@keetanetwork/anchor 0.0.14 → 0.0.16
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/lib/certificates.d.ts.map +1 -1
- package/lib/certificates.js +20 -100
- package/lib/certificates.js.map +1 -1
- package/lib/http-server.js +1 -1
- package/lib/http-server.js.map +1 -1
- package/lib/index.d.ts +2 -1
- package/lib/index.d.ts.map +1 -1
- package/lib/index.js +2 -1
- package/lib/index.js.map +1 -1
- package/lib/log/index.d.ts +6 -57
- package/lib/log/index.d.ts.map +1 -1
- package/lib/log/index.js +5 -205
- package/lib/log/index.js.map +1 -1
- package/lib/log/target_console.d.ts +3 -11
- package/lib/log/target_console.d.ts.map +1 -1
- package/lib/log/target_console.js +3 -42
- package/lib/log/target_console.js.map +1 -1
- package/lib/resolver.js +22 -22
- package/lib/uri.d.ts +28 -0
- package/lib/uri.d.ts.map +1 -0
- package/lib/uri.js +100 -0
- package/lib/uri.js.map +1 -0
- package/lib/utils/asn1.d.ts +9 -1
- package/lib/utils/asn1.d.ts.map +1 -1
- package/lib/utils/asn1.js +1413 -0
- package/lib/utils/asn1.js.map +1 -1
- package/lib/utils/buffer.d.ts +1 -1
- package/lib/utils/buffer.d.ts.map +1 -1
- package/lib/utils/buffer.js +8 -2
- package/lib/utils/buffer.js.map +1 -1
- package/lib/utils/external.d.ts +43 -0
- package/lib/utils/external.d.ts.map +1 -0
- package/lib/utils/external.js +115 -0
- package/lib/utils/external.js.map +1 -0
- package/npm-shrinkwrap.json +9 -9
- package/package.json +2 -2
- package/services/asset-movement/common.js +7 -7
- package/services/kyc/iso20022.generated.d.ts +89 -28
- package/services/kyc/iso20022.generated.d.ts.map +1 -1
- package/services/kyc/iso20022.generated.js +191 -88
- package/services/kyc/iso20022.generated.js.map +1 -1
- package/services/kyc/oids.generated.d.ts +24 -9
- package/services/kyc/oids.generated.d.ts.map +1 -1
- package/services/kyc/oids.generated.js +38 -15
- package/services/kyc/oids.generated.js.map +1 -1
- package/services/kyc/utils/generate-kyc-schema.js +305 -75
- package/services/kyc/utils/generate-kyc-schema.js.map +1 -1
- package/lib/log/common.d.ts +0 -35
- package/lib/log/common.d.ts.map +0 -1
- package/lib/log/common.js +0 -19
- package/lib/log/common.js.map +0 -1
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"certificates.d.ts","sourceRoot":"","sources":["../../src/lib/certificates.ts"],"names":[],"mappings":"
|
|
1
|
+
{"version":3,"file":"certificates.d.ts","sourceRoot":"","sources":["../../src/lib/certificates.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,cAAc,MAAM,+BAA+B,CAAC;AAKhE,OAAO,EAAgD,MAAM,EAAuB,MAAM,mBAAmB,CAAC;AAG9G,OAAO,KAAK,EAA0B,yBAAyB,EAAE,MAAM,uCAAuC,CAAC;AAC/G,OAAO,EAAE,yBAAyB,EAA8B,MAAM,uCAAuC,CAAC;AAY9G,KAAK,mBAAmB,GAAG,YAAY,CAAC,OAAO,cAAc,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,SAAS,CAAC,CAAC;AAEtF;;GAEG;AACH,KAAK,eAAe,GAAG,UAAU,CAAC,OAAO,cAAc,CAAC,GAAG,CAAC,OAAO,CAAC,QAAQ,CAAC,mBAAmB,CAAC,CAAC,CAAC;AACnG,QAAA,MAAM,eAAe,EAAE,OAAO,cAAc,CAAC,GAAG,CAAC,OAAoC,CAAC;AAoGtF,iBAAS,+BAA+B,CAAC,IAAI,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,IAAI,yBAAyB,CAIhG;AAqJD,cAAM,kBAAkB,CAAC,CAAC,GAAG,WAAW;;gBAK3B,OAAO,EAAE,eAAe,EAAE,IAAI,EAAE,MAAM,GAAG,WAAW,EAAE,OAAO,CAAC,EAAE,CAAC,IAAI,EAAE,MAAM,GAAG,WAAW,KAAK,CAAC;IAQ7G,OAAO,CAAC,MAAM;IAqEd;;;;;;;;OAQG;IACG,GAAG,IAAI,OAAO,CAAC,WAAW,CAAC;IAK3B,QAAQ,IAAI,OAAO,CAAC,CAAC,CAAC;IAiB5B;;;;OAIG;IACG,QAAQ,IAAI,OAAO,CAAC;QAAE,KAAK,EAAE,MAAM,CAAC;QAAC,IAAI,EAAE;YAAE,IAAI,EAAE,MAAM,CAAA;SAAE,CAAA;KAAC,CAAC;IAYnE;;OAEG;IACG,aAAa,CAAC,KAAK,EAAE,OAAO,CAAC,UAAU,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC,CAAC,GAAG,OAAO,CAAC,OAAO,CAAC;IAcnF,MAAM,IAAI,OAAO;CAGjB;AAED;;GAEG;AACH,KAAK,yBAAyB,GAAG,MAAM,OAAO,yBAAyB,CAAC;AAExE,KAAK,4BAA4B,GAAG,WAAW,CAAC,qBAAqB,CAAC,OAAO,cAAc,CAAC,GAAG,CAAC,KAAK,CAAC,WAAW,CAAC,kBAAkB,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;AAC1I,KAAK,wBAAwB,GAAG,QAAQ,CAAC,IAAI,CAAC,4BAA4B,EAAE,QAAQ,GAAG,WAAW,GAAG,SAAS,GAAG,QAAQ,GAAG,SAAS,GAAG,UAAU,GAAG,WAAW,GAAG,MAAM,CAAC,GAAG;IAC5K;;;OAGG;IACH,OAAO,EAAE,4BAA4B,CAAC,kBAAkB,CAAC,CAAC;CAC1D,CAAC,CAAC;AAoCH,KAAK,yBAAyB,CAAC,IAAI,SAAS,yBAAyB,IAAI,yBAAyB,CAAC,IAAI,CAAC,CAAC;AAEzG,qBAAa,kBAAmB,SAAQ,cAAc,CAAC,GAAG,CAAC,KAAK,CAAC,WAAW,CAAC,kBAAkB;;IAK9F;;;OAGG;IACH,OAAO,CAAC,MAAM,CAAC,SAAS;gBAcZ,MAAM,CAAC,EAAE,OAAO,CAAC,wBAAwB,CAAC;IAItD;;;;;;;OAOG;IACH,YAAY,CAAC,IAAI,SAAS,yBAAyB,EAAE,IAAI,EAAE,IAAI,EAAE,SAAS,EAAE,OAAO,EAAE,KAAK,EAAE,yBAAyB,CAAC,IAAI,CAAC,GAAG,IAAI;cA2BlH,aAAa,CAAC,GAAG,IAAI,EAAE,UAAU,CAAC,YAAY,CAAC,OAAO,cAAc,CAAC,GAAG,CAAC,KAAK,CAAC,WAAW,CAAC,kBAAkB,CAAC,CAAC,eAAe,CAAC,CAAC,GAAG,UAAU,CAAC,YAAY,CAAC,OAAO,cAAc,CAAC,GAAG,CAAC,KAAK,CAAC,WAAW,CAAC,kBAAkB,CAAC,CAAC,eAAe,CAAC,CAAC;IAmD5P;;;;;OAKG;IACG,KAAK,CAAC,MAAM,CAAC,EAAE,OAAO,CAAC,wBAAwB,CAAC,GAAG,OAAO,CAAC,WAAW,CAAC;CAgB7E;AAED,qBAAa,WAAY,SAAQ,cAAc,CAAC,GAAG,CAAC,KAAK,CAAC,WAAW,CAAC,WAAW;IAChF,OAAO,CAAC,QAAQ,CAAC,UAAU,CAAkB;IAC7C,MAAM,CAAC,QAAQ,CAAC,OAAO,EAAE,OAAO,kBAAkB,CAAsB;IACxE,MAAM,CAAC,QAAQ,CAAC,kBAAkB,EAAE,OAAO,6BAA6B,CAAC;IAEzE;;OAEM;IACN,QAAQ,CAAC,UAAU,EAAE;SACnB,IAAI,IAAI,yBAAyB,CAAC,CAAC,EAAE;YACrC,SAAS,EAAE,IAAI,CAAC;YAChB,KAAK,EAAE,kBAAkB,CAAC,yBAAyB,CAAC,IAAI,CAAC,CAAC,CAAC;SAC3D,GAAG;YACH,SAAS,EAAE,KAAK,CAAC;YACjB,KAAK,EAAE,WAAW,CAAC;SACnB;KACD,CAAM;gBAEK,KAAK,EAAE,qBAAqB,CAAC,OAAO,cAAc,CAAC,GAAG,CAAC,KAAK,CAAC,WAAW,CAAC,WAAW,CAAC,CAAC,CAAC,CAAC,EAAE,OAAO,CAAC,EAAE,qBAAqB,CAAC,OAAO,cAAc,CAAC,GAAG,CAAC,KAAK,CAAC,WAAW,CAAC,WAAW,CAAC,CAAC,CAAC,CAAC,GAAG;QAAE,UAAU,CAAC,EAAE,eAAe,CAAA;KAAE;IAQpO,SAAS,CAAC,oBAAoB,IAAI,IAAI;IAItC,OAAO,CAAC,iBAAiB;IAKzB,OAAO,CAAC,qBAAqB;IAW7B;;;;;OAKG;IACG,iBAAiB,CAAC,IAAI,SAAS,yBAAyB,EAAE,aAAa,EAAE,IAAI,GAAG,OAAO,CAAC,yBAAyB,CAAC,IAAI,CAAC,CAAC;IAmB9H,SAAS,CAAC,gBAAgB,CAAC,EAAE,EAAE,MAAM,EAAE,KAAK,EAAE,WAAW,GAAG,OAAO;CAiCnE;AAGD,yBAAiB,kCAAkC,CAAC;IACnD,KAAY,aAAa,GAAG;QAAE,MAAM,CAAC,EAAE,QAAQ,GAAG,aAAa,CAAA;KAAE,CAAC;IAClE,KAAY,aAAa,GAAG;QAAE,UAAU,CAAC,EAAE,GAAG,CAAC,eAAe,CAAC,GAAG,eAAe,EAAE,GAAG,eAAe,GAAG,IAAI,CAAA;KAAE,CAAC;IAC/G,KAAY,cAAc,GAAG;QAC5B,WAAW,EAAE,MAAM,CAAC;QACpB,UAAU,EAAE;YACX,CAAC,IAAI,EAAE,MAAM,GAAG;gBACf,SAAS,EAAE,IAAI,CAAC;gBAChB,KAAK,EAAE,OAAO,CAAC,UAAU,CAAC,kBAAkB,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC;aAC3D,GAAG;gBACH,SAAS,EAAE,KAAK,CAAC;gBACjB,KAAK,EAAE,MAAM,CAAC;aACd,CAAA;SACD,CAAC;KACF,CAAC;CACF;AACD,KAAK,0CAA0C,GAAG,kCAAkC,CAAC,aAAa,CAAC;AACnG,KAAK,0CAA0C,GAAG,kCAAkC,CAAC,aAAa,CAAC;AAGnG,qBAAa,6BAA6B;;IASzC,OAAO,CAAC,SAAS,CAAqB;IACtC,OAAO,CAAC,iBAAiB,CAAS;IAElC,MAAM,CAAC,8BAA8B,EAAE,OAAO,+BAA+B,CAAmC;gBAEpG,KAAK,EAAE,WAAW,GAAG,MAAM,EAAE,OAAO,CAAC,EAAE,0CAA0C;IAyD7F;;;;OAIG;WACU,eAAe,CAAC,WAAW,EAAE,WAAW,EAAE,cAAc,CAAC,EAAE,yBAAyB,EAAE,GAAG,OAAO,CAAC,6BAA6B,CAAC;IAgDtI,WAAW,CAAC,SAAS,EAAE,eAAe,GAAG,OAAO,CAAC,IAAI,CAAC;IAKtD,YAAY,CAAC,SAAS,EAAE,eAAe,GAAG,OAAO,CAAC,IAAI,CAAC;IAK7D,IAAI,UAAU,IAAI,eAAe,EAAE,CAElC;IAsEK,cAAc,IAAI,OAAO,CAAC,WAAW,CAAC;IAQtC,kBAAkB,CAAC,IAAI,EAAE,MAAM,GAAG,OAAO,CAAC,WAAW,GAAG,SAAS,CAAC;IAMlE,YAAY,CAAC,IAAI,SAAS,yBAAyB,EAAE,IAAI,EAAE,IAAI,GAAG,OAAO,CAAC,yBAAyB,CAAC,IAAI,CAAC,GAAG,SAAS,CAAC;IAyBtH,iBAAiB,CAAC,cAAc,EAAE,IAAI,GAAG,OAAO,CAAC,MAAM,EAAE,CAAC;IAC1D,iBAAiB,CAAC,cAAc,CAAC,EAAE,KAAK,GAAG,OAAO,CAAC,yBAAyB,EAAE,CAAC;IAgBrF,MAAM,CAAC,OAAO,CAAC,EAAE,IAAI,CAAC,0CAA0C,EAAE,QAAQ,CAAC,GAAG;QAAE,MAAM,CAAC,EAAE,KAAK,CAAC;KAAE,GAAG,OAAO,CAAC,WAAW,CAAC;IACxH,MAAM,CAAC,OAAO,EAAE,CAAC,IAAI,CAAC,0CAA0C,EAAE,QAAQ,CAAC,GAAG;QAAE,MAAM,EAAE,aAAa,CAAA;KAAE,CAAC,GAAG,OAAO,CAAC,WAAW,CAAC;IAC/H,MAAM,CAAC,OAAO,EAAE,IAAI,CAAC,0CAA0C,EAAE,QAAQ,CAAC,GAAG;QAAE,MAAM,EAAE,QAAQ,CAAA;KAAE,GAAG,OAAO,CAAC,MAAM,CAAC;IACnH,MAAM,CAAC,OAAO,CAAC,EAAE,0CAA0C,GAAG,OAAO,CAAC,WAAW,GAAG,MAAM,CAAC;CA8B3F"}
|
package/lib/certificates.js
CHANGED
|
@@ -1,13 +1,11 @@
|
|
|
1
|
-
import * as util from 'util';
|
|
2
1
|
import * as KeetaNetClient from '@keetanetwork/keetanet-client';
|
|
3
2
|
import * as oids from '../services/kyc/oids.generated.js';
|
|
4
3
|
import * as ASN1 from './utils/asn1.js';
|
|
5
|
-
import { ASN1toJS } from './utils/asn1.js';
|
|
4
|
+
import { ASN1toJS, contextualizeStructSchema, encodeValueBySchema, normalizeDecodedASN1 } from './utils/asn1.js';
|
|
6
5
|
import { arrayBufferLikeToBuffer, arrayBufferToBuffer, Buffer, bufferToArrayBuffer } from './utils/buffer.js';
|
|
7
6
|
import crypto from './utils/crypto.js';
|
|
8
7
|
import { assertNever } from './utils/never.js';
|
|
9
|
-
import { CertificateAttributeOIDDB, CertificateAttributeSchema
|
|
10
|
-
import { hasIndexSignature, isErrorLike, hasValueProp, isContextTagged } from './utils/guards.js';
|
|
8
|
+
import { CertificateAttributeOIDDB, CertificateAttributeSchema } from '../services/kyc/iso20022.generated.js';
|
|
11
9
|
import { getOID, lookupByOID } from './utils/oid.js';
|
|
12
10
|
import { convertToJSON as convertToJSONUtil } from './utils/json.js';
|
|
13
11
|
import { EncryptedContainer } from './encrypted-container.js';
|
|
@@ -93,67 +91,20 @@ function asCertificateAttributeNames(name) {
|
|
|
93
91
|
assertCertificateAttributeNames(name);
|
|
94
92
|
return (name);
|
|
95
93
|
}
|
|
94
|
+
function resolveSchema(name, schema) {
|
|
95
|
+
return (contextualizeStructSchema(schema));
|
|
96
|
+
}
|
|
96
97
|
function encodeAttribute(name, value) {
|
|
97
|
-
const schema = CertificateAttributeSchema[name];
|
|
98
|
-
const
|
|
99
|
-
|
|
100
|
-
|
|
101
|
-
if (!(util.types.isDate(value))) {
|
|
102
|
-
throw (new Error('Expected Date value'));
|
|
103
|
-
}
|
|
104
|
-
const asn1 = ASN1.JStoASN1(value);
|
|
105
|
-
const der = asn1.toBER(false);
|
|
106
|
-
return (der);
|
|
98
|
+
const schema = resolveSchema(name, CertificateAttributeSchema[name]);
|
|
99
|
+
const encodedJS = encodeValueBySchema(schema, value, { attributeName: name });
|
|
100
|
+
if (encodedJS === undefined) {
|
|
101
|
+
throw (new Error(`Unsupported attribute value for encoding: ${JSON.stringify(DPO(value))}`));
|
|
107
102
|
}
|
|
108
|
-
const
|
|
109
|
-
|
|
110
|
-
|
|
111
|
-
if (util.types.isDate(input)) {
|
|
112
|
-
return (input);
|
|
113
|
-
}
|
|
114
|
-
if (Buffer.isBuffer(input)) {
|
|
115
|
-
return (input);
|
|
116
|
-
}
|
|
117
|
-
if (input instanceof ArrayBuffer) {
|
|
118
|
-
return (arrayBufferToBuffer(input));
|
|
119
|
-
}
|
|
120
|
-
if (typeof input === 'string') {
|
|
121
|
-
return ({ type: 'string', kind: 'utf8', value: input });
|
|
122
|
-
}
|
|
123
|
-
/* XXX: Why are numbers and booleans encoded as strings? */
|
|
124
|
-
if (typeof input === 'number' || typeof input === 'bigint' || typeof input === 'boolean') {
|
|
125
|
-
return ({ type: 'string', kind: 'utf8', value: String(input) });
|
|
126
|
-
}
|
|
127
|
-
if (Array.isArray(input)) {
|
|
128
|
-
if (depth >= MAX_ASN1_VALUE_DEPTH) {
|
|
129
|
-
throw (new Error('Exceeded maximum ASN.1 value depth'));
|
|
130
|
-
}
|
|
131
|
-
return (input.map(item => toASN1Value(item, depth + 1)));
|
|
132
|
-
}
|
|
133
|
-
throw (new Error(`Unsupported ASN.1 value type: ${typeof input}`));
|
|
134
|
-
};
|
|
135
|
-
// Complex object type
|
|
136
|
-
if (fieldNames && hasIndexSignature(value) && !Array.isArray(value)) {
|
|
137
|
-
const mappedFields = fieldNames.map((fieldName, idx) => {
|
|
138
|
-
const fieldValue = value[fieldName];
|
|
139
|
-
if (fieldValue === undefined) {
|
|
140
|
-
return (undefined);
|
|
141
|
-
}
|
|
142
|
-
const tag = {
|
|
143
|
-
type: 'context',
|
|
144
|
-
kind: 'explicit',
|
|
145
|
-
value: idx,
|
|
146
|
-
contains: toASN1Value(fieldValue)
|
|
147
|
-
};
|
|
148
|
-
return (tag);
|
|
149
|
-
}).filter(function (computedValue) {
|
|
150
|
-
return (computedValue !== undefined);
|
|
151
|
-
});
|
|
152
|
-
const asn1 = ASN1.JStoASN1(mappedFields);
|
|
153
|
-
const der = asn1.toBER(false);
|
|
154
|
-
return (der);
|
|
103
|
+
const asn1Object = ASN1.JStoASN1(encodedJS);
|
|
104
|
+
if (!asn1Object) {
|
|
105
|
+
throw (new Error(`Failed to encode value for attribute ${name}`));
|
|
155
106
|
}
|
|
156
|
-
|
|
107
|
+
return (asn1Object.toBER(false));
|
|
157
108
|
}
|
|
158
109
|
// Prepare a value for inclusion in a SensitiveAttribute: pre-encode complex and date types
|
|
159
110
|
function encodeForSensitive(name, value) {
|
|
@@ -181,46 +132,11 @@ function encodeForSensitive(name, value) {
|
|
|
181
132
|
return (Buffer.from(String(value), 'utf-8'));
|
|
182
133
|
}
|
|
183
134
|
async function decodeAttribute(name, value) {
|
|
184
|
-
const schema = CertificateAttributeSchema[name];
|
|
135
|
+
const schema = resolveSchema(name, CertificateAttributeSchema[name]);
|
|
185
136
|
// XXX:TODO Fix depth issue
|
|
186
137
|
// @ts-ignore
|
|
187
138
|
const decodedUnknown = new ASN1.BufferStorageASN1(value, schema).getASN1();
|
|
188
|
-
const
|
|
189
|
-
let candidate;
|
|
190
|
-
if (fieldNames && Array.isArray(decodedUnknown)) {
|
|
191
|
-
const arr = decodedUnknown;
|
|
192
|
-
const result = {};
|
|
193
|
-
for (let i = 0; i < fieldNames.length; i++) {
|
|
194
|
-
const fieldName = fieldNames[i];
|
|
195
|
-
if (!fieldName) {
|
|
196
|
-
continue;
|
|
197
|
-
}
|
|
198
|
-
const fieldValue = arr[i];
|
|
199
|
-
if (fieldValue === undefined) {
|
|
200
|
-
continue;
|
|
201
|
-
}
|
|
202
|
-
if (isErrorLike(fieldValue)) {
|
|
203
|
-
throw (new Error(`Field ${fieldName} contains an error: ${fieldValue.message}`));
|
|
204
|
-
}
|
|
205
|
-
if (isContextTagged(fieldValue)) {
|
|
206
|
-
// unwrap context tag; prefer nested .value if present
|
|
207
|
-
result[fieldName] = hasValueProp(fieldValue.contains) ? fieldValue.contains.value : fieldValue.contains;
|
|
208
|
-
}
|
|
209
|
-
else if (hasValueProp(fieldValue)) {
|
|
210
|
-
result[fieldName] = fieldValue.value;
|
|
211
|
-
}
|
|
212
|
-
else {
|
|
213
|
-
result[fieldName] = fieldValue;
|
|
214
|
-
}
|
|
215
|
-
}
|
|
216
|
-
candidate = result;
|
|
217
|
-
}
|
|
218
|
-
else if (hasValueProp(decodedUnknown)) {
|
|
219
|
-
candidate = decodedUnknown.value;
|
|
220
|
-
}
|
|
221
|
-
else {
|
|
222
|
-
candidate = decodedUnknown;
|
|
223
|
-
}
|
|
139
|
+
const candidate = normalizeDecodedASN1(decodedUnknown);
|
|
224
140
|
return (asAttributeValue(name, candidate));
|
|
225
141
|
}
|
|
226
142
|
class SensitiveAttributeBuilder {
|
|
@@ -608,9 +524,13 @@ export class Certificate extends KeetaNetClient.lib.Utils.Certificate.Certificat
|
|
|
608
524
|
this.attributes[name] = { sensitive: false, value };
|
|
609
525
|
}
|
|
610
526
|
setSensitiveAttribute(name, value) {
|
|
527
|
+
const decodeForSensitive = async (data) => {
|
|
528
|
+
const bufferInput = Buffer.isBuffer(data) ? bufferToArrayBuffer(data) : data;
|
|
529
|
+
return (await decodeAttribute(name, bufferInput));
|
|
530
|
+
};
|
|
611
531
|
this.attributes[name] = {
|
|
612
532
|
sensitive: true,
|
|
613
|
-
value: new SensitiveAttribute(this.subjectKey, value,
|
|
533
|
+
value: new SensitiveAttribute(this.subjectKey, value, decodeForSensitive)
|
|
614
534
|
};
|
|
615
535
|
}
|
|
616
536
|
/**
|
package/lib/certificates.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"certificates.js","sourceRoot":"","sources":["../../src/lib/certificates.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,IAAI,MAAM,MAAM,CAAC;AAC7B,OAAO,KAAK,cAAc,MAAM,+BAA+B,CAAC;AAChE,OAAO,KAAK,IAAI,MAAM,mCAAmC,CAAC;AAC1D,OAAO,KAAK,IAAI,MAAM,iBAAiB,CAAC;AACxC,OAAO,EAAE,QAAQ,EAAE,MAAM,iBAAiB,CAAC;AAE3C,OAAO,EAAE,uBAAuB,EAAE,mBAAmB,EAAE,MAAM,EAAE,mBAAmB,EAAE,MAAM,mBAAmB,CAAC;AAC9G,OAAO,MAAM,MAAM,mBAAmB,CAAC;AACvC,OAAO,EAAE,WAAW,EAAE,MAAM,kBAAkB,CAAC;AAE/C,OAAO,EAAE,yBAAyB,EAAE,0BAA0B,EAAE,8BAA8B,EAAE,MAAM,uCAAuC,CAAC;AAC9I,OAAO,EAAE,iBAAiB,EAAE,WAAW,EAAE,YAAY,EAAE,eAAe,EAAE,MAAM,mBAAmB,CAAC;AAClG,OAAO,EAAE,MAAM,EAAE,WAAW,EAAE,MAAM,gBAAgB,CAAC;AACrD,OAAO,EAAE,aAAa,IAAI,iBAAiB,EAAE,MAAM,iBAAiB,CAAC;AACrE,OAAO,EAAE,kBAAkB,EAAE,MAAM,0BAA0B,CAAC;AAC9D,OAAO,EAAE,iDAAiD,EAAE,MAAM,6BAA6B,CAAC;AAEhG;;GAEG;AACH,MAAM,GAAG,GAAG,cAAc,CAAC,GAAG,CAAC,KAAK,CAAC,MAAM,CAAC,oBAAoB,CAAC,IAAI,CAAC,cAAc,CAAC,GAAG,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC;AASvG,MAAM,eAAe,GAAsC,cAAc,CAAC,GAAG,CAAC,OAAO,CAAC;AAEtF,SAAS,MAAM,CAAC,IAAa;IAC5B,OAAM,CAAC,iBAAiB,CAAC,IAAI,CAAC,CAAC,CAAC;AACjC,CAAC;AAED,4EAA4E;AAC5E,SAAS,gBAAgB,CACxB,KAAW,EACX,EAAW;IAEX,kFAAkF;IAClF,8EAA8E;IAC9E,OAAM,CAAC,IAAI,CAAC,CAAC;AACd,CAAC;AAED,sEAAsE;AACtE,SAAS,gBAAgB,CACxB,IAAU,EACV,CAAU;IAEV,IAAI,CAAC,gBAAgB,CAAC,IAAI,EAAE,CAAC,CAAC,EAAE,CAAC;QAChC,MAAK,CAAC,IAAI,KAAK,CAAC,2DAA2D,CAAC,CAAC,CAAC;IAC/E,CAAC;IACD,OAAM,CAAC,CAAC,CAAC,CAAC;AACX,CAAC;AAED;;;;;;;;;;;;;;;;;;;;;;;;GAwBG;AACH,MAAM,gCAAgC,GAalC;IACH,EAAE;IACF;QACC,IAAI,CAAC,YAAY,CAAC,KAAK;QACvB,IAAI,CAAC,YAAY,CAAC,aAAa;QAC/B,IAAI,CAAC,YAAY,CAAC,aAAa;KAC/B;IACD;QACC,IAAI,CAAC,YAAY,CAAC,aAAa;QAC/B,IAAI,CAAC,YAAY,CAAC,KAAK;QACvB,IAAI,CAAC,YAAY,CAAC,aAAa;KAC/B;IACD,IAAI,CAAC,YAAY,CAAC,aAAa;CAC/B,CAAC;AASF;;GAEG;AACH,MAAM,uBAAuB,GAAG;IAC/B,aAAa,EAAE,IAAI,CAAC,WAAW;IAC/B,aAAa,EAAE,IAAI,CAAC,WAAW;IAC/B,UAAU,EAAE,IAAI,CAAC,QAAQ;IACzB,UAAU,EAAE,IAAI,CAAC,QAAQ;IACzB,QAAQ,EAAE,IAAI,CAAC,QAAQ;IACvB,YAAY,EAAE,IAAI,CAAC,WAAW;IAC9B,YAAY,EAAE,IAAI,CAAC,WAAW;CAC9B,CAAC;AAEF,SAAS,+BAA+B,CAAC,IAAY;IACpD,IAAI,CAAC,CAAC,IAAI,IAAI,yBAAyB,CAAC,EAAE,CAAC;QAC1C,MAAK,CAAC,IAAI,KAAK,CAAC,2BAA2B,IAAI,EAAE,CAAC,CAAC,CAAC;IACrD,CAAC;AACF,CAAC;AAED,SAAS,2BAA2B,CAAC,IAAY;IAChD,+BAA+B,CAAC,IAAI,CAAC,CAAC;IACtC,OAAM,CAAC,IAAI,CAAC,CAAC;AACd,CAAC;AAED,SAAS,eAAe,CAAC,IAA+B,EAAE,KAAc;IACvE,MAAM,MAAM,GAAG,0BAA0B,CAAC,IAAI,CAAC,CAAC;IAChD,MAAM,UAAU,GAAG,8BAA8B,CAAC,IAAI,CAAC,CAAC;IAExD,YAAY;IACZ,IAAI,MAAM,KAAK,IAAI,CAAC,YAAY,CAAC,MAAM,EAAE,CAAC;QACzC,IAAI,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC;YACjC,MAAK,CAAC,IAAI,KAAK,CAAC,qBAAqB,CAAC,CAAC,CAAC;QACzC,CAAC;QACD,MAAM,IAAI,GAAG,IAAI,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC;QAClC,MAAM,GAAG,GAAG,IAAI,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC;QAC9B,OAAM,CAAC,GAAG,CAAC,CAAC;IACb,CAAC;IAED,MAAM,oBAAoB,GAAG,CAAC,CAAC,CAAC,4BAA4B;IAC5D,MAAM,WAAW,GAAG,CAAC,KAAc,EAAE,KAAK,GAAG,CAAC,EAAa,EAAE;QAC5D,uEAAuE;QACvE,IAAI,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC,KAAK,CAAC,EAAE,CAAC;YAC9B,OAAM,CAAC,KAAK,CAAC,CAAC;QACf,CAAC;QACD,IAAI,MAAM,CAAC,QAAQ,CAAC,KAAK,CAAC,EAAE,CAAC;YAC5B,OAAM,CAAC,KAAK,CAAC,CAAC;QACf,CAAC;QACD,IAAI,KAAK,YAAY,WAAW,EAAE,CAAC;YAClC,OAAM,CAAC,mBAAmB,CAAC,KAAK,CAAC,CAAC,CAAC;QACpC,CAAC;QACD,IAAI,OAAO,KAAK,KAAK,QAAQ,EAAE,CAAC;YAC/B,OAAM,CAAC,EAAE,IAAI,EAAE,QAAQ,EAAE,IAAI,EAAE,MAAM,EAAE,KAAK,EAAE,KAAK,EAAE,CAAC,CAAC;QACxD,CAAC;QACD,2DAA2D;QAC3D,IAAI,OAAO,KAAK,KAAK,QAAQ,IAAI,OAAO,KAAK,KAAK,QAAQ,IAAI,OAAO,KAAK,KAAK,SAAS,EAAE,CAAC;YAC1F,OAAM,CAAC,EAAE,IAAI,EAAE,QAAQ,EAAE,IAAI,EAAE,MAAM,EAAE,KAAK,EAAE,MAAM,CAAC,KAAK,CAAC,EAAE,CAAC,CAAC;QAChE,CAAC;QAED,IAAI,KAAK,CAAC,OAAO,CAAC,KAAK,CAAC,EAAE,CAAC;YAC1B,IAAI,KAAK,IAAI,oBAAoB,EAAE,CAAC;gBACnC,MAAK,CAAC,IAAI,KAAK,CAAC,oCAAoC,CAAC,CAAC,CAAC;YACxD,CAAC;YAED,OAAM,CAAC,KAAK,CAAC,GAAG,CAAC,IAAI,CAAC,EAAE,CAAC,WAAW,CAAC,IAAI,EAAE,KAAK,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC;QACzD,CAAC;QAED,MAAK,CAAC,IAAI,KAAK,CAAC,iCAAiC,OAAO,KAAK,EAAE,CAAC,CAAC,CAAC;IACnE,CAAC,CAAC;IAEF,sBAAsB;IACtB,IAAI,UAAU,IAAI,iBAAiB,CAAC,KAAK,CAAC,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,KAAK,CAAC,EAAE,CAAC;QACrE,MAAM,YAAY,GAAG,UAAU,CAAC,GAAG,CAAC,CAAC,SAAS,EAAE,GAAG,EAAE,EAAE;YACtD,MAAM,UAAU,GAAG,KAAK,CAAC,SAAS,CAAC,CAAC;YACpC,IAAI,UAAU,KAAK,SAAS,EAAE,CAAC;gBAAA,OAAM,CAAC,SAAS,CAAC,CAAC;YAAA,CAAC;YAClD,MAAM,GAAG,GAAmB;gBAC3B,IAAI,EAAE,SAAS;gBACf,IAAI,EAAE,UAAU;gBAChB,KAAK,EAAE,GAAG;gBACV,QAAQ,EAAE,WAAW,CAAC,UAAU,CAAC;aACjC,CAAC;YACF,OAAM,CAAC,GAAG,CAAC,CAAC;QACb,CAAC,CAAC,CAAC,MAAM,CAAC,UAAS,aAAa;YAC/B,OAAM,CAAC,aAAa,KAAK,SAAS,CAAC,CAAC;QACrC,CAAC,CAAC,CAAC;QAEH,MAAM,IAAI,GAAG,IAAI,CAAC,QAAQ,CAAC,YAAY,CAAC,CAAC;QACzC,MAAM,GAAG,GAAG,IAAI,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC;QAC9B,OAAM,CAAC,GAAG,CAAC,CAAC;IACb,CAAC;IAED,MAAK,CAAC,IAAI,KAAK,CAAC,6CAA6C,IAAI,CAAC,SAAS,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC;AAC7F,CAAC;AAED,2FAA2F;AAC3F,SAAS,kBAAkB,CAC1B,IAA2C,EAC3C,KAAoD;IAEpD,IAAI,MAAM,CAAC,QAAQ,CAAC,KAAK,CAAC,EAAE,CAAC;QAAC,OAAM,CAAC,KAAK,CAAC,CAAC;IAAC,CAAC;IAC9C,IAAI,KAAK,YAAY,WAAW,EAAE,CAAC;QAAC,OAAM,CAAC,mBAAmB,CAAC,KAAK,CAAC,CAAC,CAAC;IAAC,CAAC;IACzE,IAAI,OAAO,KAAK,KAAK,QAAQ,EAAE,CAAC;QAC/B,MAAM,IAAI,GAAG,IAAI,CAAC,QAAQ,CAAC,EAAE,IAAI,EAAE,QAAQ,EAAE,IAAI,EAAE,MAAM,EAAE,KAAK,EAAE,CAAC,CAAC;QACpE,OAAM,CAAC,mBAAmB,CAAC,IAAI,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;IAChD,CAAC;IAED,IAAI,KAAK,YAAY,IAAI,EAAE,CAAC;QAC3B,MAAM,IAAI,GAAG,IAAI,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC;QAClC,OAAM,CAAC,mBAAmB,CAAC,IAAI,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;IAChD,CAAC;IAED,IAAI,OAAO,KAAK,KAAK,QAAQ,IAAI,KAAK,KAAK,IAAI,EAAE,CAAC;QACjD,IAAI,CAAC,IAAI,EAAE,CAAC;YAAC,MAAK,CAAC,IAAI,KAAK,CAAC,0CAA0C,CAAC,CAAC,CAAC;QAAC,CAAC;QAC5E,MAAM,OAAO,GAAG,eAAe,CAAC,IAAI,EAAE,KAAK,CAAC,CAAC;QAC7C,OAAM,CAAC,mBAAmB,CAAC,OAAO,CAAC,CAAC,CAAC;IACtC,CAAC;IAED,OAAM,CAAC,MAAM,CAAC,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,EAAE,OAAO,CAAC,CAAC,CAAC;AAC7C,CAAC;AAED,KAAK,UAAU,eAAe,CAAyC,IAAU,EAAE,KAAkB;IACpG,MAAM,MAAM,GAAG,0BAA0B,CAAC,IAAI,CAAC,CAAC;IAChD,2BAA2B;IAC3B,aAAa;IACb,MAAM,cAAc,GAAY,IAAI,IAAI,CAAC,iBAAiB,CAAC,KAAK,EAAE,MAAM,CAAC,CAAC,OAAO,EAAE,CAAC;IACpF,MAAM,UAAU,GAAG,8BAA8B,CAAC,IAAI,CAAC,CAAC;IAExD,IAAI,SAAkB,CAAC;IACvB,IAAI,UAAU,IAAI,KAAK,CAAC,OAAO,CAAC,cAAc,CAAC,EAAE,CAAC;QACjD,MAAM,GAAG,GAAc,cAAc,CAAC;QACtC,MAAM,MAAM,GAA+B,EAAE,CAAC;QAC9C,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,UAAU,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;YAC5C,MAAM,SAAS,GAAG,UAAU,CAAC,CAAC,CAAC,CAAC;YAChC,IAAI,CAAC,SAAS,EAAE,CAAC;gBAAA,SAAS;YAAA,CAAC;YAE3B,MAAM,UAAU,GAAY,GAAG,CAAC,CAAC,CAAC,CAAC;YACnC,IAAI,UAAU,KAAK,SAAS,EAAE,CAAC;gBAAA,SAAS;YAAA,CAAC;YACzC,IAAI,WAAW,CAAC,UAAU,CAAC,EAAE,CAAC;gBAC7B,MAAK,CAAC,IAAI,KAAK,CAAC,SAAS,SAAS,uBAAuB,UAAU,CAAC,OAAO,EAAE,CAAC,CAAC,CAAC;YACjF,CAAC;YAED,IAAI,eAAe,CAAC,UAAU,CAAC,EAAE,CAAC;gBACjC,sDAAsD;gBACtD,MAAM,CAAC,SAAS,CAAC,GAAG,YAAY,CAAC,UAAU,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,UAAU,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC,CAAC,UAAU,CAAC,QAAQ,CAAC;YACzG,CAAC;iBAAM,IAAI,YAAY,CAAC,UAAU,CAAC,EAAE,CAAC;gBACrC,MAAM,CAAC,SAAS,CAAC,GAAG,UAAU,CAAC,KAAK,CAAC;YACtC,CAAC;iBAAM,CAAC;gBACP,MAAM,CAAC,SAAS,CAAC,GAAG,UAAU,CAAC;YAChC,CAAC;QACF,CAAC;QACD,SAAS,GAAG,MAAM,CAAC;IACpB,CAAC;SAAM,IAAI,YAAY,CAAC,cAAc,CAAC,EAAE,CAAC;QACzC,SAAS,GAAG,cAAc,CAAC,KAAK,CAAC;IAClC,CAAC;SAAM,CAAC;QACP,SAAS,GAAG,cAAc,CAAC;IAC5B,CAAC;IAED,OAAM,CAAC,gBAAgB,CAAC,IAAI,EAAE,SAAS,CAAC,CAAC,CAAC;AAC3C,CAAC;AAED,MAAM,yBAAyB;IACrB,QAAQ,CAAkB;IACnC,MAAM,CAAqB;IAE3B,YAAY,OAAwB;QACnC,IAAI,CAAC,QAAQ,GAAG,OAAO,CAAC;IACzB,CAAC;IAED,GAAG,CAAC,KAA+B;QAClC,IAAI,CAAC,MAAM,GAAG,MAAM,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,uBAAuB,CAAC,KAAK,CAAC,CAAC;QAC9E,OAAM,CAAC,IAAI,CAAC,CAAC;IACd,CAAC;IAED,KAAK,CAAC,KAAK;QACV,IAAI,IAAI,CAAC,MAAM,KAAK,SAAS,EAAE,CAAC;YAC/B,MAAK,CAAC,IAAI,KAAK,CAAC,eAAe,CAAC,CAAC,CAAC;QACnC,CAAC;QAED,MAAM,IAAI,GAAG,MAAM,CAAC,WAAW,CAAC,EAAE,CAAC,CAAC;QAEpC,MAAM,gBAAgB,GAAG,cAAc,CAAC,GAAG,CAAC,KAAK,CAAC,IAAI,CAAC,gBAAgB,CAAC;QACxE,MAAM,SAAS,GAAG,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,QAAQ,CAAC,SAAS,CAAC,GAAG,EAAE,CAAC,CAAC;QAE7D,MAAM,MAAM,GAAG,aAAa,CAAC;QAC7B,MAAM,GAAG,GAAG,MAAM,CAAC,WAAW,CAAC,EAAE,CAAC,CAAC;QACnC,MAAM,KAAK,GAAG,MAAM,CAAC,WAAW,CAAC,EAAE,CAAC,CAAC;QACrC,MAAM,YAAY,GAAG,MAAM,IAAI,CAAC,QAAQ,CAAC,OAAO,CAAC,mBAAmB,CAAC,GAAG,CAAC,CAAC,CAAC;QAE3E,SAAS,OAAO,CAAC,KAAa;YAC7B,MAAM,YAAY,GAAG,MAAM,CAAC,cAAc,CAAC,MAAM,EAAE,GAAG,EAAE,KAAK,CAAC,CAAC;YAC/D,IAAI,MAAM,GAAG,YAAY,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;YACxC,MAAM,GAAG,MAAM,CAAC,MAAM,CAAC,CAAC,MAAM,EAAE,YAAY,CAAC,KAAK,EAAE,CAAC,CAAC,CAAC;YAEvD;;eAEG;YACH,IAAI,MAAM,KAAK,aAAa,EAAE,CAAC;gBAC9B,MAAM,YAAY,GAAG,OAAO,CAAC,GAAG,CAAC,YAAY,EAAE,YAAY,CAAC,CAAC;gBAC7D,IAAI,OAAO,YAAY,KAAK,UAAU,EAAE,CAAC;oBACxC,MAAM,GAAG,GAAY,YAAY,CAAC,IAAI,CAAC,YAAY,CAAC,CAAC;oBACrD,IAAI,CAAC,MAAM,CAAC,QAAQ,CAAC,GAAG,CAAC,EAAE,CAAC;wBAAC,MAAK,CAAC,IAAI,KAAK,CAAC,oCAAoC,CAAC,CAAC,CAAC;oBAAC,CAAC;oBACtF,MAAM,GAAG,MAAM,CAAC,MAAM,CAAC,CAAC,MAAM,EAAE,GAAG,CAAC,CAAC,CAAC;gBACvC,CAAC;qBAAM,CAAC;oBACP,MAAK,CAAC,IAAI,KAAK,CAAC,6CAA6C,CAAC,CAAC,CAAC;gBACjE,CAAC;YACF,CAAC;YACD,OAAM,CAAC,MAAM,CAAC,CAAC;QAChB,CAAC;QAED,MAAM,cAAc,GAAG,OAAO,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;QAC5C,MAAM,aAAa,GAAG,OAAO,CAAC,uBAAuB,CAAC,IAAI,CAAC,CAAC,CAAC;QAE7D,MAAM,WAAW,GAAG,MAAM,CAAC,MAAM,CAAC,CAAC,IAAI,EAAE,SAAS,EAAE,cAAc,EAAE,IAAI,CAAC,MAAM,CAAC,CAAC,CAAC;QAClF,MAAM,oBAAoB,GAAG,cAAc,CAAC,GAAG,CAAC,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,WAAW,CAAC,CAAC;QAE7E,MAAM,kBAAkB,GAA6B;YACpD,aAAa;YACb,EAAE;YACF,oBAAoB;YACpB;gBACC,eAAe;gBACf,EAAE,IAAI,EAAE,KAAK,EAAE,GAAG,EAAE,MAAM,CAAC,MAAM,EAAE,uBAAuB,CAAC,EAAE;gBAC7D,iBAAiB;gBACjB,KAAK;gBACL,iEAAiE;gBACjE,MAAM,CAAC,IAAI,CAAC,YAAY,CAAC;aACzB;YACD,kBAAkB;YAClB;gBACC,oBAAoB;gBACpB,MAAM,CAAC,IAAI,CAAC,aAAa,CAAC;gBAC1B,uBAAuB;gBACvB,EAAE,IAAI,EAAE,KAAK,EAAE,GAAG,EAAE,MAAM,CAAC,gBAAgB,EAAE,uBAAuB,CAAC,EAAE;gBACvE,yDAAyD;gBACzD,MAAM,CAAC,IAAI,CAAC,oBAAoB,CAAC;aACjC;YACD,sDAAsD;YACtD,cAAc;SACd,CAAC;QAEF,MAAM,sBAAsB,GAAG,IAAI,CAAC,QAAQ,CAAC,kBAAkB,CAAC,CAAC;QAEjE,uCAAuC;QACvC,MAAM,MAAM,GAAG,sBAAsB,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC;QACnD,OAAM,CAAC,MAAM,CAAC,CAAC;IAChB,CAAC;CACD;AAED,MAAM,kBAAkB;IACd,QAAQ,CAAkB;IAC1B,KAAK,CAA8C;IACnD,QAAQ,CAAqC;IAEtD,YAAY,OAAwB,EAAE,IAA0B,EAAE,OAA2C;QAC5G,IAAI,CAAC,QAAQ,GAAG,OAAO,CAAC;QACxB,IAAI,CAAC,KAAK,GAAG,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC;QAC/B,IAAI,OAAO,EAAE,CAAC;YACb,IAAI,CAAC,QAAQ,GAAG,OAAO,CAAC;QACzB,CAAC;IACF,CAAC;IAEO,MAAM,CAAC,IAA0B;QACxC,IAAI,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,EAAE,CAAC;YAC3B,IAAI,GAAG,mBAAmB,CAAC,IAAI,CAAC,CAAC;QAClC,CAAC;QAED,IAAI,gBAAgB,CAAC;QACrB,IAAI,CAAC;YACJ,MAAM,UAAU,GAAG,IAAI,IAAI,CAAC,iBAAiB,CAAC,IAAI,EAAE,gCAAgC,CAAC,CAAC;YACtF,gBAAgB,GAAG,UAAU,CAAC,OAAO,EAAE,CAAC;QACzC,CAAC;QAAC,MAAM,CAAC;YACR,MAAM,EAAE,GAAG,QAAQ,CAAC,IAAI,CAAC,CAAC;YAC1B,MAAK,CAAC,IAAI,KAAK,CAAC,mDAAmD,IAAI,CAAC,SAAS,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC;QAChG,CAAC;QAED,MAAM,cAAc,GAAG,gBAAgB,CAAC,CAAC,CAAC,GAAG,EAAE,CAAC;QAChD,IAAI,cAAc,KAAK,EAAE,EAAE,CAAC;YAC3B,MAAK,CAAC,IAAI,KAAK,CAAC,4CAA4C,cAAc,GAAG,CAAC,CAAC,CAAC;QACjF,CAAC;QAED,OAAM,CAAC;YACN,OAAO,EAAE,cAAc;YACvB,SAAS,EAAE,IAAI,CAAC,QAAQ,CAAC,eAAe,CAAC,GAAG,EAAE;YAC9C,MAAM,EAAE;gBACP,SAAS,EAAE,WAAW,CAAC,gBAAgB,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,GAAG,EAAE,uBAAuB,CAAC;gBAC3E,EAAE,EAAE,gBAAgB,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;gBAC1B,GAAG,EAAE,gBAAgB,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;aAC3B;YACD,WAAW,EAAE;gBACZ,aAAa,EAAE,gBAAgB,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;gBACrC,SAAS,EAAE,WAAW,CAAC,gBAAgB,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,GAAG,EAAE,uBAAuB,CAAC;gBAC3E,KAAK,EAAE,gBAAgB,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;aAC7B;YACD,cAAc,EAAE,gBAAgB,CAAC,CAAC,CAAC;SACnC,CAAC,CAAC;IACJ,CAAC;IAED,KAAK,CAAC,aAAa,CAAC,KAAa;QAChC,MAAM,YAAY,GAAG,MAAM,IAAI,CAAC,QAAQ,CAAC,OAAO,CAAC,mBAAmB,CAAC,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,CAAC;QAC7F,MAAM,SAAS,GAAG,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC,SAAS,CAAC;QAC9C,MAAM,EAAE,GAAG,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC,EAAE,CAAC;QAEhC,MAAM,MAAM,GAAG,MAAM,CAAC,gBAAgB,CAAC,SAAS,EAAE,MAAM,CAAC,IAAI,CAAC,YAAY,CAAC,EAAE,EAAE,CAAC,CAAC;QAEjF,4DAA4D;QAC5D,IAAI,SAAS,KAAK,aAAa,EAAE,CAAC;YACjC,MAAM,OAAO,GAAG,KAAK,CAAC,QAAQ,CAAC,KAAK,CAAC,MAAM,GAAG,EAAE,CAAC,CAAC;YAClD,MAAM,UAAU,GAAG,KAAK,CAAC,QAAQ,CAAC,CAAC,EAAE,KAAK,CAAC,MAAM,GAAG,EAAE,CAAC,CAAC;YAExD,uCAAuC;YACvC,mEAAmE;YACnE,MAAM,YAAY,GAAG,OAAO,CAAC,GAAG,CAAC,MAAM,EAAE,YAAY,CAAC,CAAC;YACvD,IAAI,OAAO,YAAY,KAAK,UAAU,EAAE,CAAC;gBACxC,yGAAyG;gBACzG,YAAY,CAAC,IAAI,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;YACpC,CAAC;iBAAM,CAAC;gBACP,MAAK,CAAC,IAAI,KAAK,CAAC,uCAAuC,CAAC,CAAC,CAAC;YAC3D,CAAC;YAED,MAAM,SAAS,GAAG,MAAM,CAAC,MAAM,CAAC,UAAU,CAAC,CAAC;YAC5C,MAAM,CAAC,KAAK,EAAE,CAAC,CAAC,kBAAkB;YAClC,OAAM,CAAC,SAAS,CAAC,CAAC;QACnB,CAAC;QAED,yDAAyD;QACzD,MAAM,cAAc,GAAG,MAAM,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;QAC5C,MAAM,CAAC,KAAK,EAAE,CAAC;QACf,OAAM,CAAC,cAAc,CAAC,CAAC;IACxB,CAAC;IAED;;;;;;;;OAQG;IACH,KAAK,CAAC,GAAG;QACR,MAAM,cAAc,GAAG,MAAM,IAAI,CAAC,aAAa,CAAC,uBAAuB,CAAC,IAAI,CAAC,KAAK,CAAC,cAAc,CAAC,CAAC,CAAC;QACpG,OAAM,CAAC,mBAAmB,CAAC,cAAc,CAAC,CAAC,CAAC;IAC7C,CAAC;IAED,KAAK,CAAC,QAAQ;QACb,MAAM,KAAK,GAAG,MAAM,IAAI,CAAC,GAAG,EAAE,CAAC;QAC/B,IAAI,CAAC,IAAI,CAAC,QAAQ,EAAE,CAAC;YACpB;;;;;;;eAOG;YACH,yEAAyE;YACzE,OAAO,KAAsB,CAAC;QAC/B,CAAC;QACD,OAAM,CAAC,IAAI,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC,CAAC;IAC9B,CAAC;IAED;;;;OAIG;IACH,KAAK,CAAC,QAAQ;QACb,MAAM,KAAK,GAAG,MAAM,IAAI,CAAC,GAAG,EAAE,CAAC;QAC/B,MAAM,IAAI,GAAG,MAAM,IAAI,CAAC,aAAa,CAAC,uBAAuB,CAAC,IAAI,CAAC,KAAK,CAAC,WAAW,CAAC,aAAa,CAAC,CAAC,CAAC;QAErG,OAAM,CAAC;YACN,KAAK,EAAE,MAAM,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,QAAQ,CAAC,QAAQ,CAAC;YAC5C,IAAI,EAAE;gBACL,IAAI,EAAE,IAAI,CAAC,QAAQ,CAAC,QAAQ,CAAC;aAC7B;SACD,CAAC,CAAC;IACJ,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,aAAa,CAAC,KAA4C;QAC/D,MAAM,cAAc,GAAG,MAAM,CAAC,IAAI,CAAC,KAAK,CAAC,KAAK,EAAE,QAAQ,CAAC,CAAC;QAC1D,MAAM,eAAe,GAAG,MAAM,CAAC,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,IAAI,EAAE,QAAQ,CAAC,CAAC;QAE/D,MAAM,eAAe,GAAG,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,QAAQ,CAAC,SAAS,CAAC,GAAG,EAAE,CAAC,CAAC;QACnE,MAAM,cAAc,GAAG,IAAI,CAAC,KAAK,CAAC,cAAc,CAAC;QAEjD,MAAM,SAAS,GAAG,MAAM,CAAC,MAAM,CAAC,CAAC,eAAe,EAAE,eAAe,EAAE,cAAc,EAAE,cAAc,CAAC,CAAC,CAAC;QACpG,MAAM,oBAAoB,GAAG,cAAc,CAAC,GAAG,CAAC,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC;QAC3E,MAAM,0BAA0B,GAAG,MAAM,CAAC,IAAI,CAAC,oBAAoB,CAAC,CAAC;QAErE,OAAM,CAAC,IAAI,CAAC,KAAK,CAAC,WAAW,CAAC,KAAK,CAAC,MAAM,CAAC,0BAA0B,CAAC,CAAC,CAAC;IACzE,CAAC;IAED,MAAM;QACL,OAAM,CAAC,MAAM,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC;IAC5B,CAAC;CACD;AAgBD;;;;;;;;;;;;;;;;;;;;GAoBG;AACH,MAAM,uCAAuC,GAAG;IAC/C,UAAU,EAAE,CAAC,IAAI,CAAC,YAAY,CAAC,KAAK,EAAE;YACrC,MAAM,EAAE;gBACP,EAAE,IAAI,EAAE,SAAkB,EAAE,KAAK,EAAE,CAAU,EAAE,IAAI,EAAE,UAAmB,EAAE,QAAQ,EAAE,IAAI,CAAC,YAAY,CAAC,aAAa,EAAE;gBACrH,EAAE,IAAI,EAAE,SAAkB,EAAE,KAAK,EAAE,CAAU,EAAE,IAAI,EAAE,UAAmB,EAAE,QAAQ,EAAE,IAAI,CAAC,YAAY,CAAC,aAAa,EAAE;aACrH;SACD,CAAC;CACoB,CAAC;AAQxB,MAAM,OAAO,kBAAmB,SAAQ,cAAc,CAAC,GAAG,CAAC,KAAK,CAAC,WAAW,CAAC,kBAAkB;IACrF,WAAW,GAEhB,EAAE,CAAC;IAEP;;;OAGG;IACK,MAAM,CAAC,SAAS,CAAC,MAA0C;QAClE,MAAM,UAAU,GAAG,EAAE,GAAG,MAAM,EAAE,CAAC;QACjC,IAAI,gBAAgB,CAAC;QACrB,IAAI,UAAU,CAAC,OAAO,EAAE,CAAC;YACxB,gBAAgB,GAAG,UAAU,CAAC,OAAO,CAAC;YACtC,OAAM,CAAC,UAAU,CAAC,OAAO,CAAC,CAAC;QAC5B,CAAC;QACD,MAAM,MAAM,GAA0C,UAAU,CAAC;QACjE,IAAI,gBAAgB,EAAE,CAAC;YACtB,MAAM,CAAC,gBAAgB,GAAG,gBAAgB,CAAC;QAC5C,CAAC;QACD,OAAM,CAAC,MAAM,CAAC,CAAC;IAChB,CAAC;IAED,YAAY,MAA0C;QACrD,KAAK,CAAC,kBAAkB,CAAC,SAAS,CAAC,MAAM,CAAC,CAAC,CAAC;IAC7C,CAAC;IAED;;;;;;;OAOG;IACH,YAAY,CAAyC,IAAU,EAAE,SAAkB,EAAE,KAAsC;QAC1H,kEAAkE;QAClE,MAAM,eAAe,GAAG,0BAA0B,CAAC,IAAI,CAAC,CAAC;QACzD,IAAI,OAAoB,CAAC;QACzB,IAAI,KAAK,YAAY,WAAW,EAAE,CAAC;YAClC,OAAO,GAAG,KAAK,CAAC;QACjB,CAAC;aAAM,IAAI,IAAI,IAAI,0BAA0B,EAAE,CAAC;YAC/C,gDAAgD;YAChD,OAAO,GAAG,mBAAmB,CAAC,kBAAkB,CAAC,IAAI,EAAE,KAAK,CAAC,CAAC,CAAC;QAChE,CAAC;aAAM,IAAI,eAAe,KAAK,IAAI,CAAC,YAAY,CAAC,MAAM,EAAE,CAAC;YACzD,IAAI,CAAC,CAAC,KAAK,YAAY,IAAI,CAAC,EAAE,CAAC;gBAC9B,MAAK,CAAC,IAAI,KAAK,CAAC,qBAAqB,CAAC,CAAC,CAAC;YACzC,CAAC;YAED,OAAO,GAAG,eAAe,CAAC,IAAI,EAAE,KAAK,CAAC,CAAC;QACxC,CAAC;aAAM,IAAI,eAAe,KAAK,IAAI,CAAC,YAAY,CAAC,QAAQ,IAAI,OAAO,KAAK,KAAK,QAAQ,EAAE,CAAC;YACxF,OAAO,GAAG,eAAe,CAAC,IAAI,EAAE,KAAK,CAAC,CAAC;QACxC,CAAC;aAAM,CAAC;YACP,MAAK,CAAC,IAAI,KAAK,CAAC,sCAAsC,CAAC,CAAC,CAAC;QAC1D,CAAC;QAED,IAAI,CAAC,WAAW,CAAC,IAAI,CAAC,GAAG;YACxB,SAAS,EAAE,SAAS;YACpB,KAAK,EAAE,OAAO;SACd,CAAC;IACH,CAAC;IAES,KAAK,CAAC,aAAa,CAAC,GAAG,IAA+G;QAC/I,MAAM,MAAM,GAAG,MAAM,KAAK,CAAC,aAAa,CAAC,GAAG,IAAI,CAAC,CAAC;QAElD,MAAM,OAAO,GAAG,IAAI,CAAC,CAAC,CAAC,CAAC,gBAAgB,CAAC;QAEzC,2BAA2B;QAC3B,MAAM,cAAc,GAAkC,EAAE,CAAC;QACzD,KAAK,MAAM,CAAC,IAAI,EAAE,SAAS,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,IAAI,CAAC,WAAW,CAAC,EAAE,CAAC;YAClE,IAAI,CAAC,CAAC,IAAI,IAAI,yBAAyB,CAAC,EAAE,CAAC;gBAC1C,MAAK,CAAC,IAAI,KAAK,CAAC,sBAAsB,IAAI,EAAE,CAAC,CAAC,CAAC;YAChD,CAAC;YAED;;;;eAIG;YACH,+BAA+B,CAAC,IAAI,CAAC,CAAC;YACtC,MAAM,OAAO,GAAG,yBAAyB,CAAC,IAAI,CAAC,CAAC;YAEhD,IAAI,KAAa,CAAC;YAClB,IAAI,SAAS,CAAC,SAAS,EAAE,CAAC;gBACzB,MAAM,OAAO,GAAG,IAAI,yBAAyB,CAAC,OAAO,CAAC,CAAC;gBACvD,OAAO,CAAC,GAAG,CAAC,SAAS,CAAC,KAAK,CAAC,CAAC;gBAC7B,KAAK,GAAG,mBAAmB,CAAC,MAAM,OAAO,CAAC,KAAK,EAAE,CAAC,CAAC;YACpD,CAAC;iBAAM,CAAC;gBACP,IAAI,OAAO,SAAS,CAAC,KAAK,KAAK,QAAQ,EAAE,CAAC;oBACzC,KAAK,GAAG,MAAM,CAAC,IAAI,CAAC,SAAS,CAAC,KAAK,EAAE,OAAO,CAAC,CAAC;gBAC/C,CAAC;qBAAM,CAAC;oBACP,KAAK,GAAG,mBAAmB,CAAC,SAAS,CAAC,KAAK,CAAC,CAAC;gBAC9C,CAAC;YACF,CAAC;YAAC,cAAc,CAAC,IAAI,CAAC,CAAC;oBACtB,IAAI,EAAE,KAAK;oBACX,GAAG,EAAE,OAAO;iBACZ,EAAE;oBACF,IAAI,EAAE,SAAS;oBACf,IAAI,EAAE,UAAU;oBAChB,KAAK,EAAE,SAAS,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;oBAClC,QAAQ,EAAE,KAAK;iBACf,CAAC,CAAC,CAAC;QACL,CAAC;QAED,IAAI,cAAc,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YAC/B,MAAM,CAAC,IAAI,CACV,cAAc,CAAC,GAAG,CAAC,KAAK,CAAC,WAAW,CAAC,kBAAkB,CAAC,SAAS,CAAC,IAAI,CAAC,KAAK,CAAC,cAAc,EAAE,cAAc,CAAC,CAC5G,CAAC;QACH,CAAC;QAED,OAAM,CAAC,MAAM,CAAC,CAAC;IAChB,CAAC;IAED;;;;;OAKG;IACH,KAAK,CAAC,KAAK,CAAC,MAA0C;QACrD,MAAM,UAAU,GAAG,kBAAkB,CAAC,SAAS,CAAC,MAAM,CAAC,CAAC;QACxD,MAAM,WAAW,GAAG,MAAM,KAAK,CAAC,QAAQ,CAAC,UAAU,CAAC,CAAC;QACrD,mEAAmE;QACnE,MAAM,iBAAiB,GAAG,IAAI,WAAW,CAAC,WAAW,EAAE;YACtD;;;;;eAKG;YACH,MAAM,EAAE,IAAI;SACZ,CAAC,CAAC;QAEH,OAAM,CAAC,iBAAiB,CAAC,CAAC;IAC3B,CAAC;CACD;AAED,MAAM,OAAO,WAAY,SAAQ,cAAc,CAAC,GAAG,CAAC,KAAK,CAAC,WAAW,CAAC,WAAW;IAC/D,UAAU,CAAkB;IAC7C,MAAM,CAAU,OAAO,GAA8B,kBAAkB,CAAC;IACxE,MAAM,CAAU,kBAAkB,CAAuC;IAEzE;;OAEM;IACG,UAAU,GAQf,EAAE,CAAC;IAEP,YAAY,KAAwF,EAAE,OAA8H;QACnO,KAAK,CAAC,KAAK,EAAE,OAAO,CAAC,CAAC;QAEtB,IAAI,CAAC,UAAU,GAAG,OAAO,EAAE,UAAU,IAAI,IAAI,CAAC,gBAAgB,CAAC;QAE/D,KAAK,CAAC,oBAAoB,EAAE,CAAC;IAC9B,CAAC;IAES,oBAAoB;QAC7B,6DAA6D;IAC9D,CAAC;IAEO,iBAAiB,CAAyC,IAAU,EAAE,KAAkB;QAC/F,aAAa;QACb,IAAI,CAAC,UAAU,CAAC,IAAI,CAAC,GAAG,EAAE,SAAS,EAAE,KAAK,EAAE,KAAK,EAAyC,CAAC;IAC5F,CAAC;IAEO,qBAAqB,CAAyC,IAAU,EAAE,KAAkB;QACnG,IAAI,CAAC,UAAU,CAAC,IAAI,CAAC,GAAG;YACvB,SAAS,EAAE,IAAI;YACf,KAAK,EAAE,IAAI,kBAAkB,CAAC,IAAI,CAAC,UAAU,EAAE,KAAK,EAAE,eAAe,CAAC,IAAI,CAAC,IAAI,EAAE,IAAI,CAAC,CAAC;SAChD,CAAC;IAC1C,CAAC;IAED;;;;;OAKG;IACH,KAAK,CAAC,iBAAiB,CAAyC,aAAmB;QAClF,MAAM,IAAI,GAAG,IAAI,CAAC,UAAU,CAAC,aAAa,CAAC,EAAE,KAAK,CAAC;QACnD,IAAI,CAAC,IAAI,EAAE,CAAC;YACX,MAAK,CAAC,IAAI,KAAK,CAAC,aAAa,aAAa,mBAAmB,CAAC,CAAC,CAAC;QACjE,CAAC;QAED,IAAI,IAAI,YAAY,kBAAkB,EAAE,CAAC;YACxC,MAAM,GAAG,GAAG,MAAM,IAAI,CAAC,GAAG,EAAE,CAAC;YAC7B,OAAM,CAAC,MAAM,eAAe,CAAC,aAAa,EAAE,GAAG,CAAC,CAAC,CAAC;QACnD,CAAC;QAED,uCAAuC;QACvC,IAAI,IAAI,YAAY,WAAW,IAAI,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,EAAE,CAAC;YAC1D,OAAM,CAAC,MAAM,eAAe,CAAC,aAAa,EAAE,IAAI,CAAC,CAAC,CAAC;QACpD,CAAC;QAED,MAAK,CAAC,IAAI,KAAK,CAAC,aAAa,aAAa,0BAA0B,CAAC,CAAC,CAAC;IACxE,CAAC;IAES,gBAAgB,CAAC,EAAU,EAAE,KAAkB;QACxD,IAAI,KAAK,CAAC,gBAAgB,CAAC,EAAE,EAAE,KAAK,CAAC,EAAE,CAAC;YACvC,OAAM,CAAC,IAAI,CAAC,CAAC;QACd,CAAC;QAED,IAAI,EAAE,KAAK,IAAI,CAAC,KAAK,CAAC,cAAc,EAAE,CAAC;YACtC,MAAM,aAAa,GAAG,IAAI,IAAI,CAAC,iBAAiB,CAAC,KAAK,EAAE,uCAAuC,CAAC,CAAC,OAAO,EAAE,CAAC;YAE3G,KAAK,MAAM,SAAS,IAAI,aAAa,EAAE,CAAC;gBACvC,MAAM,UAAU,GAAG,WAAW,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC,GAAG,EAAE,yBAAyB,CAAC,CAAC;gBAC5E,MAAM,IAAI,GAAG,2BAA2B,CAAC,UAAU,CAAC,CAAC;gBACrD,MAAM,SAAS,GAAG,SAAS,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC;gBACrC,MAAM,KAAK,GAAG,mBAAmB,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC;gBAEzD,QAAQ,SAAS,EAAE,CAAC;oBACnB,KAAK,CAAC;wBACL,iBAAiB;wBACjB,IAAI,CAAC,iBAAiB,CAAC,IAAI,EAAE,KAAK,CAAC,CAAC;wBACpC,MAAM;oBACP,KAAK,CAAC;wBACL,qBAAqB;wBACrB,IAAI,CAAC,qBAAqB,CAAC,IAAI,EAAE,KAAK,CAAC,CAAC;wBACxC,MAAM;oBACP;wBACC,WAAW,CAAC,SAAS,CAAC,CAAC;gBACzB,CAAC;YACF,CAAC;YAED,OAAM,CAAC,IAAI,CAAC,CAAC;QACd,CAAC;QAED,OAAM,CAAC,KAAK,CAAC,CAAC;IACf,CAAC;;AAmBD,CAAC;AAKF,MAAM,OAAO,6BAA6B;IACzC,YAAY,CAAe;IAC3B,WAAW,GAKP,EAAE,CAAC;IAEC,SAAS,CAAqB;IAC9B,iBAAiB,GAAG,KAAK,CAAC;IAElC,MAAM,CAAC,8BAA8B,GAA2C,+BAA+B,CAAC;IAEhH,YAAY,KAA2B,EAAE,OAAoD;QAC5F,IAAI,eAAuB,CAAC;QAC5B,IAAI,OAAO,KAAK,KAAK,QAAQ,EAAE,CAAC;YAC/B;;;eAGG;YACH,MAAM,UAAU,GAAG,KAAK,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC;YACxC,IAAI,WAAiC,CAAC;YACtC,KAAK,IAAI,WAAW,GAAG,CAAC,EAAE,WAAW,GAAG,UAAU,CAAC,MAAM,EAAE,WAAW,EAAE,EAAE,CAAC;gBAC1E,MAAM,IAAI,GAAG,UAAU,CAAC,WAAW,CAAC,EAAE,IAAI,EAAE,CAAC;gBAC7C,IAAI,IAAI,EAAE,UAAU,CAAC,aAAa,CAAC,EAAE,CAAC;oBACrC,IAAI,QAAQ,GAAG,CAAC,CAAC,CAAC;oBAClB,MAAM,eAAe,GAAG,IAAI,CAAC,OAAO,CAAC,OAAO,EAAE,KAAK,CAAC,CAAC;oBACrD,KAAK,IAAI,SAAS,GAAG,WAAW,GAAG,CAAC,EAAE,SAAS,GAAG,UAAU,CAAC,MAAM,EAAE,SAAS,EAAE,EAAE,CAAC;wBAClF,MAAM,YAAY,GAAG,UAAU,CAAC,SAAS,CAAC,EAAE,IAAI,EAAE,CAAC;wBACnD,IAAI,YAAY,KAAK,eAAe,EAAE,CAAC;4BACtC,QAAQ,GAAG,SAAS,CAAC;4BACrB,MAAM;wBACP,CAAC;oBACF,CAAC;oBACD,IAAI,QAAQ,KAAK,CAAC,CAAC,EAAE,CAAC;wBACrB,MAAK,CAAC,IAAI,KAAK,CAAC,sCAAsC,CAAC,CAAC,CAAC;oBAC1D,CAAC;oBAED,WAAW,GAAG,UAAU,CAAC,KAAK,CAAC,WAAW,GAAG,CAAC,EAAE,QAAQ,CAAC,CAAC;oBAC1D,MAAM;gBACP,CAAC;YACF,CAAC;YACD,IAAI,WAAW,KAAK,SAAS,EAAE,CAAC;gBAC/B,WAAW,GAAG,UAAU,CAAC;YAC1B,CAAC;YAED,WAAW,GAAG,WAAW,CAAC,GAAG,CAAC,UAAS,IAAI;gBAC1C,OAAM,CAAC,IAAI,CAAC,IAAI,EAAE,CAAC,CAAC;YACrB,CAAC,CAAC,CAAC,MAAM,CAAC,UAAS,IAAI;gBACtB,OAAM,CAAC,IAAI,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC;YACzB,CAAC,CAAC,CAAC;YAEH,MAAM,aAAa,GAAG,WAAW,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;YAC3C,eAAe,GAAG,MAAM,CAAC,IAAI,CAAC,aAAa,EAAE,QAAQ,CAAC,CAAC;QACxD,CAAC;aAAM,CAAC;YACP,eAAe,GAAG,mBAAmB,CAAC,KAAK,CAAC,CAAC;QAC9C,CAAC;QAED,IAAI,UAAU,GAAG,OAAO,EAAE,UAAU,CAAC;QACrC,IAAI,eAAe,CAAC,UAAU,CAAC,UAAU,CAAC,EAAE,CAAC;YAC5C,UAAU,GAAG,CAAC,UAAU,CAAC,CAAC;QAC3B,CAAC;aAAM,IAAI,UAAU,YAAY,GAAG,EAAE,CAAC;YACtC,UAAU,