@brightchain/brightchain-lib 0.29.10 → 0.29.19
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/package.json +1 -1
- package/src/browser.d.ts +21 -0
- package/src/browser.d.ts.map +1 -1
- package/src/browser.js +24 -1
- package/src/browser.js.map +1 -1
- package/src/lib/errors/index.d.ts +12 -0
- package/src/lib/errors/index.d.ts.map +1 -1
- package/src/lib/errors/index.js +15 -0
- package/src/lib/errors/index.js.map +1 -1
- package/src/lib/errors/ledgerError.d.ts +28 -0
- package/src/lib/errors/ledgerError.d.ts.map +1 -0
- package/src/lib/errors/ledgerError.js +37 -0
- package/src/lib/errors/ledgerError.js.map +1 -0
- package/src/lib/errors/ledgerSerializationError.d.ts +24 -0
- package/src/lib/errors/ledgerSerializationError.d.ts.map +1 -0
- package/src/lib/errors/ledgerSerializationError.js +33 -0
- package/src/lib/errors/ledgerSerializationError.js.map +1 -0
- package/src/lib/i18n/strings/mandarin.d.ts.map +1 -1
- package/src/lib/i18n/strings/mandarin.js.map +1 -1
- package/src/lib/interfaces/index.d.ts +2 -1
- package/src/lib/interfaces/index.d.ts.map +1 -1
- package/src/lib/interfaces/index.js.map +1 -1
- package/src/lib/interfaces/ledger/authorizedSigner.d.ts +17 -0
- package/src/lib/interfaces/ledger/authorizedSigner.d.ts.map +1 -0
- package/src/lib/interfaces/ledger/authorizedSigner.js +11 -0
- package/src/lib/interfaces/ledger/authorizedSigner.js.map +1 -0
- package/src/lib/interfaces/ledger/governanceAction.d.ts +46 -0
- package/src/lib/interfaces/ledger/governanceAction.d.ts.map +1 -0
- package/src/lib/interfaces/ledger/governanceAction.js +22 -0
- package/src/lib/interfaces/ledger/governanceAction.js.map +1 -0
- package/src/lib/interfaces/ledger/governancePayload.d.ts +19 -0
- package/src/lib/interfaces/ledger/governancePayload.d.ts.map +1 -0
- package/src/lib/interfaces/ledger/governancePayload.js +11 -0
- package/src/lib/interfaces/ledger/governancePayload.js.map +1 -0
- package/src/lib/interfaces/ledger/index.d.ts +14 -0
- package/src/lib/interfaces/ledger/index.d.ts.map +1 -0
- package/src/lib/interfaces/ledger/index.js +13 -0
- package/src/lib/interfaces/ledger/index.js.map +1 -0
- package/src/lib/interfaces/ledger/ledgerEntry.d.ts +39 -0
- package/src/lib/interfaces/ledger/ledgerEntry.d.ts.map +1 -0
- package/src/lib/interfaces/ledger/ledgerEntry.js +13 -0
- package/src/lib/interfaces/ledger/ledgerEntry.js.map +1 -0
- package/src/lib/interfaces/ledger/ledgerMetadata.d.ts +20 -0
- package/src/lib/interfaces/ledger/ledgerMetadata.d.ts.map +1 -0
- package/src/lib/interfaces/ledger/ledgerMetadata.js +12 -0
- package/src/lib/interfaces/ledger/ledgerMetadata.js.map +1 -0
- package/src/lib/interfaces/ledger/ledgerSignatureVerifier.d.ts +17 -0
- package/src/lib/interfaces/ledger/ledgerSignatureVerifier.d.ts.map +1 -0
- package/src/lib/interfaces/ledger/ledgerSignatureVerifier.js +11 -0
- package/src/lib/interfaces/ledger/ledgerSignatureVerifier.js.map +1 -0
- package/src/lib/interfaces/ledger/ledgerSigner.d.ts +23 -0
- package/src/lib/interfaces/ledger/ledgerSigner.d.ts.map +1 -0
- package/src/lib/interfaces/ledger/ledgerSigner.js +12 -0
- package/src/lib/interfaces/ledger/ledgerSigner.js.map +1 -0
- package/src/lib/interfaces/ledger/quorumPolicy.d.ts +19 -0
- package/src/lib/interfaces/ledger/quorumPolicy.d.ts.map +1 -0
- package/src/lib/interfaces/ledger/quorumPolicy.js +18 -0
- package/src/lib/interfaces/ledger/quorumPolicy.js.map +1 -0
- package/src/lib/interfaces/ledger/signerRole.d.ts +14 -0
- package/src/lib/interfaces/ledger/signerRole.d.ts.map +1 -0
- package/src/lib/interfaces/ledger/signerRole.js +18 -0
- package/src/lib/interfaces/ledger/signerRole.js.map +1 -0
- package/src/lib/interfaces/ledger/signerStatus.d.ts +15 -0
- package/src/lib/interfaces/ledger/signerStatus.d.ts.map +1 -0
- package/src/lib/interfaces/ledger/signerStatus.js +19 -0
- package/src/lib/interfaces/ledger/signerStatus.js.map +1 -0
- package/src/lib/interfaces/ledger/validationResult.d.ts +30 -0
- package/src/lib/interfaces/ledger/validationResult.d.ts.map +1 -0
- package/src/lib/interfaces/ledger/validationResult.js +12 -0
- package/src/lib/interfaces/ledger/validationResult.js.map +1 -0
- package/src/lib/interfaces/messaging/emailGateway.d.ts.map +1 -1
- package/src/lib/interfaces/network/banConfig.d.ts.map +1 -1
- package/src/lib/interfaces/network/banConfig.js.map +1 -1
- package/src/lib/interfaces/network/index.d.ts +1 -1
- package/src/lib/interfaces/network/index.d.ts.map +1 -1
- package/src/lib/interfaces/network/index.js.map +1 -1
- package/src/lib/interfaces/services/quorumDatabase.d.ts +1 -1
- package/src/lib/interfaces/services/quorumDatabase.d.ts.map +1 -1
- package/src/lib/ledger/authorizedSignerSet.d.ts +47 -0
- package/src/lib/ledger/authorizedSignerSet.d.ts.map +1 -0
- package/src/lib/ledger/authorizedSignerSet.js +287 -0
- package/src/lib/ledger/authorizedSignerSet.js.map +1 -0
- package/src/lib/ledger/eciesSignatureVerifier.d.ts +17 -0
- package/src/lib/ledger/eciesSignatureVerifier.d.ts.map +1 -0
- package/src/lib/ledger/eciesSignatureVerifier.js +23 -0
- package/src/lib/ledger/eciesSignatureVerifier.js.map +1 -0
- package/src/lib/ledger/governancePayloadSerializer.d.ts +70 -0
- package/src/lib/ledger/governancePayloadSerializer.d.ts.map +1 -0
- package/src/lib/ledger/governancePayloadSerializer.js +499 -0
- package/src/lib/ledger/governancePayloadSerializer.js.map +1 -0
- package/src/lib/ledger/ledger.d.ts +159 -0
- package/src/lib/ledger/ledger.d.ts.map +1 -0
- package/src/lib/ledger/ledger.js +555 -0
- package/src/lib/ledger/ledger.js.map +1 -0
- package/src/lib/ledger/ledgerChainValidator.d.ts +80 -0
- package/src/lib/ledger/ledgerChainValidator.d.ts.map +1 -0
- package/src/lib/ledger/ledgerChainValidator.js +338 -0
- package/src/lib/ledger/ledgerChainValidator.js.map +1 -0
- package/src/lib/ledger/ledgerEntrySerializer.d.ts +66 -0
- package/src/lib/ledger/ledgerEntrySerializer.d.ts.map +1 -0
- package/src/lib/ledger/ledgerEntrySerializer.js +235 -0
- package/src/lib/ledger/ledgerEntrySerializer.js.map +1 -0
- package/src/lib/ledger/memberSignerAdapter.d.ts +19 -0
- package/src/lib/ledger/memberSignerAdapter.d.ts.map +1 -0
- package/src/lib/ledger/memberSignerAdapter.js +25 -0
- package/src/lib/ledger/memberSignerAdapter.js.map +1 -0
- package/src/lib/services/banListCache.d.ts.map +1 -1
- package/src/lib/services/banListCache.js.map +1 -1
- package/src/lib/services/banProposalValidator.d.ts.map +1 -1
- package/src/lib/services/banProposalValidator.js.map +1 -1
- package/src/lib/services/memberStore.d.ts.map +1 -1
- package/src/lib/services/memberStore.js +1 -1
- package/src/lib/services/memberStore.js.map +1 -1
- package/src/lib/services/messaging/emailMessageService.d.ts.map +1 -1
- package/src/lib/services/messaging/emailMessageService.js +1 -4
- package/src/lib/services/messaging/emailMessageService.js.map +1 -1
- package/src/lib/services/quorumStateMachine.d.ts +2 -2
- package/src/lib/services/quorumStateMachine.d.ts.map +1 -1
- package/src/lib/services/quorumStateMachine.js +3 -3
- package/src/lib/services/quorumStateMachine.js.map +1 -1
- package/src/lib/services/vcblService.d.ts.map +1 -1
- package/src/lib/services/vcblService.js.map +1 -1
- package/src/lib/stores/pooledMemoryBlockStore.d.ts +1 -1
- package/src/lib/stores/pooledMemoryBlockStore.d.ts.map +1 -1
- package/src/lib/stores/pooledMemoryBlockStore.js +1 -1
- package/src/lib/stores/pooledMemoryBlockStore.js.map +1 -1
|
@@ -0,0 +1,555 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
/**
|
|
3
|
+
* @fileoverview Ledger — append-only blockchain ledger persisted as
|
|
4
|
+
* RawDataBlock instances within any IBlockStore implementation.
|
|
5
|
+
*
|
|
6
|
+
* Each entry is serialized, padded to BlockSize, and stored as a RawDataBlock.
|
|
7
|
+
* A metadata block tracks the chain head, length, ledger ID, and the full
|
|
8
|
+
* sequenceNumber → blockChecksum index for cold-start reconstruction.
|
|
9
|
+
*
|
|
10
|
+
* The metadata block is stored at a deterministic Checksum derived from the
|
|
11
|
+
* ledgerId so that `Ledger.load()` can locate it without external state.
|
|
12
|
+
* Because the metadata content changes on each append while the storage key
|
|
13
|
+
* stays fixed, the metadata block uses a validation-exempt RawDataBlock
|
|
14
|
+
* subclass that allows a caller-specified checksum to differ from the
|
|
15
|
+
* content hash.
|
|
16
|
+
*
|
|
17
|
+
* Governance support: the Ledger enforces role-based access control via an
|
|
18
|
+
* AuthorizedSignerSet. The genesis entry must be a governance genesis payload
|
|
19
|
+
* containing the initial signer set and quorum policy. Subsequent governance
|
|
20
|
+
* entries require admin role and quorum satisfaction.
