npm - @azure/identity - Versions diffs - 1.3.0 → 1.5.2 - Mend

@azure/identity 1.3.0 → 1.5.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Potentially problematic release.

This version of @azure/identity might be problematic. Click here for more details.

Files changed (54) hide show

package/dist/index.js.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"index.js","sources":["../src/client/errors.ts","../src/util/tracing.ts","../src/util/logging.ts","../src/credentials/chainedTokenCredential.ts","../src/util/authHostEnv.ts","../src/util/identityTokenEndpoint.ts","../src/client/identityClient.ts","../src/credentials/clientSecretCredential.ts","../src/util/checkTenantId.ts","../src/credentials/clientCertificateCredential.ts","../src/credentials/usernamePasswordCredential.ts","../src/credentials/environmentCredential.ts","../src/credentials/managedIdentityCredential/constants.ts","../src/credentials/managedIdentityCredential/utils.ts","../src/credentials/managedIdentityCredential/cloudShellMsi.ts","../src/credentials/managedIdentityCredential/imdsMsi.ts","../src/credentials/managedIdentityCredential/appServiceMsi2017.ts","../src/credentials/managedIdentityCredential/arcMsi.ts","../src/credentials/managedIdentityCredential/index.ts","../src/credentials/azureCliCredential.ts","../src/constants.ts","../src/credentials/visualStudioCodeCredential.ts","../src/credentials/defaultAzureCredential.ts","../src/client/msalClient.ts","../src/credentials/interactiveBrowserCredential.ts","../src/credentials/deviceCodeCredential.ts","../src/credentials/authorizationCodeCredential.ts","../src/index.ts"],"sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT license.\n\n/*\n See the official documentation for more details:\n \n https://docs.microsoft.com/en-us/azure/active-directory/develop/v1-protocols-oauth-code#error-response-1\n \n NOTE: This documentation is for v1 OAuth support but the same error\n * response details still apply to v2.\n /\nexport interface ErrorResponse {\n /\n The string identifier for the error.\n /\n error: string;\n\n /\n The error's description.\n /\n errorDescription: string;\n\n /\n An array of codes pertaining to the error(s) that occurred.\n /\n errorCodes?: number[];\n\n /\n The timestamp at which the error occurred.\n /\n timestamp?: string;\n\n /\n The trace identifier for this error occurrence.\n /\n traceId?: string;\n\n /\n The correlation ID to be used for tracking the source of the error.\n /\n correlationId?: string;\n}\n\n/\n Used for internal deserialization of OAuth responses. Public model is ErrorResponse\n * @internal\n /\nexport interface OAuthErrorResponse {\n error: string;\n error_description: string;\n error_codes?: number[];\n timestamp?: string;\n trace_id?: string;\n correlation_id?: string;\n}\n\nfunction isErrorResponse(errorResponse: any): errorResponse is OAuthErrorResponse {\n return (\n errorResponse &&\n typeof errorResponse.error === \"string\" &&\n typeof errorResponse.error_description === \"string\"\n );\n}\n\n/\n This signifies that the credential that was tried in a chained credential\n * was not available to be used as the credential. Rather than treating this as\n * an error that should halt the chain, it's caught and the chain continues\n /\nexport class CredentialUnavailable extends Error {}\n\n/\n The Error.name value of an AuthenticationError\n /\nexport const AuthenticationErrorName = \"AuthenticationError\";\n\n/\n Provides details about a failure to authenticate with Azure Active\n * Directory. The `errorResponse` field contains more details about\n * the specific failure.\n /\nexport class AuthenticationError extends Error {\n /\n The HTTP status code returned from the authentication request.\n /\n public readonly statusCode: number;\n\n /\n The error response details.\n /\n public readonly errorResponse: ErrorResponse;\n\n // eslint-disable-next-line @typescript-eslint/ban-types\n constructor(statusCode: number, errorBody: object \| string \| undefined \| null) {\n let errorResponse: ErrorResponse = {\n error: \"unknown\",\n errorDescription: \"An unknown error occurred and no additional details are available.\"\n };\n\n if (isErrorResponse(errorBody)) {\n errorResponse = convertOAuthErrorResponseToErrorResponse(errorBody);\n } else if (typeof errorBody === \"string\") {\n try {\n // Most error responses will contain JSON-formatted error details\n // in the response body\n const oauthErrorResponse: OAuthErrorResponse = JSON.parse(errorBody);\n errorResponse = convertOAuthErrorResponseToErrorResponse(oauthErrorResponse);\n } catch (e) {\n if (statusCode === 400) {\n errorResponse = {\n error: \"authority_not_found\",\n errorDescription: \"The specified authority URL was not found.\"\n };\n } else {\n errorResponse = {\n error: \"unknown_error\",\n errorDescription: `An unknown error has occurred. Response body:\\n\\n${errorBody}`\n };\n }\n }\n } else {\n errorResponse = {\n error: \"unknown_error\",\n errorDescription: \"An unknown error occurred and no additional details are available.\"\n };\n }\n\n super(\n `${errorResponse.error}(status code ${statusCode}).\\nMore details:\\n${errorResponse.errorDescription}`\n );\n this.statusCode = statusCode;\n this.errorResponse = errorResponse;\n\n // Ensure that this type reports the correct name\n this.name = AuthenticationErrorName;\n }\n}\n\n/\n The Error.name value of an AggregateAuthenticationError\n /\nexport const AggregateAuthenticationErrorName = \"AggregateAuthenticationError\";\n\n/\n Provides an `errors` array containing {@link AuthenticationError} instance\n * for authentication failures from credentials in a {@link ChainedTokenCredential}.\n /\nexport class AggregateAuthenticationError extends Error {\n /\n The array of error objects that were thrown while trying to authenticate\n * with the credentials in a {@link ChainedTokenCredential}.\n /\n public errors: any[];\n\n constructor(errors: any[], errorMessage?: string) {\n const errorDetail = errors.join(\"\\n\");\n super(`${errorMessage}\\n\\n${errorDetail}`);\n this.errors = errors;\n\n // Ensure that this type reports the correct name\n this.name = AggregateAuthenticationErrorName;\n }\n}\n\nfunction convertOAuthErrorResponseToErrorResponse(errorBody: OAuthErrorResponse): ErrorResponse {\n return {\n error: errorBody.error,\n errorDescription: errorBody.error_description,\n correlationId: errorBody.correlation_id,\n errorCodes: errorBody.error_codes,\n timestamp: errorBody.timestamp,\n traceId: errorBody.trace_id\n };\n}\n","// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT license.\n\nimport { createSpanFunction } from \"@azure/core-tracing\";\n\n/\n Creates a span using the global tracer.\n * @internal\n /\nexport const createSpan = createSpanFunction({\n packagePrefix: \"Azure.Identity\",\n namespace: \"Microsoft.AAD\"\n});\n","// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT license.\n\nimport { createClientLogger, AzureLogger } from \"@azure/logger\";\n\n/\n The AzureLogger used for all clients within the identity package\n /\nexport const logger = createClientLogger(\"identity\");\n\ninterface EnvironmentAccumulator {\n missing: string[];\n assigned: string[];\n}\n\n/\n Separates a list of environment variable names into a plain object with two arrays: an array of missing environment variables and another array with assigned environment variables.\n * @param supportedEnvVars - List of environment variable names\n /\nexport function processEnvVars(supportedEnvVars: string[]): EnvironmentAccumulator {\n return supportedEnvVars.reduce(\n (acc: EnvironmentAccumulator, envVariable: string) => {\n if (process.env[envVariable]) {\n acc.assigned.push(envVariable);\n } else {\n acc.missing.push(envVariable);\n }\n return acc;\n },\n { missing: [], assigned: [] }\n );\n}\n\n/\n Based on a given list of environment variable names,\n * logs the environment variables currently assigned during the usage of a credential that goes by the given name.\n * @param credentialName - Name of the credential in use\n * @param supportedEnvVars - List of environment variables supported by that credential\n /\nexport function logEnvVars(credentialName: string, supportedEnvVars: string[]): void {\n const { assigned } = processEnvVars(supportedEnvVars);\n logger.info(\n `${credentialName} => Found the following environment variables: ${assigned.join(\", \")}`\n );\n}\n\n/\n Formatting the success event on the credentials\n /\nexport function formatSuccess(scope: string \| string[]): string {\n return `SUCCESS. Scopes: ${Array.isArray(scope) ? scope.join(\", \") : scope}.`;\n}\n\n/\n Formatting the success event on the credentials\n /\nexport function formatError(scope: string \| string[] \| undefined, error: Error \| string): string {\n let message = \"ERROR.\";\n if (scope?.length) {\n message += ` Scopes: ${Array.isArray(scope) ? scope.join(\", \") : scope}.`;\n }\n return `${message} Error message: ${typeof error === \"string\" ? error : error.message}.`;\n}\n\n/\n A CredentialLoggerInstance is a logger properly formatted to work in a credential's constructor, and its methods.\n /\nexport interface CredentialLoggerInstance {\n title: string;\n fullTitle: string;\n info(message: string): void;\n /\n The logging functions for warning and error are intentionally left out, since we want the identity logging to be at the info level.\n * Otherwise, they would look like:\n \n warning(message: string): void;\n * error(err: Error): void;\n /\n}\n\n/\n Generates a CredentialLoggerInstance.\n \n It logs with the format:\n \n `[title] => [message]`\n \n /\nexport function credentialLoggerInstance(\n title: string,\n parent?: CredentialLoggerInstance,\n log: AzureLogger = logger\n): CredentialLoggerInstance {\n const fullTitle = parent ? `${parent.fullTitle} ${title}` : title;\n\n function info(message: string): void {\n log.info(`${fullTitle} =>`, message);\n }\n\n return {\n title,\n fullTitle,\n info\n };\n}\n\n/*\n A CredentialLogger is a logger declared at the credential's constructor, and used at any point in the credential.\n * It has all the properties of a CredentialLoggerInstance, plus other logger instances, one per method.\n /\nexport interface CredentialLogger extends CredentialLoggerInstance {\n getToken: CredentialLoggerInstance;\n}\n\n/\n Generates a CredentialLogger, which is a logger declared at the credential's constructor, and used at any point in the credential.\n * It has all the properties of a CredentialLoggerInstance, plus other logger instances, one per method.\n \n It logs with the format:\n \n `[title] => [message]`\n * `[title] => getToken() => [message]`\n \n /\nexport function credentialLogger(title: string, log: AzureLogger = logger): CredentialLogger {\n const credLogger = credentialLoggerInstance(title, undefined, log);\n return {\n ...credLogger,\n getToken: credentialLoggerInstance(\"=> getToken()\", credLogger, log)\n };\n}\n","// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT license.\n\nimport { AccessToken, TokenCredential, GetTokenOptions } from \"@azure/core-http\";\nimport { AggregateAuthenticationError, CredentialUnavailable } from \"../client/errors\";\nimport { createSpan } from \"../util/tracing\";\nimport { SpanStatusCode } from \"@azure/core-tracing\";\nimport { credentialLogger, formatSuccess, formatError } from \"../util/logging\";\n\nconst logger = credentialLogger(\"ChainedTokenCredential\");\n\n/*\n Enables multiple `TokenCredential` implementations to be tried in order\n * until one of the getToken methods returns an access token.\n /\nexport class ChainedTokenCredential implements TokenCredential {\n /\n The message to use when the chained token fails to get a token\n /\n protected UnavailableMessage =\n \"ChainedTokenCredential => failed to retrieve a token from the included credentials\";\n\n private _sources: TokenCredential[] = [];\n\n /\n Creates an instance of ChainedTokenCredential using the given credentials.\n \n @param sources - `TokenCredential` implementations to be tried in order.\n \n Example usage:\n * ```javascript\n * const firstCredential = new ClientSecretCredential(tenantId, clientId, clientSecret);\n * const secondCredential = new ClientSecretCredential(tenantId, anotherClientId, anotherSecret);\n * const credentialChain = new ChainedTokenCredential(firstCredential, secondCredential);\n * ```\n /\n constructor(...sources: TokenCredential[]) {\n this._sources = sources;\n }\n\n /\n Returns the first access token returned by one of the chained\n * `TokenCredential` implementations. Throws an {@link AggregateAuthenticationError}\n * when one or more credentials throws an {@link AuthenticationError} and\n * no credentials have returned an access token.\n \n This method is called automatically by Azure SDK client libraries. You may call this method\n * directly, but you must also handle token caching and token refreshing.\n \n @param scopes - The list of scopes for which the token will have access.\n * @param options - The options used to configure any requests this\n * `TokenCredential` implementation might make.\n /\n async getToken(\n scopes: string \| string[],\n options?: GetTokenOptions\n ): Promise<AccessToken \| null> {\n let token = null;\n const errors = [];\n\n const { span, updatedOptions: newOptions } = createSpan(\"ChainedTokenCredential-getToken\", options);\n\n for (let i = 0; i < this._sources.length && token === null; i++) {\n try {\n token = await this._sources[i].getToken(scopes, newOptions);\n } catch (err) {\n if (err instanceof CredentialUnavailable) {\n errors.push(err);\n } else {\n logger.getToken.info(formatError(scopes, err));\n throw err;\n }\n }\n }\n\n if (!token && errors.length > 0) {\n const err = new AggregateAuthenticationError(errors);\n span.setStatus({\n code: SpanStatusCode.ERROR,\n message: err.message\n });\n logger.getToken.info(formatError(scopes, err));\n throw err;\n }\n\n span.end();\n\n logger.getToken.info(formatSuccess(scopes));\n return token;\n }\n}\n","// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT license.\n\nexport function getAuthorityHostEnvironment(): { authorityHost: string } \| undefined {\n if (process.env.AZURE_AUTHORITY_HOST) {\n return {\n authorityHost: process.env.AZURE_AUTHORITY_HOST\n };\n } else {\n return undefined;\n }\n}\n","// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT license.\n\nexport function getIdentityTokenEndpointSuffix(tenantId: string): string {\n if (tenantId === \"adfs\") {\n return \"oauth2/token\";\n } else {\n return \"oauth2/v2.0/token\";\n }\n}\n","// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT license.\n\nimport qs from \"qs\";\nimport {\n AccessToken,\n ServiceClient,\n PipelineOptions,\n WebResource,\n RequestPrepareOptions,\n GetTokenOptions,\n createPipelineFromOptions,\n isNode\n} from \"@azure/core-http\";\nimport { INetworkModule, NetworkRequestOptions, NetworkResponse } from \"@azure/msal-node\";\n\nimport { SpanStatusCode } from \"@azure/core-tracing\";\nimport { AuthenticationError, AuthenticationErrorName } from \"./errors\";\nimport { createSpan } from \"../util/tracing\";\nimport { logger } from \"../util/logging\";\nimport { getAuthorityHostEnvironment } from \"../util/authHostEnv\";\nimport { getIdentityTokenEndpointSuffix } from \"../util/identityTokenEndpoint\";\n\nconst DefaultAuthorityHost = \"https://login.microsoftonline.com\";\n\n/\n An internal type used to communicate details of a token request's\n * response that should not be sent back as part of the access token.\n /\nexport interface TokenResponse {\n /\n The AccessToken to be returned from getToken.\n /\n accessToken: AccessToken;\n\n /\n The refresh token if the 'offline_access' scope was used.\n /\n refreshToken?: string;\n}\n\nexport class IdentityClient extends ServiceClient implements INetworkModule {\n public authorityHost: string;\n\n constructor(options?: TokenCredentialOptions) {\n if (isNode) {\n options = options \|\| getAuthorityHostEnvironment();\n }\n options = options \|\| IdentityClient.getDefaultOptions();\n super(\n undefined,\n createPipelineFromOptions({\n ...options,\n deserializationOptions: {\n expectedContentTypes: {\n json: [\"application/json\", \"text/json\", \"text/plain\"]\n }\n }\n })\n );\n\n this.baseUri = this.authorityHost = options.authorityHost \|\| DefaultAuthorityHost;\n\n if (!this.baseUri.startsWith(\"https:\")) {\n throw new Error(\"The authorityHost address must use the 'https' protocol.\");\n }\n }\n\n createWebResource(requestOptions: RequestPrepareOptions): WebResource {\n const webResource = new WebResource();\n webResource.prepare(requestOptions);\n return webResource;\n }\n\n async sendTokenRequest(\n webResource: WebResource,\n expiresOnParser?: (responseBody: any) => number\n ): Promise<TokenResponse \| null> {\n logger.info(`IdentityClient: sending token request to [${webResource.url}]`);\n const response = await this.sendRequest(webResource);\n\n expiresOnParser =\n expiresOnParser \|\|\n ((responseBody: any) => {\n return Date.now() + responseBody.expires_in 1000;\n });\n\n if (response.status === 200 \|\| response.status === 201) {\n const token = {\n accessToken: {\n token: response.parsedBody.access_token,\n expiresOnTimestamp: expiresOnParser(response.parsedBody)\n },\n refreshToken: response.parsedBody.refresh_token\n };\n\n logger.info(\n `IdentityClient: [${webResource.url}] token acquired, expires on ${token.accessToken.expiresOnTimestamp}`\n );\n return token;\n } else {\n const error = new AuthenticationError(\n response.status,\n response.parsedBody \|\| response.bodyAsText\n );\n logger.warning(\n `IdentityClient: authentication error. HTTP status: ${response.status}, ${error.errorResponse.errorDescription}`\n );\n throw error;\n }\n }\n\n async refreshAccessToken(\n tenantId: string,\n clientId: string,\n scopes: string,\n refreshToken: string \| undefined,\n clientSecret: string \| undefined,\n expiresOnParser?: (responseBody: any) => number,\n options?: GetTokenOptions\n ): Promise<TokenResponse \| null> {\n if (refreshToken === undefined) {\n return null;\n }\n logger.info(\n `IdentityClient: refreshing access token with client ID: ${clientId}, scopes: ${scopes} started`\n );\n\n const { span, updatedOptions: newOptions } = createSpan(\"IdentityClient-refreshAccessToken\", options);\n\n const refreshParams = {\n grant_type: \"refresh_token\",\n client_id: clientId,\n refresh_token: refreshToken,\n scope: scopes\n };\n\n if (clientSecret !== undefined) {\n (refreshParams as any).client_secret = clientSecret;\n }\n\n try {\n const urlSuffix = getIdentityTokenEndpointSuffix(tenantId);\n const webResource = this.createWebResource({\n url: `${this.authorityHost}/${tenantId}/${urlSuffix}`,\n method: \"POST\",\n disableJsonStringifyOnBody: true,\n deserializationMapper: undefined,\n body: qs.stringify(refreshParams),\n headers: {\n Accept: \"application/json\",\n \"Content-Type\": \"application/x-www-form-urlencoded\"\n },\n spanOptions: newOptions.tracingOptions && newOptions.tracingOptions.spanOptions,\n tracingContext: newOptions.tracingOptions && newOptions.tracingOptions.tracingContext,\n abortSignal: options && options.abortSignal\n });\n\n const response = await this.sendTokenRequest(webResource, expiresOnParser);\n logger.info(`IdentityClient: refreshed token for client ID: ${clientId}`);\n return response;\n } catch (err) {\n if (\n err.name === AuthenticationErrorName &&\n err.errorResponse.error === \"interaction_required\"\n ) {\n // It's likely that the refresh token has expired, so\n // return null so that the credential implementation will\n // initiate the authentication flow again.\n logger.info(`IdentityClient: interaction required for client ID: ${clientId}`);\n span.setStatus({\n code: SpanStatusCode.ERROR,\n message: err.message\n });\n\n return null;\n } else {\n logger.warning(\n `IdentityClient: failed refreshing token for client ID: ${clientId}: ${err}`\n );\n span.setStatus({\n code: SpanStatusCode.ERROR,\n message: err.message\n });\n throw err;\n }\n } finally {\n span.end();\n }\n }\n\n sendGetRequestAsync<T>(\n url: string,\n options?: NetworkRequestOptions\n ): Promise<NetworkResponse<T>> {\n const webResource = new WebResource(url, \"GET\", options?.body, {}, options?.headers);\n\n return this.sendRequest(webResource).then((response) => {\n return {\n body: response.parsedBody as T,\n headers: response.headers.rawHeaders(),\n status: response.status\n };\n });\n }\n\n sendPostRequestAsync<T>(\n url: string,\n options?: NetworkRequestOptions\n ): Promise<NetworkResponse<T>> {\n const webResource = new WebResource(url, \"POST\", options?.body, {}, options?.headers);\n\n return this.sendRequest(webResource).then((response) => {\n return {\n body: response.parsedBody as T,\n headers: response.headers.rawHeaders(),\n status: response.status\n };\n });\n }\n\n static getDefaultOptions(): TokenCredentialOptions {\n return {\n authorityHost: DefaultAuthorityHost\n };\n }\n}\n\n/*\n Provides options to configure how the Identity library makes authentication\n * requests to Azure Active Directory.\n /\nexport interface TokenCredentialOptions extends PipelineOptions {\n /\n The authority host to use for authentication requests. The default is\n * \"https://login.microsoftonline.com\".\n /\n authorityHost?: string;\n}\n","// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT license.\n\nimport qs from \"qs\";\nimport { TokenCredential, GetTokenOptions, AccessToken } from \"@azure/core-http\";\nimport { TokenCredentialOptions, IdentityClient } from \"../client/identityClient\";\nimport { createSpan } from \"../util/tracing\";\nimport { SpanStatusCode } from \"@azure/core-tracing\";\nimport { credentialLogger, formatError, formatSuccess } from \"../util/logging\";\nimport { getIdentityTokenEndpointSuffix } from \"../util/identityTokenEndpoint\";\n\nconst logger = credentialLogger(\"ClientSecretCredential\");\n\n/\n Enables authentication to Azure Active Directory using a client secret\n * that was generated for an App Registration. More information on how\n * to configure a client secret can be found here:\n \n https://docs.microsoft.com/en-us/azure/active-directory/develop/quickstart-configure-app-access-web-apis#add-credentials-to-your-web-application\n \n /\nexport class ClientSecretCredential implements TokenCredential {\n private identityClient: IdentityClient;\n private tenantId: string;\n private clientId: string;\n private clientSecret: string;\n\n /*\n Creates an instance of the ClientSecretCredential with the details\n * needed to authenticate against Azure Active Directory with a client\n * secret.\n \n @param tenantId - The Azure Active Directory tenant (directory) ID.\n * @param clientId - The client (application) ID of an App Registration in the tenant.\n * @param clientSecret - A client secret that was generated for the App Registration.\n * @param options - Options for configuring the client which makes the authentication request.\n /\n constructor(\n tenantId: string,\n clientId: string,\n clientSecret: string,\n options?: TokenCredentialOptions\n ) {\n this.identityClient = new IdentityClient(options);\n this.tenantId = tenantId;\n this.clientId = clientId;\n this.clientSecret = clientSecret;\n }\n\n /\n Authenticates with Azure Active Directory and returns an access token if\n * successful. If authentication cannot be performed at this time, this method may\n * return null. If an error occurs during authentication, an {@link AuthenticationError}\n * containing failure details will be thrown.\n \n @param scopes - The list of scopes for which the token will have access.\n * @param options - The options used to configure any requests this\n * TokenCredential implementation might make.\n /\n public async getToken(\n scopes: string \| string[],\n options?: GetTokenOptions\n ): Promise<AccessToken \| null> {\n const { span, updatedOptions: newOptions } = createSpan(\"ClientSecretCredential-getToken\", options);\n try {\n const urlSuffix = getIdentityTokenEndpointSuffix(this.tenantId);\n const webResource = this.identityClient.createWebResource({\n url: `${this.identityClient.authorityHost}/${this.tenantId}/${urlSuffix}`,\n method: \"POST\",\n disableJsonStringifyOnBody: true,\n deserializationMapper: undefined,\n body: qs.stringify({\n response_type: \"token\",\n grant_type: \"client_credentials\",\n client_id: this.clientId,\n client_secret: this.clientSecret,\n scope: typeof scopes === \"string\" ? scopes : scopes.join(\" \")\n }),\n headers: {\n Accept: \"application/json\",\n \"Content-Type\": \"application/x-www-form-urlencoded\"\n },\n abortSignal: options && options.abortSignal,\n spanOptions: newOptions.tracingOptions && newOptions.tracingOptions.spanOptions,\n tracingContext: newOptions.tracingOptions && newOptions.tracingOptions.tracingContext,\n });\n\n const tokenResponse = await this.identityClient.sendTokenRequest(webResource);\n logger.getToken.info(formatSuccess(scopes));\n return (tokenResponse && tokenResponse.accessToken) \|\| null;\n } catch (err) {\n span.setStatus({\n code: SpanStatusCode.ERROR,\n message: err.message\n });\n logger.getToken.info(formatError(scopes, err));\n throw err;\n } finally {\n span.end();\n }\n }\n}\n","// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT license.\n\nimport { CredentialLogger, formatError } from \"../util/logging\";\n\nexport function checkTenantId(logger: CredentialLogger, tenantId: string): void {\n if (!tenantId.match(/^[0-9a-zA-Z-.:/]+$/)) {\n const error = new Error(\n \"Invalid tenant id provided. You can locate your tenant id by following the instructions listed here: https://docs.microsoft.com/partner-center/find-ids-and-domain-names.\"\n );\n logger.info(formatError(\"\", error));\n throw error;\n }\n}\n","// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT license.\n\nimport qs from \"qs\";\nimport jws from \"jws\";\nimport { v4 as uuidV4 } from \"uuid\";\nimport { readFileSync } from \"fs\";\nimport { createHash } from \"crypto\";\nimport { TokenCredential, GetTokenOptions, AccessToken } from \"@azure/core-http\";\nimport { IdentityClient } from \"../client/identityClient\";\nimport { ClientCertificateCredentialOptions } from \"./clientCertificateCredentialOptions\";\nimport { createSpan } from \"../util/tracing\";\nimport { SpanStatusCode } from \"@azure/core-tracing\";\nimport { credentialLogger, formatSuccess, formatError } from \"../util/logging\";\nimport { getIdentityTokenEndpointSuffix } from \"../util/identityTokenEndpoint\";\nimport { checkTenantId } from \"../util/checkTenantId\";\n\nconst SelfSignedJwtLifetimeMins = 10;\n\nfunction timestampInSeconds(date: Date): number {\n return Math.floor(date.getTime() / 1000);\n}\n\nfunction addMinutes(date: Date, minutes: number): Date {\n date.setMinutes(date.getMinutes() + minutes);\n return date;\n}\n\nconst logger = credentialLogger(\"ClientCertificateCredential\");\n\n/\n Enables authentication to Azure Active Directory using a PEM-encoded\n * certificate that is assigned to an App Registration. More information\n * on how to configure certificate authentication can be found here:\n \n https://docs.microsoft.com/en-us/azure/active-directory/develop/active-directory-certificate-credentials#register-your-certificate-with-azure-ad\n \n /\nexport class ClientCertificateCredential implements TokenCredential {\n private identityClient: IdentityClient;\n private tenantId: string;\n private clientId: string;\n private certificateString: string;\n private certificateThumbprint: string;\n private certificateX5t: string;\n private certificateX5c?: Array<string>;\n\n /*\n Creates an instance of the ClientCertificateCredential with the details\n * needed to authenticate against Azure Active Directory with a certificate.\n \n @param tenantId - The Azure Active Directory tenant (directory) ID.\n * @param clientId - The client (application) ID of an App Registration in the tenant.\n * @param certificatePath - The path to a PEM-encoded public/private key certificate on the filesystem.\n * @param options - Options for configuring the client which makes the authentication request.\n /\n constructor(\n tenantId: string,\n clientId: string,\n certificatePath: string,\n options?: ClientCertificateCredentialOptions\n ) {\n checkTenantId(logger, tenantId);\n\n this.identityClient = new IdentityClient(options);\n this.tenantId = tenantId;\n this.clientId = clientId;\n this.certificateString = readFileSync(certificatePath, \"utf8\");\n\n const certificatePattern = /(-+BEGIN CERTIFICATE-+)(\\n\\r?\|\\r\\n?)([A-Za-z0-9+/\\n\\r]+=)(\\n\\r?\|\\r\\n?)(-+END CERTIFICATE-+)/g;\n\n const publicKeys: string[] = [];\n\n // Match all possible certificates, in the order they are in the file. These will form the chain that is used for x5c\n let match;\n do {\n match = certificatePattern.exec(this.certificateString);\n if (match) {\n publicKeys.push(match[3]);\n }\n } while (match);\n\n if (publicKeys.length === 0) {\n const error = new Error(\n \"The file at the specified path does not contain a PEM-encoded certificate.\"\n );\n logger.info(formatError(\"\", error));\n throw error;\n }\n\n this.certificateThumbprint = createHash(\"sha1\")\n .update(Buffer.from(publicKeys[0], \"base64\"))\n .digest(\"hex\")\n .toUpperCase();\n\n this.certificateX5t = Buffer.from(this.certificateThumbprint, \"hex\").toString(\"base64\");\n if (options && options.sendCertificateChain) {\n this.certificateX5c = publicKeys;\n }\n }\n\n /*\n Authenticates with Azure Active Directory and returns an access token if\n * successful. If authentication cannot be performed at this time, this method may\n * return null. If an error occurs during authentication, an {@link AuthenticationError}\n * containing failure details will be thrown.\n \n @param scopes - The list of scopes for which the token will have access.\n * @param options - The options used to configure any requests this\n * TokenCredential implementation might make.\n /\n public async getToken(\n scopes: string \| string[],\n options?: GetTokenOptions\n ): Promise<AccessToken \| null> {\n const { span, updatedOptions: newOptions } = createSpan(\n \"ClientCertificateCredential-getToken\",\n options\n );\n try {\n const tokenId = uuidV4();\n const urlSuffix = getIdentityTokenEndpointSuffix(this.tenantId);\n const audienceUrl = `${this.identityClient.authorityHost}/${this.tenantId}/${urlSuffix}`;\n let header: jws.Header;\n\n if (this.certificateX5c) {\n header = {\n typ: \"JWT\",\n alg: \"RS256\",\n x5t: this.certificateX5t,\n x5c: this.certificateX5c\n };\n } else {\n header = {\n typ: \"JWT\",\n alg: \"RS256\",\n x5t: this.certificateX5t\n };\n }\n\n const payload = {\n iss: this.clientId,\n sub: this.clientId,\n aud: audienceUrl,\n jti: tokenId,\n nbf: timestampInSeconds(new Date()),\n exp: timestampInSeconds(addMinutes(new Date(), SelfSignedJwtLifetimeMins))\n };\n\n const clientAssertion = jws.sign({\n header,\n payload,\n secret: this.certificateString\n });\n\n const webResource = this.identityClient.createWebResource({\n url: audienceUrl,\n method: \"POST\",\n disableJsonStringifyOnBody: true,\n deserializationMapper: undefined,\n body: qs.stringify({\n response_type: \"token\",\n grant_type: \"client_credentials\",\n client_id: this.clientId,\n client_assertion_type: \"urn:ietf:params:oauth:client-assertion-type:jwt-bearer\",\n client_assertion: clientAssertion,\n scope: typeof scopes === \"string\" ? scopes : scopes.join(\" \")\n }),\n headers: {\n Accept: \"application/json\",\n \"Content-Type\": \"application/x-www-form-urlencoded\"\n },\n abortSignal: options && options.abortSignal,\n spanOptions: newOptions.tracingOptions && newOptions.tracingOptions.spanOptions,\n tracingContext: newOptions.tracingOptions && newOptions.tracingOptions.tracingContext,\n });\n\n const tokenResponse = await this.identityClient.sendTokenRequest(webResource);\n logger.getToken.info(formatSuccess(scopes));\n return (tokenResponse && tokenResponse.accessToken) \|\| null;\n } catch (err) {\n span.setStatus({\n code: SpanStatusCode.ERROR,\n message: err.message\n });\n logger.getToken.info(formatError(\"\", err));\n throw err;\n } finally {\n span.end();\n }\n }\n}\n","// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT license.\n\nimport qs from \"qs\";\nimport { TokenCredential, GetTokenOptions, AccessToken } from \"@azure/core-http\";\nimport { TokenCredentialOptions, IdentityClient } from \"../client/identityClient\";\nimport { createSpan } from \"../util/tracing\";\nimport { SpanStatusCode } from \"@azure/core-tracing\";\nimport { credentialLogger, formatSuccess, formatError } from \"../util/logging\";\nimport { getIdentityTokenEndpointSuffix } from \"../util/identityTokenEndpoint\";\nimport { checkTenantId } from \"../util/checkTenantId\";\n\nconst logger = credentialLogger(\"UsernamePasswordCredential\");\n\n/\n Enables authentication to Azure Active Directory with a user's\n * username and password. This credential requires a high degree of\n * trust so you should only use it when other, more secure credential\n * types can't be used.\n /\nexport class UsernamePasswordCredential implements TokenCredential {\n private identityClient: IdentityClient;\n private tenantId: string;\n private clientId: string;\n private username: string;\n private password: string;\n\n /\n Creates an instance of the UsernamePasswordCredential with the details\n * needed to authenticate against Azure Active Directory with a username\n * and password.\n \n @param tenantIdOrName - The Azure Active Directory tenant (directory) ID or name.\n * @param clientId - The client (application) ID of an App Registration in the tenant.\n * @param username - The user account's e-mail address (user name).\n * @param password - The user account's account password\n * @param options - Options for configuring the client which makes the authentication request.\n /\n constructor(\n tenantIdOrName: string,\n clientId: string,\n username: string,\n password: string,\n options?: TokenCredentialOptions\n ) {\n checkTenantId(logger, tenantIdOrName);\n\n this.identityClient = new IdentityClient(options);\n this.tenantId = tenantIdOrName;\n this.clientId = clientId;\n this.username = username;\n this.password = password;\n }\n\n /\n Authenticates with Azure Active Directory and returns an access token if\n * successful. If authentication cannot be performed at this time, this method may\n * return null. If an error occurs during authentication, an {@link AuthenticationError}\n * containing failure details will be thrown.\n \n @param scopes - The list of scopes for which the token will have access.\n * @param options - The options used to configure any requests this\n * TokenCredential implementation might make.\n /\n public async getToken(\n scopes: string \| string[],\n options?: GetTokenOptions\n ): Promise<AccessToken \| null> {\n const { span, updatedOptions: newOptions } = createSpan(\n \"UsernamePasswordCredential-getToken\",\n options\n );\n try {\n const urlSuffix = getIdentityTokenEndpointSuffix(this.tenantId);\n const webResource = this.identityClient.createWebResource({\n url: `${this.identityClient.authorityHost}/${this.tenantId}/${urlSuffix}`,\n method: \"POST\",\n disableJsonStringifyOnBody: true,\n deserializationMapper: undefined,\n body: qs.stringify({\n response_type: \"token\",\n grant_type: \"password\",\n client_id: this.clientId,\n username: this.username,\n password: this.password,\n scope: typeof scopes === \"string\" ? scopes : scopes.join(\" \")\n }),\n headers: {\n Accept: \"application/json\",\n \"Content-Type\": \"application/x-www-form-urlencoded\"\n },\n abortSignal: options && options.abortSignal,\n spanOptions: newOptions.tracingOptions && newOptions.tracingOptions.spanOptions,\n tracingContext: newOptions.tracingOptions && newOptions.tracingOptions.tracingContext,\n });\n\n const tokenResponse = await this.identityClient.sendTokenRequest(webResource);\n logger.getToken.info(formatSuccess(scopes));\n return (tokenResponse && tokenResponse.accessToken) \|\| null;\n } catch (err) {\n span.setStatus({\n code: SpanStatusCode.ERROR,\n message: err.message\n });\n logger.getToken.info(formatError(scopes, err));\n throw err;\n } finally {\n span.end();\n }\n }\n}\n","// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT license.\n\nimport { AccessToken, TokenCredential, GetTokenOptions } from \"@azure/core-http\";\nimport { TokenCredentialOptions } from \"../client/identityClient\";\nimport { ClientSecretCredential } from \"./clientSecretCredential\";\nimport { createSpan } from \"../util/tracing\";\nimport {\n AuthenticationError,\n CredentialUnavailable\n} from \"../client/errors\";\nimport { SpanStatusCode } from \"@azure/core-tracing\";\nimport { ClientCertificateCredential } from \"./clientCertificateCredential\";\nimport { UsernamePasswordCredential } from \"./usernamePasswordCredential\";\nimport { credentialLogger, processEnvVars, formatSuccess, formatError } from \"../util/logging\";\nimport { checkTenantId } from \"../util/checkTenantId\";\n\n/\n Contains the list of all supported environment variable names so that an\n * appropriate error message can be generated when no credentials can be\n * configured.\n \n @internal\n /\nexport const AllSupportedEnvironmentVariables = [\n \"AZURE_TENANT_ID\",\n \"AZURE_CLIENT_ID\",\n \"AZURE_CLIENT_SECRET\",\n \"AZURE_CLIENT_CERTIFICATE_PATH\",\n \"AZURE_USERNAME\",\n \"AZURE_PASSWORD\"\n];\n\nconst logger = credentialLogger(\"EnvironmentCredential\");\n\n/\n Enables authentication to Azure Active Directory using client secret\n * details configured in the following environment variables:\n \n - AZURE_TENANT_ID: The Azure Active Directory tenant (directory) ID.\n * - AZURE_CLIENT_ID: The client (application) ID of an App Registration in the tenant.\n * - AZURE_CLIENT_SECRET: A client secret that was generated for the App Registration.\n \n This credential ultimately uses a {@link ClientSecretCredential} to\n * perform the authentication using these details. Please consult the\n * documentation of that class for more details.\n /\nexport class EnvironmentCredential implements TokenCredential {\n private _credential?: TokenCredential = undefined;\n /\n Creates an instance of the EnvironmentCredential class and reads\n * client secret details from environment variables. If the expected\n * environment variables are not found at this time, the getToken method\n * will return null when invoked.\n \n @param options - Options for configuring the client which makes the authentication request.\n /\n constructor(options?: TokenCredentialOptions) {\n // Keep track of any missing environment variables for error details\n\n const assigned = processEnvVars(AllSupportedEnvironmentVariables).assigned.join(\", \");\n logger.info(`Found the following environment variables: ${assigned}`);\n\n const tenantId = process.env.AZURE_TENANT_ID,\n clientId = process.env.AZURE_CLIENT_ID,\n clientSecret = process.env.AZURE_CLIENT_SECRET;\n\n if (tenantId) {\n checkTenantId(logger, tenantId);\n }\n\n if (tenantId && clientId && clientSecret) {\n logger.info(\n `Invoking ClientSecretCredential with tenant ID: ${tenantId}, clientId: ${clientId} and clientSecret: [REDACTED]`\n );\n this._credential = new ClientSecretCredential(tenantId, clientId, clientSecret, options);\n return;\n }\n\n const certificatePath = process.env.AZURE_CLIENT_CERTIFICATE_PATH;\n if (tenantId && clientId && certificatePath) {\n logger.info(\n `Invoking ClientCertificateCredential with tenant ID: ${tenantId}, clientId: ${clientId} and certificatePath: ${certificatePath}`\n );\n this._credential = new ClientCertificateCredential(\n tenantId,\n clientId,\n certificatePath,\n options\n );\n return;\n }\n\n const username = process.env.AZURE_USERNAME;\n const password = process.env.AZURE_PASSWORD;\n if (tenantId && clientId && username && password) {\n logger.info(\n `Invoking UsernamePasswordCredential with tenant ID: ${tenantId}, clientId: ${clientId} and username: ${username}`\n );\n this._credential = new UsernamePasswordCredential(\n tenantId,\n clientId,\n username,\n password,\n options\n );\n }\n }\n\n /\n Authenticates with Azure Active Directory and returns an access token if\n * successful. If authentication cannot be performed at this time, this method may\n * return null. If an error occurs during authentication, an {@link AuthenticationError}\n * containing failure details will be thrown.