@keetanetwork/anchor 0.0.47 → 0.0.48
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/lib/certificates.d.ts +6 -4
- package/lib/certificates.d.ts.map +1 -1
- package/lib/certificates.js +13 -6
- package/lib/certificates.js.map +1 -1
- package/lib/utils/pii.js +1 -1
- package/lib/utils/pii.js.map +1 -1
- package/npm-shrinkwrap.json +2 -2
- package/package.json +1 -1
- package/services/asset-movement/common.d.ts +1 -1
- package/services/asset-movement/common.d.ts.map +1 -1
- package/services/asset-movement/common.js +2898 -1479
- package/services/asset-movement/common.js.map +1 -1
- package/services/asset-movement/lib/data/addresses/bank-account/iban-swift.d.ts.map +1 -1
- package/services/asset-movement/lib/data/addresses/bank-account/iban-swift.js +22 -1
- package/services/asset-movement/lib/data/addresses/bank-account/iban-swift.js.map +1 -1
- package/services/asset-movement/lib/data/addresses/bank-account/interac.d.ts +1 -1
- package/services/asset-movement/lib/data/addresses/bank-account/interac.d.ts.map +1 -1
- package/services/asset-movement/lib/data/addresses/bank-account/interac.js +12 -2
- package/services/asset-movement/lib/data/addresses/bank-account/interac.js.map +1 -1
- package/services/asset-movement/lib/data/addresses/bank-account/pix.d.ts +1 -1
- package/services/asset-movement/lib/data/addresses/bank-account/pix.d.ts.map +1 -1
- package/services/asset-movement/lib/data/addresses/bank-account/pix.js +11 -1
- package/services/asset-movement/lib/data/addresses/bank-account/pix.js.map +1 -1
- package/services/asset-movement/lib/data/addresses/types.generated.d.ts +77 -2
- package/services/asset-movement/lib/data/addresses/types.generated.d.ts.map +1 -1
- package/services/asset-movement/lib/data/addresses/types.generated.js +65 -2
- package/services/asset-movement/lib/data/addresses/types.generated.js.map +1 -1
- package/services/storage/clients/contacts.generated.js +253 -123
- package/services/storage/clients/contacts.generated.js.map +1 -1
package/lib/certificates.d.ts
CHANGED
|
@@ -38,12 +38,14 @@ export declare class CertificateBuilder extends BaseCertificateBuilder {
|
|
|
38
38
|
private static mapParams;
|
|
39
39
|
constructor(params?: Partial<CertificateBuilderParams>);
|
|
40
40
|
/**
|
|
41
|
-
* Set a
|
|
41
|
+
* Set a KYC Attribute to a given value.
|
|
42
|
+
* The sensitive flag is required.
|
|
42
43
|
*
|
|
43
|
-
*
|
|
44
|
-
*
|
|
44
|
+
* If an attribute is marked sensitive, the value is encoded
|
|
45
|
+
* into the certificate using a commitment scheme so that the
|
|
46
|
+
* value can be proven later without revealing it.
|
|
45
47
|
*/
|
|
46
|
-
setAttribute<NAME extends CertificateAttributeNames>(name: NAME, value: CertificateAttributeInput<NAME>): void;
|
|
48
|
+
setAttribute<NAME extends CertificateAttributeNames>(name: NAME, sensitive: boolean, value: CertificateAttributeInput<NAME>): void;
|
|
47
49
|
/**
|
|
48
50
|
* Set a pre-built SensitiveAttribute for a given attribute name.
|
|
49
51
|
*
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"certificates.d.ts","sourceRoot":"","sources":["../../src/lib/certificates.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,cAAc,MAAM,+BAA+B,CAAC;AAGhE,OAAO,EAAuB,MAAM,EAAuB,MAAM,mBAAmB,CAAC;AAErF,OAAO,KAAK,EAAE,yBAAyB,EAAE,MAAM,uCAAuC,CAAC;AAMvF,OAAO,EAAE,kBAAkB,EAAuC,KAAK,yBAAyB,EAAE,MAAM,0BAA0B,CAAC;AACnI,OAAO,EAAE,kBAAkB,EAAE,MAAM,0BAA0B,CAAC;AAC9D,YAAY,EAAE,yBAAyB,EAAE,MAAM,0BAA0B,CAAC;AAE1E;;GAEG;AACH,QAAA,MAAM,eAAe,EAAE,OAAO,cAAc,CAAC,GAAG,CAAC,OAAoC,CAAC;AAGtF,KAAK,mBAAmB,GAAG,YAAY,CAAC,OAAO,cAAc,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,SAAS,CAAC,CAAC;AAEtF;;GAEG;AACH,KAAK,eAAe,GAAG,UAAU,CAAC,OAAO,cAAc,CAAC,GAAG,CAAC,OAAO,CAAC,QAAQ,CAAC,mBAAmB,CAAC,CAAC,CAAC;AAKnG,KAAK,oBAAoB,GAAG,OAAO,cAAc,CAAC,GAAG,CAAC,KAAK,CAAC,WAAW,CAAC,WAAW,CAAC;AACpF,KAAK,eAAe,GAAG,YAAY,CAAC,oBAAoB,CAAC,CAAC;AAC1D,QAAA,MAAM,eAAe,EAAE,oBAAuE,CAAC;AAC/F,KAAK,2BAA2B,GAAG,OAAO,cAAc,CAAC,GAAG,CAAC,KAAK,CAAC,WAAW,CAAC,kBAAkB,CAAC;AAClG,KAAK,sBAAsB,GAAG,YAAY,CAAC,2BAA2B,CAAC,CAAC;AACxE,QAAA,MAAM,sBAAsB,EAAE,2BAAqF,CAAC;AAkNpH,iBAAS,+BAA+B,CAAC,IAAI,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,IAAI,yBAAyB,CAIhG;AAiKD,KAAK,4BAA4B,GAAG,WAAW,CAAC,qBAAqB,CAAC,2BAA2B,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;AACvG,KAAK,wBAAwB,GAAG,QAAQ,CAAC,IAAI,CAAC,4BAA4B,EAAE,QAAQ,GAAG,WAAW,GAAG,SAAS,GAAG,QAAQ,GAAG,SAAS,GAAG,UAAU,GAAG,WAAW,GAAG,MAAM,CAAC,GAAG;IAC5K;;;OAGG;IACH,OAAO,EAAE,4BAA4B,CAAC,kBAAkB,CAAC,CAAC;CAC1D,CAAC,CAAC;AAoCH,KAAK,yBAAyB,CAAC,IAAI,SAAS,yBAAyB,IAAI,yBAAyB,CAAC,IAAI,CAAC,CAAC;AAEzG,qBAAa,kBAAmB,SAAQ,sBAAsB;;IAS7D;;;OAGG;IACH,OAAO,CAAC,MAAM,CAAC,SAAS;gBAcZ,MAAM,CAAC,EAAE,OAAO,CAAC,wBAAwB,CAAC;IAOtD
|
|
1
|
+
{"version":3,"file":"certificates.d.ts","sourceRoot":"","sources":["../../src/lib/certificates.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,cAAc,MAAM,+BAA+B,CAAC;AAGhE,OAAO,EAAuB,MAAM,EAAuB,MAAM,mBAAmB,CAAC;AAErF,OAAO,KAAK,EAAE,yBAAyB,EAAE,MAAM,uCAAuC,CAAC;AAMvF,OAAO,EAAE,kBAAkB,EAAuC,KAAK,yBAAyB,EAAE,MAAM,0BAA0B,CAAC;AACnI,OAAO,EAAE,kBAAkB,EAAE,MAAM,0BAA0B,CAAC;AAC9D,YAAY,EAAE,yBAAyB,EAAE,MAAM,0BAA0B,CAAC;AAE1E;;GAEG;AACH,QAAA,MAAM,eAAe,EAAE,OAAO,cAAc,CAAC,GAAG,CAAC,OAAoC,CAAC;AAGtF,KAAK,mBAAmB,GAAG,YAAY,CAAC,OAAO,cAAc,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,SAAS,CAAC,CAAC;AAEtF;;GAEG;AACH,KAAK,eAAe,GAAG,UAAU,CAAC,OAAO,cAAc,CAAC,GAAG,CAAC,OAAO,CAAC,QAAQ,CAAC,mBAAmB,CAAC,CAAC,CAAC;AAKnG,KAAK,oBAAoB,GAAG,OAAO,cAAc,CAAC,GAAG,CAAC,KAAK,CAAC,WAAW,CAAC,WAAW,CAAC;AACpF,KAAK,eAAe,GAAG,YAAY,CAAC,oBAAoB,CAAC,CAAC;AAC1D,QAAA,MAAM,eAAe,EAAE,oBAAuE,CAAC;AAC/F,KAAK,2BAA2B,GAAG,OAAO,cAAc,CAAC,GAAG,CAAC,KAAK,CAAC,WAAW,CAAC,kBAAkB,CAAC;AAClG,KAAK,sBAAsB,GAAG,YAAY,CAAC,2BAA2B,CAAC,CAAC;AACxE,QAAA,MAAM,sBAAsB,EAAE,2BAAqF,CAAC;AAkNpH,iBAAS,+BAA+B,CAAC,IAAI,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,IAAI,yBAAyB,CAIhG;AAiKD,KAAK,4BAA4B,GAAG,WAAW,CAAC,qBAAqB,CAAC,2BAA2B,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;AACvG,KAAK,wBAAwB,GAAG,QAAQ,CAAC,IAAI,CAAC,4BAA4B,EAAE,QAAQ,GAAG,WAAW,GAAG,SAAS,GAAG,QAAQ,GAAG,SAAS,GAAG,UAAU,GAAG,WAAW,GAAG,MAAM,CAAC,GAAG;IAC5K;;;OAGG;IACH,OAAO,EAAE,4BAA4B,CAAC,kBAAkB,CAAC,CAAC;CAC1D,CAAC,CAAC;AAoCH,KAAK,yBAAyB,CAAC,IAAI,SAAS,yBAAyB,IAAI,yBAAyB,CAAC,IAAI,CAAC,CAAC;AAEzG,qBAAa,kBAAmB,SAAQ,sBAAsB;;IAS7D;;;OAGG;IACH,OAAO,CAAC,MAAM,CAAC,SAAS;gBAcZ,MAAM,CAAC,EAAE,OAAO,CAAC,wBAAwB,CAAC;IAOtD;;;;;;;OAOG;IACH,YAAY,CAAC,IAAI,SAAS,yBAAyB,EAAE,IAAI,EAAE,IAAI,EAAE,SAAS,EAAE,OAAO,EAAE,KAAK,EAAE,yBAAyB,CAAC,IAAI,CAAC,GAAG,IAAI;IAyBlI;;;;;;OAMG;IACH,qBAAqB,CAAC,IAAI,SAAS,yBAAyB,EAC3D,IAAI,EAAE,IAAI,EACV,SAAS,EAAE,kBAAkB,CAAC,yBAAyB,CAAC,IAAI,CAAC,CAAC,GAC5D,IAAI;cAUS,aAAa,CAAC,GAAG,IAAI,EAAE,UAAU,CAAC,sBAAsB,CAAC,eAAe,CAAC,CAAC,GAAG,UAAU,CAAC,sBAAsB,CAAC,eAAe,CAAC,CAAC;IA4ChJ;;;;;OAKG;IACG,KAAK,CAAC,MAAM,CAAC,EAAE,OAAO,CAAC,wBAAwB,CAAC,GAAG,OAAO,CAAC,WAAW,CAAC;CAgB7E;AAED,qBAAa,WAAY,SAAQ,eAAe;IAC/C,OAAO,CAAC,QAAQ,CAAC,UAAU,CAAkB;IAC7C,MAAM,CAAC,QAAQ,CAAC,OAAO,EAAE,OAAO,kBAAkB,CAAsB;IACxE,MAAM,CAAC,QAAQ,CAAC,kBAAkB,EAAE,OAAO,6BAA6B,CAAC;IAEzE;;OAEM;IACN,QAAQ,CAAC,UAAU,EAAE;SACnB,IAAI,IAAI,yBAAyB,CAAC,CAAC,EAAE;YACrC,SAAS,EAAE,IAAI,CAAC;YAChB,KAAK,EAAE,kBAAkB,CAAC,yBAAyB,CAAC,IAAI,CAAC,CAAC,CAAC;SAC3D,GAAG;YACH,SAAS,EAAE,KAAK,CAAC;YACjB,KAAK,EAAE,WAAW,CAAC;SACnB;KACD,CAAM;gBAEK,KAAK,EAAE,qBAAqB,CAAC,oBAAoB,CAAC,CAAC,CAAC,CAAC,EAAE,OAAO,CAAC,EAAE,qBAAqB,CAAC,oBAAoB,CAAC,CAAC,CAAC,CAAC,GAAG;QAAE,UAAU,CAAC,EAAE,eAAe,CAAA;KAAE;IAQ9J,SAAS,CAAC,oBAAoB,IAAI,IAAI;IAItC,OAAO,CAAC,iBAAiB;IAKzB,OAAO,CAAC,qBAAqB;IAW7B;;;;;OAKG;IACG,iBAAiB,CAAC,IAAI,SAAS,yBAAyB,EAAE,aAAa,EAAE,IAAI,GAAG,OAAO,CAAC,yBAAyB,CAAC,IAAI,CAAC,CAAC;IAmB9H,SAAS,CAAC,gBAAgB,CAAC,EAAE,EAAE,MAAM,EAAE,KAAK,EAAE,WAAW,GAAG,OAAO;CAiCnE;AAGD,yBAAiB,kCAAkC,CAAC;IACnD,KAAY,aAAa,GAAG;QAC3B;;;;WAIG;QACH,MAAM,CAAC,EAAE,QAAQ,GAAG,aAAa,CAAC;KAClC,CAAC;IACF,KAAY,aAAa,GAAG;QAC3B;;;WAGG;QACH,UAAU,CAAC,EAAE,GAAG,CAAC,eAAe,CAAC,GAAG,eAAe,EAAE,GAAG,eAAe,GAAG,IAAI,CAAC;KAC/E,CAAC;IACF,KAAY,cAAc,GAAG;QAC5B,WAAW,EAAE,MAAM,CAAC;QACpB,aAAa,CAAC,EAAE,MAAM,EAAE,GAAG,SAAS,CAAC;QACrC,UAAU,EAAE;YACX,CAAC,IAAI,EAAE,MAAM,GAAG;gBACf,SAAS,EAAE,IAAI,CAAC;gBAChB,KAAK,EAAE,OAAO,CAAC,UAAU,CAAC,kBAAkB,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC;gBAC3D,UAAU,CAAC,EAAE;oBAAE,CAAC,EAAE,EAAE,MAAM,GAAG,MAAM,CAAA;iBAAE,CAAC;aACtC,GAAG;gBACH,SAAS,EAAE,KAAK,CAAC;gBACjB,KAAK,EAAE,MAAM,CAAC;gBACd,UAAU,CAAC,EAAE;oBAAE,CAAC,EAAE,EAAE,MAAM,GAAG,MAAM,CAAA;iBAAE,CAAC;aACtC,CAAA;SACD,CAAC;KACF,CAAC;CACF;AACD,KAAK,0CAA0C,GAAG,kCAAkC,CAAC,aAAa,CAAC;AACnG,KAAK,0CAA0C,GAAG,kCAAkC,CAAC,aAAa,CAAC;AAGnG,qBAAa,6BAA6B;;IAWzC,OAAO,CAAC,SAAS,CAAqB;IACtC,OAAO,CAAC,iBAAiB,CAAS;IAElC,MAAM,CAAC,8BAA8B,EAAE,OAAO,+BAA+B,CAAmC;gBAEpG,KAAK,EAAE,WAAW,GAAG,MAAM,GAAG,MAAM,EAAE,OAAO,CAAC,EAAE,0CAA0C;IA2DtG;;;;OAIG;WACU,eAAe,CAAC,WAAW,EAAE,WAAW,EAAE,aAAa,CAAC,EAAE,GAAG,CAAC,eAAe,CAAC,EAAE,cAAc,CAAC,EAAE,yBAAyB,EAAE,GAAG,OAAO,CAAC,6BAA6B,CAAC;IAClL,iEAAiE;WACpD,eAAe,CAAC,WAAW,EAAE,WAAW,EAAE,cAAc,CAAC,EAAE,yBAAyB,EAAE,GAAG,OAAO,CAAC,6BAA6B,CAAC;IAoJtI,WAAW,CAAC,SAAS,EAAE,eAAe,GAAG,OAAO,CAAC,IAAI,CAAC;IAKtD,YAAY,CAAC,SAAS,EAAE,eAAe,GAAG,OAAO,CAAC,IAAI,CAAC;IAK7D,IAAI,UAAU,IAAI,eAAe,EAAE,CAElC;IA0FK,cAAc,IAAI,OAAO,CAAC,WAAW,CAAC;IAQ5C;;;;;;OAMG;IACG,gBAAgB,IAAI,OAAO,CAAC,GAAG,CAAC,eAAe,CAAC,CAAC;IAQjD,kBAAkB,CAAC,IAAI,EAAE,MAAM,GAAG,OAAO,CAAC,WAAW,GAAG,SAAS,CAAC;IAMlE,YAAY,CAAC,IAAI,SAAS,yBAAyB,EAAE,IAAI,EAAE,IAAI,GAAG,OAAO,CAAC,yBAAyB,CAAC,IAAI,CAAC,GAAG,SAAS,CAAC;IAiEtH,iBAAiB,CAAC,cAAc,EAAE,IAAI,GAAG,OAAO,CAAC,MAAM,EAAE,CAAC;IAC1D,iBAAiB,CAAC,cAAc,CAAC,EAAE,KAAK,GAAG,OAAO,CAAC,yBAAyB,EAAE,CAAC;IAgBrF,MAAM,CAAC,OAAO,CAAC,EAAE,IAAI,CAAC,0CAA0C,EAAE,QAAQ,CAAC,GAAG;QAAE,MAAM,CAAC,EAAE,KAAK,CAAC;KAAE,GAAG,OAAO,CAAC,WAAW,CAAC;IACxH,MAAM,CAAC,OAAO,EAAE,CAAC,IAAI,CAAC,0CAA0C,EAAE,QAAQ,CAAC,GAAG;QAAE,MAAM,EAAE,aAAa,CAAA;KAAE,CAAC,GAAG,OAAO,CAAC,WAAW,CAAC;IAC/H,MAAM,CAAC,OAAO,EAAE,IAAI,CAAC,0CAA0C,EAAE,QAAQ,CAAC,GAAG;QAAE,MAAM,EAAE,QAAQ,CAAA;KAAE,GAAG,OAAO,CAAC,MAAM,CAAC;IACnH,MAAM,CAAC,OAAO,CAAC,EAAE,0CAA0C,GAAG,OAAO,CAAC,WAAW,GAAG,MAAM,CAAC;CA8B3F"}
|
package/lib/certificates.js
CHANGED
|
@@ -392,12 +392,14 @@ export class CertificateBuilder extends BaseCertificateBuilder {
|
|
|
392
392
|
}
|
|
393
393
|
}
|
|
394
394
|
/**
|
|
395
|
-
* Set a
|
|
395
|
+
* Set a KYC Attribute to a given value.
|
|
396
|
+
* The sensitive flag is required.
|
|
396
397
|
*
|
|
397
|
-
*
|
|
398
|
-
*
|
|
398
|
+
* If an attribute is marked sensitive, the value is encoded
|
|
399
|
+
* into the certificate using a commitment scheme so that the
|
|
400
|
+
* value can be proven later without revealing it.
|
|
399
401
|
*/
|
|
400
|
-
setAttribute(name, value) {
|
|
402
|
+
setAttribute(name, sensitive, value) {
|
|
401
403
|
const schemaValidator = CertificateAttributeSchema[name];
|
|
402
404
|
let encoded;
|
|
403
405
|
if (value instanceof ArrayBuffer) {
|
|
@@ -419,7 +421,7 @@ export class CertificateBuilder extends BaseCertificateBuilder {
|
|
|
419
421
|
throw (new Error('Unsupported attribute value type'));
|
|
420
422
|
}
|
|
421
423
|
this.#attributes[name] = {
|
|
422
|
-
sensitive:
|
|
424
|
+
sensitive: sensitive,
|
|
423
425
|
value: encoded
|
|
424
426
|
};
|
|
425
427
|
}
|
|
@@ -450,9 +452,14 @@ export class CertificateBuilder extends BaseCertificateBuilder {
|
|
|
450
452
|
assertCertificateAttributeNames(name);
|
|
451
453
|
const nameOID = CertificateAttributeOIDDB[name];
|
|
452
454
|
let value;
|
|
453
|
-
if (attribute
|
|
455
|
+
if ('attribute' in attribute) {
|
|
454
456
|
value = arrayBufferToBuffer(attribute.attribute.toDER());
|
|
455
457
|
}
|
|
458
|
+
else if (attribute.sensitive) {
|
|
459
|
+
const subject = args[0].subjectPublicKey;
|
|
460
|
+
const sensitiveAttr = await SensitiveAttribute.create(subject, name, attribute.value);
|
|
461
|
+
value = arrayBufferToBuffer(sensitiveAttr.toDER());
|
|
462
|
+
}
|
|
456
463
|
else {
|
|
457
464
|
value = arrayBufferToBuffer(attribute.value);
|
|
458
465
|
}
|
package/lib/certificates.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"certificates.js","sourceRoot":"","sources":["../../src/lib/certificates.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,cAAc,MAAM,+BAA+B,CAAC;AAChE,OAAO,KAAK,IAAI,MAAM,mCAAmC,CAAC;AAC1D,OAAO,KAAK,IAAI,MAAM,iBAAiB,CAAC;AACxC,OAAO,EAAE,mBAAmB,EAAE,MAAM,EAAE,mBAAmB,EAAE,MAAM,mBAAmB,CAAC;AACrF,OAAO,EAAE,WAAW,EAAE,MAAM,kBAAkB,CAAC;AAE/C,OAAO,EAAE,yBAAyB,EAAE,0BAA0B,EAAE,MAAM,uCAAuC,CAAC;AAC9G,OAAO,EAAE,WAAW,EAAE,MAAM,gBAAgB,CAAC;AAC7C,OAAO,EAAE,kBAAkB,EAAE,MAAM,0BAA0B,CAAC;AAC9D,OAAO,EAAE,iDAAiD,EAAE,MAAM,6BAA6B,CAAC;AAChG,OAAO,EAAE,gBAAgB,EAAE,MAAM,qBAAqB,CAAC;AACvD,OAAO,EAAE,kBAAkB,EAAE,kBAAkB,EAAE,eAAe,EAAkC,MAAM,0BAA0B,CAAC;AACnI,OAAO,EAAE,kBAAkB,EAAE,MAAM,0BAA0B,CAAC;AAG9D;;GAEG;AACH,MAAM,eAAe,GAAsC,cAAc,CAAC,GAAG,CAAC,OAAO,CAAC;AAetF,MAAM,eAAe,GAAyB,cAAc,CAAC,GAAG,CAAC,KAAK,CAAC,WAAW,CAAC,WAAW,CAAC;AAG/F,MAAM,sBAAsB,GAAgC,cAAc,CAAC,GAAG,CAAC,KAAK,CAAC,WAAW,CAAC,kBAAkB,CAAC;AAEpH,SAAS,aAAa,CAAC,KAAc;IACpC,OAAM,CAAC,OAAO,KAAK,KAAK,QAAQ,IAAI,KAAK,KAAK,IAAI,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC,CAAC;AAC9E,CAAC;AAED;;GAEG;AACH,SAAS,0BAA0B,CAAC,GAAW,EAAE,UAA6B;IAC7E,MAAM,MAAM,GAA+B,EAAE,CAAC;IAC9C,KAAK,MAAM,CAAC,GAAG,EAAE,KAAK,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC;QAChD,mEAAmE;QACnE,MAAM,CAAC,GAAG,CAAC,GAAG,oBAAoB,CAAC,KAAK,EAAE,UAAU,CAAC,CAAC;IACvD,CAAC;IACD,OAAM,CAAC,MAAM,CAAC,CAAC;AAChB,CAAC;AAED;;;;GAIG;AACH,SAAS,oBAAoB,CAAC,KAAc,EAAE,UAA6B;IAC1E,oBAAoB;IACpB,IAAI,KAAK,KAAK,SAAS,IAAI,KAAK,KAAK,IAAI,IAAI,OAAO,KAAK,KAAK,QAAQ,EAAE,CAAC;QACxE,OAAM,CAAC,KAAK,CAAC,CAAC;IACf,CAAC;IACD,IAAI,KAAK,YAAY,IAAI,IAAI,MAAM,CAAC,QAAQ,CAAC,KAAK,CAAC,IAAI,KAAK,YAAY,WAAW,EAAE,CAAC;QACrF,OAAM,CAAC,KAAK,CAAC,CAAC;IACf,CAAC;IAED,gBAAgB;IAChB,IAAI,KAAK,CAAC,OAAO,CAAC,KAAK,CAAC,EAAE,CAAC;QAC1B,OAAM,CAAC,KAAK,CAAC,GAAG,CAAC,IAAI,CAAC,EAAE,CAAC,oBAAoB,CAAC,IAAI,EAAE,UAAU,CAAC,CAAC,CAAC,CAAC;IACnE,CAAC;IAED,yFAAyF;IACzF,+EAA+E;IAC/E,yEAAyE;IACzE,MAAM,GAAG,GAAG,KAAmG,CAAC;IAChH,IAAI,GAAG,CAAC,IAAI,KAAK,QAAQ,IAAI,OAAO,IAAI,GAAG,IAAI,OAAO,GAAG,CAAC,KAAK,KAAK,QAAQ,EAAE,CAAC;QAC9E,OAAM,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC;IACnB,CAAC;IACD,IAAI,GAAG,CAAC,IAAI,KAAK,MAAM,IAAI,OAAO,IAAI,GAAG,IAAI,GAAG,CAAC,KAAK,YAAY,IAAI,EAAE,CAAC;QACxE,OAAM,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC;IACnB,CAAC;IACD,IAAI,GAAG,CAAC,IAAI,KAAK,WAAW,IAAI,OAAO,IAAI,GAAG,IAAI,MAAM,CAAC,QAAQ,CAAC,GAAG,CAAC,KAAK,CAAC,EAAE,CAAC;QAC9E,OAAM,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC;IACnB,CAAC;IAED,2EAA2E;IAC3E,IAAI,UAAU,IAAI,GAAG,IAAI,QAAQ,IAAI,GAAG,IAAI,aAAa,CAAC,GAAG,CAAC,QAAQ,CAAC,IAAI,aAAa,CAAC,GAAG,CAAC,MAAM,CAAC,EAAE,CAAC;QACtG,yEAAyE;QACzE,MAAM,GAAG,GAAG,GAAuL,CAAC;QACpM,MAAM,GAAG,GAAG,GAAG,CAAC,QAAQ,CAAC,GAAG,CAAC;QAC7B,MAAM,QAAQ,GAAG,GAAG,CAAC,QAAQ,CAAC,WAAW,CAAC;QAE1C,kEAAkE;QAClE,MAAM,iBAAiB,GAAG,OAAO,GAAG,CAAC,mBAAmB,KAAK,QAAQ;YACpE,CAAC,CAAC,GAAG,CAAC,mBAAmB;YACzB,CAAC,CAAC,GAAG,CAAC,mBAAmB,EAAE,GAAG,CAAC;QAChC,MAAM,UAAU,GAAG,GAAG,CAAC,MAAM,CAAC;QAE9B,IAAI,OAAO,GAAG,KAAK,QAAQ,IAAI,OAAO,QAAQ,KAAK,QAAQ,IAAI,UAAU,EAAE,CAAC;YAC3E,IAAI,WAAW,GAAgB,IAAI,CAAC;YAEpC,OAAM,CAAC;gBACN,GAAG,0BAA0B,CAAC,GAAG,EAAE,UAAU,CAAC;gBAC9C,KAAK,EAAE,KAAK,WAAU,oBAA0E;oBAC/F,IAAI,WAAW,EAAE,CAAC;wBACjB,OAAM,CAAC,WAAW,CAAC,CAAC;oBACrB,CAAC;oBAED,MAAM,WAAW,GAAG,MAAM,KAAK,CAAC,GAAG,CAAC,CAAC;oBACrC,IAAI,CAAC,WAAW,CAAC,EAAE,EAAE,CAAC;wBACrB,MAAK,CAAC,IAAI,KAAK,CAAC,oCAAoC,GAAG,KAAK,WAAW,CAAC,MAAM,IAAI,WAAW,CAAC,UAAU,EAAE,CAAC,CAAC,CAAC;oBAC9G,CAAC;oBAED,MAAM,QAAQ,GAAG,MAAM,WAAW,CAAC,IAAI,EAAE,CAAC;oBAC1C,IAAI,IAAI,GAAG,MAAM,QAAQ,CAAC,WAAW,EAAE,CAAC;oBAExC,8BAA8B;oBAC9B,IAAI,QAAQ,CAAC,IAAI,KAAK,kBAAkB,EAAE,CAAC;wBAC1C,IAAI,CAAC;4BACJ,MAAM,MAAM,GAAY,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC,CAAC;4BACxE,IAAI,aAAa,CAAC,MAAM,CAAC,IAAI,MAAM,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;gCAC/D,IAAI,MAAM,IAAI,MAAM,IAAI,OAAO,MAAM,CAAC,IAAI,KAAK,QAAQ,IAAI,UAAU,IAAI,MAAM,IAAI,OAAO,MAAM,CAAC,QAAQ,KAAK,QAAQ,EAAE,CAAC;oCACxH,IAAI,GAAG,mBAAmB,CAAC,MAAM,CAAC,IAAI,CAAC,MAAM,CAAC,IAAI,EAAE,QAAQ,CAAC,CAAC,CAAC;gCAChE,CAAC;4BACF,CAAC;wBACF,CAAC;wBAAC,MAAM,CAAC;4BACR,aAAa;wBACd,CAAC;oBACF,CAAC;oBAED,oBAAoB;oBACpB,IAAI,iBAAiB,EAAE,CAAC;wBACvB,QAAQ,iBAAiB,EAAE,CAAC;4BAC3B,KAAK,qBAAqB,CAAC;4BAC3B,KAAK,2BAA2B,CAAC,CAAC,CAAC;gCAClC,MAAM,SAAS,GAAG,kBAAkB,CAAC,mBAAmB,CAAC,IAAI,EAAE;oCAC9D,GAAG,UAAU;oCACb,GAAG,CAAC,oBAAoB,IAAI,EAAE,CAAC;iCAC/B,CAAC,CAAC;gCACH,IAAI,GAAG,MAAM,SAAS,CAAC,YAAY,EAAE,CAAC;gCACtC,MAAM;4BACP,CAAC;4BACD;gCACC,MAAK,CAAC,IAAI,KAAK,CAAC,yCAAyC,iBAAiB,EAAE,CAAC,CAAC,CAAC;wBACjF,CAAC;oBACF,CAAC;oBAED,kEAAkE;oBAClE,IAAI,CAAC,MAAM,CAAC,QAAQ,CAAC,UAAU,CAAC,MAAM,CAAC,EAAE,CAAC;wBACzC,MAAK,CAAC,IAAI,SAAS,CAAC,8BAA8B,CAAC,CAAC,CAAC;oBACtD,CAAC;oBAED,MAAM,SAAS,GAAG,MAAM,gBAAgB,CAAC,IAAI,EAAE,UAAU,CAAC,CAAC;oBAC3D,IAAI,SAAS,KAAK,IAAI,EAAE,CAAC;wBACxB,MAAK,CAAC,SAAS,CAAC,CAAC;oBAClB,CAAC;oBAED,MAAM,IAAI,GAAG,IAAI,IAAI,CAAC,CAAC,IAAI,CAAC,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,CAAC,CAAC;oBAClD,WAAW,GAAG,IAAI,CAAC;oBACnB,OAAM,CAAC,IAAI,CAAC,CAAC;gBACd,CAAC;aACD,CAAC,CAAC;QACJ,CAAC;IACF,CAAC;IAED,oCAAoC;IACpC,OAAM,CAAC,0BAA0B,CAAC,GAAG,EAAE,UAAU,CAAC,CAAC,CAAC;AACrD,CAAC;AAED,SAAS,MAAM,CAAC,KAAc;IAC7B,IAAI,OAAO,KAAK,KAAK,QAAQ,IAAI,KAAK,KAAK,IAAI,EAAE,CAAC;QACjD,OAAM,CAAC,KAAK,CAAC,CAAC;IACf,CAAC;IAED,IAAI,CAAC,CAAC,aAAa,IAAI,KAAK,CAAC,EAAE,CAAC;QAC/B,OAAM,CAAC,KAAK,CAAC,CAAC;IACf,CAAC;IAED,IAAI,OAAO,KAAK,CAAC,WAAW,KAAK,UAAU,EAAE,CAAC;QAC7C,OAAM,CAAC,KAAK,CAAC,CAAC;IACf,CAAC;IAED,OAAM,CAAC,IAAI,CAAC,CAAC;AACd,CAAC;AAED,KAAK,UAAU,UAAU,CAAC,KAAc,EAAE,cAA2F;IACpI,cAAc,KAAK,KAAK,WAAU,KAAc;QAC/C,OAAM,CAAC,KAAK,CAAC,CAAC;IACf,CAAC,CAAC;IAEF,IAAI,OAAO,KAAK,KAAK,QAAQ,IAAI,KAAK,KAAK,IAAI,EAAE,CAAC;QACjD,OAAM,CAAC,KAAK,CAAC,CAAC;IACf,CAAC;IAED,IAAI,MAAM,CAAC,QAAQ,CAAC,KAAK,CAAC,EAAE,CAAC;QAC5B,OAAM,CAAC,KAAK,CAAC,CAAC;IACf,CAAC;IAED,IAAI,OAAO,KAAK,KAAK,UAAU,EAAE,CAAC;QACjC,OAAM,CAAC,KAAK,CAAC,CAAC;IACf,CAAC;IAED,IAAI,KAAK,YAAY,IAAI,EAAE,CAAC;QAC3B,OAAM,CAAC,KAAK,CAAC,CAAC;IACf,CAAC;IAED,IAAI,KAAK,CAAC,OAAO,CAAC,KAAK,CAAC,EAAE,CAAC;QAC1B,MAAM,QAAQ,GAAG,EAAE,CAAC;QACpB,IAAI,GAAG,GAAG,CAAC,CAAC,CAAC;QACb,KAAK,MAAM,IAAI,IAAI,KAAK,EAAE,CAAC;YAC1B,GAAG,EAAE,CAAC;YACN,QAAQ,CAAC,IAAI,CAAC,MAAM,UAAU,CAAC,MAAM,cAAc,CAAC,MAAM,CAAC,GAAG,CAAC,EAAE,IAAI,EAAE,KAAK,CAAC,EAAE,cAAc,CAAC,CAAC,CAAC;QACjG,CAAC;QACD,OAAM,CAAC,QAAQ,CAAC,CAAC;IAClB,CAAC;IAED,MAAM,MAAM,GAA+B,EAAE,CAAC;IAC9C,KAAK,MAAM,CAAC,GAAG,EAAE,KAAK,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,KAAK,CAAC,EAAE,CAAC;QAClD,MAAM,CAAC,GAAG,CAAC,GAAG,MAAM,UAAU,CAAC,MAAM,cAAc,CAAC,GAAG,EAAE,KAAK,EAAE,KAAK,CAAC,EAAE,cAAc,CAAC,CAAC;IACzF,CAAC;IACD,OAAM,CAAC,MAAM,CAAC,CAAC;AAChB,CAAC;AAED,4EAA4E;AAC5E,SAAS,gBAAgB,CACxB,KAAW,EACX,EAAW;IAEX,kFAAkF;IAClF,8EAA8E;IAC9E,OAAM,CAAC,IAAI,CAAC,CAAC;AACd,CAAC;AAED,sEAAsE;AACtE,SAAS,gBAAgB,CACxB,IAAU,EACV,CAAU;IAEV,IAAI,CAAC,gBAAgB,CAAC,IAAI,EAAE,CAAC,CAAC,EAAE,CAAC;QAChC,MAAK,CAAC,IAAI,KAAK,CAAC,2DAA2D,CAAC,CAAC,CAAC;IAC/E,CAAC;IACD,OAAM,CAAC,CAAC,CAAC,CAAC;AACX,CAAC;AAED,SAAS,+BAA+B,CAAC,IAAY;IACpD,IAAI,CAAC,CAAC,IAAI,IAAI,yBAAyB,CAAC,EAAE,CAAC;QAC1C,MAAK,CAAC,IAAI,KAAK,CAAC,2BAA2B,IAAI,EAAE,CAAC,CAAC,CAAC;IACrD,CAAC;AACF,CAAC;AAED,SAAS,2BAA2B,CAAC,IAAY;IAChD,+BAA+B,CAAC,IAAI,CAAC,CAAC;IACtC,OAAM,CAAC,IAAI,CAAC,CAAC;AACd,CAAC;AAED,SAAS,iBAAiB,CAAC,MAAmB;IAC7C,IAAI,OAAO,MAAM,KAAK,QAAQ,IAAI,MAAM,KAAK,IAAI,IAAI,MAAM,IAAI,MAAM,IAAI,MAAM,CAAC,IAAI,KAAK,SAAS,EAAE,CAAC;QACpG,OAAM,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC;IACzB,CAAC;IAED,OAAM,CAAC,MAAM,CAAC,CAAC;AAChB,CAAC;AAED,SAAS,iBAAiB,CAAC,WAAwB;IAClD,IAAI,OAAO,WAAW,KAAK,QAAQ,IAAI,WAAW,KAAK,IAAI,IAAI,UAAU,IAAI,WAAW,EAAE,CAAC;QAC1F,MAAM,SAAS,GAAG,iBAAiB,CAAC,WAAW,CAAC,QAAQ,CAAC,CAAC;QAC1D,OAAM,CAAC,EAAE,QAAQ,EAAE,SAAS,EAAE,CAAC,CAAC;IACjC,CAAC;IAED,OAAM,CAAC,iBAAiB,CAAC,WAAW,CAAC,CAAC,CAAC;AACxC,CAAC;AAED;;GAEG;AACH,SAAS,2BAA2B,CAAC,MAAmB;IACvD,wDAAwD;IACxD,IAAI,OAAO,MAAM,KAAK,QAAQ,IAAI,MAAM,KAAK,IAAI,IAAI,MAAM,IAAI,MAAM,IAAI,MAAM,CAAC,IAAI,KAAK,QAAQ,EAAE,CAAC;QACnG,MAAM,iBAAiB,GAAmC,EAAE,CAAC;QAC7D,KAAK,MAAM,CAAC,SAAS,EAAE,WAAW,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,MAAM,CAAC,QAAQ,CAAC,EAAE,CAAC;YACxE,iBAAiB,CAAC,SAAS,CAAC,GAAG,iBAAiB,CAAC,WAAW,CAAC,CAAC;QAC/D,CAAC;QAED,OAAM,CAAC;YACN,IAAI,EAAE,QAAQ;YACd,UAAU,EAAE,MAAM,CAAC,UAAU;YAC7B,QAAQ,EAAE,iBAAiB;SAC3B,CAAC,CAAC;IACJ,CAAC;IAED,OAAM,CAAC,MAAM,CAAC,CAAC;AAChB,CAAC;AAED;;;GAGG;AACH,SAAS,wBAAwB,CAAC,KAAkB,EAAE,UAA6B;IAClF,MAAM,OAAO,GAAG,IAAI,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC;IACrC,iEAAiE;IACjE,yEAAyE;IACzE,MAAM,SAAS,GAAG,CAAC,KAAK,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,OAAO,CAA0D,CAAC;IAC3H,IAAI,SAAS,EAAE,IAAI,KAAK,SAAS,IAAI,OAAO,SAAS,CAAC,KAAK,KAAK,QAAQ,EAAE,CAAC;QAC1E;;WAEG;QACH,SAAS,mBAAmB,CAAC,GAAY;YACxC,yEAAyE;YACzE,MAAM,GAAG,GAAG,GAA4D,CAAC;YACzE,IAAI,GAAG,EAAE,IAAI,KAAK,SAAS,IAAI,OAAO,GAAG,CAAC,KAAK,KAAK,QAAQ,EAAE,CAAC;gBAC9D,OAAM,CAAC,oBAAoB,CAAC,GAAG,CAAC,QAAQ,EAAE,UAAU,CAAC,CAAC,CAAC;YACxD,CAAC;YAED,OAAM,CAAC,oBAAoB,CAAC,GAAG,EAAE,UAAU,CAAC,CAAC,CAAC;QAC/C,CAAC;QAED;;WAEG;QACH,SAAS,wBAAwB,CAAC,KAAc;YAC/C,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,KAAK,CAAC,EAAE,CAAC;gBAC3B,OAAM,CAAC,oBAAoB,CAAC,KAAK,EAAE,UAAU,CAAC,CAAC,CAAC;YACjD,CAAC;YAED,OAAM,CAAC,KAAK,CAAC,GAAG,CAAC,UAAS,IAAI;gBAC7B,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,IAAI,CAAC,EAAE,CAAC;oBAC1B,OAAM,CAAC,oBAAoB,CAAC,IAAI,EAAE,UAAU,CAAC,CAAC,CAAC;gBAChD,CAAC;gBACD,4BAA4B;gBAC5B,uEAAuE;gBACvE,yCAAyC;gBACzC,MAAM,MAAM,GAA6D,EAAE,CAAC;gBAC5E,IAAI,IAAI,CAAC,MAAM,IAAI,CAAC,EAAE,CAAC;oBACtB,MAAM,CAAC,EAAE,GAAG,oBAAoB,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,UAAU,CAAC,CAAC;gBACvD,CAAC;gBAED,IAAI,IAAI,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;oBACvB,mEAAmE;oBACnE,MAAM,GAAG,GAAG,IAAI,CAAC,CAAC,CAAC,CAAC;oBACpB,IAAI,OAAO,GAAG,KAAK,QAAQ,EAAE,CAAC;wBAC7B,MAAM,CAAC,MAAM,GAAG,GAAG,CAAC;oBACrB,CAAC;yBAAM,CAAC;wBACP,MAAM,CAAC,UAAU,GAAG,mBAAmB,CAAC,GAAG,CAAC,CAAC;oBAC9C,CAAC;gBACF,CAAC;qBAAM,IAAI,IAAI,CAAC,MAAM,IAAI,CAAC,EAAE,CAAC;oBAC7B,MAAM,CAAC,MAAM,GAAG,oBAAoB,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,UAAU,CAAC,CAAC;oBAC1D,MAAM,CAAC,UAAU,GAAG,mBAAmB,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,CAAC;gBAClD,CAAC;gBAED,OAAM,CAAC,MAAM,CAAC,CAAC;YAChB,CAAC,CAAC,CAAC,CAAC;QACL,CAAC;QAED,MAAM,WAAW,GAAG,wBAAwB,CAAC,SAAS,CAAC,QAAQ,CAAC,CAAC;QACjE,IAAI,SAAS,CAAC,KAAK,KAAK,CAAC,EAAE,CAAC;YAC3B,OAAM,CAAC,EAAE,YAAY,EAAE,WAAW,EAAE,CAAC,CAAC;QACvC,CAAC;aAAM,IAAI,SAAS,CAAC,KAAK,KAAK,CAAC,EAAE,CAAC;YAClC,OAAM,CAAC,EAAE,MAAM,EAAE,WAAW,EAAE,CAAC,CAAC;QACjC,CAAC;IACF,CAAC;IAED,oCAAoC;IACpC,OAAM,CAAC,oBAAoB,CAAC,OAAO,EAAE,UAAU,CAAC,CAAC,CAAC;AACnD,CAAC;AAED,KAAK,UAAU,eAAe,CAAyC,IAAU,EAAE,KAAkB,EAAE,UAA6B;IACnI,MAAM,MAAM,GAAG,0BAA0B,CAAC,IAAI,CAAC,CAAC;IAEhD,IAAI,WAAuC,CAAC;IAC5C,IAAI,UAAU,GAAG,MAAM,CAAC;IACxB,IAAI,CAAC;QACJ,mFAAmF;QACnF,mBAAmB;QACnB,WAAW,GAAG,IAAI,IAAI,CAAC,iBAAiB,CAAC,KAAK,EAAE,MAAM,CAAC,CAAC,OAAO,EAAE,CAAC;IACnE,CAAC;IAAC,OAAO,UAAU,EAAE,CAAC;QACrB,yEAAyE;QACzE,wEAAwE;QACxE,IAAI,CAAC;YACJ,kCAAkC;YAClC,IAAI,IAAI,KAAK,YAAY,EAAE,CAAC;gBAC3B,MAAM,SAAS,GAAG,wBAAwB,CAAC,KAAK,EAAE,UAAU,CAAC,CAAC;gBAC9D,OAAM,CAAC,gBAAgB,CAAC,IAAI,EAAE,SAAS,CAAC,CAAC,CAAC;YAC3C,CAAC;YAED,MAAM,qBAAqB,GAAG,2BAA2B,CAAC,MAAM,CAAC,CAAC;YAClE,mEAAmE;YACnE,WAAW,GAAG,IAAI,IAAI,CAAC,iBAAiB,CAAC,KAAK,EAAE,qBAAqB,CAAC,CAAC,OAAO,EAAE,CAAC;YACjF,UAAU,GAAG,qBAAqB,CAAC;QACpC,CAAC;QAAC,MAAM,CAAC;YACR,yCAAyC;YACzC,MAAK,CAAC,UAAU,CAAC,CAAC;QACnB,CAAC;IACF,CAAC;IAED,IAAI,CAAC,WAAW,EAAE,CAAC;QAClB,MAAK,CAAC,IAAI,KAAK,CAAC,4BAA4B,CAAC,CAAC,CAAC;IAChD,CAAC;IAED,MAAM,SAAS,GAAG,IAAI,IAAI,CAAC,YAAY,CAAC,UAAU,CAAC,CAAC;IACpD,MAAM,WAAW,GAAG,SAAS,CAAC,kBAAkB,CAAC,WAAW,CAAC,CAAC;IAE9D,mBAAmB;IACnB,6CAA6C;IAC7C,6DAA6D;IAC7D,mBAAmB;IACnB,MAAM,SAAS,GAAG,oBAAoB,CAAC,WAAW,EAAE,UAAU,CAAC,CAAC;IAChE,OAAM,CAAC,gBAAgB,CAAC,IAAI,EAAE,SAAS,CAAC,CAAC,CAAC;AAC3C,CAAC;AAWD;;;;;;;;;;;;;;;;;;;;GAoBG;AACH,MAAM,uCAAuC,GAAG;IAC/C,UAAU,EAAE,CAAC,IAAI,CAAC,YAAY,CAAC,KAAK,EAAE;YACrC,MAAM,EAAE;gBACP,EAAE,IAAI,EAAE,SAAkB,EAAE,KAAK,EAAE,CAAU,EAAE,IAAI,EAAE,UAAmB,EAAE,QAAQ,EAAE,IAAI,CAAC,YAAY,CAAC,aAAa,EAAE;gBACrH,EAAE,IAAI,EAAE,SAAkB,EAAE,KAAK,EAAE,CAAU,EAAE,IAAI,EAAE,UAAmB,EAAE,QAAQ,EAAE,IAAI,CAAC,YAAY,CAAC,aAAa,EAAE;aACrH;SACD,CAAC;CACoB,CAAC;AAQxB,MAAM,OAAO,kBAAmB,SAAQ,sBAAsB;IACpD,WAAW,GAIhB,EAAE,CAAC;IAEE,uBAAuB,CAAqB;IAErD;;;OAGG;IACK,MAAM,CAAC,SAAS,CAAC,MAA0C;QAClE,MAAM,UAAU,GAAG,EAAE,GAAG,MAAM,EAAE,CAAC;QACjC,IAAI,gBAAgB,CAAC;QACrB,IAAI,UAAU,CAAC,OAAO,EAAE,CAAC;YACxB,gBAAgB,GAAG,UAAU,CAAC,OAAO,CAAC;YACtC,OAAM,CAAC,UAAU,CAAC,OAAO,CAAC,CAAC;QAC5B,CAAC;QACD,MAAM,MAAM,GAA0C,UAAU,CAAC;QACjE,IAAI,gBAAgB,EAAE,CAAC;YACtB,MAAM,CAAC,gBAAgB,GAAG,gBAAgB,CAAC;QAC5C,CAAC;QACD,OAAM,CAAC,MAAM,CAAC,CAAC;IAChB,CAAC;IAED,YAAY,MAA0C;QACrD,KAAK,CAAC,kBAAkB,CAAC,SAAS,CAAC,MAAM,CAAC,CAAC,CAAC;QAC5C,IAAI,MAAM,EAAE,OAAO,EAAE,CAAC;YACrB,IAAI,CAAC,uBAAuB,GAAG,MAAM,CAAC,OAAO,CAAC,eAAe,CAAC,GAAG,EAAE,CAAC;QACrE,CAAC;IACF,CAAC;IAED;;;;;OAKG;IACH,YAAY,CAAyC,IAAU,EAAE,KAAsC;QACtG,MAAM,eAAe,GAAG,0BAA0B,CAAC,IAAI,CAAC,CAAC;QACzD,IAAI,OAAoB,CAAC;QACzB,IAAI,KAAK,YAAY,WAAW,EAAE,CAAC;YAClC,OAAO,GAAG,KAAK,CAAC;QACjB,CAAC;aAAM,IAAI,IAAI,IAAI,0BAA0B,EAAE,CAAC;YAC/C,OAAO,GAAG,mBAAmB,CAAC,kBAAkB,CAAC,IAAI,EAAE,KAAK,CAAC,CAAC,CAAC;QAChE,CAAC;aAAM,IAAI,eAAe,KAAK,IAAI,CAAC,YAAY,CAAC,MAAM,EAAE,CAAC;YACzD,IAAI,CAAC,CAAC,KAAK,YAAY,IAAI,CAAC,EAAE,CAAC;gBAC9B,MAAK,CAAC,IAAI,KAAK,CAAC,qBAAqB,CAAC,CAAC,CAAC;YACzC,CAAC;YAED,OAAO,GAAG,eAAe,CAAC,IAAI,EAAE,KAAK,CAAC,CAAC;QACxC,CAAC;aAAM,IAAI,eAAe,KAAK,IAAI,CAAC,YAAY,CAAC,QAAQ,IAAI,OAAO,KAAK,KAAK,QAAQ,EAAE,CAAC;YACxF,OAAO,GAAG,eAAe,CAAC,IAAI,EAAE,KAAK,CAAC,CAAC;QACxC,CAAC;aAAM,CAAC;YACP,MAAK,CAAC,IAAI,KAAK,CAAC,kCAAkC,CAAC,CAAC,CAAC;QACtD,CAAC;QAED,IAAI,CAAC,WAAW,CAAC,IAAI,CAAC,GAAG;YACxB,SAAS,EAAE,KAAK;YAChB,KAAK,EAAE,OAAO;SACd,CAAC;IACH,CAAC;IAED;;;;;;OAMG;IACH,qBAAqB,CACpB,IAAU,EACV,SAA8D;QAE9D,IAAI,IAAI,CAAC,uBAAuB,IAAI,SAAS,CAAC,SAAS,KAAK,IAAI,CAAC,uBAAuB,EAAE,CAAC;YAC1F,MAAK,CAAC,IAAI,KAAK,CAAC,0DAA0D,CAAC,CAAC,CAAC;QAC9E,CAAC;QACD,IAAI,CAAC,WAAW,CAAC,IAAI,CAAC,GAAG;YACxB,SAAS,EAAE,IAAI;YACf,SAAS;SACT,CAAC;IACH,CAAC;IAES,KAAK,CAAC,aAAa,CAAC,GAAG,IAAyD;QACzF,MAAM,MAAM,GAAG,MAAM,KAAK,CAAC,aAAa,CAAC,GAAG,IAAI,CAAC,CAAC;QAClD,2BAA2B;QAC3B,MAAM,cAAc,GAAkC,EAAE,CAAC;QAEzD,KAAK,MAAM,CAAC,IAAI,EAAE,SAAS,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,IAAI,CAAC,WAAW,CAAC,EAAE,CAAC;YAClE,IAAI,CAAC,CAAC,IAAI,IAAI,yBAAyB,CAAC,EAAE,CAAC;gBAC1C,MAAK,CAAC,IAAI,KAAK,CAAC,sBAAsB,IAAI,EAAE,CAAC,CAAC,CAAC;YAChD,CAAC;YAED,+BAA+B,CAAC,IAAI,CAAC,CAAC;YACtC,MAAM,OAAO,GAAG,yBAAyB,CAAC,IAAI,CAAC,CAAC;YAEhD,IAAI,KAAa,CAAC;YAClB,IAAI,SAAS,CAAC,SAAS,EAAE,CAAC;gBACzB,KAAK,GAAG,mBAAmB,CAAC,SAAS,CAAC,SAAS,CAAC,KAAK,EAAE,CAAC,CAAC;YAC1D,CAAC;iBAAM,CAAC;gBACP,KAAK,GAAG,mBAAmB,CAAC,SAAS,CAAC,KAAK,CAAC,CAAC;YAC9C,CAAC;YAED,cAAc,CAAC,IAAI,CAAC,CAAC;oBACpB,IAAI,EAAE,KAAK;oBACX,GAAG,EAAE,OAAO;iBACZ,EAAE;oBACF,IAAI,EAAE,SAAS;oBACf,IAAI,EAAE,UAAU;oBAChB,KAAK,EAAE,SAAS,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;oBAClC,QAAQ,EAAE,KAAK;iBACf,CAAC,CAAC,CAAC;QACL,CAAC;QAED,IAAI,cAAc,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YAC/B,MAAM,CAAC,IAAI,CACV,sBAAsB,CAAC,SAAS,CAAC,IAAI,CAAC,KAAK,CAAC,cAAc,EAAE,cAAc,CAAC,CAC3E,CAAC;QACH,CAAC;QAED,OAAM,CAAC,MAAM,CAAC,CAAC;IAChB,CAAC;IAED;;;;;OAKG;IACH,KAAK,CAAC,KAAK,CAAC,MAA0C;QACrD,MAAM,UAAU,GAAG,kBAAkB,CAAC,SAAS,CAAC,MAAM,CAAC,CAAC;QACxD,MAAM,WAAW,GAAG,MAAM,KAAK,CAAC,QAAQ,CAAC,UAAU,CAAC,CAAC;QACrD,mEAAmE;QACnE,MAAM,iBAAiB,GAAG,IAAI,WAAW,CAAC,WAAW,EAAE;YACtD;;;;;eAKG;YACH,MAAM,EAAE,IAAI;SACZ,CAAC,CAAC;QAEH,OAAM,CAAC,iBAAiB,CAAC,CAAC;IAC3B,CAAC;CACD;AAED,MAAM,OAAO,WAAY,SAAQ,eAAe;IAC9B,UAAU,CAAkB;IAC7C,MAAM,CAAU,OAAO,GAA8B,kBAAkB,CAAC;IACxE,MAAM,CAAU,kBAAkB,CAAuC;IAEzE;;OAEM;IACG,UAAU,GAQf,EAAE,CAAC;IAEP,YAAY,KAAqD,EAAE,OAA2F;QAC7J,KAAK,CAAC,KAAK,EAAE,OAAO,CAAC,CAAC;QAEtB,IAAI,CAAC,UAAU,GAAG,OAAO,EAAE,UAAU,IAAI,IAAI,CAAC,gBAAgB,CAAC;QAE/D,KAAK,CAAC,oBAAoB,EAAE,CAAC;IAC9B,CAAC;IAES,oBAAoB;QAC7B,6DAA6D;IAC9D,CAAC;IAEO,iBAAiB,CAAyC,IAAU,EAAE,KAAkB;QAC/F,aAAa;QACb,IAAI,CAAC,UAAU,CAAC,IAAI,CAAC,GAAG,EAAE,SAAS,EAAE,KAAK,EAAE,KAAK,EAAyC,CAAC;IAC5F,CAAC;IAEO,qBAAqB,CAAyC,IAAU,EAAE,KAAkB;QACnG,MAAM,kBAAkB,GAAG,KAAK,EAAE,IAA0B,EAA4C,EAAE;YACzG,MAAM,WAAW,GAAG,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,mBAAmB,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC;YAC7E,OAAM,CAAC,MAAM,eAAe,CAAC,IAAI,EAAE,WAAW,EAAE,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC;QACrE,CAAC,CAAC;QACF,IAAI,CAAC,UAAU,CAAC,IAAI,CAAC,GAAG;YACvB,SAAS,EAAE,IAAI;YACf,KAAK,EAAE,IAAI,kBAAkB,CAAC,IAAI,CAAC,UAAU,EAAE,KAAK,EAAE,kBAAkB,CAAC;SAClC,CAAC;IAC1C,CAAC;IAED;;;;;OAKG;IACH,KAAK,CAAC,iBAAiB,CAAyC,aAAmB;QAClF,MAAM,IAAI,GAAG,IAAI,CAAC,UAAU,CAAC,aAAa,CAAC,EAAE,KAAK,CAAC;QACnD,IAAI,CAAC,IAAI,EAAE,CAAC;YACX,MAAK,CAAC,IAAI,KAAK,CAAC,aAAa,aAAa,mBAAmB,CAAC,CAAC,CAAC;QACjE,CAAC;QAED,IAAI,IAAI,YAAY,kBAAkB,EAAE,CAAC;YACxC,MAAM,GAAG,GAAG,MAAM,IAAI,CAAC,GAAG,EAAE,CAAC;YAC7B,OAAM,CAAC,MAAM,eAAe,CAAC,aAAa,EAAE,GAAG,EAAE,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC;QACtE,CAAC;QAED,uCAAuC;QACvC,IAAI,IAAI,YAAY,WAAW,IAAI,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,EAAE,CAAC;YAC1D,OAAM,CAAC,MAAM,eAAe,CAAC,aAAa,EAAE,IAAI,EAAE,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC;QACvE,CAAC;QAED,MAAK,CAAC,IAAI,KAAK,CAAC,aAAa,aAAa,0BAA0B,CAAC,CAAC,CAAC;IACxE,CAAC;IAES,gBAAgB,CAAC,EAAU,EAAE,KAAkB;QACxD,IAAI,KAAK,CAAC,gBAAgB,CAAC,EAAE,EAAE,KAAK,CAAC,EAAE,CAAC;YACvC,OAAM,CAAC,IAAI,CAAC,CAAC;QACd,CAAC;QAED,IAAI,EAAE,KAAK,IAAI,CAAC,KAAK,CAAC,cAAc,EAAE,CAAC;YACtC,MAAM,aAAa,GAAG,IAAI,IAAI,CAAC,iBAAiB,CAAC,KAAK,EAAE,uCAAuC,CAAC,CAAC,OAAO,EAAE,CAAC;YAE3G,KAAK,MAAM,SAAS,IAAI,aAAa,EAAE,CAAC;gBACvC,MAAM,UAAU,GAAG,WAAW,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC,GAAG,EAAE,yBAAyB,CAAC,CAAC;gBAC5E,MAAM,IAAI,GAAG,2BAA2B,CAAC,UAAU,CAAC,CAAC;gBACrD,MAAM,SAAS,GAAG,SAAS,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC;gBACrC,MAAM,KAAK,GAAG,mBAAmB,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC;gBAEzD,QAAQ,SAAS,EAAE,CAAC;oBACnB,KAAK,CAAC;wBACL,iBAAiB;wBACjB,IAAI,CAAC,iBAAiB,CAAC,IAAI,EAAE,KAAK,CAAC,CAAC;wBACpC,MAAM;oBACP,KAAK,CAAC;wBACL,qBAAqB;wBACrB,IAAI,CAAC,qBAAqB,CAAC,IAAI,EAAE,KAAK,CAAC,CAAC;wBACxC,MAAM;oBACP;wBACC,WAAW,CAAC,SAAS,CAAC,CAAC;gBACzB,CAAC;YACF,CAAC;YAED,OAAM,CAAC,IAAI,CAAC,CAAC;QACd,CAAC;QAED,OAAM,CAAC,KAAK,CAAC,CAAC;IACf,CAAC;;AAmCD,CAAC;AAKF,MAAM,OAAO,6BAA6B;IACzC,YAAY,CAAe;IAC3B,cAAc,CAAwB;IACtC,WAAW,GAMP,EAAE,CAAC;IAEC,SAAS,CAAqB;IAC9B,iBAAiB,GAAG,KAAK,CAAC;IAElC,MAAM,CAAC,8BAA8B,GAA2C,+BAA+B,CAAC;IAEhH,YAAY,KAAoC,EAAE,OAAoD;QACrG,IAAI,eAAuB,CAAC;QAC5B,IAAI,OAAO,KAAK,KAAK,QAAQ,EAAE,CAAC;YAC/B;;;eAGG;YACH,MAAM,UAAU,GAAG,KAAK,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC;YACxC,IAAI,WAAiC,CAAC;YACtC,KAAK,IAAI,WAAW,GAAG,CAAC,EAAE,WAAW,GAAG,UAAU,CAAC,MAAM,EAAE,WAAW,EAAE,EAAE,CAAC;gBAC1E,MAAM,IAAI,GAAG,UAAU,CAAC,WAAW,CAAC,EAAE,IAAI,EAAE,CAAC;gBAC7C,IAAI,IAAI,EAAE,UAAU,CAAC,aAAa,CAAC,EAAE,CAAC;oBACrC,IAAI,QAAQ,GAAG,CAAC,CAAC,CAAC;oBAClB,MAAM,eAAe,GAAG,IAAI,CAAC,OAAO,CAAC,OAAO,EAAE,KAAK,CAAC,CAAC;oBACrD,KAAK,IAAI,SAAS,GAAG,WAAW,GAAG,CAAC,EAAE,SAAS,GAAG,UAAU,CAAC,MAAM,EAAE,SAAS,EAAE,EAAE,CAAC;wBAClF,MAAM,YAAY,GAAG,UAAU,CAAC,SAAS,CAAC,EAAE,IAAI,EAAE,CAAC;wBACnD,IAAI,YAAY,KAAK,eAAe,EAAE,CAAC;4BACtC,QAAQ,GAAG,SAAS,CAAC;4BACrB,MAAM;wBACP,CAAC;oBACF,CAAC;oBACD,IAAI,QAAQ,KAAK,CAAC,CAAC,EAAE,CAAC;wBACrB,MAAK,CAAC,IAAI,KAAK,CAAC,sCAAsC,CAAC,CAAC,CAAC;oBAC1D,CAAC;oBAED,WAAW,GAAG,UAAU,CAAC,KAAK,CAAC,WAAW,GAAG,CAAC,EAAE,QAAQ,CAAC,CAAC;oBAC1D,MAAM;gBACP,CAAC;YACF,CAAC;YACD,IAAI,WAAW,KAAK,SAAS,EAAE,CAAC;gBAC/B,WAAW,GAAG,UAAU,CAAC;YAC1B,CAAC;YAED,WAAW,GAAG,WAAW,CAAC,GAAG,CAAC,UAAS,IAAI;gBAC1C,OAAM,CAAC,IAAI,CAAC,IAAI,EAAE,CAAC,CAAC;YACrB,CAAC,CAAC,CAAC,MAAM,CAAC,UAAS,IAAI;gBACtB,OAAM,CAAC,IAAI,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC;YACzB,CAAC,CAAC,CAAC;YAEH,MAAM,aAAa,GAAG,WAAW,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;YAC3C,eAAe,GAAG,MAAM,CAAC,IAAI,CAAC,aAAa,EAAE,QAAQ,CAAC,CAAC;QACxD,CAAC;aAAM,IAAI,MAAM,CAAC,QAAQ,CAAC,KAAK,CAAC,EAAE,CAAC;YACnC,eAAe,GAAG,KAAK,CAAC;QACzB,CAAC;aAAM,CAAC;YACP,eAAe,GAAG,mBAAmB,CAAC,KAAK,CAAC,CAAC;QAC9C,CAAC;QAED,IAAI,UAAU,GAAG,OAAO,EAAE,UAAU,CAAC;QACrC,IAAI,eAAe,CAAC,UAAU,CAAC,UAAU,CAAC,EAAE,CAAC;YAC5C,UAAU,GAAG,CAAC,UAAU,CAAC,CAAC;QAC3B,CAAC;aAAM,IAAI,UAAU,YAAY,GAAG,EAAE,CAAC;YACtC,UAAU,GAAG,KAAK,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC;QACrC,CAAC;aAAM,IAAI,UAAU,KAAK,SAAS,EAAE,CAAC;YACrC,UAAU,GAAG,IAAI,CAAC;QACnB,CAAC;QAED,IAAI,CAAC,SAAS,GAAG,kBAAkB,CAAC,iBAAiB,CAAC,eAAe,EAAE,UAAU,CAAC,CAAC;IACpF,CAAC;IAUD,MAAM,CAAC,KAAK,CAAC,eAAe,CAAC,WAAwB,EAAE,6BAAkF,EAAE,wBAAsD;QAChM,IAAI,aAAa,GAAqC,SAAS,CAAC;QAChE,IAAI,cAAc,GAA4C,SAAS,CAAC;QAExE,IAAI,wBAAwB,KAAK,SAAS,EAAE,CAAC;YAC5C,IAAI,6BAA6B,KAAK,SAAS,EAAE,CAAC;gBACjD,IAAI,KAAK,CAAC,OAAO,CAAC,6BAA6B,CAAC,EAAE,CAAC;oBAClD,cAAc,GAAG,6BAA6B,CAAC;gBAChD,CAAC;qBAAM,CAAC;oBACP,aAAa,GAAG,6BAA6B,CAAC;gBAC/C,CAAC;YACF,CAAC;QACF,CAAC;aAAM,CAAC;YACP,IAAI,6BAA6B,KAAK,SAAS,EAAE,CAAC;gBACjD,IAAI,KAAK,CAAC,OAAO,CAAC,6BAA6B,CAAC,EAAE,CAAC;oBAClD,MAAK,CAAC,IAAI,SAAS,CAAC,iDAAiD,CAAC,CAAC,CAAC;gBACzE,CAAC;gBACD,aAAa,GAAG,6BAA6B,CAAC;YAC/C,CAAC;YACD,cAAc,GAAG,wBAAwB,CAAC;QAC3C,CAAC;QAED,IAAI,cAAc,KAAK,SAAS,EAAE,CAAC;YAClC;;;eAGG;YACH,yEAAyE;YACzE,cAAc,GAAG,MAAM,CAAC,IAAI,CAAC,WAAW,CAAC,UAAU,CAA4C,CAAC;QACjG,CAAC;QAED,MAAM,UAAU,GAA8D,EAAE,CAAC;QACjF,KAAK,MAAM,IAAI,IAAI,cAAc,EAAE,CAAC;YACnC,MAAM,IAAI,GAAG,WAAW,CAAC,UAAU,CAAC,IAAI,CAAC,CAAC;YAC1C;;eAEG;YACH,IAAI,CAAC,IAAI,EAAE,CAAC;gBACX,SAAS;YACV,CAAC;YAED,MAAM,UAAU,GAA6B,EAAE,CAAC;YAChD,MAAM,8BAA8B,GAAG,KAAK,WAAU,GAAY;gBACjE,OAAM,CAAC,MAAM,UAAU,CAAC,GAAG,EAAE,KAAK,WAAU,GAAG,EAAE,KAAK,EAAE,MAAM;oBAC7D,IAAI,GAAG,KAAK,OAAO,EAAE,CAAC;wBACrB,IAAI,CAAC;4BACJ,IAAI,OAAO,MAAM,KAAK,QAAQ,IAAI,MAAM,KAAK,IAAI,EAAE,CAAC;gCACnD,MAAK,CAAC,IAAI,KAAK,CAAC,gCAAgC,CAAC,CAAC,CAAC;4BACpD,CAAC;4BACD,IAAI,CAAC,CAAC,QAAQ,IAAI,MAAM,CAAC,IAAI,OAAO,MAAM,CAAC,MAAM,KAAK,QAAQ,IAAI,MAAM,CAAC,MAAM,KAAK,IAAI,EAAE,CAAC;gCAC1F,MAAK,CAAC,IAAI,KAAK,CAAC,wCAAwC,CAAC,CAAC,CAAC;4BAC5D,CAAC;4BACD,IAAI,CAAC,CAAC,QAAQ,IAAI,MAAM,CAAC,MAAM,CAAC,EAAE,CAAC;gCAClC,MAAK,CAAC,IAAI,KAAK,CAAC,0CAA0C,CAAC,CAAC,CAAC;4BAC9D,CAAC;4BAED,MAAM,MAAM,GAAG,MAAM,CAAC,MAAM,CAAC,MAAM,CAAC;4BACpC,IAAI,CAAC,MAAM,CAAC,QAAQ,CAAC,MAAM,CAAC,EAAE,CAAC;gCAC9B,MAAK,CAAC,IAAI,SAAS,CAAC,8BAA8B,CAAC,CAAC,CAAC;4BACtD,CAAC;4BACD,IAAI,OAAO,KAAK,KAAK,UAAU,EAAE,CAAC;gCACjC,MAAK,CAAC,IAAI,SAAS,CAAC,+BAA+B,CAAC,CAAC,CAAC;4BACvD,CAAC;4BAED;;;;+BAIG;4BACH,qGAAqG;4BACrG,MAAM,SAAS,GAAG,MAAM,KAAK,CAAC,CAAC,WAAW,CAAC,gBAAgB,CAAC,CAAC,CAAC;4BAC9D,yCAAyC;4BACzC,IAAI,CAAC,MAAM,CAAC,SAAS,CAAC,EAAE,CAAC;gCACxB,MAAK,CAAC,IAAI,KAAK,CAAC,uCAAuC,CAAC,CAAC,CAAC;4BAC3D,CAAC;4BAED,MAAM,aAAa,GAAG,MAAM,CAAC,IAAI,CAAC,MAAM,SAAS,CAAC,WAAW,EAAE,CAAC,CAAC;4BACjE,MAAM,WAAW,GAAG,MAAM,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC,WAAW,EAAE,CAAC;4BACzD,UAAU,CAAC,WAAW,CAAC,GAAG,aAAa,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC;4BAE3D,OAAM,CAAC,KAAK;gCACX,OAAM,CAAC,SAAS,CAAC,CAAC;4BACnB,CAAC,CAAC,CAAC;wBACJ,CAAC;wBAAC,MAAM,CAAC;4BACR,mBAAmB;4BACnB,OAAM,CAAC,SAAS,CAAC,CAAC;wBACnB,CAAC;oBACF,CAAC;yBAAM,CAAC;wBACP,OAAM,CAAC,KAAK,CAAC,CAAC;oBACf,CAAC;gBACF,CAAC,CAAC,CAAC,CAAC;YACL,CAAC,CAAA;YAED;;;;eAIG;YACH,IAAI,IAAI,KAAK,YAAY,EAAE,CAAC;gBAC3B,MAAM,SAAS,GAAG,MAAM,WAAW,CAAC,iBAAiB,CAAC,IAAI,CAAC,CAAC;gBAC5D,MAAM,8BAA8B,CAAC,SAAS,CAAC,CAAC;YACjD,CAAC;YAED,IAAI,IAAI,CAAC,SAAS,EAAE,CAAC;gBACpB,UAAU,CAAC,IAAI,CAAC,GAAG;oBAClB,SAAS,EAAE,IAAI;oBACf,KAAK,EAAE,MAAM,IAAI,CAAC,KAAK,CAAC,QAAQ,EAAE;oBAClC,UAAU,EAAE,UAAU;iBACtB,CAAC;YACH,CAAC;iBAAM,CAAC;gBACP,UAAU,CAAC,IAAI,CAAC,GAAG;oBAClB,SAAS,EAAE,KAAK;oBAChB,KAAK,EAAE,mBAAmB,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,QAAQ,CAAC,QAAQ,CAAC;oBACzD,UAAU,EAAE,UAAU;iBACtB,CAAC;YACH,CAAC;QACF,CAAC;QAGD,IAAI,iBAAiB,CAAC;QACtB,aAAa,KAAK,IAAI,GAAG,EAAE,CAAC;QAC5B,IAAI,aAAa,CAAC,IAAI,KAAK,CAAC,EAAE,CAAC;YAC9B,iBAAiB,GAAG,SAAS,CAAC;QAC/B,CAAC;aAAM,CAAC;YACP,iBAAiB,GAAG,KAAK,CAAC,IAAI,CAAC,aAAa,CAAC,CAAC,GAAG,CAAC,UAAS,uBAAuB;gBACjF,OAAM,CAAC,uBAAuB,CAAC,KAAK,EAAE,CAAC,CAAC;YACzC,CAAC,CAAC,CAAC;QACJ,CAAC;QAED,MAAM,cAAc,GAAG,IAAI,CAAC,SAAS,CAAC;YACrC,WAAW,EAAE,WAAW,CAAC,KAAK,EAAE;YAChC,aAAa,EAAE,iBAAiB;YAChC,UAAU,EAAE,UAAU;SACgC,CAAC,CAAC;QAEzD,MAAM,aAAa,GAAG,eAAe,CAAC,QAAQ,CAAC,eAAe,CAAC,kBAAkB,EAAE,EAAE,CAAC,CAAC,CAAC;QACxF,MAAM,cAAc,GAAG,MAAM,CAAC,IAAI,CAAC,cAAc,EAAE,OAAO,CAAC,CAAC;QAC5D,MAAM,SAAS,GAAG,kBAAkB,CAAC,aAAa,CAAC,mBAAmB,CAAC,cAAc,CAAC,EAAE,CAAC,aAAa,CAAC,EAAE,IAAI,CAAC,CAAC;QAC/G,MAAM,eAAe,GAAG,MAAM,SAAS,CAAC,gBAAgB,EAAE,CAAC;QAE3D,MAAM,MAAM,GAAG,IAAI,6BAA6B,CAAC,eAAe,EAAE;YACjE,UAAU,EAAE,aAAa;SACzB,CAAC,CAAC;QACH,MAAM,MAAM,CAAC,YAAY,CAAC,aAAa,CAAC,CAAC;QACzC,OAAM,CAAC,MAAM,CAAC,CAAC;IAChB,CAAC;IAED,KAAK,CAAC,WAAW,CAAC,SAA0B;QAC3C,MAAM,IAAI,CAAC,SAAS,CAAC,WAAW,CAAC,SAAS,CAAC,CAAC;QAC5C,OAAM,CAAC,IAAI,CAAC,CAAC;IACd,CAAC;IAED,KAAK,CAAC,YAAY,CAAC,SAA0B;QAC5C,MAAM,IAAI,CAAC,SAAS,CAAC,YAAY,CAAC,SAAS,CAAC,CAAC;QAC7C,OAAM,CAAC,IAAI,CAAC,CAAC;IACd,CAAC;IAED,IAAI,UAAU;QACb,OAAM,CAAC,IAAI,CAAC,SAAS,CAAC,UAAU,CAAC,CAAC;IACnC,CAAC;IAED,KAAK,CAAC,SAAS;QACd,IAAI,IAAI,CAAC,iBAAiB,EAAE,CAAC;YAC5B,OAAO;QACR,CAAC;QACD,IAAI,CAAC,iBAAiB,GAAG,IAAI,CAAC;QAE9B,MAAM,cAAc,GAAG,MAAM,IAAI,CAAC,SAAS,CAAC,YAAY,EAAE,CAAC;QAE3D;;;;;WAKG;QACH,IAAI,0BAA0B,GAAgB,cAAc,CAAC;QAC7D,MAAM,mBAAmB,GAAG,IAAI,UAAU,CAAC,cAAc,CAAC,CAAC;QAC3D,MAAM,YAAY,GAAG,mBAAmB,CAAC,CAAC,CAAC,KAAK,IAAI,CAAC;QACrD,IAAI,YAAY,EAAE,CAAC;YAClB,0BAA0B,GAAG,MAAM,cAAc,CAAC,GAAG,CAAC,KAAK,CAAC,MAAM,CAAC,gBAAgB,CAAC,cAAc,CAAC,CAAC;QACrG,CAAC;QACD,MAAM,cAAc,GAAG,MAAM,CAAC,IAAI,CAAC,0BAA0B,CAAC,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC;QACjF,MAAM,YAAY,GAAY,IAAI,CAAC,KAAK,CAAC,cAAc,CAAC,CAAC;QACzD,MAAM,QAAQ,GAAG,iDAAiD,CAAC,YAAY,CAAC,CAAC;QAEjF,IAAI,CAAC,cAAc,GAAG,IAAI,GAAG,EAAmB,CAAC;QACjD,KAAK,MAAM,eAAe,IAAI,QAAQ,CAAC,aAAa,IAAI,EAAE,EAAE,CAAC;YAC5D,MAAM,gBAAgB,GAAG,IAAI,eAAe,CAAC,eAAe,CAAC,CAAC;YAC9D,IAAI,CAAC,cAAc,CAAC,GAAG,CAAC,gBAAgB,CAAC,CAAC;QAC3C,CAAC;QAED,IAAI,CAAC,YAAY,GAAG,IAAI,WAAW,CAAC,QAAQ,CAAC,WAAW,CAAC,CAAC;QAC1D,MAAM,iBAAiB,GAAG,MAAM,CAAC,OAAO,CAAC,QAAQ,CAAC,UAAU,CAAC,CAAC,GAAG,CAAC,KAAK,EAAE,CAAC,IAAI,EAAE,IAAI,CAAC,EAAsH,EAAE;YAC5M;;;;;;eAMG;YACH,yEAAyE;YACzE,MAAM,aAAa,GAAG,IAAI,CAAC,YAAY,EAAE,UAAU,CAAC,IAAiC,CAAC,CAAC;YAEvF,IAAI,CAAC,aAAa,EAAE,CAAC;gBACpB,MAAK,CAAC,IAAI,KAAK,CAAC,aAAa,IAAI,2BAA2B,CAAC,CAAC,CAAC;YAChE,CAAC;YAED,IAAI,aAAa,CAAC,SAAS,KAAK,IAAI,CAAC,SAAS,EAAE,CAAC;gBAChD,MAAK,CAAC,IAAI,KAAK,CAAC,aAAa,IAAI,wCAAwC,CAAC,CAAC,CAAC;YAC7E,CAAC;YAED,IAAI,CAAC,IAAI,CAAC,SAAS,EAAE,CAAC;gBACrB,IAAI,aAAa,CAAC,SAAS,EAAE,CAAC;oBAC7B,MAAK,CAAC,IAAI,KAAK,CAAC,aAAa,IAAI,wCAAwC,CAAC,CAAC,CAAC;gBAC7E,CAAC;gBAED,MAAM,SAAS,GAAG,aAAa,CAAC,KAAK,CAAC;gBACtC,MAAM,WAAW,GAAG,mBAAmB,CAAC,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,KAAK,EAAE,QAAQ,CAAC,CAAC,CAAC;gBAC3E,IAAI,WAAW,CAAC,UAAU,KAAK,SAAS,CAAC,UAAU,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,WAAW,CAAC,CAAC,MAAM,CAAC,MAAM,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC,EAAE,CAAC;oBACjH,MAAK,CAAC,IAAI,KAAK,CAAC,aAAa,IAAI,kCAAkC,CAAC,CAAC,CAAC;gBACvE,CAAC;gBAED,OAAM,CAAC,CAAC,IAAI,EAAE;wBACb,SAAS,EAAE,KAAK;wBAChB,KAAK,EAAE,WAAW;wBAClB,UAAU,EAAE,IAAI,CAAC,UAAU;qBAC3B,CAAC,CAAC,CAAC;YACL,CAAC;YAED,IAAI,CAAC,aAAa,CAAC,SAAS,EAAE,CAAC;gBAC9B,MAAK,CAAC,IAAI,KAAK,CAAC,aAAa,IAAI,wCAAwC,CAAC,CAAC,CAAC;YAC7E,CAAC;YAED,IAAI,CAAC,CAAC,MAAM,aAAa,CAAC,KAAK,CAAC,aAAa,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC;gBAC5D,MAAK,CAAC,IAAI,KAAK,CAAC,aAAa,IAAI,0BAA0B,CAAC,CAAC,CAAC;YAC/D,CAAC;YAED,MAAM,SAAS,GAAG,mBAAmB,CAAC,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,KAAK,CAAC,KAAK,EAAE,QAAQ,CAAC,CAAC,CAAC;YAE/E,OAAM,CAAC,CAAC,IAAI,EAAE;oBACb,SAAS,EAAE,IAAI;oBACf,KAAK,EAAE,SAAS;oBAChB,UAAU,EAAE,IAAI,CAAC,UAAU;iBAC3B,CAAC,CAAC,CAAC;QACL,CAAC,CAAC,CAAC;QACH,MAAM,kBAAkB,GAAG,MAAM,OAAO,CAAC,GAAG,CAAC,iBAAiB,CAAC,CAAC;QAChE,IAAI,CAAC,WAAW,GAAG,MAAM,CAAC,WAAW,CAAC,kBAAkB,CAAC,CAAC;IAC3D,CAAC;IAED,KAAK,CAAC,cAAc;QACnB,MAAM,IAAI,CAAC,SAAS,EAAE,CAAC;QACvB,IAAI,CAAC,IAAI,CAAC,YAAY,EAAE,CAAC;YACxB,MAAK,CAAC,IAAI,KAAK,CAAC,2CAA2C,CAAC,CAAC,CAAC;QAC/D,CAAC;QACD,OAAM,CAAC,IAAI,CAAC,YAAY,CAAC,CAAC;IAC3B,CAAC;IAED;;;;;;OAMG;IACH,KAAK,CAAC,gBAAgB;QACrB,MAAM,IAAI,CAAC,SAAS,EAAE,CAAC;QACvB,IAAI,IAAI,CAAC,cAAc,IAAI,IAAI,CAAC,cAAc,CAAC,IAAI,GAAG,CAAC,EAAE,CAAC;YACzD,OAAM,CAAC,IAAI,GAAG,CAAC,IAAI,CAAC,cAAc,CAAC,CAAC,CAAC;QACtC,CAAC;QACD,OAAM,CAAC,IAAI,GAAG,EAAE,CAAC,CAAC;IACnB,CAAC;IAED,KAAK,CAAC,kBAAkB,CAAC,IAAY;QACpC,MAAM,IAAI,CAAC,SAAS,EAAE,CAAC;QACvB,MAAM,IAAI,GAAG,IAAI,CAAC,WAAW,CAAC,IAAI,CAAC,CAAC;QACpC,OAAM,CAAC,IAAI,EAAE,KAAK,CAAC,CAAC;IACrB,CAAC;IAED,KAAK,CAAC,YAAY,CAAyC,IAAU;QACpE,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,kBAAkB,CAAC,IAAI,CAAC,CAAC;QACnD,IAAI,MAAM,KAAK,SAAS,EAAE,CAAC;YAC1B,OAAM,CAAC,SAAS,CAAC,CAAC;QACnB,CAAC;QAED,MAAM,oBAAoB,GAAG,MAAM,eAAe,CAAC,IAAI,EAAE,MAAM,EAAE,IAAI,CAAC,UAAU,CAAC,CAAC;QAElF;;;WAGG;QACH,MAAM,MAAM,GAAG,MAAM,UAAU,CAAC,oBAAoB,EAAE,KAAK,EAAE,GAAG,EAAE,KAAK,EAAE,MAAM,EAAE,EAAE;YAClF,IAAI,GAAG,KAAK,OAAO,EAAE,CAAC;gBACrB,IAAI,OAAO,MAAM,KAAK,QAAQ,IAAI,MAAM,KAAK,IAAI,EAAE,CAAC;oBACnD,MAAK,CAAC,IAAI,KAAK,CAAC,gCAAgC,CAAC,CAAC,CAAC;gBACpD,CAAC;gBACD,IAAI,CAAC,CAAC,QAAQ,IAAI,MAAM,CAAC,IAAI,OAAO,MAAM,CAAC,MAAM,KAAK,QAAQ,IAAI,MAAM,CAAC,MAAM,KAAK,IAAI,EAAE,CAAC;oBAC1F,MAAK,CAAC,IAAI,KAAK,CAAC,wCAAwC,CAAC,CAAC,CAAC;gBAC5D,CAAC;gBACD,MAAM,UAAU,GAAG,MAAM,CAAC,MAAM,CAAC;gBACjC,IAAI,CAAC,CAAC,QAAQ,IAAI,UAAU,CAAC,EAAE,CAAC;oBAC/B,MAAK,CAAC,IAAI,KAAK,CAAC,0CAA0C,CAAC,CAAC,CAAC;gBAC9D,CAAC;gBACD,IAAI,CAAC,MAAM,CAAC,QAAQ,CAAC,UAAU,CAAC,MAAM,CAAC,EAAE,CAAC;oBACzC,MAAK,CAAC,IAAI,SAAS,CAAC,8BAA8B,CAAC,CAAC,CAAC;gBACtD,CAAC;gBAED,IAAI,CAAC,CAAC,UAAU,IAAI,MAAM,CAAC,IAAI,OAAO,MAAM,CAAC,QAAQ,KAAK,QAAQ,IAAI,MAAM,CAAC,QAAQ,KAAK,IAAI,EAAE,CAAC;oBAChG,MAAK,CAAC,IAAI,KAAK,CAAC,0CAA0C,CAAC,CAAC,CAAC;gBAC9D,CAAC;gBACD,IAAI,CAAC,CAAC,aAAa,IAAI,MAAM,CAAC,QAAQ,CAAC,IAAI,OAAO,MAAM,CAAC,QAAQ,CAAC,WAAW,KAAK,QAAQ,EAAE,CAAC;oBAC5F,MAAK,CAAC,IAAI,KAAK,CAAC,sDAAsD,CAAC,CAAC,CAAC;gBAC1E,CAAC;gBAED,MAAM,WAAW,GAAG,UAAU,CAAC,MAAM,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC,WAAW,EAAE,CAAC;gBACpE,MAAM,cAAc,GAAG,IAAI,CAAC,WAAW,CAAC,IAAI,CAAC,EAAE,UAAU,EAAE,CAAC,WAAW,CAAC,CAAC;gBACzE,MAAM,WAAW,GAAG,MAAM,CAAC,QAAQ,CAAC,WAAW,CAAC;gBAChD,OAAM,CAAC,KAAK;oBACX,IAAI,CAAC,cAAc,EAAE,CAAC;wBACrB,MAAK,CAAC,IAAI,KAAK,CAAC,kCAAkC,WAAW,EAAE,CAAC,CAAC,CAAC;oBACnE,CAAC;oBACD,MAAM,aAAa,GAAG,MAAM,CAAC,IAAI,CAAC,cAAc,EAAE,QAAQ,CAAC,CAAC;oBAC5D,MAAM,eAAe,GAAG,mBAAmB,CAAC,aAAa,CAAC,CAAC;oBAE3D,gDAAgD;oBAChD,MAAM,SAAS,GAAG,MAAM,gBAAgB,CAAC,aAAa,EAAE,MAAM,CAAC,MAAM,CAAC,CAAC;oBACvE,IAAI,SAAS,KAAK,IAAI,EAAE,CAAC;wBACxB,MAAK,CAAC,SAAS,CAAC,CAAC;oBAClB,CAAC;oBAED,OAAM,CAAC,IAAI,IAAI,CAAC,CAAC,eAAe,CAAC,EAAE,EAAE,IAAI,EAAE,WAAW,EAAE,CAAC,CAAC,CAAC;gBAC5D,CAAC,CAAC,CAAC;YACJ,CAAC;YAED,OAAM,CAAC,KAAK,CAAC,CAAC;QACf,CAAC,CAAC,CAAC;QAEH;;WAEG;QACH,yEAAyE;QACzE,OAAO,MAA0C,CAAC;IACnD,CAAC;IAID,KAAK,CAAC,iBAAiB,CAAC,cAAwB;QAC/C,MAAM,IAAI,CAAC,SAAS,EAAE,CAAC;QACvB,MAAM,KAAK,GAAG,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,WAAW,CAAC,CAAC;QAE5C,IAAI,cAAc,EAAE,CAAC;YACpB,OAAM,CAAC,KAAK,CAAC,CAAC;QACf,CAAC;QAED,MAAM,UAAU,GAAG,KAAK,CAAC,MAAM,CAAC,UAAS,IAAI;YAC5C,OAAM,CAAC,IAAI,IAAI,yBAAyB,CAAC,CAAC;QAC3C,CAAC,CAAC,CAAC;QAEH,OAAM,CAAC,UAAU,CAAC,CAAC;IACpB,CAAC;IAMD,KAAK,CAAC,MAAM,CAAC,OAAoD;QAChE,OAAO,GAAG;YACT,MAAM,EAAE,aAAa;YACrB,GAAG,OAAO;SACV,CAAC;QAEF,IAAI,UAA6B,CAAC;QAClC,IAAI,CAAC;YACJ,UAAU,GAAG,IAAI,CAAC,SAAS,CAAC,UAAU,CAAC;QACxC,CAAC;QAAC,MAAM,CAAC;YACR,UAAU,GAAG,EAAE,CAAC;QACjB,CAAC;QACD,IAAI,UAAU,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YAC7B,MAAK,CAAC,IAAI,KAAK,CAAC,oEAAoE,CAAC,CAAC,CAAC;QACxF,CAAC;QAED,MAAM,YAAY,GAAG,MAAM,IAAI,CAAC,SAAS,CAAC,gBAAgB,EAAE,CAAC;QAC7D,IAAI,OAAO,CAAC,MAAM,KAAK,QAAQ,EAAE,CAAC;YACjC,MAAM,YAAY,GAAG,MAAM,CAAC,IAAI,CAAC,YAAY,CAAC,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC;YAClE,MAAM,WAAW,GAAG,CAAC,uCAAuC,CAAC,CAAC;YAC9D,WAAW,CAAC,IAAI,CAAC,GAAG,YAAY,CAAC,KAAK,CAAC,UAAU,CAAC,IAAI,EAAE,CAAC,CAAC;YAC1D,WAAW,CAAC,IAAI,CAAC,qCAAqC,CAAC,CAAC;YACxD,OAAM,CAAC,WAAW,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC;QAChC,CAAC;aAAM,IAAI,OAAO,CAAC,MAAM,KAAK,aAAa,EAAE,CAAC;YAC7C,OAAM,CAAC,YAAY,CAAC,CAAC;QACtB,CAAC;aAAM,CAAC;YACP,MAAK,CAAC,IAAI,KAAK,CAAC,8BAA8B,MAAM,CAAC,OAAO,CAAC,MAAM,CAAC,EAAE,CAAC,CAAC,CAAC;QAC1E,CAAC;IACF,CAAC;;AAGF,aAAa;AACb,WAAW,CAAC,kBAAkB,GAAG,6BAA6B,CAAC;AAE/D,gBAAgB;AAChB,MAAM,CAAC,MAAM,QAAQ,GAAG;IACvB,kBAAkB;IAClB,YAAY,EAAE,IAAI,CAAC,YAAY;IAC/B,iBAAiB,EAAE,IAAI,CAAC,iBAAiB;IACzC,QAAQ,EAAE,IAAI,CAAC,QAAQ;IACvB,oBAAoB;IACpB,eAAe;IACf,wBAAwB;IACxB,iBAAiB;IACjB,iBAAiB;IACjB,2BAA2B;IAC3B,0BAA0B;CAC1B,CAAC","sourcesContent":["import * as KeetaNetClient from '@keetanetwork/keetanet-client';\nimport * as oids from '../services/kyc/oids.generated.js';\nimport * as ASN1 from './utils/asn1.js';\nimport { arrayBufferToBuffer, Buffer, bufferToArrayBuffer } from './utils/buffer.js';\nimport { assertNever } from './utils/never.js';\nimport type { CertificateAttributeValue } from '../services/kyc/iso20022.generated.js';\nimport { CertificateAttributeOIDDB, CertificateAttributeSchema } from '../services/kyc/iso20022.generated.js';\nimport { lookupByOID } from './utils/oid.js';\nimport { EncryptedContainer } from './encrypted-container.js';\nimport { assertSharableCertificateAttributesContentsSchema } from './certificates.generated.js';\nimport { checkHashWithOID } from './utils/external.js';\nimport { SensitiveAttribute, encodeForSensitive, encodeAttribute, type CertificateAttributeNames } from './sensitive-attribute.js';\nexport { SensitiveAttribute } from './sensitive-attribute.js';\nexport type { CertificateAttributeNames } from './sensitive-attribute.js';\n\n/**\n * Short alias for the KeetaNetAccount type\n */\nconst KeetaNetAccount: typeof KeetaNetClient.lib.Account = KeetaNetClient.lib.Account;\n\n/* ENUM */\ntype AccountKeyAlgorithm = InstanceType<typeof KeetaNetClient.lib.Account>['keyType'];\n\n/**\n * An alias for the KeetaNetAccount type\n */\ntype KeetaNetAccount = ReturnType<typeof KeetaNetClient.lib.Account.fromSeed<AccountKeyAlgorithm>>;\n\n/*\n * Base Certificate types, aliased for convenience\n */\ntype BaseCertificateClass = typeof KeetaNetClient.lib.Utils.Certificate.Certificate;\ntype BaseCertificate = InstanceType<BaseCertificateClass>;\nconst BaseCertificate: BaseCertificateClass = KeetaNetClient.lib.Utils.Certificate.Certificate;\ntype BaseCertificateBuilderClass = typeof KeetaNetClient.lib.Utils.Certificate.CertificateBuilder;\ntype BaseCertificateBuilder = InstanceType<BaseCertificateBuilderClass>;\nconst BaseCertificateBuilder: BaseCertificateBuilderClass = KeetaNetClient.lib.Utils.Certificate.CertificateBuilder;\n\nfunction isPlainObject(value: unknown): value is { [key: string]: unknown } {\n\treturn(typeof value === 'object' && value !== null && !Array.isArray(value));\n}\n\n/**\n * Recursively normalize object properties\n */\nfunction normalizeDecodedASN1Object(obj: object, principals: KeetaNetAccount[]): { [key: string]: unknown } {\n\tconst result: { [key: string]: unknown } = {};\n\tfor (const [key, value] of Object.entries(obj)) {\n\t\t// eslint-disable-next-line @typescript-eslint/no-use-before-define\n\t\tresult[key] = normalizeDecodedASN1(value, principals);\n\t}\n\treturn(result);\n}\n\n/**\n * Post-process the output from toJavaScriptObject() to:\n * 1. Unwrap any remaining ASN.1-like objects (from IsAnyString/IsAnyDate)\n * 2. Add domain-specific $blob function to Reference objects\n */\nfunction normalizeDecodedASN1(input: unknown, principals: KeetaNetAccount[]): unknown {\n\t// Handle primitives\n\tif (input === undefined || input === null || typeof input !== 'object') {\n\t\treturn(input);\n\t}\n\tif (input instanceof Date || Buffer.isBuffer(input) || input instanceof ArrayBuffer) {\n\t\treturn(input);\n\t}\n\n\t// Handle arrays\n\tif (Array.isArray(input)) {\n\t\treturn(input.map(item => normalizeDecodedASN1(item, principals)));\n\t}\n\n\t// Unwrap ASN.1-like objects from ambiguous schemas (IsAnyString, IsAnyDate, IsBitString)\n\t// These are plain objects like { type: 'string', kind: 'utf8', value: 'text' }\n\t// eslint-disable-next-line @typescript-eslint/consistent-type-assertions\n\tconst obj = input as { type?: string; kind?: string; value?: unknown; unusedBits?: number; contains?: unknown };\n\tif (obj.type === 'string' && 'value' in obj && typeof obj.value === 'string') {\n\t\treturn(obj.value);\n\t}\n\tif (obj.type === 'date' && 'value' in obj && obj.value instanceof Date) {\n\t\treturn(obj.value);\n\t}\n\tif (obj.type === 'bitstring' && 'value' in obj && Buffer.isBuffer(obj.value)) {\n\t\treturn(obj.value);\n\t}\n\n\t// Check if this is a Reference object (has external.url and digest fields)\n\tif ('external' in obj && 'digest' in obj && isPlainObject(obj.external) && isPlainObject(obj.digest)) {\n\t\t// eslint-disable-next-line @typescript-eslint/consistent-type-assertions\n\t\tconst ref = obj as { external: { url?: string; contentType?: string }; digest?: { digestAlgorithm?: string | { oid?: string }; digest?: unknown }; encryptionAlgorithm?: string | { oid?: string }};\n\t\tconst url = ref.external.url;\n\t\tconst mimeType = ref.external.contentType;\n\n\t\t// After toJavaScriptObject(), OIDs are strings, not {oid: string}\n\t\tconst encryptionAlgoOID = typeof ref.encryptionAlgorithm === 'string'\n\t\t\t? ref.encryptionAlgorithm\n\t\t\t: ref.encryptionAlgorithm?.oid;\n\t\tconst digestInfo = ref.digest;\n\n\t\tif (typeof url === 'string' && typeof mimeType === 'string' && digestInfo) {\n\t\t\tlet cachedValue: Blob | null = null;\n\n\t\t\treturn({\n\t\t\t\t...normalizeDecodedASN1Object(obj, principals),\n\t\t\t\t$blob: async function(additionalPrincipals?: ConstructorParameters<typeof EncryptedContainer>[0]): Promise<Blob> {\n\t\t\t\t\tif (cachedValue) {\n\t\t\t\t\t\treturn(cachedValue);\n\t\t\t\t\t}\n\n\t\t\t\t\tconst fetchResult = await fetch(url);\n\t\t\t\t\tif (!fetchResult.ok) {\n\t\t\t\t\t\tthrow(new Error(`Failed to fetch remote data from ${url}: ${fetchResult.status} ${fetchResult.statusText}`));\n\t\t\t\t\t}\n\n\t\t\t\t\tconst dataBlob = await fetchResult.blob();\n\t\t\t\t\tlet data = await dataBlob.arrayBuffer();\n\n\t\t\t\t\t// Handle JSON base64 encoding\n\t\t\t\t\tif (dataBlob.type === 'application/json') {\n\t\t\t\t\t\ttry {\n\t\t\t\t\t\t\tconst asJSON: unknown = JSON.parse(Buffer.from(data).toString('utf-8'));\n\t\t\t\t\t\t\tif (isPlainObject(asJSON) && Object.keys(asJSON).length === 2) {\n\t\t\t\t\t\t\t\tif ('data' in asJSON && typeof asJSON.data === 'string' && 'mimeType' in asJSON && typeof asJSON.mimeType === 'string') {\n\t\t\t\t\t\t\t\t\tdata = bufferToArrayBuffer(Buffer.from(asJSON.data, 'base64'));\n\t\t\t\t\t\t\t\t}\n\t\t\t\t\t\t\t}\n\t\t\t\t\t\t} catch {\n\t\t\t\t\t\t\t/* Ignored */\n\t\t\t\t\t\t}\n\t\t\t\t\t}\n\n\t\t\t\t\t// Decrypt if needed\n\t\t\t\t\tif (encryptionAlgoOID) {\n\t\t\t\t\t\tswitch (encryptionAlgoOID) {\n\t\t\t\t\t\t\tcase '1.3.6.1.4.1.62675.2':\n\t\t\t\t\t\t\tcase 'KeetaEncryptedContainerV1': {\n\t\t\t\t\t\t\t\tconst container = EncryptedContainer.fromEncryptedBuffer(data, [\n\t\t\t\t\t\t\t\t\t...principals,\n\t\t\t\t\t\t\t\t\t...