|
|
21
|
+
*
|
|
22
|
+
* @see Design: Block Chain Ledger — Ledger
|
|
23
|
+
* @see Requirements 5.1–5.6, 6.1–6.6, 7.1–7.5, 10.1–10.4, 11.2–11.4,
|
|
24
|
+
* 12.2–12.8, 13.1–13.9, 14.1–14.7, 15.1–15.5, 17.6–17.9, 18.5–18.7
|
|
25
|
+
*/
|
|
26
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
27
|
+
exports.Ledger = void 0;
|
|
28
|
+
const rawData_1 = require("../blocks/rawData");
|
|
29
|
+
const blockDataType_1 = require("../enumerations/blockDataType");
|
|
30
|
+
const blockType_1 = require("../enumerations/blockType");
|
|
31
|
+
const ledgerError_1 = require("../errors/ledgerError");
|
|
32
|
+
const checksum_service_1 = require("../services/checksum.service");
|
|
33
|
+
const checksum_1 = require("../types/checksum");
|
|
34
|
+
const xorUtils_1 = require("../utils/xorUtils");
|
|
35
|
+
const authorizedSignerSet_1 = require("./authorizedSignerSet");
|
|
36
|
+
const governancePayloadSerializer_1 = require("./governancePayloadSerializer");
|
|
37
|
+
/** Magic bytes identifying a ledger metadata block: "LMET" in ASCII. */
|
|
38
|
+
const METADATA_MAGIC = 0x4c4d4554;
|
|
39
|
+
/** Current metadata format version. */
|
|
40
|
+
const METADATA_VERSION = 0x0001;
|
|
41
|
+
/** SHA3-512 hash length in bytes. */
|
|
42
|
+
const HASH_LENGTH = 64;
|
|
43
|
+
/**
|
|
44
|
+
* A RawDataBlock subclass that skips checksum validation.
|
|
45
|
+
*
|
|
46
|
+
* Used exclusively for the ledger metadata block, which is stored at a
|
|
47
|
+
* deterministic checksum (derived from the ledgerId) that intentionally
|
|
48
|
+
* differs from the SHA3-512 of its content. The MemoryBlockStore calls
|
|
49
|
+
* `block.validate()` during `setData()`; this subclass makes that a no-op
|
|
50
|
+
* so the block can be stored under the deterministic key.
|
|
51
|
+
*
|
|
52
|
+
* @internal
|
|
53
|
+
*/
|
|
54
|
+
class LedgerMetadataBlock extends rawData_1.RawDataBlock {
|
|
55
|
+
constructor(blockSize, data, checksum) {
|
|
56
|
+
super(blockSize, data, undefined, checksum, blockType_1.BlockType.RawData, blockDataType_1.BlockDataType.RawData, true, true);
|
|
57
|
+
}
|
|
58
|
+
validateSync() {
|
|
59
|
+
// No-op: metadata block uses a deterministic key, not a content hash.
|
|
60
|
+
}
|
|
61
|
+
async validateAsync() {
|
|
62
|
+
// No-op
|
|
63
|
+
}
|
|
64
|
+
validate() {
|
|
65
|
+
// No-op
|
|
66
|
+
}
|
|
67
|
+
}
|
|
68
|
+
/**
|
|
69
|
+
* Append-only blockchain ledger backed by an IBlockStore.
|
|
70
|
+
*
|
|
71
|
+
* Maintains an in-memory index (sequenceNumber → block Checksum) for O(1)
|
|
72
|
+
* lookups and persists a metadata block after each append for cold-start
|
|
73
|
+
* reconstruction via `Ledger.load()`.
|
|
74
|
+
*
|
|
75
|
+
* Enforces role-based access control via an AuthorizedSignerSet when
|
|
76
|
+
* governance is enabled (i.e., when a GovernancePayloadSerializer is provided).
|
|
77
|
+
*/
|
|
78
|
+
class Ledger {
|
|
79
|
+
store;
|
|
80
|
+
blockSize;
|
|
81
|
+
serializer;
|
|
82
|
+
ledgerId;
|
|
83
|
+
governanceSerializer;
|
|
84
|
+
index = new Map();
|
|
85
|
+
checksumService = new checksum_service_1.ChecksumService();
|
|
86
|
+
_length = 0;
|
|
87
|
+
_head = null;
|
|
88
|
+
_headEntryHash = null;
|
|
89
|
+
_authorizedSignerSet = null;
|
|
90
|
+
constructor(store, blockSize, serializer, ledgerId, governanceSerializer) {
|
|
91
|
+
this.store = store;
|
|
92
|
+
this.blockSize = blockSize;
|
|
93
|
+
this.serializer = serializer;
|
|
94
|
+
this.ledgerId = ledgerId;
|
|
95
|
+
this.governanceSerializer = governanceSerializer;
|
|
96
|
+
}
|
|
97
|
+
// ── Public getters ────────────────────────────────────────────────
|
|
98
|
+
/** Current chain length. */
|
|
99
|
+
get length() {
|
|
100
|
+
return this._length;
|
|
101
|
+
}
|
|
102
|
+
/** Head block Checksum (block storage key), or null if empty. */
|
|
103
|
+
get head() {
|
|
104
|
+
return this._head;
|
|
105
|
+
}
|
|
106
|
+
/** Current quorum policy, or undefined if governance not initialized. */
|
|
107
|
+
get quorumPolicy() {
|
|
108
|
+
return this._authorizedSignerSet?.quorumPolicy;
|
|
109
|
+
}
|
|
110
|
+
// ── Append ────────────────────────────────────────────────────────
|
|
111
|
+
/**
|
|
112
|
+
* Append a new entry to the ledger.
|
|
113
|
+
* Returns the Checksum of the stored block.
|
|
114
|
+
*
|
|
115
|
+
* If governance is enabled:
|
|
116
|
+
* - Genesis entry (sequenceNumber 0) must be a governance genesis payload.
|
|
117
|
+
* - Subsequent entries require the signer to be authorized (active admin or writer).
|
|
118
|
+
*/
|
|
119
|
+
async append(payload, signer) {
|
|
120
|
+
const sequenceNumber = this._length;
|
|
121
|
+
// Governance: handle genesis entry
|
|
122
|
+
if (sequenceNumber === 0 && this.governanceSerializer) {
|
|
123
|
+
return this.appendGenesisEntry(payload, signer);
|
|
124
|
+
}
|
|
125
|
+
// Governance: check authorization for non-genesis entries
|
|
126
|
+
if (this._authorizedSignerSet) {
|
|
127
|
+
if (!this._authorizedSignerSet.canAppend(signer.publicKey)) {
|
|
128
|
+
throw new ledgerError_1.LedgerError(ledgerError_1.LedgerErrorType.UnauthorizedSigner, 'Signer is not authorized to append entries');
|
|
129
|
+
}
|
|
130
|
+
}
|
|
131
|
+
return this.appendInternal(payload, signer);
|
|
132
|
+
}
|
|
133
|
+
/**
|
|
134
|
+
* Append a governance entry. Requires admin role and quorum satisfaction.
|
|
135
|
+
*
|
|
136
|
+
* @param actions - Governance actions to apply
|
|
137
|
+
* @param primarySigner - The primary signer (must be active admin)
|
|
138
|
+
* @param cosigners - Additional signers for quorum (each provides their own signature over the actions)
|
|
139
|
+
*/
|
|
140
|
+
async appendGovernance(actions, primarySigner, cosigners) {
|
|
141
|
+
if (!this.governanceSerializer) {
|
|
142
|
+
throw new ledgerError_1.LedgerError(ledgerError_1.LedgerErrorType.UnauthorizedGovernance, 'Governance is not enabled on this ledger');
|
|
143
|
+
}
|
|
144
|
+
if (!this._authorizedSignerSet) {
|
|
145
|
+
throw new ledgerError_1.LedgerError(ledgerError_1.LedgerErrorType.UnauthorizedGovernance, 'Authorized signer set not initialized (no genesis entry)');
|
|
146
|
+
}
|
|
147
|
+
// Verify primary signer is active admin
|
|
148
|
+
if (!this._authorizedSignerSet.isActiveAdmin(primarySigner.publicKey)) {
|
|
149
|
+
throw new ledgerError_1.LedgerError(ledgerError_1.LedgerErrorType.UnauthorizedGovernance, 'Primary signer is not an active admin');
|
|
150
|
+
}
|
|
151
|
+
// Validate actions speculatively (clone to check safety constraints)
|
|
152
|
+
const speculative = this._authorizedSignerSet.clone();
|
|
153
|
+
for (const action of actions) {
|
|
154
|
+
speculative.applyAction(action); // throws on safety violation
|
|
155
|
+
}
|
|
156
|
+
// Serialize actions for signing
|
|
157
|
+
const actionsForSigning = this.governanceSerializer.serializeActionsForSigning(actions);
|
|
158
|
+
// Collect cosignatures
|
|
159
|
+
const cosignatures = [];
|
|
160
|
+
// Primary signer signs the actions
|
|
161
|
+
const primarySignature = primarySigner.sign(actionsForSigning);
|
|
162
|
+
cosignatures.push({
|
|
163
|
+
signerPublicKey: primarySigner.publicKey,
|
|
164
|
+
signature: primarySignature,
|
|
165
|
+
});
|
|
166
|
+
// Add additional cosigner signatures
|
|
167
|
+
if (cosigners) {
|
|
168
|
+
for (const cosigner of cosigners) {
|
|
169
|
+
if (!this._authorizedSignerSet.isActiveAdmin(cosigner.signer.publicKey)) {
|
|
170
|
+
throw new ledgerError_1.LedgerError(ledgerError_1.LedgerErrorType.UnauthorizedGovernance, 'Cosigner is not an active admin');
|
|
171
|
+
}
|
|
172
|
+
cosignatures.push({
|
|
173
|
+
signerPublicKey: cosigner.signer.publicKey,
|
|
174
|
+
signature: cosigner.signature,
|
|
175
|
+
});
|
|
176
|
+
}
|
|
177
|
+
}
|
|
178
|
+
// Verify quorum
|
|
179
|
+
const signerKeys = cosignatures.map((c) => c.signerPublicKey);
|
|
180
|
+
if (!this._authorizedSignerSet.verifyQuorum(signerKeys)) {
|
|
181
|
+
throw new ledgerError_1.LedgerError(ledgerError_1.LedgerErrorType.QuorumNotMet, `Quorum not met: have ${signerKeys.length} signatures, need ${this._authorizedSignerSet.requiredSignatures}`);
|
|
182
|
+
}
|
|
183
|
+
// Build governance payload
|
|
184
|
+
const governancePayload = this.governanceSerializer.serialize({
|
|
185
|
+
actions,
|
|
186
|
+
cosignatures,
|
|
187
|
+
});
|
|
188
|
+
// Append as regular entry
|
|
189
|
+
const checksum = await this.appendInternal(governancePayload, primarySigner);
|
|
190
|
+
// Apply governance actions to the live signer set (after successful persistence)
|
|
191
|
+
for (const action of actions) {
|
|
192
|
+
this._authorizedSignerSet.applyAction(action);
|
|
193
|
+
}
|
|
194
|
+
return checksum;
|
|
195
|
+
}
|
|
196
|
+
// ── Signer info ───────────────────────────────────────────────────
|
|
197
|
+
/** Get info about a specific signer. */
|
|
198
|
+
getSignerInfo(publicKey) {
|
|
199
|
+
return this._authorizedSignerSet?.getSigner(publicKey);
|
|
200
|
+
}
|
|
201
|
+
/** Get the full current authorized signer set. */
|
|
202
|
+
getAuthorizedSigners() {
|
|
203
|
+
return this._authorizedSignerSet?.getAllSigners() ?? [];
|
|
204
|
+
}
|
|
205
|
+
// ── Read operations ───────────────────────────────────────────────
|
|
206
|
+
/**
|
|
207
|
+
* Get entry by sequence number.