\n \n @param scopes - The list of scopes for which the token will have access.\n * @param options - The options used to configure any requests this\n * TokenCredential implementation might make.\n /\n async getToken(\n scopes: string \| string[],\n options?: GetTokenOptions\n ): Promise<AccessToken \| null> {\n const { span, updatedOptions: newOptions } = createSpan(\"EnvironmentCredential-getToken\", options);\n if (this._credential) {\n try {\n const result = await this._credential.getToken(scopes, newOptions);\n logger.getToken.info(formatSuccess(scopes));\n return result;\n } catch (err) {\n span.setStatus({\n code: SpanStatusCode.ERROR,\n message: err.message\n });\n const authenticationError = new AuthenticationError(400, {\n error: \"EnvironmentCredential authentication failed.\",\n error_description: err.message\n .toString()\n .split(\"More details:\")\n .join(\"\")\n });\n logger.getToken.info(formatError(scopes, authenticationError));\n throw authenticationError;\n } finally {\n span.end();\n }\n }\n\n // If by this point we don't have a credential, throw an exception so that\n // the user knows the credential was not configured appropriately\n span.setStatus({ code: SpanStatusCode.ERROR });\n span.end();\n const error = new CredentialUnavailable(\n \"EnvironmentCredential is unavailable. Environment variables are not fully configured.\"\n );\n logger.getToken.info(formatError(scopes, error));\n throw error;\n }\n}\n","// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT license.\n\nexport const DefaultScopeSuffix = \"/.default\";\n\nexport const imdsEndpoint = \"http://169.254.169.254/metadata/identity/oauth2/token\";\nexport const imdsApiVersion = \"2018-02-01\";\nexport const azureArcAPIVersion = \"2019-11-01\";\nexport const azureFabricVersion = \"2019-07-01-preview\";\n","// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT license.\n\nimport { AccessToken, GetTokenOptions, RequestPrepareOptions } from \"@azure/core-http\";\nimport { IdentityClient } from \"../../client/identityClient\";\nimport { DefaultScopeSuffix } from \"./constants\";\nimport { MSIExpiresInParser } from \"./models\";\n\nexport function mapScopesToResource(scopes: string \| string[]): string {\n let scope = \"\";\n if (Array.isArray(scopes)) {\n if (scopes.length !== 1) {\n throw new Error(\n \"To convert to a resource string the specified array must be exactly length 1\"\n );\n }\n\n scope = scopes[0];\n } else if (typeof scopes === \"string\") {\n scope = scopes;\n }\n\n if (!scope.endsWith(DefaultScopeSuffix)) {\n return scope;\n }\n\n return scope.substr(0, scope.lastIndexOf(DefaultScopeSuffix));\n}\n\nexport async function msiGenericGetToken(\n identityClient: IdentityClient,\n requestOptions: RequestPrepareOptions,\n expiresInParser: MSIExpiresInParser \| undefined,\n getTokenOptions: GetTokenOptions = {}\n): Promise<AccessToken \| null> {\n const webResource = identityClient.createWebResource({\n disableJsonStringifyOnBody: true,\n deserializationMapper: undefined,\n abortSignal: getTokenOptions.abortSignal,\n spanOptions: getTokenOptions.tracingOptions && getTokenOptions.tracingOptions.spanOptions,\n tracingContext: getTokenOptions.tracingOptions && getTokenOptions.tracingOptions.tracingContext,\n ...requestOptions\n });\n\n const tokenResponse = await identityClient.sendTokenRequest(webResource, expiresInParser);\n\n return (tokenResponse && tokenResponse.accessToken) \|\| null;\n}\n","// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT license.\n\nimport qs from \"qs\";\nimport { AccessToken, GetTokenOptions, RequestPrepareOptions } from \"@azure/core-http\";\nimport { MSI } from \"./models\";\nimport { credentialLogger } from \"../../util/logging\";\nimport { IdentityClient } from \"../../client/identityClient\";\nimport { msiGenericGetToken } from \"./utils\";\n\nconst logger = credentialLogger(\"ManagedIdentityCredential - CloudShellMSI\");\n\n// Cloud Shell MSI doesn't have a special expiresIn parser.\nconst expiresInParser = undefined;\n\nfunction prepareRequestOptions(resource: string, clientId?: string): RequestPrepareOptions {\n const body: any = {\n resource\n };\n\n if (clientId) {\n body.client_id = clientId;\n }\n\n return {\n url: process.env.MSI_ENDPOINT,\n method: \"POST\",\n body: qs.stringify(body),\n headers: {\n Accept: \"application/json\",\n Metadata: true,\n \"Content-Type\": \"application/x-www-form-urlencoded\"\n }\n };\n}\n\nexport const cloudShellMsi: MSI = {\n async isAvailable(): Promise<boolean> {\n return Boolean(process.env.MSI_ENDPOINT);\n },\n async getToken(\n identityClient: IdentityClient,\n resource: string,\n clientId?: string,\n getTokenOptions: GetTokenOptions = {}\n ): Promise<AccessToken \| null> {\n logger.info(\n `Using the endpoint coming form the environment variable MSI_ENDPOINT=${process.env.MSI_ENDPOINT}, and using the Cloud Shell to proceed with the authentication.`\n );\n\n return msiGenericGetToken(\n identityClient,\n prepareRequestOptions(resource, clientId),\n expiresInParser,\n getTokenOptions\n );\n }\n};\n","// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT license.\n\nimport { AccessToken, GetTokenOptions, RequestPrepareOptions, RestError } from \"@azure/core-http\";\nimport { SpanStatusCode } from \"@azure/core-tracing\";\nimport { IdentityClient } from \"../../client/identityClient\";\nimport { credentialLogger } from \"../../util/logging\";\nimport { createSpan } from \"../../util/tracing\";\nimport { imdsApiVersion, imdsEndpoint } from \"./constants\";\nimport { MSI } from \"./models\";\nimport { msiGenericGetToken } from \"./utils\";\n\nconst logger = credentialLogger(\"ManagedIdentityCredential - IMDS\");\n\nfunction expiresInParser(requestBody: any): number {\n if (requestBody.expires_on) {\n // Use the expires_on timestamp if it's available\n const expires = +requestBody.expires_on 1000;\n logger.info(`IMDS using expires_on: ${expires} (original value: ${requestBody.expires_on})`);\n return expires;\n } else {\n // If these aren't possible, use expires_in and calculate a timestamp\n const expires = Date.now() + requestBody.expires_in * 1000;\n logger.info(`IMDS using expires_in: ${expires} (original value: ${requestBody.expires_in})`);\n return expires;\n }\n}\n\nfunction prepareRequestOptions(resource?: string, clientId?: string): RequestPrepareOptions {\n const queryParameters: any = {\n resource,\n \"api-version\": imdsApiVersion\n };\n\n if (clientId) {\n queryParameters.client_id = clientId;\n }\n\n return {\n url: imdsEndpoint,\n method: \"GET\",\n queryParameters,\n headers: {\n Accept: \"application/json\",\n Metadata: true\n }\n };\n}\n\nexport const imdsMsi: MSI = {\n async isAvailable(\n identityClient: IdentityClient,\n resource: string,\n clientId?: string,\n getTokenOptions?: GetTokenOptions\n ): Promise<boolean> {\n const { span, updatedOptions: options } = createSpan(\n \"ManagedIdentityCredential-pingImdsEndpoint\",\n getTokenOptions\n );\n\n const request = prepareRequestOptions(resource, clientId);\n\n // This will always be populated, but let's make TypeScript happy\n if (request.headers) {\n // Remove the Metadata header to invoke a request error from\n // IMDS endpoint\n delete request.headers.Metadata;\n }\n\n request.spanOptions = options.tracingOptions && options.tracingOptions.spanOptions;\n request.tracingContext = options.tracingOptions && options.tracingOptions.tracingContext;\n\n try {\n // Create a request with a timeout since we expect that\n // not having a \"Metadata\" header should cause an error to be\n // returned quickly from the endpoint, proving its availability.\n const webResource = identityClient.createWebResource(request);\n webResource.timeout = (options.requestOptions && options.requestOptions.timeout) \|\| 500;\n\n try {\n logger.info(`Pinging IMDS endpoint`);\n await identityClient.sendRequest(webResource);\n } catch (err) {\n if (\n (err instanceof RestError && err.code === RestError.REQUEST_SEND_ERROR) \|\|\n err.name === \"AbortError\" \|\|\n err.code === \"ECONNREFUSED\" \|\| // connection refused\n err.code === \"EHOSTDOWN\" // host is down\n ) {\n // If the request failed, or NodeJS was unable to establish a connection,\n // or the host was down, we'll assume the IMDS endpoint isn't available.\n logger.info(`IMDS endpoint unavailable`);\n span.setStatus({\n code: SpanStatusCode.ERROR,\n message: err.message\n });\n\n // IMDS MSI unavailable.\n return false;\n }\n }\n\n // If we received any response, the endpoint is available\n logger.info(`IMDS endpoint is available`);\n\n // IMDS MSI available!\n return true;\n } catch (err) {\n // createWebResource failed.\n // This error should bubble up to the user.\n logger.info(`Error when creating the WebResource for the IMDS endpoint: ${err.message}`);\n span.setStatus({\n code: SpanStatusCode.ERROR,\n message: err.message\n });\n throw err;\n } finally {\n span.end();\n }\n },\n async getToken(\n identityClient: IdentityClient,\n resource: string,\n clientId?: string,\n getTokenOptions: GetTokenOptions = {}\n ): Promise<AccessToken \| null> {\n logger.info(\n `Using the IMDS endpoint coming form the environment variable MSI_ENDPOINT=${process.env.MSI_ENDPOINT}, and using the cloud shell to proceed with the authentication.`\n );\n\n return msiGenericGetToken(\n identityClient,\n prepareRequestOptions(resource, clientId),\n expiresInParser,\n getTokenOptions\n );\n }\n};\n","// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT license.\n\nimport { AccessToken, GetTokenOptions, RequestPrepareOptions } from \"@azure/core-http\";\nimport { IdentityClient } from \"../../client/identityClient\";\nimport { credentialLogger } from \"../../util/logging\";\nimport { MSI } from \"./models\";\nimport { msiGenericGetToken } from \"./utils\";\n\nconst logger = credentialLogger(\"ManagedIdentityCredential - AppServiceMSI 2017\");\n\nfunction expiresInParser(requestBody: any): number {\n // Parse a date format like \"06/20/2019 02:57:58 +00:00\" and\n // convert it into a JavaScript-formatted date\n return Date.parse(requestBody.expires_on);\n}\n\nfunction prepareRequestOptions(resource: string, clientId?: string): RequestPrepareOptions {\n const queryParameters: any = {\n resource,\n \"api-version\": \"2017-09-01\"\n };\n\n if (clientId) {\n queryParameters.clientid = clientId;\n }\n\n return {\n url: process.env.MSI_ENDPOINT,\n method: \"GET\",\n queryParameters,\n headers: {\n Accept: \"application/json\",\n secret: process.env.MSI_SECRET\n }\n };\n}\n\nexport const appServiceMsi2017: MSI = {\n async isAvailable(): Promise<boolean> {\n const env = process.env;\n return Boolean(env.MSI_ENDPOINT && env.MSI_SECRET);\n },\n async getToken(\n identityClient: IdentityClient,\n resource: string,\n clientId?: string,\n getTokenOptions: GetTokenOptions = {}\n ): Promise<AccessToken \| null> {\n logger.info(\n `Using the endpoint and the secret coming form the environment variables: MSI_ENDPOINT=${process.env.MSI_ENDPOINT} and MSI_SECRET=[REDACTED].`\n );\n\n return msiGenericGetToken(\n identityClient,\n prepareRequestOptions(resource, clientId),\n expiresInParser,\n getTokenOptions\n );\n }\n};\n","// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT license.\n\nimport { AccessToken, GetTokenOptions, RequestPrepareOptions } from \"@azure/core-http\";\nimport { MSI } from \"./models\";\nimport { credentialLogger } from \"../../util/logging\";\nimport { IdentityClient } from \"../../client/identityClient\";\nimport { msiGenericGetToken } from \"./utils\";\nimport { azureArcAPIVersion } from \"./constants\";\nimport { AuthenticationError } from \"../../client/errors\";\nimport { readFile } from \"fs\";\n\nconst logger = credentialLogger(\"ManagedIdentityCredential - ArcMSI\");\n\n// Azure Arc MSI doesn't have a special expiresIn parser.\nconst expiresInParser = undefined;\n\nfunction prepareRequestOptions(resource?: string): RequestPrepareOptions {\n const queryParameters: any = {\n resource,\n \"api-version\": azureArcAPIVersion\n };\n\n return {\n // Should be similar to: http://localhost:40342/metadata/identity/oauth2/token\n url: process.env.IDENTITY_ENDPOINT,\n method: \"GET\",\n queryParameters,\n headers: {\n Accept: \"application/json\",\n Metadata: true\n }\n };\n}\n\n// Since \"fs\"'s readFileSync locks the thread, and to avoid extra dependencies.\nfunction readFileAsync(path: string, options: { encoding: string }): Promise<string> {\n return new Promise((resolve, reject) =>\n readFile(path, options, (err, data) => {\n if (err) {\n reject(err);\n }\n resolve(data);\n })\n );\n}\n\nasync function filePathRequest(\n identityClient: IdentityClient,\n requestPrepareOptions: RequestPrepareOptions\n): Promise<string \| undefined> {\n const response = await identityClient.sendRequest(\n identityClient.createWebResource(requestPrepareOptions)\n );\n\n if (response.status !== 401) {\n let message = \"\";\n if (response.bodyAsText) {\n message = ` Response: ${response.bodyAsText}`;\n }\n throw new AuthenticationError(\n response.status,\n `To authenticate with Azure Arc MSI, status code 401 is expected on the first request.${message}`\n );\n }\n\n const authHeader = response.headers.get(\"www-authenticate\") \|\| \"\";\n return authHeader.split(\"=\").slice(1)[0];\n}\n\nexport const arcMsi: MSI = {\n async isAvailable(): Promise<boolean> {\n return Boolean(process.env.IMDS_ENDPOINT && process.env.IDENTITY_ENDPOINT);\n },\n async getToken(\n identityClient: IdentityClient,\n resource?: string,\n clientId?: string,\n getTokenOptions: GetTokenOptions = {}\n ): Promise<AccessToken \| null> {\n logger.info(`Using the Azure Arc MSI to authenticate.`);\n\n if (clientId) {\n throw new Error(\n \"User assigned identity is not supported by the Azure Arc Managed Identity Endpoint. To authenticate with the system assigned identity omit the client id when constructing the ManagedIdentityCredential, or if authenticating with the DefaultAzureCredential ensure the AZURE_CLIENT_ID environment variable is not set.\"\n );\n }\n\n const requestOptions = {\n disableJsonStringifyOnBody: true,\n deserializationMapper: undefined,\n abortSignal: getTokenOptions.abortSignal,\n spanOptions: getTokenOptions.tracingOptions && getTokenOptions.tracingOptions.spanOptions,\n tracingContext: getTokenOptions.tracingOptions && getTokenOptions.tracingOptions.tracingContext,\n ...prepareRequestOptions(resource)\n };\n\n const filePath = await filePathRequest(identityClient, requestOptions);\n\n if (!filePath) {\n throw new Error(\"Azure Arc MSI failed to find the token file.\");\n }\n\n const key = await readFileAsync(filePath, { encoding: \"utf-8\" });\n requestOptions.headers![\"Authorization\"] = `Basic ${key}`;\n\n return msiGenericGetToken(identityClient, requestOptions, expiresInParser, getTokenOptions);\n }\n};\n","// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT license.\n\nimport { AccessToken, GetTokenOptions, TokenCredential } from \"@azure/core-http\";\nimport { IdentityClient, TokenCredentialOptions } from \"../../client/identityClient\";\nimport { createSpan } from \"../../util/tracing\";\nimport {\n AuthenticationError,\n CredentialUnavailable\n} from \"../../client/errors\";\nimport { SpanStatusCode } from \"@azure/core-tracing\";\nimport { credentialLogger, formatSuccess, formatError } from \"../../util/logging\";\nimport { mapScopesToResource } from \"./utils\";\nimport { cloudShellMsi } from \"./cloudShellMsi\";\nimport { imdsMsi } from \"./imdsMsi\";\nimport { MSI } from \"./models\";\nimport { appServiceMsi2017 } from \"./appServiceMsi2017\";\nimport { arcMsi } from \"./arcMsi\";\n\nconst logger = credentialLogger(\"ManagedIdentityCredential\");\n\n/*\n Attempts authentication using a managed identity that has been assigned\n * to the deployment environment. This authentication type works in Azure VMs,\n * App Service and Azure Functions applications, and inside of Azure Cloud Shell.\n \n More information about configuring managed identities can be found here:\n \n https://docs.microsoft.com/en-us/azure/active-directory/managed-identities-azure-resources/overview\n /\nexport class ManagedIdentityCredential implements TokenCredential {\n private identityClient: IdentityClient;\n private clientId: string \| undefined;\n private isEndpointUnavailable: boolean \| null = null;\n\n /\n Creates an instance of ManagedIdentityCredential with the client ID of a\n * user-assigned identity.\n \n @param clientId - The client ID of the user-assigned identity.\n * @param options - Options for configuring the client which makes the access token request.\n /\n constructor(clientId: string, options?: TokenCredentialOptions);\n /\n Creates an instance of ManagedIdentityCredential\n \n @param options - Options for configuring the client which makes the access token request.\n /\n constructor(options?: TokenCredentialOptions);\n /\n @internal\n * @hidden\n /\n constructor(\n clientIdOrOptions: string \| TokenCredentialOptions \| undefined,\n options?: TokenCredentialOptions\n ) {\n if (typeof clientIdOrOptions === \"string\") {\n // clientId, options constructor\n this.clientId = clientIdOrOptions;\n this.identityClient = new IdentityClient(options);\n } else {\n // options only constructor\n this.identityClient = new IdentityClient(clientIdOrOptions);\n }\n }\n\n private cachedMSI: MSI \| undefined;\n\n private async cachedAvailableMSI(\n resource: string,\n clientId?: string,\n getTokenOptions?: GetTokenOptions\n ): Promise<MSI> {\n if (this.cachedMSI) {\n return this.cachedMSI;\n }\n\n // \"fabricMsi\" can't be added yet because our HTTPs pipeline doesn't allow skipping the SSL verification step,\n // which is necessary since Service Fabric only provides self-signed certificates on their Identity Endpoint.\n const MSIs = [appServiceMsi2017, cloudShellMsi, arcMsi, imdsMsi];\n\n for (const msi of MSIs) {\n if (await msi.isAvailable(this.identityClient, resource, clientId, getTokenOptions)) {\n this.cachedMSI = msi;\n return msi;\n }\n }\n\n throw new CredentialUnavailable(\"ManagedIdentityCredential - No MSI credential available\");\n }\n\n private async authenticateManagedIdentity(\n scopes: string \| string[],\n clientId?: string,\n getTokenOptions?: GetTokenOptions\n ): Promise<AccessToken \| null> {\n const resource = mapScopesToResource(scopes);\n const { span, updatedOptions: options } = createSpan(\n \"ManagedIdentityCredential-authenticateManagedIdentity\",\n getTokenOptions\n );\n\n try {\n // Determining the available MSI, and avoiding checking for other MSIs while the program is running.\n const availableMSI = await this.cachedAvailableMSI(resource, clientId, options);\n\n return availableMSI.getToken(this.identityClient, resource, clientId, options);\n } catch (err) {\n span.setStatus({\n code: SpanStatusCode.ERROR,\n message: err.message\n });\n throw err;\n } finally {\n span.end();\n }\n }\n\n /\n Authenticates with Azure Active Directory and returns an access token if\n * successful. If authentication cannot be performed at this time, this method may\n * return null. If an error occurs during authentication, an {@link AuthenticationError}\n * containing failure details will be thrown.\n \n @param scopes - The list of scopes for which the token will have access.\n * @param options - The options used to configure any requests this\n * TokenCredential implementation might make.\n /\n public async getToken(\n scopes: string \| string[],\n options?: GetTokenOptions\n ): Promise<AccessToken \| null> {\n let result: AccessToken \| null = null;\n\n const { span, updatedOptions: newOptions } = createSpan(\"ManagedIdentityCredential-getToken\", options);\n\n try {\n // isEndpointAvailable can be true, false, or null,\n // If it's null, it means we don't yet know whether\n // the endpoint is available and need to check for it.\n if (this.isEndpointUnavailable !== true) {\n result = await this.authenticateManagedIdentity(scopes, this.clientId, newOptions);\n\n if (result === null) {\n // If authenticateManagedIdentity returns null,\n // it means no MSI endpoints are available.\n // If so, we avoid trying to reach to them in future requests.\n this.isEndpointUnavailable = true;\n\n // It also means that the endpoint answered with either 200 or 201 (see the sendTokenRequest method),\n // yet we had no access token. For this reason, we'll throw once with a specific message:\n const error = new CredentialUnavailable(\n \"The managed identity endpoint was reached, yet no tokens were received.\"\n );\n logger.getToken.info(formatError(scopes, error));\n throw error;\n }\n\n // Since `authenticateManagedIdentity` didn't throw, and the result was not null,\n // We will assume that this endpoint is reachable from this point forward,\n // and avoid pinging again to it.\n this.isEndpointUnavailable = false;\n } else {\n // We've previously determined that the endpoint was unavailable,\n // either because it was unreachable or permanently unable to authenticate.\n const error = new CredentialUnavailable(\n \"The managed identity endpoint is not currently available\"\n );\n logger.getToken.info(formatError(scopes, error));\n throw error;\n }\n\n logger.getToken.info(formatSuccess(scopes));\n return result;\n } catch (err) {\n // CredentialUnavailable errors are expected to reach here.\n // We intend them to bubble up, so that DefaultAzureCredential can catch them.\n if (err instanceof CredentialUnavailable) {\n throw err;\n }\n\n // Expected errors to reach this point:\n // - Errors coming from a method unexpectedly breaking.\n // - When identityClient.sendTokenRequest throws, in which case\n // if the status code was 400, it means that the endpoint is working,\n // but no identity is available.\n\n span.setStatus({\n code: SpanStatusCode.ERROR,\n message: err.message\n });\n\n // If either the network is unreachable,\n // we can safely assume the credential is unavailable.\n if (err.code === \"ENETUNREACH\") {\n const error = new CredentialUnavailable(\n \"ManagedIdentityCredential is unavailable. Network unreachable.\"\n );\n\n logger.getToken.info(formatError(scopes, error));\n throw error;\n }\n\n // If either the host was unreachable,\n // we can safely assume the credential is unavailable.\n if (err.code === \"EHOSTUNREACH\") {\n const error = new CredentialUnavailable(\n \"ManagedIdentityCredential is unavailable. No managed identity endpoint found.\"\n );\n\n logger.getToken.info(formatError(scopes, error));\n throw error;\n }\n\n // If err.statusCode has a value of 400, it comes from sendTokenRequest,\n // and it means that the endpoint is working, but that no identity is available.\n if (err.statusCode === 400) {\n throw new CredentialUnavailable(\n \"The managed identity endpoint is indicating there's no available identity\"\n );\n }\n\n // If the error has no status code, we can assume there was no available identity.\n // This will throw silently during any ChainedTokenCredential.\n if (err.statusCode === undefined) {\n throw new CredentialUnavailable(\n `ManagedIdentityCredential authentication failed. Message ${err.message}`\n );\n }\n\n // Any other error should break the chain.\n throw new AuthenticationError(err.statusCode, {\n error: \"ManagedIdentityCredential authentication failed.\",\n error_description: err.message\n });\n } finally {\n // Finally is always called, both if we return and if we throw in the above try/catch.\n span.end();\n }\n }\n}\n","// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT license.\n\nimport { TokenCredential, GetTokenOptions, AccessToken } from \"@azure/core-http\";\nimport { createSpan } from \"../util/tracing\";\nimport { CredentialUnavailable } from \"../client/errors\";\nimport { SpanStatusCode } from \"@azure/core-tracing\";\nimport { credentialLogger, formatSuccess, formatError } from \"../util/logging\";\nimport as child_process from \"child_process\";\n\nfunction getSafeWorkingDir(): string {\n if (process.platform === \"win32\") {\n if (!process.env.SystemRoot) {\n throw new Error(\"Azure CLI credential expects a 'SystemRoot' environment variable\");\n }\n return process.env.SystemRoot;\n } else {\n return \"/bin\";\n }\n}\n\nconst logger = credentialLogger(\"AzureCliCredential\");\n\n/*\n This credential will use the currently logged-in user login information\n * via the Azure CLI ('az') commandline tool.\n * To do so, it will read the user access token and expire time\n * with Azure CLI command \"az account get-access-token\".\n * To be able to use this credential, ensure that you have already logged\n * in via the 'az' tool using the command \"az login\" from the commandline.\n /\nexport class AzureCliCredential implements TokenCredential {\n /\n Gets the access token from Azure CLI\n * @param resource - The resource to use when getting the token\n /\n protected async getAzureCliAccessToken(\n resource: string\n ): Promise<{ stdout: string; stderr: string; error: Error \| null }> {\n return new Promise((resolve, reject) => {\n try {\n child_process.exec(\n `az account get-access-token --output json --resource ${resource}`,\n { cwd: getSafeWorkingDir() },\n (error, stdout, stderr) => {\n resolve({ stdout: stdout, stderr: stderr, error });\n }\n );\n } catch (err) {\n reject(err);\n }\n });\n }\n\n /\n Authenticates with Azure Active Directory and returns an access token if\n * successful. If authentication cannot be performed at this time, this method may\n * return null. If an error occurs during authentication, an {@link AuthenticationError}\n * containing failure details will be thrown.\n \n @param scopes - The list of scopes for which the token will have access.\n * @param options - The options used to configure any requests this\n * TokenCredential implementation might make.\n /\n public async getToken(\n scopes: string \| string[],\n options?: GetTokenOptions\n ): Promise<AccessToken \| null> {\n return new Promise((resolve, reject) => {\n const scope = typeof scopes === \"string\" ? scopes : scopes[0];\n logger.getToken.info(`Using the scope ${scope}`);\n\n const resource = scope.replace(/\\/.default$/, \"\");\n\n // Check to make sure the scope we get back is a valid scope\n if (!scope.match(/^[0-9a-zA-Z-.:/]+$/)) {\n const error = new Error(\"Invalid scope was specified by the user or calling client\");\n logger.getToken.info(formatError(scopes, error));\n throw error;\n }\n\n let responseData = \"\";\n\n const { span } = createSpan(\"AzureCliCredential-getToken\", options);\n this.getAzureCliAccessToken(resource)\n .then((obj: any) => {\n if (obj.stderr) {\n const isLoginError = obj.stderr.match(\"(.)az login(.)\");\n const isNotInstallError =\n obj.stderr.match(\"az:(.)not found\") \|\|\n obj.stderr.startsWith(\"'az' is not recognized\");\n if (isNotInstallError) {\n const error = new CredentialUnavailable(\n \"Azure CLI could not be found. Please visit https://aka.ms/azure-cli for installation instructions and then, once installed, authenticate to your Azure account using 'az login'.\"\n );\n logger.getToken.info(formatError(scopes, error));\n throw error;\n } else if (isLoginError) {\n const error = new CredentialUnavailable(\n \"Please run 'az login' from a command prompt to authenticate before using this credential.\"\n );\n logger.getToken.info(formatError(scopes, error));\n throw error;\n }\n const error = new CredentialUnavailable(obj.stderr);\n logger.getToken.info(formatError(scopes, error));\n throw error;\n } else {\n responseData = obj.stdout;\n const response: { accessToken: string; expiresOn: string } = JSON.parse(responseData);\n logger.getToken.info(formatSuccess(scopes));\n const returnValue = {\n token: response.accessToken,\n expiresOnTimestamp: new Date(response.expiresOn).getTime()\n };\n resolve(returnValue);\n return returnValue;\n }\n })\n .catch((err) => {\n span.setStatus({\n code: SpanStatusCode.ERROR,\n message: err.message\n });\n logger.getToken.info(formatError(scopes, err));\n reject(err);\n });\n });\n }\n}\n","// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT license.\n\n/*\n The default client ID for authentication\n * @internal\n /\n// TODO: temporary - this is the Azure CLI clientID - we'll replace it when\n// Developer Sign On application is available\n// https://github.com/Azure/azure-sdk-for-net/blob/master/sdk/identity/Azure.Identity/src/Constants.cs#L9\nexport const DeveloperSignOnClientId = \"04b07795-8ddb-461a-bbee-02f9e1bf7b46\";\n\n/\n The default tenant for authentication\n * @internal\n /\nexport const DefaultTenantId = \"common\";\n\n/\n A list of known Azure authority hosts\n /\nexport enum AzureAuthorityHosts {\n /\n China-based Azure Authority Host\n /\n AzureChina = \"https://login.chinacloudapi.cn\",\n /\n Germany-based Azure Authority Host\n /\n AzureGermany = \"https://login.microsoftonline.de\",\n /\n US Government Azure Authority Host\n /\n AzureGovernment = \"https://login.microsoftonline.us\",\n /\n Public Cloud Azure Authority Host\n /\n AzurePublicCloud = \"https://login.microsoftonline.com\"\n}\n","// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT license.\n\nimport { TokenCredential, AccessToken, GetTokenOptions } from \"@azure/core-http\";\nimport { TokenCredentialOptions, IdentityClient } from \"../client/identityClient\";\nimport fs from \"fs\";\nimport os from \"os\";\nimport path from \"path\";\n\nlet keytar: any;\ntry {\n // eslint-disable-next-line @typescript-eslint/no-require-imports\n keytar = require(\"keytar\");\n} catch (er) {\n keytar = null;\n}\n\nimport { CredentialUnavailable } from \"../client/errors\";\nimport { credentialLogger, formatSuccess, formatError } from \"../util/logging\";\nimport { AzureAuthorityHosts } from \"../constants\";\nimport { checkTenantId } from \"../util/checkTenantId\";\n\nconst CommonTenantId = \"common\";\nconst AzureAccountClientId = \"aebc6443-996d-45c2-90f0-388ff96faa56\"; // VSC: 'aebc6443-996d-45c2-90f0-388ff96faa56'\nconst VSCodeUserName = \"VS Code Azure\";\nconst logger = credentialLogger(\"VisualStudioCodeCredential\");\n\n// Map of unsupported Tenant IDs and the errors we will be throwing.\nconst unsupportedTenantIds: Record<string, string> = {\n adfs: \"The VisualStudioCodeCredential does not support authentication with ADFS tenants.\"\n};\n\nfunction checkUnsupportedTenant(tenantId: string): void {\n // If the Tenant ID isn't supported, we throw.\n const unsupportedTenantError = unsupportedTenantIds[tenantId];\n if (unsupportedTenantError) {\n throw new CredentialUnavailable(unsupportedTenantError);\n }\n}\n\ntype VSCodeCloudNames = \"AzureCloud\" \| \"AzureChina\" \| \"AzureGermanCloud\" \| \"AzureUSGovernment\";\n\nconst mapVSCodeAuthorityHosts: Record<VSCodeCloudNames, string> = {\n AzureCloud: AzureAuthorityHosts.AzurePublicCloud,\n AzureChina: AzureAuthorityHosts.AzureChina,\n AzureGermanCloud: AzureAuthorityHosts.AzureGermany,\n AzureUSGovernment: AzureAuthorityHosts.AzureGovernment\n};\n\n/\n Attempts to load a specific property from the VSCode configurations of the current OS.\n * If it fails at any point, returns undefined.\n /\nexport function getPropertyFromVSCode(property: string): string \| undefined {\n const settingsPath = [\"User\", \"settings.json\"];\n // Eventually we can add more folders for more versions of VSCode.\n const vsCodeFolder = \"Code\";\n const homedir = os.homedir();\n\n function loadProperty(...pathSegments: string[]): string \| undefined {\n const fullPath = path.join(...pathSegments, vsCodeFolder, ...settingsPath);\n const settings = JSON.parse(fs.readFileSync(fullPath, { encoding: \"utf8\" }));\n return settings[property];\n }\n\n try {\n let appData: string;\n switch (process.platform) {\n case \"win32\":\n appData = process.env.APPDATA!;\n return appData ? loadProperty(appData) : undefined;\n case \"darwin\":\n return loadProperty(homedir, \"Library\", \"Application Support\");\n case \"linux\":\n return loadProperty(homedir, \".config\");\n default:\n return;\n }\n } catch (e) {\n logger.info(`Failed to load the Visual Studio Code configuration file. Error: ${e.message}`);\n return;\n }\n}\n\n/\n Provides options to configure the Visual Studio Code credential.\n /\nexport interface VisualStudioCodeCredentialOptions extends TokenCredentialOptions {\n /\n Optionally pass in a Tenant ID to be used as part of the credential\n /\n tenantId?: string;\n}\n\n/\n Connect to Azure using the credential provided by the VSCode extension 'Azure Account'.\n * Once the user has logged in via the extension, this credential can share the same refresh token\n * that is cached by the extension.\n /\nexport class VisualStudioCodeCredential implements TokenCredential {\n private identityClient: IdentityClient;\n private tenantId: string;\n private cloudName: VSCodeCloudNames;\n\n /\n Creates an instance of VisualStudioCodeCredential to use for automatically authenticating via VSCode.\n \n @param options - Options for configuring the client which makes the authentication request.\n /\n constructor(options?: VisualStudioCodeCredentialOptions) {\n // We want to make sure we use the one assigned by the user on the VSCode settings.\n // Or just `AzureCloud` by default.\n this.cloudName = (getPropertyFromVSCode(\"azure.cloud\") \|\| \"AzureCloud\") as VSCodeCloudNames;\n\n // Picking an authority host based on the cloud name.\n const authorityHost = mapVSCodeAuthorityHosts[this.cloudName];\n\n this.identityClient = new IdentityClient({\n authorityHost,\n ...options\n });\n\n if (options && options.tenantId) {\n checkTenantId(logger, options.tenantId);\n\n this.tenantId = options.tenantId;\n } else {\n this.tenantId = CommonTenantId;\n }\n checkUnsupportedTenant(this.tenantId);\n }\n\n /\n Runs preparations for any further getToken request.\n /\n private async prepare(): Promise<void> {\n // Attempts to load the tenant from the VSCode configuration file.\n const settingsTenant = getPropertyFromVSCode(\"azure.tenant\");\n if (settingsTenant) {\n this.tenantId = settingsTenant;\n }\n checkUnsupportedTenant(this.tenantId);\n }\n\n /\n The promise of the single preparation that will be executed at the first getToken request for an instance of this class.\n /\n private preparePromise: Promise<void> \| undefined;\n\n /\n Runs preparations for any further getToken, but only once.\n /\n private prepareOnce(): Promise<void> \| undefined {\n if (this.preparePromise) {\n return this.preparePromise;\n }\n this.preparePromise = this.prepare();\n return this.preparePromise;\n }\n\n /\n Returns the token found by searching VSCode's authentication cache or\n * returns null if no token could be found.\n \n @param scopes - The list of scopes for which the token will have access.\n * @param options - The options used to configure any requests this\n * `TokenCredential` implementation might make.\n /\n public async getToken(\n scopes: string \| string[],\n _options?: GetTokenOptions\n ): Promise<AccessToken \| null> {\n await this.prepareOnce();\n if (!keytar) {\n throw new CredentialUnavailable(\n \"Visual Studio Code credential requires the optional dependency 'keytar' to work correctly\"\n );\n }\n\n let scopeString = typeof scopes === \"string\" ? scopes : scopes.join(\" \");\n\n // Check to make sure the scope we get back is a valid scope\n if (!scopeString.match(/^[0-9a-zA-Z-.:/]+$/)) {\n const error = new Error(\"Invalid scope was specified by the user or calling client\");\n logger.getToken.info(formatError(scopes, error));\n throw error;\n }\n\n if (scopeString.indexOf(\"offline_access\") < 0) {\n scopeString += \" offline_access\";\n }\n\n // findCredentials returns an array similar to:\n // [\n // {\n // account: \"\",\n // password: \"\",\n // },\n // / ... /\n // ]\n const credentials = await keytar.findCredentials(VSCodeUserName);\n\n // If we can't find the credential based on the name, we'll pick the first one available.\n const { password } =\n credentials.find((cred: { account: string }) => cred.account === this.cloudName) \|\|\n credentials[0] \|\|\n {};\n\n // Assuming we found something, the refresh token is the \"password\" property.\n const refreshToken = password;\n\n if (refreshToken) {\n const tokenResponse = await this.identityClient.refreshAccessToken(\n this.tenantId,\n AzureAccountClientId,\n scopeString,\n refreshToken,\n undefined\n );\n\n if (tokenResponse) {\n logger.getToken.info(formatSuccess(scopes));\n return tokenResponse.accessToken;\n } else {\n const error = new CredentialUnavailable(\n \"Could not retrieve the token associated with Visual Studio Code. Have you connected using the 'Azure Account' extension recently?\"\n );\n logger.getToken.info(formatError(scopes, error));\n throw error;\n }\n } else {\n const error = new CredentialUnavailable(\n \"Could not retrieve the token associated with Visual Studio Code. Did you connect using the 'Azure Account' extension?\"\n );\n logger.getToken.info(formatError(scopes, error));\n throw error;\n }\n }\n}\n","// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT license.\n\nimport { TokenCredentialOptions } from \"../client/identityClient\";\nimport { ChainedTokenCredential } from \"./chainedTokenCredential\";\nimport { EnvironmentCredential } from \"./environmentCredential\";\nimport { ManagedIdentityCredential } from \"./managedIdentityCredential\";\nimport { AzureCliCredential } from \"./azureCliCredential\";\nimport { VisualStudioCodeCredential } from \"./visualStudioCodeCredential\";\n\n/\n Provides options to configure the default Azure credentials.\n /\nexport interface DefaultAzureCredentialOptions extends TokenCredentialOptions {\n /\n Optionally pass in a Tenant ID to be used as part of the credential\n /\n tenantId?: string;\n /\n Optionally pass in a user assigned client ID for the ManagedIdentityCredential\n /\n managedIdentityClientId?: string;\n}\n\n/\n Provides a default {@link ChainedTokenCredential} configuration for\n * applications that will be deployed to Azure. The following credential\n * types will be tried, in order:\n \n - {@link EnvironmentCredential}\n * - {@link ManagedIdentityCredential}\n \n Consult the documentation of these credential types for more information\n * on how they attempt authentication.\n /\nexport class DefaultAzureCredential extends ChainedTokenCredential {\n /\n Creates an instance of the DefaultAzureCredential class.\n \n @param options - Options for configuring the client which makes the authentication request.\n /\n constructor(tokenCredentialOptions?: DefaultAzureCredentialOptions) {\n const credentials = [];\n credentials.push(new EnvironmentCredential(tokenCredentialOptions));\n\n // In case a user assigned ID has been provided.\n const managedIdentityClientId =\n tokenCredentialOptions?.managedIdentityClientId \|\| process.env.AZURE_CLIENT_ID;\n\n if (managedIdentityClientId) {\n credentials.push(\n new ManagedIdentityCredential(managedIdentityClientId, tokenCredentialOptions)\n );\n } else {\n // If the user didn't provide an ID, we'll try with a system assigned ID.\n credentials.push(new ManagedIdentityCredential(tokenCredentialOptions));\n }\n\n credentials.push(new AzureCliCredential());\n credentials.push(new VisualStudioCodeCredential(tokenCredentialOptions));\n\n super(...credentials);\n this.UnavailableMessage =\n \"DefaultAzureCredential => failed to retrieve a token from the included credentials\";\n }\n}\n","// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT license.