npm - @azure/attestation - Versions diffs - 1.0.1-alpha.20241022.1 → 1.0.1-alpha.20241023.1 - Mend

@azure/attestation 1.0.1-alpha.20241022.1 → 1.0.1-alpha.20241023.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (610) hide show

package/dist/commonjs/models/attestationResult.js ADDED Viewed

@@ -0,0 +1,173 @@
+"use strict";
+// Copyright (c) Microsoft Corporation.
+// Licensed under the MIT License.
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.AttestationResultImpl = void 0;
+exports._attestationResultFromGenerated = _attestationResultFromGenerated;
+const attestationSigner_js_1 = require("./attestationSigner.js");
+/**
+ * A Microsoft Azure Attestation response token body - the body of a response token issued by MAA
+ */
+class AttestationResultImpl {
+    /**
+     *
+     * @param params - The parameters for the constructor.
+     *
+     * @hidden
+     */
+    constructor(params) {
+        this._issuer = params.issuer;
+        this._nonce = params.nonce;
+        this._version = params.version;
+        this._uniqueId = params.uniqueId;
+        this._runTimeClaims = params.runTimeClaims;
+        this._initTimeClaims = params.initTimeClaims;
+        this._policyClaims = params.policyClaims;
+        this._verifierType = params.verifierType;
+        this._policySigner = params.policySigner;
+        this._policyHash = params.policyHash;
+        this._isDebuggable = params.isDebuggable;
+        this._productId = params.productId;
+        this._mrEnclave = params.mrEnclave;
+        this._mrSigner = params.mrSigner;
+        this._svn = params.svn;
+        this._enclaveHeldData = params.enclaveHeldData;
+        this._sgxCollateral = params.sgxCollateral;
+    }
+    /**
+     * Unique Identifier for the token
+     *
+     */
+    get uniqueId() {
+        return this._uniqueId;
+    }
+    /**
+     * Returns the issuer of the attestation token. MUST be the same as the
+     * endpoint used when constructing the attestation client instance.
+     */
+    get issuer() {
+        return this._issuer;
+    }
+    /**
+     * Returns the "nonce" value specified in the Attest request.
+     */
+    get nonce() {
+        return this._nonce;
+    }
+    /**
+     * The Schema version of this structure. Current Value: 1.0
+     */
+    get version() {
+        return this._version;
+    }
+    /**
+     * Runtime Claims
+     */
+    get runTimeClaims() {
+        return this._runTimeClaims;
+    }
+    /**
+     * Inittime Claims
+     */
+    get initTimeClaims() {
+        return this._initTimeClaims;
+    }
+    /**
+     * Policy Generated Claims
+     */
+    get policyClaims() {
+        return this._policyClaims;
+    }
+    /**
+     * The Attestation type being attested.
+     */
+    get verifierType() {
+        return this._verifierType;
+    }
+    /**
+     * The certificate used to sign the policy object, if specified.
+     */
+    get policySigner() {
+        return this._policySigner;
+    }
+    /**
+     * The SHA256 hash of the BASE64URL encoded policy text used for attestation
+     */
+    get policyHash() {
+        return this._policyHash;
+    }
+    /**
+     * True if the enclave is debuggable, false otherwise
+     */
+    get isDebuggable() {
+        return this._isDebuggable;
+    }
+    /**
+     * The SGX Product ID for the enclave.
+     */
+    get productId() {
+        return this._productId;
+    }
+    /**
+     * The HEX encoded SGX MRENCLAVE value for the enclave.
+     */
+    get mrEnclave() {
+        return this._mrEnclave;
+    }
+    /**
+     * The HEX encoded SGX MRSIGNER value for the enclave.
+     */
+    get mrSigner() {
+        return this._mrSigner;
+    }
+    /**
+     * The SGX SVN value for the enclave.
+     */
+    get svn() {
+        return this._svn;
+    }
+    /**
+     * A copy of the RuntimeData specified as an input to the attest call.
+     */
+    get enclaveHeldData() {
+        return this._enclaveHeldData;
+    }
+    /**
+     * The SGX SVN value for the enclave.
+     */
+    get sgxCollateral() {
+        return this._sgxCollateral;
+    }
+}
+exports.AttestationResultImpl = AttestationResultImpl;
+/**
+ *
+ * @param generated - Generated attestation result object.
+ * @returns newly created AttestationResult from the generated result.
+ *
+ * @internal
+ */
+function _attestationResultFromGenerated(generated) {
+    return new AttestationResultImpl({
+        issuer: generated.iss,
+        version: generated.version,
+        nonce: generated.nonce,
+        uniqueId: generated.jti,
+        policySigner: generated.policySigner
+            ? (0, attestationSigner_js_1._attestationSignerFromGenerated)(generated.policySigner)
+            : undefined,
+        runTimeClaims: generated.runtimeClaims,
+        initTimeClaims: generated.inittimeClaims,
+        policyClaims: generated.policyClaims,
+        verifierType: generated.verifierType,
+        policyHash: generated.policyHash,
+        isDebuggable: generated.isDebuggable,
+        productId: generated.productId,
+        mrEnclave: generated.mrEnclave,
+        mrSigner: generated.mrSigner,
+        svn: generated.svn,
+        enclaveHeldData: generated.enclaveHeldData,
