDVCxRQUFRLElBQUksVUFBVSxDQUFDO0FBQ3ZCLFFBQVEsSUFBSSxHQUFHLENBQUM7QUFDaEIsUUFBUSxJQUFJLFVBQVUsQ0FBQyxHQUFHLEtBQUssS0FBSyxFQUFFO0FBQ3RDLFlBQVksTUFBTSxRQUFRLEdBQUcsTUFBTSxDQUFDLENBQUMsT0FBTyxLQUFLLElBQUksSUFBSSxPQUFPLEtBQUssS0FBSyxDQUFDLEdBQUcsS0FBSyxDQUFDLEdBQUcsT0FBTyxDQUFDLFVBQVUsS0FBSyxPQUFPLEVBQUUsSUFBSSxDQUFDLFVBQVUsQ0FBQyxDQUFDO0FBQ3hJLFlBQVksQ0FBQyxFQUFFLFVBQVUsRUFBRSxHQUFHLEVBQUUsR0FBRyxNQUFNLE9BQU8sQ0FBQyxHQUFHLEVBQUUsUUFBUSxFQUFFLEdBQUcsRUFBRSxJQUFJLENBQUMsR0FBRyxFQUFFLGNBQWMsQ0FBQyxFQUFFO0FBQ2hHLFNBQVM7QUFDVCxhQUFhO0FBRWIsWUFBWSxDQUFDLEVBQUUsVUFBVSxFQUFFLEdBQUcsRUFBRSxHQUFHLE1BQU0sT0FBTyxDQUFDLEdBQUcsRUFBRSxJQUFJLENBQUMsVUFBVSxFQUFFLEdBQUcsRUFBRSxJQUFJLENBQUMsR0FBRyxFQUFFLGNBQWMsQ0FBQyxFQUFFO0FBQ3ZHLFNBQVM7QUFDVCxRQUFRLE1BQU0sR0FBRyxHQUFHO0FBQ3BCLFlBQVksVUFBVSxFQUFFQSxNQUFTLENBQUMsVUFBVSxDQUFDO0FBQzdDLFlBQVksRUFBRSxFQUFFQSxNQUFTLENBQUMsSUFBSSxDQUFDLEdBQUcsQ0FBQztBQUNuQyxZQUFZLEdBQUcsRUFBRUEsTUFBUyxDQUFDLEdBQUcsQ0FBQztBQUMvQixTQUFTLENBQUM7QUFDVixRQUFRLElBQUksWUFBWSxFQUFFO0FBQzFCLFlBQVksR0FBRyxDQUFDLGFBQWEsR0FBR0EsTUFBUyxDQUFDLFlBQVksQ0FBQyxDQUFDO0FBQ3hELFNBQVM7QUFDVCxRQUFRLElBQUksU0FBUyxFQUFFO0FBQ3ZCLFlBQVksR0FBRyxDQUFDLEdBQUcsR0FBRyxTQUFTLENBQUM7QUFDaEMsU0FBUztBQUNULFFBQVEsSUFBSSxJQUFJLENBQUMsZ0JBQWdCLEVBQUU7QUFDbkMsWUFBWSxHQUFHLENBQUMsU0FBUyxHQUFHLE9BQU8sQ0FBQyxNQUFNLENBQUMsZUFBZSxDQUFDLENBQUM7QUFDNUQsU0FBUztBQUNULFFBQVEsSUFBSSxJQUFJLENBQUMsd0JBQXdCLEVBQUU7QUFDM0MsWUFBWSxHQUFHLENBQUMsV0FBVyxHQUFHLElBQUksQ0FBQyx3QkFBd0IsQ0FBQztBQUM1RCxTQUFTO0FBQ1QsUUFBUSxJQUFJLElBQUksQ0FBQyxrQkFBa0IsRUFBRTtBQUNyQyxZQUFZLEdBQUcsQ0FBQyxNQUFNLEdBQUcsSUFBSSxDQUFDLGtCQUFrQixDQUFDO0FBQ2pELFNBQVM7QUFDVCxRQUFRLE9BQU8sR0FBRyxDQUFDO0FBQ25CLEtBQUs7QUFDTDs7QUM1S2UsU0FBUyxTQUFTLENBQUMsR0FBRyxFQUFFLFVBQVUsRUFBRTtBQUNuRCxJQUFJLE1BQU0sTUFBTSxHQUFHLFFBQVEsQ0FBQyxHQUFHLENBQUMsTUFBTSxDQUFDLENBQUMsQ0FBQyxDQUFDLEVBQUUsRUFBRSxDQUFDLENBQUM7QUFDaEQsSUFBSSxRQUFRLEdBQUc7QUFDZixRQUFRLEtBQUssT0FBTyxDQUFDO0FBQ3JCLFFBQVEsS0FBSyxPQUFPLENBQUM7QUFDckIsUUFBUSxLQUFLLE9BQU87QUFDcEIsWUFBWSxPQUFPLEVBQUUsSUFBSSxFQUFFLENBQUMsSUFBSSxFQUFFLE1BQU0sQ0FBQyxDQUFDLEVBQUUsSUFBSSxFQUFFLE1BQU0sRUFBRSxDQUFDO0FBQzNELFFBQVEsS0FBSyxPQUFPLENBQUM7QUFDckIsUUFBUSxLQUFLLE9BQU8sQ0FBQztBQUNyQixRQUFRLEtBQUssT0FBTztBQUNwQixZQUFZLE9BQU8sRUFBRSxJQUFJLEVBQUUsQ0FBQyxJQUFJLEVBQUUsTUFBTSxDQUFDLENBQUMsRUFBRSxJQUFJLEVBQUUsU0FBUyxFQUFFLFVBQVUsRUFBRSxNQUFNLElBQUksQ0FBQyxFQUFFLENBQUM7QUFDdkYsUUFBUSxLQUFLLE9BQU8sQ0FBQztBQUNyQixRQUFRLEtBQUssT0FBTyxDQUFDO0FBQ3JCLFFBQVEsS0FBSyxPQUFPO0FBQ3BCLFlBQVksT0FBTyxFQUFFLElBQUksRUFBRSxDQUFDLElBQUksRUFBRSxNQUFNLENBQUMsQ0FBQyxFQUFFLElBQUksRUFBRSxtQkFBbUIsRUFBRSxDQUFDO0FBQ3hFLFFBQVEsS0FBSyxPQUFPLENBQUM7QUFDckIsUUFBUSxLQUFLLE9BQU8sQ0FBQztBQUNyQixRQUFRLEtBQUssT0FBTztBQUNwQixZQUFZLE9BQU8sRUFBRSxJQUFJLEVBQUUsQ0FBQyxJQUFJLEVBQUUsTUFBTSxDQUFDLENBQUMsRUFBRSxJQUFJLEVBQUUsT0FBTyxFQUFFLFVBQVUsRUFBRSxDQUFDO0FBQ3hFLFFBQVEsS0FBSyxDQUFDLG1CQUFtQixFQUFFLElBQUksUUFBUSxFQUFFLEtBQUssT0FBTztBQUM3RCxZQUFZLE9BQU8sRUFBRSxJQUFJLEVBQUUsVUFBVSxFQUFFLFVBQVUsRUFBRSxDQUFDO0FBQ3BELFFBQVE7QUFDUixZQUFZLE1BQU0sSUFBSSxnQkFBZ0IsQ0FBQyxDQUFDLElBQUksRUFBRSxHQUFHLENBQUMsMkRBQTJELENBQUMsQ0FBQyxDQUFDO0FBQ2hILEtBQUs7QUFDTDs7QUN0QmUsU0FBUyxZQUFZLENBQUMsR0FBRyxFQUFFLEdBQUcsRUFBRSxLQUFLLEVBQUU7QUFDdEQsSUFBSSxJQUFJLFdBQVcsQ0FBQyxHQUFHLENBQUMsRUFBRTtBQUMxQixRQUFRLGlCQUFpQixDQUFDLEdBQUcsRUFBRSxHQUFHLEVBQUUsS0FBSyxDQUFDLENBQUM7QUFDM0MsUUFBUSxPQUFPLEdBQUcsQ0FBQztBQUNuQixLQUFLO0FBQ0wsSUFBSSxJQUFJLEdBQUcsWUFBWSxVQUFVLEVBQUU7QUFDbkMsUUFBUSxJQUFJLENBQUMsR0FBRyxDQUFDLFVBQVUsQ0FBQyxJQUFJLENBQUMsRUFBRTtBQUNuQyxZQUFZLE1BQU0sSUFBSSxTQUFTLENBQUMsZUFBZSxDQUFDLEdBQUcsRUFBRSxHQUFHLEtBQUssQ0FBQyxDQUFDLENBQUM7QUFDaEUsU0FBUztBQUNULFFBQVEsT0FBT1YsUUFBTSxDQUFDLE1BQU0sQ0FBQyxTQUFTLENBQUMsS0FBSyxFQUFFLEdBQUcsRUFBRSxFQUFFLElBQUksRUFBRSxDQUFDLElBQUksRUFBRSxHQUFHLENBQUMsTUFBTSxDQUFDLENBQUMsQ0FBQyxDQUFDLENBQUMsQ0FBQyxFQUFFLElBQUksRUFBRSxNQUFNLEVBQUUsRUFBRSxLQUFLLEVBQUUsQ0FBQyxLQUFLLENBQUMsQ0FBQyxDQUFDO0FBQ3BILEtBQUs7QUFDTCxJQUFJLE1BQU0sSUFBSSxTQUFTLENBQUMsZUFBZSxDQUFDLEdBQUcsRUFBRSxHQUFHLEtBQUssRUFBRSxZQUFZLENBQUMsQ0FBQyxDQUFDO0FBQ3RFOztBQ1pBLE1BQU0sTUFBTSxHQUFHLE9BQU8sR0FBRyxFQUFFLEdBQUcsRUFBRSxTQUFTLEVBQUUsSUFBSSxLQUFLO0FBQ3BELElBQUksTUFBTSxTQUFTLEdBQUcsTUFBTXNCLFlBQVksQ0FBQyxHQUFHLEVBQUUsR0FBRyxFQUFFLFFBQVEsQ0FBQyxDQUFDO0FBQzdELElBQUksY0FBYyxDQUFDLEdBQUcsRUFBRSxTQUFTLENBQUMsQ0FBQztBQUNuQyxJQUFJLE1BQU0sU0FBUyxHQUFHWCxTQUFlLENBQUMsR0FBRyxFQUFFLFNBQVMsQ0FBQyxTQUFTLENBQUMsVUFBVSxDQUFDLENBQUM7QUFDM0UsSUFBSSxJQUFJO0FBQ1IsUUFBUSxPQUFPLE1BQU1YLFFBQU0sQ0FBQyxNQUFNLENBQUMsTUFBTSxDQUFDLFNBQVMsRUFBRSxTQUFTLEVBQUUsU0FBUyxFQUFFLElBQUksQ0FBQyxDQUFDO0FBQ2pGLEtBQUs7QUFDTCxJQUFJLE9BQU8sRUFBRSxFQUFFO0FBQ2YsUUFBUSxPQUFPLEtBQUssQ0FBQztBQUNyQixLQUFLO0FBQ0wsQ0FBQzs7QUNMTSxlQUFlLGVBQWUsQ0FBQyxHQUFHLEVBQUUsR0FBRyxFQUFFLE9BQU8sRUFBRTtBQUN6RCxJQUFJLElBQUksRUFBRSxDQUFDO0FBQ1gsSUFBSSxJQUFJLENBQUMsUUFBUSxDQUFDLEdBQUcsQ0FBQyxFQUFFO0FBQ3hCLFFBQVEsTUFBTSxJQUFJLFVBQVUsQ0FBQyxpQ0FBaUMsQ0FBQyxDQUFDO0FBQ2hFLEtBQUs7QUFDTCxJQUFJLElBQUksR0FBRyxDQUFDLFNBQVMsS0FBSyxTQUFTLElBQUksR0FBRyxDQUFDLE1BQU0sS0FBSyxTQUFTLEVBQUU7QUFDakUsUUFBUSxNQUFNLElBQUksVUFBVSxDQUFDLHVFQUF1RSxDQUFDLENBQUM7QUFDdEcsS0FBSztBQUNMLElBQUksSUFBSSxHQUFHLENBQUMsU0FBUyxLQUFLLFNBQVMsSUFBSSxPQUFPLEdBQUcsQ0FBQyxTQUFTLEtBQUssUUFBUSxFQUFFO0FBQzFFLFFBQVEsTUFBTSxJQUFJLFVBQVUsQ0FBQyxxQ0FBcUMsQ0FBQyxDQUFDO0FBQ3BFLEtBQUs7QUFDTCxJQUFJLElBQUksR0FBRyxDQUFDLE9BQU8sS0FBSyxTQUFTLEVBQUU7QUFDbkMsUUFBUSxNQUFNLElBQUksVUFBVSxDQUFDLHFCQUFxQixDQUFDLENBQUM7QUFDcEQsS0FBSztBQUNMLElBQUksSUFBSSxPQUFPLEdBQUcsQ0FBQyxTQUFTLEtBQUssUUFBUSxFQUFFO0FBQzNDLFFBQVEsTUFBTSxJQUFJLFVBQVUsQ0FBQyx5Q0FBeUMsQ0FBQyxDQUFDO0FBQ3hFLEtBQUs7QUFDTCxJQUFJLElBQUksR0FBRyxDQUFDLE1BQU0sS0FBSyxTQUFTLElBQUksQ0FBQyxRQUFRLENBQUMsR0FBRyxDQUFDLE1BQU0sQ0FBQyxFQUFFO0FBQzNELFFBQVEsTUFBTSxJQUFJLFVBQVUsQ0FBQyx1Q0FBdUMsQ0FBQyxDQUFDO0FBQ3RFLEtBQUs7QUFDTCxJQUFJLElBQUksVUFBVSxHQUFHLEVBQUUsQ0FBQztBQUN4QixJQUFJLElBQUksR0FBRyxDQUFDLFNBQVMsRUFBRTtBQUN2QixRQUFRLE1BQU0sZUFBZSxHQUFHVSxNQUFTLENBQUMsR0FBRyxDQUFDLFNBQVMsQ0FBQyxDQUFDO0FBQ3pELFFBQVEsSUFBSTtBQUNaLFlBQVksVUFBVSxHQUFHLElBQUksQ0FBQyxLQUFLLENBQUMsT0FBTyxDQUFDLE1BQU0sQ0FBQyxlQUFlLENBQUMsQ0FBQyxDQUFDO0FBQ3JFLFNBQVM7QUFDVCxRQUFRLE9BQU8sRUFBRSxFQUFFO0FBQ25CLFlBQVksTUFBTSxJQUFJLFVBQVUsQ0FBQyxpQ0FBaUMsQ0FBQyxDQUFDO0FBQ3BFLFNBQVM7QUFDVCxLQUFLO0FBQ0wsSUFBSSxJQUFJLENBQUMsVUFBVSxDQUFDLFVBQVUsRUFBRSxHQUFHLENBQUMsTUFBTSxDQUFDLEVBQUU7QUFDN0MsUUFBUSxNQUFNLElBQUksVUFBVSxDQUFDLDJFQUEyRSxDQUFDLENBQUM7QUFDMUcsS0FBSztBQUNMLElBQUksTUFBTSxVQUFVLEdBQUc7QUFDdkIsUUFBUSxHQUFHLFVBQVU7QUFDckIsUUFBUSxHQUFHLEdBQUcsQ0FBQyxNQUFNO0FBQ3JCLEtBQUssQ0FBQztBQUNOLElBQUksTUFBTSxVQUFVLEdBQUcsWUFBWSxDQUFDLFVBQVUsRUFBRSxJQUFJLEdBQUcsQ0FBQyxDQUFDLENBQUMsS0FBSyxFQUFFLElBQUksQ0FBQyxDQUFDLENBQUMsRUFBRSxPQUFPLEtBQUssSUFBSSxJQUFJLE9BQU8sS0FBSyxLQUFLLENBQUMsR0FBRyxLQUFLLENBQUMsR0FBRyxPQUFPLENBQUMsSUFBSSxFQUFFLFVBQVUsRUFBRSxVQUFVLENBQUMsQ0FBQztBQUNsSyxJQUFJLElBQUksR0FBRyxHQUFHLElBQUksQ0FBQztBQUNuQixJQUFJLElBQUksVUFBVSxDQUFDLEdBQUcsQ0FBQyxLQUFLLENBQUMsRUFBRTtBQUMvQixRQUFRLEdBQUcsR0FBRyxVQUFVLENBQUMsR0FBRyxDQUFDO0FBQzdCLFFBQVEsSUFBSSxPQUFPLEdBQUcsS0FBSyxTQUFTLEVBQUU7QUFDdEMsWUFBWSxNQUFNLElBQUksVUFBVSxDQUFDLHlFQUF5RSxDQUFDLENBQUM7QUFDNUcsU0FBUztBQUNULEtBQUs7QUFDTCxJQUFJLE1BQU0sRUFBRSxHQUFHLEVBQUUsR0FBRyxVQUFVLENBQUM7QUFDL0IsSUFBSSxJQUFJLE9BQU8sR0FBRyxLQUFLLFFBQVEsSUFBSSxDQUFDLEdBQUcsRUFBRTtBQUN6QyxRQUFRLE1BQU0sSUFBSSxVQUFVLENBQUMsMkRBQTJELENBQUMsQ0FBQztBQUMxRixLQUFLO0FBQ0wsSUFBSSxNQUFNLFVBQVUsR0FBRyxPQUFPLElBQUksa0JBQWtCLENBQUMsWUFBWSxFQUFFLE9BQU8sQ0FBQyxVQUFVLENBQUMsQ0FBQztBQUN2RixJQUFJLElBQUksVUFBVSxJQUFJLENBQUMsVUFBVSxDQUFDLEdBQUcsQ0FBQyxHQUFHLENBQUMsRUFBRTtBQUM1QyxRQUFRLE1BQU0sSUFBSSxpQkFBaUIsQ0FBQyxnREFBZ0QsQ0FBQyxDQUFDO0FBQ3RGLEtBQUs7QUFDTCxJQUFJLElBQUksR0FBRyxFQUFFO0FBQ2IsUUFBUSxJQUFJLE9BQU8sR0FBRyxDQUFDLE9BQU8sS0FBSyxRQUFRLEVBQUU7QUFDN0MsWUFBWSxNQUFNLElBQUksVUFBVSxDQUFDLDhCQUE4QixDQUFDLENBQUM7QUFDakUsU0FBUztBQUNULEtBQUs7QUFDTCxTQUFTLElBQUksT0FBTyxHQUFHLENBQUMsT0FBTyxLQUFLLFFBQVEsSUFBSSxFQUFFLEdBQUcsQ0FBQyxPQUFPLFlBQVksVUFBVSxDQUFDLEVBQUU7QUFDdEYsUUFBUSxNQUFNLElBQUksVUFBVSxDQUFDLHdEQUF3RCxDQUFDLENBQUM7QUFDdkYsS0FBSztBQUNMLElBQUksSUFBSSxXQUFXLEdBQUcsS0FBSyxDQUFDO0FBQzVCLElBQUksSUFBSSxPQUFPLEdBQUcsS0FBSyxVQUFVLEVBQUU7QUFDbkMsUUFBUSxHQUFHLEdBQUcsTUFBTSxHQUFHLENBQUMsVUFBVSxFQUFFLEdBQUcsQ0FBQyxDQUFDO0FBQ3pDLFFBQVEsV0FBVyxHQUFHLElBQUksQ0FBQztBQUMzQixLQUFLO0FBQ0wsSUFBSSxZQUFZLENBQUMsR0FBRyxFQUFFLEdBQUcsRUFBRSxRQUFRLENBQUMsQ0FBQztBQUNyQyxJQUFJLE1BQU0sSUFBSSxHQUFHLE1BQU0sQ0FBQyxPQUFPLENBQUMsTUFBTSxDQUFDLENBQUMsRUFBRSxHQUFHLEdBQUcsQ0FBQyxTQUFTLE1BQU0sSUFBSSxJQUFJLEVBQUUsS0FBSyxLQUFLLENBQUMsR0FBRyxFQUFFLEdBQUcsRUFBRSxDQUFDLEVBQUUsT0FBTyxDQUFDLE1BQU0sQ0FBQyxHQUFHLENBQUMsRUFBRSxPQUFPLEdBQUcsQ0FBQyxPQUFPLEtBQUssUUFBUSxHQUFHLE9BQU8sQ0FBQyxNQUFNLENBQUMsR0FBRyxDQUFDLE9BQU8sQ0FBQyxHQUFHLEdBQUcsQ0FBQyxPQUFPLENBQUMsQ0FBQztBQUNwTSxJQUFJLE1BQU0sU0FBUyxHQUFHQSxNQUFTLENBQUMsR0FBRyxDQUFDLFNBQVMsQ0FBQyxDQUFDO0FBQy9DLElBQUksTUFBTSxRQUFRLEdBQUcsTUFBTSxNQUFNLENBQUMsR0FBRyxFQUFFLEdBQUcsRUFBRSxTQUFTLEVBQUUsSUFBSSxDQUFDLENBQUM7QUFDN0QsSUFBSSxJQUFJLENBQUMsUUFBUSxFQUFFO0FBQ25CLFFBQVEsTUFBTSxJQUFJLDhCQUE4QixFQUFFLENBQUM7QUFDbkQsS0FBSztBQUNMLElBQUksSUFBSSxPQUFPLENBQUM7QUFDaEIsSUFBSSxJQUFJLEdBQUcsRUFBRTtBQUNiLFFBQVEsT0FBTyxHQUFHQSxNQUFTLENBQUMsR0FBRyxDQUFDLE9BQU8sQ0FBQyxDQUFDO0FBQ3pDLEtBQUs7QUFDTCxTQUFTLElBQUksT0FBTyxHQUFHLENBQUMsT0FBTyxLQUFLLFFBQVEsRUFBRTtBQUM5QyxRQUFRLE9BQU8sR0FBRyxPQUFPLENBQUMsTUFBTSxDQUFDLEdBQUcsQ0FBQyxPQUFPLENBQUMsQ0FBQztBQUM5QyxLQUFLO0FBQ0wsU0FBUztBQUNULFFBQVEsT0FBTyxHQUFHLEdBQUcsQ0FBQyxPQUFPLENBQUM7QUFDOUIsS0FBSztBQUNMLElBQUksTUFBTSxNQUFNLEdBQUcsRUFBRSxPQUFPLEVBQUUsQ0FBQztBQUMvQixJQUFJLElBQUksR0FBRyxDQUFDLFNBQVMsS0FBSyxTQUFTLEVBQUU7QUFDckMsUUFBUSxNQUFNLENBQUMsZUFBZSxHQUFHLFVBQVUsQ0FBQztBQUM1QyxLQUFLO0FBQ0wsSUFBSSxJQUFJLEdBQUcsQ0FBQyxNQUFNLEtBQUssU0FBUyxFQUFFO0FBQ2xDLFFBQVEsTUFBTSxDQUFDLGlCQUFpQixHQUFHLEdBQUcsQ0FBQyxNQUFNLENBQUM7QUFDOUMsS0FBSztBQUNMLElBQUksSUFBSSxXQUFXLEVBQUU7QUFDckIsUUFBUSxPQUFPLEVBQUUsR0FBRyxNQUFNLEVBQUUsR0FBRyxFQUFFLENBQUM7QUFDbEMsS0FBSztBQUNMLElBQUksT0FBTyxNQUFNLENBQUM7QUFDbEI7O0FDcEdPLGVBQWUsYUFBYSxDQUFDLEdBQUcsRUFBRSxHQUFHLEVBQUUsT0FBTyxFQUFFO0FBQ3ZELElBQUksSUFBSSxHQUFHLFlBQVksVUFBVSxFQUFFO0FBQ25DLFFBQVEsR0FBRyxHQUFHLE9BQU8sQ0FBQyxNQUFNLENBQUMsR0FBRyxDQUFDLENBQUM7QUFDbEMsS0FBSztBQUNMLElBQUksSUFBSSxPQUFPLEdBQUcsS0FBSyxRQUFRLEVBQUU7QUFDakMsUUFBUSxNQUFNLElBQUksVUFBVSxDQUFDLDRDQUE0QyxDQUFDLENBQUM7QUFDM0UsS0FBSztBQUNMLElBQUksTUFBTSxFQUFFLENBQUMsRUFBRSxlQUFlLEVBQUUsQ0FBQyxFQUFFLE9BQU8sRUFBRSxDQUFDLEVBQUUsU0FBUyxFQUFFLE1BQU0sRUFBRSxHQUFHLEdBQUcsQ0FBQyxLQUFLLENBQUMsR0FBRyxDQUFDLENBQUM7QUFDcEYsSUFBSSxJQUFJLE1BQU0sS0FBSyxDQUFDLEVBQUU7QUFDdEIsUUFBUSxNQUFNLElBQUksVUFBVSxDQUFDLHFCQUFxQixDQUFDLENBQUM7QUFDcEQsS0FBSztBQUNMLElBQUksTUFBTSxRQUFRLEdBQUcsTUFBTSxlQUFlLENBQUMsRUFBRSxPQUFPLEVBQUUsU0FBUyxFQUFFLGVBQWUsRUFBRSxTQUFTLEVBQUUsRUFBRSxHQUFHLEVBQUUsT0FBTyxDQUFDLENBQUM7QUFDN0csSUFBSSxNQUFNLE1BQU0sR0FBRyxFQUFFLE9BQU8sRUFBRSxRQUFRLENBQUMsT0FBTyxFQUFFLGVBQWUsRUFBRSxRQUFRLENBQUMsZUFBZSxFQUFFLENBQUM7QUFDNUYsSUFBSSxJQUFJLE9BQU8sR0FBRyxLQUFLLFVBQVUsRUFBRTtBQUNuQyxRQUFRLE9BQU8sRUFBRSxHQUFHLE1BQU0sRUFBRSxHQUFHLEVBQUUsUUFBUSxDQUFDLEdBQUcsRUFBRSxDQUFDO0FBQ2hELEtBQUs7QUFDTCxJQUFJLE9BQU8sTUFBTSxDQUFDO0FBQ2xCOztBQ25CTyxNQUFNLGNBQWMsQ0FBQztBQUM1QixJQUFJLFdBQVcsQ0FBQyxTQUFTLEVBQUU7QUFDM0IsUUFBUSxJQUFJLENBQUMsVUFBVSxHQUFHLElBQUksZ0JBQWdCLENBQUMsU0FBUyxDQUFDLENBQUM7QUFDMUQsS0FBSztBQUNMLElBQUksdUJBQXVCLENBQUMsR0FBRyxFQUFFO0FBQ2pDLFFBQVEsSUFBSSxDQUFDLFVBQVUsQ0FBQyx1QkFBdUIsQ0FBQyxHQUFHLENBQUMsQ0FBQztBQUNyRCxRQUFRLE9BQU8sSUFBSSxDQUFDO0FBQ3BCLEtBQUs7QUFDTCxJQUFJLHVCQUF1QixDQUFDLEVBQUUsRUFBRTtBQUNoQyxRQUFRLElBQUksQ0FBQyxVQUFVLENBQUMsdUJBQXVCLENBQUMsRUFBRSxDQUFDLENBQUM7QUFDcEQsUUFBUSxPQUFPLElBQUksQ0FBQztBQUNwQixLQUFLO0FBQ0wsSUFBSSxrQkFBa0IsQ0FBQyxlQUFlLEVBQUU7QUFDeEMsUUFBUSxJQUFJLENBQUMsVUFBVSxDQUFDLGtCQUFrQixDQUFDLGVBQWUsQ0FBQyxDQUFDO0FBQzVELFFBQVEsT0FBTyxJQUFJLENBQUM7QUFDcEIsS0FBSztBQUNMLElBQUksMEJBQTBCLENBQUMsVUFBVSxFQUFFO0FBQzNDLFFBQVEsSUFBSSxDQUFDLFVBQVUsQ0FBQywwQkFBMEIsQ0FBQyxVQUFVLENBQUMsQ0FBQztBQUMvRCxRQUFRLE9BQU8sSUFBSSxDQUFDO0FBQ3BCLEtBQUs7QUFDTCxJQUFJLE1BQU0sT0FBTyxDQUFDLEdBQUcsRUFBRSxPQUFPLEVBQUU7QUFDaEMsUUFBUSxNQUFNLEdBQUcsR0FBRyxNQUFNLElBQUksQ0FBQyxVQUFVLENBQUMsT0FBTyxDQUFDLEdBQUcsRUFBRSxPQUFPLENBQUMsQ0FBQztBQUNoRSxRQUFRLE9BQU8sQ0FBQyxHQUFHLENBQUMsU0FBUyxFQUFFLEdBQUcsQ0FBQyxhQUFhLEVBQUUsR0FBRyxDQUFDLEVBQUUsRUFBRSxHQUFHLENBQUMsVUFBVSxFQUFFLEdBQUcsQ0FBQyxHQUFHLENBQUMsQ0FBQyxJQUFJLENBQUMsR0FBRyxDQUFDLENBQUM7QUFDN0YsS0FBSztBQUNMOztBQ3JCQSxNQUFNLElBQUksR0FBRyxPQUFPLEdBQUcsRUFBRSxHQUFHLEVBQUUsSUFBSSxLQUFLO0FBQ3ZDLElBQUksTUFBTSxTQUFTLEdBQUcsTUFBTWEsWUFBVSxDQUFDLEdBQUcsRUFBRSxHQUFHLEVBQUUsTUFBTSxDQUFDLENBQUM7QUFDekQsSUFBSSxjQUFjLENBQUMsR0FBRyxFQUFFLFNBQVMsQ0FBQyxDQUFDO0FBQ25DLElBQUksTUFBTSxTQUFTLEdBQUcsTUFBTXZCLFFBQU0sQ0FBQyxNQUFNLENBQUMsSUFBSSxDQUFDVyxTQUFlLENBQUMsR0FBRyxFQUFFLFNBQVMsQ0FBQyxTQUFTLENBQUMsVUFBVSxDQUFDLEVBQUUsU0FBUyxFQUFFLElBQUksQ0FBQyxDQUFDO0FBQ3RILElBQUksT0FBTyxJQUFJLFVBQVUsQ0FBQyxTQUFTLENBQUMsQ0FBQztBQUNyQyxDQUFDOztBQ0ZNLE1BQU0sYUFBYSxDQUFDO0FBQzNCLElBQUksV0FBVyxDQUFDLE9BQU8sRUFBRTtBQUN6QixRQUFRLElBQUksRUFBRSxPQUFPLFlBQVksVUFBVSxDQUFDLEVBQUU7QUFDOUMsWUFBWSxNQUFNLElBQUksU0FBUyxDQUFDLDJDQUEyQyxDQUFDLENBQUM7QUFDN0UsU0FBUztBQUNULFFBQVEsSUFBSSxDQUFDLFFBQVEsR0FBRyxPQUFPLENBQUM7QUFDaEMsS0FBSztBQUNMLElBQUksa0JBQWtCLENBQUMsZUFBZSxFQUFFO0FBQ3hDLFFBQVEsSUFBSSxJQUFJLENBQUMsZ0JBQWdCLEVBQUU7QUFDbkMsWUFBWSxNQUFNLElBQUksU0FBUyxDQUFDLDRDQUE0QyxDQUFDLENBQUM7QUFDOUUsU0FBUztBQUNULFFBQVEsSUFBSSxDQUFDLGdCQUFnQixHQUFHLGVBQWUsQ0FBQztBQUNoRCxRQUFRLE9BQU8sSUFBSSxDQUFDO0FBQ3BCLEtBQUs7QUFDTCxJQUFJLG9CQUFvQixDQUFDLGlCQUFpQixFQUFFO0FBQzVDLFFBQVEsSUFBSSxJQUFJLENBQUMsa0JBQWtCLEVBQUU7QUFDckMsWUFBWSxNQUFNLElBQUksU0FBUyxDQUFDLDhDQUE4QyxDQUFDLENBQUM7QUFDaEYsU0FBUztBQUNULFFBQVEsSUFBSSxDQUFDLGtCQUFrQixHQUFHLGlCQUFpQixDQUFDO0FBQ3BELFFBQVEsT0FBTyxJQUFJLENBQUM7QUFDcEIsS0FBSztBQUNMLElBQUksTUFBTSxJQUFJLENBQUMsR0FBRyxFQUFFLE9BQU8sRUFBRTtBQUM3QixRQUFRLElBQUksQ0FBQyxJQUFJLENBQUMsZ0JBQWdCLElBQUksQ0FBQyxJQUFJLENBQUMsa0JBQWtCLEVBQUU7QUFDaEUsWUFBWSxNQUFNLElBQUksVUFBVSxDQUFDLGlGQUFpRixDQUFDLENBQUM7QUFDcEgsU0FBUztBQUNULFFBQVEsSUFBSSxDQUFDLFVBQVUsQ0FBQyxJQUFJLENBQUMsZ0JBQWdCLEVBQUUsSUFBSSxDQUFDLGtCQUFrQixDQUFDLEVBQUU7QUFDekUsWUFBWSxNQUFNLElBQUksVUFBVSxDQUFDLDJFQUEyRSxDQUFDLENBQUM7QUFDOUcsU0FBUztBQUNULFFBQVEsTUFBTSxVQUFVLEdBQUc7QUFDM0IsWUFBWSxHQUFHLElBQUksQ0FBQyxnQkFBZ0I7QUFDcEMsWUFBWSxHQUFHLElBQUksQ0FBQyxrQkFBa0I7QUFDdEMsU0FBUyxDQUFDO0FBQ1YsUUFBUSxNQUFNLFVBQVUsR0FBRyxZQUFZLENBQUMsVUFBVSxFQUFFLElBQUksR0FBRyxDQUFDLENBQUMsQ0FBQyxLQUFLLEVBQUUsSUFBSSxDQUFDLENBQUMsQ0FBQyxFQUFFLE9BQU8sS0FBSyxJQUFJLElBQUksT0FBTyxLQUFLLEtBQUssQ0FBQyxHQUFHLEtBQUssQ0FBQyxHQUFHLE9BQU8sQ0FBQyxJQUFJLEVBQUUsSUFBSSxDQUFDLGdCQUFnQixFQUFFLFVBQVUsQ0FBQyxDQUFDO0FBQ2pMLFFBQVEsSUFBSSxHQUFHLEdBQUcsSUFBSSxDQUFDO0FBQ3ZCLFFBQVEsSUFBSSxVQUFVLENBQUMsR0FBRyxDQUFDLEtBQUssQ0FBQyxFQUFFO0FBQ25DLFlBQVksR0FBRyxHQUFHLElBQUksQ0FBQyxnQkFBZ0IsQ0FBQyxHQUFHLENBQUM7QUFDNUMsWUFBWSxJQUFJLE9BQU8sR0FBRyxLQUFLLFNBQVMsRUFBRTtBQUMxQyxnQkFBZ0IsTUFBTSxJQUFJLFVBQVUsQ0FBQyx5RUFBeUUsQ0FBQyxDQUFDO0FBQ2hILGFBQWE7QUFDYixTQUFTO0FBQ1QsUUFBUSxNQUFNLEVBQUUsR0FBRyxFQUFFLEdBQUcsVUFBVSxDQUFDO0FBQ25DLFFBQVEsSUFBSSxPQUFPLEdBQUcsS0FBSyxRQUFRLElBQUksQ0FBQyxHQUFHLEVBQUU7QUFDN0MsWUFBWSxNQUFNLElBQUksVUFBVSxDQUFDLDJEQUEyRCxDQUFDLENBQUM7QUFDOUYsU0FBUztBQUNULFFBQVEsWUFBWSxDQUFDLEdBQUcsRUFBRSxHQUFHLEVBQUUsTUFBTSxDQUFDLENBQUM7QUFDdkMsUUFBUSxJQUFJLE9BQU8sR0FBRyxJQUFJLENBQUMsUUFBUSxDQUFDO0FBQ3BDLFFBQVEsSUFBSSxHQUFHLEVBQUU7QUFDakIsWUFBWSxPQUFPLEdBQUcsT0FBTyxDQUFDLE1BQU0sQ0FBQ0QsTUFBUyxDQUFDLE9BQU8sQ0FBQyxDQUFDLENBQUM7QUFDekQsU0FBUztBQUNULFFBQVEsSUFBSSxlQUFlLENBQUM7QUFDNUIsUUFBUSxJQUFJLElBQUksQ0FBQyxnQkFBZ0IsRUFBRTtBQUNuQyxZQUFZLGVBQWUsR0FBRyxPQUFPLENBQUMsTUFBTSxDQUFDQSxNQUFTLENBQUMsSUFBSSxDQUFDLFNBQVMsQ0FBQyxJQUFJLENBQUMsZ0JBQWdCLENBQUMsQ0FBQyxDQUFDLENBQUM7QUFDL0YsU0FBUztBQUNULGFBQWE7QUFDYixZQUFZLGVBQWUsR0FBRyxPQUFPLENBQUMsTUFBTSxDQUFDLEVBQUUsQ0FBQyxDQUFDO0FBQ2pELFNBQVM7QUFDVCxRQUFRLE1BQU0sSUFBSSxHQUFHLE1BQU0sQ0FBQyxlQUFlLEVBQUUsT0FBTyxDQUFDLE1BQU0sQ0FBQyxHQUFHLENBQUMsRUFBRSxPQUFPLENBQUMsQ0FBQztBQUMzRSxRQUFRLE1BQU0sU0FBUyxHQUFHLE1BQU0sSUFBSSxDQUFDLEdBQUcsRUFBRSxHQUFHLEVBQUUsSUFBSSxDQUFDLENBQUM7QUFDckQsUUFBUSxNQUFNLEdBQUcsR0FBRztBQUNwQixZQUFZLFNBQVMsRUFBRUEsTUFBUyxDQUFDLFNBQVMsQ0FBQztBQUMzQyxZQUFZLE9BQU8sRUFBRSxFQUFFO0FBQ3ZCLFNBQVMsQ0FBQztBQUNWLFFBQVEsSUFBSSxHQUFHLEVBQUU7QUFDakIsWUFBWSxHQUFHLENBQUMsT0FBTyxHQUFHLE9BQU8sQ0FBQyxNQUFNLENBQUMsT0FBTyxDQUFDLENBQUM7QUFDbEQsU0FBUztBQUNULFFBQVEsSUFBSSxJQUFJLENBQUMsa0JBQWtCLEVBQUU7QUFDckMsWUFBWSxHQUFHLENBQUMsTUFBTSxHQUFHLElBQUksQ0FBQyxrQkFBa0IsQ0FBQztBQUNqRCxTQUFTO0FBQ1QsUUFBUSxJQUFJLElBQUksQ0FBQyxnQkFBZ0IsRUFBRTtBQUNuQyxZQUFZLEdBQUcsQ0FBQyxTQUFTLEdBQUcsT0FBTyxDQUFDLE1BQU0sQ0FBQyxlQUFlLENBQUMsQ0FBQztBQUM1RCxTQUFTO0FBQ1QsUUFBUSxPQUFPLEdBQUcsQ0FBQztBQUNuQixLQUFLO0FBQ0w7O0FDL0VPLE1BQU0sV0FBVyxDQUFDO0FBQ3pCLElBQUksV0FBVyxDQUFDLE9BQU8sRUFBRTtBQUN6QixRQUFRLElBQUksQ0FBQyxVQUFVLEdBQUcsSUFBSSxhQUFhLENBQUMsT0FBTyxDQUFDLENBQUM7QUFDckQsS0FBSztBQUNMLElBQUksa0JBQWtCLENBQUMsZUFBZSxFQUFFO0FBQ3hDLFFBQVEsSUFBSSxDQUFDLFVBQVUsQ0FBQyxrQkFBa0IsQ0FBQyxlQUFlLENBQUMsQ0FBQztBQUM1RCxRQUFRLE9BQU8sSUFBSSxDQUFDO0FBQ3BCLEtBQUs7QUFDTCxJQUFJLE1BQU0sSUFBSSxDQUFDLEdBQUcsRUFBRSxPQUFPLEVBQUU7QUFDN0IsUUFBUSxNQUFNLEdBQUcsR0FBRyxNQUFNLElBQUksQ0FBQyxVQUFVLENBQUMsSUFBSSxDQUFDLEdBQUcsRUFBRSxPQUFPLENBQUMsQ0FBQztBQUM3RCxRQUFRLElBQUksR0FBRyxDQUFDLE9BQU8sS0FBSyxTQUFTLEVBQUU7QUFDdkMsWUFBWSxNQUFNLElBQUksU0FBUyxDQUFDLDJEQUEyRCxDQUFDLENBQUM7QUFDN0YsU0FBUztBQUNULFFBQVEsT0FBTyxDQUFDLEVBQUUsR0FBRyxDQUFDLFNBQVMsQ0FBQyxDQUFDLEVBQUUsR0FBRyxDQUFDLE9BQU8sQ0FBQyxDQUFDLEVBQUUsR0FBRyxDQUFDLFNBQVMsQ0FBQyxDQUFDLENBQUM7QUFDbEUsS0FBSztBQUNMOztBQ1hBLE1BQU0sS0FBSyxHQUFHLENBQUMsS0FBSyxFQUFFLFdBQVcsS0FBSztBQUN0QyxJQUFJLElBQUksT0FBTyxLQUFLLEtBQUssUUFBUSxJQUFJLENBQUMsS0FBSyxFQUFFO0FBQzdDLFFBQVEsTUFBTSxJQUFJLFVBQVUsQ0FBQyxDQUFDLEVBQUUsV0FBVyxDQUFDLG1CQUFtQixDQUFDLENBQUMsQ0FBQztBQUNsRSxLQUFLO0FBQ0wsQ0FBQyxDQUFDO0FBQ0ssZUFBZSxzQkFBc0IsQ0FBQyxHQUFHLEVBQUUsZUFBZSxHQUFHLFFBQVEsRUFBRTtBQUM5RSxJQUFJLElBQUksQ0FBQyxRQUFRLENBQUMsR0FBRyxDQUFDLEVBQUU7QUFDeEIsUUFBUSxNQUFNLElBQUksU0FBUyxDQUFDLHVCQUF1QixDQUFDLENBQUM7QUFDckQsS0FBSztBQUNMLElBQUksSUFBSSxVQUFVLENBQUM7QUFDbkIsSUFBSSxRQUFRLEdBQUcsQ0FBQyxHQUFHO0FBQ25CLFFBQVEsS0FBSyxJQUFJO0FBQ2pCLFlBQVksS0FBSyxDQUFDLEdBQUcsQ0FBQyxHQUFHLEVBQUUseUJBQXlCLENBQUMsQ0FBQztBQUN0RCxZQUFZLEtBQUssQ0FBQyxHQUFHLENBQUMsQ0FBQyxFQUFFLDhCQUE4QixDQUFDLENBQUM7QUFDekQsWUFBWSxLQUFLLENBQUMsR0FBRyxDQUFDLENBQUMsRUFBRSw4QkFBOEIsQ0FBQyxDQUFDO0FBQ3pELFlBQVksVUFBVSxHQUFHLEVBQUUsR0FBRyxFQUFFLEdBQUcsQ0FBQyxHQUFHLEVBQUUsR0FBRyxFQUFFLEdBQUcsQ0FBQyxHQUFHLEVBQUUsQ0FBQyxFQUFFLEdBQUcsQ0FBQyxDQUFDLEVBQUUsQ0FBQyxFQUFFLEdBQUcsQ0FBQyxDQUFDLEVBQUUsQ0FBQztBQUM1RSxZQUFZLE1BQU07QUFDbEIsUUFBUSxLQUFLLEtBQUs7QUFDbEIsWUFBWSxLQUFLLENBQUMsR0FBRyxDQUFDLEdBQUcsRUFBRSx1Q0FBdUMsQ0FBQyxDQUFDO0FBQ3BFLFlBQVksS0FBSyxDQUFDLEdBQUcsQ0FBQyxDQUFDLEVBQUUsNEJBQTRCLENBQUMsQ0FBQztBQUN2RCxZQUFZLFVBQVUsR0FBRyxFQUFFLEdBQUcsRUFBRSxHQUFHLENBQUMsR0FBRyxFQUFFLEdBQUcsRUFBRSxHQUFHLENBQUMsR0FBRyxFQUFFLENBQUMsRUFBRSxHQUFHLENBQUMsQ0FBQyxFQUFFLENBQUM7QUFDbEUsWUFBWSxNQUFNO0FBQ2xCLFFBQVEsS0FBSyxLQUFLO0FBQ2xCLFlBQVksS0FBSyxDQUFDLEdBQUcsQ0FBQyxDQUFDLEVBQUUsMEJBQTBCLENBQUMsQ0FBQztBQUNyRCxZQUFZLEtBQUssQ0FBQyxHQUFHLENBQUMsQ0FBQyxFQUFFLHlCQUF5QixDQUFDLENBQUM7QUFDcEQsWUFBWSxVQUFVLEdBQUcsRUFBRSxDQUFDLEVBQUUsR0FBRyxDQUFDLENBQUMsRUFBRSxHQUFHLEVBQUUsR0FBRyxDQUFDLEdBQUcsRUFBRSxDQUFDLEVBQUUsR0FBRyxDQUFDLENBQUMsRUFBRSxDQUFDO0FBQzlELFlBQVksTUFBTTtBQUNsQixRQUFRLEtBQUssS0FBSztBQUNsQixZQUFZLEtBQUssQ0FBQyxHQUFHLENBQUMsQ0FBQyxFQUFFLDJCQUEyQixDQUFDLENBQUM7QUFDdEQsWUFBWSxVQUFVLEdBQUcsRUFBRSxDQUFDLEVBQUUsR0FBRyxDQUFDLENBQUMsRUFBRSxHQUFHLEVBQUUsR0FBRyxDQUFDLEdBQUcsRUFBRSxDQUFDO0FBQ3BELFlBQVksTUFBTTtBQUNsQixRQUFRO0FBQ1IsWUFBWSxNQUFNLElBQUksZ0JBQWdCLENBQUMsbURBQW1ELENBQUMsQ0FBQztBQUM1RixLQUFLO0FBQ0wsSUFBSSxNQUFNLElBQUksR0FBRyxPQUFPLENBQUMsTUFBTSxDQUFDLElBQUksQ0FBQyxTQUFTLENBQUMsVUFBVSxDQUFDLENBQUMsQ0FBQztBQUM1RCxJQUFJLE9BQU9BLE1BQVMsQ0FBQyxNQUFNLE1BQU0sQ0FBQyxlQUFlLEVBQUUsSUFBSSxDQUFDLENBQUMsQ0FBQztBQUMxRDs7TUN6Q00sR0FBRyxHQUFHLGdCQUFnQixLQUF3QixFQUFFLFNBQVMsR0FBRyxTQUFTO0lBQ3pFLE1BQU0sVUFBVSxHQUFHLENBQUMsT0FBTyxFQUFFLFNBQVMsRUFBRSxTQUFTLEVBQUUsU0FBUyxDQUFDLENBQUE7SUFDN0QsSUFBSSxDQUFDLFVBQVUsQ0FBQyxRQUFRLENBQUMsU0FBUyxDQUFDLEVBQUU7UUFDbkMsTUFBTSxJQUFJLFVBQVUsQ0FBQyx5Q0FBeUMsSUFBSSxDQUFDLFNBQVMsQ0FBQyxVQUFVLENBQUMsRUFBRSxDQUFDLENBQUE7S0FDNUY7SUFFRCxNQUFNLE9BQU8sR0FBRyxJQUFJLFdBQVcsRUFBRSxDQUFBO0lBQ2pDLE1BQU0sU0FBUyxHQUFHLENBQUMsT0FBTyxLQUFLLEtBQUssUUFBUSxJQUFJLE9BQU8sQ0FBQyxNQUFNLENBQUMsS0FBSyxDQUFDLENBQUMsTUFBTSxHQUFHLEtBQUssQ0FBQTtJQUVwRixJQUFJLE1BQU0sR0FBRyxFQUFFLENBQUE7SUFDQztRQUNkLE1BQU0sR0FBRyxHQUFHLE1BQU0sTUFBTSxDQUFDLE1BQU0sQ0FBQyxNQUFNLENBQUMsU0FBUyxFQUFFLFNBQVMsQ0FBQyxDQUFBO1FBQzVELE1BQU0sQ0FBQyxHQUFHLGtCQUFrQixDQUFDO1FBQzdCLENBQUMsSUFBSSxVQUFVLENBQUMsR0FBRyxDQUFDLEVBQUUsT0FBTyxDQUFDLENBQUMsQ0FBQztZQUM5QixNQUFNLElBQUksQ0FBQyxDQUFDLENBQUMsSUFBSSxDQUFDLENBQUMsR0FBRyxDQUFDLENBQUMsQ0FBQyxHQUFHLEVBQUUsQ0FBQyxDQUFBO1NBQ2hDLENBQUMsQ0FBQTtLQUlIO0lBQ0QsT0FBTyxNQUFNLENBQUE7QUFDZjs7QUNqQkE7QUFDQSxNQUFNLFNBQVMsR0FBRyxJQUFJLENBQUE7QUFFdEI7OztNQUdNLFdBQVcsR0FBRyxPQUFPLFNBQWtCLEVBQUUsR0FBVyxFQUFFLEdBQVc7SUFDckUsTUFBTSxVQUFVLEdBQVEsTUFBTSxTQUFTLENBQUMsU0FBUyxFQUFFLEdBQUcsQ0FBQyxDQUFBO0lBQ3ZELE1BQU0sV0FBVyxHQUFXLE1BQU0sR0FBRyxDQUFDLEdBQUcsQ0FBQyxDQUFBO0lBRTFDLElBQUksV0FBVyxLQUFLLFVBQVUsQ0FBQyxRQUFRLENBQUMsUUFBUSxFQUFFO1FBQ2hELE1BQU0sSUFBSSxLQUFLLENBQUMsMEdBQTBHLENBQUMsQ0FBQTtLQUM1SDtTQUFNLElBQUksSUFBSSxDQUFDLEdBQUcsRUFBRSxHQUFHLFVBQVUsQ0FBQyxHQUFHLEdBQUcsU0FBUyxFQUFFO1FBQ2xELE1BQU0sSUFBSSxLQUFLLENBQUMsaUJBQWlCLENBQUMsQ0FBQTtLQUNuQztTQUFNO1FBQ0wsT0FBTyxJQUFJLENBQUE7S0FDWjtBQUNILEVBQUM7QUFFRDs7O01BR00sU0FBUyxHQUFHLE9BQU8sU0FBa0IsRUFBRSxHQUFXO0lBQ3RELE1BQU0sRUFBRSxPQUFPLEVBQUUsR0FBRyxNQUFNLGFBQWEsQ0FBQyxHQUFHLEVBQUUsU0FBUyxDQUFDLENBQUMsS0FBSyxDQUFDLENBQUMsQ0FBQztRQUM5RCxNQUFNLElBQUksS0FBSyxDQUFDLFFBQVEsTUFBTSxDQUFDLENBQUMsQ0FBQyxFQUFFLENBQUMsQ0FBQTtLQUNyQyxDQUFDLENBQUE7SUFDRixNQUFNLGlCQUFpQixHQUFRLElBQUksQ0FBQyxLQUFLLENBQUMsSUFBSSxXQUFXLEVBQUUsQ0FBQyxNQUFNLENBQUMsT0FBTyxDQUFDLENBQUMsUUFBUSxFQUFFLENBQUMsQ0FBQTtJQUN2RixPQUFPLGlCQUFpQixDQUFBO0FBQzFCLEVBQUM7QUFFRDs7O01BR00sV0FBVyxHQUFHLE9BQU8sU0FBa0IsRUFBRSxHQUFXLEVBQUUsV0FBbUI7SUFDN0UsTUFBTSxVQUFVLEdBQVEsTUFBTSxTQUFTLENBQUMsU0FBUyxFQUFFLEdBQUcsQ0FBQyxDQUFBO0lBQ3ZELE1BQU0saUJBQWlCLEdBQVcsTUFBTSxHQUFHLENBQUMsV0FBVyxDQUFDLENBQUE7SUFFeEQsSUFBSSxVQUFVLENBQUMsUUFBUSxDQUFDLGdCQUFnQixLQUFLLGlCQUFpQixFQUFFO1FBQzlELE1BQU0sSUFBSSxLQUFLLENBQUMsK0hBQStILENBQUMsQ0FBQTtLQUNqSjtTQUFNLElBQUksSUFBSSxDQUFDLEdBQUcsRUFBRSxHQUFHLFVBQVUsQ0FBQyxHQUFHLEdBQUcsU0FBUyxFQUFFO1FBQ2xELE1BQU0sSUFBSSxLQUFLLENBQUMsaUJBQWlCLENBQUMsQ0FBQTtLQUNuQztTQUFNO1FBQ0wsT0FBTyxJQUFJLENBQUE7S0FDWjtBQUNILEVBQUM7QUFFRDs7O01BR00sU0FBUyxHQUFHLE9BQU8sU0FBa0IsRUFBRSxHQUFXO0lBQ3RELE1BQU0sRUFBRSxPQUFPLEVBQUUsR0FBRyxNQUFNLGFBQWEsQ0FBQyxHQUFHLEVBQUUsU0FBUyxDQUFDLENBQUMsS0FBSyxDQUFDLENBQUMsQ0FBQztRQUM5RCxNQUFNLElBQUksS0FBSyxDQUFDLE1BQU0sR0FBRyxNQUFNLENBQUMsQ0FBQyxDQUFDLENBQUMsQ0FBQTtLQUNwQyxDQUFDLENBQUE7SUFDRixNQUFNLGlCQUFpQixHQUFRLElBQUksQ0FBQyxLQUFLLENBQUMsSUFBSSxXQUFXLEVBQUUsQ0FBQyxNQUFNLENBQUMsT0FBTyxDQUFDLENBQUMsUUFBUSxFQUFFLENBQUMsQ0FBQTtJQUN2RixPQUFPLGlCQUFpQixDQUFBO0FBQzFCLEVBQUM7QUFFRDs7O01BR00sV0FBVyxHQUFHLENBQUMsa0JBQTJCLEVBQUUsaUJBQTBCLEVBQUUsR0FBVyxFQUFFLEdBQVEsRUFBRSxHQUFXO0lBQzlHLE9BQU8sSUFBSSxPQUFPLENBQUMsQ0FBQyxPQUFPLEVBQUUsTUFBTTtRQUNqQyxhQUFhLENBQUMsR0FBRyxFQUFFLGtCQUFrQixDQUFDLENBQUMsS0FBSyxDQUFDLENBQUMsQ0FBQztZQUM3QyxNQUFNLENBQUMsSUFBSSxLQUFLLENBQUMsTUFBTSxHQUFHLE1BQU0sQ0FBQyxDQUFDLENBQUMsQ0FBQyxDQUFDLENBQUE7U0FDdEMsQ0FBQyxDQUFBO1FBRUYsU0FBUyxDQUFDLGlCQUFpQixFQUFFLEdBQUcsQ0FBQzthQUM5QixJQUFJLENBQUMsQ0FBQyxVQUFlO1lBQ3BCLEdBQUcsQ0FBQyxJQUFJLENBQUMsU0FBUyxDQUFDLEdBQUcsQ0FBQyxDQUFDO2lCQUNyQixJQUFJLENBQUMsU0FBUztnQkFDYixJQUFJLFVBQVUsQ0FBQyxRQUFRLENBQUMsY0FBYyxLQUFLLFNBQVMsRUFBRTtvQkFDcEQsT0FBTyxDQUFDLElBQUksQ0FBQyxDQUFBO2lCQUNkO3FCQUFNO29CQUNMLE1BQU0sQ0FBQyxJQUFJLEtBQUssQ0FBQywyREFBMkQsQ0FBQyxDQUFDLENBQUE7aUJBQy9FO2FBQ0YsQ0FBQztpQkFDRCxLQUFLLENBQUMsTUFBTSxJQUFJLE1BQU0sQ0FBQyxNQUFNLENBQUMsQ0FBQyxDQUFBO1NBQ25DLENBQUM7YUFDRCxLQUFLLENBQUMsTUFBTSxJQUFJLE1BQU0sQ0FBQyxNQUFNLENBQUMsQ0FBQyxDQUFBO0tBQ25DLENBQUMsQ0FBQTtBQUNKLEVBQUM7QUFFRDs7O01BR00sa0JBQWtCLEdBQUcsT0FBTyxXQUFtQixFQUFFLEdBQVE7SUFDN0QsTUFBTSxPQUFPLEdBQUcsSUFBSSxXQUFXLEVBQUUsQ0FBQTtJQUNqQyxNQUFNLEdBQUcsR0FBRyxNQUFNLFNBQVMsQ0FBQyxHQUFHLEVBQUUsU0FBUyxDQUFDLENBQUE7SUFFM0MsTUFBTSxFQUFFLFNBQVMsRUFBRSxHQUFHLE1BQU0sY0FBYyxDQUFDLFdBQVcsRUFBRSxHQUFHLENBQUMsQ0FBQTtJQUM1RCxPQUFPLE9BQU8sQ0FBQyxNQUFNLENBQUMsU0FBUyxDQUFDLENBQUE7QUFDbEMsRUFBQztBQUVEOzs7TUFHTSxtQkFBbUIsR0FBRyxPQUFPLFNBQWtCLEVBQUUsV0FBbUIsRUFBRSxHQUFRLEVBQUUsR0FBUTtJQUM1RixNQUFNLGtCQUFrQixHQUFHLE1BQU0sa0JBQWtCLENBQUMsV0FBVyxFQUFFLEdBQUcsQ0FBQyxDQUFBO0lBQ3JFLE1BQU0sd0JBQXdCLEdBQVcsTUFBTSxHQUFHLENBQUMsa0JBQWtCLENBQUMsQ0FBQTtJQUV0RSxJQUFJLHdCQUF3QixLQUFLLEdBQUcsQ0FBQyxRQUFRLENBQUMsZ0JBQWdCLEVBQUU7O1FBRTlELE9BQU8sSUFBSSxDQUFBO0tBQ1o7U0FBTTtRQUNMLE1BQU0sSUFBSSxLQUFLLENBQUMsaUdBQWlHLENBQUMsQ0FBQTtLQUNuSDtBQUNIOztNQ3pHYSxXQUFXLEdBQUcsUUFBTztBQUMzQixNQUFNLE9BQU8sR0FBRyxTQUFTLENBQUE7QUFDekIsTUFBTSxrQkFBa0IsR0FBRyxHQUFHLENBQUE7QUFFckM7Ozs7Ozs7Ozs7Ozs7TUFhTSxTQUFTLEdBQUcsT0FBTyxVQUFtQixFQUFFLEtBQStCLEVBQUUsVUFBa0IsRUFBRSxVQUFrQixFQUFFLFVBQWtCLEVBQUUsT0FBZSxFQUFFLEdBQVE7SUFDbEssTUFBTSxLQUFLLEdBQWUsQ0FBQyxPQUFPLEtBQUssS0FBSyxRQUFRLElBQUksQ0FBQyxJQUFJLFdBQVcsRUFBRSxFQUFFLE1BQU0sQ0FBQyxLQUFLLENBQUMsR0FBRyxJQUFJLFVBQVUsQ0FBQyxLQUFLLENBQUMsQ0FBQTtJQUNqSCxNQUFNLEdBQUcsR0FBRyxNQUFNLFNBQVMsQ0FBQyxHQUFHLENBQUMsQ0FBQTtJQUNoQyxNQUFNLFdBQVcsR0FBVyxNQUFNLElBQUksY0FBYyxDQUFDLEtBQUssQ0FBQztTQUN4RCxrQkFBa0IsQ0FBQyxFQUFFLEdBQUcsRUFBRSxLQUFLLEVBQUUsR0FBRyxFQUFFLFNBQVMsRUFBRSxDQUFDO1NBQ2xELE9BQU8sQ0FBQyxHQUFHLENBQUMsQ0FBQTtJQUVmLE1BQU0sZUFBZSxHQUFXLE1BQU0sR0FBRyxDQUFDLFdBQVcsQ0FBQyxDQUFBO0lBQ3RELE1BQU0sU0FBUyxHQUFXLE1BQU0sR0FBRyxDQUFDLEtBQUssQ0FBQyxDQUFBO0lBQzFDLE1BQU0sT0FBTyxHQUFXLE1BQU0sR0FBRyxDQUFDLElBQUksQ0FBQyxTQUFTLENBQUMsR0FBRyxDQUFDLENBQUMsQ0FBQTtJQUV0RCxNQUFNLEtBQUssR0FBUTtRQUNqQixHQUFHLEVBQUUsVUFBVTtRQUNmLEdBQUcsRUFBRSxVQUFVO1FBQ2YsR0FBRyxFQUFFLElBQUksQ0FBQyxHQUFHLEVBQUU7UUFDZixRQUFRLEVBQUU7WUFDUixFQUFFLEVBQUUsVUFBVTtZQUNkLElBQUksRUFBRSxVQUFVO1lBQ2hCLElBQUksRUFBRSxVQUFVO1lBQ2hCLFFBQVEsRUFBRSxPQUFPO1lBQ2pCLFVBQVUsRUFBRSxhQUFhO1lBQ3pCLFFBQVEsRUFBRSxRQUFRO1lBQ2xCLGdCQUFnQixFQUFFLGVBQWU7WUFDakMsZ0JBQWdCLEVBQUUsU0FBUztZQUMzQixjQUFjLEVBQUUsT0FBTztTQUN4QjtLQUNGLENBQUE7SUFFRCxNQUFNLFdBQVcsR0FBVyxNQUFNLFNBQVMsQ0FBQyxVQUFVLEVBQUUsS0FBSyxDQUFDLENBQUE7SUFDOUQsT0FBTyxFQUFFLFdBQVcsRUFBRSxXQUFXLEVBQUUsR0FBRyxFQUFFLFdBQVcsRUFBRSxDQUFBO0FBQ3ZELEVBQUM7QUFFRDs7Ozs7TUFLTSxTQUFTLEdBQUc7SUFDaEIsSUFBSSxHQUFZLENBQUE7SUFDQTtRQUNkLEdBQUcsR0FBRyxNQUFNLE1BQU0sQ0FBQyxNQUFNLENBQUMsTUFBTSxDQUFDLFdBQVcsQ0FDMUM7WUFDRSxJQUFJLEVBQUUsT0FBTztZQUNiLE1BQU0sRUFBRSxrQkFBa0I7U0FDM0IsRUFDRCxJQUFJLEVBQ0osQ0FBQyxTQUFTLEVBQUUsU0FBUyxDQUFDLENBQ3ZCLENBQUE7S0FJRjtJQUNELE1BQU0sR0FBRyxHQUFRLE1BQU0sU0FBUyxDQUFDLEdBQUcsQ0FBQyxDQUFBO0lBQ3JDLE1BQU0sVUFBVSxHQUFXLE1BQU0sc0JBQXNCLENBQUMsR0FBRyxDQUFDLENBQUE7SUFDNUQsR0FBRyxDQUFDLEdBQUcsR0FBRyxVQUFVLENBQUE7SUFDcEIsR0FBRyxDQUFDLEdBQUcsR0FBRyxTQUFTLENBQUE7SUFFbkIsT0FBTyxHQUFHLENBQUE7QUFDWixFQUFDO0FBRUQ7OztNQUdNLFNBQVMsR0FBRyxPQUFPLFVBQW1CLEVBQUUsS0FBVTtJQUN0RCxNQUFNLEdBQUcsR0FBZSxJQUFJLFdBQVcsRUFBRSxDQUFDLE1BQU0sQ0FBQyxJQUFJLENBQUMsU0FBUyxDQUFDLEtBQUssQ0FBQyxDQUFDLENBQUE7SUFDdkUsTUFBTSxHQUFHLEdBQVcsTUFBTSxJQUFJLFdBQVcsQ0FBQyxHQUFHLENBQUM7U0FDM0Msa0JBQWtCLENBQUMsRUFBRSxHQUFHLEVBQUUsV0FBVyxFQUFFLENBQUM7U0FDeEMsSUFBSSxDQUFDLFVBQVUsQ0FBQyxDQUFBO0lBRW5CLE9BQU8sR0FBRyxDQUFBO0FBQ1osRUFBQztBQUVEOzs7TUFHTSxTQUFTLEdBQUcsT0FBTyxVQUFtQixFQUFFLEdBQVcsRUFBRSxVQUFrQixFQUFFLFVBQWtCLEVBQUUsVUFBa0I7SUFDbkgsTUFBTSxXQUFXLEdBQVcsTUFBTSxHQUFHLENBQUMsR0FBRyxDQUFDLENBQUE7SUFFMUMsTUFBTSxLQUFLLEdBQVE7UUFDakIsR0FBRyxFQUFFLFVBQVU7UUFDZixHQUFHLEVBQUUsVUFBVTtRQUNmLEdBQUcsRUFBRSxJQUFJLENBQUMsR0FBRyxFQUFFO1FBQ2YsUUFBUSxFQUFFO1lBQ1IsUUFBUSxFQUFFLFdBQVc7WUFDckIsUUFBUSxFQUFFLFFBQVE7WUFDbEIsVUFBVSxFQUFFLFVBQVU7U0FDdkI7S0FDRixDQUFBO0lBRUQsTUFBTSxXQUFXLEdBQVcsTUFBTSxTQUFTLENBQUMsVUFBVSxFQUFFLEtBQUssQ0FBQyxDQUFBO0lBQzlELE9BQU8sV0FBVyxDQUFBO0FBQ3BCLEVBQUM7QUFFRDs7OztNQUlNLHFCQUFxQixHQUFHLE9BQU8sU0FBa0IsRUFBRSxHQUFXLEVBQUUsR0FBVyxFQUFFLEdBQVE7SUFDekYsTUFBTSxVQUFVLEdBQVEsTUFBTSxTQUFTLENBQUMsU0FBUyxFQUFFLEdBQUcsQ0FBQyxDQUFBO0lBRXZELE1BQU0sY0FBYyxHQUFHO1FBQ3JCLFlBQVksRUFBRSxnQkFBZ0I7UUFDOUIsV0FBVyxFQUFFO1lBQ1gsSUFBSSxFQUFFLENBQUMsVUFBVSxDQUFDLFFBQVEsQ0FBQyxJQUFJLEVBQUUsVUFBVSxDQUFDLFFBQVEsQ0FBQyxJQUFJLENBQUM7U0FDM0Q7UUFDRCxJQUFJLEVBQUUsTUFBTTtRQUNaLEVBQUUsRUFBRSxVQUFVLENBQUMsUUFBUSxDQUFDLEVBQUU7UUFDMUIsT0FBTyxFQUFFLEVBQUUsQ0FBQyxVQUFVLENBQUMsUUFBUSxDQUFDLFFBQVEsR0FBRyxFQUFFLEdBQUcsRUFBRSxHQUFHLEVBQUUsR0FBRyxFQUFFLEdBQUcsRUFBRSxFQUFFO0tBQ3BFLENBQUE7SUFFRCxNQUFNLFVBQVUsR0FBRztRQUNqQixZQUFZLEVBQUUsWUFBWTtRQUMxQixJQUFJLEVBQUUsS0FBSztRQUNYLE9BQU8sRUFBRSxFQUFFLENBQUMsR0FBRyxDQUFDLEdBQUksR0FBRyxHQUFHLEVBQUU7S0FDN0IsQ0FBQTtJQUVELE9BQU8sRUFBRSxjQUFjLEVBQUUsVUFBVSxFQUFFLENBQUE7QUFDdkM7Ozs7In0= diff --git a/dist/bundles/esm.min.js b/dist/bundles/esm.min.js new file mode 100644 index 0000000..206e4d1 --- /dev/null +++ b/dist/bundles/esm.min.js @@ -0,0 +1 @@ +const e=new TextEncoder,t=new TextDecoder;function r(...e){const t=e.reduce(((e,{length:t})=>e+t),0),r=new Uint8Array(t);let n=0;return e.forEach((e=>{r.set(e,n),n+=e.length})),r}function n(e,t,r){if(t<0||t>=4294967296)throw new RangeError(`value must be >= 0 and <= 4294967295. Received ${t}`);e.set([t>>>24,t>>>16,t>>>8,255&t],r)}function a(e){const t=Math.floor(e/4294967296),r=e%4294967296,a=new Uint8Array(8);return n(a,t,0),n(a,r,4),a}function o(e){const t=new Uint8Array(4);return n(t,e),t}function i(e){return r(o(e.length),e)}const s=t=>(t=>{let r=t;"string"==typeof r&&(r=e.encode(r));const n=[];for(let e=0;e{let r=e;r instanceof Uint8Array&&(r=t.decode(r)),r=r.replace(/-/g,"+").replace(/_/g,"/").replace(/\s/g,"");try{return(e=>new Uint8Array(atob(e).split("").map((e=>e.charCodeAt(0)))))(r)}catch(e){throw new TypeError("The input to be decoded is not correctly encoded.")}};class d extends Error{constructor(e){var t;super(e),this.code="ERR_JOSE_GENERIC",this.name=this.constructor.name,null===(t=Error.captureStackTrace)||void 0===t||t.call(Error,this,this.constructor)}static get code(){return"ERR_JOSE_GENERIC"}}class p extends d{constructor(){super(...arguments),this.code="ERR_JOSE_ALG_NOT_ALLOWED"}static get code(){return"ERR_JOSE_ALG_NOT_ALLOWED"}}class h extends d{constructor(){super(...arguments),this.code="ERR_JOSE_NOT_SUPPORTED"}static get code(){return"ERR_JOSE_NOT_SUPPORTED"}}class y extends d{constructor(){super(...arguments),this.code="ERR_JWE_DECRYPTION_FAILED",this.message="decryption operation failed"}static get code(){return"ERR_JWE_DECRYPTION_FAILED"}}class u extends d{constructor(){super(...arguments),this.code="ERR_JWE_INVALID"}static get code(){return"ERR_JWE_INVALID"}}class w extends d{constructor(){super(...arguments),this.code="ERR_JWS_INVALID"}static get code(){return"ERR_JWS_INVALID"}}class l extends d{constructor(){super(...arguments),this.code="ERR_JWK_INVALID"}static get code(){return"ERR_JWK_INVALID"}}class f extends d{constructor(){super(...arguments),this.code="ERR_JWS_SIGNATURE_VERIFICATION_FAILED",this.message="signature verification failed"}static get code(){return"ERR_JWS_SIGNATURE_VERIFICATION_FAILED"}}var g=crypto;function E(e){try{return null!=e&&"boolean"==typeof e.extractable&&"string"==typeof e.algorithm.name&&"string"==typeof e.type}catch(e){return!1}}var m=g.getRandomValues.bind(g);function A(e){switch(e){case"A128GCM":case"A128GCMKW":case"A192GCM":case"A192GCMKW":case"A256GCM":case"A256GCMKW":return 96;case"A128CBC-HS256":case"A192CBC-HS384":case"A256CBC-HS512":return 128;default:throw new h(`Unsupported JWE Algorithm: ${e}`)}}var S=e=>m(new Uint8Array(A(e)>>3));const b=(e,t)=>{if(t.length<<3!==A(e))throw new u("Invalid Initialization Vector length")},v=(e,t)=>{if(e.length<<3!==t)throw new u("Invalid Content Encryption Key length")};function H(){return"function"==typeof WebSocketPair}function C(){try{return void 0!==process.versions.node}catch(e){return!1}}function P(e,t="algorithm.name"){return new TypeError(`CryptoKey does not support this operation, its ${t} must be ${e}`)}function K(e,t){return e.name===t}function _(e){return parseInt(e.name.substr(4),10)}function W(e,t){if(t.length&&!t.some((t=>e.usages.includes(t)))){let e="CryptoKey does not support this operation, its usages must include ";if(t.length>2){const r=t.pop();e+=`one of ${t.join(", ")}, or ${r}.`}else 2===t.length?e+=`one of ${t[0]} or ${t[1]}.`:e+=`${t[0]}.`;throw new TypeError(e)}}function k(e,t,...r){switch(t){case"HS256":case"HS384":case"HS512":{if(!K(e.algorithm,"HMAC"))throw P("HMAC");const r=parseInt(t.substr(2),10);if(_(e.algorithm.hash)!==r)throw P(`SHA-${r}`,"algorithm.hash");break}case"RS256":case"RS384":case"RS512":{if(!K(e.algorithm,"RSASSA-PKCS1-v1_5"))throw P("RSASSA-PKCS1-v1_5");const r=parseInt(t.substr(2),10);if(_(e.algorithm.hash)!==r)throw P(`SHA-${r}`,"algorithm.hash");break}case"PS256":case"PS384":case"PS512":{if(!K(e.algorithm,"RSA-PSS"))throw P("RSA-PSS");const r=parseInt(t.substr(2),10);if(_(e.algorithm.hash)!==r)throw P(`SHA-${r}`,"algorithm.hash");break}case C()&&"EdDSA":if("NODE-ED25519"!==e.algorithm.name&&"NODE-ED448"!==e.algorithm.name)throw P("NODE-ED25519 or NODE-ED448");break;case H()&&"EdDSA":if(!K(e.algorithm,"NODE-ED25519"))throw P("NODE-ED25519");break;case"ES256":case"ES384":case"ES512":{if(!K(e.algorithm,"ECDSA"))throw P("ECDSA");const r=function(e){switch(e){case"ES256":return"P-256";case"ES384":return"P-384";case"ES512":return"P-521";default:throw new Error("unreachable")}}(t);if(e.algorithm.namedCurve!==r)throw P(r,"algorithm.namedCurve");break}default:throw new TypeError("CryptoKey does not support this operation")}W(e,r)}function U(e,t,...r){switch(t){case"A128GCM":case"A192GCM":case"A256GCM":{if(!K(e.algorithm,"AES-GCM"))throw P("AES-GCM");const r=parseInt(t.substr(1,3),10);if(e.algorithm.length!==r)throw P(r,"algorithm.length");break}case"A128KW":case"A192KW":case"A256KW":{if(!K(e.algorithm,"AES-KW"))throw P("AES-KW");const r=parseInt(t.substr(1,3),10);if(e.algorithm.length!==r)throw P(r,"algorithm.length");break}case"ECDH-ES":if(!K(e.algorithm,"ECDH"))throw P("ECDH");break;case"PBES2-HS256+A128KW":case"PBES2-HS384+A192KW":case"PBES2-HS512+A256KW":if(!K(e.algorithm,"PBKDF2"))throw P("PBKDF2");break;case"RSA-OAEP":case"RSA-OAEP-256":case"RSA-OAEP-384":case"RSA-OAEP-512":{if(!K(e.algorithm,"RSA-OAEP"))throw P("RSA-OAEP");const r=parseInt(t.substr(9),10)||1;if(_(e.algorithm.hash)!==r)throw P(`SHA-${r}`,"algorithm.hash");break}default:throw new TypeError("CryptoKey does not support this operation")}W(e,r)}var R=(e,...t)=>{let r="Key must be ";if(t.length>2){const e=t.pop();r+=`one of type ${t.join(", ")}, or ${e}.`}else 2===t.length?r+=`one of type ${t[0]} or ${t[1]}.`:r+=`of type ${t[0]}.`;return null==e?r+=` Received ${e}`:"function"==typeof e&&e.name?r+=` Received function ${e.name}`:"object"==typeof e&&null!=e&&e.constructor&&e.constructor.name&&(r+=` Received an instance of ${e.constructor.name}`),r},J=e=>E(e);const D=["CryptoKey"];async function O(e,t,n,o,i,s){if(!(t instanceof Uint8Array))throw new TypeError(R(t,"Uint8Array"));const c=parseInt(e.substr(1,3),10),d=await g.subtle.importKey("raw",t.subarray(c>>3),"AES-CBC",!1,["decrypt"]),p=await g.subtle.importKey("raw",t.subarray(0,c>>3),{hash:"SHA-"+(c<<1),name:"HMAC"},!1,["sign"]),h=r(s,o,n,a(s.length<<3)),u=new Uint8Array((await g.subtle.sign("HMAC",p,h)).slice(0,c>>3));let w,l;try{w=((e,t)=>{if(!(e instanceof Uint8Array))throw new TypeError("First argument must be a buffer");if(!(t instanceof Uint8Array))throw new TypeError("Second argument must be a buffer");if(e.length!==t.length)throw new TypeError("Input buffers must have the same length");const r=e.length;let n=0,a=-1;for(;++a{if(!(E(t)||t instanceof Uint8Array))throw new TypeError(R(t,...D,"Uint8Array"));switch(b(e,a),e){case"A128CBC-HS256":case"A192CBC-HS384":case"A256CBC-HS512":return t instanceof Uint8Array&&v(t,parseInt(e.substr(-3),10)),O(e,t,n,a,o,i);case"A128GCM":case"A192GCM":case"A256GCM":return t instanceof Uint8Array&&v(t,parseInt(e.substr(1,3),10)),async function(e,t,n,a,o,i){let s;t instanceof Uint8Array?s=await g.subtle.importKey("raw",t,"AES-GCM",!1,["decrypt"]):(U(t,e,"decrypt"),s=t);try{return new Uint8Array(await g.subtle.decrypt({additionalData:i,iv:a,name:"AES-GCM",tagLength:128},s,r(n,o)))}catch(e){throw new y}}(e,t,n,a,o,i);default:throw new h("Unsupported JWE Content Encryption Algorithm")}},M=async()=>{throw new h('JWE "zip" (Compression Algorithm) Header Parameter is not supported by your javascript runtime. You need to use the `inflateRaw` decrypt option to provide Inflate Raw implementation.')},I=async()=>{throw new h('JWE "zip" (Compression Algorithm) Header Parameter is not supported by your javascript runtime. You need to use the `deflateRaw` encrypt option to provide Deflate Raw implementation.')},x=(...e)=>{const t=e.filter(Boolean);if(0===t.length||1===t.length)return!0;let r;for(const e of t){const t=Object.keys(e);if(r&&0!==r.size)for(const e of t){if(r.has(e))return!1;r.add(e)}else r=new Set(t)}return!0};function B(e){if("object"!=typeof(t=e)||null===t||"[object Object]"!==Object.prototype.toString.call(e))return!1;var t;if(null===Object.getPrototypeOf(e))return!0;let r=e;for(;null!==Object.getPrototypeOf(r);)r=Object.getPrototypeOf(r);return Object.getPrototypeOf(e)===r}const $=[{hash:"SHA-256",name:"HMAC"},!0,["sign"]];function G(e,t){if(e.algorithm.length!==parseInt(t.substr(1,3),10))throw new TypeError(`Invalid key size for alg: ${t}`)}function j(e,t,r){if(E(e))return U(e,t,r),e;if(e instanceof Uint8Array)return g.subtle.importKey("raw",e,"AES-KW",!0,[r]);throw new TypeError(R(e,...D,"Uint8Array"))}const N=async(e,t,r)=>{const n=await j(t,e,"wrapKey");G(n,e);const a=await g.subtle.importKey("raw",r,...$);return new Uint8Array(await g.subtle.wrapKey("raw",a,n,"AES-KW"))},z=async(e,t,r)=>{const n=await j(t,e,"unwrapKey");G(n,e);const a=await g.subtle.unwrapKey("raw",r,n,"AES-KW",...$);return new Uint8Array(await g.subtle.exportKey("raw",a))},F=async(e,t)=>{const r=`SHA-${e.substr(-3)}`;return new Uint8Array(await g.subtle.digest(r,t))},L=async(t,n,a,s,c=new Uint8Array(0),d=new Uint8Array(0))=>{if(!E(t))throw new TypeError(R(t,...D));if(U(t,"ECDH-ES"),!E(n))throw new TypeError(R(n,...D));U(n,"ECDH-ES","deriveBits","deriveKey");const p=r(i(e.encode(a)),i(c),i(d),o(s));if(!n.usages.includes("deriveBits"))throw new TypeError('ECDH-ES private key "usages" must include "deriveBits"');const h=new Uint8Array(await g.subtle.deriveBits({name:"ECDH",public:t},n,Math.ceil(parseInt(n.algorithm.namedCurve.substr(-3),10)/8)<<3));return async function(e,t,n,a){const i=Math.ceil((n>>3)/32);let s;for(let n=1;n<=i;n++){const i=new Uint8Array(4+t.length+a.length);i.set(o(n)),i.set(t,4),i.set(a,4+t.length),s=s?r(s,await e("sha256",i)):await e("sha256",i)}return s=s.slice(0,n>>3),s}(F,h,s,p)},V=e=>{if(!E(e))throw new TypeError(R(e,...D));return["P-256","P-384","P-521"].includes(e.algorithm.namedCurve)};async function Y(t,n,a,o){!function(e){if(!(e instanceof Uint8Array)||e.length<8)throw new u("PBES2 Salt Input must be 8 or more octets")}(t);const i=function(t,n){return r(e.encode(t),new Uint8Array([0]),n)}(n,t),s=parseInt(n.substr(13,3),10),c={hash:`SHA-${n.substr(8,3)}`,iterations:a,name:"PBKDF2",salt:i},d={length:s,name:"AES-KW"},p=await function(e,t){if(e instanceof Uint8Array)return g.subtle.importKey("raw",e,"PBKDF2",!1,["deriveBits"]);if(E(e))return U(e,t,"deriveBits","deriveKey"),e;throw new TypeError(R(e,...D,"Uint8Array"))}(o,n);if(p.usages.includes("deriveBits"))return new Uint8Array(await g.subtle.deriveBits(c,p,s));if(p.usages.includes("deriveKey"))return g.subtle.deriveKey(c,p,d,!1,["wrapKey","unwrapKey"]);throw new TypeError('PBKDF2 key "usages" must include "deriveBits" or "deriveKey"')}function q(e){switch(e){case"RSA-OAEP":case"RSA-OAEP-256":case"RSA-OAEP-384":case"RSA-OAEP-512":return"RSA-OAEP";default:throw new h(`alg ${e} is not supported either by JOSE or your javascript runtime`)}}var X=(e,t)=>{if(e.startsWith("RS")||e.startsWith("PS")){const{modulusLength:r}=t.algorithm;if("number"!=typeof r||r<2048)throw new TypeError(`${e} requires key modulusLength to be 2048 bits or larger`)}};function Q(e){switch(e){case"A128GCM":return 128;case"A192GCM":return 192;case"A256GCM":case"A128CBC-HS256":return 256;case"A192CBC-HS384":return 384;case"A256CBC-HS512":return 512;default:throw new h(`Unsupported JWE Algorithm: ${e}`)}}var Z=e=>m(new Uint8Array(Q(e)>>3));var ee=async e=>{var t,r;const{algorithm:n,keyUsages:a}=function(e){let t,r;switch(e.kty){case"oct":switch(e.alg){case"HS256":case"HS384":case"HS512":t={name:"HMAC",hash:`SHA-${e.alg.substr(-3)}`},r=["sign","verify"];break;case"A128CBC-HS256":case"A192CBC-HS384":case"A256CBC-HS512":throw new h(`${e.alg} keys cannot be imported as CryptoKey instances`);case"A128GCM":case"A192GCM":case"A256GCM":case"A128GCMKW":case"A192GCMKW":case"A256GCMKW":t={name:"AES-GCM"},r=["encrypt","decrypt"];break;case"A128KW":case"A192KW":case"A256KW":t={name:"AES-KW"},r=["wrapKey","unwrapKey"];break;case"PBES2-HS256+A128KW":case"PBES2-HS384+A192KW":case"PBES2-HS512+A256KW":t={name:"PBKDF2"},r=["deriveBits"];break;default:throw new h('Invalid or unsupported JWK "alg" (Algorithm) Parameter value')}break;case"RSA":switch(e.alg){case"PS256":case"PS384":case"PS512":t={name:"RSA-PSS",hash:`SHA-${e.alg.substr(-3)}`},r=e.d?