GAAG,KAAK,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC;QACrC,CAAC;aAAM,IAAI,UAAU,KAAK,SAAS,EAAE,CAAC;YACrC,UAAU,GAAG,IAAI,CAAC;QACnB,CAAC;QAED,IAAI,CAAC,SAAS,GAAG,kBAAkB,CAAC,iBAAiB,CAAC,eAAe,EAAE,UAAU,CAAC,CAAC;IACpF,CAAC;IAED;;;;OAIG;IACH,MAAM,CAAC,KAAK,CAAC,eAAe,CAAC,WAAwB,EAAE,cAA4C;QAClG,IAAI,cAAc,KAAK,SAAS,EAAE,CAAC;YAClC;;;eAGG;YACH,yEAAyE;YACzE,cAAc,GAAG,MAAM,CAAC,IAAI,CAAC,WAAW,CAAC,UAAU,CAA4C,CAAC;QACjG,CAAC;QAED,MAAM,UAAU,GAA8D,EAAE,CAAC;QACjF,KAAK,MAAM,IAAI,IAAI,cAAc,EAAE,CAAC;YACnC,MAAM,IAAI,GAAG,WAAW,CAAC,UAAU,CAAC,IAAI,CAAC,CAAC;YAC1C;;eAEG;YACH,IAAI,CAAC,IAAI,EAAE,CAAC;gBACX,SAAS;YACV,CAAC;YAED,IAAI,IAAI,CAAC,SAAS,EAAE,CAAC;gBACpB,UAAU,CAAC,IAAI,CAAC,GAAG;oBAClB,SAAS,EAAE,IAAI;oBACf,KAAK,EAAE,MAAM,IAAI,CAAC,KAAK,CAAC,QAAQ,EAAE;iBAClC,CAAC;YACH,CAAC;iBAAM,CAAC;gBACP,UAAU,CAAC,IAAI,CAAC,GAAG;oBAClB,SAAS,EAAE,KAAK;oBAChB,KAAK,EAAE,mBAAmB,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,QAAQ,CAAC,QAAQ,CAAC;iBACzD,CAAC;YACH,CAAC;QACF,CAAC;QAED,MAAM,cAAc,GAAG,IAAI,CAAC,SAAS,CAAC;YACrC,WAAW,EAAE,WAAW,CAAC,KAAK,EAAE;YAChC,UAAU,EAAE,UAAU;SACgC,CAAC,CAAC;QAEzD,MAAM,aAAa,GAAG,eAAe,CAAC,QAAQ,CAAC,eAAe,CAAC,kBAAkB,EAAE,EAAE,CAAC,CAAC,CAAC;QACxF,MAAM,cAAc,GAAG,MAAM,CAAC,IAAI,CAAC,cAAc,EAAE,OAAO,CAAC,CAAC;QAC5D,MAAM,wBAAwB,GAAG,MAAM,cAAc,CAAC,GAAG,CAAC,KAAK,CAAC,MAAM,CAAC,gBAAgB,CAAC,mBAAmB,CAAC,cAAc,CAAC,CAAC,CAAC;QAC7H,MAAM,SAAS,GAAG,kBAAkB,CAAC,aAAa,CAAC,mBAAmB,CAAC,wBAAwB,CAAC,EAAE,CAAC,aAAa,CAAC,EAAE,IAAI,CAAC,CAAC;QACzH,MAAM,eAAe,GAAG,MAAM,SAAS,CAAC,gBAAgB,EAAE,CAAC;QAC3D,MAAM,MAAM,GAAG,IAAI,6BAA6B,CAAC,mBAAmB,CAAC,eAAe,CAAC,EAAE,EAAE,UAAU,EAAE,aAAa,EAAE,CAAC,CAAC;QACtH,MAAM,MAAM,CAAC,YAAY,CAAC,aAAa,CAAC,CAAC;QACzC,OAAM,CAAC,MAAM,CAAC,CAAC;IAChB,CAAC;IAED,KAAK,CAAC,WAAW,CAAC,SAA0B;QAC3C,MAAM,IAAI,CAAC,SAAS,CAAC,WAAW,CAAC,SAAS,CAAC,CAAC;QAC5C,OAAM,CAAC,IAAI,CAAC,CAAC;IACd,CAAC;IAED,KAAK,CAAC,YAAY,CAAC,SAA0B;QAC5C,MAAM,IAAI,CAAC,SAAS,CAAC,YAAY,CAAC,SAAS,CAAC,CAAC;QAC7C,OAAM,CAAC,IAAI,CAAC,CAAC;IACd,CAAC;IAED,IAAI,UAAU;QACb,OAAM,CAAC,IAAI,CAAC,SAAS,CAAC,UAAU,CAAC,CAAC;IACnC,CAAC;IAED,KAAK,CAAC,SAAS;QACd,IAAI,IAAI,CAAC,iBAAiB,EAAE,CAAC;YAC5B,OAAO;QACR,CAAC;QACD,IAAI,CAAC,iBAAiB,GAAG,IAAI,CAAC;QAE9B,MAAM,cAAc,GAAG,MAAM,IAAI,CAAC,SAAS,CAAC,YAAY,EAAE,CAAC;QAC3D,MAAM,0BAA0B,GAAG,MAAM,cAAc,CAAC,GAAG,CAAC,KAAK,CAAC,MAAM,CAAC,gBAAgB,CAAC,mBAAmB,CAAC,cAAc,CAAC,CAAC,CAAC;QAC/H,MAAM,cAAc,GAAG,MAAM,CAAC,IAAI,CAAC,0BAA0B,CAAC,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC;QACjF,MAAM,YAAY,GAAY,IAAI,CAAC,KAAK,CAAC,cAAc,CAAC,CAAC;QACzD,MAAM,QAAQ,GAAG,iDAAiD,CAAC,YAAY,CAAC,CAAC;QAEjF,IAAI,CAAC,YAAY,GAAG,IAAI,WAAW,CAAC,QAAQ,CAAC,WAAW,CAAC,CAAC;QAC1D,MAAM,iBAAiB,GAAG,MAAM,CAAC,OAAO,CAAC,QAAQ,CAAC,UAAU,CAAC,CAAC,GAAG,CAAC,KAAK,EAAE,CAAC,IAAI,EAAE,IAAI,CAAC,EAAkE,EAAE;YACxJ;;;;;;eAMG;YACH,yEAAyE;YACzE,MAAM,aAAa,GAAG,IAAI,CAAC,YAAY,EAAE,UAAU,CAAC,IAAiC,CAAC,CAAC;YAEvF,IAAI,CAAC,aAAa,EAAE,CAAC;gBACpB,MAAK,CAAC,IAAI,KAAK,CAAC,aAAa,IAAI,2BAA2B,CAAC,CAAC,CAAC;YAChE,CAAC;YAED,IAAI,aAAa,CAAC,SAAS,KAAK,IAAI,CAAC,SAAS,EAAE,CAAC;gBAChD,MAAK,CAAC,IAAI,KAAK,CAAC,aAAa,IAAI,wCAAwC,CAAC,CAAC,CAAC;YAC7E,CAAC;YAED,IAAI,CAAC,IAAI,CAAC,SAAS,EAAE,CAAC;gBACrB,IAAI,aAAa,CAAC,SAAS,EAAE,CAAC;oBAC7B,MAAK,CAAC,IAAI,KAAK,CAAC,aAAa,IAAI,wCAAwC,CAAC,CAAC,CAAC;gBAC7E,CAAC;gBAED,MAAM,SAAS,GAAG,aAAa,CAAC,KAAK,CAAC;gBACtC,MAAM,WAAW,GAAG,mBAAmB,CAAC,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,KAAK,EAAE,QAAQ,CAAC,CAAC,CAAC;gBAC3E,IAAI,WAAW,CAAC,UAAU,KAAK,SAAS,CAAC,UAAU,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,WAAW,CAAC,CAAC,MAAM,CAAC,MAAM,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC,EAAE,CAAC;oBACjH,MAAK,CAAC,IAAI,KAAK,CAAC,aAAa,IAAI,kCAAkC,CAAC,CAAC,CAAC;gBACvE,CAAC;gBAED,OAAM,CAAC,CAAC,IAAI,EAAE;wBACb,SAAS,EAAE,KAAK;wBAChB,KAAK,EAAE,WAAW;qBAClB,CAAC,CAAC,CAAC;YACL,CAAC;YAED,IAAI,CAAC,aAAa,CAAC,SAAS,EAAE,CAAC;gBAC9B,MAAK,CAAC,IAAI,KAAK,CAAC,aAAa,IAAI,wCAAwC,CAAC,CAAC,CAAC;YAC7E,CAAC;YAED,IAAI,CAAC,CAAC,MAAM,aAAa,CAAC,KAAK,CAAC,aAAa,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC;gBAC5D,MAAK,CAAC,IAAI,KAAK,CAAC,aAAa,IAAI,0BAA0B,CAAC,CAAC,CAAC;YAC/D,CAAC;YAED,MAAM,SAAS,GAAG,mBAAmB,CAAC,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,KAAK,CAAC,KAAK,EAAE,QAAQ,CAAC,CAAC,CAAC;YAE/E,OAAM,CAAC,CAAC,IAAI,EAAE;oBACb,SAAS,EAAE,IAAI;oBACf,KAAK,EAAE,SAAS;iBAChB,CAAC,CAAC,CAAC;QACL,CAAC,CAAC,CAAC;QACH,MAAM,kBAAkB,GAAG,MAAM,OAAO,CAAC,GAAG,CAAC,iBAAiB,CAAC,CAAC;QAChE,IAAI,CAAC,WAAW,GAAG,MAAM,CAAC,WAAW,CAAC,kBAAkB,CAAC,CAAC;IAC3D,CAAC;IAED,KAAK,CAAC,cAAc;QACnB,MAAM,IAAI,CAAC,SAAS,EAAE,CAAC;QACvB,IAAI,CAAC,IAAI,CAAC,YAAY,EAAE,CAAC;YACxB,MAAK,CAAC,IAAI,KAAK,CAAC,2CAA2C,CAAC,CAAC,CAAC;QAC/D,CAAC;QACD,OAAM,CAAC,IAAI,CAAC,YAAY,CAAC,CAAC;IAC3B,CAAC;IAED,KAAK,CAAC,kBAAkB,CAAC,IAAY;QACpC,MAAM,IAAI,CAAC,SAAS,EAAE,CAAC;QACvB,MAAM,IAAI,GAAG,IAAI,CAAC,WAAW,CAAC,IAAI,CAAC,CAAC;QACpC,OAAM,CAAC,IAAI,EAAE,KAAK,CAAC,CAAC;IACrB,CAAC;IAED,KAAK,CAAC,YAAY,CAAyC,IAAU;QACpE,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,kBAAkB,CAAC,IAAI,CAAC,CAAC;QACnD,IAAI,MAAM,KAAK,SAAS,EAAE,CAAC;YAC1B,OAAM,CAAC,SAAS,CAAC,CAAC;QACnB,CAAC;QAED,MAAM,MAAM,GAAG,MAAM,eAAe,CAAC,IAAI,EAAE,MAAM,CAAC,CAAC;QAEnD;;;;;;;;;;;;WAYG;QAEH,OAAM,CAAC,MAAM,CAAC,CAAC;IAChB,CAAC;IAID,KAAK,CAAC,iBAAiB,CAAC,cAAwB;QAC/C,MAAM,IAAI,CAAC,SAAS,EAAE,CAAC;QACvB,MAAM,KAAK,GAAG,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,WAAW,CAAC,CAAC;QAE5C,IAAI,cAAc,EAAE,CAAC;YACpB,OAAM,CAAC,KAAK,CAAC,CAAC;QACf,CAAC;QAED,MAAM,UAAU,GAAG,KAAK,CAAC,MAAM,CAAC,UAAS,IAAI;YAC5C,OAAM,CAAC,IAAI,IAAI,yBAAyB,CAAC,CAAC;QAC3C,CAAC,CAAC,CAAC;QAEH,OAAM,CAAC,UAAU,CAAC,CAAC;IACpB,CAAC;IAMD,KAAK,CAAC,MAAM,CAAC,OAAoD;QAChE,OAAO,GAAG;YACT,MAAM,EAAE,aAAa;YACrB,GAAG,OAAO;SACV,CAAC;QAEF,IAAI,UAA6B,CAAC;QAClC,IAAI,CAAC;YACJ,UAAU,GAAG,IAAI,CAAC,SAAS,CAAC,UAAU,CAAC;QACxC,CAAC;QAAC,MAAM,CAAC;YACR,UAAU,GAAG,EAAE,CAAC;QACjB,CAAC;QACD,IAAI,UAAU,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YAC7B,MAAK,CAAC,IAAI,KAAK,CAAC,oEAAoE,CAAC,CAAC,CAAC;QACxF,CAAC;QAED,MAAM,YAAY,GAAG,MAAM,IAAI,CAAC,SAAS,CAAC,gBAAgB,EAAE,CAAC;QAC7D,IAAI,OAAO,CAAC,MAAM,KAAK,QAAQ,EAAE,CAAC;YACjC,MAAM,YAAY,GAAG,YAAY,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC;YACrD,MAAM,WAAW,GAAG,CAAC,uCAAuC,CAAC,CAAC;YAC9D,WAAW,CAAC,IAAI,CAAC,GAAG,YAAY,CAAC,KAAK,CAAC,UAAU,CAAC,IAAI,EAAE,CAAC,CAAC;YAC1D,WAAW,CAAC,IAAI,CAAC,qCAAqC,CAAC,CAAC;YACxD,OAAM,CAAC,WAAW,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC;QAChC,CAAC;aAAM,IAAI,OAAO,CAAC,MAAM,KAAK,aAAa,EAAE,CAAC;YAC7C,OAAM,CAAC,mBAAmB,CAAC,YAAY,CAAC,CAAC,CAAC;QAC3C,CAAC;aAAM,CAAC;YACP,MAAK,CAAC,IAAI,KAAK,CAAC,8BAA8B,MAAM,CAAC,OAAO,CAAC,MAAM,CAAC,EAAE,CAAC,CAAC,CAAC;QAC1E,CAAC;IACF,CAAC;;AAGF,aAAa;AACb,WAAW,CAAC,kBAAkB,GAAG,6BAA6B,CAAC;AAE/D,gBAAgB;AAChB,MAAM,CAAC,MAAM,QAAQ,GAAG;IACvB,yBAAyB;IACzB,kBAAkB;CAClB,CAAC","sourcesContent":["import * as util from 'util';\nimport * as KeetaNetClient from '@keetanetwork/keetanet-client';\nimport * as oids from '../services/kyc/oids.generated.js';\nimport * as ASN1 from './utils/asn1.js';\nimport { ASN1toJS } from './utils/asn1.js';\nimport type { ASN1AnyJS, ASN1ContextTag } from './utils/asn1.js';\nimport { arrayBufferLikeToBuffer, arrayBufferToBuffer, Buffer, bufferToArrayBuffer } from './utils/buffer.js';\nimport crypto from './utils/crypto.js';\nimport { assertNever } from './utils/never.js';\nimport type { SensitiveAttributeType, CertificateAttributeValue } from '../services/kyc/iso20022.generated.js';\nimport { CertificateAttributeOIDDB, CertificateAttributeSchema, CertificateAttributeFieldNames } from '../services/kyc/iso20022.generated.js';\nimport { hasIndexSignature, isErrorLike, hasValueProp, isContextTagged } from './utils/guards.js';\nimport { getOID, lookupByOID } from './utils/oid.js';\nimport { convertToJSON as convertToJSONUtil } from './utils/json.js';\nimport { EncryptedContainer } from './encrypted-container.js';\nimport { assertSharableCertificateAttributesContentsSchema } from './certificates.generated.js';\n\n/**\n * Short alias for printing a debug representation of an object\n */\nconst DPO = KeetaNetClient.lib.Utils.Helper.debugPrintableObject.bind(KeetaNetClient.lib.Utils.Helper);\n\n/* ENUM */\ntype AccountKeyAlgorithm = InstanceType<typeof KeetaNetClient.lib.Account>['keyType'];\n\n/**\n * An alias for the KeetaNetAccount type\n */\ntype KeetaNetAccount = ReturnType<typeof KeetaNetClient.lib.Account.fromSeed<AccountKeyAlgorithm>>;\nconst KeetaNetAccount: typeof KeetaNetClient.lib.Account = KeetaNetClient.lib.Account;\n\nfunction toJSON(data: unknown): unknown {\n\treturn(convertToJSONUtil(data));\n}\n\n// Generic type guard to align decoded values with generated attribute types\nfunction isAttributeValue<NAME extends CertificateAttributeNames>(\n\t_name: NAME,\n\t_v: unknown\n): _v is CertificateAttributeValue<NAME> {\n\t// Runtime schema validation is already performed by BufferStorageASN1; this guard\n\t// serves to inform TypeScript of the precise type tied to the attribute name.\n\treturn(true);\n}\n\n// Helper to apply type guard once and return the properly typed value\nfunction asAttributeValue<NAME extends CertificateAttributeNames>(\n\tname: NAME,\n\tv: unknown\n): CertificateAttributeValue<NAME> {\n\tif (!isAttributeValue(name, v)) {\n\t\tthrow(new Error('internal error: decoded value did not match expected type'));\n\t}\n\treturn(v);\n}\n\n/**\n * Sensitive Attribute Schema\n *\n * ASN.1 Schema:\n * SensitiveAttributes DEFINITIONS ::= BEGIN\n * SensitiveAttribute ::= SEQUENCE {\n * version INTEGER { v1(0) },\n * cipher SEQUENCE {\n * algorithm OBJECT IDENTIFIER,\n * ivOrNonce OCTET STRING,\n * key OCTET STRING\n * },\n * hashedValue SEQUENCE {\n * encryptedSalt OCTET STRING,\n * algorithm OBJECT IDENTIFIER,\n * value OCTET STRING\n * },\n * encryptedValue OCTET STRING\n * }\n * END\n *\n * https://keeta.notion.site/Keeta-KYC-Certificate-Extensions-13e5da848e588042bdcef81fc40458b7\n *\n * @internal\n */\nconst SensitiveAttributeSchemaInternal: [\n\tversion: 0n,\n\tcipher: [\n\t\talgorithm: typeof ASN1.ValidateASN1.IsOID,\n\t\tiv: typeof ASN1.ValidateASN1.IsOctetString,\n\t\tkey: typeof ASN1.ValidateASN1.IsOctetString\n\t],\n\thashedValue: [\n\t\tencryptedSalt: typeof ASN1.ValidateASN1.IsOctetString,\n\t\talgorithm: typeof ASN1.ValidateASN1.IsOID,\n\t\tvalue: typeof ASN1.ValidateASN1.IsOctetString\n\t],\n\tencryptedValue: typeof ASN1.ValidateASN1.IsOctetString\n] = [\n\t0n,\n\t[\n\t\tASN1.ValidateASN1.IsOID,\n\t\tASN1.ValidateASN1.IsOctetString,\n\t\tASN1.ValidateASN1.IsOctetString\n\t],\n\t[\n\t\tASN1.ValidateASN1.IsOctetString,\n\t\tASN1.ValidateASN1.IsOID,\n\t\tASN1.ValidateASN1.IsOctetString\n\t],\n\tASN1.ValidateASN1.IsOctetString\n];\n\n/**\n * The Sensitive Attribute Schema Internal\n *\n * @internal\n */\ntype SensitiveAttributeSchema = ASN1.SchemaMap<typeof SensitiveAttributeSchemaInternal>;\n\n/*\n * Database of permitted algorithms and their OIDs\n */\nconst sensitiveAttributeOIDDB = {\n\t'aes-256-gcm': oids.AES_256_GCM,\n\t'aes-256-cbc': oids.AES_256_CBC,\n\t'sha2-256': oids.SHA2_256,\n\t'sha3-256': oids.SHA3_256,\n\t'sha256': oids.SHA2_256,\n\t'aes256-gcm': oids.AES_256_GCM,\n\t'aes256-cbc': oids.AES_256_CBC\n};\n\nfunction assertCertificateAttributeNames(name: string): asserts name is CertificateAttributeNames {\n\tif (!(name in CertificateAttributeOIDDB)) {\n\t\tthrow(new Error(`Unknown attribute name: ${name}`));\n\t}\n}\n\nfunction asCertificateAttributeNames(name: string): CertificateAttributeNames {\n\tassertCertificateAttributeNames(name);\n\treturn(name);\n}\n\nfunction encodeAttribute(name: CertificateAttributeNames, value: unknown): ArrayBuffer {\n\tconst schema = CertificateAttributeSchema[name];\n\tconst fieldNames = CertificateAttributeFieldNames[name];\n\n\t// Date type\n\tif (schema === ASN1.ValidateASN1.IsDate) {\n\t\tif (!(util.types.isDate(value))) {\n\t\t\tthrow(new Error('Expected Date value'));\n\t\t}\n\t\tconst asn1 = ASN1.JStoASN1(value);\n\t\tconst der = asn1.toBER(false);\n\t\treturn(der);\n\t}\n\n\tconst MAX_ASN1_VALUE_DEPTH = 8; // Prevent excessive nesting\n\tconst toASN1Value = (input: unknown, depth = 0): ASN1AnyJS => {\n\t\t// Only allow primitives and raw binary that ASN1.JStoASN1 understands.\n\t\tif (util.types.isDate(input)) {\n\t\t\treturn(input);\n\t\t}\n\t\tif (Buffer.isBuffer(input)) {\n\t\t\treturn(input);\n\t\t}\n\t\tif (input instanceof ArrayBuffer) {\n\t\t\treturn(arrayBufferToBuffer(input));\n\t\t}\n\t\tif (typeof input === 'string') {\n\t\t\treturn({ type: 'string', kind: 'utf8', value: input });\n\t\t}\n\t\t/* XXX: Why are numbers and booleans encoded as strings? */\n\t\tif (typeof input === 'number' || typeof input === 'bigint' || typeof input === 'boolean') {\n\t\t\treturn({ type: 'string', kind: 'utf8', value: String(input) });\n\t\t}\n\n\t\tif (Array.isArray(input)) {\n\t\t\tif (depth >= MAX_ASN1_VALUE_DEPTH) {\n\t\t\t\tthrow(new Error('Exceeded maximum ASN.1 value depth'));\n\t\t\t}\n\n\t\t\treturn(input.map(item => toASN1Value(item, depth + 1)));\n\t\t}\n\n\t\tthrow(new Error(`Unsupported ASN.1 value type: ${typeof input}`));\n\t};\n\n\t// Complex object type\n\tif (fieldNames && hasIndexSignature(value) && !Array.isArray(value)) {\n\t\tconst mappedFields = fieldNames.map((fieldName, idx) => {\n\t\t\tconst fieldValue = value[fieldName];\n\t\t\tif (fieldValue === undefined) {return(undefined);}\n\t\t\tconst tag: ASN1ContextTag = {\n\t\t\t\ttype: 'context',\n\t\t\t\tkind: 'explicit',\n\t\t\t\tvalue: idx,\n\t\t\t\tcontains: toASN1Value(fieldValue)\n\t\t\t};\n\t\t\treturn(tag);\n\t\t}).filter(function(computedValue): computedValue is NonNullable<typeof computedValue> {\n\t\t\treturn(computedValue !== undefined);\n\t\t});\n\n\t\tconst asn1 = ASN1.JStoASN1(mappedFields);\n\t\tconst der = asn1.toBER(false);\n\t\treturn(der);\n\t}\n\n\tthrow(new Error(`Unsupported attribute value for encoding: ${JSON.stringify(DPO(value))}`));\n}\n\n// Prepare a value for inclusion in a SensitiveAttribute: pre-encode complex and date types\nfunction encodeForSensitive(\n\tname: CertificateAttributeNames | undefined,\n\tvalue: SensitiveAttributeType | Buffer | ArrayBuffer\n): Buffer {\n\tif (Buffer.isBuffer(value)) { return(value); }\n\tif (value instanceof ArrayBuffer) { return(arrayBufferToBuffer(value)); }\n\tif (typeof value === 'string') {\n\t\tconst asn1 = ASN1.JStoASN1({ type: 'string', kind: 'utf8', value });\n\t\treturn(arrayBufferToBuffer(asn1.toBER(false)));\n\t}\n\n\tif (value instanceof Date) {\n\t\tconst asn1 = ASN1.JStoASN1(value);\n\t\treturn(arrayBufferToBuffer(asn1.toBER(false)));\n\t}\n\n\tif (typeof value === 'object' && value !== null) {\n\t\tif (!name) { throw(new Error('attributeName required for complex types')); }\n\t\tconst encoded = encodeAttribute(name, value);\n\t\treturn(arrayBufferToBuffer(encoded));\n\t}\n\n\treturn(Buffer.from(String(value), 'utf-8'));\n}\n\nasync function decodeAttribute<NAME extends CertificateAttributeNames>(name: NAME, value: ArrayBuffer): Promise<CertificateAttributeValue<NAME>> {\n\tconst schema = CertificateAttributeSchema[name];\n\t// XXX:TODO Fix depth issue\n\t// @ts-ignore\n\tconst decodedUnknown: unknown = new ASN1.BufferStorageASN1(value, schema).getASN1();\n\tconst fieldNames = CertificateAttributeFieldNames[name];\n\n\tlet candidate: unknown;\n\tif (fieldNames && Array.isArray(decodedUnknown)) {\n\t\tconst arr: unknown[] = decodedUnknown;\n\t\tconst result: { [key: string]: unknown } = {};\n\t\tfor (let i = 0; i < fieldNames.length; i++) {\n\t\t\tconst fieldName = fieldNames[i];\n\t\t\tif (!fieldName) {continue;}\n\n\t\t\tconst fieldValue: unknown = arr[i];\n\t\t\tif (fieldValue === undefined) {continue;}\n\t\t\tif (isErrorLike(fieldValue)) {\n\t\t\t\tthrow(new Error(`Field ${fieldName} contains an error: ${fieldValue.message}`));\n\t\t\t}\n\n\t\t\tif (isContextTagged(fieldValue)) {\n\t\t\t\t// unwrap context tag; prefer nested .value if present\n\t\t\t\tresult[fieldName] = hasValueProp(fieldValue.contains) ? fieldValue.contains.value : fieldValue.contains;\n\t\t\t} else if (hasValueProp(fieldValue)) {\n\t\t\t\tresult[fieldName] = fieldValue.value;\n\t\t\t} else {\n\t\t\t\tresult[fieldName] = fieldValue;\n\t\t\t}\n\t\t}\n\t\tcandidate = result;\n\t} else if (hasValueProp(decodedUnknown)) {\n\t\tcandidate = decodedUnknown.value;\n\t} else {\n\t\tcandidate = decodedUnknown;\n\t}\n\n\treturn(asAttributeValue(name, candidate));\n}\n\nclass SensitiveAttributeBuilder {\n\treadonly #account: KeetaNetAccount;\n\t#value: Buffer | undefined;\n\n\tconstructor(account: KeetaNetAccount) {\n\t\tthis.#account = account;\n\t}\n\n\tset(value: Buffer | ArrayBufferLike): this {\n\t\tthis.#value = Buffer.isBuffer(value) ? value : arrayBufferLikeToBuffer(value);\n\t\treturn(this);\n\t}\n\n\tasync build() {\n\t\tif (this.#value === undefined) {\n\t\t\tthrow(new Error('Value not set'));\n\t\t}\n\n\t\tconst salt = crypto.randomBytes(32);\n\n\t\tconst hashingAlgorithm = KeetaNetClient.lib.Utils.Hash.HashFunctionName;\n\t\tconst publicKey = Buffer.from(this.#account.publicKey.get());\n\n\t\tconst cipher = 'aes-256-gcm';\n\t\tconst key = crypto.randomBytes(32);\n\t\tconst nonce = crypto.randomBytes(12);\n\t\tconst encryptedKey = await this.#account.encrypt(bufferToArrayBuffer(key));\n\n\t\tfunction encrypt(value: Buffer) {\n\t\t\tconst cipherObject = crypto.createCipheriv(cipher, key, nonce);\n\t\t\tlet retval = cipherObject.update(value);\n\t\t\tretval = Buffer.concat([retval, cipherObject.final()]);\n\n\t\t\t/*\n\t\t\t * For AES-GCM, the last 16 bytes are the authentication tag\n\t\t\t */\n\t\t\tif (cipher === 'aes-256-gcm') {\n\t\t\t\tconst getAuthTagFn = Reflect.get(cipherObject, 'getAuthTag');\n\t\t\t\tif (typeof getAuthTagFn === 'function') {\n\t\t\t\t\tconst tag: unknown = getAuthTagFn.call(cipherObject);\n\t\t\t\t\tif (!Buffer.isBuffer(tag)) { throw(new Error('getAuthTag did not return a Buffer')); }\n\t\t\t\t\tretval = Buffer.concat([retval, tag]);\n\t\t\t\t} else {\n\t\t\t\t\tthrow(new Error('getAuthTag is not available on cipherObject'));\n\t\t\t\t}\n\t\t\t}\n\t\t\treturn(retval);\n\t\t}\n\n\t\tconst encryptedValue = encrypt(this.#value);\n\t\tconst encryptedSalt = encrypt(arrayBufferLikeToBuffer(salt));\n\n\t\tconst saltedValue = Buffer.concat([salt, publicKey, encryptedValue, this.