@astrox/identity 0.0.24 → 0.0.30

package/lib/cjs/buffer.d.ts

@@ -0,0 +1,10 @@
+/**
+ * Return an array buffer from its hexadecimal representation.
+ * @param hexString The hexadecimal string.
+ */
+export declare function fromHexString(hexString: string): ArrayBuffer;
+/**
+ * Returns an hexadecimal representation of an array buffer.
+ * @param bytes The array buffer.
+ */
+export declare function toHexString(bytes: ArrayBuffer): string;

package/lib/cjs/buffer.js

@@ -0,0 +1,21 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.toHexString = exports.fromHexString = void 0;
+/**
+ * Return an array buffer from its hexadecimal representation.
+ * @param hexString The hexadecimal string.
+ */
+function fromHexString(hexString) {
+    var _a;
+    return new Uint8Array(((_a = hexString.match(/.{1,2}/g)) !== null && _a !== void 0 ? _a : []).map(byte => parseInt(byte, 16))).buffer;
+}
+exports.fromHexString = fromHexString;
+/**
+ * Returns an hexadecimal representation of an array buffer.
+ * @param bytes The array buffer.
+ */
+function toHexString(bytes) {
+    return new Uint8Array(bytes).reduce((str, byte) => str + byte.toString(16).padStart(2, '0'), '');
+}
+exports.toHexString = toHexString;
+//# sourceMappingURL=buffer.js.map

package/lib/cjs/buffer.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"buffer.js","sourceRoot":"","sources":["../../src/buffer.ts"],"names":[],"mappings":";;;AAAA;;;GAGG;AACH,SAAgB,aAAa,CAAC,SAAiB;;IAC7C,OAAO,IAAI,UAAU,CAAC,CAAC,MAAA,SAAS,CAAC,KAAK,CAAC,SAAS,CAAC,mCAAI,EAAE,CAAC,CAAC,GAAG,CAAC,IAAI,CAAC,EAAE,CAAC,QAAQ,CAAC,IAAI,EAAE,EAAE,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC;AACnG,CAAC;AAFD,sCAEC;AAED;;;GAGG;AACH,SAAgB,WAAW,CAAC,KAAkB;IAC5C,OAAO,IAAI,UAAU,CAAC,KAAK,CAAC,CAAC,MAAM,CAAC,CAAC,GAAG,EAAE,IAAI,EAAE,EAAE,CAAC,GAAG,GAAG,IAAI,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC,EAAE,GAAG,CAAC,EAAE,EAAE,CAAC,CAAC;AACnG,CAAC;AAFD,kCAEC"}

package/lib/cjs/identity/delegation.d.ts

@@ -0,0 +1,131 @@
+import { DerEncodedPublicKey, HttpAgentRequest, PublicKey, Signature, SignIdentity } from '@astrox/agent';
+import { Principal } from '@astrox/principal';
+import * as cbor from 'simple-cbor';
+/**
+ * A single delegation object that is signed by a private key. This is constructed by
+ * `DelegationChain.create()`.
+ *
+ * {@see DelegationChain}
+ */
+export declare class Delegation {
+    readonly pubkey: ArrayBuffer;
+    readonly expiration: bigint;
+    readonly targets?: Principal[] | undefined;
+    constructor(pubkey: ArrayBuffer, expiration: bigint, targets?: Principal[] | undefined);
+    toCBOR(): cbor.CborValue;
+    toJSON(): JsonnableDelegation;
+}
+/**
+ * Type of ReturnType<Delegation.toJSON>.
+ * The goal here is to stringify all non-JSON-compatible types to some bytes representation we can
+ * stringify as hex.
+ * (Hex shouldn't be ambiguous ever, because you can encode as DER with semantic OIDs).
+ */
+interface JsonnableDelegation {
+    expiration: string;
+    pubkey: string;
+    targets?: string[];
+}
+/**
+ * A signed delegation, which lends its identity to the public key in the delegation
+ * object. This is constructed by `DelegationChain.create()`.
+ *
+ * {@see DelegationChain}
+ */
+export interface SignedDelegation {
+    delegation: Delegation;
+    signature: Signature;
+}
+export interface JsonnableDelegationChain {
+    publicKey: string;
+    delegations: Array<{
+        signature: string;
+        delegation: {
+            pubkey: string;
+            expiration: string;
+            targets?: string[];
+        };
+    }>;
+}
+/**
+ * A chain of delegations. This is JSON Serializable.
+ * This is the object to serialize and pass to a DelegationIdentity. It does not keep any
+ * private keys.
+ */
+export declare class DelegationChain {
+    readonly delegations: SignedDelegation[];
+    readonly publicKey: DerEncodedPublicKey;
+    /**
+     * Create a delegation chain between two (or more) keys. By default, the expiration time
+     * will be very short (15 minutes).
+     *
+     * To build a chain of more than 2 identities, this function needs to be called multiple times,
+     * passing the previous delegation chain into the options argument. For example:
+     *
+     * @example
+     * const rootKey = createKey();
+     * const middleKey = createKey();
+     * const bottomeKey = createKey();
+     *
+     * const rootToMiddle = await DelegationChain.create(
+     *   root, middle.getPublicKey(), Date.parse('2100-01-01'),
+     * );
+     * const middleToBottom = await DelegationChain.create(
+     *   middle, bottom.getPublicKey(), Date.parse('2100-01-01'), { previous: rootToMiddle },
+     * );
+     *
+     * // We can now use a delegation identity that uses the delegation above:
+     * const identity = DelegationIdentity.fromDelegation(bottomKey, middleToBottom);
+     *
+     * @param from The identity that will delegate.
+     * @param to The identity that gets delegated. It can now sign messages as if it was the
+     *           identity above.
+     * @param expiration The length the delegation is valid. By default, 15 minutes from calling
+     *                   this function.
+     * @param options A set of options for this delegation. expiration and previous
+     * @param options.previous - Another DelegationChain that this chain should start with.
+     * @param options.targets - targets that scope the delegation (e.g. Canister Principals)
+     */
+    static create(from: SignIdentity, to: PublicKey, expiration?: Date, options?: {
+        previous?: DelegationChain;
+        targets?: Principal[];
+    }): Promise<DelegationChain>;
+    /**
+     * Creates a DelegationChain object from a JSON string.
+     *
+     * @param json The JSON string to parse.
+     */
+    static fromJSON(json: string | JsonnableDelegationChain): DelegationChain;
+    /**
+     * Creates a DelegationChain object from a list of delegations and a DER-encoded public key.
+     *
+     * @param delegations The list of delegations.
+     * @param publicKey The DER-encoded public key of the key-pair signing the first delegation.
+     */
+    static fromDelegations(delegations: SignedDelegation[], publicKey: DerEncodedPublicKey): DelegationChain;
+    protected constructor(delegations: SignedDelegation[], publicKey: DerEncodedPublicKey);
+    toJSON(): JsonnableDelegationChain;
+}
+/**
+ * An Identity that adds delegation to a request. Everywhere in this class, the name
+ * innerKey refers to the SignIdentity that is being used to sign the requests, while
+ * originalKey is the identity that is being borrowed. More identities can be used
+ * in the middle to delegate.
+ */
+export declare class DelegationIdentity extends SignIdentity {
+    private _inner;
+    private _delegation;
+    /**
+     * Create a delegation without having access to delegateKey.
+     *
+     * @param key The key used to sign the reqyests.
+     * @param delegation A delegation object created using `createDelegation`.
+     */
+    static fromDelegation(key: Pick<SignIdentity, 'sign'>, delegation: DelegationChain): DelegationIdentity;
+    protected constructor(_inner: Pick<SignIdentity, 'sign'>, _delegation: DelegationChain);
+    getDelegation(): DelegationChain;
+    getPublicKey(): PublicKey;
+    sign(blob: ArrayBuffer): Promise<Signature>;
+    transformRequest(request: HttpAgentRequest): Promise<unknown>;
+}
+export {};