["sign"]:["verify"];break;case"RS256":case"RS384":case"RS512":t={name:"RSASSA-PKCS1-v1_5",hash:`SHA-${e.alg.substr(-3)}`},r=e.d?["sign"]:["verify"];break;case"RSA-OAEP":case"RSA-OAEP-256":case"RSA-OAEP-384":case"RSA-OAEP-512":t={name:"RSA-OAEP",hash:`SHA-${parseInt(e.alg.substr(-3),10)||1}`},r=e.d?["decrypt","unwrapKey"]:["encrypt","wrapKey"];break;default:throw new h('Invalid or unsupported JWK "alg" (Algorithm) Parameter value')}break;case"EC":switch(e.alg){case"ES256":t={name:"ECDSA",namedCurve:"P-256"},r=e.d?["sign"]:["verify"];break;case"ES384":t={name:"ECDSA",namedCurve:"P-384"},r=e.d?["sign"]:["verify"];break;case"ES512":t={name:"ECDSA",namedCurve:"P-521"},r=e.d?["sign"]:["verify"];break;case"ECDH-ES":case"ECDH-ES+A128KW":case"ECDH-ES+A192KW":case"ECDH-ES+A256KW":t={name:"ECDH",namedCurve:e.crv},r=e.d?["deriveBits"]:[];break;default:throw new h('Invalid or unsupported JWK "alg" (Algorithm) Parameter value')}break;case(H()||C())&&"OKP":if("EdDSA"!==e.alg)throw new h('Invalid or unsupported JWK "alg" (Algorithm) Parameter value');switch(e.crv){case"Ed25519":t={name:"NODE-ED25519",namedCurve:"NODE-ED25519"},r=e.d?["sign"]:["verify"];break;case C()&&"Ed448":t={name:"NODE-ED448",namedCurve:"NODE-ED448"},r=e.d?["sign"]:["verify"];break;default:throw new h('Invalid or unsupported JWK "crv" (Subtype of Key Pair) Parameter value')}break;default:throw new h('Invalid or unsupported JWK "kty" (Key Type) Parameter value')}return{algorithm:t,keyUsages:r}}(e),o=[n,null!==(t=e.ext)&&void 0!==t&&t,null!==(r=e.key_ops)&&void 0!==r?r:a];if("PBKDF2"===n.name)return g.subtle.importKey("raw",c(e.k),...o);const i={...e};return delete i.alg,g.subtle.importKey("jwk",i,...o)};async function te(e,t,r){if(!B(e))throw new TypeError("JWK must be an object");if(t||(t=e.alg),"string"!=typeof t||!t)throw new TypeError('"alg" argument is required when "jwk.alg" is not present');switch(e.kty){case"oct":if("string"!=typeof e.k||!e.k)throw new TypeError('missing "k" (Key Value) Parameter value');return null!=r||(r=!0!==e.ext),r?ee({...e,alg:t,ext:!1}):c(e.k);case"RSA":if(void 0!==e.oth)throw new h('RSA JWK "oth" (Other Primes Info) Parameter value is not supported');case"EC":case"OKP":return ee({...e,alg:t});default:throw new h('Unsupported "kty" (Key Type) Parameter value')}}const re=(e,t,r)=>{e.startsWith("HS")||"dir"===e||e.startsWith("PBES2")||/^A\d{3}(?:GCM)?KW$/.test(e)?(e=>{if(!(e instanceof Uint8Array)){if(!J(e))throw new TypeError(R(e,...D,"Uint8Array"));if("secret"!==e.type)throw new TypeError(`${D.join(" or ")} instances for symmetric algorithms must be of type "secret"`)}})(t):((e,t)=>{if(!J(e))throw new TypeError(R(e,...D));if("secret"===e.type)throw new TypeError(`${D.join(" or ")} instances for asymmetric algorithms must not be of type "secret"`);if("sign"===t&&"public"===e.type)throw new TypeError(`${D.join(" or ")} instances for asymmetric algorithm signing must be of type "private"`);if("decrypt"===t&&"public"===e.type)throw new TypeError(`${D.join(" or ")} instances for asymmetric algorithm decryption must be of type "private"`);if(e.algorithm&&"verify"===t&&"private"===e.type)throw new TypeError(`${D.join(" or ")} instances for asymmetric algorithm verifying must be of type "public"`);if(e.algorithm&&"encrypt"===t&&"private"===e.type)throw new TypeError(`${D.join(" or ")} instances for asymmetric algorithm encryption must be of type "public"`)})(t,r)};const ne=async(e,t,n,o,i)=>{if(!(E(n)||n instanceof Uint8Array))throw new TypeError(R(n,...D,"Uint8Array"));switch(b(e,o),e){case"A128CBC-HS256":case"A192CBC-HS384":case"A256CBC-HS512":return n instanceof Uint8Array&&v(n,parseInt(e.substr(-3),10)),async function(e,t,n,o,i){if(!(n instanceof Uint8Array))throw new TypeError(R(n,"Uint8Array"));const s=parseInt(e.substr(1,3),10),c=await g.subtle.importKey("raw",n.subarray(s>>3),"AES-CBC",!1,["encrypt"]),d=await g.subtle.importKey("raw",n.subarray(0,s>>3),{hash:"SHA-"+(s<<1),name:"HMAC"},!1,["sign"]),p=new Uint8Array(await g.subtle.encrypt({iv:o,name:"AES-CBC"},c,t)),h=r(i,o,p,a(i.length<<3));return{ciphertext:p,tag:new Uint8Array((await g.subtle.sign("HMAC",d,h)).slice(0,s>>3))}}(e,t,n,o,i);case"A128GCM":case"A192GCM":case"A256GCM":return n instanceof Uint8Array&&v(n,parseInt(e.substr(1,3),10)),async function(e,t,r,n,a){let o;r instanceof Uint8Array?o=await g.subtle.importKey("raw",r,"AES-GCM",!1,["encrypt"]):(U(r,e,"encrypt"),o=r);const i=new Uint8Array(await g.subtle.encrypt({additionalData:a,iv:n,name:"AES-GCM",tagLength:128},o,t)),s=i.slice(-16);return{ciphertext:i.slice(0,-16),tag:s}}(e,t,n,o,i);default:throw new h("Unsupported JWE Content Encryption Algorithm")}};async function ae(e,t,r,n){switch(re(e,t,"decrypt"),e){case"dir":if(void 0!==r)throw new u("Encountered unexpected JWE Encrypted Key");return t;case"ECDH-ES":if(void 0!==r)throw new u("Encountered unexpected JWE Encrypted Key");case"ECDH-ES+A128KW":case"ECDH-ES+A192KW":case"ECDH-ES+A256KW":{if(!B(n.epk))throw new u('JOSE Header "epk" (Ephemeral Public Key) missing or invalid');if(!V(t))throw new h("ECDH-ES with the provided key is not allowed or not supported by your javascript runtime");const a=await te(n.epk,e);let o,i;if(void 0!==n.apu){if("string"!=typeof n.apu)throw new u('JOSE Header "apu" (Agreement PartyUInfo) invalid');o=c(n.apu)}if(void 0!==n.apv){if("string"!=typeof n.apv)throw new u('JOSE Header "apv" (Agreement PartyVInfo) invalid');i=c(n.apv)}const s=await L(a,t,"ECDH-ES"===e?n.enc:e,"ECDH-ES"===e?Q(n.enc):parseInt(e.substr(-5,3),10),o,i);if("ECDH-ES"===e)return s;if(void 0===r)throw new u("JWE Encrypted Key missing");return z(e.substr(-6),s,r)}case"RSA1_5":case"RSA-OAEP":case"RSA-OAEP-256":case"RSA-OAEP-384":case"RSA-OAEP-512":if(void 0===r)throw new u("JWE Encrypted Key missing");return(async(e,t,r)=>{if(!E(t))throw new TypeError(R(t,...D));if(U(t,e,"decrypt","unwrapKey"),X(e,t),t.usages.includes("decrypt"))return new Uint8Array(await g.subtle.decrypt(q(e),t,r));if(t.usages.includes("unwrapKey")){const n=await g.subtle.unwrapKey("raw",r,t,q(e),...$);return new Uint8Array(await g.subtle.exportKey("raw",n))}throw new TypeError('RSA-OAEP key "usages" must include "decrypt" or "unwrapKey" for this operation')})(e,t,r);case"PBES2-HS256+A128KW":case"PBES2-HS384+A192KW":case"PBES2-HS512+A256KW":if(void 0===r)throw new u("JWE Encrypted Key missing");if("number"!=typeof n.p2c)throw new u('JOSE Header "p2c" (PBES2 Count) missing or invalid');if("string"!=typeof n.p2s)throw new u('JOSE Header "p2s" (PBES2 Salt) missing or invalid');return(async(e,t,r,n,a)=>{const o=await Y(a,e,n,t);return z(e.substr(-6),o,r)})(e,t,r,n.p2c,c(n.p2s));case"A128KW":case"A192KW":case"A256KW":if(void 0===r)throw new u("JWE Encrypted Key missing");return z(e,t,r);case"A128GCMKW":case"A192GCMKW":case"A256GCMKW":if(void 0===r)throw new u("JWE Encrypted Key missing");if("string"!=typeof n.iv)throw new u('JOSE Header "iv" (Initialization Vector) missing or invalid');if("string"!=typeof n.tag)throw new u('JOSE Header "tag" (Authentication Tag) missing or invalid');return async function(e,t,r,n,a){const o=e.substr(0,7);return T(o,t,r,n,a,new Uint8Array(0))}(e,t,r,c(n.iv),c(n.tag));default:throw new h('Invalid or unsupported "alg" (JWE Algorithm) header value')}}function oe(e,t,r,n,a){if(void 0!==a.crit&&void 0===n.crit)throw new e('"crit" (Critical) Header Parameter MUST be integrity protected');if(!n||void 0===n.crit)return new Set;if(!Array.isArray(n.crit)||0===n.crit.length||n.crit.some((e=>"string"!=typeof e||0===e.length)))throw new e('"crit" (Critical) Header Parameter MUST be an array of non-empty strings when present');let o;o=void 0!==r?new Map([...Object.entries(r),...t.entries()]):t;for(const t of n.crit){if(!o.has(t))throw new h(`Extension Header Parameter "${t}" is not recognized`);if(void 0===a[t])throw new e(`Extension Header Parameter "${t}" is missing`);if(o.get(t)&&void 0===n[t])throw new e(`Extension Header Parameter "${t}" MUST be integrity protected`)}return new Set(n.crit)}const ie=(e,t)=>{if(void 0!==t&&(!Array.isArray(t)||t.some((e=>"string"!=typeof e))))throw new TypeError(`"${e}" option must be an array of strings`);if(t)return new Set(t)};async function se(n,a,o){var i;if(!B(n))throw new u("Flattened JWE must be an object");if(void 0===n.protected&&void 0===n.header&&void 0===n.unprotected)throw new u("JOSE Header missing");if("string"!=typeof n.iv)throw new u("JWE Initialization Vector missing or incorrect type");if("string"!=typeof n.ciphertext)throw new u("JWE Ciphertext missing or incorrect type");if("string"!=typeof n.tag)throw new u("JWE Authentication Tag missing or incorrect type");if(void 0!==n.protected&&"string"!=typeof n.protected)throw new u("JWE Protected Header incorrect type");if(void 0!==n.encrypted_key&&"string"!=typeof n.encrypted_key)throw new u("JWE Encrypted Key incorrect type");if(void 0!==n.aad&&"string"!=typeof n.aad)throw new u("JWE AAD incorrect type");if(void 0!==n.header&&!B(n.header))throw new u("JWE Shared Unprotected Header incorrect type");if(void 0!==n.unprotected&&!B(n.unprotected))throw new u("JWE Per-Recipient Unprotected Header incorrect type");let s;if(n.protected){const e=c(n.protected);try{s=JSON.parse(t.decode(e))}catch(e){throw new u("JWE Protected Header is invalid")}}if(!x(s,n.header,n.unprotected))throw new u("JWE Protected, JWE Unprotected Header, and JWE Per-Recipient Unprotected Header Parameter names must be disjoint");const d={...s,...n.header,...n.unprotected};if(oe(u,new Map,null==o?void 0:o.crit,s,d),void 0!==d.zip){if(!s||!s.zip)throw new u('JWE "zip" (Compression Algorithm) Header MUST be integrity protected');if("DEF"!==d.zip)throw new h('Unsupported JWE "zip" (Compression Algorithm) Header Parameter value')}const{alg:y,enc:w}=d;if("string"!=typeof y||!y)throw new u("missing JWE Algorithm (alg) in JWE Header");if("string"!=typeof w||!w)throw new u("missing JWE Encryption Algorithm (enc) in JWE Header");const l=o&&ie("keyManagementAlgorithms",o.keyManagementAlgorithms),f=o&&ie("contentEncryptionAlgorithms",o.contentEncryptionAlgorithms);if(l&&!l.has(y))throw new p('"alg" (Algorithm) Header Parameter not allowed');if(f&&!f.has(w))throw new p('"enc" (Encryption Algorithm) Header Parameter not allowed');let g;void 0!==n.encrypted_key&&(g=c(n.encrypted_key));let E,m=!1;"function"==typeof a&&(a=await a(s,n),m=!0);try{E=await ae(y,a,g,d)}catch(e){if(e instanceof TypeError)throw e;E=Z(w)}const A=c(n.iv),S=c(n.tag),b=e.encode(null!==(i=n.protected)&&void 0!==i?i:"");let v;v=void 0!==n.aad?r(b,e.encode("."),e.encode(n.aad)):b;let H=await T(w,E,c(n.ciphertext),A,S,v);"DEF"===d.zip&&(H=await((null==o?void 0:o.inflateRaw)||M)(H));const C={plaintext:H};return void 0!==n.protected&&(C.protectedHeader=s),void 0!==n.aad&&(C.additionalAuthenticatedData=c(n.aad)),void 0!==n.unprotected&&(C.sharedUnprotectedHeader=n.unprotected),void 0!==n.header&&(C.unprotectedHeader=n.header),m?{...C,key:a}:C}async function ce(e,r,n){if(e instanceof Uint8Array&&(e=t.decode(e)),"string"!=typeof e)throw new u("Compact JWE must be a string or Uint8Array");const{0:a,1:o,2:i,3:s,4:c,length:d}=e.split(".");if(5!==d)throw new u("Invalid Compact JWE");const p=await se({ciphertext:s||void 0,iv:i||void 0,protected:a||void 0,tag:c||void 0,encrypted_key:o||void 0},r,n),h={plaintext:p.plaintext,protectedHeader:p.protectedHeader};return"function"==typeof r?{...h,key:p.key}:h}var de=async e=>{if(e instanceof Uint8Array)return{kty:"oct",k:s(e)};if(!E(e))throw new TypeError(R(e,...D,"Uint8Array"));if(!e.extractable)throw new TypeError("non-extractable CryptoKey cannot be exported as a JWK");const{ext:t,key_ops:r,alg:n,use:a,...o}=await g.subtle.exportKey("jwk",e);return o};async function pe(e){return de(e)}async function he(e,t,r,n,a={}){let o,i,c;switch(re(e,r,"encrypt"),e){case"dir":c=r;break;case"ECDH-ES":case"ECDH-ES+A128KW":case"ECDH-ES+A192KW":case"ECDH-ES+A256KW":{if(!V(r))throw new h("ECDH-ES with the provided key is not allowed or not supported by your javascript runtime");const{apu:d,apv:p}=a;let{epk:y}=a;y||(y=await(async e=>{if(!E(e))throw new TypeError(R(e,...D));return(await g.subtle.generateKey({name:"ECDH",namedCurve:e.algorithm.namedCurve},!0,["deriveBits"])).privateKey})(r));const{x:u,y:w,crv:l,kty:f}=await pe(y),m=await L(r,y,"ECDH-ES"===e?t:e,"ECDH-ES"===e?Q(t):parseInt(e.substr(-5,3),10),d,p);if(i={epk:{x:u,y:w,crv:l,kty:f}},d&&(i.apu=s(d)),p&&(i.apv=s(p)),"ECDH-ES"===e){c=m;break}c=n||Z(t);const A=e.substr(-6);o=await N(A,m,c);break}case"RSA1_5":case"RSA-OAEP":case"RSA-OAEP-256":case"RSA-OAEP-384":case"RSA-OAEP-512":c=n||Z(t),o=await(async(e,t,r)=>{if(!E(t))throw new TypeError(R(t,...D));if(U(t,e,"encrypt","wrapKey"),X(e,t),t.usages.includes("encrypt"))return new Uint8Array(await g.subtle.encrypt(q(e),t,r));if(t.usages.includes("wrapKey")){const n=await g.subtle.importKey("raw",r,...$);return new Uint8Array(await g.subtle.wrapKey("raw",n,t,q(e)))}throw new TypeError('RSA-OAEP key "usages" must include "encrypt" or "wrapKey" for this operation')})(e,r,c);break;case"PBES2-HS256+A128KW":case"PBES2-HS384+A192KW":case"PBES2-HS512+A256KW":{c=n||Z(t);const{p2c:d,p2s:p}=a;({encryptedKey:o,...i}=await(async(e,t,r,n=Math.floor(2049*Math.random())+2048,a=m(new Uint8Array(16)))=>{const o=await Y(a,e,n,t);return{encryptedKey:await N(e.substr(-6),o,r),p2c:n,p2s:s(a)}})(e,r,c,d,p));break}case"A128KW":case"A192KW":case"A256KW":c=n||Z(t),o=await N(e,r,c);break;case"A128GCMKW":case"A192GCMKW":case"A256GCMKW":{c=n||Z(t);const{iv:d}=a;({encryptedKey:o,...i}=await async function(e,t,r,n){const a=e.substr(0,7);n||(n=S(a));const{ciphertext:o,tag:i}=await ne(a,r,t,n,new Uint8Array(0));return{encryptedKey:o,iv:s(n),tag:s(i)}}(e,r,c,d));break}default:throw new h('Invalid or unsupported "alg" (JWE Algorithm) header value')}return{cek:c,encryptedKey:o,parameters:i}}const ye=Symbol();class ue{constructor(e){if(!(e instanceof Uint8Array))throw new TypeError("plaintext must be an instance of Uint8Array");this._plaintext=e}setKeyManagementParameters(e){if(this._keyManagementParameters)throw new TypeError("setKeyManagementParameters can only be called once");return this._keyManagementParameters=e,this}setProtectedHeader(e){if(this._protectedHeader)throw new TypeError("setProtectedHeader can only be called once");return this._protectedHeader=e,this}setSharedUnprotectedHeader(e){if(this._sharedUnprotectedHeader)throw new TypeError("setSharedUnprotectedHeader can only be called once");return this._sharedUnprotectedHeader=e,this}setUnprotectedHeader(e){if(this._unprotectedHeader)throw new TypeError("setUnprotectedHeader can only be called once");return this._unprotectedHeader=e,this}setAdditionalAuthenticatedData(e){return this._aad=e,this}setContentEncryptionKey(e){if(this._cek)throw new TypeError("setContentEncryptionKey can only be called once");return this._cek=e,this}setInitializationVector(e){if(this._iv)throw new TypeError("setInitializationVector can only be called once");return this._iv=e,this}async encrypt(n,a){if(!this._protectedHeader&&!this._unprotectedHeader&&!this._sharedUnprotectedHeader)throw new u("either setProtectedHeader, setUnprotectedHeader, or sharedUnprotectedHeader must be called before #encrypt()");if(!x(this._protectedHeader,this._unprotectedHeader,this._sharedUnprotectedHeader))throw new u("JWE Protected, JWE Shared Unprotected and JWE Per-Recipient Header Parameter names must be disjoint");const o={...this._protectedHeader,...this._unprotectedHeader,...this._sharedUnprotectedHeader};if(oe(u,new Map,null==a?void 0:a.crit,this._protectedHeader,o),void 0!==o.zip){if(!this._protectedHeader||!this._protectedHeader.zip)throw new u('JWE "zip" (Compression Algorithm) Header MUST be integrity protected');if("DEF"!==o.zip)throw new h('Unsupported JWE "zip" (Compression Algorithm) Header Parameter value')}const{alg:i,enc:c}=o;if("string"!=typeof i||!i)throw new u('JWE "alg" (Algorithm) Header Parameter missing or invalid');if("string"!=typeof c||!c)throw new u('JWE "enc" (Encryption Algorithm) Header Parameter missing or invalid');let d,p,y,w,l,f,g;if("dir"===i){if(this._cek)throw new TypeError("setContentEncryptionKey cannot be called when using Direct Encryption")}else if("ECDH-ES"===i&&this._cek)throw new TypeError("setContentEncryptionKey cannot be called when using Direct Key Agreement");{let e;({cek:p,encryptedKey:d,parameters:e}=await he(i,c,n,this._cek,this._keyManagementParameters)),e&&(a&&ye in a?this._unprotectedHeader?this._unprotectedHeader={...this._unprotectedHeader,...e}:this.setUnprotectedHeader(e):this._protectedHeader?this._protectedHeader={...this._protectedHeader,...e}:this.setProtectedHeader(e))}if(this._iv||(this._iv=S(c)),w=this._protectedHeader?e.encode(s(JSON.stringify(this._protectedHeader))):e.encode(""),this._aad?(l=s(this._aad),y=r(w,e.encode("."),e.encode(l))):y=w,"DEF"===o.zip){const e=await((null==a?void 0:a.deflateRaw)||I)(this._plaintext);({ciphertext:f,tag:g}=await ne(c,e,p,this._iv,y))}else({ciphertext:f,tag:g}=await ne(c,this._plaintext,p,this._iv,y));const E={ciphertext:s(f),iv:s(this._iv),tag:s(g)};return d&&(E.encrypted_key=s(d)),l&&(E.aad=l),this._protectedHeader&&(E.protected=t.decode(w)),this._sharedUnprotectedHeader&&(E.unprotected=this._sharedUnprotectedHeader),this._unprotectedHeader&&(E.header=this._unprotectedHeader),E}}function we(e,t){const r=parseInt(e.substr(-3),10);switch(e){case"HS256":case"HS384":case"HS512":return{hash:`SHA-${r}`,name:"HMAC"};case"PS256":case"PS384":case"PS512":return{hash:`SHA-${r}`,name:"RSA-PSS",saltLength:r>>3};case"RS256":case"RS384":case"RS512":return{hash:`SHA-${r}`,name:"RSASSA-PKCS1-v1_5"};case"ES256":case"ES384":case"ES512":return{hash:`SHA-${r}`,name:"ECDSA",namedCurve:t};case(H()||C())&&"EdDSA":return{name:t,namedCurve:t};default:throw new h(`alg ${e} is not supported either by JOSE or your javascript runtime`)}}function le(e,t,r){if(E(t))return k(t,e,r),t;if(t instanceof Uint8Array){if(!e.startsWith("HS"))throw new TypeError(R(t,...D));return g.subtle.importKey("raw",t,{hash:`SHA-${e.substr(-3)}`,name:"HMAC"},!1,[r])}throw new TypeError(R(t,...D,"Uint8Array"))}async function fe(n,a,o){var i;if(!B(n))throw new w("Flattened JWS must be an object");if(void 0===n.protected&&void 0===n.header)throw new w('Flattened JWS must have either of the "protected" or "header" members');if(void 0!==n.protected&&"string"!=typeof n.protected)throw new w("JWS Protected Header incorrect type");if(void 0===n.payload)throw new w("JWS Payload missing");if("string"!=typeof n.signature)throw new w("JWS Signature missing or incorrect type");if(void 0!==n.header&&!B(n.header))throw new w("JWS Unprotected Header incorrect type");let s={};if(n.protected){const e=c(n.protected);try{s=JSON.parse(t.decode(e))}catch(e){throw new w("JWS Protected Header is invalid")}}if(!x(s,n.header))throw new w("JWS Protected and JWS Unprotected Header Parameter names must be disjoint");const d={...s,...n.header};let h=!0;if(oe(w,new Map([["b64",!0]]),null==o?void 0:o.crit,s,d).has("b64")&&(h=s.b64,"boolean"!=typeof h))throw new w('The "b64" (base64url-encode payload) Header Parameter must be a boolean');const{alg:y}=d;if("string"!=typeof y||!y)throw new w('JWS "alg" (Algorithm) Header Parameter missing or invalid');const u=o&&ie("algorithms",o.algorithms);if(u&&!u.has(y))throw new p('"alg" (Algorithm) Header Parameter not allowed');if(h){if("string"!=typeof n.payload)throw new w("JWS Payload must be a string")}else if("string"!=typeof n.payload&&!(n.payload instanceof Uint8Array))throw new w("JWS Payload must be a string or an Uint8Array instance");let l=!1;"function"==typeof a&&(a=await a(s,n),l=!0),re(y,a,"verify");const E=r(e.encode(null!