@opentdf/sdk 0.1.0-beta.1701

package/dist/cjs/tdf3/src/client/index.js

@@ -0,0 +1,460 @@
+"use strict";
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
+    Object.defineProperty(o, "default", { enumerable: true, value: v });
+}) : function(o, v) {
+    o["default"] = v;
+});
+var __importStar = (this && this.__importStar) || function (mod) {
+    if (mod && mod.__esModule) return mod;
+    var result = {};
+    if (mod != null) for (var k in mod) if (k !== "default" && Object.prototype.hasOwnProperty.call(mod, k)) __createBinding(result, mod, k);
+    __setModuleDefault(result, mod);
+    return result;
+};
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.withHeaders = exports.fromDataSource = exports.HttpRequest = exports.EncryptParamsBuilder = exports.DecryptParamsBuilder = exports.AppIdAuthProvider = exports.Client = exports.createSessionKeys = exports.uploadBinaryToS3 = void 0;
+const uuid_1 = require("uuid");
+const axios_1 = __importDefault(require("axios"));
+const index_js_1 = require("../utils/index.js");
+Object.defineProperty(exports, "fromDataSource", { enumerable: true, get: function () { return index_js_1.fromDataSource; } });
+const index_js_2 = require("../../../src/encodings/index.js");
+const tdf_js_1 = require("../tdf.js");
+const oidc_refreshtoken_provider_js_1 = require("../../../src/auth/oidc-refreshtoken-provider.js");
+const oidc_externaljwt_provider_js_1 = require("../../../src/auth/oidc-externaljwt-provider.js");
+const auth_js_1 = require("../../../src/auth/auth.js");
+Object.defineProperty(exports, "AppIdAuthProvider", { enumerable: true, get: function () { return auth_js_1.AppIdAuthProvider; } });
+Object.defineProperty(exports, "HttpRequest", { enumerable: true, get: function () { return auth_js_1.HttpRequest; } });
+Object.defineProperty(exports, "withHeaders", { enumerable: true, get: function () { return auth_js_1.withHeaders; } });
+const Eas_js_1 = __importDefault(require("../../../src/auth/Eas.js"));
+const utils_js_1 = require("../../../src/utils.js");
+const DecoratedReadableStream_js_1 = require("./DecoratedReadableStream.js");
+const builders_js_1 = require("./builders.js");
+Object.defineProperty(exports, "DecryptParamsBuilder", { enumerable: true, get: function () { return builders_js_1.DecryptParamsBuilder; } });
+Object.defineProperty(exports, "EncryptParamsBuilder", { enumerable: true, get: function () { return builders_js_1.EncryptParamsBuilder; } });
+const access_js_1 = require("../../../src/access.js");
+const errors_js_1 = require("../../../src/errors.js");
+const aes_gcm_cipher_js_1 = require("../ciphers/aes-gcm-cipher.js");
+const crypto_utils_js_1 = require("../crypto/crypto-utils.js");
+const defaultCryptoService = __importStar(require("../crypto/index.js"));
+const index_js_3 = require("../models/index.js");
+const granter_js_1 = require("../../../src/policy/granter.js");
+const api_js_1 = require("../../../src/policy/api.js");
+const GLOBAL_BYTE_LIMIT = 64 * 1000 * 1000 * 1000; // 64 GB, see WS-9363.
+const HTML_BYTE_LIMIT = 100 * 1000 * 1000; // 100 MB, see WS-9476.
+// No default config for now. Delegate to Virtru wrapper for endpoints.
+const defaultClientConfig = { oidcOrigin: '', cryptoService: defaultCryptoService };
+const uploadBinaryToS3 = async function (stream, uploadUrl, fileSize) {
+    try {
+        const body = await (0, index_js_1.streamToBuffer)(stream);
+        await axios_1.default.put(uploadUrl, body, {
+            headers: {
+                'Content-Length': fileSize,
+                'content-type': 'application/zip',
+                'cache-control': 'no-store',
+            },
+            maxContentLength: Infinity,
+            maxBodyLength: Infinity,
+        });
+    }
+    catch (e) {
+        console.error(e);
+        throw e;
+    }
+};
+exports.uploadBinaryToS3 = uploadBinaryToS3;
+const getFirstTwoBytes = async (chunker) => new TextDecoder().decode(await chunker(0, 2));
+const makeChunkable = async (source) => {
+    if (!source) {
+        throw new errors_js_1.ConfigurationError('invalid source');
+    }
+    // dump stream to buffer
+    // we don't support streams anyways (see zipreader.js)
+    let initialChunker;
+    let buf = null;
+    switch (source.type) {
+        case 'stream':
+            buf = await (0, index_js_1.streamToBuffer)(source.location);
+            initialChunker = (0, index_js_1.fromBuffer)(buf);
+            break;
+        case 'buffer':
+            buf = source.location;
+            initialChunker = (0, index_js_1.fromBuffer)(buf);
+            break;
+        case 'chunker':
+            initialChunker = source.location;
+            break;
+        default:
+            initialChunker = await (0, index_js_1.fromDataSource)(source);
+    }
+    const magic = await getFirstTwoBytes(initialChunker);
+    // Pull first two bytes from source.
+    if (magic === 'PK') {
+        return initialChunker;
+    }
+    // Unwrap if it's html.
+    // If NOT zip (html), convert/dump to buffer, unwrap, and continue.
+    const htmlBuf = buf ?? (await initialChunker());
+    const zipBuf = (0, tdf_js_1.unwrapHtml)(htmlBuf);
+    return (0, index_js_1.fromBuffer)(zipBuf);
+};
+/*
+ * Extract a keypair provided as part of the options dict.
+ * Default to using the clientwide keypair, generating one if necessary.
+ *
+ * Additionally, update the auth injector with the (potentially new) pubkey
+ */
+async function createSessionKeys({ authProvider, 
+// FIXME use cryptoservice to generate keys again
+cryptoService, dpopKeys, }) {
+    let signingKeys;
+    if (dpopKeys) {
+        signingKeys = await dpopKeys;
+    }
+    else {
+        const keys = await cryptoService.generateSigningKeyPair();
+        // signingKeys = await crypto.subtle.generateKey(rsaPkcs1Sha256(), true, ['sign']);
+        signingKeys = await (0, crypto_utils_js_1.toCryptoKeyPair)(keys);
+    }
+    // This will contact the auth server and forcibly refresh the auth token claims,
+    // binding the token and the (new) pubkey together.
+    // Note that we base64 encode the PEM string here as a quick workaround, simply because
+    // a formatted raw PEM string isn't a valid header value and sending it raw makes keycloak's
+    // header parser barf. There are more subtle ways to solve this, but this works for now.
+    if (authProvider && !(0, index_js_1.isAppIdProviderCheck)(authProvider)) {
+        await authProvider?.updateClientPublicKey(signingKeys);
+    }
+    return signingKeys;
+}
+exports.createSessionKeys = createSessionKeys;
+/*
+ * Create a policy object for an encrypt operation.
+ */
+function asPolicy(scope) {
+    if (scope.policyObject) {
+        // use the client override if provided
+        return scope.policyObject;
+    }
+    const policyId = scope.policyId ?? (0, uuid_1.v4)();
+    let dataAttributes;
+    if (scope.attributeValues) {
+        dataAttributes = scope.attributeValues
+            .filter(({ fqn }) => !!fqn)
+            .map(({ fqn }) => {
+            return { attribute: fqn };
+        });
+    }
+    else {
+        dataAttributes = (scope.attributes ?? []).map((attribute) => typeof attribute === 'string' ? { attribute } : attribute);
+    }
+    return {
+        uuid: policyId,
+        body: {
+            dataAttributes,
+            dissem: scope.dissem ?? [],
+        },
+    };
+}
+class Client {
+    /**
+     * An abstraction for protecting and accessing data using TDF3 services.