#value]);\n\t\tconst hashedAndSaltedValue = KeetaNetClient.lib.Utils.Hash.Hash(saltedValue);\n\n\t\tconst attributeStructure: SensitiveAttributeSchema = [\n\t\t\t/* Version */\n\t\t\t0n,\n\t\t\t/* Cipher Details */\n\t\t\t[\n\t\t\t\t/* Algorithm */\n\t\t\t\t{ type: 'oid', oid: getOID(cipher, sensitiveAttributeOIDDB) },\n\t\t\t\t/* IV or Nonce */\n\t\t\t\tnonce,\n\t\t\t\t/* Symmetric key, encrypted with the public key of the account */\n\t\t\t\tBuffer.from(encryptedKey)\n\t\t\t],\n\t\t\t/* Hashed Value */\n\t\t\t[\n\t\t\t\t/* Encrypted Salt */\n\t\t\t\tBuffer.from(encryptedSalt),\n\t\t\t\t/* Hashing Algorithm */\n\t\t\t\t{ type: 'oid', oid: getOID(hashingAlgorithm, sensitiveAttributeOIDDB) },\n\t\t\t\t/* Hash of <Encrypted Salt> || <Public Key> || <Value> */\n\t\t\t\tBuffer.from(hashedAndSaltedValue)\n\t\t\t],\n\t\t\t/* Encrypted Value, encrypted with the Cipher above */\n\t\t\tencryptedValue\n\t\t];\n\n\t\tconst encodedAttributeObject = ASN1.JStoASN1(attributeStructure);\n\n\t\t// Produce canonical DER as ArrayBuffer\n\t\tconst retval = encodedAttributeObject.toBER(false);\n\t\treturn(retval);\n\t}\n}\n\nclass SensitiveAttribute<T = ArrayBuffer> {\n\treadonly #account: KeetaNetAccount;\n\treadonly #info: ReturnType<SensitiveAttribute<T>['decode']>;\n\treadonly #decoder?: (data: Buffer | ArrayBuffer) => T;\n\n\tconstructor(account: KeetaNetAccount, data: Buffer | ArrayBuffer, decoder?: (data: Buffer | ArrayBuffer) => T) {\n\t\tthis.#account = account;\n\t\tthis.#info = this.decode(data);\n\t\tif (decoder) {\n\t\t\tthis.#decoder = decoder;\n\t\t}\n\t}\n\n\tprivate decode(data: Buffer | ArrayBuffer) {\n\t\tif (Buffer.isBuffer(data)) {\n\t\t\tdata = bufferToArrayBuffer(data);\n\t\t}\n\n\t\tlet decodedAttribute;\n\t\ttry {\n\t\t\tconst dataObject = new ASN1.BufferStorageASN1(data, SensitiveAttributeSchemaInternal);\n\t\t\tdecodedAttribute = dataObject.getASN1();\n\t\t} catch {\n\t\t\tconst js = ASN1toJS(data);\n\t\t\tthrow(new Error(`SensitiveAttribute.decode: unexpected DER shape ${JSON.stringify(DPO(js))}`));\n\t\t}\n\n\t\tconst decodedVersion = decodedAttribute[0] + 1n;\n\t\tif (decodedVersion !== 1n) {\n\t\t\tthrow(new Error(`Unsupported Sensitive Attribute version (${decodedVersion})`));\n\t\t}\n\n\t\treturn({\n\t\t\tversion: decodedVersion,\n\t\t\tpublicKey: this.#account.publicKeyString.get(),\n\t\t\tcipher: {\n\t\t\t\talgorithm: lookupByOID(decodedAttribute[1][0].oid, sensitiveAttributeOIDDB),\n\t\t\t\tiv: decodedAttribute[1][1],\n\t\t\t\tkey: decodedAttribute[1][2]\n\t\t\t},\n\t\t\thashedValue: {\n\t\t\t\tencryptedSalt: decodedAttribute[2][0],\n\t\t\t\talgorithm: lookupByOID(decodedAttribute[2][1].oid, sensitiveAttributeOIDDB),\n\t\t\t\tvalue: decodedAttribute[2][2]\n\t\t\t},\n\t\t\tencryptedValue: decodedAttribute[3]\n\t\t});\n\t}\n\n\tasync #decryptValue(value: Buffer) {\n\t\tconst decryptedKey = await this.#account.decrypt(bufferToArrayBuffer(this.#info.cipher.key));\n\t\tconst algorithm = this.#info.cipher.algorithm;\n\t\tconst iv = this.#info.cipher.iv;\n\n\t\tconst cipher = crypto.createDecipheriv(algorithm, Buffer.from(decryptedKey), iv);\n\n\t\t// For AES-GCM, the last 16 bytes are the authentication tag\n\t\tif (algorithm === 'aes-256-gcm') {\n\t\t\tconst authTag = value.subarray(value.length - 16);\n\t\t\tconst ciphertext = value.subarray(0, value.length - 16);\n\n\t\t\t// XXX:TODO Fix typescript unsafe calls\n\t\t\t// eslint-disable-next-line @typescript-eslint/no-unsafe-assignment\n\t\t\tconst setAuthTagFn = Reflect.get(cipher, 'setAuthTag');\n\t\t\tif (typeof setAuthTagFn === 'function') {\n\t\t\t\t// eslint-disable-next-line @typescript-eslint/no-unsafe-call, @typescript-eslint/no-unsafe-member-access\n\t\t\t\tsetAuthTagFn.call(cipher, authTag);\n\t\t\t} else {\n\t\t\t\tthrow(new Error('setAuthTag is not available on cipher'));\n\t\t\t}\n\n\t\t\tconst decrypted = cipher.update(ciphertext);\n\t\t\tcipher.final(); // Verify auth tag\n\t\t\treturn(decrypted);\n\t\t}\n\n\t\t// For other algorithms (like CBC), just decrypt normally\n\t\tconst decryptedValue = cipher.update(value);\n\t\tcipher.final();\n\t\treturn(decryptedValue);\n\t}\n\n\t/**\n\t * Get the value of the sensitive attribute\n\t *\n\t * This will decrypt the value using the account's private key\n\t * and return the value as an ArrayBuffer\n\t *\n\t * Since sensitive attributes are binary blobs, this returns an\n\t * ArrayBuffer\n\t */\n\tasync get(): Promise<ArrayBuffer> {\n\t\tconst decryptedValue = await this.#decryptValue(arrayBufferLikeToBuffer(this.#info.encryptedValue));\n\t\treturn(bufferToArrayBuffer(decryptedValue));\n\t}\n\n\tasync getValue(): Promise<T> {\n\t\tconst value = await this.get();\n\t\tif (!this.#decoder) {\n\t\t\t/**\n\t\t\t * TypeScript complains that T may not be the correct\n\t\t\t * type here, but gives us no tools to enforce that it\n\t\t\t * is -- it should always be ArrayBuffer if no decoder\n\t\t\t * is provided, but someone could always specify a\n\t\t\t * type parameter in that case and we cannot check\n\t\t\t * that at runtime since T is only a compile-time type.\n\t\t\t */\n\t\t\t// eslint-disable-next-line @typescript-eslint/consistent-type-assertions\n\t\t\treturn(value as unknown as T);\n\t\t}\n\t\treturn(this.#decoder(value));\n\t}\n\n\t/**\n\t * Generate a proof that a sensitive attribute is a given value,\n\t * which can be validated by a third party using the certificate\n\t * and the `validateProof` method\n\t */\n\tasync getProof(): Promise<{ value: string; hash: { salt: string }}> {\n\t\tconst value = await this.get();\n\t\tconst salt = await this.#decryptValue(arrayBufferLikeToBuffer(this.#info.hashedValue.encryptedSalt));\n\n\t\treturn({\n\t\t\tvalue: Buffer.from(value).toString('base64'),\n\t\t\thash: {\n\t\t\t\tsalt: salt.toString('base64')\n\t\t\t}\n\t\t});\n\t}\n\n\t/**\n\t * Validate the proof that a sensitive attribute is a given value\n\t */\n\tasync validateProof(proof: Awaited<ReturnType<this['getProof']>>): Promise<boolean> {\n\t\tconst plaintextValue = Buffer.from(proof.value, 'base64');\n\t\tconst proofSaltBuffer = Buffer.from(proof.hash.salt, 'base64');\n\n\t\tconst publicKeyBuffer = Buffer.from(this.#account.publicKey.get());\n\t\tconst encryptedValue = this.#info.encryptedValue;\n\n\t\tconst hashInput = Buffer.concat([proofSaltBuffer, publicKeyBuffer, encryptedValue, plaintextValue]);\n\t\tconst hashedAndSaltedValue = KeetaNetClient.lib.Utils.Hash.Hash(hashInput);\n\t\tconst hashedAndSaltedValueBuffer = Buffer.from(hashedAndSaltedValue);\n\n\t\treturn(this.#info.hashedValue.value.equals(hashedAndSaltedValueBuffer));\n\t}\n\n\ttoJSON(): unknown/* XXX:TODO */ {\n\t\treturn(toJSON(this.#info));\n\t}\n}\n\n/**\n * Type for certificate attribute names (derived from generated OID database)\n */\ntype CertificateAttributeNames = keyof typeof CertificateAttributeOIDDB;\n\ntype BaseCertificateBuilderParams = NonNullable<ConstructorParameters<typeof KeetaNetClient.lib.Utils.Certificate.CertificateBuilder>[0]>;\ntype CertificateBuilderParams = Required<Pick<BaseCertificateBuilderParams, 'issuer' | 'validFrom' | 'validTo' | 'serial' | 'hashLib' | 'issuerDN' | 'subjectDN' | 'isCA'> & {\n\t/**\n\t * The key of the subject -- used for Sensitive Attributes as well\n\t * as the certificate Subject\n\t */\n\tsubject: BaseCertificateBuilderParams['subjectPublicKey'];\n}>;\n\n/**\n * ASN.1 Schema for Certificate KYC Attributes Extension\n *\n * KYCAttributes DEFINITIONS ::= BEGIN\n * KYCAttributes ::= SEQUENCE OF Attribute\n * Attribute ::= SEQUENCE {\n * -- Name of the attribute\n * name OBJECT IDENTIFIER,\n * -- Value of this attribute\n * value CHOICE {\n * -- A plain value, not sensitive\n * plainValue [0] IMPLICIT OCTET STRING,\n * -- A sensitive value, encoded as a SensitiveAttribute in DER encoding\n * sensitiveValue [1] IMPLICIT OCTET STRING\n * }\n * }\n * END\n *\n * https://keeta.notion.site/Keeta-KYC-Certificate-Extensions-13e5da848e588042bdcef81fc40458b7\n *\n */\nconst CertificateKYCAttributeSchemaValidation = {\n\tsequenceOf: [ASN1.ValidateASN1.IsOID, {\n\t\tchoice: [\n\t\t\t{ type: 'context' as const, value: 0 as const, kind: 'implicit' as const, contains: ASN1.ValidateASN1.IsOctetString },\n\t\t\t{ type: 'context' as const, value: 1 as const, kind: 'implicit' as const, contains: ASN1.ValidateASN1.IsOctetString }\n\t\t]\n\t}]\n} satisfies ASN1.Schema;\n\n/** @internal */\ntype CertificateKYCAttributeSchema = ASN1.SchemaMap<typeof CertificateKYCAttributeSchemaValidation>;\n\n// Attribute input type sourced from generated definitions\ntype CertificateAttributeInput<NAME extends CertificateAttributeNames> = CertificateAttributeValue<NAME>;\n\nexport class CertificateBuilder extends KeetaNetClient.lib.Utils.Certificate.CertificateBuilder {\n\treadonly #attributes: {\n\t\t[name: string]: { sensitive: boolean; value: ArrayBuffer }\n\t} = {};\n\n\t/**\n\t * Map the parameters from the public interface to the internal\n\t * (Certificate library) interface\n\t */\n\tprivate static mapParams(params?: Partial<CertificateBuilderParams>): Partial<BaseCertificateBuilderParams> {\n\t\tconst paramsCopy = { ...params };\n\t\tlet subjectPublicKey;\n\t\tif (paramsCopy.subject) {\n\t\t\tsubjectPublicKey = paramsCopy.subject;\n\t\t\tdelete(paramsCopy.subject);\n\t\t}\n\t\tconst retval: Partial<BaseCertificateBuilderParams> = paramsCopy;\n\t\tif (subjectPublicKey) {\n\t\t\tretval.subjectPublicKey = subjectPublicKey;\n\t\t}\n\t\treturn(retval);\n\t}\n\n\tconstructor(params?: Partial<CertificateBuilderParams>) {\n\t\tsuper(CertificateBuilder.mapParams(params));\n\t}\n\n\t/**\n\t * Set a KYC Attribute to a given value.\n\t * The sensitive flag is required.\n\t *\n\t * If an attribute is marked sensitive, the value is encoded\n\t * into the certificate using a commitment scheme so that the\n\t * value can be proven later without revealing it.\n\t */\n\tsetAttribute<NAME extends CertificateAttributeNames>(name: NAME, sensitive: boolean, value: CertificateAttributeInput<NAME>): void {\n\t\t// Non-sensitive path: only primitive schema (string/date) allowed\n\t\tconst schemaValidator = CertificateAttributeSchema[name];\n\t\tlet encoded: ArrayBuffer;\n\t\tif (value instanceof ArrayBuffer) {\n\t\t\tencoded = value;\n\t\t} else if (name in CertificateAttributeSchema) {\n\t\t\t/* XXX: Why do we have two encoding methods ? */\n\t\t\tencoded = bufferToArrayBuffer(encodeForSensitive(name, value));\n\t\t} else if (schemaValidator === ASN1.ValidateASN1.IsDate) {\n\t\t\tif (!(value instanceof Date)) {\n\t\t\t\tthrow(new Error('Expected Date value'));\n\t\t\t}\n\n\t\t\tencoded = encodeAttribute(name, value);\n\t\t} else if (schemaValidator === ASN1.ValidateASN1.IsString && typeof value === 'string') {\n\t\t\tencoded = encodeAttribute(name, value);\n\t\t} else {\n\t\t\tthrow(new Error('Unsupported non-sensitive value type'));\n\t\t}\n\n\t\tthis.#attributes[name] = {\n\t\t\tsensitive: sensitive,\n\t\t\tvalue: encoded\n\t\t};\n\t}\n\n\tprotected async addExtensions(...args: Parameters<InstanceType<typeof KeetaNetClient.lib.Utils.Certificate.CertificateBuilder>['addExtensions']>): ReturnType<InstanceType<typeof KeetaNetClient.lib.Utils.Certificate.CertificateBuilder>['addExtensions']> {\n\t\tconst retval = await super.addExtensions(...args);\n\n\t\tconst subject = args[0].subjectPublicKey;\n\n\t\t/* Encode the attributes */\n\t\tconst certAttributes: CertificateKYCAttributeSchema = [];\n\t\tfor (const [name, attribute] of Object.entries(this.#attributes)) {\n\t\t\tif (!(name in CertificateAttributeOIDDB)) {\n\t\t\t\tthrow(new Error(`Unknown attribute: ${name}`));\n\t\t\t}\n\n\t\t\t/*\n\t\t\t * Since we are iteratively building the certificate, we\n\t\t\t * can assume that the attribute is always present in\n\t\t\t * the object\n\t\t\t */\n\t\t\tassertCertificateAttributeNames(name);\n\t\t\tconst nameOID = CertificateAttributeOIDDB[name];\n\n\t\t\tlet value: Buffer;\n\t\t\tif (attribute.sensitive) {\n\t\t\t\tconst builder = new SensitiveAttributeBuilder(subject);\n\t\t\t\tbuilder.set(attribute.value);\n\t\t\t\tvalue = arrayBufferToBuffer(await builder.build());\n\t\t\t} else {\n\t\t\t\tif (typeof attribute.value === 'string') {\n\t\t\t\t\tvalue = Buffer.from(attribute.value, 'utf-8');\n\t\t\t\t} else {\n\t\t\t\t\tvalue = arrayBufferToBuffer(attribute.value);\n\t\t\t\t}\n\t\t\t} certAttributes.push([{\n\t\t\t\ttype: 'oid',\n\t\t\t\toid: nameOID\n\t\t\t}, {\n\t\t\t\ttype: 'context',\n\t\t\t\tkind: 'implicit',\n\t\t\t\tvalue: attribute.sensitive ? 1 : 0,\n\t\t\t\tcontains: value\n\t\t\t}]);\n\t\t}\n\n\t\tif (certAttributes.length > 0) {\n\t\t\tretval.push(\n\t\t\t\tKeetaNetClient.lib.Utils.Certificate.CertificateBuilder.extension(oids.keeta.KYC_ATTRIBUTES, certAttributes)\n\t\t\t);\n\t\t}\n\n\t\treturn(retval);\n\t}\n\n\t/**\n\t * Create a Certificate object from the builder\n\t *\n\t * The parameters passed in are merged with the parameters passed in\n\t * when constructing the builder\n\t */\n\tasync build(params?: Partial<CertificateBuilderParams>): Promise<Certificate> {\n\t\tconst paramsCopy = CertificateBuilder.mapParams(params);\n\t\tconst certificate = await super.buildDER(paramsCopy);\n\t\t// eslint-disable-next-line @typescript-eslint/no-use-before-define\n\t\tconst certificateObject = new Certificate(certificate, {\n\t\t\t/**\n\t\t\t * Specify the moment as `null` to avoid validation\n\t\t\t * of the certificate's validity period. We don't\n\t\t\t * care if the certificate is expired or not for\n\t\t\t * the purposes of this builder.\n\t\t\t */\n\t\t\tmoment: null\n\t\t});\n\n\t\treturn(certificateObject);\n\t}\n}\n\nexport class Certificate extends KeetaNetClient.lib.Utils.Certificate.Certificate {\n\tprivate readonly subjectKey: KeetaNetAccount;\n\tstatic readonly Builder: typeof CertificateBuilder = CertificateBuilder;\n\tstatic readonly SharableAttributes: typeof SharableCertificateAttributes;\n\n\t/**\n * User KYC Attributes\n */\n\treadonly attributes: {\n\t\t[name in CertificateAttributeNames]?: {\n\t\t\tsensitive: true;\n\t\t\tvalue: SensitiveAttribute<CertificateAttributeValue<name>>;\n\t\t} | {\n\t\t\tsensitive: false;\n\t\t\tvalue: ArrayBuffer;\n\t\t}\n\t} = {};\n\n\tconstructor(input: ConstructorParameters<typeof KeetaNetClient.lib.Utils.Certificate.Certificate>[0], options?: ConstructorParameters<typeof KeetaNetClient.lib.Utils.Certificate.Certificate>[1] & { subjectKey?: KeetaNetAccount }) {\n\t\tsuper(input, options);\n\n\t\tthis.subjectKey = options?.subjectKey ?? this.subjectPublicKey;\n\n\t\tsuper.finalizeConstruction();\n\t}\n\n\tprotected finalizeConstruction(): void {\n\t\t/* Do nothing, we call the super method in the constructor */\n\t}\n\n\tprivate setPlainAttribute<NAME extends CertificateAttributeNames>(name: NAME, value: ArrayBuffer): void {\n\t\t// @ts-ignore\n\t\tthis.attributes[name] = { sensitive: false, value } satisfies typeof this.attributes[NAME];\n\t}\n\n\tprivate setSensitiveAttribute<NAME extends CertificateAttributeNames>(name: NAME, value: ArrayBuffer): void {\n\t\tthis.attributes[name] = {\n\t\t\tsensitive: true,\n\t\t\tvalue: new SensitiveAttribute(this.subjectKey, value, decodeAttribute.bind(null, name))\n\t\t} satisfies typeof this.attributes[NAME];\n\t}\n\n\t/**\n\t * Get the underlying value for an attribute.\n\t *\n\t * If the attribute is sensitive, this will decrypt it using the\n\t * subject's private key, otherwise it will return the value.\n\t */\n\tasync getAttributeValue<NAME extends CertificateAttributeNames>(attributeName: NAME): Promise<CertificateAttributeValue<NAME>> {\n\t\tconst attr = this.attributes[attributeName]?.value;\n\t\tif (!attr) {\n\t\t\tthrow(new Error(`Attribute ${attributeName} is not available`));\n\t\t}\n\n\t\tif (attr instanceof SensitiveAttribute) {\n\t\t\tconst raw = await attr.get();\n\t\t\treturn(await decodeAttribute(attributeName, raw));\n\t\t}\n\n\t\t// Non-sensitive: ArrayBuffer or Buffer\n\t\tif (attr instanceof ArrayBuffer || Buffer.isBuffer(attr)) {\n\t\t\treturn(await decodeAttribute(attributeName, attr));\n\t\t}\n\n\t\tthrow(new Error(`Attribute ${attributeName} is not a supported type`));\n\t}\n\n\tprotected processExtension(id: string, value: ArrayBuffer): boolean {\n\t\tif (super.processExtension(id, value)) {\n\t\t\treturn(true);\n\t\t}\n\n\t\tif (id === oids.keeta.KYC_ATTRIBUTES) {\n\t\t\tconst attributesRaw = new ASN1.BufferStorageASN1(value, CertificateKYCAttributeSchemaValidation).getASN1();\n\n\t\t\tfor (const attribute of attributesRaw) {\n\t\t\t\tconst nameString = lookupByOID(attribute[0].oid, CertificateAttributeOIDDB);\n\t\t\t\tconst name = asCertificateAttributeNames(nameString);\n\t\t\t\tconst valueKind = attribute[1].value;\n\t\t\t\tconst value = bufferToArrayBuffer(attribute[1].contains);\n\n\t\t\t\tswitch (valueKind) {\n\t\t\t\t\tcase 0:\n\t\t\t\t\t\t/* Plain Value */\n\t\t\t\t\t\tthis.setPlainAttribute(name, value);\n\t\t\t\t\t\tbreak;\n\t\t\t\t\tcase 1:\n\t\t\t\t\t\t/* Sensitive Value */\n\t\t\t\t\t\tthis.setSensitiveAttribute(name, value);\n\t\t\t\t\t\tbreak;\n\t\t\t\t\tdefault:\n\t\t\t\t\t\tassertNever(valueKind);\n\t\t\t\t}\n\t\t\t}\n\n\t\t\treturn(true);\n\t\t}\n\n\t\treturn(false);\n\t}\n}\n\n// eslint-disable-next-line @typescript-eslint/no-namespace\nexport namespace SharableCertificateAttributesTypes {\n\texport type ExportOptions = { format?: 'string' | 'arraybuffer' };\n\texport type ImportOptions = { principals?: Set<KeetaNetAccount> | KeetaNetAccount[] | KeetaNetAccount | null };\n\texport type ContentsSchema = {\n\t\tcertificate: string;\n\t\tattributes: {\n\t\t\t[name: string]: {\n\t\t\t\tsensitive: true;\n\t\t\t\tvalue: Awaited<ReturnType<SensitiveAttribute['getProof']>>;\n\t\t\t} | {\n\t\t\t\tsensitive: false;\n\t\t\t\tvalue: string;\n\t\t\t}\n\t\t};\n\t};\n};\ntype SharableCertificateAttributesExportOptions = SharableCertificateAttributesTypes.ExportOptions;\ntype SharableCertificateAttributesImportOptions = SharableCertificateAttributesTypes.ImportOptions;\ntype SharableCertificateAttributesContentsSchema = SharableCertificateAttributesTypes.ContentsSchema;\n\nexport class SharableCertificateAttributes {\n\t#certificate?: Certificate;\n\t#attributes: {\n\t\t[name: string]: {\n\t\t\tsensitive: boolean;\n\t\t\tvalue: ArrayBuffer;\n\t\t}\n\t} = {};\n\n\tprivate container: EncryptedContainer;\n\tprivate populatedFromInit = false;\n\n\tstatic assertCertificateAttributeName: typeof assertCertificateAttributeNames = assertCertificateAttributeNames;\n\n\tconstructor(input: ArrayBuffer | string, options?: SharableCertificateAttributesImportOptions) {\n\t\tlet containerBuffer: Buffer;\n\t\tif (typeof input === 'string') {\n\t\t\t/*\n\t\t\t * Attempt to decode as PEM, but also if not PEM, then return\n\t\t\t * the lines as-is (base64) after removing whitespace\n\t\t\t */\n\t\t\tconst inputLines = input.split(/\\r?