==(i=n.protected)&&void 0!==i?i:""),e.encode("."),"string"==typeof n.payload?e.encode(n.payload):n.payload),m=c(n.signature),A=await(async(e,t,r,n)=>{const a=await le(e,t,"verify");X(e,a);const o=we(e,a.algorithm.namedCurve);try{return await g.subtle.verify(o,a,r,n)}catch(e){return!1}})(y,a,m,E);if(!A)throw new f;let S;S=h?c(n.payload):"string"==typeof n.payload?e.encode(n.payload):n.payload;const b={payload:S};return void 0!==n.protected&&(b.protectedHeader=s),void 0!==n.header&&(b.unprotectedHeader=n.header),l?{...b,key:a}:b}async function ge(e,r,n){if(e instanceof Uint8Array&&(e=t.decode(e)),"string"!=typeof e)throw new w("Compact JWS must be a string or Uint8Array");const{0:a,1:o,2:i,length:s}=e.split(".");if(3!==s)throw new w("Invalid Compact JWS");const c=await fe({payload:o,protected:a,signature:i},r,n),d={payload:c.payload,protectedHeader:c.protectedHeader};return"function"==typeof r?{...d,key:c.key}:d}class Ee{constructor(e){this._flattened=new ue(e)}setContentEncryptionKey(e){return this._flattened.setContentEncryptionKey(e),this}setInitializationVector(e){return this._flattened.setInitializationVector(e),this}setProtectedHeader(e){return this._flattened.setProtectedHeader(e),this}setKeyManagementParameters(e){return this._flattened.setKeyManagementParameters(e),this}async encrypt(e,t){const r=await this._flattened.encrypt(e,t);return[r.protected,r.encrypted_key,r.iv,r.ciphertext,r.tag].join(".")}}class me{constructor(e){if(!(e instanceof Uint8Array))throw new TypeError("payload must be an instance of Uint8Array");this._payload=e}setProtectedHeader(e){if(this._protectedHeader)throw new TypeError("setProtectedHeader can only be called once");return this._protectedHeader=e,this}setUnprotectedHeader(e){if(this._unprotectedHeader)throw new TypeError("setUnprotectedHeader can only be called once");return this._unprotectedHeader=e,this}async sign(n,a){if(!this._protectedHeader&&!this._unprotectedHeader)throw new w("either setProtectedHeader or setUnprotectedHeader must be called before #sign()");if(!x(this._protectedHeader,this._unprotectedHeader))throw new w("JWS Protected and JWS Unprotected Header Parameter names must be disjoint");const o={...this._protectedHeader,...this._unprotectedHeader};let i=!0;if(oe(w,new Map([["b64",!0]]),null==a?void 0:a.crit,this._protectedHeader,o).has("b64")&&(i=this._protectedHeader.b64,"boolean"!=typeof i))throw new w('The "b64" (base64url-encode payload) Header Parameter must be a boolean');const{alg:c}=o;if("string"!=typeof c||!c)throw new w('JWS "alg" (Algorithm) Header Parameter missing or invalid');re(c,n,"sign");let d,p=this._payload;i&&(p=e.encode(s(p))),d=this._protectedHeader?e.encode(s(JSON.stringify(this._protectedHeader))):e.encode("");const h=r(d,e.encode("."),p),y=await(async(e,t,r)=>{const n=await le(e,t,"sign");X(e,n);const a=await g.subtle.sign(we(e,n.algorithm.namedCurve),n,r);return new Uint8Array(a)})(c,n,h),u={signature:s(y),payload:""};return i&&(u.payload=t.decode(p)),this._unprotectedHeader&&(u.header=this._unprotectedHeader),this._protectedHeader&&(u.protected=t.decode(d)),u}}class Ae{constructor(e){this._flattened=new me(e)}setProtectedHeader(e){return this._flattened.setProtectedHeader(e),this}async sign(e,t){const r=await this._flattened.sign(e,t);if(void 0===r.payload)throw new TypeError("use the flattened module for creating JWS with b64: false");return`${r.protected}.${r.payload}.${r.signature}`}}const Se=(e,t)=>{if("string"!=typeof e||!e)throw new l(`${t} missing or invalid`)};const be=async function(e,t="SHA-256"){const r=["SHA-1","SHA-256","SHA-384","SHA-512"];if(!r.includes(t))throw new RangeError(`Valid hash algorith values are any of ${JSON.stringify(r)}`);const n=new TextEncoder,a="string"==typeof e?n.encode(e).buffer:e;let o="";{const e=await crypto.subtle.digest(t,a),r="0123456789abcdef";new Uint8Array(e).forEach((e=>{o+=r[e>>4]+r[15&e]}))}return o},ve=async(e,t,r)=>{const n=await He(e,t);if(await be(r)!==n.exchange.poo_dgst)throw new Error("the hashed proof of origin received does not correspond to the poo_dgst parameter in the proof of origin");if(Date.now()-n.iat>5e3)throw new Error("timestamp error");return!0},He=async(e,t)=>{const{payload:r}=await ge(t,e).catch((e=>{throw new Error(`PoR: ${String(e)}`)}));return JSON.parse((new TextDecoder).decode(r).toString())},Ce=async(e,t,r)=>{const n=await Pe(e,t),a=await be(r);if(n.exchange.cipherblock_dgst!==a)throw new Error("the cipherblock_dgst parameter in the proof of origin does not correspond to hash of the cipherblock received by the provider");if(Date.now()-n.iat>5e3)throw new Error("timestamp error");return!0},Pe=async(e,t)=>{const{payload:r}=await ge(t,e).catch((e=>{throw new Error("PoO "+String(e))}));return JSON.parse((new TextDecoder).decode(r).toString())},Ke=(e,t,r,n,a)=>new Promise(((o,i)=>{ge(r,e).catch((e=>{i(new Error("PoP "+String(e)))})),Pe(t,a).then((e=>{be(JSON.stringify(n)).then((t=>{e.exchange.key_commitment===t?o(!0):i(new Error("hashed key not correspond to poO key_commitment parameter"))})).catch((e=>i(e)))})).catch((e=>i(e)))})),_e=async(e,t)=>{const r=new TextDecoder,n=await te(t,"A256GCM"),{plaintext:a}=await ce(e,n);return r.decode(a)},We=async(e,t,r,n)=>{const a=await _e(t,r);if(await be(a)===n.exchange.block_commitment)return!0;throw new Error("hashed CipherBlock not correspond to block_commitment parameter included in the proof of origin")},ke="ES256",Ue=async(e,t,r,n,a,o,i)=>{const s="string"==typeof t?(new TextEncoder).encode(t):new Uint8Array(t),c=await te(i),d=await new Ee(s).setProtectedHeader({alg:"dir",enc:"A256GCM"}).encrypt(c),p=await be(d),h=await be(s),y=await be(JSON.stringify(i)),u={iss:r,sub:n,iat:Date.now(),exchange:{id:a,orig:r,dest:n,block_id:o,block_desc:"description",hash_alg:"sha256",cipherblock_dgst:p,block_commitment:h,key_commitment:y}};return{cipherblock:d,poO:await Je(e,u)}},Re=async()=>{let t;t=await window.crypto.subtle.generateKey({name:"AES-GCM",length:256},!0,["encrypt","decrypt"]);const r=await pe(t),n=await async function(t,r="sha256"){if(!B(t))throw new TypeError("JWK must be an object");let n;switch(t.kty){case"EC":Se(t.crv,'"crv" (Curve) Parameter'),Se(t.x,'"x" (X Coordinate) Parameter'),Se(t.y,'"y" (Y Coordinate) Parameter'),n={crv:t.crv,kty:t.kty,x:t.x,y:t.y};break;case"OKP":Se(t.crv,'"crv" (Subtype of Key Pair) Parameter'),Se(t.x,'"x" (Public Key) Parameter'),n={crv:t.crv,kty:t.kty,x:t.x};break;case"RSA":Se(t.e,'"e" (Exponent) Parameter'),Se(t.n,'"n" (Modulus) Parameter'),n={e:t.e,kty:t.kty,n:t.n};break;case"oct":Se(t.k,'"k" (Key Value) Parameter'),n={k:t.k,kty:t.kty};break;default:throw new h('"kty" (Key Type) Parameter missing or unsupported')}const a=e.encode(JSON.stringify(n));return s(await F(r,a))}(r);return r.kid=n,r.alg="A256GCM",r},Je=async(e,t)=>{const r=(new TextEncoder).encode(JSON.stringify(t));return await new Ae(r).setProtectedHeader({alg:"ES256"}).sign(e)},De=async(e,t,r,n,a)=>{const o=await be(t),i={iss:r,sub:n,iat:Date.now(),exchange:{poo_dgst:o,hash_alg:"sha256",exchangeId:a}};return await Je(e,i)},Oe=async(e,t,r,n)=>{const a=await Pe(e,t);return{privateStorage:{availability:"privateStorage",permissions:{view:[a.exchange.orig,a.exchange.dest]},type:"dict",id:a.exchange.id,content:{[a.exchange.block_id]:{poO:t,poR:r}}},blockchain:{availability:"blockchain",type:"jwk",content:{[n.kid]:n}}}};export{ke as SIGNING_ALG,Oe as createBlockchainProof,Re as createJwk,Ue as createPoO,De as createPoR,Pe as decodePoo,He as decodePor,_e as decryptCipherblock,be as sha,Je as signProof,We as validateCipherblock,Ce as validatePoO,Ke as validatePoP,ve as validatePoR}; diff --git a/dist/bundles/iife.js b/dist/bundles/iife.js new file mode 100644 index 0000000..182dfda --- /dev/null +++ b/dist/bundles/iife.js @@ -0,0 +1 @@ +var nonRepudiationProofs=function(e){"use strict";const t=new TextEncoder,r=new TextDecoder,a=2**32;function n(...e){const t=e.reduce(((e,{length:t})=>e+t),0),r=new Uint8Array(t);let a=0;return e.forEach((e=>{r.set(e,a),a+=e.length})),r}function o(e,t,r){if(t<0||t>=a)throw new RangeError(`value must be >= 0 and <= 4294967295. Received ${t}`);e.set([t>>>24,t>>>16,t>>>8,255&t],r)}function i(e){const t=Math.floor(e/a),r=e%a,n=new Uint8Array(8);return o(n,t,0),o(n,r,4),n}function s(e){const t=new Uint8Array(4);return o(t,e),t}function c(e){return n(s(e.length),e)}const d=e=>(e=>{let r=e;"string"==typeof r&&(r=t.encode(r));const a=[];for(let e=0;e{let t=e;t instanceof Uint8Array&&(t=r.decode(t)),t=t.replace(/-/g,"+").replace(/_/g,"/").replace(/\s/g,"");try{return(e=>new Uint8Array(atob(e).split("").map((e=>e.charCodeAt(0)))))(t)}catch(e){throw new TypeError("The input to be decoded is not correctly encoded.")}};class h extends Error{constructor(e){var t;super(e),this.code="ERR_JOSE_GENERIC",this.name=this.constructor.name,null===(t=Error.captureStackTrace)||void 0===t||t.call(Error,this,this.constructor)}static get code(){return"ERR_JOSE_GENERIC"}}class y extends h{constructor(){super(...arguments),this.code="ERR_JOSE_ALG_NOT_ALLOWED"}static get code(){return"ERR_JOSE_ALG_NOT_ALLOWED"}}class u extends h{constructor(){super(...arguments),this.code="ERR_JOSE_NOT_SUPPORTED"}static get code(){return"ERR_JOSE_NOT_SUPPORTED"}}class w extends h{constructor(){super(...arguments),this.code="ERR_JWE_DECRYPTION_FAILED",this.message="decryption operation failed"}static get code(){return"ERR_JWE_DECRYPTION_FAILED"}}class l extends h{constructor(){super(...arguments),this.code="ERR_JWE_INVALID"}static get code(){return"ERR_JWE_INVALID"}}class f extends h{constructor(){super(...arguments),this.code="ERR_JWS_INVALID"}static get code(){return"ERR_JWS_INVALID"}}class g extends h{constructor(){super(...arguments),this.code="ERR_JWK_INVALID"}static get code(){return"ERR_JWK_INVALID"}}class E extends h{constructor(){super(...arguments),this.code="ERR_JWS_SIGNATURE_VERIFICATION_FAILED",this.message="signature verification failed"}static get code(){return"ERR_JWS_SIGNATURE_VERIFICATION_FAILED"}}var m=crypto;function A(e){try{return null!=e&&"boolean"==typeof e.extractable&&"string"==typeof e.algorithm.name&&"string"==typeof e.type}catch(e){return!1}}var S=m.getRandomValues.bind(m);function b(e){switch(e){case"A128GCM":case"A128GCMKW":case"A192GCM":case"A192GCMKW":case"A256GCM":case"A256GCMKW":return 96;case"A128CBC-HS256":case"A192CBC-HS384":case"A256CBC-HS512":return 128;default:throw new u(`Unsupported JWE Algorithm: ${e}`)}}var v=e=>S(new Uint8Array(b(e)>>3));const H=(e,t)=>{if(t.length<<3!==b(e))throw new l("Invalid Initialization Vector length")},C=(e,t)=>{if(e.length<<3!==t)throw new l("Invalid Content Encryption Key length")};function P(){return"function"==typeof WebSocketPair}function K(){try{return void 0!==process.versions.node}catch(e){return!1}}function _(e,t="algorithm.name"){return new TypeError(`CryptoKey does not support this operation, its ${t} must be ${e}`)}function W(e,t){return e.name===t}function k(e){return parseInt(e.name.substr(4),10)}function U(e,t){if(t.length&&!t.some((t=>e.usages.includes(t)))){let e="CryptoKey does not support this operation, its usages must include ";if(t.length>2){const r=t.pop();e+=`one of ${t.join(", ")}, or ${r}.`}else 2===t.length?e+=`one of ${t[0]} or ${t[1]}.`:e+=`${t[0]}.`;throw new TypeError(e)}}function R(e,t,...r){switch(t){case"HS256":case"HS384":case"HS512":{if(!W(e.algorithm,"HMAC"))throw _("HMAC");const r=parseInt(t.substr(2),10);if(k(e.algorithm.hash)!==r)throw _(`SHA-${r}`,"algorithm.hash");break}case"RS256":case"RS384":case"RS512":{if(!W(e.algorithm,"RSASSA-PKCS1-v1_5"))throw _("RSASSA-PKCS1-v1_5");const r=parseInt(t.substr(2),10);if(k(e.algorithm.hash)!==r)throw _(`SHA-${r}`,"algorithm.hash");break}case"PS256":case"PS384":case"PS512":{if(!W(e.algorithm,"RSA-PSS"))throw _("RSA-PSS");const r=parseInt(t.substr(2),10);if(k(e.algorithm.hash)!==r)throw _(`SHA-${r}`,"algorithm.hash");break}case K()&&"EdDSA":if("NODE-ED25519"!==e.algorithm.name&&"NODE-ED448"!==e.algorithm.name)throw _("NODE-ED25519 or NODE-ED448");break;case P()&&"EdDSA":if(!W(e.algorithm,"NODE-ED25519"))throw _("NODE-ED25519");break;case"ES256":case"ES384":case"ES512":{if(!W(e.algorithm,"ECDSA"))throw _("ECDSA");const r=function(e){switch(e){case"ES256":return"P-256";case"ES384":return"P-384";case"ES512":return"P-521";default:throw new Error("unreachable")}}(t);if(e.algorithm.namedCurve!==r)throw _(r,"algorithm.namedCurve");break}default:throw new TypeError("CryptoKey does not support this operation")}U(e,r)}function J(e,t,...r){switch(t){case"A128GCM":case"A192GCM":case"A256GCM":{if(!W(e.algorithm,"AES-GCM"))throw _("AES-GCM");const r=parseInt(t.substr(1,3),10);if(e.algorithm.length!==r)throw _(r,"algorithm.length");break}case"A128KW":case"A192KW":case"A256KW":{if(!W(e.algorithm,"AES-KW"))throw _("AES-KW");const r=parseInt(t.substr(1,3),10);if(e.algorithm.length!==r)throw _(r,"algorithm.length");break}case"ECDH-ES":if(!W(e.algorithm,"ECDH"))throw _("ECDH");break;case"PBES2-HS256+A128KW":case"PBES2-HS384+A192KW":case"PBES2-HS512+A256KW":if(!W(e.algorithm,"PBKDF2"))throw _("PBKDF2");break;case"RSA-OAEP":case"RSA-OAEP-256":case"RSA-OAEP-384":case"RSA-OAEP-512":{if(!W(e.algorithm,"RSA-OAEP"))throw _("RSA-OAEP");const r=parseInt(t.substr(9),10)||1;if(k(e.algorithm.hash)!==r)throw _(`SHA-${r}`,"algorithm.hash");break}default:throw new TypeError("CryptoKey does not support this operation")}U(e,r)}var D=(e,...t)=>{let r="Key must be ";if(t.length>2){const e=t.pop();r+=`one of type ${t.join(", ")}, or ${e}.`}else 2===t.length?r+=`one of type ${t[0]} or ${t[1]}.`:r+=`of type ${t[0]}.`;return null==e?r+=` Received ${e}`:"function"==typeof e&&e.name?r+=` Received function ${e.name}`:"object"==typeof e&&null!=e&&e.constructor&&e.constructor.name&&(r+=` Received an instance of ${e.constructor.name}`),r},O=e=>A(e);const T=["CryptoKey"];async function M(e,t,r,a,o,s){if(!(t instanceof Uint8Array))throw new TypeError(D(t,"Uint8Array"));const c=parseInt(e.substr(1,3),10),d=await m.subtle.importKey("raw",t.subarray(c>>3),"AES-CBC",!1,["decrypt"]),p=await m.subtle.importKey("raw",t.subarray(0,c>>3),{hash:"SHA-"+(c<<1),name:"HMAC"},!1,["sign"]),h=n(s,a,r,i(s.length<<3)),y=new Uint8Array((await m.subtle.sign("HMAC",p,h)).slice(0,c>>3));let u,l;try{u=((e,t)=>{if(!(e instanceof Uint8Array))throw new TypeError("First argument must be a buffer");if(!(t instanceof Uint8Array))throw new TypeError("Second argument must be a buffer");if(e.length!==t.length)throw new TypeError("Input buffers must have the same length");const r=e.length;let a=0,n=-1;for(;++n{if(!(A(t)||t instanceof Uint8Array))throw new TypeError(D(t,...T,"Uint8Array"));switch(H(e,a),e){case"A128CBC-HS256":case"A192CBC-HS384":case"A256CBC-HS512":return t instanceof Uint8Array&&C(t,parseInt(e.substr(-3),10)),M(e,t,r,a,o,i);case"A128GCM":case"A192GCM":case"A256GCM":return t instanceof Uint8Array&&C(t,parseInt(e.substr(1,3),10)),async function(e,t,r,a,o,i){let s;t instanceof Uint8Array?s=await m.subtle.importKey("raw",t,"AES-GCM",!1,["decrypt"]):(J(t,e,"decrypt"),s=t);try{return new Uint8Array(await m.subtle.decrypt({additionalData:i,iv:a,name:"AES-GCM",tagLength:128},s,n(r,o)))}catch(e){throw new w}}(e,t,r,a,o,i);default:throw new u("Unsupported JWE Content Encryption Algorithm")}},x=async()=>{throw new u('JWE "zip" (Compression Algorithm) Header Parameter is not supported by your javascript runtime. You need to use the `inflateRaw` decrypt option to provide Inflate Raw implementation.')},B=async()=>{throw new u('JWE "zip" (Compression Algorithm) Header Parameter is not supported by your javascript runtime. You need to use the `deflateRaw` encrypt option to provide Deflate Raw implementation.')},$=(...e)=>{const t=e.filter(Boolean);if(0===t.length||1===t.length)return!0;let r;for(const e of t){const t=Object.keys(e);if(r&&0!==r.size)for(const e of t){if(r.has(e))return!1;r.add(e)}else r=new Set(t)}return!0};function G(e){if("object"!=typeof(t=e)||null===t||"[object Object]"!==Object.prototype.toString.call(e))return!1;var t;if(null===Object.getPrototypeOf(e))return!0;let r=e;for(;null!==Object.getPrototypeOf(r);)r=Object.getPrototypeOf(r);return Object.getPrototypeOf(e)===r}const N=[{hash:"SHA-256",name:"HMAC"},!0,["sign"]];function j(e,t){if(e.algorithm.length!==parseInt(t.substr(1,3),10))throw new TypeError(`Invalid key size for alg: ${t}`)}function z(e,t,r){if(A(e))return J(e,t,r),e;if(e instanceof Uint8Array)return m.subtle.importKey("raw",e,"AES-KW",!0,[r]);throw new TypeError(D(e,...T,"Uint8Array"))}const L=async(e,t,r)=>{const a=await z(t,e,"wrapKey");j(a,e);const n=await m.subtle.importKey("raw",r,...N);return new Uint8Array(await m.subtle.wrapKey("raw",n,a,"AES-KW"))},F=async(e,t,r)=>{const a=await z(t,e,"unwrapKey");j(a,e);const n=await m.subtle.unwrapKey("raw",r,a,"AES-KW",...N);return new Uint8Array(await m.subtle.exportKey("raw",n))},V=async(e,t)=>{const r=`SHA-${e.substr(-3)}`;return new Uint8Array(await m.subtle.digest(r,t))},Y=async(e,r,a,o,i=new Uint8Array(0),d=new Uint8Array(0))=>{if(!A(e))throw new TypeError(D(e,...T));if(J(e,"ECDH-ES"),!A(r))throw new TypeError(D(r,...T));J(r,"ECDH-ES","deriveBits","deriveKey");const p=n(c(t.encode(a)),c(i),c(d),s(o));if(!r.usages.includes("deriveBits"))throw new TypeError('ECDH-ES private key "usages" must include "deriveBits"');const h=new Uint8Array(await m.subtle.deriveBits({name:"ECDH",public:e},r,Math.ceil(parseInt(r.algorithm.namedCurve.substr(-3),10)/8)<<3));return async function(e,t,r,a){const o=Math.ceil((r>>3)/32);let i;for(let r=1;r<=o;r++){const o=new Uint8Array(4+t.length+a.length);o.set(s(r)),o.set(t,4),o.set(a,4+t.length),i=i?n(i,await e("sha256",o)):await e("sha256",o)}return i=i.slice(0,r>>3),i}(V,h,o,p)},q=e=>{if(!A(e))throw new TypeError(D(e,...T));return["P-256","P-384","P-521"].includes(e.algorithm.namedCurve)};async function X(e,r,a,o){!function(e){if(!(e instanceof Uint8Array)||e.length<8)throw new l("PBES2 Salt Input must be 8 or more octets")}(e);const i=function(e,r){return n(t.encode(e),new Uint8Array([0]),r)}(r,e),s=parseInt(r.substr(13,3),10),c={hash:`SHA-${r.substr(8,3)}`,iterations:a,name:"PBKDF2",salt:i},d={length:s,name:"AES-KW"},p=await function(e,t){if(e instanceof Uint8Array)return m.subtle.importKey("raw",e,"PBKDF2",!1,["deriveBits"]);if(A(e))return J(e,t,"deriveBits","deriveKey"),e;throw new TypeError(D(e,...T,"Uint8Array"))}(o,r);if(p.usages.includes("deriveBits"))return new Uint8Array(await m.subtle.deriveBits(c,p,s));if(p.usages.includes("deriveKey"))return m.subtle.deriveKey(c,p,d,!1,["wrapKey","unwrapKey"]);throw new TypeError('PBKDF2 key "usages" must include "deriveBits" or "deriveKey"')}function Q(e){switch(e){case"RSA-OAEP":case"RSA-OAEP-256":case"RSA-OAEP-384":case"RSA-OAEP-512":return"RSA-OAEP";default:throw new u(`alg ${e} is not supported either by JOSE or your javascript runtime`)}}var Z=(e,t)=>{if(e.startsWith("RS")||e.startsWith("PS")){const{modulusLength:r}=t.algorithm;if("number"!=typeof r||r<2048)throw new TypeError(`${e} requires key modulusLength to be 2048 bits or larger`)}};function ee(e){switch(e){case"A128GCM":return 128;case"A192GCM":return 192;case"A256GCM":case"A128CBC-HS256":return 256;case"A192CBC-HS384":return 384;case"A256CBC-HS512":return 512;default:throw new u(`Unsupported JWE Algorithm: ${e}`)}}var te=e=>S(new Uint8Array(ee(e)>>3));var re=async e=>{var t,r;const{algorithm:a,keyUsages:n}=function(e){let t,r;switch(e.kty){case"oct":switch(e.alg){case"HS256":case"HS384":case"HS512":t={name:"HMAC",hash:`SHA-${e.alg.substr(-3)}`},r=["sign","verify"];break;case"A128CBC-HS256":case"A192CBC-HS384":case"A256CBC-HS512":throw new u(`${e.alg} keys cannot be imported as CryptoKey instances`);case"A128GCM":case"A192GCM":case"A256GCM":case"A128GCMKW":case"A192GCMKW":case"A256GCMKW":t={name:"AES-GCM"},r=["encrypt","decrypt"];break;case"A128KW":case"A192KW":case"A256KW":t={name:"AES-KW"},r=["wrapKey","unwrapKey"];break;case"PBES2-HS256+A128KW":case"PBES2-HS384+A192KW":case"PBES2-HS512+A256KW":t={name:"PBKDF2"},r=["deriveBits"];break;default:throw new u('Invalid or unsupported JWK "alg" (Algorithm) Parameter value')}break;case"RSA":switch(e.alg){case"PS256":case"PS384":case"PS512":t={name:"RSA-PSS",hash:`SHA-${e.alg.substr(-3)}`},r=e.d?