@cubist-labs/cubesigner-sdk 0.3.26 → 0.3.28
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/cjs/package.json +1 -1
- package/dist/cjs/src/client.d.ts +4 -4
- package/dist/cjs/src/index.js +7 -4
- package/dist/cjs/src/key.d.ts +35 -2
- package/dist/cjs/src/key.js +79 -5
- package/dist/cjs/src/org_event_processor.d.ts +57 -0
- package/dist/cjs/src/org_event_processor.js +137 -0
- package/dist/cjs/src/schema.d.ts +41 -24
- package/dist/cjs/src/schema.js +1 -1
- package/dist/cjs/src/util.d.ts +2 -0
- package/dist/cjs/src/util.js +1 -1
- package/dist/esm/package.json +1 -1
- package/dist/esm/src/client.d.ts +4 -4
- package/dist/esm/src/index.js +4 -4
- package/dist/esm/src/key.d.ts +35 -2
- package/dist/esm/src/key.js +79 -5
- package/dist/esm/src/org_event_processor.d.ts +57 -0
- package/dist/esm/src/org_event_processor.js +133 -0
- package/dist/esm/src/schema.d.ts +41 -24
- package/dist/esm/src/schema.js +1 -1
- package/dist/esm/src/util.d.ts +2 -0
- package/dist/esm/src/util.js +1 -1
- package/dist/package.json +36 -0
- package/dist/spec/env/beta.json +9 -0
- package/dist/spec/env/gamma.json +9 -0
- package/dist/spec/env/prod.json +9 -0
- package/dist/src/api.d.ts +634 -0
- package/dist/src/api.js +1309 -0
- package/dist/src/client.d.ts +575 -0
- package/dist/src/client.js +381 -0
- package/dist/src/env.d.ts +15 -0
- package/dist/src/env.js +35 -0
- package/dist/src/error.d.ts +29 -0
- package/dist/src/error.js +36 -0
- package/dist/src/events.d.ts +84 -0
- package/dist/src/events.js +195 -0
- package/dist/src/index.d.ts +207 -0
- package/dist/src/index.js +308 -0
- package/dist/src/key.d.ts +152 -0
- package/dist/src/key.js +242 -0
- package/dist/src/mfa.d.ts +94 -0
- package/dist/src/mfa.js +169 -0
- package/dist/src/org.d.ts +99 -0
- package/dist/src/org.js +95 -0
- package/dist/src/paginator.d.ts +76 -0
- package/dist/src/paginator.js +99 -0
- package/dist/src/response.d.ts +101 -0
- package/dist/src/response.js +164 -0
- package/dist/src/role.d.ts +283 -0
- package/dist/src/role.js +253 -0
- package/dist/src/schema.d.ts +6209 -0
- package/dist/src/schema.js +7 -0
- package/dist/src/schema_types.d.ts +113 -0
- package/dist/src/schema_types.js +3 -0
- package/dist/src/session/session_storage.d.ts +47 -0
- package/dist/src/session/session_storage.js +76 -0
- package/dist/src/session/signer_session_manager.d.ts +125 -0
- package/dist/src/session/signer_session_manager.js +239 -0
- package/dist/src/signer_session.d.ts +41 -0
- package/dist/src/signer_session.js +77 -0
- package/dist/src/user_export.d.ts +52 -0
- package/dist/src/user_export.js +129 -0
- package/dist/src/util.d.ts +61 -0
- package/dist/src/util.js +97 -0
- package/package.json +1 -1
- package/src/index.ts +3 -3
- package/src/key.ts +83 -4
- package/src/schema.ts +42 -25
- package/src/util.ts +3 -0
package/dist/src/key.js
ADDED
|
@@ -0,0 +1,242 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
var __classPrivateFieldGet = (this && this.__classPrivateFieldGet) || function (receiver, state, kind, f) {
|
|
3
|
+
if (kind === "a" && !f) throw new TypeError("Private accessor was defined without a getter");
|
|
4
|
+
if (typeof state === "function" ? receiver !== state || !f : !state.has(receiver)) throw new TypeError("Cannot read private member from an object whose class did not declare it");
|
|
5
|
+
return kind === "m" ? f : kind === "a" ? f.call(receiver) : f ? f.value : state.get(receiver);
|
|
6
|
+
};
|
|
7
|
+
var __classPrivateFieldSet = (this && this.__classPrivateFieldSet) || function (receiver, state, value, kind, f) {
|
|
8
|
+
if (kind === "m") throw new TypeError("Private method is not writable");
|
|
9
|
+
if (kind === "a" && !f) throw new TypeError("Private accessor was defined without a setter");
|
|
10
|
+
if (typeof state === "function" ? receiver !== state || !f : !state.has(receiver)) throw new TypeError("Cannot write private member to an object whose class did not declare it");
|
|
11
|
+
return (kind === "a" ? f.call(receiver, value) : f ? f.value = value : state.set(receiver, value)), value;
|
|
12
|
+
};
|
|
13
|
+
var _Key_data;
|
|
14
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
15
|
+
exports.fromSchemaKeyType = exports.Key = exports.toKeyInfo = exports.Stark = exports.Mnemonic = exports.Ed25519 = exports.Bls = exports.Secp256k1 = void 0;
|
|
16
|
+
/** Secp256k1 key type */
|
|
17
|
+
var Secp256k1;
|
|
18
|
+
(function (Secp256k1) {
|
|
19
|
+
Secp256k1["Evm"] = "SecpEthAddr";
|
|
20
|
+
Secp256k1["Btc"] = "SecpBtc";
|
|
21
|
+
Secp256k1["BtcTest"] = "SecpBtcTest";
|
|
22
|
+
Secp256k1["Ava"] = "SecpAvaAddr";
|
|
23
|
+
Secp256k1["AvaTest"] = "SecpAvaTestAddr";
|
|
24
|
+
})(Secp256k1 || (exports.Secp256k1 = Secp256k1 = {}));
|
|
25
|
+
/** BLS key type */
|
|
26
|
+
var Bls;
|
|
27
|
+
(function (Bls) {
|
|
28
|
+
Bls["Eth2Deposited"] = "BlsPub";
|
|
29
|
+
Bls["Eth2Inactive"] = "BlsInactive";
|
|
30
|
+
})(Bls || (exports.Bls = Bls = {}));
|
|
31
|
+
/** Ed25519 key type */
|
|
32
|
+
var Ed25519;
|
|
33
|
+
(function (Ed25519) {
|
|
34
|
+
Ed25519["Solana"] = "Ed25519SolanaAddr";
|
|
35
|
+
Ed25519["Sui"] = "Ed25519SuiAddr";
|
|
36
|
+
Ed25519["Aptos"] = "Ed25519AptosAddr";
|
|
37
|
+
Ed25519["Cardano"] = "Ed25519CardanoAddrVk";
|
|
38
|
+
Ed25519["Stellar"] = "Ed25519StellarAddr";
|
|
39
|
+
})(Ed25519 || (exports.Ed25519 = Ed25519 = {}));
|
|
40
|
+
/** Mnemonic key type */
|
|
41
|
+
exports.Mnemonic = "Mnemonic";
|
|
42
|
+
/** Stark key type */
|
|
43
|
+
exports.Stark = "Stark";
|
|
44
|
+
/**
|
|
45
|
+
* Define some additional (backward compatibility) properties
|
|
46
|
+
* on a `KeyInfoApi` object returned from the remote end.
|
|
47
|
+
*
|
|
48
|
+
* @param {KeyInfoApi} key Key information returned from the remote end
|
|
49
|
+
* @return {KeyInfo} The same `key` object extended with some derived properties.
|
|
50
|
+
*/
|
|
51
|
+
function toKeyInfo(key) {
|
|
52
|
+
return {
|
|
53
|
+
...key,
|
|
54
|
+
id: key.key_id,
|
|
55
|
+
type: key.key_type,
|
|
56
|
+
publicKey: key.public_key,
|
|
57
|
+
materialId: key.material_id,
|
|
58
|
+
};
|
|
59
|
+
}
|
|
60
|
+
exports.toKeyInfo = toKeyInfo;
|
|
61
|
+
/**
|
|
62
|
+
* A representation of a signing key.
|
|
63
|
+
*/
|
|
64
|
+
class Key {
|
|
65
|
+
/** The organization that this key is in */
|
|
66
|
+
get orgId() {
|
|
67
|
+
return this.csc.orgId;
|
|
68
|
+
}
|
|
69
|
+
/**
|
|
70
|
+
* The id of the key: "Key#" followed by a unique identifier specific to
|
|
71
|
+
* the type of key (such as a public key for BLS or an ethereum address for Secp)
|
|
72
|
+
* @example Key#0x8e3484687e66cdd26cf04c3647633ab4f3570148
|
|
73
|
+
*/
|
|
74
|
+
get id() {
|
|
75
|
+
return __classPrivateFieldGet(this, _Key_data, "f").key_id;
|
|
76
|
+
}
|
|
77
|
+
/**
|
|
78
|
+
* A unique identifier specific to the type of key, such as a public key or an ethereum address
|
|
79
|
+
* @example 0x8e3484687e66cdd26cf04c3647633ab4f3570148
|
|
80
|
+
*/
|
|
81
|
+
get materialId() {
|
|
82
|
+
return __classPrivateFieldGet(this, _Key_data, "f").material_id;
|
|
83
|
+
}
|
|
84
|
+
/**
|
|
85
|
+
* @description Hex-encoded, serialized public key. The format used depends on the key type:
|
|
86
|
+
* - secp256k1 keys use 65-byte uncompressed SECG format
|
|
87
|
+
* - BLS keys use 48-byte compressed BLS12-381 (ZCash) format
|
|
88
|
+
* @example 0x04d2688b6bc2ce7f9879b9e745f3c4dc177908c5cef0c1b64cff19ae7ff27dee623c64fe9d9c325c7fbbc748bbd5f607ce14dd83e28ebbbb7d3e7f2ffb70a79431
|
|
89
|
+
*/
|
|
90
|
+
get publicKey() {
|
|
91
|
+
return __classPrivateFieldGet(this, _Key_data, "f").public_key;
|
|
92
|
+
}
|
|
93
|
+
/**
|
|
94
|
+
* Get the cached properties of this key. The cached properties reflect the
|
|
95
|
+
* state of the last fetch or update (e.g., after awaiting `Key.enabled()`
|
|
96
|
+
* or `Key.disable()`).
|
|
97
|
+
*/
|
|
98
|
+
get cached() {
|
|
99
|
+
return __classPrivateFieldGet(this, _Key_data, "f");
|
|
100
|
+
}
|
|
101
|
+
/** The type of key. */
|
|
102
|
+
async type() {
|
|
103
|
+
const data = await this.fetch();
|
|
104
|
+
return fromSchemaKeyType(data.key_type);
|
|
105
|
+
}
|
|
106
|
+
/** Is the key enabled? */
|
|
107
|
+
async enabled() {
|
|
108
|
+
const data = await this.fetch();
|
|
109
|
+
return data.enabled;
|
|
110
|
+
}
|
|
111
|
+
/** Enable the key. */
|
|
112
|
+
async enable() {
|
|
113
|
+
await this.update({ enabled: true });
|
|
114
|
+
}
|
|
115
|
+
/** Disable the key. */
|
|
116
|
+
async disable() {
|
|
117
|
+
await this.update({ enabled: false });
|
|
118
|
+
}
|
|
119
|
+
/**
|
|
120
|
+
* Set new policy (overwriting any policies previously set for this key)
|
|
121
|
+
* @param {KeyPolicy} policy The new policy to set
|
|
122
|
+
*/
|
|
123
|
+
async setPolicy(policy) {
|
|
124
|
+
await this.update({ policy: policy });
|
|
125
|
+
}
|
|
126
|
+
/**
|
|
127
|
+
* Append to existing key policy. This append is not atomic -- it uses {@link policy} to fetch the current policy and then {@link setPolicy} to set the policy -- and should not be used in across concurrent sessions.
|
|
128
|
+
* @param {KeyPolicy} policy The policy to append to the existing one.
|
|
129
|
+
*/
|
|
130
|
+
async appendPolicy(policy) {
|
|
131
|
+
const existing = await this.policy();
|
|
132
|
+
await this.setPolicy([...existing, ...policy]);
|
|
133
|
+
}
|
|
134
|
+
/**
|
|
135
|
+
* Get the policy for the key.
|
|
136
|
+
* @return {Promise<KeyPolicy>} The policy for the key.
|
|
137
|
+
*/
|
|
138
|
+
async policy() {
|
|
139
|
+
const data = await this.fetch();
|
|
140
|
+
return (data.policy ?? []);
|
|
141
|
+
}
|
|
142
|
+
/**
|
|
143
|
+
* @description Owner of the key
|
|
144
|
+
* @example User#c3b9379c-4e8c-4216-bd0a-65ace53cf98f
|
|
145
|
+
*/
|
|
146
|
+
async owner() {
|
|
147
|
+
const data = await this.fetch();
|
|
148
|
+
return data.owner;
|
|
149
|
+
}
|
|
150
|
+
/**
|
|
151
|
+
* Set the owner of the key. Only the key (or org) owner can change the owner of the key.
|
|
152
|
+
* @param {string} owner The user-id of the new owner of the key.
|
|
153
|
+
*/
|
|
154
|
+
async setOwner(owner) {
|
|
155
|
+
await this.update({ owner });
|
|
156
|
+
}
|
|
157
|
+
/**
|
|
158
|
+
* Delete this key.