+        sgxCollateral: generated.sgxCollateral,
+    });
+}
+//# sourceMappingURL=attestationResult.js.map

package/dist/commonjs/models/attestationResult.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"attestationResult.js","sourceRoot":"","sources":["../../../src/models/attestationResult.ts"],"names":[],"mappings":";AAAA,uCAAuC;AACvC,kCAAkC;;;AAiXlC,0EAwBC;AArYD,iEAAyE;AAqLzE;;GAEG;AACH,MAAa,qBAAqB;IAChC;;;;;OAKG;IACH,YAAY,MAkBX;QACC,IAAI,CAAC,OAAO,GAAG,MAAM,CAAC,MAAM,CAAC;QAC7B,IAAI,CAAC,MAAM,GAAG,MAAM,CAAC,KAAK,CAAC;QAC3B,IAAI,CAAC,QAAQ,GAAG,MAAM,CAAC,OAAO,CAAC;QAC/B,IAAI,CAAC,SAAS,GAAG,MAAM,CAAC,QAAQ,CAAC;QACjC,IAAI,CAAC,cAAc,GAAG,MAAM,CAAC,aAAa,CAAC;QAC3C,IAAI,CAAC,eAAe,GAAG,MAAM,CAAC,cAAc,CAAC;QAC7C,IAAI,CAAC,aAAa,GAAG,MAAM,CAAC,YAAY,CAAC;QACzC,IAAI,CAAC,aAAa,GAAG,MAAM,CAAC,YAAY,CAAC;QACzC,IAAI,CAAC,aAAa,GAAG,MAAM,CAAC,YAAY,CAAC;QACzC,IAAI,CAAC,WAAW,GAAG,MAAM,CAAC,UAAU,CAAC;QACrC,IAAI,CAAC,aAAa,GAAG,MAAM,CAAC,YAAY,CAAC;QACzC,IAAI,CAAC,UAAU,GAAG,MAAM,CAAC,SAAS,CAAC;QACnC,IAAI,CAAC,UAAU,GAAG,MAAM,CAAC,SAAS,CAAC;QACnC,IAAI,CAAC,SAAS,GAAG,MAAM,CAAC,QAAQ,CAAC;QACjC,IAAI,CAAC,IAAI,GAAG,MAAM,CAAC,GAAG,CAAC;QACvB,IAAI,CAAC,gBAAgB,GAAG,MAAM,CAAC,eAAe,CAAC;QAC/C,IAAI,CAAC,cAAc,GAAG,MAAM,CAAC,aAAa,CAAC;IAC7C,CAAC;IAoBD;;;OAGG;IACH,IAAI,QAAQ;QACV,OAAO,IAAI,CAAC,SAAS,CAAC;IACxB,CAAC;IAED;;;OAGG;IACH,IAAI,MAAM;QACR,OAAO,IAAI,CAAC,OAAO,CAAC;IACtB,CAAC;IAED;;OAEG;IACH,IAAI,KAAK;QACP,OAAO,IAAI,CAAC,MAAM,CAAC;IACrB,CAAC;IAED;;OAEG;IACH,IAAI,OAAO;QACT,OAAO,IAAI,CAAC,QAAQ,CAAC;IACvB,CAAC;IAED;;OAEG;IACH,IAAI,aAAa;QACf,OAAO,IAAI,CAAC,cAAc,CAAC;IAC7B,CAAC;IACD;;OAEG;IACH,IAAI,cAAc;QAChB,OAAO,IAAI,CAAC,eAAe,CAAC;IAC9B,CAAC;IAED;;OAEG;IACH,IAAI,YAAY;QACd,OAAO,IAAI,CAAC,aAAa,CAAC;IAC5B,CAAC;IACD;;OAEG;IACH,IAAI,YAAY;QACd,OAAO,IAAI,CAAC,aAAa,CAAC;IAC5B,CAAC;IACD;;OAEG;IACH,IAAI,YAAY;QACd,OAAO,IAAI,CAAC,aAAa,CAAC;IAC5B,CAAC;IACD;;OAEG;IACH,IAAI,UAAU;QACZ,OAAO,IAAI,CAAC,WAAW,CAAC;IAC1B,CAAC;IACD;;OAEG;IACH,IAAI,YAAY;QACd,OAAO,IAAI,CAAC,aAAa,CAAC;IAC5B,CAAC;IACD;;OAEG;IACH,IAAI,SAAS;QACX,OAAO,IAAI,CAAC,UAAU,CAAC;IACzB,CAAC;IACD;;OAEG;IACH,IAAI,SAAS;QACX,OAAO,IAAI,CAAC,UAAU,CAAC;IACzB,CAAC;IACD;;OAEG;IACH,IAAI,QAAQ;QACV,OAAO,IAAI,CAAC,SAAS,CAAC;IACxB,CAAC;IACD;;OAEG;IACH,IAAI,GAAG;QACL,OAAO,IAAI,CAAC,IAAI,CAAC;IACnB,CAAC;IACD;;OAEG;IACH,IAAI,eAAe;QACjB,OAAO,IAAI,CAAC,gBAAgB,CAAC;IAC/B,CAAC;IACD;;OAEG;IACH,IAAI,aAAa;QACf,OAAO,IAAI,CAAC,cAAc,CAAC;IAC7B,CAAC;CACF;AA5KD,sDA4KC;AAED;;;;;;GAMG;AACH,SAAgB,+BAA+B,CAC7C,SAAqC;IAErC,OAAO,IAAI,qBAAqB,CAAC;QAC/B,MAAM,EAAE,SAAS,CAAC,GAAG;QACrB,OAAO,EAAE,SAAS,CAAC,OAAO;QAC1B,KAAK,EAAE,SAAS,CAAC,KAAK;QACtB,QAAQ,EAAE,SAAS,CAAC,GAAG;QACvB,YAAY,EAAE,SAAS,CAAC,YAAY;YAClC,CAAC,CAAC,IAAA,sDAA+B,EAAC,SAAS,CAAC,YAAY,CAAC;YACzD,CAAC,CAAC,SAAS;QACb,aAAa,EAAE,SAAS,CAAC,aAAa;QACtC,cAAc,EAAE,SAAS,CAAC,cAAc;QACxC,YAAY,EAAE,SAAS,CAAC,YAAY;QACpC,YAAY,EAAE,SAAS,CAAC,YAAY;QACpC,UAAU,EAAE,SAAS,CAAC,UAAU;QAChC,YAAY,EAAE,SAAS,CAAC,YAAY;QACpC,SAAS,EAAE,SAAS,CAAC,SAAS;QAC9B,SAAS,EAAE,SAAS,CAAC,SAAS;QAC9B,QAAQ,EAAE,SAAS,CAAC,QAAQ;QAC5B,GAAG,EAAE,SAAS,CAAC,GAAG;QAClB,eAAe,EAAE,SAAS,CAAC,eAAe;QAC1C,aAAa,EAAE,SAAS,CAAC,aAAa;KACvC,CAAC,CAAC;AACL,CAAC","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT License.\n\nimport { AttestationSigner } from \"./index.js\";\nimport { GeneratedAttestationResult } from \"../generated/index.js\";\nimport { _attestationSignerFromGenerated } from \"./attestationSigner.js\";\n\n/**\n * Defines the contents of the {@link AttestationResult.sgxCollateral} claim in\n * an {@link AttestationResult}.\n */\nexport interface AttestationSgxCollateralInfo {\n /**\n * Hex encoded Sha256 hash of the Quoting Enclave Certificates.\n *\n * See the {@link https://software.intel.com/content/www/us/en/develop/articles/quote-verification-attestation-with-intel-sgx-dcap.html | Intel SGX documentation }\n * for more information on quote validation.\n */\n qeidcertshash?: string;\n /**\n * Hex encoded Sha256 hash of the Quoting Enclave Certificate CRL.\n *\n * See the {@link https://software.intel.com/content/www/us/en/develop/articles/quote-verification-attestation-with-intel-sgx-dcap.html | Intel SGX documentation }\n * for more information on quote validation.\n */\n qeidcrlhash?: string;\n /**\n * Hex encoded Sha256 hash of the Quoting Enclave Identity.\n *\n * See the {@link https://software.intel.com/content/www/us/en/develop/articles/quote-verification-attestation-with-intel-sgx-dcap.html | Intel SGX documentation }\n * for more information on quote validation.\n */\n qeidhash?: string;\n /**\n * Hex encoded Sha256 hash of the SGX Quote or OpenEnclave Report validated\n * by this token.\n *\n * See the {@link https://software.intel.com/content/www/us/en/develop/articles/quote-verification-attestation-with-intel-sgx-dcap.html | Intel SGX documentation }\n * for more information on quote validation.\n */\n quotehash?: string;\n /**\n * Hex encoded Sha256 hash of the TCB Info Certificates.\n *\n * See the {@link https://software.intel.com/content/www/us/en/develop/articles/quote-verification-attestation-with-intel-sgx-dcap.html | Intel SGX documentation }\n * for more information on quote validation.\n */\n tcbinfocertshash?: string;\n /**\n * Hex encoded Sha256 hash of the TCB Info Certificate CRL.