@motebit/crypto-appattest 1.0.0

package/dist/verify.js

@@ -0,0 +1,536 @@
+/**
+ * App Attest receipt verifier — the core judgment function this
+ * package exports.
+ *
+ * Flow (matches Apple's published verification recipe for App Attest,
+ * plus the motebit-specific identity-key binding step):
+ *
+ *   1. Split the receipt into (attestationObjectBase64,
+ *      keyIdBase64, clientDataHashBase64).
+ *   2. CBOR-decode the attestation object to {fmt, attStmt:{x5c,
+ *      receipt}, authData}. Assert fmt === "apple-appattest".
+ *   3. Parse leaf + intermediate as X.509. Walk the chain from leaf to
+ *      a self-signed root and verify every signature, every CA bit,
+ *      every validity window. The terminal cert's DER must equal the
+ *      pinned Apple App Attest root.
+ *   4. Extract OID `1.2.840.113635.100.8.2` from the leaf's
+ *      extensions. Assert its payload equals SHA256(authData ||
+ *      clientDataHash) where clientDataHash is the transmitted hash.
+ *      (In App Attest parlance: the "nonce" binding.)
+ *   5. Parse authData (WebAuthn format). First 32 bytes is
+ *      `rpIdHash`; assert it equals SHA256(bundleId). (The "bundle"
+ *      binding.)
+ *   6. Reconstruct the JCS-canonical attestation body from
+ *      (motebit_id, device_id, identity_public_key, attested_at) the
+ *      caller supplies, SHA-256 it, and byte-compare against the
+ *      transmitted `clientDataHash`. This is the cross-stack binding
+ *      — without it, every other step would prove only that *some*
+ *      Apple-attested iOS device did something, not that the Ed25519
+ *      key the credential subject claims is actually on that device.
+ *
+ * Apple's own inner `receipt` field is NOT verified here — that
+ * requires Apple's server-side refresh endpoint and is out of scope
+ * for v1. The outer chain + nonce binding + bundle binding + motebit
+ * identity binding is enough for third-party self-verification of
+ * device-attested identity.
+ */
+import * as x509 from "@peculiar/x509";
+import { APPLE_APPATTEST_FMT, APPLE_APPATTEST_ROOT_PEM } from "./apple-root.js";
+import { parseAppAttestCbor } from "./cbor.js";
+/** OID for Apple's nonce-binding extension inside the App Attest leaf. */
+const APPLE_NONCE_EXTENSION_OID = "1.2.840.113635.100.8.2";
+/** OID for X.509 basic-constraints extension — carries the CA bit. */
+const BASIC_CONSTRAINTS_OID = "2.5.29.19";
+/**
+ * Apple App Attest attestation verifier.
+ *
+ * Pure. No network. No filesystem. Deterministic given `now()`.
+ *
+ * `claim` is the `HardwareAttestationClaim` as carried inside the
+ * motebit AgentTrustCredential. For App Attest, the
+ * `attestation_receipt` field is expected to be three base64url
+ * segments separated by `.`:
+ *
+ *   `{attestationObjectB64}.{keyIdB64}.{clientDataHashB64}`
+ *
+ * The mobile mint path constructs this shape; see
+ * `apps/mobile/src/mint-hardware-credential.ts`.
+ */
+export async function verifyAppAttestReceipt(claim, opts) {
+    const errors = [];
+    let cert_chain_valid = false;
+    let nonce_bound = false;
+    let bundle_bound = false;
+    let identity_bound = false;
+    if (!claim.attestation_receipt) {
+        errors.push({ message: "device_check claim missing `attestation_receipt`" });
+        return fail(errors);
+    }
+    const parts = claim.attestation_receipt.split(".");
+    if (parts.length !== 3) {
+        errors.push({
+            message: `attestation_receipt must be 3 base64url parts (attObj.keyId.clientDataHash); got ${parts.length}`,
+        });
+        return fail(errors);
+    }
+    const [attObjB64, _keyIdB64, clientDataHashB64] = parts;
+    let attestationObjectBytes;
+    let clientDataHashBytes;
+    try {
+        attestationObjectBytes = fromBase64Url(attObjB64);
+        clientDataHashBytes = fromBase64Url(clientDataHashB64);
+    }
+    catch (err) {
+        errors.push({ message: `base64url decode failed: ${messageOf(err)}` });
+        return fail(errors);
+    }
+    let cbor;
+    try {
+        cbor = parseAppAttestCbor(attestationObjectBytes);
+    }
+    catch (err) {
+        errors.push({ message: `CBOR decode: ${messageOf(err)}` });
+        return fail(errors);
+    }
+    const expectedFmt = opts.expectedFmt ?? APPLE_APPATTEST_FMT;
+    if (cbor.fmt !== expectedFmt) {
+        errors.push({ message: `attestation fmt is \`${cbor.fmt}\`; expected \`${expectedFmt}\`` });
+        return fail(errors);
+    }
+    if (cbor.x5c.length < 2) {
+        errors.push({
+            message: `x5c must carry at least [leaf, intermediate]; got ${cbor.x5c.length}`,
+        });
+        return fail(errors);
+    }
+    // ── Step 3: chain verify leaf → intermediate → pinned Apple root ──
+    // Walk the chain, enforce CA constraints on every non-leaf, verify
+    // every signature, and assert the terminal cert is self-signed and
+    // byte-equal to the pinned root's DER.
+    let leafCert;
+    let intermediateCert;
+    let rootCert;
+    try {
+        leafCert = new x509.X509Certificate(toArrayBuffer(cbor.x5c[0]));
+        intermediateCert = new x509.X509Certificate(toArrayBuffer(cbor.x5c[1]));
+        rootCert = new x509.X509Certificate(opts.rootPem ?? APPLE_APPATTEST_ROOT_PEM);
+    }
+    catch (err) {
+        errors.push({ message: `x509 parse: ${messageOf(err)}` });
+        return fail(errors);
+    }
+    const nowDate = new Date(opts.now ? opts.now() : Date.now());
+    try {
+        const chainResult = await verifyCertChain({
+            leaf: leafCert,
+            intermediate: intermediateCert,
+            root: rootCert,
+            nowDate,
+        });
+        cert_chain_valid = chainResult.valid;
+        if (!cert_chain_valid) {
+            errors.push({ message: chainResult.reason });
+        }
+    }
+    catch (err) {
+        errors.push({ message: `chain verify crashed: ${messageOf(err)}` });
+        return fail(errors, { cert_chain_valid, nonce_bound, bundle_bound, identity_bound });
+    }
+    // ── Step 4: nonce binding ──
+    // The leaf carries OID 1.2.840.113635.100.8.2 whose value (after
+    // OCTET STRING unwrapping) is SHA256(authData || clientDataHash).
