npm - @naylence/advanced-security - Versions diffs - 0.3.7-test.112 → 0.3.7-test.114 - Mend

@naylence/advanced-security 0.3.7-test.112 → 0.3.7-test.114

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (421) hide show

package/dist/esm/naylence/fame/security/keys/x5c-key-manager.js DELETED Viewed

@@ -1,405 +0,0 @@
-import { DeliveryOriginType, DefaultKeyManager, getKeyStore, getLogger, currentTraceId, validateJwkComplete, JWKValidationError, TaskSpawner, } from "@naylence/runtime";
-import { validateJwkX5cCertificate, } from "../cert/util.js";
-const logger = getLogger("naylence.fame.security.keys.x5c_key_manager");
-let x509ModulePromise = null;
-async function loadX509Module() {
-    if (!x509ModulePromise) {
-        x509ModulePromise = import("@peculiar/x509")
-            .then((mod) => {
-            if (mod && typeof mod.X509Certificate === "function") {
-                return { X509Certificate: mod.X509Certificate };
-            }
-            return null;
-        })
-            .catch((error) => {
-            logger.warning("certificate_module_unavailable", {
-                error: error instanceof Error ? error.message : String(error),
-            });
-            return null;
-        });
-    }
-    return x509ModulePromise;
-}
-function decodeBase64Cert(value) {
-    if (typeof Buffer !== "undefined") {
-        return Buffer.from(value, "base64");
-    }
-    const binary = atob(value);
-    const bytes = new Uint8Array(binary.length);
-    for (let i = 0; i < binary.length; i += 1) {
-        bytes[i] = binary.charCodeAt(i);
-    }
-    return bytes;
-}
-export class X5CKeyManager extends TaskSpawner {
-    constructor({ keyStore = null, certPurgeIntervalSeconds = 3600, } = {}) {
-        super();
-        this.priority = 1000;
-        this.purgeTask = null;
-        this.keyStore = keyStore ?? getKeyStore();
-        this.inner = new DefaultKeyManager({ keyStore: this.keyStore });
-        this.certPurgeInterval = certPurgeIntervalSeconds;
-    }
-    async onNodeStarted(node) {
-        await this.inner.onNodeStarted(node);
-        this.startPurgeLoop();
-        logger.debug("x5c_key_manager_started", {
-            cert_purge_interval: this.certPurgeInterval,
-        });
-    }
-    async onNodeStopped(node) {
-        logger.debug("x5c_key_manager_stopping");
-        await this.shutdownTasks({ gracePeriod: 500, joinTimeout: 500 });
-        this.purgeTask = null;
-        await this.inner.onNodeStopped(node);
-        logger.debug("x5c_key_manager_stopped");
-    }
-    async getKey(kid) {
-        return this.inner.getKey(kid);
-    }
-    async hasKey(kid) {
-        return this.inner.hasKey(kid);
-    }
-    async addKeys(options) {
-        const { keys, sid, physicalPath, systemId, origin, skipSidValidation = false, } = options;
-        const trustStore = resolveTrustStorePath();
-        const enforceNameConstraints = true;
-        const validKeys = [];
-        let rejectedCount = 0;
-        for (const key of keys) {
-            try {
-                validateJwkComplete(key);
-                if (Array.isArray(key.x5c) && trustStore) {
-                    const validationResult = validateJwkX5cCertificateWrapper({
-                        jwk: key,
-                        trustStore,
-                        enforceNameConstraints,
-                        origin,
-                        systemId,
-                        physicalPath,
-                    });
-                    if (!validationResult.accepted) {
-                        rejectedCount += 1;
-                        if (validationResult.skip) {
-                            continue;
-                        }
-                    }
-                }
-                validKeys.push(key);
-            }
-            catch (error) {
-                if (error instanceof JWKValidationError) {