["sign"]:["verify"];break;case"RS256":case"RS384":case"RS512":t={name:"RSASSA-PKCS1-v1_5",hash:`SHA-${e.alg.substr(-3)}`},r=e.d?["sign"]:["verify"];break;case"RSA-OAEP":case"RSA-OAEP-256":case"RSA-OAEP-384":case"RSA-OAEP-512":t={name:"RSA-OAEP",hash:`SHA-${parseInt(e.alg.substr(-3),10)||1}`},r=e.d?["decrypt","unwrapKey"]:["encrypt","wrapKey"];break;default:throw new u('Invalid or unsupported JWK "alg" (Algorithm) Parameter value')}break;case"EC":switch(e.alg){case"ES256":t={name:"ECDSA",namedCurve:"P-256"},r=e.d?["sign"]:["verify"];break;case"ES384":t={name:"ECDSA",namedCurve:"P-384"},r=e.d?["sign"]:["verify"];break;case"ES512":t={name:"ECDSA",namedCurve:"P-521"},r=e.d?["sign"]:["verify"];break;case"ECDH-ES":case"ECDH-ES+A128KW":case"ECDH-ES+A192KW":case"ECDH-ES+A256KW":t={name:"ECDH",namedCurve:e.crv},r=e.d?["deriveBits"]:[];break;default:throw new u('Invalid or unsupported JWK "alg" (Algorithm) Parameter value')}break;case(P()||K())&&"OKP":if("EdDSA"!==e.alg)throw new u('Invalid or unsupported JWK "alg" (Algorithm) Parameter value');switch(e.crv){case"Ed25519":t={name:"NODE-ED25519",namedCurve:"NODE-ED25519"},r=e.d?["sign"]:["verify"];break;case K()&&"Ed448":t={name:"NODE-ED448",namedCurve:"NODE-ED448"},r=e.d?["sign"]:["verify"];break;default:throw new u('Invalid or unsupported JWK "crv" (Subtype of Key Pair) Parameter value')}break;default:throw new u('Invalid or unsupported JWK "kty" (Key Type) Parameter value')}return{algorithm:t,keyUsages:r}}(e),o=[a,null!==(t=e.ext)&&void 0!==t&&t,null!==(r=e.key_ops)&&void 0!==r?r:n];if("PBKDF2"===a.name)return m.subtle.importKey("raw",p(e.k),...o);const i={...e};return delete i.alg,m.subtle.importKey("jwk",i,...o)};async function ae(e,t,r){if(!G(e))throw new TypeError("JWK must be an object");if(t||(t=e.alg),"string"!=typeof t||!t)throw new TypeError('"alg" argument is required when "jwk.alg" is not present');switch(e.kty){case"oct":if("string"!=typeof e.k||!e.k)throw new TypeError('missing "k" (Key Value) Parameter value');return null!=r||(r=!0!==e.ext),r?re({...e,alg:t,ext:!1}):p(e.k);case"RSA":if(void 0!==e.oth)throw new u('RSA JWK "oth" (Other Primes Info) Parameter value is not supported');case"EC":case"OKP":return re({...e,alg:t});default:throw new u('Unsupported "kty" (Key Type) Parameter value')}}const ne=(e,t,r)=>{e.startsWith("HS")||"dir"===e||e.startsWith("PBES2")||/^A\d{3}(?:GCM)?KW$/.test(e)?(e=>{if(!(e instanceof Uint8Array)){if(!O(e))throw new TypeError(D(e,...T,"Uint8Array"));if("secret"!==e.type)throw new TypeError(`${T.join(" or ")} instances for symmetric algorithms must be of type "secret"`)}})(t):((e,t)=>{if(!O(e))throw new TypeError(D(e,...T));if("secret"===e.type)throw new TypeError(`${T.join(" or ")} instances for asymmetric algorithms must not be of type "secret"`);if("sign"===t&&"public"===e.type)throw new TypeError(`${T.join(" or ")} instances for asymmetric algorithm signing must be of type "private"`);if("decrypt"===t&&"public"===e.type)throw new TypeError(`${T.join(" or ")} instances for asymmetric algorithm decryption must be of type "private"`);if(e.algorithm&&"verify"===t&&"private"===e.type)throw new TypeError(`${T.join(" or ")} instances for asymmetric algorithm verifying must be of type "public"`);if(e.algorithm&&"encrypt"===t&&"private"===e.type)throw new TypeError(`${T.join(" or ")} instances for asymmetric algorithm encryption must be of type "public"`)})(t,r)};const oe=async(e,t,r,a,o)=>{if(!(A(r)||r instanceof Uint8Array))throw new TypeError(D(r,...T,"Uint8Array"));switch(H(e,a),e){case"A128CBC-HS256":case"A192CBC-HS384":case"A256CBC-HS512":return r instanceof Uint8Array&&C(r,parseInt(e.substr(-3),10)),async function(e,t,r,a,o){if(!(r instanceof Uint8Array))throw new TypeError(D(r,"Uint8Array"));const s=parseInt(e.substr(1,3),10),c=await m.subtle.importKey("raw",r.subarray(s>>3),"AES-CBC",!1,["encrypt"]),d=await m.subtle.importKey("raw",r.subarray(0,s>>3),{hash:"SHA-"+(s<<1),name:"HMAC"},!1,["sign"]),p=new Uint8Array(await m.subtle.encrypt({iv:a,name:"AES-CBC"},c,t)),h=n(o,a,p,i(o.length<<3));return{ciphertext:p,tag:new Uint8Array((await m.subtle.sign("HMAC",d,h)).slice(0,s>>3))}}(e,t,r,a,o);case"A128GCM":case"A192GCM":case"A256GCM":return r instanceof Uint8Array&&C(r,parseInt(e.substr(1,3),10)),async function(e,t,r,a,n){let o;r instanceof Uint8Array?o=await m.subtle.importKey("raw",r,"AES-GCM",!1,["encrypt"]):(J(r,e,"encrypt"),o=r);const i=new Uint8Array(await m.subtle.encrypt({additionalData:n,iv:a,name:"AES-GCM",tagLength:128},o,t)),s=i.slice(-16);return{ciphertext:i.slice(0,-16),tag:s}}(e,t,r,a,o);default:throw new u("Unsupported JWE Content Encryption Algorithm")}};async function ie(e,t,r,a){switch(ne(e,t,"decrypt"),e){case"dir":if(void 0!==r)throw new l("Encountered unexpected JWE Encrypted Key");return t;case"ECDH-ES":if(void 0!==r)throw new l("Encountered unexpected JWE Encrypted Key");case"ECDH-ES+A128KW":case"ECDH-ES+A192KW":case"ECDH-ES+A256KW":{if(!G(a.epk))throw new l('JOSE Header "epk" (Ephemeral Public Key) missing or invalid');if(!q(t))throw new u("ECDH-ES with the provided key is not allowed or not supported by your javascript runtime");const n=await ae(a.epk,e);let o,i;if(void 0!==a.apu){if("string"!=typeof a.apu)throw new l('JOSE Header "apu" (Agreement PartyUInfo) invalid');o=p(a.apu)}if(void 0!==a.apv){if("string"!=typeof a.apv)throw new l('JOSE Header "apv" (Agreement PartyVInfo) invalid');i=p(a.apv)}const s=await Y(n,t,"ECDH-ES"===e?a.enc:e,"ECDH-ES"===e?ee(a.enc):parseInt(e.substr(-5,3),10),o,i);if("ECDH-ES"===e)return s;if(void 0===r)throw new l("JWE Encrypted Key missing");return F(e.substr(-6),s,r)}case"RSA1_5":case"RSA-OAEP":case"RSA-OAEP-256":case"RSA-OAEP-384":case"RSA-OAEP-512":if(void 0===r)throw new l("JWE Encrypted Key missing");return(async(e,t,r)=>{if(!A(t))throw new TypeError(D(t,...T));if(J(t,e,"decrypt","unwrapKey"),Z(e,t),t.usages.includes("decrypt"))return new Uint8Array(await m.subtle.decrypt(Q(e),t,r));if(t.usages.includes("unwrapKey")){const a=await m.subtle.unwrapKey("raw",r,t,Q(e),...N);return new Uint8Array(await m.subtle.exportKey("raw",a))}throw new TypeError('RSA-OAEP key "usages" must include "decrypt" or "unwrapKey" for this operation')})(e,t,r);case"PBES2-HS256+A128KW":case"PBES2-HS384+A192KW":case"PBES2-HS512+A256KW":if(void 0===r)throw new l("JWE Encrypted Key missing");if("number"!=typeof a.p2c)throw new l('JOSE Header "p2c" (PBES2 Count) missing or invalid');if("string"!=typeof a.p2s)throw new l('JOSE Header "p2s" (PBES2 Salt) missing or invalid');return(async(e,t,r,a,n)=>{const o=await X(n,e,a,t);return F(e.substr(-6),o,r)})(e,t,r,a.p2c,p(a.p2s));case"A128KW":case"A192KW":case"A256KW":if(void 0===r)throw new l("JWE Encrypted Key missing");return F(e,t,r);case"A128GCMKW":case"A192GCMKW":case"A256GCMKW":if(void 0===r)throw new l("JWE Encrypted Key missing");if("string"!=typeof a.iv)throw new l('JOSE Header "iv" (Initialization Vector) missing or invalid');if("string"!=typeof a.tag)throw new l('JOSE Header "tag" (Authentication Tag) missing or invalid');return async function(e,t,r,a,n){const o=e.substr(0,7);return I(o,t,r,a,n,new Uint8Array(0))}(e,t,r,p(a.iv),p(a.tag));default:throw new u('Invalid or unsupported "alg" (JWE Algorithm) header value')}}function se(e,t,r,a,n){if(void 0!==n.crit&&void 0===a.crit)throw new e('"crit" (Critical) Header Parameter MUST be integrity protected');if(!a||void 0===a.crit)return new Set;if(!Array.isArray(a.crit)||0===a.crit.length||a.crit.some((e=>"string"!=typeof e||0===e.length)))throw new e('"crit" (Critical) Header Parameter MUST be an array of non-empty strings when present');let o;o=void 0!==r?new Map([...Object.entries(r),...t.entries()]):t;for(const t of a.crit){if(!o.has(t))throw new u(`Extension Header Parameter "${t}" is not recognized`);if(void 0===n[t])throw new e(`Extension Header Parameter "${t}" is missing`);if(o.get(t)&&void 0===a[t])throw new e(`Extension Header Parameter "${t}" MUST be integrity protected`)}return new Set(a.crit)}const ce=(e,t)=>{if(void 0!==t&&(!Array.isArray(t)||t.some((e=>"string"!=typeof e))))throw new TypeError(`"${e}" option must be an array of strings`);if(t)return new Set(t)};async function de(e,a,o){var i;if(!G(e))throw new l("Flattened JWE must be an object");if(void 0===e.protected&&void 0===e.header&&void 0===e.unprotected)throw new l("JOSE Header missing");if("string"!=typeof e.iv)throw new l("JWE Initialization Vector missing or incorrect type");if("string"!=typeof e.ciphertext)throw new l("JWE Ciphertext missing or incorrect type");if("string"!=typeof e.tag)throw new l("JWE Authentication Tag missing or incorrect type");if(void 0!==e.protected&&"string"!=typeof e.protected)throw new l("JWE Protected Header incorrect type");if(void 0!==e.encrypted_key&&"string"!=typeof e.encrypted_key)throw new l("JWE Encrypted Key incorrect type");if(void 0!==e.aad&&"string"!=typeof e.aad)throw new l("JWE AAD incorrect type");if(void 0!==e.header&&!G(e.header))throw new l("JWE Shared Unprotected Header incorrect type");if(void 0!==e.unprotected&&!G(e.unprotected))throw new l("JWE Per-Recipient Unprotected Header incorrect type");let s;if(e.protected){const t=p(e.protected);try{s=JSON.parse(r.decode(t))}catch(e){throw new l("JWE Protected Header is invalid")}}if(!$(s,e.header,e.unprotected))throw new l("JWE Protected, JWE Unprotected Header, and JWE Per-Recipient Unprotected Header Parameter names must be disjoint");const c={...s,...e.header,...e.unprotected};if(se(l,new Map,null==o?void 0:o.crit,s,c),void 0!==c.zip){if(!s||!s.zip)throw new l('JWE "zip" (Compression Algorithm) Header MUST be integrity protected');if("DEF"!==c.zip)throw new u('Unsupported JWE "zip" (Compression Algorithm) Header Parameter value')}const{alg:d,enc:h}=c;if("string"!=typeof d||!d)throw new l("missing JWE Algorithm (alg) in JWE Header");if("string"!=typeof h||!h)throw new l("missing JWE Encryption Algorithm (enc) in JWE Header");const w=o&&ce("keyManagementAlgorithms",o.keyManagementAlgorithms),f=o&&ce("contentEncryptionAlgorithms",o.contentEncryptionAlgorithms);if(w&&!w.has(d))throw new y('"alg" (Algorithm) Header Parameter not allowed');if(f&&!f.has(h))throw new y('"enc" (Encryption Algorithm) Header Parameter not allowed');let g;void 0!==e.encrypted_key&&(g=p(e.encrypted_key));let E,m=!1;"function"==typeof a&&(a=await a(s,e),m=!0);try{E=await ie(d,a,g,c)}catch(e){if(e instanceof TypeError)throw e;E=te(h)}const A=p(e.iv),S=p(e.tag),b=t.encode(null!==(i=e.protected)&&void 0!==i?i:"");let v;v=void 0!==e.aad?n(b,t.encode("."),t.encode(e.aad)):b;let H=await I(h,E,p(e.ciphertext),A,S,v);"DEF"===c.zip&&(H=await((null==o?void 0:o.inflateRaw)||x)(H));const C={plaintext:H};return void 0!==e.protected&&(C.protectedHeader=s),void 0!==e.aad&&(C.additionalAuthenticatedData=p(e.aad)),void 0!==e.unprotected&&(C.sharedUnprotectedHeader=e.unprotected),void 0!==e.header&&(C.unprotectedHeader=e.header),m?{...C,key:a}:C}async function pe(e,t,a){if(e instanceof Uint8Array&&(e=r.decode(e)),"string"!=typeof e)throw new l("Compact JWE must be a string or Uint8Array");const{0:n,1:o,2:i,3:s,4:c,length:d}=e.split(".");if(5!==d)throw new l("Invalid Compact JWE");const p=await de({ciphertext:s||void 0,iv:i||void 0,protected:n||void 0,tag:c||void 0,encrypted_key:o||void 0},t,a),h={plaintext:p.plaintext,protectedHeader:p.protectedHeader};return"function"==typeof t?{...h,key:p.key}:h}var he=async e=>{if(e instanceof Uint8Array)return{kty:"oct",k:d(e)};if(!A(e))throw new TypeError(D(e,...T,"Uint8Array"));if(!e.extractable)throw new TypeError("non-extractable CryptoKey cannot be exported as a JWK");const{ext:t,key_ops:r,alg:a,use:n,...o}=await m.subtle.exportKey("jwk",e);return o};async function ye(e){return he(e)}async function ue(e,t,r,a,n={}){let o,i,s;switch(ne(e,r,"encrypt"),e){case"dir":s=r;break;case"ECDH-ES":case"ECDH-ES+A128KW":case"ECDH-ES+A192KW":case"ECDH-ES+A256KW":{if(!q(r))throw new u("ECDH-ES with the provided key is not allowed or not supported by your javascript runtime");const{apu:c,apv:p}=n;let{epk:h}=n;h||(h=await(async e=>{if(!A(e))throw new TypeError(D(e,...T));return(await m.subtle.generateKey({name:"ECDH",namedCurve:e.algorithm.namedCurve},!0,["deriveBits"])).privateKey})(r));const{x:y,y:w,crv:l,kty:f}=await ye(h),g=await Y(r,h,"ECDH-ES"===e?t:e,"ECDH-ES"===e?ee(t):parseInt(e.substr(-5,3),10),c,p);if(i={epk:{x:y,y:w,crv:l,kty:f}},c&&(i.apu=d(c)),p&&(i.apv=d(p)),"ECDH-ES"===e){s=g;break}s=a||te(t);const E=e.substr(-6);o=await L(E,g,s);break}case"RSA1_5":case"RSA-OAEP":case"RSA-OAEP-256":case"RSA-OAEP-384":case"RSA-OAEP-512":s=a||te(t),o=await(async(e,t,r)=>{if(!A(t))throw new TypeError(D(t,...T));if(J(t,e,"encrypt","wrapKey"),Z(e,t),t.usages.includes("encrypt"))return new Uint8Array(await m.subtle.encrypt(Q(e),t,r));if(t.usages.includes("wrapKey")){const a=await m.subtle.importKey("raw",r,...N);return new Uint8Array(await m.subtle.wrapKey("raw",a,t,Q(e)))}throw new TypeError('RSA-OAEP key "usages" must include "encrypt" or "wrapKey" for this operation')})(e,r,s);break;case"PBES2-HS256+A128KW":case"PBES2-HS384+A192KW":case"PBES2-HS512+A256KW":{s=a||te(t);const{p2c:c,p2s:p}=n;({encryptedKey:o,...i}=await(async(e,t,r,a=Math.floor(2049*Math.random())+2048,n=S(new Uint8Array(16)))=>{const o=await X(n,e,a,t);return{encryptedKey:await L(e.substr(-6),o,r),p2c:a,p2s:d(n)}})(e,r,s,c,p));break}case"A128KW":case"A192KW":case"A256KW":s=a||te(t),o=await L(e,r,s);break;case"A128GCMKW":case"A192GCMKW":case"A256GCMKW":{s=a||te(t);const{iv:c}=n;({encryptedKey:o,...i}=await async function(e,t,r,a){const n=e.substr(0,7);a||(a=v(n));const{ciphertext:o,tag:i}=await oe(n,r,t,a,new Uint8Array(0));return{encryptedKey:o,iv:d(a),tag:d(i)}}(e,r,s,c));break}default:throw new u('Invalid or unsupported "alg" (JWE Algorithm) header value')}return{cek:s,encryptedKey:o,parameters:i}}const we=Symbol();class le{constructor(e){if(!(e instanceof Uint8Array))throw new TypeError("plaintext must be an instance of Uint8Array");this._plaintext=e}setKeyManagementParameters(e){if(this._keyManagementParameters)throw new TypeError("setKeyManagementParameters can only be called once");return this._keyManagementParameters=e,this}setProtectedHeader(e){if(this._protectedHeader)throw new TypeError("setProtectedHeader can only be called once");return this._protectedHeader=e,this}setSharedUnprotectedHeader(e){if(this._sharedUnprotectedHeader)throw new TypeError("setSharedUnprotectedHeader can only be called once");return this._sharedUnprotectedHeader=e,this}setUnprotectedHeader(e){if(this._unprotectedHeader)throw new TypeError("setUnprotectedHeader can only be called once");return this._unprotectedHeader=e,this}setAdditionalAuthenticatedData(e){return this._aad=e,this}setContentEncryptionKey(e){if(this._cek)throw new TypeError("setContentEncryptionKey can only be called once");return this._cek=e,this}setInitializationVector(e){if(this._iv)throw new TypeError("setInitializationVector can only be called once");return this._iv=e,this}async encrypt(e,a){if(!this._protectedHeader&&!this._unprotectedHeader&&!this._sharedUnprotectedHeader)throw new l("either setProtectedHeader, setUnprotectedHeader, or sharedUnprotectedHeader must be called before #encrypt()");if(!$(this._protectedHeader,this._unprotectedHeader,this._sharedUnprotectedHeader))throw new l("JWE Protected, JWE Shared Unprotected and JWE Per-Recipient Header Parameter names must be disjoint");const o={...this._protectedHeader,...this._unprotectedHeader,...this._sharedUnprotectedHeader};if(se(l,new Map,null==a?void 0:a.crit,this._protectedHeader,o),void 0!==o.zip){if(!this._protectedHeader||!this._protectedHeader.zip)throw new l('JWE "zip" (Compression Algorithm) Header MUST be integrity protected');if("DEF"!==o.zip)throw new u('Unsupported JWE "zip" (Compression Algorithm) Header Parameter value')}const{alg:i,enc:s}=o;if("string"!=typeof i||!i)throw new l('JWE "alg" (Algorithm) Header Parameter missing or invalid');if("string"!=typeof s||!s)throw new l('JWE "enc" (Encryption Algorithm) Header Parameter missing or invalid');let c,p,h,y,w,f,g;if("dir"===i){if(this._cek)throw new TypeError("setContentEncryptionKey cannot be called when using Direct Encryption")}else if("ECDH-ES"===i&&this._cek)throw new TypeError("setContentEncryptionKey cannot be called when using Direct Key Agreement");{let t;({cek:p,encryptedKey:c,parameters:t}=await ue(i,s,e,this._cek,this._keyManagementParameters)),t&&(a&&we in a?this._unprotectedHeader?this._unprotectedHeader={...this._unprotectedHeader,...t}:this.setUnprotectedHeader(t):this._protectedHeader?this._protectedHeader={...this._protectedHeader,...t}:this.setProtectedHeader(t))}if(this._iv||(this._iv=v(s)),y=this._protectedHeader?t.encode(d(JSON.stringify(this._protectedHeader))):t.encode(""),this._aad?(w=d(this._aad),h=n(y,t.encode("."),t.encode(w))):h=y,"DEF"===o.zip){const e=await((null==a?void 0:a.deflateRaw)||B)(this._plaintext);({ciphertext:f,tag:g}=await oe(s,e,p,this._iv,h))}else({ciphertext:f,tag:g}=await oe(s,this._plaintext,p,this._iv,h));const E={ciphertext:d(f),iv:d(this._iv),tag:d(g)};return c&&(E.encrypted_key=d(c)),w&&(E.aad=w),this._protectedHeader&&(E.protected=r.decode(y)),this._sharedUnprotectedHeader&&(E.unprotected=this._sharedUnprotectedHeader),this._unprotectedHeader&&(E.header=this._unprotectedHeader),E}}function fe(e,t){const r=parseInt(e.substr(-3),10);switch(e){case"HS256":case"HS384":case"HS512":return{hash:`SHA-${r}`,name:"HMAC"};case"PS256":case"PS384":case"PS512":return{hash:`SHA-${r}`,name:"RSA-PSS",saltLength:r>>3};case"RS256":case"RS384":case"RS512":return{hash:`SHA-${r}`,name:"RSASSA-PKCS1-v1_5"};case"ES256":case"ES384":case"ES512":return{hash:`SHA-${r}`,name:"ECDSA",namedCurve:t};case(P()||K())&&"EdDSA":return{name:t,namedCurve:t};default:throw new u(`alg ${e} is not supported either by JOSE or your javascript runtime`)}}function ge(e,t,r){if(A(t))return R(t,e,r),t;if(t instanceof Uint8Array){if(!e.startsWith("HS"))throw new TypeError(D(t,...T));return m.subtle.importKey("raw",t,{hash:`SHA-${e.substr(-3)}`,name:"HMAC"},!1,[r])}throw new TypeError(D(t,...T,"Uint8Array"))}async function Ee(e,a,o){var i;if(!G(e))throw new f("Flattened JWS must be an object");if(void 0===e.protected&&void 0===e.header)throw new f('Flattened JWS must have either of the "protected" or "header" members');if(void 0!==e.protected&&"string"!=typeof e.protected)throw new f("JWS Protected Header incorrect type");if(void 0===e.payload)throw new f("JWS Payload missing");if("string"!=typeof e.signature)throw new f("JWS Signature missing or incorrect type");if(void 0!==e.header&&!G(e.header))throw new f("JWS Unprotected Header incorrect type");let s={};if(e.protected){const t=p(e.protected);try{s=JSON.parse(r.decode(t))}catch(e){throw new f("JWS Protected Header is invalid")}}if(!$(s,e.header))throw new f("JWS Protected and JWS Unprotected Header Parameter names must be disjoint");const c={...s,...e.header};let d=!0;if(se(f,new Map([["b64",!0]]),null==o?void 0:o.crit,s,c).has("b64")&&(d=s.b64,"boolean"!=typeof d))throw new f('The "b64" (base64url-encode payload) Header Parameter must be a boolean');const{alg:h}=c;if("string"!=typeof h||!h)throw new f('JWS "alg" (Algorithm) Header Parameter missing or invalid');const u=o&&ce("algorithms",o.algorithms);if(u&&!u.has(h))throw new y('"alg" (Algorithm) Header Parameter not allowed');if(d){if("string"!=typeof e.payload)throw new f("JWS Payload must be a string")}else if("string"!=typeof e.payload&&!(e.payload instanceof Uint8Array))throw new f("JWS Payload must be a string or an Uint8Array instance");let w=!1;"function"==typeof a&&(a=await a(s,e),w=!0),ne(h,a,"verify");const l=n(t.encode(null!==(i=e.protected)&&void 0!==i?i:""),t.encode("."),"string"==typeof e.payload?t.encode(e.payload):e.payload),g=p(e.signature),A=await(async(e,t,r,a)=>{const n=await ge(e,t,"verify");Z(e,n);const o=fe(e,n.algorithm.namedCurve);try{return await m.subtle.verify(o,n,r,a)}catch(e){return!1}})(h,a,g,l);if(!A)throw new E;let S;S=d?p(e.payload):"string"==typeof e.payload?t.encode(e.payload):e.payload;const b={payload:S};return void 0!==e.protected&&(b.protectedHeader=s),void 0!==e.header&&(b.unprotectedHeader=e.header),w?