npm - @matter/protocol - Versions diffs - 0.15.0-alpha.0-20250616-4b3754906 → 0.15.0-alpha.0-20250619-df2264f15 - Mend

@matter/protocol 0.15.0-alpha.0-20250616-4b3754906 → 0.15.0-alpha.0-20250619-df2264f15

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (207) hide show

package/dist/cjs/certificate/kinds/CertificationDeclaration.js ADDED Viewed

@@ -0,0 +1,86 @@
+"use strict";
+var __defProp = Object.defineProperty;
+var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
+var __getOwnPropNames = Object.getOwnPropertyNames;
+var __hasOwnProp = Object.prototype.hasOwnProperty;
+var __export = (target, all) => {
+  for (var name in all)
+    __defProp(target, name, { get: all[name], enumerable: true });
+};
+var __copyProps = (to, from, except, desc) => {
+  if (from && typeof from === "object" || typeof from === "function") {
+    for (let key of __getOwnPropNames(from))
+      if (!__hasOwnProp.call(to, key) && key !== except)
+        __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable });
+  }
+  return to;
+};
+var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
+var CertificationDeclaration_exports = {};
+__export(CertificationDeclaration_exports, {
+  CertificationDeclaration: () => CertificationDeclaration
+});
+module.exports = __toCommonJS(CertificationDeclaration_exports);
+var import_general = require("#general");
+var import_common = require("./common.js");
+var import_certification_declaration = require("./definitions/certification-declaration.js");
+/**
+ * @license
+ * Copyright 2022-2025 Matter.js Authors
+ * SPDX-License-Identifier: Apache-2.0
+ */
+const TestCMS_SignerPrivateKey = import_general.Bytes.fromHex("AEF3484116E9481EC57BE0472DF41BF499064E5024AD869ECA5E889802D48075");
+const TestCMS_SignerSubjectKeyIdentifier = import_general.Bytes.fromHex("62FA823359ACFAA9963E1CFA140ADDF504F37160");
+class CertificationDeclaration {
+  #eContent;
+  #subjectKeyIdentifier;
+  /**
+   * Generator which is the main usage for the class from outside.
+   * It constructs the class with the relevant details and returns a signed ASN.1 DER version of the CD.
+   */
+  static generate(crypto, vendorId, productId, provisional = false) {
+    const cd = new CertificationDeclaration(
+      {
+        formatVersion: 1,
+        vendorId,
+        produceIdArray: [productId],
+        deviceTypeId: 22,
+        certificateId: "CSA00000SWC00000-00",
+        securityLevel: 0,
+        securityInformation: 0,
+        versionNumber: 1,
+        certificationType: provisional ? 1 : 0
+        // 0 = Test, 1 = Provisional/In certification, 2 = official
+      },
+      TestCMS_SignerSubjectKeyIdentifier
+    );
+    return cd.asSignedAsn1(crypto, (0, import_general.PrivateKey)(TestCMS_SignerPrivateKey));
+  }
+  constructor(content, subjectKeyIdentifier) {
+    this.#eContent = import_certification_declaration.CertificationDeclaration.TlvDc.encode(content);
+    this.#subjectKeyIdentifier = subjectKeyIdentifier;
+  }
+  /**
+   * Returns the signed certificate in ASN.1 DER format.
+   */
+  async asSignedAsn1(crypto, privateKey) {
+    const cert = {
+      version: 3,
+      digestAlgorithm: [import_general.SHA256_CMS],
+      encapContentInfo: import_general.Pkcs7.Data(this.#eContent),
+      signerInfo: [
+        {
+          version: 3,
+          subjectKeyIdentifier: (0, import_general.ContextTaggedBytes)(0, this.#subjectKeyIdentifier),
+          digestAlgorithm: import_general.SHA256_CMS,
+          signatureAlgorithm: import_general.X962.EcdsaWithSHA256,
+          signature: await crypto.signEcdsa(privateKey, this.#eContent, "der")
+        }
+      ]
+    };
+    const certBytes = import_general.DerCodec.encode(import_general.Pkcs7.SignedData(cert));
+    (0, import_common.assertCertificateDerSize)(certBytes);
+    return certBytes;
+  }
+}
+//# sourceMappingURL=CertificationDeclaration.js.map

package/dist/cjs/certificate/kinds/CertificationDeclaration.js.map ADDED Viewed

@@ -0,0 +1,6 @@
+{
+  "version": 3,
+  "sources": ["../../../../src/certificate/kinds/CertificationDeclaration.ts"],
+  "mappings": ";;;;;;;;;;;;;;;;;;AAAA;AAAA;AAAA;AAAA;AAAA;AAKA,qBAAiG;AAEjG,oBAAyC;AACzC,uCAAwE;AARxE;AAAA;AAAA;AAAA;AAAA;AAsBA,MAAM,2BAA2B,qBAAM,QAAQ,kEAAkE;AAQjH,MAAM,qCAAqC,qBAAM,QAAQ,0CAA0C;AAG5F,MAAM,yBAAyB;AAAA,EAClC;AAAA,EACA;AAAA;AAAA;AAAA;AAAA;AAAA,EAMA,OAAO,SAAS,QAAgB,UAAoB,WAAmB,cAAc,OAAO;AACxF,UAAM,KAAK,IAAI;AAAA,MACX;AAAA,QACI,eAAe;AAAA,QACf;AAAA,QACA,gBAAgB,CAAC,SAAS;AAAA,QAC1B,cAAc;AAAA,QACd,eAAe;AAAA,QACf,eAAe;AAAA,QACf,qBAAqB;AAAA,QACrB,eAAe;AAAA,QACf,mBAAmB,cAAc,IAAI;AAAA;AAAA,MACzC;AAAA,MACA;AAAA,IACJ;AAEA,WAAO,GAAG,aAAa,YAAQ,2BAAW,wBAAwB,CAAC;AAAA,EACvE;AAAA,EAEA,YACI,SACA,sBACF;AACE,SAAK,YAAY,iCAAAA,yBAA4B,MAAM,OAAO,OAAO;AACjE,SAAK,wBAAwB;AAAA,EACjC;AAAA;AAAA;AAAA;AAAA,EAKA,MAAM,aAAa,QAAgB,YAAwB;AACvD,UAAM,OAAO;AAAA,MACT,SAAS;AAAA,MACT,iBAAiB,CAAC,yBAAU;AAAA,MAC5B,kBAAkB,qBAAM,KAAK,KAAK,SAAS;AAAA,MAC3C,YAAY;AAAA,QACR;AAAA,UACI,SAAS;AAAA,UACT,0BAAsB,mCAAmB,GAAG,KAAK,qBAAqB;AAAA,UACtE,iBAAiB;AAAA,UACjB,oBAAoB,oBAAK;AAAA,UACzB,WAAW,MAAM,OAAO,UAAU,YAAY,KAAK,WAAW,KAAK;AAAA,QACvE;AAAA,MACJ;AAAA,IACJ;AACA,UAAM,YAAY,wBAAS,OAAO,qBAAM,WAAW,IAAI,CAAC;AACxD,gDAAyB,SAAS;AAClC,WAAO;AAAA,EACX;AACJ;",
+  "names": ["CertificationDeclarationDef"]
+}