\\n/);\n\t\t\tlet base64Lines: string[] | undefined;\n\t\t\tfor (let beginOffset = 0; beginOffset < inputLines.length; beginOffset++) {\n\t\t\t\tconst line = inputLines[beginOffset]?.trim();\n\t\t\t\tif (line?.startsWith('-----BEGIN ')) {\n\t\t\t\t\tlet endIndex = -1;\n\t\t\t\t\tconst matchingEndLine = line.replace('BEGIN', 'END');\n\t\t\t\t\tfor (let endOffset = beginOffset + 1; endOffset < inputLines.length; endOffset++) {\n\t\t\t\t\t\tconst checkEndLine = inputLines[endOffset]?.trim();\n\t\t\t\t\t\tif (checkEndLine === matchingEndLine) {\n\t\t\t\t\t\t\tendIndex = endOffset;\n\t\t\t\t\t\t\tbreak;\n\t\t\t\t\t\t}\n\t\t\t\t\t}\n\t\t\t\t\tif (endIndex === -1) {\n\t\t\t\t\t\tthrow(new Error('Invalid PEM format: missing END line'));\n\t\t\t\t\t}\n\n\t\t\t\t\tbase64Lines = inputLines.slice(beginOffset + 1, endIndex);\n\t\t\t\t\tbreak;\n\t\t\t\t}\n\t\t\t}\n\t\t\tif (base64Lines === undefined) {\n\t\t\t\tbase64Lines = inputLines;\n\t\t\t}\n\n\t\t\tbase64Lines = base64Lines.map(function(line) {\n\t\t\t\treturn(line.trim());\n\t\t\t}).filter(function(line) {\n\t\t\t\treturn(line.length > 0);\n\t\t\t});\n\n\t\t\tconst base64Content = base64Lines.join('');\n\t\t\tcontainerBuffer = Buffer.from(base64Content, 'base64');\n\t\t} else {\n\t\t\tcontainerBuffer = arrayBufferToBuffer(input);\n\t\t}\n\n\t\tlet principals = options?.principals;\n\t\tif (KeetaNetAccount.isInstance(principals)) {\n\t\t\tprincipals = [principals];\n\t\t} else if (principals instanceof Set) {\n\t\t\tprincipals = Array.from(principals);\n\t\t} else if (principals === undefined) {\n\t\t\tprincipals = null;\n\t\t}\n\n\t\tthis.container = EncryptedContainer.fromEncodedBuffer(containerBuffer, principals);\n\t}\n\n\t/**\n\t * Create a SharableCertificateAttributes from a Certificate\n\t * and a list of attribute names to include -- if no list is\n\t * provided, all attributes are included.\n\t */\n\tstatic async fromCertificate(certificate: Certificate, attributeNames?: CertificateAttributeNames[]): Promise<SharableCertificateAttributes> {\n\t\tif (attributeNames === undefined) {\n\t\t\t/*\n\t\t\t * We know the keys are whatever the Certificate says they are, so\n\t\t\t * we can cast here safely\n\t\t\t */\n\t\t\t// eslint-disable-next-line @typescript-eslint/consistent-type-assertions\n\t\t\tattributeNames = Object.keys(certificate.attributes) as (keyof typeof certificate.attributes)[];\n\t\t}\n\n\t\tconst attributes: SharableCertificateAttributesContentsSchema['attributes'] = {};\n\t\tfor (const name of attributeNames) {\n\t\t\tconst attr = certificate.attributes[name];\n\t\t\t/**\n\t\t\t * Skip missing attributes\n\t\t\t */\n\t\t\tif (!attr) {\n\t\t\t\tcontinue;\n\t\t\t}\n\n\t\t\tif (attr.sensitive) {\n\t\t\t\tattributes[name] = {\n\t\t\t\t\tsensitive: true,\n\t\t\t\t\tvalue: await attr.value.getProof()\n\t\t\t\t};\n\t\t\t} else {\n\t\t\t\tattributes[name] = {\n\t\t\t\t\tsensitive: false,\n\t\t\t\t\tvalue: arrayBufferToBuffer(attr.value).toString('base64')\n\t\t\t\t};\n\t\t\t}\n\t\t}\n\n\t\tconst contentsString = JSON.stringify({\n\t\t\tcertificate: certificate.toPEM(),\n\t\t\tattributes: attributes\n\t\t} satisfies SharableCertificateAttributesContentsSchema);\n\n\t\tconst temporaryUser = KeetaNetAccount.fromSeed(KeetaNetAccount.generateRandomSeed(), 0);\n\t\tconst contentsBuffer = Buffer.from(contentsString, 'utf-8');\n\t\tconst contentsBufferCompressed = await KeetaNetClient.lib.Utils.Buffer.ZlibDeflateAsync(bufferToArrayBuffer(contentsBuffer));\n\t\tconst container = EncryptedContainer.fromPlaintext(arrayBufferToBuffer(contentsBufferCompressed), [temporaryUser], true);\n\t\tconst containerBuffer = await container.getEncodedBuffer();\n\t\tconst retval = new SharableCertificateAttributes(bufferToArrayBuffer(containerBuffer), { principals: temporaryUser });\n\t\tawait retval.revokeAccess(temporaryUser);\n\t\treturn(retval);\n\t}\n\n\tasync grantAccess(principal: KeetaNetAccount): Promise<this> {\n\t\tawait this.container.grantAccess(principal);\n\t\treturn(this);\n\t}\n\n\tasync revokeAccess(principal: KeetaNetAccount): Promise<this> {\n\t\tawait this.container.revokeAccess(principal);\n\t\treturn(this);\n\t}\n\n\tget principals(): KeetaNetAccount[] {\n\t\treturn(this.container.principals);\n\t}\n\n\tasync #populate(): Promise<void> {\n\t\tif (this.populatedFromInit) {\n\t\t\treturn;\n\t\t}\n\t\tthis.populatedFromInit = true;\n\n\t\tconst contentsBuffer = await this.container.getPlaintext();\n\t\tconst contentsBufferDecompressed = await KeetaNetClient.lib.Utils.Buffer.ZlibInflateAsync(bufferToArrayBuffer(contentsBuffer));\n\t\tconst contentsString = Buffer.from(contentsBufferDecompressed).toString('utf-8');\n\t\tconst contentsJSON: unknown = JSON.parse(contentsString);\n\t\tconst contents = assertSharableCertificateAttributesContentsSchema(contentsJSON);\n\n\t\tthis.#certificate = new Certificate(contents.certificate);\n\t\tconst attributePromises = Object.entries(contents.attributes).map(async ([name, attr]): Promise<[string, { sensitive: boolean; value: ArrayBuffer; }]> => {\n\t\t\t/*\n\t\t\t * Get the corresponding attribute from the certificate\n\t\t\t *\n\t\t\t * We actually do not care if `name` is a known attribute\n\t\t\t * because we are not decoding it here, we are just\n\t\t\t * verifying it matches the certificate\n\t\t\t */\n\t\t\t// eslint-disable-next-line @typescript-eslint/consistent-type-assertions\n\t\t\tconst certAttribute = this.#certificate?.attributes[name as CertificateAttributeNames];\n\n\t\t\tif (!certAttribute) {\n\t\t\t\tthrow(new Error(`Attribute ${name} not found in certificate`));\n\t\t\t}\n\n\t\t\tif (certAttribute.sensitive !== attr.sensitive) {\n\t\t\t\tthrow(new Error(`Attribute ${name} sensitivity mismatch with certificate`));\n\t\t\t}\n\n\t\t\tif (!attr.sensitive) {\n\t\t\t\tif (certAttribute.sensitive) {\n\t\t\t\t\tthrow(new Error(`Attribute ${name} sensitivity mismatch with certificate`));\n\t\t\t\t}\n\n\t\t\t\tconst certValue = certAttribute.value;\n\t\t\t\tconst sharedValue = bufferToArrayBuffer(Buffer.from(attr.value, 'base64'));\n\t\t\t\tif (sharedValue.byteLength !== certValue.byteLength || !Buffer.from(sharedValue).equals(Buffer.from(certValue))) {\n\t\t\t\t\tthrow(new Error(`Attribute ${name} value mismatch with certificate`));\n\t\t\t\t}\n\n\t\t\t\treturn([name, {\n\t\t\t\t\tsensitive: false,\n\t\t\t\t\tvalue: sharedValue\n\t\t\t\t}]);\n\t\t\t}\n\n\t\t\tif (!certAttribute.sensitive) {\n\t\t\t\tthrow(new Error(`Attribute ${name} sensitivity mismatch with certificate`));\n\t\t\t}\n\n\t\t\tif (!(await certAttribute.value.validateProof(attr.value))) {\n\t\t\t\tthrow(new Error(`Attribute ${name} proof validation failed`));\n\t\t\t}\n\n\t\t\tconst attrValue = bufferToArrayBuffer(Buffer.from(attr.value.value, 'base64'));\n\n\t\t\treturn([name, {\n\t\t\t\tsensitive: true,\n\t\t\t\tvalue: attrValue\n\t\t\t}]);\n\t\t});\n\t\tconst resolvedAttributes = await Promise.all(attributePromises);\n\t\tthis.#attributes = Object.fromEntries(resolvedAttributes);\n\t}\n\n\tasync getCertificate(): Promise<Certificate> {\n\t\tawait this.#populate();\n\t\tif (!this.#certificate) {\n\t\t\tthrow(new Error('internal error: certificate not populated'));\n\t\t}\n\t\treturn(this.#certificate);\n\t}\n\n\tasync getAttributeBuffer(name: string): Promise<ArrayBuffer | undefined> {\n\t\tawait this.#populate();\n\t\tconst attr = this.#attributes[name];\n\t\treturn(attr?.value);\n\t}\n\n\tasync getAttribute<NAME extends CertificateAttributeNames>(name: NAME): Promise<CertificateAttributeValue<NAME> | undefined> {\n\t\tconst buffer = await this.getAttributeBuffer(name);\n\t\tif (buffer === undefined) {\n\t\t\treturn(undefined);\n\t\t}\n\n\t\tconst retval = await decodeAttribute(name, buffer);\n\n\t\t/* XXX:TODO: Here is where we would look at a reference value\n\t\t * (e.g., URL+hash) and fetch it, and verify it the hash matches\n\t\t * the fetched value\n\t\t *\n\t\t * The schema for references is not yet defined, so this is\n\t\t * left as a TODO for now.\n\t\t *\n\t\t * The return type would also need to be updated to reflect\n\t\t * that we would map referenced types to something like\n\t\t * { data: ArrayBuffer, contentType: string, source: <url>,\n\t\t * hash: <hash> } (where source and hash should be named\n\t\t * after whatever the actual schema is)\n\t\t */\n\n\t\treturn(retval);\n\t}\n\n\tasync getAttributeNames(includeUnknown: true): Promise<string[]>;\n\tasync getAttributeNames(includeUnknown?: false): Promise<CertificateAttributeNames[]>;\n\tasync getAttributeNames(includeUnknown?: boolean): Promise<string[]> {\n\t\tawait this.#populate();\n\t\tconst names = Object.keys(this.#attributes);\n\n\t\tif (includeUnknown) {\n\t\t\treturn(names);\n\t\t}\n\n\t\tconst knownNames = names.filter(function(name): name is CertificateAttributeNames {\n\t\t\treturn(name in CertificateAttributeOIDDB);\n\t\t});\n\n\t\treturn(knownNames);\n\t}\n\n\texport(options?: Omit<SharableCertificateAttributesExportOptions, 'format'> & { format?: never; }): Promise<ArrayBuffer>;\n\texport(options: (Omit<SharableCertificateAttributesExportOptions, 'format'> & { format: 'arraybuffer' })): Promise<ArrayBuffer>;\n\texport(options: Omit<SharableCertificateAttributesExportOptions, 'format'> & { format: 'string' }): Promise<string>;\n\texport(options?: SharableCertificateAttributesExportOptions): Promise<ArrayBuffer | string>;\n\tasync export(options?: SharableCertificateAttributesExportOptions): Promise<ArrayBuffer | string> {\n\t\toptions = {\n\t\t\tformat: 'arraybuffer',\n\t\t\t...options\n\t\t};\n\n\t\tlet principals: KeetaNetAccount[];\n\t\ttry {\n\t\t\tprincipals = this.container.principals;\n\t\t} catch {\n\t\t\tprincipals = [];\n\t\t}\n\t\tif (principals.length === 0) {\n\t\t\tthrow(new Error('This container has no authorized users (principals); cannot export'));\n\t\t}\n\n\t\tconst retvalBuffer = await this.container.getEncodedBuffer();\n\t\tif (options.format === 'string') {\n\t\t\tconst retvalBase64 = retvalBuffer.toString('base64');\n\t\t\tconst retvalLines = ['-----BEGIN KYC CERTIFICATE PROOF-----'];\n\t\t\tretvalLines.push(...retvalBase64.match(/.{1,64}/g) ?? []);\n\t\t\tretvalLines.push('-----END KYC CERTIFICATE PROOF-----');\n\t\t\treturn(retvalLines.join('\\n'));\n\t\t} else if (options.format === 'arraybuffer') {\n\t\t\treturn(bufferToArrayBuffer(retvalBuffer));\n\t\t} else {\n\t\t\tthrow(new Error(`Unsupported export format: ${String(options.format)}`));\n\t\t}\n\t}\n}\n\n// @ts-ignore\nCertificate.SharableAttributes = SharableCertificateAttributes;\n\n/** @internal */\nexport const _Testing = {\n\tSensitiveAttributeBuilder,\n\tSensitiveAttribute\n};\n"]}
|
|
1
|
+
{"version":3,"file":"certificates.js","sourceRoot":"","sources":["../../src/lib/certificates.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,cAAc,MAAM,+BAA+B,CAAC;AAChE,OAAO,KAAK,IAAI,MAAM,mCAAmC,CAAC;AAC1D,OAAO,KAAK,IAAI,MAAM,iBAAiB,CAAC;AACxC,OAAO,EAAE,QAAQ,EAAE,yBAAyB,EAAE,mBAAmB,EAAE,oBAAoB,EAAE,MAAM,iBAAiB,CAAC;AAEjH,OAAO,EAAE,uBAAuB,EAAE,mBAAmB,EAAE,MAAM,EAAE,mBAAmB,EAAE,MAAM,mBAAmB,CAAC;AAC9G,OAAO,MAAM,MAAM,mBAAmB,CAAC;AACvC,OAAO,EAAE,WAAW,EAAE,MAAM,kBAAkB,CAAC;AAE/C,OAAO,EAAE,yBAAyB,EAAE,0BAA0B,EAAE,MAAM,uCAAuC,CAAC;AAC9G,OAAO,EAAE,MAAM,EAAE,WAAW,EAAE,MAAM,gBAAgB,CAAC;AACrD,OAAO,EAAE,aAAa,IAAI,iBAAiB,EAAE,MAAM,iBAAiB,CAAC;AACrE,OAAO,EAAE,kBAAkB,EAAE,MAAM,0BAA0B,CAAC;AAC9D,OAAO,EAAE,iDAAiD,EAAE,MAAM,6BAA6B,CAAC;AAEhG;;GAEG;AACH,MAAM,GAAG,GAAG,cAAc,CAAC,GAAG,CAAC,KAAK,CAAC,MAAM,CAAC,oBAAoB,CAAC,IAAI,CAAC,cAAc,CAAC,GAAG,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC;AASvG,MAAM,eAAe,GAAsC,cAAc,CAAC,GAAG,CAAC,OAAO,CAAC;AAEtF,SAAS,MAAM,CAAC,IAAa;IAC5B,OAAM,CAAC,iBAAiB,CAAC,IAAI,CAAC,CAAC,CAAC;AACjC,CAAC;AAED,4EAA4E;AAC5E,SAAS,gBAAgB,CACxB,KAAW,EACX,EAAW;IAEX,kFAAkF;IAClF,8EAA8E;IAC9E,OAAM,CAAC,IAAI,CAAC,CAAC;AACd,CAAC;AAED,sEAAsE;AACtE,SAAS,gBAAgB,CACxB,IAAU,EACV,CAAU;IAEV,IAAI,CAAC,gBAAgB,CAAC,IAAI,EAAE,CAAC,CAAC,EAAE,CAAC;QAChC,MAAK,CAAC,IAAI,KAAK,CAAC,2DAA2D,CAAC,CAAC,CAAC;IAC/E,CAAC;IACD,OAAM,CAAC,CAAC,CAAC,CAAC;AACX,CAAC;AAED;;;;;;;;;;;;;;;;;;;;;;;;GAwBG;AACH,MAAM,gCAAgC,GAalC;IACH,EAAE;IACF;QACC,IAAI,CAAC,YAAY,CAAC,KAAK;QACvB,IAAI,CAAC,YAAY,CAAC,aAAa;QAC/B,IAAI,CAAC,YAAY,CAAC,aAAa;KAC/B;IACD;QACC,IAAI,CAAC,YAAY,CAAC,aAAa;QAC/B,IAAI,CAAC,YAAY,CAAC,KAAK;QACvB,IAAI,CAAC,YAAY,CAAC,aAAa;KAC/B;IACD,IAAI,CAAC,YAAY,CAAC,aAAa;CAC/B,CAAC;AASF;;GAEG;AACH,MAAM,uBAAuB,GAAG;IAC/B,aAAa,EAAE,IAAI,CAAC,WAAW;IAC/B,aAAa,EAAE,IAAI,CAAC,WAAW;IAC/B,UAAU,EAAE,IAAI,CAAC,QAAQ;IACzB,UAAU,EAAE,IAAI,CAAC,QAAQ;IACzB,QAAQ,EAAE,IAAI,CAAC,QAAQ;IACvB,YAAY,EAAE,IAAI,CAAC,WAAW;IAC9B,YAAY,EAAE,IAAI,CAAC,WAAW;CAC9B,CAAC;AAEF,SAAS,+BAA+B,CAAC,IAAY;IACpD,IAAI,CAAC,CAAC,IAAI,IAAI,yBAAyB,CAAC,EAAE,CAAC;QAC1C,MAAK,CAAC,IAAI,KAAK,CAAC,2BAA2B,IAAI,EAAE,CAAC,CAAC,CAAC;IACrD,CAAC;AACF,CAAC;AAED,SAAS,2BAA2B,CAAC,IAAY;IAChD,+BAA+B,CAAC,IAAI,CAAC,CAAC;IACtC,OAAM,CAAC,IAAI,CAAC,CAAC;AACd,CAAC;AAED,SAAS,aAAa,CAAC,IAA+B,EAAE,MAAkB;IACzE,OAAM,CAAC,yBAAyB,CAAC,MAAM,CAAC,CAAC,CAAC;AAC3C,CAAC;AAED,SAAS,eAAe,CAAC,IAA+B,EAAE,KAAc;IACvE,MAAM,MAAM,GAAG,aAAa,CAAC,IAAI,EAAE,0BAA0B,CAAC,IAAI,CAAC,CAAC,CAAC;IACrE,MAAM,SAAS,GAAG,mBAAmB,CAAC,MAAM,EAAE,KAAK,EAAE,EAAE,aAAa,EAAE,IAAI,EAAE,CAAC,CAAC;IAC9E,IAAI,SAAS,KAAK,SAAS,EAAE,CAAC;QAC7B,MAAK,CAAC,IAAI,KAAK,CAAC,6CAA6C,IAAI,CAAC,SAAS,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC;IAC7F,CAAC;IAED,MAAM,UAAU,GAAG,IAAI,CAAC,QAAQ,CAAC,SAAS,CAAC,CAAC;IAC5C,IAAI,CAAC,UAAU,EAAE,CAAC;QACjB,MAAK,CAAC,IAAI,KAAK,CAAC,wCAAwC,IAAI,EAAE,CAAC,CAAC,CAAC;IAClE,CAAC;IAED,OAAM,CAAC,UAAU,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC,CAAC;AACjC,CAAC;AAED,2FAA2F;AAC3F,SAAS,kBAAkB,CAC1B,IAA2C,EAC3C,KAAoD;IAEpD,IAAI,MAAM,CAAC,QAAQ,CAAC,KAAK,CAAC,EAAE,CAAC;QAAC,OAAM,CAAC,KAAK,CAAC,CAAC;IAAC,CAAC;IAC9C,IAAI,KAAK,YAAY,WAAW,EAAE,CAAC;QAAC,OAAM,CAAC,mBAAmB,CAAC,KAAK,CAAC,CAAC,CAAC;IAAC,CAAC;IACzE,IAAI,OAAO,KAAK,KAAK,QAAQ,EAAE,CAAC;QAC/B,MAAM,IAAI,GAAG,IAAI,CAAC,QAAQ,CAAC,EAAE,IAAI,EAAE,QAAQ,EAAE,IAAI,EAAE,MAAM,EAAE,KAAK,EAAE,CAAC,CAAC;QACpE,OAAM,CAAC,mBAAmB,CAAC,IAAI,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;IAChD,CAAC;IAED,IAAI,KAAK,YAAY,IAAI,EAAE,CAAC;QAC3B,MAAM,IAAI,GAAG,IAAI,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC;QAClC,OAAM,CAAC,mBAAmB,CAAC,IAAI,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;IAChD,CAAC;IAED,IAAI,OAAO,KAAK,KAAK,QAAQ,IAAI,KAAK,KAAK,IAAI,EAAE,CAAC;QACjD,IAAI,CAAC,IAAI,EAAE,CAAC;YAAC,MAAK,CAAC,IAAI,KAAK,CAAC,0CAA0C,CAAC,CAAC,CAAC;QAAC,CAAC;QAC5E,MAAM,OAAO,GAAG,eAAe,CAAC,IAAI,EAAE,KAAK,CAAC,CAAC;QAC7C,OAAM,CAAC,mBAAmB,CAAC,OAAO,CAAC,CAAC,CAAC;IACtC,CAAC;IAED,OAAM,CAAC,MAAM,CAAC,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,EAAE,OAAO,CAAC,CAAC,CAAC;AAC7C,CAAC;AAED,KAAK,UAAU,eAAe,CAAyC,IAAU,EAAE,KAAkB;IACpG,MAAM,MAAM,GAAG,aAAa,CAAC,IAAI,EAAE,0BAA0B,CAAC,IAAI,CAAC,CAAC,CAAC;IACrE,2BAA2B;IAC3B,aAAa;IACb,MAAM,cAAc,GAAY,IAAI,IAAI,CAAC,iBAAiB,CAAC,KAAK,EAAE,MAAM,CAAC,CAAC,OAAO,EAAE,CAAC;IACpF,MAAM,SAAS,GAAG,oBAAoB,CAAC,cAAc,CAAC,CAAC;IACvD,OAAM,CAAC,gBAAgB,CAAC,IAAI,EAAE,SAAS,CAAC,CAAC,CAAC;AAC3C,CAAC;AAED,MAAM,yBAAyB;IACrB,QAAQ,CAAkB;IACnC,MAAM,CAAqB;IAE3B,YAAY,OAAwB;QACnC,IAAI,CAAC,QAAQ,GAAG,OAAO,CAAC;IACzB,CAAC;IAED,GAAG,CAAC,KAA+B;QAClC,IAAI,CAAC,MAAM,GAAG,MAAM,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,uBAAuB,CAAC,KAAK,CAAC,CAAC;QAC9E,OAAM,CAAC,IAAI,CAAC,CAAC;IACd,CAAC;IAED,KAAK,CAAC,KAAK;QACV,IAAI,IAAI,CAAC,MAAM,KAAK,SAAS,EAAE,CAAC;YAC/B,MAAK,CAAC,IAAI,KAAK,CAAC,eAAe,CAAC,CAAC,CAAC;QACnC,CAAC;QAED,MAAM,IAAI,GAAG,MAAM,CAAC,WAAW,CAAC,EAAE,CAAC,CAAC;QAEpC,MAAM,gBAAgB,GAAG,cAAc,CAAC,GAAG,CAAC,KAAK,CAAC,IAAI,CAAC,gBAAgB,CAAC;QACxE,MAAM,SAAS,GAAG,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,QAAQ,CAAC,SAAS,CAAC,GAAG,EAAE,CAAC,CAAC;QAE7D,MAAM,MAAM,GAAG,aAAa,CAAC;QAC7B,MAAM,GAAG,GAAG,MAAM,CAAC,WAAW,CAAC,EAAE,CAAC,CAAC;QACnC,MAAM,KAAK,GAAG,MAAM,CAAC,WAAW,CAAC,EAAE,CAAC,CAAC;QACrC,MAAM,YAAY,GAAG,MAAM,IAAI,CAAC,QAAQ,CAAC,OAAO,CAAC,mBAAmB,CAAC,GAAG,CAAC,CAAC,CAAC;QAE3E,SAAS,OAAO,CAAC,KAAa;YAC7B,MAAM,YAAY,GAAG,MAAM,CAAC,cAAc,CAAC,MAAM,EAAE,GAAG,EAAE,KAAK,CAAC,CAAC;YAC/D,IAAI,MAAM,GAAG,YAAY,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;YACxC,MAAM,GAAG,MAAM,CAAC,MAAM,CAAC,CAAC,MAAM,EAAE,YAAY,CAAC,KAAK,EAAE,CAAC,CAAC,CAAC;YAEvD;;eAEG;YACH,IAAI,MAAM,KAAK,aAAa,EAAE,CAAC;gBAC9B,MAAM,YAAY,GAAG,OAAO,CAAC,GAAG,CAAC,YAAY,EAAE,YAAY,CAAC,CAAC;gBAC7D,IAAI,OAAO,YAAY,KAAK,UAAU,EAAE,CAAC;oBACxC,MAAM,GAAG,GAAY,YAAY,CAAC,IAAI,CAAC,YAAY,CAAC,CAAC;oBACrD,IAAI,CAAC,MAAM,CAAC,QAAQ,CAAC,GAAG,CAAC,EAAE,CAAC;wBAAC,MAAK,CAAC,IAAI,KAAK,CAAC,oCAAoC,CAAC,CAAC,CAAC;oBAAC,CAAC;oBACtF,MAAM,GAAG,MAAM,CAAC,MAAM,CAAC,CAAC,MAAM,EAAE,GAAG,CAAC,CAAC,CAAC;gBACvC,CAAC;qBAAM,CAAC;oBACP,MAAK,CAAC,IAAI,KAAK,CAAC,6CAA6C,CAAC,CAAC,CAAC;gBACjE,CAAC;YACF,CAAC;YACD,OAAM,CAAC,MAAM,CAAC,CAAC;QAChB,CAAC;QAED,MAAM,cAAc,GAAG,OAAO,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;QAC5C,MAAM,aAAa,GAAG,OAAO,CAAC,uBAAuB,CAAC,IAAI,CAAC,CAAC,CAAC;QAE7D,MAAM,WAAW,GAAG,MAAM,CAAC,MAAM,CAAC,CAAC,IAAI,EAAE,SAAS,EAAE,cAAc,EAAE,IAAI,CAAC,MAAM,CAAC,CAAC,CAAC;QAClF,MAAM,oBAAoB,GAAG,cAAc,CAAC,GAAG,CAAC,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,WAAW,CAAC,CAAC;QAE7E,MAAM,kBAAkB,GAA6B;YACpD,aAAa;YACb,EAAE;YACF,oBAAoB;YACpB;gBACC,eAAe;gBACf,EAAE,IAAI,EAAE,KAAK,EAAE,GAAG,EAAE,MAAM,CAAC,MAAM,EAAE,uBAAuB,CAAC,EAAE;gBAC7D,iBAAiB;gBACjB,KAAK;gBACL,iEAAiE;gBACjE,MAAM,CAAC,IAAI,CAAC,YAAY,CAAC;aACzB;YACD,kBAAkB;YAClB;gBACC,oBAAoB;gBACpB,MAAM,CAAC,IAAI,CAAC,aAAa,CAAC;gBAC1B,uBAAuB;gBACvB,EAAE,IAAI,EAAE,KAAK,EAAE,GAAG,EAAE,MAAM,CAAC,gBAAgB,EAAE,uBAAuB,CAAC,EAAE;gBACvE,yDAAyD;gBACzD,MAAM,CAAC,IAAI,CAAC,oBAAoB,CAAC;aACjC;YACD,sDAAsD;YACtD,cAAc;SACd,CAAC;QAEF,MAAM,sBAAsB,GAAG,IAAI,CAAC,QAAQ,CAAC,kBAAkB,CAAC,CAAC;QAEjE,uCAAuC;QACvC,MAAM,MAAM,GAAG,sBAAsB,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC;QACnD,OAAM,CAAC,MAAM,CAAC,CAAC;IAChB,CAAC;CACD;AAED,MAAM,kBAAkB;IACd,QAAQ,CAAkB;IAC1B,KAAK,CAA8C;IACnD,QAAQ,CAAqC;IAEtD,YAAY,OAAwB,EAAE,IAA0B,EAAE,OAA2C;QAC5G,IAAI,CAAC,QAAQ,GAAG,OAAO,CAAC;QACxB,IAAI,CAAC,KAAK,GAAG,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC;QAC/B,IAAI,OAAO,EAAE,CAAC;YACb,IAAI,CAAC,QAAQ,GAAG,OAAO,CAAC;QACzB,CAAC;IACF,CAAC;IAEO,MAAM,CAAC,IAA0B;QACxC,IAAI,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,EAAE,CAAC;YAC3B,IAAI,GAAG,mBAAmB,CAAC,IAAI,CAAC,CAAC;QAClC,CAAC;QAED,IAAI,gBAAgB,CAAC;QACrB,IAAI,CAAC;YACJ,MAAM,UAAU,GAAG,IAAI,IAAI,CAAC,iBAAiB,CAAC,IAAI,EAAE,gCAAgC,CAAC,CAAC;YACtF,gBAAgB,GAAG,UAAU,CAAC,OAAO,EAAE,CAAC;QACzC,CAAC;QAAC,MAAM,CAAC;YACR,MAAM,EAAE,GAAG,QAAQ,CAAC,IAAI,CAAC,CAAC;YAC1B,MAAK,CAAC,IAAI,KAAK,CAAC,mDAAmD,IAAI,CAAC,SAAS,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC;QAChG,CAAC;QAED,MAAM,cAAc,GAAG,gBAAgB,CAAC,CAAC,CAAC,GAAG,EAAE,CAAC;QAChD,IAAI,cAAc,KAAK,EAAE,EAAE,CAAC;YAC3B,MAAK,CAAC,IAAI,KAAK,CAAC,4CAA4C,cAAc,GAAG,CAAC,CAAC,CAAC;QACjF,CAAC;QAED,OAAM,CAAC;YACN,OAAO,EAAE,cAAc;YACvB,SAAS,EAAE,IAAI,CAAC,QAAQ,CAAC,eAAe,CAAC,GAAG,EAAE;YAC9C,MAAM,EAAE;gBACP,SAAS,EAAE,WAAW,CAAC,gBAAgB,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,GAAG,EAAE,uBAAuB,CAAC;gBAC3E,EAAE,EAAE,gBAAgB,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;gBAC1B,GAAG,EAAE,gBAAgB,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;aAC3B;YACD,WAAW,EAAE;gBACZ,aAAa,EAAE,gBAAgB,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;gBACrC,SAAS,EAAE,WAAW,CAAC,gBAAgB,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,GAAG,EAAE,uBAAuB,CAAC;gBAC3E,KAAK,EAAE,gBAAgB,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;aAC7B;YACD,cAAc,EAAE,gBAAgB,CAAC,CAAC,CAAC;SACnC,CAAC,CAAC;IACJ,CAAC;IAED,KAAK,CAAC,aAAa,CAAC,KAAa;QAChC,MAAM,YAAY,GAAG,MAAM,IAAI,CAAC,QAAQ,CAAC,OAAO,CAAC,mBAAmB,CAAC,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