(additionalPrincipals ?? [])\n\t\t\t\t\t\t\t\t]);\n\t\t\t\t\t\t\t\tdata = await container.getPlaintext();\n\t\t\t\t\t\t\t\tbreak;\n\t\t\t\t\t\t\t}\n\t\t\t\t\t\t\tdefault:\n\t\t\t\t\t\t\t\tthrow(new Error(`Unsupported encryption algorithm OID: ${encryptionAlgoOID}`));\n\t\t\t\t\t\t}\n\t\t\t\t\t}\n\n\t\t\t\t\t// Verify hash (checkHashWithOID now accepts string OIDs directly)\n\t\t\t\t\tif (!Buffer.isBuffer(digestInfo.digest)) {\n\t\t\t\t\t\tthrow(new TypeError('Digest value is not a buffer'));\n\t\t\t\t\t}\n\n\t\t\t\t\tconst validHash = await checkHashWithOID(data, digestInfo);\n\t\t\t\t\tif (validHash !== true) {\n\t\t\t\t\t\tthrow(validHash);\n\t\t\t\t\t}\n\n\t\t\t\t\tconst blob = new Blob([data], { type: mimeType });\n\t\t\t\t\tcachedValue = blob;\n\t\t\t\t\treturn(blob);\n\t\t\t\t}\n\t\t\t});\n\t\t}\n\t}\n\n\t// Recursively process plain objects\n\treturn(normalizeDecodedASN1Object(obj, principals));\n}\n\nfunction isBlob(input: unknown): input is Blob {\n\tif (typeof input !== 'object' || input === null) {\n\t\treturn(false);\n\t}\n\n\tif (!('arrayBuffer' in input)) {\n\t\treturn(false);\n\t}\n\n\tif (typeof input.arrayBuffer !== 'function') {\n\t\treturn(false);\n\t}\n\n\treturn(true);\n}\n\nasync function walkObject(input: unknown, keyTransformer?: (key: string, input: unknown, keyParentObject: object) => Promise<unknown>): Promise<unknown> {\n\tkeyTransformer ??= async function(input: unknown): Promise<unknown> {\n\t\treturn(input);\n\t};\n\n\tif (typeof input !== 'object' || input === null) {\n\t\treturn(input);\n\t}\n\n\tif (Buffer.isBuffer(input)) {\n\t\treturn(input);\n\t}\n\n\tif (typeof input === 'function') {\n\t\treturn(input);\n\t}\n\n\tif (input instanceof Date) {\n\t\treturn(input);\n\t}\n\n\tif (Array.isArray(input)) {\n\t\tconst newArray = [];\n\t\tlet key = -1;\n\t\tfor (const item of input) {\n\t\t\tkey++;\n\t\t\tnewArray.push(await walkObject(await keyTransformer(String(key), item, input), keyTransformer));\n\t\t}\n\t\treturn(newArray);\n\t}\n\n\tconst newObj: { [key: string]: unknown } = {};\n\tfor (const [key, value] of Object.entries(input)) {\n\t\tnewObj[key] = await walkObject(await keyTransformer(key, value, input), keyTransformer);\n\t}\n\treturn(newObj);\n}\n\n// Generic type guard to align decoded values with generated attribute types\nfunction isAttributeValue<NAME extends CertificateAttributeNames>(\n\t_name: NAME,\n\t_v: unknown\n): _v is CertificateAttributeValue<NAME> {\n\t// Runtime schema validation is already performed by BufferStorageASN1; this guard\n\t// serves to inform TypeScript of the precise type tied to the attribute name.\n\treturn(true);\n}\n\n// Helper to apply type guard once and return the properly typed value\nfunction asAttributeValue<NAME extends CertificateAttributeNames>(\n\tname: NAME,\n\tv: unknown\n): CertificateAttributeValue<NAME> {\n\tif (!isAttributeValue(name, v)) {\n\t\tthrow(new Error('internal error: decoded value did not match expected type'));\n\t}\n\treturn(v);\n}\n\nfunction assertCertificateAttributeNames(name: string): asserts name is CertificateAttributeNames {\n\tif (!(name in CertificateAttributeOIDDB)) {\n\t\tthrow(new Error(`Unknown attribute name: ${name}`));\n\t}\n}\n\nfunction asCertificateAttributeNames(name: string): CertificateAttributeNames {\n\tassertCertificateAttributeNames(name);\n\treturn(name);\n}\n\nfunction unwrapSingleLayer(schema: ASN1.Schema): ASN1.Schema {\n\tif (typeof schema === 'object' && schema !== null && 'type' in schema && schema.type === 'context') {\n\t\treturn(schema.contains);\n\t}\n\n\treturn(schema);\n}\n\nfunction unwrapFieldSchema(fieldSchema: ASN1.Schema): ASN1.Schema {\n\tif (typeof fieldSchema === 'object' && fieldSchema !== null && 'optional' in fieldSchema) {\n\t\tconst unwrapped = unwrapSingleLayer(fieldSchema.optional);\n\t\treturn({ optional: unwrapped });\n\t}\n\n\treturn(unwrapSingleLayer(fieldSchema));\n}\n\n/**\n * Create a backwards-compatible version of a schema by removing context tag wrappers from struct fields.\n */\nfunction unwrapContextTagsFromSchema(schema: ASN1.Schema): ASN1.Schema {\n\t// If it's a struct, unwrap context tags from its fields\n\tif (typeof schema === 'object' && schema !== null && 'type' in schema && schema.type === 'struct') {\n\t\tconst unwrappedContains: { [key: string]: ASN1.Schema } = {};\n\t\tfor (const [fieldName, fieldSchema] of Object.entries(schema.contains)) {\n\t\t\tunwrappedContains[fieldName] = unwrapFieldSchema(fieldSchema);\n\t\t}\n\n\t\treturn({\n\t\t\ttype: 'struct',\n\t\t\tfieldNames: schema.fieldNames,\n\t\t\tcontains: unwrappedContains\n\t\t});\n\t}\n\n\treturn(schema);\n}\n\n/**\n * Fallback decoder for entityType attribute from old certificates.\n * Transforms raw ASN1 into the expected EntityType structure.\n */\nfunction decodeEntityTypeFallback(value: ArrayBuffer, principals: KeetaNetAccount[]): unknown {\n\tconst rawASN1 = ASN1.ASN1toJS(value);\n\t// Per EntityTypeSchema: value 0 = organization, value 1 = person\n\t// eslint-disable-next-line @typescript-eslint/consistent-type-assertions\n\tconst choiceTag = (Array.isArray(rawASN1) ? rawASN1[0] : rawASN1) as { type?: string; value?: number; contains?: unknown };\n\tif (choiceTag?.type === 'context' && typeof choiceTag.value === 'number') {\n\t\t/*\n\t\t * Transform schemeName CHOICE\n\t\t */\n\t\tfunction transformSchemeName(raw: unknown): unknown {\n\t\t\t// eslint-disable-next-line @typescript-eslint/consistent-type-assertions\n\t\t\tconst ctx = raw as { type?: string; value?: number; contains?: unknown };\n\t\t\tif (ctx?.type === 'context' && typeof ctx.value === 'number') {\n\t\t\t\treturn(normalizeDecodedASN1(ctx.contains, principals));\n\t\t\t}\n\n\t\t\treturn(normalizeDecodedASN1(raw, principals));\n\t\t}\n\n\t\t/*\n\t\t * Transform identification arrays into proper objects\n\t\t */\n\t\tfunction transformIdentifications(items: unknown): unknown {\n\t\t\tif (!Array.isArray(items)) {\n\t\t\t\treturn(normalizeDecodedASN1(items, principals));\n\t\t\t}\n\n\t\t\treturn(items.map(function(item) {\n\t\t\t\tif (!Array.isArray(item)) {\n\t\t\t\t\treturn(normalizeDecodedASN1(item, principals));\n\t\t\t\t}\n\t\t\t\t// Position 0 is always 'id'\n\t\t\t\t// Position 1 could be 'issuer' (string) or 'schemeName' (object/array)\n\t\t\t\t// Position 2 (if exists) is 'schemeName'\n\t\t\t\tconst result: { id?: unknown; issuer?: unknown; schemeName?: unknown } = {};\n\t\t\t\tif (item.length >= 1) {\n\t\t\t\t\tresult.id = normalizeDecodedASN1(item[0], principals);\n\t\t\t\t}\n\n\t\t\t\tif (item.length === 2) {\n\t\t\t\t\t// eslint-disable-next-line @typescript-eslint/no-unsafe-assignment\n\t\t\t\t\tconst val = item[1];\n\t\t\t\t\tif (typeof val === 'string') {\n\t\t\t\t\t\tresult.issuer = val;\n\t\t\t\t\t} else {\n\t\t\t\t\t\tresult.schemeName = transformSchemeName(val);\n\t\t\t\t\t}\n\t\t\t\t} else if (item.length >= 3) {\n\t\t\t\t\tresult.issuer = normalizeDecodedASN1(item[1], principals);\n\t\t\t\t\tresult.schemeName = transformSchemeName(item[2]);\n\t\t\t\t}\n\n\t\t\t\treturn(result);\n\t\t\t}));\n\t\t}\n\n\t\tconst transformed = transformIdentifications(choiceTag.contains);\n\t\tif (choiceTag.value === 0) {\n\t\t\treturn({ organization: transformed });\n\t\t} else if (choiceTag.value === 1) {\n\t\t\treturn({ person: transformed });\n\t\t}\n\t}\n\n\t// Fallback to raw normalized output\n\treturn(normalizeDecodedASN1(rawASN1, principals));\n}\n\nasync function decodeAttribute<NAME extends CertificateAttributeNames>(name: NAME, value: ArrayBuffer, principals: KeetaNetAccount[]): Promise<CertificateAttributeValue<NAME>> {\n\tconst schema = CertificateAttributeSchema[name];\n\n\tlet decodedASN1: ASN1.ASN1AnyJS | undefined;\n\tlet usedSchema = schema;\n\ttry {\n\t\t// Try with current schema (includes context tags for structs with optional fields)\n\t\t// @ts-expect-error\n\t\tdecodedASN1 = new ASN1.BufferStorageASN1(value, schema).getASN1();\n\t} catch (firstError) {\n\t\t// Fallback: try with backwards-compatible schema (context tags stripped)\n\t\t// This supports old certificates encoded before context tags were added\n\t\ttry {\n\t\t\t// Special handling for entityType\n\t\t\tif (name === 'entityType') {\n\t\t\t\tconst candidate = decodeEntityTypeFallback(value, principals);\n\t\t\t\treturn(asAttributeValue(name, candidate));\n\t\t\t}\n\n\t\t\tconst backwardsCompatSchema = unwrapContextTagsFromSchema(schema);\n\t\t\t// eslint-disable-next-line @typescript-eslint/no-unsafe-assignment\n\t\t\tdecodedASN1 = new ASN1.BufferStorageASN1(value, backwardsCompatSchema).getASN1();\n\t\t\tusedSchema = backwardsCompatSchema;\n\t\t} catch {\n\t\t\t// If both fail, throw the original error\n\t\t\tthrow(firstError);\n\t\t}\n\t}\n\n\tif (!decodedASN1) {\n\t\tthrow(new Error('Failed to decode ASN1 data'));\n\t}\n\n\tconst validator = new ASN1.ValidateASN1(usedSchema);\n\tconst plainObject = validator.toJavaScriptObject(decodedASN1);\n\n\t// Post-process to:\n\t// 1. Unwrap any remaining ASN.1-like objects\n\t// 2. Add domain-specific $blob function to Reference objects\n\t// @ts-expect-error\n\tconst candidate = normalizeDecodedASN1(plainObject, principals);\n\treturn(asAttributeValue(name, candidate));\n}\n\ntype BaseCertificateBuilderParams = NonNullable<ConstructorParameters<BaseCertificateBuilderClass>[0]>;\ntype CertificateBuilderParams = Required<Pick<BaseCertificateBuilderParams, 'issuer' | 'validFrom' | 'validTo' | 'serial' | 'hashLib' | 'issuerDN' | 'subjectDN' | 'isCA'> & {\n\t/**\n\t * The key of the subject -- used for Sensitive Attributes as well\n\t * as the certificate Subject\n\t */\n\tsubject: BaseCertificateBuilderParams['subjectPublicKey'];\n}>;\n\n/**\n * ASN.1 Schema for Certificate KYC Attributes Extension\n *\n * KYCAttributes DEFINITIONS ::= BEGIN\n * KYCAttributes ::= SEQUENCE OF Attribute\n * Attribute ::= SEQUENCE {\n * -- Name of the attribute\n * name OBJECT IDENTIFIER,\n * -- Value of this attribute\n * value CHOICE {\n * -- A plain value, not sensitive\n * plainValue [0] IMPLICIT OCTET STRING,\n * -- A sensitive value, encoded as a SensitiveAttribute in DER encoding\n * sensitiveValue [1] IMPLICIT OCTET STRING\n * }\n * }\n * END\n *\n * https://keeta.notion.site/Keeta-KYC-Certificate-Extensions-13e5da848e588042bdcef81fc40458b7\n *\n */\nconst CertificateKYCAttributeSchemaValidation = {\n\tsequenceOf: [ASN1.ValidateASN1.IsOID, {\n\t\tchoice: [\n\t\t\t{ type: 'context' as const, value: 0 as const, kind: 'implicit' as const, contains: ASN1.ValidateASN1.IsOctetString },\n\t\t\t{ type: 'context' as const, value: 1 as const, kind: 'implicit' as const, contains: ASN1.ValidateASN1.IsOctetString }\n\t\t]\n\t}]\n} satisfies ASN1.Schema;\n\n/** @internal */\ntype CertificateKYCAttributeSchema = ASN1.SchemaMap<typeof CertificateKYCAttributeSchemaValidation>;\n\n// Attribute input type sourced from generated definitions\ntype CertificateAttributeInput<NAME extends CertificateAttributeNames> = CertificateAttributeValue<NAME>;\n\nexport class CertificateBuilder extends BaseCertificateBuilder {\n\treadonly #attributes: {\n\t\t[name: string]:\n\t\t\t| { sensitive: false; value: ArrayBuffer }\n\t\t\t| { sensitive: true; attribute: SensitiveAttribute<unknown> }\n\t} = {};\n\n\treadonly #subjectPublicKeyString: string | undefined;\n\n\t/**\n\t * Map the parameters from the public interface to the internal\n\t * (Certificate library) interface\n\t */\n\tprivate static mapParams(params?: Partial<CertificateBuilderParams>): Partial<BaseCertificateBuilderParams> {\n\t\tconst paramsCopy = { ...params };\n\t\tlet subjectPublicKey;\n\t\tif (paramsCopy.subject) {\n\t\t\tsubjectPublicKey = paramsCopy.subject;\n\t\t\tdelete(paramsCopy.subject);\n\t\t}\n\t\tconst retval: Partial<BaseCertificateBuilderParams> = paramsCopy;\n\t\tif (subjectPublicKey) {\n\t\t\tretval.subjectPublicKey = subjectPublicKey;\n\t\t}\n\t\treturn(retval);\n\t}\n\n\tconstructor(params?: Partial<CertificateBuilderParams>) {\n\t\tsuper(CertificateBuilder.mapParams(params));\n\t\tif (params?.subject) {\n\t\t\tthis.#subjectPublicKeyString = params.subject.publicKeyString.get();\n\t\t}\n\t}\n\n\t/**\n\t * Set a non-sensitive KYC Attribute to a given value.\n\t *\n\t * For sensitive attributes, use `setSensitiveAttribute` with a\n\t * pre-created `SensitiveAttribute` instance.\n\t */\n\tsetAttribute<NAME extends CertificateAttributeNames>(name: NAME, value: CertificateAttributeInput<NAME>): void {\n\t\tconst schemaValidator = CertificateAttributeSchema[name];\n\t\tlet encoded: ArrayBuffer;\n\t\tif (value instanceof ArrayBuffer) {\n\t\t\tencoded = value;\n\t\t} else if (name in CertificateAttributeSchema) {\n\t\t\tencoded = bufferToArrayBuffer(encodeForSensitive(name, value));\n\t\t} else if (schemaValidator === ASN1.ValidateASN1.IsDate) {\n\t\t\tif (!(value instanceof Date)) {\n\t\t\t\tthrow(new Error('Expected Date value'));\n\t\t\t}\n\n\t\t\tencoded = encodeAttribute(name, value);\n\t\t} else if (schemaValidator === ASN1.ValidateASN1.IsString && typeof value === 'string') {\n\t\t\tencoded = encodeAttribute(name, value);\n\t\t} else {\n\t\t\tthrow(new Error('Unsupported attribute value type'));\n\t\t}\n\n\t\tthis.#attributes[name] = {\n\t\t\tsensitive: false,\n\t\t\tvalue: encoded\n\t\t};\n\t}\n\n\t/**\n\t * Set a pre-built SensitiveAttribute for a given attribute name.\n\t *\n\t * The attribute must have been encrypted for this certificate's subject.\n\t *\n\t * @throws Error if the attribute was encrypted for a different subject\n\t */\n\tsetSensitiveAttribute<NAME extends CertificateAttributeNames>(\n\t\tname: NAME,\n\t\tattribute: SensitiveAttribute<CertificateAttributeValue<NAME>>\n\t): void {\n\t\tif (this.#subjectPublicKeyString && attribute.publicKey !== this.#subjectPublicKeyString) {\n\t\t\tthrow(new Error('SensitiveAttribute was encrypted for a different subject'));\n\t\t}\n\t\tthis.#attributes[name] = {\n\t\t\tsensitive: true,\n\t\t\tattribute\n\t\t};\n\t}\n\n\tprotected async addExtensions(...args: Parameters<BaseCertificateBuilder['addExtensions']>): ReturnType<BaseCertificateBuilder['addExtensions']> {\n\t\tconst retval = await super.addExtensions(...args);\n\t\t/* Encode the attributes */\n\t\tconst certAttributes: CertificateKYCAttributeSchema = [];\n\n\t\tfor (const [name, attribute] of Object.entries(this.#attributes)) {\n\t\t\tif (!(name in CertificateAttributeOIDDB)) {\n\t\t\t\tthrow(new Error(`Unknown attribute: ${name}`));\n\t\t\t}\n\n\t\t\tassertCertificateAttributeNames(name);\n\t\t\tconst nameOID = CertificateAttributeOIDDB[name];\n\n\t\t\tlet value: Buffer;\n\t\t\tif (attribute.sensitive) {\n\t\t\t\tvalue = arrayBufferToBuffer(attribute.attribute.toDER());\n\t\t\t} else {\n\t\t\t\tvalue = arrayBufferToBuffer(attribute.value);\n\t\t\t}\n\n\t\t\tcertAttributes.push([{\n\t\t\t\ttype: 'oid',\n\t\t\t\toid: nameOID\n\t\t\t}, {\n\t\t\t\ttype: 'context',\n\t\t\t\tkind: 'implicit',\n\t\t\t\tvalue: attribute.sensitive ? 1 : 0,\n\t\t\t\tcontains: value\n\t\t\t}]);\n\t\t}\n\n\t\tif (certAttributes.length > 0) {\n\t\t\tretval.push(\n\t\t\t\tBaseCertificateBuilder.extension(oids.keeta.KYC_ATTRIBUTES, certAttributes)\n\t\t\t);\n\t\t}\n\n\t\treturn(retval);\n\t}\n\n\t/**\n\t * Create a Certificate object from the builder\n\t *\n\t * The parameters passed in are merged with the parameters passed in\n\t * when constructing the builder\n\t */\n\tasync build(params?: Partial<CertificateBuilderParams>): Promise<Certificate> {\n\t\tconst paramsCopy = CertificateBuilder.mapParams(params);\n\t\tconst certificate = await super.buildDER(paramsCopy);\n\t\t// eslint-disable-next-line @typescript-eslint/no-use-before-define\n\t\tconst certificateObject = new Certificate(certificate, {\n\t\t\t/**\n\t\t\t * Specify the moment as `null` to avoid validation\n\t\t\t * of the certificate's validity period. We don't\n\t\t\t * care if the certificate is expired or not for\n\t\t\t * the purposes of this builder.\n\t\t\t */\n\t\t\tmoment: null\n\t\t});\n\n\t\treturn(certificateObject);\n\t}\n}\n\nexport class Certificate extends BaseCertificate {\n\tprivate readonly subjectKey: KeetaNetAccount;\n\tstatic readonly Builder: typeof CertificateBuilder = CertificateBuilder;\n\tstatic readonly SharableAttributes: typeof SharableCertificateAttributes;\n\n\t/**\n * User KYC Attributes\n */\n\treadonly attributes: {\n\t\t[name in CertificateAttributeNames]?: {\n\t\t\tsensitive: true;\n\t\t\tvalue: SensitiveAttribute<CertificateAttributeValue<name>>;\n\t\t} | {\n\t\t\tsensitive: false;\n\t\t\tvalue: ArrayBuffer;\n\t\t}\n\t} = {};\n\n\tconstructor(input: ConstructorParameters<BaseCertificateClass>[0], options?: ConstructorParameters<BaseCertificateClass>[1] & { subjectKey?: KeetaNetAccount }) {\n\t\tsuper(input, options);\n\n\t\tthis.subjectKey = options?.subjectKey ?? this.subjectPublicKey;\n\n\t\tsuper.finalizeConstruction();\n\t}\n\n\tprotected finalizeConstruction(): void {\n\t\t/* Do nothing, we call the super method in the constructor */\n\t}\n\n\tprivate setPlainAttribute<NAME extends CertificateAttributeNames>(name: NAME, value: ArrayBuffer): void {\n\t\t// @ts-ignore\n\t\tthis.attributes[name] = { sensitive: false, value } satisfies typeof this.attributes[NAME];\n\t}\n\n\tprivate setSensitiveAttribute<NAME extends CertificateAttributeNames>(name: NAME, value: ArrayBuffer): void {\n\t\tconst decodeForSensitive = async (data: Buffer | ArrayBuffer): Promise<CertificateAttributeValue<NAME>> => {\n\t\t\tconst bufferInput = Buffer.isBuffer(data) ? bufferToArrayBuffer(data) : data;\n\t\t\treturn(await decodeAttribute(name, bufferInput, [this.subjectKey]));\n\t\t};\n\t\tthis.attributes[name] = {\n\t\t\tsensitive: true,\n\t\t\tvalue: new SensitiveAttribute(this.subjectKey, value, decodeForSensitive)\n\t\t} satisfies typeof this.attributes[NAME];\n\t}\n\n\t/**\n\t * Get the underlying value for an attribute.\n\t *\n\t * If the attribute is sensitive, this will decrypt it using the\n\t * subject's private key, otherwise it will return the value.\n\t */\n\tasync getAttributeValue<NAME extends CertificateAttributeNames>(attributeName: NAME): Promise<CertificateAttributeValue<NAME>> {\n\t\tconst attr = this.attributes[attributeName]?.value;\n\t\tif (!attr) {\n\t\t\tthrow(new Error(`Attribute ${attributeName} is not available`));\n\t\t}\n\n\t\tif (attr instanceof SensitiveAttribute) {\n\t\t\tconst raw = await attr.get();\n\t\t\treturn(await decodeAttribute(attributeName, raw, [this.subjectKey]));\n\t\t}\n\n\t\t// Non-sensitive: ArrayBuffer or Buffer\n\t\tif (attr instanceof ArrayBuffer || Buffer.isBuffer(attr)) {\n\t\t\treturn(await decodeAttribute(attributeName, attr, [this.subjectKey]));\n\t\t}\n\n\t\tthrow(new Error(`Attribute ${attributeName} is not a supported type`));\n\t}\n\n\tprotected processExtension(id: string, value: ArrayBuffer): boolean {\n\t\tif (super.processExtension(id, value)) {\n\t\t\treturn(true);\n\t\t}\n\n\t\tif (id === oids.keeta.KYC_ATTRIBUTES) {\n\t\t\tconst attributesRaw = new ASN1.BufferStorageASN1(value, CertificateKYCAttributeSchemaValidation).getASN1();\n\n\t\t\tfor (const attribute of attributesRaw) {\n\t\t\t\tconst nameString = lookupByOID(attribute[0].oid, CertificateAttributeOIDDB);\n\t\t\t\tconst name = asCertificateAttributeNames(nameString);\n\t\t\t\tconst valueKind = attribute[1].value;\n\t\t\t\tconst value = bufferToArrayBuffer(attribute[1].contains);\n\n\t\t\t\tswitch (valueKind) {\n\t\t\t\t\tcase 0:\n\t\t\t\t\t\t/* Plain Value */\n\t\t\t\t\t\tthis.setPlainAttribute(name, value);\n\t\t\t\t\t\tbreak;\n\t\t\t\t\tcase 1:\n\t\t\t\t\t\t/* Sensitive Value */\n\t\t\t\t\t\tthis.setSensitiveAttribute(name, value);\n\t\t\t\t\t\tbreak;\n\t\t\t\t\tdefault:\n\t\t\t\t\t\tassertNever(valueKind);\n\t\t\t\t}\n\t\t\t}\n\n\t\t\treturn(true);\n\t\t}\n\n\t\treturn(false);\n\t}\n}\n\n// eslint-disable-next-line @typescript-eslint/no-namespace\nexport namespace SharableCertificateAttributesTypes {\n\texport type ExportOptions = {\n\t\t/**\n\t\t * Format of the exported data\n\t\t * - 'string': PEM-encoded string\n\t\t * - 'arraybuffer': raw ArrayBuffer\n\t\t */\n\t\tformat?: 'string' | 'arraybuffer';\n\t};\n\texport type ImportOptions = {\n\t\t/**\n\t\t * Principals that will be used to try to access the\n\t\t * encrypted contents of the sharable certificate\n\t\t */\n\t\tprincipals?: Set<KeetaNetAccount> | KeetaNetAccount[] | KeetaNetAccount | null;\n\t};\n\texport type ContentsSchema = {\n\t\tcertificate: string;\n\t\tintermediates?: string[] | undefined;\n\t\tattributes: {\n\t\t\t[name: string]: {\n\t\t\t\tsensitive: true;\n\t\t\t\tvalue: Awaited<ReturnType<SensitiveAttribute['getProof']>>;\n\t\t\t\treferences?: { [id: string]: string };\n\t\t\t} | {\n\t\t\t\tsensitive: false;\n\t\t\t\tvalue: string;\n\t\t\t\treferences?: { [id: string]: string };\n\t\t\t}\n\t\t};\n\t};\n};\ntype SharableCertificateAttributesExportOptions = SharableCertificateAttributesTypes.ExportOptions;\ntype SharableCertificateAttributesImportOptions = SharableCertificateAttributesTypes.ImportOptions;\ntype SharableCertificateAttributesContentsSchema = SharableCertificateAttributesTypes.ContentsSchema;\n\nexport class SharableCertificateAttributes {\n\t#certificate?: Certificate;\n\t#intermediates?: Set<BaseCertificate>;\n\t#attributes: {\n\t\t[name: string]: {\n\t\t\tsensitive: boolean;\n\t\t\tvalue: ArrayBuffer;\n\t\t\treferences?: { [id: string]: string } | undefined;\n\t\t}\n\t} = {};\n\n\tprivate container: EncryptedContainer;\n\tprivate populatedFromInit = false;\n\n\tstatic assertCertificateAttributeName: typeof assertCertificateAttributeNames = assertCertificateAttributeNames;\n\n\tconstructor(input: ArrayBuffer | Buffer | string, options?: SharableCertificateAttributesImportOptions) {\n\t\tlet containerBuffer: Buffer;\n\t\tif (typeof input === 'string') {\n\t\t\t/*\n\t\t\t * Attempt to decode as PEM, but also if not PEM, then return\n\t\t\t * the lines as-is (base64) after removing whitespace\n\t\t\t */\n\t\t\tconst inputLines = input.split(/\\r?\\n/);\n\t\t\tlet base64Lines: string[] | undefined;\n\t\t\tfor (let beginOffset = 0; beginOffset < inputLines.length; beginOffset++) {\n\t\t\t\tconst line = inputLines[beginOffset]?.trim();\n\t\t\t\tif (line?.startsWith('-----BEGIN ')) {\n\t\t\t\t\tlet endIndex = -1;\n\t\t\t\t\tconst matchingEndLine = line.replace('BEGIN', 'END');\n\t\t\t\t\tfor (let endOffset = beginOffset + 1; endOffset < inputLines.length; endOffset++) {\n\t\t\t\t\t\tconst checkEndLine = inputLines[endOffset]?.trim();\n\t\t\t\t\t\tif (checkEndLine === matchingEndLine) {\n\t\t\t\t\t\t\tendIndex = endOffset;\n\t\t\t\t\t\t\tbreak;\n\t\t\t\t\t\t}\n\t\t\t\t\t}\n\t\t\t\t\tif (endIndex === -1) {\n\t\t\t\t\t\tthrow(new Error('Invalid PEM format: missing END line'));\n\t\t\t\t\t}\n\n\t\t\t\t\tbase64Lines = inputLines.slice(beginOffset + 1, endIndex);\n\t\t\t\t\tbreak;\n\t\t\t\t}\n\t\t\t}\n\t\t\tif (base64Lines === undefined) {\n\t\t\t\tbase64Lines = inputLines;\n\t\t\t}\n\n\t\t\tbase64Lines = base64Lines.map(function(line) {\n\t\t\t\treturn(line.trim());\n\t\t\t}).filter(function(line) {\n\t\t\t\treturn(line.length > 0);\n\t\t\t});\n\n\t\t\tconst base64Content = base64Lines.join('');\n\t\t\tcontainerBuffer = Buffer.from(base64Content, 'base64');\n\t\t} else if (Buffer.isBuffer(input)) {\n\t\t\tcontainerBuffer = input;\n\t\t} else {\n\t\t\tcontainerBuffer = arrayBufferToBuffer(input);\n\t\t}\n\n\t\tlet principals = options?.principals;\n\t\tif (KeetaNetAccount.isInstance(principals)) {\n\t\t\tprincipals = [principals];\n\t\t} else if (principals instanceof Set) {\n\t\t\tprincipals = Array.from(principals);\n\t\t} else if (principals === undefined) {\n\t\t\tprincipals = null;\n\t\t}\n\n\t\tthis.container = EncryptedContainer.fromEncodedBuffer(containerBuffer, principals);\n\t}\n\n\t/**\n\t * Create a SharableCertificateAttributes from a Certificate\n\t * and a list of attribute names to include -- if no list is\n\t * provided, all attributes are included.