-                    logger.warning("rejected_invalid_jwk_in_announce", {
-                        kid: typeof key?.kid === "string" ? key.kid : "unknown",
-                        from_system_id: systemId,
-                        from_physical_path: physicalPath,
-                        error: error.message,
-                    });
-                    rejectedCount += 1;
-                    continue;
-                }
-                throw error;
-            }
-        }
-        if (validKeys.length === 0) {
-            logger.warning("no_valid_keys_in_announce", {
-                from_system_id: systemId,
-                from_physical_path: physicalPath,
-                total_keys: keys.length,
-                rejected_count: rejectedCount,
-            });
-            return;
-        }
-        logger.debug("adding_keys", {
-            key_ids: validKeys.map((key) => typeof key?.kid === "string" ? key.kid : "unknown"),
-            source_system_id: systemId,
-            from_physical_path: physicalPath,
-            trace_id: currentTraceId(),
-            origin,
-            valid_count: validKeys.length,
-            rejected_count: rejectedCount,
-        });
-        const hasEncryptionKeys = validKeys.some((key) => typeof key?.use === "string" && key.use === "enc");
-        if (hasEncryptionKeys) {
-            logger.debug("checking_for_old_encryption_keys_to_remove", {
-                physical_path: physicalPath,
-                origin,
-                new_enc_keys: validKeys
-                    .filter((key) => typeof key?.use === "string" && key.use === "enc")
-                    .map((key) => (typeof key?.kid === "string" ? key.kid : "unknown")),
-            });
-            try {
-                const grouped = await this.keyStore.getKeysGroupedByPath();
-                const existingEncKeyIds = new Set();
-                const pathsWithOldKeys = [];
-                const physicalPathSuffix = `@${physicalPath}`;
-                for (const [path, records] of Object.entries(grouped)) {
-                    if (path !== physicalPath && !path.endsWith(physicalPathSuffix)) {
-                        continue;
-                    }
-                    const encKeysAtPath = records.filter((record) => typeof record?.use === "string" && record.use === "enc");
-                    if (encKeysAtPath.length === 0) {
-                        continue;
-                    }
-                    pathsWithOldKeys.push(path);
-                    for (const record of encKeysAtPath) {
-                        if (typeof record?.kid === "string") {
-                            existingEncKeyIds.add(record.kid);
-                        }
-                    }
-                }
-                if (existingEncKeyIds.size > 0) {
-                    logger.debug("found_existing_encryption_keys_across_paths", {
-                        physical_path: physicalPath,
-                        paths_checked: pathsWithOldKeys,
-                        existing_enc_key_ids: Array.from(existingEncKeyIds),
-                    });
-                    const newEncKeyIds = new Set(validKeys
-                        .filter((key) => typeof key?.use === "string" && key.use === "enc")
-                        .map((key) => (typeof key?.kid === "string" ? key.kid : ""))
-                        .filter((kid) => kid.length > 0));
-                    const keysToRemove = Array.from(existingEncKeyIds).filter((kid) => !newEncKeyIds.has(kid));
-                    if (keysToRemove.length > 0) {
-                        logger.info("removing_old_encryption_keys_for_key_rotation", {
-                            physical_path: physicalPath,
-                            paths_with_old_keys: pathsWithOldKeys,
-                            old_key_ids: keysToRemove,
-                            new_key_ids: Array.from(newEncKeyIds),