,CAAC;QAC7F,MAAM,SAAS,GAAG,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC,SAAS,CAAC;QAC9C,MAAM,EAAE,GAAG,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC,EAAE,CAAC;QAEhC,MAAM,MAAM,GAAG,MAAM,CAAC,gBAAgB,CAAC,SAAS,EAAE,MAAM,CAAC,IAAI,CAAC,YAAY,CAAC,EAAE,EAAE,CAAC,CAAC;QAEjF,4DAA4D;QAC5D,IAAI,SAAS,KAAK,aAAa,EAAE,CAAC;YACjC,MAAM,OAAO,GAAG,KAAK,CAAC,QAAQ,CAAC,KAAK,CAAC,MAAM,GAAG,EAAE,CAAC,CAAC;YAClD,MAAM,UAAU,GAAG,KAAK,CAAC,QAAQ,CAAC,CAAC,EAAE,KAAK,CAAC,MAAM,GAAG,EAAE,CAAC,CAAC;YAExD,uCAAuC;YACvC,mEAAmE;YACnE,MAAM,YAAY,GAAG,OAAO,CAAC,GAAG,CAAC,MAAM,EAAE,YAAY,CAAC,CAAC;YACvD,IAAI,OAAO,YAAY,KAAK,UAAU,EAAE,CAAC;gBACxC,yGAAyG;gBACzG,YAAY,CAAC,IAAI,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;YACpC,CAAC;iBAAM,CAAC;gBACP,MAAK,CAAC,IAAI,KAAK,CAAC,uCAAuC,CAAC,CAAC,CAAC;YAC3D,CAAC;YAED,MAAM,SAAS,GAAG,MAAM,CAAC,MAAM,CAAC,UAAU,CAAC,CAAC;YAC5C,MAAM,CAAC,KAAK,EAAE,CAAC,CAAC,kBAAkB;YAClC,OAAM,CAAC,SAAS,CAAC,CAAC;QACnB,CAAC;QAED,yDAAyD;QACzD,MAAM,cAAc,GAAG,MAAM,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;QAC5C,MAAM,CAAC,KAAK,EAAE,CAAC;QACf,OAAM,CAAC,cAAc,CAAC,CAAC;IACxB,CAAC;IAED;;;;;;;;OAQG;IACH,KAAK,CAAC,GAAG;QACR,MAAM,cAAc,GAAG,MAAM,IAAI,CAAC,aAAa,CAAC,uBAAuB,CAAC,IAAI,CAAC,KAAK,CAAC,cAAc,CAAC,CAAC,CAAC;QACpG,OAAM,CAAC,mBAAmB,CAAC,cAAc,CAAC,CAAC,CAAC;IAC7C,CAAC;IAED,KAAK,CAAC,QAAQ;QACb,MAAM,KAAK,GAAG,MAAM,IAAI,CAAC,GAAG,EAAE,CAAC;QAC/B,IAAI,CAAC,IAAI,CAAC,QAAQ,EAAE,CAAC;YACpB;;;;;;;eAOG;YACH,yEAAyE;YACzE,OAAO,KAAsB,CAAC;QAC/B,CAAC;QACD,OAAM,CAAC,IAAI,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC,CAAC;IAC9B,CAAC;IAED;;;;OAIG;IACH,KAAK,CAAC,QAAQ;QACb,MAAM,KAAK,GAAG,MAAM,IAAI,CAAC,GAAG,EAAE,CAAC;QAC/B,MAAM,IAAI,GAAG,MAAM,IAAI,CAAC,aAAa,CAAC,uBAAuB,CAAC,IAAI,CAAC,KAAK,CAAC,WAAW,CAAC,aAAa,CAAC,CAAC,CAAC;QAErG,OAAM,CAAC;YACN,KAAK,EAAE,MAAM,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,QAAQ,CAAC,QAAQ,CAAC;YAC5C,IAAI,EAAE;gBACL,IAAI,EAAE,IAAI,CAAC,QAAQ,CAAC,QAAQ,CAAC;aAC7B;SACD,CAAC,CAAC;IACJ,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,aAAa,CAAC,KAA4C;QAC/D,MAAM,cAAc,GAAG,MAAM,CAAC,IAAI,CAAC,KAAK,CAAC,KAAK,EAAE,QAAQ,CAAC,CAAC;QAC1D,MAAM,eAAe,GAAG,MAAM,CAAC,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,IAAI,EAAE,QAAQ,CAAC,CAAC;QAE/D,MAAM,eAAe,GAAG,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,QAAQ,CAAC,SAAS,CAAC,GAAG,EAAE,CAAC,CAAC;QACnE,MAAM,cAAc,GAAG,IAAI,CAAC,KAAK,CAAC,cAAc,CAAC;QAEjD,MAAM,SAAS,GAAG,MAAM,CAAC,MAAM,CAAC,CAAC,eAAe,EAAE,eAAe,EAAE,cAAc,EAAE,cAAc,CAAC,CAAC,CAAC;QACpG,MAAM,oBAAoB,GAAG,cAAc,CAAC,GAAG,CAAC,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC;QAC3E,MAAM,0BAA0B,GAAG,MAAM,CAAC,IAAI,CAAC,oBAAoB,CAAC,CAAC;QAErE,OAAM,CAAC,IAAI,CAAC,KAAK,CAAC,WAAW,CAAC,KAAK,CAAC,MAAM,CAAC,0BAA0B,CAAC,CAAC,CAAC;IACzE,CAAC;IAED,MAAM;QACL,OAAM,CAAC,MAAM,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC;IAC5B,CAAC;CACD;AAgBD;;;;;;;;;;;;;;;;;;;;GAoBG;AACH,MAAM,uCAAuC,GAAG;IAC/C,UAAU,EAAE,CAAC,IAAI,CAAC,YAAY,CAAC,KAAK,EAAE;YACrC,MAAM,EAAE;gBACP,EAAE,IAAI,EAAE,SAAkB,EAAE,KAAK,EAAE,CAAU,EAAE,IAAI,EAAE,UAAmB,EAAE,QAAQ,EAAE,IAAI,CAAC,YAAY,CAAC,aAAa,EAAE;gBACrH,EAAE,IAAI,EAAE,SAAkB,EAAE,KAAK,EAAE,CAAU,EAAE,IAAI,EAAE,UAAmB,EAAE,QAAQ,EAAE,IAAI,CAAC,YAAY,CAAC,aAAa,EAAE;aACrH;SACD,CAAC;CACoB,CAAC;AAQxB,MAAM,OAAO,kBAAmB,SAAQ,cAAc,CAAC,GAAG,CAAC,KAAK,CAAC,WAAW,CAAC,kBAAkB;IACrF,WAAW,GAEhB,EAAE,CAAC;IAEP;;;OAGG;IACK,MAAM,CAAC,SAAS,CAAC,MAA0C;QAClE,MAAM,UAAU,GAAG,EAAE,GAAG,MAAM,EAAE,CAAC;QACjC,IAAI,gBAAgB,CAAC;QACrB,IAAI,UAAU,CAAC,OAAO,EAAE,CAAC;YACxB,gBAAgB,GAAG,UAAU,CAAC,OAAO,CAAC;YACtC,OAAM,CAAC,UAAU,CAAC,OAAO,CAAC,CAAC;QAC5B,CAAC;QACD,MAAM,MAAM,GAA0C,UAAU,CAAC;QACjE,IAAI,gBAAgB,EAAE,CAAC;YACtB,MAAM,CAAC,gBAAgB,GAAG,gBAAgB,CAAC;QAC5C,CAAC;QACD,OAAM,CAAC,MAAM,CAAC,CAAC;IAChB,CAAC;IAED,YAAY,MAA0C;QACrD,KAAK,CAAC,kBAAkB,CAAC,SAAS,CAAC,MAAM,CAAC,CAAC,CAAC;IAC7C,CAAC;IAED;;;;;;;OAOG;IACH,YAAY,CAAyC,IAAU,EAAE,SAAkB,EAAE,KAAsC;QAC1H,kEAAkE;QAClE,MAAM,eAAe,GAAG,0BAA0B,CAAC,IAAI,CAAC,CAAC;QACzD,IAAI,OAAoB,CAAC;QACzB,IAAI,KAAK,YAAY,WAAW,EAAE,CAAC;YAClC,OAAO,GAAG,KAAK,CAAC;QACjB,CAAC;aAAM,IAAI,IAAI,IAAI,0BAA0B,EAAE,CAAC;YAC/C,gDAAgD;YAChD,OAAO,GAAG,mBAAmB,CAAC,kBAAkB,CAAC,IAAI,EAAE,KAAK,CAAC,CAAC,CAAC;QAChE,CAAC;aAAM,IAAI,eAAe,KAAK,IAAI,CAAC,YAAY,CAAC,MAAM,EAAE,CAAC;YACzD,IAAI,CAAC,CAAC,KAAK,YAAY,IAAI,CAAC,EAAE,CAAC;gBAC9B,MAAK,CAAC,IAAI,KAAK,CAAC,qBAAqB,CAAC,CAAC,CAAC;YACzC,CAAC;YAED,OAAO,GAAG,eAAe,CAAC,IAAI,EAAE,KAAK,CAAC,CAAC;QACxC,CAAC;aAAM,IAAI,eAAe,KAAK,IAAI,CAAC,YAAY,CAAC,QAAQ,IAAI,OAAO,KAAK,KAAK,QAAQ,EAAE,CAAC;YACxF,OAAO,GAAG,eAAe,CAAC,IAAI,EAAE,KAAK,CAAC,CAAC;QACxC,CAAC;aAAM,CAAC;YACP,MAAK,CAAC,IAAI,KAAK,CAAC,sCAAsC,CAAC,CAAC,CAAC;QAC1D,CAAC;QAED,IAAI,CAAC,WAAW,CAAC,IAAI,CAAC,GAAG;YACxB,SAAS,EAAE,SAAS;YACpB,KAAK,EAAE,OAAO;SACd,CAAC;IACH,CAAC;IAES,KAAK,CAAC,aAAa,CAAC,GAAG,IAA+G;QAC/I,MAAM,MAAM,GAAG,MAAM,KAAK,CAAC,aAAa,CAAC,GAAG,IAAI,CAAC,CAAC;QAElD,MAAM,OAAO,GAAG,IAAI,CAAC,CAAC,CAAC,CAAC,gBAAgB,CAAC;QAEzC,2BAA2B;QAC3B,MAAM,cAAc,GAAkC,EAAE,CAAC;QACzD,KAAK,MAAM,CAAC,IAAI,EAAE,SAAS,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,IAAI,CAAC,WAAW,CAAC,EAAE,CAAC;YAClE,IAAI,CAAC,CAAC,IAAI,IAAI,yBAAyB,CAAC,EAAE,CAAC;gBAC1C,MAAK,CAAC,IAAI,KAAK,CAAC,sBAAsB,IAAI,EAAE,CAAC,CAAC,CAAC;YAChD,CAAC;YAED;;;;eAIG;YACH,+BAA+B,CAAC,IAAI,CAAC,CAAC;YACtC,MAAM,OAAO,GAAG,yBAAyB,CAAC,IAAI,CAAC,CAAC;YAEhD,IAAI,KAAa,CAAC;YAClB,IAAI,SAAS,CAAC,SAAS,EAAE,CAAC;gBACzB,MAAM,OAAO,GAAG,IAAI,yBAAyB,CAAC,OAAO,CAAC,CAAC;gBACvD,OAAO,CAAC,GAAG,CAAC,SAAS,CAAC,KAAK,CAAC,CAAC;gBAC7B,KAAK,GAAG,mBAAmB,CAAC,MAAM,OAAO,CAAC,KAAK,EAAE,CAAC,CAAC;YACpD,CAAC;iBAAM,CAAC;gBACP,IAAI,OAAO,SAAS,CAAC,KAAK,KAAK,QAAQ,EAAE,CAAC;oBACzC,KAAK,GAAG,MAAM,CAAC,IAAI,CAAC,SAAS,CAAC,KAAK,EAAE,OAAO,CAAC,CAAC;gBAC/C,CAAC;qBAAM,CAAC;oBACP,KAAK,GAAG,mBAAmB,CAAC,SAAS,CAAC,KAAK,CAAC,CAAC;gBAC9C,CAAC;YACF,CAAC;YAAC,cAAc,CAAC,IAAI,CAAC,CAAC;oBACtB,IAAI,EAAE,KAAK;oBACX,GAAG,EAAE,OAAO;iBACZ,EAAE;oBACF,IAAI,EAAE,SAAS;oBACf,IAAI,EAAE,UAAU;oBAChB,KAAK,EAAE,SAAS,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;oBAClC,QAAQ,EAAE,KAAK;iBACf,CAAC,CAAC,CAAC;QACL,CAAC;QAED,IAAI,cAAc,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YAC/B,MAAM,CAAC,IAAI,CACV,cAAc,CAAC,GAAG,CAAC,KAAK,CAAC,WAAW,CAAC,kBAAkB,CAAC,SAAS,CAAC,IAAI,CAAC,KAAK,CAAC,cAAc,EAAE,cAAc,CAAC,CAC5G,CAAC;QACH,CAAC;QAED,OAAM,CAAC,MAAM,CAAC,CAAC;IAChB,CAAC;IAED;;;;;OAKG;IACH,KAAK,CAAC,KAAK,CAAC,MAA0C;QACrD,MAAM,UAAU,GAAG,kBAAkB,CAAC,SAAS,CAAC,MAAM,CAAC,CAAC;QACxD,MAAM,WAAW,GAAG,MAAM,KAAK,CAAC,QAAQ,CAAC,UAAU,CAAC,CAAC;QACrD,mEAAmE;QACnE,MAAM,iBAAiB,GAAG,IAAI,WAAW,CAAC,WAAW,EAAE;YACtD;;;;;eAKG;YACH,MAAM,EAAE,IAAI;SACZ,CAAC,CAAC;QAEH,OAAM,CAAC,iBAAiB,CAAC,CAAC;IAC3B,CAAC;CACD;AAED,MAAM,OAAO,WAAY,SAAQ,cAAc,CAAC,GAAG,CAAC,KAAK,CAAC,WAAW,CAAC,WAAW;IAC/D,UAAU,CAAkB;IAC7C,MAAM,CAAU,OAAO,GAA8B,kBAAkB,CAAC;IACxE,MAAM,CAAU,kBAAkB,CAAuC;IAEzE;;OAEM;IACG,UAAU,GAQf,EAAE,CAAC;IAEP,YAAY,KAAwF,EAAE,OAA8H;QACnO,KAAK,CAAC,KAAK,EAAE,OAAO,CAAC,CAAC;QAEtB,IAAI,CAAC,UAAU,GAAG,OAAO,EAAE,UAAU,IAAI,IAAI,CAAC,gBAAgB,CAAC;QAE/D,KAAK,CAAC,oBAAoB,EAAE,CAAC;IAC9B,CAAC;IAES,oBAAoB;QAC7B,6DAA6D;IAC9D,CAAC;IAEO,iBAAiB,CAAyC,IAAU,EAAE,KAAkB;QAC/F,aAAa;QACb,IAAI,CAAC,UAAU,CAAC,IAAI,CAAC,GAAG,EAAE,SAAS,EAAE,KAAK,EAAE,KAAK,EAAyC,CAAC;IAC5F,CAAC;IAEO,qBAAqB,CAAyC,IAAU,EAAE,KAAkB;QACnG,MAAM,kBAAkB,GAAG,KAAK,EAAE,IAA0B,EAA4C,EAAE;YACzG,MAAM,WAAW,GAAG,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,mBAAmB,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC;YAC7E,OAAM,CAAC,MAAM,eAAe,CAAC,IAAI,EAAE,WAAW,CAAC,CAAC,CAAC;QAClD,CAAC,CAAC;QACF,IAAI,CAAC,UAAU,CAAC,IAAI,CAAC,GAAG;YACvB,SAAS,EAAE,IAAI;YACf,KAAK,EAAE,IAAI,kBAAkB,CAAC,IAAI,CAAC,UAAU,EAAE,KAAK,EAAE,kBAAkB,CAAC;SAClC,CAAC;IAC1C,CAAC;IAED;;;;;OAKG;IACH,KAAK,CAAC,iBAAiB,CAAyC,aAAmB;QAClF,MAAM,IAAI,GAAG,IAAI,CAAC,UAAU,CAAC,aAAa,CAAC,EAAE,KAAK,CAAC;QACnD,IAAI,CAAC,IAAI,EAAE,CAAC;YACX,MAAK,CAAC,IAAI,KAAK,CAAC,aAAa,aAAa,mBAAmB,CAAC,CAAC,CAAC;QACjE,CAAC;QAED,IAAI,IAAI,YAAY,kBAAkB,EAAE,CAAC;YACxC,MAAM,GAAG,GAAG,MAAM,IAAI,CAAC,GAAG,EAAE,CAAC;YAC7B,OAAM,CAAC,MAAM,eAAe,CAAC,aAAa,EAAE,GAAG,CAAC,CAAC,CAAC;QACnD,CAAC;QAED,uCAAuC;QACvC,IAAI,IAAI,YAAY,WAAW,IAAI,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,EAAE,CAAC;YAC1D,OAAM,CAAC,MAAM,eAAe,CAAC,aAAa,EAAE,IAAI,CAAC,CAAC,CAAC;QACpD,CAAC;QAED,MAAK,CAAC,IAAI,KAAK,CAAC,aAAa,aAAa,0BAA0B,CAAC,CAAC,CAAC;IACxE,CAAC;IAES,gBAAgB,CAAC,EAAU,EAAE,KAAkB;QACxD,IAAI,KAAK,CAAC,gBAAgB,CAAC,EAAE,EAAE,KAAK,CAAC,EAAE,CAAC;YACvC,OAAM,CAAC,IAAI,CAAC,CAAC;QACd,CAAC;QAED,IAAI,EAAE,KAAK,IAAI,CAAC,KAAK,CAAC,cAAc,EAAE,CAAC;YACtC,MAAM,aAAa,GAAG,IAAI,IAAI,CAAC,iBAAiB,CAAC,KAAK,EAAE,uCAAuC,CAAC,CAAC,OAAO,EAAE,CAAC;YAE3G,KAAK,MAAM,SAAS,IAAI,aAAa,EAAE,CAAC;gBACvC,MAAM,UAAU,GAAG,WAAW,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC,GAAG,EAAE,yBAAyB,CAAC,CAAC;gBAC5E,MAAM,IAAI,GAAG,2BAA2B,CAAC,UAAU,CAAC,CAAC;gBACrD,MAAM,SAAS,GAAG,SAAS,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC;gBACrC,MAAM,KAAK,GAAG,mBAAmB,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC;gBAEzD,QAAQ,SAAS,EAAE,CAAC;oBACnB,KAAK,CAAC;wBACL,iBAAiB;wBACjB,IAAI,CAAC,iBAAiB,CAAC,IAAI,EAAE,KAAK,CAAC,CAAC;wBACpC,MAAM;oBACP,KAAK,CAAC;wBACL,qBAAqB;wBACrB,IAAI,CAAC,qBAAqB,CAAC,IAAI,EAAE,KAAK,CAAC,CAAC;wBACxC,MAAM;oBACP;wBACC,WAAW,CAAC,SAAS,CAAC,CAAC;gBACzB,CAAC;YACF,CAAC;YAED,OAAM,CAAC,IAAI,CAAC,CAAC;QACd,CAAC;QAED,OAAM,CAAC,KAAK,CAAC,CAAC;IACf,CAAC;;AAmBD,CAAC;AAKF,MAAM,OAAO,6BAA6B;IACzC,YAAY,CAAe;IAC3B,WAAW,GAKP,EAAE,CAAC;IAEC,SAAS,CAAqB;IAC9B,iBAAiB,GAAG,KAAK,CAAC;IAElC,MAAM,CAAC,8BAA8B,GAA2C,+BAA+B,CAAC;IAEhH,YAAY,KAA2B,EAAE,OAAoD;QAC5F,IAAI,eAAuB,CAAC;QAC5B,IAAI,OAAO,KAAK,KAAK,QAAQ,EAAE,CAAC;YAC/B;;;eAGG;YACH,MAAM,UAAU,GAAG,KAAK,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC;YACxC,IAAI,WAAiC,CAAC;YACtC,KAAK,IAAI,WAAW,GAAG,CAAC,EAAE,WAAW,GAAG,UAAU,CAAC,MAAM,EAAE,WAAW,EAAE,EAAE,CAAC;gBAC1E,MAAM,IAAI,GAAG,UAAU,CAAC,WAAW,CAAC,EAAE,IAAI,EAAE,CAAC;gBAC7C,IAAI,IAAI,EAAE,UAAU,CAAC,aAAa,CAAC,EAAE,CAAC;oBACrC,IAAI,QAAQ,GAAG,CAAC,CAAC,CAAC;oBAClB,MAAM,eAAe,GAAG,IAAI,CAAC,OAAO,CAAC,OAAO,EAAE,KAAK,CAAC,CAAC;oBACrD,KAAK,IAAI,SAAS,GAAG,WAAW,GAAG,CAAC,EAAE,SAAS,GAAG,UAAU,CAAC,MAAM,EAAE,SAAS,EAAE,EAAE,CAAC;wBAClF,MAAM,YAAY,GAAG,UAAU,CAAC,SAAS,CAAC,EAAE,IAAI,EAAE,CAAC;wBACnD,IAAI,YAAY,KAAK,eAAe,EAAE,CAAC;4BACtC,QAAQ,GAAG,SAAS,CAAC;4BACrB,MAAM;wBACP,CAAC;oBACF,CAAC;oBACD,IAAI,QAAQ,KAAK,CAAC,CAAC,EAAE,CAAC;wBACrB,MAAK,CAAC,IAAI,KAAK,CAAC,sCAAsC,CAAC,CAAC,CAAC;oBAC1D,CAAC;oBAED,WAAW,GAAG,UAAU,CAAC,KAAK,CAAC,WAAW,GAAG,CAAC,EAAE,QAAQ,CAAC,CAAC;oBAC1D,MAAM;gBACP,CAAC;YACF,CAAC;YACD,IAAI,WAAW,KAAK,SAAS,EAAE,CAAC;gBAC/B,WAAW,GAAG,UAAU,CAAC;YAC1B,CAAC;YAED,WAAW,GAAG,WAAW,CAAC,GAAG,CAAC,UAAS,IAAI;gBAC1C,OAAM,CAAC,IAAI,CAAC,IAAI,EAAE,CAAC,CAAC;YACrB,CAAC,CAAC,CAAC,MAAM,CAAC,UAAS,IAAI;gBACtB,OAAM,CAAC,IAAI,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC;YACzB,CAAC,CAAC,CAAC;YAEH,MAAM,aAAa,GAAG,WAAW,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;YAC3C,eAAe,GAAG,MAAM,CAAC,IAAI,CAAC,aAAa,EAAE,QAAQ,CAAC,CAAC;QACxD,CAAC;aAAM,CAAC;YACP,eAAe,GAAG,mBAAmB,CAAC,KAAK,CAAC,CAAC;QAC9C,CAAC;QAED,IAAI,UAAU,GAAG,OAAO,EAAE,UAAU,CAAC;QACrC,IAAI,eAAe,CAAC,UAAU,CAAC,UAAU,CAAC,EAAE,CAAC;YAC5C,UAAU,GAAG,CAAC,UAAU,CAAC,CAAC;QAC3B,CAAC;aAAM,IAAI,UAAU,YAAY,GAAG,EAAE,CAAC;YACtC,UAAU,GAAG,KAAK,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC;QACrC,CAAC;aAAM,IAAI,UAAU,KAAK,SAAS,EAAE,CAAC;YACrC,UAAU,GAAG,IAAI,CAAC;QACnB,CAAC;QAED,IAAI,CAAC,SAAS,GAAG,kBAAkB,CAAC,iBAAiB,CAAC,eAAe,EAAE,UAAU,CAAC,CAAC;IACpF,CAAC;IAED;;;;OAIG;IACH,MAAM,CAAC,KAAK,CAAC,eAAe,CAAC,WAAwB,EAAE,cAA4C;QAClG,IAAI,cAAc,KAAK,SAAS,EAAE,CAAC;YAClC;;;eAGG;YACH,yEAAyE;YACzE,cAAc,GAAG,MAAM,CAAC,IAAI,CAAC,WAAW,CAAC,UAAU,CAA4C,CAAC;QACjG,CAAC;QAED,MAAM,UAAU,GAA8D,EAAE,CAAC;QACjF,KAAK,MAAM,IAAI,IAAI,cAAc,EAAE,CAAC;YACnC,MAAM,IAAI,GAAG,WAAW,CAAC,UAAU,CAAC,IAAI,CAAC,CAAC;YAC1C;;eAEG;YACH,IAAI,CAAC,IAAI,EAAE,CAAC;gBACX,SAAS;YACV,CAAC;YAED,IAAI,IAAI,CAAC,SAAS,EAAE,CAAC;gBACpB,UAAU,CAAC,IAAI,CAAC,GAAG;oBAClB,SAAS,EAAE,IAAI;oBACf,KAAK,EAAE,MAAM,IAAI,CAAC,KAAK,CAAC,QAAQ,EAAE;iBAClC,CAAC;YACH,CAAC;iBAAM,CAAC;gBACP,UAAU,CAAC,IAAI,CAAC,GAAG;oBAClB,SAAS,EAAE,KAAK;oBAChB,KAAK,EAAE,mBAAmB,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,QAAQ,CAAC,QAAQ,CAAC;iBACzD,CAAC;YACH,CAAC;QACF,CAAC;QAED,MAAM,cAAc,GAAG,IAAI,CAAC,SAAS,CAAC;YACrC,WAAW,EAAE,WAAW,CAAC,KAAK,EAAE;YAChC,UAAU,EAAE,UAAU;SACgC,CAAC,CAAC;QAEzD,MAAM,aAAa,GAAG,eAAe,CAAC,QAAQ,CAAC,eAAe,CAAC,kBAAkB,EAAE,EAAE,CAAC,CAAC,CAAC;QACxF,MAAM,cAAc,GAAG,MAAM,CAAC,IAAI,CAAC,cAAc,EAAE,OAAO,CAAC,CAAC;QAC5D,MAAM,wBAAwB,GAAG,MAAM,cAAc,CAAC,GAAG,CAAC,KAAK,CAAC,MAAM,CAAC,gBAAgB,CAAC,mBAAmB,CAAC,cAAc,CAAC,CAAC,CAAC;QAC7H,MAAM,SAAS,GAAG,kBAAkB,CAAC,aAAa,CAAC,mBAAmB,CAAC,wBAAwB,CAAC,EAAE,CAAC,aAAa,CAAC,EAAE,IAAI,CAAC,CAAC;QACzH,MAAM,eAAe,GAAG,MAAM,SAAS,CAAC,gBAAgB,EAAE,CAAC;QAC3D,MAAM,MAAM,GAAG,IAAI,6BAA6B,CAAC,mBAAmB,CAAC,eAAe,CAAC,EAAE,EAAE,UAAU,EAAE,aAAa,EAAE,CAAC,CAAC;QACtH,MAAM,MAAM,CAAC,YAAY,CAAC,aAAa,CAAC,CAAC;QACzC,OAAM,CAAC,MAAM,CAAC,CAAC;IAChB,CAAC;IAED,KAAK,CAAC,WAAW,CAAC,SAA0B;QAC3C,MAAM,IAAI,CAAC,SAAS,CAAC,WAAW,CAAC,SAAS,CAAC,CAAC;QAC5C,OAAM,CAAC,IAAI,CAAC,CAAC;IACd,CAAC;IAED,KAAK,CAAC,YAAY,CAAC,SAA0B;QAC5C,MAAM,IAAI,CAAC,SAAS,CAAC,YAAY,CAAC,SAAS,CAAC,CAAC;QAC7C,OAAM,CAAC,IAAI,CAAC,CAAC;IACd,CAAC;IAED,IAAI,UAAU;QACb,OAAM,CAAC,IAAI,CAAC,SAAS,CAAC,UAAU,CAAC,CAAC;IACnC,CAAC;IAED,KAAK,CAAC,SAAS;QACd,IAAI,IAAI,CAAC,iBAAiB,EAAE,CAAC;YAC5B,OAAO;QACR,CAAC;QACD,IAAI,CAAC,iBAAiB,GAAG,IAAI,CAAC;QAE9B,MAAM,cAAc,GAAG,MAAM,IAAI,CAAC,SAAS,CAAC,YAAY,EAAE,CAAC;QAC3D,MAAM,0BAA0B,GAAG,MAAM,cAAc,CAAC,GAAG,CAAC,KAAK,CAAC,MAAM,CAAC,gBAAgB,CAAC,mBAAmB,CAAC,cAAc,CAAC,CAAC,CAAC;QAC/H,MAAM,cAAc,GAAG,MAAM,CAAC,IAAI,CAAC,0BAA0B,CAAC,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC;QACjF,MAAM,YAAY,GAAY,IAAI,CAAC,KAAK,CAAC,cAAc,CAAC,CAAC;QACzD,MAAM,QAAQ,GAAG,iDAAiD,CAAC,YAAY,CAAC,CAAC;QAEjF,IAAI,CAAC,YAAY,GAAG,IAAI,WAAW,CAAC,QAAQ,CAAC,WAAW,CAAC,CAAC;QAC1D,MAAM,iBAAiB,GAAG,MAAM,CAAC,OAAO,CAAC,QAAQ,CAAC,UAAU,CAAC,CAAC,GAAG,CAAC,KAAK,EAAE,CAAC,IAAI,EAAE,IAAI,CAAC,EAAkE,EAAE;YACxJ;;;;;;eAMG;YACH,yEAAyE;YACzE,MAAM,aAAa,GAAG,IAAI,CAAC,YAAY,EAAE,UAAU,CAAC,IAAiC,CAAC,CAAC;YAEvF,IAAI,CAAC,aAAa,EAAE,CAAC;gBACpB,MAAK,CAAC,IAAI,KAAK,CAAC,aAAa,IAAI,2BAA2B,CAAC,CAAC,CAAC;YAChE,CAAC;YAED,IAAI,aAAa,CAAC,SAAS,KAAK,IAAI,CAAC,SAAS,EAAE,CAAC;gBAChD,MAAK,CAAC,IAAI,KAAK,CAAC,aAAa,IAAI,wCAAwC,CAAC,CAAC,CAAC;YAC7E,CAAC;YAED,IAAI,CAAC,IAAI,CAAC,SAAS,EAAE,CAAC;gBACrB,IAAI,aAAa,CAAC,SAAS,EAAE,CAAC;oBAC7B,MAAK,CAAC,IAAI,KAAK,CAAC,aAAa,IAAI,wCAAwC,CAAC,CAAC,CAAC;gBAC7E,CAAC;gBAED,MAAM,SAAS,GAAG,aAAa,CAAC,KAAK,CAAC;gBACtC,MAAM,WAAW,GAAG,mBAAmB,CAAC,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,KAAK,EAAE,QAAQ,CAAC,CAAC,CAAC;gBAC3E,IAAI,WAAW,CAAC,UAAU,KAAK,SAAS,CAAC,UAAU,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,WAAW,CAAC,CAAC,MAAM,CAAC,MAAM,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC,EAAE,CAAC;oBACjH,MAAK,CAAC,IAAI,KAAK,CAAC,aAAa,IAAI,kCAAkC,CAAC,CAAC,CAAC;gBACvE,CAAC;gBAED,OAAM,CAAC,CAAC,IAAI,EAAE;wBACb,SAAS,EAAE,KAAK;wBAChB,KAAK,EAAE,WAAW;qBAClB,CAAC,CAAC,CAAC;YACL,CAAC;YAED,IAAI,CAAC,aAAa,CAAC,SAAS,EAAE,CAAC;gBAC9B,MAAK,CAAC,IAAI,KAAK,CAAC,aAAa,IAAI,wCAAwC,CAAC,CAAC,CAAC;YAC7E,CAAC;YAED,IAAI,CAAC,CAAC,MAAM,aAAa,CAAC,KAAK,CAAC,aAAa,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC;gBAC5D,MAAK,CAAC,IAAI,KAAK,CAAC,aAAa,IAAI,0BAA0B,CAAC,CAAC,CAAC;YAC/D,CAAC;YAED,MAAM,SAAS,GAAG,mBAAmB,CAAC,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,KAAK,CAAC,KAAK,EAAE,QAAQ,CAAC,CAAC,CAAC;YAE/E,OAAM,CAAC,CAAC,IAAI,EAAE;oBACb,SAAS,EAAE,IAAI;oBACf,KAAK,EAAE,SAAS;iBAChB,CAAC,CAAC,CAAC;QACL,CAAC,CAAC,CAAC;QACH,MAAM,kBAAkB,GAAG,MAAM,OAAO,CAAC,GAAG,CAAC,iBAAiB,CAAC,CAAC;QAChE,IAAI,CAAC,WAAW,GAAG,MAAM,CAAC,WAAW,CAAC,kBAAkB,CAAC,CAAC;IAC3D,CAAC;IAED,KAAK,CAAC,cAAc;QACnB,MAAM,IAAI,CAAC,SAAS,EAAE,CAAC;QACvB,IAAI,CAAC,IAAI,CAAC,YAAY,EAAE,CAAC;YACxB,MAAK,CAAC,IAAI,KAAK,CAAC,2CAA2C,CAAC,CAAC,CAAC;QAC/D,CAAC;QACD,OAAM,CAAC,IAAI,CAAC,YAAY,CAAC,CAAC;IAC3B,CAAC;IAED,KAAK,CAAC,kBAAkB,CAAC,IAAY;QACpC,MAAM,IAAI,CAAC,SAAS,EAAE,CAAC;QACvB,MAAM,IAAI,GAAG,IAAI,CAAC,WAAW,CAAC,IAAI,CAAC,CAAC;QACpC,OAAM,CAAC,IAAI,EAAE,KAAK,CAAC,CAAC;IACrB,CAAC;IAED,KAAK,CAAC,YAAY,CAAyC,IAAU;QACpE,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,kBAAkB,CAAC,IAAI,CAAC,CAAC;QACnD,IAAI,MAAM,KAAK,SAAS,EAAE,CAAC;YAC1B,OAAM,CAAC,SAAS,CAAC,CAAC;QACnB,CAAC;QAED,MAAM,MAAM,GAAG,MAAM,eAAe,CAAC,IAAI,EAAE,MAAM,CAAC,CAAC;QAEnD;;;;;;;;;;;;WAYG;QAEH,OAAM,CAAC,MAAM,CAAC,CAAC;IAChB,CAAC;IAID,KAAK,CAAC,iBAAiB,CAAC,cAAwB;QAC/C,MAAM,IAAI,CAAC,SAAS,EAAE,CAAC;QACvB,MAAM,KAAK,GAAG,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,WAAW,CAAC,CAAC;QAE5C,IAAI,cAAc,EAAE,CAAC;YACpB,OAAM,CAAC,KAAK,CAAC,CAAC;QACf,CAAC;QAED,MAAM,UAAU,GAAG,KAAK,CAAC,MAAM,CAAC,UAAS,IAAI;YAC5C,OAAM,CAAC,IAAI,IAAI,yBAAyB,CAAC,CAAC;QAC3C,CAAC,CAAC,CAAC;QAEH,OAAM,CAAC,UAAU,CAAC,CAAC;IACpB,CAAC;IAMD,KAAK,CAAC,MAAM,CAAC,OAAoD;QAChE,OAAO,GAAG;YACT,MAAM,EAAE,aAAa;YACrB,GAAG,OAAO;SACV,CAAC;QAEF,IAAI,UAA6B,CAAC;QAClC,IAAI,CAAC;YACJ,UAAU,GAAG,IAAI,CAAC,SAAS,CAAC,UAAU,CAAC;QACxC,CAAC;QAAC,MAAM,CAAC;YACR,UAAU,GAAG,EAAE,CAAC;QACjB,CAAC;QACD,IAAI,UAAU,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YAC7B,MAAK,CAAC,IAAI,KAAK,CAAC,oEAAoE,CAAC,CAAC,CAAC;QACxF,CAAC;QAED,MAAM,YAAY,GAAG,MAAM,IAAI,CAAC,SAAS,CAAC,gBAAgB,EAAE,CAAC;QAC7D,IAAI,OAAO,CAAC,MAAM,KAAK,QAAQ,EAAE,CAAC;YACjC,MAAM,YAAY,GAAG,YAAY,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC;YACrD,MAAM,WAAW,GAAG,CAAC,uCAAuC,CAAC,CAAC;YAC9D,WAAW,CAAC,IAAI,CAAC,GAAG,YAAY,CAAC,KAAK,CAAC,UAAU,CAAC,IAAI,EAAE,CAAC,CAAC;YAC1D,WAAW,CAAC,IAAI,CAAC,qCAAqC,CAAC,CAAC;YACxD,OAAM,CAAC,WAAW,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC;QAChC,CAAC;aAAM,IAAI,OAAO,CAAC,MAAM,KAAK,aAAa,EAAE,CAAC;YAC7C,OAAM,CAAC,mBAAmB,CAAC,YAAY,CAAC,CAAC,CAAC;QAC3C,CAAC;aAAM,CAAC;YACP,MAAK,CAAC,IAAI,KAAK,CAAC,8BAA8B,MAAM,CAAC,OAAO,CAAC,MAAM,CAAC,EAAE,CAAC,CAAC,CAAC;QAC1E,CAAC;IACF,CAAC;;AAGF,aAAa;AACb,WAAW,CAAC,kBAAkB,GAAG,6BAA6B,CAAC;AAE/D,gBAAgB;AAChB,MAAM,CAAC,MAAM,QAAQ,GAAG;IACvB,yBAAyB;IACzB,kBAAkB;CAClB,CAAC","sourcesContent":["import * as KeetaNetClient from '@keetanetwork/keetanet-client';\nimport * as oids from '../services/kyc/oids.generated.js';\nimport * as ASN1 from './utils/asn1.js';\nimport { ASN1toJS, contextualizeStructSchema, encodeValueBySchema, normalizeDecodedASN1 } from './utils/asn1.js';\nimport type { Schema as ASN1Schema } from './utils/asn1.js';\nimport { arrayBufferLikeToBuffer, arrayBufferToBuffer, Buffer, bufferToArrayBuffer } from './utils/buffer.js';\nimport crypto from './utils/crypto.js';\nimport { assertNever } from './utils/never.js';\nimport type { SensitiveAttributeType, CertificateAttributeValue } from '../services/kyc/iso20022.generated.js';\nimport { CertificateAttributeOIDDB, CertificateAttributeSchema } from '../services/kyc/iso20022.generated.js';\nimport { getOID, lookupByOID } from './utils/oid.js';\nimport { convertToJSON as convertToJSONUtil } from './utils/json.js';\nimport { EncryptedContainer } from './encrypted-container.js';\nimport { assertSharableCertificateAttributesContentsSchema } from './certificates.generated.js';\n\n/**\n * Short alias for printing a debug representation of an object\n */\nconst DPO = KeetaNetClient.lib.Utils.Helper.debugPrintableObject.bind(KeetaNetClient.lib.Utils.Helper);\n\n/* ENUM */\ntype AccountKeyAlgorithm = InstanceType<typeof KeetaNetClient.lib.Account>['keyType'];\n\n/**\n * An alias for the KeetaNetAccount type\n */\ntype KeetaNetAccount = ReturnType<typeof KeetaNetClient.lib.Account.fromSeed<AccountKeyAlgorithm>>;\nconst KeetaNetAccount: typeof KeetaNetClient.lib.Account = KeetaNetClient.lib.Account;\n\nfunction toJSON(data: unknown): unknown {\n\treturn(convertToJSONUtil(data));\n}\n\n// Generic type guard to align decoded values with generated attribute types\nfunction isAttributeValue<NAME extends CertificateAttributeNames>(\n\t_name: NAME,\n\t_v: unknown\n): _v is CertificateAttributeValue<NAME> {\n\t// Runtime schema validation is already performed by BufferStorageASN1; this guard\n\t// serves to inform TypeScript of the precise type tied to the attribute name.