{...b,key:a}:b}async function me(e,t,a){if(e instanceof Uint8Array&&(e=r.decode(e)),"string"!=typeof e)throw new f("Compact JWS must be a string or Uint8Array");const{0:n,1:o,2:i,length:s}=e.split(".");if(3!==s)throw new f("Invalid Compact JWS");const c=await Ee({payload:o,protected:n,signature:i},t,a),d={payload:c.payload,protectedHeader:c.protectedHeader};return"function"==typeof t?{...d,key:c.key}:d}class Ae{constructor(e){this._flattened=new le(e)}setContentEncryptionKey(e){return this._flattened.setContentEncryptionKey(e),this}setInitializationVector(e){return this._flattened.setInitializationVector(e),this}setProtectedHeader(e){return this._flattened.setProtectedHeader(e),this}setKeyManagementParameters(e){return this._flattened.setKeyManagementParameters(e),this}async encrypt(e,t){const r=await this._flattened.encrypt(e,t);return[r.protected,r.encrypted_key,r.iv,r.ciphertext,r.tag].join(".")}}class Se{constructor(e){if(!(e instanceof Uint8Array))throw new TypeError("payload must be an instance of Uint8Array");this._payload=e}setProtectedHeader(e){if(this._protectedHeader)throw new TypeError("setProtectedHeader can only be called once");return this._protectedHeader=e,this}setUnprotectedHeader(e){if(this._unprotectedHeader)throw new TypeError("setUnprotectedHeader can only be called once");return this._unprotectedHeader=e,this}async sign(e,a){if(!this._protectedHeader&&!this._unprotectedHeader)throw new f("either setProtectedHeader or setUnprotectedHeader must be called before #sign()");if(!$(this._protectedHeader,this._unprotectedHeader))throw new f("JWS Protected and JWS Unprotected Header Parameter names must be disjoint");const o={...this._protectedHeader,...this._unprotectedHeader};let i=!0;if(se(f,new Map([["b64",!0]]),null==a?void 0:a.crit,this._protectedHeader,o).has("b64")&&(i=this._protectedHeader.b64,"boolean"!=typeof i))throw new f('The "b64" (base64url-encode payload) Header Parameter must be a boolean');const{alg:s}=o;if("string"!=typeof s||!s)throw new f('JWS "alg" (Algorithm) Header Parameter missing or invalid');ne(s,e,"sign");let c,p=this._payload;i&&(p=t.encode(d(p))),c=this._protectedHeader?t.encode(d(JSON.stringify(this._protectedHeader))):t.encode("");const h=n(c,t.encode("."),p),y=await(async(e,t,r)=>{const a=await ge(e,t,"sign");Z(e,a);const n=await m.subtle.sign(fe(e,a.algorithm.namedCurve),a,r);return new Uint8Array(n)})(s,e,h),u={signature:d(y),payload:""};return i&&(u.payload=r.decode(p)),this._unprotectedHeader&&(u.header=this._unprotectedHeader),this._protectedHeader&&(u.protected=r.decode(c)),u}}class be{constructor(e){this._flattened=new Se(e)}setProtectedHeader(e){return this._flattened.setProtectedHeader(e),this}async sign(e,t){const r=await this._flattened.sign(e,t);if(void 0===r.payload)throw new TypeError("use the flattened module for creating JWS with b64: false");return`${r.protected}.${r.payload}.${r.signature}`}}const ve=(e,t)=>{if("string"!=typeof e||!e)throw new g(`${t} missing or invalid`)};const He=async function(e,t="SHA-256"){const r=["SHA-1","SHA-256","SHA-384","SHA-512"];if(!r.includes(t))throw new RangeError(`Valid hash algorith values are any of ${JSON.stringify(r)}`);const a=new TextEncoder,n="string"==typeof e?a.encode(e).buffer:e;let o="";{const e=await crypto.subtle.digest(t,n),r="0123456789abcdef";new Uint8Array(e).forEach((e=>{o+=r[e>>4]+r[15&e]}))}return o},Ce=async(e,t)=>{const{payload:r}=await me(t,e).catch((e=>{throw new Error(`PoR: ${String(e)}`)}));return JSON.parse((new TextDecoder).decode(r).toString())},Pe=async(e,t)=>{const{payload:r}=await me(t,e).catch((e=>{throw new Error("PoO "+String(e))}));return JSON.parse((new TextDecoder).decode(r).toString())},Ke=async(e,t)=>{const r=new TextDecoder,a=await ae(t,"A256GCM"),{plaintext:n}=await pe(e,a);return r.decode(n)},_e="ES256",We=async(e,t)=>{const r=(new TextEncoder).encode(JSON.stringify(t));return await new be(r).setProtectedHeader({alg:_e}).sign(e)};return e.SIGNING_ALG=_e,e.createBlockchainProof=async(e,t,r,a)=>{const n=await Pe(e,t);return{privateStorage:{availability:"privateStorage",permissions:{view:[n.exchange.orig,n.exchange.dest]},type:"dict",id:n.exchange.id,content:{[n.exchange.block_id]:{poO:t,poR:r}}},blockchain:{availability:"blockchain",type:"jwk",content:{[a.kid]:a}}}},e.createJwk=async()=>{let e;e=await window.crypto.subtle.generateKey({name:"AES-GCM",length:256},!0,["encrypt","decrypt"]);const r=await ye(e),a=await async function(e,r="sha256"){if(!G(e))throw new TypeError("JWK must be an object");let a;switch(e.kty){case"EC":ve(e.crv,'"crv" (Curve) Parameter'),ve(e.x,'"x" (X Coordinate) Parameter'),ve(e.y,'"y" (Y Coordinate) Parameter'),a={crv:e.crv,kty:e.kty,x:e.x,y:e.y};break;case"OKP":ve(e.crv,'"crv" (Subtype of Key Pair) Parameter'),ve(e.x,'"x" (Public Key) Parameter'),a={crv:e.crv,kty:e.kty,x:e.x};break;case"RSA":ve(e.e,'"e" (Exponent) Parameter'),ve(e.n,'"n" (Modulus) Parameter'),a={e:e.e,kty:e.kty,n:e.n};break;case"oct":ve(e.k,'"k" (Key Value) Parameter'),a={k:e.k,kty:e.kty};break;default:throw new u('"kty" (Key Type) Parameter missing or unsupported')}const n=t.encode(JSON.stringify(a));return d(await V(r,n))}(r);return r.kid=a,r.alg="A256GCM",r},e.createPoO=async(e,t,r,a,n,o,i)=>{const s="string"==typeof t?(new TextEncoder).encode(t):new Uint8Array(t),c=await ae(i),d=await new Ae(s).setProtectedHeader({alg:"dir",enc:"A256GCM"}).encrypt(c),p=await He(d),h=await He(s),y=await He(JSON.stringify(i)),u={iss:r,sub:a,iat:Date.now(),exchange:{id:n,orig:r,dest:a,block_id:o,block_desc:"description",hash_alg:"sha256",cipherblock_dgst:p,block_commitment:h,key_commitment:y}};return{cipherblock:d,poO:await We(e,u)}},e.createPoR=async(e,t,r,a,n)=>{const o=await He(t),i={iss:r,sub:a,iat:Date.now(),exchange:{poo_dgst:o,hash_alg:"sha256",exchangeId:n}};return await We(e,i)},e.decodePoo=Pe,e.decodePor=Ce,e.decryptCipherblock=Ke,e.sha=He,e.signProof=We,e.validateCipherblock=async(e,t,r,a)=>{const n=await Ke(t,r);if(await He(n)===a.exchange.block_commitment)return!0;throw new Error("hashed CipherBlock not correspond to block_commitment parameter included in the proof of origin")},e.validatePoO=async(e,t,r)=>{const a=await Pe(e,t),n=await He(r);if(a.exchange.cipherblock_dgst!==n)throw new Error("the cipherblock_dgst parameter in the proof of origin does not correspond to hash of the cipherblock received by the provider");if(Date.now()-a.iat>5e3)throw new Error("timestamp error");return!0},e.validatePoP=(e,t,r,a,n)=>new Promise(((o,i)=>{me(r,e).catch((e=>{i(new Error("PoP "+String(e)))})),Pe(t,n).then((e=>{He(JSON.stringify(a)).then((t=>{e.exchange.key_commitment===t?o(!0):i(new Error("hashed key not correspond to poO key_commitment parameter"))})).catch((e=>i(e)))})).catch((e=>i(e)))})),e.validatePoR=async(e,t,r)=>{const a=await Ce(e,t);if(await He(r)!==a.exchange.poo_dgst)throw new Error("the hashed proof of origin received does not correspond to the poo_dgst parameter in the proof of origin");if(Date.now()-a.iat>5e3)throw new Error("timestamp error");return!0},Object.defineProperty(e,"__esModule",{value:!0}),e}({}); diff --git a/dist/bundles/umd.js b/dist/bundles/umd.js new file mode 100644 index 0000000..c368b0a --- /dev/null +++ b/dist/bundles/umd.js @@ -0,0 +1 @@ +!function(e,t){"object"==typeof exports&&"undefined"!=typeof module?t(exports):"function"==typeof define&&define.amd?define(["exports"],t):t((e="undefined"!=typeof globalThis?globalThis:e||self).nonRepudiationProofs={})}(this,(function(e){"use strict";const t=new TextEncoder,r=new TextDecoder,n=2**32;function a(...e){const t=e.reduce(((e,{length:t})=>e+t),0),r=new Uint8Array(t);let n=0;return e.forEach((e=>{r.set(e,n),n+=e.length})),r}function o(e,t,r){if(t<0||t>=n)throw new RangeError(`value must be >= 0 and <= 4294967295. Received ${t}`);e.set([t>>>24,t>>>16,t>>>8,255&t],r)}function i(e){const t=Math.floor(e/n),r=e%n,a=new Uint8Array(8);return o(a,t,0),o(a,r,4),a}function s(e){const t=new Uint8Array(4);return o(t,e),t}function c(e){return a(s(e.length),e)}const d=e=>(e=>{let r=e;"string"==typeof r&&(r=t.encode(r));const n=[];for(let e=0;e{let t=e;t instanceof Uint8Array&&(t=r.decode(t)),t=t.replace(/-/g,"+").replace(/_/g,"/").replace(/\s/g,"");try{return(e=>new Uint8Array(atob(e).split("").map((e=>e.charCodeAt(0)))))(t)}catch(e){throw new TypeError("The input to be decoded is not correctly encoded.")}};class h extends Error{constructor(e){var t;super(e),this.code="ERR_JOSE_GENERIC",this.name=this.constructor.name,null===(t=Error.captureStackTrace)||void 0===t||t.call(Error,this,this.constructor)}static get code(){return"ERR_JOSE_GENERIC"}}class y extends h{constructor(){super(...arguments),this.code="ERR_JOSE_ALG_NOT_ALLOWED"}static get code(){return"ERR_JOSE_ALG_NOT_ALLOWED"}}class u extends h{constructor(){super(...arguments),this.code="ERR_JOSE_NOT_SUPPORTED"}static get code(){return"ERR_JOSE_NOT_SUPPORTED"}}class w extends h{constructor(){super(...arguments),this.code="ERR_JWE_DECRYPTION_FAILED",this.message="decryption operation failed"}static get code(){return"ERR_JWE_DECRYPTION_FAILED"}}class l extends h{constructor(){super(...arguments),this.code="ERR_JWE_INVALID"}static get code(){return"ERR_JWE_INVALID"}}class f extends h{constructor(){super(...arguments),this.code="ERR_JWS_INVALID"}static get code(){return"ERR_JWS_INVALID"}}class g extends h{constructor(){super(...arguments),this.code="ERR_JWK_INVALID"}static get code(){return"ERR_JWK_INVALID"}}class E extends h{constructor(){super(...arguments),this.code="ERR_JWS_SIGNATURE_VERIFICATION_FAILED",this.message="signature verification failed"}static get code(){return"ERR_JWS_SIGNATURE_VERIFICATION_FAILED"}}var m=crypto;function A(e){try{return null!=e&&"boolean"==typeof e.extractable&&"string"==typeof e.algorithm.name&&"string"==typeof e.type}catch(e){return!1}}var S=m.getRandomValues.bind(m);function b(e){switch(e){case"A128GCM":case"A128GCMKW":case"A192GCM":case"A192GCMKW":case"A256GCM":case"A256GCMKW":return 96;case"A128CBC-HS256":case"A192CBC-HS384":case"A256CBC-HS512":return 128;default:throw new u(`Unsupported JWE Algorithm: ${e}`)}}var v=e=>S(new Uint8Array(b(e)>>3));const H=(e,t)=>{if(t.length<<3!==b(e))throw new l("Invalid Initialization Vector length")},C=(e,t)=>{if(e.length<<3!==t)throw new l("Invalid Content Encryption Key length")};function P(){return"function"==typeof WebSocketPair}function K(){try{return void 0!==process.versions.node}catch(e){return!1}}function _(e,t="algorithm.name"){return new TypeError(`CryptoKey does not support this operation, its ${t} must be ${e}`)}function W(e,t){return e.name===t}function k(e){return parseInt(e.name.substr(4),10)}function U(e,t){if(t.length&&!t.some((t=>e.usages.includes(t)))){let e="CryptoKey does not support this operation, its usages must include ";if(t.length>2){const r=t.pop();e+=`one of ${t.join(", ")}, or ${r}.`}else 2===t.length?e+=`one of ${t[0]} or ${t[1]}.`:e+=`${t[0]}.`;throw new TypeError(e)}}function R(e,t,...r){switch(t){case"HS256":case"HS384":case"HS512":{if(!W(e.algorithm,"HMAC"))throw _("HMAC");const r=parseInt(t.substr(2),10);if(k(e.algorithm.hash)!==r)throw _(`SHA-${r}`,"algorithm.hash");break}case"RS256":case"RS384":case"RS512":{if(!W(e.algorithm,"RSASSA-PKCS1-v1_5"))throw _("RSASSA-PKCS1-v1_5");const r=parseInt(t.substr(2),10);if(k(e.algorithm.hash)!==r)throw _(`SHA-${r}`,"algorithm.hash");break}case"PS256":case"PS384":case"PS512":{if(!W(e.algorithm,"RSA-PSS"))throw _("RSA-PSS");const r=parseInt(t.substr(2),10);if(k(e.algorithm.hash)!==r)throw _(`SHA-${r}`,"algorithm.hash");break}case K()&&"EdDSA":if("NODE-ED25519"!==e.algorithm.name&&"NODE-ED448"!==e.algorithm.name)throw _("NODE-ED25519 or NODE-ED448");break;case P()&&"EdDSA":if(!W(e.algorithm,"NODE-ED25519"))throw _("NODE-ED25519");break;case"ES256":case"ES384":case"ES512":{if(!W(e.algorithm,"ECDSA"))throw _("ECDSA");const r=function(e){switch(e){case"ES256":return"P-256";case"ES384":return"P-384";case"ES512":return"P-521";default:throw new Error("unreachable")}}(t);if(e.algorithm.namedCurve!==r)throw _(r,"algorithm.namedCurve");break}default:throw new TypeError("CryptoKey does not support this operation")}U(e,r)}function J(e,t,...r){switch(t){case"A128GCM":case"A192GCM":case"A256GCM":{if(!W(e.algorithm,"AES-GCM"))throw _("AES-GCM");const r=parseInt(t.substr(1,3),10);if(e.algorithm.length!==r)throw _(r,"algorithm.length");break}case"A128KW":case"A192KW":case"A256KW":{if(!W(e.algorithm,"AES-KW"))throw _("AES-KW");const r=parseInt(t.substr(1,3),10);if(e.algorithm.length!==r)throw _(r,"algorithm.length");break}case"ECDH-ES":if(!W(e.algorithm,"ECDH"))throw _("ECDH");break;case"PBES2-HS256+A128KW":case"PBES2-HS384+A192KW":case"PBES2-HS512+A256KW":if(!W(e.algorithm,"PBKDF2"))throw _("PBKDF2");break;case"RSA-OAEP":case"RSA-OAEP-256":case"RSA-OAEP-384":case"RSA-OAEP-512":{if(!W(e.algorithm,"RSA-OAEP"))throw _("RSA-OAEP");const r=parseInt(t.substr(9),10)||1;if(k(e.algorithm.hash)!==r)throw _(`SHA-${r}`,"algorithm.hash");break}default:throw new TypeError("CryptoKey does not support this operation")}U(e,r)}var D=(e,...t)=>{let r="Key must be ";if(t.length>2){const e=t.pop();r+=`one of type ${t.join(", ")}, or ${e}.`}else 2===t.length?r+=`one of type ${t[0]} or ${t[1]}.`:r+=`of type ${t[0]}.`;return null==e?r+=` Received ${e}`:"function"==typeof e&&e.name?r+=` Received function ${e.name}`:"object"==typeof e&&null!=e&&e.constructor&&e.constructor.name&&(r+=` Received an instance of ${e.constructor.name}`),r},O=e=>A(e);const T=["CryptoKey"];async function M(e,t,r,n,o,s){if(!(t instanceof Uint8Array))throw new TypeError(D(t,"Uint8Array"));const c=parseInt(e.substr(1,3),10),d=await m.subtle.importKey("raw",t.subarray(c>>3),"AES-CBC",!1,["decrypt"]),p=await m.subtle.importKey("raw",t.subarray(0,c>>3),{hash:"SHA-"+(c<<1),name:"HMAC"},!1,["sign"]),h=a(s,n,r,i(s.length<<3)),y=new Uint8Array((await m.subtle.sign("HMAC",p,h)).slice(0,c>>3));let u,l;try{u=((e,t)=>{if(!(e instanceof Uint8Array))throw new TypeError("First argument must be a buffer");if(!(t instanceof Uint8Array))throw new TypeError("Second argument must be a buffer");if(e.length!==t.length)throw new TypeError("Input buffers must have the same length");const r=e.length;let n=0,a=-1;for(;++a{if(!(A(t)||t instanceof Uint8Array))throw new TypeError(D(t,...T,"Uint8Array"));switch(H(e,n),e){case"A128CBC-HS256":case"A192CBC-HS384":case"A256CBC-HS512":return t instanceof Uint8Array&&C(t,parseInt(e.substr(-3),10)),M(e,t,r,n,o,i);case"A128GCM":case"A192GCM":case"A256GCM":return t instanceof Uint8Array&&C(t,parseInt(e.substr(1,3),10)),async function(e,t,r,n,o,i){let s;t instanceof Uint8Array?s=await m.subtle.importKey("raw",t,"AES-GCM",!1,["decrypt"]):(J(t,e,"decrypt"),s=t);try{return new Uint8Array(await m.subtle.decrypt({additionalData:i,iv:n,name:"AES-GCM",tagLength:128},s,a(r,o)))}catch(e){throw new w}}(e,t,r,n,o,i);default:throw new u("Unsupported JWE Content Encryption Algorithm")}},x=async()=>{throw new u('JWE "zip" (Compression Algorithm) Header Parameter is not supported by your javascript runtime. You need to use the `inflateRaw` decrypt option to provide Inflate Raw implementation.')},B=async()=>{throw new u('JWE "zip" (Compression Algorithm) Header Parameter is not supported by your javascript runtime. You need to use the `deflateRaw` encrypt option to provide Deflate Raw implementation.')},$=(...e)=>{const t=e.filter(Boolean);if(0===t.length||1===t.length)return!0;let r;for(const e of t){const t=Object.keys(e);if(r&&0!==r.size)for(const e of t){if(r.has(e))return!1;r.add(e)}else r=new Set(t)}return!0};function G(e){if("object"!=typeof(t=e)||null===t||"[object Object]"!==Object.prototype.toString.call(e))return!1;var t;if(null===Object.getPrototypeOf(e))return!0;let r=e;for(;null!==Object.getPrototypeOf(r);)r=Object.getPrototypeOf(r);return Object.getPrototypeOf(e)===r}const j=[{hash:"SHA-256",name:"HMAC"},!0,["sign"]];function N(e,t){if(e.algorithm.length!==parseInt(t.substr(1,3),10))throw new TypeError(`Invalid key size for alg: ${t}`)}function z(e,t,r){if(A(e))return J(e,t,r),e;if(e instanceof Uint8Array)return m.subtle.importKey("raw",e,"AES-KW",!0,[r]);throw new TypeError(D(e,...T,"Uint8Array"))}const L=async(e,t,r)=>{const n=await z(t,e,"wrapKey");N(n,e);const a=await m.subtle.importKey("raw",r,...j);return new Uint8Array(await m.subtle.wrapKey("raw",a,n,"AES-KW"))},F=async(e,t,r)=>{const n=await z(t,e,"unwrapKey");N(n,e);const a=await m.subtle.unwrapKey("raw",r,n,"AES-KW",...j);return new Uint8Array(await m.subtle.exportKey("raw",a))},V=async(e,t)=>{const r=`SHA-${e.substr(-3)}`;return new Uint8Array(await m.subtle.digest(r,t))},Y=async(e,r,n,o,i=new Uint8Array(0),d=new Uint8Array(0))=>{if(!A(e))throw new TypeError(D(e,...T));if(J(e,"ECDH-ES"),!A(r))throw new TypeError(D(r,...T));J(r,"ECDH-ES","deriveBits","deriveKey");const p=a(c(t.encode(n)),c(i),c(d),s(o));if(!r.usages.includes("deriveBits"))throw new TypeError('ECDH-ES private key "usages" must include "deriveBits"');const h=new Uint8Array(await m.subtle.deriveBits({name:"ECDH",public:e},r,Math.ceil(parseInt(r.algorithm.namedCurve.substr(-3),10)/8)<<3));return async function(e,t,r,n){const o=Math.ceil((r>>3)/32);let i;for(let r=1;r<=o;r++){const o=new Uint8Array(4+t.length+n.length);o.set(s(r)),o.set(t,4),o.set(n,4+t.length),i=i?a(i,await e("sha256",o)):await e("sha256",o)}return i=i.slice(0,r>>3),i}(V,h,o,p)},q=e=>{if(!A(e))throw new TypeError(D(e,...T));return["P-256","P-384","P-521"].includes(e.algorithm.namedCurve)};async function X(e,r,n,o){!function(e){if(!(e instanceof Uint8Array)||e.length<8)throw new l("PBES2 Salt Input must be 8 or more octets")}(e);const i=function(e,r){return a(t.encode(e),new Uint8Array([0]),r)}(r,e),s=parseInt(r.substr(13,3),10),c={hash:`SHA-${r.substr(8,3)}`,iterations:n,name:"PBKDF2",salt:i},d={length:s,name:"AES-KW"},p=await function(e,t){if(e instanceof Uint8Array)return m.subtle.importKey("raw",e,"PBKDF2",!1,["deriveBits"]);if(A(e))return J(e,t,"deriveBits","deriveKey"),e;throw new TypeError(D(e,...T,"Uint8Array"))}(o,r);if(p.usages.includes("deriveBits"))return new Uint8Array(await m.subtle.deriveBits(c,p,s));if(p.usages.includes("deriveKey"))return m.subtle.deriveKey(c,p,d,!1,["wrapKey","unwrapKey"]);throw new TypeError('PBKDF2 key "usages" must include "deriveBits" or "deriveKey"')}function Q(e){switch(e){case"RSA-OAEP":case"RSA-OAEP-256":case"RSA-OAEP-384":case"RSA-OAEP-512":return"RSA-OAEP";default:throw new u(`alg ${e} is not supported either by JOSE or your javascript runtime`)}}var Z=(e,t)=>{if(e.startsWith("RS")||e.startsWith("PS")){const{modulusLength:r}=t.algorithm;if("number"!=typeof r||r<2048)throw new TypeError(`${e} requires key modulusLength to be 2048 bits or larger`)}};function ee(e){switch(e){case"A128GCM":return 128;case"A192GCM":return 192;case"A256GCM":case"A128CBC-HS256":return 256;case"A192CBC-HS384":return 384;case"A256CBC-HS512":return 512;default:throw new u(`Unsupported JWE Algorithm: ${e}`)}}var te=e=>S(new Uint8Array(ee(e)>>3));var re=async e=>{var t,r;const{algorithm:n,keyUsages:a}=function(e){let t,r;switch(e.kty){case"oct":switch(e.alg){case"HS256":case"HS384":case"HS512":t={name:"HMAC",hash:`SHA-${e.alg.substr(-3)}`},r=["sign","verify"];break;case"A128CBC-HS256":case"A192CBC-HS384":case"A256CBC-HS512":throw new u(`${e.alg} keys cannot be imported as CryptoKey instances`);case"A128GCM":case"A192GCM":case"A256GCM":case"A128GCMKW":case"A192GCMKW":case"A256GCMKW":t={name:"AES-GCM"},r=["encrypt","decrypt"];break;case"A128KW":case"A192KW":case"A256KW":t={name:"AES-KW"},r=["wrapKey","unwrapKey"];break;case"PBES2-HS256+A128KW":case"PBES2-HS384+A192KW":case"PBES2-HS512+A256KW":t={name:"PBKDF2"},r=["deriveBits"];break;default:throw new u('Invalid or unsupported JWK "alg" (Algorithm) Parameter value')}break;case"RSA":switch(e.alg){case"PS256":case"PS384":case"PS512":t={name:"RSA-PSS",hash:`SHA-${e.alg.substr(-3)}`},r=e.d?["sign"]:["verify"];break;case"RS256":case"RS384":case"RS512":t={name:"RSASSA-PKCS1-v1_5",hash:`SHA-${e.alg.substr(-3)}`},r=e.d?["sign"]:["verify"];break;case"RSA-OAEP":case"RSA-OAEP-256":case"RSA-OAEP-384":case"RSA-OAEP-512":t={name:"RSA-OAEP",hash:`SHA-${parseInt(e.alg.substr(-3),10)||1}`},r=e.d?