+     * @param {Object} [config.keypair] - keypair generated for signing. Optional, will be generated by sdk if not passed
+     * @param {String} [config.clientId]
+     * @param {String} [config.kasEndpoint] - Key Access Server url
+     * @param {String} [config.refreshToken] - After logging in to browser OIDC interface user
+     * receives fresh token that needed by SDK for auth needs
+     * @param {String} [config.externalJwt] - JWT from external authority (eg Google)
+     * @param {String} [config.oidcOrigin] - Endpoint of authentication service
+     */
+    constructor(config) {
+        this.kasKeys = {};
+        const clientConfig = { ...defaultClientConfig, ...config };
+        this.cryptoService = clientConfig.cryptoService;
+        this.dpopEnabled = !!(clientConfig.dpopEnabled || clientConfig.dpopKeys);
+        clientConfig.readerUrl && (this.readerUrl = clientConfig.readerUrl);
+        if (clientConfig.kasEndpoint) {
+            this.kasEndpoint = clientConfig.kasEndpoint;
+        }
+        else {
+            // handle Deprecated `kasRewrapEndpoint` parameter
+            if (!clientConfig.keyRewrapEndpoint) {
+                throw new errors_js_1.ConfigurationError('KAS definition not found');
+            }
+            this.kasEndpoint = clientConfig.keyRewrapEndpoint.replace(/\/rewrap$/, '');
+        }
+        this.kasEndpoint = (0, utils_js_1.rstrip)(this.kasEndpoint, '/');
+        if (clientConfig.policyEndpoint) {
+            this.policyEndpoint = (0, utils_js_1.rstrip)(clientConfig.policyEndpoint, '/');
+        }
+        else if (this.kasEndpoint.endsWith('/kas')) {
+            this.policyEndpoint = this.kasEndpoint.slice(0, -4);
+        }
+        const kasOrigin = new URL(this.kasEndpoint).origin;
+        if (clientConfig.allowedKases) {
+            this.allowedKases = new access_js_1.OriginAllowList(clientConfig.allowedKases, !!clientConfig.ignoreAllowList);
+            if (!(0, utils_js_1.validateSecureUrl)(this.kasEndpoint) && !this.allowedKases.allows(kasOrigin)) {
+                throw new errors_js_1.ConfigurationError(`Invalid KAS endpoint [${this.kasEndpoint}]`);
+            }
+        }
+        else {
+            if (!(0, utils_js_1.validateSecureUrl)(this.kasEndpoint)) {
+                throw new errors_js_1.ConfigurationError(`Invalid KAS endpoint [${this.kasEndpoint}]; to force, please list it among allowedKases`);
+            }
+            this.allowedKases = new access_js_1.OriginAllowList([kasOrigin], !!clientConfig.ignoreAllowList);
+        }
+        this.authProvider = config.authProvider;
+        this.clientConfig = clientConfig;
+        if (this.authProvider && (0, index_js_1.isAppIdProviderCheck)(this.authProvider)) {
+            this.eas = new Eas_js_1.default({
+                authProvider: this.authProvider,
+                endpoint: clientConfig.entityObjectEndpoint ?? `${clientConfig.easEndpoint}/api/entityobject`,
+            });
+        }
+        this.clientId = clientConfig.clientId;
+        if (!this.authProvider) {
+            if (!clientConfig.clientId) {
+                throw new errors_js_1.ConfigurationError('Client ID or custom AuthProvider must be defined');
+            }
+            //Are we exchanging a refreshToken for a bearer token (normal AuthCode browser auth flow)?
+            //If this is a browser context, we expect the caller to handle the initial
+            //browser-based OIDC login and authentication process against the OIDC endpoint using their chosen method,
+            //and provide us with a valid refresh token/clientId obtained from that process.
+            if (clientConfig.refreshToken) {
+                this.authProvider = new oidc_refreshtoken_provider_js_1.OIDCRefreshTokenProvider({
+                    clientId: clientConfig.clientId,
+                    refreshToken: clientConfig.refreshToken,
+                    oidcOrigin: clientConfig.oidcOrigin,
+                });
+            }
+            else if (clientConfig.externalJwt) {
+                //Are we exchanging a JWT previously issued by a trusted external entity (e.g. Google) for a bearer token?
+                this.authProvider = new oidc_externaljwt_provider_js_1.OIDCExternalJwtProvider({
+                    clientId: clientConfig.clientId,
+                    externalJwt: clientConfig.externalJwt,
+                    oidcOrigin: clientConfig.oidcOrigin,
+                });
+            }
+        }
+        this.dpopKeys = createSessionKeys({
+            authProvider: this.authProvider,
+            cryptoService: this.cryptoService,
+            dpopKeys: clientConfig.dpopKeys,
+        });
+        if (clientConfig.kasPublicKey) {
+            this.kasKeys[this.kasEndpoint] = Promise.resolve({
+                url: this.kasEndpoint,
+                algorithm: 'rsa:2048',
+                key: (0, utils_js_1.pemToCryptoPublicKey)(clientConfig.kasPublicKey),
+                publicKey: clientConfig.kasPublicKey,
+            });
+        }
+    }
+    /**
+     * Encrypt plaintext into TDF ciphertext. One of the core operations of the Virtru SDK.
+     *
+     * @param scope dissem and attributes for constructing the policy
+     * @param source source object of unencrypted data
+     * @param [asHtml] If we should wrap the TDF data in a self-opening HTML wrapper. Defaults to false
+     * @param [autoconfigure] If we should use scope.attributes to configure KAOs
+     * @param [metadata] Additional non-secret data to store with the TDF
+     * @param [opts] Test only
+     * @param [mimeType] mime type of source. defaults to `unknown`
+     * @param [offline] Where to store the policy. Defaults to `false` - which results in `upsert` events to store/update a policy
+     * @param [windowSize] - segment size in bytes. Defaults to a a million bytes.
+     * @param [keyMiddleware] - function that handle keys
+     * @param [streamMiddleware] - function that handle stream
+     * @param [eo] - (deprecated) entity object
+     * @return a {@link https://nodejs.org/api/stream.html#stream_class_stream_readable|Readable} a new stream containing the TDF ciphertext
+     */
+    async encrypt({ scope = { attributes: [], dissem: [] }, autoconfigure, source, asHtml = false, metadata, mimeType, offline = false, windowSize = builders_js_1.DEFAULT_SEGMENT_SIZE, eo, keyMiddleware = index_js_1.keyMiddleware, streamMiddleware = async (stream) => stream, splitPlan, assertionConfigs = [], }) {
+        const dpopKeys = await this.dpopKeys;
+        const policyObject = asPolicy(scope);
+        (0, tdf_js_1.validatePolicyObject)(policyObject);
+        if (!splitPlan && autoconfigure) {
+            let avs = scope.attributeValues ?? [];
+            const fqns = scope.attributes
+                ? scope.attributes.map((attribute) => typeof attribute === 'string' ? attribute : attribute.attribute)
+                : [];
+            if (!avs.length && fqns.length) {
+                // Hydrate avs from policy endpoint givnen the fqns
+                if (!this.policyEndpoint) {
+                    throw new errors_js_1.ConfigurationError('policyEndpoint not set in TDF3 Client constructor');
+                }
+                avs = await (0, api_js_1.attributeFQNsAsValues)(this.policyEndpoint, this.authProvider, ...fqns);
+            }
+            else if (scope.attributeValues) {
+                avs = scope.attributeValues;
+                if (!scope.attributes) {
+                    scope.attributes = avs.map(({ fqn }) => fqn);
+                }
+            }
+            if (avs.length != scope.attributes?.length ||
+                !avs.map(({ fqn }) => fqn).every((a) => fqns.indexOf(a) >= 0)) {
+                throw new errors_js_1.ConfigurationError(`Attribute mismatch between [${fqns}] and explicit values ${JSON.stringify(avs.map(({ fqn }) => fqn))}`);
+            }
+            const detailedPlan = (0, granter_js_1.plan)(avs);
+            splitPlan = detailedPlan.map((kat) => {
+                const { kas, sid } = kat;
+                if (kas?.publicKey?.cached?.keys && !(kas.uri in this.kasKeys)) {
+                    const keys = kas.publicKey.cached.keys.filter(({ alg }) => alg == 'KAS_PUBLIC_KEY_ALG_ENUM_RSA_2048');
+                    if (keys?.length) {
+                        const key = keys[0];
+                        this.kasKeys[kas.uri] = Promise.resolve({
+                            key: (0, utils_js_1.pemToCryptoPublicKey)(key.pem),
+                            publicKey: key.pem,
+                            url: kas.uri,
+                            algorithm: 'rsa:2048',
+                            kid: key.kid,
+                        });
+                    }
+                }
+                return { kas: kas.uri, sid };
+            });
+        }
+        // TODO: Refactor underlying builder to remove some of this unnecessary config.
+        const byteLimit = asHtml ? HTML_BYTE_LIMIT : GLOBAL_BYTE_LIMIT;
+        const encryptionInformation = new index_js_3.SplitKey(new aes_gcm_cipher_js_1.AesGcmCipher(this.cryptoService));
+        let attributeSet;
+        let entity;
+        if (eo) {
+            entity = eo;
+            const s = new index_js_3.AttributeSet();
+            eo.attributes.forEach((attr) => s.addJwtAttribute(attr));
+            attributeSet = s;
+        }
+        const splits = splitPlan?.length ? splitPlan : [{ kas: this.kasEndpoint }];
+        encryptionInformation.keyAccess = await Promise.all(splits.map(async ({ kas, sid }) => {
+            if (!(kas in this.kasKeys)) {
+                this.kasKeys[kas] = (0, tdf_js_1.fetchKasPublicKey)(kas);
+            }
+            const kasPublicKey = await this.kasKeys[kas];
+            return (0, tdf_js_1.buildKeyAccess)({
+                attributeSet,
+                type: offline ? 'wrapped' : 'remote',
+                url: kasPublicKey.url,
+                kid: kasPublicKey.kid,
+                publicKey: kasPublicKey.publicKey,
+                metadata,
+                sid,
+            });
+        }));
+        const { keyForEncryption, keyForManifest } = await keyMiddleware();
+        const ecfg = {
+            allowList: this.allowedKases,
+            attributeSet,
+            byteLimit,
+            cryptoService: this.cryptoService,
+            dpopKeys,
+            encryptionInformation,
+            entity,
+            segmentSizeDefault: windowSize,
+            integrityAlgorithm: 'HS256',
+            segmentIntegrityAlgorithm: 'GMAC',
+            contentStream: source,
+            mimeType,
+            policy: policyObject,
+            authProvider: this.authProvider,
+            progressHandler: this.clientConfig.progressHandler,
+            keyForEncryption,
+            keyForManifest,
+            assertionConfigs,
+        };
+        const stream = await streamMiddleware(await (0, tdf_js_1.writeStream)(ecfg));
+        if (!asHtml) {
+            return stream;
+        }
+        // Wrap if it's html.