|
|
208
|
+
* @throws LedgerError if not found
|
|
209
|
+
*/
|
|
210
|
+
async getEntry(sequenceNumber) {
|
|
211
|
+
const blockChecksum = this.index.get(sequenceNumber);
|
|
212
|
+
if (blockChecksum === undefined) {
|
|
213
|
+
throw new ledgerError_1.LedgerError(ledgerError_1.LedgerErrorType.EntryNotFound, `Entry with sequenceNumber ${sequenceNumber} not found`);
|
|
214
|
+
}
|
|
215
|
+
const block = await this.store.getData(blockChecksum);
|
|
216
|
+
const unpadded = (0, xorUtils_1.unpadCblData)(block.data);
|
|
217
|
+
return this.serializer.deserialize(unpadded);
|
|
218
|
+
}
|
|
219
|
+
/**
|
|
220
|
+
* Get entries in range [start, end] inclusive.
|
|
221
|
+
* @throws LedgerError for invalid range
|
|
222
|
+
*/
|
|
223
|
+
async getEntries(start, end) {
|
|
224
|
+
if (start > end) {
|
|
225
|
+
throw new ledgerError_1.LedgerError(ledgerError_1.LedgerErrorType.InvalidRange, `Invalid range: start (${start}) > end (${end})`);
|
|
226
|
+
}
|
|
227
|
+
if (start < 0 || end >= this._length) {
|
|
228
|
+
throw new ledgerError_1.LedgerError(ledgerError_1.LedgerErrorType.InvalidRange, `Range [${start}, ${end}] out of bounds for ledger of length ${this._length}`);
|
|
229
|
+
}
|
|
230
|
+
const entries = [];
|
|
231
|
+
for (let i = start; i <= end; i++) {
|
|
232
|
+
entries.push(await this.getEntry(i));
|
|
233
|
+
}
|
|
234
|
+
return entries;
|
|
235
|
+
}
|
|
236
|
+
/**
|
|
237
|
+
* Get the most recent entry, or null if empty.
|
|
238
|
+
*/
|
|
239
|
+
async getLatestEntry() {
|
|
240
|
+
if (this._length === 0) {
|
|
241
|
+
return null;
|
|
242
|
+
}
|
|
243
|
+
return this.getEntry(this._length - 1);
|
|
244
|
+
}
|
|
245
|
+
// ── Private: genesis entry handling ───────────────────────────────
|
|
246
|
+
/**
|
|
247
|
+
* Handle the genesis entry for a governance-enabled ledger.
|
|
248
|
+
* The payload must be a governance genesis payload containing the
|
|
249
|
+
* initial signer set and quorum policy.
|
|
250
|
+
*/
|
|
251
|
+
async appendGenesisEntry(payload, signer) {
|
|
252
|
+
if (!this.governanceSerializer) {
|
|
253
|
+
throw new ledgerError_1.LedgerError(ledgerError_1.LedgerErrorType.UnauthorizedGovernance, 'Governance serializer not available');
|
|
254
|
+
}
|
|
255
|
+
// Verify payload is a governance genesis payload
|
|
256
|
+
if (!governancePayloadSerializer_1.GovernancePayloadSerializer.isGovernancePayload(payload)) {
|
|
257
|
+
throw new ledgerError_1.LedgerError(ledgerError_1.LedgerErrorType.UnauthorizedGovernance, 'Genesis entry must be a governance genesis payload (0x01 prefix)');
|
|
258
|
+
}
|
|
259
|
+
// Deserialize to extract genesis data
|
|
260
|
+
const parsed = this.governanceSerializer.deserialize(payload);
|
|
261
|
+
if (!parsed.genesis) {
|
|
262
|
+
throw new ledgerError_1.LedgerError(ledgerError_1.LedgerErrorType.UnauthorizedGovernance, 'Genesis entry must use genesis subtype (0x00)');
|
|
263
|
+
}
|
|
264
|
+
// Initialize the authorized signer set
|
|
265
|
+
this._authorizedSignerSet = new authorizedSignerSet_1.AuthorizedSignerSet(parsed.genesis.signers, parsed.genesis.quorumPolicy);
|
|
266
|
+
// Verify the signer is in the initial set and authorized
|
|
267
|
+
if (!this._authorizedSignerSet.canAppend(signer.publicKey)) {
|
|
268
|
+
// Roll back
|
|
269
|
+
this._authorizedSignerSet = null;
|
|
270
|
+
throw new ledgerError_1.LedgerError(ledgerError_1.LedgerErrorType.UnauthorizedSigner, 'Genesis signer is not authorized in the initial signer set');
|
|
271
|
+
}
|
|
272
|
+
// Append the genesis entry
|
|
273
|
+
return this.appendInternal(payload, signer);
|
|
274
|
+
}
|
|
275
|
+
// ── Private: core append logic ────────────────────────────────────
|
|
276
|
+
/**
|
|
277
|
+
* Internal append logic shared by regular and governance appends.
|
|
278
|
+
* Does NOT check authorization — callers must do that first.
|
|
279
|
+
*/
|
|
280
|
+
async appendInternal(payload, signer) {
|
|
281
|
+
const sequenceNumber = this._length;
|
|
282
|
+
const previousEntryHash = this._headEntryHash;
|
|
283
|
+
const timestamp = new Date();
|
|
284
|
+
// 1. Compute entryHash
|
|
285
|
+
const partial = {
|
|
286
|
+
sequenceNumber,
|
|
287
|
+
timestamp,
|
|
288
|
+
previousEntryHash,
|
|
289
|
+
signerPublicKey: signer.publicKey,
|
|
290
|
+
payload,
|
|
291
|
+
};
|
|
292
|
+
const entryHash = this.serializer.computeEntryHash(partial);
|
|
293
|
+
// 2. Sign the entryHash
|
|
294
|
+
const signature = signer.sign(entryHash.toUint8Array());
|
|
295
|
+
// 3. Build full entry
|
|
296
|
+
const entry = { ...partial, entryHash, signature };
|
|
297
|
+
// 4. Serialize and pad
|
|
298
|
+
const serialized = this.serializer.serialize(entry);
|
|
299
|
+
const padded = (0, xorUtils_1.padToBlockSize)(serialized, this.blockSize);
|
|
300
|
+
// 5. Create RawDataBlock and store
|
|
301
|
+
const block = new rawData_1.RawDataBlock(this.blockSize, padded, undefined, undefined, undefined, undefined, true, true, this.checksumService);
|
|
302
|
+
const blockChecksum = block.idChecksum;
|
|
303
|
+
// Req 5.5: On BlockStore failure, do not update chain head or index.
|
|
304
|
+
await this.store.setData(block);
|
|
305
|
+
// 6. Update in-memory state (only after successful store)
|
|
306
|
+
this.index.set(sequenceNumber, blockChecksum);
|
|
307
|
+
this._length = sequenceNumber + 1;
|
|
308
|
+
this._head = blockChecksum;
|
|
309
|
+
this._headEntryHash = entryHash;
|
|
310
|
+
// 7. Persist metadata block
|
|
311
|
+
try {
|
|
312
|
+
await this.persistMetadata();
|
|
313
|
+
}
|
|
314
|
+
catch {
|
|
315
|
+
// Metadata persistence failure is non-fatal for the append itself;
|
|
316
|
+
// the entry is already stored.
|
|
317
|
+
}
|
|
318
|
+
return blockChecksum;
|
|
319
|
+
}
|
|
320
|
+
// ── Metadata persistence ──────────────────────────────────────────
|
|
321
|
+
/**
|
|
322
|
+
* Compute the deterministic storage key for this ledger's metadata block.
|
|
323
|
+
* The key is SHA3-512("ledger-meta:" + ledgerId).
|
|
324
|
+
*/
|
|
325
|
+
computeMetadataKey() {
|
|
326
|
+
return this.checksumService.calculateChecksumForString(`ledger-meta:${this.ledgerId}`);
|
|
327
|
+
}
|
|
328
|
+
/**
|
|
329
|
+
* Serialize the current metadata into binary.
|
|
330
|
+
*
|
|
331
|
+
* Format:
|
|
332
|
+
* magic 4 bytes 0x4C4D4554 ("LMET")
|
|
333
|
+
* version 2 bytes 0x0001
|
|
334
|
+
* ledgerIdLength 4 bytes uint32 BE
|
|
335
|
+
* ledgerId var UTF-8
|
|
336
|
+
* length 4 bytes uint32 BE
|
|
337
|
+
* hasHead 1 byte 0x00 or 0x01
|
|
338
|
+
* headChecksum 0|64 SHA3-512 bytes (block checksum of head)
|
|
339
|
+
* index entries var seqNum (uint32 BE) + blockChecksum (64 bytes)
|
|
340
|
+
*/
|
|
341
|
+
serializeMetadata() {
|
|
342
|
+
const encoder = new TextEncoder();
|
|
343
|
+
const ledgerIdBytes = encoder.encode(this.ledgerId);
|
|
344
|
+
const headBytes = this._head ? this._head.toUint8Array() : null;
|
|
345
|
+
const indexEntrySize = 4 + HASH_LENGTH;
|
|
346
|
+
const indexSize = this._length * indexEntrySize;
|
|
347
|
+
const size = 4 +
|
|
348
|
+
2 +
|
|
349
|
+
4 +
|
|
350
|
+
ledgerIdBytes.length +
|
|
351
|
+
4 +
|
|
352
|
+
1 +
|
|
353
|
+
(headBytes ? HASH_LENGTH : 0) +
|
|
354
|
+
indexSize;
|
|
355
|
+
const buf = new Uint8Array(size);
|
|
356
|
+
const view = new DataView(buf.buffer, buf.byteOffset, buf.byteLength);
|
|
357
|
+
let offset = 0;
|
|
358
|
+
view.setUint32(offset, METADATA_MAGIC, false);
|
|
359
|
+
offset += 4;
|
|
360
|
+
view.setUint16(offset, METADATA_VERSION, false);
|
|
361
|
+
offset += 2;
|
|
362
|
+
view.setUint32(offset, ledgerIdBytes.length, false);
|
|
363
|
+
offset += 4;
|
|
364
|
+
buf.set(ledgerIdBytes, offset);
|
|
365
|
+
offset += ledgerIdBytes.length;
|
|
366
|
+
view.setUint32(offset, this._length, false);
|
|
367
|
+
offset += 4;
|
|
368
|
+
if (headBytes) {
|
|
369
|
+
buf[offset] = 0x01;
|
|
370
|
+
offset += 1;
|
|
371
|
+
buf.set(headBytes, offset);
|
|
372
|
+
offset += HASH_LENGTH;
|
|
373
|
+
}
|
|
374
|
+
else {
|
|
375
|
+
buf[offset] = 0x00;
|
|
376
|
+
offset += 1;
|
|
377
|
+
}
|
|
378
|
+
for (let i = 0; i < this._length; i++) {
|
|
379
|
+
const checksum = this.index.get(i);
|
|
380
|
+
if (checksum) {
|
|
381
|
+
view.setUint32(offset, i, false);
|
|
382
|
+
offset += 4;
|
|
383
|
+
buf.set(checksum.toUint8Array(), offset);
|
|
384
|
+
offset += HASH_LENGTH;
|
|
385
|
+
}
|
|
386
|
+
}
|
|
387
|
+
return buf;
|
|
388
|
+
}
|
|
389
|
+
/**
|
|
390
|
+
* Persist the metadata block to the store under a deterministic key.