package/dist/cjs/certificate/kinds/Icac.d.ts ADDED Viewed

@@ -0,0 +1,29 @@
+/**
+ * @license
+ * Copyright 2022-2025 Matter.js Authors
+ * SPDX-License-Identifier: Apache-2.0
+ */
+import { Crypto } from "#general";
+import { OperationalCertificate } from "./definitions/operational.js";
+import { OperationalBase } from "./OperationalBase.js";
+import { Rcac } from "./Rcac.js";
+/**
+ * Represents an Intermediate Certificate
+ */
+export declare class Icac extends OperationalBase<OperationalCertificate.Icac> {
+    /** Construct the class from a Tlv version of the certificate */
+    static fromTlv(tlv: Uint8Array): Icac;
+    /** Validates all basic certificate fields on construction. */
+    protected validateFields(): void;
+    /**
+     * Encodes the certificate with the signature as Matter Tlv.
+     * If the certificate is not signed, it throws a CertificateError.
+     */
+    asSignedTlv(): Uint8Array<ArrayBufferLike>;
+    /**
+     * Verify requirements a Matter Intermediate CA certificate must fulfill.
+     * Rules for this are listed in @see {@link MatterSpecification.v12.Core} §6.5.x
+     */
+    verify(crypto: Crypto, root: Rcac): Promise<void>;
+}
+//# sourceMappingURL=Icac.d.ts.map

package/dist/cjs/certificate/kinds/Icac.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"Icac.d.ts","sourceRoot":"","sources":["../../../../src/certificate/kinds/Icac.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH,OAAO,EAAS,MAAM,EAAyB,MAAM,UAAU,CAAC;AAIhE,OAAO,EAAE,sBAAsB,EAAE,MAAM,8BAA8B,CAAC;AACtE,OAAO,EAAE,eAAe,EAAE,MAAM,sBAAsB,CAAC;AACvD,OAAO,EAAE,IAAI,EAAE,MAAM,WAAW,CAAC;AAEjC;;GAEG;AACH,qBAAa,IAAK,SAAQ,eAAe,CAAC,sBAAsB,CAAC,IAAI,CAAC;IAClE,gEAAgE;IAChE,MAAM,CAAC,OAAO,CAAC,GAAG,EAAE,UAAU,GAAG,IAAI;IAIrC,8DAA8D;IAC9D,SAAS,CAAC,cAAc;IAWxB;;;OAGG;IACH,WAAW;IAIX;;;OAGG;IACG,MAAM,CAAC,MAAM,EAAE,MAAM,EAAE,IAAI,EAAE,IAAI;CA4G1C"}