\n\nimport { CredentialUnavailable } from \"./errors\";\nimport {\n PublicClientApplication,\n Configuration,\n AuthorizationCodeRequest,\n AuthenticationResult,\n DeviceCodeRequest,\n ConfidentialClientApplication,\n ClientCredentialRequest,\n NetworkRequestOptions,\n NetworkResponse,\n INetworkModule\n} from \"@azure/msal-node\";\nimport axios, { AxiosRequestConfig } from \"axios\";\n\nimport { IdentityClient, TokenCredentialOptions } from \"./identityClient\";\nimport { AccessToken } from \"@azure/core-http\";\nimport { credentialLogger } from \"../util/logging\";\nimport { NodeAuthOptions } from \"@azure/msal-node/dist/config/Configuration\";\n\nconst logger = credentialLogger(\"InteractiveBrowserCredential\");\n\n/\n The record to use to find the cached tokens in the cache\n /\nexport interface AuthenticationRecord {\n /\n The associated authority, if used\n /\n authority?: string;\n\n /\n The home account Id\n /\n homeAccountId: string;\n\n /\n The login environment, eg \"login.windows.net\"\n /\n environment: string;\n\n /\n The associated tenant ID\n /\n tenantId: string;\n\n /\n Local, tenant-specific account identifer for this account object, usually used in legacy cases\n /\n localAccountId: string;\n\n /\n The username of the logged in account\n /\n username: string;\n}\n\nexport class AuthenticationRequired extends CredentialUnavailable {}\n\nexport class MsalClient {\n private persistenceEnabled: boolean;\n private authenticationRecord: AuthenticationRecord \| undefined;\n private identityClient: IdentityClient;\n private pca: PublicClientApplication \| undefined;\n private cca: ConfidentialClientApplication \| undefined;\n private msalConfig: NodeAuthOptions;\n\n constructor(\n msalConfig: NodeAuthOptions,\n persistenceEnabled: boolean,\n authenticationRecord?: AuthenticationRecord,\n options?: TokenCredentialOptions\n ) {\n this.identityClient = new IdentityClient(options);\n this.msalConfig = msalConfig;\n this.persistenceEnabled = persistenceEnabled;\n this.authenticationRecord = authenticationRecord;\n }\n\n async prepareClientApplications(): Promise<void> {\n // If we've already initialized the public client application, return\n if (this.pca) {\n return;\n }\n\n // Construct the public client application, since it hasn't been initialized, yet\n const clientConfig: Configuration = {\n auth: this.msalConfig,\n cache: undefined,\n system: { networkClient: this.identityClient }\n };\n\n this.pca = new PublicClientApplication(clientConfig);\n }\n\n async acquireTokenFromCache(scopes: string[]): Promise<AccessToken \| null> {\n await this.prepareClientApplications();\n\n if (!this.persistenceEnabled \|\| !this.authenticationRecord) {\n throw new AuthenticationRequired();\n }\n\n const silentRequest = {\n account: this.authenticationRecord!,\n scopes\n };\n\n try {\n const response = await this.pca!.acquireTokenSilent(silentRequest);\n logger.info(\"Successful silent token acquisition\");\n if (response && response.expiresOn) {\n return {\n expiresOnTimestamp: response.expiresOn.getTime(),\n token: response.accessToken\n };\n } else {\n throw new AuthenticationRequired(\"Could not authenticate silently using the cache\");\n }\n } catch (e) {\n throw new AuthenticationRequired(\"Could not authenticate silently using the cache\");\n }\n }\n\n async getAuthCodeUrl(request: { scopes: string[]; redirectUri: string }): Promise<string> {\n await this.prepareClientApplications();\n\n return this.pca!.getAuthCodeUrl(request);\n }\n\n async acquireTokenByCode(\n request: AuthorizationCodeRequest\n ): Promise<AuthenticationResult \| null> {\n await this.prepareClientApplications();\n\n return this.pca!.acquireTokenByCode(request);\n }\n\n async acquireTokenByDeviceCode(request: DeviceCodeRequest): Promise<AuthenticationResult \| null> {\n await this.prepareClientApplications();\n\n return this.pca!.acquireTokenByDeviceCode(request);\n }\n\n async acquireTokenByClientCredential(\n request: ClientCredentialRequest\n ): Promise<AuthenticationResult \| null> {\n await this.prepareClientApplications();\n\n return this.cca!.acquireTokenByClientCredential(request);\n }\n}\n\nexport enum HttpMethod {\n GET = \"get\",\n POST = \"post\"\n}\n/\n This class implements the API for network requests.\n /\nexport class HttpClient implements INetworkModule {\n /\n Http Get request\n * @param url -\n * @param options -\n /\n async sendGetRequestAsync<T>(\n url: string,\n options?: NetworkRequestOptions\n ): Promise<NetworkResponse<T>> {\n const request: AxiosRequestConfig = {\n method: HttpMethod.GET,\n url: url,\n headers: options && options.headers,\n validateStatus: () => true\n };\n\n const response = await axios(request);\n const out = {\n headers: response.headers,\n body: response.data as T,\n status: response.status\n };\n return out;\n }\n\n /\n Http Post request\n * @param url -\n * @param options -\n /\n async sendPostRequestAsync<T>(\n url: string,\n options?: NetworkRequestOptions\n ): Promise<NetworkResponse<T>> {\n const request: AxiosRequestConfig = {\n method: HttpMethod.POST,\n url: url,\n data: (options && options.body) \|\| \"\",\n headers: options && options.headers,\n validateStatus: () => true\n };\n\n const response = await axios(request);\n const out = {\n headers: response.headers,\n body: response.data as T,\n status: response.status\n };\n\n return out;\n }\n}\n","// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT license.\n\n/ eslint-disable @typescript-eslint/no-unused-vars /\n\nimport { TokenCredential, GetTokenOptions, AccessToken } from \"@azure/core-http\";\nimport { InteractiveBrowserCredentialOptions } from \"./interactiveBrowserCredentialOptions\";\nimport { credentialLogger, formatError, formatSuccess } from \"../util/logging\";\nimport { DefaultTenantId, DeveloperSignOnClientId } from \"../constants\";\nimport { Socket } from \"net\";\nimport { AuthenticationRequired, MsalClient } from \"../client/msalClient\";\nimport { AuthorizationCodeRequest } from \"@azure/msal-node\";\n\nimport open from \"open\";\nimport http from \"http\";\nimport stoppable from \"stoppable\";\n\nimport { checkTenantId } from \"../util/checkTenantId\";\n\nconst logger = credentialLogger(\"InteractiveBrowserCredential\");\n\n/\n Enables authentication to Azure Active Directory inside of the web browser\n * using the interactive login flow, either via browser redirects or a popup\n * window. This credential is not currently supported in Node.js.\n /\nexport class InteractiveBrowserCredential implements TokenCredential {\n private redirectUri: string;\n private port: number;\n private hostname: string;\n private msalClient: MsalClient;\n\n constructor(options?: InteractiveBrowserCredentialOptions) {\n const tenantId = (options && options.tenantId) \|\| DefaultTenantId;\n const clientId = (options && options.clientId) \|\| DeveloperSignOnClientId;\n\n checkTenantId(logger, tenantId);\n\n // const persistenceEnabled = options?.persistenceEnabled ? options?.persistenceEnabled : false;\n // const authenticationRecord = options?.authenticationRecord;\n\n if (options && options.redirectUri) {\n if (typeof options.redirectUri === \"string\") {\n this.redirectUri = options.redirectUri;\n } else {\n this.redirectUri = options.redirectUri();\n }\n } else {\n this.redirectUri = \"http://localhost\";\n }\n\n const url = new URL(this.redirectUri);\n this.port = parseInt(url.port);\n if (isNaN(this.port)) {\n this.port = 80;\n }\n\n this.hostname = url.hostname;\n\n let authorityHost;\n if (options && options.authorityHost) {\n if (options.authorityHost.endsWith(\"/\")) {\n authorityHost = options.authorityHost + tenantId;\n } else {\n authorityHost = options.authorityHost + \"/\" + tenantId;\n }\n } else {\n authorityHost = \"https://login.microsoftonline.com/\" + tenantId;\n }\n\n this.msalClient = new MsalClient(\n {\n clientId,\n authority: authorityHost,\n knownAuthorities: tenantId === \"adfs\" ? (authorityHost ? [authorityHost] : []) : []\n },\n false,\n undefined,\n options\n );\n }\n\n /\n Authenticates with Azure Active Directory and returns an access token if\n * successful. If authentication cannot be performed at this time, this method may\n * return null. If an error occurs during authentication, an {@link AuthenticationError}\n * containing failure details will be thrown.\n \n @param scopes - The list of scopes for which the token will have access.\n * @param options - The options used to configure any requests this\n * TokenCredential implementation might make.\n /\n public getToken(\n scopes: string \| string[],\n _options?: GetTokenOptions\n ): Promise<AccessToken \| null> {\n const scopeArray = typeof scopes === \"object\" ? scopes : [scopes];\n\n return this.msalClient.acquireTokenFromCache(scopeArray).catch((e) => {\n if (e instanceof AuthenticationRequired) {\n return this.acquireTokenFromBrowser(scopeArray);\n } else {\n logger.getToken.info(formatError(scopes, e));\n throw e;\n }\n });\n }\n\n private async openAuthCodeUrl(scopeArray: string[]): Promise<void> {\n const authCodeUrlParameters = {\n scopes: scopeArray,\n redirectUri: this.redirectUri\n };\n\n const response = await this.msalClient.getAuthCodeUrl(authCodeUrlParameters);\n await open(response);\n }\n\n private acquireTokenFromBrowser(scopeArray: string[]): Promise<AccessToken \| null> {\n return new Promise<AccessToken \| null>((resolve, reject) => {\n const socketToDestroy: Socket[] = [];\n\n const requestListener = (req: http.IncomingMessage, res: http.ServerResponse) => {\n if (!req.url) {\n reject(\n new Error(\n `Interactive Browser Authentication Error \"Did not receive token with a valid expiration\"`\n )\n );\n return;\n }\n let url: URL;\n try {\n url = new URL(req.url, this.redirectUri);\n } catch (e) {\n reject(\n new Error(\n `Interactive Browser Authentication Error \"Did not receive token with a valid expiration\"`\n )\n );\n return;\n }\n const tokenRequest: AuthorizationCodeRequest = {\n code: url.searchParams.get(\"code\")!,\n redirectUri: this.redirectUri,\n scopes: scopeArray\n };\n\n this.msalClient\n .acquireTokenByCode(tokenRequest)\n .then((authResponse) => {\n const successMessage = `Authentication Complete. You can close the browser and return to the application.`;\n if (authResponse && authResponse.expiresOn) {\n const expiresOnTimestamp = authResponse?.expiresOn.valueOf();\n res.writeHead(200);\n res.end(successMessage);\n logger.getToken.info(formatSuccess(scopeArray));\n\n resolve({\n expiresOnTimestamp,\n token: authResponse.accessToken\n });\n } else {\n const errorMessage = formatError(\n scopeArray,\n `${url.searchParams.get(\"error\")}. ${url.searchParams.get(\"error_description\")}`\n );\n res.writeHead(500);\n res.end(errorMessage);\n logger.getToken.info(errorMessage);\n\n reject(\n new Error(\n `Interactive Browser Authentication Error \"Did not receive token with a valid expiration\"`\n )\n );\n }\n cleanup();\n return;\n })\n .catch(() => {\n const errorMessage = formatError(\n scopeArray,\n `${url.searchParams.get(\"error\")}. ${url.searchParams.get(\"error_description\")}`\n );\n res.writeHead(500);\n res.end(errorMessage);\n logger.getToken.info(errorMessage);\n\n reject(\n new Error(\n `Interactive Browser Authentication Error \"Did not receive token with a valid expiration\"`\n )\n );\n cleanup();\n });\n };\n const app = http.createServer(requestListener);\n\n const listen = app.listen(this.port, this.hostname, () =>\n logger.info(`InteractiveBrowerCredential listening on port ${this.port}!`)\n );\n app.on(\"connection\", (socket) => socketToDestroy.push(socket));\n const server = stoppable(app);\n\n this.openAuthCodeUrl(scopeArray).catch((e) => {\n cleanup();\n reject(e);\n });\n\n function cleanup(): void {\n if (listen) {\n listen.close();\n }\n\n for (const socket of socketToDestroy) {\n socket.destroy();\n }\n\n if (server) {\n server.close();\n server.stop();\n }\n }\n });\n }\n}\n","// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT license.\nimport { AccessToken, TokenCredential, GetTokenOptions } from \"@azure/core-http\";\nimport { AuthenticationRequired, MsalClient } from \"../client/msalClient\";\nimport { createSpan } from \"../util/tracing\";\nimport { credentialLogger, formatError, formatSuccess } from \"../util/logging\";\nimport { SpanStatusCode } from \"@azure/core-tracing\";\nimport { TokenCredentialOptions } from \"../client/identityClient\";\n\nimport { DeviceCodeRequest } from \"@azure/msal-node\";\nimport { checkTenantId } from \"../util/checkTenantId\";\nimport { DeveloperSignOnClientId } from \"../constants\";\n\n/\n Provides the user code and verification URI where the code must be\n * entered. Also provides a message to display to the user which\n * contains an instruction with these details.\n /\nexport interface DeviceCodeInfo {\n /\n The device code that the user must enter into the verification page.\n /\n userCode: string;\n\n /\n The verification URI to which the user must navigate to enter the device\n * code.\n /\n verificationUri: string;\n\n /\n A message that may be shown to the user to instruct them on how to enter\n * the device code in the page specified by the verification URI.\n /\n message: string;\n}\n\n/\n Defines the signature of a callback which will be passed to\n * DeviceCodeCredential for the purpose of displaying authentication\n * details to the user.\n /\nexport type DeviceCodePromptCallback = (deviceCodeInfo: DeviceCodeInfo) => void;\n\nconst logger = credentialLogger(\"DeviceCodeCredential\");\n\n/\n Method that logs the user code from the DeviceCodeCredential.\n * @param deviceCodeInfo - The device code.\n /\nexport function defaultDeviceCodePromptCallback(deviceCodeInfo: DeviceCodeInfo): void {\n console.log(deviceCodeInfo.message);\n}\n\n/\n Enables authentication to Azure Active Directory using a device code\n * that the user can enter into https://microsoft.com/devicelogin.\n /\nexport class DeviceCodeCredential implements TokenCredential {\n private userPromptCallback: DeviceCodePromptCallback;\n private msalClient: MsalClient;\n\n /\n Creates an instance of DeviceCodeCredential with the details needed\n * to initiate the device code authorization flow with Azure Active Directory.\n \n @param tenantId - The Azure Active Directory tenant (directory) ID or name.\n * The default value is 'organizations'.\n * 'organizations' may be used when dealing with multi-tenant scenarios.\n * @param clientId - The client (application) ID of an App Registration in the tenant.\n * By default we will try to use the Azure CLI's client ID to authenticate.\n * @param userPromptCallback - A callback function that will be invoked to show\n {@link DeviceCodeInfo} to the user. If left unassigned, we will automatically log the device code information and the authentication instructions in the console.\n * @param options - Options for configuring the client which makes the authentication request.\n /\n constructor(\n tenantId: string = \"organizations\",\n clientId: string = DeveloperSignOnClientId,\n userPromptCallback: DeviceCodePromptCallback = defaultDeviceCodePromptCallback,\n options?: TokenCredentialOptions\n ) {\n checkTenantId(logger, tenantId);\n\n this.userPromptCallback = userPromptCallback;\n\n let authorityHost;\n if (options && options.authorityHost) {\n if (options.authorityHost.endsWith(\"/\")) {\n authorityHost = options.authorityHost + tenantId;\n } else {\n authorityHost = options.authorityHost + \"/\" + tenantId;\n }\n } else {\n authorityHost = \"https://login.microsoftonline.com/\" + tenantId;\n }\n\n this.msalClient = new MsalClient(\n { clientId: clientId, authority: authorityHost },\n false,\n undefined,\n options\n );\n }\n\n /\n Authenticates with Azure Active Directory and returns an access token if\n * successful. If authentication cannot be performed at this time, this method may\n * return null. If an error occurs during authentication, an {@link AuthenticationError}\n * containing failure details will be thrown.\n \n @param scopes - The list of scopes for which the token will have access.\n * @param options - The options used to configure any requests this\n * TokenCredential implementation might make.\n /\n async getToken(\n scopes: string \| string[],\n options?: GetTokenOptions\n ): Promise<AccessToken \| null> {\n const { span } = createSpan(\"DeviceCodeCredential-getToken\", options);\n\n const scopeArray = typeof scopes === \"object\" ? scopes : [scopes];\n\n const deviceCodeRequest = {\n deviceCodeCallback: this.userPromptCallback,\n scopes: scopeArray\n };\n\n logger.info(`DeviceCodeCredential invoked. Scopes: ${scopeArray.join(\", \")}`);\n\n return this.msalClient.acquireTokenFromCache(scopeArray).catch(async (e) => {\n if (e instanceof AuthenticationRequired) {\n try {\n const token = await this.acquireTokenByDeviceCode(deviceCodeRequest, scopeArray);\n logger.getToken.info(formatSuccess(scopeArray));\n return token;\n } catch (err) {\n span.setStatus({\n code: SpanStatusCode.ERROR,\n message: err.message\n });\n logger.getToken.info(formatError(scopeArray, err));\n throw err;\n } finally {\n span.end();\n }\n } else {\n throw e;\n }\n });\n }\n\n private async acquireTokenByDeviceCode(\n deviceCodeRequest: DeviceCodeRequest,\n scopes: string[]\n ): Promise<AccessToken \| null> {\n try {\n const deviceResponse = await this.msalClient.acquireTokenByDeviceCode(deviceCodeRequest);\n if (deviceResponse && deviceResponse.expiresOn) {\n const expiresOnTimestamp = deviceResponse.expiresOn.getTime();\n logger.getToken.info(formatSuccess(scopes));\n return {\n expiresOnTimestamp,\n token: deviceResponse.accessToken\n };\n } else {\n throw new Error(\"Did not receive token with a valid expiration\");\n }\n } catch (error) {\n throw new Error(`Device Authentication Error \"${JSON.stringify(error)}\"`);\n }\n }\n}\n","// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT license.\n\nimport qs from \"qs\";\nimport { createSpan } from \"../util/tracing\";\nimport { TokenCredential, GetTokenOptions, AccessToken } from \"@azure/core-http\";\nimport { IdentityClient, TokenResponse, TokenCredentialOptions } from \"../client/identityClient\";\nimport { SpanStatusCode } from \"@azure/core-tracing\";\nimport { credentialLogger, formatSuccess, formatError } from \"../util/logging\";\nimport { getIdentityTokenEndpointSuffix } from \"../util/identityTokenEndpoint\";\nimport { checkTenantId } from \"../util/checkTenantId\";\n\nconst logger = credentialLogger(\"AuthorizationCodeCredential\");\n\n/\n Enables authentication to Azure Active Directory using an authorization code\n * that was obtained through the authorization code flow, described in more detail\n * in the Azure Active Directory documentation:\n \n https://docs.microsoft.com/en-us/azure/active-directory/develop/v2-oauth2-auth-code-flow\n /\nexport class AuthorizationCodeCredential implements TokenCredential {\n private identityClient: IdentityClient;\n private tenantId: string;\n private clientId: string;\n private clientSecret: string \| undefined;\n private authorizationCode: string;\n private redirectUri: string;\n private lastTokenResponse: TokenResponse \| null = null;\n\n /\n Creates an instance of CodeFlowCredential with the details needed\n * to request an access token using an authentication that was obtained\n * from Azure Active Directory.\n \n It is currently necessary for the user of this credential to initiate\n * the authorization code flow to obtain an authorization code to be used\n * with this credential. A full example of this flow is provided here:\n \n https://github.com/Azure/azure-sdk-for-js/blob/master/sdk/identity/identity/samples/manual/authorizationCodeSample.ts\n \n @param tenantId - The Azure Active Directory tenant (directory) ID or name.\n * 'common' may be used when dealing with multi-tenant scenarios.\n * @param clientId - The client (application) ID of an App Registration in the tenant.\n * @param clientSecret - A client secret that was generated for the App Registration\n * @param authorizationCode - An authorization code that was received from following the\n authorization code flow. This authorization code must not\n have already been used to obtain an access token.\n * @param redirectUri - The redirect URI that was used to request the authorization code.\n Must be the same URI that is configured for the App Registration.\n * @param options - Options for configuring the client which makes the access token request.\n /\n constructor(\n tenantId: string \| \"common\",\n clientId: string,\n clientSecret: string,\n authorizationCode: string,\n redirectUri: string,\n options?: TokenCredentialOptions\n );\n /\n Creates an instance of CodeFlowCredential with the details needed\n * to request an access token using an authentication that was obtained\n * from Azure Active Directory.\n \n It is currently necessary for the user of this credential to initiate\n * the authorization code flow to obtain an authorization code to be used\n * with this credential. A full example of this flow is provided here:\n \n https://github.com/Azure/azure-sdk-for-js/blob/master/sdk/identity/identity/samples/manual/authorizationCodeSample.ts\n \n @param tenantId - The Azure Active Directory tenant (directory) ID or name.\n * 'common' may be used when dealing with multi-tenant scenarios.\n * @param clientId - The client (application) ID of an App Registration in the tenant.\n * @param authorizationCode - An authorization code that was received from following the\n authorization code flow. This authorization code must not\n have already been used to obtain an access token.\n * @param redirectUri - The redirect URI that was used to request the authorization code.\n Must be the same URI that is configured for the App Registration.\n * @param options - Options for configuring the client which makes the access token request.\n /\n constructor(\n tenantId: string \| \"common\",\n clientId: string,\n authorizationCode: string,\n redirectUri: string,\n options?: TokenCredentialOptions\n );\n /\n @hidden\n * @internal\n /\n constructor(\n tenantId: string \| \"common\",\n clientId: string,\n clientSecretOrAuthorizationCode: string,\n authorizationCodeOrRedirectUri: string,\n redirectUriOrOptions: string \| TokenCredentialOptions \| undefined,\n options?: TokenCredentialOptions\n ) {\n checkTenantId(logger, tenantId);\n\n this.clientId = clientId;\n this.tenantId = tenantId;\n\n if (typeof redirectUriOrOptions === \"string\") {\n // the clientId+clientSecret constructor\n this.clientSecret = clientSecretOrAuthorizationCode;\n this.authorizationCode = authorizationCodeOrRedirectUri;\n this.redirectUri = redirectUriOrOptions;\n // options okay\n } else {\n // clientId only\n this.clientSecret = undefined;\n this.authorizationCode = clientSecretOrAuthorizationCode;\n this.redirectUri = authorizationCodeOrRedirectUri as string;\n options = redirectUriOrOptions as TokenCredentialOptions;\n }\n\n this.identityClient = new IdentityClient(options);\n }\n\n /\n Authenticates with Azure Active Directory and returns an access token if\n * successful. If authentication cannot be performed at this time, this method may\n * return null. If an error occurs during authentication, an {@link AuthenticationError}\n * containing failure details will be thrown.\n \n @param scopes - The list of scopes for which the token will have access.\n * @param options - The options used to configure any requests this\n * TokenCredential implementation might make.\n /\n public async getToken(\n scopes: string \| string[],\n options?: GetTokenOptions\n ): Promise<AccessToken \| null> {\n const { span, updatedOptions: newOptions } = createSpan(\n \"AuthorizationCodeCredential-getToken\",\n options\n );\n try {\n let tokenResponse: TokenResponse \| null = null;\n let scopeString = typeof scopes === \"string\" ? scopes : scopes.join(\" \");\n if (scopeString.indexOf(\"offline_access\") < 0) {\n scopeString += \" offline_access\";\n }\n\n // Try to use the refresh token first\n if (this.lastTokenResponse && this.lastTokenResponse.refreshToken) {\n tokenResponse = await this.identityClient.refreshAccessToken(\n this.tenantId,\n this.clientId,\n scopeString,\n this.lastTokenResponse.refreshToken,\n this.clientSecret,\n undefined,\n newOptions\n );\n }\n\n if (tokenResponse === null) {\n const urlSuffix = getIdentityTokenEndpointSuffix(this.tenantId);\n const webResource = this.identityClient.createWebResource({\n url: `${this.identityClient.authorityHost}/${this.tenantId}/${urlSuffix}`,\n method: \"POST\",\n disableJsonStringifyOnBody: true,\n deserializationMapper: undefined,\n body: qs.stringify({\n client_id: this.clientId,\n grant_type: \"authorization_code\",\n scope: scopeString,\n code: this.authorizationCode,\n redirect_uri: this.redirectUri,\n client_secret: this.clientSecret\n }),\n headers: {\n Accept: \"application/json\",\n \"Content-Type\": \"application/x-www-form-urlencoded\"\n },\n abortSignal: options && options.abortSignal,\n spanOptions: newOptions.tracingOptions && newOptions.tracingOptions.spanOptions,\n tracingContext: newOptions.tracingOptions && newOptions.tracingOptions.tracingContext,\n });\n\n tokenResponse = await this.identityClient.sendTokenRequest(webResource);\n }\n\n this.lastTokenResponse = tokenResponse;\n logger.getToken.info(formatSuccess(scopes));\n return (tokenResponse && tokenResponse.accessToken) \|\| null;\n } catch (err) {\n span.setStatus({\n code: SpanStatusCode.ERROR,\n message: err.message\n });\n logger.getToken.info(formatError(scopes, err));\n throw err;\n } finally {\n span.end();\n }\n }\n}\n","// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT license.\n\nimport { TokenCredential } from \"@azure/core-http\";\nimport { DefaultAzureCredential } from \"./credentials/defaultAzureCredential\";\n\nexport { ChainedTokenCredential } from \"./credentials/chainedTokenCredential\";\nexport { TokenCredentialOptions } from \"./client/identityClient\";\nexport { EnvironmentCredential } from \"./credentials/environmentCredential\";\nexport { ClientSecretCredential } from \"./credentials/clientSecretCredential\";\nexport { ClientCertificateCredential } from \"./credentials/clientCertificateCredential\";\nexport { ClientCertificateCredentialOptions } from \"./credentials/clientCertificateCredentialOptions\";\nexport { InteractiveBrowserCredential } from \"./credentials/interactiveBrowserCredential\";\nexport {\n VisualStudioCodeCredential,\n VisualStudioCodeCredentialOptions\n} from \"./credentials/visualStudioCodeCredential\";\nexport { AzureCliCredential } from \"./credentials/azureCliCredential\";\n\nexport { AuthenticationRecord } from \"./client/msalClient\";\nexport {\n InteractiveBrowserCredentialOptions,\n BrowserLoginStyle\n} from \"./credentials/interactiveBrowserCredentialOptions\";\nexport { ManagedIdentityCredential } from \"./credentials/managedIdentityCredential\";\nexport {\n DeviceCodeCredential,\n DeviceCodePromptCallback,\n DeviceCodeInfo\n} from \"./credentials/deviceCodeCredential\";\n\nexport {\n DefaultAzureCredential,\n DefaultAzureCredentialOptions\n} from \"./credentials/defaultAzureCredential\";\nexport { UsernamePasswordCredential } from \"./credentials/usernamePasswordCredential\";\nexport { AuthorizationCodeCredential } from \"./credentials/authorizationCodeCredential\";\nexport {\n AuthenticationError,\n ErrorResponse,\n AggregateAuthenticationError,\n AuthenticationErrorName,\n AggregateAuthenticationErrorName,\n CredentialUnavailable\n} from \"./client/errors\";\n\nexport { TokenCredential, GetTokenOptions, AccessToken } from \"@azure/core-http\";\nexport { logger } from \"./util/logging\";\n\nexport { AzureAuthorityHosts } from \"./constants\";\n\n/\n Returns a new instance of the {@link DefaultAzureCredential}.\n */\nexport function getDefaultAzureCredential(): TokenCredential {\n return new DefaultAzureCredential();\n}\n"],"names":["createSpanFunction","createClientLogger","logger","SpanStatusCode","ServiceClient","createPipelineFromOptions","WebResource","readFileSync","createHash","uuidV4","expiresInParser","prepareRequestOptions","RestError","readFile","child_process.exec","AzureAuthorityHosts","fs","PublicClientApplication"],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;AAAA;AACA;AAuDA,SAAS,eAAe,CAAC,aAAkB;IACzC,QACE,aAAa;QACb,OAAO,aAAa,CAAC,KAAK,KAAK,QAAQ;QACvC,OAAO,aAAa,CAAC,iBAAiB,KAAK,QAAQ,EACnD;AACJ,CAAC;AAED;;;;;MAKa,qBAAsB,SAAQ,KAAK;CAAG;AAEnD;;;MAGa,uBAAuB,GAAG,sBAAsB;AAE7D;;;;;MAKa,mBAAoB,SAAQ,KAAK;;IAY5C,YAAY,UAAkB,EAAE,SAA6C;QAC3E,IAAI,aAAa,GAAkB;YACjC,KAAK,EAAE,SAAS;YAChB,gBAAgB,EAAE,oEAAoE;SACvF,CAAC;QAEF,IAAI,eAAe,CAAC,SAAS,CAAC,EAAE;YAC9B,aAAa,GAAG,wCAAwC,CAAC,SAAS,CAAC,CAAC;SACrE;aAAM,IAAI,OAAO,SAAS,KAAK,QAAQ,EAAE;YACxC,IAAI;;;gBAGF,MAAM,kBAAkB,GAAuB,IAAI,CAAC,KAAK,CAAC,SAAS,CAAC,CAAC;gBACrE,aAAa,GAAG,wCAAwC,CAAC,kBAAkB,CAAC,CAAC;aAC9E;YAAC,OAAO,CAAC,EAAE;gBACV,IAAI,UAAU,KAAK,GAAG,EAAE;oBACtB,aAAa,GAAG;wBACd,KAAK,EAAE,qBAAqB;wBAC5B,gBAAgB,EAAE,4CAA4C;qBAC/D,CAAC;iBACH;qBAAM;oBACL,aAAa,GAAG;wBACd,KAAK,EAAE,eAAe;wBACtB,gBAAgB,EAAE,oDAAoD,SAAS,EAAE;qBAClF,CAAC;iBACH;aACF;SACF;aAAM;YACL,aAAa,GAAG;gBACd,KAAK,EAAE,eAAe;gBACtB,gBAAgB,EAAE,oEAAoE;aACvF,CAAC;SACH;QAED,KAAK,CACH,GAAG,aAAa,CAAC,KAAK,gBAAgB,UAAU,sBAAsB,aAAa,CAAC,gBAAgB,EAAE,CACvG,CAAC;QACF,IAAI,CAAC,UAAU,GAAG,UAAU,CAAC;QAC7B,IAAI,CAAC,aAAa,GAAG,aAAa,CAAC;;QAGnC,IAAI,CAAC,IAAI,GAAG,uBAAuB,CAAC;KACrC;CACF;AAED;;;MAGa,gCAAgC,GAAG,+BAA+B;AAE/E;;;;MAIa,4BAA6B,SAAQ,KAAK;IAOrD,YAAY,MAAa,EAAE,YAAqB;QAC9C,MAAM,WAAW,GAAG,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QACtC,KAAK,CAAC,GAAG,YAAY,OAAO,WAAW,EAAE,CAAC,CAAC;QAC3C,IAAI,CAAC,MAAM,GAAG,MAAM,CAAC;;QAGrB,IAAI,CAAC,IAAI,GAAG,gCAAgC,CAAC;KAC9C;CACF;AAED,SAAS,wCAAwC,CAAC,SAA6B;IAC7E,OAAO;QACL,KAAK,EAAE,SAAS,CAAC,KAAK;QACtB,gBAAgB,EAAE,SAAS,CAAC,iBAAiB;QAC7C,aAAa,EAAE,SAAS,CAAC,cAAc;QACvC,UAAU,EAAE,SAAS,CAAC,WAAW;QACjC,SAAS,EAAE,SAAS,CAAC,SAAS;QAC9B,OAAO,EAAE,SAAS,CAAC,QAAQ;KAC5B,CAAC;AACJ;;AC7KA;AACA,AAIA;;;;AAIA,AAAO,MAAM,UAAU,GAAGA,8BAAkB,CAAC;IAC3C,aAAa,EAAE,gBAAgB;IAC/B,SAAS,EAAE,eAAe;CAC3B,CAAC,CAAC;;ACZH;AACA,AAIA;;;AAGA,MAAa,MAAM,GAAGC,2BAAkB,CAAC,UAAU,CAAC,CAAC;AAOrD;;;;AAIA,SAAgB,cAAc,CAAC,gBAA0B;IACvD,OAAO,gBAAgB,CAAC,MAAM,CAC5B,CAAC,GAA2B,EAAE,WAAmB;QAC/C,IAAI,OAAO,CAAC,GAAG,CAAC,WAAW,CAAC,EAAE;YAC5B,GAAG,CAAC,QAAQ,CAAC,IAAI,CAAC,WAAW,CAAC,CAAC;SAChC;aAAM;YACL,GAAG,CAAC,OAAO,CAAC,IAAI,CAAC,WAAW,CAAC,CAAC;SAC/B;QACD,OAAO,GAAG,CAAC;KACZ,EACD,EAAE,OAAO,EAAE,EAAE,EAAE,QAAQ,EAAE,EAAE,EAAE,CAC9B,CAAC;AACJ,CAAC;AAED,AAaA;;;AAGA,SAAgB,aAAa,CAAC,KAAwB;IACpD,OAAO,oBAAoB,KAAK,CAAC,OAAO,CAAC,KAAK,CAAC,GAAG,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG,KAAK,GAAG,CAAC;AAChF,CAAC;AAED;;;AAGA,SAAgB,WAAW,CAAC,KAAoC,EAAE,KAAqB;IACrF,IAAI,OAAO,GAAG,QAAQ,CAAC;IACvB,IAAI,KAAK,aAAL,KAAK,uBAAL,KAAK,CAAE,MAAM,EAAE;QACjB,OAAO,IAAI,YAAY,KAAK,CAAC,OAAO,CAAC,KAAK,CAAC,GAAG,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG,KAAK,GAAG,CAAC;KAC3E;IACD,OAAO,GAAG,OAAO,mBAAmB,OAAO,KAAK,KAAK,QAAQ,GAAG,KAAK,GAAG,KAAK,CAAC,OAAO,GAAG,CAAC;AAC3F,CAAC;AAkBD;;;;;;;;AAQA,SAAgB,wBAAwB,CACtC,KAAa,EACb,MAAiC,EACjC,MAAmB,MAAM;IAEzB,MAAM,SAAS,GAAG,MAAM,GAAG,GAAG,MAAM,CAAC,SAAS,IAAI,KAAK,EAAE,GAAG,KAAK,CAAC;IAElE,SAAS,IAAI,CAAC,OAAe;QAC3B,GAAG,CAAC,IAAI,CAAC,GAAG,SAAS,KAAK,EAAE,OAAO,CAAC,CAAC;KACtC;IAED,OAAO;QACL,KAAK;QACL,SAAS;QACT,IAAI;KACL,CAAC;AACJ,CAAC;AAUD;;;;;;;;;;AAUA,SAAgB,gBAAgB,CAAC,KAAa,EAAE,MAAmB,MAAM;IACvE,MAAM,UAAU,GAAG,wBAAwB,CAAC,KAAK,EAAE,SAAS,EAAE,GAAG,CAAC,CAAC;IACnE,uCACK,UAAU,KACb,QAAQ,EAAE,wBAAwB,CAAC,eAAe,EAAE,UAAU,EAAE,GAAG,CAAC,IACpE;AACJ,CAAC;;AClID;AACA,AAQA,MAAMC,QAAM,GAAG,gBAAgB,CAAC,wBAAwB,CAAC,CAAC;AAE1D;;;;AAIA,MAAa,sBAAsB;;;;;;;;;;;;;IAqBjC,YAAY,GAAG,OAA0B;;;;QAjB/B,uBAAkB,GAC1B,oFAAoF,CAAC;QAE/E,aAAQ,GAAsB,EAAE,CAAC;QAevC,IAAI,CAAC,QAAQ,GAAG,OAAO,CAAC;KACzB;;;;;;;;;;;;;;IAeK,QAAQ,CACZ,MAAyB,EACzB,OAAyB;;YAEzB,IAAI,KAAK,GAAG,IAAI,CAAC;YACjB,MAAM,MAAM,GAAG,EAAE,CAAC;YAElB,MAAM,EAAE,IAAI,EAAE,cAAc,EAAE,UAAU,EAAE,GAAG,UAAU,CAAC,iCAAiC,EAAE,OAAO,CAAC,CAAC;YAEpG,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,IAAI,CAAC,QAAQ,CAAC,MAAM,IAAI,KAAK,KAAK,IAAI,EAAE,CAAC,EAAE,EAAE;gBAC/D,IAAI;oBACF,KAAK,GAAG,MAAM,IAAI,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,QAAQ,CAAC,MAAM,EAAE,UAAU,CAAC,CAAC;iBAC7D;gBAAC,OAAO,GAAG,EAAE;oBACZ,IAAI,GAAG,YAAY,qBAAqB,EAAE;wBACxC,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;qBAClB;yBAAM;wBACLA,QAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,WAAW,CAAC,MAAM,EAAE,GAAG,CAAC,CAAC,CAAC;wBAC/C,MAAM,GAAG,CAAC;qBACX;iBACF;aACF;YAED,IAAI,CAAC,KAAK,IAAI,MAAM,CAAC,MAAM,GAAG,CAAC,EAAE;gBAC/B,MAAM,GAAG,GAAG,IAAI,4BAA4B,CAAC,MAAM,CAAC,CAAC;gBACrD,IAAI,CAAC,SAAS,CAAC;oBACb,IAAI,EAAEC,0BAAc,CAAC,KAAK;oBAC1B,OAAO,EAAE,GAAG,CAAC,OAAO;iBACrB,CAAC,CAAC;gBACHD,QAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,WAAW,CAAC,MAAM,EAAE,GAAG,CAAC,CAAC,CAAC;gBAC/C,MAAM,GAAG,CAAC;aACX;YAED,IAAI,CAAC,GAAG,EAAE,CAAC;YAEXA,QAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,aAAa,CAAC,MAAM,CAAC,CAAC,CAAC;YAC5C,OAAO,KAAK,CAAC;SACd;KAAA;CACF;;AC1FD;AACA;AAEA,SAAgB,2BAA2B;IACzC,IAAI,OAAO,CAAC,GAAG,CAAC,oBAAoB,EAAE;QACpC,OAAO;YACL,aAAa,EAAE,OAAO,CAAC,GAAG,CAAC,oBAAoB;SAChD,CAAC;KACH;SAAM;QACL,OAAO,SAAS,CAAC;KAClB;AACH,CAAC;;ACXD;AACA;AAEA,SAAgB,8BAA8B,CAAC,QAAgB;IAC7D,IAAI,QAAQ,KAAK,MAAM,EAAE;QACvB,OAAO,cAAc,CAAC;KACvB;SAAM;QACL,OAAO,mBAAmB,CAAC;KAC5B;AACH,CAAC;;ACTD;AACA,AAsBA,MAAM,oBAAoB,GAAG,mCAAmC,CAAC;AAkBjE,MAAa,cAAe,SAAQE,sBAAa;IAG/C,YAAY,OAAgC;QAC1C,AAAY;YACV,OAAO,GAAG,OAAO,IAAI,2BAA2B,EAAE,CAAC;SACpD;QACD,OAAO,GAAG,OAAO,IAAI,cAAc,CAAC,iBAAiB,EAAE,CAAC;QACxD,KAAK,CACH,SAAS,EACTC,kCAAyB,iCACpB,OAAO,KACV,sBAAsB,EAAE;gBACtB,oBAAoB,EAAE;oBACpB,IAAI,EAAE,CAAC,kBAAkB,EAAE,WAAW,EAAE,YAAY,CAAC;iBACtD;aACF,IACD,CACH,CAAC;QAEF,IAAI,CAAC,OAAO,GAAG,IAAI,CAAC,aAAa,GAAG,OAAO,CAAC,aAAa,IAAI,oBAAoB,CAAC;QAElF,IAAI,CAAC,IAAI,CAAC,OAAO,CAAC,UAAU,CAAC,QAAQ,CAAC,EAAE;YACtC,MAAM,IAAI,KAAK,CAAC,0DAA0D,CAAC,CAAC;SAC7E;KACF;IAED,iBAAiB,CAAC,cAAqC;QACrD,MAAM,WAAW,GAAG,IAAIC,oBAAW,EAAE,CAAC;QACtC,WAAW,CAAC,OAAO,CAAC,cAAc,CAAC,CAAC;QACpC,OAAO,WAAW,CAAC;KACpB;IAEK,gBAAgB,CACpB,WAAwB,EACxB,eAA+C;;YAE/C,MAAM,CAAC,IAAI,CAAC,6CAA6C,WAAW,CAAC,GAAG,GAAG,CAAC,CAAC;YAC7E,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,WAAW,CAAC,WAAW,CAAC,CAAC;YAErD,eAAe;gBACb,eAAe;qBACd,CAAC,YAAiB;wBACjB,OAAO,IAAI,CAAC,GAAG,EAAE,GAAG,YAAY,CAAC,UAAU,GAAG,IAAI,CAAC;qBACpD,CAAC,CAAC;YAEL,IAAI,QAAQ,CAAC,MAAM,KAAK,GAAG,IAAI,QAAQ,CAAC,MAAM,KAAK,GAAG,EAAE;gBACtD,MAAM,KAAK,GAAG;oBACZ,WAAW,EAAE;wBACX,KAAK,EAAE,QAAQ,CAAC,UAAU,CAAC,YAAY;wBACvC,kBAAkB,EAAE,eAAe,CAAC,QAAQ,CAAC,UAAU,CAAC;qBACzD;oBACD,YAAY,EAAE,QAAQ,CAAC,UAAU,CAAC,aAAa;iBAChD,CAAC;gBAEF,MAAM,CAAC,IAAI,CACT,oBAAoB,WAAW,CAAC,GAAG,gCAAgC,KAAK,CAAC,WAAW,CAAC,kBAAkB,EAAE,CAC1G,CAAC;gBACF,OAAO,KAAK,CAAC;aACd;iBAAM;gBACL,MAAM,KAAK,GAAG,IAAI,mBAAmB,CACnC,QAAQ,CAAC,MAAM,EACf,QAAQ,CAAC,UAAU,IAAI,QAAQ,CAAC,UAAU,CAC3C,CAAC;gBACF,MAAM,CAAC,OAAO,CACZ,sDAAsD,QAAQ,CAAC,MAAM,KAAK,KAAK,CAAC,aAAa,CAAC,gBAAgB,EAAE,CACjH,CAAC;gBACF,MAAM,KAAK,CAAC;aACb;SACF;KAAA;IAEK,kBAAkB,CACtB,QAAgB,EAChB,QAAgB,EAChB,MAAc,EACd,YAAgC,EAChC,YAAgC,EAChC,eAA+C,EAC/C,OAAyB;;YAEzB,IAAI,YAAY,KAAK,SAAS,EAAE;gBAC9B,OAAO,IAAI,CAAC;aACb;YACD,MAAM,CAAC,IAAI,CACT,2DAA2D,QAAQ,aAAa,MAAM,UAAU,CACjG,CAAC;YAEF,MAAM,EAAE,IAAI,EAAE,cAAc,EAAE,UAAU,EAAE,GAAG,UAAU,CAAC,mCAAmC,EAAE,OAAO,CAAC,CAAC;YAEtG,MAAM,aAAa,GAAG;gBACpB,UAAU,EAAE,eAAe;gBAC3B,SAAS,EAAE,QAAQ;gBACnB,aAAa,EAAE,YAAY;gBAC3B,KAAK,EAAE,MAAM;aACd,CAAC;YAEF,IAAI,YAAY,KAAK,SAAS,EAAE;gBAC7B,aAAqB,CAAC,aAAa,GAAG,YAAY,CAAC;aACrD;YAED,IAAI;gBACF,MAAM,SAAS,GAAG,8BAA8B,CAAC,QAAQ,CAAC,CAAC;gBAC3D,MAAM,WAAW,GAAG,IAAI,CAAC,iBAAiB,CAAC;oBACzC,GAAG,EAAE,GAAG,IAAI,CAAC,aAAa,IAAI,QAAQ,IAAI,SAAS,EAAE;oBACrD,MAAM,EAAE,MAAM;oBACd,0BAA0B,EAAE,IAAI;oBAChC,qBAAqB,EAAE,SAAS;oBAChC,IAAI,EAAE,EAAE,CAAC,SAAS,CAAC,aAAa,CAAC;oBACjC,OAAO,EAAE;wBACP,MAAM,EAAE,kBAAkB;wBAC1B,cAAc,EAAE,mCAAmC;qBACpD;oBACD,WAAW,EAAE,UAAU,CAAC,cAAc,IAAI,UAAU,CAAC,cAAc,CAAC,WAAW;oBAC/E,cAAc,EAAE,UAAU,CAAC,cAAc,IAAI,UAAU,CAAC,cAAc,CAAC,cAAc;oBACrF,WAAW,EAAE,OAAO,IAAI,OAAO,CAAC,WAAW;iBAC5C,CAAC,CAAC;gBAEH,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,gBAAgB,CAAC,WAAW,EAAE,eAAe,CAAC,CAAC;gBAC3E,MAAM,CAAC,IAAI,CAAC,kDAAkD,QAAQ,EAAE,CAAC,CAAC;gBAC1E,OAAO,QAAQ,CAAC;aACjB;YAAC,OAAO,GAAG,EAAE;gBACZ,IACE,GAAG,CAAC,IAAI,KAAK,uBAAuB;oBACpC,GAAG,CAAC,aAAa,CAAC,KAAK,KAAK,sBAAsB,EAClD;;;;oBAIA,MAAM,CAAC,IAAI,CAAC,uDAAuD,QAAQ,EAAE,CAAC,CAAC;oBAC/E,IAAI,CAAC,SAAS,CAAC;wBACb,IAAI,EAAEH,0BAAc,CAAC,KAAK;wBAC1B,OAAO,EAAE,GAAG,CAAC,OAAO;qBACrB,CAAC,CAAC;oBAEH,OAAO,IAAI,CAAC;iBACb;qBAAM;oBACL,MAAM,CAAC,OAAO,CACZ,0DAA0D,QAAQ,KAAK,GAAG,EAAE,CAC7E,CAAC;oBACF,IAAI,CAAC,SAAS,CAAC;wBACb,IAAI,EAAEA,0BAAc,CAAC,KAAK;wBAC1B,OAAO,EAAE,GAAG,CAAC,OAAO;qBACrB,CAAC,CAAC;oBACH,MAAM,GAAG,CAAC;iBACX;aACF;oBAAS;gBACR,IAAI,CAAC,GAAG,EAAE,CAAC;aACZ;SACF;KAAA;IAED,mBAAmB,CACjB,GAAW,EACX,OAA+B;QAE/B,MAAM,WAAW,GAAG,IAAIG,oBAAW,CAAC,GAAG,EAAE,KAAK,EAAE,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,IAAI,EAAE,EAAE,EAAE,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,OAAO,CAAC,CAAC;QAErF,OAAO,IAAI,CAAC,WAAW,CAAC,WAAW,CAAC,CAAC,IAAI,CAAC,CAAC,QAAQ;YACjD,OAAO;gBACL,IAAI,EAAE,QAAQ,CAAC,UAAe;gBAC9B,OAAO,EAAE,QAAQ,CAAC,OAAO,CAAC,UAAU,EAAE;gBACtC,MAAM,EAAE,QAAQ,CAAC,MAAM;aACxB,CAAC;SACH,CAAC,CAAC;KACJ;IAED,oBAAoB,CAClB,GAAW,EACX,OAA+B;QAE/B,MAAM,WAAW,GAAG,IAAIA,oBAAW,CAAC,GAAG,EAAE,MAAM,EAAE,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,IAAI,EAAE,EAAE,EAAE,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,OAAO,CAAC,CAAC;QAEtF,OAAO,IAAI,CAAC,WAAW,CAAC,WAAW,CAAC,CAAC,IAAI,CAAC,CAAC,QAAQ;YACjD,OAAO;gBACL,IAAI,EAAE,QAAQ,CAAC,UAAe;gBAC9B,OAAO,EAAE,QAAQ,CAAC,OAAO,CAAC,UAAU,EAAE;gBACtC,MAAM,EAAE,QAAQ,CAAC,MAAM;aACxB,CAAC;SACH,CAAC,CAAC;KACJ;IAED,OAAO,iBAAiB;QACtB,OAAO;YACL,aAAa,EAAE,oBAAoB;SACpC,CAAC;KACH;CACF;;AClOD;AACA,AAUA,MAAMJ,QAAM,GAAG,gBAAgB,CAAC,wBAAwB,CAAC,CAAC;AAE1D;;;;;;;;AAQA,MAAa,sBAAsB;;;;;;;;;;;IAgBjC,YACE,QAAgB,EAChB,QAAgB,EAChB,YAAoB,EACpB,OAAgC;QAEhC,IAAI,CAAC,cAAc,GAAG,IAAI,cAAc,CAAC,OAAO,CAAC,CAAC;QAClD,IAAI,CAAC,QAAQ,GAAG,QAAQ,CAAC;QACzB,IAAI,CAAC,QAAQ,GAAG,QAAQ,CAAC;QACzB,IAAI,CAAC,YAAY,GAAG,YAAY,CAAC;KAClC;;;;;;;;;;;IAYY,QAAQ,CACnB,MAAyB,EACzB,OAAyB;;YAEzB,MAAM,EAAE,IAAI,EAAE,cAAc,EAAE,UAAU,EAAE,GAAG,UAAU,CAAC,iCAAiC,EAAE,OAAO,CAAC,CAAC;YACpG,IAAI;gBACF,MAAM,SAAS,GAAG,8BAA8B,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;gBAChE,MAAM,WAAW,GAAG,IAAI,CAAC,cAAc,CAAC,iBAAiB,CAAC;oBACxD,GAAG,EAAE,GAAG,IAAI,CAAC,cAAc,CAAC,aAAa,IAAI,IAAI,CAAC,QAAQ,IAAI,SAAS,EAAE;oBACzE,MAAM,EAAE,MAAM;oBACd,0BAA0B,EAAE,IAAI;oBAChC,qBAAqB,EAAE,SAAS;oBAChC,IAAI,EAAE,EAAE,CAAC,SAAS,CAAC;wBACjB,aAAa,EAAE,OAAO;wBACtB,UAAU,EAAE,oBAAoB;wBAChC,SAAS,EAAE,IAAI,CAAC,QAAQ;wBACxB,aAAa,EAAE,IAAI,CAAC,YAAY;wBAChC,KAAK,EAAE,OAAO,MAAM,KAAK,QAAQ,GAAG,MAAM,GAAG,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC;qBAC9D,CAAC;oBACF,OAAO,EAAE;wBACP,MAAM,EAAE,kBAAkB;wBAC1B,cAAc,EAAE,mCAAmC;qBACpD;oBACD,WAAW,EAAE,OAAO,IAAI,OAAO,CAAC,WAAW;oBAC3C,WAAW,EAAE,UAAU,CAAC,cAAc,IAAI,UAAU,CAAC,cAAc,CAAC,WAAW;oBAC/E,cAAc,EAAE,UAAU,CAAC,cAAc,IAAI,UAAU,CAAC,cAAc,CAAC,cAAc;iBACtF,CAAC,CAAC;gBAEH,MAAM,aAAa,GAAG,MAAM,IAAI,CAAC,cAAc,CAAC,gBAAgB,CAAC,WAAW,CAAC,CAAC;gBAC9EA,QAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,aAAa,CAAC,MAAM,CAAC,CAAC,CAAC;gBAC5C,OAAO,CAAC,aAAa,IAAI,aAAa,CAAC,WAAW,KAAK,IAAI,CAAC;aAC7D;YAAC,OAAO,GAAG,EAAE;gBACZ,IAAI,CAAC,SAAS,CAAC;oBACb,IAAI,EAAEC,0BAAc,CAAC,KAAK;oBAC1B,OAAO,EAAE,GAAG,CAAC,OAAO;iBACrB,CAAC,CAAC;gBACHD,QAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,WAAW,CAAC,MAAM,EAAE,GAAG,CAAC,CAAC,CAAC;gBAC/C,MAAM,GAAG,CAAC;aACX;oBAAS;gBACR,IAAI,CAAC,GAAG,EAAE,CAAC;aACZ;SACF;KAAA;CACF;;ACrGD;AACA,SAIgB,aAAa,CAAC,MAAwB,EAAE,QAAgB;IACtE,IAAI,CAAC,QAAQ,CAAC,KAAK,CAAC,oBAAoB,CAAC,EAAE;QACzC,MAAM,KAAK,GAAG,IAAI,KAAK,CACrB,2KAA2K,CAC5K,CAAC;QACF,MAAM,CAAC,IAAI,CAAC,WAAW,CAAC,EAAE,EAAE,KAAK,CAAC,CAAC,CAAC;QACpC,MAAM,KAAK,CAAC;KACb;AACH,CAAC;;ACbD;AACA,AAgBA,MAAM,yBAAyB,GAAG,EAAE,CAAC;AAErC,SAAS,kBAAkB,CAAC,IAAU;IACpC,OAAO,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,OAAO,EAAE,GAAG,IAAI,CAAC,CAAC;AAC3C,CAAC;AAED,SAAS,UAAU,CAAC,IAAU,EAAE,OAAe;IAC7C,IAAI,CAAC,UAAU,CAAC,IAAI,CAAC,UAAU,EAAE,GAAG,OAAO,CAAC,CAAC;IAC7C,OAAO,IAAI,CAAC;AACd,CAAC;AAED,MAAMA,QAAM,GAAG,gBAAgB,CAAC,6BAA6B,CAAC,CAAC;AAE/D;;;;;;;;AAQA,MAAa,2BAA2B;;;;;;;;;;IAkBtC,YACE,QAAgB,EAChB,QAAgB,EAChB,eAAuB,EACvB,OAA4C;QAE5C,aAAa,CAACA,QAAM,EAAE,QAAQ,CAAC,CAAC;QAEhC,IAAI,CAAC,cAAc,GAAG,IAAI,cAAc,CAAC,OAAO,CAAC,CAAC;QAClD,IAAI,CAAC,QAAQ,GAAG,QAAQ,CAAC;QACzB,IAAI,CAAC,QAAQ,GAAG,QAAQ,CAAC;QACzB,IAAI,CAAC,iBAAiB,GAAGK,eAAY,CAAC,eAAe,EAAE,MAAM,CAAC,CAAC;QAE/D,MAAM,kBAAkB,GAAG,+FAA+F,CAAC;QAE3H,MAAM,UAAU,GAAa,EAAE,CAAC;;QAGhC,IAAI,KAAK,CAAC;QACV,GAAG;YACD,KAAK,GAAG,kBAAkB,CAAC,IAAI,CAAC,IAAI,CAAC,iBAAiB,CAAC,CAAC;YACxD,IAAI,KAAK,EAAE;gBACT,UAAU,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC;aAC3B;SACF,QAAQ,KAAK,EAAE;QAEhB,IAAI,UAAU,CAAC,MAAM,KAAK,CAAC,EAAE;YAC3B,MAAM,KAAK,GAAG,IAAI,KAAK,CACrB,4EAA4E,CAC7E,CAAC;YACFL,QAAM,CAAC,IAAI,CAAC,WAAW,CAAC,EAAE,EAAE,KAAK,CAAC,CAAC,CAAC;YACpC,MAAM,KAAK,CAAC;SACb;QAED,IAAI,CAAC,qBAAqB,GAAGM,iBAAU,CAAC,MAAM,CAAC;aAC5C,MAAM,CAAC,MAAM,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC,CAAC,EAAE,QAAQ,CAAC,CAAC;aAC5C,MAAM,CAAC,KAAK,CAAC;aACb,WAAW,EAAE,CAAC;QAEjB,IAAI,CAAC,cAAc,GAAG,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,qBAAqB,EAAE,KAAK,CAAC,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC;QACxF,IAAI,OAAO,IAAI,OAAO,CAAC,oBAAoB,EAAE;YAC3C,IAAI,CAAC,cAAc,GAAG,UAAU,CAAC;SAClC;KACF;;;;;;;;;;;IAYY,QAAQ,CACnB,MAAyB,EACzB,OAAyB;;YAEzB,MAAM,EAAE,IAAI,EAAE,cAAc,EAAE,UAAU,EAAE,GAAG,UAAU,CACrD,sCAAsC,EACtC,OAAO,CACR,CAAC;YACF,IAAI;gBACF,MAAM,OAAO,GAAGC,OAAM,EAAE,CAAC;gBACzB,MAAM,SAAS,GAAG,8BAA8B,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;gBAChE,MAAM,WAAW,GAAG,GAAG,IAAI,CAAC,cAAc,CAAC,aAAa,IAAI,IAAI,CAAC,QAAQ,IAAI,SAAS,EAAE,CAAC;gBACzF,IAAI,MAAkB,CAAC;gBAEvB,IAAI,IAAI,CAAC,cAAc,EAAE;oBACvB,MAAM,GAAG;wBACP,GAAG,EAAE,KAAK;wBACV,GAAG,EAAE,OAAO;wBACZ,GAAG,EAAE,IAAI,CAAC,cAAc;wBACxB,GAAG,EAAE,IAAI,CAAC,cAAc;qBACzB,CAAC;iBACH;qBAAM;oBACL,MAAM,GAAG;wBACP,GAAG,EAAE,KAAK;wBACV,GAAG,EAAE,OAAO;wBACZ,GAAG,EAAE,IAAI,CAAC,cAAc;qBACzB,CAAC;iBACH;gBAED,MAAM,OAAO,GAAG;oBACd,GAAG,EAAE,IAAI,CAAC,QAAQ;oBAClB,GAAG,EAAE,IAAI,CAAC,QAAQ;oBAClB,GAAG,EAAE,WAAW;oBAChB,GAAG,EAAE,OAAO;oBACZ,GAAG,EAAE,kBAAkB,CAAC,IAAI,IAAI,EAAE,CAAC;oBACnC,GAAG,EAAE,kBAAkB,CAAC,UAAU,CAAC,IAAI,IAAI,EAAE,EAAE,yBAAyB,CAAC,CAAC;iBAC3E,CAAC;gBAEF,MAAM,eAAe,GAAG,GAAG,CAAC,IAAI,CAAC;oBAC/B,MAAM;oBACN,OAAO;oBACP,MAAM,EAAE,IAAI,CAAC,iBAAiB;iBAC/B,CAAC,CAAC;gBAEH,MAAM,WAAW,GAAG,IAAI,CAAC,cAAc,CAAC,iBAAiB,CAAC;oBACxD,GAAG,EAAE,WAAW;oBAChB,MAAM,EAAE,MAAM;oBACd,0BAA0B,EAAE,IAAI;oBAChC,qBAAqB,EAAE,SAAS;oBAChC,IAAI,EAAE,EAAE,CAAC,SAAS,CAAC;wBACjB,aAAa,EAAE,OAAO;wBACtB,UAAU,EAAE,oBAAoB;wBAChC,SAAS,EAAE,IAAI,CAAC,QAAQ;wBACxB,qBAAqB,EAAE,wDAAwD;wBAC/E,gBAAgB,EAAE,eAAe;wBACjC,KAAK,EAAE,OAAO,MAAM,KAAK,QAAQ,GAAG,MAAM,GAAG,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC;qBAC9D,CAAC;oBACF,OAAO,EAAE;wBACP,MAAM,EAAE,kBAAkB;wBAC1B,cAAc,EAAE,mCAAmC;qBACpD;oBACD,WAAW,EAAE,OAAO,IAAI,OAAO,CAAC,WAAW;oBAC3C,WAAW,EAAE,UAAU,CAAC,cAAc,IAAI,UAAU,CAAC,cAAc,CAAC,WAAW;oBAC/E,cAAc,EAAE,UAAU,CAAC,cAAc,IAAI,UAAU,CAAC,cAAc,CAAC,cAAc;iBACtF,CAAC,CAAC;gBAEH,MAAM,aAAa,GAAG,MAAM,IAAI,CAAC,cAAc,CAAC,gBAAgB,CAAC,WAAW,CAAC,CAAC;gBAC9EP,QAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,aAAa,CAAC,MAAM,CAAC,CAAC,CAAC;gBAC5C,OAAO,CAAC,aAAa,IAAI,aAAa,CAAC,WAAW,KAAK,IAAI,CAAC;aAC7D;YAAC,OAAO,GAAG,EAAE;gBACZ,IAAI,CAAC,SAAS,CAAC;oBACb,IAAI,EAAEC,0BAAc,CAAC,KAAK;oBAC1B,OAAO,EAAE,GAAG,CAAC,OAAO;iBACrB,CAAC,CAAC;gBACHD,QAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,WAAW,CAAC,EAAE,EAAE,GAAG,CAAC,CAAC,CAAC;gBAC3C,MAAM,GAAG,CAAC;aACX;oBAAS;gBACR,IAAI,CAAC,GAAG,EAAE,CAAC;aACZ;SACF;KAAA;CACF;;AC/LD;AACA,AAWA,MAAMA,QAAM,GAAG,gBAAgB,CAAC,4BAA4B,CAAC,CAAC;AAE9D;;;;;;AAMA,MAAa,0BAA0B;;;;;;;;;;;;IAkBrC,YACE,cAAsB,EACtB,QAAgB,EAChB,QAAgB,EAChB,QAAgB,EAChB,OAAgC;QAEhC,aAAa,CAACA,QAAM,EAAE,cAAc,CAAC,CAAC;QAEtC,IAAI,CAAC,cAAc,GAAG,IAAI,cAAc,CAAC,OAAO,CAAC,CAAC;QAClD,IAAI,CAAC,QAAQ,GAAG,cAAc,CAAC;QAC/B,IAAI,CAAC,QAAQ,GAAG,QAAQ,CAAC;QACzB,IAAI,CAAC,QAAQ,GAAG,QAAQ,CAAC;QACzB,IAAI,CAAC,QAAQ,GAAG,QAAQ,CAAC;KAC1B;;;;;;;;;;;IAYY,QAAQ,CACnB,MAAyB,EACzB,OAAyB;;YAEzB,MAAM,EAAE,IAAI,EAAE,cAAc,EAAE,UAAU,EAAE,GAAG,UAAU,CACrD,qCAAqC,EACrC,OAAO,CACR,CAAC;YACF,IAAI;gBACF,MAAM,SAAS,GAAG,8BAA8B,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;gBAChE,MAAM,WAAW,GAAG,IAAI,CAAC,cAAc,CAAC,iBAAiB,CAAC;oBACxD,GAAG,EAAE,GAAG,IAAI,CAAC,cAAc,CAAC,aAAa,IAAI,IAAI,CAAC,QAAQ,IAAI,SAAS,EAAE;oBACzE,MAAM,EAAE,MAAM;oBACd,0BAA0B,EAAE,IAAI;oBAChC,qBAAqB,EAAE,SAAS;oBAChC,IAAI,EAAE,EAAE,CAAC,SAAS,CAAC;wBACjB,aAAa,EAAE,OAAO;wBACtB,UAAU,EAAE,UAAU;wBACtB,SAAS,EAAE,IAAI,CAAC,QAAQ;wBACxB,QAAQ,EAAE,IAAI,CAAC,QAAQ;wBACvB,QAAQ,EAAE,IAAI,CAAC,QAAQ;wBACvB,KAAK,EAAE,OAAO,MAAM,KAAK,QAAQ,GAAG,MAAM,GAAG,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC;qBAC9D,CAAC;oBACF,OAAO,EAAE;wBACP,MAAM,EAAE,kBAAkB;wBAC1B,cAAc,EAAE,mCAAmC;qBACpD;oBACD,WAAW,EAAE,OAAO,IAAI,OAAO,CAAC,WAAW;oBAC3C,WAAW,EAAE,UAAU,CAAC,cAAc,IAAI,UAAU,CAAC,cAAc,CAAC,WAAW;oBAC/E,cAAc,EAAE,UAAU,CAAC,cAAc,IAAI,UAAU,CAAC,cAAc,CAAC,cAAc;iBACtF,CAAC,CAAC;gBAEH,MAAM,aAAa,GAAG,MAAM,IAAI,CAAC,cAAc,CAAC,gBAAgB,CAAC,WAAW,CAAC,CAAC;gBAC9EA,QAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,aAAa,CAAC,MAAM,CAAC,CAAC,CAAC;gBAC5C,OAAO,CAAC,aAAa,IAAI,aAAa,CAAC,WAAW,KAAK,IAAI,CAAC;aAC7D;YAAC,OAAO,GAAG,EAAE;gBACZ,IAAI,CAAC,SAAS,CAAC;oBACb,IAAI,EAAEC,0BAAc,CAAC,KAAK;oBAC1B,OAAO,EAAE,GAAG,CAAC,OAAO;iBACrB,CAAC,CAAC;gBACHD,QAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,WAAW,CAAC,MAAM,EAAE,GAAG,CAAC,CAAC,CAAC;gBAC/C,MAAM,GAAG,CAAC;aACX;oBAAS;gBACR,IAAI,CAAC,GAAG,EAAE,CAAC;aACZ;SACF;KAAA;CACF;;AC9GD;AACA,AAgBA;;;;;;;AAOA,AAAO,MAAM,gCAAgC,GAAG;IAC9C,iBAAiB;IACjB,iBAAiB;IACjB,qBAAqB;IACrB,+BAA+B;IAC/B,gBAAgB;IAChB,gBAAgB;CACjB,CAAC;AAEF,MAAMA,QAAM,GAAG,gBAAgB,CAAC,uBAAuB,CAAC,CAAC;AAEzD;;;;;;;;;;;;AAYA,MAAa,qBAAqB;;;;;;;;;IAUhC,YAAY,OAAgC;;QATpC,gBAAW,GAAqB,SAAS,CAAC;QAYhD,MAAM,QAAQ,GAAG,cAAc,CAAC,gCAAgC,CAAC,CAAC,QAAQ,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QACtFA,QAAM,CAAC,IAAI,CAAC,8CAA8C,QAAQ,EAAE,CAAC,CAAC;QAEtE,MAAM,QAAQ,GAAG,OAAO,CAAC,GAAG,CAAC,eAAe,EAC1C,QAAQ,GAAG,OAAO,CAAC,GAAG,CAAC,eAAe,EACtC,YAAY,GAAG,OAAO,CAAC,GAAG,CAAC,mBAAmB,CAAC;QAEjD,IAAI,QAAQ,EAAE;YACZ,aAAa,CAACA,QAAM,EAAE,QAAQ,CAAC,CAAC;SACjC;QAED,IAAI,QAAQ,IAAI,QAAQ,IAAI,YAAY,EAAE;YACxCA,QAAM,CAAC,IAAI,CACT,mDAAmD,QAAQ,eAAe,QAAQ,+BAA+B,CAClH,CAAC;YACF,IAAI,CAAC,WAAW,GAAG,IAAI,sBAAsB,CAAC,QAAQ,EAAE,QAAQ,EAAE,YAAY,EAAE,OAAO,CAAC,CAAC;YACzF,OAAO;SACR;QAED,MAAM,eAAe,GAAG,OAAO,CAAC,GAAG,CAAC,6BAA6B,CAAC;QAClE,IAAI,QAAQ,IAAI,QAAQ,IAAI,eAAe,EAAE;YAC3CA,QAAM,CAAC,IAAI,CACT,wDAAwD,QAAQ,eAAe,QAAQ,yBAAyB,eAAe,EAAE,CAClI,CAAC;YACF,IAAI,CAAC,WAAW,GAAG,IAAI,2BAA2B,CAChD,QAAQ,EACR,QAAQ,EACR,eAAe,EACf,OAAO,CACR,CAAC;YACF,OAAO;SACR;QAED,MAAM,QAAQ,GAAG,OAAO,CAAC,GAAG,CAAC,cAAc,CAAC;QAC5C,MAAM,QAAQ,GAAG,OAAO,CAAC,GAAG,CAAC,cAAc,CAAC;QAC5C,IAAI,QAAQ,IAAI,QAAQ,IAAI,QAAQ,IAAI,QAAQ,EAAE;YAChDA,QAAM,CAAC,IAAI,CACT,uDAAuD,QAAQ,eAAe,QAAQ,kBAAkB,QAAQ,EAAE,CACnH,CAAC;YACF,IAAI,CAAC,WAAW,GAAG,IAAI,0BAA0B,CAC/C,QAAQ,EACR,QAAQ,EACR,QAAQ,EACR,QAAQ,EACR,OAAO,CACR,CAAC;SACH;KACF;;;;;;;;;;;IAYK,QAAQ,CACZ,MAAyB,EACzB,OAAyB;;YAEzB,MAAM,EAAE,IAAI,EAAE,cAAc,EAAE,UAAU,EAAE,GAAG,UAAU,CAAC,gCAAgC,EAAE,OAAO,CAAC,CAAC;YACnG,IAAI,IAAI,CAAC,WAAW,EAAE;gBACpB,IAAI;oBACF,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,WAAW,CAAC,QAAQ,CAAC,MAAM,EAAE,UAAU,CAAC,CAAC;oBACnEA,QAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,aAAa,CAAC,MAAM,CAAC,CAAC,CAAC;oBAC5C,OAAO,MAAM,CAAC;iBACf;gBAAC,OAAO,GAAG,EAAE;oBACZ,IAAI,CAAC,SAAS,CAAC;wBACb,IAAI,EAAEC,0BAAc,CAAC,KAAK;wBAC1B,OAAO,EAAE,GAAG,CAAC,OAAO;qBACrB,CAAC,CAAC;oBACH,MAAM,mBAAmB,GAAG,IAAI,mBAAmB,CAAC,GAAG,EAAE;wBACvD,KAAK,EAAE,8CAA8C;wBACrD,iBAAiB,EAAE,GAAG,CAAC,OAAO;6BAC3B,QAAQ,EAAE;6BACV,KAAK,CAAC,eAAe,CAAC;6BACtB,IAAI,CAAC,EAAE,CAAC;qBACZ,CAAC,CAAC;oBACHD,QAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,WAAW,CAAC,MAAM,EAAE,mBAAmB,CAAC,CAAC,CAAC;oBAC/D,MAAM,mBAAmB,CAAC;iBAC3B;wBAAS;oBACR,IAAI,CAAC,GAAG,EAAE,CAAC;iBACZ;aACF;;;YAID,IAAI,CAAC,SAAS,CAAC,EAAE,IAAI,EAAEC,0BAAc,CAAC,KAAK,EAAE,CAAC,CAAC;YAC/C,IAAI,CAAC,GAAG,EAAE,CAAC;YACX,MAAM,KAAK,GAAG,IAAI,qBAAqB,CACrC,uFAAuF,CACxF,CAAC;YACFD,QAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,WAAW,CAAC,MAAM,EAAE,KAAK,CAAC,CAAC,CAAC;YACjD,MAAM,KAAK,CAAC;SACb;KAAA;CACF;;AC9JD;AACA;AAEA,AAAO,MAAM,kBAAkB,GAAG,WAAW,CAAC;AAE9C,AAAO,MAAM,YAAY,GAAG,uDAAuD,CAAC;AACpF,AAAO,MAAM,cAAc,GAAG,YAAY,CAAC;AAC3C,AAAO,MAAM,kBAAkB,GAAG,YAAY,CAAC;;ACP/C;AACA,SAOgB,mBAAmB,CAAC,MAAyB;IAC3D,IAAI,KAAK,GAAG,EAAE,CAAC;IACf,IAAI,KAAK,CAAC,OAAO,CAAC,MAAM,CAAC,EAAE;QACzB,IAAI,MAAM,CAAC,MAAM,KAAK,CAAC,EAAE;YACvB,MAAM,IAAI,KAAK,CACb,8EAA8E,CAC/E,CAAC;SACH;QAED,KAAK,GAAG,MAAM,CAAC,CAAC,CAAC,CAAC;KACnB;SAAM,IAAI,OAAO,MAAM,KAAK,QAAQ,EAAE;QACrC,KAAK,GAAG,MAAM,CAAC;KAChB;IAED,IAAI,CAAC,KAAK,CAAC,QAAQ,CAAC,kBAAkB,CAAC,EAAE;QACvC,OAAO,KAAK,CAAC;KACd;IAED,OAAO,KAAK,CAAC,MAAM,CAAC,CAAC,EAAE,KAAK,CAAC,WAAW,CAAC,kBAAkB,CAAC,CAAC,CAAC;AAChE,CAAC;AAED,SAAsB,kBAAkB,CACtC,cAA8B,EAC9B,cAAqC,EACrC,eAA+C,EAC/C,kBAAmC,EAAE;;QAErC,MAAM,WAAW,GAAG,cAAc,CAAC,iBAAiB,iBAClD,0BAA0B,EAAE,IAAI,EAChC,qBAAqB,EAAE,SAAS,EAChC,WAAW,EAAE,eAAe,CAAC,WAAW,EACxC,WAAW,EAAE,eAAe,CAAC,cAAc,IAAI,eAAe,CAAC,cAAc,CAAC,WAAW,EACzF,cAAc,EAAE,eAAe,CAAC,cAAc,IAAI,eAAe,CAAC,cAAc,CAAC,cAAc,IAC5F,cAAc,EACjB,CAAC;QAEH,MAAM,aAAa,GAAG,MAAM,cAAc,CAAC,gBAAgB,CAAC,WAAW,EAAE,eAAe,CAAC,CAAC;QAE1F,OAAO,CAAC,aAAa,IAAI,aAAa,CAAC,WAAW,KAAK,IAAI,CAAC;KAC7D;CAAA;;AC/CD;AACA,AASA,MAAMA,QAAM,GAAG,gBAAgB,CAAC,2CAA2C,CAAC,CAAC;AAE7E;AACA,MAAM,eAAe,GAAG,SAAS,CAAC;AAElC,SAAS,qBAAqB,CAAC,QAAgB,EAAE,QAAiB;IAChE,MAAM,IAAI,GAAQ;QAChB,QAAQ;KACT,CAAC;IAEF,IAAI,QAAQ,EAAE;QACZ,IAAI,CAAC,SAAS,GAAG,QAAQ,CAAC;KAC3B;IAED,OAAO;QACL,GAAG,EAAE,OAAO,CAAC,GAAG,CAAC,YAAY;QAC7B,MAAM,EAAE,MAAM;QACd,IAAI,EAAE,EAAE,CAAC,SAAS,CAAC,IAAI,CAAC;QACxB,OAAO,EAAE;YACP,MAAM,EAAE,kBAAkB;YAC1B,QAAQ,EAAE,IAAI;YACd,cAAc,EAAE,mCAAmC;SACpD;KACF,CAAC;AACJ,CAAC;AAED,AAAO,MAAM,aAAa,GAAQ;IAC1B,WAAW;;YACf,OAAO,OAAO,CAAC,OAAO,CAAC,GAAG,CAAC,YAAY,CAAC,CAAC;SAC1C;KAAA;IACK,QAAQ,CACZ,cAA8B,EAC9B,QAAgB,EAChB,QAAiB,EACjB,kBAAmC,EAAE;;YAErCA,QAAM,CAAC,IAAI,CACT,wEAAwE,OAAO,CAAC,GAAG,CAAC,YAAY,iEAAiE,CAClK,CAAC;YAEF,OAAO,kBAAkB,CACvB,cAAc,EACd,qBAAqB,CAAC,QAAQ,EAAE,QAAQ,CAAC,EACzC,eAAe,EACf,eAAe,CAChB,CAAC;SACH;KAAA;CACF,CAAC;;ACzDF;AACA,AAWA,MAAMA,QAAM,GAAG,gBAAgB,CAAC,kCAAkC,CAAC,CAAC;AAEpE,SAASQ,iBAAe,CAAC,WAAgB;IACvC,IAAI,WAAW,CAAC,UAAU,EAAE;;QAE1B,MAAM,OAAO,GAAG,CAAC,WAAW,CAAC,UAAU,GAAG,IAAI,CAAC;QAC/CR,QAAM,CAAC,IAAI,CAAC,0BAA0B,OAAO,qBAAqB,WAAW,CAAC,UAAU,GAAG,CAAC,CAAC;QAC7F,OAAO,OAAO,CAAC;KAChB;SAAM;;QAEL,MAAM,OAAO,GAAG,IAAI,CAAC,GAAG,EAAE,GAAG,WAAW,CAAC,UAAU,GAAG,IAAI,CAAC;QAC3DA,QAAM,CAAC,IAAI,CAAC,0BAA0B,OAAO,qBAAqB,WAAW,CAAC,UAAU,GAAG,CAAC,CAAC;QAC7F,OAAO,OAAO,CAAC;KAChB;AACH,CAAC;AAED,SAASS,uBAAqB,CAAC,QAAiB,EAAE,QAAiB;IACjE,MAAM,eAAe,GAAQ;QAC3B,QAAQ;QACR,aAAa,EAAE,cAAc;KAC9B,CAAC;IAEF,IAAI,QAAQ,EAAE;QACZ,eAAe,CAAC,SAAS,GAAG,QAAQ,CAAC;KACtC;IAED,OAAO;QACL,GAAG,EAAE,YAAY;QACjB,MAAM,EAAE,KAAK;QACb,eAAe;QACf,OAAO,EAAE;YACP,MAAM,EAAE,kBAAkB;YAC1B,QAAQ,EAAE,IAAI;SACf;KACF,CAAC;AACJ,CAAC;AAED,AAAO,MAAM,OAAO,GAAQ;IACpB,WAAW,CACf,cAA8B,EAC9B,QAAgB,EAChB,QAAiB,EACjB,eAAiC;;YAEjC,MAAM,EAAE,IAAI,EAAE,cAAc,EAAE,OAAO,EAAE,GAAG,UAAU,CAClD,4CAA4C,EAC5C,eAAe,CAChB,CAAC;YAEF,MAAM,OAAO,GAAGA,uBAAqB,CAAC,QAAQ,EAAE,QAAQ,CAAC,CAAC;;YAG1D,IAAI,OAAO,CAAC,OAAO,EAAE;;;gBAGnB,OAAO,OAAO,CAAC,OAAO,CAAC,QAAQ,CAAC;aACjC;YAED,OAAO,CAAC,WAAW,GAAG,OAAO,CAAC,cAAc,IAAI,OAAO,CAAC,cAAc,CAAC,WAAW,CAAC;YACnF,OAAO,CAAC,cAAc,GAAG,OAAO,CAAC,cAAc,IAAI,OAAO,CAAC,cAAc,CAAC,cAAc,CAAC;YAEzF,IAAI;;;;gBAIF,MAAM,WAAW,GAAG,cAAc,CAAC,iBAAiB,CAAC,OAAO,CAAC,CAAC;gBAC9D,WAAW,CAAC,OAAO,GAAG,CAAC,OAAO,CAAC,cAAc,IAAI,OAAO,CAAC,cAAc,CAAC,OAAO,KAAK,GAAG,CAAC;gBAExF,IAAI;oBACFT,QAAM,CAAC,IAAI,CAAC,uBAAuB,CAAC,CAAC;oBACrC,MAAM,cAAc,CAAC,WAAW,CAAC,WAAW,CAAC,CAAC;iBAC/C;gBAAC,OAAO,GAAG,EAAE;oBACZ,IACE,CAAC,GAAG,YAAYU,kBAAS,IAAI,GAAG,CAAC,IAAI,KAAKA,kBAAS,CAAC,kBAAkB;wBACtE,GAAG,CAAC,IAAI,KAAK,YAAY;wBACzB,GAAG,CAAC,IAAI,KAAK,cAAc;wBAC3B,GAAG,CAAC,IAAI,KAAK,WAAW;sBACxB;;;wBAGAV,QAAM,CAAC,IAAI,CAAC,2BAA2B,CAAC,CAAC;wBACzC,IAAI,CAAC,SAAS,CAAC;4BACb,IAAI,EAAEC,0BAAc,CAAC,KAAK;4BAC1B,OAAO,EAAE,GAAG,CAAC,OAAO;yBACrB,CAAC,CAAC;;wBAGH,OAAO,KAAK,CAAC;qBACd;iBACF;;gBAGDD,QAAM,CAAC,IAAI,CAAC,4BAA4B,CAAC,CAAC;;gBAG1C,OAAO,IAAI,CAAC;aACb;YAAC,OAAO,GAAG,EAAE;;;gBAGZA,QAAM,CAAC,IAAI,CAAC,8DAA8D,GAAG,CAAC,OAAO,EAAE,CAAC,CAAC;gBACzF,IAAI,CAAC,SAAS,CAAC;oBACb,IAAI,EAAEC,0BAAc,CAAC,KAAK;oBAC1B,OAAO,EAAE,GAAG,CAAC,OAAO;iBACrB,CAAC,CAAC;gBACH,MAAM,GAAG,CAAC;aACX;oBAAS;gBACR,IAAI,CAAC,GAAG,EAAE,CAAC;aACZ;SACF;KAAA;IACK,QAAQ,CACZ,cAA8B,EAC9B,QAAgB,EAChB,QAAiB,EACjB,kBAAmC,EAAE;;YAErCD,QAAM,CAAC,IAAI,CACT,6EAA6E,OAAO,CAAC,GAAG,CAAC,YAAY,iEAAiE,CACvK,CAAC;YAEF,OAAO,kBAAkB,CACvB,cAAc,EACdS,uBAAqB,CAAC,QAAQ,EAAE,QAAQ,CAAC,EACzCD,iBAAe,EACf,eAAe,CAChB,CAAC;SACH;KAAA;CACF,CAAC;;AC1IF;AACA,AAQA,MAAMR,QAAM,GAAG,gBAAgB,CAAC,gDAAgD,CAAC,CAAC;AAElF,SAASQ,iBAAe,CAAC,WAAgB;;;IAGvC,OAAO,IAAI,CAAC,KAAK,CAAC,WAAW,CAAC,UAAU,CAAC,CAAC;AAC5C,CAAC;AAED,SAASC,uBAAqB,CAAC,QAAgB,EAAE,QAAiB;IAChE,MAAM,eAAe,GAAQ;QAC3B,QAAQ;QACR,aAAa,EAAE,YAAY;KAC5B,CAAC;IAEF,IAAI,QAAQ,EAAE;QACZ,eAAe,CAAC,QAAQ,GAAG,QAAQ,CAAC;KACrC;IAED,OAAO;QACL,GAAG,EAAE,OAAO,CAAC,GAAG,CAAC,YAAY;QAC7B,MAAM,EAAE,KAAK;QACb,eAAe;QACf,OAAO,EAAE;YACP,MAAM,EAAE,kBAAkB;YAC1B,MAAM,EAAE,OAAO,CAAC,GAAG,CAAC,UAAU;SAC/B;KACF,CAAC;AACJ,CAAC;AAED,AAAO,MAAM,iBAAiB,GAAQ;IAC9B,WAAW;;YACf,MAAM,GAAG,GAAG,OAAO,CAAC,GAAG,CAAC;YACxB,OAAO,OAAO,CAAC,GAAG,CAAC,YAAY,IAAI,GAAG,CAAC,UAAU,CAAC,CAAC;SACpD;KAAA;IACK,QAAQ,CACZ,cAA8B,EAC9B,QAAgB,EAChB,QAAiB,EACjB,kBAAmC,EAAE;;YAErCT,QAAM,CAAC,IAAI,CACT,yFAAyF,OAAO,CAAC,GAAG,CAAC,YAAY,6BAA6B,CAC/I,CAAC;YAEF,OAAO,kBAAkB,CACvB,cAAc,EACdS,uBAAqB,CAAC,QAAQ,EAAE,QAAQ,CAAC,EACzCD,iBAAe,EACf,eAAe,CAChB,CAAC;SACH;KAAA;CACF,CAAC;;AC5DF;AACA,AAWA,MAAMR,QAAM,GAAG,gBAAgB,CAAC,oCAAoC,CAAC,CAAC;AAEtE;AACA,MAAMQ,iBAAe,GAAG,SAAS,CAAC;AAElC,SAASC,uBAAqB,CAAC,QAAiB;IAC9C,MAAM,eAAe,GAAQ;QAC3B,QAAQ;QACR,aAAa,EAAE,kBAAkB;KAClC,CAAC;IAEF,OAAO;;QAEL,GAAG,EAAE,OAAO,CAAC,GAAG,CAAC,iBAAiB;QAClC,MAAM,EAAE,KAAK;QACb,eAAe;QACf,OAAO,EAAE;YACP,MAAM,EAAE,kBAAkB;YAC1B,QAAQ,EAAE,IAAI;SACf;KACF,CAAC;AACJ,CAAC;AAED;AACA,SAAS,aAAa,CAAC,IAAY,EAAE,OAA6B;IAChE,OAAO,IAAI,OAAO,CAAC,CAAC,OAAO,EAAE,MAAM,KACjCE,WAAQ,CAAC,IAAI,EAAE,OAAO,EAAE,CAAC,GAAG,EAAE,IAAI;QAChC,IAAI,GAAG,EAAE;YACP,MAAM,CAAC,GAAG,CAAC,CAAC;SACb;QACD,OAAO,CAAC,IAAI,CAAC,CAAC;KACf,CAAC,CACH,CAAC;AACJ,CAAC;AAED,SAAe,eAAe,CAC5B,cAA8B,EAC9B,qBAA4C;;QAE5C,MAAM,QAAQ,GAAG,MAAM,cAAc,CAAC,WAAW,CAC/C,cAAc,CAAC,iBAAiB,CAAC,qBAAqB,CAAC,CACxD,CAAC;QAEF,IAAI,QAAQ,CAAC,MAAM,KAAK,GAAG,EAAE;YAC3B,IAAI,OAAO,GAAG,EAAE,CAAC;YACjB,IAAI,QAAQ,CAAC,UAAU,EAAE;gBACvB,OAAO,GAAG,cAAc,QAAQ,CAAC,UAAU,EAAE,CAAC;aAC/C;YACD,MAAM,IAAI,mBAAmB,CAC3B,QAAQ,CAAC,MAAM,EACf,wFAAwF,OAAO,EAAE,CAClG,CAAC;SACH;QAED,MAAM,UAAU,GAAG,QAAQ,CAAC,OAAO,CAAC,GAAG,CAAC,kBAAkB,CAAC,IAAI,EAAE,CAAC;QAClE,OAAO,UAAU,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;KAC1C;CAAA;AAED,AAAO,MAAM,MAAM,GAAQ;IACnB,WAAW;;YACf,OAAO,OAAO,CAAC,OAAO,CAAC,GAAG,CAAC,aAAa,IAAI,OAAO,CAAC,GAAG,CAAC,iBAAiB,CAAC,CAAC;SAC5E;KAAA;IACK,QAAQ,CACZ,cAA8B,EAC9B,QAAiB,EACjB,QAAiB,EACjB,kBAAmC,EAAE;;YAErCX,QAAM,CAAC,IAAI,CAAC,0CAA0C,CAAC,CAAC;YAExD,IAAI,QAAQ,EAAE;gBACZ,MAAM,IAAI,KAAK,CACb,4TAA4T,CAC7T,CAAC;aACH;YAED,MAAM,cAAc,mBAClB,0BAA0B,EAAE,IAAI,EAChC,qBAAqB,EAAE,SAAS,EAChC,WAAW,EAAE,eAAe,CAAC,WAAW,EACxC,WAAW,EAAE,eAAe,CAAC,cAAc,IAAI,eAAe,CAAC,cAAc,CAAC,WAAW,EACzF,cAAc,EAAE,eAAe,CAAC,cAAc,IAAI,eAAe,CAAC,cAAc,CAAC,cAAc,IAC5FS,uBAAqB,CAAC,QAAQ,CAAC,CACnC,CAAC;YAEF,MAAM,QAAQ,GAAG,MAAM,eAAe,CAAC,cAAc,EAAE,cAAc,CAAC,CAAC;YAEvE,IAAI,CAAC,QAAQ,EAAE;gBACb,MAAM,IAAI,KAAK,CAAC,8CAA8C,CAAC,CAAC;aACjE;YAED,MAAM,GAAG,GAAG,MAAM,aAAa,CAAC,QAAQ,EAAE,EAAE,QAAQ,EAAE,OAAO,EAAE,CAAC,CAAC;YACjE,cAAc,CAAC,OAAQ,CAAC,eAAe,CAAC,GAAG,SAAS,GAAG,EAAE,CAAC;YAE1D,OAAO,kBAAkB,CAAC,cAAc,EAAE,cAAc,EAAED,iBAAe,EAAE,eAAe,CAAC,CAAC;SAC7F;KAAA;CACF,CAAC;;AC5GF;AACA,AAkBA,MAAMR,QAAM,GAAG,gBAAgB,CAAC,2BAA2B,CAAC,CAAC;AAE7D;;;;;;;;;AASA,MAAa,yBAAyB;;;;;IAuBpC,YACE,iBAA8D,EAC9D,OAAgC;QAtB1B,0BAAqB,GAAmB,IAAI,CAAC;QAwBnD,IAAI,OAAO,iBAAiB,KAAK,QAAQ,EAAE;;YAEzC,IAAI,CAAC,QAAQ,GAAG,iBAAiB,CAAC;YAClC,IAAI,CAAC,cAAc,GAAG,IAAI,cAAc,CAAC,OAAO,CAAC,CAAC;SACnD;aAAM;;YAEL,IAAI,CAAC,cAAc,GAAG,IAAI,cAAc,CAAC,iBAAiB,CAAC,CAAC;SAC7D;KACF;IAIa,kBAAkB,CAC9B,QAAgB,EAChB,QAAiB,EACjB,eAAiC;;YAEjC,IAAI,IAAI,CAAC,SAAS,EAAE;gBAClB,OAAO,IAAI,CAAC,SAAS,CAAC;aACvB;;;YAID,MAAM,IAAI,GAAG,CAAC,iBAAiB,EAAE,aAAa,EAAE,MAAM,EAAE,OAAO,CAAC,CAAC;YAEjE,KAAK,MAAM,GAAG,IAAI,IAAI,EAAE;gBACtB,IAAI,MAAM,GAAG,CAAC,WAAW,CAAC,IAAI,CAAC,cAAc,EAAE,QAAQ,EAAE,QAAQ,EAAE,eAAe,CAAC,EAAE;oBACnF,IAAI,CAAC,SAAS,GAAG,GAAG,CAAC;oBACrB,OAAO,GAAG,CAAC;iBACZ;aACF;YAED,MAAM,IAAI,qBAAqB,CAAC,yDAAyD,CAAC,CAAC;SAC5F;KAAA;IAEa,2BAA2B,CACvC,MAAyB,EACzB,QAAiB,EACjB,eAAiC;;YAEjC,MAAM,QAAQ,GAAG,mBAAmB,CAAC,MAAM,CAAC,CAAC;YAC7C,MAAM,EAAE,IAAI,EAAE,cAAc,EAAE,OAAO,EAAE,GAAG,UAAU,CAClD,uDAAuD,EACvD,eAAe,CAChB,CAAC;YAEF,IAAI;;gBAEF,MAAM,YAAY,GAAG,MAAM,IAAI,CAAC,kBAAkB,CAAC,QAAQ,EAAE,QAAQ,EAAE,OAAO,CAAC,CAAC;gBAEhF,OAAO,YAAY,CAAC,QAAQ,CAAC,IAAI,CAAC,cAAc,EAAE,QAAQ,EAAE,QAAQ,EAAE,OAAO,CAAC,CAAC;aAChF;YAAC,OAAO,GAAG,EAAE;gBACZ,IAAI,CAAC,SAAS,CAAC;oBACb,IAAI,EAAEC,0BAAc,CAAC,KAAK;oBAC1B,OAAO,EAAE,GAAG,CAAC,OAAO;iBACrB,CAAC,CAAC;gBACH,MAAM,GAAG,CAAC;aACX;oBAAS;gBACR,IAAI,CAAC,GAAG,EAAE,CAAC;aACZ;SACF;KAAA;;;;;;;;;;;IAYY,QAAQ,CACnB,MAAyB,EACzB,OAAyB;;YAEzB,IAAI,MAAM,GAAuB,IAAI,CAAC;YAEtC,MAAM,EAAE,IAAI,EAAE,cAAc,EAAE,UAAU,EAAE,GAAG,UAAU,CAAC,oCAAoC,EAAE,OAAO,CAAC,CAAC;YAEvG,IAAI;;;;gBAIF,IAAI,IAAI,CAAC,qBAAqB,KAAK,IAAI,EAAE;oBACvC,MAAM,GAAG,MAAM,IAAI,CAAC,2BAA2B,CAAC,MAAM,EAAE,IAAI,CAAC,QAAQ,EAAE,UAAU,CAAC,CAAC;oBAEnF,IAAI,MAAM,KAAK,IAAI,EAAE;;;;wBAInB,IAAI,CAAC,qBAAqB,GAAG,IAAI,CAAC;;;wBAIlC,MAAM,KAAK,GAAG,IAAI,qBAAqB,CACrC,yEAAyE,CAC1E,CAAC;wBACFD,QAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,WAAW,CAAC,MAAM,EAAE,KAAK,CAAC,CAAC,CAAC;wBACjD,MAAM,KAAK,CAAC;qBACb;;;;oBAKD,IAAI,CAAC,qBAAqB,GAAG,KAAK,CAAC;iBACpC;qBAAM;;;oBAGL,MAAM,KAAK,GAAG,IAAI,qBAAqB,CACrC,0DAA0D,CAC3D,CAAC;oBACFA,QAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,WAAW,CAAC,MAAM,EAAE,KAAK,CAAC,CAAC,CAAC;oBACjD,MAAM,KAAK,CAAC;iBACb;gBAEDA,QAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,aAAa,CAAC,MAAM,CAAC,CAAC,CAAC;gBAC5C,OAAO,MAAM,CAAC;aACf;YAAC,OAAO,GAAG,EAAE;;;gBAGZ,IAAI,GAAG,YAAY,qBAAqB,EAAE;oBACxC,MAAM,GAAG,CAAC;iBACX;;;;;;gBAQD,IAAI,CAAC,SAAS,CAAC;oBACb,IAAI,EAAEC,0BAAc,CAAC,KAAK;oBAC1B,OAAO,EAAE,GAAG,CAAC,OAAO;iBACrB,CAAC,CAAC;;;gBAIH,IAAI,GAAG,CAAC,IAAI,KAAK,aAAa,EAAE;oBAC9B,MAAM,KAAK,GAAG,IAAI,qBAAqB,CACrC,gEAAgE,CACjE,CAAC;oBAEFD,QAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,WAAW,CAAC,MAAM,EAAE,KAAK,CAAC,CAAC,CAAC;oBACjD,MAAM,KAAK,CAAC;iBACb;;;gBAID,IAAI,GAAG,CAAC,IAAI,KAAK,cAAc,EAAE;oBAC/B,MAAM,KAAK,GAAG,IAAI,qBAAqB,CACrC,+EAA+E,CAChF,CAAC;oBAEFA,QAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,WAAW,CAAC,MAAM,EAAE,KAAK,CAAC,CAAC,CAAC;oBACjD,MAAM,KAAK,CAAC;iBACb;;;gBAID,IAAI,GAAG,CAAC,UAAU,KAAK,GAAG,EAAE;oBAC1B,MAAM,IAAI,qBAAqB,CAC7B,2EAA2E,CAC5E,CAAC;iBACH;;;gBAID,IAAI,GAAG,CAAC,UAAU,KAAK,SAAS,EAAE;oBAChC,MAAM,IAAI,qBAAqB,CAC7B,4DAA4D,GAAG,CAAC,OAAO,EAAE,CAC1E,CAAC;iBACH;;gBAGD,MAAM,IAAI,mBAAmB,CAAC,GAAG,CAAC,UAAU,EAAE;oBAC5C,KAAK,EAAE,kDAAkD;oBACzD,iBAAiB,EAAE,GAAG,CAAC,OAAO;iBAC/B,CAAC,CAAC;aACJ;oBAAS;;gBAER,IAAI,CAAC,GAAG,EAAE,CAAC;aACZ;SACF;KAAA;CACF;;ACjPD;AACA,AASA,SAAS,iBAAiB;IACxB,IAAI,OAAO,CAAC,QAAQ,KAAK,OAAO,EAAE;QAChC,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,UAAU,EAAE;YAC3B,MAAM,IAAI,KAAK,CAAC,kEAAkE,CAAC,CAAC;SACrF;QACD,OAAO,OAAO,CAAC,GAAG,CAAC,UAAU,CAAC;KAC/B;SAAM;QACL,OAAO,MAAM,CAAC;KACf;AACH,CAAC;AAED,MAAMA,QAAM,GAAG,gBAAgB,CAAC,oBAAoB,CAAC,CAAC;AAEtD;;;;;;;;AAQA,MAAa,kBAAkB;;;;;IAKb,sBAAsB,CACpC,QAAgB;;YAEhB,OAAO,IAAI,OAAO,CAAC,CAAC,OAAO,EAAE,MAAM;gBACjC,IAAI;oBACFY,kBAAkB,CAChB,wDAAwD,QAAQ,EAAE,EAClE,EAAE,GAAG,EAAE,iBAAiB,EAAE,EAAE,EAC5B,CAAC,KAAK,EAAE,MAAM,EAAE,MAAM;wBACpB,OAAO,CAAC,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,EAAE,KAAK,EAAE,CAAC,CAAC;qBACpD,CACF,CAAC;iBACH;gBAAC,OAAO,GAAG,EAAE;oBACZ,MAAM,CAAC,GAAG,CAAC,CAAC;iBACb;aACF,CAAC,CAAC;SACJ;KAAA;;;;;;;;;;;IAYY,QAAQ,CACnB,MAAyB,EACzB,OAAyB;;YAEzB,OAAO,IAAI,OAAO,CAAC,CAAC,OAAO,EAAE,MAAM;gBACjC,MAAM,KAAK,GAAG,OAAO,MAAM,KAAK,QAAQ,GAAG,MAAM,GAAG,MAAM,CAAC,CAAC,CAAC,CAAC;gBAC9DZ,QAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,mBAAmB,KAAK,EAAE,CAAC,CAAC;gBAEjD,MAAM,QAAQ,GAAG,KAAK,CAAC,OAAO,CAAC,aAAa,EAAE,EAAE,CAAC,CAAC;;gBAGlD,IAAI,CAAC,KAAK,CAAC,KAAK,CAAC,oBAAoB,CAAC,EAAE;oBACtC,MAAM,KAAK,GAAG,IAAI,KAAK,CAAC,2DAA2D,CAAC,CAAC;oBACrFA,QAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,WAAW,CAAC,MAAM,EAAE,KAAK,CAAC,CAAC,CAAC;oBACjD,MAAM,KAAK,CAAC;iBACb;gBAED,IAAI,YAAY,GAAG,EAAE,CAAC;gBAEtB,MAAM,EAAE,IAAI,EAAE,GAAG,UAAU,CAAC,6BAA6B,EAAE,OAAO,CAAC,CAAC;gBACpE,IAAI,CAAC,sBAAsB,CAAC,QAAQ,CAAC;qBAClC,IAAI,CAAC,CAAC,GAAQ;oBACb,IAAI,GAAG,CAAC,MAAM,EAAE;wBACd,MAAM,YAAY,GAAG,GAAG,CAAC,MAAM,CAAC,KAAK,CAAC,kBAAkB,CAAC,CAAC;wBAC1D,MAAM,iBAAiB,GACrB,GAAG,CAAC,MAAM,CAAC,KAAK,CAAC,kBAAkB,CAAC;4BACpC,GAAG,CAAC,MAAM,CAAC,UAAU,CAAC,wBAAwB,CAAC,CAAC;wBAClD,IAAI,iBAAiB,EAAE;4BACrB,MAAM,KAAK,GAAG,IAAI,qBAAqB,CACrC,mLAAmL,CACpL,CAAC;4BACFA,QAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,WAAW,CAAC,MAAM,EAAE,KAAK,CAAC,CAAC,CAAC;4BACjD,MAAM,KAAK,CAAC;yBACb;6BAAM,IAAI,YAAY,EAAE;4BACvB,MAAM,KAAK,GAAG,IAAI,qBAAqB,CACrC,2FAA2F,CAC5F,CAAC;4BACFA,QAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,WAAW,CAAC,MAAM,EAAE,KAAK,CAAC,CAAC,CAAC;4BACjD,MAAM,KAAK,CAAC;yBACb;wBACD,MAAM,KAAK,GAAG,IAAI,qBAAqB,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC;wBACpDA,QAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,WAAW,CAAC,MAAM,EAAE,KAAK,CAAC,CAAC,CAAC;wBACjD,MAAM,KAAK,CAAC;qBACb;yBAAM;wBACL,YAAY,GAAG,GAAG,CAAC,MAAM,CAAC;wBAC1B,MAAM,QAAQ,GAA+C,IAAI,CAAC,KAAK,CAAC,YAAY,CAAC,CAAC;wBACtFA,QAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,aAAa,CAAC,MAAM,CAAC,CAAC,CAAC;wBAC5C,MAAM,WAAW,GAAG;4BAClB,KAAK,EAAE,QAAQ,CAAC,WAAW;4BAC3B,kBAAkB,EAAE,IAAI,IAAI,CAAC,QAAQ,CAAC,SAAS,CAAC,CAAC,OAAO,EAAE;yBAC3D,CAAC;wBACF,OAAO,CAAC,WAAW,CAAC,CAAC;wBACrB,OAAO,WAAW,CAAC;qBACpB;iBACF,CAAC;qBACD,KAAK,CAAC,CAAC,GAAG;oBACT,IAAI,CAAC,SAAS,CAAC;wBACb,IAAI,EAAEC,0BAAc,CAAC,KAAK;wBAC1B,OAAO,EAAE,GAAG,CAAC,OAAO;qBACrB,CAAC,CAAC;oBACHD,QAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,WAAW,CAAC,MAAM,EAAE,GAAG,CAAC,CAAC,CAAC;oBAC/C,MAAM,CAAC,GAAG,CAAC,CAAC;iBACb,CAAC,CAAC;aACN,CAAC,CAAC;SACJ;KAAA;CACF;;ACjID;AACA;AAEA;;;;AAIA;AACA;AACA;AACA,AAAO,MAAM,uBAAuB,GAAG,sCAAsC,CAAC;AAE9E;;;;AAIA,AAAO,MAAM,eAAe,GAAG,QAAQ,CAAC;AAExC,AAGA,WAAY,mBAAmB;;;;IAI7B,oEAA6C,CAAA;;;;IAI7C,wEAAiD,CAAA;;;;IAIjD,2EAAoD,CAAA;;;;IAIpD,6EAAsD,CAAA;AACxD,CAAC,EAjBWa,2BAAmB,KAAnBA,2BAAmB,QAiB9B;;ACtCD;AACA,AAQA,IAAI,MAAW,CAAC;AAChB,IAAI;;IAEF,MAAM,GAAG,OAAO,CAAC,QAAQ,CAAC,CAAC;CAC5B;AAAC,OAAO,EAAE,EAAE;IACX,MAAM,GAAG,IAAI,CAAC;CACf;AAED,AAKA,MAAM,cAAc,GAAG,QAAQ,CAAC;AAChC,MAAM,oBAAoB,GAAG,sCAAsC,CAAC;AACpE,MAAM,cAAc,GAAG,eAAe,CAAC;AACvC,MAAMb,QAAM,GAAG,gBAAgB,CAAC,4BAA4B,CAAC,CAAC;AAE9D;AACA,MAAM,oBAAoB,GAA2B;IACnD,IAAI,EAAE,mFAAmF;CAC1F,CAAC;AAEF,SAAS,sBAAsB,CAAC,QAAgB;;IAE9C,MAAM,sBAAsB,GAAG,oBAAoB,CAAC,QAAQ,CAAC,CAAC;IAC9D,IAAI,sBAAsB,EAAE;QAC1B,MAAM,IAAI,qBAAqB,CAAC,sBAAsB,CAAC,CAAC;KACzD;AACH,CAAC;AAID,MAAM,uBAAuB,GAAqC;IAChE,UAAU,EAAEa,2BAAmB,CAAC,gBAAgB;IAChD,UAAU,EAAEA,2BAAmB,CAAC,UAAU;IAC1C,gBAAgB,EAAEA,2BAAmB,CAAC,YAAY;IAClD,iBAAiB,EAAEA,2BAAmB,CAAC,eAAe;CACvD,CAAC;AAEF;;;;AAIA,SAAgB,qBAAqB,CAAC,QAAgB;IACpD,MAAM,YAAY,GAAG,CAAC,MAAM,EAAE,eAAe,CAAC,CAAC;;IAE/C,MAAM,YAAY,GAAG,MAAM,CAAC;IAC5B,MAAM,OAAO,GAAG,EAAE,CAAC,OAAO,EAAE,CAAC;IAE7B,SAAS,YAAY,CAAC,GAAG,YAAsB;QAC7C,MAAM,QAAQ,GAAG,IAAI,CAAC,IAAI,CAAC,GAAG,YAAY,EAAE,YAAY,EAAE,GAAG,YAAY,CAAC,CAAC;QAC3E,MAAM,QAAQ,GAAG,IAAI,CAAC,KAAK,CAACC,WAAE,CAAC,YAAY,CAAC,QAAQ,EAAE,EAAE,QAAQ,EAAE,MAAM,EAAE,CAAC,CAAC,CAAC;QAC7E,OAAO,QAAQ,CAAC,QAAQ,CAAC,CAAC;KAC3B;IAED,IAAI;QACF,IAAI,OAAe,CAAC;QACpB,QAAQ,OAAO,CAAC,QAAQ;YACtB,KAAK,OAAO;gBACV,OAAO,GAAG,OAAO,CAAC,GAAG,CAAC,OAAQ,CAAC;gBAC/B,OAAO,OAAO,GAAG,YAAY,CAAC,OAAO,CAAC,GAAG,SAAS,CAAC;YACrD,KAAK,QAAQ;gBACX,OAAO,YAAY,CAAC,OAAO,EAAE,SAAS,EAAE,qBAAqB,CAAC,CAAC;YACjE,KAAK,OAAO;gBACV,OAAO,YAAY,CAAC,OAAO,EAAE,SAAS,CAAC,CAAC;YAC1C;gBACE,OAAO;SACV;KACF;IAAC,OAAO,CAAC,EAAE;QACVd,QAAM,CAAC,IAAI,CAAC,oEAAoE,CAAC,CAAC,OAAO,EAAE,CAAC,CAAC;QAC7F,OAAO;KACR;AACH,CAAC;AAYD;;;;;AAKA,MAAa,0BAA0B;;;;;;IAUrC,YAAY,OAA2C;;;QAGrD,IAAI,CAAC,SAAS,IAAI,qBAAqB,CAAC,aAAa,CAAC,IAAI,YAAY,CAAqB,CAAC;;QAG5F,MAAM,aAAa,GAAG,uBAAuB,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC;QAE9D,IAAI,CAAC,cAAc,GAAG,IAAI,cAAc,iBACtC,aAAa,IACV,OAAO,EACV,CAAC;QAEH,IAAI,OAAO,IAAI,OAAO,CAAC,QAAQ,EAAE;YAC/B,aAAa,CAACA,QAAM,EAAE,OAAO,CAAC,QAAQ,CAAC,CAAC;YAExC,IAAI,CAAC,QAAQ,GAAG,OAAO,CAAC,QAAQ,CAAC;SAClC;aAAM;YACL,IAAI,CAAC,QAAQ,GAAG,cAAc,CAAC;SAChC;QACD,sBAAsB,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;KACvC;;;;IAKa,OAAO;;;YAEnB,MAAM,cAAc,GAAG,qBAAqB,CAAC,cAAc,CAAC,CAAC;YAC7D,IAAI,cAAc,EAAE;gBAClB,IAAI,CAAC,QAAQ,GAAG,cAAc,CAAC;aAChC;YACD,sBAAsB,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;SACvC;KAAA;;;;IAUO,WAAW;QACjB,IAAI,IAAI,CAAC,cAAc,EAAE;YACvB,OAAO,IAAI,CAAC,cAAc,CAAC;SAC5B;QACD,IAAI,CAAC,cAAc,GAAG,IAAI,CAAC,OAAO,EAAE,CAAC;QACrC,OAAO,IAAI,CAAC,cAAc,CAAC;KAC5B;;;;;;;;;IAUY,QAAQ,CACnB,MAAyB,EACzB,QAA0B;;YAE1B,MAAM,IAAI,CAAC,WAAW,EAAE,CAAC;YACzB,IAAI,CAAC,MAAM,EAAE;gBACX,MAAM,IAAI,qBAAqB,CAC7B,2FAA2F,CAC5F,CAAC;aACH;YAED,IAAI,WAAW,GAAG,OAAO,MAAM,KAAK,QAAQ,GAAG,MAAM,GAAG,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;;YAGzE,IAAI,CAAC,WAAW,CAAC,KAAK,CAAC,oBAAoB,CAAC,EAAE;gBAC5C,MAAM,KAAK,GAAG,IAAI,KAAK,CAAC,2DAA2D,CAAC,CAAC;gBACrFA,QAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,WAAW,CAAC,MAAM,EAAE,KAAK,CAAC,CAAC,CAAC;gBACjD,MAAM,KAAK,CAAC;aACb;YAED,IAAI,WAAW,CAAC,OAAO,CAAC,gBAAgB,CAAC,GAAG,CAAC,EAAE;gBAC7C,WAAW,IAAI,iBAAiB,CAAC;aAClC;;;;;;;;;YAUD,MAAM,WAAW,GAAG,MAAM,MAAM,CAAC,eAAe,CAAC,cAAc,CAAC,CAAC;;YAGjE,MAAM,EAAE,QAAQ,EAAE,GAChB,WAAW,CAAC,IAAI,CAAC,CAAC,IAAyB,KAAK,IAAI,CAAC,OAAO,KAAK,IAAI,CAAC,SAAS,CAAC;gBAChF,WAAW,CAAC,CAAC,CAAC;gBACd,EAAE,CAAC;;YAGL,MAAM,YAAY,GAAG,QAAQ,CAAC;YAE9B,IAAI,YAAY,EAAE;gBAChB,MAAM,aAAa,GAAG,MAAM,IAAI,CAAC,cAAc,CAAC,kBAAkB,CAChE,IAAI,CAAC,QAAQ,EACb,oBAAoB,EACpB,WAAW,EACX,YAAY,EACZ,SAAS,CACV,CAAC;gBAEF,IAAI,aAAa,EAAE;oBACjBA,QAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,aAAa,CAAC,MAAM,CAAC,CAAC,CAAC;oBAC5C,OAAO,aAAa,CAAC,WAAW,CAAC;iBAClC;qBAAM;oBACL,MAAM,KAAK,GAAG,IAAI,qBAAqB,CACrC,mIAAmI,CACpI,CAAC;oBACFA,QAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,WAAW,CAAC,MAAM,EAAE,KAAK,CAAC,CAAC,CAAC;oBACjD,MAAM,KAAK,CAAC;iBACb;aACF;iBAAM;gBACL,MAAM,KAAK,GAAG,IAAI,qBAAqB,CACrC,uHAAuH,CACxH,CAAC;gBACFA,QAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,WAAW,CAAC,MAAM,EAAE,KAAK,CAAC,CAAC,CAAC;gBACjD,MAAM,KAAK,CAAC;aACb;SACF;KAAA;CACF;;AC9OD;AACA,AAuBA;;;;;;;;;;;AAWA,MAAa,sBAAuB,SAAQ,sBAAsB;;;;;;IAMhE,YAAY,sBAAsD;QAChE,MAAM,WAAW,GAAG,EAAE,CAAC;QACvB,WAAW,CAAC,IAAI,CAAC,IAAI,qBAAqB,CAAC,sBAAsB,CAAC,CAAC,CAAC;;QAGpE,MAAM,uBAAuB,GAC3B,CAAA,sBAAsB,aAAtB,sBAAsB,uBAAtB,sBAAsB,CAAE,uBAAuB,KAAI,OAAO,CAAC,GAAG,CAAC,eAAe,CAAC;QAEjF,IAAI,uBAAuB,EAAE;YAC3B,WAAW,CAAC,IAAI,CACd,IAAI,yBAAyB,CAAC,uBAAuB,EAAE,sBAAsB,CAAC,CAC/E,CAAC;SACH;aAAM;;YAEL,WAAW,CAAC,IAAI,CAAC,IAAI,yBAAyB,CAAC,sBAAsB,CAAC,CAAC,CAAC;SACzE;QAED,WAAW,CAAC,IAAI,CAAC,IAAI,kBAAkB,EAAE,CAAC,CAAC;QAC3C,WAAW,CAAC,IAAI,CAAC,IAAI,0BAA0B,CAAC,sBAAsB,CAAC,CAAC,CAAC;QAEzE,KAAK,CAAC,GAAG,WAAW,CAAC,CAAC;QACtB,IAAI,CAAC,kBAAkB;YACrB,oFAAoF,CAAC;KACxF;CACF;;ACjED;AACA,AAsBA,MAAMA,QAAM,GAAG,gBAAgB,CAAC,8BAA8B,CAAC,CAAC;AAqChE,MAAa,sBAAuB,SAAQ,qBAAqB;CAAG;AAEpE,MAAa,UAAU;IAQrB,YACE,UAA2B,EAC3B,kBAA2B,EAC3B,oBAA2C,EAC3C,OAAgC;QAEhC,IAAI,CAAC,cAAc,GAAG,IAAI,cAAc,CAAC,OAAO,CAAC,CAAC;QAClD,IAAI,CAAC,UAAU,GAAG,UAAU,CAAC;QAC7B,IAAI,CAAC,kBAAkB,GAAG,kBAAkB,CAAC;QAC7C,IAAI,CAAC,oBAAoB,GAAG,oBAAoB,CAAC;KAClD;IAEK,yBAAyB;;;YAE7B,IAAI,IAAI,CAAC,GAAG,EAAE;gBACZ,OAAO;aACR;;YAGD,MAAM,YAAY,GAAkB;gBAClC,IAAI,EAAE,IAAI,CAAC,UAAU;gBACrB,KAAK,EAAE,SAAS;gBAChB,MAAM,EAAE,EAAE,aAAa,EAAE,IAAI,CAAC,cAAc,EAAE;aAC/C,CAAC;YAEF,IAAI,CAAC,GAAG,GAAG,IAAIe,gCAAuB,CAAC,YAAY,CAAC,CAAC;SACtD;KAAA;IAEK,qBAAqB,CAAC,MAAgB;;YAC1C,MAAM,IAAI,CAAC,yBAAyB,EAAE,CAAC;YAEvC,IAAI,CAAC,IAAI,CAAC,kBAAkB,IAAI,CAAC,IAAI,CAAC,oBAAoB,EAAE;gBAC1D,MAAM,IAAI,sBAAsB,EAAE,CAAC;aACpC;YAED,MAAM,aAAa,GAAG;gBACpB,OAAO,EAAE,IAAI,CAAC,oBAAqB;gBACnC,MAAM;aACP,CAAC;YAEF,IAAI;gBACF,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,GAAI,CAAC,kBAAkB,CAAC,aAAa,CAAC,CAAC;gBACnEf,QAAM,CAAC,IAAI,CAAC,qCAAqC,CAAC,CAAC;gBACnD,IAAI,QAAQ,IAAI,QAAQ,CAAC,SAAS,EAAE;oBAClC,OAAO;wBACL,kBAAkB,EAAE,QAAQ,CAAC,SAAS,CAAC,OAAO,EAAE;wBAChD,KAAK,EAAE,QAAQ,CAAC,WAAW;qBAC5B,CAAC;iBACH;qBAAM;oBACL,MAAM,IAAI,sBAAsB,CAAC,iDAAiD,CAAC,CAAC;iBACrF;aACF;YAAC,OAAO,CAAC,EAAE;gBACV,MAAM,IAAI,sBAAsB,CAAC,iDAAiD,CAAC,CAAC;aACrF;SACF;KAAA;IAEK,cAAc,CAAC,OAAkD;;YACrE,MAAM,IAAI,CAAC,yBAAyB,EAAE,CAAC;YAEvC,OAAO,IAAI,CAAC,GAAI,CAAC,cAAc,CAAC,OAAO,CAAC,CAAC;SAC1C;KAAA;IAEK,kBAAkB,CACtB,OAAiC;;YAEjC,MAAM,IAAI,CAAC,yBAAyB,EAAE,CAAC;YAEvC,OAAO,IAAI,CAAC,GAAI,CAAC,kBAAkB,CAAC,OAAO,CAAC,CAAC;SAC9C;KAAA;IAEK,wBAAwB,CAAC,OAA0B;;YACvD,MAAM,IAAI,CAAC,yBAAyB,EAAE,CAAC;YAEvC,OAAO,IAAI,CAAC,GAAI,CAAC,wBAAwB,CAAC,OAAO,CAAC,CAAC;SACpD;KAAA;IAEK,8BAA8B,CAClC,OAAgC;;YAEhC,MAAM,IAAI,CAAC,yBAAyB,EAAE,CAAC;YAEvC,OAAO,IAAI,CAAC,GAAI,CAAC,8BAA8B,CAAC,OAAO,CAAC,CAAC;SAC1D;KAAA;CACF;AAED,AAAA,IAAY,UAGX;AAHD,WAAY,UAAU;IACpB,yBAAW,CAAA;IACX,2BAAa,CAAA;AACf,CAAC,EAHW,UAAU,KAAV,UAAU,QAGrB;;AC9JD;AACA,AAkBA,MAAMA,QAAM,GAAG,gBAAgB,CAAC,8BAA8B,CAAC,CAAC;AAEhE;;;;;AAKA,MAAa,4BAA4B;IAMvC,YAAY,OAA6C;QACvD,MAAM,QAAQ,GAAG,CAAC,OAAO,IAAI,OAAO,CAAC,QAAQ,KAAK,eAAe,CAAC;QAClE,MAAM,QAAQ,GAAG,CAAC,OAAO,IAAI,OAAO,CAAC,QAAQ,KAAK,uBAAuB,CAAC;QAE1E,aAAa,CAACA,QAAM,EAAE,QAAQ,CAAC,CAAC;;;QAKhC,IAAI,OAAO,IAAI,OAAO,CAAC,WAAW,EAAE;YAClC,IAAI,OAAO,OAAO,CAAC,WAAW,KAAK,QAAQ,EAAE;gBAC3C,IAAI,CAAC,WAAW,GAAG,OAAO,CAAC,WAAW,CAAC;aACxC;iBAAM;gBACL,IAAI,CAAC,WAAW,GAAG,OAAO,CAAC,WAAW,EAAE,CAAC;aAC1C;SACF;aAAM;YACL,IAAI,CAAC,WAAW,GAAG,kBAAkB,CAAC;SACvC;QAED,MAAM,GAAG,GAAG,IAAI,GAAG,CAAC,IAAI,CAAC,WAAW,CAAC,CAAC;QACtC,IAAI,CAAC,IAAI,GAAG,QAAQ,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC;QAC/B,IAAI,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE;YACpB,IAAI,CAAC,IAAI,GAAG,EAAE,CAAC;SAChB;QAED,IAAI,CAAC,QAAQ,GAAG,GAAG,CAAC,QAAQ,CAAC;QAE7B,IAAI,aAAa,CAAC;QAClB,IAAI,OAAO,IAAI,OAAO,CAAC,aAAa,EAAE;YACpC,IAAI,OAAO,CAAC,aAAa,CAAC,QAAQ,CAAC,GAAG,CAAC,EAAE;gBACvC,aAAa,GAAG,OAAO,CAAC,aAAa,GAAG,QAAQ,CAAC;aAClD;iBAAM;gBACL,aAAa,GAAG,OAAO,CAAC,aAAa,GAAG,GAAG,GAAG,QAAQ,CAAC;aACxD;SACF;aAAM;YACL,aAAa,GAAG,oCAAoC,GAAG,QAAQ,CAAC;SACjE;QAED,IAAI,CAAC,UAAU,GAAG,IAAI,UAAU,CAC9B;YACE,QAAQ;YACR,SAAS,EAAE,aAAa;YACxB,gBAAgB,EAAE,QAAQ,KAAK,MAAM,IAAI,aAAa,GAAG,CAAC,aAAa,CAAC,GAAG,EAAE,IAAI,EAAE;SACpF,EACD,KAAK,EACL,SAAS,EACT,OAAO,CACR,CAAC;KACH;;;;;;;;;;;IAYM,QAAQ,CACb,MAAyB,EACzB,QAA0B;QAE1B,MAAM,UAAU,GAAG,OAAO,MAAM,KAAK,QAAQ,GAAG,MAAM,GAAG,CAAC,MAAM,CAAC,CAAC;QAElE,OAAO,IAAI,CAAC,UAAU,CAAC,qBAAqB,CAAC,UAAU,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC;YAC/D,IAAI,CAAC,YAAY,sBAAsB,EAAE;gBACvC,OAAO,IAAI,CAAC,uBAAuB,CAAC,UAAU,CAAC,CAAC;aACjD;iBAAM;gBACLA,QAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,WAAW,CAAC,MAAM,EAAE,CAAC,CAAC,CAAC,CAAC;gBAC7C,MAAM,CAAC,CAAC;aACT;SACF,CAAC,CAAC;KACJ;IAEa,eAAe,CAAC,UAAoB;;YAChD,MAAM,qBAAqB,GAAG;gBAC5B,MAAM,EAAE,UAAU;gBAClB,WAAW,EAAE,IAAI,CAAC,WAAW;aAC9B,CAAC;YAEF,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,UAAU,CAAC,cAAc,CAAC,qBAAqB,CAAC,CAAC;YAC7E,MAAM,IAAI,CAAC,QAAQ,CAAC,CAAC;SACtB;KAAA;IAEO,uBAAuB,CAAC,UAAoB;QAClD,OAAO,IAAI,OAAO,CAAqB,CAAC,OAAO,EAAE,MAAM;YACrD,MAAM,eAAe,GAAa,EAAE,CAAC;YAErC,MAAM,eAAe,GAAG,CAAC,GAAyB,EAAE,GAAwB;gBAC1E,IAAI,CAAC,GAAG,CAAC,GAAG,EAAE;oBACZ,MAAM,CACJ,IAAI,KAAK,CACP,0FAA0F,CAC3F,CACF,CAAC;oBACF,OAAO;iBACR;gBACD,IAAI,GAAQ,CAAC;gBACb,IAAI;oBACF,GAAG,GAAG,IAAI,GAAG,CAAC,GAAG,CAAC,GAAG,EAAE,IAAI,CAAC,WAAW,CAAC,CAAC;iBAC1C;gBAAC,OAAO,CAAC,EAAE;oBACV,MAAM,CACJ,IAAI,KAAK,CACP,0FAA0F,CAC3F,CACF,CAAC;oBACF,OAAO;iBACR;gBACD,MAAM,YAAY,GAA6B;oBAC7C,IAAI,EAAE,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,MAAM,CAAE;oBACnC,WAAW,EAAE,IAAI,CAAC,WAAW;oBAC7B,MAAM,EAAE,UAAU;iBACnB,CAAC;gBAEF,IAAI,CAAC,UAAU;qBACZ,kBAAkB,CAAC,YAAY,CAAC;qBAChC,IAAI,CAAC,CAAC,YAAY;oBACjB,MAAM,cAAc,GAAG,mFAAmF,CAAC;oBAC3G,IAAI,YAAY,IAAI,YAAY,CAAC,SAAS,EAAE;wBAC1C,MAAM,kBAAkB,GAAG,YAAY,aAAZ,YAAY,uBAAZ,YAAY,CAAE,SAAS,CAAC,OAAO,EAAE,CAAC;wBAC7D,GAAG,CAAC,SAAS,CAAC,GAAG,CAAC,CAAC;wBACnB,GAAG,CAAC,GAAG,CAAC,cAAc,CAAC,CAAC;wBACxBA,QAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,aAAa,CAAC,UAAU,CAAC,CAAC,CAAC;wBAEhD,OAAO,CAAC;4BACN,kBAAkB;4BAClB,KAAK,EAAE,YAAY,CAAC,WAAW;yBAChC,CAAC,CAAC;qBACJ;yBAAM;wBACL,MAAM,YAAY,GAAG,WAAW,CAC9B,UAAU,EACV,GAAG,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,OAAO,CAAC,KAAK,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,mBAAmB,CAAC,EAAE,CACjF,CAAC;wBACF,GAAG,CAAC,SAAS,CAAC,GAAG,CAAC,CAAC;wBACnB,GAAG,CAAC,GAAG,CAAC,YAAY,CAAC,CAAC;wBACtBA,QAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,YAAY,CAAC,CAAC;wBAEnC,MAAM,CACJ,IAAI,KAAK,CACP,0FAA0F,CAC3F,CACF,CAAC;qBACH;oBACD,OAAO,EAAE,CAAC;oBACV,OAAO;iBACR,CAAC;qBACD,KAAK,CAAC;oBACL,MAAM,YAAY,GAAG,WAAW,CAC9B,UAAU,EACV,GAAG,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,OAAO,CAAC,KAAK,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,mBAAmB,CAAC,EAAE,CACjF,CAAC;oBACF,GAAG,CAAC,SAAS,CAAC,GAAG,CAAC,CAAC;oBACnB,GAAG,CAAC,GAAG,CAAC,YAAY,CAAC,CAAC;oBACtBA,QAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,YAAY,CAAC,CAAC;oBAEnC,MAAM,CACJ,IAAI,KAAK,CACP,0FAA0F,CAC3F,CACF,CAAC;oBACF,OAAO,EAAE,CAAC;iBACX,CAAC,CAAC;aACN,CAAC;YACF,MAAM,GAAG,GAAG,IAAI,CAAC,YAAY,CAAC,eAAe,CAAC,CAAC;YAE/C,MAAM,MAAM,GAAG,GAAG,CAAC,MAAM,CAAC,IAAI,CAAC,IAAI,EAAE,IAAI,CAAC,QAAQ,EAAE,MAClDA,QAAM,CAAC,IAAI,CAAC,iDAAiD,IAAI,CAAC,IAAI,GAAG,CAAC,CAC3E,CAAC;YACF,GAAG,CAAC,EAAE,CAAC,YAAY,EAAE,CAAC,MAAM,KAAK,eAAe,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC,CAAC;YAC/D,MAAM,MAAM,GAAG,SAAS,CAAC,GAAG,CAAC,CAAC;YAE9B,IAAI,CAAC,eAAe,CAAC,UAAU,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC;gBACvC,OAAO,EAAE,CAAC;gBACV,MAAM,CAAC,CAAC,CAAC,CAAC;aACX,CAAC,CAAC;YAEH,SAAS,OAAO;gBACd,IAAI,MAAM,EAAE;oBACV,MAAM,CAAC,KAAK,EAAE,CAAC;iBAChB;gBAED,KAAK,MAAM,MAAM,IAAI,eAAe,EAAE;oBACpC,MAAM,CAAC,OAAO,EAAE,CAAC;iBAClB;gBAED,IAAI,MAAM,EAAE;oBACV,MAAM,CAAC,KAAK,EAAE,CAAC;oBACf,MAAM,CAAC,IAAI,EAAE,CAAC;iBACf;aACF;SACF,CAAC,CAAC;KACJ;CACF;;ACtLD,MAAMA,QAAM,GAAG,gBAAgB,CAAC,sBAAsB,CAAC,CAAC;AAExD;;;;AAIA,SAAgB,+BAA+B,CAAC,cAA8B;IAC5E,OAAO,CAAC,GAAG,CAAC,cAAc,CAAC,OAAO,CAAC,CAAC;AACtC,CAAC;AAED;;;;AAIA,MAAa,oBAAoB;;;;;;;;;;;;;;IAiB/B,YACE,WAAmB,eAAe,EAClC,WAAmB,uBAAuB,EAC1C,qBAA+C,+BAA+B,EAC9E,OAAgC;QAEhC,aAAa,CAACA,QAAM,EAAE,QAAQ,CAAC,CAAC;QAEhC,IAAI,CAAC,kBAAkB,GAAG,kBAAkB,CAAC;QAE7C,IAAI,aAAa,CAAC;QAClB,IAAI,OAAO,IAAI,OAAO,CAAC,aAAa,EAAE;YACpC,IAAI,OAAO,CAAC,aAAa,CAAC,QAAQ,CAAC,GAAG,CAAC,EAAE;gBACvC,aAAa,GAAG,OAAO,CAAC,aAAa,GAAG,QAAQ,CAAC;aAClD;iBAAM;gBACL,aAAa,GAAG,OAAO,CAAC,aAAa,GAAG,GAAG,GAAG,QAAQ,CAAC;aACxD;SACF;aAAM;YACL,aAAa,GAAG,oCAAoC,GAAG,QAAQ,CAAC;SACjE;QAED,IAAI,CAAC,UAAU,GAAG,IAAI,UAAU,CAC9B,EAAE,QAAQ,EAAE,QAAQ,EAAE,SAAS,EAAE,aAAa,EAAE,EAChD,KAAK,EACL,SAAS,EACT,OAAO,CACR,CAAC;KACH;;;;;;;;;;;IAYK,QAAQ,CACZ,MAAyB,EACzB,OAAyB;;YAEzB,MAAM,EAAE,IAAI,EAAE,GAAG,UAAU,CAAC,+BAA+B,EAAE,OAAO,CAAC,CAAC;YAEtE,MAAM,UAAU,GAAG,OAAO,MAAM,KAAK,QAAQ,GAAG,MAAM,GAAG,CAAC,MAAM,CAAC,CAAC;YAElE,MAAM,iBAAiB,GAAG;gBACxB,kBAAkB,EAAE,IAAI,CAAC,kBAAkB;gBAC3C,MAAM,EAAE,UAAU;aACnB,CAAC;YAEFA,QAAM,CAAC,IAAI,CAAC,yCAAyC,UAAU,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;YAE9E,OAAO,IAAI,CAAC,UAAU,CAAC,qBAAqB,CAAC,UAAU,CAAC,CAAC,KAAK,CAAC,CAAO,CAAC;gBACrE,IAAI,CAAC,YAAY,sBAAsB,EAAE;oBACvC,IAAI;wBACF,MAAM,KAAK,GAAG,MAAM,IAAI,CAAC,wBAAwB,CAAC,iBAAiB,EAAE,UAAU,CAAC,CAAC;wBACjFA,QAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,aAAa,CAAC,UAAU,CAAC,CAAC,CAAC;wBAChD,OAAO,KAAK,CAAC;qBACd;oBAAC,OAAO,GAAG,EAAE;wBACZ,IAAI,CAAC,SAAS,CAAC;4BACb,IAAI,EAAEC,0BAAc,CAAC,KAAK;4BAC1B,OAAO,EAAE,GAAG,CAAC,OAAO;yBACrB,CAAC,CAAC;wBACHD,QAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,WAAW,CAAC,UAAU,EAAE,GAAG,CAAC,CAAC,CAAC;wBACnD,MAAM,GAAG,CAAC;qBACX;4BAAS;wBACR,IAAI,CAAC,GAAG,EAAE,CAAC;qBACZ;iBACF;qBAAM;oBACL,MAAM,CAAC,CAAC;iBACT;aACF,CAAA,CAAC,CAAC;SACJ;KAAA;IAEa,wBAAwB,CACpC,iBAAoC,EACpC,MAAgB;;YAEhB,IAAI;gBACF,MAAM,cAAc,GAAG,MAAM,IAAI,CAAC,UAAU,CAAC,wBAAwB,CAAC,iBAAiB,CAAC,CAAC;gBACzF,IAAI,cAAc,IAAI,cAAc,CAAC,SAAS,EAAE;oBAC9C,MAAM,kBAAkB,GAAG,cAAc,CAAC,SAAS,CAAC,OAAO,EAAE,CAAC;oBAC9DA,QAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,aAAa,CAAC,MAAM,CAAC,CAAC,CAAC;oBAC5C,OAAO;wBACL,kBAAkB;wBAClB,KAAK,EAAE,cAAc,CAAC,WAAW;qBAClC,CAAC;iBACH;qBAAM;oBACL,MAAM,IAAI,KAAK,CAAC,+CAA+C,CAAC,CAAC;iBAClE;aACF;YAAC,OAAO,KAAK,EAAE;gBACd,MAAM,IAAI,KAAK,CAAC,gCAAgC,IAAI,CAAC,SAAS,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;aAC3E;SACF;KAAA;CACF;;AC3KD;AACA,AAWA,MAAMA,QAAM,GAAG,gBAAgB,CAAC,6BAA6B,CAAC,CAAC;AAE/D;;;;;;;AAOA,MAAa,2BAA2B;;;;;IAuEtC,YACE,QAA2B,EAC3B,QAAgB,EAChB,+BAAuC,EACvC,8BAAsC,EACtC,oBAAiE,EACjE,OAAgC;QAtE1B,sBAAiB,GAAyB,IAAI,CAAC;QAwErD,aAAa,CAACA,QAAM,EAAE,QAAQ,CAAC,CAAC;QAEhC,IAAI,CAAC,QAAQ,GAAG,QAAQ,CAAC;QACzB,IAAI,CAAC,QAAQ,GAAG,QAAQ,CAAC;QAEzB,IAAI,OAAO,oBAAoB,KAAK,QAAQ,EAAE;;YAE5C,IAAI,CAAC,YAAY,GAAG,+BAA+B,CAAC;YACpD,IAAI,CAAC,iBAAiB,GAAG,8BAA8B,CAAC;YACxD,IAAI,CAAC,WAAW,GAAG,oBAAoB,CAAC;;SAEzC;aAAM;;YAEL,IAAI,CAAC,YAAY,GAAG,SAAS,CAAC;YAC9B,IAAI,CAAC,iBAAiB,GAAG,+BAA+B,CAAC;YACzD,IAAI,CAAC,WAAW,GAAG,8BAAwC,CAAC;YAC5D,OAAO,GAAG,oBAA8C,CAAC;SAC1D;QAED,IAAI,CAAC,cAAc,GAAG,IAAI,cAAc,CAAC,OAAO,CAAC,CAAC;KACnD;;;;;;;;;;;IAYY,QAAQ,CACnB,MAAyB,EACzB,OAAyB;;YAEzB,MAAM,EAAE,IAAI,EAAE,cAAc,EAAE,UAAU,EAAE,GAAG,UAAU,CACrD,sCAAsC,EACtC,OAAO,CACR,CAAC;YACF,IAAI;gBACF,IAAI,aAAa,GAAyB,IAAI,CAAC;gBAC/C,IAAI,WAAW,GAAG,OAAO,MAAM,KAAK,QAAQ,GAAG,MAAM,GAAG,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;gBACzE,IAAI,WAAW,CAAC,OAAO,CAAC,gBAAgB,CAAC,GAAG,CAAC,EAAE;oBAC7C,WAAW,IAAI,iBAAiB,CAAC;iBAClC;;gBAGD,IAAI,IAAI,CAAC,iBAAiB,IAAI,IAAI,CAAC,iBAAiB,CAAC,YAAY,EAAE;oBACjE,aAAa,GAAG,MAAM,IAAI,CAAC,cAAc,CAAC,kBAAkB,CAC1D,IAAI,CAAC,QAAQ,EACb,IAAI,CAAC,QAAQ,EACb,WAAW,EACX,IAAI,CAAC,iBAAiB,CAAC,YAAY,EACnC,IAAI,CAAC,YAAY,EACjB,SAAS,EACT,UAAU,CACX,CAAC;iBACH;gBAED,IAAI,aAAa,KAAK,IAAI,EAAE;oBAC1B,MAAM,SAAS,GAAG,8BAA8B,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;oBAChE,MAAM,WAAW,GAAG,IAAI,CAAC,cAAc,CAAC,iBAAiB,CAAC;wBACxD,GAAG,EAAE,GAAG,IAAI,CAAC,cAAc,CAAC,aAAa,IAAI,IAAI,CAAC,QAAQ,IAAI,SAAS,EAAE;wBACzE,MAAM,EAAE,MAAM;wBACd,0BAA0B,EAAE,IAAI;wBAChC,qBAAqB,EAAE,SAAS;wBAChC,IAAI,EAAE,EAAE,CAAC,SAAS,CAAC;4BACjB,SAAS,EAAE,IAAI,CAAC,QAAQ;4BACxB,UAAU,EAAE,oBAAoB;4BAChC,KAAK,EAAE,WAAW;4BAClB,IAAI,EAAE,IAAI,CAAC,iBAAiB;4BAC5B,YAAY,EAAE,IAAI,CAAC,WAAW;4BAC9B,aAAa,EAAE,IAAI,CAAC,YAAY;yBACjC,CAAC;wBACF,OAAO,EAAE;4BACP,MAAM,EAAE,kBAAkB;4BAC1B,cAAc,EAAE,mCAAmC;yBACpD;wBACD,WAAW,EAAE,OAAO,IAAI,OAAO,CAAC,WAAW;wBAC3C,WAAW,EAAE,UAAU,CAAC,cAAc,IAAI,UAAU,CAAC,cAAc,CAAC,WAAW;wBAC/E,cAAc,EAAE,UAAU,CAAC,cAAc,IAAI,UAAU,CAAC,cAAc,CAAC,cAAc;qBACtF,CAAC,CAAC;oBAEH,aAAa,GAAG,MAAM,IAAI,CAAC,cAAc,CAAC,gBAAgB,CAAC,WAAW,CAAC,CAAC;iBACzE;gBAED,IAAI,CAAC,iBAAiB,GAAG,aAAa,CAAC;gBACvCA,QAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,aAAa,CAAC,MAAM,CAAC,CAAC,CAAC;gBAC5C,OAAO,CAAC,aAAa,IAAI,aAAa,CAAC,WAAW,KAAK,IAAI,CAAC;aAC7D;YAAC,OAAO,GAAG,EAAE;gBACZ,IAAI,CAAC,SAAS,CAAC;oBACb,IAAI,EAAEC,0BAAc,CAAC,KAAK;oBAC1B,OAAO,EAAE,GAAG,CAAC,OAAO;iBACrB,CAAC,CAAC;gBACHD,QAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,WAAW,CAAC,MAAM,EAAE,GAAG,CAAC,CAAC,CAAC;gBAC/C,MAAM,GAAG,CAAC;aACX;oBAAS;gBACR,IAAI,CAAC,GAAG,EAAE,CAAC;aACZ;SACF;KAAA;CACF;;ACzMD;AACA,AAkDA;;;AAGA,SAAgB,yBAAyB;IACvC,OAAO,IAAI,sBAAsB,EAAE,CAAC;AACtC,CAAC;;;;;;;;;;;;;;;;;;;;;;"}