-                            origin,
-                        });
-                        for (const kid of keysToRemove) {
-                            await this.keyStore.removeKey(kid);
-                            logger.debug("removed_old_encryption_key_from_all_paths", {
-                                kid,
-                            });
-                        }
-                    }
-                }
-            }
-            catch (error) {
-                logger.warning("failed_to_remove_old_encryption_keys", {
-                    physical_path: physicalPath,
-                    error: error instanceof Error ? error.message : String(error),
-                    origin,
-                });
-            }
-        }
-        const addKeyOptions = {
-            keys: validKeys,
-            physicalPath,
-            systemId,
-            origin,
-        };
-        if (skipSidValidation) {
-            addKeyOptions.skipSidValidation = true;
-        }
-        if (typeof sid === "string") {
-            addKeyOptions.sid = sid;
-        }
-        await this.inner.addKeys(addKeyOptions);
-    }
-    async announceKeysToUpstream() {
-        await this.inner.announceKeysToUpstream();
-    }
-    async handleKeyRequest(options) {
-        await this.inner.handleKeyRequest(options);
-    }
-    async removeKeysForPath(physicalPath) {
-        return this.inner.removeKeysForPath(physicalPath);
-    }
-    async getKeysForPath(physicalPath) {
-        return this.inner.getKeysForPath(physicalPath);
-    }
-    async purgeExpiredCertificates() {
-        logger.debug("certificate_purge_starting");
-        const module = await loadX509Module();
-        if (!module) {
-            logger.warning("certificate_purge_skipped", {
-                reason: "x509_module_unavailable",
-            });
-            return 0;
-        }
-        const now = new Date();
-        const keysGrouped = await this.keyStore.getKeysGroupedByPath();
-        const keysToRemove = [];
-        for (const keys of Object.values(keysGrouped)) {
-            for (const key of keys) {
-                const chain = key.x5c;
-                if (!Array.isArray(chain) || chain.length === 0) {
-                    continue;
-                }
-                const [leaf] = chain;
-                if (typeof leaf !== "string") {
-                    continue;
-                }
-                try {
-                    const raw = decodeBase64Cert(leaf);
-                    const cert = new module.X509Certificate(raw);
-                    const expiration = cert.notAfter;
-                    if (expiration && expiration.getTime() < now.getTime()) {
-                        logger.debug("expired_certificate_found", {
-                            kid: typeof key.kid === "string" ? key.kid : "unknown",
-                            physical_path: typeof key.physical_path === "string"
-                                ? key.physical_path
-                                : "unknown",
-                            expired_at: expiration.toISOString(),
-                        });
-                        if (typeof key.kid === "string") {
-                            const removal = {
-                                kid: key.kid,
-                            };
-                            if (typeof key.physical_path === "string") {
-                                removal.physicalPath = key.physical_path;
-                            }
-                            keysToRemove.push(removal);
-                        }
-                    }
-                }
-                catch (error) {
-                    logger.warning("certificate_parsing_failed_during_purge", {
-                        kid: typeof key.kid === "string" ? key.kid : "unknown",
-                        error: error instanceof Error ? error.message : String(error),