package/dist/cjs/certificate/kinds/Icac.js ADDED Viewed

@@ -0,0 +1,138 @@
+"use strict";
+var __defProp = Object.defineProperty;
+var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
+var __getOwnPropNames = Object.getOwnPropertyNames;
+var __hasOwnProp = Object.prototype.hasOwnProperty;
+var __export = (target, all) => {
+  for (var name in all)
+    __defProp(target, name, { get: all[name], enumerable: true });
+};
+var __copyProps = (to, from, except, desc) => {
+  if (from && typeof from === "object" || typeof from === "function") {
+    for (let key of __getOwnPropNames(from))
+      if (!__hasOwnProp.call(to, key) && key !== except)
+        __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable });
+  }
+  return to;
+};
+var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
+var Icac_exports = {};
+__export(Icac_exports, {
+  Icac: () => Icac
+});
+module.exports = __toCommonJS(Icac_exports);
+var import_general = require("#general");
+var import_types = require("#types");
+var import_common = require("./common.js");
+var import_base = require("./definitions/base.js");
+var import_operational = require("./definitions/operational.js");
+var import_OperationalBase = require("./OperationalBase.js");
+/**
+ * @license
+ * Copyright 2022-2025 Matter.js Authors
+ * SPDX-License-Identifier: Apache-2.0
+ */
+class Icac extends import_OperationalBase.OperationalBase {
+  /** Construct the class from a Tlv version of the certificate */
+  static fromTlv(tlv) {
+    return new Icac(import_operational.OperationalCertificate.TlvIcac.decode(tlv));
+  }
+  /** Validates all basic certificate fields on construction. */
+  validateFields() {
+    const {
+      extensions: {
+        basicConstraints: { isCa }
+      }
+    } = this.cert;
+    if (!isCa) {
+      throw new import_common.CertificateError("Intermediate certificate must be a CA.");
+    }
+  }
+  /**
+   * Encodes the certificate with the signature as Matter Tlv.
+   * If the certificate is not signed, it throws a CertificateError.
+   */
+  asSignedTlv() {
+    return import_operational.OperationalCertificate.TlvIcac.encode({ ...this.cert, signature: this.signature });
+  }
+  /**
+   * Verify requirements a Matter Intermediate CA certificate must fulfill.
+   * Rules for this are listed in @see {@link MatterSpecification.v12.Core} §6.5.x
+   */
+  async verify(crypto, root) {
+    this.generalVerify();
+    const {
+      subject,
+      issuer: { rcacId },
+      extensions
+    } = this.cert;
+    const { fabricId, icacId } = subject;
+    const { basicConstraints, extendedKeyUsage, subjectKeyIdentifier, authorityKeyIdentifier } = extensions;
+    const { fabricId: rootFabricId } = root.cert.subject;
+    if ("nodeId" in subject) {
+      throw new import_common.CertificateError(`Ica certificate must not contain a nodeId.`);
+    }
+    if (fabricId !== void 0) {
+      if (Array.isArray(fabricId)) {
+        throw new import_common.CertificateError(`Invalid fabricId in NoC certificate: ${import_general.Diagnostic.json(fabricId)}`);
+      }
+      if (fabricId === (0, import_types.FabricId)(0)) {
+        throw new import_common.CertificateError(`Invalid fabricId in NoC certificate: ${import_general.Diagnostic.json(fabricId)}`);
+      }
+    }
+    if (icacId === void 0 || Array.isArray(icacId)) {
+      throw new import_common.CertificateError(`Invalid icacId in Ica certificate: ${import_general.Diagnostic.json(icacId)}`);
+    }
+    if ("rcacId" in subject) {
+      throw new import_common.CertificateError(`Ica certificate must not contain an rcacId.`);
+    }
+    if ("caseAuthenticatedTags" in subject) {
+      throw new import_common.CertificateError(`Ica certificate must not contain a caseAuthenticatedTags.`);
+    }
+    if (rootFabricId !== void 0 && fabricId !== void 0 && rootFabricId !== fabricId) {
+      throw new import_common.CertificateError(
+        `FabricId in Ica certificate does not match the fabricId in the parent certificate. ${import_general.Diagnostic.json(
+          rootFabricId
+        )} !== ${import_general.Diagnostic.json(fabricId)}`
+      );
+    }
+    if (root.cert.subject.rcacId !== rcacId) {
+      throw new import_common.CertificateError(
+        `RcacId in Ica certificate does not match the rcacId in the parent certificate. ${import_general.Diagnostic.json(
+          root.cert.subject.rcacId
+        )} !== ${import_general.Diagnostic.json(rcacId)}`
+      );
+    }
+    if (!basicConstraints.isCa) {
+      throw new import_common.CertificateError(`Ica certificate must have isCa set to true.`);
+    }
+    const keyUsage = import_base.ExtensionKeyUsageSchema.encode(extensions.keyUsage);
+    if (keyUsage !== 96 && keyUsage !== 97) {
+      throw new import_common.CertificateError(
+        `Ica certificate keyUsage must have keyCertSign and CRLSign and optionally digitalSignature set.`
+      );
+    }
+    if (extendedKeyUsage !== void 0) {
+      throw new import_common.CertificateError(`Ica certificate must not have extendedKeyUsage set.`);
+    }
+    if (subjectKeyIdentifier === void 0) {
+      throw new import_common.CertificateError(`Ica certificate must have subjectKeyIdentifier set.`);
+    }
+    if (subjectKeyIdentifier.length !== 20) {
+      throw new import_common.CertificateError(`Ica certificate subjectKeyIdentifier must be 160 bit.`);
+    }
+    if (authorityKeyIdentifier === void 0) {
+      throw new import_common.CertificateError(`Ica certificate must have authorityKeyIdentifier set.`);
+    }
+    if (authorityKeyIdentifier.length !== 20) {
+      throw new import_common.CertificateError(`Ica certificate authorityKeyIdentifier must be 160 bit.`);
+    }
+    if (!import_general.Bytes.areEqual(authorityKeyIdentifier, root.cert.extensions.subjectKeyIdentifier)) {
+      throw new import_common.CertificateError(
+        `Ica certificate authorityKeyIdentifier must be equal to root cert subjectKeyIdentifier.`
+      );
+    }
+    await crypto.verifyEcdsa((0, import_general.PublicKey)(root.cert.ellipticCurvePublicKey), this.asUnsignedAsn1(), this.signature);
+  }
+}
+//# sourceMappingURL=Icac.js.map