\n *\n * See the {@link https://software.intel.com/content/www/us/en/develop/articles/quote-verification-attestation-with-intel-sgx-dcap.html | Intel SGX documentation }\n * for more information on quote validation.\n */\n tcbinfocrlhash?: string;\n /**\n * Hex encoded Sha256 hash of the TCB Info for the device being attested.\n *\n * See the {@link https://software.intel.com/content/www/us/en/develop/articles/quote-verification-attestation-with-intel-sgx-dcap.html | Intel SGX documentation }\n * for more information on quote validation.\n */\n tcbinfohash?: string;\n}\n\n/**\n * A Microsoft Azure Attestation response token body - the body of a response token issued by MAA\n */\nexport interface AttestationResult {\n /**\n * Unique Identifier for the token.\n *\n * Corresponds to the 'jti' claim defined in\n * {@link https://datatracker.ietf.org/doc/html/rfc7519#section-4.1.7 | RFC 7519 section 4.1.7}\n */\n uniqueId: string;\n\n /**\n * Returns the issuer of the attestation token. MUST be the same as the\n * endpoint used when constructing the attestation client instance.\n */\n issuer: string;\n\n /**\n * Returns the \"nonce\" value if one was specified in the Attest request.\n */\n nonce?: string;\n\n /**\n * The Schema version of this structure. Current Value: 1.0\n */\n version: string;\n\n /**\n * Returns the runtime claims in the token.\n *\n * This value will match the input `runTimeJson` property to the\n * {@link AttestationClient.attestSgxEnclave} or\n * {@link AttestationClient.attestOpenEnclave} API.\n *\n * @remarks\n *\n * The `runtimeClaims` property will only be populated if the\n * `runtimeJson` parameter to the `Attest` API is specified. It will\n * not be populated if the `runtimeData` parameter is specified.\n */\n runTimeClaims: unknown;\n /**\n * Returns the initialization time claims in the token.\n * This value will match the input `initTimeJson` property to the\n * {@link AttestationClient.attestSgxEnclave} or\n * {@link AttestationClient.attestOpenEnclave} API.\n *\n * @remarks\n *\n * The `initTimeClaims` property will only be populated if the `initTimeJson`\n * parameter to the `Attest` API is specified. It will not be populated if\n * the `initTimeData` parameter is specified.\n */\n initTimeClaims: unknown;\n\n /**\n * Returns the set of claims generated by the attestation policy on the instance.\n */\n policyClaims: unknown;\n\n /**\n * Returns the verifier which generated this attestation token. Normally one of:\n * \"SGX\" or \"TPM\", but others can be specified.\n */\n verifierType: string;\n /**\n * The certificate used to sign the policy object, if specified.\n */\n policySigner?: AttestationSigner;\n /**\n * The base64url encoded SHA256 hash of the BASE64URL encoded policy text\n * used for attestation.\n */\n policyHash: Uint8Array;\n /**\n * True if the enclave is debuggable, false otherwise. Only valid if `verifierType` is SGX.\n */\n isDebuggable?: boolean;\n\n /**\n * The SGX Product ID for the enclave. Only valid if the `verifierType` field is \"SGX\"\n */\n productId?: number;\n /**\n * The HEX encoded SGX MRENCLAVE value for the enclave. Only valid if the\n * `verifierType` field is \"SGX\"\n */\n mrEnclave?: string;\n\n /**\n * The HEX encoded SGX MRSIGNER value for the enclave. Only valid if the\n * `verifierType` field is \"SGX\"\n */\n mrSigner?: string;\n\n /**\n * The SGX SVN value for the enclave. Only valid if the `verifierType` field is \"SGX\"\n */\n svn?: number;\n\n /**\n * Returns the value of the runtime_data field specified as an input to the\n * {@link AttestationClient.attestSgxEnclave} or {@link AttestationClient.attestOpenEnclave} API.\n *\n * @remarks\n *\n * The `enclaveHeldData` property will only be populated if the\n * `runtimeData` parameter to the `Attest` API is specified.\n */\n enclaveHeldData?: Uint8Array;\n\n /**\n * Returns a set of information describing the complete set of inputs to the\n * Attestation validation logic.\n *\n * See the {@link https://software.intel.com/content/www/us/en/develop/articles/quote-verification-attestation-with-intel-sgx-dcap.html | Intel SGX documentation }\n * for more information on quote validation.\n */\n sgxCollateral?: AttestationSgxCollateralInfo;\n}\n\n/**\n * A Microsoft Azure Attestation response token body - the body of a response token issued by MAA\n */\nexport class AttestationResultImpl implements AttestationResult {\n /**\n *\n * @param params - The parameters for the constructor.