\n\treturn(true);\n}\n\n// Helper to apply type guard once and return the properly typed value\nfunction asAttributeValue<NAME extends CertificateAttributeNames>(\n\tname: NAME,\n\tv: unknown\n): CertificateAttributeValue<NAME> {\n\tif (!isAttributeValue(name, v)) {\n\t\tthrow(new Error('internal error: decoded value did not match expected type'));\n\t}\n\treturn(v);\n}\n\n/**\n * Sensitive Attribute Schema\n *\n * ASN.1 Schema:\n * SensitiveAttributes DEFINITIONS ::= BEGIN\n * SensitiveAttribute ::= SEQUENCE {\n * version INTEGER { v1(0) },\n * cipher SEQUENCE {\n * algorithm OBJECT IDENTIFIER,\n * ivOrNonce OCTET STRING,\n * key OCTET STRING\n * },\n * hashedValue SEQUENCE {\n * encryptedSalt OCTET STRING,\n * algorithm OBJECT IDENTIFIER,\n * value OCTET STRING\n * },\n * encryptedValue OCTET STRING\n * }\n * END\n *\n * https://keeta.notion.site/Keeta-KYC-Certificate-Extensions-13e5da848e588042bdcef81fc40458b7\n *\n * @internal\n */\nconst SensitiveAttributeSchemaInternal: [\n\tversion: 0n,\n\tcipher: [\n\t\talgorithm: typeof ASN1.ValidateASN1.IsOID,\n\t\tiv: typeof ASN1.ValidateASN1.IsOctetString,\n\t\tkey: typeof ASN1.ValidateASN1.IsOctetString\n\t],\n\thashedValue: [\n\t\tencryptedSalt: typeof ASN1.ValidateASN1.IsOctetString,\n\t\talgorithm: typeof ASN1.ValidateASN1.IsOID,\n\t\tvalue: typeof ASN1.ValidateASN1.IsOctetString\n\t],\n\tencryptedValue: typeof ASN1.ValidateASN1.IsOctetString\n] = [\n\t0n,\n\t[\n\t\tASN1.ValidateASN1.IsOID,\n\t\tASN1.ValidateASN1.IsOctetString,\n\t\tASN1.ValidateASN1.IsOctetString\n\t],\n\t[\n\t\tASN1.ValidateASN1.IsOctetString,\n\t\tASN1.ValidateASN1.IsOID,\n\t\tASN1.ValidateASN1.IsOctetString\n\t],\n\tASN1.ValidateASN1.IsOctetString\n];\n\n/**\n * The Sensitive Attribute Schema Internal\n *\n * @internal\n */\ntype SensitiveAttributeSchema = ASN1.SchemaMap<typeof SensitiveAttributeSchemaInternal>;\n\n/*\n * Database of permitted algorithms and their OIDs\n */\nconst sensitiveAttributeOIDDB = {\n\t'aes-256-gcm': oids.AES_256_GCM,\n\t'aes-256-cbc': oids.AES_256_CBC,\n\t'sha2-256': oids.SHA2_256,\n\t'sha3-256': oids.SHA3_256,\n\t'sha256': oids.SHA2_256,\n\t'aes256-gcm': oids.AES_256_GCM,\n\t'aes256-cbc': oids.AES_256_CBC\n};\n\nfunction assertCertificateAttributeNames(name: string): asserts name is CertificateAttributeNames {\n\tif (!(name in CertificateAttributeOIDDB)) {\n\t\tthrow(new Error(`Unknown attribute name: ${name}`));\n\t}\n}\n\nfunction asCertificateAttributeNames(name: string): CertificateAttributeNames {\n\tassertCertificateAttributeNames(name);\n\treturn(name);\n}\n\nfunction resolveSchema(name: CertificateAttributeNames, schema: ASN1Schema): ASN1Schema {\n\treturn(contextualizeStructSchema(schema));\n}\n\nfunction encodeAttribute(name: CertificateAttributeNames, value: unknown): ArrayBuffer {\n\tconst schema = resolveSchema(name, CertificateAttributeSchema[name]);\n\tconst encodedJS = encodeValueBySchema(schema, value, { attributeName: name });\n\tif (encodedJS === undefined) {\n\t\tthrow(new Error(`Unsupported attribute value for encoding: ${JSON.stringify(DPO(value))}`));\n\t}\n\n\tconst asn1Object = ASN1.JStoASN1(encodedJS);\n\tif (!asn1Object) {\n\t\tthrow(new Error(`Failed to encode value for attribute ${name}`));\n\t}\n\n\treturn(asn1Object.toBER(false));\n}\n\n// Prepare a value for inclusion in a SensitiveAttribute: pre-encode complex and date types\nfunction encodeForSensitive(\n\tname: CertificateAttributeNames | undefined,\n\tvalue: SensitiveAttributeType | Buffer | ArrayBuffer\n): Buffer {\n\tif (Buffer.isBuffer(value)) { return(value); }\n\tif (value instanceof ArrayBuffer) { return(arrayBufferToBuffer(value)); }\n\tif (typeof value === 'string') {\n\t\tconst asn1 = ASN1.JStoASN1({ type: 'string', kind: 'utf8', value });\n\t\treturn(arrayBufferToBuffer(asn1.toBER(false)));\n\t}\n\n\tif (value instanceof Date) {\n\t\tconst asn1 = ASN1.JStoASN1(value);\n\t\treturn(arrayBufferToBuffer(asn1.toBER(false)));\n\t}\n\n\tif (typeof value === 'object' && value !== null) {\n\t\tif (!name) { throw(new Error('attributeName required for complex types')); }\n\t\tconst encoded = encodeAttribute(name, value);\n\t\treturn(arrayBufferToBuffer(encoded));\n\t}\n\n\treturn(Buffer.from(String(value), 'utf-8'));\n}\n\nasync function decodeAttribute<NAME extends CertificateAttributeNames>(name: NAME, value: ArrayBuffer): Promise<CertificateAttributeValue<NAME>> {\n\tconst schema = resolveSchema(name, CertificateAttributeSchema[name]);\n\t// XXX:TODO Fix depth issue\n\t// @ts-ignore\n\tconst decodedUnknown: unknown = new ASN1.BufferStorageASN1(value, schema).getASN1();\n\tconst candidate = normalizeDecodedASN1(decodedUnknown);\n\treturn(asAttributeValue(name, candidate));\n}\n\nclass SensitiveAttributeBuilder {\n\treadonly #account: KeetaNetAccount;\n\t#value: Buffer | undefined;\n\n\tconstructor(account: KeetaNetAccount) {\n\t\tthis.#account = account;\n\t}\n\n\tset(value: Buffer | ArrayBufferLike): this {\n\t\tthis.#value = Buffer.isBuffer(value) ? value : arrayBufferLikeToBuffer(value);\n\t\treturn(this);\n\t}\n\n\tasync build() {\n\t\tif (this.#value === undefined) {\n\t\t\tthrow(new Error('Value not set'));\n\t\t}\n\n\t\tconst salt = crypto.randomBytes(32);\n\n\t\tconst hashingAlgorithm = KeetaNetClient.lib.Utils.Hash.HashFunctionName;\n\t\tconst publicKey = Buffer.from(this.#account.publicKey.get());\n\n\t\tconst cipher = 'aes-256-gcm';\n\t\tconst key = crypto.randomBytes(32);\n\t\tconst nonce = crypto.randomBytes(12);\n\t\tconst encryptedKey = await this.#account.encrypt(bufferToArrayBuffer(key));\n\n\t\tfunction encrypt(value: Buffer) {\n\t\t\tconst cipherObject = crypto.createCipheriv(cipher, key, nonce);\n\t\t\tlet retval = cipherObject.update(value);\n\t\t\tretval = Buffer.concat([retval, cipherObject.final()]);\n\n\t\t\t/*\n\t\t\t * For AES-GCM, the last 16 bytes are the authentication tag\n\t\t\t */\n\t\t\tif (cipher === 'aes-256-gcm') {\n\t\t\t\tconst getAuthTagFn = Reflect.get(cipherObject, 'getAuthTag');\n\t\t\t\tif (typeof getAuthTagFn === 'function') {\n\t\t\t\t\tconst tag: unknown = getAuthTagFn.call(cipherObject);\n\t\t\t\t\tif (!Buffer.isBuffer(tag)) { throw(new Error('getAuthTag did not return a Buffer')); }\n\t\t\t\t\tretval = Buffer.concat([retval, tag]);\n\t\t\t\t} else {\n\t\t\t\t\tthrow(new Error('getAuthTag is not available on cipherObject'));\n\t\t\t\t}\n\t\t\t}\n\t\t\treturn(retval);\n\t\t}\n\n\t\tconst encryptedValue = encrypt(this.#value);\n\t\tconst encryptedSalt = encrypt(arrayBufferLikeToBuffer(salt));\n\n\t\tconst saltedValue = Buffer.concat([salt, publicKey, encryptedValue, this.#value]);\n\t\tconst hashedAndSaltedValue = KeetaNetClient.lib.Utils.Hash.Hash(saltedValue);\n\n\t\tconst attributeStructure: SensitiveAttributeSchema = [\n\t\t\t/* Version */\n\t\t\t0n,\n\t\t\t/* Cipher Details */\n\t\t\t[\n\t\t\t\t/* Algorithm */\n\t\t\t\t{ type: 'oid', oid: getOID(cipher, sensitiveAttributeOIDDB) },\n\t\t\t\t/* IV or Nonce */\n\t\t\t\tnonce,\n\t\t\t\t/* Symmetric key, encrypted with the public key of the account */\n\t\t\t\tBuffer.from(encryptedKey)\n\t\t\t],\n\t\t\t/* Hashed Value */\n\t\t\t[\n\t\t\t\t/* Encrypted Salt */\n\t\t\t\tBuffer.from(encryptedSalt),\n\t\t\t\t/* Hashing Algorithm */\n\t\t\t\t{ type: 'oid', oid: getOID(hashingAlgorithm, sensitiveAttributeOIDDB) },\n\t\t\t\t/* Hash of <Encrypted Salt> || <Public Key> || <Value> */\n\t\t\t\tBuffer.from(hashedAndSaltedValue)\n\t\t\t],\n\t\t\t/* Encrypted Value, encrypted with the Cipher above */\n\t\t\tencryptedValue\n\t\t];\n\n\t\tconst encodedAttributeObject = ASN1.JStoASN1(attributeStructure);\n\n\t\t// Produce canonical DER as ArrayBuffer\n\t\tconst retval = encodedAttributeObject.toBER(false);\n\t\treturn(retval);\n\t}\n}\n\nclass SensitiveAttribute<T = ArrayBuffer> {\n\treadonly #account: KeetaNetAccount;\n\treadonly #info: ReturnType<SensitiveAttribute<T>['decode']>;\n\treadonly #decoder?: (data: Buffer | ArrayBuffer) => T;\n\n\tconstructor(account: KeetaNetAccount, data: Buffer | ArrayBuffer, decoder?: (data: Buffer | ArrayBuffer) => T) {\n\t\tthis.#account = account;\n\t\tthis.#info = this.decode(data);\n\t\tif (decoder) {\n\t\t\tthis.#decoder = decoder;\n\t\t}\n\t}\n\n\tprivate decode(data: Buffer | ArrayBuffer) {\n\t\tif (Buffer.isBuffer(data)) {\n\t\t\tdata = bufferToArrayBuffer(data);\n\t\t}\n\n\t\tlet decodedAttribute;\n\t\ttry {\n\t\t\tconst dataObject = new ASN1.BufferStorageASN1(data, SensitiveAttributeSchemaInternal);\n\t\t\tdecodedAttribute = dataObject.getASN1();\n\t\t} catch {\n\t\t\tconst js = ASN1toJS(data);\n\t\t\tthrow(new Error(`SensitiveAttribute.decode: unexpected DER shape ${JSON.stringify(DPO(js))}`));\n\t\t}\n\n\t\tconst decodedVersion = decodedAttribute[0] + 1n;\n\t\tif (decodedVersion !== 1n) {\n\t\t\tthrow(new Error(`Unsupported Sensitive Attribute version (${decodedVersion})`));\n\t\t}\n\n\t\treturn({\n\t\t\tversion: decodedVersion,\n\t\t\tpublicKey: this.#account.publicKeyString.get(),\n\t\t\tcipher: {\n\t\t\t\talgorithm: lookupByOID(decodedAttribute[1][0].oid, sensitiveAttributeOIDDB),\n\t\t\t\tiv: decodedAttribute[1][1],\n\t\t\t\tkey: decodedAttribute[1][2]\n\t\t\t},\n\t\t\thashedValue: {\n\t\t\t\tencryptedSalt: decodedAttribute[2][0],\n\t\t\t\talgorithm: lookupByOID(decodedAttribute[2][1].oid, sensitiveAttributeOIDDB),\n\t\t\t\tvalue: decodedAttribute[2][2]\n\t\t\t},\n\t\t\tencryptedValue: decodedAttribute[3]\n\t\t});\n\t}\n\n\tasync #decryptValue(value: Buffer) {\n\t\tconst decryptedKey = await this.#account.decrypt(bufferToArrayBuffer(this.#info.cipher.key));\n\t\tconst algorithm = this.#info.cipher.algorithm;\n\t\tconst iv = this.#info.cipher.iv;\n\n\t\tconst cipher = crypto.createDecipheriv(algorithm, Buffer.from(decryptedKey), iv);\n\n\t\t// For AES-GCM, the last 16 bytes are the authentication tag\n\t\tif (algorithm === 'aes-256-gcm') {\n\t\t\tconst authTag = value.subarray(value.length - 16);\n\t\t\tconst ciphertext = value.subarray(0, value.length - 16);\n\n\t\t\t// XXX:TODO Fix typescript unsafe calls\n\t\t\t// eslint-disable-next-line @typescript-eslint/no-unsafe-assignment\n\t\t\tconst setAuthTagFn = Reflect.get(cipher, 'setAuthTag');\n\t\t\tif (typeof setAuthTagFn === 'function') {\n\t\t\t\t// eslint-disable-next-line @typescript-eslint/no-unsafe-call, @typescript-eslint/no-unsafe-member-access\n\t\t\t\tsetAuthTagFn.call(cipher, authTag);\n\t\t\t} else {\n\t\t\t\tthrow(new Error('setAuthTag is not available on cipher'));\n\t\t\t}\n\n\t\t\tconst decrypted = cipher.update(ciphertext);\n\t\t\tcipher.final(); // Verify auth tag\n\t\t\treturn(decrypted);\n\t\t}\n\n\t\t// For other algorithms (like CBC), just decrypt normally\n\t\tconst decryptedValue = cipher.update(value);\n\t\tcipher.final();\n\t\treturn(decryptedValue);\n\t}\n\n\t/**\n\t * Get the value of the sensitive attribute\n\t *\n\t * This will decrypt the value using the account's private key\n\t * and return the value as an ArrayBuffer\n\t *\n\t * Since sensitive attributes are binary blobs, this returns an\n\t * ArrayBuffer\n\t */\n\tasync get(): Promise<ArrayBuffer> {\n\t\tconst decryptedValue = await this.#decryptValue(arrayBufferLikeToBuffer(this.#info.encryptedValue));\n\t\treturn(bufferToArrayBuffer(decryptedValue));\n\t}\n\n\tasync getValue(): Promise<T> {\n\t\tconst value = await this.get();\n\t\tif (!this.#decoder) {\n\t\t\t/**\n\t\t\t * TypeScript complains that T may not be the correct\n\t\t\t * type here, but gives us no tools to enforce that it\n\t\t\t * is -- it should always be ArrayBuffer if no decoder\n\t\t\t * is provided, but someone could always specify a\n\t\t\t * type parameter in that case and we cannot check\n\t\t\t * that at runtime since T is only a compile-time type.\n\t\t\t */\n\t\t\t// eslint-disable-next-line @typescript-eslint/consistent-type-assertions\n\t\t\treturn(value as unknown as T);\n\t\t}\n\t\treturn(this.#decoder(value));\n\t}\n\n\t/**\n\t * Generate a proof that a sensitive attribute is a given value,\n\t * which can be validated by a third party using the certificate\n\t * and the `validateProof` method\n\t */\n\tasync getProof(): Promise<{ value: string; hash: { salt: string }}> {\n\t\tconst value = await this.get();\n\t\tconst salt = await this.#decryptValue(arrayBufferLikeToBuffer(this.#info.hashedValue.encryptedSalt));\n\n\t\treturn({\n\t\t\tvalue: Buffer.from(value).toString('base64'),\n\t\t\thash: {\n\t\t\t\tsalt: salt.toString('base64')\n\t\t\t}\n\t\t});\n\t}\n\n\t/**\n\t * Validate the proof that a sensitive attribute is a given value\n\t */\n\tasync validateProof(proof: Awaited<ReturnType<this['getProof']>>): Promise<boolean> {\n\t\tconst plaintextValue = Buffer.from(proof.value, 'base64');\n\t\tconst proofSaltBuffer = Buffer.from(proof.hash.salt, 'base64');\n\n\t\tconst publicKeyBuffer = Buffer.from(this.#account.publicKey.get());\n\t\tconst encryptedValue = this.#info.encryptedValue;\n\n\t\tconst hashInput = Buffer.concat([proofSaltBuffer, publicKeyBuffer, encryptedValue, plaintextValue]);\n\t\tconst hashedAndSaltedValue = KeetaNetClient.lib.Utils.Hash.Hash(hashInput);\n\t\tconst hashedAndSaltedValueBuffer = Buffer.from(hashedAndSaltedValue);\n\n\t\treturn(this.#info.hashedValue.value.equals(hashedAndSaltedValueBuffer));\n\t}\n\n\ttoJSON(): unknown/* XXX:TODO */ {\n\t\treturn(toJSON(this.#info));\n\t}\n}\n\n/**\n * Type for certificate attribute names (derived from generated OID database)\n */\ntype CertificateAttributeNames = keyof typeof CertificateAttributeOIDDB;\n\ntype BaseCertificateBuilderParams = NonNullable<ConstructorParameters<typeof KeetaNetClient.lib.Utils.Certificate.CertificateBuilder>[0]>;\ntype CertificateBuilderParams = Required<Pick<BaseCertificateBuilderParams, 'issuer' | 'validFrom' | 'validTo' | 'serial' | 'hashLib' | 'issuerDN' | 'subjectDN' | 'isCA'> & {\n\t/**\n\t * The key of the subject -- used for Sensitive Attributes as well\n\t * as the certificate Subject\n\t */\n\tsubject: BaseCertificateBuilderParams['subjectPublicKey'];\n}>;\n\n/**\n * ASN.1 Schema for Certificate KYC Attributes Extension\n *\n * KYCAttributes DEFINITIONS ::= BEGIN\n * KYCAttributes ::= SEQUENCE OF Attribute\n * Attribute ::= SEQUENCE {\n * -- Name of the attribute\n * name OBJECT IDENTIFIER,\n * -- Value of this attribute\n * value CHOICE {\n * -- A plain value, not sensitive\n * plainValue [0] IMPLICIT OCTET STRING,\n * -- A sensitive value, encoded as a SensitiveAttribute in DER encoding\n * sensitiveValue [1] IMPLICIT OCTET STRING\n * }\n * }\n * END\n *\n * https://keeta.notion.site/Keeta-KYC-Certificate-Extensions-13e5da848e588042bdcef81fc40458b7\n *\n */\nconst CertificateKYCAttributeSchemaValidation = {\n\tsequenceOf: [ASN1.ValidateASN1.IsOID, {\n\t\tchoice: [\n\t\t\t{ type: 'context' as const, value: 0 as const, kind: 'implicit' as const, contains: ASN1.ValidateASN1.IsOctetString },\n\t\t\t{ type: 'context' as const, value: 1 as const, kind: 'implicit' as const, contains: ASN1.ValidateASN1.IsOctetString }\n\t\t]\n\t}]\n} satisfies ASN1.Schema;\n\n/** @internal */\ntype CertificateKYCAttributeSchema = ASN1.SchemaMap<typeof CertificateKYCAttributeSchemaValidation>;\n\n// Attribute input type sourced from generated definitions\ntype CertificateAttributeInput<NAME extends CertificateAttributeNames> = CertificateAttributeValue<NAME>;\n\nexport class CertificateBuilder extends KeetaNetClient.lib.Utils.Certificate.CertificateBuilder {\n\treadonly #attributes: {\n\t\t[name: string]: { sensitive: boolean; value: ArrayBuffer }\n\t} = {};\n\n\t/**\n\t * Map the parameters from the public interface to the internal\n\t * (Certificate library) interface\n\t */\n\tprivate static mapParams(params?: Partial<CertificateBuilderParams>): Partial<BaseCertificateBuilderParams> {\n\t\tconst paramsCopy = { ...params };\n\t\tlet subjectPublicKey;\n\t\tif (paramsCopy.subject) {\n\t\t\tsubjectPublicKey = paramsCopy.subject;\n\t\t\tdelete(paramsCopy.subject);\n\t\t}\n\t\tconst retval: Partial<BaseCertificateBuilderParams> = paramsCopy;\n\t\tif (subjectPublicKey) {\n\t\t\tretval.subjectPublicKey = subjectPublicKey;\n\t\t}\n\t\treturn(retval);\n\t}\n\n\tconstructor(params?: Partial<CertificateBuilderParams>) {\n\t\tsuper(CertificateBuilder.mapParams(params));\n\t}\n\n\t/**\n\t * Set a KYC Attribute to a given value.\n\t * The sensitive flag is required.\n\t *\n\t * If an attribute is marked sensitive, the value is encoded\n\t * into the certificate using a commitment scheme so that the\n\t * value can be proven later without revealing it.\n\t */\n\tsetAttribute<NAME extends CertificateAttributeNames>(name: NAME, sensitive: boolean, value: CertificateAttributeInput<NAME>): void {\n\t\t// Non-sensitive path: only primitive schema (string/date) allowed\n\t\tconst schemaValidator = CertificateAttributeSchema[name];\n\t\tlet encoded: ArrayBuffer;\n\t\tif (value instanceof ArrayBuffer) {\n\t\t\tencoded = value;\n\t\t} else if (name in CertificateAttributeSchema) {\n\t\t\t/* XXX: Why do we have two encoding methods ? */\n\t\t\tencoded = bufferToArrayBuffer(encodeForSensitive(name, value));\n\t\t} else if (schemaValidator === ASN1.ValidateASN1.IsDate) {\n\t\t\tif (!(value instanceof Date)) {\n\t\t\t\tthrow(new Error('Expected Date value'));\n\t\t\t}\n\n\t\t\tencoded = encodeAttribute(name, value);\n\t\t} else if (schemaValidator === ASN1.ValidateASN1.IsString && typeof value === 'string') {\n\t\t\tencoded = encodeAttribute(name, value);\n\t\t} else {\n\t\t\tthrow(new Error('Unsupported non-sensitive value type'));\n\t\t}\n\n\t\tthis.#attributes[name] = {\n\t\t\tsensitive: sensitive,\n\t\t\tvalue: encoded\n\t\t};\n\t}\n\n\tprotected async addExtensions(...args: Parameters<InstanceType<typeof KeetaNetClient.lib.Utils.Certificate.CertificateBuilder>['addExtensions']>): ReturnType<InstanceType<typeof KeetaNetClient.lib.Utils.Certificate.CertificateBuilder>['addExtensions']> {\n\t\tconst retval = await super.addExtensions(...args);\n\n\t\tconst subject = args[0].subjectPublicKey;\n\n\t\t/* Encode the attributes */\n\t\tconst certAttributes: CertificateKYCAttributeSchema = [];\n\t\tfor (const [name, attribute] of Object.entries(this.