package/lib/cjs/identity/delegation.js

@@ -0,0 +1,244 @@
+"use strict";
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    Object.defineProperty(o, k2, { enumerable: true, get: function() { return m[k]; } });
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
+    Object.defineProperty(o, "default", { enumerable: true, value: v });
+}) : function(o, v) {
+    o["default"] = v;
+});
+var __importStar = (this && this.__importStar) || function (mod) {
+    if (mod && mod.__esModule) return mod;
+    var result = {};
+    if (mod != null) for (var k in mod) if (k !== "default" && Object.prototype.hasOwnProperty.call(mod, k)) __createBinding(result, mod, k);
+    __setModuleDefault(result, mod);
+    return result;
+};
+var __rest = (this && this.__rest) || function (s, e) {
+    var t = {};
+    for (var p in s) if (Object.prototype.hasOwnProperty.call(s, p) && e.indexOf(p) < 0)
+        t[p] = s[p];
+    if (s != null && typeof Object.getOwnPropertySymbols === "function")
+        for (var i = 0, p = Object.getOwnPropertySymbols(s); i < p.length; i++) {
+            if (e.indexOf(p[i]) < 0 && Object.prototype.propertyIsEnumerable.call(s, p[i]))
+                t[p[i]] = s[p[i]];
+        }
+    return t;
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.DelegationIdentity = exports.DelegationChain = exports.Delegation = void 0;
+const agent_1 = require("@astrox/agent");
+const principal_1 = require("@astrox/principal");
+const cbor = __importStar(require("simple-cbor"));
+const buffer_1 = require("../buffer");
+const domainSeparator = new TextEncoder().encode('\x1Aic-request-auth-delegation');
+const requestDomainSeparator = new TextEncoder().encode('\x0Aic-request');
+function _parseBlob(value) {
+    if (typeof value !== 'string' || value.length < 64) {
+        throw new Error('Invalid public key.');
+    }
+    return buffer_1.fromHexString(value);
+}
+/**
+ * A single delegation object that is signed by a private key. This is constructed by
+ * `DelegationChain.create()`.
+ *
+ * {@see DelegationChain}
+ */
+class Delegation {
+    constructor(pubkey, expiration, targets) {
+        this.pubkey = pubkey;
+        this.expiration = expiration;
+        this.targets = targets;
+    }
+    toCBOR() {
+        // Expiration field needs to be encoded as a u64 specifically.
+        return cbor.value.map(Object.assign({ pubkey: cbor.value.bytes(this.pubkey), expiration: cbor.value.u64(this.expiration.toString(16), 16) }, (this.targets && {
+            targets: cbor.value.array(this.targets.map(t => cbor.value.bytes(t.toUint8Array()))),
+        })));
+    }
+    toJSON() {
+        // every string should be hex and once-de-hexed,
+        // discoverable what it is (e.g. de-hex to get JSON with a 'type' property, or de-hex to DER
+        // with an OID). After de-hex, if it's not obvious what it is, it's an ArrayBuffer.
+        return Object.assign({ expiration: this.expiration.toString(16), pubkey: buffer_1.toHexString(this.pubkey) }, (this.targets && { targets: this.targets.map(p => p.toHex()) }));
+    }
+}
+exports.Delegation = Delegation;
+/**
+ * Sign a single delegation object for a period of time.
+ *
+ * @param from The identity that lends its delegation.
+ * @param to The identity that receives the delegation.
+ * @param expiration An expiration date for this delegation.
+ * @param targets Limit this delegation to the target principals.
+ */
+async function _createSingleDelegation(from, to, expiration, targets) {
+    const delegation = new Delegation(to.toDer(), BigInt(+expiration) * BigInt(1000000), // In nanoseconds.
+    targets);
+    // The signature is calculated by signing the concatenation of the domain separator
+    // and the message.
+    // Note: To ensure Safari treats this as a user gesture, ensure to not use async methods
+    // besides the actualy webauthn functionality (such as `sign`). Safari will de-register
+    // a user gesture if you await an async call thats not fetch, xhr, or setTimeout.
+    const challenge = new Uint8Array([
+        ...domainSeparator,
+        ...new Uint8Array(agent_1.requestIdOf(delegation)),
+    ]);
+    const signature = await from.sign(challenge);
+    return {
+        delegation,
+        signature,
+    };
+}
+/**
+ * A chain of delegations. This is JSON Serializable.
+ * This is the object to serialize and pass to a DelegationIdentity. It does not keep any
+ * private keys.
+ */
+class DelegationChain {
+    constructor(delegations, publicKey) {
+        this.delegations = delegations;
+        this.publicKey = publicKey;
+    }
+    /**
+     * Create a delegation chain between two (or more) keys. By default, the expiration time
+     * will be very short (15 minutes).
+     *
+     * To build a chain of more than 2 identities, this function needs to be called multiple times,
+     * passing the previous delegation chain into the options argument. For example:
+     *
+     * @example
+     * const rootKey = createKey();
+     * const middleKey = createKey();
+     * const bottomeKey = createKey();
+     *
+     * const rootToMiddle = await DelegationChain.create(
+     *   root, middle.getPublicKey(), Date.parse('2100-01-01'),
+     * );
+     * const middleToBottom = await DelegationChain.create(
+     *   middle, bottom.getPublicKey(), Date.parse('2100-01-01'), { previous: rootToMiddle },
+     * );
+     *
+     * // We can now use a delegation identity that uses the delegation above:
+     * const identity = DelegationIdentity.fromDelegation(bottomKey, middleToBottom);
+     *
+     * @param from The identity that will delegate.
+     * @param to The identity that gets delegated. It can now sign messages as if it was the
+     *           identity above.
+     * @param expiration The length the delegation is valid. By default, 15 minutes from calling
+     *                   this function.
+     * @param options A set of options for this delegation. expiration and previous
+     * @param options.previous - Another DelegationChain that this chain should start with.
+     * @param options.targets - targets that scope the delegation (e.g. Canister Principals)
+     */
+    static async create(from, to, expiration = new Date(Date.now() + 15 * 60 * 1000), options = {}) {
+        var _a, _b;
+        const delegation = await _createSingleDelegation(from, to, expiration, options.targets);
+        return new DelegationChain([...(((_a = options.previous) === null || _a === void 0 ? void 0 : _a.delegations) || []), delegation], ((_b = options.previous) === null || _b === void 0 ? void 0 : _b.publicKey) || from.getPublicKey().toDer());
+    }
+    /**
+     * Creates a DelegationChain object from a JSON string.
+     *
+     * @param json The JSON string to parse.
+     */
+    static fromJSON(json) {
+        const { publicKey, delegations } = typeof json === 'string' ? JSON.parse(json) : json;
+        if (!Array.isArray(delegations)) {
+            throw new Error('Invalid delegations.');
+        }
+        const parsedDelegations = delegations.map(signedDelegation => {
+            const { delegation, signature } = signedDelegation;
+            const { pubkey, expiration, targets } = delegation;
+            if (targets !== undefined && !Array.isArray(targets)) {
+                throw new Error('Invalid targets.');
+            }
+            return {
+                delegation: new Delegation(_parseBlob(pubkey), BigInt(`0x${expiration}`), // expiration in JSON is an hexa string (See toJSON() below).
+                targets &&
+                    targets.map((t) => {
+                        if (typeof t !== 'string') {
+                            throw new Error('Invalid target.');
+                        }
+                        return principal_1.Principal.fromHex(t);
+                    })),
+                signature: _parseBlob(signature),
+            };
+        });
+        return new this(parsedDelegations, _parseBlob(publicKey));
+    }
+    /**
+     * Creates a DelegationChain object from a list of delegations and a DER-encoded public key.
+     *
+     * @param delegations The list of delegations.
+     * @param publicKey The DER-encoded public key of the key-pair signing the first delegation.
+     */
+    static fromDelegations(delegations, publicKey) {
+        return new this(delegations, publicKey);
+    }
+    toJSON() {
+        return {
+            delegations: this.delegations.map(signedDelegation => {
+                const { delegation, signature } = signedDelegation;
+                const { targets } = delegation;
+                return {
+                    delegation: Object.assign({ expiration: delegation.expiration.toString(16), pubkey: buffer_1.toHexString(delegation.pubkey) }, (targets && {
+                        targets: targets.map(t => t.toHex()),
+                    })),
+                    signature: buffer_1.toHexString(signature),
+                };
+            }),
+            publicKey: buffer_1.toHexString(this.publicKey),
+        };
+    }
+}
+exports.DelegationChain = DelegationChain;
+/**
+ * An Identity that adds delegation to a request. Everywhere in this class, the name
+ * innerKey refers to the SignIdentity that is being used to sign the requests, while
+ * originalKey is the identity that is being borrowed. More identities can be used
+ * in the middle to delegate.
+ */
+class DelegationIdentity extends agent_1.SignIdentity {
+    constructor(_inner, _delegation) {
+        super();
+        this._inner = _inner;
+        this._delegation = _delegation;
+    }
+    /**
+     * Create a delegation without having access to delegateKey.
+     *
+     * @param key The key used to sign the reqyests.
+     * @param delegation A delegation object created using `createDelegation`.
+     */
+    static fromDelegation(key, delegation) {
+        return new this(key, delegation);
+    }
+    getDelegation() {
+        return this._delegation;
+    }
+    getPublicKey() {
+        return {
+            toDer: () => this._delegation.publicKey,
+        };
+    }
+    sign(blob) {
+        return this._inner.sign(blob);
+    }
+    async transformRequest(request) {
+        const { body } = request, fields = __rest(request, ["body"]);
+        const requestId = await agent_1.requestIdOf(body);
+        return Object.assign(Object.assign({}, fields), { body: {
+                content: body,
+                sender_sig: await this.sign(new Uint8Array([...requestDomainSeparator, ...new Uint8Array(requestId)])),
+                sender_delegation: this._delegation.delegations,
+                sender_pubkey: this._delegation.publicKey,
+            } });
+    }
+}
+exports.DelegationIdentity = DelegationIdentity;
+//# sourceMappingURL=delegation.js.map