\n\t */\n\tstatic async fromCertificate(certificate: Certificate, intermediates?: Set<BaseCertificate>, attributeNames?: CertificateAttributeNames[]): Promise<SharableCertificateAttributes>;\n\t/** @deprecated Use the overload with three parameters instead */\n\tstatic async fromCertificate(certificate: Certificate, attributeNames?: CertificateAttributeNames[]): Promise<SharableCertificateAttributes>;\n\tstatic async fromCertificate(certificate: Certificate, intermediatesOrAttributeNames?: Set<BaseCertificate> | CertificateAttributeNames[], definitelyAttributeNames?: CertificateAttributeNames[]): Promise<SharableCertificateAttributes> {\n\t\tlet intermediates: Set<BaseCertificate> | undefined = undefined;\n\t\tlet attributeNames: CertificateAttributeNames[] | undefined = undefined;\n\n\t\tif (definitelyAttributeNames === undefined) {\n\t\t\tif (intermediatesOrAttributeNames !== undefined) {\n\t\t\t\tif (Array.isArray(intermediatesOrAttributeNames)) {\n\t\t\t\t\tattributeNames = intermediatesOrAttributeNames;\n\t\t\t\t} else {\n\t\t\t\t\tintermediates = intermediatesOrAttributeNames;\n\t\t\t\t}\n\t\t\t}\n\t\t} else {\n\t\t\tif (intermediatesOrAttributeNames !== undefined) {\n\t\t\t\tif (Array.isArray(intermediatesOrAttributeNames)) {\n\t\t\t\t\tthrow(new TypeError('Expected Set<BaseCertificate> for intermediates'));\n\t\t\t\t}\n\t\t\t\tintermediates = intermediatesOrAttributeNames;\n\t\t\t}\n\t\t\tattributeNames = definitelyAttributeNames;\n\t\t}\n\n\t\tif (attributeNames === undefined) {\n\t\t\t/*\n\t\t\t * We know the keys are whatever the Certificate says they are, so\n\t\t\t * we can cast here safely\n\t\t\t */\n\t\t\t// eslint-disable-next-line @typescript-eslint/consistent-type-assertions\n\t\t\tattributeNames = Object.keys(certificate.attributes) as (keyof typeof certificate.attributes)[];\n\t\t}\n\n\t\tconst attributes: SharableCertificateAttributesContentsSchema['attributes'] = {};\n\t\tfor (const name of attributeNames) {\n\t\t\tconst attr = certificate.attributes[name];\n\t\t\t/**\n\t\t\t * Skip missing attributes\n\t\t\t */\n\t\t\tif (!attr) {\n\t\t\t\tcontinue;\n\t\t\t}\n\n\t\t\tconst references: { [id: string]: string } = {};\n\t\t\tconst walkResultAndReplaceReferences = async function(obj: unknown): Promise<unknown> {\n\t\t\t\treturn(await walkObject(obj, async function(key, value, parent) {\n\t\t\t\t\tif (key === '$blob') {\n\t\t\t\t\t\ttry {\n\t\t\t\t\t\t\tif (typeof parent !== 'object' || parent === null) {\n\t\t\t\t\t\t\t\tthrow(new Error('$blob->parent is not an object'));\n\t\t\t\t\t\t\t}\n\t\t\t\t\t\t\tif (!('digest' in parent) || typeof parent.digest !== 'object' || parent.digest === null) {\n\t\t\t\t\t\t\t\tthrow(new Error('$blob->parent->digest is not an object'));\n\t\t\t\t\t\t\t}\n\t\t\t\t\t\t\tif (!('digest' in parent.digest)) {\n\t\t\t\t\t\t\t\tthrow(new Error('$blob->parent->digest->digest is missing'));\n\t\t\t\t\t\t\t}\n\n\t\t\t\t\t\t\tconst digest = parent.digest.digest;\n\t\t\t\t\t\t\tif (!Buffer.isBuffer(digest)) {\n\t\t\t\t\t\t\t\tthrow(new TypeError('$blob digest is not a Buffer'));\n\t\t\t\t\t\t\t}\n\t\t\t\t\t\t\tif (typeof value !== 'function') {\n\t\t\t\t\t\t\t\tthrow(new TypeError('$blob value is not a function'));\n\t\t\t\t\t\t\t}\n\n\t\t\t\t\t\t\t/*\n\t\t\t\t\t\t\t * We already validated that this is a function, so try to call\n\t\t\t\t\t\t\t * it -- if it fails the catch block will handle it (by\n\t\t\t\t\t\t\t * replacing this key with undefined)\n\t\t\t\t\t\t\t */\n\t\t\t\t\t\t\t// eslint-disable-next-line @typescript-eslint/no-unsafe-call,@typescript-eslint/no-unsafe-assignment\n\t\t\t\t\t\t\tconst reference = await value([certificate.subjectPublicKey]);\n\t\t\t\t\t\t\t/* Verify that the reference is a Blob */\n\t\t\t\t\t\t\tif (!isBlob(reference)) {\n\t\t\t\t\t\t\t\tthrow(new Error('$blob reference did not return a Blob'));\n\t\t\t\t\t\t\t}\n\n\t\t\t\t\t\t\tconst referenceData = Buffer.from(await reference.arrayBuffer());\n\t\t\t\t\t\t\tconst referenceID = digest.toString('hex').toUpperCase();\n\t\t\t\t\t\t\treferences[referenceID] = referenceData.toString('base64');\n\n\t\t\t\t\t\t\treturn(async function() {\n\t\t\t\t\t\t\t\treturn(reference);\n\t\t\t\t\t\t\t});\n\t\t\t\t\t\t} catch {\n\t\t\t\t\t\t\t/* Ignore errors */\n\t\t\t\t\t\t\treturn(undefined);\n\t\t\t\t\t\t}\n\t\t\t\t\t} else {\n\t\t\t\t\t\treturn(value);\n\t\t\t\t\t}\n\t\t\t\t}));\n\t\t\t}\n\n\t\t\t/*\n\t\t\t * Decode the attribute value to extract $blob references.\n\t\t\t * Skip for entityType which has schema compatibility issues\n\t\t\t * with old certificates and has no external references anyway.\n\t\t\t */\n\t\t\tif (name !== 'entityType') {\n\t\t\t\tconst attrValue = await certificate.getAttributeValue(name);\n\t\t\t\tawait walkResultAndReplaceReferences(attrValue);\n\t\t\t}\n\n\t\t\tif (attr.sensitive) {\n\t\t\t\tattributes[name] = {\n\t\t\t\t\tsensitive: true,\n\t\t\t\t\tvalue: await attr.value.getProof(),\n\t\t\t\t\treferences: references\n\t\t\t\t};\n\t\t\t} else {\n\t\t\t\tattributes[name] = {\n\t\t\t\t\tsensitive: false,\n\t\t\t\t\tvalue: arrayBufferToBuffer(attr.value).toString('base64'),\n\t\t\t\t\treferences: references\n\t\t\t\t};\n\t\t\t}\n\t\t}\n\n\n\t\tlet intermediatesJSON;\n\t\tintermediates ??= new Set();\n\t\tif (intermediates.size === 0) {\n\t\t\tintermediatesJSON = undefined;\n\t\t} else {\n\t\t\tintermediatesJSON = Array.from(intermediates).map(function(intermediateCertificate) {\n\t\t\t\treturn(intermediateCertificate.toPEM());\n\t\t\t});\n\t\t}\n\n\t\tconst contentsString = JSON.stringify({\n\t\t\tcertificate: certificate.toPEM(),\n\t\t\tintermediates: intermediatesJSON,\n\t\t\tattributes: attributes\n\t\t} satisfies SharableCertificateAttributesContentsSchema);\n\n\t\tconst temporaryUser = KeetaNetAccount.fromSeed(KeetaNetAccount.generateRandomSeed(), 0);\n\t\tconst contentsBuffer = Buffer.from(contentsString, 'utf-8');\n\t\tconst container = EncryptedContainer.fromPlaintext(bufferToArrayBuffer(contentsBuffer), [temporaryUser], true);\n\t\tconst containerBuffer = await container.getEncodedBuffer();\n\n\t\tconst retval = new SharableCertificateAttributes(containerBuffer, {\n\t\t\tprincipals: temporaryUser\n\t\t});\n\t\tawait retval.revokeAccess(temporaryUser);\n\t\treturn(retval);\n\t}\n\n\tasync grantAccess(principal: KeetaNetAccount): Promise<this> {\n\t\tawait this.container.grantAccess(principal);\n\t\treturn(this);\n\t}\n\n\tasync revokeAccess(principal: KeetaNetAccount): Promise<this> {\n\t\tawait this.container.revokeAccess(principal);\n\t\treturn(this);\n\t}\n\n\tget principals(): KeetaNetAccount[] {\n\t\treturn(this.container.principals);\n\t}\n\n\tasync #populate(): Promise<void> {\n\t\tif (this.populatedFromInit) {\n\t\t\treturn;\n\t\t}\n\t\tthis.populatedFromInit = true;\n\n\t\tconst contentsBuffer = await this.container.getPlaintext();\n\n\t\t/*\n\t\t * Previously the content was Zlib compressed, but this was\n\t\t * redundant because the Encrypted Container already Zlib\n\t\t * compresses the contents, so handle both cases (compressed\n\t\t * and JSON) here\n\t\t */\n\t\tlet contentsBufferDecompressed: ArrayBuffer = contentsBuffer;\n\t\tconst contentsBufferUint8 = new Uint8Array(contentsBuffer);\n\t\tconst isCompressed = contentsBufferUint8[0] === 0x78;\n\t\tif (isCompressed) {\n\t\t\tcontentsBufferDecompressed = await KeetaNetClient.lib.Utils.Buffer.ZlibInflateAsync(contentsBuffer);\n\t\t}\n\t\tconst contentsString = Buffer.from(contentsBufferDecompressed).toString('utf-8');\n\t\tconst contentsJSON: unknown = JSON.parse(contentsString);\n\t\tconst contents = assertSharableCertificateAttributesContentsSchema(contentsJSON);\n\n\t\tthis.#intermediates = new Set<BaseCertificate>();\n\t\tfor (const intermediatePEM of contents.intermediates ?? []) {\n\t\t\tconst intermediateCert = new BaseCertificate(intermediatePEM);\n\t\t\tthis.#intermediates.add(intermediateCert);\n\t\t}\n\n\t\tthis.#certificate = new Certificate(contents.certificate);\n\t\tconst attributePromises = Object.entries(contents.attributes).map(async ([name, attr]): Promise<[string, { sensitive: boolean; value: ArrayBuffer; references?: { [id: string]: string; } | undefined; }]> => {\n\t\t\t/*\n\t\t\t * Get the corresponding attribute from the certificate\n\t\t\t *\n\t\t\t * We actually do not care if `name` is a known attribute\n\t\t\t * because we are not decoding it here, we are just\n\t\t\t * verifying it matches the certificate\n\t\t\t */\n\t\t\t// eslint-disable-next-line @typescript-eslint/consistent-type-assertions\n\t\t\tconst certAttribute = this.#certificate?.attributes[name as CertificateAttributeNames];\n\n\t\t\tif (!certAttribute) {\n\t\t\t\tthrow(new Error(`Attribute ${name} not found in certificate`));\n\t\t\t}\n\n\t\t\tif (certAttribute.sensitive !== attr.sensitive) {\n\t\t\t\tthrow(new Error(`Attribute ${name} sensitivity mismatch with certificate`));\n\t\t\t}\n\n\t\t\tif (!attr.sensitive) {\n\t\t\t\tif (certAttribute.sensitive) {\n\t\t\t\t\tthrow(new Error(`Attribute ${name} sensitivity mismatch with certificate`));\n\t\t\t\t}\n\n\t\t\t\tconst certValue = certAttribute.value;\n\t\t\t\tconst sharedValue = bufferToArrayBuffer(Buffer.from(attr.value, 'base64'));\n\t\t\t\tif (sharedValue.byteLength !== certValue.byteLength || !Buffer.from(sharedValue).equals(Buffer.from(certValue))) {\n\t\t\t\t\tthrow(new Error(`Attribute ${name} value mismatch with certificate`));\n\t\t\t\t}\n\n\t\t\t\treturn([name, {\n\t\t\t\t\tsensitive: false,\n\t\t\t\t\tvalue: sharedValue,\n\t\t\t\t\treferences: attr.references\n\t\t\t\t}]);\n\t\t\t}\n\n\t\t\tif (!certAttribute.sensitive) {\n\t\t\t\tthrow(new Error(`Attribute ${name} sensitivity mismatch with certificate`));\n\t\t\t}\n\n\t\t\tif (!(await certAttribute.value.validateProof(attr.value))) {\n\t\t\t\tthrow(new Error(`Attribute ${name} proof validation failed`));\n\t\t\t}\n\n\t\t\tconst attrValue = bufferToArrayBuffer(Buffer.from(attr.value.value, 'base64'));\n\n\t\t\treturn([name, {\n\t\t\t\tsensitive: true,\n\t\t\t\tvalue: attrValue,\n\t\t\t\treferences: attr.references\n\t\t\t}]);\n\t\t});\n\t\tconst resolvedAttributes = await Promise.all(attributePromises);\n\t\tthis.#attributes = Object.fromEntries(resolvedAttributes);\n\t}\n\n\tasync getCertificate(): Promise<Certificate> {\n\t\tawait this.#populate();\n\t\tif (!this.#certificate) {\n\t\t\tthrow(new Error('internal error: certificate not populated'));\n\t\t}\n\t\treturn(this.#certificate);\n\t}\n\n\t/**\n\t * Get the intermediate certificates included in this sharable\n\t * certificate container\n\t *\n\t * @return A set of BaseCertificate objects representing the\n\t * intermediate certificates attached to this container\n\t */\n\tasync getIntermediates(): Promise<Set<BaseCertificate>> {\n\t\tawait this.#populate();\n\t\tif (this.#intermediates && this.#intermediates.size > 0) {\n\t\t\treturn(new Set(this.#intermediates));\n\t\t}\n\t\treturn(new Set());\n\t}\n\n\tasync getAttributeBuffer(name: string): Promise<ArrayBuffer | undefined> {\n\t\tawait this.#populate();\n\t\tconst attr = this.#attributes[name];\n\t\treturn(attr?.value);\n\t}\n\n\tasync getAttribute<NAME extends CertificateAttributeNames>(name: NAME): Promise<CertificateAttributeValue<NAME> | undefined> {\n\t\tconst buffer = await this.getAttributeBuffer(name);\n\t\tif (buffer === undefined) {\n\t\t\treturn(undefined);\n\t\t}\n\n\t\tconst retvalWithReferences = await decodeAttribute(name, buffer, this.principals);\n\n\t\t/*\n\t\t * For all remote references, replace them with their referenced values\n\t\t * which we encoded into \"references\"\n\t\t */\n\t\tconst retval = await walkObject(retvalWithReferences, async (key, value, parent) => {\n\t\t\tif (key === '$blob') {\n\t\t\t\tif (typeof parent !== 'object' || parent === null) {\n\t\t\t\t\tthrow(new Error('$blob->parent is not an object'));\n\t\t\t\t}\n\t\t\t\tif (!('digest' in parent) || typeof parent.digest !== 'object' || parent.digest === null) {\n\t\t\t\t\tthrow(new Error('$blob->parent->digest is not an object'));\n\t\t\t\t}\n\t\t\t\tconst digestInfo = parent.digest;\n\t\t\t\tif (!('digest' in digestInfo)) {\n\t\t\t\t\tthrow(new Error('$blob->parent->digest->digest is missing'));\n\t\t\t\t}\n\t\t\t\tif (!Buffer.isBuffer(digestInfo.digest)) {\n\t\t\t\t\tthrow(new TypeError('$blob digest is not a Buffer'));\n\t\t\t\t}\n\n\t\t\t\tif (!('external' in parent) || typeof parent.external !== 'object' || parent.external === null) {\n\t\t\t\t\tthrow(new Error('$blob->parent->external is not an object'));\n\t\t\t\t}\n\t\t\t\tif (!('contentType' in parent.external) || typeof parent.external.contentType !== 'string') {\n\t\t\t\t\tthrow(new Error('$blob->parent->external->contentType is not a string'));\n\t\t\t\t}\n\n\t\t\t\tconst referenceID = digestInfo.digest.toString('hex').toUpperCase();\n\t\t\t\tconst referenceValue = this.#attributes[name]?.references?.[referenceID];\n\t\t\t\tconst contentType = parent.external.contentType;\n\t\t\t\treturn(async function() {\n\t\t\t\t\tif (!referenceValue) {\n\t\t\t\t\t\tthrow(new Error(`Missing reference value for ID ${referenceID}`));\n\t\t\t\t\t}\n\t\t\t\t\tconst referenceData = Buffer.from(referenceValue, 'base64');\n\t\t\t\t\tconst referenceDataAB = bufferToArrayBuffer(referenceData);\n\n\t\t\t\t\t/* Verify the hash matches what was certified */\n\t\t\t\t\tconst checkHash = await checkHashWithOID(referenceData, parent.digest);\n\t\t\t\t\tif (checkHash !== true) {\n\t\t\t\t\t\tthrow(checkHash);\n\t\t\t\t\t}\n\n\t\t\t\t\treturn(new Blob([referenceDataAB], { type: contentType }));\n\t\t\t\t});\n\t\t\t}\n\n\t\t\treturn(value);\n\t\t});\n\n\t\t/*\n\t\t * We didn't change the type, so we can safely cast here\n\t\t */\n\t\t// eslint-disable-next-line @typescript-eslint/consistent-type-assertions\n\t\treturn(retval as CertificateAttributeValue<NAME>);\n\t}\n\n\tasync getAttributeNames(includeUnknown: true): Promise<string[]>;\n\tasync getAttributeNames(includeUnknown?: false): Promise<CertificateAttributeNames[]>;\n\tasync getAttributeNames(includeUnknown?: boolean): Promise<string[]> {\n\t\tawait this.#populate();\n\t\tconst names = Object.keys(this.#attributes);\n\n\t\tif (includeUnknown) {\n\t\t\treturn(names);\n\t\t}\n\n\t\tconst knownNames = names.filter(function(name): name is CertificateAttributeNames {\n\t\t\treturn(name in CertificateAttributeOIDDB);\n\t\t});\n\n\t\treturn(knownNames);\n\t}\n\n\texport(options?: Omit<SharableCertificateAttributesExportOptions, 'format'> & { format?: never; }): Promise<ArrayBuffer>;\n\texport(options: (Omit<SharableCertificateAttributesExportOptions, 'format'> & { format: 'arraybuffer' })): Promise<ArrayBuffer>;\n\texport(options: Omit<SharableCertificateAttributesExportOptions, 'format'> & { format: 'string' }): Promise<string>;\n\texport(options?: SharableCertificateAttributesExportOptions): Promise<ArrayBuffer | string>;\n\tasync export(options?: SharableCertificateAttributesExportOptions): Promise<ArrayBuffer | string> {\n\t\toptions = {\n\t\t\tformat: 'arraybuffer',\n\t\t\t...options\n\t\t};\n\n\t\tlet principals: KeetaNetAccount[];\n\t\ttry {\n\t\t\tprincipals = this.container.principals;\n\t\t} catch {\n\t\t\tprincipals = [];\n\t\t}\n\t\tif (principals.length === 0) {\n\t\t\tthrow(new Error('This container has no authorized users (principals); cannot export'));\n\t\t}\n\n\t\tconst retvalBuffer = await this.container.getEncodedBuffer();\n\t\tif (options.format === 'string') {\n\t\t\tconst retvalBase64 = Buffer.from(retvalBuffer).toString('base64');\n\t\t\tconst retvalLines = ['-----BEGIN KYC CERTIFICATE PROOF-----'];\n\t\t\tretvalLines.push(...retvalBase64.match(/.{1,64}/g) ?? []);\n\t\t\tretvalLines.push('-----END KYC CERTIFICATE PROOF-----');\n\t\t\treturn(retvalLines.join('\\n'));\n\t\t} else if (options.format === 'arraybuffer') {\n\t\t\treturn(retvalBuffer);\n\t\t} else {\n\t\t\tthrow(new Error(`Unsupported export format: ${String(options.format)}`));\n\t\t}\n\t}\n}\n\n// @ts-ignore\nCertificate.SharableAttributes = SharableCertificateAttributes;\n\n/** @internal */\nexport const _Testing = {\n\tSensitiveAttribute,\n\tValidateASN1: ASN1.ValidateASN1,\n\tBufferStorageASN1: ASN1.BufferStorageASN1,\n\tJStoASN1: ASN1.JStoASN1,\n\tnormalizeDecodedASN1,\n\tdecodeAttribute,\n\tdecodeEntityTypeFallback,\n\tunwrapSingleLayer,\n\tunwrapFieldSchema,\n\tunwrapContextTagsFromSchema,\n\tCertificateAttributeSchema\n};\n"]}
|
|
1
|
+
{"version":3,"file":"certificates.js","sourceRoot":"","sources":["../../src/lib/certificates.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,cAAc,MAAM,+BAA+B,CAAC;AAChE,OAAO,KAAK,IAAI,MAAM,mCAAmC,CAAC;AAC1D,OAAO,KAAK,IAAI,MAAM,iBAAiB,CAAC;AACxC,OAAO,EAAE,mBAAmB,EAAE,MAAM,EAAE,mBAAmB,EAAE,MAAM,mBAAmB,CAAC;AACrF,OAAO,EAAE,WAAW,EAAE,MAAM,kBAAkB,CAAC;AAE/C,OAAO,EAAE,yBAAyB,EAAE,0BAA0B,EAAE,MAAM,uCAAuC,CAAC;AAC9G,OAAO,EAAE,WAAW,EAAE,MAAM,gBAAgB,CAAC;AAC7C,OAAO,EAAE,kBAAkB,EAAE,MAAM,0BAA0B,CAAC;AAC9D,OAAO,EAAE,iDAAiD,EAAE,MAAM,6BAA6B,CAAC;AAChG,OAAO,EAAE,gBAAgB,EAAE,MAAM,qBAAqB,CAAC;AACvD,OAAO,EAAE,kBAAkB,EAAE,kBAAkB,EAAE,eAAe,EAAkC,MAAM,0BAA0B,CAAC;AACnI,OAAO,EAAE,kBAAkB,EAAE,MAAM,0BAA0B,CAAC;AAG9D;;GAEG;AACH,MAAM,eAAe,GAAsC,cAAc,CAAC,GAAG,CAAC,OAAO,CAAC;AAetF,MAAM,eAAe,GAAyB,cAAc,CAAC,GAAG,CAAC,KAAK,CAAC,WAAW,CAAC,WAAW,CAAC;AAG/F,MAAM,sBAAsB,GAAgC,cAAc,CAAC,GAAG,CAAC,KAAK,CAAC,WAAW,CAAC,kBAAkB,CAAC;AAEpH,SAAS,aAAa,CAAC,KAAc;IACpC,OAAM,CAAC,OAAO,KAAK,KAAK,QAAQ,IAAI,KAAK,KAAK,IAAI,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC,CAAC;AAC9E,CAAC;AAED;;GAEG;AACH,SAAS,0BAA0B,CAAC,GAAW,EAAE,UAA6B;IAC7E,MAAM,MAAM,GAA+B,EAAE,CAAC;IAC9C,KAAK,MAAM,CAAC,GAAG,EAAE,KAAK,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC;QAChD,mEAAmE;QACnE,MAAM,CAAC,GAAG,CAAC,GAAG,oBAAoB,CAAC,KAAK,EAAE,UAAU,CAAC,CAAC;IACvD,CAAC;IACD,OAAM,CAAC,MAAM,CAAC,CAAC;AAChB,CAAC;AAED;;;;GAIG;AACH,SAAS,oBAAoB,CAAC,KAAc,EAAE,UAA6B;IAC1E,oBAAoB;IACpB,IAAI,KAAK,KAAK,SAAS,IAAI,KAAK,KAAK,IAAI,IAAI,OAAO,KAAK,KAAK,QAAQ,EAAE,CAAC;QACxE,OAAM,CAAC,KAAK,CAAC,CAAC;IACf,CAAC;IACD,IAAI,KAAK,YAAY,IAAI,IAAI,MAAM,CAAC,QAAQ,CAAC,KAAK,CAAC,IAAI,KAAK,YAAY,WAAW,EAAE,CAAC;QACrF,OAAM,CAAC,KAAK,CAAC,CAAC;IACf,CAAC;IAED,gBAAgB;IAChB,IAAI,KAAK,CAAC,OAAO,CAAC,KAAK,CAAC,EAAE,CAAC;QAC1B,OAAM,CAAC,KAAK,CAAC,GAAG,CAAC,IAAI,CAAC,EAAE,CAAC,oBAAoB,CAAC,IAAI,EAAE,UAAU,CAAC,CAAC,CAAC,CAAC;IACnE,CAAC;IAED,yFAAyF;IACzF,+EAA+E;IAC/E,yEAAyE;IACzE,MAAM,GAAG,GAAG,KAAmG,CAAC;IAChH,IAAI,GAAG,CAAC,IAAI,KAAK,QAAQ,IAAI,OAAO,IAAI,GAAG,IAAI,OAAO,GAAG,CAAC,KAAK,KAAK,QAAQ,EAAE,CAAC;QAC9E,OAAM,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC;IACnB,CAAC;IACD,IAAI,GAAG,CAAC,IAAI,KAAK,MAAM,IAAI,OAAO,IAAI,GAAG,IAAI,GAAG,CAAC,KAAK,YAAY,IAAI,EAAE,CAAC;QACxE,OAAM,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC;IACnB,CAAC;IACD,IAAI,GAAG,CAAC,IAAI,KAAK,WAAW,IAAI,OAAO,IAAI,GAAG,IAAI,MAAM,CAAC,QAAQ,CAAC,GAAG,CAAC,KAAK,CAAC,EAAE,CAAC;QAC9E,OAAM,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC;IACnB,CAAC;IAED,2EAA2E;IAC3E,IAAI,UAAU,IAAI,GAAG,IAAI,QAAQ,IAAI,GAAG,IAAI,aAAa,CAAC,GAAG,CAAC,QAAQ,CAAC,IAAI,aAAa,CAAC,GAAG,CAAC,MAAM,CAAC,EAAE,CAAC;QACtG,yEAAyE;QACzE,MAAM,GAAG,GAAG,GAAuL,CAAC;QACpM,MAAM,GAAG,GAAG,GAAG,CAAC,QAAQ,CAAC,GAAG,CAAC;QAC7B,MAAM,QAAQ,GAAG,GAAG,CAAC,QAAQ,CAAC,WAAW,CAAC;QAE1C,kEAAkE;QAClE,MAAM,iBAAiB,GAAG,OAAO,GAAG,CAAC,mBAAmB,KAAK,QAAQ;YACpE,CAAC,CAAC,GAAG,CAAC,mBAAmB;YACzB,CAAC,CAAC,GAAG,CAAC,mBAAmB,EAAE,GAAG,CAAC;QAChC,MAAM,UAAU,GAAG,GAAG,CAAC,MAAM,CAAC;QAE9B,IAAI,OAAO,GAAG,KAAK,QAAQ,IAAI,OAAO,QAAQ,KAAK,QAAQ,IAAI,UAAU,EAAE,CAAC;YAC3E,IAAI,WAAW,GAAgB,IAAI,CAAC;YAEpC,OAAM,CAAC;gBACN,GAAG,0BAA0B,CAAC,GAAG,EAAE,UAAU,CAAC;gBAC9C,KAAK,EAAE,KAAK,WAAU,oBAA0E;oBAC/F,IAAI,WAAW,EAAE,CAAC;wBACjB,OAAM,CAAC,WAAW,CAAC,CAAC;oBACrB,CAAC;oBAED,MAAM,WAAW,GAAG,MAAM,KAAK,CAAC,GAAG,CAAC,CAAC;oBACrC,IAAI,CAAC,WAAW,CAAC,EAAE,EAAE,CAAC;wBACrB,MAAK,CAAC,IAAI,KAAK,CAAC,oCAAoC,GAAG,KAAK,WAAW,CAAC,MAAM,IAAI,WAAW,CAAC,UAAU,EAAE,CAAC,CAAC,CAAC;oBAC9G,CAAC;oBAED,MAAM,QAAQ,GAAG,MAAM,WAAW,CAAC,IAAI,EAAE,CAAC;oBAC1C,IAAI,IAAI,GAAG,MAAM,QAAQ,CAAC,WAAW,EAAE,CAAC;oBAExC,8BAA8B;oBAC9B,IAAI,QAAQ,CAAC,IAAI,KAAK,kBAAkB,EAAE,CAAC;wBAC1C,IAAI,CAAC;4BACJ,MAAM,MAAM,GAAY,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC,CAAC;4BACxE,IAAI,aAAa,CAAC,MAAM,CAAC,IAAI,MAAM,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;gCAC/D,IAAI,MAAM,IAAI,MAAM,IAAI,OAAO,MAAM,CAAC,IAAI,KAAK,QAAQ,IAAI,UAAU,IAAI,MAAM,IAAI,OAAO,MAAM,CAAC,QAAQ,KAAK,QAAQ,EAAE,CAAC;oCACxH,IAAI,GAAG,mBAAmB,CAAC,MAAM,CAAC,IAAI,CAAC,MAAM,CAAC,IAAI,EAAE,QAAQ,CAAC,CAAC,CAAC;gCAChE,CAAC;4BACF,CAAC;wBACF,CAAC;wBAAC,MAAM,CAAC;4BACR,aAAa;wBACd,CAAC;oBACF,CAAC;oBAED,oBAAoB;oBACpB,IAAI,iBAAiB,EAAE,CAAC;wBACvB,QAAQ,iBAAiB,EAAE,CAAC;4BAC3B,KAAK,qBAAqB,CAAC;4BAC3B,KAAK,2BAA2B,CAAC,CAAC,CAAC;gCAClC,MAAM,SAAS,GAAG,kBAAkB,CAAC,mBAAmB,CAAC,IAAI,EAAE;oCAC9D,GAAG,UAAU;oCACb,GAAG,CAAC,oBAAoB,IAAI,EAAE,CAAC;iCAC/B,CAAC,CAAC;gCACH,IAAI,GAAG,MAAM,SAAS,CAAC,YAAY,EAAE,CAAC;gCACtC,MAAM;4BACP,CAAC;4BACD;gCACC,MAAK,CAAC,IAAI,KAAK,CAAC,yCAAyC,iBAAiB,EAAE,CAAC,CAAC,CAAC;wBACjF,CAAC;oBACF,CAAC;oBAED,kEAAkE;oBAClE,IAAI,CAAC,MAAM,CAAC,QAAQ,CAAC,UAAU,CAAC,MAAM,CAAC,EAAE,CAAC;wBACzC,MAAK,CAAC,IAAI,SAAS,CAAC,8BAA8B,CAAC,CAAC,CAAC;oBACtD,CAAC;oBAED,MAAM,SAAS,GAAG,MAAM,gBAAgB,CAAC,IAAI,EAAE,UAAU,CAAC,CAAC;oBAC3D,IAAI,SAAS,KAAK,IAAI,EAAE,CAAC;wBACxB,MAAK,CAAC,SAAS,CAAC,CAAC;oBAClB,CAAC;oBAED,MAAM,IAAI,GAAG,IAAI,IAAI,CAAC,CAAC,IAAI,CAAC,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,CAAC,CAAC;oBAClD,WAAW,GAAG,IAAI,CAAC;oBACnB,OAAM,CAAC,IAAI,CAAC,CAAC;gBACd,CAAC;aACD,CAAC,CAAC;QACJ,CAAC;IACF,CAAC;IAED,oCAAoC;IACpC,OAAM,CAAC,0BAA0B,CAAC,GAAG,EAAE,UAAU,CAAC,CAAC,CAAC;AACrD,CAAC;AAED,SAAS,MAAM,CAAC,KAAc;IAC7B,IAAI,OAAO,KAAK,KAAK,QAAQ,IAAI,KAAK,KAAK,IAAI,EAAE,CAAC;QACjD,OAAM,CAAC,KAAK,CAAC,CAAC;IACf,CAAC;IAED,IAAI,CAAC,CAAC,aAAa,IAAI,KAAK,CAAC,EAAE,CAAC;QAC/B,OAAM,CAAC,KAAK,CAAC,CAAC;IACf,CAAC;IAED,IAAI,OAAO,KAAK,CAAC,WAAW,KAAK,UAAU,EAAE,CAAC;QAC7C,OAAM,CAAC,KAAK,CAAC,CAAC;IACf,CAAC;IAED,OAAM,CAAC,IAAI,CAAC,CAAC;AACd,CAAC;AAED,KAAK,UAAU,UAAU,CAAC,KAAc,EAAE,cAA2F;IACpI,cAAc,KAAK,KAAK,WAAU,KAAc;QAC/C,OAAM,CAAC,KAAK,CAAC,CAAC;IACf,CAAC,CAAC;IAEF,IAAI,OAAO,KAAK,KAAK,QAAQ,IAAI,KAAK,KAAK,IAAI,EAAE,CAAC;QACjD,OAAM,CAAC,KAAK,CAAC,CAAC;IACf,CAAC;IAED,IAAI,MAAM,CAAC,QAAQ,CAAC,KAAK,CAAC,EAAE,CAAC;QAC5B,OAAM,CAAC,KAAK,CAAC,CAAC;IACf,CAAC;IAED,IAAI,OAAO,KAAK,KAAK,UAAU,EAAE,CAAC;QACjC,OAAM,CAAC,KAAK,CAAC,CAAC;IACf,CAAC;IAED,IAAI,KAAK,YAAY,IAAI,EAAE,CAAC;QAC3B,OAAM,CAAC,KAAK,CAAC,CAAC;IACf,CAAC;IAED,IAAI,KAAK,CAAC,OAAO,CAAC,KAAK,CAAC,EAAE,CAAC;QAC1B,MAAM,QAAQ,GAAG,EAAE,CAAC;QACpB,IAAI,GAAG,GAAG,CAAC,CAAC,CAAC;QACb,KAAK,MAAM,IAAI,IAAI,KAAK,EAAE,CAAC;YAC1B,GAAG,EAAE,CAAC;YACN,QAAQ,CAAC,IAAI,CAAC,MAAM,UAAU,CAAC,MAAM,cAAc,CAAC,MAAM,CAAC,GAAG,CAAC,EAAE,IAAI,EAAE,KAAK,CAAC,EAAE,cAAc,CAAC,CAAC,CAAC;QACjG,CAAC;QACD,OAAM,CAAC,QAAQ,CAAC,CAAC;IAClB,CAAC;IAED,MAAM,MAAM,GAA+B,EAAE,CAAC;IAC9C,KAAK,MAAM,CAAC,GAAG,EAAE,KAAK,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,KAAK,CAAC,EAAE,CAAC;QAClD,MAAM,CAAC,GAAG,CAAC,GAAG,MAAM,UAAU,CAAC,MAAM,cAAc,CAAC,GAAG,EAAE,KAAK,EAAE,KAAK,CAAC,EAAE,cAAc,CAAC,CAAC;IACzF,CAAC;IACD,OAAM,CAAC,MAAM,CAAC,CAAC;AAChB,CAAC;AAED,4EAA4E;AAC5E,SAAS,gBAAgB,CACxB,KAAW,EACX,EAAW;IAEX,kFAAkF;IAClF,8EAA8E;IAC9E,OAAM,CAAC,IAAI,CAAC,CAAC;AACd,CAAC;AAED,sEAAsE;AACtE,SAAS,gBAAgB,CACxB,IAAU,EACV,CAAU;IAEV,IAAI,CAAC,gBAAgB,CAAC,IAAI,EAAE,CAAC,CAAC,EAAE,CAAC;QAChC,MAAK,CAAC,IAAI,KAAK,CAAC,2DAA2D,CAAC,CAAC,CAAC;IAC/E,CAAC;IACD,OAAM,CAAC,CAAC,CAAC,CAAC;AACX,CAAC;AAED,SAAS,+BAA+B,CAAC,IAAY;IACpD,IAAI,CAAC,CAAC,IAAI,IAAI,yBAAyB,CAAC,EAAE,CAAC;QAC1C,MAAK,CAAC,IAAI,KAAK,CAAC,2BAA2B,IAAI,EAAE,CAAC,CAAC,CAAC;IACrD,CAAC;AACF,CAAC;AAED,SAAS,2BAA2B,CAAC,IAAY;IAChD,+BAA+B,CAAC,IAAI,CAAC,CAAC;IACtC,OAAM,CAAC,IAAI,CAAC,CAAC;AACd,CAAC;AAED,SAAS,iBAAiB,CAAC,MAAmB;IAC7C,IAAI,OAAO,MAAM,KAAK,QAAQ,IAAI,MAAM,KAAK,IAAI,IAAI,MAAM,IAAI,MAAM,IAAI,MAAM,CAAC,IAAI,KAAK,SAAS,EAAE,CAAC;QACpG,OAAM,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC;IACzB,CAAC;IAED,OAAM,CAAC,MAAM,CAAC,CAAC;AAChB,CAAC;AAED,SAAS,iBAAiB,CAAC,WAAwB;IAClD,IAAI,OAAO,WAAW,KAAK,QAAQ,IAAI,WAAW,KAAK,IAAI,IAAI,UAAU,IAAI,WAAW,EAAE,CAAC;QAC1F,MAAM,SAAS,GAAG,iBAAiB,CAAC,WAAW,CAAC,QAAQ,CAAC,CAAC;QAC1D,OAAM,CAAC,EAAE,QAAQ,EAAE,SAAS,EAAE,CAAC,CAAC;IACjC,CAAC;IAED,OAAM,CAAC,iBAAiB,CAAC,WAAW,CAAC,CAAC,CAAC;AACxC,CAAC;AAED;;GAEG;AACH,SAAS,2BAA2B,CAAC,MAAmB;IACvD,wDAAwD;IACxD,IAAI,OAAO,MAAM,KAAK,QAAQ,IAAI,MAAM,KAAK,IAAI,IAAI,MAAM,IAAI,MAAM,IAAI,MAAM,CAAC,IAAI,KAAK,QAAQ,EAAE,CAAC;QACnG,MAAM,iBAAiB,GAAmC,EAAE,CAAC;QAC7D,KAAK,MAAM,CAAC,SAAS,EAAE,WAAW,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,MAAM,CAAC,QAAQ,CAAC,EAAE,CAAC;YACxE,iBAAiB,CAAC,SAAS,CAAC,GAAG,iBAAiB,CAAC,WAAW,CAAC,CAAC;QAC/D,CAAC;QAED,OAAM,CAAC;YACN,IAAI,EAAE,QAAQ;YACd,UAAU,EAAE,MAAM,CAAC,UAAU;YAC7B,QAAQ,EAAE,iBAAiB;SAC3B,CAAC,CAAC;IACJ,CAAC;IAED,OAAM,CAAC,MAAM,CAAC,CAAC;AAChB,CAAC;AAED;;;GAGG;AACH,SAAS,wBAAwB,CAAC,KAAkB,EAAE,UAA6B;IAClF,MAAM,OAAO,GAAG,IAAI,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC;IACrC,iEAAiE;IACjE,yEAAyE;IACzE,MAAM,SAAS,GAAG,CAAC,KAAK,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