+    try {
+        const nonceExt = leafCert.getExtension(APPLE_NONCE_EXTENSION_OID);
+        if (!nonceExt) {
+            errors.push({
+                message: `leaf missing Apple nonce extension OID ${APPLE_NONCE_EXTENSION_OID}`,
+            });
+        }
+        else {
+            // `Extension.value` is the DER-encoded extension value — the inner
+            // bytes from the `OCTET STRING` wrapper of the Extension struct.
+            // Apple's payload sits one more level deep: `SEQUENCE { [1] EXPLICIT OCTET STRING }`.
+            const nonceFromExt = extractAppleNoncePayload(new Uint8Array(nonceExt.value));
+            const nonceExpected = await sha256Concat(cbor.authData, clientDataHashBytes);
+            if (bytesEq(nonceFromExt, nonceExpected)) {
+                nonce_bound = true;
+            }
+            else {
+                errors.push({
+                    message: "Apple nonce extension payload does not equal SHA256(authData || clientDataHash)",
+                });
+            }
+        }
+    }
+    catch (err) {
+        errors.push({ message: `nonce extension parse: ${messageOf(err)}` });
+    }
+    // ── Step 5: bundle binding ──
+    // authData layout (WebAuthn): first 32 bytes are rpIdHash. For App
+    // Attest, rpIdHash = SHA256(bundleId).
+    try {
+        if (cbor.authData.length < 32) {
+            errors.push({ message: `authData shorter than 32 bytes (got ${cbor.authData.length})` });
+        }
+        else {
+            const rpIdHash = cbor.authData.subarray(0, 32);
+            const expected = await sha256Bytes(new TextEncoder().encode(opts.expectedBundleId));
+            if (bytesEq(rpIdHash, expected)) {
+                bundle_bound = true;
+            }
+            else {
+                errors.push({
+                    message: `authData.rpIdHash does not equal SHA256("${opts.expectedBundleId}")`,
+                });
+            }
+        }
+    }
+    catch (err) {
+        errors.push({ message: `bundle check crashed: ${messageOf(err)}` });
+    }
+    // ── Step 6: motebit identity-key binding ──
+    // Reconstruct the JCS-canonical attestation body the Swift mint path
+    // signed (byte-identical to the string assembled in
+    // `apps/mobile/modules/expo-app-attest/ios/ExpoAppAttestModule.swift`
+    // `CanonicalBody.encode`), SHA-256 it, and byte-compare against
+    // `clientDataHashBytes`. A malicious native client that substitutes
+    // any other body — including one naming a different Ed25519 key,
+    // motebit_id, device_id, or timestamp — produces a different hash
+    // and fails here.
+    try {
+        if (typeof opts.expectedIdentityPublicKeyHex !== "string" ||
+            opts.expectedIdentityPublicKeyHex.length === 0) {
+            errors.push({
+                message: "identity_bound: expectedIdentityPublicKeyHex not supplied",
+            });
+        }
+        else if (typeof opts.expectedMotebitId !== "string" || opts.expectedMotebitId.length === 0) {
+            errors.push({
+                message: "identity_bound: expectedMotebitId not supplied (required for body re-derivation)",
+            });
+        }
+        else if (typeof opts.expectedDeviceId !== "string" || opts.expectedDeviceId.length === 0) {
+            errors.push({
+                message: "identity_bound: expectedDeviceId not supplied (required for body re-derivation)",
+            });
+        }
+        else if (typeof opts.expectedAttestedAt !== "number" ||
+            !Number.isFinite(opts.expectedAttestedAt)) {
+            errors.push({
+                message: "identity_bound: expectedAttestedAt not supplied (required for body re-derivation)",
+            });
+        }
+        else {
+            const canonicalBody = buildCanonicalAttestationBody({
+                attested_at: opts.expectedAttestedAt,
+                device_id: opts.expectedDeviceId,
+                identity_public_key: opts.expectedIdentityPublicKeyHex.toLowerCase(),
+                motebit_id: opts.expectedMotebitId,
+            });
+            const derived = await sha256Bytes(new TextEncoder().encode(canonicalBody));
+            if (bytesEq(derived, clientDataHashBytes)) {
+                identity_bound = true;
+            }
+            else {
+                errors.push({
+                    message: "identity_bound: reconstructed SHA256(canonical body) does not equal transmitted clientDataHash — body naming the caller's identity was not the body Apple signed over",
+                });
+            }
+        }
+    }
+    catch (err) {
+        errors.push({ message: `identity binding crashed: ${messageOf(err)}` });
+    }
+    return {
+        valid: cert_chain_valid && nonce_bound && bundle_bound && identity_bound,
+        cert_chain_valid,
+        nonce_bound,
+        bundle_bound,
+        identity_bound,
+        errors,
+    };
+}
+// ── Helpers ──────────────────────────────────────────────────────────
+function fail(errors, partial) {
+    return {
+        valid: false,
+        cert_chain_valid: partial?.cert_chain_valid ?? false,
+        nonce_bound: partial?.nonce_bound ?? false,
+        bundle_bound: partial?.bundle_bound ?? false,
+        identity_bound: partial?.identity_bound ?? false,
+        errors,
+    };
+}
+function messageOf(err) {
+    return err instanceof Error ? err.message : String(err);
+}
+async function sha256Bytes(data) {
+    const buf = await globalThis.crypto.subtle.digest("SHA-256", data);
+    return new Uint8Array(buf);
+}
+async function sha256Concat(a, b) {
+    const out = new Uint8Array(a.length + b.length);
+    out.set(a, 0);
+    out.set(b, a.length);
+    return sha256Bytes(out);
+}
+function bytesEq(a, b) {
+    if (a.length !== b.length)
+        return false;
+    for (let i = 0; i < a.length; i++)
+        if (a[i] !== b[i])
+            return false;
+    return true;
+}
+/**
+ * Build the App Attest chain from the three supplied certs, then
+ * assert every link, validity window, CA constraint, and the terminal
+ * root-DER match. Mirrors what `@peculiar/x509`'s `X509ChainBuilder`
+ * offers (chain construction by issuer/subject matching) plus the
+ * motebit-specific invariants the pinned-root model requires.
+ *
+ * Invariants asserted:
+ *   1. `X509ChainBuilder.build(leaf)` finds a complete chain terminating
+ *      at a self-signed cert using only the three supplied certs.
+ *   2. The chain's terminal cert's DER equals the pinned root's DER —
+ *      the pinned cert is the only acceptable trust anchor.
+ *   3. Every non-leaf cert in the chain carries
+ *      `basicConstraints.cA === true`. A misissued leaf presented as an
+ *      intermediate (no CA bit) fails here even if its signature chains.
+ *   4. Every cert's signature verifies under its issuer's public key.
+ *   5. Every cert is within its validity window at `nowDate`.
+ */
+async function verifyCertChain(input) {
+    const { leaf, intermediate, root, nowDate } = input;
+    // Use @peculiar/x509's chain builder with the three candidate certs.