package/lib/cjs/identity/delegation.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"delegation.js","sourceRoot":"","sources":["../../../src/identity/delegation.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAAA,yCAOuB;AACvB,iDAA8C;AAC9C,kDAAoC;AACpC,sCAAuD;AAEvD,MAAM,eAAe,GAAG,IAAI,WAAW,EAAE,CAAC,MAAM,CAAC,gCAAgC,CAAC,CAAC;AACnF,MAAM,sBAAsB,GAAG,IAAI,WAAW,EAAE,CAAC,MAAM,CAAC,gBAAgB,CAAC,CAAC;AAE1E,SAAS,UAAU,CAAC,KAAc;IAChC,IAAI,OAAO,KAAK,KAAK,QAAQ,IAAI,KAAK,CAAC,MAAM,GAAG,EAAE,EAAE;QAClD,MAAM,IAAI,KAAK,CAAC,qBAAqB,CAAC,CAAC;KACxC;IAED,OAAO,sBAAa,CAAC,KAAK,CAAC,CAAC;AAC9B,CAAC;AAED;;;;;GAKG;AACH,MAAa,UAAU;IACrB,YACkB,MAAmB,EACnB,UAAkB,EAClB,OAAqB;QAFrB,WAAM,GAAN,MAAM,CAAa;QACnB,eAAU,GAAV,UAAU,CAAQ;QAClB,YAAO,GAAP,OAAO,CAAc;IACpC,CAAC;IAEG,MAAM;QACX,8DAA8D;QAC9D,OAAO,IAAI,CAAC,KAAK,CAAC,GAAG,iBACnB,MAAM,EAAE,IAAI,CAAC,KAAK,CAAC,KAAK,CAAC,IAAI,CAAC,MAAM,CAAC,EACrC,UAAU,EAAE,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,IAAI,CAAC,UAAU,CAAC,QAAQ,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC,IACzD,CAAC,IAAI,CAAC,OAAO,IAAI;YAClB,OAAO,EAAE,IAAI,CAAC,KAAK,CAAC,KAAK,CAAC,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,IAAI,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC,CAAC,YAAY,EAAE,CAAC,CAAC,CAAC;SACrF,CAAC,EACF,CAAC;IACL,CAAC;IAEM,MAAM;QACX,gDAAgD;QAChD,4FAA4F;QAC5F,mFAAmF;QACnF,uBACE,UAAU,EAAE,IAAI,CAAC,UAAU,CAAC,QAAQ,CAAC,EAAE,CAAC,EACxC,MAAM,EAAE,oBAAW,CAAC,IAAI,CAAC,MAAM,CAAC,IAC7B,CAAC,IAAI,CAAC,OAAO,IAAI,EAAE,OAAO,EAAE,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,KAAK,EAAE,CAAC,EAAE,CAAC,EAClE;IACJ,CAAC;CACF;AA5BD,gCA4BC;AA4BD;;;;;;;GAOG;AACH,KAAK,UAAU,uBAAuB,CACpC,IAAkB,EAClB,EAAa,EACb,UAAgB,EAChB,OAAqB;IAErB,MAAM,UAAU,GAAe,IAAI,UAAU,CAC3C,EAAE,CAAC,KAAK,EAAE,EACV,MAAM,CAAC,CAAC,UAAU,CAAC,GAAG,MAAM,CAAC,OAAO,CAAC,EAAE,kBAAkB;IACzD,OAAO,CACR,CAAC;IACF,mFAAmF;IACnF,mBAAmB;IACnB,wFAAwF;IACxF,uFAAuF;IACvF,iFAAiF;IACjF,MAAM,SAAS,GAAG,IAAI,UAAU,CAAC;QAC/B,GAAG,eAAe;QAClB,GAAG,IAAI,UAAU,CAAC,mBAAW,CAAC,UAAU,CAAC,CAAC;KAC3C,CAAC,CAAC;IACH,MAAM,SAAS,GAAG,MAAM,IAAI,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC;IAE7C,OAAO;QACL,UAAU;QACV,SAAS;KACV,CAAC;AACJ,CAAC;AAcD;;;;GAIG;AACH,MAAa,eAAe;IAkG1B,YACkB,WAA+B,EAC/B,SAA8B;QAD9B,gBAAW,GAAX,WAAW,CAAoB;QAC/B,cAAS,GAAT,SAAS,CAAqB;IAC7C,CAAC;IApGJ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;OA8BG;IACI,MAAM,CAAC,KAAK,CAAC,MAAM,CACxB,IAAkB,EAClB,EAAa,EACb,aAAmB,IAAI,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,IAAI,CAAC,EACxD,UAGI,EAAE;;QAEN,MAAM,UAAU,GAAG,MAAM,uBAAuB,CAAC,IAAI,EAAE,EAAE,EAAE,UAAU,EAAE,OAAO,CAAC,OAAO,CAAC,CAAC;QACxF,OAAO,IAAI,eAAe,CACxB,CAAC,GAAG,CAAC,CAAA,MAAA,OAAO,CAAC,QAAQ,0CAAE,WAAW,KAAI,EAAE,CAAC,EAAE,UAAU,CAAC,EACtD,CAAA,MAAA,OAAO,CAAC,QAAQ,0CAAE,SAAS,KAAI,IAAI,CAAC,YAAY,EAAE,CAAC,KAAK,EAAE,CAC3D,CAAC;IACJ,CAAC;IAED;;;;OAIG;IACI,MAAM,CAAC,QAAQ,CAAC,IAAuC;QAC5D,MAAM,EAAE,SAAS,EAAE,WAAW,EAAE,GAAG,OAAO,IAAI,KAAK,QAAQ,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC;QACtF,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,WAAW,CAAC,EAAE;YAC/B,MAAM,IAAI,KAAK,CAAC,sBAAsB,CAAC,CAAC;SACzC;QAED,MAAM,iBAAiB,GAAuB,WAAW,CAAC,GAAG,CAAC,gBAAgB,CAAC,EAAE;YAC/E,MAAM,EAAE,UAAU,EAAE,SAAS,EAAE,GAAG,gBAAgB,CAAC;YACnD,MAAM,EAAE,MAAM,EAAE,UAAU,EAAE,OAAO,EAAE,GAAG,UAAU,CAAC;YACnD,IAAI,OAAO,KAAK,SAAS,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,OAAO,CAAC,EAAE;gBACpD,MAAM,IAAI,KAAK,CAAC,kBAAkB,CAAC,CAAC;aACrC;YAED,OAAO;gBACL,UAAU,EAAE,IAAI,UAAU,CACxB,UAAU,CAAC,MAAM,CAAC,EAClB,MAAM,CAAC,KAAK,UAAU,EAAE,CAAC,EAAE,6DAA6D;gBACxF,OAAO;oBACL,OAAO,CAAC,GAAG,CAAC,CAAC,CAAU,EAAE,EAAE;wBACzB,IAAI,OAAO,CAAC,KAAK,QAAQ,EAAE;4BACzB,MAAM,IAAI,KAAK,CAAC,iBAAiB,CAAC,CAAC;yBACpC;wBACD,OAAO,qBAAS,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC;oBAC9B,CAAC,CAAC,CACL;gBACD,SAAS,EAAE,UAAU,CAAC,SAAS,CAAc;aAC9C,CAAC;QACJ,CAAC,CAAC,CAAC;QAEH,OAAO,IAAI,IAAI,CAAC,iBAAiB,EAAE,UAAU,CAAC,SAAS,CAAwB,CAAC,CAAC;IACnF,CAAC;IAED;;;;;OAKG;IACI,MAAM,CAAC,eAAe,CAC3B,WAA+B,EAC/B,SAA8B;QAE9B,OAAO,IAAI,IAAI,CAAC,WAAW,EAAE,SAAS,CAAC,CAAC;IAC1C,CAAC;IAOM,MAAM;QACX,OAAO;YACL,WAAW,EAAE,IAAI,CAAC,WAAW,CAAC,GAAG,CAAC,gBAAgB,CAAC,EAAE;gBACnD,MAAM,EAAE,UAAU,EAAE,SAAS,EAAE,GAAG,gBAAgB,CAAC;gBACnD,MAAM,EAAE,OAAO,EAAE,GAAG,UAAU,CAAC;gBAC/B,OAAO;oBACL,UAAU,kBACR,UAAU,EAAE,UAAU,CAAC,UAAU,CAAC,QAAQ,CAAC,EAAE,CAAC,EAC9C,MAAM,EAAE,oBAAW,CAAC,UAAU,CAAC,MAAM,CAAC,IACnC,CAAC,OAAO,IAAI;wBACb,OAAO,EAAE,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,KAAK,EAAE,CAAC;qBACrC,CAAC,CACH;oBACD,SAAS,EAAE,oBAAW,CAAC,SAAS,CAAC;iBAClC,CAAC;YACJ,CAAC,CAAC;YACF,SAAS,EAAE,oBAAW,CAAC,IAAI,CAAC,SAAS,CAAC;SACvC,CAAC;IACJ,CAAC;CACF;AA1HD,0CA0HC;AAED;;;;;GAKG;AACH,MAAa,kBAAmB,SAAQ,oBAAY;IAclD,YACU,MAAkC,EAClC,WAA4B;QAEpC,KAAK,EAAE,CAAC;QAHA,WAAM,GAAN,MAAM,CAA4B;QAClC,gBAAW,GAAX,WAAW,CAAiB;IAGtC,CAAC;IAlBD;;;;;OAKG;IACI,MAAM,CAAC,cAAc,CAC1B,GAA+B,EAC/B,UAA2B;QAE3B,OAAO,IAAI,IAAI,CAAC,GAAG,EAAE,UAAU,CAAC,CAAC;IACnC,CAAC;IASM,aAAa;QAClB,OAAO,IAAI,CAAC,WAAW,CAAC;IAC1B,CAAC;IAEM,YAAY;QACjB,OAAO;YACL,KAAK,EAAE,GAAG,EAAE,CAAC,IAAI,CAAC,WAAW,CAAC,SAAS;SACxC,CAAC;IACJ,CAAC;IACM,IAAI,CAAC,IAAiB;QAC3B,OAAO,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;IAChC,CAAC;IAEM,KAAK,CAAC,gBAAgB,CAAC,OAAyB;QACrD,MAAM,EAAE,IAAI,KAAgB,OAAO,EAAlB,MAAM,UAAK,OAAO,EAA7B,QAAmB,CAAU,CAAC;QACpC,MAAM,SAAS,GAAG,MAAM,mBAAW,CAAC,IAAI,CAAC,CAAC;QAC1C,uCACK,MAAM,KACT,IAAI,EAAE;gBACJ,OAAO,EAAE,IAAI;gBACb,UAAU,EAAE,MAAM,IAAI,CAAC,IAAI,CACzB,IAAI,UAAU,CAAC,CAAC,GAAG,sBAAsB,EAAE,GAAG,IAAI,UAAU,CAAC,SAAS,CAAC,CAAC,CAAC,CAC1E;gBACD,iBAAiB,EAAE,IAAI,CAAC,WAAW,CAAC,WAAW;gBAC/C,aAAa,EAAE,IAAI,CAAC,WAAW,CAAC,SAAS;aAC1C,IACD;IACJ,CAAC;CACF;AAjDD,gDAiDC"}