-                        message: "Could not parse certificate for expiry check",
-                    });
-                }
-            }
-        }
-        let purgedCount = 0;
-        for (const keyInfo of keysToRemove) {
-            try {
-                const removed = await this.keyStore.removeKey(keyInfo.kid);
-                if (removed) {
-                    purgedCount += 1;
-                    logger.debug("expired_certificate_purged", {
-                        kid: keyInfo.kid,
-                        physical_path: keyInfo.physicalPath ?? "unknown",
-                    });
-                }
-            }
-            catch (error) {
-                logger.error("certificate_purge_failed", {
-                    kid: keyInfo.kid,
-                    error: error instanceof Error ? error.message : String(error),
-                });
-            }
-        }
-        logger.debug("certificate_purge_completed", {
-            purged_count: purgedCount,
-        });
-        return purgedCount;
-    }
-    startPurgeLoop() {
-        if (this.purgeTask) {
-            return;
-        }
-        this.purgeTask = this.spawn(async (signal) => {
-            logger.debug("certificate_purge_loop_started", {
-                interval_seconds: this.certPurgeInterval,
-            });
-            try {
-                while (!signal?.aborted) {
-                    const waitPromise = new Promise((resolve) => {
-                        const timeout = setTimeout(() => resolve(), this.certPurgeInterval * 1000);
-                        if (signal) {
-                            signal.addEventListener("abort", () => {
-                                clearTimeout(timeout);
-                                resolve();
-                            }, { once: true });
-                        }
-                    });
-                    await waitPromise;
-                    if (signal?.aborted) {
-                        break;
-                    }
-                    try {
-                        const purged = await this.purgeExpiredCertificates();
-                        if (purged > 0) {
-                            logger.debug("certificate_purge_cycle_completed", {
-                                purged_count: purged,
-                            });
-                        }
-                    }
-                    catch (error) {
-                        logger.error("certificate_purge_cycle_failed", {
-                            error: error instanceof Error ? error.message : String(error),
-                        });
-                    }
-                }
-            }
-            catch (error) {
-                if (signal?.aborted) {
-                    logger.debug("certificate_purge_loop_cancelled");
-                }
-                else {
-                    logger.error("certificate_purge_loop_failed", {
-                        error: error instanceof Error ? error.message : String(error),
-                    });
-                }
-            }
-            finally {
-                logger.debug("certificate_purge_loop_stopped");
-            }
-        }, { name: "cert-purge" });
-    }
-}
-function validateJwkX5cCertificateWrapper(options) {
-    const { jwk, trustStore, enforceNameConstraints, origin, systemId, physicalPath, } = options;
-    let result;
-    try {
-        result = validateJwkX5cCertificate({
-            jwk,
-            trustStorePem: trustStore,
-            enforceNameConstraints,
-            strict: false,
-        });
-    }
-    catch (error) {
-        logger.warning("rejected_key_due_to_certificate_validation_failure", {
-            kid: typeof jwk.kid === "string" ? jwk.kid : "unknown",
-            from_system_id: systemId,
-            from_physical_path: physicalPath,