package/dist/cjs/certificate/kinds/Icac.js.map ADDED Viewed

@@ -0,0 +1,6 @@
+{
+  "version": 3,
+  "sources": ["../../../../src/certificate/kinds/Icac.ts"],
+  "mappings": ";;;;;;;;;;;;;;;;;;AAAA;AAAA;AAAA;AAAA;AAAA;AAMA,qBAAqD;AACrD,mBAAyB;AACzB,oBAAiC;AACjC,kBAAwC;AACxC,yBAAuC;AACvC,6BAAgC;AAXhC;AAAA;AAAA;AAAA;AAAA;AAiBO,MAAM,aAAa,uCAA6C;AAAA;AAAA,EAEnE,OAAO,QAAQ,KAAuB;AAClC,WAAO,IAAI,KAAK,0CAAuB,QAAQ,OAAO,GAAG,CAAC;AAAA,EAC9D;AAAA;AAAA,EAGU,iBAAiB;AACvB,UAAM;AAAA,MACF,YAAY;AAAA,QACR,kBAAkB,EAAE,KAAK;AAAA,MAC7B;AAAA,IACJ,IAAI,KAAK;AACT,QAAI,CAAC,MAAM;AACP,YAAM,IAAI,+BAAiB,wCAAwC;AAAA,IACvE;AAAA,EACJ;AAAA;AAAA;AAAA;AAAA;AAAA,EAMA,cAAc;AACV,WAAO,0CAAuB,QAAQ,OAAO,EAAE,GAAG,KAAK,MAAM,WAAW,KAAK,UAAU,CAAC;AAAA,EAC5F;AAAA;AAAA;AAAA;AAAA;AAAA,EAMA,MAAM,OAAO,QAAgB,MAAY;AACrC,SAAK,cAAc;AAEnB,UAAM;AAAA,MACF;AAAA,MACA,QAAQ,EAAE,OAAO;AAAA,MACjB;AAAA,IACJ,IAAI,KAAK;AACT,UAAM,EAAE,UAAU,OAAO,IAAI;AAC7B,UAAM,EAAE,kBAAkB,kBAAkB,sBAAsB,uBAAuB,IAAI;AAE7F,UAAM,EAAE,UAAU,aAAa,IAAI,KAAK,KAAK;AAE7C,QAAI,YAAY,SAAS;AACrB,YAAM,IAAI,+BAAiB,4CAA4C;AAAA,IAC3E;AAGA,QAAI,aAAa,QAAW;AACxB,UAAI,MAAM,QAAQ,QAAQ,GAAG;AACzB,cAAM,IAAI,+BAAiB,wCAAwC,0BAAW,KAAK,QAAQ,CAAC,EAAE;AAAA,MAClG;AAEA,UAAI,iBAAa,uBAAS,CAAC,GAAG;AAC1B,cAAM,IAAI,+BAAiB,wCAAwC,0BAAW,KAAK,QAAQ,CAAC,EAAE;AAAA,MAClG;AAAA,IACJ;AAGA,QAAI,WAAW,UAAa,MAAM,QAAQ,MAAM,GAAG;AAC/C,YAAM,IAAI,+BAAiB,sCAAsC,0BAAW,KAAK,MAAM,CAAC,EAAE;AAAA,IAC9F;AAGA,QAAI,YAAY,SAAS;AACrB,YAAM,IAAI,+BAAiB,6CAA6C;AAAA,IAC5E;AAGA,QAAI,2BAA2B,SAAS;AACpC,YAAM,IAAI,+BAAiB,2DAA2D;AAAA,IAC1F;AAMA,QAAI,iBAAiB,UAAa,aAAa,UAAa,iBAAiB,UAAU;AACnF,YAAM,IAAI;AAAA,QACN,sFAAsF,0BAAW;AAAA,UAC7F;AAAA,QACJ,CAAC,QAAQ,0BAAW,KAAK,QAAQ,CAAC;AAAA,MACtC;AAAA,IACJ;AAGA,QAAI,KAAK,KAAK,QAAQ,WAAW,QAAQ;AACrC,YAAM,IAAI;AAAA,QACN,kFAAkF,0BAAW;AAAA,UACzF,KAAK,KAAK,QAAQ;AAAA,QACtB,CAAC,QAAQ,0BAAW,KAAK,MAAM,CAAC;AAAA,MACpC;AAAA,IACJ;AAGA,QAAI,CAAC,iBAAiB,MAAM;AACxB,YAAM,IAAI,+BAAiB,6CAA6C;AAAA,IAC5E;AAIA,UAAM,WAAW,oCAAwB,OAAO,WAAW,QAAQ;AACnE,QAAI,aAAa,MAAU,aAAa,IAAQ;AAC5C,YAAM,IAAI;AAAA,QACN;AAAA,MACJ;AAAA,IACJ;AAGA,QAAI,qBAAqB,QAAW;AAChC,YAAM,IAAI,+BAAiB,qDAAqD;AAAA,IACpF;AAGA,QAAI,yBAAyB,QAAW;AACpC,YAAM,IAAI,+BAAiB,qDAAqD;AAAA,IACpF;AACA,QAAI,qBAAqB,WAAW,IAAI;AACpC,YAAM,IAAI,+BAAiB,uDAAuD;AAAA,IACtF;AAGA,QAAI,2BAA2B,QAAW;AACtC,YAAM,IAAI,+BAAiB,uDAAuD;AAAA,IACtF;AACA,QAAI,uBAAuB,WAAW,IAAI;AACtC,YAAM,IAAI,+BAAiB,yDAAyD;AAAA,IACxF;AAGA,QAAI,CAAC,qBAAM,SAAS,wBAAwB,KAAK,KAAK,WAAW,oBAAoB,GAAG;AACpF,YAAM,IAAI;AAAA,QACN;AAAA,MACJ;AAAA,IACJ;AAEA,UAAM,OAAO,gBAAY,0BAAU,KAAK,KAAK,sBAAsB,GAAG,KAAK,eAAe,GAAG,KAAK,SAAS;AAAA,EAC/G;AACJ;",
+  "names": []
+}

package/dist/cjs/certificate/kinds/Noc.d.ts ADDED Viewed

@@ -0,0 +1,27 @@
+/**
+ * @license
+ * Copyright 2022-2025 Matter.js Authors
+ * SPDX-License-Identifier: Apache-2.0
+ */
+import { Crypto } from "#general";
+import { OperationalCertificate } from "./definitions/operational.js";
+import { Icac } from "./Icac.js";
+import { OperationalBase } from "./OperationalBase.js";
+import { Rcac } from "./Rcac.js";
+export declare class Noc extends OperationalBase<OperationalCertificate.Noc> {
+    /** Construct the class from a Tlv version of the certificate */
+    static fromTlv(tlv: Uint8Array): Noc;
+    /** Validates all basic certificate fields on construction. */
+    protected validateFields(): void;
+    /**
+     * Encodes the certificate with the signature as Matter Tlv.
+     * If the certificate is not signed, it throws a CertificateError.
+     */
+    asSignedTlv(): Uint8Array<ArrayBufferLike>;
+    /**
+     * Verify requirements a Matter Node Operational certificate must fulfill.
+     * Rules for this are listed in @see {@link MatterSpecification.v12.Core} §6.5.x
+     */
+    verify(crypto: Crypto, root: Rcac, ica?: Icac): Promise<void>;
+}
+//# sourceMappingURL=Noc.d.ts.map

package/dist/cjs/certificate/kinds/Noc.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"Noc.d.ts","sourceRoot":"","sources":["../../../../src/certificate/kinds/Noc.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH,OAAO,EAAS,MAAM,EAAyB,MAAM,UAAU,CAAC;AAGhE,OAAO,EAAE,sBAAsB,EAAE,MAAM,8BAA8B,CAAC;AACtE,OAAO,EAAE,IAAI,EAAE,MAAM,WAAW,CAAC;AACjC,OAAO,EAAE,eAAe,EAAE,MAAM,sBAAsB,CAAC;AACvD,OAAO,EAAE,IAAI,EAAE,MAAM,WAAW,CAAC;AAEjC,qBAAa,GAAI,SAAQ,eAAe,CAAC,sBAAsB,CAAC,GAAG,CAAC;IAChE,gEAAgE;IAChE,MAAM,CAAC,OAAO,CAAC,GAAG,EAAE,UAAU;IAI9B,8DAA8D;IAC9D,SAAS,CAAC,cAAc;IAexB;;;OAGG;IACH,WAAW;IAIX;;;OAGG;IACG,MAAM,CAAC,MAAM,EAAE,MAAM,EAAE,IAAI,EAAE,IAAI,EAAE,GAAG,CAAC,EAAE,IAAI;CAmHtD"}