package/lib/cjs/identity/der.d.ts

@@ -0,0 +1,35 @@
+export declare const bufEquals: (b1: ArrayBuffer, b2: ArrayBuffer) => boolean;
+export declare const encodeLenBytes: (len: number) => number;
+export declare const encodeLen: (buf: Uint8Array, offset: number, len: number) => number;
+export declare const decodeLenBytes: (buf: Uint8Array, offset: number) => number;
+export declare const decodeLen: (buf: Uint8Array, offset: number) => number;
+/**
+ * A DER encoded `SEQUENCE(OID)` for DER-encoded-COSE
+ */
+export declare const DER_COSE_OID: Uint8Array;
+/**
+ * A DER encoded `SEQUENCE(OID)` for the Ed25519 algorithm
+ */
+export declare const ED25519_OID: Uint8Array;
+/**
+ * A DER encoded `SEQUENCE(OID)` for secp256k1 with the ECDSA algorithm
+ */
+export declare const SECP256K1_OID: Uint8Array;
+/**
+ * Wraps the given `payload` in a DER encoding tagged with the given encoded `oid` like so:
+ * `SEQUENCE(oid, BITSTRING(payload))`
+ *
+ * @param payload The payload to encode as the bit string
+ * @param oid The DER encoded (and SEQUENCE wrapped!) OID to tag the payload with
+ */
+export declare function wrapDER(payload: ArrayBuffer, oid: Uint8Array): Uint8Array;
+/**
+ * Extracts a payload from the given `derEncoded` data, and checks that it was tagged with the given `oid`.
+ *
+ * `derEncoded = SEQUENCE(oid, BITSTRING(payload))`
+ *
+ * @param derEncoded The DER encoded and tagged data
+ * @param oid The DER encoded (and SEQUENCE wrapped!) expected OID
+ * @returns The unwrapped payload
+ */
+export declare const unwrapDER: (derEncoded: ArrayBuffer, oid: Uint8Array) => Uint8Array;

package/lib/cjs/identity/der.js

@@ -0,0 +1,178 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.unwrapDER = exports.wrapDER = exports.SECP256K1_OID = exports.ED25519_OID = exports.DER_COSE_OID = exports.decodeLen = exports.decodeLenBytes = exports.encodeLen = exports.encodeLenBytes = exports.bufEquals = void 0;
+const bufEquals = (b1, b2) => {
+    if (b1.byteLength !== b2.byteLength)
+        return false;
+    const u1 = new Uint8Array(b1);
+    const u2 = new Uint8Array(b2);
+    for (let i = 0; i < u1.length; i++) {
+        if (u1[i] !== u2[i])
+            return false;
+    }
+    return true;
+};
+exports.bufEquals = bufEquals;
+const encodeLenBytes = (len) => {
+    if (len <= 0x7f) {
+        return 1;
+    }
+    else if (len <= 0xff) {
+        return 2;
+    }
+    else if (len <= 0xffff) {
+        return 3;
+    }
+    else if (len <= 0xffffff) {
+        return 4;
+    }
+    else {
+        throw new Error('Length too long (> 4 bytes)');
+    }
+};
+exports.encodeLenBytes = encodeLenBytes;
+const encodeLen = (buf, offset, len) => {
+    if (len <= 0x7f) {
+        buf[offset] = len;
+        return 1;
+    }
+    else if (len <= 0xff) {
+        buf[offset] = 0x81;
+        buf[offset + 1] = len;
+        return 2;
+    }
+    else if (len <= 0xffff) {
+        buf[offset] = 0x82;
+        buf[offset + 1] = len >> 8;
+        buf[offset + 2] = len;
+        return 3;
+    }
+    else if (len <= 0xffffff) {
+        buf[offset] = 0x83;
+        buf[offset + 1] = len >> 16;
+        buf[offset + 2] = len >> 8;
+        buf[offset + 3] = len;
+        return 4;
+    }
+    else {
+        throw new Error('Length too long (> 4 bytes)');
+    }
+};
+exports.encodeLen = encodeLen;
+const decodeLenBytes = (buf, offset) => {
+    if (buf[offset] < 0x80)
+        return 1;
+    if (buf[offset] === 0x80)
+        throw new Error('Invalid length 0');
+    if (buf[offset] === 0x81)
+        return 2;
+    if (buf[offset] === 0x82)
+        return 3;
+    if (buf[offset] === 0x83)
+        return 4;
+    throw new Error('Length too long (> 4 bytes)');
+};
+exports.decodeLenBytes = decodeLenBytes;
+const decodeLen = (buf, offset) => {
+    const lenBytes = exports.decodeLenBytes(buf, offset);
+    if (lenBytes === 1)
+        return buf[offset];
+    else if (lenBytes === 2)
+        return buf[offset + 1];
+    else if (lenBytes === 3)
+        return (buf[offset + 1] << 8) + buf[offset + 2];
+    else if (lenBytes === 4)
+        return (buf[offset + 1] << 16) + (buf[offset + 2] << 8) + buf[offset + 3];
+    throw new Error('Length too long (> 4 bytes)');
+};
+exports.decodeLen = decodeLen;
+/**
+ * A DER encoded `SEQUENCE(OID)` for DER-encoded-COSE
+ */
+exports.DER_COSE_OID = Uint8Array.from([
+    ...[0x30, 0x0c],
+    ...[0x06, 0x0a],
+    ...[0x2b, 0x06, 0x01, 0x04, 0x01, 0x83, 0xb8, 0x43, 0x01, 0x01], // DER encoded COSE
+]);
+/**
+ * A DER encoded `SEQUENCE(OID)` for the Ed25519 algorithm
+ */
+exports.ED25519_OID = Uint8Array.from([
+    ...[0x30, 0x05],
+    ...[0x06, 0x03],
+    ...[0x2b, 0x65, 0x70], // id-Ed25519 OID
+]);
+/**
+ * A DER encoded `SEQUENCE(OID)` for secp256k1 with the ECDSA algorithm
+ */
+exports.SECP256K1_OID = Uint8Array.from([
+    ...[0x30, 0x10],
+    ...[0x06, 0x07],
+    ...[0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02, 0x01],
+    ...[0x06, 0x05],
+    ...[0x2b, 0x81, 0x04, 0x00, 0x0a], // OID secp256k1
+]);
+/**
+ * Wraps the given `payload` in a DER encoding tagged with the given encoded `oid` like so:
+ * `SEQUENCE(oid, BITSTRING(payload))`
+ *
+ * @param payload The payload to encode as the bit string
+ * @param oid The DER encoded (and SEQUENCE wrapped!) OID to tag the payload with
+ */
+function wrapDER(payload, oid) {
+    // The Bit String header needs to include the unused bit count byte in its length
+    const bitStringHeaderLength = 2 + exports.encodeLenBytes(payload.byteLength + 1);
+    const len = oid.byteLength + bitStringHeaderLength + payload.byteLength;
+    let offset = 0;
+    const buf = new Uint8Array(1 + exports.encodeLenBytes(len) + len);
+    // Sequence
+    buf[offset++] = 0x30;
+    // Sequence Length
+    offset += exports.encodeLen(buf, offset, len);
+    // OID
+    buf.set(oid, offset);
+    offset += oid.byteLength;
+    // Bit String Header
+    buf[offset++] = 0x03;
+    offset += exports.encodeLen(buf, offset, payload.byteLength + 1);
+    // 0 padding
+    buf[offset++] = 0x00;
+    buf.set(new Uint8Array(payload), offset);
+    return buf;
+}
+exports.wrapDER = wrapDER;
+/**
+ * Extracts a payload from the given `derEncoded` data, and checks that it was tagged with the given `oid`.
+ *
+ * `derEncoded = SEQUENCE(oid, BITSTRING(payload))`
+ *
+ * @param derEncoded The DER encoded and tagged data
+ * @param oid The DER encoded (and SEQUENCE wrapped!) expected OID
+ * @returns The unwrapped payload
+ */
+const unwrapDER = (derEncoded, oid) => {
+    let offset = 0;
+    const expect = (n, msg) => {
+        if (buf[offset++] !== n) {
+            throw new Error('Expected: ' + msg);
+        }
+    };
+    const buf = new Uint8Array(derEncoded);
+    expect(0x30, 'sequence');
+    offset += exports.decodeLenBytes(buf, offset);
+    if (!exports.bufEquals(buf.slice(offset, offset + oid.byteLength), oid)) {
+        throw new Error('Not the expected OID.');
+    }
+    offset += oid.byteLength;
+    expect(0x03, 'bit string');
+    const payloadLen = exports.decodeLen(buf, offset) - 1; // Subtracting 1 to account for the 0 padding
+    offset += exports.decodeLenBytes(buf, offset);
+    expect(0x00, '0 padding');
+    const result = buf.slice(offset);
+    if (payloadLen !== result.length) {
+        throw new Error(`DER payload mismatch: Expected length ${payloadLen} actual length ${result.length}`);
+    }
+    return result;
+};
+exports.unwrapDER = unwrapDER;
+//# sourceMappingURL=der.js.map