,OAAO,CAA0D,CAAC;IAC3H,IAAI,SAAS,EAAE,IAAI,KAAK,SAAS,IAAI,OAAO,SAAS,CAAC,KAAK,KAAK,QAAQ,EAAE,CAAC;QAC1E;;WAEG;QACH,SAAS,mBAAmB,CAAC,GAAY;YACxC,yEAAyE;YACzE,MAAM,GAAG,GAAG,GAA4D,CAAC;YACzE,IAAI,GAAG,EAAE,IAAI,KAAK,SAAS,IAAI,OAAO,GAAG,CAAC,KAAK,KAAK,QAAQ,EAAE,CAAC;gBAC9D,OAAM,CAAC,oBAAoB,CAAC,GAAG,CAAC,QAAQ,EAAE,UAAU,CAAC,CAAC,CAAC;YACxD,CAAC;YAED,OAAM,CAAC,oBAAoB,CAAC,GAAG,EAAE,UAAU,CAAC,CAAC,CAAC;QAC/C,CAAC;QAED;;WAEG;QACH,SAAS,wBAAwB,CAAC,KAAc;YAC/C,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,KAAK,CAAC,EAAE,CAAC;gBAC3B,OAAM,CAAC,oBAAoB,CAAC,KAAK,EAAE,UAAU,CAAC,CAAC,CAAC;YACjD,CAAC;YAED,OAAM,CAAC,KAAK,CAAC,GAAG,CAAC,UAAS,IAAI;gBAC7B,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,IAAI,CAAC,EAAE,CAAC;oBAC1B,OAAM,CAAC,oBAAoB,CAAC,IAAI,EAAE,UAAU,CAAC,CAAC,CAAC;gBAChD,CAAC;gBACD,4BAA4B;gBAC5B,uEAAuE;gBACvE,yCAAyC;gBACzC,MAAM,MAAM,GAA6D,EAAE,CAAC;gBAC5E,IAAI,IAAI,CAAC,MAAM,IAAI,CAAC,EAAE,CAAC;oBACtB,MAAM,CAAC,EAAE,GAAG,oBAAoB,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,UAAU,CAAC,CAAC;gBACvD,CAAC;gBAED,IAAI,IAAI,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;oBACvB,mEAAmE;oBACnE,MAAM,GAAG,GAAG,IAAI,CAAC,CAAC,CAAC,CAAC;oBACpB,IAAI,OAAO,GAAG,KAAK,QAAQ,EAAE,CAAC;wBAC7B,MAAM,CAAC,MAAM,GAAG,GAAG,CAAC;oBACrB,CAAC;yBAAM,CAAC;wBACP,MAAM,CAAC,UAAU,GAAG,mBAAmB,CAAC,GAAG,CAAC,CAAC;oBAC9C,CAAC;gBACF,CAAC;qBAAM,IAAI,IAAI,CAAC,MAAM,IAAI,CAAC,EAAE,CAAC;oBAC7B,MAAM,CAAC,MAAM,GAAG,oBAAoB,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,UAAU,CAAC,CAAC;oBAC1D,MAAM,CAAC,UAAU,GAAG,mBAAmB,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,CAAC;gBAClD,CAAC;gBAED,OAAM,CAAC,MAAM,CAAC,CAAC;YAChB,CAAC,CAAC,CAAC,CAAC;QACL,CAAC;QAED,MAAM,WAAW,GAAG,wBAAwB,CAAC,SAAS,CAAC,QAAQ,CAAC,CAAC;QACjE,IAAI,SAAS,CAAC,KAAK,KAAK,CAAC,EAAE,CAAC;YAC3B,OAAM,CAAC,EAAE,YAAY,EAAE,WAAW,EAAE,CAAC,CAAC;QACvC,CAAC;aAAM,IAAI,SAAS,CAAC,KAAK,KAAK,CAAC,EAAE,CAAC;YAClC,OAAM,CAAC,EAAE,MAAM,EAAE,WAAW,EAAE,CAAC,CAAC;QACjC,CAAC;IACF,CAAC;IAED,oCAAoC;IACpC,OAAM,CAAC,oBAAoB,CAAC,OAAO,EAAE,UAAU,CAAC,CAAC,CAAC;AACnD,CAAC;AAED,KAAK,UAAU,eAAe,CAAyC,IAAU,EAAE,KAAkB,EAAE,UAA6B;IACnI,MAAM,MAAM,GAAG,0BAA0B,CAAC,IAAI,CAAC,CAAC;IAEhD,IAAI,WAAuC,CAAC;IAC5C,IAAI,UAAU,GAAG,MAAM,CAAC;IACxB,IAAI,CAAC;QACJ,mFAAmF;QACnF,mBAAmB;QACnB,WAAW,GAAG,IAAI,IAAI,CAAC,iBAAiB,CAAC,KAAK,EAAE,MAAM,CAAC,CAAC,OAAO,EAAE,CAAC;IACnE,CAAC;IAAC,OAAO,UAAU,EAAE,CAAC;QACrB,yEAAyE;QACzE,wEAAwE;QACxE,IAAI,CAAC;YACJ,kCAAkC;YAClC,IAAI,IAAI,KAAK,YAAY,EAAE,CAAC;gBAC3B,MAAM,SAAS,GAAG,wBAAwB,CAAC,KAAK,EAAE,UAAU,CAAC,CAAC;gBAC9D,OAAM,CAAC,gBAAgB,CAAC,IAAI,EAAE,SAAS,CAAC,CAAC,CAAC;YAC3C,CAAC;YAED,MAAM,qBAAqB,GAAG,2BAA2B,CAAC,MAAM,CAAC,CAAC;YAClE,mEAAmE;YACnE,WAAW,GAAG,IAAI,IAAI,CAAC,iBAAiB,CAAC,KAAK,EAAE,qBAAqB,CAAC,CAAC,OAAO,EAAE,CAAC;YACjF,UAAU,GAAG,qBAAqB,CAAC;QACpC,CAAC;QAAC,MAAM,CAAC;YACR,yCAAyC;YACzC,MAAK,CAAC,UAAU,CAAC,CAAC;QACnB,CAAC;IACF,CAAC;IAED,IAAI,CAAC,WAAW,EAAE,CAAC;QAClB,MAAK,CAAC,IAAI,KAAK,CAAC,4BAA4B,CAAC,CAAC,CAAC;IAChD,CAAC;IAED,MAAM,SAAS,GAAG,IAAI,IAAI,CAAC,YAAY,CAAC,UAAU,CAAC,CAAC;IACpD,MAAM,WAAW,GAAG,SAAS,CAAC,kBAAkB,CAAC,WAAW,CAAC,CAAC;IAE9D,mBAAmB;IACnB,6CAA6C;IAC7C,6DAA6D;IAC7D,mBAAmB;IACnB,MAAM,SAAS,GAAG,oBAAoB,CAAC,WAAW,EAAE,UAAU,CAAC,CAAC;IAChE,OAAM,CAAC,gBAAgB,CAAC,IAAI,EAAE,SAAS,CAAC,CAAC,CAAC;AAC3C,CAAC;AAWD;;;;;;;;;;;;;;;;;;;;GAoBG;AACH,MAAM,uCAAuC,GAAG;IAC/C,UAAU,EAAE,CAAC,IAAI,CAAC,YAAY,CAAC,KAAK,EAAE;YACrC,MAAM,EAAE;gBACP,EAAE,IAAI,EAAE,SAAkB,EAAE,KAAK,EAAE,CAAU,EAAE,IAAI,EAAE,UAAmB,EAAE,QAAQ,EAAE,IAAI,CAAC,YAAY,CAAC,aAAa,EAAE;gBACrH,EAAE,IAAI,EAAE,SAAkB,EAAE,KAAK,EAAE,CAAU,EAAE,IAAI,EAAE,UAAmB,EAAE,QAAQ,EAAE,IAAI,CAAC,YAAY,CAAC,aAAa,EAAE;aACrH;SACD,CAAC;CACoB,CAAC;AAQxB,MAAM,OAAO,kBAAmB,SAAQ,sBAAsB;IACpD,WAAW,GAIhB,EAAE,CAAC;IAEE,uBAAuB,CAAqB;IAErD;;;OAGG;IACK,MAAM,CAAC,SAAS,CAAC,MAA0C;QAClE,MAAM,UAAU,GAAG,EAAE,GAAG,MAAM,EAAE,CAAC;QACjC,IAAI,gBAAgB,CAAC;QACrB,IAAI,UAAU,CAAC,OAAO,EAAE,CAAC;YACxB,gBAAgB,GAAG,UAAU,CAAC,OAAO,CAAC;YACtC,OAAM,CAAC,UAAU,CAAC,OAAO,CAAC,CAAC;QAC5B,CAAC;QACD,MAAM,MAAM,GAA0C,UAAU,CAAC;QACjE,IAAI,gBAAgB,EAAE,CAAC;YACtB,MAAM,CAAC,gBAAgB,GAAG,gBAAgB,CAAC;QAC5C,CAAC;QACD,OAAM,CAAC,MAAM,CAAC,CAAC;IAChB,CAAC;IAED,YAAY,MAA0C;QACrD,KAAK,CAAC,kBAAkB,CAAC,SAAS,CAAC,MAAM,CAAC,CAAC,CAAC;QAC5C,IAAI,MAAM,EAAE,OAAO,EAAE,CAAC;YACrB,IAAI,CAAC,uBAAuB,GAAG,MAAM,CAAC,OAAO,CAAC,eAAe,CAAC,GAAG,EAAE,CAAC;QACrE,CAAC;IACF,CAAC;IAED;;;;;;;OAOG;IACH,YAAY,CAAyC,IAAU,EAAE,SAAkB,EAAE,KAAsC;QAC1H,MAAM,eAAe,GAAG,0BAA0B,CAAC,IAAI,CAAC,CAAC;QACzD,IAAI,OAAoB,CAAC;QACzB,IAAI,KAAK,YAAY,WAAW,EAAE,CAAC;YAClC,OAAO,GAAG,KAAK,CAAC;QACjB,CAAC;aAAM,IAAI,IAAI,IAAI,0BAA0B,EAAE,CAAC;YAC/C,OAAO,GAAG,mBAAmB,CAAC,kBAAkB,CAAC,IAAI,EAAE,KAAK,CAAC,CAAC,CAAC;QAChE,CAAC;aAAM,IAAI,eAAe,KAAK,IAAI,CAAC,YAAY,CAAC,MAAM,EAAE,CAAC;YACzD,IAAI,CAAC,CAAC,KAAK,YAAY,IAAI,CAAC,EAAE,CAAC;gBAC9B,MAAK,CAAC,IAAI,KAAK,CAAC,qBAAqB,CAAC,CAAC,CAAC;YACzC,CAAC;YAED,OAAO,GAAG,eAAe,CAAC,IAAI,EAAE,KAAK,CAAC,CAAC;QACxC,CAAC;aAAM,IAAI,eAAe,KAAK,IAAI,CAAC,YAAY,CAAC,QAAQ,IAAI,OAAO,KAAK,KAAK,QAAQ,EAAE,CAAC;YACxF,OAAO,GAAG,eAAe,CAAC,IAAI,EAAE,KAAK,CAAC,CAAC;QACxC,CAAC;aAAM,CAAC;YACP,MAAK,CAAC,IAAI,KAAK,CAAC,kCAAkC,CAAC,CAAC,CAAC;QACtD,CAAC;QAED,IAAI,CAAC,WAAW,CAAC,IAAI,CAAC,GAAG;YACxB,SAAS,EAAE,SAAS;YACpB,KAAK,EAAE,OAAO;SACd,CAAC;IACH,CAAC;IAED;;;;;;OAMG;IACH,qBAAqB,CACpB,IAAU,EACV,SAA8D;QAE9D,IAAI,IAAI,CAAC,uBAAuB,IAAI,SAAS,CAAC,SAAS,KAAK,IAAI,CAAC,uBAAuB,EAAE,CAAC;YAC1F,MAAK,CAAC,IAAI,KAAK,CAAC,0DAA0D,CAAC,CAAC,CAAC;QAC9E,CAAC;QACD,IAAI,CAAC,WAAW,CAAC,IAAI,CAAC,GAAG;YACxB,SAAS,EAAE,IAAI;YACf,SAAS;SACT,CAAC;IACH,CAAC;IAES,KAAK,CAAC,aAAa,CAAC,GAAG,IAAyD;QACzF,MAAM,MAAM,GAAG,MAAM,KAAK,CAAC,aAAa,CAAC,GAAG,IAAI,CAAC,CAAC;QAClD,2BAA2B;QAC3B,MAAM,cAAc,GAAkC,EAAE,CAAC;QAEzD,KAAK,MAAM,CAAC,IAAI,EAAE,SAAS,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,IAAI,CAAC,WAAW,CAAC,EAAE,CAAC;YAClE,IAAI,CAAC,CAAC,IAAI,IAAI,yBAAyB,CAAC,EAAE,CAAC;gBAC1C,MAAK,CAAC,IAAI,KAAK,CAAC,sBAAsB,IAAI,EAAE,CAAC,CAAC,CAAC;YAChD,CAAC;YAED,+BAA+B,CAAC,IAAI,CAAC,CAAC;YACtC,MAAM,OAAO,GAAG,yBAAyB,CAAC,IAAI,CAAC,CAAC;YAEhD,IAAI,KAAa,CAAC;YAClB,IAAI,WAAW,IAAI,SAAS,EAAE,CAAC;gBAC9B,KAAK,GAAG,mBAAmB,CAAC,SAAS,CAAC,SAAS,CAAC,KAAK,EAAE,CAAC,CAAC;YAC1D,CAAC;iBAAM,IAAI,SAAS,CAAC,SAAS,EAAE,CAAC;gBAChC,MAAM,OAAO,GAAG,IAAI,CAAC,CAAC,CAAC,CAAC,gBAAgB,CAAC;gBACzC,MAAM,aAAa,GAAG,MAAM,kBAAkB,CAAC,MAAM,CAAC,OAAO,EAAE,IAAI,EAAE,SAAS,CAAC,KAAK,CAAC,CAAC;gBACtF,KAAK,GAAG,mBAAmB,CAAC,aAAa,CAAC,KAAK,EAAE,CAAC,CAAC;YACpD,CAAC;iBAAM,CAAC;gBACP,KAAK,GAAG,mBAAmB,CAAC,SAAS,CAAC,KAAK,CAAC,CAAC;YAC9C,CAAC;YAED,cAAc,CAAC,IAAI,CAAC,CAAC;oBACpB,IAAI,EAAE,KAAK;oBACX,GAAG,EAAE,OAAO;iBACZ,EAAE;oBACF,IAAI,EAAE,SAAS;oBACf,IAAI,EAAE,UAAU;oBAChB,KAAK,EAAE,SAAS,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;oBAClC,QAAQ,EAAE,KAAK;iBACf,CAAC,CAAC,CAAC;QACL,CAAC;QAED,IAAI,cAAc,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YAC/B,MAAM,CAAC,IAAI,CACV,sBAAsB,CAAC,SAAS,CAAC,IAAI,CAAC,KAAK,CAAC,cAAc,EAAE,cAAc,CAAC,CAC3E,CAAC;QACH,CAAC;QAED,OAAM,CAAC,MAAM,CAAC,CAAC;IAChB,CAAC;IAED;;;;;OAKG;IACH,KAAK,CAAC,KAAK,CAAC,MAA0C;QACrD,MAAM,UAAU,GAAG,kBAAkB,CAAC,SAAS,CAAC,MAAM,CAAC,CAAC;QACxD,MAAM,WAAW,GAAG,MAAM,KAAK,CAAC,QAAQ,CAAC,UAAU,CAAC,CAAC;QACrD,mEAAmE;QACnE,MAAM,iBAAiB,GAAG,IAAI,WAAW,CAAC,WAAW,EAAE;YACtD;;;;;eAKG;YACH,MAAM,EAAE,IAAI;SACZ,CAAC,CAAC;QAEH,OAAM,CAAC,iBAAiB,CAAC,CAAC;IAC3B,CAAC;CACD;AAED,MAAM,OAAO,WAAY,SAAQ,eAAe;IAC9B,UAAU,CAAkB;IAC7C,MAAM,CAAU,OAAO,GAA8B,kBAAkB,CAAC;IACxE,MAAM,CAAU,kBAAkB,CAAuC;IAEzE;;OAEM;IACG,UAAU,GAQf,EAAE,CAAC;IAEP,YAAY,KAAqD,EAAE,OAA2F;QAC7J,KAAK,CAAC,KAAK,EAAE,OAAO,CAAC,CAAC;QAEtB,IAAI,CAAC,UAAU,GAAG,OAAO,EAAE,UAAU,IAAI,IAAI,CAAC,gBAAgB,CAAC;QAE/D,KAAK,CAAC,oBAAoB,EAAE,CAAC;IAC9B,CAAC;IAES,oBAAoB;QAC7B,6DAA6D;IAC9D,CAAC;IAEO,iBAAiB,CAAyC,IAAU,EAAE,KAAkB;QAC/F,aAAa;QACb,IAAI,CAAC,UAAU,CAAC,IAAI,CAAC,GAAG,EAAE,SAAS,EAAE,KAAK,EAAE,KAAK,EAAyC,CAAC;IAC5F,CAAC;IAEO,qBAAqB,CAAyC,IAAU,EAAE,KAAkB;QACnG,MAAM,kBAAkB,GAAG,KAAK,EAAE,IAA0B,EAA4C,EAAE;YACzG,MAAM,WAAW,GAAG,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,mBAAmB,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC;YAC7E,OAAM,CAAC,MAAM,eAAe,CAAC,IAAI,EAAE,WAAW,EAAE,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC;QACrE,CAAC,CAAC;QACF,IAAI,CAAC,UAAU,CAAC,IAAI,CAAC,GAAG;YACvB,SAAS,EAAE,IAAI;YACf,KAAK,EAAE,IAAI,kBAAkB,CAAC,IAAI,CAAC,UAAU,EAAE,KAAK,EAAE,kBAAkB,CAAC;SAClC,CAAC;IAC1C,CAAC;IAED;;;;;OAKG;IACH,KAAK,CAAC,iBAAiB,CAAyC,aAAmB;QAClF,MAAM,IAAI,GAAG,IAAI,CAAC,UAAU,CAAC,aAAa,CAAC,EAAE,KAAK,CAAC;QACnD,IAAI,CAAC,IAAI,EAAE,CAAC;YACX,MAAK,CAAC,IAAI,KAAK,CAAC,aAAa,aAAa,mBAAmB,CAAC,CAAC,CAAC;QACjE,CAAC;QAED,IAAI,IAAI,YAAY,kBAAkB,EAAE,CAAC;YACxC,MAAM,GAAG,GAAG,MAAM,IAAI,CAAC,GAAG,EAAE,CAAC;YAC7B,OAAM,CAAC,MAAM,eAAe,CAAC,aAAa,EAAE,GAAG,EAAE,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC;QACtE,CAAC;QAED,uCAAuC;QACvC,IAAI,IAAI,YAAY,WAAW,IAAI,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,EAAE,CAAC;YAC1D,OAAM,CAAC,MAAM,eAAe,CAAC,aAAa,EAAE,IAAI,EAAE,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC;QACvE,CAAC;QAED,MAAK,CAAC,IAAI,KAAK,CAAC,aAAa,aAAa,0BAA0B,CAAC,CAAC,CAAC;IACxE,CAAC;IAES,gBAAgB,CAAC,EAAU,EAAE,KAAkB;QACxD,IAAI,KAAK,CAAC,gBAAgB,CAAC,EAAE,EAAE,KAAK,CAAC,EAAE,CAAC;YACvC,OAAM,CAAC,IAAI,CAAC,CAAC;QACd,CAAC;QAED,IAAI,EAAE,KAAK,IAAI,CAAC,KAAK,CAAC,cAAc,EAAE,CAAC;YACtC,MAAM,aAAa,GAAG,IAAI,IAAI,CAAC,iBAAiB,CAAC,KAAK,EAAE,uCAAuC,CAAC,CAAC,OAAO,EAAE,CAAC;YAE3G,KAAK,MAAM,SAAS,IAAI,aAAa,EAAE,CAAC;gBACvC,MAAM,UAAU,GAAG,WAAW,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC,GAAG,EAAE,yBAAyB,CAAC,CAAC;gBAC5E,MAAM,IAAI,GAAG,2BAA2B,CAAC,UAAU,CAAC,CAAC;gBACrD,MAAM,SAAS,GAAG,SAAS,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC;gBACrC,MAAM,KAAK,GAAG,mBAAmB,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC;gBAEzD,QAAQ,SAAS,EAAE,CAAC;oBACnB,KAAK,CAAC;wBACL,iBAAiB;wBACjB,IAAI,CAAC,iBAAiB,CAAC,IAAI,EAAE,KAAK,CAAC,CAAC;wBACpC,MAAM;oBACP,KAAK,CAAC;wBACL,qBAAqB;wBACrB,IAAI,CAAC,qBAAqB,CAAC,IAAI,EAAE,KAAK,CAAC,CAAC;wBACxC,MAAM;oBACP;wBACC,WAAW,CAAC,SAAS,CAAC,CAAC;gBACzB,CAAC;YACF,CAAC;YAED,OAAM,CAAC,IAAI,CAAC,CAAC;QACd,CAAC;QAED,OAAM,CAAC,KAAK,CAAC,CAAC;IACf,CAAC;;AAmCD,CAAC;AAKF,MAAM,OAAO,6BAA6B;IACzC,YAAY,CAAe;IAC3B,cAAc,CAAwB;IACtC,WAAW,GAMP,EAAE,CAAC;IAEC,SAAS,CAAqB;IAC9B,iBAAiB,GAAG,KAAK,CAAC;IAElC,MAAM,CAAC,8BAA8B,GAA2C,+BAA+B,CAAC;IAEhH,YAAY,KAAoC,EAAE,OAAoD;QACrG,IAAI,eAAuB,CAAC;QAC5B,IAAI,OAAO,KAAK,KAAK,QAAQ,EAAE,CAAC;YAC/B;;;eAGG;YACH,MAAM,UAAU,GAAG,KAAK,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC;YACxC,IAAI,WAAiC,CAAC;YACtC,KAAK,IAAI,WAAW,GAAG,CAAC,EAAE,WAAW,GAAG,UAAU,CAAC,MAAM,EAAE,WAAW,EAAE,EAAE,CAAC;gBAC1E,MAAM,IAAI,GAAG,UAAU,CAAC,WAAW,CAAC,EAAE,IAAI,EAAE,CAAC;gBAC7C,IAAI,IAAI,EAAE,UAAU,CAAC,aAAa,CAAC,EAAE,CAAC;oBACrC,IAAI,QAAQ,GAAG,CAAC,CAAC,CAAC;oBAClB,MAAM,eAAe,GAAG,IAAI,CAAC,OAAO,CAAC,OAAO,EAAE,KAAK,CAAC,CAAC;oBACrD,KAAK,IAAI,SAAS,GAAG,WAAW,GAAG,CAAC,EAAE,SAAS,GAAG,UAAU,CAAC,MAAM,EAAE,SAAS,EAAE,EAAE,CAAC;wBAClF,MAAM,YAAY,GAAG,UAAU,CAAC,SAAS,CAAC,EAAE,IAAI,EAAE,CAAC;wBACnD,IAAI,YAAY,KAAK,eAAe,EAAE,CAAC;4BACtC,QAAQ,GAAG,SAAS,CAAC;4BACrB,MAAM;wBACP,CAAC;oBACF,CAAC;oBACD,IAAI,QAAQ,KAAK,CAAC,CAAC,EAAE,CAAC;wBACrB,MAAK,CAAC,IAAI,KAAK,CAAC,sCAAsC,CAAC,CAAC,CAAC;oBAC1D,CAAC;oBAED,WAAW,GAAG,UAAU,CAAC,KAAK,CAAC,WAAW,GAAG,CAAC,EAAE,QAAQ,CAAC,CAAC;oBAC1D,MAAM;gBACP,CAAC;YACF,CAAC;YACD,IAAI,WAAW,KAAK,SAAS,EAAE,CAAC;gBAC/B,WAAW,GAAG,UAAU,CAAC;YAC1B,CAAC;YAED,WAAW,GAAG,WAAW,CAAC,GAAG,CAAC,UAAS,IAAI;gBAC1C,OAAM,CAAC,IAAI,CAAC,IAAI,EAAE,CAAC,CAAC;YACrB,CAAC,CAAC,CAAC,MAAM,CAAC,UAAS,IAAI;gBACtB,OAAM,CAAC,IAAI,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC;YACzB,CAAC,CAAC,CAAC;YAEH,MAAM,aAAa,GAAG,WAAW,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;YAC3C,eAAe,GAAG,MAAM,CAAC,IAAI,CAAC,aAAa,EAAE,QAAQ,CAAC,CAAC;QACxD,CAAC;aAAM,IAAI,MAAM,CAAC,QAAQ,CAAC,KAAK,CAAC,EAAE,CAAC;YACnC,eAAe,GAAG,KAAK,CAAC;QACzB,CAAC;aAAM,CAAC;YACP,eAAe,GAAG,mBAAmB,CAAC,KAAK,CAAC,CAAC;QAC9C,CAAC;QAED,IAAI,UAAU,GAAG,OAAO,EAAE,UAAU,CAAC;QACrC,IAAI,eAAe,CAAC,UAAU,CAAC,UAAU,CAAC,EAAE,CAAC;YAC5C,UAAU,GAAG,CAAC,UAAU,CAAC,CAAC;QAC3B,CAAC;aAAM,IAAI,UAAU,YAAY,GAAG,EAAE,CAAC;YACtC,UAAU,GAAG,KAAK,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC;QACrC,CAAC;aAAM,IAAI,UAAU,KAAK,SAAS,EAAE,CAAC;YACrC,UAAU,GAAG,IAAI,CAAC;QACnB,CAAC;QAED,IAAI,CAAC,SAAS,GAAG,kBAAkB,CAAC,iBAAiB,CAAC,eAAe,EAAE,UAAU,CAAC,CAAC;IACpF,CAAC;IAUD,MAAM,CAAC,KAAK,CAAC,eAAe,CAAC,WAAwB,EAAE,6BAAkF,EAAE,wBAAsD;QAChM,IAAI,aAAa,GAAqC,SAAS,CAAC;QAChE,IAAI,cAAc,GAA4C,SAAS,CAAC;QAExE,IAAI,wBAAwB,KAAK,SAAS,EAAE,CAAC;YAC5C,IAAI,6BAA6B,KAAK,SAAS,EAAE,CAAC;gBACjD,IAAI,KAAK,CAAC,OAAO,CAAC,6BAA6B,CAAC,EAAE,CAAC;oBAClD,cAAc,GAAG,6BAA6B,CAAC;gBAChD,CAAC;qBAAM,CAAC;oBACP,aAAa,GAAG,6BAA6B,CAAC;gBAC/C,CAAC;YACF,CAAC;QACF,CAAC;aAAM,CAAC;YACP,IAAI,6BAA6B,KAAK,SAAS,EAAE,CAAC;gBACjD,IAAI,KAAK,CAAC,OAAO,CAAC,6BAA6B,CAAC,EAAE,CAAC;oBAClD,MAAK,CAAC,IAAI,SAAS,CAAC,iDAAiD,CAAC,CAAC,CAAC;gBACzE,CAAC;gBACD,aAAa,GAAG,6BAA6B,CAAC;YAC/C,CAAC;YACD,cAAc,GAAG,wBAAwB,CAAC;QAC3C,CAAC;QAED,IAAI,cAAc,KAAK,SAAS,EAAE,CAAC;YAClC;;;eAGG;YACH,yEAAyE;YACzE,cAAc,GAAG,MAAM,CAAC,IAAI,CAAC,WAAW,CAAC,UAAU,CAA4C,CAAC;QACjG,CAAC;QAED,MAAM,UAAU,GAA8D,EAAE,CAAC;QACjF,KAAK,MAAM,IAAI,IAAI,cAAc,EAAE,CAAC;YACnC,MAAM,IAAI,GAAG,WAAW,CAAC,UAAU,CAAC,IAAI,CAAC,CAAC;YAC1C;;eAEG;YACH,IAAI,CAAC,IAAI,EAAE,CAAC;gBACX,SAAS;YACV,CAAC;YAED,MAAM,UAAU,GAA6B,EAAE,CAAC;YAChD,MAAM,8BAA8B,GAAG,KAAK,WAAU,GAAY;gBACjE,OAAM,CAAC,MAAM,UAAU,CAAC,GAAG,EAAE,KAAK,WAAU,GAAG,EAAE,KAAK,EAAE,MAAM;oBAC7D,IAAI,GAAG,KAAK,OAAO,EAAE,CAAC;wBACrB,IAAI,CAAC;4BACJ,IAAI,OAAO,MAAM,KAAK,QAAQ,IAAI,MAAM,KAAK,IAAI,EAAE,CAAC;gCACnD,MAAK,CAAC,IAAI,KAAK,CAAC,gCAAgC,CAAC,CAAC,CAAC;4BACpD,CAAC;4BACD,IAAI,CAAC,CAAC,QAAQ,IAAI,MAAM,CAAC,IAAI,OAAO,MAAM,CAAC,MAAM,KAAK,QAAQ,IAAI,MAAM,CAAC,MAAM,KAAK,IAAI,EAAE,CAAC;gCAC1F,MAAK,CAAC,IAAI,KAAK,CAAC,wCAAwC,CAAC,CAAC,CAAC;4BAC5D,CAAC;4BACD,IAAI,CAAC,CAAC,QAAQ,IAAI,MAAM,CAAC,MAAM,CAAC,EAAE,CAAC;gCAClC,MAAK,CAAC,IAAI,KAAK,CAAC,0CAA0C,CAAC,CAAC,CAAC;4BAC9D,CAAC;4BAED,MAAM,MAAM,GAAG,MAAM,CAAC,MAAM,CAAC,MAAM,CAAC;4BACpC,IAAI,CAAC,MAAM,CAAC,QAAQ,CAAC,MAAM,CAAC,EAAE,CAAC;gCAC9B,MAAK,CAAC,IAAI,SAAS,CAAC,8BAA8B,CAAC,CAAC,CAAC;4BACtD,CAAC;4BACD,IAAI,OAAO,KAAK,KAAK,UAAU,EAAE,CAAC;gCACjC,MAAK,CAAC,IAAI,SAAS,CAAC,+BAA+B,CAAC,CAAC,CAAC;4BACvD,CAAC;4BAED;;;;+BAIG;4BACH,qGAAqG;4BACrG,MAAM,SAAS,GAAG,MAAM,KAAK,CAAC,CAAC,WAAW,CAAC,gBAAgB,CAAC,CAAC,CAAC;4BAC9D,yCAAyC;4BACzC,IAAI,CAAC,MAAM,CAAC,SAAS,CAAC,EAAE,CAAC;gCACxB,MAAK,CAAC,IAAI,KAAK,CAAC,uCAAuC,CAAC,CAAC,CAAC;4BAC3D,CAAC;4BAED,MAAM,aAAa,GAAG,MAAM,CAAC,IAAI,CAAC,MAAM,SAAS,CAAC,WAAW,EAAE,CAAC,CAAC;4BACjE,MAAM,WAAW,GAAG,MAAM,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC,WAAW,EAAE,CAAC;4BACzD,UAAU,CAAC,WAAW,CAAC,GAAG,aAAa,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC;4BAE3D,OAAM,CAAC,KAAK;gCACX,OAAM,CAAC,SAAS,CAAC,CAAC;4BACnB,CAAC,CAAC,CAAC;wBACJ,CAAC;wBAAC,MAAM,CAAC;4BACR,mBAAmB;4BACnB,OAAM,CAAC,SAAS,CAAC,CAAC;wBACnB,CAAC;oBACF,CAAC;yBAAM,CAAC;wBACP,OAAM,CAAC,KAAK,CAAC,CAAC;oBACf,CAAC;gBACF,CAAC,CAAC,CAAC,CAAC;YACL,CAAC,CAAA;YAED;;;;eAIG;YACH,IAAI,IAAI,KAAK,YAAY,EAAE,CAAC;gBAC3B,MAAM,SAAS,GAAG,MAAM,WAAW,CAAC,iBAAiB,CAAC,IAAI,CAAC,CAAC;gBAC5D,MAAM,8BAA8B,CAAC,SAAS,CAAC,CAAC;YACjD,CAAC;YAED,IAAI,IAAI,CAAC,SAAS,EAAE,CAAC;gBACpB,UAAU,CAAC,IAAI,CAAC,GAAG;oBAClB,SAAS,EAAE,IAAI;oBACf,KAAK,EAAE,MAAM,IAAI,CAAC,KAAK,CAAC,QAAQ,EAAE;oBAClC,UAAU,EAAE,UAAU;iBACtB,CAAC;YACH,CAAC;iBAAM,CAAC;gBACP,UAAU,CAAC,IAAI,CAAC,GAAG;oBAClB,SAAS,EAAE,KAAK;oBAChB,KAAK,EAAE,mBAAmB,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,QAAQ,CAAC,QAAQ,CAAC;oBACzD,UAAU,EAAE,UAAU;iBACtB,CAAC;YACH,CAAC;QACF,CAAC;QAGD,IAAI,iBAAiB,CAAC;QACtB,aAAa,KAAK,IAAI,GAAG,EAAE,CAAC;QAC5B,IAAI,aAAa,CAAC,IAAI,KAAK,CAAC,EAAE,CAAC;YAC9B,iBAAiB,GAAG,SAAS,CAAC;QAC/B,CAAC;aAAM,CAAC;YACP,iBAAiB,GAAG,KAAK,CAAC,IAAI,CAAC,aAAa,CAAC,CAAC,GAAG,CAAC,UAAS,uBAAuB;gBACjF,OAAM,CAAC,uBAAuB,CAAC,KAAK,EAAE,CAAC,CAAC;YACzC,CAAC,CAAC,CAAC;QACJ,CAAC;QAED,MAAM,cAAc,GAAG,IAAI,CAAC,SAAS,CAAC;YACrC,WAAW,EAAE,WAAW,CAAC,KAAK,EAAE;YAChC,aAAa,EAAE,iBAAiB;YAChC,UAAU,EAAE,UAAU;SACgC,CAAC,CAAC;QAEzD,MAAM,aAAa,GAAG,eAAe,CAAC,QAAQ,CAAC,eAAe,CAAC,kBAAkB,EAAE,EAAE,CAAC,CAAC,CAAC;QACxF,MAAM,cAAc,GAAG,MAAM,CAAC,IAAI,CAAC,cAAc,EAAE,OAAO,CAAC,CAAC;QAC5D,MAAM,SAAS,GAAG,kBAAkB,CAAC,aAAa,CAAC,mBAAmB,CAAC,cAAc,CAAC,EAAE,CAAC,aAAa,CAAC,EAAE,IAAI,CAAC,CAAC;QAC/G,MAAM,eAAe,GAAG,MAAM,SAAS,CAAC,gBAAgB,EAAE,CAAC;QAE3D,MAAM,MAAM,GAAG,IAAI,6BAA6B,CAAC,eAAe,EAAE;YACjE,UAAU,EAAE,aAAa;SACzB,CAAC,CAAC;QACH,MAAM,MAAM,CAAC,YAAY,CAAC,aAAa,CAAC,CAAC;QACzC,OAAM,CAAC,MAAM,CAAC,CAAC;IAChB,CAAC;IAED,KAAK,CAAC,WAAW,CAAC,SAA0B;QAC3C,MAAM,IAAI,CAAC,SAAS,CAAC,WAAW,CAAC,SAAS,CAAC,CAAC;QAC5C,OAAM,CAAC,IAAI,CAAC,CAAC;IACd,CAAC;IAED,KAAK,CAAC,YAAY,CAAC,SAA0B;QAC5C,MAAM,IAAI,CAAC,SAAS,CAAC,YAAY,CAAC,SAAS,CAAC,CAAC;QAC7C,OAAM,CAAC,IAAI,CAAC,CAAC;IACd,CAAC;IAED,IAAI,UAAU;QACb,OAAM,CAAC,IAAI,CAAC,SAAS,CAAC,UAAU,CAAC,CAAC;IACnC,CAAC;IAED,KAAK,CAAC,SAAS;QACd,IAAI,IAAI,CAAC,iBAAiB,EAAE,CAAC;YAC5B,OAAO;QACR,CAAC;QACD,IAAI,CAAC,iBAAiB,GAAG,IAAI,CAAC;QAE9B,MAAM,cAAc,GAAG,MAAM,IAAI,CAAC,SAAS,CAAC,YAAY,EAAE,CAAC;QAE3D;;;;;WAKG;QACH,IAAI,0BAA0B,GAAgB,cAAc,CAAC;QAC7D,MAAM,mBAAmB,GAAG,IAAI,UAAU,CAAC,cAAc,CAAC,CAAC;QAC3D,MAAM,YAAY,GAAG,mBAAmB,CAAC,CAAC,CAAC,KAAK,IAAI,CAAC;QACrD,IAAI,YAAY,EAAE,CAAC;YAClB,0BAA0B,GAAG,MAAM,cAAc,CAAC,GAAG,CAAC,KAAK,CAAC,MAAM,CAAC,gBAAgB,CAAC,cAAc,CAAC,CAAC;QACrG,CAAC;QACD,MAAM,cAAc,GAAG,MAAM,CAAC,IAAI,CAAC,0BAA0B,CAAC,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC;QACjF,MAAM,YAAY,GAAY,IAAI,CAAC,KAAK,CAAC,cAAc,CAAC,CAAC;QACzD,MAAM,QAAQ,GAAG,iDAAiD,CAAC,YAAY,CAAC,CAAC;QAEjF,IAAI,CAAC,cAAc,GAAG,IAAI,GAAG,EAAmB,CAAC;QACjD,KAAK,MAAM,eAAe,IAAI,QAAQ,CAAC,aAAa,IAAI,EAAE,EAAE,CAAC;YAC5D,MAAM,gBAAgB,GAAG,IAAI,eAAe,CAAC,eAAe,CAAC,CAAC;YAC9D,IAAI,CAAC,cAAc,CAAC,GAAG,CAAC,gBAAgB,CAAC,CAAC;QAC3C,CAAC;QAED,IAAI,CAAC,YAAY,GAAG,IAAI,WAAW,CAAC,QAAQ,CAAC,WAAW,CAAC,CAAC;QAC1D,MAAM,iBAAiB,GAAG,MAAM,CAAC,OAAO,CAAC,QAAQ,CAAC,UAAU,CAAC,CAAC,GAAG,CAAC,KAAK,EAAE,CAAC,IAAI,EAAE,IAAI,CAAC,EAAsH,EAAE;YAC5M;;;;;;eAMG;YACH,yEAAyE;YACzE,MAAM,aAAa,GAAG,IAAI,CAAC,YAAY,EAAE,UAAU,CAAC,IAAiC,CAAC,CAAC;YAEvF,IAAI,CAAC,aAAa,EAAE,CAAC;gBACpB,MAAK,CAAC,IAAI,KAAK,CAAC,aAAa,IAAI,2BAA2B,CAAC,CAAC,CAAC;YAChE,CAAC;YAED,IAAI,aAAa,CAAC,SAAS,KAAK,IAAI,CAAC,SAAS,EAAE,CAAC;gBAChD,MAAK,CAAC,IAAI,KAAK,CAAC,aAAa,IAAI,wCAAwC,CAAC,CAAC,CAAC;YAC7E,CAAC;YAED,IAAI,CAAC,IAAI,CAAC,SAAS,EAAE,CAAC;gBACrB,IAAI,aAAa,CAAC,SAAS,EAAE,CAAC;oBAC7B,MAAK,CAAC,IAAI,KAAK,CAAC,aAAa,IAAI,wCAAwC,CAAC,CAAC,CAAC;gBAC7E,CAAC;gBAED,MAAM,SAAS,GAAG,aAAa,CAAC,KAAK,CAAC;gBACtC,MAAM,WAAW,GAAG,mBAAmB,CAAC,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,KAAK,EAAE,QAAQ,CAAC,CAAC,CAAC;gBAC3E,IAAI,WAAW,CAAC,UAAU,KAAK,SAAS,CAAC,UAAU,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,WAAW,CAAC,CAAC,MAAM,CAAC,MAAM,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC,EAAE,CAAC;oBACjH,MAAK,CAAC,IAAI,KAAK,CAAC,aAAa,IAAI,kCAAkC,CAAC,CAAC,CAAC;gBACvE,CAAC;gBAED,OAAM,CAAC,CAAC,IAAI,EAAE;wBACb,SAAS,EAAE,KAAK;wBAChB,KAAK,EAAE,WAAW;wBAClB,UAAU,EAAE,IAAI,CAAC,UAAU;qBAC3B,CAAC,CAAC,CAAC;YACL,CAAC;YAED,IAAI,CAAC,aAAa,CAAC,SAAS,EAAE,CAAC;gBAC9B,MAAK,CAAC,IAAI,KAAK,CAAC,aAAa,IAAI,wCAAwC,CAAC,CAAC,CAAC;YAC7E,CAAC;YAED,IAAI,CAAC,CAAC,MAAM,aAAa,CAAC,KAAK,CAAC,aAAa,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC;gBAC5D,MAAK,CAAC,IAAI,KAAK,CAAC,aAAa,IAAI,0BAA0B,CAAC,CAAC,CAAC;YAC/D,CAAC;YAED,MAAM,SAAS,GAAG,mBAAmB,CAAC,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,KAAK,CAAC,KAAK,EAAE,QAAQ,CAAC,CAAC,CAAC;YAE/E,OAAM,CAAC,CAAC,IAAI,EAAE;oBACb,SAAS,EAAE,IAAI;oBACf,KAAK,EAAE,SAAS;oBAChB,UAAU,EAAE,IAAI,CAAC,UAAU;iBAC3B,CAAC,CAAC,CAAC;QACL,CAAC,CAAC,CAAC;QACH,MAAM,kBAAkB,GAAG,MAAM,OAAO,CAAC,GAAG,CAAC,iBAAiB,CAAC,CAAC;QAChE,IAAI,CAAC,WAAW,GAAG,MAAM,CAAC,WAAW,CAAC,kBAAkB,CAAC,CAAC;IAC3D,CAAC;IAED,KAAK,CAAC,cAAc;QACnB,MAAM,IAAI,CAAC,SAAS,EAAE,CAAC;QACvB,IAAI,CAAC,IAAI,CAAC,YAAY,EAAE,CAAC;YACxB,MAAK,CAAC,IAAI,KAAK,CAAC,2CAA2C,CAAC,CAAC,CAAC;QAC/D,CAAC;QACD,OAAM,CAAC,IAAI,CAAC,YAAY,CAAC,CAAC;IAC3B,CAAC;IAED;;;;;;OAMG;IACH,KAAK,CAAC,gBAAgB;QACrB,MAAM,IAAI,CAAC,SAAS,EAAE,CAAC;QACvB,IAAI,IAAI,CAAC,cAAc,IAAI,IAAI,CAAC,cAAc,CAAC,IAAI,GAAG,CAAC,EAAE,CAAC;YACzD,OAAM,CAAC,IAAI,GAAG,CAAC,IAAI,CAAC,cAAc,CAAC,CAAC,CAAC;QACtC,CAAC;QACD,OAAM,CAAC,IAAI,GAAG,EAAE,CAAC,CAAC;IACnB,CAAC;IAED,KAAK,CAAC,kBAAkB,CAAC,IAAY;QACpC,MAAM,IAAI,CAAC,SAAS,EAAE,CAAC;QACvB,MAAM,IAAI,GAAG,IAAI,CAAC,WAAW,CAAC,IAAI,CAAC,CAAC;QACpC,OAAM,CAAC,IAAI,EAAE,KAAK,CAAC,CAAC;IACrB,CAAC;IAED,KAAK,CAAC,YAAY,CAAyC,IAAU;QACpE,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,kBAAkB,CAAC,IAAI,CAAC,CAAC;QACnD,IAAI,MAAM,KAAK,SAAS,EAAE,CAAC;YAC1B,OAAM,CAAC,SAAS,CAAC,CAAC;QACnB,CAAC;QAED,MAAM,oBAAoB,GAAG,MAAM,eAAe,CAAC,IAAI,EAAE,MAAM,EAAE,IAAI,CAAC,UAAU,CAAC,CAAC;QAElF;;;WAGG;QACH,MAAM,MAAM,GAAG,MAAM,UAAU,CAAC,oBAAoB,EAAE,KAAK,EAAE,GAAG,EAAE,KAAK,EAAE,MAAM,EAAE,EAAE;YAClF,IAAI,GAAG,KAAK,OAAO,EAAE,CAAC;gBACrB,IAAI,OAAO,MAAM,KAAK,QAAQ,IAAI,MAAM,KAAK,IAAI,EAAE,CAAC;oBACnD,MAAK,CAAC,IAAI,KAAK,CAAC,gCAAgC,CAAC,CAAC,CAAC;gBACpD,CAAC;gBACD,IAAI,CAAC,CAAC,QAAQ,IAAI,MAAM,CAAC,IAAI,OAAO,MAAM,CAAC,MAAM,KAAK,QAAQ,IAAI,MAAM,CAAC,MAAM,KAAK,IAAI,EAAE,CAAC;oBAC1F,MAAK,CAAC,IAAI,KAAK,CAAC,wCAAwC,CAAC,CAAC,CAAC;gBAC5D,CAAC;gBACD,MAAM,UAAU,GAAG,MAAM,CAAC,MAAM,CAAC;gBACjC,IAAI,CAAC,CAAC,QAAQ,IAAI,UAAU,CAAC,EAAE,CAAC;oBAC/B,MAAK,CAAC,IAAI,KAAK,CAAC,0CAA0C,CAAC,CAAC,CAAC;gBAC9D,CAAC;gBACD,IAAI,CAAC,MAAM,CAAC,QAAQ,CAAC,UAAU,CAAC,MAAM,CAAC,EAAE,CAAC;oBACzC,MAAK,CAAC,IAAI,SAAS,CAAC,8BAA8B,CAAC,CAAC,CAAC;gBACtD,CAAC;gBAED,IAAI,CAAC,CAAC,UAAU,IAAI,MAAM,CAAC,IAAI,OAAO,MAAM,CAAC,QAAQ,KAAK,QAAQ,IAAI,MAAM,CAAC,QAAQ,KAAK,IAAI,EAAE,CAAC;oBAChG,MAAK,CAAC,IAAI,KAAK,CAAC,0CAA0C,CAAC,CAAC,CAAC;gBAC9D,CAAC;gBACD,IAAI,CAAC,CAAC,aAAa,IAAI,MAAM,CAAC,QAAQ,CAAC,IAAI,OAAO,MAAM,CAAC,QAAQ,CAAC,WAAW,KAAK,QAAQ,EAAE,CAAC;oBAC5F,MAAK,CAAC,IAAI,KAAK,CAAC,sDAAsD,CAAC,CAAC,CAAC;gBAC1E,CAAC;gBAED,MAAM,WAAW,GAAG,UAAU,CAAC,MAAM,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC,WAAW,EAAE,CAAC;gBACpE,MAAM,cAAc,GAAG,IAAI,CAAC,WAAW,CAAC,IAAI,CAAC,EAAE,UAAU,EAAE,CAAC,WAAW,CAAC,CAAC;gBACzE,MAAM,WAAW,GAAG,MAAM,CAAC,QAAQ,CAAC,WAAW,CAAC;gBAChD,OAAM,CAAC,KAAK;oBACX,IAAI,CAAC,cAAc,EAAE,CAAC;wBACrB,MAAK,CAAC,IAAI,KAAK,CAAC,kCAAkC,WAAW,EAAE,CAAC,CAAC,CAAC;oBACnE,CAAC;oBACD,MAAM,aAAa,GAAG,MAAM,CAAC,IAAI,CAAC,cAAc,EAAE,QAAQ,CAAC,CAAC;oBAC5D,MAAM,eAAe,GAAG,mBAAmB,CAAC,aAAa,CAAC,CAAC;oBAE3D,gDAAgD;oBAChD,MAAM,SAAS,GAAG,MAAM,gBAAgB,CAAC,aAAa,EAAE,MAAM,CAAC,MAAM,CAAC,CAAC;oBACvE,IAAI,SAAS,KAAK,IAAI,EAAE,CAAC;wBACxB,MAAK,CAAC,SAAS,CAAC,CAAC;oBAClB,CAAC;oBAED,OAAM,CAAC,IAAI,IAAI,CAAC,CAAC,eAAe,CAAC,EAAE,EAAE,IAAI,EAAE,WAAW,EAAE,CAAC,CAAC,CAAC;gBAC5D,CAAC,CAAC,CAAC;YACJ,CAAC;YAED,OAAM,CAAC,KAAK,CAAC,CAAC;QACf,CAAC,CAAC,CAAC;QAEH;;WAEG;QACH,yEAAyE;QACzE,OAAO,MAA0C,CAAC;IACnD,CAAC;IAID,KAAK,CAAC,iBAAiB,CAAC,cAAwB;QAC/C,MAAM,IAAI,CAAC,SAAS,EAAE,CAAC;QACvB,MAAM,KAAK,GAAG,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,WAAW,CAAC,CAAC;QAE5C,IAAI,cAAc,EAAE,CAAC;YACpB,OAAM,CAAC,KAAK,CAAC,CAAC;QACf,CAAC;QAED,MAAM,UAAU,GAAG,KAAK,CAAC,MAAM,CAAC,UAAS,IAAI;YAC5C,OAAM,CAAC,IAAI,IAAI,yBAAyB,CAAC,CAAC;QAC3C,CAAC,CAAC,CAAC;QAEH,OAAM,CAAC,UAAU,CAAC,CAAC;IACpB,CAAC;IAMD,KAAK,CAAC,MAAM,CAAC,OAAoD;QAChE,OAAO,GAAG;YACT,MAAM,EAAE,aAAa;YACrB,GAAG,OAAO;SACV,CAAC;QAEF,IAAI,UAA6B,CAAC;QAClC,IAAI,CAAC;YACJ,UAAU,GAAG,IAAI,CAAC,SAAS,CAAC,UAAU,CAAC;QACxC,CAAC;QAAC,MAAM,CAAC;YACR,UAAU,GAAG,EAAE,CAAC;QACjB,CAAC;QACD,IAAI,UAAU,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YAC7B,MAAK,CAAC,IAAI,KAAK,CAAC,oEAAoE,CAAC,CAAC,CAAC;QACxF,CAAC;QAED,MAAM,YAAY,GAAG,MAAM,IAAI,CAAC,SAAS,CAAC,gBAAgB,EAAE,CAAC;QAC7D,IAAI,OAAO,CAAC,MAAM,KAAK,QAAQ,EAAE,CAAC;YACjC,MAAM,YAAY,GAAG,MAAM,CAAC,IAAI,CAAC,YAAY,CAAC,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC;YAClE,MAAM,WAAW,GAAG,CAAC,uCAAuC,CAAC,CAAC;YAC9D,WAAW,CAAC,IAAI,CAAC,GAAG,YAAY,CAAC,KAAK,CAAC,UAAU,CAAC,IAAI,EAAE,CAAC,CAAC;YAC1D,WAAW,CAAC,IAAI,CAAC,qCAAqC,CAAC,CAAC;YACxD,OAAM,CAAC,WAAW,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC;QAChC,CAAC;aAAM,IAAI,OAAO,CAAC,MAAM,KAAK,aAAa,EAAE,CAAC;YAC7C,OAAM,CAAC,YAAY,CAAC,CAAC;QACtB,CAAC;aAAM,CAAC;YACP,MAAK,CAAC,IAAI,KAAK,CAAC,8BAA8B,MAAM,CAAC,OAAO,CAAC,MAAM,CAAC,EAAE,CAAC,CAAC,CAAC;QAC1E,CAAC;IACF,CAAC;;AAGF,aAAa;AACb,WAAW,CAAC,kBAAkB,GAAG,6BAA6B,CAAC;AAE/D,gBAAgB;AAChB,MAAM,CAAC,MAAM,QAAQ,GAAG;IACvB,kBAAkB;IAClB,YAAY,EAAE,IAAI,CAAC,YAAY;IAC/B,iBAAiB,EAAE,IAAI,CAAC,iBAAiB;IACzC,QAAQ,EAAE,IAAI,CAAC,QAAQ;IACvB,oBAAoB;IACpB,eAAe;IACf,wBAAwB;IACxB,iBAAiB;IACjB,iBAAiB;IACjB,2BAA2B;IAC3B,0BAA0B;CAC1B,CAAC","sourcesContent":["import * as KeetaNetClient from '@keetanetwork/keetanet-client';\nimport * as oids from '../services/kyc/oids.generated.js';\nimport * as ASN1 from './utils/asn1.js';\nimport { arrayBufferToBuffer, Buffer, bufferToArrayBuffer } from './utils/buffer.js';\nimport { assertNever } from './utils/never.js';\nimport type { CertificateAttributeValue } from '../services/kyc/iso20022.generated.js';\nimport { CertificateAttributeOIDDB, CertificateAttributeSchema } from '../services/kyc/iso20022.generated.js';\nimport { lookupByOID } from './utils/oid.js';\nimport { EncryptedContainer } from './encrypted-container.js';\nimport { assertSharableCertificateAttributesContentsSchema } from './certificates.generated.js';\nimport { checkHashWithOID } from './utils/external.js';\nimport { SensitiveAttribute, encodeForSensitive, encodeAttribute, type CertificateAttributeNames } from './sensitive-attribute.js';\nexport { SensitiveAttribute } from './sensitive-attribute.js';\nexport type { CertificateAttributeNames } from './sensitive-attribute.js';\n\n/**\n * Short alias for the KeetaNetAccount type\n */\nconst KeetaNetAccount: typeof KeetaNetClient.lib.Account = KeetaNetClient.lib.Account;\n\n/* ENUM */\ntype AccountKeyAlgorithm = InstanceType<typeof KeetaNetClient.lib.Account>['keyType'];\n\n/**\n * An alias for the KeetaNetAccount type\n */\ntype KeetaNetAccount = ReturnType<typeof KeetaNetClient.lib.Account.fromSeed<AccountKeyAlgorithm>>;\n\n/*\n * Base Certificate types, aliased for convenience\n */\ntype BaseCertificateClass = typeof KeetaNetClient.lib.Utils.Certificate.Certificate;\ntype BaseCertificate = InstanceType<BaseCertificateClass>;\nconst BaseCertificate: BaseCertificateClass = KeetaNetClient.lib.Utils.Certificate.Certificate;\ntype BaseCertificateBuilderClass = typeof KeetaNetClient.lib.Utils.Certificate.CertificateBuilder;\ntype BaseCertificateBuilder = InstanceType<BaseCertificateBuilderClass>;\nconst BaseCertificateBuilder: BaseCertificateBuilderClass = KeetaNetClient.lib.Utils.Certificate.CertificateBuilder;\n\nfunction isPlainObject(value: unknown): value is { [key: string]: unknown } {\n\treturn(typeof value === 'object' && value !