+        if (!stream.manifest) {
+            throw new Error('internal: missing manifest in encrypt function');
+        }
+        const htmlBuf = (0, tdf_js_1.wrapHtml)(await stream.toBuffer(), stream.manifest, this.readerUrl ?? '');
+        return new DecoratedReadableStream_js_1.DecoratedReadableStream({
+            pull(controller) {
+                controller.enqueue(htmlBuf);
+                controller.close();
+            },
+        });
+    }
+    /**
+     * Decrypt TDF ciphertext into plaintext. One of the core operations of the Virtru SDK.
+     *
+     * @param params keyMiddleware fucntion to process key
+     * @param params streamMiddleware fucntion to process streamMiddleware
+     * @param params.source A data stream object, one of remote, stream, buffer, etc. types.
+     * @param params.eo Optional entity object (legacy AuthZ)
+     * @param params.assertionVerificationKeys Optional verification keys for assertions.
+     * @return a {@link https://nodejs.org/api/stream.html#stream_class_stream_readable|Readable} stream containing the decrypted plaintext.
+     * @see DecryptParamsBuilder
+     */
+    async decrypt({ eo, source, keyMiddleware = async (key) => key, streamMiddleware = async (stream) => stream, assertionVerificationKeys, noVerifyAssertions, }) {
+        const dpopKeys = await this.dpopKeys;
+        let entityObject;
+        if (this.eas || eo) {
+            const sessionPublicKey = await (0, utils_js_1.cryptoPublicToPem)(dpopKeys.publicKey);
+            if (eo && eo.publicKey == sessionPublicKey) {
+                entityObject = eo;
+            }
+            else if (this.eas) {
+                entityObject = await this.eas.fetchEntityObject({
+                    publicKey: sessionPublicKey,
+                });
+            }
+        }
+        if (!this.authProvider) {
+            throw new errors_js_1.ConfigurationError('AuthProvider missing');
+        }
+        const chunker = await makeChunkable(source);
+        // Await in order to catch any errors from this call.
+        // TODO: Write error event to stream and don't await.
+        return await streamMiddleware(await (0, tdf_js_1.readStream)({
+            allowList: this.allowedKases,
+            authProvider: this.authProvider,
+            chunker,
+            cryptoService: this.cryptoService,
+            dpopKeys,
+            entity: entityObject,
+            fileStreamServiceWorker: this.clientConfig.fileStreamServiceWorker,
+            keyMiddleware,
+            progressHandler: this.clientConfig.progressHandler,
+            assertionVerificationKeys,
+            noVerifyAssertions,
+        }));
+    }
+    /**
+     * Get the unique policyId associated with TDF ciphertext. Useful for managing authorization policies of encrypted data.
+     * <br/><br/>
+     * The policyId is embedded in the ciphertext so this is a local operation.
+     *
+     * @param {object} source - Required. TDF data stream,
+     * generated using {@link DecryptParamsBuilder#build|DecryptParamsBuilder's build()}.
+     * @return {string} - the unique policyId, which can be used for tracking purposes or policy management operations.
+     * @see DecryptParamsBuilder
+     */
+    async getPolicyId({ source }) {
+        const chunker = await makeChunkable(source);
+        const zipHelper = new index_js_1.ZipReader(chunker);
+        const centralDirectory = await zipHelper.getCentralDirectory();
+        const manifest = await zipHelper.getManifest(centralDirectory, '0.manifest.json');
+        const policyJson = index_js_2.base64.decode(manifest.encryptionInformation.policy);
+        return JSON.parse(policyJson).uuid;
+    }
+    async loadTDFStream({ source }) {
+        const chunker = await makeChunkable(source);
+        return (0, tdf_js_1.loadTDFStream)(chunker);
+    }
+}
+exports.Client = Client;