|
|
159
|
+
*/
|
|
160
|
+
async delete() {
|
|
161
|
+
await this.csc.keyDelete(this.id);
|
|
162
|
+
}
|
|
163
|
+
// --------------------------------------------------------------------------
|
|
164
|
+
// -- INTERNAL --------------------------------------------------------------
|
|
165
|
+
// --------------------------------------------------------------------------
|
|
166
|
+
/**
|
|
167
|
+
* Create a new key.
|
|
168
|
+
*
|
|
169
|
+
* @param {CubeSignerClient} csc The CubeSigner instance to use for signing.
|
|
170
|
+
* @param {KeyInfoApi} data The JSON response from the API server.
|
|
171
|
+
* @internal
|
|
172
|
+
*/
|
|
173
|
+
constructor(csc, data) {
|
|
174
|
+
/** The key information */
|
|
175
|
+
_Key_data.set(this, void 0);
|
|
176
|
+
this.csc = csc;
|
|
177
|
+
__classPrivateFieldSet(this, _Key_data, toKeyInfo(data), "f");
|
|
178
|
+
}
|
|
179
|
+
/**
|
|
180
|
+
* Update the key.
|
|
181
|
+
* @param {UpdateKeyRequest} request The JSON request to send to the API server.
|
|
182
|
+
* @return {KeyInfo} The JSON response from the API server.
|
|
183
|
+
* @internal
|
|
184
|
+
*/
|
|
185
|
+
async update(request) {
|
|
186
|
+
__classPrivateFieldSet(this, _Key_data, await this.csc.keyUpdate(this.id, request).then(toKeyInfo), "f");
|
|
187
|
+
return __classPrivateFieldGet(this, _Key_data, "f");
|
|
188
|
+
}
|
|
189
|
+
/**
|
|
190
|
+
* Fetch the key information.
|
|
191
|
+
*
|
|
192
|
+
* @return {KeyInfo} The key information.
|
|
193
|
+
* @internal
|
|
194
|
+
*/
|
|
195
|
+
async fetch() {
|
|
196
|
+
__classPrivateFieldSet(this, _Key_data, await this.csc.keyGet(this.id).then(toKeyInfo), "f");
|
|
197
|
+
return __classPrivateFieldGet(this, _Key_data, "f");
|
|
198
|
+
}
|
|
199
|
+
}
|
|
200
|
+
exports.Key = Key;
|
|
201
|
+
_Key_data = new WeakMap();
|
|
202
|
+
/**
|
|
203
|
+
* Convert a schema key type to a key type.
|
|
204
|
+
*
|
|
205
|
+
* @param {SchemaKeyType} ty The schema key type.
|
|
206
|
+
* @return {KeyType} The key type.
|
|
207
|
+
* @internal
|
|
208
|
+
*/
|
|
209
|
+
function fromSchemaKeyType(ty) {
|
|
210
|
+
switch (ty) {
|
|
211
|
+
case "SecpEthAddr":
|
|
212
|
+
return Secp256k1.Evm;
|
|
213
|
+
case "SecpBtc":
|
|
214
|
+
return Secp256k1.Btc;
|
|
215
|
+
case "SecpBtcTest":
|
|
216
|
+
return Secp256k1.BtcTest;
|
|
217
|
+
case "SecpAvaAddr":
|
|
218
|
+
return Secp256k1.Ava;
|
|
219
|
+
case "SecpAvaTestAddr":
|
|
220
|
+
return Secp256k1.AvaTest;
|
|
221
|
+
case "BlsPub":
|
|
222
|
+
return Bls.Eth2Deposited;
|
|
223
|
+
case "BlsInactive":
|
|
224
|
+
return Bls.Eth2Inactive;
|
|
225
|
+
case "Ed25519SolanaAddr":
|
|
226
|
+
return Ed25519.Solana;
|
|
227
|
+
case "Ed25519SuiAddr":
|
|
228
|
+
return Ed25519.Sui;
|
|
229
|
+
case "Ed25519AptosAddr":
|
|
230
|
+
return Ed25519.Aptos;
|
|
231
|
+
case "Ed25519CardanoAddrVk":
|
|
232
|
+
return Ed25519.Cardano;
|
|
233
|
+
case "Ed25519StellarAddr":
|
|
234
|
+
return Ed25519.Stellar;
|
|
235
|
+
case "Stark":
|
|
236
|
+
return exports.Stark;
|
|
237
|
+
case "Mnemonic":
|
|
238
|
+
return exports.Mnemonic;
|
|
239
|
+
}
|
|
240
|
+
}
|
|
241
|
+
exports.fromSchemaKeyType = fromSchemaKeyType;
|
|
242
|
+
//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoia2V5LmpzIiwic291cmNlUm9vdCI6IiIsInNvdXJjZXMiOlsiLi4vLi4vc3JjL2tleS50cyJdLCJuYW1lcyI6W10sIm1hcHBpbmdzIjoiOzs7Ozs7Ozs7Ozs7Ozs7QUFJQSx5QkFBeUI7QUFDekIsSUFBWSxTQU1YO0FBTkQsV0FBWSxTQUFTO0lBQ25CLGdDQUFtQixDQUFBO0lBQ25CLDRCQUFlLENBQUE7SUFDZixvQ0FBdUIsQ0FBQTtJQUN2QixnQ0FBbUIsQ0FBQTtJQUNuQix3Q0FBMkIsQ0FBQTtBQUM3QixDQUFDLEVBTlcsU0FBUyx5QkFBVCxTQUFTLFFBTXBCO0FBRUQsbUJBQW1CO0FBQ25CLElBQVksR0FHWDtBQUhELFdBQVksR0FBRztJQUNiLCtCQUF3QixDQUFBO0lBQ3hCLG1DQUE0QixDQUFBO0FBQzlCLENBQUMsRUFIVyxHQUFHLG1CQUFILEdBQUcsUUFHZDtBQUVELHVCQUF1QjtBQUN2QixJQUFZLE9BTVg7QUFORCxXQUFZLE9BQU87SUFDakIsdUNBQTRCLENBQUE7SUFDNUIsaUNBQXNCLENBQUE7SUFDdEIscUNBQTBCLENBQUE7SUFDMUIsMkNBQWdDLENBQUE7SUFDaEMseUNBQThCLENBQUE7QUFDaEMsQ0FBQyxFQU5XLE9BQU8sdUJBQVAsT0FBTyxRQU1sQjtBQUVELHdCQUF3QjtBQUNYLFFBQUEsUUFBUSxHQUFHLFVBQW1CLENBQUM7QUFHNUMscUJBQXFCO0FBQ1IsUUFBQSxLQUFLLEdBQUcsT0FBZ0IsQ0FBQztBQWtCdEM7Ozs7OztHQU1HO0FBQ0gsU0FBZ0IsU0FBUyxDQUFDLEdBQWU7SUFDdkMsT0FBTztRQUNMLEdBQUcsR0FBRztRQUNOLEVBQUUsRUFBRSxHQUFHLENBQUMsTUFBTTtRQUNkLElBQUksRUFBRSxHQUFHLENBQUMsUUFBUTtRQUNsQixTQUFTLEVBQUUsR0FBRyxDQUFDLFVBQVU7UUFDekIsVUFBVSxFQUFFLEdBQUcsQ0FBQyxXQUFXO0tBQzVCLENBQUM7QUFDSixDQUFDO0FBUkQsOEJBUUM7QUFFRDs7R0FFRztBQUNILE1BQWEsR0FBRztJQU1kLDJDQUEyQztJQUMzQyxJQUFJLEtBQUs7UUFDUCxPQUFPLElBQUksQ0FBQyxHQUFHLENBQUMsS0FBSyxDQUFDO0lBQ3hCLENBQUM7SUFFRDs7OztPQUlHO0lBQ0gsSUFBSSxFQUFFO1FBQ0osT0FBTyx1QkFBQSxJQUFJLGlCQUFNLENBQUMsTUFBTSxDQUFDO0lBQzNCLENBQUM7SUFFRDs7O09BR0c7SUFDSCxJQUFJLFVBQVU7UUFDWixPQUFPLHVCQUFBLElBQUksaUJBQU0sQ0FBQyxXQUFXLENBQUM7SUFDaEMsQ0FBQztJQUVEOzs7OztPQUtHO0lBQ0gsSUFBSSxTQUFTO1FBQ1gsT0FBTyx1QkFBQSxJQUFJLGlCQUFNLENBQUMsVUFBVSxDQUFDO0lBQy9CLENBQUM7SUFFRDs7OztPQUlHO0lBQ0gsSUFBSSxNQUFNO1FBQ1IsT0FBTyx1QkFBQSxJQUFJLGlCQUFNLENBQUM7SUFDcEIsQ0FBQztJQUVELHVCQUF1QjtJQUN2QixLQUFLLENBQUMsSUFBSTtRQUNSLE1BQU0sSUFBSSxHQUFHLE1BQU0sSUFBSSxDQUFDLEtBQUssRUFBRSxDQUFDO1FBQ2hDLE9BQU8saUJBQWlCLENBQUMsSUFBSSxDQUFDLFFBQVEsQ0FBQyxDQUFDO0lBQzFDLENBQUM7SUFFRCwwQkFBMEI7SUFDMUIsS0FBSyxDQUFDLE9BQU87UUFDWCxNQUFNLElBQUksR0FBRyxNQUFNLElBQUksQ0FBQyxLQUFLLEVBQUUsQ0FBQztRQUNoQyxPQUFPLElBQUksQ0FBQyxPQUFPLENBQUM7SUFDdEIsQ0FBQztJQUVELHNCQUFzQjtJQUN0QixLQUFLLENBQUMsTUFBTTtRQUNWLE1BQU0sSUFBSSxDQUFDLE1BQU0sQ0FBQyxFQUFFLE9BQU8sRUFBRSxJQUFJLEVBQUUsQ0FBQyxDQUFDO0lBQ3ZDLENBQUM7SUFFRCx1QkFBdUI7SUFDdkIsS0FBSyxDQUFDLE9BQU87UUFDWCxNQUFNLElBQUksQ0FBQyxNQUFNLENBQUMsRUFBRSxPQUFPLEVBQUUsS0FBSyxFQUFFLENBQUMsQ0FBQztJQUN4QyxDQUFDO0lBRUQ7OztPQUdHO0lBQ0gsS0FBSyxDQUFDLFNBQVMsQ0FBQyxNQUFpQjtRQUMvQixNQUFNLElBQUksQ0FBQyxNQUFNLENBQUMsRUFBRSxNQUFNLEVBQUUsTUFBNEMsRUFBRSxDQUFDLENBQUM7SUFDOUUsQ0FBQztJQUVEOzs7T0FHRztJQUNILEtBQUssQ0FBQyxZQUFZLENBQUMsTUFBaUI7UUFDbEMsTUFBTSxRQUFRLEdBQUcsTUFBTSxJQUFJLENBQUMsTUFBTSxFQUFFLENBQUM7UUFDckMsTUFBTSxJQUFJLENBQUMsU0FBUyxDQUFDLENBQUMsR0FBRyxRQUFRLEVBQUUsR0FBRyxNQUFNLENBQUMsQ0FBQyxDQUFDO0lBQ2pELENBQUM7SUFFRDs7O09BR0c7SUFDSCxLQUFLLENBQUMsTUFBTTtRQUNWLE1BQU0sSUFBSSxHQUFHLE1BQU0sSUFBSSxDQUFDLEtBQUssRUFBRSxDQUFDO1FBQ2hDLE9BQU8sQ0FBQyxJQUFJLENBQUMsTUFBTSxJQUFJLEVBQUUsQ0FBeUIsQ0FBQztJQUNyRCxDQUFDO0lBRUQ7OztPQUdHO0lBQ0gsS0FBSyxDQUFDLEtBQUs7UUFDVCxNQUFNLElBQUksR0FBRyxNQUFNLElBQUksQ0FBQyxLQUFLLEVBQUUsQ0FBQztRQUNoQyxPQUFPLElBQUksQ0FBQyxLQUFLLENBQUM7SUFDcEIsQ0FBQztJQUVEOzs7T0FHRztJQUNILEtBQUssQ0FBQyxRQUFRLENBQUMsS0FBYTtRQUMxQixNQUFNLElBQUksQ0FBQyxNQUFNLENBQUMsRUFBRSxLQUFLLEVBQUUsQ0FBQyxDQUFDO0lBQy9CLENBQUM7SUFFRDs7T0FFRztJQUNILEtBQUssQ0FBQyxNQUFNO1FBQ1YsTUFBTSxJQUFJLENBQUMsR0FBRyxDQUFDLFNBQVMsQ0FBQyxJQUFJLENBQUMsRUFBRSxDQUFDLENBQUM7SUFDcEMsQ0FBQztJQUVELDZFQUE2RTtJQUM3RSw2RUFBNkU7SUFDN0UsNkVBQTZFO0lBRTdFOzs7Ozs7T0FNRztJQUNILFlBQVksR0FBcUIsRUFBRSxJQUFnQjtRQS9IbkQsMEJBQTBCO1FBQzFCLDRCQUFlO1FBK0hiLElBQUksQ0FBQyxHQUFHLEdBQUcsR0FBRyxDQUFDO1FBQ2YsdUJBQUEsSUFBSSxhQUFTLFNBQVMsQ0FBQyxJQUFJLENBQUMsTUFBQSxDQUFDO0lBQy9CLENBQUM7SUFFRDs7Ozs7T0FLRztJQUNLLEtBQUssQ0FBQyxNQUFNLENBQUMsT0FBeUI7UUFDNUMsdUJBQUEsSUFBSSxhQUFTLE1BQU0sSUFBSSxDQUFDLEdBQUcsQ0FBQyxTQUFTLENBQUMsSUFBSSxDQUFDLEVBQUUsRUFBRSxPQUFPLENBQUMsQ0FBQyxJQUFJLENBQUMsU0FBUyxDQUFDLE1BQUEsQ0FBQztRQUN4RSxPQUFPLHVCQUFBLElBQUksaUJBQU0sQ0FBQztJQUNwQixDQUFDO0lBRUQ7Ozs7O09BS0c7SUFDSyxLQUFLLENBQUMsS0FBSztRQUNqQix1QkFBQSxJQUFJLGFBQVMsTUFBTSxJQUFJLENBQUMsR0FBRyxDQUFDLE1BQU0sQ0FBQyxJQUFJLENBQUMsRUFBRSxDQUFDLENBQUMsSUFBSSxDQUFDLFNBQVMsQ0FBQyxNQUFBLENBQUM7UUFDNUQsT0FBTyx1QkFBQSxJQUFJLGlCQUFNLENBQUM7SUFDcEIsQ0FBQztDQUNGO0FBNUpELGtCQTRKQzs7QUFFRDs7Ozs7O0dBTUc7QUFDSCxTQUFnQixpQkFBaUIsQ0FBQyxFQUFpQjtJQUNqRCxRQUFRLEVBQUUsRUFBRSxDQUFDO1FBQ1gsS0FBSyxhQUFhO1lBQ2hCLE9BQU8sU0FBUyxDQUFDLEdBQUcsQ0FBQztRQUN2QixLQUFLLFNBQVM7WUFDWixPQUFPLFNBQVMsQ0FBQyxHQUFHLENBQUM7UUFDdkIsS0FBSyxhQUFhO1lBQ2hCLE9BQU8sU0FBUyxDQUFDLE9BQU8sQ0FBQztRQUMzQixLQUFLLGFBQWE7WUFDaEIsT0FBTyxTQUFTLENBQUMsR0FBRyxDQUFDO1FBQ3ZCLEtBQUssaUJBQWlCO1lBQ3BCLE9BQU8sU0FBUyxDQUFDLE9BQU8sQ0FBQztRQUMzQixLQUFLLFFBQVE7WUFDWCxPQUFPLEdBQUcsQ0FBQyxhQUFhLENBQUM7UUFDM0IsS0FBSyxhQUFhO1lBQ2hCLE9BQU8sR0FBRyxDQUFDLFlBQVksQ0FBQztRQUMxQixLQUFLLG1CQUFtQjtZQUN0QixPQUFPLE9BQU8sQ0FBQyxNQUFNLENBQUM7UUFDeEIsS0FBSyxnQkFBZ0I7WUFDbkIsT0FBTyxPQUFPLENBQUMsR0FBRyxDQUFDO1FBQ3JCLEtBQUssa0JBQWtCO1lBQ3JCLE9BQU8sT0FBTyxDQUFDLEtBQUssQ0FBQztRQUN2QixLQUFLLHNCQUFzQjtZQUN6QixPQUFPLE9BQU8sQ0FBQyxPQUFPLENBQUM7UUFDekIsS0FBSyxvQkFBb0I7WUFDdkIsT0FBTyxPQUFPLENBQUMsT0FBTyxDQUFDO1FBQ3pCLEtBQUssT0FBTztZQUNWLE9BQU8sYUFBSyxDQUFDO1FBQ2YsS0FBSyxVQUFVO1lBQ2IsT0FBTyxnQkFBUSxDQUFDO0lBQ3BCLENBQUM7QUFDSCxDQUFDO0FBL0JELDhDQStCQyIsInNvdXJjZXNDb250ZW50IjpbImltcG9ydCB7IEtleVBvbGljeSB9IGZyb20gXCIuL3JvbGVcIjtcbmltcG9ydCB7IEtleUluZm9BcGksIEtleVR5cGVBcGksIFVwZGF0ZUtleVJlcXVlc3QsIFNjaGVtYUtleVR5cGUgfSBmcm9tIFwiLi9zY2hlbWFfdHlwZXNcIjtcbmltcG9ydCB7IEN1YmVTaWduZXJDbGllbnQgfSBmcm9tIFwiLi9jbGllbnRcIjtcblxuLyoqIFNlY3AyNTZrMSBrZXkgdHlwZSAqL1xuZXhwb3J0IGVudW0gU2VjcDI1NmsxIHtcbiAgRXZtID0gXCJTZWNwRXRoQWRkclwiLCAvLyBlc2xpbnQtZGlzYWJsZS1saW5lIG5vLXVudXNlZC12YXJzXG4gIEJ0YyA9IFwiU2VjcEJ0Y1wiLCAvLyBlc2xpbnQtZGlzYWJsZS1saW5lIG5vLXVudXNlZC12YXJzXG4gIEJ0Y1Rlc3QgPSBcIlNlY3BCdGNUZXN0XCIsIC8vIGVzbGludC1kaXNhYmxlLWxpbmUgbm8tdW51c2VkLXZhcnNcbiAgQXZhID0gXCJTZWNwQXZhQWRkclwiLCAvLyBlc2xpbnQtZGlzYWJsZS1saW5lIG5vLXVudXNlZC12YXJzXG4gIEF2YVRlc3QgPSBcIlNlY3BBdmFUZXN0QWRkclwiLCAvLyBlc2xpbnQtZGlzYWJsZS1saW5lIG5vLXVudXNlZC12YXJzXG59XG5cbi8qKiBCTFMga2V5IHR5cGUgKi9cbmV4cG9ydCBlbnVtIEJscyB7XG4gIEV0aDJEZXBvc2l0ZWQgPSBcIkJsc1B1YlwiLCAvLyBlc2xpbnQtZGlzYWJsZS1saW5lIG5vLXVudXNlZC12YXJzXG4gIEV0aDJJbmFjdGl2ZSA9IFwiQmxzSW5hY3RpdmVcIiwgLy8gZXNsaW50LWRpc2FibGUtbGluZSBuby11bnVzZWQtdmFyc1xufVxuXG4vKiogRWQyNTUxOSBrZXkgdHlwZSAqL1xuZXhwb3J0IGVudW0gRWQyNTUxOSB7XG4gIFNvbGFuYSA9IFwiRWQyNTUxOVNvbGFuYUFkZHJcIiwgLy8gZXNsaW50LWRpc2FibGUtbGluZSBuby11bnVzZWQtdmFyc1xuICBTdWkgPSBcIkVkMjU1MTlTdWlBZGRyXCIsIC8vIGVzbGludC1kaXNhYmxlLWxpbmUgbm8tdW51c2VkLXZhcnNcbiAgQXB0b3MgPSBcIkVkMjU1MTlBcHRvc0FkZHJcIiwgLy8gZXNsaW50LWRpc2FibGUtbGluZSBuby11bnVzZWQtdmFyc1xuICBDYXJkYW5vID0gXCJFZDI1NTE5Q2FyZGFub0FkZHJWa1wiLCAvLyBlc2xpbnQtZGlzYWJsZS1saW5lIG5vLXVudXNlZC12YXJzXG4gIFN0ZWxsYXIgPSBcIkVkMjU1MTlTdGVsbGFyQWRkclwiLCAvLyBlc2xpbnQtZGlzYWJsZS1saW5lIG5vLXVudXNlZC12YXJzXG59XG5cbi8qKiBNbmVtb25pYyBrZXkgdHlwZSAqL1xuZXhwb3J0IGNvbnN0IE1uZW1vbmljID0gXCJNbmVtb25pY1wiIGFzIGNvbnN0O1xuZXhwb3J0IHR5cGUgTW5lbW9uaWMgPSB0eXBlb2YgTW5lbW9uaWM7XG5cbi8qKiBTdGFyayBrZXkgdHlwZSAqL1xuZXhwb3J0IGNvbnN0IFN0YXJrID0gXCJTdGFya1wiIGFzIGNvbnN0O1xuZXhwb3J0IHR5cGUgU3RhcmsgPSB0eXBlb2YgU3Rhcms7XG5cbi8qKiBLZXkgdHlwZSAqL1xuZXhwb3J0IHR5cGUgS2V5VHlwZSA9IFNlY3AyNTZrMSB8IEJscyB8IEVkMjU1MTkgfCBNbmVtb25pYyB8IFN0YXJrO1xuXG4vKiogQWRkaXRpb25hbCBwcm9wZXJ0aWVzIChmb3IgYmFja3dhcmQgY29tcGF0aWJpbGl0eSkgKi9cbmV4cG9ydCBpbnRlcmZhY2UgS2V5SW5mbyBleHRlbmRzIEtleUluZm9BcGkge1xuICAvKiogQWxpYXMgZm9yIGtleV9pZCAqL1xuICBpZDogc3RyaW5nO1xuICAvKiogQWxpYXMgZm9yIGtleV90eXBlICovXG4gIHR5cGU6IEtleVR5cGVBcGk7XG4gIC8qKiBBbGlhcyBmb3IgbWF0ZXJpYWxfaWQgKi9cbiAgbWF0ZXJpYWxJZDogc3RyaW5nO1xuICAvKiogQWxpYXMgZm9yIHB1YmxpY19rZXkgKi9cbiAgcHVibGljS2V5OiBzdHJpbmc7XG59XG5cbi8qKlxuICogRGVmaW5lIHNvbWUgYWRkaXRpb25hbCAoYmFja3dhcmQgY29tcGF0aWJpbGl0eSkgcHJvcGVydGllc1xuICogb24gYSBgS2V5SW5mb0FwaWAgb2JqZWN0IHJldHVybmVkIGZyb20gdGhlIHJlbW90ZSBlbmQuXG4gKlxuICogQHBhcmFtIHtLZXlJbmZvQXBpfSBrZXkgS2V5IGluZm9ybWF0aW9uIHJldHVybmVkIGZyb20gdGhlIHJlbW90ZSBlbmRcbiAqIEByZXR1cm4ge0tleUluZm99IFRoZSBzYW1lIGBrZXlgIG9iamVjdCBleHRlbmRlZCB3aXRoIHNvbWUgZGVyaXZlZCBwcm9wZXJ0aWVzLlxuICovXG5leHBvcnQgZnVuY3Rpb24gdG9LZXlJbmZvKGtleTogS2V5SW5mb0FwaSk6IEtleUluZm8ge1xuICByZXR1cm4ge1xuICAgIC4uLmtleSxcbiAgICBpZDoga2V5LmtleV9pZCxcbiAgICB0eXBlOiBrZXkua2V5X3R5cGUsXG4gICAgcHVibGljS2V5OiBrZXkucHVibGljX2tleSxcbiAgICBtYXRlcmlhbElkOiBrZXkubWF0ZXJpYWxfaWQsXG4gIH07XG59XG5cbi8qKlxuICogQSByZXByZXNlbnRhdGlvbiBvZiBhIHNpZ25pbmcga2V5LlxuICovXG5leHBvcnQgY2xhc3MgS2V5IHtcbiAgLyoqIFRoZSBDdWJlU2lnbmVyIGluc3RhbmNlIHRoYXQgdGhpcyBrZXkgaXMgYXNzb2NpYXRlZCB3aXRoICovXG4gIHByb3RlY3RlZCByZWFkb25seSBjc2M6IEN1YmVTaWduZXJDbGllbnQ7XG4gIC8qKiBUaGUga2V5IGluZm9ybWF0aW9uICovXG4gICNkYXRhOiBLZXlJbmZvO1xuXG4gIC8qKiBUaGUgb3JnYW5pemF0aW9uIHRoYXQgdGhpcyBrZXkgaXMgaW4gKi9cbiAgZ2V0IG9yZ0lkKCkge1xuICAgIHJldHVybiB0aGlzLmNzYy5vcmdJZDtcbiAgfVxuXG4gIC8qKlxuICAgKiBUaGUgaWQgb2YgdGhlIGtleTogXCJLZXkjXCIgZm9sbG93ZWQgYnkgYSB1bmlxdWUgaWRlbnRpZmllciBzcGVjaWZpYyB0b1xuICAgKiB0aGUgdHlwZSBvZiBrZXkgKHN1Y2ggYXMgYSBwdWJsaWMga2V5IGZvciBCTFMgb3IgYW4gZXRoZXJldW0gYWRkcmVzcyBmb3IgU2VjcClcbiAgICogQGV4YW1wbGUgS2V5IzB4OGUzNDg0Njg3ZTY2Y2RkMjZjZjA0YzM2NDc2MzNhYjRmMzU3MDE0OFxuICAgKi9cbiAgZ2V0IGlkKCk6IHN0cmluZyB7XG4gICAgcmV0dXJuIHRoaXMuI2RhdGEua2V5X2lkO1xuICB9XG5cbiAgLyoqXG4gICAqIEEgdW5pcXVlIGlkZW50aWZpZXIgc3BlY2lmaWMgdG8gdGhlIHR5cGUgb2Yga2V5LCBzdWNoIGFzIGEgcHVibGljIGtleSBvciBhbiBldGhlcmV1bSBhZGRyZXNzXG4gICAqIEBleGFtcGxlIDB4OGUzNDg0Njg3ZTY2Y2RkMjZjZjA0YzM2NDc2MzNhYjRmMzU3MDE0OFxuICAgKi9cbiAgZ2V0IG1hdGVyaWFsSWQoKTogc3RyaW5nIHtcbiAgICByZXR1cm4gdGhpcy4jZGF0YS5tYXRlcmlhbF9pZDtcbiAgfVxuXG4gIC8qKlxuICAgKiBAZGVzY3JpcHRpb24gSGV4LWVuY29kZWQsIHNlcmlhbGl6ZWQgcHVibGljIGtleS4gVGhlIGZvcm1hdCB1c2VkIGRlcGVuZHMgb24gdGhlIGtleSB0eXBlOlxuICAgKiAtIHNlY3AyNTZrMSBrZXlzIHVzZSA2NS1ieXRlIHVuY29tcHJlc3NlZCBTRUNHIGZvcm1hdFxuICAgKiAtIEJMUyBrZXlzIHVzZSA0OC1ieXRlIGNvbXByZXNzZWQgQkxTMTItMzgxIChaQ2FzaCkgZm9ybWF0XG4gICAqIEBleGFtcGxlIDB4MDRkMjY4OGI2YmMyY2U3Zjk4NzliOWU3NDVmM2M0ZGMxNzc5MDhjNWNlZjBjMWI2NGNmZjE5YWU3ZmYyN2RlZTYyM2M2NGZlOWQ5YzMyNWM3ZmJiYzc0OGJiZDVmNjA3Y2UxNGRkODNlMjhlYmJiYjdkM2U3ZjJmZmI3MGE3OTQzMVxuICAgKi9cbiAgZ2V0IHB1YmxpY0tleSgpOiBzdHJpbmcge1xuICAgIHJldHVybiB0aGlzLiNkYXRhLnB1YmxpY19rZXk7XG4gIH1cblxuICAvKipcbiAgICogR2V0IHRoZSBjYWNoZWQgcHJvcGVydGllcyBvZiB0aGlzIGtleS4gVGhlIGNhY2hlZCBwcm9wZXJ0aWVzIHJlZmxlY3QgdGhlXG4gICAqIHN0YXRlIG9mIHRoZSBsYXN0IGZldGNoIG9yIHVwZGF0ZSAoZS5nLiwgYWZ0ZXIgYXdhaXRpbmcgYEtleS5lbmFibGVkKClgXG4gICAqIG9yIGBLZXkuZGlzYWJsZSgpYCkuXG4gICAqL1xuICBnZXQgY2FjaGVkKCk6IEtleUluZm8ge1xuICAgIHJldHVybiB0aGlzLiNkYXRhO1xuICB9XG5cbiAgLyoqIFRoZSB0eXBlIG9mIGtleS4gKi9cbiAgYXN5bmMgdHlwZSgpOiBQcm9taXNlPEtleVR5cGU+IHtcbiAgICBjb25zdCBkYXRhID0gYXdhaXQgdGhpcy5mZXRjaCgpO1xuICAgIHJldHVybiBmcm9tU2NoZW1hS2V5VHlwZShkYXRhLmtleV90eXBlKTtcbiAgfVxuXG4gIC8qKiBJcyB0aGUga2V5IGVuYWJsZWQ/ICovXG4gIGFzeW5jIGVuYWJsZWQoKTogUHJvbWlzZTxib29sZWFuPiB7XG4gICAgY29uc3QgZGF0YSA9IGF3YWl0IHRoaXMuZmV0Y2goKTtcbiAgICByZXR1cm4gZGF0YS5lbmFibGVkO1xuICB9XG5cbiAgLyoqIEVuYWJsZSB0aGUga2V5LiAqL1xuICBhc3luYyBlbmFibGUoKSB7XG4gICAgYXdhaXQgdGhpcy51cGRhdGUoeyBlbmFibGVkOiB0cnVlIH0pO1xuICB9XG5cbiAgLyoqIERpc2FibGUgdGhlIGtleS4gKi9cbiAgYXN5bmMgZGlzYWJsZSgpIHtcbiAgICBhd2FpdCB0aGlzLnVwZGF0ZSh7IGVuYWJsZWQ6IGZhbHNlIH0pO1xuICB9XG5cbiAgLyoqXG4gICAqIFNldCBuZXcgcG9saWN5IChvdmVyd3JpdGluZyBhbnkgcG9saWNpZXMgcHJldmlvdXNseSBzZXQgZm9yIHRoaXMga2V5KVxuICAgKiBAcGFyYW0ge0tleVBvbGljeX0gcG9saWN5IFRoZSBuZXcgcG9saWN5IHRvIHNldFxuICAgKi9cbiAgYXN5bmMgc2V0UG9saWN5KHBvbGljeTogS2V5UG9saWN5KSB7XG4gICAgYXdhaXQgdGhpcy51cGRhdGUoeyBwb2xpY3k6IHBvbGljeSBhcyB1bmtub3duIGFzIFJlY29yZDxzdHJpbmcsIG5ldmVyPltdIH0pO1xuICB9XG5cbiAgLyoqXG4gICAqIEFwcGVuZCB0byBleGlzdGluZyBrZXkgcG9saWN5LiBUaGlzIGFwcGVuZCBpcyBub3QgYXRvbWljIC0tIGl0IHVzZXMge0BsaW5rIHBvbGljeX0gdG8gZmV0Y2ggdGhlIGN1cnJlbnQgcG9saWN5IGFuZCB0aGVuIHtAbGluayBzZXRQb2xpY3l9IHRvIHNldCB0aGUgcG9saWN5IC0tIGFuZCBzaG91bGQgbm90IGJlIHVzZWQgaW4gYWNyb3NzIGNvbmN1cnJlbnQgc2Vzc2lvbnMuXG4gICAqIEBwYXJhbSB7S2V5UG9saWN5fSBwb2xpY3kgVGhlIHBvbGljeSB0byBhcHBlbmQgdG8gdGhlIGV4aXN0aW5nIG9uZS5cbiAgICovXG4gIGFzeW5jIGFwcGVuZFBvbGljeShwb2xpY3k6IEtleVBvbGljeSkge1xuICAgIGNvbnN0IGV4aXN0aW5nID0gYXdhaXQgdGhpcy5wb2xpY3koKTtcbiAgICBhd2FpdCB0aGlzLnNldFBvbGljeShbLi4uZXhpc3RpbmcsIC4uLnBvbGljeV0pO1xuICB9XG5cbiAgLyoqXG4gICAqIEdldCB0aGUgcG9saWN5IGZvciB0aGUga2V5LlxuICAgKiBAcmV0dXJuIHtQcm9taXNlPEtleVBvbGljeT59IFRoZSBwb2xpY3kgZm9yIHRoZSBrZXkuXG4gICAqL1xuICBhc3luYyBwb2xpY3koKTogUHJvbWlzZTxLZXlQb2xpY3k+IHtcbiAgICBjb25zdCBkYXRhID0gYXdhaXQgdGhpcy5mZXRjaCgpO1xuICAgIHJldHVybiAoZGF0YS5wb2xpY3kgPz8gW10pIGFzIHVua25vd24gYXMgS2V5UG9saWN5O1xuICB9XG5cbiAgLyoqXG4gICAqIEBkZXNjcmlwdGlvbiBPd25lciBvZiB0aGUga2V5XG4gICAqIEBleGFtcGxlIFVzZXIjYzNiOTM3OWMtNGU4Yy00MjE2LWJkMGEtNjVhY2U1M2NmOThmXG4gICAqL1xuICBhc3luYyBvd25lcigpOiBQcm9taXNlPHN0cmluZz4ge1xuICAgIGNvbnN0IGRhdGEgPSBhd2FpdCB0aGlzLmZldGNoKCk7XG4gICAgcmV0dXJuIGRhdGEub3duZXI7XG4gIH1cblxuICAvKipcbiAgICogU2V0IHRoZSBvd25lciBvZiB0aGUga2V5LiBPbmx5IHRoZSBrZXkgKG9yIG9yZykgb3duZXIgY2FuIGNoYW5nZSB0aGUgb3duZXIgb2YgdGhlIGtleS5cbiAgICogQHBhcmFtIHtzdHJpbmd9IG93bmVyIFRoZSB1c2VyLWlkIG9mIHRoZSBuZXcgb3duZXIgb2YgdGhlIGtleS5cbiAgICovXG4gIGFzeW5jIHNldE93bmVyKG93bmVyOiBzdHJpbmcpIHtcbiAgICBhd2FpdCB0aGlzLnVwZGF0ZSh7IG93bmVyIH0pO1xuICB9XG5cbiAgLyoqXG4gICAqIERlbGV0ZSB0aGlzIGtleS5cbiAgICovXG4gIGFzeW5jIGRlbGV0ZSgpIHtcbiAgICBhd2FpdCB0aGlzLmNzYy5rZXlEZWxldGUodGhpcy5pZCk7XG4gIH1cblxuICAvLyAtLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLVxuICAvLyAtLSBJTlRFUk5BTCAtLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLVxuICAvLyAtLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLVxuXG4gIC8qKlxuICAgKiBDcmVhdGUgYSBuZXcga2V5LlxuICAgKlxuICAgKiBAcGFyYW0ge0N1YmVTaWduZXJDbGllbnR9IGNzYyBUaGUgQ3ViZVNpZ25lciBpbnN0YW5jZSB0byB1c2UgZm9yIHNpZ25pbmcuXG4gICAqIEBwYXJhbSB7S2V5SW5mb0FwaX0gZGF0YSBUaGUgSlNPTiByZXNwb25zZSBmcm9tIHRoZSBBUEkgc2VydmVyLlxuICAgKiBAaW50ZXJuYWxcbiAgICovXG4gIGNvbnN0cnVjdG9yKGNzYzogQ3ViZVNpZ25lckNsaWVudCwgZGF0YTogS2V5SW5mb0FwaSkge1xuICAgIHRoaXMuY3NjID0gY3NjO1xuICAgIHRoaXMuI2RhdGEgPSB0b0tleUluZm8oZGF0YSk7XG4gIH1cblxuICAvKipcbiAgICogVXBkYXRlIHRoZSBrZXkuXG4gICAqIEBwYXJhbSB7VXBkYXRlS2V5UmVxdWVzdH0gcmVxdWVzdCBUaGUgSlNPTiByZXF1ZXN0IHRvIHNlbmQgdG8gdGhlIEFQSSBzZXJ2ZXIuXG4gICAqIEByZXR1cm4ge0tleUluZm99IFRoZSBKU09OIHJlc3BvbnNlIGZyb20gdGhlIEFQSSBzZXJ2ZXIuXG4gICAqIEBpbnRlcm5hbFxuICAgKi9cbiAgcHJpdmF0ZSBhc3luYyB1cGRhdGUocmVxdWVzdDogVXBkYXRlS2V5UmVxdWVzdCk6IFByb21pc2U8S2V5SW5mbz4ge1xuICAgIHRoaXMuI2RhdGEgPSBhd2FpdCB0aGlzLmNzYy5rZXlVcGRhdGUodGhpcy5pZCwgcmVxdWVzdCkudGhlbih0b0tleUluZm8pO1xuICAgIHJldHVybiB0aGlzLiNkYXRhO1xuICB9XG5cbiAgLyoqXG4gICAqIEZldGNoIHRoZSBrZXkgaW5mb3JtYXRpb24uXG4gICAqXG4gICAqIEByZXR1cm4ge0tleUluZm99IFRoZSBrZXkgaW5mb3JtYXRpb24uXG4gICAqIEBpbnRlcm5hbFxuICAgKi9cbiAgcHJpdmF0ZSBhc3luYyBmZXRjaCgpOiBQcm9taXNlPEtleUluZm8+IHtcbiAgICB0aGlzLiNkYXRhID0gYXdhaXQgdGhpcy5jc2Mua2V5R2V0KHRoaXMuaWQpLnRoZW4odG9LZXlJbmZvKTtcbiAgICByZXR1cm4gdGhpcy4jZGF0YTtcbiAgfVxufVxuXG4vKipcbiAqIENvbnZlcnQgYSBzY2hlbWEga2V5IHR5cGUgdG8gYSBrZXkgdHlwZS5cbiAqXG4gKiBAcGFyYW0ge1NjaGVtYUtleVR5cGV9IHR5IFRoZSBzY2hlbWEga2V5IHR5cGUuXG4gKiBAcmV0dXJuIHtLZXlUeXBlfSBUaGUga2V5IHR5cGUuXG4gKiBAaW50ZXJuYWxcbiAqL1xuZXhwb3J0IGZ1bmN0aW9uIGZyb21TY2hlbWFLZXlUeXBlKHR5OiBTY2hlbWFLZXlUeXBlKTogS2V5VHlwZSB7XG4gIHN3aXRjaCAodHkpIHtcbiAgICBjYXNlIFwiU2VjcEV0aEFkZHJcIjpcbiAgICAgIHJldHVybiBTZWNwMjU2azEuRXZtO1xuICAgIGNhc2UgXCJTZWNwQnRjXCI6XG4gICAgICByZXR1cm4gU2VjcDI1NmsxLkJ0YztcbiAgICBjYXNlIFwiU2VjcEJ0Y1Rlc3RcIjpcbiAgICAgIHJldHVybiBTZWNwMjU2azEuQnRjVGVzdDtcbiAgICBjYXNlIFwiU2VjcEF2YUFkZHJcIjpcbiAgICAgIHJldHVybiBTZWNwMjU2azEuQXZhO1xuICAgIGNhc2UgXCJTZWNwQXZhVGVzdEFkZHJcIjpcbiAgICAgIHJldHVybiBTZWNwMjU2azEuQXZhVGVzdDtcbiAgICBjYXNlIFwiQmxzUHViXCI6XG4gICAgICByZXR1cm4gQmxzLkV0aDJEZXBvc2l0ZWQ7XG4gICAgY2FzZSBcIkJsc0luYWN0aXZlXCI6XG4gICAgICByZXR1cm4gQmxzLkV0aDJJbmFjdGl2ZTtcbiAgICBjYXNlIFwiRWQyNTUxOVNvbGFuYUFkZHJcIjpcbiAgICAgIHJldHVybiBFZDI1NTE5LlNvbGFuYTtcbiAgICBjYXNlIFwiRWQyNTUxOVN1aUFkZHJcIjpcbiAgICAgIHJldHVybiBFZDI1NTE5LlN1aTtcbiAgICBjYXNlIFwiRWQyNTUxOUFwdG9zQWRkclwiOlxuICAgICAgcmV0dXJuIEVkMjU1MTkuQXB0b3M7XG4gICAgY2FzZSBcIkVkMjU1MTlDYXJkYW5vQWRkclZrXCI6XG4gICAgICByZXR1cm4gRWQyNTUxOS5DYXJkYW5vO1xuICAgIGNhc2UgXCJFZDI1NTE5U3RlbGxhckFkZHJcIjpcbiAgICAgIHJldHVybiBFZDI1NTE5LlN0ZWxsYXI7XG4gICAgY2FzZSBcIlN0YXJrXCI6XG4gICAgICByZXR1cm4gU3Rhcms7XG4gICAgY2FzZSBcIk1uZW1vbmljXCI6XG4gICAgICByZXR1cm4gTW5lbW9uaWM7XG4gIH1cbn1cbiJdfQ==
|
|
@@ -0,0 +1,94 @@
|
|
|
1
|
+
import { ApiAddFidoChallenge, ApiMfaFidoChallenge, MfaRequestInfo, TotpInfo } from "./schema_types";
|
|
2
|
+
import { CubeSignerApi } from "./api";
|
|
3
|
+
/** MFA receipt */
|
|
4
|
+
export interface MfaReceipt {
|
|
5
|
+
/** MFA request ID */
|
|
6
|
+
mfaId: string;
|
|
7
|
+
/** Corresponding org ID */
|
|
8
|
+
mfaOrgId: string;
|
|
9
|
+
/** MFA confirmation code */
|
|
10
|
+
mfaConf: string;
|
|
11
|
+
}
|
|
12
|
+
/** TOTP challenge that must be answered before user's TOTP is updated */
|
|
13
|
+
export declare class TotpChallenge {
|
|
14
|
+
#private;
|
|
15
|
+
/** The id of the challenge */
|
|
16
|
+
get totpId(): string;
|
|
17
|
+
/** The new TOTP configuration */
|
|
18
|
+
get totpUrl(): string;
|
|
19
|
+
/**
|
|
20
|
+
* @param {CubeSignerApi} api Used when answering the challenge.