+    // It walks issuer→subject links and returns a chain terminating at
+    // a self-signed cert (or the best anchor it can find within the
+    // supplied pool).
+    const builder = new x509.X509ChainBuilder({
+        certificates: [leaf, intermediate, root],
+    });
+    // `builder.build(leaf)` walks issuer→subject links in the supplied
+    // pool and returns the longest chain it can construct starting from
+    // the leaf. Exceptions escape to the outer `verify.ts` catch, which
+    // funnels them into the structured error result — so we don't need a
+    // local try/catch here.
+    const chain = await builder.build(leaf);
+    // Terminal cert must be self-signed AND byte-equal to the pinned root
+    // DER. The self-signed check catches a chain that accidentally
+    // terminates at an intermediate (chain too short to reach a root, or
+    // a leaf mis-labelled as its own issuer); the DER-equality check
+    // catches a chain rooted at a different self-signed anchor the
+    // attacker owns.
+    const terminal = chain[chain.length - 1];
+    const terminalSelfSigned = await terminal.isSelfSigned();
+    if (!terminalSelfSigned) {
+        return {
+            valid: false,
+            reason: "chain does not terminate at a self-signed root",
+        };
+    }
+    if (!bytesEq(new Uint8Array(terminal.rawData), new Uint8Array(root.rawData))) {
+        return {
+            valid: false,
+            reason: "chain terminal cert DER does not match the pinned root",
+        };
+    }
+    // Verify every link: signature, validity, and (for non-leaves) CA
+    // constraint. `chain[0]` is the leaf; `chain[i+1]` issues `chain[i]`.
+    for (let i = 0; i < chain.length; i++) {
+        const cert = chain[i];
+        if (nowDate < cert.notBefore || nowDate > cert.notAfter) {
+            return {
+                valid: false,
+                reason: `cert at chain position ${i} is outside its validity window at ${nowDate.toISOString()}`,
+            };
+        }
+        const isLeaf = i === 0;
+        if (!isLeaf && !certHasCaTrue(cert)) {
+            return {
+                valid: false,
+                reason: `cert at chain position ${i} lacks basicConstraints.cA=true (CA constraint not enforced)`,
+            };
+        }
+        // Signature: non-terminal certs are signed by chain[i+1]; terminal
+        // cert is self-signed (issuer === subject, verified against its
+        // own public key). Verification crashes bubble up to the outer
+        // catch.
+        const issuer = i === chain.length - 1 ? cert : chain[i + 1];
+        const sigOk = await cert.verify({ publicKey: issuer.publicKey, date: nowDate });
+        if (!sigOk) {
+            return {
+                valid: false,
+                reason: `cert at chain position ${i} signature did not verify under its issuer's public key`,
+            };
+        }
+    }
+    // The supplied intermediate must appear in the built chain — if the
+    // builder routed around it (leaf mis-labelled as its own issuer, or
+    // pool somehow resolved a different intermediate), the pinned-root
+    // DER check above will already have caught the divergence. Sanity
+    // check dropped as redundant.
+    void intermediate; // explicit: the value is used only as a pool input.
+    return { valid: true, reason: "ok" };
+}
+/**
+ * Read basicConstraints and return true iff `cA === true`. Uses the
+ * library's typed extension shape (`BasicConstraintsExtension.ca`); a
+ * cert that simply omits the extension fails the check.
+ */
+function certHasCaTrue(cert) {
+    const ext = cert.getExtension(BASIC_CONSTRAINTS_OID);
+    if (!ext)
+        return false;
+    return ext.ca === true;
+}
+/**
+ * Reconstruct the byte-identical canonical body the Swift mint path
+ * composes at App Attest time. Must stay byte-equal to
+ * `CanonicalBody.encode` in
+ * `apps/mobile/modules/expo-app-attest/ios/ExpoAppAttestModule.swift`.
+ *
+ * Ordering: alphabetical (JCS), which is what Swift emits literally:
+ *   attested_at, device_id, identity_public_key, motebit_id, platform,
+ *   version.
+ *
+ * `platform` is always `"device_check"` and `version` is always `"1"` —
+ * both constants live in the Swift and must match exactly.
+ */
+function buildCanonicalAttestationBody(input) {
+    return (`{"attested_at":${input.attested_at}` +
+        `,"device_id":${jsonEscapeString(input.device_id)}` +
+        `,"identity_public_key":${jsonEscapeString(input.identity_public_key)}` +
+        `,"motebit_id":${jsonEscapeString(input.motebit_id)}` +
+        `,"platform":"device_check"` +
+        `,"version":"1"}`);
+}
+/**
+ * Emit a JSON-escaped string literal (with quotes) byte-equal to the
+ * Swift `jsonString` escape policy:
+ *   - " → \"
+ *   - \ → \\
+ *   - \n, \r, \t → short forms
+ *   - other controls (< 0x20) → \u00XX
+ *   - everything else passes through as-is.
+ */
+function jsonEscapeString(s) {
+    let out = '"';
+    for (const ch of s) {
+        const code = ch.codePointAt(0);
+        if (ch === '"')
+            out += '\\"';
+        else if (ch === "\\")
+            out += "\\\\";
+        else if (ch === "\n")
+            out += "\\n";
+        else if (ch === "\r")
+            out += "\\r";
+        else if (ch === "\t")
+            out += "\\t";
+        else if (code < 0x20)
+            out += `\\u${code.toString(16).padStart(4, "0")}`;
+        else
+            out += ch;
+    }
+    out += '"';
+    return out;
+}
+/**
+ * Apple's nonce extension wraps its payload as:
+ *
+ *   SEQUENCE {
+ *     [1] EXPLICIT {
+ *       OCTET STRING <32 bytes of SHA256(authData || clientDataHash)>
+ *     }
+ *   }
+ *
+ * We decode enough ASN.1 to locate the inner 32-byte octet string. If
+ * the shape ever diverges (Apple adds tagged fields, rotates the
+ * wrapping structure), the parser fails closed with a descriptive
+ * error, not a silent mismatch.
+ */
+function extractAppleNoncePayload(derBytes) {
+    // Walk a minimal DER parser: SEQUENCE → context[1] EXPLICIT → OCTET
+    // STRING. Bail with an exception if anything unexpected shows up.
+    const reader = new DerReader(derBytes);
+    const outer = reader.readTlv();
+    if (outer.tag !== 0x30)
+        throw new Error(`expected SEQUENCE (0x30), got 0x${outer.tag.toString(16)}`);
+    const inner = new DerReader(outer.value);
+    // [1] EXPLICIT → context-specific class (0x80) + constructed (0x20) + tag 1 = 0xa1
+    while (inner.hasMore()) {
+        const tlv = inner.readTlv();
+        if (tlv.tag === 0xa1) {
+            const payload = new DerReader(tlv.value).readTlv();
+            if (payload.tag !== 0x04) {
+                throw new Error(`expected OCTET STRING inside context[1], got 0x${payload.tag.toString(16)}`);
+            }
+            return payload.value;
+        }
+    }
+    throw new Error("context[1] OCTET STRING not found in nonce extension");
+}
+/**
+ * Dependency-free DER reader. We only need enough DER to extract
+ * the Apple nonce extension. Full DER/BER parsing is `@peculiar/asn1-*`
+ * territory; we'd rather not pull a second ASN.1 dependency for a
+ * single extension shape.