package/dist/cjs/certificate/kinds/Noc.js ADDED Viewed

@@ -0,0 +1,148 @@
+"use strict";
+var __defProp = Object.defineProperty;
+var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
+var __getOwnPropNames = Object.getOwnPropertyNames;
+var __hasOwnProp = Object.prototype.hasOwnProperty;
+var __export = (target, all) => {
+  for (var name in all)
+    __defProp(target, name, { get: all[name], enumerable: true });
+};
+var __copyProps = (to, from, except, desc) => {
+  if (from && typeof from === "object" || typeof from === "function") {
+    for (let key of __getOwnPropNames(from))
+      if (!__hasOwnProp.call(to, key) && key !== except)
+        __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable });
+  }
+  return to;
+};
+var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
+var Noc_exports = {};
+__export(Noc_exports, {
+  Noc: () => Noc
+});
+module.exports = __toCommonJS(Noc_exports);
+var import_general = require("#general");
+var import_types = require("#types");
+var import_common = require("./common.js");
+var import_operational = require("./definitions/operational.js");
+var import_OperationalBase = require("./OperationalBase.js");
+/**
+ * @license
+ * Copyright 2022-2025 Matter.js Authors
+ * SPDX-License-Identifier: Apache-2.0
+ */
+class Noc extends import_OperationalBase.OperationalBase {
+  /** Construct the class from a Tlv version of the certificate */
+  static fromTlv(tlv) {
+    return new Noc(import_operational.OperationalCertificate.TlvNoc.decode(tlv));
+  }
+  /** Validates all basic certificate fields on construction. */
+  validateFields() {
+    const {
+      issuer: { icacId, rcacId },
+      extensions: {
+        basicConstraints: { isCa }
+      }
+    } = this.cert;
+    if (icacId === void 0 && rcacId === void 0) {
+      throw new import_common.CertificateError("Issuer RCAC or ICAC ID must be defined for an operational certificate.");
+    }
+    if (isCa) {
+      throw new import_common.CertificateError("Node operational certificate must not be a CA.");
+    }
+  }
+  /**
+   * Encodes the certificate with the signature as Matter Tlv.
+   * If the certificate is not signed, it throws a CertificateError.
+   */
+  asSignedTlv() {
+    return import_operational.OperationalCertificate.TlvNoc.encode({ ...this.cert, signature: this.signature });
+  }
+  /**
+   * Verify requirements a Matter Node Operational certificate must fulfill.
+   * Rules for this are listed in @see {@link MatterSpecification.v12.Core} §6.5.x
+   */
+  async verify(crypto, root, ica) {
+    this.generalVerify();
+    const {
+      subject,
+      extensions: { extendedKeyUsage, subjectKeyIdentifier, authorityKeyIdentifier }
+    } = this.cert;
+    const { nodeId, fabricId, caseAuthenticatedTags } = subject;
+    const {
+      subject: { fabricId: rootFabricId }
+    } = root.cert;
+    const {
+      subject: { fabricId: icaFabricId }
+    } = ica?.cert ?? { subject: {} };
+    if (nodeId === void 0 || Array.isArray(nodeId)) {
+      throw new import_common.CertificateError(`Invalid nodeId in NoC certificate: ${import_general.Diagnostic.json(nodeId)}`);
+    }
+    if (!import_types.NodeId.isOperationalNodeId(nodeId)) {
+      throw new import_common.CertificateError(`Invalid nodeId in NoC certificate: ${import_general.Diagnostic.json(nodeId)}`);
+    }
+    if (fabricId === void 0 || Array.isArray(fabricId)) {
+      throw new import_common.CertificateError(`Invalid fabricId in NoC certificate: ${import_general.Diagnostic.json(fabricId)}`);
+    }
+    if (fabricId === (0, import_types.FabricId)(0)) {
+      throw new import_common.CertificateError(`Invalid fabricId in NoC certificate: ${import_general.Diagnostic.json(fabricId)}`);
+    }
+    if ("icacId" in subject) {
+      throw new import_common.CertificateError(`Noc certificate must not contain an icacId.`);
+    }
+    if ("rcacId" in subject) {
+      throw new import_common.CertificateError(`Noc certificate must not contain an rcacId.`);
+    }
+    if (caseAuthenticatedTags !== void 0) {
+      import_types.CaseAuthenticatedTag.validateNocTagList(caseAuthenticatedTags);
+    }
+    if (rootFabricId !== void 0 && rootFabricId !== fabricId) {
+      throw new import_common.CertificateError(
+        `FabricId in NoC certificate does not match the fabricId in the parent certificate. ${import_general.Diagnostic.json(
+          rootFabricId
+        )} !== ${import_general.Diagnostic.json(fabricId)}`
+      );
+    }
+    if (icaFabricId !== void 0 && icaFabricId !== fabricId) {
+      throw new import_common.CertificateError(
+        `FabricId in NoC certificate does not match the fabricId in the parent certificate. ${import_general.Diagnostic.json(
+          icaFabricId
+        )} !== ${import_general.Diagnostic.json(fabricId)}`
+      );
+    }
+    if (this.cert.extensions.basicConstraints.isCa) {
+      throw new import_common.CertificateError(`Noc certificate must not have isCa set to true.`);
+    }
+    if (!this.cert.extensions.keyUsage.digitalSignature) {
+      throw new import_common.CertificateError(`Noc certificate must have keyUsage set to digitalSignature.`);
+    }
+    if (extendedKeyUsage === void 0 || !extendedKeyUsage.includes(1) && !extendedKeyUsage.includes(2)) {
+      throw new import_common.CertificateError(
+        `Noc certificate must have extendedKeyUsage with serverAuth and clientAuth: ${import_general.Diagnostic.json(extendedKeyUsage)}`
+      );
+    }
+    if (subjectKeyIdentifier === void 0) {
+      throw new import_common.CertificateError(`Noc certificate must have subjectKeyIdentifier set.`);
+    }
+    if (subjectKeyIdentifier.length !== 20) {
+      throw new import_common.CertificateError(`Noc certificate subjectKeyIdentifier must be 160 bit.`);
+    }
+    if (authorityKeyIdentifier === void 0) {
+      throw new import_common.CertificateError(`Noc certificate must have authorityKeyIdentifier set.`);
+    }
+    if (authorityKeyIdentifier.length !== 20) {
+      throw new import_common.CertificateError(`Noc certificate authorityKeyIdentifier must be 160 bit.`);
+    }
+    if (!import_general.Bytes.areEqual(authorityKeyIdentifier, (ica?.cert ?? root.cert).extensions.subjectKeyIdentifier)) {
+      throw new import_common.CertificateError(
+        `Noc certificate authorityKeyIdentifier must be equal to Root/Ica subjectKeyIdentifier.`
+      );
+    }
+    await crypto.verifyEcdsa(
+      (0, import_general.PublicKey)((ica?.cert ?? root.cert).ellipticCurvePublicKey),
+      this.asUnsignedAsn1(),
+      this.signature
+    );
+  }
+}
+//# sourceMappingURL=Noc.js.map