|
|
21
|
+
* @param {TotpInfo} totpInfo TOTP challenge information.
|
|
22
|
+
*/
|
|
23
|
+
constructor(api: CubeSignerApi, totpInfo: TotpInfo);
|
|
24
|
+
/**
|
|
25
|
+
* Answer the challenge with the code that corresponds to `this.totpUrl`.
|
|
26
|
+
* @param {string} code 6-digit code that corresponds to `this.totpUrl`.
|
|
27
|
+
*/
|
|
28
|
+
answer(code: string): Promise<void>;
|
|
29
|
+
}
|
|
30
|
+
/**
|
|
31
|
+
* Returned after creating a request to add a new FIDO device.
|
|
32
|
+
* Provides some helper methods for answering this challenge.
|
|
33
|
+
*/
|
|
34
|
+
export declare class AddFidoChallenge {
|
|
35
|
+
#private;
|
|
36
|
+
readonly challengeId: string;
|
|
37
|
+
readonly options: any;
|
|
38
|
+
/**
|
|
39
|
+
* Constructor
|
|
40
|
+
* @param {CubeSignerApi} api The API client used to request to add a FIDO device
|
|
41
|
+
* @param {ApiAddFidoChallenge} challenge The challenge returned by the remote end.
|
|
42
|
+
*/
|
|
43
|
+
constructor(api: CubeSignerApi, challenge: ApiAddFidoChallenge);
|
|
44
|
+
/**
|
|
45
|
+
* Answers this challenge by using the `CredentialsContainer` API to create a credential
|
|
46
|
+
* based on the the public key credential creation options from this challenge.
|
|
47
|
+
*/
|
|
48
|
+
createCredentialAndAnswer(): Promise<void>;
|
|
49
|
+
/**
|
|
50
|
+
* Answers this challenge using a given credential `cred`;
|
|
51
|
+
* the credential should be obtained by calling
|
|
52
|
+
*
|
|
53
|
+
* ```
|
|
54
|
+
* const cred = await navigator.credentials.create({ publicKey: this.options });
|
|
55
|
+
* ```
|
|
56
|
+
*
|
|
57
|
+
* @param {any} cred Credential created by calling the `CredentialContainer`'s `create` method
|
|
58
|
+
* based on the public key creation options from this challenge.
|
|
59
|
+
*/
|
|
60
|
+
answer(cred: any): Promise<void>;
|
|
61
|
+
}
|
|
62
|
+
/**
|
|
63
|
+
* Returned after initiating MFA approval using FIDO.
|
|
64
|
+
* Provides some helper methods for answering this challenge.
|
|
65
|
+
*/
|
|
66
|
+
export declare class MfaFidoChallenge {
|
|
67
|
+
#private;
|
|
68
|
+
readonly mfaId: string;
|
|
69
|
+
readonly challengeId: string;
|
|
70
|
+
readonly options: any;
|
|
71
|
+
/**
|
|
72
|
+
* @param {CubeSignerApi} api The API client used to initiate MFA approval using FIDO
|
|
73
|
+
* @param {string} mfaId The MFA request id.
|
|
74
|
+
* @param {ApiMfaFidoChallenge} challenge The challenge returned by the remote end
|
|
75
|
+
*/
|
|
76
|
+
constructor(api: CubeSignerApi, mfaId: string, challenge: ApiMfaFidoChallenge);
|
|
77
|
+
/**
|
|
78
|
+
* Answers this challenge by using the `CredentialsContainer` API to get a credential
|
|
79
|
+
* based on the the public key credential request options from this challenge.
|
|
80
|
+
*/
|
|
81
|
+
createCredentialAndAnswer(): Promise<MfaRequestInfo>;
|
|
82
|
+
/**
|
|
83
|
+
* Answers this challenge using a given credential `cred`.
|
|
84
|
+
* To obtain this credential, for example, call
|
|
85
|
+
*
|
|
86
|
+
* ```
|
|
87
|
+
* const cred = await navigator.credentials.get({ publicKey: this.options });
|
|
88
|
+
* ```
|
|
89
|
+
*
|
|
90
|
+
* @param {any} cred Credential created by calling the `CredentialContainer`'s `get` method
|
|
91
|
+
* based on the public key credential request options from this challenge.
|
|
92
|
+
*/
|
|
93
|
+
answer(cred: any): Promise<MfaRequestInfo>;
|
|
94
|
+
}
|
package/dist/src/mfa.js
ADDED
|
@@ -0,0 +1,169 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
/* eslint-disable @typescript-eslint/no-explicit-any */
|
|
3
|
+
var __classPrivateFieldGet = (this && this.__classPrivateFieldGet) || function (receiver, state, kind, f) {
|
|
4
|
+
if (kind === "a" && !f) throw new TypeError("Private accessor was defined without a getter");
|
|
5
|
+
if (typeof state === "function" ? receiver !== state || !f : !state.has(receiver)) throw new TypeError("Cannot read private member from an object whose class did not declare it");
|
|
6
|
+
return kind === "m" ? f : kind === "a" ? f.call(receiver) : f ? f.value : state.get(receiver);
|
|
7
|
+
};
|
|
8
|
+
var __classPrivateFieldSet = (this && this.__classPrivateFieldSet) || function (receiver, state, value, kind, f) {
|
|
9
|
+
if (kind === "m") throw new TypeError("Private method is not writable");
|
|
10
|
+
if (kind === "a" && !f) throw new TypeError("Private accessor was defined without a setter");
|
|
11
|
+
if (typeof state === "function" ? receiver !== state || !f : !state.has(receiver)) throw new TypeError("Cannot write private member to an object whose class did not declare it");
|
|
12
|
+
return (kind === "a" ? f.call(receiver, value) : f ? f.value = value : state.set(receiver, value)), value;
|
|
13
|
+
};
|
|
14
|
+
var _TotpChallenge_api, _TotpChallenge_totpInfo, _AddFidoChallenge_api, _MfaFidoChallenge_api;
|
|
15
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
16
|
+
exports.MfaFidoChallenge = exports.AddFidoChallenge = exports.TotpChallenge = void 0;
|
|
17
|
+
const util_1 = require("./util");
|
|
18
|
+
/** TOTP challenge that must be answered before user's TOTP is updated */
|
|
19
|
+
class TotpChallenge {
|
|
20
|
+
/** The id of the challenge */
|
|
21
|
+
get totpId() {
|
|
22
|
+
return __classPrivateFieldGet(this, _TotpChallenge_totpInfo, "f").totp_id;
|
|
23
|
+
}
|
|
24
|
+
/** The new TOTP configuration */
|
|
25
|
+
get totpUrl() {
|
|
26
|
+
return __classPrivateFieldGet(this, _TotpChallenge_totpInfo, "f").totp_url;
|
|
27
|
+
}
|
|
28
|
+
/**
|
|
29
|
+
* @param {CubeSignerApi} api Used when answering the challenge.
|
|
30
|
+
* @param {TotpInfo} totpInfo TOTP challenge information.
|
|
31
|
+
*/
|
|
32
|
+
constructor(api, totpInfo) {
|
|
33
|
+
_TotpChallenge_api.set(this, void 0);
|
|
34
|
+
_TotpChallenge_totpInfo.set(this, void 0);
|
|
35
|
+
__classPrivateFieldSet(this, _TotpChallenge_api, api, "f");
|
|
36
|
+
__classPrivateFieldSet(this, _TotpChallenge_totpInfo, totpInfo, "f");
|
|
37
|
+
}
|
|
38
|
+
/**
|
|
39
|
+
* Answer the challenge with the code that corresponds to `this.totpUrl`.
|
|
40
|
+
* @param {string} code 6-digit code that corresponds to `this.totpUrl`.
|
|
41
|
+
*/
|
|
42
|
+
async answer(code) {
|
|
43
|
+
if (!/^\d{1,6}$/.test(code)) {
|
|
44
|
+
throw new Error(`Invalid TOTP code: ${code}; it must be a 6-digit string`);
|
|
45
|
+
}
|
|
46
|
+
await __classPrivateFieldGet(this, _TotpChallenge_api, "f").userTotpResetComplete(this.totpId, code);
|
|
47
|
+
}
|
|
48
|
+
}
|
|
49
|
+
exports.TotpChallenge = TotpChallenge;
|
|
50
|
+
_TotpChallenge_api = new WeakMap(), _TotpChallenge_totpInfo = new WeakMap();
|
|
51
|
+
/**
|
|
52
|
+
* Returned after creating a request to add a new FIDO device.
|
|
53
|
+
* Provides some helper methods for answering this challenge.
|
|
54
|
+
*/
|
|
55
|
+
class AddFidoChallenge {
|
|
56
|
+
/**
|
|
57
|
+
* Constructor
|
|
58
|
+
* @param {CubeSignerApi} api The API client used to request to add a FIDO device
|
|
59
|
+
* @param {ApiAddFidoChallenge} challenge The challenge returned by the remote end.
|
|
60
|
+
*/
|
|
61
|
+
constructor(api, challenge) {
|
|
62
|
+
_AddFidoChallenge_api.set(this, void 0);
|
|
63
|
+
__classPrivateFieldSet(this, _AddFidoChallenge_api, api, "f");
|
|
64
|
+
this.challengeId = challenge.challenge_id;
|
|
65
|
+
// fix options returned from the server: rename fields and decode base64 fields to uint8[]
|
|
66
|
+
this.options = {
|
|
67
|
+
...challenge.options,
|
|
68
|
+
challenge: (0, util_1.decodeBase64Url)(challenge.options.challenge),
|
|
69
|
+
};
|
|
70
|
+
if (challenge.options.user) {
|
|
71
|
+
this.options.user.id = (0, util_1.decodeBase64Url)(challenge.options.user.id);
|
|
72
|
+
}
|
|
73
|
+
for (const credential of this.options.excludeCredentials ?? []) {
|
|
74
|
+
credential.id = (0, util_1.decodeBase64Url)(credential.id);
|
|
75
|
+
}
|
|
76
|
+
}
|
|
77
|
+
/**
|
|
78
|
+
* Answers this challenge by using the `CredentialsContainer` API to create a credential
|
|
79
|
+
* based on the the public key credential creation options from this challenge.
|
|
80
|
+
*/
|
|
81
|
+
async createCredentialAndAnswer() {
|
|
82
|
+
const cred = await navigator.credentials.create({ publicKey: this.options });
|
|
83
|
+
await this.answer(cred);
|
|
84
|
+
}
|
|
85
|
+
/**
|
|
86
|
+
* Answers this challenge using a given credential `cred`;
|
|
87
|
+
* the credential should be obtained by calling
|
|
88
|
+
*
|
|
89
|
+
* ```
|
|
90
|
+
* const cred = await navigator.credentials.create({ publicKey: this.options });
|
|
91
|
+
* ```
|
|
92
|
+
*
|
|
93
|
+
* @param {any} cred Credential created by calling the `CredentialContainer`'s `create` method
|
|
94
|
+
* based on the public key creation options from this challenge.