package/lib/cjs/identity/der.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"der.js","sourceRoot":"","sources":["../../../src/identity/der.ts"],"names":[],"mappings":";;;AAAO,MAAM,SAAS,GAAG,CAAC,EAAe,EAAE,EAAe,EAAW,EAAE;IACrE,IAAI,EAAE,CAAC,UAAU,KAAK,EAAE,CAAC,UAAU;QAAE,OAAO,KAAK,CAAC;IAClD,MAAM,EAAE,GAAG,IAAI,UAAU,CAAC,EAAE,CAAC,CAAC;IAC9B,MAAM,EAAE,GAAG,IAAI,UAAU,CAAC,EAAE,CAAC,CAAC;IAC9B,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,EAAE,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE;QAClC,IAAI,EAAE,CAAC,CAAC,CAAC,KAAK,EAAE,CAAC,CAAC,CAAC;YAAE,OAAO,KAAK,CAAC;KACnC;IACD,OAAO,IAAI,CAAC;AACd,CAAC,CAAC;AARW,QAAA,SAAS,aAQpB;AAEK,MAAM,cAAc,GAAG,CAAC,GAAW,EAAU,EAAE;IACpD,IAAI,GAAG,IAAI,IAAI,EAAE;QACf,OAAO,CAAC,CAAC;KACV;SAAM,IAAI,GAAG,IAAI,IAAI,EAAE;QACtB,OAAO,CAAC,CAAC;KACV;SAAM,IAAI,GAAG,IAAI,MAAM,EAAE;QACxB,OAAO,CAAC,CAAC;KACV;SAAM,IAAI,GAAG,IAAI,QAAQ,EAAE;QAC1B,OAAO,CAAC,CAAC;KACV;SAAM;QACL,MAAM,IAAI,KAAK,CAAC,6BAA6B,CAAC,CAAC;KAChD;AACH,CAAC,CAAC;AAZW,QAAA,cAAc,kBAYzB;AAEK,MAAM,SAAS,GAAG,CAAC,GAAe,EAAE,MAAc,EAAE,GAAW,EAAU,EAAE;IAChF,IAAI,GAAG,IAAI,IAAI,EAAE;QACf,GAAG,CAAC,MAAM,CAAC,GAAG,GAAG,CAAC;QAClB,OAAO,CAAC,CAAC;KACV;SAAM,IAAI,GAAG,IAAI,IAAI,EAAE;QACtB,GAAG,CAAC,MAAM,CAAC,GAAG,IAAI,CAAC;QACnB,GAAG,CAAC,MAAM,GAAG,CAAC,CAAC,GAAG,GAAG,CAAC;QACtB,OAAO,CAAC,CAAC;KACV;SAAM,IAAI,GAAG,IAAI,MAAM,EAAE;QACxB,GAAG,CAAC,MAAM,CAAC,GAAG,IAAI,CAAC;QACnB,GAAG,CAAC,MAAM,GAAG,CAAC,CAAC,GAAG,GAAG,IAAI,CAAC,CAAC;QAC3B,GAAG,CAAC,MAAM,GAAG,CAAC,CAAC,GAAG,GAAG,CAAC;QACtB,OAAO,CAAC,CAAC;KACV;SAAM,IAAI,GAAG,IAAI,QAAQ,EAAE;QAC1B,GAAG,CAAC,MAAM,CAAC,GAAG,IAAI,CAAC;QACnB,GAAG,CAAC,MAAM,GAAG,CAAC,CAAC,GAAG,GAAG,IAAI,EAAE,CAAC;QAC5B,GAAG,CAAC,MAAM,GAAG,CAAC,CAAC,GAAG,GAAG,IAAI,CAAC,CAAC;QAC3B,GAAG,CAAC,MAAM,GAAG,CAAC,CAAC,GAAG,GAAG,CAAC;QACtB,OAAO,CAAC,CAAC;KACV;SAAM;QACL,MAAM,IAAI,KAAK,CAAC,6BAA6B,CAAC,CAAC;KAChD;AACH,CAAC,CAAC;AAtBW,QAAA,SAAS,aAsBpB;AAEK,MAAM,cAAc,GAAG,CAAC,GAAe,EAAE,MAAc,EAAU,EAAE;IACxE,IAAI,GAAG,CAAC,MAAM,CAAC,GAAG,IAAI;QAAE,OAAO,CAAC,CAAC;IACjC,IAAI,GAAG,CAAC,MAAM,CAAC,KAAK,IAAI;QAAE,MAAM,IAAI,KAAK,CAAC,kBAAkB,CAAC,CAAC;IAC9D,IAAI,GAAG,CAAC,MAAM,CAAC,KAAK,IAAI;QAAE,OAAO,CAAC,CAAC;IACnC,IAAI,GAAG,CAAC,MAAM,CAAC,KAAK,IAAI;QAAE,OAAO,CAAC,CAAC;IACnC,IAAI,GAAG,CAAC,MAAM,CAAC,KAAK,IAAI;QAAE,OAAO,CAAC,CAAC;IACnC,MAAM,IAAI,KAAK,CAAC,6BAA6B,CAAC,CAAC;AACjD,CAAC,CAAC;AAPW,QAAA,cAAc,kBAOzB;AAEK,MAAM,SAAS,GAAG,CAAC,GAAe,EAAE,MAAc,EAAU,EAAE;IACnE,MAAM,QAAQ,GAAG,sBAAc,CAAC,GAAG,EAAE,MAAM,CAAC,CAAC;IAC7C,IAAI,QAAQ,KAAK,CAAC;QAAE,OAAO,GAAG,CAAC,MAAM,CAAC,CAAC;SAClC,IAAI,QAAQ,KAAK,CAAC;QAAE,OAAO,GAAG,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC;SAC3C,IAAI,QAAQ,KAAK,CAAC;QAAE,OAAO,CAAC,GAAG,CAAC,MAAM,GAAG,CAAC,CAAC,IAAI,CAAC,CAAC,GAAG,GAAG,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC;SACpE,IAAI,QAAQ,KAAK,CAAC;QACrB,OAAO,CAAC,GAAG,CAAC,MAAM,GAAG,CAAC,CAAC,IAAI,EAAE,CAAC,GAAG,CAAC,GAAG,CAAC,MAAM,GAAG,CAAC,CAAC,IAAI,CAAC,CAAC,GAAG,GAAG,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC;IAC5E,MAAM,IAAI,KAAK,CAAC,6BAA6B,CAAC,CAAC;AACjD,CAAC,CAAC;AARW,QAAA,SAAS,aAQpB;AAEF;;GAEG;AACU,QAAA,YAAY,GAAG,UAAU,CAAC,IAAI,CAAC;IAC1C,GAAG,CAAC,IAAI,EAAE,IAAI,CAAC;IACf,GAAG,CAAC,IAAI,EAAE,IAAI,CAAC;IACf,GAAG,CAAC,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,CAAC,EAAE,mBAAmB;CACrF,CAAC,CAAC;AAEH;;GAEG;AACU,QAAA,WAAW,GAAG,UAAU,CAAC,IAAI,CAAC;IACzC,GAAG,CAAC,IAAI,EAAE,IAAI,CAAC;IACf,GAAG,CAAC,IAAI,EAAE,IAAI,CAAC;IACf,GAAG,CAAC,IAAI,EAAE,IAAI,EAAE,IAAI,CAAC,EAAE,iBAAiB;CACzC,CAAC,CAAC;AAEH;;GAEG;AACU,QAAA,aAAa,GAAG,UAAU,CAAC,IAAI,CAAC;IAC3C,GAAG,CAAC,IAAI,EAAE,IAAI,CAAC;IACf,GAAG,CAAC,IAAI,EAAE,IAAI,CAAC;IACf,GAAG,CAAC,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,CAAC;IAC7C,GAAG,CAAC,IAAI,EAAE,IAAI,CAAC;IACf,GAAG,CAAC,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,CAAC,EAAE,gBAAgB;CACpD,CAAC,CAAC;AAEH;;;;;;GAMG;AACH,SAAgB,OAAO,CAAC,OAAoB,EAAE,GAAe;IAC3D,iFAAiF;IACjF,MAAM,qBAAqB,GAAG,CAAC,GAAG,sBAAc,CAAC,OAAO,CAAC,UAAU,GAAG,CAAC,CAAC,CAAC;IACzE,MAAM,GAAG,GAAG,GAAG,CAAC,UAAU,GAAG,qBAAqB,GAAG,OAAO,CAAC,UAAU,CAAC;IACxE,IAAI,MAAM,GAAG,CAAC,CAAC;IACf,MAAM,GAAG,GAAG,IAAI,UAAU,CAAC,CAAC,GAAG,sBAAc,CAAC,GAAG,CAAC,GAAG,GAAG,CAAC,CAAC;IAC1D,WAAW;IACX,GAAG,CAAC,MAAM,EAAE,CAAC,GAAG,IAAI,CAAC;IACrB,kBAAkB;IAClB,MAAM,IAAI,iBAAS,CAAC,GAAG,EAAE,MAAM,EAAE,GAAG,CAAC,CAAC;IAEtC,MAAM;IACN,GAAG,CAAC,GAAG,CAAC,GAAG,EAAE,MAAM,CAAC,CAAC;IACrB,MAAM,IAAI,GAAG,CAAC,UAAU,CAAC;IAEzB,oBAAoB;IACpB,GAAG,CAAC,MAAM,EAAE,CAAC,GAAG,IAAI,CAAC;IACrB,MAAM,IAAI,iBAAS,CAAC,GAAG,EAAE,MAAM,EAAE,OAAO,CAAC,UAAU,GAAG,CAAC,CAAC,CAAC;IACzD,YAAY;IACZ,GAAG,CAAC,MAAM,EAAE,CAAC,GAAG,IAAI,CAAC;IACrB,GAAG,CAAC,GAAG,CAAC,IAAI,UAAU,CAAC,OAAO,CAAC,EAAE,MAAM,CAAC,CAAC;IAEzC,OAAO,GAAG,CAAC;AACb,CAAC;AAvBD,0BAuBC;AAED;;;;;;;;GAQG;AACI,MAAM,SAAS,GAAG,CAAC,UAAuB,EAAE,GAAe,EAAc,EAAE;IAChF,IAAI,MAAM,GAAG,CAAC,CAAC;IACf,MAAM,MAAM,GAAG,CAAC,CAAS,EAAE,GAAW,EAAE,EAAE;QACxC,IAAI,GAAG,CAAC,MAAM,EAAE,CAAC,KAAK,CAAC,EAAE;YACvB,MAAM,IAAI,KAAK,CAAC,YAAY,GAAG,GAAG,CAAC,CAAC;SACrC;IACH,CAAC,CAAC;IAEF,MAAM,GAAG,GAAG,IAAI,UAAU,CAAC,UAAU,CAAC,CAAC;IACvC,MAAM,CAAC,IAAI,EAAE,UAAU,CAAC,CAAC;IACzB,MAAM,IAAI,sBAAc,CAAC,GAAG,EAAE,MAAM,CAAC,CAAC;IAEtC,IAAI,CAAC,iBAAS,CAAC,GAAG,CAAC,KAAK,CAAC,MAAM,EAAE,MAAM,GAAG,GAAG,CAAC,UAAU,CAAC,EAAE,GAAG,CAAC,EAAE;QAC/D,MAAM,IAAI,KAAK,CAAC,uBAAuB,CAAC,CAAC;KAC1C;IACD,MAAM,IAAI,GAAG,CAAC,UAAU,CAAC;IAEzB,MAAM,CAAC,IAAI,EAAE,YAAY,CAAC,CAAC;IAC3B,MAAM,UAAU,GAAG,iBAAS,CAAC,GAAG,EAAE,MAAM,CAAC,GAAG,CAAC,CAAC,CAAC,6CAA6C;IAC5F,MAAM,IAAI,sBAAc,CAAC,GAAG,EAAE,MAAM,CAAC,CAAC;IACtC,MAAM,CAAC,IAAI,EAAE,WAAW,CAAC,CAAC;IAC1B,MAAM,MAAM,GAAG,GAAG,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC;IACjC,IAAI,UAAU,KAAK,MAAM,CAAC,MAAM,EAAE;QAChC,MAAM,IAAI,KAAK,CACb,yCAAyC,UAAU,kBAAkB,MAAM,CAAC,MAAM,EAAE,CACrF,CAAC;KACH;IACD,OAAO,MAAM,CAAC;AAChB,CAAC,CAAC;AA5BW,QAAA,SAAS,aA4BpB"}