1	+ {"version":3,"file":"index.js","sources":["../src/client/errors.ts","../src/util/tracing.ts","../src/util/logging.ts","../src/credentials/chainedTokenCredential.ts","../src/util/identityTokenEndpoint.ts","../src/constants.ts","../src/client/identityClient.ts","../src/credentials/clientSecretCredential.ts","../src/util/checkTenantId.ts","../src/credentials/clientCertificateCredential.ts","../src/credentials/usernamePasswordCredential.ts","../src/credentials/environmentCredential.ts","../src/credentials/managedIdentityCredential/constants.ts","../src/credentials/managedIdentityCredential/utils.ts","../src/credentials/managedIdentityCredential/cloudShellMsi.ts","../src/credentials/managedIdentityCredential/imdsMsi.ts","../src/credentials/managedIdentityCredential/appServiceMsi2017.ts","../src/credentials/managedIdentityCredential/arcMsi.ts","../src/credentials/managedIdentityCredential/index.ts","../src/credentials/azureCliCredential.ts","../src/credentials/visualStudioCodeCredential.ts","../src/credentials/defaultAzureCredential.ts","../src/client/msalClient.ts","../src/credentials/interactiveBrowserCredential.ts","../src/credentials/deviceCodeCredential.ts","../src/credentials/authorizationCodeCredential.ts","../src/index.ts"],"sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT license.\n\n/*\n See the official documentation for more details:\n \n https://docs.microsoft.com/en-us/azure/active-directory/develop/v1-protocols-oauth-code#error-response-1\n \n NOTE: This documentation is for v1 OAuth support but the same error\n * response details still apply to v2.\n /\nexport interface ErrorResponse {\n /\n The string identifier for the error.\n /\n error: string;\n\n /\n The error's description.\n /\n errorDescription: string;\n\n /\n An array of codes pertaining to the error(s) that occurred.\n /\n errorCodes?: number[];\n\n /\n The timestamp at which the error occurred.\n /\n timestamp?: string;\n\n /\n The trace identifier for this error occurrence.\n /\n traceId?: string;\n\n /\n The correlation ID to be used for tracking the source of the error.\n /\n correlationId?: string;\n}\n\n/\n Used for internal deserialization of OAuth responses. Public model is ErrorResponse\n * @internal\n /\nexport interface OAuthErrorResponse {\n error: string;\n error_description: string;\n error_codes?: number[];\n timestamp?: string;\n trace_id?: string;\n correlation_id?: string;\n}\n\nfunction isErrorResponse(errorResponse: any): errorResponse is OAuthErrorResponse {\n return (\n errorResponse &&\n typeof errorResponse.error === \"string\" &&\n typeof errorResponse.error_description === \"string\"\n );\n}\n\n/\n This signifies that the credential that was tried in a chained credential\n * was not available to be used as the credential. Rather than treating this as\n * an error that should halt the chain, it's caught and the chain continues\n /\nexport class CredentialUnavailable extends Error {}\n\n/\n The Error.name value of an AuthenticationError\n /\nexport const AuthenticationErrorName = \"AuthenticationError\";\n\n/\n Provides details about a failure to authenticate with Azure Active\n * Directory. The `errorResponse` field contains more details about\n * the specific failure.\n /\nexport class AuthenticationError extends Error {\n /\n The HTTP status code returned from the authentication request.\n /\n public readonly statusCode: number;\n\n /\n The error response details.\n /\n public readonly errorResponse: ErrorResponse;\n\n // eslint-disable-next-line @typescript-eslint/ban-types\n constructor(statusCode: number, errorBody: object \| string \| undefined \| null) {\n let errorResponse: ErrorResponse = {\n error: \"unknown\",\n errorDescription: \"An unknown error occurred and no additional details are available.\"\n };\n\n if (isErrorResponse(errorBody)) {\n errorResponse = convertOAuthErrorResponseToErrorResponse(errorBody);\n } else if (typeof errorBody === \"string\") {\n try {\n // Most error responses will contain JSON-formatted error details\n // in the response body\n const oauthErrorResponse: OAuthErrorResponse = JSON.parse(errorBody);\n errorResponse = convertOAuthErrorResponseToErrorResponse(oauthErrorResponse);\n } catch (e) {\n if (statusCode === 400) {\n errorResponse = {\n error: \"authority_not_found\",\n errorDescription: \"The specified authority URL was not found.\"\n };\n } else {\n errorResponse = {\n error: \"unknown_error\",\n errorDescription: `An unknown error has occurred. Response body:\\n\\n${errorBody}`\n };\n }\n }\n } else {\n errorResponse = {\n error: \"unknown_error\",\n errorDescription: \"An unknown error occurred and no additional details are available.\"\n };\n }\n\n super(\n `${errorResponse.error}(status code ${statusCode}).\\nMore details:\\n${errorResponse.errorDescription}`\n );\n this.statusCode = statusCode;\n this.errorResponse = errorResponse;\n\n // Ensure that this type reports the correct name\n this.name = AuthenticationErrorName;\n }\n}\n\n/\n The Error.name value of an AggregateAuthenticationError\n /\nexport const AggregateAuthenticationErrorName = \"AggregateAuthenticationError\";\n\n/\n Provides an `errors` array containing {@link AuthenticationError} instance\n * for authentication failures from credentials in a {@link ChainedTokenCredential}.\n /\nexport class AggregateAuthenticationError extends Error {\n /\n The array of error objects that were thrown while trying to authenticate\n * with the credentials in a {@link ChainedTokenCredential}.\n /\n public errors: any[];\n\n constructor(errors: any[], errorMessage?: string) {\n const errorDetail = errors.join(\"\\n\");\n super(`${errorMessage}\\n\\n${errorDetail}`);\n this.errors = errors;\n\n // Ensure that this type reports the correct name\n this.name = AggregateAuthenticationErrorName;\n }\n}\n\nfunction convertOAuthErrorResponseToErrorResponse(errorBody: OAuthErrorResponse): ErrorResponse {\n return {\n error: errorBody.error,\n errorDescription: errorBody.error_description,\n correlationId: errorBody.correlation_id,\n errorCodes: errorBody.error_codes,\n timestamp: errorBody.timestamp,\n traceId: errorBody.trace_id\n };\n}\n","// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT license.\n\nimport { createSpanFunction } from \"@azure/core-tracing\";\n\n/\n Creates a span using the global tracer.\n * @internal\n /\nexport const createSpan = createSpanFunction({\n packagePrefix: \"Azure.Identity\",\n namespace: \"Microsoft.AAD\"\n});\n","// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT license.\n\nimport { createClientLogger, AzureLogger } from \"@azure/logger\";\n\n/\n The AzureLogger used for all clients within the identity package\n /\nexport const logger = createClientLogger(\"identity\");\n\ninterface EnvironmentAccumulator {\n missing: string[];\n assigned: string[];\n}\n\n/\n Separates a list of environment variable names into a plain object with two arrays: an array of missing environment variables and another array with assigned environment variables.\n * @param supportedEnvVars - List of environment variable names\n /\nexport function processEnvVars(supportedEnvVars: string[]): EnvironmentAccumulator {\n return supportedEnvVars.reduce(\n (acc: EnvironmentAccumulator, envVariable: string) => {\n if (process.env[envVariable]) {\n acc.assigned.push(envVariable);\n } else {\n acc.missing.push(envVariable);\n }\n return acc;\n },\n { missing: [], assigned: [] }\n );\n}\n\n/\n Based on a given list of environment variable names,\n * logs the environment variables currently assigned during the usage of a credential that goes by the given name.\n * @param credentialName - Name of the credential in use\n * @param supportedEnvVars - List of environment variables supported by that credential\n /\nexport function logEnvVars(credentialName: string, supportedEnvVars: string[]): void {\n const { assigned } = processEnvVars(supportedEnvVars);\n logger.info(\n `${credentialName} => Found the following environment variables: ${assigned.join(\", \")}`\n );\n}\n\n/\n Formatting the success event on the credentials\n /\nexport function formatSuccess(scope: string \| string[]): string {\n return `SUCCESS. Scopes: ${Array.isArray(scope) ? scope.join(\", \") : scope}.`;\n}\n\n/\n Formatting the success event on the credentials\n /\nexport function formatError(scope: string \| string[] \| undefined, error: Error \| string): string {\n let message = \"ERROR.\";\n if (scope?.length) {\n message += ` Scopes: ${Array.isArray(scope) ? scope.join(\", \") : scope}.`;\n }\n return `${message} Error message: ${typeof error === \"string\" ? error : error.message}.`;\n}\n\n/\n A CredentialLoggerInstance is a logger properly formatted to work in a credential's constructor, and its methods.\n /\nexport interface CredentialLoggerInstance {\n title: string;\n fullTitle: string;\n info(message: string): void;\n /\n The logging functions for warning and error are intentionally left out, since we want the identity logging to be at the info level.\n * Otherwise, they would look like:\n \n warning(message: string): void;\n * error(err: Error): void;\n /\n}\n\n/\n Generates a CredentialLoggerInstance.\n \n It logs with the format:\n \n `[title] => [message]`\n \n /\nexport function credentialLoggerInstance(\n title: string,\n parent?: CredentialLoggerInstance,\n log: AzureLogger = logger\n): CredentialLoggerInstance {\n const fullTitle = parent ? `${parent.fullTitle} ${title}` : title;\n\n function info(message: string): void {\n log.info(`${fullTitle} =>`, message);\n }\n\n return {\n title,\n fullTitle,\n info\n };\n}\n\n/*\n A CredentialLogger is a logger declared at the credential's constructor, and used at any point in the credential.\n * It has all the properties of a CredentialLoggerInstance, plus other logger instances, one per method.\n /\nexport interface CredentialLogger extends CredentialLoggerInstance {\n getToken: CredentialLoggerInstance;\n}\n\n/\n Generates a CredentialLogger, which is a logger declared at the credential's constructor, and used at any point in the credential.\n * It has all the properties of a CredentialLoggerInstance, plus other logger instances, one per method.\n \n It logs with the format:\n \n `[title] => [message]`\n * `[title] => getToken() => [message]`\n \n /\nexport function credentialLogger(title: string, log: AzureLogger = logger): CredentialLogger {\n const credLogger = credentialLoggerInstance(title, undefined, log);\n return {\n ...credLogger,\n getToken: credentialLoggerInstance(\"=> getToken()\", credLogger, log)\n };\n}\n","// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT license.\n\nimport { AccessToken, TokenCredential, GetTokenOptions } from \"@azure/core-auth\";\nimport { AggregateAuthenticationError, CredentialUnavailable } from \"../client/errors\";\nimport { createSpan } from \"../util/tracing\";\nimport { SpanStatusCode } from \"@azure/core-tracing\";\nimport { credentialLogger, formatSuccess, formatError } from \"../util/logging\";\n\nconst logger = credentialLogger(\"ChainedTokenCredential\");\n\n/*\n Enables multiple `TokenCredential` implementations to be tried in order\n * until one of the getToken methods returns an access token.\n /\nexport class ChainedTokenCredential implements TokenCredential {\n /\n The message to use when the chained token fails to get a token\n /\n protected UnavailableMessage =\n \"ChainedTokenCredential => failed to retrieve a token from the included credentials\";\n\n private _sources: TokenCredential[] = [];\n\n /\n Creates an instance of ChainedTokenCredential using the given credentials.\n \n @param sources - `TokenCredential` implementations to be tried in order.\n \n Example usage:\n * ```javascript\n * const firstCredential = new ClientSecretCredential(tenantId, clientId, clientSecret);\n * const secondCredential = new ClientSecretCredential(tenantId, anotherClientId, anotherSecret);\n * const credentialChain = new ChainedTokenCredential(firstCredential, secondCredential);\n * ```\n /\n constructor(...sources: TokenCredential[]) {\n this._sources = sources;\n }\n\n /\n Returns the first access token returned by one of the chained\n * `TokenCredential` implementations. Throws an {@link AggregateAuthenticationError}\n * when one or more credentials throws an {@link AuthenticationError} and\n * no credentials have returned an access token.\n \n This method is called automatically by Azure SDK client libraries. You may call this method\n * directly, but you must also handle token caching and token refreshing.\n \n @param scopes - The list of scopes for which the token will have access.\n * @param options - The options used to configure any requests this\n * `TokenCredential` implementation might make.\n /\n async getToken(\n scopes: string \| string[],\n options?: GetTokenOptions\n ): Promise<AccessToken \| null> {\n let token = null;\n const errors = [];\n\n const { span, updatedOptions: newOptions } = createSpan(\n \"ChainedTokenCredential-getToken\",\n options\n );\n\n for (let i = 0; i < this._sources.length && token === null; i++) {\n try {\n token = await this._sources[i].getToken(scopes, newOptions);\n } catch (err) {\n if (err instanceof CredentialUnavailable) {\n errors.push(err);\n } else {\n logger.getToken.info(formatError(scopes, err));\n throw err;\n }\n }\n }\n\n if (!token && errors.length > 0) {\n const err = new AggregateAuthenticationError(errors);\n span.setStatus({\n code: SpanStatusCode.ERROR,\n message: err.message\n });\n logger.getToken.info(formatError(scopes, err));\n throw err;\n }\n\n span.end();\n\n logger.getToken.info(formatSuccess(scopes));\n return token;\n }\n}\n","// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT license.\n\nexport function getIdentityTokenEndpointSuffix(tenantId: string): string {\n if (tenantId === \"adfs\") {\n return \"oauth2/token\";\n } else {\n return \"oauth2/v2.0/token\";\n }\n}\n","// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT license.\n\n/\n The default client ID for authentication\n * @internal\n /\n// TODO: temporary - this is the Azure CLI clientID - we'll replace it when\n// Developer Sign On application is available\n// https://github.com/Azure/azure-sdk-for-net/blob/master/sdk/identity/Azure.Identity/src/Constants.cs#L9\nexport const DeveloperSignOnClientId = \"04b07795-8ddb-461a-bbee-02f9e1bf7b46\";\n\n/\n The default tenant for authentication\n * @internal\n /\nexport const DefaultTenantId = \"common\";\n\n/\n A list of known Azure authority hosts\n /\nexport enum AzureAuthorityHosts {\n /\n China-based Azure Authority Host\n /\n AzureChina = \"https://login.chinacloudapi.cn\",\n /\n Germany-based Azure Authority Host\n /\n AzureGermany = \"https://login.microsoftonline.de\",\n /\n US Government Azure Authority Host\n /\n AzureGovernment = \"https://login.microsoftonline.us\",\n /\n Public Cloud Azure Authority Host\n /\n AzurePublicCloud = \"https://login.microsoftonline.com\"\n}\n\n/\n The default authority host.\n * @internal\n /\nexport const DefaultAuthorityHost = AzureAuthorityHosts.AzurePublicCloud;\n","// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT license.\n\nimport qs from \"qs\";\nimport { INetworkModule, NetworkRequestOptions, NetworkResponse } from \"@azure/msal-node\";\nimport { AccessToken, GetTokenOptions } from \"@azure/core-auth\";\nimport { SpanStatusCode } from \"@azure/core-tracing\";\nimport { ServiceClient } from \"@azure/core-client\";\nimport {\n createHttpHeaders,\n createPipelineRequest,\n PipelineRequest,\n PipelineOptions\n} from \"@azure/core-rest-pipeline\";\nimport { AuthenticationError, AuthenticationErrorName } from \"./errors\";\nimport { getIdentityTokenEndpointSuffix } from \"../util/identityTokenEndpoint\";\nimport { DefaultAuthorityHost } from \"../constants\";\nimport { createSpan } from \"../util/tracing\";\nimport { logger } from \"../util/logging\";\nimport { isNode } from \"../util/isNode\";\n\n/\n Safe JSON parse.\n * @internal\n /\nfunction parse<T>(input: string \| null \| undefined): T {\n if (!input) {\n return {} as T;\n }\n try {\n return JSON.parse(input);\n } catch (e) {\n return {} as T;\n }\n}\n\n/\n An internal type used to communicate details of a token request's\n * response that should not be sent back as part of the access token.\n /\nexport interface TokenResponse {\n /\n The AccessToken to be returned from getToken.\n /\n accessToken: AccessToken;\n\n /\n The refresh token if the 'offline_access' scope was used.\n /\n refreshToken?: string;\n}\n\n/\n @internal\n /\nexport function getIdentityClientAuthorityHost(options?: TokenCredentialOptions): string {\n // The authorityHost can come from options or from the AZURE_AUTHORITY_HOST environment variable.\n let authorityHost = options?.authorityHost;\n\n // The AZURE_AUTHORITY_HOST environment variable can only be provided in NodeJS.\n if (isNode) {\n authorityHost = authorityHost ?? process.env.AZURE_AUTHORITY_HOST;\n }\n\n // If the authorityHost is not provided, we use the default one from the public cloud: https://login.microsoftonline.com\n return authorityHost ?? DefaultAuthorityHost;\n}\n\n/\n The network module used by the Identity credentials.\n \n It allows for credentials to abort any pending request independently of the MSAL flow,\n * by calling to the `abortRequests()` method.\n \n /\nexport class IdentityClient extends ServiceClient implements INetworkModule {\n public authorityHost: string;\n\n constructor(options?: TokenCredentialOptions) {\n const packageDetails = `azsdk-js-identity/1.5.2`;\n const userAgentPrefix = options?.userAgentOptions?.userAgentPrefix\n ? `${options.userAgentOptions.userAgentPrefix} ${packageDetails}`\n : `${packageDetails}`;\n\n const baseUri = getIdentityClientAuthorityHost(options);\n if (!baseUri.startsWith(\"https:\")) {\n throw new Error(\"The authorityHost address must use the 'https' protocol.\");\n }\n\n super({\n requestContentType: \"application/json; charset=utf-8\",\n ...options,\n userAgentOptions: {\n userAgentPrefix\n },\n baseUri\n });\n\n this.authorityHost = baseUri;\n }\n\n async sendTokenRequest(\n request: PipelineRequest,\n expiresOnParser?: (responseBody: any) => number\n ): Promise<TokenResponse \| null> {\n logger.info(`IdentityClient: sending token request to [${request.url}]`);\n const response = await this.sendRequest(request);\n\n expiresOnParser =\n expiresOnParser \|\|\n ((responseBody: any) => {\n return Date.now() + responseBody.expires_in * 1000;\n });\n\n if (response.bodyAsText && (response.status === 200 \|\| response.status === 201)) {\n const parsedBody = parse<{\n token?: string;\n access_token?: string;\n refresh_token?: string;\n }>(response.bodyAsText);\n\n const token = {\n accessToken: {\n token: parsedBody.token ?? parsedBody.access_token!,\n expiresOnTimestamp: expiresOnParser(parsedBody)\n },\n refreshToken: parsedBody.refresh_token\n };\n\n logger.info(\n `IdentityClient: [${request.url}] token acquired, expires on ${token.accessToken.expiresOnTimestamp}`\n );\n return token;\n } else {\n const error = new AuthenticationError(response.status, response.bodyAsText);\n logger.warning(\n `IdentityClient: authentication error. HTTP status: ${response.status}, ${error.errorResponse.errorDescription}`\n );\n throw error;\n }\n }\n\n async refreshAccessToken(\n tenantId: string,\n clientId: string,\n scopes: string,\n refreshToken: string \| undefined,\n clientSecret: string \| undefined,\n expiresOnParser?: (responseBody: any) => number,\n options?: GetTokenOptions\n ): Promise<TokenResponse \| null> {\n if (refreshToken === undefined) {\n return null;\n }\n logger.info(\n `IdentityClient: refreshing access token with client ID: ${clientId}, scopes: ${scopes} started`\n );\n\n const { span, updatedOptions } = createSpan(\"IdentityClient-refreshAccessToken\", options);\n\n const refreshParams = {\n grant_type: \"refresh_token\",\n client_id: clientId,\n refresh_token: refreshToken,\n scope: scopes\n };\n\n if (clientSecret !== undefined) {\n (refreshParams as any).client_secret = clientSecret;\n }\n\n try {\n const urlSuffix = getIdentityTokenEndpointSuffix(tenantId);\n const webResource = createPipelineRequest({\n url: `${this.authorityHost}/${tenantId}/${urlSuffix}`,\n method: \"POST\",\n body: qs.stringify(refreshParams),\n abortSignal: options && options.abortSignal,\n headers: createHttpHeaders({\n Accept: \"application/json\",\n \"Content-Type\": \"application/x-www-form-urlencoded\"\n }),\n tracingOptions: {\n spanOptions: updatedOptions?.tracingOptions?.spanOptions,\n tracingContext: updatedOptions?.tracingOptions?.tracingContext\n }\n });\n\n const response = await this.sendTokenRequest(webResource, expiresOnParser);\n logger.info(`IdentityClient: refreshed token for client ID: ${clientId}`);\n return response;\n } catch (err) {\n if (\n err.name === AuthenticationErrorName &&\n err.errorResponse.error === \"interaction_required\"\n ) {\n // It's likely that the refresh token has expired, so\n // return null so that the credential implementation will\n // initiate the authentication flow again.\n logger.info(`IdentityClient: interaction required for client ID: ${clientId}`);\n span.setStatus({\n code: SpanStatusCode.ERROR,\n message: err.message\n });\n\n return null;\n } else {\n logger.warning(\n `IdentityClient: failed refreshing token for client ID: ${clientId}: ${err}`\n );\n span.setStatus({\n code: SpanStatusCode.ERROR,\n message: err.message\n });\n throw err;\n }\n } finally {\n span.end();\n }\n }\n // The MSAL network module methods follow\n\n async sendGetRequestAsync<T>(\n url: string,\n options?: NetworkRequestOptions\n ): Promise<NetworkResponse<T>> {\n const request = createPipelineRequest({\n url,\n method: \"GET\",\n body: options?.body,\n headers: createHttpHeaders(options?.headers)\n });\n\n const response = await this.sendRequest(request);\n return {\n body: parse<T>(response.bodyAsText),\n headers: response.headers.toJSON(),\n status: response.status\n };\n }\n\n async sendPostRequestAsync<T>(\n url: string,\n options?: NetworkRequestOptions\n ): Promise<NetworkResponse<T>> {\n const request = createPipelineRequest({\n url,\n method: \"POST\",\n body: options?.body,\n headers: createHttpHeaders(options?.headers)\n });\n\n const response = await this.sendRequest(request);\n return {\n body: parse<T>(response.bodyAsText),\n headers: response.headers.toJSON(),\n status: response.status\n };\n }\n}\n\n/*\n Provides options to configure how the Identity library makes authentication\n * requests to Azure Active Directory.\n /\nexport interface TokenCredentialOptions extends PipelineOptions {\n /\n The authority host to use for authentication requests.\n * Possible values are available through {@link AzureAuthorityHosts}.\n * The default is \"https://login.microsoftonline.com\".\n /\n authorityHost?: string;\n}\n","// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT license.\n\nimport qs from \"qs\";\nimport { TokenCredential, GetTokenOptions, AccessToken } from \"@azure/core-auth\";\nimport { createPipelineRequest, createHttpHeaders } from \"@azure/core-rest-pipeline\";\nimport { TokenCredentialOptions, IdentityClient } from \"../client/identityClient\";\nimport { createSpan } from \"../util/tracing\";\nimport { SpanStatusCode } from \"@azure/core-tracing\";\nimport { credentialLogger, formatError, formatSuccess } from \"../util/logging\";\nimport { getIdentityTokenEndpointSuffix } from \"../util/identityTokenEndpoint\";\n\nconst logger = credentialLogger(\"ClientSecretCredential\");\n\n/\n Enables authentication to Azure Active Directory using a client secret\n * that was generated for an App Registration. More information on how\n * to configure a client secret can be found here:\n \n https://docs.microsoft.com/en-us/azure/active-directory/develop/quickstart-configure-app-access-web-apis#add-credentials-to-your-web-application\n \n /\nexport class ClientSecretCredential implements TokenCredential {\n private identityClient: IdentityClient;\n private tenantId: string;\n private clientId: string;\n private clientSecret: string;\n\n /*\n Creates an instance of the ClientSecretCredential with the details\n * needed to authenticate against Azure Active Directory with a client\n * secret.\n \n @param tenantId - The Azure Active Directory tenant (directory) ID.\n * @param clientId - The client (application) ID of an App Registration in the tenant.\n * @param clientSecret - A client secret that was generated for the App Registration.\n * @param options - Options for configuring the client which makes the authentication request.\n /\n constructor(\n tenantId: string,\n clientId: string,\n clientSecret: string,\n options?: TokenCredentialOptions\n ) {\n this.identityClient = new IdentityClient(options);\n this.tenantId = tenantId;\n this.clientId = clientId;\n this.clientSecret = clientSecret;\n }\n\n /\n Authenticates with Azure Active Directory and returns an access token if\n * successful. If authentication cannot be performed at this time, this method may\n * return null. If an error occurs during authentication, an {@link AuthenticationError}\n * containing failure details will be thrown.\n \n @param scopes - The list of scopes for which the token will have access.\n * @param options - The options used to configure any requests this\n * TokenCredential implementation might make.\n /\n public async getToken(\n scopes: string \| string[],\n options?: GetTokenOptions\n ): Promise<AccessToken \| null> {\n const { span, updatedOptions } = createSpan(\"ClientSecretCredential-getToken\", options);\n try {\n const urlSuffix = getIdentityTokenEndpointSuffix(this.tenantId);\n const request = createPipelineRequest({\n url: `${this.identityClient.authorityHost}/${this.tenantId}/${urlSuffix}`,\n method: \"POST\",\n body: qs.stringify({\n response_type: \"token\",\n grant_type: \"client_credentials\",\n client_id: this.clientId,\n client_secret: this.clientSecret,\n scope: typeof scopes === \"string\" ? scopes : scopes.join(\" \")\n }),\n headers: createHttpHeaders({\n Accept: \"application/json\",\n \"Content-Type\": \"application/x-www-form-urlencoded\"\n }),\n abortSignal: options && options.abortSignal,\n tracingOptions: {\n spanOptions: updatedOptions.tracingOptions && updatedOptions.tracingOptions.spanOptions,\n tracingContext:\n updatedOptions.tracingOptions && updatedOptions.tracingOptions.tracingContext\n }\n });\n\n const tokenResponse = await this.identityClient.sendTokenRequest(request);\n logger.getToken.info(formatSuccess(scopes));\n return (tokenResponse && tokenResponse.accessToken) \|\| null;\n } catch (err) {\n span.setStatus({\n code: SpanStatusCode.ERROR,\n message: err.message\n });\n logger.getToken.info(formatError(scopes, err));\n throw err;\n } finally {\n span.end();\n }\n }\n}\n","// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT license.\n\nimport { CredentialLogger, formatError } from \"../util/logging\";\n\nexport function checkTenantId(logger: CredentialLogger, tenantId: string): void {\n if (!tenantId.match(/^[0-9a-zA-Z-.:/]+$/)) {\n const error = new Error(\n \"Invalid tenant id provided. You can locate your tenant id by following the instructions listed here: https://docs.microsoft.com/partner-center/find-ids-and-domain-names.\"\n );\n logger.info(formatError(\"\", error));\n throw error;\n }\n}\n","// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT license.\n\nimport qs from \"qs\";\nimport jws from \"jws\";\nimport { v4 as uuidV4 } from \"uuid\";\nimport { readFileSync } from \"fs\";\nimport { createHash } from \"crypto\";\nimport { TokenCredential, GetTokenOptions, AccessToken } from \"@azure/core-auth\";\nimport { createPipelineRequest, createHttpHeaders } from \"@azure/core-rest-pipeline\";\nimport { IdentityClient } from \"../client/identityClient\";\nimport { ClientCertificateCredentialOptions } from \"./clientCertificateCredentialOptions\";\nimport { createSpan } from \"../util/tracing\";\nimport { SpanStatusCode } from \"@azure/core-tracing\";\nimport { credentialLogger, formatSuccess, formatError } from \"../util/logging\";\nimport { getIdentityTokenEndpointSuffix } from \"../util/identityTokenEndpoint\";\nimport { checkTenantId } from \"../util/checkTenantId\";\n\nconst SelfSignedJwtLifetimeMins = 10;\n\nfunction timestampInSeconds(date: Date): number {\n return Math.floor(date.getTime() / 1000);\n}\n\nfunction addMinutes(date: Date, minutes: number): Date {\n date.setMinutes(date.getMinutes() + minutes);\n return date;\n}\n\nconst logger = credentialLogger(\"ClientCertificateCredential\");\n\n/\n Enables authentication to Azure Active Directory using a PEM-encoded\n * certificate that is assigned to an App Registration. More information\n * on how to configure certificate authentication can be found here:\n \n https://docs.microsoft.com/en-us/azure/active-directory/develop/active-directory-certificate-credentials#register-your-certificate-with-azure-ad\n \n /\nexport class ClientCertificateCredential implements TokenCredential {\n private identityClient: IdentityClient;\n private tenantId: string;\n private clientId: string;\n private certificateString: string;\n private certificateThumbprint: string;\n private certificateX5t: string;\n private certificateX5c?: Array<string>;\n\n /*\n Creates an instance of the ClientCertificateCredential with the details\n * needed to authenticate against Azure Active Directory with a certificate.\n \n @param tenantId - The Azure Active Directory tenant (directory) ID.\n * @param clientId - The client (application) ID of an App Registration in the tenant.\n * @param certificatePath - The path to a PEM-encoded public/private key certificate on the filesystem.\n * @param options - Options for configuring the client which makes the authentication request.\n /\n constructor(\n tenantId: string,\n clientId: string,\n certificatePath: string,\n options?: ClientCertificateCredentialOptions\n ) {\n checkTenantId(logger, tenantId);\n\n this.identityClient = new IdentityClient(options);\n this.tenantId = tenantId;\n this.clientId = clientId;\n this.certificateString = readFileSync(certificatePath, \"utf8\");\n\n const certificatePattern = /(-+BEGIN CERTIFICATE-+)(\\n\\r?\|\\r\\n?)([A-Za-z0-9+/\\n\\r]+=)(\\n\\r?\|\\r\\n?)(-+END CERTIFICATE-+)/g;\n\n const publicKeys: string[] = [];\n\n // Match all possible certificates, in the order they are in the file. These will form the chain that is used for x5c\n let match;\n do {\n match = certificatePattern.exec(this.certificateString);\n if (match) {\n publicKeys.push(match[3]);\n }\n } while (match);\n\n if (publicKeys.length === 0) {\n const error = new Error(\n \"The file at the specified path does not contain a PEM-encoded certificate.\"\n );\n logger.info(formatError(\"\", error));\n throw error;\n }\n\n this.certificateThumbprint = createHash(\"sha1\")\n .update(Buffer.from(publicKeys[0], \"base64\"))\n .digest(\"hex\")\n .toUpperCase();\n\n this.certificateX5t = Buffer.from(this.certificateThumbprint, \"hex\").toString(\"base64\");\n if (options && options.sendCertificateChain) {\n this.certificateX5c = publicKeys;\n }\n }\n\n /*\n Authenticates with Azure Active Directory and returns an access token if\n * successful. If authentication cannot be performed at this time, this method may\n * return null. If an error occurs during authentication, an {@link AuthenticationError}\n * containing failure details will be thrown.\n \n @param scopes - The list of scopes for which the token will have access.\n * @param options - The options used to configure any requests this\n * TokenCredential implementation might make.\n /\n public async getToken(\n scopes: string \| string[],\n options?: GetTokenOptions\n ): Promise<AccessToken \| null> {\n const { span, updatedOptions: newOptions } = createSpan(\n \"ClientCertificateCredential-getToken\",\n options\n );\n try {\n const tokenId = uuidV4();\n const urlSuffix = getIdentityTokenEndpointSuffix(this.tenantId);\n const audienceUrl = `${this.identityClient.authorityHost}/${this.tenantId}/${urlSuffix}`;\n let header: jws.Header;\n\n if (this.certificateX5c) {\n header = {\n typ: \"JWT\",\n alg: \"RS256\",\n x5t: this.certificateX5t,\n x5c: this.certificateX5c\n };\n } else {\n header = {\n typ: \"JWT\",\n alg: \"RS256\",\n x5t: this.certificateX5t\n };\n }\n\n const payload = {\n iss: this.clientId,\n sub: this.clientId,\n aud: audienceUrl,\n jti: tokenId,\n nbf: timestampInSeconds(new Date()),\n exp: timestampInSeconds(addMinutes(new Date(), SelfSignedJwtLifetimeMins))\n };\n\n const clientAssertion = jws.sign({\n header,\n payload,\n secret: this.certificateString\n });\n\n const webResource = createPipelineRequest({\n url: audienceUrl,\n method: \"POST\",\n body: qs.stringify({\n response_type: \"token\",\n grant_type: \"client_credentials\",\n client_id: this.clientId,\n client_assertion_type: \"urn:ietf:params:oauth:client-assertion-type:jwt-bearer\",\n client_assertion: clientAssertion,\n scope: typeof scopes === \"string\" ? scopes : scopes.join(\" \")\n }),\n headers: createHttpHeaders({\n Accept: \"application/json\",\n \"Content-Type\": \"application/x-www-form-urlencoded\"\n }),\n abortSignal: options && options.abortSignal,\n tracingOptions: {\n spanOptions: newOptions.tracingOptions && newOptions.tracingOptions.spanOptions,\n tracingContext: newOptions.tracingOptions && newOptions.tracingOptions.tracingContext\n }\n });\n\n const tokenResponse = await this.identityClient.sendTokenRequest(webResource);\n logger.getToken.info(formatSuccess(scopes));\n return (tokenResponse && tokenResponse.accessToken) \|\| null;\n } catch (err) {\n span.setStatus({\n code: SpanStatusCode.ERROR,\n message: err.message\n });\n logger.getToken.info(formatError(\"\", err));\n throw err;\n } finally {\n span.end();\n }\n }\n}\n","// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT license.\n\nimport qs from \"qs\";\nimport { TokenCredential, GetTokenOptions, AccessToken } from \"@azure/core-auth\";\nimport { createPipelineRequest, createHttpHeaders } from \"@azure/core-rest-pipeline\";\nimport { TokenCredentialOptions, IdentityClient } from \"../client/identityClient\";\nimport { createSpan } from \"../util/tracing\";\nimport { SpanStatusCode } from \"@azure/core-tracing\";\nimport { credentialLogger, formatSuccess, formatError } from \"../util/logging\";\nimport { getIdentityTokenEndpointSuffix } from \"../util/identityTokenEndpoint\";\nimport { checkTenantId } from \"../util/checkTenantId\";\n\nconst logger = credentialLogger(\"UsernamePasswordCredential\");\n\n/\n Enables authentication to Azure Active Directory with a user's\n * username and password. This credential requires a high degree of\n * trust so you should only use it when other, more secure credential\n * types can't be used.\n /\nexport class UsernamePasswordCredential implements TokenCredential {\n private identityClient: IdentityClient;\n private tenantId: string;\n private clientId: string;\n private username: string;\n private password: string;\n\n /\n Creates an instance of the UsernamePasswordCredential with the details\n * needed to authenticate against Azure Active Directory with a username\n * and password.\n \n @param tenantIdOrName - The Azure Active Directory tenant (directory) ID or name.\n * @param clientId - The client (application) ID of an App Registration in the tenant.\n * @param username - The user account's e-mail address (user name).\n * @param password - The user account's account password\n * @param options - Options for configuring the client which makes the authentication request.\n /\n constructor(\n tenantIdOrName: string,\n clientId: string,\n username: string,\n password: string,\n options?: TokenCredentialOptions\n ) {\n checkTenantId(logger, tenantIdOrName);\n\n this.identityClient = new IdentityClient(options);\n this.tenantId = tenantIdOrName;\n this.clientId = clientId;\n this.username = username;\n this.password = password;\n }\n\n /\n Authenticates with Azure Active Directory and returns an access token if\n * successful. If authentication cannot be performed at this time, this method may\n * return null. If an error occurs during authentication, an {@link AuthenticationError}\n * containing failure details will be thrown.\n \n @param scopes - The list of scopes for which the token will have access.\n * @param options - The options used to configure any requests this\n * TokenCredential implementation might make.\n /\n public async getToken(\n scopes: string \| string[],\n options?: GetTokenOptions\n ): Promise<AccessToken \| null> {\n const { span, updatedOptions: newOptions } = createSpan(\n \"UsernamePasswordCredential-getToken\",\n options\n );\n try {\n const urlSuffix = getIdentityTokenEndpointSuffix(this.tenantId);\n const webResource = createPipelineRequest({\n url: `${this.identityClient.authorityHost}/${this.tenantId}/${urlSuffix}`,\n method: \"POST\",\n body: qs.stringify({\n response_type: \"token\",\n grant_type: \"password\",\n client_id: this.clientId,\n username: this.username,\n password: this.password,\n scope: typeof scopes === \"string\" ? scopes : scopes.join(\" \")\n }),\n headers: createHttpHeaders({\n Accept: \"application/json\",\n \"Content-Type\": \"application/x-www-form-urlencoded\"\n }),\n abortSignal: options && options.abortSignal,\n tracingOptions: {\n spanOptions: newOptions.tracingOptions && newOptions.tracingOptions.spanOptions,\n tracingContext: newOptions.tracingOptions && newOptions.tracingOptions.tracingContext\n }\n });\n\n const tokenResponse = await this.identityClient.sendTokenRequest(webResource);\n logger.getToken.info(formatSuccess(scopes));\n return (tokenResponse && tokenResponse.accessToken) \|\| null;\n } catch (err) {\n span.setStatus({\n code: SpanStatusCode.ERROR,\n message: err.message\n });\n logger.getToken.info(formatError(scopes, err));\n throw err;\n } finally {\n span.end();\n }\n }\n}\n","// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT license.\n\nimport { AccessToken, TokenCredential, GetTokenOptions } from \"@azure/core-auth\";\nimport { TokenCredentialOptions } from \"../client/identityClient\";\nimport { ClientSecretCredential } from \"./clientSecretCredential\";\nimport { createSpan } from \"../util/tracing\";\nimport { AuthenticationError, CredentialUnavailable } from \"../client/errors\";\nimport { SpanStatusCode } from \"@azure/core-tracing\";\nimport { ClientCertificateCredential } from \"./clientCertificateCredential\";\nimport { UsernamePasswordCredential } from \"./usernamePasswordCredential\";\nimport { credentialLogger, processEnvVars, formatSuccess, formatError } from \"../util/logging\";\nimport { checkTenantId } from \"../util/checkTenantId\";\n\n/\n Contains the list of all supported environment variable names so that an\n * appropriate error message can be generated when no credentials can be\n * configured.\n \n @internal\n /\nexport const AllSupportedEnvironmentVariables = [\n \"AZURE_TENANT_ID\",\n \"AZURE_CLIENT_ID\",\n \"AZURE_CLIENT_SECRET\",\n \"AZURE_CLIENT_CERTIFICATE_PATH\",\n \"AZURE_USERNAME\",\n \"AZURE_PASSWORD\"\n];\n\nconst logger = credentialLogger(\"EnvironmentCredential\");\n\n/\n Enables authentication to Azure Active Directory using client secret\n * details configured in the following environment variables:\n \n - AZURE_TENANT_ID: The Azure Active Directory tenant (directory) ID.\n * - AZURE_CLIENT_ID: The client (application) ID of an App Registration in the tenant.\n * - AZURE_CLIENT_SECRET: A client secret that was generated for the App Registration.\n \n This credential ultimately uses a {@link ClientSecretCredential} to\n * perform the authentication using these details. Please consult the\n * documentation of that class for more details.\n /\nexport class EnvironmentCredential implements TokenCredential {\n private _credential?: TokenCredential = undefined;\n /\n Creates an instance of the EnvironmentCredential class and reads\n * client secret details from environment variables. If the expected\n * environment variables are not found at this time, the getToken method\n * will return null when invoked.\n \n @param options - Options for configuring the client which makes the authentication request.\n /\n constructor(options?: TokenCredentialOptions) {\n // Keep track of any missing environment variables for error details\n\n const assigned = processEnvVars(AllSupportedEnvironmentVariables).assigned.join(\", \");\n logger.info(`Found the following environment variables: ${assigned}`);\n\n const tenantId = process.env.AZURE_TENANT_ID,\n clientId = process.env.AZURE_CLIENT_ID,\n clientSecret = process.env.AZURE_CLIENT_SECRET;\n\n if (tenantId) {\n checkTenantId(logger, tenantId);\n }\n\n if (tenantId && clientId && clientSecret) {\n logger.info(\n `Invoking ClientSecretCredential with tenant ID: ${tenantId}, clientId: ${clientId} and clientSecret: [REDACTED]`\n );\n this._credential = new ClientSecretCredential(tenantId, clientId, clientSecret, options);\n return;\n }\n\n const certificatePath = process.env.AZURE_CLIENT_CERTIFICATE_PATH;\n if (tenantId && clientId && certificatePath) {\n logger.info(\n `Invoking ClientCertificateCredential with tenant ID: ${tenantId}, clientId: ${clientId} and certificatePath: ${certificatePath}`\n );\n this._credential = new ClientCertificateCredential(\n tenantId,\n clientId,\n certificatePath,\n options\n );\n return;\n }\n\n const username = process.env.AZURE_USERNAME;\n const password = process.env.AZURE_PASSWORD;\n if (tenantId && clientId && username && password) {\n logger.info(\n `Invoking UsernamePasswordCredential with tenant ID: ${tenantId}, clientId: ${clientId} and username: ${username}`\n );\n this._credential = new UsernamePasswordCredential(\n tenantId,\n clientId,\n username,\n password,\n options\n );\n }\n }\n\n /\n Authenticates with Azure Active Directory and returns an access token if\n * successful. If authentication cannot be performed at this time, this method may\n * return null. If an error occurs during authentication, an {@link AuthenticationError}\n * containing failure details will be thrown.