["decrypt","unwrapKey"]:["encrypt","wrapKey"];break;default:throw new u('Invalid or unsupported JWK "alg" (Algorithm) Parameter value')}break;case"EC":switch(e.alg){case"ES256":t={name:"ECDSA",namedCurve:"P-256"},r=e.d?["sign"]:["verify"];break;case"ES384":t={name:"ECDSA",namedCurve:"P-384"},r=e.d?["sign"]:["verify"];break;case"ES512":t={name:"ECDSA",namedCurve:"P-521"},r=e.d?["sign"]:["verify"];break;case"ECDH-ES":case"ECDH-ES+A128KW":case"ECDH-ES+A192KW":case"ECDH-ES+A256KW":t={name:"ECDH",namedCurve:e.crv},r=e.d?["deriveBits"]:[];break;default:throw new u('Invalid or unsupported JWK "alg" (Algorithm) Parameter value')}break;case(P()||K())&&"OKP":if("EdDSA"!==e.alg)throw new u('Invalid or unsupported JWK "alg" (Algorithm) Parameter value');switch(e.crv){case"Ed25519":t={name:"NODE-ED25519",namedCurve:"NODE-ED25519"},r=e.d?["sign"]:["verify"];break;case K()&&"Ed448":t={name:"NODE-ED448",namedCurve:"NODE-ED448"},r=e.d?["sign"]:["verify"];break;default:throw new u('Invalid or unsupported JWK "crv" (Subtype of Key Pair) Parameter value')}break;default:throw new u('Invalid or unsupported JWK "kty" (Key Type) Parameter value')}return{algorithm:t,keyUsages:r}}(e),o=[n,null!==(t=e.ext)&&void 0!==t&&t,null!==(r=e.key_ops)&&void 0!==r?r:a];if("PBKDF2"===n.name)return m.subtle.importKey("raw",p(e.k),...o);const i={...e};return delete i.alg,m.subtle.importKey("jwk",i,...o)};async function ne(e,t,r){if(!G(e))throw new TypeError("JWK must be an object");if(t||(t=e.alg),"string"!=typeof t||!t)throw new TypeError('"alg" argument is required when "jwk.alg" is not present');switch(e.kty){case"oct":if("string"!=typeof e.k||!e.k)throw new TypeError('missing "k" (Key Value) Parameter value');return null!=r||(r=!0!==e.ext),r?re({...e,alg:t,ext:!1}):p(e.k);case"RSA":if(void 0!==e.oth)throw new u('RSA JWK "oth" (Other Primes Info) Parameter value is not supported');case"EC":case"OKP":return re({...e,alg:t});default:throw new u('Unsupported "kty" (Key Type) Parameter value')}}const ae=(e,t,r)=>{e.startsWith("HS")||"dir"===e||e.startsWith("PBES2")||/^A\d{3}(?:GCM)?KW$/.test(e)?(e=>{if(!(e instanceof Uint8Array)){if(!O(e))throw new TypeError(D(e,...T,"Uint8Array"));if("secret"!==e.type)throw new TypeError(`${T.join(" or ")} instances for symmetric algorithms must be of type "secret"`)}})(t):((e,t)=>{if(!O(e))throw new TypeError(D(e,...T));if("secret"===e.type)throw new TypeError(`${T.join(" or ")} instances for asymmetric algorithms must not be of type "secret"`);if("sign"===t&&"public"===e.type)throw new TypeError(`${T.join(" or ")} instances for asymmetric algorithm signing must be of type "private"`);if("decrypt"===t&&"public"===e.type)throw new TypeError(`${T.join(" or ")} instances for asymmetric algorithm decryption must be of type "private"`);if(e.algorithm&&"verify"===t&&"private"===e.type)throw new TypeError(`${T.join(" or ")} instances for asymmetric algorithm verifying must be of type "public"`);if(e.algorithm&&"encrypt"===t&&"private"===e.type)throw new TypeError(`${T.join(" or ")} instances for asymmetric algorithm encryption must be of type "public"`)})(t,r)};const oe=async(e,t,r,n,o)=>{if(!(A(r)||r instanceof Uint8Array))throw new TypeError(D(r,...T,"Uint8Array"));switch(H(e,n),e){case"A128CBC-HS256":case"A192CBC-HS384":case"A256CBC-HS512":return r instanceof Uint8Array&&C(r,parseInt(e.substr(-3),10)),async function(e,t,r,n,o){if(!(r instanceof Uint8Array))throw new TypeError(D(r,"Uint8Array"));const s=parseInt(e.substr(1,3),10),c=await m.subtle.importKey("raw",r.subarray(s>>3),"AES-CBC",!1,["encrypt"]),d=await m.subtle.importKey("raw",r.subarray(0,s>>3),{hash:"SHA-"+(s<<1),name:"HMAC"},!1,["sign"]),p=new Uint8Array(await m.subtle.encrypt({iv:n,name:"AES-CBC"},c,t)),h=a(o,n,p,i(o.length<<3));return{ciphertext:p,tag:new Uint8Array((await m.subtle.sign("HMAC",d,h)).slice(0,s>>3))}}(e,t,r,n,o);case"A128GCM":case"A192GCM":case"A256GCM":return r instanceof Uint8Array&&C(r,parseInt(e.substr(1,3),10)),async function(e,t,r,n,a){let o;r instanceof Uint8Array?o=await m.subtle.importKey("raw",r,"AES-GCM",!1,["encrypt"]):(J(r,e,"encrypt"),o=r);const i=new Uint8Array(await m.subtle.encrypt({additionalData:a,iv:n,name:"AES-GCM",tagLength:128},o,t)),s=i.slice(-16);return{ciphertext:i.slice(0,-16),tag:s}}(e,t,r,n,o);default:throw new u("Unsupported JWE Content Encryption Algorithm")}};async function ie(e,t,r,n){switch(ae(e,t,"decrypt"),e){case"dir":if(void 0!==r)throw new l("Encountered unexpected JWE Encrypted Key");return t;case"ECDH-ES":if(void 0!==r)throw new l("Encountered unexpected JWE Encrypted Key");case"ECDH-ES+A128KW":case"ECDH-ES+A192KW":case"ECDH-ES+A256KW":{if(!G(n.epk))throw new l('JOSE Header "epk" (Ephemeral Public Key) missing or invalid');if(!q(t))throw new u("ECDH-ES with the provided key is not allowed or not supported by your javascript runtime");const a=await ne(n.epk,e);let o,i;if(void 0!==n.apu){if("string"!=typeof n.apu)throw new l('JOSE Header "apu" (Agreement PartyUInfo) invalid');o=p(n.apu)}if(void 0!==n.apv){if("string"!=typeof n.apv)throw new l('JOSE Header "apv" (Agreement PartyVInfo) invalid');i=p(n.apv)}const s=await Y(a,t,"ECDH-ES"===e?n.enc:e,"ECDH-ES"===e?ee(n.enc):parseInt(e.substr(-5,3),10),o,i);if("ECDH-ES"===e)return s;if(void 0===r)throw new l("JWE Encrypted Key missing");return F(e.substr(-6),s,r)}case"RSA1_5":case"RSA-OAEP":case"RSA-OAEP-256":case"RSA-OAEP-384":case"RSA-OAEP-512":if(void 0===r)throw new l("JWE Encrypted Key missing");return(async(e,t,r)=>{if(!A(t))throw new TypeError(D(t,...T));if(J(t,e,"decrypt","unwrapKey"),Z(e,t),t.usages.includes("decrypt"))return new Uint8Array(await m.subtle.decrypt(Q(e),t,r));if(t.usages.includes("unwrapKey")){const n=await m.subtle.unwrapKey("raw",r,t,Q(e),...j);return new Uint8Array(await m.subtle.exportKey("raw",n))}throw new TypeError('RSA-OAEP key "usages" must include "decrypt" or "unwrapKey" for this operation')})(e,t,r);case"PBES2-HS256+A128KW":case"PBES2-HS384+A192KW":case"PBES2-HS512+A256KW":if(void 0===r)throw new l("JWE Encrypted Key missing");if("number"!=typeof n.p2c)throw new l('JOSE Header "p2c" (PBES2 Count) missing or invalid');if("string"!=typeof n.p2s)throw new l('JOSE Header "p2s" (PBES2 Salt) missing or invalid');return(async(e,t,r,n,a)=>{const o=await X(a,e,n,t);return F(e.substr(-6),o,r)})(e,t,r,n.p2c,p(n.p2s));case"A128KW":case"A192KW":case"A256KW":if(void 0===r)throw new l("JWE Encrypted Key missing");return F(e,t,r);case"A128GCMKW":case"A192GCMKW":case"A256GCMKW":if(void 0===r)throw new l("JWE Encrypted Key missing");if("string"!=typeof n.iv)throw new l('JOSE Header "iv" (Initialization Vector) missing or invalid');if("string"!=typeof n.tag)throw new l('JOSE Header "tag" (Authentication Tag) missing or invalid');return async function(e,t,r,n,a){const o=e.substr(0,7);return I(o,t,r,n,a,new Uint8Array(0))}(e,t,r,p(n.iv),p(n.tag));default:throw new u('Invalid or unsupported "alg" (JWE Algorithm) header value')}}function se(e,t,r,n,a){if(void 0!==a.crit&&void 0===n.crit)throw new e('"crit" (Critical) Header Parameter MUST be integrity protected');if(!n||void 0===n.crit)return new Set;if(!Array.isArray(n.crit)||0===n.crit.length||n.crit.some((e=>"string"!=typeof e||0===e.length)))throw new e('"crit" (Critical) Header Parameter MUST be an array of non-empty strings when present');let o;o=void 0!==r?new Map([...Object.entries(r),...t.entries()]):t;for(const t of n.crit){if(!o.has(t))throw new u(`Extension Header Parameter "${t}" is not recognized`);if(void 0===a[t])throw new e(`Extension Header Parameter "${t}" is missing`);if(o.get(t)&&void 0===n[t])throw new e(`Extension Header Parameter "${t}" MUST be integrity protected`)}return new Set(n.crit)}const ce=(e,t)=>{if(void 0!==t&&(!Array.isArray(t)||t.some((e=>"string"!=typeof e))))throw new TypeError(`"${e}" option must be an array of strings`);if(t)return new Set(t)};async function de(e,n,o){var i;if(!G(e))throw new l("Flattened JWE must be an object");if(void 0===e.protected&&void 0===e.header&&void 0===e.unprotected)throw new l("JOSE Header missing");if("string"!=typeof e.iv)throw new l("JWE Initialization Vector missing or incorrect type");if("string"!=typeof e.ciphertext)throw new l("JWE Ciphertext missing or incorrect type");if("string"!=typeof e.tag)throw new l("JWE Authentication Tag missing or incorrect type");if(void 0!==e.protected&&"string"!=typeof e.protected)throw new l("JWE Protected Header incorrect type");if(void 0!==e.encrypted_key&&"string"!=typeof e.encrypted_key)throw new l("JWE Encrypted Key incorrect type");if(void 0!==e.aad&&"string"!=typeof e.aad)throw new l("JWE AAD incorrect type");if(void 0!==e.header&&!G(e.header))throw new l("JWE Shared Unprotected Header incorrect type");if(void 0!==e.unprotected&&!G(e.unprotected))throw new l("JWE Per-Recipient Unprotected Header incorrect type");let s;if(e.protected){const t=p(e.protected);try{s=JSON.parse(r.decode(t))}catch(e){throw new l("JWE Protected Header is invalid")}}if(!$(s,e.header,e.unprotected))throw new l("JWE Protected, JWE Unprotected Header, and JWE Per-Recipient Unprotected Header Parameter names must be disjoint");const c={...s,...e.header,...e.unprotected};if(se(l,new Map,null==o?void 0:o.crit,s,c),void 0!==c.zip){if(!s||!s.zip)throw new l('JWE "zip" (Compression Algorithm) Header MUST be integrity protected');if("DEF"!==c.zip)throw new u('Unsupported JWE "zip" (Compression Algorithm) Header Parameter value')}const{alg:d,enc:h}=c;if("string"!=typeof d||!d)throw new l("missing JWE Algorithm (alg) in JWE Header");if("string"!=typeof h||!h)throw new l("missing JWE Encryption Algorithm (enc) in JWE Header");const w=o&&ce("keyManagementAlgorithms",o.keyManagementAlgorithms),f=o&&ce("contentEncryptionAlgorithms",o.contentEncryptionAlgorithms);if(w&&!w.has(d))throw new y('"alg" (Algorithm) Header Parameter not allowed');if(f&&!f.has(h))throw new y('"enc" (Encryption Algorithm) Header Parameter not allowed');let g;void 0!==e.encrypted_key&&(g=p(e.encrypted_key));let E,m=!1;"function"==typeof n&&(n=await n(s,e),m=!0);try{E=await ie(d,n,g,c)}catch(e){if(e instanceof TypeError)throw e;E=te(h)}const A=p(e.iv),S=p(e.tag),b=t.encode(null!==(i=e.protected)&&void 0!==i?i:"");let v;v=void 0!==e.aad?a(b,t.encode("."),t.encode(e.aad)):b;let H=await I(h,E,p(e.ciphertext),A,S,v);"DEF"===c.zip&&(H=await((null==o?void 0:o.inflateRaw)||x)(H));const C={plaintext:H};return void 0!==e.protected&&(C.protectedHeader=s),void 0!==e.aad&&(C.additionalAuthenticatedData=p(e.aad)),void 0!==e.unprotected&&(C.sharedUnprotectedHeader=e.unprotected),void 0!==e.header&&(C.unprotectedHeader=e.header),m?{...C,key:n}:C}async function pe(e,t,n){if(e instanceof Uint8Array&&(e=r.decode(e)),"string"!=typeof e)throw new l("Compact JWE must be a string or Uint8Array");const{0:a,1:o,2:i,3:s,4:c,length:d}=e.split(".");if(5!==d)throw new l("Invalid Compact JWE");const p=await de({ciphertext:s||void 0,iv:i||void 0,protected:a||void 0,tag:c||void 0,encrypted_key:o||void 0},t,n),h={plaintext:p.plaintext,protectedHeader:p.protectedHeader};return"function"==typeof t?{...h,key:p.key}:h}var he=async e=>{if(e instanceof Uint8Array)return{kty:"oct",k:d(e)};if(!A(e))throw new TypeError(D(e,...T,"Uint8Array"));if(!e.extractable)throw new TypeError("non-extractable CryptoKey cannot be exported as a JWK");const{ext:t,key_ops:r,alg:n,use:a,...o}=await m.subtle.exportKey("jwk",e);return o};async function ye(e){return he(e)}async function ue(e,t,r,n,a={}){let o,i,s;switch(ae(e,r,"encrypt"),e){case"dir":s=r;break;case"ECDH-ES":case"ECDH-ES+A128KW":case"ECDH-ES+A192KW":case"ECDH-ES+A256KW":{if(!q(r))throw new u("ECDH-ES with the provided key is not allowed or not supported by your javascript runtime");const{apu:c,apv:p}=a;let{epk:h}=a;h||(h=await(async e=>{if(!A(e))throw new TypeError(D(e,...T));return(await m.subtle.generateKey({name:"ECDH",namedCurve:e.algorithm.namedCurve},!0,["deriveBits"])).privateKey})(r));const{x:y,y:w,crv:l,kty:f}=await ye(h),g=await Y(r,h,"ECDH-ES"===e?t:e,"ECDH-ES"===e?ee(t):parseInt(e.substr(-5,3),10),c,p);if(i={epk:{x:y,y:w,crv:l,kty:f}},c&&(i.apu=d(c)),p&&(i.apv=d(p)),"ECDH-ES"===e){s=g;break}s=n||te(t);const E=e.substr(-6);o=await L(E,g,s);break}case"RSA1_5":case"RSA-OAEP":case"RSA-OAEP-256":case"RSA-OAEP-384":case"RSA-OAEP-512":s=n||te(t),o=await(async(e,t,r)=>{if(!A(t))throw new TypeError(D(t,...T));if(J(t,e,"encrypt","wrapKey"),Z(e,t),t.usages.includes("encrypt"))return new Uint8Array(await m.subtle.encrypt(Q(e),t,r));if(t.usages.includes("wrapKey")){const n=await m.subtle.importKey("raw",r,...j);return new Uint8Array(await m.subtle.wrapKey("raw",n,t,Q(e)))}throw new TypeError('RSA-OAEP key "usages" must include "encrypt" or "wrapKey" for this operation')})(e,r,s);break;case"PBES2-HS256+A128KW":case"PBES2-HS384+A192KW":case"PBES2-HS512+A256KW":{s=n||te(t);const{p2c:c,p2s:p}=a;({encryptedKey:o,...i}=await(async(e,t,r,n=Math.floor(2049*Math.random())+2048,a=S(new Uint8Array(16)))=>{const o=await X(a,e,n,t);return{encryptedKey:await L(e.substr(-6),o,r),p2c:n,p2s:d(a)}})(e,r,s,c,p));break}case"A128KW":case"A192KW":case"A256KW":s=n||te(t),o=await L(e,r,s);break;case"A128GCMKW":case"A192GCMKW":case"A256GCMKW":{s=n||te(t);const{iv:c}=a;({encryptedKey:o,...i}=await async function(e,t,r,n){const a=e.substr(0,7);n||(n=v(a));const{ciphertext:o,tag:i}=await oe(a,r,t,n,new Uint8Array(0));return{encryptedKey:o,iv:d(n),tag:d(i)}}(e,r,s,c));break}default:throw new u('Invalid or unsupported "alg" (JWE Algorithm) header value')}return{cek:s,encryptedKey:o,parameters:i}}const we=Symbol();class le{constructor(e){if(!(e instanceof Uint8Array))throw new TypeError("plaintext must be an instance of Uint8Array");this._plaintext=e}setKeyManagementParameters(e){if(this._keyManagementParameters)throw new TypeError("setKeyManagementParameters can only be called once");return this._keyManagementParameters=e,this}setProtectedHeader(e){if(this._protectedHeader)throw new TypeError("setProtectedHeader can only be called once");return this._protectedHeader=e,this}setSharedUnprotectedHeader(e){if(this._sharedUnprotectedHeader)throw new TypeError("setSharedUnprotectedHeader can only be called once");return this._sharedUnprotectedHeader=e,this}setUnprotectedHeader(e){if(this._unprotectedHeader)throw new TypeError("setUnprotectedHeader can only be called once");return this._unprotectedHeader=e,this}setAdditionalAuthenticatedData(e){return this._aad=e,this}setContentEncryptionKey(e){if(this._cek)throw new TypeError("setContentEncryptionKey can only be called once");return this._cek=e,this}setInitializationVector(e){if(this._iv)throw new TypeError("setInitializationVector can only be called once");return this._iv=e,this}async encrypt(e,n){if(!this._protectedHeader&&!this._unprotectedHeader&&!this._sharedUnprotectedHeader)throw new l("either setProtectedHeader, setUnprotectedHeader, or sharedUnprotectedHeader must be called before #encrypt()");if(!$(this._protectedHeader,this._unprotectedHeader,this._sharedUnprotectedHeader))throw new l("JWE Protected, JWE Shared Unprotected and JWE Per-Recipient Header Parameter names must be disjoint");const o={...this._protectedHeader,...this._unprotectedHeader,...this._sharedUnprotectedHeader};if(se(l,new Map,null==n?void 0:n.crit,this._protectedHeader,o),void 0!==o.zip){if(!this._protectedHeader||!this._protectedHeader.zip)throw new l('JWE "zip" (Compression Algorithm) Header MUST be integrity protected');if("DEF"!==o.zip)throw new u('Unsupported JWE "zip" (Compression Algorithm) Header Parameter value')}const{alg:i,enc:s}=o;if("string"!=typeof i||!i)throw new l('JWE "alg" (Algorithm) Header Parameter missing or invalid');if("string"!=typeof s||!s)throw new l('JWE "enc" (Encryption Algorithm) Header Parameter missing or invalid');let c,p,h,y,w,f,g;if("dir"===i){if(this._cek)throw new TypeError("setContentEncryptionKey cannot be called when using Direct Encryption")}else if("ECDH-ES"===i&&this._cek)throw new TypeError("setContentEncryptionKey cannot be called when using Direct Key Agreement");{let t;({cek:p,encryptedKey:c,parameters:t}=await ue(i,s,e,this._cek,this._keyManagementParameters)),t&&(n&&we in n?this._unprotectedHeader?this._unprotectedHeader={...this._unprotectedHeader,...t}:this.setUnprotectedHeader(t):this._protectedHeader?this._protectedHeader={...this._protectedHeader,...t}:this.setProtectedHeader(t))}if(this._iv||(this._iv=v(s)),y=this._protectedHeader?t.encode(d(JSON.stringify(this._protectedHeader))):t.encode(""),this._aad?(w=d(this._aad),h=a(y,t.encode("."),t.encode(w))):h=y,"DEF"===o.zip){const e=await((null==n?void 0:n.deflateRaw)||B)(this._plaintext);({ciphertext:f,tag:g}=await oe(s,e,p,this._iv,h))}else({ciphertext:f,tag:g}=await oe(s,this._plaintext,p,this._iv,h));const E={ciphertext:d(f),iv:d(this._iv),tag:d(g)};return c&&(E.encrypted_key=d(c)),w&&(E.aad=w),this._protectedHeader&&(E.protected=r.decode(y)),this._sharedUnprotectedHeader&&(E.unprotected=this._sharedUnprotectedHeader),this._unprotectedHeader&&(E.header=this._unprotectedHeader),E}}function fe(e,t){const r=parseInt(e.substr(-3),10);switch(e){case"HS256":case"HS384":case"HS512":return{hash:`SHA-${r}`,name:"HMAC"};case"PS256":case"PS384":case"PS512":return{hash:`SHA-${r}`,name:"RSA-PSS",saltLength:r>>3};case"RS256":case"RS384":case"RS512":return{hash:`SHA-${r}`,name:"RSASSA-PKCS1-v1_5"};case"ES256":case"ES384":case"ES512":return{hash:`SHA-${r}`,name:"ECDSA",namedCurve:t};case(P()||K())&&"EdDSA":return{name:t,namedCurve:t};default:throw new u(`alg ${e} is not supported either by JOSE or your javascript runtime`)}}function ge(e,t,r){if(A(t))return R(t,e,r),t;if(t instanceof Uint8Array){if(!e.startsWith("HS"))throw new TypeError(D(t,...T));return m.subtle.importKey("raw",t,{hash:`SHA-${e.substr(-3)}`,name:"HMAC"},!1,[r])}throw new TypeError(D(t,...T,"Uint8Array"))}async function Ee(e,n,o){var i;if(!G(e))throw new f("Flattened JWS must be an object");if(void 0===e.protected&&void 0===e.header)throw new f('Flattened JWS must have either of the "protected" or "header" members');if(void 0!==e.protected&&"string"!=typeof e.protected)throw new f("JWS Protected Header incorrect type");if(void 0===e.payload)throw new f("JWS Payload missing");if("string"!=typeof e.signature)throw new f("JWS Signature missing or incorrect type");if(void 0!==e.header&&!G(e.header))throw new f("JWS Unprotected Header incorrect type");let s={};if(e.protected){const t=p(e.protected);try{s=JSON.parse(r.decode(t))}catch(e){throw new f("JWS Protected Header is invalid")}}if(!$(s,e.header))throw new f("JWS Protected and JWS Unprotected Header Parameter names must be disjoint");const c={...s,...e.header};let d=!0;if(se(f,new Map([["b64",!0]]),null==o?void 0:o.crit,s,c).has("b64")&&(d=s.b64,"boolean"!=typeof d))throw new f('The "b64" (base64url-encode payload) Header Parameter must be a boolean');const{alg:h}=c;if("string"!=typeof h||!h)throw new f('JWS "alg" (Algorithm) Header Parameter missing or invalid');const u=o&&ce("algorithms",o.algorithms);if(u&&!u.has(h))throw new y('"alg" (Algorithm) Header Parameter not allowed');if(d){if("string"!=typeof e.payload)throw new f("JWS Payload must be a string")}else if("string"!=typeof e.payload&&!(e.payload instanceof Uint8Array))throw new f("JWS Payload must be a string or an Uint8Array instance");let w=!1;"function"==typeof n&&(n=await n(s,e),w=!0),ae(h,n,"verify");const l=a(t.encode(null!==(i=e.protected)&&void 0!==i?i:""),t.encode("."),"string"==typeof e.payload?t.encode(e.payload):e.payload),g=p(e.signature),A=await(async(e,t,r,n)=>{const a=await ge(e,t,"verify");Z(e,a);const o=fe(e,a.algorithm.namedCurve);try{return await m.subtle.verify(o,a,r,n)}catch(e){return!1}})(h,n,g,l);if(!A)throw new E;let S;S=d?p(e.payload):"string"==typeof e.payload?t.encode(e.payload):e.payload;const b={payload:S};return void 0!==e.protected&&(b.protectedHeader=s),void 0!==e.header&&(b.unprotectedHeader=e.header),w?{...b,key:n}:b}async function me(e,t,n){if(e instanceof Uint8Array&&(e=r.decode(e)),"string"!=typeof e)throw new f("Compact JWS must be a string or Uint8Array");const{0:a,1:o,2:i,length:s}=e.split(".");if(3!==s)throw new f("Invalid Compact JWS");const c=await Ee({payload:o,protected:a,signature:i},t,n),d={payload:c.payload,protectedHeader:c.protectedHeader};return"function"==typeof t?