== null && !Array.isArray(value));\n}\n\n/**\n * Recursively normalize object properties\n */\nfunction normalizeDecodedASN1Object(obj: object, principals: KeetaNetAccount[]): { [key: string]: unknown } {\n\tconst result: { [key: string]: unknown } = {};\n\tfor (const [key, value] of Object.entries(obj)) {\n\t\t// eslint-disable-next-line @typescript-eslint/no-use-before-define\n\t\tresult[key] = normalizeDecodedASN1(value, principals);\n\t}\n\treturn(result);\n}\n\n/**\n * Post-process the output from toJavaScriptObject() to:\n * 1. Unwrap any remaining ASN.1-like objects (from IsAnyString/IsAnyDate)\n * 2. Add domain-specific $blob function to Reference objects\n */\nfunction normalizeDecodedASN1(input: unknown, principals: KeetaNetAccount[]): unknown {\n\t// Handle primitives\n\tif (input === undefined || input === null || typeof input !== 'object') {\n\t\treturn(input);\n\t}\n\tif (input instanceof Date || Buffer.isBuffer(input) || input instanceof ArrayBuffer) {\n\t\treturn(input);\n\t}\n\n\t// Handle arrays\n\tif (Array.isArray(input)) {\n\t\treturn(input.map(item => normalizeDecodedASN1(item, principals)));\n\t}\n\n\t// Unwrap ASN.1-like objects from ambiguous schemas (IsAnyString, IsAnyDate, IsBitString)\n\t// These are plain objects like { type: 'string', kind: 'utf8', value: 'text' }\n\t// eslint-disable-next-line @typescript-eslint/consistent-type-assertions\n\tconst obj = input as { type?: string; kind?: string; value?: unknown; unusedBits?: number; contains?: unknown };\n\tif (obj.type === 'string' && 'value' in obj && typeof obj.value === 'string') {\n\t\treturn(obj.value);\n\t}\n\tif (obj.type === 'date' && 'value' in obj && obj.value instanceof Date) {\n\t\treturn(obj.value);\n\t}\n\tif (obj.type === 'bitstring' && 'value' in obj && Buffer.isBuffer(obj.value)) {\n\t\treturn(obj.value);\n\t}\n\n\t// Check if this is a Reference object (has external.url and digest fields)\n\tif ('external' in obj && 'digest' in obj && isPlainObject(obj.external) && isPlainObject(obj.digest)) {\n\t\t// eslint-disable-next-line @typescript-eslint/consistent-type-assertions\n\t\tconst ref = obj as { external: { url?: string; contentType?: string }; digest?: { digestAlgorithm?: string | { oid?: string }; digest?: unknown }; encryptionAlgorithm?: string | { oid?: string }};\n\t\tconst url = ref.external.url;\n\t\tconst mimeType = ref.external.contentType;\n\n\t\t// After toJavaScriptObject(), OIDs are strings, not {oid: string}\n\t\tconst encryptionAlgoOID = typeof ref.encryptionAlgorithm === 'string'\n\t\t\t? ref.encryptionAlgorithm\n\t\t\t: ref.encryptionAlgorithm?.oid;\n\t\tconst digestInfo = ref.digest;\n\n\t\tif (typeof url === 'string' && typeof mimeType === 'string' && digestInfo) {\n\t\t\tlet cachedValue: Blob | null = null;\n\n\t\t\treturn({\n\t\t\t\t...normalizeDecodedASN1Object(obj, principals),\n\t\t\t\t$blob: async function(additionalPrincipals?: ConstructorParameters<typeof EncryptedContainer>[0]): Promise<Blob> {\n\t\t\t\t\tif (cachedValue) {\n\t\t\t\t\t\treturn(cachedValue);\n\t\t\t\t\t}\n\n\t\t\t\t\tconst fetchResult = await fetch(url);\n\t\t\t\t\tif (!fetchResult.ok) {\n\t\t\t\t\t\tthrow(new Error(`Failed to fetch remote data from ${url}: ${fetchResult.status} ${fetchResult.statusText}`));\n\t\t\t\t\t}\n\n\t\t\t\t\tconst dataBlob = await fetchResult.blob();\n\t\t\t\t\tlet data = await dataBlob.arrayBuffer();\n\n\t\t\t\t\t// Handle JSON base64 encoding\n\t\t\t\t\tif (dataBlob.type === 'application/json') {\n\t\t\t\t\t\ttry {\n\t\t\t\t\t\t\tconst asJSON: unknown = JSON.parse(Buffer.from(data).toString('utf-8'));\n\t\t\t\t\t\t\tif (isPlainObject(asJSON) && Object.keys(asJSON).length === 2) {\n\t\t\t\t\t\t\t\tif ('data' in asJSON && typeof asJSON.data === 'string' && 'mimeType' in asJSON && typeof asJSON.mimeType === 'string') {\n\t\t\t\t\t\t\t\t\tdata = bufferToArrayBuffer(Buffer.from(asJSON.data, 'base64'));\n\t\t\t\t\t\t\t\t}\n\t\t\t\t\t\t\t}\n\t\t\t\t\t\t} catch {\n\t\t\t\t\t\t\t/* Ignored */\n\t\t\t\t\t\t}\n\t\t\t\t\t}\n\n\t\t\t\t\t// Decrypt if needed\n\t\t\t\t\tif (encryptionAlgoOID) {\n\t\t\t\t\t\tswitch (encryptionAlgoOID) {\n\t\t\t\t\t\t\tcase '1.3.6.1.4.1.62675.2':\n\t\t\t\t\t\t\tcase 'KeetaEncryptedContainerV1': {\n\t\t\t\t\t\t\t\tconst container = EncryptedContainer.fromEncryptedBuffer(data, [\n\t\t\t\t\t\t\t\t\t...principals,\n\t\t\t\t\t\t\t\t\t...(additionalPrincipals ?? [])\n\t\t\t\t\t\t\t\t]);\n\t\t\t\t\t\t\t\tdata = await container.getPlaintext();\n\t\t\t\t\t\t\t\tbreak;\n\t\t\t\t\t\t\t}\n\t\t\t\t\t\t\tdefault:\n\t\t\t\t\t\t\t\tthrow(new Error(`Unsupported encryption algorithm OID: ${encryptionAlgoOID}`));\n\t\t\t\t\t\t}\n\t\t\t\t\t}\n\n\t\t\t\t\t// Verify hash (checkHashWithOID now accepts string OIDs directly)\n\t\t\t\t\tif (!Buffer.isBuffer(digestInfo.digest)) {\n\t\t\t\t\t\tthrow(new TypeError('Digest value is not a buffer'));\n\t\t\t\t\t}\n\n\t\t\t\t\tconst validHash = await checkHashWithOID(data, digestInfo);\n\t\t\t\t\tif (validHash !== true) {\n\t\t\t\t\t\tthrow(validHash);\n\t\t\t\t\t}\n\n\t\t\t\t\tconst blob = new Blob([data], { type: mimeType });\n\t\t\t\t\tcachedValue = blob;\n\t\t\t\t\treturn(blob);\n\t\t\t\t}\n\t\t\t});\n\t\t}\n\t}\n\n\t// Recursively process plain objects\n\treturn(normalizeDecodedASN1Object(obj, principals));\n}\n\nfunction isBlob(input: unknown): input is Blob {\n\tif (typeof input !== 'object' || input === null) {\n\t\treturn(false);\n\t}\n\n\tif (!('arrayBuffer' in input)) {\n\t\treturn(false);\n\t}\n\n\tif (typeof input.arrayBuffer !== 'function') {\n\t\treturn(false);\n\t}\n\n\treturn(true);\n}\n\nasync function walkObject(input: unknown, keyTransformer?: (key: string, input: unknown, keyParentObject: object) => Promise<unknown>): Promise<unknown> {\n\tkeyTransformer ??= async function(input: unknown): Promise<unknown> {\n\t\treturn(input);\n\t};\n\n\tif (typeof input !== 'object' || input === null) {\n\t\treturn(input);\n\t}\n\n\tif (Buffer.isBuffer(input)) {\n\t\treturn(input);\n\t}\n\n\tif (typeof input === 'function') {\n\t\treturn(input);\n\t}\n\n\tif (input instanceof Date) {\n\t\treturn(input);\n\t}\n\n\tif (Array.isArray(input)) {\n\t\tconst newArray = [];\n\t\tlet key = -1;\n\t\tfor (const item of input) {\n\t\t\tkey++;\n\t\t\tnewArray.push(await walkObject(await keyTransformer(String(key), item, input), keyTransformer));\n\t\t}\n\t\treturn(newArray);\n\t}\n\n\tconst newObj: { [key: string]: unknown } = {};\n\tfor (const [key, value] of Object.entries(input)) {\n\t\tnewObj[key] = await walkObject(await keyTransformer(key, value, input), keyTransformer);\n\t}\n\treturn(newObj);\n}\n\n// Generic type guard to align decoded values with generated attribute types\nfunction isAttributeValue<NAME extends CertificateAttributeNames>(\n\t_name: NAME,\n\t_v: unknown\n): _v is CertificateAttributeValue<NAME> {\n\t// Runtime schema validation is already performed by BufferStorageASN1; this guard\n\t// serves to inform TypeScript of the precise type tied to the attribute name.\n\treturn(true);\n}\n\n// Helper to apply type guard once and return the properly typed value\nfunction asAttributeValue<NAME extends CertificateAttributeNames>(\n\tname: NAME,\n\tv: unknown\n): CertificateAttributeValue<NAME> {\n\tif (!isAttributeValue(name, v)) {\n\t\tthrow(new Error('internal error: decoded value did not match expected type'));\n\t}\n\treturn(v);\n}\n\nfunction assertCertificateAttributeNames(name: string): asserts name is CertificateAttributeNames {\n\tif (!(name in CertificateAttributeOIDDB)) {\n\t\tthrow(new Error(`Unknown attribute name: ${name}`));\n\t}\n}\n\nfunction asCertificateAttributeNames(name: string): CertificateAttributeNames {\n\tassertCertificateAttributeNames(name);\n\treturn(name);\n}\n\nfunction unwrapSingleLayer(schema: ASN1.Schema): ASN1.Schema {\n\tif (typeof schema === 'object' && schema !== null && 'type' in schema && schema.type === 'context') {\n\t\treturn(schema.contains);\n\t}\n\n\treturn(schema);\n}\n\nfunction unwrapFieldSchema(fieldSchema: ASN1.Schema): ASN1.Schema {\n\tif (typeof fieldSchema === 'object' && fieldSchema !== null && 'optional' in fieldSchema) {\n\t\tconst unwrapped = unwrapSingleLayer(fieldSchema.optional);\n\t\treturn({ optional: unwrapped });\n\t}\n\n\treturn(unwrapSingleLayer(fieldSchema));\n}\n\n/**\n * Create a backwards-compatible version of a schema by removing context tag wrappers from struct fields.\n */\nfunction unwrapContextTagsFromSchema(schema: ASN1.Schema): ASN1.Schema {\n\t// If it's a struct, unwrap context tags from its fields\n\tif (typeof schema === 'object' && schema !== null && 'type' in schema && schema.type === 'struct') {\n\t\tconst unwrappedContains: { [key: string]: ASN1.Schema } = {};\n\t\tfor (const [fieldName, fieldSchema] of Object.entries(schema.contains)) {\n\t\t\tunwrappedContains[fieldName] = unwrapFieldSchema(fieldSchema);\n\t\t}\n\n\t\treturn({\n\t\t\ttype: 'struct',\n\t\t\tfieldNames: schema.fieldNames,\n\t\t\tcontains: unwrappedContains\n\t\t});\n\t}\n\n\treturn(schema);\n}\n\n/**\n * Fallback decoder for entityType attribute from old certificates.\n * Transforms raw ASN1 into the expected EntityType structure.\n */\nfunction decodeEntityTypeFallback(value: ArrayBuffer, principals: KeetaNetAccount[]): unknown {\n\tconst rawASN1 = ASN1.ASN1toJS(value);\n\t// Per EntityTypeSchema: value 0 = organization, value 1 = person\n\t// eslint-disable-next-line @typescript-eslint/consistent-type-assertions\n\tconst choiceTag = (Array.isArray(rawASN1) ? rawASN1[0] : rawASN1) as { type?: string; value?: number; contains?: unknown };\n\tif (choiceTag?.type === 'context' && typeof choiceTag.value === 'number') {\n\t\t/*\n\t\t * Transform schemeName CHOICE\n\t\t */\n\t\tfunction transformSchemeName(raw: unknown): unknown {\n\t\t\t// eslint-disable-next-line @typescript-eslint/consistent-type-assertions\n\t\t\tconst ctx = raw as { type?: string; value?: number; contains?: unknown };\n\t\t\tif (ctx?.type === 'context' && typeof ctx.value === 'number') {\n\t\t\t\treturn(normalizeDecodedASN1(ctx.contains, principals));\n\t\t\t}\n\n\t\t\treturn(normalizeDecodedASN1(raw, principals));\n\t\t}\n\n\t\t/*\n\t\t * Transform identification arrays into proper objects\n\t\t */\n\t\tfunction transformIdentifications(items: unknown): unknown {\n\t\t\tif (!Array.isArray(items)) {\n\t\t\t\treturn(normalizeDecodedASN1(items, principals));\n\t\t\t}\n\n\t\t\treturn(items.map(function(item) {\n\t\t\t\tif (!Array.isArray(item)) {\n\t\t\t\t\treturn(normalizeDecodedASN1(item, principals));\n\t\t\t\t}\n\t\t\t\t// Position 0 is always 'id'\n\t\t\t\t// Position 1 could be 'issuer' (string) or 'schemeName' (object/array)\n\t\t\t\t// Position 2 (if exists) is 'schemeName'\n\t\t\t\tconst result: { id?: unknown; issuer?: unknown; schemeName?: unknown } = {};\n\t\t\t\tif (item.length >= 1) {\n\t\t\t\t\tresult.id = normalizeDecodedASN1(item[0], principals);\n\t\t\t\t}\n\n\t\t\t\tif (item.length === 2) {\n\t\t\t\t\t// eslint-disable-next-line @typescript-eslint/no-unsafe-assignment\n\t\t\t\t\tconst val = item[1];\n\t\t\t\t\tif (typeof val === 'string') {\n\t\t\t\t\t\tresult.issuer = val;\n\t\t\t\t\t} else {\n\t\t\t\t\t\tresult.schemeName = transformSchemeName(val);\n\t\t\t\t\t}\n\t\t\t\t} else if (item.length >= 3) {\n\t\t\t\t\tresult.issuer = normalizeDecodedASN1(item[1], principals);\n\t\t\t\t\tresult.schemeName = transformSchemeName(item[2]);\n\t\t\t\t}\n\n\t\t\t\treturn(result);\n\t\t\t}));\n\t\t}\n\n\t\tconst transformed = transformIdentifications(choiceTag.contains);\n\t\tif (choiceTag.value === 0) {\n\t\t\treturn({ organization: transformed });\n\t\t} else if (choiceTag.value === 1) {\n\t\t\treturn({ person: transformed });\n\t\t}\n\t}\n\n\t// Fallback to raw normalized output\n\treturn(normalizeDecodedASN1(rawASN1, principals));\n}\n\nasync function decodeAttribute<NAME extends CertificateAttributeNames>(name: NAME, value: ArrayBuffer, principals: KeetaNetAccount[]): Promise<CertificateAttributeValue<NAME>> {\n\tconst schema = CertificateAttributeSchema[name];\n\n\tlet decodedASN1: ASN1.ASN1AnyJS | undefined;\n\tlet usedSchema = schema;\n\ttry {\n\t\t// Try with current schema (includes context tags for structs with optional fields)\n\t\t// @ts-expect-error\n\t\tdecodedASN1 = new ASN1.BufferStorageASN1(value, schema).getASN1();\n\t} catch (firstError) {\n\t\t// Fallback: try with backwards-compatible schema (context tags stripped)\n\t\t// This supports old certificates encoded before context tags were added\n\t\ttry {\n\t\t\t// Special handling for entityType\n\t\t\tif (name === 'entityType') {\n\t\t\t\tconst candidate = decodeEntityTypeFallback(value, principals);\n\t\t\t\treturn(asAttributeValue(name, candidate));\n\t\t\t}\n\n\t\t\tconst backwardsCompatSchema = unwrapContextTagsFromSchema(schema);\n\t\t\t// eslint-disable-next-line @typescript-eslint/no-unsafe-assignment\n\t\t\tdecodedASN1 = new ASN1.BufferStorageASN1(value, backwardsCompatSchema).getASN1();\n\t\t\tusedSchema = backwardsCompatSchema;\n\t\t} catch {\n\t\t\t// If both fail, throw the original error\n\t\t\tthrow(firstError);\n\t\t}\n\t}\n\n\tif (!decodedASN1) {\n\t\tthrow(new Error('Failed to decode ASN1 data'));\n\t}\n\n\tconst validator = new ASN1.ValidateASN1(usedSchema);\n\tconst plainObject = validator.toJavaScriptObject(decodedASN1);\n\n\t// Post-process to:\n\t// 1. Unwrap any remaining ASN.1-like objects\n\t// 2. Add domain-specific $blob function to Reference objects\n\t// @ts-expect-error\n\tconst candidate = normalizeDecodedASN1(plainObject, principals);\n\treturn(asAttributeValue(name, candidate));\n}\n\ntype BaseCertificateBuilderParams = NonNullable<ConstructorParameters<BaseCertificateBuilderClass>[0]>;\ntype CertificateBuilderParams = Required<Pick<BaseCertificateBuilderParams, 'issuer' | 'validFrom' | 'validTo' | 'serial' | 'hashLib' | 'issuerDN' | 'subjectDN' | 'isCA'> & {\n\t/**\n\t * The key of the subject -- used for Sensitive Attributes as well\n\t * as the certificate Subject\n\t */\n\tsubject: BaseCertificateBuilderParams['subjectPublicKey'];\n}>;\n\n/**\n * ASN.1 Schema for Certificate KYC Attributes Extension\n *\n * KYCAttributes DEFINITIONS ::= BEGIN\n * KYCAttributes ::= SEQUENCE OF Attribute\n * Attribute ::= SEQUENCE {\n * -- Name of the attribute\n * name OBJECT IDENTIFIER,\n * -- Value of this attribute\n * value CHOICE {\n * -- A plain value, not sensitive\n * plainValue [0] IMPLICIT OCTET STRING,\n * -- A sensitive value, encoded as a SensitiveAttribute in DER encoding\n * sensitiveValue [1] IMPLICIT OCTET STRING\n * }\n * }\n * END\n *\n * https://keeta.notion.site/Keeta-KYC-Certificate-Extensions-13e5da848e588042bdcef81fc40458b7\n *\n */\nconst CertificateKYCAttributeSchemaValidation = {\n\tsequenceOf: [ASN1.ValidateASN1.IsOID, {\n\t\tchoice: [\n\t\t\t{ type: 'context' as const, value: 0 as const, kind: 'implicit' as const, contains: ASN1.ValidateASN1.IsOctetString },\n\t\t\t{ type: 'context' as const, value: 1 as const, kind: 'implicit' as const, contains: ASN1.ValidateASN1.IsOctetString }\n\t\t]\n\t}]\n} satisfies ASN1.Schema;\n\n/** @internal */\ntype CertificateKYCAttributeSchema = ASN1.SchemaMap<typeof CertificateKYCAttributeSchemaValidation>;\n\n// Attribute input type sourced from generated definitions\ntype CertificateAttributeInput<NAME extends CertificateAttributeNames> = CertificateAttributeValue<NAME>;\n\nexport class CertificateBuilder extends BaseCertificateBuilder {\n\treadonly #attributes: {\n\t\t[name: string]:\n\t\t\t| { sensitive: boolean; value: ArrayBuffer }\n\t\t\t| { sensitive: true; attribute: SensitiveAttribute<unknown> }\n\t} = {};\n\n\treadonly #subjectPublicKeyString: string | undefined;\n\n\t/**\n\t * Map the parameters from the public interface to the internal\n\t * (Certificate library) interface\n\t */\n\tprivate static mapParams(params?: Partial<CertificateBuilderParams>): Partial<BaseCertificateBuilderParams> {\n\t\tconst paramsCopy = { ...params };\n\t\tlet subjectPublicKey;\n\t\tif (paramsCopy.subject) {\n\t\t\tsubjectPublicKey = paramsCopy.subject;\n\t\t\tdelete(paramsCopy.subject);\n\t\t}\n\t\tconst retval: Partial<BaseCertificateBuilderParams> = paramsCopy;\n\t\tif (subjectPublicKey) {\n\t\t\tretval.subjectPublicKey = subjectPublicKey;\n\t\t}\n\t\treturn(retval);\n\t}\n\n\tconstructor(params?: Partial<CertificateBuilderParams>) {\n\t\tsuper(CertificateBuilder.mapParams(params));\n\t\tif (params?.subject) {\n\t\t\tthis.#subjectPublicKeyString = params.subject.publicKeyString.get();\n\t\t}\n\t}\n\n\t/**\n\t * Set a KYC Attribute to a given value.\n\t * The sensitive flag is required.\n\t *\n\t * If an attribute is marked sensitive, the value is encoded\n\t * into the certificate using a commitment scheme so that the\n\t * value can be proven later without revealing it.\n\t */\n\tsetAttribute<NAME extends CertificateAttributeNames>(name: NAME, sensitive: boolean, value: CertificateAttributeInput<NAME>): void {\n\t\tconst schemaValidator = CertificateAttributeSchema[name];\n\t\tlet encoded: ArrayBuffer;\n\t\tif (value instanceof ArrayBuffer) {\n\t\t\tencoded = value;\n\t\t} else if (name in CertificateAttributeSchema) {\n\t\t\tencoded = bufferToArrayBuffer(encodeForSensitive(name, value));\n\t\t} else if (schemaValidator === ASN1.ValidateASN1.IsDate) {\n\t\t\tif (!(value instanceof Date)) {\n\t\t\t\tthrow(new Error('Expected Date value'));\n\t\t\t}\n\n\t\t\tencoded = encodeAttribute(name, value);\n\t\t} else if (schemaValidator === ASN1.ValidateASN1.IsString && typeof value === 'string') {\n\t\t\tencoded = encodeAttribute(name, value);\n\t\t} else {\n\t\t\tthrow(new Error('Unsupported attribute value type'));\n\t\t}\n\n\t\tthis.#attributes[name] = {\n\t\t\tsensitive: sensitive,\n\t\t\tvalue: encoded\n\t\t};\n\t}\n\n\t/**\n\t * Set a pre-built SensitiveAttribute for a given attribute name.\n\t *\n\t * The attribute must have been encrypted for this certificate's subject.\n\t *\n\t * @throws Error if the attribute was encrypted for a different subject\n\t */\n\tsetSensitiveAttribute<NAME extends CertificateAttributeNames>(\n\t\tname: NAME,\n\t\tattribute: SensitiveAttribute<CertificateAttributeValue<NAME>>\n\t): void {\n\t\tif (this.#subjectPublicKeyString && attribute.publicKey !== this.#subjectPublicKeyString) {\n\t\t\tthrow(new Error('SensitiveAttribute was encrypted for a different subject'));\n\t\t}\n\t\tthis.#attributes[name] = {\n\t\t\tsensitive: true,\n\t\t\tattribute\n\t\t};\n\t}\n\n\tprotected async addExtensions(...args: Parameters<BaseCertificateBuilder['addExtensions']>): ReturnType<BaseCertificateBuilder['addExtensions']> {\n\t\tconst retval = await super.addExtensions(...args);\n\t\t/* Encode the attributes */\n\t\tconst certAttributes: CertificateKYCAttributeSchema = [];\n\n\t\tfor (const [name, attribute] of Object.entries(this.#attributes)) {\n\t\t\tif (!(name in CertificateAttributeOIDDB)) {\n\t\t\t\tthrow(new Error(`Unknown attribute: ${name}`));\n\t\t\t}\n\n\t\t\tassertCertificateAttributeNames(name);\n\t\t\tconst nameOID = CertificateAttributeOIDDB[name];\n\n\t\t\tlet value: Buffer;\n\t\t\tif ('attribute' in attribute) {\n\t\t\t\tvalue = arrayBufferToBuffer(attribute.attribute.toDER());\n\t\t\t} else if (attribute.sensitive) {\n\t\t\t\tconst subject = args[0].subjectPublicKey;\n\t\t\t\tconst sensitiveAttr = await SensitiveAttribute.create(subject, name, attribute.value);\n\t\t\t\tvalue = arrayBufferToBuffer(sensitiveAttr.toDER());\n\t\t\t} else {\n\t\t\t\tvalue = arrayBufferToBuffer(attribute.value);\n\t\t\t}\n\n\t\t\tcertAttributes.push([{\n\t\t\t\ttype: 'oid',\n\t\t\t\toid: nameOID\n\t\t\t}, {\n\t\t\t\ttype: 'context',\n\t\t\t\tkind: 'implicit',\n\t\t\t\tvalue: attribute.sensitive ? 1 : 0,\n\t\t\t\tcontains: value\n\t\t\t}]);\n\t\t}\n\n\t\tif (certAttributes.length > 0) {\n\t\t\tretval.push(\n\t\t\t\tBaseCertificateBuilder.extension(oids.keeta.KYC_ATTRIBUTES, certAttributes)\n\t\t\t);\n\t\t}\n\n\t\treturn(retval);\n\t}\n\n\t/**\n\t * Create a Certificate object from the builder\n\t *\n\t * The parameters passed in are merged with the parameters passed in\n\t * when constructing the builder\n\t */\n\tasync build(params?: Partial<CertificateBuilderParams>): Promise<Certificate> {\n\t\tconst paramsCopy = CertificateBuilder.mapParams(params);\n\t\tconst certificate = await super.buildDER(paramsCopy);\n\t\t// eslint-disable-next-line @typescript-eslint/no-use-before-define\n\t\tconst certificateObject = new Certificate(certificate, {\n\t\t\t/**\n\t\t\t * Specify the moment as `null` to avoid validation\n\t\t\t * of the certificate's validity period. We don't\n\t\t\t * care if the certificate is expired or not for\n\t\t\t * the purposes of this builder.\n\t\t\t */\n\t\t\tmoment: null\n\t\t});\n\n\t\treturn(certificateObject);\n\t}\n}\n\nexport class Certificate extends BaseCertificate {\n\tprivate readonly subjectKey: KeetaNetAccount;\n\tstatic readonly Builder: typeof CertificateBuilder = CertificateBuilder;\n\tstatic readonly SharableAttributes: typeof SharableCertificateAttributes;\n\n\t/**\n * User KYC Attributes\n */\n\treadonly attributes: {\n\t\t[name in CertificateAttributeNames]?: {\n\t\t\tsensitive: true;\n\t\t\tvalue: SensitiveAttribute<CertificateAttributeValue<name>>;\n\t\t} | {\n\t\t\tsensitive: false;\n\t\t\tvalue: ArrayBuffer;\n\t\t}\n\t} = {};\n\n\tconstructor(input: ConstructorParameters<BaseCertificateClass>[0], options?: ConstructorParameters<BaseCertificateClass>[1] & { subjectKey?: KeetaNetAccount }) {\n\t\tsuper(input, options);\n\n\t\tthis.subjectKey = options?.subjectKey ?? this.subjectPublicKey;\n\n\t\tsuper.finalizeConstruction();\n\t}\n\n\tprotected finalizeConstruction(): void {\n\t\t/* Do nothing, we call the super method in the constructor */\n\t}\n\n\tprivate setPlainAttribute<NAME extends CertificateAttributeNames>(name: NAME, value: ArrayBuffer): void {\n\t\t// @ts-ignore\n\t\tthis.attributes[name] = { sensitive: false, value } satisfies typeof this.attributes[NAME];\n\t}\n\n\tprivate setSensitiveAttribute<NAME extends CertificateAttributeNames>(name: NAME, value: ArrayBuffer): void {\n\t\tconst decodeForSensitive = async (data: Buffer | ArrayBuffer): Promise<CertificateAttributeValue<NAME>> => {\n\t\t\tconst bufferInput = Buffer.isBuffer(data) ? bufferToArrayBuffer(data) : data;\n\t\t\treturn(await decodeAttribute(name, bufferInput, [this.subjectKey]));\n\t\t};\n\t\tthis.attributes[name] = {\n\t\t\tsensitive: true,\n\t\t\tvalue: new SensitiveAttribute(this.subjectKey, value, decodeForSensitive)\n\t\t} satisfies typeof this.attributes[NAME];\n\t}\n\n\t/**\n\t * Get the underlying value for an attribute.\n\t *\n\t * If the attribute is sensitive, this will decrypt it using the\n\t * subject's private key, otherwise it will return the value.