|
|
95
|
+
*/
|
|
96
|
+
async answer(cred) {
|
|
97
|
+
const answer = {
|
|
98
|
+
id: cred.id,
|
|
99
|
+
response: {
|
|
100
|
+
clientDataJSON: (0, util_1.encodeToBase64Url)(cred.response.clientDataJSON),
|
|
101
|
+
attestationObject: (0, util_1.encodeToBase64Url)(cred.response.attestationObject),
|
|
102
|
+
},
|
|
103
|
+
};
|
|
104
|
+
await __classPrivateFieldGet(this, _AddFidoChallenge_api, "f").userFidoRegisterComplete(this.challengeId, answer);
|
|
105
|
+
}
|
|
106
|
+
}
|
|
107
|
+
exports.AddFidoChallenge = AddFidoChallenge;
|
|
108
|
+
_AddFidoChallenge_api = new WeakMap();
|
|
109
|
+
/**
|
|
110
|
+
* Returned after initiating MFA approval using FIDO.
|
|
111
|
+
* Provides some helper methods for answering this challenge.
|
|
112
|
+
*/
|
|
113
|
+
class MfaFidoChallenge {
|
|
114
|
+
/**
|
|
115
|
+
* @param {CubeSignerApi} api The API client used to initiate MFA approval using FIDO
|
|
116
|
+
* @param {string} mfaId The MFA request id.
|
|
117
|
+
* @param {ApiMfaFidoChallenge} challenge The challenge returned by the remote end
|
|
118
|
+
*/
|
|
119
|
+
constructor(api, mfaId, challenge) {
|
|
120
|
+
_MfaFidoChallenge_api.set(this, void 0);
|
|
121
|
+
__classPrivateFieldSet(this, _MfaFidoChallenge_api, api, "f");
|
|
122
|
+
this.mfaId = mfaId;
|
|
123
|
+
this.challengeId = challenge.challenge_id;
|
|
124
|
+
// fix options returned from the server: rename fields and decode base64 fields into uint8[]
|
|
125
|
+
this.options = {
|
|
126
|
+
...challenge.options,
|
|
127
|
+
challenge: (0, util_1.decodeBase64Url)(challenge.options.challenge),
|
|
128
|
+
};
|
|
129
|
+
for (const credential of this.options.allowCredentials ?? []) {
|
|
130
|
+
credential.id = (0, util_1.decodeBase64Url)(credential.id);
|
|
131
|
+
if (credential.transports === null) {
|
|
132
|
+
delete credential.transports;
|
|
133
|
+
}
|
|
134
|
+
}
|
|
135
|
+
}
|
|
136
|
+
/**
|
|
137
|
+
* Answers this challenge by using the `CredentialsContainer` API to get a credential
|
|
138
|
+
* based on the the public key credential request options from this challenge.
|
|
139
|
+
*/
|
|
140
|
+
async createCredentialAndAnswer() {
|
|
141
|
+
const cred = await navigator.credentials.get({ publicKey: this.options });
|
|
142
|
+
return await this.answer(cred);
|
|
143
|
+
}
|
|
144
|
+
/**
|
|
145
|
+
* Answers this challenge using a given credential `cred`.
|
|
146
|
+
* To obtain this credential, for example, call
|
|
147
|
+
*
|
|
148
|
+
* ```
|
|
149
|
+
* const cred = await navigator.credentials.get({ publicKey: this.options });
|
|
150
|
+
* ```
|
|
151
|
+
*
|
|
152
|
+
* @param {any} cred Credential created by calling the `CredentialContainer`'s `get` method
|
|
153
|
+
* based on the public key credential request options from this challenge.
|
|
154
|
+
*/
|
|
155
|
+
async answer(cred) {
|
|
156
|
+
const answer = {
|
|
157
|
+
id: cred.id,
|
|
158
|
+
response: {
|
|
159
|
+
clientDataJSON: (0, util_1.encodeToBase64Url)(cred.response.clientDataJSON),
|
|
160
|
+
authenticatorData: (0, util_1.encodeToBase64Url)(cred.response.authenticatorData),
|
|
161
|
+
signature: (0, util_1.encodeToBase64Url)(cred.response.signature),
|
|
162
|
+
},
|
|
163
|
+
};
|
|
164
|
+
return await __classPrivateFieldGet(this, _MfaFidoChallenge_api, "f").mfaApproveFidoComplete(this.mfaId, this.challengeId, answer);
|
|
165
|
+
}
|
|
166
|
+
}
|
|
167
|
+
exports.MfaFidoChallenge = MfaFidoChallenge;
|
|
168
|
+
_MfaFidoChallenge_api = new WeakMap();
|
|
169
|
+
//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoibWZhLmpzIiwic291cmNlUm9vdCI6IiIsInNvdXJjZXMiOlsiLi4vLi4vc3JjL21mYS50cyJdLCJuYW1lcyI6W10sIm1hcHBpbmdzIjoiO0FBQUEsdURBQXVEOzs7Ozs7Ozs7Ozs7Ozs7QUFTdkQsaUNBQTREO0FBYTVELHlFQUF5RTtBQUN6RSxNQUFhLGFBQWE7SUFJeEIsOEJBQThCO0lBQzlCLElBQUksTUFBTTtRQUNSLE9BQU8sdUJBQUEsSUFBSSwrQkFBVSxDQUFDLE9BQU8sQ0FBQztJQUNoQyxDQUFDO0lBRUQsaUNBQWlDO0lBQ2pDLElBQUksT0FBTztRQUNULE9BQU8sdUJBQUEsSUFBSSwrQkFBVSxDQUFDLFFBQVEsQ0FBQztJQUNqQyxDQUFDO0lBRUQ7OztPQUdHO0lBQ0gsWUFBWSxHQUFrQixFQUFFLFFBQWtCO1FBakJ6QyxxQ0FBb0I7UUFDcEIsMENBQW9CO1FBaUIzQix1QkFBQSxJQUFJLHNCQUFRLEdBQUcsTUFBQSxDQUFDO1FBQ2hCLHVCQUFBLElBQUksMkJBQWEsUUFBUSxNQUFBLENBQUM7SUFDNUIsQ0FBQztJQUVEOzs7T0FHRztJQUNILEtBQUssQ0FBQyxNQUFNLENBQUMsSUFBWTtRQUN2QixJQUFJLENBQUMsV0FBVyxDQUFDLElBQUksQ0FBQyxJQUFJLENBQUMsRUFBRSxDQUFDO1lBQzVCLE1BQU0sSUFBSSxLQUFLLENBQUMsc0JBQXNCLElBQUksK0JBQStCLENBQUMsQ0FBQztRQUM3RSxDQUFDO1FBRUQsTUFBTSx1QkFBQSxJQUFJLDBCQUFLLENBQUMscUJBQXFCLENBQUMsSUFBSSxDQUFDLE1BQU0sRUFBRSxJQUFJLENBQUMsQ0FBQztJQUMzRCxDQUFDO0NBQ0Y7QUFsQ0Qsc0NBa0NDOztBQUVEOzs7R0FHRztBQUNILE1BQWEsZ0JBQWdCO0lBSzNCOzs7O09BSUc7SUFDSCxZQUFZLEdBQWtCLEVBQUUsU0FBOEI7UUFUckQsd0NBQW9CO1FBVTNCLHVCQUFBLElBQUkseUJBQVEsR0FBRyxNQUFBLENBQUM7UUFDaEIsSUFBSSxDQUFDLFdBQVcsR0FBRyxTQUFTLENBQUMsWUFBWSxDQUFDO1FBRTFDLDBGQUEwRjtRQUMxRixJQUFJLENBQUMsT0FBTyxHQUFHO1lBQ2IsR0FBRyxTQUFTLENBQUMsT0FBTztZQUNwQixTQUFTLEVBQUUsSUFBQSxzQkFBZSxFQUFDLFNBQVMsQ0FBQyxPQUFPLENBQUMsU0FBUyxDQUFDO1NBQ3hELENBQUM7UUFFRixJQUFJLFNBQVMsQ0FBQyxPQUFPLENBQUMsSUFBSSxFQUFFLENBQUM7WUFDM0IsSUFBSSxDQUFDLE9BQU8sQ0FBQyxJQUFJLENBQUMsRUFBRSxHQUFHLElBQUEsc0JBQWUsRUFBQyxTQUFTLENBQUMsT0FBTyxDQUFDLElBQUksQ0FBQyxFQUFFLENBQUMsQ0FBQztRQUNwRSxDQUFDO1FBRUQsS0FBSyxNQUFNLFVBQVUsSUFBSSxJQUFJLENBQUMsT0FBTyxDQUFDLGtCQUFrQixJQUFJLEVBQUUsRUFBRSxDQUFDO1lBQy9ELFVBQVUsQ0FBQyxFQUFFLEdBQUcsSUFBQSxzQkFBZSxFQUFDLFVBQVUsQ0FBQyxFQUFFLENBQUMsQ0FBQztRQUNqRCxDQUFDO0lBQ0gsQ0FBQztJQUVEOzs7T0FHRztJQUNILEtBQUssQ0FBQyx5QkFBeUI7UUFDN0IsTUFBTSxJQUFJLEdBQUcsTUFBTSxTQUFTLENBQUMsV0FBVyxDQUFDLE1BQU0sQ0FBQyxFQUFFLFNBQVMsRUFBRSxJQUFJLENBQUMsT0FBTyxFQUFFLENBQUMsQ0FBQztRQUM3RSxNQUFNLElBQUksQ0FBQyxNQUFNLENBQUMsSUFBSSxDQUFDLENBQUM7SUFDMUIsQ0FBQztJQUVEOzs7Ozs7Ozs7O09BVUc7SUFDSCxLQUFLLENBQUMsTUFBTSxDQUFDLElBQVM7UUFDcEIsTUFBTSxNQUFNLEdBQXdCO1lBQ2xDLEVBQUUsRUFBRSxJQUFJLENBQUMsRUFBRTtZQUNYLFFBQVEsRUFBRTtnQkFDUixjQUFjLEVBQUUsSUFBQSx3QkFBaUIsRUFBQyxJQUFJLENBQUMsUUFBUSxDQUFDLGNBQWMsQ0FBQztnQkFDL0QsaUJBQWlCLEVBQUUsSUFBQSx3QkFBaUIsRUFBQyxJQUFJLENBQUMsUUFBUSxDQUFDLGlCQUFpQixDQUFDO2FBQ3RFO1NBQ0YsQ0FBQztRQUNGLE1BQU0sdUJBQUEsSUFBSSw2QkFBSyxDQUFDLHdCQUF3QixDQUFDLElBQUksQ0FBQyxXQUFXLEVBQUUsTUFBTSxDQUFDLENBQUM7SUFDckUsQ0FBQztDQUNGO0FBM0RELDRDQTJEQzs7QUFFRDs7O0dBR0c7QUFDSCxNQUFhLGdCQUFnQjtJQU0zQjs7OztPQUlHO0lBQ0gsWUFBWSxHQUFrQixFQUFFLEtBQWEsRUFBRSxTQUE4QjtRQVZwRSx3Q0FBb0I7UUFXM0IsdUJBQUEsSUFBSSx5QkFBUSxHQUFHLE1BQUEsQ0FBQztRQUNoQixJQUFJLENBQUMsS0FBSyxHQUFHLEtBQUssQ0FBQztRQUNuQixJQUFJLENBQUMsV0FBVyxHQUFHLFNBQVMsQ0FBQyxZQUFZLENBQUM7UUFFMUMsNEZBQTRGO1FBQzVGLElBQUksQ0FBQyxPQUFPLEdBQUc7WUFDYixHQUFHLFNBQVMsQ0FBQyxPQUFPO1lBQ3BCLFNBQVMsRUFBRSxJQUFBLHNCQUFlLEVBQUMsU0FBUyxDQUFDLE9BQU8sQ0FBQyxTQUFTLENBQUM7U0FDeEQsQ0FBQztRQUVGLEtBQUssTUFBTSxVQUFVLElBQUksSUFBSSxDQUFDLE9BQU8sQ0FBQyxnQkFBZ0IsSUFBSSxFQUFFLEVBQUUsQ0FBQztZQUM3RCxVQUFVLENBQUMsRUFBRSxHQUFHLElBQUEsc0JBQWUsRUFBQyxVQUFVLENBQUMsRUFBRSxDQUFDLENBQUM7WUFDL0MsSUFBSSxVQUFVLENBQUMsVUFBVSxLQUFLLElBQUksRUFBRSxDQUFDO2dCQUNuQyxPQUFPLFVBQVUsQ0FBQyxVQUFVLENBQUM7WUFDL0IsQ0FBQztRQUNILENBQUM7SUFDSCxDQUFDO0lBRUQ7OztPQUdHO0lBQ0gsS0FBSyxDQUFDLHlCQUF5QjtRQUM3QixNQUFNLElBQUksR0FBRyxNQUFNLFNBQVMsQ0FBQyxXQUFXLENBQUMsR0FBRyxDQUFDLEVBQUUsU0FBUyxFQUFFLElBQUksQ0FBQyxPQUFPLEVBQUUsQ0FBQyxDQUFDO1FBQzFFLE9BQU8sTUFBTSxJQUFJLENBQUMsTUFBTSxDQUFDLElBQUksQ0FBQyxDQUFDO0lBQ2pDLENBQUM7SUFFRDs7Ozs7Ozs7OztPQVVHO0lBQ0gsS0FBSyxDQUFDLE1BQU0sQ0FBQyxJQUFTO1FBQ3BCLE1BQU0sTUFBTSxHQUF3QjtZQUNsQyxFQUFFLEVBQUUsSUFBSSxDQUFDLEVBQUU7WUFDWCxRQUFRLEVBQUU7Z0JBQ1IsY0FBYyxFQUFFLElBQUEsd0JBQWlCLEVBQUMsSUFBSSxDQUFDLFFBQVEsQ0FBQyxjQUFjLENBQUM7Z0JBQy9ELGlCQUFpQixFQUFFLElBQUEsd0JBQWlCLEVBQUMsSUFBSSxDQUFDLFFBQVEsQ0FBQyxpQkFBaUIsQ0FBQztnQkFDckUsU0FBUyxFQUFFLElBQUEsd0JBQWlCLEVBQUMsSUFBSSxDQUFDLFFBQVEsQ0FBQyxTQUFTLENBQUM7YUFDdEQ7U0FDRixDQUFDO1FBQ0YsT0FBTyxNQUFNLHVCQUFBLElBQUksNkJBQUssQ0FBQyxzQkFBc0IsQ0FBQyxJQUFJLENBQUMsS0FBSyxFQUFFLElBQUksQ0FBQyxXQUFXLEVBQUUsTUFBTSxDQUFDLENBQUM7SUFDdEYsQ0FBQztDQUNGO0FBN0RELDRDQTZEQyIsInNvdXJjZXNDb250ZW50IjpbIi8qIGVzbGludC1kaXNhYmxlIEB0eXBlc2NyaXB0LWVzbGludC9uby1leHBsaWNpdC1hbnkgKi9cblxuaW1wb3J0IHtcbiAgQXBpQWRkRmlkb0NoYWxsZW5nZSxcbiAgQXBpTWZhRmlkb0NoYWxsZW5nZSxcbiAgTWZhUmVxdWVzdEluZm8sXG4gIFB1YmxpY0tleUNyZWRlbnRpYWwsXG4gIFRvdHBJbmZvLFxufSBmcm9tIFwiLi9zY2hlbWFfdHlwZXNcIjtcbmltcG9ydCB7IGRlY29kZUJhc2U2NFVybCwgZW5jb2RlVG9CYXNlNjRVcmwgfSBmcm9tIFwiLi91dGlsXCI7XG5pbXBvcnQgeyBDdWJlU2lnbmVyQXBpIH0gZnJvbSBcIi4vYXBpXCI7XG5cbi8qKiBNRkEgcmVjZWlwdCAqL1xuZXhwb3J0IGludGVyZmFjZSBNZmFSZWNlaXB0IHtcbiAgLyoqIE1GQSByZXF1ZXN0IElEICovXG4gIG1mYUlkOiBzdHJpbmc7XG4gIC8qKiBDb3JyZXNwb25kaW5nIG9yZyBJRCAqL1xuICBtZmFPcmdJZDogc3RyaW5nO1xuICAvKiogTUZBIGNvbmZpcm1hdGlvbiBjb2RlICovXG4gIG1mYUNvbmY6IHN0cmluZztcbn1cblxuLyoqIFRPVFAgY2hhbGxlbmdlIHRoYXQgbXVzdCBiZSBhbnN3ZXJlZCBiZWZvcmUgdXNlcidzIFRPVFAgaXMgdXBkYXRlZCAqL1xuZXhwb3J0IGNsYXNzIFRvdHBDaGFsbGVuZ2Uge1xuICByZWFkb25seSAjYXBpOiBDdWJlU2lnbmVyQXBpO1xuICByZWFkb25seSAjdG90cEluZm86IFRvdHBJbmZvO1xuXG4gIC8qKiBUaGUgaWQgb2YgdGhlIGNoYWxsZW5nZSAqL1xuICBnZXQgdG90cElkKCkge1xuICAgIHJldHVybiB0aGlzLiN0b3RwSW5mby50b3RwX2lkO1xuICB9XG5cbiAgLyoqIFRoZSBuZXcgVE9UUCBjb25maWd1cmF0aW9uICovXG4gIGdldCB0b3RwVXJsKCkge1xuICAgIHJldHVybiB0aGlzLiN0b3RwSW5mby50b3RwX3VybDtcbiAgfVxuXG4gIC8qKlxuICAgKiBAcGFyYW0ge0N1YmVTaWduZXJBcGl9IGFwaSBVc2VkIHdoZW4gYW5zd2VyaW5nIHRoZSBjaGFsbGVuZ2UuXG4gICAqIEBwYXJhbSB7VG90cEluZm99IHRvdHBJbmZvIFRPVFAgY2hhbGxlbmdlIGluZm9ybWF0aW9uLlxuICAgKi9cbiAgY29uc3RydWN0b3IoYXBpOiBDdWJlU2lnbmVyQXBpLCB0b3RwSW5mbzogVG90cEluZm8pIHtcbiAgICB0aGlzLiNhcGkgPSBhcGk7XG4gICAgdGhpcy4jdG90cEluZm8gPSB0b3RwSW5mbztcbiAgfVxuXG4gIC8qKlxuICAgKiBBbnN3ZXIgdGhlIGNoYWxsZW5nZSB3aXRoIHRoZSBjb2RlIHRoYXQgY29ycmVzcG9uZHMgdG8gYHRoaXMudG90cFVybGAuXG4gICAqIEBwYXJhbSB7c3RyaW5nfSBjb2RlIDYtZGlnaXQgY29kZSB0aGF0IGNvcnJlc3BvbmRzIHRvIGB0aGlzLnRvdHBVcmxgLlxuICAgKi9cbiAgYXN5bmMgYW5zd2VyKGNvZGU6IHN0cmluZykge1xuICAgIGlmICghL15cXGR7MSw2fSQvLnRlc3QoY29kZSkpIHtcbiAgICAgIHRocm93IG5ldyBFcnJvcihgSW52YWxpZCBUT1RQIGNvZGU6ICR7Y29kZX07IGl0IG11c3QgYmUgYSA2LWRpZ2l0IHN0cmluZ2ApO1xuICAgIH1cblxuICAgIGF3YWl0IHRoaXMuI2FwaS51c2VyVG90cFJlc2V0Q29tcGxldGUodGhpcy50b3RwSWQsIGNvZGUpO1xuICB9XG59XG5cbi8qKlxuICogUmV0dXJuZWQgYWZ0ZXIgY3JlYXRpbmcgYSByZXF1ZXN0IHRvIGFkZCBhIG5ldyBGSURPIGRldmljZS5cbiAqIFByb3ZpZGVzIHNvbWUgaGVscGVyIG1ldGhvZHMgZm9yIGFuc3dlcmluZyB0aGlzIGNoYWxsZW5nZS5cbiAqL1xuZXhwb3J0IGNsYXNzIEFkZEZpZG9DaGFsbGVuZ2Uge1xuICByZWFkb25seSAjYXBpOiBDdWJlU2lnbmVyQXBpO1xuICByZWFkb25seSBjaGFsbGVuZ2VJZDogc3RyaW5nO1xuICByZWFkb25seSBvcHRpb25zOiBhbnk7XG5cbiAgLyoqXG4gICAqIENvbnN0cnVjdG9yXG4gICAqIEBwYXJhbSB7Q3ViZVNpZ25lckFwaX0gYXBpIFRoZSBBUEkgY2xpZW50IHVzZWQgdG8gcmVxdWVzdCB0byBhZGQgYSBGSURPIGRldmljZVxuICAgKiBAcGFyYW0ge0FwaUFkZEZpZG9DaGFsbGVuZ2V9IGNoYWxsZW5nZSBUaGUgY2hhbGxlbmdlIHJldHVybmVkIGJ5IHRoZSByZW1vdGUgZW5kLlxuICAgKi9cbiAgY29uc3RydWN0b3IoYXBpOiBDdWJlU2lnbmVyQXBpLCBjaGFsbGVuZ2U6IEFwaUFkZEZpZG9DaGFsbGVuZ2UpIHtcbiAgICB0aGlzLiNhcGkgPSBhcGk7XG4gICAgdGhpcy5jaGFsbGVuZ2VJZCA9IGNoYWxsZW5nZS5jaGFsbGVuZ2VfaWQ7XG5cbiAgICAvLyBmaXggb3B0aW9ucyByZXR1cm5lZCBmcm9tIHRoZSBzZXJ2ZXI6IHJlbmFtZSBmaWVsZHMgYW5kIGRlY29kZSBiYXNlNjQgZmllbGRzIHRvIHVpbnQ4W11cbiAgICB0aGlzLm9wdGlvbnMgPSB7XG4gICAgICAuLi5jaGFsbGVuZ2Uub3B0aW9ucyxcbiAgICAgIGNoYWxsZW5nZTogZGVjb2RlQmFzZTY0VXJsKGNoYWxsZW5nZS5vcHRpb25zLmNoYWxsZW5nZSksXG4gICAgfTtcblxuICAgIGlmIChjaGFsbGVuZ2Uub3B0aW9ucy51c2VyKSB7XG4gICAgICB0aGlzLm9wdGlvbnMudXNlci5pZCA9IGRlY29kZUJhc2U2NFVybChjaGFsbGVuZ2Uub3B0aW9ucy51c2VyLmlkKTtcbiAgICB9XG5cbiAgICBmb3IgKGNvbnN0IGNyZWRlbnRpYWwgb2YgdGhpcy5vcHRpb25zLmV4Y2x1ZGVDcmVkZW50aWFscyA/PyBbXSkge1xuICAgICAgY3JlZGVudGlhbC5pZCA9IGRlY29kZUJhc2U2NFVybChjcmVkZW50aWFsLmlkKTtcbiAgICB9XG4gIH1cblxuICAvKipcbiAgICogQW5zd2VycyB0aGlzIGNoYWxsZW5nZSBieSB1c2luZyB0aGUgYENyZWRlbnRpYWxzQ29udGFpbmVyYCBBUEkgdG8gY3JlYXRlIGEgY3JlZGVudGlhbFxuICAgKiBiYXNlZCBvbiB0aGUgdGhlIHB1YmxpYyBrZXkgY3JlZGVudGlhbCBjcmVhdGlvbiBvcHRpb25zIGZyb20gdGhpcyBjaGFsbGVuZ2UuXG4gICAqL1xuICBhc3luYyBjcmVhdGVDcmVkZW50aWFsQW5kQW5zd2VyKCkge1xuICAgIGNvbnN0IGNyZWQgPSBhd2FpdCBuYXZpZ2F0b3IuY3JlZGVudGlhbHMuY3JlYXRlKHsgcHVibGljS2V5OiB0aGlzLm9wdGlvbnMgfSk7XG4gICAgYXdhaXQgdGhpcy5hbnN3ZXIoY3JlZCk7XG4gIH1cblxuICAvKipcbiAgICogQW5zd2VycyB0aGlzIGNoYWxsZW5nZSB1c2luZyBhIGdpdmVuIGNyZWRlbnRpYWwgYGNyZWRgO1xuICAgKiB0aGUgY3JlZGVudGlhbCBzaG91bGQgYmUgb2J0YWluZWQgYnkgY2FsbGluZ1xuICAgKlxuICAgKiBgYGBcbiAgICogY29uc3QgY3JlZCA9IGF3YWl0IG5hdmlnYXRvci5jcmVkZW50aWFscy5jcmVhdGUoeyBwdWJsaWNLZXk6IHRoaXMub3B0aW9ucyB9KTtcbiAgICogYGBgXG4gICAqXG4gICAqIEBwYXJhbSB7YW55fSBjcmVkIENyZWRlbnRpYWwgY3JlYXRlZCBieSBjYWxsaW5nIHRoZSBgQ3JlZGVudGlhbENvbnRhaW5lcmAncyBgY3JlYXRlYCBtZXRob2RcbiAgICogICAgICAgICAgICAgICAgICAgYmFzZWQgb24gdGhlIHB1YmxpYyBrZXkgY3JlYXRpb24gb3B0aW9ucyBmcm9tIHRoaXMgY2hhbGxlbmdlLlxuICAgKi9cbiAgYXN5bmMgYW5zd2VyKGNyZWQ6IGFueSkge1xuICAgIGNvbnN0IGFuc3dlciA9IDxQdWJsaWNLZXlDcmVkZW50aWFsPntcbiAgICAgIGlkOiBjcmVkLmlkLFxuICAgICAgcmVzcG9uc2U6IHtcbiAgICAgICAgY2xpZW50RGF0YUpTT046IGVuY29kZVRvQmFzZTY0VXJsKGNyZWQucmVzcG9uc2UuY2xpZW50RGF0YUpTT04pLFxuICAgICAgICBhdHRlc3RhdGlvbk9iamVjdDogZW5jb2RlVG9CYXNlNjRVcmwoY3JlZC5yZXNwb25zZS5hdHRlc3RhdGlvbk9iamVjdCksXG4gICAgICB9LFxuICAgIH07XG4gICAgYXdhaXQgdGhpcy4jYXBpLnVzZXJGaWRvUmVnaXN0ZXJDb21wbGV0ZSh0aGlzLmNoYWxsZW5nZUlkLCBhbnN3ZXIpO1xuICB9XG59XG5cbi8qKlxuICogUmV0dXJuZWQgYWZ0ZXIgaW5pdGlhdGluZyBNRkEgYXBwcm92YWwgdXNpbmcgRklETy5cbiAqIFByb3ZpZGVzIHNvbWUgaGVscGVyIG1ldGhvZHMgZm9yIGFuc3dlcmluZyB0aGlzIGNoYWxsZW5nZS5cbiAqL1xuZXhwb3J0IGNsYXNzIE1mYUZpZG9DaGFsbGVuZ2Uge1xuICByZWFkb25seSAjYXBpOiBDdWJlU2lnbmVyQXBpO1xuICByZWFkb25seSBtZmFJZDogc3RyaW5nO1xuICByZWFkb25seSBjaGFsbGVuZ2VJZDogc3RyaW5nO1xuICByZWFkb25seSBvcHRpb25zOiBhbnk7XG5cbiAgLyoqXG4gICAqIEBwYXJhbSB7Q3ViZVNpZ25lckFwaX0gYXBpIFRoZSBBUEkgY2xpZW50IHVzZWQgdG8gaW5pdGlhdGUgTUZBIGFwcHJvdmFsIHVzaW5nIEZJRE9cbiAgICogQHBhcmFtIHtzdHJpbmd9IG1mYUlkIFRoZSBNRkEgcmVxdWVzdCBpZC5cbiAgICogQHBhcmFtIHtBcGlNZmFGaWRvQ2hhbGxlbmdlfSBjaGFsbGVuZ2UgVGhlIGNoYWxsZW5nZSByZXR1cm5lZCBieSB0aGUgcmVtb3RlIGVuZFxuICAgKi9cbiAgY29uc3RydWN0b3IoYXBpOiBDdWJlU2lnbmVyQXBpLCBtZmFJZDogc3RyaW5nLCBjaGFsbGVuZ2U6IEFwaU1mYUZpZG9DaGFsbGVuZ2UpIHtcbiAgICB0aGlzLiNhcGkgPSBhcGk7XG4gICAgdGhpcy5tZmFJZCA9IG1mYUlkO1xuICAgIHRoaXMuY2hhbGxlbmdlSWQgPSBjaGFsbGVuZ2UuY2hhbGxlbmdlX2lkO1xuXG4gICAgLy8gZml4IG9wdGlvbnMgcmV0dXJuZWQgZnJvbSB0aGUgc2VydmVyOiByZW5hbWUgZmllbGRzIGFuZCBkZWNvZGUgYmFzZTY0IGZpZWxkcyBpbnRvIHVpbnQ4W11cbiAgICB0aGlzLm9wdGlvbnMgPSB7XG4gICAgICAuLi5jaGFsbGVuZ2Uub3B0aW9ucyxcbiAgICAgIGNoYWxsZW5nZTogZGVjb2RlQmFzZTY0VXJsKGNoYWxsZW5nZS5vcHRpb25zLmNoYWxsZW5nZSksXG4gICAgfTtcblxuICAgIGZvciAoY29uc3QgY3JlZGVudGlhbCBvZiB0aGlzLm9wdGlvbnMuYWxsb3dDcmVkZW50aWFscyA/PyBbXSkge1xuICAgICAgY3JlZGVudGlhbC5pZCA9IGRlY29kZUJhc2U2NFVybChjcmVkZW50aWFsLmlkKTtcbiAgICAgIGlmIChjcmVkZW50aWFsLnRyYW5zcG9ydHMgPT09IG51bGwpIHtcbiAgICAgICAgZGVsZXRlIGNyZWRlbnRpYWwudHJhbnNwb3J0cztcbiAgICAgIH1cbiAgICB9XG4gIH1cblxuICAvKipcbiAgICogQW5zd2VycyB0aGlzIGNoYWxsZW5nZSBieSB1c2luZyB0aGUgYENyZWRlbnRpYWxzQ29udGFpbmVyYCBBUEkgdG8gZ2V0IGEgY3JlZGVudGlhbFxuICAgKiBiYXNlZCBvbiB0aGUgdGhlIHB1YmxpYyBrZXkgY3JlZGVudGlhbCByZXF1ZXN0IG9wdGlvbnMgZnJvbSB0aGlzIGNoYWxsZW5nZS5cbiAgICovXG4gIGFzeW5jIGNyZWF0ZUNyZWRlbnRpYWxBbmRBbnN3ZXIoKTogUHJvbWlzZTxNZmFSZXF1ZXN0SW5mbz4ge1xuICAgIGNvbnN0IGNyZWQgPSBhd2FpdCBuYXZpZ2F0b3IuY3JlZGVudGlhbHMuZ2V0KHsgcHVibGljS2V5OiB0aGlzLm9wdGlvbnMgfSk7XG4gICAgcmV0dXJuIGF3YWl0IHRoaXMuYW5zd2VyKGNyZWQpO1xuICB9XG5cbiAgLyoqXG4gICAqIEFuc3dlcnMgdGhpcyBjaGFsbGVuZ2UgdXNpbmcgYSBnaXZlbiBjcmVkZW50aWFsIGBjcmVkYC5cbiAgICogVG8gb2J0YWluIHRoaXMgY3JlZGVudGlhbCwgZm9yIGV4YW1wbGUsIGNhbGxcbiAgICpcbiAgICogYGBgXG4gICAqIGNvbnN0IGNyZWQgPSBhd2FpdCBuYXZpZ2F0b3IuY3JlZGVudGlhbHMuZ2V0KHsgcHVibGljS2V5OiB0aGlzLm9wdGlvbnMgfSk7XG4gICAqIGBgYFxuICAgKlxuICAgKiBAcGFyYW0ge2FueX0gY3JlZCBDcmVkZW50aWFsIGNyZWF0ZWQgYnkgY2FsbGluZyB0aGUgYENyZWRlbnRpYWxDb250YWluZXJgJ3MgYGdldGAgbWV0aG9kXG4gICAqICAgICAgICAgICAgICAgICAgIGJhc2VkIG9uIHRoZSBwdWJsaWMga2V5IGNyZWRlbnRpYWwgcmVxdWVzdCBvcHRpb25zIGZyb20gdGhpcyBjaGFsbGVuZ2UuXG4gICAqL1xuICBhc3luYyBhbnN3ZXIoY3JlZDogYW55KTogUHJvbWlzZTxNZmFSZXF1ZXN0SW5mbz4ge1xuICAgIGNvbnN0IGFuc3dlciA9IDxQdWJsaWNLZXlDcmVkZW50aWFsPntcbiAgICAgIGlkOiBjcmVkLmlkLFxuICAgICAgcmVzcG9uc2U6IHtcbiAgICAgICAgY2xpZW50RGF0YUpTT046IGVuY29kZVRvQmFzZTY0VXJsKGNyZWQucmVzcG9uc2UuY2xpZW50RGF0YUpTT04pLFxuICAgICAgICBhdXRoZW50aWNhdG9yRGF0YTogZW5jb2RlVG9CYXNlNjRVcmwoY3JlZC5yZXNwb25zZS5hdXRoZW50aWNhdG9yRGF0YSksXG4gICAgICAgIHNpZ25hdHVyZTogZW5jb2RlVG9CYXNlNjRVcmwoY3JlZC5yZXNwb25zZS5zaWduYXR1cmUpLFxuICAgICAgfSxcbiAgICB9O1xuICAgIHJldHVybiBhd2FpdCB0aGlzLiNhcGkubWZhQXBwcm92ZUZpZG9Db21wbGV0ZSh0aGlzLm1mYUlkLCB0aGlzLmNoYWxsZW5nZUlkLCBhbnN3ZXIpO1xuICB9XG59XG4iXX0=
|
|
@@ -0,0 +1,99 @@
|
|
|
1
|
+
import { CubeSignerClient } from "./client";
|
|
2
|
+
import { OrgInfo, SignerSessionManager, SignerSessionStorage } from ".";
|
|
3
|
+
/** Organization id */
|
|
4
|
+
export type OrgId = string;
|
|
5
|
+
/** Org-wide policy */
|
|
6
|
+
export type OrgPolicy = SourceIpAllowlistPolicy | OidcAuthSourcesPolicy | OriginAllowlistPolicy | MaxDailyUnstakePolicy;
|
|
7
|
+
/**
|
|
8
|
+
* Provides an allowlist of OIDC Issuers and audiences that are allowed to authenticate into this org.
|
|
9
|
+
* @example {"OidcAuthSources": { "https://accounts.google.com": [ "1234.apps.googleusercontent.com" ]}}
|
|
10
|
+
*/
|
|
11
|
+
export interface OidcAuthSourcesPolicy {
|
|
12
|
+
OidcAuthSources: Record<string, string[]>;
|
|
13
|
+
}
|
|
14
|
+
/**
|
|
15
|
+
* Only allow requests from the specified origins.
|
|
16
|
+
* @example {"OriginAllowlist": "*"}
|
|
17
|
+
*/
|
|
18
|
+
export interface OriginAllowlistPolicy {
|
|
19
|
+
OriginAllowlist: string[] | "*";
|
|
20
|
+
}
|
|
21
|
+
/**
|
|
22
|
+
* Restrict signing to specific source IP addresses.
|
|
23
|
+
* @example {"SourceIpAllowlist": ["10.1.2.3/8", "169.254.17.1/16"]}
|
|
24
|
+
*/
|
|
25
|
+
export interface SourceIpAllowlistPolicy {
|
|
26
|
+
SourceIpAllowlist: string[];
|
|
27
|
+
}
|
|
28
|
+
/**
|
|
29
|
+
* Restrict the number of unstakes per day.
|
|
30
|
+
* @example {"MaxDailyUnstake": 5 }
|
|
31
|
+
*/
|
|
32
|
+
export interface MaxDailyUnstakePolicy {
|
|
33
|
+
MaxDailyUnstake: number;
|
|
34
|
+
}
|
|
35
|
+
/**
|
|
36
|
+
* An organization.
|
|
37
|
+
*
|
|
38
|
+
* Extends {@link CubeSignerClient} and provides a few org-specific methods on top.
|
|
39
|
+
*/
|
|
40
|
+
export declare class Org extends CubeSignerClient {
|
|
41
|
+
/**
|
|
42
|
+
* @description The org id
|
|
43
|
+
* @example Org#c3b9379c-4e8c-4216-bd0a-65ace53cf98f
|
|
44
|
+
*/
|
|
45
|
+
get id(): OrgId;
|
|
46
|
+
/**
|
|
47
|
+
* Obtain information about the current organization.
|
|
48
|
+
*
|
|
49
|
+
* Same as {@link orgGet}.
|
|
50
|
+
*/
|
|
51
|
+
get info(): () => Promise<{
|
|
52
|
+
enabled: boolean;
|
|
53
|
+
key_import_key?: string | null | undefined;
|
|
54
|
+
kwk_id: string;
|
|
55
|
+
last_unstake: string;
|
|
56
|
+
last_unstake_day_count: number;
|
|
57
|
+
name?: string | null | undefined;
|
|
58
|
+
org_id: string;
|
|
59
|
+
policy?: Record<string, never>[] | undefined;
|
|
60
|
+
totp_failure_limit: number;
|
|
61
|
+
user_export_delay: number;
|
|
62
|
+
user_export_window: number;
|
|
63
|
+
}>;
|
|
64
|
+
/** Human-readable name for the org */
|
|
65
|
+
name(): Promise<string | undefined>;
|
|
66
|
+
/** Get all keys in the org. */
|
|
67
|
+
get keys(): (type?: import("./key").KeyType | undefined, page?: import("./paginator").PageOpts | undefined) => Promise<import("./key").Key[]>;
|
|
68
|
+
/**
|
|
69
|
+
* Set the human-readable name for the org.
|
|
70
|
+
* @param {string} name The new human-readable name for the org (must be alphanumeric).
|
|
71
|
+
* @example my_org_name
|
|
72
|
+
*/
|
|
73
|
+
setName(name: string): Promise<void>;
|
|
74
|
+
/** Is the org enabled? */
|
|
75
|
+
enabled(): Promise<boolean>;
|
|
76
|
+
/** Enable the org. */
|
|
77
|
+
enable(): Promise<void>;
|
|
78
|
+
/** Disable the org. */
|
|
79
|
+
disable(): Promise<void>;
|
|
80
|
+
/** Get the policy for the org. */
|
|
81
|
+
policy(): Promise<OrgPolicy[]>;
|
|
82
|
+
/**
|
|
83
|
+
* Set the policy for the org.
|
|
84
|
+
* @param {OrgPolicy[]} policy The new policy for the org.
|
|
85
|
+
*/
|
|
86
|
+
setPolicy(policy: OrgPolicy[]): Promise<void>;
|
|
87
|
+
/**
|
|
88
|
+
* Retrieve the org associated with a session.
|
|
89
|
+
* @param {SessionStorage} storage The session
|
|
90
|
+
* @return {Org} An {@link Org} instance for the org associated with this session.
|
|
91
|
+
*/
|
|
92
|
+
static retrieveFromStorage(storage: SignerSessionStorage): Promise<Org>;
|
|
93
|
+
/**
|
|
94
|
+
* Constructor.
|
|
95
|
+
* @param {CubeSignerClient | SignerSessionManager} csc The CubeSigner instance.
|
|
96
|
+
* @param {OrgInfo| string} data Either org id or name or {@link OrgInfo}.
|
|
97
|
+
*/
|
|
98
|
+
constructor(csc: CubeSignerClient | SignerSessionManager, data?: OrgInfo | string);
|
|
99
|
+
}
|