|
|
391
|
+
*/
|
|
392
|
+
async persistMetadata() {
|
|
393
|
+
const metadataBytes = this.serializeMetadata();
|
|
394
|
+
const padded = (0, xorUtils_1.padToBlockSize)(metadataBytes, this.blockSize);
|
|
395
|
+
const metadataKey = this.computeMetadataKey();
|
|
396
|
+
// Delete old metadata block first (same key, different content)
|
|
397
|
+
try {
|
|
398
|
+
await this.store.deleteData(metadataKey);
|
|
399
|
+
}
|
|
400
|
+
catch {
|
|
401
|
+
// May not exist yet — that's fine
|
|
402
|
+
}
|
|
403
|
+
const block = new LedgerMetadataBlock(this.blockSize, padded, metadataKey);
|
|
404
|
+
await this.store.setData(block);
|
|
405
|
+
}
|
|
406
|
+
// ── Static load ───────────────────────────────────────────────────
|
|
407
|
+
/**
|
|
408
|
+
* Load ledger state from the block store.
|
|
409
|
+
*
|
|
410
|
+
* 1. Compute metadata block key from ledgerId
|
|
411
|
+
* 2. Try to retrieve metadata block from store
|
|
412
|
+
* 3. If not found, return empty ledger
|
|
413
|
+
* 4. Parse metadata to get head checksum, length, and index
|
|
414
|
+
* 5. Restore headEntryHash by reading the head entry
|
|
415
|
+
* 6. Replay governance entries to reconstruct AuthorizedSignerSet
|
|
416
|
+
* 7. Return populated ledger
|
|
417
|
+
*/
|
|
418
|
+
static async load(store, blockSize, serializer, ledgerId, governanceSerializer) {
|
|
419
|
+
const ledger = new Ledger(store, blockSize, serializer, ledgerId, governanceSerializer);
|
|
420
|
+
const metadataKey = ledger.computeMetadataKey();
|
|
421
|
+
const hasMetadata = await store.has(metadataKey);
|
|
422
|
+
if (!hasMetadata) {
|
|
423
|
+
return ledger; // Empty ledger (Req 7.5)
|
|
424
|
+
}
|
|
425
|
+
let metadataBlock;
|
|
426
|
+
try {
|
|
427
|
+
metadataBlock = await store.getData(metadataKey);
|
|
428
|
+
}
|
|
429
|
+
catch {
|
|
430
|
+
return ledger; // Treat as empty if unreadable
|
|
431
|
+
}
|
|
432
|
+
const metadataBytes = (0, xorUtils_1.unpadCblData)(metadataBlock.data);
|
|
433
|
+
const parsed = Ledger.parseMetadata(metadataBytes);
|
|
434
|
+
if (parsed.length === 0 || parsed.headChecksum === null) {
|
|
435
|
+
return ledger;
|
|
436
|
+
}
|
|
437
|
+
// Populate ledger state
|
|
438
|
+
ledger._length = parsed.length;
|
|
439
|
+
ledger._head = parsed.headChecksum;
|
|
440
|
+
for (const [seqNum, blockChecksum] of parsed.index) {
|
|
441
|
+
ledger.index.set(seqNum, blockChecksum);
|
|
442
|
+
}
|
|
443
|
+
// Restore headEntryHash by reading the head entry
|
|
444
|
+
try {
|
|
445
|
+
const headBlock = await store.getData(parsed.headChecksum);
|
|
446
|
+
const unpadded = (0, xorUtils_1.unpadCblData)(headBlock.data);
|
|
447
|
+
const headEntry = serializer.deserialize(unpadded);
|
|
448
|
+
ledger._headEntryHash = headEntry.entryHash;
|
|
449
|
+
}
|
|
450
|
+
catch {
|
|
451
|
+
// Degraded state — reads still work via index
|
|
452
|
+
}
|
|
453
|
+
// Replay governance entries to reconstruct AuthorizedSignerSet
|
|
454
|
+
if (governanceSerializer) {
|
|
455
|
+
await ledger.replayGovernance();
|
|
456
|
+
}
|
|
457
|
+
return ledger;
|
|
458
|
+
}
|
|
459
|
+
/**
|
|
460
|
+
* Replay all entries from genesis to head to reconstruct the
|
|
461
|
+
* AuthorizedSignerSet from governance entries.
|
|
462
|
+
*/
|
|
463
|
+
async replayGovernance() {
|
|
464
|
+
if (!this.governanceSerializer || this._length === 0) {
|
|
465
|
+
return;
|
|
466
|
+
}
|
|
467
|
+
for (let i = 0; i < this._length; i++) {
|
|
468
|
+
const entry = await this.getEntry(i);
|
|
469
|
+
if (i === 0) {
|
|
470
|
+
// Genesis entry — must be governance genesis
|
|
471
|
+
if (governancePayloadSerializer_1.GovernancePayloadSerializer.isGovernancePayload(entry.payload)) {
|
|
472
|
+
const parsed = this.governanceSerializer.deserialize(entry.payload);
|
|
473
|
+
if (parsed.genesis) {
|
|
474
|
+
this._authorizedSignerSet = new authorizedSignerSet_1.AuthorizedSignerSet(parsed.genesis.signers, parsed.genesis.quorumPolicy);
|
|
475
|
+
}
|
|
476
|
+
}
|
|
477
|
+
}
|
|
478
|
+
else if (this._authorizedSignerSet &&
|
|
479
|
+
governancePayloadSerializer_1.GovernancePayloadSerializer.isGovernancePayload(entry.payload)) {
|
|
480
|
+
// Governance amendment entry — apply actions
|
|
481
|
+
const parsed = this.governanceSerializer.deserialize(entry.payload);
|
|
482
|
+
for (const action of parsed.actions) {
|
|
483
|
+
this._authorizedSignerSet.applyAction(action);
|
|
484
|
+
}
|
|
485
|
+
}
|
|
486
|
+
}
|
|
487
|
+
}
|
|
488
|
+
/**
|
|
489
|
+
* Parse a metadata block's binary content.
|
|
490
|
+
*/
|
|
491
|
+
static parseMetadata(data) {
|
|
492
|
+
if (data.length < 11) {
|
|
493
|
+
throw new ledgerError_1.LedgerError(ledgerError_1.LedgerErrorType.MetadataCorrupted, 'Metadata block too short');
|
|
494
|
+
}
|
|
495
|
+
const view = new DataView(data.buffer, data.byteOffset, data.byteLength);
|
|
496
|
+
let offset = 0;
|
|
497
|
+
// magic
|
|
498
|
+
const magic = view.getUint32(offset, false);
|
|
499
|
+
offset += 4;
|
|
500
|
+
if (magic !== METADATA_MAGIC) {
|
|
501
|
+
throw new ledgerError_1.LedgerError(ledgerError_1.LedgerErrorType.MetadataCorrupted, `Invalid metadata magic: expected 0x${METADATA_MAGIC.toString(16)}, got 0x${magic.toString(16)}`);
|
|
502
|
+
}
|
|
503
|
+
// version
|
|
504
|
+
const version = view.getUint16(offset, false);
|
|
505
|
+
offset += 2;
|
|
506
|
+
if (version !== METADATA_VERSION) {
|
|
507
|
+
throw new ledgerError_1.LedgerError(ledgerError_1.LedgerErrorType.MetadataCorrupted, `Unsupported metadata version: ${version}`);
|
|
508
|
+
}
|
|
509
|
+
// ledgerIdLength + ledgerId
|
|
510
|
+
if (offset + 4 > data.length) {
|
|
511
|
+
throw new ledgerError_1.LedgerError(ledgerError_1.LedgerErrorType.MetadataCorrupted, 'Metadata ledgerIdLength overflows');
|
|
512
|
+
}
|
|
513
|
+