\n\t */\n\tasync getAttributeValue<NAME extends CertificateAttributeNames>(attributeName: NAME): Promise<CertificateAttributeValue<NAME>> {\n\t\tconst attr = this.attributes[attributeName]?.value;\n\t\tif (!attr) {\n\t\t\tthrow(new Error(`Attribute ${attributeName} is not available`));\n\t\t}\n\n\t\tif (attr instanceof SensitiveAttribute) {\n\t\t\tconst raw = await attr.get();\n\t\t\treturn(await decodeAttribute(attributeName, raw, [this.subjectKey]));\n\t\t}\n\n\t\t// Non-sensitive: ArrayBuffer or Buffer\n\t\tif (attr instanceof ArrayBuffer || Buffer.isBuffer(attr)) {\n\t\t\treturn(await decodeAttribute(attributeName, attr, [this.subjectKey]));\n\t\t}\n\n\t\tthrow(new Error(`Attribute ${attributeName} is not a supported type`));\n\t}\n\n\tprotected processExtension(id: string, value: ArrayBuffer): boolean {\n\t\tif (super.processExtension(id, value)) {\n\t\t\treturn(true);\n\t\t}\n\n\t\tif (id === oids.keeta.KYC_ATTRIBUTES) {\n\t\t\tconst attributesRaw = new ASN1.BufferStorageASN1(value, CertificateKYCAttributeSchemaValidation).getASN1();\n\n\t\t\tfor (const attribute of attributesRaw) {\n\t\t\t\tconst nameString = lookupByOID(attribute[0].oid, CertificateAttributeOIDDB);\n\t\t\t\tconst name = asCertificateAttributeNames(nameString);\n\t\t\t\tconst valueKind = attribute[1].value;\n\t\t\t\tconst value = bufferToArrayBuffer(attribute[1].contains);\n\n\t\t\t\tswitch (valueKind) {\n\t\t\t\t\tcase 0:\n\t\t\t\t\t\t/* Plain Value */\n\t\t\t\t\t\tthis.setPlainAttribute(name, value);\n\t\t\t\t\t\tbreak;\n\t\t\t\t\tcase 1:\n\t\t\t\t\t\t/* Sensitive Value */\n\t\t\t\t\t\tthis.setSensitiveAttribute(name, value);\n\t\t\t\t\t\tbreak;\n\t\t\t\t\tdefault:\n\t\t\t\t\t\tassertNever(valueKind);\n\t\t\t\t}\n\t\t\t}\n\n\t\t\treturn(true);\n\t\t}\n\n\t\treturn(false);\n\t}\n}\n\n// eslint-disable-next-line @typescript-eslint/no-namespace\nexport namespace SharableCertificateAttributesTypes {\n\texport type ExportOptions = {\n\t\t/**\n\t\t * Format of the exported data\n\t\t * - 'string': PEM-encoded string\n\t\t * - 'arraybuffer': raw ArrayBuffer\n\t\t */\n\t\tformat?: 'string' | 'arraybuffer';\n\t};\n\texport type ImportOptions = {\n\t\t/**\n\t\t * Principals that will be used to try to access the\n\t\t * encrypted contents of the sharable certificate\n\t\t */\n\t\tprincipals?: Set<KeetaNetAccount> | KeetaNetAccount[] | KeetaNetAccount | null;\n\t};\n\texport type ContentsSchema = {\n\t\tcertificate: string;\n\t\tintermediates?: string[] | undefined;\n\t\tattributes: {\n\t\t\t[name: string]: {\n\t\t\t\tsensitive: true;\n\t\t\t\tvalue: Awaited<ReturnType<SensitiveAttribute['getProof']>>;\n\t\t\t\treferences?: { [id: string]: string };\n\t\t\t} | {\n\t\t\t\tsensitive: false;\n\t\t\t\tvalue: string;\n\t\t\t\treferences?: { [id: string]: string };\n\t\t\t}\n\t\t};\n\t};\n};\ntype SharableCertificateAttributesExportOptions = SharableCertificateAttributesTypes.ExportOptions;\ntype SharableCertificateAttributesImportOptions = SharableCertificateAttributesTypes.ImportOptions;\ntype SharableCertificateAttributesContentsSchema = SharableCertificateAttributesTypes.ContentsSchema;\n\nexport class SharableCertificateAttributes {\n\t#certificate?: Certificate;\n\t#intermediates?: Set<BaseCertificate>;\n\t#attributes: {\n\t\t[name: string]: {\n\t\t\tsensitive: boolean;\n\t\t\tvalue: ArrayBuffer;\n\t\t\treferences?: { [id: string]: string } | undefined;\n\t\t}\n\t} = {};\n\n\tprivate container: EncryptedContainer;\n\tprivate populatedFromInit = false;\n\n\tstatic assertCertificateAttributeName: typeof assertCertificateAttributeNames = assertCertificateAttributeNames;\n\n\tconstructor(input: ArrayBuffer | Buffer | string, options?: SharableCertificateAttributesImportOptions) {\n\t\tlet containerBuffer: Buffer;\n\t\tif (typeof input === 'string') {\n\t\t\t/*\n\t\t\t * Attempt to decode as PEM, but also if not PEM, then return\n\t\t\t * the lines as-is (base64) after removing whitespace\n\t\t\t */\n\t\t\tconst inputLines = input.split(/\\r?\\n/);\n\t\t\tlet base64Lines: string[] | undefined;\n\t\t\tfor (let beginOffset = 0; beginOffset < inputLines.length; beginOffset++) {\n\t\t\t\tconst line = inputLines[beginOffset]?.trim();\n\t\t\t\tif (line?.startsWith('-----BEGIN ')) {\n\t\t\t\t\tlet endIndex = -1;\n\t\t\t\t\tconst matchingEndLine = line.replace('BEGIN', 'END');\n\t\t\t\t\tfor (let endOffset = beginOffset + 1; endOffset < inputLines.length; endOffset++) {\n\t\t\t\t\t\tconst checkEndLine = inputLines[endOffset]?.trim();\n\t\t\t\t\t\tif (checkEndLine === matchingEndLine) {\n\t\t\t\t\t\t\tendIndex = endOffset;\n\t\t\t\t\t\t\tbreak;\n\t\t\t\t\t\t}\n\t\t\t\t\t}\n\t\t\t\t\tif (endIndex === -1) {\n\t\t\t\t\t\tthrow(new Error('Invalid PEM format: missing END line'));\n\t\t\t\t\t}\n\n\t\t\t\t\tbase64Lines = inputLines.slice(beginOffset + 1, endIndex);\n\t\t\t\t\tbreak;\n\t\t\t\t}\n\t\t\t}\n\t\t\tif (base64Lines === undefined) {\n\t\t\t\tbase64Lines = inputLines;\n\t\t\t}\n\n\t\t\tbase64Lines = base64Lines.map(function(line) {\n\t\t\t\treturn(line.trim());\n\t\t\t}).filter(function(line) {\n\t\t\t\treturn(line.length > 0);\n\t\t\t});\n\n\t\t\tconst base64Content = base64Lines.join('');\n\t\t\tcontainerBuffer = Buffer.from(base64Content, 'base64');\n\t\t} else if (Buffer.isBuffer(input)) {\n\t\t\tcontainerBuffer = input;\n\t\t} else {\n\t\t\tcontainerBuffer = arrayBufferToBuffer(input);\n\t\t}\n\n\t\tlet principals = options?.principals;\n\t\tif (KeetaNetAccount.isInstance(principals)) {\n\t\t\tprincipals = [principals];\n\t\t} else if (principals instanceof Set) {\n\t\t\tprincipals = Array.from(principals);\n\t\t} else if (principals === undefined) {\n\t\t\tprincipals = null;\n\t\t}\n\n\t\tthis.container = EncryptedContainer.fromEncodedBuffer(containerBuffer, principals);\n\t}\n\n\t/**\n\t * Create a SharableCertificateAttributes from a Certificate\n\t * and a list of attribute names to include -- if no list is\n\t * provided, all attributes are included.\n\t */\n\tstatic async fromCertificate(certificate: Certificate, intermediates?: Set<BaseCertificate>, attributeNames?: CertificateAttributeNames[]): Promise<SharableCertificateAttributes>;\n\t/** @deprecated Use the overload with three parameters instead */\n\tstatic async fromCertificate(certificate: Certificate, attributeNames?: CertificateAttributeNames[]): Promise<SharableCertificateAttributes>;\n\tstatic async fromCertificate(certificate: Certificate, intermediatesOrAttributeNames?: Set<BaseCertificate> | CertificateAttributeNames[], definitelyAttributeNames?: CertificateAttributeNames[]): Promise<SharableCertificateAttributes> {\n\t\tlet intermediates: Set<BaseCertificate> | undefined = undefined;\n\t\tlet attributeNames: CertificateAttributeNames[] | undefined = undefined;\n\n\t\tif (definitelyAttributeNames === undefined) {\n\t\t\tif (intermediatesOrAttributeNames !== undefined) {\n\t\t\t\tif (Array.isArray(intermediatesOrAttributeNames)) {\n\t\t\t\t\tattributeNames = intermediatesOrAttributeNames;\n\t\t\t\t} else {\n\t\t\t\t\tintermediates = intermediatesOrAttributeNames;\n\t\t\t\t}\n\t\t\t}\n\t\t} else {\n\t\t\tif (intermediatesOrAttributeNames !== undefined) {\n\t\t\t\tif (Array.isArray(intermediatesOrAttributeNames)) {\n\t\t\t\t\tthrow(new TypeError('Expected Set<BaseCertificate> for intermediates'));\n\t\t\t\t}\n\t\t\t\tintermediates = intermediatesOrAttributeNames;\n\t\t\t}\n\t\t\tattributeNames = definitelyAttributeNames;\n\t\t}\n\n\t\tif (attributeNames === undefined) {\n\t\t\t/*\n\t\t\t * We know the keys are whatever the Certificate says they are, so\n\t\t\t * we can cast here safely\n\t\t\t */\n\t\t\t// eslint-disable-next-line @typescript-eslint/consistent-type-assertions\n\t\t\tattributeNames = Object.keys(certificate.attributes) as (keyof typeof certificate.attributes)[];\n\t\t}\n\n\t\tconst attributes: SharableCertificateAttributesContentsSchema['attributes'] = {};\n\t\tfor (const name of attributeNames) {\n\t\t\tconst attr = certificate.attributes[name];\n\t\t\t/**\n\t\t\t * Skip missing attributes\n\t\t\t */\n\t\t\tif (!attr) {\n\t\t\t\tcontinue;\n\t\t\t}\n\n\t\t\tconst references: { [id: string]: string } = {};\n\t\t\tconst walkResultAndReplaceReferences = async function(obj: unknown): Promise<unknown> {\n\t\t\t\treturn(await walkObject(obj, async function(key, value, parent) {\n\t\t\t\t\tif (key === '$blob') {\n\t\t\t\t\t\ttry {\n\t\t\t\t\t\t\tif (typeof parent !== 'object' || parent === null) {\n\t\t\t\t\t\t\t\tthrow(new Error('$blob->parent is not an object'));\n\t\t\t\t\t\t\t}\n\t\t\t\t\t\t\tif (!('digest' in parent) || typeof parent.digest !== 'object' || parent.digest === null) {\n\t\t\t\t\t\t\t\tthrow(new Error('$blob->parent->digest is not an object'));\n\t\t\t\t\t\t\t}\n\t\t\t\t\t\t\tif (!('digest' in parent.digest)) {\n\t\t\t\t\t\t\t\tthrow(new Error('$blob->parent->digest->digest is missing'));\n\t\t\t\t\t\t\t}\n\n\t\t\t\t\t\t\tconst digest = parent.digest.digest;\n\t\t\t\t\t\t\tif (!Buffer.isBuffer(digest)) {\n\t\t\t\t\t\t\t\tthrow(new TypeError('$blob digest is not a Buffer'));\n\t\t\t\t\t\t\t}\n\t\t\t\t\t\t\tif (typeof value !== 'function') {\n\t\t\t\t\t\t\t\tthrow(new TypeError('$blob value is not a function'));\n\t\t\t\t\t\t\t}\n\n\t\t\t\t\t\t\t/*\n\t\t\t\t\t\t\t * We already validated that this is a function, so try to call\n\t\t\t\t\t\t\t * it -- if it fails the catch block will handle it (by\n\t\t\t\t\t\t\t * replacing this key with undefined)\n\t\t\t\t\t\t\t */\n\t\t\t\t\t\t\t// eslint-disable-next-line @typescript-eslint/no-unsafe-call,@typescript-eslint/no-unsafe-assignment\n\t\t\t\t\t\t\tconst reference = await value([certificate.subjectPublicKey]);\n\t\t\t\t\t\t\t/* Verify that the reference is a Blob */\n\t\t\t\t\t\t\tif (!isBlob(reference)) {\n\t\t\t\t\t\t\t\tthrow(new Error('$blob reference did not return a Blob'));\n\t\t\t\t\t\t\t}\n\n\t\t\t\t\t\t\tconst referenceData = Buffer.from(await reference.arrayBuffer());\n\t\t\t\t\t\t\tconst referenceID = digest.toString('hex').toUpperCase();\n\t\t\t\t\t\t\treferences[referenceID] = referenceData.toString('base64');\n\n\t\t\t\t\t\t\treturn(async function() {\n\t\t\t\t\t\t\t\treturn(reference);\n\t\t\t\t\t\t\t});\n\t\t\t\t\t\t} catch {\n\t\t\t\t\t\t\t/* Ignore errors */\n\t\t\t\t\t\t\treturn(undefined);\n\t\t\t\t\t\t}\n\t\t\t\t\t} else {\n\t\t\t\t\t\treturn(value);\n\t\t\t\t\t}\n\t\t\t\t}));\n\t\t\t}\n\n\t\t\t/*\n\t\t\t * Decode the attribute value to extract $blob references.\n\t\t\t * Skip for entityType which has schema compatibility issues\n\t\t\t * with old certificates and has no external references anyway.\n\t\t\t */\n\t\t\tif (name !== 'entityType') {\n\t\t\t\tconst attrValue = await certificate.getAttributeValue(name);\n\t\t\t\tawait walkResultAndReplaceReferences(attrValue);\n\t\t\t}\n\n\t\t\tif (attr.sensitive) {\n\t\t\t\tattributes[name] = {\n\t\t\t\t\tsensitive: true,\n\t\t\t\t\tvalue: await attr.value.getProof(),\n\t\t\t\t\treferences: references\n\t\t\t\t};\n\t\t\t} else {\n\t\t\t\tattributes[name] = {\n\t\t\t\t\tsensitive: false,\n\t\t\t\t\tvalue: arrayBufferToBuffer(attr.value).toString('base64'),\n\t\t\t\t\treferences: references\n\t\t\t\t};\n\t\t\t}\n\t\t}\n\n\n\t\tlet intermediatesJSON;\n\t\tintermediates ??= new Set();\n\t\tif (intermediates.size === 0) {\n\t\t\tintermediatesJSON = undefined;\n\t\t} else {\n\t\t\tintermediatesJSON = Array.from(intermediates).map(function(intermediateCertificate) {\n\t\t\t\treturn(intermediateCertificate.toPEM());\n\t\t\t});\n\t\t}\n\n\t\tconst contentsString = JSON.stringify({\n\t\t\tcertificate: certificate.toPEM(),\n\t\t\tintermediates: intermediatesJSON,\n\t\t\tattributes: attributes\n\t\t} satisfies SharableCertificateAttributesContentsSchema);\n\n\t\tconst temporaryUser = KeetaNetAccount.fromSeed(KeetaNetAccount.generateRandomSeed(), 0);\n\t\tconst contentsBuffer = Buffer.from(contentsString, 'utf-8');\n\t\tconst container = EncryptedContainer.fromPlaintext(bufferToArrayBuffer(contentsBuffer), [temporaryUser], true);\n\t\tconst containerBuffer = await container.getEncodedBuffer();\n\n\t\tconst retval = new SharableCertificateAttributes(containerBuffer, {\n\t\t\tprincipals: temporaryUser\n\t\t});\n\t\tawait retval.revokeAccess(temporaryUser);\n\t\treturn(retval);\n\t}\n\n\tasync grantAccess(principal: KeetaNetAccount): Promise<this> {\n\t\tawait this.container.grantAccess(principal);\n\t\treturn(this);\n\t}\n\n\tasync revokeAccess(principal: KeetaNetAccount): Promise<this> {\n\t\tawait this.container.revokeAccess(principal);\n\t\treturn(this);\n\t}\n\n\tget principals(): KeetaNetAccount[] {\n\t\treturn(this.container.principals);\n\t}\n\n\tasync #populate(): Promise<void> {\n\t\tif (this.populatedFromInit) {\n\t\t\treturn;\n\t\t}\n\t\tthis.populatedFromInit = true;\n\n\t\tconst contentsBuffer = await this.container.getPlaintext();\n\n\t\t/*\n\t\t * Previously the content was Zlib compressed, but this was\n\t\t * redundant because the Encrypted Container already Zlib\n\t\t * compresses the contents, so handle both cases (compressed\n\t\t * and JSON) here\n\t\t */\n\t\tlet contentsBufferDecompressed: ArrayBuffer = contentsBuffer;\n\t\tconst contentsBufferUint8 = new Uint8Array(contentsBuffer);\n\t\tconst isCompressed = contentsBufferUint8[0] === 0x78;\n\t\tif (isCompressed) {\n\t\t\tcontentsBufferDecompressed = await KeetaNetClient.lib.Utils.Buffer.ZlibInflateAsync(contentsBuffer);\n\t\t}\n\t\tconst contentsString = Buffer.from(contentsBufferDecompressed).toString('utf-8');\n\t\tconst contentsJSON: unknown = JSON.parse(contentsString);\n\t\tconst contents = assertSharableCertificateAttributesContentsSchema(contentsJSON);\n\n\t\tthis.#intermediates = new Set<BaseCertificate>();\n\t\tfor (const intermediatePEM of contents.intermediates ?? []) {\n\t\t\tconst intermediateCert = new BaseCertificate(intermediatePEM);\n\t\t\tthis.#intermediates.add(intermediateCert);\n\t\t}\n\n\t\tthis.#certificate = new Certificate(contents.certificate);\n\t\tconst attributePromises = Object.entries(contents.attributes).map(async ([name, attr]): Promise<[string, { sensitive: boolean; value: ArrayBuffer; references?: { [id: string]: string; } | undefined; }]> => {\n\t\t\t/*\n\t\t\t * Get the corresponding attribute from the certificate\n\t\t\t *\n\t\t\t * We actually do not care if `name` is a known attribute\n\t\t\t * because we are not decoding it here, we are just\n\t\t\t * verifying it matches the certificate\n\t\t\t */\n\t\t\t// eslint-disable-next-line @typescript-eslint/consistent-type-assertions\n\t\t\tconst certAttribute = this.#certificate?.attributes[name as CertificateAttributeNames];\n\n\t\t\tif (!certAttribute) {\n\t\t\t\tthrow(new Error(`Attribute ${name} not found in certificate`));\n\t\t\t}\n\n\t\t\tif (certAttribute.sensitive !== attr.sensitive) {\n\t\t\t\tthrow(new Error(`Attribute ${name} sensitivity mismatch with certificate`));\n\t\t\t}\n\n\t\t\tif (!attr.sensitive) {\n\t\t\t\tif (certAttribute.sensitive) {\n\t\t\t\t\tthrow(new Error(`Attribute ${name} sensitivity mismatch with certificate`));\n\t\t\t\t}\n\n\t\t\t\tconst certValue = certAttribute.value;\n\t\t\t\tconst sharedValue = bufferToArrayBuffer(Buffer.from(attr.value, 'base64'));\n\t\t\t\tif (sharedValue.byteLength !== certValue.byteLength || !Buffer.from(sharedValue).equals(Buffer.from(certValue))) {\n\t\t\t\t\tthrow(new Error(`Attribute ${name} value mismatch with certificate`));\n\t\t\t\t}\n\n\t\t\t\treturn([name, {\n\t\t\t\t\tsensitive: false,\n\t\t\t\t\tvalue: sharedValue,\n\t\t\t\t\treferences: attr.references\n\t\t\t\t}]);\n\t\t\t}\n\n\t\t\tif (!certAttribute.sensitive) {\n\t\t\t\tthrow(new Error(`Attribute ${name} sensitivity mismatch with certificate`));\n\t\t\t}\n\n\t\t\tif (!(await certAttribute.value.validateProof(attr.value))) {\n\t\t\t\tthrow(new Error(`Attribute ${name} proof validation failed`));\n\t\t\t}\n\n\t\t\tconst attrValue = bufferToArrayBuffer(Buffer.from(attr.value.value, 'base64'));\n\n\t\t\treturn([name, {\n\t\t\t\tsensitive: true,\n\t\t\t\tvalue: attrValue,\n\t\t\t\treferences: attr.references\n\t\t\t}]);\n\t\t});\n\t\tconst resolvedAttributes = await Promise.all(attributePromises);\n\t\tthis.#attributes = Object.fromEntries(resolvedAttributes);\n\t}\n\n\tasync getCertificate(): Promise<Certificate> {\n\t\tawait this.#populate();\n\t\tif (!this.#certificate) {\n\t\t\tthrow(new Error('internal error: certificate not populated'));\n\t\t}\n\t\treturn(this.#certificate);\n\t}\n\n\t/**\n\t * Get the intermediate certificates included in this sharable\n\t * certificate container\n\t *\n\t * @return A set of BaseCertificate objects representing the\n\t * intermediate certificates attached to this container\n\t */\n\tasync getIntermediates(): Promise<Set<BaseCertificate>> {\n\t\tawait this.#populate();\n\t\tif (this.#intermediates && this.#intermediates.size > 0) {\n\t\t\treturn(new Set(this.#intermediates));\n\t\t}\n\t\treturn(new Set());\n\t}\n\n\tasync getAttributeBuffer(name: string): Promise<ArrayBuffer | undefined> {\n\t\tawait this.#populate();\n\t\tconst attr = this.#attributes[name];\n\t\treturn(attr?.value);\n\t}\n\n\tasync getAttribute<NAME extends CertificateAttributeNames>(name: NAME): Promise<CertificateAttributeValue<NAME> | undefined> {\n\t\tconst buffer = await this.getAttributeBuffer(name);\n\t\tif (buffer === undefined) {\n\t\t\treturn(undefined);\n\t\t}\n\n\t\tconst retvalWithReferences = await decodeAttribute(name, buffer, this.principals);\n\n\t\t/*\n\t\t * For all remote references, replace them with their referenced values\n\t\t * which we encoded into \"references\"\n\t\t */\n\t\tconst retval = await walkObject(retvalWithReferences, async (key, value, parent) => {\n\t\t\tif (key === '$blob') {\n\t\t\t\tif (typeof parent !== 'object' || parent === null) {\n\t\t\t\t\tthrow(new Error('$blob->parent is not an object'));\n\t\t\t\t}\n\t\t\t\tif (!('digest' in parent) || typeof parent.digest !== 'object' || parent.digest === null) {\n\t\t\t\t\tthrow(new Error('$blob->parent->digest is not an object'));\n\t\t\t\t}\n\t\t\t\tconst digestInfo = parent.digest;\n\t\t\t\tif (!('digest' in digestInfo)) {\n\t\t\t\t\tthrow(new Error('$blob->parent->digest->digest is missing'));\n\t\t\t\t}\n\t\t\t\tif (!Buffer.isBuffer(digestInfo.digest)) {\n\t\t\t\t\tthrow(new TypeError('$blob digest is not a Buffer'));\n\t\t\t\t}\n\n\t\t\t\tif (!('external' in parent) || typeof parent.external !== 'object' || parent.external === null) {\n\t\t\t\t\tthrow(new Error('$blob->parent->external is not an object'));\n\t\t\t\t}\n\t\t\t\tif (!('contentType' in parent.external) || typeof parent.external.contentType !== 'string') {\n\t\t\t\t\tthrow(new Error('$blob->parent->external->contentType is not a string'));\n\t\t\t\t}\n\n\t\t\t\tconst referenceID = digestInfo.digest.toString('hex').toUpperCase();\n\t\t\t\tconst referenceValue = this.#attributes[name]?.references?.[referenceID];\n\t\t\t\tconst contentType = parent.external.contentType;\n\t\t\t\treturn(async function() {\n\t\t\t\t\tif (!referenceValue) {\n\t\t\t\t\t\tthrow(new Error(`Missing reference value for ID ${referenceID}`));\n\t\t\t\t\t}\n\t\t\t\t\tconst referenceData = Buffer.from(referenceValue, 'base64');\n\t\t\t\t\tconst referenceDataAB = bufferToArrayBuffer(referenceData);\n\n\t\t\t\t\t/* Verify the hash matches what was certified */\n\t\t\t\t\tconst checkHash = await checkHashWithOID(referenceData, parent.digest);\n\t\t\t\t\tif (checkHash !== true) {\n\t\t\t\t\t\tthrow(checkHash);\n\t\t\t\t\t}\n\n\t\t\t\t\treturn(new Blob([referenceDataAB], { type: contentType }));\n\t\t\t\t});\n\t\t\t}\n\n\t\t\treturn(value);\n\t\t});\n\n\t\t/*\n\t\t * We didn't change the type, so we can safely cast here\n\t\t */\n\t\t// eslint-disable-next-line @typescript-eslint/consistent-type-assertions\n\t\treturn(retval as CertificateAttributeValue<NAME>);\n\t}\n\n\tasync getAttributeNames(includeUnknown: true): Promise<string[]>;\n\tasync getAttributeNames(includeUnknown?: false): Promise<CertificateAttributeNames[]>;\n\tasync getAttributeNames(includeUnknown?: boolean): Promise<string[]> {\n\t\tawait this.#populate();\n\t\tconst names = Object.keys(this.#attributes);\n\n\t\tif (includeUnknown) {\n\t\t\treturn(names);\n\t\t}\n\n\t\tconst knownNames = names.filter(function(name): name is CertificateAttributeNames {\n\t\t\treturn(name in CertificateAttributeOIDDB);\n\t\t});\n\n\t\treturn(knownNames);\n\t}\n\n\texport(options?: Omit<SharableCertificateAttributesExportOptions, 'format'> & { format?: never; }): Promise<ArrayBuffer>;\n\texport(options: (Omit<SharableCertificateAttributesExportOptions, 'format'> & { format: 'arraybuffer' })): Promise<ArrayBuffer>;\n\texport(options: Omit<SharableCertificateAttributesExportOptions, 'format'> & { format: 'string' }): Promise<string>;\n\texport(options?: SharableCertificateAttributesExportOptions): Promise<ArrayBuffer | string>;\n\tasync export(options?: SharableCertificateAttributesExportOptions): Promise<ArrayBuffer | string> {\n\t\toptions = {\n\t\t\tformat: 'arraybuffer',\n\t\t\t...options\n\t\t};\n\n\t\tlet principals: KeetaNetAccount[];\n\t\ttry {\n\t\t\tprincipals = this.container.principals;\n\t\t} catch {\n\t\t\tprincipals = [];\n\t\t}\n\t\tif (principals.length === 0) {\n\t\t\tthrow(new Error('This container has no authorized users (principals); cannot export'));\n\t\t}\n\n\t\tconst retvalBuffer = await this.container.getEncodedBuffer();\n\t\tif (options.format === 'string') {\n\t\t\tconst retvalBase64 = Buffer.from(retvalBuffer).toString('base64');\n\t\t\tconst retvalLines = ['-----BEGIN KYC CERTIFICATE PROOF-----'];\n\t\t\tretvalLines.push(...retvalBase64.match(/.{1,64}/g) ?? []);\n\t\t\tretvalLines.push('-----END KYC CERTIFICATE PROOF-----');\n\t\t\treturn(retvalLines.join('\\n'));\n\t\t} else if (options.format === 'arraybuffer') {\n\t\t\treturn(retvalBuffer);\n\t\t} else {\n\t\t\tthrow(new Error(`Unsupported export format: ${String(options.format)}`));\n\t\t}\n\t}\n}\n\n// @ts-ignore\nCertificate.SharableAttributes = SharableCertificateAttributes;\n\n/** @internal */\nexport const _Testing = {\n\tSensitiveAttribute,\n\tValidateASN1: ASN1.ValidateASN1,\n\tBufferStorageASN1: ASN1.BufferStorageASN1,\n\tJStoASN1: ASN1.JStoASN1,\n\tnormalizeDecodedASN1,\n\tdecodeAttribute,\n\tdecodeEntityTypeFallback,\n\tunwrapSingleLayer,\n\tunwrapFieldSchema,\n\tunwrapContextTagsFromSchema,\n\tCertificateAttributeSchema\n};\n"]}
|
package/lib/utils/pii.js
CHANGED