\n \n @param scopes - The list of scopes for which the token will have access.\n * @param options - The options used to configure any requests this\n * TokenCredential implementation might make.\n /\n async getToken(\n scopes: string \| string[],\n options?: GetTokenOptions\n ): Promise<AccessToken \| null> {\n const { span, updatedOptions: newOptions } = createSpan(\n \"EnvironmentCredential-getToken\",\n options\n );\n if (this._credential) {\n try {\n const result = await this._credential.getToken(scopes, newOptions);\n logger.getToken.info(formatSuccess(scopes));\n return result;\n } catch (err) {\n span.setStatus({\n code: SpanStatusCode.ERROR,\n message: err.message\n });\n const authenticationError = new AuthenticationError(400, {\n error: \"EnvironmentCredential authentication failed.\",\n error_description: err.message\n .toString()\n .split(\"More details:\")\n .join(\"\")\n });\n logger.getToken.info(formatError(scopes, authenticationError));\n throw authenticationError;\n } finally {\n span.end();\n }\n }\n\n // If by this point we don't have a credential, throw an exception so that\n // the user knows the credential was not configured appropriately\n span.setStatus({ code: SpanStatusCode.ERROR });\n span.end();\n const error = new CredentialUnavailable(\n \"EnvironmentCredential is unavailable. Environment variables are not fully configured.\"\n );\n logger.getToken.info(formatError(scopes, error));\n throw error;\n }\n}\n","// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT license.\n\nexport const DefaultScopeSuffix = \"/.default\";\n\nexport const imdsHost = \"http://169.254.169.254\";\nexport const imdsEndpointPath = \"/metadata/identity/oauth2/token\";\nexport const imdsApiVersion = \"2018-02-01\";\nexport const azureArcAPIVersion = \"2019-11-01\";\nexport const azureFabricVersion = \"2019-07-01-preview\";\n","// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT license.\n\nimport { AccessToken, GetTokenOptions } from \"@azure/core-auth\";\nimport { PipelineRequestOptions, createPipelineRequest } from \"@azure/core-rest-pipeline\";\nimport { IdentityClient } from \"../../client/identityClient\";\nimport { DefaultScopeSuffix } from \"./constants\";\nimport { MSIExpiresInParser } from \"./models\";\n\nexport function mapScopesToResource(scopes: string \| string[]): string {\n let scope = \"\";\n if (Array.isArray(scopes)) {\n if (scopes.length !== 1) {\n throw new Error(\n \"To convert to a resource string the specified array must be exactly length 1\"\n );\n }\n\n scope = scopes[0];\n } else if (typeof scopes === \"string\") {\n scope = scopes;\n }\n\n if (!scope.endsWith(DefaultScopeSuffix)) {\n return scope;\n }\n\n return scope.substr(0, scope.lastIndexOf(DefaultScopeSuffix));\n}\n\nexport async function msiGenericGetToken(\n identityClient: IdentityClient,\n requestOptions: PipelineRequestOptions,\n expiresInParser: MSIExpiresInParser \| undefined,\n getTokenOptions: GetTokenOptions = {}\n): Promise<AccessToken \| null> {\n const request = createPipelineRequest({\n abortSignal: getTokenOptions.abortSignal,\n tracingOptions: {\n spanOptions: getTokenOptions.tracingOptions && getTokenOptions.tracingOptions.spanOptions,\n tracingContext:\n getTokenOptions.tracingOptions && getTokenOptions.tracingOptions.tracingContext\n },\n ...requestOptions,\n allowInsecureConnection: true\n });\n\n const tokenResponse = await identityClient.sendTokenRequest(request, expiresInParser);\n\n return (tokenResponse && tokenResponse.accessToken) \|\| null;\n}\n","// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT license.\n\nimport qs from \"qs\";\nimport { createHttpHeaders, PipelineRequestOptions } from \"@azure/core-rest-pipeline\";\nimport { AccessToken, GetTokenOptions } from \"@azure/core-auth\";\nimport { MSI } from \"./models\";\nimport { credentialLogger } from \"../../util/logging\";\nimport { IdentityClient } from \"../../client/identityClient\";\nimport { msiGenericGetToken } from \"./utils\";\n\nconst logger = credentialLogger(\"ManagedIdentityCredential - CloudShellMSI\");\n\n// Cloud Shell MSI doesn't have a special expiresIn parser.\nconst expiresInParser = undefined;\n\nfunction prepareRequestOptions(resource: string, clientId?: string): PipelineRequestOptions {\n const body: any = {\n resource\n };\n\n if (clientId) {\n body.client_id = clientId;\n }\n\n return {\n url: process.env.MSI_ENDPOINT!,\n method: \"POST\",\n body: qs.stringify(body),\n headers: createHttpHeaders({\n Accept: \"application/json\",\n Metadata: \"true\",\n \"Content-Type\": \"application/x-www-form-urlencoded\"\n })\n };\n}\n\nexport const cloudShellMsi: MSI = {\n async isAvailable(): Promise<boolean> {\n return Boolean(process.env.MSI_ENDPOINT);\n },\n async getToken(\n identityClient: IdentityClient,\n resource: string,\n clientId?: string,\n getTokenOptions: GetTokenOptions = {}\n ): Promise<AccessToken \| null> {\n logger.info(\n `Using the endpoint coming form the environment variable MSI_ENDPOINT=${process.env.MSI_ENDPOINT}, and using the Cloud Shell to proceed with the authentication.`\n );\n\n return msiGenericGetToken(\n identityClient,\n prepareRequestOptions(resource, clientId),\n expiresInParser,\n getTokenOptions\n );\n }\n};\n","// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT license.\n\nimport qs from \"qs\";\nimport { AccessToken, GetTokenOptions } from \"@azure/core-auth\";\nimport {\n createHttpHeaders,\n PipelineRequestOptions,\n createPipelineRequest,\n RawHttpHeaders,\n RestError\n} from \"@azure/core-rest-pipeline\";\nimport { SpanStatusCode } from \"@azure/core-tracing\";\nimport { IdentityClient } from \"../../client/identityClient\";\nimport { credentialLogger } from \"../../util/logging\";\nimport { createSpan } from \"../../util/tracing\";\nimport { imdsApiVersion, imdsHost, imdsEndpointPath } from \"./constants\";\nimport { MSI } from \"./models\";\nimport { msiGenericGetToken } from \"./utils\";\n\nconst logger = credentialLogger(\"ManagedIdentityCredential - IMDS\");\n\nfunction expiresInParser(requestBody: any): number {\n if (requestBody.expires_on) {\n // Use the expires_on timestamp if it's available\n const expires = +requestBody.expires_on 1000;\n logger.info(`IMDS using expires_on: ${expires} (original value: ${requestBody.expires_on})`);\n return expires;\n } else {\n // If these aren't possible, use expires_in and calculate a timestamp\n const expires = Date.now() + requestBody.expires_in * 1000;\n logger.info(`IMDS using expires_in: ${expires} (original value: ${requestBody.expires_in})`);\n return expires;\n }\n}\n\nfunction prepareRequestOptions(\n resource?: string,\n clientId?: string,\n options?: {\n skipQuery?: boolean;\n skipMetadataHeader?: boolean;\n }\n): PipelineRequestOptions {\n const queryParameters: any = {\n resource,\n \"api-version\": imdsApiVersion\n };\n\n if (clientId) {\n queryParameters.client_id = clientId;\n }\n\n const url = new URL(imdsEndpointPath, process.env.AZURE_POD_IDENTITY_AUTHORITY_HOST ?? imdsHost);\n\n const { skipQuery, skipMetadataHeader } = options \|\| {};\n\n // Pod Identity will try to process this request even if the Metadata header is missing.\n // We can exclude the request query to ensure no IMDS endpoint tries to process the ping request.\n let query = \"\";\n if (!skipQuery) {\n query = `?${qs.stringify(queryParameters)}`;\n }\n\n const headersSource: RawHttpHeaders = {\n Accept: \"application/json\",\n Metadata: \"true\"\n };\n // Remove the Metadata header to invoke a request error from some IMDS endpoints.\n if (skipMetadataHeader) {\n delete headersSource.Metadata;\n }\n\n return {\n url: `${url}${query}`,\n method: \"GET\",\n headers: createHttpHeaders(headersSource)\n };\n}\n\nexport const imdsMsi: MSI = {\n async isAvailable(\n identityClient: IdentityClient,\n resource: string,\n clientId?: string,\n getTokenOptions?: GetTokenOptions\n ): Promise<boolean> {\n // if the PodIdenityEndpoint environment variable was set no need to probe the endpoint, it can be assumed to exist\n if (process.env.AZURE_POD_IDENTITY_AUTHORITY_HOST) {\n return true;\n }\n\n const { span, updatedOptions: options } = createSpan(\n \"ManagedIdentityCredential-pingImdsEndpoint\",\n getTokenOptions\n );\n\n try {\n // Create a request with a timeout since we expect that\n // not having a \"Metadata\" header should cause an error to be\n // returned quickly from the endpoint, proving its availability.\n // Later we found that skipping the query parameters is also necessary in some cases.\n const requestOptions = prepareRequestOptions(resource, clientId, {\n skipMetadataHeader: true,\n skipQuery: true\n });\n requestOptions.tracingOptions = {\n spanOptions: options.tracingOptions && options.tracingOptions.spanOptions,\n tracingContext: options.tracingOptions && options.tracingOptions.tracingContext\n };\n const request = createPipelineRequest(requestOptions);\n\n request.timeout = options.requestOptions?.timeout ?? 300;\n\n // This MSI uses the imdsEndpoint to get the token, which only uses http://\n request.allowInsecureConnection = true;\n\n try {\n logger.info(`Pinging IMDS endpoint`);\n await identityClient.sendRequest(request);\n } catch (err) {\n if (\n (err instanceof RestError && err.code === RestError.REQUEST_SEND_ERROR) \|\|\n err.name === \"AbortError\" \|\|\n err.code === \"ECONNREFUSED\" \|\| // connection refused\n err.code === \"EHOSTDOWN\" // host is down\n ) {\n // If the request failed, or NodeJS was unable to establish a connection,\n // or the host was down, we'll assume the IMDS endpoint isn't available.\n logger.info(`IMDS endpoint unavailable`);\n span.setStatus({\n code: SpanStatusCode.ERROR,\n message: err.message\n });\n\n // IMDS MSI unavailable.\n return false;\n }\n }\n\n // If we received any response, the endpoint is available\n logger.info(`IMDS endpoint is available`);\n\n // IMDS MSI available!\n return true;\n } catch (err) {\n // createWebResource failed.\n // This error should bubble up to the user.\n logger.info(`Error when creating the WebResource for the IMDS endpoint: ${err.message}`);\n span.setStatus({\n code: SpanStatusCode.ERROR,\n message: err.message\n });\n throw err;\n } finally {\n span.end();\n }\n },\n async getToken(\n identityClient: IdentityClient,\n resource: string,\n clientId?: string,\n getTokenOptions: GetTokenOptions = {}\n ): Promise<AccessToken \| null> {\n logger.info(\n `Using the IMDS endpoint coming form the environment variable MSI_ENDPOINT=${process.env.MSI_ENDPOINT}, and using the cloud shell to proceed with the authentication.`\n );\n\n return msiGenericGetToken(\n identityClient,\n prepareRequestOptions(resource, clientId),\n expiresInParser,\n getTokenOptions\n );\n }\n};\n","// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT license.\n\nimport qs from \"qs\";\nimport { AccessToken, GetTokenOptions } from \"@azure/core-auth\";\nimport { createHttpHeaders, PipelineRequestOptions } from \"@azure/core-rest-pipeline\";\n\nimport { IdentityClient } from \"../../client/identityClient\";\nimport { credentialLogger } from \"../../util/logging\";\nimport { MSI } from \"./models\";\nimport { msiGenericGetToken } from \"./utils\";\n\nconst logger = credentialLogger(\"ManagedIdentityCredential - AppServiceMSI 2017\");\n\nfunction expiresInParser(requestBody: any): number {\n // Parse a date format like \"06/20/2019 02:57:58 +00:00\" and\n // convert it into a JavaScript-formatted date\n return Date.parse(requestBody.expires_on);\n}\n\nfunction prepareRequestOptions(resource: string, clientId?: string): PipelineRequestOptions {\n const queryParameters: any = {\n resource,\n \"api-version\": \"2017-09-01\"\n };\n\n if (clientId) {\n queryParameters.clientid = clientId;\n }\n\n const query = qs.stringify(queryParameters);\n\n return {\n url: `${process.env.MSI_ENDPOINT!}?${query}`,\n method: \"GET\",\n headers: createHttpHeaders({\n Accept: \"application/json\",\n secret: process.env.MSI_SECRET!\n })\n };\n}\n\nexport const appServiceMsi2017: MSI = {\n async isAvailable(): Promise<boolean> {\n const env = process.env;\n const result = Boolean(env.MSI_ENDPOINT && env.MSI_SECRET);\n if (!result) {\n logger.info(\"The Azure App Service MSI 2017 is unavailable.\");\n }\n return result;\n },\n async getToken(\n identityClient: IdentityClient,\n resource: string,\n clientId?: string,\n getTokenOptions: GetTokenOptions = {}\n ): Promise<AccessToken \| null> {\n logger.info(\n `Using the endpoint and the secret coming form the environment variables: MSI_ENDPOINT=${process.env.MSI_ENDPOINT} and MSI_SECRET=[REDACTED].`\n );\n\n return msiGenericGetToken(\n identityClient,\n prepareRequestOptions(resource, clientId),\n expiresInParser,\n getTokenOptions\n );\n }\n};\n","// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT license.\n\nimport qs from \"qs\";\nimport {\n createHttpHeaders,\n createPipelineRequest,\n PipelineRequestOptions\n} from \"@azure/core-rest-pipeline\";\nimport { AccessToken, GetTokenOptions } from \"@azure/core-auth\";\nimport { MSI } from \"./models\";\nimport { credentialLogger } from \"../../util/logging\";\nimport { IdentityClient } from \"../../client/identityClient\";\nimport { msiGenericGetToken } from \"./utils\";\nimport { azureArcAPIVersion } from \"./constants\";\nimport { AuthenticationError } from \"../../client/errors\";\nimport { readFile } from \"fs\";\n\nconst logger = credentialLogger(\"ManagedIdentityCredential - ArcMSI\");\n\n// Azure Arc MSI doesn't have a special expiresIn parser.\nconst expiresInParser = undefined;\n\nfunction prepareRequestOptions(resource?: string): PipelineRequestOptions {\n const queryParameters: any = {\n resource,\n \"api-version\": azureArcAPIVersion\n };\n\n const query = qs.stringify(queryParameters);\n\n return {\n // Should be similar to: http://localhost:40342/metadata/identity/oauth2/token\n url: `${process.env.IDENTITY_ENDPOINT!}?${query}`,\n method: \"GET\",\n headers: createHttpHeaders({\n Accept: \"application/json\",\n Metadata: \"true\"\n })\n };\n}\n\n// Since \"fs\"'s readFileSync locks the thread, and to avoid extra dependencies.\nfunction readFileAsync(path: string, options: { encoding: string }): Promise<string> {\n return new Promise((resolve, reject) =>\n readFile(path, options, (err, data) => {\n if (err) {\n reject(err);\n }\n resolve(data);\n })\n );\n}\n\nasync function filePathRequest(\n identityClient: IdentityClient,\n requestPrepareOptions: PipelineRequestOptions\n): Promise<string \| undefined> {\n const response = await identityClient.sendRequest(createPipelineRequest(requestPrepareOptions));\n\n if (response.status !== 401) {\n let message = \"\";\n if (response.bodyAsText) {\n message = ` Response: ${response.bodyAsText}`;\n }\n throw new AuthenticationError(\n response.status,\n `To authenticate with Azure Arc MSI, status code 401 is expected on the first request.${message}`\n );\n }\n\n const authHeader = response.headers.get(\"www-authenticate\") \|\| \"\";\n return authHeader.split(\"=\").slice(1)[0];\n}\n\nexport const arcMsi: MSI = {\n async isAvailable(): Promise<boolean> {\n const result = Boolean(process.env.IMDS_ENDPOINT && process.env.IDENTITY_ENDPOINT);\n if (!result) {\n logger.info(\"The Azure Arc MSI is unavailable.\");\n }\n return result;\n },\n async getToken(\n identityClient: IdentityClient,\n resource?: string,\n clientId?: string,\n getTokenOptions: GetTokenOptions = {}\n ): Promise<AccessToken \| null> {\n logger.info(`Using the Azure Arc MSI to authenticate.`);\n\n if (clientId) {\n throw new Error(\n \"User assigned identity is not supported by the Azure Arc Managed Identity Endpoint. To authenticate with the system assigned identity omit the client id when constructing the ManagedIdentityCredential, or if authenticating with the DefaultAzureCredential ensure the AZURE_CLIENT_ID environment variable is not set.\"\n );\n }\n\n const requestOptions = {\n allowInsecureConnection: true,\n disableJsonStringifyOnBody: true,\n deserializationMapper: undefined,\n abortSignal: getTokenOptions.abortSignal,\n spanOptions: getTokenOptions.tracingOptions && getTokenOptions.tracingOptions.spanOptions,\n ...prepareRequestOptions(resource)\n };\n\n const filePath = await filePathRequest(identityClient, requestOptions);\n\n if (!filePath) {\n throw new Error(\"Azure Arc MSI failed to find the token file.\");\n }\n\n const key = await readFileAsync(filePath, { encoding: \"utf-8\" });\n requestOptions.headers?.set(\"Authorization\", `Basic ${key}`);\n\n return msiGenericGetToken(identityClient, requestOptions, expiresInParser, getTokenOptions);\n }\n};\n","// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT license.\n\nimport { AccessToken, GetTokenOptions, TokenCredential } from \"@azure/core-auth\";\nimport { IdentityClient, TokenCredentialOptions } from \"../../client/identityClient\";\nimport { createSpan } from \"../../util/tracing\";\nimport { AuthenticationError, CredentialUnavailable } from \"../../client/errors\";\nimport { SpanStatusCode } from \"@azure/core-tracing\";\nimport { credentialLogger, formatSuccess, formatError } from \"../../util/logging\";\nimport { mapScopesToResource } from \"./utils\";\nimport { cloudShellMsi } from \"./cloudShellMsi\";\nimport { imdsMsi } from \"./imdsMsi\";\nimport { MSI } from \"./models\";\nimport { appServiceMsi2017 } from \"./appServiceMsi2017\";\nimport { arcMsi } from \"./arcMsi\";\n\nconst logger = credentialLogger(\"ManagedIdentityCredential\");\n\n/*\n Attempts authentication using a managed identity that has been assigned\n * to the deployment environment. This authentication type works in Azure VMs,\n * App Service and Azure Functions applications, and inside of Azure Cloud Shell.\n \n More information about configuring managed identities can be found here:\n \n https://docs.microsoft.com/en-us/azure/active-directory/managed-identities-azure-resources/overview\n /\nexport class ManagedIdentityCredential implements TokenCredential {\n private identityClient: IdentityClient;\n private clientId: string \| undefined;\n private isEndpointUnavailable: boolean \| null = null;\n\n /\n Creates an instance of ManagedIdentityCredential with the client ID of a\n * user-assigned identity.\n \n @param clientId - The client ID of the user-assigned identity.\n * @param options - Options for configuring the client which makes the access token request.\n /\n constructor(clientId: string, options?: TokenCredentialOptions);\n /\n Creates an instance of ManagedIdentityCredential\n \n @param options - Options for configuring the client which makes the access token request.\n /\n constructor(options?: TokenCredentialOptions);\n /\n @internal\n * @hidden\n /\n constructor(\n clientIdOrOptions: string \| TokenCredentialOptions \| undefined,\n options?: TokenCredentialOptions\n ) {\n if (typeof clientIdOrOptions === \"string\") {\n // clientId, options constructor\n this.clientId = clientIdOrOptions;\n this.identityClient = new IdentityClient({\n ...options\n });\n } else {\n // options only constructor\n this.identityClient = new IdentityClient(clientIdOrOptions);\n }\n }\n\n private cachedMSI: MSI \| undefined;\n\n private async cachedAvailableMSI(\n resource: string,\n clientId?: string,\n getTokenOptions?: GetTokenOptions\n ): Promise<MSI> {\n if (this.cachedMSI) {\n return this.cachedMSI;\n }\n\n // \"fabricMsi\" can't be added yet because our HTTPs pipeline doesn't allow skipping the SSL verification step,\n // which is necessary since Service Fabric only provides self-signed certificates on their Identity Endpoint.\n const MSIs = [appServiceMsi2017, cloudShellMsi, arcMsi, imdsMsi];\n\n for (const msi of MSIs) {\n if (await msi.isAvailable(this.identityClient, resource, clientId, getTokenOptions)) {\n this.cachedMSI = msi;\n return msi;\n }\n }\n\n throw new CredentialUnavailable(\"ManagedIdentityCredential - No MSI credential available\");\n }\n\n private async authenticateManagedIdentity(\n scopes: string \| string[],\n clientId?: string,\n getTokenOptions?: GetTokenOptions\n ): Promise<AccessToken \| null> {\n const resource = mapScopesToResource(scopes);\n const { span, updatedOptions: options } = createSpan(\n \"ManagedIdentityCredential-authenticateManagedIdentity\",\n getTokenOptions\n );\n\n try {\n // Determining the available MSI, and avoiding checking for other MSIs while the program is running.\n const availableMSI = await this.cachedAvailableMSI(resource, clientId, options);\n\n return availableMSI.getToken(this.identityClient, resource, clientId, options);\n } catch (err) {\n span.setStatus({\n code: SpanStatusCode.ERROR,\n message: err.message\n });\n throw err;\n } finally {\n span.end();\n }\n }\n\n /\n Authenticates with Azure Active Directory and returns an access token if\n * successful. If authentication cannot be performed at this time, this method may\n * return null. If an error occurs during authentication, an {@link AuthenticationError}\n * containing failure details will be thrown.\n \n @param scopes - The list of scopes for which the token will have access.\n * @param options - The options used to configure any requests this\n * TokenCredential implementation might make.\n /\n public async getToken(\n scopes: string \| string[],\n options?: GetTokenOptions\n ): Promise<AccessToken \| null> {\n let result: AccessToken \| null = null;\n\n const { span, updatedOptions: newOptions } = createSpan(\n \"ManagedIdentityCredential-getToken\",\n options\n );\n\n try {\n // isEndpointAvailable can be true, false, or null,\n // If it's null, it means we don't yet know whether\n // the endpoint is available and need to check for it.\n if (this.isEndpointUnavailable !== true) {\n result = await this.authenticateManagedIdentity(scopes, this.clientId, newOptions);\n\n if (result === null) {\n // If authenticateManagedIdentity returns null,\n // it means no MSI endpoints are available.\n // If so, we avoid trying to reach to them in future requests.\n this.isEndpointUnavailable = true;\n\n // It also means that the endpoint answered with either 200 or 201 (see the sendTokenRequest method),\n // yet we had no access token. For this reason, we'll throw once with a specific message:\n const error = new CredentialUnavailable(\n \"The managed identity endpoint was reached, yet no tokens were received.\"\n );\n logger.getToken.info(formatError(scopes, error));\n throw error;\n }\n\n // Since `authenticateManagedIdentity` didn't throw, and the result was not null,\n // We will assume that this endpoint is reachable from this point forward,\n // and avoid pinging again to it.\n this.isEndpointUnavailable = false;\n } else {\n // We've previously determined that the endpoint was unavailable,\n // either because it was unreachable or permanently unable to authenticate.\n const error = new CredentialUnavailable(\n \"The managed identity endpoint is not currently available\"\n );\n logger.getToken.info(formatError(scopes, error));\n throw error;\n }\n\n logger.getToken.info(formatSuccess(scopes));\n return result;\n } catch (err) {\n // CredentialUnavailable errors are expected to reach here.\n // We intend them to bubble up, so that DefaultAzureCredential can catch them.\n if (err instanceof CredentialUnavailable) {\n throw err;\n }\n\n // Expected errors to reach this point:\n // - Errors coming from a method unexpectedly breaking.\n // - When identityClient.sendTokenRequest throws, in which case\n // if the status code was 400, it means that the endpoint is working,\n // but no identity is available.\n\n span.setStatus({\n code: SpanStatusCode.ERROR,\n message: err.message\n });\n\n // If either the network is unreachable,\n // we can safely assume the credential is unavailable.\n if (err.code === \"ENETUNREACH\") {\n const error = new CredentialUnavailable(\n \"ManagedIdentityCredential is unavailable. Network unreachable.\"\n );\n\n logger.getToken.info(formatError(scopes, error));\n throw error;\n }\n\n // If either the host was unreachable,\n // we can safely assume the credential is unavailable.\n if (err.code === \"EHOSTUNREACH\") {\n const error = new CredentialUnavailable(\n \"ManagedIdentityCredential is unavailable. No managed identity endpoint found.\"\n );\n\n logger.getToken.info(formatError(scopes, error));\n throw error;\n }\n\n // If err.statusCode has a value of 400, it comes from sendTokenRequest,\n // and it means that the endpoint is working, but that no identity is available.\n if (err.statusCode === 400) {\n throw new CredentialUnavailable(\n \"The managed identity endpoint is indicating there's no available identity\"\n );\n }\n\n // If the error has no status code, we can assume there was no available identity.\n // This will throw silently during any ChainedTokenCredential.\n if (err.statusCode === undefined) {\n throw new CredentialUnavailable(\n `ManagedIdentityCredential authentication failed. Message ${err.message}`\n );\n }\n\n // Any other error should break the chain.\n throw new AuthenticationError(err.statusCode, {\n error: \"ManagedIdentityCredential authentication failed.\",\n error_description: err.message\n });\n } finally {\n // Finally is always called, both if we return and if we throw in the above try/catch.\n span.end();\n }\n }\n}\n","// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT license.\n\nimport { TokenCredential, GetTokenOptions, AccessToken } from \"@azure/core-auth\";\nimport { createSpan } from \"../util/tracing\";\nimport { CredentialUnavailable } from \"../client/errors\";\nimport { SpanStatusCode } from \"@azure/core-tracing\";\nimport { credentialLogger, formatSuccess, formatError } from \"../util/logging\";\nimport as child_process from \"child_process\";\n\nfunction getSafeWorkingDir(): string {\n if (process.platform === \"win32\") {\n if (!process.env.SystemRoot) {\n throw new Error(\"Azure CLI credential expects a 'SystemRoot' environment variable\");\n }\n return process.env.SystemRoot;\n } else {\n return \"/bin\";\n }\n}\n\nconst logger = credentialLogger(\"AzureCliCredential\");\n\n/*\n This credential will use the currently logged-in user login information\n * via the Azure CLI ('az') commandline tool.\n * To do so, it will read the user access token and expire time\n * with Azure CLI command \"az account get-access-token\".\n * To be able to use this credential, ensure that you have already logged\n * in via the 'az' tool using the command \"az login\" from the commandline.\n /\nexport class AzureCliCredential implements TokenCredential {\n /\n Gets the access token from Azure CLI\n * @param resource - The resource to use when getting the token\n /\n protected async getAzureCliAccessToken(\n resource: string\n ): Promise<{ stdout: string; stderr: string; error: Error \| null }> {\n return new Promise((resolve, reject) => {\n try {\n child_process.exec(\n `az account get-access-token --output json --resource ${resource}`,\n { cwd: getSafeWorkingDir() },\n (error, stdout, stderr) => {\n resolve({ stdout: stdout, stderr: stderr, error });\n }\n );\n } catch (err) {\n reject(err);\n }\n });\n }\n\n /\n Authenticates with Azure Active Directory and returns an access token if\n * successful. If authentication cannot be performed at this time, this method may\n * return null. If an error occurs during authentication, an {@link AuthenticationError}\n * containing failure details will be thrown.\n \n @param scopes - The list of scopes for which the token will have access.\n * @param options - The options used to configure any requests this\n * TokenCredential implementation might make.\n /\n public async getToken(\n scopes: string \| string[],\n options?: GetTokenOptions\n ): Promise<AccessToken \| null> {\n return new Promise((resolve, reject) => {\n const scope = typeof scopes === \"string\" ? scopes : scopes[0];\n logger.getToken.info(`Using the scope ${scope}`);\n\n const resource = scope.replace(/\\/.default$/, \"\");\n\n // Check to make sure the scope we get back is a valid scope\n if (!scope.match(/^[0-9a-zA-Z-.:/]+$/)) {\n const error = new Error(\"Invalid scope was specified by the user or calling client\");\n logger.getToken.info(formatError(scopes, error));\n throw error;\n }\n\n let responseData = \"\";\n\n const { span } = createSpan(\"AzureCliCredential-getToken\", options);\n this.getAzureCliAccessToken(resource)\n .then((obj: any) => {\n if (obj.stderr) {\n const isLoginError = obj.stderr.match(\"(.)az login(.)\");\n const isNotInstallError =\n obj.stderr.match(\"az:(.)not found\") \|\|\n obj.stderr.startsWith(\"'az' is not recognized\");\n if (isNotInstallError) {\n const error = new CredentialUnavailable(\n \"Azure CLI could not be found. Please visit https://aka.ms/azure-cli for installation instructions and then, once installed, authenticate to your Azure account using 'az login'.\"\n );\n logger.getToken.info(formatError(scopes, error));\n throw error;\n } else if (isLoginError) {\n const error = new CredentialUnavailable(\n \"Please run 'az login' from a command prompt to authenticate before using this credential.\"\n );\n logger.getToken.info(formatError(scopes, error));\n throw error;\n }\n const error = new CredentialUnavailable(obj.stderr);\n logger.getToken.info(formatError(scopes, error));\n throw error;\n } else {\n responseData = obj.stdout;\n const response: { accessToken: string; expiresOn: string } = JSON.parse(responseData);\n logger.getToken.info(formatSuccess(scopes));\n const returnValue = {\n token: response.accessToken,\n expiresOnTimestamp: new Date(response.expiresOn).getTime()\n };\n resolve(returnValue);\n return returnValue;\n }\n })\n .catch((err) => {\n span.setStatus({\n code: SpanStatusCode.ERROR,\n message: err.message\n });\n logger.getToken.info(formatError(scopes, err));\n reject(err);\n });\n });\n }\n}\n","// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT license.\n\nimport { TokenCredential, AccessToken, GetTokenOptions } from \"@azure/core-auth\";\nimport { TokenCredentialOptions, IdentityClient } from \"../client/identityClient\";\nimport fs from \"fs\";\nimport os from \"os\";\nimport path from \"path\";\n\nlet keytar: any;\ntry {\n // eslint-disable-next-line @typescript-eslint/no-require-imports\n keytar = require(\"keytar\");\n} catch (er) {\n keytar = null;\n}\n\nimport { CredentialUnavailable } from \"../client/errors\";\nimport { credentialLogger, formatSuccess, formatError } from \"../util/logging\";\nimport { AzureAuthorityHosts } from \"../constants\";\nimport { checkTenantId } from \"../util/checkTenantId\";\n\nconst CommonTenantId = \"common\";\nconst AzureAccountClientId = \"aebc6443-996d-45c2-90f0-388ff96faa56\"; // VSC: 'aebc6443-996d-45c2-90f0-388ff96faa56'\nconst VSCodeUserName = \"VS Code Azure\";\nconst logger = credentialLogger(\"VisualStudioCodeCredential\");\n\n// Map of unsupported Tenant IDs and the errors we will be throwing.\nconst unsupportedTenantIds: Record<string, string> = {\n adfs: \"The VisualStudioCodeCredential does not support authentication with ADFS tenants.\"\n};\n\nfunction checkUnsupportedTenant(tenantId: string): void {\n // If the Tenant ID isn't supported, we throw.\n const unsupportedTenantError = unsupportedTenantIds[tenantId];\n if (unsupportedTenantError) {\n throw new CredentialUnavailable(unsupportedTenantError);\n }\n}\n\ntype VSCodeCloudNames = \"AzureCloud\" \| \"AzureChina\" \| \"AzureGermanCloud\" \| \"AzureUSGovernment\";\n\nconst mapVSCodeAuthorityHosts: Record<VSCodeCloudNames, string> = {\n AzureCloud: AzureAuthorityHosts.AzurePublicCloud,\n AzureChina: AzureAuthorityHosts.AzureChina,\n AzureGermanCloud: AzureAuthorityHosts.AzureGermany,\n AzureUSGovernment: AzureAuthorityHosts.AzureGovernment\n};\n\n/*\n Attempts to load a specific property from the VSCode configurations of the current OS.\n * If it fails at any point, returns undefined.\n /\nexport function getPropertyFromVSCode(property: string): string \| undefined {\n const settingsPath = [\"User\", \"settings.json\"];\n // Eventually we can add more folders for more versions of VSCode.\n const vsCodeFolder = \"Code\";\n const homedir = os.homedir();\n\n function loadProperty(...pathSegments: string[]): string \| undefined {\n const fullPath = path.join(...pathSegments, vsCodeFolder, ...settingsPath);\n const settings = JSON.parse(fs.readFileSync(fullPath, { encoding: \"utf8\" }));\n return settings[property];\n }\n\n try {\n let appData: string;\n switch (process.platform) {\n case \"win32\":\n appData = process.env.APPDATA!;\n return appData ? loadProperty(appData) : undefined;\n case \"darwin\":\n return loadProperty(homedir, \"Library\", \"Application Support\");\n case \"linux\":\n return loadProperty(homedir, \".config\");\n default:\n return;\n }\n } catch (e) {\n logger.info(`Failed to load the Visual Studio Code configuration file. Error: ${e.message}`);\n return;\n }\n}\n\n/\n Provides options to configure the Visual Studio Code credential.\n /\nexport interface VisualStudioCodeCredentialOptions extends TokenCredentialOptions {\n /\n Optionally pass in a Tenant ID to be used as part of the credential\n /\n tenantId?: string;\n}\n\n/\n Connect to Azure using the credential provided by the VSCode extension 'Azure Account'.\n * Once the user has logged in via the extension, this credential can share the same refresh token\n * that is cached by the extension.\n /\nexport class VisualStudioCodeCredential implements TokenCredential {\n private identityClient: IdentityClient;\n private tenantId: string;\n private cloudName: VSCodeCloudNames;\n\n /\n Creates an instance of VisualStudioCodeCredential to use for automatically authenticating via VSCode.\n \n @param options - Options for configuring the client which makes the authentication request.\n /\n constructor(options?: VisualStudioCodeCredentialOptions) {\n // We want to make sure we use the one assigned by the user on the VSCode settings.\n // Or just `AzureCloud` by default.\n this.cloudName = (getPropertyFromVSCode(\"azure.cloud\") \|\| \"AzureCloud\") as VSCodeCloudNames;\n\n // Picking an authority host based on the cloud name.\n const authorityHost = mapVSCodeAuthorityHosts[this.cloudName];\n\n this.identityClient = new IdentityClient({\n authorityHost,\n ...options\n });\n\n if (options && options.tenantId) {\n checkTenantId(logger, options.tenantId);\n\n this.tenantId = options.tenantId;\n } else {\n this.tenantId = CommonTenantId;\n }\n checkUnsupportedTenant(this.tenantId);\n }\n\n /\n Runs preparations for any further getToken request.\n /\n private async prepare(): Promise<void> {\n // Attempts to load the tenant from the VSCode configuration file.\n const settingsTenant = getPropertyFromVSCode(\"azure.tenant\");\n if (settingsTenant) {\n this.tenantId = settingsTenant;\n }\n checkUnsupportedTenant(this.tenantId);\n }\n\n /\n The promise of the single preparation that will be executed at the first getToken request for an instance of this class.\n /\n private preparePromise: Promise<void> \| undefined;\n\n /\n Runs preparations for any further getToken, but only once.\n /\n private prepareOnce(): Promise<void> \| undefined {\n if (this.preparePromise) {\n return this.preparePromise;\n }\n this.preparePromise = this.prepare();\n return this.preparePromise;\n }\n\n /\n Returns the token found by searching VSCode's authentication cache or\n * returns null if no token could be found.\n \n @param scopes - The list of scopes for which the token will have access.\n * @param options - The options used to configure any requests this\n * `TokenCredential` implementation might make.\n /\n public async getToken(\n scopes: string \| string[],\n _options?: GetTokenOptions\n ): Promise<AccessToken \| null> {\n await this.prepareOnce();\n if (!keytar) {\n throw new CredentialUnavailable(\n \"Visual Studio Code credential requires the optional dependency 'keytar' to work correctly\"\n );\n }\n\n let scopeString = typeof scopes === \"string\" ? scopes : scopes.join(\" \");\n\n // Check to make sure the scope we get back is a valid scope\n if (!scopeString.match(/^[0-9a-zA-Z-.:/]+$/)) {\n const error = new Error(\"Invalid scope was specified by the user or calling client\");\n logger.getToken.info(formatError(scopes, error));\n throw error;\n }\n\n if (scopeString.indexOf(\"offline_access\") < 0) {\n scopeString += \" offline_access\";\n }\n\n // findCredentials returns an array similar to:\n // [\n // {\n // account: \"\",\n // password: \"\",\n // },\n // / ... /\n // ]\n const credentials = await keytar.findCredentials(VSCodeUserName);\n\n // If we can't find the credential based on the name, we'll pick the first one available.\n const { password } =\n credentials.find((cred: { account: string }) => cred.account === this.cloudName) \|\|\n credentials[0] \|\|\n {};\n\n // Assuming we found something, the refresh token is the \"password\" property.\n const refreshToken = password;\n\n if (refreshToken) {\n const tokenResponse = await this.identityClient.refreshAccessToken(\n this.tenantId,\n AzureAccountClientId,\n scopeString,\n refreshToken,\n undefined\n );\n\n if (tokenResponse) {\n logger.getToken.info(formatSuccess(scopes));\n return tokenResponse.accessToken;\n } else {\n const error = new CredentialUnavailable(\n \"Could not retrieve the token associated with Visual Studio Code. Have you connected using the 'Azure Account' extension recently?\"\n );\n logger.getToken.info(formatError(scopes, error));\n throw error;\n }\n } else {\n const error = new CredentialUnavailable(\n \"Could not retrieve the token associated with Visual Studio Code. Did you connect using the 'Azure Account' extension?\"\n );\n logger.getToken.info(formatError(scopes, error));\n throw error;\n }\n }\n}\n","// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT license.\n\nimport { TokenCredentialOptions } from \"../client/identityClient\";\nimport { ChainedTokenCredential } from \"./chainedTokenCredential\";\nimport { EnvironmentCredential } from \"./environmentCredential\";\nimport { ManagedIdentityCredential } from \"./managedIdentityCredential\";\nimport { AzureCliCredential } from \"./azureCliCredential\";\nimport { VisualStudioCodeCredential } from \"./visualStudioCodeCredential\";\n\n/\n Provides options to configure the default Azure credentials.\n /\nexport interface DefaultAzureCredentialOptions extends TokenCredentialOptions {\n /\n Optionally pass in a Tenant ID to be used as part of the credential\n /\n tenantId?: string;\n /\n Optionally pass in a user assigned client ID for the ManagedIdentityCredential\n /\n managedIdentityClientId?: string;\n}\n\n/\n Provides a default {@link ChainedTokenCredential} configuration for\n * applications that will be deployed to Azure. The following credential\n * types will be tried, in order:\n \n - {@link EnvironmentCredential}\n * - {@link ManagedIdentityCredential}\n \n Consult the documentation of these credential types for more information\n * on how they attempt authentication.\n /\nexport class DefaultAzureCredential extends ChainedTokenCredential {\n /\n Creates an instance of the DefaultAzureCredential class.\n \n @param options - Options for configuring the client which makes the authentication request.\n /\n constructor(tokenCredentialOptions?: DefaultAzureCredentialOptions) {\n const credentials = [];\n credentials.push(new EnvironmentCredential(tokenCredentialOptions));\n\n // In case a user assigned ID has been provided.\n const managedIdentityClientId =\n tokenCredentialOptions?.managedIdentityClientId \|\| process.env.AZURE_CLIENT_ID;\n\n if (managedIdentityClientId) {\n credentials.push(\n new ManagedIdentityCredential(managedIdentityClientId, tokenCredentialOptions)\n );\n } else {\n // If the user didn't provide an ID, we'll try with a system assigned ID.\n credentials.push(new ManagedIdentityCredential(tokenCredentialOptions));\n }\n\n credentials.push(new AzureCliCredential());\n credentials.push(new VisualStudioCodeCredential(tokenCredentialOptions));\n\n super(...credentials);\n this.UnavailableMessage =\n \"DefaultAzureCredential => failed to retrieve a token from the included credentials\";\n }\n}\n","// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT license.