const ledgerIdLength = view.getUint32(offset, false);
|
|
514
|
+
offset += 4;
|
|
515
|
+
if (offset + ledgerIdLength > data.length) {
|
|
516
|
+
throw new ledgerError_1.LedgerError(ledgerError_1.LedgerErrorType.MetadataCorrupted, 'Metadata ledgerId overflows');
|
|
517
|
+
}
|
|
518
|
+
const decoder = new TextDecoder();
|
|
519
|
+
const ledgerId = decoder.decode(data.slice(offset, offset + ledgerIdLength));
|
|
520
|
+
offset += ledgerIdLength;
|
|
521
|
+
// length
|
|
522
|
+
if (offset + 4 > data.length) {
|
|
523
|
+
throw new ledgerError_1.LedgerError(ledgerError_1.LedgerErrorType.MetadataCorrupted, 'Metadata length field overflows');
|
|
524
|
+
}
|
|
525
|
+
const length = view.getUint32(offset, false);
|
|
526
|
+
offset += 4;
|
|
527
|
+
// hasHead
|
|
528
|
+
if (offset + 1 > data.length) {
|
|
529
|
+
throw new ledgerError_1.LedgerError(ledgerError_1.LedgerErrorType.MetadataCorrupted, 'Metadata hasHead field overflows');
|
|
530
|
+
}
|
|
531
|
+
const hasHead = data[offset];
|
|
532
|
+
offset += 1;
|
|
533
|
+
let headChecksum = null;
|
|
534
|
+
if (hasHead === 0x01) {
|
|
535
|
+
if (offset + HASH_LENGTH > data.length) {
|
|
536
|
+
throw new ledgerError_1.LedgerError(ledgerError_1.LedgerErrorType.MetadataCorrupted, 'Metadata headChecksum overflows');
|
|
537
|
+
}
|
|
538
|
+
headChecksum = checksum_1.Checksum.fromUint8Array(data.slice(offset, offset + HASH_LENGTH));
|
|
539
|
+
offset += HASH_LENGTH;
|
|
540
|
+
}
|
|
541
|
+
// Parse index entries: each is seqNum (4) + checksum (64) = 68 bytes
|
|
542
|
+
const index = new Map();
|
|
543
|
+
const indexEntrySize = 4 + HASH_LENGTH;
|
|
544
|
+
while (offset + indexEntrySize <= data.length) {
|
|
545
|
+
const seqNum = view.getUint32(offset, false);
|
|
546
|
+
offset += 4;
|
|
547
|
+
const blockChecksum = checksum_1.Checksum.fromUint8Array(data.slice(offset, offset + HASH_LENGTH));
|
|
548
|
+
offset += HASH_LENGTH;
|
|
549
|
+
index.set(seqNum, blockChecksum);
|
|
550
|
+
}
|
|
551
|
+
return { ledgerId, length, headChecksum, index };
|
|
552
|
+
}
|
|
553
|
+
}
|
|
554
|
+
exports.Ledger = Ledger;
|
|
555
|
+
//# sourceMappingURL=ledger.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"ledger.js","sourceRoot":"","sources":["../../../../../brightchain-lib/src/lib/ledger/ledger.ts"],"names":[],"mappings":";AAAA;;;;;;;;;;;;;;;;;;;;;;;GAuBG;;;AAGH,+CAAiD;AACjD,iEAA8D;AAE9D,yDAAsD;AACtD,uDAAqE;AAOrE,mEAA+D;AAC/D,gDAA6C;AAC7C,gDAAiE;AACjE,+DAA4D;AAC5D,+EAA4E;AAG5E,wEAAwE;AACxE,MAAM,cAAc,GAAG,UAAU,CAAC;AAClC,uCAAuC;AACvC,MAAM,gBAAgB,GAAG,MAAM,CAAC;AAChC,qCAAqC;AACrC,MAAM,WAAW,GAAG,EAAE,CAAC;AAEvB;;;;;;;;;;GAUG;AACH,MAAM,mBAAoB,SAAQ,sBAAY;IAC5C,YAAY,SAAoB,EAAE,IAAgB,EAAE,QAAkB;QACpE,KAAK,CACH,SAAS,EACT,IAAI,EACJ,SAAS,EACT,QAAQ,EACR,qBAAS,CAAC,OAAO,EACjB,6BAAa,CAAC,OAAO,EACrB,IAAI,EACJ,IAAI,CACL,CAAC;IACJ,CAAC;IAEe,YAAY;QAC1B,sEAAsE;IACxE,CAAC;IAEe,KAAK,CAAC,aAAa;QACjC,QAAQ;IACV,CAAC;IAEe,QAAQ;QACtB,QAAQ;IACV,CAAC;CACF;AAED;;;;;;;;;GASG;AACH,MAAa,MAAM;IASE;IACA;IACA;IACA;IACA;IAZF,KAAK,GAA0B,IAAI,GAAG,EAAE,CAAC;IACzC,eAAe,GAAoB,IAAI,kCAAe,EAAE,CAAC;IAClE,OAAO,GAAG,CAAC,CAAC;IACZ,KAAK,GAAoB,IAAI,CAAC;IAC9B,cAAc,GAAoB,IAAI,CAAC;IACvC,oBAAoB,GAA+B,IAAI,CAAC;IAEhE,YACmB,KAAkB,EAClB,SAAoB,EACpB,UAAiC,EACjC,QAAgB,EAChB,oBAAkD;QAJlD,UAAK,GAAL,KAAK,CAAa;QAClB,cAAS,GAAT,SAAS,CAAW;QACpB,eAAU,GAAV,UAAU,CAAuB;QACjC,aAAQ,GAAR,QAAQ,CAAQ;QAChB,yBAAoB,GAApB,oBAAoB,CAA8B;IAClE,CAAC;IAEJ,qEAAqE;IAErE,4BAA4B;IAC5B,IAAI,MAAM;QACR,OAAO,IAAI,CAAC,OAAO,CAAC;IACtB,CAAC;IAED,iEAAiE;IACjE,IAAI,IAAI;QACN,OAAO,IAAI,CAAC,KAAK,CAAC;IACpB,CAAC;IAED,yEAAyE;IACzE,IAAI,YAAY;QACd,OAAO,IAAI,CAAC,oBAAoB,EAAE,YAAY,CAAC;IACjD,CAAC;IAED,qEAAqE;IAErE;;;;;;;OAOG;IACH,KAAK,CAAC,MAAM,CAAC,OAAmB,EAAE,MAAqB;QACrD,MAAM,cAAc,GAAG,IAAI,CAAC,OAAO,CAAC;QAEpC,mCAAmC;QACnC,IAAI,cAAc,KAAK,CAAC,IAAI,IAAI,CAAC,oBAAoB,EAAE,CAAC;YACtD,OAAO,IAAI,CAAC,kBAAkB,CAAC,OAAO,EAAE,MAAM,CAAC,CAAC;QAClD,CAAC;QAED,0DAA0D;QAC1D,IAAI,IAAI,CAAC,oBAAoB,EAAE,CAAC;YAC9B,IAAI,CAAC,IAAI,CAAC,oBAAoB,CAAC,SAAS,CAAC,MAAM,CAAC,SAAS,CAAC,EAAE,CAAC;gBAC3D,MAAM,IAAI,yBAAW,CACnB,6BAAe,CAAC,kBAAkB,EAClC,4CAA4C,CAC7C,CAAC;YACJ,CAAC;QACH,CAAC;QAED,OAAO,IAAI,CAAC,cAAc,CAAC,OAAO,EAAE,MAAM,CAAC,CAAC;IAC9C,CAAC;IAED;;;;;;OAMG;IACH,KAAK,CAAC,gBAAgB,CACpB,OAA4B,EAC5B,aAA4B,EAC5B,SAAuE;QAEvE,IAAI,CAAC,IAAI,CAAC,oBAAoB,EAAE,CAAC;YAC/B,MAAM,IAAI,yBAAW,CACnB,6BAAe,CAAC,sBAAsB,EACtC,0CAA0C,CAC3C,CAAC;QACJ,CAAC;QAED,IAAI,CAAC,IAAI,CAAC,oBAAoB,EAAE,CAAC;YAC/B,MAAM,IAAI,yBAAW,CACnB,6BAAe,CAAC,sBAAsB,EACtC,0DAA0D,CAC3D,CAAC;QACJ,CAAC;QAED,wCAAwC;QACxC,IAAI,CAAC,IAAI,CAAC,oBAAoB,CAAC,aAAa,CAAC,aAAa,CAAC,SAAS,CAAC,EAAE,CAAC;YACtE,MAAM,IAAI,yBAAW,CACnB,6BAAe,CAAC,sBAAsB,EACtC,uCAAuC,CACxC,CAAC;QACJ,CAAC;QAED,qEAAqE;QACrE,MAAM,WAAW,GAAG,IAAI,CAAC,oBAAoB,CAAC,KAAK,EAAE,CAAC;QACtD,KAAK,MAAM,MAAM,IAAI,OAAO,EAAE,CAAC;YAC7B,WAAW,CAAC,WAAW,CAAC,MAAM,CAAC,CAAC,CAAC,6BAA6B;QAChE,CAAC;QAED,gCAAgC;QAChC,MAAM,iBAAiB,GACrB,IAAI,CAAC,oBAAoB,CAAC,0BAA0B,CAAC,OAAO,CAAC,CAAC;QAEhE,uBAAuB;QACvB,MAAM,YAAY,GAGZ,EAAE,CAAC;QAET,mCAAmC;QACnC,MAAM,gBAAgB,GAAG,aAAa,CAAC,IAAI,CAAC,iBAAiB,CAAC,CAAC;QAC/D,YAAY,CAAC,IAAI,CAAC;YAChB,eAAe,EAAE,aAAa,CAAC,SAAS;YACxC,SAAS,EAAE,gBAAgB;SAC5B,CAAC,CAAC;QAEH,qCAAqC;QACrC,IAAI,SAAS,EAAE,CAAC;YACd,KAAK,MAAM,QAAQ,IAAI,SAAS,EAAE,CAAC;gBACjC,IACE,CAAC,IAAI,CAAC,oBAAoB,CAAC,aAAa,CAAC,QAAQ,CAAC,MAAM,CAAC,SAAS,CAAC,EACnE,CAAC;oBACD,MAAM,IAAI,yBAAW,CACnB,6BAAe,CAAC,sBAAsB,EACtC,iCAAiC,CAClC,CAAC;gBACJ,CAAC;gBACD,YAAY,CAAC,IAAI,CAAC;oBAChB,eAAe,EAAE,QAAQ,CAAC,MAAM,CAAC,SAAS;oBAC1C,SAAS,EAAE,QAAQ,CAAC,SAAS;iBAC9B,CAAC,CAAC;YACL,CAAC;QACH,CAAC;QAED,gBAAgB;QAChB,MAAM,UAAU,GAAG,YAAY,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,eAAe,CAAC,CAAC;QAC9D,IAAI,CAAC,IAAI,CAAC,oBAAoB,CAAC,YAAY,CAAC,UAAU,CAAC,EAAE,CAAC;YACxD,MAAM,IAAI,yBAAW,CACnB,6BAAe,CAAC,YAAY,EAC5B,wBAAwB,UAAU,CAAC,MAAM,qBAAqB,IAAI,CAAC,oBAAoB,CAAC,kBAAkB,EAAE,CAC7G,CAAC;QACJ,CAAC;QAED,2BAA2B;QAC3B,MAAM,iBAAiB,GAAG,IAAI,CAAC,oBAAoB,CAAC,SAAS,CAAC;YAC5D,OAAO;YACP,YAAY;SACb,CAAC,CAAC;QAEH,0BAA0B;QAC1B,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,cAAc,CAAC,iBAAiB,EAAE,aAAa,CAAC,CAAC;QAE7E,iFAAiF;QACjF,KAAK,MAAM,MAAM,IAAI,OAAO,EAAE,CAAC;YAC7B,IAAI,CAAC,oBAAoB,CAAC,WAAW,CAAC,MAAM,CAAC,CAAC;QAChD,CAAC;QAED,OAAO,QAAQ,CAAC;IAClB,CAAC;IAED,qEAAqE;IAErE,wCAAwC;IACxC,aAAa,CAAC,SAAqB;QACjC,OAAO,IAAI,CAAC,oBAAoB,EAAE,SAAS,CAAC,SAAS,CAAC,CAAC;IACzD,CAAC;IAED,kDAAkD;IAClD,oBAAoB;QAClB,OAAO,IAAI,CAAC,oBAAoB,EAAE,aAAa,EAAE,IAAI,EAAE,CAAC;IAC1D,CAAC;IAED,qEAAqE;IAErE;;;OAGG;IACH,KAAK,CAAC,QAAQ,CAAC,cAAsB;QACnC,MAAM,aAAa,GAAG,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,cAAc,CAAC,CAAC;QACrD,IAAI,aAAa,KAAK,SAAS,EAAE,CAAC;YAChC,MAAM,IAAI,yBAAW,CACnB,6BAAe,CAAC,aAAa,EAC7B,6BAA6B,cAAc,YAAY,CACxD,CAAC;QACJ,CAAC;QAED,MAAM,KAAK,GAAG,MAAM,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,aAAa,CAAC,CAAC;QACtD,MAAM,QAAQ,GAAG,IAAA,uBAAY,EAAC,KAAK,CAAC,IAAI,CAAC,CAAC;QAC1C,OAAO,IAAI,CAAC,UAAU,CAAC,WAAW,CAAC,QAAQ,CAAC,CAAC;IAC/C,CAAC;IAED;;;OAGG;IACH,KAAK,CAAC,UAAU,CAAC,KAAa,EAAE,GAAW;QACzC,IAAI,KAAK,GAAG,GAAG,EAAE,CAAC;YAChB,MAAM,IAAI,yBAAW,CACnB,6BAAe,CAAC,YAAY,EAC5B,yBAAyB,KAAK,YAAY,GAAG,GAAG,CACjD,CAAC;QACJ,CAAC;QACD,IAAI,KAAK,GAAG,CAAC,IAAI,GAAG,IAAI,IAAI,CAAC,OAAO,EAAE,CAAC;YACrC,MAAM,IAAI,yBAAW,CACnB,6BAAe,CAAC,YAAY,EAC5B,UAAU,KAAK,KAAK,GAAG,wCAAwC,IAAI,CAAC,OAAO,EAAE,CAC9E,CAAC;QACJ,CAAC;QAED,MAAM,OAAO,GAAmB,EAAE,CAAC;QACnC,KAAK,IAAI,CAAC,GAAG,KAAK,EAAE,CAAC,IAAI,GAAG,EAAE,CAAC,EAAE,EAAE,CAAC;YAClC,OAAO,CAAC,IAAI,CAAC,MAAM,IAAI,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,CAAC;QACvC,CAAC;QACD,OAAO,OAAO,CAAC;IACjB,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,cAAc;QAClB,IAAI,IAAI,CAAC,OAAO,KAAK,CAAC,EAAE,CAAC;YACvB,OAAO,IAAI,CAAC;QACd,CAAC;QACD,OAAO,IAAI,CAAC,QAAQ,CAAC,IAAI,CAAC,OAAO,GAAG,CAAC,CAAC,CAAC;IACzC,CAAC;IAED,qEAAqE;IAErE;;;;OAIG;IACK,KAAK,CAAC,kBAAkB,CAC9B,OAAmB,EACnB,MAAqB;QAErB,IAAI,CAAC,IAAI,CAAC,oBAAoB,EAAE,CAAC;YAC/B,MAAM,IAAI,yBAAW,CACnB,6BAAe,CAAC,sBAAsB,EACtC,qCAAqC,CACtC,CAAC;QACJ,CAAC;QAED,iDAAiD;QACjD,IAAI,CAAC,yDAA2B,CAAC,mBAAmB,CAAC,OAAO,CAAC,EAAE,CAAC;YAC9D,MAAM,IAAI,yBAAW,CACnB,6BAAe,CAAC,sBAAsB,EACtC,kEAAkE,CACnE,CAAC;QACJ,CAAC;QAED,sCAAsC;QACtC,MAAM,MAAM,GAAG,IAAI,CAAC,oBAAoB,CAAC,WAAW,CAAC,OAAO,CAAC,CAAC;QAC9D,IAAI,CAAC,MAAM,CAAC,OAAO,EAAE,CAAC;YACpB,MAAM,IAAI,yBAAW,CACnB,6BAAe,CAAC,sBAAsB,EACtC,+CAA+C,CAChD,CAAC;QACJ,CAAC;QAED,uCAAuC;QACvC,IAAI,CAAC,oBAAoB,GAAG,IAAI,yCAAmB,CACjD,MAAM,CAAC,OAAO,CAAC,OAA8B,EAC7C,MAAM,CAAC,OAAO,CAAC,YAAY,CAC5B,CAAC;QAEF,yDAAyD;QACzD,IAAI,CAAC,IAAI,CAAC,oBAAoB,CAAC,SAAS,CAAC,MAAM,CAAC,SAAS,CAAC,EAAE,CAAC;YAC3D,YAAY;YACZ,IAAI,CAAC,oBAAoB,GAAG,IAAI,CAAC;YACjC,MAAM,IAAI,yBAAW,CACnB,6BAAe,CAAC,kBAAkB,EAClC,4DAA4D,CAC7D,CAAC;QACJ,CAAC;QAED,2BAA2B;QAC3B,OAAO,IAAI,CAAC,cAAc,CAAC,OAAO,EAAE,MAAM,CAAC,CAAC;IAC9C,CAAC;IAED,qEAAqE;IAErE;;;OAGG;IACK,KAAK,CAAC,cAAc,CAC1B,OAAmB,EACnB,MAAqB;QAErB,MAAM,cAAc,GAAG,IAAI,CAAC,OAAO,CAAC;QACpC,MAAM,iBAAiB,GAAG,IAAI,CAAC,cAAc,CAAC;QAC9C,MAAM,SAAS,GAAG,IAAI,IAAI,EAAE,CAAC;QAE7B,uBAAuB;QACvB,MAAM,OAAO,GAAG;YACd,cAAc;YACd,SAAS;YACT,iBAAiB;YACjB,eAAe,EAAE,MAAM,CAAC,SAAS;YACjC,OAAO;SACR,CAAC;QACF,MAAM,SAAS,GAAG,IAAI,CAAC,UAAU,CAAC,gBAAgB,CAAC,OAAO,CAAC,CAAC;QAE5D,wBAAwB;QACxB,MAAM,SAAS,GAAG,MAAM,CAAC,IAAI,CAAC,SAAS,CAAC,YAAY,EAAE,CAAC,CAAC;QAExD,sBAAsB;QACtB,MAAM,KAAK,GAAiB,EAAE,GAAG,OAAO,EAAE,SAAS,EAAE,SAAS,EAAE,CAAC;QAEjE,uBAAuB;QACvB,MAAM,UAAU,GAAG,IAAI,CAAC,UAAU,CAAC,SAAS,CAAC,KAAK,CAAC,CAAC;QACpD,MAAM,MAAM,GAAG,IAAA,yBAAc,EAAC,UAAU,EAAE,IAAI,CAAC,SAAS,CAAC,CAAC;QAE1D,mCAAmC;QACnC,MAAM,KAAK,GAAG,IAAI,sBAAY,CAC5B,IAAI,CAAC,SAAS,EACd,MAAM,EACN,SAAS,EACT,SAAS,EACT,SAAS,EACT,SAAS,EACT,IAAI,EACJ,IAAI,EACJ,IAAI,CAAC,eAAe,CACrB,CAAC;QACF,MAAM,aAAa,GAAG,KAAK,CAAC,UAAU,CAAC;QAEvC,qEAAqE;QACrE,MAAM,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC;QAEhC,0DAA0D;QAC1D,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,cAAc,EAAE,aAAa,CAAC,CAAC;QAC9C,IAAI,CAAC,OAAO,GAAG,cAAc,GAAG,CAAC,CAAC;QAClC,IAAI,CAAC,KAAK,GAAG,aAAa,CAAC;QAC3B,IAAI,CAAC,cAAc,GAAG,SAAS,CAAC;QAEhC,4BAA4B;QAC5B,IAAI,CAAC;YACH,MAAM,IAAI,CAAC,eAAe,EAAE,CAAC;QAC/B,CAAC;QAAC,MAAM,CAAC;YACP,mEAAmE;YACnE,+BAA+B;QACjC,CAAC;QAED,OAAO,aAAa,CAAC;IACvB,CAAC;IAED,qEAAqE;IAErE;;;OAGG;IACK,kBAAkB;QACxB,OAAO,IAAI,CAAC,eAAe,CAAC,0BAA0B,CACpD,eAAe,IAAI,CAAC,QAAQ,EAAE,CAC/B,CAAC;IACJ,CAAC;IAED;;;;;;;;;;;;OAYG;IACK,iBAAiB;QACvB,MAAM,OAAO,GAAG,IAAI,WAAW,EAAE,CAAC;QAClC,MAAM,aAAa,GAAG,OAAO,CAAC,MAAM,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;QACpD,MAAM,SAAS,GAAG,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,YAAY,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC;QAEhE,MAAM,cAAc,GAAG,CAAC,GAAG,WAAW,CAAC;QACvC,MAAM,SAAS,GAAG,IAAI,CAAC,OAAO,GAAG,cAAc,CAAC;QAEhD,MAAM,IAAI,GACR,CAAC;YACD,CAAC;YACD,CAAC;YACD,aAAa,CAAC,MAAM;YACpB,CAAC;YACD,CAAC;YACD,CAAC,SAAS,CAAC,CAAC,CAAC,WAAW,CAAC,CAAC,CAAC,CAAC,CAAC;YAC7B,SAAS,CAAC;QAEZ,MAAM,GAAG,GAAG,IAAI,UAAU,CAAC,IAAI,CAAC,CAAC;QACjC,MAAM,IAAI,GAAG,IAAI,QAAQ,CAAC,GAAG,CAAC,MAAM,EAAE,GAAG,CAAC,UAAU,EAAE,GAAG,CAAC,UAAU,CAAC,CAAC;QACtE,IAAI,MAAM,GAAG,CAAC,CAAC;QAEf,IAAI,CAAC,SAAS,CAAC,MAAM,EAAE,cAAc,EAAE,KAAK,CAAC,CAAC;QAC9C,MAAM,IAAI,CAAC,CAAC;QACZ,IAAI,CAAC,SAAS,CAAC,MAAM,EAAE,gBAAgB,EAAE,KAAK,CAAC,CAAC;QAChD,MAAM,IAAI,CAAC,CAAC;QACZ,IAAI,CAAC,SAAS,CAAC,MAAM,EAAE,aAAa,CAAC,MAAM,EAAE,KAAK,CAAC,CAAC;QACpD,MAAM,IAAI,CAAC,CAAC;QACZ,GAAG,CAAC,GAAG,CAAC,aAAa,EAAE,MAAM,CAAC,CAAC;QAC/B,MAAM,IAAI,aAAa,CAAC,MAAM,CAAC;QAC/B,IAAI,CAAC,SAAS,CAAC,MAAM,EAAE,IAAI,CAAC,OAAO,EAAE,KAAK,CAAC,CAAC;QAC5C,MAAM,IAAI,CAAC,CAAC;QAEZ,IAAI,SAAS,EAAE,CAAC;YACd,GAAG,CAAC,MAAM,CAAC,GAAG,IAAI,CAAC;YACnB,MAAM,IAAI,CAAC,CAAC;YACZ,GAAG,CAAC,GAAG,CAAC,SAAS,EAAE,MAAM,CAAC,CAAC;YAC3B,MAAM,IAAI,WAAW,CAAC;QACxB,CAAC;aAAM,CAAC;YACN,GAAG,CAAC,MAAM,CAAC,GAAG,IAAI,CAAC;YACnB,MAAM,IAAI,CAAC,CAAC;QACd,CAAC;QAED,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,IAAI,CAAC,OAAO,EAAE,CAAC,EAAE,EAAE,CAAC;YACtC,MAAM,QAAQ,GAAG,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC;YACnC,IAAI,QAAQ,EAAE,CAAC;gBACb,IAAI,CAAC,SAAS,CAAC,MAAM,EAAE,CAAC,EAAE,KAAK,CAAC,CAAC;gBACjC,MAAM,IAAI,CAAC,CAAC;gBACZ,GAAG,CAAC,GAAG,CAAC,QAAQ,CAAC,YAAY,EAAE,EAAE,MAAM,CAAC,CAAC;gBACzC,MAAM,IAAI,WAAW,CAAC;YACxB,CAAC;QACH,CAAC;QAED,OAAO,GAAG,CAAC;IACb,CAAC;IAED;;OAEG;IACK,KAAK,CAAC,eAAe;QAC3B,MAAM,aAAa,GAAG,IAAI,CAAC,iBAAiB,EAAE,CAAC;QAC/C,MAAM,MAAM,GAAG,IAAA,yBAAc,EAAC,aAAa,EAAE,IAAI,CAAC,SAAS,CAAC,CAAC;QAC7D,MAAM,WAAW,GAAG,IAAI,CAAC,kBAAkB,EAAE,CAAC;QAE9C,gEAAgE;QAChE,IAAI,CAAC;YACH,MAAM,IAAI,CAAC,KAAK,CAAC,UAAU,CAAC,WAAW,CAAC,CAAC;QAC3C,CAAC;QAAC,MAAM,CAAC;YACP,kCAAkC;QACpC,CAAC;QAED,MAAM,KAAK,GAAG,IAAI,mBAAmB,CAAC,IAAI,CAAC,SAAS,EAAE,MAAM,EAAE,WAAW,CAAC,CAAC;QAC3E,MAAM,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC;IAClC,CAAC;IAED,qEAAqE;IAErE;;;;;;;;;;OAUG;IACH,MAAM,CAAC,KAAK,CAAC,IAAI,CACf,KAAkB,EAClB,SAAoB,EACpB,UAAiC,EACjC,QAAgB,EAChB,oBAAkD;QAElD,MAAM,MAAM,GAAG,IAAI,MAAM,CACvB,KAAK,EACL,SAAS,EACT,UAAU,EACV,QAAQ,EACR,oBAAoB,CACrB,CAAC;QACF,MAAM,WAAW,GAAG,MAAM,CAAC,kBAAkB,EAAE,CAAC;QAEhD,MAAM,WAAW,GAAG,MAAM,KAAK,CAAC,GAAG,CAAC,WAAW,CAAC,CAAC;QACjD,IAAI,CAAC,WAAW,EAAE,CAAC;YACjB,OAAO,MAAM,CAAC,CAAC,yBAAyB;QAC1C,CAAC;QAED,IAAI,aAA2B,CAAC;QAChC,IAAI,CAAC;YACH,aAAa,GAAG,MAAM,KAAK,CAAC,OAAO,CAAC,WAAW,CAAC,CAAC;QACnD,CAAC;QAAC,MAAM,CAAC;YACP,OAAO,MAAM,CAAC,CAAC,+BAA+B;QAChD,CAAC;QAED,MAAM,aAAa,GAAG,IAAA,uBAAY,EAAC,aAAa,CAAC,IAAI,CAAC,CAAC;QACvD,MAAM,MAAM,GAAG,MAAM,CAAC,aAAa,CAAC,aAAa,CAAC,CAAC;QAEnD,IAAI,MAAM,CAAC,MAAM,KAAK,CAAC,IAAI,MAAM,CAAC,YAAY,KAAK,IAAI,EAAE,CAAC;YACxD,OAAO,MAAM,CAAC;QAChB,CAAC;QAED,wBAAwB;QACxB,MAAM,CAAC,OAAO,GAAG,MAAM,CAAC,MAAM,CAAC;QAC/B,MAAM,CAAC,KAAK,GAAG,MAAM,CAAC,YAAY,CAAC;QAEnC,KAAK,MAAM,CAAC,MAAM,EAAE,aAAa,CAAC,IAAI,MAAM,CAAC,KAAK,EAAE,CAAC;YACnD,MAAM,CAAC,KAAK,CAAC,GAAG,CAAC,MAAM,EAAE,aAAa,CAAC,CAAC;QAC1C,CAAC;QAED,kDAAkD;QAClD,IAAI,CAAC;YACH,MAAM,SAAS,GAAG,MAAM,KAAK,CAAC,OAAO,CAAC,MAAM,CAAC,YAAY,CAAC,CAAC;YAC3D,MAAM,QAAQ,GAAG,IAAA,uBAAY,EAAC,SAAS,CAAC,IAAI,CAAC,CAAC;YAC9C,MAAM,SAAS,GAAG,UAAU,CAAC,WAAW,CAAC,QAAQ,CAAC,CAAC;YACnD,MAAM,CAAC,cAAc,GAAG,SAAS,CAAC,SAAS,CAAC;QAC9C,CAAC;QAAC,MAAM,CAAC;YACP,8CAA8C;QAChD,CAAC;QAED,+DAA+D;QAC/D,IAAI,oBAAoB,EAAE,CAAC;YACzB,MAAM,MAAM,CAAC,gBAAgB,EAAE,CAAC;QAClC,CAAC;QAED,OAAO,MAAM,CAAC;IAChB,CAAC;IAED;;;OAGG;IACK,KAAK,CAAC,gBAAgB;QAC5B,IAAI,CAAC,IAAI,CAAC,oBAAoB,IAAI,IAAI,CAAC,OAAO,KAAK,CAAC,EAAE,CAAC;YACrD,OAAO;QACT,CAAC;QAED,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,IAAI,CAAC,OAAO,EAAE,CAAC,EAAE,EAAE,CAAC;YACtC,MAAM,KAAK,GAAG,MAAM,IAAI,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC;YAErC,IAAI,CAAC,KAAK,CAAC,EAAE,CAAC;gBACZ,6CAA6C;gBAC7C,IAAI,yDAA2B,CAAC,mBAAmB,CAAC,KAAK,CAAC,OAAO,CAAC,EAAE,CAAC;oBACnE,MAAM,MAAM,GAAG,IAAI,CAAC,oBAAoB,CAAC,WAAW,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC;oBACpE,IAAI,MAAM,CAAC,OAAO,EAAE,CAAC;wBACnB,IAAI,CAAC,oBAAoB,GAAG,IAAI,yCAAmB,CACjD,MAAM,CAAC,OAAO,CAAC,OAA8B,EAC7C,MAAM,CAAC,OAAO,CAAC,YAAY,CAC5B,CAAC;oBACJ,CAAC;gBACH,CAAC;YACH,CAAC;iBAAM,IACL,IAAI,CAAC,oBAAoB;gBACzB,yDAA2B,CAAC,mBAAmB,CAAC,KAAK,CAAC,OAAO,CAAC,EAC9D,CAAC;gBACD,6CAA6C;gBAC7C,MAAM,MAAM,GAAG,IAAI,CAAC,oBAAoB,CAAC,WAAW,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC;gBACpE,KAAK,MAAM,MAAM,IAAI,MAAM,CAAC,OAAO,EAAE,CAAC;oBACpC,IAAI,CAAC,oBAAoB,CAAC,WAAW,CAAC,MAAM,CAAC,CAAC;gBAChD,CAAC;YACH,CAAC;QACH,CAAC;IACH,CAAC;IAED;;OAEG;IACK,MAAM,CAAC,aAAa,CAAC,IAAgB;QAM3C,IAAI,IAAI,CAAC,MAAM,GAAG,EAAE,EAAE,CAAC;YACrB,MAAM,IAAI,yBAAW,CACnB,6BAAe,CAAC,iBAAiB,EACjC,0BAA0B,CAC3B,CAAC;QACJ,CAAC;QAED,MAAM,IAAI,GAAG,IAAI,QAAQ,CAAC,IAAI,CAAC,MAAM,EAAE,IAAI,CAAC,UAAU,EAAE,IAAI,CAAC,UAAU,CAAC,CAAC;QACzE,IAAI,MAAM,GAAG,CAAC,CAAC;QAEf,QAAQ;QACR,MAAM,KAAK,GAAG,IAAI,CAAC,SAAS,CAAC,MAAM,EAAE,KAAK,CAAC,CAAC;QAC5C,MAAM,IAAI,CAAC,CAAC;QACZ,IAAI,KAAK,KAAK,cAAc,EAAE,CAAC;YAC7B,MAAM,IAAI,yBAAW,CACnB,6BAAe,CAAC,iBAAiB,EACjC,sCAAsC,cAAc,CAAC,QAAQ,CAAC,EAAE,CAAC,WAAW,KAAK,CAAC,QAAQ,CAAC,EAAE,CAAC,EAAE,CACjG,CAAC;QACJ,CAAC;QAED,UAAU;QACV,MAAM,OAAO,GAAG,IAAI,CAAC,SAAS,CAAC,MAAM,EAAE,KAAK,CAAC,CAAC;QAC9C,MAAM,IAAI,CAAC,CAAC;QACZ,IAAI,OAAO,KAAK,gBAAgB,EAAE,CAAC;YACjC,MAAM,IAAI,yBAAW,CACnB,6BAAe,CAAC,iBAAiB,EACjC,iCAAiC,OAAO,EAAE,CAC3C,CAAC;QACJ,CAAC;QAED,4BAA4B;QAC5B,IAAI,MAAM,GAAG,CAAC,GAAG,IAAI,CAAC,MAAM,EAAE,CAAC;YAC7B,MAAM,IAAI,yBAAW,CACnB,6BAAe,CAAC,iBAAiB,EACjC,mCAAmC,CACpC,CAAC;QACJ,CAAC;QACD,MAAM,cAAc,GAAG,IAAI,CAAC,SAAS,CAAC,MAAM,EAAE,KAAK,CAAC,CAAC;QACrD,MAAM,IAAI,CAAC,CAAC;QACZ,IAAI,MAAM,GAAG,cAAc,GAAG,IAAI,CAAC,MAAM,EAAE,CAAC;YAC1C,MAAM,IAAI,yBAAW,CACnB,6BAAe,CAAC,iBAAiB,EACjC,6BAA6B,CAC9B,CAAC;QACJ,CAAC;QACD,MAAM,OAAO,GAAG,IAAI,WAAW,EAAE,CAAC;QAClC,MAAM,QAAQ,GAAG,OAAO,CAAC,MAAM,CAC7B,IAAI,CAAC,KAAK,CAAC,MAAM,EAAE,MAAM,GAAG,cAAc,CAAC,CAC5C,CAAC;QACF,MAAM,IAAI,cAAc,CAAC;QAEzB,SAAS;QACT,IAAI,MAAM,GAAG,CAAC,GAAG,IAAI,CAAC,MAAM,EAAE,CAAC;YAC7B,MAAM,IAAI,yBAAW,CACnB,6BAAe,CAAC,iBAAiB,EACjC,iCAAiC,CAClC,CAAC;QACJ,CAAC;QACD,MAAM,MAAM,GAAG,IAAI,CAAC,SAAS,CAAC,MAAM,EAAE,KAAK,CAAC,CAAC;QAC7C,MAAM,IAAI,CAAC,CAAC;QAEZ,UAAU;QACV,IAAI,MAAM,GAAG,CAAC,GAAG,IAAI,CAAC,MAAM,EAAE,CAAC;YAC7B,MAAM,IAAI,yBAAW,CACnB,6BAAe,CAAC,iBAAiB,EACjC,kCAAkC,CACnC,CAAC;QACJ,CAAC;QACD,MAAM,OAAO,GAAG,IAAI,CAAC,MAAM,CAAC,CAAC;QAC7B,MAAM,IAAI,CAAC,CAAC;QAEZ,IAAI,YAAY,GAAoB,IAAI,CAAC;QACzC,IAAI,OAAO,KAAK,IAAI,EAAE,CAAC;YACrB,IAAI,MAAM,GAAG,WAAW,GAAG,IAAI,CAAC,MAAM,EAAE,CAAC;gBACvC,MAAM,IAAI,yBAAW,CACnB,6BAAe,CAAC,iBAAiB,EACjC,iCAAiC,CAClC,CAAC;YACJ,CAAC;YACD,YAAY,GAAG,mBAAQ,CAAC,cAAc,CACpC,IAAI,CAAC,KAAK,CAAC,MAAM,EAAE,MAAM,GAAG,WAAW,CAAC,CACzC,CAAC;YACF,MAAM,IAAI,WAAW,CAAC;QACxB,CAAC;QAED,qEAAqE;QACrE,MAAM,KAAK,GAAG,IAAI,GAAG,EAAoB,CAAC;QAC1C,MAAM,cAAc,GAAG,CAAC,GAAG,WAAW,CAAC;QACvC,OAAO,MAAM,GAAG,cAAc,IAAI,IAAI,CAAC,MAAM,EAAE,CAAC;YAC9C,MAAM,MAAM,GAAG,IAAI,CAAC,SAAS,CAAC,MAAM,EAAE,KAAK,CAAC,CAAC;YAC7C,MAAM,IAAI,CAAC,CAAC;YACZ,MAAM,aAAa,GAAG,mBAAQ,CAAC,cAAc,CAC3C,IAAI,CAAC,KAAK,CAAC,MAAM,EAAE,MAAM,GAAG,WAAW,CAAC,CACzC,CAAC;YACF,MAAM,IAAI,WAAW,CAAC;YACtB,KAAK,CAAC,GAAG,CAAC,MAAM,EAAE,aAAa,CAAC,CAAC;QACnC,CAAC;QAED,OAAO,EAAE,QAAQ,EAAE,MAAM,EAAE,YAAY,EAAE,KAAK,EAAE,CAAC;IACnD,CAAC;CACF;AAlqBD,wBAkqBC"}