package/lib/utils/pii.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"pii.js","sourceRoot":"","sources":["../../../src/lib/utils/pii.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,yBAAyB,EAAqE,MAAM,0CAA0C,CAAC;AAExJ,OAAO,EAAE,kBAAkB,EAAE,MAAM,oBAAoB,CAAC;AACxD,OAAO,EAAE,gBAAgB,EAAE,MAAM,aAAa,CAAC;AAU/C;;GAEG;AACH,MAAM,QAAQ,GAAG,iBAAiB,CAAC;AAOnC;;GAEG;AACH,MAAM,OAAO,QAAS,SAAQ,gBAAgB;IAC7C,MAAM,CAAmB,IAAI,GAAW,UAAU,CAAC;IAClC,oBAAoB,CAAU;IACvC,MAAM,CAAU,oBAAoB,GAAG,sCAAsC,CAAC;IAE7E,IAAI,CAAe;IACnB,aAAa,CAAS;IAE/B,YAAY,IAAkB,EAAE,aAAqB,EAAE,OAAe;QACrE,KAAK,CAAC,OAAO,CAAC,CAAC;QAEf,MAAM,CAAC,cAAc,CAAC,IAAI,EAAE,sBAAsB,EAAE;YACnD,KAAK,EAAE,QAAQ,CAAC,oBAAoB;YACpC,UAAU,EAAE,KAAK;SACjB,CAAC,CAAC;QAEH,IAAI,CAAC,IAAI,GAAG,IAAI,CAAC;QACjB,IAAI,CAAC,aAAa,GAAG,aAAa,CAAC;IACpC,CAAC;IAED,MAAM,CAAC,UAAU,CAAC,KAAc,EAAE,IAAmB;QACpD,IAAI,CAAC,IAAI,CAAC,gBAAgB,CAAC,KAAK,EAAE,sBAAsB,EAAE,QAAQ,CAAC,oBAAoB,CAAC,EAAE,CAAC;YAC1F,OAAM,CAAC,KAAK,CAAC,CAAC;QACf,CAAC;QACD,IAAI,IAAI,IAAI,CAAC,IAAI,CAAC,gBAAgB,CAAC,KAAK,EAAE,MAAM,EAAE,IAAI,CAAC,EAAE,CAAC;YACzD,OAAM,CAAC,KAAK,CAAC,CAAC;QACf,CAAC;QAED,OAAM,CAAC,IAAI,CAAC,CAAC;IACd,CAAC;;AAQF;;;;;;;;;;;;;;;GAeG;AACH,MAAM,OAAO,QAAQ;IACX,WAAW,GAAG,IAAI,GAAG,EAA2B,CAAC;IAE1D;QACC,uEAAuE;QACvE,MAAM,CAAC,cAAc,CAAC,IAAI,EAAE,MAAM,CAAC,GAAG,CAAC,4BAA4B,CAAC,EAAE;YACrE,KAAK,EAAE,GAAG,EAAE,CAAC,QAAQ;YACrB,UAAU,EAAE,KAAK;YACjB,QAAQ,EAAE,KAAK;YACf,YAAY,EAAE,KAAK;SACnB,CAAC,CAAC;IACJ,CAAC;IAED;;;;;;OAMG;IACH,MAAM,CAAC,eAAe,CAAC,WAAwB;QAC9C,MAAM,KAAK,GAAG,IAAI,QAAQ,EAAE,CAAC;QAE7B,yEAAyE;QACzE,MAAM,cAAc,GAAG,MAAM,CAAC,IAAI,CAAC,WAAW,CAAC,UAAU,CAAwB,CAAC;QAClF,KAAK,MAAM,IAAI,IAAI,cAAc,EAAE,CAAC;YACnC,MAAM,IAAI,GAAG,WAAW,CAAC,UAAU,CAAC,IAAI,CAAC,CAAC;YAC1C,IAAI,IAAI,EAAE,CAAC;gBACV,KAAK,CAAC,WAAW,CAAC,GAAG,CAAC,IAAI,EAAE;oBAC3B,KAAK,EAAE,IAAI,CAAC,KAAK;oBACjB,SAAS,EAAE,IAAI,CAAC,SAAS;iBACzB,CAAC,CAAC;YACJ,CAAC;QACF,CAAC;QAED,OAAM,CAAC,KAAK,CAAC,CAAC;IACf,CAAC;IAWD,YAAY,CAAC,IAAY,EAAE,KAAc,EAAE,SAAS,GAAG,IAAI;QAC1D,IAAI,CAAC,WAAW,CAAC,GAAG,CAAC,IAAI,EAAE,EAAE,KAAK,EAAE,SAAS,EAAE,CAAC,CAAC;IAClD,CAAC;IAED;;OAEG;IACH,YAAY,CAAC,IAAY;QACxB,OAAM,CAAC,IAAI,CAAC,WAAW,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC,CAAC;IACpC,CAAC;IAED;;OAEG;IACH,iBAAiB;QAChB,OAAM,CAAC,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,WAAW,CAAC,IAAI,EAAE,CAAC,CAAC,CAAC;IAC7C,CAAC;IAED;;;;;;;;;;OAUG;IACH,GAAG,CAAI,EAGA;QACN,MAAM,UAAU,GAAG,IAAI,CAAC,WAAW,CAAC;QACpC,MAAM,GAAG,GAAG,CAAI,IAAY,EAAK,EAAE;YAClC,IAAI,CAAC,IAAI,CAAC,YAAY,CAAC,IAAI,CAAC,EAAE,CAAC;gBAC9B,MAAK,CAAC,IAAI,QAAQ,CAAC,yBAAyB,EAAE,IAAI,EAAE,cAAc,IAAI,yBAAyB,CAAC,CAAC,CAAC;YACnG,CAAC;YAED,yEAAyE;YACzE,OAAO,UAAU,CAAC,GAAG,CAAC,IAAI,CAAC,EAAE,KAAW,CAAC;QAC1C,CAAC,CAAC;QAEF,OAAM,CAAC,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC;IACjB,CAAC;IAED;;;;;;;;;;;;OAYG;IACH,KAAK,CAAC,oBAAoB,CACzB,IAAO,EACP,UAA2B;QAE3B,IAAI,CAAC,IAAI,CAAC,YAAY,CAAC,IAAI,CAAC,EAAE,CAAC;YAC9B,MAAK,CAAC,IAAI,QAAQ,CAAC,yBAAyB,EAAE,IAAI,EAAE,cAAc,IAAI,yBAAyB,CAAC,CAAC,CAAC;QACnG,CAAC;QACD,IAAI,CAAC,IAAI,CAAC,iBAAiB,CAAC,IAAI,CAAC,EAAE,CAAC;YACnC,MAAK,CAAC,IAAI,QAAQ,CAAC,wBAAwB,EAAE,IAAI,EAAE,sCAAsC,IAAI,yBAAyB,CAAC,CAAC,CAAC;QAC1H,CAAC;QAED,MAAM,MAAM,GAAG,IAAI,CAAC,WAAW,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC;QAC1C,MAAM,WAAW,GAAG,MAAM,EAAE,KAAK,CAAC;QAClC,IAAI,kBAAkB,CAAC,UAAU,CAAC,WAAW,CAAC,EAAE,CAAC;YAChD,sDAAsD;YACtD,yEAAyE;YACzE,OAAO,WAAgE,CAAC;QACzE,CAAC;QAED,sEAAsE;QACtE,MAAM,MAAM,GAAG,MAAM,kBAAkB,CAAC,MAAM,CAAC,UAAU,EAAE,IAAI,EAAE,WAAW,CAAC,CAAC;QAC9E,OAAM,CAAC,MAAM,CAAC,CAAC;IAChB,CAAC;IAED;;;;;;;;OAQG;IACH,KAAK,CAAC,oBAAoB,CAAC,OAA2B,EAAE,UAA2B;QAClF,KAAK,MAAM,CAAC,IAAI,EAAE,IAAI,CAAC,IAAI,IAAI,CAAC,WAAW,CAAC,OAAO,EAAE,EAAE,CAAC;YACvD,IAAI,IAAI,CAAC,iBAAiB,CAAC,IAAI,CAAC,IAAI,IAAI,CAAC,KAAK,KAAK,SAAS,IAAI,IAAI,CAAC,KAAK,KAAK,IAAI,EAAE,CAAC;gBACrF,IAAI,IAAI,CAAC,SAAS,EAAE,CAAC;oBACpB,MAAM,aAAa,GAAG,MAAM,IAAI,CAAC,oBAAoB,CAAC,IAAI,EAAE,UAAU,CAAC,CAAC;oBACxE,OAAO,CAAC,qBAAqB,CAAC,IAAI,EAAE,aAAa,CAAC,CAAC;gBACpD,CAAC;qBAAM,CAAC;oBACP,OAAO,CAAC,YAAY,CAAC,IAAI,EAAE,IAAI,CAAC,KAAK,CAAC,CAAC;gBACxC,CAAC;YACF,CAAC;QACF,CAAC;QAED,OAAM,CAAC,OAAO,CAAC,CAAC;IACjB,CAAC;IAED;;OAEG;IACH,QAAQ;QACP,OAAM,CAAC,QAAQ,CAAC,CAAC;IAClB,CAAC;IAED;;;;OAIG;IACH,MAAM;QACL,MAAM,UAAU,GAA8B,EAAE,CAAC;QACjD,KAAK,MAAM,IAAI,IAAI,IAAI,CAAC,WAAW,CAAC,IAAI,EAAE,EAAE,CAAC;YAC5C,UAAU,CAAC,IAAI,CAAC,GAAG,YAAY,CAAC;QACjC,CAAC;QAED,OAAM,CAAC,EAAE,IAAI,EAAE,UAAU,EAAE,UAAU,EAAE,CAAC,CAAC;IAC1C,CAAC;IAED,iBAAiB,CAAC,IAAY;QAC7B,OAAM,CAAC,IAAI,IAAI,yBAAyB,CAAC,CAAC;IAC3C,CAAC;CACD","sourcesContent":["import type * as KeetaNetClient from '@keetanetwork/keetanet-client';\nimport { CertificateAttributeOIDDB, type CertificateAttributeValueMap, type CertificateAttributeValue } from '../../services/kyc/iso20022.generated.js';\nimport type { CertificateBuilder, Certificate } from '../certificates.js';\nimport { SensitiveAttribute } from '../certificates.js';\nimport { KeetaAnchorError } from '../error.js';\n\ntype AccountKeyAlgorithm = InstanceType<typeof KeetaNetClient.lib.Account>['keyType'];\ntype KeetaNetAccount = ReturnType<typeof KeetaNetClient.lib.Account.fromSeed<AccountKeyAlgorithm>>;\n\n/**\n * Type alias for certificate attribute names\n */\nexport type PIIAttributeNames = keyof CertificateAttributeValueMap;\n\n/**\n * Redacted message shown when attempting to log or serialize PIIStore\n */\nconst REDACTED = '[PII: REDACTED]';\n\n/**\n * PII error codes\n */\nexport type PIIErrorCode = 'PII_ATTRIBUTE_NOT_FOUND' | 'PII_EXTERNAL_ATTRIBUTE';\n\n/**\n * Error class for PII-related errors\n */\nexport class PIIError extends KeetaAnchorError {\n\tstatic override readonly name: string = 'PIIError';\n\tprivate readonly PIIErrorObjectTypeID!: string;\n\tprivate static readonly PIIErrorObjectTypeID = 'b8e3c7a1-5d2f-4e6b-9a1c-3f8d2e7b4c5a';\n\n\treadonly code: PIIErrorCode;\n\treadonly attributeName: string;\n\n\tconstructor(code: PIIErrorCode, attributeName: string, message: string) {\n\t\tsuper(message);\n\n\t\tObject.defineProperty(this, 'PIIErrorObjectTypeID', {\n\t\t\tvalue: PIIError.PIIErrorObjectTypeID,\n\t\t\tenumerable: false\n\t\t});\n\n\t\tthis.code = code;\n\t\tthis.attributeName = attributeName;\n\t}\n\n\tstatic isInstance(input: unknown, code?: PIIErrorCode): input is PIIError {\n\t\tif (!this.hasPropWithValue(input, 'PIIErrorObjectTypeID', PIIError.PIIErrorObjectTypeID)) {\n\t\t\treturn(false);\n\t\t}\n\t\tif (code && !this.hasPropWithValue(input, 'code', code)) {\n\t\t\treturn(false);\n\t\t}\n\n\t\treturn(true);\n\t}\n}\n\ntype StoredAttribute = {\n\tvalue: unknown;\n\tsensitive: boolean;\n};\n\n/**\n * PIIStore is a secure container for Personally Identifiable Information (PII).\n *\n * It encapsulates sensitive data and prevents accidental logging or serialization\n * by overriding common output methods to return redacted placeholders.\n *\n * @example\n * ```typescript\n * const store = new PIIStore();\n * store.setAttribute('firstName', 'John');\n * store.setAttribute('lastName', 'Doe');\n *\n * console.log(store); // '[PIIStore: REDACTED]'\n * JSON.stringify(store); // '{\"type\":\"PIIStore\",\"message\":\"REDACTED\"}'\n * ```\n */\nexport class PIIStore {\n\treadonly #attributes = new Map<string, StoredAttribute>();\n\n\tconstructor() {\n\t\t// Define Node.js util.inspect custom formatter to prevent PII exposure\n\t\tObject.defineProperty(this, Symbol.for('nodejs.util.inspect.custom'), {\n\t\t\tvalue: () => REDACTED,\n\t\t\tenumerable: false,\n\t\t\twritable: false,\n\t\t\tconfigurable: false\n\t\t});\n\t}\n\n\t/**\n\t * Create a PIIStore from a Certificate, extracting all attributes\n\t *\n\t * @param certificate - The certificate to extract attributes from\n\t *\n\t * @returns A new PIIStore populated with the certificate's attributes\n\t */\n\tstatic fromCertificate(certificate: Certificate): PIIStore {\n\t\tconst store = new PIIStore();\n\n\t\t// eslint-disable-next-line @typescript-eslint/consistent-type-assertions\n\t\tconst attributeNames = Object.keys(certificate.attributes) as PIIAttributeNames[];\n\t\tfor (const name of attributeNames) {\n\t\t\tconst attr = certificate.attributes[name];\n\t\t\tif (attr) {\n\t\t\t\tstore.#attributes.set(name, {\n\t\t\t\t\tvalue: attr.value,\n\t\t\t\t\tsensitive: attr.sensitive\n\t\t\t\t});\n\t\t\t}\n\t\t}\n\n\t\treturn(store);\n\t}\n\n\t/**\n\t * Set a known certificate attribute\n\t *\n\t * @param name - The attribute name\n\t * @param value - The value to store\n\t * @param sensitive - Whether the attribute is sensitive (default: true)\n\t */\n\tsetAttribute<K extends PIIAttributeNames>(name: K, value: CertificateAttributeValue<K>, sensitive?: boolean): void;\n\tsetAttribute<T>(name: string, value: T, sensitive?: boolean): void;\n\tsetAttribute(name: string, value: unknown, sensitive = true): void {\n\t\tthis.#attributes.set(name, { value, sensitive });\n\t}\n\n\t/**\n\t * Check if an attribute exists in the store\n\t */\n\thasAttribute(name: string): boolean {\n\t\treturn(this.#attributes.has(name));\n\t}\n\n\t/**\n\t * Get all attribute names currently stored\n\t */\n\tgetAttributeNames(): string[] {\n\t\treturn(Array.from(this.#attributes.keys()));\n\t}\n\n\t/**\n\t * Execute a function with scoped access to PII values\n\t *\n\t * Provides controlled access to all attribute values. Known certificate attributes\n\t * are automatically typed; external attributes require an explicit type parameter.\n\t *\n\t * @param fn - Function that receives a getter for accessing attribute values\n\t * @returns The return value of the callback function\n\t *\n\t * @throws PIIError with PII_ATTRIBUTE_NOT_FOUND if accessing a missing attribute\n\t */\n\trun<R>(fn: (get: {\n\t\t<K extends PIIAttributeNames>(name: K): CertificateAttributeValue<K>;\n\t\t<T>(name: string): T;\n\t}) => R): R {\n\t\tconst attributes = this.#attributes;\n\t\tconst get = <T>(name: string): T => {\n\t\t\tif (!this.hasAttribute(name)) {\n\t\t\t\tthrow(new PIIError('PII_ATTRIBUTE_NOT_FOUND', name, `Attribute '${name}' not found in PIIStore`));\n\t\t\t}\n\n\t\t\t// eslint-disable-next-line @typescript-eslint/consistent-type-assertions\n\t\t\treturn(attributes.get(name)?.value as T);\n\t\t};\n\n\t\treturn(fn(get));\n\t}\n\n\t/**\n\t * Create a SensitiveAttribute for a known certificate attribute\n\t *\n\t * Only known certificate attributes are supported. External attributes\n\t * cannot be converted to SensitiveAttributes.\n\t *\n\t * @param name - The attribute name to convert (must be a known certificate attribute)\n\t * @param subjectKey - The account to encrypt the attribute for\n\t * @returns A SensitiveAttribute containing the encrypted value\n\t *\n\t * @throws PIIError with PII_ATTRIBUTE_NOT_FOUND if the attribute is not set\n\t * @throws Error if the attribute is not a known certificate attribute\n\t */\n\tasync toSensitiveAttribute<K extends PIIAttributeNames>(\n\t\tname: K,\n\t\tsubjectKey: KeetaNetAccount\n\t): Promise<SensitiveAttribute<CertificateAttributeValue<K>>> {\n\t\tif (!this.hasAttribute(name)) {\n\t\t\tthrow(new PIIError('PII_ATTRIBUTE_NOT_FOUND', name, `Attribute '${name}' not found in PIIStore`));\n\t\t}\n\t\tif (!this.#isKnownAttribute(name)) {\n\t\t\tthrow(new PIIError('PII_EXTERNAL_ATTRIBUTE', name, `Cannot convert external attribute '${name}' to SensitiveAttribute`));\n\t\t}\n\n\t\tconst stored = this.#attributes.get(name);\n\t\tconst storedValue = stored?.value;\n\t\tif (SensitiveAttribute.isInstance(storedValue)) {\n\t\t\t// If already a SensitiveAttribute, return it directly\n\t\t\t// eslint-disable-next-line @typescript-eslint/consistent-type-assertions\n\t\t\treturn(storedValue as SensitiveAttribute<CertificateAttributeValue<K>>);\n\t\t}\n\n\t\t// @ts-expect-error storedValue type is validated at setAttribute time\n\t\tconst result = await SensitiveAttribute.create(subjectKey, name, storedValue);\n\t\treturn(result);\n\t}\n\n\t/**\n\t * Apply known attributes to a CertificateBuilder\n\t *\n\t * External attributes are not included in the certificate.\n\t *\n\t * @param builder - The certificate builder to apply attributes to\n\t * @param subjectKey - The subject's account key (required to encrypt sensitive attributes)\n\t * @returns The certificate builder with the attributes applied\n\t */\n\tasync toCertificateBuilder(builder: CertificateBuilder, subjectKey: KeetaNetAccount): Promise<CertificateBuilder> {\n\t\tfor (const [name, attr] of this.#attributes.entries()) {\n\t\t\tif (this.#isKnownAttribute(name) && attr.value !== undefined && attr.value !== null) {\n\t\t\t\tif (attr.sensitive) {\n\t\t\t\t\tconst sensitiveAttr = await this.toSensitiveAttribute(name, subjectKey);\n\t\t\t\t\tbuilder.setSensitiveAttribute(name, sensitiveAttr);\n\t\t\t\t} else {\n\t\t\t\t\tbuilder.setAttribute(name, attr.value);\n\t\t\t\t}\n\t\t\t}\n\t\t}\n\n\t\treturn(builder);\n\t}\n\n\t/**\n\t * Prevent logging of PII data via string coercion\n\t */\n\ttoString(): string {\n\t\treturn(REDACTED);\n\t}\n\n\t/**\n\t * Serialize to JSON with redacted values\n\t *\n\t * Shows attribute names for debugging, but all values are redacted.\n\t */\n\ttoJSON(): { type: string; attributes: { [key: string]: string }} {\n\t\tconst attributes: { [key: string]: string } = {};\n\t\tfor (const name of this.#attributes.keys()) {\n\t\t\tattributes[name] = '[REDACTED]';\n\t\t}\n\n\t\treturn({ type: 'PIIStore', attributes });\n\t}\n\n\t#isKnownAttribute(name: string): name is PIIAttributeNames {\n\t\treturn(name in CertificateAttributeOIDDB);\n\t}\n}\n"]}
|
|
1
|
+
{"version":3,"file":"pii.js","sourceRoot":"","sources":["../../../src/lib/utils/pii.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,yBAAyB,EAAqE,MAAM,0CAA0C,CAAC;AAExJ,OAAO,EAAE,kBAAkB,EAAE,MAAM,oBAAoB,CAAC;AACxD,OAAO,EAAE,gBAAgB,EAAE,MAAM,aAAa,CAAC;AAU/C;;GAEG;AACH,MAAM,QAAQ,GAAG,iBAAiB,CAAC;AAOnC;;GAEG;AACH,MAAM,OAAO,QAAS,SAAQ,gBAAgB;IAC7C,MAAM,CAAmB,IAAI,GAAW,UAAU,CAAC;IAClC,oBAAoB,CAAU;IACvC,MAAM,CAAU,oBAAoB,GAAG,sCAAsC,CAAC;IAE7E,IAAI,CAAe;IACnB,aAAa,CAAS;IAE/B,YAAY,IAAkB,EAAE,aAAqB,EAAE,OAAe;QACrE,KAAK,CAAC,OAAO,CAAC,CAAC;QAEf,MAAM,CAAC,cAAc,CAAC,IAAI,EAAE,sBAAsB,EAAE;YACnD,KAAK,EAAE,QAAQ,CAAC,oBAAoB;YACpC,UAAU,EAAE,KAAK;SACjB,CAAC,CAAC;QAEH,IAAI,CAAC,IAAI,GAAG,IAAI,CAAC;QACjB,IAAI,CAAC,aAAa,GAAG,aAAa,CAAC;IACpC,CAAC;IAED,MAAM,CAAC,UAAU,CAAC,KAAc,EAAE,IAAmB;QACpD,IAAI,CAAC,IAAI,CAAC,gBAAgB,CAAC,KAAK,EAAE,sBAAsB,EAAE,QAAQ,CAAC,oBAAoB,CAAC,EAAE,CAAC;YAC1F,OAAM,CAAC,KAAK,CAAC,CAAC;QACf,CAAC;QACD,IAAI,IAAI,IAAI,CAAC,IAAI,CAAC,gBAAgB,CAAC,KAAK,EAAE,MAAM,EAAE,IAAI,CAAC,EAAE,CAAC;YACzD,OAAM,CAAC,KAAK,CAAC,CAAC;QACf,CAAC;QAED,OAAM,CAAC,IAAI,CAAC,CAAC;IACd,CAAC;;AAQF;;;;;;;;;;;;;;;GAeG;AACH,MAAM,OAAO,QAAQ;IACX,WAAW,GAAG,IAAI,GAAG,EAA2B,CAAC;IAE1D;QACC,uEAAuE;QACvE,MAAM,CAAC,cAAc,CAAC,IAAI,EAAE,MAAM,CAAC,GAAG,CAAC,4BAA4B,CAAC,EAAE;YACrE,KAAK,EAAE,GAAG,EAAE,CAAC,QAAQ;YACrB,UAAU,EAAE,KAAK;YACjB,QAAQ,EAAE,KAAK;YACf,YAAY,EAAE,KAAK;SACnB,CAAC,CAAC;IACJ,CAAC;IAED;;;;;;OAMG;IACH,MAAM,CAAC,eAAe,CAAC,WAAwB;QAC9C,MAAM,KAAK,GAAG,IAAI,QAAQ,EAAE,CAAC;QAE7B,yEAAyE;QACzE,MAAM,cAAc,GAAG,MAAM,CAAC,IAAI,CAAC,WAAW,CAAC,UAAU,CAAwB,CAAC;QAClF,KAAK,MAAM,IAAI,IAAI,cAAc,EAAE,CAAC;YACnC,MAAM,IAAI,GAAG,WAAW,CAAC,UAAU,CAAC,IAAI,CAAC,CAAC;YAC1C,IAAI,IAAI,EAAE,CAAC;gBACV,KAAK,CAAC,WAAW,CAAC,GAAG,CAAC,IAAI,EAAE;oBAC3B,KAAK,EAAE,IAAI,CAAC,KAAK;oBACjB,SAAS,EAAE,IAAI,CAAC,SAAS;iBACzB,CAAC,CAAC;YACJ,CAAC;QACF,CAAC;QAED,OAAM,CAAC,KAAK,CAAC,CAAC;IACf,CAAC;IAWD,YAAY,CAAC,IAAY,EAAE,KAAc,EAAE,SAAS,GAAG,IAAI;QAC1D,IAAI,CAAC,WAAW,CAAC,GAAG,CAAC,IAAI,EAAE,EAAE,KAAK,EAAE,SAAS,EAAE,CAAC,CAAC;IAClD,CAAC;IAED;;OAEG;IACH,YAAY,CAAC,IAAY;QACxB,OAAM,CAAC,IAAI,CAAC,WAAW,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC,CAAC;IACpC,CAAC;IAED;;OAEG;IACH,iBAAiB;QAChB,OAAM,CAAC,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,WAAW,CAAC,IAAI,EAAE,CAAC,CAAC,CAAC;IAC7C,CAAC;IAED;;;;;;;;;;OAUG;IACH,GAAG,CAAI,EAGA;QACN,MAAM,UAAU,GAAG,IAAI,CAAC,WAAW,CAAC;QACpC,MAAM,GAAG,GAAG,CAAI,IAAY,EAAK,EAAE;YAClC,IAAI,CAAC,IAAI,CAAC,YAAY,CAAC,IAAI,CAAC,EAAE,CAAC;gBAC9B,MAAK,CAAC,IAAI,QAAQ,CAAC,yBAAyB,EAAE,IAAI,EAAE,cAAc,IAAI,yBAAyB,CAAC,CAAC,CAAC;YACnG,CAAC;YAED,yEAAyE;YACzE,OAAO,UAAU,CAAC,GAAG,CAAC,IAAI,CAAC,EAAE,KAAW,CAAC;QAC1C,CAAC,CAAC;QAEF,OAAM,CAAC,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC;IACjB,CAAC;IAED;;;;;;;;;;;;OAYG;IACH,KAAK,CAAC,oBAAoB,CACzB,IAAO,EACP,UAA2B;QAE3B,IAAI,CAAC,IAAI,CAAC,YAAY,CAAC,IAAI,CAAC,EAAE,CAAC;YAC9B,MAAK,CAAC,IAAI,QAAQ,CAAC,yBAAyB,EAAE,IAAI,EAAE,cAAc,IAAI,yBAAyB,CAAC,CAAC,CAAC;QACnG,CAAC;QACD,IAAI,CAAC,IAAI,CAAC,iBAAiB,CAAC,IAAI,CAAC,EAAE,CAAC;YACnC,MAAK,CAAC,IAAI,QAAQ,CAAC,wBAAwB,EAAE,IAAI,EAAE,sCAAsC,IAAI,yBAAyB,CAAC,CAAC,CAAC;QAC1H,CAAC;QAED,MAAM,MAAM,GAAG,IAAI,CAAC,WAAW,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC;QAC1C,MAAM,WAAW,GAAG,MAAM,EAAE,KAAK,CAAC;QAClC,IAAI,kBAAkB,CAAC,UAAU,CAAC,WAAW,CAAC,EAAE,CAAC;YAChD,sDAAsD;YACtD,yEAAyE;YACzE,OAAO,WAAgE,CAAC;QACzE,CAAC;QAED,sEAAsE;QACtE,MAAM,MAAM,GAAG,MAAM,kBAAkB,CAAC,MAAM,CAAC,UAAU,EAAE,IAAI,EAAE,WAAW,CAAC,CAAC;QAC9E,OAAM,CAAC,MAAM,CAAC,CAAC;IAChB,CAAC;IAED;;;;;;;;OAQG;IACH,KAAK,CAAC,oBAAoB,CAAC,OAA2B,EAAE,UAA2B;QAClF,KAAK,MAAM,CAAC,IAAI,EAAE,IAAI,CAAC,IAAI,IAAI,CAAC,WAAW,CAAC,OAAO,EAAE,EAAE,CAAC;YACvD,IAAI,IAAI,CAAC,iBAAiB,CAAC,IAAI,CAAC,IAAI,IAAI,CAAC,KAAK,KAAK,SAAS,IAAI,IAAI,CAAC,KAAK,KAAK,IAAI,EAAE,CAAC;gBACrF,IAAI,IAAI,CAAC,SAAS,EAAE,CAAC;oBACpB,MAAM,aAAa,GAAG,MAAM,IAAI,CAAC,oBAAoB,CAAC,IAAI,EAAE,UAAU,CAAC,CAAC;oBACxE,OAAO,CAAC,qBAAqB,CAAC,IAAI,EAAE,aAAa,CAAC,CAAC;gBACpD,CAAC;qBAAM,CAAC;oBACP,OAAO,CAAC,YAAY,CAAC,IAAI,EAAE,KAAK,EAAE,IAAI,CAAC,KAAK,CAAC,CAAC;gBAC/C,CAAC;YACF,CAAC;QACF,CAAC;QAED,OAAM,CAAC,OAAO,CAAC,CAAC;IACjB,CAAC;IAED;;OAEG;IACH,QAAQ;QACP,OAAM,CAAC,QAAQ,CAAC,CAAC;IAClB,CAAC;IAED;;;;OAIG;IACH,MAAM;QACL,MAAM,UAAU,GAA8B,EAAE,CAAC;QACjD,KAAK,MAAM,IAAI,IAAI,IAAI,CAAC,WAAW,CAAC,IAAI,EAAE,EAAE,CAAC;YAC5C,UAAU,CAAC,IAAI,CAAC,GAAG,YAAY,CAAC;QACjC,CAAC;QAED,OAAM,CAAC,EAAE,IAAI,EAAE,UAAU,EAAE,UAAU,EAAE,CAAC,CAAC;IAC1C,CAAC;IAED,iBAAiB,CAAC,IAAY;QAC7B,OAAM,CAAC,IAAI,IAAI,yBAAyB,CAAC,CAAC;IAC3C,CAAC;CACD","sourcesContent":["import type * as KeetaNetClient from '@keetanetwork/keetanet-client';\nimport { CertificateAttributeOIDDB, type CertificateAttributeValueMap, type CertificateAttributeValue } from '../../services/kyc/iso20022.generated.js';\nimport type { CertificateBuilder, Certificate } from '../certificates.js';\nimport { SensitiveAttribute } from '../certificates.js';\nimport { KeetaAnchorError } from '../error.js';\n\ntype AccountKeyAlgorithm = InstanceType<typeof KeetaNetClient.lib.Account>['keyType'];\ntype KeetaNetAccount = ReturnType<typeof KeetaNetClient.lib.Account.fromSeed<AccountKeyAlgorithm>>;\n\n/**\n * Type alias for certificate attribute names\n */\nexport type PIIAttributeNames = keyof CertificateAttributeValueMap;\n\n/**\n * Redacted message shown when attempting to log or serialize PIIStore\n */\nconst REDACTED = '[PII: REDACTED]';\n\n/**\n * PII error codes\n */\nexport type PIIErrorCode = 'PII_ATTRIBUTE_NOT_FOUND' | 'PII_EXTERNAL_ATTRIBUTE';\n\n/**\n * Error class for PII-related errors\n */\nexport class PIIError extends KeetaAnchorError {\n\tstatic override readonly name: string = 'PIIError';\n\tprivate readonly PIIErrorObjectTypeID!: string;\n\tprivate static readonly PIIErrorObjectTypeID = 'b8e3c7a1-5d2f-4e6b-9a1c-3f8d2e7b4c5a';\n\n\treadonly code: PIIErrorCode;\n\treadonly attributeName: string;\n\n\tconstructor(code: PIIErrorCode, attributeName: string, message: string) {\n\t\tsuper(message);\n\n\t\tObject.defineProperty(this, 'PIIErrorObjectTypeID', {\n\t\t\tvalue: PIIError.PIIErrorObjectTypeID,\n\t\t\tenumerable: false\n\t\t});\n\n\t\tthis.code = code;\n\t\tthis.attributeName = attributeName;\n\t}\n\n\tstatic isInstance(input: unknown, code?: PIIErrorCode): input is PIIError {\n\t\tif (!this.hasPropWithValue(input, 'PIIErrorObjectTypeID', PIIError.PIIErrorObjectTypeID)) {\n\t\t\treturn(false);\n\t\t}\n\t\tif (code && !this.hasPropWithValue(input, 'code', code)) {\n\t\t\treturn(false);\n\t\t}\n\n\t\treturn(true);\n\t}\n}\n\ntype StoredAttribute = {\n\tvalue: unknown;\n\tsensitive: boolean;\n};\n\n/**\n * PIIStore is a secure container for Personally Identifiable Information (PII).\n *\n * It encapsulates sensitive data and prevents accidental logging or serialization\n * by overriding common output methods to return redacted placeholders.\n *\n * @example\n * ```typescript\n * const store = new PIIStore();\n * store.setAttribute('firstName', 'John');\n * store.setAttribute('lastName', 'Doe');\n *\n * console.log(store); // '[PIIStore: REDACTED]'\n * JSON.stringify(store); // '{\"type\":\"PIIStore\",\"message\":\"REDACTED\"}'\n * ```\n */\nexport class PIIStore {\n\treadonly #attributes = new Map<string, StoredAttribute>();\n\n\tconstructor() {\n\t\t// Define Node.js util.inspect custom formatter to prevent PII exposure\n\t\tObject.defineProperty(this, Symbol.for('nodejs.util.inspect.custom'), {\n\t\t\tvalue: () => REDACTED,\n\t\t\tenumerable: false,\n\t\t\twritable: false,\n\t\t\tconfigurable: false\n\t\t});\n\t}\n\n\t/**\n\t * Create a PIIStore from a Certificate, extracting all attributes\n\t *\n\t * @param certificate - The certificate to extract attributes from\n\t *\n\t * @returns A new PIIStore populated with the certificate's attributes\n\t */\n\tstatic fromCertificate(certificate: Certificate): PIIStore {\n\t\tconst store = new PIIStore();\n\n\t\t// eslint-disable-next-line @typescript-eslint/consistent-type-assertions\n\t\tconst attributeNames = Object.keys(certificate.attributes) as PIIAttributeNames[];\n\t\tfor (const name of attributeNames) {\n\t\t\tconst attr = certificate.attributes[name];\n\t\t\tif (attr) {\n\t\t\t\tstore.#attributes.set(name, {\n\t\t\t\t\tvalue: attr.value,\n\t\t\t\t\tsensitive: attr.sensitive\n\t\t\t\t});\n\t\t\t}\n\t\t}\n\n\t\treturn(store);\n\t}\n\n\t/**\n\t * Set a known certificate attribute\n\t *\n\t * @param name - The attribute name\n\t * @param value - The value to store\n\t * @param sensitive - Whether the attribute is sensitive (default: true)\n\t */\n\tsetAttribute<K extends PIIAttributeNames>(name: K, value: CertificateAttributeValue<K>, sensitive?: boolean): void;\n\tsetAttribute<T>(name: string, value: T, sensitive?: boolean): void;\n\tsetAttribute(name: string, value: unknown, sensitive = true): void {\n\t\tthis.#attributes.set(name, { value, sensitive });\n\t}\n\n\t/**\n\t * Check if an attribute exists in the store\n\t */\n\thasAttribute(name: string): boolean {\n\t\treturn(this.#attributes.has(name));\n\t}\n\n\t/**\n\t * Get all attribute names currently stored\n\t */\n\tgetAttributeNames(): string[] {\n\t\treturn(Array.from(this.#attributes.keys()));\n\t}\n\n\t/**\n\t * Execute a function with scoped access to PII values\n\t *\n\t * Provides controlled access to all attribute values. Known certificate attributes\n\t * are automatically typed; external attributes require an explicit type parameter.\n\t *\n\t * @param fn - Function that receives a getter for accessing attribute values\n\t * @returns The return value of the callback function\n\t *\n\t * @throws PIIError with PII_ATTRIBUTE_NOT_FOUND if accessing a missing attribute\n\t */\n\trun<R>(fn: (get: {\n\t\t<K extends PIIAttributeNames>(name: K): CertificateAttributeValue<K>;\n\t\t<T>(name: string): T;\n\t}) => R): R {\n\t\tconst attributes = this.#attributes;\n\t\tconst get = <T>(name: string): T => {\n\t\t\tif (!this.hasAttribute(name)) {\n\t\t\t\tthrow(new PIIError('PII_ATTRIBUTE_NOT_FOUND', name, `Attribute '${name}' not found in PIIStore`));\n\t\t\t}\n\n\t\t\t// eslint-disable-next-line @typescript-eslint/consistent-type-assertions\n\t\t\treturn(attributes.get(name)?.value as T);\n\t\t};\n\n\t\treturn(fn(get));\n\t}\n\n\t/**\n\t * Create a SensitiveAttribute for a known certificate attribute\n\t *\n\t * Only known certificate attributes are supported. External attributes\n\t * cannot be converted to SensitiveAttributes.\n\t *\n\t * @param name - The attribute name to convert (must be a known certificate attribute)\n\t * @param subjectKey - The account to encrypt the attribute for\n\t * @returns A SensitiveAttribute containing the encrypted value\n\t *\n\t * @throws PIIError with PII_ATTRIBUTE_NOT_FOUND if the attribute is not set\n\t * @throws Error if the attribute is not a known certificate attribute\n\t */\n\tasync toSensitiveAttribute<K extends PIIAttributeNames>(\n\t\tname: K,\n\t\tsubjectKey: KeetaNetAccount\n\t): Promise<SensitiveAttribute<CertificateAttributeValue<K>>> {\n\t\tif (!this.hasAttribute(name)) {\n\t\t\tthrow(new PIIError('PII_ATTRIBUTE_NOT_FOUND', name, `Attribute '${name}' not found in PIIStore`));\n\t\t}\n\t\tif (!this.#isKnownAttribute(name)) {\n\t\t\tthrow(new PIIError('PII_EXTERNAL_ATTRIBUTE', name, `Cannot convert external attribute '${name}' to SensitiveAttribute`));\n\t\t}\n\n\t\tconst stored = this.#attributes.get(name);\n\t\tconst storedValue = stored?.value;\n\t\tif (SensitiveAttribute.isInstance(storedValue)) {\n\t\t\t// If already a SensitiveAttribute, return it directly\n\t\t\t// eslint-disable-next-line @typescript-eslint/consistent-type-assertions\n\t\t\treturn(storedValue as SensitiveAttribute<CertificateAttributeValue<K>>);\n\t\t}\n\n\t\t// @ts-expect-error storedValue type is validated at setAttribute time\n\t\tconst result = await SensitiveAttribute.create(subjectKey, name, storedValue);\n\t\treturn(result);\n\t}\n\n\t/**\n\t * Apply known attributes to a CertificateBuilder\n\t *\n\t * External attributes are not included in the certificate.\n\t *\n\t * @param builder - The certificate builder to apply attributes to\n\t * @param subjectKey - The subject's account key (required to encrypt sensitive attributes)\n\t * @returns The certificate builder with the attributes applied\n\t */\n\tasync toCertificateBuilder(builder: CertificateBuilder, subjectKey: KeetaNetAccount): Promise<CertificateBuilder> {\n\t\tfor (const [name, attr] of this.#attributes.entries()) {\n\t\t\tif (this.#isKnownAttribute(name) && attr.value !== undefined && attr.value !== null) {\n\t\t\t\tif (attr.sensitive) {\n\t\t\t\t\tconst sensitiveAttr = await this.toSensitiveAttribute(name, subjectKey);\n\t\t\t\t\tbuilder.setSensitiveAttribute(name, sensitiveAttr);\n\t\t\t\t} else {\n\t\t\t\t\tbuilder.setAttribute(name, false, attr.value);\n\t\t\t\t}\n\t\t\t}\n\t\t}\n\n\t\treturn(builder);\n\t}\n\n\t/**\n\t * Prevent logging of PII data via string coercion\n\t */\n\ttoString(): string {\n\t\treturn(REDACTED);\n\t}\n\n\t/**\n\t * Serialize to JSON with redacted values\n\t *\n\t * Shows attribute names for debugging, but all values are redacted.\n\t */\n\ttoJSON(): { type: string; attributes: { [key: string]: string }} {\n\t\tconst attributes: { [key: string]: string } = {};\n\t\tfor (const name of this.#attributes.keys()) {\n\t\t\tattributes[name] = '[REDACTED]';\n\t\t}\n\n\t\treturn({ type: 'PIIStore', attributes });\n\t}\n\n\t#isKnownAttribute(name: string): name is PIIAttributeNames {\n\t\treturn(name in CertificateAttributeOIDDB);\n\t}\n}\n"]}
|
package/npm-shrinkwrap.json
CHANGED
|
@@ -1,12 +1,12 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@keetanetwork/anchor",
|
|
3
|
-
"version": "0.0.
|
|
3
|
+
"version": "0.0.48",
|
|
4
4
|
"lockfileVersion": 3,
|
|
5
5
|
"requires": true,
|
|
6
6
|
"packages": {
|
|
7
7
|
"": {
|
|
8
8
|
"name": "@keetanetwork/anchor",
|
|
9
|
-
"version": "0.0.
|
|
9
|
+
"version": "0.0.48",
|
|
10
10
|
"license": "SEE LICENSE IN LICENSE",
|
|
11
11
|
"dependencies": {
|
|
12
12
|
"@keetanetwork/currency-info": "1.2.5",
|
package/package.json
CHANGED
|
@@ -5,7 +5,7 @@ import type { ToJSONSerializable } from '@keetanetwork/keetanet-client/lib/utils
|
|
|
5
5
|
import type { HTTPSignedField } from '../../lib/http-server/common.js';
|
|
6
6
|
import type { Signable } from '../../lib/utils/signing.js';
|
|
7
7
|
import type { SharableCertificateAttributes } from '../../lib/certificates.js';
|
|
8
|
-
import
|
|
8
|
+
import * as KeetaNet from '@keetanetwork/keetanet-client';
|
|
9
9
|
import { KeetaAnchorUserError } from '../../lib/error.js';
|
|
10
10
|
import type { AssetLocationLike, AssetLocationString, AssetLocationInput, AssetLocationCanonical } from './lib/location.js';
|
|
11
11
|
import type { BankAccountAddressObfuscated, BankAccountAddressResolved, MobileWalletAddressObfuscated, MobileWalletAddressResolved } from './lib/data/addresses/types.generated.js';
|