{...d,key:c.key}:d}class Ae{constructor(e){this._flattened=new le(e)}setContentEncryptionKey(e){return this._flattened.setContentEncryptionKey(e),this}setInitializationVector(e){return this._flattened.setInitializationVector(e),this}setProtectedHeader(e){return this._flattened.setProtectedHeader(e),this}setKeyManagementParameters(e){return this._flattened.setKeyManagementParameters(e),this}async encrypt(e,t){const r=await this._flattened.encrypt(e,t);return[r.protected,r.encrypted_key,r.iv,r.ciphertext,r.tag].join(".")}}class Se{constructor(e){if(!(e instanceof Uint8Array))throw new TypeError("payload must be an instance of Uint8Array");this._payload=e}setProtectedHeader(e){if(this._protectedHeader)throw new TypeError("setProtectedHeader can only be called once");return this._protectedHeader=e,this}setUnprotectedHeader(e){if(this._unprotectedHeader)throw new TypeError("setUnprotectedHeader can only be called once");return this._unprotectedHeader=e,this}async sign(e,n){if(!this._protectedHeader&&!this._unprotectedHeader)throw new f("either setProtectedHeader or setUnprotectedHeader must be called before #sign()");if(!$(this._protectedHeader,this._unprotectedHeader))throw new f("JWS Protected and JWS Unprotected Header Parameter names must be disjoint");const o={...this._protectedHeader,...this._unprotectedHeader};let i=!0;if(se(f,new Map([["b64",!0]]),null==n?void 0:n.crit,this._protectedHeader,o).has("b64")&&(i=this._protectedHeader.b64,"boolean"!=typeof i))throw new f('The "b64" (base64url-encode payload) Header Parameter must be a boolean');const{alg:s}=o;if("string"!=typeof s||!s)throw new f('JWS "alg" (Algorithm) Header Parameter missing or invalid');ae(s,e,"sign");let c,p=this._payload;i&&(p=t.encode(d(p))),c=this._protectedHeader?t.encode(d(JSON.stringify(this._protectedHeader))):t.encode("");const h=a(c,t.encode("."),p),y=await(async(e,t,r)=>{const n=await ge(e,t,"sign");Z(e,n);const a=await m.subtle.sign(fe(e,n.algorithm.namedCurve),n,r);return new Uint8Array(a)})(s,e,h),u={signature:d(y),payload:""};return i&&(u.payload=r.decode(p)),this._unprotectedHeader&&(u.header=this._unprotectedHeader),this._protectedHeader&&(u.protected=r.decode(c)),u}}class be{constructor(e){this._flattened=new Se(e)}setProtectedHeader(e){return this._flattened.setProtectedHeader(e),this}async sign(e,t){const r=await this._flattened.sign(e,t);if(void 0===r.payload)throw new TypeError("use the flattened module for creating JWS with b64: false");return`${r.protected}.${r.payload}.${r.signature}`}}const ve=(e,t)=>{if("string"!=typeof e||!e)throw new g(`${t} missing or invalid`)};const He=async function(e,t="SHA-256"){const r=["SHA-1","SHA-256","SHA-384","SHA-512"];if(!r.includes(t))throw new RangeError(`Valid hash algorith values are any of ${JSON.stringify(r)}`);const n=new TextEncoder,a="string"==typeof e?n.encode(e).buffer:e;let o="";{const e=await crypto.subtle.digest(t,a),r="0123456789abcdef";new Uint8Array(e).forEach((e=>{o+=r[e>>4]+r[15&e]}))}return o},Ce=async(e,t)=>{const{payload:r}=await me(t,e).catch((e=>{throw new Error(`PoR: ${String(e)}`)}));return JSON.parse((new TextDecoder).decode(r).toString())},Pe=async(e,t)=>{const{payload:r}=await me(t,e).catch((e=>{throw new Error("PoO "+String(e))}));return JSON.parse((new TextDecoder).decode(r).toString())},Ke=async(e,t)=>{const r=new TextDecoder,n=await ne(t,"A256GCM"),{plaintext:a}=await pe(e,n);return r.decode(a)},_e="ES256",We=async(e,t)=>{const r=(new TextEncoder).encode(JSON.stringify(t));return await new be(r).setProtectedHeader({alg:_e}).sign(e)};e.SIGNING_ALG=_e,e.createBlockchainProof=async(e,t,r,n)=>{const a=await Pe(e,t);return{privateStorage:{availability:"privateStorage",permissions:{view:[a.exchange.orig,a.exchange.dest]},type:"dict",id:a.exchange.id,content:{[a.exchange.block_id]:{poO:t,poR:r}}},blockchain:{availability:"blockchain",type:"jwk",content:{[n.kid]:n}}}},e.createJwk=async()=>{let e;e=await window.crypto.subtle.generateKey({name:"AES-GCM",length:256},!0,["encrypt","decrypt"]);const r=await ye(e),n=await async function(e,r="sha256"){if(!G(e))throw new TypeError("JWK must be an object");let n;switch(e.kty){case"EC":ve(e.crv,'"crv" (Curve) Parameter'),ve(e.x,'"x" (X Coordinate) Parameter'),ve(e.y,'"y" (Y Coordinate) Parameter'),n={crv:e.crv,kty:e.kty,x:e.x,y:e.y};break;case"OKP":ve(e.crv,'"crv" (Subtype of Key Pair) Parameter'),ve(e.x,'"x" (Public Key) Parameter'),n={crv:e.crv,kty:e.kty,x:e.x};break;case"RSA":ve(e.e,'"e" (Exponent) Parameter'),ve(e.n,'"n" (Modulus) Parameter'),n={e:e.e,kty:e.kty,n:e.n};break;case"oct":ve(e.k,'"k" (Key Value) Parameter'),n={k:e.k,kty:e.kty};break;default:throw new u('"kty" (Key Type) Parameter missing or unsupported')}const a=t.encode(JSON.stringify(n));return d(await V(r,a))}(r);return r.kid=n,r.alg="A256GCM",r},e.createPoO=async(e,t,r,n,a,o,i)=>{const s="string"==typeof t?(new TextEncoder).encode(t):new Uint8Array(t),c=await ne(i),d=await new Ae(s).setProtectedHeader({alg:"dir",enc:"A256GCM"}).encrypt(c),p=await He(d),h=await He(s),y=await He(JSON.stringify(i)),u={iss:r,sub:n,iat:Date.now(),exchange:{id:a,orig:r,dest:n,block_id:o,block_desc:"description",hash_alg:"sha256",cipherblock_dgst:p,block_commitment:h,key_commitment:y}};return{cipherblock:d,poO:await We(e,u)}},e.createPoR=async(e,t,r,n,a)=>{const o=await He(t),i={iss:r,sub:n,iat:Date.now(),exchange:{poo_dgst:o,hash_alg:"sha256",exchangeId:a}};return await We(e,i)},e.decodePoo=Pe,e.decodePor=Ce,e.decryptCipherblock=Ke,e.sha=He,e.signProof=We,e.validateCipherblock=async(e,t,r,n)=>{const a=await Ke(t,r);if(await He(a)===n.exchange.block_commitment)return!0;throw new Error("hashed CipherBlock not correspond to block_commitment parameter included in the proof of origin")},e.validatePoO=async(e,t,r)=>{const n=await Pe(e,t),a=await He(r);if(n.exchange.cipherblock_dgst!==a)throw new Error("the cipherblock_dgst parameter in the proof of origin does not correspond to hash of the cipherblock received by the provider");if(Date.now()-n.iat>5e3)throw new Error("timestamp error");return!0},e.validatePoP=(e,t,r,n,a)=>new Promise(((o,i)=>{me(r,e).catch((e=>{i(new Error("PoP "+String(e)))})),Pe(t,a).then((e=>{He(JSON.stringify(n)).then((t=>{e.exchange.key_commitment===t?o(!0):i(new Error("hashed key not correspond to poO key_commitment parameter"))})).catch((e=>i(e)))})).catch((e=>i(e)))})),e.validatePoR=async(e,t,r)=>{const n=await Ce(e,t);if(await He(r)!==n.exchange.poo_dgst)throw new Error("the hashed proof of origin received does not correspond to the poo_dgst parameter in the proof of origin");if(Date.now()-n.iat>5e3)throw new Error("timestamp error");return!0},Object.defineProperty(e,"__esModule",{value:!0})})); diff --git a/docs/interfaces/PoO.md b/docs/interfaces/PoO.md new file mode 100644 index 0000000..970d3e6 --- /dev/null +++ b/docs/interfaces/PoO.md @@ -0,0 +1,64 @@ +# Interface: PoO + +## Table of contents + +### Properties + +- [exchange](PoO.md#exchange) +- [iat](PoO.md#iat) +- [iss](PoO.md#iss) +- [sub](PoO.md#sub) + +## Properties + +### exchange + +• **exchange**: `Object` + +#### Type declaration + +| Name | Type | +| :------ | :------ | +| `block_commitment` | `string` | +| `block_desc` | `string` | +| `block_id` | `number` | +| `cipherblock_dgst` | `string` | +| `dest` | `string` | +| `hash_alg` | `string` | +| `id` | `number` | +| `key_commitment` | `string` | +| `orig` | `string` | + +#### Defined in + +[proofInterfaces.ts:19](https://gitlab.com/i3-market/code/wp3/t3.3/non-repudiable-exchange/non-repudiable-proofs/-/blob/a3055d8/src/ts/proofInterfaces.ts#L19) + +___ + +### iat + +• **iat**: `number` + +#### Defined in + +[proofInterfaces.ts:18](https://gitlab.com/i3-market/code/wp3/t3.3/non-repudiable-exchange/non-repudiable-proofs/-/blob/a3055d8/src/ts/proofInterfaces.ts#L18) + +___ + +### iss + +• **iss**: `string` + +#### Defined in + +[proofInterfaces.ts:16](https://gitlab.com/i3-market/code/wp3/t3.3/non-repudiable-exchange/non-repudiable-proofs/-/blob/a3055d8/src/ts/proofInterfaces.ts#L16) + +___ + +### sub + +• **sub**: `string` + +#### Defined in + +[proofInterfaces.ts:17](https://gitlab.com/i3-market/code/wp3/t3.3/non-repudiable-exchange/non-repudiable-proofs/-/blob/a3055d8/src/ts/proofInterfaces.ts#L17) diff --git a/docs/interfaces/PoR.md b/docs/interfaces/PoR.md new file mode 100644 index 0000000..5da7233 --- /dev/null +++ b/docs/interfaces/PoR.md @@ -0,0 +1,58 @@ +# Interface: PoR + +## Table of contents + +### Properties + +- [exchange](PoR.md#exchange) +- [iat](PoR.md#iat) +- [iss](PoR.md#iss) +- [sub](PoR.md#sub) + +## Properties + +### exchange + +• **exchange**: `Object` + +#### Type declaration + +| Name | Type | +| :------ | :------ | +| `exchangeId` | `number` | +| `hash_alg` | `string` | +| `poo_dgst` | `string` | + +#### Defined in + +[proofInterfaces.ts:35](https://gitlab.com/i3-market/code/wp3/t3.3/non-repudiable-exchange/non-repudiable-proofs/-/blob/a3055d8/src/ts/proofInterfaces.ts#L35) + +___ + +### iat + +• **iat**: `number` + +#### Defined in + +[proofInterfaces.ts:34](https://gitlab.com/i3-market/code/wp3/t3.3/non-repudiable-exchange/non-repudiable-proofs/-/blob/a3055d8/src/ts/proofInterfaces.ts#L34) + +___ + +### iss + +• **iss**: `string` + +#### Defined in + +[proofInterfaces.ts:32](https://gitlab.com/i3-market/code/wp3/t3.3/non-repudiable-exchange/non-repudiable-proofs/-/blob/a3055d8/src/ts/proofInterfaces.ts#L32) + +___ + +### sub + +• **sub**: `string` + +#### Defined in + +[proofInterfaces.ts:33](https://gitlab.com/i3-market/code/wp3/t3.3/non-repudiable-exchange/non-repudiable-proofs/-/blob/a3055d8/src/ts/proofInterfaces.ts#L33) diff --git a/types/createProofs.d.ts b/types/createProofs.d.ts new file mode 100644 index 0000000..a264fcb --- /dev/null +++ b/types/createProofs.d.ts @@ -0,0 +1,43 @@ +import { JWK, KeyLike } from 'jose'; +import { account } from './proofInterfaces'; +export declare const SIGNING_ALG = "ES256"; +export declare const ENC_ALG = "AES-GCM"; +export declare const ENC_ALG_KEY_LENGTH = 256; +/** + * + * Create Proof of Origin and sign with Provider private key + * + * @param privateKey - private key of the signer/issuer + * @param block - the blocks asdfsdfsd + * @param providerId + * @param consumerId + * @param exchangeId + * @param blockId + * @param jwk + * @returns + */ +declare const createPoO: (privateKey: KeyLike, block: ArrayBufferLike | string, providerId: string, consumerId: string, exchangeId: number, blockId: number, jwk: JWK) => Promise<{ + cipherblock: string; + poO: string; +}>; +/** + * Create a random (high entropy) symmetric JWK secret + * + * @returns a promise that resolves to a JWK + */ +declare const createJwk: () => Promise; +/** + * Sign a proof with private key + */ +declare const signProof: (privateKey: KeyLike, proof: any) => Promise; +/** + * Create Proof of Receipt and sign with Consumer private key + */ +declare const createPoR: (privateKey: KeyLike, poO: string, providerId: string, consumerId: string, exchangeId: number) => Promise; +/** + * + * Prepare block to be send to the Backplain API + */ +declare const createBlockchainProof: (publicKey: KeyLike, poO: string, poR: string, jwk: JWK) => Promise; +export { createJwk, createPoO, signProof, createPoR, createBlockchainProof }; +//# sourceMappingURL=createProofs.d.ts.map \ No newline at end of file diff --git a/types/createProofs.d.ts.map b/types/createProofs.d.ts.map new file mode 100644 index 0000000..83b8315 --- /dev/null +++ b/types/createProofs.d.ts.map @@ -0,0 +1 @@ +{"version":3,"file":"createProofs.d.ts","sourceRoot":"","sources":["../src/ts/createProofs.ts"],"names":[],"mappings":"AAAA,OAAO,EAAuD,GAAG,EAAE,OAAO,EAAwC,MAAM,MAAM,CAAA;AAE9H,OAAO,EAAE,OAAO,EAAY,MAAM,mBAAmB,CAAA;AAGrD,eAAO,MAAM,WAAW,UAAU,CAAA;AAClC,eAAO,MAAM,OAAO,YAAY,CAAA;AAChC,eAAO,MAAM,kBAAkB,MAAM,CAAA;AAErC;;;;;;;;;;;;GAYG;AACH,QAAA,MAAM,SAAS,eAAsB,OAAO,SAAS,eAAe,GAAG,MAAM,cAAc,MAAM,cAAc,MAAM,cAAc,MAAM,WAAW,MAAM,OAAO,GAAG;iBAA0B,MAAM;SAAO,MAAM;EA8BhN,CAAA;AAED;;;;GAIG;AACH,QAAA,MAAM,SAAS,QAAa,QAAQ,GAAG,CAqBtC,CAAA;AAED;;GAEG;AACH,QAAA,MAAM,SAAS,eAAsB,OAAO,SAAS,GAAG,KAAG,QAAQ,MAAM,CAOxE,CAAA;AAED;;GAEG;AACH,QAAA,MAAM,SAAS,eAAsB,OAAO,OAAO,MAAM,cAAc,MAAM,cAAc,MAAM,cAAc,MAAM,KAAG,QAAQ,MAAM,CAgBrI,CAAA;AAED;;;GAGG;AACH,QAAA,MAAM,qBAAqB,cAAqB,OAAO,OAAO,MAAM,OAAO,MAAM,OAAO,GAAG,KAAG,QAAQ,OAAO,CAoB5G,CAAA;AAyBD,OAAO,EAAE,SAAS,EAAE,SAAS,EAAE,SAAS,EAAE,SAAS,EAAE,qBAAqB,EAAE,CAAA"} \ No newline at end of file diff --git a/types/index.d.ts b/types/index.d.ts new file mode 100644 index 0000000..d4ba57a --- /dev/null +++ b/types/index.d.ts @@ -0,0 +1,13 @@ +/** + * My module description. Please update with your module data. + * + * @remarks + * This module runs perfectly in node.js and browsers + * + * @packageDocumentation + */ +export { SIGNING_ALG, createJwk, createPoO, signProof, createPoR, createBlockchainProof } from './createProofs'; +export { account, PoO, PoR } from './proofInterfaces'; +export { validatePoR, validatePoO, validatePoP, decryptCipherblock, validateCipherblock, decodePoo, decodePor } from './validateProofs'; +export { sha } from './sha'; +//# sourceMappingURL=index.d.ts.map \ No newline at end of file diff --git a/types/index.d.ts.map b/types/index.d.ts.map new file mode 100644 index 0000000..fbb3820 --- /dev/null +++ b/types/index.d.ts.map @@ -0,0 +1 @@ +{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/ts/index.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAEH,OAAO,EAAE,WAAW,EAAE,SAAS,EAAE,SAAS,EAAE,SAAS,EAAE,SAAS,EAAE,qBAAqB,EAAE,MAAM,gBAAgB,CAAA;AAC/G,OAAO,EAAE,OAAO,EAAE,GAAG,EAAE,GAAG,EAAE,MAAM,mBAAmB,CAAA;AACrD,OAAO,EAAE,WAAW,EAAE,WAAW,EAAE,WAAW,EAAE,kBAAkB,EAAE,mBAAmB,EAAE,SAAS,EAAE,SAAS,EAAE,MAAM,kBAAkB,CAAA;AACvI,OAAO,EAAE,GAAG,EAAE,MAAM,OAAO,CAAA"} \ No newline at end of file diff --git a/types/proofInterfaces.d.ts b/types/proofInterfaces.d.ts new file mode 100644 index 0000000..6edae31 --- /dev/null +++ b/types/proofInterfaces.d.ts @@ -0,0 +1,62 @@ +import types from 'jose'; +export interface DataExchange { + id: number; + orig?: string; + dest?: string; + block_id?: number; + block_desc?: string; + hash_alg: string; + cipherblock_dgst: string; + block_commitment: string; + key_commitment: string; +} +export interface PoO { + iss: string; + sub: string; + iat: number; + exchange: { + id: number; + orig: string; + dest: string; + block_id: number; + block_desc: string; + hash_alg: string; + cipherblock_dgst: string; + block_commitment: string; + key_commitment: string; + }; +} +export interface PoR { + iss: string; + sub: string; + iat: number; + exchange: { + poo_dgst: string; + hash_alg: string; + exchangeId: number; + }; +} +export interface account { + privateStorage: { + availability: string; + permissions: { + view: string[]; + }; + type: string; + id: number; + content: { + [block_id: number]: { + poO: string; + poR: string; + }; + }; + }; + blockchain: { + availability: string; + type: string; + content: { + [kid: string]: types.JWK; + }; + }; +} +//# sourceMappingURL=proofInterfaces.d.ts.map \ No newline at end of file diff --git a/types/proofInterfaces.d.ts.map b/types/proofInterfaces.d.ts.map new file mode 100644 index 0000000..1133b0e --- /dev/null +++ b/types/proofInterfaces.d.ts.map @@ -0,0 +1 @@ +{"version":3,"file":"proofInterfaces.d.ts","sourceRoot":"","sources":["../src/ts/proofInterfaces.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,MAAM,MAAM,CAAA;AAExB,MAAM,WAAW,YAAY;IAC3B,EAAE,EAAE,MAAM,CAAA;IACV,IAAI,CAAC,EAAE,MAAM,CAAA;IACb,IAAI,CAAC,EAAE,MAAM,CAAA;IACb,QAAQ,CAAC,EAAE,MAAM,CAAA;IACjB,UAAU,CAAC,EAAE,MAAM,CAAA;IACnB,QAAQ,EAAE,MAAM,CAAA;IAChB,gBAAgB,EAAE,MAAM,CAAA;IACxB,gBAAgB,EAAE,MAAM,CAAA;IACxB,cAAc,EAAE,MAAM,CAAA;CACvB;AAED,MAAM,WAAW,GAAG;IAClB,GAAG,EAAE,MAAM,CAAA;IACX,GAAG,EAAE,MAAM,CAAA;IACX,GAAG,EAAE,MAAM,CAAA;IACX,QAAQ,EAAE;QACR,EAAE,EAAE,MAAM,CAAA;QACV,IAAI,EAAE,MAAM,CAAA;QACZ,IAAI,EAAE,MAAM,CAAA;QACZ,QAAQ,EAAE,MAAM,CAAA;QAChB,UAAU,EAAE,MAAM,CAAA;QAClB,QAAQ,EAAE,MAAM,CAAA;QAChB,gBAAgB,EAAE,MAAM,CAAA;QACxB,gBAAgB,EAAE,MAAM,CAAA;QACxB,cAAc,EAAE,MAAM,CAAA;KACvB,CAAA;CACF;AACD,MAAM,WAAW,GAAG;IAClB,GAAG,EAAE,MAAM,CAAA;IACX,GAAG,EAAE,MAAM,CAAA;IACX,GAAG,EAAE,MAAM,CAAA;IACX,QAAQ,EAAE;QACR,QAAQ,EAAE,MAAM,CAAA;QAChB,QAAQ,EAAE,MAAM,CAAA;QAChB,UAAU,EAAE,MAAM,CAAA;KACnB,CAAA;CACF;AACD,MAAM,WAAW,OAAO;IACtB,cAAc,EAAE;QACd,YAAY,EAAE,MAAM,CAAA;QACpB,WAAW,EAAE;YACX,IAAI,EAAE,MAAM,EAAE,CAAA;SACf,CAAA;QACD,IAAI,EAAE,MAAM,CAAA;QACZ,EAAE,EAAE,MAAM,CAAA;QACV,OAAO,EAAE;YACP,CAAC,QAAQ,EAAE,MAAM,GAAG;gBAClB,GAAG,EAAE,MAAM,CAAA;gBACX,GAAG,EAAE,MAAM,CAAA;aACZ,CAAA;SACF,CAAA;KACF,CAAA;IACD,UAAU,EAAE;QACV,YAAY,EAAE,MAAM,CAAA;QACpB,IAAI,EAAE,MAAM,CAAA;QACZ,OAAO,EAAE;YACP,CAAC,GAAG,EAAE,MAAM,GAAG,KAAK,CAAC,GAAG,CAAA;SACzB,CAAA;KACF,CAAA;CACF"} \ No newline at end of file diff --git a/types/sha.d.ts b/types/sha.d.ts new file mode 100644 index 0000000..a93dadc --- /dev/null +++ b/types/sha.d.ts @@ -0,0 +1,4 @@ +declare const sha: (input: string | Uint8Array, algorithm?: string) => Promise; +export { sha }; +export default sha; +//# sourceMappingURL=sha.d.ts.map \ No newline at end of file diff --git a/types/sha.d.ts.map b/types/sha.d.ts.map new file mode 100644 index 0000000..d0361ec --- /dev/null +++ b/types/sha.d.ts.map @@ -0,0 +1 @@ +{"version":3,"file":"sha.d.ts","sourceRoot":"","sources":["../src/ts/sha.ts"],"names":[],"mappings":"AAAA,QAAA,MAAM,GAAG,UAA0B,MAAM,GAAC,UAAU,yBAA0B,QAAQ,MAAM,CAqB3F,CAAA;AACD,OAAO,EAAE,GAAG,EAAE,CAAA;AACd,eAAe,GAAG,CAAA"} \ No newline at end of file diff --git a/types/validateProofs.d.ts b/types/validateProofs.d.ts new file mode 100644 index 0000000..1c95edf --- /dev/null +++ b/types/validateProofs.d.ts @@ -0,0 +1,32 @@ +import { JWK, KeyLike } from 'jose'; +import { PoO, PoR } from './proofInterfaces'; +/** + * Validate Proof or Request using the Provider Public Key + */ +declare const validatePoR: (publicKey: KeyLike, poR: string, poO: string) => Promise; +/** + * Decode Proof of Reception with Consumer public key + */ +declare const decodePor: (publicKey: KeyLike, poR: string) => Promise; +/** + * Validate Proof or Origin using the Consumer Public Key + */ +declare const validatePoO: (publicKey: KeyLike, poO: string, cipherblock: string) => Promise; +/** + * Decode Proof of Origin with Provider public key + */ +declare const decodePoo: (publicKey: KeyLike, poO: string) => Promise; +/** + * Validate Proof of Publication using the Backplain Public Key + */ +declare const validatePoP: (publicKeyBackplain: KeyLike, publicKeyProvider: KeyLike, poP: string, jwk: JWK, poO: string) => Promise; +/** + * Decrypt the cipherblock received + */ +declare const decryptCipherblock: (chiperblock: string, jwk: JWK) => Promise; +/** + * Validate the cipherblock + */ +declare const validateCipherblock: (publicKey: KeyLike, chiperblock: string, jwk: JWK, poO: PoO) => Promise; +export { validatePoR, validatePoO, validatePoP, decryptCipherblock, validateCipherblock, decodePoo, decodePor }; +//# sourceMappingURL=validateProofs.d.ts.map \ No newline at end of file diff --git a/types/validateProofs.d.ts.map b/types/validateProofs.d.ts.map new file mode 100644 index 0000000..e97aa79 --- /dev/null +++ b/types/validateProofs.d.ts.map @@ -0,0 +1 @@ +{"version":3,"file":"validateProofs.d.ts","sourceRoot":"","sources":["../src/ts/validateProofs.ts"],"names":[],"mappings":"AAAA,OAAO,EAA4C,GAAG,EAAE,OAAO,EAAE,MAAM,MAAM,CAAA;AAE7E,OAAO,EAAE,GAAG,EAAE,GAAG,EAAE,MAAM,mBAAmB,CAAA;AAK5C;;GAEG;AACH,QAAA,MAAM,WAAW,cAAqB,OAAO,OAAO,MAAM,OAAO,MAAM,KAAG,QAAQ,OAAO,CAWxF,CAAA;AAED;;GAEG;AACH,QAAA,MAAM,SAAS,cAAqB,OAAO,OAAO,MAAM,KAAG,QAAQ,GAAG,CAMrE,CAAA;AAED;;GAEG;AACH,QAAA,MAAM,WAAW,cAAqB,OAAO,OAAO,MAAM,eAAe,MAAM,KAAG,QAAQ,OAAO,CAWhG,CAAA;AAED;;GAEG;AACH,QAAA,MAAM,SAAS,cAAqB,OAAO,OAAO,MAAM,KAAG,QAAQ,GAAG,CAMrE,CAAA;AAED;;GAEG;AACH,QAAA,MAAM,WAAW,uBAAwB,OAAO,qBAAqB,OAAO,OAAO,MAAM,OAAO,GAAG,OAAO,MAAM,KAAG,QAAQ,OAAO,CAoBjI,CAAA;AAED;;GAEG;AACH,QAAA,MAAM,kBAAkB,gBAAuB,MAAM,OAAO,GAAG,KAAG,QAAQ,MAAM,CAM/E,CAAA;AAED;;GAEG;AACH,QAAA,MAAM,mBAAmB,cAAqB,OAAO,eAAe,MAAM,OAAO,GAAG,OAAO,GAAG,KAAG,QAAQ,OAAO,CAU/G,CAAA;AAED,OAAO,EAAE,WAAW,EAAE,WAAW,EAAE,WAAW,EAAE,kBAAkB,EAAE,mBAAmB,EAAE,SAAS,EAAE,SAAS,EAAE,CAAA"} \ No newline at end of file