+ */
+class DerReader {
+    bytes;
+    offset = 0;
+    constructor(bytes) {
+        this.bytes = bytes;
+    }
+    hasMore() {
+        return this.offset < this.bytes.length;
+    }
+    readTlv() {
+        if (this.offset + 2 > this.bytes.length)
+            throw new Error("unexpected end of DER");
+        const tag = this.bytes[this.offset++];
+        let len = this.bytes[this.offset++];
+        if (len & 0x80) {
+            const nBytes = len & 0x7f;
+            if (nBytes > 4)
+                throw new Error("DER length exceeds 4 bytes");
+            len = 0;
+            for (let i = 0; i < nBytes; i++) {
+                if (this.offset >= this.bytes.length)
+                    throw new Error("DER length truncated");
+                len = (len << 8) | this.bytes[this.offset++];
+            }
+        }
+        if (this.offset + len > this.bytes.length)
+            throw new Error("DER value truncated");
+        const value = this.bytes.subarray(this.offset, this.offset + len);
+        this.offset += len;
+        return { tag, value };
+    }
+}
+function toArrayBuffer(bytes) {
+    // Force a fresh ArrayBuffer copy — @peculiar/x509's constructor typing
+    // is strict about `ArrayBuffer` vs `SharedArrayBuffer`; returning the
+    // underlying buffer directly can hit the SAB case in some TS lib
+    // configurations.
+    const copy = new Uint8Array(bytes.length);
+    copy.set(bytes);
+    return copy.buffer;
+}
+function fromBase64Url(str) {
+    let b64 = str.replace(/-/g, "+").replace(/_/g, "/");
+    const pad = b64.length % 4;
+    if (pad === 2)
+        b64 += "==";
+    else if (pad === 3)
+        b64 += "=";
+    else if (pad === 1)
+        throw new Error("invalid base64url length");
+    const binary = atob(b64);
+    const out = new Uint8Array(binary.length);
+    for (let i = 0; i < binary.length; i++)
+        out[i] = binary.charCodeAt(i);
+    return out;
+}
+//# sourceMappingURL=verify.js.map

package/dist/verify.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"verify.js","sourceRoot":"","sources":["../src/verify.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAmCG;AAEH,OAAO,KAAK,IAAI,MAAM,gBAAgB,CAAC;AAIvC,OAAO,EAAE,mBAAmB,EAAE,wBAAwB,EAAE,MAAM,iBAAiB,CAAC;AAChF,OAAO,EAAE,kBAAkB,EAAE,MAAM,WAAW,CAAC;AA4D/C,0EAA0E;AAC1E,MAAM,yBAAyB,GAAG,wBAAwB,CAAC;AAC3D,sEAAsE;AACtE,MAAM,qBAAqB,GAAG,WAAW,CAAC;AAE1C;;;;;;;;;;;;;;GAcG;AACH,MAAM,CAAC,KAAK,UAAU,sBAAsB,CAC1C,KAA+B,EAC/B,IAA4B;IAE5B,MAAM,MAAM,GAA2B,EAAE,CAAC;IAC1C,IAAI,gBAAgB,GAAG,KAAK,CAAC;IAC7B,IAAI,WAAW,GAAG,KAAK,CAAC;IACxB,IAAI,YAAY,GAAG,KAAK,CAAC;IACzB,IAAI,cAAc,GAAG,KAAK,CAAC;IAE3B,IAAI,CAAC,KAAK,CAAC,mBAAmB,EAAE,CAAC;QAC/B,MAAM,CAAC,IAAI,CAAC,EAAE,OAAO,EAAE,kDAAkD,EAAE,CAAC,CAAC;QAC7E,OAAO,IAAI,CAAC,MAAM,CAAC,CAAC;IACtB,CAAC;IAED,MAAM,KAAK,GAAG,KAAK,CAAC,mBAAmB,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;IACnD,IAAI,KAAK,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QACvB,MAAM,CAAC,IAAI,CAAC;YACV,OAAO,EAAE,oFAAoF,KAAK,CAAC,MAAM,EAAE;SAC5G,CAAC,CAAC;QACH,OAAO,IAAI,CAAC,MAAM,CAAC,CAAC;IACtB,CAAC;IACD,MAAM,CAAC,SAAS,EAAE,SAAS,EAAE,iBAAiB,CAAC,GAAG,KAAiC,CAAC;IAEpF,IAAI,sBAAkC,CAAC;IACvC,IAAI,mBAA+B,CAAC;IACpC,IAAI,CAAC;QACH,sBAAsB,GAAG,aAAa,CAAC,SAAS,CAAC,CAAC;QAClD,mBAAmB,GAAG,aAAa,CAAC,iBAAiB,CAAC,CAAC;IACzD,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,MAAM,CAAC,IAAI,CAAC,EAAE,OAAO,EAAE,4BAA4B,SAAS,CAAC,GAAG,CAAC,EAAE,EAAE,CAAC,CAAC;QACvE,OAAO,IAAI,CAAC,MAAM,CAAC,CAAC;IACtB,CAAC;IAED,IAAI,IAAI,CAAC;IACT,IAAI,CAAC;QACH,IAAI,GAAG,kBAAkB,CAAC,sBAAsB,CAAC,CAAC;IACpD,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,MAAM,CAAC,IAAI,CAAC,EAAE,OAAO,EAAE,gBAAgB,SAAS,CAAC,GAAG,CAAC,EAAE,EAAE,CAAC,CAAC;QAC3D,OAAO,IAAI,CAAC,MAAM,CAAC,CAAC;IACtB,CAAC;IAED,MAAM,WAAW,GAAG,IAAI,CAAC,WAAW,IAAI,mBAAmB,CAAC;IAC5D,IAAI,IAAI,CAAC,GAAG,KAAK,WAAW,EAAE,CAAC;QAC7B,MAAM,CAAC,IAAI,CAAC,EAAE,OAAO,EAAE,wBAAwB,IAAI,CAAC,GAAG,kBAAkB,WAAW,IAAI,EAAE,CAAC,CAAC;QAC5F,OAAO,IAAI,CAAC,MAAM,CAAC,CAAC;IACtB,CAAC;IAED,IAAI,IAAI,CAAC,GAAG,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QACxB,MAAM,CAAC,IAAI,CAAC;YACV,OAAO,EAAE,qDAAqD,IAAI,CAAC,GAAG,CAAC,MAAM,EAAE;SAChF,CAAC,CAAC;QACH,OAAO,IAAI,CAAC,MAAM,CAAC,CAAC;IACtB,CAAC;IAED,qEAAqE;IACrE,mEAAmE;IACnE,mEAAmE;IACnE,uCAAuC;IACvC,IAAI,QAA8B,CAAC;IACnC,IAAI,gBAAsC,CAAC;IAC3C,IAAI,QAA8B,CAAC;IACnC,IAAI,CAAC;QACH,QAAQ,GAAG,IAAI,IAAI,CAAC,eAAe,CAAC,aAAa,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,CAAE,CAAC,CAAC,CAAC;QACjE,gBAAgB,GAAG,IAAI,IAAI,CAAC,eAAe,CAAC,aAAa,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,CAAE,CAAC,CAAC,CAAC;QACzE,QAAQ,GAAG,IAAI,IAAI,CAAC,eAAe,CAAC,IAAI,CAAC,OAAO,IAAI,wBAAwB,CAAC,CAAC;IAChF,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,MAAM,CAAC,IAAI,CAAC,EAAE,OAAO,EAAE,eAAe,SAAS,CAAC,GAAG,CAAC,EAAE,EAAE,CAAC,CAAC;QAC1D,OAAO,IAAI,CAAC,MAAM,CAAC,CAAC;IACtB,CAAC;IAED,MAAM,OAAO,GAAG,IAAI,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC,IAAI,CAAC,GAAG,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,GAAG,EAAE,CAAC,CAAC;IAE7D,IAAI,CAAC;QACH,MAAM,WAAW,GAAG,MAAM,eAAe,CAAC;YACxC,IAAI,EAAE,QAAQ;YACd,YAAY,EAAE,gBAAgB;YAC9B,IAAI,EAAE,QAAQ;YACd,OAAO;SACR,CAAC,CAAC;QACH,gBAAgB,GAAG,WAAW,CAAC,KAAK,CAAC;QACrC,IAAI,CAAC,gBAAgB,EAAE,CAAC;YACtB,MAAM,CAAC,IAAI,CAAC,EAAE,OAAO,EAAE,WAAW,CAAC,MAAM,EAAE,CAAC,CAAC;QAC/C,CAAC;IACH,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,MAAM,CAAC,IAAI,CAAC,EAAE,OAAO,EAAE,yBAAyB,SAAS,CAAC,GAAG,CAAC,EAAE,EAAE,CAAC,CAAC;QACpE,OAAO,IAAI,CAAC,MAAM,EAAE,EAAE,gBAAgB,EAAE,WAAW,EAAE,YAAY,EAAE,cAAc,EAAE,CAAC,CAAC;IACvF,CAAC;IAED,8BAA8B;IAC9B,iEAAiE;IACjE,kEAAkE;IAClE,IAAI,CAAC;QACH,MAAM,QAAQ,GAAG,QAAQ,CAAC,YAAY,CAAC,yBAAyB,CAAC,CAAC;QAClE,IAAI,CAAC,QAAQ,EAAE,CAAC;YACd,MAAM,CAAC,IAAI,CAAC;gBACV,OAAO,EAAE,0CAA0C,yBAAyB,EAAE;aAC/E,CAAC,CAAC;QACL,CAAC;aAAM,CAAC;YACN,mEAAmE;YACnE,iEAAiE;YACjE,sFAAsF;YACtF,MAAM,YAAY,GAAG,wBAAwB,CAAC,IAAI,UAAU,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC,CAAC;YAC9E,MAAM,aAAa,GAAG,MAAM,YAAY,CAAC,IAAI,CAAC,QAAQ,EAAE,mBAAmB,CAAC,CAAC;YAC7E,IAAI,OAAO,CAAC,YAAY,EAAE,aAAa,CAAC,EAAE,CAAC;gBACzC,WAAW,GAAG,IAAI,CAAC;YACrB,CAAC;iBAAM,CAAC;gBACN,MAAM,CAAC,IAAI,CAAC;oBACV,OAAO,EACL,iFAAiF;iBACpF,CAAC,CAAC;YACL,CAAC;QACH,CAAC;IACH,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,MAAM,CAAC,IAAI,CAAC,EAAE,OAAO,EAAE,0BAA0B,SAAS,CAAC,GAAG,CAAC,EAAE,EAAE,CAAC,CAAC;IACvE,CAAC;IAED,+BAA+B;IAC/B,mEAAmE;IACnE,uCAAuC;IACvC,IAAI,CAAC;QACH,IAAI,IAAI,CAAC,QAAQ,CAAC,MAAM,GAAG,EAAE,EAAE,CAAC;YAC9B,MAAM,CAAC,IAAI,CAAC,EAAE,OAAO,EAAE,uCAAuC,IAAI,CAAC,QAAQ,CAAC,MAAM,GAAG,EAAE,CAAC,CAAC;QAC3F,CAAC;aAAM,CAAC;YACN,MAAM,QAAQ,GAAG,IAAI,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;YAC/C,MAAM,QAAQ,GAAG,MAAM,WAAW,CAAC,IAAI,WAAW,EAAE,CAAC,MAAM,CAAC,IAAI,CAAC,gBAAgB,CAAC,CAAC,CAAC;YACpF,IAAI,OAAO,CAAC,QAAQ,EAAE,QAAQ,CAAC,EAAE,CAAC;gBAChC,YAAY,GAAG,IAAI,CAAC;YACtB,CAAC;iBAAM,CAAC;gBACN,MAAM,CAAC,IAAI,CAAC;oBACV,OAAO,EAAE,4CAA4C,IAAI,CAAC,gBAAgB,IAAI;iBAC/E,CAAC,CAAC;YACL,CAAC;QACH,CAAC;IACH,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,MAAM,CAAC,IAAI,CAAC,EAAE,OAAO,EAAE,yBAAyB,SAAS,CAAC,GAAG,CAAC,EAAE,EAAE,CAAC,CAAC;IACtE,CAAC;IAED,6CAA6C;IAC7C,qEAAqE;IACrE,oDAAoD;IACpD,sEAAsE;IACtE,gEAAgE;IAChE,oEAAoE;IACpE,iEAAiE;IACjE,kEAAkE;IAClE,kBAAkB;IAClB,IAAI,CAAC;QACH,IACE,OAAO,IAAI,CAAC,4BAA4B,KAAK,QAAQ;YACrD,IAAI,CAAC,4BAA4B,CAAC,MAAM,KAAK,CAAC,EAC9C,CAAC;YACD,MAAM,CAAC,IAAI,CAAC;gBACV,OAAO,EAAE,2DAA2D;aACrE,CAAC,CAAC;QACL,CAAC;aAAM,