\n\nimport { CredentialUnavailable } from \"./errors\";\nimport {\n PublicClientApplication,\n Configuration,\n AuthorizationCodeRequest,\n AuthenticationResult,\n DeviceCodeRequest,\n ConfidentialClientApplication,\n ClientCredentialRequest,\n NetworkRequestOptions,\n NetworkResponse,\n INetworkModule\n} from \"@azure/msal-node\";\nimport axios, { AxiosRequestConfig } from \"axios\";\n\nimport { IdentityClient, TokenCredentialOptions } from \"./identityClient\";\nimport { AccessToken } from \"@azure/core-auth\";\nimport { credentialLogger } from \"../util/logging\";\nimport { NodeAuthOptions } from \"@azure/msal-node/dist/config/Configuration\";\n\nconst logger = credentialLogger(\"InteractiveBrowserCredential\");\n\n/\n The record to use to find the cached tokens in the cache\n /\nexport interface AuthenticationRecord {\n /\n The associated authority, if used\n /\n authority?: string;\n\n /\n The home account Id\n /\n homeAccountId: string;\n\n /\n The login environment, eg \"login.windows.net\"\n /\n environment: string;\n\n /\n The associated tenant ID\n /\n tenantId: string;\n\n /\n Local, tenant-specific account identifer for this account object, usually used in legacy cases\n /\n localAccountId: string;\n\n /\n The username of the logged in account\n /\n username: string;\n}\n\nexport class AuthenticationRequired extends CredentialUnavailable {}\n\nexport class MsalClient {\n private persistenceEnabled: boolean;\n private authenticationRecord: AuthenticationRecord \| undefined;\n private identityClient: IdentityClient;\n private pca: PublicClientApplication \| undefined;\n private cca: ConfidentialClientApplication \| undefined;\n private msalConfig: NodeAuthOptions;\n\n constructor(\n msalConfig: NodeAuthOptions,\n persistenceEnabled: boolean,\n authenticationRecord?: AuthenticationRecord,\n options?: TokenCredentialOptions\n ) {\n this.identityClient = new IdentityClient(options);\n this.msalConfig = msalConfig;\n this.persistenceEnabled = persistenceEnabled;\n this.authenticationRecord = authenticationRecord;\n }\n\n async prepareClientApplications(): Promise<void> {\n // If we've already initialized the public client application, return\n if (this.pca) {\n return;\n }\n\n // Construct the public client application, since it hasn't been initialized, yet\n const clientConfig: Configuration = {\n auth: this.msalConfig,\n cache: undefined,\n system: { networkClient: this.identityClient }\n };\n\n this.pca = new PublicClientApplication(clientConfig);\n }\n\n async acquireTokenFromCache(scopes: string[]): Promise<AccessToken \| null> {\n await this.prepareClientApplications();\n\n if (!this.persistenceEnabled \|\| !this.authenticationRecord) {\n throw new AuthenticationRequired();\n }\n\n const silentRequest = {\n account: this.authenticationRecord!,\n scopes\n };\n\n try {\n const response = await this.pca!.acquireTokenSilent(silentRequest);\n logger.info(\"Successful silent token acquisition\");\n if (response && response.expiresOn) {\n return {\n expiresOnTimestamp: response.expiresOn.getTime(),\n token: response.accessToken\n };\n } else {\n throw new AuthenticationRequired(\"Could not authenticate silently using the cache\");\n }\n } catch (e) {\n throw new AuthenticationRequired(\"Could not authenticate silently using the cache\");\n }\n }\n\n async getAuthCodeUrl(request: { scopes: string[]; redirectUri: string }): Promise<string> {\n await this.prepareClientApplications();\n\n return this.pca!.getAuthCodeUrl(request);\n }\n\n async acquireTokenByCode(\n request: AuthorizationCodeRequest\n ): Promise<AuthenticationResult \| null> {\n await this.prepareClientApplications();\n\n return this.pca!.acquireTokenByCode(request);\n }\n\n async acquireTokenByDeviceCode(request: DeviceCodeRequest): Promise<AuthenticationResult \| null> {\n await this.prepareClientApplications();\n\n return this.pca!.acquireTokenByDeviceCode(request);\n }\n\n async acquireTokenByClientCredential(\n request: ClientCredentialRequest\n ): Promise<AuthenticationResult \| null> {\n await this.prepareClientApplications();\n\n return this.cca!.acquireTokenByClientCredential(request);\n }\n}\n\nexport enum HttpMethod {\n GET = \"get\",\n POST = \"post\"\n}\n/\n This class implements the API for network requests.\n /\nexport class HttpClient implements INetworkModule {\n /\n Http Get request\n * @param url -\n * @param options -\n /\n async sendGetRequestAsync<T>(\n url: string,\n options?: NetworkRequestOptions\n ): Promise<NetworkResponse<T>> {\n const request: AxiosRequestConfig = {\n method: HttpMethod.GET,\n url: url,\n headers: options && options.headers,\n validateStatus: () => true\n };\n\n const response = await axios(request);\n const out = {\n headers: response.headers,\n body: response.data as T,\n status: response.status\n };\n return out;\n }\n\n /\n Http Post request\n * @param url -\n * @param options -\n /\n async sendPostRequestAsync<T>(\n url: string,\n options?: NetworkRequestOptions\n ): Promise<NetworkResponse<T>> {\n const request: AxiosRequestConfig = {\n method: HttpMethod.POST,\n url: url,\n data: (options && options.body) \|\| \"\",\n headers: options && options.headers,\n validateStatus: () => true\n };\n\n const response = await axios(request);\n const out = {\n headers: response.headers,\n body: response.data as T,\n status: response.status\n };\n\n return out;\n }\n}\n","// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT license.\n\n/ eslint-disable @typescript-eslint/no-unused-vars /\n\nimport { TokenCredential, GetTokenOptions, AccessToken } from \"@azure/core-auth\";\nimport { InteractiveBrowserCredentialOptions } from \"./interactiveBrowserCredentialOptions\";\nimport { credentialLogger, formatError, formatSuccess } from \"../util/logging\";\nimport { DefaultTenantId, DeveloperSignOnClientId } from \"../constants\";\nimport { Socket } from \"net\";\nimport { AuthenticationRequired, MsalClient } from \"../client/msalClient\";\nimport { AuthorizationCodeRequest } from \"@azure/msal-node\";\n\nimport open from \"open\";\nimport http from \"http\";\nimport stoppable from \"stoppable\";\n\nimport { checkTenantId } from \"../util/checkTenantId\";\n\nconst logger = credentialLogger(\"InteractiveBrowserCredential\");\n\n/\n Enables authentication to Azure Active Directory inside of the web browser\n * using the interactive login flow, either via browser redirects or a popup\n * window. This credential is not currently supported in Node.js.\n /\nexport class InteractiveBrowserCredential implements TokenCredential {\n private redirectUri: string;\n private port: number;\n private hostname: string;\n private msalClient: MsalClient;\n\n constructor(options?: InteractiveBrowserCredentialOptions) {\n const tenantId = (options && options.tenantId) \|\| DefaultTenantId;\n const clientId = (options && options.clientId) \|\| DeveloperSignOnClientId;\n\n checkTenantId(logger, tenantId);\n\n // const persistenceEnabled = options?.persistenceEnabled ? options?.persistenceEnabled : false;\n // const authenticationRecord = options?.authenticationRecord;\n\n if (options && options.redirectUri) {\n if (typeof options.redirectUri === \"string\") {\n this.redirectUri = options.redirectUri;\n } else {\n this.redirectUri = options.redirectUri();\n }\n } else {\n this.redirectUri = \"http://localhost\";\n }\n\n const url = new URL(this.redirectUri);\n this.port = parseInt(url.port);\n if (isNaN(this.port)) {\n this.port = 80;\n }\n\n this.hostname = url.hostname;\n\n let authorityHost;\n if (options && options.authorityHost) {\n if (options.authorityHost.endsWith(\"/\")) {\n authorityHost = options.authorityHost + tenantId;\n } else {\n authorityHost = options.authorityHost + \"/\" + tenantId;\n }\n } else {\n authorityHost = \"https://login.microsoftonline.com/\" + tenantId;\n }\n\n this.msalClient = new MsalClient(\n {\n clientId,\n authority: authorityHost,\n knownAuthorities: tenantId === \"adfs\" ? (authorityHost ? [authorityHost] : []) : []\n },\n false,\n undefined,\n options\n );\n }\n\n /\n Authenticates with Azure Active Directory and returns an access token if\n * successful. If authentication cannot be performed at this time, this method may\n * return null. If an error occurs during authentication, an {@link AuthenticationError}\n * containing failure details will be thrown.\n \n @param scopes - The list of scopes for which the token will have access.\n * @param options - The options used to configure any requests this\n * TokenCredential implementation might make.\n /\n public getToken(\n scopes: string \| string[],\n _options?: GetTokenOptions\n ): Promise<AccessToken \| null> {\n const scopeArray = typeof scopes === \"object\" ? scopes : [scopes];\n\n return this.msalClient.acquireTokenFromCache(scopeArray).catch((e) => {\n if (e instanceof AuthenticationRequired) {\n return this.acquireTokenFromBrowser(scopeArray);\n } else {\n logger.getToken.info(formatError(scopes, e));\n throw e;\n }\n });\n }\n\n private async openAuthCodeUrl(scopeArray: string[]): Promise<void> {\n const authCodeUrlParameters = {\n scopes: scopeArray,\n redirectUri: this.redirectUri\n };\n\n const response = await this.msalClient.getAuthCodeUrl(authCodeUrlParameters);\n await open(response);\n }\n\n private acquireTokenFromBrowser(scopeArray: string[]): Promise<AccessToken \| null> {\n return new Promise<AccessToken \| null>((resolve, reject) => {\n const socketToDestroy: Socket[] = [];\n\n const requestListener = (req: http.IncomingMessage, res: http.ServerResponse) => {\n if (!req.url) {\n reject(\n new Error(\n `Interactive Browser Authentication Error \"Did not receive token with a valid expiration\"`\n )\n );\n return;\n }\n let url: URL;\n try {\n url = new URL(req.url, this.redirectUri);\n } catch (e) {\n reject(\n new Error(\n `Interactive Browser Authentication Error \"Did not receive token with a valid expiration\"`\n )\n );\n return;\n }\n const tokenRequest: AuthorizationCodeRequest = {\n code: url.searchParams.get(\"code\")!,\n redirectUri: this.redirectUri,\n scopes: scopeArray\n };\n\n this.msalClient\n .acquireTokenByCode(tokenRequest)\n .then((authResponse) => {\n const successMessage = `Authentication Complete. You can close the browser and return to the application.`;\n if (authResponse && authResponse.expiresOn) {\n const expiresOnTimestamp = authResponse?.expiresOn.valueOf();\n res.writeHead(200);\n res.end(successMessage);\n logger.getToken.info(formatSuccess(scopeArray));\n\n resolve({\n expiresOnTimestamp,\n token: authResponse.accessToken\n });\n } else {\n const errorMessage = formatError(\n scopeArray,\n `${url.searchParams.get(\"error\")}. ${url.searchParams.get(\"error_description\")}`\n );\n res.writeHead(500);\n res.end(errorMessage);\n logger.getToken.info(errorMessage);\n\n reject(\n new Error(\n `Interactive Browser Authentication Error \"Did not receive token with a valid expiration\"`\n )\n );\n }\n cleanup();\n return;\n })\n .catch(() => {\n const errorMessage = formatError(\n scopeArray,\n `${url.searchParams.get(\"error\")}. ${url.searchParams.get(\"error_description\")}`\n );\n res.writeHead(500);\n res.end(errorMessage);\n logger.getToken.info(errorMessage);\n\n reject(\n new Error(\n `Interactive Browser Authentication Error \"Did not receive token with a valid expiration\"`\n )\n );\n cleanup();\n });\n };\n const app = http.createServer(requestListener);\n\n const listen = app.listen(this.port, this.hostname, () =>\n logger.info(`InteractiveBrowerCredential listening on port ${this.port}!`)\n );\n app.on(\"connection\", (socket) => socketToDestroy.push(socket));\n const server = stoppable(app);\n\n this.openAuthCodeUrl(scopeArray).catch((e) => {\n cleanup();\n reject(e);\n });\n\n function cleanup(): void {\n if (listen) {\n listen.close();\n }\n\n for (const socket of socketToDestroy) {\n socket.destroy();\n }\n\n if (server) {\n server.close();\n server.stop();\n }\n }\n });\n }\n}\n","// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT license.\nimport { AccessToken, TokenCredential, GetTokenOptions } from \"@azure/core-auth\";\nimport { AuthenticationRequired, MsalClient } from \"../client/msalClient\";\nimport { createSpan } from \"../util/tracing\";\nimport { credentialLogger, formatError, formatSuccess } from \"../util/logging\";\nimport { SpanStatusCode } from \"@azure/core-tracing\";\nimport { TokenCredentialOptions } from \"../client/identityClient\";\n\nimport { DeviceCodeRequest } from \"@azure/msal-node\";\nimport { checkTenantId } from \"../util/checkTenantId\";\nimport { DeveloperSignOnClientId } from \"../constants\";\n\n/\n Provides the user code and verification URI where the code must be\n * entered. Also provides a message to display to the user which\n * contains an instruction with these details.\n /\nexport interface DeviceCodeInfo {\n /\n The device code that the user must enter into the verification page.\n /\n userCode: string;\n\n /\n The verification URI to which the user must navigate to enter the device\n * code.\n /\n verificationUri: string;\n\n /\n A message that may be shown to the user to instruct them on how to enter\n * the device code in the page specified by the verification URI.\n /\n message: string;\n}\n\n/\n Defines the signature of a callback which will be passed to\n * DeviceCodeCredential for the purpose of displaying authentication\n * details to the user.\n /\nexport type DeviceCodePromptCallback = (deviceCodeInfo: DeviceCodeInfo) => void;\n\nconst logger = credentialLogger(\"DeviceCodeCredential\");\n\n/\n Method that logs the user code from the DeviceCodeCredential.\n * @param deviceCodeInfo - The device code.\n /\nexport function defaultDeviceCodePromptCallback(deviceCodeInfo: DeviceCodeInfo): void {\n console.log(deviceCodeInfo.message);\n}\n\n/\n Enables authentication to Azure Active Directory using a device code\n * that the user can enter into https://microsoft.com/devicelogin.\n /\nexport class DeviceCodeCredential implements TokenCredential {\n private userPromptCallback: DeviceCodePromptCallback;\n private msalClient: MsalClient;\n\n /\n Creates an instance of DeviceCodeCredential with the details needed\n * to initiate the device code authorization flow with Azure Active Directory.\n \n @param tenantId - The Azure Active Directory tenant (directory) ID or name.\n * The default value is 'organizations'.\n * 'organizations' may be used when dealing with multi-tenant scenarios.\n * @param clientId - The client (application) ID of an App Registration in the tenant.\n * By default we will try to use the Azure CLI's client ID to authenticate.\n * @param userPromptCallback - A callback function that will be invoked to show\n {@link DeviceCodeInfo} to the user. If left unassigned, we will automatically log the device code information and the authentication instructions in the console.\n * @param options - Options for configuring the client which makes the authentication request.\n /\n constructor(\n tenantId: string = \"organizations\",\n clientId: string = DeveloperSignOnClientId,\n userPromptCallback: DeviceCodePromptCallback = defaultDeviceCodePromptCallback,\n options?: TokenCredentialOptions\n ) {\n checkTenantId(logger, tenantId);\n\n this.userPromptCallback = userPromptCallback;\n\n let authorityHost;\n if (options && options.authorityHost) {\n if (options.authorityHost.endsWith(\"/\")) {\n authorityHost = options.authorityHost + tenantId;\n } else {\n authorityHost = options.authorityHost + \"/\" + tenantId;\n }\n } else {\n authorityHost = \"https://login.microsoftonline.com/\" + tenantId;\n }\n\n this.msalClient = new MsalClient(\n { clientId: clientId, authority: authorityHost },\n false,\n undefined,\n options\n );\n }\n\n /\n Authenticates with Azure Active Directory and returns an access token if\n * successful. If authentication cannot be performed at this time, this method may\n * return null. If an error occurs during authentication, an {@link AuthenticationError}\n * containing failure details will be thrown.\n \n @param scopes - The list of scopes for which the token will have access.\n * @param options - The options used to configure any requests this\n * TokenCredential implementation might make.\n /\n async getToken(\n scopes: string \| string[],\n options?: GetTokenOptions\n ): Promise<AccessToken \| null> {\n const { span } = createSpan(\"DeviceCodeCredential-getToken\", options);\n\n const scopeArray = typeof scopes === \"object\" ? scopes : [scopes];\n\n const deviceCodeRequest = {\n deviceCodeCallback: this.userPromptCallback,\n scopes: scopeArray\n };\n\n logger.info(`DeviceCodeCredential invoked. Scopes: ${scopeArray.join(\", \")}`);\n\n return this.msalClient.acquireTokenFromCache(scopeArray).catch(async (e) => {\n if (e instanceof AuthenticationRequired) {\n try {\n const token = await this.acquireTokenByDeviceCode(deviceCodeRequest, scopeArray);\n logger.getToken.info(formatSuccess(scopeArray));\n return token;\n } catch (err) {\n span.setStatus({\n code: SpanStatusCode.ERROR,\n message: err.message\n });\n logger.getToken.info(formatError(scopeArray, err));\n throw err;\n } finally {\n span.end();\n }\n } else {\n throw e;\n }\n });\n }\n\n private async acquireTokenByDeviceCode(\n deviceCodeRequest: DeviceCodeRequest,\n scopes: string[]\n ): Promise<AccessToken \| null> {\n try {\n const deviceResponse = await this.msalClient.acquireTokenByDeviceCode(deviceCodeRequest);\n if (deviceResponse && deviceResponse.expiresOn) {\n const expiresOnTimestamp = deviceResponse.expiresOn.getTime();\n logger.getToken.info(formatSuccess(scopes));\n return {\n expiresOnTimestamp,\n token: deviceResponse.accessToken\n };\n } else {\n throw new Error(\"Did not receive token with a valid expiration\");\n }\n } catch (error) {\n throw new Error(`Device Authentication Error \"${JSON.stringify(error)}\"`);\n }\n }\n}\n","// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT license.\n\nimport qs from \"qs\";\nimport { createSpan } from \"../util/tracing\";\nimport { TokenCredential, GetTokenOptions, AccessToken } from \"@azure/core-auth\";\nimport { createPipelineRequest, createHttpHeaders } from \"@azure/core-rest-pipeline\";\nimport { IdentityClient, TokenResponse, TokenCredentialOptions } from \"../client/identityClient\";\nimport { SpanStatusCode } from \"@azure/core-tracing\";\nimport { credentialLogger, formatSuccess, formatError } from \"../util/logging\";\nimport { getIdentityTokenEndpointSuffix } from \"../util/identityTokenEndpoint\";\nimport { checkTenantId } from \"../util/checkTenantId\";\n\nconst logger = credentialLogger(\"AuthorizationCodeCredential\");\n\n/\n Enables authentication to Azure Active Directory using an authorization code\n * that was obtained through the authorization code flow, described in more detail\n * in the Azure Active Directory documentation:\n \n https://docs.microsoft.com/en-us/azure/active-directory/develop/v2-oauth2-auth-code-flow\n /\nexport class AuthorizationCodeCredential implements TokenCredential {\n private identityClient: IdentityClient;\n private tenantId: string;\n private clientId: string;\n private clientSecret: string \| undefined;\n private authorizationCode: string;\n private redirectUri: string;\n private lastTokenResponse: TokenResponse \| null = null;\n\n /\n Creates an instance of CodeFlowCredential with the details needed\n * to request an access token using an authentication that was obtained\n * from Azure Active Directory.\n \n It is currently necessary for the user of this credential to initiate\n * the authorization code flow to obtain an authorization code to be used\n * with this credential. A full example of this flow is provided here:\n \n https://github.com/Azure/azure-sdk-for-js/blob/master/sdk/identity/identity/samples/manual/authorizationCodeSample.ts\n \n @param tenantId - The Azure Active Directory tenant (directory) ID or name.\n * 'common' may be used when dealing with multi-tenant scenarios.\n * @param clientId - The client (application) ID of an App Registration in the tenant.\n * @param clientSecret - A client secret that was generated for the App Registration\n * @param authorizationCode - An authorization code that was received from following the\n authorization code flow. This authorization code must not\n have already been used to obtain an access token.\n * @param redirectUri - The redirect URI that was used to request the authorization code.\n Must be the same URI that is configured for the App Registration.\n * @param options - Options for configuring the client which makes the access token request.\n /\n constructor(\n tenantId: string \| \"common\",\n clientId: string,\n clientSecret: string,\n authorizationCode: string,\n redirectUri: string,\n options?: TokenCredentialOptions\n );\n /\n Creates an instance of CodeFlowCredential with the details needed\n * to request an access token using an authentication that was obtained\n * from Azure Active Directory.\n \n It is currently necessary for the user of this credential to initiate\n * the authorization code flow to obtain an authorization code to be used\n * with this credential. A full example of this flow is provided here:\n \n https://github.com/Azure/azure-sdk-for-js/blob/master/sdk/identity/identity/samples/manual/authorizationCodeSample.ts\n \n @param tenantId - The Azure Active Directory tenant (directory) ID or name.\n * 'common' may be used when dealing with multi-tenant scenarios.\n * @param clientId - The client (application) ID of an App Registration in the tenant.\n * @param authorizationCode - An authorization code that was received from following the\n authorization code flow. This authorization code must not\n have already been used to obtain an access token.\n * @param redirectUri - The redirect URI that was used to request the authorization code.\n Must be the same URI that is configured for the App Registration.\n * @param options - Options for configuring the client which makes the access token request.\n /\n constructor(\n tenantId: string \| \"common\",\n clientId: string,\n authorizationCode: string,\n redirectUri: string,\n options?: TokenCredentialOptions\n );\n /\n @hidden\n * @internal\n /\n constructor(\n tenantId: string \| \"common\",\n clientId: string,\n clientSecretOrAuthorizationCode: string,\n authorizationCodeOrRedirectUri: string,\n redirectUriOrOptions: string \| TokenCredentialOptions \| undefined,\n options?: TokenCredentialOptions\n ) {\n checkTenantId(logger, tenantId);\n\n this.clientId = clientId;\n this.tenantId = tenantId;\n\n if (typeof redirectUriOrOptions === \"string\") {\n // the clientId+clientSecret constructor\n this.clientSecret = clientSecretOrAuthorizationCode;\n this.authorizationCode = authorizationCodeOrRedirectUri;\n this.redirectUri = redirectUriOrOptions;\n // options okay\n } else {\n // clientId only\n this.clientSecret = undefined;\n this.authorizationCode = clientSecretOrAuthorizationCode;\n this.redirectUri = authorizationCodeOrRedirectUri as string;\n options = redirectUriOrOptions as TokenCredentialOptions;\n }\n\n this.identityClient = new IdentityClient(options);\n }\n\n /\n Authenticates with Azure Active Directory and returns an access token if\n * successful. If authentication cannot be performed at this time, this method may\n * return null. If an error occurs during authentication, an {@link AuthenticationError}\n * containing failure details will be thrown.\n \n @param scopes - The list of scopes for which the token will have access.\n * @param options - The options used to configure any requests this\n * TokenCredential implementation might make.\n /\n public async getToken(\n scopes: string \| string[],\n options?: GetTokenOptions\n ): Promise<AccessToken \| null> {\n const { span, updatedOptions: newOptions } = createSpan(\n \"AuthorizationCodeCredential-getToken\",\n options\n );\n try {\n let tokenResponse: TokenResponse \| null = null;\n let scopeString = typeof scopes === \"string\" ? scopes : scopes.join(\" \");\n if (scopeString.indexOf(\"offline_access\") < 0) {\n scopeString += \" offline_access\";\n }\n\n // Try to use the refresh token first\n if (this.lastTokenResponse && this.lastTokenResponse.refreshToken) {\n tokenResponse = await this.identityClient.refreshAccessToken(\n this.tenantId,\n this.clientId,\n scopeString,\n this.lastTokenResponse.refreshToken,\n this.clientSecret,\n undefined,\n newOptions\n );\n }\n\n if (tokenResponse === null) {\n const urlSuffix = getIdentityTokenEndpointSuffix(this.tenantId);\n const webResource = createPipelineRequest({\n url: `${this.identityClient.authorityHost}/${this.tenantId}/${urlSuffix}`,\n method: \"POST\",\n body: qs.stringify({\n client_id: this.clientId,\n grant_type: \"authorization_code\",\n scope: scopeString,\n code: this.authorizationCode,\n redirect_uri: this.redirectUri,\n client_secret: this.clientSecret\n }),\n headers: createHttpHeaders({\n Accept: \"application/json\",\n \"Content-Type\": \"application/x-www-form-urlencoded\"\n }),\n abortSignal: options && options.abortSignal,\n tracingOptions: {\n spanOptions: newOptions.tracingOptions && newOptions.tracingOptions.spanOptions,\n tracingContext: newOptions.tracingOptions && newOptions.tracingOptions.tracingContext\n }\n });\n\n tokenResponse = await this.identityClient.sendTokenRequest(webResource);\n }\n\n this.lastTokenResponse = tokenResponse;\n logger.getToken.info(formatSuccess(scopes));\n return (tokenResponse && tokenResponse.accessToken) \|\| null;\n } catch (err) {\n span.setStatus({\n code: SpanStatusCode.ERROR,\n message: err.message\n });\n logger.getToken.info(formatError(scopes, err));\n throw err;\n } finally {\n span.end();\n }\n }\n}\n","// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT license.\n\nimport { TokenCredential } from \"@azure/core-auth\";\nimport { DefaultAzureCredential } from \"./credentials/defaultAzureCredential\";\n\nexport { ChainedTokenCredential } from \"./credentials/chainedTokenCredential\";\nexport { TokenCredentialOptions } from \"./client/identityClient\";\nexport { EnvironmentCredential } from \"./credentials/environmentCredential\";\nexport { ClientSecretCredential } from \"./credentials/clientSecretCredential\";\nexport { ClientCertificateCredential } from \"./credentials/clientCertificateCredential\";\nexport { ClientCertificateCredentialOptions } from \"./credentials/clientCertificateCredentialOptions\";\nexport { InteractiveBrowserCredential } from \"./credentials/interactiveBrowserCredential\";\nexport {\n VisualStudioCodeCredential,\n VisualStudioCodeCredentialOptions\n} from \"./credentials/visualStudioCodeCredential\";\nexport { AzureCliCredential } from \"./credentials/azureCliCredential\";\n\nexport { AuthenticationRecord } from \"./client/msalClient\";\nexport {\n InteractiveBrowserCredentialOptions,\n BrowserLoginStyle\n} from \"./credentials/interactiveBrowserCredentialOptions\";\nexport { ManagedIdentityCredential } from \"./credentials/managedIdentityCredential\";\nexport {\n DeviceCodeCredential,\n DeviceCodePromptCallback,\n DeviceCodeInfo\n} from \"./credentials/deviceCodeCredential\";\n\nexport {\n DefaultAzureCredential,\n DefaultAzureCredentialOptions\n} from \"./credentials/defaultAzureCredential\";\nexport { UsernamePasswordCredential } from \"./credentials/usernamePasswordCredential\";\nexport { AuthorizationCodeCredential } from \"./credentials/authorizationCodeCredential\";\nexport {\n AuthenticationError,\n ErrorResponse,\n AggregateAuthenticationError,\n AuthenticationErrorName,\n AggregateAuthenticationErrorName,\n CredentialUnavailable\n} from \"./client/errors\";\n\nexport { TokenCredential, GetTokenOptions, AccessToken } from \"@azure/core-auth\";\nexport { logger } from \"./util/logging\";\n\nexport { AzureAuthorityHosts } from \"./constants\";\n\n/\n Returns a new instance of the {@link DefaultAzureCredential}.\n */\nexport function getDefaultAzureCredential(): TokenCredential {\n return new DefaultAzureCredential();\n}\n"],"names":["createSpanFunction","createClientLogger","logger","SpanStatusCode","AzureAuthorityHosts","ServiceClient","createPipelineRequest","createHttpHeaders","readFileSync","createHash","uuidV4","expiresInParser","prepareRequestOptions","RestError","readFile","child_process.exec","fs","PublicClientApplication"],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;AAAA;AACA;AAuDA,SAAS,eAAe,CAAC,aAAkB;IACzC,QACE,aAAa;QACb,OAAO,aAAa,CAAC,KAAK,KAAK,QAAQ;QACvC,OAAO,aAAa,CAAC,iBAAiB,KAAK,QAAQ,EACnD;AACJ,CAAC;AAED;;;;;MAKa,qBAAsB,SAAQ,KAAK;CAAG;AAEnD;;;MAGa,uBAAuB,GAAG,sBAAsB;AAE7D;;;;;MAKa,mBAAoB,SAAQ,KAAK;;IAY5C,YAAY,UAAkB,EAAE,SAA6C;QAC3E,IAAI,aAAa,GAAkB;YACjC,KAAK,EAAE,SAAS;YAChB,gBAAgB,EAAE,oEAAoE;SACvF,CAAC;QAEF,IAAI,eAAe,CAAC,SAAS,CAAC,EAAE;YAC9B,aAAa,GAAG,wCAAwC,CAAC,SAAS,CAAC,CAAC;SACrE;aAAM,IAAI,OAAO,SAAS,KAAK,QAAQ,EAAE;YACxC,IAAI;;;gBAGF,MAAM,kBAAkB,GAAuB,IAAI,CAAC,KAAK,CAAC,SAAS,CAAC,CAAC;gBACrE,aAAa,GAAG,wCAAwC,CAAC,kBAAkB,CAAC,CAAC;aAC9E;YAAC,OAAO,CAAC,EAAE;gBACV,IAAI,UAAU,KAAK,GAAG,EAAE;oBACtB,aAAa,GAAG;wBACd,KAAK,EAAE,qBAAqB;wBAC5B,gBAAgB,EAAE,4CAA4C;qBAC/D,CAAC;iBACH;qBAAM;oBACL,aAAa,GAAG;wBACd,KAAK,EAAE,eAAe;wBACtB,gBAAgB,EAAE,oDAAoD,SAAS,EAAE;qBAClF,CAAC;iBACH;aACF;SACF;aAAM;YACL,aAAa,GAAG;gBACd,KAAK,EAAE,eAAe;gBACtB,gBAAgB,EAAE,oEAAoE;aACvF,CAAC;SACH;QAED,KAAK,CACH,GAAG,aAAa,CAAC,KAAK,gBAAgB,UAAU,sBAAsB,aAAa,CAAC,gBAAgB,EAAE,CACvG,CAAC;QACF,IAAI,CAAC,UAAU,GAAG,UAAU,CAAC;QAC7B,IAAI,CAAC,aAAa,GAAG,aAAa,CAAC;;QAGnC,IAAI,CAAC,IAAI,GAAG,uBAAuB,CAAC;KACrC;CACF;AAED;;;MAGa,gCAAgC,GAAG,+BAA+B;AAE/E;;;;MAIa,4BAA6B,SAAQ,KAAK;IAOrD,YAAY,MAAa,EAAE,YAAqB;QAC9C,MAAM,WAAW,GAAG,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QACtC,KAAK,CAAC,GAAG,YAAY,OAAO,WAAW,EAAE,CAAC,CAAC;QAC3C,IAAI,CAAC,MAAM,GAAG,MAAM,CAAC;;QAGrB,IAAI,CAAC,IAAI,GAAG,gCAAgC,CAAC;KAC9C;CACF;AAED,SAAS,wCAAwC,CAAC,SAA6B;IAC7E,OAAO;QACL,KAAK,EAAE,SAAS,CAAC,KAAK;QACtB,gBAAgB,EAAE,SAAS,CAAC,iBAAiB;QAC7C,aAAa,EAAE,SAAS,CAAC,cAAc;QACvC,UAAU,EAAE,SAAS,CAAC,WAAW;QACjC,SAAS,EAAE,SAAS,CAAC,SAAS;QAC9B,OAAO,EAAE,SAAS,CAAC,QAAQ;KAC5B,CAAC;AACJ;;AC7KA;AACA,AAIA;;;;AAIA,AAAO,MAAM,UAAU,GAAGA,8BAAkB,CAAC;IAC3C,aAAa,EAAE,gBAAgB;IAC/B,SAAS,EAAE,eAAe;CAC3B,CAAC,CAAC;;ACZH;AACA,AAIA;;;AAGA,MAAa,MAAM,GAAGC,2BAAkB,CAAC,UAAU,CAAC,CAAC;AAOrD;;;;AAIA,SAAgB,cAAc,CAAC,gBAA0B;IACvD,OAAO,gBAAgB,CAAC,MAAM,CAC5B,CAAC,GAA2B,EAAE,WAAmB;QAC/C,IAAI,OAAO,CAAC,GAAG,CAAC,WAAW,CAAC,EAAE;YAC5B,GAAG,CAAC,QAAQ,CAAC,IAAI,CAAC,WAAW,CAAC,CAAC;SAChC;aAAM;YACL,GAAG,CAAC,OAAO,CAAC,IAAI,CAAC,WAAW,CAAC,CAAC;SAC/B;QACD,OAAO,GAAG,CAAC;KACZ,EACD,EAAE,OAAO,EAAE,EAAE,EAAE,QAAQ,EAAE,EAAE,EAAE,CAC9B,CAAC;AACJ,CAAC;AAED,AAaA;;;AAGA,SAAgB,aAAa,CAAC,KAAwB;IACpD,OAAO,oBAAoB,KAAK,CAAC,OAAO,CAAC,KAAK,CAAC,GAAG,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG,KAAK,GAAG,CAAC;AAChF,CAAC;AAED;;;AAGA,SAAgB,WAAW,CAAC,KAAoC,EAAE,KAAqB;IACrF,IAAI,OAAO,GAAG,QAAQ,CAAC;IACvB,IAAI,KAAK,aAAL,KAAK,uBAAL,KAAK,CAAE,MAAM,EAAE;QACjB,OAAO,IAAI,YAAY,KAAK,CAAC,OAAO,CAAC,KAAK,CAAC,GAAG,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG,KAAK,GAAG,CAAC;KAC3E;IACD,OAAO,GAAG,OAAO,mBAAmB,OAAO,KAAK,KAAK,QAAQ,GAAG,KAAK,GAAG,KAAK,CAAC,OAAO,GAAG,CAAC;AAC3F,CAAC;AAkBD;;;;;;;;AAQA,SAAgB,wBAAwB,CACtC,KAAa,EACb,MAAiC,EACjC,MAAmB,MAAM;IAEzB,MAAM,SAAS,GAAG,MAAM,GAAG,GAAG,MAAM,CAAC,SAAS,IAAI,KAAK,EAAE,GAAG,KAAK,CAAC;IAElE,SAAS,IAAI,CAAC,OAAe;QAC3B,GAAG,CAAC,IAAI,CAAC,GAAG,SAAS,KAAK,EAAE,OAAO,CAAC,CAAC;KACtC;IAED,OAAO;QACL,KAAK;QACL,SAAS;QACT,IAAI;KACL,CAAC;AACJ,CAAC;AAUD;;;;;;;;;;AAUA,SAAgB,gBAAgB,CAAC,KAAa,EAAE,MAAmB,MAAM;IACvE,MAAM,UAAU,GAAG,wBAAwB,CAAC,KAAK,EAAE,SAAS,EAAE,GAAG,CAAC,CAAC;IACnE,uCACK,UAAU,KACb,QAAQ,EAAE,wBAAwB,CAAC,eAAe,EAAE,UAAU,EAAE,GAAG,CAAC,IACpE;AACJ,CAAC;;AClID;AACA,AAQA,MAAMC,QAAM,GAAG,gBAAgB,CAAC,wBAAwB,CAAC,CAAC;AAE1D;;;;AAIA,MAAa,sBAAsB;;;;;;;;;;;;;IAqBjC,YAAY,GAAG,OAA0B;;;;QAjB/B,uBAAkB,GAC1B,oFAAoF,CAAC;QAE/E,aAAQ,GAAsB,EAAE,CAAC;QAevC,IAAI,CAAC,QAAQ,GAAG,OAAO,CAAC;KACzB;;;;;;;;;;;;;;IAeK,QAAQ,CACZ,MAAyB,EACzB,OAAyB;;YAEzB,IAAI,KAAK,GAAG,IAAI,CAAC;YACjB,MAAM,MAAM,GAAG,EAAE,CAAC;YAElB,MAAM,EAAE,IAAI,EAAE,cAAc,EAAE,UAAU,EAAE,GAAG,UAAU,CACrD,iCAAiC,EACjC,OAAO,CACR,CAAC;YAEF,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,IAAI,CAAC,QAAQ,CAAC,MAAM,IAAI,KAAK,KAAK,IAAI,EAAE,CAAC,EAAE,EAAE;gBAC/D,IAAI;oBACF,KAAK,GAAG,MAAM,IAAI,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,QAAQ,CAAC,MAAM,EAAE,UAAU,CAAC,CAAC;iBAC7D;gBAAC,OAAO,GAAG,EAAE;oBACZ,IAAI,GAAG,YAAY,qBAAqB,EAAE;wBACxC,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;qBAClB;yBAAM;wBACLA,QAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,WAAW,CAAC,MAAM,EAAE,GAAG,CAAC,CAAC,CAAC;wBAC/C,MAAM,GAAG,CAAC;qBACX;iBACF;aACF;YAED,IAAI,CAAC,KAAK,IAAI,MAAM,CAAC,MAAM,GAAG,CAAC,EAAE;gBAC/B,MAAM,GAAG,GAAG,IAAI,4BAA4B,CAAC,MAAM,CAAC,CAAC;gBACrD,IAAI,CAAC,SAAS,CAAC;oBACb,IAAI,EAAEC,0BAAc,CAAC,KAAK;oBAC1B,OAAO,EAAE,GAAG,CAAC,OAAO;iBACrB,CAAC,CAAC;gBACHD,QAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,WAAW,CAAC,MAAM,EAAE,GAAG,CAAC,CAAC,CAAC;gBAC/C,MAAM,GAAG,CAAC;aACX;YAED,IAAI,CAAC,GAAG,EAAE,CAAC;YAEXA,QAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,aAAa,CAAC,MAAM,CAAC,CAAC,CAAC;YAC5C,OAAO,KAAK,CAAC;SACd;KAAA;CACF;;AC7FD;AACA;AAEA,SAAgB,8BAA8B,CAAC,QAAgB;IAC7D,IAAI,QAAQ,KAAK,MAAM,EAAE;QACvB,OAAO,cAAc,CAAC;KACvB;SAAM;QACL,OAAO,mBAAmB,CAAC;KAC5B;AACH,CAAC;;ACTD;AACA;AAEA;;;;AAIA;AACA;AACA;AACA,AAAO,MAAM,uBAAuB,GAAG,sCAAsC,CAAC;AAE9E;;;;AAIA,AAAO,MAAM,eAAe,GAAG,QAAQ,CAAC;AAExC,AAGA,WAAY,mBAAmB;;;;IAI7B,oEAA6C,CAAA;;;;IAI7C,wEAAiD,CAAA;;;;IAIjD,2EAAoD,CAAA;;;;IAIpD,6EAAsD,CAAA;AACxD,CAAC,EAjBWE,2BAAmB,KAAnBA,2BAAmB,QAiB9B;AAED;;;;AAIA,AAAO,MAAM,oBAAoB,GAAGA,2BAAmB,CAAC,gBAAgB,CAAC;;AC5CzE;AACA,AAoBA;;;;AAIA,SAAS,KAAK,CAAI,KAAgC;IAChD,IAAI,CAAC,KAAK,EAAE;QACV,OAAO,EAAO,CAAC;KAChB;IACD,IAAI;QACF,OAAO,IAAI,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC;KAC1B;IAAC,OAAO,CAAC,EAAE;QACV,OAAO,EAAO,CAAC;KAChB;AACH,CAAC;AAkBD;;;AAGA,SAAgB,8BAA8B,CAAC,OAAgC;;IAE7E,IAAI,aAAa,GAAG,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,aAAa,CAAC;;IAG3C,AAAY;QACV,aAAa,GAAG,aAAa,aAAb,aAAa,cAAb,aAAa,GAAI,OAAO,CAAC,GAAG,CAAC,oBAAoB,CAAC;KACnE;;IAGD,OAAO,aAAa,aAAb,aAAa,cAAb,aAAa,GAAI,oBAAoB,CAAC;AAC/C,CAAC;AAED;;;;;;;AAOA,MAAa,cAAe,SAAQC,wBAAa;IAG/C,YAAY,OAAgC;;QAC1C,MAAM,cAAc,GAAG,yBAAyB,CAAC;QACjD,MAAM,eAAe,GAAG,OAAA,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,gBAAgB,0CAAE,eAAe,IAC9D,GAAG,OAAO,CAAC,gBAAgB,CAAC,eAAe,IAAI,cAAc,EAAE;cAC/D,GAAG,cAAc,EAAE,CAAC;QAExB,MAAM,OAAO,GAAG,8BAA8B,CAAC,OAAO,CAAC,CAAC;QACxD,IAAI,CAAC,OAAO,CAAC,UAAU,CAAC,QAAQ,CAAC,EAAE;YACjC,MAAM,IAAI,KAAK,CAAC,0DAA0D,CAAC,CAAC;SAC7E;QAED,KAAK,+BACH,kBAAkB,EAAE,iCAAiC,IAClD,OAAO,KACV,gBAAgB,EAAE;gBAChB,eAAe;aAChB,EACD,OAAO,IACP,CAAC;QAEH,IAAI,CAAC,aAAa,GAAG,OAAO,CAAC;KAC9B;IAEK,gBAAgB,CACpB,OAAwB,EACxB,eAA+C;;;YAE/C,MAAM,CAAC,IAAI,CAAC,6CAA6C,OAAO,CAAC,GAAG,GAAG,CAAC,CAAC;YACzE,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,WAAW,CAAC,OAAO,CAAC,CAAC;YAEjD,eAAe;gBACb,eAAe;qBACd,CAAC,YAAiB;wBACjB,OAAO,IAAI,CAAC,GAAG,EAAE,GAAG,YAAY,CAAC,UAAU,GAAG,IAAI,CAAC;qBACpD,CAAC,CAAC;YAEL,IAAI,QAAQ,CAAC,UAAU,KAAK,QAAQ,CAAC,MAAM,KAAK,GAAG,IAAI,QAAQ,CAAC,MAAM,KAAK,GAAG,CAAC,EAAE;gBAC/E,MAAM,UAAU,GAAG,KAAK,CAIrB,QAAQ,CAAC,UAAU,CAAC,CAAC;gBAExB,MAAM,KAAK,GAAG;oBACZ,WAAW,EAAE;wBACX,KAAK,QAAE,UAAU,CAAC,KAAK,mCAAI,UAAU,CAAC,YAAa;wBACnD,kBAAkB,EAAE,eAAe,CAAC,UAAU,CAAC;qBAChD;oBACD,YAAY,EAAE,UAAU,CAAC,aAAa;iBACvC,CAAC;gBAEF,MAAM,CAAC,IAAI,CACT,oBAAoB,OAAO,CAAC,GAAG,gCAAgC,KAAK,CAAC,WAAW,CAAC,kBAAkB,EAAE,CACtG,CAAC;gBACF,OAAO,KAAK,CAAC;aACd;iBAAM;gBACL,MAAM,KAAK,GAAG,IAAI,mBAAmB,CAAC,QAAQ,CAAC,MAAM,EAAE,QAAQ,CAAC,UAAU,CAAC,CAAC;gBAC5E,MAAM,CAAC,OAAO,CACZ,sDAAsD,QAAQ,CAAC,MAAM,KAAK,KAAK,CAAC,aAAa,CAAC,gBAAgB,EAAE,CACjH,CAAC;gBACF,MAAM,KAAK,CAAC;aACb;;KACF;IAEK,kBAAkB,CACtB,QAAgB,EAChB,QAAgB,EAChB,MAAc,EACd,YAAgC,EAChC,YAAgC,EAChC,eAA+C,EAC/C,OAAyB;;;YAEzB,IAAI,YAAY,KAAK,SAAS,EAAE;gBAC9B,OAAO,IAAI,CAAC;aACb;YACD,MAAM,CAAC,IAAI,CACT,2DAA2D,QAAQ,aAAa,MAAM,UAAU,CACjG,CAAC;YAEF,MAAM,EAAE,IAAI,EAAE,cAAc,EAAE,GAAG,UAAU,CAAC,mCAAmC,EAAE,OAAO,CAAC,CAAC;YAE1F,MAAM,aAAa,GAAG;gBACpB,UAAU,EAAE,eAAe;gBAC3B,SAAS,EAAE,QAAQ;gBACnB,aAAa,EAAE,YAAY;gBAC3B,KAAK,EAAE,MAAM;aACd,CAAC;YAEF,IAAI,YAAY,KAAK,SAAS,EAAE;gBAC7B,aAAqB,CAAC,aAAa,GAAG,YAAY,CAAC;aACrD;YAED,IAAI;gBACF,MAAM,SAAS,GAAG,8BAA8B,CAAC,QAAQ,CAAC,CAAC;gBAC3D,MAAM,WAAW,GAAGC,sCAAqB,CAAC;oBACxC,GAAG,EAAE,GAAG,IAAI,CAAC,aAAa,IAAI,QAAQ,IAAI,SAAS,EAAE;oBACrD,MAAM,EAAE,MAAM;oBACd,IAAI,EAAE,EAAE,CAAC,SAAS,CAAC,aAAa,CAAC;oBACjC,WAAW,EAAE,OAAO,IAAI,OAAO,CAAC,WAAW;oBAC3C,OAAO,EAAEC,kCAAiB,CAAC;wBACzB,MAAM,EAAE,kBAAkB;wBAC1B,cAAc,EAAE,mCAAmC;qBACpD,CAAC;oBACF,cAAc,EAAE;wBACd,WAAW,QAAE,cAAc,aAAd,cAAc,uBAAd,cAAc,CAAE,cAAc,0CAAE,WAAW;wBACxD,cAAc,QAAE,cAAc,aAAd,cAAc,uBAAd,cAAc,CAAE,cAAc,0CAAE,cAAc;qBAC/D;iBACF,CAAC,CAAC;gBAEH,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,gBAAgB,CAAC,WAAW,EAAE,eAAe,CAAC,CAAC;gBAC3E,MAAM,CAAC,IAAI,CAAC,kDAAkD,QAAQ,EAAE,CAAC,CAAC;gBAC1E,OAAO,QAAQ,CAAC;aACjB;YAAC,OAAO,GAAG,EAAE;gBACZ,IACE,GAAG,CAAC,IAAI,KAAK,uBAAuB;oBACpC,GAAG,CAAC,aAAa,CAAC,KAAK,KAAK,sBAAsB,EAClD;;;;oBAIA,MAAM,CAAC,IAAI,CAAC,uDAAuD,QAAQ,EAAE,CAAC,CAAC;oBAC/E,IAAI,CAAC,SAAS,CAAC;wBACb,IAAI,EAAEJ,0BAAc,CAAC,KAAK;wBAC1B,OAAO,EAAE,GAAG,CAAC,OAAO;qBACrB,CAAC,CAAC;oBAEH,OAAO,IAAI,CAAC;iBACb;qBAAM;oBACL,MAAM,CAAC,OAAO,CACZ,0DAA0D,QAAQ,KAAK,GAAG,EAAE,CAC7E,CAAC;oBACF,IAAI,CAAC,SAAS,CAAC;wBACb,IAAI,EAAEA,0BAAc,CAAC,KAAK;wBAC1B,OAAO,EAAE,GAAG,CAAC,OAAO;qBACrB,CAAC,CAAC;oBACH,MAAM,GAAG,CAAC;iBACX;aACF;oBAAS;gBACR,IAAI,CAAC,GAAG,EAAE,CAAC;aACZ;;KACF;;IAGK,mBAAmB,CACvB,GAAW,EACX,OAA+B;;YAE/B,MAAM,OAAO,GAAGG,sCAAqB,CAAC;gBACpC,GAAG;gBACH,MAAM,EAAE,KAAK;gBACb,IAAI,EAAE,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,IAAI;gBACnB,OAAO,EAAEC,kCAAiB,CAAC,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,OAAO,CAAC;aAC7C,CAAC,CAAC;YAEH,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,WAAW,CAAC,OAAO,CAAC,CAAC;YACjD,OAAO;gBACL,IAAI,EAAE,KAAK,CAAI,QAAQ,CAAC,UAAU,CAAC;gBACnC,OAAO,EAAE,QAAQ,CAAC,OAAO,CAAC,MAAM,EAAE;gBAClC,MAAM,EAAE,QAAQ,CAAC,MAAM;aACxB,CAAC;SACH;KAAA;IAEK,oBAAoB,CACxB,GAAW,EACX,OAA+B;;YAE/B,MAAM,OAAO,GAAGD,sCAAqB,CAAC;gBACpC,GAAG;gBACH,MAAM,EAAE,MAAM;gBACd,IAAI,EAAE,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,IAAI;gBACnB,OAAO,EAAEC,kCAAiB,CAAC,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,OAAO,CAAC;aAC7C,CAAC,CAAC;YAEH,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,WAAW,CAAC,OAAO,CAAC,CAAC;YACjD,OAAO;gBACL,IAAI,EAAE,KAAK,CAAI,QAAQ,CAAC,UAAU,CAAC;gBACnC,OAAO,EAAE,QAAQ,CAAC,OAAO,CAAC,MAAM,EAAE;gBAClC,MAAM,EAAE,QAAQ,CAAC,MAAM;aACxB,CAAC;SACH;KAAA;CACF;;ACnQD;AACA,AAWA,MAAML,QAAM,GAAG,gBAAgB,CAAC,wBAAwB,CAAC,CAAC;AAE1D;;;;;;;;AAQA,MAAa,sBAAsB;;;;;;;;;;;IAgBjC,YACE,QAAgB,EAChB,QAAgB,EAChB,YAAoB,EACpB,OAAgC;QAEhC,IAAI,CAAC,cAAc,GAAG,IAAI,cAAc,CAAC,OAAO,CAAC,CAAC;QAClD,IAAI,CAAC,QAAQ,GAAG,QAAQ,CAAC;QACzB,IAAI,CAAC,QAAQ,GAAG,QAAQ,CAAC;QACzB,IAAI,CAAC,YAAY,GAAG,YAAY,CAAC;KAClC;;;;;;;;;;;IAYY,QAAQ,CACnB,MAAyB,EACzB,OAAyB;;YAEzB,MAAM,EAAE,IAAI,EAAE,cAAc,EAAE,GAAG,UAAU,CAAC,iCAAiC,EAAE,OAAO,CAAC,CAAC;YACxF,IAAI;gBACF,MAAM,SAAS,GAAG,8BAA8B,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;gBAChE,MAAM,OAAO,GAAGI,sCAAqB,CAAC;oBACpC,GAAG,EAAE,GAAG,IAAI,CAAC,cAAc,CAAC,aAAa,IAAI,IAAI,CAAC,QAAQ,IAAI,SAAS,EAAE;oBACzE,MAAM,EAAE,MAAM;oBACd,IAAI,EAAE,EAAE,CAAC,SAAS,CAAC;wBACjB,aAAa,EAAE,OAAO;wBACtB,UAAU,EAAE,oBAAoB;wBAChC,SAAS,EAAE,IAAI,CAAC,QAAQ;wBACxB,aAAa,EAAE,IAAI,CAAC,YAAY;wBAChC,KAAK,EAAE,OAAO,MAAM,KAAK,QAAQ,GAAG,MAAM,GAAG,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC;qBAC9D,CAAC;oBACF,OAAO,EAAEC,kCAAiB,CAAC;wBACzB,MAAM,EAAE,kBAAkB;wBAC1B,cAAc,EAAE,mCAAmC;qBACpD,CAAC;oBACF,WAAW,EAAE,OAAO,IAAI,OAAO,CAAC,WAAW;oBAC3C,cAAc,EAAE;wBACd,WAAW,EAAE,cAAc,CAAC,cAAc,IAAI,cAAc,CAAC,cAAc,CAAC,WAAW;wBACvF,cAAc,EACZ,cAAc,CAAC,cAAc,IAAI,cAAc,CAAC,cAAc,CAAC,cAAc;qBAChF;iBACF,CAAC,CAAC;gBAEH,MAAM,aAAa,GAAG,MAAM,IAAI,CAAC,cAAc,CAAC,gBAAgB,CAAC,OAAO,CAAC,CAAC;gBAC1EL,QAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,aAAa,CAAC,MAAM,CAAC,CAAC,CAAC;gBAC5C,OAAO,CAAC,aAAa,IAAI,aAAa,CAAC,WAAW,KAAK,IAAI,CAAC;aAC7D;YAAC,OAAO,GAAG,EAAE;gBACZ,IAAI,CAAC,SAAS,CAAC;oBACb,IAAI,EAAEC,0BAAc,CAAC,KAAK;oBAC1B,OAAO,EAAE,GAAG,CAAC,OAAO;iBACrB,CAAC,CAAC;gBACHD,QAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,WAAW,CAAC,MAAM,EAAE,GAAG,CAAC,CAAC,CAAC;gBAC/C,MAAM,GAAG,CAAC;aACX;oBAAS;gBACR,IAAI,CAAC,GAAG,EAAE,CAAC;aACZ;SACF;KAAA;CACF;;ACvGD;AACA,SAIgB,aAAa,CAAC,MAAwB,EAAE,QAAgB;IACtE,IAAI,CAAC,QAAQ,CAAC,KAAK,CAAC,oBAAoB,CAAC,EAAE;QACzC,MAAM,KAAK,GAAG,IAAI,KAAK,CACrB,2KAA2K,CAC5K,CAAC;QACF,MAAM,CAAC,IAAI,CAAC,WAAW,CAAC,EAAE,EAAE,KAAK,CAAC,CAAC,CAAC;QACpC,MAAM,KAAK,CAAC;KACb;AACH,CAAC;;ACbD;AACA,AAiBA,MAAM,yBAAyB,GAAG,EAAE,CAAC;AAErC,SAAS,kBAAkB,CAAC,IAAU;IACpC,OAAO,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,OAAO,EAAE,GAAG,IAAI,CAAC,CAAC;AAC3C,CAAC;AAED,SAAS,UAAU,CAAC,IAAU,EAAE,OAAe;IAC7C,IAAI,CAAC,UAAU,CAAC,IAAI,CAAC,UAAU,EAAE,GAAG,OAAO,CAAC,CAAC;IAC7C,OAAO,IAAI,CAAC;AACd,CAAC;AAED,MAAMA,QAAM,GAAG,gBAAgB,CAAC,6BAA6B,CAAC,CAAC;AAE/D;;;;;;;;AAQA,MAAa,2BAA2B;;;;;;;;;;IAkBtC,YACE,QAAgB,EAChB,QAAgB,EAChB,eAAuB,EACvB,OAA4C;QAE5C,aAAa,CAACA,QAAM,EAAE,QAAQ,CAAC,CAAC;QAEhC,IAAI,CAAC,cAAc,GAAG,IAAI,cAAc,CAAC,OAAO,CAAC,CAAC;QAClD,IAAI,CAAC,QAAQ,GAAG,QAAQ,CAAC;QACzB,IAAI,CAAC,QAAQ,GAAG,QAAQ,CAAC;QACzB,IAAI,CAAC,iBAAiB,GAAGM,eAAY,CAAC,eAAe,EAAE,MAAM,CAAC,CAAC;QAE/D,MAAM,kBAAkB,GAAG,+FAA+F,CAAC;QAE3H,MAAM,UAAU,GAAa,EAAE,CAAC;;QAGhC,IAAI,KAAK,CAAC;QACV,GAAG;YACD,KAAK,GAAG,kBAAkB,CAAC,IAAI,CAAC,IAAI,CAAC,iBAAiB,CAAC,CAAC;YACxD,IAAI,KAAK,EAAE;gBACT,UAAU,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC;aAC3B;SACF,QAAQ,KAAK,EAAE;QAEhB,IAAI,UAAU,CAAC,MAAM,KAAK,CAAC,EAAE;YAC3B,MAAM,KAAK,GAAG,IAAI,KAAK,CACrB,4EAA4E,CAC7E,CAAC;YACFN,QAAM,CAAC,IAAI,CAAC,WAAW,CAAC,EAAE,EAAE,KAAK,CAAC,CAAC,CAAC;YACpC,MAAM,KAAK,CAAC;SACb;QAED,IAAI,CAAC,qBAAqB,GAAGO,iBAAU,CAAC,MAAM,CAAC;aAC5C,MAAM,CAAC,MAAM,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC,CAAC,EAAE,QAAQ,CAAC,CAAC;aAC5C,MAAM,CAAC,KAAK,CAAC;aACb,WAAW,EAAE,CAAC;QAEjB,IAAI,CAAC,cAAc,GAAG,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,qBAAqB,EAAE,KAAK,CAAC,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC;QACxF,IAAI,OAAO,IAAI,OAAO,CAAC,oBAAoB,EAAE;YAC3C,IAAI,CAAC,cAAc,GAAG,UAAU,CAAC;SAClC;KACF;;;;;;;;;;;IAYY,QAAQ,CACnB,MAAyB,EACzB,OAAyB;;YAEzB,MAAM,EAAE,IAAI,EAAE,cAAc,EAAE,UAAU,EAAE,GAAG,UAAU,CACrD,sCAAsC,EACtC,OAAO,CACR,CAAC;YACF,IAAI;gBACF,MAAM,OAAO,GAAGC,OAAM,EAAE,CAAC;gBACzB,MAAM,SAAS,GAAG,8BAA8B,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;gBAChE,MAAM,WAAW,GAAG,GAAG,IAAI,CAAC,cAAc,CAAC,aAAa,IAAI,IAAI,CAAC,QAAQ,IAAI,SAAS,EAAE,CAAC;gBACzF,IAAI,MAAkB,CAAC;gBAEvB,IAAI,IAAI,CAAC,cAAc,EAAE;oBACvB,MAAM,GAAG;wBACP,GAAG,EAAE,KAAK;wBACV,GAAG,EAAE,OAAO;wBACZ,GAAG,EAAE,IAAI,CAAC,cAAc;wBACxB,GAAG,EAAE,IAAI,CAAC,cAAc;qBACzB,CAAC;iBACH;qBAAM;oBACL,MAAM,GAAG;wBACP,GAAG,EAAE,KAAK;wBACV,GAAG,EAAE,OAAO;wBACZ,GAAG,EAAE,IAAI,CAAC,cAAc;qBACzB,CAAC;iBACH;gBAED,MAAM,OAAO,GAAG;oBACd,GAAG,EAAE,IAAI,CAAC,QAAQ;oBAClB,GAAG,EAAE,IAAI,CAAC,QAAQ;oBAClB,GAAG,EAAE,WAAW;oBAChB,GAAG,EAAE,OAAO;oBACZ,GAAG,EAAE,kBAAkB,CAAC,IAAI,IAAI,EAAE,CAAC;oBACnC,GAAG,EAAE,kBAAkB,CAAC,UAAU,CAAC,IAAI,IAAI,EAAE,EAAE,yBAAyB,CAAC,CAAC;iBAC3E,CAAC;gBAEF,MAAM,eAAe,GAAG,GAAG,CAAC,IAAI,CAAC;oBAC/B,MAAM;oBACN,OAAO;oBACP,MAAM,EAAE,IAAI,CAAC,iBAAiB;iBAC/B,CAAC,CAAC;gBAEH,MAAM,WAAW,GAAGJ,sCAAqB,CAAC;oBACxC,GAAG,EAAE,WAAW;oBAChB,MAAM,EAAE,MAAM;oBACd,IAAI,EAAE,EAAE,CAAC,SAAS,CAAC;wBACjB,aAAa,EAAE,OAAO;wBACtB,UAAU,EAAE,oBAAoB;wBAChC,SAAS,EAAE,IAAI,CAAC,QAAQ;wBACxB,qBAAqB,EAAE,wDAAwD;wBAC/E,gBAAgB,EAAE,eAAe;wBACjC,KAAK,EAAE,OAAO,MAAM,KAAK,QAAQ,GAAG,MAAM,GAAG,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC;qBAC9D,CAAC;oBACF,OAAO,EAAEC,kCAAiB,CAAC;wBACzB,MAAM,EAAE,kBAAkB;wBAC1B,cAAc,EAAE,mCAAmC;qBACpD,CAAC;oBACF,WAAW,EAAE,OAAO,IAAI,OAAO,CAAC,WAAW;oBAC3C,cAAc,EAAE;wBACd,WAAW,EAAE,UAAU,CAAC,cAAc,IAAI,UAAU,CAAC,cAAc,CAAC,WAAW;wBAC/E,cAAc,EAAE,UAAU,CAAC,cAAc,IAAI,UAAU,CAAC,cAAc,CAAC,cAAc;qBACtF;iBACF,CAAC,CAAC;gBAEH,MAAM,aAAa,GAAG,MAAM,IAAI,CAAC,cAAc,CAAC,gBAAgB,CAAC,WAAW,CAAC,CAAC;gBAC9EL,QAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,aAAa,CAAC,MAAM,CAAC,CAAC,CAAC;gBAC5C,OAAO,CAAC,aAAa,IAAI,aAAa,CAAC,WAAW,KAAK,IAAI,CAAC;aAC7D;YAAC,OAAO,GAAG,EAAE;gBACZ,IAAI,CAAC,SAAS,CAAC;oBACb,IAAI,EAAEC,0BAAc,CAAC,KAAK;oBAC1B,OAAO,EAAE,GAAG,CAAC,OAAO;iBACrB,CAAC,CAAC;gBACHD,QAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,WAAW,CAAC,EAAE,EAAE,GAAG,CAAC,CAAC,CAAC;gBAC3C,MAAM,GAAG,CAAC;aACX;oBAAS;gBACR,IAAI,CAAC,GAAG,EAAE,CAAC;aACZ;SACF;KAAA;CACF;;AChMD;AACA,AAYA,MAAMA,QAAM,GAAG,gBAAgB,CAAC,4BAA4B,CAAC,CAAC;AAE9D;;;;;;AAMA,MAAa,0BAA0B;;;;;;;;;;;;IAkBrC,YACE,cAAsB,EACtB,QAAgB,EAChB,QAAgB,EAChB,QAAgB,EAChB,OAAgC;QAEhC,aAAa,CAACA,QAAM,EAAE,cAAc,CAAC,CAAC;QAEtC,IAAI,CAAC,cAAc,GAAG,IAAI,cAAc,CAAC,OAAO,CAAC,CAAC;QAClD,IAAI,CAAC,QAAQ,GAAG,cAAc,CAAC;QAC/B,IAAI,CAAC,QAAQ,GAAG,QAAQ,CAAC;QACzB,IAAI,CAAC,QAAQ,GAAG,QAAQ,CAAC;QACzB,IAAI,CAAC,QAAQ,GAAG,QAAQ,CAAC;KAC1B;;;;;;;;;;;IAYY,QAAQ,CACnB,MAAyB,EACzB,OAAyB;;YAEzB,MAAM,EAAE,IAAI,EAAE,cAAc,EAAE,UAAU,EAAE,GAAG,UAAU,CACrD,qCAAqC,EACrC,OAAO,CACR,CAAC;YACF,IAAI;gBACF,MAAM,SAAS,GAAG,8BAA8B,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;gBAChE,MAAM,WAAW,GAAGI,sCAAqB,CAAC;oBACxC,GAAG,EAAE,GAAG,IAAI,CAAC,cAAc,CAAC,aAAa,IAAI,IAAI,CAAC,QAAQ,IAAI,SAAS,EAAE;oBACzE,MAAM,EAAE,MAAM;oBACd,IAAI,EAAE,EAAE,CAAC,SAAS,CAAC;wBACjB,aAAa,EAAE,OAAO;wBACtB,UAAU,EAAE,UAAU;wBACtB,SAAS,EAAE,IAAI,CAAC,QAAQ;wBACxB,QAAQ,EAAE,IAAI,CAAC,QAAQ;wBACvB,QAAQ,EAAE,IAAI,CAAC,QAAQ;wBACvB,KAAK,EAAE,OAAO,MAAM,KAAK,QAAQ,GAAG,MAAM,GAAG,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC;qBAC9D,CAAC;oBACF,OAAO,EAAEC,kCAAiB,CAAC;wBACzB,MAAM,EAAE,kBAAkB;wBAC1B,cAAc,EAAE,mCAAmC;qBACpD,CAAC;oBACF,WAAW,EAAE,OAAO,IAAI,OAAO,CAAC,WAAW;oBAC3C,cAAc,EAAE;wBACd,WAAW,EAAE,UAAU,CAAC,cAAc,IAAI,UAAU,CAAC,cAAc,CAAC,WAAW;wBAC/E,cAAc,EAAE,UAAU,CAAC,cAAc,IAAI,UAAU,CAAC,cAAc,CAAC,cAAc;qBACtF;iBACF,CAAC,CAAC;gBAEH,MAAM,aAAa,GAAG,MAAM,IAAI,CAAC,cAAc,CAAC,gBAAgB,CAAC,WAAW,CAAC,CAAC;gBAC9EL,QAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,aAAa,CAAC,MAAM,CAAC,CAAC,CAAC;gBAC5C,OAAO,CAAC,aAAa,IAAI,aAAa,CAAC,WAAW,KAAK,IAAI,CAAC;aAC7D;YAAC,OAAO,GAAG,EAAE;gBACZ,IAAI,CAAC,SAAS,CAAC;oBACb,IAAI,EAAEC,0BAAc,CAAC,KAAK;oBAC1B,OAAO,EAAE,GAAG,CAAC,OAAO;iBACrB,CAAC,CAAC;gBACHD,QAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,WAAW,CAAC,MAAM,EAAE,GAAG,CAAC,CAAC,CAAC;gBAC/C,MAAM,GAAG,CAAC;aACX;oBAAS;gBACR,IAAI,CAAC,GAAG,EAAE,CAAC;aACZ;SACF;KAAA;CACF;;AC/GD;AACA,AAaA;;;;;;;AAOA,AAAO,MAAM,gCAAgC,GAAG;IAC9C,iBAAiB;IACjB,iBAAiB;IACjB,qBAAqB;IACrB,+BAA+B;IAC/B,gBAAgB;IAChB,gBAAgB;CACjB,CAAC;AAEF,MAAMA,QAAM,GAAG,gBAAgB,CAAC,uBAAuB,CAAC,CAAC;AAEzD;;;;;;;;;;;;AAYA,MAAa,qBAAqB;;;;;;;;;IAUhC,YAAY,OAAgC;;QATpC,gBAAW,GAAqB,SAAS,CAAC;QAYhD,MAAM,QAAQ,GAAG,cAAc,CAAC,gCAAgC,CAAC,CAAC,QAAQ,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QACtFA,QAAM,CAAC,IAAI,CAAC,8CAA8C,QAAQ,EAAE,CAAC,CAAC;QAEtE,MAAM,QAAQ,GAAG,OAAO,CAAC,GAAG,CAAC,eAAe,EAC1C,QAAQ,GAAG,OAAO,CAAC,GAAG,CAAC,eAAe,EACtC,YAAY,GAAG,OAAO,CAAC,GAAG,CAAC,mBAAmB,CAAC;QAEjD,IAAI,QAAQ,EAAE;YACZ,aAAa,CAACA,QAAM,EAAE,QAAQ,CAAC,CAAC;SACjC;QAED,IAAI,QAAQ,IAAI,QAAQ,IAAI,YAAY,EAAE;YACxCA,QAAM,CAAC,IAAI,CACT,mDAAmD,QAAQ,eAAe,QAAQ,+BAA+B,CAClH,CAAC;YACF,IAAI,CAAC,WAAW,GAAG,IAAI,sBAAsB,CAAC,QAAQ,EAAE,QAAQ,EAAE,YAAY,EAAE,OAAO,CAAC,CAAC;YACzF,OAAO;SACR;QAED,MAAM,eAAe,GAAG,OAAO,CAAC,GAAG,CAAC,6BAA6B,CAAC;QAClE,IAAI,QAAQ,IAAI,QAAQ,IAAI,eAAe,EAAE;YAC3CA,QAAM,CAAC,IAAI,CACT,wDAAwD,QAAQ,eAAe,QAAQ,yBAAyB,eAAe,EAAE,CAClI,CAAC;YACF,IAAI,CAAC,WAAW,GAAG,IAAI,2BAA2B,CAChD,QAAQ,EACR,QAAQ,EACR,eAAe,EACf,OAAO,CACR,CAAC;YACF,OAAO;SACR;QAED,MAAM,QAAQ,GAAG,OAAO,CAAC,GAAG,CAAC,cAAc,CAAC;QAC5C,MAAM,QAAQ,GAAG,OAAO,CAAC,GAAG,CAAC,cAAc,CAAC;QAC5C,IAAI,QAAQ,IAAI,QAAQ,IAAI,QAAQ,IAAI,QAAQ,EAAE;YAChDA,QAAM,CAAC,IAAI,CACT,uDAAuD,QAAQ,eAAe,QAAQ,kBAAkB,QAAQ,EAAE,CACnH,CAAC;YACF,IAAI,CAAC,WAAW,GAAG,IAAI,0BAA0B,CAC/C,QAAQ,EACR,QAAQ,EACR,QAAQ,EACR,QAAQ,EACR,OAAO,CACR,CAAC;SACH;KACF;;;;;;;;;;;IAYK,QAAQ,CACZ,MAAyB,EACzB,OAAyB;;YAEzB,MAAM,EAAE,IAAI,EAAE,cAAc,EAAE,UAAU,EAAE,GAAG,UAAU,CACrD,gCAAgC,EAChC,OAAO,CACR,CAAC;YACF,IAAI,IAAI,CAAC,WAAW,EAAE;gBACpB,IAAI;oBACF,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,WAAW,CAAC,QAAQ,CAAC,MAAM,EAAE,UAAU,CAAC,CAAC;oBACnEA,QAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,aAAa,CAAC,MAAM,CAAC,CAAC,CAAC;oBAC5C,OAAO,MAAM,CAAC;iBACf;gBAAC,OAAO,GAAG,EAAE;oBACZ,IAAI,CAAC,SAAS,CAAC;wBACb,IAAI,EAAEC,0BAAc,CAAC,KAAK;wBAC1B,OAAO,EAAE,GAAG,CAAC,OAAO;qBACrB,CAAC,CAAC;oBACH,MAAM,mBAAmB,GAAG,IAAI,mBAAmB,CAAC,GAAG,EAAE;wBACvD,KAAK,EAAE,8CAA8C;wBACrD,iBAAiB,EAAE,GAAG,CAAC,OAAO;6BAC3B,QAAQ,EAAE;6BACV,KAAK,CAAC,eAAe,CAAC;6BACtB,IAAI,CAAC,EAAE,CAAC;qBACZ,CAAC,CAAC;oBACHD,QAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,WAAW,CAAC,MAAM,EAAE,mBAAmB,CAAC,CAAC,CAAC;oBAC/D,MAAM,mBAAmB,CAAC;iBAC3B;wBAAS;oBACR,IAAI,CAAC,GAAG,EAAE,CAAC;iBACZ;aACF;;;YAID,IAAI,CAAC,SAAS,CAAC,EAAE,IAAI,EAAEC,0BAAc,CAAC,KAAK,EAAE,CAAC,CAAC;YAC/C,IAAI,CAAC,GAAG,EAAE,CAAC;YACX,MAAM,KAAK,GAAG,IAAI,qBAAqB,CACrC,uFAAuF,CACxF,CAAC;YACFD,QAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,WAAW,CAAC,MAAM,EAAE,KAAK,CAAC,CAAC,CAAC;YACjD,MAAM,KAAK,CAAC;SACb;KAAA;CACF;;AC9JD;AACA;AAEA,AAAO,MAAM,kBAAkB,GAAG,WAAW,CAAC;AAE9C,AAAO,MAAM,QAAQ,GAAG,wBAAwB,CAAC;AACjD,AAAO,MAAM,gBAAgB,GAAG,iCAAiC,CAAC;AAClE,AAAO,MAAM,cAAc,GAAG,YAAY,CAAC;AAC3C,AAAO,MAAM,kBAAkB,GAAG,YAAY,CAAC;;ACR/C;AACA,SAQgB,mBAAmB,CAAC,MAAyB;IAC3D,IAAI,KAAK,GAAG,EAAE,CAAC;IACf,IAAI,KAAK,CAAC,OAAO,CAAC,MAAM,CAAC,EAAE;QACzB,IAAI,MAAM,CAAC,MAAM,KAAK,CAAC,EAAE;YACvB,MAAM,IAAI,KAAK,CACb,8EAA8E,CAC/E,CAAC;SACH;QAED,KAAK,GAAG,MAAM,CAAC,CAAC,CAAC,CAAC;KACnB;SAAM,IAAI,OAAO,MAAM,KAAK,QAAQ,EAAE;QACrC,KAAK,GAAG,MAAM,CAAC;KAChB;IAED,IAAI,CAAC,KAAK,CAAC,QAAQ,CAAC,kBAAkB,CAAC,EAAE;QACvC,OAAO,KAAK,CAAC;KACd;IAED,OAAO,KAAK,CAAC,MAAM,CAAC,CAAC,EAAE,KAAK,CAAC,WAAW,CAAC,kBAAkB,CAAC,CAAC,CAAC;AAChE,CAAC;AAED,SAAsB,kBAAkB,CACtC,cAA8B,EAC9B,cAAsC,EACtC,eAA+C,EAC/C,kBAAmC,EAAE;;QAErC,MAAM,OAAO,GAAGI,sCAAqB,+BACnC,WAAW,EAAE,eAAe,CAAC,WAAW,EACxC,cAAc,EAAE;gBACd,WAAW,EAAE,eAAe,CAAC,cAAc,IAAI,eAAe,CAAC,cAAc,CAAC,WAAW;gBACzF,cAAc,EACZ,eAAe,CAAC,cAAc,IAAI,eAAe,CAAC,cAAc,CAAC,cAAc;aAClF,IACE,cAAc,KACjB,uBAAuB,EAAE,IAAI,IAC7B,CAAC;QAEH,MAAM,aAAa,GAAG,MAAM,cAAc,CAAC,gBAAgB,CAAC,OAAO,EAAE,eAAe,CAAC,CAAC;QAEtF,OAAO,CAAC,aAAa,IAAI,aAAa,CAAC,WAAW,KAAK,IAAI,CAAC;KAC7D;CAAA;;AClDD;AACA,AAUA,MAAMJ,QAAM,GAAG,gBAAgB,CAAC,2CAA2C,CAAC,CAAC;AAE7E;AACA,MAAM,eAAe,GAAG,SAAS,CAAC;AAElC,SAAS,qBAAqB,CAAC,QAAgB,EAAE,QAAiB;IAChE,MAAM,IAAI,GAAQ;QAChB,QAAQ;KACT,CAAC;IAEF,IAAI,QAAQ,EAAE;QACZ,IAAI,CAAC,SAAS,GAAG,QAAQ,CAAC;KAC3B;IAED,OAAO;QACL,GAAG,EAAE,OAAO,CAAC,GAAG,CAAC,YAAa;QAC9B,MAAM,EAAE,MAAM;QACd,IAAI,EAAE,EAAE,CAAC,SAAS,CAAC,IAAI,CAAC;QACxB,OAAO,EAAEK,kCAAiB,CAAC;YACzB,MAAM,EAAE,kBAAkB;YAC1B,QAAQ,EAAE,MAAM;YAChB,cAAc,EAAE,mCAAmC;SACpD,CAAC;KACH,CAAC;AACJ,CAAC;AAED,AAAO,MAAM,aAAa,GAAQ;IAC1B,WAAW;;YACf,OAAO,OAAO,CAAC,OAAO,CAAC,GAAG,CAAC,YAAY,CAAC,CAAC;SAC1C;KAAA;IACK,QAAQ,CACZ,cAA8B,EAC9B,QAAgB,EAChB,QAAiB,EACjB,kBAAmC,EAAE;;YAErCL,QAAM,CAAC,IAAI,CACT,wEAAwE,OAAO,CAAC,GAAG,CAAC,YAAY,iEAAiE,CAClK,CAAC;YAEF,OAAO,kBAAkB,CACvB,cAAc,EACd,qBAAqB,CAAC,QAAQ,EAAE,QAAQ,CAAC,EACzC,eAAe,EACf,eAAe,CAChB,CAAC;SACH;KAAA;CACF,CAAC;;AC1DF;AACA,AAmBA,MAAMA,QAAM,GAAG,gBAAgB,CAAC,kCAAkC,CAAC,CAAC;AAEpE,SAASS,iBAAe,CAAC,WAAgB;IACvC,IAAI,WAAW,CAAC,UAAU,EAAE;;QAE1B,MAAM,OAAO,GAAG,CAAC,WAAW,CAAC,UAAU,GAAG,IAAI,CAAC;QAC/CT,QAAM,CAAC,IAAI,CAAC,0BAA0B,OAAO,qBAAqB,WAAW,CAAC,UAAU,GAAG,CAAC,CAAC;QAC7F,OAAO,OAAO,CAAC;KAChB;SAAM;;QAEL,MAAM,OAAO,GAAG,IAAI,CAAC,GAAG,EAAE,GAAG,WAAW,CAAC,UAAU,GAAG,IAAI,CAAC;QAC3DA,QAAM,CAAC,IAAI,CAAC,0BAA0B,OAAO,qBAAqB,WAAW,CAAC,UAAU,GAAG,CAAC,CAAC;QAC7F,OAAO,OAAO,CAAC;KAChB;AACH,CAAC;AAED,SAASU,uBAAqB,CAC5B,QAAiB,EACjB,QAAiB,EACjB,OAGC;;IAED,MAAM,eAAe,GAAQ;QAC3B,QAAQ;QACR,aAAa,EAAE,cAAc;KAC9B,CAAC;IAEF,IAAI,QAAQ,EAAE;QACZ,eAAe,CAAC,SAAS,GAAG,QAAQ,CAAC;KACtC;IAED,MAAM,GAAG,GAAG,IAAI,GAAG,CAAC,gBAAgB,QAAE,OAAO,CAAC,GAAG,CAAC,iCAAiC,mCAAI,QAAQ,CAAC,CAAC;IAEjG,MAAM,EAAE,SAAS,EAAE,kBAAkB,EAAE,GAAG,OAAO,IAAI,EAAE,CAAC;;;IAIxD,IAAI,KAAK,GAAG,EAAE,CAAC;IACf,IAAI,CAAC,SAAS,EAAE;QACd,KAAK,GAAG,IAAI,EAAE,CAAC,SAAS,CAAC,eAAe,CAAC,EAAE,CAAC;KAC7C;IAED,MAAM,aAAa,GAAmB;QACpC,MAAM,EAAE,kBAAkB;QAC1B,QAAQ,EAAE,MAAM;KACjB,CAAC;;IAEF,IAAI,kBAAkB,EAAE;QACtB,OAAO,aAAa,CAAC,QAAQ,CAAC;KAC/B;IAED,OAAO;QACL,GAAG,EAAE,GAAG,GAAG,GAAG,KAAK,EAAE;QACrB,MAAM,EAAE,KAAK;QACb,OAAO,EAAEL,kCAAiB,CAAC,aAAa,CAAC;KAC1C,CAAC;AACJ,CAAC;AAED,AAAO,MAAM,OAAO,GAAQ;IACpB,WAAW,CACf,cAA8B,EAC9B,QAAgB,EAChB,QAAiB,EACjB,eAAiC;;;;YAGjC,IAAI,OAAO,CAAC,GAAG,CAAC,iCAAiC,EAAE;gBACjD,OAAO,IAAI,CAAC;aACb;YAED,MAAM,EAAE,IAAI,EAAE,cAAc,EAAE,OAAO,EAAE,GAAG,UAAU,CAClD,4CAA4C,EAC5C,eAAe,CAChB,CAAC;YAEF,IAAI;;;;;gBAKF,MAAM,cAAc,GAAGK,uBAAqB,CAAC,QAAQ,EAAE,QAAQ,EAAE;oBAC/D,kBAAkB,EAAE,IAAI;oBACxB,SAAS,EAAE,IAAI;iBAChB,CAAC,CAAC;gBACH,cAAc,CAAC,cAAc,GAAG;oBAC9B,WAAW,EAAE,OAAO,CAAC,cAAc,IAAI,OAAO,CAAC,cAAc,CAAC,WAAW;oBACzE,cAAc,EAAE,OAAO,CAAC,cAAc,IAAI,OAAO,CAAC,cAAc,CAAC,cAAc;iBAChF,CAAC;gBACF,MAAM,OAAO,GAAGN,sCAAqB,CAAC,cAAc,CAAC,CAAC;gBAEtD,OAAO,CAAC,OAAO,eAAG,OAAO,CAAC,cAAc,0CAAE,OAAO,mCAAI,GAAG,CAAC;;gBAGzD,OAAO,CAAC,uBAAuB,GAAG,IAAI,CAAC;gBAEvC,IAAI;oBACFJ,QAAM,CAAC,IAAI,CAAC,uBAAuB,CAAC,CAAC;oBACrC,MAAM,cAAc,CAAC,WAAW,CAAC,OAAO,CAAC,CAAC;iBAC3C;gBAAC,OAAO,GAAG,EAAE;oBACZ,IACE,CAAC,GAAG,YAAYW,0BAAS,IAAI,GAAG,CAAC,IAAI,KAAKA,0BAAS,CAAC,kBAAkB;wBACtE,GAAG,CAAC,IAAI,KAAK,YAAY;wBACzB,GAAG,CAAC,IAAI,KAAK,cAAc;wBAC3B,GAAG,CAAC,IAAI,KAAK,WAAW;sBACxB;;;wBAGAX,QAAM,CAAC,IAAI,CAAC,2BAA2B,CAAC,CAAC;wBACzC,IAAI,CAAC,SAAS,CAAC;4BACb,IAAI,EAAEC,0BAAc,CAAC,KAAK;4BAC1B,OAAO,EAAE,GAAG,CAAC,OAAO;yBACrB,CAAC,CAAC;;wBAGH,OAAO,KAAK,CAAC;qBACd;iBACF;;gBAGDD,QAAM,CAAC,IAAI,CAAC,4BAA4B,CAAC,CAAC;;gBAG1C,OAAO,IAAI,CAAC;aACb;YAAC,OAAO,GAAG,EAAE;;;gBAGZA,QAAM,CAAC,IAAI,CAAC,8DAA8D,GAAG,CAAC,OAAO,EAAE,CAAC,CAAC;gBACzF,IAAI,CAAC,SAAS,CAAC;oBACb,IAAI,EAAEC,0BAAc,CAAC,KAAK;oBAC1B,OAAO,EAAE,GAAG,CAAC,OAAO;iBACrB,CAAC,CAAC;gBACH,MAAM,GAAG,CAAC;aACX;oBAAS;gBACR,IAAI,CAAC,GAAG,EAAE,CAAC;aACZ;;KACF;IACK,QAAQ,CACZ,cAA8B,EAC9B,QAAgB,EAChB,QAAiB,EACjB,kBAAmC,EAAE;;YAErCD,QAAM,CAAC,IAAI,CACT,6EAA6E,OAAO,CAAC,GAAG,CAAC,YAAY,iEAAiE,CACvK,CAAC;YAEF,OAAO,kBAAkB,CACvB,cAAc,EACdU,uBAAqB,CAAC,QAAQ,EAAE,QAAQ,CAAC,EACzCD,iBAAe,EACf,eAAe,CAChB,CAAC;SACH;KAAA;CACF,CAAC;;AC/KF;AACA,AAWA,MAAMT,QAAM,GAAG,gBAAgB,CAAC,gDAAgD,CAAC,CAAC;AAElF,SAASS,iBAAe,CAAC,WAAgB;;;IAGvC,OAAO,IAAI,CAAC,KAAK,CAAC,WAAW,CAAC,UAAU,CAAC,CAAC;AAC5C,CAAC;AAED,SAASC,uBAAqB,CAAC,QAAgB,EAAE,QAAiB;IAChE,MAAM,eAAe,GAAQ;QAC3B,QAAQ;QACR,aAAa,EAAE,YAAY;KAC5B,CAAC;IAEF,IAAI,QAAQ,EAAE;QACZ,eAAe,CAAC,QAAQ,GAAG,QAAQ,CAAC;KACrC;IAED,MAAM,KAAK,GAAG,EAAE,CAAC,SAAS,CAAC,eAAe,CAAC,CAAC;IAE5C,OAAO;QACL,GAAG,EAAE,GAAG,OAAO,CAAC,GAAG,CAAC,YAAa,IAAI,KAAK,EAAE;QAC5C,MAAM,EAAE,KAAK;QACb,OAAO,EAAEL,kCAAiB,CAAC;YACzB,MAAM,EAAE,kBAAkB;YAC1B,MAAM,EAAE,OAAO,CAAC,GAAG,CAAC,UAAW;SAChC,CAAC;KACH,CAAC;AACJ,CAAC;AAED,AAAO,MAAM,iBAAiB,GAAQ;IAC9B,WAAW;;YACf,MAAM,GAAG,GAAG,OAAO,CAAC,GAAG,CAAC;YACxB,MAAM,MAAM,GAAG,OAAO,CAAC,GAAG,CAAC,YAAY,IAAI,GAAG,CAAC,UAAU,CAAC,CAAC;YAC3D,IAAI,CAAC,MAAM,EAAE;gBACXL,QAAM,CAAC,IAAI,CAAC,gDAAgD,CAAC,CAAC;aAC/D;YACD,OAAO,MAAM,CAAC;SACf;KAAA;IACK,QAAQ,CACZ,cAA8B,EAC9B,QAAgB,EAChB,QAAiB,EACjB,kBAAmC,EAAE;;YAErCA,QAAM,CAAC,IAAI,CACT,yFAAyF,OAAO,CAAC,GAAG,CAAC,YAAY,6BAA6B,CAC/I,CAAC;YAEF,OAAO,kBAAkB,CACvB,cAAc,EACdU,uBAAqB,CAAC,QAAQ,EAAE,QAAQ,CAAC,EACzCD,iBAAe,EACf,eAAe,CAChB,CAAC;SACH;KAAA;CACF,CAAC;;ACpEF;AACA,AAiBA,MAAMT,QAAM,GAAG,gBAAgB,CAAC,oCAAoC,CAAC,CAAC;AAEtE;AACA,MAAMS,iBAAe,GAAG,SAAS,CAAC;AAElC,SAASC,uBAAqB,CAAC,QAAiB;IAC9C,MAAM,eAAe,GAAQ;QAC3B,QAAQ;QACR,aAAa,EAAE,kBAAkB;KAClC,CAAC;IAEF,MAAM,KAAK,GAAG,EAAE,CAAC,SAAS,CAAC,eAAe,CAAC,CAAC;IAE5C,OAAO;;QAEL,GAAG,EAAE,GAAG,OAAO,CAAC,GAAG,CAAC,iBAAkB,IAAI,KAAK,EAAE;QACjD,MAAM,EAAE,KAAK;QACb,OAAO,EAAEL,kCAAiB,CAAC;YACzB,MAAM,EAAE,kBAAkB;YAC1B,QAAQ,EAAE,MAAM;SACjB,CAAC;KACH,CAAC;AACJ,CAAC;AAED;AACA,SAAS,aAAa,CAAC,IAAY,EAAE,OAA6B;IAChE,OAAO,IAAI,OAAO,CAAC,CAAC,OAAO,EAAE,MAAM,KACjCO,WAAQ,CAAC,IAAI,EAAE,OAAO,EAAE,CAAC,GAAG,EAAE,IAAI;QAChC,IAAI,GAAG,EAAE;YACP,MAAM,CAAC,GAAG,CAAC,CAAC;SACb;QACD,OAAO,CAAC,IAAI,CAAC,CAAC;KACf,CAAC,CACH,CAAC;AACJ,CAAC;AAED,SAAe,eAAe,CAC5B,cAA8B,EAC9B,qBAA6C;;QAE7C,MAAM,QAAQ,GAAG,MAAM,cAAc,CAAC,WAAW,CAACR,sCAAqB,CAAC,qBAAqB,CAAC,CAAC,CAAC;QAEhG,IAAI,QAAQ,CAAC,MAAM,KAAK,GAAG,EAAE;YAC3B,IAAI,OAAO,GAAG,EAAE,CAAC;YACjB,IAAI,QAAQ,CAAC,UAAU,EAAE;gBACvB,OAAO,GAAG,cAAc,QAAQ,CAAC,UAAU,EAAE,CAAC;aAC/C;YACD,MAAM,IAAI,mBAAmB,CAC3B,QAAQ,CAAC,MAAM,EACf,wFAAwF,OAAO,EAAE,CAClG,CAAC;SACH;QAED,MAAM,UAAU,GAAG,QAAQ,CAAC,OAAO,CAAC,GAAG,CAAC,kBAAkB,CAAC,IAAI,EAAE,CAAC;QAClE,OAAO,UAAU,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;KAC1C;CAAA;AAED,AAAO,MAAM,MAAM,GAAQ;IACnB,WAAW;;YACf,MAAM,MAAM,GAAG,OAAO,CAAC,OAAO,CAAC,GAAG,CAAC,aAAa,IAAI,OAAO,CAAC,GAAG,CAAC,iBAAiB,CAAC,CAAC;YACnF,IAAI,CAAC,MAAM,EAAE;gBACXJ,QAAM,CAAC,IAAI,CAAC,mCAAmC,CAAC,CAAC;aAClD;YACD,OAAO,MAAM,CAAC;SACf;KAAA;IACK,QAAQ,CACZ,cAA8B,EAC9B,QAAiB,EACjB,QAAiB,EACjB,kBAAmC,EAAE;;;YAErCA,QAAM,CAAC,IAAI,CAAC,0CAA0C,CAAC,CAAC;YAExD,IAAI,QAAQ,EAAE;gBACZ,MAAM,IAAI,KAAK,CACb,4TAA4T,CAC7T,CAAC;aACH;YAED,MAAM,cAAc,mBAClB,uBAAuB,EAAE,IAAI,EAC7B,0BAA0B,EAAE,IAAI,EAChC,qBAAqB,EAAE,SAAS,EAChC,WAAW,EAAE,eAAe,CAAC,WAAW,EACxC,WAAW,EAAE,eAAe,CAAC,cAAc,IAAI,eAAe,CAAC,cAAc,CAAC,WAAW,IACtFU,uBAAqB,CAAC,QAAQ,CAAC,CACnC,CAAC;YAEF,MAAM,QAAQ,GAAG,MAAM,eAAe,CAAC,cAAc,EAAE,cAAc,CAAC,CAAC;YAEvE,IAAI,CAAC,QAAQ,EAAE;gBACb,MAAM,IAAI,KAAK,CAAC,8CAA8C,CAAC,CAAC;aACjE;YAED,MAAM,GAAG,GAAG,MAAM,aAAa,CAAC,QAAQ,EAAE,EAAE,QAAQ,EAAE,OAAO,EAAE,CAAC,CAAC;YACjE,MAAA,cAAc,CAAC,OAAO,0CAAE,GAAG,CAAC,eAAe,EAAE,SAAS,GAAG,EAAE,EAAE;YAE7D,OAAO,kBAAkB,CAAC,cAAc,EAAE,cAAc,EAAED,iBAAe,EAAE,eAAe,CAAC,CAAC;;KAC7F;CACF,CAAC;;ACrHF;AACA,AAeA,MAAMT,QAAM,GAAG,gBAAgB,CAAC,2BAA2B,CAAC,CAAC;AAE7D;;;;;;;;;AASA,MAAa,yBAAyB;;;;;IAuBpC,YACE,iBAA8D,EAC9D,OAAgC;QAtB1B,0BAAqB,GAAmB,IAAI,CAAC;QAwBnD,IAAI,OAAO,iBAAiB,KAAK,QAAQ,EAAE;;YAEzC,IAAI,CAAC,QAAQ,GAAG,iBAAiB,CAAC;YAClC,IAAI,CAAC,cAAc,GAAG,IAAI,cAAc,mBACnC,OAAO,EACV,CAAC;SACJ;aAAM;;YAEL,IAAI,CAAC,cAAc,GAAG,IAAI,cAAc,CAAC,iBAAiB,CAAC,CAAC;SAC7D;KACF;IAIa,kBAAkB,CAC9B,QAAgB,EAChB,QAAiB,EACjB,eAAiC;;YAEjC,IAAI,IAAI,CAAC,SAAS,EAAE;gBAClB,OAAO,IAAI,CAAC,SAAS,CAAC;aACvB;;;YAID,MAAM,IAAI,GAAG,CAAC,iBAAiB,EAAE,aAAa,EAAE,MAAM,EAAE,OAAO,CAAC,CAAC;YAEjE,KAAK,MAAM,GAAG,IAAI,IAAI,EAAE;gBACtB,IAAI,MAAM,GAAG,CAAC,WAAW,CAAC,IAAI,CAAC,cAAc,EAAE,QAAQ,EAAE,QAAQ,EAAE,eAAe,CAAC,EAAE;oBACnF,IAAI,CAAC,SAAS,GAAG,GAAG,CAAC;oBACrB,OAAO,GAAG,CAAC;iBACZ;aACF;YAED,MAAM,IAAI,qBAAqB,CAAC,yDAAyD,CAAC,CAAC;SAC5F;KAAA;IAEa,2BAA2B,CACvC,MAAyB,EACzB,QAAiB,EACjB,eAAiC;;YAEjC,MAAM,QAAQ,GAAG,mBAAmB,CAAC,MAAM,CAAC,CAAC;YAC7C,MAAM,EAAE,IAAI,EAAE,cAAc,EAAE,OAAO,EAAE,GAAG,UAAU,CAClD,uDAAuD,EACvD,eAAe,CAChB,CAAC;YAEF,IAAI;;gBAEF,MAAM,YAAY,GAAG,MAAM,IAAI,CAAC,kBAAkB,CAAC,QAAQ,EAAE,QAAQ,EAAE,OAAO,CAAC,CAAC;gBAEhF,OAAO,YAAY,CAAC,QAAQ,CAAC,IAAI,CAAC,cAAc,EAAE,QAAQ,EAAE,QAAQ,EAAE,OAAO,CAAC,CAAC;aAChF;YAAC,OAAO,GAAG,EAAE;gBACZ,IAAI,CAAC,SAAS,CAAC;oBACb,IAAI,EAAEC,0BAAc,CAAC,KAAK;oBAC1B,OAAO,EAAE,GAAG,CAAC,OAAO;iBACrB,CAAC,CAAC;gBACH,MAAM,GAAG,CAAC;aACX;oBAAS;gBACR,IAAI,CAAC,GAAG,EAAE,CAAC;aACZ;SACF;KAAA;;;;;;;;;;;IAYY,QAAQ,CACnB,MAAyB,EACzB,OAAyB;;YAEzB,IAAI,MAAM,GAAuB,IAAI,CAAC;YAEtC,MAAM,EAAE,IAAI,EAAE,cAAc,EAAE,UAAU,EAAE,GAAG,UAAU,CACrD,oCAAoC,EACpC,OAAO,CACR,CAAC;YAEF,IAAI;;;;gBAIF,IAAI,IAAI,CAAC,qBAAqB,KAAK,IAAI,EAAE;oBACvC,MAAM,GAAG,MAAM,IAAI,CAAC,2BAA2B,CAAC,MAAM,EAAE,IAAI,CAAC,QAAQ,EAAE,UAAU,CAAC,CAAC;oBAEnF,IAAI,MAAM,KAAK,IAAI,EAAE;;;;wBAInB,IAAI,CAAC,qBAAqB,GAAG,IAAI,CAAC;;;wBAIlC,MAAM,KAAK,GAAG,IAAI,qBAAqB,CACrC,yEAAyE,CAC1E,CAAC;wBACFD,QAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,WAAW,CAAC,MAAM,EAAE,KAAK,CAAC,CAAC,CAAC;wBACjD,MAAM,KAAK,CAAC;qBACb;;;;oBAKD,IAAI,CAAC,qBAAqB,GAAG,KAAK,CAAC;iBACpC;qBAAM;;;oBAGL,MAAM,KAAK,GAAG,IAAI,qBAAqB,CACrC,0DAA0D,CAC3D,CAAC;oBACFA,QAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,WAAW,CAAC,MAAM,EAAE,KAAK,CAAC,CAAC,CAAC;oBACjD,MAAM,KAAK,CAAC;iBACb;gBAEDA,QAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,aAAa,CAAC,MAAM,CAAC,CAAC,CAAC;gBAC5C,OAAO,MAAM,CAAC;aACf;YAAC,OAAO,GAAG,EAAE;;;gBAGZ,IAAI,GAAG,YAAY,qBAAqB,EAAE;oBACxC,MAAM,GAAG,CAAC;iBACX;;;;;;gBAQD,IAAI,CAAC,SAAS,CAAC;oBACb,IAAI,EAAEC,0BAAc,CAAC,KAAK;oBAC1B,OAAO,EAAE,GAAG,CAAC,OAAO;iBACrB,CAAC,CAAC;;;gBAIH,IAAI,GAAG,CAAC,IAAI,KAAK,aAAa,EAAE;oBAC9B,MAAM,KAAK,GAAG,IAAI,qBAAqB,CACrC,gEAAgE,CACjE,CAAC;oBAEFD,QAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,WAAW,CAAC,MAAM,EAAE,KAAK,CAAC,CAAC,CAAC;oBACjD,MAAM,KAAK,CAAC;iBACb;;;gBAID,IAAI,GAAG,CAAC,IAAI,KAAK,cAAc,EAAE;oBAC/B,MAAM,KAAK,GAAG,IAAI,qBAAqB,CACrC,+EAA+E,CAChF,CAAC;oBAEFA,QAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,WAAW,CAAC,MAAM,EAAE,KAAK,CAAC,CAAC,CAAC;oBACjD,MAAM,KAAK,CAAC;iBACb;;;gBAID,IAAI,GAAG,CAAC,UAAU,KAAK,GAAG,EAAE;oBAC1B,MAAM,IAAI,qBAAqB,CAC7B,2EAA2E,CAC5E,CAAC;iBACH;;;gBAID,IAAI,GAAG,CAAC,UAAU,KAAK,SAAS,EAAE;oBAChC,MAAM,IAAI,qBAAqB,CAC7B,4DAA4D,GAAG,CAAC,OAAO,EAAE,CAC1E,CAAC;iBACH;;gBAGD,MAAM,IAAI,mBAAmB,CAAC,GAAG,CAAC,UAAU,EAAE;oBAC5C,KAAK,EAAE,kDAAkD;oBACzD,iBAAiB,EAAE,GAAG,CAAC,OAAO;iBAC/B,CAAC,CAAC;aACJ;oBAAS;;gBAER,IAAI,CAAC,GAAG,EAAE,CAAC;aACZ;SACF;KAAA;CACF;;ACnPD;AACA,AASA,SAAS,iBAAiB;IACxB,IAAI,OAAO,CAAC,QAAQ,KAAK,OAAO,EAAE;QAChC,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,UAAU,EAAE;YAC3B,MAAM,IAAI,KAAK,CAAC,kEAAkE,CAAC,CAAC;SACrF;QACD,OAAO,OAAO,CAAC,GAAG,CAAC,UAAU,CAAC;KAC/B;SAAM;QACL,OAAO,MAAM,CAAC;KACf;AACH,CAAC;AAED,MAAMA,QAAM,GAAG,gBAAgB,CAAC,oBAAoB,CAAC,CAAC;AAEtD;;;;;;;;AAQA,MAAa,kBAAkB;;;;;IAKb,sBAAsB,CACpC,QAAgB;;YAEhB,OAAO,IAAI,OAAO,CAAC,CAAC,OAAO,EAAE,MAAM;gBACjC,IAAI;oBACFa,kBAAkB,CAChB,wDAAwD,QAAQ,EAAE,EAClE,EAAE,GAAG,EAAE,iBAAiB,EAAE,EAAE,EAC5B,CAAC,KAAK,EAAE,MAAM,EAAE,MAAM;wBACpB,OAAO,CAAC,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,EAAE,KAAK,EAAE,CAAC,CAAC;qBACpD,CACF,CAAC;iBACH;gBAAC,OAAO,GAAG,EAAE;oBACZ,MAAM,CAAC,GAAG,CAAC,CAAC;iBACb;aACF,CAAC,CAAC;SACJ;KAAA;;;;;;;;;;;IAYY,QAAQ,CACnB,MAAyB,EACzB,OAAyB;;YAEzB,OAAO,IAAI,OAAO,CAAC,CAAC,OAAO,EAAE,MAAM;gBACjC,MAAM,KAAK,GAAG,OAAO,MAAM,KAAK,QAAQ,GAAG,MAAM,GAAG,MAAM,CAAC,CAAC,CAAC,CAAC;gBAC9Db,QAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,mBAAmB,KAAK,EAAE,CAAC,CAAC;gBAEjD,MAAM,QAAQ,GAAG,KAAK,CAAC,OAAO,CAAC,aAAa,EAAE,EAAE,CAAC,CAAC;;gBAGlD,IAAI,CAAC,KAAK,CAAC,KAAK,CAAC,oBAAoB,CAAC,EAAE;oBACtC,MAAM,KAAK,GAAG,IAAI,KAAK,CAAC,2DAA2D,CAAC,CAAC;oBACrFA,QAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,WAAW,CAAC,MAAM,EAAE,KAAK,CAAC,CAAC,CAAC;oBACjD,MAAM,KAAK,CAAC;iBACb;gBAED,IAAI,YAAY,GAAG,EAAE,CAAC;gBAEtB,MAAM,EAAE,IAAI,EAAE,GAAG,UAAU,CAAC,6BAA6B,EAAE,OAAO,CAAC,CAAC;gBACpE,IAAI,CAAC,sBAAsB,CAAC,QAAQ,CAAC;qBAClC,IAAI,CAAC,CAAC,GAAQ;oBACb,IAAI,GAAG,CAAC,MAAM,EAAE;wBACd,MAAM,YAAY,GAAG,GAAG,CAAC,MAAM,CAAC,KAAK,CAAC,kBAAkB,CAAC,CAAC;wBAC1D,MAAM,iBAAiB,GACrB,GAAG,CAAC,MAAM,CAAC,KAAK,CAAC,kBAAkB,CAAC;4BACpC,GAAG,CAAC,MAAM,CAAC,UAAU,CAAC,wBAAwB,CAAC,CAAC;wBAClD,IAAI,iBAAiB,EAAE;4BACrB,MAAM,KAAK,GAAG,IAAI,qBAAqB,CACrC,mLAAmL,CACpL,CAAC;4BACFA,QAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,WAAW,CAAC,MAAM,EAAE,KAAK,CAAC,CAAC,CAAC;4BACjD,MAAM,KAAK,CAAC;yBACb;6BAAM,IAAI,YAAY,EAAE;4BACvB,MAAM,KAAK,GAAG,IAAI,qBAAqB,CACrC,2FAA2F,CAC5F,CAAC;4BACFA,QAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,WAAW,CAAC,MAAM,EAAE,KAAK,CAAC,CAAC,CAAC;4BACjD,MAAM,KAAK,CAAC;yBACb;wBACD,MAAM,KAAK,GAAG,IAAI,qBAAqB,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC;wBACpDA,QAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,WAAW,CAAC,MAAM,EAAE,KAAK,CAAC,CAAC,CAAC;wBACjD,MAAM,KAAK,CAAC;qBACb;yBAAM;wBACL,YAAY,GAAG,GAAG,CAAC,MAAM,CAAC;wBAC1B,MAAM,QAAQ,GAA+C,IAAI,CAAC,KAAK,CAAC,YAAY,CAAC,CAAC;wBACtFA,QAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,aAAa,CAAC,MAAM,CAAC,CAAC,CAAC;wBAC5C,MAAM,WAAW,GAAG;4BAClB,KAAK,EAAE,QAAQ,CAAC,WAAW;4BAC3B,kBAAkB,EAAE,IAAI,IAAI,CAAC,QAAQ,CAAC,SAAS,CAAC,CAAC,OAAO,EAAE;yBAC3D,CAAC;wBACF,OAAO,CAAC,WAAW,CAAC,CAAC;wBACrB,OAAO,WAAW,CAAC;qBACpB;iBACF,CAAC;qBACD,KAAK,CAAC,CAAC,GAAG;oBACT,IAAI,CAAC,SAAS,CAAC;wBACb,IAAI,EAAEC,0BAAc,CAAC,KAAK;wBAC1B,OAAO,EAAE,GAAG,CAAC,OAAO;qBACrB,CAAC,CAAC;oBACHD,QAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,WAAW,CAAC,MAAM,EAAE,GAAG,CAAC,CAAC,CAAC;oBAC/C,MAAM,CAAC,GAAG,CAAC,CAAC;iBACb,CAAC,CAAC;aACN,CAAC,CAAC;SACJ;KAAA;CACF;;ACjID;AACA,AAQA,IAAI,MAAW,CAAC;AAChB,IAAI;;IAEF,MAAM,GAAG,OAAO,CAAC,QAAQ,CAAC,CAAC;CAC5B;AAAC,OAAO,EAAE,EAAE;IACX,MAAM,GAAG,IAAI,CAAC;CACf;AAED,AAKA,MAAM,cAAc,GAAG,QAAQ,CAAC;AAChC,MAAM,oBAAoB,GAAG,sCAAsC,CAAC;AACpE,MAAM,cAAc,GAAG,eAAe,CAAC;AACvC,MAAMA,QAAM,GAAG,gBAAgB,CAAC,4BAA4B,CAAC,CAAC;AAE9D;AACA,MAAM,oBAAoB,GAA2B;IACnD,IAAI,EAAE,mFAAmF;CAC1F,CAAC;AAEF,SAAS,sBAAsB,CAAC,QAAgB;;IAE9C,MAAM,sBAAsB,GAAG,oBAAoB,CAAC,QAAQ,CAAC,CAAC;IAC9D,IAAI,sBAAsB,EAAE;QAC1B,MAAM,IAAI,qBAAqB,CAAC,sBAAsB,CAAC,CAAC;KACzD;AACH,CAAC;AAID,MAAM,uBAAuB,GAAqC;IAChE,UAAU,EAAEE,2BAAmB,CAAC,gBAAgB;IAChD,UAAU,EAAEA,2BAAmB,CAAC,UAAU;IAC1C,gBAAgB,EAAEA,2BAAmB,CAAC,YAAY;IAClD,iBAAiB,EAAEA,2BAAmB,CAAC,eAAe;CACvD,CAAC;AAEF;;;;AAIA,SAAgB,qBAAqB,CAAC,QAAgB;IACpD,MAAM,YAAY,GAAG,CAAC,MAAM,EAAE,eAAe,CAAC,CAAC;;IAE/C,MAAM,YAAY,GAAG,MAAM,CAAC;IAC5B,MAAM,OAAO,GAAG,EAAE,CAAC,OAAO,EAAE,CAAC;IAE7B,SAAS,YAAY,CAAC,GAAG,YAAsB;QAC7C,MAAM,QAAQ,GAAG,IAAI,CAAC,IAAI,CAAC,GAAG,YAAY,EAAE,YAAY,EAAE,GAAG,YAAY,CAAC,CAAC;QAC3E,MAAM,QAAQ,GAAG,IAAI,CAAC,KAAK,CAACY,WAAE,CAAC,YAAY,CAAC,QAAQ,EAAE,EAAE,QAAQ,EAAE,MAAM,EAAE,CAAC,CAAC,CAAC;QAC7E,OAAO,QAAQ,CAAC,QAAQ,CAAC,CAAC;KAC3B;IAED,IAAI;QACF,IAAI,OAAe,CAAC;QACpB,QAAQ,OAAO,CAAC,QAAQ;YACtB,KAAK,OAAO;gBACV,OAAO,GAAG,OAAO,CAAC,GAAG,CAAC,OAAQ,CAAC;gBAC/B,OAAO,OAAO,GAAG,YAAY,CAAC,OAAO,CAAC,GAAG,SAAS,CAAC;YACrD,KAAK,QAAQ;gBACX,OAAO,YAAY,CAAC,OAAO,EAAE,SAAS,EAAE,qBAAqB,CAAC,CAAC;YACjE,KAAK,OAAO;gBACV,OAAO,YAAY,CAAC,OAAO,EAAE,SAAS,CAAC,CAAC;YAC1C;gBACE,OAAO;SACV;KACF;IAAC,OAAO,CAAC,EAAE;QACVd,QAAM,CAAC,IAAI,CAAC,oEAAoE,CAAC,CAAC,OAAO,EAAE,CAAC,CAAC;QAC7F,OAAO;KACR;AACH,CAAC;AAYD;;;;;AAKA,MAAa,0BAA0B;;;;;;IAUrC,YAAY,OAA2C;;;QAGrD,IAAI,CAAC,SAAS,IAAI,qBAAqB,CAAC,aAAa,CAAC,IAAI,YAAY,CAAqB,CAAC;;QAG5F,MAAM,aAAa,GAAG,uBAAuB,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC;QAE9D,IAAI,CAAC,cAAc,GAAG,IAAI,cAAc,iBACtC,aAAa,IACV,OAAO,EACV,CAAC;QAEH,IAAI,OAAO,IAAI,OAAO,CAAC,QAAQ,EAAE;YAC/B,aAAa,CAACA,QAAM,EAAE,OAAO,CAAC,QAAQ,CAAC,CAAC;YAExC,IAAI,CAAC,QAAQ,GAAG,OAAO,CAAC,QAAQ,CAAC;SAClC;aAAM;YACL,IAAI,CAAC,QAAQ,GAAG,cAAc,CAAC;SAChC;QACD,sBAAsB,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;KACvC;;;;IAKa,OAAO;;;YAEnB,MAAM,cAAc,GAAG,qBAAqB,CAAC,cAAc,CAAC,CAAC;YAC7D,IAAI,cAAc,EAAE;gBAClB,IAAI,CAAC,QAAQ,GAAG,cAAc,CAAC;aAChC;YACD,sBAAsB,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;SACvC;KAAA;;;;IAUO,WAAW;QACjB,IAAI,IAAI,CAAC,cAAc,EAAE;YACvB,OAAO,IAAI,CAAC,cAAc,CAAC;SAC5B;QACD,IAAI,CAAC,cAAc,GAAG,IAAI,CAAC,OAAO,EAAE,CAAC;QACrC,OAAO,IAAI,CAAC,cAAc,CAAC;KAC5B;;;;;;;;;IAUY,QAAQ,CACnB,MAAyB,EACzB,QAA0B;;YAE1B,MAAM,IAAI,CAAC,WAAW,EAAE,CAAC;YACzB,IAAI,CAAC,MAAM,EAAE;gBACX,MAAM,IAAI,qBAAqB,CAC7B,2FAA2F,CAC5F,CAAC;aACH;YAED,IAAI,WAAW,GAAG,OAAO,MAAM,KAAK,QAAQ,GAAG,MAAM,GAAG,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;;YAGzE,IAAI,CAAC,WAAW,CAAC,KAAK,CAAC,oBAAoB,CAAC,EAAE;gBAC5C,MAAM,KAAK,GAAG,IAAI,KAAK,CAAC,2DAA2D,CAAC,CAAC;gBACrFA,QAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,WAAW,CAAC,MAAM,EAAE,KAAK,CAAC,CAAC,CAAC;gBACjD,MAAM,KAAK,CAAC;aACb;YAED,IAAI,WAAW,CAAC,OAAO,CAAC,gBAAgB,CAAC,GAAG,CAAC,EAAE;gBAC7C,WAAW,IAAI,iBAAiB,CAAC;aAClC;;;;;;;;;YAUD,MAAM,WAAW,GAAG,MAAM,MAAM,CAAC,eAAe,CAAC,cAAc,CAAC,CAAC;;YAGjE,MAAM,EAAE,QAAQ,EAAE,GAChB,WAAW,CAAC,IAAI,CAAC,CAAC,IAAyB,KAAK,IAAI,CAAC,OAAO,KAAK,IAAI,CAAC,SAAS,CAAC;gBAChF,WAAW,CAAC,CAAC,CAAC;gBACd,EAAE,CAAC;;YAGL,MAAM,YAAY,GAAG,QAAQ,CAAC;YAE9B,IAAI,YAAY,EAAE;gBAChB,MAAM,aAAa,GAAG,MAAM,IAAI,CAAC,cAAc,CAAC,kBAAkB,CAChE,IAAI,CAAC,QAAQ,EACb,oBAAoB,EACpB,WAAW,EACX,YAAY,EACZ,SAAS,CACV,CAAC;gBAEF,IAAI,aAAa,EAAE;oBACjBA,QAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,aAAa,CAAC,MAAM,CAAC,CAAC,CAAC;oBAC5C,OAAO,aAAa,CAAC,WAAW,CAAC;iBAClC;qBAAM;oBACL,MAAM,KAAK,GAAG,IAAI,qBAAqB,CACrC,mIAAmI,CACpI,CAAC;oBACFA,QAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,WAAW,CAAC,MAAM,EAAE,KAAK,CAAC,CAAC,CAAC;oBACjD,MAAM,KAAK,CAAC;iBACb;aACF;iBAAM;gBACL,MAAM,KAAK,GAAG,IAAI,qBAAqB,CACrC,uHAAuH,CACxH,CAAC;gBACFA,QAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,WAAW,CAAC,MAAM,EAAE,KAAK,CAAC,CAAC,CAAC;gBACjD,MAAM,KAAK,CAAC;aACb;SACF;KAAA;CACF;;AC9OD;AACA,AAuBA;;;;;;;;;;;AAWA,MAAa,sBAAuB,SAAQ,sBAAsB;;;;;;IAMhE,YAAY,sBAAsD;QAChE,MAAM,WAAW,GAAG,EAAE,CAAC;QACvB,WAAW,CAAC,IAAI,CAAC,IAAI,qBAAqB,CAAC,sBAAsB,CAAC,CAAC,CAAC;;QAGpE,MAAM,uBAAuB,GAC3B,CAAA,sBAAsB,aAAtB,sBAAsB,uBAAtB,sBAAsB,CAAE,uBAAuB,KAAI,OAAO,CAAC,GAAG,CAAC,eAAe,CAAC;QAEjF,IAAI,uBAAuB,EAAE;YAC3B,WAAW,CAAC,IAAI,CACd,IAAI,yBAAyB,CAAC,uBAAuB,EAAE,sBAAsB,CAAC,CAC/E,CAAC;SACH;aAAM;;YAEL,WAAW,CAAC,IAAI,CAAC,IAAI,yBAAyB,CAAC,sBAAsB,CAAC,CAAC,CAAC;SACzE;QAED,WAAW,CAAC,IAAI,CAAC,IAAI,kBAAkB,EAAE,CAAC,CAAC;QAC3C,WAAW,CAAC,IAAI,CAAC,IAAI,0BAA0B,CAAC,sBAAsB,CAAC,CAAC,CAAC;QAEzE,KAAK,CAAC,GAAG,WAAW,CAAC,CAAC;QACtB,IAAI,CAAC,kBAAkB;YACrB,oFAAoF,CAAC;KACxF;CACF;;ACjED;AACA,AAsBA,MAAMA,QAAM,GAAG,gBAAgB,CAAC,8BAA8B,CAAC,CAAC;AAqChE,MAAa,sBAAuB,SAAQ,qBAAqB;CAAG;AAEpE,MAAa,UAAU;IAQrB,YACE,UAA2B,EAC3B,kBAA2B,EAC3B,oBAA2C,EAC3C,OAAgC;QAEhC,IAAI,CAAC,cAAc,GAAG,IAAI,cAAc,CAAC,OAAO,CAAC,CAAC;QAClD,IAAI,CAAC,UAAU,GAAG,UAAU,CAAC;QAC7B,IAAI,CAAC,kBAAkB,GAAG,kBAAkB,CAAC;QAC7C,IAAI,CAAC,oBAAoB,GAAG,oBAAoB,CAAC;KAClD;IAEK,yBAAyB;;;YAE7B,IAAI,IAAI,CAAC,GAAG,EAAE;gBACZ,OAAO;aACR;;YAGD,MAAM,YAAY,GAAkB;gBAClC,IAAI,EAAE,IAAI,CAAC,UAAU;gBACrB,KAAK,EAAE,SAAS;gBAChB,MAAM,EAAE,EAAE,aAAa,EAAE,IAAI,CAAC,cAAc,EAAE;aAC/C,CAAC;YAEF,IAAI,CAAC,GAAG,GAAG,IAAIe,gCAAuB,CAAC,YAAY,CAAC,CAAC;SACtD;KAAA;IAEK,qBAAqB,CAAC,MAAgB;;YAC1C,MAAM,IAAI,CAAC,yBAAyB,EAAE,CAAC;YAEvC,IAAI,CAAC,IAAI,CAAC,kBAAkB,IAAI,CAAC,IAAI,CAAC,oBAAoB,EAAE;gBAC1D,MAAM,IAAI,sBAAsB,EAAE,CAAC;aACpC;YAED,MAAM,aAAa,GAAG;gBACpB,OAAO,EAAE,IAAI,CAAC,oBAAqB;gBACnC,MAAM;aACP,CAAC;YAEF,IAAI;gBACF,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,GAAI,CAAC,kBAAkB,CAAC,aAAa,CAAC,CAAC;gBACnEf,QAAM,CAAC,IAAI,CAAC,qCAAqC,CAAC,CAAC;gBACnD,IAAI,QAAQ,IAAI,QAAQ,CAAC,SAAS,EAAE;oBAClC,OAAO;wBACL,kBAAkB,EAAE,QAAQ,CAAC,SAAS,CAAC,OAAO,EAAE;wBAChD,KAAK,EAAE,QAAQ,CAAC,WAAW;qBAC5B,CAAC;iBACH;qBAAM;oBACL,MAAM,IAAI,sBAAsB,CAAC,iDAAiD,CAAC,CAAC;iBACrF;aACF;YAAC,OAAO,CAAC,EAAE;gBACV,MAAM,IAAI,sBAAsB,CAAC,iDAAiD,CAAC,CAAC;aACrF;SACF;KAAA;IAEK,cAAc,CAAC,OAAkD;;YACrE,MAAM,IAAI,CAAC,yBAAyB,EAAE,CAAC;YAEvC,OAAO,IAAI,CAAC,GAAI,CAAC,cAAc,CAAC,OAAO,CAAC,CAAC;SAC1C;KAAA;IAEK,kBAAkB,CACtB,OAAiC;;YAEjC,MAAM,IAAI,CAAC,yBAAyB,EAAE,CAAC;YAEvC,OAAO,IAAI,CAAC,GAAI,CAAC,kBAAkB,CAAC,OAAO,CAAC,CAAC;SAC9C;KAAA;IAEK,wBAAwB,CAAC,OAA0B;;YACvD,MAAM,IAAI,CAAC,yBAAyB,EAAE,CAAC;YAEvC,OAAO,IAAI,CAAC,GAAI,CAAC,wBAAwB,CAAC,OAAO,CAAC,CAAC;SACpD;KAAA;IAEK,8BAA8B,CAClC,OAAgC;;YAEhC,MAAM,IAAI,CAAC,yBAAyB,EAAE,CAAC;YAEvC,OAAO,IAAI,CAAC,GAAI,CAAC,8BAA8B,CAAC,OAAO,CAAC,CAAC;SAC1D;KAAA;CACF;AAED,AAAA,IAAY,UAGX;AAHD,WAAY,UAAU;IACpB,yBAAW,CAAA;IACX,2BAAa,CAAA;AACf,CAAC,EAHW,UAAU,KAAV,UAAU,QAGrB;;AC9JD;AACA,AAkBA,MAAMA,QAAM,GAAG,gBAAgB,CAAC,8BAA8B,CAAC,CAAC;AAEhE;;;;;AAKA,MAAa,4BAA4B;IAMvC,YAAY,OAA6C;QACvD,MAAM,QAAQ,GAAG,CAAC,OAAO,IAAI,OAAO,CAAC,QAAQ,KAAK,eAAe,CAAC;QAClE,MAAM,QAAQ,GAAG,CAAC,OAAO,IAAI,OAAO,CAAC,QAAQ,KAAK,uBAAuB,CAAC;QAE1E,aAAa,CAACA,QAAM,EAAE,QAAQ,CAAC,CAAC;;;QAKhC,IAAI,OAAO,IAAI,OAAO,CAAC,WAAW,EAAE;YAClC,IAAI,OAAO,OAAO,CAAC,WAAW,KAAK,QAAQ,EAAE;gBAC3C,IAAI,CAAC,WAAW,GAAG,OAAO,CAAC,WAAW,CAAC;aACxC;iBAAM;gBACL,IAAI,CAAC,WAAW,GAAG,OAAO,CAAC,WAAW,EAAE,CAAC;aAC1C;SACF;aAAM;YACL,IAAI,CAAC,WAAW,GAAG,kBAAkB,CAAC;SACvC;QAED,MAAM,GAAG,GAAG,IAAI,GAAG,CAAC,IAAI,CAAC,WAAW,CAAC,CAAC;QACtC,IAAI,CAAC,IAAI,GAAG,QAAQ,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC;QAC/B,IAAI,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE;YACpB,IAAI,CAAC,IAAI,GAAG,EAAE,CAAC;SAChB;QAED,IAAI,CAAC,QAAQ,GAAG,GAAG,CAAC,QAAQ,CAAC;QAE7B,IAAI,aAAa,CAAC;QAClB,IAAI,OAAO,IAAI,OAAO,CAAC,aAAa,EAAE;YACpC,IAAI,OAAO,CAAC,aAAa,CAAC,QAAQ,CAAC,GAAG,CAAC,EAAE;gBACvC,aAAa,GAAG,OAAO,CAAC,aAAa,GAAG,QAAQ,CAAC;aAClD;iBAAM;gBACL,aAAa,GAAG,OAAO,CAAC,aAAa,GAAG,GAAG,GAAG,QAAQ,CAAC;aACxD;SACF;aAAM;YACL,aAAa,GAAG,oCAAoC,GAAG,QAAQ,CAAC;SACjE;QAED,IAAI,CAAC,UAAU,GAAG,IAAI,UAAU,CAC9B;YACE,QAAQ;YACR,SAAS,EAAE,aAAa;YACxB,gBAAgB,EAAE,QAAQ,KAAK,MAAM,IAAI,aAAa,GAAG,CAAC,aAAa,CAAC,GAAG,EAAE,IAAI,EAAE;SACpF,EACD,KAAK,EACL,SAAS,EACT,OAAO,CACR,CAAC;KACH;;;;;;;;;;;IAYM,QAAQ,CACb,MAAyB,EACzB,QAA0B;QAE1B,MAAM,UAAU,GAAG,OAAO,MAAM,KAAK,QAAQ,GAAG,MAAM,GAAG,CAAC,MAAM,CAAC,CAAC;QAElE,OAAO,IAAI,CAAC,UAAU,CAAC,qBAAqB,CAAC,UAAU,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC;YAC/D,IAAI,CAAC,YAAY,sBAAsB,EAAE;gBACvC,OAAO,IAAI,CAAC,uBAAuB,CAAC,UAAU,CAAC,CAAC;aACjD;iBAAM;gBACLA,QAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,WAAW,CAAC,MAAM,EAAE,CAAC,CAAC,CAAC,CAAC;gBAC7C,MAAM,CAAC,CAAC;aACT;SACF,CAAC,CAAC;KACJ;IAEa,eAAe,CAAC,UAAoB;;YAChD,MAAM,qBAAqB,GAAG;gBAC5B,MAAM,EAAE,UAAU;gBAClB,WAAW,EAAE,IAAI,CAAC,WAAW;aAC9B,CAAC;YAEF,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,UAAU,CAAC,cAAc,CAAC,qBAAqB,CAAC,CAAC;YAC7E,MAAM,IAAI,CAAC,QAAQ,CAAC,CAAC;SACtB;KAAA;IAEO,uBAAuB,CAAC,UAAoB;QAClD,OAAO,IAAI,OAAO,CAAqB,CAAC,OAAO,EAAE,MAAM;YACrD,MAAM,eAAe,GAAa,EAAE,CAAC;YAErC,MAAM,eAAe,GAAG,CAAC,GAAyB,EAAE,GAAwB;gBAC1E,IAAI,CAAC,GAAG,CAAC,GAAG,EAAE;oBACZ,MAAM,CACJ,IAAI,KAAK,CACP,0FAA0F,CAC3F,CACF,CAAC;oBACF,OAAO;iBACR;gBACD,IAAI,GAAQ,CAAC;gBACb,IAAI;oBACF,GAAG,GAAG,IAAI,GAAG,CAAC,GAAG,CAAC,GAAG,EAAE,IAAI,CAAC,WAAW,CAAC,CAAC;iBAC1C;gBAAC,OAAO,CAAC,EAAE;oBACV,MAAM,CACJ,IAAI,KAAK,CACP,0FAA0F,CAC3F,CACF,CAAC;oBACF,OAAO;iBACR;gBACD,MAAM,YAAY,GAA6B;oBAC7C,IAAI,EAAE,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,MAAM,CAAE;oBACnC,WAAW,EAAE,IAAI,CAAC,WAAW;oBAC7B,MAAM,EAAE,UAAU;iBACnB,CAAC;gBAEF,IAAI,CAAC,UAAU;qBACZ,kBAAkB,CAAC,YAAY,CAAC;qBAChC,IAAI,CAAC,CAAC,YAAY;oBACjB,MAAM,cAAc,GAAG,mFAAmF,CAAC;oBAC3G,IAAI,YAAY,IAAI,YAAY,CAAC,SAAS,EAAE;wBAC1C,MAAM,kBAAkB,GAAG,YAAY,aAAZ,YAAY,uBAAZ,YAAY,CAAE,SAAS,CAAC,OAAO,EAAE,CAAC;wBAC7D,GAAG,CAAC,SAAS,CAAC,GAAG,CAAC,CAAC;wBACnB,GAAG,CAAC,GAAG,CAAC,cAAc,CAAC,CAAC;wBACxBA,QAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,aAAa,CAAC,UAAU,CAAC,CAAC,CAAC;wBAEhD,OAAO,CAAC;4BACN,kBAAkB;4BAClB,KAAK,EAAE,YAAY,CAAC,WAAW;yBAChC,CAAC,CAAC;qBACJ;yBAAM;wBACL,MAAM,YAAY,GAAG,WAAW,CAC9B,UAAU,EACV,GAAG,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,OAAO,CAAC,KAAK,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,mBAAmB,CAAC,EAAE,CACjF,CAAC;wBACF,GAAG,CAAC,SAAS,CAAC,GAAG,CAAC,CAAC;wBACnB,GAAG,CAAC,GAAG,CAAC,YAAY,CAAC,CAAC;wBACtBA,QAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,YAAY,CAAC,CAAC;wBAEnC,MAAM,CACJ,IAAI,KAAK,CACP,0FAA0F,CAC3F,CACF,CAAC;qBACH;oBACD,OAAO,EAAE,CAAC;oBACV,OAAO;iBACR,CAAC;qBACD,KAAK,CAAC;oBACL,MAAM,YAAY,GAAG,WAAW,CAC9B,UAAU,EACV,GAAG,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,OAAO,CAAC,KAAK,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,mBAAmB,CAAC,EAAE,CACjF,CAAC;oBACF,GAAG,CAAC,SAAS,CAAC,GAAG,CAAC,CAAC;oBACnB,GAAG,CAAC,GAAG,CAAC,YAAY,CAAC,CAAC;oBACtBA,QAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,YAAY,CAAC,CAAC;oBAEnC,MAAM,CACJ,IAAI,KAAK,CACP,0FAA0F,CAC3F,CACF,CAAC;oBACF,OAAO,EAAE,CAAC;iBACX,CAAC,CAAC;aACN,CAAC;YACF,MAAM,GAAG,GAAG,IAAI,CAAC,YAAY,CAAC,eAAe,CAAC,CAAC;YAE/C,MAAM,MAAM,GAAG,GAAG,CAAC,MAAM,CAAC,IAAI,CAAC,IAAI,EAAE,IAAI,CAAC,QAAQ,EAAE,MAClDA,QAAM,CAAC,IAAI,CAAC,iDAAiD,IAAI,CAAC,IAAI,GAAG,CAAC,CAC3E,CAAC;YACF,GAAG,CAAC,EAAE,CAAC,YAAY,EAAE,CAAC,MAAM,KAAK,eAAe,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC,CAAC;YAC/D,MAAM,MAAM,GAAG,SAAS,CAAC,GAAG,CAAC,CAAC;YAE9B,IAAI,CAAC,eAAe,CAAC,UAAU,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC;gBACvC,OAAO,EAAE,CAAC;gBACV,MAAM,CAAC,CAAC,CAAC,CAAC;aACX,CAAC,CAAC;YAEH,SAAS,OAAO;gBACd,IAAI,MAAM,EAAE;oBACV,MAAM,CAAC,KAAK,EAAE,CAAC;iBAChB;gBAED,KAAK,MAAM,MAAM,IAAI,eAAe,EAAE;oBACpC,MAAM,CAAC,OAAO,EAAE,CAAC;iBAClB;gBAED,IAAI,MAAM,EAAE;oBACV,MAAM,CAAC,KAAK,EAAE,CAAC;oBACf,MAAM,CAAC,IAAI,EAAE,CAAC;iBACf;aACF;SACF,CAAC,CAAC;KACJ;CACF;;ACtLD,MAAMA,QAAM,GAAG,gBAAgB,CAAC,sBAAsB,CAAC,CAAC;AAExD;;;;AAIA,SAAgB,+BAA+B,CAAC,cAA8B;IAC5E,OAAO,CAAC,GAAG,CAAC,cAAc,CAAC,OAAO,CAAC,CAAC;AACtC,CAAC;AAED;;;;AAIA,MAAa,oBAAoB;;;;;;;;;;;;;;IAiB/B,YACE,WAAmB,eAAe,EAClC,WAAmB,uBAAuB,EAC1C,qBAA+C,+BAA+B,EAC9E,OAAgC;QAEhC,aAAa,CAACA,QAAM,EAAE,QAAQ,CAAC,CAAC;QAEhC,IAAI,CAAC,kBAAkB,GAAG,kBAAkB,CAAC;QAE7C,IAAI,aAAa,CAAC;QAClB,IAAI,OAAO,IAAI,OAAO,CAAC,aAAa,EAAE;YACpC,IAAI,OAAO,CAAC,aAAa,CAAC,QAAQ,CAAC,GAAG,CAAC,EAAE;gBACvC,aAAa,GAAG,OAAO,CAAC,aAAa,GAAG,QAAQ,CAAC;aAClD;iBAAM;gBACL,aAAa,GAAG,OAAO,CAAC,aAAa,GAAG,GAAG,GAAG,QAAQ,CAAC;aACxD;SACF;aAAM;YACL,aAAa,GAAG,oCAAoC,GAAG,QAAQ,CAAC;SACjE;QAED,IAAI,CAAC,UAAU,GAAG,IAAI,UAAU,CAC9B,EAAE,QAAQ,EAAE,QAAQ,EAAE,SAAS,EAAE,aAAa,EAAE,EAChD,KAAK,EACL,SAAS,EACT,OAAO,CACR,CAAC;KACH;;;;;;;;;;;IAYK,QAAQ,CACZ,MAAyB,EACzB,OAAyB;;YAEzB,MAAM,EAAE,IAAI,EAAE,GAAG,UAAU,CAAC,+BAA+B,EAAE,OAAO,CAAC,CAAC;YAEtE,MAAM,UAAU,GAAG,OAAO,MAAM,KAAK,QAAQ,GAAG,MAAM,GAAG,CAAC,MAAM,CAAC,CAAC;YAElE,MAAM,iBAAiB,GAAG;gBACxB,kBAAkB,EAAE,IAAI,CAAC,kBAAkB;gBAC3C,MAAM,EAAE,UAAU;aACnB,CAAC;YAEFA,QAAM,CAAC,IAAI,CAAC,yCAAyC,UAAU,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;YAE9E,OAAO,IAAI,CAAC,UAAU,CAAC,qBAAqB,CAAC,UAAU,CAAC,CAAC,KAAK,CAAC,CAAO,CAAC;gBACrE,IAAI,CAAC,YAAY,sBAAsB,EAAE;oBACvC,IAAI;wBACF,MAAM,KAAK,GAAG,MAAM,IAAI,CAAC,wBAAwB,CAAC,iBAAiB,EAAE,UAAU,CAAC,CAAC;wBACjFA,QAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,aAAa,CAAC,UAAU,CAAC,CAAC,CAAC;wBAChD,OAAO,KAAK,CAAC;qBACd;oBAAC,OAAO,GAAG,EAAE;wBACZ,IAAI,CAAC,SAAS,CAAC;4BACb,IAAI,EAAEC,0BAAc,CAAC,KAAK;4BAC1B,OAAO,EAAE,GAAG,CAAC,OAAO;yBACrB,CAAC,CAAC;wBACHD,QAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,WAAW,CAAC,UAAU,EAAE,GAAG,CAAC,CAAC,CAAC;wBACnD,MAAM,GAAG,CAAC;qBACX;4BAAS;wBACR,IAAI,CAAC,GAAG,EAAE,CAAC;qBACZ;iBACF;qBAAM;oBACL,MAAM,CAAC,CAAC;iBACT;aACF,CAAA,CAAC,CAAC;SACJ;KAAA;IAEa,wBAAwB,CACpC,iBAAoC,EACpC,MAAgB;;YAEhB,IAAI;gBACF,MAAM,cAAc,GAAG,MAAM,IAAI,CAAC,UAAU,CAAC,wBAAwB,CAAC,iBAAiB,CAAC,CAAC;gBACzF,IAAI,cAAc,IAAI,cAAc,CAAC,SAAS,EAAE;oBAC9C,MAAM,kBAAkB,GAAG,cAAc,CAAC,SAAS,CAAC,OAAO,EAAE,CAAC;oBAC9DA,QAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,aAAa,CAAC,MAAM,CAAC,CAAC,CAAC;oBAC5C,OAAO;wBACL,kBAAkB;wBAClB,KAAK,EAAE,cAAc,CAAC,WAAW;qBAClC,CAAC;iBACH;qBAAM;oBACL,MAAM,IAAI,KAAK,CAAC,+CAA+C,CAAC,CAAC;iBAClE;aACF;YAAC,OAAO,KAAK,EAAE;gBACd,MAAM,IAAI,KAAK,CAAC,gCAAgC,IAAI,CAAC,SAAS,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;aAC3E;SACF;KAAA;CACF;;AC3KD;AACA,AAYA,MAAMA,QAAM,GAAG,gBAAgB,CAAC,6BAA6B,CAAC,CAAC;AAE/D;;;;;;;AAOA,MAAa,2BAA2B;;;;;IAuEtC,YACE,QAA2B,EAC3B,QAAgB,EAChB,+BAAuC,EACvC,8BAAsC,EACtC,oBAAiE,EACjE,OAAgC;QAtE1B,sBAAiB,GAAyB,IAAI,CAAC;QAwErD,aAAa,CAACA,QAAM,EAAE,QAAQ,CAAC,CAAC;QAEhC,IAAI,CAAC,QAAQ,GAAG,QAAQ,CAAC;QACzB,IAAI,CAAC,QAAQ,GAAG,QAAQ,CAAC;QAEzB,IAAI,OAAO,oBAAoB,KAAK,QAAQ,EAAE;;YAE5C,IAAI,CAAC,YAAY,GAAG,+BAA+B,CAAC;YACpD,IAAI,CAAC,iBAAiB,GAAG,8BAA8B,CAAC;YACxD,IAAI,CAAC,WAAW,GAAG,oBAAoB,CAAC;;SAEzC;aAAM;;YAEL,IAAI,CAAC,YAAY,GAAG,SAAS,CAAC;YAC9B,IAAI,CAAC,iBAAiB,GAAG,+BAA+B,CAAC;YACzD,IAAI,CAAC,WAAW,GAAG,8BAAwC,CAAC;YAC5D,OAAO,GAAG,oBAA8C,CAAC;SAC1D;QAED,IAAI,CAAC,cAAc,GAAG,IAAI,cAAc,CAAC,OAAO,CAAC,CAAC;KACnD;;;;;;;;;;;IAYY,QAAQ,CACnB,MAAyB,EACzB,OAAyB;;YAEzB,MAAM,EAAE,IAAI,EAAE,cAAc,EAAE,UAAU,EAAE,GAAG,UAAU,CACrD,sCAAsC,EACtC,OAAO,CACR,CAAC;YACF,IAAI;gBACF,IAAI,aAAa,GAAyB,IAAI,CAAC;gBAC/C,IAAI,WAAW,GAAG,OAAO,MAAM,KAAK,QAAQ,GAAG,MAAM,GAAG,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;gBACzE,IAAI,WAAW,CAAC,OAAO,CAAC,gBAAgB,CAAC,GAAG,CAAC,EAAE;oBAC7C,WAAW,IAAI,iBAAiB,CAAC;iBAClC;;gBAGD,IAAI,IAAI,CAAC,iBAAiB,IAAI,IAAI,CAAC,iBAAiB,CAAC,YAAY,EAAE;oBACjE,aAAa,GAAG,MAAM,IAAI,CAAC,cAAc,CAAC,kBAAkB,CAC1D,IAAI,CAAC,QAAQ,EACb,IAAI,CAAC,QAAQ,EACb,WAAW,EACX,IAAI,CAAC,iBAAiB,CAAC,YAAY,EACnC,IAAI,CAAC,YAAY,EACjB,SAAS,EACT,UAAU,CACX,CAAC;iBACH;gBAED,IAAI,aAAa,KAAK,IAAI,EAAE;oBAC1B,MAAM,SAAS,GAAG,8BAA8B,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;oBAChE,MAAM,WAAW,GAAGI,sCAAqB,CAAC;wBACxC,GAAG,EAAE,GAAG,IAAI,CAAC,cAAc,CAAC,aAAa,IAAI,IAAI,CAAC,QAAQ,IAAI,SAAS,EAAE;wBACzE,MAAM,EAAE,MAAM;wBACd,IAAI,EAAE,EAAE,CAAC,SAAS,CAAC;4BACjB,SAAS,EAAE,IAAI,CAAC,QAAQ;4BACxB,UAAU,EAAE,oBAAoB;4BAChC,KAAK,EAAE,WAAW;4BAClB,IAAI,EAAE,IAAI,CAAC,iBAAiB;4BAC5B,YAAY,EAAE,IAAI,CAAC,WAAW;4BAC9B,aAAa,EAAE,IAAI,CAAC,YAAY;yBACjC,CAAC;wBACF,OAAO,EAAEC,kCAAiB,CAAC;4BACzB,MAAM,EAAE,kBAAkB;4BAC1B,cAAc,EAAE,mCAAmC;yBACpD,CAAC;wBACF,WAAW,EAAE,OAAO,IAAI,OAAO,CAAC,WAAW;wBAC3C,cAAc,EAAE;4BACd,WAAW,EAAE,UAAU,CAAC,cAAc,IAAI,UAAU,CAAC,cAAc,CAAC,WAAW;4BAC/E,cAAc,EAAE,UAAU,CAAC,cAAc,IAAI,UAAU,CAAC,cAAc,CAAC,cAAc;yBACtF;qBACF,CAAC,CAAC;oBAEH,aAAa,GAAG,MAAM,IAAI,CAAC,cAAc,CAAC,gBAAgB,CAAC,WAAW,CAAC,CAAC;iBACzE;gBAED,IAAI,CAAC,iBAAiB,GAAG,aAAa,CAAC;gBACvCL,QAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,aAAa,CAAC,MAAM,CAAC,CAAC,CAAC;gBAC5C,OAAO,CAAC,aAAa,IAAI,aAAa,CAAC,WAAW,KAAK,IAAI,CAAC;aAC7D;YAAC,OAAO,GAAG,EAAE;gBACZ,IAAI,CAAC,SAAS,CAAC;oBACb,IAAI,EAAEC,0BAAc,CAAC,KAAK;oBAC1B,OAAO,EAAE,GAAG,CAAC,OAAO;iBACrB,CAAC,CAAC;gBACHD,QAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,WAAW,CAAC,MAAM,EAAE,GAAG,CAAC,CAAC,CAAC;gBAC/C,MAAM,GAAG,CAAC;aACX;oBAAS;gBACR,IAAI,CAAC,GAAG,EAAE,CAAC;aACZ;SACF;KAAA;CACF;;AC1MD;AACA,AAkDA;;;AAGA,SAAgB,yBAAyB;IACvC,OAAO,IAAI,sBAAsB,EAAE,CAAC;AACtC,CAAC;;;;;;;;;;;;;;;;;;;;;;"}