|
|
@@ -0,0 +1,80 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* @fileoverview LedgerChainValidator — validates chain integrity by walking
|
|
3
|
+
* entries and checking hashes, signatures, authorization, and governance
|
|
4
|
+
* constraints.
|
|
5
|
+
*
|
|
6
|
+
* Validation does not throw — it returns an IValidationResult with error
|
|
7
|
+
* descriptors. All errors are collected (validation does not stop at the
|
|
8
|
+
* first error).
|
|
9
|
+
*
|
|
10
|
+
* @see Design: Block Chain Ledger — LedgerChainValidator
|
|
11
|
+
* @see Requirements 3.2, 3.3, 4.3–4.6, 8.1–8.4, 12.6–12.7, 13.6–13.7,
|
|
12
|
+
* 14.5, 15.6, 16.1–16.6
|
|
13
|
+
*/
|
|
14
|
+
import { ILedgerEntry } from '../interfaces/ledger/ledgerEntry';
|
|
15
|
+
import { ILedgerSignatureVerifier } from '../interfaces/ledger/ledgerSignatureVerifier';
|
|
16
|
+
import { IValidationResult } from '../interfaces/ledger/validationResult';
|
|
17
|
+
import { AuthorizedSignerSet } from './authorizedSignerSet';
|
|
18
|
+
import { GovernancePayloadSerializer } from './governancePayloadSerializer';
|
|
19
|
+
import { LedgerEntrySerializer } from './ledgerEntrySerializer';
|
|
20
|
+
/**
|
|
21
|
+
* Validates ledger chain integrity by walking entries and verifying:
|
|
22
|
+
* - Contiguous sequence numbers
|
|
23
|
+
* - Genesis entry correctness
|
|
24
|
+
* - Hash-chain links (previousEntryHash)
|
|
25
|
+
* - EntryHash recomputation
|
|
26
|
+
* - Signature verification
|
|
27
|
+
* - Authorization (signer is in the authorized set)
|
|
28
|
+
* - Governance constraints (admin role, quorum, safety)
|
|
29
|
+
*/
|
|
30
|
+
export declare class LedgerChainValidator {
|
|
31
|
+
private readonly serializer;
|
|
32
|
+
private readonly signatureVerifier;
|
|
33
|
+
private readonly governanceSerializer?;
|
|
34
|
+
constructor(serializer: LedgerEntrySerializer, signatureVerifier: ILedgerSignatureVerifier, governanceSerializer?: GovernancePayloadSerializer | undefined);
|
|
35
|
+
/**
|
|
36
|
+
* Validate the entire chain from genesis to head.
|
|
37
|
+
*
|
|
38
|
+
* Expects entries ordered by sequenceNumber starting from 0.
|
|
39
|
+
* Returns { isValid: true, entriesChecked: 0, errors: [] } for an empty chain.
|
|
40
|
+
*
|
|
41
|
+
* When a governanceSerializer is provided, also validates:
|
|
42
|
+
* - Genesis entry initializes the signer set
|
|
43
|
+
* - Each entry's signer is authorized at that chain position
|
|
44
|
+
* - Governance entries have admin role and satisfy quorum
|
|
45
|
+
* - Governance actions pass safety constraints
|
|
46
|
+
*/
|
|
47
|
+
validateAll(entries: ILedgerEntry[]): IValidationResult;
|
|
48
|
+
/**
|
|
49
|
+
* Validate a sub-range of entries, including the link to the predecessor.
|
|
50
|
+
*
|
|
51
|
+
* @param entries - The sub-range of entries to validate (ordered by sequenceNumber).
|
|
52
|
+
* @param predecessor - The entry immediately before the sub-range, or null if
|
|
53
|
+
* the sub-range starts at genesis.
|
|
54
|
+
* @param signerSetAtPredecessor - Optional AuthorizedSignerSet state at the predecessor
|
|
55
|
+
* for governance validation of the sub-range.
|
|
56
|
+
*/
|
|
57
|
+
validateRange(entries: ILedgerEntry[], predecessor: ILedgerEntry | null, signerSetAtPredecessor?: AuthorizedSignerSet): IValidationResult;
|
|
58
|
+
/**
|
|
59
|
+
* Initialize the AuthorizedSignerSet from a genesis entry.
|
|
60
|
+
* Returns the signer set, or null if the genesis is not a valid governance payload.
|
|
61
|
+
*/
|
|
62
|
+
private initSignerSetFromGenesis;
|
|
63
|
+
/**
|
|
64
|
+
* Validate authorization and governance constraints for a non-genesis entry.
|
|
65
|
+
* If the entry is a governance payload, also validates admin role, quorum,
|
|
66
|
+
* and applies actions to the signer set.
|
|
67
|
+
*/
|
|
68
|
+
private validateEntryAuthorization;
|
|
69
|
+
/**
|
|
70
|
+
* Recompute the entryHash for the given entry and compare it to the
|
|
71
|
+
* stored entryHash. Pushes an error if they don't match.
|
|
72
|
+
*/
|
|
73
|
+
private verifyEntryHash;
|
|
74
|
+
/**
|
|
75
|
+
* Verify the entry's signature against its signerPublicKey and entryHash.
|
|
76
|
+
* Pushes an error if verification fails.
|
|
77
|
+
*/
|
|
78
|
+
private verifySignature;
|
|
79
|
+
}
|
|
80
|
+
//# sourceMappingURL=ledgerChainValidator.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"ledgerChainValidator.d.ts","sourceRoot":"","sources":["../../../../../brightchain-lib/src/lib/ledger/ledgerChainValidator.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;GAYG;AAGH,OAAO,EAAE,YAAY,EAAE,MAAM,kCAAkC,CAAC;AAChE,OAAO,EAAE,wBAAwB,EAAE,MAAM,8CAA8C,CAAC;AACxF,OAAO,EAEL,iBAAiB,EAClB,MAAM,uCAAuC,CAAC;AAC/C,OAAO,EAAE,mBAAmB,EAAE,MAAM,uBAAuB,CAAC;AAC5D,OAAO,EAAE,2BAA2B,EAAE,MAAM,+BAA+B,CAAC;AAC5E,OAAO,EAAE,qBAAqB,EAAE,MAAM,yBAAyB,CAAC;AAEhE;;;;;;;;;GASG;AACH,qBAAa,oBAAoB;IAE7B,OAAO,CAAC,QAAQ,CAAC,UAAU;IAC3B,OAAO,CAAC,QAAQ,CAAC,iBAAiB;IAClC,OAAO,CAAC,QAAQ,CAAC,oBAAoB,CAAC;gBAFrB,UAAU,EAAE,qBAAqB,EACjC,iBAAiB,EAAE,wBAAwB,EAC3C,oBAAoB,CAAC,EAAE,2BAA2B,YAAA;IAGrE;;;;;;;;;;;OAWG;IACH,WAAW,CAAC,OAAO,EAAE,YAAY,EAAE,GAAG,iBAAiB;IAsEvD;;;;;;;;OAQG;IACH,aAAa,CACX,OAAO,EAAE,YAAY,EAAE,EACvB,WAAW,EAAE,YAAY,GAAG,IAAI,EAChC,sBAAsB,CAAC,EAAE,mBAAmB,GAC3C,iBAAiB;IAyFpB;;;OAGG;IACH,OAAO,CAAC,wBAAwB;IAmDhC;;;;OAIG;IACH,OAAO,CAAC,0BAA0B;IA0ElC;;;OAGG;IACH,OAAO,CAAC,eAAe;IAcvB;;;OAGG;IACH,OAAO,CAAC,eAAe;CAkBxB"}
|