IAAI,OAAO,IAAI,CAAC,iBAAiB,KAAK,QAAQ,IAAI,IAAI,CAAC,iBAAiB,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YAC7F,MAAM,CAAC,IAAI,CAAC;gBACV,OAAO,EAAE,kFAAkF;aAC5F,CAAC,CAAC;QACL,CAAC;aAAM,IAAI,OAAO,IAAI,CAAC,gBAAgB,KAAK,QAAQ,IAAI,IAAI,CAAC,gBAAgB,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YAC3F,MAAM,CAAC,IAAI,CAAC;gBACV,OAAO,EAAE,iFAAiF;aAC3F,CAAC,CAAC;QACL,CAAC;aAAM,IACL,OAAO,IAAI,CAAC,kBAAkB,KAAK,QAAQ;YAC3C,CAAC,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,kBAAkB,CAAC,EACzC,CAAC;YACD,MAAM,CAAC,IAAI,CAAC;gBACV,OAAO,EACL,mFAAmF;aACtF,CAAC,CAAC;QACL,CAAC;aAAM,CAAC;YACN,MAAM,aAAa,GAAG,6BAA6B,CAAC;gBAClD,WAAW,EAAE,IAAI,CAAC,kBAAkB;gBACpC,SAAS,EAAE,IAAI,CAAC,gBAAgB;gBAChC,mBAAmB,EAAE,IAAI,CAAC,4BAA4B,CAAC,WAAW,EAAE;gBACpE,UAAU,EAAE,IAAI,CAAC,iBAAiB;aACnC,CAAC,CAAC;YACH,MAAM,OAAO,GAAG,MAAM,WAAW,CAAC,IAAI,WAAW,EAAE,CAAC,MAAM,CAAC,aAAa,CAAC,CAAC,CAAC;YAC3E,IAAI,OAAO,CAAC,OAAO,EAAE,mBAAmB,CAAC,EAAE,CAAC;gBAC1C,cAAc,GAAG,IAAI,CAAC;YACxB,CAAC;iBAAM,CAAC;gBACN,MAAM,CAAC,IAAI,CAAC;oBACV,OAAO,EACL,uKAAuK;iBAC1K,CAAC,CAAC;YACL,CAAC;QACH,CAAC;IACH,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,MAAM,CAAC,IAAI,CAAC,EAAE,OAAO,EAAE,6BAA6B,SAAS,CAAC,GAAG,CAAC,EAAE,EAAE,CAAC,CAAC;IAC1E,CAAC;IAED,OAAO;QACL,KAAK,EAAE,gBAAgB,IAAI,WAAW,IAAI,YAAY,IAAI,cAAc;QACxE,gBAAgB;QAChB,WAAW;QACX,YAAY;QACZ,cAAc;QACd,MAAM;KACP,CAAC;AACJ,CAAC;AAED,wEAAwE;AAExE,SAAS,IAAI,CACX,MAA8B,EAC9B,OAAkE;IAElE,OAAO;QACL,KAAK,EAAE,KAAK;QACZ,gBAAgB,EAAE,OAAO,EAAE,gBAAgB,IAAI,KAAK;QACpD,WAAW,EAAE,OAAO,EAAE,WAAW,IAAI,KAAK;QAC1C,YAAY,EAAE,OAAO,EAAE,YAAY,IAAI,KAAK;QAC5C,cAAc,EAAE,OAAO,EAAE,cAAc,IAAI,KAAK;QAChD,MAAM;KACP,CAAC;AACJ,CAAC;AAED,SAAS,SAAS,CAAC,GAAY;IAC7B,OAAO,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;AAC1D,CAAC;AAED,KAAK,UAAU,WAAW,CAAC,IAAgB;IACzC,MAAM,GAAG,GAAG,MAAM,UAAU,CAAC,MAAM,CAAC,MAAM,CAAC,MAAM,CAAC,SAAS,EAAE,IAAoB,CAAC,CAAC;IACnF,OAAO,IAAI,UAAU,CAAC,GAAG,CAAC,CAAC;AAC7B,CAAC;AAED,KAAK,UAAU,YAAY,CAAC,CAAa,EAAE,CAAa;IACtD,MAAM,GAAG,GAAG,IAAI,UAAU,CAAC,CAAC,CAAC,MAAM,GAAG,CAAC,CAAC,MAAM,CAAC,CAAC;IAChD,GAAG,CAAC,GAAG,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC;IACd,GAAG,CAAC,GAAG,CAAC,CAAC,EAAE,CAAC,CAAC,MAAM,CAAC,CAAC;IACrB,OAAO,WAAW,CAAC,GAAG,CAAC,CAAC;AAC1B,CAAC;AAED,SAAS,OAAO,CAAC,CAAa,EAAE,CAAa;IAC3C,IAAI,CAAC,CAAC,MAAM,KAAK,CAAC,CAAC,MAAM;QAAE,OAAO,KAAK,CAAC;IACxC,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,CAAC,CAAC,MAAM,EAAE,CAAC,EAAE;QAAE,IAAI,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;YAAE,OAAO,KAAK,CAAC;IACnE,OAAO,IAAI,CAAC;AACd,CAAC;AAaD;;;;;;;;;;;;;;;;;GAiBG;AACH,KAAK,UAAU,eAAe,CAAC,KAK9B;IACC,MAAM,EAAE,IAAI,EAAE,YAAY,EAAE,IAAI,EAAE,OAAO,EAAE,GAAG,KAAK,CAAC;IAEpD,qEAAqE;IACrE,mEAAmE;IACnE,gEAAgE;IAChE,kBAAkB;IAClB,MAAM,OAAO,GAAG,IAAI,IAAI,CAAC,gBAAgB,CAAC;QACxC,YAAY,EAAE,CAAC,IAAI,EAAE,YAAY,EAAE,IAAI,CAAC;KACzC,CAAC,CAAC;IACH,mEAAmE;IACnE,oEAAoE;IACpE,oEAAoE;IACpE,qEAAqE;IACrE,wBAAwB;IACxB,MAAM,KAAK,GAAG,MAAM,OAAO,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;IAExC,sEAAsE;IACtE,+DAA+D;IAC/D,qEAAqE;IACrE,iEAAiE;IACjE,+DAA+D;IAC/D,iBAAiB;IACjB,MAAM,QAAQ,GAAG,KAAK,CAAC,KAAK,CAAC,MAAM,GAAG,CAAC,CAAE,CAAC;IAC1C,MAAM,kBAAkB,GAAG,MAAM,QAAQ,CAAC,YAAY,EAAE,CAAC;IACzD,IAAI,CAAC,kBAAkB,EAAE,CAAC;QACxB,OAAO;YACL,KAAK,EAAE,KAAK;YACZ,MAAM,EAAE,gDAAgD;SACzD,CAAC;IACJ,CAAC;IACD,IAAI,CAAC,OAAO,CAAC,IAAI,UAAU,CAAC,QAAQ,CAAC,OAAO,CAAC,EAAE,IAAI,UAAU,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,EAAE,CAAC;QAC7E,OAAO;YACL,KAAK,EAAE,KAAK;YACZ,MAAM,EAAE,wDAAwD;SACjE,CAAC;IACJ,CAAC;IAED,kEAAkE;IAClE,sEAAsE;IACtE,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,KAAK,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;QACtC,MAAM,IAAI,GAAG,KAAK,CAAC,CAAC,CAAE,CAAC;QAEvB,IAAI,OAAO,GAAG,IAAI,CAAC,