\n *\n * @hidden\n */\n constructor(params: {\n issuer: string;\n version: string;\n nonce?: string;\n uniqueId: string;\n runTimeClaims?: unknown;\n initTimeClaims?: unknown;\n policyClaims?: unknown;\n verifierType: string;\n policySigner?: AttestationSigner;\n policyHash: Uint8Array;\n isDebuggable?: boolean;\n productId?: number;\n mrEnclave?: string;\n mrSigner?: string;\n svn?: number;\n enclaveHeldData?: Uint8Array;\n sgxCollateral?: AttestationSgxCollateralInfo;\n }) {\n this._issuer = params.issuer;\n this._nonce = params.nonce;\n this._version = params.version;\n this._uniqueId = params.uniqueId;\n this._runTimeClaims = params.runTimeClaims;\n this._initTimeClaims = params.initTimeClaims;\n this._policyClaims = params.policyClaims;\n this._verifierType = params.verifierType;\n this._policySigner = params.policySigner;\n this._policyHash = params.policyHash;\n this._isDebuggable = params.isDebuggable;\n this._productId = params.productId;\n this._mrEnclave = params.mrEnclave;\n this._mrSigner = params.mrSigner;\n this._svn = params.svn;\n this._enclaveHeldData = params.enclaveHeldData;\n this._sgxCollateral = params.sgxCollateral;\n }\n\n private _issuer: string;\n private _version: string;\n private _nonce?: string;\n private _uniqueId: string;\n private _runTimeClaims?: unknown;\n private _initTimeClaims?: unknown;\n private _policyClaims?: unknown;\n private _verifierType: string;\n private _policySigner?: AttestationSigner;\n private _policyHash: Uint8Array;\n private _isDebuggable?: boolean;\n private _productId?: number;\n private _mrEnclave?: string;\n private _mrSigner?: string;\n private _svn?: number;\n private _enclaveHeldData?: Uint8Array;\n private _sgxCollateral?: AttestationSgxCollateralInfo;\n\n /**\n * Unique Identifier for the token\n *\n */\n get uniqueId(): string {\n return this._uniqueId;\n }\n\n /**\n * Returns the issuer of the attestation token. MUST be the same as the\n * endpoint used when constructing the attestation client instance.\n */\n get issuer(): string {\n return this._issuer;\n }\n\n /**\n * Returns the \"nonce\" value specified in the Attest request.\n */\n get nonce(): string | undefined {\n return this._nonce;\n }\n\n /**\n * The Schema version of this structure. Current Value: 1.0\n */\n get version(): string {\n return this._version;\n }\n\n /**\n * Runtime Claims\n */\n get runTimeClaims(): unknown {\n return this._runTimeClaims;\n }\n /**\n * Inittime Claims\n */\n get initTimeClaims(): unknown {\n return this._initTimeClaims;\n }\n\n /**\n * Policy Generated Claims\n */\n get policyClaims(): unknown {\n return this._policyClaims;\n }\n /**\n * The Attestation type being attested.\n */\n get verifierType(): string {\n return this._verifierType;\n }\n /**\n * The certificate used to sign the policy object, if specified.\n */\n get policySigner(): AttestationSigner | undefined {\n return this._policySigner;\n }\n /**\n * The SHA256 hash of the BASE64URL encoded policy text used for attestation\n */\n get policyHash(): Uint8Array {\n return this._policyHash;\n }\n /**\n * True if the enclave is debuggable, false otherwise\n */\n get isDebuggable(): boolean | undefined {\n return this._isDebuggable;\n }\n /**\n * The SGX Product ID for the enclave.\n */\n get productId(): number | undefined {\n return this._productId;\n }\n /**\n * The HEX encoded SGX MRENCLAVE value for the enclave.\n */\n get mrEnclave(): string | undefined {\n return this._mrEnclave;\n }\n /**\n * The HEX encoded SGX MRSIGNER value for the enclave.\n */\n get mrSigner(): string | undefined {\n return this._mrSigner;\n }\n /**\n * The SGX SVN value for the enclave.\n */\n get svn(): number | undefined {\n return this._svn;\n }\n /**\n * A copy of the RuntimeData specified as an input to the attest call.\n */\n get enclaveHeldData(): Uint8Array | undefined {\n return this._enclaveHeldData;\n }\n /**\n * The SGX SVN value for the enclave.\n */\n get sgxCollateral(): AttestationSgxCollateralInfo | undefined {\n return this._sgxCollateral;\n }\n}\n\n/**\n *\n * @param generated - Generated attestation result object.\n * @returns newly created AttestationResult from the generated result.\n *\n * @internal\n */\nexport function _attestationResultFromGenerated(\n generated: GeneratedAttestationResult,\n): AttestationResultImpl {\n return new AttestationResultImpl({\n issuer: generated.iss,\n version: generated.version,\n nonce: generated.nonce,\n uniqueId: generated.jti,\n policySigner: generated.policySigner\n ? _attestationSignerFromGenerated(generated.policySigner)\n : undefined,\n runTimeClaims: generated.runtimeClaims,\n initTimeClaims: generated.inittimeClaims,\n policyClaims: generated.policyClaims,\n verifierType: generated.verifierType,\n policyHash: generated.policyHash,\n isDebuggable: generated.isDebuggable,\n productId: generated.productId,\n mrEnclave: generated.mrEnclave,\n mrSigner: generated.mrSigner,\n svn: generated.svn,\n enclaveHeldData: generated.enclaveHeldData,\n sgxCollateral: generated.sgxCollateral,\n });\n}\n"]}

package/dist/commonjs/models/attestationSigner.d.ts ADDED Viewed

@@ -0,0 +1,27 @@
+import { JsonWebKey } from "../generated/models/index.js";
+/**
+ * An AttestationSigner represents a signing certificate chain/Key ID combination
+ * returned by the attestation service.
+ */
+export interface AttestationSigner {
+    /**
+     * The Key ID for the signer, as defined by the "kid" parameter in
+     * {@link https://datatracker.ietf.org/doc/html/rfc7517#section-4.5 | RFC 7517 section 4.5}
+     */
+    keyId?: string;
+    /**
+     * An array of X.509 certificates DER encoded and PEM encoded one of which
+     * will be used to sign an attestation token. Also the "x5c" parameter in
+     * {@link https://datatracker.ietf.org/doc/html/rfc7517#section-4.7 | RFC 7517 section 4.7}
+     */
+    certificates: string[];
+}
+/**
+ *
+ * @param key  - JsonWebKey for signing key.