package/dist/cjs/certificate/kinds/Noc.js.map ADDED Viewed

@@ -0,0 +1,6 @@
+{
+  "version": 3,
+  "sources": ["../../../../src/certificate/kinds/Noc.ts"],
+  "mappings": ";;;;;;;;;;;;;;;;;;AAAA;AAAA;AAAA;AAAA;AAAA;AAMA,qBAAqD;AACrD,mBAAuD;AACvD,oBAAiC;AACjC,yBAAuC;AAEvC,6BAAgC;AAXhC;AAAA;AAAA;AAAA;AAAA;AAcO,MAAM,YAAY,uCAA4C;AAAA;AAAA,EAEjE,OAAO,QAAQ,KAAiB;AAC5B,WAAO,IAAI,IAAI,0CAAuB,OAAO,OAAO,GAAG,CAAC;AAAA,EAC5D;AAAA;AAAA,EAGU,iBAAiB;AACvB,UAAM;AAAA,MACF,QAAQ,EAAE,QAAQ,OAAO;AAAA,MACzB,YAAY;AAAA,QACR,kBAAkB,EAAE,KAAK;AAAA,MAC7B;AAAA,IACJ,IAAI,KAAK;AACT,QAAI,WAAW,UAAa,WAAW,QAAW;AAC9C,YAAM,IAAI,+BAAiB,wEAAwE;AAAA,IACvG;AACA,QAAI,MAAM;AACN,YAAM,IAAI,+BAAiB,gDAAgD;AAAA,IAC/E;AAAA,EACJ;AAAA;AAAA;AAAA;AAAA;AAAA,EAMA,cAAc;AACV,WAAO,0CAAuB,OAAO,OAAO,EAAE,GAAG,KAAK,MAAM,WAAW,KAAK,UAAU,CAAC;AAAA,EAC3F;AAAA;AAAA;AAAA;AAAA;AAAA,EAMA,MAAM,OAAO,QAAgB,MAAY,KAAY;AACjD,SAAK,cAAc;AAEnB,UAAM;AAAA,MACF;AAAA,MACA,YAAY,EAAE,kBAAkB,sBAAsB,uBAAuB;AAAA,IACjF,IAAI,KAAK;AACT,UAAM,EAAE,QAAQ,UAAU,sBAAsB,IAAI;AACpD,UAAM;AAAA,MACF,SAAS,EAAE,UAAU,aAAa;AAAA,IACtC,IAAI,KAAK;AACT,UAAM;AAAA,MACF,SAAS,EAAE,UAAU,YAAY;AAAA,IACrC,IAAI,KAAK,QAAQ,EAAE,SAAS,CAAC,EAAE;AAG/B,QAAI,WAAW,UAAa,MAAM,QAAQ,MAAM,GAAG;AAC/C,YAAM,IAAI,+BAAiB,sCAAsC,0BAAW,KAAK,MAAM,CAAC,EAAE;AAAA,IAC9F;AAEA,QAAI,CAAC,oBAAO,oBAAoB,MAAM,GAAG;AACrC,YAAM,IAAI,+BAAiB,sCAAsC,0BAAW,KAAK,MAAM,CAAC,EAAE;AAAA,IAC9F;AAGA,QAAI,aAAa,UAAa,MAAM,QAAQ,QAAQ,GAAG;AACnD,YAAM,IAAI,+BAAiB,wCAAwC,0BAAW,KAAK,QAAQ,CAAC,EAAE;AAAA,IAClG;AAEA,QAAI,iBAAa,uBAAS,CAAC,GAAG;AAC1B,YAAM,IAAI,+BAAiB,wCAAwC,0BAAW,KAAK,QAAQ,CAAC,EAAE;AAAA,IAClG;AAGA,QAAI,YAAY,SAAS;AACrB,YAAM,IAAI,+BAAiB,6CAA6C;AAAA,IAC5E;AAGA,QAAI,YAAY,SAAS;AACrB,YAAM,IAAI,+BAAiB,6CAA6C;AAAA,IAC5E;AAGA,QAAI,0BAA0B,QAAW;AACrC,wCAAqB,mBAAmB,qBAAqB;AAAA,IACjE;AAKA,QAAI,iBAAiB,UAAa,iBAAiB,UAAU;AACzD,YAAM,IAAI;AAAA,QACN,sFAAsF,0BAAW;AAAA,UAC7F;AAAA,QACJ,CAAC,QAAQ,0BAAW,KAAK,QAAQ,CAAC;AAAA,MACtC;AAAA,IACJ;AACA,QAAI,gBAAgB,UAAa,gBAAgB,UAAU;AACvD,YAAM,IAAI;AAAA,QACN,sFAAsF,0BAAW;AAAA,UAC7F;AAAA,QACJ,CAAC,QAAQ,0BAAW,KAAK,QAAQ,CAAC;AAAA,MACtC;AAAA,IACJ;AAGA,QAAI,KAAK,KAAK,WAAW,iBAAiB,MAAM;AAC5C,YAAM,IAAI,+BAAiB,iDAAiD;AAAA,IAChF;AAMA,QAAI,CAAC,KAAK,KAAK,WAAW,SAAS,kBAAkB;AACjD,YAAM,IAAI,+BAAiB,6DAA6D;AAAA,IAC5F;AAGA,QAAI,qBAAqB,UAAc,CAAC,iBAAiB,SAAS,CAAC,KAAK,CAAC,iBAAiB,SAAS,CAAC,GAAI;AACpG,YAAM,IAAI;AAAA,QACN,8EAA8E,0BAAW,KAAK,gBAAgB,CAAC;AAAA,MACnH;AAAA,IACJ;AAGA,QAAI,yBAAyB,QAAW;AACpC,YAAM,IAAI,+BAAiB,qDAAqD;AAAA,IACpF;AACA,QAAI,qBAAqB,WAAW,IAAI;AACpC,YAAM,IAAI,+BAAiB,uDAAuD;AAAA,IACtF;AAGA,QAAI,2BAA2B,QAAW;AACtC,YAAM,IAAI,+BAAiB,uDAAuD;AAAA,IACtF;AACA,QAAI,uBAAuB,WAAW,IAAI;AACtC,YAAM,IAAI,+BAAiB,yDAAyD;AAAA,IACxF;AAGA,QAAI,CAAC,qBAAM,SAAS,yBAAyB,KAAK,QAAQ,KAAK,MAAM,WAAW,oBAAoB,GAAG;AACnG,YAAM,IAAI;AAAA,QACN;AAAA,MACJ;AAAA,IACJ;AAEA,UAAM,OAAO;AAAA,UACT,2BAAW,KAAK,QAAQ,KAAK,MAAM,sBAAsB;AAAA,MACzD,KAAK,eAAe;AAAA,MACpB,KAAK;AAAA,IACT;AAAA,EACJ;AACJ;",
+  "names": []
+}