+//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiaW5kZXguanMiLCJzb3VyY2VSb290IjoiIiwic291cmNlcyI6WyIuLi8uLi8uLi8uLi8uLi90ZGYzL3NyYy9jbGllbnQvaW5kZXgudHMiXSwibmFtZXMiOltdLCJtYXBwaW5ncyI6Ijs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7QUFBQSwrQkFBMEI7QUFDMUIsa0RBQTBCO0FBQzFCLGdEQVEyQjtBQWduQnpCLCtGQXJuQkEseUJBQWMsT0FxbkJBO0FBL21CaEIsOERBQXlEO0FBQ3pELHNDQVVtQjtBQUNuQixtR0FBMkY7QUFDM0YsaUdBQXlGO0FBRXpGLHVEQUttQztBQXNsQmpDLGtHQXpsQkEsMkJBQWlCLE9BeWxCQTtBQUlqQiw0RkE1bEJBLHFCQUFXLE9BNGxCQTtBQUVYLDRGQTdsQkEscUJBQVcsT0E2bEJBO0FBM2xCYixzRUFBMkM7QUFDM0Msb0RBSytCO0FBVy9CLDZFQUF1RTtBQUV2RSwrQ0FLdUI7QUE4akJyQixxR0Fqa0JBLGtDQUFvQixPQWlrQkE7QUFFcEIscUdBamtCQSxrQ0FBb0IsT0Fpa0JBO0FBL2pCdEIsc0RBQTJFO0FBQzNFLHNEQUE0RDtBQUc1RCxvRUFBNEQ7QUFDNUQsK0RBQTREO0FBQzVELHlFQUEyRDtBQUMzRCxpREFBK0Y7QUFDL0YsK0RBQXNEO0FBQ3RELHVEQUFtRTtBQUduRSxNQUFNLGlCQUFpQixHQUFHLEVBQUUsR0FBRyxJQUFJLEdBQUcsSUFBSSxHQUFHLElBQUksQ0FBQyxDQUFDLHNCQUFzQjtBQUN6RSxNQUFNLGVBQWUsR0FBRyxHQUFHLEdBQUcsSUFBSSxHQUFHLElBQUksQ0FBQyxDQUFDLHVCQUF1QjtBQUVsRSx1RUFBdUU7QUFDdkUsTUFBTSxtQkFBbUIsR0FBRyxFQUFFLFVBQVUsRUFBRSxFQUFFLEVBQUUsYUFBYSxFQUFFLG9CQUFvQixFQUFFLENBQUM7QUFFN0UsTUFBTSxnQkFBZ0IsR0FBRyxLQUFLLFdBQ25DLE1BQWtDLEVBQ2xDLFNBQWlCLEVBQ2pCLFFBQWdCO0lBRWhCLElBQUk7UUFDRixNQUFNLElBQUksR0FBZSxNQUFNLElBQUEseUJBQWMsRUFBQyxNQUFNLENBQUMsQ0FBQztRQUV0RCxNQUFNLGVBQUssQ0FBQyxHQUFHLENBQUMsU0FBUyxFQUFFLElBQUksRUFBRTtZQUMvQixPQUFPLEVBQUU7Z0JBQ1AsZ0JBQWdCLEVBQUUsUUFBUTtnQkFDMUIsY0FBYyxFQUFFLGlCQUFpQjtnQkFDakMsZUFBZSxFQUFFLFVBQVU7YUFDNUI7WUFDRCxnQkFBZ0IsRUFBRSxRQUFRO1lBQzFCLGFBQWEsRUFBRSxRQUFRO1NBQ3hCLENBQUMsQ0FBQztLQUNKO0lBQUMsT0FBTyxDQUFDLEVBQUU7UUFDVixPQUFPLENBQUMsS0FBSyxDQUFDLENBQUMsQ0FBQyxDQUFDO1FBQ2pCLE1BQU0sQ0FBQyxDQUFDO0tBQ1Q7QUFDSCxDQUFDLENBQUM7QUFyQlcsUUFBQSxnQkFBZ0Isb0JBcUIzQjtBQUNGLE1BQU0sZ0JBQWdCLEdBQUcsS0FBSyxFQUFFLE9BQWdCLEVBQUUsRUFBRSxDQUFDLElBQUksV0FBVyxFQUFFLENBQUMsTUFBTSxDQUFDLE1BQU0sT0FBTyxDQUFDLENBQUMsRUFBRSxDQUFDLENBQUMsQ0FBQyxDQUFDO0FBRW5HLE1BQU0sYUFBYSxHQUFHLEtBQUssRUFBRSxNQUFxQixFQUFFLEVBQUU7SUFDcEQsSUFBSSxDQUFDLE1BQU0sRUFBRTtRQUNYLE1BQU0sSUFBSSw4QkFBa0IsQ0FBQyxnQkFBZ0IsQ0FBQyxDQUFDO0tBQ2hEO0lBQ0Qsd0JBQXdCO0lBQ3hCLHNEQUFzRDtJQUN0RCxJQUFJLGNBQXVCLENBQUM7SUFDNUIsSUFBSSxHQUFHLEdBQUcsSUFBSSxDQUFDO0lBQ2YsUUFBUSxNQUFNLENBQUMsSUFBSSxFQUFFO1FBQ25CLEtBQUssUUFBUTtZQUNYLEdBQUcsR0FBRyxNQUFNLElBQUEseUJBQWMsRUFBQyxNQUFNLENBQUMsUUFBUSxDQUFDLENBQUM7WUFDNUMsY0FBYyxHQUFHLElBQUEscUJBQVUsRUFBQyxHQUFHLENBQUMsQ0FBQztZQUNqQyxNQUFNO1FBQ1IsS0FBSyxRQUFRO1lBQ1gsR0FBRyxHQUFHLE1BQU0sQ0FBQyxRQUFRLENBQUM7WUFDdEIsY0FBYyxHQUFHLElBQUEscUJBQVUsRUFBQyxHQUFHLENBQUMsQ0FBQztZQUNqQyxNQUFNO1FBQ1IsS0FBSyxTQUFTO1lBQ1osY0FBYyxHQUFHLE1BQU0sQ0FBQyxRQUFRLENBQUM7WUFDakMsTUFBTTtRQUNSO1lBQ0UsY0FBYyxHQUFHLE1BQU0sSUFBQSx5QkFBYyxFQUFDLE1BQU0sQ0FBQyxDQUFDO0tBQ2pEO0lBRUQsTUFBTSxLQUFLLEdBQVcsTUFBTSxnQkFBZ0IsQ0FBQyxjQUFjLENBQUMsQ0FBQztJQUM3RCxvQ0FBb0M7SUFDcEMsSUFBSSxLQUFLLEtBQUssSUFBSSxFQUFFO1FBQ2xCLE9BQU8sY0FBYyxDQUFDO0tBQ3ZCO0lBQ0QsdUJBQXVCO0lBQ3ZCLG1FQUFtRTtJQUNuRSxNQUFNLE9BQU8sR0FBRyxHQUFHLElBQUksQ0FBQyxNQUFNLGNBQWMsRUFBRSxDQUFDLENBQUM7SUFDaEQsTUFBTSxNQUFNLEdBQUcsSUFBQSxtQkFBVSxFQUFDLE9BQU8sQ0FBQyxDQUFDO0lBQ25DLE9BQU8sSUFBQSxxQkFBVSxFQUFDLE1BQU0sQ0FBQyxDQUFDO0FBQzVCLENBQUMsQ0FBQztBQW9DRjs7Ozs7R0FLRztBQUNJLEtBQUssVUFBVSxpQkFBaUIsQ0FBQyxFQUN0QyxZQUFZO0FBQ1osaURBQWlEO0FBQ2pELGFBQWEsRUFDYixRQUFRLEdBS1Q7SUFDQyxJQUFJLFdBQTBCLENBQUM7SUFDL0IsSUFBSSxRQUFRLEVBQUU7UUFDWixXQUFXLEdBQUcsTUFBTSxRQUFRLENBQUM7S0FDOUI7U0FBTTtRQUNMLE1BQU0sSUFBSSxHQUFHLE1BQU0sYUFBYSxDQUFDLHNCQUFzQixFQUFFLENBQUM7UUFDMUQsbUZBQW1GO1FBQ25GLFdBQVcsR0FBRyxNQUFNLElBQUEsaUNBQWUsRUFBQyxJQUFJLENBQUMsQ0FBQztLQUMzQztJQUVELGdGQUFnRjtJQUNoRixtREFBbUQ7SUFDbkQsdUZBQXVGO0lBQ3ZGLDRGQUE0RjtJQUM1Rix3RkFBd0Y7SUFDeEYsSUFBSSxZQUFZLElBQUksQ0FBQyxJQUFBLCtCQUFvQixFQUFDLFlBQVksQ0FBQyxFQUFFO1FBQ3ZELE1BQU0sWUFBWSxFQUFFLHFCQUFxQixDQUFDLFdBQVcsQ0FBQyxDQUFDO0tBQ3hEO0lBQ0QsT0FBTyxXQUFXLENBQUM7QUFDckIsQ0FBQztBQTVCRCw4Q0E0QkM7QUFFRDs7R0FFRztBQUNILFNBQVMsUUFBUSxDQUFDLEtBQVk7SUFDNUIsSUFBSSxLQUFLLENBQUMsWUFBWSxFQUFFO1FBQ3RCLHNDQUFzQztRQUN0QyxPQUFPLEtBQUssQ0FBQyxZQUFZLENBQUM7S0FDM0I7SUFDRCxNQUFNLFFBQVEsR0FBRyxLQUFLLENBQUMsUUFBUSxJQUFJLElBQUEsU0FBRSxHQUFFLENBQUM7SUFDeEMsSUFBSSxjQUFpQyxDQUFDO0lBQ3RDLElBQUksS0FBSyxDQUFDLGVBQWUsRUFBRTtRQUN6QixjQUFjLEdBQUcsS0FBSyxDQUFDLGVBQWU7YUFDbkMsTUFBTSxDQUFDLENBQUMsRUFBRSxHQUFHLEVBQUUsRUFBRSxFQUFFLENBQUMsQ0FBQyxDQUFDLEdBQUcsQ0FBQzthQUMxQixHQUFHLENBQUMsQ0FBQyxFQUFFLEdBQUcsRUFBRSxFQUFtQixFQUFFO1lBQ2hDLE9BQU8sRUFBRSxTQUFTLEVBQUUsR0FBSSxFQUFFLENBQUM7UUFDN0IsQ0FBQyxDQUFDLENBQUM7S0FDTjtTQUFNO1FBQ0wsY0FBYyxHQUFHLENBQUMsS0FBSyxDQUFDLFVBQVUsSUFBSSxFQUFFLENBQUMsQ0FBQyxHQUFHLENBQUMsQ0FBQyxTQUFTLEVBQUUsRUFBRSxDQUMxRCxPQUFPLFNBQVMsS0FBSyxRQUFRLENBQUMsQ0FBQyxDQUFDLEVBQUUsU0FBUyxFQUFFLENBQUMsQ0FBQyxDQUFDLFNBQVMsQ0FDMUQsQ0FBQztLQUNIO0lBQ0QsT0FBTztRQUNMLElBQUksRUFBRSxRQUFRO1FBQ2QsSUFBSSxFQUFFO1lBQ0osY0FBYztZQUNkLE1BQU0sRUFBRSxLQUFLLENBQUMsTUFBTSxJQUFJLEVBQUU7U0FDM0I7S0FDRixDQUFDO0FBQ0osQ0FBQztBQUVELE1BQWEsTUFBTTtJQTJDakI7Ozs7Ozs7OztPQVNHO0lBQ0gsWUFBWSxNQUFvQjtRQWpDdkIsWUFBTyxHQUE4QyxFQUFFLENBQUM7UUFrQy9ELE1BQU0sWUFBWSxHQUFHLEVBQUUsR0FBRyxtQkFBbUIsRUFBRSxHQUFHLE1BQU0sRUFBRSxDQUFDO1FBQzNELElBQUksQ0FBQyxhQUFhLEdBQUcsWUFBWSxDQUFDLGFBQWEsQ0FBQztRQUNoRCxJQUFJLENBQUMsV0FBVyxHQUFHLENBQUMsQ0FBQyxDQUFDLFlBQVksQ0FBQyxXQUFXLElBQUksWUFBWSxDQUFDLFFBQVEsQ0FBQyxDQUFDO1FBRXpFLFlBQVksQ0FBQyxTQUFTLElBQUksQ0FBQyxJQUFJLENBQUMsU0FBUyxHQUFHLFlBQVksQ0FBQyxTQUFTLENBQUMsQ0FBQztRQUVwRSxJQUFJLFlBQVksQ0FBQyxXQUFXLEVBQUU7WUFDNUIsSUFBSSxDQUFDLFdBQVcsR0FBRyxZQUFZLENBQUMsV0FBVyxDQUFDO1NBQzdDO2FBQU07WUFDTCxrREFBa0Q7WUFDbEQsSUFBSSxDQUFDLFlBQVksQ0FBQyxpQkFBaUIsRUFBRTtnQkFDbkMsTUFBTSxJQUFJLDhCQUFrQixDQUFDLDBCQUEwQixDQUFDLENBQUM7YUFDMUQ7WUFDRCxJQUFJLENBQUMsV0FBVyxHQUFHLFlBQVksQ0FBQyxpQkFBaUIsQ0FBQyxPQUFPLENBQUMsV0FBVyxFQUFFLEVBQUUsQ0FBQyxDQUFDO1NBQzVFO1FBQ0QsSUFBSSxDQUFDLFdBQVcsR0FBRyxJQUFBLGlCQUFNLEVBQUMsSUFBSSxDQUFDLFdBQVcsRUFBRSxHQUFHLENBQUMsQ0FBQztRQUNqRCxJQUFJLFlBQVksQ0FBQyxjQUFjLEVBQUU7WUFDL0IsSUFBSSxDQUFDLGNBQWMsR0FBRyxJQUFBLGlCQUFNLEVBQUMsWUFBWSxDQUFDLGNBQWMsRUFBRSxHQUFHLENBQUMsQ0FBQztTQUNoRTthQUFNLElBQUksSUFBSSxDQUFDLFdBQVcsQ0FBQyxRQUFRLENBQUMsTUFBTSxDQUFDLEVBQUU7WUFDNUMsSUFBSSxDQUFDLGNBQWMsR0FBRyxJQUFJLENBQUMsV0FBVyxDQUFDLEtBQUssQ0FBQyxDQUFDLEVBQUUsQ0FBQyxDQUFDLENBQUMsQ0FBQztTQUNyRDtRQUVELE1BQU0sU0FBUyxHQUFHLElBQUksR0FBRyxDQUFDLElBQUksQ0FBQyxXQUFXLENBQUMsQ0FBQyxNQUFNLENBQUM7UUFDbkQsSUFBSSxZQUFZLENBQUMsWUFBWSxFQUFFO1lBQzdCLElBQUksQ0FBQyxZQUFZLEdBQUcsSUFBSSwyQkFBZSxDQUNyQyxZQUFZLENBQUMsWUFBWSxFQUN6QixDQUFDLENBQUMsWUFBWSxDQUFDLGVBQWUsQ0FDL0IsQ0FBQztZQUNGLElBQUksQ0FBQyxJQUFBLDRCQUFpQixFQUFDLElBQUksQ0FBQyxXQUFXLENBQUMsSUFBSSxDQUFDLElBQUksQ0FBQyxZQUFZLENBQUMsTUFBTSxDQUFDLFNBQVMsQ0FBQyxFQUFFO2dCQUNoRixNQUFNLElBQUksOEJBQWtCLENBQUMseUJBQXlCLElBQUksQ0FBQyxXQUFXLEdBQUcsQ0FBQyxDQUFDO2FBQzVFO1NBQ0Y7YUFBTTtZQUNMLElBQUksQ0FBQyxJQUFBLDRCQUFpQixFQUFDLElBQUksQ0FBQyxXQUFXLENBQUMsRUFBRTtnQkFDeEMsTUFBTSxJQUFJLDhCQUFrQixDQUMxQix5QkFBeUIsSUFBSSxDQUFDLFdBQVcsZ0RBQWdELENBQzFGLENBQUM7YUFDSDtZQUNELElBQUksQ0FBQyxZQUFZLEdBQUcsSUFBSSwyQkFBZSxDQUFDLENBQUMsU0FBUyxDQUFDLEVBQUUsQ0FBQyxDQUFDLFlBQVksQ0FBQyxlQUFlLENBQUMsQ0FBQztTQUN0RjtRQUVELElBQUksQ0FBQyxZQUFZLEdBQUcsTUFBTSxDQUFDLFlBQVksQ0FBQztRQUN4QyxJQUFJLENBQUMsWUFBWSxHQUFHLFlBQVksQ0FBQztRQUVqQyxJQUFJLElBQUksQ0FBQyxZQUFZLElBQUksSUFBQSwrQkFBb0IsRUFBQyxJQUFJLENBQUMsWUFBWSxDQUFDLEVBQUU7WUFDaEUsSUFBSSxDQUFDLEdBQUcsR0FBRyxJQUFJLGdCQUFHLENBQUM7Z0JBQ2pCLFlBQVksRUFBRSxJQUFJLENBQUMsWUFBWTtnQkFDL0IsUUFBUSxFQUNOLFlBQVksQ0FBQyxvQkFBb0IsSUFBSSxHQUFHLFlBQVksQ0FBQyxXQUFXLG1CQUFtQjthQUN0RixDQUFDLENBQUM7U0FDSjtRQUVELElBQUksQ0FBQyxRQUFRLEdBQUcsWUFBWSxDQUFDLFFBQVEsQ0FBQztRQUN0QyxJQUFJLENBQUMsSUFBSSxDQUFDLFlBQVksRUFBRTtZQUN0QixJQUFJLENBQUMsWUFBWSxDQUFDLFFBQVEsRUFBRTtnQkFDMUIsTUFBTSxJQUFJLDhCQUFrQixDQUFDLGtEQUFrRCxDQUFDLENBQUM7YUFDbEY7WUFFRCwwRkFBMEY7WUFDMUYsMEVBQTBFO1lBQzFFLDBHQUEwRztZQUMxRyxnRkFBZ0Y7WUFDaEYsSUFBSSxZQUFZLENBQUMsWUFBWSxFQUFFO2dCQUM3QixJQUFJLENBQUMsWUFBWSxHQUFHLElBQUksd0RBQXdCLENBQUM7b0JBQy9DLFFBQVEsRUFBRSxZQUFZLENBQUMsUUFBUTtvQkFDL0IsWUFBWSxFQUFFLFlBQVksQ0FBQyxZQUFZO29CQUN2QyxVQUFVLEVBQUUsWUFBWSxDQUFDLFVBQVU7aUJBQ3BDLENBQUMsQ0FBQzthQUNKO2lCQUFNLElBQUksWUFBWSxDQUFDLFdBQVcsRUFBRTtnQkFDbkMsMEdBQTBHO2dCQUMxRyxJQUFJLENBQUMsWUFBWSxHQUFHLElBQUksc0RBQXVCLENBQUM7b0JBQzlDLFFBQVEsRUFBRSxZQUFZLENBQUMsUUFBUTtvQkFDL0IsV0FBVyxFQUFFLFlBQVksQ0FBQyxXQUFXO29CQUNyQyxVQUFVLEVBQUUsWUFBWSxDQUFDLFVBQVU7aUJBQ3BDLENBQUMsQ0FBQzthQUNKO1NBQ0Y7UUFDRCxJQUFJLENBQUMsUUFBUSxHQUFHLGlCQUFpQixDQUFDO1lBQ2hDLFlBQVksRUFBRSxJQUFJLENBQUMsWUFBWTtZQUMvQixhQUFhLEVBQUUsSUFBSSxDQUFDLGFBQWE7WUFDakMsUUFBUSxFQUFFLFlBQVksQ0FBQyxRQUFRO1NBQ2hDLENBQUMsQ0FBQztRQUNILElBQUksWUFBWSxDQUFDLFlBQVksRUFBRTtZQUM3QixJQUFJLENBQUMsT0FBTyxDQUFDLElBQUksQ0FBQyxXQUFXLENBQUMsR0FBRyxPQUFPLENBQUMsT0FBTyxDQUFDO2dCQUMvQyxHQUFHLEVBQUUsSUFBSSxDQUFDLFdBQVc7Z0JBQ3JCLFNBQVMsRUFBRSxVQUFVO2dCQUNyQixHQUFHLEVBQUUsSUFBQSwrQkFBb0IsRUFBQyxZQUFZLENBQUMsWUFBWSxDQUFDO2dCQUNwRCxTQUFTLEVBQUUsWUFBWSxDQUFDLFlBQVk7YUFDckMsQ0FBQyxDQUFDO1NBQ0o7SUFDSCxDQUFDO0lBRUQ7Ozs7Ozs7Ozs7Ozs7Ozs7T0FnQkc7SUFDSCxLQUFLLENBQUMsT0FBTyxDQUFDLEVBQ1osS0FBSyxHQUFHLEVBQUUsVUFBVSxFQUFFLEVBQUUsRUFBRSxNQUFNLEVBQUUsRUFBRSxFQUFFLEVBQ3RDLGFBQWEsRUFDYixNQUFNLEVBQ04sTUFBTSxHQUFHLEtBQUssRUFDZCxRQUFRLEVBQ1IsUUFBUSxFQUNSLE9BQU8sR0FBRyxLQUFLLEVBQ2YsVUFBVSxHQUFHLGtDQUFvQixFQUNqQyxFQUFFLEVBQ0YsYUFBYSxHQUFHLHdCQUFvQixFQUNwQyxnQkFBZ0IsR0FBRyxLQUFLLEVBQUUsTUFBK0IsRUFBRSxFQUFFLENBQUMsTUFBTSxFQUNwRSxTQUFTLEVBQ1QsZ0JBQWdCLEdBQUcsRUFBRSxHQUNQO1FBQ2QsTUFBTSxRQUFRLEdBQUcsTUFBTSxJQUFJLENBQUMsUUFBUSxDQUFDO1FBRXJDLE1BQU0sWUFBWSxHQUFHLFFBQVEsQ0FBQyxLQUFLLENBQUMsQ0FBQztRQUNyQyxJQUFBLDZCQUFvQixFQUFDLFlBQVksQ0FBQyxDQUFDO1FBRW5DLElBQUksQ0FBQyxTQUFTLElBQUksYUFBYSxFQUFFO1lBQy9CLElBQUksR0FBRyxHQUFZLEtBQUssQ0FBQyxlQUFlLElBQUksRUFBRSxDQUFDO1lBQy9DLE1BQU0sSUFBSSxHQUFhLEtBQUssQ0FBQyxVQUFVO2dCQUNyQyxDQUFDLENBQUMsS0FBSyxDQUFDLFVBQVUsQ0FBQyxHQUFHLENBQUMsQ0FBQyxTQUFTLEVBQUUsRUFBRSxDQUNqQyxPQUFPLFNBQVMsS0FBSyxRQUFRLENBQUMsQ0FBQyxDQUFDLFNBQVMsQ0FBQyxDQUFDLENBQUMsU0FBUyxDQUFDLFNBQVMsQ0FDaEU7Z0JBQ0gsQ0FBQyxDQUFDLEVBQUUsQ0FBQztZQUVQLElBQUksQ0FBQyxHQUFHLENBQUMsTUFBTSxJQUFJLElBQUksQ0FBQyxNQUFNLEVBQUU7Z0JBQzlCLG1EQUFtRDtnQkFDbkQsSUFBSSxDQUFDLElBQUksQ0FBQyxjQUFjLEVBQUU7b0JBQ3hCLE1BQU0sSUFBSSw4QkFBa0IsQ0FBQyxtREFBbUQsQ0FBQyxDQUFDO2lCQUNuRjtnQkFDRCxHQUFHLEdBQUcsTUFBTSxJQUFBLDhCQUFxQixFQUMvQixJQUFJLENBQUMsY0FBYyxFQUNuQixJQUFJLENBQUMsWUFBNEIsRUFDakMsR0FBRyxJQUFJLENBQ1IsQ0FBQzthQUNIO2lCQUFNLElBQUksS0FBSyxDQUFDLGVBQWUsRUFBRTtnQkFDaEMsR0FBRyxHQUFHLEtBQUssQ0FBQyxlQUFlLENBQUM7Z0JBQzVCLElBQUksQ0FBQyxLQUFLLENBQUMsVUFBVSxFQUFFO29CQUNyQixLQUFLLENBQUMsVUFBVSxHQUFHLEdBQUcsQ0FBQyxHQUFHLENBQUMsQ0FBQyxFQUFFLEdBQUcsRUFBRSxFQUFFLEVBQUUsQ0FBQyxHQUFHLENBQUMsQ0FBQztpQkFDOUM7YUFDRjtZQUNELElBQ0UsR0FBRyxDQUFDLE1BQU0sSUFBSSxLQUFLLENBQUMsVUFBVSxFQUFFLE1BQU07Z0JBQ3RDLENBQUMsR0FBRyxDQUFDLEdBQUcsQ0FBQyxDQUFDLEVBQUUsR0FBRyxFQUFFLEVBQUUsRUFBRSxDQUFDLEdBQUcsQ0FBQyxDQUFDLEtBQUssQ0FBQyxDQUFDLENBQUMsRUFBRSxFQUFFLENBQUMsSUFBSSxDQUFDLE9BQU8sQ0FBQyxDQUFDLENBQUMsSUFBSSxDQUFDLENBQUMsRUFDN0Q7Z0JBQ0EsTUFBTSxJQUFJLDhCQUFrQixDQUMxQiwrQkFBK0IsSUFBSSx5QkFBeUIsSUFBSSxDQUFDLFNBQVMsQ0FDeEUsR0FBRyxDQUFDLEdBQUcsQ0FBQyxDQUFDLEVBQUUsR0FBRyxFQUFFLEVBQUUsRUFBRSxDQUFDLEdBQUcsQ0FBQyxDQUMxQixFQUFFLENBQ0osQ0FBQzthQUNIO1lBQ0QsTUFBTSxZQUFZLEdBQUcsSUFBQSxpQkFBSSxFQUFDLEdBQUcsQ0FBQyxDQUFDO1lBQy9CLFNBQVMsR0FBRyxZQUFZLENBQUMsR0FBRyxDQUFDLENBQUMsR0FBRyxFQUFFLEVBQUU7Z0JBQ25DLE1BQU0sRUFBRSxHQUFHLEVBQUUsR0FBRyxFQUFFLEdBQUcsR0FBRyxDQUFDO2dCQUN6QixJQUFJLEdBQUcsRUFBRSxTQUFTLEVBQUUsTUFBTSxFQUFFLElBQUksSUFBSSxDQUFDLENBQUMsR0FBRyxDQUFDLEdBQUcsSUFBSSxJQUFJLENBQUMsT0FBTyxDQUFDLEVBQUU7b0JBQzlELE1BQU0sSUFBSSxHQUFHLEdBQUcsQ0FBQyxTQUFTLENBQUMsTUFBTSxDQUFDLElBQUksQ0FBQyxNQUFNLENBQzNDLENBQUMsRUFBRSxHQUFHLEVBQUUsRUFBRSxFQUFFLENBQUMsR0FBRyxJQUFJLGtDQUFrQyxDQUN2RCxDQUFDO29CQUNGLElBQUksSUFBSSxFQUFFLE1BQU0sRUFBRTt3QkFDaEIsTUFBTSxHQUFHLEdBQUcsSUFBSSxDQUFDLENBQUMsQ0FBQyxDQUFDO3dCQUNwQixJQUFJLENBQUMsT0FBTyxDQUFDLEdBQUcsQ0FBQyxHQUFHLENBQUMsR0FBRyxPQUFPLENBQUMsT0FBTyxDQUFDOzRCQUN0QyxHQUFHLEVBQUUsSUFBQSwrQkFBb0IsRUFBQyxHQUFHLENBQUMsR0FBRyxDQUFDOzRCQUNsQyxTQUFTLEVBQUUsR0FBRyxDQUFDLEdBQUc7NEJBQ2xCLEdBQUcsRUFBRSxHQUFHLENBQUMsR0FBRzs0QkFDWixTQUFTLEVBQUUsVUFBVTs0QkFDckIsR0FBRyxFQUFFLEdBQUcsQ0FBQyxHQUFHO3lCQUNiLENBQUMsQ0FBQztxQkFDSjtpQkFDRjtnQkFDRCxPQUFPLEVBQUUsR0FBRyxFQUFFLEdBQUcsQ0FBQyxHQUFHLEVBQUUsR0FBRyxFQUFFLENBQUM7WUFDL0IsQ0FBQyxDQUFDLENBQUM7U0FDSjtRQUVELCtFQUErRTtRQUUvRSxNQUFNLFNBQVMsR0FBRyxNQUFNLENBQUMsQ0FBQyxDQUFDLGVBQWUsQ0FBQyxDQUFDLENBQUMsaUJBQWlCLENBQUM7UUFDL0QsTUFBTSxxQkFBcUIsR0FBRyxJQUFJLG1CQUFRLENBQUMsSUFBSSxnQ0FBWSxDQUFDLElBQUksQ0FBQyxhQUFhLENBQUMsQ0FBQyxDQUFDO1FBQ2pGLElBQUksWUFBc0MsQ0FBQztRQUMzQyxJQUFJLE1BQWdDLENBQUM7UUFDckMsSUFBSSxFQUFFLEVBQUU7WUFDTixNQUFNLEdBQUcsRUFBRSxDQUFDO1lBQ1osTUFBTSxDQUFDLEdBQUcsSUFBSSx1QkFBWSxFQUFFLENBQUM7WUFDN0IsRUFBRSxDQUFDLFVBQVUsQ0FBQyxPQUFPLENBQUMsQ0FBQyxJQUFJLEVBQUUsRUFBRSxDQUFDLENBQUMsQ0FBQyxlQUFlLENBQUMsSUFBSSxDQUFDLENBQUMsQ0FBQztZQUN6RCxZQUFZLEdBQUcsQ0FBQyxDQUFDO1NBQ2xCO1FBRUQsTUFBTSxNQUFNLEdBQWdCLFNBQVMsRUFBRSxNQUFNLENBQUMsQ0FBQyxDQUFDLFNBQVMsQ0FBQyxDQUFDLENBQUMsQ0FBQyxFQUFFLEdBQUcsRUFBRSxJQUFJLENBQUMsV0FBVyxFQUFFLENBQUMsQ0FBQztRQUN4RixxQkFBcUIsQ0FBQyxTQUFTLEdBQUcsTUFBTSxPQUFPLENBQUMsR0FBRyxDQUNqRCxNQUFNLENBQUMsR0FBRyxDQUFDLEtBQUssRUFBRSxFQUFFLEdBQUcsRUFBRSxHQUFHLEVBQUUsRUFBRSxFQUFFO1lBQ2hDLElBQUksQ0FBQyxDQUFDLEdBQUcsSUFBSSxJQUFJLENBQUMsT0FBTyxDQUFDLEVBQUU7Z0JBQzFCLElBQUksQ0FBQyxPQUFPLENBQUMsR0FBRyxDQUFDLEdBQUcsSUFBQSwwQkFBaUIsRUFBQyxHQUFHLENBQUMsQ0FBQzthQUM1QztZQUNELE1BQU0sWUFBWSxHQUFHLE1BQU0sSUFBSSxDQUFDLE9BQU8sQ0FBQyxHQUFHLENBQUMsQ0FBQztZQUM3QyxPQUFPLElBQUEsdUJBQWMsRUFBQztnQkFDcEIsWUFBWTtnQkFDWixJQUFJLEVBQUUsT0FBTyxDQUFDLENBQUMsQ0FBQyxTQUFTLENBQUMsQ0FBQyxDQUFDLFFBQVE7Z0JBQ3BDLEdBQUcsRUFBRSxZQUFZLENBQUMsR0FBRztnQkFDckIsR0FBRyxFQUFFLFlBQVksQ0FBQyxHQUFHO2dCQUNyQixTQUFTLEVBQUUsWUFBWSxDQUFDLFNBQVM7Z0JBQ2pDLFFBQVE7Z0JBQ1IsR0FBRzthQUNKLENBQUMsQ0FBQztRQUNMLENBQUMsQ0FBQyxDQUNILENBQUM7UUFDRixNQUFNLEVBQUUsZ0JBQWdCLEVBQUUsY0FBYyxFQUFFLEdBQUcsTUFBTyxhQUFzQyxFQUFFLENBQUM7UUFDN0YsTUFBTSxJQUFJLEdBQXlCO1lBQ2pDLFNBQVMsRUFBRSxJQUFJLENBQUMsWUFBWTtZQUM1QixZQUFZO1lBQ1osU0FBUztZQUNULGFBQWEsRUFBRSxJQUFJLENBQUMsYUFBYTtZQUNqQyxRQUFRO1lBQ1IscUJBQXFCO1lBQ3JCLE1BQU07WUFDTixrQkFBa0IsRUFBRSxVQUFVO1lBQzlCLGtCQUFrQixFQUFFLE9BQU87WUFDM0IseUJBQXlCLEVBQUUsTUFBTTtZQUNqQyxhQUFhLEVBQUUsTUFBTTtZQUNyQixRQUFRO1lBQ1IsTUFBTSxFQUFFLFlBQVk7WUFDcEIsWUFBWSxFQUFFLElBQUksQ0FBQyxZQUFZO1lBQy9CLGVBQWUsRUFBRSxJQUFJLENBQUMsWUFBWSxDQUFDLGVBQWU7WUFDbEQsZ0JBQWdCO1lBQ2hCLGNBQWM7WUFDZCxnQkFBZ0I7U0FDakIsQ0FBQztRQUVGLE1BQU0sTUFBTSxHQUFHLE1BQU8sZ0JBQTRDLENBQUMsTUFBTSxJQUFBLG9CQUFXLEVBQUMsSUFBSSxDQUFDLENBQUMsQ0FBQztRQUU1RixJQUFJLENBQUMsTUFBTSxFQUFFO1lBQ1gsT0FBTyxNQUFNLENBQUM7U0FDZjtRQUVELHFCQUFxQjtRQUNyQixJQUFJLENBQUMsTUFBTSxDQUFDLFFBQVEsRUFBRTtZQUNwQixNQUFNLElBQUksS0FBSyxDQUFDLGdEQUFnRCxDQUFDLENBQUM7U0FDbkU7UUFDRCxNQUFNLE9BQU8sR0FBRyxJQUFBLGlCQUFRLEVBQUMsTUFBTSxNQUFNLENBQUMsUUFBUSxFQUFFLEVBQUUsTUFBTSxDQUFDLFFBQVEsRUFBRSxJQUFJLENBQUMsU0FBUyxJQUFJLEVBQUUsQ0FBQyxDQUFDO1FBRXpGLE9BQU8sSUFBSSxvREFBdUIsQ0FBQztZQUNqQyxJQUFJLENBQUMsVUFBMkM7Z0JBQzlDLFVBQVUsQ0FBQyxPQUFPLENBQUMsT0FBTyxDQUFDLENBQUM7Z0JBQzVCLFVBQVUsQ0FBQyxLQUFLLEVBQUUsQ0FBQztZQUNyQixDQUFDO1NBQ0YsQ0FBQyxDQUFDO0lBQ0wsQ0FBQztJQUVEOzs7Ozs7Ozs7O09BVUc7SUFDSCxLQUFLLENBQUMsT0FBTyxDQUFDLEVBQ1osRUFBRSxFQUNGLE1BQU0sRUFDTixhQUFhLEdBQUcsS0FBSyxFQUFFLEdBQVcsRUFBRSxFQUFFLENBQUMsR0FBRyxFQUMxQyxnQkFBZ0IsR0FBRyxLQUFLLEVBQUUsTUFBK0IsRUFBRSxFQUFFLENBQUMsTUFBTSxFQUNwRSx5QkFBeUIsRUFDekIsa0JBQWtCLEdBQ0o7UUFDZCxNQUFNLFFBQVEsR0FBRyxNQUFNLElBQUksQ0FBQyxRQUFRLENBQUM7UUFDckMsSUFBSSxZQUFZLENBQUM7UUFDakIsSUFBSSxJQUFJLENBQUMsR0FBRyxJQUFJLEVBQUUsRUFBRTtZQUNsQixNQUFNLGdCQUFnQixHQUFHLE1BQU0sSUFBQSw0QkFBaUIsRUFBQyxRQUFRLENBQUMsU0FBUyxDQUFDLENBQUM7WUFDckUsSUFBSSxFQUFFLElBQUksRUFBRSxDQUFDLFNBQVMsSUFBSSxnQkFBZ0IsRUFBRTtnQkFDMUMsWUFBWSxHQUFHLEVBQUUsQ0FBQzthQUNuQjtpQkFBTSxJQUFJLElBQUksQ0FBQyxHQUFHLEVBQUU7Z0JBQ25CLFlBQVksR0FBRyxNQUFNLElBQUksQ0FBQyxHQUFHLENBQUMsaUJBQWlCLENBQUM7b0JBQzlDLFNBQVMsRUFBRSxnQkFBZ0I7aUJBQzVCLENBQUMsQ0FBQzthQUNKO1NBQ0Y7UUFDRCxJQUFJLENBQUMsSUFBSSxDQUFDLFlBQVksRUFBRTtZQUN0QixNQUFNLElBQUksOEJBQWtCLENBQUMsc0JBQXNCLENBQUMsQ0FBQztTQUN0RDtRQUNELE1BQU0sT0FBTyxHQUFHLE1BQU0sYUFBYSxDQUFDLE1BQU0sQ0FBQyxDQUFDO1FBRTVDLHFEQUFxRDtRQUNyRCxxREFBcUQ7UUFDckQsT0FBTyxNQUFPLGdCQUE0QyxDQUN4RCxNQUFNLElBQUEsbUJBQVUsRUFBQztZQUNmLFNBQVMsRUFBRSxJQUFJLENBQUMsWUFBWTtZQUM1QixZQUFZLEVBQUUsSUFBSSxDQUFDLFlBQVk7WUFDL0IsT0FBTztZQUNQLGFBQWEsRUFBRSxJQUFJLENBQUMsYUFBYTtZQUNqQyxRQUFRO1lBQ1IsTUFBTSxFQUFFLFlBQVk7WUFDcEIsdUJBQXVCLEVBQUUsSUFBSSxDQUFDLFlBQVksQ0FBQyx1QkFBdUI7WUFDbEUsYUFBYTtZQUNiLGVBQWUsRUFBRSxJQUFJLENBQUMsWUFBWSxDQUFDLGVBQWU7WUFDbEQseUJBQXlCO1lBQ3pCLGtCQUFrQjtTQUNuQixDQUFDLENBQ0gsQ0FBQztJQUNKLENBQUM7SUFFRDs7Ozs7Ozs7O09BU0c7SUFDSCxLQUFLLENBQUMsV0FBVyxDQUFDLEVBQUUsTUFBTSxFQUE2QjtRQUNyRCxNQUFNLE9BQU8sR0FBRyxNQUFNLGFBQWEsQ0FBQyxNQUFNLENBQUMsQ0FBQztRQUM1QyxNQUFNLFNBQVMsR0FBRyxJQUFJLG9CQUFTLENBQUMsT0FBTyxDQUFDLENBQUM7UUFDekMsTUFBTSxnQkFBZ0IsR0FBRyxNQUFNLFNBQVMsQ0FBQyxtQkFBbUIsRUFBRSxDQUFDO1FBQy9ELE1BQU0sUUFBUSxHQUFHLE1BQU0sU0FBUyxDQUFDLFdBQVcsQ0FBQyxnQkFBZ0IsRUFBRSxpQkFBaUIsQ0FBQyxDQUFDO1FBQ2xGLE1BQU0sVUFBVSxHQUFHLGlCQUFNLENBQUMsTUFBTSxDQUFDLFFBQVEsQ0FBQyxxQkFBcUIsQ0FBQyxNQUFNLENBQUMsQ0FBQztRQUN4RSxPQUFPLElBQUksQ0FBQyxLQUFLLENBQUMsVUFBVSxDQUFDLENBQUMsSUFBSSxDQUFDO0lBQ3JDLENBQUM7SUFFRCxLQUFLLENBQUMsYUFBYSxDQUFDLEVBQUUsTUFBTSxFQUE2QjtRQUN2RCxNQUFNLE9BQU8sR0FBRyxNQUFNLGFBQWEsQ0FBQyxNQUFNLENBQUMsQ0FBQztRQUM1QyxPQUFPLElBQUEsc0JBQWEsRUFBQyxPQUFPLENBQUMsQ0FBQztJQUNoQyxDQUFDO0NBQ0Y7QUFyWUQsd0JBcVlDIn0=

package/dist/cjs/tdf3/src/client/validation.js

@@ -0,0 +1,63 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.validateAttribute = exports.validateAttributeObject = exports.ATTR_ATTRIBUTE_PATTERN = exports.ATTR_VALUE = exports.ATTR_NAME = exports.ATTR_VALUE_PROP_NAME = exports.ATTR_NAME_PROP_NAME = void 0;
+const errors_js_1 = require("../../../src/errors.js");
+const sageGetMatch = (match) => (match ? match[0] : null);
+exports.ATTR_NAME_PROP_NAME = 'attr';
+exports.ATTR_VALUE_PROP_NAME = 'value';
+// Validate attribute url protocol starts with `http://` or `https://`
+const SCHEME = '(https?://)';
+// validate url host be like `localhost:4000`
+const HOST_PORT = '([a-z0-9][a-z0-9]{1,}:[0-9]{1,4})';
+// validate url host be like `www.example.com`
+const WWW_HOST = '([a-z0-9](?:[a-z0-9-]*[a-z0-9])?\\.)+[a-z]{2,}';
+// validate url host be like `127.0.0.1:4000`
+const IP_HOST_PORT = '([0-9]{1,3}\\.[0-9]{1,3}\\.[0-9]{1,3}\\.[0-9]{1,3}:[0-9]{1,4})';
+// validate host is one of those above
+const HOST = `(${HOST_PORT}|${WWW_HOST}|${IP_HOST_PORT})`;
+// validate attr  name be like `/attr/<attr_name>`
+exports.ATTR_NAME = `(/${exports.ATTR_NAME_PROP_NAME}/[a-zA-Z0-9][a-zA-Z0-9-]*[a-zA-Z0-9]?)`;
+// validate value pattern
+exports.ATTR_VALUE = `(/${exports.ATTR_VALUE_PROP_NAME}/[a-zA-Z0-9][a-zA-Z0-9-]*[a-zA-Z0-9]?)`;
+// validate attribute authority  e.g. https://example.com
+const ATTR_AUTHORITY_PATTERN = `(${SCHEME}${HOST})`;
+// validate attribute namespace e.g. https://example.com/attr/someattribute
+const ATTR_NAMESPACE_PATTERN = `(${ATTR_AUTHORITY_PATTERN}${exports.ATTR_NAME})`;
+// validate whole attribute e.g. https://example.com/attr/someattribute/value/somevalue
+exports.ATTR_ATTRIBUTE_PATTERN = `^(${ATTR_NAMESPACE_PATTERN}${exports.ATTR_VALUE})$`;
+const validateAttributeObject = (attr) => {
+    const isObject = typeof attr === 'object';