+ * @returns AttestationSigner created from the JsonWebKey.
+ *
+ * @internal
+ */
+export declare function _attestationSignerFromGenerated(key?: JsonWebKey): AttestationSigner;
+//# sourceMappingURL=attestationSigner.d.ts.map

package/dist/commonjs/models/attestationSigner.d.ts.map ADDED Viewed

	@@ -0,0 +1 @@
1	+ {"version":3,"file":"attestationSigner.d.ts","sourceRoot":"","sources":["../../../src/models/attestationSigner.ts"],"names":[],"mappings":"AAGA,OAAO,EAAE,UAAU,EAAE,MAAM,8BAA8B,CAAC;AAG1D;;;GAGG;AACH,MAAM,WAAW,iBAAiB;IAChC;;;OAGG;IACH,KAAK,CAAC,EAAE,MAAM,CAAC;IAEf;;;;OAIG;IACH,YAAY,EAAE,MAAM,EAAE,CAAC;CACxB;AAED;;;;;;GAMG;AACH,wBAAgB,+BAA+B,CAAC,GAAG,CAAC,EAAE,UAAU,GAAG,iBAAiB,CAKnF"}

package/dist/commonjs/models/attestationSigner.js ADDED Viewed

@@ -0,0 +1,21 @@
+"use strict";
+// Copyright (c) Microsoft Corporation.
+// Licensed under the MIT License.
+Object.defineProperty(exports, "__esModule", { value: true });
+exports._attestationSignerFromGenerated = _attestationSignerFromGenerated;
+const helpers_js_1 = require("../utils/helpers.js");
+/**
+ *
+ * @param key  - JsonWebKey for signing key.
+ * @returns AttestationSigner created from the JsonWebKey.
+ *
+ * @internal
+ */
+function _attestationSignerFromGenerated(key) {
+    var _a, _b;
+    return {
+        keyId: key === null || key === void 0 ? void 0 : key.kid,
+        certificates: (_b = (_a = key === null || key === void 0 ? void 0 : key.x5C) === null || _a === void 0 ? void 0 : _a.map((cert) => (0, helpers_js_1.pemFromBase64)(cert, "CERTIFICATE"))) !== null && _b !== void 0 ? _b : [],
+    };
+}
+//# sourceMappingURL=attestationSigner.js.map

package/dist/commonjs/models/attestationSigner.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"attestationSigner.js","sourceRoot":"","sources":["../../../src/models/attestationSigner.ts"],"names":[],"mappings":";AAAA,uCAAuC;AACvC,kCAAkC;;AA+BlC,0EAKC;AAjCD,oDAAoD;AAqBpD;;;;;;GAMG;AACH,SAAgB,+BAA+B,CAAC,GAAgB;;IAC9D,OAAO;QACL,KAAK,EAAE,GAAG,aAAH,GAAG,uBAAH,GAAG,CAAE,GAAG;QACf,YAAY,EAAE,MAAA,MAAA,GAAG,aAAH,GAAG,uBAAH,GAAG,CAAE,GAAG,0CAAE,GAAG,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,IAAA,0BAAa,EAAC,IAAI,EAAE,aAAa,CAAC,CAAC,mCAAI,EAAE;KAChF,CAAC;AACJ,CAAC","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT License.\n\nimport { JsonWebKey } from \"../generated/models/index.js\";\nimport { pemFromBase64 } from \"../utils/helpers.js\";\n\n/**\n * An AttestationSigner represents a signing certificate chain/Key ID combination\n * returned by the attestation service.\n */\nexport interface AttestationSigner {\n /**\n * The Key ID for the signer, as defined by the \"kid\" parameter in\n * {@link https://datatracker.ietf.org/doc/html/rfc7517#section-4.5 | RFC 7517 section 4.5}\n */\n keyId?: string;\n\n /**\n * An array of X.509 certificates DER encoded and PEM encoded one of which\n * will be used to sign an attestation token. Also the \"x5c\" parameter in\n * {@link https://datatracker.ietf.org/doc/html/rfc7517#section-4.7 | RFC 7517 section 4.7}\n */\n certificates: string[];\n}\n\n/**\n *\n * @param key - JsonWebKey for signing key.\n * @returns AttestationSigner created from the JsonWebKey.\n *\n * @internal\n */\nexport function _attestationSignerFromGenerated(key?: JsonWebKey): AttestationSigner {\n return {\n keyId: key?.kid,\n certificates: key?.x5C?.map((cert) => pemFromBase64(cert, \"CERTIFICATE\")) ?? [],\n };\n}\n"]}

package/dist/commonjs/models/attestationToken.d.ts ADDED Viewed

@@ -0,0 +1,339 @@
+import { AttestationSigner } from "./attestationSigner.js";
+/**
+ * Options used to validate attestation tokens.
+ *
+ * @typeparam issuer - if provided, specifies the expected issuer of the attestation token.
+ * @typeparam validateExpirationTime - if true, validate the expiration time in the token.
+ * @typeparam validateNotBeforeTime - if true, validate the "not before" time in the token.
+ * @typeparam validateToken - if true, validate the token.
+ * @typeparam timeValidationSlack - the validation time slack in the time based validations.
+ *
+ * @remarks
+ *
+ *  If validateToken, validateNotBeforeTime, or validateExpirationTime are not
+ *  provided, they are all assumed to be 'true'.
+ *
+ */
+export interface AttestationTokenValidationOptions {
+    /**
+     * If true, validate the attestation token, if false, skip validation.
+     */
+    validateToken?: boolean;
+    /**
+     * If true, validate the expiration time for the token.
+     */
+    validateExpirationTime?: boolean;
+    /**
+     * If true, validate the "not before" time for the token.
+     */
+    validateNotBeforeTime?: boolean;
+    /**
+     * If true, validate the issuer of the token.
+     */
+    validateIssuer?: boolean;
+    /**
+     * The expected issuer for the {@link AttestationToken}. Only checked if {@link validateIssuer} is set.