package/dist/cjs/certificate/kinds/OperationalBase.d.ts ADDED Viewed

@@ -0,0 +1,24 @@
+/**
+ * @license
+ * Copyright 2022-2025 Matter.js Authors
+ * SPDX-License-Identifier: Apache-2.0
+ */
+import { X509Base } from "./X509Base.js";
+import { Unsigned } from "./common.js";
+import { X509Certificate } from "./definitions/base.js";
+/**
+ * Base class for all operational certificates (RCAC, ICAC, NOC)
+ */
+export declare abstract class OperationalBase<CT extends X509Certificate> extends X509Base<CT> {
+    constructor(cert: CT | Unsigned<CT>);
+    /** Validates all basic certificate fields on construction. */
+    protected abstract validateFields(): void;
+    /** Encodes the signed certificate into the Matter TLV format. */
+    abstract asSignedTlv(signature: Uint8Array<ArrayBufferLike>): Uint8Array;
+    /**
+     * Verifies general requirements a Matter certificate fields must fulfill.
+     * Rules for this are listed in @see {@link MatterSpecification.v12.Core} §6.5.x
+     */
+    generalVerify(): void;
+}
+//# sourceMappingURL=OperationalBase.d.ts.map

package/dist/cjs/certificate/kinds/OperationalBase.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"OperationalBase.d.ts","sourceRoot":"","sources":["../../../../src/certificate/kinds/OperationalBase.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAGH,OAAO,EAAE,QAAQ,EAAE,MAAM,eAAe,CAAC;AACzC,OAAO,EAAoB,QAAQ,EAAE,MAAM,aAAa,CAAC;AACzD,OAAO,EAAE,eAAe,EAAE,MAAM,uBAAuB,CAAC;AAIxD;;GAEG;AACH,8BAAsB,eAAe,CAAC,EAAE,SAAS,eAAe,CAAE,SAAQ,QAAQ,CAAC,EAAE,CAAC;gBACtE,IAAI,EAAE,EAAE,GAAG,QAAQ,CAAC,EAAE,CAAC;IAKnC,8DAA8D;IAC9D,SAAS,CAAC,QAAQ,CAAC,cAAc,IAAI,IAAI;IAEzC,iEAAiE;IACjE,QAAQ,CAAC,WAAW,CAAC,SAAS,EAAE,UAAU,CAAC,eAAe,CAAC,GAAG,UAAU;IAExE;;;OAGG;IACH,aAAa;CAuChB"}

package/dist/cjs/certificate/kinds/OperationalBase.js ADDED Viewed

@@ -0,0 +1,68 @@
+"use strict";
+var __defProp = Object.defineProperty;
+var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
+var __getOwnPropNames = Object.getOwnPropertyNames;
+var __hasOwnProp = Object.prototype.hasOwnProperty;
+var __export = (target, all) => {
+  for (var name in all)
+    __defProp(target, name, { get: all[name], enumerable: true });
+};
+var __copyProps = (to, from, except, desc) => {
+  if (from && typeof from === "object" || typeof from === "function") {
+    for (let key of __getOwnPropNames(from))
+      if (!__hasOwnProp.call(to, key) && key !== except)
+        __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable });
+  }
+  return to;
+};
+var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
+var OperationalBase_exports = {};
+__export(OperationalBase_exports, {
+  OperationalBase: () => OperationalBase
+});
+module.exports = __toCommonJS(OperationalBase_exports);
+var import_general = require("#general");
+var import_X509Base = require("./X509Base.js");
+var import_common = require("./common.js");
+/**
+ * @license
+ * Copyright 2022-2025 Matter.js Authors
+ * SPDX-License-Identifier: Apache-2.0
+ */
+const logger = import_general.Logger.get("OperationalBaseCertificate");
+class OperationalBase extends import_X509Base.X509Base {
+  constructor(cert) {
+    super(cert);
+    this.validateFields();
+  }
+  /**
+   * Verifies general requirements a Matter certificate fields must fulfill.
+   * Rules for this are listed in @see {@link MatterSpecification.v12.Core} §6.5.x
+   */
+  generalVerify() {
+    const cert = this.cert;
+    if (cert.serialNumber.length > 20)
+      throw new import_common.CertificateError(
+        `Serial number must not be longer then 20 octets. Current serial number has ${cert.serialNumber.length} octets.`
+      );
+    if (cert.signatureAlgorithm !== 1) {
+      throw new import_common.CertificateError(`Unsupported signature algorithm: ${cert.signatureAlgorithm}`);
+    }
+    if (cert.publicKeyAlgorithm !== 1) {
+      throw new import_common.CertificateError(`Unsupported public key algorithm: ${cert.publicKeyAlgorithm}`);
+    }
+    if (cert.ellipticCurveIdentifier !== 1) {
+      throw new import_common.CertificateError(`Unsupported elliptic curve identifier: ${cert.ellipticCurveIdentifier}`);
+    }
+    if (Object.keys(cert.subject).length > 5) {
+      throw new import_common.CertificateError(`Certificate subject must not contain more than 5 RDNs.`);
+    }
+    if (Object.keys(cert.issuer).length > 5) {
+      throw new import_common.CertificateError(`Certificate issuer must not contain more than 5 RDNs.`);
+    }
+    if (cert.notBefore * 1e3 > import_general.Time.nowMs()) {
+      logger.warn(`Certificate notBefore date is in the future: ${cert.notBefore * 1e3} vs ${import_general.Time.nowMs()}`);
+    }
+  }
+}
+//# sourceMappingURL=OperationalBase.js.map