+    if (!isObject) {
+        throw new errors_js_1.AttributeValidationError(`attribute should be an object`, attr);
+    }
+    const { attribute } = attr;
+    const isString = typeof attribute === 'string';
+    if (!isString) {
+        throw new errors_js_1.AttributeValidationError(`attribute prop should be a string`, attr);
+    }
+    return validateAttribute(attribute);
+};
+exports.validateAttributeObject = validateAttributeObject;
+function validateAttribute(attribute) {
+    if (!attribute.match(exports.ATTR_ATTRIBUTE_PATTERN)) {
+        throw new errors_js_1.AttributeValidationError(`attribute is in invalid format [${attribute}]`, attribute);
+    }
+    const ATTR_NAME_PREFIX = `/${exports.ATTR_NAME_PROP_NAME}/`;
+    const ATTR_VALUE_PREFIX = `/${exports.ATTR_VALUE_PROP_NAME}/`;
+    const attrNameMatch = sageGetMatch(attribute.match(exports.ATTR_NAME));
+    const attrValueMatch = sageGetMatch(attribute.match(exports.ATTR_VALUE));
+    if (!attrNameMatch) {
+        throw new errors_js_1.AttributeValidationError(`attribute name matching error`, attribute);
+    }
+    if (!attrValueMatch) {
+        throw new errors_js_1.AttributeValidationError(`attribute value matching error`, attribute);
+    }
+    const attributeName = attrNameMatch.slice(ATTR_NAME_PREFIX.length);
+    const attributeValue = attrValueMatch.slice(ATTR_VALUE_PREFIX.length);
+    if (attributeName === attributeValue) {
+        throw new errors_js_1.AttributeValidationError(`attribute name should be unique with its value`, attribute);
+    }
+    return true;
+}
+exports.validateAttribute = validateAttribute;
+//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoidmFsaWRhdGlvbi5qcyIsInNvdXJjZVJvb3QiOiIiLCJzb3VyY2VzIjpbIi4uLy4uLy4uLy4uLy4uL3RkZjMvc3JjL2NsaWVudC92YWxpZGF0aW9uLnRzIl0sIm5hbWVzIjpbXSwibWFwcGluZ3MiOiI7OztBQUFBLHNEQUFrRTtBQUVsRSxNQUFNLFlBQVksR0FBRyxDQUFDLEtBQThCLEVBQUUsRUFBRSxDQUFDLENBQUMsS0FBSyxDQUFDLENBQUMsQ0FBQyxLQUFLLENBQUMsQ0FBQyxDQUFDLENBQUMsQ0FBQyxDQUFDLElBQUksQ0FBQyxDQUFDO0FBRXRFLFFBQUEsbUJBQW1CLEdBQUcsTUFBTSxDQUFDO0FBQzdCLFFBQUEsb0JBQW9CLEdBQUcsT0FBTyxDQUFDO0FBRTVDLHNFQUFzRTtBQUN0RSxNQUFNLE1BQU0sR0FBRyxhQUFhLENBQUM7QUFFN0IsNkNBQTZDO0FBQzdDLE1BQU0sU0FBUyxHQUFHLG1DQUFtQyxDQUFDO0FBRXRELDhDQUE4QztBQUM5QyxNQUFNLFFBQVEsR0FBRyxnREFBZ0QsQ0FBQztBQUVsRSw2Q0FBNkM7QUFDN0MsTUFBTSxZQUFZLEdBQUcsZ0VBQWdFLENBQUM7QUFFdEYsc0NBQXNDO0FBQ3RDLE1BQU0sSUFBSSxHQUFHLElBQUksU0FBUyxJQUFJLFFBQVEsSUFBSSxZQUFZLEdBQUcsQ0FBQztBQUUxRCxrREFBa0Q7QUFDckMsUUFBQSxTQUFTLEdBQUcsS0FBSywyQkFBbUIsd0NBQXdDLENBQUM7QUFFMUYseUJBQXlCO0FBQ1osUUFBQSxVQUFVLEdBQUcsS0FBSyw0QkFBb0Isd0NBQXdDLENBQUM7QUFFNUYseURBQXlEO0FBQ3pELE1BQU0sc0JBQXNCLEdBQUcsSUFBSSxNQUFNLEdBQUcsSUFBSSxHQUFHLENBQUM7QUFFcEQsMkVBQTJFO0FBQzNFLE1BQU0sc0JBQXNCLEdBQUcsSUFBSSxzQkFBc0IsR0FBRyxpQkFBUyxHQUFHLENBQUM7QUFFekUsdUZBQXVGO0FBQzFFLFFBQUEsc0JBQXNCLEdBQUcsS0FBSyxzQkFBc0IsR0FBRyxrQkFBVSxJQUFJLENBQUM7QUFFNUUsTUFBTSx1QkFBdUIsR0FBRyxDQUFDLElBQWEsRUFBZ0IsRUFBRTtJQUNyRSxNQUFNLFFBQVEsR0FBRyxPQUFPLElBQUksS0FBSyxRQUFRLENBQUM7SUFDMUMsSUFBSSxDQUFDLFFBQVEsRUFBRTtRQUNiLE1BQU0sSUFBSSxvQ0FBd0IsQ0FBQywrQkFBK0IsRUFBRSxJQUFJLENBQUMsQ0FBQztLQUMzRTtJQUVELE1BQU0sRUFBRSxTQUFTLEVBQUUsR0FBRyxJQUErQixDQUFDO0lBQ3RELE1BQU0sUUFBUSxHQUFHLE9BQU8sU0FBUyxLQUFLLFFBQVEsQ0FBQztJQUMvQyxJQUFJLENBQUMsUUFBUSxFQUFFO1FBQ2IsTUFBTSxJQUFJLG9DQUF3QixDQUFDLG1DQUFtQyxFQUFFLElBQUksQ0FBQyxDQUFDO0tBQy9FO0lBRUQsT0FBTyxpQkFBaUIsQ0FBQyxTQUFTLENBQUMsQ0FBQztBQUN0QyxDQUFDLENBQUM7QUFiVyxRQUFBLHVCQUF1QiwyQkFhbEM7QUFFRixTQUFnQixpQkFBaUIsQ0FBQyxTQUFpQjtJQUNqRCxJQUFJLENBQUMsU0FBUyxDQUFDLEtBQUssQ0FBQyw4QkFBc0IsQ0FBQyxFQUFFO1FBQzVDLE1BQU0sSUFBSSxvQ0FBd0IsQ0FBQyxtQ0FBbUMsU0FBUyxHQUFHLEVBQUUsU0FBUyxDQUFDLENBQUM7S0FDaEc7SUFFRCxNQUFNLGdCQUFnQixHQUFHLElBQUksMkJBQW1CLEdBQUcsQ0FBQztJQUNwRCxNQUFNLGlCQUFpQixHQUFHLElBQUksNEJBQW9CLEdBQUcsQ0FBQztJQUN0RCxNQUFNLGFBQWEsR0FBRyxZQUFZLENBQUMsU0FBUyxDQUFDLEtBQUssQ0FBQyxpQkFBUyxDQUFDLENBQUMsQ0FBQztJQUMvRCxNQUFNLGNBQWMsR0FBRyxZQUFZLENBQUMsU0FBUyxDQUFDLEtBQUssQ0FBQyxrQkFBVSxDQUFDLENBQUMsQ0FBQztJQUVqRSxJQUFJLENBQUMsYUFBYSxFQUFFO1FBQ2xCLE1BQU0sSUFBSSxvQ0FBd0IsQ0FBQywrQkFBK0IsRUFBRSxTQUFTLENBQUMsQ0FBQztLQUNoRjtJQUVELElBQUksQ0FBQyxjQUFjLEVBQUU7UUFDbkIsTUFBTSxJQUFJLG9DQUF3QixDQUFDLGdDQUFnQyxFQUFFLFNBQVMsQ0FBQyxDQUFDO0tBQ2pGO0lBRUQsTUFBTSxhQUFhLEdBQUcsYUFBYSxDQUFDLEtBQUssQ0FBQyxnQkFBZ0IsQ0FBQyxNQUFNLENBQUMsQ0FBQztJQUNuRSxNQUFNLGNBQWMsR0FBRyxjQUFjLENBQUMsS0FBSyxDQUFDLGlCQUFpQixDQUFDLE1BQU0sQ0FBQyxDQUFDO0lBRXRFLElBQUksYUFBYSxLQUFLLGNBQWMsRUFBRTtRQUNwQyxNQUFNLElBQUksb0NBQXdCLENBQUMsZ0RBQWdELEVBQUUsU0FBUyxDQUFDLENBQUM7S0FDakc7SUFFRCxPQUFPLElBQUksQ0FBQztBQUNkLENBQUM7QUExQkQsOENBMEJDIn0=