SAAS,IAAI,OAAO,GAAG,IAAI,CAAC,QAAQ,EAAE,CAAC;YACxD,OAAO;gBACL,KAAK,EAAE,KAAK;gBACZ,MAAM,EAAE,0BAA0B,CAAC,sCAAsC,OAAO,CAAC,WAAW,EAAE,EAAE;aACjG,CAAC;QACJ,CAAC;QAED,MAAM,MAAM,GAAG,CAAC,KAAK,CAAC,CAAC;QACvB,IAAI,CAAC,MAAM,IAAI,CAAC,aAAa,CAAC,IAAI,CAAC,EAAE,CAAC;YACpC,OAAO;gBACL,KAAK,EAAE,KAAK;gBACZ,MAAM,EAAE,0BAA0B,CAAC,8DAA8D;aAClG,CAAC;QACJ,CAAC;QAED,mEAAmE;QACnE,gEAAgE;QAChE,+DAA+D;QAC/D,SAAS;QACT,MAAM,MAAM,GAAG,CAAC,KAAK,KAAK,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,GAAG,CAAC,CAAE,CAAC;QAC7D,MAAM,KAAK,GAAG,MAAM,IAAI,CAAC,MAAM,CAAC,EAAE,SAAS,EAAE,MAAM,CAAC,SAAS,EAAE,IAAI,EAAE,OAAO,EAAE,CAAC,CAAC;QAChF,IAAI,CAAC,KAAK,EAAE,CAAC;YACX,OAAO;gBACL,KAAK,EAAE,KAAK;gBACZ,MAAM,EAAE,0BAA0B,CAAC,yDAAyD;aAC7F,CAAC;QACJ,CAAC;IACH,CAAC;IAED,oEAAoE;IACpE,oEAAoE;IACpE,mEAAmE;IACnE,kEAAkE;IAClE,8BAA8B;IAE9B,KAAK,YAAY,CAAC,CAAC,oDAAoD;IACvE,OAAO,EAAE,KAAK,EAAE,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,CAAC;AACvC,CAAC;AAED;;;;GAIG;AACH,SAAS,aAAa,CAAC,IAA0B;IAC/C,MAAM,GAAG,GAAG,IAAI,CAAC,YAAY,CAAiC,qBAAqB,CAAC,CAAC;IACrF,IAAI,CAAC,GAAG;QAAE,OAAO,KAAK,CAAC;IACvB,OAAO,GAAG,CAAC,EAAE,KAAK,IAAI,CAAC;AACzB,CAAC;AAED;;;;;;;;;;;;GAYG;AACH,SAAS,6BAA6B,CAAC,KAKtC;IACC,OAAO,CACL,kBAAkB,KAAK,CAAC,WAAW,EAAE;QACrC,gBAAgB,gBAAgB,CAAC,KAAK,CAAC,SAAS,CAAC,EAAE;QACnD,0BAA0B,gBAAgB,CAAC,KAAK,CAAC,mBAAmB,CAAC,EAAE;QACvE,iBAAiB,gBAAgB,CAAC,KAAK,CAAC,UAAU,CAAC,EAAE;QACrD,4BAA4B;QAC5B,iBAAiB,CAClB,CAAC;AACJ,CAAC;AAED;;;;;;;;GAQG;AACH,SAAS,gBAAgB,CAAC,CAAS;IACjC,IAAI,GAAG,GAAG,GAAG,CAAC;IACd,KAAK,MAAM,EAAE,IAAI,CAAC,EAAE,CAAC;QACnB,MAAM,IAAI,GAAG,EAAE,CAAC,WAAW,CAAC,CAAC,CAAE,CAAC;QAChC,IAAI,EAAE,KAAK,GAAG;YAAE,GAAG,IAAI,KAAK,CAAC;aACxB,IAAI,EAAE,KAAK,IAAI;YAAE,GAAG,IAAI,MAAM,CAAC;aAC/B,IAAI,EAAE,KAAK,IAAI;YAAE,GAAG,IAAI,KAAK,CAAC;aAC9B,IAAI,EAAE,KAAK,IAAI;YAAE,GAAG,IAAI,KAAK,CAAC;aAC9B,IAAI,EAAE,KAAK,IAAI;YAAE,GAAG,IAAI,KAAK,CAAC;aAC9B,IAAI,IAAI,GAAG,IAAI;YAAE,GAAG,IAAI,MAAM,IAAI,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC,EAAE,GAAG,CAAC,EAAE,CAAC;;YACnE,GAAG,IAAI,EAAE,CAAC;IACjB,CAAC;IACD,GAAG,IAAI,GAAG,CAAC;IACX,OAAO,GAAG,CAAC;AACb,CAAC;AAED;;;;;;;;;;;;;GAaG;AACH,SAAS,wBAAwB,CAAC,QAAoB;IACpD,oEAAoE;IACpE,kEAAkE;IAClE,MAAM,MAAM,GAAG,IAAI,SAAS,CAAC,QAAQ,CAAC,CAAC;IACvC,MAAM,KAAK,GAAG,MAAM,CAAC,OAAO,EAAE,CAAC;IAC/B,IAAI,KAAK,CAAC,GAAG,KAAK,IAAI;QACpB,MAAM,IAAI,KAAK,CAAC,mCAAmC,KAAK,CAAC,GAAG,CAAC,QAAQ,CAAC,EAAE,CAAC,EAAE,CAAC,CAAC;IAE/E,MAAM,KAAK,GAAG,IAAI,SAAS,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC;IACzC,mFAAmF;IACnF,OAAO,KAAK,CAAC,OAAO,EAAE,EAAE,CAAC;QACvB,MAAM,GAAG,GAAG,KAAK,CAAC,OAAO,EAAE,CAAC;QAC5B,IAAI,GAAG,CAAC,GAAG,KAAK,IAAI,EAAE,CAAC;YACrB,MAAM,OAAO,GAAG,IAAI,SAAS,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC,OAAO,EAAE,CAAC;YACnD,IAAI,OAAO,CAAC,GAAG,KAAK,IAAI,EAAE,CAAC;gBACzB,MAAM,IAAI,KAAK,CACb,kDAAkD,OAAO,CAAC,GAAG,CAAC,QAAQ,CAAC,EAAE,CAAC,EAAE,CAC7E,CAAC;YACJ,CAAC;YACD,OAAO,OAAO,CAAC,KAAK,CAAC;QACvB,CAAC;IACH,CAAC;IACD,MAAM,IAAI,KAAK,CAAC,sDAAsD,CAAC,CAAC;AAC1E,CAAC;AAOD;;;;;GAKG;AACH,MAAM,SAAS;IAEgB;IADrB,MAAM,GAAG,CAAC,CAAC;IACnB,YAA6B,KAAiB;QAAjB,UAAK,GAAL,KAAK,CAAY;IAAG,CAAC;IAElD,OAAO;QACL,OAAO,IAAI,CAAC,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC;IACzC,CAAC;IAED,OAAO;QACL,IAAI,IAAI,CAAC,MAAM,GAAG,CAAC,GAAG,IAAI,CAAC,KAAK,CAAC,MAAM;YAAE,MAAM,IAAI,KAAK,CAAC,uBAAuB,CAAC,CAAC;QAClF,MAAM,GAAG,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,MAAM,EAAE,CAAE,CAAC;QACvC,IAAI,GAAG,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,MAAM,EAAE,CAAE,CAAC;QACrC,IAAI,GAAG,GAAG,IAAI,EAAE,CAAC;YACf,MAAM,MAAM,GAAG,GAAG,GAAG,IAAI,CAAC;YAC1B,IAAI,MAAM,GAAG,CAAC;gBAAE,MAAM,IAAI,KAAK,CAAC,4BAA4B,CAAC,CAAC;YAC9D,GAAG,GAAG,CAAC,CAAC;YACR,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;gBAChC,IAAI,IAAI,CAAC,MAAM,IAAI,IAAI,CAAC,KAAK,CAAC,MAAM;oBAAE,MAAM,IAAI,KAAK,CAAC,sBAAsB,CAAC,CAAC;gBAC9E,GAAG,GAAG,CAAC,GAAG,IAAI,CAAC,CAAC,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,MAAM,EAAE,CAAE,CAAC;YAChD,CAAC;QACH,CAAC;QACD,IAAI,IAAI,CAAC,MAAM,GAAG,GAAG,GAAG,IAAI,CAAC,KAAK,CAAC,MAAM;YAAE,MAAM,IAAI,KAAK,CAAC,qBAAqB,CAAC,CAAC;QAClF,MAAM,KAAK,GAAG,IAAI,CAAC,KAAK,CAAC,QAAQ,CAAC,IAAI,CAAC,MAAM,EAAE,IAAI,CAAC,MAAM,GAAG,GAAG,CAAC,CAAC;QAClE,IAAI,CAAC,MAAM,IAAI,GAAG,CAAC;QACnB,OAAO,EAAE,GAAG,EAAE,KAAK,EAAE,CAAC;IACxB,CAAC;CACF;AAED,SAAS,aAAa,CAAC,KAAiB;IACtC,uEAAuE;IACvE,sEAAsE;IACtE,iEAAiE;IACjE,kBAAkB;IAClB,MAAM,IAAI,GAAG,IAAI,UAAU,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC;IAC1C,IAAI,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC;IAChB,OAAO,IAAI,CAAC,MAAM,CAAC;AACrB,CAAC;AAED,SAAS,aAAa,CAAC,GAAW;IAChC,IAAI,GAAG,GAAG,GAAG,CAAC,OAAO,CAAC,IAAI,EAAE,GAAG,CAAC,CAAC,OAAO,CAAC,IAAI,EAAE,GAAG,CAAC,CAAC;IACpD,MAAM,GAAG,GAAG,GAAG,CAAC,MAAM,GAAG,CAAC,CAAC;IAC3B,IAAI,GAAG,KAAK,CAAC;QAAE,GAAG,IAAI,IAAI,CAAC;SACtB,IAAI,GAAG,KAAK,CAAC;QAAE,GAAG,IAAI,GAAG,CAAC;SAC1B,IAAI,GAAG,KAAK,CAAC;QAAE,MAAM,IAAI,KAAK,CAAC,0BAA0B,CAAC,CAAC;IAChE,MAAM,MAAM,GAAG,IAAI,CAAC,GAAG,CAAC,CAAC;IACzB,MAAM,GAAG,GAAG,IAAI,UAAU,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC;IAC1C,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,MAAM,CAAC,MAAM,EAAE,CAAC,EAAE;QAAE,GAAG,CAAC,CAAC,CAAC,GAAG,MAAM,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC;IACtE,OAAO,GAAG,CAAC;AACb,CAAC"}

package/package.json

@@ -0,0 +1,80 @@
+{
+  "name": "@motebit/crypto-appattest",
+  "version": "1.0.0",
+  "description": "Apache-2.0 verifier for Apple App Attest hardware-attestation credentials — offline chain verification against the pinned Apple App Attest root CA. Plugs into @motebit/crypto's HardwareAttestationVerifiers dispatcher to validate iOS device-attested motebit identities.",
+  "type": "module",
+  "main": "./dist/index.js",
+  "types": "./dist/index.d.ts",
+  "exports": {
+    ".": {
+      "types": "./dist/index.d.ts",
+      "default": "./dist/index.js"
+    }
+  },
+  "files": [
+    "dist/**/*.js",
+    "dist/**/*.js.map",
+    "dist/**/*.d.ts",
+    "dist/**/*.d.ts.map",
+    "LICENSE",
+    "NOTICE",
+    "README.md"
+  ],
+  "sideEffects": false,
+  "license": "Apache-2.0",
+  "keywords": [
+    "motebit",
+    "apple",
+    "app-attest",
+    "device-check",
+    "attestation",
+    "ios",
+    "hardware-attestation",
+    "x509",
+    "cbor",
+    "verify"
+  ],
+  "homepage": "https://github.com/motebit/motebit/tree/main/packages/crypto-appattest#readme",
+  "bugs": {
+    "url": "https://github.com/motebit/motebit/issues"
+  },
+  "repository": {
+    "type": "git",
+    "url": "https://github.com/motebit/motebit",
+    "directory": "packages/crypto-appattest"
+  },
+  "publishConfig": {
+    "access": "public"
+  },
+  "motebit": {
+    "implements": [
+      "spec/credential-v1.md"
+    ]
+  },
+  "dependencies": {
+    "@peculiar/x509": "^1.12.0",
+    "cbor2": "^1.9.0",
+    "@motebit/protocol": "1.0.0",
+    "@motebit/crypto": "1.0.0"
+  },
+  "devDependencies": {
+    "@noble/curves": "~1.9.0",
+    "@noble/hashes": "~1.6.0",
+    "@peculiar/webcrypto": "^1.5.0",
+    "@types/node": "^22.0.0",
+    "typescript": "^5.6.0",
+    "vitest": "^2.1.0"
+  },
+  "engines": {
+    "node": ">=20"
+  },
+  "scripts": {
+    "build": "tsc -b",
+    "test": "vitest run",
+    "test:coverage": "vitest run --coverage",
+    "typecheck": "tsc --noEmit",
+    "lint": "eslint --parser-options=project:tsconfig.eslint.json src/",
+    "lint:pack": "publint --strict && attw --pack --profile esm-only",
+    "clean": "rm -rf dist .turbo *.tsbuildinfo"
+  }
+}