+     */
+    expectedIssuer?: string;
+    /**
+     * Tolerance time (in seconds) used to accound for clock drift between the local machine
+     * and the server creating the token.
+     */
+    timeValidationSlack?: number;
+    /**
+     * Validation function which allows developers to provide their own validation
+     * functionality for the attestation token. This can be used to perform additional
+     * validations for  signing certificate in AttestationSigner.
+     *
+     * @param token - Attestation Token to validate.
+     * @param signer - Signing Certificate which validated the token.
+     *
+     * @remarks
+     *
+     * If there is a problem with token validation, the validateAttestationCallback function
+     * will return an array of strings indicating the set of problems found in the token.
+     *
+     * @returns an array of problems in the token, or undefined if there are no problems.
+     */
+    validateAttestationToken?: (token: AttestationToken, signer?: AttestationSigner) => string[] | undefined;
+}
+/**
+ *
+ * An AttestationToken represents an RFC 7515 JSON Web Signature object.
+ *
+ * It can represent either the token returned by the attestation service,
+ * or it can be used to create a token locally which can be used to verify
+ * attestation policy changes.
+ */
+export interface AttestationToken {
+    /**
+     * Returns the deserialized body of the AttestationToken object.
+     *
+     * @returns The body of the attestation token as an object.
+     */
+    getBody(): unknown;
+    /**
+     * the token to a string.
+     *
+     * @remarks
+     * Serializes the token to a string.
+     *
+     * @returns The token serialized to a RFC 7515 JSON Web Signature.
+     */
+    serialize(): string;
+    /**
+     * Validates the attestation token to verify that it is semantically correct.
+     *
+     * @param possibleSigners - the set of possible signers for this attestation token.
+     * @param options - validation options
+     */
+    getTokenProblems(possibleSigners?: AttestationSigner[], options?: AttestationTokenValidationOptions): string[];
+    /** ********* JSON WEB SIGNATURE (RFC 7515) PROPERTIES */
+    /**
+     * Returns the algorithm from the header of the JSON Web Signature.
+     *
+     *  See {@link https://www.rfc-editor.org/rfc/rfc7515.html#section-4.1.1 | RFC 7515 Section 4.1.1})
+     *  for details.
+     *
+     * If the value of algorithm is "none" it indicates that the token is unsecured.
+     */
+    algorithm: string;
+    /**
+     *  Json Web Signature Header "kid".
+     *   See {@link https://www.rfc-editor.org/rfc/rfc7515.html#section-4.1.4 | RFC 7515 Section 4.1.4})
+     *   for details.
+     */
+    keyId?: string;
+    /**
+     * Json Web Signature Header "crit".
+     *
+     *   See {@link https://www.rfc-editor.org/rfc/rfc7515.html#section-4.1.11 | RFC 7515 Section 4.1.11})
+     *   for details.
+     *
+     */
+    critical?: boolean;
+    /**
+     * Json Web Token Header "content type".
+     * See {@link https://www.rfc-editor.org/rfc/rfc7515.html#section-4.1.10 | RFC 7515 Section 4.1.10})
+     *
+     */
+    contentType?: string;
+    /**
+     * Json Web Token Header "key URL".
+     *
+     * @see {@link https://www.rfc-editor.org/rfc/rfc7515.html#section-4.1.2 | RFC 7515 Section 4.1.2})
+     *
+     */
+    keyUrl?: string;
+    /**
+     * Json Web Token Header "X509 Url".
+     * @see {@link https://www.rfc-editor.org/rfc/rfc7515.html#section-4.1.5 | RFC 7515 Section 4.1.5})
+     *
+     */
+    x509Url?: string;
+    /** Json Web Token Header "Typ".
+     *
+     * @see {@link https://www.rfc-editor.org/rfc/rfc7515.html#section-4.1.9 | RFC 7515 Section 4.1.9})
+     *
+     */
+    type?: string;
+    /**
+     * Json Web Token Header "x509 thumprint".
+     * See {@link https://www.rfc-editor.org/rfc/rfc7515.html#section-4.1.7 | RFC 7515 Section 4.1.7})
+     */
+    certificateThumbprint?: string;
+    /** Json Web Token Header "x509 SHA256 thumprint".
+     *
+     * See {@link https://www.rfc-editor.org/rfc/rfc7515.html#section-4.1.8 | RFC 7515 Section 4.1.8})
+     *
+     */
+    certificateSha256Thumbprint?: string;
+    /** Json Web Token Header "x509 certificate chain".
+     *
+     * See {@link https://www.rfc-editor.org/rfc/rfc7515.html#section-4.1.6 | RFC 7515 Section 4.1.6})
+     *
+     */
+    certificateChain?: AttestationSigner;
+    /** ********* JSON WEB TOKEN (RFC 7519) PROPERTIES */
+    /** Issuer of the attestation token.
+     * See {@link https://www.rfc-editor.org/rfc/rfc7519.html#section-4.1.6 | RFC 7519 Section 4.1.6})
+     *   for details.
+     */
+    issuer?: string;
+    /** Expiration time for the token, from JWT body.
+     *
+     * See {@link https://www.rfc-editor.org/rfc/rfc7519.html#section-4.1.4 | RFC 7519 Section 4.1.4})
+     *   for details.
+     */
+    expiresOn?: Date;
+    /** Issuance time for the token, from JWT body.
+     *
+     * See {@link https://www.rfc-editor.org/rfc/rfc7519.html#section-4.1.6 | RFC 7519 Section 4.1.6})
+     *   for details.
+     */
+    issuedAt?: Date;
+    /**
+     * Not Before time for the token, from JWT body.
+     *
+     * See {@link https://www.rfc-editor.org/rfc/rfc7519.html#section-4.1.5 | RFC 7519 Section 4.1.5})
+     *   for details.
+     */
+    notBefore?: Date;
+}
+/**
+ *
+ * An AttestationToken represents an RFC 7515 JSON Web Signature object.
+ *
+ * It can represent either the token returned by the attestation service,
+ * or it can be used to create a token locally which can be used to verify
+ * attestation policy changes.
+ */
+export declare class AttestationTokenImpl implements AttestationToken {
+    /**
+     * @internal
+     *
+     * @param token - Attetation token returned by the attestation service.
+     */
+    constructor(token: string);
+    private _token;
+    private _headerBytes;
+    private _header;
+    private _bodyBytes;
+    private _body;
+    private _jwsVerifier;
+    /**
+     * Returns the deserialized body of the AttestationToken object.
+     *
+     * @returns The body of the attestation token as an object.
+     */
+    getBody(): unknown;
+    /**
+     * the token to a string.
+     *
+     * @remarks
+     * Serializes the token to a string.
+     *
+     * @returns The token serialized to a RFC 7515 JSON Web Signature.
+     */
+    serialize(): string;
+    /**
+     * Returns the set of problems discovered in the attestation token.
+     *
+     * @param possibleSigners - the set of possible signers for this attestation token.
+     * @param options - validation options
+     * @returns an array of string values. If there are no problems, returns an empty array.
+     */
+    getTokenProblems(possibleSigners?: AttestationSigner[], options?: AttestationTokenValidationOptions): string[];
+    private validateIssuer;
+    /**
+     * Validate the expiration and notbefore time claims in the JSON web token.
+     *
+     * @param options - Options to be used validating the time properties.
+     */
+    private validateTimeProperties;
+    private certFromSigner;
+    private getCandidateSigners;
+    /** ********* JSON WEB SIGNATURE (RFC 7515) PROPERTIES */
+    /**
+     * Returns the algorithm from the header of the JSON Web Signature.
+     *
+     *  See {@link https://www.rfc-editor.org/rfc/rfc7515.html#section-4.1.1 | RFC 7515 Section 4.1.1})
+     *  for details.
+     *
+     * If the value of algorithm is "none" it indicates that the token is unsecured.
+     */
+    get algorithm(): string;
+    /**
+     *  Json Web Signature Header "kid".
+     *   See {@link https://www.rfc-editor.org/rfc/rfc7515.html#section-4.1.4 | RFC 7515 Section 4.1.4})
+     *   for details.
+     */
+    get keyId(): string | undefined;
+    /**
+     * Json Web Signature Header "crit".
+     *
+     *   See {@link https://www.rfc-editor.org/rfc/rfc7515.html#section-4.1.11 | RFC 7515 Section 4.1.11})
+     *   for details.
+     *
+     */
+    get critical(): boolean | undefined;
+    /**
+     * Json Web Token Header "content type".
+     * See {@link https://www.rfc-editor.org/rfc/rfc7515.html#section-4.1.10 | RFC 7515 Section 4.1.10})
+     *
+     */
+    get contentType(): string | undefined;
+    /**
+     * Json Web Token Header "key URL".
+     *
+     * @see {@link https://www.rfc-editor.org/rfc/rfc7515.html#section-4.1.2 | RFC 7515 Section 4.1.2})
+     *
+     */
+    get keyUrl(): string | undefined;
+    /**
+     * Json Web Token Header "X509 Url".
+     * @see {@link https://www.rfc-editor.org/rfc/rfc7515.html#section-4.1.5 | RFC 7515 Section 4.1.5})
+     *
+     */
+    get x509Url(): string | undefined;
+    /** Json Web Token Header "Typ".
+     *
+     * @see {@link https://www.rfc-editor.org/rfc/rfc7515.html#section-4.1.9 | RFC 7515 Section 4.1.9})
+     *
+     */
+    get type(): string | undefined;
+    /**
+     * Json Web Token Header "x509 thumprint".
+     * See {@link https://www.rfc-editor.org/rfc/rfc7515.html#section-4.1.7 | RFC 7515 Section 4.1.7})
+     */
+    get certificateThumbprint(): string | undefined;
+    /** Json Web Token Header "x509 SHA256 thumprint".
+     *
+     * See {@link https://www.rfc-editor.org/rfc/rfc7515.html#section-4.1.8 | RFC 7515 Section 4.1.8})
+     *
+     */
+    get certificateSha256Thumbprint(): string | undefined;
+    /** Json Web Token Header "x509 certificate chain".
+     *
+     * See {@link https://www.rfc-editor.org/rfc/rfc7515.html#section-4.1.6 | RFC 7515 Section 4.1.6})
+     *
+     */
+    get certificateChain(): AttestationSigner | undefined;
+    /** ********* JSON WEB TOKEN (RFC 7519) PROPERTIES */
+    /** Issuer of the attestation token.
+     * See {@link https://www.rfc-editor.org/rfc/rfc7519.html#section-4.1.6 | RFC 7519 Section 4.1.6})
+     *   for details.
+     */
+    get issuer(): string | undefined;
+    /** Expiration time for the token, from JWT body.
+     *
+     * See {@link https://www.rfc-editor.org/rfc/rfc7519.html#section-4.1.4 | RFC 7519 Section 4.1.4})
+     *   for details.
+     */
+    get expiresOn(): Date | undefined;
+    /** Issuance time for the token, from JWT body.
+     *
+     * See {@link https://www.rfc-editor.org/rfc/rfc7519.html#section-4.1.6 | RFC 7519 Section 4.1.6})
+     *   for details.
+     */
+    get issuedAt(): Date | undefined;
+    /**
+     * Not Before time for the token, from JWT body.
+     *
+     * See {@link https://www.rfc-editor.org/rfc/rfc7519.html#section-4.1.5 | RFC 7519 Section 4.1.5})
+     *   for details.
+     */
+    get notBefore(): Date | undefined;
+    /**
+     * Creates a new attestation token from a body and signing key.
+     * @param body - stringified body of the body of the token to be created.
+     * @param signer - Optional signing key used to sign the newly created token.