package/dist/cjs/certificate/kinds/OperationalBase.js.map ADDED Viewed

@@ -0,0 +1,6 @@
+{
+  "version": 3,
+  "sources": ["../../../../src/certificate/kinds/OperationalBase.ts"],
+  "mappings": ";;;;;;;;;;;;;;;;;;AAAA;AAAA;AAAA;AAAA;AAAA;AAMA,qBAA6B;AAC7B,sBAAyB;AACzB,oBAA2C;AAR3C;AAAA;AAAA;AAAA;AAAA;AAWA,MAAM,SAAS,sBAAO,IAAI,4BAA4B;AAK/C,MAAe,wBAAoD,yBAAa;AAAA,EACnF,YAAY,MAAyB;AACjC,UAAM,IAAI;AACV,SAAK,eAAe;AAAA,EACxB;AAAA;AAAA;AAAA;AAAA;AAAA,EAYA,gBAAgB;AACZ,UAAM,OAAO,KAAK;AAClB,QAAI,KAAK,aAAa,SAAS;AAC3B,YAAM,IAAI;AAAA,QACN,8EAA8E,KAAK,aAAa,MAAM;AAAA,MAC1G;AAEJ,QAAI,KAAK,uBAAuB,GAAG;AAE/B,YAAM,IAAI,+BAAiB,oCAAoC,KAAK,kBAAkB,EAAE;AAAA,IAC5F;AAEA,QAAI,KAAK,uBAAuB,GAAG;AAE/B,YAAM,IAAI,+BAAiB,qCAAqC,KAAK,kBAAkB,EAAE;AAAA,IAC7F;AAEA,QAAI,KAAK,4BAA4B,GAAG;AAEpC,YAAM,IAAI,+BAAiB,0CAA0C,KAAK,uBAAuB,EAAE;AAAA,IACvG;AAGA,QAAI,OAAO,KAAK,KAAK,OAAO,EAAE,SAAS,GAAG;AACtC,YAAM,IAAI,+BAAiB,wDAAwD;AAAA,IACvF;AACA,QAAI,OAAO,KAAK,KAAK,MAAM,EAAE,SAAS,GAAG;AACrC,YAAM,IAAI,+BAAiB,uDAAuD;AAAA,IACtF;AAIA,QAAI,KAAK,YAAY,MAAO,oBAAK,MAAM,GAAG;AACtC,aAAO,KAAK,gDAAgD,KAAK,YAAY,GAAI,OAAO,oBAAK,MAAM,CAAC,EAAE;AAAA,IAI1G;AAAA,EACJ;AACJ;",
+  "names": []
+}

package/dist/cjs/certificate/kinds/Rcac.d.ts ADDED Viewed

@@ -0,0 +1,25 @@
+/**
+ * @license
+ * Copyright 2022-2025 Matter.js Authors
+ * SPDX-License-Identifier: Apache-2.0
+ */
+import { Crypto } from "#general";
+import { OperationalCertificate } from "./definitions/operational.js";
+import { OperationalBase } from "./OperationalBase.js";
+export declare class Rcac extends OperationalBase<OperationalCertificate.Rcac> {
+    /** Construct the class from a Tlv version of the certificate */
+    static fromTlv(tlv: Uint8Array): Rcac;
+    /** Validates all basic certificate fields on construction. */
+    protected validateFields(): void;
+    /**
+     * Encodes the certificate with the signature as Matter Tlv.
+     * If the certificate is not signed, it throws a CertificateError.
+     */
+    asSignedTlv(): Uint8Array<ArrayBufferLike>;
+    /**
+     * Verify requirements a Matter Root certificate must fulfill.
+     * Rules for this are listed in @see {@link MatterSpecification.v12.Core} §6.5.x
+     */
+    verify(crypto: Crypto): Promise<void>;
+}
+//# sourceMappingURL=Rcac.d.ts.map

package/dist/cjs/certificate/kinds/Rcac.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"Rcac.d.ts","sourceRoot":"","sources":["../../../../src/certificate/kinds/Rcac.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH,OAAO,EAAS,MAAM,EAAyB,MAAM,UAAU,CAAC;AAIhE,OAAO,EAAE,sBAAsB,EAAE,MAAM,8BAA8B,CAAC;AACtE,OAAO,EAAE,eAAe,EAAE,MAAM,sBAAsB,CAAC;AAEvD,qBAAa,IAAK,SAAQ,eAAe,CAAC,sBAAsB,CAAC,IAAI,CAAC;IAClE,gEAAgE;IAChE,MAAM,CAAC,OAAO,CAAC,GAAG,EAAE,UAAU,GAAG,IAAI;IAIrC,8DAA8D;IAC9D,SAAS,CAAC,cAAc;IAWxB;;;OAGG;IACH,WAAW;IAIX;;;OAGG;IACG,MAAM,CAAC,MAAM,EAAE,MAAM;CAkF9B"}