-            origin,
-            error: error instanceof Error ? error.message : String(error),
-            scenario: "node_attach",
-        });
-        return {
-            accepted: false,
-            skip: origin === DeliveryOriginType.DOWNSTREAM ||
-                origin === DeliveryOriginType.UPSTREAM,
-        };
-    }
-    if (result.isValid) {
-        return { accepted: true, skip: false };
-    }
-    logger.warning("rejected_key_due_to_certificate_validation_failure", {
-        kid: typeof jwk.kid === "string" ? jwk.kid : "unknown",
-        from_system_id: systemId,
-        from_physical_path: physicalPath,
-        origin,
-        error: result.error ?? "unknown",
-        scenario: "node_attach",
-    });
-    return {
-        accepted: false,
-        skip: origin === DeliveryOriginType.DOWNSTREAM ||
-            origin === DeliveryOriginType.UPSTREAM,
-    };
-}
-function resolveTrustStorePath() {
-    try {
-        if (typeof process === "undefined" || !process.env) {
-            return null;
-        }
-        if (process.env.FAME_TRUST_STORE_PATH) {
-            return process.env.FAME_TRUST_STORE_PATH;
-        }
-        return process.env.FAME_CA_CERT_FILE ?? null;
-    }
-    catch (error) {
-        logger.debug("trust_store_resolution_failed", {
-            error: error instanceof Error ? error.message : String(error),
-        });
-        return null;
-    }
-}
-//# sourceMappingURL=x5c-key-manager.js.map

package/dist/esm/naylence/fame/security/keys/x5c-key-manager.js.map DELETED Viewed

@@ -1 +0,0 @@

- {"version":3,"file":"x5c-key-manager.js","sourceRoot":"","sources":["../../../../../../src/naylence/fame/security/keys/x5c-key-manager.ts"],"names":[],"mappings":"AAAA,OAAO,EACL,kBAAkB,EAKlB,iBAAiB,EACjB,WAAW,EACX,SAAS,EACT,cAAc,EACd,mBAAmB,EACnB,kBAAkB,EAElB,WAAW,GAEZ,MAAM,mBAAmB,CAAC;AAE3B,OAAO,EACL,yBAAyB,GAE1B,MAAM,iBAAiB,CAAC;AAEzB,MAAM,MAAM,GAAG,SAAS,CAAC,6CAA6C,CAAC,CAAC;AAQxE,IAAI,iBAAiB,GAAsC,IAAI,CAAC;AAEhE,KAAK,UAAU,cAAc;IAC3B,IAAI,CAAC,iBAAiB,EAAE,CAAC;QACvB,iBAAiB,GAAG,MAAM,CAAC,gBAAgB,CAAC;aACzC,IAAI,CAAC,CAAC,GAAG,EAAE,EAAE;YACZ,IAAI,GAAG,IAAI,OAAO,GAAG,CAAC,eAAe,KAAK,UAAU,EAAE,CAAC;gBACrD,OAAO,EAAE,eAAe,EAAE,GAAG,CAAC,eAAe,EAAE,CAAC;YAClD,CAAC;YACD,OAAO,IAAI,CAAC;QACd,CAAC,CAAC;aACD,KAAK,CAAC,CAAC,KAAK,EAAE,EAAE;YACf,MAAM,CAAC,OAAO,CAAC,gCAAgC,EAAE;gBAC/C,KAAK,EAAE,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC;aAC9D,CAAC,CAAC;YACH,OAAO,IAAI,CAAC;QACd,CAAC,CAAC,CAAC;IACP,CAAC;IAED,OAAO,iBAAiB,CAAC;AAC3B,CAAC;AAED,SAAS,gBAAgB,CAAC,KAAa;IACrC,IAAI,OAAO,MAAM,KAAK,WAAW,EAAE,CAAC;QAClC,OAAO,MAAM,CAAC,IAAI,CAAC,KAAK,EAAE,QAAQ,CAAC,CAAC;IACtC,CAAC;IAED,MAAM,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,CAAC;IAC3B,MAAM,KAAK,GAAG,IAAI,UAAU,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC;IAC5C,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,MAAM,CAAC,MAAM,EAAE,CAAC,IAAI,CAAC,EAAE,CAAC;QAC1C,KAAK,CAAC,CAAC,CAAC,GAAG,MAAM,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC;IAClC,CAAC;IACD,OAAO,KAAK,CAAC;AACf,CAAC;AAOD,MAAM,OAAO,aAAc,SAAQ,WAAW;IAQ5C,YAAY,EACV,QAAQ,GAAG,IAAI,EACf,wBAAwB,GAAG,IAAI,MACP,EAAE;QAC1B,KAAK,EAAE,CAAC;QAXM,aAAQ,GAAG,IAAI,CAAC;QAKxB,cAAS,GAA6B,IAAI,CAAC;QAOjD,IAAI,CAAC,QAAQ,GAAG,QAAQ,IAAI,WAAW,EAAE,CAAC;QAC1C,IAAI,CAAC,KAAK,GAAG,IAAI,iBAAiB,CAAC,EAAE,QAAQ,EAAE,IAAI,CAAC,QAAQ,EAAE,CAAC,CAAC;QAChE,IAAI,CAAC,iBAAiB,GAAG,wBAAwB,CAAC;IACpD,CAAC;IAEM,KAAK,CAAC,aAAa,CAAC,IAAc;QACvC,MAAM,IAAI,CAAC,KAAK,CAAC,aAAa,CAAC,IAAI,CAAC,CAAC;QACrC,IAAI,CAAC,cAAc,EAAE,CAAC;QAEtB,MAAM,CAAC,KAAK,CAAC,yBAAyB,EAAE;YACtC,mBAAmB,EAAE,IAAI,CAAC,iBAAiB;SAC5C,CAAC,CAAC;IACL,CAAC;IAEM,KAAK,CAAC,aAAa,CAAC,IAAc;QACvC,MAAM,CAAC,KAAK,CAAC,0BAA0B,CAAC,CAAC;QACzC,MAAM,IAAI,CAAC,aAAa,CAAC,EAAE,WAAW,EAAE,GAAG,EAAE,WAAW,EAAE,GAAG,EAAE,CAAC,CAAC;QACjE,IAAI,CAAC,SAAS,GAAG,IAAI,CAAC;QACtB,MAAM,IAAI,CAAC,KAAK,CAAC,aAAa,CAAC,IAAI,CAAC,CAAC;QACrC,MAAM,CAAC,KAAK,CAAC,yBAAyB,CAAC,CAAC;IAC1C,CAAC;IAEM,KAAK,CAAC,MAAM,CAAC,GAAW;QAC7B,OAAO,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;IAChC,CAAC;IAEM,KAAK,CAAC,MAAM,CAAC,GAAW;QAC7B,OAAO,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;IAChC,CAAC;IAEM,KAAK,CAAC,OAAO,CAAC,OAOpB;QACC,MAAM,EACJ,IAAI,EACJ,GAAG,EACH,YAAY,EACZ,QAAQ,EACR,MAAM,EACN,iBAAiB,GAAG,KAAK,GAC1B,GAAG,OAAO,CAAC;QAEZ,MAAM,UAAU,GAAG,qBAAqB,EAAE,CAAC;QAC3C,MAAM,sBAAsB,GAAG,IAAI,CAAC;QAEpC,MAAM,SAAS,GAAmC,EAAE,CAAC;QACrD,IAAI,aAAa,GAAG,CAAC,CAAC;QAEtB,KAAK,MAAM,GAAG,IAAI,IAAI,EAAE,CAAC;YACvB,IAAI,CAAC;gBACH,mBAAmB,CAAC,GAAiB,CAAC,CAAC;gBAEvC,IAAI,KAAK,CAAC,OAAO,CAAE,GAA+B,CAAC,GAAG,CAAC,IAAI,UAAU,EAAE,CAAC;oBACtE,MAAM,gBAAgB,GAAG,gCAAgC,CAAC;wBACxD,GAAG,EAAE,GAA8B;wBACnC,UAAU;wBACV,sBAAsB;wBACtB,MAAM;wBACN,QAAQ;wBACR,YAAY;qBACb,CAAC,CAAC;oBAEH,IAAI,CAAC,gBAAgB,CAAC,QAAQ,EAAE,CAAC;wBAC/B,aAAa,IAAI,CAAC,CAAC;wBACnB,IAAI,gBAAgB,CAAC,IAAI,EAAE,CAAC;4BAC1B,SAAS;wBACX,CAAC;oBACH,CAAC;gBACH,CAAC;gBAED,SAAS,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;YACtB,CAAC;YAAC,OAAO,KAAK,EAAE,CAAC;gBACf,IAAI,KAAK,YAAY,kBAAkB,EAAE,CAAC;oBACxC,MAAM,CAAC,OAAO,CAAC,kCAAkC,EAAE;wBACjD,GAAG,EAAE,OAAO,GAAG,EAAE,GAAG,KAAK,QAAQ,CAAC,CAAC,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC,CAAC,SAAS;wBACvD,cAAc,EAAE,QAAQ;wBACxB,kBAAkB,EAAE,YAAY;wBAChC,KAAK,EAAE,KAAK,CAAC,OAAO;qBACrB,CAAC,CAAC;oBACH,aAAa,IAAI,CAAC,CAAC;oBACnB,SAAS;gBACX,CAAC;gBACD,MAAM,KAAK,CAAC;YACd,CAAC;QACH,CAAC;QAED,IAAI,SAAS,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YAC3B,MAAM,CAAC,OAAO,CAAC,2BAA2B,EAAE;gBAC1C,cAAc,EAAE,QAAQ;gBACxB,kBAAkB,EAAE,YAAY;gBAChC,UAAU,EAAE,IAAI,CAAC,MAAM;gBACvB,cAAc,EAAE,aAAa;aAC9B,CAAC,CAAC;YACH,OAAO;QACT,CAAC;QAED,MAAM,CAAC,KAAK,CAAC,aAAa,EAAE;YAC1B,OAAO,EAAE,SAAS,CAAC,GAAG,CAAC,CAAC,GAAG,EAAE,EAAE,CAC7B,OAAO,GAAG,EAAE,GAAG,KAAK,QAAQ,CAAC,CAAC,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC,CAAC,SAAS,CACnD;YACD,gBAAgB,EAAE,QAAQ;YAC1B,kBAAkB,EAAE,YAAY;YAChC,QAAQ,EAAE,cAAc,EAAE;YAC1B,MAAM;YACN,WAAW,EAAE,SAAS,CAAC,MAAM;YAC7B,cAAc,EAAE,aAAa;SAC9B,CAAC,CAAC;QAEH,MAAM,iBAAiB,GAAG,SAAS,CAAC,IAAI,CACtC,CAAC,GAAG,EAAE,EAAE,CAAC,OAAO,GAAG,EAAE,GAAG,KAAK,QAAQ,IAAI,GAAG,CAAC,GAAG,KAAK,KAAK,CAC3D,CAAC;QAEF,IAAI,iBAAiB,EAAE,CAAC;YACtB,MAAM,CAAC,KAAK,CAAC,4CAA4C,EAAE;gBACzD,aAAa,EAAE,YAAY;gBAC3B,MAAM;gBACN,YAAY,EAAE,SAAS;qBACpB,MAAM,CAAC,CAAC,GAAG,EAAE,EAAE,CAAC,OAAO,GAAG,EAAE,GAAG,KAAK,QAAQ,IAAI,GAAG,CAAC,GAAG,KAAK,KAAK,CAAC;qBAClE,GAAG,CAAC,CAAC,GAAG,EAAE,EAAE,CAAC,CAAC,OAAO,GAAG,EAAE,GAAG,KAAK,QAAQ,CAAC,CAAC,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC;aACtE,CAAC,CAAC;YAEH,IAAI,CAAC;gBACH,MAAM,OAAO,GAAG,MAAM,IAAI,CAAC,QAAQ,CAAC,oBAAoB,EAAE,CAAC;gBAE3D,MAAM,iBAAiB,GAAG,IAAI,GAAG,EAAU,CAAC;gBAC5C,MAAM,gBAAgB,GAAa,EAAE,CAAC;gBACtC,MAAM,kBAAkB,GAAG,IAAI,YAAY,EAAE,CAAC;gBAE9C,KAAK,MAAM,CAAC,IAAI,EAAE,OAAO,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,OAAO,CAAC,EAAE,CAAC;oBACtD,IAAI,IAAI,KAAK,YAAY,IAAI,CAAC,IAAI,CAAC,QAAQ,CAAC,kBAAkB,CAAC,EAAE,CAAC;wBAChE,SAAS;oBACX,CAAC;oBAED,MAAM,aAAa,GAAG,OAAO,CAAC,MAAM,CAClC,CAAC,MAAM,EAAE,EAAE,CAAC,OAAO,MAAM,EAAE,GAAG,KAAK,QAAQ,IAAI,MAAM,CAAC,GAAG,KAAK,KAAK,CACpE,CAAC;oBAEF,IAAI,aAAa,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;wBAC/B,SAAS;oBACX,CAAC;oBAED,gBAAgB,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;oBAC5B,KAAK,MAAM,MAAM,IAAI,aAAa,EAAE,CAAC;wBACnC,IAAI,OAAO,MAAM,EAAE,GAAG,KAAK,QAAQ,EAAE,CAAC;4BACpC,iBAAiB,CAAC,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;wBACpC,CAAC;oBACH,CAAC;gBACH,CAAC;gBAED,IAAI,iBAAiB,CAAC,IAAI,GAAG,CAAC,EAAE,CAAC;oBAC/B,MAAM,CAAC,KAAK,CAAC,6CAA6C,EAAE;wBAC1D,aAAa,EAAE,YAAY;wBAC3B,aAAa,EAAE,gBAAgB;wBAC/B,oBAAoB,EAAE,KAAK,CAAC,IAAI,CAAC,iBAAiB,CAAC;qBACpD,CAAC,CAAC;oBAEH,MAAM,YAAY,GAAG,IAAI,GAAG,CAC1B,SAAS;yBACN,MAAM,CACL,CAAC,GAAG,EAAE,EAAE,CAAC,OAAO,GAAG,EAAE,GAAG,KAAK,QAAQ,IAAI,GAAG,CAAC,GAAG,KAAK,KAAK,CAC3D;yBACA,GAAG,CAAC,CAAC,GAAG,EAAE,EAAE,CAAC,CAAC,OAAO,GAAG,EAAE,GAAG,KAAK,QAAQ,CAAC,CAAC,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC;yBAC3D,MAAM,CAAC,CAAC,GAAG,EAAiB,EAAE,CAAC,GAAG,CAAC,MAAM,GAAG,CAAC,CAAC,CAClD,CAAC;oBAEF,MAAM,YAAY,GAAG,KAAK,CAAC,IAAI,CAAC,iBAAiB,CAAC,CAAC,MAAM,CACvD,CAAC,GAAG,EAAE,EAAE,CAAC,CAAC,YAAY,CAAC,GAAG,CAAC,GAAG,CAAC,CAChC,CAAC;oBAEF,IAAI,YAAY,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;wBAC5B,MAAM,CAAC,IAAI,CAAC,+CAA+C,EAAE;4BAC3D,aAAa,EAAE,YAAY;4BAC3B,mBAAmB,EAAE,gBAAgB;4BACrC,WAAW,EAAE,YAAY;4BACzB,WAAW,EAAE,KAAK,CAAC,IAAI,CAAC,YAAY,CAAC;4BACrC,MAAM;yBACP,CAAC,CAAC;wBAEH,KAAK,MAAM,GAAG,IAAI,YAAY,EAAE,CAAC;4BAC/B,MAAM,IAAI,CAAC,QAAQ,CAAC,SAAS,CAAC,GAAG,CAAC,CAAC;4BACnC,MAAM,CAAC,KAAK,CAAC,2CAA2C,EAAE;gCACxD,GAAG;6BACJ,CAAC,CAAC;wBACL,CAAC;oBACH,CAAC;gBACH,CAAC;YACH,CAAC;YAAC,OAAO,KAAK,EAAE,CAAC;gBACf,MAAM,CAAC,OAAO,CAAC,sCAAsC,EAAE;oBACrD,aAAa,EAAE,YAAY;oBAC3B,KAAK,EAAE,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC;oBAC7D,MAAM;iBACP,CAAC,CAAC;YACL,CAAC;QACH,CAAC;QAED,MAAM,aAAa,GAOf;YACF,IAAI,EAAE,SAAS;YACf,YAAY;YACZ,QAAQ;YACR,MAAM;SACP,CAAC;QAEF,IAAI,iBAAiB,EAAE,CAAC;YACtB,aAAa,CAAC,iBAAiB,GAAG,IAAI,CAAC;QACzC,CAAC;QAED,IAAI,OAAO,GAAG,KAAK,QAAQ,EAAE,CAAC;YAC5B,aAAa,CAAC,GAAG,GAAG,GAAG,CAAC;QAC1B,CAAC;QAED,MAAM,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,aAAa,CAAC,CAAC;IAC1C,CAAC;IAEM,KAAK,CAAC,sBAAsB;QACjC,MAAM,IAAI,CAAC,KAAK,CAAC,sBAAsB,EAAE,CAAC;IAC5C,CAAC;IAEM,KAAK,CAAC,gBAAgB,CAAC,OAO7B;QACC,MAAM,IAAI,CAAC,KAAK,CAAC,gBAAgB,CAAC,OAAO,CAAC,CAAC;IAC7C,CAAC;IAEM,KAAK,CAAC,iBAAiB,CAAC,YAAoB;QACjD,OAAO,IAAI,CAAC,KAAK,CAAC,iBAAiB,CAAC,YAAY,CAAC,CAAC;IACpD,CAAC;IAEM,KAAK,CAAC,cAAc,CACzB,YAAoB;QAEpB,OAAO,IAAI,CAAC,KAAK,CAAC,cAAc,CAAC,YAAY,CAAC,CAAC;IACjD,CAAC;IAEM,KAAK,CAAC,wBAAwB;QACnC,MAAM,CAAC,KAAK,CAAC,4BAA4B,CAAC,CAAC;QAE3C,MAAM,MAAM,GAAG,MAAM,cAAc,EAAE,CAAC;QACtC,IAAI,CAAC,MAAM,EAAE,CAAC;YACZ,MAAM,CAAC,OAAO,CAAC,2BAA2B,EAAE;gBAC1C,MAAM,EAAE,yBAAyB;aAClC,CAAC,CAAC;YACH,OAAO,CAAC,CAAC;QACX,CAAC;QAED,MAAM,GAAG,GAAG,IAAI,IAAI,EAAE,CAAC;QACvB,MAAM,WAAW,GAAG,MAAM,IAAI,CAAC,QAAQ,CAAC,oBAAoB,EAAE,CAAC;QAC/D,MAAM,YAAY,GAAkD,EAAE,CAAC;QAEvE,KAAK,MAAM,IAAI,IAAI,MAAM,CAAC,MAAM,CAAC,WAAW,CAAC,EAAE,CAAC;YAC9C,KAAK,MAAM,GAAG,IAAI,IAAI,EAAE,CAAC;gBACvB,MAAM,KAAK,GAAI,GAA+B,CAAC,GAAG,CAAC;gBACnD,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,KAAK,CAAC,IAAI,KAAK,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;oBAChD,SAAS;gBACX,CAAC;gBAED,MAAM,CAAC,IAAI,CAAC,GAAG,KAAK,CAAC;gBACrB,IAAI,OAAO,IAAI,KAAK,QAAQ,EAAE,CAAC;oBAC7B,SAAS;gBACX,CAAC;gBAED,IAAI,CAAC;oBACH,MAAM,GAAG,GAAG,gBAAgB,CAAC,IAAI,CAAC,CAAC;oBACnC,MAAM,IAAI,GAAG,IAAI,MAAM,CAAC,eAAe,CAAC,GAAG,CAAC,CAAC;oBAC7C,MAAM,UAAU,GAAG,IAAI,CAAC,QAAQ,CAAC;oBAEjC,IAAI,UAAU,IAAI,UAAU,CAAC,OAAO,EAAE,GAAG,GAAG,CAAC,OAAO,EAAE,EAAE,CAAC;wBACvD,MAAM,CAAC,KAAK,CAAC,2BAA2B,EAAE;4BACxC,GAAG,EAAE,OAAO,GAAG,CAAC,GAAG,KAAK,QAAQ,CAAC,CAAC,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC,CAAC,SAAS;4BACtD,aAAa,EACX,OAAO,GAAG,CAAC,aAAa,KAAK,QAAQ;gCACnC,CAAC,CAAC,GAAG,CAAC,aAAa;gCACnB,CAAC,CAAC,SAAS;4BACf,UAAU,EAAE,UAAU,CAAC,WAAW,EAAE;yBACrC,CAAC,CAAC;wBACH,IAAI,OAAO,GAAG,CAAC,GAAG,KAAK,QAAQ,EAAE,CAAC;4BAChC,MAAM,OAAO,GAA2C;gCACtD,GAAG,EAAE,GAAG,CAAC,GAAG;6BACb,CAAC;4BACF,IAAI,OAAO,GAAG,CAAC,aAAa,KAAK,QAAQ,EAAE,CAAC;gCAC1C,OAAO,CAAC,YAAY,GAAG,GAAG,CAAC,aAAa,CAAC;4BAC3C,CAAC;4BACD,YAAY,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;wBAC7B,CAAC;oBACH,CAAC;gBACH,CAAC;gBAAC,OAAO,KAAK,EAAE,CAAC;oBACf,MAAM,CAAC,OAAO,CAAC,yCAAyC,EAAE;wBACxD,GAAG,EAAE,OAAO,GAAG,CAAC,GAAG,KAAK,QAAQ,CAAC,CAAC,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC,CAAC,SAAS;wBACtD,KAAK,EAAE,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC;wBAC7D,OAAO,EAAE,8CAA8C;qBACxD,CAAC,CAAC;gBACL,CAAC;YACH,CAAC;QACH,CAAC;QAED,IAAI,WAAW,GAAG,CAAC,CAAC;QACpB,KAAK,MAAM,OAAO,IAAI,YAAY,EAAE,CAAC;YACnC,IAAI,CAAC;gBACH,MAAM,OAAO,GAAG,MAAM,IAAI,CAAC,QAAQ,CAAC,SAAS,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC;gBAC3D,IAAI,OAAO,EAAE,CAAC;oBACZ,WAAW,IAAI,CAAC,CAAC;oBACjB,MAAM,CAAC,KAAK,CAAC,4BAA4B,EAAE;wBACzC,GAAG,EAAE,OAAO,CAAC,GAAG;wBAChB,aAAa,EAAE,OAAO,CAAC,YAAY,IAAI,SAAS;qBACjD,CAAC,CAAC;gBACL,CAAC;YACH,CAAC;YAAC,OAAO,KAAK,EAAE,CAAC;gBACf,MAAM,CAAC,KAAK,CAAC,0BAA0B,EAAE;oBACvC,GAAG,EAAE,OAAO,CAAC,GAAG;oBAChB,KAAK,EAAE,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC;iBAC9D,CAAC,CAAC;YACL,CAAC;QACH,CAAC;QAED,MAAM,CAAC,KAAK,CAAC,6BAA6B,EAAE;YAC1C,YAAY,EAAE,WAAW;SAC1B,CAAC,CAAC;QAEH,OAAO,WAAW,CAAC;IACrB,CAAC;IAEO,cAAc;QACpB,IAAI,IAAI,CAAC,SAAS,EAAE,CAAC;YACnB,OAAO;QACT,CAAC;QAED,IAAI,CAAC,SAAS,GAAG,IAAI,CAAC,KAAK,CACzB,KAAK,EAAE,MAAM,EAAE,EAAE;YACf,MAAM,CAAC,KAAK,CAAC,gCAAgC,EAAE;gBAC7C,gBAAgB,EAAE,IAAI,CAAC,iBAAiB;aACzC,CAAC,CAAC;YAEH,IAAI,CAAC;gBACH,OAAO,CAAC,MAAM,EAAE,OAAO,EAAE,CAAC;oBACxB,MAAM,WAAW,GAAG,IAAI,OAAO,CAAO,CAAC,OAAO,EAAE,EAAE;wBAChD,MAAM,OAAO,GAAG,UAAU,CACxB,GAAG,EAAE,CAAC,OAAO,EAAE,EACf,IAAI,CAAC,iBAAiB,GAAG,IAAI,CAC9B,CAAC;wBACF,IAAI,MAAM,EAAE,CAAC;4BACX,MAAM,CAAC,gBAAgB,CACrB,OAAO,EACP,GAAG,EAAE;gCACH,YAAY,CAAC,OAAO,CAAC,CAAC;gCACtB,OAAO,EAAE,CAAC;4BACZ,CAAC,EACD,EAAE,IAAI,EAAE,IAAI,EAAE,CACf,CAAC;wBACJ,CAAC;oBACH,CAAC,CAAC,CAAC;oBAEH,MAAM,WAAW,CAAC;oBAClB,IAAI,MAAM,EAAE,OAAO,EAAE,CAAC;wBACpB,MAAM;oBACR,CAAC;oBAED,IAAI,CAAC;wBACH,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,wBAAwB,EAAE,CAAC;wBACrD,IAAI,MAAM,GAAG,CAAC,EAAE,CAAC;4BACf,MAAM,CAAC,KAAK,CAAC,mCAAmC,EAAE;gCAChD,YAAY,EAAE,MAAM;6BACrB,CAAC,CAAC;wBACL,CAAC;oBACH,CAAC;oBAAC,OAAO,KAAK,EAAE,CAAC;wBACf,MAAM,CAAC,KAAK,CAAC,gCAAgC,EAAE;4BAC7C,KAAK,EAAE,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC;yBAC9D,CAAC,CAAC;oBACL,CAAC;gBACH,CAAC;YACH,CAAC;YAAC,OAAO,KAAK,EAAE,CAAC;gBACf,IAAI,MAAM,EAAE,OAAO,EAAE,CAAC;oBACpB,MAAM,CAAC,KAAK,CAAC,kCAAkC,CAAC,CAAC;gBACnD,CAAC;qBAAM,CAAC;oBACN,MAAM,CAAC,KAAK,CAAC,+BAA+B,EAAE;wBAC5C,KAAK,EAAE,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC;qBAC9D,CAAC,CAAC;gBACL,CAAC;YACH,CAAC;oBAAS,CAAC;gBACT,MAAM,CAAC,KAAK,CAAC,gCAAgC,CAAC,CAAC;YACjD,CAAC;QACH,CAAC,EACD,EAAE,IAAI,EAAE,YAAY,EAAE,CACvB,CAAC;IACJ,CAAC;CACF;AAOD,SAAS,gCAAgC,CAAC,OAOzC;IACC,MAAM,EACJ,GAAG,EACH,UAAU,EACV,sBAAsB,EACtB,MAAM,EACN,QAAQ,EACR,YAAY,GACb,GAAG,OAAO,CAAC;IAEZ,IAAI,MAAuC,CAAC;IAC5C,IAAI,CAAC;QACH,MAAM,GAAG,yBAAyB,CAAC;YACjC,GAAG;YACH,aAAa,EAAE,UAAU;YACzB,sBAAsB;YACtB,MAAM,EAAE,KAAK;SACd,CAAC,CAAC;IACL,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,MAAM,CAAC,OAAO,CAAC,oDAAoD,EAAE;YACnE,GAAG,EAAE,OAAO,GAAG,CAAC,GAAG,KAAK,QAAQ,CAAC,CAAC,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC,CAAC,SAAS;YACtD,cAAc,EAAE,QAAQ;YACxB,kBAAkB,EAAE,YAAY;YAChC,MAAM;YACN,KAAK,EAAE,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC;YAC7D,QAAQ,EAAE,aAAa;SACxB,CAAC,CAAC;QACH,OAAO;YACL,QAAQ,EAAE,KAAK;YACf,IAAI,EACF,MAAM,KAAK,kBAAkB,CAAC,UAAU;gBACxC,MAAM,KAAK,kBAAkB,CAAC,QAAQ;SACzC,CAAC;IACJ,CAAC;IAED,IAAI,MAAM,CAAC,OAAO,EAAE,CAAC;QACnB,OAAO,EAAE,QAAQ,EAAE,IAAI,EAAE,IAAI,EAAE,KAAK,EAAE,CAAC;IACzC,CAAC;IAED,MAAM,CAAC,OAAO,CAAC,oDAAoD,EAAE;QACnE,GAAG,EAAE,OAAO,GAAG,CAAC,GAAG,KAAK,QAAQ,CAAC,CAAC,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC,CAAC,SAAS;QACtD,cAAc,EAAE,QAAQ;QACxB,kBAAkB,EAAE,YAAY;QAChC,MAAM;QACN,KAAK,EAAE,MAAM,CAAC,KAAK,IAAI,SAAS;QAChC,QAAQ,EAAE,aAAa;KACxB,CAAC,CAAC;IAEH,OAAO;QACL,QAAQ,EAAE,KAAK;QACf,IAAI,EACF,MAAM,KAAK,kBAAkB,CAAC,UAAU;YACxC,MAAM,KAAK,kBAAkB,CAAC,QAAQ;KACzC,CAAC;AACJ,CAAC;AAED,SAAS,qBAAqB;IAC5B,IAAI,CAAC;QACH,IAAI,OAAO,OAAO,KAAK,WAAW,IAAI,CAAC,OAAO,CAAC,GAAG,EAAE,CAAC;YACnD,OAAO,IAAI,CAAC;QACd,CAAC;QAED,IAAI,OAAO,CAAC,GAAG,CAAC,qBAAqB,EAAE,CAAC;YACtC,OAAO,OAAO,CAAC,GAAG,CAAC,qBAAqB,CAAC;QAC3C,CAAC;QAED,OAAO,OAAO,CAAC,GAAG,CAAC,iBAAiB,IAAI,IAAI,CAAC;IAC/C,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,MAAM,CAAC,KAAK,CAAC,+BAA+B,EAAE;YAC5C,KAAK,EAAE,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC;SAC9D,CAAC,CAAC;QACH,OAAO,IAAI,CAAC;IACd,CAAC;AACH,CAAC"}