+     * @returns an {@link AttestationToken | attestation token}
+     */
+    static create(params: {
+        body?: string;
+        privateKey?: string;
+        certificate?: string;
+    }): AttestationToken;
+}
+//# sourceMappingURL=attestationToken.d.ts.map

package/dist/commonjs/models/attestationToken.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"attestationToken.d.ts","sourceRoot":"","sources":["../../../src/models/attestationToken.ts"],"names":[],"mappings":"AAUA,OAAO,EAAE,iBAAiB,EAAmC,MAAM,wBAAwB,CAAC;AAM5F;;;;;;;;;;;;;;GAcG;AACH,MAAM,WAAW,iCAAiC;IAChD;;OAEG;IACH,aAAa,CAAC,EAAE,OAAO,CAAC;IACxB;;OAEG;IACH,sBAAsB,CAAC,EAAE,OAAO,CAAC;IACjC;;OAEG;IACH,qBAAqB,CAAC,EAAE,OAAO,CAAC;IAChC;;OAEG;IACH,cAAc,CAAC,EAAE,OAAO,CAAC;IACzB;;OAEG;IACH,cAAc,CAAC,EAAE,MAAM,CAAC;IAExB;;;OAGG;IACH,mBAAmB,CAAC,EAAE,MAAM,CAAC;IAE7B;;;;;;;;;;;;;;OAcG;IACH,wBAAwB,CAAC,EAAE,CACzB,KAAK,EAAE,gBAAgB,EACvB,MAAM,CAAC,EAAE,iBAAiB,KACvB,MAAM,EAAE,GAAG,SAAS,CAAC;CAC3B;AAED;;;;;;;GAOG;AACH,MAAM,WAAW,gBAAgB;IAC/B;;;;OAIG;IACH,OAAO,IAAI,OAAO,CAAC;IAEnB;;;;;;;OAOG;IACH,SAAS,IAAI,MAAM,CAAC;IAEpB;;;;;OAKG;IACH,gBAAgB,CACd,eAAe,CAAC,EAAE,iBAAiB,EAAE,EACrC,OAAO,CAAC,EAAE,iCAAiC,GAC1C,MAAM,EAAE,CAAC;IAEZ,yDAAyD;IAEzD;;;;;;;OAOG;IACH,SAAS,EAAE,MAAM,CAAC;IAElB;;;;OAIG;IACH,KAAK,CAAC,EAAE,MAAM,CAAC;IAEf;;;;;;OAMG;IACH,QAAQ,CAAC,EAAE,OAAO,CAAC;IAEnB;;;;OAIG;IACH,WAAW,CAAC,EAAE,MAAM,CAAC;IAErB;;;;;OAKG;IACH,MAAM,CAAC,EAAE,MAAM,CAAC;IAEhB;;;;OAIG;IACH,OAAO,CAAC,EAAE,MAAM,CAAC;IAEjB;;;;OAIG;IACH,IAAI,CAAC,EAAE,MAAM,CAAC;IACd;;;OAGG;IACH,qBAAqB,CAAC,EAAE,MAAM,CAAC;IAE/B;;;;OAIG;IACH,2BAA2B,CAAC,EAAE,MAAM,CAAC;IAErC;;;;OAIG;IACH,gBAAgB,CAAC,EAAE,iBAAiB,CAAC;IAErC,qDAAqD;IAErD;;;OAGG;IACH,MAAM,CAAC,EAAE,MAAM,CAAC;IAEhB;;;;OAIG;IACH,SAAS,CAAC,EAAE,IAAI,CAAC;IAEjB;;;;OAIG;IACH,QAAQ,CAAC,EAAE,IAAI,CAAC;IAEhB;;;;;OAKG;IACH,SAAS,CAAC,EAAE,IAAI,CAAC;CAClB;AAED;;;;;;;GAOG;AACH,qBAAa,oBAAqB,YAAW,gBAAgB;IAC3D;;;;OAIG;gBACS,KAAK,EAAE,MAAM;IAgBzB,OAAO,CAAC,MAAM,CAAS;IACvB,OAAO,CAAC,YAAY,CAAa;IACjC,OAAO,CAAC,OAAO,CAAM;IACrB,OAAO,CAAC,UAAU,CAAa;IAC/B,OAAO,CAAC,KAAK,CAAM;IAGnB,OAAO,CAAC,YAAY,CAAM;IAE1B;;;;OAIG;IACI,OAAO,IAAI,OAAO;IAIzB;;;;;;;OAOG;IACI,SAAS,IAAI,MAAM;IAI1B;;;;;;OAMG;IACI,gBAAgB,CACrB,eAAe,CAAC,EAAE,iBAAiB,EAAE,EACrC,OAAO,GAAE,iCAIR,GACA,MAAM,EAAE;IA2CX,OAAO,CAAC,cAAc;IAWtB;;;;OAIG;IACH,OAAO,CAAC,sBAAsB;IA8B9B,OAAO,CAAC,cAAc;IAKtB,OAAO,CAAC,mBAAmB;IA+B3B,yDAAyD;IAEzD;;;;;;;OAOG;IACH,IAAW,SAAS,IAAI,MAAM,CAE7B;IAED;;;;OAIG;IACH,IAAW,KAAK,IAAI,MAAM,GAAG,SAAS,CAErC;IAED;;;;;;OAMG;IACH,IAAW,QAAQ,IAAI,OAAO,GAAG,SAAS,CAEzC;IAED;;;;OAIG;IACH,IAAW,WAAW,IAAI,MAAM,GAAG,SAAS,CAE3C;IAED;;;;;OAKG;IACH,IAAW,MAAM,IAAI,MAAM,GAAG,SAAS,CAEtC;IAED;;;;OAIG;IACH,IAAW,OAAO,IAAI,MAAM,GAAG,SAAS,CAEvC;IAED;;;;OAIG;IACH,IAAW,IAAI,IAAI,MAAM,GAAG,SAAS,CAEpC;IAED;;;OAGG;IACH,IAAW,qBAAqB,IAAI,MAAM,GAAG,SAAS,CAErD;IAED;;;;OAIG;IACH,IAAW,2BAA2B,IAAI,MAAM,GAAG,SAAS,CAE3D;IAED;;;;OAIG;IACH,IAAW,gBAAgB,IAAI,iBAAiB,GAAG,SAAS,CAgB3D;IAED,qDAAqD;IAErD;;;OAGG;IACH,IAAW,MAAM,IAAI,MAAM,GAAG,SAAS,CAEtC;IAED;;;;OAIG;IACH,IAAW,SAAS,IAAI,IAAI,GAAG,SAAS,CAEvC;IAED;;;;OAIG;IACH,IAAW,QAAQ,IAAI,IAAI,GAAG,SAAS,CAEtC;IAED;;;;;OAKG;IACH,IAAW,SAAS,IAAI,IAAI,GAAG,SAAS,CAEvC;IAED;;;;;OAKG;WACW,MAAM,CAAC,MAAM,EAAE;QAC3B,IAAI,CAAC,EAAE,MAAM,CAAC;QACd,UAAU,CAAC,EAAE,MAAM,CAAC;QACpB,WAAW,CAAC,EAAE,MAAM,CAAC;KACtB,GAAG,gBAAgB;CAwCrB"}