#attributes)) {\n\t\t\tif (!(name in CertificateAttributeOIDDB)) {\n\t\t\t\tthrow(new Error(`Unknown attribute: ${name}`));\n\t\t\t}\n\n\t\t\t/*\n\t\t\t * Since we are iteratively building the certificate, we\n\t\t\t * can assume that the attribute is always present in\n\t\t\t * the object\n\t\t\t */\n\t\t\tassertCertificateAttributeNames(name);\n\t\t\tconst nameOID = CertificateAttributeOIDDB[name];\n\n\t\t\tlet value: Buffer;\n\t\t\tif (attribute.sensitive) {\n\t\t\t\tconst builder = new SensitiveAttributeBuilder(subject);\n\t\t\t\tbuilder.set(attribute.value);\n\t\t\t\tvalue = arrayBufferToBuffer(await builder.build());\n\t\t\t} else {\n\t\t\t\tif (typeof attribute.value === 'string') {\n\t\t\t\t\tvalue = Buffer.from(attribute.value, 'utf-8');\n\t\t\t\t} else {\n\t\t\t\t\tvalue = arrayBufferToBuffer(attribute.value);\n\t\t\t\t}\n\t\t\t} certAttributes.push([{\n\t\t\t\ttype: 'oid',\n\t\t\t\toid: nameOID\n\t\t\t}, {\n\t\t\t\ttype: 'context',\n\t\t\t\tkind: 'implicit',\n\t\t\t\tvalue: attribute.sensitive ? 1 : 0,\n\t\t\t\tcontains: value\n\t\t\t}]);\n\t\t}\n\n\t\tif (certAttributes.length > 0) {\n\t\t\tretval.push(\n\t\t\t\tKeetaNetClient.lib.Utils.Certificate.CertificateBuilder.extension(oids.keeta.KYC_ATTRIBUTES, certAttributes)\n\t\t\t);\n\t\t}\n\n\t\treturn(retval);\n\t}\n\n\t/**\n\t * Create a Certificate object from the builder\n\t *\n\t * The parameters passed in are merged with the parameters passed in\n\t * when constructing the builder\n\t */\n\tasync build(params?: Partial<CertificateBuilderParams>): Promise<Certificate> {\n\t\tconst paramsCopy = CertificateBuilder.mapParams(params);\n\t\tconst certificate = await super.buildDER(paramsCopy);\n\t\t// eslint-disable-next-line @typescript-eslint/no-use-before-define\n\t\tconst certificateObject = new Certificate(certificate, {\n\t\t\t/**\n\t\t\t * Specify the moment as `null` to avoid validation\n\t\t\t * of the certificate's validity period. We don't\n\t\t\t * care if the certificate is expired or not for\n\t\t\t * the purposes of this builder.\n\t\t\t */\n\t\t\tmoment: null\n\t\t});\n\n\t\treturn(certificateObject);\n\t}\n}\n\nexport class Certificate extends KeetaNetClient.lib.Utils.Certificate.Certificate {\n\tprivate readonly subjectKey: KeetaNetAccount;\n\tstatic readonly Builder: typeof CertificateBuilder = CertificateBuilder;\n\tstatic readonly SharableAttributes: typeof SharableCertificateAttributes;\n\n\t/**\n * User KYC Attributes\n */\n\treadonly attributes: {\n\t\t[name in CertificateAttributeNames]?: {\n\t\t\tsensitive: true;\n\t\t\tvalue: SensitiveAttribute<CertificateAttributeValue<name>>;\n\t\t} | {\n\t\t\tsensitive: false;\n\t\t\tvalue: ArrayBuffer;\n\t\t}\n\t} = {};\n\n\tconstructor(input: ConstructorParameters<typeof KeetaNetClient.lib.Utils.Certificate.Certificate>[0], options?: ConstructorParameters<typeof KeetaNetClient.lib.Utils.Certificate.Certificate>[1] & { subjectKey?: KeetaNetAccount }) {\n\t\tsuper(input, options);\n\n\t\tthis.subjectKey = options?.subjectKey ?? this.subjectPublicKey;\n\n\t\tsuper.finalizeConstruction();\n\t}\n\n\tprotected finalizeConstruction(): void {\n\t\t/* Do nothing, we call the super method in the constructor */\n\t}\n\n\tprivate setPlainAttribute<NAME extends CertificateAttributeNames>(name: NAME, value: ArrayBuffer): void {\n\t\t// @ts-ignore\n\t\tthis.attributes[name] = { sensitive: false, value } satisfies typeof this.attributes[NAME];\n\t}\n\n\tprivate setSensitiveAttribute<NAME extends CertificateAttributeNames>(name: NAME, value: ArrayBuffer): void {\n\t\tconst decodeForSensitive = async (data: Buffer | ArrayBuffer): Promise<CertificateAttributeValue<NAME>> => {\n\t\t\tconst bufferInput = Buffer.isBuffer(data) ? bufferToArrayBuffer(data) : data;\n\t\t\treturn(await decodeAttribute(name, bufferInput));\n\t\t};\n\t\tthis.attributes[name] = {\n\t\t\tsensitive: true,\n\t\t\tvalue: new SensitiveAttribute(this.subjectKey, value, decodeForSensitive)\n\t\t} satisfies typeof this.attributes[NAME];\n\t}\n\n\t/**\n\t * Get the underlying value for an attribute.\n\t *\n\t * If the attribute is sensitive, this will decrypt it using the\n\t * subject's private key, otherwise it will return the value.\n\t */\n\tasync getAttributeValue<NAME extends CertificateAttributeNames>(attributeName: NAME): Promise<CertificateAttributeValue<NAME>> {\n\t\tconst attr = this.attributes[attributeName]?.value;\n\t\tif (!attr) {\n\t\t\tthrow(new Error(`Attribute ${attributeName} is not available`));\n\t\t}\n\n\t\tif (attr instanceof SensitiveAttribute) {\n\t\t\tconst raw = await attr.get();\n\t\t\treturn(await decodeAttribute(attributeName, raw));\n\t\t}\n\n\t\t// Non-sensitive: ArrayBuffer or Buffer\n\t\tif (attr instanceof ArrayBuffer || Buffer.isBuffer(attr)) {\n\t\t\treturn(await decodeAttribute(attributeName, attr));\n\t\t}\n\n\t\tthrow(new Error(`Attribute ${attributeName} is not a supported type`));\n\t}\n\n\tprotected processExtension(id: string, value: ArrayBuffer): boolean {\n\t\tif (super.processExtension(id, value)) {\n\t\t\treturn(true);\n\t\t}\n\n\t\tif (id === oids.keeta.KYC_ATTRIBUTES) {\n\t\t\tconst attributesRaw = new ASN1.BufferStorageASN1(value, CertificateKYCAttributeSchemaValidation).getASN1();\n\n\t\t\tfor (const attribute of attributesRaw) {\n\t\t\t\tconst nameString = lookupByOID(attribute[0].oid, CertificateAttributeOIDDB);\n\t\t\t\tconst name = asCertificateAttributeNames(nameString);\n\t\t\t\tconst valueKind = attribute[1].value;\n\t\t\t\tconst value = bufferToArrayBuffer(attribute[1].contains);\n\n\t\t\t\tswitch (valueKind) {\n\t\t\t\t\tcase 0:\n\t\t\t\t\t\t/* Plain Value */\n\t\t\t\t\t\tthis.setPlainAttribute(name, value);\n\t\t\t\t\t\tbreak;\n\t\t\t\t\tcase 1:\n\t\t\t\t\t\t/* Sensitive Value */\n\t\t\t\t\t\tthis.setSensitiveAttribute(name, value);\n\t\t\t\t\t\tbreak;\n\t\t\t\t\tdefault:\n\t\t\t\t\t\tassertNever(valueKind);\n\t\t\t\t}\n\t\t\t}\n\n\t\t\treturn(true);\n\t\t}\n\n\t\treturn(false);\n\t}\n}\n\n// eslint-disable-next-line @typescript-eslint/no-namespace\nexport namespace SharableCertificateAttributesTypes {\n\texport type ExportOptions = { format?: 'string' | 'arraybuffer' };\n\texport type ImportOptions = { principals?: Set<KeetaNetAccount> | KeetaNetAccount[] | KeetaNetAccount | null };\n\texport type ContentsSchema = {\n\t\tcertificate: string;\n\t\tattributes: {\n\t\t\t[name: string]: {\n\t\t\t\tsensitive: true;\n\t\t\t\tvalue: Awaited<ReturnType<SensitiveAttribute['getProof']>>;\n\t\t\t} | {\n\t\t\t\tsensitive: false;\n\t\t\t\tvalue: string;\n\t\t\t}\n\t\t};\n\t};\n};\ntype SharableCertificateAttributesExportOptions = SharableCertificateAttributesTypes.ExportOptions;\ntype SharableCertificateAttributesImportOptions = SharableCertificateAttributesTypes.ImportOptions;\ntype SharableCertificateAttributesContentsSchema = SharableCertificateAttributesTypes.ContentsSchema;\n\nexport class SharableCertificateAttributes {\n\t#certificate?: Certificate;\n\t#attributes: {\n\t\t[name: string]: {\n\t\t\tsensitive: boolean;\n\t\t\tvalue: ArrayBuffer;\n\t\t}\n\t} = {};\n\n\tprivate container: EncryptedContainer;\n\tprivate populatedFromInit = false;\n\n\tstatic assertCertificateAttributeName: typeof assertCertificateAttributeNames = assertCertificateAttributeNames;\n\n\tconstructor(input: ArrayBuffer | string, options?: SharableCertificateAttributesImportOptions) {\n\t\tlet containerBuffer: Buffer;\n\t\tif (typeof input === 'string') {\n\t\t\t/*\n\t\t\t * Attempt to decode as PEM, but also if not PEM, then return\n\t\t\t * the lines as-is (base64) after removing whitespace\n\t\t\t */\n\t\t\tconst inputLines = input.split(/\\r?\\n/);\n\t\t\tlet base64Lines: string[] | undefined;\n\t\t\tfor (let beginOffset = 0; beginOffset < inputLines.length; beginOffset++) {\n\t\t\t\tconst line = inputLines[beginOffset]?.trim();\n\t\t\t\tif (line?.startsWith('-----BEGIN ')) {\n\t\t\t\t\tlet endIndex = -1;\n\t\t\t\t\tconst matchingEndLine = line.replace('BEGIN', 'END');\n\t\t\t\t\tfor (let endOffset = beginOffset + 1; endOffset < inputLines.length; endOffset++) {\n\t\t\t\t\t\tconst checkEndLine = inputLines[endOffset]?.trim();\n\t\t\t\t\t\tif (checkEndLine === matchingEndLine) {\n\t\t\t\t\t\t\tendIndex = endOffset;\n\t\t\t\t\t\t\tbreak;\n\t\t\t\t\t\t}\n\t\t\t\t\t}\n\t\t\t\t\tif (endIndex === -1) {\n\t\t\t\t\t\tthrow(new Error('Invalid PEM format: missing END line'));\n\t\t\t\t\t}\n\n\t\t\t\t\tbase64Lines = inputLines.slice(beginOffset + 1, endIndex);\n\t\t\t\t\tbreak;\n\t\t\t\t}\n\t\t\t}\n\t\t\tif (base64Lines === undefined) {\n\t\t\t\tbase64Lines = inputLines;\n\t\t\t}\n\n\t\t\tbase64Lines = base64Lines.map(function(line) {\n\t\t\t\treturn(line.trim());\n\t\t\t}).filter(function(line) {\n\t\t\t\treturn(line.length > 0);\n\t\t\t});\n\n\t\t\tconst base64Content = base64Lines.join('');\n\t\t\tcontainerBuffer = Buffer.from(base64Content, 'base64');\n\t\t} else {\n\t\t\tcontainerBuffer = arrayBufferToBuffer(input);\n\t\t}\n\n\t\tlet principals = options?.principals;\n\t\tif (KeetaNetAccount.isInstance(principals)) {\n\t\t\tprincipals = [principals];\n\t\t} else if (principals instanceof Set) {\n\t\t\tprincipals = Array.from(principals);\n\t\t} else if (principals === undefined) {\n\t\t\tprincipals = null;\n\t\t}\n\n\t\tthis.container = EncryptedContainer.fromEncodedBuffer(containerBuffer, principals);\n\t}\n\n\t/**\n\t * Create a SharableCertificateAttributes from a Certificate\n\t * and a list of attribute names to include -- if no list is\n\t * provided, all attributes are included.\n\t */\n\tstatic async fromCertificate(certificate: Certificate, attributeNames?: CertificateAttributeNames[]): Promise<SharableCertificateAttributes> {\n\t\tif (attributeNames === undefined) {\n\t\t\t/*\n\t\t\t * We know the keys are whatever the Certificate says they are, so\n\t\t\t * we can cast here safely\n\t\t\t */\n\t\t\t// eslint-disable-next-line @typescript-eslint/consistent-type-assertions\n\t\t\tattributeNames = Object.keys(certificate.attributes) as (keyof typeof certificate.attributes)[];\n\t\t}\n\n\t\tconst attributes: SharableCertificateAttributesContentsSchema['attributes'] = {};\n\t\tfor (const name of attributeNames) {\n\t\t\tconst attr = certificate.attributes[name];\n\t\t\t/**\n\t\t\t * Skip missing attributes\n\t\t\t */\n\t\t\tif (!attr) {\n\t\t\t\tcontinue;\n\t\t\t}\n\n\t\t\tif (attr.sensitive) {\n\t\t\t\tattributes[name] = {\n\t\t\t\t\tsensitive: true,\n\t\t\t\t\tvalue: await attr.value.getProof()\n\t\t\t\t};\n\t\t\t} else {\n\t\t\t\tattributes[name] = {\n\t\t\t\t\tsensitive: false,\n\t\t\t\t\tvalue: arrayBufferToBuffer(attr.value).toString('base64')\n\t\t\t\t};\n\t\t\t}\n\t\t}\n\n\t\tconst contentsString = JSON.stringify({\n\t\t\tcertificate: certificate.toPEM(),\n\t\t\tattributes: attributes\n\t\t} satisfies SharableCertificateAttributesContentsSchema);\n\n\t\tconst temporaryUser = KeetaNetAccount.fromSeed(KeetaNetAccount.generateRandomSeed(), 0);\n\t\tconst contentsBuffer = Buffer.from(contentsString, 'utf-8');\n\t\tconst contentsBufferCompressed = await KeetaNetClient.lib.Utils.Buffer.ZlibDeflateAsync(bufferToArrayBuffer(contentsBuffer));\n\t\tconst container = EncryptedContainer.fromPlaintext(arrayBufferToBuffer(contentsBufferCompressed), [temporaryUser], true);\n\t\tconst containerBuffer = await container.getEncodedBuffer();\n\t\tconst retval = new SharableCertificateAttributes(bufferToArrayBuffer(containerBuffer), { principals: temporaryUser });\n\t\tawait retval.revokeAccess(temporaryUser);\n\t\treturn(retval);\n\t}\n\n\tasync grantAccess(principal: KeetaNetAccount): Promise<this> {\n\t\tawait this.container.grantAccess(principal);\n\t\treturn(this);\n\t}\n\n\tasync revokeAccess(principal: KeetaNetAccount): Promise<this> {\n\t\tawait this.container.revokeAccess(principal);\n\t\treturn(this);\n\t}\n\n\tget principals(): KeetaNetAccount[] {\n\t\treturn(this.container.principals);\n\t}\n\n\tasync #populate(): Promise<void> {\n\t\tif (this.populatedFromInit) {\n\t\t\treturn;\n\t\t}\n\t\tthis.populatedFromInit = true;\n\n\t\tconst contentsBuffer = await this.container.getPlaintext();\n\t\tconst contentsBufferDecompressed = await KeetaNetClient.lib.Utils.Buffer.ZlibInflateAsync(bufferToArrayBuffer(contentsBuffer));\n\t\tconst contentsString = Buffer.from(contentsBufferDecompressed).toString('utf-8');\n\t\tconst contentsJSON: unknown = JSON.parse(contentsString);\n\t\tconst contents = assertSharableCertificateAttributesContentsSchema(contentsJSON);\n\n\t\tthis.#certificate = new Certificate(contents.certificate);\n\t\tconst attributePromises = Object.entries(contents.attributes).map(async ([name, attr]): Promise<[string, { sensitive: boolean; value: ArrayBuffer; }]> => {\n\t\t\t/*\n\t\t\t * Get the corresponding attribute from the certificate\n\t\t\t *\n\t\t\t * We actually do not care if `name` is a known attribute\n\t\t\t * because we are not decoding it here, we are just\n\t\t\t * verifying it matches the certificate\n\t\t\t */\n\t\t\t// eslint-disable-next-line @typescript-eslint/consistent-type-assertions\n\t\t\tconst certAttribute = this.#certificate?.attributes[name as CertificateAttributeNames];\n\n\t\t\tif (!certAttribute) {\n\t\t\t\tthrow(new Error(`Attribute ${name} not found in certificate`));\n\t\t\t}\n\n\t\t\tif (certAttribute.sensitive !== attr.sensitive) {\n\t\t\t\tthrow(new Error(`Attribute ${name} sensitivity mismatch with certificate`));\n\t\t\t}\n\n\t\t\tif (!attr.sensitive) {\n\t\t\t\tif (certAttribute.sensitive) {\n\t\t\t\t\tthrow(new Error(`Attribute ${name} sensitivity mismatch with certificate`));\n\t\t\t\t}\n\n\t\t\t\tconst certValue = certAttribute.value;\n\t\t\t\tconst sharedValue = bufferToArrayBuffer(Buffer.from(attr.value, 'base64'));\n\t\t\t\tif (sharedValue.byteLength !== certValue.byteLength || !Buffer.from(sharedValue).equals(Buffer.from(certValue))) {\n\t\t\t\t\tthrow(new Error(`Attribute ${name} value mismatch with certificate`));\n\t\t\t\t}\n\n\t\t\t\treturn([name, {\n\t\t\t\t\tsensitive: false,\n\t\t\t\t\tvalue: sharedValue\n\t\t\t\t}]);\n\t\t\t}\n\n\t\t\tif (!certAttribute.sensitive) {\n\t\t\t\tthrow(new Error(`Attribute ${name} sensitivity mismatch with certificate`));\n\t\t\t}\n\n\t\t\tif (!(await certAttribute.value.validateProof(attr.value))) {\n\t\t\t\tthrow(new Error(`Attribute ${name} proof validation failed`));\n\t\t\t}\n\n\t\t\tconst attrValue = bufferToArrayBuffer(Buffer.from(attr.value.value, 'base64'));\n\n\t\t\treturn([name, {\n\t\t\t\tsensitive: true,\n\t\t\t\tvalue: attrValue\n\t\t\t}]);\n\t\t});\n\t\tconst resolvedAttributes = await Promise.all(attributePromises);\n\t\tthis.#attributes = Object.fromEntries(resolvedAttributes);\n\t}\n\n\tasync getCertificate(): Promise<Certificate> {\n\t\tawait this.#populate();\n\t\tif (!this.#certificate) {\n\t\t\tthrow(new Error('internal error: certificate not populated'));\n\t\t}\n\t\treturn(this.#certificate);\n\t}\n\n\tasync getAttributeBuffer(name: string): Promise<ArrayBuffer | undefined> {\n\t\tawait this.#populate();\n\t\tconst attr = this.#attributes[name];\n\t\treturn(attr?.value);\n\t}\n\n\tasync getAttribute<NAME extends CertificateAttributeNames>(name: NAME): Promise<CertificateAttributeValue<NAME> | undefined> {\n\t\tconst buffer = await this.getAttributeBuffer(name);\n\t\tif (buffer === undefined) {\n\t\t\treturn(undefined);\n\t\t}\n\n\t\tconst retval = await decodeAttribute(name, buffer);\n\n\t\t/* XXX:TODO: Here is where we would look at a reference value\n\t\t * (e.g., URL+hash) and fetch it, and verify it the hash matches\n\t\t * the fetched value\n\t\t *\n\t\t * The schema for references is not yet defined, so this is\n\t\t * left as a TODO for now.\n\t\t *\n\t\t * The return type would also need to be updated to reflect\n\t\t * that we would map referenced types to something like\n\t\t * { data: ArrayBuffer, contentType: string, source: <url>,\n\t\t * hash: <hash> } (where source and hash should be named\n\t\t * after whatever the actual schema is)\n\t\t */\n\n\t\treturn(retval);\n\t}\n\n\tasync getAttributeNames(includeUnknown: true): Promise<string[]>;\n\tasync getAttributeNames(includeUnknown?: false): Promise<CertificateAttributeNames[]>;\n\tasync getAttributeNames(includeUnknown?: boolean): Promise<string[]> {\n\t\tawait this.#populate();\n\t\tconst names = Object.keys(this.#attributes);\n\n\t\tif (includeUnknown) {\n\t\t\treturn(names);\n\t\t}\n\n\t\tconst knownNames = names.filter(function(name): name is CertificateAttributeNames {\n\t\t\treturn(name in CertificateAttributeOIDDB);\n\t\t});\n\n\t\treturn(knownNames);\n\t}\n\n\texport(options?: Omit<SharableCertificateAttributesExportOptions, 'format'> & { format?: never; }): Promise<ArrayBuffer>;\n\texport(options: (Omit<SharableCertificateAttributesExportOptions, 'format'> & { format: 'arraybuffer' })): Promise<ArrayBuffer>;\n\texport(options: Omit<SharableCertificateAttributesExportOptions, 'format'> & { format: 'string' }): Promise<string>;\n\texport(options?: SharableCertificateAttributesExportOptions): Promise<ArrayBuffer | string>;\n\tasync export(options?: SharableCertificateAttributesExportOptions): Promise<ArrayBuffer | string> {\n\t\toptions = {\n\t\t\tformat: 'arraybuffer',\n\t\t\t...options\n\t\t};\n\n\t\tlet principals: KeetaNetAccount[];\n\t\ttry {\n\t\t\tprincipals = this.container.principals;\n\t\t} catch {\n\t\t\tprincipals = [];\n\t\t}\n\t\tif (principals.length === 0) {\n\t\t\tthrow(new Error('This container has no authorized users (principals); cannot export'));\n\t\t}\n\n\t\tconst retvalBuffer = await this.container.getEncodedBuffer();\n\t\tif (options.format === 'string') {\n\t\t\tconst retvalBase64 = retvalBuffer.toString('base64');\n\t\t\tconst retvalLines = ['-----BEGIN KYC CERTIFICATE PROOF-----'];\n\t\t\tretvalLines.push(...retvalBase64.match(/.{1,64}/g) ?? []);\n\t\t\tretvalLines.push('-----END KYC CERTIFICATE PROOF-----');\n\t\t\treturn(retvalLines.join('\\n'));\n\t\t} else if (options.format === 'arraybuffer') {\n\t\t\treturn(bufferToArrayBuffer(retvalBuffer));\n\t\t} else {\n\t\t\tthrow(new Error(`Unsupported export format: ${String(options.format)}`));\n\t\t}\n\t}\n}\n\n// @ts-ignore\nCertificate.SharableAttributes = SharableCertificateAttributes;\n\n/** @internal */\nexport const _Testing = {\n\tSensitiveAttributeBuilder,\n\tSensitiveAttribute\n};\n"]}
|
package/lib/http-server.js
CHANGED
|
@@ -49,7 +49,7 @@ export class KeetaNetAnchorHTTPServer {
|
|
|
49
49
|
constructor(config) {
|
|
50
50
|
this.#config = { ...config };
|
|
51
51
|
this.port = config.port ?? 0;
|
|
52
|
-
this.logger = config.logger ??
|
|
52
|
+
this.logger = config.logger ?? Log.Legacy('ANCHOR');
|
|
53
53
|
}
|
|
54
54
|
static routeMatch(requestURL, routeURL) {
|
|
55
55
|
const requestURLPaths = requestURL.pathname.split('/');
|